ReactOS 0.4.16-dev-36-g301675c
|
#include <ntoskrnl.h>
#include <debug.h>
Go to the source code of this file.
Macros | |
#define | NDEBUG |
#define | SE_TOKEN_DYNAMIC_SLIM 500 |
#define NDEBUG |
Definition at line 12 of file tokenlif.c.
#define SE_TOKEN_DYNAMIC_SLIM 500 |
Definition at line 17 of file tokenlif.c.
__kernel_entry NTSTATUS NTAPI NtCreateToken | ( | _Out_ PHANDLE | TokenHandle, |
_In_ ACCESS_MASK | DesiredAccess, | ||
_In_opt_ POBJECT_ATTRIBUTES | ObjectAttributes, | ||
_In_ TOKEN_TYPE | TokenType, | ||
_In_ PLUID | AuthenticationId, | ||
_In_ PLARGE_INTEGER | ExpirationTime, | ||
_In_ PTOKEN_USER | TokenUser, | ||
_In_ PTOKEN_GROUPS | TokenGroups, | ||
_In_ PTOKEN_PRIVILEGES | TokenPrivileges, | ||
_In_opt_ PTOKEN_OWNER | TokenOwner, | ||
_In_ PTOKEN_PRIMARY_GROUP | TokenPrimaryGroup, | ||
_In_opt_ PTOKEN_DEFAULT_DACL | TokenDefaultDacl, | ||
_In_ PTOKEN_SOURCE | TokenSource | ||
) |
Creates an access token.
[out] | TokenHandle | The returned created token handle to the caller. |
[in] | DesiredAccess | The desired access rights for the token that we're creating. |
[in] | ObjectAttributes | The object attributes for the token object that we're creating. |
[in] | TokenType | The type of token to assign for the newly created token. |
[in] | AuthenticationId | Authentication ID that represents the token's identity. |
[in] | ExpirationTime | Expiration time for the token. If set to -1, the token never expires. |
[in] | TokenUser | The main user entity for the token to assign. |
[in] | TokenGroups | Group list of SIDs for the token to assign. |
[in] | TokenPrivileges | Privileges for the token. |
[in] | TokenOwner | The main user that owns the newly created token. |
[in] | TokenPrimaryGroup | The primary group that represents as the main group of the token. |
[in] | TokenDefaultDacl | Discretionary access control list for the token. This limits on how the token can be used, accessed and used by whom. |
[in] | TokenSource | The source origin of the token who creates it. |
Definition at line 1558 of file tokenlif.c.
Referenced by LsapLogonUser().
_Must_inspect_result_ __kernel_entry NTSTATUS NTAPI NtDuplicateToken | ( | _In_ HANDLE | ExistingTokenHandle, |
_In_ ACCESS_MASK | DesiredAccess, | ||
_In_opt_ POBJECT_ATTRIBUTES | ObjectAttributes, | ||
_In_ BOOLEAN | EffectiveOnly, | ||
_In_ TOKEN_TYPE | TokenType, | ||
_Out_ PHANDLE | NewTokenHandle | ||
) |
Duplicates a token.
[in] | ExistingTokenHandle | An existing token to duplicate. |
[in] | DesiredAccess | The desired access rights for the new duplicated token. |
[in] | ObjectAttributes | Object attributes for the new duplicated token. |
[in] | EffectiveOnly | If set to TRUE, the function removes all the disabled privileges and groups of the token to duplicate. |
[in] | TokenType | Type of token to assign to the duplicated token. |
[out] | NewTokenHandle | The returned duplicated token handle. |
Definition at line 1869 of file tokenlif.c.
Referenced by CreateProcessAsUserCommon(), DuplicateTokenAsEffective(), DuplicateTokenEx(), GetToken(), GetTokenProcess(), ImpersonateLoggedOnUser(), QueryTokenImpersonationTests(), and START_TEST().
NTSTATUS NTAPI NtFilterToken | ( | _In_ HANDLE | ExistingTokenHandle, |
_In_ ULONG | Flags, | ||
_In_opt_ PTOKEN_GROUPS | SidsToDisable, | ||
_In_opt_ PTOKEN_PRIVILEGES | PrivilegesToDelete, | ||
_In_opt_ PTOKEN_GROUPS | RestrictedSids, | ||
_Out_ PHANDLE | NewTokenHandle | ||
) |
Creates an access token in a restricted form from the original existing token, that is, such action is called filtering.
[in] | ExistingTokenHandle | A handle to an access token which is to be filtered. |
[in] | Flags | Privilege flag options. This parameter argument influences how the token's privileges are filtered. For further details see remarks. |
[in] | SidsToDisable | Array of SIDs to disable. The action of doing so assigns the SE_GROUP_USE_FOR_DENY_ONLY attribute to the respective group SID and takes away SE_GROUP_ENABLED and SE_GROUP_ENABLED_BY_DEFAULT. This parameter can be NULL. This can be a UM pointer. |
[in] | PrivilegesToDelete | Array of privileges to delete. The function will walk within this array to determine if the specified privileges do exist in the access token. Any missing privileges gets ignored. This parameter can be NULL. This can be a UM pointer. |
[in] | RestrictedSids | An array list of restricted groups SID to be added in the access token. A token that is already restricted the newly added restricted SIDs are redundant information in addition to the existing restricted SIDs in the token. This parameter can be NULL. This can be a UM pointer. |
[out] | NewTokenHandle | A new handle to the restricted (filtered) access token. This can be a UM pointer. |
0 – Filter the token's privileges in the usual way. The function expects that the caller MUST PROVIDE a valid array list of privileges to be deleted (that is, PrivilegesToDelete MUSTN'T BE NULL).
DISABLE_MAX_PRIVILEGE – Disables (deletes) all the privileges except SeChangeNotifyPrivilege in the new access token. Bear in mind if this flag is specified the routine ignores PrivilegesToDelete.
SANDBOX_INERT – Stores the TOKEN_SANDBOX_INERT token flag within the access token.
LUA_TOKEN – The newly filtered access token is a LUA token. This flag is not supported in Windows Server 2003.
WRITE_RESTRICTED – The newly filtered token has the restricted SIDs that are considered only when evaluating write access onto the token. This value is not supported in Windows Server 2003.
Definition at line 2075 of file tokenlif.c.
Referenced by CreateRestrictedToken(), QueryTokenIsSandboxInert(), QueryTokenPrivilegesAndGroupsTests(), QueryTokenRestrictedSidsTest(), and START_TEST().
NTSTATUS NTAPI SeFilterToken | ( | _In_ PACCESS_TOKEN | ExistingToken, |
_In_ ULONG | Flags, | ||
_In_opt_ PTOKEN_GROUPS | SidsToDisable, | ||
_In_opt_ PTOKEN_PRIVILEGES | PrivilegesToDelete, | ||
_In_opt_ PTOKEN_GROUPS | RestrictedSids, | ||
_Out_ PACCESS_TOKEN * | FilteredToken | ||
) |
Filters an access token from an existing token, making it more restricted than the previous one.
[in] | ExistingToken | An existing token for filtering. |
[in] | Flags | Privilege flag options. This parameter argument influences how the token is filtered. Such parameter can be 0. See NtFilterToken syscall for more information. |
[in] | SidsToDisable | Array of SIDs to disable. Such parameter can be NULL. |
[in] | PrivilegesToDelete | Array of privileges to delete. If DISABLE_MAX_PRIVILEGE flag is specified in the Flags parameter, PrivilegesToDelete is ignored. |
[in] | RestrictedSids | An array of restricted SIDs for the new filtered token. Such parameter can be NULL. |
[out] | FilteredToken | The newly filtered token, returned to the caller. |
Definition at line 1438 of file tokenlif.c.
Referenced by FatCreateRestrictEveryoneToken(), and FilterToken().
NTSTATUS NTAPI SepCreateToken | ( | _Out_ PHANDLE | TokenHandle, |
_In_ KPROCESSOR_MODE | PreviousMode, | ||
_In_ ACCESS_MASK | DesiredAccess, | ||
_In_opt_ POBJECT_ATTRIBUTES | ObjectAttributes, | ||
_In_ TOKEN_TYPE | TokenType, | ||
_In_ SECURITY_IMPERSONATION_LEVEL | ImpersonationLevel, | ||
_In_ PLUID | AuthenticationId, | ||
_In_ PLARGE_INTEGER | ExpirationTime, | ||
_In_ PSID_AND_ATTRIBUTES | User, | ||
_In_ ULONG | GroupCount, | ||
_In_ PSID_AND_ATTRIBUTES | Groups, | ||
_In_ ULONG | GroupsLength, | ||
_In_ ULONG | PrivilegeCount, | ||
_In_ PLUID_AND_ATTRIBUTES | Privileges, | ||
_In_opt_ PSID | Owner, | ||
_In_ PSID | PrimaryGroup, | ||
_In_opt_ PACL | DefaultDacl, | ||
_In_ PTOKEN_SOURCE | TokenSource, | ||
_In_ BOOLEAN | SystemToken | ||
) |
Internal function responsible for access token object creation in the kernel. A fully created token objected is inserted into the token handle, thus the handle becoming a valid handle to an access token object and ready for use.
[out] | TokenHandle | Valid token handle that's ready for use after token creation and object insertion. |
[in] | PreviousMode | Processor request level mode. |
[in] | DesiredAccess | Desired access right for the token object to be granted. This kind of access right impacts how the token can be used and who. |
[in] | ObjectAttributes | Object attributes for the token to be created. |
[in] | TokenType | Type of token to assign upon creation. |
[in] | ImpersonationLevel | Security impersonation level of token to assign upon creation. |
[in] | AuthenticationId | Authentication ID that represents the authentication information of the token. |
[in] | ExpirationTime | Expiration time of the token to assign. A value of -1 means that the token never expires and its life depends upon the amount of references this token object has. |
[in] | User | User entry to assign to the token. |
[in] | GroupCount | The total number of groups count for the token. |
[in] | Groups | The group entries for the token. |
[in] | GroupsLength | The length size of the groups array, pointed by the Groups parameter. |
[in] | PrivilegeCount | The total number of priivleges that the newly created token has. |
[in] | Privileges | The privileges for the token. |
[in] | Owner | The main user (or also owner) that represents the token that we create. |
[in] | PrimaryGroup | The main group that represents the token that we create. |
[in] | DefaultDacl | A discretionary access control list for the token. |
[in] | TokenSource | Source (or the origin) of the access token that creates it. |
[in] | SystemToken | If set to TRUE, the newly created token is a system token and only in charge by the internal system. The function directly returns a pointer to the created token object for system kernel use. Otherwise if set to FALSE, the function inserts the object to a handle making it a regular access token. |
Definition at line 97 of file tokenlif.c.
Referenced by NtCreateToken(), SepCreateSystemAnonymousLogonToken(), SepCreateSystemAnonymousLogonTokenNoEveryone(), and SepCreateSystemProcessToken().
NTSTATUS NTAPI SepDuplicateToken | ( | _In_ PTOKEN | Token, |
_In_opt_ POBJECT_ATTRIBUTES | ObjectAttributes, | ||
_In_ BOOLEAN | EffectiveOnly, | ||
_In_ TOKEN_TYPE | TokenType, | ||
_In_ SECURITY_IMPERSONATION_LEVEL | Level, | ||
_In_ KPROCESSOR_MODE | PreviousMode, | ||
_Out_ PTOKEN * | NewAccessToken | ||
) |
Duplicates an access token, from an existing valid token.
[in] | Token | Access token to duplicate. |
[in] | ObjectAttributes | Object attributes for the new token. |
[in] | EffectiveOnly | If set to TRUE, the function removes all the disabled privileges and groups of the token to duplicate. |
[in] | TokenType | Type of token. |
[in] | Level | Security impersonation level of a token. |
[in] | PreviousMode | The processor request level mode. |
[out] | NewAccessToken | The duplicated token. |
Definition at line 471 of file tokenlif.c.
Referenced by NtDuplicateToken(), SeCopyClientToken(), SepOpenThreadToken(), and SeSubProcessToken().
|
static |
Private helper function responsible for creating a restricted access token, that is, a filtered token from privileges and groups and with restricted SIDs added into the token on demand by the caller.
[in] | Token | An existing and valid access token. |
[in] | PrivilegesToBeDeleted | A list of privileges to be deleted within the token that's going to be filtered. This parameter is ignored if the caller wants to disable all the privileges by specifying DISABLE_MAX_PRIVILEGE in the flags parameter. |
[in] | SidsToBeDisabled | A list of group SIDs to be disabled within the token. This parameter can be NULL. |
[in] | RestrictedSidsIntoToken | A list of restricted SIDs to be added into the token. This parameter can be NULL. |
[in] | PrivilegesCount | The privilege count of the privileges list. |
[in] | RegularGroupsSidCount | The SIDs count of the group SIDs list. |
[in] | RestrictedSidsCount | The restricted SIDs count of restricted SIDs list. |
[in] | PrivilegeFlags | Influences how the privileges should be filtered in an access token. See NtFilterToken syscall for more information. |
[in] | PreviousMode | Processor level access mode. |
[out] | FilteredToken | The filtered token, returned to the caller. |
Definition at line 859 of file tokenlif.c.
Referenced by NtFilterToken(), and SeFilterToken().