#include <ntoskrnl.h>#include <debug.h>
Include dependency graph for token.c:
Go to the source code of this file.
Macros | |
| #define | NDEBUG |
Functions | |
| NTSTATUS | SepCreateTokenLock (_Inout_ PTOKEN Token) |
| Creates a lock for the token. | |
| VOID | SepDeleteTokenLock (_Inout_ PTOKEN Token) |
| Deletes a lock of a token. | |
| static BOOLEAN | SepCompareSidAndAttributesFromTokens (_In_ PSID_AND_ATTRIBUTES SidArrayToken1, _In_ ULONG CountSidArray1, _In_ PSID_AND_ATTRIBUTES SidArrayToken2, _In_ ULONG CountSidArray2) |
| Compares the elements of SID arrays provided by tokens. The elements that are being compared for equality are the SIDs and their attributes. | |
| static BOOLEAN | SepComparePrivilegeAndAttributesFromTokens (_In_ PLUID_AND_ATTRIBUTES PrivArrayToken1, _In_ ULONG CountPrivArray1, _In_ PLUID_AND_ATTRIBUTES PrivArrayToken2, _In_ ULONG CountPrivArray2) |
| Compares the elements of privilege arrays provided by tokens. The elements that are being compared for equality are the privileges and their attributes. | |
| static NTSTATUS | SepCompareTokens (_In_ PTOKEN FirstToken, _In_ PTOKEN SecondToken, _Out_ PBOOLEAN Equal) |
| Compares tokens if they're equal based on all the following properties. If all of the said conditions are met then the tokens are deemed as equal. | |
| static NTSTATUS | SepImpersonateAnonymousToken (_In_ PETHREAD Thread, _In_ KPROCESSOR_MODE PreviousMode) |
| Private function that impersonates the system's anonymous logon token. The major bulk of the impersonation procedure is done here. | |
| VOID | SepUpdateSinglePrivilegeFlagToken (_Inout_ PTOKEN Token, _In_ ULONG Index) |
| Updates the token's flags based upon the privilege that the token has been granted. The flag can either be taken out or given to the token if the attributes of the specified privilege is enabled or not. | |
| BOOLEAN NTAPI | SepTokenIsOwner (_In_ PACCESS_TOKEN _Token, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ BOOLEAN TokenLocked) |
| Checks if a token belongs to the main user, being the owner. | |
| VOID | SepUpdatePrivilegeFlagsToken (_Inout_ PTOKEN Token) |
| Updates the token's flags based upon the privilege that the token has been granted. The function uses the private helper, SepUpdateSinglePrivilegeFlagToken, in order to update the flags of a token. | |
| VOID | SepRemovePrivilegeToken (_Inout_ PTOKEN Token, _In_ ULONG Index) |
| Removes a privilege from the token. | |
| VOID | SepRemoveUserGroupToken (_Inout_ PTOKEN Token, _In_ ULONG Index) |
| Removes a group from the token. | |
| ULONG | SepComputeAvailableDynamicSpace (_In_ ULONG DynamicCharged, _In_ PSID PrimaryGroup, _In_opt_ PACL DefaultDacl) |
| Computes the exact available dynamic area of an access token whilst querying token statistics. | |
| NTSTATUS | SepRebuildDynamicPartOfToken (_Inout_ PTOKEN AccessToken, _In_ ULONG NewDynamicPartSize) |
| Re-builds the dynamic part area of an access token during an a default DACL or primary group replacement within the said token if the said dynamic area can't hold the new security content. | |
| VOID NTAPI | SepFreeProxyData (_Inout_ PVOID ProxyData) |
| Frees (de-allocates) the proxy data memory block of a token. | |
| NTSTATUS NTAPI | SepCopyProxyData (_Out_ PVOID *Dest, _In_ PVOID Src) |
| Copies the proxy data from the source into the destination of a token. | |
| NTSTATUS NTAPI | SeExchangePrimaryToken (_In_ PEPROCESS Process, _In_ PACCESS_TOKEN NewAccessToken, _Out_ PACCESS_TOKEN *OldAccessToken) |
| Replaces the old access token of a process (pointed by the EPROCESS kernel structure) with a new access token. The new access token must be a primary token for use. | |
| VOID NTAPI | SeDeassignPrimaryToken (_Inout_ PEPROCESS Process) |
| Removes the primary token of a process. | |
| ULONG | RtlLengthSidAndAttributes (_In_ ULONG Count, _In_ PSID_AND_ATTRIBUTES Src) |
| Computes the length size of a SID. | |
| NTSTATUS | SepFindPrimaryGroupAndDefaultOwner (_In_ PTOKEN Token, _In_ PSID PrimaryGroup, _In_opt_ PSID DefaultOwner, _Out_opt_ PULONG PrimaryGroupIndex, _Out_opt_ PULONG DefaultOwnerIndex) |
| Finds the primary group and default owner entity based on the submitted primary group instance and an access token. | |
| NTSTATUS NTAPI | SeSubProcessToken (_In_ PTOKEN ParentToken, _Out_ PTOKEN *Token, _In_ BOOLEAN InUse, _In_ ULONG SessionId) |
| Subtracts a token in exchange of duplicating a new one. | |
| NTSTATUS NTAPI | SeIsTokenChild (_In_ PTOKEN Token, _Out_ PBOOLEAN IsChild) |
| Checks if the token is a child of the other token of the current process that the calling thread is invoking this function. | |
| NTSTATUS NTAPI | SeIsTokenSibling (_In_ PTOKEN Token, _Out_ PBOOLEAN IsSibling) |
| Checks if the token is a sibling of the other token of the current process that the calling thread is invoking this function. | |
| NTSTATUS NTAPI | SeCopyClientToken (_In_ PACCESS_TOKEN Token, _In_ SECURITY_IMPERSONATION_LEVEL Level, _In_ KPROCESSOR_MODE PreviousMode, _Out_ PACCESS_TOKEN *NewToken) |
| Copies an existing access token (technically duplicating a new one). | |
| BOOLEAN NTAPI | SeTokenIsInert (_In_ PTOKEN Token) |
| Determines if a token is a sandbox inert token or not, based upon the token flags. | |
| VOID NTAPI | SepDeleteToken (_In_ PVOID ObjectBody) |
| Internal function that deals with access token object destruction and deletion. The function is used solely by the object manager mechanism that handles the life management of a token object. | |
| VOID NTAPI | SepInitializeTokenImplementation (VOID) |
| Internal function that initializes critical kernel data for access token implementation in SRM. | |
| VOID NTAPI | SeAssignPrimaryToken (_In_ PEPROCESS Process, _In_ PTOKEN Token) |
| Assigns a primary access token to a given process. | |
| VOID NTAPI | SeGetTokenControlInformation (_In_ PACCESS_TOKEN _Token, _Out_ PTOKEN_CONTROL TokenControl) |
| Retrieves token control information. | |
| PTOKEN NTAPI | SepCreateSystemProcessToken (VOID) |
| Creates the system process token. | |
| PTOKEN | SepCreateSystemAnonymousLogonToken (VOID) |
| Creates the anonymous logon token for the system. The difference between this token and the other one is the inclusion of everyone SID group (being SeWorldSid). The other token lacks such group. | |
| PTOKEN | SepCreateSystemAnonymousLogonTokenNoEveryone (VOID) |
| Creates the anonymous logon token for the system. This kind of token doesn't include the everyone SID group (being SeWorldSid). | |
| NTSTATUS NTAPI | SeQuerySessionIdToken (_In_ PACCESS_TOKEN Token, _Out_ PULONG pSessionId) |
| Queries the session ID of an access token. | |
| NTSTATUS NTAPI | SeQueryAuthenticationIdToken (_In_ PACCESS_TOKEN Token, _Out_ PLUID LogonId) |
| Queries the authentication ID of an access token. | |
| SECURITY_IMPERSONATION_LEVEL NTAPI | SeTokenImpersonationLevel (_In_ PACCESS_TOKEN Token) |
| Gathers the security impersonation level of an access token. | |
| TOKEN_TYPE NTAPI | SeTokenType (_In_ PACCESS_TOKEN Token) |
| Gathers the token type of an access token. A token ca be either a primary token or impersonation token. | |
| BOOLEAN NTAPI | SeTokenIsAdmin (_In_ PACCESS_TOKEN Token) |
| Determines if a token is either an admin token or not. Such condition is checked based upon TOKEN_HAS_ADMIN_GROUP flag, which means if the respective access token belongs to an administrator group or not. | |
| BOOLEAN NTAPI | SeTokenIsRestricted (_In_ PACCESS_TOKEN Token) |
| Determines if a token is restricted or not, based upon the token flags. | |
| BOOLEAN NTAPI | SeTokenIsWriteRestricted (_In_ PACCESS_TOKEN Token) |
| Determines if a token is write restricted, that is, nobody can write anything to it. | |
| BOOLEAN NTAPI | SeTokenCanImpersonate (_In_ PTOKEN ProcessToken, _In_ PTOKEN TokenToImpersonate, _In_ SECURITY_IMPERSONATION_LEVEL ImpersonationLevel) |
| Ensures that client impersonation can occur by checking if the token we're going to assign as the impersonation token can be actually impersonated in the first place. The routine is used primarily by PsImpersonateClient. | |
| NTSTATUS NTAPI | NtOpenThreadTokenEx (_In_ HANDLE ThreadHandle, _In_ ACCESS_MASK DesiredAccess, _In_ BOOLEAN OpenAsSelf, _In_ ULONG HandleAttributes, _Out_ PHANDLE TokenHandle) |
| Opens a token that is tied to a thread handle. | |
| NTSTATUS NTAPI | NtOpenThreadToken (_In_ HANDLE ThreadHandle, _In_ ACCESS_MASK DesiredAccess, _In_ BOOLEAN OpenAsSelf, _Out_ PHANDLE TokenHandle) |
| Opens a token that is tied to a thread handle. | |
| NTSTATUS NTAPI | NtCompareTokens (_In_ HANDLE FirstTokenHandle, _In_ HANDLE SecondTokenHandle, _Out_ PBOOLEAN Equal) |
| Compares tokens if they're equal or not. | |
| NTSTATUS NTAPI | NtImpersonateAnonymousToken (_In_ HANDLE ThreadHandle) |
| Allows the calling thread to impersonate the system's anonymous logon token. | |
Variables | |
| POBJECT_TYPE | SeTokenObjectType = NULL |
| TOKEN_SOURCE | SeSystemTokenSource = {"*SYSTEM*", {0}} |
| LUID | SeSystemAuthenticationId = SYSTEM_LUID |
| LUID | SeAnonymousAuthenticationId = ANONYMOUS_LOGON_LUID |
| static GENERIC_MAPPING | SepTokenMapping |
Macro Definition Documentation
◆ NDEBUG
Function Documentation
◆ NtCompareTokens()
| NTSTATUS NTAPI NtCompareTokens | ( | _In_ HANDLE | FirstTokenHandle, |
| _In_ HANDLE | SecondTokenHandle, | ||
| _Out_ PBOOLEAN | Equal | ||
| ) |
Compares tokens if they're equal or not.
- Parameters
-
[in] FirstToken The first token. [in] SecondToken The second token. [out] Equal The retrieved value which determines if the tokens are equal or not.
- Returns
- Returns STATUS_SUCCESS, otherwise it returns a failure NTSTATUS code.
Definition at line 2310 of file token.c.
2314{
2316 PTOKEN FirstToken, SecondToken;
2319
2320 PAGED_CODE();
2321
2323
2325 {
2326 _SEH2_TRY
2327 {
2328 ProbeForWriteBoolean(Equal);
2329 }
2331 {
2332 /* Return the exception code */
2334 }
2335 _SEH2_END;
2336 }
2337
2339 TOKEN_QUERY,
2340 SeTokenObjectType,
2341 PreviousMode,
2342 (PVOID*)&FirstToken,
2343 NULL);
2345 {
2348 }
2349
2351 TOKEN_QUERY,
2352 SeTokenObjectType,
2353 PreviousMode,
2354 (PVOID*)&SecondToken,
2355 NULL);
2357 {
2359 ObDereferenceObject(FirstToken);
2361 }
2362
2363 if (FirstToken != SecondToken)
2364 {
2366 SecondToken,
2367 &IsEqual);
2368 }
2369 else
2370 {
2372 }
2373
2374 ObDereferenceObject(SecondToken);
2375 ObDereferenceObject(FirstToken);
2376
2378 {
2379 _SEH2_TRY
2380 {
2381 *Equal = IsEqual;
2382 }
2384 {
2386 }
2387 _SEH2_END;
2388 }
2389
2391}
Definition: nsiface.idl:2307
static NTSTATUS SepCompareTokens(_In_ PTOKEN FirstToken, _In_ PTOKEN SecondToken, _Out_ PBOOLEAN Equal)
Compares tokens if they're equal based on all the following properties. If all of the said conditions...
Definition: token.c:243
NTSTATUS NTAPI ObReferenceObjectByHandle(IN HANDLE Handle, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, OUT PVOID *Object, OUT POBJECT_HANDLE_INFORMATION HandleInformation OPTIONAL)
Definition: obref.c:494
Definition: setypes.h:216
Referenced by START_TEST().
◆ NtImpersonateAnonymousToken()
Allows the calling thread to impersonate the system's anonymous logon token.
- Parameters
-
[in] ThreadHandle A handle to the thread to start the procedure of logon token impersonation. The thread must have the THREAD_IMPERSONATE access right.
- Returns
- Returns STATUS_SUCCESS if the thread has successfully impersonated the anonymous logon token, otherwise a failure NTSTATUS code is returned.
- Remarks
- By default the system gives the opportunity to the caller to impersonate the anonymous logon token without including the Everyone Group SID. In cases where the caller wants to impersonate the token including such group, the EveryoneIncludesAnonymous registry value setting has to be set to 1, from HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa registry path. The calling thread must invoke PsRevertToSelf when impersonation is no longer needed or RevertToSelf if the calling execution is done in user mode.
Definition at line 2419 of file token.c.
2421{
2425 PAGED_CODE();
2426
2428
2429 /* Obtain the thread object from the handle */
2431 THREAD_IMPERSONATE,
2432 PsThreadType,
2433 PreviousMode,
2435 NULL);
2437 {
2438 DPRINT1("NtImpersonateAnonymousToken(): Failed to reference the object (Status 0x%lx)\n", Status);
2440 }
2441
2442 /* Call the private routine to impersonate the token */
2445 {
2446 DPRINT1("NtImpersonateAnonymousToken(): Failed to impersonate the token (Status 0x%lx)\n", Status);
2447 }
2448
2451}
static NTSTATUS SepImpersonateAnonymousToken(_In_ PETHREAD Thread, _In_ KPROCESSOR_MODE PreviousMode)
Private function that impersonates the system's anonymous logon token. The major bulk of the imperson...
Definition: token.c:334
Definition: pstypes.h:1102
Referenced by ImpersonateAnonymousToken(), and START_TEST().
◆ NtOpenThreadToken()
| NTSTATUS NTAPI NtOpenThreadToken | ( | _In_ HANDLE | ThreadHandle, |
| _In_ ACCESS_MASK | DesiredAccess, | ||
| _In_ BOOLEAN | OpenAsSelf, | ||
| _Out_ PHANDLE | TokenHandle | ||
| ) |
Opens a token that is tied to a thread handle.
- Parameters
-
[out] ThreadHandle Thread handle where the token is about to be opened. [in] DesiredAccess The request access right for the token. [in] OpenAsSelf If set to TRUE, the access check will be made with the security context of the process of the calling thread (opening as self). Otherwise the access check will be made with the security context of the calling thread instead. [out] TokenHandle The opened token handle returned to the caller for use.
- Returns
- See NtOpenThreadTokenEx.
Definition at line 2281 of file token.c.
2286{
2288 TokenHandle);
2289}
NTSTATUS NTAPI NtOpenThreadTokenEx(_In_ HANDLE ThreadHandle, _In_ ACCESS_MASK DesiredAccess, _In_ BOOLEAN OpenAsSelf, _In_ ULONG HandleAttributes, _Out_ PHANDLE TokenHandle)
Opens a token that is tied to a thread handle.
Definition: token.c:2079
_Must_inspect_result_ _In_ WDFDEVICE _In_ ULONG _In_ ACCESS_MASK DesiredAccess
Definition: wdfdevice.h:2658
Referenced by BaseGetNamedObjectDirectory(), CheckTokenMembership(), CreateProcessAsUserCommon(), CsrGetProcessLuid(), GetCallerLuid(), LsarSetSecurityObject(), NpGetUserNamep(), OpenThreadToken(), RSetServiceObjectSecurity(), RtlDefaultNpAcl(), RtlNewSecurityGrantedAccess(), RtlpGetImpersonationToken(), and START_TEST().
◆ NtOpenThreadTokenEx()
| NTSTATUS NTAPI NtOpenThreadTokenEx | ( | _In_ HANDLE | ThreadHandle, |
| _In_ ACCESS_MASK | DesiredAccess, | ||
| _In_ BOOLEAN | OpenAsSelf, | ||
| _In_ ULONG | HandleAttributes, | ||
| _Out_ PHANDLE | TokenHandle | ||
| ) |
Opens a token that is tied to a thread handle.
- Parameters
-
[out] ThreadHandle Thread handle where the token is about to be opened. [in] DesiredAccess The request access right for the token. [in] OpenAsSelf If set to TRUE, the access check will be made with the security context of the process of the calling thread (opening as self). Otherwise the access check will be made with the security context of the calling thread instead. [in] HandleAttributes Handle attributes for the opened thread token handle. [out] TokenHandle The opened token handle returned to the caller for use.
- Returns
- Returns STATUS_SUCCESS if the function has successfully opened the thread token. STATUS_CANT_OPEN_ANONYMOUS is returned if a token has SecurityAnonymous as impersonation level and we cannot open it. A failure NTSTATUS code is returned otherwise.
Definition at line 2079 of file token.c.
2085{
2087 HANDLE hToken;
2098
2099 PAGED_CODE();
2100
2102
2104 {
2105 _SEH2_TRY
2106 {
2108 }
2110 {
2111 /* Return the exception code */
2113 }
2114 _SEH2_END;
2115 }
2116
2117 /* Validate object attributes */
2119
2120 /*
2121 * At first open the thread token for information access and verify
2122 * that the token associated with thread is valid.
2123 */
2124
2127 NULL);
2129 {
2131 }
2132
2134 &ImpersonationLevel);
2136 {
2139 }
2140
2142 {
2146 }
2147
2148 /*
2149 * Revert to self if OpenAsSelf is specified.
2150 */
2151
2153 {
2155 &ImpersonationState);
2156 }
2157
2159 {
2161
2163
2165
2167 {
2169 {
2171 SECURITY_DESCRIPTOR_REVISION);
2173 {
2174 DPRINT1("NtOpenThreadTokenEx(): Failed to create a security descriptor (Status 0x%lx)\n", Status);
2175 }
2176
2178 FALSE);
2180 {
2181 DPRINT1("NtOpenThreadTokenEx(): Failed to set a DACL to the security descriptor (Status 0x%lx)\n", Status);
2182 }
2183 }
2184
2187
2190 KernelMode, &NewToken);
2192 {
2194 }
2195
2196 ObReferenceObject(NewToken);
2198 &hToken);
2200 {
2202 }
2203 }
2204 else
2205 {
2206 DPRINT1("NtOpenThreadTokenEx(): Failed to impersonate token from DACL (Status 0x%lx)\n", Status);
2207 }
2208 }
2209 else
2210 {
2213 PreviousMode, &hToken);
2215 {
2217 }
2218 }
2219
2221
2222 if (RestoreImpersonation)
2223 {
2225 }
2226
2228
2230 {
2233 {
2235 }
2236 }
2237
2239
2241
2243 {
2244 _SEH2_TRY
2245 {
2246 *TokenHandle = hToken;
2247 }
2249 {
2251 }
2252 _SEH2_END;
2253 }
2254
2256}
Definition: tokenizer.hpp:28
NTSYSAPI NTSTATUS WINAPI RtlSetDaclSecurityDescriptor(PSECURITY_DESCRIPTOR, BOOLEAN, PACL, BOOLEAN)
enum _SECURITY_IMPERSONATION_LEVEL SECURITY_IMPERSONATION_LEVEL
_In_ HANDLE _In_opt_ HANDLE _Out_opt_ PHANDLE _In_ ACCESS_MASK _In_ ULONG HandleAttributes
Definition: obfuncs.h:433
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL Dacl
Definition: rtlfuncs.h:1593
NTSYSAPI NTSTATUS NTAPI RtlCreateSecurityDescriptor(_Out_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ ULONG Revision)
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN EffectiveOnly
Definition: sefuncs.h:403
NTSTATUS NTAPI SepDuplicateToken(_In_ PTOKEN Token, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ BOOLEAN EffectiveOnly, _In_ TOKEN_TYPE TokenType, _In_ SECURITY_IMPERSONATION_LEVEL Level, _In_ KPROCESSOR_MODE PreviousMode, _Out_ PTOKEN *NewAccessToken)
Duplicates an access token, from an existing valid token.
Definition: tokenlif.c:471
NTSTATUS NTAPI SepCreateImpersonationTokenDacl(_In_ PTOKEN Token, _In_ PTOKEN PrimaryToken, _Out_ PACL *Dacl)
Allocates a discretionary access control list based on certain properties of a regular and primary ac...
Definition: acl.c:277
BOOLEAN NTAPI PsDisableImpersonation(IN PETHREAD Thread, OUT PSE_IMPERSONATION_STATE ImpersonationState)
Definition: security.c:915
VOID NTAPI PsRestoreImpersonation(IN PETHREAD Thread, IN PSE_IMPERSONATION_STATE ImpersonationState)
Definition: security.c:965
PACCESS_TOKEN NTAPI PsReferencePrimaryToken(PEPROCESS Process)
Definition: security.c:440
PACCESS_TOKEN NTAPI PsReferenceImpersonationToken(IN PETHREAD Thread, OUT PBOOLEAN CopyOnOpen, OUT PBOOLEAN EffectiveOnly, OUT PSECURITY_IMPERSONATION_LEVEL ImpersonationLevel)
Definition: security.c:849
NTSTATUS NTAPI PsImpersonateClient(IN PETHREAD Thread, IN PACCESS_TOKEN Token, IN BOOLEAN CopyOnOpen, IN BOOLEAN EffectiveOnly, IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel)
Definition: security.c:610
VOID FASTCALL ObFastDereferenceObject(IN PEX_FAST_REF FastRef, IN PVOID Object)
Definition: obref.c:167
FORCEINLINE ULONG ObpValidateAttributes(IN ULONG Attributes, IN KPROCESSOR_MODE PreviousMode)
Definition: ob_x.h:22
NTSTATUS NTAPI ObInsertObject(IN PVOID Object, IN PACCESS_STATE AccessState OPTIONAL, IN ACCESS_MASK DesiredAccess, IN ULONG ObjectPointerBias, OUT PVOID *NewObject OPTIONAL, OUT PHANDLE Handle)
Definition: obhandle.c:2935
NTSTATUS NTAPI ObOpenObjectByPointer(IN PVOID Object, IN ULONG HandleAttributes, IN PACCESS_STATE PassedAccessState, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, OUT PHANDLE Handle)
Definition: obhandle.c:2742
Definition: ms-dtyp.idl:293
Definition: umtypes.h:182
Definition: ms-dtyp.idl:301
Definition: setypes.h:115
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:191
_Out_ PBOOLEAN _Out_ PBOOLEAN _Out_ PSECURITY_IMPERSONATION_LEVEL ImpersonationLevel
Definition: psfuncs.h:156
Referenced by NtOpenThreadToken(), and START_TEST().
◆ RtlLengthSidAndAttributes()
| ULONG RtlLengthSidAndAttributes | ( | _In_ ULONG | Count, |
| _In_ PSID_AND_ATTRIBUTES | Src | ||
| ) |
Computes the length size of a SID.
- Parameters
-
[in] Count Total count of entries that have SIDs in them (that being PSID_AND_ATTRIBUTES in this context). [in] Src Source that points to the attributes and SID entry structure.
- Returns
- Returns the total length of a SID size.
Definition at line 965 of file token.c.
968{
970 ULONG uLength;
971
972 PAGED_CODE();
973
977
978 return uLength;
979}
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
struct _SID_AND_ATTRIBUTES SID_AND_ATTRIBUTES
Referenced by NtQueryInformationToken(), SepPerformTokenFiltering(), and SeQueryInformationToken().
◆ SeAssignPrimaryToken()
Assigns a primary access token to a given process.
- Parameters
-
[in] Process Process where the token is about to be assigned. [in] Token The token to be assigned.
- Returns
- Nothing.
Definition at line 1440 of file token.c.
1443{
1444 PAGED_CODE();
1445
1446 /* Sanity checks */
1449
1450 /* Clean any previous token */
1452
1453 /* Set the new token */
1457}
_Must_inspect_result_ _In_ PLARGE_INTEGER _In_ PLARGE_INTEGER _In_ ULONG _In_ PFILE_OBJECT _In_ PVOID Process
Definition: fsrtlfuncs.h:223
VOID NTAPI SeDeassignPrimaryToken(_Inout_ PEPROCESS Process)
Removes the primary token of a process.
Definition: token.c:936
VOID FASTCALL ObInitializeFastReference(IN PEX_FAST_REF FastRef, IN PVOID Object)
Definition: obref.c:107
◆ SeCopyClientToken()
| NTSTATUS NTAPI SeCopyClientToken | ( | _In_ PACCESS_TOKEN | Token, |
| _In_ SECURITY_IMPERSONATION_LEVEL | Level, | ||
| _In_ KPROCESSOR_MODE | PreviousMode, | ||
| _Out_ PACCESS_TOKEN * | NewToken | ||
| ) |
Copies an existing access token (technically duplicating a new one).
- Parameters
-
[in] Token Token to copy. [in] Level Impersonation security level to assign to the newly copied token. [in] PreviousMode Processor request level mode. [out] NewToken The newly copied token.
- Returns
- Returns STATUS_SUCCESS when token copying has finished successfully. A failure NTSTATUS code is returned otherwise.
Definition at line 1296 of file token.c.
1301{
1304
1305 PAGED_CODE();
1306
1308 NULL,
1309 0,
1310 NULL,
1311 NULL);
1312
1314 &ObjectAttributes,
1315 FALSE,
1316 TokenImpersonation,
1317 Level,
1318 PreviousMode,
1319 (PTOKEN*)NewToken);
1320
1322}
Referenced by PsImpersonateClient(), and SepCreateClientSecurity().
◆ SeDeassignPrimaryToken()
Removes the primary token of a process.
- Parameters
-
[in,out] Process The process instance with the access token to be removed.
- Returns
- Nothing.
Definition at line 936 of file token.c.
938{
939 PTOKEN OldToken;
940
941 /* Remove the Token */
943
944 /* Mark the Old Token as free */
946
947 /* Dereference the Token */
948 ObDereferenceObject(OldToken);
949}
PVOID FASTCALL ObFastReplaceObject(IN PEX_FAST_REF FastRef, IN PVOID Object)
Referenced by PspDeleteProcessSecurity(), and SeAssignPrimaryToken().
◆ SeExchangePrimaryToken()
| NTSTATUS NTAPI SeExchangePrimaryToken | ( | _In_ PEPROCESS | Process, |
| _In_ PACCESS_TOKEN | NewAccessToken, | ||
| _Out_ PACCESS_TOKEN * | OldAccessToken | ||
| ) |
Replaces the old access token of a process (pointed by the EPROCESS kernel structure) with a new access token. The new access token must be a primary token for use.
- Parameters
-
[in] Process The process instance where its access token is about to be replaced. [in] NewAccessToken The new token that it's going to replace the old one. [out] OldAccessToken The returned old token that's been replaced, which the caller can do anything.
- Returns
- Returns STATUS_SUCCESS if the exchange operation between tokens has completed successfully. STATUS_BAD_TOKEN_TYPE is returned if the new token is not a primary one so that we cannot exchange it with the old one from the process. STATUS_TOKEN_ALREADY_IN_USE is returned if both tokens aren't equal which means one of them has different properties (groups, privileges, etc.) and as such one of them is currently in use. A failure NTSTATUS code is returned otherwise.
Definition at line 846 of file token.c.
850{
851 PTOKEN OldToken;
853
854 PAGED_CODE();
855
858
860 {
863
864 /* Maybe we're trying to set the same token */
866 if (OldToken == NewToken)
867 {
868 /* So it's a nop. */
869 *OldAccessToken = OldToken;
871 }
872
875 {
876 PsDereferencePrimaryToken(OldToken);
877 *OldAccessToken = NULL;
879 }
880
882 {
883 PsDereferencePrimaryToken(OldToken);
884 *OldAccessToken = NULL;
886 }
887 /* Silently return STATUS_SUCCESS but do not set the new token,
888 * as it's already in use elsewhere. */
889 *OldAccessToken = OldToken;
891 }
892
893 /* Lock the new token */
894 SepAcquireTokenLockExclusive(NewToken);
895
896 /* Mark new token in use */
898
899 /* Set the session ID for the new token */
901
902 /* Unlock the new token */
903 SepReleaseTokenLock(NewToken);
904
905 /* Reference the new token */
906 ObReferenceObject(NewToken);
907
908 /* Replace the old with the new */
910
911 /* Lock the old token */
912 SepAcquireTokenLockExclusive(OldToken);
913
914 /* Mark the old token as free */
916
917 /* Unlock the old token */
918 SepReleaseTokenLock(OldToken);
919
920 *OldAccessToken = (PACCESS_TOKEN)OldToken;
922}
struct _TOKEN * PTOKEN
Referenced by PspAssignPrimaryToken().
◆ SeGetTokenControlInformation()
| VOID NTAPI SeGetTokenControlInformation | ( | _In_ PACCESS_TOKEN | _Token, |
| _Out_ PTOKEN_CONTROL | TokenControl | ||
| ) |
Retrieves token control information.
- Parameters
-
[in] _Token A valid token object. [out] SecurityDescriptor The returned token control information.
- Returns
- Nothing.
Definition at line 1474 of file token.c.
1477{
1479 PAGED_CODE();
1480
1481 /* Capture the main fields */
1482 TokenControl->AuthenticationId = Token->AuthenticationId;
1483 TokenControl->TokenId = Token->TokenId;
1484 TokenControl->TokenSource = Token->TokenSource;
1485
1486 /* Lock the token */
1488
1489 /* Capture the modified ID */
1490 TokenControl->ModifiedId = Token->ModifiedId;
1491
1492 /* Unlock it */
1494}
Referenced by SepCreateClientSecurity().
◆ SeIsTokenChild()
Checks if the token is a child of the other token of the current process that the calling thread is invoking this function.
- Parameters
-
[in] Token An access token to determine if it's a child or not. [out] IsChild The returned boolean result.
- Returns
- Returns STATUS_SUCCESS when the function finishes its operation. STATUS_UNSUCCESSFUL is returned if primary token of the current calling process couldn't be referenced otherwise.
Definition at line 1187 of file token.c.
1190{
1191 PTOKEN ProcessToken;
1192 LUID ProcessTokenId, CallerParentId;
1193
1194 /* Assume failure */
1196
1197 /* Reference the process token */
1199 if (!ProcessToken)
1201
1202 /* Get its token ID */
1203 ProcessTokenId = ProcessToken->TokenId;
1204
1205 /* Dereference the token */
1207
1208 /* Get our parent token ID */
1209 CallerParentId = Token->ParentTokenId;
1210
1211 /* Compare the token IDs */
1214
1215 /* Return success */
1217}
Definition: devicetopology.idl:137
BOOL WINAPI IsChild(_In_ HWND, _In_ HWND)
Referenced by PspSetPrimaryToken().
◆ SeIsTokenSibling()
Checks if the token is a sibling of the other token of the current process that the calling thread is invoking this function.
- Parameters
-
[in] Token An access token to determine if it's a sibling or not. [out] IsSibling The returned boolean result.
- Returns
- Returns STATUS_SUCCESS when the function finishes its operation. STATUS_UNSUCCESSFUL is returned if primary token of the current calling process couldn't be referenced otherwise.
Definition at line 1236 of file token.c.
1239{
1240 PTOKEN ProcessToken;
1241 LUID ProcessParentId, ProcessAuthId;
1242 LUID CallerParentId, CallerAuthId;
1243
1244 /* Assume failure */
1245 *IsSibling = FALSE;
1246
1247 /* Reference the process token */
1249 if (!ProcessToken)
1251
1252 /* Get its parent and authentication IDs */
1253 ProcessParentId = ProcessToken->ParentTokenId;
1254 ProcessAuthId = ProcessToken->AuthenticationId;
1255
1256 /* Dereference the token */
1258
1259 /* Get our parent and authentication IDs */
1260 CallerParentId = Token->ParentTokenId;
1261 CallerAuthId = Token->AuthenticationId;
1262
1263 /* Compare the token IDs */
1265 RtlEqualLuid(&CallerAuthId, &ProcessAuthId))
1266 {
1267 *IsSibling = TRUE;
1268 }
1269
1270 /* Return success */
1272}
Referenced by PspSetPrimaryToken().
◆ SepComparePrivilegeAndAttributesFromTokens()
|
static |
Compares the elements of privilege arrays provided by tokens. The elements that are being compared for equality are the privileges and their attributes.
- Parameters
-
[in] PrivArrayToken1 Privilege array from the first token. [in] CountPrivArray1 Privilege count array from the first token. [in] PrivArrayToken2 Privilege array from the second token. [in] CountPrivArray2 Privilege count array from the second token.
- Returns
- Returns TRUE if the elements match from either arrays, FALSE otherwise.
Definition at line 174 of file token.c.
179{
180 ULONG FirstCount, SecondCount;
181 PLUID_AND_ATTRIBUTES FirstPrivArray, SecondPrivArray;
182 PAGED_CODE();
183
184 /* Bail out if index counters provided are not equal */
185 if (CountPrivArray1 != CountPrivArray2)
186 {
189 }
190
191 /* Loop over the privilege arrays and compare them */
192 for (FirstCount = 0; FirstCount < CountPrivArray1; FirstCount++)
193 {
194 for (SecondCount = 0; SecondCount < CountPrivArray2; SecondCount++)
195 {
196 FirstPrivArray = &PrivArrayToken1[FirstCount];
197 SecondPrivArray = &PrivArrayToken2[SecondCount];
198
201 {
202 break;
203 }
204 }
205
206 /* We've exhausted the array of the second token without finding this one */
207 if (SecondCount == CountPrivArray2)
208 {
209 DPRINT("SepComparePrivilegeAndAttributesFromTokens(): No matching elements could be found in either token!\n");
211 }
212 }
213
215}
Definition: setypes.h:73
Referenced by SepCompareTokens().
◆ SepCompareSidAndAttributesFromTokens()
|
static |
Compares the elements of SID arrays provided by tokens. The elements that are being compared for equality are the SIDs and their attributes.
- Parameters
-
[in] SidArrayToken1 SID array from the first token. [in] CountSidArray1 SID count array from the first token. [in] SidArrayToken2 SID array from the second token. [in] CountSidArray2 SID count array from the second token.
- Returns
- Returns TRUE if the elements match from either arrays, FALSE otherwise.
Definition at line 107 of file token.c.
112{
113 ULONG FirstCount, SecondCount;
114 PSID_AND_ATTRIBUTES FirstSidArray, SecondSidArray;
115 PAGED_CODE();
116
117 /* Bail out if index counters provided are not equal */
118 if (CountSidArray1 != CountSidArray2)
119 {
122 }
123
124 /* Loop over the SID arrays and compare them */
125 for (FirstCount = 0; FirstCount < CountSidArray1; FirstCount++)
126 {
127 for (SecondCount = 0; SecondCount < CountSidArray2; SecondCount++)
128 {
129 FirstSidArray = &SidArrayToken1[FirstCount];
130 SecondSidArray = &SidArrayToken2[SecondCount];
131
134 {
135 break;
136 }
137 }
138
139 /* We've exhausted the array of the second token without finding this one */
140 if (SecondCount == CountSidArray2)
141 {
142 DPRINT("SepCompareSidAndAttributesFromTokens(): No matching elements could be found in either token!\n");
144 }
145 }
146
148}
NTSYSAPI BOOLEAN NTAPI RtlEqualSid(_In_ PSID Sid1, _In_ PSID Sid2)
Definition: setypes.h:502
Referenced by SepCompareTokens().
◆ SepCompareTokens()
|
static |
Compares tokens if they're equal based on all the following properties. If all of the said conditions are met then the tokens are deemed as equal.
- Every SID that is present in either token is also present in the other one.
- Both or none of the tokens are restricted.
- If both tokens are restricted, every SID that is restricted in either token is also restricted in the other one.
- Every privilege present in either token is also present in the other one.
- Parameters
-
[in] FirstToken The first token. [in] SecondToken The second token. [out] Equal The retrieved value which determines if the tokens are equal or not.
- Returns
- Returns STATUS_SUCCESS.
Definition at line 243 of file token.c.
247{
249 PAGED_CODE();
250
251 ASSERT(FirstToken != SecondToken);
252
253 /* Lock the tokens */
254 SepAcquireTokenLockShared(FirstToken);
255 SepAcquireTokenLockShared(SecondToken);
256
257 /* Check if every SID that is present in either token is also present in the other one */
259 FirstToken->UserAndGroupCount,
260 SecondToken->UserAndGroups,
261 SecondToken->UserAndGroupCount))
262 {
263 goto Quit;
264 }
265
266 /* Is one token restricted but the other isn't? */
269 {
270 /* If that's the case then bail out */
271 goto Quit;
272 }
273
274 /*
275 * If both tokens are restricted check if every SID
276 * that is restricted in either token is also restricted
277 * in the other one.
278 */
280 {
282 FirstToken->RestrictedSidCount,
283 SecondToken->RestrictedSids,
284 SecondToken->RestrictedSidCount))
285 {
286 goto Quit;
287 }
288 }
289
290 /* Check if every privilege present in either token is also present in the other one */
292 FirstToken->PrivilegeCount,
293 SecondToken->Privileges,
294 SecondToken->PrivilegeCount))
295 {
296 goto Quit;
297 }
298
299 /* If we're here then the tokens are equal */
302
303Quit:
304 /* Unlock the tokens */
305 SepReleaseTokenLock(SecondToken);
306 SepReleaseTokenLock(FirstToken);
307
308 *Equal = IsEqual;
310}
static BOOLEAN SepComparePrivilegeAndAttributesFromTokens(_In_ PLUID_AND_ATTRIBUTES PrivArrayToken1, _In_ ULONG CountPrivArray1, _In_ PLUID_AND_ATTRIBUTES PrivArrayToken2, _In_ ULONG CountPrivArray2)
Compares the elements of privilege arrays provided by tokens. The elements that are being compared fo...
Definition: token.c:174
BOOLEAN NTAPI SeTokenIsRestricted(_In_ PACCESS_TOKEN Token)
Determines if a token is restricted or not, based upon the token flags.
Definition: token.c:1913
static BOOLEAN SepCompareSidAndAttributesFromTokens(_In_ PSID_AND_ATTRIBUTES SidArrayToken1, _In_ ULONG CountSidArray1, _In_ PSID_AND_ATTRIBUTES SidArrayToken2, _In_ ULONG CountSidArray2)
Compares the elements of SID arrays provided by tokens. The elements that are being compared for equa...
Definition: token.c:107
Referenced by NtCompareTokens(), and SeExchangePrimaryToken().
◆ SepComputeAvailableDynamicSpace()
| ULONG SepComputeAvailableDynamicSpace | ( | _In_ ULONG | DynamicCharged, |
| _In_ PSID | PrimaryGroup, | ||
| _In_opt_ PACL | DefaultDacl | ||
| ) |
Computes the exact available dynamic area of an access token whilst querying token statistics.
- Parameters
-
[in] DynamicCharged The current charged dynamic area of an access token. This must not be 0! [in] PrimaryGroup A pointer to a primary group SID. [in] DefaultDacl If provided, this pointer points to a default DACL of an access token.
- Returns
- Returns the calculated available dynamic area.
Definition at line 659 of file token.c.
663{
664 ULONG DynamicAvailable;
665
666 PAGED_CODE();
667
668 /* A token's dynamic area is always charged */
669 ASSERT(DynamicCharged != 0);
670
671 /*
672 * Take into account the default DACL if
673 * the token has one. Otherwise the occupied
674 * space is just the present primary group.
675 */
677 if (DefaultDacl)
678 {
679 DynamicAvailable -= DefaultDacl->AclSize;
680 }
681
682 return DynamicAvailable;
683}
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ SaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ OwnerSize PSID _Inout_ PULONG _Out_writes_bytes_to_opt_ PrimaryGroupSize PSID PrimaryGroup
Definition: rtlfuncs.h:1599
Referenced by NtQueryInformationToken(), and SeQueryInformationToken().
◆ SepCopyProxyData()
Copies the proxy data from the source into the destination of a token.
@unimplemented
- Parameters
-
[out] Dest The destination path where the proxy data is to be copied to. [in] Src The source path where the proxy data is be copied from.
- Returns
- To be added...
◆ SepCreateSystemAnonymousLogonToken()
Creates the anonymous logon token for the system. The difference between this token and the other one is the inclusion of everyone SID group (being SeWorldSid). The other token lacks such group.
- Returns
- Returns the system's anonymous logon token if the operations have completed successfully.
Definition at line 1657 of file token.c.
1658{
1659 SID_AND_ATTRIBUTES Groups[32], UserSid;
1662 ULONG GroupsLength;
1663 LARGE_INTEGER Expiration;
1666
1667 /* The token never expires */
1668 Expiration.QuadPart = -1;
1669
1670 /* The user is the anonymous logon */
1672 UserSid.Attributes = 0;
1673
1674 /* The primary group is also the anonymous logon */
1676
1677 /* The only group for the token is the World */
1683
1684 /* Initialise the object attributes for the token */
1687
1688 /* Create token */
1690 KernelMode,
1691 0,
1692 &ObjectAttributes,
1693 TokenPrimary,
1694 SecurityAnonymous,
1695 &SeAnonymousAuthenticationId,
1696 &Expiration,
1697 &UserSid,
1698 1,
1699 Groups,
1700 GroupsLength,
1701 0,
1702 NULL,
1703 NULL,
1704 PrimaryGroup,
1706 &SeSystemTokenSource,
1707 TRUE);
1709
1710 /* Return the anonymous logon token */
1712}
NTSTATUS NTAPI SepCreateToken(_Out_ PHANDLE TokenHandle, _In_ KPROCESSOR_MODE PreviousMode, _In_ ACCESS_MASK DesiredAccess, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ TOKEN_TYPE TokenType, _In_ SECURITY_IMPERSONATION_LEVEL ImpersonationLevel, _In_ PLUID AuthenticationId, _In_ PLARGE_INTEGER ExpirationTime, _In_ PSID_AND_ATTRIBUTES User, _In_ ULONG GroupCount, _In_ PSID_AND_ATTRIBUTES Groups, _In_ ULONG GroupsLength, _In_ ULONG PrivilegeCount, _In_ PLUID_AND_ATTRIBUTES Privileges, _In_opt_ PSID Owner, _In_ PSID PrimaryGroup, _In_opt_ PACL DefaultDacl, _In_ PTOKEN_SOURCE TokenSource, _In_ BOOLEAN SystemToken)
Internal function responsible for access token object creation in the kernel. A fully created token o...
Definition: tokenlif.c:97
Definition: ms-dtyp.idl:198
Definition: typedefs.h:103
Referenced by SepInitializationPhase0().
◆ SepCreateSystemAnonymousLogonTokenNoEveryone()
Creates the anonymous logon token for the system. This kind of token doesn't include the everyone SID group (being SeWorldSid).
- Returns
- Returns the system's anonymous logon token if the operations have completed successfully.
Definition at line 1725 of file token.c.
1726{
1727 SID_AND_ATTRIBUTES UserSid;
1730 LARGE_INTEGER Expiration;
1733
1734 /* The token never expires */
1735 Expiration.QuadPart = -1;
1736
1737 /* The user is the anonymous logon */
1739 UserSid.Attributes = 0;
1740
1741 /* The primary group is also the anonymous logon */
1743
1744 /* Initialise the object attributes for the token */
1747
1748 /* Create token */
1750 KernelMode,
1751 0,
1752 &ObjectAttributes,
1753 TokenPrimary,
1754 SecurityAnonymous,
1755 &SeAnonymousAuthenticationId,
1756 &Expiration,
1757 &UserSid,
1758 0,
1759 NULL,
1760 0,
1761 0,
1762 NULL,
1763 NULL,
1764 PrimaryGroup,
1766 &SeSystemTokenSource,
1767 TRUE);
1769
1770 /* Return the anonymous (not including everyone) logon token */
1772}
Referenced by SepInitializationPhase0().
◆ SepCreateSystemProcessToken()
Creates the system process token.
- Returns
- Returns the system process token if the operations have completed successfully.
Definition at line 1507 of file token.c.
1508{
1510 ULONG GroupAttributes, OwnerAttributes;
1511 SID_AND_ATTRIBUTES Groups[32];
1512 LARGE_INTEGER Expiration;
1513 SID_AND_ATTRIBUTES UserSid;
1514 ULONG GroupsLength;
1521
1522 /* Don't ever expire */
1523 Expiration.QuadPart = -1;
1524
1525 /* All groups mandatory and enabled */
1528
1529 /* User is Local System */
1531 UserSid.Attributes = 0;
1532
1533 /* Primary group is Local System */
1535
1536 /* Owner is Administrators */
1538
1539 /* Groups are Administrators, World, and Authenticated Users */
1541 Groups[0].Attributes = OwnerAttributes;
1543 Groups[1].Attributes = GroupAttributes;
1545 Groups[2].Attributes = GroupAttributes;
1551
1552 /* Setup the privileges */
1553 i = 0;
1556
1559
1562
1565
1568
1571
1574
1577
1580
1583
1586
1589
1592
1595
1598
1601
1604
1607
1610
1614
1615 /* Setup the object attributes */
1618
1619 /* Create the token */
1621 KernelMode,
1622 0,
1623 &ObjectAttributes,
1624 TokenPrimary,
1625 SecurityAnonymous,
1626 &SeSystemAuthenticationId,
1627 &Expiration,
1628 &UserSid,
1629 3,
1630 Groups,
1631 GroupsLength,
1632 20,
1633 Privileges,
1634 Owner,
1635 PrimaryGroup,
1636 SeSystemDefaultDacl,
1637 &SeSystemTokenSource,
1638 TRUE);
1640
1641 /* Return the token */
1643}
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ SaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ OwnerSize PSID Owner
Definition: rtlfuncs.h:1597
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET * Privileges
Definition: sefuncs.h:17
Referenced by SepInitializationPhase0().
◆ SepCreateTokenLock()
Creates a lock for the token.
- Returns
- STATUS_SUCCESS if the pool allocation and resource initialisation have completed successfully, otherwise STATUS_INSUFFICIENT_RESOURCES on a pool allocation failure.
Definition at line 45 of file token.c.
Referenced by SepCreateToken(), SepDuplicateToken(), and SepPerformTokenFiltering().
◆ SepDeleteToken()
Internal function that deals with access token object destruction and deletion. The function is used solely by the object manager mechanism that handles the life management of a token object.
- Parameters
-
[in] ObjectBody The object body that represents an access token object.
- Returns
- Nothing.
Definition at line 1359 of file token.c.
1361{
1364
1366
1367 /* Remove the referenced logon session from token */
1369 {
1372 {
1373 /* Something seriously went wrong */
1374 DPRINT1("SepDeleteToken(): Failed to remove the logon session from token (Status: 0x%lx)\n", Status);
1375 return;
1376 }
1377 }
1378
1379 /* Dereference the logon session */
1382
1383 /* Delete the token lock */
1385 SepDeleteTokenLock(AccessToken);
1386
1387 /* Delete the dynamic information area */
1390}
NTSTATUS NTAPI SepRmRemoveLogonSessionFromToken(_Inout_ PTOKEN Token)
Removes a logon session from an access token.
Definition: srm.c:449
NTSTATUS SepRmDereferenceLogonSession(_Inout_ PLUID LogonLuid)
Referenced by SepInitializeTokenImplementation().
◆ SepDeleteTokenLock()
Deletes a lock of a token.
- Returns
- Nothing.
Definition at line 74 of file token.c.
Referenced by SepDeleteToken().
◆ SepFindPrimaryGroupAndDefaultOwner()
| NTSTATUS SepFindPrimaryGroupAndDefaultOwner | ( | _In_ PTOKEN | Token, |
| _In_ PSID | PrimaryGroup, | ||
| _In_opt_ PSID | DefaultOwner, | ||
| _Out_opt_ PULONG | PrimaryGroupIndex, | ||
| _Out_opt_ PULONG | DefaultOwnerIndex | ||
| ) |
Finds the primary group and default owner entity based on the submitted primary group instance and an access token.
- Parameters
-
[in] Token Access token to begin the search query of primary group and default owner. [in] PrimaryGroup A primary group SID to be used for search query, determining if user & groups of a token and the submitted primary group do match. [in] DefaultOwner The default owner. If specified, it's used to determine if the token belongs to the actual user, that is, being the owner himself. [out] PrimaryGroupIndex Returns the primary group index. [out] DefaultOwnerIndex Returns the default owner index.
- Returns
- Returns STATUS_SUCCESS if the find query operation has completed successfully and that at least one search result is requested by the caller. STATUS_INVALID_PARAMETER is returned if the caller hasn't requested any search result. STATUS_INVALID_OWNER is returned if the specified default user owner does not match with the other user from the token. STATUS_INVALID_PRIMARY_GROUP is returned if the specified default primary group does not match with the other group from the token.
Definition at line 1011 of file token.c.
1017{
1019
1020 /* We should return at least a search result */
1021 if (!PrimaryGroupIndex && !DefaultOwnerIndex)
1023
1024 if (PrimaryGroupIndex)
1025 {
1026 /* Initialize with an invalid index */
1027 // Token->PrimaryGroup = NULL;
1028 *PrimaryGroupIndex = Token->UserAndGroupCount;
1029 }
1030
1031 if (DefaultOwnerIndex)
1032 {
1033 if (DefaultOwner)
1034 {
1035 /* An owner is specified: check whether this is actually the user */
1037 {
1038 /*
1039 * It's the user (first element in array): set it
1040 * as the owner and stop the search for it.
1041 */
1042 *DefaultOwnerIndex = 0;
1043 DefaultOwnerIndex = NULL;
1044 }
1045 else
1046 {
1047 /* An owner is specified: initialize with an invalid index */
1048 *DefaultOwnerIndex = Token->UserAndGroupCount;
1049 }
1050 }
1051 else
1052 {
1053 /*
1054 * No owner specified: set the user (first element in array)
1055 * as the owner and stop the search for it.
1056 */
1057 *DefaultOwnerIndex = 0;
1058 DefaultOwnerIndex = NULL;
1059 }
1060 }
1061
1062 /* Validate and set the primary group and default owner indices */
1064 {
1065 /* Stop the search if we have found what we searched for */
1066 if (!PrimaryGroupIndex && !DefaultOwnerIndex)
1067 break;
1068
1069 if (DefaultOwnerIndex && DefaultOwner &&
1072 {
1073 /* Owner is found, stop the search for it */
1074 *DefaultOwnerIndex = i;
1075 DefaultOwnerIndex = NULL;
1076 }
1077
1078 if (PrimaryGroupIndex &&
1080 {
1081 /* Primary group is found, stop the search for it */
1082 // Token->PrimaryGroup = Token->UserAndGroups[i].Sid;
1083 *PrimaryGroupIndex = i;
1084 PrimaryGroupIndex = NULL;
1085 }
1086 }
1087
1088 if (DefaultOwnerIndex)
1089 {
1092 }
1093
1094 if (PrimaryGroupIndex)
1095 {
1097 // if (Token->PrimaryGroup == NULL)
1099 }
1100
1102}
Referenced by NtSetInformationToken(), SepCreateToken(), SepDuplicateToken(), and SepPerformTokenFiltering().
◆ SepFreeProxyData()
Frees (de-allocates) the proxy data memory block of a token.
@unimplemented
- Parameters
-
[in,out] ProxyData The proxy data to be freed.
- Returns
- Nothing.
◆ SepImpersonateAnonymousToken()
|
static |
Private function that impersonates the system's anonymous logon token. The major bulk of the impersonation procedure is done here.
- Parameters
-
[in] Thread The executive thread object that is to impersonate the client. [in] PreviousMode The access processor mode, indicating if the call is executed in kernel or user mode.
- Returns
- Returns STATUS_SUCCESS if the impersonation has succeeded. STATUS_UNSUCCESSFUL is returned if the primary token couldn't be obtained from the current process to perform additional tasks. STATUS_ACCESS_DENIED is returned if the process' primary token is restricted, which for this matter we cannot impersonate onto a restricted process. Otherwise a failure NTSTATUS code is returned.
Definition at line 334 of file token.c.
337{
339 PTOKEN TokenToImpersonate, ProcessToken;
340 ULONG IncludeEveryoneValueData;
341 PAGED_CODE();
342
343 /*
344 * We must check first which kind of token
345 * shall we assign for the thread to impersonate,
346 * the one with Everyone Group SID or the other
347 * without. Invoke the registry helper to
348 * return the data value for us.
349 */
352 REG_DWORD,
353 sizeof(IncludeEveryoneValueData),
354 &IncludeEveryoneValueData);
356 {
359 }
360
361 if (IncludeEveryoneValueData == 0)
362 {
363 DPRINT("SepImpersonateAnonymousToken(): Assigning the token not including the Everyone Group SID...\n");
364 TokenToImpersonate = SeAnonymousLogonTokenNoEveryone;
365 }
366 else
367 {
368 DPRINT("SepImpersonateAnonymousToken(): Assigning the token including the Everyone Group SID...\n");
369 TokenToImpersonate = SeAnonymousLogonToken;
370 }
371
372 /*
373 * Tell the object manager that we're going to use this token
374 * object now by incrementing the reference count.
375 */
377 TOKEN_IMPERSONATE,
378 SeTokenObjectType,
379 PreviousMode);
381 {
384 }
385
386 /*
387 * Reference the primary token of the current process that the anonymous
388 * logon token impersonation procedure is being performed. We'll be going
389 * to use the process' token to figure out if the process is actually
390 * restricted or not.
391 */
393 if (!ProcessToken)
394 {
395 DPRINT1("SepImpersonateAnonymousToken(): Couldn't be able to get the process' primary token, bail out...\n");
396 ObDereferenceObject(TokenToImpersonate);
398 }
399
400 /* Now, is the token from the current process restricted? */
402 {
403 DPRINT1("SepImpersonateAnonymousToken(): The process is restricted, can't do anything. Bail out...\n");
404 PsDereferencePrimaryToken(ProcessToken);
405 ObDereferenceObject(TokenToImpersonate);
407 }
408
409 /*
410 * Finally it's time to impersonate! But first, fast dereference the
411 * process' primary token as we no longer need it.
412 */
416 {
418 ObDereferenceObject(TokenToImpersonate);
420 }
421
423}
NTSTATUS NTAPI SepRegQueryHelper(_In_ PCWSTR KeyName, _In_ PCWSTR ValueName, _In_ ULONG ValueType, _In_ ULONG DataLength, _Out_ PVOID ValueData)
A private registry helper that returns the desired value data based on the specifics requested by the...
Definition: srm.c:93
NTSTATUS NTAPI ObReferenceObjectByPointer(IN PVOID Object, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode)
Definition: obref.c:381
Referenced by NtImpersonateAnonymousToken().
◆ SepInitializeTokenImplementation()
Internal function that initializes critical kernel data for access token implementation in SRM.
- Returns
- Nothing.
Definition at line 1403 of file token.c.
1404{
1406 OBJECT_TYPE_INITIALIZER ObjectTypeInitializer;
1407
1409
1410 /* Initialize the Token type */
1423}
struct _TOKEN TOKEN
NTSYSAPI VOID NTAPI RtlInitUnicodeString(PUNICODE_STRING DestinationString, PCWSTR SourceString)
VOID NTAPI SepDeleteToken(_In_ PVOID ObjectBody)
Internal function that deals with access token object destruction and deletion. The function is used ...
Definition: token.c:1359
NTSTATUS NTAPI ObCreateObjectType(IN PUNICODE_STRING TypeName, IN POBJECT_TYPE_INITIALIZER ObjectTypeInitializer, IN PVOID Reserved, OUT POBJECT_TYPE *ObjectType)
Definition: oblife.c:1121
Definition: apinames.c:49
Definition: obtypes.h:353
ULONG DefaultPagedPoolCharge
Definition: obtypes.h:364
Definition: env_spec_w32.h:368
Referenced by SepInitializationPhase0().
◆ SepRebuildDynamicPartOfToken()
Re-builds the dynamic part area of an access token during an a default DACL or primary group replacement within the said token if the said dynamic area can't hold the new security content.
- Parameters
-
[in] AccessToken A pointer to an access token where its dynamic part is to be re-built and expanded based upon the new dynamic part size provided by the caller. Dynamic part expansion is not always guaranteed. See Remarks for further information. [in] NewDynamicPartSize The new dynamic part size.
- Returns
- Returns STATUS_SUCCESS if the function has completed its operations successfully. STATUS_INSUFFICIENT_RESOURCES is returned if the new dynamic part could not be allocated.
- Remarks
- STATUS_SUCCESS does not indicate if the function has re-built the dynamic part of a token. If the current dynamic area size suffices the new dynamic area length provided by the caller then the dynamic area can hold the new security content buffer so dynamic part expansion is not necessary.
Definition at line 715 of file token.c.
718{
719 PVOID NewDynamicPart;
720 PVOID PreviousDynamicPart;
721 ULONG CurrentDynamicLength;
722
723 PAGED_CODE();
724
725 /* Sanity checks */
726 ASSERT(AccessToken);
727 ASSERT(NewDynamicPartSize != 0);
728
729 /*
730 * Compute the exact length of the available
731 * dynamic part of the access token.
732 */
733 CurrentDynamicLength = AccessToken->DynamicAvailable + RtlLengthSid(AccessToken->PrimaryGroup);
734 if (AccessToken->DefaultDacl)
735 {
736 CurrentDynamicLength += AccessToken->DefaultDacl->AclSize;
737 }
738
739 /*
740 * Figure out if the current dynamic part is too small
741 * to fit new contents inside the said dynamic part.
742 * Rebuild the dynamic area and expand it if necessary.
743 */
744 if (CurrentDynamicLength < NewDynamicPartSize)
745 {
747 NewDynamicPartSize,
748 TAG_TOKEN_DYNAMIC);
750 {
751 DPRINT1("SepRebuildDynamicPartOfToken(): Insufficient resources to allocate new dynamic part!\n");
753 }
754
755 /* Copy the existing dynamic part */
756 PreviousDynamicPart = AccessToken->DynamicPart;
757 RtlCopyMemory(NewDynamicPart, PreviousDynamicPart, CurrentDynamicLength);
758
759 /* Update the available dynamic area and assign new dynamic */
760 AccessToken->DynamicAvailable += NewDynamicPartSize - CurrentDynamicLength;
761 AccessToken->DynamicPart = NewDynamicPart;
762
763 /* Move the contents (primary group and default DACL) addresses as well */
767 {
770 }
771
772 /* And discard the previous dynamic part */
775 }
776
778}
◆ SepRemovePrivilegeToken()
Removes a privilege from the token.
- Parameters
-
[in,out] Token The token where the privilege is to be removed. [in] Index The index count which represents the number position of the privilege we want to remove.
- Returns
- Nothing.
Definition at line 582 of file token.c.
585{
586 ULONG MoveCount;
587 ASSERT(Index < Token->PrivilegeCount);
588
589 /* Calculate the number of trailing privileges */
591 if (MoveCount != 0)
592 {
593 /* Move them one location ahead */
597 }
598
599 /* Update privilege count */
600 Token->PrivilegeCount--;
601}
Referenced by SepAdjustPrivileges(), SepDuplicateToken(), and SepPerformTokenFiltering().
◆ SepRemoveUserGroupToken()
Removes a group from the token.
- Parameters
-
[in,out] Token The token where the group is to be removed. [in] Index The index count which represents the number position of the group we want to remove.
- Returns
- Nothing.
Definition at line 618 of file token.c.
621{
622 ULONG MoveCount;
623 ASSERT(Index < Token->UserAndGroupCount);
624
625 /* Calculate the number of trailing groups */
627 if (MoveCount != 0)
628 {
629 /* Time to remove the group by moving one location ahead */
633 }
634
635 /* Remove one group count */
636 Token->UserAndGroupCount--;
637}
Referenced by SepDuplicateToken().
◆ SepTokenIsOwner()
| BOOLEAN NTAPI SepTokenIsOwner | ( | _In_ PACCESS_TOKEN | _Token, |
| _In_ PSECURITY_DESCRIPTOR | SecurityDescriptor, | ||
| _In_ BOOLEAN | TokenLocked | ||
| ) |
Checks if a token belongs to the main user, being the owner.
- Parameters
-
[in] _Token A valid token object. [in] SecurityDescriptor A security descriptor where the owner is to be found. [in] TokenLocked If set to TRUE, the token has been already locked and there's no need to lock it again. Otherwise the function will acquire the lock.
- Returns
- Returns TRUE if the token belongs to a owner, FALSE otherwise.
Definition at line 511 of file token.c.
515{
519
520 /* Get the owner SID */
523
524 /* Lock the token if needed */
526
527 /* Check if the owner SID is found, handling restricted case as well */
530 {
532 }
533
534 /* Release the lock if we had acquired it */
536
537 /* Return the result */
539}
FORCEINLINE PSID SepGetOwnerFromDescriptor(_Inout_ PVOID _Descriptor)
Definition: se.h:99
BOOLEAN NTAPI SepSidInToken(_In_ PACCESS_TOKEN _Token, _In_ PSID Sid)
Checks if a SID is present in a token.
Definition: sid.c:547
BOOLEAN NTAPI SepSidInTokenEx(_In_ PACCESS_TOKEN _Token, _In_ PSID PrincipalSelfSid, _In_ PSID _Sid, _In_ BOOLEAN Deny, _In_ BOOLEAN Restricted)
Checks if a SID is present in a token.
Definition: sid.c:443
_At_(*)(_In_ PWSK_CLIENT Client, _In_opt_ PUNICODE_STRING NodeName, _In_opt_ PUNICODE_STRING ServiceName, _In_opt_ ULONG NameSpace, _In_opt_ GUID *Provider, _In_opt_ PADDRINFOEXW Hints, _Outptr_ PADDRINFOEXW *Result, _In_opt_ PEPROCESS OwningProcess, _In_opt_ PETHREAD OwningThread, _Inout_ PIRP Irp Result)(Mem)) NTSTATUS(WSKAPI *PFN_WSK_GET_ADDRESS_INFO
Definition: wsk.h:426
Referenced by NtAccessCheck(), and SeAccessCheck().
◆ SepUpdatePrivilegeFlagsToken()
Updates the token's flags based upon the privilege that the token has been granted. The function uses the private helper, SepUpdateSinglePrivilegeFlagToken, in order to update the flags of a token.
- Parameters
-
[in,out] Token The token where the flags are to be changed.
- Returns
- Nothing.
Definition at line 554 of file token.c.
556{
558
559 /* Loop all privileges */
561 {
562 /* Updates the flags for this privilege */
564 }
565}
VOID SepUpdateSinglePrivilegeFlagToken(_Inout_ PTOKEN Token, _In_ ULONG Index)
Updates the token's flags based upon the privilege that the token has been granted....
Definition: token.c:442
Referenced by SepCreateToken().
◆ SepUpdateSinglePrivilegeFlagToken()
Updates the token's flags based upon the privilege that the token has been granted. The flag can either be taken out or given to the token if the attributes of the specified privilege is enabled or not.
- Parameters
-
[in,out] Token The token where the flags are to be changed. [in] Index The index count which represents the total sum of privileges. The count in question MUST NOT exceed the expected privileges count of the token.
- Returns
- Nothing.
Definition at line 442 of file token.c.
445{
446 ULONG TokenFlag;
447 ASSERT(Index < Token->PrivilegeCount);
448
449 /* The high part of all values we are interested in is 0 */
451 {
452 return;
453 }
454
455 /* Check for certain privileges to update flags */
457 {
458 TokenFlag = TOKEN_HAS_TRAVERSE_PRIVILEGE;
459 }
461 {
462 TokenFlag = TOKEN_HAS_BACKUP_PRIVILEGE;
463 }
465 {
466 TokenFlag = TOKEN_HAS_RESTORE_PRIVILEGE;
467 }
469 {
470 TokenFlag = TOKEN_HAS_IMPERSONATE_PRIVILEGE;
471 }
472 else
473 {
474 /* Nothing to do */
475 return;
476 }
477
478 /* Check if the specified privilege is enabled */
480 {
481 /* It is enabled, so set the flag */
482 Token->TokenFlags |= TokenFlag;
483 }
484 else
485 {
486 /* Is is disabled, so remove the flag */
487 Token->TokenFlags &= ~TokenFlag;
488 }
489}
Referenced by SepAdjustPrivileges(), SepPerformTokenFiltering(), and SepUpdatePrivilegeFlagsToken().
◆ SeQueryAuthenticationIdToken()
Queries the authentication ID of an access token.
- Parameters
-
[in] Token A valid access token where the authentication ID has to be gathered. [out] pSessionId The returned pointer to an authentication ID to the caller.
- Returns
- Returns STATUS_SUCCESS.
Definition at line 1823 of file token.c.
1826{
1827 PAGED_CODE();
1828
1830
1832}
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID LogonId
Definition: ntifs.template.h:716
Referenced by GetProcessLuid(), KsecGetKeyData(), nfs41_GetLUID(), NtSetUuidSeed(), ObpReferenceDeviceMap(), ObpSetCurrentProcessDeviceMap(), RxGetUid(), and RxInitializeVNetRootParameters().
◆ SeQuerySessionIdToken()
Queries the session ID of an access token.
- Parameters
-
[in] Token A valid access token where the session ID has to be gathered. [out] pSessionId The returned pointer to a session ID to the caller.
- Returns
- Returns STATUS_SUCCESS.
Definition at line 1791 of file token.c.
1794{
1795 PAGED_CODE();
1796
1797 /* Lock the token */
1799
1801
1802 /* Unlock the token */
1804
1806}
Referenced by NtQueryInformationToken(), RxGetSessionId(), RxInitializeVNetRootParameters(), and SeQueryInformationToken().
◆ SeSubProcessToken()
| NTSTATUS NTAPI SeSubProcessToken | ( | _In_ PTOKEN | ParentToken, |
| _Out_ PTOKEN * | Token, | ||
| _In_ BOOLEAN | InUse, | ||
| _In_ ULONG | SessionId | ||
| ) |
Subtracts a token in exchange of duplicating a new one.
- Parameters
-
[in] ParentToken The parent access token for duplication. [out] Token The new duplicated token. [in] InUse Set this to TRUE if the token is about to be used immediately after the call execution of this function, FALSE otherwise. [in] SessionId Session ID for the token to be assigned.
- Returns
- Returns STATUS_SUCCESS if token subtracting and duplication have completed successfully. A failure NTSTATUS code is returned otherwise.
Definition at line 1127 of file token.c.
1132{
1133 PTOKEN NewToken;
1136
1137 /* Initialize the attributes and duplicate it */
1140 &ObjectAttributes,
1141 FALSE,
1142 TokenPrimary,
1143 ParentToken->ImpersonationLevel,
1144 KernelMode,
1145 &NewToken);
1147 {
1148 /* Insert it */
1150 NULL,
1151 0,
1152 0,
1153 NULL,
1154 NULL);
1156 {
1157 /* Set the session ID */
1159 NewToken->TokenInUse = InUse;
1160
1161 /* Return the token */
1162 *Token = NewToken;
1163 }
1164 }
1165
1166 /* Return status */
1168}
Referenced by PspInitializeProcessSecurity().
◆ SeTokenCanImpersonate()
| BOOLEAN NTAPI SeTokenCanImpersonate | ( | _In_ PTOKEN | ProcessToken, |
| _In_ PTOKEN | TokenToImpersonate, | ||
| _In_ SECURITY_IMPERSONATION_LEVEL | ImpersonationLevel | ||
| ) |
Ensures that client impersonation can occur by checking if the token we're going to assign as the impersonation token can be actually impersonated in the first place. The routine is used primarily by PsImpersonateClient.
- Parameters
-
[in] ProcessToken Token from a process. [in] TokenToImpersonate Token that we are going to impersonate. [in] ImpersonationLevel Security impersonation level grade.
- Returns
- Returns TRUE if the conditions checked are met for token impersonation, FALSE otherwise.
Definition at line 1969 of file token.c.
1973{
1974 BOOLEAN CanImpersonate;
1975 PAGED_CODE();
1976
1977 /*
1978 * SecurityAnonymous and SecurityIdentification levels do not
1979 * allow impersonation.
1980 */
1983 {
1985 }
1986
1987 /* Time to lock our tokens */
1988 SepAcquireTokenLockShared(ProcessToken);
1989 SepAcquireTokenLockShared(TokenToImpersonate);
1990
1991 /* What kind of authentication ID does the token have? */
1993 &SeAnonymousAuthenticationId))
1994 {
1995 /*
1996 * OK, it looks like the token has an anonymous
1997 * authentication. Is that token created by the system?
1998 */
2000 !RtlEqualLuid(&TokenToImpersonate->TokenSource.SourceIdentifier, &SeSystemTokenSource.SourceIdentifier))
2001 {
2002 /* It isn't, we can't impersonate regular tokens */
2003 DPRINT("SeTokenCanImpersonate(): Token has an anonymous authentication ID, can't impersonate!\n");
2004 CanImpersonate = FALSE;
2005 goto Quit;
2006 }
2007 }
2008
2009 /* Are the SID values from both tokens equal? */
2011 TokenToImpersonate->UserAndGroups->Sid))
2012 {
2013 /* They aren't, bail out */
2015 CanImpersonate = FALSE;
2016 goto Quit;
2017 }
2018
2019 /*
2020 * Make sure the tokens aren't diverged in terms of
2021 * restrictions, that is, one token is restricted
2022 * but the other one isn't.
2023 */
2025 SeTokenIsRestricted(TokenToImpersonate))
2026 {
2027 /*
2028 * One token is restricted so we cannot
2029 * continue further at this point, bail out.
2030 */
2032 CanImpersonate = FALSE;
2033 goto Quit;
2034 }
2035
2036 /* If we've reached that far then we can impersonate! */
2038 CanImpersonate = TRUE;
2039
2040Quit:
2041 /* We're done, unlock the tokens now */
2042 SepReleaseTokenLock(ProcessToken);
2043 SepReleaseTokenLock(TokenToImpersonate);
2044
2045 return CanImpersonate;
2046}
Referenced by PsImpersonateClient().
◆ SeTokenImpersonationLevel()
| SECURITY_IMPERSONATION_LEVEL NTAPI SeTokenImpersonationLevel | ( | _In_ PACCESS_TOKEN | Token | ) |
Gathers the security impersonation level of an access token.
- Returns
- Returns the security impersonation level from a valid token.
Definition at line 1846 of file token.c.
Referenced by PsAssignImpersonationToken().
◆ SeTokenIsAdmin()
| BOOLEAN NTAPI SeTokenIsAdmin | ( | _In_ PACCESS_TOKEN | Token | ) |
Determines if a token is either an admin token or not. Such condition is checked based upon TOKEN_HAS_ADMIN_GROUP flag, which means if the respective access token belongs to an administrator group or not.
- Returns
- Returns TRUE if the token is an admin one, FALSE otherwise.
Definition at line 1890 of file token.c.
1892{
1893 PAGED_CODE();
1894
1895 // NOTE: Win7+ instead really checks the list of groups in the token
1896 // (since TOKEN_HAS_ADMIN_GROUP == TOKEN_WRITE_RESTRICTED ...)
1898}
Referenced by PsImpersonateClient().
◆ SeTokenIsInert()
Determines if a token is a sandbox inert token or not, based upon the token flags.
- Returns
- Returns TRUE if the token is inert, FALSE otherwise.
Definition at line 1337 of file token.c.
Referenced by NtQueryInformationToken().
◆ SeTokenIsRestricted()
| BOOLEAN NTAPI SeTokenIsRestricted | ( | _In_ PACCESS_TOKEN | Token | ) |
Determines if a token is restricted or not, based upon the token flags.
- Returns
- Returns TRUE if the token is restricted, FALSE otherwise.
Definition at line 1913 of file token.c.
Referenced by NtQueryInformationToken(), PsImpersonateClient(), RxInitializeVNetRootParameters(), SepAccessCheck(), SepCompareTokens(), SepDumpTokenDebugInfo(), SepImpersonateAnonymousToken(), and SeTokenCanImpersonate().
◆ SeTokenIsWriteRestricted()
| BOOLEAN NTAPI SeTokenIsWriteRestricted | ( | _In_ PACCESS_TOKEN | Token | ) |
Determines if a token is write restricted, that is, nobody can write anything to it.
- Returns
- Returns TRUE if the token is write restricted, FALSE otherwise.
- Remarks
- First introduced in NT 5.1 SP2 x86 (5.1.2600.2622), absent in NT 5.2, then finally re-introduced in Vista+.
Definition at line 1938 of file token.c.
1940{
1941 PAGED_CODE();
1942
1943 // NOTE: NT 5.1 SP2 x86 checks the SE_BACKUP_PRIVILEGES_CHECKED flag
1944 // while Vista+ checks the TOKEN_WRITE_RESTRICTED flag as one expects.
1946}
◆ SeTokenType()
| TOKEN_TYPE NTAPI SeTokenType | ( | _In_ PACCESS_TOKEN | Token | ) |
Gathers the token type of an access token. A token ca be either a primary token or impersonation token.
- Returns
- Returns the token type from a valid token.
Variable Documentation
◆ SeAnonymousAuthenticationId
| LUID SeAnonymousAuthenticationId = ANONYMOUS_LOGON_LUID |
Definition at line 21 of file token.c.
Referenced by SepCreateSystemAnonymousLogonToken(), SepCreateSystemAnonymousLogonTokenNoEveryone(), SepRmDeleteLogonSession(), SeRmInitPhase0(), and SeTokenCanImpersonate().
◆ SepTokenMapping
|
static |
Initial value:
= {
}
Definition at line 23 of file token.c.
Referenced by SepInitializeTokenImplementation().
◆ SeSystemAuthenticationId
| LUID SeSystemAuthenticationId = SYSTEM_LUID |
Definition at line 20 of file token.c.
Referenced by SepCreateSystemProcessToken(), SepRmDeleteLogonSession(), and SeRmInitPhase0().
◆ SeSystemTokenSource
| TOKEN_SOURCE SeSystemTokenSource = {"*SYSTEM*", {0}} |
Definition at line 19 of file token.c.
Referenced by SepCreateSystemAnonymousLogonToken(), SepCreateSystemAnonymousLogonTokenNoEveryone(), SepCreateSystemProcessToken(), and SeTokenCanImpersonate().
◆ SeTokenObjectType
| POBJECT_TYPE SeTokenObjectType = NULL |
Definition at line 17 of file token.c.
Referenced by NtAccessCheck(), NtAdjustGroupsToken(), NtAdjustPrivilegesToken(), NtCompareTokens(), NtDuplicateToken(), NtFilterToken(), NtOpenObjectAuditAlarm(), NtOpenProcessTokenEx(), NtOpenThreadTokenEx(), NtPrivilegeCheck(), NtPrivilegedServiceAuditAlarm(), NtQueryInformationToken(), NtSetInformationToken(), PsAssignImpersonationToken(), PspAssignPrimaryToken(), PspSetPrimaryToken(), SepAccessCheckAndAuditAlarm(), SepCreateToken(), SepDuplicateToken(), SepImpersonateAnonymousToken(), SepInitializeTokenImplementation(), SepPerformTokenFiltering(), and TestObjectTypes().
