14{
20
21
24 {
25 trace(
"Failed to allocate memory pool for the subject context!\n");
26 return;
27 }
28
33
34
38
40 0,
44 &FilteredToken);
47
48
54 &FilteredToken);
57
58
62
64 0,
65 &SidsToDisable,
68 &FilteredToken);
71
72
73
74
75
76
80
82 0,
85 &RestrictedGroups,
86 &FilteredToken);
89
90
94
96 0,
99 &RestrictedGroups,
100 &FilteredToken);
103
104
108}
#define ok_eq_hex(value, expected)
#define ExAllocatePool(type, size)
_Inout_ PLIST_ENTRY _In_ PVOID _In_ PSTRING _In_ BOOLEAN _In_ BOOLEAN _In_ ULONG _In_ PFLT_CALLBACK_DATA _In_opt_ PCHECK_FOR_TRAVERSE_ACCESS _In_opt_ PSECURITY_SUBJECT_CONTEXT SubjectContext
#define DISABLE_MAX_PRIVILEGE
LUID SeSystemEnvironmentPrivilege
SID_AND_ATTRIBUTES Groups[ANYSIZE_ARRAY]
VOID NTAPI SeLockSubjectContext(_In_ PSECURITY_SUBJECT_CONTEXT SubjectContext)
Locks both the referenced primary and client access tokens of a security subject context.
VOID NTAPI SeUnlockSubjectContext(_In_ PSECURITY_SUBJECT_CONTEXT SubjectContext)
Unlocks both the referenced primary and client access tokens of a security subject context.
VOID NTAPI SeCaptureSubjectContext(_Out_ PSECURITY_SUBJECT_CONTEXT SubjectContext)
Captures the security subject context of the calling thread and calling process.
NTSTATUS NTAPI SeFilterToken(_In_ PACCESS_TOKEN ExistingToken, _In_ ULONG Flags, _In_opt_ PTOKEN_GROUPS SidsToDisable, _In_opt_ PTOKEN_PRIVILEGES PrivilegesToDelete, _In_opt_ PTOKEN_GROUPS RestrictedSids, _Out_ PACCESS_TOKEN *FilteredToken)
Filters an access token from an existing token, making it more restricted than the previous one.
#define STATUS_INVALID_PARAMETER
BOOL Privilege(LPTSTR pszPrivilege, BOOL bEnable)
#define SeQuerySubjectContextToken(SubjectContext)