ReactOS 0.4.15-dev-7788-g1ad9096
sid.c
Go to the documentation of this file.
1/*
2 * PROJECT: ReactOS Kernel
3 * LICENSE: GPL-2.0-or-later (https://spdx.org/licenses/GPL-2.0-or-later)
4 * PURPOSE: Security Identifier (SID) implementation support and handling
5 * COPYRIGHT: Copyright David Welch <welch@cwcom.net>
6 */
7
8/* INCLUDES *******************************************************************/
9
10#include <ntoskrnl.h>
11#define NDEBUG
12#include <debug.h>
13
14/* GLOBALS ********************************************************************/
15
16#define SE_MAXIMUM_GROUP_LIMIT 0x1000
17
23
54
55typedef struct _SID_VALIDATE
56{
60
61/* FUNCTIONS ******************************************************************/
62
70VOID
73{
102}
103
112CODE_SEG("INIT")
114NTAPI
116{
117 ULONG SidLength0;
118 ULONG SidLength1;
119 ULONG SidLength2;
120 PULONG SubAuthority;
121
122 SidLength0 = RtlLengthRequiredSid(0);
123 SidLength1 = RtlLengthRequiredSid(1);
124 SidLength2 = RtlLengthRequiredSid(2);
125
126 /* create NullSid */
157
158 if (SeNullSid == NULL || SeWorldSid == NULL ||
173 {
175 return FALSE;
176 }
177
208
209 SubAuthority = RtlSubAuthoritySid(SeNullSid, 0);
210 *SubAuthority = SECURITY_NULL_RID;
211 SubAuthority = RtlSubAuthoritySid(SeWorldSid, 0);
212 *SubAuthority = SECURITY_WORLD_RID;
213 SubAuthority = RtlSubAuthoritySid(SeLocalSid, 0);
214 *SubAuthority = SECURITY_LOCAL_RID;
215 SubAuthority = RtlSubAuthoritySid(SeCreatorOwnerSid, 0);
216 *SubAuthority = SECURITY_CREATOR_OWNER_RID;
217 SubAuthority = RtlSubAuthoritySid(SeCreatorGroupSid, 0);
218 *SubAuthority = SECURITY_CREATOR_GROUP_RID;
220 *SubAuthority = SECURITY_CREATOR_OWNER_SERVER_RID;
222 *SubAuthority = SECURITY_CREATOR_GROUP_SERVER_RID;
223 SubAuthority = RtlSubAuthoritySid(SeDialupSid, 0);
224 *SubAuthority = SECURITY_DIALUP_RID;
225 SubAuthority = RtlSubAuthoritySid(SeNetworkSid, 0);
226 *SubAuthority = SECURITY_NETWORK_RID;
227 SubAuthority = RtlSubAuthoritySid(SeBatchSid, 0);
228 *SubAuthority = SECURITY_BATCH_RID;
229 SubAuthority = RtlSubAuthoritySid(SeInteractiveSid, 0);
230 *SubAuthority = SECURITY_INTERACTIVE_RID;
231 SubAuthority = RtlSubAuthoritySid(SeServiceSid, 0);
232 *SubAuthority = SECURITY_SERVICE_RID;
233 SubAuthority = RtlSubAuthoritySid(SePrincipalSelfSid, 0);
234 *SubAuthority = SECURITY_PRINCIPAL_SELF_RID;
235 SubAuthority = RtlSubAuthoritySid(SeLocalSystemSid, 0);
236 *SubAuthority = SECURITY_LOCAL_SYSTEM_RID;
238 *SubAuthority = SECURITY_AUTHENTICATED_USER_RID;
239 SubAuthority = RtlSubAuthoritySid(SeRestrictedCodeSid, 0);
240 *SubAuthority = SECURITY_RESTRICTED_CODE_RID;
241 SubAuthority = RtlSubAuthoritySid(SeAliasAdminsSid, 0);
242 *SubAuthority = SECURITY_BUILTIN_DOMAIN_RID;
243 SubAuthority = RtlSubAuthoritySid(SeAliasAdminsSid, 1);
244 *SubAuthority = DOMAIN_ALIAS_RID_ADMINS;
245 SubAuthority = RtlSubAuthoritySid(SeAliasUsersSid, 0);
246 *SubAuthority = SECURITY_BUILTIN_DOMAIN_RID;
247 SubAuthority = RtlSubAuthoritySid(SeAliasUsersSid, 1);
248 *SubAuthority = DOMAIN_ALIAS_RID_USERS;
249 SubAuthority = RtlSubAuthoritySid(SeAliasGuestsSid, 0);
250 *SubAuthority = SECURITY_BUILTIN_DOMAIN_RID;
251 SubAuthority = RtlSubAuthoritySid(SeAliasGuestsSid, 1);
252 *SubAuthority = DOMAIN_ALIAS_RID_GUESTS;
253 SubAuthority = RtlSubAuthoritySid(SeAliasPowerUsersSid, 0);
254 *SubAuthority = SECURITY_BUILTIN_DOMAIN_RID;
255 SubAuthority = RtlSubAuthoritySid(SeAliasPowerUsersSid, 1);
256 *SubAuthority = DOMAIN_ALIAS_RID_POWER_USERS;
257 SubAuthority = RtlSubAuthoritySid(SeAliasAccountOpsSid, 0);
258 *SubAuthority = SECURITY_BUILTIN_DOMAIN_RID;
259 SubAuthority = RtlSubAuthoritySid(SeAliasAccountOpsSid, 1);
260 *SubAuthority = DOMAIN_ALIAS_RID_ACCOUNT_OPS;
261 SubAuthority = RtlSubAuthoritySid(SeAliasSystemOpsSid, 0);
262 *SubAuthority = SECURITY_BUILTIN_DOMAIN_RID;
263 SubAuthority = RtlSubAuthoritySid(SeAliasSystemOpsSid, 1);
264 *SubAuthority = DOMAIN_ALIAS_RID_SYSTEM_OPS;
265 SubAuthority = RtlSubAuthoritySid(SeAliasPrintOpsSid, 0);
266 *SubAuthority = SECURITY_BUILTIN_DOMAIN_RID;
267 SubAuthority = RtlSubAuthoritySid(SeAliasPrintOpsSid, 1);
268 *SubAuthority = DOMAIN_ALIAS_RID_PRINT_OPS;
269 SubAuthority = RtlSubAuthoritySid(SeAliasBackupOpsSid, 0);
270 *SubAuthority = SECURITY_BUILTIN_DOMAIN_RID;
271 SubAuthority = RtlSubAuthoritySid(SeAliasBackupOpsSid, 1);
272 *SubAuthority = DOMAIN_ALIAS_RID_BACKUP_OPS;
274 *SubAuthority = SECURITY_AUTHENTICATED_USER_RID;
275 SubAuthority = RtlSubAuthoritySid(SeRestrictedSid, 0);
276 *SubAuthority = SECURITY_RESTRICTED_CODE_RID;
277 SubAuthority = RtlSubAuthoritySid(SeAnonymousLogonSid, 0);
278 *SubAuthority = SECURITY_ANONYMOUS_LOGON_RID;
279 SubAuthority = RtlSubAuthoritySid(SeLocalServiceSid, 0);
280 *SubAuthority = SECURITY_LOCAL_SERVICE_RID;
281 SubAuthority = RtlSubAuthoritySid(SeNetworkServiceSid, 0);
282 *SubAuthority = SECURITY_NETWORK_SERVICE_RID;
283
284 return TRUE;
285}
286
313NTAPI
315 _In_ PSID InputSid,
318 _In_ BOOLEAN CaptureIfKernel,
319 _Out_ PSID *CapturedSid)
320{
321 ULONG SidSize = 0;
322 PISID NewSid, Sid = (PISID)InputSid;
323
324 PAGED_CODE();
325
326 if (AccessMode != KernelMode)
327 {
329 {
330 ProbeForRead(Sid, FIELD_OFFSET(SID, SubAuthority), sizeof(UCHAR));
332 ProbeForRead(Sid, SidSize, sizeof(UCHAR));
333 }
335 {
336 /* Return the exception code */
338 }
339 _SEH2_END;
340
341 /* Allocate a SID and copy it */
343 if (!NewSid)
345
347 {
348 RtlCopyMemory(NewSid, Sid, SidSize);
349
350 *CapturedSid = NewSid;
351 }
353 {
354 /* Free the SID and return the exception code */
357 }
358 _SEH2_END;
359 }
360 else if (!CaptureIfKernel)
361 {
362 *CapturedSid = InputSid;
363 }
364 else
365 {
367
368 /* Allocate a SID and copy it */
370 if (NewSid == NULL)
372
373 RtlCopyMemory(NewSid, Sid, SidSize);
374
375 *CapturedSid = NewSid;
376 }
377
378 return STATUS_SUCCESS;
379}
380
398VOID
399NTAPI
401 _In_ PSID CapturedSid,
403 _In_ BOOLEAN CaptureIfKernel)
404{
405 PAGED_CODE();
406
407 if (CapturedSid != NULL &&
409 (AccessMode == KernelMode && CaptureIfKernel)))
410 {
411 ExFreePoolWithTag(CapturedSid, TAG_SID);
412 }
413}
414
442NTAPI
444 _In_ PACCESS_TOKEN _Token,
445 _In_ PSID PrincipalSelfSid,
446 _In_ PSID _Sid,
447 _In_ BOOLEAN Deny,
449{
450 ULONG SidIndex;
451 PTOKEN Token = (PTOKEN)_Token;
452 PISID TokenSid, Sid = (PISID)_Sid;
453 PSID_AND_ATTRIBUTES SidAndAttributes;
454 ULONG SidCount, SidLength;
455 USHORT SidMetadata;
456 PAGED_CODE();
457
458 /* Check if a principal SID was given, and this is our current SID already */
459 if ((PrincipalSelfSid) && (RtlEqualSid(SePrincipalSelfSid, Sid)))
460 {
461 /* Just use the principal SID in this case */
462 Sid = PrincipalSelfSid;
463 }
464
465 /* Check if this is a restricted token or not */
466 if (Restricted)
467 {
468 /* Use the restricted SIDs and count */
469 SidAndAttributes = Token->RestrictedSids;
470 SidCount = Token->RestrictedSidCount;
471 }
472 else
473 {
474 /* Use the normal SIDs and count */
475 SidAndAttributes = Token->UserAndGroups;
476 SidCount = Token->UserAndGroupCount;
477 }
478
479 /* Do checks here by hand instead of the usual 4 function calls */
480 SidLength = FIELD_OFFSET(SID,
481 SubAuthority[Sid->SubAuthorityCount]);
482 SidMetadata = *(PUSHORT)&Sid->Revision;
483
484 /* Loop every SID */
485 for (SidIndex = 0; SidIndex < SidCount; SidIndex++)
486 {
487 TokenSid = (PISID)SidAndAttributes->Sid;
488#if SE_SID_DEBUG
489 UNICODE_STRING sidString;
490 RtlConvertSidToUnicodeString(&sidString, TokenSid, TRUE);
491 DPRINT1("SID in Token: %wZ\n", &sidString);
492 RtlFreeUnicodeString(&sidString);
493#endif
494 /* Check if the SID metadata matches */
495 if (*(PUSHORT)&TokenSid->Revision == SidMetadata)
496 {
497 /* Check if the SID data matches */
498 if (RtlEqualMemory(Sid, TokenSid, SidLength))
499 {
500 /*
501 * Check if the group is enabled, or used for deny only.
502 * Otherwise we have to check if this is the first user.
503 * We understand that by looking if this SID is not
504 * restricted, this is the first element we are iterating
505 * and that it doesn't have SE_GROUP_USE_FOR_DENY_ONLY
506 * attribute.
507 */
508 if ((!Restricted && (SidIndex == 0) && !(SidAndAttributes->Attributes & SE_GROUP_USE_FOR_DENY_ONLY)) ||
509 (SidAndAttributes->Attributes & SE_GROUP_ENABLED) ||
510 ((Deny) && (SidAndAttributes->Attributes & SE_GROUP_USE_FOR_DENY_ONLY)))
511 {
512 /* SID is present */
513 return TRUE;
514 }
515 else
516 {
517 /* SID is not present */
518 return FALSE;
519 }
520 }
521 }
522
523 /* Move to the next SID */
524 SidAndAttributes++;
525 }
526
527 /* SID is not present */
528 return FALSE;
529}
530
546NTAPI
548 _In_ PACCESS_TOKEN _Token,
549 _In_ PSID Sid)
550{
551 /* Call extended API */
552 return SepSidInTokenEx(_Token, NULL, Sid, FALSE, FALSE);
553}
554
570PSID
571NTAPI
573 _In_ PACE Ace)
574{
576 ULONG GuidSize = 0;
577 PSID Sid = NULL;
578 PAGED_CODE();
579
580 /* Sanity check */
581 ASSERT(Ace);
582
583 /* Obtain the SID based upon ACE type */
584 switch (Ace->Header.AceType)
585 {
590 {
591 Sid = (PSID)&((PKNOWN_ACE)Ace)->SidStart;
592 break;
593 }
594
597 {
600 {
601 GuidSize += sizeof(GUID);
602 }
603
605 {
606 GuidSize += sizeof(GUID);
607 }
608
609 Sid = (PSID)((ULONG_PTR)&((PKNOWN_OBJECT_ACE)Ace)->SidStart + GuidSize);
610 break;
611 }
612
613 default:
614 {
615 DPRINT1("SepGetSidFromAce(): Unknown ACE type (Ace 0x%p, Type %u)\n", Ace, Ace->Header.AceType);
616 break;
617 }
618 }
619
620 return Sid;
621}
622
692NTAPI
694 _In_ PSID_AND_ATTRIBUTES SrcSidAndAttributes,
695 _In_ ULONG AttributeCount,
697 _In_opt_ PVOID AllocatedMem,
698 _In_ ULONG AllocatedLength,
700 _In_ BOOLEAN CaptureIfKernel,
701 _Out_ PSID_AND_ATTRIBUTES *CapturedSidAndAttributes,
703{
704 ULONG ArraySize, RequiredLength, SidLength, i;
705 ULONG TempArrayValidate, TempLengthValidate;
706 PSID_AND_ATTRIBUTES SidAndAttributes;
707 _SEH2_VOLATILE PSID_VALIDATE ValidateArray;
708 PUCHAR CurrentDest;
709 PISID Sid;
711 PAGED_CODE();
712
713 ValidateArray = NULL;
714 SidAndAttributes = NULL;
715 *CapturedSidAndAttributes = NULL;
716 *ResultLength = 0;
717
718 if (AttributeCount == 0)
719 {
720 return STATUS_SUCCESS;
721 }
722
723 if (AttributeCount > SE_MAXIMUM_GROUP_LIMIT)
724 {
725 DPRINT1("SeCaptureSidAndAttributesArray(): Maximum group limit exceeded!\n");
727 }
728
729 if ((PreviousMode == KernelMode) && !CaptureIfKernel)
730 {
731 *CapturedSidAndAttributes = SrcSidAndAttributes;
732 return STATUS_SUCCESS;
733 }
734
735 ArraySize = AttributeCount * sizeof(SID_AND_ATTRIBUTES);
736 RequiredLength = ALIGN_UP_BY(ArraySize, sizeof(ULONG));
737
739 {
740 /* Check for user mode data */
742 {
743 /* First probe the whole array */
744 ProbeForRead(SrcSidAndAttributes, ArraySize, sizeof(ULONG));
745
746 /* We're in user mode, set up the size for the temporary array */
747 TempArrayValidate = AttributeCount * sizeof(SID_VALIDATE);
748 TempLengthValidate = ALIGN_UP_BY(TempArrayValidate, sizeof(ULONG));
749
750 /*
751 * Allocate a buffer for the array that we're going to
752 * temporarily hold the subauthority count and the SID
753 * elements. We'll be going to use this array to perform
754 * validation checks later.
755 */
757 TempLengthValidate,
759
760 /* Loop the array elements */
761 for (i = 0; i < AttributeCount; i++)
762 {
763 /* Get the SID and probe the minimal structure */
764 Sid = SrcSidAndAttributes[i].Sid;
765 ProbeForRead(Sid, sizeof(*Sid), sizeof(ULONG));
766
767 /*
768 * Capture the subauthority count and hold it
769 * into the temporary array for later validation.
770 * This way we ensure that the said count of each
771 * SID has remained the same.
772 */
773 ValidateArray[i].SubAuthorityCount = Sid->SubAuthorityCount;
774
775 /* Capture the SID */
776 ValidateArray[i].ProbeSid = Sid;
777
778 /* Calculate the SID length and probe the full SID */
779 SidLength = RtlLengthRequiredSid(ValidateArray[i].SubAuthorityCount);
780 ProbeForRead(ValidateArray[i].ProbeSid, SidLength, sizeof(ULONG));
781
782 /* Add the aligned length to the required length */
783 RequiredLength += ALIGN_UP_BY(SidLength, sizeof(ULONG));
784 }
785 }
787 {
789 _SEH2_YIELD(goto Cleanup);
790 }
791 _SEH2_END;
792 }
793 else
794 {
795 /* Loop the array elements */
796 for (i = 0; i < AttributeCount; i++)
797 {
798 /* Get the SID and it's length */
799 Sid = SrcSidAndAttributes[i].Sid;
801
802 /* Add the aligned length to the required length */
803 RequiredLength += ALIGN_UP_BY(SidLength, sizeof(ULONG));
804 }
805 }
806
807 /* Assume success */
810
811 /* Check if we have no buffer */
812 if (AllocatedMem == NULL)
813 {
814 /* Allocate a new buffer */
815 SidAndAttributes = ExAllocatePoolWithTag(PoolType,
818 if (SidAndAttributes == NULL)
819 {
820 DPRINT1("SeCaptureSidAndAttributesArray(): Failed to allocate memory for SID and attributes array (requested size -> %lu)!\n", RequiredLength);
822 goto Cleanup;
823 }
824 }
825 /* Otherwise check if the buffer is large enough */
826 else if (AllocatedLength >= RequiredLength)
827 {
828 /* Buffer is large enough, use it */
829 SidAndAttributes = AllocatedMem;
830 }
831 else
832 {
833 /* Buffer is too small, fail */
834 DPRINT1("SeCaptureSidAndAttributesArray(): The provided buffer is small (expected size -> %lu || current size -> %lu)!\n", RequiredLength, AllocatedLength);
836 goto Cleanup;
837 }
838
839 *CapturedSidAndAttributes = SidAndAttributes;
840
841 /* Check again for user mode */
843 {
845 {
846 /* The rest of the data starts after the array */
847 CurrentDest = (PUCHAR)SidAndAttributes;
848 CurrentDest += ALIGN_UP_BY(ArraySize, sizeof(ULONG));
849
850 /* Loop the array elements */
851 for (i = 0; i < AttributeCount; i++)
852 {
853 /*
854 * Get the SID length from the subauthority
855 * count we've captured before.
856 */
857 SidLength = RtlLengthRequiredSid(ValidateArray[i].SubAuthorityCount);
858
859 /* Copy attributes */
860 SidAndAttributes[i].Attributes = SrcSidAndAttributes[i].Attributes;
861
862 /* Copy the SID to the current destination address */
863 SidAndAttributes[i].Sid = (PSID)CurrentDest;
864 RtlCopyMemory(CurrentDest, ValidateArray[i].ProbeSid, SidLength);
865
866 /* Obtain the SID we've captured before for validation */
867 Sid = SidAndAttributes[i].Sid;
868
869 /* Validate that the subauthority count hasn't changed */
870 if (ValidateArray[i].SubAuthorityCount !=
872 {
873 /* It's changed, bail out */
874 DPRINT1("SeCaptureSidAndAttributesArray(): The subauthority counts have changed (captured count -> %u || current count -> %u)\n",
875 ValidateArray[i].SubAuthorityCount, Sid->SubAuthorityCount);
877 goto Cleanup;
878 }
879
880 /* Validate that the SID length is the same */
881 if (SidLength != RtlLengthSid(Sid))
882 {
883 /* They're no longer the same, bail out */
884 DPRINT1("SeCaptureSidAndAttributesArray(): The SID lengths have changed (captured length -> %lu || current length -> %lu)\n",
885 SidLength, RtlLengthSid(Sid));
887 goto Cleanup;
888 }
889
890 /* Check that the SID is valid */
891 if (!RtlValidSid(Sid))
892 {
893 DPRINT1("SeCaptureSidAndAttributesArray(): The SID is not valid!\n");
895 goto Cleanup;
896 }
897
898 /* Update the current destination address */
899 CurrentDest += ALIGN_UP_BY(SidLength, sizeof(ULONG));
900 }
901 }
903 {
905 }
906 _SEH2_END;
907 }
908 else
909 {
910 /* The rest of the data starts after the array */
911 CurrentDest = (PUCHAR)SidAndAttributes;
912 CurrentDest += ALIGN_UP_BY(ArraySize, sizeof(ULONG));
913
914 /* Loop the array elements */
915 for (i = 0; i < AttributeCount; i++)
916 {
917 /* Get the SID and it's length */
918 Sid = SrcSidAndAttributes[i].Sid;
920
921 /* Copy attributes */
922 SidAndAttributes[i].Attributes = SrcSidAndAttributes[i].Attributes;
923
924 /* Copy the SID to the current destination address */
925 SidAndAttributes[i].Sid = (PSID)CurrentDest;
926 RtlCopyMemory(CurrentDest, SrcSidAndAttributes[i].Sid, SidLength);
927
928 /* Update the current destination address */
929 CurrentDest += ALIGN_UP_BY(SidLength, sizeof(ULONG));
930 }
931 }
932
933Cleanup:
934 /* Check for failure */
935 if (!NT_SUCCESS(Status))
936 {
937 /* Check if we allocated a new array */
938 if ((SidAndAttributes != AllocatedMem) && (SidAndAttributes != NULL))
939 {
940 /* Free the array */
941 ExFreePoolWithTag(SidAndAttributes, TAG_SID_AND_ATTRIBUTES);
942 }
943
944 /* Set returned address to NULL */
945 *CapturedSidAndAttributes = NULL;
946 }
947
948 /* Free the temporary validation array */
949 if ((PreviousMode != KernelMode) && (ValidateArray != NULL))
950 {
951 ExFreePoolWithTag(ValidateArray, TAG_SID_VALIDATE);
952 }
953
954 return Status;
955}
956
974VOID
975NTAPI
977 _In_ _Post_invalid_ PSID_AND_ATTRIBUTES CapturedSidAndAttributes,
979 _In_ BOOLEAN CaptureIfKernel)
980{
981 PAGED_CODE();
982
983 if ((CapturedSidAndAttributes != NULL) &&
984 ((AccessMode != KernelMode) || CaptureIfKernel))
985 {
986 ExFreePoolWithTag(CapturedSidAndAttributes, TAG_SID_AND_ATTRIBUTES);
987 }
988}
989
990/* EOF */
#define PAGED_CODE()
#define ALIGN_UP_BY(size, align)
unsigned char BOOLEAN
LONG NTSTATUS
Definition: precomp.h:26
#define DPRINT1
Definition: precomp.h:8
@ Ace
Definition: card.h:12
#define NULL
Definition: types.h:112
#define TRUE
Definition: types.h:120
#define FALSE
Definition: types.h:117
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
UNICODE_STRING Restricted
Definition: utils.c:24
static const WCHAR Cleanup[]
Definition: register.c:80
#define ExAllocatePoolWithTag(hernya, size, tag)
Definition: env_spec_w32.h:350
#define PagedPool
Definition: env_spec_w32.h:308
VOID NTAPI ProbeForRead(IN CONST VOID *Address, IN SIZE_T Length, IN ULONG Alignment)
Definition: exintrin.c:102
#define _SEH2_END
Definition: filesup.c:22
#define _SEH2_TRY
Definition: filesup.c:19
Status
Definition: gdiplustypes.h:25
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:85
static CODE_SEG("PAGE")
Definition: isapnp.c:1482
#define RtlEqualMemory(a, b, c)
Definition: kdvm.h:18
#define ASSERT(a)
Definition: mode.c:44
#define ExFreePoolWithTag(_P, _T)
Definition: module.h:1109
#define for
Definition: utility.h:88
struct _SID * PSID
Definition: eventlog.c:35
#define _Post_invalid_
Definition: ms_sal.h:695
#define _Out_
Definition: ms_sal.h:345
#define _In_
Definition: ms_sal.h:308
#define _In_opt_
Definition: ms_sal.h:309
#define KernelMode
Definition: asm.h:34
NTSYSAPI PULONG NTAPI RtlSubAuthoritySid(_In_ PSID Sid, _In_ ULONG SubAuthority)
NTSYSAPI ULONG NTAPI RtlLengthRequiredSid(IN ULONG SubAuthorityCount)
Definition: sid.c:54
_In_ PSID_IDENTIFIER_AUTHORITY _In_ UCHAR SubAuthorityCount
Definition: rtlfuncs.h:1515
NTSYSAPI ULONG NTAPI RtlLengthSid(IN PSID Sid)
Definition: sid.c:150
NTSYSAPI BOOLEAN NTAPI RtlValidSid(IN PSID Sid)
Definition: sid.c:21
_In_ ULONG _In_ ACCESS_MASK _In_ PSID Sid
Definition: rtlfuncs.h:1133
NTSYSAPI BOOLEAN NTAPI RtlEqualSid(_In_ PSID Sid1, _In_ PSID Sid2)
struct _TOKEN * PTOKEN
#define SE_GROUP_USE_FOR_DENY_ONLY
Definition: setypes.h:94
#define SE_GROUP_ENABLED
Definition: setypes.h:92
NTSYSAPI VOID NTAPI RtlFreeUnicodeString(PUNICODE_STRING UnicodeString)
NTSYSAPI NTSTATUS NTAPI RtlConvertSidToUnicodeString(OUT PUNICODE_STRING DestinationString, IN PVOID Sid, IN BOOLEAN AllocateDestinationString)
NTSYSAPI NTSTATUS NTAPI RtlInitializeSid(IN OUT PSID Sid, IN PSID_IDENTIFIER_AUTHORITY IdentifierAuthority, IN UCHAR SubAuthorityCount)
struct _KNOWN_OBJECT_ACE * PKNOWN_OBJECT_ACE
PSID SeLocalSystemSid
Definition: sid.c:38
VOID NTAPI SepReleaseSid(_In_ PSID CapturedSid, _In_ KPROCESSOR_MODE AccessMode, _In_ BOOLEAN CaptureIfKernel)
Releases a captured SID.
Definition: sid.c:400
struct _SID_VALIDATE SID_VALIDATE
SID_IDENTIFIER_AUTHORITY SeCreatorSidAuthority
Definition: sid.c:21
PSID SeAliasAccountOpsSid
Definition: sid.c:45
NTSTATUS NTAPI SepCaptureSid(_In_ PSID InputSid, _In_ KPROCESSOR_MODE AccessMode, _In_ POOL_TYPE PoolType, _In_ BOOLEAN CaptureIfKernel, _Out_ PSID *CapturedSid)
Captures a SID.
Definition: sid.c:314
PSID SeRestrictedSid
Definition: sid.c:50
VOID NTAPI SeReleaseSidAndAttributesArray(_In_ _Post_invalid_ PSID_AND_ATTRIBUTES CapturedSidAndAttributes, _In_ KPROCESSOR_MODE AccessMode, _In_ BOOLEAN CaptureIfKernel)
Releases a captured SID with attributes.
Definition: sid.c:976
BOOLEAN NTAPI SepSidInToken(_In_ PACCESS_TOKEN _Token, _In_ PSID Sid)
Checks if a SID is present in a token.
Definition: sid.c:547
SID_IDENTIFIER_AUTHORITY SeWorldSidAuthority
Definition: sid.c:19
PSID SeNetworkServiceSid
Definition: sid.c:53
PSID SeBatchSid
Definition: sid.c:34
PSID SeCreatorOwnerServerSid
Definition: sid.c:29
PSID SeAliasAdminsSid
Definition: sid.c:41
PSID SeAnonymousLogonSid
Definition: sid.c:51
PSID SeRestrictedCodeSid
Definition: sid.c:40
PSID SeAliasPowerUsersSid
Definition: sid.c:44
PSID SeInteractiveSid
Definition: sid.c:35
PSID SeWorldSid
Definition: sid.c:25
PSID SeAuthenticatedUserSid
Definition: sid.c:39
PSID SeServiceSid
Definition: sid.c:36
PSID SeNetworkSid
Definition: sid.c:33
BOOLEAN NTAPI SepInitSecurityIDs(VOID)
Initializes all the SIDs known in the system.
Definition: sid.c:115
PSID SeCreatorGroupSid
Definition: sid.c:28
PSID NTAPI SepGetSidFromAce(_In_ PACE Ace)
Captures a security identifier from a given access control entry. This identifier is valid for the wh...
Definition: sid.c:572
VOID NTAPI FreeInitializedSids(VOID)
Frees all the known initialized SIDs in the system from the memory.
Definition: sid.c:72
PSID SeNtAuthoritySid
Definition: sid.c:31
SID_IDENTIFIER_AUTHORITY SeNullSidAuthority
Definition: sid.c:18
PSID SeCreatorGroupServerSid
Definition: sid.c:30
SID_IDENTIFIER_AUTHORITY SeNtSidAuthority
Definition: sid.c:22
PSID SeLocalSid
Definition: sid.c:26
PSID SeDialupSid
Definition: sid.c:32
PSID SeCreatorOwnerSid
Definition: sid.c:27
SID_IDENTIFIER_AUTHORITY SeLocalSidAuthority
Definition: sid.c:20
PSID SeAliasUsersSid
Definition: sid.c:42
NTSTATUS NTAPI SeCaptureSidAndAttributesArray(_In_ PSID_AND_ATTRIBUTES SrcSidAndAttributes, _In_ ULONG AttributeCount, _In_ KPROCESSOR_MODE PreviousMode, _In_opt_ PVOID AllocatedMem, _In_ ULONG AllocatedLength, _In_ POOL_TYPE PoolType, _In_ BOOLEAN CaptureIfKernel, _Out_ PSID_AND_ATTRIBUTES *CapturedSidAndAttributes, _Out_ PULONG ResultLength)
Captures a SID with attributes.
Definition: sid.c:693
struct _SID_VALIDATE * PSID_VALIDATE
PSID SeAliasBackupOpsSid
Definition: sid.c:48
#define SE_MAXIMUM_GROUP_LIMIT
Definition: sid.c:16
PSID SeAuthenticatedUsersSid
Definition: sid.c:49
PSID SeAliasGuestsSid
Definition: sid.c:43
PSID SeAliasSystemOpsSid
Definition: sid.c:46
BOOLEAN NTAPI SepSidInTokenEx(_In_ PACCESS_TOKEN _Token, _In_ PSID PrincipalSelfSid, _In_ PSID _Sid, _In_ BOOLEAN Deny, _In_ BOOLEAN Restricted)
Checks if a SID is present in a token.
Definition: sid.c:443
PSID SeAliasPrintOpsSid
Definition: sid.c:47
PSID SePrincipalSelfSid
Definition: sid.c:37
PSID SeLocalServiceSid
Definition: sid.c:52
PSID SeNullSid
Definition: sid.c:24
#define STATUS_INVALID_SID
Definition: ntstatus.h:356
unsigned short USHORT
Definition: pedump.c:61
#define _SEH2_GetExceptionCode()
Definition: pseh2_64.h:159
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:34
#define _SEH2_VOLATILE
Definition: pseh2_64.h:163
#define _SEH2_YIELD(__stmt)
Definition: pseh2_64.h:162
#define STATUS_SUCCESS
Definition: shellext.h:65
#define STATUS_BUFFER_TOO_SMALL
Definition: shellext.h:69
Definition: rtltypes.h:993
Definition: se.h:15
PISID ProbeSid
Definition: sid.c:58
UCHAR SubAuthorityCount
Definition: sid.c:57
BYTE Revision
Definition: ms-dtyp.idl:199
BYTE SubAuthorityCount
Definition: ms-dtyp.idl:200
#define TAG_SID
Definition: tag.h:152
#define TAG_SID_VALIDATE
Definition: tag.h:166
#define TAG_SID_AND_ATTRIBUTES
Definition: tag.h:165
uint32_t * PULONG
Definition: typedefs.h:59
#define FIELD_OFFSET(t, f)
Definition: typedefs.h:255
INT POOL_TYPE
Definition: typedefs.h:78
#define NTAPI
Definition: typedefs.h:36
uint16_t * PUSHORT
Definition: typedefs.h:56
#define RtlCopyMemory(Destination, Source, Length)
Definition: typedefs.h:263
uint32_t ULONG_PTR
Definition: typedefs.h:65
unsigned char * PUCHAR
Definition: typedefs.h:53
uint32_t ULONG
Definition: typedefs.h:59
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
_Must_inspect_result_ _In_ WDFDEVICE _In_ DEVICE_REGISTRY_PROPERTY _In_ ULONG _Out_ PULONG ResultLength
Definition: wdfdevice.h:3776
_Must_inspect_result_ _In_ WDFDEVICE _In_ DEVICE_REGISTRY_PROPERTY _In_ _Strict_type_match_ POOL_TYPE PoolType
Definition: wdfdevice.h:3815
_In_ ULONG _Out_opt_ PULONG RequiredLength
Definition: wmifuncs.h:30
_Must_inspect_result_ _In_ ULONG Flags
Definition: wsk.h:170
#define POOL_RAISE_IF_ALLOCATION_FAILURE
CCHAR KPROCESSOR_MODE
Definition: ketypes.h:7
_In_ PEPROCESS _In_ KPROCESSOR_MODE AccessMode
Definition: mmfuncs.h:396
_In_ PSID _In_ PSID NewSid
Definition: rtlfuncs.h:2814
_In_ KPROCESSOR_MODE PreviousMode
Definition: sefuncs.h:103
#define SECURITY_ANONYMOUS_LOGON_RID
Definition: setypes.h:563
#define DOMAIN_ALIAS_RID_USERS
Definition: setypes.h:653
#define DOMAIN_ALIAS_RID_GUESTS
Definition: setypes.h:654
#define SECURITY_BUILTIN_DOMAIN_RID
Definition: setypes.h:581
#define SECURITY_LOCAL_SID_AUTHORITY
Definition: setypes.h:530
#define SECURITY_LOCAL_RID
Definition: setypes.h:542
#define SECURITY_DIALUP_RID
Definition: setypes.h:556
#define SECURITY_SERVICE_RID
Definition: setypes.h:562
#define ACE_INHERITED_OBJECT_TYPE_PRESENT
Definition: setypes.h:806
#define SECURITY_INTERACTIVE_RID
Definition: setypes.h:559
#define SECURITY_WORLD_SID_AUTHORITY
Definition: setypes.h:527
#define SECURITY_WORLD_RID
Definition: setypes.h:541
#define SECURITY_CREATOR_GROUP_SERVER_RID
Definition: setypes.h:548
#define DOMAIN_ALIAS_RID_SYSTEM_OPS
Definition: setypes.h:658
#define ACCESS_DENIED_OBJECT_ACE_TYPE
Definition: setypes.h:726
#define SYSTEM_AUDIT_ACE_TYPE
Definition: setypes.h:719
#define ACCESS_ALLOWED_ACE_TYPE
Definition: setypes.h:717
#define SECURITY_LOCAL_SYSTEM_RID
Definition: setypes.h:574
#define SECURITY_AUTHENTICATED_USER_RID
Definition: setypes.h:568
#define SECURITY_NULL_RID
Definition: setypes.h:540
#define DOMAIN_ALIAS_RID_ACCOUNT_OPS
Definition: setypes.h:657
#define SECURITY_RESTRICTED_CODE_RID
Definition: setypes.h:569
#define SECURITY_NT_AUTHORITY
Definition: setypes.h:554
#define SYSTEM_ALARM_ACE_TYPE
Definition: setypes.h:720
#define DOMAIN_ALIAS_RID_BACKUP_OPS
Definition: setypes.h:660
#define SECURITY_BATCH_RID
Definition: setypes.h:558
#define ACCESS_DENIED_ACE_TYPE
Definition: setypes.h:718
#define DOMAIN_ALIAS_RID_PRINT_OPS
Definition: setypes.h:659
#define SECURITY_CREATOR_OWNER_SERVER_RID
Definition: setypes.h:547
#define SECURITY_LOCAL_SERVICE_RID
Definition: setypes.h:575
#define SECURITY_PRINCIPAL_SELF_RID
Definition: setypes.h:567
#define SECURITY_CREATOR_OWNER_RID
Definition: setypes.h:545
#define DOMAIN_ALIAS_RID_POWER_USERS
Definition: setypes.h:655
struct _SID_AND_ATTRIBUTES SID_AND_ATTRIBUTES
#define ACE_OBJECT_TYPE_PRESENT
Definition: setypes.h:805
#define ACCESS_ALLOWED_OBJECT_ACE_TYPE
Definition: setypes.h:725
#define SECURITY_NULL_SID_AUTHORITY
Definition: setypes.h:524
struct _SID * PISID
#define SECURITY_NETWORK_RID
Definition: setypes.h:557
#define SECURITY_NETWORK_SERVICE_RID
Definition: setypes.h:576
#define DOMAIN_ALIAS_RID_ADMINS
Definition: setypes.h:652
#define SECURITY_CREATOR_SID_AUTHORITY
Definition: setypes.h:533
#define SECURITY_CREATOR_GROUP_RID
Definition: setypes.h:546
unsigned char UCHAR
Definition: xmlstorage.h:181