ReactOS  0.4.15-dev-3165-gdf6fff7
sid.c File Reference
#include <ntoskrnl.h>
#include <debug.h>
Include dependency graph for sid.c:

Go to the source code of this file.

Macros

#define NDEBUG
 

Functions

VOID NTAPI FreeInitializedSids (VOID)
 Frees all the known initialized SIDs in the system from the memory. More...
 
BOOLEAN NTAPI SepInitSecurityIDs (VOID)
 Initializes all the SIDs known in the system. More...
 
NTSTATUS NTAPI SepCaptureSid (_In_ PSID InputSid, _In_ KPROCESSOR_MODE AccessMode, _In_ POOL_TYPE PoolType, _In_ BOOLEAN CaptureIfKernel, _Out_ PSID *CapturedSid)
 Captures a SID. More...
 
VOID NTAPI SepReleaseSid (_In_ PSID CapturedSid, _In_ KPROCESSOR_MODE AccessMode, _In_ BOOLEAN CaptureIfKernel)
 Releases a captured SID. More...
 
NTSTATUS NTAPI SeCaptureSidAndAttributesArray (_In_ PSID_AND_ATTRIBUTES SrcSidAndAttributes, _In_ ULONG AttributeCount, _In_ KPROCESSOR_MODE PreviousMode, _In_opt_ PVOID AllocatedMem, _In_ ULONG AllocatedLength, _In_ POOL_TYPE PoolType, _In_ BOOLEAN CaptureIfKernel, _Out_ PSID_AND_ATTRIBUTES *CapturedSidAndAttributes, _Out_ PULONG ResultLength)
 Captures a SID with attributes. More...
 
VOID NTAPI SeReleaseSidAndAttributesArray (_In_ _Post_invalid_ PSID_AND_ATTRIBUTES CapturedSidAndAttributes, _In_ KPROCESSOR_MODE AccessMode, _In_ BOOLEAN CaptureIfKernel)
 Releases a captured SID with attributes. More...
 

Variables

SID_IDENTIFIER_AUTHORITY SeNullSidAuthority = {SECURITY_NULL_SID_AUTHORITY}
 
SID_IDENTIFIER_AUTHORITY SeWorldSidAuthority = {SECURITY_WORLD_SID_AUTHORITY}
 
SID_IDENTIFIER_AUTHORITY SeLocalSidAuthority = {SECURITY_LOCAL_SID_AUTHORITY}
 
SID_IDENTIFIER_AUTHORITY SeCreatorSidAuthority = {SECURITY_CREATOR_SID_AUTHORITY}
 
SID_IDENTIFIER_AUTHORITY SeNtSidAuthority = {SECURITY_NT_AUTHORITY}
 
PSID SeNullSid = NULL
 
PSID SeWorldSid = NULL
 
PSID SeLocalSid = NULL
 
PSID SeCreatorOwnerSid = NULL
 
PSID SeCreatorGroupSid = NULL
 
PSID SeCreatorOwnerServerSid = NULL
 
PSID SeCreatorGroupServerSid = NULL
 
PSID SeNtAuthoritySid = NULL
 
PSID SeDialupSid = NULL
 
PSID SeNetworkSid = NULL
 
PSID SeBatchSid = NULL
 
PSID SeInteractiveSid = NULL
 
PSID SeServiceSid = NULL
 
PSID SePrincipalSelfSid = NULL
 
PSID SeLocalSystemSid = NULL
 
PSID SeAuthenticatedUserSid = NULL
 
PSID SeRestrictedCodeSid = NULL
 
PSID SeAliasAdminsSid = NULL
 
PSID SeAliasUsersSid = NULL
 
PSID SeAliasGuestsSid = NULL
 
PSID SeAliasPowerUsersSid = NULL
 
PSID SeAliasAccountOpsSid = NULL
 
PSID SeAliasSystemOpsSid = NULL
 
PSID SeAliasPrintOpsSid = NULL
 
PSID SeAliasBackupOpsSid = NULL
 
PSID SeAuthenticatedUsersSid = NULL
 
PSID SeRestrictedSid = NULL
 
PSID SeAnonymousLogonSid = NULL
 
PSID SeLocalServiceSid = NULL
 
PSID SeNetworkServiceSid = NULL
 

Macro Definition Documentation

◆ NDEBUG

#define NDEBUG

Definition at line 11 of file sid.c.

Function Documentation

◆ FreeInitializedSids()

VOID NTAPI FreeInitializedSids ( VOID  )

Frees all the known initialized SIDs in the system from the memory.

Returns
Nothing.

Definition at line 64 of file sid.c.

65 {
94 }
PSID SeAliasPrintOpsSid
Definition: sid.c:45
PSID SeAnonymousLogonSid
Definition: sid.c:49
PSID SeBatchSid
Definition: sid.c:32
PSID SeLocalSystemSid
Definition: sid.c:36
PSID SeAliasAdminsSid
Definition: sid.c:39
PSID SeDialupSid
Definition: sid.c:30
#define TAG_SID
Definition: sid.c:15
PSID SeAliasBackupOpsSid
Definition: sid.c:46
PSID SePrincipalSelfSid
Definition: sid.c:35
PSID SeCreatorOwnerServerSid
Definition: sid.c:27
PSID SeServiceSid
Definition: sid.c:34
PSID SeAliasUsersSid
Definition: sid.c:40
PSID SeAliasGuestsSid
Definition: sid.c:41
PSID SeAuthenticatedUserSid
Definition: sid.c:37
PSID SeWorldSid
Definition: sid.c:23
PSID SeLocalSid
Definition: sid.c:24
PSID SeAuthenticatedUsersSid
Definition: sid.c:47
PSID SeAliasPowerUsersSid
Definition: sid.c:42
PSID SeNetworkSid
Definition: sid.c:31
PSID SeCreatorGroupSid
Definition: sid.c:26
PSID SeRestrictedSid
Definition: sid.c:48
PSID SeCreatorGroupServerSid
Definition: sid.c:28
PSID SeRestrictedCodeSid
Definition: sid.c:38
PSID SeCreatorOwnerSid
Definition: sid.c:25
PSID SeAliasSystemOpsSid
Definition: sid.c:44
PSID SeInteractiveSid
Definition: sid.c:33
PSID SeNullSid
Definition: sid.c:22
#define ExFreePoolWithTag(_P, _T)
Definition: module.h:1099
PSID SeNtAuthoritySid
Definition: sid.c:29
PSID SeAliasAccountOpsSid
Definition: sid.c:43

Referenced by SepInitSecurityIDs().

◆ SeCaptureSidAndAttributesArray()

NTSTATUS NTAPI SeCaptureSidAndAttributesArray ( _In_ PSID_AND_ATTRIBUTES  SrcSidAndAttributes,
_In_ ULONG  AttributeCount,
_In_ KPROCESSOR_MODE  PreviousMode,
_In_opt_ PVOID  AllocatedMem,
_In_ ULONG  AllocatedLength,
_In_ POOL_TYPE  PoolType,
_In_ BOOLEAN  CaptureIfKernel,
_Out_ PSID_AND_ATTRIBUTES CapturedSidAndAttributes,
_Out_ PULONG  ResultLength 
)

Captures a SID with attributes.

Parameters
[in]SrcSidAndAttributesSource of the SID with attributes to be captured.
[in]AttributeCountThe number count of attributes, in total.
[in]PreviousModeProcessor access level mode.
[in]AllocatedMemThe allocated memory buffer for the captured SID. If the caller supplies no allocated block of memory then the function will allocate some buffer block of memory for the captured SID automatically.
[in]AllocatedLengthThe length of the buffer that points to the allocated memory, in bytes.
[in]PoolTypeThe pool type for the captured SID and attributes to assign.
[in]CaptureIfKernelIf set to TRUE, the capturing is done within the kernel. Otherwise the capturing is done in a kernel mode driver.
[out]CapturedSidAndAttributesThe captured SID and attributes.
[out]ResultLengthThe length of the captured SID and attributes, in bytes.
Returns
Returns STATUS_SUCCESS if SID and attributes capturing has been completed successfully. STATUS_INVALID_PARAMETER is returned if the count of attributes exceeds the maximum threshold that the kernel can permit. STATUS_INSUFFICIENT_RESOURCES is returned if memory pool allocation for the captured SID has failed. STATUS_BUFFER_TOO_SMALL is returned if the length of the allocated buffer is less than the required size. A failure NTSTATUS code is returned otherwise.

Definition at line 455 of file sid.c.

465 {
466  ULONG ArraySize, RequiredLength, SidLength, i;
467  PSID_AND_ATTRIBUTES SidAndAttributes;
468  PUCHAR CurrentDest;
469  PISID Sid;
471  PAGED_CODE();
472 
473  *CapturedSidAndAttributes = NULL;
474  *ResultLength = 0;
475 
476  if (AttributeCount == 0)
477  {
478  return STATUS_SUCCESS;
479  }
480 
481  if (AttributeCount > 0x1000)
482  {
484  }
485 
486  if ((PreviousMode == KernelMode) && !CaptureIfKernel)
487  {
488  *CapturedSidAndAttributes = SrcSidAndAttributes;
489  return STATUS_SUCCESS;
490  }
491 
492  ArraySize = AttributeCount * sizeof(SID_AND_ATTRIBUTES);
493  RequiredLength = ALIGN_UP_BY(ArraySize, sizeof(ULONG));
494 
495  /* Check for user mode data */
496  if (PreviousMode != KernelMode)
497  {
498  _SEH2_TRY
499  {
500  /* First probe the whole array */
501  ProbeForRead(SrcSidAndAttributes, ArraySize, sizeof(ULONG));
502 
503  /* Loop the array elements */
504  for (i = 0; i < AttributeCount; i++)
505  {
506  /* Get the SID and probe the minimal structure */
507  Sid = SrcSidAndAttributes[i].Sid;
508  ProbeForRead(Sid, sizeof(*Sid), sizeof(ULONG));
509 
510  /* Verify that the SID is valid */
511  if (((Sid->Revision & 0xF) != SID_REVISION) ||
513  {
515  }
516 
517  /* Calculate the SID length and probe the full SID */
519  ProbeForRead(Sid, SidLength, sizeof(ULONG));
520 
521  /* Add the aligned length to the required length */
522  RequiredLength += ALIGN_UP_BY(SidLength, sizeof(ULONG));
523  }
524  }
526  {
528  }
529  _SEH2_END;
530  }
531  else
532  {
533  /* Loop the array elements */
534  for (i = 0; i < AttributeCount; i++)
535  {
536  /* Get the SID and it's length */
537  Sid = SrcSidAndAttributes[i].Sid;
539 
540  /* Add the aligned length to the required length */
541  RequiredLength += ALIGN_UP_BY(SidLength, sizeof(ULONG));
542  }
543  }
544 
545  /* Assume success */
548 
549  /* Check if we have no buffer */
550  if (AllocatedMem == NULL)
551  {
552  /* Allocate a new buffer */
553  SidAndAttributes = ExAllocatePoolWithTag(PoolType,
556  if (SidAndAttributes == NULL)
557  {
559  }
560  }
561  /* Otherwise check if the buffer is large enough */
562  else if (AllocatedLength >= RequiredLength)
563  {
564  /* Buffer is large enough, use it */
565  SidAndAttributes = AllocatedMem;
566  }
567  else
568  {
569  /* Buffer is too small, fail */
571  }
572 
573  *CapturedSidAndAttributes = SidAndAttributes;
574 
575  /* Check again for user mode */
576  if (PreviousMode != KernelMode)
577  {
578  _SEH2_TRY
579  {
580  /* The rest of the data starts after the array */
581  CurrentDest = (PUCHAR)SidAndAttributes;
582  CurrentDest += ALIGN_UP_BY(ArraySize, sizeof(ULONG));
583 
584  /* Loop the array elements */
585  for (i = 0; i < AttributeCount; i++)
586  {
587  /* Get the SID and it's length */
588  Sid = SrcSidAndAttributes[i].Sid;
590 
591  /* Copy attributes */
592  SidAndAttributes[i].Attributes = SrcSidAndAttributes[i].Attributes;
593 
594  /* Copy the SID to the current destination address */
595  SidAndAttributes[i].Sid = (PSID)CurrentDest;
596  RtlCopyMemory(CurrentDest, SrcSidAndAttributes[i].Sid, SidLength);
597 
598  /* Sanity checks */
599  ASSERT(RtlLengthSid(SidAndAttributes[i].Sid) == SidLength);
600  ASSERT(RtlValidSid(SidAndAttributes[i].Sid));
601 
602  /* Update the current destination address */
603  CurrentDest += ALIGN_UP_BY(SidLength, sizeof(ULONG));
604  }
605  }
607  {
609  }
610  _SEH2_END;
611  }
612  else
613  {
614  /* The rest of the data starts after the array */
615  CurrentDest = (PUCHAR)SidAndAttributes;
616  CurrentDest += ALIGN_UP_BY(ArraySize, sizeof(ULONG));
617 
618  /* Loop the array elements */
619  for (i = 0; i < AttributeCount; i++)
620  {
621  /* Get the SID and it's length */
622  Sid = SrcSidAndAttributes[i].Sid;
624 
625  /* Copy attributes */
626  SidAndAttributes[i].Attributes = SrcSidAndAttributes[i].Attributes;
627 
628  /* Copy the SID to the current destination address */
629  SidAndAttributes[i].Sid = (PSID)CurrentDest;
630  RtlCopyMemory(CurrentDest, SrcSidAndAttributes[i].Sid, SidLength);
631 
632  /* Update the current destination address */
633  CurrentDest += ALIGN_UP_BY(SidLength, sizeof(ULONG));
634  }
635  }
636 
637  /* Check for failure */
638  if (!NT_SUCCESS(Status))
639  {
640  /* Check if we allocated a new array */
641  if (SidAndAttributes != AllocatedMem)
642  {
643  /* Free the array */
644  ExFreePoolWithTag(SidAndAttributes, TAG_SID_AND_ATTRIBUTES);
645  }
646 
647  /* Set returned address to NULL */
648  *CapturedSidAndAttributes = NULL ;
649  }
650 
651  return Status;
652 }
#define TAG_SID_AND_ATTRIBUTES
Definition: tag.h:188
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135
unsigned char * PUCHAR
Definition: retypes.h:3
#define SID_REVISION
Definition: setypes.h:468
LONG NTSTATUS
Definition: precomp.h:26
#define STATUS_BUFFER_TOO_SMALL
Definition: shellext.h:69
_SEH2_TRY
Definition: create.c:4226
#define SID_MAX_SUB_AUTHORITIES
Definition: setypes.h:469
ULONG NTAPI RtlLengthSid(IN PSID Sid_)
Definition: sid.c:150
_In_ ULONG _In_ ACCESS_MASK _In_ PSID Sid
Definition: rtlfuncs.h:1103
#define STATUS_INVALID_SID
Definition: ntstatus.h:356
BOOLEAN NTAPI RtlValidSid(IN PSID Sid_)
Definition: sid.c:21
Status
Definition: gdiplustypes.h:24
_In_ KPROCESSOR_MODE PreviousMode
Definition: sefuncs.h:103
#define ASSERT(a)
Definition: mode.c:44
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:85
struct _SID_AND_ATTRIBUTES SID_AND_ATTRIBUTES
struct _SID * PSID
Definition: eventlog.c:35
#define ExAllocatePoolWithTag(hernya, size, tag)
Definition: env_spec_w32.h:350
VOID NTAPI ProbeForRead(IN CONST VOID *Address, IN SIZE_T Length, IN ULONG Alignment)
Definition: exintrin.c:102
ULONG NTAPI RtlLengthRequiredSid(IN ULONG SubAuthorityCount)
Definition: sid.c:54
_SEH2_END
Definition: create.c:4400
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
_In_ ULONG _Out_opt_ PULONG RequiredLength
Definition: wmifuncs.h:29
BYTE SubAuthorityCount
Definition: ms-dtyp.idl:200
#define NULL
Definition: types.h:112
_Must_inspect_result_ _In_ WDFDEVICE _In_ DEVICE_REGISTRY_PROPERTY _In_ _Strict_type_match_ POOL_TYPE PoolType
Definition: wdfdevice.h:3810
unsigned int ULONG
Definition: retypes.h:1
#define ALIGN_UP_BY(size, align)
#define RtlCopyMemory(Destination, Source, Length)
Definition: typedefs.h:263
_Must_inspect_result_ _In_ WDFDEVICE _In_ DEVICE_REGISTRY_PROPERTY _In_ ULONG _Out_ PULONG ResultLength
Definition: wdfdevice.h:3776
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:40
BYTE Revision
Definition: ms-dtyp.idl:199
#define STATUS_SUCCESS
Definition: shellext.h:65
#define _SEH2_GetExceptionCode()
Definition: pseh2_64.h:165
#define _SEH2_YIELD(__stmt)
Definition: pseh2_64.h:168
#define ExFreePoolWithTag(_P, _T)
Definition: module.h:1099
#define PAGED_CODE()

Referenced by NtCreateToken().

◆ SepCaptureSid()

NTSTATUS NTAPI SepCaptureSid ( _In_ PSID  InputSid,
_In_ KPROCESSOR_MODE  AccessMode,
_In_ POOL_TYPE  PoolType,
_In_ BOOLEAN  CaptureIfKernel,
_Out_ PSID CapturedSid 
)

Captures a SID.

Parameters
[in]InputSidA valid security identifier to be captured.
[in]AccessModeProcessor level access mode.
[in]PoolTypePool memory type for the captured SID to assign upon allocation.
[in]CaptureIfKernelIf set to TRUE, the capturing is done within the kernel. Otherwise the capturing is done in a kernel mode driver.
[out]CapturedSidThe captured security identifier, returned to the caller.
Returns
Returns STATUS_SUCCESS if the SID was captured. STATUS_INSUFFICIENT_RESOURCES is returned if memory pool allocation for the captured SID has failed.

Definition at line 306 of file sid.c.

312 {
313  ULONG SidSize = 0;
314  PISID NewSid, Sid = (PISID)InputSid;
315 
316  PAGED_CODE();
317 
318  if (AccessMode != KernelMode)
319  {
320  _SEH2_TRY
321  {
322  ProbeForRead(Sid, FIELD_OFFSET(SID, SubAuthority), sizeof(UCHAR));
324  ProbeForRead(Sid, SidSize, sizeof(UCHAR));
325  }
327  {
328  /* Return the exception code */
330  }
331  _SEH2_END;
332 
333  /* Allocate a SID and copy it */
335  if (!NewSid)
337 
338  _SEH2_TRY
339  {
340  RtlCopyMemory(NewSid, Sid, SidSize);
341 
342  *CapturedSid = NewSid;
343  }
345  {
346  /* Free the SID and return the exception code */
349  }
350  _SEH2_END;
351  }
352  else if (!CaptureIfKernel)
353  {
354  *CapturedSid = InputSid;
355  }
356  else
357  {
359 
360  /* Allocate a SID and copy it */
362  if (NewSid == NULL)
364 
365  RtlCopyMemory(NewSid, Sid, SidSize);
366 
367  *CapturedSid = NewSid;
368  }
369 
370  return STATUS_SUCCESS;
371 }
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
#define TAG_SID
Definition: sid.c:15
_SEH2_TRY
Definition: create.c:4226
struct _SID * PISID
_In_ PEPROCESS _In_ KPROCESSOR_MODE AccessMode
Definition: mmfuncs.h:395
_In_ ULONG _In_ ACCESS_MASK _In_ PSID Sid
Definition: rtlfuncs.h:1103
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:85
#define ExAllocatePoolWithTag(hernya, size, tag)
Definition: env_spec_w32.h:350
unsigned char UCHAR
Definition: xmlstorage.h:181
VOID NTAPI ProbeForRead(IN CONST VOID *Address, IN SIZE_T Length, IN ULONG Alignment)
Definition: exintrin.c:102
ULONG NTAPI RtlLengthRequiredSid(IN ULONG SubAuthorityCount)
Definition: sid.c:54
_SEH2_END
Definition: create.c:4400
#define FIELD_OFFSET(t, f)
Definition: typedefs.h:255
BYTE SubAuthorityCount
Definition: ms-dtyp.idl:200
#define NULL
Definition: types.h:112
_Must_inspect_result_ _In_ WDFDEVICE _In_ DEVICE_REGISTRY_PROPERTY _In_ _Strict_type_match_ POOL_TYPE PoolType
Definition: wdfdevice.h:3810
unsigned int ULONG
Definition: retypes.h:1
#define RtlCopyMemory(Destination, Source, Length)
Definition: typedefs.h:263
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:40
#define STATUS_SUCCESS
Definition: shellext.h:65
#define _SEH2_GetExceptionCode()
Definition: pseh2_64.h:165
#define _SEH2_YIELD(__stmt)
Definition: pseh2_64.h:168
#define ExFreePoolWithTag(_P, _T)
Definition: module.h:1099
_In_ PSID _In_ PSID NewSid
Definition: rtlfuncs.h:2813
#define PAGED_CODE()

Referenced by NtCreateToken(), NtSecureConnectPort(), NtSetInformationToken(), and SepAccessCheckAndAuditAlarm().

◆ SepInitSecurityIDs()

BOOLEAN NTAPI SepInitSecurityIDs ( VOID  )

Initializes all the SIDs known in the system.

Returns
Returns TRUE if all the SIDs have been initialized, FALSE otherwise.

Definition at line 107 of file sid.c.

108 {
109  ULONG SidLength0;
110  ULONG SidLength1;
111  ULONG SidLength2;
112  PULONG SubAuthority;
113 
114  SidLength0 = RtlLengthRequiredSid(0);
115  SidLength1 = RtlLengthRequiredSid(1);
116  SidLength2 = RtlLengthRequiredSid(2);
117 
118  /* create NullSid */
149 
150  if (SeNullSid == NULL || SeWorldSid == NULL ||
154  SeDialupSid == NULL || SeNetworkSid == NULL || SeBatchSid == NULL ||
165  {
167  return FALSE;
168  }
169 
200 
201  SubAuthority = RtlSubAuthoritySid(SeNullSid, 0);
202  *SubAuthority = SECURITY_NULL_RID;
203  SubAuthority = RtlSubAuthoritySid(SeWorldSid, 0);
204  *SubAuthority = SECURITY_WORLD_RID;
205  SubAuthority = RtlSubAuthoritySid(SeLocalSid, 0);
206  *SubAuthority = SECURITY_LOCAL_RID;
207  SubAuthority = RtlSubAuthoritySid(SeCreatorOwnerSid, 0);
208  *SubAuthority = SECURITY_CREATOR_OWNER_RID;
209  SubAuthority = RtlSubAuthoritySid(SeCreatorGroupSid, 0);
210  *SubAuthority = SECURITY_CREATOR_GROUP_RID;
211  SubAuthority = RtlSubAuthoritySid(SeCreatorOwnerServerSid, 0);
212  *SubAuthority = SECURITY_CREATOR_OWNER_SERVER_RID;
213  SubAuthority = RtlSubAuthoritySid(SeCreatorGroupServerSid, 0);
214  *SubAuthority = SECURITY_CREATOR_GROUP_SERVER_RID;
215  SubAuthority = RtlSubAuthoritySid(SeDialupSid, 0);
216  *SubAuthority = SECURITY_DIALUP_RID;
217  SubAuthority = RtlSubAuthoritySid(SeNetworkSid, 0);
218  *SubAuthority = SECURITY_NETWORK_RID;
219  SubAuthority = RtlSubAuthoritySid(SeBatchSid, 0);
220  *SubAuthority = SECURITY_BATCH_RID;
221  SubAuthority = RtlSubAuthoritySid(SeInteractiveSid, 0);
222  *SubAuthority = SECURITY_INTERACTIVE_RID;
223  SubAuthority = RtlSubAuthoritySid(SeServiceSid, 0);
224  *SubAuthority = SECURITY_SERVICE_RID;
225  SubAuthority = RtlSubAuthoritySid(SePrincipalSelfSid, 0);
226  *SubAuthority = SECURITY_PRINCIPAL_SELF_RID;
227  SubAuthority = RtlSubAuthoritySid(SeLocalSystemSid, 0);
228  *SubAuthority = SECURITY_LOCAL_SYSTEM_RID;
229  SubAuthority = RtlSubAuthoritySid(SeAuthenticatedUserSid, 0);
230  *SubAuthority = SECURITY_AUTHENTICATED_USER_RID;
231  SubAuthority = RtlSubAuthoritySid(SeRestrictedCodeSid, 0);
232  *SubAuthority = SECURITY_RESTRICTED_CODE_RID;
233  SubAuthority = RtlSubAuthoritySid(SeAliasAdminsSid, 0);
234  *SubAuthority = SECURITY_BUILTIN_DOMAIN_RID;
235  SubAuthority = RtlSubAuthoritySid(SeAliasAdminsSid, 1);
236  *SubAuthority = DOMAIN_ALIAS_RID_ADMINS;
237  SubAuthority = RtlSubAuthoritySid(SeAliasUsersSid, 0);
238  *SubAuthority = SECURITY_BUILTIN_DOMAIN_RID;
239  SubAuthority = RtlSubAuthoritySid(SeAliasUsersSid, 1);
240  *SubAuthority = DOMAIN_ALIAS_RID_USERS;
241  SubAuthority = RtlSubAuthoritySid(SeAliasGuestsSid, 0);
242  *SubAuthority = SECURITY_BUILTIN_DOMAIN_RID;
243  SubAuthority = RtlSubAuthoritySid(SeAliasGuestsSid, 1);
244  *SubAuthority = DOMAIN_ALIAS_RID_GUESTS;
245  SubAuthority = RtlSubAuthoritySid(SeAliasPowerUsersSid, 0);
246  *SubAuthority = SECURITY_BUILTIN_DOMAIN_RID;
247  SubAuthority = RtlSubAuthoritySid(SeAliasPowerUsersSid, 1);
248  *SubAuthority = DOMAIN_ALIAS_RID_POWER_USERS;
249  SubAuthority = RtlSubAuthoritySid(SeAliasAccountOpsSid, 0);
250  *SubAuthority = SECURITY_BUILTIN_DOMAIN_RID;
251  SubAuthority = RtlSubAuthoritySid(SeAliasAccountOpsSid, 1);
252  *SubAuthority = DOMAIN_ALIAS_RID_ACCOUNT_OPS;
253  SubAuthority = RtlSubAuthoritySid(SeAliasSystemOpsSid, 0);
254  *SubAuthority = SECURITY_BUILTIN_DOMAIN_RID;
255  SubAuthority = RtlSubAuthoritySid(SeAliasSystemOpsSid, 1);
256  *SubAuthority = DOMAIN_ALIAS_RID_SYSTEM_OPS;
257  SubAuthority = RtlSubAuthoritySid(SeAliasPrintOpsSid, 0);
258  *SubAuthority = SECURITY_BUILTIN_DOMAIN_RID;
259  SubAuthority = RtlSubAuthoritySid(SeAliasPrintOpsSid, 1);
260  *SubAuthority = DOMAIN_ALIAS_RID_PRINT_OPS;
261  SubAuthority = RtlSubAuthoritySid(SeAliasBackupOpsSid, 0);
262  *SubAuthority = SECURITY_BUILTIN_DOMAIN_RID;
263  SubAuthority = RtlSubAuthoritySid(SeAliasBackupOpsSid, 1);
264  *SubAuthority = DOMAIN_ALIAS_RID_BACKUP_OPS;
265  SubAuthority = RtlSubAuthoritySid(SeAuthenticatedUsersSid, 0);
266  *SubAuthority = SECURITY_AUTHENTICATED_USER_RID;
267  SubAuthority = RtlSubAuthoritySid(SeRestrictedSid, 0);
268  *SubAuthority = SECURITY_RESTRICTED_CODE_RID;
269  SubAuthority = RtlSubAuthoritySid(SeAnonymousLogonSid, 0);
270  *SubAuthority = SECURITY_ANONYMOUS_LOGON_RID;
271  SubAuthority = RtlSubAuthoritySid(SeLocalServiceSid, 0);
272  *SubAuthority = SECURITY_LOCAL_SERVICE_RID;
273  SubAuthority = RtlSubAuthoritySid(SeNetworkServiceSid, 0);
274  *SubAuthority = SECURITY_NETWORK_SERVICE_RID;
275 
276  return TRUE;
277 }
PSID SeLocalServiceSid
Definition: sid.c:50
#define SECURITY_BATCH_RID
Definition: setypes.h:545
#define SECURITY_AUTHENTICATED_USER_RID
Definition: setypes.h:555
#define SECURITY_LOCAL_SYSTEM_RID
Definition: setypes.h:561
#define DOMAIN_ALIAS_RID_GUESTS
Definition: setypes.h:641
PSID SeAliasPrintOpsSid
Definition: sid.c:45
VOID NTAPI FreeInitializedSids(VOID)
Frees all the known initialized SIDs in the system from the memory.
Definition: sid.c:64
PSID SeAnonymousLogonSid
Definition: sid.c:49
PSID SeBatchSid
Definition: sid.c:32
#define TRUE
Definition: types.h:120
PSID SeLocalSystemSid
Definition: sid.c:36
PSID SeAliasAdminsSid
Definition: sid.c:39
#define DOMAIN_ALIAS_RID_ACCOUNT_OPS
Definition: setypes.h:644
PSID SeDialupSid
Definition: sid.c:30
#define SECURITY_DIALUP_RID
Definition: setypes.h:543
#define SECURITY_NETWORK_RID
Definition: setypes.h:544
#define TAG_SID
Definition: sid.c:15
#define DOMAIN_ALIAS_RID_POWER_USERS
Definition: setypes.h:642
#define SECURITY_INTERACTIVE_RID
Definition: setypes.h:546
PSID SeAliasBackupOpsSid
Definition: sid.c:46
PSID SePrincipalSelfSid
Definition: sid.c:35
PULONG NTAPI RtlSubAuthoritySid(IN PSID Sid_, IN ULONG SubAuthority)
Definition: sid.c:89
#define SECURITY_PRINCIPAL_SELF_RID
Definition: setypes.h:554
PSID SeCreatorOwnerServerSid
Definition: sid.c:27
#define FALSE
Definition: types.h:117
SID_IDENTIFIER_AUTHORITY SeCreatorSidAuthority
Definition: sid.c:19
#define SECURITY_LOCAL_SERVICE_RID
Definition: setypes.h:562
#define SECURITY_CREATOR_GROUP_SERVER_RID
Definition: setypes.h:535
#define SECURITY_BUILTIN_DOMAIN_RID
Definition: setypes.h:568
#define DOMAIN_ALIAS_RID_BACKUP_OPS
Definition: setypes.h:647
PSID SeServiceSid
Definition: sid.c:34
#define DOMAIN_ALIAS_RID_SYSTEM_OPS
Definition: setypes.h:645
#define SECURITY_LOCAL_RID
Definition: setypes.h:529
SID_IDENTIFIER_AUTHORITY SeWorldSidAuthority
Definition: sid.c:17
#define SECURITY_WORLD_RID
Definition: setypes.h:528
#define SECURITY_ANONYMOUS_LOGON_RID
Definition: setypes.h:550
PSID SeAliasUsersSid
Definition: sid.c:40
PSID SeAliasGuestsSid
Definition: sid.c:41
#define SECURITY_CREATOR_OWNER_RID
Definition: setypes.h:532
#define ExAllocatePoolWithTag(hernya, size, tag)
Definition: env_spec_w32.h:350
#define SECURITY_NULL_RID
Definition: setypes.h:527
PSID SeAuthenticatedUserSid
Definition: sid.c:37
PSID SeWorldSid
Definition: sid.c:23
ULONG NTAPI RtlLengthRequiredSid(IN ULONG SubAuthorityCount)
Definition: sid.c:54
PSID SeLocalSid
Definition: sid.c:24
PSID SeAuthenticatedUsersSid
Definition: sid.c:47
PSID SeAliasPowerUsersSid
Definition: sid.c:42
#define SECURITY_NETWORK_SERVICE_RID
Definition: setypes.h:563
PSID SeNetworkSid
Definition: sid.c:31
SID_IDENTIFIER_AUTHORITY SeNullSidAuthority
Definition: sid.c:16
#define SECURITY_CREATOR_GROUP_RID
Definition: setypes.h:533
NTSTATUS NTAPI RtlInitializeSid(IN PSID Sid_, IN PSID_IDENTIFIER_AUTHORITY IdentifierAuthority, IN UCHAR SubAuthorityCount)
Definition: sid.c:68
#define DOMAIN_ALIAS_RID_USERS
Definition: setypes.h:640
unsigned int * PULONG
Definition: retypes.h:1
#define SECURITY_RESTRICTED_CODE_RID
Definition: setypes.h:556
#define NULL
Definition: types.h:112
PSID SeCreatorGroupSid
Definition: sid.c:26
PSID SeRestrictedSid
Definition: sid.c:48
PSID SeCreatorGroupServerSid
Definition: sid.c:28
PSID SeNetworkServiceSid
Definition: sid.c:51
#define SECURITY_CREATOR_OWNER_SERVER_RID
Definition: setypes.h:534
PSID SeRestrictedCodeSid
Definition: sid.c:38
#define DOMAIN_ALIAS_RID_PRINT_OPS
Definition: setypes.h:646
#define SECURITY_SERVICE_RID
Definition: setypes.h:549
unsigned int ULONG
Definition: retypes.h:1
SID_IDENTIFIER_AUTHORITY SeLocalSidAuthority
Definition: sid.c:18
PSID SeCreatorOwnerSid
Definition: sid.c:25
PSID SeAliasSystemOpsSid
Definition: sid.c:44
PSID SeInteractiveSid
Definition: sid.c:33
PSID SeNullSid
Definition: sid.c:22
SID_IDENTIFIER_AUTHORITY SeNtSidAuthority
Definition: sid.c:20
#define DOMAIN_ALIAS_RID_ADMINS
Definition: setypes.h:639
PSID SeNtAuthoritySid
Definition: sid.c:29
PSID SeAliasAccountOpsSid
Definition: sid.c:43

Referenced by SepInitializationPhase0().

◆ SepReleaseSid()

VOID NTAPI SepReleaseSid ( _In_ PSID  CapturedSid,
_In_ KPROCESSOR_MODE  AccessMode,
_In_ BOOLEAN  CaptureIfKernel 
)

Releases a captured SID.

Parameters
[in]CapturedSidThe captured SID to be released.
[in]AccessModeProcessor level access mode.
[in]CaptureIfKernelIf set to TRUE, the releasing is done within the kernel. Otherwise the releasing is done in a kernel mode driver.
Returns
Nothing.

Definition at line 392 of file sid.c.

396 {
397  PAGED_CODE();
398 
399  if (CapturedSid != NULL &&
400  (AccessMode != KernelMode ||
401  (AccessMode == KernelMode && CaptureIfKernel)))
402  {
403  ExFreePoolWithTag(CapturedSid, TAG_SID);
404  }
405 }
#define TAG_SID
Definition: sid.c:15
_In_ PEPROCESS _In_ KPROCESSOR_MODE AccessMode
Definition: mmfuncs.h:395
#define NULL
Definition: types.h:112
#define ExFreePoolWithTag(_P, _T)
Definition: module.h:1099
#define PAGED_CODE()

Referenced by NtCreateToken(), NtSecureConnectPort(), NtSetInformationToken(), and SepAccessCheckAndAuditAlarm().

◆ SeReleaseSidAndAttributesArray()

VOID NTAPI SeReleaseSidAndAttributesArray ( _In_ _Post_invalid_ PSID_AND_ATTRIBUTES  CapturedSidAndAttributes,
_In_ KPROCESSOR_MODE  AccessMode,
_In_ BOOLEAN  CaptureIfKernel 
)

Releases a captured SID with attributes.

Parameters
[in]CapturedSidAndAttributesThe captured SID with attributes to be released.
[in]AccessModeProcessor access level mode.
[in]CaptureIfKernelIf set to TRUE, the releasing is done within the kernel. Otherwise the releasing is done in a kernel mode driver.
Returns
Nothing.

Definition at line 673 of file sid.c.

677 {
678  PAGED_CODE();
679 
680  if ((CapturedSidAndAttributes != NULL) &&
681  ((AccessMode != KernelMode) || CaptureIfKernel))
682  {
683  ExFreePoolWithTag(CapturedSidAndAttributes, TAG_SID_AND_ATTRIBUTES);
684  }
685 }
#define TAG_SID_AND_ATTRIBUTES
Definition: tag.h:188
_In_ PEPROCESS _In_ KPROCESSOR_MODE AccessMode
Definition: mmfuncs.h:395
#define NULL
Definition: types.h:112
#define ExFreePoolWithTag(_P, _T)
Definition: module.h:1099
#define PAGED_CODE()

Referenced by NtCreateToken().

Variable Documentation

◆ SeAliasAccountOpsSid

PSID SeAliasAccountOpsSid = NULL

Definition at line 43 of file sid.c.

Referenced by FreeInitializedSids(), SepInitExports(), and SepInitSecurityIDs().

◆ SeAliasAdminsSid

◆ SeAliasBackupOpsSid

PSID SeAliasBackupOpsSid = NULL

Definition at line 46 of file sid.c.

Referenced by FreeInitializedSids(), SepInitExports(), and SepInitSecurityIDs().

◆ SeAliasGuestsSid

PSID SeAliasGuestsSid = NULL

Definition at line 41 of file sid.c.

Referenced by FreeInitializedSids(), SepInitExports(), and SepInitSecurityIDs().

◆ SeAliasPowerUsersSid

PSID SeAliasPowerUsersSid = NULL

Definition at line 42 of file sid.c.

Referenced by FreeInitializedSids(), SepInitExports(), and SepInitSecurityIDs().

◆ SeAliasPrintOpsSid

PSID SeAliasPrintOpsSid = NULL

Definition at line 45 of file sid.c.

Referenced by FreeInitializedSids(), SepInitExports(), and SepInitSecurityIDs().

◆ SeAliasSystemOpsSid

PSID SeAliasSystemOpsSid = NULL

Definition at line 44 of file sid.c.

Referenced by FreeInitializedSids(), SepInitExports(), and SepInitSecurityIDs().

◆ SeAliasUsersSid

PSID SeAliasUsersSid = NULL

Definition at line 40 of file sid.c.

Referenced by FreeInitializedSids(), SepInitExports(), and SepInitSecurityIDs().

◆ SeAnonymousLogonSid

◆ SeAuthenticatedUserSid

PSID SeAuthenticatedUserSid = NULL

Definition at line 37 of file sid.c.

Referenced by FreeInitializedSids(), and SepInitSecurityIDs().

◆ SeAuthenticatedUsersSid

PSID SeAuthenticatedUsersSid = NULL

◆ SeBatchSid

PSID SeBatchSid = NULL

Definition at line 32 of file sid.c.

Referenced by FreeInitializedSids(), SepInitExports(), and SepInitSecurityIDs().

◆ SeCreatorGroupServerSid

PSID SeCreatorGroupServerSid = NULL

Definition at line 28 of file sid.c.

Referenced by FreeInitializedSids(), and SepInitSecurityIDs().

◆ SeCreatorGroupSid

PSID SeCreatorGroupSid = NULL

Definition at line 26 of file sid.c.

Referenced by FreeInitializedSids(), SepInitExports(), SepInitSecurityIDs(), and SepPropagateAcl().

◆ SeCreatorOwnerServerSid

PSID SeCreatorOwnerServerSid = NULL

Definition at line 27 of file sid.c.

Referenced by FreeInitializedSids(), and SepInitSecurityIDs().

◆ SeCreatorOwnerSid

PSID SeCreatorOwnerSid = NULL

◆ SeCreatorSidAuthority

Definition at line 19 of file sid.c.

Referenced by SepInitSecurityIDs().

◆ SeDialupSid

PSID SeDialupSid = NULL

Definition at line 30 of file sid.c.

Referenced by FreeInitializedSids(), SepInitExports(), and SepInitSecurityIDs().

◆ SeInteractiveSid

PSID SeInteractiveSid = NULL

Definition at line 33 of file sid.c.

Referenced by FreeInitializedSids(), SepInitExports(), and SepInitSecurityIDs().

◆ SeLocalServiceSid

PSID SeLocalServiceSid = NULL

Definition at line 50 of file sid.c.

Referenced by SepInitExports(), and SepInitSecurityIDs().

◆ SeLocalSid

PSID SeLocalSid = NULL

Definition at line 24 of file sid.c.

Referenced by FreeInitializedSids(), SepInitExports(), and SepInitSecurityIDs().

◆ SeLocalSidAuthority

Definition at line 18 of file sid.c.

Referenced by SepInitSecurityIDs().

◆ SeLocalSystemSid

◆ SeNetworkServiceSid

PSID SeNetworkServiceSid = NULL

Definition at line 51 of file sid.c.

Referenced by SepInitExports(), and SepInitSecurityIDs().

◆ SeNetworkSid

PSID SeNetworkSid = NULL

Definition at line 31 of file sid.c.

Referenced by FreeInitializedSids(), SepInitExports(), and SepInitSecurityIDs().

◆ SeNtAuthoritySid

PSID SeNtAuthoritySid = NULL

Definition at line 29 of file sid.c.

Referenced by FreeInitializedSids(), SepInitExports(), and SepInitSecurityIDs().

◆ SeNtSidAuthority

Definition at line 20 of file sid.c.

Referenced by SepInitSecurityIDs().

◆ SeNullSid

PSID SeNullSid = NULL

Definition at line 22 of file sid.c.

Referenced by FreeInitializedSids(), SepInitExports(), and SepInitSecurityIDs().

◆ SeNullSidAuthority

Definition at line 16 of file sid.c.

Referenced by SepInitSecurityIDs().

◆ SePrincipalSelfSid

PSID SePrincipalSelfSid = NULL

Definition at line 35 of file sid.c.

Referenced by FreeInitializedSids(), SepInitSecurityIDs(), and SepSidInTokenEx().

◆ SeRestrictedCodeSid

PSID SeRestrictedCodeSid = NULL

◆ SeRestrictedSid

PSID SeRestrictedSid = NULL

Definition at line 48 of file sid.c.

Referenced by FreeInitializedSids(), SepInitExports(), and SepInitSecurityIDs().

◆ SeServiceSid

PSID SeServiceSid = NULL

Definition at line 34 of file sid.c.

Referenced by FreeInitializedSids(), and SepInitSecurityIDs().

◆ SeWorldSid

◆ SeWorldSidAuthority

Definition at line 17 of file sid.c.

Referenced by SepInitSecurityIDs().