ReactOS 0.4.16-dev-1946-g52006dd
Macros | Functions
obsecure.c File Reference
#include <ntoskrnl.h>
#include <debug.h>
Include dependency graph for obsecure.c:

Go to the source code of this file.

Macros

#define NDEBUG
 

Functions

NTSTATUS NTAPI ObAssignObjectSecurityDescriptor (IN PVOID Object, IN PSECURITY_DESCRIPTOR SecurityDescriptor OPTIONAL, IN POOL_TYPE PoolType)
 
NTSTATUS NTAPI ObDeassignSecurity (IN OUT PSECURITY_DESCRIPTOR *SecurityDescriptor)
 
NTSTATUS NTAPI ObQuerySecurityDescriptorInfo (IN PVOID Object, IN PSECURITY_INFORMATION SecurityInformation, OUT PSECURITY_DESCRIPTOR SecurityDescriptor, IN OUT PULONG Length, IN PSECURITY_DESCRIPTOR *OutputSecurityDescriptor)
 
NTSTATUS NTAPI ObSetSecurityDescriptorInfo (IN PVOID Object, IN PSECURITY_INFORMATION SecurityInformation, IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor, IN OUT PSECURITY_DESCRIPTOR *OutputSecurityDescriptor, IN POOL_TYPE PoolType, IN PGENERIC_MAPPING GenericMapping)
 
BOOLEAN NTAPI ObCheckCreateObjectAccess (IN PVOID Object, IN ACCESS_MASK CreateAccess, IN PACCESS_STATE AccessState, IN PUNICODE_STRING ComponentName, IN BOOLEAN LockHeld, IN KPROCESSOR_MODE AccessMode, OUT PNTSTATUS AccessStatus)
 
BOOLEAN NTAPI ObpCheckTraverseAccess (IN PVOID Object, IN ACCESS_MASK TraverseAccess, IN PACCESS_STATE AccessState OPTIONAL, IN BOOLEAN LockHeld, IN KPROCESSOR_MODE AccessMode, OUT PNTSTATUS AccessStatus)
 
BOOLEAN NTAPI ObpCheckObjectReference (IN PVOID Object, IN OUT PACCESS_STATE AccessState, IN BOOLEAN LockHeld, IN KPROCESSOR_MODE AccessMode, OUT PNTSTATUS AccessStatus)
 
BOOLEAN NTAPI ObCheckObjectAccess (IN PVOID Object, IN OUT PACCESS_STATE AccessState, IN BOOLEAN LockHeld, IN KPROCESSOR_MODE AccessMode, OUT PNTSTATUS ReturnedStatus)
 
NTSTATUS NTAPI ObAssignSecurity (IN PACCESS_STATE AccessState, IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN PVOID Object, IN POBJECT_TYPE Type)
 
NTSTATUS NTAPI ObGetObjectSecurity (IN PVOID Object, OUT PSECURITY_DESCRIPTOR *SecurityDescriptor, OUT PBOOLEAN MemoryAllocated)
 
VOID NTAPI ObReleaseObjectSecurity (IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN BOOLEAN MemoryAllocated)
 
NTSTATUS NTAPI ObSetSecurityObjectByPointer (IN PVOID Object, IN SECURITY_INFORMATION SecurityInformation, IN PSECURITY_DESCRIPTOR SecurityDescriptor)
 
NTSTATUS NTAPI NtQuerySecurityObject (IN HANDLE Handle, IN SECURITY_INFORMATION SecurityInformation, OUT PSECURITY_DESCRIPTOR SecurityDescriptor, IN ULONG Length, OUT PULONG ResultLength)
 
NTSTATUS NTAPI NtSetSecurityObject (IN HANDLE Handle, IN SECURITY_INFORMATION SecurityInformation, IN PSECURITY_DESCRIPTOR SecurityDescriptor)
 
NTSTATUS NTAPI ObQueryObjectAuditingByHandle (IN HANDLE Handle, OUT PBOOLEAN GenerateOnClose)
 

Macro Definition Documentation

◆ NDEBUG

#define NDEBUG

Definition at line 13 of file obsecure.c.

Function Documentation

◆ NtQuerySecurityObject()

NTSTATUS NTAPI NtQuerySecurityObject ( IN HANDLE  Handle,
IN SECURITY_INFORMATION  SecurityInformation,
OUT PSECURITY_DESCRIPTOR  SecurityDescriptor,
IN ULONG  Length,
OUT PULONG  ResultLength 
)

Definition at line 803 of file obsecure.c.

808{
809 KPROCESSOR_MODE PreviousMode = ExGetPreviousMode();
810 PVOID Object;
811 POBJECT_HEADER Header;
812 POBJECT_TYPE Type;
813 ACCESS_MASK DesiredAccess;
814 NTSTATUS Status;
815 PAGED_CODE();
816
817 /* Check if we came from user mode */
818 if (PreviousMode != KernelMode)
819 {
820 /* Enter SEH */
821 _SEH2_TRY
822 {
823 /* Probe the SD and the length pointer */
824 ProbeForWrite(SecurityDescriptor, Length, sizeof(ULONG));
825 ProbeForWriteUlong(ResultLength);
826 }
827 _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
828 {
829 /* Return the exception code */
830 _SEH2_YIELD(return _SEH2_GetExceptionCode());
831 }
832 _SEH2_END;
833 }
834
835 /* Get the required access rights for the operation */
836 SeQuerySecurityAccessMask(SecurityInformation, &DesiredAccess);
837
838 /* Reference the object */
839 Status = ObReferenceObjectByHandle(Handle,
840 DesiredAccess,
841 NULL,
842 PreviousMode,
843 &Object,
844 NULL);
845 if (!NT_SUCCESS(Status)) return Status;
846
847 /* Get the Object Header and Type */
848 Header = OBJECT_TO_OBJECT_HEADER(Object);
849 Type = Header->Type;
850
851 /* Call the security procedure's query function */
852 Status = Type->TypeInfo.SecurityProcedure(Object,
853 QuerySecurityDescriptor,
854 &SecurityInformation,
855 SecurityDescriptor,
856 &Length,
857 &Header->SecurityDescriptor,
858 Type->TypeInfo.PoolType,
859 &Type->TypeInfo.GenericMapping);
860
861 /* Dereference the object */
862 ObDereferenceObject(Object);
863
864 /* Protect write with SEH */
865 _SEH2_TRY
866 {
867 /* Return the needed length */
868 *ResultLength = Length;
869 }
870 _SEH2_EXCEPT(ExSystemExceptionFilter())
871 {
872 /* Get the exception code */
873 Status = _SEH2_GetExceptionCode();
874 }
875 _SEH2_END;
876
877 /* Return status */
878 return Status;
879}
PAGED_CODE
#define PAGED_CODE()
Definition: Bus_PDO_EvalMethod.c:87
PreviousMode
_In_ PVOID _In_ ULONG _Out_ PVOID _In_ ULONG _Inout_ PULONG _In_ KPROCESSOR_MODE PreviousMode
Definition: KdSystemDebugControl.c:35
Type
Type
Definition: Type.h:7
NTSTATUS
LONG NTSTATUS
Definition: precomp.h:26
Header
Definition: Header.h:9
NULL
#define NULL
Definition: types.h:112
NT_SUCCESS
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:33
ExGetPreviousMode
#define ExGetPreviousMode
Definition: ex.h:143
ProbeForWrite
VOID NTAPI ProbeForWrite(IN PVOID Address, IN SIZE_T Length, IN ULONG Alignment)
Definition: exintrin.c:143
SecurityInformation
_Must_inspect_result_ _In_ PFILE_OBJECT _In_ SECURITY_INFORMATION SecurityInformation
Definition: fltkernel.h:1340
Handle
ULONG Handle
Definition: gdb_input.c:15
Status
Status
Definition: gdiplustypes.h:25
ExSystemExceptionFilter
LONG NTAPI ExSystemExceptionFilter(VOID)
Definition: harderr.c:349
EXCEPTION_EXECUTE_HANDLER
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:90
KernelMode
#define KernelMode
Definition: asm.h:38
OBJECT_TO_OBJECT_HEADER
#define OBJECT_TO_OBJECT_HEADER(o)
Definition: obtypes.h:111
ACCESS_MASK
ULONG ACCESS_MASK
Definition: nt_native.h:40
Length
_In_ ULONG _In_ ULONG _In_ ULONG Length
Definition: ntddpcm.h:102
SeQuerySecurityAccessMask
VOID NTAPI SeQuerySecurityAccessMask(_In_ SECURITY_INFORMATION SecurityInformation, _Out_ PACCESS_MASK DesiredAccess)
Queries the access mask from a security information context.
Definition: semgr.c:427
ObReferenceObjectByHandle
NTSTATUS NTAPI ObReferenceObjectByHandle(IN HANDLE Handle, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, OUT PVOID *Object, OUT POBJECT_HANDLE_INFORMATION HandleInformation OPTIONAL)
Definition: obref.c:494
_SEH2_GetExceptionCode
#define _SEH2_GetExceptionCode()
Definition: pseh2_64.h:181
_SEH2_EXCEPT
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:82
_SEH2_END
#define _SEH2_END
Definition: pseh2_64.h:171
_SEH2_TRY
#define _SEH2_TRY
Definition: pseh2_64.h:71
_SEH2_YIELD
#define _SEH2_YIELD(__stmt)
Definition: pseh2_64.h:184
ProbeForWriteUlong
#define ProbeForWriteUlong(Ptr)
Definition: probe.h:36
_OBJECT_HEADER
Definition: obtypes.h:486
_OBJECT_TYPE
Definition: obtypes.h:380
ULONG
uint32_t ULONG
Definition: typedefs.h:59
Object
_Must_inspect_result_ _In_ WDFCOLLECTION _In_ WDFOBJECT Object
Definition: wdfcollection.h:123
ResultLength
_Must_inspect_result_ _In_ WDFDEVICE _In_ DEVICE_REGISTRY_PROPERTY _In_ ULONG _Out_ PULONG ResultLength
Definition: wdfdevice.h:3782
DesiredAccess
_Must_inspect_result_ _In_ WDFDEVICE _In_ ULONG _In_ ACCESS_MASK DesiredAccess
Definition: wdfdevice.h:2664
SecurityDescriptor
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:191
KPROCESSOR_MODE
CCHAR KPROCESSOR_MODE
Definition: ketypes.h:7
ObDereferenceObject
#define ObDereferenceObject
Definition: obfuncs.h:203

Referenced by AccRewriteGetHandleRights(), get_security_descriptor(), GetFileSecurityW(), GetKernelObjectSecurity(), GetUserObjectSecurity(), RegGetKeySecurity(), RegQueryInfoKeyW(), and test_security_info().

◆ NtSetSecurityObject()

NTSTATUS NTAPI NtSetSecurityObject ( IN HANDLE  Handle,
IN SECURITY_INFORMATION  SecurityInformation,
IN PSECURITY_DESCRIPTOR  SecurityDescriptor 
)

Definition at line 903 of file obsecure.c.

906{
907 KPROCESSOR_MODE PreviousMode = ExGetPreviousMode();
908 PVOID Object;
909 SECURITY_DESCRIPTOR_RELATIVE *CapturedDescriptor;
910 ACCESS_MASK DesiredAccess = 0;
911 NTSTATUS Status;
912 PAGED_CODE();
913
914 /* Make sure the caller doesn't pass a NULL security descriptor! */
915 if (!SecurityDescriptor) return STATUS_ACCESS_VIOLATION;
916
917 /* Set the required access rights for the operation */
918 SeSetSecurityAccessMask(SecurityInformation, &DesiredAccess);
919
920 /* Reference the object */
921 Status = ObReferenceObjectByHandle(Handle,
922 DesiredAccess,
923 NULL,
924 PreviousMode,
925 &Object,
926 NULL);
927 if (NT_SUCCESS(Status))
928 {
929 /* Capture and make a copy of the security descriptor */
930 Status = SeCaptureSecurityDescriptor(SecurityDescriptor,
931 PreviousMode,
932 PagedPool,
933 TRUE,
934 (PSECURITY_DESCRIPTOR*)
935 &CapturedDescriptor);
936 if (!NT_SUCCESS(Status))
937 {
938 /* Fail */
939 ObDereferenceObject(Object);
940 return Status;
941 }
942
943 /* Sanity check */
944 ASSERT(CapturedDescriptor->Control & SE_SELF_RELATIVE);
945
946 /*
947 * Make sure the security descriptor passed by the caller
948 * is valid for the operation we're about to perform
949 */
950 if (((SecurityInformation & OWNER_SECURITY_INFORMATION) &&
951 !(CapturedDescriptor->Owner)) ||
952 ((SecurityInformation & GROUP_SECURITY_INFORMATION) &&
953 !(CapturedDescriptor->Group)))
954 {
955 /* Set the failure status */
956 Status = STATUS_INVALID_SECURITY_DESCR;
957 }
958 else
959 {
960 /* Set security */
961 Status = ObSetSecurityObjectByPointer(Object,
962 SecurityInformation,
963 CapturedDescriptor);
964 }
965
966 /* Release the descriptor and return status */
967 SeReleaseSecurityDescriptor((PSECURITY_DESCRIPTOR)CapturedDescriptor,
968 PreviousMode,
969 TRUE);
970
971 /* Now we can dereference the object */
972 ObDereferenceObject(Object);
973 }
974
975 return Status;
976}
TRUE
#define TRUE
Definition: types.h:120
PagedPool
#define PagedPool
Definition: env_spec_w32.h:308
STATUS_ACCESS_VIOLATION
#define STATUS_ACCESS_VIOLATION
Definition: fpEnumPrinters.c:23
ASSERT
#define ASSERT(a)
Definition: mode.c:44
SeSetSecurityAccessMask
VOID NTAPI SeSetSecurityAccessMask(_In_ SECURITY_INFORMATION SecurityInformation, _Out_ PACCESS_MASK DesiredAccess)
Sets the access mask for a security information context.
Definition: semgr.c:460
SeCaptureSecurityDescriptor
NTSTATUS NTAPI SeCaptureSecurityDescriptor(_In_ PSECURITY_DESCRIPTOR _OriginalSecurityDescriptor, _In_ KPROCESSOR_MODE CurrentMode, _In_ POOL_TYPE PoolType, _In_ BOOLEAN CaptureIfKernel, _Out_ PSECURITY_DESCRIPTOR *CapturedSecurityDescriptor)
Captures a security descriptor.
Definition: sd.c:386
SeReleaseSecurityDescriptor
NTSTATUS NTAPI SeReleaseSecurityDescriptor(_In_ PSECURITY_DESCRIPTOR CapturedSecurityDescriptor, _In_ KPROCESSOR_MODE CurrentMode, _In_ BOOLEAN CaptureIfKernelMode)
Releases a captured security descriptor buffer.
Definition: sd.c:760
STATUS_INVALID_SECURITY_DESCR
#define STATUS_INVALID_SECURITY_DESCR
Definition: ntstatus.h:451
ObSetSecurityObjectByPointer
NTSTATUS NTAPI ObSetSecurityObjectByPointer(IN PVOID Object, IN SECURITY_INFORMATION SecurityInformation, IN PSECURITY_DESCRIPTOR SecurityDescriptor)
Definition: obsecure.c:749
_SECURITY_DESCRIPTOR_RELATIVE
Definition: setypes.h:848
_SECURITY_DESCRIPTOR_RELATIVE::Control
SECURITY_DESCRIPTOR_CONTROL Control
Definition: setypes.h:851
_SECURITY_DESCRIPTOR_RELATIVE::Group
$ULONG Group
Definition: setypes.h:853
_SECURITY_DESCRIPTOR_RELATIVE::Owner
$ULONG Owner
Definition: setypes.h:852
_SECURITY_DESCRIPTOR
Definition: ms-dtyp.idl:301
OWNER_SECURITY_INFORMATION
#define OWNER_SECURITY_INFORMATION
Definition: setypes.h:123
SE_SELF_RELATIVE
#define SE_SELF_RELATIVE
Definition: setypes.h:846
GROUP_SECURITY_INFORMATION
#define GROUP_SECURITY_INFORMATION
Definition: setypes.h:124

◆ ObAssignObjectSecurityDescriptor()

NTSTATUS NTAPI ObAssignObjectSecurityDescriptor ( IN PVOID  Object,
IN PSECURITY_DESCRIPTOR SecurityDescriptor  OPTIONAL,
IN POOL_TYPE  PoolType 
)

Definition at line 20 of file obsecure.c.

23{
24 POBJECT_HEADER ObjectHeader;
25 NTSTATUS Status;
26 PSECURITY_DESCRIPTOR NewSd;
27 PEX_FAST_REF FastRef;
28 PAGED_CODE();
29
30 /* Get the object header */
31 ObjectHeader = OBJECT_TO_OBJECT_HEADER(Object);
32 FastRef = (PEX_FAST_REF)&ObjectHeader->SecurityDescriptor;
33 if (!SecurityDescriptor)
34 {
35 /* Nothing to assign */
36 ExInitializeFastReference(FastRef, NULL);
37 return STATUS_SUCCESS;
38 }
39
40 /* Add it to our internal cache */
41 Status = ObLogSecurityDescriptor(SecurityDescriptor,
42 &NewSd,
43 MAX_FAST_REFS + 1);
44 if (NT_SUCCESS(Status))
45 {
46 /* Free the old copy */
47 ExFreePoolWithTag(SecurityDescriptor, TAG_SD);
48
49 /* Set the new pointer */
50 ASSERT(NewSd);
51 ExInitializeFastReference(FastRef, NewSd);
52 }
53
54 /* Return status */
55 return Status;
56}
MAX_FAST_REFS
#define MAX_FAST_REFS
Definition: ex.h:136
ExInitializeFastReference
FORCEINLINE VOID ExInitializeFastReference(OUT PEX_FAST_REF FastRef, IN OPTIONAL PVOID Object)
Definition: ex.h:599
if
if(dx< 0)
Definition: linetemp.h:194
ExFreePoolWithTag
#define ExFreePoolWithTag(_P, _T)
Definition: module.h:1109
PEX_FAST_REF
struct _EX_FAST_REF * PEX_FAST_REF
ObLogSecurityDescriptor
NTSTATUS NTAPI ObLogSecurityDescriptor(IN PSECURITY_DESCRIPTOR InputSecurityDescriptor, OUT PSECURITY_DESCRIPTOR *OutputSecurityDescriptor, IN ULONG RefBias)
Definition: obsdcach.c:364
STATUS_SUCCESS
#define STATUS_SUCCESS
Definition: shellext.h:65
_EX_FAST_REF
Definition: extypes.h:590
_OBJECT_HEADER::SecurityDescriptor
PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: obtypes.h:503
TAG_SD
#define TAG_SD
Definition: tag.h:152

Referenced by SeDefaultObjectMethod(), and WmipSecurityMethod().

◆ ObAssignSecurity()

NTSTATUS NTAPI ObAssignSecurity ( IN PACCESS_STATE  AccessState,
IN PSECURITY_DESCRIPTOR  SecurityDescriptor,
IN PVOID  Object,
IN POBJECT_TYPE  Type 
)

Definition at line 550 of file obsecure.c.

554{
555 PSECURITY_DESCRIPTOR NewDescriptor;
556 NTSTATUS Status;
557 KIRQL CalloutIrql;
558 PAGED_CODE();
559
560 /* Build the new security descriptor */
561 Status = SeAssignSecurity(SecurityDescriptor,
562 AccessState->SecurityDescriptor,
563 &NewDescriptor,
564 (Type == ObpDirectoryObjectType),
565 &AccessState->SubjectSecurityContext,
566 &Type->TypeInfo.GenericMapping,
567 PagedPool);
568 if (!NT_SUCCESS(Status)) return Status;
569
570 /* Call the security method */
571 ObpCalloutStart(&CalloutIrql);
572 Status = Type->TypeInfo.SecurityProcedure(Object,
573 AssignSecurityDescriptor,
574 NULL,
575 NewDescriptor,
576 NULL,
577 NULL,
578 PagedPool,
579 &Type->TypeInfo.GenericMapping);
580 ObpCalloutEnd(CalloutIrql, "Security", Type, Object);
581
582 /* Check for failure and deassign security if so */
583 if (!NT_SUCCESS(Status)) SeDeassignSecurity(&NewDescriptor);
584
585 /* Return to caller */
586 return Status;
587}
ObpDirectoryObjectType
#define ObpDirectoryObjectType
Definition: ObTypes.c:118
KIRQL
UCHAR KIRQL
Definition: env_spec_w32.h:591
ObpCalloutStart
FORCEINLINE VOID ObpCalloutStart(IN PKIRQL CalloutIrql)
Definition: ob_x.h:497
ObpCalloutEnd
FORCEINLINE VOID ObpCalloutEnd(IN KIRQL CalloutIrql, IN PCHAR Procedure, IN POBJECT_TYPE ObjectType, IN PVOID Object)
Definition: ob_x.h:505
AccessState
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE AccessState
Definition: sefuncs.h:417
NewDescriptor
_In_opt_ PSECURITY_DESCRIPTOR _Out_ PSECURITY_DESCRIPTOR * NewDescriptor
Definition: sefuncs.h:30

Referenced by IntAssignDesktopSecurityOnParse(), and ObInsertObject().

◆ ObCheckCreateObjectAccess()

BOOLEAN NTAPI ObCheckCreateObjectAccess ( IN PVOID  Object,
IN ACCESS_MASK  CreateAccess,
IN PACCESS_STATE  AccessState,
IN PUNICODE_STRING  ComponentName,
IN BOOLEAN  LockHeld,
IN KPROCESSOR_MODE  AccessMode,
OUT PNTSTATUS  AccessStatus 
)

Definition at line 203 of file obsecure.c.

210{
211 POBJECT_HEADER ObjectHeader;
212 POBJECT_TYPE ObjectType;
213 PSECURITY_DESCRIPTOR SecurityDescriptor = NULL;
214 BOOLEAN SdAllocated;
215 BOOLEAN Result = TRUE;
216 ACCESS_MASK GrantedAccess = 0;
217 PPRIVILEGE_SET Privileges = NULL;
218 NTSTATUS Status;
219 PAGED_CODE();
220
221 /* Get the header and type */
222 ObjectHeader = OBJECT_TO_OBJECT_HEADER(Object);
223 ObjectType = ObjectHeader->Type;
224
225 /* Get the security descriptor */
226 Status = ObGetObjectSecurity(Object, &SecurityDescriptor, &SdAllocated);
227 if (!NT_SUCCESS(Status))
228 {
229 /* We failed */
230 *AccessStatus = Status;
231 return FALSE;
232 }
233
234 /* Lock the security context */
235 SeLockSubjectContext(&AccessState->SubjectSecurityContext);
236
237 /* Check if we have an SD */
238 if (SecurityDescriptor)
239 {
240 /* Now do the entire access check */
241 Result = SeAccessCheck(SecurityDescriptor,
242 &AccessState->SubjectSecurityContext,
243 TRUE,
244 CreateAccess,
245 0,
246 &Privileges,
247 &ObjectType->TypeInfo.GenericMapping,
248 AccessMode,
249 &GrantedAccess,
250 AccessStatus);
251 if (Privileges)
252 {
253 /* We got privileges, append them to the access state and free them */
254 Status = SeAppendPrivileges(AccessState, Privileges);
255 SeFreePrivileges(Privileges);
256 }
257 }
258
259 /* We're done, unlock the context and release security */
260 SeUnlockSubjectContext(&AccessState->SubjectSecurityContext);
261 ObReleaseObjectSecurity(SecurityDescriptor, SdAllocated);
262 return Result;
263}
BOOLEAN
unsigned char BOOLEAN
Definition: ProcessorBind.h:185
SeAccessCheck
BOOLEAN NTAPI SeAccessCheck(_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext, _In_ BOOLEAN SubjectContextLocked, _In_ ACCESS_MASK DesiredAccess, _In_ ACCESS_MASK PreviouslyGrantedAccess, _Out_ PPRIVILEGE_SET *Privileges, _In_ PGENERIC_MAPPING GenericMapping, _In_ KPROCESSOR_MODE AccessMode, _Out_ PACCESS_MASK GrantedAccess, _Out_ PNTSTATUS AccessStatus)
Determines whether security access rights can be given to an object depending on the security descrip...
Definition: accesschk.c:1994
FALSE
#define FALSE
Definition: types.h:117
ObjectType
ObjectType
Definition: metafile.c:81
SeFreePrivileges
VOID NTAPI SeFreePrivileges(_In_ PPRIVILEGE_SET Privileges)
Frees a set of privileges.
Definition: priv.c:669
SeAppendPrivileges
NTSTATUS NTAPI SeAppendPrivileges(_Inout_ PACCESS_STATE AccessState, _In_ PPRIVILEGE_SET Privileges)
Appends additional privileges.
Definition: priv.c:588
ObGetObjectSecurity
NTSTATUS NTAPI ObGetObjectSecurity(IN PVOID Object, OUT PSECURITY_DESCRIPTOR *SecurityDescriptor, OUT PBOOLEAN MemoryAllocated)
Definition: obsecure.c:611
ObReleaseObjectSecurity
VOID NTAPI ObReleaseObjectSecurity(IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN BOOLEAN MemoryAllocated)
Definition: obsecure.c:709
_OBJECT_HEADER::Type
POBJECT_TYPE Type
Definition: obtypes.h:493
_PRIVILEGE_SET
Definition: setypes.h:85
SeLockSubjectContext
VOID NTAPI SeLockSubjectContext(_In_ PSECURITY_SUBJECT_CONTEXT SubjectContext)
Locks both the referenced primary and client access tokens of a security subject context.
Definition: subject.c:107
SeUnlockSubjectContext
VOID NTAPI SeUnlockSubjectContext(_In_ PSECURITY_SUBJECT_CONTEXT SubjectContext)
Unlocks both the referenced primary and client access tokens of a security subject context.
Definition: subject.c:138
Result
_At_(*)(_In_ PWSK_CLIENT Client, _In_opt_ PUNICODE_STRING NodeName, _In_opt_ PUNICODE_STRING ServiceName, _In_opt_ ULONG NameSpace, _In_opt_ GUID *Provider, _In_opt_ PADDRINFOEXW Hints, _Outptr_ PADDRINFOEXW *Result, _In_opt_ PEPROCESS OwningProcess, _In_opt_ PETHREAD OwningThread, _Inout_ PIRP Irp Result)(Mem)) NTSTATUS(WSKAPI *PFN_WSK_GET_ADDRESS_INFO
Definition: wsk.h:409
AccessMode
_In_ PEPROCESS _In_ KPROCESSOR_MODE AccessMode
Definition: mmfuncs.h:396
Privileges
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET * Privileges
Definition: sefuncs.h:17
AccessStatus
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK _Out_ PNTSTATUS AccessStatus
Definition: sefuncs.h:21
GrantedAccess
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK GrantedAccess
Definition: sefuncs.h:20

Referenced by ObpLookupObjectName().

◆ ObCheckObjectAccess()

BOOLEAN NTAPI ObCheckObjectAccess ( IN PVOID  Object,
IN OUT PACCESS_STATE  AccessState,
IN BOOLEAN  LockHeld,
IN KPROCESSOR_MODE  AccessMode,
OUT PNTSTATUS  ReturnedStatus 
)

Definition at line 441 of file obsecure.c.

446{
447 POBJECT_HEADER ObjectHeader;
448 POBJECT_TYPE ObjectType;
449 PSECURITY_DESCRIPTOR SecurityDescriptor = NULL;
450 BOOLEAN SdAllocated;
451 NTSTATUS Status;
452 BOOLEAN Result;
453 ACCESS_MASK GrantedAccess;
454 PPRIVILEGE_SET Privileges = NULL;
455 PAGED_CODE();
456
457 /* Get the object header and type */
458 ObjectHeader = OBJECT_TO_OBJECT_HEADER(Object);
459 ObjectType = ObjectHeader->Type;
460
461 /* Get security information */
462 Status = ObGetObjectSecurity(Object, &SecurityDescriptor, &SdAllocated);
463 if (!NT_SUCCESS(Status))
464 {
465 /* Return failure */
466 *ReturnedStatus = Status;
467 return FALSE;
468 }
469 else if (!SecurityDescriptor)
470 {
471 /* Otherwise, if we don't actually have an SD, return success */
472 *ReturnedStatus = Status;
473 return TRUE;
474 }
475
476 /* Lock the security context */
477 SeLockSubjectContext(&AccessState->SubjectSecurityContext);
478
479 /* Now do the entire access check */
480 Result = SeAccessCheck(SecurityDescriptor,
481 &AccessState->SubjectSecurityContext,
482 TRUE,
483 AccessState->RemainingDesiredAccess,
484 AccessState->PreviouslyGrantedAccess,
485 &Privileges,
486 &ObjectType->TypeInfo.GenericMapping,
487 AccessMode,
488 &GrantedAccess,
489 ReturnedStatus);
490 if (Privileges)
491 {
492 /* We got privileges, append them to the access state and free them */
493 Status = SeAppendPrivileges(AccessState, Privileges);
494 SeFreePrivileges(Privileges);
495 }
496
497 /* Check if access was granted */
498 if (Result)
499 {
500 /* Update the access state */
501 AccessState->RemainingDesiredAccess &= ~(GrantedAccess |
502 MAXIMUM_ALLOWED);
503 AccessState->PreviouslyGrantedAccess |= GrantedAccess;
504 }
505
506 /* Do audit alarm */
507 SeOpenObjectAuditAlarm(&ObjectType->Name,
508 Object,
509 NULL,
510 SecurityDescriptor,
511 AccessState,
512 FALSE,
513 Result,
514 AccessMode,
515 &AccessState->GenerateOnClose);
516
517 /* We're done, unlock the context and release security */
518 SeUnlockSubjectContext(&AccessState->SubjectSecurityContext);
519 ObReleaseObjectSecurity(SecurityDescriptor, SdAllocated);
520 return Result;
521}
MAXIMUM_ALLOWED
#define MAXIMUM_ALLOWED
Definition: nt_native.h:83
SeOpenObjectAuditAlarm
VOID NTAPI SeOpenObjectAuditAlarm(_In_ PUNICODE_STRING ObjectTypeName, _In_opt_ PVOID Object, _In_opt_ PUNICODE_STRING AbsoluteObjectName, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ PACCESS_STATE AccessState, _In_ BOOLEAN ObjectCreated, _In_ BOOLEAN AccessGranted, _In_ KPROCESSOR_MODE AccessMode, _Out_ PBOOLEAN GenerateOnClose)
Creates an audit with alarm notification of an object that is being opened.
Definition: audit.c:1213

Referenced by CmpDoOpen(), and ObpIncrementHandleCount().

◆ ObDeassignSecurity()

NTSTATUS NTAPI ObDeassignSecurity ( IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor)

Definition at line 60 of file obsecure.c.

61{
62 EX_FAST_REF FastRef;
63 ULONG Count;
64 PSECURITY_DESCRIPTOR OldSecurityDescriptor;
65
66 /* Get the fast reference and capture it */
67 FastRef = *(PEX_FAST_REF)SecurityDescriptor;
68
69 /* Don't free again later */
70 *SecurityDescriptor = NULL;
71
72 /* Get the descriptor and reference count */
73 OldSecurityDescriptor = ExGetObjectFastReference(FastRef);
74 Count = ExGetCountFastReference(FastRef);
75
76 /* Dereference the descriptor */
77 ObDereferenceSecurityDescriptor(OldSecurityDescriptor, Count + 1);
78
79 /* All done */
80 return STATUS_SUCCESS;
81}
ExGetCountFastReference
FORCEINLINE ULONG ExGetCountFastReference(IN EX_FAST_REF FastRef)
Definition: ex.h:591
ExGetObjectFastReference
FORCEINLINE PVOID ExGetObjectFastReference(IN EX_FAST_REF FastRef)
Definition: ex.h:583
Count
int Count
Definition: noreturn.cpp:7
ObDereferenceSecurityDescriptor
VOID NTAPI ObDereferenceSecurityDescriptor(IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN ULONG Count)
Definition: obsdcach.c:287

Referenced by SeDefaultObjectMethod(), and WmipSecurityMethod().

◆ ObGetObjectSecurity()

NTSTATUS NTAPI ObGetObjectSecurity ( IN PVOID  Object,
OUT PSECURITY_DESCRIPTOR SecurityDescriptor,
OUT PBOOLEAN  MemoryAllocated 
)

Definition at line 611 of file obsecure.c.

614{
615 POBJECT_HEADER Header;
616 POBJECT_TYPE Type;
617 ULONG Length = 0;
618 NTSTATUS Status;
619 SECURITY_INFORMATION SecurityInformation;
620 KIRQL CalloutIrql;
621 PAGED_CODE();
622
623 /* Get the object header and type */
624 Header = OBJECT_TO_OBJECT_HEADER(Object);
625 Type = Header->Type;
626
627 /* Tell the caller that we didn't have to allocate anything yet */
628 *MemoryAllocated = FALSE;
629
630 /* Check if the object uses default security */
631 if (Type->TypeInfo.SecurityProcedure == SeDefaultObjectMethod)
632 {
633 /* Reference the descriptor */
634 *SecurityDescriptor = ObpReferenceSecurityDescriptor(Header);
635 return STATUS_SUCCESS;
636 }
637
638 /* Set mask to query */
639 SecurityInformation = OWNER_SECURITY_INFORMATION |
640 GROUP_SECURITY_INFORMATION |
641 DACL_SECURITY_INFORMATION |
642 SACL_SECURITY_INFORMATION;
643
644 /* Get the security descriptor size */
645 ObpCalloutStart(&CalloutIrql);
646 Status = Type->TypeInfo.SecurityProcedure(Object,
647 QuerySecurityDescriptor,
648 &SecurityInformation,
649 *SecurityDescriptor,
650 &Length,
651 &Header->SecurityDescriptor,
652 Type->TypeInfo.PoolType,
653 &Type->TypeInfo.GenericMapping);
654 ObpCalloutEnd(CalloutIrql, "Security", Type, Object);
655
656 /* Check for failure */
657 if (Status != STATUS_BUFFER_TOO_SMALL) return Status;
658
659 /* Allocate security descriptor */
660 *SecurityDescriptor = ExAllocatePoolWithTag(PagedPool,
661 Length,
662 TAG_SEC_QUERY);
663 if (!(*SecurityDescriptor)) return STATUS_INSUFFICIENT_RESOURCES;
664 *MemoryAllocated = TRUE;
665
666 /* Query security descriptor */
667 ObpCalloutStart(&CalloutIrql);
668 Status = Type->TypeInfo.SecurityProcedure(Object,
669 QuerySecurityDescriptor,
670 &SecurityInformation,
671 *SecurityDescriptor,
672 &Length,
673 &Header->SecurityDescriptor,
674 Type->TypeInfo.PoolType,
675 &Type->TypeInfo.GenericMapping);
676 ObpCalloutEnd(CalloutIrql, "Security", Type, Object);
677
678 /* Check for failure */
679 if (!NT_SUCCESS(Status))
680 {
681 /* Free the descriptor and tell the caller we failed */
682 ExFreePoolWithTag(*SecurityDescriptor, TAG_SEC_QUERY);
683 *MemoryAllocated = FALSE;
684 }
685
686 /* Return status */
687 return Status;
688}
SeDefaultObjectMethod
static OB_SECURITY_METHOD SeDefaultObjectMethod
Definition: ObTypes.c:134
ExAllocatePoolWithTag
#define ExAllocatePoolWithTag(hernya, size, tag)
Definition: env_spec_w32.h:350
SECURITY_INFORMATION
DWORD SECURITY_INFORMATION
Definition: ms-dtyp.idl:311
ObpReferenceSecurityDescriptor
PSECURITY_DESCRIPTOR NTAPI ObpReferenceSecurityDescriptor(IN POBJECT_HEADER ObjectHeader)
Definition: obsdcach.c:181
STATUS_BUFFER_TOO_SMALL
#define STATUS_BUFFER_TOO_SMALL
Definition: shellext.h:69
TAG_SEC_QUERY
#define TAG_SEC_QUERY
Definition: tag.h:120
STATUS_INSUFFICIENT_RESOURCES
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
MemoryAllocated
_Out_ PSECURITY_DESCRIPTOR _Out_ PBOOLEAN MemoryAllocated
Definition: obfuncs.h:24
DACL_SECURITY_INFORMATION
#define DACL_SECURITY_INFORMATION
Definition: setypes.h:125
SACL_SECURITY_INFORMATION
#define SACL_SECURITY_INFORMATION
Definition: setypes.h:126

Referenced by CreateDeviceSecurityDescriptor(), IntAssignDesktopSecurityOnParse(), ObCheckCreateObjectAccess(), ObCheckObjectAccess(), ObInsertObject(), ObpCheckObjectReference(), ObpCheckTraverseAccess(), PspCreateProcess(), PspCreateThread(), PspSetPrimaryToken(), and TestObRootSecurity().

◆ ObpCheckObjectReference()

BOOLEAN NTAPI ObpCheckObjectReference ( IN PVOID  Object,
IN OUT PACCESS_STATE  AccessState,
IN BOOLEAN  LockHeld,
IN KPROCESSOR_MODE  AccessMode,
OUT PNTSTATUS  AccessStatus 
)

Definition at line 340 of file obsecure.c.

345{
346 POBJECT_HEADER ObjectHeader;
347 POBJECT_TYPE ObjectType;
348 PSECURITY_DESCRIPTOR SecurityDescriptor = NULL;
349 BOOLEAN SdAllocated;
350 BOOLEAN Result;
351 ACCESS_MASK GrantedAccess = 0;
352 PPRIVILEGE_SET Privileges = NULL;
353 NTSTATUS Status;
354 PAGED_CODE();
355
356 /* Get the header and type */
357 ObjectHeader = OBJECT_TO_OBJECT_HEADER(Object);
358 ObjectType = ObjectHeader->Type;
359
360 /* Get the security descriptor */
361 Status = ObGetObjectSecurity(Object, &SecurityDescriptor, &SdAllocated);
362 if (!NT_SUCCESS(Status))
363 {
364 /* We failed */
365 *AccessStatus = Status;
366 return FALSE;
367 }
368
369 /* Lock the security context */
370 SeLockSubjectContext(&AccessState->SubjectSecurityContext);
371
372 /* Now do the entire access check */
373 Result = SeAccessCheck(SecurityDescriptor,
374 &AccessState->SubjectSecurityContext,
375 TRUE,
376 AccessState->RemainingDesiredAccess,
377 AccessState->PreviouslyGrantedAccess,
378 &Privileges,
379 &ObjectType->TypeInfo.GenericMapping,
380 AccessMode,
381 &GrantedAccess,
382 AccessStatus);
383 if (Result)
384 {
385 /* Update the access state */
386 AccessState->RemainingDesiredAccess &= ~GrantedAccess;
387 AccessState->PreviouslyGrantedAccess |= GrantedAccess;
388 }
389
390 /* Check if we have an SD */
391 if (SecurityDescriptor)
392 {
393 /* Do audit alarm */
394#if 0
395 SeObjectReferenceAuditAlarm(&AccessState->OperationID,
396 Object,
397 SecurityDescriptor,
398 &AccessState->SubjectSecurityContext,
399 AccessState->RemainingDesiredAccess |
400 AccessState->PreviouslyGrantedAccess,
401 ((PAUX_ACCESS_DATA)(AccessState->AuxData))->
402 PrivilegeSet,
403 Result,
404 AccessMode);
405#endif
406 }
407
408 /* We're done, unlock the context and release security */
409 SeUnlockSubjectContext(&AccessState->SubjectSecurityContext);
410 ObReleaseObjectSecurity(SecurityDescriptor, SdAllocated);
411 return Result;
412}
_AUX_ACCESS_DATA
Definition: setypes.h:257

Referenced by ObReferenceObjectByName().

◆ ObpCheckTraverseAccess()

BOOLEAN NTAPI ObpCheckTraverseAccess ( IN PVOID  Object,
IN ACCESS_MASK  TraverseAccess,
IN PACCESS_STATE AccessState  OPTIONAL,
IN BOOLEAN  LockHeld,
IN KPROCESSOR_MODE  AccessMode,
OUT PNTSTATUS  AccessStatus 
)

Definition at line 267 of file obsecure.c.

273{
274 POBJECT_HEADER ObjectHeader;
275 POBJECT_TYPE ObjectType;
276 PSECURITY_DESCRIPTOR SecurityDescriptor = NULL;
277 BOOLEAN SdAllocated;
278 BOOLEAN Result;
279 ACCESS_MASK GrantedAccess = 0;
280 PPRIVILEGE_SET Privileges = NULL;
281 NTSTATUS Status;
282 PAGED_CODE();
283
284 /* Get the header and type */
285 ObjectHeader = OBJECT_TO_OBJECT_HEADER(Object);
286 ObjectType = ObjectHeader->Type;
287
288 /* Get the security descriptor */
289 Status = ObGetObjectSecurity(Object, &SecurityDescriptor, &SdAllocated);
290 if (!NT_SUCCESS(Status))
291 {
292 /* We failed */
293 *AccessStatus = Status;
294 return FALSE;
295 }
296
297 /* First try to perform a fast traverse check
298 * If it fails, then the entire access check will
299 * have to be done.
300 */
301 Result = SeFastTraverseCheck(SecurityDescriptor,
302 AccessState,
303 FILE_WRITE_DATA,
304 AccessMode);
305 if (Result)
306 {
307 ObReleaseObjectSecurity(SecurityDescriptor, SdAllocated);
308 return TRUE;
309 }
310
311 /* Lock the security context */
312 SeLockSubjectContext(&AccessState->SubjectSecurityContext);
313
314 /* Now do the entire access check */
315 Result = SeAccessCheck(SecurityDescriptor,
316 &AccessState->SubjectSecurityContext,
317 TRUE,
318 TraverseAccess,
319 0,
320 &Privileges,
321 &ObjectType->TypeInfo.GenericMapping,
322 AccessMode,
323 &GrantedAccess,
324 AccessStatus);
325 if (Privileges)
326 {
327 /* We got privileges, append them to the access state and free them */
328 Status = SeAppendPrivileges(AccessState, Privileges);
329 SeFreePrivileges(Privileges);
330 }
331
332 /* We're done, unlock the context and release security */
333 SeUnlockSubjectContext(&AccessState->SubjectSecurityContext);
334 ObReleaseObjectSecurity(SecurityDescriptor, SdAllocated);
335 return Result;
336}
FILE_WRITE_DATA
#define FILE_WRITE_DATA
Definition: nt_native.h:631
SeFastTraverseCheck
BOOLEAN NTAPI SeFastTraverseCheck(_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ PACCESS_STATE AccessState, _In_ ACCESS_MASK DesiredAccess, _In_ KPROCESSOR_MODE AccessMode)
Determines whether security access rights can be given to an object depending on the security descrip...
Definition: accesschk.c:2138

Referenced by ObpLookupObjectName().

◆ ObQueryObjectAuditingByHandle()

NTSTATUS NTAPI ObQueryObjectAuditingByHandle ( IN HANDLE  Handle,
OUT PBOOLEAN  GenerateOnClose 
)

Definition at line 997 of file obsecure.c.

999{
1000 PHANDLE_TABLE_ENTRY HandleEntry;
1001 PVOID HandleTable;
1002 NTSTATUS Status = STATUS_SUCCESS;
1003 PAGED_CODE();
1004
1005 /* Check if we're dealing with a kernel handle */
1006 if (ObpIsKernelHandle(Handle, ExGetPreviousMode()))
1007 {
1008 /* Use the kernel table and convert the handle */
1009 HandleTable = ObpKernelHandleTable;
1010 Handle = ObKernelHandleToHandle(Handle);
1011 }
1012 else
1013 {
1014 /* Use the process's handle table */
1015 HandleTable = PsGetCurrentProcess()->ObjectTable;
1016 }
1017
1018 /* Enter a critical region while we touch the handle table */
1019 KeEnterCriticalRegion();
1020
1021 /* Map the handle */
1022 HandleEntry = ExMapHandleToPointer(HandleTable, Handle);
1023 if(HandleEntry)
1024 {
1025 /* Check if the flag is set */
1026 *GenerateOnClose = HandleEntry->ObAttributes & OBJ_AUDIT_OBJECT_CLOSE;
1027
1028 /* Unlock the entry */
1029 ExUnlockHandleTableEntry(HandleTable, HandleEntry);
1030 }
1031 else
1032 {
1033 /* Otherwise, fail */
1034 Status = STATUS_INVALID_HANDLE;
1035 }
1036
1037 /* Leave the critical region and return the status */
1038 KeLeaveCriticalRegion();
1039 return Status;
1040}
STATUS_INVALID_HANDLE
#define STATUS_INVALID_HANDLE
Definition: d3dkmdt.h:40
HandleTable
static XMS_HANDLE HandleTable[XMS_MAX_HANDLES]
Definition: himem.c:83
KeLeaveCriticalRegion
#define KeLeaveCriticalRegion()
Definition: ke_x.h:119
KeEnterCriticalRegion
#define KeEnterCriticalRegion()
Definition: ke_x.h:88
ExMapHandleToPointer
PHANDLE_TABLE_ENTRY NTAPI ExMapHandleToPointer(IN PHANDLE_TABLE HandleTable, IN HANDLE Handle)
Definition: handle.c:1046
ExUnlockHandleTableEntry
VOID NTAPI ExUnlockHandleTableEntry(IN PHANDLE_TABLE HandleTable, IN PHANDLE_TABLE_ENTRY HandleTableEntry)
Definition: handle.c:923
ObpKernelHandleTable
PHANDLE_TABLE ObpKernelHandleTable
Definition: obhandle.c:20
ObpIsKernelHandle
#define ObpIsKernelHandle(Handle, ProcessorMode)
Definition: ob.h:74
ObKernelHandleToHandle
#define ObKernelHandleToHandle(Handle)
Definition: ob.h:83
OBJ_AUDIT_OBJECT_CLOSE
#define OBJ_AUDIT_OBJECT_CLOSE
Definition: ob.h:51
_HANDLE_TABLE_ENTRY
Definition: extypes.h:767
_HANDLE_TABLE_ENTRY::ObAttributes
ULONG_PTR ObAttributes
Definition: extypes.h:771
PsGetCurrentProcess
#define PsGetCurrentProcess
Definition: psfuncs.h:17
GenerateOnClose
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE _In_ BOOLEAN _In_ BOOLEAN _In_ KPROCESSOR_MODE _In_opt_ GUID _Out_ PBOOLEAN GenerateOnClose
Definition: sefuncs.h:422

◆ ObQuerySecurityDescriptorInfo()

NTSTATUS NTAPI ObQuerySecurityDescriptorInfo ( IN PVOID  Object,
IN PSECURITY_INFORMATION  SecurityInformation,
OUT PSECURITY_DESCRIPTOR  SecurityDescriptor,
IN OUT PULONG  Length,
IN PSECURITY_DESCRIPTOR OutputSecurityDescriptor 
)

Definition at line 85 of file obsecure.c.

90{
91 POBJECT_HEADER ObjectHeader;
92 NTSTATUS Status;
93 PSECURITY_DESCRIPTOR ObjectSd;
94 PAGED_CODE();
95
96 /* Get the object header */
97 ObjectHeader = OBJECT_TO_OBJECT_HEADER(Object);
98
99 /* Get the SD */
100 ObjectSd = ObpReferenceSecurityDescriptor(ObjectHeader);
101
102 /* Query the information */
103 Status = SeQuerySecurityDescriptorInfo(SecurityInformation,
104 SecurityDescriptor,
105 Length,
106 &ObjectSd);
107
108 /* Check if we have an object SD and dereference it, if so */
109 if (ObjectSd) ObDereferenceSecurityDescriptor(ObjectSd, 1);
110
111 /* Return status */
112 return Status;
113}
SeQuerySecurityDescriptorInfo
NTKERNELAPI NTSTATUS NTAPI SeQuerySecurityDescriptorInfo(_In_ PSECURITY_INFORMATION SecurityInformation, _Out_writes_bytes_(*Length) PSECURITY_DESCRIPTOR SecurityDescriptor, _Inout_ PULONG Length, _Inout_ PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor)

Referenced by SeDefaultObjectMethod(), and WmipSecurityMethod().

◆ ObReleaseObjectSecurity()

VOID NTAPI ObReleaseObjectSecurity ( IN PSECURITY_DESCRIPTOR  SecurityDescriptor,
IN BOOLEAN  MemoryAllocated 
)

Definition at line 709 of file obsecure.c.

711{
712 PAGED_CODE();
713
714 /* Nothing to do in this case */
715 if (!SecurityDescriptor) return;
716
717 /* Check if we had allocated it from memory */
718 if (MemoryAllocated)
719 {
720 /* Free it */
721 ExFreePoolWithTag(SecurityDescriptor, TAG_SEC_QUERY);
722 }
723 else
724 {
725 /* Otherwise this means we used an internal descriptor */
726 ObDereferenceSecurityDescriptor(SecurityDescriptor, 1);
727 }
728}

Referenced by CreateDeviceSecurityDescriptor(), IntAssignDesktopSecurityOnParse(), ObCheckCreateObjectAccess(), ObCheckObjectAccess(), ObInsertObject(), ObpCheckObjectReference(), ObpCheckTraverseAccess(), PspCreateProcess(), PspCreateThread(), PspSetPrimaryToken(), and TestObRootSecurity().

◆ ObSetSecurityDescriptorInfo()

NTSTATUS NTAPI ObSetSecurityDescriptorInfo ( IN PVOID  Object,
IN PSECURITY_INFORMATION  SecurityInformation,
IN OUT PSECURITY_DESCRIPTOR  SecurityDescriptor,
IN OUT PSECURITY_DESCRIPTOR OutputSecurityDescriptor,
IN POOL_TYPE  PoolType,
IN PGENERIC_MAPPING  GenericMapping 
)

Definition at line 117 of file obsecure.c.

123{
124 NTSTATUS Status;
125 POBJECT_HEADER ObjectHeader;
126 PSECURITY_DESCRIPTOR OldDescriptor, NewDescriptor, CachedDescriptor;
127 PEX_FAST_REF FastRef;
128 EX_FAST_REF OldValue;
129 ULONG Count;
130 PAGED_CODE();
131
132 /* Get the object header */
133 ObjectHeader = OBJECT_TO_OBJECT_HEADER(Object);
134 while (TRUE)
135 {
136 /* Reference the old descriptor */
137 OldDescriptor = ObpReferenceSecurityDescriptor(ObjectHeader);
138 NewDescriptor = OldDescriptor;
139
140 /* Set the SD information */
141 Status = SeSetSecurityDescriptorInfo(Object,
142 SecurityInformation,
143 SecurityDescriptor,
144 &NewDescriptor,
145 PoolType,
146 GenericMapping);
147 if (!NT_SUCCESS(Status))
148 {
149 /* We failed, dereference the old one */
150 if (OldDescriptor) ObDereferenceSecurityDescriptor(OldDescriptor, 1);
151 break;
152 }
153
154 /* Now add this to the cache */
155 Status = ObLogSecurityDescriptor(NewDescriptor,
156 &CachedDescriptor,
157 MAX_FAST_REFS + 1);
158
159 /* Let go of our uncached copy */
160 ExFreePool(NewDescriptor);
161
162 /* Check for success */
163 if (!NT_SUCCESS(Status))
164 {
165 /* We failed, dereference the old one */
166 ObDereferenceSecurityDescriptor(OldDescriptor, 1);
167 break;
168 }
169
170 /* Do the swap */
171 FastRef = (PEX_FAST_REF)OutputSecurityDescriptor;
172 OldValue = ExCompareSwapFastReference(FastRef,
173 CachedDescriptor,
174 OldDescriptor);
175
176 /* Make sure the swap worked */
177 if (ExGetObjectFastReference(OldValue) == OldDescriptor)
178 {
179 /* Flush waiters */
180 ObpAcquireObjectLock(ObjectHeader);
181 ObpReleaseObjectLock(ObjectHeader);
182
183 /* And dereference the old one */
184 Count = ExGetCountFastReference(OldValue);
185 ObDereferenceSecurityDescriptor(OldDescriptor, Count + 2);
186 break;
187 }
188 else
189 {
190 /* Someone changed it behind our back -- try again */
191 ObDereferenceSecurityDescriptor(OldDescriptor, 1);
192 ObDereferenceSecurityDescriptor(CachedDescriptor,
193 MAX_FAST_REFS + 1);
194 }
195 }
196
197 /* Return status */
198 return Status;
199}
GenericMapping
static GENERIC_MAPPING GenericMapping
Definition: SeInheritance.c:11
ExFreePool
#define ExFreePool(addr)
Definition: env_spec_w32.h:352
ExCompareSwapFastReference
FORCEINLINE EX_FAST_REF ExCompareSwapFastReference(IN PEX_FAST_REF FastRef, IN PVOID Object, IN PVOID OldObject)
Definition: ex.h:750
ObpAcquireObjectLock
FORCEINLINE VOID ObpAcquireObjectLock(IN POBJECT_HEADER ObjectHeader)
Definition: ob_x.h:48
ObpReleaseObjectLock
FORCEINLINE VOID ObpReleaseObjectLock(IN POBJECT_HEADER ObjectHeader)
Definition: ob_x.h:84
PoolType
_Must_inspect_result_ _In_ WDFDEVICE _In_ DEVICE_REGISTRY_PROPERTY _In_ _Strict_type_match_ POOL_TYPE PoolType
Definition: wdfdevice.h:3821
SeSetSecurityDescriptorInfo
NTKERNELAPI NTSTATUS NTAPI SeSetSecurityDescriptorInfo(_In_opt_ PVOID Object, _In_ PSECURITY_INFORMATION SecurityInformation, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _Inout_ PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor, _In_ POOL_TYPE PoolType, _In_ PGENERIC_MAPPING GenericMapping)

Referenced by SeDefaultObjectMethod(), and WmipSecurityMethod().

◆ ObSetSecurityObjectByPointer()

NTSTATUS NTAPI ObSetSecurityObjectByPointer ( IN PVOID  Object,
IN SECURITY_INFORMATION  SecurityInformation,
IN PSECURITY_DESCRIPTOR  SecurityDescriptor 
)

Definition at line 749 of file obsecure.c.

752{
753 POBJECT_TYPE Type;
754 POBJECT_HEADER Header;
755 PAGED_CODE();
756
757 /* Get the header and type */
758 Header = OBJECT_TO_OBJECT_HEADER(Object);
759 Type = Header->Type;
760
761 /* Sanity check */
762 ASSERT(SecurityDescriptor);
763
764 /* Call the security procedure */
765 return Type->TypeInfo.SecurityProcedure(Object,
766 SetSecurityDescriptor,
767 &SecurityInformation,
768 SecurityDescriptor,
769 NULL,
770 &Header->SecurityDescriptor,
771 Type->TypeInfo.PoolType,
772 &Type->TypeInfo.GenericMapping);
773}

Referenced by NtSetSecurityObject(), and TiSetupTcpDeviceSD().