ReactOS 0.4.15-dev-5664-g3bf4ef6
obsecure.c File Reference
#include <ntoskrnl.h>
#include <debug.h>
Include dependency graph for obsecure.c:

Go to the source code of this file.

Macros

#define NDEBUG
 

Functions

NTSTATUS NTAPI ObAssignObjectSecurityDescriptor (IN PVOID Object, IN PSECURITY_DESCRIPTOR SecurityDescriptor OPTIONAL, IN POOL_TYPE PoolType)
 
NTSTATUS NTAPI ObDeassignSecurity (IN OUT PSECURITY_DESCRIPTOR *SecurityDescriptor)
 
NTSTATUS NTAPI ObQuerySecurityDescriptorInfo (IN PVOID Object, IN PSECURITY_INFORMATION SecurityInformation, OUT PSECURITY_DESCRIPTOR SecurityDescriptor, IN OUT PULONG Length, IN PSECURITY_DESCRIPTOR *OutputSecurityDescriptor)
 
NTSTATUS NTAPI ObSetSecurityDescriptorInfo (IN PVOID Object, IN PSECURITY_INFORMATION SecurityInformation, IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor, IN OUT PSECURITY_DESCRIPTOR *OutputSecurityDescriptor, IN POOL_TYPE PoolType, IN PGENERIC_MAPPING GenericMapping)
 
BOOLEAN NTAPI ObCheckCreateObjectAccess (IN PVOID Object, IN ACCESS_MASK CreateAccess, IN PACCESS_STATE AccessState, IN PUNICODE_STRING ComponentName, IN BOOLEAN LockHeld, IN KPROCESSOR_MODE AccessMode, OUT PNTSTATUS AccessStatus)
 
BOOLEAN NTAPI ObpCheckTraverseAccess (IN PVOID Object, IN ACCESS_MASK TraverseAccess, IN PACCESS_STATE AccessState OPTIONAL, IN BOOLEAN LockHeld, IN KPROCESSOR_MODE AccessMode, OUT PNTSTATUS AccessStatus)
 
BOOLEAN NTAPI ObpCheckObjectReference (IN PVOID Object, IN OUT PACCESS_STATE AccessState, IN BOOLEAN LockHeld, IN KPROCESSOR_MODE AccessMode, OUT PNTSTATUS AccessStatus)
 
BOOLEAN NTAPI ObCheckObjectAccess (IN PVOID Object, IN OUT PACCESS_STATE AccessState, IN BOOLEAN LockHeld, IN KPROCESSOR_MODE AccessMode, OUT PNTSTATUS ReturnedStatus)
 
NTSTATUS NTAPI ObAssignSecurity (IN PACCESS_STATE AccessState, IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN PVOID Object, IN POBJECT_TYPE Type)
 
NTSTATUS NTAPI ObGetObjectSecurity (IN PVOID Object, OUT PSECURITY_DESCRIPTOR *SecurityDescriptor, OUT PBOOLEAN MemoryAllocated)
 
VOID NTAPI ObReleaseObjectSecurity (IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN BOOLEAN MemoryAllocated)
 
NTSTATUS NTAPI ObSetSecurityObjectByPointer (IN PVOID Object, IN SECURITY_INFORMATION SecurityInformation, IN PSECURITY_DESCRIPTOR SecurityDescriptor)
 
NTSTATUS NTAPI NtQuerySecurityObject (IN HANDLE Handle, IN SECURITY_INFORMATION SecurityInformation, OUT PSECURITY_DESCRIPTOR SecurityDescriptor, IN ULONG Length, OUT PULONG ResultLength)
 
NTSTATUS NTAPI NtSetSecurityObject (IN HANDLE Handle, IN SECURITY_INFORMATION SecurityInformation, IN PSECURITY_DESCRIPTOR SecurityDescriptor)
 
NTSTATUS NTAPI ObQueryObjectAuditingByHandle (IN HANDLE Handle, OUT PBOOLEAN GenerateOnClose)
 

Macro Definition Documentation

◆ NDEBUG

#define NDEBUG

Definition at line 13 of file obsecure.c.

Function Documentation

◆ NtQuerySecurityObject()

NTSTATUS NTAPI NtQuerySecurityObject ( IN HANDLE  Handle,
IN SECURITY_INFORMATION  SecurityInformation,
OUT PSECURITY_DESCRIPTOR  SecurityDescriptor,
IN ULONG  Length,
OUT PULONG  ResultLength 
)

Definition at line 803 of file obsecure.c.

808{
815 PAGED_CODE();
816
817 /* Check if we came from user mode */
819 {
820 /* Enter SEH */
822 {
823 /* Probe the SD and the length pointer */
826 }
828 {
829 /* Return the exception code */
831 }
832 _SEH2_END;
833 }
834
835 /* Get the required access rights for the operation */
837
838 /* Reference the object */
841 NULL,
843 &Object,
844 NULL);
845 if (!NT_SUCCESS(Status)) return Status;
846
847 /* Get the Object Header and Type */
849 Type = Header->Type;
850
851 /* Call the security procedure's query function */
852 Status = Type->TypeInfo.SecurityProcedure(Object,
853 QuerySecurityDescriptor,
856 &Length,
857 &Header->SecurityDescriptor,
858 Type->TypeInfo.PoolType,
859 &Type->TypeInfo.GenericMapping);
860
861 /* Dereference the object */
863
864 /* Protect write with SEH */
866 {
867 /* Return the needed length */
869 }
871 {
872 /* Get the exception code */
874 }
875 _SEH2_END;
876
877 /* Return status */
878 return Status;
879}
#define PAGED_CODE()
Type
Definition: Type.h:7
LONG NTSTATUS
Definition: precomp.h:26
Definition: Header.h:9
#define NULL
Definition: types.h:112
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
#define ExGetPreviousMode
Definition: ex.h:139
VOID NTAPI ProbeForWrite(IN PVOID Address, IN SIZE_T Length, IN ULONG Alignment)
Definition: exintrin.c:143
#define _SEH2_END
Definition: filesup.c:22
#define _SEH2_TRY
Definition: filesup.c:19
_Must_inspect_result_ _In_ PFILE_OBJECT _In_ SECURITY_INFORMATION SecurityInformation
Definition: fltkernel.h:1340
ULONG Handle
Definition: gdb_input.c:15
Status
Definition: gdiplustypes.h:25
LONG NTAPI ExSystemExceptionFilter(VOID)
Definition: harderr.c:349
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:85
unsigned int ULONG
Definition: retypes.h:1
#define KernelMode
Definition: asm.h:34
#define OBJECT_TO_OBJECT_HEADER(o)
Definition: obtypes.h:111
ULONG ACCESS_MASK
Definition: nt_native.h:40
_In_ ULONG _In_ ULONG _In_ ULONG Length
Definition: ntddpcm.h:102
VOID NTAPI SeQuerySecurityAccessMask(_In_ SECURITY_INFORMATION SecurityInformation, _Out_ PACCESS_MASK DesiredAccess)
Queries the access mask from a security information context.
Definition: semgr.c:427
NTSTATUS NTAPI ObReferenceObjectByHandle(IN HANDLE Handle, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, OUT PVOID *Object, OUT POBJECT_HANDLE_INFORMATION HandleInformation OPTIONAL)
Definition: obref.c:494
#define _SEH2_GetExceptionCode()
Definition: pseh2_64.h:159
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:34
#define _SEH2_YIELD(__stmt)
Definition: pseh2_64.h:162
#define ProbeForWriteUlong(Ptr)
Definition: probe.h:36
_Must_inspect_result_ _In_ WDFCOLLECTION _In_ WDFOBJECT Object
_Must_inspect_result_ _In_ WDFDEVICE _In_ DEVICE_REGISTRY_PROPERTY _In_ ULONG _Out_ PULONG ResultLength
Definition: wdfdevice.h:3776
_Must_inspect_result_ _In_ WDFDEVICE _In_ ULONG _In_ ACCESS_MASK DesiredAccess
Definition: wdfdevice.h:2658
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:191
CCHAR KPROCESSOR_MODE
Definition: ketypes.h:7
#define ObDereferenceObject
Definition: obfuncs.h:203
_In_ KPROCESSOR_MODE PreviousMode
Definition: sefuncs.h:103

Referenced by AccRewriteGetHandleRights(), get_security_descriptor(), GetFileSecurityW(), GetKernelObjectSecurity(), GetUserObjectSecurity(), RegGetKeySecurity(), RegQueryInfoKeyW(), and test_security_info().

◆ NtSetSecurityObject()

NTSTATUS NTAPI NtSetSecurityObject ( IN HANDLE  Handle,
IN SECURITY_INFORMATION  SecurityInformation,
IN PSECURITY_DESCRIPTOR  SecurityDescriptor 
)

Definition at line 903 of file obsecure.c.

906{
909 SECURITY_DESCRIPTOR_RELATIVE *CapturedDescriptor;
912 PAGED_CODE();
913
914 /* Make sure the caller doesn't pass a NULL security descriptor! */
916
917 /* Set the required access rights for the operation */
919
920 /* Reference the object */
923 NULL,
925 &Object,
926 NULL);
927 if (NT_SUCCESS(Status))
928 {
929 /* Capture and make a copy of the security descriptor */
932 PagedPool,
933 TRUE,
935 &CapturedDescriptor);
936 if (!NT_SUCCESS(Status))
937 {
938 /* Fail */
940 return Status;
941 }
942
943 /* Sanity check */
944 ASSERT(CapturedDescriptor->Control & SE_SELF_RELATIVE);
945
946 /*
947 * Make sure the security descriptor passed by the caller
948 * is valid for the operation we're about to perform
949 */
951 !(CapturedDescriptor->Owner)) ||
953 !(CapturedDescriptor->Group)))
954 {
955 /* Set the failure status */
957 }
958 else
959 {
960 /* Set security */
963 CapturedDescriptor);
964 }
965
966 /* Release the descriptor and return status */
969 TRUE);
970
971 /* Now we can dereference the object */
973 }
974
975 return Status;
976}
#define TRUE
Definition: types.h:120
#define PagedPool
Definition: env_spec_w32.h:308
#define ASSERT(a)
Definition: mode.c:44
VOID NTAPI SeSetSecurityAccessMask(_In_ SECURITY_INFORMATION SecurityInformation, _Out_ PACCESS_MASK DesiredAccess)
Sets the access mask for a security information context.
Definition: semgr.c:460
NTSTATUS NTAPI SeCaptureSecurityDescriptor(_In_ PSECURITY_DESCRIPTOR _OriginalSecurityDescriptor, _In_ KPROCESSOR_MODE CurrentMode, _In_ POOL_TYPE PoolType, _In_ BOOLEAN CaptureIfKernel, _Out_ PSECURITY_DESCRIPTOR *CapturedSecurityDescriptor)
Captures a security descriptor.
Definition: sd.c:386
NTSTATUS NTAPI SeReleaseSecurityDescriptor(_In_ PSECURITY_DESCRIPTOR CapturedSecurityDescriptor, _In_ KPROCESSOR_MODE CurrentMode, _In_ BOOLEAN CaptureIfKernelMode)
Releases a captured security descriptor buffer.
Definition: sd.c:760
#define STATUS_INVALID_SECURITY_DESCR
Definition: ntstatus.h:357
#define STATUS_ACCESS_VIOLATION
Definition: ntstatus.h:242
NTSTATUS NTAPI ObSetSecurityObjectByPointer(IN PVOID Object, IN SECURITY_INFORMATION SecurityInformation, IN PSECURITY_DESCRIPTOR SecurityDescriptor)
Definition: obsecure.c:749
SECURITY_DESCRIPTOR_CONTROL Control
Definition: setypes.h:835
#define OWNER_SECURITY_INFORMATION
Definition: setypes.h:123
#define SE_SELF_RELATIVE
Definition: setypes.h:830
#define GROUP_SECURITY_INFORMATION
Definition: setypes.h:124

◆ ObAssignObjectSecurityDescriptor()

NTSTATUS NTAPI ObAssignObjectSecurityDescriptor ( IN PVOID  Object,
IN PSECURITY_DESCRIPTOR SecurityDescriptor  OPTIONAL,
IN POOL_TYPE  PoolType 
)

Definition at line 20 of file obsecure.c.

23{
24 POBJECT_HEADER ObjectHeader;
27 PEX_FAST_REF FastRef;
28 PAGED_CODE();
29
30 /* Get the object header */
31 ObjectHeader = OBJECT_TO_OBJECT_HEADER(Object);
32 FastRef = (PEX_FAST_REF)&ObjectHeader->SecurityDescriptor;
34 {
35 /* Nothing to assign */
37 return STATUS_SUCCESS;
38 }
39
40 /* Add it to our internal cache */
42 &NewSd,
43 MAX_FAST_REFS + 1);
44 if (NT_SUCCESS(Status))
45 {
46 /* Free the old copy */
48
49 /* Set the new pointer */
50 ASSERT(NewSd);
51 ExInitializeFastReference(FastRef, NewSd);
52 }
53
54 /* Return status */
55 return Status;
56}
#define MAX_FAST_REFS
Definition: ex.h:132
FORCEINLINE VOID ExInitializeFastReference(OUT PEX_FAST_REF FastRef, IN OPTIONAL PVOID Object)
Definition: ex.h:595
if(dx< 0)
Definition: linetemp.h:194
#define ExFreePoolWithTag(_P, _T)
Definition: module.h:1099
struct _EX_FAST_REF * PEX_FAST_REF
NTSTATUS NTAPI ObLogSecurityDescriptor(IN PSECURITY_DESCRIPTOR InputSecurityDescriptor, OUT PSECURITY_DESCRIPTOR *OutputSecurityDescriptor, IN ULONG RefBias)
Definition: obsdcach.c:364
#define STATUS_SUCCESS
Definition: shellext.h:65
PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: obtypes.h:503
#define TAG_SD
Definition: tag.h:153

Referenced by SeDefaultObjectMethod(), and WmipSecurityMethod().

◆ ObAssignSecurity()

NTSTATUS NTAPI ObAssignSecurity ( IN PACCESS_STATE  AccessState,
IN PSECURITY_DESCRIPTOR  SecurityDescriptor,
IN PVOID  Object,
IN POBJECT_TYPE  Type 
)

Definition at line 550 of file obsecure.c.

554{
557 KIRQL CalloutIrql;
558 PAGED_CODE();
559
560 /* Build the new security descriptor */
561 Status = SeAssignSecurity(SecurityDescriptor,
562 AccessState->SecurityDescriptor,
565 &AccessState->SubjectSecurityContext,
566 &Type->TypeInfo.GenericMapping,
567 PagedPool);
568 if (!NT_SUCCESS(Status)) return Status;
569
570 /* Call the security method */
571 ObpCalloutStart(&CalloutIrql);
572 Status = Type->TypeInfo.SecurityProcedure(Object,
573 AssignSecurityDescriptor,
574 NULL,
576 NULL,
577 NULL,
578 PagedPool,
579 &Type->TypeInfo.GenericMapping);
580 ObpCalloutEnd(CalloutIrql, "Security", Type, Object);
581
582 /* Check for failure and deassign security if so */
583 if (!NT_SUCCESS(Status)) SeDeassignSecurity(&NewDescriptor);
584
585 /* Return to caller */
586 return Status;
587}
#define ObpDirectoryObjectType
Definition: ObTypes.c:118
UCHAR KIRQL
Definition: env_spec_w32.h:591
FORCEINLINE VOID ObpCalloutStart(IN PKIRQL CalloutIrql)
Definition: ob_x.h:497
FORCEINLINE VOID ObpCalloutEnd(IN KIRQL CalloutIrql, IN PCHAR Procedure, IN POBJECT_TYPE ObjectType, IN PVOID Object)
Definition: ob_x.h:505
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE AccessState
Definition: sefuncs.h:417
_In_opt_ PSECURITY_DESCRIPTOR _Out_ PSECURITY_DESCRIPTOR * NewDescriptor
Definition: sefuncs.h:30

Referenced by IntAssignDesktopSecurityOnParse(), and ObInsertObject().

◆ ObCheckCreateObjectAccess()

BOOLEAN NTAPI ObCheckCreateObjectAccess ( IN PVOID  Object,
IN ACCESS_MASK  CreateAccess,
IN PACCESS_STATE  AccessState,
IN PUNICODE_STRING  ComponentName,
IN BOOLEAN  LockHeld,
IN KPROCESSOR_MODE  AccessMode,
OUT PNTSTATUS  AccessStatus 
)

Definition at line 203 of file obsecure.c.

210{
211 POBJECT_HEADER ObjectHeader;
214 BOOLEAN SdAllocated;
219 PAGED_CODE();
220
221 /* Get the header and type */
222 ObjectHeader = OBJECT_TO_OBJECT_HEADER(Object);
223 ObjectType = ObjectHeader->Type;
224
225 /* Get the security descriptor */
227 if (!NT_SUCCESS(Status))
228 {
229 /* We failed */
231 return FALSE;
232 }
233
234 /* Lock the security context */
235 SeLockSubjectContext(&AccessState->SubjectSecurityContext);
236
237 /* Check if we have an SD */
239 {
240 /* Now do the entire access check */
242 &AccessState->SubjectSecurityContext,
243 TRUE,
244 CreateAccess,
245 0,
246 &Privileges,
247 &ObjectType->TypeInfo.GenericMapping,
251 if (Privileges)
252 {
253 /* We got privileges, append them to the access state and free them */
256 }
257 }
258
259 /* We're done, unlock the context and release security */
260 SeUnlockSubjectContext(&AccessState->SubjectSecurityContext);
262 return Result;
263}
unsigned char BOOLEAN
BOOLEAN NTAPI SeAccessCheck(_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext, _In_ BOOLEAN SubjectContextLocked, _In_ ACCESS_MASK DesiredAccess, _In_ ACCESS_MASK PreviouslyGrantedAccess, _Out_ PPRIVILEGE_SET *Privileges, _In_ PGENERIC_MAPPING GenericMapping, _In_ KPROCESSOR_MODE AccessMode, _Out_ PACCESS_MASK GrantedAccess, _Out_ PNTSTATUS AccessStatus)
Determines whether security access rights can be given to an object depending on the security descrip...
Definition: accesschk.c:910
#define FALSE
Definition: types.h:117
ObjectType
Definition: metafile.c:81
VOID NTAPI SeFreePrivileges(_In_ PPRIVILEGE_SET Privileges)
Frees a set of privileges.
Definition: priv.c:669
NTSTATUS NTAPI SeAppendPrivileges(_Inout_ PACCESS_STATE AccessState, _In_ PPRIVILEGE_SET Privileges)
Appends additional privileges.
Definition: priv.c:588
NTSTATUS NTAPI ObGetObjectSecurity(IN PVOID Object, OUT PSECURITY_DESCRIPTOR *SecurityDescriptor, OUT PBOOLEAN MemoryAllocated)
Definition: obsecure.c:611
VOID NTAPI ObReleaseObjectSecurity(IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN BOOLEAN MemoryAllocated)
Definition: obsecure.c:709
POBJECT_TYPE Type
Definition: obtypes.h:493
VOID NTAPI SeLockSubjectContext(_In_ PSECURITY_SUBJECT_CONTEXT SubjectContext)
Locks both the referenced primary and client access tokens of a security subject context.
Definition: subject.c:107
VOID NTAPI SeUnlockSubjectContext(_In_ PSECURITY_SUBJECT_CONTEXT SubjectContext)
Unlocks both the referenced primary and client access tokens of a security subject context.
Definition: subject.c:138
_At_(*)(_In_ PWSK_CLIENT Client, _In_opt_ PUNICODE_STRING NodeName, _In_opt_ PUNICODE_STRING ServiceName, _In_opt_ ULONG NameSpace, _In_opt_ GUID *Provider, _In_opt_ PADDRINFOEXW Hints, _Outptr_ PADDRINFOEXW *Result, _In_opt_ PEPROCESS OwningProcess, _In_opt_ PETHREAD OwningThread, _Inout_ PIRP Irp Result)(Mem)) NTSTATUS(WSKAPI *PFN_WSK_GET_ADDRESS_INFO
Definition: wsk.h:426
_In_ PEPROCESS _In_ KPROCESSOR_MODE AccessMode
Definition: mmfuncs.h:396
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET * Privileges
Definition: sefuncs.h:17
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK _Out_ PNTSTATUS AccessStatus
Definition: sefuncs.h:21
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK GrantedAccess
Definition: sefuncs.h:20

Referenced by ObpLookupObjectName().

◆ ObCheckObjectAccess()

BOOLEAN NTAPI ObCheckObjectAccess ( IN PVOID  Object,
IN OUT PACCESS_STATE  AccessState,
IN BOOLEAN  LockHeld,
IN KPROCESSOR_MODE  AccessMode,
OUT PNTSTATUS  ReturnedStatus 
)

Definition at line 441 of file obsecure.c.

446{
447 POBJECT_HEADER ObjectHeader;
450 BOOLEAN SdAllocated;
455 PAGED_CODE();
456
457 /* Get the object header and type */
458 ObjectHeader = OBJECT_TO_OBJECT_HEADER(Object);
459 ObjectType = ObjectHeader->Type;
460
461 /* Get security information */
463 if (!NT_SUCCESS(Status))
464 {
465 /* Return failure */
466 *ReturnedStatus = Status;
467 return FALSE;
468 }
469 else if (!SecurityDescriptor)
470 {
471 /* Otherwise, if we don't actually have an SD, return success */
472 *ReturnedStatus = Status;
473 return TRUE;
474 }
475
476 /* Lock the security context */
477 SeLockSubjectContext(&AccessState->SubjectSecurityContext);
478
479 /* Now do the entire access check */
481 &AccessState->SubjectSecurityContext,
482 TRUE,
483 AccessState->RemainingDesiredAccess,
484 AccessState->PreviouslyGrantedAccess,
485 &Privileges,
486 &ObjectType->TypeInfo.GenericMapping,
489 ReturnedStatus);
490 if (Privileges)
491 {
492 /* We got privileges, append them to the access state and free them */
495 }
496
497 /* Check if access was granted */
498 if (Result)
499 {
500 /* Update the access state */
501 AccessState->RemainingDesiredAccess &= ~(GrantedAccess |
503 AccessState->PreviouslyGrantedAccess |= GrantedAccess;
504 }
505
506 /* Do audit alarm */
508 Object,
509 NULL,
512 FALSE,
513 Result,
515 &AccessState->GenerateOnClose);
516
517 /* We're done, unlock the context and release security */
518 SeUnlockSubjectContext(&AccessState->SubjectSecurityContext);
520 return Result;
521}
#define MAXIMUM_ALLOWED
Definition: nt_native.h:83
VOID NTAPI SeOpenObjectAuditAlarm(_In_ PUNICODE_STRING ObjectTypeName, _In_opt_ PVOID Object, _In_opt_ PUNICODE_STRING AbsoluteObjectName, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ PACCESS_STATE AccessState, _In_ BOOLEAN ObjectCreated, _In_ BOOLEAN AccessGranted, _In_ KPROCESSOR_MODE AccessMode, _Out_ PBOOLEAN GenerateOnClose)
Creates an audit with alarm notification of an object that is being opened.
Definition: audit.c:1213

Referenced by CmpDoOpen(), and ObpIncrementHandleCount().

◆ ObDeassignSecurity()

NTSTATUS NTAPI ObDeassignSecurity ( IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor)

Definition at line 60 of file obsecure.c.

61{
62 EX_FAST_REF FastRef;
64 PSECURITY_DESCRIPTOR OldSecurityDescriptor;
65
66 /* Get the fast reference and capture it */
68
69 /* Don't free again later */
71
72 /* Get the descriptor and reference count */
73 OldSecurityDescriptor = ExGetObjectFastReference(FastRef);
75
76 /* Dereference the descriptor */
77 ObDereferenceSecurityDescriptor(OldSecurityDescriptor, Count + 1);
78
79 /* All done */
80 return STATUS_SUCCESS;
81}
FORCEINLINE ULONG ExGetCountFastReference(IN EX_FAST_REF FastRef)
Definition: ex.h:587
FORCEINLINE PVOID ExGetObjectFastReference(IN EX_FAST_REF FastRef)
Definition: ex.h:579
int Count
Definition: noreturn.cpp:7
VOID NTAPI ObDereferenceSecurityDescriptor(IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN ULONG Count)
Definition: obsdcach.c:287

Referenced by SeDefaultObjectMethod(), and WmipSecurityMethod().

◆ ObGetObjectSecurity()

NTSTATUS NTAPI ObGetObjectSecurity ( IN PVOID  Object,
OUT PSECURITY_DESCRIPTOR SecurityDescriptor,
OUT PBOOLEAN  MemoryAllocated 
)

Definition at line 611 of file obsecure.c.

614{
617 ULONG Length = 0;
620 KIRQL CalloutIrql;
621 PAGED_CODE();
622
623 /* Get the object header and type */
625 Type = Header->Type;
626
627 /* Tell the caller that we didn't have to allocate anything yet */
629
630 /* Check if the object uses default security */
631 if (Type->TypeInfo.SecurityProcedure == SeDefaultObjectMethod)
632 {
633 /* Reference the descriptor */
635 return STATUS_SUCCESS;
636 }
637
638 /* Set mask to query */
643
644 /* Get the security descriptor size */
645 ObpCalloutStart(&CalloutIrql);
646 Status = Type->TypeInfo.SecurityProcedure(Object,
647 QuerySecurityDescriptor,
650 &Length,
651 &Header->SecurityDescriptor,
652 Type->TypeInfo.PoolType,
653 &Type->TypeInfo.GenericMapping);
654 ObpCalloutEnd(CalloutIrql, "Security", Type, Object);
655
656 /* Check for failure */
658
659 /* Allocate security descriptor */
661 Length,
665
666 /* Query security descriptor */
667 ObpCalloutStart(&CalloutIrql);
668 Status = Type->TypeInfo.SecurityProcedure(Object,
669 QuerySecurityDescriptor,
672 &Length,
673 &Header->SecurityDescriptor,
674 Type->TypeInfo.PoolType,
675 &Type->TypeInfo.GenericMapping);
676 ObpCalloutEnd(CalloutIrql, "Security", Type, Object);
677
678 /* Check for failure */
679 if (!NT_SUCCESS(Status))
680 {
681 /* Free the descriptor and tell the caller we failed */
684 }
685
686 /* Return status */
687 return Status;
688}
static OB_SECURITY_METHOD SeDefaultObjectMethod
Definition: ObTypes.c:134
#define ExAllocatePoolWithTag(hernya, size, tag)
Definition: env_spec_w32.h:350
DWORD SECURITY_INFORMATION
Definition: ms-dtyp.idl:311
PSECURITY_DESCRIPTOR NTAPI ObpReferenceSecurityDescriptor(IN POBJECT_HEADER ObjectHeader)
Definition: obsdcach.c:181
#define STATUS_BUFFER_TOO_SMALL
Definition: shellext.h:69
#define TAG_SEC_QUERY
Definition: tag.h:121
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
_Out_ PSECURITY_DESCRIPTOR _Out_ PBOOLEAN MemoryAllocated
Definition: obfuncs.h:24
#define DACL_SECURITY_INFORMATION
Definition: setypes.h:125
#define SACL_SECURITY_INFORMATION
Definition: setypes.h:126

Referenced by CreateDeviceSecurityDescriptor(), IntAssignDesktopSecurityOnParse(), ObCheckCreateObjectAccess(), ObCheckObjectAccess(), ObInsertObject(), ObpCheckObjectReference(), ObpCheckTraverseAccess(), PspCreateProcess(), PspCreateThread(), PspSetPrimaryToken(), and TestObRootSecurity().

◆ ObpCheckObjectReference()

BOOLEAN NTAPI ObpCheckObjectReference ( IN PVOID  Object,
IN OUT PACCESS_STATE  AccessState,
IN BOOLEAN  LockHeld,
IN KPROCESSOR_MODE  AccessMode,
OUT PNTSTATUS  AccessStatus 
)

Definition at line 340 of file obsecure.c.

345{
346 POBJECT_HEADER ObjectHeader;
349 BOOLEAN SdAllocated;
354 PAGED_CODE();
355
356 /* Get the header and type */
357 ObjectHeader = OBJECT_TO_OBJECT_HEADER(Object);
358 ObjectType = ObjectHeader->Type;
359
360 /* Get the security descriptor */
362 if (!NT_SUCCESS(Status))
363 {
364 /* We failed */
366 return FALSE;
367 }
368
369 /* Lock the security context */
370 SeLockSubjectContext(&AccessState->SubjectSecurityContext);
371
372 /* Now do the entire access check */
374 &AccessState->SubjectSecurityContext,
375 TRUE,
376 AccessState->RemainingDesiredAccess,
377 AccessState->PreviouslyGrantedAccess,
378 &Privileges,
379 &ObjectType->TypeInfo.GenericMapping,
383 if (Result)
384 {
385 /* Update the access state */
386 AccessState->RemainingDesiredAccess &= ~GrantedAccess;
387 AccessState->PreviouslyGrantedAccess |= GrantedAccess;
388 }
389
390 /* Check if we have an SD */
392 {
393 /* Do audit alarm */
394#if 0
395 SeObjectReferenceAuditAlarm(&AccessState->OperationID,
396 Object,
398 &AccessState->SubjectSecurityContext,
399 AccessState->RemainingDesiredAccess |
400 AccessState->PreviouslyGrantedAccess,
401 ((PAUX_ACCESS_DATA)(AccessState->AuxData))->
402 PrivilegeSet,
403 Result,
404 AccessMode);
405#endif
406 }
407
408 /* We're done, unlock the context and release security */
409 SeUnlockSubjectContext(&AccessState->SubjectSecurityContext);
411 return Result;
412}

Referenced by ObReferenceObjectByName().

◆ ObpCheckTraverseAccess()

BOOLEAN NTAPI ObpCheckTraverseAccess ( IN PVOID  Object,
IN ACCESS_MASK  TraverseAccess,
IN PACCESS_STATE AccessState  OPTIONAL,
IN BOOLEAN  LockHeld,
IN KPROCESSOR_MODE  AccessMode,
OUT PNTSTATUS  AccessStatus 
)

Definition at line 267 of file obsecure.c.

273{
274 POBJECT_HEADER ObjectHeader;
277 BOOLEAN SdAllocated;
282 PAGED_CODE();
283
284 /* Get the header and type */
285 ObjectHeader = OBJECT_TO_OBJECT_HEADER(Object);
286 ObjectType = ObjectHeader->Type;
287
288 /* Get the security descriptor */
290 if (!NT_SUCCESS(Status))
291 {
292 /* We failed */
294 return FALSE;
295 }
296
297 /* First try to perform a fast traverse check
298 * If it fails, then the entire access check will
299 * have to be done.
300 */
304 AccessMode);
305 if (Result)
306 {
308 return TRUE;
309 }
310
311 /* Lock the security context */
312 SeLockSubjectContext(&AccessState->SubjectSecurityContext);
313
314 /* Now do the entire access check */
316 &AccessState->SubjectSecurityContext,
317 TRUE,
318 TraverseAccess,
319 0,
320 &Privileges,
321 &ObjectType->TypeInfo.GenericMapping,
325 if (Privileges)
326 {
327 /* We got privileges, append them to the access state and free them */
330 }
331
332 /* We're done, unlock the context and release security */
333 SeUnlockSubjectContext(&AccessState->SubjectSecurityContext);
335 return Result;
336}
#define FILE_WRITE_DATA
Definition: nt_native.h:631
BOOLEAN NTAPI SeFastTraverseCheck(_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ PACCESS_STATE AccessState, _In_ ACCESS_MASK DesiredAccess, _In_ KPROCESSOR_MODE AccessMode)
Determines whether security access rights can be given to an object depending on the security descrip...
Definition: accesschk.c:1054

Referenced by ObpLookupObjectName().

◆ ObQueryObjectAuditingByHandle()

NTSTATUS NTAPI ObQueryObjectAuditingByHandle ( IN HANDLE  Handle,
OUT PBOOLEAN  GenerateOnClose 
)

Definition at line 997 of file obsecure.c.

999{
1000 PHANDLE_TABLE_ENTRY HandleEntry;
1003 PAGED_CODE();
1004
1005 /* Check if we're dealing with a kernel handle */
1007 {
1008 /* Use the kernel table and convert the handle */
1011 }
1012 else
1013 {
1014 /* Use the process's handle table */
1015 HandleTable = PsGetCurrentProcess()->ObjectTable;
1016 }
1017
1018 /* Enter a critical region while we touch the handle table */
1020
1021 /* Map the handle */
1022 HandleEntry = ExMapHandleToPointer(HandleTable, Handle);
1023 if(HandleEntry)
1024 {
1025 /* Check if the flag is set */
1027
1028 /* Unlock the entry */
1030 }
1031 else
1032 {
1033 /* Otherwise, fail */
1035 }
1036
1037 /* Leave the critical region and return the status */
1039 return Status;
1040}
static XMS_HANDLE HandleTable[XMS_MAX_HANDLES]
Definition: himem.c:83
#define KeLeaveCriticalRegion()
Definition: ke_x.h:119
#define KeEnterCriticalRegion()
Definition: ke_x.h:88
PHANDLE_TABLE_ENTRY NTAPI ExMapHandleToPointer(IN PHANDLE_TABLE HandleTable, IN HANDLE Handle)
Definition: handle.c:1046
VOID NTAPI ExUnlockHandleTableEntry(IN PHANDLE_TABLE HandleTable, IN PHANDLE_TABLE_ENTRY HandleTableEntry)
Definition: handle.c:923
#define STATUS_INVALID_HANDLE
Definition: ntstatus.h:245
PHANDLE_TABLE ObpKernelHandleTable
Definition: obhandle.c:20
#define ObpIsKernelHandle(Handle, ProcessorMode)
Definition: ob.h:74
#define ObKernelHandleToHandle(Handle)
Definition: ob.h:83
#define OBJ_AUDIT_OBJECT_CLOSE
Definition: ob.h:51
Definition: extypes.h:596
ULONG_PTR ObAttributes
Definition: extypes.h:600
#define PsGetCurrentProcess
Definition: psfuncs.h:17
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE _In_ BOOLEAN _In_ BOOLEAN _In_ KPROCESSOR_MODE _In_opt_ GUID _Out_ PBOOLEAN GenerateOnClose
Definition: sefuncs.h:422

◆ ObQuerySecurityDescriptorInfo()

NTSTATUS NTAPI ObQuerySecurityDescriptorInfo ( IN PVOID  Object,
IN PSECURITY_INFORMATION  SecurityInformation,
OUT PSECURITY_DESCRIPTOR  SecurityDescriptor,
IN OUT PULONG  Length,
IN PSECURITY_DESCRIPTOR OutputSecurityDescriptor 
)

Definition at line 85 of file obsecure.c.

90{
91 POBJECT_HEADER ObjectHeader;
93 PSECURITY_DESCRIPTOR ObjectSd;
94 PAGED_CODE();
95
96 /* Get the object header */
97 ObjectHeader = OBJECT_TO_OBJECT_HEADER(Object);
98
99 /* Get the SD */
100 ObjectSd = ObpReferenceSecurityDescriptor(ObjectHeader);
101
102 /* Query the information */
105 Length,
106 &ObjectSd);
107
108 /* Check if we have an object SD and dereference it, if so */
109 if (ObjectSd) ObDereferenceSecurityDescriptor(ObjectSd, 1);
110
111 /* Return status */
112 return Status;
113}
NTKERNELAPI NTSTATUS NTAPI SeQuerySecurityDescriptorInfo(_In_ PSECURITY_INFORMATION SecurityInformation, _Out_writes_bytes_(*Length) PSECURITY_DESCRIPTOR SecurityDescriptor, _Inout_ PULONG Length, _Inout_ PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor)

Referenced by SeDefaultObjectMethod(), and WmipSecurityMethod().

◆ ObReleaseObjectSecurity()

VOID NTAPI ObReleaseObjectSecurity ( IN PSECURITY_DESCRIPTOR  SecurityDescriptor,
IN BOOLEAN  MemoryAllocated 
)

Definition at line 709 of file obsecure.c.

711{
712 PAGED_CODE();
713
714 /* Nothing to do in this case */
715 if (!SecurityDescriptor) return;
716
717 /* Check if we had allocated it from memory */
718 if (MemoryAllocated)
719 {
720 /* Free it */
722 }
723 else
724 {
725 /* Otherwise this means we used an internal descriptor */
727 }
728}

Referenced by CreateDeviceSecurityDescriptor(), IntAssignDesktopSecurityOnParse(), ObCheckCreateObjectAccess(), ObCheckObjectAccess(), ObInsertObject(), ObpCheckObjectReference(), ObpCheckTraverseAccess(), PspCreateProcess(), PspCreateThread(), PspSetPrimaryToken(), and TestObRootSecurity().

◆ ObSetSecurityDescriptorInfo()

NTSTATUS NTAPI ObSetSecurityDescriptorInfo ( IN PVOID  Object,
IN PSECURITY_INFORMATION  SecurityInformation,
IN OUT PSECURITY_DESCRIPTOR  SecurityDescriptor,
IN OUT PSECURITY_DESCRIPTOR OutputSecurityDescriptor,
IN POOL_TYPE  PoolType,
IN PGENERIC_MAPPING  GenericMapping 
)

Definition at line 117 of file obsecure.c.

123{
125 POBJECT_HEADER ObjectHeader;
126 PSECURITY_DESCRIPTOR OldDescriptor, NewDescriptor, CachedDescriptor;
127 PEX_FAST_REF FastRef;
128 EX_FAST_REF OldValue;
129 ULONG Count;
130 PAGED_CODE();
131
132 /* Get the object header */
133 ObjectHeader = OBJECT_TO_OBJECT_HEADER(Object);
134 while (TRUE)
135 {
136 /* Reference the old descriptor */
137 OldDescriptor = ObpReferenceSecurityDescriptor(ObjectHeader);
138 NewDescriptor = OldDescriptor;
139
140 /* Set the SD information */
145 PoolType,
147 if (!NT_SUCCESS(Status))
148 {
149 /* We failed, dereference the old one */
150 if (OldDescriptor) ObDereferenceSecurityDescriptor(OldDescriptor, 1);
151 break;
152 }
153
154 /* Now add this to the cache */
156 &CachedDescriptor,
157 MAX_FAST_REFS + 1);
158
159 /* Let go of our uncached copy */
161
162 /* Check for success */
163 if (!NT_SUCCESS(Status))
164 {
165 /* We failed, dereference the old one */
166 ObDereferenceSecurityDescriptor(OldDescriptor, 1);
167 break;
168 }
169
170 /* Do the swap */
171 FastRef = (PEX_FAST_REF)OutputSecurityDescriptor;
172 OldValue = ExCompareSwapFastReference(FastRef,
173 CachedDescriptor,
174 OldDescriptor);
175
176 /* Make sure the swap worked */
177 if (ExGetObjectFastReference(OldValue) == OldDescriptor)
178 {
179 /* Flush waiters */
180 ObpAcquireObjectLock(ObjectHeader);
181 ObpReleaseObjectLock(ObjectHeader);
182
183 /* And dereference the old one */
184 Count = ExGetCountFastReference(OldValue);
185 ObDereferenceSecurityDescriptor(OldDescriptor, Count + 2);
186 break;
187 }
188 else
189 {
190 /* Someone changed it behind our back -- try again */
191 ObDereferenceSecurityDescriptor(OldDescriptor, 1);
192 ObDereferenceSecurityDescriptor(CachedDescriptor,
193 MAX_FAST_REFS + 1);
194 }
195 }
196
197 /* Return status */
198 return Status;
199}
static GENERIC_MAPPING GenericMapping
Definition: SeInheritance.c:11
#define ExFreePool(addr)
Definition: env_spec_w32.h:352
FORCEINLINE EX_FAST_REF ExCompareSwapFastReference(IN PEX_FAST_REF FastRef, IN PVOID Object, IN PVOID OldObject)
Definition: ex.h:746
FORCEINLINE VOID ObpAcquireObjectLock(IN POBJECT_HEADER ObjectHeader)
Definition: ob_x.h:48
FORCEINLINE VOID ObpReleaseObjectLock(IN POBJECT_HEADER ObjectHeader)
Definition: ob_x.h:84
_Must_inspect_result_ _In_ WDFDEVICE _In_ DEVICE_REGISTRY_PROPERTY _In_ _Strict_type_match_ POOL_TYPE PoolType
Definition: wdfdevice.h:3815
NTKERNELAPI NTSTATUS NTAPI SeSetSecurityDescriptorInfo(_In_opt_ PVOID Object, _In_ PSECURITY_INFORMATION SecurityInformation, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _Inout_ PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor, _In_ POOL_TYPE PoolType, _In_ PGENERIC_MAPPING GenericMapping)

Referenced by SeDefaultObjectMethod(), and WmipSecurityMethod().

◆ ObSetSecurityObjectByPointer()

NTSTATUS NTAPI ObSetSecurityObjectByPointer ( IN PVOID  Object,
IN SECURITY_INFORMATION  SecurityInformation,
IN PSECURITY_DESCRIPTOR  SecurityDescriptor 
)

Definition at line 749 of file obsecure.c.

752{
755 PAGED_CODE();
756
757 /* Get the header and type */
759 Type = Header->Type;
760
761 /* Sanity check */
763
764 /* Call the security procedure */
765 return Type->TypeInfo.SecurityProcedure(Object,
766 SetSecurityDescriptor,
769 NULL,
770 &Header->SecurityDescriptor,
771 Type->TypeInfo.PoolType,
772 &Type->TypeInfo.GenericMapping);
773}

Referenced by NtSetSecurityObject().