ReactOS 0.4.15-dev-6679-g945ee4b
obsecure.c
Go to the documentation of this file.
1/*
2* PROJECT: ReactOS Kernel
3* LICENSE: GPL - See COPYING in the top level directory
4* FILE: ntoskrnl/ob/obsecure.c
5* PURPOSE: SRM Interface of the Object Manager
6* PROGRAMMERS: Alex Ionescu (alex@relsoft.net)
7* Eric Kohl
8*/
9
10/* INCLUDES *****************************************************************/
11
12#include <ntoskrnl.h>
13#define NDEBUG
14#include <debug.h>
15
16/* PRIVATE FUNCTIONS *********************************************************/
17
18NTSTATUS
19NTAPI
20ObAssignObjectSecurityDescriptor(IN PVOID Object,
21 IN PSECURITY_DESCRIPTOR SecurityDescriptor OPTIONAL,
22 IN POOL_TYPE PoolType)
23{
24 POBJECT_HEADER ObjectHeader;
25 NTSTATUS Status;
26 PSECURITY_DESCRIPTOR NewSd;
27 PEX_FAST_REF FastRef;
28 PAGED_CODE();
29
30 /* Get the object header */
31 ObjectHeader = OBJECT_TO_OBJECT_HEADER(Object);
32 FastRef = (PEX_FAST_REF)&ObjectHeader->SecurityDescriptor;
33 if (!SecurityDescriptor)
34 {
35 /* Nothing to assign */
36 ExInitializeFastReference(FastRef, NULL);
37 return STATUS_SUCCESS;
38 }
39
40 /* Add it to our internal cache */
41 Status = ObLogSecurityDescriptor(SecurityDescriptor,
42 &NewSd,
43 MAX_FAST_REFS + 1);
44 if (NT_SUCCESS(Status))
45 {
46 /* Free the old copy */
47 ExFreePoolWithTag(SecurityDescriptor, TAG_SD);
48
49 /* Set the new pointer */
50 ASSERT(NewSd);
51 ExInitializeFastReference(FastRef, NewSd);
52 }
53
54 /* Return status */
55 return Status;
56}
57
58NTSTATUS
59NTAPI
60ObDeassignSecurity(IN OUT PSECURITY_DESCRIPTOR *SecurityDescriptor)
61{
62 EX_FAST_REF FastRef;
63 ULONG Count;
64 PSECURITY_DESCRIPTOR OldSecurityDescriptor;
65
66 /* Get the fast reference and capture it */
67 FastRef = *(PEX_FAST_REF)SecurityDescriptor;
68
69 /* Don't free again later */
70 *SecurityDescriptor = NULL;
71
72 /* Get the descriptor and reference count */
73 OldSecurityDescriptor = ExGetObjectFastReference(FastRef);
74 Count = ExGetCountFastReference(FastRef);
75
76 /* Dereference the descriptor */
77 ObDereferenceSecurityDescriptor(OldSecurityDescriptor, Count + 1);
78
79 /* All done */
80 return STATUS_SUCCESS;
81}
82
83NTSTATUS
84NTAPI
85ObQuerySecurityDescriptorInfo(IN PVOID Object,
86 IN PSECURITY_INFORMATION SecurityInformation,
87 OUT PSECURITY_DESCRIPTOR SecurityDescriptor,
88 IN OUT PULONG Length,
89 IN PSECURITY_DESCRIPTOR *OutputSecurityDescriptor)
90{
91 POBJECT_HEADER ObjectHeader;
92 NTSTATUS Status;
93 PSECURITY_DESCRIPTOR ObjectSd;
94 PAGED_CODE();
95
96 /* Get the object header */
97 ObjectHeader = OBJECT_TO_OBJECT_HEADER(Object);
98
99 /* Get the SD */
100 ObjectSd = ObpReferenceSecurityDescriptor(ObjectHeader);
101
102 /* Query the information */
103 Status = SeQuerySecurityDescriptorInfo(SecurityInformation,
104 SecurityDescriptor,
105 Length,
106 &ObjectSd);
107
108 /* Check if we have an object SD and dereference it, if so */
109 if (ObjectSd) ObDereferenceSecurityDescriptor(ObjectSd, 1);
110
111 /* Return status */
112 return Status;
113}
114
115NTSTATUS
116NTAPI
117ObSetSecurityDescriptorInfo(IN PVOID Object,
118 IN PSECURITY_INFORMATION SecurityInformation,
119 IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor,
120 IN OUT PSECURITY_DESCRIPTOR *OutputSecurityDescriptor,
121 IN POOL_TYPE PoolType,
122 IN PGENERIC_MAPPING GenericMapping)
123{
124 NTSTATUS Status;
125 POBJECT_HEADER ObjectHeader;
126 PSECURITY_DESCRIPTOR OldDescriptor, NewDescriptor, CachedDescriptor;
127 PEX_FAST_REF FastRef;
128 EX_FAST_REF OldValue;
129 ULONG Count;
130 PAGED_CODE();
131
132 /* Get the object header */
133 ObjectHeader = OBJECT_TO_OBJECT_HEADER(Object);
134 while (TRUE)
135 {
136 /* Reference the old descriptor */
137 OldDescriptor = ObpReferenceSecurityDescriptor(ObjectHeader);
138 NewDescriptor = OldDescriptor;
139
140 /* Set the SD information */
141 Status = SeSetSecurityDescriptorInfo(Object,
142 SecurityInformation,
143 SecurityDescriptor,
144 &NewDescriptor,
145 PoolType,
146 GenericMapping);
147 if (!NT_SUCCESS(Status))
148 {
149 /* We failed, dereference the old one */
150 if (OldDescriptor) ObDereferenceSecurityDescriptor(OldDescriptor, 1);
151 break;
152 }
153
154 /* Now add this to the cache */
155 Status = ObLogSecurityDescriptor(NewDescriptor,
156 &CachedDescriptor,
157 MAX_FAST_REFS + 1);
158
159 /* Let go of our uncached copy */
160 ExFreePool(NewDescriptor);
161
162 /* Check for success */
163 if (!NT_SUCCESS(Status))
164 {
165 /* We failed, dereference the old one */
166 ObDereferenceSecurityDescriptor(OldDescriptor, 1);
167 break;
168 }
169
170 /* Do the swap */
171 FastRef = (PEX_FAST_REF)OutputSecurityDescriptor;
172 OldValue = ExCompareSwapFastReference(FastRef,
173 CachedDescriptor,
174 OldDescriptor);
175
176 /* Make sure the swap worked */
177 if (ExGetObjectFastReference(OldValue) == OldDescriptor)
178 {
179 /* Flush waiters */
180 ObpAcquireObjectLock(ObjectHeader);
181 ObpReleaseObjectLock(ObjectHeader);
182
183 /* And dereference the old one */
184 Count = ExGetCountFastReference(OldValue);
185 ObDereferenceSecurityDescriptor(OldDescriptor, Count + 2);
186 break;
187 }
188 else
189 {
190 /* Someone changed it behind our back -- try again */
191 ObDereferenceSecurityDescriptor(OldDescriptor, 1);
192 ObDereferenceSecurityDescriptor(CachedDescriptor,
193 MAX_FAST_REFS + 1);
194 }
195 }
196
197 /* Return status */
198 return Status;
199}
200
201BOOLEAN
202NTAPI
203ObCheckCreateObjectAccess(IN PVOID Object,
204 IN ACCESS_MASK CreateAccess,
205 IN PACCESS_STATE AccessState,
206 IN PUNICODE_STRING ComponentName,
207 IN BOOLEAN LockHeld,
208 IN KPROCESSOR_MODE AccessMode,
209 OUT PNTSTATUS AccessStatus)
210{
211 POBJECT_HEADER ObjectHeader;
212 POBJECT_TYPE ObjectType;
213 PSECURITY_DESCRIPTOR SecurityDescriptor = NULL;
214 BOOLEAN SdAllocated;
215 BOOLEAN Result = TRUE;
216 ACCESS_MASK GrantedAccess = 0;
217 PPRIVILEGE_SET Privileges = NULL;
218 NTSTATUS Status;
219 PAGED_CODE();
220
221 /* Get the header and type */
222 ObjectHeader = OBJECT_TO_OBJECT_HEADER(Object);
223 ObjectType = ObjectHeader->Type;
224
225 /* Get the security descriptor */
226 Status = ObGetObjectSecurity(Object, &SecurityDescriptor, &SdAllocated);
227 if (!NT_SUCCESS(Status))
228 {
229 /* We failed */
230 *AccessStatus = Status;
231 return FALSE;
232 }
233
234 /* Lock the security context */
235 SeLockSubjectContext(&AccessState->SubjectSecurityContext);
236
237 /* Check if we have an SD */
238 if (SecurityDescriptor)
239 {
240 /* Now do the entire access check */
241 Result = SeAccessCheck(SecurityDescriptor,
242 &AccessState->SubjectSecurityContext,
243 TRUE,
244 CreateAccess,
245 0,
246 &Privileges,
247 &ObjectType->TypeInfo.GenericMapping,
248 AccessMode,
249 &GrantedAccess,
250 AccessStatus);
251 if (Privileges)
252 {
253 /* We got privileges, append them to the access state and free them */
254 Status = SeAppendPrivileges(AccessState, Privileges);
255 SeFreePrivileges(Privileges);
256 }
257 }
258
259 /* We're done, unlock the context and release security */
260 SeUnlockSubjectContext(&AccessState->SubjectSecurityContext);
261 ObReleaseObjectSecurity(SecurityDescriptor, SdAllocated);
262 return Result;
263}
264
265BOOLEAN
266NTAPI
267ObpCheckTraverseAccess(IN PVOID Object,
268 IN ACCESS_MASK TraverseAccess,
269 IN PACCESS_STATE AccessState OPTIONAL,
270 IN BOOLEAN LockHeld,
271 IN KPROCESSOR_MODE AccessMode,
272 OUT PNTSTATUS AccessStatus)
273{
274 POBJECT_HEADER ObjectHeader;
275 POBJECT_TYPE ObjectType;
276 PSECURITY_DESCRIPTOR SecurityDescriptor = NULL;
277 BOOLEAN SdAllocated;
278 BOOLEAN Result;
279 ACCESS_MASK GrantedAccess = 0;
280 PPRIVILEGE_SET Privileges = NULL;
281 NTSTATUS Status;
282 PAGED_CODE();
283
284 /* Get the header and type */
285 ObjectHeader = OBJECT_TO_OBJECT_HEADER(Object);
286 ObjectType = ObjectHeader->Type;
287
288 /* Get the security descriptor */
289 Status = ObGetObjectSecurity(Object, &SecurityDescriptor, &SdAllocated);
290 if (!NT_SUCCESS(Status))
291 {
292 /* We failed */
293 *AccessStatus = Status;
294 return FALSE;
295 }
296
297 /* First try to perform a fast traverse check
298 * If it fails, then the entire access check will
299 * have to be done.
300 */
301 Result = SeFastTraverseCheck(SecurityDescriptor,
302 AccessState,
303 FILE_WRITE_DATA,
304 AccessMode);
305 if (Result)
306 {
307 ObReleaseObjectSecurity(SecurityDescriptor, SdAllocated);
308 return TRUE;
309 }
310
311 /* Lock the security context */
312 SeLockSubjectContext(&AccessState->SubjectSecurityContext);
313
314 /* Now do the entire access check */
315 Result = SeAccessCheck(SecurityDescriptor,
316 &AccessState->SubjectSecurityContext,
317 TRUE,
318 TraverseAccess,
319 0,
320 &Privileges,
321 &ObjectType->TypeInfo.GenericMapping,
322 AccessMode,
323 &GrantedAccess,
324 AccessStatus);
325 if (Privileges)
326 {
327 /* We got privileges, append them to the access state and free them */
328 Status = SeAppendPrivileges(AccessState, Privileges);
329 SeFreePrivileges(Privileges);
330 }
331
332 /* We're done, unlock the context and release security */
333 SeUnlockSubjectContext(&AccessState->SubjectSecurityContext);
334 ObReleaseObjectSecurity(SecurityDescriptor, SdAllocated);
335 return Result;
336}
337
338BOOLEAN
339NTAPI
340ObpCheckObjectReference(IN PVOID Object,
341 IN OUT PACCESS_STATE AccessState,
342 IN BOOLEAN LockHeld,
343 IN KPROCESSOR_MODE AccessMode,
344 OUT PNTSTATUS AccessStatus)
345{
346 POBJECT_HEADER ObjectHeader;
347 POBJECT_TYPE ObjectType;
348 PSECURITY_DESCRIPTOR SecurityDescriptor = NULL;
349 BOOLEAN SdAllocated;
350 BOOLEAN Result;
351 ACCESS_MASK GrantedAccess = 0;
352 PPRIVILEGE_SET Privileges = NULL;
353 NTSTATUS Status;
354 PAGED_CODE();
355
356 /* Get the header and type */
357 ObjectHeader = OBJECT_TO_OBJECT_HEADER(Object);
358 ObjectType = ObjectHeader->Type;
359
360 /* Get the security descriptor */
361 Status = ObGetObjectSecurity(Object, &SecurityDescriptor, &SdAllocated);
362 if (!NT_SUCCESS(Status))
363 {
364 /* We failed */
365 *AccessStatus = Status;
366 return FALSE;
367 }
368
369 /* Lock the security context */
370 SeLockSubjectContext(&AccessState->SubjectSecurityContext);
371
372 /* Now do the entire access check */
373 Result = SeAccessCheck(SecurityDescriptor,
374 &AccessState->SubjectSecurityContext,
375 TRUE,
376 AccessState->RemainingDesiredAccess,
377 AccessState->PreviouslyGrantedAccess,
378 &Privileges,
379 &ObjectType->TypeInfo.GenericMapping,
380 AccessMode,
381 &GrantedAccess,
382 AccessStatus);
383 if (Result)
384 {
385 /* Update the access state */
386 AccessState->RemainingDesiredAccess &= ~GrantedAccess;
387 AccessState->PreviouslyGrantedAccess |= GrantedAccess;
388 }
389
390 /* Check if we have an SD */
391 if (SecurityDescriptor)
392 {
393 /* Do audit alarm */
394#if 0
395 SeObjectReferenceAuditAlarm(&AccessState->OperationID,
396 Object,
397 SecurityDescriptor,
398 &AccessState->SubjectSecurityContext,
399 AccessState->RemainingDesiredAccess |
400 AccessState->PreviouslyGrantedAccess,
401 ((PAUX_ACCESS_DATA)(AccessState->AuxData))->
402 PrivilegeSet,
403 Result,
404 AccessMode);
405#endif
406 }
407
408 /* We're done, unlock the context and release security */
409 SeUnlockSubjectContext(&AccessState->SubjectSecurityContext);
410 ObReleaseObjectSecurity(SecurityDescriptor, SdAllocated);
411 return Result;
412}
413
414/*++
415* @name ObCheckObjectAccess
416*
417* The ObCheckObjectAccess routine <FILLMEIN>
418*
419* @param Object
420* <FILLMEIN>
421*
422* @param AccessState
423* <FILLMEIN>
424*
425* @param LockHeld
426* <FILLMEIN>
427*
428* @param AccessMode
429* <FILLMEIN>
430*
431* @param ReturnedStatus
432* <FILLMEIN>
433*
434* @return TRUE if access was granted, FALSE otherwise.
435*
436* @remarks None.
437*
438*--*/
439BOOLEAN
440NTAPI
441ObCheckObjectAccess(IN PVOID Object,
442 IN OUT PACCESS_STATE AccessState,
443 IN BOOLEAN LockHeld,
444 IN KPROCESSOR_MODE AccessMode,
445 OUT PNTSTATUS ReturnedStatus)
446{
447 POBJECT_HEADER ObjectHeader;
448 POBJECT_TYPE ObjectType;
449 PSECURITY_DESCRIPTOR SecurityDescriptor = NULL;
450 BOOLEAN SdAllocated;
451 NTSTATUS Status;
452 BOOLEAN Result;
453 ACCESS_MASK GrantedAccess;
454 PPRIVILEGE_SET Privileges = NULL;
455 PAGED_CODE();
456
457 /* Get the object header and type */
458 ObjectHeader = OBJECT_TO_OBJECT_HEADER(Object);
459 ObjectType = ObjectHeader->Type;
460
461 /* Get security information */
462 Status = ObGetObjectSecurity(Object, &SecurityDescriptor, &SdAllocated);
463 if (!NT_SUCCESS(Status))
464 {
465 /* Return failure */
466 *ReturnedStatus = Status;
467 return FALSE;
468 }
469 else if (!SecurityDescriptor)
470 {
471 /* Otherwise, if we don't actually have an SD, return success */
472 *ReturnedStatus = Status;
473 return TRUE;
474 }
475
476 /* Lock the security context */
477 SeLockSubjectContext(&AccessState->SubjectSecurityContext);
478
479 /* Now do the entire access check */
480 Result = SeAccessCheck(SecurityDescriptor,
481 &AccessState->SubjectSecurityContext,
482 TRUE,
483 AccessState->RemainingDesiredAccess,
484 AccessState->PreviouslyGrantedAccess,
485 &Privileges,
486 &ObjectType->TypeInfo.GenericMapping,
487 AccessMode,
488 &GrantedAccess,
489 ReturnedStatus);
490 if (Privileges)
491 {
492 /* We got privileges, append them to the access state and free them */
493 Status = SeAppendPrivileges(AccessState, Privileges);
494 SeFreePrivileges(Privileges);
495 }
496
497 /* Check if access was granted */
498 if (Result)
499 {
500 /* Update the access state */
501 AccessState->RemainingDesiredAccess &= ~(GrantedAccess |
502 MAXIMUM_ALLOWED);
503 AccessState->PreviouslyGrantedAccess |= GrantedAccess;
504 }
505
506 /* Do audit alarm */
507 SeOpenObjectAuditAlarm(&ObjectType->Name,
508 Object,
509 NULL,
510 SecurityDescriptor,
511 AccessState,
512 FALSE,
513 Result,
514 AccessMode,
515 &AccessState->GenerateOnClose);
516
517 /* We're done, unlock the context and release security */
518 SeUnlockSubjectContext(&AccessState->SubjectSecurityContext);
519 ObReleaseObjectSecurity(SecurityDescriptor, SdAllocated);
520 return Result;
521}
522
523/* PUBLIC FUNCTIONS **********************************************************/
524
525/*++
526* @name ObAssignSecurity
527* @implemented NT4
528*
529* The ObAssignSecurity routine <FILLMEIN>
530*
531* @param AccessState
532* <FILLMEIN>
533*
534* @param SecurityDescriptor
535* <FILLMEIN>
536*
537* @param Object
538* <FILLMEIN>
539*
540* @param Type
541* <FILLMEIN>
542*
543* @return STATUS_SUCCESS or appropriate error value.
544*
545* @remarks None.
546*
547*--*/
548NTSTATUS
549NTAPI
550ObAssignSecurity(IN PACCESS_STATE AccessState,
551 IN PSECURITY_DESCRIPTOR SecurityDescriptor,
552 IN PVOID Object,
553 IN POBJECT_TYPE Type)
554{
555 PSECURITY_DESCRIPTOR NewDescriptor;
556 NTSTATUS Status;
557 KIRQL CalloutIrql;
558 PAGED_CODE();
559
560 /* Build the new security descriptor */
561 Status = SeAssignSecurity(SecurityDescriptor,
562 AccessState->SecurityDescriptor,
563 &NewDescriptor,
564 (Type == ObpDirectoryObjectType),
565 &AccessState->SubjectSecurityContext,
566 &Type->TypeInfo.GenericMapping,
567 PagedPool);
568 if (!NT_SUCCESS(Status)) return Status;
569
570 /* Call the security method */
571 ObpCalloutStart(&CalloutIrql);
572 Status = Type->TypeInfo.SecurityProcedure(Object,
573 AssignSecurityDescriptor,
574 NULL,
575 NewDescriptor,
576 NULL,
577 NULL,
578 PagedPool,
579 &Type->TypeInfo.GenericMapping);
580 ObpCalloutEnd(CalloutIrql, "Security", Type, Object);
581
582 /* Check for failure and deassign security if so */
583 if (!NT_SUCCESS(Status)) SeDeassignSecurity(&NewDescriptor);
584
585 /* Return to caller */
586 return Status;
587}
588
589/*++
590* @name ObGetObjectSecurity
591* @implemented NT4
592*
593* The ObGetObjectSecurity routine <FILLMEIN>
594*
595* @param Object
596* <FILLMEIN>
597*
598* @param SecurityDescriptor
599* <FILLMEIN>
600*
601* @param MemoryAllocated
602* <FILLMEIN>
603*
604* @return STATUS_SUCCESS or appropriate error value.
605*
606* @remarks None.
607*
608*--*/
609NTSTATUS
610NTAPI
611ObGetObjectSecurity(IN PVOID Object,
612 OUT PSECURITY_DESCRIPTOR *SecurityDescriptor,
613 OUT PBOOLEAN MemoryAllocated)
614{
615 POBJECT_HEADER Header;
616 POBJECT_TYPE Type;
617 ULONG Length = 0;
618 NTSTATUS Status;
619 SECURITY_INFORMATION SecurityInformation;
620 KIRQL CalloutIrql;
621 PAGED_CODE();
622
623 /* Get the object header and type */
624 Header = OBJECT_TO_OBJECT_HEADER(Object);
625 Type = Header->Type;
626
627 /* Tell the caller that we didn't have to allocate anything yet */
628 *MemoryAllocated = FALSE;
629
630 /* Check if the object uses default security */
631 if (Type->TypeInfo.SecurityProcedure == SeDefaultObjectMethod)
632 {
633 /* Reference the descriptor */
634 *SecurityDescriptor = ObpReferenceSecurityDescriptor(Header);
635 return STATUS_SUCCESS;
636 }
637
638 /* Set mask to query */
639 SecurityInformation = OWNER_SECURITY_INFORMATION |
640 GROUP_SECURITY_INFORMATION |
641 DACL_SECURITY_INFORMATION |
642 SACL_SECURITY_INFORMATION;
643
644 /* Get the security descriptor size */
645 ObpCalloutStart(&CalloutIrql);
646 Status = Type->TypeInfo.SecurityProcedure(Object,
647 QuerySecurityDescriptor,
648 &SecurityInformation,
649 *SecurityDescriptor,
650 &Length,
651 &Header->SecurityDescriptor,
652 Type->TypeInfo.PoolType,
653 &Type->TypeInfo.GenericMapping);
654 ObpCalloutEnd(CalloutIrql, "Security", Type, Object);
655
656 /* Check for failure */
657 if (Status != STATUS_BUFFER_TOO_SMALL) return Status;
658
659 /* Allocate security descriptor */
660 *SecurityDescriptor = ExAllocatePoolWithTag(PagedPool,
661 Length,
662 TAG_SEC_QUERY);
663 if (!(*SecurityDescriptor)) return STATUS_INSUFFICIENT_RESOURCES;
664 *MemoryAllocated = TRUE;
665
666 /* Query security descriptor */
667 ObpCalloutStart(&CalloutIrql);
668 Status = Type->TypeInfo.SecurityProcedure(Object,
669 QuerySecurityDescriptor,
670 &SecurityInformation,
671 *SecurityDescriptor,
672 &Length,
673 &Header->SecurityDescriptor,
674 Type->TypeInfo.PoolType,
675 &Type->TypeInfo.GenericMapping);
676 ObpCalloutEnd(CalloutIrql, "Security", Type, Object);
677
678 /* Check for failure */
679 if (!NT_SUCCESS(Status))
680 {
681 /* Free the descriptor and tell the caller we failed */
682 ExFreePoolWithTag(*SecurityDescriptor, TAG_SEC_QUERY);
683 *MemoryAllocated = FALSE;
684 }
685
686 /* Return status */
687 return Status;
688}
689
690/*++
691* @name ObReleaseObjectSecurity
692* @implemented NT4
693*
694* The ObReleaseObjectSecurity routine <FILLMEIN>
695*
696* @param SecurityDescriptor
697* <FILLMEIN>
698*
699* @param MemoryAllocated
700* <FILLMEIN>
701*
702* @return STATUS_SUCCESS or appropriate error value.
703*
704* @remarks None.
705*
706*--*/
707VOID
708NTAPI
709ObReleaseObjectSecurity(IN PSECURITY_DESCRIPTOR SecurityDescriptor,
710 IN BOOLEAN MemoryAllocated)
711{
712 PAGED_CODE();
713
714 /* Nothing to do in this case */
715 if (!SecurityDescriptor) return;
716
717 /* Check if we had allocated it from memory */
718 if (MemoryAllocated)
719 {
720 /* Free it */
721 ExFreePoolWithTag(SecurityDescriptor, TAG_SEC_QUERY);
722 }
723 else
724 {
725 /* Otherwise this means we used an internal descriptor */
726 ObDereferenceSecurityDescriptor(SecurityDescriptor, 1);
727 }
728}
729
730/*++
731* @name ObSetSecurityObjectByPointer
732* @implemented NT5.1
733*
734* The ObSetSecurityObjectByPointer routine <FILLMEIN>
735*
736* @param SecurityDescriptor
737* <FILLMEIN>
738*
739* @param MemoryAllocated
740* <FILLMEIN>
741*
742* @return STATUS_SUCCESS or appropriate error value.
743*
744* @remarks None.
745*
746*--*/
747NTSTATUS
748NTAPI
749ObSetSecurityObjectByPointer(IN PVOID Object,
750 IN SECURITY_INFORMATION SecurityInformation,
751 IN PSECURITY_DESCRIPTOR SecurityDescriptor)
752{
753 POBJECT_TYPE Type;
754 POBJECT_HEADER Header;
755 PAGED_CODE();
756
757 /* Get the header and type */
758 Header = OBJECT_TO_OBJECT_HEADER(Object);
759 Type = Header->Type;
760
761 /* Sanity check */
762 ASSERT(SecurityDescriptor);
763
764 /* Call the security procedure */
765 return Type->TypeInfo.SecurityProcedure(Object,
766 SetSecurityDescriptor,
767 &SecurityInformation,
768 SecurityDescriptor,
769 NULL,
770 &Header->SecurityDescriptor,
771 Type->TypeInfo.PoolType,
772 &Type->TypeInfo.GenericMapping);
773}
774
775/*++
776* @name NtQuerySecurityObject
777* @implemented NT4
778*
779* The NtQuerySecurityObject routine <FILLMEIN>
780*
781* @param Handle
782* <FILLMEIN>
783*
784* @param SecurityInformation
785* <FILLMEIN>
786*
787* @param SecurityDescriptor
788* <FILLMEIN>
789*
790* @param Length
791* <FILLMEIN>
792*
793* @param ResultLength
794* <FILLMEIN>
795*
796* @return STATUS_SUCCESS or appropriate error value.
797*
798* @remarks None.
799*
800*--*/
801NTSTATUS
802NTAPI
803NtQuerySecurityObject(IN HANDLE Handle,
804 IN SECURITY_INFORMATION SecurityInformation,
805 OUT PSECURITY_DESCRIPTOR SecurityDescriptor,
806 IN ULONG Length,
807 OUT PULONG ResultLength)
808{
809 KPROCESSOR_MODE PreviousMode = ExGetPreviousMode();
810 PVOID Object;
811 POBJECT_HEADER Header;
812 POBJECT_TYPE Type;
813 ACCESS_MASK DesiredAccess;
814 NTSTATUS Status;
815 PAGED_CODE();
816
817 /* Check if we came from user mode */
818 if (PreviousMode != KernelMode)
819 {
820 /* Enter SEH */
821 _SEH2_TRY
822 {
823 /* Probe the SD and the length pointer */
824 ProbeForWrite(SecurityDescriptor, Length, sizeof(ULONG));
825 ProbeForWriteUlong(ResultLength);
826 }
827 _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
828 {
829 /* Return the exception code */
830 _SEH2_YIELD(return _SEH2_GetExceptionCode());
831 }
832 _SEH2_END;
833 }
834
835 /* Get the required access rights for the operation */
836 SeQuerySecurityAccessMask(SecurityInformation, &DesiredAccess);
837
838 /* Reference the object */
839 Status = ObReferenceObjectByHandle(Handle,
840 DesiredAccess,
841 NULL,
842 PreviousMode,
843 &Object,
844 NULL);
845 if (!NT_SUCCESS(Status)) return Status;
846
847 /* Get the Object Header and Type */
848 Header = OBJECT_TO_OBJECT_HEADER(Object);
849 Type = Header->Type;
850
851 /* Call the security procedure's query function */
852 Status = Type->TypeInfo.SecurityProcedure(Object,
853 QuerySecurityDescriptor,
854 &SecurityInformation,
855 SecurityDescriptor,
856 &Length,
857 &Header->SecurityDescriptor,
858 Type->TypeInfo.PoolType,
859 &Type->TypeInfo.GenericMapping);
860
861 /* Dereference the object */
862 ObDereferenceObject(Object);
863
864 /* Protect write with SEH */
865 _SEH2_TRY
866 {
867 /* Return the needed length */
868 *ResultLength = Length;
869 }
870 _SEH2_EXCEPT(ExSystemExceptionFilter())
871 {
872 /* Get the exception code */
873 Status = _SEH2_GetExceptionCode();
874 }
875 _SEH2_END;
876
877 /* Return status */
878 return Status;
879}
880
881/*++
882* @name NtSetSecurityObject
883* @implemented NT4
884*
885* The NtSetSecurityObject routine <FILLMEIN>
886*
887* @param Handle
888* <FILLMEIN>
889*
890* @param SecurityInformation
891* <FILLMEIN>
892*
893* @param SecurityDescriptor
894* <FILLMEIN>
895*
896* @return STATUS_SUCCESS or appropriate error value.
897*
898* @remarks None.
899*
900*--*/
901NTSTATUS
902NTAPI
903NtSetSecurityObject(IN HANDLE Handle,
904 IN SECURITY_INFORMATION SecurityInformation,
905 IN PSECURITY_DESCRIPTOR SecurityDescriptor)
906{
907 KPROCESSOR_MODE PreviousMode = ExGetPreviousMode();
908 PVOID Object;
909 SECURITY_DESCRIPTOR_RELATIVE *CapturedDescriptor;
910 ACCESS_MASK DesiredAccess = 0;
911 NTSTATUS Status;
912 PAGED_CODE();
913
914 /* Make sure the caller doesn't pass a NULL security descriptor! */
915 if (!SecurityDescriptor) return STATUS_ACCESS_VIOLATION;
916
917 /* Set the required access rights for the operation */
918 SeSetSecurityAccessMask(SecurityInformation, &DesiredAccess);
919
920 /* Reference the object */
921 Status = ObReferenceObjectByHandle(Handle,
922 DesiredAccess,
923 NULL,
924 PreviousMode,
925 &Object,
926 NULL);
927 if (NT_SUCCESS(Status))
928 {
929 /* Capture and make a copy of the security descriptor */
930 Status = SeCaptureSecurityDescriptor(SecurityDescriptor,
931 PreviousMode,
932 PagedPool,
933 TRUE,
934 (PSECURITY_DESCRIPTOR*)
935 &CapturedDescriptor);
936 if (!NT_SUCCESS(Status))
937 {
938 /* Fail */
939 ObDereferenceObject(Object);
940 return Status;
941 }
942
943 /* Sanity check */
944 ASSERT(CapturedDescriptor->Control & SE_SELF_RELATIVE);
945
946 /*
947 * Make sure the security descriptor passed by the caller
948 * is valid for the operation we're about to perform
949 */
950 if (((SecurityInformation & OWNER_SECURITY_INFORMATION) &&
951 !(CapturedDescriptor->Owner)) ||
952 ((SecurityInformation & GROUP_SECURITY_INFORMATION) &&
953 !(CapturedDescriptor->Group)))
954 {
955 /* Set the failure status */
956 Status = STATUS_INVALID_SECURITY_DESCR;
957 }
958 else
959 {
960 /* Set security */
961 Status = ObSetSecurityObjectByPointer(Object,
962 SecurityInformation,
963 CapturedDescriptor);
964 }
965
966 /* Release the descriptor and return status */
967 SeReleaseSecurityDescriptor((PSECURITY_DESCRIPTOR)CapturedDescriptor,
968 PreviousMode,
969 TRUE);
970
971 /* Now we can dereference the object */
972 ObDereferenceObject(Object);
973 }
974
975 return Status;
976}
977
978/*++
979* @name ObQueryObjectAuditingByHandle
980* @implemented NT5
981*
982* The ObDereferenceSecurityDescriptor routine <FILLMEIN>
983*
984* @param SecurityDescriptor
985* <FILLMEIN>
986*
987* @param Count
988* <FILLMEIN>
989*
990* @return STATUS_SUCCESS or appropriate error value.
991*
992* @remarks None.
993*
994*--*/
995NTSTATUS
996NTAPI
997ObQueryObjectAuditingByHandle(IN HANDLE Handle,
998 OUT PBOOLEAN GenerateOnClose)
999{
1000 PHANDLE_TABLE_ENTRY HandleEntry;
1001 PVOID HandleTable;
1002 NTSTATUS Status = STATUS_SUCCESS;
1003 PAGED_CODE();
1004
1005 /* Check if we're dealing with a kernel handle */
1006 if (ObpIsKernelHandle(Handle, ExGetPreviousMode()))
1007 {
1008 /* Use the kernel table and convert the handle */
1009 HandleTable = ObpKernelHandleTable;
1010 Handle = ObKernelHandleToHandle(Handle);
1011 }
1012 else
1013 {
1014 /* Use the process's handle table */
1015 HandleTable = PsGetCurrentProcess()->ObjectTable;
1016 }
1017
1018 /* Enter a critical region while we touch the handle table */
1019 KeEnterCriticalRegion();
1020
1021 /* Map the handle */
1022 HandleEntry = ExMapHandleToPointer(HandleTable, Handle);
1023 if(HandleEntry)
1024 {
1025 /* Check if the flag is set */
1026 *GenerateOnClose = HandleEntry->ObAttributes & OBJ_AUDIT_OBJECT_CLOSE;
1027
1028 /* Unlock the entry */
1029 ExUnlockHandleTableEntry(HandleTable, HandleEntry);
1030 }
1031 else
1032 {
1033 /* Otherwise, fail */
1034 Status = STATUS_INVALID_HANDLE;
1035 }
1036
1037 /* Leave the critical region and return the status */
1038 KeLeaveCriticalRegion();
1039 return Status;
1040}
1041
1042/* EOF */
PAGED_CODE
#define PAGED_CODE()
Definition: Bus_PDO_QueryResourceRequirements.c:89
ObpDirectoryObjectType
#define ObpDirectoryObjectType
Definition: ObTypes.c:118
SeDefaultObjectMethod
static OB_SECURITY_METHOD SeDefaultObjectMethod
Definition: ObTypes.c:134
BOOLEAN
unsigned char BOOLEAN
Definition: ProcessorBind.h:185
GenericMapping
static GENERIC_MAPPING GenericMapping
Definition: SeInheritance.c:11
Type
Type
Definition: Type.h:7
SeAccessCheck
BOOLEAN NTAPI SeAccessCheck(_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext, _In_ BOOLEAN SubjectContextLocked, _In_ ACCESS_MASK DesiredAccess, _In_ ACCESS_MASK PreviouslyGrantedAccess, _Out_ PPRIVILEGE_SET *Privileges, _In_ PGENERIC_MAPPING GenericMapping, _In_ KPROCESSOR_MODE AccessMode, _Out_ PACCESS_MASK GrantedAccess, _Out_ PNTSTATUS AccessStatus)
Determines whether security access rights can be given to an object depending on the security descrip...
Definition: accesschk.c:1966
NTSTATUS
LONG NTSTATUS
Definition: precomp.h:26
Header
Definition: Header.h:9
NULL
#define NULL
Definition: types.h:112
TRUE
#define TRUE
Definition: types.h:120
FALSE
#define FALSE
Definition: types.h:117
NT_SUCCESS
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
ExAllocatePoolWithTag
#define ExAllocatePoolWithTag(hernya, size, tag)
Definition: env_spec_w32.h:350
KIRQL
UCHAR KIRQL
Definition: env_spec_w32.h:591
ExFreePool
#define ExFreePool(addr)
Definition: env_spec_w32.h:352
PagedPool
#define PagedPool
Definition: env_spec_w32.h:308
MAX_FAST_REFS
#define MAX_FAST_REFS
Definition: ex.h:133
ExGetCountFastReference
FORCEINLINE ULONG ExGetCountFastReference(IN EX_FAST_REF FastRef)
Definition: ex.h:588
ExGetPreviousMode
#define ExGetPreviousMode
Definition: ex.h:140
ExCompareSwapFastReference
FORCEINLINE EX_FAST_REF ExCompareSwapFastReference(IN PEX_FAST_REF FastRef, IN PVOID Object, IN PVOID OldObject)
Definition: ex.h:747
ExInitializeFastReference
FORCEINLINE VOID ExInitializeFastReference(OUT PEX_FAST_REF FastRef, IN OPTIONAL PVOID Object)
Definition: ex.h:596
ExGetObjectFastReference
FORCEINLINE PVOID ExGetObjectFastReference(IN EX_FAST_REF FastRef)
Definition: ex.h:580
ProbeForWrite
VOID NTAPI ProbeForWrite(IN PVOID Address, IN SIZE_T Length, IN ULONG Alignment)
Definition: exintrin.c:143
_SEH2_END
#define _SEH2_END
Definition: filesup.c:22
_SEH2_TRY
#define _SEH2_TRY
Definition: filesup.c:19
SecurityInformation
_Must_inspect_result_ _In_ PFILE_OBJECT _In_ SECURITY_INFORMATION SecurityInformation
Definition: fltkernel.h:1340
Handle
ULONG Handle
Definition: gdb_input.c:15
Status
Status
Definition: gdiplustypes.h:25
ExSystemExceptionFilter
LONG NTAPI ExSystemExceptionFilter(VOID)
Definition: harderr.c:349
HandleTable
static XMS_HANDLE HandleTable[XMS_MAX_HANDLES]
Definition: himem.c:83
EXCEPTION_EXECUTE_HANDLER
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:85
KeLeaveCriticalRegion
#define KeLeaveCriticalRegion()
Definition: ke_x.h:119
KeEnterCriticalRegion
#define KeEnterCriticalRegion()
Definition: ke_x.h:88
if
if(dx< 0)
Definition: linetemp.h:194
ASSERT
#define ASSERT(a)
Definition: mode.c:44
ExFreePoolWithTag
#define ExFreePoolWithTag(_P, _T)
Definition: module.h:1109
PNTSTATUS
* PNTSTATUS
Definition: strlen.c:14
ObjectType
ObjectType
Definition: metafile.c:81
SECURITY_INFORMATION
DWORD SECURITY_INFORMATION
Definition: ms-dtyp.idl:311
PSECURITY_INFORMATION
DWORD * PSECURITY_INFORMATION
Definition: ms-dtyp.idl:311
KernelMode
#define KernelMode
Definition: asm.h:34
PEX_FAST_REF
struct _EX_FAST_REF * PEX_FAST_REF
OBJECT_TO_OBJECT_HEADER
#define OBJECT_TO_OBJECT_HEADER(o)
Definition: obtypes.h:111
Count
int Count
Definition: noreturn.cpp:7
FILE_WRITE_DATA
#define FILE_WRITE_DATA
Definition: nt_native.h:631
ACCESS_MASK
ULONG ACCESS_MASK
Definition: nt_native.h:40
MAXIMUM_ALLOWED
#define MAXIMUM_ALLOWED
Definition: nt_native.h:83
Length
_In_ ULONG _In_ ULONG _In_ ULONG Length
Definition: ntddpcm.h:102
ExMapHandleToPointer
PHANDLE_TABLE_ENTRY NTAPI ExMapHandleToPointer(IN PHANDLE_TABLE HandleTable, IN HANDLE Handle)
Definition: handle.c:1046
ExUnlockHandleTableEntry
VOID NTAPI ExUnlockHandleTableEntry(IN PHANDLE_TABLE HandleTable, IN PHANDLE_TABLE_ENTRY HandleTableEntry)
Definition: handle.c:923
SeSetSecurityAccessMask
VOID NTAPI SeSetSecurityAccessMask(_In_ SECURITY_INFORMATION SecurityInformation, _Out_ PACCESS_MASK DesiredAccess)
Sets the access mask for a security information context.
Definition: semgr.c:460
SeQuerySecurityAccessMask
VOID NTAPI SeQuerySecurityAccessMask(_In_ SECURITY_INFORMATION SecurityInformation, _Out_ PACCESS_MASK DesiredAccess)
Queries the access mask from a security information context.
Definition: semgr.c:427
SeFastTraverseCheck
BOOLEAN NTAPI SeFastTraverseCheck(_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ PACCESS_STATE AccessState, _In_ ACCESS_MASK DesiredAccess, _In_ KPROCESSOR_MODE AccessMode)
Determines whether security access rights can be given to an object depending on the security descrip...
Definition: accesschk.c:2110
SeOpenObjectAuditAlarm
VOID NTAPI SeOpenObjectAuditAlarm(_In_ PUNICODE_STRING ObjectTypeName, _In_opt_ PVOID Object, _In_opt_ PUNICODE_STRING AbsoluteObjectName, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ PACCESS_STATE AccessState, _In_ BOOLEAN ObjectCreated, _In_ BOOLEAN AccessGranted, _In_ KPROCESSOR_MODE AccessMode, _Out_ PBOOLEAN GenerateOnClose)
Creates an audit with alarm notification of an object that is being opened.
Definition: audit.c:1213
SeFreePrivileges
VOID NTAPI SeFreePrivileges(_In_ PPRIVILEGE_SET Privileges)
Frees a set of privileges.
Definition: priv.c:669
SeAppendPrivileges
NTSTATUS NTAPI SeAppendPrivileges(_Inout_ PACCESS_STATE AccessState, _In_ PPRIVILEGE_SET Privileges)
Appends additional privileges.
Definition: priv.c:588
SeCaptureSecurityDescriptor
NTSTATUS NTAPI SeCaptureSecurityDescriptor(_In_ PSECURITY_DESCRIPTOR _OriginalSecurityDescriptor, _In_ KPROCESSOR_MODE CurrentMode, _In_ POOL_TYPE PoolType, _In_ BOOLEAN CaptureIfKernel, _Out_ PSECURITY_DESCRIPTOR *CapturedSecurityDescriptor)
Captures a security descriptor.
Definition: sd.c:386
SeReleaseSecurityDescriptor
NTSTATUS NTAPI SeReleaseSecurityDescriptor(_In_ PSECURITY_DESCRIPTOR CapturedSecurityDescriptor, _In_ KPROCESSOR_MODE CurrentMode, _In_ BOOLEAN CaptureIfKernelMode)
Releases a captured security descriptor buffer.
Definition: sd.c:760
STATUS_INVALID_HANDLE
#define STATUS_INVALID_HANDLE
Definition: ntstatus.h:245
STATUS_INVALID_SECURITY_DESCR
#define STATUS_INVALID_SECURITY_DESCR
Definition: ntstatus.h:357
STATUS_ACCESS_VIOLATION
#define STATUS_ACCESS_VIOLATION
Definition: ntstatus.h:242
ObpReferenceSecurityDescriptor
PSECURITY_DESCRIPTOR NTAPI ObpReferenceSecurityDescriptor(IN POBJECT_HEADER ObjectHeader)
Definition: obsdcach.c:181
ObpKernelHandleTable
PHANDLE_TABLE ObpKernelHandleTable
Definition: obhandle.c:20
ObpIsKernelHandle
#define ObpIsKernelHandle(Handle, ProcessorMode)
Definition: ob.h:74
ObKernelHandleToHandle
#define ObKernelHandleToHandle(Handle)
Definition: ob.h:83
OBJ_AUDIT_OBJECT_CLOSE
#define OBJ_AUDIT_OBJECT_CLOSE
Definition: ob.h:51
ObpAcquireObjectLock
FORCEINLINE VOID ObpAcquireObjectLock(IN POBJECT_HEADER ObjectHeader)
Definition: ob_x.h:48
ObpReleaseObjectLock
FORCEINLINE VOID ObpReleaseObjectLock(IN POBJECT_HEADER ObjectHeader)
Definition: ob_x.h:84
ObpCalloutStart
FORCEINLINE VOID ObpCalloutStart(IN PKIRQL CalloutIrql)
Definition: ob_x.h:497
ObpCalloutEnd
FORCEINLINE VOID ObpCalloutEnd(IN KIRQL CalloutIrql, IN PCHAR Procedure, IN POBJECT_TYPE ObjectType, IN PVOID Object)
Definition: ob_x.h:505
ObReferenceObjectByHandle
NTSTATUS NTAPI ObReferenceObjectByHandle(IN HANDLE Handle, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, OUT PVOID *Object, OUT POBJECT_HANDLE_INFORMATION HandleInformation OPTIONAL)
Definition: obref.c:494
ObLogSecurityDescriptor
NTSTATUS NTAPI ObLogSecurityDescriptor(IN PSECURITY_DESCRIPTOR InputSecurityDescriptor, OUT PSECURITY_DESCRIPTOR *OutputSecurityDescriptor, IN ULONG RefBias)
Definition: obsdcach.c:364
ObDereferenceSecurityDescriptor
VOID NTAPI ObDereferenceSecurityDescriptor(IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN ULONG Count)
Definition: obsdcach.c:287
ObGetObjectSecurity
NTSTATUS NTAPI ObGetObjectSecurity(IN PVOID Object, OUT PSECURITY_DESCRIPTOR *SecurityDescriptor, OUT PBOOLEAN MemoryAllocated)
Definition: obsecure.c:611
ObDeassignSecurity
NTSTATUS NTAPI ObDeassignSecurity(IN OUT PSECURITY_DESCRIPTOR *SecurityDescriptor)
Definition: obsecure.c:60
ObpCheckTraverseAccess
BOOLEAN NTAPI ObpCheckTraverseAccess(IN PVOID Object, IN ACCESS_MASK TraverseAccess, IN PACCESS_STATE AccessState OPTIONAL, IN BOOLEAN LockHeld, IN KPROCESSOR_MODE AccessMode, OUT PNTSTATUS AccessStatus)
Definition: obsecure.c:267
ObAssignObjectSecurityDescriptor
NTSTATUS NTAPI ObAssignObjectSecurityDescriptor(IN PVOID Object, IN PSECURITY_DESCRIPTOR SecurityDescriptor OPTIONAL, IN POOL_TYPE PoolType)
Definition: obsecure.c:20
NtSetSecurityObject
NTSTATUS NTAPI NtSetSecurityObject(IN HANDLE Handle, IN SECURITY_INFORMATION SecurityInformation, IN PSECURITY_DESCRIPTOR SecurityDescriptor)
Definition: obsecure.c:903
ObSetSecurityObjectByPointer
NTSTATUS NTAPI ObSetSecurityObjectByPointer(IN PVOID Object, IN SECURITY_INFORMATION SecurityInformation, IN PSECURITY_DESCRIPTOR SecurityDescriptor)
Definition: obsecure.c:749
NtQuerySecurityObject
NTSTATUS NTAPI NtQuerySecurityObject(IN HANDLE Handle, IN SECURITY_INFORMATION SecurityInformation, OUT PSECURITY_DESCRIPTOR SecurityDescriptor, IN ULONG Length, OUT PULONG ResultLength)
Definition: obsecure.c:803
ObQueryObjectAuditingByHandle
NTSTATUS NTAPI ObQueryObjectAuditingByHandle(IN HANDLE Handle, OUT PBOOLEAN GenerateOnClose)
Definition: obsecure.c:997
ObpCheckObjectReference
BOOLEAN NTAPI ObpCheckObjectReference(IN PVOID Object, IN OUT PACCESS_STATE AccessState, IN BOOLEAN LockHeld, IN KPROCESSOR_MODE AccessMode, OUT PNTSTATUS AccessStatus)
Definition: obsecure.c:340
ObSetSecurityDescriptorInfo
NTSTATUS NTAPI ObSetSecurityDescriptorInfo(IN PVOID Object, IN PSECURITY_INFORMATION SecurityInformation, IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor, IN OUT PSECURITY_DESCRIPTOR *OutputSecurityDescriptor, IN POOL_TYPE PoolType, IN PGENERIC_MAPPING GenericMapping)
Definition: obsecure.c:117
ObReleaseObjectSecurity
VOID NTAPI ObReleaseObjectSecurity(IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN BOOLEAN MemoryAllocated)
Definition: obsecure.c:709
ObCheckObjectAccess
BOOLEAN NTAPI ObCheckObjectAccess(IN PVOID Object, IN OUT PACCESS_STATE AccessState, IN BOOLEAN LockHeld, IN KPROCESSOR_MODE AccessMode, OUT PNTSTATUS ReturnedStatus)
Definition: obsecure.c:441
ObCheckCreateObjectAccess
BOOLEAN NTAPI ObCheckCreateObjectAccess(IN PVOID Object, IN ACCESS_MASK CreateAccess, IN PACCESS_STATE AccessState, IN PUNICODE_STRING ComponentName, IN BOOLEAN LockHeld, IN KPROCESSOR_MODE AccessMode, OUT PNTSTATUS AccessStatus)
Definition: obsecure.c:203
ObAssignSecurity
NTSTATUS NTAPI ObAssignSecurity(IN PACCESS_STATE AccessState, IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN PVOID Object, IN POBJECT_TYPE Type)
Definition: obsecure.c:550
ObQuerySecurityDescriptorInfo
NTSTATUS NTAPI ObQuerySecurityDescriptorInfo(IN PVOID Object, IN PSECURITY_INFORMATION SecurityInformation, OUT PSECURITY_DESCRIPTOR SecurityDescriptor, IN OUT PULONG Length, IN PSECURITY_DESCRIPTOR *OutputSecurityDescriptor)
Definition: obsecure.c:85
_SEH2_GetExceptionCode
#define _SEH2_GetExceptionCode()
Definition: pseh2_64.h:159
_SEH2_EXCEPT
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:34
_SEH2_YIELD
#define _SEH2_YIELD(__stmt)
Definition: pseh2_64.h:162
ProbeForWriteUlong
#define ProbeForWriteUlong(Ptr)
Definition: probe.h:36
STATUS_SUCCESS
#define STATUS_SUCCESS
Definition: shellext.h:65
STATUS_BUFFER_TOO_SMALL
#define STATUS_BUFFER_TOO_SMALL
Definition: shellext.h:69
OPTIONAL
PULONG MinorVersion OPTIONAL
Definition: CrossNt.h:68
_ACCESS_STATE
Definition: setypes.h:224
_AUX_ACCESS_DATA
Definition: setypes.h:257
_EX_FAST_REF
Definition: extypes.h:419
_GENERIC_MAPPING
Definition: nt_native.h:564
_HANDLE_TABLE_ENTRY
Definition: extypes.h:596
_HANDLE_TABLE_ENTRY::ObAttributes
ULONG_PTR ObAttributes
Definition: extypes.h:600
_OBJECT_HEADER
Definition: obtypes.h:486
_OBJECT_HEADER::SecurityDescriptor
PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: obtypes.h:503
_OBJECT_HEADER::Type
POBJECT_TYPE Type
Definition: obtypes.h:493
_OBJECT_TYPE
Definition: obtypes.h:380
_PRIVILEGE_SET
Definition: setypes.h:85
_SECURITY_DESCRIPTOR_RELATIVE
Definition: setypes.h:836
_SECURITY_DESCRIPTOR
Definition: ms-dtyp.idl:301
_SECURITY_DESCRIPTOR::Group
ULONG Group
Definition: ms-dtyp.idl:306
_SECURITY_DESCRIPTOR::Control
USHORT Control
Definition: ms-dtyp.idl:304
_SECURITY_DESCRIPTOR::Owner
ULONG Owner
Definition: ms-dtyp.idl:305
_UNICODE_STRING
Definition: env_spec_w32.h:368
SeLockSubjectContext
VOID NTAPI SeLockSubjectContext(_In_ PSECURITY_SUBJECT_CONTEXT SubjectContext)
Locks both the referenced primary and client access tokens of a security subject context.
Definition: subject.c:107
SeUnlockSubjectContext
VOID NTAPI SeUnlockSubjectContext(_In_ PSECURITY_SUBJECT_CONTEXT SubjectContext)
Unlocks both the referenced primary and client access tokens of a security subject context.
Definition: subject.c:138
TAG_SEC_QUERY
#define TAG_SEC_QUERY
Definition: tag.h:121
TAG_SD
#define TAG_SD
Definition: tag.h:153
PULONG
uint32_t * PULONG
Definition: typedefs.h:59
PBOOLEAN
unsigned char * PBOOLEAN
Definition: typedefs.h:53
POOL_TYPE
INT POOL_TYPE
Definition: typedefs.h:78
NTAPI
#define NTAPI
Definition: typedefs.h:36
IN
#define IN
Definition: typedefs.h:39
ULONG
uint32_t ULONG
Definition: typedefs.h:59
OUT
#define OUT
Definition: typedefs.h:40
STATUS_INSUFFICIENT_RESOURCES
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
Object
_Must_inspect_result_ _In_ WDFCOLLECTION _In_ WDFOBJECT Object
Definition: wdfcollection.h:123
ResultLength
_Must_inspect_result_ _In_ WDFDEVICE _In_ DEVICE_REGISTRY_PROPERTY _In_ ULONG _Out_ PULONG ResultLength
Definition: wdfdevice.h:3776
DesiredAccess
_Must_inspect_result_ _In_ WDFDEVICE _In_ ULONG _In_ ACCESS_MASK DesiredAccess
Definition: wdfdevice.h:2658
PoolType
_Must_inspect_result_ _In_ WDFDEVICE _In_ DEVICE_REGISTRY_PROPERTY _In_ _Strict_type_match_ POOL_TYPE PoolType
Definition: wdfdevice.h:3815
SecurityDescriptor
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:191
Result
_At_(*)(_In_ PWSK_CLIENT Client, _In_opt_ PUNICODE_STRING NodeName, _In_opt_ PUNICODE_STRING ServiceName, _In_opt_ ULONG NameSpace, _In_opt_ GUID *Provider, _In_opt_ PADDRINFOEXW Hints, _Outptr_ PADDRINFOEXW *Result, _In_opt_ PEPROCESS OwningProcess, _In_opt_ PETHREAD OwningThread, _Inout_ PIRP Irp Result)(Mem)) NTSTATUS(WSKAPI *PFN_WSK_GET_ADDRESS_INFO
Definition: wsk.h:409
KPROCESSOR_MODE
CCHAR KPROCESSOR_MODE
Definition: ketypes.h:7
AccessMode
_In_ PEPROCESS _In_ KPROCESSOR_MODE AccessMode
Definition: mmfuncs.h:396
ObDereferenceObject
#define ObDereferenceObject
Definition: obfuncs.h:203
MemoryAllocated
_Out_ PSECURITY_DESCRIPTOR _Out_ PBOOLEAN MemoryAllocated
Definition: obfuncs.h:24
PsGetCurrentProcess
#define PsGetCurrentProcess
Definition: psfuncs.h:17
Privileges
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET * Privileges
Definition: sefuncs.h:17
GenerateOnClose
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE _In_ BOOLEAN _In_ BOOLEAN _In_ KPROCESSOR_MODE _In_opt_ GUID _Out_ PBOOLEAN GenerateOnClose
Definition: sefuncs.h:422
SeSetSecurityDescriptorInfo
NTKERNELAPI NTSTATUS NTAPI SeSetSecurityDescriptorInfo(_In_opt_ PVOID Object, _In_ PSECURITY_INFORMATION SecurityInformation, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _Inout_ PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor, _In_ POOL_TYPE PoolType, _In_ PGENERIC_MAPPING GenericMapping)
SeQuerySecurityDescriptorInfo
NTKERNELAPI NTSTATUS NTAPI SeQuerySecurityDescriptorInfo(_In_ PSECURITY_INFORMATION SecurityInformation, _Out_writes_bytes_(*Length) PSECURITY_DESCRIPTOR SecurityDescriptor, _Inout_ PULONG Length, _Inout_ PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor)
AccessStatus
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK _Out_ PNTSTATUS AccessStatus
Definition: sefuncs.h:21
PreviousMode
_In_ KPROCESSOR_MODE PreviousMode
Definition: sefuncs.h:103
AccessState
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE AccessState
Definition: sefuncs.h:417
NewDescriptor
_In_opt_ PSECURITY_DESCRIPTOR _Out_ PSECURITY_DESCRIPTOR * NewDescriptor
Definition: sefuncs.h:30
GrantedAccess
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK GrantedAccess
Definition: sefuncs.h:20
DACL_SECURITY_INFORMATION
#define DACL_SECURITY_INFORMATION
Definition: setypes.h:125
OWNER_SECURITY_INFORMATION
#define OWNER_SECURITY_INFORMATION
Definition: setypes.h:123
SE_SELF_RELATIVE
#define SE_SELF_RELATIVE
Definition: setypes.h:834
GROUP_SECURITY_INFORMATION
#define GROUP_SECURITY_INFORMATION
Definition: setypes.h:124
SACL_SECURITY_INFORMATION
#define SACL_SECURITY_INFORMATION
Definition: setypes.h:126