ReactOS  0.4.15-dev-2961-gecb0c09
SeQueryInfoToken.c
Go to the documentation of this file.
1 /*
2 * PROJECT: ReactOS kernel-mode tests
3 * LICENSE: GPLv2+ - See COPYING in the top level directory
4 * PURPOSE: Kernel-Mode Test Suite Process Notification Routines test
5 * PROGRAMMER: Constantine Belev (Moscow State Technical University)
6 * Denis Grishin (Moscow State Technical University)
7 * Egor Sinitsyn (Moscow State Technical University)
8 */
9 
10 #include <kmt_test.h>
11 #include <ntifs.h>
12 
13 #define NDEBUG
14 #include <debug.h>
15 
16 //------------------------------------------------------------------------------//
17 // Testing Functions //
18 //------------------------------------------------------------------------------//
19 
20 // Testing function for SQIT
21 
23 {
25  PVOID Buffer = NULL;
26  PSID sid;
27  PTOKEN_OWNER Towner;
28  PTOKEN_DEFAULT_DACL TDefDacl;
29  PTOKEN_GROUPS TGroups;
30  ULONG GroupCount;
31  PACL acl;
32  PTOKEN_STATISTICS TStats;
33  PTOKEN_TYPE TType;
34  PTOKEN_USER TUser;
35  BOOLEAN Flag;
36  ULONG i;
37 
38  //----------------------------------------------------------------//
39  // Testing SeQueryInformationToken with various args //
40  //----------------------------------------------------------------//
41 
42  ok(Token != NULL, "Token is not captured. Testing SQIT interrupted\n\n");
43 
44  if (Token == NULL) return;
45 
47  ok((Status == STATUS_SUCCESS), "SQIT with TokenOwner arg fails with status 0x%08X\n", Status);
48  if (Status == STATUS_SUCCESS)
49  {
50  ok(Buffer != NULL, "Wrong. SQIT call was successful with TokenOwner arg. But Buffer == NULL\n");
51 
52  if (Buffer)
53  {
54  Towner = (TOKEN_OWNER *)Buffer;
55  sid = Towner->Owner;
56  ok((RtlValidSid(sid) == TRUE), "TokenOwner's SID is not a valid SID\n");
58  }
59  }
60 
61  //----------------------------------------------------------------//
62 
63  Buffer = NULL;
65  ok(Status == STATUS_SUCCESS, "SQIT with TokenDefaultDacl fails with status 0x%08X\n", Status);
66  if (Status == STATUS_SUCCESS)
67  {
68  ok(Buffer != NULL, "Wrong. SQIT call was successful with TokenDefaultDacl arg. But Buffer == NULL\n");
69  if (Buffer)
70  {
71  TDefDacl = (PTOKEN_DEFAULT_DACL)Buffer;
72  acl = TDefDacl->DefaultDacl;
73  ok(((acl->AclRevision == ACL_REVISION || acl->AclRevision == ACL_REVISION_DS) == TRUE), "DACL is invalid\n");
75  }
76  }
77 
78  //----------------------------------------------------------------//
79 
80  Buffer = NULL;
82  ok(Status == STATUS_SUCCESS, "SQIT with TokenGroups fails with status 0x%08X\n", Status);
83  if (Status == STATUS_SUCCESS)
84  {
85  ok(Buffer != NULL, "Wrong. SQIT call was successful with TokenGroups arg. But Buffer == NULL\n");
86  if (Buffer)
87  {
88  TGroups = (PTOKEN_GROUPS)Buffer;
89  GroupCount = TGroups->GroupCount;
90  Flag = TRUE;
91  for (i = 0; i < GroupCount; i++)
92  {
93  sid = TGroups->Groups[i].Sid;
94  if (!RtlValidSid(sid))
95  {
96  Flag = FALSE;
97  break;
98  }
99  }
100  ok((Flag == TRUE), "TokenGroup's SIDs are not valid\n");
102  }
103  }
104 
105  //----------------------------------------------------------------//
106 
107  // Call SQIT with TokenImpersonationLevel argument. Although our token
108  // is not an impersonation token, the call will outright fail.
109 
110  Buffer = NULL;
112  ok(Status == STATUS_INVALID_INFO_CLASS, "SQIT with TokenImpersonationLevel must return STATUS_INVALID_INFO_CLASS but got 0x%08X\n", Status);
113  ok(Buffer == NULL, "SQIT has failed to query the impersonation level but buffer is not NULL!\n");
114 
115  //----------------------------------------------------------------//
116 
117  // Call SQIT with the 4 classes (TokenOrigin, TokenGroupsAndPrivileges,
118  // TokenRestrictedSids and TokenSandBoxInert) are not supported by
119  // SeQueryInformationToken (only NtQueryInformationToken supports them).
120  //
121 
122  Buffer = NULL;
124  ok(Status == STATUS_INVALID_INFO_CLASS, "SQIT with TokenOrigin failed with Status 0x%08X; expected STATUS_INVALID_INFO_CLASS\n", Status);
125  ok(Buffer == NULL, "Wrong. SQIT call failed. But Buffer != NULL\n");
126 
127  Buffer = NULL;
129  ok(Status == STATUS_INVALID_INFO_CLASS, "SQIT with TokenGroupsAndPrivileges failed with Status 0x%08X; expected STATUS_INVALID_INFO_CLASS\n", Status);
130  ok(Buffer == NULL, "Wrong. SQIT call failed. But Buffer != NULL\n");
131 
132  Buffer = NULL;
134  ok(Status == STATUS_INVALID_INFO_CLASS, "SQIT with TokenRestrictedSids failed with Status 0x%08X; expected STATUS_INVALID_INFO_CLASS\n", Status);
135  ok(Buffer == NULL, "Wrong. SQIT call failed. But Buffer != NULL\n");
136 
137  Buffer = NULL;
139  ok(Status == STATUS_INVALID_INFO_CLASS, "SQIT with TokenSandBoxInert failed with Status 0x%08X; expected STATUS_INVALID_INFO_CLASS\n", Status);
140  ok(Buffer == NULL, "Wrong. SQIT call failed. But Buffer != NULL\n");
141 
142  //----------------------------------------------------------------//
143 
144  Buffer = NULL;
146  ok(Status == STATUS_SUCCESS, "SQIT with TokenStatistics fails with status 0x%08X\n", Status);
147  if (Status == STATUS_SUCCESS)
148  {
149  ok(Buffer != NULL, "Wrong. SQIT call was successful with TokenStatistics arg. But Buffer == NULL\n");
150  if (Buffer)
151  {
152  TStats = (PTOKEN_STATISTICS)Buffer;
153  // just put 0 into 1st arg or use trace to print TokenStatistics
154  ok(1, "print statistics:\n\tTokenID = %u_%d\n\tSecurityImperLevel = %d\n\tPrivCount = %d\n\tGroupCount = %d\n\n", TStats->TokenId.LowPart,
155  TStats->TokenId.HighPart,
156  TStats->ImpersonationLevel,
157  TStats->PrivilegeCount,
158  TStats->GroupCount
159  );
161  }
162  } else {
163  ok(Buffer == NULL, "Wrong. SQIT call failed. But Buffer != NULL\n");
164  }
165 
166  //----------------------------------------------------------------//
167 
168  Buffer = NULL;
170  ok(Status == STATUS_SUCCESS, "SQIT with TokenType fails with status 0x%08X\n", Status);
171  if (Status == STATUS_SUCCESS)
172  {
173  ok(Buffer != NULL, "Wrong. SQIT call was successful with TokenType arg. But Buffer == NULL\n");
174  if (Buffer)
175  {
176  TType = (PTOKEN_TYPE)Buffer;
177  ok((*TType == TokenPrimary || *TType == TokenImpersonation), "TokenType in not a primary nor impersonation. FAILED\n");
179  }
180  }
181 
182  //----------------------------------------------------------------//
183 
184  Buffer = NULL;
186  ok(Status == STATUS_SUCCESS, "SQIT with TokenUser fails\n");
187  if (Status == STATUS_SUCCESS)
188  {
189  ok(Buffer != NULL, "Wrong. SQIT call was successful with TokenUser arg. But Buffer == NULL\n");
190  if (Buffer)
191  {
192  TUser = (PTOKEN_USER)Buffer;
193  ok(RtlValidSid(TUser->User.Sid), "TokenUser has an invalid Sid\n");
195  }
196  }
197 
198  //----------------------------------------------------------------//
199 
200  Buffer = NULL;
202  ok(Status != STATUS_SUCCESS, "SQIT must fail with wrong TOKEN_INFORMATION_CLASS arg\n");
203 }
204 
205 //------------------------------------------------------------------------------//
206 
207 //------------------------------------------------------------------------------//
208 // Body of the main test //
209 //------------------------------------------------------------------------------//
210 
211 START_TEST(SeQueryInfoToken)
212 {
217  PAUX_ACCESS_DATA AuxData = NULL;
218  PPRIVILEGE_SET NewPrivilegeSet;
219  BOOLEAN Checker;
223  PTOKEN_PRIVILEGES TPrivileges;
224  PVOID Buffer;
227  ULONG i;
228 
230 
234 
235  // Testing SQIT with current Token
237 
238  //----------------------------------------------------------------//
239  // Creating an ACCESS_STATE structure //
240  //----------------------------------------------------------------//
241 
244  AuxData = ExAllocatePool(PagedPool, 0xC8);
246 
248  (PVOID)AuxData,
251  );
252 
253  ok((Status == STATUS_SUCCESS), "SeCreateAccessState failed with Status 0x%08X\n", Status);
254 
255  SeCaptureSubjectContext(&AccessState->SubjectSecurityContext);
256  SeLockSubjectContext(&AccessState->SubjectSecurityContext);
257  Token = SeQuerySubjectContextToken(&AccessState->SubjectSecurityContext);
258 
259  // Testing SQIT with AccessState Token
261 
262  //----------------------------------------------------------------//
263  // Testing other functions //
264  //----------------------------------------------------------------//
265 
266  //----------------------------------------------------------------//
267  // Testing SeAppendPrivileges //
268  //----------------------------------------------------------------//
269 
270  AuxData->PrivilegeSet->PrivilegeCount = 1;
271 
272  // Testing SeAppendPrivileges. Must change PrivilegeCount to 2 (1 + 1)
273 
274  NewPrivilegeSet = ExAllocatePool(PagedPool, sizeof(PRIVILEGE_SET));
275  NewPrivilegeSet->PrivilegeCount = 1;
276 
277  Status = SeAppendPrivileges(AccessState, NewPrivilegeSet);
278  ok(Status == STATUS_SUCCESS, "SeAppendPrivileges failed\n");
279  ok((AuxData->PrivilegeSet->PrivilegeCount == 2),"PrivelegeCount must be 2, but it is %d\n", AuxData->PrivilegeSet->PrivilegeCount);
280  ExFreePool(NewPrivilegeSet);
281 
282  //----------------------------------------------------------------//
283 
284  // Testing SeAppendPrivileges. Must change PrivilegeCount to 6 (2 + 4)
285 
286  NewPrivilegeSet = ExAllocatePool(PagedPool, 4*sizeof(PRIVILEGE_SET));
287  NewPrivilegeSet->PrivilegeCount = 4;
288 
289  Status = SeAppendPrivileges(AccessState, NewPrivilegeSet);
290  ok(Status == STATUS_SUCCESS, "SeAppendPrivileges failed\n");
291  ok((AuxData->PrivilegeSet->PrivilegeCount == 6),"PrivelegeCount must be 6, but it is %d\n", AuxData->PrivilegeSet->PrivilegeCount);
292  ExFreePool(NewPrivilegeSet);
293 
294  //----------------------------------------------------------------//
295  // Testing SePrivilegeCheck //
296  //----------------------------------------------------------------//
297 
298  // KPROCESSOR_MODE is set to KernelMode ===> Always return TRUE
299  ok(SePrivilegeCheck(AuxData->PrivilegeSet, &(AccessState->SubjectSecurityContext), KernelMode), "SePrivilegeCheck failed with KernelMode mode arg\n");
300  // and call it again
301  ok(SePrivilegeCheck(AuxData->PrivilegeSet, &(AccessState->SubjectSecurityContext), KernelMode), "SePrivilegeCheck failed with KernelMode mode arg\n");
302 
303  //----------------------------------------------------------------//
304 
305  // KPROCESSOR_MODE is set to UserMode. Expect false
306  ok(!SePrivilegeCheck(AuxData->PrivilegeSet, &(AccessState->SubjectSecurityContext), UserMode), "SePrivilegeCheck unexpected success with UserMode arg\n");
307 
308  //----------------------------------------------------------------//
309 
310  //----------------------------------------------------------------//
311  // Testing SeFreePrivileges //
312  //----------------------------------------------------------------//
313 
314  Privileges = NULL;
315  Checker = SeAccessCheck(
316  AccessState->SecurityDescriptor,
317  &AccessState->SubjectSecurityContext,
318  FALSE,
319  AccessState->OriginalDesiredAccess,
320  AccessState->PreviouslyGrantedAccess,
321  &Privileges,
323  KernelMode,
324  &AccessMask,
325  &Status
326  );
327  ok(Checker, "Checker is NULL\n");
328  ok((Privileges != NULL), "Privileges is NULL\n");
329  if (Privileges)
330  {
331  trace("AuxData->PrivilegeSet->PrivilegeCount = %d ; Privileges->PrivilegeCount = %d\n",
332  AuxData->PrivilegeSet->PrivilegeCount, Privileges->PrivilegeCount);
333  }
335 
336 
337  //----------------------------------------------------------------//
338  // Testing SePrivilegeCheck //
339  //----------------------------------------------------------------//
340  // I'm trying to make success call of SePrivilegeCheck from UserMode
341  // If we sets Privileges properly, can we expect true from SePrivilegeCheck?
342  // answer: yes
343  // This test demonstrates it
344 
345  Buffer = NULL;
347  if (Status == STATUS_SUCCESS)
348  {
349  ok(Buffer != NULL, "Wrong. SQIT call was successful with TokenPrivileges arg. But Buffer == NULL\n");
350  if (Buffer)
351  {
352  TPrivileges = (PTOKEN_PRIVILEGES)(Buffer);
353  //trace("TPCount = %u\n\n", TPrivileges->PrivilegeCount);
354 
355  NewPrivilegeSet = ExAllocatePool(PagedPool, 14*sizeof(PRIVILEGE_SET));
356  NewPrivilegeSet->PrivilegeCount = 14;
357 
358  ok((SeAppendPrivileges(AccessState, NewPrivilegeSet)) == STATUS_SUCCESS, "SeAppendPrivileges failed\n");
359  ok((AuxData->PrivilegeSet->PrivilegeCount == 20),"PrivelegeCount must be 20, but it is %d\n", AuxData->PrivilegeSet->PrivilegeCount);
360  ExFreePool(NewPrivilegeSet);
361  for (i = 0; i < AuxData->PrivilegeSet->PrivilegeCount; i++)
362  {
363  AuxData->PrivilegeSet->Privilege[i].Attributes = TPrivileges->Privileges[i].Attributes;
364  AuxData->PrivilegeSet->Privilege[i].Luid = TPrivileges->Privileges[i].Luid;
365  }
366  //trace("AccessState->privCount = %u\n\n", ((PAUX_ACCESS_DATA)(AccessState->AuxData))->PrivilegeSet->PrivilegeCount);
367 
368  ok(SePrivilegeCheck(AuxData->PrivilegeSet, &(AccessState->SubjectSecurityContext), UserMode), "SePrivilegeCheck fails in UserMode, but I wish it will success\n");
369  }
370  }
371 
372  // Call SeFreePrivileges again
373 
374  Privileges = NULL;
375  Checker = SeAccessCheck(
376  AccessState->SecurityDescriptor,
377  &AccessState->SubjectSecurityContext,
378  TRUE,
379  AccessState->OriginalDesiredAccess,
380  AccessState->PreviouslyGrantedAccess,
381  &Privileges,
383  KernelMode,
384  &AccessMask,
385  &Status
386  );
387  ok(Checker, "Checker is NULL\n");
388  ok((Privileges != NULL), "Privileges is NULL\n");
389  if (Privileges)
390  {
391  trace("AuxData->PrivilegeSet->PrivilegeCount = %d ; Privileges->PrivilegeCount = %d\n",
392  AuxData->PrivilegeSet->PrivilegeCount, Privileges->PrivilegeCount);
393  }
395 
396  //----------------------------------------------------------------//
397  // Missing for now //
398  //----------------------------------------------------------------//
399 
400  SeUnlockSubjectContext(&AccessState->SubjectSecurityContext);
402 
404 
408  if (AuxData) ExFreePool(AuxData);
410 }
signed char * PCHAR
Definition: retypes.h:7
#define MAXIMUM_ALLOWED
Definition: nt_native.h:83
VOID NTAPI SeCaptureSubjectContext(OUT PSECURITY_SUBJECT_CONTEXT SubjectContext)
Definition: access.c:301
BOOLEAN NTAPI SeAccessCheck(IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext, IN BOOLEAN SubjectContextLocked, IN ACCESS_MASK DesiredAccess, IN ACCESS_MASK PreviouslyGrantedAccess, OUT PPRIVILEGE_SET *Privileges, IN PGENERIC_MAPPING GenericMapping, IN KPROCESSOR_MODE AccessMode, OUT PACCESS_MASK GrantedAccess, OUT PNTSTATUS AccessStatus)
Definition: accesschk.c:340
_Inout_ PLIST_ENTRY _In_ PVOID _In_ PSTRING _In_ BOOLEAN _In_ BOOLEAN _In_ ULONG _In_ PFLT_CALLBACK_DATA _In_opt_ PCHECK_FOR_TRAVERSE_ACCESS _In_opt_ PSECURITY_SUBJECT_CONTEXT SubjectContext
Definition: fltkernel.h:2238
_Must_inspect_result_ _In_ WDFDEVICE _In_ ULONG _In_ ACCESS_MASK DesiredAccess
Definition: wdfdevice.h:2654
NTSTATUS NTAPI SeCreateAccessState(IN OUT PACCESS_STATE AccessState, IN PAUX_ACCESS_DATA AuxData, IN ACCESS_MASK Access, IN PGENERIC_MAPPING GenericMapping)
Definition: access.c:439
NTSTATUS NTAPI SeQueryInformationToken(_In_ PACCESS_TOKEN AccessToken, _In_ TOKEN_INFORMATION_CLASS TokenInformationClass, _Outptr_result_buffer_(_Inexpressible_(token-dependent)) PVOID *TokenInformation)
Queries information details about the given token to the call. The difference between NtQueryInformat...
Definition: token.c:1826
VOID NTAPI SeUnlockSubjectContext(IN PSECURITY_SUBJECT_CONTEXT SubjectContext)
Definition: access.c:336
IN BOOLEAN OUT PSTR Buffer
Definition: progress.h:34
#define TRUE
Definition: types.h:120
#define ACL_REVISION_DS
Definition: setypes.h:40
enum _TOKEN_TYPE * PTOKEN_TYPE
$ULONG GroupCount
Definition: setypes.h:1043
LONG NTSTATUS
Definition: precomp.h:26
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
VOID NTAPI SeLockSubjectContext(IN PSECURITY_SUBJECT_CONTEXT SubjectContext)
Definition: access.c:314
FT_UInt sid
Definition: cffcmap.c:139
struct _TOKEN_DEFAULT_DACL * PTOKEN_DEFAULT_DACL
#define FALSE
Definition: types.h:117
NTSTATUS NTAPI SeAppendPrivileges(IN OUT PACCESS_STATE AccessState, IN PPRIVILEGE_SET Privileges)
Definition: priv.c:403
unsigned char BOOLEAN
PSID Owner
Definition: setypes.h:978
Definition: bufpool.h:45
struct _TOKEN_GROUPS * PTOKEN_GROUPS
NTSYSAPI BOOLEAN NTAPI RtlValidSid(IN PSID Sid)
Definition: sid.c:21
$ULONG PrivilegeCount
Definition: setypes.h:86
OBJECT_TYPE
Definition: ntobjenum.h:23
Status
Definition: gdiplustypes.h:24
#define trace
Definition: atltest.h:70
DWORD LowPart
START_TEST(SeQueryInfoToken)
Definition: xml2sdb.h:79
_In_ ACCESS_MASK AccessMask
Definition: exfuncs.h:186
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
Definition: setypes.h:1040
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET * Privileges
Definition: sefuncs.h:13
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE AccessState
Definition: sefuncs.h:414
struct _TOKEN_PRIVILEGES * PTOKEN_PRIVILEGES
struct _TOKEN_STATISTICS * PTOKEN_STATISTICS
#define STATUS_INVALID_INFO_CLASS
Definition: ntstatus.h:240
LONG HighPart
#define ExAllocatePool(type, size)
Definition: fbtusb.h:44
#define SeQuerySubjectContextToken(SubjectContext)
Definition: sefuncs.h:583
BOOLEAN NTAPI SePrivilegeCheck(PPRIVILEGE_SET Privileges, PSECURITY_SUBJECT_CONTEXT SubjectContext, KPROCESSOR_MODE PreviousMode)
Definition: priv.c:487
static GENERIC_MAPPING GenericMapping
Definition: SeInheritance.c:11
UCHAR AclRevision
Definition: ms-dtyp.idl:294
VOID NTAPI SeFreePrivileges(IN PPRIVILEGE_SET Privileges)
Definition: priv.c:476
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
$ULONG PrivilegeCount
Definition: setypes.h:1044
#define ok(value,...)
Definition: atltest.h:57
SID_AND_ATTRIBUTES Groups[ANYSIZE_ARRAY]
Definition: setypes.h:968
VOID NTAPI SeDeleteAccessState(IN PACCESS_STATE AccessState)
Definition: access.c:460
#define NULL
Definition: types.h:112
LUID_AND_ATTRIBUTES Privileges[ANYSIZE_ARRAY]
Definition: setypes.h:974
#define ACL_REVISION
Definition: setypes.h:39
void TestsSeQueryInformationToken(PACCESS_TOKEN Token)
$ULONG GroupCount
Definition: setypes.h:964
unsigned int ULONG
Definition: retypes.h:1
struct _TOKEN_USER * PTOKEN_USER
SID_AND_ATTRIBUTES User
Definition: setypes.h:960
#define STATUS_SUCCESS
Definition: shellext.h:65
POBJECT_TYPE PsProcessType
Definition: process.c:20
ULONG ACCESS_MASK
Definition: nt_native.h:40
#define ExFreePool(addr)
Definition: env_spec_w32.h:352
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN _In_ TOKEN_TYPE TokenType
Definition: sefuncs.h:417