ReactOS 0.4.15-dev-7788-g1ad9096
SeQueryInfoToken.c
Go to the documentation of this file.
1/*
2* PROJECT: ReactOS kernel-mode tests
3* LICENSE: GPLv2+ - See COPYING in the top level directory
4* PURPOSE: Kernel-Mode Test Suite Process Notification Routines test
5* PROGRAMMER: Constantine Belev (Moscow State Technical University)
6* Denis Grishin (Moscow State Technical University)
7* Egor Sinitsyn (Moscow State Technical University)
8*/
9
10#include <kmt_test.h>
11#include <ntifs.h>
12
13#define NDEBUG
14#include <debug.h>
15
16//------------------------------------------------------------------------------//
17// Testing Functions //
18//------------------------------------------------------------------------------//
19
20// Testing function for SQIT
21
23{
26 PSID sid;
27 PTOKEN_OWNER Towner;
28 PTOKEN_DEFAULT_DACL TDefDacl;
29 PTOKEN_GROUPS TGroups;
30 ULONG GroupCount;
31 PACL acl;
32 PTOKEN_STATISTICS TStats;
33 PTOKEN_TYPE TType;
34 PTOKEN_USER TUser;
36 ULONG i;
37
38 //----------------------------------------------------------------//
39 // Testing SeQueryInformationToken with various args //
40 //----------------------------------------------------------------//
41
42 ok(Token != NULL, "Token is not captured. Testing SQIT interrupted\n\n");
43
44 if (Token == NULL) return;
45
47 ok((Status == STATUS_SUCCESS), "SQIT with TokenOwner arg fails with status 0x%08X\n", Status);
49 {
50 ok(Buffer != NULL, "Wrong. SQIT call was successful with TokenOwner arg. But Buffer == NULL\n");
51
52 if (Buffer)
53 {
54 Towner = (TOKEN_OWNER *)Buffer;
55 sid = Towner->Owner;
56 ok((RtlValidSid(sid) == TRUE), "TokenOwner's SID is not a valid SID\n");
58 }
59 }
60
61 //----------------------------------------------------------------//
62
63 Buffer = NULL;
65 ok(Status == STATUS_SUCCESS, "SQIT with TokenDefaultDacl fails with status 0x%08X\n", Status);
67 {
68 ok(Buffer != NULL, "Wrong. SQIT call was successful with TokenDefaultDacl arg. But Buffer == NULL\n");
69 if (Buffer)
70 {
71 TDefDacl = (PTOKEN_DEFAULT_DACL)Buffer;
72 acl = TDefDacl->DefaultDacl;
73 ok(((acl->AclRevision == ACL_REVISION || acl->AclRevision == ACL_REVISION_DS) == TRUE), "DACL is invalid\n");
75 }
76 }
77
78 //----------------------------------------------------------------//
79
80 Buffer = NULL;
82 ok(Status == STATUS_SUCCESS, "SQIT with TokenGroups fails with status 0x%08X\n", Status);
84 {
85 ok(Buffer != NULL, "Wrong. SQIT call was successful with TokenGroups arg. But Buffer == NULL\n");
86 if (Buffer)
87 {
88 TGroups = (PTOKEN_GROUPS)Buffer;
89 GroupCount = TGroups->GroupCount;
90 Flag = TRUE;
91 for (i = 0; i < GroupCount; i++)
92 {
93 sid = TGroups->Groups[i].Sid;
94 if (!RtlValidSid(sid))
95 {
96 Flag = FALSE;
97 break;
98 }
99 }
100 ok((Flag == TRUE), "TokenGroup's SIDs are not valid\n");
102 }
103 }
104
105 //----------------------------------------------------------------//
106
107 // Call SQIT with TokenImpersonationLevel argument. Although our token
108 // is not an impersonation token, the call will outright fail.
109
110 Buffer = NULL;
112 ok(Status == STATUS_INVALID_INFO_CLASS, "SQIT with TokenImpersonationLevel must return STATUS_INVALID_INFO_CLASS but got 0x%08X\n", Status);
113 ok(Buffer == NULL, "SQIT has failed to query the impersonation level but buffer is not NULL!\n");
114
115 //----------------------------------------------------------------//
116
117 // Call SQIT with the 4 classes (TokenOrigin, TokenGroupsAndPrivileges,
118 // TokenRestrictedSids and TokenSandBoxInert) are not supported by
119 // SeQueryInformationToken (only NtQueryInformationToken supports them).
120 //
121
122 Buffer = NULL;
124 ok(Status == STATUS_INVALID_INFO_CLASS, "SQIT with TokenOrigin failed with Status 0x%08X; expected STATUS_INVALID_INFO_CLASS\n", Status);
125 ok(Buffer == NULL, "Wrong. SQIT call failed. But Buffer != NULL\n");
126
127 Buffer = NULL;
129 ok(Status == STATUS_INVALID_INFO_CLASS, "SQIT with TokenGroupsAndPrivileges failed with Status 0x%08X; expected STATUS_INVALID_INFO_CLASS\n", Status);
130 ok(Buffer == NULL, "Wrong. SQIT call failed. But Buffer != NULL\n");
131
132 Buffer = NULL;
134 ok(Status == STATUS_INVALID_INFO_CLASS, "SQIT with TokenRestrictedSids failed with Status 0x%08X; expected STATUS_INVALID_INFO_CLASS\n", Status);
135 ok(Buffer == NULL, "Wrong. SQIT call failed. But Buffer != NULL\n");
136
137 Buffer = NULL;
139 ok(Status == STATUS_INVALID_INFO_CLASS, "SQIT with TokenSandBoxInert failed with Status 0x%08X; expected STATUS_INVALID_INFO_CLASS\n", Status);
140 ok(Buffer == NULL, "Wrong. SQIT call failed. But Buffer != NULL\n");
141
142 //----------------------------------------------------------------//
143
144 Buffer = NULL;
146 ok(Status == STATUS_SUCCESS, "SQIT with TokenStatistics fails with status 0x%08X\n", Status);
147 if (Status == STATUS_SUCCESS)
148 {
149 ok(Buffer != NULL, "Wrong. SQIT call was successful with TokenStatistics arg. But Buffer == NULL\n");
150 if (Buffer)
151 {
152 TStats = (PTOKEN_STATISTICS)Buffer;
153 // just put 0 into 1st arg or use trace to print TokenStatistics
154 ok(1, "print statistics:\n\tTokenID = %u_%d\n\tSecurityImperLevel = %d\n\tPrivCount = %d\n\tGroupCount = %d\n\n", TStats->TokenId.LowPart,
155 TStats->TokenId.HighPart,
156 TStats->ImpersonationLevel,
157 TStats->PrivilegeCount,
158 TStats->GroupCount
159 );
161 }
162 } else {
163 ok(Buffer == NULL, "Wrong. SQIT call failed. But Buffer != NULL\n");
164 }
165
166 //----------------------------------------------------------------//
167
168 Buffer = NULL;
170 ok(Status == STATUS_SUCCESS, "SQIT with TokenType fails with status 0x%08X\n", Status);
171 if (Status == STATUS_SUCCESS)
172 {
173 ok(Buffer != NULL, "Wrong. SQIT call was successful with TokenType arg. But Buffer == NULL\n");
174 if (Buffer)
175 {
176 TType = (PTOKEN_TYPE)Buffer;
177 ok((*TType == TokenPrimary || *TType == TokenImpersonation), "TokenType in not a primary nor impersonation. FAILED\n");
179 }
180 }
181
182 //----------------------------------------------------------------//
183
184 Buffer = NULL;
186 ok(Status == STATUS_SUCCESS, "SQIT with TokenUser fails\n");
187 if (Status == STATUS_SUCCESS)
188 {
189 ok(Buffer != NULL, "Wrong. SQIT call was successful with TokenUser arg. But Buffer == NULL\n");
190 if (Buffer)
191 {
192 TUser = (PTOKEN_USER)Buffer;
193 ok(RtlValidSid(TUser->User.Sid), "TokenUser has an invalid Sid\n");
195 }
196 }
197
198 //----------------------------------------------------------------//
199
200 Buffer = NULL;
202 ok(Status != STATUS_SUCCESS, "SQIT must fail with wrong TOKEN_INFORMATION_CLASS arg\n");
203}
204
205//------------------------------------------------------------------------------//
206
207//------------------------------------------------------------------------------//
208// Body of the main test //
209//------------------------------------------------------------------------------//
210
211START_TEST(SeQueryInfoToken)
212{
217 PAUX_ACCESS_DATA AuxData = NULL;
218 PPRIVILEGE_SET NewPrivilegeSet;
219 BOOLEAN Checker;
223 PTOKEN_PRIVILEGES TPrivileges;
227 ULONG i;
228
230
234
235 // Testing SQIT with current Token
237
238 //----------------------------------------------------------------//
239 // Creating an ACCESS_STATE structure //
240 //----------------------------------------------------------------//
241
244 AuxData = ExAllocatePool(PagedPool, 0xC8);
246
248 (PVOID)AuxData,
251 );
252
253 ok((Status == STATUS_SUCCESS), "SeCreateAccessState failed with Status 0x%08X\n", Status);
254
255 SeCaptureSubjectContext(&AccessState->SubjectSecurityContext);
256 SeLockSubjectContext(&AccessState->SubjectSecurityContext);
257 Token = SeQuerySubjectContextToken(&AccessState->SubjectSecurityContext);
258
259 // Testing SQIT with AccessState Token
261
262 //----------------------------------------------------------------//
263 // Testing other functions //
264 //----------------------------------------------------------------//
265
266 //----------------------------------------------------------------//
267 // Testing SeAppendPrivileges //
268 //----------------------------------------------------------------//
269
270 AuxData->PrivilegeSet->PrivilegeCount = 1;
271
272 // Testing SeAppendPrivileges. Must change PrivilegeCount to 2 (1 + 1)
273
274 NewPrivilegeSet = ExAllocatePool(PagedPool, sizeof(PRIVILEGE_SET));
275 NewPrivilegeSet->PrivilegeCount = 1;
276
277 Status = SeAppendPrivileges(AccessState, NewPrivilegeSet);
278 ok(Status == STATUS_SUCCESS, "SeAppendPrivileges failed\n");
279 ok((AuxData->PrivilegeSet->PrivilegeCount == 2),"PrivelegeCount must be 2, but it is %d\n", AuxData->PrivilegeSet->PrivilegeCount);
280 ExFreePool(NewPrivilegeSet);
281
282 //----------------------------------------------------------------//
283
284 // Testing SeAppendPrivileges. Must change PrivilegeCount to 6 (2 + 4)
285
286 NewPrivilegeSet = ExAllocatePool(PagedPool, 4*sizeof(PRIVILEGE_SET));
287 NewPrivilegeSet->PrivilegeCount = 4;
288
289 Status = SeAppendPrivileges(AccessState, NewPrivilegeSet);
290 ok(Status == STATUS_SUCCESS, "SeAppendPrivileges failed\n");
291 ok((AuxData->PrivilegeSet->PrivilegeCount == 6),"PrivelegeCount must be 6, but it is %d\n", AuxData->PrivilegeSet->PrivilegeCount);
292 ExFreePool(NewPrivilegeSet);
293
294 //----------------------------------------------------------------//
295 // Testing SePrivilegeCheck //
296 //----------------------------------------------------------------//
297
298 // KPROCESSOR_MODE is set to KernelMode ===> Always return TRUE
299 ok(SePrivilegeCheck(AuxData->PrivilegeSet, &(AccessState->SubjectSecurityContext), KernelMode), "SePrivilegeCheck failed with KernelMode mode arg\n");
300 // and call it again
301 ok(SePrivilegeCheck(AuxData->PrivilegeSet, &(AccessState->SubjectSecurityContext), KernelMode), "SePrivilegeCheck failed with KernelMode mode arg\n");
302
303 //----------------------------------------------------------------//
304
305 // KPROCESSOR_MODE is set to UserMode. Expect false
306 ok(!SePrivilegeCheck(AuxData->PrivilegeSet, &(AccessState->SubjectSecurityContext), UserMode), "SePrivilegeCheck unexpected success with UserMode arg\n");
307
308 //----------------------------------------------------------------//
309
310 //----------------------------------------------------------------//
311 // Testing SeFreePrivileges //
312 //----------------------------------------------------------------//
313
315 Checker = SeAccessCheck(
316 AccessState->SecurityDescriptor,
317 &AccessState->SubjectSecurityContext,
318 FALSE,
319 AccessState->OriginalDesiredAccess,
320 AccessState->PreviouslyGrantedAccess,
321 &Privileges,
324 &AccessMask,
325 &Status
326 );
327 ok(Checker, "Checker is NULL\n");
328 ok((Privileges != NULL), "Privileges is NULL\n");
329 if (Privileges)
330 {
331 trace("AuxData->PrivilegeSet->PrivilegeCount = %d ; Privileges->PrivilegeCount = %d\n",
332 AuxData->PrivilegeSet->PrivilegeCount, Privileges->PrivilegeCount);
333 }
335
336
337 //----------------------------------------------------------------//
338 // Testing SePrivilegeCheck //
339 //----------------------------------------------------------------//
340 // I'm trying to make success call of SePrivilegeCheck from UserMode
341 // If we sets Privileges properly, can we expect true from SePrivilegeCheck?
342 // answer: yes
343 // This test demonstrates it
344
345 Buffer = NULL;
347 if (Status == STATUS_SUCCESS)
348 {
349 ok(Buffer != NULL, "Wrong. SQIT call was successful with TokenPrivileges arg. But Buffer == NULL\n");
350 if (Buffer)
351 {
352 TPrivileges = (PTOKEN_PRIVILEGES)(Buffer);
353 //trace("TPCount = %u\n\n", TPrivileges->PrivilegeCount);
354
355 NewPrivilegeSet = ExAllocatePool(PagedPool, 14*sizeof(PRIVILEGE_SET));
356 NewPrivilegeSet->PrivilegeCount = 14;
357
358 ok((SeAppendPrivileges(AccessState, NewPrivilegeSet)) == STATUS_SUCCESS, "SeAppendPrivileges failed\n");
359 ok((AuxData->PrivilegeSet->PrivilegeCount == 20),"PrivelegeCount must be 20, but it is %d\n", AuxData->PrivilegeSet->PrivilegeCount);
360 ExFreePool(NewPrivilegeSet);
361 for (i = 0; i < AuxData->PrivilegeSet->PrivilegeCount; i++)
362 {
363 AuxData->PrivilegeSet->Privilege[i].Attributes = TPrivileges->Privileges[i].Attributes;
364 AuxData->PrivilegeSet->Privilege[i].Luid = TPrivileges->Privileges[i].Luid;
365 }
366 //trace("AccessState->privCount = %u\n\n", ((PAUX_ACCESS_DATA)(AccessState->AuxData))->PrivilegeSet->PrivilegeCount);
367
368 ok(SePrivilegeCheck(AuxData->PrivilegeSet, &(AccessState->SubjectSecurityContext), UserMode), "SePrivilegeCheck fails in UserMode, but I wish it will success\n");
369 }
370 }
371
372 // Call SeFreePrivileges again
373
375 Checker = SeAccessCheck(
376 AccessState->SecurityDescriptor,
377 &AccessState->SubjectSecurityContext,
378 TRUE,
379 AccessState->OriginalDesiredAccess,
380 AccessState->PreviouslyGrantedAccess,
381 &Privileges,
384 &AccessMask,
385 &Status
386 );
387 ok(Checker, "Checker is NULL\n");
388 ok((Privileges != NULL), "Privileges is NULL\n");
389 if (Privileges)
390 {
391 trace("AuxData->PrivilegeSet->PrivilegeCount = %d ; Privileges->PrivilegeCount = %d\n",
392 AuxData->PrivilegeSet->PrivilegeCount, Privileges->PrivilegeCount);
393 }
395
396 //----------------------------------------------------------------//
397 // Missing for now //
398 //----------------------------------------------------------------//
399
400 SeUnlockSubjectContext(&AccessState->SubjectSecurityContext);
402
404
408 if (AuxData) ExFreePool(AuxData);
410}
unsigned char BOOLEAN
static GENERIC_MAPPING GenericMapping
Definition: SeInheritance.c:11
void TestsSeQueryInformationToken(PACCESS_TOKEN Token)
BOOLEAN NTAPI SeAccessCheck(_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext, _In_ BOOLEAN SubjectContextLocked, _In_ ACCESS_MASK DesiredAccess, _In_ ACCESS_MASK PreviouslyGrantedAccess, _Out_ PPRIVILEGE_SET *Privileges, _In_ PGENERIC_MAPPING GenericMapping, _In_ KPROCESSOR_MODE AccessMode, _Out_ PACCESS_MASK GrantedAccess, _Out_ PNTSTATUS AccessStatus)
Determines whether security access rights can be given to an object depending on the security descrip...
Definition: accesschk.c:1994
#define trace
Definition: atltest.h:70
#define ok(value,...)
Definition: atltest.h:57
#define START_TEST(x)
Definition: atltest.h:75
LONG NTSTATUS
Definition: precomp.h:26
FT_UInt sid
Definition: cffcmap.c:139
Definition: bufpool.h:45
#define NULL
Definition: types.h:112
#define TRUE
Definition: types.h:120
#define FALSE
Definition: types.h:117
#define ExFreePool(addr)
Definition: env_spec_w32.h:352
#define PagedPool
Definition: env_spec_w32.h:308
#define ExAllocatePool(type, size)
Definition: fbtusb.h:44
_Inout_ PLIST_ENTRY _In_ PVOID _In_ PSTRING _In_ BOOLEAN _In_ BOOLEAN _In_ ULONG _In_ PFLT_CALLBACK_DATA _In_opt_ PCHECK_FOR_TRAVERSE_ACCESS _In_opt_ PSECURITY_SUBJECT_CONTEXT SubjectContext
Definition: fltkernel.h:2246
Status
Definition: gdiplustypes.h:25
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
@ TokenImpersonation
Definition: imports.h:274
@ TokenPrimary
Definition: imports.h:273
#define KernelMode
Definition: asm.h:34
#define UserMode
Definition: asm.h:35
_In_ ACCESS_MASK AccessMask
Definition: exfuncs.h:186
NTSYSAPI BOOLEAN NTAPI RtlValidSid(IN PSID Sid)
Definition: sid.c:21
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN _In_ TOKEN_TYPE TokenType
Definition: sefuncs.h:411
ULONG ACCESS_MASK
Definition: nt_native.h:40
#define MAXIMUM_ALLOWED
Definition: nt_native.h:83
OBJECT_TYPE
Definition: ntobjenum.h:13
POBJECT_TYPE PsProcessType
Definition: process.c:20
NTSTATUS NTAPI SeCreateAccessState(_Inout_ PACCESS_STATE AccessState, _In_ PAUX_ACCESS_DATA AuxData, _In_ ACCESS_MASK Access, _In_ PGENERIC_MAPPING GenericMapping)
Creates an access state.
Definition: access.c:121
VOID NTAPI SeDeleteAccessState(_In_ PACCESS_STATE AccessState)
Deletes an allocated access state from the memory.
Definition: access.c:150
BOOLEAN NTAPI SePrivilegeCheck(_In_ PPRIVILEGE_SET Privileges, _In_ PSECURITY_SUBJECT_CONTEXT SubjectContext, _In_ KPROCESSOR_MODE PreviousMode)
Checks if a set of privileges exist and match within a security subject context.
Definition: priv.c:698
VOID NTAPI SeFreePrivileges(_In_ PPRIVILEGE_SET Privileges)
Frees a set of privileges.
Definition: priv.c:669
NTSTATUS NTAPI SeAppendPrivileges(_Inout_ PACCESS_STATE AccessState, _In_ PPRIVILEGE_SET Privileges)
Appends additional privileges.
Definition: priv.c:588
#define STATUS_INVALID_INFO_CLASS
Definition: ntstatus.h:240
#define STATUS_SUCCESS
Definition: shellext.h:65
Definition: xml2sdb.h:80
UCHAR AclRevision
Definition: ms-dtyp.idl:294
PPRIVILEGE_SET PrivilegeSet
Definition: setypes.h:258
LONG HighPart
DWORD LowPart
LUID_AND_ATTRIBUTES Privilege[ANYSIZE_ARRAY]
Definition: setypes.h:88
$ULONG PrivilegeCount
Definition: setypes.h:86
SID_AND_ATTRIBUTES Groups[ANYSIZE_ARRAY]
Definition: setypes.h:1018
$ULONG GroupCount
Definition: setypes.h:1014
PSID Owner
Definition: setypes.h:1028
LUID_AND_ATTRIBUTES Privileges[ANYSIZE_ARRAY]
Definition: setypes.h:1024
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
Definition: setypes.h:1090
$ULONG PrivilegeCount
Definition: setypes.h:1094
$ULONG GroupCount
Definition: setypes.h:1093
SID_AND_ATTRIBUTES User
Definition: setypes.h:1010
VOID NTAPI SeLockSubjectContext(_In_ PSECURITY_SUBJECT_CONTEXT SubjectContext)
Locks both the referenced primary and client access tokens of a security subject context.
Definition: subject.c:107
VOID NTAPI SeUnlockSubjectContext(_In_ PSECURITY_SUBJECT_CONTEXT SubjectContext)
Unlocks both the referenced primary and client access tokens of a security subject context.
Definition: subject.c:138
VOID NTAPI SeCaptureSubjectContext(_Out_ PSECURITY_SUBJECT_CONTEXT SubjectContext)
Captures the security subject context of the calling thread and calling process.
Definition: subject.c:85
NTSTATUS NTAPI SeQueryInformationToken(_In_ PACCESS_TOKEN AccessToken, _In_ TOKEN_INFORMATION_CLASS TokenInformationClass, _Outptr_result_buffer_(_Inexpressible_(token-dependent)) PVOID *TokenInformation)
Queries information details about the given token to the call. The difference between NtQueryInformat...
Definition: tokencls.c:95
uint32_t ULONG
Definition: typedefs.h:59
char * PCHAR
Definition: typedefs.h:51
_Must_inspect_result_ _In_ WDFDEVICE _In_ ULONG _In_ ACCESS_MASK DesiredAccess
Definition: wdfdevice.h:2658
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET * Privileges
Definition: sefuncs.h:17
#define SeQuerySubjectContextToken(SubjectContext)
Definition: sefuncs.h:583
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE AccessState
Definition: sefuncs.h:417
#define ACL_REVISION_DS
Definition: setypes.h:40
struct _TOKEN_GROUPS * PTOKEN_GROUPS
struct _TOKEN_STATISTICS * PTOKEN_STATISTICS
struct _TOKEN_DEFAULT_DACL * PTOKEN_DEFAULT_DACL
struct _TOKEN_USER * PTOKEN_USER
@ TokenDefaultDacl
Definition: setypes.h:971
@ TokenGroupsAndPrivileges
Definition: setypes.h:978
@ TokenStatistics
Definition: setypes.h:975
@ TokenImpersonationLevel
Definition: setypes.h:974
@ TokenSandBoxInert
Definition: setypes.h:980
@ TokenRestrictedSids
Definition: setypes.h:976
@ TokenGroups
Definition: setypes.h:967
@ TokenPrivileges
Definition: setypes.h:968
@ TokenUser
Definition: setypes.h:966
@ TokenOrigin
Definition: setypes.h:982
@ TokenOwner
Definition: setypes.h:969
struct _TOKEN_PRIVILEGES * PTOKEN_PRIVILEGES
#define ACL_REVISION
Definition: setypes.h:39
enum _TOKEN_TYPE * PTOKEN_TYPE