ReactOS 0.4.16-dev-303-g11d5cb8
security.c File Reference
#include <ntoskrnl.h>
#include <debug.h>
Include dependency graph for security.c:

Go to the source code of this file.

Macros

#define NDEBUG
 

Functions

VOID NTAPI SeAssignPrimaryToken (IN PEPROCESS Process, IN PTOKEN Token)
 
VOID NTAPI PspDeleteProcessSecurity (IN PEPROCESS Process)
 
VOID NTAPI PspDeleteThreadSecurity (IN PETHREAD Thread)
 
NTSTATUS NTAPI PspInitializeProcessSecurity (IN PEPROCESS Process, IN PEPROCESS Parent OPTIONAL)
 
NTSTATUS NTAPI PspWriteTebImpersonationInfo (IN PETHREAD Thread, IN PETHREAD CurrentThread)
 
NTSTATUS NTAPI PspAssignPrimaryToken (IN PEPROCESS Process, IN HANDLE Token, IN PACCESS_TOKEN AccessToken OPTIONAL)
 
NTSTATUS NTAPI PspSetPrimaryToken (IN PEPROCESS Process, IN HANDLE TokenHandle OPTIONAL, IN PACCESS_TOKEN Token OPTIONAL)
 
NTSTATUS NTAPI NtOpenProcessToken (IN HANDLE ProcessHandle, IN ACCESS_MASK DesiredAccess, OUT PHANDLE TokenHandle)
 
NTSTATUS NTAPI NtOpenProcessTokenEx (IN HANDLE ProcessHandle, IN ACCESS_MASK DesiredAccess, IN ULONG HandleAttributes, OUT PHANDLE TokenHandle)
 
PACCESS_TOKEN NTAPI PsReferencePrimaryToken (PEPROCESS Process)
 
NTSTATUS NTAPI PsOpenTokenOfProcess (IN HANDLE ProcessHandle, OUT PACCESS_TOKEN *Token)
 
NTSTATUS NTAPI PsAssignImpersonationToken (IN PETHREAD Thread, IN HANDLE TokenHandle)
 
VOID NTAPI PsRevertToSelf (VOID)
 
VOID NTAPI PsRevertThreadToSelf (IN PETHREAD Thread)
 
NTSTATUS NTAPI PsImpersonateClient (IN PETHREAD Thread, IN PACCESS_TOKEN Token, IN BOOLEAN CopyOnOpen, IN BOOLEAN EffectiveOnly, IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel)
 
PACCESS_TOKEN NTAPI PsReferenceEffectiveToken (IN PETHREAD Thread, OUT IN PTOKEN_TYPE TokenType, OUT PBOOLEAN EffectiveOnly, OUT PSECURITY_IMPERSONATION_LEVEL ImpersonationLevel)
 
PACCESS_TOKEN NTAPI PsReferenceImpersonationToken (IN PETHREAD Thread, OUT PBOOLEAN CopyOnOpen, OUT PBOOLEAN EffectiveOnly, OUT PSECURITY_IMPERSONATION_LEVEL ImpersonationLevel)
 
VOID NTAPI PsDereferenceImpersonationToken (IN PACCESS_TOKEN ImpersonationToken)
 
VOID NTAPI PsDereferencePrimaryToken (IN PACCESS_TOKEN PrimaryToken)
 
BOOLEAN NTAPI PsDisableImpersonation (IN PETHREAD Thread, OUT PSE_IMPERSONATION_STATE ImpersonationState)
 
VOID NTAPI PsRestoreImpersonation (IN PETHREAD Thread, IN PSE_IMPERSONATION_STATE ImpersonationState)
 
NTSTATUS NTAPI NtImpersonateThread (IN HANDLE ThreadHandle, IN HANDLE ThreadToImpersonateHandle, IN PSECURITY_QUALITY_OF_SERVICE SecurityQualityOfService)
 

Variables

PTOKEN PspBootAccessToken
 

Macro Definition Documentation

◆ NDEBUG

#define NDEBUG

Definition at line 14 of file security.c.

Function Documentation

◆ NtImpersonateThread()

NTSTATUS NTAPI NtImpersonateThread ( IN HANDLE  ThreadHandle,
IN HANDLE  ThreadToImpersonateHandle,
IN PSECURITY_QUALITY_OF_SERVICE  SecurityQualityOfService 
)

Definition at line 1036 of file security.c.

1039{
1040 SECURITY_QUALITY_OF_SERVICE SafeServiceQoS;
1043 PETHREAD ThreadToImpersonate;
1046 PAGED_CODE();
1048 "Threads: %p %p\n", ThreadHandle, ThreadToImpersonateHandle);
1049
1050 /* Check if call came from user mode */
1051 if (PreviousMode != KernelMode)
1052 {
1053 /* Enter SEH for probing */
1054 _SEH2_TRY
1055 {
1056 /* Probe QoS */
1057 ProbeForRead(SecurityQualityOfService,
1059 sizeof(ULONG));
1060
1061 /* Capture it */
1062 SafeServiceQoS = *SecurityQualityOfService;
1063 SecurityQualityOfService = &SafeServiceQoS;
1064 }
1066 {
1067 /* Return the exception code */
1069 }
1070 _SEH2_END;
1071 }
1072
1073 /* Reference the thread */
1074 Status = ObReferenceObjectByHandle(ThreadHandle,
1078 (PVOID*)&Thread,
1079 NULL);
1080 if (NT_SUCCESS(Status))
1081 {
1082 /* Reference the impersonating thead */
1083 Status = ObReferenceObjectByHandle(ThreadToImpersonateHandle,
1087 (PVOID*)&ThreadToImpersonate,
1088 NULL);
1089 if (NT_SUCCESS(Status))
1090 {
1091 /* Create a client security context */
1092 Status = SeCreateClientSecurity(ThreadToImpersonate,
1093 SecurityQualityOfService,
1094 0,
1095 &ClientContext);
1096 if (NT_SUCCESS(Status))
1097 {
1098 /* Do the impersonation */
1100 if (ClientContext.ClientToken)
1101 {
1102 /* Dereference the client token if we had one */
1104 }
1105 }
1106
1107 /* Dereference the thread to impersonate */
1108 ObDereferenceObject(ThreadToImpersonate);
1109 }
1110
1111 /* Dereference the main thread */
1113 }
1114
1115 /* Return status */
1116 return Status;
1117}
#define PAGED_CODE()
LONG NTSTATUS
Definition: precomp.h:26
#define NULL
Definition: types.h:112
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:33
#define ExGetPreviousMode
Definition: ex.h:140
VOID NTAPI ProbeForRead(IN CONST VOID *Address, IN SIZE_T Length, IN ULONG Alignment)
Definition: exintrin.c:102
_In_opt_ PFILE_OBJECT _In_opt_ PETHREAD Thread
Definition: fltkernel.h:2653
Status
Definition: gdiplustypes.h:25
#define THREAD_IMPERSONATE
Definition: pstypes.h:152
#define THREAD_DIRECT_IMPERSONATION
Definition: pstypes.h:153
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:90
NTKERNELAPI VOID NTAPI SeImpersonateClient(IN PSECURITY_CLIENT_CONTEXT ClientContext, IN PETHREAD ServerThread OPTIONAL)
NTKERNELAPI NTSTATUS NTAPI SeCreateClientSecurity(IN PETHREAD Thread, IN PSECURITY_QUALITY_OF_SERVICE QualityOfService, IN BOOLEAN RemoteClient, OUT PSECURITY_CLIENT_CONTEXT ClientContext)
#define KernelMode
Definition: asm.h:34
_In_ PVOID ClientContext
Definition: netioddk.h:55
POBJECT_TYPE PsThreadType
Definition: thread.c:20
NTSTATUS NTAPI ObReferenceObjectByHandle(IN HANDLE Handle, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, OUT PVOID *Object, OUT POBJECT_HANDLE_INFORMATION HandleInformation OPTIONAL)
Definition: obref.c:494
#define PSTRACE(x, fmt,...)
Definition: ps.h:57
#define PS_SECURITY_DEBUG
Definition: ps.h:19
#define _SEH2_GetExceptionCode()
Definition: pseh2_64.h:165
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:66
#define _SEH2_END
Definition: pseh2_64.h:155
#define _SEH2_TRY
Definition: pseh2_64.h:55
#define _SEH2_YIELD(__stmt)
Definition: pseh2_64.h:168
uint32_t ULONG
Definition: typedefs.h:59
CCHAR KPROCESSOR_MODE
Definition: ketypes.h:7
#define ObDereferenceObject
Definition: obfuncs.h:203
_In_ KPROCESSOR_MODE PreviousMode
Definition: sefuncs.h:103

Referenced by CsrImpersonateClient().

◆ NtOpenProcessToken()

NTSTATUS NTAPI NtOpenProcessToken ( IN HANDLE  ProcessHandle,
IN ACCESS_MASK  DesiredAccess,
OUT PHANDLE  TokenHandle 
)

Definition at line 350 of file security.c.

353{
354 /* Call the newer API */
357 0,
359}
_In_ HANDLE ProcessHandle
Definition: mmfuncs.h:403
_In_ ACCESS_MASK _In_ ULONG _Out_ PHANDLE TokenHandle
Definition: psfuncs.h:726
NTSTATUS NTAPI NtOpenProcessTokenEx(IN HANDLE ProcessHandle, IN ACCESS_MASK DesiredAccess, IN ULONG HandleAttributes, OUT PHANDLE TokenHandle)
Definition: security.c:366
_Must_inspect_result_ _In_ WDFDEVICE _In_ ULONG _In_ ACCESS_MASK DesiredAccess
Definition: wdfdevice.h:2658

Referenced by CheckTokenMembership(), CsrGetProcessLuid(), CsrSetProcessSecurity(), GetCallerLuid(), GetToken(), GetTokenProcess(), LsapIsTrustedClient(), OpenProcessToken(), RtlCreateUserSecurityObject(), RtlDefaultNpAcl(), SmpAcquirePrivilege(), START_TEST(), and test8().

◆ NtOpenProcessTokenEx()

NTSTATUS NTAPI NtOpenProcessTokenEx ( IN HANDLE  ProcessHandle,
IN ACCESS_MASK  DesiredAccess,
IN ULONG  HandleAttributes,
OUT PHANDLE  TokenHandle 
)

Definition at line 366 of file security.c.

370{
372 HANDLE hToken;
375 PAGED_CODE();
377 "Process: %p DesiredAccess: %lx\n", ProcessHandle, DesiredAccess);
378
379 /* Check if caller was user-mode */
381 {
382 /* Enter SEH for probing */
384 {
385 /* Probe the token handle */
387 }
389 {
390 /* Return the exception code */
392 }
393 _SEH2_END;
394 }
395
396 /* Validate object attributes */
398
399 /* Open the process token */
401 if (NT_SUCCESS(Status))
402 {
403 /* Reference it by handle and dereference the pointer */
406 NULL,
410 &hToken);
412
413 /* Make sure we got a handle */
414 if (NT_SUCCESS(Status))
415 {
416 /* Enter SEH for write */
418 {
419 /* Return the handle */
420 *TokenHandle = hToken;
421 }
423 {
424 /* Get exception code */
426 }
427 _SEH2_END;
428 }
429 }
430
431 /* Return status */
432 return Status;
433}
_In_ HANDLE _In_opt_ HANDLE _Out_opt_ PHANDLE _In_ ACCESS_MASK _In_ ULONG HandleAttributes
Definition: obfuncs.h:433
NTSTATUS NTAPI PsOpenTokenOfProcess(IN HANDLE ProcessHandle, OUT PACCESS_TOKEN *Token)
Definition: security.c:471
POBJECT_TYPE SeTokenObjectType
Definition: token.c:17
FORCEINLINE ULONG ObpValidateAttributes(IN ULONG Attributes, IN KPROCESSOR_MODE PreviousMode)
Definition: ob_x.h:22
NTSTATUS NTAPI ObOpenObjectByPointer(IN PVOID Object, IN ULONG HandleAttributes, IN PACCESS_STATE PassedAccessState, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, OUT PHANDLE Handle)
Definition: obhandle.c:2742
#define ProbeForWriteHandle(Ptr)
Definition: probe.h:43

Referenced by NtOpenProcessToken(), and START_TEST().

◆ PsAssignImpersonationToken()

NTSTATUS NTAPI PsAssignImpersonationToken ( IN PETHREAD  Thread,
IN HANDLE  TokenHandle 
)

Definition at line 502 of file security.c.

504{
508 PAGED_CODE();
509 PSTRACE(PS_SECURITY_DEBUG, "Thread: %p Token: %p\n", Thread, TokenHandle);
510
511 /* Check if we were given a handle */
512 if (!TokenHandle)
513 {
514 /* Undo impersonation */
516 return STATUS_SUCCESS;
517 }
518
519 /* Get the token object */
524 (PVOID*)&Token,
525 NULL);
526 if (!NT_SUCCESS(Status)) return(Status);
527
528 /* Make sure it's an impersonation token */
530 {
531 /* Fail */
534 }
535
536 /* Get the impersonation level */
538
539 /* Call the impersonation API */
541 Token,
542 FALSE,
543 FALSE,
545
546 /* Dereference the token and return status */
548 return Status;
549}
#define FALSE
Definition: types.h:117
enum _SECURITY_IMPERSONATION_LEVEL SECURITY_IMPERSONATION_LEVEL
@ TokenImpersonation
Definition: imports.h:274
NTKERNELAPI TOKEN_TYPE NTAPI SeTokenType(IN PACCESS_TOKEN Token)
#define KeGetPreviousMode()
Definition: ketypes.h:1115
VOID NTAPI PsRevertThreadToSelf(IN PETHREAD Thread)
Definition: security.c:568
NTSTATUS NTAPI PsImpersonateClient(IN PETHREAD Thread, IN PACCESS_TOKEN Token, IN BOOLEAN CopyOnOpen, IN BOOLEAN EffectiveOnly, IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel)
Definition: security.c:610
SECURITY_IMPERSONATION_LEVEL NTAPI SeTokenImpersonationLevel(_In_ PACCESS_TOKEN Token)
Gathers the security impersonation level of an access token.
Definition: token.c:2059
#define STATUS_BAD_TOKEN_TYPE
Definition: ntstatus.h:404
#define STATUS_SUCCESS
Definition: shellext.h:65
_Out_ PBOOLEAN _Out_ PBOOLEAN _Out_ PSECURITY_IMPERSONATION_LEVEL ImpersonationLevel
Definition: psfuncs.h:156
#define TOKEN_IMPERSONATE
Definition: setypes.h:927

Referenced by NtSetInformationThread().

◆ PsDereferenceImpersonationToken()

VOID NTAPI PsDereferenceImpersonationToken ( IN PACCESS_TOKEN  ImpersonationToken)

Definition at line 910 of file security.c.

911{
912 PAGED_CODE();
913
914 /* If we got a token, dereference it */
915 if (ImpersonationToken) ObDereferenceObject(ImpersonationToken);
916}

◆ PsDereferencePrimaryToken()

VOID NTAPI PsDereferencePrimaryToken ( IN PACCESS_TOKEN  PrimaryToken)

Definition at line 924 of file security.c.

925{
926 PAGED_CODE();
927
928 /* Dereference the token*/
929 ObDereferenceObject(PrimaryToken);
930}

◆ PsDisableImpersonation()

BOOLEAN NTAPI PsDisableImpersonation ( IN PETHREAD  Thread,
OUT PSE_IMPERSONATION_STATE  ImpersonationState 
)

Definition at line 937 of file security.c.

939{
940 PPS_IMPERSONATION_INFORMATION Impersonation = NULL;
942 PAGED_CODE();
944 "Thread: %p State: %p\n", Thread, ImpersonationState);
945
946 /* Check if we don't have impersonation */
948 {
949 /* Lock thread security */
951
952 /* Disable impersonation */
955
956 /* Make sure nobody disabled it behind our back */
958 {
959 /* Copy the old state */
960 Impersonation = Thread->ImpersonationInfo;
961 ImpersonationState->Token = Impersonation->Token;
962 ImpersonationState->CopyOnOpen = Impersonation->CopyOnOpen;
965 }
966
967 /* Unlock thread security */
969
970 /* If we had impersonation info, return true */
971 if (Impersonation) return TRUE;
972 }
973
974 /* Clear everything */
979 return FALSE;
980}
#define TRUE
Definition: types.h:120
SHORT OldFlags
Definition: fxioqueue.cpp:1325
#define CT_ACTIVE_IMPERSONATION_INFO_BIT
Definition: pstypes.h:242
@ SecurityAnonymous
Definition: lsa.idl:55
long LONG
Definition: pedump.c:60
FORCEINLINE VOID PspLockThreadSecurityExclusive(IN PETHREAD Thread)
Definition: ps_x.h:177
FORCEINLINE VOID PspUnlockThreadSecurityExclusive(IN PETHREAD Thread)
Definition: ps_x.h:188
#define PspClearCrossThreadFlag(Thread, Flag)
Definition: ps_x.h:27
PPS_IMPERSONATION_INFORMATION ImpersonationInfo
Definition: pstypes.h:1144
ULONG ActiveImpersonationInfo
Definition: pstypes.h:1182
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
Definition: pstypes.h:1073
PACCESS_TOKEN Token
Definition: setypes.h:116
SECURITY_IMPERSONATION_LEVEL Level
Definition: setypes.h:119
_Inout_ PSE_IMPERSONATION_STATE ImpersonationState
Definition: psfuncs.h:189

Referenced by NtOpenThreadTokenEx().

◆ PsImpersonateClient()

NTSTATUS NTAPI PsImpersonateClient ( IN PETHREAD  Thread,
IN PACCESS_TOKEN  Token,
IN BOOLEAN  CopyOnOpen,
IN BOOLEAN  EffectiveOnly,
IN SECURITY_IMPERSONATION_LEVEL  ImpersonationLevel 
)

Definition at line 610 of file security.c.

615{
616 PPS_IMPERSONATION_INFORMATION Impersonation, OldData;
617 PTOKEN OldToken = NULL, ProcessToken = NULL;
618 BOOLEAN CopiedToken = FALSE;
619 PACCESS_TOKEN NewToken, ImpersonationToken;
620 PEJOB Job;
622
623 PAGED_CODE();
624 PSTRACE(PS_SECURITY_DEBUG, "Thread: %p, Token: %p\n", Thread, Token);
625
626 /* Check if we don't have a token */
627 if (!Token)
628 {
629 /* Make sure we're impersonating */
631 {
632 /* We seem to be, lock the thread */
634
635 /* Make sure we're still impersonating */
637 {
638 /* Disable impersonation */
641
642 /* Get the token */
643 OldToken = Thread->ImpersonationInfo->Token;
644 }
645
646 /* Unlock the process and write TEB information */
649 }
650 }
651 else
652 {
653 /* Check if we have impersonation info */
654 Impersonation = Thread->ImpersonationInfo;
655 if (!Impersonation)
656 {
657 /* We need to allocate a new one */
658 Impersonation = ExAllocatePoolWithTag(PagedPool,
659 sizeof(*Impersonation),
661 if (!Impersonation) return STATUS_INSUFFICIENT_RESOURCES;
662
663 /* Update the pointer */
665 ImpersonationInfo,
666 Impersonation,
667 NULL);
668 if (OldData)
669 {
670 /* Someone beat us to it, free our copy */
672 Impersonation = OldData;
673 }
674 }
675
676 /*
677 * Assign the token we get from the caller first. The reason
678 * we have to do that is because we're unsure if we can impersonate
679 * in the first place. In the scenario where we cannot then the
680 * last resort is to make a copy of the token and assign that newly
681 * token to the impersonation information.
682 */
683 ImpersonationToken = Token;
684
685 /* Obtain a token from the process */
686 ProcessToken = PsReferencePrimaryToken(Thread->ThreadsProcess);
687 if (!ProcessToken)
688 {
689 /* We can't continue this way without having the process' token... */
690 return STATUS_UNSUCCESSFUL;
691 }
692
693 /* Make sure we can impersonate */
694 if (!SeTokenCanImpersonate(ProcessToken,
695 Token,
697 {
698 /* We can't, make a copy of the token instead */
702 &NewToken);
703 if (!NT_SUCCESS(Status))
704 {
705 /* We can't even make a copy of the token? Then bail out... */
706 ObFastDereferenceObject(&Thread->ThreadsProcess->Token, ProcessToken);
707 return Status;
708 }
709
710 /*
711 * Since we cannot impersonate, assign the newly copied token.
712 * SeCopyClientToken already holds a reference to the copied token,
713 * let the code path below know that it must not reference it twice.
714 */
715 CopiedToken = TRUE;
717 ImpersonationToken = NewToken;
718 }
719
720 /* We no longer need the process' token */
721 ObFastDereferenceObject(&Thread->ThreadsProcess->Token, ProcessToken);
722
723 /* Check if this is a job */
724 Job = Thread->ThreadsProcess->Job;
725 if (Job != NULL)
726 {
727 /* No admin allowed in this job */
729 SeTokenIsAdmin(ImpersonationToken))
730 {
731 if (CopiedToken)
732 {
733 ObDereferenceObject(ImpersonationToken);
734 }
735
737 }
738
739 /* No restricted tokens allowed in this job */
741 SeTokenIsRestricted(ImpersonationToken))
742 {
743 if (CopiedToken)
744 {
745 ObDereferenceObject(ImpersonationToken);
746 }
747
749 }
750
751 /* We don't support job filters yet */
752 if (Job->Filter != NULL)
753 {
754 ASSERT(Job->Filter == NULL);
755 }
756 }
757
758 /* Lock thread security */
760
761 /* Check if we're impersonating */
763 {
764 /* Get the token */
765 OldToken = Impersonation->Token;
766 }
767 else
768 {
769 /* Otherwise, enable impersonation */
771 }
772
773 /* Now fill it out */
774 Impersonation->ImpersonationLevel = ImpersonationLevel;
775 Impersonation->CopyOnOpen = CopyOnOpen;
776 Impersonation->EffectiveOnly = EffectiveOnly;
777 Impersonation->Token = ImpersonationToken;
778
779 /* Do not reference the token again if we copied it */
780 if (!CopiedToken)
781 {
782 ObReferenceObject(ImpersonationToken);
783 }
784
785 /* Unlock the thread */
787
788 /* Write impersonation info to the TEB */
790 }
791
792 /* Dereference the token and return success */
793 if (OldToken) PsDereferenceImpersonationToken(OldToken);
794 return STATUS_SUCCESS;
795}
unsigned char BOOLEAN
#define ExAllocatePoolWithTag(hernya, size, tag)
Definition: env_spec_w32.h:350
#define PsGetCurrentThread()
Definition: env_spec_w32.h:81
#define PagedPool
Definition: env_spec_w32.h:308
#define JOB_OBJECT_SECURITY_RESTRICTED_TOKEN
Definition: pstypes.h:232
#define JOB_OBJECT_SECURITY_NO_ADMIN
Definition: pstypes.h:231
#define InterlockedCompareExchangePointer
Definition: interlocked.h:129
@ SecurityIdentification
Definition: lsa.idl:56
#define ASSERT(a)
Definition: mode.c:44
#define ExFreePoolWithTag(_P, _T)
Definition: module.h:1109
#define PsDereferenceImpersonationToken(T)
Definition: imports.h:298
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN EffectiveOnly
Definition: sefuncs.h:410
BOOLEAN NTAPI SeTokenCanImpersonate(_In_ PTOKEN ProcessToken, _In_ PTOKEN TokenToImpersonate, _In_ SECURITY_IMPERSONATION_LEVEL ImpersonationLevel)
Determines whether the server is allowed to impersonate on behalf of a client or not....
Definition: token.c:2207
NTSTATUS NTAPI SeCopyClientToken(_In_ PACCESS_TOKEN Token, _In_ SECURITY_IMPERSONATION_LEVEL Level, _In_ KPROCESSOR_MODE PreviousMode, _Out_ PACCESS_TOKEN *NewToken)
Copies an existing access token (technically duplicating a new one).
Definition: token.c:1542
NTSTATUS NTAPI PspWriteTebImpersonationInfo(IN PETHREAD Thread, IN PETHREAD CurrentThread)
Definition: security.c:114
PACCESS_TOKEN NTAPI PsReferencePrimaryToken(PEPROCESS Process)
Definition: security.c:440
BOOLEAN NTAPI SeTokenIsAdmin(_In_ PACCESS_TOKEN Token)
Determines if a token is either an admin token or not. Such condition is checked based upon TOKEN_HAS...
Definition: token.c:2103
BOOLEAN NTAPI SeTokenIsRestricted(_In_ PACCESS_TOKEN Token)
Determines if a token is restricted or not, based upon the token flags.
Definition: token.c:2126
VOID FASTCALL ObFastDereferenceObject(IN PEX_FAST_REF FastRef, IN PVOID Object)
Definition: obref.c:167
#define PspSetCrossThreadFlag(Thread, Flag)
Definition: ps_x.h:25
ULONG SecurityLimitFlags
Definition: pstypes.h:1501
PPS_JOB_TOKEN_FILTER Filter
Definition: pstypes.h:1503
#define TAG_PS_IMPERSONATION
Definition: tag.h:133
#define STATUS_ACCESS_DENIED
Definition: udferr_usr.h:145
#define STATUS_UNSUCCESSFUL
Definition: udferr_usr.h:132
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
#define ObReferenceObject
Definition: obfuncs.h:204
_Out_ PBOOLEAN CopyOnOpen
Definition: psfuncs.h:154

Referenced by PsAssignImpersonationToken(), SeImpersonateClientEx(), SepImpersonateAnonymousToken(), and SepOpenThreadToken().

◆ PsOpenTokenOfProcess()

NTSTATUS NTAPI PsOpenTokenOfProcess ( IN HANDLE  ProcessHandle,
OUT PACCESS_TOKEN Token 
)

Definition at line 471 of file security.c.

473{
476 PAGED_CODE();
477 PSTRACE(PS_SECURITY_DEBUG, "Process: %p\n", ProcessHandle);
478
479 /* Get the Token */
484 (PVOID*)&Process,
485 NULL);
486 if (NT_SUCCESS(Status))
487 {
488 /* Reference the token and dereference the process */
491 }
492
493 /* Return */
494 return Status;
495}
_Must_inspect_result_ _In_ PLARGE_INTEGER _In_ PLARGE_INTEGER _In_ ULONG _In_ PFILE_OBJECT _In_ PVOID Process
Definition: fsrtlfuncs.h:223
#define PROCESS_QUERY_INFORMATION
Definition: pstypes.h:167
POBJECT_TYPE PsProcessType
Definition: process.c:20

Referenced by NtOpenProcessTokenEx().

◆ PspAssignPrimaryToken()

NTSTATUS NTAPI PspAssignPrimaryToken ( IN PEPROCESS  Process,
IN HANDLE  Token,
IN PACCESS_TOKEN AccessToken  OPTIONAL 
)

Definition at line 178 of file security.c.

181{
182 PACCESS_TOKEN NewToken = AccessToken, OldToken;
184 PAGED_CODE();
185 PSTRACE(PS_SECURITY_DEBUG, "Process: %p Token: %p\n", Process, Token);
186
187 /* Check if we don't have a pointer */
188 if (!AccessToken)
189 {
190 /* Reference it from the handle */
195 &NewToken,
196 NULL);
197 if (!NT_SUCCESS(Status)) return Status;
198 }
199
200 /* Exchange tokens */
201 Status = SeExchangePrimaryToken(Process, NewToken, &OldToken);
202
203 /* Acquire and release the lock */
206
207 /* Dereference Tokens and Return */
208 if (NT_SUCCESS(Status)) ObDereferenceObject(OldToken);
209 if (!AccessToken) ObDereferenceObject(NewToken);
210 return Status;
211}
NTSTATUS NTAPI SeExchangePrimaryToken(_In_ PEPROCESS Process, _In_ PACCESS_TOKEN NewAccessToken, _Out_ PACCESS_TOKEN *OldAccessToken)
Replaces the old access token of a process (pointed by the EPROCESS kernel structure) with a new acce...
Definition: token.c:846
FORCEINLINE VOID PspUnlockProcessSecurityExclusive(IN PEPROCESS Process)
Definition: ps_x.h:144
FORCEINLINE VOID PspLockProcessSecurityExclusive(IN PEPROCESS Process)
Definition: ps_x.h:133
#define TOKEN_ASSIGN_PRIMARY
Definition: setypes.h:925

Referenced by PspSetPrimaryToken().

◆ PspDeleteProcessSecurity()

VOID NTAPI PspDeleteProcessSecurity ( IN PEPROCESS  Process)

Definition at line 30 of file security.c.

31{
32 PAGED_CODE();
33 PSTRACE(PS_SECURITY_DEBUG, "Process: %p\n", Process);
34
35 /* Check if we have a token */
36 if (Process->Token.Object)
37 {
38 /* Deassign it */
40 Process->Token.Object = NULL;
41 }
42}
VOID NTAPI SeDeassignPrimaryToken(_Inout_ PEPROCESS Process)
Removes the primary token of a process.
Definition: token.c:936

Referenced by PspDeleteProcess().

◆ PspDeleteThreadSecurity()

VOID NTAPI PspDeleteThreadSecurity ( IN PETHREAD  Thread)

Definition at line 46 of file security.c.

47{
49 PAGED_CODE();
50 PSTRACE(PS_SECURITY_DEBUG, "Thread: %p\n", Thread);
51
52 /* Check if we have active impersonation info */
54 {
55 /* Dereference its token */
56 ObDereferenceObject(ImpersonationInfo->Token);
57 }
58
59 /* Check if we have impersonation info */
60 if (ImpersonationInfo)
61 {
62 /* Free it */
63 ExFreePool(ImpersonationInfo);
66 }
67}
#define ExFreePool(addr)
Definition: env_spec_w32.h:352

Referenced by PspDeleteThread().

◆ PspInitializeProcessSecurity()

NTSTATUS NTAPI PspInitializeProcessSecurity ( IN PEPROCESS  Process,
IN PEPROCESS Parent  OPTIONAL 
)

Definition at line 71 of file security.c.

73{
75 PTOKEN NewToken, ParentToken;
76 PAGED_CODE();
77 PSTRACE(PS_SECURITY_DEBUG, "Process: %p\n", Process);
78
79 /* If we have a parent, then duplicate the Token */
80 if (Parent)
81 {
82 /* Get the Parent Token */
83 ParentToken = PsReferencePrimaryToken(Parent);
84
85 /* Duplicate it */
86 Status = SeSubProcessToken(ParentToken,
87 &NewToken,
88 TRUE,
90
91 /* Dereference the Parent */
92 ObFastDereferenceObject(&Parent->Token, ParentToken);
93
94 /* Set the new Token */
95 if (NT_SUCCESS(Status))
96 {
97 /* Initailize the fast reference */
98 ObInitializeFastReference(&Process->Token, NewToken);
99 }
100 }
101 else
102 {
103 /* No parent, assign the Boot Token */
106 }
107
108 /* Return to caller */
109 return Status;
110}
ACPI_PHYSICAL_ADDRESS ACPI_SIZE BOOLEAN Warn UINT32 *TableIdx UINT32 ACPI_TABLE_HEADER *OutTableHeader ACPI_TABLE_HEADER **OutTable ACPI_HANDLE UINT32 ACPI_WALK_CALLBACK ACPI_WALK_CALLBACK void void **ReturnValue UINT32 ACPI_BUFFER *RetPathPtr ACPI_OBJECT_HANDLER void *Data ACPI_OBJECT_HANDLER void **Data ACPI_STRING ACPI_OBJECT_LIST ACPI_BUFFER *ReturnObjectBuffer ACPI_DEVICE_INFO **ReturnBuffer ACPI_HANDLE Parent
Definition: acpixf.h:732
ULONG NTAPI MmGetSessionId(IN PEPROCESS Process)
Definition: session.c:179
NTSTATUS NTAPI SeSubProcessToken(_In_ PTOKEN Parent, _Out_ PTOKEN *Token, _In_ BOOLEAN InUse, _In_ ULONG SessionId)
Subtracts a token in exchange of duplicating a new one.
Definition: token.c:1373
VOID NTAPI SeAssignPrimaryToken(IN PEPROCESS Process, IN PTOKEN Token)
PTOKEN PspBootAccessToken
Definition: security.c:17
VOID FASTCALL ObInitializeFastReference(IN PEX_FAST_REF FastRef, IN PVOID Object)
Definition: obref.c:107

Referenced by PspCreateProcess().

◆ PspSetPrimaryToken()

NTSTATUS NTAPI PspSetPrimaryToken ( IN PEPROCESS  Process,
IN HANDLE TokenHandle  OPTIONAL,
IN PACCESS_TOKEN Token  OPTIONAL 
)

Definition at line 215 of file security.c.

218{
220 BOOLEAN IsChildOrSibling;
221 PACCESS_TOKEN NewToken = Token;
223 BOOLEAN Result, SdAllocated;
226
227 PSTRACE(PS_SECURITY_DEBUG, "Process: %p Token: %p\n", Process, Token);
228
229 /* Reference the token by handle if we don't already have a token object */
230 if (!Token)
231 {
236 (PVOID*)&NewToken,
237 NULL);
238 if (!NT_SUCCESS(Status)) return Status;
239 }
240
241 /*
242 * Check whether this token is a child or sibling of the current process token.
243 * NOTE: On Windows Vista+ both of these checks (together with extra steps)
244 * are now performed by a new SeIsTokenAssignableToProcess() helper.
245 */
246 Status = SeIsTokenChild(NewToken, &IsChildOrSibling);
247 if (!NT_SUCCESS(Status))
248 {
249 /* Failed, dereference */
250 if (!Token) ObDereferenceObject(NewToken);
251 return Status;
252 }
253 if (!IsChildOrSibling)
254 {
255 Status = SeIsTokenSibling(NewToken, &IsChildOrSibling);
256 if (!NT_SUCCESS(Status))
257 {
258 /* Failed, dereference */
259 if (!Token) ObDereferenceObject(NewToken);
260 return Status;
261 }
262 }
263
264 /* Check if this was an independent token */
265 if (!IsChildOrSibling)
266 {
267 /* Make sure we have the privilege to assign a new one */
270 {
271 /* Failed, dereference */
272 if (!Token) ObDereferenceObject(NewToken);
274 }
275 }
276
277 /* Assign the token */
279 if (NT_SUCCESS(Status))
280 {
281 /*
282 * We need to completely reverify if the process still has access to
283 * itself under this new token.
284 */
287 &SdAllocated);
288 if (NT_SUCCESS(Status))
289 {
290 /* Setup the security context */
291 SubjectContext.ProcessAuditId = Process;
293 SubjectContext.ClientToken = NULL;
294
295 /* Do the access check */
298 FALSE,
300 0,
301 NULL,
304 &Process->GrantedAccess,
305 &AccessStatus);
306
307 /* Dereference the token and let go the SD */
309 SubjectContext.PrimaryToken);
311
312 /* Remove access if it failed */
313 if (!Result) Process->GrantedAccess = 0;
314
315 /* Setup granted access */
316 Process->GrantedAccess |= (PROCESS_VM_OPERATION |
327 }
328
329 /*
330 * In case LUID device maps are enable, we may not be using
331 * system device map for this process, but a logon LUID based
332 * device map. Because we change primary token, this usage is
333 * no longer valid, so dereference the process device map
334 */
336 }
337
338 /* Dereference the token */
339 if (!Token) ObDereferenceObject(NewToken);
340 return Status;
341}
#define STATUS_PRIVILEGE_NOT_HELD
Definition: DriverTester.h:9
BOOLEAN NTAPI SeAccessCheck(_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext, _In_ BOOLEAN SubjectContextLocked, _In_ ACCESS_MASK DesiredAccess, _In_ ACCESS_MASK PreviouslyGrantedAccess, _Out_ PPRIVILEGE_SET *Privileges, _In_ PGENERIC_MAPPING GenericMapping, _In_ KPROCESSOR_MODE AccessMode, _Out_ PACCESS_MASK GrantedAccess, _Out_ PNTSTATUS AccessStatus)
Determines whether security access rights can be given to an object depending on the security descrip...
Definition: accesschk.c:1994
_Inout_ PLIST_ENTRY _In_ PVOID _In_ PSTRING _In_ BOOLEAN _In_ BOOLEAN _In_ ULONG _In_ PFLT_CALLBACK_DATA _In_opt_ PCHECK_FOR_TRAVERSE_ACCESS _In_opt_ PSECURITY_SUBJECT_CONTEXT SubjectContext
Definition: fltkernel.h:2246
#define PROCESS_TERMINATE
Definition: pstypes.h:158
#define PROCESS_VM_READ
Definition: pstypes.h:162
#define PROCESS_VM_WRITE
Definition: pstypes.h:163
#define PROCESS_CREATE_THREAD
Definition: pstypes.h:159
#define PROCESS_VM_OPERATION
Definition: pstypes.h:161
#define PROCESS_SET_INFORMATION
Definition: pstypes.h:166
#define PROCESS_CREATE_PROCESS
Definition: pstypes.h:164
#define PROCESS_SET_QUOTA
Definition: pstypes.h:165
#define PROCESS_DUP_HANDLE
#define STANDARD_RIGHTS_ALL
Definition: nt_native.h:69
#define MAXIMUM_ALLOWED
Definition: nt_native.h:83
const LUID SeAssignPrimaryTokenPrivilege
Definition: priv.c:22
NTSTATUS NTAPI SeIsTokenSibling(_In_ PTOKEN Token, _Out_ PBOOLEAN IsSibling)
Checks if the token is a sibling of the other token of the current process that the calling thread is...
Definition: token.c:1482
NTSTATUS NTAPI SeIsTokenChild(_In_ PTOKEN Token, _Out_ PBOOLEAN IsChild)
Checks if the token is a child of the other token of the current process that the calling thread is i...
Definition: token.c:1433
NTSTATUS NTAPI PspAssignPrimaryToken(IN PEPROCESS Process, IN HANDLE Token, IN PACCESS_TOKEN AccessToken OPTIONAL)
Definition: security.c:178
BOOLEAN NTAPI SeSinglePrivilegeCheck(_In_ LUID PrivilegeValue, _In_ KPROCESSOR_MODE PreviousMode)
Checks if a single privilege is present in the context of the calling thread.
Definition: priv.c:744
VOID NTAPI ObDereferenceDeviceMap(IN PEPROCESS Process)
Definition: devicemap.c:456
ULONG NTAPI ObIsLUIDDeviceMapsEnabled(VOID)
Definition: devicemap.c:662
NTSTATUS NTAPI ObGetObjectSecurity(IN PVOID Object, OUT PSECURITY_DESCRIPTOR *SecurityDescriptor, OUT PBOOLEAN MemoryAllocated)
Definition: obsecure.c:611
VOID NTAPI ObReleaseObjectSecurity(IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN BOOLEAN MemoryAllocated)
Definition: obsecure.c:709
GENERIC_MAPPING GenericMapping
Definition: obtypes.h:358
OBJECT_TYPE_INITIALIZER TypeInfo
Definition: obtypes.h:390
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:191
_At_(*)(_In_ PWSK_CLIENT Client, _In_opt_ PUNICODE_STRING NodeName, _In_opt_ PUNICODE_STRING ServiceName, _In_opt_ ULONG NameSpace, _In_opt_ GUID *Provider, _In_opt_ PADDRINFOEXW Hints, _Outptr_ PADDRINFOEXW *Result, _In_opt_ PEPROCESS OwningProcess, _In_opt_ PETHREAD OwningThread, _Inout_ PIRP Irp Result)(Mem)) NTSTATUS(WSKAPI *PFN_WSK_GET_ADDRESS_INFO
Definition: wsk.h:409
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK _Out_ PNTSTATUS AccessStatus
Definition: sefuncs.h:21

Referenced by NtSetInformationProcess().

◆ PspWriteTebImpersonationInfo()

NTSTATUS NTAPI PspWriteTebImpersonationInfo ( IN PETHREAD  Thread,
IN PETHREAD  CurrentThread 
)

Definition at line 114 of file security.c.

116{
118 PTEB Teb;
120 BOOLEAN IsImpersonating;
122 PAGED_CODE();
123 PSTRACE(PS_SECURITY_DEBUG, "Thread: %p\n", Thread);
124
125 /* Sanity check */
126 ASSERT(CurrentThread == PsGetCurrentThread());
127
128 /* Get process and TEB */
129 Process = Thread->ThreadsProcess;
130 Teb = Thread->Tcb.Teb;
131 if (Teb)
132 {
133 /* Check if we're not in the right process */
134 if (Thread->Tcb.ApcState.Process != &Process->Pcb)
135 {
136 /* Attach to the process */
138 Attached = TRUE;
139 }
140
141 /* Check if we're in a different thread or acquire rundown */
142 if ((Thread == CurrentThread) ||
144 {
145 /* Check if the thread is impersonating */
146 IsImpersonating = (BOOLEAN)Thread->ActiveImpersonationInfo;
147 if (IsImpersonating)
148 {
149 /* Set TEB data */
150 Teb->ImpersonationLocale = -1;
151 Teb->IsImpersonating = 1;
152 }
153 else
154 {
155 /* Set TEB data */
156 Teb->ImpersonationLocale = 0;
157 Teb->IsImpersonating = 0;
158 }
159 }
160
161 /* Check if we're in a different thread */
162 if (Thread != CurrentThread)
163 {
164 /* Release protection */
166 }
167
168 /* Detach */
170 }
171
172 /* Return to caller */
173 return STATUS_SUCCESS;
174}
#define ExReleaseRundownProtection
Definition: ex.h:136
#define ExAcquireRundownProtection
Definition: ex.h:135
if(dx< 0)
Definition: linetemp.h:194
_Out_ PKAPC_STATE ApcState
Definition: mm.h:1765
#define BOOLEAN
Definition: pedump.c:73
VOID NTAPI KeStackAttachProcess(IN PKPROCESS Process, OUT PRKAPC_STATE ApcState)
Definition: procobj.c:704
VOID NTAPI KeUnstackDetachProcess(IN PRKAPC_STATE ApcState)
Definition: procobj.c:756
KTHREAD Tcb
Definition: pstypes.h:1104
EX_RUNDOWN_REF RundownProtect
Definition: pstypes.h:1160
PVOID Teb
Definition: ketypes.h:1807
KAPC_STATE ApcState
Definition: ketypes.h:1778
Definition: compat.h:836
ULONG IsImpersonating
Definition: winternl.h:433
ULONG ImpersonationLocale
Definition: winternl.h:432
static BOOL Attached
Definition: vidbios.c:3905
KAPC_STATE
Definition: ketypes.h:1409

Referenced by PsImpersonateClient(), and PsRevertThreadToSelf().

◆ PsReferenceEffectiveToken()

PACCESS_TOKEN NTAPI PsReferenceEffectiveToken ( IN PETHREAD  Thread,
OUT IN PTOKEN_TYPE  TokenType,
OUT PBOOLEAN  EffectiveOnly,
OUT PSECURITY_IMPERSONATION_LEVEL  ImpersonationLevel 
)

Definition at line 802 of file security.c.

806{
809
810 PAGED_CODE();
811
813 "Thread: %p, TokenType: %p\n", Thread, TokenType);
814
815 /* Check if we don't have impersonation info */
816 Process = Thread->ThreadsProcess;
818 {
819 /* Lock the Process */
821
822 /* Make sure impersonation is still active */
824 {
825 /* Get the token */
828
829 /* Return data to caller */
833
834 /* Unlock the Process */
836 return Token;
837 }
838
839 /* Unlock the Process */
841 }
842
843 /* Fast Reference the Token */
845
846 /* Check if we got the Token or if we got locked */
847 if (!Token)
848 {
849 /* Lock the Process */
851
852 /* Do a Locked Fast Reference */
854
855 /* Unlock the Process */
857 }
858
859 /* Return the token */
862 // NOTE: ImpersonationLevel is left untouched on purpose!
863 return Token;
864}
@ TokenPrimary
Definition: imports.h:273
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN _In_ TOKEN_TYPE TokenType
Definition: sefuncs.h:411
PVOID FASTCALL ObFastReferenceObject(IN PEX_FAST_REF FastRef)
Definition: obref.c:132
PVOID FASTCALL ObFastReferenceObjectLocked(IN PEX_FAST_REF FastRef)
Definition: obref.c:119
FORCEINLINE VOID PspUnlockProcessSecurityShared(IN PEPROCESS Process)
Definition: ps_x.h:122
FORCEINLINE VOID PspLockProcessSecurityShared(IN PEPROCESS Process)
Definition: ps_x.h:111

Referenced by SeCreateClientSecurity().

◆ PsReferenceImpersonationToken()

PACCESS_TOKEN NTAPI PsReferenceImpersonationToken ( IN PETHREAD  Thread,
OUT PBOOLEAN  CopyOnOpen,
OUT PBOOLEAN  EffectiveOnly,
OUT PSECURITY_IMPERSONATION_LEVEL  ImpersonationLevel 
)

Definition at line 871 of file security.c.

875{
876 PTOKEN Token = NULL;
877 PAGED_CODE();
878 PSTRACE(PS_SECURITY_DEBUG, "Thread: %p\n", Thread);
879
880 /* If we don't have impersonation info, just quit */
881 if (!Thread->ActiveImpersonationInfo) return NULL;
882
883 /* Lock the thread */
885
886 /* Make sure we still have active impersonation */
888 {
889 /* Return data from caller */
894
895 /* Set the token */
897 }
898
899 /* Unlock thread and return impersonation token */
901 return Token;
902}
FORCEINLINE VOID PspUnlockThreadSecurityShared(IN PETHREAD Thread)
Definition: ps_x.h:166
FORCEINLINE VOID PspLockThreadSecurityShared(IN PETHREAD Thread)
Definition: ps_x.h:155

Referenced by GetProcessLuid(), NtCloseObjectAuditAlarm(), NtOpenThreadTokenEx(), ObpReferenceDeviceMap(), and SeCaptureSubjectContextEx().

◆ PsReferencePrimaryToken()

PACCESS_TOKEN NTAPI PsReferencePrimaryToken ( PEPROCESS  Process)

Definition at line 440 of file security.c.

441{
443 PAGED_CODE();
444 PSTRACE(PS_SECURITY_DEBUG, "Process: %p\n", Process);
445
446 /* Fast Reference the Token */
448
449 /* Check if we got the Token or if we got locked */
450 if (!Token)
451 {
452 /* Lock the Process */
454
455 /* Do a Locked Fast Reference */
457
458 /* Unlock the Process */
460 }
461
462 /* Return the Token */
463 return Token;
464}

Referenced by GetProcessLuid(), KsecGetKeyData(), NtCloseObjectAuditAlarm(), NtSecureConnectPort(), ObpSetCurrentProcessDeviceMap(), PsImpersonateClient(), PsOpenTokenOfProcess(), PspCreateProcess(), PspCreateThread(), PspExitThread(), PspInitializeProcessSecurity(), PspSetPrimaryToken(), SeCaptureSubjectContextEx(), SeExchangePrimaryToken(), SeIsTokenChild(), SeIsTokenSibling(), SepImpersonateAnonymousToken(), and SepOpenThreadToken().

◆ PsRestoreImpersonation()

VOID NTAPI PsRestoreImpersonation ( IN PETHREAD  Thread,
IN PSE_IMPERSONATION_STATE  ImpersonationState 
)

Definition at line 987 of file security.c.

989{
990 PTOKEN Token = NULL;
991 PPS_IMPERSONATION_INFORMATION Impersonation;
992 PAGED_CODE();
994 "Thread: %p State: %p\n", Thread, ImpersonationState);
995
996 /* Lock thread security */
998
999 /* Get the impersonation info */
1000 Impersonation = Thread->ImpersonationInfo;
1001
1002 /* Check if we're impersonating */
1004 {
1005 /* Get the token */
1006 Token = Impersonation->Token;
1007 }
1008
1009 /* Check if we have an impersonation state */
1011 {
1012 /* Fill out the impersonation info */
1014 Impersonation->CopyOnOpen = ImpersonationState->CopyOnOpen;
1016 Impersonation->Token = ImpersonationState->Token;
1017
1018 /* Enable impersonation */
1020 }
1021 else
1022 {
1023 /* Disable impersonation */
1025 }
1026
1027 /* Unlock the thread */
1029
1030 /* Dereference the token */
1032}

Referenced by NtOpenThreadTokenEx().

◆ PsRevertThreadToSelf()

VOID NTAPI PsRevertThreadToSelf ( IN PETHREAD  Thread)

Definition at line 568 of file security.c.

569{
570 PTOKEN Token = NULL;
571 PAGED_CODE();
572 PSTRACE(PS_SECURITY_DEBUG, "Thread: %p\n", Thread);
573
574 /* Make sure we had impersonation information */
576 {
577 /* Lock the thread security */
579
580 /* Make sure it's still active */
582 {
583 /* Disable impersonation */
585
586 /* Get the token */
588 }
589
590 /* Release thread security */
592
593 /* Check if we had a token */
594 if (Token)
595 {
596 /* Dereference the impersonation token */
598
599 /* Write impersonation info to the TEB */
601 }
602 }
603}

Referenced by PsAssignImpersonationToken(), and PsRevertToSelf().

◆ PsRevertToSelf()

VOID NTAPI PsRevertToSelf ( VOID  )

Definition at line 556 of file security.c.

557{
558 /* Call the per-thread API */
559 PAGED_CODE();
561}

Referenced by CmpCmdHiveOpen(), and VfdIoCtlThread().

◆ SeAssignPrimaryToken()

VOID NTAPI SeAssignPrimaryToken ( IN PEPROCESS  Process,
IN PTOKEN  Token 
)

Variable Documentation

◆ PspBootAccessToken

PTOKEN PspBootAccessToken

Definition at line 17 of file security.c.

Referenced by PspInitializeProcessSecurity(), and PspInitPhase0().