ReactOS  0.4.15-dev-4863-gba0d16f
access.c File Reference
#include <ntoskrnl.h>
#include <debug.h>
Include dependency graph for access.c:

Go to the source code of this file.

Macros

#define NDEBUG
 

Functions

NTSTATUS NTAPI SeCreateAccessStateEx (_In_ PETHREAD Thread, _In_ PEPROCESS Process, _Inout_ PACCESS_STATE AccessState, _In_ PAUX_ACCESS_DATA AuxData, _In_ ACCESS_MASK Access, _In_ PGENERIC_MAPPING GenericMapping)
 An extended function that creates an access state. More...
 
NTSTATUS NTAPI SeCreateAccessState (_Inout_ PACCESS_STATE AccessState, _In_ PAUX_ACCESS_DATA AuxData, _In_ ACCESS_MASK Access, _In_ PGENERIC_MAPPING GenericMapping)
 Creates an access state. More...
 
VOID NTAPI SeDeleteAccessState (_In_ PACCESS_STATE AccessState)
 Deletes an allocated access state from the memory. More...
 
VOID NTAPI SeSetAccessStateGenericMapping (_In_ PACCESS_STATE AccessState, _In_ PGENERIC_MAPPING GenericMapping)
 Sets a new generic mapping for an allocated access state. More...
 

Macro Definition Documentation

◆ NDEBUG

#define NDEBUG

Definition at line 11 of file access.c.

Function Documentation

◆ SeCreateAccessState()

NTSTATUS NTAPI SeCreateAccessState ( _Inout_ PACCESS_STATE  AccessState,
_In_ PAUX_ACCESS_DATA  AuxData,
_In_ ACCESS_MASK  Access,
_In_ PGENERIC_MAPPING  GenericMapping 
)

Creates an access state.

Parameters
[in,out]AccessStateAn initialized returned parameter to an access state.
[in]AuxDataAuxiliary security data for access state.
[in]AccessType of access mask to assign.
[in]GenericMappingGeneric mapping for the access state to assign.
Returns
See SeCreateAccessStateEx.

Definition at line 121 of file access.c.

126 {
127  PAGED_CODE();
128 
129  /* Call the extended API */
132  AccessState,
133  AuxData,
134  Access,
136 }
#define PsGetCurrentThread()
Definition: env_spec_w32.h:81
#define PsGetCurrentProcess
Definition: psfuncs.h:17
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE AccessState
Definition: sefuncs.h:414
static GENERIC_MAPPING GenericMapping
Definition: SeInheritance.c:11
NTSTATUS NTAPI SeCreateAccessStateEx(_In_ PETHREAD Thread, _In_ PEPROCESS Process, _Inout_ PACCESS_STATE AccessState, _In_ PAUX_ACCESS_DATA AuxData, _In_ ACCESS_MASK Access, _In_ PGENERIC_MAPPING GenericMapping)
An extended function that creates an access state.
Definition: access.c:43
#define PAGED_CODE()

Referenced by NtOpenProcess(), NtOpenThread(), ObDuplicateObject(), ObInsertObject(), ObOpenObjectByName(), ObOpenObjectByPointer(), ObReferenceObjectByName(), and START_TEST().

◆ SeCreateAccessStateEx()

NTSTATUS NTAPI SeCreateAccessStateEx ( _In_ PETHREAD  Thread,
_In_ PEPROCESS  Process,
_Inout_ PACCESS_STATE  AccessState,
_In_ PAUX_ACCESS_DATA  AuxData,
_In_ ACCESS_MASK  Access,
_In_ PGENERIC_MAPPING  GenericMapping 
)

An extended function that creates an access state.

Parameters
[in]ThreadValid thread object where subject context is to be captured.
[in]ProcessValid process object where subject context is to be captured.
[in,out]AccessStateAn initialized returned parameter to an access state.
[in]AuxDataAuxiliary security data for access state.
[in]AccessType of access mask to assign.
[in]GenericMappingGeneric mapping for the access state to assign.
Returns
Returns STATUS_SUCCESS.

Definition at line 43 of file access.c.

50 {
51  ACCESS_MASK AccessMask = Access;
52  PTOKEN Token;
53  PAGED_CODE();
54 
55  /* Map the Generic Acess to Specific Access if we have a Mapping */
56  if ((Access & GENERIC_ACCESS) && (GenericMapping))
57  {
59  }
60 
61  /* Initialize the Access State */
63  ASSERT(AccessState->SecurityDescriptor == NULL);
64  ASSERT(AccessState->PrivilegesAllocated == FALSE);
65 
66  /* Initialize and save aux data */
67  RtlZeroMemory(AuxData, sizeof(AUX_ACCESS_DATA));
68  AccessState->AuxData = AuxData;
69 
70  /* Capture the Subject Context */
72  Process,
73  &AccessState->SubjectSecurityContext);
74 
75  /* Set Access State Data */
76  AccessState->RemainingDesiredAccess = AccessMask;
77  AccessState->OriginalDesiredAccess = AccessMask;
79 
80  /* Get the Token to use */
81  Token = SeQuerySubjectContextToken(&AccessState->SubjectSecurityContext);
82 
83  /* Check for Travers Privilege */
84  if (Token->TokenFlags & TOKEN_HAS_TRAVERSE_PRIVILEGE)
85  {
86  /* Preserve the Traverse Privilege */
88  }
89 
90  /* Set the Auxiliary Data */
91  AuxData->PrivilegeSet = (PPRIVILEGE_SET)((ULONG_PTR)AccessState +
93  Privileges));
94  if (GenericMapping) AuxData->GenericMapping = *GenericMapping;
95 
96  /* Return Sucess */
97  return STATUS_SUCCESS;
98 }
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
#define TOKEN_HAS_TRAVERSE_PRIVILEGE
Definition: setypes.h:1174
uint32_t ULONG_PTR
Definition: typedefs.h:65
#define FALSE
Definition: types.h:117
#define ASSERT(a)
Definition: mode.c:44
VOID NTAPI RtlMapGenericMask(IN OUT PACCESS_MASK AccessMask, IN PGENERIC_MAPPING GenericMapping)
Definition: access.c:50
_In_ ACCESS_MASK AccessMask
Definition: exfuncs.h:186
_In_opt_ PFILE_OBJECT _In_opt_ PETHREAD Thread
Definition: fltkernel.h:2652
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET * Privileges
Definition: sefuncs.h:13
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE AccessState
Definition: sefuncs.h:414
#define SeQuerySubjectContextToken(SubjectContext)
Definition: sefuncs.h:583
static GENERIC_MAPPING GenericMapping
Definition: SeInheritance.c:11
struct _PRIVILEGE_SET * PPRIVILEGE_SET
VOID NTAPI ExAllocateLocallyUniqueId(OUT LUID *LocallyUniqueId)
Definition: uuid.c:335
#define FIELD_OFFSET(t, f)
Definition: typedefs.h:255
VOID NTAPI SeCaptureSubjectContextEx(_In_ PETHREAD Thread, _In_ PEPROCESS Process, _Out_ PSECURITY_SUBJECT_CONTEXT SubjectContext)
An extended function that captures the security subject context based upon the specified thread and p...
Definition: subject.c:41
#define NULL
Definition: types.h:112
#define GENERIC_ACCESS
Definition: security.c:35
_Must_inspect_result_ _In_ PLARGE_INTEGER _In_ PLARGE_INTEGER _In_ ULONG _In_ PFILE_OBJECT _In_ PVOID Process
Definition: fsrtlfuncs.h:219
#define RtlZeroMemory(Destination, Length)
Definition: typedefs.h:262
#define STATUS_SUCCESS
Definition: shellext.h:65
ULONG ACCESS_MASK
Definition: nt_native.h:40
#define PAGED_CODE()

Referenced by SeCreateAccessState().

◆ SeDeleteAccessState()

VOID NTAPI SeDeleteAccessState ( _In_ PACCESS_STATE  AccessState)

Deletes an allocated access state from the memory.

Parameters
[in]AccessStateA valid access state.
Returns
Nothing.

Definition at line 150 of file access.c.

152 {
153  PAUX_ACCESS_DATA AuxData;
154  PAGED_CODE();
155 
156  /* Get the Auxiliary Data */
157  AuxData = AccessState->AuxData;
158 
159  /* Deallocate Privileges */
160  if (AccessState->PrivilegesAllocated)
162 
163  /* Deallocate Name and Type Name */
164  if (AccessState->ObjectName.Buffer)
165  {
166  ExFreePool(AccessState->ObjectName.Buffer);
167  }
168 
169  if (AccessState->ObjectTypeName.Buffer)
170  {
171  ExFreePool(AccessState->ObjectTypeName.Buffer);
172  }
173 
174  /* Release the Subject Context */
175  SeReleaseSubjectContext(&AccessState->SubjectSecurityContext);
176 }
PPRIVILEGE_SET PrivilegeSet
Definition: setypes.h:258
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE AccessState
Definition: sefuncs.h:414
VOID NTAPI SeReleaseSubjectContext(_In_ PSECURITY_SUBJECT_CONTEXT SubjectContext)
Releases both the primary and client tokens of a security subject context.
Definition: subject.c:171
#define TAG_PRIVILEGE_SET
Definition: tag.h:154
#define ExFreePoolWithTag(_P, _T)
Definition: module.h:1099
#define ExFreePool(addr)
Definition: env_spec_w32.h:352
#define PAGED_CODE()

Referenced by NtOpenProcess(), NtOpenThread(), ObDuplicateObject(), ObInsertObject(), ObOpenObjectByName(), ObOpenObjectByPointer(), ObReferenceObjectByName(), PspCreateProcess(), PspCreateThread(), and START_TEST().

◆ SeSetAccessStateGenericMapping()

VOID NTAPI SeSetAccessStateGenericMapping ( _In_ PACCESS_STATE  AccessState,
_In_ PGENERIC_MAPPING  GenericMapping 
)

Sets a new generic mapping for an allocated access state.

Parameters
[in]AccessStateA valid access state.
[in]GenericMappingNew generic mapping to assign.
Returns
Nothing.

Definition at line 193 of file access.c.

196 {
197  PAGED_CODE();
198 
199  /* Set the Generic Mapping */
200  ((PAUX_ACCESS_DATA)AccessState->AuxData)->GenericMapping = *GenericMapping;
201 }
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE AccessState
Definition: sefuncs.h:414
static GENERIC_MAPPING GenericMapping
Definition: SeInheritance.c:11
struct _AUX_ACCESS_DATA * PAUX_ACCESS_DATA
#define PAGED_CODE()

Referenced by IopParseDevice().