db/d25/ntoskrnl_2se_2token_8c_source.html

/*

 * PROJECT:     ReactOS Kernel

 * LICENSE:     GPL-2.0-or-later (https://spdx.org/licenses/GPL-2.0-or-later)

 * PURPOSE:     Security access token implementation base support routines

 * COPYRIGHT:   Copyright David Welch <welch@cwcom.net>

 *              Copyright 2021-2022 George Bișoc <george.bisoc@reactos.org>

 */


/* INCLUDES *******************************************************************/


#include <ntoskrnl.h>

#define NDEBUG

#include <debug.h>


/* GLOBALS ********************************************************************/


POBJECT_TYPE SeTokenObjectType = NULL;


TOKEN_SOURCE SeSystemTokenSource = {"*SYSTEM*", {0}};

LUID SeSystemAuthenticationId = SYSTEM_LUID;

LUID SeAnonymousAuthenticationId = ANONYMOUS_LOGON_LUID;


static GENERIC_MAPPING SepTokenMapping = {

    TOKEN_READ,

    TOKEN_WRITE,

    TOKEN_EXECUTE,

    TOKEN_ALL_ACCESS

};


/* PRIVATE FUNCTIONS *****************************************************************/


NTSTATUS

SepCreateTokenLock(

    _Inout_ PTOKEN Token)

{

    PAGED_CODE();


    Token->TokenLock = ExAllocatePoolWithTag(NonPagedPool,

                                             sizeof(ERESOURCE),

                                             TAG_SE_TOKEN_LOCK);

    if (Token->TokenLock == NULL)

    {

        DPRINT1("SepCreateTokenLock(): Failed to allocate memory!\n");

        return STATUS_INSUFFICIENT_RESOURCES;

    }


    ExInitializeResourceLite(Token->TokenLock);

    return STATUS_SUCCESS;

}


VOID

SepDeleteTokenLock(

    _Inout_ PTOKEN Token)

{

    PAGED_CODE();


    ExDeleteResourceLite(Token->TokenLock);

    ExFreePoolWithTag(Token->TokenLock, TAG_SE_TOKEN_LOCK);

}


static

BOOLEAN

SepCompareSidAndAttributesFromTokens(

    _In_ PSID_AND_ATTRIBUTES SidArrayToken1,

    _In_ ULONG CountSidArray1,

    _In_ PSID_AND_ATTRIBUTES SidArrayToken2,

    _In_ ULONG CountSidArray2)

{

    ULONG FirstCount, SecondCount;

    PSID_AND_ATTRIBUTES FirstSidArray, SecondSidArray;

    PAGED_CODE();


    /* Bail out if index counters provided are not equal */

    if (CountSidArray1 != CountSidArray2)

    {

        DPRINT("SepCompareSidAndAttributesFromTokens(): Index counters are not the same!\n");

        return FALSE;

    }


    /* Loop over the SID arrays and compare them */

    for (FirstCount = 0; FirstCount < CountSidArray1; FirstCount++)

    {

        for (SecondCount = 0; SecondCount < CountSidArray2; SecondCount++)

        {

            FirstSidArray = &SidArrayToken1[FirstCount];

            SecondSidArray = &SidArrayToken2[SecondCount];


            if (RtlEqualSid(FirstSidArray->Sid, SecondSidArray->Sid) &&

                FirstSidArray->Attributes == SecondSidArray->Attributes)

            {

                break;

            }

        }


        /* We've exhausted the array of the second token without finding this one */

        if (SecondCount == CountSidArray2)

        {

            DPRINT("SepCompareSidAndAttributesFromTokens(): No matching elements could be found in either token!\n");

            return FALSE;

        }

    }


    return TRUE;

}


static

BOOLEAN

SepComparePrivilegeAndAttributesFromTokens(

    _In_ PLUID_AND_ATTRIBUTES PrivArrayToken1,

    _In_ ULONG CountPrivArray1,

    _In_ PLUID_AND_ATTRIBUTES PrivArrayToken2,

    _In_ ULONG CountPrivArray2)

{

    ULONG FirstCount, SecondCount;

    PLUID_AND_ATTRIBUTES FirstPrivArray, SecondPrivArray;

    PAGED_CODE();


    /* Bail out if index counters provided are not equal */

    if (CountPrivArray1 != CountPrivArray2)

    {

        DPRINT("SepComparePrivilegeAndAttributesFromTokens(): Index counters are not the same!\n");

        return FALSE;

    }


    /* Loop over the privilege arrays and compare them */

    for (FirstCount = 0; FirstCount < CountPrivArray1; FirstCount++)

    {

        for (SecondCount = 0; SecondCount < CountPrivArray2; SecondCount++)

        {

            FirstPrivArray = &PrivArrayToken1[FirstCount];

            SecondPrivArray = &PrivArrayToken2[SecondCount];


            if (RtlEqualLuid(&FirstPrivArray->Luid, &SecondPrivArray->Luid) &&

                FirstPrivArray->Attributes == SecondPrivArray->Attributes)

            {

                break;

            }

        }


        /* We've exhausted the array of the second token without finding this one */

        if (SecondCount == CountPrivArray2)

        {

            DPRINT("SepComparePrivilegeAndAttributesFromTokens(): No matching elements could be found in either token!\n");

            return FALSE;

        }

    }


    return TRUE;

}


static

NTSTATUS

SepCompareTokens(

    _In_ PTOKEN FirstToken,

    _In_ PTOKEN SecondToken,

    _Out_ PBOOLEAN Equal)

{

    BOOLEAN Restricted, IsEqual = FALSE;

    PAGED_CODE();


    ASSERT(FirstToken != SecondToken);


    /* Lock the tokens */

    SepAcquireTokenLockShared(FirstToken);

    SepAcquireTokenLockShared(SecondToken);


    /* Check if every SID that is present in either token is also present in the other one */

    if (!SepCompareSidAndAttributesFromTokens(FirstToken->UserAndGroups,

                                              FirstToken->UserAndGroupCount,

                                              SecondToken->UserAndGroups,

                                              SecondToken->UserAndGroupCount))

    {

        goto Quit;

    }


    /* Is one token restricted but the other isn't? */

    Restricted = SeTokenIsRestricted(FirstToken);

    if (Restricted != SeTokenIsRestricted(SecondToken))

    {

        /* If that's the case then bail out */

        goto Quit;

    }


    /*

     * If both tokens are restricted check if every SID

     * that is restricted in either token is also restricted

     * in the other one.

     */

    if (Restricted)

    {

        if (!SepCompareSidAndAttributesFromTokens(FirstToken->RestrictedSids,

                                                  FirstToken->RestrictedSidCount,

                                                  SecondToken->RestrictedSids,

                                                  SecondToken->RestrictedSidCount))

        {

            goto Quit;

        }

    }


    /* Check if every privilege present in either token is also present in the other one */

    if (!SepComparePrivilegeAndAttributesFromTokens(FirstToken->Privileges,

                                                    FirstToken->PrivilegeCount,

                                                    SecondToken->Privileges,

                                                    SecondToken->PrivilegeCount))

    {

        goto Quit;

    }


    /* If we're here then the tokens are equal */

    IsEqual = TRUE;

    DPRINT("SepCompareTokens(): Tokens are equal!\n");


Quit:

    /* Unlock the tokens */

    SepReleaseTokenLock(SecondToken);

    SepReleaseTokenLock(FirstToken);


    *Equal = IsEqual;

    return STATUS_SUCCESS;

}


static

NTSTATUS

SepImpersonateAnonymousToken(

    _In_ PETHREAD Thread,

    _In_ KPROCESSOR_MODE PreviousMode)

{

    NTSTATUS Status;

    PTOKEN TokenToImpersonate, ProcessToken;

    ULONG IncludeEveryoneValueData;

    PAGED_CODE();


    /*

     * We must check first which kind of token

     * shall we assign for the thread to impersonate,

     * the one with Everyone Group SID or the other

     * without. Invoke the registry helper to

     * return the data value for us.

     */

    Status = SepRegQueryHelper(L"\\Registry\\Machine\\SYSTEM\\CurrentControlSet\\Control\\Lsa",

                               L"EveryoneIncludesAnonymous",

                               REG_DWORD,

                               sizeof(IncludeEveryoneValueData),

                               &IncludeEveryoneValueData);

    if (!NT_SUCCESS(Status))

    {

        DPRINT1("SepRegQueryHelper(): Failed to query the registry value (Status 0x%lx)\n", Status);

        return Status;

    }


    if (IncludeEveryoneValueData == 0)

    {

        DPRINT("SepImpersonateAnonymousToken(): Assigning the token not including the Everyone Group SID...\n");

        TokenToImpersonate = SeAnonymousLogonTokenNoEveryone;

    }

    else

    {

        DPRINT("SepImpersonateAnonymousToken(): Assigning the token including the Everyone Group SID...\n");

        TokenToImpersonate = SeAnonymousLogonToken;

    }


    /*

     * Tell the object manager that we're going to use this token

     * object now by incrementing the reference count.

    */

    Status = ObReferenceObjectByPointer(TokenToImpersonate,

                                        TOKEN_IMPERSONATE,

                                        SeTokenObjectType,

                                        PreviousMode);

    if (!NT_SUCCESS(Status))

    {

        DPRINT1("SepImpersonateAnonymousToken(): Couldn't be able to use the token, bail out...\n");

        return Status;

    }


    /*

     * Reference the primary token of the current process that the anonymous

     * logon token impersonation procedure is being performed. We'll be going

     * to use the process' token to figure out if the process is actually

     * restricted or not.

     */

    ProcessToken = PsReferencePrimaryToken(PsGetCurrentProcess());

    if (!ProcessToken)

    {

        DPRINT1("SepImpersonateAnonymousToken(): Couldn't be able to get the process' primary token, bail out...\n");

        ObDereferenceObject(TokenToImpersonate);

        return STATUS_UNSUCCESSFUL;

    }


    /* Now, is the token from the current process restricted? */

    if (SeTokenIsRestricted(ProcessToken))

    {

        DPRINT1("SepImpersonateAnonymousToken(): The process is restricted, can't do anything. Bail out...\n");

        PsDereferencePrimaryToken(ProcessToken);

        ObDereferenceObject(TokenToImpersonate);

        return STATUS_ACCESS_DENIED;

    }


    /*

     * Finally it's time to impersonate! But first, fast dereference the

     * process' primary token as we no longer need it.

     */

    ObFastDereferenceObject(&PsGetCurrentProcess()->Token, ProcessToken);

    Status = PsImpersonateClient(Thread, TokenToImpersonate, TRUE, FALSE, SecurityImpersonation);

    if (!NT_SUCCESS(Status))

    {

        DPRINT1("SepImpersonateAnonymousToken(): Failed to impersonate, bail out...\n");

        ObDereferenceObject(TokenToImpersonate);

        return Status;

    }


    return Status;

}


VOID

SepUpdateSinglePrivilegeFlagToken(

    _Inout_ PTOKEN Token,

    _In_ ULONG Index)

{

    ULONG TokenFlag;

    ASSERT(Index < Token->PrivilegeCount);


    /* The high part of all values we are interested in is 0 */

    if (Token->Privileges[Index].Luid.HighPart != 0)

    {

        return;

    }


    /* Check for certain privileges to update flags */

    if (Token->Privileges[Index].Luid.LowPart == SE_CHANGE_NOTIFY_PRIVILEGE)

    {

        TokenFlag = TOKEN_HAS_TRAVERSE_PRIVILEGE;

    }

    else if (Token->Privileges[Index].Luid.LowPart == SE_BACKUP_PRIVILEGE)

    {

        TokenFlag = TOKEN_HAS_BACKUP_PRIVILEGE;

    }

    else if (Token->Privileges[Index].Luid.LowPart == SE_RESTORE_PRIVILEGE)

    {

        TokenFlag = TOKEN_HAS_RESTORE_PRIVILEGE;

    }

    else if (Token->Privileges[Index].Luid.LowPart == SE_IMPERSONATE_PRIVILEGE)

    {

        TokenFlag = TOKEN_HAS_IMPERSONATE_PRIVILEGE;

    }

    else

    {

        /* Nothing to do */

        return;

    }


    /* Check if the specified privilege is enabled */

    if (Token->Privileges[Index].Attributes & SE_PRIVILEGE_ENABLED)

    {

        /* It is enabled, so set the flag */

        Token->TokenFlags |= TokenFlag;

    }

    else

    {

        /* Is is disabled, so remove the flag */

        Token->TokenFlags &= ~TokenFlag;

    }

}


BOOLEAN

NTAPI

SepTokenIsOwner(

    _In_ PACCESS_TOKEN _Token,

    _In_ PSECURITY_DESCRIPTOR SecurityDescriptor,

    _In_ BOOLEAN TokenLocked)

{

    PSID Sid;

    BOOLEAN Result;

    PTOKEN Token = _Token;


    /* Get the owner SID */

    Sid = SepGetOwnerFromDescriptor(SecurityDescriptor);

    ASSERT(Sid != NULL);


    /* Lock the token if needed */

    if (!TokenLocked) SepAcquireTokenLockShared(Token);


    /* Check if the owner SID is found, handling restricted case as well */

    Result = SepSidInToken(Token, Sid);

    if ((Result) && (Token->TokenFlags & TOKEN_IS_RESTRICTED))

    {

        Result = SepSidInTokenEx(Token, NULL, Sid, FALSE, TRUE);

    }


    /* Release the lock if we had acquired it */

    if (!TokenLocked) SepReleaseTokenLock(Token);


    /* Return the result */

    return Result;

}


VOID

SepUpdatePrivilegeFlagsToken(

    _Inout_ PTOKEN Token)

{

    ULONG i;


    /* Loop all privileges */

    for (i = 0; i < Token->PrivilegeCount; i++)

    {

        /* Updates the flags for this privilege */

        SepUpdateSinglePrivilegeFlagToken(Token, i);

    }

}


VOID

SepRemovePrivilegeToken(

    _Inout_ PTOKEN Token,

    _In_ ULONG Index)

{

    ULONG MoveCount;

    ASSERT(Index < Token->PrivilegeCount);


    /* Calculate the number of trailing privileges */

    MoveCount = Token->PrivilegeCount - Index - 1;

    if (MoveCount != 0)

    {

        /* Move them one location ahead */

        RtlMoveMemory(&Token->Privileges[Index],

                      &Token->Privileges[Index + 1],

                      MoveCount * sizeof(LUID_AND_ATTRIBUTES));

    }


    /* Update privilege count */

    Token->PrivilegeCount--;

}


VOID

SepRemoveUserGroupToken(

    _Inout_ PTOKEN Token,

    _In_ ULONG Index)

{

    ULONG MoveCount;

    ASSERT(Index < Token->UserAndGroupCount);


    /* Calculate the number of trailing groups */

    MoveCount = Token->UserAndGroupCount - Index - 1;

    if (MoveCount != 0)

    {

        /* Time to remove the group by moving one location ahead */

        RtlMoveMemory(&Token->UserAndGroups[Index],

                      &Token->UserAndGroups[Index + 1],

                      MoveCount * sizeof(SID_AND_ATTRIBUTES));

    }


    /* Remove one group count */

    Token->UserAndGroupCount--;

}


ULONG

SepComputeAvailableDynamicSpace(

    _In_ ULONG DynamicCharged,

    _In_ PSID PrimaryGroup,

    _In_opt_ PACL DefaultDacl)

{

    ULONG DynamicAvailable;


    PAGED_CODE();


    /* A token's dynamic area is always charged */

    ASSERT(DynamicCharged != 0);


    /*

     * Take into account the default DACL if

     * the token has one. Otherwise the occupied

     * space is just the present primary group.

     */

    DynamicAvailable = DynamicCharged - RtlLengthSid(PrimaryGroup);

    if (DefaultDacl)

    {

        DynamicAvailable -= DefaultDacl->AclSize;

    }


    return DynamicAvailable;

}


NTSTATUS

SepRebuildDynamicPartOfToken(

    _Inout_ PTOKEN AccessToken,

    _In_ ULONG NewDynamicPartSize)

{

    PVOID NewDynamicPart;

    PVOID PreviousDynamicPart;

    ULONG CurrentDynamicLength;


    PAGED_CODE();


    /* Sanity checks */

    ASSERT(AccessToken);

    ASSERT(NewDynamicPartSize != 0);


    /*

     * Compute the exact length of the available

     * dynamic part of the access token.

     */

    CurrentDynamicLength = AccessToken->DynamicAvailable + RtlLengthSid(AccessToken->PrimaryGroup);

    if (AccessToken->DefaultDacl)

    {

        CurrentDynamicLength += AccessToken->DefaultDacl->AclSize;

    }


    /*

     * Figure out if the current dynamic part is too small

     * to fit new contents inside the said dynamic part.

     * Rebuild the dynamic area and expand it if necessary.

     */

    if (CurrentDynamicLength < NewDynamicPartSize)

    {

        NewDynamicPart = ExAllocatePoolWithTag(PagedPool,

                                               NewDynamicPartSize,

                                               TAG_TOKEN_DYNAMIC);

        if (NewDynamicPart == NULL)

        {

            DPRINT1("SepRebuildDynamicPartOfToken(): Insufficient resources to allocate new dynamic part!\n");

            return STATUS_INSUFFICIENT_RESOURCES;

        }


        /* Copy the existing dynamic part */

        PreviousDynamicPart = AccessToken->DynamicPart;

        RtlCopyMemory(NewDynamicPart, PreviousDynamicPart, CurrentDynamicLength);


        /* Update the available dynamic area and assign new dynamic */

        AccessToken->DynamicAvailable += NewDynamicPartSize - CurrentDynamicLength;

        AccessToken->DynamicPart = NewDynamicPart;


        /* Move the contents (primary group and default DACL) addresses as well */

        AccessToken->PrimaryGroup = (PSID)((ULONG_PTR)AccessToken->DynamicPart +

                                    ((ULONG_PTR)AccessToken->PrimaryGroup - (ULONG_PTR)PreviousDynamicPart));

        if (AccessToken->DefaultDacl != NULL)

        {

            AccessToken->DefaultDacl = (PACL)((ULONG_PTR)AccessToken->DynamicPart +

                                       ((ULONG_PTR)AccessToken->DefaultDacl - (ULONG_PTR)PreviousDynamicPart));

        }


        /* And discard the previous dynamic part */

        DPRINT("SepRebuildDynamicPartOfToken(): The dynamic part has been re-built with success!\n");

        ExFreePoolWithTag(PreviousDynamicPart, TAG_TOKEN_DYNAMIC);

    }


    return STATUS_SUCCESS;

}


VOID

NTAPI

SepFreeProxyData(

    _Inout_ PVOID ProxyData)

{

    UNIMPLEMENTED;

}


NTSTATUS

NTAPI

SepCopyProxyData(

    _Out_ PVOID* Dest,

    _In_ PVOID Src)

{

    UNIMPLEMENTED;

    return STATUS_NOT_IMPLEMENTED;

}


NTSTATUS

NTAPI

SeExchangePrimaryToken(

    _In_ PEPROCESS Process,

    _In_ PACCESS_TOKEN NewAccessToken,

    _Out_ PACCESS_TOKEN* OldAccessToken)

{

    PTOKEN OldToken;

    PTOKEN NewToken = (PTOKEN)NewAccessToken;


    PAGED_CODE();


    if (NewToken->TokenType != TokenPrimary)

        return STATUS_BAD_TOKEN_TYPE;


    if (NewToken->TokenInUse)

    {

        BOOLEAN IsEqual;

        NTSTATUS Status;


        /* Maybe we're trying to set the same token */

        OldToken = PsReferencePrimaryToken(Process);

        if (OldToken == NewToken)

        {

            /* So it's a nop. */

            *OldAccessToken = OldToken;

            return STATUS_SUCCESS;

        }


        Status = SepCompareTokens(OldToken, NewToken, &IsEqual);

        if (!NT_SUCCESS(Status))

        {

            PsDereferencePrimaryToken(OldToken);

            *OldAccessToken = NULL;

            return Status;

        }


        if (!IsEqual)

        {

            PsDereferencePrimaryToken(OldToken);

            *OldAccessToken = NULL;

            return STATUS_TOKEN_ALREADY_IN_USE;

        }

        /* Silently return STATUS_SUCCESS but do not set the new token,

         * as it's already in use elsewhere. */

        *OldAccessToken = OldToken;

        return STATUS_SUCCESS;

    }


    /* Lock the new token */

    SepAcquireTokenLockExclusive(NewToken);


    /* Mark new token in use */

    NewToken->TokenInUse = TRUE;


    /* Set the session ID for the new token */

    NewToken->SessionId = MmGetSessionId(Process);


    /* Unlock the new token */

    SepReleaseTokenLock(NewToken);


    /* Reference the new token */

    ObReferenceObject(NewToken);


    /* Replace the old with the new */

    OldToken = ObFastReplaceObject(&Process->Token, NewToken);


    /* Lock the old token */

    SepAcquireTokenLockExclusive(OldToken);


    /* Mark the old token as free */

    OldToken->TokenInUse = FALSE;


    /* Unlock the old token */

    SepReleaseTokenLock(OldToken);


    *OldAccessToken = (PACCESS_TOKEN)OldToken;

    return STATUS_SUCCESS;

}


VOID

NTAPI

SeDeassignPrimaryToken(

    _Inout_ PEPROCESS Process)

{

    PTOKEN OldToken;


    /* Remove the Token */

    OldToken = ObFastReplaceObject(&Process->Token, NULL);


    /* Mark the Old Token as free */

    OldToken->TokenInUse = FALSE;


    /* Dereference the Token */

    ObDereferenceObject(OldToken);

}


ULONG

RtlLengthSidAndAttributes(

    _In_ ULONG Count,

    _In_ PSID_AND_ATTRIBUTES Src)

{

    ULONG i;

    ULONG uLength;


    PAGED_CODE();


    uLength = Count * sizeof(SID_AND_ATTRIBUTES);

    for (i = 0; i < Count; i++)

        uLength += RtlLengthSid(Src[i].Sid);


    return uLength;

}


NTSTATUS

SepFindPrimaryGroupAndDefaultOwner(

    _In_ PTOKEN Token,

    _In_ PSID PrimaryGroup,

    _In_opt_ PSID DefaultOwner,

    _Out_opt_ PULONG PrimaryGroupIndex,

    _Out_opt_ PULONG DefaultOwnerIndex)

{

    ULONG i;


    /* We should return at least a search result */

    if (!PrimaryGroupIndex && !DefaultOwnerIndex)

        return STATUS_INVALID_PARAMETER;


    if (PrimaryGroupIndex)

    {

        /* Initialize with an invalid index */

        // Token->PrimaryGroup = NULL;

        *PrimaryGroupIndex = Token->UserAndGroupCount;

    }


    if (DefaultOwnerIndex)

    {

        if (DefaultOwner)

        {

            /* An owner is specified: check whether this is actually the user */

            if (RtlEqualSid(Token->UserAndGroups[0].Sid, DefaultOwner))

            {

                /*

                 * It's the user (first element in array): set it

                 * as the owner and stop the search for it.

                 */

                *DefaultOwnerIndex = 0;

                DefaultOwnerIndex = NULL;

            }

            else

            {

                /* An owner is specified: initialize with an invalid index */

                *DefaultOwnerIndex = Token->UserAndGroupCount;

            }

        }

        else

        {

            /*

             * No owner specified: set the user (first element in array)

             * as the owner and stop the search for it.

             */

            *DefaultOwnerIndex = 0;

            DefaultOwnerIndex = NULL;

        }

    }


    /* Validate and set the primary group and default owner indices */

    for (i = 0; i < Token->UserAndGroupCount; i++)

    {

        /* Stop the search if we have found what we searched for */

        if (!PrimaryGroupIndex && !DefaultOwnerIndex)

            break;


        if (DefaultOwnerIndex && DefaultOwner &&

            RtlEqualSid(Token->UserAndGroups[i].Sid, DefaultOwner) &&

            (Token->UserAndGroups[i].Attributes & SE_GROUP_OWNER))

        {

            /* Owner is found, stop the search for it */

            *DefaultOwnerIndex = i;

            DefaultOwnerIndex = NULL;

        }


        if (PrimaryGroupIndex &&

            RtlEqualSid(Token->UserAndGroups[i].Sid, PrimaryGroup))

        {

            /* Primary group is found, stop the search for it */

            // Token->PrimaryGroup = Token->UserAndGroups[i].Sid;

            *PrimaryGroupIndex = i;

            PrimaryGroupIndex = NULL;

        }

    }


    if (DefaultOwnerIndex)

    {

        if (*DefaultOwnerIndex == Token->UserAndGroupCount)

            return STATUS_INVALID_OWNER;

    }


    if (PrimaryGroupIndex)

    {

        if (*PrimaryGroupIndex == Token->UserAndGroupCount)

        // if (Token->PrimaryGroup == NULL)

            return STATUS_INVALID_PRIMARY_GROUP;

    }


    return STATUS_SUCCESS;

}


NTSTATUS

NTAPI

SeSubProcessToken(

    _In_ PTOKEN ParentToken,

    _Out_ PTOKEN *Token,

    _In_ BOOLEAN InUse,

    _In_ ULONG SessionId)

{

    PTOKEN NewToken;

    OBJECT_ATTRIBUTES ObjectAttributes;

    NTSTATUS Status;


    /* Initialize the attributes and duplicate it */

    InitializeObjectAttributes(&ObjectAttributes, NULL, 0, NULL, NULL);

    Status = SepDuplicateToken(ParentToken,

                               &ObjectAttributes,

                               FALSE,

                               TokenPrimary,

                               ParentToken->ImpersonationLevel,

                               KernelMode,

                               &NewToken);

    if (NT_SUCCESS(Status))

    {

        /* Insert it */

        Status = ObInsertObject(NewToken,

                                NULL,

                                0,

                                0,

                                NULL,

                                NULL);

        if (NT_SUCCESS(Status))

        {

            /* Set the session ID */

            NewToken->SessionId = SessionId;

            NewToken->TokenInUse = InUse;


            /* Return the token */

            *Token = NewToken;

        }

    }


    /* Return status */

    return Status;

}


NTSTATUS

NTAPI

SeIsTokenChild(

    _In_ PTOKEN Token,

    _Out_ PBOOLEAN IsChild)

{

    PTOKEN ProcessToken;

    LUID ProcessTokenId, CallerParentId;


    /* Assume failure */

    *IsChild = FALSE;


    /* Reference the process token */

    ProcessToken = PsReferencePrimaryToken(PsGetCurrentProcess());

    if (!ProcessToken)

        return STATUS_UNSUCCESSFUL;


    /* Get its token ID */

    ProcessTokenId = ProcessToken->TokenId;


    /* Dereference the token */

    ObFastDereferenceObject(&PsGetCurrentProcess()->Token, ProcessToken);


    /* Get our parent token ID */

    CallerParentId = Token->ParentTokenId;


    /* Compare the token IDs */

    if (RtlEqualLuid(&CallerParentId, &ProcessTokenId))

        *IsChild = TRUE;


    /* Return success */

    return STATUS_SUCCESS;

}


NTSTATUS

NTAPI

SeIsTokenSibling(

    _In_ PTOKEN Token,

    _Out_ PBOOLEAN IsSibling)

{

    PTOKEN ProcessToken;

    LUID ProcessParentId, ProcessAuthId;

    LUID CallerParentId, CallerAuthId;


    /* Assume failure */

    *IsSibling = FALSE;


    /* Reference the process token */

    ProcessToken = PsReferencePrimaryToken(PsGetCurrentProcess());

    if (!ProcessToken)

        return STATUS_UNSUCCESSFUL;


    /* Get its parent and authentication IDs */

    ProcessParentId = ProcessToken->ParentTokenId;

    ProcessAuthId = ProcessToken->AuthenticationId;


    /* Dereference the token */

    ObFastDereferenceObject(&PsGetCurrentProcess()->Token, ProcessToken);


    /* Get our parent and authentication IDs */

    CallerParentId = Token->ParentTokenId;

    CallerAuthId = Token->AuthenticationId;


    /* Compare the token IDs */

    if (RtlEqualLuid(&CallerParentId, &ProcessParentId) &&

        RtlEqualLuid(&CallerAuthId, &ProcessAuthId))

    {

        *IsSibling = TRUE;

    }


    /* Return success */

    return STATUS_SUCCESS;

}


NTSTATUS

NTAPI

SeCopyClientToken(

    _In_ PACCESS_TOKEN Token,

    _In_ SECURITY_IMPERSONATION_LEVEL Level,

    _In_ KPROCESSOR_MODE PreviousMode,

    _Out_ PACCESS_TOKEN* NewToken)

{

    NTSTATUS Status;

    OBJECT_ATTRIBUTES ObjectAttributes;


    PAGED_CODE();


    InitializeObjectAttributes(&ObjectAttributes,

                               NULL,

                               0,

                               NULL,

                               NULL);


    Status = SepDuplicateToken(Token,

                               &ObjectAttributes,

                               FALSE,

                               TokenImpersonation,

                               Level,

                               PreviousMode,

                               (PTOKEN*)NewToken);


    return Status;

}


BOOLEAN

NTAPI

SeTokenIsInert(

    _In_ PTOKEN Token)

{

    PAGED_CODE();


    return (((PTOKEN)Token)->TokenFlags & TOKEN_SANDBOX_INERT) != 0;

}


VOID

NTAPI

SepDeleteToken(

    _In_ PVOID ObjectBody)

{

    NTSTATUS Status;

    PTOKEN AccessToken = (PTOKEN)ObjectBody;


    DPRINT("SepDeleteToken()\n");


    /* Remove the referenced logon session from token */

    if (AccessToken->LogonSession)

    {

        Status = SepRmRemoveLogonSessionFromToken(AccessToken);

        if (!NT_SUCCESS(Status))

        {

            /* Something seriously went wrong */

            DPRINT1("SepDeleteToken(): Failed to remove the logon session from token (Status: 0x%lx)\n", Status);

            return;

        }

    }


    /* Dereference the logon session */

    if ((AccessToken->TokenFlags & TOKEN_SESSION_NOT_REFERENCED) == 0)

        SepRmDereferenceLogonSession(&AccessToken->AuthenticationId);


    /* Delete the token lock */

    if (AccessToken->TokenLock)

        SepDeleteTokenLock(AccessToken);


    /* Delete the dynamic information area */

    if (AccessToken->DynamicPart)

        ExFreePoolWithTag(AccessToken->DynamicPart, TAG_TOKEN_DYNAMIC);

}


CODE_SEG("INIT")

VOID

NTAPI

SepInitializeTokenImplementation(VOID)

{

    UNICODE_STRING Name;

    OBJECT_TYPE_INITIALIZER ObjectTypeInitializer;


    DPRINT("Creating Token Object Type\n");


    /* Initialize the Token type */

    RtlZeroMemory(&ObjectTypeInitializer, sizeof(ObjectTypeInitializer));

    RtlInitUnicodeString(&Name, L"Token");

    ObjectTypeInitializer.Length = sizeof(ObjectTypeInitializer);

    ObjectTypeInitializer.InvalidAttributes = OBJ_OPENLINK;

    ObjectTypeInitializer.SecurityRequired = TRUE;

    ObjectTypeInitializer.DefaultPagedPoolCharge = sizeof(TOKEN);

    ObjectTypeInitializer.GenericMapping = SepTokenMapping;

    ObjectTypeInitializer.PoolType = PagedPool;

    ObjectTypeInitializer.ValidAccessMask = TOKEN_ALL_ACCESS;

    ObjectTypeInitializer.UseDefaultObject = TRUE;

    ObjectTypeInitializer.DeleteProcedure = SepDeleteToken;

    ObCreateObjectType(&Name, &ObjectTypeInitializer, NULL, &SeTokenObjectType);

}


VOID

NTAPI

SeAssignPrimaryToken(

    _In_ PEPROCESS Process,

    _In_ PTOKEN Token)

{

    PAGED_CODE();


    /* Sanity checks */

    ASSERT(Token->TokenType == TokenPrimary);

    ASSERT(!Token->TokenInUse);


    /* Clean any previous token */

    if (Process->Token.Object) SeDeassignPrimaryToken(Process);


    /* Set the new token */

    ObReferenceObject(Token);

    Token->TokenInUse = TRUE;

    ObInitializeFastReference(&Process->Token, Token);

}


VOID

NTAPI

SeGetTokenControlInformation(

    _In_ PACCESS_TOKEN _Token,

    _Out_ PTOKEN_CONTROL TokenControl)

{

    PTOKEN Token = _Token;

    PAGED_CODE();


    /* Capture the main fields */

    TokenControl->AuthenticationId = Token->AuthenticationId;

    TokenControl->TokenId = Token->TokenId;

    TokenControl->TokenSource = Token->TokenSource;


    /* Lock the token */

    SepAcquireTokenLockShared(Token);


    /* Capture the modified ID */

    TokenControl->ModifiedId = Token->ModifiedId;


    /* Unlock it */

    SepReleaseTokenLock(Token);

}


CODE_SEG("INIT")

PTOKEN

NTAPI

SepCreateSystemProcessToken(VOID)

{

    LUID_AND_ATTRIBUTES Privileges[25];

    ULONG GroupAttributes, OwnerAttributes;

    SID_AND_ATTRIBUTES Groups[32];

    LARGE_INTEGER Expiration;

    SID_AND_ATTRIBUTES UserSid;

    ULONG GroupsLength;

    PSID PrimaryGroup;

    OBJECT_ATTRIBUTES ObjectAttributes;

    PSID Owner;

    ULONG i;

    PTOKEN Token;

    NTSTATUS Status;


    /* Don't ever expire */

    Expiration.QuadPart = -1;


    /* All groups mandatory and enabled */

    GroupAttributes = SE_GROUP_ENABLED | SE_GROUP_MANDATORY | SE_GROUP_ENABLED_BY_DEFAULT;

    OwnerAttributes = SE_GROUP_ENABLED | SE_GROUP_OWNER | SE_GROUP_ENABLED_BY_DEFAULT;


    /* User is Local System */

    UserSid.Sid = SeLocalSystemSid;

    UserSid.Attributes = 0;


    /* Primary group is Local System */

    PrimaryGroup = SeLocalSystemSid;


    /* Owner is Administrators */

    Owner = SeAliasAdminsSid;


    /* Groups are Administrators, World, and Authenticated Users */

    Groups[0].Sid = SeAliasAdminsSid;

    Groups[0].Attributes = OwnerAttributes;

    Groups[1].Sid = SeWorldSid;

    Groups[1].Attributes = GroupAttributes;

    Groups[2].Sid = SeAuthenticatedUsersSid;

    Groups[2].Attributes = GroupAttributes;

    GroupsLength = sizeof(SID_AND_ATTRIBUTES) +

                   SeLengthSid(Groups[0].Sid) +

                   SeLengthSid(Groups[1].Sid) +

                   SeLengthSid(Groups[2].Sid);

    ASSERT(GroupsLength <= sizeof(Groups));


    /* Setup the privileges */

    i = 0;

    Privileges[i].Attributes = SE_PRIVILEGE_ENABLED_BY_DEFAULT | SE_PRIVILEGE_ENABLED;

    Privileges[i++].Luid = SeTcbPrivilege;


    Privileges[i].Attributes = 0;

    Privileges[i++].Luid = SeCreateTokenPrivilege;


    Privileges[i].Attributes = 0;

    Privileges[i++].Luid = SeTakeOwnershipPrivilege;


    Privileges[i].Attributes = SE_PRIVILEGE_ENABLED_BY_DEFAULT | SE_PRIVILEGE_ENABLED;

    Privileges[i++].Luid = SeCreatePagefilePrivilege;


    Privileges[i].Attributes = SE_PRIVILEGE_ENABLED_BY_DEFAULT | SE_PRIVILEGE_ENABLED;

    Privileges[i++].Luid = SeLockMemoryPrivilege;


    Privileges[i].Attributes = 0;

    Privileges[i++].Luid = SeAssignPrimaryTokenPrivilege;


    Privileges[i].Attributes = 0;

    Privileges[i++].Luid = SeIncreaseQuotaPrivilege;


    Privileges[i].Attributes = SE_PRIVILEGE_ENABLED_BY_DEFAULT | SE_PRIVILEGE_ENABLED;

    Privileges[i++].Luid = SeIncreaseBasePriorityPrivilege;


    Privileges[i].Attributes = SE_PRIVILEGE_ENABLED_BY_DEFAULT | SE_PRIVILEGE_ENABLED;

    Privileges[i++].Luid = SeCreatePermanentPrivilege;


    Privileges[i].Attributes = SE_PRIVILEGE_ENABLED_BY_DEFAULT | SE_PRIVILEGE_ENABLED;

    Privileges[i++].Luid = SeDebugPrivilege;


    Privileges[i].Attributes = SE_PRIVILEGE_ENABLED_BY_DEFAULT | SE_PRIVILEGE_ENABLED;

    Privileges[i++].Luid = SeAuditPrivilege;


    Privileges[i].Attributes = 0;

    Privileges[i++].Luid = SeSecurityPrivilege;


    Privileges[i].Attributes = 0;

    Privileges[i++].Luid = SeSystemEnvironmentPrivilege;


    Privileges[i].Attributes = SE_PRIVILEGE_ENABLED_BY_DEFAULT | SE_PRIVILEGE_ENABLED;

    Privileges[i++].Luid = SeChangeNotifyPrivilege;


    Privileges[i].Attributes = 0;

    Privileges[i++].Luid = SeBackupPrivilege;


    Privileges[i].Attributes = 0;

    Privileges[i++].Luid = SeRestorePrivilege;


    Privileges[i].Attributes = 0;

    Privileges[i++].Luid = SeShutdownPrivilege;


    Privileges[i].Attributes = 0;

    Privileges[i++].Luid = SeLoadDriverPrivilege;


    Privileges[i].Attributes = SE_PRIVILEGE_ENABLED_BY_DEFAULT | SE_PRIVILEGE_ENABLED;

    Privileges[i++].Luid = SeProfileSingleProcessPrivilege;


    Privileges[i].Attributes = 0;

    Privileges[i++].Luid = SeSystemtimePrivilege;

    ASSERT(i == 20);


    /* Setup the object attributes */

    InitializeObjectAttributes(&ObjectAttributes, NULL, 0, NULL, NULL);

    ASSERT(SeSystemDefaultDacl != NULL);


    /* Create the token */

    Status = SepCreateToken((PHANDLE)&Token,

                            KernelMode,

                            0,

                            &ObjectAttributes,

                            TokenPrimary,

                            SecurityAnonymous,

                            &SeSystemAuthenticationId,

                            &Expiration,

                            &UserSid,

                            3,

                            Groups,

                            GroupsLength,

                            20,

                            Privileges,

                            Owner,

                            PrimaryGroup,

                            SeSystemDefaultDacl,

                            &SeSystemTokenSource,

                            TRUE);

    ASSERT(Status == STATUS_SUCCESS);


    /* Return the token */

    return Token;

}


CODE_SEG("INIT")

PTOKEN

SepCreateSystemAnonymousLogonToken(VOID)

{

    SID_AND_ATTRIBUTES Groups[32], UserSid;

    PSID PrimaryGroup;

    PTOKEN Token;

    ULONG GroupsLength;

    LARGE_INTEGER Expiration;

    OBJECT_ATTRIBUTES ObjectAttributes;

    NTSTATUS Status;


    /* The token never expires */

    Expiration.QuadPart = -1;


    /* The user is the anonymous logon */

    UserSid.Sid = SeAnonymousLogonSid;

    UserSid.Attributes = 0;


    /* The primary group is also the anonymous logon */

    PrimaryGroup = SeAnonymousLogonSid;


    /* The only group for the token is the World */

    Groups[0].Sid = SeWorldSid;

    Groups[0].Attributes = SE_GROUP_ENABLED | SE_GROUP_MANDATORY | SE_GROUP_ENABLED_BY_DEFAULT;

    GroupsLength = sizeof(SID_AND_ATTRIBUTES) +

                   SeLengthSid(Groups[0].Sid);

    ASSERT(GroupsLength <= sizeof(Groups));


    /* Initialise the object attributes for the token */

    InitializeObjectAttributes(&ObjectAttributes, NULL, 0, NULL, NULL);

    ASSERT(SeSystemAnonymousLogonDacl != NULL);


    /* Create token */

    Status = SepCreateToken((PHANDLE)&Token,

                            KernelMode,

                            0,

                            &ObjectAttributes,

                            TokenPrimary,

                            SecurityAnonymous,

                            &SeAnonymousAuthenticationId,

                            &Expiration,

                            &UserSid,

                            1,

                            Groups,

                            GroupsLength,

                            0,

                            NULL,

                            NULL,

                            PrimaryGroup,

                            SeSystemAnonymousLogonDacl,

                            &SeSystemTokenSource,

                            TRUE);

    ASSERT(Status == STATUS_SUCCESS);


    /* Return the anonymous logon token */

    return Token;

}


CODE_SEG("INIT")

PTOKEN

SepCreateSystemAnonymousLogonTokenNoEveryone(VOID)

{

    SID_AND_ATTRIBUTES UserSid;

    PSID PrimaryGroup;

    PTOKEN Token;

    LARGE_INTEGER Expiration;

    OBJECT_ATTRIBUTES ObjectAttributes;

    NTSTATUS Status;


    /* The token never expires */

    Expiration.QuadPart = -1;


    /* The user is the anonymous logon */

    UserSid.Sid = SeAnonymousLogonSid;

    UserSid.Attributes = 0;


    /* The primary group is also the anonymous logon */

    PrimaryGroup = SeAnonymousLogonSid;


    /* Initialise the object attributes for the token */

    InitializeObjectAttributes(&ObjectAttributes, NULL, 0, NULL, NULL);

    ASSERT(SeSystemAnonymousLogonDacl != NULL);


    /* Create token */

    Status = SepCreateToken((PHANDLE)&Token,

                            KernelMode,

                            0,

                            &ObjectAttributes,

                            TokenPrimary,

                            SecurityAnonymous,

                            &SeAnonymousAuthenticationId,

                            &Expiration,

                            &UserSid,

                            0,

                            NULL,

                            0,

                            0,

                            NULL,

                            NULL,

                            PrimaryGroup,

                            SeSystemAnonymousLogonDacl,

                            &SeSystemTokenSource,

                            TRUE);

    ASSERT(Status == STATUS_SUCCESS);


    /* Return the anonymous (not including everyone) logon token */

    return Token;

}


/* PUBLIC FUNCTIONS ***********************************************************/


NTSTATUS

NTAPI

SeQuerySessionIdToken(

    _In_ PACCESS_TOKEN Token,

    _Out_ PULONG pSessionId)

{

    PAGED_CODE();


    /* Lock the token */

    SepAcquireTokenLockShared(Token);


    *pSessionId = ((PTOKEN)Token)->SessionId;


    /* Unlock the token */

    SepReleaseTokenLock(Token);


    return STATUS_SUCCESS;

}


NTSTATUS

NTAPI

SeQueryAuthenticationIdToken(

    _In_ PACCESS_TOKEN Token,

    _Out_ PLUID LogonId)

{

    PAGED_CODE();


    *LogonId = ((PTOKEN)Token)->AuthenticationId;


    return STATUS_SUCCESS;

}


SECURITY_IMPERSONATION_LEVEL

NTAPI

SeTokenImpersonationLevel(

    _In_ PACCESS_TOKEN Token)

{

    PAGED_CODE();


    return ((PTOKEN)Token)->ImpersonationLevel;

}


TOKEN_TYPE

NTAPI

SeTokenType(

    _In_ PACCESS_TOKEN Token)

{

    PAGED_CODE();


    return ((PTOKEN)Token)->TokenType;

}


BOOLEAN

NTAPI

SeTokenIsAdmin(

    _In_ PACCESS_TOKEN Token)

{

    PAGED_CODE();


    // NOTE: Win7+ instead really checks the list of groups in the token

    // (since TOKEN_HAS_ADMIN_GROUP == TOKEN_WRITE_RESTRICTED ...)

    return (((PTOKEN)Token)->TokenFlags & TOKEN_HAS_ADMIN_GROUP) != 0;

}


BOOLEAN

NTAPI

SeTokenIsRestricted(

    _In_ PACCESS_TOKEN Token)

{

    PAGED_CODE();


    return (((PTOKEN)Token)->TokenFlags & TOKEN_IS_RESTRICTED) != 0;

}


BOOLEAN

NTAPI

SeTokenIsWriteRestricted(

    _In_ PACCESS_TOKEN Token)

{

    PAGED_CODE();


    // NOTE: NT 5.1 SP2 x86 checks the SE_BACKUP_PRIVILEGES_CHECKED flag

    // while Vista+ checks the TOKEN_WRITE_RESTRICTED flag as one expects.

    return (((PTOKEN)Token)->TokenFlags & SE_BACKUP_PRIVILEGES_CHECKED) != 0;

}


BOOLEAN

NTAPI

SeTokenCanImpersonate(

    _In_ PTOKEN ProcessToken,

    _In_ PTOKEN TokenToImpersonate,

    _In_ SECURITY_IMPERSONATION_LEVEL ImpersonationLevel)

{

    BOOLEAN CanImpersonate;

    PAGED_CODE();


    /*

     * SecurityAnonymous and SecurityIdentification levels do not

     * allow impersonation.

     */

    if (ImpersonationLevel == SecurityAnonymous ||

        ImpersonationLevel == SecurityIdentification)

    {

        return FALSE;

    }


    /* Time to lock our tokens */

    SepAcquireTokenLockShared(ProcessToken);

    SepAcquireTokenLockShared(TokenToImpersonate);


    /* What kind of authentication ID does the token have? */

    if (RtlEqualLuid(&TokenToImpersonate->AuthenticationId,

                     &SeAnonymousAuthenticationId))

    {

        /*

         * OK, it looks like the token has an anonymous

         * authentication. Is that token created by the system?

         */

        if (TokenToImpersonate->TokenSource.SourceName != SeSystemTokenSource.SourceName &&

            !RtlEqualLuid(&TokenToImpersonate->TokenSource.SourceIdentifier, &SeSystemTokenSource.SourceIdentifier))

        {

            /* It isn't, we can't impersonate regular tokens */

            DPRINT("SeTokenCanImpersonate(): Token has an anonymous authentication ID, can't impersonate!\n");

            CanImpersonate = FALSE;

            goto Quit;

        }

    }


    /* Are the SID values from both tokens equal? */

    if (!RtlEqualSid(ProcessToken->UserAndGroups->Sid,

                     TokenToImpersonate->UserAndGroups->Sid))

    {

        /* They aren't, bail out */

        DPRINT("SeTokenCanImpersonate(): Tokens SIDs are not equal!\n");

        CanImpersonate = FALSE;

        goto Quit;

    }


    /*

     * Make sure the tokens aren't diverged in terms of

     * restrictions, that is, one token is restricted

     * but the other one isn't.

     */

    if (SeTokenIsRestricted(ProcessToken) !=

        SeTokenIsRestricted(TokenToImpersonate))

    {

        /*

         * One token is restricted so we cannot

         * continue further at this point, bail out.

         */

        DPRINT("SeTokenCanImpersonate(): One token is restricted, can't continue!\n");

        CanImpersonate = FALSE;

        goto Quit;

    }


    /* If we've reached that far then we can impersonate! */

    DPRINT("SeTokenCanImpersonate(): We can impersonate.\n");

    CanImpersonate = TRUE;


Quit:

    /* We're done, unlock the tokens now */

    SepReleaseTokenLock(ProcessToken);

    SepReleaseTokenLock(TokenToImpersonate);


    return CanImpersonate;

}


/* SYSTEM CALLS ***************************************************************/


NTSTATUS

NTAPI

NtOpenThreadTokenEx(

    _In_ HANDLE ThreadHandle,

    _In_ ACCESS_MASK DesiredAccess,

    _In_ BOOLEAN OpenAsSelf,

    _In_ ULONG HandleAttributes,

    _Out_ PHANDLE TokenHandle)

{

    PETHREAD Thread;

    HANDLE hToken;

    PTOKEN Token, NewToken = NULL, PrimaryToken;

    BOOLEAN CopyOnOpen, EffectiveOnly;

    SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;

    SE_IMPERSONATION_STATE ImpersonationState;

    OBJECT_ATTRIBUTES ObjectAttributes;

    SECURITY_DESCRIPTOR SecurityDescriptor;

    PACL Dacl = NULL;

    KPROCESSOR_MODE PreviousMode;

    NTSTATUS Status;

    BOOLEAN RestoreImpersonation = FALSE;


    PAGED_CODE();


    PreviousMode = ExGetPreviousMode();


    if (PreviousMode != KernelMode)

    {

        _SEH2_TRY

        {

            ProbeForWriteHandle(TokenHandle);

        }

        _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)

        {

            /* Return the exception code */

            _SEH2_YIELD(return _SEH2_GetExceptionCode());

        }

        _SEH2_END;

    }


    /* Validate object attributes */

    HandleAttributes = ObpValidateAttributes(HandleAttributes, PreviousMode);


    /*

     * At first open the thread token for information access and verify

     * that the token associated with thread is valid.

     */


    Status = ObReferenceObjectByHandle(ThreadHandle, THREAD_QUERY_INFORMATION,

                                       PsThreadType, PreviousMode, (PVOID*)&Thread,

                                       NULL);

    if (!NT_SUCCESS(Status))

    {

        return Status;

    }


    Token = PsReferenceImpersonationToken(Thread, &CopyOnOpen, &EffectiveOnly,

                                          &ImpersonationLevel);

    if (Token == NULL)

    {

        ObDereferenceObject(Thread);

        return STATUS_NO_TOKEN;

    }


    if (ImpersonationLevel == SecurityAnonymous)

    {

        PsDereferenceImpersonationToken(Token);

        ObDereferenceObject(Thread);

        return STATUS_CANT_OPEN_ANONYMOUS;

    }


    /*

     * Revert to self if OpenAsSelf is specified.

     */


    if (OpenAsSelf)

    {

        RestoreImpersonation = PsDisableImpersonation(PsGetCurrentThread(),

                                                      &ImpersonationState);

    }


    if (CopyOnOpen)

    {

        PrimaryToken = PsReferencePrimaryToken(Thread->ThreadsProcess);


        Status = SepCreateImpersonationTokenDacl(Token, PrimaryToken, &Dacl);


        ObFastDereferenceObject(&Thread->ThreadsProcess->Token, PrimaryToken);


        if (NT_SUCCESS(Status))

        {

            if (Dacl)

            {

                Status = RtlCreateSecurityDescriptor(&SecurityDescriptor,

                                                     SECURITY_DESCRIPTOR_REVISION);

                if (!NT_SUCCESS(Status))

                {

                    DPRINT1("NtOpenThreadTokenEx(): Failed to create a security descriptor (Status 0x%lx)\n", Status);

                }


                Status = RtlSetDaclSecurityDescriptor(&SecurityDescriptor, TRUE, Dacl,

                                                      FALSE);

                if (!NT_SUCCESS(Status))

                {

                    DPRINT1("NtOpenThreadTokenEx(): Failed to set a DACL to the security descriptor (Status 0x%lx)\n", Status);

                }

            }


            InitializeObjectAttributes(&ObjectAttributes, NULL, HandleAttributes,

                                       NULL, Dacl ? &SecurityDescriptor : NULL);


            Status = SepDuplicateToken(Token, &ObjectAttributes, EffectiveOnly,

                                       TokenImpersonation, ImpersonationLevel,

                                       KernelMode, &NewToken);

            if (!NT_SUCCESS(Status))

            {

                DPRINT1("NtOpenThreadTokenEx(): Failed to duplicate the token (Status 0x%lx)\n", Status);

            }


            ObReferenceObject(NewToken);

            Status = ObInsertObject(NewToken, NULL, DesiredAccess, 0, NULL,

                                    &hToken);

            if (!NT_SUCCESS(Status))

            {

                DPRINT1("NtOpenThreadTokenEx(): Failed to insert the token object (Status 0x%lx)\n", Status);

            }

        }

        else

        {

            DPRINT1("NtOpenThreadTokenEx(): Failed to impersonate token from DACL (Status 0x%lx)\n", Status);

        }

    }

    else

    {

        Status = ObOpenObjectByPointer(Token, HandleAttributes,

                                       NULL, DesiredAccess, SeTokenObjectType,

                                       PreviousMode, &hToken);

        if (!NT_SUCCESS(Status))

        {

            DPRINT1("NtOpenThreadTokenEx(): Failed to open the object (Status 0x%lx)\n", Status);

        }

    }


    if (Dacl) ExFreePoolWithTag(Dacl, TAG_ACL);


    if (RestoreImpersonation)

    {

        PsRestoreImpersonation(PsGetCurrentThread(), &ImpersonationState);

    }


    ObDereferenceObject(Token);


    if (NT_SUCCESS(Status) && CopyOnOpen)

    {

        Status = PsImpersonateClient(Thread, NewToken, FALSE, EffectiveOnly, ImpersonationLevel);

        if (!NT_SUCCESS(Status))

        {

            DPRINT1("NtOpenThreadTokenEx(): Failed to impersonate the client (Status 0x%lx)\n", Status);

        }

    }


    if (NewToken) ObDereferenceObject(NewToken);


    ObDereferenceObject(Thread);


    if (NT_SUCCESS(Status))

    {

        _SEH2_TRY

        {

            *TokenHandle = hToken;

        }

        _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)

        {

            Status = _SEH2_GetExceptionCode();

        }

        _SEH2_END;

    }


    return Status;

}


NTSTATUS

NTAPI

NtOpenThreadToken(

    _In_ HANDLE ThreadHandle,

    _In_ ACCESS_MASK DesiredAccess,

    _In_ BOOLEAN OpenAsSelf,

    _Out_ PHANDLE TokenHandle)

{

    return NtOpenThreadTokenEx(ThreadHandle, DesiredAccess, OpenAsSelf, 0,

                               TokenHandle);

}


NTSTATUS

NTAPI

NtCompareTokens(

    _In_ HANDLE FirstTokenHandle,

    _In_ HANDLE SecondTokenHandle,

    _Out_ PBOOLEAN Equal)

{

    KPROCESSOR_MODE PreviousMode;

    PTOKEN FirstToken, SecondToken;

    BOOLEAN IsEqual;

    NTSTATUS Status;


    PAGED_CODE();


    PreviousMode = ExGetPreviousMode();


    if (PreviousMode != KernelMode)

    {

        _SEH2_TRY

        {

            ProbeForWriteBoolean(Equal);

        }

        _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)

        {

            /* Return the exception code */

            _SEH2_YIELD(return _SEH2_GetExceptionCode());

        }

        _SEH2_END;

    }


    Status = ObReferenceObjectByHandle(FirstTokenHandle,

                                       TOKEN_QUERY,

                                       SeTokenObjectType,

                                       PreviousMode,

                                       (PVOID*)&FirstToken,

                                       NULL);

    if (!NT_SUCCESS(Status))

    {

        DPRINT1("ObReferenceObjectByHandle() failed (Status 0x%lx)\n", Status);

        return Status;

    }


    Status = ObReferenceObjectByHandle(SecondTokenHandle,

                                       TOKEN_QUERY,

                                       SeTokenObjectType,

                                       PreviousMode,

                                       (PVOID*)&SecondToken,

                                       NULL);

    if (!NT_SUCCESS(Status))

    {

        DPRINT1("ObReferenceObjectByHandle() failed (Status 0x%lx)\n", Status);

        ObDereferenceObject(FirstToken);

        return Status;

    }


    if (FirstToken != SecondToken)

    {

        Status = SepCompareTokens(FirstToken,

                                  SecondToken,

                                  &IsEqual);

    }

    else

    {

        IsEqual = TRUE;

    }


    ObDereferenceObject(SecondToken);

    ObDereferenceObject(FirstToken);


    if (NT_SUCCESS(Status))

    {

        _SEH2_TRY

        {

            *Equal = IsEqual;

        }

        _SEH2_EXCEPT(ExSystemExceptionFilter())

        {

            Status = _SEH2_GetExceptionCode();

        }

        _SEH2_END;

    }


    return Status;

}


NTSTATUS

NTAPI

NtImpersonateAnonymousToken(

    _In_ HANDLE ThreadHandle)

{

    PETHREAD Thread;

    KPROCESSOR_MODE PreviousMode;

    NTSTATUS Status;

    PAGED_CODE();


    PreviousMode = ExGetPreviousMode();


    /* Obtain the thread object from the handle */

    Status = ObReferenceObjectByHandle(ThreadHandle,

                                       THREAD_IMPERSONATE,

                                       PsThreadType,

                                       PreviousMode,

                                       (PVOID*)&Thread,

                                       NULL);

    if (!NT_SUCCESS(Status))

    {

        DPRINT1("NtImpersonateAnonymousToken(): Failed to reference the object (Status 0x%lx)\n", Status);

        return Status;

    }


    /* Call the private routine to impersonate the token */

    Status = SepImpersonateAnonymousToken(Thread, PreviousMode);

    if (!NT_SUCCESS(Status))

    {

        DPRINT1("NtImpersonateAnonymousToken(): Failed to impersonate the token (Status 0x%lx)\n", Status);

    }


    ObDereferenceObject(Thread);

    return Status;

}


/* EOF */

PAGED_CODE
#define PAGED_CODE()
Definition: Bus_PDO_QueryResourceRequirements.c:89

BOOLEAN
unsigned char BOOLEAN
Definition: ProcessorBind.h:185

Name
struct NameRec_ * Name
Definition: cdprocs.h:460

TOKEN_TYPE
TOKEN_TYPE
Definition: asmpp.cpp:29

SeChangeNotifyPrivilege
static const LUID SeChangeNotifyPrivilege
Definition: authpackage.c:167

NTSTATUS
LONG NTSTATUS
Definition: precomp.h:26

DPRINT1
#define DPRINT1
Definition: precomp.h:8

UNIMPLEMENTED
#define UNIMPLEMENTED
Definition: debug.h:115

Token
Definition: tokenizer.hpp:28

ObjectAttributes
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:36

NULL
#define NULL
Definition: types.h:112

TRUE
#define TRUE
Definition: types.h:120

FALSE
#define FALSE
Definition: types.h:117

NT_SUCCESS
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32

SessionId
ULONG SessionId
Definition: dllmain.c:28

Restricted
UNICODE_STRING Restricted
Definition: utils.c:24

ULONG_PTR
#define ULONG_PTR
Definition: config.h:101

ExAllocatePoolWithTag
#define ExAllocatePoolWithTag(hernya, size, tag)
Definition: env_spec_w32.h:350

PsGetCurrentThread
#define PsGetCurrentThread()
Definition: env_spec_w32.h:81

ExInitializeResourceLite
NTSTATUS ExInitializeResourceLite(PULONG res)
Definition: env_spec_w32.h:641

ExDeleteResourceLite
#define ExDeleteResourceLite(res)
Definition: env_spec_w32.h:647

NonPagedPool
#define NonPagedPool
Definition: env_spec_w32.h:307

ERESOURCE
ULONG ERESOURCE
Definition: env_spec_w32.h:594

PagedPool
#define PagedPool
Definition: env_spec_w32.h:308

ExGetPreviousMode
#define ExGetPreviousMode
Definition: ex.h:139

IsEqual
@ IsEqual
Definition: fatprocs.h:1886

_SEH2_END
#define _SEH2_END
Definition: filesup.c:22

_SEH2_TRY
#define _SEH2_TRY
Definition: filesup.c:19

Thread
_In_opt_ PFILE_OBJECT _In_opt_ PETHREAD Thread
Definition: fltkernel.h:2653

Process
_Must_inspect_result_ _In_ PLARGE_INTEGER _In_ PLARGE_INTEGER _In_ ULONG _In_ PFILE_OBJECT _In_ PVOID Process
Definition: fsrtlfuncs.h:223

Status
Status
Definition: gdiplustypes.h:25

i
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248

ExSystemExceptionFilter
LONG NTAPI ExSystemExceptionFilter(VOID)
Definition: harderr.c:349

EXCEPTION_EXECUTE_HANDLER
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:85

THREAD_IMPERSONATE
#define THREAD_IMPERSONATE
Definition: pstypes.h:151

THREAD_QUERY_INFORMATION
#define THREAD_QUERY_INFORMATION
Definition: pstypes.h:149

OBJ_OPENLINK
#define OBJ_OPENLINK
Definition: winternl.h:230

RtlSetDaclSecurityDescriptor
NTSYSAPI NTSTATUS WINAPI RtlSetDaclSecurityDescriptor(PSECURITY_DESCRIPTOR, BOOLEAN, PACL, BOOLEAN)

void
Definition: nsiface.idl:2307

CODE_SEG
static CODE_SEG("PAGE")
Definition: isapnp.c:1482

SECURITY_IMPERSONATION_LEVEL
enum _SECURITY_IMPERSONATION_LEVEL SECURITY_IMPERSONATION_LEVEL

SecurityImpersonation
@ SecurityImpersonation
Definition: lsa.idl:57

SecurityAnonymous
@ SecurityAnonymous
Definition: lsa.idl:55

SecurityIdentification
@ SecurityIdentification
Definition: lsa.idl:56

ASSERT
#define ASSERT(a)
Definition: mode.c:44

ExFreePoolWithTag
#define ExFreePoolWithTag(_P, _T)
Definition: module.h:1109

TokenImpersonation
@ TokenImpersonation
Definition: imports.h:274

TokenPrimary
@ TokenPrimary
Definition: imports.h:273

PsDereferencePrimaryToken
#define PsDereferencePrimaryToken(T)
Definition: imports.h:301

PsDereferenceImpersonationToken
#define PsDereferenceImpersonationToken(T)
Definition: imports.h:298

SE_IMPERSONATE_PRIVILEGE
#define SE_IMPERSONATE_PRIVILEGE
Definition: security.c:683

SE_BACKUP_PRIVILEGE
#define SE_BACKUP_PRIVILEGE
Definition: security.c:671

SE_RESTORE_PRIVILEGE
#define SE_RESTORE_PRIVILEGE
Definition: security.c:672

SE_CHANGE_NOTIFY_PRIVILEGE
#define SE_CHANGE_NOTIFY_PRIVILEGE
Definition: security.c:677

InitializeObjectAttributes
#define InitializeObjectAttributes(p, n, a, r, s)
Definition: reg.c:106

PSID
struct _SID * PSID
Definition: eventlog.c:35

PACL
struct _ACL * PACL
Definition: security.c:105

_Out_opt_
#define _Out_opt_
Definition: ms_sal.h:346

_Inout_
#define _Inout_
Definition: ms_sal.h:378

_Out_
#define _Out_
Definition: ms_sal.h:345

_In_
#define _In_
Definition: ms_sal.h:308

_In_opt_
#define _In_opt_
Definition: ms_sal.h:309

KernelMode
#define KernelMode
Definition: asm.h:34

HandleAttributes
_In_ HANDLE _In_opt_ HANDLE _Out_opt_ PHANDLE _In_ ACCESS_MASK _In_ ULONG HandleAttributes
Definition: obfuncs.h:433

TokenHandle
_In_ ACCESS_MASK _In_ ULONG _Out_ PHANDLE TokenHandle
Definition: psfuncs.h:718

Dacl
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL Dacl
Definition: rtlfuncs.h:1593

Owner
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ SaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ OwnerSize PSID Owner
Definition: rtlfuncs.h:1597

PrimaryGroup
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ SaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ OwnerSize PSID _Inout_ PULONG _Out_writes_bytes_to_opt_ PrimaryGroupSize PSID PrimaryGroup
Definition: rtlfuncs.h:1599

RtlLengthSid
NTSYSAPI ULONG NTAPI RtlLengthSid(IN PSID Sid)
Definition: sid.c:150

RtlCreateSecurityDescriptor
NTSYSAPI NTSTATUS NTAPI RtlCreateSecurityDescriptor(_Out_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ ULONG Revision)

Sid
_In_ ULONG _In_ ACCESS_MASK _In_ PSID Sid
Definition: rtlfuncs.h:1133

RtlEqualSid
NTSYSAPI BOOLEAN NTAPI RtlEqualSid(_In_ PSID Sid1, _In_ PSID Sid2)

EffectiveOnly
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN EffectiveOnly
Definition: sefuncs.h:403

SE_GROUP_OWNER
#define SE_GROUP_OWNER
Definition: setypes.h:93

PTOKEN
struct _TOKEN * PTOKEN

SE_GROUP_MANDATORY
#define SE_GROUP_MANDATORY
Definition: setypes.h:90

SE_GROUP_ENABLED_BY_DEFAULT
#define SE_GROUP_ENABLED_BY_DEFAULT
Definition: setypes.h:91

TOKEN
struct _TOKEN TOKEN

SE_GROUP_ENABLED
#define SE_GROUP_ENABLED
Definition: setypes.h:92

Count
int Count
Definition: noreturn.cpp:7

ACCESS_MASK
ULONG ACCESS_MASK
Definition: nt_native.h:40

RtlInitUnicodeString
NTSYSAPI VOID NTAPI RtlInitUnicodeString(PUNICODE_STRING DestinationString, PCWSTR SourceString)

LogonId
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID LogonId
Definition: ntifs.template.h:716

MmGetSessionId
ULONG NTAPI MmGetSessionId(IN PEPROCESS Process)
Definition: session.c:179

SeLocalSystemSid
PSID SeLocalSystemSid
Definition: sid.c:38

SepRmRemoveLogonSessionFromToken
NTSTATUS NTAPI SepRmRemoveLogonSessionFromToken(_Inout_ PTOKEN Token)
Removes a logon session from an access token.
Definition: srm.c:449

SeDebugPrivilege
const LUID SeDebugPrivilege
Definition: priv.c:39

SeAnonymousLogonToken
PTOKEN SeAnonymousLogonToken
Definition: semgr.c:19

SepRmDereferenceLogonSession
NTSTATUS SepRmDereferenceLogonSession(_Inout_ PLUID LogonLuid)

SeCreateTokenPrivilege
const LUID SeCreateTokenPrivilege
Definition: priv.c:21

SepGetOwnerFromDescriptor
FORCEINLINE PSID SepGetOwnerFromDescriptor(_Inout_ PVOID _Descriptor)
Definition: se.h:99

SeBackupPrivilege
const LUID SeBackupPrivilege
Definition: priv.c:36

SeAssignPrimaryTokenPrivilege
const LUID SeAssignPrimaryTokenPrivilege
Definition: priv.c:22

SepRegQueryHelper
NTSTATUS NTAPI SepRegQueryHelper(_In_ PCWSTR KeyName, _In_ PCWSTR ValueName, _In_ ULONG ValueType, _In_ ULONG DataLength, _Out_ PVOID ValueData)
A private registry helper that returns the desired value data based on the specifics requested by the...
Definition: srm.c:93

SepSidInToken
BOOLEAN NTAPI SepSidInToken(_In_ PACCESS_TOKEN _Token, _In_ PSID Sid)
Checks if a SID is present in a token.
Definition: sid.c:547

SepAcquireTokenLockShared
#define SepAcquireTokenLockShared(Token)
Definition: se.h:280

SeSystemAnonymousLogonDacl
PACL SeSystemAnonymousLogonDacl
Definition: acl.c:22

SeSystemtimePrivilege
const LUID SeSystemtimePrivilege
Definition: priv.c:31

SepDuplicateToken
NTSTATUS NTAPI SepDuplicateToken(_In_ PTOKEN Token, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ BOOLEAN EffectiveOnly, _In_ TOKEN_TYPE TokenType, _In_ SECURITY_IMPERSONATION_LEVEL Level, _In_ KPROCESSOR_MODE PreviousMode, _Out_ PTOKEN *NewAccessToken)
Duplicates an access token, from an existing valid token.
Definition: tokenlif.c:471

SeAliasAdminsSid
PSID SeAliasAdminsSid
Definition: sid.c:41

SepCreateImpersonationTokenDacl
NTSTATUS NTAPI SepCreateImpersonationTokenDacl(_In_ PTOKEN Token, _In_ PTOKEN PrimaryToken, _Out_ PACL *Dacl)
Allocates a discretionary access control list based on certain properties of a regular and primary ac...
Definition: acl.c:277

SeAnonymousLogonSid
PSID SeAnonymousLogonSid
Definition: se.h:203

SeTcbPrivilege
const LUID SeTcbPrivilege
Definition: priv.c:26

SeWorldSid
PSID SeWorldSid
Definition: sid.c:25

SeRestorePrivilege
const LUID SeRestorePrivilege
Definition: priv.c:37

SeAnonymousLogonTokenNoEveryone
PTOKEN SeAnonymousLogonTokenNoEveryone
Definition: semgr.c:20

SeLoadDriverPrivilege
const LUID SeLoadDriverPrivilege
Definition: priv.c:29

SepCreateToken
NTSTATUS NTAPI SepCreateToken(_Out_ PHANDLE TokenHandle, _In_ KPROCESSOR_MODE PreviousMode, _In_ ACCESS_MASK DesiredAccess, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ TOKEN_TYPE TokenType, _In_ SECURITY_IMPERSONATION_LEVEL ImpersonationLevel, _In_ PLUID AuthenticationId, _In_ PLARGE_INTEGER ExpirationTime, _In_ PSID_AND_ATTRIBUTES User, _In_ ULONG GroupCount, _In_ PSID_AND_ATTRIBUTES Groups, _In_ ULONG GroupsLength, _In_ ULONG PrivilegeCount, _In_ PLUID_AND_ATTRIBUTES Privileges, _In_opt_ PSID Owner, _In_ PSID PrimaryGroup, _In_opt_ PACL DefaultDacl, _In_ PTOKEN_SOURCE TokenSource, _In_ BOOLEAN SystemToken)
Internal function responsible for access token object creation in the kernel. A fully created token o...
Definition: tokenlif.c:97

SeIncreaseBasePriorityPrivilege
const LUID SeIncreaseBasePriorityPrivilege
Definition: priv.c:33

SeLockMemoryPrivilege
const LUID SeLockMemoryPrivilege
Definition: priv.c:23

SeCreatePermanentPrivilege
const LUID SeCreatePermanentPrivilege
Definition: priv.c:35

SepAcquireTokenLockExclusive
#define SepAcquireTokenLockExclusive(Token)
Definition: se.h:275

SeCreatePagefilePrivilege
const LUID SeCreatePagefilePrivilege
Definition: priv.c:34

SeTakeOwnershipPrivilege
const LUID SeTakeOwnershipPrivilege
Definition: priv.c:28

SeProfileSingleProcessPrivilege
const LUID SeProfileSingleProcessPrivilege
Definition: priv.c:32

SeShutdownPrivilege
const LUID SeShutdownPrivilege
Definition: priv.c:38

SeSystemEnvironmentPrivilege
const LUID SeSystemEnvironmentPrivilege
Definition: priv.c:41

SeSecurityPrivilege
const LUID SeSecurityPrivilege
Definition: priv.c:27

SepReleaseTokenLock
#define SepReleaseTokenLock(Token)
Definition: se.h:286

SeAuthenticatedUsersSid
PSID SeAuthenticatedUsersSid
Definition: sid.c:49

SepSidInTokenEx
BOOLEAN NTAPI SepSidInTokenEx(_In_ PACCESS_TOKEN _Token, _In_ PSID PrincipalSelfSid, _In_ PSID _Sid, _In_ BOOLEAN Deny, _In_ BOOLEAN Restricted)
Checks if a SID is present in a token.
Definition: sid.c:443

SeAuditPrivilege
const LUID SeAuditPrivilege
Definition: priv.c:40

SeIncreaseQuotaPrivilege
const LUID SeIncreaseQuotaPrivilege
Definition: priv.c:24

PsDisableImpersonation
BOOLEAN NTAPI PsDisableImpersonation(IN PETHREAD Thread, OUT PSE_IMPERSONATION_STATE ImpersonationState)
Definition: security.c:915

PsRestoreImpersonation
VOID NTAPI PsRestoreImpersonation(IN PETHREAD Thread, IN PSE_IMPERSONATION_STATE ImpersonationState)
Definition: security.c:965

PsReferencePrimaryToken
PACCESS_TOKEN NTAPI PsReferencePrimaryToken(PEPROCESS Process)
Definition: security.c:440

PsReferenceImpersonationToken
PACCESS_TOKEN NTAPI PsReferenceImpersonationToken(IN PETHREAD Thread, OUT PBOOLEAN CopyOnOpen, OUT PBOOLEAN EffectiveOnly, OUT PSECURITY_IMPERSONATION_LEVEL ImpersonationLevel)
Definition: security.c:849

PsImpersonateClient
NTSTATUS NTAPI PsImpersonateClient(IN PETHREAD Thread, IN PACCESS_TOKEN Token, IN BOOLEAN CopyOnOpen, IN BOOLEAN EffectiveOnly, IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel)
Definition: security.c:610

PsThreadType
POBJECT_TYPE PsThreadType
Definition: thread.c:20

SeSystemDefaultDacl
PACL SeSystemDefaultDacl
Definition: acl.c:17

SeTokenCanImpersonate
BOOLEAN NTAPI SeTokenCanImpersonate(_In_ PTOKEN ProcessToken, _In_ PTOKEN TokenToImpersonate, _In_ SECURITY_IMPERSONATION_LEVEL ImpersonationLevel)
Ensures that client impersonation can occur by checking if the token we're going to assign as the imp...
Definition: token.c:1969

SeQueryAuthenticationIdToken
NTSTATUS NTAPI SeQueryAuthenticationIdToken(_In_ PACCESS_TOKEN Token, _Out_ PLUID LogonId)
Queries the authentication ID of an access token.
Definition: token.c:1823

SepCopyProxyData
NTSTATUS NTAPI SepCopyProxyData(_Out_ PVOID *Dest, _In_ PVOID Src)
Copies the proxy data from the source into the destination of a token.
Definition: token.c:815

SeTokenImpersonationLevel
SECURITY_IMPERSONATION_LEVEL NTAPI SeTokenImpersonationLevel(_In_ PACCESS_TOKEN Token)
Gathers the security impersonation level of an access token.
Definition: token.c:1846

SepRemovePrivilegeToken
VOID SepRemovePrivilegeToken(_Inout_ PTOKEN Token, _In_ ULONG Index)
Removes a privilege from the token.
Definition: token.c:582

SepFindPrimaryGroupAndDefaultOwner
NTSTATUS SepFindPrimaryGroupAndDefaultOwner(_In_ PTOKEN Token, _In_ PSID PrimaryGroup, _In_opt_ PSID DefaultOwner, _Out_opt_ PULONG PrimaryGroupIndex, _Out_opt_ PULONG DefaultOwnerIndex)
Finds the primary group and default owner entity based on the submitted primary group instance and an...
Definition: token.c:1011

SeTokenIsInert
BOOLEAN NTAPI SeTokenIsInert(_In_ PTOKEN Token)
Determines if a token is a sandbox inert token or not, based upon the token flags.
Definition: token.c:1337

SepInitializeTokenImplementation
VOID NTAPI SepInitializeTokenImplementation(VOID)
Internal function that initializes critical kernel data for access token implementation in SRM.
Definition: token.c:1403

SeSystemTokenSource
TOKEN_SOURCE SeSystemTokenSource
Definition: token.c:19

SepCreateSystemProcessToken
PTOKEN NTAPI SepCreateSystemProcessToken(VOID)
Creates the system process token.
Definition: token.c:1507

SepCreateTokenLock
NTSTATUS SepCreateTokenLock(_Inout_ PTOKEN Token)
Creates a lock for the token.
Definition: token.c:45

SepDeleteToken
VOID NTAPI SepDeleteToken(_In_ PVOID ObjectBody)
Internal function that deals with access token object destruction and deletion. The function is used ...
Definition: token.c:1359

SeCopyClientToken
NTSTATUS NTAPI SeCopyClientToken(_In_ PACCESS_TOKEN Token, _In_ SECURITY_IMPERSONATION_LEVEL Level, _In_ KPROCESSOR_MODE PreviousMode, _Out_ PACCESS_TOKEN *NewToken)
Copies an existing access token (technically duplicating a new one).
Definition: token.c:1296

SepFreeProxyData
VOID NTAPI SepFreeProxyData(_Inout_ PVOID ProxyData)
Frees (de-allocates) the proxy data memory block of a token.
Definition: token.c:793

SeIsTokenSibling
NTSTATUS NTAPI SeIsTokenSibling(_In_ PTOKEN Token, _Out_ PBOOLEAN IsSibling)
Checks if the token is a sibling of the other token of the current process that the calling thread is...
Definition: token.c:1236

SeSubProcessToken
NTSTATUS NTAPI SeSubProcessToken(_In_ PTOKEN ParentToken, _Out_ PTOKEN *Token, _In_ BOOLEAN InUse, _In_ ULONG SessionId)
Subtracts a token in exchange of duplicating a new one.
Definition: token.c:1127

NtOpenThreadToken
NTSTATUS NTAPI NtOpenThreadToken(_In_ HANDLE ThreadHandle, _In_ ACCESS_MASK DesiredAccess, _In_ BOOLEAN OpenAsSelf, _Out_ PHANDLE TokenHandle)
Opens a token that is tied to a thread handle.
Definition: token.c:2281

SeTokenIsWriteRestricted
BOOLEAN NTAPI SeTokenIsWriteRestricted(_In_ PACCESS_TOKEN Token)
Determines if a token is write restricted, that is, nobody can write anything to it.
Definition: token.c:1938

SeAssignPrimaryToken
VOID NTAPI SeAssignPrimaryToken(_In_ PEPROCESS Process, _In_ PTOKEN Token)
Assigns a primary access token to a given process.
Definition: token.c:1440

SepRebuildDynamicPartOfToken
NTSTATUS SepRebuildDynamicPartOfToken(_Inout_ PTOKEN AccessToken, _In_ ULONG NewDynamicPartSize)
Re-builds the dynamic part area of an access token during an a default DACL or primary group replacem...
Definition: token.c:715

SepImpersonateAnonymousToken
static NTSTATUS SepImpersonateAnonymousToken(_In_ PETHREAD Thread, _In_ KPROCESSOR_MODE PreviousMode)
Private function that impersonates the system's anonymous logon token. The major bulk of the imperson...
Definition: token.c:334

RtlLengthSidAndAttributes
ULONG RtlLengthSidAndAttributes(_In_ ULONG Count, _In_ PSID_AND_ATTRIBUTES Src)
Computes the length size of a SID.
Definition: token.c:965

SepCreateSystemAnonymousLogonTokenNoEveryone
PTOKEN SepCreateSystemAnonymousLogonTokenNoEveryone(VOID)
Creates the anonymous logon token for the system. This kind of token doesn't include the everyone SID...
Definition: token.c:1725

SepComputeAvailableDynamicSpace
ULONG SepComputeAvailableDynamicSpace(_In_ ULONG DynamicCharged, _In_ PSID PrimaryGroup, _In_opt_ PACL DefaultDacl)
Computes the exact available dynamic area of an access token whilst querying token statistics.
Definition: token.c:659

SepUpdatePrivilegeFlagsToken
VOID SepUpdatePrivilegeFlagsToken(_Inout_ PTOKEN Token)
Updates the token's flags based upon the privilege that the token has been granted....
Definition: token.c:554

SepCompareTokens
static NTSTATUS SepCompareTokens(_In_ PTOKEN FirstToken, _In_ PTOKEN SecondToken, _Out_ PBOOLEAN Equal)
Compares tokens if they're equal based on all the following properties. If all of the said conditions...
Definition: token.c:243

SeTokenType
TOKEN_TYPE NTAPI SeTokenType(_In_ PACCESS_TOKEN Token)
Gathers the token type of an access token. A token ca be either a primary token or impersonation toke...
Definition: token.c:1867

SeSystemAuthenticationId
LUID SeSystemAuthenticationId
Definition: token.c:20

SeExchangePrimaryToken
NTSTATUS NTAPI SeExchangePrimaryToken(_In_ PEPROCESS Process, _In_ PACCESS_TOKEN NewAccessToken, _Out_ PACCESS_TOKEN *OldAccessToken)
Replaces the old access token of a process (pointed by the EPROCESS kernel structure) with a new acce...
Definition: token.c:846

SeTokenIsAdmin
BOOLEAN NTAPI SeTokenIsAdmin(_In_ PACCESS_TOKEN Token)
Determines if a token is either an admin token or not. Such condition is checked based upon TOKEN_HAS...
Definition: token.c:1890

SeGetTokenControlInformation
VOID NTAPI SeGetTokenControlInformation(_In_ PACCESS_TOKEN _Token, _Out_ PTOKEN_CONTROL TokenControl)
Retrieves token control information.
Definition: token.c:1474

SeIsTokenChild
NTSTATUS NTAPI SeIsTokenChild(_In_ PTOKEN Token, _Out_ PBOOLEAN IsChild)
Checks if the token is a child of the other token of the current process that the calling thread is i...
Definition: token.c:1187

SeDeassignPrimaryToken
VOID NTAPI SeDeassignPrimaryToken(_Inout_ PEPROCESS Process)
Removes the primary token of a process.
Definition: token.c:936

SepCreateSystemAnonymousLogonToken
PTOKEN SepCreateSystemAnonymousLogonToken(VOID)
Creates the anonymous logon token for the system. The difference between this token and the other one...
Definition: token.c:1657

SepComparePrivilegeAndAttributesFromTokens
static BOOLEAN SepComparePrivilegeAndAttributesFromTokens(_In_ PLUID_AND_ATTRIBUTES PrivArrayToken1, _In_ ULONG CountPrivArray1, _In_ PLUID_AND_ATTRIBUTES PrivArrayToken2, _In_ ULONG CountPrivArray2)
Compares the elements of privilege arrays provided by tokens. The elements that are being compared fo...
Definition: token.c:174

SepRemoveUserGroupToken
VOID SepRemoveUserGroupToken(_Inout_ PTOKEN Token, _In_ ULONG Index)
Removes a group from the token.
Definition: token.c:618

SepUpdateSinglePrivilegeFlagToken
VOID SepUpdateSinglePrivilegeFlagToken(_Inout_ PTOKEN Token, _In_ ULONG Index)
Updates the token's flags based upon the privilege that the token has been granted....
Definition: token.c:442

SepTokenIsOwner
BOOLEAN NTAPI SepTokenIsOwner(_In_ PACCESS_TOKEN _Token, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ BOOLEAN TokenLocked)
Checks if a token belongs to the main user, being the owner.
Definition: token.c:511

NtOpenThreadTokenEx
NTSTATUS NTAPI NtOpenThreadTokenEx(_In_ HANDLE ThreadHandle, _In_ ACCESS_MASK DesiredAccess, _In_ BOOLEAN OpenAsSelf, _In_ ULONG HandleAttributes, _Out_ PHANDLE TokenHandle)
Opens a token that is tied to a thread handle.
Definition: token.c:2079

SeAnonymousAuthenticationId
LUID SeAnonymousAuthenticationId
Definition: token.c:21

SeTokenObjectType
POBJECT_TYPE SeTokenObjectType
Definition: token.c:17

SepDeleteTokenLock
VOID SepDeleteTokenLock(_Inout_ PTOKEN Token)
Deletes a lock of a token.
Definition: token.c:74

NtImpersonateAnonymousToken
NTSTATUS NTAPI NtImpersonateAnonymousToken(_In_ HANDLE ThreadHandle)
Allows the calling thread to impersonate the system's anonymous logon token.
Definition: token.c:2419

SeQuerySessionIdToken
NTSTATUS NTAPI SeQuerySessionIdToken(_In_ PACCESS_TOKEN Token, _Out_ PULONG pSessionId)
Queries the session ID of an access token.
Definition: token.c:1791

SeTokenIsRestricted
BOOLEAN NTAPI SeTokenIsRestricted(_In_ PACCESS_TOKEN Token)
Determines if a token is restricted or not, based upon the token flags.
Definition: token.c:1913

SepCompareSidAndAttributesFromTokens
static BOOLEAN SepCompareSidAndAttributesFromTokens(_In_ PSID_AND_ATTRIBUTES SidArrayToken1, _In_ ULONG CountSidArray1, _In_ PSID_AND_ATTRIBUTES SidArrayToken2, _In_ ULONG CountSidArray2)
Compares the elements of SID arrays provided by tokens. The elements that are being compared for equa...
Definition: token.c:107

NtCompareTokens
NTSTATUS NTAPI NtCompareTokens(_In_ HANDLE FirstTokenHandle, _In_ HANDLE SecondTokenHandle, _Out_ PBOOLEAN Equal)
Compares tokens if they're equal or not.
Definition: token.c:2310

SepTokenMapping
static GENERIC_MAPPING SepTokenMapping
Definition: token.c:23

PHANDLE
PVOID *typedef PHANDLE
Definition: ntsecpkg.h:455

STATUS_NO_TOKEN
#define STATUS_NO_TOKEN
Definition: ntstatus.h:360

STATUS_TOKEN_ALREADY_IN_USE
#define STATUS_TOKEN_ALREADY_IN_USE
Definition: ntstatus.h:535

STATUS_NOT_IMPLEMENTED
#define STATUS_NOT_IMPLEMENTED
Definition: ntstatus.h:239

STATUS_BAD_TOKEN_TYPE
#define STATUS_BAD_TOKEN_TYPE
Definition: ntstatus.h:404

STATUS_CANT_OPEN_ANONYMOUS
#define STATUS_CANT_OPEN_ANONYMOUS
Definition: ntstatus.h:402

STATUS_INVALID_PRIMARY_GROUP
#define STATUS_INVALID_PRIMARY_GROUP
Definition: ntstatus.h:327

STATUS_INVALID_OWNER
#define STATUS_INVALID_OWNER
Definition: ntstatus.h:326

L
#define L(x)
Definition: ntvdm.h:50

ObInitializeFastReference
VOID FASTCALL ObInitializeFastReference(IN PEX_FAST_REF FastRef, IN PVOID Object)
Definition: obref.c:107

ObFastReplaceObject
PVOID FASTCALL ObFastReplaceObject(IN PEX_FAST_REF FastRef, IN PVOID Object)

ObFastDereferenceObject
VOID FASTCALL ObFastDereferenceObject(IN PEX_FAST_REF FastRef, IN PVOID Object)
Definition: obref.c:167

ObpValidateAttributes
FORCEINLINE ULONG ObpValidateAttributes(IN ULONG Attributes, IN KPROCESSOR_MODE PreviousMode)
Definition: ob_x.h:22

ObInsertObject
NTSTATUS NTAPI ObInsertObject(IN PVOID Object, IN PACCESS_STATE AccessState OPTIONAL, IN ACCESS_MASK DesiredAccess, IN ULONG ObjectPointerBias, OUT PVOID *NewObject OPTIONAL, OUT PHANDLE Handle)
Definition: obhandle.c:2935

ObOpenObjectByPointer
NTSTATUS NTAPI ObOpenObjectByPointer(IN PVOID Object, IN ULONG HandleAttributes, IN PACCESS_STATE PassedAccessState, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, OUT PHANDLE Handle)
Definition: obhandle.c:2742

ObCreateObjectType
NTSTATUS NTAPI ObCreateObjectType(IN PUNICODE_STRING TypeName, IN POBJECT_TYPE_INITIALIZER ObjectTypeInitializer, IN PVOID Reserved, OUT POBJECT_TYPE *ObjectType)
Definition: oblife.c:1136

ObReferenceObjectByHandle
NTSTATUS NTAPI ObReferenceObjectByHandle(IN HANDLE Handle, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, OUT PVOID *Object, OUT POBJECT_HANDLE_INFORMATION HandleInformation OPTIONAL)
Definition: obref.c:494

ObReferenceObjectByPointer
NTSTATUS NTAPI ObReferenceObjectByPointer(IN PVOID Object, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode)
Definition: obref.c:381

_SEH2_GetExceptionCode
#define _SEH2_GetExceptionCode()
Definition: pseh2_64.h:159

_SEH2_EXCEPT
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:34

_SEH2_YIELD
#define _SEH2_YIELD(__stmt)
Definition: pseh2_64.h:162

REG_DWORD
#define REG_DWORD
Definition: sdbapi.c:596

ProbeForWriteHandle
#define ProbeForWriteHandle(Ptr)
Definition: probe.h:43

ProbeForWriteBoolean
#define ProbeForWriteBoolean(Ptr)
Definition: probe.h:31

STATUS_SUCCESS
#define STATUS_SUCCESS
Definition: shellext.h:65

DPRINT
#define DPRINT
Definition: sndvol32.h:71

NameRec_
Definition: apinames.c:49

_ACL
Definition: ms-dtyp.idl:293

_EPROCESS
Definition: pstypes.h:1261

_ETHREAD
Definition: pstypes.h:1102

_GENERIC_MAPPING
Definition: nt_native.h:564

_LUID_AND_ATTRIBUTES
Definition: setypes.h:73

_LUID_AND_ATTRIBUTES::Attributes
$ULONG Attributes
Definition: setypes.h:75

_LUID_AND_ATTRIBUTES::Luid
LUID Luid
Definition: setypes.h:74

_LUID
Definition: devicetopology.idl:137

_OBJECT_ATTRIBUTES
Definition: umtypes.h:182

_OBJECT_TYPE_INITIALIZER
Definition: obtypes.h:353

_OBJECT_TYPE_INITIALIZER::ValidAccessMask
ULONG ValidAccessMask
Definition: obtypes.h:359

_OBJECT_TYPE_INITIALIZER::GenericMapping
GENERIC_MAPPING GenericMapping
Definition: obtypes.h:358

_OBJECT_TYPE_INITIALIZER::DefaultPagedPoolCharge
ULONG DefaultPagedPoolCharge
Definition: obtypes.h:364

_OBJECT_TYPE_INITIALIZER::PoolType
POOL_TYPE PoolType
Definition: obtypes.h:363

_OBJECT_TYPE_INITIALIZER::DeleteProcedure
OB_DELETE_METHOD DeleteProcedure
Definition: obtypes.h:369

_OBJECT_TYPE_INITIALIZER::InvalidAttributes
ULONG InvalidAttributes
Definition: obtypes.h:357

_OBJECT_TYPE_INITIALIZER::SecurityRequired
BOOLEAN SecurityRequired
Definition: obtypes.h:360

_OBJECT_TYPE_INITIALIZER::UseDefaultObject
BOOLEAN UseDefaultObject
Definition: obtypes.h:355

_OBJECT_TYPE_INITIALIZER::Length
USHORT Length
Definition: obtypes.h:354

_OBJECT_TYPE
Definition: obtypes.h:380

_SECURITY_DESCRIPTOR
Definition: ms-dtyp.idl:301

_SE_IMPERSONATION_STATE
Definition: setypes.h:115

_SID_AND_ATTRIBUTES
Definition: setypes.h:502

_SID_AND_ATTRIBUTES::Sid
PSID Sid
Definition: setypes.h:506

_SID_AND_ATTRIBUTES::Attributes
$ULONG Attributes
Definition: setypes.h:508

_SID
Definition: ms-dtyp.idl:198

_TOKEN_CONTROL
Definition: imports.h:282

_TOKEN_SOURCE
Definition: imports.h:277

_TOKEN_SOURCE::SourceName
CCHAR SourceName[TOKEN_SOURCE_LENGTH]
Definition: imports.h:278

_TOKEN_SOURCE::SourceIdentifier
LUID SourceIdentifier
Definition: imports.h:279

_TOKEN
Definition: setypes.h:216

_TOKEN::AuthenticationId
LUID AuthenticationId
Definition: setypes.h:219

_TOKEN::SessionId
ULONG SessionId
Definition: setypes.h:225

_TOKEN::TokenType
TOKEN_TYPE TokenType
Definition: setypes.h:239

_TOKEN::TokenFlags
ULONG TokenFlags
Definition: setypes.h:241

_TOKEN::ParentTokenId
LUID ParentTokenId
Definition: setypes.h:220

_TOKEN::TokenInUse
BOOLEAN TokenInUse
Definition: setypes.h:242

_TOKEN::TokenId
LUID TokenId
Definition: setypes.h:218

_TOKEN::TokenLock
PERESOURCE TokenLock
Definition: setypes.h:222

_TOKEN::DynamicPart
PULONG DynamicPart
Definition: setypes.h:237

_TOKEN::LogonSession
PSEP_LOGON_SESSION_REFERENCES LogonSession
Definition: setypes.h:245

_UNICODE_STRING
Definition: env_spec_w32.h:368

TAG_TOKEN_DYNAMIC
#define TAG_TOKEN_DYNAMIC
Definition: tag.h:158

TAG_ACL
#define TAG_ACL
Definition: tag.h:151

TAG_SE_TOKEN_LOCK
#define TAG_SE_TOKEN_LOCK
Definition: tag.h:162

PULONG
uint32_t * PULONG
Definition: typedefs.h:59

PBOOLEAN
unsigned char * PBOOLEAN
Definition: typedefs.h:53

NTAPI
#define NTAPI
Definition: typedefs.h:36

RtlCopyMemory
#define RtlCopyMemory(Destination, Source, Length)
Definition: typedefs.h:263

RtlZeroMemory
#define RtlZeroMemory(Destination, Length)
Definition: typedefs.h:262

ULONG_PTR
uint32_t ULONG_PTR
Definition: typedefs.h:65

RtlMoveMemory
#define RtlMoveMemory(Destination, Source, Length)
Definition: typedefs.h:264

ULONG
uint32_t ULONG
Definition: typedefs.h:59

STATUS_ACCESS_DENIED
#define STATUS_ACCESS_DENIED
Definition: udferr_usr.h:145

STATUS_INVALID_PARAMETER
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135

STATUS_UNSUCCESSFUL
#define STATUS_UNSUCCESSFUL
Definition: udferr_usr.h:132

STATUS_INSUFFICIENT_RESOURCES
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158

_LARGE_INTEGER
Definition: typedefs.h:103

_LARGE_INTEGER::QuadPart
LONGLONG QuadPart
Definition: typedefs.h:114

Index
_In_ WDFCOLLECTION _In_ ULONG Index
Definition: wdfcollection.h:182

DesiredAccess
_Must_inspect_result_ _In_ WDFDEVICE _In_ ULONG _In_ ACCESS_MASK DesiredAccess
Definition: wdfdevice.h:2658

IsChild
BOOL WINAPI IsChild(_In_ HWND, _In_ HWND)

Level
_IRQL_requires_same_ typedef _In_ ULONG _In_ UCHAR Level
Definition: wmitypes.h:56

SecurityDescriptor
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:191

Result
_At_(*)(_In_ PWSK_CLIENT Client, _In_opt_ PUNICODE_STRING NodeName, _In_opt_ PUNICODE_STRING ServiceName, _In_opt_ ULONG NameSpace, _In_opt_ GUID *Provider, _In_opt_ PADDRINFOEXW Hints, _Outptr_ PADDRINFOEXW *Result, _In_opt_ PEPROCESS OwningProcess, _In_opt_ PETHREAD OwningThread, _Inout_ PIRP Irp Result)(Mem)) NTSTATUS(WSKAPI *PFN_WSK_GET_ADDRESS_INFO
Definition: wsk.h:426

KPROCESSOR_MODE
CCHAR KPROCESSOR_MODE
Definition: ketypes.h:7

ObDereferenceObject
#define ObDereferenceObject
Definition: obfuncs.h:203

ObReferenceObject
#define ObReferenceObject
Definition: obfuncs.h:204

CopyOnOpen
_Out_ PBOOLEAN CopyOnOpen
Definition: psfuncs.h:154

ImpersonationState
_Inout_ PSE_IMPERSONATION_STATE ImpersonationState
Definition: psfuncs.h:189

PsGetCurrentProcess
#define PsGetCurrentProcess
Definition: psfuncs.h:17

ImpersonationLevel
_Out_ PBOOLEAN _Out_ PBOOLEAN _Out_ PSECURITY_IMPERSONATION_LEVEL ImpersonationLevel
Definition: psfuncs.h:156

RtlEqualLuid
#define RtlEqualLuid(Luid1, Luid2)
Definition: rtlfuncs.h:301

Privileges
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET * Privileges
Definition: sefuncs.h:17

SeLengthSid
#define SeLengthSid(Sid)
Definition: sefuncs.h:570

PreviousMode
_In_ KPROCESSOR_MODE PreviousMode
Definition: sefuncs.h:103

TOKEN_SESSION_NOT_REFERENCED
#define TOKEN_SESSION_NOT_REFERENCED
Definition: setypes.h:1180

TOKEN_HAS_TRAVERSE_PRIVILEGE
#define TOKEN_HAS_TRAVERSE_PRIVILEGE
Definition: setypes.h:1174

TOKEN_QUERY
#define TOKEN_QUERY
Definition: setypes.h:924

TOKEN_HAS_BACKUP_PRIVILEGE
#define TOKEN_HAS_BACKUP_PRIVILEGE
Definition: setypes.h:1175

TOKEN_HAS_IMPERSONATE_PRIVILEGE
#define TOKEN_HAS_IMPERSONATE_PRIVILEGE
Definition: setypes.h:1182

TOKEN_WRITE
#define TOKEN_WRITE
Definition: setypes.h:949

TOKEN_HAS_RESTORE_PRIVILEGE
#define TOKEN_HAS_RESTORE_PRIVILEGE
Definition: setypes.h:1176

SYSTEM_LUID
#define SYSTEM_LUID
Definition: setypes.h:700

SECURITY_DESCRIPTOR_REVISION
#define SECURITY_DESCRIPTOR_REVISION
Definition: setypes.h:58

TOKEN_READ
#define TOKEN_READ
Definition: setypes.h:947

SID_AND_ATTRIBUTES
struct _SID_AND_ATTRIBUTES SID_AND_ATTRIBUTES

TOKEN_SANDBOX_INERT
#define TOKEN_SANDBOX_INERT
Definition: setypes.h:1181

TOKEN_IMPERSONATE
#define TOKEN_IMPERSONATE
Definition: setypes.h:923

SE_PRIVILEGE_ENABLED
#define SE_PRIVILEGE_ENABLED
Definition: setypes.h:63

TOKEN_IS_RESTRICTED
#define TOKEN_IS_RESTRICTED
Definition: setypes.h:1179

SE_BACKUP_PRIVILEGES_CHECKED
#define SE_BACKUP_PRIVILEGES_CHECKED
Definition: setypes.h:1183

SE_PRIVILEGE_ENABLED_BY_DEFAULT
#define SE_PRIVILEGE_ENABLED_BY_DEFAULT
Definition: setypes.h:62

PACCESS_TOKEN
PVOID PACCESS_TOKEN
Definition: setypes.h:11

TOKEN_HAS_ADMIN_GROUP
#define TOKEN_HAS_ADMIN_GROUP
Definition: setypes.h:1178

TOKEN_EXECUTE
#define TOKEN_EXECUTE
Definition: setypes.h:954

TOKEN_ALL_ACCESS
#define TOKEN_ALL_ACCESS
Definition: setypes.h:942

ANONYMOUS_LOGON_LUID
#define ANONYMOUS_LOGON_LUID
Definition: setypes.h:701

OpenAsSelf
_In_ ACCESS_MASK _In_ BOOLEAN OpenAsSelf
Definition: zwfuncs.h:700