ReactOS  0.4.14-dev-337-gf981a68
token.c File Reference
#include <ntoskrnl.h>
#include <debug.h>
#include <ntlsa.h>
Include dependency graph for token.c:

Go to the source code of this file.

Classes

struct  _TOKEN_AUDIT_POLICY_INFORMATION
 

Macros

#define NDEBUG
 

Typedefs

typedef struct _TOKEN_AUDIT_POLICY_INFORMATION TOKEN_AUDIT_POLICY_INFORMATION
 
typedef struct _TOKEN_AUDIT_POLICY_INFORMATIONPTOKEN_AUDIT_POLICY_INFORMATION
 

Functions

static NTSTATUS SepCompareTokens (IN PTOKEN FirstToken, IN PTOKEN SecondToken, OUT PBOOLEAN Equal)
 
static VOID SepUpdateSinglePrivilegeFlagToken (_Inout_ PTOKEN Token, _In_ ULONG Index)
 
static VOID SepUpdatePrivilegeFlagsToken (_Inout_ PTOKEN Token)
 
static VOID SepRemovePrivilegeToken (_Inout_ PTOKEN Token, _In_ ULONG Index)
 
VOID NTAPI SepFreeProxyData (PVOID ProxyData)
 
NTSTATUS NTAPI SepCopyProxyData (PVOID *Dest, PVOID Src)
 
NTSTATUS NTAPI SeExchangePrimaryToken (_In_ PEPROCESS Process, _In_ PACCESS_TOKEN NewAccessToken, _Out_ PACCESS_TOKEN *OldAccessToken)
 
VOID NTAPI SeDeassignPrimaryToken (PEPROCESS Process)
 
static ULONG RtlLengthSidAndAttributes (ULONG Count, PSID_AND_ATTRIBUTES Src)
 
static NTSTATUS SepFindPrimaryGroupAndDefaultOwner (_In_ PTOKEN Token, _In_ PSID PrimaryGroup, _In_opt_ PSID DefaultOwner, _Out_opt_ PULONG PrimaryGroupIndex, _Out_opt_ PULONG DefaultOwnerIndex)
 
NTSTATUS NTAPI SepDuplicateToken (_In_ PTOKEN Token, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ BOOLEAN EffectiveOnly, _In_ TOKEN_TYPE TokenType, _In_ SECURITY_IMPERSONATION_LEVEL Level, _In_ KPROCESSOR_MODE PreviousMode, _Out_ PTOKEN *NewAccessToken)
 
NTSTATUS NTAPI SeSubProcessToken (IN PTOKEN ParentToken, OUT PTOKEN *Token, IN BOOLEAN InUse, IN ULONG SessionId)
 
NTSTATUS NTAPI SeIsTokenChild (IN PTOKEN Token, OUT PBOOLEAN IsChild)
 
NTSTATUS NTAPI SeIsTokenSibling (IN PTOKEN Token, OUT PBOOLEAN IsSibling)
 
NTSTATUS NTAPI SeCopyClientToken (IN PACCESS_TOKEN Token, IN SECURITY_IMPERSONATION_LEVEL Level, IN KPROCESSOR_MODE PreviousMode, OUT PACCESS_TOKEN *NewToken)
 
VOID NTAPI SepDeleteToken (PVOID ObjectBody)
 
VOID INIT_FUNCTION NTAPI SepInitializeTokenImplementation (VOID)
 
VOID NTAPI SeAssignPrimaryToken (IN PEPROCESS Process, IN PTOKEN Token)
 
NTSTATUS NTAPI SepCreateToken (_Out_ PHANDLE TokenHandle, _In_ KPROCESSOR_MODE PreviousMode, _In_ ACCESS_MASK DesiredAccess, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ TOKEN_TYPE TokenType, _In_ SECURITY_IMPERSONATION_LEVEL ImpersonationLevel, _In_ PLUID AuthenticationId, _In_ PLARGE_INTEGER ExpirationTime, _In_ PSID_AND_ATTRIBUTES User, _In_ ULONG GroupCount, _In_ PSID_AND_ATTRIBUTES Groups, _In_ ULONG GroupsLength, _In_ ULONG PrivilegeCount, _In_ PLUID_AND_ATTRIBUTES Privileges, _In_opt_ PSID Owner, _In_ PSID PrimaryGroup, _In_opt_ PACL DefaultDacl, _In_ PTOKEN_SOURCE TokenSource, _In_ BOOLEAN SystemToken)
 
PTOKEN NTAPI SepCreateSystemProcessToken (VOID)
 
NTSTATUS NTAPI SeFilterToken (IN PACCESS_TOKEN ExistingToken, IN ULONG Flags, IN PTOKEN_GROUPS SidsToDisable OPTIONAL, IN PTOKEN_PRIVILEGES PrivilegesToDelete OPTIONAL, IN PTOKEN_GROUPS RestrictedSids OPTIONAL, OUT PACCESS_TOKEN *FilteredToken)
 
NTSTATUS NTAPI SeQueryInformationToken (IN PACCESS_TOKEN AccessToken, IN TOKEN_INFORMATION_CLASS TokenInformationClass, OUT PVOID *TokenInformation)
 
NTSTATUS NTAPI SeQuerySessionIdToken (IN PACCESS_TOKEN Token, IN PULONG pSessionId)
 
NTSTATUS NTAPI SeQueryAuthenticationIdToken (IN PACCESS_TOKEN Token, OUT PLUID LogonId)
 
SECURITY_IMPERSONATION_LEVEL NTAPI SeTokenImpersonationLevel (IN PACCESS_TOKEN Token)
 
TOKEN_TYPE NTAPI SeTokenType (IN PACCESS_TOKEN Token)
 
BOOLEAN NTAPI SeTokenIsAdmin (IN PACCESS_TOKEN Token)
 
BOOLEAN NTAPI SeTokenIsRestricted (IN PACCESS_TOKEN Token)
 
BOOLEAN NTAPI SeTokenIsWriteRestricted (IN PACCESS_TOKEN Token)
 
_Must_inspect_result_ __kernel_entry NTSTATUS NTAPI NtQueryInformationToken (_In_ HANDLE TokenHandle, _In_ TOKEN_INFORMATION_CLASS TokenInformationClass, _Out_writes_bytes_to_opt_(TokenInformationLength, *ReturnLength) PVOID TokenInformation, _In_ ULONG TokenInformationLength, _Out_ PULONG ReturnLength)
 
_Must_inspect_result_ __kernel_entry NTSTATUS NTAPI NtSetInformationToken (_In_ HANDLE TokenHandle, _In_ TOKEN_INFORMATION_CLASS TokenInformationClass, _In_reads_bytes_(TokenInformationLength) PVOID TokenInformation, _In_ ULONG TokenInformationLength)
 
_Must_inspect_result_ __kernel_entry NTSTATUS NTAPI NtDuplicateToken (_In_ HANDLE ExistingTokenHandle, _In_ ACCESS_MASK DesiredAccess, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ BOOLEAN EffectiveOnly, _In_ TOKEN_TYPE TokenType, _Out_ PHANDLE NewTokenHandle)
 
NTSTATUS NTAPI NtAdjustGroupsToken (IN HANDLE TokenHandle, IN BOOLEAN ResetToDefault, IN PTOKEN_GROUPS NewState, IN ULONG BufferLength, OUT PTOKEN_GROUPS PreviousState OPTIONAL, OUT PULONG ReturnLength)
 
static NTSTATUS SepAdjustPrivileges (_Inout_ PTOKEN Token, _In_ BOOLEAN DisableAllPrivileges, _In_opt_ PLUID_AND_ATTRIBUTES NewState, _In_ ULONG NewStateCount, _Out_opt_ PTOKEN_PRIVILEGES PreviousState, _In_ BOOLEAN ApplyChanges, _Out_ PULONG ChangedPrivileges, _Out_ PBOOLEAN ChangesMade)
 
_Must_inspect_result_ __kernel_entry NTSTATUS NTAPI NtAdjustPrivilegesToken (_In_ HANDLE TokenHandle, _In_ BOOLEAN DisableAllPrivileges, _In_opt_ PTOKEN_PRIVILEGES NewState, _In_ ULONG BufferLength, _Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_PRIVILEGES PreviousState, _When_(PreviousState!=NULL, _Out_) PULONG ReturnLength)
 
__kernel_entry NTSTATUS NTAPI NtCreateToken (_Out_ PHANDLE TokenHandle, _In_ ACCESS_MASK DesiredAccess, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ TOKEN_TYPE TokenType, _In_ PLUID AuthenticationId, _In_ PLARGE_INTEGER ExpirationTime, _In_ PTOKEN_USER TokenUser, _In_ PTOKEN_GROUPS TokenGroups, _In_ PTOKEN_PRIVILEGES TokenPrivileges, _In_opt_ PTOKEN_OWNER TokenOwner, _In_ PTOKEN_PRIMARY_GROUP TokenPrimaryGroup, _In_opt_ PTOKEN_DEFAULT_DACL TokenDefaultDacl, _In_ PTOKEN_SOURCE TokenSource)
 
NTSTATUS NTAPI NtOpenThreadTokenEx (IN HANDLE ThreadHandle, IN ACCESS_MASK DesiredAccess, IN BOOLEAN OpenAsSelf, IN ULONG HandleAttributes, OUT PHANDLE TokenHandle)
 
NTSTATUS NTAPI NtOpenThreadToken (IN HANDLE ThreadHandle, IN ACCESS_MASK DesiredAccess, IN BOOLEAN OpenAsSelf, OUT PHANDLE TokenHandle)
 
NTSTATUS NTAPI NtCompareTokens (IN HANDLE FirstTokenHandle, IN HANDLE SecondTokenHandle, OUT PBOOLEAN Equal)
 
NTSTATUS NTAPI NtFilterToken (IN HANDLE ExistingTokenHandle, IN ULONG Flags, IN PTOKEN_GROUPS SidsToDisable OPTIONAL, IN PTOKEN_PRIVILEGES PrivilegesToDelete OPTIONAL, IN PTOKEN_GROUPS RestrictedSids OPTIONAL, OUT PHANDLE NewTokenHandle)
 
NTSTATUS NTAPI NtImpersonateAnonymousToken (IN HANDLE Thread)
 

Variables

POBJECT_TYPE SeTokenObjectType = NULL
 
ERESOURCE SepTokenLock
 
TOKEN_SOURCE SeSystemTokenSource = {"*SYSTEM*", {0}}
 
LUID SeSystemAuthenticationId = SYSTEM_LUID
 
LUID SeAnonymousAuthenticationId = ANONYMOUS_LOGON_LUID
 
static GENERIC_MAPPING SepTokenMapping
 
static const INFORMATION_CLASS_INFO SeTokenInformationClass []
 

Macro Definition Documentation

◆ NDEBUG

#define NDEBUG

Definition at line 13 of file token.c.

Typedef Documentation

◆ PTOKEN_AUDIT_POLICY_INFORMATION

◆ TOKEN_AUDIT_POLICY_INFORMATION

Function Documentation

◆ NtAdjustGroupsToken()

NTSTATUS NTAPI NtAdjustGroupsToken ( IN HANDLE  TokenHandle,
IN BOOLEAN  ResetToDefault,
IN PTOKEN_GROUPS  NewState,
IN ULONG  BufferLength,
OUT PTOKEN_GROUPS PreviousState  OPTIONAL,
OUT PULONG  ReturnLength 
)

Definition at line 3083 of file token.c.

3089 {
3090  UNIMPLEMENTED;
3091  return STATUS_NOT_IMPLEMENTED;
3092 }
#define STATUS_NOT_IMPLEMENTED
Definition: ntstatus.h:225
#define UNIMPLEMENTED
Definition: debug.h:114

Referenced by AdjustTokenGroups().

◆ NtAdjustPrivilegesToken()

_Must_inspect_result_ __kernel_entry NTSTATUS NTAPI NtAdjustPrivilegesToken ( _In_ HANDLE  TokenHandle,
_In_ BOOLEAN  DisableAllPrivileges,
_In_opt_ PTOKEN_PRIVILEGES  NewState,
_In_ ULONG  BufferLength,
_Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_PRIVILEGES  PreviousState,
_When_(PreviousState!=NULL, _Out_) PULONG  ReturnLength 
)

Definition at line 3219 of file token.c.

3227 {
3228  NTSTATUS Status;
3230  PTOKEN Token;
3231  PLUID_AND_ATTRIBUTES CapturedPrivileges = NULL;
3232  ULONG CapturedCount = 0;
3233  ULONG CapturedLength = 0;
3234  ULONG NewStateSize = 0;
3235  ULONG ChangeCount;
3237  BOOLEAN ChangesMade = FALSE;
3238 
3239  PAGED_CODE();
3240 
3241  DPRINT("NtAdjustPrivilegesToken() called\n");
3242 
3243  /* Fail, if we do not disable all privileges but NewState is NULL */
3244  if (DisableAllPrivileges == FALSE && NewState == NULL)
3245  return STATUS_INVALID_PARAMETER;
3246 
3248  if (PreviousMode != KernelMode)
3249  {
3250  _SEH2_TRY
3251  {
3252  /* Probe NewState */
3253  if (DisableAllPrivileges == FALSE)
3254  {
3255  /* First probe the header */
3256  ProbeForRead(NewState, sizeof(TOKEN_PRIVILEGES), sizeof(ULONG));
3257 
3258  CapturedCount = NewState->PrivilegeCount;
3259  NewStateSize = FIELD_OFFSET(TOKEN_PRIVILEGES, Privileges[CapturedCount]);
3260 
3261  ProbeForRead(NewState, NewStateSize, sizeof(ULONG));
3262  }
3263 
3264  /* Probe PreviousState and ReturnLength */
3265  if (PreviousState != NULL)
3266  {
3268  ProbeForWrite(ReturnLength, sizeof(ULONG), sizeof(ULONG));
3269  }
3270  }
3272  {
3273  /* Return the exception code */
3275  }
3276  _SEH2_END;
3277  }
3278  else
3279  {
3280  /* This is kernel mode, we trust the caller */
3281  if (DisableAllPrivileges == FALSE)
3282  CapturedCount = NewState->PrivilegeCount;
3283  }
3284 
3285  /* Do we need to capture the new state? */
3286  if (DisableAllPrivileges == FALSE)
3287  {
3288  _SEH2_TRY
3289  {
3290  /* Capture the new state array of privileges */
3291  Status = SeCaptureLuidAndAttributesArray(NewState->Privileges,
3292  CapturedCount,
3293  PreviousMode,
3294  NULL,
3295  0,
3296  PagedPool,
3297  TRUE,
3298  &CapturedPrivileges,
3299  &CapturedLength);
3300  }
3302  {
3303  /* Return the exception code */
3305  }
3306  _SEH2_END;
3307 
3308  if (!NT_SUCCESS(Status))
3309  return Status;
3310  }
3311 
3312  /* Reference the token */
3316  PreviousMode,
3317  (PVOID*)&Token,
3318  NULL);
3319  if (!NT_SUCCESS(Status))
3320  {
3321  DPRINT1("Failed to reference token (Status 0x%lx)\n", Status);
3322 
3323  /* Release the captured privileges */
3324  if (CapturedPrivileges != NULL)
3325  {
3326  SeReleaseLuidAndAttributesArray(CapturedPrivileges,
3327  PreviousMode,
3328  TRUE);
3329  }
3330 
3331  return Status;
3332  }
3333 
3334  /* Lock the token */
3336 
3337  /* Count the privileges that need to be changed, do not apply them yet */
3339  DisableAllPrivileges,
3340  CapturedPrivileges,
3341  CapturedCount,
3342  NULL,
3343  FALSE,
3344  &ChangeCount,
3345  &ChangesMade);
3346 
3347  /* Check if the caller asked for the previous state */
3348  if (PreviousState != NULL)
3349  {
3350  /* Calculate the required length */
3352 
3353  /* Try to return the required buffer length */
3354  _SEH2_TRY
3355  {
3357  }
3359  {
3360  /* Do cleanup and return the exception code */
3362  _SEH2_YIELD(goto Cleanup);
3363  }
3364  _SEH2_END;
3365 
3366  /* Fail, if the buffer length is smaller than the required length */
3368  {
3370  goto Cleanup;
3371  }
3372  }
3373 
3374  /* Now enter SEH, since we might return the old privileges */
3375  _SEH2_TRY
3376  {
3377  /* This time apply the changes */
3379  DisableAllPrivileges,
3380  CapturedPrivileges,
3381  CapturedCount,
3382  PreviousState,
3383  TRUE,
3384  &ChangeCount,
3385  &ChangesMade);
3386  }
3388  {
3389  /* Do cleanup and return the exception code */
3391  ChangesMade = TRUE; // Force write.
3392  _SEH2_YIELD(goto Cleanup);
3393  }
3394  _SEH2_END;
3395 
3396 Cleanup:
3397  /* Touch the token if we made changes */
3398  if (ChangesMade)
3399  ExAllocateLocallyUniqueId(&Token->ModifiedId);
3400 
3401  /* Unlock and dereference the token */
3404 
3405  /* Release the captured privileges */
3406  if (CapturedPrivileges != NULL)
3407  {
3408  SeReleaseLuidAndAttributesArray(CapturedPrivileges,
3409  PreviousMode,
3410  TRUE);
3411  }
3412 
3413  DPRINT ("NtAdjustPrivilegesToken() done\n");
3414  return Status;
3415 }
#define SepAcquireTokenLockExclusive(Token)
Definition: se.h:200
IN CINT OUT PVOID IN ULONG OUT PULONG ReturnLength
Definition: dumpinfo.c:39
#define TRUE
Definition: types.h:120
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135
#define KeGetPreviousMode()
Definition: ketypes.h:1107
LONG NTSTATUS
Definition: precomp.h:26
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
VOID NTAPI SeReleaseLuidAndAttributesArray(PLUID_AND_ATTRIBUTES Privilege, KPROCESSOR_MODE PreviousMode, BOOLEAN CaptureIfKernel)
Definition: priv.c:387
VOID NTAPI ObDereferenceObject(IN PVOID Object)
Definition: obref.c:375
VOID NTAPI ProbeForWrite(IN PVOID Address, IN SIZE_T Length, IN ULONG Alignment)
Definition: exintrin.c:143
NTSTATUS NTAPI SeCaptureLuidAndAttributesArray(PLUID_AND_ATTRIBUTES Src, ULONG PrivilegeCount, KPROCESSOR_MODE PreviousMode, PLUID_AND_ATTRIBUTES AllocatedMem, ULONG AllocatedLength, POOL_TYPE PoolType, BOOLEAN CaptureIfKernel, PLUID_AND_ATTRIBUTES *Dest, PULONG Length)
Definition: priv.c:291
#define PAGED_CODE()
Definition: video.h:57
#define STATUS_BUFFER_TOO_SMALL
Definition: shellext.h:69
_SEH2_TRY
Definition: create.c:4250
NTSTATUS NTAPI ObReferenceObjectByHandle(IN HANDLE Handle, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, OUT PVOID *Object, OUT POBJECT_HANDLE_INFORMATION HandleInformation OPTIONAL)
Definition: obref.c:496
_In_ ULONG BufferLength
Definition: usbdlib.h:225
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:85
unsigned char BOOLEAN
smooth NULL
Definition: ftsmooth.c:416
POBJECT_TYPE SeTokenObjectType
Definition: token.c:34
void DPRINT(...)
Definition: polytest.cpp:61
_In_ ACCESS_MASK _In_ ULONG _Out_ PHANDLE TokenHandle
Definition: psfuncs.h:715
_In_ KPROCESSOR_MODE PreviousMode
Definition: sefuncs.h:103
static NTSTATUS SepAdjustPrivileges(_Inout_ PTOKEN Token, _In_ BOOLEAN DisableAllPrivileges, _In_opt_ PLUID_AND_ATTRIBUTES NewState, _In_ ULONG NewStateCount, _Out_opt_ PTOKEN_PRIVILEGES PreviousState, _In_ BOOLEAN ApplyChanges, _Out_ PULONG ChangedPrivileges, _Out_ PBOOLEAN ChangesMade)
Definition: token.c:3097
#define TOKEN_QUERY
Definition: setypes.h:874
#define _SEH2_YIELD(STMT_)
Definition: pseh2_64.h:8
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
CCHAR KPROCESSOR_MODE
Definition: ketypes.h:7
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET * Privileges
Definition: sefuncs.h:13
VOID NTAPI ProbeForRead(IN CONST VOID *Address, IN SIZE_T Length, IN ULONG Alignment)
Definition: exintrin.c:102
#define SepReleaseTokenLock(Token)
Definition: se.h:211
static const WCHAR Cleanup[]
Definition: register.c:80
Status
Definition: gdiplustypes.h:24
_In_ PLARGE_INTEGER _In_opt_ PTIMER_APC_ROUTINE _In_opt_ PVOID _In_ BOOLEAN _In_opt_ LONG _Out_opt_ PBOOLEAN PreviousState
Definition: zwfuncs.h:428
_SEH2_END
Definition: create.c:4424
_In_ ULONG _Out_opt_ PULONG RequiredLength
Definition: wmifuncs.h:29
VOID NTAPI ExAllocateLocallyUniqueId(OUT LUID *LocallyUniqueId)
Definition: uuid.c:340
#define FIELD_OFFSET(t, f)
Definition: typedefs.h:254
#define DPRINT1
Definition: precomp.h:8
unsigned int ULONG
Definition: retypes.h:1
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:6
#define _SEH2_GetExceptionCode()
Definition: pseh2_64.h:12
#define TOKEN_ADJUST_PRIVILEGES
Definition: setypes.h:876

Referenced by AdjustTokenPrivileges(), SmpAcquirePrivilege(), and SmpReleasePrivilege().

◆ NtCompareTokens()

NTSTATUS NTAPI NtCompareTokens ( IN HANDLE  FirstTokenHandle,
IN HANDLE  SecondTokenHandle,
OUT PBOOLEAN  Equal 
)

Definition at line 3872 of file token.c.

3875 {
3877  PTOKEN FirstToken, SecondToken;
3878  BOOLEAN IsEqual;
3879  NTSTATUS Status;
3880 
3881  PAGED_CODE();
3882 
3884 
3885  if (PreviousMode != KernelMode)
3886  {
3887  _SEH2_TRY
3888  {
3889  ProbeForWriteBoolean(Equal);
3890  }
3892  {
3893  /* Return the exception code */
3895  }
3896  _SEH2_END;
3897  }
3898 
3899  Status = ObReferenceObjectByHandle(FirstTokenHandle,
3900  TOKEN_QUERY,
3902  PreviousMode,
3903  (PVOID*)&FirstToken,
3904  NULL);
3905  if (!NT_SUCCESS(Status))
3906  return Status;
3907 
3908  Status = ObReferenceObjectByHandle(SecondTokenHandle,
3909  TOKEN_QUERY,
3911  PreviousMode,
3912  (PVOID*)&SecondToken,
3913  NULL);
3914  if (!NT_SUCCESS(Status))
3915  {
3916  ObDereferenceObject(FirstToken);
3917  return Status;
3918  }
3919 
3920  if (FirstToken != SecondToken)
3921  {
3922  Status = SepCompareTokens(FirstToken,
3923  SecondToken,
3924  &IsEqual);
3925  }
3926  else
3927  {
3928  IsEqual = TRUE;
3929  }
3930 
3931  ObDereferenceObject(SecondToken);
3932  ObDereferenceObject(FirstToken);
3933 
3934  if (NT_SUCCESS(Status))
3935  {
3936  _SEH2_TRY
3937  {
3938  *Equal = IsEqual;
3939  }
3941  {
3943  }
3944  _SEH2_END;
3945  }
3946 
3947  return Status;
3948 }
#define TRUE
Definition: types.h:120
LONG NTSTATUS
Definition: precomp.h:26
KPROCESSOR_MODE NTAPI ExGetPreviousMode(VOID)
Definition: sysinfo.c:3066
VOID NTAPI ObDereferenceObject(IN PVOID Object)
Definition: obref.c:375
#define PAGED_CODE()
Definition: video.h:57
_SEH2_TRY
Definition: create.c:4250
NTSTATUS NTAPI ObReferenceObjectByHandle(IN HANDLE Handle, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, OUT PVOID *Object, OUT POBJECT_HANDLE_INFORMATION HandleInformation OPTIONAL)
Definition: obref.c:496
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:85
unsigned char BOOLEAN
smooth NULL
Definition: ftsmooth.c:416
POBJECT_TYPE SeTokenObjectType
Definition: token.c:34
_In_ KPROCESSOR_MODE PreviousMode
Definition: sefuncs.h:103
#define TOKEN_QUERY
Definition: setypes.h:874
#define _SEH2_YIELD(STMT_)
Definition: pseh2_64.h:8
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
#define ProbeForWriteBoolean(Ptr)
Definition: probe.h:31
CCHAR KPROCESSOR_MODE
Definition: ketypes.h:7
Status
Definition: gdiplustypes.h:24
_SEH2_END
Definition: create.c:4424
LONG NTAPI ExSystemExceptionFilter(VOID)
Definition: harderr.c:351
static NTSTATUS SepCompareTokens(IN PTOKEN FirstToken, IN PTOKEN SecondToken, OUT PBOOLEAN Equal)
Definition: token.c:92
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:6
#define _SEH2_GetExceptionCode()
Definition: pseh2_64.h:12

◆ NtCreateToken()

__kernel_entry NTSTATUS NTAPI NtCreateToken ( _Out_ PHANDLE  TokenHandle,
_In_ ACCESS_MASK  DesiredAccess,
_In_opt_ POBJECT_ATTRIBUTES  ObjectAttributes,
_In_ TOKEN_TYPE  TokenType,
_In_ PLUID  AuthenticationId,
_In_ PLARGE_INTEGER  ExpirationTime,
_In_ PTOKEN_USER  TokenUser,
_In_ PTOKEN_GROUPS  TokenGroups,
_In_ PTOKEN_PRIVILEGES  TokenPrivileges,
_In_opt_ PTOKEN_OWNER  TokenOwner,
_In_ PTOKEN_PRIMARY_GROUP  TokenPrimaryGroup,
_In_opt_ PTOKEN_DEFAULT_DACL  TokenDefaultDacl,
_In_ PTOKEN_SOURCE  TokenSource 
)

Definition at line 3420 of file token.c.

3434 {
3435  HANDLE hToken;
3437  ULONG PrivilegeCount, GroupCount;
3438  PSID OwnerSid, PrimaryGroupSid;
3439  PACL DefaultDacl;
3440  LARGE_INTEGER LocalExpirationTime = {{0, 0}};
3441  LUID LocalAuthenticationId;
3442  TOKEN_SOURCE LocalTokenSource;
3443  SECURITY_QUALITY_OF_SERVICE LocalSecurityQos;
3444  PLUID_AND_ATTRIBUTES CapturedPrivileges = NULL;
3445  PSID_AND_ATTRIBUTES CapturedUser = NULL;
3446  PSID_AND_ATTRIBUTES CapturedGroups = NULL;
3447  PSID CapturedOwnerSid = NULL;
3448  PSID CapturedPrimaryGroupSid = NULL;
3449  PACL CapturedDefaultDacl = NULL;
3450  ULONG PrivilegesLength, UserLength, GroupsLength;
3451  NTSTATUS Status;
3452 
3453  PAGED_CODE();
3454 
3456 
3457  if (PreviousMode != KernelMode)
3458  {
3459  _SEH2_TRY
3460  {
3462 
3463  if (ObjectAttributes != NULL)
3464  {
3466  sizeof(OBJECT_ATTRIBUTES),
3467  sizeof(ULONG));
3468  LocalSecurityQos = *(SECURITY_QUALITY_OF_SERVICE*)ObjectAttributes->SecurityQualityOfService;
3469  }
3470 
3471  ProbeForRead(AuthenticationId,
3472  sizeof(LUID),
3473  sizeof(ULONG));
3474  LocalAuthenticationId = *AuthenticationId;
3475 
3476  LocalExpirationTime = ProbeForReadLargeInteger(ExpirationTime);
3477 
3479  sizeof(TOKEN_USER),
3480  sizeof(ULONG));
3481 
3483  sizeof(TOKEN_GROUPS),
3484  sizeof(ULONG));
3485  GroupCount = TokenGroups->GroupCount;
3486 
3488  sizeof(TOKEN_PRIVILEGES),
3489  sizeof(ULONG));
3490  PrivilegeCount = TokenPrivileges->PrivilegeCount;
3491 
3492  if (TokenOwner != NULL)
3493  {
3495  sizeof(TOKEN_OWNER),
3496  sizeof(ULONG));
3497  OwnerSid = TokenOwner->Owner;
3498  }
3499  else
3500  {
3501  OwnerSid = NULL;
3502  }
3503 
3505  sizeof(TOKEN_PRIMARY_GROUP),
3506  sizeof(ULONG));
3507  PrimaryGroupSid = TokenPrimaryGroup->PrimaryGroup;
3508 
3509  if (TokenDefaultDacl != NULL)
3510  {
3512  sizeof(TOKEN_DEFAULT_DACL),
3513  sizeof(ULONG));
3514  DefaultDacl = TokenDefaultDacl->DefaultDacl;
3515  }
3516  else
3517  {
3518  DefaultDacl = NULL;
3519  }
3520 
3522  sizeof(TOKEN_SOURCE),
3523  sizeof(ULONG));
3524  LocalTokenSource = *TokenSource;
3525  }
3527  {
3528  /* Return the exception code */
3530  }
3531  _SEH2_END;
3532  }
3533  else
3534  {
3535  if (ObjectAttributes != NULL)
3536  LocalSecurityQos = *(SECURITY_QUALITY_OF_SERVICE*)ObjectAttributes->SecurityQualityOfService;
3537  LocalAuthenticationId = *AuthenticationId;
3538  LocalExpirationTime = *ExpirationTime;
3539  GroupCount = TokenGroups->GroupCount;
3540  PrivilegeCount = TokenPrivileges->PrivilegeCount;
3541  OwnerSid = TokenOwner ? TokenOwner->Owner : NULL;
3542  PrimaryGroupSid = TokenPrimaryGroup->PrimaryGroup;
3543  DefaultDacl = TokenDefaultDacl ? TokenDefaultDacl->DefaultDacl : NULL;
3544  LocalTokenSource = *TokenSource;
3545  }
3546 
3547  /* Check token type */
3548  if ((TokenType < TokenPrimary) ||
3550  {
3551  return STATUS_BAD_TOKEN_TYPE;
3552  }
3553 
3554  /* Check for token creation privilege */
3556  {
3558  }
3559 
3560  /* Capture the user SID and attributes */
3562  1,
3563  PreviousMode,
3564  NULL,
3565  0,
3566  PagedPool,
3567  FALSE,
3568  &CapturedUser,
3569  &UserLength);
3570  if (!NT_SUCCESS(Status))
3571  {
3572  goto Cleanup;
3573  }
3574 
3575  /* Capture the groups SID and attributes array */
3577  GroupCount,
3578  PreviousMode,
3579  NULL,
3580  0,
3581  PagedPool,
3582  FALSE,
3583  &CapturedGroups,
3584  &GroupsLength);
3585  if (!NT_SUCCESS(Status))
3586  {
3587  goto Cleanup;
3588  }
3589 
3590  /* Capture privileges */
3592  PrivilegeCount,
3593  PreviousMode,
3594  NULL,
3595  0,
3596  PagedPool,
3597  FALSE,
3598  &CapturedPrivileges,
3599  &PrivilegesLength);
3600  if (!NT_SUCCESS(Status))
3601  {
3602  goto Cleanup;
3603  }
3604 
3605  /* Capture the token owner SID */
3606  if (TokenOwner != NULL)
3607  {
3608  Status = SepCaptureSid(OwnerSid,
3609  PreviousMode,
3610  PagedPool,
3611  FALSE,
3612  &CapturedOwnerSid);
3613  if (!NT_SUCCESS(Status))
3614  {
3615  goto Cleanup;
3616  }
3617  }
3618 
3619  /* Capture the token primary group SID */
3620  Status = SepCaptureSid(PrimaryGroupSid,
3621  PreviousMode,
3622  PagedPool,
3623  FALSE,
3624  &CapturedPrimaryGroupSid);
3625  if (!NT_SUCCESS(Status))
3626  {
3627  goto Cleanup;
3628  }
3629 
3630  /* Capture DefaultDacl */
3631  if (DefaultDacl != NULL)
3632  {
3633  Status = SepCaptureAcl(DefaultDacl,
3634  PreviousMode,
3635  NonPagedPool,
3636  FALSE,
3637  &CapturedDefaultDacl);
3638  if (!NT_SUCCESS(Status))
3639  {
3640  goto Cleanup;
3641  }
3642  }
3643 
3644  /* Call the internal function */
3645  Status = SepCreateToken(&hToken,
3646  PreviousMode,
3647  DesiredAccess,
3649  TokenType,
3650  LocalSecurityQos.ImpersonationLevel,
3651  &LocalAuthenticationId,
3652  &LocalExpirationTime,
3653  CapturedUser,
3654  GroupCount,
3655  CapturedGroups,
3656  0, // FIXME: Should capture
3657  PrivilegeCount,
3658  CapturedPrivileges,
3659  CapturedOwnerSid,
3660  CapturedPrimaryGroupSid,
3661  CapturedDefaultDacl,
3662  &LocalTokenSource,
3663  FALSE);
3664  if (NT_SUCCESS(Status))
3665  {
3666  _SEH2_TRY
3667  {
3668  *TokenHandle = hToken;
3669  }
3671  {
3673  }
3674  _SEH2_END;
3675  }
3676 
3677 Cleanup:
3678 
3679  /* Release what we captured */
3682  SeReleaseLuidAndAttributesArray(CapturedPrivileges, PreviousMode, FALSE);
3683  SepReleaseSid(CapturedOwnerSid, PreviousMode, FALSE);
3684  SepReleaseSid(CapturedPrimaryGroupSid, PreviousMode, FALSE);
3685  SepReleaseAcl(CapturedDefaultDacl, PreviousMode, FALSE);
3686 
3687  return Status;
3688 }
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:35
#define STATUS_PRIVILEGE_NOT_HELD
Definition: DriverTester.h:9
const LUID SeCreateTokenPrivilege
Definition: priv.c:23
VOID NTAPI SeReleaseSidAndAttributesArray(_In_ _Post_invalid_ PSID_AND_ATTRIBUTES CapturedSidAndAttributes, _In_ KPROCESSOR_MODE AccessMode, _In_ BOOLEAN CaptureIfKernel)
Definition: sid.c:559
LONG NTSTATUS
Definition: precomp.h:26
VOID NTAPI SeReleaseLuidAndAttributesArray(PLUID_AND_ATTRIBUTES Privilege, KPROCESSOR_MODE PreviousMode, BOOLEAN CaptureIfKernel)
Definition: priv.c:387
BOOLEAN NTAPI SeSinglePrivilegeCheck(IN LUID PrivilegeValue, IN KPROCESSOR_MODE PreviousMode)
Definition: priv.c:524
KPROCESSOR_MODE NTAPI ExGetPreviousMode(VOID)
Definition: sysinfo.c:3066
NTSTATUS NTAPI SeCaptureLuidAndAttributesArray(PLUID_AND_ATTRIBUTES Src, ULONG PrivilegeCount, KPROCESSOR_MODE PreviousMode, PLUID_AND_ATTRIBUTES AllocatedMem, ULONG AllocatedLength, POOL_TYPE PoolType, BOOLEAN CaptureIfKernel, PLUID_AND_ATTRIBUTES *Dest, PULONG Length)
Definition: priv.c:291
#define PAGED_CODE()
Definition: video.h:57
_SEH2_TRY
Definition: create.c:4250
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:85
#define STATUS_BAD_TOKEN_TYPE
Definition: ntstatus.h:390
smooth NULL
Definition: ftsmooth.c:416
NTSTATUS NTAPI SepCaptureAcl(IN PACL InputAcl, IN KPROCESSOR_MODE AccessMode, IN POOL_TYPE PoolType, IN BOOLEAN CaptureIfKernel, OUT PACL *CapturedAcl)
Definition: acl.c:277
NTSTATUS NTAPI SepCreateToken(_Out_ PHANDLE TokenHandle, _In_ KPROCESSOR_MODE PreviousMode, _In_ ACCESS_MASK DesiredAccess, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ TOKEN_TYPE TokenType, _In_ SECURITY_IMPERSONATION_LEVEL ImpersonationLevel, _In_ PLUID AuthenticationId, _In_ PLARGE_INTEGER ExpirationTime, _In_ PSID_AND_ATTRIBUTES User, _In_ ULONG GroupCount, _In_ PSID_AND_ATTRIBUTES Groups, _In_ ULONG GroupsLength, _In_ ULONG PrivilegeCount, _In_ PLUID_AND_ATTRIBUTES Privileges, _In_opt_ PSID Owner, _In_ PSID PrimaryGroup, _In_opt_ PACL DefaultDacl, _In_ PTOKEN_SOURCE TokenSource, _In_ BOOLEAN SystemToken)
Definition: token.c:882
_In_ ACCESS_MASK _In_ ULONG _Out_ PHANDLE TokenHandle
Definition: psfuncs.h:715
_In_ KPROCESSOR_MODE PreviousMode
Definition: sefuncs.h:103
#define _SEH2_YIELD(STMT_)
Definition: pseh2_64.h:8
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
VOID NTAPI SepReleaseAcl(IN PACL CapturedAcl, IN KPROCESSOR_MODE AccessMode, IN BOOLEAN CaptureIfKernel)
Definition: acl.c:365
#define ProbeForWriteHandle(Ptr)
Definition: probe.h:43
#define ProbeForReadLargeInteger(Ptr)
Definition: probe.h:75
CCHAR KPROCESSOR_MODE
Definition: ketypes.h:7
VOID NTAPI ProbeForRead(IN CONST VOID *Address, IN SIZE_T Length, IN ULONG Alignment)
Definition: exintrin.c:102
NTSTATUS NTAPI SeCaptureSidAndAttributesArray(_In_ PSID_AND_ATTRIBUTES SrcSidAndAttributes, _In_ ULONG AttributeCount, _In_ KPROCESSOR_MODE PreviousMode, _In_opt_ PVOID AllocatedMem, _In_ ULONG AllocatedLength, _In_ POOL_TYPE PoolType, _In_ BOOLEAN CaptureIfKernel, _Out_ PSID_AND_ATTRIBUTES *CapturedSidAndAttributes, _Out_ PULONG ResultLength)
Definition: sid.c:358
static const WCHAR Cleanup[]
Definition: register.c:80
Status
Definition: gdiplustypes.h:24
_SEH2_END
Definition: create.c:4424
_In_ PIO_STACK_LOCATION _Inout_ PFILE_OBJECT _Inout_ PVCB _Outptr_result_maybenull_ PDCB _In_ PDCB _In_ PDIRENT _In_ ULONG _In_ ULONG _In_ PUNICODE_STRING _In_ PACCESS_MASK DesiredAccess
Definition: create.c:4157
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
Definition: lsa.idl:65
VOID NTAPI SepReleaseSid(IN PSID CapturedSid, IN KPROCESSOR_MODE AccessMode, IN BOOLEAN CaptureIfKernel)
Definition: sid.c:342
unsigned int ULONG
Definition: retypes.h:1
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:6
#define _SEH2_GetExceptionCode()
Definition: pseh2_64.h:12
NTSTATUS NTAPI SepCaptureSid(IN PSID InputSid, IN KPROCESSOR_MODE AccessMode, IN POOL_TYPE PoolType, IN BOOLEAN CaptureIfKernel, OUT PSID *CapturedSid)
Definition: sid.c:274
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN _In_ TOKEN_TYPE TokenType
Definition: sefuncs.h:417

Referenced by LsapLogonUser().

◆ NtDuplicateToken()

_Must_inspect_result_ __kernel_entry NTSTATUS NTAPI NtDuplicateToken ( _In_ HANDLE  ExistingTokenHandle,
_In_ ACCESS_MASK  DesiredAccess,
_In_opt_ POBJECT_ATTRIBUTES  ObjectAttributes,
_In_ BOOLEAN  EffectiveOnly,
_In_ TOKEN_TYPE  TokenType,
_Out_ PHANDLE  NewTokenHandle 
)

Definition at line 2941 of file token.c.

2948 {
2950  HANDLE hToken;
2951  PTOKEN Token;
2952  PTOKEN NewToken;
2953  PSECURITY_QUALITY_OF_SERVICE CapturedSecurityQualityOfService;
2954  BOOLEAN QoSPresent;
2956  NTSTATUS Status;
2957 
2958  PAGED_CODE();
2959 
2960  if (TokenType != TokenImpersonation &&
2962  {
2963  return STATUS_INVALID_PARAMETER;
2964  }
2965 
2967 
2968  if (PreviousMode != KernelMode)
2969  {
2970  _SEH2_TRY
2971  {
2973  }
2975  {
2976  /* Return the exception code */
2978  }
2979  _SEH2_END;
2980  }
2981 
2983  PreviousMode,
2984  PagedPool,
2985  FALSE,
2986  &CapturedSecurityQualityOfService,
2987  &QoSPresent);
2988  if (!NT_SUCCESS(Status))
2989  {
2990  DPRINT1("NtDuplicateToken() failed to capture QoS! Status: 0x%x\n", Status);
2991  return Status;
2992  }
2993 
2994  Status = ObReferenceObjectByHandle(ExistingTokenHandle,
2997  PreviousMode,
2998  (PVOID*)&Token,
3000  if (!NT_SUCCESS(Status))
3001  {
3002  DPRINT1("Failed to reference token (Status 0x%lx)\n", Status);
3003  SepReleaseSecurityQualityOfService(CapturedSecurityQualityOfService,
3004  PreviousMode,
3005  FALSE);
3006  return Status;
3007  }
3008 
3009  /*
3010  * Fail, if the original token is an impersonation token and the caller
3011  * tries to raise the impersonation level of the new token above the
3012  * impersonation level of the original token.
3013  */
3014  if (Token->TokenType == TokenImpersonation)
3015  {
3016  if (QoSPresent &&
3017  CapturedSecurityQualityOfService->ImpersonationLevel >Token->ImpersonationLevel)
3018  {
3020  SepReleaseSecurityQualityOfService(CapturedSecurityQualityOfService,
3021  PreviousMode,
3022  FALSE);
3024  }
3025  }
3026 
3027  /*
3028  * Fail, if a primary token is to be created from an impersonation token
3029  * and and the impersonation level of the impersonation token is below SecurityImpersonation.
3030  */
3031  if (Token->TokenType == TokenImpersonation &&
3032  TokenType == TokenPrimary &&
3033  Token->ImpersonationLevel < SecurityImpersonation)
3034  {
3036  SepReleaseSecurityQualityOfService(CapturedSecurityQualityOfService,
3037  PreviousMode,
3038  FALSE);
3040  }
3041 
3044  EffectiveOnly,
3045  TokenType,
3046  (QoSPresent ? CapturedSecurityQualityOfService->ImpersonationLevel : SecurityAnonymous),
3047  PreviousMode,
3048  &NewToken);
3049 
3051 
3052  if (NT_SUCCESS(Status))
3053  {
3054  Status = ObInsertObject(NewToken,
3055  NULL,
3056  (DesiredAccess ? DesiredAccess : HandleInformation.GrantedAccess),
3057  0,
3058  NULL,
3059  &hToken);
3060  if (NT_SUCCESS(Status))
3061  {
3062  _SEH2_TRY
3063  {
3064  *NewTokenHandle = hToken;
3065  }
3067  {
3069  }
3070  _SEH2_END;
3071  }
3072  }
3073 
3074  /* Free the captured structure */
3075  SepReleaseSecurityQualityOfService(CapturedSecurityQualityOfService,
3076  PreviousMode,
3077  FALSE);
3078 
3079  return Status;
3080 }
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:35
#define STATUS_BAD_IMPERSONATION_LEVEL
Definition: ntstatus.h:387
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135
#define KeGetPreviousMode()
Definition: ketypes.h:1107
LONG NTSTATUS
Definition: precomp.h:26
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
NTSTATUS NTAPI SepCaptureSecurityQualityOfService(IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, IN KPROCESSOR_MODE AccessMode, IN POOL_TYPE PoolType, IN BOOLEAN CaptureIfKernel, OUT PSECURITY_QUALITY_OF_SERVICE *CapturedSecurityQualityOfService, OUT PBOOLEAN Present)
Definition: sd.c:211
VOID NTAPI ObDereferenceObject(IN PVOID Object)
Definition: obref.c:375
#define PAGED_CODE()
Definition: video.h:57
_SEH2_TRY
Definition: create.c:4250
NTSTATUS NTAPI SepDuplicateToken(_In_ PTOKEN Token, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ BOOLEAN EffectiveOnly, _In_ TOKEN_TYPE TokenType, _In_ SECURITY_IMPERSONATION_LEVEL Level, _In_ KPROCESSOR_MODE PreviousMode, _Out_ PTOKEN *NewAccessToken)
Definition: token.c:441
NTSTATUS NTAPI ObReferenceObjectByHandle(IN HANDLE Handle, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, OUT PVOID *Object, OUT POBJECT_HANDLE_INFORMATION HandleInformation OPTIONAL)
Definition: obref.c:496
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN _In_ TOKEN_TYPE _Out_ PHANDLE NewTokenHandle
Definition: sefuncs.h:417
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:85
unsigned char BOOLEAN
smooth NULL
Definition: ftsmooth.c:416
POBJECT_TYPE SeTokenObjectType
Definition: token.c:34
_In_ KPROCESSOR_MODE PreviousMode
Definition: sefuncs.h:103
#define _SEH2_YIELD(STMT_)
Definition: pseh2_64.h:8
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
#define ProbeForWriteHandle(Ptr)
Definition: probe.h:43
_In_ ACCESS_MASK _In_opt_ POBJECT_TYPE _In_ KPROCESSOR_MODE _Out_ PVOID _Out_opt_ POBJECT_HANDLE_INFORMATION HandleInformation
Definition: obfuncs.h:40
VOID NTAPI SepReleaseSecurityQualityOfService(IN PSECURITY_QUALITY_OF_SERVICE CapturedSecurityQualityOfService OPTIONAL, IN KPROCESSOR_MODE AccessMode, IN BOOLEAN CaptureIfKernel)
Definition: sd.c:367
CCHAR KPROCESSOR_MODE
Definition: ketypes.h:7
#define TOKEN_DUPLICATE
Definition: setypes.h:872
Status
Definition: gdiplustypes.h:24
_SEH2_END
Definition: create.c:4424
NTSTATUS NTAPI ObInsertObject(IN PVOID Object, IN PACCESS_STATE AccessState OPTIONAL, IN ACCESS_MASK DesiredAccess, IN ULONG ObjectPointerBias, OUT PVOID *NewObject OPTIONAL, OUT PHANDLE Handle)
Definition: obhandle.c:2932
_In_ PIO_STACK_LOCATION _Inout_ PFILE_OBJECT _Inout_ PVCB _Outptr_result_maybenull_ PDCB _In_ PDCB _In_ PDIRENT _In_ ULONG _In_ ULONG _In_ PUNICODE_STRING _In_ PACCESS_MASK DesiredAccess
Definition: create.c:4157
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
Definition: lsa.idl:65
#define DPRINT1
Definition: precomp.h:8
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:6
#define _SEH2_GetExceptionCode()
Definition: pseh2_64.h:12
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN EffectiveOnly
Definition: sefuncs.h:417
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN _In_ TOKEN_TYPE TokenType
Definition: sefuncs.h:417

Referenced by CreateProcessAsUserCommon(), DuplicateTokenEx(), and ImpersonateLoggedOnUser().

◆ NtFilterToken()

NTSTATUS NTAPI NtFilterToken ( IN HANDLE  ExistingTokenHandle,
IN ULONG  Flags,
IN PTOKEN_GROUPS SidsToDisable  OPTIONAL,
IN PTOKEN_PRIVILEGES PrivilegesToDelete  OPTIONAL,
IN PTOKEN_GROUPS RestrictedSids  OPTIONAL,
OUT PHANDLE  NewTokenHandle 
)

Definition at line 3952 of file token.c.

3958 {
3959  UNIMPLEMENTED;
3960  return STATUS_NOT_IMPLEMENTED;
3961 }
#define STATUS_NOT_IMPLEMENTED
Definition: ntstatus.h:225
#define UNIMPLEMENTED
Definition: debug.h:114

◆ NtImpersonateAnonymousToken()

NTSTATUS NTAPI NtImpersonateAnonymousToken ( IN HANDLE  Thread)

Definition at line 3968 of file token.c.

3969 {
3970  UNIMPLEMENTED;
3971  return STATUS_NOT_IMPLEMENTED;
3972 }
#define STATUS_NOT_IMPLEMENTED
Definition: ntstatus.h:225
#define UNIMPLEMENTED
Definition: debug.h:114

Referenced by ImpersonateAnonymousToken().

◆ NtOpenThreadToken()

NTSTATUS NTAPI NtOpenThreadToken ( IN HANDLE  ThreadHandle,
IN ACCESS_MASK  DesiredAccess,
IN BOOLEAN  OpenAsSelf,
OUT PHANDLE  TokenHandle 
)

Definition at line 3858 of file token.c.

3862 {
3863  return NtOpenThreadTokenEx(ThreadHandle, DesiredAccess, OpenAsSelf, 0,
3864  TokenHandle);
3865 }
NTSTATUS NTAPI NtOpenThreadTokenEx(IN HANDLE ThreadHandle, IN ACCESS_MASK DesiredAccess, IN BOOLEAN OpenAsSelf, IN ULONG HandleAttributes, OUT PHANDLE TokenHandle)
Definition: token.c:3695
_In_ ACCESS_MASK _In_ ULONG _Out_ PHANDLE TokenHandle
Definition: psfuncs.h:715
_In_ PIO_STACK_LOCATION _Inout_ PFILE_OBJECT _Inout_ PVCB _Outptr_result_maybenull_ PDCB _In_ PDCB _In_ PDIRENT _In_ ULONG _In_ ULONG _In_ PUNICODE_STRING _In_ PACCESS_MASK DesiredAccess
Definition: create.c:4157
_In_ ACCESS_MASK _In_ BOOLEAN OpenAsSelf
Definition: zwfuncs.h:699

Referenced by BaseGetNamedObjectDirectory(), CheckTokenMembership(), CsrGetProcessLuid(), GetCallerLuid(), LsarSetSecurityObject(), NpGetUserNamep(), OpenThreadToken(), RSetServiceObjectSecurity(), RtlDefaultNpAcl(), RtlNewSecurityGrantedAccess(), RtlpGetImpersonationToken(), and START_TEST().

◆ NtOpenThreadTokenEx()

NTSTATUS NTAPI NtOpenThreadTokenEx ( IN HANDLE  ThreadHandle,
IN ACCESS_MASK  DesiredAccess,
IN BOOLEAN  OpenAsSelf,
IN ULONG  HandleAttributes,
OUT PHANDLE  TokenHandle 
)

Definition at line 3695 of file token.c.

3700 {
3701  PETHREAD Thread, NewThread;
3702  HANDLE hToken;
3703  PTOKEN Token, NewToken = NULL, PrimaryToken;
3709  PACL Dacl = NULL;
3711  NTSTATUS Status;
3712  BOOLEAN RestoreImpersonation = FALSE;
3713 
3714  PAGED_CODE();
3715 
3717 
3718  if (PreviousMode != KernelMode)
3719  {
3720  _SEH2_TRY
3721  {
3723  }
3725  {
3726  /* Return the exception code */
3728  }
3729  _SEH2_END;
3730  }
3731 
3732  /* Validate object attributes */
3734 
3735  /*
3736  * At first open the thread token for information access and verify
3737  * that the token associated with thread is valid.
3738  */
3739 
3742  NULL);
3743  if (!NT_SUCCESS(Status))
3744  {
3745  return Status;
3746  }
3747 
3750  if (Token == NULL)
3751  {
3753  return STATUS_NO_TOKEN;
3754  }
3755 
3757  {
3761  }
3762 
3763  /*
3764  * Revert to self if OpenAsSelf is specified.
3765  */
3766 
3767  if (OpenAsSelf)
3768  {
3769  RestoreImpersonation = PsDisableImpersonation(PsGetCurrentThread(),
3771  }
3772 
3773  if (CopyOnOpen)
3774  {
3777  (PVOID*)&NewThread, NULL);
3778  if (NT_SUCCESS(Status))
3779  {
3780  PrimaryToken = PsReferencePrimaryToken(NewThread->ThreadsProcess);
3781 
3782  Status = SepCreateImpersonationTokenDacl(Token, PrimaryToken, &Dacl);
3783 
3784  ObFastDereferenceObject(&NewThread->ThreadsProcess->Token, PrimaryToken);
3785 
3786  if (NT_SUCCESS(Status))
3787  {
3788  if (Dacl)
3789  {
3793  FALSE);
3794  }
3795 
3798 
3801  KernelMode, &NewToken);
3802  if (NT_SUCCESS(Status))
3803  {
3804  ObReferenceObject(NewToken);
3805  Status = ObInsertObject(NewToken, NULL, DesiredAccess, 0, NULL,
3806  &hToken);
3807  }
3808  }
3809  }
3810  }
3811  else
3812  {
3815  PreviousMode, &hToken);
3816  }
3817 
3819 
3820  if (RestoreImpersonation)
3821  {
3823  }
3824 
3826 
3827  if (NT_SUCCESS(Status) && CopyOnOpen)
3828  {
3830  }
3831 
3832  if (NewToken) ObDereferenceObject(NewToken);
3833 
3834  if (CopyOnOpen && NewThread) ObDereferenceObject(NewThread);
3835 
3837 
3838  if (NT_SUCCESS(Status))
3839  {
3840  _SEH2_TRY
3841  {
3842  *TokenHandle = hToken;
3843  }
3845  {
3847  }
3848  _SEH2_END;
3849  }
3850 
3851  return Status;
3852 }
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:35
NTSTATUS NTAPI PsImpersonateClient(IN PETHREAD Thread, IN PACCESS_TOKEN Token, IN BOOLEAN CopyOnOpen, IN BOOLEAN EffectiveOnly, IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel)
Definition: security.c:610
_In_ HANDLE _In_opt_ HANDLE _Out_opt_ PHANDLE _In_ ACCESS_MASK _In_ ULONG HandleAttributes
Definition: obfuncs.h:429
#define THREAD_ALL_ACCESS
Definition: nt_native.h:1339
#define TRUE
Definition: types.h:120
_Inout_ PSE_IMPERSONATION_STATE ImpersonationState
Definition: psfuncs.h:189
#define PsGetCurrentThread()
Definition: env_spec_w32.h:81
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:182
#define STATUS_CANT_OPEN_ANONYMOUS
Definition: ntstatus.h:388
LONG NTSTATUS
Definition: precomp.h:26
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
_Out_ PBOOLEAN CopyOnOpen
Definition: psfuncs.h:154
KPROCESSOR_MODE NTAPI ExGetPreviousMode(VOID)
Definition: sysinfo.c:3066
VOID NTAPI ObDereferenceObject(IN PVOID Object)
Definition: obref.c:375
NTSYSAPI NTSTATUS NTAPI RtlCreateSecurityDescriptor(_Out_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ ULONG Revision)
NTSTATUS NTAPI ObOpenObjectByPointer(IN PVOID Object, IN ULONG HandleAttributes, IN PACCESS_STATE PassedAccessState, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, OUT PHANDLE Handle)
Definition: obhandle.c:2739
#define PAGED_CODE()
Definition: video.h:57
_SEH2_TRY
Definition: create.c:4250
#define SECURITY_DESCRIPTOR_REVISION
Definition: setypes.h:58
NTSTATUS NTAPI SepDuplicateToken(_In_ PTOKEN Token, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ BOOLEAN EffectiveOnly, _In_ TOKEN_TYPE TokenType, _In_ SECURITY_IMPERSONATION_LEVEL Level, _In_ KPROCESSOR_MODE PreviousMode, _Out_ PTOKEN *NewAccessToken)
Definition: token.c:441
NTSTATUS NTAPI ObReferenceObjectByHandle(IN HANDLE Handle, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, OUT PVOID *Object, OUT POBJECT_HANDLE_INFORMATION HandleInformation OPTIONAL)
Definition: obref.c:496
enum _SECURITY_IMPERSONATION_LEVEL SECURITY_IMPERSONATION_LEVEL
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:85
VOID NTAPI PsRestoreImpersonation(IN PETHREAD Thread, IN PSE_IMPERSONATION_STATE ImpersonationState)
Definition: security.c:898
unsigned char BOOLEAN
smooth NULL
Definition: ftsmooth.c:416
POBJECT_TYPE SeTokenObjectType
Definition: token.c:34
NTSYSAPI NTSTATUS WINAPI RtlSetDaclSecurityDescriptor(PSECURITY_DESCRIPTOR, BOOLEAN, PACL, BOOLEAN)
_In_ ACCESS_MASK _In_ ULONG _Out_ PHANDLE TokenHandle
Definition: psfuncs.h:715
BOOLEAN NTAPI PsDisableImpersonation(IN PETHREAD Thread, OUT PSE_IMPERSONATION_STATE ImpersonationState)
Definition: security.c:848
_In_ KPROCESSOR_MODE PreviousMode
Definition: sefuncs.h:103
#define _SEH2_YIELD(STMT_)
Definition: pseh2_64.h:8
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
_Out_ PBOOLEAN _Out_ PBOOLEAN _Out_ PSECURITY_IMPERSONATION_LEVEL ImpersonationLevel
Definition: psfuncs.h:154
#define ProbeForWriteHandle(Ptr)
Definition: probe.h:43
_In_opt_ PFILE_OBJECT _In_opt_ PETHREAD Thread
Definition: fltkernel.h:2653
#define STATUS_NO_TOKEN
Definition: ntstatus.h:346
CCHAR KPROCESSOR_MODE
Definition: ketypes.h:7
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL Dacl
Definition: rtlfuncs.h:1553
POBJECT_TYPE PsThreadType
Definition: thread.c:20
PACCESS_TOKEN NTAPI PsReferencePrimaryToken(PEPROCESS Process)
Definition: security.c:440
Status
Definition: gdiplustypes.h:24
PACCESS_TOKEN NTAPI PsReferenceImpersonationToken(IN PETHREAD Thread, OUT PBOOLEAN CopyOnOpen, OUT PBOOLEAN EffectiveOnly, OUT PSECURITY_IMPERSONATION_LEVEL ImpersonationLevel)
Definition: security.c:782
FORCEINLINE ULONG ObpValidateAttributes(IN ULONG Attributes, IN KPROCESSOR_MODE PreviousMode)
Definition: ob_x.h:22
#define TAG_ACL
Definition: tag.h:174
_SEH2_END
Definition: create.c:4424
NTSTATUS NTAPI ObInsertObject(IN PVOID Object, IN PACCESS_STATE AccessState OPTIONAL, IN ACCESS_MASK DesiredAccess, IN ULONG ObjectPointerBias, OUT PVOID *NewObject OPTIONAL, OUT PHANDLE Handle)
Definition: obhandle.c:2932
_In_ PIO_STACK_LOCATION _Inout_ PFILE_OBJECT _Inout_ PVCB _Outptr_result_maybenull_ PDCB _In_ PDCB _In_ PDIRENT _In_ ULONG _In_ ULONG _In_ PUNICODE_STRING _In_ PACCESS_MASK DesiredAccess
Definition: create.c:4157
VOID FASTCALL ObFastDereferenceObject(IN PEX_FAST_REF FastRef, IN PVOID Object)
Definition: obref.c:169
#define ObReferenceObject
Definition: obfuncs.h:204
#define THREAD_QUERY_INFORMATION
Definition: pstypes.h:141
_In_ ACCESS_MASK _In_ BOOLEAN OpenAsSelf
Definition: zwfuncs.h:699
#define InitializeObjectAttributes(p, n, a, r, s)
Definition: reg.c:106
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:6
#define ExFreePoolWithTag(_P, _T)
Definition: module.h:1099
#define _SEH2_GetExceptionCode()
Definition: pseh2_64.h:12
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN EffectiveOnly
Definition: sefuncs.h:417
NTSTATUS NTAPI SepCreateImpersonationTokenDacl(_In_ PTOKEN Token, _In_ PTOKEN PrimaryToken, _Out_ PACL *Dacl)
Definition: acl.c:229
VOID NTAPI PsDereferenceImpersonationToken(IN PACCESS_TOKEN ImpersonationToken)
Definition: security.c:821

Referenced by NtOpenThreadToken(), and START_TEST().

◆ NtQueryInformationToken()

_Must_inspect_result_ __kernel_entry NTSTATUS NTAPI NtQueryInformationToken ( _In_ HANDLE  TokenHandle,
_In_ TOKEN_INFORMATION_CLASS  TokenInformationClass,
_Out_writes_bytes_to_opt_(TokenInformationLength, *ReturnLength) PVOID  TokenInformation,
_In_ ULONG  TokenInformationLength,
_Out_ PULONG  ReturnLength 
)

Definition at line 1839 of file token.c.

1846 {
1847  NTSTATUS Status;
1849  PTOKEN Token;
1851  union
1852  {
1853  PSID PSid;
1854  ULONG Ulong;
1855  } Unused;
1856 
1857  PAGED_CODE();
1858 
1860 
1861  /* Check buffers and class validity */
1865  TokenInformation,
1867  ReturnLength,
1868  NULL,
1869  PreviousMode);
1870  if (!NT_SUCCESS(Status))
1871  {
1872  DPRINT("NtQueryInformationToken() failed, Status: 0x%x\n", Status);
1873  return Status;
1874  }
1875 
1879  PreviousMode,
1880  (PVOID*)&Token,
1881  NULL);
1882  if (NT_SUCCESS(Status))
1883  {
1884  /* Lock the token */
1886 
1887  switch (TokenInformationClass)
1888  {
1889  case TokenUser:
1890  {
1891  PTOKEN_USER tu = (PTOKEN_USER)TokenInformation;
1892 
1893  DPRINT("NtQueryInformationToken(TokenUser)\n");
1894  RequiredLength = sizeof(TOKEN_USER) +
1895  RtlLengthSid(Token->UserAndGroups[0].Sid);
1896 
1897  _SEH2_TRY
1898  {
1900  {
1902  &Token->UserAndGroups[0],
1903  RequiredLength - sizeof(TOKEN_USER),
1904  &tu->User,
1905  (PSID)(tu + 1),
1906  &Unused.PSid,
1907  &Unused.Ulong);
1908  }
1909  else
1910  {
1912  }
1913 
1914  if (ReturnLength != NULL)
1915  {
1917  }
1918  }
1920  {
1922  }
1923  _SEH2_END;
1924 
1925  break;
1926  }
1927 
1928  case TokenGroups:
1929  {
1930  PTOKEN_GROUPS tg = (PTOKEN_GROUPS)TokenInformation;
1931 
1932  DPRINT("NtQueryInformationToken(TokenGroups)\n");
1933  RequiredLength = sizeof(tg->GroupCount) +
1934  RtlLengthSidAndAttributes(Token->UserAndGroupCount - 1, &Token->UserAndGroups[1]);
1935 
1936  _SEH2_TRY
1937  {
1939  {
1940  ULONG SidLen = RequiredLength - sizeof(tg->GroupCount) -
1941  ((Token->UserAndGroupCount - 1) * sizeof(SID_AND_ATTRIBUTES));
1942  PSID Sid = (PSID_AND_ATTRIBUTES)((ULONG_PTR)tg + sizeof(tg->GroupCount) +
1943  ((Token->UserAndGroupCount - 1) * sizeof(SID_AND_ATTRIBUTES)));
1944 
1945  tg->GroupCount = Token->UserAndGroupCount - 1;
1946  Status = RtlCopySidAndAttributesArray(Token->UserAndGroupCount - 1,
1947  &Token->UserAndGroups[1],
1948  SidLen,
1949  &tg->Groups[0],
1950  Sid,
1951  &Unused.PSid,
1952  &Unused.Ulong);
1953  }
1954  else
1955  {
1957  }
1958 
1959  if (ReturnLength != NULL)
1960  {
1962  }
1963  }
1965  {
1967  }
1968  _SEH2_END;
1969 
1970  break;
1971  }
1972 
1973  case TokenPrivileges:
1974  {
1975  PTOKEN_PRIVILEGES tp = (PTOKEN_PRIVILEGES)TokenInformation;
1976 
1977  DPRINT("NtQueryInformationToken(TokenPrivileges)\n");
1978  RequiredLength = sizeof(tp->PrivilegeCount) +
1979  (Token->PrivilegeCount * sizeof(LUID_AND_ATTRIBUTES));
1980 
1981  _SEH2_TRY
1982  {
1984  {
1985  tp->PrivilegeCount = Token->PrivilegeCount;
1986  RtlCopyLuidAndAttributesArray(Token->PrivilegeCount,
1987  Token->Privileges,
1988  &tp->Privileges[0]);
1989  }
1990  else
1991  {
1993  }
1994 
1995  if (ReturnLength != NULL)
1996  {
1998  }
1999  }
2001  {
2003  }
2004  _SEH2_END;
2005 
2006  break;
2007  }
2008 
2009  case TokenOwner:
2010  {
2011  PTOKEN_OWNER to = (PTOKEN_OWNER)TokenInformation;
2012  ULONG SidLen;
2013 
2014  DPRINT("NtQueryInformationToken(TokenOwner)\n");
2015  SidLen = RtlLengthSid(Token->UserAndGroups[Token->DefaultOwnerIndex].Sid);
2016  RequiredLength = sizeof(TOKEN_OWNER) + SidLen;
2017 
2018  _SEH2_TRY
2019  {
2021  {
2022  to->Owner = (PSID)(to + 1);
2023  Status = RtlCopySid(SidLen,
2024  to->Owner,
2025  Token->UserAndGroups[Token->DefaultOwnerIndex].Sid);
2026  }
2027  else
2028  {
2030  }
2031 
2032  if (ReturnLength != NULL)
2033  {
2035  }
2036  }
2038  {
2040  }
2041  _SEH2_END;
2042 
2043  break;
2044  }
2045 
2046  case TokenPrimaryGroup:
2047  {
2048  PTOKEN_PRIMARY_GROUP tpg = (PTOKEN_PRIMARY_GROUP)TokenInformation;
2049  ULONG SidLen;
2050 
2051  DPRINT("NtQueryInformationToken(TokenPrimaryGroup)\n");
2052  SidLen = RtlLengthSid(Token->PrimaryGroup);
2053  RequiredLength = sizeof(TOKEN_PRIMARY_GROUP) + SidLen;
2054 
2055  _SEH2_TRY
2056  {
2058  {
2059  tpg->PrimaryGroup = (PSID)(tpg + 1);
2060  Status = RtlCopySid(SidLen,
2061  tpg->PrimaryGroup,
2062  Token->PrimaryGroup);
2063  }
2064  else
2065  {
2067  }
2068 
2069  if (ReturnLength != NULL)
2070  {
2072  }
2073  }
2075  {
2077  }
2078  _SEH2_END;
2079 
2080  break;
2081  }
2082 
2083  case TokenDefaultDacl:
2084  {
2085  PTOKEN_DEFAULT_DACL tdd = (PTOKEN_DEFAULT_DACL)TokenInformation;
2086 
2087  DPRINT("NtQueryInformationToken(TokenDefaultDacl)\n");
2089 
2090  if (Token->DefaultDacl != NULL)
2091  RequiredLength += Token->DefaultDacl->AclSize;
2092 
2093  _SEH2_TRY
2094  {
2096  {
2097  if (Token->DefaultDacl != NULL)
2098  {
2099  tdd->DefaultDacl = (PACL)(tdd + 1);
2101  Token->DefaultDacl,
2102  Token->DefaultDacl->AclSize);
2103  }
2104  else
2105  {
2106  tdd->DefaultDacl = NULL;
2107  }
2108  }
2109  else
2110  {
2112  }
2113 
2114  if (ReturnLength != NULL)
2115  {
2117  }
2118  }
2120  {
2122  }
2123  _SEH2_END;
2124 
2125  break;
2126  }
2127 
2128  case TokenSource:
2129  {
2130  PTOKEN_SOURCE ts = (PTOKEN_SOURCE)TokenInformation;
2131 
2132  DPRINT("NtQueryInformationToken(TokenSource)\n");
2133  RequiredLength = sizeof(TOKEN_SOURCE);
2134 
2135  _SEH2_TRY
2136  {
2138  {
2139  *ts = Token->TokenSource;
2140  }
2141  else
2142  {
2144  }
2145 
2146  if (ReturnLength != NULL)
2147  {
2149  }
2150  }
2152  {
2154  }
2155  _SEH2_END;
2156 
2157  break;
2158  }
2159 
2160  case TokenType:
2161  {
2162  PTOKEN_TYPE tt = (PTOKEN_TYPE)TokenInformation;
2163 
2164  DPRINT("NtQueryInformationToken(TokenType)\n");
2165  RequiredLength = sizeof(TOKEN_TYPE);
2166 
2167  _SEH2_TRY
2168  {
2170  {
2171  *tt = Token->TokenType;
2172  }
2173  else
2174  {
2176  }
2177 
2178  if (ReturnLength != NULL)
2179  {
2181  }
2182  }
2184  {
2186  }
2187  _SEH2_END;
2188 
2189  break;
2190  }
2191 
2193  {
2195 
2196  DPRINT("NtQueryInformationToken(TokenImpersonationLevel)\n");
2197 
2198  /* Fail if the token is not an impersonation token */
2199  if (Token->TokenType != TokenImpersonation)
2200  {
2202  break;
2203  }
2204 
2206 
2207  _SEH2_TRY
2208  {
2210  {
2211  *sil = Token->ImpersonationLevel;
2212  }
2213  else
2214  {
2216  }
2217 
2218  if (ReturnLength != NULL)
2219  {
2221  }
2222  }
2224  {
2226  }
2227  _SEH2_END;
2228 
2229  break;
2230  }
2231 
2232  case TokenStatistics:
2233  {
2234  PTOKEN_STATISTICS ts = (PTOKEN_STATISTICS)TokenInformation;
2235 
2236  DPRINT("NtQueryInformationToken(TokenStatistics)\n");
2237  RequiredLength = sizeof(TOKEN_STATISTICS);
2238 
2239  _SEH2_TRY
2240  {
2242  {
2243  ts->TokenId = Token->TokenId;
2244  ts->AuthenticationId = Token->AuthenticationId;
2245  ts->ExpirationTime = Token->ExpirationTime;
2246  ts->TokenType = Token->TokenType;
2247  ts->ImpersonationLevel = Token->ImpersonationLevel;
2248  ts->DynamicCharged = Token->DynamicCharged;
2249  ts->DynamicAvailable = Token->DynamicAvailable;
2250  ts->GroupCount = Token->UserAndGroupCount - 1;
2251  ts->PrivilegeCount = Token->PrivilegeCount;
2252  ts->ModifiedId = Token->ModifiedId;
2253  }
2254  else
2255  {
2257  }
2258 
2259  if (ReturnLength != NULL)
2260  {
2262  }
2263  }
2265  {
2267  }
2268  _SEH2_END;
2269 
2270  break;
2271  }
2272 
2273  case TokenOrigin:
2274  {
2275  PTOKEN_ORIGIN to = (PTOKEN_ORIGIN)TokenInformation;
2276 
2277  DPRINT("NtQueryInformationToken(TokenOrigin)\n");
2278  RequiredLength = sizeof(TOKEN_ORIGIN);
2279 
2280  _SEH2_TRY
2281  {
2283  {
2285  &Token->AuthenticationId);
2286  }
2287  else
2288  {
2290  }
2291 
2292  if (ReturnLength != NULL)
2293  {
2295  }
2296  }
2298  {
2300  }
2301  _SEH2_END;
2302 
2303  break;
2304  }
2305 
2307  DPRINT1("NtQueryInformationToken(TokenGroupsAndPrivileges) not implemented\n");
2309  break;
2310 
2311  case TokenRestrictedSids:
2312  {
2313  PTOKEN_GROUPS tg = (PTOKEN_GROUPS)TokenInformation;
2314 
2315  DPRINT("NtQueryInformationToken(TokenRestrictedSids)\n");
2316  RequiredLength = sizeof(tg->GroupCount) +
2317  RtlLengthSidAndAttributes(Token->RestrictedSidCount, Token->RestrictedSids);
2318 
2319  _SEH2_TRY
2320  {
2322  {
2323  ULONG SidLen = RequiredLength - sizeof(tg->GroupCount) -
2324  (Token->RestrictedSidCount * sizeof(SID_AND_ATTRIBUTES));
2325  PSID Sid = (PSID)((ULONG_PTR)tg + sizeof(tg->GroupCount) +
2326  (Token->RestrictedSidCount * sizeof(SID_AND_ATTRIBUTES)));
2327 
2328  tg->GroupCount = Token->RestrictedSidCount;
2329  Status = RtlCopySidAndAttributesArray(Token->RestrictedSidCount,
2330  Token->RestrictedSids,
2331  SidLen,
2332  &tg->Groups[0],
2333  Sid,
2334  &Unused.PSid,
2335  &Unused.Ulong);
2336  }
2337  else
2338  {
2340  }
2341 
2342  if (ReturnLength != NULL)
2343  {
2345  }
2346  }
2348  {
2350  }
2351  _SEH2_END;
2352 
2353  break;
2354  }
2355 
2356  case TokenSandBoxInert:
2357  DPRINT1("NtQueryInformationToken(TokenSandboxInert) not implemented\n");
2359  break;
2360 
2361  case TokenSessionId:
2362  {
2363  ULONG SessionId = 0;
2364 
2365  DPRINT("NtQueryInformationToken(TokenSessionId)\n");
2366 
2368  if (NT_SUCCESS(Status))
2369  {
2370  _SEH2_TRY
2371  {
2372  /* Buffer size was already verified, no need to check here again */
2373  *(PULONG)TokenInformation = SessionId;
2374 
2375  if (ReturnLength != NULL)
2376  {
2377  *ReturnLength = sizeof(ULONG);
2378  }
2379  }
2381  {
2383  }
2384  _SEH2_END;
2385  }
2386 
2387  break;
2388  }
2389 
2390  default:
2391  DPRINT1("NtQueryInformationToken(%d) invalid information class\n", TokenInformationClass);
2393  break;
2394  }
2395 
2396  /* Unlock and dereference the token */
2399  }
2400 
2401  return Status;
2402 }
enum _SECURITY_IMPERSONATION_LEVEL * PSECURITY_IMPERSONATION_LEVEL
IN CINT OUT PVOID IN ULONG OUT PULONG ReturnLength
Definition: dumpinfo.c:39
_Must_inspect_result_ typedef _In_ PVOID Unused
Definition: iotypes.h:1129
NTSYSAPI VOID NTAPI RtlCopyMemory(VOID UNALIGNED *Destination, CONST VOID UNALIGNED *Source, ULONG Length)
#define STATUS_NOT_IMPLEMENTED
Definition: ntstatus.h:225
struct _TOKEN_PRIMARY_GROUP * PTOKEN_PRIMARY_GROUP
_In_ TOKEN_INFORMATION_CLASS _In_ ULONG TokenInformationLength
Definition: sefuncs.h:320
struct _TOKEN_DEFAULT_DACL TOKEN_DEFAULT_DACL
enum _TOKEN_TYPE * PTOKEN_TYPE
NTSTATUS NTAPI SeQuerySessionIdToken(IN PACCESS_TOKEN Token, IN PULONG pSessionId)
Definition: token.c:1731
ULONG SessionId
Definition: dllmain.c:28
NTSYSAPI NTSTATUS NTAPI RtlCopySidAndAttributesArray(_In_ ULONG Count, _In_ PSID_AND_ATTRIBUTES Src, _In_ ULONG SidAreaSize, _In_ PSID_AND_ATTRIBUTES Dest, _In_ PSID SidArea, _Out_ PSID *RemainingSidArea, _Out_ PULONG RemainingSidAreaSize)
LONG NTSTATUS
Definition: precomp.h:26
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
KPROCESSOR_MODE NTAPI ExGetPreviousMode(VOID)
Definition: sysinfo.c:3066
VOID NTAPI ObDereferenceObject(IN PVOID Object)
Definition: obref.c:375
NTSYSAPI void WINAPI RtlCopyLuid(PLUID, const LUID *)
struct _TOKEN_USER TOKEN_USER
#define PAGED_CODE()
Definition: video.h:57
#define STATUS_BUFFER_TOO_SMALL
Definition: shellext.h:69
_SEH2_TRY
Definition: create.c:4250
uint32_t ULONG_PTR
Definition: typedefs.h:63
NTSTATUS NTAPI ObReferenceObjectByHandle(IN HANDLE Handle, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, OUT PVOID *Object, OUT POBJECT_HANDLE_INFORMATION HandleInformation OPTIONAL)
Definition: obref.c:496
struct _TOKEN_DEFAULT_DACL * PTOKEN_DEFAULT_DACL
NTSYSAPI VOID NTAPI RtlCopyLuidAndAttributesArray(ULONG Count, PLUID_AND_ATTRIBUTES Src, PLUID_AND_ATTRIBUTES Dest)
Definition: luid.c:33
enum _SECURITY_IMPERSONATION_LEVEL SECURITY_IMPERSONATION_LEVEL
struct _TOKEN_ORIGIN * PTOKEN_ORIGIN
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:85
static const char * ts(int t)
smooth NULL
Definition: ftsmooth.c:416
POBJECT_TYPE SeTokenObjectType
Definition: token.c:34
_In_ ULONG _In_ ACCESS_MASK _In_ PSID Sid
Definition: rtlfuncs.h:1104
PSID Owner
Definition: setypes.h:974
void DPRINT(...)
Definition: polytest.cpp:61
_In_ ACCESS_MASK _In_ ULONG _Out_ PHANDLE TokenHandle
Definition: psfuncs.h:715
NTSYSAPI ULONG NTAPI RtlLengthSid(IN PSID Sid)
Definition: sid.c:150
struct _TOKEN_GROUPS * PTOKEN_GROUPS
LUID OriginatingLogonSession
Definition: setypes.h:1053
_In_ uint64_t _In_ uint64_t _In_ uint64_t _In_opt_ traverse_ptr * tp
Definition: btrfs.c:2855
struct _ACL * PACL
Definition: security.c:104
struct _SID_AND_ATTRIBUTES * PSID_AND_ATTRIBUTES
Definition: security.c:129
_In_ KPROCESSOR_MODE PreviousMode
Definition: sefuncs.h:103
struct _TOKEN_SOURCE * PTOKEN_SOURCE
#define TOKEN_QUERY
Definition: setypes.h:874
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
struct _TOKEN_OWNER TOKEN_OWNER
struct _TOKEN_SOURCE TOKEN_SOURCE
struct _SID_AND_ATTRIBUTES SID_AND_ATTRIBUTES
#define TOKEN_QUERY_SOURCE
Definition: setypes.h:875
CCHAR KPROCESSOR_MODE
Definition: ketypes.h:7
struct _SID * PSID
Definition: eventlog.c:35
struct _TOKEN_OWNER * PTOKEN_OWNER
struct _TOKEN_PRIVILEGES * PTOKEN_PRIVILEGES
struct _TOKEN_STATISTICS * PTOKEN_STATISTICS
#define STATUS_INVALID_INFO_CLASS
Definition: ntstatus.h:226
#define SepReleaseTokenLock(Token)
Definition: se.h:211
static __inline NTSTATUS DefaultQueryInfoBufferCheck(ULONG Class, const INFORMATION_CLASS_INFO *ClassList, ULONG ClassListEntries, PVOID Buffer, ULONG BufferLength, PULONG ReturnLength, PULONG_PTR ReturnLengthPtr, KPROCESSOR_MODE PreviousMode)
Definition: probe.h:59
enum _TOKEN_TYPE TOKEN_TYPE
Status
Definition: gdiplustypes.h:24
_SEH2_END
Definition: create.c:4424
#define RTL_NUMBER_OF(x)
Definition: RtlRegistry.c:12
_In_ ULONG _Out_opt_ PULONG RequiredLength
Definition: wmifuncs.h:29
SID_AND_ATTRIBUTES Groups[ANYSIZE_ARRAY]
Definition: setypes.h:964
unsigned int * PULONG
Definition: retypes.h:1
#define DPRINT1
Definition: precomp.h:8
$ULONG GroupCount
Definition: setypes.h:960
#define SepAcquireTokenLockShared(Token)
Definition: se.h:205
unsigned int ULONG
Definition: retypes.h:1
struct _TOKEN_USER * PTOKEN_USER
SID_AND_ATTRIBUTES User
Definition: setypes.h:956
static const INFORMATION_CLASS_INFO SeTokenInformationClass[]
Definition: token.c:48
static ULONG RtlLengthSidAndAttributes(ULONG Count, PSID_AND_ATTRIBUTES Src)
Definition: token.c:328
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:6
#define _SEH2_GetExceptionCode()
Definition: pseh2_64.h:12
NTSYSAPI BOOLEAN WINAPI RtlCopySid(DWORD, PSID, PSID)
struct _TOKEN_STATISTICS TOKEN_STATISTICS
unsigned long Ulong
Definition: utypes.h:42
struct _TOKEN_PRIMARY_GROUP TOKEN_PRIMARY_GROUP
_In_ TOKEN_INFORMATION_CLASS TokenInformationClass
Definition: sefuncs.h:318
struct _TOKEN_ORIGIN TOKEN_ORIGIN
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN _In_ TOKEN_TYPE TokenType
Definition: sefuncs.h:417

Referenced by CreateProcessAsUserCommon(), CsrGetProcessLuid(), CsrSetProcessSecurity(), DoAdminUnlock(), GetCallerLuid(), GetSiteSidFromToken(), GetTokenInformation(), GetUserSid(), GetUserSidStringFromToken(), ImpersonateLoggedOnUser(), IsTokenRestricted(), LsapIsTrustedClient(), PlayLogonSoundThread(), RegOpenUserClassesRoot(), RtlDefaultNpAcl(), RtlNewInstanceSecurityObject(), and RtlNewSecurityGrantedAccess().

◆ NtSetInformationToken()

_Must_inspect_result_ __kernel_entry NTSTATUS NTAPI NtSetInformationToken ( _In_ HANDLE  TokenHandle,
_In_ TOKEN_INFORMATION_CLASS  TokenInformationClass,
_In_reads_bytes_(TokenInformationLength) PVOID  TokenInformation,
_In_ ULONG  TokenInformationLength 
)

Definition at line 2414 of file token.c.

2419 {
2420  NTSTATUS Status;
2421  PTOKEN Token;
2423  ULONG NeededAccess = TOKEN_ADJUST_DEFAULT;
2424 
2425  PAGED_CODE();
2426 
2428 
2432  TokenInformation,
2434  PreviousMode);
2435  if (!NT_SUCCESS(Status))
2436  {
2437  /* Invalid buffers */
2438  DPRINT("NtSetInformationToken() failed, Status: 0x%x\n", Status);
2439  return Status;
2440  }
2441 
2443  {
2444  NeededAccess |= TOKEN_ADJUST_SESSIONID;
2445  }
2446 
2448  NeededAccess,
2450  PreviousMode,
2451  (PVOID*)&Token,
2452  NULL);
2453  if (NT_SUCCESS(Status))
2454  {
2455  switch (TokenInformationClass)
2456  {
2457  case TokenOwner:
2458  {
2459  if (TokenInformationLength >= sizeof(TOKEN_OWNER))
2460  {
2461  PTOKEN_OWNER to = (PTOKEN_OWNER)TokenInformation;
2462  PSID InputSid = NULL, CapturedSid;
2463  ULONG DefaultOwnerIndex;
2464 
2465  _SEH2_TRY
2466  {
2467  InputSid = to->Owner;
2468  }
2470  {
2472  _SEH2_YIELD(goto Cleanup);
2473  }
2474  _SEH2_END;
2475 
2476  Status = SepCaptureSid(InputSid,
2477  PreviousMode,
2478  PagedPool,
2479  FALSE,
2480  &CapturedSid);
2481  if (NT_SUCCESS(Status))
2482  {
2483  /* Lock the token */
2485 
2486  /* Find the owner amongst the existing token user and groups */
2488  NULL,
2489  CapturedSid,
2490  NULL,
2491  &DefaultOwnerIndex);
2492  if (NT_SUCCESS(Status))
2493  {
2494  /* Found it */
2495  Token->DefaultOwnerIndex = DefaultOwnerIndex;
2496  ExAllocateLocallyUniqueId(&Token->ModifiedId);
2497  }
2498 
2499  /* Unlock the token */
2501 
2502  SepReleaseSid(CapturedSid,
2503  PreviousMode,
2504  FALSE);
2505  }
2506  }
2507  else
2508  {
2510  }
2511  break;
2512  }
2513 
2514  case TokenPrimaryGroup:
2515  {
2517  {
2518  PTOKEN_PRIMARY_GROUP tpg = (PTOKEN_PRIMARY_GROUP)TokenInformation;
2519  PSID InputSid = NULL, CapturedSid;
2520  ULONG PrimaryGroupIndex;
2521 
2522  _SEH2_TRY
2523  {
2524  InputSid = tpg->PrimaryGroup;
2525  }
2527  {
2529  _SEH2_YIELD(goto Cleanup);
2530  }
2531  _SEH2_END;
2532 
2533  Status = SepCaptureSid(InputSid,
2534  PreviousMode,
2535  PagedPool,
2536  FALSE,
2537  &CapturedSid);
2538  if (NT_SUCCESS(Status))
2539  {
2540  /* Lock the token */
2542 
2543  /* Find the primary group amongst the existing token user and groups */
2545  CapturedSid,
2546  NULL,
2547  &PrimaryGroupIndex,
2548  NULL);
2549  if (NT_SUCCESS(Status))
2550  {
2551  /* Found it */
2552  Token->PrimaryGroup = Token->UserAndGroups[PrimaryGroupIndex].Sid;
2553  ExAllocateLocallyUniqueId(&Token->ModifiedId);
2554  }
2555 
2556  /* Unlock the token */
2558 
2559  SepReleaseSid(CapturedSid,
2560  PreviousMode,
2561  FALSE);
2562  }
2563  }
2564  else
2565  {
2567  }
2568  break;
2569  }
2570 
2571  case TokenDefaultDacl:
2572  {
2574  {
2575  PTOKEN_DEFAULT_DACL tdd = (PTOKEN_DEFAULT_DACL)TokenInformation;
2576  PACL InputAcl = NULL;
2577 
2578  _SEH2_TRY
2579  {
2580  InputAcl = tdd->DefaultDacl;
2581  }
2583  {
2585  _SEH2_YIELD(goto Cleanup);
2586  }
2587  _SEH2_END;
2588 
2589  if (InputAcl != NULL)
2590  {
2591  PACL CapturedAcl;
2592 
2593  /* Capture and copy the dacl */
2594  Status = SepCaptureAcl(InputAcl,
2595  PreviousMode,
2596  PagedPool,
2597  TRUE,
2598  &CapturedAcl);
2599  if (NT_SUCCESS(Status))
2600  {
2601  ULONG DynamicLength;
2602 
2603  /* Lock the token */
2605 
2606  //
2607  // NOTE: So far our dynamic area only contains
2608  // the default dacl, so this makes the following
2609  // code pretty simple. The day where it stores
2610  // other data, the code will require adaptations.
2611  //
2612 
2613  DynamicLength = Token->DynamicAvailable;
2614  // Add here any other data length present in the dynamic area...
2615  if (Token->DefaultDacl)
2616  DynamicLength += Token->DefaultDacl->AclSize;
2617 
2618  /* Reallocate the dynamic area if it is too small */
2620  if ((DynamicLength < CapturedAcl->AclSize) ||
2621  (Token->DynamicPart == NULL))
2622  {
2623  PVOID NewDynamicPart;
2624 
2625  NewDynamicPart = ExAllocatePoolWithTag(PagedPool,
2626  CapturedAcl->AclSize,
2628  if (NewDynamicPart == NULL)
2629  {
2631  }
2632  else
2633  {
2634  if (Token->DynamicPart != NULL)
2635  {
2636  // RtlCopyMemory(NewDynamicPart, Token->DynamicPart, DynamicLength);
2637  ExFreePoolWithTag(Token->DynamicPart, TAG_TOKEN_DYNAMIC);
2638  }
2639  Token->DynamicPart = NewDynamicPart;
2640  Token->DynamicAvailable = 0;
2641  }
2642  }
2643  else
2644  {
2645  Token->DynamicAvailable = DynamicLength - CapturedAcl->AclSize;
2646  }
2647 
2648  if (NT_SUCCESS(Status))
2649  {
2650  /* Set the new dacl */
2651  Token->DefaultDacl = (PVOID)Token->DynamicPart;
2652  RtlCopyMemory(Token->DefaultDacl,
2653  CapturedAcl,
2654  CapturedAcl->AclSize);
2655 
2656  ExAllocateLocallyUniqueId(&Token->ModifiedId);
2657  }
2658 
2659  /* Unlock the token */
2661 
2662  ExFreePoolWithTag(CapturedAcl, TAG_ACL);
2663  }
2664  }
2665  else
2666  {
2667  /* Lock the token */
2669 
2670  /* Clear the default dacl if present */
2671  if (Token->DefaultDacl != NULL)
2672  {
2673  Token->DynamicAvailable += Token->DefaultDacl->AclSize;
2674  RtlZeroMemory(Token->DefaultDacl, Token->DefaultDacl->AclSize);
2675  Token->DefaultDacl = NULL;
2676 
2677  ExAllocateLocallyUniqueId(&Token->ModifiedId);
2678  }
2679 
2680  /* Unlock the token */
2682  }
2683  }
2684  else
2685  {
2687  }
2688  break;
2689  }
2690 
2691  case TokenSessionId:
2692  {
2693  ULONG SessionId = 0;
2694 
2695  _SEH2_TRY
2696  {
2697  /* Buffer size was already verified, no need to check here again */
2698  SessionId = *(PULONG)TokenInformation;
2699  }
2701  {
2703  _SEH2_YIELD(goto Cleanup);
2704  }
2705  _SEH2_END;
2706 
2707  /* Check for TCB privilege */
2709  {
2711  break;
2712  }
2713 
2714  /* Lock the token */
2716 
2717  Token->SessionId = SessionId;
2718  ExAllocateLocallyUniqueId(&Token->ModifiedId);
2719 
2720  /* Unlock the token */
2722 
2723  break;
2724  }
2725 
2726  case TokenSessionReference:
2727  {
2728  ULONG SessionReference;
2729 
2730  _SEH2_TRY
2731  {
2732  /* Buffer size was already verified, no need to check here again */
2733  SessionReference = *(PULONG)TokenInformation;
2734  }
2736  {
2738  _SEH2_YIELD(goto Cleanup);
2739  }
2740  _SEH2_END;
2741 
2742  /* Check for TCB privilege */
2744  {
2746  goto Cleanup;
2747  }
2748 
2749  /* Check if it is 0 */
2750  if (SessionReference == 0)
2751  {
2752  ULONG OldTokenFlags;
2753 
2754  /* Lock the token */
2756 
2757  /* Atomically set the flag in the token */
2758  OldTokenFlags = RtlInterlockedSetBits(&Token->TokenFlags,
2760  /*
2761  * If the flag was already set, do not dereference again
2762  * the logon session. Use SessionReference as an indicator
2763  * to know whether to really dereference the session.
2764  */
2765  if (OldTokenFlags == Token->TokenFlags)
2766  SessionReference = ULONG_MAX;
2767 
2768  /* Unlock the token */
2770  }
2771 
2772  /* Dereference the logon session if needed */
2773  if (SessionReference == 0)
2774  SepRmDereferenceLogonSession(&Token->AuthenticationId);
2775 
2776  break;
2777  }
2778 
2779  case TokenAuditPolicy:
2780  {
2781  PTOKEN_AUDIT_POLICY_INFORMATION PolicyInformation =
2782  (PTOKEN_AUDIT_POLICY_INFORMATION)TokenInformation;
2783  SEP_AUDIT_POLICY AuditPolicy;
2784  ULONG i;
2785 
2786  _SEH2_TRY
2787  {
2788  ProbeForRead(PolicyInformation,
2790  Policies[PolicyInformation->PolicyCount]),
2791  sizeof(ULONG));
2792 
2793  /* Loop all policies in the structure */
2794  for (i = 0; i < PolicyInformation->PolicyCount; i++)
2795  {
2796  /* Set the corresponding bits in the packed structure */
2797  switch (PolicyInformation->Policies[i].Category)
2798  {
2799  case AuditCategorySystem:
2800  AuditPolicy.PolicyElements.System = PolicyInformation->Policies[i].Value;
2801  break;
2802 
2803  case AuditCategoryLogon:
2804  AuditPolicy.PolicyElements.Logon = PolicyInformation->Policies[i].Value;
2805  break;
2806 
2808  AuditPolicy.PolicyElements.ObjectAccess = PolicyInformation->Policies[i].Value;
2809  break;
2810 
2812  AuditPolicy.PolicyElements.PrivilegeUse = PolicyInformation->Policies[i].Value;
2813  break;
2814 
2816  AuditPolicy.PolicyElements.DetailedTracking = PolicyInformation->Policies[i].Value;
2817  break;
2818 
2820  AuditPolicy.PolicyElements.PolicyChange = PolicyInformation->Policies[i].Value;
2821  break;
2822 
2824  AuditPolicy.PolicyElements.AccountManagement = PolicyInformation->Policies[i].Value;
2825  break;
2826 
2828  AuditPolicy.PolicyElements.DirectoryServiceAccess = PolicyInformation->Policies[i].Value;
2829  break;
2830 
2832  AuditPolicy.PolicyElements.AccountLogon = PolicyInformation->Policies[i].Value;
2833  break;
2834  }
2835  }
2836  }
2838  {
2840  _SEH2_YIELD(goto Cleanup);
2841  }
2842  _SEH2_END;
2843 
2844  /* Check for TCB privilege */
2846  {
2848  break;
2849  }
2850 
2851  /* Lock the token */
2853 
2854  /* Set the new audit policy */
2855  Token->AuditPolicy = AuditPolicy;
2856  ExAllocateLocallyUniqueId(&Token->ModifiedId);
2857 
2858  /* Unlock the token */
2860 
2861  break;
2862  }
2863 
2864  case TokenOrigin:
2865  {
2867 
2868  _SEH2_TRY
2869  {
2870  /* Copy the token origin */
2871  TokenOrigin = *(PTOKEN_ORIGIN)TokenInformation;
2872  }
2874  {
2876  _SEH2_YIELD(goto Cleanup);
2877  }
2878  _SEH2_END;
2879 
2880  /* Check for TCB privilege */
2882  {
2884  break;
2885  }
2886 
2887  /* Lock the token */
2889 
2890  /* Check if there is no token origin set yet */
2891  if (RtlIsZeroLuid(&Token->OriginatingLogonSession))
2892  {
2893  /* Set the token origin */
2894  Token->OriginatingLogonSession =
2895  TokenOrigin.OriginatingLogonSession;
2896 
2897  ExAllocateLocallyUniqueId(&Token->ModifiedId);
2898  }
2899 
2900  /* Unlock the token */
2902 
2903  break;
2904  }
2905 
2906  default:
2907  {
2908  DPRINT1("Invalid TokenInformationClass: 0x%lx\n",
2911  break;
2912  }
2913  }
2914 Cleanup:
2916  }
2917 
2918  if (!NT_SUCCESS(Status))
2919  {
2920  DPRINT1("NtSetInformationToken failed with Status 0x%lx\n", Status);
2921  }
2922 
2923  return Status;
2924 }
#define SepAcquireTokenLockExclusive(Token)
Definition: se.h:200
static NTSTATUS SepFindPrimaryGroupAndDefaultOwner(_In_ PTOKEN Token, _In_ PSID PrimaryGroup, _In_opt_ PSID DefaultOwner, _Out_opt_ PULONG PrimaryGroupIndex, _Out_opt_ PULONG DefaultOwnerIndex)
Definition: token.c:345
#define STATUS_PRIVILEGE_NOT_HELD
Definition: DriverTester.h:9
#define TRUE
Definition: types.h:120
NTSYSAPI VOID NTAPI RtlCopyMemory(VOID UNALIGNED *Destination, CONST VOID UNALIGNED *Source, ULONG Length)
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
#define STATUS_INFO_LENGTH_MISMATCH
Definition: udferr_usr.h:133
struct _TOKEN_PRIMARY_GROUP * PTOKEN_PRIMARY_GROUP
_In_ TOKEN_INFORMATION_CLASS _In_ ULONG TokenInformationLength
Definition: sefuncs.h:320
USHORT AclSize
Definition: ms-dtyp.idl:296
ULONG SessionId
Definition: dllmain.c:28
LONG NTSTATUS
Definition: precomp.h:26
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
BOOLEAN NTAPI SeSinglePrivilegeCheck(IN LUID PrivilegeValue, IN KPROCESSOR_MODE PreviousMode)
Definition: priv.c:524
KPROCESSOR_MODE NTAPI ExGetPreviousMode(VOID)
Definition: sysinfo.c:3066
struct _TOKEN_AUDIT_POLICY_INFORMATION::@1777 Policies[1]
VOID NTAPI ObDereferenceObject(IN PVOID Object)
Definition: obref.c:375
static __inline NTSTATUS DefaultSetInfoBufferCheck(ULONG Class, const INFORMATION_CLASS_INFO *ClassList, ULONG ClassListEntries, PVOID Buffer, ULONG BufferLength, KPROCESSOR_MODE PreviousMode)
Definition: probe.h:8
#define PAGED_CODE()
Definition: video.h:57
_SEH2_TRY
Definition: create.c:4250
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
NTSTATUS NTAPI ObReferenceObjectByHandle(IN HANDLE Handle, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, OUT PVOID *Object, OUT POBJECT_HANDLE_INFORMATION HandleInformation OPTIONAL)
Definition: obref.c:496
struct _TOKEN_DEFAULT_DACL * PTOKEN_DEFAULT_DACL
struct _TOKEN_ORIGIN * PTOKEN_ORIGIN
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:85
smooth NULL
Definition: ftsmooth.c:416
POBJECT_TYPE SeTokenObjectType
Definition: token.c:34
NTSTATUS NTAPI SepCaptureAcl(IN PACL InputAcl, IN KPROCESSOR_MODE AccessMode, IN POOL_TYPE PoolType, IN BOOLEAN CaptureIfKernel, OUT PACL *CapturedAcl)
Definition: acl.c:277
PSID Owner
Definition: setypes.h:974
void DPRINT(...)
Definition: polytest.cpp:61
#define TOKEN_ADJUST_DEFAULT
Definition: setypes.h:878
_In_ ACCESS_MASK _In_ ULONG _Out_ PHANDLE TokenHandle
Definition: psfuncs.h:715
void * PVOID
Definition: retypes.h:9
NTSTATUS SepRmDereferenceLogonSession(PLUID LogonLuid)
Definition: srm.c:664
_In_ KPROCESSOR_MODE PreviousMode
Definition: sefuncs.h:103
#define _SEH2_YIELD(STMT_)
Definition: pseh2_64.h:8
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
struct _TOKEN_AUDIT_POLICY_INFORMATION * PTOKEN_AUDIT_POLICY_INFORMATION
#define RtlIsZeroLuid(_L1)
Definition: rtlfuncs.h:753
SEP_AUDIT_POLICY_CATEGORIES PolicyElements
Definition: setypes.h:137
CCHAR KPROCESSOR_MODE
Definition: ketypes.h:7
#define ExAllocatePoolWithTag(hernya, size, tag)
Definition: env_spec_w32.h:350
struct _TOKEN_OWNER * PTOKEN_OWNER
VOID NTAPI ProbeForRead(IN CONST VOID *Address, IN SIZE_T Length, IN ULONG Alignment)
Definition: exintrin.c:102
#define STATUS_INVALID_INFO_CLASS
Definition: ntstatus.h:226
#define SepReleaseTokenLock(Token)
Definition: se.h:211
#define TAG_TOKEN_DYNAMIC
Definition: tag.h:180
static const WCHAR Cleanup[]
Definition: register.c:80
Status
Definition: gdiplustypes.h:24
const LUID SeTcbPrivilege
Definition: priv.c:28
#define TAG_ACL
Definition: tag.h:174
_SEH2_END
Definition: create.c:4424
#define RTL_NUMBER_OF(x)
Definition: RtlRegistry.c:12
VOID NTAPI ExAllocateLocallyUniqueId(OUT LUID *LocallyUniqueId)
Definition: uuid.c:340
#define FIELD_OFFSET(t, f)
Definition: typedefs.h:254
unsigned int * PULONG
Definition: retypes.h:1
VOID NTAPI SepReleaseSid(IN PSID CapturedSid, IN KPROCESSOR_MODE AccessMode, IN BOOLEAN CaptureIfKernel)
Definition: sid.c:342
#define DPRINT1
Definition: precomp.h:8
#define RtlInterlockedSetBits(Flags, Flag)
Definition: rtlfuncs.h:3436
unsigned int ULONG
Definition: retypes.h:1
#define RtlZeroMemory(Destination, Length)
Definition: typedefs.h:261
static const INFORMATION_CLASS_INFO SeTokenInformationClass[]
Definition: token.c:48
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:6
#define ExFreePoolWithTag(_P, _T)
Definition: module.h:1099
#define _SEH2_GetExceptionCode()
Definition: pseh2_64.h:12
return STATUS_SUCCESS
Definition: btrfs.c:2938
#define TOKEN_ADJUST_SESSIONID
Definition: setypes.h:879
NTSTATUS NTAPI SepCaptureSid(IN PSID InputSid, IN KPROCESSOR_MODE AccessMode, IN POOL_TYPE PoolType, IN BOOLEAN CaptureIfKernel, OUT PSID *CapturedSid)
Definition: sid.c:274
#define TOKEN_SESSION_NOT_REFERENCED
Definition: setypes.h:1130
_In_ TOKEN_INFORMATION_CLASS TokenInformationClass
Definition: sefuncs.h:318
#define ULONG_MAX
Definition: limits.h:44

Referenced by SetTokenInformation().

◆ RtlLengthSidAndAttributes()

static ULONG RtlLengthSidAndAttributes ( ULONG  Count,
PSID_AND_ATTRIBUTES  Src 
)
static

Definition at line 328 of file token.c.

330 {
331  ULONG i;
332  ULONG uLength;
333 
334  PAGED_CODE();
335 
336  uLength = Count * sizeof(SID_AND_ATTRIBUTES);
337  for (i = 0; i < Count; i++)
338  uLength += RtlLengthSid(Src[i].Sid);
339 
340  return uLength;
341 }
_Inout_ __drv_aliasesMem PSLIST_ENTRY _Inout_ PSLIST_ENTRY _In_ ULONG Count
Definition: exfuncs.h:1015
#define PAGED_CODE()
Definition: video.h:57
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
_In_ ULONG _In_ ACCESS_MASK _In_ PSID Sid
Definition: rtlfuncs.h:1104
NTSYSAPI ULONG NTAPI RtlLengthSid(IN PSID Sid)
Definition: sid.c:150
struct _SID_AND_ATTRIBUTES SID_AND_ATTRIBUTES
unsigned int ULONG
Definition: retypes.h:1

Referenced by NtQueryInformationToken(), and SeQueryInformationToken().

◆ SeAssignPrimaryToken()

VOID NTAPI SeAssignPrimaryToken ( IN PEPROCESS  Process,
IN PTOKEN  Token 
)

Definition at line 862 of file token.c.

864 {
865  PAGED_CODE();
866 
867  /* Sanity checks */
868  ASSERT(Token->TokenType == TokenPrimary);
869  ASSERT(!Token->TokenInUse);
870 
871  /* Clean any previous token */
872  if (Process->Token.Object) SeDeassignPrimaryToken(Process);
873 
874  /* Set the new token */
876  Token->TokenInUse = TRUE;
878 }
#define TRUE
Definition: types.h:120
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
#define PAGED_CODE()
Definition: video.h:57
VOID FASTCALL ObInitializeFastReference(IN PEX_FAST_REF FastRef, IN PVOID Object)
Definition: obref.c:109
ASSERT((InvokeOnSuccess||InvokeOnError||InvokeOnCancel) ?(CompletionRoutine !=NULL) :TRUE)
VOID NTAPI SeDeassignPrimaryToken(PEPROCESS Process)
Definition: token.c:313
_Must_inspect_result_ _In_ PLARGE_INTEGER _In_ PLARGE_INTEGER _In_ ULONG _In_ PFILE_OBJECT _In_ PVOID Process
Definition: fsrtlfuncs.h:219
#define ObReferenceObject
Definition: obfuncs.h:204

Referenced by PspInitializeProcessSecurity().

◆ SeCopyClientToken()

NTSTATUS NTAPI SeCopyClientToken ( IN PACCESS_TOKEN  Token,
IN SECURITY_IMPERSONATION_LEVEL  Level,
IN KPROCESSOR_MODE  PreviousMode,
OUT PACCESS_TOKEN NewToken 
)

Definition at line 788 of file token.c.

792 {
795 
796  PAGED_CODE();
797 
799  NULL,
800  0,
801  NULL,
802  NULL);
803 
806  FALSE,
808  Level,
809  PreviousMode,
810  (PTOKEN*)NewToken);
811 
812  return Status;
813 }
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:35
LONG NTSTATUS
Definition: precomp.h:26
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
_IRQL_requires_same_ typedef _In_ ULONG _In_ UCHAR Level
Definition: wmitypes.h:55
#define PAGED_CODE()
Definition: video.h:57
NTSTATUS NTAPI SepDuplicateToken(_In_ PTOKEN Token, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ BOOLEAN EffectiveOnly, _In_ TOKEN_TYPE TokenType, _In_ SECURITY_IMPERSONATION_LEVEL Level, _In_ KPROCESSOR_MODE PreviousMode, _Out_ PTOKEN *NewAccessToken)
Definition: token.c:441
smooth NULL
Definition: ftsmooth.c:416
_In_ KPROCESSOR_MODE PreviousMode
Definition: sefuncs.h:103
Status
Definition: gdiplustypes.h:24
#define InitializeObjectAttributes(p, n, a, r, s)
Definition: reg.c:106

Referenced by SepCreateClientSecurity().

◆ SeDeassignPrimaryToken()

VOID NTAPI SeDeassignPrimaryToken ( PEPROCESS  Process)

Definition at line 313 of file token.c.

314 {
315  PTOKEN OldToken;
316 
317  /* Remove the Token */
318  OldToken = ObFastReplaceObject(&Process->Token, NULL);
319 
320  /* Mark the Old Token as free */
321  OldToken->TokenInUse = FALSE;
322 
323  /* Dereference the Token */
324  ObDereferenceObject(OldToken);
325 }
VOID NTAPI ObDereferenceObject(IN PVOID Object)
Definition: obref.c:375
smooth NULL
Definition: ftsmooth.c:416
PVOID FASTCALL ObFastReplaceObject(IN PEX_FAST_REF FastRef, IN PVOID Object)
BOOLEAN TokenInUse
Definition: setypes.h:178
_Must_inspect_result_ _In_ PLARGE_INTEGER _In_ PLARGE_INTEGER _In_ ULONG _In_ PFILE_OBJECT _In_ PVOID Process
Definition: fsrtlfuncs.h:219

Referenced by SeAssignPrimaryToken().

◆ SeExchangePrimaryToken()

NTSTATUS NTAPI SeExchangePrimaryToken ( _In_ PEPROCESS  Process,
_In_ PACCESS_TOKEN  NewAccessToken,
_Out_ PACCESS_TOKEN OldAccessToken 
)

Definition at line 234 of file token.c.

238 {
239  PTOKEN OldToken;
240  PTOKEN NewToken = (PTOKEN)NewAccessToken;
241 
242  PAGED_CODE();
243 
244  if (NewToken->TokenType != TokenPrimary)
245  return STATUS_BAD_TOKEN_TYPE;
246 
247  if (NewToken->TokenInUse)
248  {
251 
252  /* Maybe we're trying to set the same token */
253  OldToken = PsReferencePrimaryToken(Process);
254  if (OldToken == NewToken)
255  {
256  /* So it's a nop. */
257  *OldAccessToken = OldToken;
258  return STATUS_SUCCESS;
259  }
260 
261  Status = SepCompareTokens(OldToken, NewToken, &IsEqual);
262  if (!NT_SUCCESS(Status))
263  {
264  PsDereferencePrimaryToken(OldToken);
265  *OldAccessToken = NULL;
266  return Status;
267  }
268 
269  if (!IsEqual)
270  {
271  PsDereferencePrimaryToken(OldToken);
272  *OldAccessToken = NULL;
274  }
275  /* Silently return STATUS_SUCCESS but do not set the new token,
276  * as it's already in use elsewhere. */
277  *OldAccessToken = OldToken;
278  return STATUS_SUCCESS;
279  }
280 
281  /* Lock the new token */
283 
284  /* Mark new token in use */
285  NewToken->TokenInUse = TRUE;
286 
287  // TODO: Set a correct SessionId for NewToken
288 
289  /* Unlock the new token */
290  SepReleaseTokenLock(NewToken);
291 
292  /* Reference the new token */
293  ObReferenceObject(NewToken);
294 
295  /* Replace the old with the new */
296  OldToken = ObFastReplaceObject(&Process->Token, NewToken);
297 
298  /* Lock the old token */
300 
301  /* Mark the old token as free */
302  OldToken->TokenInUse = FALSE;
303 
304  /* Unlock the old token */
305  SepReleaseTokenLock(OldToken);
306 
307  *OldAccessToken = (PACCESS_TOKEN)OldToken;
308  return STATUS_SUCCESS;
309 }
TOKEN_TYPE TokenType
Definition: setypes.h:175
#define SepAcquireTokenLockExclusive(Token)
Definition: se.h:200
#define TRUE
Definition: types.h:120
LONG NTSTATUS
Definition: precomp.h:26
PVOID PACCESS_TOKEN
Definition: setypes.h:11
#define PAGED_CODE()
Definition: video.h:57
unsigned char BOOLEAN
#define STATUS_BAD_TOKEN_TYPE
Definition: ntstatus.h:390
smooth NULL
Definition: ftsmooth.c:416
PVOID FASTCALL ObFastReplaceObject(IN PEX_FAST_REF FastRef, IN PVOID Object)
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
BOOLEAN TokenInUse
Definition: setypes.h:178
#define STATUS_TOKEN_ALREADY_IN_USE
Definition: ntstatus.h:521
#define SepReleaseTokenLock(Token)
Definition: se.h:211
PACCESS_TOKEN NTAPI PsReferencePrimaryToken(PEPROCESS Process)
Definition: security.c:440
Status
Definition: gdiplustypes.h:24
struct _TOKEN * PTOKEN
VOID NTAPI PsDereferencePrimaryToken(IN PACCESS_TOKEN PrimaryToken)
Definition: security.c:835
_Must_inspect_result_ _In_ PLARGE_INTEGER _In_ PLARGE_INTEGER _In_ ULONG _In_ PFILE_OBJECT _In_ PVOID Process
Definition: fsrtlfuncs.h:219
#define ObReferenceObject
Definition: obfuncs.h:204
static NTSTATUS SepCompareTokens(IN PTOKEN FirstToken, IN PTOKEN SecondToken, OUT PBOOLEAN Equal)
Definition: token.c:92
return STATUS_SUCCESS
Definition: btrfs.c:2938

Referenced by PspAssignPrimaryToken().

◆ SeFilterToken()

NTSTATUS NTAPI SeFilterToken ( IN PACCESS_TOKEN  ExistingToken,
IN ULONG  Flags,
IN PTOKEN_GROUPS SidsToDisable  OPTIONAL,
IN PTOKEN_PRIVILEGES PrivilegesToDelete  OPTIONAL,
IN PTOKEN_GROUPS RestrictedSids  OPTIONAL,
OUT PACCESS_TOKEN FilteredToken 
)

Definition at line 1290 of file token.c.

1296 {
1297  UNIMPLEMENTED;
1298  return STATUS_NOT_IMPLEMENTED;
1299 }
#define STATUS_NOT_IMPLEMENTED
Definition: ntstatus.h:225
#define UNIMPLEMENTED
Definition: debug.h:114

Referenced by FatCreateRestrictEveryoneToken().

◆ SeIsTokenChild()

NTSTATUS NTAPI SeIsTokenChild ( IN PTOKEN  Token,
OUT PBOOLEAN  IsChild 
)

Definition at line 716 of file token.c.

718 {
719  PTOKEN ProcessToken;
720  LUID ProcessTokenId, CallerParentId;
721 
722  /* Assume failure */
723  *IsChild = FALSE;
724 
725  /* Reference the process token */
727  if (!ProcessToken)
728  return STATUS_UNSUCCESSFUL;
729 
730  /* Get its token ID */
731  ProcessTokenId = ProcessToken->TokenId;
732 
733  /* Dereference the token */
735 
736  /* Get our parent token ID */
737  CallerParentId = Token->ParentTokenId;
738 
739  /* Compare the token IDs */
740  if (RtlEqualLuid(&CallerParentId, &ProcessTokenId))
741  *IsChild = TRUE;
742 
743  /* Return success */
744  return STATUS_SUCCESS;
745 }
#define TRUE
Definition: types.h:120
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
#define RtlEqualLuid(Luid1, Luid2)
Definition: rtlfuncs.h:301
#define PsGetCurrentProcess
Definition: psfuncs.h:17
#define STATUS_UNSUCCESSFUL
Definition: udferr_usr.h:132
PACCESS_TOKEN NTAPI PsReferencePrimaryToken(PEPROCESS Process)
Definition: security.c:440
LUID TokenId
Definition: setypes.h:154
BOOL WINAPI IsChild(_In_ HWND, _In_ HWND)
VOID FASTCALL ObFastDereferenceObject(IN PEX_FAST_REF FastRef, IN PVOID Object)
Definition: obref.c:169
return STATUS_SUCCESS
Definition: btrfs.c:2938

Referenced by PspSetPrimaryToken().

◆ SeIsTokenSibling()

NTSTATUS NTAPI SeIsTokenSibling ( IN PTOKEN  Token,
OUT PBOOLEAN  IsSibling 
)

Definition at line 749 of file token.c.

751 {
752  PTOKEN ProcessToken;
753  LUID ProcessParentId, ProcessAuthId;
754  LUID CallerParentId, CallerAuthId;
755 
756  /* Assume failure */
757  *IsSibling = FALSE;
758 
759  /* Reference the process token */
761  if (!ProcessToken)
762  return STATUS_UNSUCCESSFUL;
763 
764  /* Get its parent and authentication IDs */
765  ProcessParentId = ProcessToken->ParentTokenId;
766  ProcessAuthId = ProcessToken->AuthenticationId;
767 
768  /* Dereference the token */
770 
771  /* Get our parent and authentication IDs */
772  CallerParentId = Token->ParentTokenId;
773  CallerAuthId = Token->AuthenticationId;
774 
775  /* Compare the token IDs */
776  if (RtlEqualLuid(&CallerParentId, &ProcessParentId) &&
777  RtlEqualLuid(&CallerAuthId, &ProcessAuthId))
778  {
779  *IsSibling = TRUE;
780  }
781 
782  /* Return success */
783  return STATUS_SUCCESS;
784 }
#define TRUE
Definition: types.h:120
LUID AuthenticationId
Definition: setypes.h:155
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
#define RtlEqualLuid(Luid1, Luid2)
Definition: rtlfuncs.h:301
#define PsGetCurrentProcess
Definition: psfuncs.h:17
LUID ParentTokenId
Definition: setypes.h:156
#define STATUS_UNSUCCESSFUL
Definition: udferr_usr.h:132
PACCESS_TOKEN NTAPI PsReferencePrimaryToken(PEPROCESS Process)
Definition: security.c:440
VOID FASTCALL ObFastDereferenceObject(IN PEX_FAST_REF FastRef, IN PVOID Object)
Definition: obref.c:169
return STATUS_SUCCESS
Definition: btrfs.c:2938

Referenced by PspSetPrimaryToken().

◆ SepAdjustPrivileges()

static NTSTATUS SepAdjustPrivileges ( _Inout_ PTOKEN  Token,
_In_ BOOLEAN  DisableAllPrivileges,
_In_opt_ PLUID_AND_ATTRIBUTES  NewState,
_In_ ULONG  NewStateCount,
_Out_opt_ PTOKEN_PRIVILEGES  PreviousState,
_In_ BOOLEAN  ApplyChanges,
_Out_ PULONG  ChangedPrivileges,
_Out_ PBOOLEAN  ChangesMade 
)
static

Definition at line 3097 of file token.c.

3106 {
3107  ULONG i, j, PrivilegeCount, ChangeCount, NewAttributes;
3108 
3109  /* Count the found privileges and those that need to be changed */
3110  PrivilegeCount = 0;
3111  ChangeCount = 0;
3112  *ChangesMade = FALSE;
3113 
3114  /* Loop all privileges in the token */
3115  for (i = 0; i < Token->PrivilegeCount; i++)
3116  {
3117  /* Shall all of them be disabled? */
3118  if (DisableAllPrivileges)
3119  {
3120  /* The new attributes are the old ones, but disabled */
3121  NewAttributes = Token->Privileges[i].Attributes & ~SE_PRIVILEGE_ENABLED;
3122  }
3123  else
3124  {
3125  /* Otherwise loop all provided privileges */
3126  for (j = 0; j < NewStateCount; j++)
3127  {
3128  /* Check if this is the LUID we are looking for */
3129  if (RtlEqualLuid(&Token->Privileges[i].Luid, &NewState[j].Luid))
3130  {
3131  DPRINT("Found privilege\n");
3132 
3133  /* Copy SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_REMOVED */
3134  NewAttributes = NewState[j].Attributes;
3135  NewAttributes &= (SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_REMOVED);
3136  NewAttributes |= Token->Privileges[i].Attributes & ~SE_PRIVILEGE_ENABLED;
3137 
3138  /* Stop looking */
3139  break;
3140  }
3141  }
3142 
3143  /* Check if we didn't find the privilege */
3144  if (j == NewStateCount)
3145  {
3146  /* Continue with the token's next privilege */
3147  continue;
3148  }
3149  }
3150 
3151  /* We found a privilege, count it */
3152  PrivilegeCount++;
3153 
3154  /* Does the privilege need to be changed? */
3155  if (Token->Privileges[i].Attributes != NewAttributes)
3156  {
3157  /* Does the caller want the old privileges? */
3158  if (PreviousState != NULL)
3159  {
3160  /* Copy the old privilege */
3161  PreviousState->Privileges[ChangeCount] = Token->Privileges[i];
3162  }
3163 
3164  /* Does the caller want to apply the changes? */
3165  if (ApplyChanges)
3166  {
3167  /* Shall we remove the privilege? */
3168  if (NewAttributes & SE_PRIVILEGE_REMOVED)
3169  {
3170  /* Set the token as disabled and update flags for it */
3171  Token->Privileges[i].Attributes &= ~SE_PRIVILEGE_ENABLED;
3173 
3174  /* Remove the privilege */
3176 
3177  *ChangesMade = TRUE;
3178 
3179  /* Fix the running index and continue with next one */
3180  i--;
3181  continue;
3182  }
3183 
3184  /* Set the new attributes and update flags */
3185  Token->Privileges[i].Attributes = NewAttributes;
3187  *ChangesMade = TRUE;
3188  }
3189 
3190  /* Increment the change count */
3191  ChangeCount++;
3192  }
3193  }
3194 
3195  /* Set the number of saved privileges */
3196  if (PreviousState != NULL)
3197  PreviousState->PrivilegeCount = ChangeCount;
3198 
3199  /* Return the number of changed privileges */
3200  *ChangedPrivileges = ChangeCount;
3201 
3202  /* Check if we missed some */
3203  if (!DisableAllPrivileges && (PrivilegeCount < NewStateCount))
3204  {
3205  return STATUS_NOT_ALL_ASSIGNED;
3206  }
3207 
3208  return STATUS_SUCCESS;
3209 }
#define STATUS_NOT_ALL_ASSIGNED
Definition: ntstatus.h:85
#define TRUE
Definition: types.h:120
BOOL ApplyChanges(HWND hwndDlg)
Definition: sounds.c:961
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
#define SE_PRIVILEGE_REMOVED
Definition: setypes.h:64
static VOID SepUpdateSinglePrivilegeFlagToken(_Inout_ PTOKEN Token, _In_ ULONG Index)
Definition: token.c:129
#define SE_PRIVILEGE_ENABLED
Definition: setypes.h:63
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
#define RtlEqualLuid(Luid1, Luid2)
Definition: rtlfuncs.h:301
smooth NULL
Definition: ftsmooth.c:416
void DPRINT(...)
Definition: polytest.cpp:61
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint GLint GLint j
Definition: glfuncs.h:250
static VOID SepRemovePrivilegeToken(_Inout_ PTOKEN Token, _In_ ULONG Index)
Definition: token.c:195
_In_ PLARGE_INTEGER _In_opt_ PTIMER_APC_ROUTINE _In_opt_ PVOID _In_ BOOLEAN _In_opt_ LONG _Out_opt_ PBOOLEAN PreviousState
Definition: zwfuncs.h:428
unsigned int ULONG
Definition: retypes.h:1
return STATUS_SUCCESS
Definition: btrfs.c:2938

Referenced by NtAdjustPrivilegesToken().

◆ SepCompareTokens()

static NTSTATUS SepCompareTokens ( IN PTOKEN  FirstToken,
IN PTOKEN  SecondToken,
OUT PBOOLEAN  Equal 
)
static

Definition at line 92 of file token.c.

95 {
97 
98  ASSERT(FirstToken != SecondToken);
99 
100  /* Lock the tokens */
101  SepAcquireTokenLockShared(FirstToken);
102  SepAcquireTokenLockShared(SecondToken);
103 
104  /* FIXME: Check if every SID that is present in either token is also present in the other one */
105 
106  Restricted = SeTokenIsRestricted(FirstToken);
107  if (Restricted == SeTokenIsRestricted(SecondToken))
108  {
109  if (Restricted)
110  {
111  /* FIXME: Check if every SID that is restricted in either token is also restricted in the other one */
112  }
113 
114  /* FIXME: Check if every privilege that is present in either token is also present in the other one */
115  DPRINT1("FIXME: Pretending tokens are equal!\n");
116  IsEqual = TRUE;
117  }
118 
119  /* Unlock the tokens */
120  SepReleaseTokenLock(SecondToken);
121  SepReleaseTokenLock(FirstToken);
122 
123  *Equal = IsEqual;
124  return STATUS_SUCCESS;
125 }
#define TRUE
Definition: types.h:120
BOOLEAN NTAPI SeTokenIsRestricted(IN PACCESS_TOKEN Token)
Definition: token.c:1807
unsigned char BOOLEAN
UNICODE_STRING Restricted
Definition: utils.c:24
ASSERT((InvokeOnSuccess||InvokeOnError||InvokeOnCancel) ?(CompletionRoutine !=NULL) :TRUE)
#define SepReleaseTokenLock(Token)
Definition: se.h:211
#define DPRINT1
Definition: precomp.h:8
#define SepAcquireTokenLockShared(Token)
Definition: se.h:205
return STATUS_SUCCESS
Definition: btrfs.c:2938

Referenced by NtCompareTokens(), and SeExchangePrimaryToken().

◆ SepCopyProxyData()

NTSTATUS NTAPI SepCopyProxyData ( PVOID Dest,
PVOID  Src 
)

Definition at line 225 of file token.c.

227 {
229  return STATUS_NOT_IMPLEMENTED;
230 }
#define STATUS_NOT_IMPLEMENTED
Definition: ntstatus.h:225
#define UNIMPLEMENTED
Definition: debug.h:114

◆ SepCreateSystemProcessToken()

PTOKEN NTAPI SepCreateSystemProcessToken ( VOID  )

Definition at line 1145 of file token.c.

1146 {
1148  ULONG GroupAttributes, OwnerAttributes;
1150  LARGE_INTEGER Expiration;
1151  SID_AND_ATTRIBUTES UserSid;
1152  ULONG GroupsLength;
1155  PSID Owner;
1156  ULONG i;
1157  PTOKEN Token;
1158  NTSTATUS Status;
1159 
1160  /* Don't ever expire */
1161  Expiration.QuadPart = -1;
1162 
1163  /* All groups mandatory and enabled */
1166 
1167  /* User is Local System */
1168  UserSid.Sid = SeLocalSystemSid;
1169  UserSid.Attributes = 0;
1170 
1171  /* Primary group is Local System */
1173 
1174  /* Owner is Administrators */
1176 
1177  /* Groups are Administrators, World, and Authenticated Users */
1178  Groups[0].Sid = SeAliasAdminsSid;
1179  Groups[0].Attributes = OwnerAttributes;
1180  Groups[1].Sid = SeWorldSid;
1181  Groups[1].Attributes = GroupAttributes;
1183  Groups[2].Attributes = GroupAttributes;
1184  GroupsLength = sizeof(SID_AND_ATTRIBUTES) +
1185  SeLengthSid(Groups[0].Sid) +
1186  SeLengthSid(Groups[1].Sid) +
1187  SeLengthSid(Groups[2].Sid);
1188  ASSERT(GroupsLength <= sizeof(Groups));
1189 
1190  /* Setup the privileges */
1191  i = 0;
1193  Privileges[i++].Luid = SeTcbPrivilege;
1194 
1195  Privileges[i].Attributes = 0;
1197 
1198  Privileges[i].Attributes = 0;
1200 
1203 
1206 
1207  Privileges[i].Attributes = 0;
1209 
1210  Privileges[i].Attributes = 0;
1212 
1215 
1218 
1220  Privileges[i++].Luid = SeDebugPrivilege;
1221 
1223  Privileges[i++].Luid = SeAuditPrivilege;
1224 
1225  Privileges[i].Attributes = 0;
1226  Privileges[i++].Luid = SeSecurityPrivilege;
1227 
1228  Privileges[i].Attributes = 0;
1230 
1233 
1234  Privileges[i].Attributes = 0;
1235  Privileges[i++].Luid = SeBackupPrivilege;
1236 
1237  Privileges[i].Attributes = 0;
1238  Privileges[i++].Luid = SeRestorePrivilege;
1239 
1240  Privileges[i].Attributes = 0;
1241  Privileges[i++].Luid = SeShutdownPrivilege;
1242 
1243  Privileges[i].Attributes = 0;
1245 
1248 
1249  Privileges[i].Attributes = 0;
1251  ASSERT(i == 20);
1252 
1253  /* Setup the object attributes */
1256 
1257  /* Create the token */
1259  KernelMode,
1260  0,
1262  TokenPrimary,
1265  &Expiration,
1266  &UserSid,
1267  3,
1268  Groups,
1269  GroupsLength,
1270  20,
1271  Privileges,
1272  Owner,
1273  PrimaryGroup,
1276  TRUE);
1278 
1279  /* Return the token */
1280  return Token;
1281 }
const LUID SeSystemEnvironmentPrivilege
Definition: priv.c:43
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:35
#define TRUE
Definition: types.h:120
const LUID SeSystemtimePrivilege
Definition: priv.c:33
const LUID SeIncreaseQuotaPrivilege
Definition: priv.c:26
const LUID SeCreateTokenPrivilege
Definition: priv.c:23
const LUID SeCreatePermanentPrivilege
Definition: priv.c:37
const LUID SeDebugPrivilege
Definition: priv.c:41
const LUID SeBackupPrivilege
Definition: priv.c:38
PACL SeSystemDefaultDacl
Definition: acl.c:23
LONG NTSTATUS
Definition: precomp.h:26
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
LUID SeSystemAuthenticationId
Definition: token.c:38
const LUID SeAssignPrimaryTokenPrivilege
Definition: priv.c:24
PSID SeAuthenticatedUsersSid
Definition: sid.c:55
TOpcodeData Groups[17][8]
#define SE_PRIVILEGE_ENABLED
Definition: setypes.h:63
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
#define SE_GROUP_OWNER
Definition: setypes.h:93
smooth NULL
Definition: ftsmooth.c:416
const LUID SeLoadDriverPrivilege
Definition: priv.c:31
#define SE_GROUP_ENABLED_BY_DEFAULT
Definition: setypes.h:91
const LUID SeTakeOwnershipPrivilege
Definition: priv.c:30
_In_ ULONG _In_ ACCESS_MASK _In_ PSID Sid
Definition: rtlfuncs.h:1104
NTSTATUS NTAPI SepCreateToken(_Out_ PHANDLE TokenHandle, _In_ KPROCESSOR_MODE PreviousMode, _In_ ACCESS_MASK DesiredAccess, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ TOKEN_TYPE TokenType, _In_ SECURITY_IMPERSONATION_LEVEL ImpersonationLevel, _In_ PLUID AuthenticationId, _In_ PLARGE_INTEGER ExpirationTime, _In_ PSID_AND_ATTRIBUTES User, _In_ ULONG GroupCount, _In_ PSID_AND_ATTRIBUTES Groups, _In_ ULONG GroupsLength, _In_ ULONG PrivilegeCount, _In_ PLUID_AND_ATTRIBUTES Privileges, _In_opt_ PSID Owner, _In_ PSID PrimaryGroup, _In_opt_ PACL DefaultDacl, _In_ PTOKEN_SOURCE TokenSource, _In_ BOOLEAN SystemToken)
Definition: token.c:882
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ SaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ OwnerSize PSID _Inout_ PULONG _Out_writes_bytes_to_opt_ PrimaryGroupSize PSID PrimaryGroup
Definition: rtlfuncs.h:1559
#define SE_PRIVILEGE_ENABLED_BY_DEFAULT
Definition: setypes.h:62
const LUID SeCreatePagefilePrivilege
Definition: priv.c:36
const LUID SeRestorePrivilege
Definition: priv.c:39
#define SE_GROUP_ENABLED
Definition: setypes.h:92
struct _SID_AND_ATTRIBUTES SID_AND_ATTRIBUTES
static const LUID SeChangeNotifyPrivilege
Definition: authpackage.c:167
#define SE_GROUP_MANDATORY
Definition: setypes.h:90
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET * Privileges
Definition: sefuncs.h:13
ASSERT((InvokeOnSuccess||InvokeOnError||InvokeOnCancel) ?(CompletionRoutine !=NULL) :TRUE)
PSID SeAliasAdminsSid
Definition: sid.c:47
TOKEN_SOURCE SeSystemTokenSource
Definition: token.c:37
PVOID *typedef PHANDLE
Definition: ntsecpkg.h:414
const LUID SeLockMemoryPrivilege
Definition: priv.c:25
const LUID SeProfileSingleProcessPrivilege
Definition: priv.c:34
PSID SeWorldSid
Definition: sid.c:31
const LUID SeIncreaseBasePriorityPrivilege
Definition: priv.c:35
Status
Definition: gdiplustypes.h:24
const LUID SeTcbPrivilege
Definition: priv.c:28
const LUID SeShutdownPrivilege
Definition: priv.c:40
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ SaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ OwnerSize PSID Owner
Definition: rtlfuncs.h:1557
const LUID SeSecurityPrivilege
Definition: priv.c:29
PSID SeLocalSystemSid
Definition: sid.c:44
unsigned int ULONG
Definition: retypes.h:1
#define InitializeObjectAttributes(p, n, a, r, s)
Definition: reg.c:106
return STATUS_SUCCESS
Definition: btrfs.c:2938
#define SeLengthSid(Sid)
Definition: sefuncs.h:570
const LUID SeAuditPrivilege
Definition: priv.c:42
LONGLONG QuadPart
Definition: typedefs.h:112

Referenced by SepInitializationPhase0().

◆ SepCreateToken()

NTSTATUS NTAPI SepCreateToken ( _Out_ PHANDLE  TokenHandle,
_In_ KPROCESSOR_MODE  PreviousMode,
_In_ ACCESS_MASK  DesiredAccess,
_In_opt_ POBJECT_ATTRIBUTES  ObjectAttributes,
_In_ TOKEN_TYPE  TokenType,
_In_ SECURITY_IMPERSONATION_LEVEL  ImpersonationLevel,
_In_ PLUID  AuthenticationId,
_In_ PLARGE_INTEGER  ExpirationTime,
_In_ PSID_AND_ATTRIBUTES  User,
_In_ ULONG  GroupCount,
_In_ PSID_AND_ATTRIBUTES  Groups,
_In_ ULONG  GroupsLength,
_In_ ULONG  PrivilegeCount,
_In_ PLUID_AND_ATTRIBUTES  Privileges,
_In_opt_ PSID  Owner,
_In_ PSID  PrimaryGroup,
_In_opt_ PACL  DefaultDacl,
_In_ PTOKEN_SOURCE  TokenSource,
_In_ BOOLEAN  SystemToken 
)

Definition at line 882 of file token.c.

902 {
904  PTOKEN AccessToken;
905  ULONG TokenFlags = 0;
906  ULONG PrimaryGroupIndex, DefaultOwnerIndex;
907  LUID TokenId;
908  LUID ModifiedId;
909  PVOID EndMem;
910  ULONG PrivilegesLength;
911  ULONG UserGroupsLength;
912  ULONG VariableLength;
913  ULONG TotalSize;
914  ULONG i;
915 
916  PAGED_CODE();
917 
918  /* Loop all groups */
919  for (i = 0; i < GroupCount; i++)
920  {
921  /* Check for mandatory groups */
923  {
924  /* Force them to be enabled */
926  }
927 
928  /* Check of the group is an admin group */
930  {
931  /* Remember this so we can optimize queries later */
932  TokenFlags |= TOKEN_HAS_ADMIN_GROUP;
933  }
934  }
935 
936  /* Allocate unique IDs for the token */
937  ExAllocateLocallyUniqueId(&TokenId);
938  ExAllocateLocallyUniqueId(&ModifiedId);
939 
940  /* Compute how much size we need to allocate for the token */
941 
942  /* Privileges size */
943  PrivilegesLength = PrivilegeCount * sizeof(LUID_AND_ATTRIBUTES);
944  PrivilegesLength = ALIGN_UP_BY(PrivilegesLength, sizeof(PVOID));
945 
946  /* User and groups size */
947  UserGroupsLength = (1 + GroupCount) * sizeof(SID_AND_ATTRIBUTES);
948  UserGroupsLength += RtlLengthSid(User->Sid);
949  for (i = 0; i < GroupCount; i++)
950  {
951  UserGroupsLength += RtlLengthSid(Groups[i].Sid);
952  }
953  UserGroupsLength = ALIGN_UP_BY(UserGroupsLength, sizeof(PVOID));
954 
955  /* Add the additional groups array length */
956  UserGroupsLength += ALIGN_UP_BY(GroupsLength, sizeof(PVOID));
957 
958  VariableLength = PrivilegesLength + UserGroupsLength;
959  TotalSize = FIELD_OFFSET(TOKEN, VariablePart) + VariableLength;
960 
964  PreviousMode,
965  NULL,
966  TotalSize,
967  0,
968  0,
969  (PVOID*)&AccessToken);
970  if (!NT_SUCCESS(Status))
971  {
972  DPRINT1("ObCreateObject() failed (Status 0x%lx)\n", Status);
973  return Status;
974  }
975 
976  /* Zero out the buffer and initialize the token */
977  RtlZeroMemory(AccessToken, TotalSize);
978 
979  RtlCopyLuid(&AccessToken->TokenId, &TokenId);
980 
981  AccessToken->TokenType = TokenType;
982  AccessToken->ImpersonationLevel = ImpersonationLevel;
983 
984  AccessToken->TokenLock = &SepTokenLock; // FIXME: Global lock!
985 
987  &TokenSource->SourceIdentifier);
988  RtlCopyMemory(AccessToken->TokenSource.SourceName,
989  TokenSource->SourceName,
990  sizeof(TokenSource->SourceName));
991 
992  AccessToken->ExpirationTime = *ExpirationTime;
993  RtlCopyLuid(&AccessToken->ModifiedId, &ModifiedId);
994 
995  AccessToken->TokenFlags = TokenFlags & ~TOKEN_SESSION_NOT_REFERENCED;
996 
997  /* Copy and reference the logon session */
998  RtlCopyLuid(&AccessToken->AuthenticationId, AuthenticationId);
1000  if (!NT_SUCCESS(Status))
1001  {
1002  /* No logon session could be found, bail out */
1003  DPRINT1("SepRmReferenceLogonSession() failed (Status 0x%lx)\n", Status);
1004  /* Set the flag for proper cleanup by the delete procedure */
1005  AccessToken->TokenFlags |= TOKEN_SESSION_NOT_REFERENCED;
1006  goto Quit;
1007  }
1008 
1009  /* Assign the data that reside in the TOKEN's variable information area */
1010  AccessToken->VariableLength = VariableLength;
1011  EndMem = (PVOID)&AccessToken->VariablePart;
1012 
1013  /* Copy the privileges */
1014  AccessToken->PrivilegeCount = PrivilegeCount;
1015  AccessToken->Privileges = NULL;
1016  if (PrivilegeCount > 0)
1017  {
1018  AccessToken->Privileges = EndMem;
1019  EndMem = (PVOID)((ULONG_PTR)EndMem + PrivilegesLength);
1020  VariableLength -= PrivilegesLength;
1021 
1022  if (PreviousMode != KernelMode)
1023  {
1024  _SEH2_TRY
1025  {
1026  RtlCopyMemory(AccessToken->Privileges,
1027  Privileges,
1028  PrivilegeCount * sizeof(LUID_AND_ATTRIBUTES));
1029  }
1031  {
1033  }
1034  _SEH2_END;
1035  }
1036  else
1037  {
1038  RtlCopyMemory(AccessToken->Privileges,
1039  Privileges,
1040  PrivilegeCount * sizeof(LUID_AND_ATTRIBUTES));
1041  }
1042 
1043  if (!NT_SUCCESS(Status))
1044  goto Quit;
1045  }
1046 
1047  /* Update the privilege flags */
1048  SepUpdatePrivilegeFlagsToken(AccessToken);
1049 
1050  /* Copy the user and groups */
1051  AccessToken->UserAndGroupCount = 1 + GroupCount;
1052  AccessToken->UserAndGroups = EndMem;
1053  EndMem = &AccessToken->UserAndGroups[AccessToken->UserAndGroupCount];
1054  VariableLength -= ((ULONG_PTR)EndMem - (ULONG_PTR)AccessToken->UserAndGroups);
1055 
1057  User,
1058  VariableLength,
1059  &AccessToken->UserAndGroups[0],
1060  EndMem,
1061  &EndMem,
1062  &VariableLength);
1063  if (!NT_SUCCESS(Status))
1064  goto Quit;
1065 
1066  Status = RtlCopySidAndAttributesArray(GroupCount,
1067  Groups,
1068  VariableLength,
1069  &AccessToken->UserAndGroups[1],
1070  EndMem,
1071  &EndMem,
1072  &VariableLength);
1073  if (!NT_SUCCESS(Status))
1074  goto Quit;
1075 
1076  /* Find the token primary group and default owner */
1078  PrimaryGroup,
1079  Owner,
1080  &PrimaryGroupIndex,
1081  &DefaultOwnerIndex);
1082  if (!NT_SUCCESS(Status))
1083  {
1084  DPRINT1("SepFindPrimaryGroupAndDefaultOwner failed (Status 0x%lx)\n", Status);
1085  goto Quit;
1086  }
1087 
1088  AccessToken->PrimaryGroup = AccessToken->UserAndGroups[PrimaryGroupIndex].Sid;
1089  AccessToken->DefaultOwnerIndex = DefaultOwnerIndex;
1090 
1091  /* Now allocate the TOKEN's dynamic information area and set the data */
1092  AccessToken->DynamicAvailable = 0; // Unused memory in the dynamic area.
1093  AccessToken->DynamicPart = NULL;
1094  if (DefaultDacl != NULL)
1095  {
1097  DefaultDacl->AclSize,
1099  if (AccessToken->DynamicPart == NULL)
1100  {
1102  goto Quit;
1103  }
1104  EndMem = (PVOID)AccessToken->DynamicPart;
1105 
1106  AccessToken->DefaultDacl = EndMem;
1107 
1108  RtlCopyMemory(AccessToken->DefaultDacl,
1109  DefaultDacl,
1110  DefaultDacl->AclSize);
1111  }
1112 
1113  /* Insert the token only if it's not the system token, otherwise return it directly */
1114  if (!SystemToken)
1115  {
1116  Status = ObInsertObject(AccessToken,
1117  NULL,
1118  DesiredAccess,
1119  0,
1120  NULL,
1121  TokenHandle);
1122  if (!NT_SUCCESS(Status))
1123  {
1124  DPRINT1("ObInsertObject() failed (Status 0x%lx)\n", Status);
1125  }
1126  }
1127  else
1128  {
1129  /* Return pointer instead of handle */
1130  *TokenHandle = (HANDLE)AccessToken;
1131  }
1132 
1133 Quit:
1134  if (!NT_SUCCESS(Status))
1135  {
1136  /* Dereference the token, the delete procedure will clean it up */
1137  ObDereferenceObject(AccessToken);
1138  }
1139 
1140  return Status;
1141 }
TOKEN_TYPE TokenType
Definition: setypes.h:175
static NTSTATUS SepFindPrimaryGroupAndDefaultOwner(_In_ PTOKEN Token, _In_ PSID PrimaryGroup, _In_opt_ PSID DefaultOwner, _Out_opt_ PULONG PrimaryGroupIndex, _Out_opt_ PULONG DefaultOwnerIndex)
Definition: token.c:345
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:35
NTSYSAPI VOID NTAPI RtlCopyMemory(VOID UNALIGNED *Destination, CONST VOID UNALIGNED *Source, ULONG Length)
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
ERESOURCE SepTokenLock
Definition: token.c:35
USHORT AclSize
Definition: ms-dtyp.idl:296
LUID AuthenticationId
Definition: setypes.h:155
ULONG VariablePart
Definition: setypes.h:182
NTSYSAPI NTSTATUS NTAPI RtlCopySidAndAttributesArray(_In_ ULONG Count, _In_ PSID_AND_ATTRIBUTES Src, _In_ ULONG SidAreaSize, _In_ PSID_AND_ATTRIBUTES Dest, _In_ PSID SidArea, _Out_ PSID *RemainingSidArea, _Out_ PULONG RemainingSidAreaSize)
LONG NTSTATUS
Definition: precomp.h:26
struct _LUID_AND_ATTRIBUTES LUID_AND_ATTRIBUTES
VOID NTAPI ObDereferenceObject(IN PVOID Object)
Definition: obref.c:375
ULONG PrivilegeCount
Definition: setypes.h:164
TOpcodeData Groups[17][8]
NTSYSAPI void WINAPI RtlCopyLuid(PLUID, const LUID *)
PLUID_AND_ATTRIBUTES Privileges
Definition: setypes.h:172
LUID ModifiedId
Definition: setypes.h:160
#define PAGED_CODE()
Definition: video.h:57
_SEH2_TRY
Definition: create.c:4250
uint32_t ULONG_PTR
Definition: typedefs.h:63
ULONG TokenFlags
Definition: setypes.h:177
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
LUID SourceIdentifier
Definition: imports.h:279
struct _ERESOURCE * TokenLock
Definition: setypes.h:158
ULONG DynamicAvailable
Definition: setypes.h:167
static VOID SepUpdatePrivilegeFlagsToken(_Inout_ PTOKEN Token)
Definition: token.c:180
PACL DefaultDacl
Definition: setypes.h:174
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:85
smooth NULL
Definition: ftsmooth.c:416
POBJECT_TYPE SeTokenObjectType
Definition: token.c:34
#define SE_GROUP_ENABLED_BY_DEFAULT
Definition: setypes.h:91
_In_ ULONG _In_ ACCESS_MASK _In_ PSID Sid
Definition: rtlfuncs.h:1104
ULONG DefaultOwnerIndex
Definition: setypes.h:168
_In_ ACCESS_MASK _In_ ULONG _Out_ PHANDLE TokenHandle
Definition: psfuncs.h:715
NTSYSAPI ULONG NTAPI RtlLengthSid(IN PSID Sid)
Definition: sid.c:150
ULONG VariableLength
Definition: setypes.h:165
void * PVOID
Definition: retypes.h:9
NTSTATUS NTAPI ObCreateObject(IN KPROCESSOR_MODE ProbeMode OPTIONAL, IN POBJECT_TYPE Type, IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, IN KPROCESSOR_MODE AccessMode, IN OUT PVOID ParseContext OPTIONAL, IN ULONG ObjectSize, IN ULONG PagedPoolCharge OPTIONAL, IN ULONG NonPagedPoolCharge OPTIONAL, OUT PVOID *Object)
Definition: oblife.c:952
NTSTATUS SepRmReferenceLogonSession(PLUID LogonLuid)
Definition: srm.c:381
PULONG DynamicPart
Definition: setypes.h:173
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ SaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ OwnerSize PSID _Inout_ PULONG _Out_writes_bytes_to_opt_ PrimaryGroupSize PSID PrimaryGroup
Definition: rtlfuncs.h:1559
_In_ KPROCESSOR_MODE PreviousMode
Definition: sefuncs.h:103
PSID PrimaryGroup
Definition: setypes.h:171
LARGE_INTEGER ExpirationTime
Definition: setypes.h:157
if(!(yy_init))
Definition: macro.lex.yy.c:714
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
#define SE_GROUP_ENABLED
Definition: setypes.h:92
_Out_ PBOOLEAN _Out_ PBOOLEAN _Out_ PSECURITY_IMPERSONATION_LEVEL ImpersonationLevel
Definition: psfuncs.h:154
PVOID HANDLE
Definition: typedefs.h:71
#define SE_GROUP_MANDATORY
Definition: setypes.h:90
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET * Privileges
Definition: sefuncs.h:13
#define ExAllocatePoolWithTag(hernya, size, tag)
Definition: env_spec_w32.h:350
PSID SeAliasAdminsSid
Definition: sid.c:47
#define TAG_TOKEN_DYNAMIC
Definition: tag.h:180
CCHAR SourceName[TOKEN_SOURCE_LENGTH]
Definition: imports.h:278
Status
Definition: gdiplustypes.h:24
_Must_inspect_result_ _In_ USHORT _In_ PHIDP_PREPARSED_DATA _Out_writes_to_ LengthAttributes PHIDP_EXTENDED_ATTRIBUTES Attributes
Definition: hidpi.h:348
_SEH2_END
Definition: create.c:4424
NTSTATUS NTAPI ObInsertObject(IN PVOID Object, IN PACCESS_STATE AccessState OPTIONAL, IN ACCESS_MASK DesiredAccess, IN ULONG ObjectPointerBias, OUT PVOID *NewObject OPTIONAL, OUT PHANDLE Handle)
Definition: obhandle.c:2932
#define TOKEN_HAS_ADMIN_GROUP
Definition: setypes.h:1128
ULONG UserAndGroupCount
Definition: setypes.h:162
_In_ PIO_STACK_LOCATION _Inout_ PFILE_OBJECT _Inout_ PVCB _Outptr_result_maybenull_ PDCB _In_ PDCB _In_ PDIRENT _In_ ULONG _In_ ULONG _In_ PUNICODE_STRING _In_ PACCESS_MASK DesiredAccess
Definition: create.c:4157
VOID NTAPI ExAllocateLocallyUniqueId(OUT LUID *LocallyUniqueId)
Definition: uuid.c:340
#define FIELD_OFFSET(t, f)
Definition: typedefs.h:254
LUID TokenId
Definition: setypes.h:154
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ SaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ OwnerSize PSID Owner
Definition: rtlfuncs.h:1557
#define DPRINT1
Definition: precomp.h:8
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
Definition: setypes.h:176
unsigned int ULONG
Definition: retypes.h:1
#define RtlZeroMemory(Destination, Length)
Definition: typedefs.h:261
#define ULONG_PTR
Definition: config.h:101
#define ALIGN_UP_BY(size, align)
PSID_AND_ATTRIBUTES UserAndGroups
Definition: setypes.h:169
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:6
#define _SEH2_GetExceptionCode()
Definition: pseh2_64.h:12
TOKEN_SOURCE TokenSource
Definition: setypes.h:153
#define TOKEN_SESSION_NOT_REFERENCED
Definition: setypes.h:1130
NTSYSAPI BOOLEAN NTAPI RtlEqualSid(_In_ PSID Sid1, _In_ PSID Sid2)
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN _In_ TOKEN_TYPE TokenType
Definition: sefuncs.h:417

Referenced by NtCreateToken(), and SepCreateSystemProcessToken().

◆ SepDeleteToken()

VOID NTAPI SepDeleteToken ( PVOID  ObjectBody)

Definition at line 817 of file token.c.

818 {
819  PTOKEN AccessToken = (PTOKEN)ObjectBody;
820 
821  DPRINT("SepDeleteToken()\n");
822 
823  /* Dereference the logon session */
824  if ((AccessToken->TokenFlags & TOKEN_SESSION_NOT_REFERENCED) == 0)
826 
827  /* Delete the dynamic information area */
828  if (AccessToken->DynamicPart)
830 }
LUID AuthenticationId
Definition: setypes.h:155
ULONG TokenFlags
Definition: setypes.h:177
void DPRINT(...)
Definition: polytest.cpp:61
NTSTATUS SepRmDereferenceLogonSession(PLUID LogonLuid)
Definition: srm.c:664
PULONG DynamicPart
Definition: setypes.h:173
#define TAG_TOKEN_DYNAMIC
Definition: tag.h:180
struct _TOKEN * PTOKEN
#define ExFreePoolWithTag(_P, _T)
Definition: module.h:1099
#define TOKEN_SESSION_NOT_REFERENCED
Definition: setypes.h:1130

Referenced by SepInitializeTokenImplementation().

◆ SepDuplicateToken()

NTSTATUS NTAPI SepDuplicateToken ( _In_ PTOKEN  Token,
_In_opt_ POBJECT_ATTRIBUTES  ObjectAttributes,
_In_ BOOLEAN  EffectiveOnly,
_In_ TOKEN_TYPE  TokenType,
_In_ SECURITY_IMPERSONATION_LEVEL  Level,
_In_ KPROCESSOR_MODE  PreviousMode,
_Out_ PTOKEN NewAccessToken 
)

Definition at line 441 of file token.c.

449 {
451  PTOKEN AccessToken;
452  PVOID EndMem;
453  ULONG VariableLength;
454  ULONG TotalSize;
455 
456  PAGED_CODE();
457 
458  /* Compute how much size we need to allocate for the token */
459  VariableLength = Token->VariableLength;
460  TotalSize = FIELD_OFFSET(TOKEN, VariablePart) + VariableLength;
461 
465  PreviousMode,
466  NULL,
467  TotalSize,
468  0,
469  0,
470  (PVOID*)&AccessToken);
471  if (!NT_SUCCESS(Status))
472  {
473  DPRINT1("ObCreateObject() failed (Status 0x%lx)\n", Status);
474  return Status;
475  }
476 
477  /* Zero out the buffer and initialize the token */
478  RtlZeroMemory(AccessToken, TotalSize);
479 
480  ExAllocateLocallyUniqueId(&AccessToken->TokenId);
481 
482  AccessToken->TokenType = TokenType;
483  AccessToken->ImpersonationLevel = Level;
484 
485  AccessToken->TokenLock = &SepTokenLock; // FIXME: Global lock!
486 
487  /* Copy the immutable fields */
489  &Token->TokenSource.SourceIdentifier);
490  RtlCopyMemory(AccessToken->TokenSource.SourceName,
491  Token->TokenSource.SourceName,
492  sizeof(Token->TokenSource.SourceName));
493 
494  AccessToken->AuthenticationId = Token->AuthenticationId;
495  AccessToken->ParentTokenId = Token->ParentTokenId;
496  AccessToken->ExpirationTime = Token->ExpirationTime;
497  AccessToken->OriginatingLogonSession = Token->OriginatingLogonSession;
498 
499 
500  /* Lock the source token and copy the mutable fields */
502 
503  AccessToken->SessionId = Token->SessionId;
504  RtlCopyLuid(&AccessToken->ModifiedId, &Token->ModifiedId);
505 
506  AccessToken->TokenFlags = Token->TokenFlags & ~TOKEN_SESSION_NOT_REFERENCED;
507 
508  /* Copy and reference the logon session */
509  // RtlCopyLuid(&AccessToken->AuthenticationId, &Token->AuthenticationId);
511  if (!NT_SUCCESS(Status))
512  {
513  /* No logon session could be found, bail out */
514  DPRINT1("SepRmReferenceLogonSession() failed (Status 0x%lx)\n", Status);
515  /* Set the flag for proper cleanup by the delete procedure */
517  goto Quit;
518  }
519 
520  /* Assign the data that reside in the TOKEN's variable information area */
521  AccessToken->VariableLength = VariableLength;
522  EndMem = (PVOID)&AccessToken->VariablePart;
523 
524  /* Copy the privileges */
525  AccessToken->PrivilegeCount = 0;
526  AccessToken->Privileges = NULL;
527  if (Token->Privileges && (Token->PrivilegeCount > 0))
528  {
529  ULONG PrivilegesLength = Token->PrivilegeCount * sizeof(LUID_AND_ATTRIBUTES);
530  PrivilegesLength = ALIGN_UP_BY(PrivilegesLength, sizeof(PVOID));
531 
532  ASSERT(VariableLength >= PrivilegesLength);
533 
534  AccessToken->PrivilegeCount = Token->PrivilegeCount;
535  AccessToken->Privileges = EndMem;
536  EndMem = (PVOID)((ULONG_PTR)EndMem + PrivilegesLength);
537  VariableLength -= PrivilegesLength;
538 
539  RtlCopyMemory(AccessToken->Privileges,
540  Token->Privileges,
541  AccessToken->PrivilegeCount * sizeof(LUID_AND_ATTRIBUTES));
542  }
543 
544  /* Copy the user and groups */
545  AccessToken->UserAndGroupCount = 0;
546  AccessToken->UserAndGroups = NULL;
547  if (Token->UserAndGroups && (Token->UserAndGroupCount > 0))
548  {
549  AccessToken->UserAndGroupCount = Token->UserAndGroupCount;
550  AccessToken->UserAndGroups = EndMem;
551  EndMem = &AccessToken->UserAndGroups[AccessToken->UserAndGroupCount];
552  VariableLength -= ((ULONG_PTR)EndMem - (ULONG_PTR)AccessToken->UserAndGroups);
553 
555  Token->UserAndGroups,
556  VariableLength,
5