db/d02/semgr_8c_source.html

 /*
  * COPYRIGHT:       See COPYING in the top level directory
  * PROJECT:         ReactOS kernel
  * FILE:            ntoskrnl/se/semgr.c
  * PURPOSE:         Security manager
  *
  * PROGRAMMERS:     No programmer listed.
  */

 /* INCLUDES *******************************************************************/

 #include <ntoskrnl.h>
 #define NDEBUG
 #include <debug.h>

 /* GLOBALS ********************************************************************/

 PSE_EXPORTS SeExports = NULL;
 SE_EXPORTS SepExports;
 ULONG SidInTokenCalls = 0;

 extern ULONG ExpInitializationPhase;
 extern ERESOURCE SepSubjectContextLock;

 /* PRIVATE FUNCTIONS **********************************************************/

 static
 INIT_FUNCTION
 BOOLEAN
 SepInitExports(VOID)
 {
     SepExports.SeCreateTokenPrivilege = SeCreateTokenPrivilege;
     SepExports.SeAssignPrimaryTokenPrivilege = SeAssignPrimaryTokenPrivilege;
     SepExports.SeLockMemoryPrivilege = SeLockMemoryPrivilege;
     SepExports.SeIncreaseQuotaPrivilege = SeIncreaseQuotaPrivilege;
     SepExports.SeUnsolicitedInputPrivilege = SeUnsolicitedInputPrivilege;
     SepExports.SeTcbPrivilege = SeTcbPrivilege;
     SepExports.SeSecurityPrivilege = SeSecurityPrivilege;
     SepExports.SeTakeOwnershipPrivilege = SeTakeOwnershipPrivilege;
     SepExports.SeLoadDriverPrivilege = SeLoadDriverPrivilege;
     SepExports.SeCreatePagefilePrivilege = SeCreatePagefilePrivilege;
     SepExports.SeIncreaseBasePriorityPrivilege = SeIncreaseBasePriorityPrivilege;
     SepExports.SeSystemProfilePrivilege = SeSystemProfilePrivilege;
     SepExports.SeSystemtimePrivilege = SeSystemtimePrivilege;
     SepExports.SeProfileSingleProcessPrivilege = SeProfileSingleProcessPrivilege;
     SepExports.SeCreatePermanentPrivilege = SeCreatePermanentPrivilege;
     SepExports.SeBackupPrivilege = SeBackupPrivilege;
     SepExports.SeRestorePrivilege = SeRestorePrivilege;
     SepExports.SeShutdownPrivilege = SeShutdownPrivilege;
     SepExports.SeDebugPrivilege = SeDebugPrivilege;
     SepExports.SeAuditPrivilege = SeAuditPrivilege;
     SepExports.SeSystemEnvironmentPrivilege = SeSystemEnvironmentPrivilege;
     SepExports.SeChangeNotifyPrivilege = SeChangeNotifyPrivilege;
     SepExports.SeRemoteShutdownPrivilege = SeRemoteShutdownPrivilege;

     SepExports.SeNullSid = SeNullSid;
     SepExports.SeWorldSid = SeWorldSid;
     SepExports.SeLocalSid = SeLocalSid;
     SepExports.SeCreatorOwnerSid = SeCreatorOwnerSid;
     SepExports.SeCreatorGroupSid = SeCreatorGroupSid;
     SepExports.SeNtAuthoritySid = SeNtAuthoritySid;
     SepExports.SeDialupSid = SeDialupSid;
     SepExports.SeNetworkSid = SeNetworkSid;
     SepExports.SeBatchSid = SeBatchSid;
     SepExports.SeInteractiveSid = SeInteractiveSid;
     SepExports.SeLocalSystemSid = SeLocalSystemSid;
     SepExports.SeAliasAdminsSid = SeAliasAdminsSid;
     SepExports.SeAliasUsersSid = SeAliasUsersSid;
     SepExports.SeAliasGuestsSid = SeAliasGuestsSid;
     SepExports.SeAliasPowerUsersSid = SeAliasPowerUsersSid;
     SepExports.SeAliasAccountOpsSid = SeAliasAccountOpsSid;
     SepExports.SeAliasSystemOpsSid = SeAliasSystemOpsSid;
     SepExports.SeAliasPrintOpsSid = SeAliasPrintOpsSid;
     SepExports.SeAliasBackupOpsSid = SeAliasBackupOpsSid;
     SepExports.SeAuthenticatedUsersSid = SeAuthenticatedUsersSid;
     SepExports.SeRestrictedSid = SeRestrictedSid;
     SepExports.SeAnonymousLogonSid = SeAnonymousLogonSid;
     SepExports.SeLocalServiceSid = SeLocalServiceSid;
     SepExports.SeNetworkServiceSid = SeNetworkServiceSid;

     SepExports.SeUndockPrivilege = SeUndockPrivilege;
     SepExports.SeSyncAgentPrivilege = SeSyncAgentPrivilege;
     SepExports.SeEnableDelegationPrivilege = SeEnableDelegationPrivilege;
     SepExports.SeManageVolumePrivilege = SeManageVolumePrivilege;
     SepExports.SeImpersonatePrivilege = SeImpersonatePrivilege;
     SepExports.SeCreateGlobalPrivilege = SeCreateGlobalPrivilege;

     SeExports = &SepExports;
     return TRUE;
 }


 INIT_FUNCTION
 BOOLEAN
 NTAPI
 SepInitializationPhase0(VOID)
 {
     PAGED_CODE();

     ExpInitLuid();
     if (!SepInitSecurityIDs()) return FALSE;
     if (!SepInitDACLs()) return FALSE;
     if (!SepInitSDs()) return FALSE;
     SepInitPrivileges();
     if (!SepInitExports()) return FALSE;

     /* Initialize the subject context lock */
     ExInitializeResource(&SepSubjectContextLock);

     /* Initialize token objects */
     SepInitializeTokenImplementation();

     /* Initialize logon sessions */
     if (!SeRmInitPhase0()) return FALSE;

     /* Clear impersonation info for the idle thread */
     PsGetCurrentThread()->ImpersonationInfo = NULL;
     PspClearCrossThreadFlag(PsGetCurrentThread(),
                             CT_ACTIVE_IMPERSONATION_INFO_BIT);

     /* Initialize the boot token */
     ObInitializeFastReference(&PsGetCurrentProcess()->Token, NULL);
     ObInitializeFastReference(&PsGetCurrentProcess()->Token,
                               SepCreateSystemProcessToken());
     return TRUE;
 }

 INIT_FUNCTION
 BOOLEAN
 NTAPI
 SepInitializationPhase1(VOID)
 {
     OBJECT_ATTRIBUTES ObjectAttributes;
     UNICODE_STRING Name;
     HANDLE SecurityHandle;
     HANDLE EventHandle;
     NTSTATUS Status;
     SECURITY_DESCRIPTOR SecurityDescriptor;
     PACL Dacl;
     ULONG DaclLength;

     PAGED_CODE();

     /* Insert the system token into the tree */
     Status = ObInsertObject((PVOID)(PsGetCurrentProcess()->Token.Value &
                                     ~MAX_FAST_REFS),
                             NULL,
                             0,
                             0,
                             NULL,
                             NULL);
     ASSERT(NT_SUCCESS(Status));

     /* Create a security descriptor for the directory */
     RtlCreateSecurityDescriptor(&SecurityDescriptor, SECURITY_DESCRIPTOR_REVISION);

     /* Setup the ACL */
     DaclLength = sizeof(ACL) + 3 * sizeof(ACCESS_ALLOWED_ACE) +
                  RtlLengthSid(SeLocalSystemSid) +
                  RtlLengthSid(SeAliasAdminsSid) +
                  RtlLengthSid(SeWorldSid);
     Dacl = ExAllocatePoolWithTag(NonPagedPool, DaclLength, TAG_SE);
     if (Dacl == NULL)
     {
         return FALSE;
     }

     Status = RtlCreateAcl(Dacl, DaclLength, ACL_REVISION);
     ASSERT(NT_SUCCESS(Status));

     /* Grant full access to SYSTEM */
     Status = RtlAddAccessAllowedAce(Dacl,
                                     ACL_REVISION,
                                     DIRECTORY_ALL_ACCESS,
                                     SeLocalSystemSid);
     ASSERT(NT_SUCCESS(Status));

     /* Allow admins to traverse and query */
     Status = RtlAddAccessAllowedAce(Dacl,
                                     ACL_REVISION,
                                     READ_CONTROL | DIRECTORY_TRAVERSE | DIRECTORY_QUERY,
                                     SeAliasAdminsSid);
     ASSERT(NT_SUCCESS(Status));

     /* Allow anyone to traverse */
     Status = RtlAddAccessAllowedAce(Dacl,
                                     ACL_REVISION,
                                     DIRECTORY_TRAVERSE,
                                     SeWorldSid);
     ASSERT(NT_SUCCESS(Status));

     /* And link ACL and SD */
     Status = RtlSetDaclSecurityDescriptor(&SecurityDescriptor, TRUE, Dacl, FALSE);
     ASSERT(NT_SUCCESS(Status));

     /* Create '\Security' directory */
     RtlInitUnicodeString(&Name, L"\\Security");
     InitializeObjectAttributes(&ObjectAttributes,
                                &Name,
                                OBJ_PERMANENT | OBJ_CASE_INSENSITIVE,
                                0,
                                &SecurityDescriptor);

     Status = ZwCreateDirectoryObject(&SecurityHandle,
                                      DIRECTORY_ALL_ACCESS,
                                      &ObjectAttributes);
     ASSERT(NT_SUCCESS(Status));

     /* Free the DACL */
     ExFreePoolWithTag(Dacl, TAG_SE);

     /* Create 'LSA_AUTHENTICATION_INITIALIZED' event */
     RtlInitUnicodeString(&Name, L"LSA_AUTHENTICATION_INITIALIZED");
     InitializeObjectAttributes(&ObjectAttributes,
                                &Name,
                                OBJ_PERMANENT | OBJ_CASE_INSENSITIVE,
                                SecurityHandle,
                                SePublicDefaultSd);

     Status = ZwCreateEvent(&EventHandle,
                            GENERIC_WRITE,
                            &ObjectAttributes,
                            NotificationEvent,
                            FALSE);
     ASSERT(NT_SUCCESS(Status));

     Status = ZwClose(EventHandle);
     ASSERT(NT_SUCCESS(Status));

     Status = ZwClose(SecurityHandle);
     ASSERT(NT_SUCCESS(Status));

     return TRUE;
 }

 INIT_FUNCTION
 BOOLEAN
 NTAPI
 SeInitSystem(VOID)
 {
     /* Check the initialization phase */
     switch (ExpInitializationPhase)
     {
         case 0:

             /* Do Phase 0 */
             return SepInitializationPhase0();

         case 1:

             /* Do Phase 1 */
             return SepInitializationPhase1();

         default:

             /* Don't know any other phase! Bugcheck! */
             KeBugCheckEx(UNEXPECTED_INITIALIZATION_CALL,
                          0,
                          ExpInitializationPhase,
                          0,
                          0);
             return FALSE;
     }
 }

 NTSTATUS
 NTAPI
 SeDefaultObjectMethod(IN PVOID Object,
                       IN SECURITY_OPERATION_CODE OperationType,
                       IN PSECURITY_INFORMATION SecurityInformation,
                       IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor,
                       IN OUT PULONG ReturnLength OPTIONAL,
                       IN OUT PSECURITY_DESCRIPTOR *OldSecurityDescriptor,
                       IN POOL_TYPE PoolType,
                       IN PGENERIC_MAPPING GenericMapping)
 {
     PAGED_CODE();

     /* Select the operation type */
     switch (OperationType)
     {
             /* Setting a new descriptor */
         case SetSecurityDescriptor:

             /* Sanity check */
             ASSERT((PoolType == PagedPool) || (PoolType == NonPagedPool));

             /* Set the information */
             return ObSetSecurityDescriptorInfo(Object,
                                                SecurityInformation,
                                                SecurityDescriptor,
                                                OldSecurityDescriptor,
                                                PoolType,
                                                GenericMapping);

         case QuerySecurityDescriptor:

             /* Query the information */
             return ObQuerySecurityDescriptorInfo(Object,
                                                  SecurityInformation,
                                                  SecurityDescriptor,
                                                  ReturnLength,
                                                  OldSecurityDescriptor);

         case DeleteSecurityDescriptor:

             /* De-assign it */
             return ObDeassignSecurity(OldSecurityDescriptor);

         case AssignSecurityDescriptor:

             /* Assign it */
             ObAssignObjectSecurityDescriptor(Object, SecurityDescriptor, PoolType);
             return STATUS_SUCCESS;

         default:

             /* Bug check */
             KeBugCheckEx(SECURITY_SYSTEM, 0, STATUS_INVALID_PARAMETER, 0, 0);
     }

     /* Should never reach here */
     ASSERT(FALSE);
     return STATUS_SUCCESS;
 }

 VOID
 NTAPI
 SeQuerySecurityAccessMask(IN SECURITY_INFORMATION SecurityInformation,
                           OUT PACCESS_MASK DesiredAccess)
 {
     *DesiredAccess = 0;

     if (SecurityInformation & (OWNER_SECURITY_INFORMATION |
                                GROUP_SECURITY_INFORMATION | DACL_SECURITY_INFORMATION))
     {
         *DesiredAccess |= READ_CONTROL;
     }

     if (SecurityInformation & SACL_SECURITY_INFORMATION)
     {
         *DesiredAccess |= ACCESS_SYSTEM_SECURITY;
     }
 }

 VOID
 NTAPI
 SeSetSecurityAccessMask(IN SECURITY_INFORMATION SecurityInformation,
                         OUT PACCESS_MASK DesiredAccess)
 {
     *DesiredAccess = 0;

     if (SecurityInformation & (OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION))
     {
         *DesiredAccess |= WRITE_OWNER;
     }

     if (SecurityInformation & DACL_SECURITY_INFORMATION)
     {
         *DesiredAccess |= WRITE_DAC;
     }

     if (SecurityInformation & SACL_SECURITY_INFORMATION)
     {
         *DesiredAccess |= ACCESS_SYSTEM_SECURITY;
     }
 }

 NTSTATUS
 NTAPI
 SeReportSecurityEvent(
     _In_ ULONG Flags,
     _In_ PUNICODE_STRING SourceName,
     _In_opt_ PSID UserSid,
     _In_ PSE_ADT_PARAMETER_ARRAY AuditParameters)
 {
     SECURITY_SUBJECT_CONTEXT SubjectContext;
     PTOKEN EffectiveToken;
     PISID Sid;
     NTSTATUS Status;

     /* Validate parameters */
     if ((Flags != 0) ||
         (SourceName == NULL) ||
         (SourceName->Buffer == NULL) ||
         (SourceName->Length == 0) ||
         (AuditParameters == NULL) ||
         (AuditParameters->ParameterCount > SE_MAX_AUDIT_PARAMETERS - 4))
     {
         return STATUS_INVALID_PARAMETER;
     }

     /* Validate the source name */
     Status = RtlValidateUnicodeString(0, SourceName);
     if (!NT_SUCCESS(Status))
     {
         return Status;
     }

     /* Check if we have a user SID */
     if (UserSid != NULL)
     {
         /* Validate it */
         if (!RtlValidSid(UserSid))
         {
             return STATUS_INVALID_PARAMETER;
         }

         /* Use the user SID */
         Sid = UserSid;
     }
     else
     {
         /* No user SID, capture the security subject context */
         SeCaptureSubjectContext(&SubjectContext);

         /* Extract the effective token */
         EffectiveToken = SubjectContext.ClientToken ?
             SubjectContext.ClientToken : SubjectContext.PrimaryToken;

         /* Use the user-and-groups SID */
         Sid = EffectiveToken->UserAndGroups->Sid;
     }

     UNIMPLEMENTED;

     /* Check if we captured the subject context */
     if (Sid != UserSid)
     {
         /* Release it */
         SeReleaseSubjectContext(&SubjectContext);
     }

     /* Return success */
     return STATUS_SUCCESS;
 }

 _Const_
 NTSTATUS
 NTAPI
 SeSetAuditParameter(
     _Inout_ PSE_ADT_PARAMETER_ARRAY AuditParameters,
     _In_ SE_ADT_PARAMETER_TYPE Type,
     _In_range_(<, SE_MAX_AUDIT_PARAMETERS) ULONG Index,
     _In_reads_(_Inexpressible_("depends on SE_ADT_PARAMETER_TYPE")) PVOID Data)
 {
     UNIMPLEMENTED;
     return STATUS_SUCCESS;
 }

 /* EOF */
_SE_EXPORTS::SeAliasBackupOpsSid
PSID SeAliasBackupOpsSid
Definition: setypes.h:1182

_SECURITY_DESCRIPTOR
Definition: ms-dtyp.idl:301

SepInitSDs
INIT_FUNCTION BOOLEAN NTAPI SepInitSDs(VOID)
Definition: sd.c:34

_SE_EXPORTS::SeAliasAdminsSid
PSID SeAliasAdminsSid
Definition: setypes.h:1175

SeSystemEnvironmentPrivilege
const LUID SeSystemEnvironmentPrivilege
Definition: priv.c:43

SE_ADT_PARAMETER_TYPE
enum _SE_ADT_PARAMETER_TYPE SE_ADT_PARAMETER_TYPE

_SE_ADT_PARAMETER_ARRAY
Definition: setypes.h:298

SeRemoteShutdownPrivilege
const LUID SeRemoteShutdownPrivilege
Definition: priv.c:45

SeCaptureSubjectContext
VOID NTAPI SeCaptureSubjectContext(OUT PSECURITY_SUBJECT_CONTEXT SubjectContext)
Definition: access.c:301

ObjectAttributes
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:35

_SE_EXPORTS::SeEnableDelegationPrivilege
LUID SeEnableDelegationPrivilege
Definition: setypes.h:1188

ReturnLength
IN CINT OUT PVOID IN ULONG OUT PULONG ReturnLength
Definition: dumpinfo.c:39

IN
#define IN
Definition: typedefs.h:38

NotificationEvent
Definition: ntdef.template.h:356

SubjectContext
_Inout_ PLIST_ENTRY _In_ PVOID _In_ PSTRING _In_ BOOLEAN _In_ BOOLEAN _In_ ULONG _In_ PFLT_CALLBACK_DATA _In_opt_ PCHECK_FOR_TRAVERSE_ACCESS _In_opt_ PSECURITY_SUBJECT_CONTEXT SubjectContext
Definition: fltkernel.h:2239

SeInitSystem
INIT_FUNCTION BOOLEAN NTAPI SeInitSystem(VOID)
Definition: semgr.c:239

SeReleaseSubjectContext
VOID NTAPI SeReleaseSubjectContext(IN PSECURITY_SUBJECT_CONTEXT SubjectContext)
Definition: access.c:360

_SE_EXPORTS::SeShutdownPrivilege
LUID SeShutdownPrivilege
Definition: setypes.h:1158

TRUE
#define TRUE
Definition: types.h:120

_SE_EXPORTS::SeManageVolumePrivilege
LUID SeManageVolumePrivilege
Definition: setypes.h:1191

ExInitializeResource
#define ExInitializeResource
Definition: exfuncs.h:346

NonPagedPool
Definition: ketypes.h:866

SeSystemtimePrivilege
const LUID SeSystemtimePrivilege
Definition: priv.c:33

_SID_AND_ATTRIBUTES::Sid
PSID Sid
Definition: setypes.h:478

Type
Type
Definition: Type.h:6

_SID
Definition: ms-dtyp.idl:198

SeIncreaseQuotaPrivilege
const LUID SeIncreaseQuotaPrivilege
Definition: priv.c:26

ACCESS_SYSTEM_SECURITY
#define ACCESS_SYSTEM_SECURITY
Definition: nt_native.h:77

PsGetCurrentThread
#define PsGetCurrentThread()
Definition: env_spec_w32.h:81

PspClearCrossThreadFlag
#define PspClearCrossThreadFlag(Thread, Flag)
Definition: ps_x.h:27

SepCreateSystemProcessToken
PTOKEN NTAPI SepCreateSystemProcessToken(VOID)
Definition: token.c:1145

_ACCESS_ALLOWED_ACE
Definition: ms-dtyp.idl:215

SeCreateTokenPrivilege
const LUID SeCreateTokenPrivilege
Definition: priv.c:23

SE_MAX_AUDIT_PARAMETERS
#define SE_MAX_AUDIT_PARAMETERS
Definition: setypes.h:228

SeCreatePermanentPrivilege
const LUID SeCreatePermanentPrivilege
Definition: priv.c:37

SeDebugPrivilege
const LUID SeDebugPrivilege
Definition: priv.c:41

SeBackupPrivilege
const LUID SeBackupPrivilege
Definition: priv.c:38

_OBJECT_ATTRIBUTES
Definition: umtypes.h:181

SecurityDescriptor
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:182

STATUS_INVALID_PARAMETER
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135

_ACL
Definition: ms-dtyp.idl:293

SepInitDACLs
INIT_FUNCTION BOOLEAN NTAPI SepInitDACLs(VOID)
Definition: acl.c:34

ZwClose
NTSYSAPI NTSTATUS NTAPI ZwClose(_In_ HANDLE Handle)

_SE_EXPORTS::SeDebugPrivilege
LUID SeDebugPrivilege
Definition: setypes.h:1159

_SE_EXPORTS::SeAuthenticatedUsersSid
PSID SeAuthenticatedUsersSid
Definition: setypes.h:1183

_SE_EXPORTS::SeChangeNotifyPrivilege
LUID SeChangeNotifyPrivilege
Definition: setypes.h:1162

Data
Definition: sort_test.cpp:77

_SE_EXPORTS::SeLockMemoryPrivilege
LUID SeLockMemoryPrivilege
Definition: setypes.h:1143

_In_reads_
#define _In_reads_(size)
Definition: no_sal2.h:228

NTSTATUS
LONG NTSTATUS
Definition: precomp.h:26

SeEnableDelegationPrivilege
const LUID SeEnableDelegationPrivilege
Definition: priv.c:48

Token
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
Definition: ntifs.template.h:711

SeAliasBackupOpsSid
PSID SeAliasBackupOpsSid
Definition: sid.c:54

_SE_EXPORTS::SeAnonymousLogonSid
PSID SeAnonymousLogonSid
Definition: setypes.h:1185

_Const_
#define _Const_
Definition: no_sal2.h:18

OBJ_PERMANENT
#define OBJ_PERMANENT
Definition: winternl.h:226

_SE_EXPORTS::SeAliasGuestsSid
PSID SeAliasGuestsSid
Definition: setypes.h:1177

SeRestrictedSid
PSID SeRestrictedSid
Definition: sid.c:56

GROUP_SECURITY_INFORMATION
#define GROUP_SECURITY_INFORMATION
Definition: setypes.h:124

SeQuerySecurityAccessMask
VOID NTAPI SeQuerySecurityAccessMask(IN SECURITY_INFORMATION SecurityInformation, OUT PACCESS_MASK DesiredAccess)
Definition: semgr.c:329

SeAssignPrimaryTokenPrivilege
const LUID SeAssignPrimaryTokenPrivilege
Definition: priv.c:24

RtlCreateSecurityDescriptor
NTSYSAPI NTSTATUS NTAPI RtlCreateSecurityDescriptor(_Out_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ ULONG Revision)

SeSystemProfilePrivilege
const LUID SeSystemProfilePrivilege
Definition: priv.c:32

WRITE_OWNER
#define WRITE_OWNER
Definition: nt_native.h:60

SeAuthenticatedUsersSid
PSID SeAuthenticatedUsersSid
Definition: sid.c:55

SeAliasPrintOpsSid
PSID SeAliasPrintOpsSid
Definition: sid.c:53

ExpInitLuid
VOID INIT_FUNCTION NTAPI ExpInitLuid(VOID)
Definition: uuid.c:219

RtlAddAccessAllowedAce
NTSYSAPI NTSTATUS WINAPI RtlAddAccessAllowedAce(PACL, DWORD, DWORD, PSID)

SeAliasAccountOpsSid
PSID SeAliasAccountOpsSid
Definition: sid.c:51

PAGED_CODE
#define PAGED_CODE()
Definition: video.h:57

SeSyncAgentPrivilege
const LUID SeSyncAgentPrivilege
Definition: priv.c:47

_In_opt_
#define _In_opt_
Definition: no_sal2.h:213

_SE_EXPORTS::SeUnsolicitedInputPrivilege
LUID SeUnsolicitedInputPrivilege
Definition: setypes.h:1145

_SE_EXPORTS::SeAliasSystemOpsSid
PSID SeAliasSystemOpsSid
Definition: setypes.h:1180

_SE_EXPORTS::SeSecurityPrivilege
LUID SeSecurityPrivilege
Definition: setypes.h:1147

RtlCreateAcl
NTSYSAPI NTSTATUS NTAPI RtlCreateAcl(PACL Acl, ULONG AclSize, ULONG AclRevision)

SECURITY_DESCRIPTOR_REVISION
#define SECURITY_DESCRIPTOR_REVISION
Definition: setypes.h:58

_SE_EXPORTS::SeBatchSid
PSID SeBatchSid
Definition: setypes.h:1172

Flags
_Must_inspect_result_ _In_ ULONG Flags
Definition: wsk.h:170

SepExports
SE_EXPORTS SepExports
Definition: semgr.c:19

SePublicDefaultSd
PSECURITY_DESCRIPTOR SePublicDefaultSd
Definition: sd.c:22

NTAPI
NTSTATUS(* NTAPI)(IN PFILE_FULL_EA_INFORMATION EaBuffer, IN ULONG EaLength, OUT PULONG ErrorOffset)
Definition: IoEaTest.cpp:117

_SE_EXPORTS::SeNullSid
PSID SeNullSid
Definition: setypes.h:1164

SeExports
PSE_EXPORTS SeExports
Definition: semgr.c:18

SECURITY_INFORMATION
DWORD SECURITY_INFORMATION
Definition: ms-dtyp.idl:311

SeCreatorGroupSid
PSID SeCreatorGroupSid
Definition: sid.c:34

FALSE
Definition: jmorecfg.h:365

SeNtAuthoritySid
PSID SeNtAuthoritySid
Definition: sid.c:37

GENERIC_WRITE
#define GENERIC_WRITE
Definition: nt_native.h:90

_SE_EXPORTS::SeLoadDriverPrivilege
LUID SeLoadDriverPrivilege
Definition: setypes.h:1149

_SE_EXPORTS::SeUndockPrivilege
LUID SeUndockPrivilege
Definition: setypes.h:1186

Name
struct NameRec_ * Name
Definition: cdprocs.h:464

PsGetCurrentProcess
#define PsGetCurrentProcess
Definition: psfuncs.h:17

RtlValidateUnicodeString
NTSYSAPI NTSTATUS NTAPI RtlValidateUnicodeString(_In_ ULONG Flags, _In_ PCUNICODE_STRING String)

ZwCreateDirectoryObject
NTSYSAPI NTSTATUS NTAPI ZwCreateDirectoryObject(_Out_ PHANDLE DirectoryHandle, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_ATTRIBUTES ObjectAttributes)

SepInitSecurityIDs
INIT_FUNCTION BOOLEAN NTAPI SepInitSecurityIDs(VOID)
Definition: sid.c:100

ObSetSecurityDescriptorInfo
NTSTATUS NTAPI ObSetSecurityDescriptorInfo(IN PVOID Object, IN PSECURITY_INFORMATION SecurityInformation, IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor, IN OUT PSECURITY_DESCRIPTOR *OutputSecurityDescriptor, IN POOL_TYPE PoolType, IN PGENERIC_MAPPING GenericMapping)
Definition: obsecure.c:117

BOOLEAN
unsigned char BOOLEAN
Definition: ProcessorBind.h:185

SeNetworkServiceSid
PSID SeNetworkServiceSid
Definition: sid.c:59

_SE_EXPORTS::SeNetworkServiceSid
PSID SeNetworkServiceSid
Definition: setypes.h:1190

ACL
struct _ACL ACL

NULL
smooth NULL
Definition: ftsmooth.c:416

NameRec_
Definition: apinames.c:48

SeLoadDriverPrivilege
const LUID SeLoadDriverPrivilege
Definition: priv.c:31

SeManageVolumePrivilege
const LUID SeManageVolumePrivilege
Definition: priv.c:49

RtlSetDaclSecurityDescriptor
NTSYSAPI NTSTATUS WINAPI RtlSetDaclSecurityDescriptor(PSECURITY_DESCRIPTOR, BOOLEAN, PACL, BOOLEAN)

SeTakeOwnershipPrivilege
const LUID SeTakeOwnershipPrivilege
Definition: priv.c:30

Sid
_In_ ULONG _In_ ACCESS_MASK _In_ PSID Sid
Definition: rtlfuncs.h:1104

_SE_EXPORTS::SeAliasPowerUsersSid
PSID SeAliasPowerUsersSid
Definition: setypes.h:1178

SecurityInformation
_Must_inspect_result_ _In_ PFILE_OBJECT _In_ SECURITY_INFORMATION SecurityInformation
Definition: fltkernel.h:1339

_SE_EXPORTS::SeSystemEnvironmentPrivilege
LUID SeSystemEnvironmentPrivilege
Definition: setypes.h:1161

_SE_EXPORTS::SeProfileSingleProcessPrivilege
LUID SeProfileSingleProcessPrivilege
Definition: setypes.h:1154

RtlLengthSid
NTSYSAPI ULONG NTAPI RtlLengthSid(IN PSID Sid)
Definition: sid.c:150

_SE_EXPORTS::SeDialupSid
PSID SeDialupSid
Definition: setypes.h:1170

RtlValidSid
NTSYSAPI BOOLEAN NTAPI RtlValidSid(IN PSID Sid)
Definition: sid.c:21

SeAliasUsersSid
PSID SeAliasUsersSid
Definition: sid.c:48

_SE_EXPORTS::SeNetworkSid
PSID SeNetworkSid
Definition: setypes.h:1171

DIRECTORY_TRAVERSE
#define DIRECTORY_TRAVERSE
Definition: nt_native.h:1255

SepInitializationPhase1
INIT_FUNCTION BOOLEAN NTAPI SepInitializationPhase1(VOID)
Definition: semgr.c:131

TAG_SE
#define TAG_SE
Definition: tag.h:173

_SE_EXPORTS::SeAliasAccountOpsSid
PSID SeAliasAccountOpsSid
Definition: setypes.h:1179

ExpInitializationPhase
ULONG ExpInitializationPhase
Definition: init.c:65

_SE_EXPORTS::SeTcbPrivilege
LUID SeTcbPrivilege
Definition: setypes.h:1146

SeCreatePagefilePrivilege
const LUID SeCreatePagefilePrivilege
Definition: priv.c:36

_SE_EXPORTS::SeImpersonatePrivilege
LUID SeImpersonatePrivilege
Definition: setypes.h:1192

_GENERIC_MAPPING
Definition: nt_native.h:564

_SE_EXPORTS::SeRemoteShutdownPrivilege
LUID SeRemoteShutdownPrivilege
Definition: setypes.h:1163

SeRestorePrivilege
const LUID SeRestorePrivilege
Definition: priv.c:39

NT_SUCCESS
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:24

PSECURITY_INFORMATION
DWORD * PSECURITY_INFORMATION
Definition: ms-dtyp.idl:311

POOL_TYPE
INT POOL_TYPE
Definition: typedefs.h:76

SeDefaultObjectMethod
NTSTATUS NTAPI SeDefaultObjectMethod(IN PVOID Object, IN SECURITY_OPERATION_CODE OperationType, IN PSECURITY_INFORMATION SecurityInformation, IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor, IN OUT PULONG ReturnLength OPTIONAL, IN OUT PSECURITY_DESCRIPTOR *OldSecurityDescriptor, IN POOL_TYPE PoolType, IN PGENERIC_MAPPING GenericMapping)
Definition: semgr.c:268

_SE_EXPORTS
Definition: setypes.h:1140

_SE_EXPORTS::SeCreatePermanentPrivilege
LUID SeCreatePermanentPrivilege
Definition: setypes.h:1155

Index
static const UCHAR Index[8]
Definition: usbohci.c:18

SACL_SECURITY_INFORMATION
#define SACL_SECURITY_INFORMATION
Definition: setypes.h:126

WRITE_DAC
#define WRITE_DAC
Definition: nt_native.h:59

SeLocalServiceSid
PSID SeLocalServiceSid
Definition: sid.c:58

_Inout_
#define _Inout_
Definition: no_sal2.h:244

SeChangeNotifyPrivilege
static const LUID SeChangeNotifyPrivilege
Definition: authpackage.c:161

ObInitializeFastReference
VOID FASTCALL ObInitializeFastReference(IN PEX_FAST_REF FastRef, IN PVOID Object)
Definition: obref.c:109

SepInitializationPhase0
INIT_FUNCTION BOOLEAN NTAPI SepInitializationPhase0(VOID)
Definition: semgr.c:96

Object
static IUnknown Object
Definition: main.c:512

OBJ_CASE_INSENSITIVE
#define OBJ_CASE_INSENSITIVE
Definition: winternl.h:228

SeCreateGlobalPrivilege
static const LUID SeCreateGlobalPrivilege
Definition: authpackage.c:162

READ_CONTROL
#define READ_CONTROL
Definition: nt_native.h:58

ASSERT
ASSERT((InvokeOnSuccess||InvokeOnError||InvokeOnCancel) ?(CompletionRoutine !=NULL) :TRUE)

ExAllocatePoolWithTag
#define ExAllocatePoolWithTag(hernya, size, tag)
Definition: env_spec_w32.h:350

Dacl
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL Dacl
Definition: rtlfuncs.h:1553

SeSetSecurityAccessMask
VOID NTAPI SeSetSecurityAccessMask(IN SECURITY_INFORMATION SecurityInformation, OUT PACCESS_MASK DesiredAccess)
Definition: semgr.c:348

SeRmInitPhase0
BOOLEAN NTAPI SeRmInitPhase0(VOID)
Definition: srm.c:146

SeAliasAdminsSid
PSID SeAliasAdminsSid
Definition: sid.c:47

L
static const WCHAR L[]
Definition: oid.c:1250

_SE_EXPORTS::SeLocalServiceSid
PSID SeLocalServiceSid
Definition: setypes.h:1189

SeCreatorOwnerSid
PSID SeCreatorOwnerSid
Definition: sid.c:33

ObQuerySecurityDescriptorInfo
NTSTATUS NTAPI ObQuerySecurityDescriptorInfo(IN PVOID Object, IN PSECURITY_INFORMATION SecurityInformation, OUT PSECURITY_DESCRIPTOR SecurityDescriptor, IN OUT PULONG Length, IN PSECURITY_DESCRIPTOR *OutputSecurityDescriptor)
Definition: obsecure.c:85

SidInTokenCalls
ULONG SidInTokenCalls
Definition: semgr.c:20

SeLockMemoryPrivilege
const LUID SeLockMemoryPrivilege
Definition: priv.c:25

SeProfileSingleProcessPrivilege
const LUID SeProfileSingleProcessPrivilege
Definition: priv.c:34

SeWorldSid
PSID SeWorldSid
Definition: sid.c:31

SeIncreaseBasePriorityPrivilege
const LUID SeIncreaseBasePriorityPrivilege
Definition: priv.c:35

SeReportSecurityEvent
NTSTATUS NTAPI SeReportSecurityEvent(_In_ ULONG Flags, _In_ PUNICODE_STRING SourceName, _In_opt_ PSID UserSid, _In_ PSE_ADT_PARAMETER_ARRAY AuditParameters)
Definition: semgr.c:371

SeLocalSid
PSID SeLocalSid
Definition: sid.c:32

PagedPool
Definition: ketypes.h:867

SeAliasGuestsSid
PSID SeAliasGuestsSid
Definition: sid.c:49

Status
Status
Definition: gdiplustypes.h:24

SeTcbPrivilege
const LUID SeTcbPrivilege
Definition: priv.c:28

ObDeassignSecurity
NTSTATUS NTAPI ObDeassignSecurity(IN OUT PSECURITY_DESCRIPTOR *SecurityDescriptor)
Definition: obsecure.c:60

_In_
#define _In_
Definition: no_sal2.h:204

_SE_EXPORTS::SeCreateGlobalPrivilege
LUID SeCreateGlobalPrivilege
Definition: setypes.h:1193

_SE_EXPORTS::SeBackupPrivilege
LUID SeBackupPrivilege
Definition: setypes.h:1156

GenericMapping
static GENERIC_MAPPING GenericMapping
Definition: SeInheritance.c:11

_SE_EXPORTS::SeIncreaseBasePriorityPrivilege
LUID SeIncreaseBasePriorityPrivilege
Definition: setypes.h:1151

_UNICODE_STRING
Definition: env_spec_w32.h:368

_SE_EXPORTS::SeAliasUsersSid
PSID SeAliasUsersSid
Definition: setypes.h:1176

SeShutdownPrivilege
const LUID SeShutdownPrivilege
Definition: priv.c:40

ObInsertObject
NTSTATUS NTAPI ObInsertObject(IN PVOID Object, IN PACCESS_STATE AccessState OPTIONAL, IN ACCESS_MASK DesiredAccess, IN ULONG ObjectPointerBias, OUT PVOID *NewObject OPTIONAL, OUT PHANDLE Handle)
Definition: obhandle.c:2932

SeAliasPowerUsersSid
PSID SeAliasPowerUsersSid
Definition: sid.c:50

_SE_EXPORTS::SeSystemtimePrivilege
LUID SeSystemtimePrivilege
Definition: setypes.h:1153

SeDialupSid
PSID SeDialupSid
Definition: sid.c:38

_SE_EXPORTS::SeCreatorOwnerSid
PSID SeCreatorOwnerSid
Definition: setypes.h:1167

SeAliasSystemOpsSid
PSID SeAliasSystemOpsSid
Definition: sid.c:52

DIRECTORY_ALL_ACCESS
#define DIRECTORY_ALL_ACCESS
Definition: nt_native.h:1259

_SE_EXPORTS::SeSyncAgentPrivilege
LUID SeSyncAgentPrivilege
Definition: setypes.h:1187

DesiredAccess
_In_ PIO_STACK_LOCATION _Inout_ PFILE_OBJECT _Inout_ PVCB _Outptr_result_maybenull_ PDCB _In_ PDCB _In_ PDIRENT _In_ ULONG _In_ ULONG _In_ PUNICODE_STRING _In_ PACCESS_MASK DesiredAccess
Definition: create.c:4157

OWNER_SECURITY_INFORMATION
#define OWNER_SECURITY_INFORMATION
Definition: setypes.h:123

PULONG
unsigned int * PULONG
Definition: retypes.h:1

SourceName
WCHAR SourceName[256]
Definition: arping.c:28

ObAssignObjectSecurityDescriptor
NTSTATUS NTAPI ObAssignObjectSecurityDescriptor(IN PVOID Object, IN PSECURITY_DESCRIPTOR SecurityDescriptor OPTIONAL, IN POOL_TYPE PoolType)
Definition: obsecure.c:20

_SECURITY_SUBJECT_CONTEXT
Definition: setypes.h:189

SeSecurityPrivilege
const LUID SeSecurityPrivilege
Definition: priv.c:29

SepInitPrivileges
INIT_FUNCTION VOID NTAPI SepInitPrivileges(VOID)
Definition: priv.c:64

_SE_EXPORTS::SeNtAuthoritySid
PSID SeNtAuthoritySid
Definition: setypes.h:1169

ACL_REVISION
#define ACL_REVISION
Definition: setypes.h:39

CT_ACTIVE_IMPERSONATION_INFO_BIT
#define CT_ACTIVE_IMPERSONATION_INFO_BIT
Definition: pstypes.h:225

_SE_EXPORTS::SeAuditPrivilege
LUID SeAuditPrivilege
Definition: setypes.h:1160

SeLocalSystemSid
PSID SeLocalSystemSid
Definition: sid.c:44

_SE_EXPORTS::SeRestrictedSid
PSID SeRestrictedSid
Definition: setypes.h:1184

OUT
#define OUT
Definition: typedefs.h:39

ERESOURCE
ULONG ERESOURCE
Definition: env_spec_w32.h:594

SeNetworkSid
PSID SeNetworkSid
Definition: sid.c:39

ULONG
unsigned int ULONG
Definition: retypes.h:1

SeSetAuditParameter
_Const_ NTSTATUS NTAPI SeSetAuditParameter(_Inout_ PSE_ADT_PARAMETER_ARRAY AuditParameters, _In_ SE_ADT_PARAMETER_TYPE Type, _In_range_(<, SE_MAX_AUDIT_PARAMETERS) ULONG Index, _In_reads_(_Inexpressible_("depends on SE_ADT_PARAMETER_TYPE")) PVOID Data)
Definition: semgr.c:441

PACCESS_MASK
ACCESS_MASK * PACCESS_MASK
Definition: nt_native.h:41

DIRECTORY_QUERY
#define DIRECTORY_QUERY
Definition: nt_native.h:1254

RtlInitUnicodeString
NTSYSAPI VOID NTAPI RtlInitUnicodeString(PUNICODE_STRING DestinationString, PCWSTR SourceString)

UNIMPLEMENTED
#define UNIMPLEMENTED
Definition: debug.h:114

SepInitializeTokenImplementation
INIT_FUNCTION VOID NTAPI SepInitializeTokenImplementation(VOID)
Definition: token.c:836

InitializeObjectAttributes
#define InitializeObjectAttributes(p, n, a, r, s)
Definition: reg.c:106

_TOKEN::UserAndGroups
PSID_AND_ATTRIBUTES UserAndGroups
Definition: setypes.h:169

SeUnsolicitedInputPrivilege
const LUID SeUnsolicitedInputPrivilege
Definition: priv.c:27

MAX_FAST_REFS
#define MAX_FAST_REFS
Definition: ex.h:128

_SE_EXPORTS::SeIncreaseQuotaPrivilege
LUID SeIncreaseQuotaPrivilege
Definition: setypes.h:1144

_SE_EXPORTS::SeTakeOwnershipPrivilege
LUID SeTakeOwnershipPrivilege
Definition: setypes.h:1148

SeInteractiveSid
PSID SeInteractiveSid
Definition: sid.c:41

SeBatchSid
PSID SeBatchSid
Definition: sid.c:40

SeAnonymousLogonSid
PSID SeAnonymousLogonSid
Definition: se.h:145

_SE_EXPORTS::SeAssignPrimaryTokenPrivilege
LUID SeAssignPrimaryTokenPrivilege
Definition: setypes.h:1142

_SE_EXPORTS::SeWorldSid
PSID SeWorldSid
Definition: setypes.h:1165

_SE_EXPORTS::SeRestorePrivilege
LUID SeRestorePrivilege
Definition: setypes.h:1157

ExFreePoolWithTag
#define ExFreePoolWithTag(_P, _T)
Definition: module.h:1099

_SE_EXPORTS::SeLocalSid
PSID SeLocalSid
Definition: setypes.h:1166

SeUndockPrivilege
const LUID SeUndockPrivilege
Definition: priv.c:46

void
Definition: nsiface.idl:2306

_In_range_
#define _In_range_(lb, ub)
Definition: no_sal2.h:227

STATUS_SUCCESS
return STATUS_SUCCESS
Definition: btrfs.c:2725

_TOKEN
Definition: setypes.h:151

PoolType
_Must_inspect_result_ _In_ FLT_CONTEXT_TYPE _In_ SIZE_T _In_ POOL_TYPE PoolType
Definition: fltkernel.h:1444

SepSubjectContextLock
ERESOURCE SepSubjectContextLock
Definition: access.c:19

_SE_EXPORTS::SeCreatorGroupSid
PSID SeCreatorGroupSid
Definition: setypes.h:1168

SeNullSid
PSID SeNullSid
Definition: sid.c:30

SeAuditPrivilege
const LUID SeAuditPrivilege
Definition: priv.c:42

_SE_EXPORTS::SeSystemProfilePrivilege
LUID SeSystemProfilePrivilege
Definition: setypes.h:1152

_SE_EXPORTS::SeCreatePagefilePrivilege
LUID SeCreatePagefilePrivilege
Definition: setypes.h:1150

SECURITY_OPERATION_CODE
SECURITY_OPERATION_CODE
Definition: setypes.h:142

KeBugCheckEx
VOID NTAPI KeBugCheckEx(_In_ ULONG BugCheckCode, _In_ ULONG_PTR BugCheckParameter1, _In_ ULONG_PTR BugCheckParameter2, _In_ ULONG_PTR BugCheckParameter3, _In_ ULONG_PTR BugCheckParameter4)
Definition: rtlcompat.c:107

DACL_SECURITY_INFORMATION
#define DACL_SECURITY_INFORMATION
Definition: setypes.h:125

SepInitExports
static INIT_FUNCTION BOOLEAN SepInitExports(VOID)
Definition: semgr.c:30

_SE_EXPORTS::SeAliasPrintOpsSid
PSID SeAliasPrintOpsSid
Definition: setypes.h:1181

_SE_EXPORTS::SeLocalSystemSid
PSID SeLocalSystemSid
Definition: setypes.h:1174

SeImpersonatePrivilege
static const LUID SeImpersonatePrivilege
Definition: authpackage.c:163

_SE_EXPORTS::SeInteractiveSid
PSID SeInteractiveSid
Definition: setypes.h:1173

_SE_EXPORTS::SeCreateTokenPrivilege
LUID SeCreateTokenPrivilege
Definition: setypes.h:1141

EventHandle
_Out_ PHANDLE EventHandle
Definition: iofuncs.h:855

OPTIONAL
PULONG MinorVersion OPTIONAL
Definition: CrossNt.h:68