ReactOS  0.4.15-dev-3698-gce6da82
sid.c
Go to the documentation of this file.
1 /*
2  * PROJECT: ReactOS Kernel
3  * LICENSE: GPL-2.0-or-later (https://spdx.org/licenses/GPL-2.0-or-later)
4  * PURPOSE: Security Identifier (SID) implementation support and handling
5  * COPYRIGHT: Copyright David Welch <welch@cwcom.net>
6  */
7 
8 /* INCLUDES *******************************************************************/
9 
10 #include <ntoskrnl.h>
11 #define NDEBUG
12 #include <debug.h>
13 
14 /* GLOBALS ********************************************************************/
15 
16 #define SE_MAXIMUM_GROUP_LIMIT 0x1000
17 
18 SID_IDENTIFIER_AUTHORITY SeNullSidAuthority = {SECURITY_NULL_SID_AUTHORITY};
19 SID_IDENTIFIER_AUTHORITY SeWorldSidAuthority = {SECURITY_WORLD_SID_AUTHORITY};
20 SID_IDENTIFIER_AUTHORITY SeLocalSidAuthority = {SECURITY_LOCAL_SID_AUTHORITY};
21 SID_IDENTIFIER_AUTHORITY SeCreatorSidAuthority = {SECURITY_CREATOR_SID_AUTHORITY};
22 SID_IDENTIFIER_AUTHORITY SeNtSidAuthority = {SECURITY_NT_AUTHORITY};
23 
24 PSID SeNullSid = NULL;
25 PSID SeWorldSid = NULL;
26 PSID SeLocalSid = NULL;
27 PSID SeCreatorOwnerSid = NULL;
28 PSID SeCreatorGroupSid = NULL;
29 PSID SeCreatorOwnerServerSid = NULL;
30 PSID SeCreatorGroupServerSid = NULL;
31 PSID SeNtAuthoritySid = NULL;
32 PSID SeDialupSid = NULL;
33 PSID SeNetworkSid = NULL;
34 PSID SeBatchSid = NULL;
35 PSID SeInteractiveSid = NULL;
36 PSID SeServiceSid = NULL;
37 PSID SePrincipalSelfSid = NULL;
38 PSID SeLocalSystemSid = NULL;
39 PSID SeAuthenticatedUserSid = NULL;
40 PSID SeRestrictedCodeSid = NULL;
41 PSID SeAliasAdminsSid = NULL;
42 PSID SeAliasUsersSid = NULL;
43 PSID SeAliasGuestsSid = NULL;
44 PSID SeAliasPowerUsersSid = NULL;
45 PSID SeAliasAccountOpsSid = NULL;
46 PSID SeAliasSystemOpsSid = NULL;
47 PSID SeAliasPrintOpsSid = NULL;
48 PSID SeAliasBackupOpsSid = NULL;
49 PSID SeAuthenticatedUsersSid = NULL;
50 PSID SeRestrictedSid = NULL;
51 PSID SeAnonymousLogonSid = NULL;
52 PSID SeLocalServiceSid = NULL;
53 PSID SeNetworkServiceSid = NULL;
54 
55 typedef struct _SID_VALIDATE
56 {
57  UCHAR SubAuthorityCount;
58  PISID ProbeSid;
59 } SID_VALIDATE, *PSID_VALIDATE;
60 
61 /* FUNCTIONS ******************************************************************/
62 
70 VOID
71 NTAPI
72 FreeInitializedSids(VOID)
73 {
74  if (SeNullSid) ExFreePoolWithTag(SeNullSid, TAG_SID);
75  if (SeWorldSid) ExFreePoolWithTag(SeWorldSid, TAG_SID);
76  if (SeLocalSid) ExFreePoolWithTag(SeLocalSid, TAG_SID);
77  if (SeCreatorOwnerSid) ExFreePoolWithTag(SeCreatorOwnerSid, TAG_SID);
78  if (SeCreatorGroupSid) ExFreePoolWithTag(SeCreatorGroupSid, TAG_SID);
79  if (SeCreatorOwnerServerSid) ExFreePoolWithTag(SeCreatorOwnerServerSid, TAG_SID);
80  if (SeCreatorGroupServerSid) ExFreePoolWithTag(SeCreatorGroupServerSid, TAG_SID);
81  if (SeNtAuthoritySid) ExFreePoolWithTag(SeNtAuthoritySid, TAG_SID);
82  if (SeDialupSid) ExFreePoolWithTag(SeDialupSid, TAG_SID);
83  if (SeNetworkSid) ExFreePoolWithTag(SeNetworkSid, TAG_SID);
84  if (SeBatchSid) ExFreePoolWithTag(SeBatchSid, TAG_SID);
85  if (SeInteractiveSid) ExFreePoolWithTag(SeInteractiveSid, TAG_SID);
86  if (SeServiceSid) ExFreePoolWithTag(SeServiceSid, TAG_SID);
87  if (SePrincipalSelfSid) ExFreePoolWithTag(SePrincipalSelfSid, TAG_SID);
88  if (SeLocalSystemSid) ExFreePoolWithTag(SeLocalSystemSid, TAG_SID);
89  if (SeAuthenticatedUserSid) ExFreePoolWithTag(SeAuthenticatedUserSid, TAG_SID);
90  if (SeRestrictedCodeSid) ExFreePoolWithTag(SeRestrictedCodeSid, TAG_SID);
91  if (SeAliasAdminsSid) ExFreePoolWithTag(SeAliasAdminsSid, TAG_SID);
92  if (SeAliasUsersSid) ExFreePoolWithTag(SeAliasUsersSid, TAG_SID);
93  if (SeAliasGuestsSid) ExFreePoolWithTag(SeAliasGuestsSid, TAG_SID);
94  if (SeAliasPowerUsersSid) ExFreePoolWithTag(SeAliasPowerUsersSid, TAG_SID);
95  if (SeAliasAccountOpsSid) ExFreePoolWithTag(SeAliasAccountOpsSid, TAG_SID);
96  if (SeAliasSystemOpsSid) ExFreePoolWithTag(SeAliasSystemOpsSid, TAG_SID);
97  if (SeAliasPrintOpsSid) ExFreePoolWithTag(SeAliasPrintOpsSid, TAG_SID);
98  if (SeAliasBackupOpsSid) ExFreePoolWithTag(SeAliasBackupOpsSid, TAG_SID);
99  if (SeAuthenticatedUsersSid) ExFreePoolWithTag(SeAuthenticatedUsersSid, TAG_SID);
100  if (SeRestrictedSid) ExFreePoolWithTag(SeRestrictedSid, TAG_SID);
101  if (SeAnonymousLogonSid) ExFreePoolWithTag(SeAnonymousLogonSid, TAG_SID);
102 }
103 
112 CODE_SEG("INIT")
113 BOOLEAN
114 NTAPI
115 SepInitSecurityIDs(VOID)
116 {
117  ULONG SidLength0;
118  ULONG SidLength1;
119  ULONG SidLength2;
120  PULONG SubAuthority;
121 
122  SidLength0 = RtlLengthRequiredSid(0);
123  SidLength1 = RtlLengthRequiredSid(1);
124  SidLength2 = RtlLengthRequiredSid(2);
125 
126  /* create NullSid */
127  SeNullSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
128  SeWorldSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
129  SeLocalSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
130  SeCreatorOwnerSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
131  SeCreatorGroupSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
132  SeCreatorOwnerServerSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
133  SeCreatorGroupServerSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
134  SeNtAuthoritySid = ExAllocatePoolWithTag(PagedPool, SidLength0, TAG_SID);
135  SeDialupSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
136  SeNetworkSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
137  SeBatchSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
138  SeInteractiveSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
139  SeServiceSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
140  SePrincipalSelfSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
141  SeLocalSystemSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
142  SeAuthenticatedUserSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
143  SeRestrictedCodeSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
144  SeAliasAdminsSid = ExAllocatePoolWithTag(PagedPool, SidLength2, TAG_SID);
145  SeAliasUsersSid = ExAllocatePoolWithTag(PagedPool, SidLength2, TAG_SID);
146  SeAliasGuestsSid = ExAllocatePoolWithTag(PagedPool, SidLength2, TAG_SID);
147  SeAliasPowerUsersSid = ExAllocatePoolWithTag(PagedPool, SidLength2, TAG_SID);
148  SeAliasAccountOpsSid = ExAllocatePoolWithTag(PagedPool, SidLength2, TAG_SID);
149  SeAliasSystemOpsSid = ExAllocatePoolWithTag(PagedPool, SidLength2, TAG_SID);
150  SeAliasPrintOpsSid = ExAllocatePoolWithTag(PagedPool, SidLength2, TAG_SID);
151  SeAliasBackupOpsSid = ExAllocatePoolWithTag(PagedPool, SidLength2, TAG_SID);
152  SeAuthenticatedUsersSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
153  SeRestrictedSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
154  SeAnonymousLogonSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
155  SeLocalServiceSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
156  SeNetworkServiceSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
157 
158  if (SeNullSid == NULL || SeWorldSid == NULL ||
159  SeLocalSid == NULL || SeCreatorOwnerSid == NULL ||
160  SeCreatorGroupSid == NULL || SeCreatorOwnerServerSid == NULL ||
161  SeCreatorGroupServerSid == NULL || SeNtAuthoritySid == NULL ||
162  SeDialupSid == NULL || SeNetworkSid == NULL || SeBatchSid == NULL ||
163  SeInteractiveSid == NULL || SeServiceSid == NULL ||
164  SePrincipalSelfSid == NULL || SeLocalSystemSid == NULL ||
165  SeAuthenticatedUserSid == NULL || SeRestrictedCodeSid == NULL ||
166  SeAliasAdminsSid == NULL || SeAliasUsersSid == NULL ||
167  SeAliasGuestsSid == NULL || SeAliasPowerUsersSid == NULL ||
168  SeAliasAccountOpsSid == NULL || SeAliasSystemOpsSid == NULL ||
169  SeAliasPrintOpsSid == NULL || SeAliasBackupOpsSid == NULL ||
170  SeAuthenticatedUsersSid == NULL || SeRestrictedSid == NULL ||
171  SeAnonymousLogonSid == NULL || SeLocalServiceSid == NULL ||
172  SeNetworkServiceSid == NULL)
173  {
174  FreeInitializedSids();
175  return FALSE;
176  }
177 
178  RtlInitializeSid(SeNullSid, &SeNullSidAuthority, 1);
179  RtlInitializeSid(SeWorldSid, &SeWorldSidAuthority, 1);
180  RtlInitializeSid(SeLocalSid, &SeLocalSidAuthority, 1);
181  RtlInitializeSid(SeCreatorOwnerSid, &SeCreatorSidAuthority, 1);
182  RtlInitializeSid(SeCreatorGroupSid, &SeCreatorSidAuthority, 1);
183  RtlInitializeSid(SeCreatorOwnerServerSid, &SeCreatorSidAuthority, 1);
184  RtlInitializeSid(SeCreatorGroupServerSid, &SeCreatorSidAuthority, 1);
185  RtlInitializeSid(SeNtAuthoritySid, &SeNtSidAuthority, 0);
186  RtlInitializeSid(SeDialupSid, &SeNtSidAuthority, 1);
187  RtlInitializeSid(SeNetworkSid, &SeNtSidAuthority, 1);
188  RtlInitializeSid(SeBatchSid, &SeNtSidAuthority, 1);
189  RtlInitializeSid(SeInteractiveSid, &SeNtSidAuthority, 1);
190  RtlInitializeSid(SeServiceSid, &SeNtSidAuthority, 1);
191  RtlInitializeSid(SePrincipalSelfSid, &SeNtSidAuthority, 1);
192  RtlInitializeSid(SeLocalSystemSid, &SeNtSidAuthority, 1);
193  RtlInitializeSid(SeAuthenticatedUserSid, &SeNtSidAuthority, 1);
194  RtlInitializeSid(SeRestrictedCodeSid, &SeNtSidAuthority, 1);
195  RtlInitializeSid(SeAliasAdminsSid, &SeNtSidAuthority, 2);
196  RtlInitializeSid(SeAliasUsersSid, &SeNtSidAuthority, 2);
197  RtlInitializeSid(SeAliasGuestsSid, &SeNtSidAuthority, 2);
198  RtlInitializeSid(SeAliasPowerUsersSid, &SeNtSidAuthority, 2);
199  RtlInitializeSid(SeAliasAccountOpsSid, &SeNtSidAuthority, 2);
200  RtlInitializeSid(SeAliasSystemOpsSid, &SeNtSidAuthority, 2);
201  RtlInitializeSid(SeAliasPrintOpsSid, &SeNtSidAuthority, 2);
202  RtlInitializeSid(SeAliasBackupOpsSid, &SeNtSidAuthority, 2);
203  RtlInitializeSid(SeAuthenticatedUsersSid, &SeNtSidAuthority, 1);
204  RtlInitializeSid(SeRestrictedSid, &SeNtSidAuthority, 1);
205  RtlInitializeSid(SeAnonymousLogonSid, &SeNtSidAuthority, 1);
206  RtlInitializeSid(SeLocalServiceSid, &SeNtSidAuthority, 1);
207  RtlInitializeSid(SeNetworkServiceSid, &SeNtSidAuthority, 1);
208 
209  SubAuthority = RtlSubAuthoritySid(SeNullSid, 0);
210  *SubAuthority = SECURITY_NULL_RID;
211  SubAuthority = RtlSubAuthoritySid(SeWorldSid, 0);
212  *SubAuthority = SECURITY_WORLD_RID;
213  SubAuthority = RtlSubAuthoritySid(SeLocalSid, 0);
214  *SubAuthority = SECURITY_LOCAL_RID;
215  SubAuthority = RtlSubAuthoritySid(SeCreatorOwnerSid, 0);
216  *SubAuthority = SECURITY_CREATOR_OWNER_RID;
217  SubAuthority = RtlSubAuthoritySid(SeCreatorGroupSid, 0);
218  *SubAuthority = SECURITY_CREATOR_GROUP_RID;
219  SubAuthority = RtlSubAuthoritySid(SeCreatorOwnerServerSid, 0);
220  *SubAuthority = SECURITY_CREATOR_OWNER_SERVER_RID;
221  SubAuthority = RtlSubAuthoritySid(SeCreatorGroupServerSid, 0);
222  *SubAuthority = SECURITY_CREATOR_GROUP_SERVER_RID;
223  SubAuthority = RtlSubAuthoritySid(SeDialupSid, 0);
224  *SubAuthority = SECURITY_DIALUP_RID;
225  SubAuthority = RtlSubAuthoritySid(SeNetworkSid, 0);
226  *SubAuthority = SECURITY_NETWORK_RID;
227  SubAuthority = RtlSubAuthoritySid(SeBatchSid, 0);
228  *SubAuthority = SECURITY_BATCH_RID;
229  SubAuthority = RtlSubAuthoritySid(SeInteractiveSid, 0);
230  *SubAuthority = SECURITY_INTERACTIVE_RID;
231  SubAuthority = RtlSubAuthoritySid(SeServiceSid, 0);
232  *SubAuthority = SECURITY_SERVICE_RID;
233  SubAuthority = RtlSubAuthoritySid(SePrincipalSelfSid, 0);
234  *SubAuthority = SECURITY_PRINCIPAL_SELF_RID;
235  SubAuthority = RtlSubAuthoritySid(SeLocalSystemSid, 0);
236  *SubAuthority = SECURITY_LOCAL_SYSTEM_RID;
237  SubAuthority = RtlSubAuthoritySid(SeAuthenticatedUserSid, 0);
238  *SubAuthority = SECURITY_AUTHENTICATED_USER_RID;
239  SubAuthority = RtlSubAuthoritySid(SeRestrictedCodeSid, 0);
240  *SubAuthority = SECURITY_RESTRICTED_CODE_RID;
241  SubAuthority = RtlSubAuthoritySid(SeAliasAdminsSid, 0);
242  *SubAuthority = SECURITY_BUILTIN_DOMAIN_RID;
243  SubAuthority = RtlSubAuthoritySid(SeAliasAdminsSid, 1);
244  *SubAuthority = DOMAIN_ALIAS_RID_ADMINS;
245  SubAuthority = RtlSubAuthoritySid(SeAliasUsersSid, 0);
246  *SubAuthority = SECURITY_BUILTIN_DOMAIN_RID;
247  SubAuthority = RtlSubAuthoritySid(SeAliasUsersSid, 1);
248  *SubAuthority = DOMAIN_ALIAS_RID_USERS;
249  SubAuthority = RtlSubAuthoritySid(SeAliasGuestsSid, 0);
250  *SubAuthority = SECURITY_BUILTIN_DOMAIN_RID;
251  SubAuthority = RtlSubAuthoritySid(SeAliasGuestsSid, 1);
252  *SubAuthority = DOMAIN_ALIAS_RID_GUESTS;
253  SubAuthority = RtlSubAuthoritySid(SeAliasPowerUsersSid, 0);
254  *SubAuthority = SECURITY_BUILTIN_DOMAIN_RID;
255  SubAuthority = RtlSubAuthoritySid(SeAliasPowerUsersSid, 1);
256  *SubAuthority = DOMAIN_ALIAS_RID_POWER_USERS;
257  SubAuthority = RtlSubAuthoritySid(SeAliasAccountOpsSid, 0);
258  *SubAuthority = SECURITY_BUILTIN_DOMAIN_RID;
259  SubAuthority = RtlSubAuthoritySid(SeAliasAccountOpsSid, 1);
260  *SubAuthority = DOMAIN_ALIAS_RID_ACCOUNT_OPS;
261  SubAuthority = RtlSubAuthoritySid(SeAliasSystemOpsSid, 0);
262  *SubAuthority = SECURITY_BUILTIN_DOMAIN_RID;
263  SubAuthority = RtlSubAuthoritySid(SeAliasSystemOpsSid, 1);
264  *SubAuthority = DOMAIN_ALIAS_RID_SYSTEM_OPS;
265  SubAuthority = RtlSubAuthoritySid(SeAliasPrintOpsSid, 0);
266  *SubAuthority = SECURITY_BUILTIN_DOMAIN_RID;
267  SubAuthority = RtlSubAuthoritySid(SeAliasPrintOpsSid, 1);
268  *SubAuthority = DOMAIN_ALIAS_RID_PRINT_OPS;
269  SubAuthority = RtlSubAuthoritySid(SeAliasBackupOpsSid, 0);
270  *SubAuthority = SECURITY_BUILTIN_DOMAIN_RID;
271  SubAuthority = RtlSubAuthoritySid(SeAliasBackupOpsSid, 1);
272  *SubAuthority = DOMAIN_ALIAS_RID_BACKUP_OPS;
273  SubAuthority = RtlSubAuthoritySid(SeAuthenticatedUsersSid, 0);
274  *SubAuthority = SECURITY_AUTHENTICATED_USER_RID;
275  SubAuthority = RtlSubAuthoritySid(SeRestrictedSid, 0);
276  *SubAuthority = SECURITY_RESTRICTED_CODE_RID;
277  SubAuthority = RtlSubAuthoritySid(SeAnonymousLogonSid, 0);
278  *SubAuthority = SECURITY_ANONYMOUS_LOGON_RID;
279  SubAuthority = RtlSubAuthoritySid(SeLocalServiceSid, 0);
280  *SubAuthority = SECURITY_LOCAL_SERVICE_RID;
281  SubAuthority = RtlSubAuthoritySid(SeNetworkServiceSid, 0);
282  *SubAuthority = SECURITY_NETWORK_SERVICE_RID;
283 
284  return TRUE;
285 }
286 
312 NTSTATUS
313 NTAPI
314 SepCaptureSid(
315  _In_ PSID InputSid,
316  _In_ KPROCESSOR_MODE AccessMode,
317  _In_ POOL_TYPE PoolType,
318  _In_ BOOLEAN CaptureIfKernel,
319  _Out_ PSID *CapturedSid)
320 {
321  ULONG SidSize = 0;
322  PISID NewSid, Sid = (PISID)InputSid;
323 
324  PAGED_CODE();
325 
326  if (AccessMode != KernelMode)
327  {
328  _SEH2_TRY
329  {
330  ProbeForRead(Sid, FIELD_OFFSET(SID, SubAuthority), sizeof(UCHAR));
331  SidSize = RtlLengthRequiredSid(Sid->SubAuthorityCount);
332  ProbeForRead(Sid, SidSize, sizeof(UCHAR));
333  }
334  _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
335  {
336  /* Return the exception code */
337  _SEH2_YIELD(return _SEH2_GetExceptionCode());
338  }
339  _SEH2_END;
340 
341  /* Allocate a SID and copy it */
342  NewSid = ExAllocatePoolWithTag(PoolType, SidSize, TAG_SID);
343  if (!NewSid)
344  return STATUS_INSUFFICIENT_RESOURCES;
345 
346  _SEH2_TRY
347  {
348  RtlCopyMemory(NewSid, Sid, SidSize);
349 
350  *CapturedSid = NewSid;
351  }
352  _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
353  {
354  /* Free the SID and return the exception code */
355  ExFreePoolWithTag(NewSid, TAG_SID);
356  _SEH2_YIELD(return _SEH2_GetExceptionCode());
357  }
358  _SEH2_END;
359  }
360  else if (!CaptureIfKernel)
361  {
362  *CapturedSid = InputSid;
363  }
364  else
365  {
366  SidSize = RtlLengthRequiredSid(Sid->SubAuthorityCount);
367 
368  /* Allocate a SID and copy it */
369  NewSid = ExAllocatePoolWithTag(PoolType, SidSize, TAG_SID);
370  if (NewSid == NULL)
371  return STATUS_INSUFFICIENT_RESOURCES;
372 
373  RtlCopyMemory(NewSid, Sid, SidSize);
374 
375  *CapturedSid = NewSid;
376  }
377 
378  return STATUS_SUCCESS;
379 }
380 
398 VOID
399 NTAPI
400 SepReleaseSid(
401  _In_ PSID CapturedSid,
402  _In_ KPROCESSOR_MODE AccessMode,
403  _In_ BOOLEAN CaptureIfKernel)
404 {
405  PAGED_CODE();
406 
407  if (CapturedSid != NULL &&
408  (AccessMode != KernelMode ||
409  (AccessMode == KernelMode && CaptureIfKernel)))
410  {
411  ExFreePoolWithTag(CapturedSid, TAG_SID);
412  }
413 }
414 
483 NTSTATUS
484 NTAPI
485 SeCaptureSidAndAttributesArray(
486  _In_ PSID_AND_ATTRIBUTES SrcSidAndAttributes,
487  _In_ ULONG AttributeCount,
488  _In_ KPROCESSOR_MODE PreviousMode,
489  _In_opt_ PVOID AllocatedMem,
490  _In_ ULONG AllocatedLength,
491  _In_ POOL_TYPE PoolType,
492  _In_ BOOLEAN CaptureIfKernel,
493  _Out_ PSID_AND_ATTRIBUTES *CapturedSidAndAttributes,
494  _Out_ PULONG ResultLength)
495 {
496  ULONG ArraySize, RequiredLength, SidLength, i;
497  ULONG TempArrayValidate, TempLengthValidate;
498  PSID_AND_ATTRIBUTES SidAndAttributes;
499  _SEH2_VOLATILE PSID_VALIDATE ValidateArray;
500  PUCHAR CurrentDest;
501  PISID Sid;
502  NTSTATUS Status;
503  PAGED_CODE();
504 
505  ValidateArray = NULL;
506  SidAndAttributes = NULL;
507  *CapturedSidAndAttributes = NULL;
508  *ResultLength = 0;
509 
510  if (AttributeCount == 0)
511  {
512  return STATUS_SUCCESS;
513  }
514 
515  if (AttributeCount > SE_MAXIMUM_GROUP_LIMIT)
516  {
517  DPRINT1("SeCaptureSidAndAttributesArray(): Maximum group limit exceeded!\n");
518  return STATUS_INVALID_PARAMETER;
519  }
520 
521  if ((PreviousMode == KernelMode) && !CaptureIfKernel)
522  {
523  *CapturedSidAndAttributes = SrcSidAndAttributes;
524  return STATUS_SUCCESS;
525  }
526 
527  ArraySize = AttributeCount * sizeof(SID_AND_ATTRIBUTES);
528  RequiredLength = ALIGN_UP_BY(ArraySize, sizeof(ULONG));
529 
530  if (PreviousMode != KernelMode)
531  {
532  /* Check for user mode data */
533  _SEH2_TRY
534  {
535  /* First probe the whole array */
536  ProbeForRead(SrcSidAndAttributes, ArraySize, sizeof(ULONG));
537 
538  /* We're in user mode, set up the size for the temporary array */
539  TempArrayValidate = AttributeCount * sizeof(SID_VALIDATE);
540  TempLengthValidate = ALIGN_UP_BY(TempArrayValidate, sizeof(ULONG));
541 
542  /*
543  * Allocate a buffer for the array that we're going to
544  * temporarily hold the subauthority count and the SID
545  * elements. We'll be going to use this array to perform
546  * validation checks later.
547  */
548  ValidateArray = ExAllocatePoolWithTag(PoolType | POOL_RAISE_IF_ALLOCATION_FAILURE,
549  TempLengthValidate,
550  TAG_SID_VALIDATE);
551 
552  /* Loop the array elements */
553  for (i = 0; i < AttributeCount; i++)
554  {
555  /* Get the SID and probe the minimal structure */
556  Sid = SrcSidAndAttributes[i].Sid;
557  ProbeForRead(Sid, sizeof(*Sid), sizeof(ULONG));
558 
559  /*
560  * Capture the subauthority count and hold it
561  * into the temporary array for later validation.
562  * This way we ensure that the said count of each
563  * SID has remained the same.
564  */
565  ValidateArray[i].SubAuthorityCount = Sid->SubAuthorityCount;
566 
567  /* Capture the SID */
568  ValidateArray[i].ProbeSid = Sid;
569 
570  /* Calculate the SID length and probe the full SID */
571  SidLength = RtlLengthRequiredSid(ValidateArray[i].SubAuthorityCount);
572  ProbeForRead(ValidateArray[i].ProbeSid, SidLength, sizeof(ULONG));
573 
574  /* Add the aligned length to the required length */
575  RequiredLength += ALIGN_UP_BY(SidLength, sizeof(ULONG));
576  }
577  }
578  _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
579  {
580  Status = _SEH2_GetExceptionCode();
581  _SEH2_YIELD(goto Cleanup);
582  }
583  _SEH2_END;
584  }
585  else
586  {
587  /* Loop the array elements */
588  for (i = 0; i < AttributeCount; i++)
589  {
590  /* Get the SID and it's length */
591  Sid = SrcSidAndAttributes[i].Sid;
592  SidLength = RtlLengthRequiredSid(Sid->SubAuthorityCount);
593 
594  /* Add the aligned length to the required length */
595  RequiredLength += ALIGN_UP_BY(SidLength, sizeof(ULONG));
596  }
597  }
598 
599  /* Assume success */
600  Status = STATUS_SUCCESS;
601  *ResultLength = RequiredLength;
602 
603  /* Check if we have no buffer */
604  if (AllocatedMem == NULL)
605  {
606  /* Allocate a new buffer */
607  SidAndAttributes = ExAllocatePoolWithTag(PoolType,
608  RequiredLength,
609  TAG_SID_AND_ATTRIBUTES);
610  if (SidAndAttributes == NULL)
611  {
612  DPRINT1("SeCaptureSidAndAttributesArray(): Failed to allocate memory for SID and attributes array (requested size -> %lu)!\n", RequiredLength);
613  Status = STATUS_INSUFFICIENT_RESOURCES;
614  goto Cleanup;
615  }
616  }
617  /* Otherwise check if the buffer is large enough */
618  else if (AllocatedLength >= RequiredLength)
619  {
620  /* Buffer is large enough, use it */
621  SidAndAttributes = AllocatedMem;
622  }
623  else
624  {
625  /* Buffer is too small, fail */
626  DPRINT1("SeCaptureSidAndAttributesArray(): The provided buffer is small (expected size -> %lu || current size -> %lu)!\n", RequiredLength, AllocatedLength);
627  Status = STATUS_BUFFER_TOO_SMALL;
628  goto Cleanup;
629  }
630 
631  *CapturedSidAndAttributes = SidAndAttributes;
632 
633  /* Check again for user mode */
634  if (PreviousMode != KernelMode)
635  {
636  _SEH2_TRY
637  {
638  /* The rest of the data starts after the array */
639  CurrentDest = (PUCHAR)SidAndAttributes;
640  CurrentDest += ALIGN_UP_BY(ArraySize, sizeof(ULONG));
641 
642  /* Loop the array elements */
643  for (i = 0; i < AttributeCount; i++)
644  {
645  /*
646  * Get the SID length from the subauthority
647  * count we've captured before.
648  */
649  SidLength = RtlLengthRequiredSid(ValidateArray[i].SubAuthorityCount);
650 
651  /* Copy attributes */
652  SidAndAttributes[i].Attributes = SrcSidAndAttributes[i].Attributes;
653 
654  /* Copy the SID to the current destination address */
655  SidAndAttributes[i].Sid = (PSID)CurrentDest;
656  RtlCopyMemory(CurrentDest, ValidateArray[i].ProbeSid, SidLength);
657 
658  /* Obtain the SID we've captured before for validation */
659  Sid = SidAndAttributes[i].Sid;
660 
661  /* Validate that the subauthority count hasn't changed */
662  if (ValidateArray[i].SubAuthorityCount !=
663  Sid->SubAuthorityCount)
664  {
665  /* It's changed, bail out */
666  DPRINT1("SeCaptureSidAndAttributesArray(): The subauthority counts have changed (captured count -> %u || current count -> %u)\n",
667  ValidateArray[i].SubAuthorityCount, Sid->SubAuthorityCount);
668  Status = STATUS_INVALID_SID;
669  goto Cleanup;
670  }
671 
672  /* Validate that the SID length is the same */
673  if (SidLength != RtlLengthSid(Sid))
674  {
675  /* They're no longer the same, bail out */
676  DPRINT1("SeCaptureSidAndAttributesArray(): The SID lengths have changed (captured length -> %lu || current length -> %lu)\n",
677  SidLength, RtlLengthSid(Sid));
678  Status = STATUS_INVALID_SID;
679  goto Cleanup;
680  }
681 
682  /* Check that the SID is valid */
683  if (!RtlValidSid(Sid))
684  {
685  DPRINT1("SeCaptureSidAndAttributesArray(): The SID is not valid!\n");
686  Status = STATUS_INVALID_SID;
687  goto Cleanup;
688  }
689 
690  /* Update the current destination address */
691  CurrentDest += ALIGN_UP_BY(SidLength, sizeof(ULONG));
692  }
693  }
694  _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
695  {
696  Status = _SEH2_GetExceptionCode();
697  }
698  _SEH2_END;
699  }
700  else
701  {
702  /* The rest of the data starts after the array */
703  CurrentDest = (PUCHAR)SidAndAttributes;
704  CurrentDest += ALIGN_UP_BY(ArraySize, sizeof(ULONG));
705 
706  /* Loop the array elements */
707  for (i = 0; i < AttributeCount; i++)
708  {
709  /* Get the SID and it's length */
710  Sid = SrcSidAndAttributes[i].Sid;
711  SidLength = RtlLengthRequiredSid(Sid->SubAuthorityCount);
712 
713  /* Copy attributes */
714  SidAndAttributes[i].Attributes = SrcSidAndAttributes[i].Attributes;
715 
716  /* Copy the SID to the current destination address */
717  SidAndAttributes[i].Sid = (PSID)CurrentDest;
718  RtlCopyMemory(CurrentDest, SrcSidAndAttributes[i].Sid, SidLength);
719 
720  /* Update the current destination address */
721  CurrentDest += ALIGN_UP_BY(SidLength, sizeof(ULONG));
722  }
723  }
724 
725 Cleanup:
726  /* Check for failure */
727  if (!NT_SUCCESS(Status))
728  {
729  /* Check if we allocated a new array */
730  if ((SidAndAttributes != AllocatedMem) && (SidAndAttributes != NULL))
731  {
732  /* Free the array */
733  ExFreePoolWithTag(SidAndAttributes, TAG_SID_AND_ATTRIBUTES);
734  }
735 
736  /* Set returned address to NULL */
737  *CapturedSidAndAttributes = NULL;
738  }
739 
740  /* Free the temporary validation array */
741  if ((PreviousMode != KernelMode) && (ValidateArray != NULL))
742  {
743  ExFreePoolWithTag(ValidateArray, TAG_SID_VALIDATE);
744  }
745 
746  return Status;
747 }
748 
766 VOID
767 NTAPI
768 SeReleaseSidAndAttributesArray(
769  _In_ _Post_invalid_ PSID_AND_ATTRIBUTES CapturedSidAndAttributes,
770  _In_ KPROCESSOR_MODE AccessMode,
771  _In_ BOOLEAN CaptureIfKernel)
772 {
773  PAGED_CODE();
774 
775  if ((CapturedSidAndAttributes != NULL) &&
776  ((AccessMode != KernelMode) || CaptureIfKernel))
777  {
778  ExFreePoolWithTag(CapturedSidAndAttributes, TAG_SID_AND_ATTRIBUTES);
779  }
780 }
781 
782 /* EOF */
SeLocalServiceSid
PSID SeLocalServiceSid
Definition: sid.c:52
SECURITY_BATCH_RID
#define SECURITY_BATCH_RID
Definition: setypes.h:558
SE_MAXIMUM_GROUP_LIMIT
#define SE_MAXIMUM_GROUP_LIMIT
Definition: sid.c:16
SECURITY_AUTHENTICATED_USER_RID
#define SECURITY_AUTHENTICATED_USER_RID
Definition: setypes.h:568
SECURITY_LOCAL_SYSTEM_RID
#define SECURITY_LOCAL_SYSTEM_RID
Definition: setypes.h:574
TAG_SID_AND_ATTRIBUTES
#define TAG_SID_AND_ATTRIBUTES
Definition: tag.h:160
DOMAIN_ALIAS_RID_GUESTS
#define DOMAIN_ALIAS_RID_GUESTS
Definition: setypes.h:654
SeAliasPrintOpsSid
PSID SeAliasPrintOpsSid
Definition: sid.c:47
STATUS_INSUFFICIENT_RESOURCES
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
_SID_AND_ATTRIBUTES::Sid
PSID Sid
Definition: setypes.h:506
_In_opt_
#define _In_opt_
Definition: ms_sal.h:309
FreeInitializedSids
VOID NTAPI FreeInitializedSids(VOID)
Frees all the known initialized SIDs in the system from the memory.
Definition: sid.c:72
_SID
Definition: ms-dtyp.idl:198
SeAnonymousLogonSid
PSID SeAnonymousLogonSid
Definition: sid.c:51
_Out_
#define _Out_
Definition: ms_sal.h:345
SeBatchSid
PSID SeBatchSid
Definition: sid.c:34
TRUE
#define TRUE
Definition: types.h:120
_SID_VALIDATE
Definition: sid.c:55
STATUS_INVALID_PARAMETER
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135
SeLocalSystemSid
PSID SeLocalSystemSid
Definition: sid.c:38
SeAliasAdminsSid
PSID SeAliasAdminsSid
Definition: sid.c:41
DOMAIN_ALIAS_RID_ACCOUNT_OPS
#define DOMAIN_ALIAS_RID_ACCOUNT_OPS
Definition: setypes.h:657
SeDialupSid
PSID SeDialupSid
Definition: sid.c:32
SECURITY_DIALUP_RID
#define SECURITY_DIALUP_RID
Definition: setypes.h:556
PUCHAR
unsigned char * PUCHAR
Definition: retypes.h:3
NTSTATUS
LONG NTSTATUS
Definition: precomp.h:26
SeReleaseSidAndAttributesArray
VOID NTAPI SeReleaseSidAndAttributesArray(_In_ _Post_invalid_ PSID_AND_ATTRIBUTES CapturedSidAndAttributes, _In_ KPROCESSOR_MODE AccessMode, _In_ BOOLEAN CaptureIfKernel)
Releases a captured SID with attributes.
Definition: sid.c:768
SECURITY_NETWORK_RID
#define SECURITY_NETWORK_RID
Definition: setypes.h:557
TAG_SID
#define TAG_SID
Definition: sid.c:15
DOMAIN_ALIAS_RID_POWER_USERS
#define DOMAIN_ALIAS_RID_POWER_USERS
Definition: setypes.h:655
SECURITY_INTERACTIVE_RID
#define SECURITY_INTERACTIVE_RID
Definition: setypes.h:559
SECURITY_NULL_SID_AUTHORITY
#define SECURITY_NULL_SID_AUTHORITY
Definition: setypes.h:524
SeAliasBackupOpsSid
PSID SeAliasBackupOpsSid
Definition: sid.c:48
_SID_VALIDATE::ProbeSid
PISID ProbeSid
Definition: sid.c:58
STATUS_BUFFER_TOO_SMALL
#define STATUS_BUFFER_TOO_SMALL
Definition: shellext.h:69
_SEH2_TRY
_SEH2_TRY
Definition: create.c:4226
SePrincipalSelfSid
PSID SePrincipalSelfSid
Definition: sid.c:37
RtlSubAuthoritySid
PULONG NTAPI RtlSubAuthoritySid(IN PSID Sid_, IN ULONG SubAuthority)
Definition: sid.c:89
SECURITY_PRINCIPAL_SELF_RID
#define SECURITY_PRINCIPAL_SELF_RID
Definition: setypes.h:567
SeCreatorOwnerServerSid
PSID SeCreatorOwnerServerSid
Definition: sid.c:29
NTAPI
NTSTATUS(* NTAPI)(IN PFILE_FULL_EA_INFORMATION EaBuffer, IN ULONG EaLength, OUT PULONG ErrorOffset)
Definition: IoEaTest.cpp:117
FALSE
#define FALSE
Definition: types.h:117
SepCaptureSid
NTSTATUS NTAPI SepCaptureSid(_In_ PSID InputSid, _In_ KPROCESSOR_MODE AccessMode, _In_ POOL_TYPE PoolType, _In_ BOOLEAN CaptureIfKernel, _Out_ PSID *CapturedSid)
Captures a SID.
Definition: sid.c:314
SID_VALIDATE
struct _SID_VALIDATE SID_VALIDATE
SeCreatorSidAuthority
SID_IDENTIFIER_AUTHORITY SeCreatorSidAuthority
Definition: sid.c:21
SECURITY_LOCAL_SID_AUTHORITY
#define SECURITY_LOCAL_SID_AUTHORITY
Definition: setypes.h:530
PISID
struct _SID * PISID
SepInitSecurityIDs
BOOLEAN NTAPI SepInitSecurityIDs(VOID)
Initializes all the SIDs known in the system.
Definition: sid.c:115
AccessMode
_In_ PEPROCESS _In_ KPROCESSOR_MODE AccessMode
Definition: mmfuncs.h:395
BOOLEAN
unsigned char BOOLEAN
Definition: ProcessorBind.h:185
RtlLengthSid
ULONG NTAPI RtlLengthSid(IN PSID Sid_)
Definition: sid.c:150
_In_
#define _In_
Definition: ms_sal.h:308
Sid
_In_ ULONG _In_ ACCESS_MASK _In_ PSID Sid
Definition: rtlfuncs.h:1103
STATUS_INVALID_SID
#define STATUS_INVALID_SID
Definition: ntstatus.h:356
SECURITY_LOCAL_SERVICE_RID
#define SECURITY_LOCAL_SERVICE_RID
Definition: setypes.h:575
SECURITY_NT_AUTHORITY
#define SECURITY_NT_AUTHORITY
Definition: setypes.h:554
RtlValidSid
BOOLEAN NTAPI RtlValidSid(IN PSID Sid_)
Definition: sid.c:21
Status
Status
Definition: gdiplustypes.h:24
PreviousMode
_In_ KPROCESSOR_MODE PreviousMode
Definition: sefuncs.h:103
PSID_VALIDATE
struct _SID_VALIDATE * PSID_VALIDATE
SECURITY_CREATOR_GROUP_SERVER_RID
#define SECURITY_CREATOR_GROUP_SERVER_RID
Definition: setypes.h:548
SECURITY_BUILTIN_DOMAIN_RID
#define SECURITY_BUILTIN_DOMAIN_RID
Definition: setypes.h:581
NT_SUCCESS
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
DOMAIN_ALIAS_RID_BACKUP_OPS
#define DOMAIN_ALIAS_RID_BACKUP_OPS
Definition: setypes.h:660
SECURITY_WORLD_SID_AUTHORITY
#define SECURITY_WORLD_SID_AUTHORITY
Definition: setypes.h:527
POOL_TYPE
INT POOL_TYPE
Definition: typedefs.h:78
SeServiceSid
PSID SeServiceSid
Definition: sid.c:36
EXCEPTION_EXECUTE_HANDLER
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:85
_SID_AND_ATTRIBUTES
Definition: setypes.h:502
SID_AND_ATTRIBUTES
struct _SID_AND_ATTRIBUTES SID_AND_ATTRIBUTES
TAG_SID_VALIDATE
#define TAG_SID_VALIDATE
Definition: tag.h:161
DOMAIN_ALIAS_RID_SYSTEM_OPS
#define DOMAIN_ALIAS_RID_SYSTEM_OPS
Definition: setypes.h:658
SECURITY_LOCAL_RID
#define SECURITY_LOCAL_RID
Definition: setypes.h:542
SeWorldSidAuthority
SID_IDENTIFIER_AUTHORITY SeWorldSidAuthority
Definition: sid.c:19
KPROCESSOR_MODE
CCHAR KPROCESSOR_MODE
Definition: ketypes.h:7
SECURITY_WORLD_RID
#define SECURITY_WORLD_RID
Definition: setypes.h:541
SeCaptureSidAndAttributesArray
NTSTATUS NTAPI SeCaptureSidAndAttributesArray(_In_ PSID_AND_ATTRIBUTES SrcSidAndAttributes, _In_ ULONG AttributeCount, _In_ KPROCESSOR_MODE PreviousMode, _In_opt_ PVOID AllocatedMem, _In_ ULONG AllocatedLength, _In_ POOL_TYPE PoolType, _In_ BOOLEAN CaptureIfKernel, _Out_ PSID_AND_ATTRIBUTES *CapturedSidAndAttributes, _Out_ PULONG ResultLength)
Captures a SID with attributes.
Definition: sid.c:485
SECURITY_ANONYMOUS_LOGON_RID
#define SECURITY_ANONYMOUS_LOGON_RID
Definition: setypes.h:563
SeAliasUsersSid
PSID SeAliasUsersSid
Definition: sid.c:42
SeAliasGuestsSid
PSID SeAliasGuestsSid
Definition: sid.c:43
PSID
struct _SID * PSID
Definition: eventlog.c:35
SECURITY_CREATOR_OWNER_RID
#define SECURITY_CREATOR_OWNER_RID
Definition: setypes.h:545
ExAllocatePoolWithTag
#define ExAllocatePoolWithTag(hernya, size, tag)
Definition: env_spec_w32.h:350
SECURITY_NULL_RID
#define SECURITY_NULL_RID
Definition: setypes.h:540
SepReleaseSid
VOID NTAPI SepReleaseSid(_In_ PSID CapturedSid, _In_ KPROCESSOR_MODE AccessMode, _In_ BOOLEAN CaptureIfKernel)
Releases a captured SID.
Definition: sid.c:400
UCHAR
unsigned char UCHAR
Definition: xmlstorage.h:181
SeAuthenticatedUserSid
PSID SeAuthenticatedUserSid
Definition: sid.c:39
ProbeForRead
VOID NTAPI ProbeForRead(IN CONST VOID *Address, IN SIZE_T Length, IN ULONG Alignment)
Definition: exintrin.c:102
SeWorldSid
PSID SeWorldSid
Definition: sid.c:25
RtlLengthRequiredSid
ULONG NTAPI RtlLengthRequiredSid(IN ULONG SubAuthorityCount)
Definition: sid.c:54
SeLocalSid
PSID SeLocalSid
Definition: sid.c:26
_SID_IDENTIFIER_AUTHORITY
Definition: ms-dtyp.idl:194
SeAuthenticatedUsersSid
PSID SeAuthenticatedUsersSid
Definition: sid.c:49
SubAuthorityCount
_In_ PSID_IDENTIFIER_AUTHORITY _In_ UCHAR SubAuthorityCount
Definition: rtlfuncs.h:1486
Cleanup
static const WCHAR Cleanup[]
Definition: register.c:80
SeAliasPowerUsersSid
PSID SeAliasPowerUsersSid
Definition: sid.c:44
_Post_invalid_
#define _Post_invalid_
Definition: ms_sal.h:695
SECURITY_NETWORK_SERVICE_RID
#define SECURITY_NETWORK_SERVICE_RID
Definition: setypes.h:576
_SEH2_VOLATILE
#define _SEH2_VOLATILE
Definition: pseh2_64.h:169
SeNetworkSid
PSID SeNetworkSid
Definition: sid.c:33
SeNullSidAuthority
SID_IDENTIFIER_AUTHORITY SeNullSidAuthority
Definition: sid.c:18
SECURITY_CREATOR_GROUP_RID
#define SECURITY_CREATOR_GROUP_RID
Definition: setypes.h:546
_SEH2_END
_SEH2_END
Definition: create.c:4400
i
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
RtlInitializeSid
NTSTATUS NTAPI RtlInitializeSid(IN PSID Sid_, IN PSID_IDENTIFIER_AUTHORITY IdentifierAuthority, IN UCHAR SubAuthorityCount)
Definition: sid.c:68
DOMAIN_ALIAS_RID_USERS
#define DOMAIN_ALIAS_RID_USERS
Definition: setypes.h:653
_SID_AND_ATTRIBUTES::Attributes
$ULONG Attributes
Definition: setypes.h:508
FIELD_OFFSET
#define FIELD_OFFSET(t, f)
Definition: typedefs.h:255
RequiredLength
_In_ ULONG _Out_opt_ PULONG RequiredLength
Definition: wmifuncs.h:29
_SID::SubAuthorityCount
BYTE SubAuthorityCount
Definition: ms-dtyp.idl:200
PULONG
unsigned int * PULONG
Definition: retypes.h:1
SECURITY_RESTRICTED_CODE_RID
#define SECURITY_RESTRICTED_CODE_RID
Definition: setypes.h:569
NULL
#define NULL
Definition: types.h:112
SeCreatorGroupSid
PSID SeCreatorGroupSid
Definition: sid.c:28
SeRestrictedSid
PSID SeRestrictedSid
Definition: sid.c:50
SeCreatorGroupServerSid
PSID SeCreatorGroupServerSid
Definition: sid.c:30
SeNetworkServiceSid
PSID SeNetworkServiceSid
Definition: sid.c:53
DPRINT1
#define DPRINT1
Definition: precomp.h:8
SECURITY_CREATOR_OWNER_SERVER_RID
#define SECURITY_CREATOR_OWNER_SERVER_RID
Definition: setypes.h:547
SeRestrictedCodeSid
PSID SeRestrictedCodeSid
Definition: sid.c:40
DOMAIN_ALIAS_RID_PRINT_OPS
#define DOMAIN_ALIAS_RID_PRINT_OPS
Definition: setypes.h:659
SECURITY_SERVICE_RID
#define SECURITY_SERVICE_RID
Definition: setypes.h:562
PoolType
_Must_inspect_result_ _In_ WDFDEVICE _In_ DEVICE_REGISTRY_PROPERTY _In_ _Strict_type_match_ POOL_TYPE PoolType
Definition: wdfdevice.h:3810
ULONG
unsigned int ULONG
Definition: retypes.h:1
_SID_VALIDATE::SubAuthorityCount
UCHAR SubAuthorityCount
Definition: sid.c:57
ALIGN_UP_BY
#define ALIGN_UP_BY(size, align)
Definition: GetWindowPlacement.c:13
SeLocalSidAuthority
SID_IDENTIFIER_AUTHORITY SeLocalSidAuthority
Definition: sid.c:20
RtlCopyMemory
#define RtlCopyMemory(Destination, Source, Length)
Definition: typedefs.h:263
ResultLength
_Must_inspect_result_ _In_ WDFDEVICE _In_ DEVICE_REGISTRY_PROPERTY _In_ ULONG _Out_ PULONG ResultLength
Definition: wdfdevice.h:3776
_SEH2_EXCEPT
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:40
SeCreatorOwnerSid
PSID SeCreatorOwnerSid
Definition: sid.c:27
SeAliasSystemOpsSid
PSID SeAliasSystemOpsSid
Definition: sid.c:46
POOL_RAISE_IF_ALLOCATION_FAILURE
#define POOL_RAISE_IF_ALLOCATION_FAILURE
STATUS_SUCCESS
#define STATUS_SUCCESS
Definition: shellext.h:65
_SEH2_GetExceptionCode
#define _SEH2_GetExceptionCode()
Definition: pseh2_64.h:165
SeInteractiveSid
PSID SeInteractiveSid
Definition: sid.c:35
_SEH2_YIELD
#define _SEH2_YIELD(__stmt)
Definition: pseh2_64.h:168
SeNullSid
PSID SeNullSid
Definition: sid.c:24
SeNtSidAuthority
SID_IDENTIFIER_AUTHORITY SeNtSidAuthority
Definition: sid.c:22
ExFreePoolWithTag
#define ExFreePoolWithTag(_P, _T)
Definition: module.h:1099
NewSid
_In_ PSID _In_ PSID NewSid
Definition: rtlfuncs.h:2813
DOMAIN_ALIAS_RID_ADMINS
#define DOMAIN_ALIAS_RID_ADMINS
Definition: setypes.h:652
CODE_SEG
static CODE_SEG("PAGE")
Definition: isapnp.c:1482
SECURITY_CREATOR_SID_AUTHORITY
#define SECURITY_CREATOR_SID_AUTHORITY
Definition: setypes.h:533
SeNtAuthoritySid
PSID SeNtAuthoritySid
Definition: sid.c:31
PAGED_CODE
#define PAGED_CODE()
Definition: Bus_PDO_QueryResourceRequirements.c:89
SeAliasAccountOpsSid
PSID SeAliasAccountOpsSid
Definition: sid.c:45