16#define SE_MAXIMUM_GROUP_LIMIT 0x1000
360 else if (!CaptureIfKernel)
362 *CapturedSid = InputSid;
407 if (CapturedSid !=
NULL &&
454 ULONG SidCount, SidLength;
462 Sid = PrincipalSelfSid;
469 SidAndAttributes =
Token->RestrictedSids;
470 SidCount =
Token->RestrictedSidCount;
475 SidAndAttributes =
Token->UserAndGroups;
476 SidCount =
Token->UserAndGroupCount;
485 for (SidIndex = 0; SidIndex < SidCount; SidIndex++)
487 TokenSid = (
PISID)SidAndAttributes->
Sid;
491 DPRINT1(
"SID in Token: %wZ\n", &sidString);
584 switch (
Ace->Header.AceType)
601 GuidSize +=
sizeof(
GUID);
606 GuidSize +=
sizeof(
GUID);
615 DPRINT1(
"SepGetSidFromAce(): Unknown ACE type (Ace 0x%p, Type %u)\n",
Ace,
Ace->Header.AceType);
705 ULONG TempArrayValidate, TempLengthValidate;
713 ValidateArray =
NULL;
714 SidAndAttributes =
NULL;
715 *CapturedSidAndAttributes =
NULL;
718 if (AttributeCount == 0)
725 DPRINT1(
"SeCaptureSidAndAttributesArray(): Maximum group limit exceeded!\n");
731 *CapturedSidAndAttributes = SrcSidAndAttributes;
747 TempArrayValidate = AttributeCount *
sizeof(
SID_VALIDATE);
761 for (
i = 0;
i < AttributeCount;
i++)
764 Sid = SrcSidAndAttributes[
i].Sid;
776 ValidateArray[
i].ProbeSid =
Sid;
796 for (
i = 0;
i < AttributeCount;
i++)
799 Sid = SrcSidAndAttributes[
i].Sid;
812 if (AllocatedMem ==
NULL)
818 if (SidAndAttributes ==
NULL)
820 DPRINT1(
"SeCaptureSidAndAttributesArray(): Failed to allocate memory for SID and attributes array (requested size -> %lu)!\n",
RequiredLength);
829 SidAndAttributes = AllocatedMem;
834 DPRINT1(
"SeCaptureSidAndAttributesArray(): The provided buffer is small (expected size -> %lu || current size -> %lu)!\n",
RequiredLength, AllocatedLength);
839 *CapturedSidAndAttributes = SidAndAttributes;
847 CurrentDest = (
PUCHAR)SidAndAttributes;
851 for (
i = 0;
i < AttributeCount;
i++)
860 SidAndAttributes[
i].
Attributes = SrcSidAndAttributes[
i].Attributes;
863 SidAndAttributes[
i].
Sid = (
PSID)CurrentDest;
874 DPRINT1(
"SeCaptureSidAndAttributesArray(): The subauthority counts have changed (captured count -> %u || current count -> %u)\n",
884 DPRINT1(
"SeCaptureSidAndAttributesArray(): The SID lengths have changed (captured length -> %lu || current length -> %lu)\n",
893 DPRINT1(
"SeCaptureSidAndAttributesArray(): The SID is not valid!\n");
911 CurrentDest = (
PUCHAR)SidAndAttributes;
915 for (
i = 0;
i < AttributeCount;
i++)
918 Sid = SrcSidAndAttributes[
i].Sid;
922 SidAndAttributes[
i].
Attributes = SrcSidAndAttributes[
i].Attributes;
925 SidAndAttributes[
i].
Sid = (
PSID)CurrentDest;
938 if ((SidAndAttributes != AllocatedMem) && (SidAndAttributes !=
NULL))
945 *CapturedSidAndAttributes =
NULL;
983 if ((CapturedSidAndAttributes !=
NULL) &&
#define ALIGN_UP_BY(size, align)
#define NT_SUCCESS(StatCode)
UNICODE_STRING Restricted
static const WCHAR Cleanup[]
#define ExAllocatePoolWithTag(hernya, size, tag)
VOID NTAPI ProbeForRead(IN CONST VOID *Address, IN SIZE_T Length, IN ULONG Alignment)
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
#define EXCEPTION_EXECUTE_HANDLER
#define RtlEqualMemory(dst, src, len)
#define ExFreePoolWithTag(_P, _T)
NTSYSAPI PULONG NTAPI RtlSubAuthoritySid(_In_ PSID Sid, _In_ ULONG SubAuthority)
NTSYSAPI ULONG NTAPI RtlLengthRequiredSid(IN ULONG SubAuthorityCount)
_In_ PSID_IDENTIFIER_AUTHORITY _In_ UCHAR SubAuthorityCount
NTSYSAPI ULONG NTAPI RtlLengthSid(IN PSID Sid)
NTSYSAPI BOOLEAN NTAPI RtlValidSid(IN PSID Sid)
_In_ ULONG _In_ ACCESS_MASK _In_ PSID Sid
NTSYSAPI BOOLEAN NTAPI RtlEqualSid(_In_ PSID Sid1, _In_ PSID Sid2)
#define SE_GROUP_USE_FOR_DENY_ONLY
NTSYSAPI VOID NTAPI RtlFreeUnicodeString(PUNICODE_STRING UnicodeString)
NTSYSAPI NTSTATUS NTAPI RtlConvertSidToUnicodeString(OUT PUNICODE_STRING DestinationString, IN PVOID Sid, IN BOOLEAN AllocateDestinationString)
NTSYSAPI NTSTATUS NTAPI RtlInitializeSid(IN OUT PSID Sid, IN PSID_IDENTIFIER_AUTHORITY IdentifierAuthority, IN UCHAR SubAuthorityCount)
struct _KNOWN_OBJECT_ACE * PKNOWN_OBJECT_ACE
VOID NTAPI SepReleaseSid(_In_ PSID CapturedSid, _In_ KPROCESSOR_MODE AccessMode, _In_ BOOLEAN CaptureIfKernel)
Releases a captured SID.
struct _SID_VALIDATE SID_VALIDATE
SID_IDENTIFIER_AUTHORITY SeCreatorSidAuthority
PSID SeAliasAccountOpsSid
NTSTATUS NTAPI SepCaptureSid(_In_ PSID InputSid, _In_ KPROCESSOR_MODE AccessMode, _In_ POOL_TYPE PoolType, _In_ BOOLEAN CaptureIfKernel, _Out_ PSID *CapturedSid)
Captures a SID.
VOID NTAPI SeReleaseSidAndAttributesArray(_In_ _Post_invalid_ PSID_AND_ATTRIBUTES CapturedSidAndAttributes, _In_ KPROCESSOR_MODE AccessMode, _In_ BOOLEAN CaptureIfKernel)
Releases a captured SID with attributes.
BOOLEAN NTAPI SepSidInToken(_In_ PACCESS_TOKEN _Token, _In_ PSID Sid)
Checks if a SID is present in a token.
SID_IDENTIFIER_AUTHORITY SeWorldSidAuthority
PSID SeCreatorOwnerServerSid
PSID SeAliasPowerUsersSid
PSID SeAuthenticatedUserSid
BOOLEAN NTAPI SepInitSecurityIDs(VOID)
Initializes all the SIDs known in the system.
PSID NTAPI SepGetSidFromAce(_In_ PACE Ace)
Captures a security identifier from a given access control entry. This identifier is valid for the wh...
VOID NTAPI FreeInitializedSids(VOID)
Frees all the known initialized SIDs in the system from the memory.
SID_IDENTIFIER_AUTHORITY SeNullSidAuthority
PSID SeCreatorGroupServerSid
SID_IDENTIFIER_AUTHORITY SeNtSidAuthority
SID_IDENTIFIER_AUTHORITY SeLocalSidAuthority
NTSTATUS NTAPI SeCaptureSidAndAttributesArray(_In_ PSID_AND_ATTRIBUTES SrcSidAndAttributes, _In_ ULONG AttributeCount, _In_ KPROCESSOR_MODE PreviousMode, _In_opt_ PVOID AllocatedMem, _In_ ULONG AllocatedLength, _In_ POOL_TYPE PoolType, _In_ BOOLEAN CaptureIfKernel, _Out_ PSID_AND_ATTRIBUTES *CapturedSidAndAttributes, _Out_ PULONG ResultLength)
Captures a SID with attributes.
struct _SID_VALIDATE * PSID_VALIDATE
#define SE_MAXIMUM_GROUP_LIMIT
PSID SeAuthenticatedUsersSid
BOOLEAN NTAPI SepSidInTokenEx(_In_ PACCESS_TOKEN _Token, _In_ PSID PrincipalSelfSid, _In_ PSID _Sid, _In_ BOOLEAN Deny, _In_ BOOLEAN Restricted)
Checks if a SID is present in a token.
#define STATUS_INVALID_SID
#define _SEH2_GetExceptionCode()
#define _SEH2_EXCEPT(...)
#define _SEH2_YIELD(__stmt)
#define STATUS_BUFFER_TOO_SMALL
#define TAG_SID_AND_ATTRIBUTES
#define FIELD_OFFSET(t, f)
#define RtlCopyMemory(Destination, Source, Length)
#define STATUS_INVALID_PARAMETER
#define STATUS_INSUFFICIENT_RESOURCES
_Must_inspect_result_ _In_ WDFDEVICE _In_ DEVICE_REGISTRY_PROPERTY _In_ ULONG _Out_ PULONG ResultLength
_Must_inspect_result_ _In_ WDFDEVICE _In_ DEVICE_REGISTRY_PROPERTY _In_ _Strict_type_match_ POOL_TYPE PoolType
_In_ ULONG _Out_opt_ PULONG RequiredLength
_Must_inspect_result_ _In_ ULONG Flags
#define POOL_RAISE_IF_ALLOCATION_FAILURE
_In_ PEPROCESS _In_ KPROCESSOR_MODE AccessMode
_In_ PSID _In_ PSID NewSid
_In_ KPROCESSOR_MODE PreviousMode
#define SECURITY_ANONYMOUS_LOGON_RID
#define DOMAIN_ALIAS_RID_USERS
#define DOMAIN_ALIAS_RID_GUESTS
#define SECURITY_BUILTIN_DOMAIN_RID
#define SECURITY_LOCAL_SID_AUTHORITY
#define SECURITY_LOCAL_RID
#define SECURITY_DIALUP_RID
#define SECURITY_SERVICE_RID
#define ACE_INHERITED_OBJECT_TYPE_PRESENT
#define SECURITY_INTERACTIVE_RID
#define SECURITY_WORLD_SID_AUTHORITY
#define SECURITY_WORLD_RID
#define SECURITY_CREATOR_GROUP_SERVER_RID
#define DOMAIN_ALIAS_RID_SYSTEM_OPS
#define ACCESS_DENIED_OBJECT_ACE_TYPE
#define SYSTEM_AUDIT_ACE_TYPE
#define ACCESS_ALLOWED_ACE_TYPE
#define SECURITY_LOCAL_SYSTEM_RID
#define SECURITY_AUTHENTICATED_USER_RID
#define SECURITY_NULL_RID
#define DOMAIN_ALIAS_RID_ACCOUNT_OPS
#define SECURITY_RESTRICTED_CODE_RID
#define SECURITY_NT_AUTHORITY
#define SYSTEM_ALARM_ACE_TYPE
#define DOMAIN_ALIAS_RID_BACKUP_OPS
#define SECURITY_BATCH_RID
#define ACCESS_DENIED_ACE_TYPE
#define DOMAIN_ALIAS_RID_PRINT_OPS
#define SECURITY_CREATOR_OWNER_SERVER_RID
#define SECURITY_LOCAL_SERVICE_RID
#define SECURITY_PRINCIPAL_SELF_RID
#define SECURITY_CREATOR_OWNER_RID
#define DOMAIN_ALIAS_RID_POWER_USERS
struct _SID_AND_ATTRIBUTES SID_AND_ATTRIBUTES
#define ACE_OBJECT_TYPE_PRESENT
#define ACCESS_ALLOWED_OBJECT_ACE_TYPE
#define SECURITY_NULL_SID_AUTHORITY
#define SECURITY_NETWORK_RID
#define SECURITY_NETWORK_SERVICE_RID
#define DOMAIN_ALIAS_RID_ADMINS
#define SECURITY_CREATOR_SID_AUTHORITY
#define SECURITY_CREATOR_GROUP_RID