df/dcd/obsecure_8c_source.html

 /*
 * PROJECT:         ReactOS Kernel
 * LICENSE:         GPL - See COPYING in the top level directory
 * FILE:            ntoskrnl/ob/obsecure.c
 * PURPOSE:         SRM Interface of the Object Manager
 * PROGRAMMERS:     Alex Ionescu (alex@relsoft.net)
 *                  Eric Kohl
 */

 /* INCLUDES *****************************************************************/

 #include <ntoskrnl.h>
 #define NDEBUG
 #include <debug.h>

 /* PRIVATE FUNCTIONS *********************************************************/

 NTSTATUS
 NTAPI
 ObAssignObjectSecurityDescriptor(IN PVOID Object,
                                  IN PSECURITY_DESCRIPTOR SecurityDescriptor OPTIONAL,
                                  IN POOL_TYPE PoolType)
 {
     POBJECT_HEADER ObjectHeader;
     NTSTATUS Status;
     PSECURITY_DESCRIPTOR NewSd;
     PEX_FAST_REF FastRef;
     PAGED_CODE();

     /* Get the object header */
     ObjectHeader = OBJECT_TO_OBJECT_HEADER(Object);
     FastRef = (PEX_FAST_REF)&ObjectHeader->SecurityDescriptor;
     if (!SecurityDescriptor)
     {
         /* Nothing to assign */
         ExInitializeFastReference(FastRef, NULL);
         return STATUS_SUCCESS;
     }

     /* Add it to our internal cache */
     Status = ObLogSecurityDescriptor(SecurityDescriptor,
                                      &NewSd,
                                      MAX_FAST_REFS + 1);
     if (NT_SUCCESS(Status))
     {
         /* Free the old copy */
         ExFreePoolWithTag(SecurityDescriptor, TAG_SD);

         /* Set the new pointer */
         ASSERT(NewSd);
         ExInitializeFastReference(FastRef, NewSd);
     }

     /* Return status */
     return Status;
 }

 NTSTATUS
 NTAPI
 ObDeassignSecurity(IN OUT PSECURITY_DESCRIPTOR *SecurityDescriptor)
 {
     EX_FAST_REF FastRef;
     ULONG Count;
     PSECURITY_DESCRIPTOR OldSecurityDescriptor;

     /* Get the fast reference and capture it */
     FastRef = *(PEX_FAST_REF)SecurityDescriptor;

     /* Don't free again later */
     *SecurityDescriptor = NULL;

     /* Get the descriptor and reference count */
     OldSecurityDescriptor = ExGetObjectFastReference(FastRef);
     Count = ExGetCountFastReference(FastRef);

     /* Dereference the descriptor */
     ObDereferenceSecurityDescriptor(OldSecurityDescriptor, Count + 1);

     /* All done */
     return STATUS_SUCCESS;
 }

 NTSTATUS
 NTAPI
 ObQuerySecurityDescriptorInfo(IN PVOID Object,
                               IN PSECURITY_INFORMATION SecurityInformation,
                               OUT PSECURITY_DESCRIPTOR SecurityDescriptor,
                               IN OUT PULONG Length,
                               IN PSECURITY_DESCRIPTOR *OutputSecurityDescriptor)
 {
     POBJECT_HEADER ObjectHeader;
     NTSTATUS Status;
     PSECURITY_DESCRIPTOR ObjectSd;
     PAGED_CODE();

     /* Get the object header */
     ObjectHeader = OBJECT_TO_OBJECT_HEADER(Object);

     /* Get the SD */
     ObjectSd = ObpReferenceSecurityDescriptor(ObjectHeader);

     /* Query the information */
     Status = SeQuerySecurityDescriptorInfo(SecurityInformation,
                                            SecurityDescriptor,
                                            Length,
                                            &ObjectSd);

     /* Check if we have an object SD and dereference it, if so */
     if (ObjectSd) ObDereferenceSecurityDescriptor(ObjectSd, 1);

     /* Return status */
     return Status;
 }

 NTSTATUS
 NTAPI
 ObSetSecurityDescriptorInfo(IN PVOID Object,
                             IN PSECURITY_INFORMATION SecurityInformation,
                             IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor,
                             IN OUT PSECURITY_DESCRIPTOR *OutputSecurityDescriptor,
                             IN POOL_TYPE PoolType,
                             IN PGENERIC_MAPPING GenericMapping)
 {
     NTSTATUS Status;
     POBJECT_HEADER ObjectHeader;
     PSECURITY_DESCRIPTOR OldDescriptor, NewDescriptor, CachedDescriptor;
     PEX_FAST_REF FastRef;
     EX_FAST_REF OldValue;
     ULONG Count;
     PAGED_CODE();

     /* Get the object header */
     ObjectHeader = OBJECT_TO_OBJECT_HEADER(Object);
     while (TRUE)
     {
         /* Reference the old descriptor */
         OldDescriptor = ObpReferenceSecurityDescriptor(ObjectHeader);
         NewDescriptor = OldDescriptor;

         /* Set the SD information */
         Status = SeSetSecurityDescriptorInfo(Object,
                                              SecurityInformation,
                                              SecurityDescriptor,
                                              &NewDescriptor,
                                              PoolType,
                                              GenericMapping);
         if (!NT_SUCCESS(Status))
         {
             /* We failed, dereference the old one */
             if (OldDescriptor) ObDereferenceSecurityDescriptor(OldDescriptor, 1);
             break;
         }

         /* Now add this to the cache */
         Status = ObLogSecurityDescriptor(NewDescriptor,
                                          &CachedDescriptor,
                                          MAX_FAST_REFS + 1);

         /* Let go of our uncached copy */
         ExFreePool(NewDescriptor);

         /* Check for success */
         if (!NT_SUCCESS(Status))
         {
             /* We failed, dereference the old one */
             ObDereferenceSecurityDescriptor(OldDescriptor, 1);
             break;
         }

         /* Do the swap */
         FastRef = (PEX_FAST_REF)OutputSecurityDescriptor;
         OldValue = ExCompareSwapFastReference(FastRef,
                                               CachedDescriptor,
                                               OldDescriptor);

         /* Make sure the swap worked */
         if (ExGetObjectFastReference(OldValue) == OldDescriptor)
         {
             /* Flush waiters */
             ObpAcquireObjectLock(ObjectHeader);
             ObpReleaseObjectLock(ObjectHeader);

             /* And dereference the old one */
             Count = ExGetCountFastReference(OldValue);
             ObDereferenceSecurityDescriptor(OldDescriptor, Count + 2);
             break;
         }
         else
         {
             /* Someone changed it behind our back -- try again */
             ObDereferenceSecurityDescriptor(OldDescriptor, 1);
             ObDereferenceSecurityDescriptor(CachedDescriptor,
                                             MAX_FAST_REFS + 1);
         }
     }

     /* Return status */
     return Status;
 }

 BOOLEAN
 NTAPI
 ObCheckCreateObjectAccess(IN PVOID Object,
                           IN ACCESS_MASK CreateAccess,
                           IN PACCESS_STATE AccessState,
                           IN PUNICODE_STRING ComponentName,
                           IN BOOLEAN LockHeld,
                           IN KPROCESSOR_MODE AccessMode,
                           OUT PNTSTATUS AccessStatus)
 {
     POBJECT_HEADER ObjectHeader;
     POBJECT_TYPE ObjectType;
     PSECURITY_DESCRIPTOR SecurityDescriptor = NULL;
     BOOLEAN SdAllocated;
     BOOLEAN Result = TRUE;
     ACCESS_MASK GrantedAccess = 0;
     PPRIVILEGE_SET Privileges = NULL;
     NTSTATUS Status;
     PAGED_CODE();

     /* Get the header and type */
     ObjectHeader = OBJECT_TO_OBJECT_HEADER(Object);
     ObjectType = ObjectHeader->Type;

     /* Get the security descriptor */
     Status = ObGetObjectSecurity(Object, &SecurityDescriptor, &SdAllocated);
     if (!NT_SUCCESS(Status))
     {
         /* We failed */
         *AccessStatus = Status;
         return FALSE;
     }

     /* Lock the security context */
     SeLockSubjectContext(&AccessState->SubjectSecurityContext);

     /* Check if we have an SD */
     if (SecurityDescriptor)
     {
         /* Now do the entire access check */
         Result = SeAccessCheck(SecurityDescriptor,
                                &AccessState->SubjectSecurityContext,
                                TRUE,
                                CreateAccess,
                                0,
                                &Privileges,
                                &ObjectType->TypeInfo.GenericMapping,
                                AccessMode,
                                &GrantedAccess,
                                AccessStatus);
         if (Privileges)
         {
             /* We got privileges, append them to the access state and free them */
             Status = SeAppendPrivileges(AccessState, Privileges);
             SeFreePrivileges(Privileges);
         }
     }

     /* We're done, unlock the context and release security */
     SeUnlockSubjectContext(&AccessState->SubjectSecurityContext);
     ObReleaseObjectSecurity(SecurityDescriptor, SdAllocated);
     return Result;
 }

 BOOLEAN
 NTAPI
 ObpCheckTraverseAccess(IN PVOID Object,
                        IN ACCESS_MASK TraverseAccess,
                        IN PACCESS_STATE AccessState OPTIONAL,
                        IN BOOLEAN LockHeld,
                        IN KPROCESSOR_MODE AccessMode,
                        OUT PNTSTATUS AccessStatus)
 {
     POBJECT_HEADER ObjectHeader;
     POBJECT_TYPE ObjectType;
     PSECURITY_DESCRIPTOR SecurityDescriptor = NULL;
     BOOLEAN SdAllocated;
     BOOLEAN Result;
     ACCESS_MASK GrantedAccess = 0;
     PPRIVILEGE_SET Privileges = NULL;
     NTSTATUS Status;
     PAGED_CODE();

     /* Get the header and type */
     ObjectHeader = OBJECT_TO_OBJECT_HEADER(Object);
     ObjectType = ObjectHeader->Type;

     /* Get the security descriptor */
     Status = ObGetObjectSecurity(Object, &SecurityDescriptor, &SdAllocated);
     if (!NT_SUCCESS(Status))
     {
         /* We failed */
         *AccessStatus = Status;
         return FALSE;
     }

     /* First try to perform a fast traverse check
      * If it fails, then the entire access check will
      * have to be done.
      */
     Result = SeFastTraverseCheck(SecurityDescriptor,
                                  AccessState,
                                  FILE_WRITE_DATA,
                                  AccessMode);
     if (Result)
     {
         ObReleaseObjectSecurity(SecurityDescriptor, SdAllocated);
         return TRUE;
     }

     /* Lock the security context */
     SeLockSubjectContext(&AccessState->SubjectSecurityContext);

     /* Now do the entire access check */
     Result = SeAccessCheck(SecurityDescriptor,
                            &AccessState->SubjectSecurityContext,
                            TRUE,
                            TraverseAccess,
                            0,
                            &Privileges,
                            &ObjectType->TypeInfo.GenericMapping,
                            AccessMode,
                            &GrantedAccess,
                            AccessStatus);
     if (Privileges)
     {
         /* We got privileges, append them to the access state and free them */
         Status = SeAppendPrivileges(AccessState, Privileges);
         SeFreePrivileges(Privileges);
     }

     /* We're done, unlock the context and release security */
     SeUnlockSubjectContext(&AccessState->SubjectSecurityContext);
     ObReleaseObjectSecurity(SecurityDescriptor, SdAllocated);
     return Result;
 }

 BOOLEAN
 NTAPI
 ObpCheckObjectReference(IN PVOID Object,
                         IN OUT PACCESS_STATE AccessState,
                         IN BOOLEAN LockHeld,
                         IN KPROCESSOR_MODE AccessMode,
                         OUT PNTSTATUS AccessStatus)
 {
     POBJECT_HEADER ObjectHeader;
     POBJECT_TYPE ObjectType;
     PSECURITY_DESCRIPTOR SecurityDescriptor = NULL;
     BOOLEAN SdAllocated;
     BOOLEAN Result;
     ACCESS_MASK GrantedAccess = 0;
     PPRIVILEGE_SET Privileges = NULL;
     NTSTATUS Status;
     PAGED_CODE();

     /* Get the header and type */
     ObjectHeader = OBJECT_TO_OBJECT_HEADER(Object);
     ObjectType = ObjectHeader->Type;

     /* Get the security descriptor */
     Status = ObGetObjectSecurity(Object, &SecurityDescriptor, &SdAllocated);
     if (!NT_SUCCESS(Status))
     {
         /* We failed */
         *AccessStatus = Status;
         return FALSE;
     }

     /* Lock the security context */
     SeLockSubjectContext(&AccessState->SubjectSecurityContext);

     /* Now do the entire access check */
     Result = SeAccessCheck(SecurityDescriptor,
                            &AccessState->SubjectSecurityContext,
                            TRUE,
                            AccessState->RemainingDesiredAccess,
                            AccessState->PreviouslyGrantedAccess,
                            &Privileges,
                            &ObjectType->TypeInfo.GenericMapping,
                            AccessMode,
                            &GrantedAccess,
                            AccessStatus);
     if (Result)
     {
         /* Update the access state */
         AccessState->RemainingDesiredAccess &= ~GrantedAccess;
         AccessState->PreviouslyGrantedAccess |= GrantedAccess;
     }

     /* Check if we have an SD */
     if (SecurityDescriptor)
     {
         /* Do audit alarm */
 #if 0
         SeObjectReferenceAuditAlarm(&AccessState->OperationID,
                                     Object,
                                     SecurityDescriptor,
                                     &AccessState->SubjectSecurityContext,
                                     AccessState->RemainingDesiredAccess |
                                     AccessState->PreviouslyGrantedAccess,
                                     ((PAUX_ACCESS_DATA)(AccessState->AuxData))->
                                     PrivilegeSet,
                                     Result,
                                     AccessMode);
 #endif
     }

     /* We're done, unlock the context and release security */
     SeUnlockSubjectContext(&AccessState->SubjectSecurityContext);
     ObReleaseObjectSecurity(SecurityDescriptor, SdAllocated);
     return Result;
 }

 /*++
 * @name ObCheckObjectAccess
 *
 *     The ObCheckObjectAccess routine <FILLMEIN>
 *
 * @param Object
 *        <FILLMEIN>
 *
 * @param AccessState
 *        <FILLMEIN>
 *
 * @param LockHeld
 *        <FILLMEIN>
 *
 * @param AccessMode
 *        <FILLMEIN>
 *
 * @param ReturnedStatus
 *        <FILLMEIN>
 *
 * @return TRUE if access was granted, FALSE otherwise.
 *
 * @remarks None.
 *
 *--*/
 BOOLEAN
 NTAPI
 ObCheckObjectAccess(IN PVOID Object,
                     IN OUT PACCESS_STATE AccessState,
                     IN BOOLEAN LockHeld,
                     IN KPROCESSOR_MODE AccessMode,
                     OUT PNTSTATUS ReturnedStatus)
 {
     POBJECT_HEADER ObjectHeader;
     POBJECT_TYPE ObjectType;
     PSECURITY_DESCRIPTOR SecurityDescriptor = NULL;
     BOOLEAN SdAllocated;
     NTSTATUS Status;
     BOOLEAN Result;
     ACCESS_MASK GrantedAccess;
     PPRIVILEGE_SET Privileges = NULL;
     PAGED_CODE();

     /* Get the object header and type */
     ObjectHeader = OBJECT_TO_OBJECT_HEADER(Object);
     ObjectType = ObjectHeader->Type;

     /* Get security information */
     Status = ObGetObjectSecurity(Object, &SecurityDescriptor, &SdAllocated);
     if (!NT_SUCCESS(Status))
     {
         /* Return failure */
         *ReturnedStatus = Status;
         return FALSE;
     }
     else if (!SecurityDescriptor)
     {
         /* Otherwise, if we don't actually have an SD, return success */
         *ReturnedStatus = Status;
         return TRUE;
     }

     /* Lock the security context */
     SeLockSubjectContext(&AccessState->SubjectSecurityContext);

     /* Now do the entire access check */
     Result = SeAccessCheck(SecurityDescriptor,
                            &AccessState->SubjectSecurityContext,
                            TRUE,
                            AccessState->RemainingDesiredAccess,
                            AccessState->PreviouslyGrantedAccess,
                            &Privileges,
                            &ObjectType->TypeInfo.GenericMapping,
                            AccessMode,
                            &GrantedAccess,
                            ReturnedStatus);
     if (Privileges)
     {
         /* We got privileges, append them to the access state and free them */
         Status = SeAppendPrivileges(AccessState, Privileges);
         SeFreePrivileges(Privileges);
     }

     /* Check if access was granted */
     if (Result)
     {
         /* Update the access state */
         AccessState->RemainingDesiredAccess &= ~(GrantedAccess |
                                                  MAXIMUM_ALLOWED);
         AccessState->PreviouslyGrantedAccess |= GrantedAccess;
     }

     /* Do audit alarm */
     SeOpenObjectAuditAlarm(&ObjectType->Name,
                            Object,
                            NULL,
                            SecurityDescriptor,
                            AccessState,
                            FALSE,
                            Result,
                            AccessMode,
                            &AccessState->GenerateOnClose);

     /* We're done, unlock the context and release security */
     SeUnlockSubjectContext(&AccessState->SubjectSecurityContext);
     ObReleaseObjectSecurity(SecurityDescriptor, SdAllocated);
     return Result;
 }

 /* PUBLIC FUNCTIONS **********************************************************/

 /*++
 * @name ObAssignSecurity
 * @implemented NT4
 *
 *     The ObAssignSecurity routine <FILLMEIN>
 *
 * @param AccessState
 *        <FILLMEIN>
 *
 * @param SecurityDescriptor
 *        <FILLMEIN>
 *
 * @param Object
 *        <FILLMEIN>
 *
 * @param Type
 *        <FILLMEIN>
 *
 * @return STATUS_SUCCESS or appropriate error value.
 *
 * @remarks None.
 *
 *--*/
 NTSTATUS
 NTAPI
 ObAssignSecurity(IN PACCESS_STATE AccessState,
                  IN PSECURITY_DESCRIPTOR SecurityDescriptor,
                  IN PVOID Object,
                  IN POBJECT_TYPE Type)
 {
     PSECURITY_DESCRIPTOR NewDescriptor;
     NTSTATUS Status;
     KIRQL CalloutIrql;
     PAGED_CODE();

     /* Build the new security descriptor */
     Status = SeAssignSecurity(SecurityDescriptor,
                               AccessState->SecurityDescriptor,
                               &NewDescriptor,
                               (Type == ObpDirectoryObjectType),
                               &AccessState->SubjectSecurityContext,
                               &Type->TypeInfo.GenericMapping,
                               PagedPool);
     if (!NT_SUCCESS(Status)) return Status;

     /* Call the security method */
     ObpCalloutStart(&CalloutIrql);
     Status = Type->TypeInfo.SecurityProcedure(Object,
                                               AssignSecurityDescriptor,
                                               NULL,
                                               NewDescriptor,
                                               NULL,
                                               NULL,
                                               PagedPool,
                                               &Type->TypeInfo.GenericMapping);
     ObpCalloutEnd(CalloutIrql, "Security", Type, Object);

     /* Check for failure and deassign security if so */
     if (!NT_SUCCESS(Status)) SeDeassignSecurity(&NewDescriptor);

     /* Return to caller */
     return Status;
 }

 /*++
 * @name ObGetObjectSecurity
 * @implemented NT4
 *
 *     The ObGetObjectSecurity routine <FILLMEIN>
 *
 * @param Object
 *        <FILLMEIN>
 *
 * @param SecurityDescriptor
 *        <FILLMEIN>
 *
 * @param MemoryAllocated
 *        <FILLMEIN>
 *
 * @return STATUS_SUCCESS or appropriate error value.
 *
 * @remarks None.
 *
 *--*/
 NTSTATUS
 NTAPI
 ObGetObjectSecurity(IN PVOID Object,
                     OUT PSECURITY_DESCRIPTOR *SecurityDescriptor,
                     OUT PBOOLEAN MemoryAllocated)
 {
     POBJECT_HEADER Header;
     POBJECT_TYPE Type;
     ULONG Length = 0;
     NTSTATUS Status;
     SECURITY_INFORMATION SecurityInformation;
     KIRQL CalloutIrql;
     PAGED_CODE();

     /* Get the object header and type */
     Header = OBJECT_TO_OBJECT_HEADER(Object);
     Type = Header->Type;

     /* Tell the caller that we didn't have to allocate anything yet */
     *MemoryAllocated = FALSE;

     /* Check if the object uses default security */
     if (Type->TypeInfo.SecurityProcedure == SeDefaultObjectMethod)
     {
         /* Reference the descriptor */
         *SecurityDescriptor = ObpReferenceSecurityDescriptor(Header);
         return STATUS_SUCCESS;
     }

     /* Set mask to query */
     SecurityInformation =  OWNER_SECURITY_INFORMATION |
                            GROUP_SECURITY_INFORMATION |
                            DACL_SECURITY_INFORMATION |
                            SACL_SECURITY_INFORMATION;

     /* Get the security descriptor size */
     ObpCalloutStart(&CalloutIrql);
     Status = Type->TypeInfo.SecurityProcedure(Object,
                                               QuerySecurityDescriptor,
                                               &SecurityInformation,
                                               *SecurityDescriptor,
                                               &Length,
                                               &Header->SecurityDescriptor,
                                               Type->TypeInfo.PoolType,
                                               &Type->TypeInfo.GenericMapping);
     ObpCalloutEnd(CalloutIrql, "Security", Type, Object);

     /* Check for failure */
     if (Status != STATUS_BUFFER_TOO_SMALL) return Status;

     /* Allocate security descriptor */
     *SecurityDescriptor = ExAllocatePoolWithTag(PagedPool,
                                                 Length,
                                                 TAG_SEC_QUERY);
     if (!(*SecurityDescriptor)) return STATUS_INSUFFICIENT_RESOURCES;
     *MemoryAllocated = TRUE;

     /* Query security descriptor */
     ObpCalloutStart(&CalloutIrql);
     Status = Type->TypeInfo.SecurityProcedure(Object,
                                               QuerySecurityDescriptor,
                                               &SecurityInformation,
                                               *SecurityDescriptor,
                                               &Length,
                                               &Header->SecurityDescriptor,
                                               Type->TypeInfo.PoolType,
                                               &Type->TypeInfo.GenericMapping);
     ObpCalloutEnd(CalloutIrql, "Security", Type, Object);

     /* Check for failure */
     if (!NT_SUCCESS(Status))
     {
         /* Free the descriptor and tell the caller we failed */
         ExFreePoolWithTag(*SecurityDescriptor, TAG_SEC_QUERY);
         *MemoryAllocated = FALSE;
     }

     /* Return status */
     return Status;
 }

 /*++
 * @name ObReleaseObjectSecurity
 * @implemented NT4
 *
 *     The ObReleaseObjectSecurity routine <FILLMEIN>
 *
 * @param SecurityDescriptor
 *        <FILLMEIN>
 *
 * @param MemoryAllocated
 *        <FILLMEIN>
 *
 * @return STATUS_SUCCESS or appropriate error value.
 *
 * @remarks None.
 *
 *--*/
 VOID
 NTAPI
 ObReleaseObjectSecurity(IN PSECURITY_DESCRIPTOR SecurityDescriptor,
                         IN BOOLEAN MemoryAllocated)
 {
     PAGED_CODE();

     /* Nothing to do in this case */
     if (!SecurityDescriptor) return;

     /* Check if we had allocated it from memory */
     if (MemoryAllocated)
     {
         /* Free it */
         ExFreePool(SecurityDescriptor);
     }
     else
     {
         /* Otherwise this means we used an internal descriptor */
         ObDereferenceSecurityDescriptor(SecurityDescriptor, 1);
     }
 }

 /*++
 * @name ObSetSecurityObjectByPointer
 * @implemented NT5.1
 *
 *     The ObSetSecurityObjectByPointer routine <FILLMEIN>
 *
 * @param SecurityDescriptor
 *        <FILLMEIN>
 *
 * @param MemoryAllocated
 *        <FILLMEIN>
 *
 * @return STATUS_SUCCESS or appropriate error value.
 *
 * @remarks None.
 *
 *--*/
 NTSTATUS
 NTAPI
 ObSetSecurityObjectByPointer(IN PVOID Object,
                              IN SECURITY_INFORMATION SecurityInformation,
                              IN PSECURITY_DESCRIPTOR SecurityDescriptor)
 {
     POBJECT_TYPE Type;
     POBJECT_HEADER Header;
     PAGED_CODE();

     /* Get the header and type */
     Header = OBJECT_TO_OBJECT_HEADER(Object);
     Type = Header->Type;

     /* Sanity check */
     ASSERT(SecurityDescriptor);

     /* Call the security procedure */
     return Type->TypeInfo.SecurityProcedure(Object,
                                             SetSecurityDescriptor,
                                             &SecurityInformation,
                                             SecurityDescriptor,
                                             NULL,
                                             &Header->SecurityDescriptor,
                                             Type->TypeInfo.PoolType,
                                             &Type->TypeInfo.GenericMapping);
 }

 /*++
 * @name NtQuerySecurityObject
 * @implemented NT4
 *
 *     The NtQuerySecurityObject routine <FILLMEIN>
 *
 * @param Handle
 *        <FILLMEIN>
 *
 * @param SecurityInformation
 *        <FILLMEIN>
 *
 * @param SecurityDescriptor
 *        <FILLMEIN>
 *
 * @param Length
 *        <FILLMEIN>
 *
 * @param ResultLength
 *        <FILLMEIN>
 *
 * @return STATUS_SUCCESS or appropriate error value.
 *
 * @remarks None.
 *
 *--*/
 NTSTATUS
 NTAPI
 NtQuerySecurityObject(IN HANDLE Handle,
                       IN SECURITY_INFORMATION SecurityInformation,
                       OUT PSECURITY_DESCRIPTOR SecurityDescriptor,
                       IN ULONG Length,
                       OUT PULONG ResultLength)
 {
     KPROCESSOR_MODE PreviousMode = ExGetPreviousMode();
     PVOID Object;
     POBJECT_HEADER Header;
     POBJECT_TYPE Type;
     ACCESS_MASK DesiredAccess;
     NTSTATUS Status;
     PAGED_CODE();

     /* Check if we came from user mode */
     if (PreviousMode != KernelMode)
     {
         /* Enter SEH */
         _SEH2_TRY
         {
             /* Probe the SD and the length pointer */
             ProbeForWrite(SecurityDescriptor, Length, sizeof(ULONG));
             ProbeForWriteUlong(ResultLength);
         }
         _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
         {
             /* Return the exception code */
             _SEH2_YIELD(return _SEH2_GetExceptionCode());
         }
         _SEH2_END;
     }

     /* Get the required access rights for the operation */
     SeQuerySecurityAccessMask(SecurityInformation, &DesiredAccess);

     /* Reference the object */
     Status = ObReferenceObjectByHandle(Handle,
                                        DesiredAccess,
                                        NULL,
                                        PreviousMode,
                                        &Object,
                                        NULL);
     if (!NT_SUCCESS(Status)) return Status;

     /* Get the Object Header and Type */
     Header = OBJECT_TO_OBJECT_HEADER(Object);
     Type = Header->Type;

     /* Call the security procedure's query function */
     Status = Type->TypeInfo.SecurityProcedure(Object,
                                               QuerySecurityDescriptor,
                                               &SecurityInformation,
                                               SecurityDescriptor,
                                               &Length,
                                               &Header->SecurityDescriptor,
                                               Type->TypeInfo.PoolType,
                                               &Type->TypeInfo.GenericMapping);

     /* Dereference the object */
     ObDereferenceObject(Object);

     /* Protect write with SEH */
     _SEH2_TRY
     {
         /* Return the needed length */
         *ResultLength = Length;
     }
     _SEH2_EXCEPT(ExSystemExceptionFilter())
     {
         /* Get the exception code */
         Status = _SEH2_GetExceptionCode();
     }
     _SEH2_END;

     /* Return status */
     return Status;
 }

 /*++
 * @name NtSetSecurityObject
 * @implemented NT4
 *
 *     The NtSetSecurityObject routine <FILLMEIN>
 *
 * @param Handle
 *        <FILLMEIN>
 *
 * @param SecurityInformation
 *        <FILLMEIN>
 *
 * @param SecurityDescriptor
 *        <FILLMEIN>
 *
 * @return STATUS_SUCCESS or appropriate error value.
 *
 * @remarks None.
 *
 *--*/
 NTSTATUS
 NTAPI
 NtSetSecurityObject(IN HANDLE Handle,
                     IN SECURITY_INFORMATION SecurityInformation,
                     IN PSECURITY_DESCRIPTOR SecurityDescriptor)
 {
     KPROCESSOR_MODE PreviousMode = ExGetPreviousMode();
     PVOID Object;
     SECURITY_DESCRIPTOR_RELATIVE *CapturedDescriptor;
     ACCESS_MASK DesiredAccess = 0;
     NTSTATUS Status;
     PAGED_CODE();

     /* Make sure the caller doesn't pass a NULL security descriptor! */
     if (!SecurityDescriptor) return STATUS_ACCESS_VIOLATION;

     /* Set the required access rights for the operation */
     SeSetSecurityAccessMask(SecurityInformation, &DesiredAccess);

     /* Reference the object */
     Status = ObReferenceObjectByHandle(Handle,
                                        DesiredAccess,
                                        NULL,
                                        PreviousMode,
                                        &Object,
                                        NULL);
     if (NT_SUCCESS(Status))
     {
         /* Capture and make a copy of the security descriptor */
         Status = SeCaptureSecurityDescriptor(SecurityDescriptor,
                                              PreviousMode,
                                              PagedPool,
                                              TRUE,
                                              (PSECURITY_DESCRIPTOR*)
                                              &CapturedDescriptor);
         if (!NT_SUCCESS(Status))
         {
             /* Fail */
             ObDereferenceObject(Object);
             return Status;
         }

         /* Sanity check */
         ASSERT(CapturedDescriptor->Control & SE_SELF_RELATIVE);

         /*
          * Make sure the security descriptor passed by the caller
          * is valid for the operation we're about to perform
          */
         if (((SecurityInformation & OWNER_SECURITY_INFORMATION) &&
              !(CapturedDescriptor->Owner)) ||
             ((SecurityInformation & GROUP_SECURITY_INFORMATION) &&
              !(CapturedDescriptor->Group)))
         {
             /* Set the failure status */
             Status = STATUS_INVALID_SECURITY_DESCR;
         }
         else
         {
             /* Set security */
             Status = ObSetSecurityObjectByPointer(Object,
                                                   SecurityInformation,
                                                   CapturedDescriptor);
         }

         /* Release the descriptor and return status */
         SeReleaseSecurityDescriptor((PSECURITY_DESCRIPTOR)CapturedDescriptor,
                                     PreviousMode,
                                     TRUE);

         /* Now we can dereference the object */
         ObDereferenceObject(Object);
     }

     return Status;
 }

 /*++
 * @name ObQueryObjectAuditingByHandle
 * @implemented NT5
 *
 *     The ObDereferenceSecurityDescriptor routine <FILLMEIN>
 *
 * @param SecurityDescriptor
 *        <FILLMEIN>
 *
 * @param Count
 *        <FILLMEIN>
 *
 * @return STATUS_SUCCESS or appropriate error value.
 *
 * @remarks None.
 *
 *--*/
 NTSTATUS
 NTAPI
 ObQueryObjectAuditingByHandle(IN HANDLE Handle,
                               OUT PBOOLEAN GenerateOnClose)
 {
     PHANDLE_TABLE_ENTRY HandleEntry;
     PVOID HandleTable;
     NTSTATUS Status = STATUS_SUCCESS;
     PAGED_CODE();

     /* Check if we're dealing with a kernel handle */
     if (ObpIsKernelHandle(Handle, ExGetPreviousMode()))
     {
         /* Use the kernel table and convert the handle */
         HandleTable = ObpKernelHandleTable;
         Handle = ObKernelHandleToHandle(Handle);
     }
     else
     {
         /* Use the process's handle table */
         HandleTable = PsGetCurrentProcess()->ObjectTable;
     }

     /* Enter a critical region while we touch the handle table */
     KeEnterCriticalRegion();

     /* Map the handle */
     HandleEntry = ExMapHandleToPointer(HandleTable, Handle);
     if(HandleEntry)
     {
         /* Check if the flag is set */
         *GenerateOnClose = HandleEntry->ObAttributes & OBJ_AUDIT_OBJECT_CLOSE;

         /* Unlock the entry */
         ExUnlockHandleTableEntry(HandleTable, HandleEntry);
     }
     else
     {
         /* Otherwise, fail */
         Status = STATUS_INVALID_HANDLE;
     }

     /* Leave the critical region and return the status */
     KeLeaveCriticalRegion();
     return Status;
 }

 /* EOF */
ProbeForWriteUlong
#define ProbeForWriteUlong(Ptr)
Definition: probe.h:36

_SECURITY_DESCRIPTOR
Definition: ms-dtyp.idl:301

PNTSTATUS
* PNTSTATUS
Definition: strlen.c:14

MAXIMUM_ALLOWED
#define MAXIMUM_ALLOWED
Definition: nt_native.h:83

ObjectType
ObjectType
Definition: metafile.c:80

ObAssignSecurity
NTSTATUS NTAPI ObAssignSecurity(IN PACCESS_STATE AccessState, IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN PVOID Object, IN POBJECT_TYPE Type)
Definition: obsecure.c:550

ExGetObjectFastReference
FORCEINLINE PVOID ExGetObjectFastReference(IN EX_FAST_REF FastRef)
Definition: ex.h:578

IN
#define IN
Definition: typedefs.h:39

ObSetSecurityDescriptorInfo
NTSTATUS NTAPI ObSetSecurityDescriptorInfo(IN PVOID Object, IN PSECURITY_INFORMATION SecurityInformation, IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor, IN OUT PSECURITY_DESCRIPTOR *OutputSecurityDescriptor, IN POOL_TYPE PoolType, IN PGENERIC_MAPPING GenericMapping)
Definition: obsecure.c:117

DesiredAccess
_Must_inspect_result_ _In_ WDFDEVICE _In_ ULONG _In_ ACCESS_MASK DesiredAccess
Definition: wdfdevice.h:2654

ExInitializeFastReference
FORCEINLINE VOID ExInitializeFastReference(OUT PEX_FAST_REF FastRef, IN OPTIONAL PVOID Object)
Definition: ex.h:594

SeSetSecurityDescriptorInfo
NTKERNELAPI NTSTATUS NTAPI SeSetSecurityDescriptorInfo(_In_opt_ PVOID Object, _In_ PSECURITY_INFORMATION SecurityInformation, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _Inout_ PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor, _In_ POOL_TYPE PoolType, _In_ PGENERIC_MAPPING GenericMapping)

STATUS_INVALID_SECURITY_DESCR
#define STATUS_INVALID_SECURITY_DESCR
Definition: ntstatus.h:357

ObpAcquireObjectLock
FORCEINLINE VOID ObpAcquireObjectLock(IN POBJECT_HEADER ObjectHeader)
Definition: ob_x.h:48

STATUS_INSUFFICIENT_RESOURCES
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158

ObDereferenceSecurityDescriptor
VOID NTAPI ObDereferenceSecurityDescriptor(IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN ULONG Count)
Definition: obsdcach.c:287

ObSetSecurityObjectByPointer
NTSTATUS NTAPI ObSetSecurityObjectByPointer(IN PVOID Object, IN SECURITY_INFORMATION SecurityInformation, IN PSECURITY_DESCRIPTOR SecurityDescriptor)
Definition: obsecure.c:749

Length
_In_ ULONG _In_ ULONG _In_ ULONG Length
Definition: ntddpcm.h:101

SE_SELF_RELATIVE
#define SE_SELF_RELATIVE
Definition: setypes.h:799

_SECURITY_DESCRIPTOR_RELATIVE
Definition: setypes.h:801

PEX_FAST_REF
struct _EX_FAST_REF * PEX_FAST_REF

_HANDLE_TABLE_ENTRY::ObAttributes
ULONG_PTR ObAttributes
Definition: extypes.h:600

AccessStatus
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK _Out_ PNTSTATUS AccessStatus
Definition: sefuncs.h:13

TRUE
#define TRUE
Definition: types.h:120

SecurityDescriptor
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:182

MemoryAllocated
_Out_ PSECURITY_DESCRIPTOR _Out_ PBOOLEAN MemoryAllocated
Definition: obfuncs.h:23

ExMapHandleToPointer
PHANDLE_TABLE_ENTRY NTAPI ExMapHandleToPointer(IN PHANDLE_TABLE HandleTable, IN HANDLE Handle)
Definition: handle.c:1010

ObpReleaseObjectLock
FORCEINLINE VOID ObpReleaseObjectLock(IN POBJECT_HEADER ObjectHeader)
Definition: ob_x.h:84

SeSetSecurityAccessMask
VOID NTAPI SeSetSecurityAccessMask(_In_ SECURITY_INFORMATION SecurityInformation, _Out_ PACCESS_MASK DesiredAccess)
Sets the access mask for a security information context.
Definition: semgr.c:460

NTSTATUS
LONG NTSTATUS
Definition: precomp.h:26

_PRIVILEGE_SET
Definition: setypes.h:85

ObpIsKernelHandle
#define ObpIsKernelHandle(Handle, ProcessorMode)
Definition: ob.h:69

HandleTable
static XMS_HANDLE HandleTable[XMS_MAX_HANDLES]
Definition: himem.c:83

ExGetPreviousMode
KPROCESSOR_MODE NTAPI ExGetPreviousMode(VOID)
Definition: sysinfo.c:3070

GROUP_SECURITY_INFORMATION
#define GROUP_SECURITY_INFORMATION
Definition: setypes.h:124

_OBJECT_TYPE
Definition: obtypes.h:379

KernelMode
Definition: ketypes.h:11

if
if(dx==0 &&dy==0)
Definition: linetemp.h:174

NewDescriptor
_In_opt_ PSECURITY_DESCRIPTOR _Out_ PSECURITY_DESCRIPTOR * NewDescriptor
Definition: sefuncs.h:29

ExUnlockHandleTableEntry
VOID NTAPI ExUnlockHandleTableEntry(IN PHANDLE_TABLE HandleTable, IN PHANDLE_TABLE_ENTRY HandleTableEntry)
Definition: handle.c:887

ProbeForWrite
VOID NTAPI ProbeForWrite(IN PVOID Address, IN SIZE_T Length, IN ULONG Alignment)
Definition: exintrin.c:143

STATUS_INVALID_HANDLE
#define STATUS_INVALID_HANDLE
Definition: ntstatus.h:245

_SECURITY_DESCRIPTOR::Control
USHORT Control
Definition: ms-dtyp.idl:304

STATUS_BUFFER_TOO_SMALL
#define STATUS_BUFFER_TOO_SMALL
Definition: shellext.h:69

_SEH2_TRY
_SEH2_TRY
Definition: create.c:4226

_SECURITY_DESCRIPTOR::Group
ULONG Group
Definition: ms-dtyp.idl:306

ObCheckObjectAccess
BOOLEAN NTAPI ObCheckObjectAccess(IN PVOID Object, IN OUT PACCESS_STATE AccessState, IN BOOLEAN LockHeld, IN KPROCESSOR_MODE AccessMode, OUT PNTSTATUS ReturnedStatus)
Definition: obsecure.c:441

ObCheckCreateObjectAccess
BOOLEAN NTAPI ObCheckCreateObjectAccess(IN PVOID Object, IN ACCESS_MASK CreateAccess, IN PACCESS_STATE AccessState, IN PUNICODE_STRING ComponentName, IN BOOLEAN LockHeld, IN KPROCESSOR_MODE AccessMode, OUT PNTSTATUS AccessStatus)
Definition: obsecure.c:203

ObDeassignSecurity
NTSTATUS NTAPI ObDeassignSecurity(IN OUT PSECURITY_DESCRIPTOR *SecurityDescriptor)
Definition: obsecure.c:60

OBJECT_TO_OBJECT_HEADER
#define OBJECT_TO_OBJECT_HEADER(o)
Definition: obtypes.h:111

KIRQL
UCHAR KIRQL
Definition: env_spec_w32.h:591

OBJ_AUDIT_OBJECT_CLOSE
#define OBJ_AUDIT_OBJECT_CLOSE
Definition: ob.h:51

ObReferenceObjectByHandle
NTSTATUS NTAPI ObReferenceObjectByHandle(IN HANDLE Handle, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, OUT PVOID *Object, OUT POBJECT_HANDLE_INFORMATION HandleInformation OPTIONAL)
Definition: obref.c:494

TAG_SEC_QUERY
#define TAG_SEC_QUERY
Definition: tag.h:195

NTAPI
NTSTATUS(* NTAPI)(IN PFILE_FULL_EA_INFORMATION EaBuffer, IN ULONG EaLength, OUT PULONG ErrorOffset)
Definition: IoEaTest.cpp:117

SeLockSubjectContext
VOID NTAPI SeLockSubjectContext(_In_ PSECURITY_SUBJECT_CONTEXT SubjectContext)
Locks both the referenced primary and client access tokens of a security subject context.
Definition: access.c:456

FALSE
#define FALSE
Definition: types.h:117

SeFastTraverseCheck
BOOLEAN NTAPI SeFastTraverseCheck(_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ PACCESS_STATE AccessState, _In_ ACCESS_MASK DesiredAccess, _In_ KPROCESSOR_MODE AccessMode)
Determines whether security access rights can be given to an object depending on the security descrip...
Definition: accesschk.c:601

Header
Definition: Header.h:8

SECURITY_INFORMATION
DWORD SECURITY_INFORMATION
Definition: ms-dtyp.idl:311

AccessMode
_In_ PEPROCESS _In_ KPROCESSOR_MODE AccessMode
Definition: mmfuncs.h:395

PsGetCurrentProcess
#define PsGetCurrentProcess
Definition: psfuncs.h:17

_HANDLE_TABLE_ENTRY
Definition: extypes.h:595

ObReleaseObjectSecurity
VOID NTAPI ObReleaseObjectSecurity(IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN BOOLEAN MemoryAllocated)
Definition: obsecure.c:709

BOOLEAN
unsigned char BOOLEAN
Definition: ProcessorBind.h:185

ObpCalloutStart
FORCEINLINE VOID ObpCalloutStart(IN PKIRQL CalloutIrql)
Definition: ob_x.h:497

_EX_FAST_REF
Definition: extypes.h:418

Result
_At_(*)(_In_ PWSK_CLIENT Client, _In_opt_ PUNICODE_STRING NodeName, _In_opt_ PUNICODE_STRING ServiceName, _In_opt_ ULONG NameSpace, _In_opt_ GUID *Provider, _In_opt_ PADDRINFOEXW Hints, _Outptr_ PADDRINFOEXW *Result, _In_opt_ PEPROCESS OwningProcess, _In_opt_ PETHREAD OwningThread, _Inout_ PIRP Irp Result)(Mem)) NTSTATUS(WSKAPI *PFN_WSK_GET_ADDRESS_INFO
Definition: wsk.h:426

SecurityInformation
_Must_inspect_result_ _In_ PFILE_OBJECT _In_ SECURITY_INFORMATION SecurityInformation
Definition: fltkernel.h:1339

ObpKernelHandleTable
PHANDLE_TABLE ObpKernelHandleTable
Definition: obhandle.c:20

SeUnlockSubjectContext
VOID NTAPI SeUnlockSubjectContext(_In_ PSECURITY_SUBJECT_CONTEXT SubjectContext)
Unlocks both the referenced primary and client access tokens of a security subject context.
Definition: access.c:487

TAG_SD
#define TAG_SD
Definition: tag.h:176

FILE_WRITE_DATA
#define FILE_WRITE_DATA
Definition: nt_native.h:631

ObGetObjectSecurity
NTSTATUS NTAPI ObGetObjectSecurity(IN PVOID Object, OUT PSECURITY_DESCRIPTOR *SecurityDescriptor, OUT PBOOLEAN MemoryAllocated)
Definition: obsecure.c:611

SeOpenObjectAuditAlarm
VOID NTAPI SeOpenObjectAuditAlarm(_In_ PUNICODE_STRING ObjectTypeName, _In_opt_ PVOID Object, _In_opt_ PUNICODE_STRING AbsoluteObjectName, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ PACCESS_STATE AccessState, _In_ BOOLEAN ObjectCreated, _In_ BOOLEAN AccessGranted, _In_ KPROCESSOR_MODE AccessMode, _Out_ PBOOLEAN GenerateOnClose)
Creates an audit with alarm notification of an object that is being opened.
Definition: audit.c:1314

NtSetSecurityObject
NTSTATUS NTAPI NtSetSecurityObject(IN HANDLE Handle, IN SECURITY_INFORMATION SecurityInformation, IN PSECURITY_DESCRIPTOR SecurityDescriptor)
Definition: obsecure.c:903

Status
Status
Definition: gdiplustypes.h:24

PreviousMode
_In_ KPROCESSOR_MODE PreviousMode
Definition: sefuncs.h:103

Count
int Count
Definition: noreturn.cpp:7

ObpDirectoryObjectType
#define ObpDirectoryObjectType
Definition: ObTypes.c:123

NtQuerySecurityObject
NTSTATUS NTAPI NtQuerySecurityObject(IN HANDLE Handle, IN SECURITY_INFORMATION SecurityInformation, OUT PSECURITY_DESCRIPTOR SecurityDescriptor, IN ULONG Length, OUT PULONG ResultLength)
Definition: obsecure.c:803

_ACCESS_STATE
Definition: setypes.h:211

ASSERT
#define ASSERT(a)
Definition: mode.c:44

_GENERIC_MAPPING
Definition: nt_native.h:564

NT_SUCCESS
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32

PSECURITY_INFORMATION
DWORD * PSECURITY_INFORMATION
Definition: ms-dtyp.idl:311

ObQueryObjectAuditingByHandle
NTSTATUS NTAPI ObQueryObjectAuditingByHandle(IN HANDLE Handle, OUT PBOOLEAN GenerateOnClose)
Definition: obsecure.c:997

POOL_TYPE
INT POOL_TYPE
Definition: typedefs.h:78

EXCEPTION_EXECUTE_HANDLER
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:85

SeCaptureSecurityDescriptor
NTSTATUS NTAPI SeCaptureSecurityDescriptor(_In_ PSECURITY_DESCRIPTOR _OriginalSecurityDescriptor, _In_ KPROCESSOR_MODE CurrentMode, _In_ POOL_TYPE PoolType, _In_ BOOLEAN CaptureIfKernel, _Out_ PSECURITY_DESCRIPTOR *CapturedSecurityDescriptor)
Captures a security descriptor.
Definition: sd.c:386

ObDereferenceObject
#define ObDereferenceObject
Definition: obfuncs.h:203

SeDefaultObjectMethod
static OB_SECURITY_METHOD SeDefaultObjectMethod
Definition: ObTypes.c:139

_SECURITY_DESCRIPTOR::Owner
ULONG Owner
Definition: ms-dtyp.idl:305

Type
Type
Definition: Type.h:6

SACL_SECURITY_INFORMATION
#define SACL_SECURITY_INFORMATION
Definition: setypes.h:126

GenerateOnClose
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE _In_ BOOLEAN _In_ BOOLEAN _In_ KPROCESSOR_MODE _In_opt_ GUID _Out_ PBOOLEAN GenerateOnClose
Definition: sefuncs.h:414

ExGetCountFastReference
FORCEINLINE ULONG ExGetCountFastReference(IN EX_FAST_REF FastRef)
Definition: ex.h:586

KPROCESSOR_MODE
CCHAR KPROCESSOR_MODE
Definition: ketypes.h:7

Privileges
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET * Privileges
Definition: sefuncs.h:13

ObAssignObjectSecurityDescriptor
NTSTATUS NTAPI ObAssignObjectSecurityDescriptor(IN PVOID Object, IN PSECURITY_DESCRIPTOR SecurityDescriptor OPTIONAL, IN POOL_TYPE PoolType)
Definition: obsecure.c:20

AccessState
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE AccessState
Definition: sefuncs.h:414

ExAllocatePoolWithTag
#define ExAllocatePoolWithTag(hernya, size, tag)
Definition: env_spec_w32.h:350

ObpReferenceSecurityDescriptor
PSECURITY_DESCRIPTOR NTAPI ObpReferenceSecurityDescriptor(IN POBJECT_HEADER ObjectHeader)
Definition: obsdcach.c:181

ObLogSecurityDescriptor
NTSTATUS NTAPI ObLogSecurityDescriptor(IN PSECURITY_DESCRIPTOR InputSecurityDescriptor, OUT PSECURITY_DESCRIPTOR *OutputSecurityDescriptor, IN ULONG RefBias)
Definition: obsdcach.c:364

PBOOLEAN
char * PBOOLEAN
Definition: retypes.h:11

ObpCalloutEnd
FORCEINLINE VOID ObpCalloutEnd(IN KIRQL CalloutIrql, IN PCHAR Procedure, IN POBJECT_TYPE ObjectType, IN PVOID Object)
Definition: ob_x.h:505

KeEnterCriticalRegion
#define KeEnterCriticalRegion()
Definition: ke_x.h:88

ObpCheckTraverseAccess
BOOLEAN NTAPI ObpCheckTraverseAccess(IN PVOID Object, IN ACCESS_MASK TraverseAccess, IN PACCESS_STATE AccessState OPTIONAL, IN BOOLEAN LockHeld, IN KPROCESSOR_MODE AccessMode, OUT PNTSTATUS AccessStatus)
Definition: obsecure.c:267

SeReleaseSecurityDescriptor
NTSTATUS NTAPI SeReleaseSecurityDescriptor(_In_ PSECURITY_DESCRIPTOR CapturedSecurityDescriptor, _In_ KPROCESSOR_MODE CurrentMode, _In_ BOOLEAN CaptureIfKernelMode)
Releases a captured security descriptor buffer.
Definition: sd.c:760

ExCompareSwapFastReference
FORCEINLINE EX_FAST_REF ExCompareSwapFastReference(IN PEX_FAST_REF FastRef, IN PVOID Object, IN PVOID OldObject)
Definition: ex.h:745

PagedPool
Definition: ketypes.h:867

Object
_Must_inspect_result_ _In_ WDFCOLLECTION _In_ WDFOBJECT Object
Definition: wdfcollection.h:120

SeAccessCheck
BOOLEAN NTAPI SeAccessCheck(_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext, _In_ BOOLEAN SubjectContextLocked, _In_ ACCESS_MASK DesiredAccess, _In_ ACCESS_MASK PreviouslyGrantedAccess, _Out_ PPRIVILEGE_SET *Privileges, _In_ PGENERIC_MAPPING GenericMapping, _In_ KPROCESSOR_MODE AccessMode, _Out_ PACCESS_MASK GrantedAccess, _Out_ PNTSTATUS AccessStatus)
Determines whether security access rights can be given to an object depending on the security descrip...
Definition: accesschk.c:459

SeFreePrivileges
VOID NTAPI SeFreePrivileges(_In_ PPRIVILEGE_SET Privileges)
Frees a set of privileges.
Definition: priv.c:669

GenericMapping
static GENERIC_MAPPING GenericMapping
Definition: SeInheritance.c:11

_UNICODE_STRING
Definition: env_spec_w32.h:368

_AUX_ACCESS_DATA
Definition: setypes.h:232

_SEH2_END
_SEH2_END
Definition: create.c:4400

KeLeaveCriticalRegion
#define KeLeaveCriticalRegion()
Definition: ke_x.h:119

ExSystemExceptionFilter
LONG NTAPI ExSystemExceptionFilter(VOID)
Definition: harderr.c:351

STATUS_ACCESS_VIOLATION
#define STATUS_ACCESS_VIOLATION
Definition: ntstatus.h:242

ObpCheckObjectReference
BOOLEAN NTAPI ObpCheckObjectReference(IN PVOID Object, IN OUT PACCESS_STATE AccessState, IN BOOLEAN LockHeld, IN KPROCESSOR_MODE AccessMode, OUT PNTSTATUS AccessStatus)
Definition: obsecure.c:340

OWNER_SECURITY_INFORMATION
#define OWNER_SECURITY_INFORMATION
Definition: setypes.h:123

PULONG
unsigned int * PULONG
Definition: retypes.h:1

NULL
#define NULL
Definition: types.h:112

Handle
_In_ HANDLE Handle
Definition: extypes.h:390

OUT
#define OUT
Definition: typedefs.h:40

PoolType
_Must_inspect_result_ _In_ WDFDEVICE _In_ DEVICE_REGISTRY_PROPERTY _In_ _Strict_type_match_ POOL_TYPE PoolType
Definition: wdfdevice.h:3810

ULONG
unsigned int ULONG
Definition: retypes.h:1

MAX_FAST_REFS
#define MAX_FAST_REFS
Definition: ex.h:131

SeQuerySecurityDescriptorInfo
NTKERNELAPI NTSTATUS NTAPI SeQuerySecurityDescriptorInfo(_In_ PSECURITY_INFORMATION SecurityInformation, _Out_writes_bytes_(*Length) PSECURITY_DESCRIPTOR SecurityDescriptor, _Inout_ PULONG Length, _Inout_ PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor)

ResultLength
_Must_inspect_result_ _In_ WDFDEVICE _In_ DEVICE_REGISTRY_PROPERTY _In_ ULONG _Out_ PULONG ResultLength
Definition: wdfdevice.h:3776

_SEH2_EXCEPT
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:40

STATUS_SUCCESS
#define STATUS_SUCCESS
Definition: shellext.h:65

_SEH2_GetExceptionCode
#define _SEH2_GetExceptionCode()
Definition: pseh2_64.h:165

_SEH2_YIELD
#define _SEH2_YIELD(__stmt)
Definition: pseh2_64.h:168

ObKernelHandleToHandle
#define ObKernelHandleToHandle(Handle)
Definition: ob.h:78

void
Definition: nsiface.idl:2306

SeQuerySecurityAccessMask
VOID NTAPI SeQuerySecurityAccessMask(_In_ SECURITY_INFORMATION SecurityInformation, _Out_ PACCESS_MASK DesiredAccess)
Queries the access mask from a security information context.
Definition: semgr.c:427

_OBJECT_HEADER::Type
POBJECT_TYPE Type
Definition: obtypes.h:493

GrantedAccess
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK GrantedAccess
Definition: sefuncs.h:13

_OBJECT_HEADER::SecurityDescriptor
PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: obtypes.h:503

ExFreePoolWithTag
#define ExFreePoolWithTag(_P, _T)
Definition: module.h:1099

SeAppendPrivileges
NTSTATUS NTAPI SeAppendPrivileges(_Inout_ PACCESS_STATE AccessState, _In_ PPRIVILEGE_SET Privileges)
Appends additional privileges.
Definition: priv.c:588

ObQuerySecurityDescriptorInfo
NTSTATUS NTAPI ObQuerySecurityDescriptorInfo(IN PVOID Object, IN PSECURITY_INFORMATION SecurityInformation, OUT PSECURITY_DESCRIPTOR SecurityDescriptor, IN OUT PULONG Length, IN PSECURITY_DESCRIPTOR *OutputSecurityDescriptor)
Definition: obsecure.c:85

ACCESS_MASK
ULONG ACCESS_MASK
Definition: nt_native.h:40

DACL_SECURITY_INFORMATION
#define DACL_SECURITY_INFORMATION
Definition: setypes.h:125

ExFreePool
#define ExFreePool(addr)
Definition: env_spec_w32.h:352

_OBJECT_HEADER
Definition: obtypes.h:485

PAGED_CODE
#define PAGED_CODE()
Definition: Bus_PDO_QueryResourceRequirements.c:89

OPTIONAL
PULONG MinorVersion OPTIONAL
Definition: CrossNt.h:68