ReactOS 0.4.15-dev-5667-ged97270
security.c File Reference
#include <ntoskrnl.h>
#include <debug.h>
Include dependency graph for security.c:

Go to the source code of this file.

Macros

#define NDEBUG
 

Functions

VOID NTAPI SeAssignPrimaryToken (IN PEPROCESS Process, IN PTOKEN Token)
 
VOID NTAPI PspDeleteProcessSecurity (IN PEPROCESS Process)
 
VOID NTAPI PspDeleteThreadSecurity (IN PETHREAD Thread)
 
NTSTATUS NTAPI PspInitializeProcessSecurity (IN PEPROCESS Process, IN PEPROCESS Parent OPTIONAL)
 
NTSTATUS NTAPI PspWriteTebImpersonationInfo (IN PETHREAD Thread, IN PETHREAD CurrentThread)
 
NTSTATUS NTAPI PspAssignPrimaryToken (IN PEPROCESS Process, IN HANDLE Token, IN PACCESS_TOKEN AccessToken OPTIONAL)
 
NTSTATUS NTAPI PspSetPrimaryToken (IN PEPROCESS Process, IN HANDLE TokenHandle OPTIONAL, IN PACCESS_TOKEN Token OPTIONAL)
 
NTSTATUS NTAPI NtOpenProcessToken (IN HANDLE ProcessHandle, IN ACCESS_MASK DesiredAccess, OUT PHANDLE TokenHandle)
 
NTSTATUS NTAPI NtOpenProcessTokenEx (IN HANDLE ProcessHandle, IN ACCESS_MASK DesiredAccess, IN ULONG HandleAttributes, OUT PHANDLE TokenHandle)
 
PACCESS_TOKEN NTAPI PsReferencePrimaryToken (PEPROCESS Process)
 
NTSTATUS NTAPI PsOpenTokenOfProcess (IN HANDLE ProcessHandle, OUT PACCESS_TOKEN *Token)
 
NTSTATUS NTAPI PsAssignImpersonationToken (IN PETHREAD Thread, IN HANDLE TokenHandle)
 
VOID NTAPI PsRevertToSelf (VOID)
 
VOID NTAPI PsRevertThreadToSelf (IN PETHREAD Thread)
 
NTSTATUS NTAPI PsImpersonateClient (IN PETHREAD Thread, IN PACCESS_TOKEN Token, IN BOOLEAN CopyOnOpen, IN BOOLEAN EffectiveOnly, IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel)
 
PACCESS_TOKEN NTAPI PsReferenceEffectiveToken (IN PETHREAD Thread, OUT IN PTOKEN_TYPE TokenType, OUT PBOOLEAN EffectiveOnly, OUT PSECURITY_IMPERSONATION_LEVEL ImpersonationLevel)
 
PACCESS_TOKEN NTAPI PsReferenceImpersonationToken (IN PETHREAD Thread, OUT PBOOLEAN CopyOnOpen, OUT PBOOLEAN EffectiveOnly, OUT PSECURITY_IMPERSONATION_LEVEL ImpersonationLevel)
 
VOID NTAPI PsDereferenceImpersonationToken (IN PACCESS_TOKEN ImpersonationToken)
 
VOID NTAPI PsDereferencePrimaryToken (IN PACCESS_TOKEN PrimaryToken)
 
BOOLEAN NTAPI PsDisableImpersonation (IN PETHREAD Thread, OUT PSE_IMPERSONATION_STATE ImpersonationState)
 
VOID NTAPI PsRestoreImpersonation (IN PETHREAD Thread, IN PSE_IMPERSONATION_STATE ImpersonationState)
 
NTSTATUS NTAPI NtImpersonateThread (IN HANDLE ThreadHandle, IN HANDLE ThreadToImpersonateHandle, IN PSECURITY_QUALITY_OF_SERVICE SecurityQualityOfService)
 

Variables

PTOKEN PspBootAccessToken
 

Macro Definition Documentation

◆ NDEBUG

#define NDEBUG

Definition at line 14 of file security.c.

Function Documentation

◆ NtImpersonateThread()

NTSTATUS NTAPI NtImpersonateThread ( IN HANDLE  ThreadHandle,
IN HANDLE  ThreadToImpersonateHandle,
IN PSECURITY_QUALITY_OF_SERVICE  SecurityQualityOfService 
)

Definition at line 1014 of file security.c.

1017{
1018 SECURITY_QUALITY_OF_SERVICE SafeServiceQoS;
1021 PETHREAD ThreadToImpersonate;
1024 PAGED_CODE();
1026 "Threads: %p %p\n", ThreadHandle, ThreadToImpersonateHandle);
1027
1028 /* Check if call came from user mode */
1029 if (PreviousMode != KernelMode)
1030 {
1031 /* Enter SEH for probing */
1032 _SEH2_TRY
1033 {
1034 /* Probe QoS */
1035 ProbeForRead(SecurityQualityOfService,
1037 sizeof(ULONG));
1038
1039 /* Capture it */
1040 SafeServiceQoS = *SecurityQualityOfService;
1041 SecurityQualityOfService = &SafeServiceQoS;
1042 }
1044 {
1045 /* Return the exception code */
1047 }
1048 _SEH2_END;
1049 }
1050
1051 /* Reference the thread */
1052 Status = ObReferenceObjectByHandle(ThreadHandle,
1056 (PVOID*)&Thread,
1057 NULL);
1058 if (NT_SUCCESS(Status))
1059 {
1060 /* Reference the impersonating thead */
1061 Status = ObReferenceObjectByHandle(ThreadToImpersonateHandle,
1065 (PVOID*)&ThreadToImpersonate,
1066 NULL);
1067 if (NT_SUCCESS(Status))
1068 {
1069 /* Create a client security context */
1070 Status = SeCreateClientSecurity(ThreadToImpersonate,
1071 SecurityQualityOfService,
1072 0,
1073 &ClientContext);
1074 if (NT_SUCCESS(Status))
1075 {
1076 /* Do the impersonation */
1078 if (ClientContext.ClientToken)
1079 {
1080 /* Dereference the client token if we had one */
1082 }
1083 }
1084
1085 /* Dereference the thread to impersonate */
1086 ObDereferenceObject(ThreadToImpersonate);
1087 }
1088
1089 /* Dereference the main thread */
1091 }
1092
1093 /* Return status */
1094 return Status;
1095}
#define PAGED_CODE()
LONG NTSTATUS
Definition: precomp.h:26
#define NULL
Definition: types.h:112
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
#define ExGetPreviousMode
Definition: ex.h:139
VOID NTAPI ProbeForRead(IN CONST VOID *Address, IN SIZE_T Length, IN ULONG Alignment)
Definition: exintrin.c:102
#define _SEH2_END
Definition: filesup.c:22
#define _SEH2_TRY
Definition: filesup.c:19
_In_opt_ PFILE_OBJECT _In_opt_ PETHREAD Thread
Definition: fltkernel.h:2653
Status
Definition: gdiplustypes.h:25
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:85
#define THREAD_IMPERSONATE
Definition: pstypes.h:151
#define THREAD_DIRECT_IMPERSONATION
Definition: pstypes.h:152
NTKERNELAPI VOID NTAPI SeImpersonateClient(IN PSECURITY_CLIENT_CONTEXT ClientContext, IN PETHREAD ServerThread OPTIONAL)
NTKERNELAPI NTSTATUS NTAPI SeCreateClientSecurity(IN PETHREAD Thread, IN PSECURITY_QUALITY_OF_SERVICE QualityOfService, IN BOOLEAN RemoteClient, OUT PSECURITY_CLIENT_CONTEXT ClientContext)
#define KernelMode
Definition: asm.h:34
_In_ PVOID ClientContext
Definition: netioddk.h:55
POBJECT_TYPE PsThreadType
Definition: thread.c:20
NTSTATUS NTAPI ObReferenceObjectByHandle(IN HANDLE Handle, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, OUT PVOID *Object, OUT POBJECT_HANDLE_INFORMATION HandleInformation OPTIONAL)
Definition: obref.c:494
#define PSTRACE(x, fmt,...)
Definition: ps.h:57
#define PS_SECURITY_DEBUG
Definition: ps.h:19
#define _SEH2_GetExceptionCode()
Definition: pseh2_64.h:159
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:34
#define _SEH2_YIELD(__stmt)
Definition: pseh2_64.h:162
uint32_t ULONG
Definition: typedefs.h:59
CCHAR KPROCESSOR_MODE
Definition: ketypes.h:7
#define ObDereferenceObject
Definition: obfuncs.h:203
_In_ KPROCESSOR_MODE PreviousMode
Definition: sefuncs.h:103

Referenced by CsrImpersonateClient().

◆ NtOpenProcessToken()

NTSTATUS NTAPI NtOpenProcessToken ( IN HANDLE  ProcessHandle,
IN ACCESS_MASK  DesiredAccess,
OUT PHANDLE  TokenHandle 
)

Definition at line 350 of file security.c.

353{
354 /* Call the newer API */
357 0,
359}
_In_ HANDLE ProcessHandle
Definition: mmfuncs.h:403
_In_ ACCESS_MASK _In_ ULONG _Out_ PHANDLE TokenHandle
Definition: psfuncs.h:718
NTSTATUS NTAPI NtOpenProcessTokenEx(IN HANDLE ProcessHandle, IN ACCESS_MASK DesiredAccess, IN ULONG HandleAttributes, OUT PHANDLE TokenHandle)
Definition: security.c:366
_Must_inspect_result_ _In_ WDFDEVICE _In_ ULONG _In_ ACCESS_MASK DesiredAccess
Definition: wdfdevice.h:2658

Referenced by CheckTokenMembership(), CsrGetProcessLuid(), CsrSetProcessSecurity(), GetCallerLuid(), LsapIsTrustedClient(), OpenProcessToken(), RtlCreateUserSecurityObject(), RtlDefaultNpAcl(), SmpAcquirePrivilege(), START_TEST(), and test8().

◆ NtOpenProcessTokenEx()

NTSTATUS NTAPI NtOpenProcessTokenEx ( IN HANDLE  ProcessHandle,
IN ACCESS_MASK  DesiredAccess,
IN ULONG  HandleAttributes,
OUT PHANDLE  TokenHandle 
)

Definition at line 366 of file security.c.

370{
372 HANDLE hToken;
375 PAGED_CODE();
377 "Process: %p DesiredAccess: %lx\n", ProcessHandle, DesiredAccess);
378
379 /* Check if caller was user-mode */
381 {
382 /* Enter SEH for probing */
384 {
385 /* Probe the token handle */
387 }
389 {
390 /* Return the exception code */
392 }
393 _SEH2_END;
394 }
395
396 /* Validate object attributes */
398
399 /* Open the process token */
401 if (NT_SUCCESS(Status))
402 {
403 /* Reference it by handle and dereference the pointer */
406 NULL,
410 &hToken);
412
413 /* Make sure we got a handle */
414 if (NT_SUCCESS(Status))
415 {
416 /* Enter SEH for write */
418 {
419 /* Return the handle */
420 *TokenHandle = hToken;
421 }
423 {
424 /* Get exception code */
426 }
427 _SEH2_END;
428 }
429 }
430
431 /* Return status */
432 return Status;
433}
_In_ HANDLE _In_opt_ HANDLE _Out_opt_ PHANDLE _In_ ACCESS_MASK _In_ ULONG HandleAttributes
Definition: obfuncs.h:433
NTSTATUS NTAPI PsOpenTokenOfProcess(IN HANDLE ProcessHandle, OUT PACCESS_TOKEN *Token)
Definition: security.c:471
POBJECT_TYPE SeTokenObjectType
Definition: token.c:17
FORCEINLINE ULONG ObpValidateAttributes(IN ULONG Attributes, IN KPROCESSOR_MODE PreviousMode)
Definition: ob_x.h:22
NTSTATUS NTAPI ObOpenObjectByPointer(IN PVOID Object, IN ULONG HandleAttributes, IN PACCESS_STATE PassedAccessState, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, OUT PHANDLE Handle)
Definition: obhandle.c:2742
#define ProbeForWriteHandle(Ptr)
Definition: probe.h:43

Referenced by NtOpenProcessToken(), and START_TEST().

◆ PsAssignImpersonationToken()

NTSTATUS NTAPI PsAssignImpersonationToken ( IN PETHREAD  Thread,
IN HANDLE  TokenHandle 
)

Definition at line 502 of file security.c.

504{
508 PAGED_CODE();
509 PSTRACE(PS_SECURITY_DEBUG, "Thread: %p Token: %p\n", Thread, TokenHandle);
510
511 /* Check if we were given a handle */
512 if (!TokenHandle)
513 {
514 /* Undo impersonation */
516 return STATUS_SUCCESS;
517 }
518
519 /* Get the token object */
524 (PVOID*)&Token,
525 NULL);
526 if (!NT_SUCCESS(Status)) return(Status);
527
528 /* Make sure it's an impersonation token */
530 {
531 /* Fail */
534 }
535
536 /* Get the impersonation level */
538
539 /* Call the impersonation API */
541 Token,
542 FALSE,
543 FALSE,
545
546 /* Dereference the token and return status */
548 return Status;
549}
#define FALSE
Definition: types.h:117
enum _SECURITY_IMPERSONATION_LEVEL SECURITY_IMPERSONATION_LEVEL
@ TokenImpersonation
Definition: imports.h:274
NTKERNELAPI TOKEN_TYPE NTAPI SeTokenType(IN PACCESS_TOKEN Token)
#define KeGetPreviousMode()
Definition: ketypes.h:1108
VOID NTAPI PsRevertThreadToSelf(IN PETHREAD Thread)
Definition: security.c:568
NTSTATUS NTAPI PsImpersonateClient(IN PETHREAD Thread, IN PACCESS_TOKEN Token, IN BOOLEAN CopyOnOpen, IN BOOLEAN EffectiveOnly, IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel)
Definition: security.c:610
SECURITY_IMPERSONATION_LEVEL NTAPI SeTokenImpersonationLevel(_In_ PACCESS_TOKEN Token)
Gathers the security impersonation level of an access token.
Definition: token.c:1846
#define STATUS_BAD_TOKEN_TYPE
Definition: ntstatus.h:404
#define STATUS_SUCCESS
Definition: shellext.h:65
_Out_ PBOOLEAN _Out_ PBOOLEAN _Out_ PSECURITY_IMPERSONATION_LEVEL ImpersonationLevel
Definition: psfuncs.h:156
#define TOKEN_IMPERSONATE
Definition: setypes.h:923

Referenced by NtSetInformationThread().

◆ PsDereferenceImpersonationToken()

VOID NTAPI PsDereferenceImpersonationToken ( IN PACCESS_TOKEN  ImpersonationToken)

Definition at line 888 of file security.c.

889{
890 PAGED_CODE();
891
892 /* If we got a token, dereference it */
893 if (ImpersonationToken) ObDereferenceObject(ImpersonationToken);
894}

◆ PsDereferencePrimaryToken()

VOID NTAPI PsDereferencePrimaryToken ( IN PACCESS_TOKEN  PrimaryToken)

Definition at line 902 of file security.c.

903{
904 PAGED_CODE();
905
906 /* Dereference the token*/
907 ObDereferenceObject(PrimaryToken);
908}

◆ PsDisableImpersonation()

BOOLEAN NTAPI PsDisableImpersonation ( IN PETHREAD  Thread,
OUT PSE_IMPERSONATION_STATE  ImpersonationState 
)

Definition at line 915 of file security.c.

917{
918 PPS_IMPERSONATION_INFORMATION Impersonation = NULL;
920 PAGED_CODE();
922 "Thread: %p State: %p\n", Thread, ImpersonationState);
923
924 /* Check if we don't have impersonation */
926 {
927 /* Lock thread security */
929
930 /* Disable impersonation */
933
934 /* Make sure nobody disabled it behind our back */
936 {
937 /* Copy the old state */
938 Impersonation = Thread->ImpersonationInfo;
939 ImpersonationState->Token = Impersonation->Token;
940 ImpersonationState->CopyOnOpen = Impersonation->CopyOnOpen;
943 }
944
945 /* Unlock thread security */
947
948 /* If we had impersonation info, return true */
949 if (Impersonation) return TRUE;
950 }
951
952 /* Clear everything */
957 return FALSE;
958}
#define TRUE
Definition: types.h:120
SHORT OldFlags
Definition: fxioqueue.cpp:1325
#define CT_ACTIVE_IMPERSONATION_INFO_BIT
Definition: pstypes.h:241
@ SecurityAnonymous
Definition: lsa.idl:55
long LONG
Definition: pedump.c:60
FORCEINLINE VOID PspLockThreadSecurityExclusive(IN PETHREAD Thread)
Definition: ps_x.h:177
FORCEINLINE VOID PspUnlockThreadSecurityExclusive(IN PETHREAD Thread)
Definition: ps_x.h:188
#define PspClearCrossThreadFlag(Thread, Flag)
Definition: ps_x.h:27
PPS_IMPERSONATION_INFORMATION ImpersonationInfo
Definition: pstypes.h:1143
ULONG ActiveImpersonationInfo
Definition: pstypes.h:1181
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
Definition: pstypes.h:1072
PACCESS_TOKEN Token
Definition: setypes.h:116
SECURITY_IMPERSONATION_LEVEL Level
Definition: setypes.h:119
_Inout_ PSE_IMPERSONATION_STATE ImpersonationState
Definition: psfuncs.h:189

Referenced by NtOpenThreadTokenEx().

◆ PsImpersonateClient()

NTSTATUS NTAPI PsImpersonateClient ( IN PETHREAD  Thread,
IN PACCESS_TOKEN  Token,
IN BOOLEAN  CopyOnOpen,
IN BOOLEAN  EffectiveOnly,
IN SECURITY_IMPERSONATION_LEVEL  ImpersonationLevel 
)

Definition at line 610 of file security.c.

615{
616 PPS_IMPERSONATION_INFORMATION Impersonation, OldData;
617 PTOKEN OldToken = NULL, ProcessToken = NULL;
618 PACCESS_TOKEN NewToken, ImpersonationToken;
619 PEJOB Job;
621
622 PAGED_CODE();
623 PSTRACE(PS_SECURITY_DEBUG, "Thread: %p, Token: %p\n", Thread, Token);
624
625 /* Check if we don't have a token */
626 if (!Token)
627 {
628 /* Make sure we're impersonating */
630 {
631 /* We seem to be, lock the thread */
633
634 /* Make sure we're still impersonating */
636 {
637 /* Disable impersonation */
640
641 /* Get the token */
642 OldToken = Thread->ImpersonationInfo->Token;
643 }
644
645 /* Unlock the process and write TEB information */
648 }
649 }
650 else
651 {
652 /* Check if we have impersonation info */
653 Impersonation = Thread->ImpersonationInfo;
654 if (!Impersonation)
655 {
656 /* We need to allocate a new one */
657 Impersonation = ExAllocatePoolWithTag(PagedPool,
658 sizeof(*Impersonation),
660 if (!Impersonation) return STATUS_INSUFFICIENT_RESOURCES;
661
662 /* Update the pointer */
664 ImpersonationInfo,
665 Impersonation,
666 NULL);
667 if (OldData)
668 {
669 /* Someone beat us to it, free our copy */
671 Impersonation = OldData;
672 }
673 }
674
675 /*
676 * Assign the token we get from the caller first. The reason
677 * we have to do that is because we're unsure if we can impersonate
678 * in the first place. In the scenario where we cannot then the
679 * last resort is to make a copy of the token and assign that newly
680 * token to the impersonation information.
681 */
682 ImpersonationToken = Token;
683
684 /* Obtain a token from the process */
685 ProcessToken = PsReferencePrimaryToken(Thread->ThreadsProcess);
686 if (!ProcessToken)
687 {
688 /* We can't continue this way without having the process' token... */
689 return STATUS_UNSUCCESSFUL;
690 }
691
692 /* Make sure we can impersonate */
693 if (!SeTokenCanImpersonate(ProcessToken,
694 Token,
696 {
697 /* We can't, make a copy of the token instead */
701 &NewToken);
702 if (!NT_SUCCESS(Status))
703 {
704 /* We can't even make a copy of the token? Then bail out... */
705 ObFastDereferenceObject(&Thread->ThreadsProcess->Token, ProcessToken);
706 return Status;
707 }
708
709 /* Since we cannot impersonate, assign the newly copied token */
710 ImpersonationToken = NewToken;
711 }
712
713 /* We no longer need the process' token */
714 ObFastDereferenceObject(&Thread->ThreadsProcess->Token, ProcessToken);
715
716 /* Check if this is a job */
717 Job = Thread->ThreadsProcess->Job;
718 if (Job != NULL)
719 {
720 /* No admin allowed in this job */
722 SeTokenIsAdmin(ImpersonationToken))
723 {
725 }
726
727 /* No restricted tokens allowed in this job */
729 SeTokenIsRestricted(ImpersonationToken))
730 {
732 }
733
734 /* We don't support job filters yet */
735 if (Job->Filter != NULL)
736 {
737 ASSERT(Job->Filter == NULL);
738 }
739 }
740
741 /* Lock thread security */
743
744 /* Check if we're impersonating */
746 {
747 /* Get the token */
748 OldToken = Impersonation->Token;
749 }
750 else
751 {
752 /* Otherwise, enable impersonation */
754 }
755
756 /* Now fill it out */
757 Impersonation->ImpersonationLevel = ImpersonationLevel;
758 Impersonation->CopyOnOpen = CopyOnOpen;
759 Impersonation->EffectiveOnly = EffectiveOnly;
760 Impersonation->Token = ImpersonationToken;
761 ObReferenceObject(ImpersonationToken);
762
763 /* Unlock the thread */
765
766 /* Write impersonation info to the TEB */
768 }
769
770 /* Dereference the token and return success */
771 if (OldToken) PsDereferenceImpersonationToken(OldToken);
772 return STATUS_SUCCESS;
773}
#define ExAllocatePoolWithTag(hernya, size, tag)
Definition: env_spec_w32.h:350
#define PsGetCurrentThread()
Definition: env_spec_w32.h:81
#define PagedPool
Definition: env_spec_w32.h:308
#define JOB_OBJECT_SECURITY_RESTRICTED_TOKEN
Definition: pstypes.h:231
#define JOB_OBJECT_SECURITY_NO_ADMIN
Definition: pstypes.h:230
#define InterlockedCompareExchangePointer
Definition: interlocked.h:129
@ SecurityIdentification
Definition: lsa.idl:56
#define ASSERT(a)
Definition: mode.c:44
#define ExFreePoolWithTag(_P, _T)
Definition: module.h:1099
#define PsDereferenceImpersonationToken(T)
Definition: imports.h:298
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN EffectiveOnly
Definition: sefuncs.h:403
BOOLEAN NTAPI SeTokenCanImpersonate(_In_ PTOKEN ProcessToken, _In_ PTOKEN TokenToImpersonate, _In_ SECURITY_IMPERSONATION_LEVEL ImpersonationLevel)
Ensures that client impersonation can occur by checking if the token we're going to assign as the imp...
Definition: token.c:1969
NTSTATUS NTAPI SeCopyClientToken(_In_ PACCESS_TOKEN Token, _In_ SECURITY_IMPERSONATION_LEVEL Level, _In_ KPROCESSOR_MODE PreviousMode, _Out_ PACCESS_TOKEN *NewToken)
Copies an existing access token (technically duplicating a new one).
Definition: token.c:1296
NTSTATUS NTAPI PspWriteTebImpersonationInfo(IN PETHREAD Thread, IN PETHREAD CurrentThread)
Definition: security.c:114
PACCESS_TOKEN NTAPI PsReferencePrimaryToken(PEPROCESS Process)
Definition: security.c:440
BOOLEAN NTAPI SeTokenIsAdmin(_In_ PACCESS_TOKEN Token)
Determines if a token is either an admin token or not. Such condition is checked based upon TOKEN_HAS...
Definition: token.c:1890
BOOLEAN NTAPI SeTokenIsRestricted(_In_ PACCESS_TOKEN Token)
Determines if a token is restricted or not, based upon the token flags.
Definition: token.c:1913
VOID FASTCALL ObFastDereferenceObject(IN PEX_FAST_REF FastRef, IN PVOID Object)
Definition: obref.c:167
#define PspSetCrossThreadFlag(Thread, Flag)
Definition: ps_x.h:25
ULONG SecurityLimitFlags
Definition: pstypes.h:1500
PPS_JOB_TOKEN_FILTER Filter
Definition: pstypes.h:1502
#define TAG_PS_IMPERSONATION
Definition: tag.h:133
#define STATUS_ACCESS_DENIED
Definition: udferr_usr.h:145
#define STATUS_UNSUCCESSFUL
Definition: udferr_usr.h:132
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
#define ObReferenceObject
Definition: obfuncs.h:204
_Out_ PBOOLEAN CopyOnOpen
Definition: psfuncs.h:154

Referenced by NtOpenThreadTokenEx(), PsAssignImpersonationToken(), SeImpersonateClientEx(), and SepImpersonateAnonymousToken().

◆ PsOpenTokenOfProcess()

NTSTATUS NTAPI PsOpenTokenOfProcess ( IN HANDLE  ProcessHandle,
OUT PACCESS_TOKEN Token 
)

Definition at line 471 of file security.c.

473{
476 PAGED_CODE();
477 PSTRACE(PS_SECURITY_DEBUG, "Process: %p\n", ProcessHandle);
478
479 /* Get the Token */
484 (PVOID*)&Process,
485 NULL);
486 if (NT_SUCCESS(Status))
487 {
488 /* Reference the token and dereference the process */
491 }
492
493 /* Return */
494 return Status;
495}
_Must_inspect_result_ _In_ PLARGE_INTEGER _In_ PLARGE_INTEGER _In_ ULONG _In_ PFILE_OBJECT _In_ PVOID Process
Definition: fsrtlfuncs.h:223
#define PROCESS_QUERY_INFORMATION
Definition: pstypes.h:166
POBJECT_TYPE PsProcessType
Definition: process.c:20

Referenced by NtOpenProcessTokenEx().

◆ PspAssignPrimaryToken()

NTSTATUS NTAPI PspAssignPrimaryToken ( IN PEPROCESS  Process,
IN HANDLE  Token,
IN PACCESS_TOKEN AccessToken  OPTIONAL 
)

Definition at line 178 of file security.c.

181{
182 PACCESS_TOKEN NewToken = AccessToken, OldToken;
184 PAGED_CODE();
185 PSTRACE(PS_SECURITY_DEBUG, "Process: %p Token: %p\n", Process, Token);
186
187 /* Check if we don't have a pointer */
188 if (!AccessToken)
189 {
190 /* Reference it from the handle */
195 &NewToken,
196 NULL);
197 if (!NT_SUCCESS(Status)) return Status;
198 }
199
200 /* Exchange tokens */
201 Status = SeExchangePrimaryToken(Process, NewToken, &OldToken);
202
203 /* Acquire and release the lock */
206
207 /* Dereference Tokens and Return */
208 if (NT_SUCCESS(Status)) ObDereferenceObject(OldToken);
209 if (!AccessToken) ObDereferenceObject(NewToken);
210 return Status;
211}
NTSTATUS NTAPI SeExchangePrimaryToken(_In_ PEPROCESS Process, _In_ PACCESS_TOKEN NewAccessToken, _Out_ PACCESS_TOKEN *OldAccessToken)
Replaces the old access token of a process (pointed by the EPROCESS kernel structure) with a new acce...
Definition: token.c:846
FORCEINLINE VOID PspUnlockProcessSecurityExclusive(IN PEPROCESS Process)
Definition: ps_x.h:144
FORCEINLINE VOID PspLockProcessSecurityExclusive(IN PEPROCESS Process)
Definition: ps_x.h:133
#define TOKEN_ASSIGN_PRIMARY
Definition: setypes.h:921

Referenced by PspSetPrimaryToken().

◆ PspDeleteProcessSecurity()

VOID NTAPI PspDeleteProcessSecurity ( IN PEPROCESS  Process)

Definition at line 30 of file security.c.

31{
32 PAGED_CODE();
33 PSTRACE(PS_SECURITY_DEBUG, "Process: %p\n", Process);
34
35 /* Check if we have a token */
36 if (Process->Token.Object)
37 {
38 /* Deassign it */
40 Process->Token.Object = NULL;
41 }
42}
VOID NTAPI SeDeassignPrimaryToken(_Inout_ PEPROCESS Process)
Removes the primary token of a process.
Definition: token.c:936

Referenced by PspDeleteProcess().

◆ PspDeleteThreadSecurity()

VOID NTAPI PspDeleteThreadSecurity ( IN PETHREAD  Thread)

Definition at line 46 of file security.c.

47{
49 PAGED_CODE();
50 PSTRACE(PS_SECURITY_DEBUG, "Thread: %p\n", Thread);
51
52 /* Check if we have active impersonation info */
54 {
55 /* Dereference its token */
56 ObDereferenceObject(ImpersonationInfo->Token);
57 }
58
59 /* Check if we have impersonation info */
60 if (ImpersonationInfo)
61 {
62 /* Free it */
63 ExFreePool(ImpersonationInfo);
66 }
67}
#define ExFreePool(addr)
Definition: env_spec_w32.h:352

Referenced by PspDeleteThread().

◆ PspInitializeProcessSecurity()

NTSTATUS NTAPI PspInitializeProcessSecurity ( IN PEPROCESS  Process,
IN PEPROCESS Parent  OPTIONAL 
)

Definition at line 71 of file security.c.

73{
75 PTOKEN NewToken, ParentToken;
76 PAGED_CODE();
77 PSTRACE(PS_SECURITY_DEBUG, "Process: %p\n", Process);
78
79 /* If we have a parent, then duplicate the Token */
80 if (Parent)
81 {
82 /* Get the Parent Token */
83 ParentToken = PsReferencePrimaryToken(Parent);
84
85 /* Duplicate it */
86 Status = SeSubProcessToken(ParentToken,
87 &NewToken,
88 TRUE,
90
91 /* Dereference the Parent */
92 ObFastDereferenceObject(&Parent->Token, ParentToken);
93
94 /* Set the new Token */
95 if (NT_SUCCESS(Status))
96 {
97 /* Initailize the fast reference */
98 ObInitializeFastReference(&Process->Token, NewToken);
99 }
100 }
101 else
102 {
103 /* No parent, assign the Boot Token */
106 }
107
108 /* Return to caller */
109 return Status;
110}
ACPI_PHYSICAL_ADDRESS ACPI_SIZE BOOLEAN Warn UINT32 *TableIdx UINT32 ACPI_TABLE_HEADER *OutTableHeader ACPI_TABLE_HEADER **OutTable ACPI_HANDLE UINT32 ACPI_WALK_CALLBACK ACPI_WALK_CALLBACK void void **ReturnValue UINT32 ACPI_BUFFER *RetPathPtr ACPI_OBJECT_HANDLER void *Data ACPI_OBJECT_HANDLER void **Data ACPI_STRING ACPI_OBJECT_LIST ACPI_BUFFER *ReturnObjectBuffer ACPI_DEVICE_INFO **ReturnBuffer ACPI_HANDLE Parent
Definition: acpixf.h:732
ULONG NTAPI MmGetSessionId(IN PEPROCESS Process)
Definition: session.c:179
NTSTATUS NTAPI SeSubProcessToken(_In_ PTOKEN Parent, _Out_ PTOKEN *Token, _In_ BOOLEAN InUse, _In_ ULONG SessionId)
Subtracts a token in exchange of duplicating a new one.
Definition: token.c:1127
VOID NTAPI SeAssignPrimaryToken(IN PEPROCESS Process, IN PTOKEN Token)
PTOKEN PspBootAccessToken
Definition: security.c:17
VOID FASTCALL ObInitializeFastReference(IN PEX_FAST_REF FastRef, IN PVOID Object)
Definition: obref.c:107

Referenced by PspCreateProcess().

◆ PspSetPrimaryToken()

NTSTATUS NTAPI PspSetPrimaryToken ( IN PEPROCESS  Process,
IN HANDLE TokenHandle  OPTIONAL,
IN PACCESS_TOKEN Token  OPTIONAL 
)

Definition at line 215 of file security.c.

218{
220 BOOLEAN IsChildOrSibling;
221 PACCESS_TOKEN NewToken = Token;
223 BOOLEAN Result, SdAllocated;
226
227 PSTRACE(PS_SECURITY_DEBUG, "Process: %p Token: %p\n", Process, Token);
228
229 /* Reference the token by handle if we don't already have a token object */
230 if (!Token)
231 {
236 (PVOID*)&NewToken,
237 NULL);
238 if (!NT_SUCCESS(Status)) return Status;
239 }
240
241 /*
242 * Check whether this token is a child or sibling of the current process token.
243 * NOTE: On Windows Vista+ both of these checks (together with extra steps)
244 * are now performed by a new SeIsTokenAssignableToProcess() helper.
245 */
246 Status = SeIsTokenChild(NewToken, &IsChildOrSibling);
247 if (!NT_SUCCESS(Status))
248 {
249 /* Failed, dereference */
250 if (!Token) ObDereferenceObject(NewToken);
251 return Status;
252 }
253 if (!IsChildOrSibling)
254 {
255 Status = SeIsTokenSibling(NewToken, &IsChildOrSibling);
256 if (!NT_SUCCESS(Status))
257 {
258 /* Failed, dereference */
259 if (!Token) ObDereferenceObject(NewToken);
260 return Status;
261 }
262 }
263
264 /* Check if this was an independent token */
265 if (!IsChildOrSibling)
266 {
267 /* Make sure we have the privilege to assign a new one */
270 {
271 /* Failed, dereference */
272 if (!Token) ObDereferenceObject(NewToken);
274 }
275 }
276
277 /* Assign the token */
279 if (NT_SUCCESS(Status))
280 {
281 /*
282 * We need to completely reverify if the process still has access to
283 * itself under this new token.
284 */
287 &SdAllocated);
288 if (NT_SUCCESS(Status))
289 {
290 /* Setup the security context */
291 SubjectContext.ProcessAuditId = Process;
293 SubjectContext.ClientToken = NULL;
294
295 /* Do the access check */
298 FALSE,
300 0,
301 NULL,
304 &Process->GrantedAccess,
305 &AccessStatus);
306
307 /* Dereference the token and let go the SD */
309 SubjectContext.PrimaryToken);
311
312 /* Remove access if it failed */
313 if (!Result) Process->GrantedAccess = 0;
314
315 /* Setup granted access */
316 Process->GrantedAccess |= (PROCESS_VM_OPERATION |
327 }
328
329 /*
330 * In case LUID device maps are enable, we may not be using
331 * system device map for this process, but a logon LUID based
332 * device map. Because we change primary token, this usage is
333 * no longer valid, so dereference the process device map
334 */
336 }
337
338 /* Dereference the token */
339 if (!Token) ObDereferenceObject(NewToken);
340 return Status;
341}
#define STATUS_PRIVILEGE_NOT_HELD
Definition: DriverTester.h:9
unsigned char BOOLEAN
BOOLEAN NTAPI SeAccessCheck(_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext, _In_ BOOLEAN SubjectContextLocked, _In_ ACCESS_MASK DesiredAccess, _In_ ACCESS_MASK PreviouslyGrantedAccess, _Out_ PPRIVILEGE_SET *Privileges, _In_ PGENERIC_MAPPING GenericMapping, _In_ KPROCESSOR_MODE AccessMode, _Out_ PACCESS_MASK GrantedAccess, _Out_ PNTSTATUS AccessStatus)
Determines whether security access rights can be given to an object depending on the security descrip...
Definition: accesschk.c:910
_Inout_ PLIST_ENTRY _In_ PVOID _In_ PSTRING _In_ BOOLEAN _In_ BOOLEAN _In_ ULONG _In_ PFLT_CALLBACK_DATA _In_opt_ PCHECK_FOR_TRAVERSE_ACCESS _In_opt_ PSECURITY_SUBJECT_CONTEXT SubjectContext
Definition: fltkernel.h:2246
#define PROCESS_TERMINATE
Definition: pstypes.h:157
#define PROCESS_VM_READ
Definition: pstypes.h:161
#define PROCESS_VM_WRITE
Definition: pstypes.h:162
#define PROCESS_CREATE_THREAD
Definition: pstypes.h:158
#define PROCESS_VM_OPERATION
Definition: pstypes.h:160
#define PROCESS_SET_INFORMATION
Definition: pstypes.h:165
#define PROCESS_CREATE_PROCESS
Definition: pstypes.h:163
#define PROCESS_SET_QUOTA
Definition: pstypes.h:164
#define PROCESS_DUP_HANDLE
#define STANDARD_RIGHTS_ALL
Definition: nt_native.h:69
#define MAXIMUM_ALLOWED
Definition: nt_native.h:83
const LUID SeAssignPrimaryTokenPrivilege
Definition: priv.c:22
NTSTATUS NTAPI SeIsTokenSibling(_In_ PTOKEN Token, _Out_ PBOOLEAN IsSibling)
Checks if the token is a sibling of the other token of the current process that the calling thread is...
Definition: token.c:1236
NTSTATUS NTAPI SeIsTokenChild(_In_ PTOKEN Token, _Out_ PBOOLEAN IsChild)
Checks if the token is a child of the other token of the current process that the calling thread is i...
Definition: token.c:1187
NTSTATUS NTAPI PspAssignPrimaryToken(IN PEPROCESS Process, IN HANDLE Token, IN PACCESS_TOKEN AccessToken OPTIONAL)
Definition: security.c:178
BOOLEAN NTAPI SeSinglePrivilegeCheck(_In_ LUID PrivilegeValue, _In_ KPROCESSOR_MODE PreviousMode)
Checks if a single privilege is present in the context of the calling thread.
Definition: priv.c:744
VOID NTAPI ObDereferenceDeviceMap(IN PEPROCESS Process)
Definition: devicemap.c:456
ULONG NTAPI ObIsLUIDDeviceMapsEnabled(VOID)
Definition: devicemap.c:662
NTSTATUS NTAPI ObGetObjectSecurity(IN PVOID Object, OUT PSECURITY_DESCRIPTOR *SecurityDescriptor, OUT PBOOLEAN MemoryAllocated)
Definition: obsecure.c:611
VOID NTAPI ObReleaseObjectSecurity(IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN BOOLEAN MemoryAllocated)
Definition: obsecure.c:709
GENERIC_MAPPING GenericMapping
Definition: obtypes.h:358
OBJECT_TYPE_INITIALIZER TypeInfo
Definition: obtypes.h:390
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:191
_At_(*)(_In_ PWSK_CLIENT Client, _In_opt_ PUNICODE_STRING NodeName, _In_opt_ PUNICODE_STRING ServiceName, _In_opt_ ULONG NameSpace, _In_opt_ GUID *Provider, _In_opt_ PADDRINFOEXW Hints, _Outptr_ PADDRINFOEXW *Result, _In_opt_ PEPROCESS OwningProcess, _In_opt_ PETHREAD OwningThread, _Inout_ PIRP Irp Result)(Mem)) NTSTATUS(WSKAPI *PFN_WSK_GET_ADDRESS_INFO
Definition: wsk.h:426
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK _Out_ PNTSTATUS AccessStatus
Definition: sefuncs.h:21

Referenced by NtSetInformationProcess().

◆ PspWriteTebImpersonationInfo()

NTSTATUS NTAPI PspWriteTebImpersonationInfo ( IN PETHREAD  Thread,
IN PETHREAD  CurrentThread 
)

Definition at line 114 of file security.c.

116{
118 PTEB Teb;
120 BOOLEAN IsImpersonating;
122 PAGED_CODE();
123 PSTRACE(PS_SECURITY_DEBUG, "Thread: %p\n", Thread);
124
125 /* Sanity check */
126 ASSERT(CurrentThread == PsGetCurrentThread());
127
128 /* Get process and TEB */
129 Process = Thread->ThreadsProcess;
130 Teb = Thread->Tcb.Teb;
131 if (Teb)
132 {
133 /* Check if we're not in the right process */
134 if (Thread->Tcb.ApcState.Process != &Process->Pcb)
135 {
136 /* Attach to the process */
138 Attached = TRUE;
139 }
140
141 /* Check if we're in a different thread or acquire rundown */
142 if ((Thread == CurrentThread) ||
144 {
145 /* Check if the thread is impersonating */
146 IsImpersonating = (BOOLEAN)Thread->ActiveImpersonationInfo;
147 if (IsImpersonating)
148 {
149 /* Set TEB data */
150 Teb->ImpersonationLocale = -1;
151 Teb->IsImpersonating = 1;
152 }
153 else
154 {
155 /* Set TEB data */
156 Teb->ImpersonationLocale = 0;
157 Teb->IsImpersonating = 0;
158 }
159 }
160
161 /* Check if we're in a different thread */
162 if (Thread != CurrentThread)
163 {
164 /* Release protection */
166 }
167
168 /* Detach */
170 }
171
172 /* Return to caller */
173 return STATUS_SUCCESS;
174}
#define ExReleaseRundownProtection
Definition: ex.h:135
#define ExAcquireRundownProtection
Definition: ex.h:134
if(dx< 0)
Definition: linetemp.h:194
_Out_ PKAPC_STATE ApcState
Definition: mm.h:1727
#define BOOLEAN
Definition: pedump.c:73
VOID NTAPI KeStackAttachProcess(IN PKPROCESS Process, OUT PRKAPC_STATE ApcState)
Definition: procobj.c:704
VOID NTAPI KeUnstackDetachProcess(IN PRKAPC_STATE ApcState)
Definition: procobj.c:756
KTHREAD Tcb
Definition: pstypes.h:1103
EX_RUNDOWN_REF RundownProtect
Definition: pstypes.h:1159
PVOID Teb
Definition: ketypes.h:1747
KAPC_STATE ApcState
Definition: ketypes.h:1718
Definition: compat.h:836
ULONG IsImpersonating
Definition: winternl.h:433
ULONG ImpersonationLocale
Definition: winternl.h:432
static BOOL Attached
Definition: vidbios.c:3905
KAPC_STATE
Definition: ketypes.h:1285

Referenced by PsImpersonateClient(), and PsRevertThreadToSelf().

◆ PsReferenceEffectiveToken()

PACCESS_TOKEN NTAPI PsReferenceEffectiveToken ( IN PETHREAD  Thread,
OUT IN PTOKEN_TYPE  TokenType,
OUT PBOOLEAN  EffectiveOnly,
OUT PSECURITY_IMPERSONATION_LEVEL  ImpersonationLevel 
)

Definition at line 780 of file security.c.

784{
787
788 PAGED_CODE();
789
791 "Thread: %p, TokenType: %p\n", Thread, TokenType);
792
793 /* Check if we don't have impersonation info */
794 Process = Thread->ThreadsProcess;
796 {
797 /* Lock the Process */
799
800 /* Make sure impersonation is still active */
802 {
803 /* Get the token */
806
807 /* Return data to caller */
811
812 /* Unlock the Process */
814 return Token;
815 }
816
817 /* Unlock the Process */
819 }
820
821 /* Fast Reference the Token */
823
824 /* Check if we got the Token or if we got locked */
825 if (!Token)
826 {
827 /* Lock the Process */
829
830 /* Do a Locked Fast Reference */
832
833 /* Unlock the Process */
835 }
836
837 /* Return the token */
840 // NOTE: ImpersonationLevel is left untouched on purpose!
841 return Token;
842}
@ TokenPrimary
Definition: imports.h:273
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN _In_ TOKEN_TYPE TokenType
Definition: sefuncs.h:404
PVOID FASTCALL ObFastReferenceObject(IN PEX_FAST_REF FastRef)
Definition: obref.c:132
PVOID FASTCALL ObFastReferenceObjectLocked(IN PEX_FAST_REF FastRef)
Definition: obref.c:119
FORCEINLINE VOID PspUnlockProcessSecurityShared(IN PEPROCESS Process)
Definition: ps_x.h:122
FORCEINLINE VOID PspLockProcessSecurityShared(IN PEPROCESS Process)
Definition: ps_x.h:111

Referenced by SeCreateClientSecurity().

◆ PsReferenceImpersonationToken()

PACCESS_TOKEN NTAPI PsReferenceImpersonationToken ( IN PETHREAD  Thread,
OUT PBOOLEAN  CopyOnOpen,
OUT PBOOLEAN  EffectiveOnly,
OUT PSECURITY_IMPERSONATION_LEVEL  ImpersonationLevel 
)

Definition at line 849 of file security.c.

853{
854 PTOKEN Token = NULL;
855 PAGED_CODE();
856 PSTRACE(PS_SECURITY_DEBUG, "Thread: %p\n", Thread);
857
858 /* If we don't have impersonation info, just quit */
859 if (!Thread->ActiveImpersonationInfo) return NULL;
860
861 /* Lock the thread */
863
864 /* Make sure we still have active impersonation */
866 {
867 /* Return data from caller */
872
873 /* Set the token */
875 }
876
877 /* Unlock thread and return impersonation token */
879 return Token;
880}
FORCEINLINE VOID PspUnlockThreadSecurityShared(IN PETHREAD Thread)
Definition: ps_x.h:166
FORCEINLINE VOID PspLockThreadSecurityShared(IN PETHREAD Thread)
Definition: ps_x.h:155

Referenced by GetProcessLuid(), NtCloseObjectAuditAlarm(), NtOpenThreadTokenEx(), ObpReferenceDeviceMap(), and SeCaptureSubjectContextEx().

◆ PsReferencePrimaryToken()

PACCESS_TOKEN NTAPI PsReferencePrimaryToken ( PEPROCESS  Process)

Definition at line 440 of file security.c.

441{
443 PAGED_CODE();
444 PSTRACE(PS_SECURITY_DEBUG, "Process: %p\n", Process);
445
446 /* Fast Reference the Token */
448
449 /* Check if we got the Token or if we got locked */
450 if (!Token)
451 {
452 /* Lock the Process */
454
455 /* Do a Locked Fast Reference */
457
458 /* Unlock the Process */
460 }
461
462 /* Return the Token */
463 return Token;
464}

Referenced by GetProcessLuid(), KsecGetKeyData(), NtCloseObjectAuditAlarm(), NtOpenThreadTokenEx(), NtSecureConnectPort(), ObpSetCurrentProcessDeviceMap(), PsImpersonateClient(), PsOpenTokenOfProcess(), PspCreateProcess(), PspCreateThread(), PspExitThread(), PspInitializeProcessSecurity(), PspSetPrimaryToken(), SeCaptureSubjectContextEx(), SeExchangePrimaryToken(), SeIsTokenChild(), SeIsTokenSibling(), and SepImpersonateAnonymousToken().

◆ PsRestoreImpersonation()

VOID NTAPI PsRestoreImpersonation ( IN PETHREAD  Thread,
IN PSE_IMPERSONATION_STATE  ImpersonationState 
)

Definition at line 965 of file security.c.

967{
968 PTOKEN Token = NULL;
969 PPS_IMPERSONATION_INFORMATION Impersonation;
970 PAGED_CODE();
972 "Thread: %p State: %p\n", Thread, ImpersonationState);
973
974 /* Lock thread security */
976
977 /* Get the impersonation info */
978 Impersonation = Thread->ImpersonationInfo;
979
980 /* Check if we're impersonating */
982 {
983 /* Get the token */
984 Token = Impersonation->Token;
985 }
986
987 /* Check if we have an impersonation state */
989 {
990 /* Fill out the impersonation info */
992 Impersonation->CopyOnOpen = ImpersonationState->CopyOnOpen;
994 Impersonation->Token = ImpersonationState->Token;
995
996 /* Enable impersonation */
998 }
999 else
1000 {
1001 /* Disable impersonation */
1003 }
1004
1005 /* Unlock the thread */
1007
1008 /* Dereference the token */
1010}

Referenced by NtOpenThreadTokenEx().

◆ PsRevertThreadToSelf()

VOID NTAPI PsRevertThreadToSelf ( IN PETHREAD  Thread)

Definition at line 568 of file security.c.

569{
570 PTOKEN Token = NULL;
571 PAGED_CODE();
572 PSTRACE(PS_SECURITY_DEBUG, "Thread: %p\n", Thread);
573
574 /* Make sure we had impersonation information */
576 {
577 /* Lock the thread security */
579
580 /* Make sure it's still active */
582 {
583 /* Disable impersonation */
585
586 /* Get the token */
588 }
589
590 /* Release thread security */
592
593 /* Check if we had a token */
594 if (Token)
595 {
596 /* Dereference the impersonation token */
598
599 /* Write impersonation info to the TEB */
601 }
602 }
603}

Referenced by PsAssignImpersonationToken(), and PsRevertToSelf().

◆ PsRevertToSelf()

VOID NTAPI PsRevertToSelf ( VOID  )

Definition at line 556 of file security.c.

557{
558 /* Call the per-thread API */
559 PAGED_CODE();
561}

Referenced by CmpCmdHiveOpen(), and VfdIoCtlThread().

◆ SeAssignPrimaryToken()

VOID NTAPI SeAssignPrimaryToken ( IN PEPROCESS  Process,
IN PTOKEN  Token 
)

Variable Documentation

◆ PspBootAccessToken

PTOKEN PspBootAccessToken

Definition at line 17 of file security.c.

Referenced by PspInitializeProcessSecurity(), and PspInitPhase0().