ReactOS  0.4.14-dev-860-gd05f621
sid.c
Go to the documentation of this file.
1 /*
2  * COPYRIGHT: See COPYING in the top level directory
3  * PROJECT: ReactOS kernel
4  * FILE: ntoskrnl/se/sid.c
5  * PURPOSE: Security manager
6  *
7  * PROGRAMMERS: David Welch <welch@cwcom.net>
8  */
9 
10 /* INCLUDES *******************************************************************/
11 
12 #include <ntoskrnl.h>
13 #define NDEBUG
14 #include <debug.h>
15 
16 #define TAG_SID_AND_ATTRIBUTES 'aSeS'
17 
18 #if defined (ALLOC_PRAGMA)
19 #pragma alloc_text(INIT, SepInitSecurityIDs)
20 #endif
21 
22 /* GLOBALS ********************************************************************/
23 
24 SID_IDENTIFIER_AUTHORITY SeNullSidAuthority = {SECURITY_NULL_SID_AUTHORITY};
25 SID_IDENTIFIER_AUTHORITY SeWorldSidAuthority = {SECURITY_WORLD_SID_AUTHORITY};
26 SID_IDENTIFIER_AUTHORITY SeLocalSidAuthority = {SECURITY_LOCAL_SID_AUTHORITY};
27 SID_IDENTIFIER_AUTHORITY SeCreatorSidAuthority = {SECURITY_CREATOR_SID_AUTHORITY};
28 SID_IDENTIFIER_AUTHORITY SeNtSidAuthority = {SECURITY_NT_AUTHORITY};
29 
30 PSID SeNullSid = NULL;
31 PSID SeWorldSid = NULL;
32 PSID SeLocalSid = NULL;
33 PSID SeCreatorOwnerSid = NULL;
34 PSID SeCreatorGroupSid = NULL;
35 PSID SeCreatorOwnerServerSid = NULL;
36 PSID SeCreatorGroupServerSid = NULL;
37 PSID SeNtAuthoritySid = NULL;
38 PSID SeDialupSid = NULL;
39 PSID SeNetworkSid = NULL;
40 PSID SeBatchSid = NULL;
41 PSID SeInteractiveSid = NULL;
42 PSID SeServiceSid = NULL;
43 PSID SePrincipalSelfSid = NULL;
44 PSID SeLocalSystemSid = NULL;
45 PSID SeAuthenticatedUserSid = NULL;
46 PSID SeRestrictedCodeSid = NULL;
47 PSID SeAliasAdminsSid = NULL;
48 PSID SeAliasUsersSid = NULL;
49 PSID SeAliasGuestsSid = NULL;
50 PSID SeAliasPowerUsersSid = NULL;
51 PSID SeAliasAccountOpsSid = NULL;
52 PSID SeAliasSystemOpsSid = NULL;
53 PSID SeAliasPrintOpsSid = NULL;
54 PSID SeAliasBackupOpsSid = NULL;
55 PSID SeAuthenticatedUsersSid = NULL;
56 PSID SeRestrictedSid = NULL;
57 PSID SeAnonymousLogonSid = NULL;
58 PSID SeLocalServiceSid = NULL;
59 PSID SeNetworkServiceSid = NULL;
60 
61 /* FUNCTIONS ******************************************************************/
62 
63 VOID
64 NTAPI
65 FreeInitializedSids(VOID)
66 {
67  if (SeNullSid) ExFreePoolWithTag(SeNullSid, TAG_SID);
68  if (SeWorldSid) ExFreePoolWithTag(SeWorldSid, TAG_SID);
69  if (SeLocalSid) ExFreePoolWithTag(SeLocalSid, TAG_SID);
70  if (SeCreatorOwnerSid) ExFreePoolWithTag(SeCreatorOwnerSid, TAG_SID);
71  if (SeCreatorGroupSid) ExFreePoolWithTag(SeCreatorGroupSid, TAG_SID);
72  if (SeCreatorOwnerServerSid) ExFreePoolWithTag(SeCreatorOwnerServerSid, TAG_SID);
73  if (SeCreatorGroupServerSid) ExFreePoolWithTag(SeCreatorGroupServerSid, TAG_SID);
74  if (SeNtAuthoritySid) ExFreePoolWithTag(SeNtAuthoritySid, TAG_SID);
75  if (SeDialupSid) ExFreePoolWithTag(SeDialupSid, TAG_SID);
76  if (SeNetworkSid) ExFreePoolWithTag(SeNetworkSid, TAG_SID);
77  if (SeBatchSid) ExFreePoolWithTag(SeBatchSid, TAG_SID);
78  if (SeInteractiveSid) ExFreePoolWithTag(SeInteractiveSid, TAG_SID);
79  if (SeServiceSid) ExFreePoolWithTag(SeServiceSid, TAG_SID);
80  if (SePrincipalSelfSid) ExFreePoolWithTag(SePrincipalSelfSid, TAG_SID);
81  if (SeLocalSystemSid) ExFreePoolWithTag(SeLocalSystemSid, TAG_SID);
82  if (SeAuthenticatedUserSid) ExFreePoolWithTag(SeAuthenticatedUserSid, TAG_SID);
83  if (SeRestrictedCodeSid) ExFreePoolWithTag(SeRestrictedCodeSid, TAG_SID);
84  if (SeAliasAdminsSid) ExFreePoolWithTag(SeAliasAdminsSid, TAG_SID);
85  if (SeAliasUsersSid) ExFreePoolWithTag(SeAliasUsersSid, TAG_SID);
86  if (SeAliasGuestsSid) ExFreePoolWithTag(SeAliasGuestsSid, TAG_SID);
87  if (SeAliasPowerUsersSid) ExFreePoolWithTag(SeAliasPowerUsersSid, TAG_SID);
88  if (SeAliasAccountOpsSid) ExFreePoolWithTag(SeAliasAccountOpsSid, TAG_SID);
89  if (SeAliasSystemOpsSid) ExFreePoolWithTag(SeAliasSystemOpsSid, TAG_SID);
90  if (SeAliasPrintOpsSid) ExFreePoolWithTag(SeAliasPrintOpsSid, TAG_SID);
91  if (SeAliasBackupOpsSid) ExFreePoolWithTag(SeAliasBackupOpsSid, TAG_SID);
92  if (SeAuthenticatedUsersSid) ExFreePoolWithTag(SeAuthenticatedUsersSid, TAG_SID);
93  if (SeRestrictedSid) ExFreePoolWithTag(SeRestrictedSid, TAG_SID);
94  if (SeAnonymousLogonSid) ExFreePoolWithTag(SeAnonymousLogonSid, TAG_SID);
95 }
96 
97 BOOLEAN
98 INIT_FUNCTION
99 NTAPI
100 SepInitSecurityIDs(VOID)
101 {
102  ULONG SidLength0;
103  ULONG SidLength1;
104  ULONG SidLength2;
105  PULONG SubAuthority;
106 
107  SidLength0 = RtlLengthRequiredSid(0);
108  SidLength1 = RtlLengthRequiredSid(1);
109  SidLength2 = RtlLengthRequiredSid(2);
110 
111  /* create NullSid */
112  SeNullSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
113  SeWorldSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
114  SeLocalSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
115  SeCreatorOwnerSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
116  SeCreatorGroupSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
117  SeCreatorOwnerServerSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
118  SeCreatorGroupServerSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
119  SeNtAuthoritySid = ExAllocatePoolWithTag(PagedPool, SidLength0, TAG_SID);
120  SeDialupSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
121  SeNetworkSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
122  SeBatchSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
123  SeInteractiveSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
124  SeServiceSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
125  SePrincipalSelfSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
126  SeLocalSystemSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
127  SeAuthenticatedUserSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
128  SeRestrictedCodeSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
129  SeAliasAdminsSid = ExAllocatePoolWithTag(PagedPool, SidLength2, TAG_SID);
130  SeAliasUsersSid = ExAllocatePoolWithTag(PagedPool, SidLength2, TAG_SID);
131  SeAliasGuestsSid = ExAllocatePoolWithTag(PagedPool, SidLength2, TAG_SID);
132  SeAliasPowerUsersSid = ExAllocatePoolWithTag(PagedPool, SidLength2, TAG_SID);
133  SeAliasAccountOpsSid = ExAllocatePoolWithTag(PagedPool, SidLength2, TAG_SID);
134  SeAliasSystemOpsSid = ExAllocatePoolWithTag(PagedPool, SidLength2, TAG_SID);
135  SeAliasPrintOpsSid = ExAllocatePoolWithTag(PagedPool, SidLength2, TAG_SID);
136  SeAliasBackupOpsSid = ExAllocatePoolWithTag(PagedPool, SidLength2, TAG_SID);
137  SeAuthenticatedUsersSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
138  SeRestrictedSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
139  SeAnonymousLogonSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
140  SeLocalServiceSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
141  SeNetworkServiceSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
142 
143  if (SeNullSid == NULL || SeWorldSid == NULL ||
144  SeLocalSid == NULL || SeCreatorOwnerSid == NULL ||
145  SeCreatorGroupSid == NULL || SeCreatorOwnerServerSid == NULL ||
146  SeCreatorGroupServerSid == NULL || SeNtAuthoritySid == NULL ||
147  SeDialupSid == NULL || SeNetworkSid == NULL || SeBatchSid == NULL ||
148  SeInteractiveSid == NULL || SeServiceSid == NULL ||
149  SePrincipalSelfSid == NULL || SeLocalSystemSid == NULL ||
150  SeAuthenticatedUserSid == NULL || SeRestrictedCodeSid == NULL ||
151  SeAliasAdminsSid == NULL || SeAliasUsersSid == NULL ||
152  SeAliasGuestsSid == NULL || SeAliasPowerUsersSid == NULL ||
153  SeAliasAccountOpsSid == NULL || SeAliasSystemOpsSid == NULL ||
154  SeAliasPrintOpsSid == NULL || SeAliasBackupOpsSid == NULL ||
155  SeAuthenticatedUsersSid == NULL || SeRestrictedSid == NULL ||
156  SeAnonymousLogonSid == NULL || SeLocalServiceSid == NULL ||
157  SeNetworkServiceSid == NULL)
158  {
159  FreeInitializedSids();
160  return FALSE;
161  }
162 
163  RtlInitializeSid(SeNullSid, &SeNullSidAuthority, 1);
164  RtlInitializeSid(SeWorldSid, &SeWorldSidAuthority, 1);
165  RtlInitializeSid(SeLocalSid, &SeLocalSidAuthority, 1);
166  RtlInitializeSid(SeCreatorOwnerSid, &SeCreatorSidAuthority, 1);
167  RtlInitializeSid(SeCreatorGroupSid, &SeCreatorSidAuthority, 1);
168  RtlInitializeSid(SeCreatorOwnerServerSid, &SeCreatorSidAuthority, 1);
169  RtlInitializeSid(SeCreatorGroupServerSid, &SeCreatorSidAuthority, 1);
170  RtlInitializeSid(SeNtAuthoritySid, &SeNtSidAuthority, 0);
171  RtlInitializeSid(SeDialupSid, &SeNtSidAuthority, 1);
172  RtlInitializeSid(SeNetworkSid, &SeNtSidAuthority, 1);
173  RtlInitializeSid(SeBatchSid, &SeNtSidAuthority, 1);
174  RtlInitializeSid(SeInteractiveSid, &SeNtSidAuthority, 1);
175  RtlInitializeSid(SeServiceSid, &SeNtSidAuthority, 1);
176  RtlInitializeSid(SePrincipalSelfSid, &SeNtSidAuthority, 1);
177  RtlInitializeSid(SeLocalSystemSid, &SeNtSidAuthority, 1);
178  RtlInitializeSid(SeAuthenticatedUserSid, &SeNtSidAuthority, 1);
179  RtlInitializeSid(SeRestrictedCodeSid, &SeNtSidAuthority, 1);
180  RtlInitializeSid(SeAliasAdminsSid, &SeNtSidAuthority, 2);
181  RtlInitializeSid(SeAliasUsersSid, &SeNtSidAuthority, 2);
182  RtlInitializeSid(SeAliasGuestsSid, &SeNtSidAuthority, 2);
183  RtlInitializeSid(SeAliasPowerUsersSid, &SeNtSidAuthority, 2);
184  RtlInitializeSid(SeAliasAccountOpsSid, &SeNtSidAuthority, 2);
185  RtlInitializeSid(SeAliasSystemOpsSid, &SeNtSidAuthority, 2);
186  RtlInitializeSid(SeAliasPrintOpsSid, &SeNtSidAuthority, 2);
187  RtlInitializeSid(SeAliasBackupOpsSid, &SeNtSidAuthority, 2);
188  RtlInitializeSid(SeAuthenticatedUsersSid, &SeNtSidAuthority, 1);
189  RtlInitializeSid(SeRestrictedSid, &SeNtSidAuthority, 1);
190  RtlInitializeSid(SeAnonymousLogonSid, &SeNtSidAuthority, 1);
191  RtlInitializeSid(SeLocalServiceSid, &SeNtSidAuthority, 1);
192  RtlInitializeSid(SeNetworkServiceSid, &SeNtSidAuthority, 1);
193 
194  SubAuthority = RtlSubAuthoritySid(SeNullSid, 0);
195  *SubAuthority = SECURITY_NULL_RID;
196  SubAuthority = RtlSubAuthoritySid(SeWorldSid, 0);
197  *SubAuthority = SECURITY_WORLD_RID;
198  SubAuthority = RtlSubAuthoritySid(SeLocalSid, 0);
199  *SubAuthority = SECURITY_LOCAL_RID;
200  SubAuthority = RtlSubAuthoritySid(SeCreatorOwnerSid, 0);
201  *SubAuthority = SECURITY_CREATOR_OWNER_RID;
202  SubAuthority = RtlSubAuthoritySid(SeCreatorGroupSid, 0);
203  *SubAuthority = SECURITY_CREATOR_GROUP_RID;
204  SubAuthority = RtlSubAuthoritySid(SeCreatorOwnerServerSid, 0);
205  *SubAuthority = SECURITY_CREATOR_OWNER_SERVER_RID;
206  SubAuthority = RtlSubAuthoritySid(SeCreatorGroupServerSid, 0);
207  *SubAuthority = SECURITY_CREATOR_GROUP_SERVER_RID;
208  SubAuthority = RtlSubAuthoritySid(SeDialupSid, 0);
209  *SubAuthority = SECURITY_DIALUP_RID;
210  SubAuthority = RtlSubAuthoritySid(SeNetworkSid, 0);
211  *SubAuthority = SECURITY_NETWORK_RID;
212  SubAuthority = RtlSubAuthoritySid(SeBatchSid, 0);
213  *SubAuthority = SECURITY_BATCH_RID;
214  SubAuthority = RtlSubAuthoritySid(SeInteractiveSid, 0);
215  *SubAuthority = SECURITY_INTERACTIVE_RID;
216  SubAuthority = RtlSubAuthoritySid(SeServiceSid, 0);
217  *SubAuthority = SECURITY_SERVICE_RID;
218  SubAuthority = RtlSubAuthoritySid(SePrincipalSelfSid, 0);
219  *SubAuthority = SECURITY_PRINCIPAL_SELF_RID;
220  SubAuthority = RtlSubAuthoritySid(SeLocalSystemSid, 0);
221  *SubAuthority = SECURITY_LOCAL_SYSTEM_RID;
222  SubAuthority = RtlSubAuthoritySid(SeAuthenticatedUserSid, 0);
223  *SubAuthority = SECURITY_AUTHENTICATED_USER_RID;
224  SubAuthority = RtlSubAuthoritySid(SeRestrictedCodeSid, 0);
225  *SubAuthority = SECURITY_RESTRICTED_CODE_RID;
226  SubAuthority = RtlSubAuthoritySid(SeAliasAdminsSid, 0);
227  *SubAuthority = SECURITY_BUILTIN_DOMAIN_RID;
228  SubAuthority = RtlSubAuthoritySid(SeAliasAdminsSid, 1);
229  *SubAuthority = DOMAIN_ALIAS_RID_ADMINS;
230  SubAuthority = RtlSubAuthoritySid(SeAliasUsersSid, 0);
231  *SubAuthority = SECURITY_BUILTIN_DOMAIN_RID;
232  SubAuthority = RtlSubAuthoritySid(SeAliasUsersSid, 1);
233  *SubAuthority = DOMAIN_ALIAS_RID_USERS;
234  SubAuthority = RtlSubAuthoritySid(SeAliasGuestsSid, 0);
235  *SubAuthority = SECURITY_BUILTIN_DOMAIN_RID;
236  SubAuthority = RtlSubAuthoritySid(SeAliasGuestsSid, 1);
237  *SubAuthority = DOMAIN_ALIAS_RID_GUESTS;
238  SubAuthority = RtlSubAuthoritySid(SeAliasPowerUsersSid, 0);
239  *SubAuthority = SECURITY_BUILTIN_DOMAIN_RID;
240  SubAuthority = RtlSubAuthoritySid(SeAliasPowerUsersSid, 1);
241  *SubAuthority = DOMAIN_ALIAS_RID_POWER_USERS;
242  SubAuthority = RtlSubAuthoritySid(SeAliasAccountOpsSid, 0);
243  *SubAuthority = SECURITY_BUILTIN_DOMAIN_RID;
244  SubAuthority = RtlSubAuthoritySid(SeAliasAccountOpsSid, 1);
245  *SubAuthority = DOMAIN_ALIAS_RID_ACCOUNT_OPS;
246  SubAuthority = RtlSubAuthoritySid(SeAliasSystemOpsSid, 0);
247  *SubAuthority = SECURITY_BUILTIN_DOMAIN_RID;
248  SubAuthority = RtlSubAuthoritySid(SeAliasSystemOpsSid, 1);
249  *SubAuthority = DOMAIN_ALIAS_RID_SYSTEM_OPS;
250  SubAuthority = RtlSubAuthoritySid(SeAliasPrintOpsSid, 0);
251  *SubAuthority = SECURITY_BUILTIN_DOMAIN_RID;
252  SubAuthority = RtlSubAuthoritySid(SeAliasPrintOpsSid, 1);
253  *SubAuthority = DOMAIN_ALIAS_RID_PRINT_OPS;
254  SubAuthority = RtlSubAuthoritySid(SeAliasBackupOpsSid, 0);
255  *SubAuthority = SECURITY_BUILTIN_DOMAIN_RID;
256  SubAuthority = RtlSubAuthoritySid(SeAliasBackupOpsSid, 1);
257  *SubAuthority = DOMAIN_ALIAS_RID_BACKUP_OPS;
258  SubAuthority = RtlSubAuthoritySid(SeAuthenticatedUsersSid, 0);
259  *SubAuthority = SECURITY_AUTHENTICATED_USER_RID;
260  SubAuthority = RtlSubAuthoritySid(SeRestrictedSid, 0);
261  *SubAuthority = SECURITY_RESTRICTED_CODE_RID;
262  SubAuthority = RtlSubAuthoritySid(SeAnonymousLogonSid, 0);
263  *SubAuthority = SECURITY_ANONYMOUS_LOGON_RID;
264  SubAuthority = RtlSubAuthoritySid(SeLocalServiceSid, 0);
265  *SubAuthority = SECURITY_LOCAL_SERVICE_RID;
266  SubAuthority = RtlSubAuthoritySid(SeNetworkServiceSid, 0);
267  *SubAuthority = SECURITY_NETWORK_SERVICE_RID;
268 
269  return TRUE;
270 }
271 
272 NTSTATUS
273 NTAPI
274 SepCaptureSid(IN PSID InputSid,
275  IN KPROCESSOR_MODE AccessMode,
276  IN POOL_TYPE PoolType,
277  IN BOOLEAN CaptureIfKernel,
278  OUT PSID *CapturedSid)
279 {
280  ULONG SidSize = 0;
281  PISID NewSid, Sid = (PISID)InputSid;
282 
283  PAGED_CODE();
284 
285  if (AccessMode != KernelMode)
286  {
287  _SEH2_TRY
288  {
289  ProbeForRead(Sid, FIELD_OFFSET(SID, SubAuthority), sizeof(UCHAR));
290  SidSize = RtlLengthRequiredSid(Sid->SubAuthorityCount);
291  ProbeForRead(Sid, SidSize, sizeof(UCHAR));
292  }
293  _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
294  {
295  /* Return the exception code */
296  _SEH2_YIELD(return _SEH2_GetExceptionCode());
297  }
298  _SEH2_END;
299 
300  /* Allocate a SID and copy it */
301  NewSid = ExAllocatePoolWithTag(PoolType, SidSize, TAG_SID);
302  if (!NewSid)
303  return STATUS_INSUFFICIENT_RESOURCES;
304 
305  _SEH2_TRY
306  {
307  RtlCopyMemory(NewSid, Sid, SidSize);
308 
309  *CapturedSid = NewSid;
310  }
311  _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
312  {
313  /* Free the SID and return the exception code */
314  ExFreePoolWithTag(NewSid, TAG_SID);
315  _SEH2_YIELD(return _SEH2_GetExceptionCode());
316  }
317  _SEH2_END;
318  }
319  else if (!CaptureIfKernel)
320  {
321  *CapturedSid = InputSid;
322  }
323  else
324  {
325  SidSize = RtlLengthRequiredSid(Sid->SubAuthorityCount);
326 
327  /* Allocate a SID and copy it */
328  NewSid = ExAllocatePoolWithTag(PoolType, SidSize, TAG_SID);
329  if (NewSid == NULL)
330  return STATUS_INSUFFICIENT_RESOURCES;
331 
332  RtlCopyMemory(NewSid, Sid, SidSize);
333 
334  *CapturedSid = NewSid;
335  }
336 
337  return STATUS_SUCCESS;
338 }
339 
340 VOID
341 NTAPI
342 SepReleaseSid(IN PSID CapturedSid,
343  IN KPROCESSOR_MODE AccessMode,
344  IN BOOLEAN CaptureIfKernel)
345 {
346  PAGED_CODE();
347 
348  if (CapturedSid != NULL &&
349  (AccessMode != KernelMode ||
350  (AccessMode == KernelMode && CaptureIfKernel)))
351  {
352  ExFreePoolWithTag(CapturedSid, TAG_SID);
353  }
354 }
355 
356 NTSTATUS
357 NTAPI
358 SeCaptureSidAndAttributesArray(
359  _In_ PSID_AND_ATTRIBUTES SrcSidAndAttributes,
360  _In_ ULONG AttributeCount,
361  _In_ KPROCESSOR_MODE PreviousMode,
362  _In_opt_ PVOID AllocatedMem,
363  _In_ ULONG AllocatedLength,
364  _In_ POOL_TYPE PoolType,
365  _In_ BOOLEAN CaptureIfKernel,
366  _Out_ PSID_AND_ATTRIBUTES *CapturedSidAndAttributes,
367  _Out_ PULONG ResultLength)
368 {
369  ULONG ArraySize, RequiredLength, SidLength, i;
370  PSID_AND_ATTRIBUTES SidAndAttributes;
371  PUCHAR CurrentDest;
372  PISID Sid;
373  NTSTATUS Status;
374  PAGED_CODE();
375 
376  *CapturedSidAndAttributes = NULL;
377  *ResultLength = 0;
378 
379  if (AttributeCount == 0)
380  {
381  return STATUS_SUCCESS;
382  }
383 
384  if (AttributeCount > 0x1000)
385  {
386  return STATUS_INVALID_PARAMETER;
387  }
388 
389  if ((PreviousMode == KernelMode) && !CaptureIfKernel)
390  {
391  *CapturedSidAndAttributes = SrcSidAndAttributes;
392  return STATUS_SUCCESS;
393  }
394 
395  ArraySize = AttributeCount * sizeof(SID_AND_ATTRIBUTES);
396  RequiredLength = ALIGN_UP_BY(ArraySize, sizeof(ULONG));
397 
398  /* Check for user mode data */
399  if (PreviousMode != KernelMode)
400  {
401  _SEH2_TRY
402  {
403  /* First probe the whole array */
404  ProbeForRead(SrcSidAndAttributes, ArraySize, sizeof(ULONG));
405 
406  /* Loop the array elements */
407  for (i = 0; i < AttributeCount; i++)
408  {
409  /* Get the SID and probe the minimal structure */
410  Sid = SrcSidAndAttributes[i].Sid;
411  ProbeForRead(Sid, sizeof(*Sid), sizeof(ULONG));
412 
413  /* Verify that the SID is valid */
414  if (((Sid->Revision & 0xF) != SID_REVISION) ||
415  (Sid->SubAuthorityCount > SID_MAX_SUB_AUTHORITIES))
416  {
417  _SEH2_YIELD(return STATUS_INVALID_SID);
418  }
419 
420  /* Calculate the SID length and probe the full SID */
421  SidLength = RtlLengthRequiredSid(Sid->SubAuthorityCount);
422  ProbeForRead(Sid, SidLength, sizeof(ULONG));
423 
424  /* Add the aligned length to the required length */
425  RequiredLength += ALIGN_UP_BY(SidLength, sizeof(ULONG));
426  }
427  }
428  _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
429  {
430  _SEH2_YIELD(return _SEH2_GetExceptionCode());
431  }
432  _SEH2_END;
433  }
434  else
435  {
436  /* Loop the array elements */
437  for (i = 0; i < AttributeCount; i++)
438  {
439  /* Get the SID and it's length */
440  Sid = SrcSidAndAttributes[i].Sid;
441  SidLength = RtlLengthRequiredSid(Sid->SubAuthorityCount);
442 
443  /* Add the aligned length to the required length */
444  RequiredLength += ALIGN_UP_BY(SidLength, sizeof(ULONG));
445  }
446  }
447 
448  /* Assume success */
449  Status = STATUS_SUCCESS;
450  *ResultLength = RequiredLength;
451 
452  /* Check if we have no buffer */
453  if (AllocatedMem == NULL)
454  {
455  /* Allocate a new buffer */
456  SidAndAttributes = ExAllocatePoolWithTag(PoolType,
457  RequiredLength,
458  TAG_SID_AND_ATTRIBUTES);
459  if (SidAndAttributes == NULL)
460  {
461  return STATUS_INSUFFICIENT_RESOURCES;
462  }
463  }
464  /* Otherwise check if the buffer is large enough */
465  else if (AllocatedLength >= RequiredLength)
466  {
467  /* Buffer is large enough, use it */
468  SidAndAttributes = AllocatedMem;
469  }
470  else
471  {
472  /* Buffer is too small, fail */
473  return STATUS_BUFFER_TOO_SMALL;
474  }
475 
476  *CapturedSidAndAttributes = SidAndAttributes;
477 
478  /* Check again for user mode */
479  if (PreviousMode != KernelMode)
480  {
481  _SEH2_TRY
482  {
483  /* The rest of the data starts after the array */
484  CurrentDest = (PUCHAR)SidAndAttributes;
485  CurrentDest += ALIGN_UP_BY(ArraySize, sizeof(ULONG));
486 
487  /* Loop the array elements */
488  for (i = 0; i < AttributeCount; i++)
489  {
490  /* Get the SID and it's length */
491  Sid = SrcSidAndAttributes[i].Sid;
492  SidLength = RtlLengthRequiredSid(Sid->SubAuthorityCount);
493 
494  /* Copy attributes */
495  SidAndAttributes[i].Attributes = SrcSidAndAttributes[i].Attributes;
496 
497  /* Copy the SID to the current destination address */
498  SidAndAttributes[i].Sid = (PSID)CurrentDest;
499  RtlCopyMemory(CurrentDest, SrcSidAndAttributes[i].Sid, SidLength);
500 
501  /* Sanity checks */
502  ASSERT(RtlLengthSid(SidAndAttributes[i].Sid) == SidLength);
503  ASSERT(RtlValidSid(SidAndAttributes[i].Sid));
504 
505  /* Update the current destination address */
506  CurrentDest += ALIGN_UP_BY(SidLength, sizeof(ULONG));
507  }
508  }
509  _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
510  {
511  Status = _SEH2_GetExceptionCode();
512  }
513  _SEH2_END;
514  }
515  else
516  {
517  /* The rest of the data starts after the array */
518  CurrentDest = (PUCHAR)SidAndAttributes;
519  CurrentDest += ALIGN_UP_BY(ArraySize, sizeof(ULONG));
520 
521  /* Loop the array elements */
522  for (i = 0; i < AttributeCount; i++)
523  {
524  /* Get the SID and it's length */
525  Sid = SrcSidAndAttributes[i].Sid;
526  SidLength = RtlLengthRequiredSid(Sid->SubAuthorityCount);
527 
528  /* Copy attributes */
529  SidAndAttributes[i].Attributes = SrcSidAndAttributes[i].Attributes;
530 
531  /* Copy the SID to the current destination address */
532  SidAndAttributes[i].Sid = (PSID)CurrentDest;
533  RtlCopyMemory(CurrentDest, SrcSidAndAttributes[i].Sid, SidLength);
534 
535  /* Update the current destination address */
536  CurrentDest += ALIGN_UP_BY(SidLength, sizeof(ULONG));
537  }
538  }
539 
540  /* Check for failure */
541  if (!NT_SUCCESS(Status))
542  {
543  /* Check if we allocated a new array */
544  if (SidAndAttributes != AllocatedMem)
545  {
546  /* Free the array */
547  ExFreePoolWithTag(SidAndAttributes, TAG_SID_AND_ATTRIBUTES);
548  }
549 
550  /* Set returned address to NULL */
551  *CapturedSidAndAttributes = NULL ;
552  }
553 
554  return Status;
555 }
556 
557 VOID
558 NTAPI
559 SeReleaseSidAndAttributesArray(
560  _In_ _Post_invalid_ PSID_AND_ATTRIBUTES CapturedSidAndAttributes,
561  _In_ KPROCESSOR_MODE AccessMode,
562  _In_ BOOLEAN CaptureIfKernel)
563 {
564  PAGED_CODE();
565 
566  if ((CapturedSidAndAttributes != NULL) &&
567  ((AccessMode != KernelMode) || CaptureIfKernel))
568  {
569  ExFreePoolWithTag(CapturedSidAndAttributes, TAG_SID_AND_ATTRIBUTES);
570  }
571 }
572 
573 
574 /* EOF */
SeLocalServiceSid
PSID SeLocalServiceSid
Definition: sid.c:58
ResultLength
IN CINT OUT PVOID IN ULONG OUT PULONG ResultLength
Definition: conport.c:47
SECURITY_BATCH_RID
#define SECURITY_BATCH_RID
Definition: setypes.h:530
IN
#define IN
Definition: typedefs.h:38
SECURITY_AUTHENTICATED_USER_RID
#define SECURITY_AUTHENTICATED_USER_RID
Definition: setypes.h:540
SECURITY_LOCAL_SYSTEM_RID
#define SECURITY_LOCAL_SYSTEM_RID
Definition: setypes.h:546
TRUE
#define TRUE
Definition: types.h:120
RtlCopyMemory
NTSYSAPI VOID NTAPI RtlCopyMemory(VOID UNALIGNED *Destination, CONST VOID UNALIGNED *Source, ULONG Length)
DOMAIN_ALIAS_RID_GUESTS
#define DOMAIN_ALIAS_RID_GUESTS
Definition: setypes.h:626
SeAliasPrintOpsSid
PSID SeAliasPrintOpsSid
Definition: sid.c:53
STATUS_INSUFFICIENT_RESOURCES
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
_SID_AND_ATTRIBUTES::Sid
PSID Sid
Definition: setypes.h:478
_Post_invalid_
#define _Post_invalid_
Definition: no_sal2.h:457
FreeInitializedSids
VOID NTAPI FreeInitializedSids(VOID)
Definition: sid.c:65
_SID
Definition: ms-dtyp.idl:198
SeAnonymousLogonSid
PSID SeAnonymousLogonSid
Definition: sid.c:57
SeBatchSid
PSID SeBatchSid
Definition: sid.c:40
STATUS_INVALID_PARAMETER
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135
SeLocalSystemSid
PSID SeLocalSystemSid
Definition: sid.c:44
SeAliasAdminsSid
PSID SeAliasAdminsSid
Definition: sid.c:47
DOMAIN_ALIAS_RID_ACCOUNT_OPS
#define DOMAIN_ALIAS_RID_ACCOUNT_OPS
Definition: setypes.h:629
SeDialupSid
PSID SeDialupSid
Definition: sid.c:38
SECURITY_DIALUP_RID
#define SECURITY_DIALUP_RID
Definition: setypes.h:528
PUCHAR
unsigned char * PUCHAR
Definition: retypes.h:3
SID_REVISION
#define SID_REVISION
Definition: setypes.h:453
NTSTATUS
LONG NTSTATUS
Definition: precomp.h:26
SeReleaseSidAndAttributesArray
VOID NTAPI SeReleaseSidAndAttributesArray(_In_ _Post_invalid_ PSID_AND_ATTRIBUTES CapturedSidAndAttributes, _In_ KPROCESSOR_MODE AccessMode, _In_ BOOLEAN CaptureIfKernel)
Definition: sid.c:559
SECURITY_NETWORK_RID
#define SECURITY_NETWORK_RID
Definition: setypes.h:529
TAG_SID
#define TAG_SID
Definition: sid.c:15
DOMAIN_ALIAS_RID_POWER_USERS
#define DOMAIN_ALIAS_RID_POWER_USERS
Definition: setypes.h:627
SECURITY_INTERACTIVE_RID
#define SECURITY_INTERACTIVE_RID
Definition: setypes.h:531
SECURITY_NULL_SID_AUTHORITY
#define SECURITY_NULL_SID_AUTHORITY
Definition: setypes.h:496
SeAliasBackupOpsSid
PSID SeAliasBackupOpsSid
Definition: sid.c:54
PAGED_CODE
#define PAGED_CODE()
Definition: video.h:57
_In_opt_
#define _In_opt_
Definition: no_sal2.h:213
STATUS_BUFFER_TOO_SMALL
#define STATUS_BUFFER_TOO_SMALL
Definition: shellext.h:69
_SEH2_TRY
_SEH2_TRY
Definition: create.c:4250
SePrincipalSelfSid
PSID SePrincipalSelfSid
Definition: sid.c:43
RtlSubAuthoritySid
PULONG NTAPI RtlSubAuthoritySid(IN PSID Sid_, IN ULONG SubAuthority)
Definition: sid.c:89
SepCaptureSid
NTSTATUS NTAPI SepCaptureSid(IN PSID InputSid, IN KPROCESSOR_MODE AccessMode, IN POOL_TYPE PoolType, IN BOOLEAN CaptureIfKernel, OUT PSID *CapturedSid)
Definition: sid.c:274
SECURITY_PRINCIPAL_SELF_RID
#define SECURITY_PRINCIPAL_SELF_RID
Definition: setypes.h:539
SeCreatorOwnerServerSid
PSID SeCreatorOwnerServerSid
Definition: sid.c:35
i
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
NTAPI
NTSTATUS(* NTAPI)(IN PFILE_FULL_EA_INFORMATION EaBuffer, IN ULONG EaLength, OUT PULONG ErrorOffset)
Definition: IoEaTest.cpp:117
SeCreatorSidAuthority
SID_IDENTIFIER_AUTHORITY SeCreatorSidAuthority
Definition: sid.c:27
SECURITY_LOCAL_SID_AUTHORITY
#define SECURITY_LOCAL_SID_AUTHORITY
Definition: setypes.h:502
PISID
struct _SID * PISID
AccessMode
_In_ PEPROCESS _In_ KPROCESSOR_MODE AccessMode
Definition: mmfuncs.h:396
EXCEPTION_EXECUTE_HANDLER
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:85
BOOLEAN
unsigned char BOOLEAN
Definition: ProcessorBind.h:185
SID_MAX_SUB_AUTHORITIES
#define SID_MAX_SUB_AUTHORITIES
Definition: setypes.h:454
NULL
smooth NULL
Definition: ftsmooth.c:416
RtlLengthSid
ULONG NTAPI RtlLengthSid(IN PSID Sid_)
Definition: sid.c:150
_Out_
#define _Out_
Definition: no_sal2.h:323
Sid
_In_ ULONG _In_ ACCESS_MASK _In_ PSID Sid
Definition: rtlfuncs.h:1104
STATUS_INVALID_SID
#define STATUS_INVALID_SID
Definition: ntstatus.h:342
SECURITY_LOCAL_SERVICE_RID
#define SECURITY_LOCAL_SERVICE_RID
Definition: setypes.h:547
SepReleaseSid
VOID NTAPI SepReleaseSid(IN PSID CapturedSid, IN KPROCESSOR_MODE AccessMode, IN BOOLEAN CaptureIfKernel)
Definition: sid.c:342
SECURITY_NT_AUTHORITY
#define SECURITY_NT_AUTHORITY
Definition: setypes.h:526
RtlValidSid
BOOLEAN NTAPI RtlValidSid(IN PSID Sid_)
Definition: sid.c:21
TAG_SID_AND_ATTRIBUTES
#define TAG_SID_AND_ATTRIBUTES
Definition: sid.c:16
PreviousMode
_In_ KPROCESSOR_MODE PreviousMode
Definition: sefuncs.h:103
SECURITY_CREATOR_GROUP_SERVER_RID
#define SECURITY_CREATOR_GROUP_SERVER_RID
Definition: setypes.h:520
SECURITY_BUILTIN_DOMAIN_RID
#define SECURITY_BUILTIN_DOMAIN_RID
Definition: setypes.h:553
_SEH2_YIELD
#define _SEH2_YIELD(STMT_)
Definition: pseh2_64.h:8
NT_SUCCESS
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
DOMAIN_ALIAS_RID_BACKUP_OPS
#define DOMAIN_ALIAS_RID_BACKUP_OPS
Definition: setypes.h:632
SECURITY_WORLD_SID_AUTHORITY
#define SECURITY_WORLD_SID_AUTHORITY
Definition: setypes.h:499
POOL_TYPE
INT POOL_TYPE
Definition: typedefs.h:76
SeServiceSid
PSID SeServiceSid
Definition: sid.c:42
_SID_AND_ATTRIBUTES
Definition: setypes.h:474
SID_AND_ATTRIBUTES
struct _SID_AND_ATTRIBUTES SID_AND_ATTRIBUTES
DOMAIN_ALIAS_RID_SYSTEM_OPS
#define DOMAIN_ALIAS_RID_SYSTEM_OPS
Definition: setypes.h:630
SECURITY_LOCAL_RID
#define SECURITY_LOCAL_RID
Definition: setypes.h:514
SeWorldSidAuthority
SID_IDENTIFIER_AUTHORITY SeWorldSidAuthority
Definition: sid.c:25
KPROCESSOR_MODE
CCHAR KPROCESSOR_MODE
Definition: ketypes.h:7
SECURITY_WORLD_RID
#define SECURITY_WORLD_RID
Definition: setypes.h:513
SeCaptureSidAndAttributesArray
NTSTATUS NTAPI SeCaptureSidAndAttributesArray(_In_ PSID_AND_ATTRIBUTES SrcSidAndAttributes, _In_ ULONG AttributeCount, _In_ KPROCESSOR_MODE PreviousMode, _In_opt_ PVOID AllocatedMem, _In_ ULONG AllocatedLength, _In_ POOL_TYPE PoolType, _In_ BOOLEAN CaptureIfKernel, _Out_ PSID_AND_ATTRIBUTES *CapturedSidAndAttributes, _Out_ PULONG ResultLength)
Definition: sid.c:358
SECURITY_ANONYMOUS_LOGON_RID
#define SECURITY_ANONYMOUS_LOGON_RID
Definition: setypes.h:535
SeAliasUsersSid
PSID SeAliasUsersSid
Definition: sid.c:48
SeAliasGuestsSid
PSID SeAliasGuestsSid
Definition: sid.c:49
PSID
struct _SID * PSID
Definition: eventlog.c:35
ASSERT
ASSERT((InvokeOnSuccess||InvokeOnError||InvokeOnCancel) ?(CompletionRoutine !=NULL) :TRUE)
SECURITY_CREATOR_OWNER_RID
#define SECURITY_CREATOR_OWNER_RID
Definition: setypes.h:517
ExAllocatePoolWithTag
#define ExAllocatePoolWithTag(hernya, size, tag)
Definition: env_spec_w32.h:350
SECURITY_NULL_RID
#define SECURITY_NULL_RID
Definition: setypes.h:512
UCHAR
unsigned char UCHAR
Definition: xmlstorage.h:181
SeAuthenticatedUserSid
PSID SeAuthenticatedUserSid
Definition: sid.c:45
ProbeForRead
VOID NTAPI ProbeForRead(IN CONST VOID *Address, IN SIZE_T Length, IN ULONG Alignment)
Definition: exintrin.c:102
SeWorldSid
PSID SeWorldSid
Definition: sid.c:31
RtlLengthRequiredSid
ULONG NTAPI RtlLengthRequiredSid(IN ULONG SubAuthorityCount)
Definition: sid.c:54
SeLocalSid
PSID SeLocalSid
Definition: sid.c:32
_SID_IDENTIFIER_AUTHORITY
Definition: ms-dtyp.idl:194
SeAuthenticatedUsersSid
PSID SeAuthenticatedUsersSid
Definition: sid.c:55
SeAliasPowerUsersSid
PSID SeAliasPowerUsersSid
Definition: sid.c:50
SECURITY_NETWORK_SERVICE_RID
#define SECURITY_NETWORK_SERVICE_RID
Definition: setypes.h:548
Status
Status
Definition: gdiplustypes.h:24
_In_
#define _In_
Definition: no_sal2.h:204
SeNetworkSid
PSID SeNetworkSid
Definition: sid.c:39
SeNullSidAuthority
SID_IDENTIFIER_AUTHORITY SeNullSidAuthority
Definition: sid.c:24
SECURITY_CREATOR_GROUP_RID
#define SECURITY_CREATOR_GROUP_RID
Definition: setypes.h:518
_SEH2_END
_SEH2_END
Definition: create.c:4424
RtlInitializeSid
NTSTATUS NTAPI RtlInitializeSid(IN PSID Sid_, IN PSID_IDENTIFIER_AUTHORITY IdentifierAuthority, IN UCHAR SubAuthorityCount)
Definition: sid.c:68
DOMAIN_ALIAS_RID_USERS
#define DOMAIN_ALIAS_RID_USERS
Definition: setypes.h:625
RequiredLength
_In_ ULONG _Out_opt_ PULONG RequiredLength
Definition: wmifuncs.h:29
_SID_AND_ATTRIBUTES::Attributes
$ULONG Attributes
Definition: setypes.h:480
FIELD_OFFSET
#define FIELD_OFFSET(t, f)
Definition: typedefs.h:254
_SID::SubAuthorityCount
BYTE SubAuthorityCount
Definition: ms-dtyp.idl:200
PULONG
unsigned int * PULONG
Definition: retypes.h:1
SECURITY_RESTRICTED_CODE_RID
#define SECURITY_RESTRICTED_CODE_RID
Definition: setypes.h:541
SeCreatorGroupSid
PSID SeCreatorGroupSid
Definition: sid.c:34
SeRestrictedSid
PSID SeRestrictedSid
Definition: sid.c:56
SeCreatorGroupServerSid
PSID SeCreatorGroupServerSid
Definition: sid.c:36
SeNetworkServiceSid
PSID SeNetworkServiceSid
Definition: sid.c:59
SECURITY_CREATOR_OWNER_SERVER_RID
#define SECURITY_CREATOR_OWNER_SERVER_RID
Definition: setypes.h:519
SeRestrictedCodeSid
PSID SeRestrictedCodeSid
Definition: sid.c:46
DOMAIN_ALIAS_RID_PRINT_OPS
#define DOMAIN_ALIAS_RID_PRINT_OPS
Definition: setypes.h:631
OUT
#define OUT
Definition: typedefs.h:39
SECURITY_SERVICE_RID
#define SECURITY_SERVICE_RID
Definition: setypes.h:534
ULONG
unsigned int ULONG
Definition: retypes.h:1
ALIGN_UP_BY
#define ALIGN_UP_BY(size, align)
Definition: GetWindowPlacement.c:13
SeLocalSidAuthority
SID_IDENTIFIER_AUTHORITY SeLocalSidAuthority
Definition: sid.c:26
_SEH2_EXCEPT
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:6
_SID::Revision
BYTE Revision
Definition: ms-dtyp.idl:199
SeCreatorOwnerSid
PSID SeCreatorOwnerSid
Definition: sid.c:33
SeAliasSystemOpsSid
PSID SeAliasSystemOpsSid
Definition: sid.c:52
ExFreePoolWithTag
#define ExFreePoolWithTag(_P, _T)
Definition: module.h:1099
_SEH2_GetExceptionCode
#define _SEH2_GetExceptionCode()
Definition: pseh2_64.h:12
SeInteractiveSid
PSID SeInteractiveSid
Definition: sid.c:41
SeNullSid
PSID SeNullSid
Definition: sid.c:30
SeNtSidAuthority
SID_IDENTIFIER_AUTHORITY SeNtSidAuthority
Definition: sid.c:28
STATUS_SUCCESS
return STATUS_SUCCESS
Definition: btrfs.c:2938
PoolType
_Must_inspect_result_ _In_ FLT_CONTEXT_TYPE _In_ SIZE_T _In_ POOL_TYPE PoolType
Definition: fltkernel.h:1444
NewSid
_In_ PSID _In_ PSID NewSid
Definition: rtlfuncs.h:2815
DOMAIN_ALIAS_RID_ADMINS
#define DOMAIN_ALIAS_RID_ADMINS
Definition: setypes.h:624
SepInitSecurityIDs
BOOLEAN INIT_FUNCTION NTAPI SepInitSecurityIDs(VOID)
Definition: sid.c:100
SECURITY_CREATOR_SID_AUTHORITY
#define SECURITY_CREATOR_SID_AUTHORITY
Definition: setypes.h:505
SeNtAuthoritySid
PSID SeNtAuthoritySid
Definition: sid.c:37
SeAliasAccountOpsSid
PSID SeAliasAccountOpsSid
Definition: sid.c:51