16 #define SE_MAXIMUM_GROUP_LIMIT 0x1000 360 else if (!CaptureIfKernel)
362 *CapturedSid = InputSid;
407 if (CapturedSid !=
NULL &&
454 ULONG SidCount, SidLength;
462 Sid = PrincipalSelfSid;
469 SidAndAttributes =
Token->RestrictedSids;
470 SidCount =
Token->RestrictedSidCount;
475 SidAndAttributes =
Token->UserAndGroups;
476 SidCount =
Token->UserAndGroupCount;
485 for (SidIndex = 0; SidIndex < SidCount; SidIndex++)
487 TokenSid = (
PISID)SidAndAttributes->
Sid;
491 DPRINT1(
"SID in Token: %wZ\n", &sidString);
708 ULONG TempArrayValidate, TempLengthValidate;
716 ValidateArray =
NULL;
717 SidAndAttributes =
NULL;
718 *CapturedSidAndAttributes =
NULL;
721 if (AttributeCount == 0)
728 DPRINT1(
"SeCaptureSidAndAttributesArray(): Maximum group limit exceeded!\n");
734 *CapturedSidAndAttributes = SrcSidAndAttributes;
750 TempArrayValidate = AttributeCount *
sizeof(
SID_VALIDATE);
764 for (
i = 0;
i < AttributeCount;
i++)
767 Sid = SrcSidAndAttributes[
i].Sid;
779 ValidateArray[
i].ProbeSid =
Sid;
799 for (
i = 0;
i < AttributeCount;
i++)
802 Sid = SrcSidAndAttributes[
i].Sid;
815 if (AllocatedMem ==
NULL)
821 if (SidAndAttributes ==
NULL)
823 DPRINT1(
"SeCaptureSidAndAttributesArray(): Failed to allocate memory for SID and attributes array (requested size -> %lu)!\n",
RequiredLength);
832 SidAndAttributes = AllocatedMem;
837 DPRINT1(
"SeCaptureSidAndAttributesArray(): The provided buffer is small (expected size -> %lu || current size -> %lu)!\n",
RequiredLength, AllocatedLength);
842 *CapturedSidAndAttributes = SidAndAttributes;
850 CurrentDest = (
PUCHAR)SidAndAttributes;
854 for (
i = 0;
i < AttributeCount;
i++)
863 SidAndAttributes[
i].
Attributes = SrcSidAndAttributes[
i].Attributes;
866 SidAndAttributes[
i].
Sid = (
PSID)CurrentDest;
877 DPRINT1(
"SeCaptureSidAndAttributesArray(): The subauthority counts have changed (captured count -> %u || current count -> %u)\n",
887 DPRINT1(
"SeCaptureSidAndAttributesArray(): The SID lengths have changed (captured length -> %lu || current length -> %lu)\n",
896 DPRINT1(
"SeCaptureSidAndAttributesArray(): The SID is not valid!\n");
914 CurrentDest = (
PUCHAR)SidAndAttributes;
918 for (
i = 0;
i < AttributeCount;
i++)
921 Sid = SrcSidAndAttributes[
i].Sid;
925 SidAndAttributes[
i].
Attributes = SrcSidAndAttributes[
i].Attributes;
928 SidAndAttributes[
i].
Sid = (
PSID)CurrentDest;
941 if ((SidAndAttributes != AllocatedMem) && (SidAndAttributes !=
NULL))
948 *CapturedSidAndAttributes =
NULL;
986 if ((CapturedSidAndAttributes !=
NULL) &&
#define SECURITY_BATCH_RID
#define SE_MAXIMUM_GROUP_LIMIT
#define SECURITY_AUTHENTICATED_USER_RID
#define SECURITY_LOCAL_SYSTEM_RID
#define TAG_SID_AND_ATTRIBUTES
#define DOMAIN_ALIAS_RID_GUESTS
#define STATUS_INSUFFICIENT_RESOURCES
VOID NTAPI FreeInitializedSids(VOID)
Frees all the known initialized SIDs in the system from the memory.
#define STATUS_INVALID_PARAMETER
#define DOMAIN_ALIAS_RID_ACCOUNT_OPS
#define SECURITY_DIALUP_RID
VOID NTAPI SeReleaseSidAndAttributesArray(_In_ _Post_invalid_ PSID_AND_ATTRIBUTES CapturedSidAndAttributes, _In_ KPROCESSOR_MODE AccessMode, _In_ BOOLEAN CaptureIfKernel)
Releases a captured SID with attributes.
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
#define SECURITY_NETWORK_RID
#define DOMAIN_ALIAS_RID_POWER_USERS
#define SECURITY_INTERACTIVE_RID
#define SECURITY_NULL_SID_AUTHORITY
#define STATUS_BUFFER_TOO_SMALL
BOOLEAN NTAPI RtlEqualSid(IN PSID Sid1_, IN PSID Sid2_)
PULONG NTAPI RtlSubAuthoritySid(IN PSID Sid_, IN ULONG SubAuthority)
#define SECURITY_PRINCIPAL_SELF_RID
PSID SeCreatorOwnerServerSid
NTSTATUS NTAPI RtlConvertSidToUnicodeString(IN PUNICODE_STRING String, IN PSID Sid_, IN BOOLEAN AllocateBuffer)
NTSTATUS(* NTAPI)(IN PFILE_FULL_EA_INFORMATION EaBuffer, IN ULONG EaLength, OUT PULONG ErrorOffset)
NTSTATUS NTAPI SepCaptureSid(_In_ PSID InputSid, _In_ KPROCESSOR_MODE AccessMode, _In_ POOL_TYPE PoolType, _In_ BOOLEAN CaptureIfKernel, _Out_ PSID *CapturedSid)
Captures a SID.
struct _SID_VALIDATE SID_VALIDATE
SID_IDENTIFIER_AUTHORITY SeCreatorSidAuthority
#define ACCESS_DENIED_OBJECT_ACE_TYPE
#define SECURITY_LOCAL_SID_AUTHORITY
BOOLEAN NTAPI SepInitSecurityIDs(VOID)
Initializes all the SIDs known in the system.
_In_ PEPROCESS _In_ KPROCESSOR_MODE AccessMode
ULONG NTAPI RtlLengthSid(IN PSID Sid_)
_In_ ULONG _In_ ACCESS_MASK _In_ PSID Sid
#define STATUS_INVALID_SID
#define SECURITY_LOCAL_SERVICE_RID
#define SECURITY_NT_AUTHORITY
UNICODE_STRING Restricted
BOOLEAN NTAPI RtlValidSid(IN PSID Sid_)
_In_ KPROCESSOR_MODE PreviousMode
struct _SID_VALIDATE * PSID_VALIDATE
#define SECURITY_CREATOR_GROUP_SERVER_RID
#define SECURITY_BUILTIN_DOMAIN_RID
NTSYSAPI ULONG NTAPI RtlEqualMemory(CONST VOID *Source1, CONST VOID *Source2, ULONG Length)
#define NT_SUCCESS(StatCode)
#define DOMAIN_ALIAS_RID_BACKUP_OPS
#define SECURITY_WORLD_SID_AUTHORITY
#define EXCEPTION_EXECUTE_HANDLER
struct _SID_AND_ATTRIBUTES SID_AND_ATTRIBUTES
BOOLEAN NTAPI SepSidInTokenEx(_In_ PACCESS_TOKEN _Token, _In_ PSID PrincipalSelfSid, _In_ PSID _Sid, _In_ BOOLEAN Deny, _In_ BOOLEAN Restricted)
Checks if a SID is present in a token.
#define DOMAIN_ALIAS_RID_SYSTEM_OPS
#define SECURITY_LOCAL_RID
#define ACCESS_ALLOWED_ACE_TYPE
#define ACCESS_ALLOWED_OBJECT_ACE_TYPE
SID_IDENTIFIER_AUTHORITY SeWorldSidAuthority
NTSYSAPI VOID NTAPI RtlFreeUnicodeString(PUNICODE_STRING UnicodeString)
#define SECURITY_WORLD_RID
NTSTATUS NTAPI SeCaptureSidAndAttributesArray(_In_ PSID_AND_ATTRIBUTES SrcSidAndAttributes, _In_ ULONG AttributeCount, _In_ KPROCESSOR_MODE PreviousMode, _In_opt_ PVOID AllocatedMem, _In_ ULONG AllocatedLength, _In_ POOL_TYPE PoolType, _In_ BOOLEAN CaptureIfKernel, _Out_ PSID_AND_ATTRIBUTES *CapturedSidAndAttributes, _Out_ PULONG ResultLength)
Captures a SID with attributes.
#define ACCESS_DENIED_ACE_TYPE
#define SECURITY_ANONYMOUS_LOGON_RID
#define SECURITY_CREATOR_OWNER_RID
#define ExAllocatePoolWithTag(hernya, size, tag)
#define SECURITY_NULL_RID
VOID NTAPI SepReleaseSid(_In_ PSID CapturedSid, _In_ KPROCESSOR_MODE AccessMode, _In_ BOOLEAN CaptureIfKernel)
Releases a captured SID.
PSID SeAuthenticatedUserSid
VOID NTAPI ProbeForRead(IN CONST VOID *Address, IN SIZE_T Length, IN ULONG Alignment)
ULONG NTAPI RtlLengthRequiredSid(IN ULONG SubAuthorityCount)
#define SE_GROUP_USE_FOR_DENY_ONLY
PSID SeAuthenticatedUsersSid
_In_ PSID_IDENTIFIER_AUTHORITY _In_ UCHAR SubAuthorityCount
static const WCHAR Cleanup[]
PSID SeAliasPowerUsersSid
#define SECURITY_NETWORK_SERVICE_RID
static const ACEFLAG AceType[]
SID_IDENTIFIER_AUTHORITY SeNullSidAuthority
#define SECURITY_CREATOR_GROUP_RID
BOOLEAN NTAPI SepSidInToken(_In_ PACCESS_TOKEN _Token, _In_ PSID Sid)
Checks if a SID is present in a token.
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
NTSTATUS NTAPI RtlInitializeSid(IN PSID Sid_, IN PSID_IDENTIFIER_AUTHORITY IdentifierAuthority, IN UCHAR SubAuthorityCount)
#define DOMAIN_ALIAS_RID_USERS
#define FIELD_OFFSET(t, f)
_In_ ULONG _Out_opt_ PULONG RequiredLength
#define SECURITY_RESTRICTED_CODE_RID
PSID SeCreatorGroupServerSid
#define SECURITY_CREATOR_OWNER_SERVER_RID
#define DOMAIN_ALIAS_RID_PRINT_OPS
#define SECURITY_SERVICE_RID
_Must_inspect_result_ _In_ WDFDEVICE _In_ DEVICE_REGISTRY_PROPERTY _In_ _Strict_type_match_ POOL_TYPE PoolType
#define ALIGN_UP_BY(size, align)
SID_IDENTIFIER_AUTHORITY SeLocalSidAuthority
#define RtlCopyMemory(Destination, Source, Length)
_Must_inspect_result_ _In_ WDFDEVICE _In_ DEVICE_REGISTRY_PROPERTY _In_ ULONG _Out_ PULONG ResultLength
#define _SEH2_EXCEPT(...)
#define POOL_RAISE_IF_ALLOCATION_FAILURE
#define _SEH2_GetExceptionCode()
#define _SEH2_YIELD(__stmt)
SID_IDENTIFIER_AUTHORITY SeNtSidAuthority
#define ExFreePoolWithTag(_P, _T)
_In_ PSID _In_ PSID NewSid
#define DOMAIN_ALIAS_RID_ADMINS
#define SECURITY_CREATOR_SID_AUTHORITY
PSID NTAPI SepGetSidFromAce(_In_ UCHAR AceType, _In_ PACE Ace)
Captures a security identifier from a given access control entry. This identifier is valid for the wh...
PSID SeAliasAccountOpsSid