ReactOS  0.4.15-dev-3291-gea4c1a0
access.c
Go to the documentation of this file.
1 /*
2  * PROJECT: ReactOS Kernel
3  * LICENSE: GPL-2.0-or-later (https://spdx.org/licenses/GPL-2.0-or-later)
4  * PURPOSE: Security access state functions support
5  * COPYRIGHT: Copyright Alex Ionescu <alex@relsoft.net>
6  */
7 
8 /* INCLUDES *******************************************************************/
9 
10 #include <ntoskrnl.h>
11 #define NDEBUG
12 #include <debug.h>
13 
14 /* GLOBALS ********************************************************************/
15 
17 
18 /* PRIVATE FUNCTIONS **********************************************************/
19 
46 BOOLEAN
47 NTAPI
49  _In_ PACCESS_TOKEN _Token,
50  _In_ PSID PrincipalSelfSid,
51  _In_ PSID _Sid,
52  _In_ BOOLEAN Deny,
54 {
55  ULONG i;
56  PTOKEN Token = (PTOKEN)_Token;
57  PISID TokenSid, Sid = (PISID)_Sid;
58  PSID_AND_ATTRIBUTES SidAndAttributes;
59  ULONG SidCount, SidLength;
60  USHORT SidMetadata;
61  PAGED_CODE();
62 
63  /* Not yet supported */
64  ASSERT(PrincipalSelfSid == NULL);
66 
67  /* Check if a principal SID was given, and this is our current SID already */
68  if ((PrincipalSelfSid) && (RtlEqualSid(SePrincipalSelfSid, Sid)))
69  {
70  /* Just use the principal SID in this case */
71  Sid = PrincipalSelfSid;
72  }
73 
74  /* Check if this is a restricted token or not */
75  if (Restricted)
76  {
77  /* Use the restricted SIDs and count */
78  SidAndAttributes = Token->RestrictedSids;
79  SidCount = Token->RestrictedSidCount;
80  }
81  else
82  {
83  /* Use the normal SIDs and count */
84  SidAndAttributes = Token->UserAndGroups;
85  SidCount = Token->UserAndGroupCount;
86  }
87 
88  /* Do checks here by hand instead of the usual 4 function calls */
89  SidLength = FIELD_OFFSET(SID,
90  SubAuthority[Sid->SubAuthorityCount]);
91  SidMetadata = *(PUSHORT)&Sid->Revision;
92 
93  /* Loop every SID */
94  for (i = 0; i < SidCount; i++)
95  {
96  TokenSid = (PISID)SidAndAttributes->Sid;
97 #if SE_SID_DEBUG
98  UNICODE_STRING sidString;
99  RtlConvertSidToUnicodeString(&sidString, TokenSid, TRUE);
100  DPRINT1("SID in Token: %wZ\n", &sidString);
101  RtlFreeUnicodeString(&sidString);
102 #endif
103  /* Check if the SID metadata matches */
104  if (*(PUSHORT)&TokenSid->Revision == SidMetadata)
105  {
106  /* Check if the SID data matches */
107  if (RtlEqualMemory(Sid, TokenSid, SidLength))
108  {
109  /* Check if the group is enabled, or used for deny only */
110  if ((!(i) && !(SidAndAttributes->Attributes & SE_GROUP_USE_FOR_DENY_ONLY)) ||
111  (SidAndAttributes->Attributes & SE_GROUP_ENABLED) ||
112  ((Deny) && (SidAndAttributes->Attributes & SE_GROUP_USE_FOR_DENY_ONLY)))
113  {
114  /* SID is present */
115  return TRUE;
116  }
117  else
118  {
119  /* SID is not present */
120  return FALSE;
121  }
122  }
123  }
124 
125  /* Move to the next SID */
126  SidAndAttributes++;
127  }
128 
129  /* SID is not present */
130  return FALSE;
131 }
132 
147 BOOLEAN
148 NTAPI
150  _In_ PACCESS_TOKEN _Token,
151  _In_ PSID Sid)
152 {
153  /* Call extended API */
154  return SepSidInTokenEx(_Token, NULL, Sid, FALSE, FALSE);
155 }
156 
175 BOOLEAN
176 NTAPI
178  _In_ PACCESS_TOKEN _Token,
180  _In_ BOOLEAN TokenLocked)
181 {
182  PSID Sid;
183  BOOLEAN Result;
184  PTOKEN Token = _Token;
185 
186  /* Get the owner SID */
188  ASSERT(Sid != NULL);
189 
190  /* Lock the token if needed */
191  if (!TokenLocked) SepAcquireTokenLockShared(Token);
192 
193  /* Check if the owner SID is found, handling restricted case as well */
195  if ((Result) && (Token->TokenFlags & TOKEN_IS_RESTRICTED))
196  {
198  }
199 
200  /* Release the lock if we had acquired it */
201  if (!TokenLocked) SepReleaseTokenLock(Token);
202 
203  /* Return the result */
204  return Result;
205 }
206 
220 VOID
221 NTAPI
223  _In_ PACCESS_TOKEN _Token,
224  _Out_ PTOKEN_CONTROL TokenControl)
225 {
226  PTOKEN Token = _Token;
227  PAGED_CODE();
228 
229  /* Capture the main fields */
230  TokenControl->AuthenticationId = Token->AuthenticationId;
231  TokenControl->TokenId = Token->TokenId;
232  TokenControl->TokenSource = Token->TokenSource;
233 
234  /* Lock the token */
236 
237  /* Capture the modified ID */
238  TokenControl->ModifiedId = Token->ModifiedId;
239 
240  /* Unlock it */
242 }
243 
279 NTSTATUS
280 NTAPI
283  _In_ PSECURITY_QUALITY_OF_SERVICE ClientSecurityQos,
284  _In_ BOOLEAN ServerIsRemote,
286  _In_ BOOLEAN ThreadEffectiveOnly,
289 {
291  PACCESS_TOKEN NewToken;
292  PAGED_CODE();
293 
294  /* Check for bogus impersonation level */
295  if (!VALID_IMPERSONATION_LEVEL(ClientSecurityQos->ImpersonationLevel))
296  {
297  /* Fail the call */
299  }
300 
301  /* Check what kind of token this is */
303  {
304  /* On a primary token, if we do direct access, copy the flag from the QOS */
305  ClientContext->DirectAccessEffectiveOnly = ClientSecurityQos->EffectiveOnly;
306  }
307  else
308  {
309  /* This is an impersonation token, is the level ok? */
310  if (ClientSecurityQos->ImpersonationLevel > ImpersonationLevel)
311  {
312  /* Nope, fail */
314  }
315 
316  /* Is the level too low, or are we doing something other than delegation remotely */
319  ((ServerIsRemote) && (ImpersonationLevel != SecurityDelegation)))
320  {
321  /* Fail the call */
323  }
324 
325  /* Pick either the thread setting or the QOS setting */
326  ClientContext->DirectAccessEffectiveOnly =
327  ((ThreadEffectiveOnly) || (ClientSecurityQos->EffectiveOnly)) ? TRUE : FALSE;
328  }
329 
330  /* Is this static tracking */
331  if (ClientSecurityQos->ContextTrackingMode == SECURITY_STATIC_TRACKING)
332  {
333  /* Do not use direct access and make a copy */
334  ClientContext->DirectlyAccessClientToken = FALSE;
336  ClientSecurityQos->ImpersonationLevel,
337  KernelMode,
338  &NewToken);
339  if (!NT_SUCCESS(Status))
340  return Status;
341  }
342  else
343  {
344  /* Use direct access and check if this is local */
345  ClientContext->DirectlyAccessClientToken = TRUE;
346  if (ServerIsRemote)
347  {
348  /* We are doing delegation, so make a copy of the control data */
350  &ClientContext->ClientTokenControl);
351  }
352 
353  /* Keep the same token */
354  NewToken = Token;
355  }
356 
357  /* Fill out the context and return success */
358  ClientContext->SecurityQos.Length = sizeof(SECURITY_QUALITY_OF_SERVICE);
359  ClientContext->SecurityQos.ImpersonationLevel = ClientSecurityQos->ImpersonationLevel;
360  ClientContext->SecurityQos.ContextTrackingMode = ClientSecurityQos->ContextTrackingMode;
361  ClientContext->SecurityQos.EffectiveOnly = ClientSecurityQos->EffectiveOnly;
362  ClientContext->ServerIsRemote = ServerIsRemote;
363  ClientContext->ClientToken = NewToken;
364  return STATUS_SUCCESS;
365 }
366 
367 /* PUBLIC FUNCTIONS ***********************************************************/
368 
388 VOID
389 NTAPI
394 {
396 
397  PAGED_CODE();
398 
399  /* Save the unique ID */
400  SubjectContext->ProcessAuditId = Process->UniqueProcessId;
401 
402  /* Check if we have a thread */
403  if (!Thread)
404  {
405  /* We don't, so no token */
406  SubjectContext->ClientToken = NULL;
407  }
408  else
409  {
410  /* Get the impersonation token */
412  &CopyOnOpen,
413  &EffectiveOnly,
414  &SubjectContext->ImpersonationLevel);
415  }
416 
417  /* Get the primary token */
419 }
420 
432 VOID
433 NTAPI
436 {
437  /* Call the extended API */
441 }
442 
454 VOID
455 NTAPI
458 {
459  PTOKEN PrimaryToken, ClientToken;
460  PAGED_CODE();
461 
462  /* Read both tokens */
463  PrimaryToken = SubjectContext->PrimaryToken;
464  ClientToken = SubjectContext->ClientToken;
465 
466  /* Always lock the primary */
467  SepAcquireTokenLockShared(PrimaryToken);
468 
469  /* Lock the impersonation one if it's there */
470  if (!ClientToken) return;
471  SepAcquireTokenLockShared(ClientToken);
472 }
473 
485 VOID
486 NTAPI
489 {
490  PTOKEN PrimaryToken, ClientToken;
491  PAGED_CODE();
492 
493  /* Read both tokens */
494  PrimaryToken = SubjectContext->PrimaryToken;
495  ClientToken = SubjectContext->ClientToken;
496 
497  /* Unlock the impersonation one if it's there */
498  if (ClientToken)
499  {
500  SepReleaseTokenLock(ClientToken);
501  }
502 
503  /* Always unlock the primary one */
504  SepReleaseTokenLock(PrimaryToken);
505 }
506 
518 VOID
519 NTAPI
522 {
523  PAGED_CODE();
524 
525  /* Drop reference on the primary */
527  SubjectContext->PrimaryToken = NULL;
528 
529  /* Drop reference on the impersonation, if there was one */
531  SubjectContext->ClientToken = NULL;
532 }
533 
559 NTSTATUS
560 NTAPI
565  _In_ PAUX_ACCESS_DATA AuxData,
566  _In_ ACCESS_MASK Access,
568 {
569  ACCESS_MASK AccessMask = Access;
570  PTOKEN Token;
571  PAGED_CODE();
572 
573  /* Map the Generic Acess to Specific Access if we have a Mapping */
574  if ((Access & GENERIC_ACCESS) && (GenericMapping))
575  {
577  }
578 
579  /* Initialize the Access State */
581  ASSERT(AccessState->SecurityDescriptor == NULL);
582  ASSERT(AccessState->PrivilegesAllocated == FALSE);
583 
584  /* Initialize and save aux data */
585  RtlZeroMemory(AuxData, sizeof(AUX_ACCESS_DATA));
586  AccessState->AuxData = AuxData;
587 
588  /* Capture the Subject Context */
590  Process,
591  &AccessState->SubjectSecurityContext);
592 
593  /* Set Access State Data */
594  AccessState->RemainingDesiredAccess = AccessMask;
595  AccessState->OriginalDesiredAccess = AccessMask;
596  ExAllocateLocallyUniqueId(&AccessState->OperationID);
597 
598  /* Get the Token to use */
599  Token = SeQuerySubjectContextToken(&AccessState->SubjectSecurityContext);
600 
601  /* Check for Travers Privilege */
602  if (Token->TokenFlags & TOKEN_HAS_TRAVERSE_PRIVILEGE)
603  {
604  /* Preserve the Traverse Privilege */
606  }
607 
608  /* Set the Auxiliary Data */
609  AuxData->PrivilegeSet = (PPRIVILEGE_SET)((ULONG_PTR)AccessState +
611  Privileges));
612  if (GenericMapping) AuxData->GenericMapping = *GenericMapping;
613 
614  /* Return Sucess */
615  return STATUS_SUCCESS;
616 }
617 
637 NTSTATUS
638 NTAPI
641  _In_ PAUX_ACCESS_DATA AuxData,
642  _In_ ACCESS_MASK Access,
644 {
645  PAGED_CODE();
646 
647  /* Call the extended API */
650  AccessState,
651  AuxData,
652  Access,
654 }
655 
666 VOID
667 NTAPI
670 {
671  PAUX_ACCESS_DATA AuxData;
672  PAGED_CODE();
673 
674  /* Get the Auxiliary Data */
675  AuxData = AccessState->AuxData;
676 
677  /* Deallocate Privileges */
678  if (AccessState->PrivilegesAllocated)
680 
681  /* Deallocate Name and Type Name */
682  if (AccessState->ObjectName.Buffer)
683  {
684  ExFreePool(AccessState->ObjectName.Buffer);
685  }
686 
687  if (AccessState->ObjectTypeName.Buffer)
688  {
689  ExFreePool(AccessState->ObjectTypeName.Buffer);
690  }
691 
692  /* Release the Subject Context */
693  SeReleaseSubjectContext(&AccessState->SubjectSecurityContext);
694 }
695 
709 VOID
710 NTAPI
714 {
715  PAGED_CODE();
716 
717  /* Set the Generic Mapping */
718  ((PAUX_ACCESS_DATA)AccessState->AuxData)->GenericMapping = *GenericMapping;
719 }
720 
740 NTSTATUS
741 NTAPI
745  _In_ BOOLEAN RemoteClient,
747 {
749  BOOLEAN ThreadEffectiveOnly;
753  PAGED_CODE();
754 
755  /* Reference the correct token */
757  &TokenType,
758  &ThreadEffectiveOnly,
760 
761  /* Create client security from it */
763  Qos,
764  RemoteClient,
765  TokenType,
766  ThreadEffectiveOnly,
768  ClientContext);
769 
770  /* Check if we failed or static tracking was used */
771  if (!(NT_SUCCESS(Status)) || (Qos->ContextTrackingMode == SECURITY_STATIC_TRACKING))
772  {
773  /* Dereference our copy since it's not being used */
775  }
776 
777  /* Return status */
778  return Status;
779 }
780 
802 NTSTATUS
803 NTAPI
806  _In_ PSECURITY_QUALITY_OF_SERVICE ClientSecurityQos,
807  _In_ BOOLEAN ServerIsRemote,
809 {
812  PAGED_CODE();
813 
814  /* Get the right token and reference it */
817 
818  /* Create the context */
820  ClientSecurityQos,
821  ServerIsRemote,
822  SubjectContext->ClientToken ?
824  FALSE,
825  SubjectContext->ImpersonationLevel,
826  ClientContext);
827 
828  /* Check if we failed or static tracking was used */
829  if (!(NT_SUCCESS(Status)) ||
830  (ClientSecurityQos->ContextTrackingMode == SECURITY_STATIC_TRACKING))
831  {
832  /* Dereference our copy since it's not being used */
834  }
835 
836  /* Return status */
837  return Status;
838 }
839 
854 NTSTATUS
855 NTAPI
859 {
861  PAGED_CODE();
862 
863  /* Check if direct access is requested */
864  if (!ClientContext->DirectlyAccessClientToken)
865  {
866  /* No, so get the flag from QOS */
867  EffectiveOnly = ClientContext->SecurityQos.EffectiveOnly;
868  }
869  else
870  {
871  /* Yes, so see if direct access should be effective only */
872  EffectiveOnly = ClientContext->DirectAccessEffectiveOnly;
873  }
874 
875  /* Use the current thread if one was not passed */
877 
878  /* Call the lower layer routine */
880  ClientContext->ClientToken,
881  TRUE,
883  ClientContext->SecurityQos.ImpersonationLevel);
884 }
885 
899 VOID
900 NTAPI
904 {
905  PAGED_CODE();
906 
907  /* Call the new API */
909 }
910 
911 /* EOF */
PPRIVILEGE_SET PrivilegeSet
Definition: setypes.h:234
NTSTATUS NTAPI PsImpersonateClient(IN PETHREAD Thread, IN PACCESS_TOKEN Token, IN BOOLEAN CopyOnOpen, IN BOOLEAN EffectiveOnly, IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel)
Definition: security.c:610
_Inout_ PLIST_ENTRY _In_ PVOID _In_ PSTRING _In_ BOOLEAN _In_ BOOLEAN _In_ ULONG _In_ PFLT_CALLBACK_DATA _In_opt_ PCHECK_FOR_TRAVERSE_ACCESS _In_opt_ PSECURITY_SUBJECT_CONTEXT SubjectContext
Definition: fltkernel.h:2238
BOOLEAN NTAPI SepSidInTokenEx(_In_ PACCESS_TOKEN _Token, _In_ PSID PrincipalSelfSid, _In_ PSID _Sid, _In_ BOOLEAN Deny, _In_ BOOLEAN Restricted)
Checks if a SID is present in a token.
Definition: access.c:48
#define STATUS_BAD_IMPERSONATION_LEVEL
Definition: ntstatus.h:401
#define VALID_IMPERSONATION_LEVEL(Level)
Definition: setypes.h:101
#define _In_opt_
Definition: ms_sal.h:309
#define _Inout_
Definition: ms_sal.h:378
#define PsGetCurrentThread()
Definition: env_spec_w32.h:81
VOID NTAPI SeCaptureSubjectContextEx(_In_ PETHREAD Thread, _In_ PEPROCESS Process, _Out_ PSECURITY_SUBJECT_CONTEXT SubjectContext)
An extended function that captures the security subject context based upon the specified thread and p...
Definition: access.c:390
#define _Out_
Definition: ms_sal.h:345
BOOLEAN NTAPI SepSidInToken(_In_ PACCESS_TOKEN _Token, _In_ PSID Sid)
Checks if a SID is present in a token.
Definition: access.c:149
#define TRUE
Definition: types.h:120
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:182
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135
VOID NTAPI SeGetTokenControlInformation(_In_ PACCESS_TOKEN _Token, _Out_ PTOKEN_CONTROL TokenControl)
Retrieves token control information.
Definition: access.c:222
LONG NTSTATUS
Definition: precomp.h:26
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
#define GENERIC_ACCESS
Definition: wlx.c:26
_Out_ PBOOLEAN CopyOnOpen
Definition: psfuncs.h:154
#define TOKEN_HAS_TRAVERSE_PRIVILEGE
Definition: setypes.h:1143
FORCEINLINE PSID SepGetOwnerFromDescriptor(_Inout_ PVOID _Descriptor)
Definition: se.h:59
VOID NTAPI SeDeleteAccessState(_In_ PACCESS_STATE AccessState)
Deletes an allocated access state from the memory.
Definition: access.c:668
VOID NTAPI SeSetAccessStateGenericMapping(_In_ PACCESS_STATE AccessState, _In_ PGENERIC_MAPPING GenericMapping)
Sets a new generic mapping for an allocated access state.
Definition: access.c:711
NTSTATUS NTAPI SepCreateClientSecurity(_In_ PACCESS_TOKEN Token, _In_ PSECURITY_QUALITY_OF_SERVICE ClientSecurityQos, _In_ BOOLEAN ServerIsRemote, _In_ TOKEN_TYPE TokenType, _In_ BOOLEAN ThreadEffectiveOnly, _In_ SECURITY_IMPERSONATION_LEVEL ImpersonationLevel, _Out_ PSECURITY_CLIENT_CONTEXT ClientContext)
Creates a client security context based upon an access token.
Definition: access.c:281
ERESOURCE SepSubjectContextLock
Definition: access.c:16
uint32_t ULONG_PTR
Definition: typedefs.h:65
NTSTATUS NTAPI SeCreateAccessState(_Inout_ PACCESS_STATE AccessState, _In_ PAUX_ACCESS_DATA AuxData, _In_ ACCESS_MASK Access, _In_ PGENERIC_MAPPING GenericMapping)
Creates an access state.
Definition: access.c:639
NTSTATUS(* NTAPI)(IN PFILE_FULL_EA_INFORMATION EaBuffer, IN ULONG EaLength, OUT PULONG ErrorOffset)
Definition: IoEaTest.cpp:117
VOID NTAPI SeLockSubjectContext(_In_ PSECURITY_SUBJECT_CONTEXT SubjectContext)
Locks both the referenced primary and client access tokens of a security subject context.
Definition: access.c:456
#define FALSE
Definition: types.h:117
enum _SECURITY_IMPERSONATION_LEVEL SECURITY_IMPERSONATION_LEVEL
PSID SePrincipalSelfSid
Definition: sid.c:37
struct _SID * PISID
#define PsGetCurrentProcess
Definition: psfuncs.h:17
NTSTATUS NTAPI SeCreateClientSecurityFromSubjectContext(_In_ PSECURITY_SUBJECT_CONTEXT SubjectContext, _In_ PSECURITY_QUALITY_OF_SERVICE ClientSecurityQos, _In_ BOOLEAN ServerIsRemote, _Out_ PSECURITY_CLIENT_CONTEXT ClientContext)
Creates a client security context based upon the captured security subject context.
Definition: access.c:804
unsigned char BOOLEAN
UINT CALLBACK ServerThread(_Inout_ PVOID Parameter)
_At_(*)(_In_ PWSK_CLIENT Client, _In_opt_ PUNICODE_STRING NodeName, _In_opt_ PUNICODE_STRING ServiceName, _In_opt_ ULONG NameSpace, _In_opt_ GUID *Provider, _In_opt_ PADDRINFOEXW Hints, _Outptr_ PADDRINFOEXW *Result, _In_opt_ PEPROCESS OwningProcess, _In_opt_ PETHREAD OwningThread, _Inout_ PIRP Irp Result)(Mem)) NTSTATUS(WSKAPI *PFN_WSK_GET_ADDRESS_INFO
Definition: wsk.h:426
#define _In_
Definition: ms_sal.h:308
_In_ ULONG _In_ ACCESS_MASK _In_ PSID Sid
Definition: rtlfuncs.h:1103
VOID NTAPI SeUnlockSubjectContext(_In_ PSECURITY_SUBJECT_CONTEXT SubjectContext)
Unlocks both the referenced primary and client access tokens of a security subject context.
Definition: access.c:487
UNICODE_STRING Restricted
Definition: utils.c:24
Status
Definition: gdiplustypes.h:24
NTSTATUS NTAPI SeCreateClientSecurity(_In_ PETHREAD Thread, _In_ PSECURITY_QUALITY_OF_SERVICE Qos, _In_ BOOLEAN RemoteClient, _Out_ PSECURITY_CLIENT_CONTEXT ClientContext)
Creates a client security context.
Definition: access.c:742
BOOLEAN NTAPI SepTokenIsOwner(_In_ PACCESS_TOKEN _Token, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ BOOLEAN TokenLocked)
Checks if a token belongs to the main user, being the owner.
Definition: access.c:177
#define ASSERT(a)
Definition: mode.c:44
NTSYSAPI ULONG NTAPI RtlEqualMemory(CONST VOID *Source1, CONST VOID *Source2, ULONG Length)
VOID NTAPI RtlMapGenericMask(IN OUT PACCESS_MASK AccessMask, IN PGENERIC_MAPPING GenericMapping)
Definition: access.c:50
VOID NTAPI SeImpersonateClient(_In_ PSECURITY_CLIENT_CONTEXT ClientContext, _In_opt_ PETHREAD ServerThread)
Impersonates a client user.
Definition: access.c:901
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
#define SE_GROUP_ENABLED
Definition: setypes.h:92
_In_ PVOID ClientContext
Definition: netioddk.h:55
VOID NTAPI SeCaptureSubjectContext(_Out_ PSECURITY_SUBJECT_CONTEXT SubjectContext)
Captures the security subject context of the calling thread and calling process.
Definition: access.c:434
USHORT Length
Definition: ntsecapi.h:172
_Out_ PBOOLEAN _Out_ PBOOLEAN _Out_ PSECURITY_IMPERSONATION_LEVEL ImpersonationLevel
Definition: psfuncs.h:154
#define ObDereferenceObject
Definition: obfuncs.h:203
_In_ ACCESS_MASK AccessMask
Definition: exfuncs.h:186
#define for
Definition: utility.h:88
_In_opt_ PFILE_OBJECT _In_opt_ PETHREAD Thread
Definition: fltkernel.h:2652
NTSYSAPI VOID NTAPI RtlFreeUnicodeString(PUNICODE_STRING UnicodeString)
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET * Privileges
Definition: sefuncs.h:13
NTSYSAPI NTSTATUS NTAPI RtlConvertSidToUnicodeString(OUT PUNICODE_STRING DestinationString, IN PVOID Sid, IN BOOLEAN AllocateDestinationString)
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE AccessState
Definition: sefuncs.h:414
#define SepReleaseTokenLock(Token)
Definition: se.h:231
#define SE_GROUP_USE_FOR_DENY_ONLY
Definition: setypes.h:94
PACCESS_TOKEN NTAPI PsReferenceEffectiveToken(IN PETHREAD Thread, OUT IN PTOKEN_TYPE TokenType, OUT PBOOLEAN EffectiveOnly, OUT PSECURITY_IMPERSONATION_LEVEL ImpersonationLevel)
Definition: security.c:780
PACCESS_TOKEN NTAPI PsReferencePrimaryToken(PEPROCESS Process)
Definition: security.c:440
#define SeQuerySubjectContextToken(SubjectContext)
Definition: sefuncs.h:583
enum _TOKEN_TYPE TOKEN_TYPE
PACCESS_TOKEN NTAPI PsReferenceImpersonationToken(IN PETHREAD Thread, OUT PBOOLEAN CopyOnOpen, OUT PBOOLEAN EffectiveOnly, OUT PSECURITY_IMPERSONATION_LEVEL ImpersonationLevel)
Definition: security.c:849
static GENERIC_MAPPING GenericMapping
Definition: SeInheritance.c:11
NTSTATUS NTAPI SeCopyClientToken(_In_ PACCESS_TOKEN Token, _In_ SECURITY_IMPERSONATION_LEVEL Level, _In_ KPROCESSOR_MODE PreviousMode, _Out_ PACCESS_TOKEN *NewToken)
Copies an existing access token (technically duplicating a new one).
Definition: token.c:1482
NTSTATUS NTAPI SeImpersonateClientEx(_In_ PSECURITY_CLIENT_CONTEXT ClientContext, _In_opt_ PETHREAD ServerThread)
Extended function that impersonates a client.
Definition: access.c:856
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
unsigned short USHORT
Definition: pedump.c:61
struct _TOKEN * PTOKEN
NTSTATUS NTAPI SeCreateAccessStateEx(_In_ PETHREAD Thread, _In_ PEPROCESS Process, _Inout_ PACCESS_STATE AccessState, _In_ PAUX_ACCESS_DATA AuxData, _In_ ACCESS_MASK Access, _In_ PGENERIC_MAPPING GenericMapping)
An extended function that creates an access state.
Definition: access.c:561
struct _PRIVILEGE_SET * PPRIVILEGE_SET
VOID NTAPI ExAllocateLocallyUniqueId(OUT LUID *LocallyUniqueId)
Definition: uuid.c:335
#define SECURITY_STATIC_TRACKING
Definition: setypes.h:104
#define FIELD_OFFSET(t, f)
Definition: typedefs.h:255
struct _SECURITY_QUALITY_OF_SERVICE SECURITY_QUALITY_OF_SERVICE
BYTE SubAuthorityCount
Definition: ms-dtyp.idl:200
#define NULL
Definition: types.h:112
VOID NTAPI SeReleaseSubjectContext(_In_ PSECURITY_SUBJECT_CONTEXT SubjectContext)
Releases both the primary and client tokens of a security subject context.
Definition: access.c:520
struct _AUX_ACCESS_DATA * PAUX_ACCESS_DATA
#define DPRINT1
Definition: precomp.h:8
VOID FASTCALL ObFastDereferenceObject(IN PEX_FAST_REF FastRef, IN PVOID Object)
Definition: obref.c:167
_Must_inspect_result_ _In_ PLARGE_INTEGER _In_ PLARGE_INTEGER _In_ ULONG _In_ PFILE_OBJECT _In_ PVOID Process
Definition: fsrtlfuncs.h:219
#define SepAcquireTokenLockShared(Token)
Definition: se.h:225
#define ObReferenceObject
Definition: obfuncs.h:204
ULONG ERESOURCE
Definition: env_spec_w32.h:594
unsigned int ULONG
Definition: retypes.h:1
#define RtlZeroMemory(Destination, Length)
Definition: typedefs.h:262
BYTE Revision
Definition: ms-dtyp.idl:199
#define TAG_PRIVILEGE_SET
Definition: tag.h:180
#define STATUS_SUCCESS
Definition: shellext.h:65
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN EffectiveOnly
Definition: sefuncs.h:388
#define ExFreePoolWithTag(_P, _T)
Definition: module.h:1099
unsigned short * PUSHORT
Definition: retypes.h:2
ULONG ACCESS_MASK
Definition: nt_native.h:40
#define ExFreePool(addr)
Definition: env_spec_w32.h:352
NTSYSAPI BOOLEAN NTAPI RtlEqualSid(_In_ PSID Sid1, _In_ PSID Sid2)
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN _In_ TOKEN_TYPE TokenType
Definition: sefuncs.h:388
#define TOKEN_IS_RESTRICTED
Definition: setypes.h:1148
#define PAGED_CODE()
VOID NTAPI PsDereferenceImpersonationToken(IN PACCESS_TOKEN ImpersonationToken)
Definition: security.c:888