ReactOS  0.4.14-dev-55-g2da92ac
obsecure.c File Reference
#include <ntoskrnl.h>
#include <debug.h>
Include dependency graph for obsecure.c:

Go to the source code of this file.

Macros

#define NDEBUG
 

Functions

NTSTATUS NTAPI ObAssignObjectSecurityDescriptor (IN PVOID Object, IN PSECURITY_DESCRIPTOR SecurityDescriptor OPTIONAL, IN POOL_TYPE PoolType)
 
NTSTATUS NTAPI ObDeassignSecurity (IN OUT PSECURITY_DESCRIPTOR *SecurityDescriptor)
 
NTSTATUS NTAPI ObQuerySecurityDescriptorInfo (IN PVOID Object, IN PSECURITY_INFORMATION SecurityInformation, OUT PSECURITY_DESCRIPTOR SecurityDescriptor, IN OUT PULONG Length, IN PSECURITY_DESCRIPTOR *OutputSecurityDescriptor)
 
NTSTATUS NTAPI ObSetSecurityDescriptorInfo (IN PVOID Object, IN PSECURITY_INFORMATION SecurityInformation, IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor, IN OUT PSECURITY_DESCRIPTOR *OutputSecurityDescriptor, IN POOL_TYPE PoolType, IN PGENERIC_MAPPING GenericMapping)
 
BOOLEAN NTAPI ObCheckCreateObjectAccess (IN PVOID Object, IN ACCESS_MASK CreateAccess, IN PACCESS_STATE AccessState, IN PUNICODE_STRING ComponentName, IN BOOLEAN LockHeld, IN KPROCESSOR_MODE AccessMode, OUT PNTSTATUS AccessStatus)
 
BOOLEAN NTAPI ObpCheckTraverseAccess (IN PVOID Object, IN ACCESS_MASK TraverseAccess, IN PACCESS_STATE AccessState OPTIONAL, IN BOOLEAN LockHeld, IN KPROCESSOR_MODE AccessMode, OUT PNTSTATUS AccessStatus)
 
BOOLEAN NTAPI ObpCheckObjectReference (IN PVOID Object, IN OUT PACCESS_STATE AccessState, IN BOOLEAN LockHeld, IN KPROCESSOR_MODE AccessMode, OUT PNTSTATUS AccessStatus)
 
BOOLEAN NTAPI ObCheckObjectAccess (IN PVOID Object, IN OUT PACCESS_STATE AccessState, IN BOOLEAN LockHeld, IN KPROCESSOR_MODE AccessMode, OUT PNTSTATUS ReturnedStatus)
 
NTSTATUS NTAPI ObAssignSecurity (IN PACCESS_STATE AccessState, IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN PVOID Object, IN POBJECT_TYPE Type)
 
NTSTATUS NTAPI ObGetObjectSecurity (IN PVOID Object, OUT PSECURITY_DESCRIPTOR *SecurityDescriptor, OUT PBOOLEAN MemoryAllocated)
 
VOID NTAPI ObReleaseObjectSecurity (IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN BOOLEAN MemoryAllocated)
 
NTSTATUS NTAPI ObSetSecurityObjectByPointer (IN PVOID Object, IN SECURITY_INFORMATION SecurityInformation, IN PSECURITY_DESCRIPTOR SecurityDescriptor)
 
NTSTATUS NTAPI NtQuerySecurityObject (IN HANDLE Handle, IN SECURITY_INFORMATION SecurityInformation, OUT PSECURITY_DESCRIPTOR SecurityDescriptor, IN ULONG Length, OUT PULONG ResultLength)
 
NTSTATUS NTAPI NtSetSecurityObject (IN HANDLE Handle, IN SECURITY_INFORMATION SecurityInformation, IN PSECURITY_DESCRIPTOR SecurityDescriptor)
 
NTSTATUS NTAPI ObQueryObjectAuditingByHandle (IN HANDLE Handle, OUT PBOOLEAN GenerateOnClose)
 

Macro Definition Documentation

◆ NDEBUG

#define NDEBUG

Definition at line 13 of file obsecure.c.

Function Documentation

◆ NtQuerySecurityObject()

NTSTATUS NTAPI NtQuerySecurityObject ( IN HANDLE  Handle,
IN SECURITY_INFORMATION  SecurityInformation,
OUT PSECURITY_DESCRIPTOR  SecurityDescriptor,
IN ULONG  Length,
OUT PULONG  ResultLength 
)

Definition at line 803 of file obsecure.c.

808 {
810  PVOID Object;
815  PAGED_CODE();
816 
817  /* Check if we came from user mode */
818  if (PreviousMode != KernelMode)
819  {
820  /* Enter SEH */
821  _SEH2_TRY
822  {
823  /* Probe the SD and the length pointer */
826  }
828  {
829  /* Return the exception code */
831  }
832  _SEH2_END;
833  }
834 
835  /* Get the required access rights for the operation */
837 
838  /* Reference the object */
841  NULL,
842  PreviousMode,
843  &Object,
844  NULL);
845  if (!NT_SUCCESS(Status)) return Status;
846 
847  /* Get the Object Header and Type */
849  Type = Header->Type;
850 
851  /* Call the security procedure's query function */
852  Status = Type->TypeInfo.SecurityProcedure(Object,
853  QuerySecurityDescriptor,
856  &Length,
857  &Header->SecurityDescriptor,
858  Type->TypeInfo.PoolType,
859  &Type->TypeInfo.GenericMapping);
860 
861  /* Dereference the object */
863 
864  /* Protect write with SEH */
865  _SEH2_TRY
866  {
867  /* Return the needed length */
868  *ResultLength = Length;
869  }
871  {
872  /* Get the exception code */
874  }
875  _SEH2_END;
876 
877  /* Return status */
878  return Status;
879 }
#define ProbeForWriteUlong(Ptr)
Definition: probe.h:36
IN CINT OUT PVOID IN ULONG OUT PULONG ResultLength
Definition: conport.c:47
Type
Definition: Type.h:6
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:182
LONG NTSTATUS
Definition: precomp.h:26
KPROCESSOR_MODE NTAPI ExGetPreviousMode(VOID)
Definition: sysinfo.c:3066
VOID NTAPI ObDereferenceObject(IN PVOID Object)
Definition: obref.c:375
VOID NTAPI ProbeForWrite(IN PVOID Address, IN SIZE_T Length, IN ULONG Alignment)
Definition: exintrin.c:143
#define PAGED_CODE()
Definition: video.h:57
_SEH2_TRY
Definition: create.c:4250
#define OBJECT_TO_OBJECT_HEADER(o)
Definition: obtypes.h:111
NTSTATUS NTAPI ObReferenceObjectByHandle(IN HANDLE Handle, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, OUT PVOID *Object, OUT POBJECT_HANDLE_INFORMATION HandleInformation OPTIONAL)
Definition: obref.c:496
Definition: Header.h:8
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:85
smooth NULL
Definition: ftsmooth.c:416
_Must_inspect_result_ _In_ PFILE_OBJECT _In_ SECURITY_INFORMATION SecurityInformation
Definition: fltkernel.h:1339
_In_ HANDLE Handle
Definition: extypes.h:390
_In_ KPROCESSOR_MODE PreviousMode
Definition: sefuncs.h:103
#define _SEH2_YIELD(STMT_)
Definition: pseh2_64.h:8
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
_In_ ULONG _In_ ULONG _In_ ULONG Length
Definition: ntddpcm.h:101
CCHAR KPROCESSOR_MODE
Definition: ketypes.h:7
static IUnknown Object
Definition: main.c:512
Status
Definition: gdiplustypes.h:24
_SEH2_END
Definition: create.c:4424
LONG NTAPI ExSystemExceptionFilter(VOID)
Definition: harderr.c:351
_In_ PIO_STACK_LOCATION _Inout_ PFILE_OBJECT _Inout_ PVCB _Outptr_result_maybenull_ PDCB _In_ PDCB _In_ PDIRENT _In_ ULONG _In_ ULONG _In_ PUNICODE_STRING _In_ PACCESS_MASK DesiredAccess
Definition: create.c:4157
unsigned int ULONG
Definition: retypes.h:1
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:6
#define _SEH2_GetExceptionCode()
Definition: pseh2_64.h:12
ULONG ACCESS_MASK
Definition: nt_native.h:40
VOID NTAPI SeQuerySecurityAccessMask(IN SECURITY_INFORMATION SecurityInformation, OUT PACCESS_MASK DesiredAccess)
Definition: semgr.c:329

Referenced by AccRewriteGetHandleRights(), get_security_descriptor(), GetFileSecurityW(), GetKernelObjectSecurity(), GetUserObjectSecurity(), RegGetKeySecurity(), RegQueryInfoKeyW(), and test_security_info().

◆ NtSetSecurityObject()

NTSTATUS NTAPI NtSetSecurityObject ( IN HANDLE  Handle,
IN SECURITY_INFORMATION  SecurityInformation,
IN PSECURITY_DESCRIPTOR  SecurityDescriptor 
)

Definition at line 903 of file obsecure.c.

906 {
908  PVOID Object;
909  SECURITY_DESCRIPTOR_RELATIVE *CapturedDescriptor;
912  PAGED_CODE();
913 
914  /* Make sure the caller doesn't pass a NULL security descriptor! */
916 
917  /* Set the required access rights for the operation */
919 
920  /* Reference the object */
923  NULL,
924  PreviousMode,
925  &Object,
926  NULL);
927  if (NT_SUCCESS(Status))
928  {
929  /* Capture and make a copy of the security descriptor */
931  PreviousMode,
932  PagedPool,
933  TRUE,
935  &CapturedDescriptor);
936  if (!NT_SUCCESS(Status))
937  {
938  /* Fail */
940  return Status;
941  }
942 
943  /* Sanity check */
944  ASSERT(CapturedDescriptor->Control & SE_SELF_RELATIVE);
945 
946  /*
947  * Make sure the security descriptor passed by the caller
948  * is valid for the operation we're about to perform
949  */
951  !(CapturedDescriptor->Owner)) ||
953  !(CapturedDescriptor->Group)))
954  {
955  /* Set the failure status */
957  }
958  else
959  {
960  /* Set security */
963  CapturedDescriptor);
964  }
965 
966  /* Release the descriptor and return status */
968  PreviousMode,
969  TRUE);
970 
971  /* Now we can dereference the object */
973  }
974 
975  return Status;
976 }
#define TRUE
Definition: types.h:120
#define STATUS_INVALID_SECURITY_DESCR
Definition: ntstatus.h:343
NTSTATUS NTAPI ObSetSecurityObjectByPointer(IN PVOID Object, IN SECURITY_INFORMATION SecurityInformation, IN PSECURITY_DESCRIPTOR SecurityDescriptor)
Definition: obsecure.c:749
#define SE_SELF_RELATIVE
Definition: setypes.h:780
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:182
LONG NTSTATUS
Definition: precomp.h:26
KPROCESSOR_MODE NTAPI ExGetPreviousMode(VOID)
Definition: sysinfo.c:3066
VOID NTAPI ObDereferenceObject(IN PVOID Object)
Definition: obref.c:375
#define GROUP_SECURITY_INFORMATION
Definition: setypes.h:124
#define PAGED_CODE()
Definition: video.h:57
VOID NTAPI SeSetSecurityAccessMask(IN SECURITY_INFORMATION SecurityInformation, OUT PACCESS_MASK DesiredAccess)
Definition: semgr.c:348
NTSTATUS NTAPI SeReleaseSecurityDescriptor(IN PSECURITY_DESCRIPTOR CapturedSecurityDescriptor, IN KPROCESSOR_MODE CurrentMode, IN BOOLEAN CaptureIfKernelMode)
Definition: sd.c:766
NTSTATUS NTAPI ObReferenceObjectByHandle(IN HANDLE Handle, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, OUT PVOID *Object, OUT POBJECT_HANDLE_INFORMATION HandleInformation OPTIONAL)
Definition: obref.c:496
smooth NULL
Definition: ftsmooth.c:416
_Must_inspect_result_ _In_ PFILE_OBJECT _In_ SECURITY_INFORMATION SecurityInformation
Definition: fltkernel.h:1339
_In_ HANDLE Handle
Definition: extypes.h:390
_In_ KPROCESSOR_MODE PreviousMode
Definition: sefuncs.h:103
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
CCHAR KPROCESSOR_MODE
Definition: ketypes.h:7
static IUnknown Object
Definition: main.c:512
ASSERT((InvokeOnSuccess||InvokeOnError||InvokeOnCancel) ?(CompletionRoutine !=NULL) :TRUE)
Status
Definition: gdiplustypes.h:24
#define STATUS_ACCESS_VIOLATION
Definition: ntstatus.h:228
SECURITY_DESCRIPTOR_CONTROL Control
Definition: setypes.h:785
_In_ PIO_STACK_LOCATION _Inout_ PFILE_OBJECT _Inout_ PVCB _Outptr_result_maybenull_ PDCB _In_ PDCB _In_ PDIRENT _In_ ULONG _In_ ULONG _In_ PUNICODE_STRING _In_ PACCESS_MASK DesiredAccess
Definition: create.c:4157
#define OWNER_SECURITY_INFORMATION
Definition: setypes.h:123
NTSTATUS NTAPI SeCaptureSecurityDescriptor(IN PSECURITY_DESCRIPTOR _OriginalSecurityDescriptor, IN KPROCESSOR_MODE CurrentMode, IN POOL_TYPE PoolType, IN BOOLEAN CaptureIfKernel, OUT PSECURITY_DESCRIPTOR *CapturedSecurityDescriptor)
Definition: sd.c:434
ULONG ACCESS_MASK
Definition: nt_native.h:40

◆ ObAssignObjectSecurityDescriptor()

NTSTATUS NTAPI ObAssignObjectSecurityDescriptor ( IN PVOID  Object,
IN PSECURITY_DESCRIPTOR SecurityDescriptor  OPTIONAL,
IN POOL_TYPE  PoolType 
)

Definition at line 20 of file obsecure.c.

23 {
24  POBJECT_HEADER ObjectHeader;
27  PEX_FAST_REF FastRef;
28  PAGED_CODE();
29 
30  /* Get the object header */
31  ObjectHeader = OBJECT_TO_OBJECT_HEADER(Object);
32  FastRef = (PEX_FAST_REF)&ObjectHeader->SecurityDescriptor;
34  {
35  /* Nothing to assign */
37  return STATUS_SUCCESS;
38  }
39 
40  /* Add it to our internal cache */
42  &NewSd,
43  MAX_FAST_REFS + 1);
44  if (NT_SUCCESS(Status))
45  {
46  /* Free the old copy */
48 
49  /* Set the new pointer */
50  ASSERT(NewSd);
51  ExInitializeFastReference(FastRef, NewSd);
52  }
53 
54  /* Return status */
55  return Status;
56 }
FORCEINLINE VOID ExInitializeFastReference(OUT PEX_FAST_REF FastRef, IN OPTIONAL PVOID Object)
Definition: ex.h:582
struct _EX_FAST_REF * PEX_FAST_REF
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:182
LONG NTSTATUS
Definition: precomp.h:26
#define PAGED_CODE()
Definition: video.h:57
#define OBJECT_TO_OBJECT_HEADER(o)
Definition: obtypes.h:111
smooth NULL
Definition: ftsmooth.c:416
#define TAG_SD
Definition: tag.h:176
if(!(yy_init))
Definition: macro.lex.yy.c:714
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
static IUnknown Object
Definition: main.c:512
ASSERT((InvokeOnSuccess||InvokeOnError||InvokeOnCancel) ?(CompletionRoutine !=NULL) :TRUE)
NTSTATUS NTAPI ObLogSecurityDescriptor(IN PSECURITY_DESCRIPTOR InputSecurityDescriptor, OUT PSECURITY_DESCRIPTOR *OutputSecurityDescriptor, IN ULONG RefBias)
Definition: obsdcach.c:364
Status
Definition: gdiplustypes.h:24
#define MAX_FAST_REFS
Definition: ex.h:128
#define ExFreePoolWithTag(_P, _T)
Definition: module.h:1099
return STATUS_SUCCESS
Definition: btrfs.c:2966
PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: obtypes.h:503

Referenced by SeDefaultObjectMethod(), and WmipSecurityMethod().

◆ ObAssignSecurity()

NTSTATUS NTAPI ObAssignSecurity ( IN PACCESS_STATE  AccessState,
IN PSECURITY_DESCRIPTOR  SecurityDescriptor,
IN PVOID  Object,
IN POBJECT_TYPE  Type 
)

Definition at line 550 of file obsecure.c.

554 {
557  KIRQL CalloutIrql;
558  PAGED_CODE();
559 
560  /* Build the new security descriptor */
561  Status = SeAssignSecurity(SecurityDescriptor,
562  AccessState->SecurityDescriptor,
563  &NewDescriptor,
565  &AccessState->SubjectSecurityContext,
566  &Type->TypeInfo.GenericMapping,
567  PagedPool);
568  if (!NT_SUCCESS(Status)) return Status;
569 
570  /* Call the security method */
571  ObpCalloutStart(&CalloutIrql);
572  Status = Type->TypeInfo.SecurityProcedure(Object,
573  AssignSecurityDescriptor,
574  NULL,
576  NULL,
577  NULL,
578  PagedPool,
579  &Type->TypeInfo.GenericMapping);
580  ObpCalloutEnd(CalloutIrql, "Security", Type, Object);
581 
582  /* Check for failure and deassign security if so */
583  if (!NT_SUCCESS(Status)) SeDeassignSecurity(&NewDescriptor);
584 
585  /* Return to caller */
586  return Status;
587 }
Type
Definition: Type.h:6
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:182
LONG NTSTATUS
Definition: precomp.h:26
_In_opt_ PSECURITY_DESCRIPTOR _Out_ PSECURITY_DESCRIPTOR * NewDescriptor
Definition: sefuncs.h:29
#define PAGED_CODE()
Definition: video.h:57
UCHAR KIRQL
Definition: env_spec_w32.h:591
FORCEINLINE VOID ObpCalloutStart(IN PKIRQL CalloutIrql)
Definition: ob_x.h:429
smooth NULL
Definition: ftsmooth.c:416
#define ObpDirectoryObjectType
Definition: ObTypes.c:123
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
static IUnknown Object
Definition: main.c:512
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE AccessState
Definition: sefuncs.h:414
FORCEINLINE VOID ObpCalloutEnd(IN KIRQL CalloutIrql, IN PCHAR Procedure, IN POBJECT_TYPE ObjectType, IN PVOID Object)
Definition: ob_x.h:437
Status
Definition: gdiplustypes.h:24

Referenced by ObInsertObject().

◆ ObCheckCreateObjectAccess()

BOOLEAN NTAPI ObCheckCreateObjectAccess ( IN PVOID  Object,
IN ACCESS_MASK  CreateAccess,
IN PACCESS_STATE  AccessState,
IN PUNICODE_STRING  ComponentName,
IN BOOLEAN  LockHeld,
IN KPROCESSOR_MODE  AccessMode,
OUT PNTSTATUS  AccessStatus 
)

Definition at line 203 of file obsecure.c.

210 {
211  POBJECT_HEADER ObjectHeader;
214  BOOLEAN SdAllocated;
215  BOOLEAN Result = TRUE;
219  PAGED_CODE();
220 
221  /* Get the header and type */
222  ObjectHeader = OBJECT_TO_OBJECT_HEADER(Object);
223  ObjectType = ObjectHeader->Type;
224 
225  /* Get the security descriptor */
227  if (!NT_SUCCESS(Status))
228  {
229  /* We failed */
230  *AccessStatus = Status;
231  return FALSE;
232  }
233 
234  /* Lock the security context */
235  SeLockSubjectContext(&AccessState->SubjectSecurityContext);
236 
237  /* Check if we have an SD */
238  if (SecurityDescriptor)
239  {
240  /* Now do the entire access check */
242  &AccessState->SubjectSecurityContext,
243  TRUE,
244  CreateAccess,
245  0,
246  &Privileges,
247  &ObjectType->TypeInfo.GenericMapping,
248  AccessMode,
249  &GrantedAccess,
250  AccessStatus);
251  if (Privileges)
252  {
253  /* We got privileges, append them to the access state and free them */
256  }
257  }
258 
259  /* We're done, unlock the context and release security */
260  SeUnlockSubjectContext(&AccessState->SubjectSecurityContext);
262  return Result;
263 }
BOOLEAN NTAPI SeAccessCheck(IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext, IN BOOLEAN SubjectContextLocked, IN ACCESS_MASK DesiredAccess, IN ACCESS_MASK PreviouslyGrantedAccess, OUT PPRIVILEGE_SET *Privileges, IN PGENERIC_MAPPING GenericMapping, IN KPROCESSOR_MODE AccessMode, OUT PACCESS_MASK GrantedAccess, OUT PNTSTATUS AccessStatus)
Definition: accesschk.c:340
ObjectType
Definition: metafile.c:80
#define TRUE
Definition: types.h:120
VOID NTAPI SeUnlockSubjectContext(IN PSECURITY_SUBJECT_CONTEXT SubjectContext)
Definition: access.c:336
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK _Out_ PNTSTATUS AccessStatus
Definition: sefuncs.h:13
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:182
LONG NTSTATUS
Definition: precomp.h:26
VOID NTAPI SeLockSubjectContext(IN PSECURITY_SUBJECT_CONTEXT SubjectContext)
Definition: access.c:314
#define PAGED_CODE()
Definition: video.h:57
#define OBJECT_TO_OBJECT_HEADER(o)
Definition: obtypes.h:111
_In_ PEPROCESS _In_ KPROCESSOR_MODE AccessMode
Definition: mmfuncs.h:396
NTSTATUS NTAPI SeAppendPrivileges(IN OUT PACCESS_STATE AccessState, IN PPRIVILEGE_SET Privileges)
Definition: priv.c:407
VOID NTAPI ObReleaseObjectSecurity(IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN BOOLEAN MemoryAllocated)
Definition: obsecure.c:709
unsigned char BOOLEAN
smooth NULL
Definition: ftsmooth.c:416
_At_(*)(_In_ PWSK_CLIENT Client, _In_opt_ PUNICODE_STRING NodeName, _In_opt_ PUNICODE_STRING ServiceName, _In_opt_ ULONG NameSpace, _In_opt_ GUID *Provider, _In_opt_ PADDRINFOEXW Hints, _Outptr_ PADDRINFOEXW *Result, _In_opt_ PEPROCESS OwningProcess, _In_opt_ PETHREAD OwningThread, _Inout_ PIRP Irp Result)(Mem)) NTSTATUS(WSKAPI *PFN_WSK_GET_ADDRESS_INFO
Definition: wsk.h:426
NTSTATUS NTAPI ObGetObjectSecurity(IN PVOID Object, OUT PSECURITY_DESCRIPTOR *SecurityDescriptor, OUT PBOOLEAN MemoryAllocated)
Definition: obsecure.c:611
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
static IUnknown Object
Definition: main.c:512
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET * Privileges
Definition: sefuncs.h:13
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE AccessState
Definition: sefuncs.h:414
Status
Definition: gdiplustypes.h:24
VOID NTAPI SeFreePrivileges(IN PPRIVILEGE_SET Privileges)
Definition: priv.c:480
POBJECT_TYPE Type
Definition: obtypes.h:493
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK GrantedAccess
Definition: sefuncs.h:13
ULONG ACCESS_MASK
Definition: nt_native.h:40

Referenced by ObpLookupObjectName().

◆ ObCheckObjectAccess()

BOOLEAN NTAPI ObCheckObjectAccess ( IN PVOID  Object,
IN OUT PACCESS_STATE  AccessState,
IN BOOLEAN  LockHeld,
IN KPROCESSOR_MODE  AccessMode,
OUT PNTSTATUS  ReturnedStatus 
)

Definition at line 441 of file obsecure.c.

446 {
447  POBJECT_HEADER ObjectHeader;
450  BOOLEAN SdAllocated;
452  BOOLEAN Result;
455  PAGED_CODE();
456 
457  /* Get the object header and type */
458  ObjectHeader = OBJECT_TO_OBJECT_HEADER(Object);
459  ObjectType = ObjectHeader->Type;
460 
461  /* Get security information */
463  if (!NT_SUCCESS(Status))
464  {
465  /* Return failure */
466  *ReturnedStatus = Status;
467  return FALSE;
468  }
469  else if (!SecurityDescriptor)
470  {
471  /* Otherwise, if we don't actually have an SD, return success */
472  *ReturnedStatus = Status;
473  return TRUE;
474  }
475 
476  /* Lock the security context */
477  SeLockSubjectContext(&AccessState->SubjectSecurityContext);
478 
479  /* Now do the entire access check */
481  &AccessState->SubjectSecurityContext,
482  TRUE,
483  AccessState->RemainingDesiredAccess,
484  AccessState->PreviouslyGrantedAccess,
485  &Privileges,
486  &ObjectType->TypeInfo.GenericMapping,
487  AccessMode,
488  &GrantedAccess,
489  ReturnedStatus);
490  if (Privileges)
491  {
492  /* We got privileges, append them to the access state and free them */
495  }
496 
497  /* Check if access was granted */
498  if (Result)
499  {
500  /* Update the access state */
501  AccessState->RemainingDesiredAccess &= ~(GrantedAccess |
503  AccessState->PreviouslyGrantedAccess |= GrantedAccess;
504  }
505 
506  /* Do audit alarm */
508  Object,
509  NULL,
511  AccessState,
512  FALSE,
513  Result,
514  AccessMode,
515  &AccessState->GenerateOnClose);
516 
517  /* We're done, unlock the context and release security */
518  SeUnlockSubjectContext(&AccessState->SubjectSecurityContext);
520  return Result;
521 }
#define MAXIMUM_ALLOWED
Definition: nt_native.h:83
BOOLEAN NTAPI SeAccessCheck(IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext, IN BOOLEAN SubjectContextLocked, IN ACCESS_MASK DesiredAccess, IN ACCESS_MASK PreviouslyGrantedAccess, OUT PPRIVILEGE_SET *Privileges, IN PGENERIC_MAPPING GenericMapping, IN KPROCESSOR_MODE AccessMode, OUT PACCESS_MASK GrantedAccess, OUT PNTSTATUS AccessStatus)
Definition: accesschk.c:340
ObjectType
Definition: metafile.c:80
#define TRUE
Definition: types.h:120
VOID NTAPI SeUnlockSubjectContext(IN PSECURITY_SUBJECT_CONTEXT SubjectContext)
Definition: access.c:336
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:182
LONG NTSTATUS
Definition: precomp.h:26
VOID NTAPI SeLockSubjectContext(IN PSECURITY_SUBJECT_CONTEXT SubjectContext)
Definition: access.c:314
#define PAGED_CODE()
Definition: video.h:57
#define OBJECT_TO_OBJECT_HEADER(o)
Definition: obtypes.h:111
_In_ PEPROCESS _In_ KPROCESSOR_MODE AccessMode
Definition: mmfuncs.h:396
NTSTATUS NTAPI SeAppendPrivileges(IN OUT PACCESS_STATE AccessState, IN PPRIVILEGE_SET Privileges)
Definition: priv.c:407
VOID NTAPI ObReleaseObjectSecurity(IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN BOOLEAN MemoryAllocated)
Definition: obsecure.c:709
unsigned char BOOLEAN
smooth NULL
Definition: ftsmooth.c:416
_At_(*)(_In_ PWSK_CLIENT Client, _In_opt_ PUNICODE_STRING NodeName, _In_opt_ PUNICODE_STRING ServiceName, _In_opt_ ULONG NameSpace, _In_opt_ GUID *Provider, _In_opt_ PADDRINFOEXW Hints, _Outptr_ PADDRINFOEXW *Result, _In_opt_ PEPROCESS OwningProcess, _In_opt_ PETHREAD OwningThread, _Inout_ PIRP Irp Result)(Mem)) NTSTATUS(WSKAPI *PFN_WSK_GET_ADDRESS_INFO
Definition: wsk.h:426
NTSTATUS NTAPI ObGetObjectSecurity(IN PVOID Object, OUT PSECURITY_DESCRIPTOR *SecurityDescriptor, OUT PBOOLEAN MemoryAllocated)
Definition: obsecure.c:611
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
static IUnknown Object
Definition: main.c:512
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET * Privileges
Definition: sefuncs.h:13
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE AccessState
Definition: sefuncs.h:414
VOID NTAPI SeOpenObjectAuditAlarm(IN PUNICODE_STRING ObjectTypeName, IN PVOID Object OPTIONAL, IN PUNICODE_STRING AbsoluteObjectName OPTIONAL, IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN PACCESS_STATE AccessState, IN BOOLEAN ObjectCreated, IN BOOLEAN AccessGranted, IN KPROCESSOR_MODE AccessMode, OUT PBOOLEAN GenerateOnClose)
Definition: audit.c:803
Status
Definition: gdiplustypes.h:24
VOID NTAPI SeFreePrivileges(IN PPRIVILEGE_SET Privileges)
Definition: priv.c:480
POBJECT_TYPE Type
Definition: obtypes.h:493
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK GrantedAccess
Definition: sefuncs.h:13
ULONG ACCESS_MASK
Definition: nt_native.h:40

Referenced by CmpDoOpen(), and ObpIncrementHandleCount().

◆ ObDeassignSecurity()

NTSTATUS NTAPI ObDeassignSecurity ( IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor)

Definition at line 60 of file obsecure.c.

61 {
62  EX_FAST_REF FastRef;
63  ULONG Count;
64  PSECURITY_DESCRIPTOR OldSecurityDescriptor;
65 
66  /* Get the fast reference and capture it */
67  FastRef = *(PEX_FAST_REF)SecurityDescriptor;
68 
69  /* Don't free again later */
71 
72  /* Get the descriptor and reference count */
73  OldSecurityDescriptor = ExGetObjectFastReference(FastRef);
74  Count = ExGetCountFastReference(FastRef);
75 
76  /* Dereference the descriptor */
77  ObDereferenceSecurityDescriptor(OldSecurityDescriptor, Count + 1);
78 
79  /* All done */
80  return STATUS_SUCCESS;
81 }
FORCEINLINE PVOID ExGetObjectFastReference(IN EX_FAST_REF FastRef)
Definition: ex.h:566
VOID NTAPI ObDereferenceSecurityDescriptor(IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN ULONG Count)
Definition: obsdcach.c:287
struct _EX_FAST_REF * PEX_FAST_REF
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:182
_Inout_ __drv_aliasesMem PSLIST_ENTRY _Inout_ PSLIST_ENTRY _In_ ULONG Count
Definition: exfuncs.h:1015
smooth NULL
Definition: ftsmooth.c:416
FORCEINLINE ULONG ExGetCountFastReference(IN EX_FAST_REF FastRef)
Definition: ex.h:574
unsigned int ULONG
Definition: retypes.h:1
return STATUS_SUCCESS
Definition: btrfs.c:2966

Referenced by SeDefaultObjectMethod(), and WmipSecurityMethod().

◆ ObGetObjectSecurity()

NTSTATUS NTAPI ObGetObjectSecurity ( IN PVOID  Object,
OUT PSECURITY_DESCRIPTOR SecurityDescriptor,
OUT PBOOLEAN  MemoryAllocated 
)

Definition at line 611 of file obsecure.c.

614 {
617  ULONG Length = 0;
620  KIRQL CalloutIrql;
621  PAGED_CODE();
622 
623  /* Get the object header and type */
625  Type = Header->Type;
626 
627  /* Tell the caller that we didn't have to allocate anything yet */
629 
630  /* Check if the object uses default security */
631  if (Type->TypeInfo.SecurityProcedure == SeDefaultObjectMethod)
632  {
633  /* Reference the descriptor */
635  return STATUS_SUCCESS;
636  }
637 
638  /* Set mask to query */
643 
644  /* Get the security descriptor size */
645  ObpCalloutStart(&CalloutIrql);
646  Status = Type->TypeInfo.SecurityProcedure(Object,
647  QuerySecurityDescriptor,
650  &Length,
651  &Header->SecurityDescriptor,
652  Type->TypeInfo.PoolType,
653  &Type->TypeInfo.GenericMapping);
654  ObpCalloutEnd(CalloutIrql, "Security", Type, Object);
655 
656  /* Check for failure */
657  if (Status != STATUS_BUFFER_TOO_SMALL) return Status;
658 
659  /* Allocate security descriptor */
661  Length,
662  TAG_SEC_QUERY);
665 
666  /* Query security descriptor */
667  ObpCalloutStart(&CalloutIrql);
668  Status = Type->TypeInfo.SecurityProcedure(Object,
669  QuerySecurityDescriptor,
672  &Length,
673  &Header->SecurityDescriptor,
674  Type->TypeInfo.PoolType,
675  &Type->TypeInfo.GenericMapping);
676  ObpCalloutEnd(CalloutIrql, "Security", Type, Object);
677 
678  /* Check for failure */
679  if (!NT_SUCCESS(Status))
680  {
681  /* Free the descriptor and tell the caller we failed */
684  }
685 
686  /* Return status */
687  return Status;
688 }
#define TRUE
Definition: types.h:120
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
Type
Definition: Type.h:6
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:182
_Out_ PSECURITY_DESCRIPTOR _Out_ PBOOLEAN MemoryAllocated
Definition: obfuncs.h:23
LONG NTSTATUS
Definition: precomp.h:26
#define GROUP_SECURITY_INFORMATION
Definition: setypes.h:124
#define PAGED_CODE()
Definition: video.h:57
#define STATUS_BUFFER_TOO_SMALL
Definition: shellext.h:64
#define OBJECT_TO_OBJECT_HEADER(o)
Definition: obtypes.h:111
UCHAR KIRQL
Definition: env_spec_w32.h:591
#define TAG_SEC_QUERY
Definition: tag.h:192
Definition: Header.h:8
DWORD SECURITY_INFORMATION
Definition: ms-dtyp.idl:311
FORCEINLINE VOID ObpCalloutStart(IN PKIRQL CalloutIrql)
Definition: ob_x.h:429
_Must_inspect_result_ _In_ PFILE_OBJECT _In_ SECURITY_INFORMATION SecurityInformation
Definition: fltkernel.h:1339
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
static OB_SECURITY_METHOD SeDefaultObjectMethod
Definition: ObTypes.c:139
#define SACL_SECURITY_INFORMATION
Definition: setypes.h:126
_In_ ULONG _In_ ULONG _In_ ULONG Length
Definition: ntddpcm.h:101
static IUnknown Object
Definition: main.c:512
#define ExAllocatePoolWithTag(hernya, size, tag)
Definition: env_spec_w32.h:350
PSECURITY_DESCRIPTOR NTAPI ObpReferenceSecurityDescriptor(IN POBJECT_HEADER ObjectHeader)
Definition: obsdcach.c:181
FORCEINLINE VOID ObpCalloutEnd(IN KIRQL CalloutIrql, IN PCHAR Procedure, IN POBJECT_TYPE ObjectType, IN PVOID Object)
Definition: ob_x.h:437
Status
Definition: gdiplustypes.h:24
#define OWNER_SECURITY_INFORMATION
Definition: setypes.h:123
unsigned int ULONG
Definition: retypes.h:1
#define ExFreePoolWithTag(_P, _T)
Definition: module.h:1099
return STATUS_SUCCESS
Definition: btrfs.c:2966
#define DACL_SECURITY_INFORMATION
Definition: setypes.h:125

Referenced by CreateDeviceSecurityDescriptor(), ObCheckCreateObjectAccess(), ObCheckObjectAccess(), ObInsertObject(), ObpCheckObjectReference(), ObpCheckTraverseAccess(), PspCreateProcess(), PspCreateThread(), PspSetPrimaryToken(), and TestObRootSecurity().

◆ ObpCheckObjectReference()

BOOLEAN NTAPI ObpCheckObjectReference ( IN PVOID  Object,
IN OUT PACCESS_STATE  AccessState,
IN BOOLEAN  LockHeld,
IN KPROCESSOR_MODE  AccessMode,
OUT PNTSTATUS  AccessStatus 
)

Definition at line 340 of file obsecure.c.

345 {
346  POBJECT_HEADER ObjectHeader;
349  BOOLEAN SdAllocated;
350  BOOLEAN Result;
354  PAGED_CODE();
355 
356  /* Get the header and type */
357  ObjectHeader = OBJECT_TO_OBJECT_HEADER(Object);
358  ObjectType = ObjectHeader->Type;
359 
360  /* Get the security descriptor */
362  if (!NT_SUCCESS(Status))
363  {
364  /* We failed */
365  *AccessStatus = Status;
366  return FALSE;
367  }
368 
369  /* Lock the security context */
370  SeLockSubjectContext(&AccessState->SubjectSecurityContext);
371 
372  /* Now do the entire access check */
374  &AccessState->SubjectSecurityContext,
375  TRUE,
376  AccessState->RemainingDesiredAccess,
377  AccessState->PreviouslyGrantedAccess,
378  &Privileges,
379  &ObjectType->TypeInfo.GenericMapping,
380  AccessMode,
381  &GrantedAccess,
382  AccessStatus);
383  if (Result)
384  {
385  /* Update the access state */
386  AccessState->RemainingDesiredAccess &= ~GrantedAccess;
387  AccessState->PreviouslyGrantedAccess |= GrantedAccess;
388  }
389 
390  /* Check if we have an SD */
391  if (SecurityDescriptor)
392  {
393  /* Do audit alarm */
394 #if 0
395  SeObjectReferenceAuditAlarm(&AccessState->OperationID,
396  Object,
398  &AccessState->SubjectSecurityContext,
399  AccessState->RemainingDesiredAccess |
400  AccessState->PreviouslyGrantedAccess,
401  ((PAUX_ACCESS_DATA)(AccessState->AuxData))->
402  PrivilegeSet,
403  Result,
404  AccessMode);
405 #endif
406  }
407 
408  /* We're done, unlock the context and release security */
409  SeUnlockSubjectContext(&AccessState->SubjectSecurityContext);
411  return Result;
412 }
BOOLEAN NTAPI SeAccessCheck(IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext, IN BOOLEAN SubjectContextLocked, IN ACCESS_MASK DesiredAccess, IN ACCESS_MASK PreviouslyGrantedAccess, OUT PPRIVILEGE_SET *Privileges, IN PGENERIC_MAPPING GenericMapping, IN KPROCESSOR_MODE AccessMode, OUT PACCESS_MASK GrantedAccess, OUT PNTSTATUS AccessStatus)
Definition: accesschk.c:340
ObjectType
Definition: metafile.c:80
#define TRUE
Definition: types.h:120
VOID NTAPI SeUnlockSubjectContext(IN PSECURITY_SUBJECT_CONTEXT SubjectContext)
Definition: access.c:336
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK _Out_ PNTSTATUS AccessStatus
Definition: sefuncs.h:13
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:182
LONG NTSTATUS
Definition: precomp.h:26
VOID NTAPI SeLockSubjectContext(IN PSECURITY_SUBJECT_CONTEXT SubjectContext)
Definition: access.c:314
#define PAGED_CODE()
Definition: video.h:57
#define OBJECT_TO_OBJECT_HEADER(o)
Definition: obtypes.h:111
_In_ PEPROCESS _In_ KPROCESSOR_MODE AccessMode
Definition: mmfuncs.h:396
VOID NTAPI ObReleaseObjectSecurity(IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN BOOLEAN MemoryAllocated)
Definition: obsecure.c:709
unsigned char BOOLEAN
smooth NULL
Definition: ftsmooth.c:416
_At_(*)(_In_ PWSK_CLIENT Client, _In_opt_ PUNICODE_STRING NodeName, _In_opt_ PUNICODE_STRING ServiceName, _In_opt_ ULONG NameSpace, _In_opt_ GUID *Provider, _In_opt_ PADDRINFOEXW Hints, _Outptr_ PADDRINFOEXW *Result, _In_opt_ PEPROCESS OwningProcess, _In_opt_ PETHREAD OwningThread, _Inout_ PIRP Irp Result)(Mem)) NTSTATUS(WSKAPI *PFN_WSK_GET_ADDRESS_INFO
Definition: wsk.h:426
NTSTATUS NTAPI ObGetObjectSecurity(IN PVOID Object, OUT PSECURITY_DESCRIPTOR *SecurityDescriptor, OUT PBOOLEAN MemoryAllocated)
Definition: obsecure.c:611
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
static IUnknown Object
Definition: main.c:512
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET * Privileges
Definition: sefuncs.h:13
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE AccessState
Definition: sefuncs.h:414
Status
Definition: gdiplustypes.h:24
POBJECT_TYPE Type
Definition: obtypes.h:493
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK GrantedAccess
Definition: sefuncs.h:13
ULONG ACCESS_MASK
Definition: nt_native.h:40

Referenced by ObReferenceObjectByName().

◆ ObpCheckTraverseAccess()

BOOLEAN NTAPI ObpCheckTraverseAccess ( IN PVOID  Object,
IN ACCESS_MASK  TraverseAccess,
IN PACCESS_STATE AccessState  OPTIONAL,
IN BOOLEAN  LockHeld,
IN KPROCESSOR_MODE  AccessMode,
OUT PNTSTATUS  AccessStatus 
)

Definition at line 267 of file obsecure.c.

273 {
274  POBJECT_HEADER ObjectHeader;
277  BOOLEAN SdAllocated;
278  BOOLEAN Result;
282  PAGED_CODE();
283 
284  /* Get the header and type */
285  ObjectHeader = OBJECT_TO_OBJECT_HEADER(Object);
286  ObjectType = ObjectHeader->Type;
287 
288  /* Get the security descriptor */
290  if (!NT_SUCCESS(Status))
291  {
292  /* We failed */
293  *AccessStatus = Status;
294  return FALSE;
295  }
296 
297  /* First try to perform a fast traverse check
298  * If it fails, then the entire access check will
299  * have to be done.
300  */
302  AccessState,
304  AccessMode);
305  if (Result)
306  {
308  return TRUE;
309  }
310 
311  /* Lock the security context */
312  SeLockSubjectContext(&AccessState->SubjectSecurityContext);
313 
314  /* Now do the entire access check */
316  &AccessState->SubjectSecurityContext,
317  TRUE,
318  TraverseAccess,
319  0,
320  &Privileges,
321  &ObjectType->TypeInfo.GenericMapping,
322  AccessMode,
323  &GrantedAccess,
324  AccessStatus);
325  if (Privileges)
326  {
327  /* We got privileges, append them to the access state and free them */
330  }
331 
332  /* We're done, unlock the context and release security */
333  SeUnlockSubjectContext(&AccessState->SubjectSecurityContext);
335  return Result;
336 }
BOOLEAN NTAPI SeAccessCheck(IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext, IN BOOLEAN SubjectContextLocked, IN ACCESS_MASK DesiredAccess, IN ACCESS_MASK PreviouslyGrantedAccess, OUT PPRIVILEGE_SET *Privileges, IN PGENERIC_MAPPING GenericMapping, IN KPROCESSOR_MODE AccessMode, OUT PACCESS_MASK GrantedAccess, OUT PNTSTATUS AccessStatus)
Definition: accesschk.c:340
ObjectType
Definition: metafile.c:80
#define TRUE
Definition: types.h:120
VOID NTAPI SeUnlockSubjectContext(IN PSECURITY_SUBJECT_CONTEXT SubjectContext)
Definition: access.c:336
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK _Out_ PNTSTATUS AccessStatus
Definition: sefuncs.h:13
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:182
LONG NTSTATUS
Definition: precomp.h:26
VOID NTAPI SeLockSubjectContext(IN PSECURITY_SUBJECT_CONTEXT SubjectContext)
Definition: access.c:314
#define PAGED_CODE()
Definition: video.h:57
#define OBJECT_TO_OBJECT_HEADER(o)
Definition: obtypes.h:111
_In_ PEPROCESS _In_ KPROCESSOR_MODE AccessMode
Definition: mmfuncs.h:396
NTSTATUS NTAPI SeAppendPrivileges(IN OUT PACCESS_STATE AccessState, IN PPRIVILEGE_SET Privileges)
Definition: priv.c:407
VOID NTAPI ObReleaseObjectSecurity(IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN BOOLEAN MemoryAllocated)
Definition: obsecure.c:709
unsigned char BOOLEAN
smooth NULL
Definition: ftsmooth.c:416
_At_(*)(_In_ PWSK_CLIENT Client, _In_opt_ PUNICODE_STRING NodeName, _In_opt_ PUNICODE_STRING ServiceName, _In_opt_ ULONG NameSpace, _In_opt_ GUID *Provider, _In_opt_ PADDRINFOEXW Hints, _Outptr_ PADDRINFOEXW *Result, _In_opt_ PEPROCESS OwningProcess, _In_opt_ PETHREAD OwningThread, _Inout_ PIRP Irp Result)(Mem)) NTSTATUS(WSKAPI *PFN_WSK_GET_ADDRESS_INFO
Definition: wsk.h:426
#define FILE_WRITE_DATA
Definition: nt_native.h:631
NTSTATUS NTAPI ObGetObjectSecurity(IN PVOID Object, OUT PSECURITY_DESCRIPTOR *SecurityDescriptor, OUT PBOOLEAN MemoryAllocated)
Definition: obsecure.c:611
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
static IUnknown Object
Definition: main.c:512
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET * Privileges
Definition: sefuncs.h:13
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE AccessState
Definition: sefuncs.h:414
BOOLEAN NTAPI SeFastTraverseCheck(IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN PACCESS_STATE AccessState, IN ACCESS_MASK DesiredAccess, IN KPROCESSOR_MODE AccessMode)
Definition: accesschk.c:460
Status
Definition: gdiplustypes.h:24
VOID NTAPI SeFreePrivileges(IN PPRIVILEGE_SET Privileges)
Definition: priv.c:480
POBJECT_TYPE Type
Definition: obtypes.h:493
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK GrantedAccess
Definition: sefuncs.h:13
ULONG ACCESS_MASK
Definition: nt_native.h:40

Referenced by ObpLookupObjectName().

◆ ObQueryObjectAuditingByHandle()

NTSTATUS NTAPI ObQueryObjectAuditingByHandle ( IN HANDLE  Handle,
OUT PBOOLEAN  GenerateOnClose 
)

Definition at line 997 of file obsecure.c.

999 {
1000  PHANDLE_TABLE_ENTRY HandleEntry;
1003  PAGED_CODE();
1004 
1005  /* Check if we're dealing with a kernel handle */
1007  {
1008  /* Use the kernel table and convert the handle */
1011  }
1012  else
1013  {
1014  /* Use the process's handle table */
1015  HandleTable = PsGetCurrentProcess()->ObjectTable;
1016  }
1017 
1018  /* Enter a critical region while we touch the handle table */
1020 
1021  /* Map the handle */
1022  HandleEntry = ExMapHandleToPointer(HandleTable, Handle);
1023  if(HandleEntry)
1024  {
1025  /* Check if the flag is set */
1027 
1028  /* Unlock the entry */
1029  ExUnlockHandleTableEntry(HandleTable, HandleEntry);
1030  }
1031  else
1032  {
1033  /* Otherwise, fail */
1035  }
1036 
1037  /* Leave the critical region and return the status */
1039  return Status;
1040 }
ULONG_PTR ObAttributes
Definition: extypes.h:600
PHANDLE_TABLE_ENTRY NTAPI ExMapHandleToPointer(IN PHANDLE_TABLE HandleTable, IN HANDLE Handle)
Definition: handle.c:1010
LONG NTSTATUS
Definition: precomp.h:26
#define ObpIsKernelHandle(Handle, ProcessorMode)
Definition: ob.h:64
static XMS_HANDLE HandleTable[XMS_MAX_HANDLES]
Definition: himem.c:83
KPROCESSOR_MODE NTAPI ExGetPreviousMode(VOID)
Definition: sysinfo.c:3066
VOID NTAPI ExUnlockHandleTableEntry(IN PHANDLE_TABLE HandleTable, IN PHANDLE_TABLE_ENTRY HandleTableEntry)
Definition: handle.c:887
#define STATUS_INVALID_HANDLE
Definition: ntstatus.h:231
#define PAGED_CODE()
Definition: video.h:57
#define OBJ_AUDIT_OBJECT_CLOSE
Definition: ob.h:51
#define PsGetCurrentProcess
Definition: psfuncs.h:17
Definition: extypes.h:595
PHANDLE_TABLE ObpKernelHandleTable
Definition: obhandle.c:20
_In_ HANDLE Handle
Definition: extypes.h:390
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE _In_ BOOLEAN _In_ BOOLEAN _In_ KPROCESSOR_MODE _In_opt_ GUID _Out_ PBOOLEAN GenerateOnClose
Definition: sefuncs.h:414
#define KeEnterCriticalRegion()
Definition: ke_x.h:83
Status
Definition: gdiplustypes.h:24
#define KeLeaveCriticalRegion()
Definition: ke_x.h:114
#define ObKernelHandleToHandle(Handle)
Definition: ob.h:73
return STATUS_SUCCESS
Definition: btrfs.c:2966

◆ ObQuerySecurityDescriptorInfo()

NTSTATUS NTAPI ObQuerySecurityDescriptorInfo ( IN PVOID  Object,
IN PSECURITY_INFORMATION  SecurityInformation,
OUT PSECURITY_DESCRIPTOR  SecurityDescriptor,
IN OUT PULONG  Length,
IN PSECURITY_DESCRIPTOR OutputSecurityDescriptor 
)

Definition at line 85 of file obsecure.c.

90 {
91  POBJECT_HEADER ObjectHeader;
93  PSECURITY_DESCRIPTOR ObjectSd;
94  PAGED_CODE();
95 
96  /* Get the object header */
97  ObjectHeader = OBJECT_TO_OBJECT_HEADER(Object);
98 
99  /* Get the SD */
100  ObjectSd = ObpReferenceSecurityDescriptor(ObjectHeader);
101 
102  /* Query the information */
105  Length,
106  &ObjectSd);
107 
108  /* Check if we have an object SD and dereference it, if so */
109  if (ObjectSd) ObDereferenceSecurityDescriptor(ObjectSd, 1);
110 
111  /* Return status */
112  return Status;
113 }
VOID NTAPI ObDereferenceSecurityDescriptor(IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN ULONG Count)
Definition: obsdcach.c:287
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:182
LONG NTSTATUS
Definition: precomp.h:26
#define PAGED_CODE()
Definition: video.h:57
#define OBJECT_TO_OBJECT_HEADER(o)
Definition: obtypes.h:111
_Must_inspect_result_ _In_ PFILE_OBJECT _In_ SECURITY_INFORMATION SecurityInformation
Definition: fltkernel.h:1339
_In_ ULONG _In_ ULONG _In_ ULONG Length
Definition: ntddpcm.h:101
static IUnknown Object
Definition: main.c:512
PSECURITY_DESCRIPTOR NTAPI ObpReferenceSecurityDescriptor(IN POBJECT_HEADER ObjectHeader)
Definition: obsdcach.c:181
Status
Definition: gdiplustypes.h:24
NTKERNELAPI NTSTATUS NTAPI SeQuerySecurityDescriptorInfo(_In_ PSECURITY_INFORMATION SecurityInformation, _Out_writes_bytes_(*Length) PSECURITY_DESCRIPTOR SecurityDescriptor, _Inout_ PULONG Length, _Inout_ PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor)

Referenced by SeDefaultObjectMethod(), and WmipSecurityMethod().

◆ ObReleaseObjectSecurity()

VOID NTAPI ObReleaseObjectSecurity ( IN PSECURITY_DESCRIPTOR  SecurityDescriptor,
IN BOOLEAN  MemoryAllocated 
)

Definition at line 709 of file obsecure.c.

711 {
712  PAGED_CODE();
713 
714  /* Nothing to do in this case */
715  if (!SecurityDescriptor) return;
716 
717  /* Check if we had allocated it from memory */
718  if (MemoryAllocated)
719  {
720  /* Free it */
722  }
723  else
724  {
725  /* Otherwise this means we used an internal descriptor */
727  }
728 }
VOID NTAPI ObDereferenceSecurityDescriptor(IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN ULONG Count)
Definition: obsdcach.c:287
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:182
_Out_ PSECURITY_DESCRIPTOR _Out_ PBOOLEAN MemoryAllocated
Definition: obfuncs.h:23
#define PAGED_CODE()
Definition: video.h:57
#define ExFreePool(addr)
Definition: env_spec_w32.h:352

Referenced by CreateDeviceSecurityDescriptor(), ObCheckCreateObjectAccess(), ObCheckObjectAccess(), ObInsertObject(), ObpCheckObjectReference(), ObpCheckTraverseAccess(), PspCreateProcess(), PspCreateThread(), PspSetPrimaryToken(), and TestObRootSecurity().

◆ ObSetSecurityDescriptorInfo()

NTSTATUS NTAPI ObSetSecurityDescriptorInfo ( IN PVOID  Object,
IN PSECURITY_INFORMATION  SecurityInformation,
IN OUT PSECURITY_DESCRIPTOR  SecurityDescriptor,
IN OUT PSECURITY_DESCRIPTOR OutputSecurityDescriptor,
IN POOL_TYPE  PoolType,
IN PGENERIC_MAPPING  GenericMapping 
)

Definition at line 117 of file obsecure.c.

123 {
125  POBJECT_HEADER ObjectHeader;
126  PSECURITY_DESCRIPTOR OldDescriptor, NewDescriptor, CachedDescriptor;
127  PEX_FAST_REF FastRef;
128  EX_FAST_REF OldValue;
129  ULONG Count;
130  PAGED_CODE();
131 
132  /* Get the object header */
133  ObjectHeader = OBJECT_TO_OBJECT_HEADER(Object);
134  while (TRUE)
135  {
136  /* Reference the old descriptor */
137  OldDescriptor = ObpReferenceSecurityDescriptor(ObjectHeader);
138  NewDescriptor = OldDescriptor;
139 
140  /* Set the SD information */
144  &NewDescriptor,
145  PoolType,
147  if (!NT_SUCCESS(Status))
148  {
149  /* We failed, dereference the old one */
150  if (OldDescriptor) ObDereferenceSecurityDescriptor(OldDescriptor, 1);
151  break;
152  }
153 
154  /* Now add this to the cache */
156  &CachedDescriptor,
157  MAX_FAST_REFS + 1);
158 
159  /* Let go of our uncached copy */
161 
162  /* Check for success */
163  if (!NT_SUCCESS(Status))
164  {
165  /* We failed, dereference the old one */
166  ObDereferenceSecurityDescriptor(OldDescriptor, 1);
167  break;
168  }
169 
170  /* Do the swap */
171  FastRef = (PEX_FAST_REF)OutputSecurityDescriptor;
172  OldValue = ExCompareSwapFastReference(FastRef,
173  CachedDescriptor,
174  OldDescriptor);
175 
176  /* Make sure the swap worked */
177  if (ExGetObjectFastReference(OldValue) == OldDescriptor)
178  {
179  /* Flush waiters */
180  ObpAcquireObjectLock(ObjectHeader);
181  ObpReleaseObjectLock(ObjectHeader);
182 
183  /* And dereference the old one */
184  Count = ExGetCountFastReference(OldValue);
185  ObDereferenceSecurityDescriptor(OldDescriptor, Count + 2);
186  break;
187  }
188  else
189  {
190  /* Someone changed it behind our back -- try again */
191  ObDereferenceSecurityDescriptor(OldDescriptor, 1);
192  ObDereferenceSecurityDescriptor(CachedDescriptor,
193  MAX_FAST_REFS + 1);
194  }
195  }
196 
197  /* Return status */
198  return Status;
199 }
FORCEINLINE PVOID ExGetObjectFastReference(IN EX_FAST_REF FastRef)
Definition: ex.h:566
#define TRUE
Definition: types.h:120
NTKERNELAPI NTSTATUS NTAPI SeSetSecurityDescriptorInfo(_In_opt_ PVOID Object, _In_ PSECURITY_INFORMATION SecurityInformation, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _Inout_ PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor, _In_ POOL_TYPE PoolType, _In_ PGENERIC_MAPPING GenericMapping)
FORCEINLINE VOID ObpAcquireObjectLock(IN POBJECT_HEADER ObjectHeader)
Definition: ob_x.h:48
VOID NTAPI ObDereferenceSecurityDescriptor(IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN ULONG Count)
Definition: obsdcach.c:287
struct _EX_FAST_REF * PEX_FAST_REF
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:182
FORCEINLINE VOID ObpReleaseObjectLock(IN POBJECT_HEADER ObjectHeader)
Definition: ob_x.h:84
LONG NTSTATUS
Definition: precomp.h:26
_Inout_ __drv_aliasesMem PSLIST_ENTRY _Inout_ PSLIST_ENTRY _In_ ULONG Count
Definition: exfuncs.h:1015
_In_opt_ PSECURITY_DESCRIPTOR _Out_ PSECURITY_DESCRIPTOR * NewDescriptor
Definition: sefuncs.h:29
#define PAGED_CODE()
Definition: video.h:57
#define OBJECT_TO_OBJECT_HEADER(o)
Definition: obtypes.h:111
_Must_inspect_result_ _In_ PFILE_OBJECT _In_ SECURITY_INFORMATION SecurityInformation
Definition: fltkernel.h:1339
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
FORCEINLINE ULONG ExGetCountFastReference(IN EX_FAST_REF FastRef)
Definition: ex.h:574
static IUnknown Object
Definition: main.c:512
PSECURITY_DESCRIPTOR NTAPI ObpReferenceSecurityDescriptor(IN POBJECT_HEADER ObjectHeader)
Definition: obsdcach.c:181
NTSTATUS NTAPI ObLogSecurityDescriptor(IN PSECURITY_DESCRIPTOR InputSecurityDescriptor, OUT PSECURITY_DESCRIPTOR *OutputSecurityDescriptor, IN ULONG RefBias)
Definition: obsdcach.c:364
FORCEINLINE EX_FAST_REF ExCompareSwapFastReference(IN PEX_FAST_REF FastRef, IN PVOID Object, IN PVOID OldObject)
Definition: ex.h:733
Status
Definition: gdiplustypes.h:24
static GENERIC_MAPPING GenericMapping
Definition: SeInheritance.c:11
unsigned int ULONG
Definition: retypes.h:1
#define MAX_FAST_REFS
Definition: ex.h:128
_Must_inspect_result_ _In_ FLT_CONTEXT_TYPE _In_ SIZE_T _In_ POOL_TYPE PoolType
Definition: fltkernel.h:1444
#define ExFreePool(addr)
Definition: env_spec_w32.h:352

Referenced by SeDefaultObjectMethod(), and WmipSecurityMethod().

◆ ObSetSecurityObjectByPointer()

NTSTATUS NTAPI ObSetSecurityObjectByPointer ( IN PVOID  Object,
IN SECURITY_INFORMATION  SecurityInformation,
IN PSECURITY_DESCRIPTOR  SecurityDescriptor 
)

Definition at line 749 of file obsecure.c.

752 {
755  PAGED_CODE();
756 
757  /* Get the header and type */
759  Type = Header->Type;
760 
761  /* Sanity check */
763 
764  /* Call the security procedure */
765  return Type->TypeInfo.SecurityProcedure(Object,
766  SetSecurityDescriptor,
769  NULL,
770  &Header->SecurityDescriptor,
771  Type->TypeInfo.PoolType,
772  &Type->TypeInfo.GenericMapping);
773 }
Type
Definition: Type.h:6
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:182
#define PAGED_CODE()
Definition: video.h:57
#define OBJECT_TO_OBJECT_HEADER(o)
Definition: obtypes.h:111
Definition: Header.h:8
smooth NULL
Definition: ftsmooth.c:416
_Must_inspect_result_ _In_ PFILE_OBJECT _In_ SECURITY_INFORMATION SecurityInformation
Definition: fltkernel.h:1339
static IUnknown Object
Definition: main.c:512
ASSERT((InvokeOnSuccess||InvokeOnError||InvokeOnCancel) ?(CompletionRoutine !=NULL) :TRUE)

Referenced by NtSetSecurityObject().