ReactOS  0.4.15-dev-2704-gd5265b0
security.c File Reference
#include <ntoskrnl.h>
#include <debug.h>
Include dependency graph for security.c:

Go to the source code of this file.

Macros

#define NDEBUG
 

Functions

VOID NTAPI SeAssignPrimaryToken (IN PEPROCESS Process, IN PTOKEN Token)
 
VOID NTAPI PspDeleteProcessSecurity (IN PEPROCESS Process)
 
VOID NTAPI PspDeleteThreadSecurity (IN PETHREAD Thread)
 
NTSTATUS NTAPI PspInitializeProcessSecurity (IN PEPROCESS Process, IN PEPROCESS Parent OPTIONAL)
 
NTSTATUS NTAPI PspWriteTebImpersonationInfo (IN PETHREAD Thread, IN PETHREAD CurrentThread)
 
NTSTATUS NTAPI PspAssignPrimaryToken (IN PEPROCESS Process, IN HANDLE Token, IN PACCESS_TOKEN AccessToken OPTIONAL)
 
NTSTATUS NTAPI PspSetPrimaryToken (IN PEPROCESS Process, IN HANDLE TokenHandle OPTIONAL, IN PACCESS_TOKEN Token OPTIONAL)
 
NTSTATUS NTAPI NtOpenProcessToken (IN HANDLE ProcessHandle, IN ACCESS_MASK DesiredAccess, OUT PHANDLE TokenHandle)
 
NTSTATUS NTAPI NtOpenProcessTokenEx (IN HANDLE ProcessHandle, IN ACCESS_MASK DesiredAccess, IN ULONG HandleAttributes, OUT PHANDLE TokenHandle)
 
PACCESS_TOKEN NTAPI PsReferencePrimaryToken (PEPROCESS Process)
 
NTSTATUS NTAPI PsOpenTokenOfProcess (IN HANDLE ProcessHandle, OUT PACCESS_TOKEN *Token)
 
NTSTATUS NTAPI PsAssignImpersonationToken (IN PETHREAD Thread, IN HANDLE TokenHandle)
 
VOID NTAPI PsRevertToSelf (VOID)
 
VOID NTAPI PsRevertThreadToSelf (IN PETHREAD Thread)
 
NTSTATUS NTAPI PsImpersonateClient (IN PETHREAD Thread, IN PACCESS_TOKEN Token, IN BOOLEAN CopyOnOpen, IN BOOLEAN EffectiveOnly, IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel)
 
PACCESS_TOKEN NTAPI PsReferenceEffectiveToken (IN PETHREAD Thread, OUT IN PTOKEN_TYPE TokenType, OUT PBOOLEAN EffectiveOnly, OUT PSECURITY_IMPERSONATION_LEVEL ImpersonationLevel)
 
PACCESS_TOKEN NTAPI PsReferenceImpersonationToken (IN PETHREAD Thread, OUT PBOOLEAN CopyOnOpen, OUT PBOOLEAN EffectiveOnly, OUT PSECURITY_IMPERSONATION_LEVEL ImpersonationLevel)
 
VOID NTAPI PsDereferenceImpersonationToken (IN PACCESS_TOKEN ImpersonationToken)
 
VOID NTAPI PsDereferencePrimaryToken (IN PACCESS_TOKEN PrimaryToken)
 
BOOLEAN NTAPI PsDisableImpersonation (IN PETHREAD Thread, OUT PSE_IMPERSONATION_STATE ImpersonationState)
 
VOID NTAPI PsRestoreImpersonation (IN PETHREAD Thread, IN PSE_IMPERSONATION_STATE ImpersonationState)
 
NTSTATUS NTAPI NtImpersonateThread (IN HANDLE ThreadHandle, IN HANDLE ThreadToImpersonateHandle, IN PSECURITY_QUALITY_OF_SERVICE SecurityQualityOfService)
 

Variables

PTOKEN PspBootAccessToken
 

Macro Definition Documentation

◆ NDEBUG

#define NDEBUG

Definition at line 14 of file security.c.

Function Documentation

◆ NtImpersonateThread()

NTSTATUS NTAPI NtImpersonateThread ( IN HANDLE  ThreadHandle,
IN HANDLE  ThreadToImpersonateHandle,
IN PSECURITY_QUALITY_OF_SERVICE  SecurityQualityOfService 
)

Definition at line 1014 of file security.c.

1017 {
1018  SECURITY_QUALITY_OF_SERVICE SafeServiceQoS;
1020  PETHREAD Thread;
1021  PETHREAD ThreadToImpersonate;
1023  NTSTATUS Status;
1024  PAGED_CODE();
1026  "Threads: %p %p\n", ThreadHandle, ThreadToImpersonateHandle);
1027 
1028  /* Check if call came from user mode */
1029  if (PreviousMode != KernelMode)
1030  {
1031  /* Enter SEH for probing */
1032  _SEH2_TRY
1033  {
1034  /* Probe QoS */
1035  ProbeForRead(SecurityQualityOfService,
1037  sizeof(ULONG));
1038 
1039  /* Capture it */
1040  SafeServiceQoS = *SecurityQualityOfService;
1041  SecurityQualityOfService = &SafeServiceQoS;
1042  }
1044  {
1045  /* Return the exception code */
1047  }
1048  _SEH2_END;
1049  }
1050 
1051  /* Reference the thread */
1052  Status = ObReferenceObjectByHandle(ThreadHandle,
1054  PsThreadType,
1055  PreviousMode,
1056  (PVOID*)&Thread,
1057  NULL);
1058  if (NT_SUCCESS(Status))
1059  {
1060  /* Reference the impersonating thead */
1061  Status = ObReferenceObjectByHandle(ThreadToImpersonateHandle,
1063  PsThreadType,
1064  PreviousMode,
1065  (PVOID*)&ThreadToImpersonate,
1066  NULL);
1067  if (NT_SUCCESS(Status))
1068  {
1069  /* Create a client security context */
1070  Status = SeCreateClientSecurity(ThreadToImpersonate,
1071  SecurityQualityOfService,
1072  0,
1073  &ClientContext);
1074  if (NT_SUCCESS(Status))
1075  {
1076  /* Do the impersonation */
1078  if (ClientContext.ClientToken)
1079  {
1080  /* Dereference the client token if we had one */
1081  ObDereferenceObject(ClientContext.ClientToken);
1082  }
1083  }
1084 
1085  /* Dereference the thread to impersonate */
1086  ObDereferenceObject(ThreadToImpersonate);
1087  }
1088 
1089  /* Dereference the main thread */
1091  }
1092 
1093  /* Return status */
1094  return Status;
1095 }
#define THREAD_IMPERSONATE
Definition: pstypes.h:151
LONG NTSTATUS
Definition: precomp.h:26
KPROCESSOR_MODE NTAPI ExGetPreviousMode(VOID)
Definition: sysinfo.c:3066
_SEH2_TRY
Definition: create.c:4226
NTSTATUS NTAPI ObReferenceObjectByHandle(IN HANDLE Handle, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, OUT PVOID *Object, OUT POBJECT_HANDLE_INFORMATION HandleInformation OPTIONAL)
Definition: obref.c:494
NTKERNELAPI NTSTATUS NTAPI SeCreateClientSecurity(IN PETHREAD Thread, IN PSECURITY_QUALITY_OF_SERVICE QualityOfService, IN BOOLEAN RemoteClient, OUT PSECURITY_CLIENT_CONTEXT ClientContext)
Definition: access.c:506
Status
Definition: gdiplustypes.h:24
_In_ KPROCESSOR_MODE PreviousMode
Definition: sefuncs.h:103
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:85
_In_ PVOID ClientContext
Definition: netioddk.h:55
#define ObDereferenceObject
Definition: obfuncs.h:203
_In_opt_ PFILE_OBJECT _In_opt_ PETHREAD Thread
Definition: fltkernel.h:2653
#define PS_SECURITY_DEBUG
Definition: ps.h:19
CCHAR KPROCESSOR_MODE
Definition: ketypes.h:7
POBJECT_TYPE PsThreadType
Definition: thread.c:20
VOID NTAPI ProbeForRead(IN CONST VOID *Address, IN SIZE_T Length, IN ULONG Alignment)
Definition: exintrin.c:102
_SEH2_END
Definition: create.c:4400
NTKERNELAPI VOID NTAPI SeImpersonateClient(IN PSECURITY_CLIENT_CONTEXT ClientContext, IN PETHREAD ServerThread OPTIONAL)
Definition: access.c:623
#define NULL
Definition: types.h:112
unsigned int ULONG
Definition: retypes.h:1
#define THREAD_DIRECT_IMPERSONATION
Definition: pstypes.h:152
#define PSTRACE(x, fmt,...)
Definition: ps.h:57
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:40
#define _SEH2_GetExceptionCode()
Definition: pseh2_64.h:165
#define _SEH2_YIELD(__stmt)
Definition: pseh2_64.h:168
#define PAGED_CODE()

Referenced by CsrImpersonateClient().

◆ NtOpenProcessToken()

NTSTATUS NTAPI NtOpenProcessToken ( IN HANDLE  ProcessHandle,
IN ACCESS_MASK  DesiredAccess,
OUT PHANDLE  TokenHandle 
)

Definition at line 350 of file security.c.

353 {
354  /* Call the newer API */
357  0,
358  TokenHandle);
359 }
_Must_inspect_result_ _In_ WDFDEVICE _In_ ULONG _In_ ACCESS_MASK DesiredAccess
Definition: wdfdevice.h:2654
NTSTATUS NTAPI NtOpenProcessTokenEx(IN HANDLE ProcessHandle, IN ACCESS_MASK DesiredAccess, IN ULONG HandleAttributes, OUT PHANDLE TokenHandle)
Definition: security.c:366
_In_ ACCESS_MASK _In_ ULONG _Out_ PHANDLE TokenHandle
Definition: psfuncs.h:715
_In_ HANDLE ProcessHandle
Definition: mmfuncs.h:403

Referenced by CheckTokenMembership(), CsrGetProcessLuid(), CsrSetProcessSecurity(), GetCallerLuid(), LsapIsTrustedClient(), OpenProcessToken(), RtlCreateUserSecurityObject(), RtlDefaultNpAcl(), SmpAcquirePrivilege(), START_TEST(), and test8().

◆ NtOpenProcessTokenEx()

NTSTATUS NTAPI NtOpenProcessTokenEx ( IN HANDLE  ProcessHandle,
IN ACCESS_MASK  DesiredAccess,
IN ULONG  HandleAttributes,
OUT PHANDLE  TokenHandle 
)

Definition at line 366 of file security.c.

370 {
372  HANDLE hToken;
375  PAGED_CODE();
377  "Process: %p DesiredAccess: %lx\n", ProcessHandle, DesiredAccess);
378 
379  /* Check if caller was user-mode */
380  if (PreviousMode != KernelMode)
381  {
382  /* Enter SEH for probing */
383  _SEH2_TRY
384  {
385  /* Probe the token handle */
387  }
389  {
390  /* Return the exception code */
392  }
393  _SEH2_END;
394  }
395 
396  /* Validate object attributes */
398 
399  /* Open the process token */
401  if (NT_SUCCESS(Status))
402  {
403  /* Reference it by handle and dereference the pointer */
406  NULL,
409  PreviousMode,
410  &hToken);
412 
413  /* Make sure we got a handle */
414  if (NT_SUCCESS(Status))
415  {
416  /* Enter SEH for write */
417  _SEH2_TRY
418  {
419  /* Return the handle */
420  *TokenHandle = hToken;
421  }
423  {
424  /* Get exception code */
426  }
427  _SEH2_END;
428  }
429  }
430 
431  /* Return status */
432  return Status;
433 }
_In_ HANDLE _In_opt_ HANDLE _Out_opt_ PHANDLE _In_ ACCESS_MASK _In_ ULONG HandleAttributes
Definition: obfuncs.h:429
_Must_inspect_result_ _In_ WDFDEVICE _In_ ULONG _In_ ACCESS_MASK DesiredAccess
Definition: wdfdevice.h:2654
LONG NTSTATUS
Definition: precomp.h:26
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
KPROCESSOR_MODE NTAPI ExGetPreviousMode(VOID)
Definition: sysinfo.c:3066
NTSTATUS NTAPI ObOpenObjectByPointer(IN PVOID Object, IN ULONG HandleAttributes, IN PACCESS_STATE PassedAccessState, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, OUT PHANDLE Handle)
Definition: obhandle.c:2738
_SEH2_TRY
Definition: create.c:4226
NTSTATUS NTAPI PsOpenTokenOfProcess(IN HANDLE ProcessHandle, OUT PACCESS_TOKEN *Token)
Definition: security.c:471
POBJECT_TYPE SeTokenObjectType
Definition: token.c:19
_In_ ACCESS_MASK _In_ ULONG _Out_ PHANDLE TokenHandle
Definition: psfuncs.h:715
Status
Definition: gdiplustypes.h:24
_In_ KPROCESSOR_MODE PreviousMode
Definition: sefuncs.h:103
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:85
#define ObDereferenceObject
Definition: obfuncs.h:203
#define ProbeForWriteHandle(Ptr)
Definition: probe.h:43
#define PS_SECURITY_DEBUG
Definition: ps.h:19
CCHAR KPROCESSOR_MODE
Definition: ketypes.h:7
FORCEINLINE ULONG ObpValidateAttributes(IN ULONG Attributes, IN KPROCESSOR_MODE PreviousMode)
Definition: ob_x.h:22
_SEH2_END
Definition: create.c:4400
#define NULL
Definition: types.h:112
#define PSTRACE(x, fmt,...)
Definition: ps.h:57
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:40
#define _SEH2_GetExceptionCode()
Definition: pseh2_64.h:165
#define _SEH2_YIELD(__stmt)
Definition: pseh2_64.h:168
_In_ HANDLE ProcessHandle
Definition: mmfuncs.h:403
#define PAGED_CODE()

Referenced by NtOpenProcessToken(), and START_TEST().

◆ PsAssignImpersonationToken()

NTSTATUS NTAPI PsAssignImpersonationToken ( IN PETHREAD  Thread,
IN HANDLE  TokenHandle 
)

Definition at line 502 of file security.c.

504 {
508  PAGED_CODE();
509  PSTRACE(PS_SECURITY_DEBUG, "Thread: %p Token: %p\n", Thread, TokenHandle);
510 
511  /* Check if we were given a handle */
512  if (!TokenHandle)
513  {
514  /* Undo impersonation */
516  return STATUS_SUCCESS;
517  }
518 
519  /* Get the token object */
524  (PVOID*)&Token,
525  NULL);
526  if (!NT_SUCCESS(Status)) return(Status);
527 
528  /* Make sure it's an impersonation token */
530  {
531  /* Fail */
533  return STATUS_BAD_TOKEN_TYPE;
534  }
535 
536  /* Get the impersonation level */
538 
539  /* Call the impersonation API */
541  Token,
542  FALSE,
543  FALSE,
545 
546  /* Dereference the token and return status */
548  return Status;
549 }
NTSTATUS NTAPI PsImpersonateClient(IN PETHREAD Thread, IN PACCESS_TOKEN Token, IN BOOLEAN CopyOnOpen, IN BOOLEAN EffectiveOnly, IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel)
Definition: security.c:610
VOID NTAPI PsRevertThreadToSelf(IN PETHREAD Thread)
Definition: security.c:568
#define KeGetPreviousMode()
Definition: ketypes.h:1107
LONG NTSTATUS
Definition: precomp.h:26
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
#define TOKEN_IMPERSONATE
Definition: setypes.h:873
NTSTATUS NTAPI ObReferenceObjectByHandle(IN HANDLE Handle, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, OUT PVOID *Object, OUT POBJECT_HANDLE_INFORMATION HandleInformation OPTIONAL)
Definition: obref.c:494
#define FALSE
Definition: types.h:117
enum _SECURITY_IMPERSONATION_LEVEL SECURITY_IMPERSONATION_LEVEL
#define STATUS_BAD_TOKEN_TYPE
Definition: ntstatus.h:404
POBJECT_TYPE SeTokenObjectType
Definition: token.c:19
_In_ ACCESS_MASK _In_ ULONG _Out_ PHANDLE TokenHandle
Definition: psfuncs.h:715
SECURITY_IMPERSONATION_LEVEL NTAPI SeTokenImpersonationLevel(IN PACCESS_TOKEN Token)
Definition: token.c:2204
NTKERNELAPI TOKEN_TYPE NTAPI SeTokenType(IN PACCESS_TOKEN Token)
Definition: token.c:2216
Status
Definition: gdiplustypes.h:24
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
_Out_ PBOOLEAN _Out_ PBOOLEAN _Out_ PSECURITY_IMPERSONATION_LEVEL ImpersonationLevel
Definition: psfuncs.h:154
#define ObDereferenceObject
Definition: obfuncs.h:203
_In_opt_ PFILE_OBJECT _In_opt_ PETHREAD Thread
Definition: fltkernel.h:2653
#define PS_SECURITY_DEBUG
Definition: ps.h:19
#define NULL
Definition: types.h:112
#define PSTRACE(x, fmt,...)
Definition: ps.h:57
#define STATUS_SUCCESS
Definition: shellext.h:65
#define PAGED_CODE()

Referenced by NtSetInformationThread().

◆ PsDereferenceImpersonationToken()

VOID NTAPI PsDereferenceImpersonationToken ( IN PACCESS_TOKEN  ImpersonationToken)

Definition at line 888 of file security.c.

889 {
890  PAGED_CODE();
891 
892  /* If we got a token, dereference it */
893  if (ImpersonationToken) ObDereferenceObject(ImpersonationToken);
894 }
#define ObDereferenceObject
Definition: obfuncs.h:203
#define PAGED_CODE()

Referenced by NtCloseObjectAuditAlarm(), NtOpenThreadTokenEx(), PsImpersonateClient(), and SeReleaseSubjectContext().

◆ PsDereferencePrimaryToken()

VOID NTAPI PsDereferencePrimaryToken ( IN PACCESS_TOKEN  PrimaryToken)

Definition at line 902 of file security.c.

903 {
904  PAGED_CODE();
905 
906  /* Dereference the token*/
907  ObDereferenceObject(PrimaryToken);
908 }
#define ObDereferenceObject
Definition: obfuncs.h:203
#define PAGED_CODE()

Referenced by KsecGetKeyData(), NtCloseObjectAuditAlarm(), NtSecureConnectPort(), SeExchangePrimaryToken(), and SepImpersonateAnonymousToken().

◆ PsDisableImpersonation()

BOOLEAN NTAPI PsDisableImpersonation ( IN PETHREAD  Thread,
OUT PSE_IMPERSONATION_STATE  ImpersonationState 
)

Definition at line 915 of file security.c.

917 {
918  PPS_IMPERSONATION_INFORMATION Impersonation = NULL;
919  LONG OldFlags;
920  PAGED_CODE();
922  "Thread: %p State: %p\n", Thread, ImpersonationState);
923 
924  /* Check if we don't have impersonation */
926  {
927  /* Lock thread security */
929 
930  /* Disable impersonation */
933 
934  /* Make sure nobody disabled it behind our back */
936  {
937  /* Copy the old state */
938  Impersonation = Thread->ImpersonationInfo;
939  ImpersonationState->Token = Impersonation->Token;
940  ImpersonationState->CopyOnOpen = Impersonation->CopyOnOpen;
942  ImpersonationState->Level = Impersonation->ImpersonationLevel;
943  }
944 
945  /* Unlock thread security */
947 
948  /* If we had impersonation info, return true */
949  if (Impersonation) return TRUE;
950  }
951 
952  /* Clear everything */
957  return FALSE;
958 }
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
Definition: pstypes.h:1072
FORCEINLINE VOID PspUnlockThreadSecurityExclusive(IN PETHREAD Thread)
Definition: ps_x.h:188
_Inout_ PSE_IMPERSONATION_STATE ImpersonationState
Definition: psfuncs.h:189
#define PspClearCrossThreadFlag(Thread, Flag)
Definition: ps_x.h:27
#define TRUE
Definition: types.h:120
#define FALSE
Definition: types.h:117
PPS_IMPERSONATION_INFORMATION ImpersonationInfo
Definition: pstypes.h:1143
long LONG
Definition: pedump.c:60
_In_opt_ PFILE_OBJECT _In_opt_ PETHREAD Thread
Definition: fltkernel.h:2653
#define PS_SECURITY_DEBUG
Definition: ps.h:19
ULONG ActiveImpersonationInfo
Definition: pstypes.h:1181
SHORT OldFlags
Definition: fxioqueue.cpp:1325
#define NULL
Definition: types.h:112
#define CT_ACTIVE_IMPERSONATION_INFO_BIT
Definition: pstypes.h:241
#define PSTRACE(x, fmt,...)
Definition: ps.h:57
FORCEINLINE VOID PspLockThreadSecurityExclusive(IN PETHREAD Thread)
Definition: ps_x.h:177
PACCESS_TOKEN Token
Definition: setypes.h:116
SECURITY_IMPERSONATION_LEVEL Level
Definition: setypes.h:119
#define PAGED_CODE()

Referenced by NtOpenThreadTokenEx().

◆ PsImpersonateClient()

NTSTATUS NTAPI PsImpersonateClient ( IN PETHREAD  Thread,
IN PACCESS_TOKEN  Token,
IN BOOLEAN  CopyOnOpen,
IN BOOLEAN  EffectiveOnly,
IN SECURITY_IMPERSONATION_LEVEL  ImpersonationLevel 
)

Definition at line 610 of file security.c.

615 {
616  PPS_IMPERSONATION_INFORMATION Impersonation, OldData;
617  PTOKEN OldToken = NULL, ProcessToken = NULL;
618  PACCESS_TOKEN NewToken, ImpersonationToken;
619  PEJOB Job;
621 
622  PAGED_CODE();
623  PSTRACE(PS_SECURITY_DEBUG, "Thread: %p, Token: %p\n", Thread, Token);
624 
625  /* Check if we don't have a token */
626  if (!Token)
627  {
628  /* Make sure we're impersonating */
630  {
631  /* We seem to be, lock the thread */
633 
634  /* Make sure we're still impersonating */
636  {
637  /* Disable impersonation */
640 
641  /* Get the token */
642  OldToken = Thread->ImpersonationInfo->Token;
643  }
644 
645  /* Unlock the process and write TEB information */
648  }
649  }
650  else
651  {
652  /* Check if we have impersonation info */
653  Impersonation = Thread->ImpersonationInfo;
654  if (!Impersonation)
655  {
656  /* We need to allocate a new one */
657  Impersonation = ExAllocatePoolWithTag(PagedPool,
658  sizeof(*Impersonation),
660  if (!Impersonation) return STATUS_INSUFFICIENT_RESOURCES;
661 
662  /* Update the pointer */
664  ImpersonationInfo,
665  Impersonation,
666  NULL);
667  if (OldData)
668  {
669  /* Someone beat us to it, free our copy */
670  ExFreePoolWithTag(Impersonation, TAG_PS_IMPERSONATION);
671  Impersonation = OldData;
672  }
673  }
674 
675  /*
676  * Assign the token we get from the caller first. The reason
677  * we have to do that is because we're unsure if we can impersonate
678  * in the first place. In the scenario where we cannot then the
679  * last resort is to make a copy of the token and assign that newly
680  * token to the impersonation information.
681  */
682  ImpersonationToken = Token;
683 
684  /* Obtain a token from the process */
685  ProcessToken = PsReferencePrimaryToken(Thread->ThreadsProcess);
686  if (!ProcessToken)
687  {
688  /* We can't continue this way without having the process' token... */
689  return STATUS_UNSUCCESSFUL;
690  }
691 
692  /* Make sure we can impersonate */
693  if (!SeTokenCanImpersonate(ProcessToken,
694  Token,
696  {
697  /* We can't, make a copy of the token instead */
700  KernelMode,
701  &NewToken);
702  if (!NT_SUCCESS(Status))
703  {
704  /* We can't even make a copy of the token? Then bail out... */
705  ObFastDereferenceObject(&Thread->ThreadsProcess->Token, ProcessToken);
706  return Status;
707  }
708 
709  /* Since we cannot impersonate, assign the newly copied token */
710  ImpersonationToken = NewToken;
711  }
712 
713  /* We no longer need the process' token */
714  ObFastDereferenceObject(&Thread->ThreadsProcess->Token, ProcessToken);
715 
716  /* Check if this is a job */
717  Job = Thread->ThreadsProcess->Job;
718  if (Job != NULL)
719  {
720  /* No admin allowed in this job */
722  SeTokenIsAdmin(ImpersonationToken))
723  {
724  return STATUS_ACCESS_DENIED;
725  }
726 
727  /* No restricted tokens allowed in this job */
729  SeTokenIsRestricted(ImpersonationToken))
730  {
731  return STATUS_ACCESS_DENIED;
732  }
733 
734  /* We don't support job filters yet */
735  if (Job->Filter != NULL)
736  {
737  ASSERT(Job->Filter == NULL);
738  }
739  }
740 
741  /* Lock thread security */
743 
744  /* Check if we're impersonating */
746  {
747  /* Get the token */
748  OldToken = Impersonation->Token;
749  }
750  else
751  {
752  /* Otherwise, enable impersonation */
754  }
755 
756  /* Now fill it out */
757  Impersonation->ImpersonationLevel = ImpersonationLevel;
758  Impersonation->CopyOnOpen = CopyOnOpen;
759  Impersonation->EffectiveOnly = EffectiveOnly;
760  Impersonation->Token = ImpersonationToken;
761  ObReferenceObject(ImpersonationToken);
762 
763  /* Unlock the thread */
765 
766  /* Write impersonation info to the TEB */
768  }
769 
770  /* Dereference the token and return success */
771  if (OldToken) PsDereferenceImpersonationToken(OldToken);
772  return STATUS_SUCCESS;
773 }
NTSTATUS NTAPI SeCopyClientToken(IN PACCESS_TOKEN Token, IN SECURITY_IMPERSONATION_LEVEL Level, IN KPROCESSOR_MODE PreviousMode, OUT PACCESS_TOKEN *NewToken)
Definition: token.c:1137
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
Definition: pstypes.h:1072
FORCEINLINE VOID PspUnlockThreadSecurityExclusive(IN PETHREAD Thread)
Definition: ps_x.h:188
#define PsGetCurrentThread()
Definition: env_spec_w32.h:81
#define PspClearCrossThreadFlag(Thread, Flag)
Definition: ps_x.h:27
#define JOB_OBJECT_SECURITY_RESTRICTED_TOKEN
Definition: pstypes.h:231
LONG NTSTATUS
Definition: precomp.h:26
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
_Out_ PBOOLEAN CopyOnOpen
Definition: psfuncs.h:154
#define JOB_OBJECT_SECURITY_NO_ADMIN
Definition: pstypes.h:230
BOOLEAN NTAPI SeTokenIsRestricted(IN PACCESS_TOKEN Token)
Definition: token.c:2243
PPS_IMPERSONATION_INFORMATION ImpersonationInfo
Definition: pstypes.h:1143
#define InterlockedCompareExchangePointer
Definition: interlocked.h:129
Status
Definition: gdiplustypes.h:24
#define ASSERT(a)
Definition: mode.c:44
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
_Out_ PBOOLEAN _Out_ PBOOLEAN _Out_ PSECURITY_IMPERSONATION_LEVEL ImpersonationLevel
Definition: psfuncs.h:154
_In_opt_ PFILE_OBJECT _In_opt_ PETHREAD Thread
Definition: fltkernel.h:2653
#define STATUS_ACCESS_DENIED
Definition: udferr_usr.h:145
#define PS_SECURITY_DEBUG
Definition: ps.h:19
ULONG ActiveImpersonationInfo
Definition: pstypes.h:1181
#define STATUS_UNSUCCESSFUL
Definition: udferr_usr.h:132
#define ExAllocatePoolWithTag(hernya, size, tag)
Definition: env_spec_w32.h:350
#define PspSetCrossThreadFlag(Thread, Flag)
Definition: ps_x.h:25
PPS_JOB_TOKEN_FILTER Filter
Definition: pstypes.h:1502
ULONG SecurityLimitFlags
Definition: pstypes.h:1500
PACCESS_TOKEN NTAPI PsReferencePrimaryToken(PEPROCESS Process)
Definition: security.c:440
BOOLEAN NTAPI SeTokenCanImpersonate(_In_ PTOKEN ProcessToken, _In_ PTOKEN TokenToImpersonate, _In_ SECURITY_IMPERSONATION_LEVEL ImpersonationLevel)
Ensures that client impersonation can occur by checking if the token we're going to assign as the imp...
Definition: token.c:2287
BOOLEAN NTAPI SeTokenIsAdmin(IN PACCESS_TOKEN Token)
Definition: token.c:2229
#define NULL
Definition: types.h:112
#define CT_ACTIVE_IMPERSONATION_INFO_BIT
Definition: pstypes.h:241
VOID FASTCALL ObFastDereferenceObject(IN PEX_FAST_REF FastRef, IN PVOID Object)
Definition: obref.c:167
#define ObReferenceObject
Definition: obfuncs.h:204
#define PSTRACE(x, fmt,...)
Definition: ps.h:57
#define STATUS_SUCCESS
Definition: shellext.h:65
FORCEINLINE VOID PspLockThreadSecurityExclusive(IN PETHREAD Thread)
Definition: ps_x.h:177
#define ExFreePoolWithTag(_P, _T)
Definition: module.h:1099
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN EffectiveOnly
Definition: sefuncs.h:417
#define TAG_PS_IMPERSONATION
Definition: tag.h:157
NTSTATUS NTAPI PspWriteTebImpersonationInfo(IN PETHREAD Thread, IN PETHREAD CurrentThread)
Definition: security.c:114
#define PAGED_CODE()
VOID NTAPI PsDereferenceImpersonationToken(IN PACCESS_TOKEN ImpersonationToken)
Definition: security.c:888

Referenced by NtOpenThreadTokenEx(), PsAssignImpersonationToken(), SeImpersonateClientEx(), and SepImpersonateAnonymousToken().

◆ PsOpenTokenOfProcess()

NTSTATUS NTAPI PsOpenTokenOfProcess ( IN HANDLE  ProcessHandle,
OUT PACCESS_TOKEN Token 
)

Definition at line 471 of file security.c.

473 {
476  PAGED_CODE();
477  PSTRACE(PS_SECURITY_DEBUG, "Process: %p\n", ProcessHandle);
478 
479  /* Get the Token */
484  (PVOID*)&Process,
485  NULL);
486  if (NT_SUCCESS(Status))
487  {
488  /* Reference the token and dereference the process */
491  }
492 
493  /* Return */
494  return Status;
495 }
#define PROCESS_QUERY_INFORMATION
Definition: pstypes.h:166
LONG NTSTATUS
Definition: precomp.h:26
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
KPROCESSOR_MODE NTAPI ExGetPreviousMode(VOID)
Definition: sysinfo.c:3066
NTSTATUS NTAPI ObReferenceObjectByHandle(IN HANDLE Handle, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, OUT PVOID *Object, OUT POBJECT_HANDLE_INFORMATION HandleInformation OPTIONAL)
Definition: obref.c:494
Status
Definition: gdiplustypes.h:24
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
#define ObDereferenceObject
Definition: obfuncs.h:203
#define PS_SECURITY_DEBUG
Definition: ps.h:19
PACCESS_TOKEN NTAPI PsReferencePrimaryToken(PEPROCESS Process)
Definition: security.c:440
#define NULL
Definition: types.h:112
_Must_inspect_result_ _In_ PLARGE_INTEGER _In_ PLARGE_INTEGER _In_ ULONG _In_ PFILE_OBJECT _In_ PVOID Process
Definition: fsrtlfuncs.h:219
#define PSTRACE(x, fmt,...)
Definition: ps.h:57
_In_ HANDLE ProcessHandle
Definition: mmfuncs.h:403
POBJECT_TYPE PsProcessType
Definition: process.c:20
#define PAGED_CODE()

Referenced by NtOpenProcessTokenEx().

◆ PspAssignPrimaryToken()

NTSTATUS NTAPI PspAssignPrimaryToken ( IN PEPROCESS  Process,
IN HANDLE  Token,
IN PACCESS_TOKEN AccessToken  OPTIONAL 
)

Definition at line 178 of file security.c.

181 {
182  PACCESS_TOKEN NewToken = AccessToken, OldToken;
184  PAGED_CODE();
185  PSTRACE(PS_SECURITY_DEBUG, "Process: %p Token: %p\n", Process, Token);
186 
187  /* Check if we don't have a pointer */
188  if (!AccessToken)
189  {
190  /* Reference it from the handle */
195  &NewToken,
196  NULL);
197  if (!NT_SUCCESS(Status)) return Status;
198  }
199 
200  /* Exchange tokens */
201  Status = SeExchangePrimaryToken(Process, NewToken, &OldToken);
202 
203  /* Acquire and release the lock */
206 
207  /* Dereference Tokens and Return */
208  if (NT_SUCCESS(Status)) ObDereferenceObject(OldToken);
209  if (!AccessToken) ObDereferenceObject(NewToken);
210  return Status;
211 }
FORCEINLINE VOID PspLockProcessSecurityExclusive(IN PEPROCESS Process)
Definition: ps_x.h:133
LONG NTSTATUS
Definition: precomp.h:26
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
#define TOKEN_ASSIGN_PRIMARY
Definition: setypes.h:871
KPROCESSOR_MODE NTAPI ExGetPreviousMode(VOID)
Definition: sysinfo.c:3066
NTSTATUS NTAPI SeExchangePrimaryToken(_In_ PEPROCESS Process, _In_ PACCESS_TOKEN NewAccessToken, _Out_ PACCESS_TOKEN *OldAccessToken)
Definition: token.c:577
NTSTATUS NTAPI ObReferenceObjectByHandle(IN HANDLE Handle, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, OUT PVOID *Object, OUT POBJECT_HANDLE_INFORMATION HandleInformation OPTIONAL)
Definition: obref.c:494
POBJECT_TYPE SeTokenObjectType
Definition: token.c:19
Status
Definition: gdiplustypes.h:24
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
#define ObDereferenceObject
Definition: obfuncs.h:203
#define PS_SECURITY_DEBUG
Definition: ps.h:19
#define NULL
Definition: types.h:112
_Must_inspect_result_ _In_ PLARGE_INTEGER _In_ PLARGE_INTEGER _In_ ULONG _In_ PFILE_OBJECT _In_ PVOID Process
Definition: fsrtlfuncs.h:219
FORCEINLINE VOID PspUnlockProcessSecurityExclusive(IN PEPROCESS Process)
Definition: ps_x.h:144
#define PSTRACE(x, fmt,...)
Definition: ps.h:57
#define PAGED_CODE()

Referenced by PspSetPrimaryToken().

◆ PspDeleteProcessSecurity()

VOID NTAPI PspDeleteProcessSecurity ( IN PEPROCESS  Process)

Definition at line 30 of file security.c.

31 {
32  PAGED_CODE();
33  PSTRACE(PS_SECURITY_DEBUG, "Process: %p\n", Process);
34 
35  /* Check if we have a token */
36  if (Process->Token.Object)
37  {
38  /* Deassign it */
40  Process->Token.Object = NULL;
41  }
42 }
VOID NTAPI SeDeassignPrimaryToken(struct _EPROCESS *Process)
#define PS_SECURITY_DEBUG
Definition: ps.h:19
#define NULL
Definition: types.h:112
_Must_inspect_result_ _In_ PLARGE_INTEGER _In_ PLARGE_INTEGER _In_ ULONG _In_ PFILE_OBJECT _In_ PVOID Process
Definition: fsrtlfuncs.h:219
#define PSTRACE(x, fmt,...)
Definition: ps.h:57
#define PAGED_CODE()

Referenced by PspDeleteProcess().

◆ PspDeleteThreadSecurity()

VOID NTAPI PspDeleteThreadSecurity ( IN PETHREAD  Thread)

Definition at line 46 of file security.c.

47 {
49  PAGED_CODE();
50  PSTRACE(PS_SECURITY_DEBUG, "Thread: %p\n", Thread);
51 
52  /* Check if we have active impersonation info */
54  {
55  /* Dereference its token */
56  ObDereferenceObject(ImpersonationInfo->Token);
57  }
58 
59  /* Check if we have impersonation info */
60  if (ImpersonationInfo)
61  {
62  /* Free it */
63  ExFreePool(ImpersonationInfo);
66  }
67 }
#define PspClearCrossThreadFlag(Thread, Flag)
Definition: ps_x.h:27
PPS_IMPERSONATION_INFORMATION ImpersonationInfo
Definition: pstypes.h:1143
#define ObDereferenceObject
Definition: obfuncs.h:203
_In_opt_ PFILE_OBJECT _In_opt_ PETHREAD Thread
Definition: fltkernel.h:2653
#define PS_SECURITY_DEBUG
Definition: ps.h:19
ULONG ActiveImpersonationInfo
Definition: pstypes.h:1181
#define NULL
Definition: types.h:112
#define CT_ACTIVE_IMPERSONATION_INFO_BIT
Definition: pstypes.h:241
#define PSTRACE(x, fmt,...)
Definition: ps.h:57
#define ExFreePool(addr)
Definition: env_spec_w32.h:352
#define PAGED_CODE()

Referenced by PspDeleteThread().

◆ PspInitializeProcessSecurity()

NTSTATUS NTAPI PspInitializeProcessSecurity ( IN PEPROCESS  Process,
IN PEPROCESS Parent  OPTIONAL 
)

Definition at line 71 of file security.c.

73 {
75  PTOKEN NewToken, ParentToken;
76  PAGED_CODE();
77  PSTRACE(PS_SECURITY_DEBUG, "Process: %p\n", Process);
78 
79  /* If we have a parent, then duplicate the Token */
80  if (Parent)
81  {
82  /* Get the Parent Token */
83  ParentToken = PsReferencePrimaryToken(Parent);
84 
85  /* Duplicate it */
86  Status = SeSubProcessToken(ParentToken,
87  &NewToken,
88  TRUE,
90 
91  /* Dereference the Parent */
92  ObFastDereferenceObject(&Parent->Token, ParentToken);
93 
94  /* Set the new Token */
95  if (NT_SUCCESS(Status))
96  {
97  /* Initailize the fast reference */
98  ObInitializeFastReference(&Process->Token, NewToken);
99  }
100  }
101  else
102  {
103  /* No parent, assign the Boot Token */
106  }
107 
108  /* Return to caller */
109  return Status;
110 }
PTOKEN PspBootAccessToken
Definition: security.c:17
#define TRUE
Definition: types.h:120
LONG NTSTATUS
Definition: precomp.h:26
ACPI_PHYSICAL_ADDRESS ACPI_SIZE BOOLEAN Warn BOOLEAN Physical UINT32 ACPI_TABLE_HEADER *OutTableHeader ACPI_TABLE_HEADER **OutTable ACPI_HANDLE UINT32 ACPI_WALK_CALLBACK ACPI_WALK_CALLBACK void void **ReturnValue UINT32 ACPI_BUFFER *RetPathPtr ACPI_OBJECT_HANDLER void *Data ACPI_OBJECT_HANDLER void **Data ACPI_STRING ACPI_OBJECT_LIST ACPI_BUFFER *ReturnObjectBuffer ACPI_DEVICE_INFO **ReturnBuffer ACPI_HANDLE Parent
Definition: acpixf.h:728
Status
Definition: gdiplustypes.h:24
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
VOID FASTCALL ObInitializeFastReference(IN PEX_FAST_REF FastRef, IN PVOID Object)
Definition: obref.c:107
#define PS_SECURITY_DEBUG
Definition: ps.h:19
PACCESS_TOKEN NTAPI PsReferencePrimaryToken(PEPROCESS Process)
Definition: security.c:440
NTSTATUS NTAPI SeSubProcessToken(IN PTOKEN Parent, OUT PTOKEN *Token, IN BOOLEAN InUse, IN ULONG SessionId)
Definition: token.c:1021
#define NULL
Definition: types.h:112
VOID FASTCALL ObFastDereferenceObject(IN PEX_FAST_REF FastRef, IN PVOID Object)
Definition: obref.c:167
_Must_inspect_result_ _In_ PLARGE_INTEGER _In_ PLARGE_INTEGER _In_ ULONG _In_ PFILE_OBJECT _In_ PVOID Process
Definition: fsrtlfuncs.h:219
VOID NTAPI SeAssignPrimaryToken(IN PEPROCESS Process, IN PTOKEN Token)
Definition: token.c:1213
ULONG NTAPI MmGetSessionId(IN PEPROCESS Process)
Definition: session.c:179
#define PSTRACE(x, fmt,...)
Definition: ps.h:57
#define STATUS_SUCCESS
Definition: shellext.h:65
#define PAGED_CODE()

Referenced by PspCreateProcess().

◆ PspSetPrimaryToken()

NTSTATUS NTAPI PspSetPrimaryToken ( IN PEPROCESS  Process,
IN HANDLE TokenHandle  OPTIONAL,
IN PACCESS_TOKEN Token  OPTIONAL 
)

Definition at line 215 of file security.c.

218 {
220  BOOLEAN IsChildOrSibling;
221  PACCESS_TOKEN NewToken = Token;
223  BOOLEAN Result, SdAllocated;
226 
227  PSTRACE(PS_SECURITY_DEBUG, "Process: %p Token: %p\n", Process, Token);
228 
229  /* Reference the token by handle if we don't already have a token object */
230  if (!Token)
231  {
235  PreviousMode,
236  (PVOID*)&NewToken,
237  NULL);
238  if (!NT_SUCCESS(Status)) return Status;
239  }
240 
241  /*
242  * Check whether this token is a child or sibling of the current process token.
243  * NOTE: On Windows Vista+ both of these checks (together with extra steps)
244  * are now performed by a new SeIsTokenAssignableToProcess() helper.
245  */
246  Status = SeIsTokenChild(NewToken, &IsChildOrSibling);
247  if (!NT_SUCCESS(Status))
248  {
249  /* Failed, dereference */
250  if (!Token) ObDereferenceObject(NewToken);
251  return Status;
252  }
253  if (!IsChildOrSibling)
254  {
255  Status = SeIsTokenSibling(NewToken, &IsChildOrSibling);
256  if (!NT_SUCCESS(Status))
257  {
258  /* Failed, dereference */
259  if (!Token) ObDereferenceObject(NewToken);
260  return Status;
261  }
262  }
263 
264  /* Check if this was an independent token */
265  if (!IsChildOrSibling)
266  {
267  /* Make sure we have the privilege to assign a new one */
269  PreviousMode))
270  {
271  /* Failed, dereference */
272  if (!Token) ObDereferenceObject(NewToken);
274  }
275  }
276 
277  /* Assign the token */
279  if (NT_SUCCESS(Status))
280  {
281  /*
282  * We need to completely reverify if the process still has access to
283  * itself under this new token.
284  */
287  &SdAllocated);
288  if (NT_SUCCESS(Status))
289  {
290  /* Setup the security context */
291  SubjectContext.ProcessAuditId = Process;
293  SubjectContext.ClientToken = NULL;
294 
295  /* Do the access check */
298  FALSE,
300  0,
301  NULL,
303  PreviousMode,
304  &Process->GrantedAccess,
305  &AccessStatus);
306 
307  /* Dereference the token and let go the SD */
309  SubjectContext.PrimaryToken);
311 
312  /* Remove access if it failed */
313  if (!Result) Process->GrantedAccess = 0;
314 
315  /* Setup granted access */
316  Process->GrantedAccess |= (PROCESS_VM_OPERATION |
327  }
328 
329  /*
330  * In case LUID device maps are enable, we may not be using
331  * system device map for this process, but a logon LUID based
332  * device map. Because we change primary token, this usage is
333  * no longer valid, so dereference the process device map
334  */
336  }
337 
338  /* Dereference the token */
339  if (!Token) ObDereferenceObject(NewToken);
340  return Status;
341 }
#define MAXIMUM_ALLOWED
Definition: nt_native.h:83
BOOLEAN NTAPI SeAccessCheck(IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext, IN BOOLEAN SubjectContextLocked, IN ACCESS_MASK DesiredAccess, IN ACCESS_MASK PreviouslyGrantedAccess, OUT PPRIVILEGE_SET *Privileges, IN PGENERIC_MAPPING GenericMapping, IN KPROCESSOR_MODE AccessMode, OUT PACCESS_MASK GrantedAccess, OUT PNTSTATUS AccessStatus)
Definition: accesschk.c:340
#define STATUS_PRIVILEGE_NOT_HELD
Definition: DriverTester.h:9
_Inout_ PLIST_ENTRY _In_ PVOID _In_ PSTRING _In_ BOOLEAN _In_ BOOLEAN _In_ ULONG _In_ PFLT_CALLBACK_DATA _In_opt_ PCHECK_FOR_TRAVERSE_ACCESS _In_opt_ PSECURITY_SUBJECT_CONTEXT SubjectContext
Definition: fltkernel.h:2239
NTSTATUS NTAPI SeIsTokenSibling(IN PTOKEN Token, OUT PBOOLEAN IsSibling)
Definition: token.c:1098
#define PROCESS_QUERY_INFORMATION
Definition: pstypes.h:166
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK _Out_ PNTSTATUS AccessStatus
Definition: sefuncs.h:13
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:182
NTSTATUS NTAPI SeIsTokenChild(IN PTOKEN Token, OUT PBOOLEAN IsChild)
Definition: token.c:1065
LONG NTSTATUS
Definition: precomp.h:26
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
#define TOKEN_ASSIGN_PRIMARY
Definition: setypes.h:871
BOOLEAN NTAPI SeSinglePrivilegeCheck(IN LUID PrivilegeValue, IN KPROCESSOR_MODE PreviousMode)
Definition: priv.c:520
KPROCESSOR_MODE NTAPI ExGetPreviousMode(VOID)
Definition: sysinfo.c:3066
const LUID SeAssignPrimaryTokenPrivilege
Definition: priv.c:20
#define PROCESS_CREATE_THREAD
Definition: pstypes.h:158
NTSTATUS NTAPI ObReferenceObjectByHandle(IN HANDLE Handle, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, OUT PVOID *Object, OUT POBJECT_HANDLE_INFORMATION HandleInformation OPTIONAL)
Definition: obref.c:494
#define FALSE
Definition: types.h:117
#define PROCESS_DUP_HANDLE
VOID NTAPI ObReleaseObjectSecurity(IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN BOOLEAN MemoryAllocated)
Definition: obsecure.c:709
unsigned char BOOLEAN
POBJECT_TYPE SeTokenObjectType
Definition: token.c:19
_At_(*)(_In_ PWSK_CLIENT Client, _In_opt_ PUNICODE_STRING NodeName, _In_opt_ PUNICODE_STRING ServiceName, _In_opt_ ULONG NameSpace, _In_opt_ GUID *Provider, _In_opt_ PADDRINFOEXW Hints, _Outptr_ PADDRINFOEXW *Result, _In_opt_ PEPROCESS OwningProcess, _In_opt_ PETHREAD OwningThread, _Inout_ PIRP Irp Result)(Mem)) NTSTATUS(WSKAPI *PFN_WSK_GET_ADDRESS_INFO
Definition: wsk.h:426
_In_ ACCESS_MASK _In_ ULONG _Out_ PHANDLE TokenHandle
Definition: psfuncs.h:715
#define PROCESS_SET_QUOTA
Definition: pstypes.h:164
NTSTATUS NTAPI ObGetObjectSecurity(IN PVOID Object, OUT PSECURITY_DESCRIPTOR *SecurityDescriptor, OUT PBOOLEAN MemoryAllocated)
Definition: obsecure.c:611
Status
Definition: gdiplustypes.h:24
_In_ KPROCESSOR_MODE PreviousMode
Definition: sefuncs.h:103
#define PROCESS_VM_WRITE
Definition: pstypes.h:162
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
#define ObDereferenceObject
Definition: obfuncs.h:203
#define PS_SECURITY_DEBUG
Definition: ps.h:19
#define PROCESS_CREATE_PROCESS
Definition: pstypes.h:163
CCHAR KPROCESSOR_MODE
Definition: ketypes.h:7
NTSTATUS NTAPI PspAssignPrimaryToken(IN PEPROCESS Process, IN HANDLE Token, IN PACCESS_TOKEN AccessToken OPTIONAL)
Definition: security.c:178
PACCESS_TOKEN NTAPI PsReferencePrimaryToken(PEPROCESS Process)
Definition: security.c:440
OBJECT_TYPE_INITIALIZER TypeInfo
Definition: obtypes.h:390
VOID NTAPI ObDereferenceDeviceMap(IN PEPROCESS Process)
Definition: devicemap.c:456
GENERIC_MAPPING GenericMapping
Definition: obtypes.h:358
#define STANDARD_RIGHTS_ALL
Definition: nt_native.h:69
#define PROCESS_TERMINATE
Definition: pstypes.h:157
#define NULL
Definition: types.h:112
#define PROCESS_VM_READ
Definition: pstypes.h:161
VOID FASTCALL ObFastDereferenceObject(IN PEX_FAST_REF FastRef, IN PVOID Object)
Definition: obref.c:167
_Must_inspect_result_ _In_ PLARGE_INTEGER _In_ PLARGE_INTEGER _In_ ULONG _In_ PFILE_OBJECT _In_ PVOID Process
Definition: fsrtlfuncs.h:219
#define PROCESS_VM_OPERATION
Definition: pstypes.h:160
#define PROCESS_SET_INFORMATION
Definition: pstypes.h:165
#define PSTRACE(x, fmt,...)
Definition: ps.h:57
ULONG NTAPI ObIsLUIDDeviceMapsEnabled(VOID)
Definition: devicemap.c:662
POBJECT_TYPE PsProcessType
Definition: process.c:20

Referenced by NtSetInformationProcess().

◆ PspWriteTebImpersonationInfo()

NTSTATUS NTAPI PspWriteTebImpersonationInfo ( IN PETHREAD  Thread,
IN PETHREAD  CurrentThread 
)

Definition at line 114 of file security.c.

116 {
118  PTEB Teb;
120  BOOLEAN IsImpersonating;
122  PAGED_CODE();
123  PSTRACE(PS_SECURITY_DEBUG, "Thread: %p\n", Thread);
124 
125  /* Sanity check */
126  ASSERT(CurrentThread == PsGetCurrentThread());
127 
128  /* Get process and TEB */
129  Process = Thread->ThreadsProcess;
130  Teb = Thread->Tcb.Teb;
131  if (Teb)
132  {
133  /* Check if we're not in the right process */
134  if (Thread->Tcb.ApcState.Process != &Process->Pcb)
135  {
136  /* Attach to the process */
138  Attached = TRUE;
139  }
140 
141  /* Check if we're in a different thread or acquire rundown */
142  if ((Thread == CurrentThread) ||
144  {
145  /* Check if the thread is impersonating */
146  IsImpersonating = (BOOLEAN)Thread->ActiveImpersonationInfo;
147  if (IsImpersonating)
148  {
149  /* Set TEB data */
150  Teb->ImpersonationLocale = -1;
151  Teb->IsImpersonating = 1;
152  }
153  else
154  {
155  /* Set TEB data */
156  Teb->ImpersonationLocale = 0;
157  Teb->IsImpersonating = 0;
158  }
159  }
160 
161  /* Check if we're in a different thread */
162  if (Thread != CurrentThread)
163  {
164  /* Release protection */
166  }
167 
168  /* Detach */
170  }
171 
172  /* Return to caller */
173  return STATUS_SUCCESS;
174 }
KAPC_STATE
Definition: ketypes.h:1280
#define PsGetCurrentThread()
Definition: env_spec_w32.h:81
NTKERNELAPI VOID FASTCALL ExReleaseRundownProtection(_Inout_ PEX_RUNDOWN_REF RunRef)
#define TRUE
Definition: types.h:120
ULONG ImpersonationLocale
Definition: winternl.h:432
EX_RUNDOWN_REF RundownProtect
Definition: pstypes.h:1159
KTHREAD Tcb
Definition: pstypes.h:1103
#define ExAcquireRundownProtection
Definition: ex.h:133
if(dx==0 &&dy==0)
Definition: linetemp.h:174
static BOOL Attached
Definition: vidbios.c:3905
#define FALSE
Definition: types.h:117
VOID NTAPI KeStackAttachProcess(IN PKPROCESS Process, OUT PRKAPC_STATE ApcState)
Definition: procobj.c:701
KAPC_STATE ApcState
Definition: ketypes.h:1710
unsigned char BOOLEAN
static BOOLEAN
Definition: security.c:109
#define ASSERT(a)
Definition: mode.c:44
_In_opt_ PFILE_OBJECT _In_opt_ PETHREAD Thread
Definition: fltkernel.h:2653
#define PS_SECURITY_DEBUG
Definition: ps.h:19
ULONG ActiveImpersonationInfo
Definition: pstypes.h:1181
ULONG IsImpersonating
Definition: winternl.h:433
Definition: compat.h:694
VOID NTAPI KeUnstackDetachProcess(IN PRKAPC_STATE ApcState)
Definition: procobj.c:753
_Out_ PKAPC_STATE ApcState
Definition: mm.h:1629
PVOID Teb
Definition: ketypes.h:1739
_Must_inspect_result_ _In_ PLARGE_INTEGER _In_ PLARGE_INTEGER _In_ ULONG _In_ PFILE_OBJECT _In_ PVOID Process
Definition: fsrtlfuncs.h:219
#define PSTRACE(x, fmt,...)
Definition: ps.h:57
#define STATUS_SUCCESS
Definition: shellext.h:65
#define PAGED_CODE()

Referenced by PsImpersonateClient(), and PsRevertThreadToSelf().

◆ PsReferenceEffectiveToken()

PACCESS_TOKEN NTAPI PsReferenceEffectiveToken ( IN PETHREAD  Thread,
OUT IN PTOKEN_TYPE  TokenType,
OUT PBOOLEAN  EffectiveOnly,
OUT PSECURITY_IMPERSONATION_LEVEL  ImpersonationLevel 
)

Definition at line 780 of file security.c.

784 {
787 
788  PAGED_CODE();
789 
791  "Thread: %p, TokenType: %p\n", Thread, TokenType);
792 
793  /* Check if we don't have impersonation info */
794  Process = Thread->ThreadsProcess;
796  {
797  /* Lock the Process */
799 
800  /* Make sure impersonation is still active */
802  {
803  /* Get the token */
806 
807  /* Return data to caller */
811 
812  /* Unlock the Process */
814  return Token;
815  }
816 
817  /* Unlock the Process */
819  }
820 
821  /* Fast Reference the Token */
823 
824  /* Check if we got the Token or if we got locked */
825  if (!Token)
826  {
827  /* Lock the Process */
829 
830  /* Do a Locked Fast Reference */
832 
833  /* Unlock the Process */
835  }
836 
837  /* Return the token */
839  *EffectiveOnly = FALSE;
840  // NOTE: ImpersonationLevel is left untouched on purpose!
841  return Token;
842 }
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
Definition: pstypes.h:1072
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
PVOID FASTCALL ObFastReferenceObject(IN PEX_FAST_REF FastRef)
Definition: obref.c:132
#define FALSE
Definition: types.h:117
PPS_IMPERSONATION_INFORMATION ImpersonationInfo
Definition: pstypes.h:1143
FORCEINLINE VOID PspUnlockProcessSecurityShared(IN PEPROCESS Process)
Definition: ps_x.h:122
_Out_ PBOOLEAN _Out_ PBOOLEAN _Out_ PSECURITY_IMPERSONATION_LEVEL ImpersonationLevel
Definition: psfuncs.h:154
_In_opt_ PFILE_OBJECT _In_opt_ PETHREAD Thread
Definition: fltkernel.h:2653
#define PS_SECURITY_DEBUG
Definition: ps.h:19
ULONG ActiveImpersonationInfo
Definition: pstypes.h:1181
#define NULL
Definition: types.h:112
FORCEINLINE VOID PspLockProcessSecurityShared(IN PEPROCESS Process)
Definition: ps_x.h:111
_Must_inspect_result_ _In_ PLARGE_INTEGER _In_ PLARGE_INTEGER _In_ ULONG _In_ PFILE_OBJECT _In_ PVOID Process
Definition: fsrtlfuncs.h:219
#define ObReferenceObject
Definition: obfuncs.h:204
PVOID FASTCALL ObFastReferenceObjectLocked(IN PEX_FAST_REF FastRef)
Definition: obref.c:119
#define PSTRACE(x, fmt,...)
Definition: ps.h:57
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN EffectiveOnly
Definition: sefuncs.h:417
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN _In_ TOKEN_TYPE TokenType
Definition: sefuncs.h:417
#define PAGED_CODE()

Referenced by SeCreateClientSecurity().

◆ PsReferenceImpersonationToken()

PACCESS_TOKEN NTAPI PsReferenceImpersonationToken ( IN PETHREAD  Thread,
OUT PBOOLEAN  CopyOnOpen,
OUT PBOOLEAN  EffectiveOnly,
OUT PSECURITY_IMPERSONATION_LEVEL  ImpersonationLevel 
)

Definition at line 849 of file security.c.

853 {
854  PTOKEN Token = NULL;
855  PAGED_CODE();
856  PSTRACE(PS_SECURITY_DEBUG, "Thread: %p\n", Thread);
857 
858  /* If we don't have impersonation info, just quit */
859  if (!Thread->ActiveImpersonationInfo) return NULL;
860 
861  /* Lock the thread */
863 
864  /* Make sure we still have active impersonation */
866  {
867  /* Return data from caller */
872 
873  /* Set the token */
875  }
876 
877  /* Unlock thread and return impersonation token */
879  return Token;
880 }
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
Definition: pstypes.h:1072
FORCEINLINE VOID PspLockThreadSecurityShared(IN PETHREAD Thread)
Definition: ps_x.h:155
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
_Out_ PBOOLEAN CopyOnOpen
Definition: psfuncs.h:154
PPS_IMPERSONATION_INFORMATION ImpersonationInfo
Definition: pstypes.h:1143
_Out_ PBOOLEAN _Out_ PBOOLEAN _Out_ PSECURITY_IMPERSONATION_LEVEL ImpersonationLevel
Definition: psfuncs.h:154
_In_opt_ PFILE_OBJECT _In_opt_ PETHREAD Thread
Definition: fltkernel.h:2653
#define PS_SECURITY_DEBUG
Definition: ps.h:19
ULONG ActiveImpersonationInfo
Definition: pstypes.h:1181
FORCEINLINE VOID PspUnlockThreadSecurityShared(IN PETHREAD Thread)
Definition: ps_x.h:166
#define NULL
Definition: types.h:112
#define ObReferenceObject
Definition: obfuncs.h:204
#define PSTRACE(x, fmt,...)
Definition: ps.h:57
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN EffectiveOnly
Definition: sefuncs.h:417
#define PAGED_CODE()

Referenced by GetProcessLuid(), NtCloseObjectAuditAlarm(), NtOpenThreadTokenEx(), ObpReferenceDeviceMap(), and SeCaptureSubjectContextEx().

◆ PsReferencePrimaryToken()

PACCESS_TOKEN NTAPI PsReferencePrimaryToken ( PEPROCESS  Process)

Definition at line 440 of file security.c.

441 {
443  PAGED_CODE();
444  PSTRACE(PS_SECURITY_DEBUG, "Process: %p\n", Process);
445 
446  /* Fast Reference the Token */
448 
449  /* Check if we got the Token or if we got locked */
450  if (!Token)
451  {
452  /* Lock the Process */
454 
455  /* Do a Locked Fast Reference */
457 
458  /* Unlock the Process */
460  }
461 
462  /* Return the Token */
463  return Token;
464 }
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
PVOID FASTCALL ObFastReferenceObject(IN PEX_FAST_REF FastRef)
Definition: obref.c:132
FORCEINLINE VOID PspUnlockProcessSecurityShared(IN PEPROCESS Process)
Definition: ps_x.h:122
#define PS_SECURITY_DEBUG
Definition: ps.h:19
FORCEINLINE VOID PspLockProcessSecurityShared(IN PEPROCESS Process)
Definition: ps_x.h:111
_Must_inspect_result_ _In_ PLARGE_INTEGER _In_ PLARGE_INTEGER _In_ ULONG _In_ PFILE_OBJECT _In_ PVOID Process
Definition: fsrtlfuncs.h:219
PVOID FASTCALL ObFastReferenceObjectLocked(IN PEX_FAST_REF FastRef)
Definition: obref.c:119
#define PSTRACE(x, fmt,...)
Definition: ps.h:57
#define PAGED_CODE()

Referenced by GetProcessLuid(), KsecGetKeyData(), NtCloseObjectAuditAlarm(), NtOpenThreadTokenEx(), NtSecureConnectPort(), ObpSetCurrentProcessDeviceMap(), PsImpersonateClient(), PsOpenTokenOfProcess(), PspCreateProcess(), PspCreateThread(), PspExitThread(), PspInitializeProcessSecurity(), PspSetPrimaryToken(), SeCaptureSubjectContextEx(), SeExchangePrimaryToken(), SeIsTokenChild(), SeIsTokenSibling(), and SepImpersonateAnonymousToken().

◆ PsRestoreImpersonation()

VOID NTAPI PsRestoreImpersonation ( IN PETHREAD  Thread,
IN PSE_IMPERSONATION_STATE  ImpersonationState 
)

Definition at line 965 of file security.c.

967 {
968  PTOKEN Token = NULL;
969  PPS_IMPERSONATION_INFORMATION Impersonation;
970  PAGED_CODE();
972  "Thread: %p State: %p\n", Thread, ImpersonationState);
973 
974  /* Lock thread security */
976 
977  /* Get the impersonation info */
978  Impersonation = Thread->ImpersonationInfo;
979 
980  /* Check if we're impersonating */
982  {
983  /* Get the token */
984  Token = Impersonation->Token;
985  }
986 
987  /* Check if we have an impersonation state */
988  if (ImpersonationState)
989  {
990  /* Fill out the impersonation info */
991  Impersonation->ImpersonationLevel = ImpersonationState->Level;
992  Impersonation->CopyOnOpen = ImpersonationState->CopyOnOpen;
994  Impersonation->Token = ImpersonationState->Token;
995 
996  /* Enable impersonation */
998  }
999  else
1000  {
1001  /* Disable impersonation */
1003  }
1004 
1005  /* Unlock the thread */
1007 
1008  /* Dereference the token */
1010 }
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
Definition: pstypes.h:1072
FORCEINLINE VOID PspUnlockThreadSecurityExclusive(IN PETHREAD Thread)
Definition: ps_x.h:188
_Inout_ PSE_IMPERSONATION_STATE ImpersonationState
Definition: psfuncs.h:189
#define PspClearCrossThreadFlag(Thread, Flag)
Definition: ps_x.h:27
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
PPS_IMPERSONATION_INFORMATION ImpersonationInfo
Definition: pstypes.h:1143
#define ObDereferenceObject
Definition: obfuncs.h:203
_In_opt_ PFILE_OBJECT _In_opt_ PETHREAD Thread
Definition: fltkernel.h:2653
#define PS_SECURITY_DEBUG
Definition: ps.h:19
ULONG ActiveImpersonationInfo
Definition: pstypes.h:1181
#define PspSetCrossThreadFlag(Thread, Flag)
Definition: ps_x.h:25
#define NULL
Definition: types.h:112
#define CT_ACTIVE_IMPERSONATION_INFO_BIT
Definition: pstypes.h:241
#define PSTRACE(x, fmt,...)
Definition: ps.h:57
FORCEINLINE VOID PspLockThreadSecurityExclusive(IN PETHREAD Thread)
Definition: ps_x.h:177
PACCESS_TOKEN Token
Definition: setypes.h:116
SECURITY_IMPERSONATION_LEVEL Level
Definition: setypes.h:119
#define PAGED_CODE()

Referenced by NtOpenThreadTokenEx().

◆ PsRevertThreadToSelf()

VOID NTAPI PsRevertThreadToSelf ( IN PETHREAD  Thread)

Definition at line 568 of file security.c.

569 {
570  PTOKEN Token = NULL;
571  PAGED_CODE();
572  PSTRACE(PS_SECURITY_DEBUG, "Thread: %p\n", Thread);
573 
574  /* Make sure we had impersonation information */
576  {
577  /* Lock the thread security */
579 
580  /* Make sure it's still active */
582  {
583  /* Disable impersonation */
585 
586  /* Get the token */
588  }
589 
590  /* Release thread security */
592 
593  /* Check if we had a token */
594  if (Token)
595  {
596  /* Dereference the impersonation token */
598 
599  /* Write impersonation info to the TEB */
601  }
602  }
603 }
FORCEINLINE VOID PspUnlockThreadSecurityExclusive(IN PETHREAD Thread)
Definition: ps_x.h:188
#define PsGetCurrentThread()
Definition: env_spec_w32.h:81
#define PspClearCrossThreadFlag(Thread, Flag)
Definition: ps_x.h:27
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
PPS_IMPERSONATION_INFORMATION ImpersonationInfo
Definition: pstypes.h:1143
#define ObDereferenceObject
Definition: obfuncs.h:203
_In_opt_ PFILE_OBJECT _In_opt_ PETHREAD Thread
Definition: fltkernel.h:2653
#define PS_SECURITY_DEBUG
Definition: ps.h:19
ULONG ActiveImpersonationInfo
Definition: pstypes.h:1181
#define NULL
Definition: types.h:112
#define CT_ACTIVE_IMPERSONATION_INFO_BIT
Definition: pstypes.h:241
#define PSTRACE(x, fmt,...)
Definition: ps.h:57
FORCEINLINE VOID PspLockThreadSecurityExclusive(IN PETHREAD Thread)
Definition: ps_x.h:177
NTSTATUS NTAPI PspWriteTebImpersonationInfo(IN PETHREAD Thread, IN PETHREAD CurrentThread)
Definition: security.c:114
#define PAGED_CODE()

Referenced by PsAssignImpersonationToken(), and PsRevertToSelf().

◆ PsRevertToSelf()

VOID NTAPI PsRevertToSelf ( VOID  )

Definition at line 556 of file security.c.

557 {
558  /* Call the per-thread API */
559  PAGED_CODE();
561 }
#define PsGetCurrentThread()
Definition: env_spec_w32.h:81
VOID NTAPI PsRevertThreadToSelf(IN PETHREAD Thread)
Definition: security.c:568
#define PAGED_CODE()

Referenced by CmpCmdHiveOpen(), and VfdIoCtlThread().

◆ SeAssignPrimaryToken()

VOID NTAPI SeAssignPrimaryToken ( IN PEPROCESS  Process,
IN PTOKEN  Token 
)

Definition at line 1213 of file token.c.

1215 {
1216  PAGED_CODE();
1217 
1218  /* Sanity checks */
1219  ASSERT(Token->TokenType == TokenPrimary);
1220  ASSERT(!Token->TokenInUse);
1221 
1222  /* Clean any previous token */
1223  if (Process->Token.Object) SeDeassignPrimaryToken(Process);
1224 
1225  /* Set the new token */
1227  Token->TokenInUse = TRUE;
1229 }
#define TRUE
Definition: types.h:120
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
#define ASSERT(a)
Definition: mode.c:44
VOID FASTCALL ObInitializeFastReference(IN PEX_FAST_REF FastRef, IN PVOID Object)
Definition: obref.c:107
VOID NTAPI SeDeassignPrimaryToken(PEPROCESS Process)
Definition: token.c:657
_Must_inspect_result_ _In_ PLARGE_INTEGER _In_ PLARGE_INTEGER _In_ ULONG _In_ PFILE_OBJECT _In_ PVOID Process
Definition: fsrtlfuncs.h:219
#define ObReferenceObject
Definition: obfuncs.h:204
#define PAGED_CODE()

Referenced by PspInitializeProcessSecurity().

Variable Documentation

◆ PspBootAccessToken

PTOKEN PspBootAccessToken

Definition at line 17 of file security.c.

Referenced by PspInitializeProcessSecurity(), and PspInitPhase0().