297 if (TokenDacl ==
NULL)
304 Token->UserAndGroups->Sid);
306 PrimaryToken->UserAndGroups->Sid);
312 if (
Token->RestrictedSids !=
NULL || PrimaryToken->RestrictedSids !=
NULL)
368 *CapturedAcl = InputAcl;
380 AclSize = InputAcl->AclSize;
393 if (AclSize <
sizeof(
ACL))
416 AclSize = InputAcl->AclSize;
419 if (AclSize <
sizeof(
ACL))
440 *CapturedAcl = NewAcl;
471 if (CapturedAcl !=
NULL &&
519 *NewAceFlags =
AceFlags & ~VALID_INHERIT_FLAGS;
529 *NewAceFlags =
AceFlags & ~VALID_INHERIT_FLAGS;
622 Written +=
sizeof(
ACL);
624 CurrentDest = (
PUCHAR)(AclDest + 1);
625 CurrentSource = (
PUCHAR)(AclSource + 1);
642 CurrentDest += AceSize;
643 CurrentSource += AceSize;
672 WriteTwoAces =
FALSE;
717 CurrentDest += AceSize;
723 WriteTwoAces =
FALSE;
736 AclDest->AceCount = AceCount;
737 AclDest->AclSize = Written;
822 if (ExplicitPresent && !ExplicitDefaulted)
862 *IsInherited =
FALSE;
static GENERIC_MAPPING GenericMapping
static const ACEFLAG AceFlags[]
#define ExAllocatePoolWithTag(hernya, size, tag)
VOID NTAPI ProbeForRead(IN CONST VOID *Address, IN SIZE_T Length, IN ULONG Alignment)
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
#define EXCEPTION_EXECUTE_HANDLER
NTSYSAPI NTSTATUS WINAPI RtlAddAccessAllowedAce(PACL, DWORD, DWORD, PSID)
NTSYSAPI BOOLEAN WINAPI RtlCopySid(DWORD, PSID, PSID)
#define ExFreePoolWithTag(_P, _T)
struct _ACCESS_ALLOWED_ACE * PACCESS_ALLOWED_ACE
#define _In_reads_bytes_(size)
#define _Out_writes_bytes_opt_(size)
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL Dacl
NTSYSAPI BOOLEAN NTAPI RtlValidAcl(PACL Acl)
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ SaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ OwnerSize PSID Owner
NTSYSAPI NTSTATUS NTAPI RtlCreateAcl(PACL Acl, ULONG AclSize, ULONG AclRevision)
NTSYSAPI ULONG NTAPI RtlLengthSid(IN PSID Sid)
_In_ ULONG _In_ ACCESS_MASK _In_ PSID Sid
NTSYSAPI VOID NTAPI RtlMapGenericMask(PACCESS_MASK AccessMask, PGENERIC_MAPPING GenericMapping)
NTSYSAPI BOOLEAN NTAPI RtlEqualSid(_In_ PSID Sid1, _In_ PSID Sid2)
PACL SePublicDefaultUnrestrictedDacl
NTSTATUS SepPropagateAcl(_Out_writes_bytes_opt_(AclLength) PACL AclDest, _Inout_ PULONG AclLength, _In_reads_bytes_(AclSource->AclSize) PACL AclSource, _In_ PSID Owner, _In_ PSID Group, _In_ BOOLEAN IsInherited, _In_ BOOLEAN IsDirectoryObject, _In_ PGENERIC_MAPPING GenericMapping)
Propagates (copies) an access control list.
BOOLEAN SepShouldPropagateAce(_In_ UCHAR AceFlags, _Out_ PUCHAR NewAceFlags, _In_ BOOLEAN IsInherited, _In_ BOOLEAN IsDirectoryObject)
Determines if a certain ACE can or cannot be propagated based on ACE inheritation flags and whatnot.
PACL SeSystemAnonymousLogonDacl
VOID NTAPI SepReleaseAcl(_In_ PACL CapturedAcl, _In_ KPROCESSOR_MODE AccessMode, _In_ BOOLEAN CaptureIfKernel)
Releases (frees) a captured ACL from the memory pool.
PACL SePublicOpenUnrestrictedDacl
NTSTATUS NTAPI SepCreateImpersonationTokenDacl(_In_ PTOKEN Token, _In_ PTOKEN PrimaryToken, _Out_ PACL *Dacl)
Allocates a discretionary access control list based on certain properties of a regular and primary ac...
PACL SepSelectAcl(_In_opt_ PACL ExplicitAcl, _In_ BOOLEAN ExplicitPresent, _In_ BOOLEAN ExplicitDefaulted, _In_opt_ PACL ParentAcl, _In_opt_ PACL DefaultAcl, _Out_ PULONG AclLength, _In_ PSID Owner, _In_ PSID Group, _Out_ PBOOLEAN AclPresent, _Out_ PBOOLEAN IsInherited, _In_ BOOLEAN IsDirectoryObject, _In_ PGENERIC_MAPPING GenericMapping)
Selects an ACL and returns it to the caller.
BOOLEAN NTAPI SepInitDACLs(VOID)
Initializes known discretionary access control lists in the system upon kernel and Executive initiali...
NTSTATUS NTAPI SepCaptureAcl(_In_ PACL InputAcl, _In_ KPROCESSOR_MODE AccessMode, _In_ POOL_TYPE PoolType, _In_ BOOLEAN CaptureIfKernel, _Out_ PACL *CapturedAcl)
Captures an access control list from an already valid input ACL.
#define STATUS_INVALID_ACL
#define _SEH2_GetExceptionCode()
#define _SEH2_EXCEPT(...)
#define _SEH2_YIELD(__stmt)
#define STATUS_BUFFER_TOO_SMALL
#define FIELD_OFFSET(t, f)
#define RtlCopyMemory(Destination, Source, Length)
#define STATUS_INSUFFICIENT_RESOURCES
_Must_inspect_result_ _In_ WDFDEVICE _In_ DEVICE_REGISTRY_PROPERTY _In_ _Strict_type_match_ POOL_TYPE PoolType
_In_ PEPROCESS _In_ KPROCESSOR_MODE AccessMode
_In_opt_ PSECURITY_DESCRIPTOR _Out_ PSECURITY_DESCRIPTOR _In_ BOOLEAN IsDirectoryObject
#define VALID_INHERIT_FLAGS
#define CONTAINER_INHERIT_ACE
#define SYSTEM_AUDIT_ACE_TYPE
#define ACCESS_ALLOWED_ACE_TYPE
#define SYSTEM_ALARM_ACE_TYPE
#define OBJECT_INHERIT_ACE
#define NO_PROPAGATE_INHERIT_ACE
#define ACCESS_DENIED_ACE_TYPE
#define ACCESS_MAX_MS_V2_ACE_TYPE