ReactOS 0.4.16-dev-91-g764881a
|
#include <ntoskrnl.h>
#include <debug.h>
Go to the source code of this file.
Macros | |
#define | NDEBUG |
Functions | |
static NTSTATUS | SepAdjustPrivileges (_Inout_ PTOKEN Token, _In_ BOOLEAN DisableAllPrivileges, _In_opt_ PLUID_AND_ATTRIBUTES NewState, _In_ ULONG NewStateCount, _Out_opt_ PTOKEN_PRIVILEGES PreviousState, _In_ BOOLEAN ApplyChanges, _Out_ PULONG ChangedPrivileges, _Out_ PBOOLEAN ChangesMade) |
Removes a certain amount of privileges of a token based upon the request by the caller. | |
static NTSTATUS | SepAdjustGroups (_In_ PTOKEN Token, _In_opt_ PSID_AND_ATTRIBUTES NewState, _In_ ULONG NewStateCount, _In_ BOOLEAN ApplyChanges, _In_ BOOLEAN ResetToDefaultStates, _Out_ PBOOLEAN ChangesMade, _Out_opt_ PTOKEN_GROUPS PreviousGroupsState, _Out_ PULONG ChangedGroups) |
Private routine that iterates over the groups of an access token to be adjusted as per on request by the caller, where a group can be enabled or disabled. | |
_Must_inspect_result_ __kernel_entry NTSTATUS NTAPI | NtAdjustPrivilegesToken (_In_ HANDLE TokenHandle, _In_ BOOLEAN DisableAllPrivileges, _In_opt_ PTOKEN_PRIVILEGES NewState, _In_ ULONG BufferLength, _Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_PRIVILEGES PreviousState, _When_(PreviousState!=NULL, _Out_) PULONG ReturnLength) |
Removes a certain amount of privileges of a token based upon the request by the caller. | |
NTSTATUS NTAPI | NtAdjustGroupsToken (_In_ HANDLE TokenHandle, _In_ BOOLEAN ResetToDefault, _In_ PTOKEN_GROUPS NewState, _In_ ULONG BufferLength, _Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_GROUPS PreviousState, _When_(PreviousState !=NULL, _Out_) PULONG ReturnLength) |
Changes the list of groups by enabling or disabling them in an access token. Unlike NtAdjustPrivilegesToken, this API routine does not remove groups. | |
#define NDEBUG |
Definition at line 12 of file tokenadj.c.
NTSTATUS NTAPI NtAdjustGroupsToken | ( | _In_ HANDLE | TokenHandle, |
_In_ BOOLEAN | ResetToDefault, | ||
_In_ PTOKEN_GROUPS | NewState, | ||
_In_ ULONG | BufferLength, | ||
_Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_GROUPS | PreviousState, | ||
_When_(PreviousState !=NULL, _Out_) PULONG | ReturnLength | ||
) |
Changes the list of groups by enabling or disabling them in an access token. Unlike NtAdjustPrivilegesToken, this API routine does not remove groups.
[in] | TokenHandle | Token handle where the list of groups SID are to be adjusted. The access token must have TOKEN_ADJUST_GROUPS access right in order to change the groups in a token. The token must also have TOKEN_QUERY access right if the caller requests the previous states of groups list, that is, PreviousState is not NULL. |
[in] | ResetToDefault | If set to TRUE, the function resets the list of groups to default enabled and disabled states. NewState is ignored in this case. Otherwise if the parameter is set to FALSE, the function expects a new list of groups from NewState to be adjusted within the token. |
[in] | NewState | A new list of groups SID that the function will use it accordingly to modify the current list of groups SID of a token. |
[in] | BufferLength | The length size of the buffer that is pointed by the NewState parameter argument, in bytes. |
[out] | PreviousState | If specified, the function will return to the caller the old list of groups SID. If this parameter is NULL, ReturnLength must also be NULL. |
[out] | ReturnLength | If specified, the function will return the total size length of the old list of groups SIDs, in bytes. |
Definition at line 695 of file tokenadj.c.
Referenced by AdjustTokenGroups(), and START_TEST().
_Must_inspect_result_ __kernel_entry NTSTATUS NTAPI NtAdjustPrivilegesToken | ( | _In_ HANDLE | TokenHandle, |
_In_ BOOLEAN | DisableAllPrivileges, | ||
_In_opt_ PTOKEN_PRIVILEGES | NewState, | ||
_In_ ULONG | BufferLength, | ||
_Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_PRIVILEGES | PreviousState, | ||
_When_(PreviousState!=NULL, _Out_) PULONG | ReturnLength | ||
) |
Removes a certain amount of privileges of a token based upon the request by the caller.
[in,out] | Token | Token handle where the privileges are about to be modified. |
[in] | DisableAllPrivileges | If set to TRUE, the function disables all the privileges. |
[in] | NewState | A new list of privileges that the function will use it accordingly to either disable or enable the said privileges and change them. |
[in] | NewStateCount | The new total number count of privileges. |
[out] | PreviousState | If specified, the function will return the previous state list of privileges. |
[in] | ApplyChanges | If set to TRUE, the function will immediatelly apply the changes onto the token's privileges. |
[out] | ChangedPrivileges | The returned count number of changed privileges. |
[out] | ChangesMade | If TRUE, the function has made changes to the token's privileges. FALSE otherwise. |
Definition at line 451 of file tokenadj.c.
Referenced by AdjustEnableDefaultPriv(), AdjustTokenPrivileges(), SmpAcquirePrivilege(), SmpReleasePrivilege(), and START_TEST().
|
static |
Private routine that iterates over the groups of an access token to be adjusted as per on request by the caller, where a group can be enabled or disabled.
[in] | Token | Access token where its groups are to be enabled or disabled. |
[in] | NewState | A list of groups with new state attributes to be assigned to the token. |
[in] | NewStateCount | The captured count number of groups in the list. |
[in] | ApplyChanges | If set to FALSE, the function will only iterate over the token's groups without performing any kind of modification. If set to TRUE, the changes will be applied immediately when the function has done looping the groups. |
[in] | ResetToDefaultStates | The function will reset the groups in an access token to default states if set to TRUE. In such scenario the function ignores NewState outright. Otherwise if set to FALSE, the function will use NewState to assign the newly attributes to adjust the token's groups. SE_GROUP_ENABLED_BY_DEFAULT is a flag indicator that is used for such purpose. |
[out] | ChangesMade | Returns TRUE if changes to token's groups have been made, otherwise FALSE is returned. Bear in mind such changes aren't always deterministic. See remarks for further details. |
[out] | PreviousGroupsState | If requested by the caller, the function will return the previous state of groups in an access token prior taking action on adjusting the token. This is a UM (user mode) pointer and it's prone to raise exceptions if such pointer address is not valid. |
[out] | ChangedGroups | Returns the total number of changed groups in an access token. This argument could also indicate the number of groups to be changed if the calling thread hasn't chosen to apply the changes yet. A number of 0 indicates no groups have been or to be changed because the groups' attributes in a token are the same as the ones from NewState given by the caller. |
Definition at line 246 of file tokenadj.c.
Referenced by NtAdjustGroupsToken().
|
static |
Removes a certain amount of privileges of a token based upon the request by the caller.
[in,out] | Token | Token handle where the privileges are about to be modified. |
[in] | DisableAllPrivileges | If set to TRUE, the function disables all the privileges. |
[in] | NewState | A new list of privileges that the function will use it accordingly to either disable or enable the said privileges and change them. |
[in] | NewStateCount | The new total number count of privileges. |
[out] | PreviousState | If specified, the function will return the previous state list of privileges. |
[in] | ApplyChanges | If set to TRUE, the function will immediatelly apply the changes onto the token's privileges. |
[out] | ChangedPrivileges | The returned count number of changed privileges. |
[out] | ChangesMade | If TRUE, the function has made changes to the token's privileges. FALSE otherwise. |
Definition at line 56 of file tokenadj.c.
Referenced by NtAdjustPrivilegesToken().