17#define SE_TOKEN_DYNAMIC_SLIM 500
120 ULONG TokenFlags = 0;
121 ULONG PrimaryGroupIndex, DefaultOwnerIndex;
125 ULONG PrivilegesLength;
126 ULONG UserGroupsLength;
127 ULONG VariableLength;
128 ULONG DynamicPartSize, TotalSize;
129 ULONG TokenPagedCharges;
135 for (
i = 0;
i < GroupCount;
i++)
165 for (
i = 0;
i < GroupCount;
i++)
174 VariableLength = PrivilegesLength + UserGroupsLength;
187 DynamicPartSize = DefaultDacl ? DefaultDacl->AclSize : 0;
191 TokenPagedCharges = DynamicPartSize + TotalSize;
206 (
PVOID*)&AccessToken);
216 AccessToken->
TokenId = TokenId;
234 AccessToken->
TokenFlags = TokenFlags & ~TOKEN_SESSION_NOT_REFERENCED;
242 DPRINT1(
"SepRmReferenceLogonSession() failed (Status 0x%lx)\n",
Status);
253 DPRINT1(
"SepRmInsertLogonSessionIntoToken() failed (Status 0x%lx)\n",
Status);
290 if (PrivilegeCount > 0)
294 VariableLength -= PrivilegesLength;
358 DPRINT1(
"SepFindPrimaryGroupAndDefaultOwner failed (Status 0x%lx)\n",
Status);
399 if (DefaultDacl !=
NULL)
405 DefaultDacl->AclSize);
483 ULONG PrimaryGroupIndex;
484 ULONG VariableLength;
485 ULONG DynamicPartSize, TotalSize;
486 ULONG PrivilegesIndex, GroupsIndex;
491 VariableLength =
Token->VariableLength;
499 DynamicPartSize =
Token->DefaultDacl ?
Token->DefaultDacl->AclSize : 0;
508 Token->DynamicCharged,
510 (
PVOID*)&AccessToken);
536 Token->TokenSource.SourceName,
537 sizeof(
Token->TokenSource.SourceName));
551 AccessToken->
TokenFlags =
Token->TokenFlags & ~TOKEN_SESSION_NOT_REFERENCED;
558 DPRINT1(
"SepRmReferenceLogonSession() failed (Status 0x%lx)\n",
Status);
569 DPRINT1(
"SepRmInsertLogonSessionIntoToken() failed (Status 0x%lx)\n",
Status);
596 ASSERT(VariableLength >= PrivilegesLength);
601 VariableLength -= PrivilegesLength;
611 if (
Token->UserAndGroups && (
Token->UserAndGroupCount > 0))
619 Token->UserAndGroups,
627 DPRINT1(
"RtlCopySidAndAttributesArray(UserAndGroups) failed (Status 0x%lx)\n",
Status);
640 DPRINT1(
"SepFindPrimaryGroupAndDefaultOwner failed (Status 0x%lx)\n",
Status);
647 if (
Token->RestrictedSids && (
Token->RestrictedSidCount > 0))
655 Token->RestrictedSids,
663 DPRINT1(
"RtlCopySidAndAttributesArray(RestrictedSids) failed (Status 0x%lx)\n",
Status);
703 Token->DefaultDacl->AclSize);
718 for (GroupsIndex = 1; GroupsIndex < AccessToken->
UserAndGroupCount; GroupsIndex++)
744 AccessToken->
TokenFlags &= ~TOKEN_HAS_ADMIN_GROUP;
758 for (PrivilegesIndex = 0; PrivilegesIndex < AccessToken->
PrivilegeCount; PrivilegesIndex++)
784 *NewAccessToken = AccessToken;
874 ULONG DynamicPartSize;
875 ULONG RestrictedSidsLength;
876 ULONG PrivilegesLength;
877 ULONG PrimaryGroupIndex;
878 ULONG RestrictedSidsInList;
879 ULONG RestrictedSidsInToken;
880 ULONG VariableLength, TotalSize;
881 ULONG PrivsInToken, PrivsInList;
882 ULONG GroupsInToken, GroupsInList;
883 BOOLEAN WantPrivilegesDisabled;
894 WantPrivilegesDisabled =
FALSE;
897 FoundPrivilege =
FALSE;
905 VariableLength =
Token->VariableLength;
907 if (RestrictedSidsIntoToken !=
NULL)
925 VariableLength += RestrictedSidsLength;
926 TotalSize =
FIELD_OFFSET(
TOKEN, VariablePart) + VariableLength + RestrictedSidsLength;
939 DynamicPartSize =
Token->DefaultDacl ?
Token->DefaultDacl->AclSize : 0;
949 Token->DynamicCharged,
951 (
PVOID*)&AccessToken);
954 DPRINT1(
"SepPerformTokenFiltering(): Failed to create the filtered token object (Status 0x%lx)\n",
Status);
980 Token->TokenSource.SourceName,
981 sizeof(
Token->TokenSource.SourceName));
992 AccessToken->
TokenFlags =
Token->TokenFlags & ~TOKEN_SESSION_NOT_REFERENCED;
999 DPRINT1(
"SepPerformTokenFiltering(): Failed to reference the logon session (Status 0x%lx)\n",
Status);
1009 DPRINT1(
"SepPerformTokenFiltering(): Failed to insert the logon session into token (Status 0x%lx)\n",
Status);
1042 ASSERT(VariableLength >= PrivilegesLength);
1047 VariableLength -= PrivilegesLength;
1057 if (
Token->UserAndGroups && (
Token->UserAndGroupCount > 0))
1065 Token->UserAndGroups,
1073 DPRINT1(
"SepPerformTokenFiltering(): Failed to copy the groups into token (Status 0x%lx)\n",
Status);
1081 if (
Token->RestrictedSids && (
Token->RestrictedSidCount > 0))
1089 Token->RestrictedSids,
1097 DPRINT1(
"SepPerformTokenFiltering(): Failed to copy the restricted SIDs into token (Status 0x%lx)\n",
Status);
1106 if (RestrictedSidsIntoToken !=
NULL)
1108 for (RestrictedSidsInList = 0; RestrictedSidsInList < RestrictedSidsCount; RestrictedSidsInList++)
1111 if (RestrictedSidsIntoToken[RestrictedSidsInList].
Attributes != 0)
1114 DPRINT1(
"SepPerformTokenFiltering(): There mustn't be any attributes to restricted SIDs!\n");
1125 ASSERT(VariableLength >= RestrictedSidsLength);
1134 VariableLength -= RestrictedSidsLength;
1137 RestrictedSidsIntoToken,
1148 for (RestrictedSidsInToken = 0; RestrictedSidsInToken < AccessToken->
RestrictedSidCount; RestrictedSidsInToken++)
1162 Token->PrimaryGroup,
1168 DPRINT1(
"SepPerformTokenFiltering(): Failed searching for the primary group (Status 0x%lx)\n",
Status);
1201 if (
Token->DynamicPart &&
Token->DefaultDacl)
1207 Token->DefaultDacl->AclSize);
1220 WantPrivilegesDisabled =
TRUE;
1233 for (PrivsInToken = 0; PrivsInToken < AccessToken->
PrivilegeCount; PrivsInToken++)
1235 if (WantPrivilegesDisabled)
1266 if (PrivilegesToBeDeleted !=
NULL)
1269 for (PrivsInList = 0; PrivsInList < PrivilegesCount; PrivsInList++)
1273 &PrivilegesToBeDeleted[PrivsInList].Luid))
1276 FoundPrivilege =
TRUE;
1282 if (PrivsInList == PrivilegesCount)
1309 FoundPrivilege =
FALSE;
1318 if (SidsToBeDisabled !=
NULL)
1320 for (GroupsInToken = 0; GroupsInToken < AccessToken->
UserAndGroupCount; GroupsInToken++)
1322 for (GroupsInList = 0; GroupsInList < RegularGroupsSidCount; GroupsInList++)
1326 &SidsToBeDisabled[GroupsInList].Sid))
1335 if (GroupsInList == RegularGroupsSidCount)
1352 AccessToken->
TokenFlags &= ~TOKEN_HAS_ADMIN_GROUP;
1384 *FilteredToken = AccessToken;
1386 DPRINT(
"SepPerformTokenFiltering(): The token has been filtered!\n");
1448 ULONG PrivilegesCount = 0;
1449 ULONG SidsCount = 0;
1450 ULONG RestrictedSidsCount = 0;
1455 if (SidsToDisable !=
NULL)
1457 SidsCount = SidsToDisable->GroupCount;
1460 if (PrivilegesToDelete !=
NULL)
1462 PrivilegesCount = PrivilegesToDelete->PrivilegeCount;
1465 if (RestrictedSids !=
NULL)
1467 RestrictedSidsCount = RestrictedSids->GroupCount;
1472 PrivilegesToDelete->Privileges,
1473 SidsToDisable->Groups,
1474 RestrictedSids->Groups,
1477 RestrictedSidsCount,
1483 DPRINT1(
"SeFilterToken(): Failed to filter the token (Status 0x%lx)\n",
Status);
1496 DPRINT1(
"SeFilterToken(): Failed to insert the filtered token (Status 0x%lx)\n",
Status);
1501 *FilteredToken = AccessToken;
1575 ULONG PrivilegeCount, GroupCount;
1576 PSID OwnerSid, PrimaryGroupSid;
1579 LUID LocalAuthenticationId;
1586 PSID CapturedPrimaryGroupSid =
NULL;
1588 ULONG PrivilegesLength, UserLength, GroupsLength;
1612 LocalAuthenticationId = *AuthenticationId;
1675 LocalAuthenticationId = *AuthenticationId;
1676 LocalExpirationTime = *ExpirationTime;
1736 &CapturedPrivileges,
1762 &CapturedPrimaryGroupSid);
1769 if (DefaultDacl !=
NULL)
1775 &CapturedDefaultDacl);
1789 &LocalAuthenticationId,
1790 &LocalExpirationTime,
1798 CapturedPrimaryGroupSid,
1799 CapturedDefaultDacl,
1914 &CapturedSecurityQualityOfService,
1918 DPRINT1(
"NtDuplicateToken() failed to capture QoS! Status: 0x%x\n",
Status);
1930 DPRINT1(
"Failed to reference token (Status 0x%lx)\n",
Status);
2084 HANDLE FilteredTokenHandle;
2089 ULONG CapturedSidsCount = 0;
2090 ULONG CapturedPrivilegesCount = 0;
2091 ULONG CapturedRestrictedSidsCount = 0;
2092 ULONG ProbeSize = 0;
2104 if (SidsToDisable !=
NULL)
2109 CapturedSidsCount = SidsToDisable->GroupCount;
2116 if (PrivilegesToDelete !=
NULL)
2121 CapturedPrivilegesCount = PrivilegesToDelete->PrivilegeCount;
2128 if (RestrictedSids !=
NULL)
2133 CapturedRestrictedSidsCount = RestrictedSids->GroupCount;
2158 DPRINT1(
"NtFilterToken(): Failed to reference the token (Status 0x%lx)\n",
Status);
2163 if (SidsToDisable !=
NULL)
2176 DPRINT1(
"NtFilterToken(): Failed to capture the SIDs (Status 0x%lx)\n",
Status);
2182 if (PrivilegesToDelete !=
NULL)
2185 CapturedPrivilegesCount,
2191 &CapturedPrivileges,
2195 DPRINT1(
"NtFilterToken(): Failed to capture the privileges (Status 0x%lx)\n",
Status);
2201 if (RestrictedSids !=
NULL)
2204 CapturedRestrictedSidsCount,
2210 &CapturedRestrictedSids,
2214 DPRINT1(
"NtFilterToken(): Failed to capture the restricted SIDs (Status 0x%lx)\n",
Status);
2223 CapturedRestrictedSids,
2224 CapturedPrivilegesCount,
2226 CapturedRestrictedSidsCount,
2232 DPRINT1(
"NtFilterToken(): Failed to filter the token (Status 0x%lx)\n",
Status);
2242 &FilteredTokenHandle);
2245 DPRINT1(
"NtFilterToken(): Failed to insert the filtered token (Status 0x%lx)\n",
Status);
2266 if (CapturedSids !=
NULL)
2273 if (CapturedPrivileges !=
NULL)
2280 if (CapturedRestrictedSids !=
NULL)
#define STATUS_PRIVILEGE_NOT_HELD
#define ALIGN_UP_BY(size, align)
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
#define NT_SUCCESS(StatCode)
static const WCHAR Cleanup[]
#define ExAllocatePoolWithTag(hernya, size, tag)
#define ExGetPreviousMode
VOID NTAPI ProbeForRead(IN CONST VOID *Address, IN SIZE_T Length, IN ULONG Alignment)
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
NTSYSAPI BOOLEAN WINAPI RtlCopySid(DWORD, PSID, PSID)
#define EXCEPTION_EXECUTE_HANDLER
enum _SECURITY_IMPERSONATION_LEVEL SECURITY_IMPERSONATION_LEVEL
#define SE_CHANGE_NOTIFY_PRIVILEGE
#define KeGetPreviousMode()
_In_ ACCESS_MASK _In_ ULONG _Out_ PHANDLE TokenHandle
NTSYSAPI NTSTATUS NTAPI RtlCopySidAndAttributesArray(_In_ ULONG Count, _In_ PSID_AND_ATTRIBUTES Src, _In_ ULONG SidAreaSize, _In_ PSID_AND_ATTRIBUTES Dest, _In_ PSID SidArea, _Out_ PSID *RemainingSidArea, _Out_ PULONG RemainingSidAreaSize)
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ SaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ OwnerSize PSID Owner
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ SaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ OwnerSize PSID _Inout_ PULONG _Out_writes_bytes_to_opt_ PrimaryGroupSize PSID PrimaryGroup
NTSYSAPI ULONG NTAPI RtlLengthSid(IN PSID Sid)
_In_ ULONG _In_ ACCESS_MASK _In_ PSID Sid
NTSYSAPI BOOLEAN NTAPI RtlEqualSid(_In_ PSID Sid1, _In_ PSID Sid2)
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN EffectiveOnly
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN _In_ TOKEN_TYPE _Out_ PHANDLE NewTokenHandle
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN _In_ TOKEN_TYPE TokenType
#define SE_GROUP_USE_FOR_DENY_ONLY
#define SE_GROUP_MANDATORY
#define SE_GROUP_ENABLED_BY_DEFAULT
#define DISABLE_MAX_PRIVILEGE
#define _Must_inspect_result_
VOID NTAPI ExAllocateLocallyUniqueId(OUT LUID *LocallyUniqueId)
EPROCESS KiInitialProcess
VOID NTAPI SepReleaseSid(_In_ PSID CapturedSid, _In_ KPROCESSOR_MODE AccessMode, _In_ BOOLEAN CaptureIfKernel)
Releases a captured SID.
NTSTATUS NTAPI SepRmInsertLogonSessionIntoToken(_Inout_ PTOKEN Token)
Inserts a logon session into an access token specified by the caller.
VOID SepRemovePrivilegeToken(_Inout_ PTOKEN Token, _In_ ULONG Index)
Removes a privilege from the token.
NTSTATUS NTAPI SepCaptureSid(_In_ PSID InputSid, _In_ KPROCESSOR_MODE AccessMode, _In_ POOL_TYPE PoolType, _In_ BOOLEAN CaptureIfKernel, _Out_ PSID *CapturedSid)
Captures a SID.
NTSTATUS SepFindPrimaryGroupAndDefaultOwner(_In_ PTOKEN Token, _In_ PSID PrimaryGroup, _In_opt_ PSID DefaultOwner, _Out_opt_ PULONG PrimaryGroupIndex, _Out_opt_ PULONG DefaultOwnerIndex)
Finds the primary group and default owner entity based on the submitted primary group instance and an...
const LUID SeCreateTokenPrivilege
NTSTATUS SepCreateTokenLock(_Inout_ PTOKEN Token)
Creates a lock for the token.
#define TOKEN_CREATE_METHOD
VOID NTAPI SeReleaseSidAndAttributesArray(_In_ _Post_invalid_ PSID_AND_ATTRIBUTES CapturedSidAndAttributes, _In_ KPROCESSOR_MODE AccessMode, _In_ BOOLEAN CaptureIfKernel)
Releases a captured SID with attributes.
#define SepAcquireTokenLockShared(Token)
VOID NTAPI SepReleaseAcl(_In_ PACL CapturedAcl, _In_ KPROCESSOR_MODE AccessMode, _In_ BOOLEAN CaptureIfKernel)
Releases (frees) a captured ACL from the memory pool.
VOID NTAPI SeReleaseLuidAndAttributesArray(_In_ PLUID_AND_ATTRIBUTES Privilege, _In_ KPROCESSOR_MODE PreviousMode, _In_ BOOLEAN CaptureIfKernel)
Releases a LUID with attributes structure.
ULONG RtlLengthSidAndAttributes(_In_ ULONG Count, _In_ PSID_AND_ATTRIBUTES Src)
Computes the length size of a SID.
VOID SepUpdatePrivilegeFlagsToken(_Inout_ PTOKEN Token)
Updates the token's flags based upon the privilege that the token has been granted....
NTSTATUS SepRmReferenceLogonSession(_Inout_ PLUID LogonLuid)
VOID SepRemoveUserGroupToken(_Inout_ PTOKEN Token, _In_ ULONG Index)
Removes a group from the token.
NTSTATUS NTAPI SepCaptureSecurityQualityOfService(_In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ KPROCESSOR_MODE AccessMode, _In_ POOL_TYPE PoolType, _In_ BOOLEAN CaptureIfKernel, _Out_ PSECURITY_QUALITY_OF_SERVICE *CapturedSecurityQualityOfService, _Out_ PBOOLEAN Present)
Captures the security quality of service data given the object attributes from an object.
VOID SepUpdateSinglePrivilegeFlagToken(_Inout_ PTOKEN Token, _In_ ULONG Index)
Updates the token's flags based upon the privilege that the token has been granted....
NTSTATUS NTAPI SepCaptureAcl(_In_ PACL InputAcl, _In_ KPROCESSOR_MODE AccessMode, _In_ POOL_TYPE PoolType, _In_ BOOLEAN CaptureIfKernel, _Out_ PACL *CapturedAcl)
Captures an access control list from an already valid input ACL.
NTSTATUS NTAPI SeCaptureSidAndAttributesArray(_In_ PSID_AND_ATTRIBUTES SrcSidAndAttributes, _In_ ULONG AttributeCount, _In_ KPROCESSOR_MODE PreviousMode, _In_opt_ PVOID AllocatedMem, _In_ ULONG AllocatedLength, _In_ POOL_TYPE PoolType, _In_ BOOLEAN CaptureIfKernel, _Out_ PSID_AND_ATTRIBUTES *CapturedSidAndAttributes, _Out_ PULONG ResultLength)
Captures a SID with attributes.
#define SepReleaseTokenLock(Token)
VOID NTAPI SepReleaseSecurityQualityOfService(_In_opt_ PSECURITY_QUALITY_OF_SERVICE CapturedSecurityQualityOfService, _In_ KPROCESSOR_MODE AccessMode, _In_ BOOLEAN CaptureIfKernel)
Releases (frees) the captured SQOS data from an object in the memory pool.
#define TOKEN_FILTER_METHOD
#define TOKEN_DUPLICATE_METHOD
NTSTATUS NTAPI SeCaptureLuidAndAttributesArray(_In_ PLUID_AND_ATTRIBUTES Src, _In_ ULONG PrivilegeCount, _In_ KPROCESSOR_MODE PreviousMode, _In_ PLUID_AND_ATTRIBUTES AllocatedMem, _In_ ULONG AllocatedLength, _In_ POOL_TYPE PoolType, _In_ BOOLEAN CaptureIfKernel, _Out_ PLUID_AND_ATTRIBUTES *Dest, _Inout_ PULONG Length)
HANDLE NTAPI PsGetCurrentProcessId(VOID)
BOOLEAN NTAPI SeSinglePrivilegeCheck(_In_ LUID PrivilegeValue, _In_ KPROCESSOR_MODE PreviousMode)
Checks if a single privilege is present in the context of the calling thread.
POBJECT_TYPE SeTokenObjectType
#define STATUS_BAD_TOKEN_TYPE
#define STATUS_BAD_IMPERSONATION_LEVEL
NTSTATUS NTAPI ObInsertObject(IN PVOID Object, IN PACCESS_STATE AccessState OPTIONAL, IN ACCESS_MASK DesiredAccess, IN ULONG ObjectPointerBias, OUT PVOID *NewObject OPTIONAL, OUT PHANDLE Handle)
NTSTATUS NTAPI ObCreateObject(IN KPROCESSOR_MODE ProbeMode OPTIONAL, IN POBJECT_TYPE Type, IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, IN KPROCESSOR_MODE AccessMode, IN OUT PVOID ParseContext OPTIONAL, IN ULONG ObjectSize, IN ULONG PagedPoolCharge OPTIONAL, IN ULONG NonPagedPoolCharge OPTIONAL, OUT PVOID *Object)
NTSTATUS NTAPI ObReferenceObjectByHandle(IN HANDLE Handle, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, OUT PVOID *Object, OUT POBJECT_HANDLE_INFORMATION HandleInformation OPTIONAL)
#define _SEH2_GetExceptionCode()
#define _SEH2_EXCEPT(...)
#define _SEH2_YIELD(__stmt)
#define ProbeForWriteHandle(Ptr)
#define ProbeForReadLargeInteger(Ptr)
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
CCHAR SourceName[TOKEN_SOURCE_LENGTH]
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
LARGE_INTEGER ExpirationTime
PSID_AND_ATTRIBUTES RestrictedSids
PLUID_AND_ATTRIBUTES Privileges
PSID_AND_ATTRIBUTES UserAndGroups
LUID OriginatingLogonSession
#define TAG_TOKEN_DYNAMIC
static NTSTATUS SepPerformTokenFiltering(_In_ PTOKEN Token, _In_opt_ PLUID_AND_ATTRIBUTES PrivilegesToBeDeleted, _In_opt_ PSID_AND_ATTRIBUTES SidsToBeDisabled, _In_opt_ PSID_AND_ATTRIBUTES RestrictedSidsIntoToken, _When_(PrivilegesToBeDeleted !=NULL, _In_) ULONG PrivilegesCount, _When_(SidsToBeDisabled !=NULL, _In_) ULONG RegularGroupsSidCount, _When_(RestrictedSidsIntoToken !=NULL, _In_) ULONG RestrictedSidsCount, _In_ ULONG PrivilegeFlags, _In_ KPROCESSOR_MODE PreviousMode, _Out_ PTOKEN *FilteredToken)
Private helper function responsible for creating a restricted access token, that is,...
NTSTATUS NTAPI SepDuplicateToken(_In_ PTOKEN Token, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ BOOLEAN EffectiveOnly, _In_ TOKEN_TYPE TokenType, _In_ SECURITY_IMPERSONATION_LEVEL Level, _In_ KPROCESSOR_MODE PreviousMode, _Out_ PTOKEN *NewAccessToken)
Duplicates an access token, from an existing valid token.
__kernel_entry NTSTATUS NTAPI NtCreateToken(_Out_ PHANDLE TokenHandle, _In_ ACCESS_MASK DesiredAccess, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ TOKEN_TYPE TokenType, _In_ PLUID AuthenticationId, _In_ PLARGE_INTEGER ExpirationTime, _In_ PTOKEN_USER TokenUser, _In_ PTOKEN_GROUPS TokenGroups, _In_ PTOKEN_PRIVILEGES TokenPrivileges, _In_opt_ PTOKEN_OWNER TokenOwner, _In_ PTOKEN_PRIMARY_GROUP TokenPrimaryGroup, _In_opt_ PTOKEN_DEFAULT_DACL TokenDefaultDacl, _In_ PTOKEN_SOURCE TokenSource)
Creates an access token.
#define SE_TOKEN_DYNAMIC_SLIM
NTSTATUS NTAPI SepCreateToken(_Out_ PHANDLE TokenHandle, _In_ KPROCESSOR_MODE PreviousMode, _In_ ACCESS_MASK DesiredAccess, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ TOKEN_TYPE TokenType, _In_ SECURITY_IMPERSONATION_LEVEL ImpersonationLevel, _In_ PLUID AuthenticationId, _In_ PLARGE_INTEGER ExpirationTime, _In_ PSID_AND_ATTRIBUTES User, _In_ ULONG GroupCount, _In_ PSID_AND_ATTRIBUTES Groups, _In_ ULONG GroupsLength, _In_ ULONG PrivilegeCount, _In_ PLUID_AND_ATTRIBUTES Privileges, _In_opt_ PSID Owner, _In_ PSID PrimaryGroup, _In_opt_ PACL DefaultDacl, _In_ PTOKEN_SOURCE TokenSource, _In_ BOOLEAN SystemToken)
Internal function responsible for access token object creation in the kernel. A fully created token o...
NTSTATUS NTAPI NtFilterToken(_In_ HANDLE ExistingTokenHandle, _In_ ULONG Flags, _In_opt_ PTOKEN_GROUPS SidsToDisable, _In_opt_ PTOKEN_PRIVILEGES PrivilegesToDelete, _In_opt_ PTOKEN_GROUPS RestrictedSids, _Out_ PHANDLE NewTokenHandle)
Creates an access token in a restricted form from the original existing token, that is,...
_Must_inspect_result_ __kernel_entry NTSTATUS NTAPI NtDuplicateToken(_In_ HANDLE ExistingTokenHandle, _In_ ACCESS_MASK DesiredAccess, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ BOOLEAN EffectiveOnly, _In_ TOKEN_TYPE TokenType, _Out_ PHANDLE NewTokenHandle)
Duplicates a token.
NTSTATUS NTAPI SeFilterToken(_In_ PACCESS_TOKEN ExistingToken, _In_ ULONG Flags, _In_opt_ PTOKEN_GROUPS SidsToDisable, _In_opt_ PTOKEN_PRIVILEGES PrivilegesToDelete, _In_opt_ PTOKEN_GROUPS RestrictedSids, _Out_ PACCESS_TOKEN *FilteredToken)
Filters an access token from an existing token, making it more restricted than the previous one.
#define FIELD_OFFSET(t, f)
#define RtlCopyMemory(Destination, Source, Length)
#define RtlZeroMemory(Destination, Length)
#define STATUS_INVALID_PARAMETER
#define STATUS_INSUFFICIENT_RESOURCES
_Must_inspect_result_ _In_ WDFDMAENABLER _In_ _In_opt_ PWDF_OBJECT_ATTRIBUTES Attributes
_Must_inspect_result_ _In_ WDFDEVICE _In_ DEVICE_REGISTRY_PROPERTY _In_ ULONG _Out_ PULONG ResultLength
_Must_inspect_result_ _In_ WDFDEVICE _In_ ULONG _In_ ACCESS_MASK DesiredAccess
_IRQL_requires_same_ typedef _In_ ULONG _In_ UCHAR Level
_Must_inspect_result_ _In_ ULONG Flags
_In_ ACCESS_MASK _In_opt_ POBJECT_TYPE _In_ KPROCESSOR_MODE _Out_ PVOID _Out_opt_ POBJECT_HANDLE_INFORMATION HandleInformation
#define ObDereferenceObject
#define PsGetCurrentProcess
_Out_ PBOOLEAN _Out_ PBOOLEAN _Out_ PSECURITY_IMPERSONATION_LEVEL ImpersonationLevel
#define RtlEqualLuid(Luid1, Luid2)
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET * Privileges
_In_ KPROCESSOR_MODE PreviousMode
#define TOKEN_SESSION_NOT_REFERENCED
struct _LUID_AND_ATTRIBUTES LUID_AND_ATTRIBUTES
struct _SID_AND_ATTRIBUTES SID_AND_ATTRIBUTES
#define TOKEN_SANDBOX_INERT
#define SE_PRIVILEGE_ENABLED
#define TOKEN_IS_RESTRICTED
#define TOKEN_HAS_ADMIN_GROUP