ReactOS 0.4.16-dev-597-gdbf7844
|
#include <ntoskrnl.h>
#include <debug.h>
Go to the source code of this file.
Macros | |
#define | NDEBUG |
Functions | |
BOOLEAN NTAPI | SepInitDACLs (VOID) |
Initializes known discretionary access control lists in the system upon kernel and Executive initialization procedure. | |
NTSTATUS NTAPI | SepCreateImpersonationTokenDacl (_In_ PTOKEN Token, _In_ PTOKEN PrimaryToken, _Out_ PACL *Dacl) |
Allocates a discretionary access control list based on certain properties of a regular and primary access tokens. | |
NTSTATUS NTAPI | SepCaptureAcl (_In_ PACL InputAcl, _In_ KPROCESSOR_MODE AccessMode, _In_ POOL_TYPE PoolType, _In_ BOOLEAN CaptureIfKernel, _Out_ PACL *CapturedAcl) |
Captures an access control list from an already valid input ACL. | |
VOID NTAPI | SepReleaseAcl (_In_ PACL CapturedAcl, _In_ KPROCESSOR_MODE AccessMode, _In_ BOOLEAN CaptureIfKernel) |
Releases (frees) a captured ACL from the memory pool. | |
BOOLEAN | SepShouldPropagateAce (_In_ UCHAR AceFlags, _Out_ PUCHAR NewAceFlags, _In_ BOOLEAN IsInherited, _In_ BOOLEAN IsDirectoryObject) |
Determines if a certain ACE can or cannot be propagated based on ACE inheritation flags and whatnot. | |
NTSTATUS | SepPropagateAcl (_Out_writes_bytes_opt_(AclLength) PACL AclDest, _Inout_ PULONG AclLength, _In_reads_bytes_(AclSource->AclSize) PACL AclSource, _In_ PSID Owner, _In_ PSID Group, _In_ BOOLEAN IsInherited, _In_ BOOLEAN IsDirectoryObject, _In_ PGENERIC_MAPPING GenericMapping) |
Propagates (copies) an access control list. | |
PACL | SepSelectAcl (_In_opt_ PACL ExplicitAcl, _In_ BOOLEAN ExplicitPresent, _In_ BOOLEAN ExplicitDefaulted, _In_opt_ PACL ParentAcl, _In_opt_ PACL DefaultAcl, _Out_ PULONG AclLength, _In_ PSID Owner, _In_ PSID Group, _Out_ PBOOLEAN AclPresent, _Out_ PBOOLEAN IsInherited, _In_ BOOLEAN IsDirectoryObject, _In_ PGENERIC_MAPPING GenericMapping) |
Selects an ACL and returns it to the caller. | |
NTSTATUS NTAPI SepCaptureAcl | ( | _In_ PACL | InputAcl, |
_In_ KPROCESSOR_MODE | AccessMode, | ||
_In_ POOL_TYPE | PoolType, | ||
_In_ BOOLEAN | CaptureIfKernel, | ||
_Out_ PACL * | CapturedAcl | ||
) |
Captures an access control list from an already valid input ACL.
[in] | InputAcl | A valid ACL. |
[in] | AccessMode | Processor level access mode. The processor mode determines how the input arguments are probed. |
[in] | PoolType | Pool type for new captured ACL for creation. The pool type determines in which memory pool the ACL data should reside. |
[in] | CaptureIfKernel | If set to TRUE and the processor access mode being KernelMode, we are capturing an ACL directly in the kernel. Otherwise we are capturing within a kernel mode driver. |
[out] | CapturedAcl | The returned and allocated captured ACL. |
Definition at line 352 of file acl.c.
Referenced by NtCreateToken(), and NtSetInformationToken().
NTSTATUS NTAPI SepCreateImpersonationTokenDacl | ( | _In_ PTOKEN | Token, |
_In_ PTOKEN | PrimaryToken, | ||
_Out_ PACL * | Dacl | ||
) |
Allocates a discretionary access control list based on certain properties of a regular and primary access tokens.
[in] | Token | An access token. |
[in] | PrimaryToken | A primary access token. |
[out] | Dacl | The returned allocated DACL. |
Definition at line 277 of file acl.c.
Referenced by SepOpenThreadToken().
Initializes known discretionary access control lists in the system upon kernel and Executive initialization procedure.
Definition at line 38 of file acl.c.
Referenced by SepInitializationPhase0().
NTSTATUS SepPropagateAcl | ( | _Out_writes_bytes_opt_(AclLength) PACL | AclDest, |
_Inout_ PULONG | AclLength, | ||
_In_reads_bytes_(AclSource->AclSize) PACL | AclSource, | ||
_In_ PSID | Owner, | ||
_In_ PSID | Group, | ||
_In_ BOOLEAN | IsInherited, | ||
_In_ BOOLEAN | IsDirectoryObject, | ||
_In_ PGENERIC_MAPPING | GenericMapping | ||
) |
Propagates (copies) an access control list.
[out] | AclDest | The destination parameter with propagated ACL. |
[in,out] | AclLength | The length of the ACL that we propagate. |
[in] | AclSource | The source instance of a valid ACL. |
[in] | Owner | A SID that represents the main user that identifies the ACL. |
[in] | Group | A SID that represents a group that identifies the ACL. |
[in] | IsInherited | If set to TRUE, that means the ACL is directly inherited. |
[in] | IsDirectoryObject | If set to TRUE, that means the ACL is directly inherited because of the object that inherits it. |
[in] | GenericMapping | Generic mapping of access rights to map only certain effective ACEs. |
Definition at line 587 of file acl.c.
Referenced by SepSelectAcl().
VOID NTAPI SepReleaseAcl | ( | _In_ PACL | CapturedAcl, |
_In_ KPROCESSOR_MODE | AccessMode, | ||
_In_ BOOLEAN | CaptureIfKernel | ||
) |
Releases (frees) a captured ACL from the memory pool.
[in] | CapturedAcl | A valid captured ACL to free. |
[in] | AccessMode | Processor level access mode. |
[in] | CaptureIfKernel | If set to TRUE and the processor access mode being KernelMode, we're releasing an ACL directly in the kernel. Otherwise we're releasing within a kernel mode driver. |
Definition at line 464 of file acl.c.
Referenced by NtCreateToken(), and NtSetInformationToken().
PACL SepSelectAcl | ( | _In_opt_ PACL | ExplicitAcl, |
_In_ BOOLEAN | ExplicitPresent, | ||
_In_ BOOLEAN | ExplicitDefaulted, | ||
_In_opt_ PACL | ParentAcl, | ||
_In_opt_ PACL | DefaultAcl, | ||
_Out_ PULONG | AclLength, | ||
_In_ PSID | Owner, | ||
_In_ PSID | Group, | ||
_Out_ PBOOLEAN | AclPresent, | ||
_Out_ PBOOLEAN | IsInherited, | ||
_In_ BOOLEAN | IsDirectoryObject, | ||
_In_ PGENERIC_MAPPING | GenericMapping | ||
) |
Selects an ACL and returns it to the caller.
[in] | ExplicitAcl | If specified, the specified ACL to the call will be the selected ACL for the caller. |
[in] | ExplicitPresent | If set to TRUE and with specific ACL filled to the call, the function will immediately return the specific ACL as the selected ACL for the caller. |
[in] | ExplicitDefaulted | If set to FALSE and with specific ACL filled to the call, the ACL is not a default ACL. Otherwise it's a default ACL that we cannot select it as is. |
[in] | ParentAcl | If specified, the parent ACL will be used to determine the exact ACL length to check if the ACL in question is not empty. If the list is not empty then the function will select such ACL to the caller. |
[in] | DefaultAcl | If specified, the default ACL will be the selected one for the caller. |
[out] | AclLength | The size length of an ACL. |
[in] | Owner | A SID that represents the main user that identifies the ACL. |
[in] | Group | A SID that represents a group that identifies the ACL. |
[out] | AclPresent | The returned boolean value, indicating if the ACL that we want to select does actually exist. |
[out] | IsInherited | The returned boolean value, indicating if the ACL we want to select it is actually inherited or not. |
[in] | IsDirectoryObject | If set to TRUE, the object inherits this ACL. |
[in] | GenericMapping | Generic mapping of access rights to map only certain effective ACEs of an ACL that we want to select it. |
Definition at line 804 of file acl.c.
BOOLEAN SepShouldPropagateAce | ( | _In_ UCHAR | AceFlags, |
_Out_ PUCHAR | NewAceFlags, | ||
_In_ BOOLEAN | IsInherited, | ||
_In_ BOOLEAN | IsDirectoryObject | ||
) |
Determines if a certain ACE can or cannot be propagated based on ACE inheritation flags and whatnot.
[in] | AceFlags | Bit flags of an ACE to perform propagation checks. |
[out] | NewAceFlags | New ACE bit blags based on the specific ACE flags of the first argument parameter. |
[in] | IsInherited | If set to TRUE, an ACE is deemed as directly inherited from another instance. In that case we're allowed to propagate. |
[in] | IsDirectoryObject | If set to TRUE, an object directly inherits this ACE so we can propagate it. |
Definition at line 503 of file acl.c.
Referenced by SepPropagateAcl().
Definition at line 16 of file acl.c.
Referenced by IopCreateSecurityDescriptorPerType(), SepInitDACLs(), and SepInitSDs().
Definition at line 18 of file acl.c.
Referenced by IopCreateDefaultDeviceSecurityDescriptor(), IopCreateSecurityDescriptorPerType(), SepInitDACLs(), and SepInitSDs().
Definition at line 19 of file acl.c.
Referenced by IopCreateSecurityDescriptorPerType(), SepInitDACLs(), and SepInitSDs().
Definition at line 20 of file acl.c.
Referenced by IopCreateSecurityDescriptorPerType(), SepInitDACLs(), and SepInitSDs().
Definition at line 22 of file acl.c.
Referenced by SepCreateSystemAnonymousLogonToken(), SepCreateSystemAnonymousLogonTokenNoEveryone(), SepInitDACLs(), and SepInitSDs().
Definition at line 17 of file acl.c.
Referenced by IopCreateSecurityDescriptorPerType(), SepCreateSystemProcessToken(), SepInitDACLs(), and SepInitSDs().
Definition at line 21 of file acl.c.
Referenced by SepInitDACLs(), and SepInitSDs().