17 #define SE_TOKEN_DYNAMIC_SLIM 500 120 ULONG TokenFlags = 0;
121 ULONG PrimaryGroupIndex, DefaultOwnerIndex;
125 ULONG PrivilegesLength;
126 ULONG UserGroupsLength;
127 ULONG VariableLength;
128 ULONG DynamicPartSize, TotalSize;
129 ULONG TokenPagedCharges;
135 for (
i = 0;
i < GroupCount;
i++)
165 for (
i = 0;
i < GroupCount;
i++)
174 VariableLength = PrivilegesLength + UserGroupsLength;
187 DynamicPartSize = DefaultDacl ? DefaultDacl->AclSize : 0;
191 TokenPagedCharges = DynamicPartSize + TotalSize;
206 (
PVOID*)&AccessToken);
216 AccessToken->TokenId = TokenId;
225 AccessToken->TokenSource.SourceIdentifier =
TokenSource->SourceIdentifier;
230 AccessToken->ExpirationTime = *ExpirationTime;
231 AccessToken->ModifiedId = ModifiedId;
232 AccessToken->DynamicCharged = TokenPagedCharges - TotalSize;
237 AccessToken->AuthenticationId = *AuthenticationId;
242 DPRINT1(
"SepRmReferenceLogonSession() failed (Status 0x%lx)\n",
Status);
253 DPRINT1(
"SepRmInsertLogonSessionIntoToken() failed (Status 0x%lx)\n",
Status);
284 AccessToken->VariableLength = VariableLength;
285 EndMem = (
PVOID)&AccessToken->VariablePart;
288 AccessToken->PrivilegeCount = PrivilegeCount;
289 AccessToken->Privileges =
NULL;
290 if (PrivilegeCount > 0)
292 AccessToken->Privileges = EndMem;
294 VariableLength -= PrivilegesLength;
325 AccessToken->UserAndGroupCount = 1 + GroupCount;
326 AccessToken->UserAndGroups = EndMem;
327 EndMem = &AccessToken->UserAndGroups[AccessToken->UserAndGroupCount];
333 &AccessToken->UserAndGroups[0],
343 &AccessToken->UserAndGroups[1],
358 DPRINT1(
"SepFindPrimaryGroupAndDefaultOwner failed (Status 0x%lx)\n",
Status);
371 if (AccessToken->DynamicPart ==
NULL)
378 AccessToken->DynamicAvailable = 0;
384 EndMem = (
PVOID)AccessToken->DynamicPart;
385 AccessToken->PrimaryGroup = EndMem;
388 AccessToken->UserAndGroups[PrimaryGroupIndex].Sid);
389 AccessToken->DefaultOwnerIndex = DefaultOwnerIndex;
399 if (DefaultDacl !=
NULL)
401 AccessToken->DefaultDacl = EndMem;
405 DefaultDacl->AclSize);
483 ULONG PrimaryGroupIndex;
484 ULONG VariableLength;
485 ULONG DynamicPartSize, TotalSize;
486 ULONG PrivilegesIndex, GroupsIndex;
491 VariableLength =
Token->VariableLength;
499 DynamicPartSize =
Token->DefaultDacl ?
Token->DefaultDacl->AclSize : 0;
508 Token->DynamicCharged,
510 (
PVOID*)&AccessToken);
523 AccessToken->ImpersonationLevel =
Level;
534 AccessToken->TokenSource.SourceIdentifier =
Token->TokenSource.SourceIdentifier;
536 Token->TokenSource.SourceName,
537 sizeof(
Token->TokenSource.SourceName));
539 AccessToken->AuthenticationId =
Token->AuthenticationId;
540 AccessToken->ParentTokenId =
Token->ParentTokenId;
541 AccessToken->ExpirationTime =
Token->ExpirationTime;
542 AccessToken->OriginatingLogonSession =
Token->OriginatingLogonSession;
543 AccessToken->DynamicCharged =
Token->DynamicCharged;
548 AccessToken->SessionId =
Token->SessionId;
549 AccessToken->ModifiedId =
Token->ModifiedId;
558 DPRINT1(
"SepRmReferenceLogonSession() failed (Status 0x%lx)\n",
Status);
569 DPRINT1(
"SepRmInsertLogonSessionIntoToken() failed (Status 0x%lx)\n",
Status);
585 AccessToken->VariableLength = VariableLength;
586 EndMem = (
PVOID)&AccessToken->VariablePart;
589 AccessToken->PrivilegeCount = 0;
590 AccessToken->Privileges =
NULL;
596 ASSERT(VariableLength >= PrivilegesLength);
598 AccessToken->PrivilegeCount =
Token->PrivilegeCount;
599 AccessToken->Privileges = EndMem;
601 VariableLength -= PrivilegesLength;
609 AccessToken->UserAndGroupCount = 0;
610 AccessToken->UserAndGroups =
NULL;
611 if (
Token->UserAndGroups && (
Token->UserAndGroupCount > 0))
613 AccessToken->UserAndGroupCount =
Token->UserAndGroupCount;
614 AccessToken->UserAndGroups = EndMem;
615 EndMem = &AccessToken->UserAndGroups[AccessToken->UserAndGroupCount];
619 Token->UserAndGroups,
621 AccessToken->UserAndGroups,
627 DPRINT1(
"RtlCopySidAndAttributesArray(UserAndGroups) failed (Status 0x%lx)\n",
Status);
640 DPRINT1(
"SepFindPrimaryGroupAndDefaultOwner failed (Status 0x%lx)\n",
Status);
645 AccessToken->RestrictedSidCount = 0;
646 AccessToken->RestrictedSids =
NULL;
647 if (
Token->RestrictedSids && (
Token->RestrictedSidCount > 0))
649 AccessToken->RestrictedSidCount =
Token->RestrictedSidCount;
650 AccessToken->RestrictedSids = EndMem;
651 EndMem = &AccessToken->RestrictedSids[AccessToken->RestrictedSidCount];
655 Token->RestrictedSids,
657 AccessToken->RestrictedSids,
663 DPRINT1(
"RtlCopySidAndAttributesArray(RestrictedSids) failed (Status 0x%lx)\n",
Status);
676 for (GroupsIndex = 0; GroupsIndex < AccessToken->UserAndGroupCount; GroupsIndex++)
688 if (AccessToken->UserAndGroups[GroupsIndex].Attributes == 0 ||
689 (AccessToken->UserAndGroups[GroupsIndex].Attributes &
SE_GROUP_ENABLED) == 0)
700 &AccessToken->UserAndGroups[GroupsIndex].Sid))
716 for (PrivilegesIndex = 0; PrivilegesIndex < AccessToken->PrivilegeCount; PrivilegesIndex++)
726 if (AccessToken->Privileges[PrivilegesIndex].Attributes == 0 ||
745 if (AccessToken->DynamicPart ==
NULL)
752 AccessToken->DynamicAvailable = 0;
758 EndMem = (
PVOID)AccessToken->DynamicPart;
759 AccessToken->PrimaryGroup = EndMem;
762 AccessToken->UserAndGroups[PrimaryGroupIndex].Sid);
763 AccessToken->DefaultOwnerIndex =
Token->DefaultOwnerIndex;
772 AccessToken->DefaultDacl = EndMem;
776 Token->DefaultDacl->AclSize);
780 *NewAccessToken = AccessToken;
870 ULONG DynamicPartSize;
871 ULONG RestrictedSidsLength;
872 ULONG PrivilegesLength;
873 ULONG PrimaryGroupIndex;
874 ULONG RestrictedSidsInList;
875 ULONG RestrictedSidsInToken;
876 ULONG VariableLength, TotalSize;
877 ULONG PrivsInToken, PrivsInList;
878 ULONG GroupsInToken, GroupsInList;
879 BOOLEAN WantPrivilegesDisabled;
890 WantPrivilegesDisabled =
FALSE;
893 FoundPrivilege =
FALSE;
901 VariableLength =
Token->VariableLength;
903 if (RestrictedSidsIntoToken !=
NULL)
921 VariableLength += RestrictedSidsLength;
922 TotalSize =
FIELD_OFFSET(
TOKEN, VariablePart) + VariableLength + RestrictedSidsLength;
935 DynamicPartSize =
Token->DefaultDacl ?
Token->DefaultDacl->AclSize : 0;
945 Token->DynamicCharged,
947 (
PVOID*)&AccessToken);
950 DPRINT1(
"SepPerformTokenFiltering(): Failed to create the filtered token object (Status 0x%lx)\n",
Status);
970 AccessToken->TokenType =
Token->TokenType;
971 AccessToken->ImpersonationLevel =
Token->ImpersonationLevel;
974 AccessToken->TokenSource.SourceIdentifier =
Token->TokenSource.SourceIdentifier;
976 Token->TokenSource.SourceName,
977 sizeof(
Token->TokenSource.SourceName));
979 AccessToken->AuthenticationId =
Token->AuthenticationId;
980 AccessToken->ParentTokenId =
Token->TokenId;
981 AccessToken->OriginatingLogonSession =
Token->OriginatingLogonSession;
982 AccessToken->DynamicCharged =
Token->DynamicCharged;
984 AccessToken->ExpirationTime =
Token->ExpirationTime;
987 AccessToken->SessionId =
Token->SessionId;
995 DPRINT1(
"SepPerformTokenFiltering(): Failed to reference the logon session (Status 0x%lx)\n",
Status);
1005 DPRINT1(
"SepPerformTokenFiltering(): Failed to insert the logon session into token (Status 0x%lx)\n",
Status);
1021 AccessToken->VariableLength = VariableLength;
1022 EndMem = (
PVOID)&AccessToken->VariablePart;
1025 AccessToken->PrivilegeCount = 0;
1026 AccessToken->Privileges =
NULL;
1038 ASSERT(VariableLength >= PrivilegesLength);
1040 AccessToken->PrivilegeCount =
Token->PrivilegeCount;
1041 AccessToken->Privileges = EndMem;
1043 VariableLength -= PrivilegesLength;
1051 AccessToken->UserAndGroupCount = 0;
1052 AccessToken->UserAndGroups =
NULL;
1053 if (
Token->UserAndGroups && (
Token->UserAndGroupCount > 0))
1055 AccessToken->UserAndGroupCount =
Token->UserAndGroupCount;
1056 AccessToken->UserAndGroups = EndMem;
1057 EndMem = &AccessToken->UserAndGroups[AccessToken->UserAndGroupCount];
1061 Token->UserAndGroups,
1063 AccessToken->UserAndGroups,
1069 DPRINT1(
"SepPerformTokenFiltering(): Failed to copy the groups into token (Status 0x%lx)\n",
Status);
1075 AccessToken->RestrictedSidCount = 0;
1076 AccessToken->RestrictedSids =
NULL;
1077 if (
Token->RestrictedSids && (
Token->RestrictedSidCount > 0))
1079 AccessToken->RestrictedSidCount =
Token->RestrictedSidCount;
1080 AccessToken->RestrictedSids = EndMem;
1081 EndMem = &AccessToken->RestrictedSids[AccessToken->RestrictedSidCount];
1085 Token->RestrictedSids,
1087 AccessToken->RestrictedSids,
1093 DPRINT1(
"SepPerformTokenFiltering(): Failed to copy the restricted SIDs into token (Status 0x%lx)\n",
Status);
1102 if (RestrictedSidsIntoToken !=
NULL)
1104 for (RestrictedSidsInList = 0; RestrictedSidsInList < RestrictedSidsCount; RestrictedSidsInList++)
1107 if (RestrictedSidsIntoToken[RestrictedSidsInList].
Attributes != 0)
1110 DPRINT1(
"SepPerformTokenFiltering(): There mustn't be any attributes to restricted SIDs!\n");
1121 ASSERT(VariableLength >= RestrictedSidsLength);
1127 AccessToken->RestrictedSidCount = RestrictedSidsCount;
1128 AccessToken->RestrictedSids = EndMem;
1130 VariableLength -= RestrictedSidsLength;
1133 RestrictedSidsIntoToken,
1144 for (RestrictedSidsInToken = 0; RestrictedSidsInToken < AccessToken->RestrictedSidCount; RestrictedSidsInToken++)
1158 Token->PrimaryGroup,
1164 DPRINT1(
"SepPerformTokenFiltering(): Failed searching for the primary group (Status 0x%lx)\n",
Status);
1172 if (AccessToken->DynamicPart ==
NULL)
1179 AccessToken->DynamicAvailable = 0;
1185 EndMem = (
PVOID)AccessToken->DynamicPart;
1186 AccessToken->PrimaryGroup = EndMem;
1189 AccessToken->UserAndGroups[PrimaryGroupIndex].Sid);
1190 AccessToken->DefaultOwnerIndex =
Token->DefaultOwnerIndex;
1197 if (
Token->DynamicPart &&
Token->DefaultDacl)
1199 AccessToken->DefaultDacl = EndMem;
1203 Token->DefaultDacl->AclSize);
1216 WantPrivilegesDisabled =
TRUE;
1229 for (PrivsInToken = 0; PrivsInToken < AccessToken->PrivilegeCount; PrivsInToken++)
1231 if (WantPrivilegesDisabled)
1262 if (PrivilegesToBeDeleted !=
NULL)
1265 for (PrivsInList = 0; PrivsInList < PrivilegesCount; PrivsInList++)
1268 if (
RtlEqualLuid(&AccessToken->Privileges[PrivsInToken].Luid,
1269 &PrivilegesToBeDeleted[PrivsInList].Luid))
1272 FoundPrivilege =
TRUE;
1278 if (PrivsInList == PrivilegesCount)
1305 FoundPrivilege =
FALSE;
1314 if (SidsToBeDisabled !=
NULL)
1316 for (GroupsInToken = 0; GroupsInToken < AccessToken->UserAndGroupCount; GroupsInToken++)
1318 for (GroupsInList = 0; GroupsInList < RegularGroupsSidCount; GroupsInList++)
1321 if (
RtlEqualSid(&AccessToken->UserAndGroups[GroupsInToken].Sid,
1322 &SidsToBeDisabled[GroupsInList].Sid))
1331 if (GroupsInList == RegularGroupsSidCount)
1346 &AccessToken->UserAndGroups[GroupsInToken].Sid))
1356 if (AccessToken->DefaultOwnerIndex == GroupsInToken)
1358 AccessToken->DefaultOwnerIndex = 0;
1380 *FilteredToken = AccessToken;
1382 DPRINT(
"SepPerformTokenFiltering(): The token has been filtered!\n");
1444 ULONG PrivilegesCount = 0;
1445 ULONG SidsCount = 0;
1446 ULONG RestrictedSidsCount = 0;
1451 if (SidsToDisable !=
NULL)
1453 SidsCount = SidsToDisable->GroupCount;
1456 if (PrivilegesToDelete !=
NULL)
1458 PrivilegesCount = PrivilegesToDelete->PrivilegeCount;
1461 if (RestrictedSids !=
NULL)
1463 RestrictedSidsCount = RestrictedSids->GroupCount;
1468 PrivilegesToDelete->Privileges,
1469 SidsToDisable->Groups,
1470 RestrictedSids->Groups,
1473 RestrictedSidsCount,
1479 DPRINT1(
"SeFilterToken(): Failed to filter the token (Status 0x%lx)\n",
Status);
1492 DPRINT1(
"SeFilterToken(): Failed to insert the filtered token (Status 0x%lx)\n",
Status);
1497 *FilteredToken = AccessToken;
1571 ULONG PrivilegeCount, GroupCount;
1572 PSID OwnerSid, PrimaryGroupSid;
1575 LUID LocalAuthenticationId;
1582 PSID CapturedPrimaryGroupSid =
NULL;
1584 ULONG PrivilegesLength, UserLength, GroupsLength;
1608 LocalAuthenticationId = *AuthenticationId;
1671 LocalAuthenticationId = *AuthenticationId;
1672 LocalExpirationTime = *ExpirationTime;
1732 &CapturedPrivileges,
1758 &CapturedPrimaryGroupSid);
1765 if (DefaultDacl !=
NULL)
1771 &CapturedDefaultDacl);
1785 &LocalAuthenticationId,
1786 &LocalExpirationTime,
1794 CapturedPrimaryGroupSid,
1795 CapturedDefaultDacl,
1910 &CapturedSecurityQualityOfService,
1914 DPRINT1(
"NtDuplicateToken() failed to capture QoS! Status: 0x%x\n",
Status);
1926 DPRINT1(
"Failed to reference token (Status 0x%lx)\n",
Status);
2080 HANDLE FilteredTokenHandle;
2085 ULONG CapturedSidsCount = 0;
2086 ULONG CapturedPrivilegesCount = 0;
2087 ULONG CapturedRestrictedSidsCount = 0;
2088 ULONG ProbeSize = 0;
2100 if (SidsToDisable !=
NULL)
2105 CapturedSidsCount = SidsToDisable->GroupCount;
2112 if (PrivilegesToDelete !=
NULL)
2117 CapturedPrivilegesCount = PrivilegesToDelete->PrivilegeCount;
2124 if (RestrictedSids !=
NULL)
2129 CapturedRestrictedSidsCount = RestrictedSids->GroupCount;
2154 DPRINT1(
"NtFilterToken(): Failed to reference the token (Status 0x%lx)\n",
Status);
2159 if (SidsToDisable !=
NULL)
2172 DPRINT1(
"NtFilterToken(): Failed to capture the SIDs (Status 0x%lx)\n",
Status);
2178 if (PrivilegesToDelete !=
NULL)
2181 CapturedPrivilegesCount,
2187 &CapturedPrivileges,
2191 DPRINT1(
"NtFilterToken(): Failed to capture the privileges (Status 0x%lx)\n",
Status);
2197 if (RestrictedSids !=
NULL)
2200 CapturedRestrictedSidsCount,
2206 &CapturedRestrictedSids,
2210 DPRINT1(
"NtFilterToken(): Failed to capture the restricted SIDs (Status 0x%lx)\n",
Status);
2219 CapturedRestrictedSids,
2220 CapturedPrivilegesCount,
2222 CapturedRestrictedSidsCount,
2228 DPRINT1(
"NtFilterToken(): Failed to filter the token (Status 0x%lx)\n",
Status);
2238 &FilteredTokenHandle);
2241 DPRINT1(
"NtFilterToken(): Failed to insert the filtered token (Status 0x%lx)\n",
Status);
2262 if (CapturedSids !=
NULL)
2269 if (CapturedPrivileges !=
NULL)
2276 if (CapturedRestrictedSids !=
NULL)
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
static NTSTATUS SepPerformTokenFiltering(_In_ PTOKEN Token, _In_opt_ PLUID_AND_ATTRIBUTES PrivilegesToBeDeleted, _In_opt_ PSID_AND_ATTRIBUTES SidsToBeDisabled, _In_opt_ PSID_AND_ATTRIBUTES RestrictedSidsIntoToken, _When_(PrivilegesToBeDeleted !=NULL, _In_) ULONG PrivilegesCount, _When_(SidsToBeDisabled !=NULL, _In_) ULONG RegularGroupsSidCount, _When_(RestrictedSidsIntoToken !=NULL, _In_) ULONG RestrictedSidsCount, _In_ ULONG PrivilegeFlags, _In_ KPROCESSOR_MODE PreviousMode, _Out_ PTOKEN *FilteredToken)
Private helper function responsible for creating a restricted access token, that is,...
#define STATUS_PRIVILEGE_NOT_HELD
_Must_inspect_result_ _In_ WDFDEVICE _In_ ULONG _In_ ACCESS_MASK DesiredAccess
#define STATUS_BAD_IMPERSONATION_LEVEL
#define STATUS_INSUFFICIENT_RESOURCES
#define TOKEN_SANDBOX_INERT
NTSTATUS NTAPI SepRmInsertLogonSessionIntoToken(_Inout_ PTOKEN Token)
Inserts a logon session into an access token specified by the caller.
VOID NTAPI SepReleaseAcl(_In_ PACL CapturedAcl, _In_ KPROCESSOR_MODE AccessMode, _In_ BOOLEAN CaptureIfKernel)
Releases (frees) a captured ACL from the memory pool.
const LUID SeCreateTokenPrivilege
VOID NTAPI SeReleaseSidAndAttributesArray(_In_ _Post_invalid_ PSID_AND_ATTRIBUTES CapturedSidAndAttributes, _In_ KPROCESSOR_MODE AccessMode, _In_ BOOLEAN CaptureIfKernel)
Releases a captured SID with attributes.
NTSTATUS NTAPI SeCaptureLuidAndAttributesArray(_In_ PLUID_AND_ATTRIBUTES Src, _In_ ULONG PrivilegeCount, _In_ KPROCESSOR_MODE PreviousMode, _In_ PLUID_AND_ATTRIBUTES AllocatedMem, _In_ ULONG AllocatedLength, _In_ POOL_TYPE PoolType, _In_ BOOLEAN CaptureIfKernel, _Out_ PLUID_AND_ATTRIBUTES *Dest, _Inout_ PULONG Length)
#define STATUS_INVALID_PARAMETER
#define SE_TOKEN_DYNAMIC_SLIM
NTSTATUS NTAPI SepCaptureSid(_In_ PSID InputSid, _In_ KPROCESSOR_MODE AccessMode, _In_ POOL_TYPE PoolType, _In_ BOOLEAN CaptureIfKernel, _Out_ PSID *CapturedSid)
Captures a SID.
NTSYSAPI NTSTATUS NTAPI RtlCopySidAndAttributesArray(_In_ ULONG Count, _In_ PSID_AND_ATTRIBUTES Src, _In_ ULONG SidAreaSize, _In_ PSID_AND_ATTRIBUTES Dest, _In_ PSID SidArea, _Out_ PSID *RemainingSidArea, _Out_ PULONG RemainingSidAreaSize)
#define KeGetPreviousMode()
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
struct _LUID_AND_ATTRIBUTES LUID_AND_ATTRIBUTES
NTSTATUS NTAPI NtFilterToken(_In_ HANDLE ExistingTokenHandle, _In_ ULONG Flags, _In_opt_ PTOKEN_GROUPS SidsToDisable, _In_opt_ PTOKEN_PRIVILEGES PrivilegesToDelete, _In_opt_ PTOKEN_GROUPS RestrictedSids, _Out_ PHANDLE NewTokenHandle)
Creates an access token in a restricted form from the original existing token, that is,...
KPROCESSOR_MODE NTAPI ExGetPreviousMode(VOID)
_IRQL_requires_same_ typedef _In_ ULONG _In_ UCHAR Level
#define TOKEN_CREATE_METHOD
#define _When_(expr, annos)
NTSTATUS SepCreateTokenLock(_Inout_ PTOKEN Token)
Creates a lock for the token.
TOpcodeData Groups[17][8]
VOID SepRemoveUserGroupToken(_Inout_ PTOKEN Token, _In_ ULONG Index)
Removes a group from the token.
VOID NTAPI SepReleaseSid(_In_ PSID CapturedSid, _In_ KPROCESSOR_MODE AccessMode, _In_ BOOLEAN CaptureIfKernel)
Releases a captured SID.
#define SE_PRIVILEGE_ENABLED
NTSTATUS NTAPI ObReferenceObjectByHandle(IN HANDLE Handle, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, OUT PVOID *Object, OUT POBJECT_HANDLE_INFORMATION HandleInformation OPTIONAL)
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN _In_ TOKEN_TYPE _Out_ PHANDLE NewTokenHandle
NTSTATUS(* NTAPI)(IN PFILE_FULL_EA_INFORMATION EaBuffer, IN ULONG EaLength, OUT PULONG ErrorOffset)
#define RtlEqualLuid(Luid1, Luid2)
enum _SECURITY_IMPERSONATION_LEVEL SECURITY_IMPERSONATION_LEVEL
VOID SepUpdatePrivilegeFlagsToken(_Inout_ PTOKEN Token)
Updates the token's flags based upon the privilege that the token has been granted....
NTSTATUS NTAPI SepCaptureAcl(_In_ PACL InputAcl, _In_ KPROCESSOR_MODE AccessMode, _In_ POOL_TYPE PoolType, _In_ BOOLEAN CaptureIfKernel, _Out_ PACL *CapturedAcl)
Captures an access control list from an already valid input ACL.
#define PsGetCurrentProcess
NTSTATUS SepRmReferenceLogonSession(_Inout_ PLUID LogonLuid)
#define STATUS_BAD_TOKEN_TYPE
POBJECT_TYPE SeTokenObjectType
#define SE_GROUP_ENABLED_BY_DEFAULT
_In_ ULONG _In_ ACCESS_MASK _In_ PSID Sid
_In_ ACCESS_MASK _In_ ULONG _Out_ PHANDLE TokenHandle
NTSYSAPI ULONG NTAPI RtlLengthSid(IN PSID Sid)
NTSTATUS NTAPI ObCreateObject(IN KPROCESSOR_MODE ProbeMode OPTIONAL, IN POBJECT_TYPE Type, IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, IN KPROCESSOR_MODE AccessMode, IN OUT PVOID ParseContext OPTIONAL, IN ULONG ObjectSize, IN ULONG PagedPoolCharge OPTIONAL, IN ULONG NonPagedPoolCharge OPTIONAL, OUT PVOID *Object)
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ SaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ OwnerSize PSID _Inout_ PULONG _Out_writes_bytes_to_opt_ PrimaryGroupSize PSID PrimaryGroup
#define SE_CHANGE_NOTIFY_PRIVILEGE
_In_ KPROCESSOR_MODE PreviousMode
_Must_inspect_result_ _In_ ULONG Flags
VOID NTAPI SeReleaseLuidAndAttributesArray(_In_ PLUID_AND_ATTRIBUTES Privilege, _In_ KPROCESSOR_MODE PreviousMode, _In_ BOOLEAN CaptureIfKernel)
Releases a LUID with attributes structure.
#define NT_SUCCESS(StatCode)
#define EXCEPTION_EXECUTE_HANDLER
struct _SID_AND_ATTRIBUTES SID_AND_ATTRIBUTES
_Out_ PBOOLEAN _Out_ PBOOLEAN _Out_ PSECURITY_IMPERSONATION_LEVEL ImpersonationLevel
#define ObDereferenceObject
#define ProbeForWriteHandle(Ptr)
_In_ ACCESS_MASK _In_opt_ POBJECT_TYPE _In_ KPROCESSOR_MODE _Out_ PVOID _Out_opt_ POBJECT_HANDLE_INFORMATION HandleInformation
#define SE_GROUP_MANDATORY
#define ProbeForReadLargeInteger(Ptr)
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET * Privileges
#define ExAllocatePoolWithTag(hernya, size, tag)
VOID NTAPI ProbeForRead(IN CONST VOID *Address, IN SIZE_T Length, IN ULONG Alignment)
VOID NTAPI SepReleaseSecurityQualityOfService(_In_opt_ PSECURITY_QUALITY_OF_SERVICE CapturedSecurityQualityOfService, _In_ KPROCESSOR_MODE AccessMode, _In_ BOOLEAN CaptureIfKernel)
Releases (frees) the captured SQOS data from an object in the memory pool.
#define SepReleaseTokenLock(Token)
NTSTATUS NTAPI SeCaptureSidAndAttributesArray(_In_ PSID_AND_ATTRIBUTES SrcSidAndAttributes, _In_ ULONG AttributeCount, _In_ KPROCESSOR_MODE PreviousMode, _In_opt_ PVOID AllocatedMem, _In_ ULONG AllocatedLength, _In_ POOL_TYPE PoolType, _In_ BOOLEAN CaptureIfKernel, _Out_ PSID_AND_ATTRIBUTES *CapturedSidAndAttributes, _Out_ PULONG ResultLength)
Captures a SID with attributes.
#define TAG_TOKEN_DYNAMIC
_Must_inspect_result_ __kernel_entry NTSTATUS NTAPI NtDuplicateToken(_In_ HANDLE ExistingTokenHandle, _In_ ACCESS_MASK DesiredAccess, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ BOOLEAN EffectiveOnly, _In_ TOKEN_TYPE TokenType, _Out_ PHANDLE NewTokenHandle)
Duplicates a token.
#define SE_GROUP_USE_FOR_DENY_ONLY
__kernel_entry NTSTATUS NTAPI NtCreateToken(_Out_ PHANDLE TokenHandle, _In_ ACCESS_MASK DesiredAccess, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ TOKEN_TYPE TokenType, _In_ PLUID AuthenticationId, _In_ PLARGE_INTEGER ExpirationTime, _In_ PTOKEN_USER TokenUser, _In_ PTOKEN_GROUPS TokenGroups, _In_ PTOKEN_PRIVILEGES TokenPrivileges, _In_opt_ PTOKEN_OWNER TokenOwner, _In_ PTOKEN_PRIMARY_GROUP TokenPrimaryGroup, _In_opt_ PTOKEN_DEFAULT_DACL TokenDefaultDacl, _In_ PTOKEN_SOURCE TokenSource)
Creates an access token.
#define TOKEN_FILTER_METHOD
VOID SepRemovePrivilegeToken(_Inout_ PTOKEN Token, _In_ ULONG Index)
Removes a privilege from the token.
NTSYSAPI BOOLEAN WINAPI RtlCopySid(DWORD, PSID, PSID)
static const WCHAR Cleanup[]
#define _Must_inspect_result_
enum _TOKEN_TYPE TOKEN_TYPE
EPROCESS KiInitialProcess
NTSTATUS NTAPI SeFilterToken(_In_ PACCESS_TOKEN ExistingToken, _In_ ULONG Flags, _In_opt_ PTOKEN_GROUPS SidsToDisable, _In_opt_ PTOKEN_PRIVILEGES PrivilegesToDelete, _In_opt_ PTOKEN_GROUPS RestrictedSids, _Out_ PACCESS_TOKEN *FilteredToken)
Filters an access token from an existing token, making it more restricted than the previous one.
NTSTATUS NTAPI ObInsertObject(IN PVOID Object, IN PACCESS_STATE AccessState OPTIONAL, IN ACCESS_MASK DesiredAccess, IN ULONG ObjectPointerBias, OUT PVOID *NewObject OPTIONAL, OUT PHANDLE Handle)
#define TOKEN_HAS_ADMIN_GROUP
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
NTSTATUS NTAPI SepCreateToken(_Out_ PHANDLE TokenHandle, _In_ KPROCESSOR_MODE PreviousMode, _In_ ACCESS_MASK DesiredAccess, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ TOKEN_TYPE TokenType, _In_ SECURITY_IMPERSONATION_LEVEL ImpersonationLevel, _In_ PLUID AuthenticationId, _In_ PLARGE_INTEGER ExpirationTime, _In_ PSID_AND_ATTRIBUTES User, _In_ ULONG GroupCount, _In_ PSID_AND_ATTRIBUTES Groups, _In_ ULONG GroupsLength, _In_ ULONG PrivilegeCount, _In_ PLUID_AND_ATTRIBUTES Privileges, _In_opt_ PSID Owner, _In_ PSID PrimaryGroup, _In_opt_ PACL DefaultDacl, _In_ PTOKEN_SOURCE TokenSource, _In_ BOOLEAN SystemToken)
Internal function responsible for access token object creation in the kernel. A fully created token o...
VOID SepUpdateSinglePrivilegeFlagToken(_Inout_ PTOKEN Token, _In_ ULONG Index)
Updates the token's flags based upon the privilege that the token has been granted....
VOID NTAPI ExAllocateLocallyUniqueId(OUT LUID *LocallyUniqueId)
ULONG RtlLengthSidAndAttributes(_In_ ULONG Count, _In_ PSID_AND_ATTRIBUTES Src)
Computes the length size of a SID.
#define FIELD_OFFSET(t, f)
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ SaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ OwnerSize PSID Owner
HANDLE NTAPI PsGetCurrentProcessId(VOID)
#define TOKEN_DUPLICATE_METHOD
#define DISABLE_MAX_PRIVILEGE
BOOLEAN NTAPI SeSinglePrivilegeCheck(_In_ LUID PrivilegeValue, _In_ KPROCESSOR_MODE PreviousMode)
Checks if a single privilege is present in the context of the calling thread.
#define SepAcquireTokenLockShared(Token)
NTSTATUS NTAPI SepDuplicateToken(_In_ PTOKEN Token, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ BOOLEAN EffectiveOnly, _In_ TOKEN_TYPE TokenType, _In_ SECURITY_IMPERSONATION_LEVEL Level, _In_ KPROCESSOR_MODE PreviousMode, _Out_ PTOKEN *NewAccessToken)
Duplicates an access token, from an existing valid token.
#define RtlZeroMemory(Destination, Length)
#define ALIGN_UP_BY(size, align)
#define RtlCopyMemory(Destination, Source, Length)
_Must_inspect_result_ _In_ WDFDEVICE _In_ DEVICE_REGISTRY_PROPERTY _In_ ULONG _Out_ PULONG ResultLength
#define _SEH2_EXCEPT(...)
#define _SEH2_GetExceptionCode()
#define _SEH2_YIELD(__stmt)
NTSTATUS NTAPI SepCaptureSecurityQualityOfService(_In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ KPROCESSOR_MODE AccessMode, _In_ POOL_TYPE PoolType, _In_ BOOLEAN CaptureIfKernel, _Out_ PSECURITY_QUALITY_OF_SERVICE *CapturedSecurityQualityOfService, _Out_ PBOOLEAN Present)
Captures the security quality of service data given the object attributes from an object.
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN EffectiveOnly
#define TOKEN_SESSION_NOT_REFERENCED
NTSTATUS SepFindPrimaryGroupAndDefaultOwner(_In_ PTOKEN Token, _In_ PSID PrimaryGroup, _In_opt_ PSID DefaultOwner, _Out_opt_ PULONG PrimaryGroupIndex, _Out_opt_ PULONG DefaultOwnerIndex)
Finds the primary group and default owner entity based on the submitted primary group instance and an...
NTSYSAPI BOOLEAN NTAPI RtlEqualSid(_In_ PSID Sid1, _In_ PSID Sid2)
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN _In_ TOKEN_TYPE TokenType
#define TOKEN_IS_RESTRICTED
_Must_inspect_result_ _In_ WDFDMAENABLER _In_ _In_opt_ PWDF_OBJECT_ATTRIBUTES Attributes