55 DPRINT1(
"SepCreateTokenLock(): Failed to allocate memory!\n");
113 ULONG FirstCount, SecondCount;
118 if (CountSidArray1 != CountSidArray2)
120 DPRINT(
"SepCompareSidAndAttributesFromTokens(): Index counters are not the same!\n");
125 for (FirstCount = 0; FirstCount < CountSidArray1; FirstCount++)
127 for (SecondCount = 0; SecondCount < CountSidArray2; SecondCount++)
129 FirstSidArray = &SidArrayToken1[FirstCount];
130 SecondSidArray = &SidArrayToken2[SecondCount];
140 if (SecondCount == CountSidArray2)
142 DPRINT(
"SepCompareSidAndAttributesFromTokens(): No matching elements could be found in either token!\n");
180 ULONG FirstCount, SecondCount;
185 if (CountPrivArray1 != CountPrivArray2)
187 DPRINT(
"SepComparePrivilegeAndAttributesFromTokens(): Index counters are not the same!\n");
192 for (FirstCount = 0; FirstCount < CountPrivArray1; FirstCount++)
194 for (SecondCount = 0; SecondCount < CountPrivArray2; SecondCount++)
196 FirstPrivArray = &PrivArrayToken1[FirstCount];
197 SecondPrivArray = &PrivArrayToken2[SecondCount];
207 if (SecondCount == CountPrivArray2)
209 DPRINT(
"SepComparePrivilegeAndAttributesFromTokens(): No matching elements could be found in either token!\n");
251 ASSERT(FirstToken != SecondToken);
259 FirstToken->UserAndGroupCount,
260 SecondToken->UserAndGroups,
261 SecondToken->UserAndGroupCount))
282 FirstToken->RestrictedSidCount,
283 SecondToken->RestrictedSids,
284 SecondToken->RestrictedSidCount))
292 FirstToken->PrivilegeCount,
293 SecondToken->Privileges,
294 SecondToken->PrivilegeCount))
301 DPRINT(
"SepCompareTokens(): Tokens are equal!\n");
339 PTOKEN TokenToImpersonate, ProcessToken;
340 ULONG IncludeEveryoneValueData;
351 L"EveryoneIncludesAnonymous",
353 sizeof(IncludeEveryoneValueData),
354 &IncludeEveryoneValueData);
357 DPRINT1(
"SepRegQueryHelper(): Failed to query the registry value (Status 0x%lx)\n",
Status);
361 if (IncludeEveryoneValueData == 0)
363 DPRINT(
"SepImpersonateAnonymousToken(): Assigning the token not including the Everyone Group SID...\n");
368 DPRINT(
"SepImpersonateAnonymousToken(): Assigning the token including the Everyone Group SID...\n");
382 DPRINT1(
"SepImpersonateAnonymousToken(): Couldn't be able to use the token, bail out...\n");
395 DPRINT1(
"SepImpersonateAnonymousToken(): Couldn't be able to get the process' primary token, bail out...\n");
403 DPRINT1(
"SepImpersonateAnonymousToken(): The process is restricted, can't do anything. Bail out...\n");
417 DPRINT1(
"SepImpersonateAnonymousToken(): Failed to impersonate, bail out...\n");
447 ASSERT(Index < Token->PrivilegeCount);
450 if (
Token->Privileges[
Index].Luid.HighPart != 0)
482 Token->TokenFlags |= TokenFlag;
487 Token->TokenFlags &= ~TokenFlag;
560 for (
i = 0;
i <
Token->PrivilegeCount;
i++)
587 ASSERT(Index < Token->PrivilegeCount);
590 MoveCount =
Token->PrivilegeCount -
Index - 1;
600 Token->PrivilegeCount--;
623 ASSERT(Index < Token->UserAndGroupCount);
626 MoveCount =
Token->UserAndGroupCount -
Index - 1;
636 Token->UserAndGroupCount--;
664 ULONG DynamicAvailable;
669 ASSERT(DynamicCharged != 0);
679 DynamicAvailable -= DefaultDacl->AclSize;
682 return DynamicAvailable;
719 PVOID NewDynamicPart;
720 PVOID PreviousDynamicPart;
721 ULONG CurrentDynamicLength;
727 ASSERT(NewDynamicPartSize != 0);
733 CurrentDynamicLength = AccessToken->DynamicAvailable +
RtlLengthSid(AccessToken->PrimaryGroup);
734 if (AccessToken->DefaultDacl)
736 CurrentDynamicLength += AccessToken->DefaultDacl->AclSize;
744 if (CurrentDynamicLength < NewDynamicPartSize)
749 if (NewDynamicPart ==
NULL)
751 DPRINT1(
"SepRebuildDynamicPartOfToken(): Insufficient resources to allocate new dynamic part!\n");
756 PreviousDynamicPart = AccessToken->DynamicPart;
757 RtlCopyMemory(NewDynamicPart, PreviousDynamicPart, CurrentDynamicLength);
760 AccessToken->DynamicAvailable += NewDynamicPartSize - CurrentDynamicLength;
761 AccessToken->DynamicPart = NewDynamicPart;
764 AccessToken->PrimaryGroup = (
PSID)((
ULONG_PTR)AccessToken->DynamicPart +
766 if (AccessToken->DefaultDacl !=
NULL)
768 AccessToken->DefaultDacl = (
PACL)((
ULONG_PTR)AccessToken->DynamicPart +
773 DPRINT(
"SepRebuildDynamicPartOfToken(): The dynamic part has been re-built with success!\n");
866 if (OldToken == NewToken)
869 *OldAccessToken = OldToken;
877 *OldAccessToken =
NULL;
884 *OldAccessToken =
NULL;
889 *OldAccessToken = OldToken;
1021 if (!PrimaryGroupIndex && !DefaultOwnerIndex)
1024 if (PrimaryGroupIndex)
1028 *PrimaryGroupIndex =
Token->UserAndGroupCount;
1031 if (DefaultOwnerIndex)
1042 *DefaultOwnerIndex = 0;
1043 DefaultOwnerIndex =
NULL;
1048 *DefaultOwnerIndex =
Token->UserAndGroupCount;
1057 *DefaultOwnerIndex = 0;
1058 DefaultOwnerIndex =
NULL;
1063 for (
i = 0;
i <
Token->UserAndGroupCount;
i++)
1066 if (!PrimaryGroupIndex && !DefaultOwnerIndex)
1069 if (DefaultOwnerIndex && DefaultOwner &&
1074 *DefaultOwnerIndex =
i;
1075 DefaultOwnerIndex =
NULL;
1078 if (PrimaryGroupIndex &&
1083 *PrimaryGroupIndex =
i;
1084 PrimaryGroupIndex =
NULL;
1088 if (DefaultOwnerIndex)
1090 if (*DefaultOwnerIndex ==
Token->UserAndGroupCount)
1094 if (PrimaryGroupIndex)
1096 if (*PrimaryGroupIndex ==
Token->UserAndGroupCount)
1186 PTOKEN NewToken, PrimaryToken;
1193 *OpenedTokenHandle =
NULL;
1208 DPRINT1(
"Failed to open the thread's token object (Status 0x%lx)\n",
Status);
1232 DPRINT1(
"Failed to reference the object thread (Status 0x%lx)\n",
Status);
1239 DPRINT1(
"One of the threads aren't the same (original thread 0x%p, thread 0x%p)\n",
Thread,
Thread2);
1248 DPRINT1(
"Failed to reference the primary token of thread\n");
1258 DPRINT1(
"Failed to create an impersonation token DACL (Status 0x%lx)\n",
Status);
1268 DPRINT1(
"Failed to create a security descriptor (Status 0x%lx)\n",
Status);
1281 DPRINT1(
"Failed to set the DACL to the security descriptor (Status 0x%lx)\n",
Status);
1307 DPRINT1(
"Failed to duplicate the token (Status 0x%lx)\n",
Status);
1323 DPRINT1(
"Failed to insert the token object (Status 0x%lx)\n",
Status);
1337 DPRINT1(
"Failed to impersonate the client (Status 0x%lx)\n",
Status);
1389 ParentToken->ImpersonationLevel,
1438 LUID ProcessTokenId, CallerParentId;
1449 ProcessTokenId = ProcessToken->
TokenId;
1455 CallerParentId =
Token->ParentTokenId;
1487 LUID ProcessParentId, ProcessAuthId;
1488 LUID CallerParentId, CallerAuthId;
1506 CallerParentId =
Token->ParentTokenId;
1507 CallerAuthId =
Token->AuthenticationId;
1611 DPRINT(
"SepDeleteToken()\n");
1620 DPRINT1(
"SepDeleteToken(): Failed to remove the logon session from token (Status: 0x%lx)\n",
Status);
1654 DPRINT(
"Creating Token Object Type\n");
1657 RtlZeroMemory(&ObjectTypeInitializer,
sizeof(ObjectTypeInitializer));
1659 ObjectTypeInitializer.
Length =
sizeof(ObjectTypeInitializer);
1728 TokenControl->AuthenticationId =
Token->AuthenticationId;
1729 TokenControl->TokenId =
Token->TokenId;
1730 TokenControl->TokenSource =
Token->TokenSource;
1736 TokenControl->ModifiedId =
Token->ModifiedId;
1755 ULONG GroupAttributes, OwnerAttributes;
1795 ASSERT(GroupsLength <= (
sizeof(Groups) *
sizeof(
ULONG)));
1895 ASSERT(GroupsLength <= (
sizeof(Groups) *
sizeof(
ULONG)));
2221 DPRINT(
"The server doesn't ask for impersonation\n");
2234 if (
RtlEqualLuid(&TokenToImpersonate->AuthenticationId,
2237 DPRINT(
"The token to impersonate has an anonymous authentication ID, allow impersonation either way\n");
2238 CanImpersonate =
TRUE;
2245 DPRINT(
"The process is granted the impersonation privilege, allow impersonation\n");
2246 CanImpersonate =
TRUE;
2256 DPRINT1(
"Cannot impersonate a client above the permitted impersonation level!\n");
2257 CanImpersonate =
FALSE;
2263 &TokenToImpersonate->OriginatingLogonSession))
2266 if (!
RtlEqualSid(ProcessToken->UserAndGroups[0].Sid,
2267 TokenToImpersonate->UserAndGroups[0].Sid))
2269 DPRINT1(
"Server and client aren't the same user!\n");
2270 CanImpersonate =
FALSE;
2284 DPRINT1(
"Attempting to impersonate a less restricted client token, bail out!\n");
2285 CanImpersonate =
FALSE;
2291 DPRINT(
"We can impersonate\n");
2292 CanImpersonate =
TRUE;
2297 return CanImpersonate;
2379 DPRINT1(
"Failed to reference the object thread (Status 0x%lx)\n",
Status);
2388 DPRINT(
"Failed to reference the thread's impersonation token, thread has no token\n");
2396 DPRINT1(
"The thread token has anonymous security, can't open it\n");
2422 if (RestoreImpersonation)
2433 DPRINT1(
"Failed to open the thread's token (Status 0x%lx)\n",
Status);
2509 PTOKEN FirstToken, SecondToken;
2535 (
PVOID*)&FirstToken,
2539 DPRINT1(
"ObReferenceObjectByHandle() failed (Status 0x%lx)\n",
Status);
2547 (
PVOID*)&SecondToken,
2551 DPRINT1(
"ObReferenceObjectByHandle() failed (Status 0x%lx)\n",
Status);
2556 if (FirstToken != SecondToken)
2631 DPRINT1(
"NtImpersonateAnonymousToken(): Failed to reference the object (Status 0x%lx)\n",
Status);
2639 DPRINT1(
"NtImpersonateAnonymousToken(): Failed to impersonate the token (Status 0x%lx)\n",
Status);
static DWORD WINAPI Thread2(_Inout_opt_ PVOID Parameter)
static const LUID SeCreateGlobalPrivilege
static const LUID SeChangeNotifyPrivilege
static const LUID SeImpersonatePrivilege
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
#define STATUS_NOT_IMPLEMENTED
#define STATUS_OBJECT_TYPE_MISMATCH
#define NT_SUCCESS(StatCode)
UNICODE_STRING Restricted
#define ExAllocatePoolWithTag(hernya, size, tag)
#define PsGetCurrentThread()
NTSTATUS ExInitializeResourceLite(PULONG res)
#define ExDeleteResourceLite(res)
#define ExGetPreviousMode
_In_opt_ PFILE_OBJECT _In_opt_ PETHREAD Thread
_Must_inspect_result_ _In_ PLARGE_INTEGER _In_ PLARGE_INTEGER _In_ ULONG _In_ PFILE_OBJECT _In_ PVOID Process
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
LONG NTAPI ExSystemExceptionFilter(VOID)
#define THREAD_IMPERSONATE
#define THREAD_QUERY_INFORMATION
NTSYSAPI NTSTATUS WINAPI RtlSetDaclSecurityDescriptor(PSECURITY_DESCRIPTOR, BOOLEAN, PACL, BOOLEAN)
#define EXCEPTION_EXECUTE_HANDLER
enum _SECURITY_IMPERSONATION_LEVEL SECURITY_IMPERSONATION_LEVEL
#define ExFreePoolWithTag(_P, _T)
#define PsDereferencePrimaryToken(T)
#define PsDereferenceImpersonationToken(T)
#define SE_IMPERSONATE_PRIVILEGE
#define SE_BACKUP_PRIVILEGE
#define SE_RESTORE_PRIVILEGE
#define SE_CHANGE_NOTIFY_PRIVILEGE
#define InitializeObjectAttributes(p, n, a, r, s)
_In_ HANDLE _In_opt_ HANDLE _Out_opt_ PHANDLE _In_ ACCESS_MASK _In_ ULONG HandleAttributes
_In_ ACCESS_MASK _In_ ULONG _Out_ PHANDLE TokenHandle
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL Dacl
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ SaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ OwnerSize PSID Owner
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ SaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ OwnerSize PSID _Inout_ PULONG _Out_writes_bytes_to_opt_ PrimaryGroupSize PSID PrimaryGroup
NTSYSAPI ULONG NTAPI RtlLengthSid(IN PSID Sid)
NTSYSAPI NTSTATUS NTAPI RtlCreateSecurityDescriptor(_Out_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ ULONG Revision)
_In_ ULONG _In_ ACCESS_MASK _In_ PSID Sid
NTSYSAPI BOOLEAN NTAPI RtlEqualSid(_In_ PSID Sid1, _In_ PSID Sid2)
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN EffectiveOnly
#define SE_GROUP_MANDATORY
#define SE_GROUP_ENABLED_BY_DEFAULT
#define THREAD_ALL_ACCESS
NTSYSAPI VOID NTAPI RtlInitUnicodeString(PUNICODE_STRING DestinationString, PCWSTR SourceString)
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID LogonId
ULONG NTAPI MmGetSessionId(IN PEPROCESS Process)
NTSTATUS NTAPI SepRmRemoveLogonSessionFromToken(_Inout_ PTOKEN Token)
Removes a logon session from an access token.
const LUID SeDebugPrivilege
PTOKEN SeAnonymousLogonToken
NTSTATUS SepRmDereferenceLogonSession(_Inout_ PLUID LogonLuid)
const LUID SeCreateTokenPrivilege
const LUID SeBackupPrivilege
const LUID SeAssignPrimaryTokenPrivilege
NTSTATUS NTAPI SepRegQueryHelper(_In_ PCWSTR KeyName, _In_ PCWSTR ValueName, _In_ ULONG ValueType, _In_ ULONG DataLength, _Out_ PVOID ValueData)
A private registry helper that returns the desired value data based on the specifics requested by the...
FORCEINLINE PSID SepGetOwnerFromDescriptor(_Inout_ PSECURITY_DESCRIPTOR _Descriptor)
BOOLEAN NTAPI SepSidInToken(_In_ PACCESS_TOKEN _Token, _In_ PSID Sid)
Checks if a SID is present in a token.
#define SepAcquireTokenLockShared(Token)
PACL SeSystemAnonymousLogonDacl
const LUID SeSystemtimePrivilege
NTSTATUS NTAPI SepDuplicateToken(_In_ PTOKEN Token, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ BOOLEAN EffectiveOnly, _In_ TOKEN_TYPE TokenType, _In_ SECURITY_IMPERSONATION_LEVEL Level, _In_ KPROCESSOR_MODE PreviousMode, _Out_ PTOKEN *NewAccessToken)
Duplicates an access token, from an existing valid token.
NTSTATUS NTAPI SepCreateImpersonationTokenDacl(_In_ PTOKEN Token, _In_ PTOKEN PrimaryToken, _Out_ PACL *Dacl)
Allocates a discretionary access control list based on certain properties of a regular and primary ac...
const LUID SeTcbPrivilege
const LUID SeManageVolumePrivilege
const LUID SeRestorePrivilege
PTOKEN SeAnonymousLogonTokenNoEveryone
const LUID SeLoadDriverPrivilege
NTSTATUS NTAPI SepCreateToken(_Out_ PHANDLE TokenHandle, _In_ KPROCESSOR_MODE PreviousMode, _In_ ACCESS_MASK DesiredAccess, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ TOKEN_TYPE TokenType, _In_ SECURITY_IMPERSONATION_LEVEL ImpersonationLevel, _In_ PLUID AuthenticationId, _In_ PLARGE_INTEGER ExpirationTime, _In_ PSID_AND_ATTRIBUTES User, _In_ ULONG GroupCount, _In_ PSID_AND_ATTRIBUTES Groups, _In_ ULONG GroupsLength, _In_ ULONG PrivilegeCount, _In_ PLUID_AND_ATTRIBUTES Privileges, _In_opt_ PSID Owner, _In_ PSID PrimaryGroup, _In_opt_ PACL DefaultDacl, _In_ PTOKEN_SOURCE TokenSource, _In_ BOOLEAN SystemToken)
Internal function responsible for access token object creation in the kernel. A fully created token o...
const LUID SeIncreaseBasePriorityPrivilege
const LUID SeLockMemoryPrivilege
const LUID SeCreatePermanentPrivilege
#define SepAcquireTokenLockExclusive(Token)
const LUID SeUndockPrivilege
const LUID SeCreatePagefilePrivilege
const LUID SeTakeOwnershipPrivilege
const LUID SeProfileSingleProcessPrivilege
const LUID SeShutdownPrivilege
const LUID SeSystemEnvironmentPrivilege
const LUID SeSecurityPrivilege
#define SepReleaseTokenLock(Token)
PSID SeAuthenticatedUsersSid
BOOLEAN NTAPI SepSidInTokenEx(_In_ PACCESS_TOKEN _Token, _In_ PSID PrincipalSelfSid, _In_ PSID _Sid, _In_ BOOLEAN Deny, _In_ BOOLEAN Restricted)
Checks if a SID is present in a token.
const LUID SeAuditPrivilege
const LUID SeIncreaseQuotaPrivilege
BOOLEAN NTAPI PsDisableImpersonation(IN PETHREAD Thread, OUT PSE_IMPERSONATION_STATE ImpersonationState)
VOID NTAPI PsRestoreImpersonation(IN PETHREAD Thread, IN PSE_IMPERSONATION_STATE ImpersonationState)
PACCESS_TOKEN NTAPI PsReferencePrimaryToken(PEPROCESS Process)
PACCESS_TOKEN NTAPI PsReferenceImpersonationToken(IN PETHREAD Thread, OUT PBOOLEAN CopyOnOpen, OUT PBOOLEAN EffectiveOnly, OUT PSECURITY_IMPERSONATION_LEVEL ImpersonationLevel)
NTSTATUS NTAPI PsImpersonateClient(IN PETHREAD Thread, IN PACCESS_TOKEN Token, IN BOOLEAN CopyOnOpen, IN BOOLEAN EffectiveOnly, IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel)
POBJECT_TYPE PsThreadType
BOOLEAN NTAPI SeTokenCanImpersonate(_In_ PTOKEN ProcessToken, _In_ PTOKEN TokenToImpersonate, _In_ SECURITY_IMPERSONATION_LEVEL ImpersonationLevel)
Determines whether the server is allowed to impersonate on behalf of a client or not....
NTSTATUS NTAPI SeQueryAuthenticationIdToken(_In_ PACCESS_TOKEN Token, _Out_ PLUID LogonId)
Queries the authentication ID of an access token.
NTSTATUS NTAPI SepCopyProxyData(_Out_ PVOID *Dest, _In_ PVOID Src)
Copies the proxy data from the source into the destination of a token.
SECURITY_IMPERSONATION_LEVEL NTAPI SeTokenImpersonationLevel(_In_ PACCESS_TOKEN Token)
Gathers the security impersonation level of an access token.
VOID SepRemovePrivilegeToken(_Inout_ PTOKEN Token, _In_ ULONG Index)
Removes a privilege from the token.
NTSTATUS SepFindPrimaryGroupAndDefaultOwner(_In_ PTOKEN Token, _In_ PSID PrimaryGroup, _In_opt_ PSID DefaultOwner, _Out_opt_ PULONG PrimaryGroupIndex, _Out_opt_ PULONG DefaultOwnerIndex)
Finds the primary group and default owner entity based on the submitted primary group instance and an...
BOOLEAN NTAPI SeTokenIsInert(_In_ PTOKEN Token)
Determines if a token is a sandbox inert token or not, based upon the token flags.
VOID NTAPI SepInitializeTokenImplementation(VOID)
Internal function that initializes critical kernel data for access token implementation in SRM.
TOKEN_SOURCE SeSystemTokenSource
PTOKEN NTAPI SepCreateSystemProcessToken(VOID)
Creates the system process token.
NTSTATUS SepCreateTokenLock(_Inout_ PTOKEN Token)
Creates a lock for the token.
VOID NTAPI SepDeleteToken(_In_ PVOID ObjectBody)
Internal function that deals with access token object destruction and deletion. The function is used ...
NTSTATUS NTAPI SeCopyClientToken(_In_ PACCESS_TOKEN Token, _In_ SECURITY_IMPERSONATION_LEVEL Level, _In_ KPROCESSOR_MODE PreviousMode, _Out_ PACCESS_TOKEN *NewToken)
Copies an existing access token (technically duplicating a new one).
static NTSTATUS SepOpenThreadToken(_In_ PETHREAD Thread, _In_ HANDLE ThreadHandle, _In_ PTOKEN ThreadToken, _In_ ACCESS_MASK DesiredAccess, _In_ ULONG HandleAttributes, _In_ BOOLEAN EffectiveOnly, _In_ BOOLEAN CopyOnOpen, _In_ SECURITY_IMPERSONATION_LEVEL ImpersonationLevel, _In_ KPROCESSOR_MODE PreviousMode, _Out_ PHANDLE OpenedTokenHandle)
Internal private function that returns an opened handle of an access token associated with a thread.
VOID NTAPI SepFreeProxyData(_Inout_ PVOID ProxyData)
Frees (de-allocates) the proxy data memory block of a token.
NTSTATUS NTAPI SeIsTokenSibling(_In_ PTOKEN Token, _Out_ PBOOLEAN IsSibling)
Checks if the token is a sibling of the other token of the current process that the calling thread is...
NTSTATUS NTAPI SeSubProcessToken(_In_ PTOKEN ParentToken, _Out_ PTOKEN *Token, _In_ BOOLEAN InUse, _In_ ULONG SessionId)
Subtracts a token in exchange of duplicating a new one.
NTSTATUS NTAPI NtOpenThreadToken(_In_ HANDLE ThreadHandle, _In_ ACCESS_MASK DesiredAccess, _In_ BOOLEAN OpenAsSelf, _Out_ PHANDLE TokenHandle)
Opens a token that is tied to a thread handle.
BOOLEAN NTAPI SeTokenIsWriteRestricted(_In_ PACCESS_TOKEN Token)
Determines if a token is write restricted, that is, nobody can write anything to it.
VOID NTAPI SeAssignPrimaryToken(_In_ PEPROCESS Process, _In_ PTOKEN Token)
Assigns a primary access token to a given process.
NTSTATUS SepRebuildDynamicPartOfToken(_Inout_ PTOKEN AccessToken, _In_ ULONG NewDynamicPartSize)
Re-builds the dynamic part area of an access token during an a default DACL or primary group replacem...
static NTSTATUS SepImpersonateAnonymousToken(_In_ PETHREAD Thread, _In_ KPROCESSOR_MODE PreviousMode)
Private function that impersonates the system's anonymous logon token. The major bulk of the imperson...
ULONG RtlLengthSidAndAttributes(_In_ ULONG Count, _In_ PSID_AND_ATTRIBUTES Src)
Computes the length size of a SID.
PTOKEN SepCreateSystemAnonymousLogonTokenNoEveryone(VOID)
Creates the anonymous logon token for the system. This kind of token doesn't include the everyone SID...
ULONG SepComputeAvailableDynamicSpace(_In_ ULONG DynamicCharged, _In_ PSID PrimaryGroup, _In_opt_ PACL DefaultDacl)
Computes the exact available dynamic area of an access token whilst querying token statistics.
VOID SepUpdatePrivilegeFlagsToken(_Inout_ PTOKEN Token)
Updates the token's flags based upon the privilege that the token has been granted....
static NTSTATUS SepCompareTokens(_In_ PTOKEN FirstToken, _In_ PTOKEN SecondToken, _Out_ PBOOLEAN Equal)
Compares tokens if they're equal based on all the following properties. If all of the said conditions...
TOKEN_TYPE NTAPI SeTokenType(_In_ PACCESS_TOKEN Token)
Gathers the token type of an access token. A token ca be either a primary token or impersonation toke...
LUID SeSystemAuthenticationId
NTSTATUS NTAPI SeExchangePrimaryToken(_In_ PEPROCESS Process, _In_ PACCESS_TOKEN NewAccessToken, _Out_ PACCESS_TOKEN *OldAccessToken)
Replaces the old access token of a process (pointed by the EPROCESS kernel structure) with a new acce...
BOOLEAN NTAPI SeTokenIsAdmin(_In_ PACCESS_TOKEN Token)
Determines if a token is either an admin token or not. Such condition is checked based upon TOKEN_HAS...
VOID NTAPI SeGetTokenControlInformation(_In_ PACCESS_TOKEN _Token, _Out_ PTOKEN_CONTROL TokenControl)
Retrieves token control information.
NTSTATUS NTAPI SeIsTokenChild(_In_ PTOKEN Token, _Out_ PBOOLEAN IsChild)
Checks if the token is a child of the other token of the current process that the calling thread is i...
VOID NTAPI SeDeassignPrimaryToken(_Inout_ PEPROCESS Process)
Removes the primary token of a process.
PTOKEN SepCreateSystemAnonymousLogonToken(VOID)
Creates the anonymous logon token for the system. The difference between this token and the other one...
static BOOLEAN SepComparePrivilegeAndAttributesFromTokens(_In_ PLUID_AND_ATTRIBUTES PrivArrayToken1, _In_ ULONG CountPrivArray1, _In_ PLUID_AND_ATTRIBUTES PrivArrayToken2, _In_ ULONG CountPrivArray2)
Compares the elements of privilege arrays provided by tokens. The elements that are being compared fo...
VOID SepRemoveUserGroupToken(_Inout_ PTOKEN Token, _In_ ULONG Index)
Removes a group from the token.
VOID SepUpdateSinglePrivilegeFlagToken(_Inout_ PTOKEN Token, _In_ ULONG Index)
Updates the token's flags based upon the privilege that the token has been granted....
BOOLEAN NTAPI SepTokenIsOwner(_In_ PACCESS_TOKEN _Token, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ BOOLEAN TokenLocked)
Checks if a token belongs to the main user, being the owner.
NTSTATUS NTAPI NtOpenThreadTokenEx(_In_ HANDLE ThreadHandle, _In_ ACCESS_MASK DesiredAccess, _In_ BOOLEAN OpenAsSelf, _In_ ULONG HandleAttributes, _Out_ PHANDLE TokenHandle)
Opens a token that is tied to a thread handle.
LUID SeAnonymousAuthenticationId
POBJECT_TYPE SeTokenObjectType
VOID SepDeleteTokenLock(_Inout_ PTOKEN Token)
Deletes a lock of a token.
NTSTATUS NTAPI NtImpersonateAnonymousToken(_In_ HANDLE ThreadHandle)
Allows the calling thread to impersonate the system's anonymous logon token.
NTSTATUS NTAPI SeQuerySessionIdToken(_In_ PACCESS_TOKEN Token, _Out_ PULONG pSessionId)
Queries the session ID of an access token.
BOOLEAN NTAPI SeTokenIsRestricted(_In_ PACCESS_TOKEN Token)
Determines if a token is restricted or not, based upon the token flags.
static BOOLEAN SepCompareSidAndAttributesFromTokens(_In_ PSID_AND_ATTRIBUTES SidArrayToken1, _In_ ULONG CountSidArray1, _In_ PSID_AND_ATTRIBUTES SidArrayToken2, _In_ ULONG CountSidArray2)
Compares the elements of SID arrays provided by tokens. The elements that are being compared for equa...
NTSTATUS NTAPI NtCompareTokens(_In_ HANDLE FirstTokenHandle, _In_ HANDLE SecondTokenHandle, _Out_ PBOOLEAN Equal)
Compares tokens if they're equal or not.
static GENERIC_MAPPING SepTokenMapping
#define STATUS_TOKEN_ALREADY_IN_USE
#define STATUS_BAD_TOKEN_TYPE
#define STATUS_CANT_OPEN_ANONYMOUS
#define STATUS_INVALID_PRIMARY_GROUP
#define STATUS_INVALID_OWNER
VOID FASTCALL ObInitializeFastReference(IN PEX_FAST_REF FastRef, IN PVOID Object)
PVOID FASTCALL ObFastReplaceObject(IN PEX_FAST_REF FastRef, IN PVOID Object)
VOID FASTCALL ObFastDereferenceObject(IN PEX_FAST_REF FastRef, IN PVOID Object)
FORCEINLINE ULONG ObpValidateAttributes(IN ULONG Attributes, IN KPROCESSOR_MODE PreviousMode)
NTSTATUS NTAPI ObInsertObject(IN PVOID Object, IN PACCESS_STATE AccessState OPTIONAL, IN ACCESS_MASK DesiredAccess, IN ULONG ObjectPointerBias, OUT PVOID *NewObject OPTIONAL, OUT PHANDLE Handle)
NTSTATUS NTAPI ObOpenObjectByPointer(IN PVOID Object, IN ULONG HandleAttributes, IN PACCESS_STATE PassedAccessState, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, OUT PHANDLE Handle)
NTSTATUS NTAPI ObCreateObjectType(IN PUNICODE_STRING TypeName, IN POBJECT_TYPE_INITIALIZER ObjectTypeInitializer, IN PVOID Reserved, OUT POBJECT_TYPE *ObjectType)
NTSTATUS NTAPI ObReferenceObjectByHandle(IN HANDLE Handle, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, OUT PVOID *Object, OUT POBJECT_HANDLE_INFORMATION HandleInformation OPTIONAL)
NTSTATUS NTAPI ObReferenceObjectByPointer(IN PVOID Object, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode)
#define _SEH2_GetExceptionCode()
#define _SEH2_EXCEPT(...)
#define _SEH2_YIELD(__stmt)
#define ProbeForWriteHandle(Ptr)
#define ProbeForWriteBoolean(Ptr)
GENERIC_MAPPING GenericMapping
ULONG DefaultPagedPoolCharge
OB_DELETE_METHOD DeleteProcedure
PSEP_LOGON_SESSION_REFERENCES LogonSession
#define TAG_TOKEN_DYNAMIC
#define TAG_SE_TOKEN_LOCK
#define RtlCopyMemory(Destination, Source, Length)
#define RtlZeroMemory(Destination, Length)
#define RtlMoveMemory(Destination, Source, Length)
#define STATUS_ACCESS_DENIED
#define STATUS_INVALID_PARAMETER
#define STATUS_UNSUCCESSFUL
#define STATUS_INSUFFICIENT_RESOURCES
_In_ WDFCOLLECTION _In_ ULONG Index
_Must_inspect_result_ _In_ WDFDEVICE _In_ ULONG _In_ ACCESS_MASK DesiredAccess
BOOL WINAPI IsChild(_In_ HWND, _In_ HWND)
_IRQL_requires_same_ typedef _In_ ULONG _In_ UCHAR Level
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
_At_(*)(_In_ PWSK_CLIENT Client, _In_opt_ PUNICODE_STRING NodeName, _In_opt_ PUNICODE_STRING ServiceName, _In_opt_ ULONG NameSpace, _In_opt_ GUID *Provider, _In_opt_ PADDRINFOEXW Hints, _Outptr_ PADDRINFOEXW *Result, _In_opt_ PEPROCESS OwningProcess, _In_opt_ PETHREAD OwningThread, _Inout_ PIRP Irp Result)(Mem)) NTSTATUS(WSKAPI *PFN_WSK_GET_ADDRESS_INFO
#define ObDereferenceObject
#define ObReferenceObject
_Out_ PBOOLEAN CopyOnOpen
_Inout_ PSE_IMPERSONATION_STATE ImpersonationState
#define PsGetCurrentProcess
_Out_ PBOOLEAN _Out_ PBOOLEAN _Out_ PSECURITY_IMPERSONATION_LEVEL ImpersonationLevel
#define RtlEqualLuid(Luid1, Luid2)
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET * Privileges
_In_ KPROCESSOR_MODE PreviousMode
#define TOKEN_SESSION_NOT_REFERENCED
#define TOKEN_HAS_TRAVERSE_PRIVILEGE
#define TOKEN_HAS_BACKUP_PRIVILEGE
#define TOKEN_HAS_IMPERSONATE_PRIVILEGE
#define TOKEN_HAS_RESTORE_PRIVILEGE
#define SECURITY_DESCRIPTOR_REVISION
struct _SID_AND_ATTRIBUTES SID_AND_ATTRIBUTES
#define TOKEN_SANDBOX_INERT
#define TOKEN_IMPERSONATE
#define SE_PRIVILEGE_ENABLED
#define TOKEN_IS_RESTRICTED
#define SE_BACKUP_PRIVILEGES_CHECKED
#define SE_PRIVILEGE_ENABLED_BY_DEFAULT
#define TOKEN_HAS_ADMIN_GROUP
#define ANONYMOUS_LOGON_LUID
_In_ ACCESS_MASK _In_ BOOLEAN OpenAsSelf