ReactOS  0.4.15-dev-3193-g74513a7
accesschk.c File Reference
#include <ntoskrnl.h>
#include <debug.h>
Include dependency graph for accesschk.c:

Go to the source code of this file.

Macros

#define NDEBUG
 

Functions

BOOLEAN NTAPI SepAccessCheck (_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_TYPE_LIST ObjectTypeList, _In_ ULONG ObjectTypeListLength, _In_ ACCESS_MASK PreviouslyGrantedAccess, _Out_ PPRIVILEGE_SET *Privileges, _In_ PGENERIC_MAPPING GenericMapping, _In_ KPROCESSOR_MODE AccessMode, _Out_ PACCESS_MASK GrantedAccessList, _Out_ PNTSTATUS AccessStatusList, _In_ BOOLEAN UseResultList)
 Private function that determines whether security access rights can be given to an object depending on the security descriptor and other security context entities, such as an owner. More...
 
static PSID SepGetSDOwner (_In_ PSECURITY_DESCRIPTOR _SecurityDescriptor)
 Retrieves the main user from a security descriptor. More...
 
static PSID SepGetSDGroup (_In_ PSECURITY_DESCRIPTOR _SecurityDescriptor)
 Retrieves the group from a security descriptor. More...
 
static ULONG SepGetPrivilegeSetLength (_In_ PPRIVILEGE_SET PrivilegeSet)
 Retrieves the length size of a set list of privileges structure. More...
 
BOOLEAN NTAPI SeAccessCheck (_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext, _In_ BOOLEAN SubjectContextLocked, _In_ ACCESS_MASK DesiredAccess, _In_ ACCESS_MASK PreviouslyGrantedAccess, _Out_ PPRIVILEGE_SET *Privileges, _In_ PGENERIC_MAPPING GenericMapping, _In_ KPROCESSOR_MODE AccessMode, _Out_ PACCESS_MASK GrantedAccess, _Out_ PNTSTATUS AccessStatus)
 Determines whether security access rights can be given to an object depending on the security descriptor and other security context entities, such as an owner. More...
 
BOOLEAN NTAPI SeFastTraverseCheck (_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ PACCESS_STATE AccessState, _In_ ACCESS_MASK DesiredAccess, _In_ KPROCESSOR_MODE AccessMode)
 Determines whether security access rights can be given to an object depending on the security descriptor. Unlike the regular access check procedure in the NT kernel, the fast traverse check is a faster way to quickly check if access can be made into an object. More...
 
NTSTATUS NTAPI NtAccessCheck (_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ HANDLE TokenHandle, _In_ ACCESS_MASK DesiredAccess, _In_ PGENERIC_MAPPING GenericMapping, _Out_opt_ PPRIVILEGE_SET PrivilegeSet, _Inout_ PULONG PrivilegeSetLength, _Out_ PACCESS_MASK GrantedAccess, _Out_ PNTSTATUS AccessStatus)
 Determines whether security access rights can be given to an object depending on the security descriptor and a valid handle to an access token. More...
 
NTSTATUS NTAPI NtAccessCheckByType (_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ PSID PrincipalSelfSid, _In_ HANDLE ClientToken, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_TYPE_LIST ObjectTypeList, _In_ ULONG ObjectTypeLength, _In_ PGENERIC_MAPPING GenericMapping, _In_ PPRIVILEGE_SET PrivilegeSet, _Inout_ PULONG PrivilegeSetLength, _Out_ PACCESS_MASK GrantedAccess, _Out_ PNTSTATUS AccessStatus)
 Determines whether security access could be granted or not on an object by the requestor who wants such access through type. More...
 
NTSTATUS NTAPI NtAccessCheckByTypeResultList (_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ PSID PrincipalSelfSid, _In_ HANDLE ClientToken, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_TYPE_LIST ObjectTypeList, _In_ ULONG ObjectTypeLength, _In_ PGENERIC_MAPPING GenericMapping, _In_ PPRIVILEGE_SET PrivilegeSet, _Inout_ PULONG PrivilegeSetLength, _Out_ PACCESS_MASK GrantedAccess, _Out_ PNTSTATUS AccessStatus)
 Determines whether security access could be granted or not on an object by the requestor who wants such access through type list. More...
 

Macro Definition Documentation

◆ NDEBUG

#define NDEBUG

Definition at line 12 of file accesschk.c.

Function Documentation

◆ NtAccessCheck()

NTSTATUS NTAPI NtAccessCheck ( _In_ PSECURITY_DESCRIPTOR  SecurityDescriptor,
_In_ HANDLE  TokenHandle,
_In_ ACCESS_MASK  DesiredAccess,
_In_ PGENERIC_MAPPING  GenericMapping,
_Out_opt_ PPRIVILEGE_SET  PrivilegeSet,
_Inout_ PULONG  PrivilegeSetLength,
_Out_ PACCESS_MASK  GrantedAccess,
_Out_ PNTSTATUS  AccessStatus 
)

Determines whether security access rights can be given to an object depending on the security descriptor and a valid handle to an access token.

Parameters
[in]SecurityDescriptorSecurity descriptor of the object that is being accessed.
[in]TokenHandleA handle to a token.
[in]DesiredAccessThe access right bitmask where the calling thread wants to acquire.
[in]GenericMappingThe generic mapping of access rights of an object type.
[out]PrivilegeSetThe returned set of privileges.
[in,out]PrivilegeSetLengthThe total length size of a set of privileges.
[out]GrantedAccessA list of granted access rights.
[out]AccessStatusThe returned status code specifying why access cannot be made onto an object (if said access is denied in the first place).
Returns
Returns STATUS_SUCCESS if access check has been done without problems and that the object can be accessed. STATUS_GENERIC_NOT_MAPPED is returned if no generic access right is mapped. STATUS_NO_IMPERSONATION_TOKEN is returned if the token from the handle is not an impersonation token. STATUS_BAD_IMPERSONATION_LEVEL is returned if the token cannot be impersonated because the current security impersonation level doesn't permit so. STATUS_INVALID_SECURITY_DESCR is returned if the security descriptor given to the call is not a valid one. STATUS_BUFFER_TOO_SMALL is returned if the buffer to the captured privileges has a length that is less than the required size of the set of privileges. A failure NTSTATUS code is returned otherwise.

Definition at line 711 of file accesschk.c.

720 {
721  PSECURITY_DESCRIPTOR CapturedSecurityDescriptor = NULL;
726  ULONG CapturedPrivilegeSetLength, RequiredPrivilegeSetLength;
727  PTOKEN Token;
729  PAGED_CODE();
730 
731  /* Check if this is kernel mode */
732  if (PreviousMode == KernelMode)
733  {
734  /* Check if kernel wants everything */
736  {
737  /* Give it */
740  }
741  else
742  {
743  /* Just give the desired access */
745  }
746 
747  /* Success */
749  return STATUS_SUCCESS;
750  }
751 
752  /* Protect probe in SEH */
753  _SEH2_TRY
754  {
755  /* Probe all pointers */
757  ProbeForRead(PrivilegeSetLength, sizeof(ULONG), sizeof(ULONG));
758  ProbeForWrite(PrivilegeSet, *PrivilegeSetLength, sizeof(ULONG));
759  ProbeForWrite(GrantedAccess, sizeof(ACCESS_MASK), sizeof(ULONG));
760  ProbeForWrite(AccessStatus, sizeof(NTSTATUS), sizeof(ULONG));
761 
762  /* Capture the privilege set length and the mapping */
763  CapturedPrivilegeSetLength = *PrivilegeSetLength;
764  }
766  {
767  /* Return the exception code */
769  }
770  _SEH2_END;
771 
772  /* Check for unmapped access rights */
775 
776  /* Reference the token */
778  TOKEN_QUERY,
780  PreviousMode,
781  (PVOID*)&Token,
782  NULL);
783  if (!NT_SUCCESS(Status))
784  {
785  DPRINT("Failed to reference token (Status %lx)\n", Status);
786  return Status;
787  }
788 
789  /* Check token type */
790  if (Token->TokenType != TokenImpersonation)
791  {
792  DPRINT("No impersonation token\n");
795  }
796 
797  /* Check the impersonation level */
798  if (Token->ImpersonationLevel < SecurityIdentification)
799  {
800  DPRINT("Impersonation level < SecurityIdentification\n");
803  }
804 
805  /* Check for ACCESS_SYSTEM_SECURITY and WRITE_OWNER access */
808  NULL,
809  Token,
810  &Privileges,
811  PreviousMode);
812  if (!NT_SUCCESS(Status))
813  {
814  DPRINT("SePrivilegePolicyCheck failed (Status 0x%08lx)\n", Status);
816  *AccessStatus = Status;
817  *GrantedAccess = 0;
818  return STATUS_SUCCESS;
819  }
820 
821  /* Check the size of the privilege set and return the privileges */
822  if (Privileges != NULL)
823  {
824  DPRINT("Privileges != NULL\n");
825 
826  /* Calculate the required privilege set buffer size */
827  RequiredPrivilegeSetLength = SepGetPrivilegeSetLength(Privileges);
828 
829  /* Fail if the privilege set buffer is too small */
830  if (CapturedPrivilegeSetLength < RequiredPrivilegeSetLength)
831  {
834  *PrivilegeSetLength = RequiredPrivilegeSetLength;
836  }
837 
838  /* Copy the privilege set to the caller */
839  RtlCopyMemory(PrivilegeSet,
840  Privileges,
841  RequiredPrivilegeSetLength);
842 
843  /* Free the local privilege set */
845  }
846  else
847  {
848  DPRINT("Privileges == NULL\n");
849 
850  /* Fail if the privilege set buffer is too small */
851  if (CapturedPrivilegeSetLength < sizeof(PRIVILEGE_SET))
852  {
854  *PrivilegeSetLength = sizeof(PRIVILEGE_SET);
856  }
857 
858  /* Initialize the privilege set */
859  PrivilegeSet->PrivilegeCount = 0;
860  PrivilegeSet->Control = 0;
861  }
862 
863  /* Capture the security descriptor */
865  PreviousMode,
866  PagedPool,
867  FALSE,
868  &CapturedSecurityDescriptor);
869  if (!NT_SUCCESS(Status))
870  {
871  DPRINT("Failed to capture the Security Descriptor\n");
873  return Status;
874  }
875 
876  /* Check the captured security descriptor */
877  if (CapturedSecurityDescriptor == NULL)
878  {
879  DPRINT("Security Descriptor is NULL\n");
882  }
883 
884  /* Check security descriptor for valid owner and group */
885  if (SepGetSDOwner(CapturedSecurityDescriptor) == NULL ||
886  SepGetSDGroup(CapturedSecurityDescriptor) == NULL)
887  {
888  DPRINT("Security Descriptor does not have a valid group or owner\n");
889  SeReleaseSecurityDescriptor(CapturedSecurityDescriptor,
890  PreviousMode,
891  FALSE);
894  }
895 
896  /* Set up the subject context, and lock it */
898 
899  /* Lock the token */
901 
902  /* Check if the token is the owner and grant WRITE_DAC and READ_CONTROL rights */
904  {
905  if (SepTokenIsOwner(Token, CapturedSecurityDescriptor, FALSE))
906  {
909  else
911 
913  }
914  }
915 
916  if (DesiredAccess == 0)
917  {
920  }
921  else
922  {
923  /* Now perform the access check */
924  SepAccessCheck(CapturedSecurityDescriptor,
927  NULL,
928  0,
930  &PrivilegeSet, //FIXME
932  PreviousMode,
934  AccessStatus,
935  FALSE);
936  }
937 
938  /* Release subject context and unlock the token */
941 
942  /* Release the captured security descriptor */
943  SeReleaseSecurityDescriptor(CapturedSecurityDescriptor,
944  PreviousMode,
945  FALSE);
946 
947  /* Dereference the token */
949 
950  /* Check succeeded */
951  return STATUS_SUCCESS;
952 }
#define MAXIMUM_ALLOWED
Definition: nt_native.h:83
_Must_inspect_result_ _In_ WDFDEVICE _In_ ULONG _In_ ACCESS_MASK DesiredAccess
Definition: wdfdevice.h:2654
#define GENERIC_ALL
Definition: nt_native.h:92
#define STATUS_INVALID_SECURITY_DESCR
Definition: ntstatus.h:357
#define STATUS_BAD_IMPERSONATION_LEVEL
Definition: ntstatus.h:401
static ULONG SepGetPrivilegeSetLength(_In_ PPRIVILEGE_SET PrivilegeSet)
Retrieves the length size of a set list of privileges structure.
Definition: accesschk.c:400
struct _PRIVILEGE_SET PRIVILEGE_SET
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK _Out_ PNTSTATUS AccessStatus
Definition: sefuncs.h:13
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:182
LONG NTSTATUS
Definition: precomp.h:26
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
KPROCESSOR_MODE NTAPI ExGetPreviousMode(VOID)
Definition: sysinfo.c:3070
VOID NTAPI ProbeForWrite(IN PVOID Address, IN SIZE_T Length, IN ULONG Alignment)
Definition: exintrin.c:143
#define STATUS_BUFFER_TOO_SMALL
Definition: shellext.h:69
_SEH2_TRY
Definition: create.c:4226
NTSTATUS NTAPI ObReferenceObjectByHandle(IN HANDLE Handle, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, OUT PVOID *Object, OUT POBJECT_HANDLE_INFORMATION HandleInformation OPTIONAL)
Definition: obref.c:494
#define FALSE
Definition: types.h:117
#define GENERIC_WRITE
Definition: nt_native.h:90
#define STATUS_GENERIC_NOT_MAPPED
Definition: ntstatus.h:466
POBJECT_TYPE SeTokenObjectType
Definition: token.c:19
_In_ ACCESS_MASK _In_ ULONG _Out_ PHANDLE TokenHandle
Definition: psfuncs.h:715
#define STATUS_NO_IMPERSONATION_TOKEN
Definition: ntstatus.h:328
Status
Definition: gdiplustypes.h:24
_In_ KPROCESSOR_MODE PreviousMode
Definition: sefuncs.h:103
#define TOKEN_QUERY
Definition: setypes.h:893
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:85
VOID NTAPI SeCaptureSubjectContext(_Out_ PSECURITY_SUBJECT_CONTEXT SubjectContext)
Captures the security subject context of the calling thread and calling process.
Definition: access.c:434
static PSID SepGetSDGroup(_In_ PSECURITY_DESCRIPTOR _SecurityDescriptor)
Retrieves the group from a security descriptor.
Definition: accesschk.c:373
NTSTATUS NTAPI SeCaptureSecurityDescriptor(_In_ PSECURITY_DESCRIPTOR _OriginalSecurityDescriptor, _In_ KPROCESSOR_MODE CurrentMode, _In_ POOL_TYPE PoolType, _In_ BOOLEAN CaptureIfKernel, _Out_ PSECURITY_DESCRIPTOR *CapturedSecurityDescriptor)
Captures a security descriptor.
Definition: sd.c:386
#define ObDereferenceObject
Definition: obfuncs.h:203
#define WRITE_DAC
Definition: nt_native.h:59
BOOLEAN NTAPI SepAccessCheck(_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_TYPE_LIST ObjectTypeList, _In_ ULONG ObjectTypeListLength, _In_ ACCESS_MASK PreviouslyGrantedAccess, _Out_ PPRIVILEGE_SET *Privileges, _In_ PGENERIC_MAPPING GenericMapping, _In_ KPROCESSOR_MODE AccessMode, _Out_ PACCESS_MASK GrantedAccessList, _Out_ PNTSTATUS AccessStatusList, _In_ BOOLEAN UseResultList)
Private function that determines whether security access rights can be given to an object depending o...
Definition: accesschk.c:69
CCHAR KPROCESSOR_MODE
Definition: ketypes.h:7
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET * Privileges
Definition: sefuncs.h:13
#define READ_CONTROL
Definition: nt_native.h:58
VOID NTAPI ProbeForRead(IN CONST VOID *Address, IN SIZE_T Length, IN ULONG Alignment)
Definition: exintrin.c:102
#define SepReleaseTokenLock(Token)
Definition: se.h:231
NTSTATUS NTAPI SePrivilegePolicyCheck(_Inout_ PACCESS_MASK DesiredAccess, _Inout_ PACCESS_MASK GrantedAccess, _In_ PSECURITY_SUBJECT_CONTEXT SubjectContext, _In_ PTOKEN Token, _Out_opt_ PPRIVILEGE_SET *OutPrivilegeSet, _In_ KPROCESSOR_MODE PreviousMode)
Checks the security policy and returns a set of privileges based upon the said security policy contex...
Definition: priv.c:242
#define GENERIC_READ
Definition: compat.h:135
NTSTATUS NTAPI SeReleaseSecurityDescriptor(_In_ PSECURITY_DESCRIPTOR CapturedSecurityDescriptor, _In_ KPROCESSOR_MODE CurrentMode, _In_ BOOLEAN CaptureIfKernelMode)
Releases a captured security descriptor buffer.
Definition: sd.c:760
VOID NTAPI SeFreePrivileges(_In_ PPRIVILEGE_SET Privileges)
Frees a set of privileges.
Definition: priv.c:663
static GENERIC_MAPPING GenericMapping
Definition: SeInheritance.c:11
_SEH2_END
Definition: create.c:4400
static PSID SepGetSDOwner(_In_ PSECURITY_DESCRIPTOR _SecurityDescriptor)
Retrieves the main user from a security descriptor.
Definition: accesschk.c:346
#define NULL
Definition: types.h:112
VOID NTAPI SeReleaseSubjectContext(_In_ PSECURITY_SUBJECT_CONTEXT SubjectContext)
Releases both the primary and client tokens of a security subject context.
Definition: access.c:520
BOOLEAN NTAPI SepTokenIsOwner(_In_ PACCESS_TOKEN _Token, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ BOOLEAN TokenLocked)
Checks if a token belongs to the main user, being the owner.
Definition: access.c:177
#define SepAcquireTokenLockShared(Token)
Definition: se.h:225
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK PreviouslyGrantedAccess
Definition: sefuncs.h:13
unsigned int ULONG
Definition: retypes.h:1
#define RtlCopyMemory(Destination, Source, Length)
Definition: typedefs.h:263
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:40
#define STATUS_SUCCESS
Definition: shellext.h:65
#define _SEH2_GetExceptionCode()
Definition: pseh2_64.h:165
#define _SEH2_YIELD(__stmt)
Definition: pseh2_64.h:168
ACCESS_MASK GenericAll
Definition: nt_native.h:568
#define DPRINT
Definition: sndvol32.h:71
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK GrantedAccess
Definition: sefuncs.h:13
#define GENERIC_EXECUTE
Definition: nt_native.h:91
ULONG ACCESS_MASK
Definition: nt_native.h:40
#define PAGED_CODE()
_In_ PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext
Definition: sefuncs.h:13

Referenced by AccessCheck(), and CheckTokenMembership().

◆ NtAccessCheckByType()

NTSTATUS NTAPI NtAccessCheckByType ( _In_ PSECURITY_DESCRIPTOR  SecurityDescriptor,
_In_ PSID  PrincipalSelfSid,
_In_ HANDLE  ClientToken,
_In_ ACCESS_MASK  DesiredAccess,
_In_ POBJECT_TYPE_LIST  ObjectTypeList,
_In_ ULONG  ObjectTypeLength,
_In_ PGENERIC_MAPPING  GenericMapping,
_In_ PPRIVILEGE_SET  PrivilegeSet,
_Inout_ PULONG  PrivilegeSetLength,
_Out_ PACCESS_MASK  GrantedAccess,
_Out_ PNTSTATUS  AccessStatus 
)

Determines whether security access could be granted or not on an object by the requestor who wants such access through type.

Parameters
[in]SecurityDescriptorA security descriptor with information data for auditing.
[in]PrincipalSelfSidA principal self user SID.
[in]ClientTokenA client access token.
[in]DesiredAccessThe desired access masks rights requested by the caller.
[in]ObjectTypeListA list of object types.
[in]ObjectTypeLengthThe length size of the list.
[in]GenericMappingThe generic mapping list of access masks rights.
[in]PrivilegeSetAn array set of privileges.
[in,out]PrivilegeSetLengthThe length size of the array set of privileges.
[out]GrantedAccessThe returned granted access rights.
[out]AccessStatusThe returned NTSTATUS code indicating the final results of auditing.
Returns
To be added...

Definition at line 998 of file accesschk.c.

1010 {
1011  UNIMPLEMENTED;
1012  return STATUS_NOT_IMPLEMENTED;
1013 }
return STATUS_NOT_IMPLEMENTED
#define UNIMPLEMENTED
Definition: debug.h:115

◆ NtAccessCheckByTypeResultList()

NTSTATUS NTAPI NtAccessCheckByTypeResultList ( _In_ PSECURITY_DESCRIPTOR  SecurityDescriptor,
_In_ PSID  PrincipalSelfSid,
_In_ HANDLE  ClientToken,
_In_ ACCESS_MASK  DesiredAccess,
_In_ POBJECT_TYPE_LIST  ObjectTypeList,
_In_ ULONG  ObjectTypeLength,
_In_ PGENERIC_MAPPING  GenericMapping,
_In_ PPRIVILEGE_SET  PrivilegeSet,
_Inout_ PULONG  PrivilegeSetLength,
_Out_ PACCESS_MASK  GrantedAccess,
_Out_ PNTSTATUS  AccessStatus 
)

Determines whether security access could be granted or not on an object by the requestor who wants such access through type list.

Parameters
[in]SecurityDescriptorA security descriptor with information data for auditing.
[in]PrincipalSelfSidA principal self user SID.
[in]ClientTokenA client access token.
[in]DesiredAccessThe desired access masks rights requested by the caller.
[in]ObjectTypeListA list of object types.
[in]ObjectTypeLengthThe length size of the list.
[in]GenericMappingThe generic mapping list of access masks rights.
[in]PrivilegeSetAn array set of privileges.
[in,out]PrivilegeSetLengthThe length size of the array set of privileges.
[out]GrantedAccessThe returned granted access rights.
[out]AccessStatusThe returned NTSTATUS code indicating the final results of auditing.
Returns
To be added...

Definition at line 1060 of file accesschk.c.

1072 {
1073  UNIMPLEMENTED;
1074  return STATUS_NOT_IMPLEMENTED;
1075 }
return STATUS_NOT_IMPLEMENTED
#define UNIMPLEMENTED
Definition: debug.h:115

◆ SeAccessCheck()

BOOLEAN NTAPI SeAccessCheck ( _In_ PSECURITY_DESCRIPTOR  SecurityDescriptor,
_In_ PSECURITY_SUBJECT_CONTEXT  SubjectSecurityContext,
_In_ BOOLEAN  SubjectContextLocked,
_In_ ACCESS_MASK  DesiredAccess,
_In_ ACCESS_MASK  PreviouslyGrantedAccess,
_Out_ PPRIVILEGE_SET Privileges,
_In_ PGENERIC_MAPPING  GenericMapping,
_In_ KPROCESSOR_MODE  AccessMode,
_Out_ PACCESS_MASK  GrantedAccess,
_Out_ PNTSTATUS  AccessStatus 
)

Determines whether security access rights can be given to an object depending on the security descriptor and other security context entities, such as an owner.

Parameters
[in]SecurityDescriptorSecurity descriptor of the object that is being accessed.
[in]SubjectSecurityContextThe captured subject security context.
[in]SubjectContextLockedIf set to TRUE, a lock must be acquired for the security subject context.
[in]DesiredAccessAccess right bitmask that the calling thread wants to acquire.
[in]PreviouslyGrantedAccessThe access rights previously acquired in the past.
[out]PrivilegesThe returned set of privileges.
[in]GenericMappingThe generic mapping of access rights of an object type.
[in]AccessModeThe processor request level mode.
[out]GrantedAccessA list of granted access rights.
[out]AccessStatusThe returned status code specifying why access cannot be made onto an object (if said access is denied in the first place).
Returns
Returns TRUE if access onto the specific object is allowed, FALSE otherwise.

Definition at line 459 of file accesschk.c.

470 {
471  BOOLEAN ret;
472 
473  PAGED_CODE();
474 
475  /* Check if this is kernel mode */
476  if (AccessMode == KernelMode)
477  {
478  /* Check if kernel wants everything */
480  {
481  /* Give it */
485  }
486  else
487  {
488  /* Give the desired and previous access */
490  }
491 
492  /* Success */
494  return TRUE;
495  }
496 
497  /* Check if we didn't get an SD */
498  if (!SecurityDescriptor)
499  {
500  /* Automatic failure */
502  return FALSE;
503  }
504 
505  /* Check for invalid impersonation */
508  {
510  return FALSE;
511  }
512 
513  /* Acquire the lock if needed */
516 
517  /* Check if the token is the owner and grant WRITE_DAC and READ_CONTROL rights */
519  {
522 
525  FALSE))
526  {
529  else
531 
533  }
534  }
535 
536  if (DesiredAccess == 0)
537  {
539  if (PreviouslyGrantedAccess == 0)
540  {
541  DPRINT1("Request for zero access to an object. Denying.\n");
543  ret = FALSE;
544  }
545  else
546  {
548  ret = TRUE;
549  }
550  }
551  else
552  {
553  /* Call the internal function */
557  NULL,
558  0,
560  Privileges,
562  AccessMode,
564  AccessStatus,
565  FALSE);
566  }
567 
568  /* Release the lock if needed */
571 
572  return ret;
573 }
#define MAXIMUM_ALLOWED
Definition: nt_native.h:83
_Must_inspect_result_ _In_ WDFDEVICE _In_ ULONG _In_ ACCESS_MASK DesiredAccess
Definition: wdfdevice.h:2654
#define STATUS_BAD_IMPERSONATION_LEVEL
Definition: ntstatus.h:401
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK _Out_ PNTSTATUS AccessStatus
Definition: sefuncs.h:13
#define TRUE
Definition: types.h:120
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:182
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
VOID NTAPI SeLockSubjectContext(_In_ PSECURITY_SUBJECT_CONTEXT SubjectContext)
Locks both the referenced primary and client access tokens of a security subject context.
Definition: access.c:456
#define FALSE
Definition: types.h:117
_In_ PEPROCESS _In_ KPROCESSOR_MODE AccessMode
Definition: mmfuncs.h:395
unsigned char BOOLEAN
VOID NTAPI SeUnlockSubjectContext(_In_ PSECURITY_SUBJECT_CONTEXT SubjectContext)
Unlocks both the referenced primary and client access tokens of a security subject context.
Definition: access.c:487
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN SubjectContextLocked
Definition: sefuncs.h:13
PACCESS_TOKEN PrimaryToken
Definition: setypes.h:207
#define WRITE_DAC
Definition: nt_native.h:59
BOOLEAN NTAPI SepAccessCheck(_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_TYPE_LIST ObjectTypeList, _In_ ULONG ObjectTypeListLength, _In_ ACCESS_MASK PreviouslyGrantedAccess, _Out_ PPRIVILEGE_SET *Privileges, _In_ PGENERIC_MAPPING GenericMapping, _In_ KPROCESSOR_MODE AccessMode, _Out_ PACCESS_MASK GrantedAccessList, _Out_ PNTSTATUS AccessStatusList, _In_ BOOLEAN UseResultList)
Private function that determines whether security access rights can be given to an object depending o...
Definition: accesschk.c:69
#define STATUS_ACCESS_DENIED
Definition: udferr_usr.h:145
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET * Privileges
Definition: sefuncs.h:13
#define READ_CONTROL
Definition: nt_native.h:58
int ret
static GENERIC_MAPPING GenericMapping
Definition: SeInheritance.c:11
#define NULL
Definition: types.h:112
#define DPRINT1
Definition: precomp.h:8
BOOLEAN NTAPI SepTokenIsOwner(_In_ PACCESS_TOKEN _Token, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ BOOLEAN TokenLocked)
Checks if a token belongs to the main user, being the owner.
Definition: access.c:177
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
Definition: setypes.h:206
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK PreviouslyGrantedAccess
Definition: sefuncs.h:13
#define STATUS_SUCCESS
Definition: shellext.h:65
ACCESS_MASK GenericAll
Definition: nt_native.h:568
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK GrantedAccess
Definition: sefuncs.h:13
PACCESS_TOKEN ClientToken
Definition: setypes.h:205
#define PAGED_CODE()
_In_ PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext
Definition: sefuncs.h:13

Referenced by create_stream(), FatExplicitDeviceAccessGranted(), file_create(), IopParseDevice(), NpCreateClientEnd(), NpCreateExistingNamedPipe(), ObCheckCreateObjectAccess(), ObCheckObjectAccess(), ObpCheckObjectReference(), ObpCheckTraverseAccess(), open_file2(), PspCreateProcess(), PspCreateThread(), PspSetPrimaryToken(), set_link_information(), set_rename_information(), START_TEST(), and UDFCheckAccessRights().

◆ SeFastTraverseCheck()

BOOLEAN NTAPI SeFastTraverseCheck ( _In_ PSECURITY_DESCRIPTOR  SecurityDescriptor,
_In_ PACCESS_STATE  AccessState,
_In_ ACCESS_MASK  DesiredAccess,
_In_ KPROCESSOR_MODE  AccessMode 
)

Determines whether security access rights can be given to an object depending on the security descriptor. Unlike the regular access check procedure in the NT kernel, the fast traverse check is a faster way to quickly check if access can be made into an object.

Parameters
[in]SecurityDescriptorSecurity descriptor of the object that is being accessed.
[in]AccessStateAn access state to determine if the access token in the current security context of the object is an restricted token.
[in]DesiredAccessThe access right bitmask where the calling thread wants to acquire.
[in]AccessModeProcess level request mode.
Returns
Returns TRUE if access onto the specific object is allowed, FALSE otherwise.

Definition at line 601 of file accesschk.c.

606 {
607  PACL Dacl;
608  ULONG AceIndex;
609  PKNOWN_ACE Ace;
610 
611  PAGED_CODE();
612 
614 
615  if (SecurityDescriptor == NULL)
616  return FALSE;
617 
618  /* Get DACL */
620  /* If no DACL, grant access */
621  if (Dacl == NULL)
622  return TRUE;
623 
624  /* No ACE -> Deny */
625  if (!Dacl->AceCount)
626  return FALSE;
627 
628  /* Can't perform the check on restricted token */
629  if (AccessState->Flags & TOKEN_IS_RESTRICTED)
630  return FALSE;
631 
632  /* Browse the ACEs */
633  for (AceIndex = 0, Ace = (PKNOWN_ACE)((ULONG_PTR)Dacl + sizeof(ACL));
634  AceIndex < Dacl->AceCount;
635  AceIndex++, Ace = (PKNOWN_ACE)((ULONG_PTR)Ace + Ace->Header.AceSize))
636  {
637  if (Ace->Header.AceFlags & INHERIT_ONLY_ACE)
638  continue;
639 
640  /* If access-allowed ACE */
641  if (Ace->Header.AceType == ACCESS_ALLOWED_ACE_TYPE)
642  {
643  /* Check if all accesses are granted */
644  if (!(Ace->Mask & DesiredAccess))
645  continue;
646 
647  /* Check SID and grant access if matching */
648  if (RtlEqualSid(SeWorldSid, &(Ace->SidStart)))
649  return TRUE;
650  }
651  /* If access-denied ACE */
652  else if (Ace->Header.AceType == ACCESS_DENIED_ACE_TYPE)
653  {
654  /* Here, only check if it denies any access wanted and deny if so */
655  if (Ace->Mask & DesiredAccess)
656  return FALSE;
657  }
658  }
659 
660  /* Faulty, deny */
661  return FALSE;
662 }
struct _KNOWN_ACE * PKNOWN_ACE
_Must_inspect_result_ _In_ WDFDEVICE _In_ ULONG _In_ ACCESS_MASK DesiredAccess
Definition: wdfdevice.h:2654
Definition: se.h:3
#define TRUE
Definition: types.h:120
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:182
uint32_t ULONG_PTR
Definition: typedefs.h:65
#define FALSE
Definition: types.h:117
_In_ PEPROCESS _In_ KPROCESSOR_MODE AccessMode
Definition: mmfuncs.h:395
Definition: card.h:12
#define ASSERT(a)
Definition: mode.c:44
#define ACCESS_ALLOWED_ACE_TYPE
Definition: setypes.h:704
#define ACCESS_DENIED_ACE_TYPE
Definition: setypes.h:705
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE AccessState
Definition: sefuncs.h:414
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL Dacl
Definition: rtlfuncs.h:1552
_In_ ULONG AceIndex
Definition: rtlfuncs.h:1862
PSID SeWorldSid
Definition: sid.c:23
#define NULL
Definition: types.h:112
unsigned int ULONG
Definition: retypes.h:1
FORCEINLINE PACL SepGetDaclFromDescriptor(_Inout_ PVOID _Descriptor)
Definition: se.h:79
#define INHERIT_ONLY_ACE
Definition: setypes.h:736
NTSYSAPI BOOLEAN NTAPI RtlEqualSid(_In_ PSID Sid1, _In_ PSID Sid2)
#define TOKEN_IS_RESTRICTED
Definition: setypes.h:1148
#define PAGED_CODE()

Referenced by IopParseDevice(), and ObpCheckTraverseAccess().

◆ SepAccessCheck()

BOOLEAN NTAPI SepAccessCheck ( _In_ PSECURITY_DESCRIPTOR  SecurityDescriptor,
_In_ PSECURITY_SUBJECT_CONTEXT  SubjectSecurityContext,
_In_ ACCESS_MASK  DesiredAccess,
_In_ POBJECT_TYPE_LIST  ObjectTypeList,
_In_ ULONG  ObjectTypeListLength,
_In_ ACCESS_MASK  PreviouslyGrantedAccess,
_Out_ PPRIVILEGE_SET Privileges,
_In_ PGENERIC_MAPPING  GenericMapping,
_In_ KPROCESSOR_MODE  AccessMode,
_Out_ PACCESS_MASK  GrantedAccessList,
_Out_ PNTSTATUS  AccessStatusList,
_In_ BOOLEAN  UseResultList 
)

Private function that determines whether security access rights can be given to an object depending on the security descriptor and other security context entities, such as an owner.

Parameters
[in]SecurityDescriptorSecurity descriptor of the object that is being accessed.
[in]SubjectSecurityContextThe captured subject security context.
[in]DesiredAccessAccess right bitmask that the calling thread wants to acquire.
[in]ObjectTypeListLengthThe length of a object type list.
[in]PreviouslyGrantedAccessThe access rights previously acquired in the past.
[out]PrivilegesThe returned set of privileges.
[in]GenericMappingThe generic mapping of access rights of an object type.
[in]AccessModeThe processor request level mode.
[out]GrantedAccessListA list of granted access rights.
[out]AccessStatusListThe returned status code specifying why access cannot be made onto an object (if said access is denied in the first place).
[in]UseResultListIf set to TRUE, the function will return complete lists of access status codes and granted access rights.
Returns
Returns TRUE if access onto the specific object is allowed, FALSE otherwise.
Remarks
The function is currently incomplete!

Definition at line 69 of file accesschk.c.

82 {
83  ACCESS_MASK RemainingAccess;
84  ACCESS_MASK TempAccess;
85  ACCESS_MASK TempGrantedAccess = 0;
86  ACCESS_MASK TempDeniedAccess = 0;
88  ULONG i, ResultListLength;
89  PACL Dacl;
90  BOOLEAN Present;
91  BOOLEAN Defaulted;
92  PACE CurrentAce;
93  PSID Sid;
95  PAGED_CODE();
96 
97  DPRINT("SepAccessCheck()\n");
98 
99  /* Check for no access desired */
100  if (!DesiredAccess)
101  {
102  /* Check if we had no previous access */
104  {
105  /* Then there's nothing to give */
107  goto ReturnCommonStatus;
108  }
109 
110  /* Return the previous access only */
112  *Privileges = NULL;
113  goto ReturnCommonStatus;
114  }
115 
116  /* Map given accesses */
120 
121  /* Initialize remaining access rights */
122  RemainingAccess = DesiredAccess;
123 
126 
127  /* Check for ACCESS_SYSTEM_SECURITY and WRITE_OWNER access */
128  Status = SePrivilegePolicyCheck(&RemainingAccess,
130  NULL,
131  Token,
132  NULL,
133  UserMode);
134  if (!NT_SUCCESS(Status))
135  {
136  goto ReturnCommonStatus;
137  }
138 
139  /* Succeed if there are no more rights to grant */
140  if (RemainingAccess == 0)
141  {
143  goto ReturnCommonStatus;
144  }
145 
146  /* Get the DACL */
148  &Present,
149  &Dacl,
150  &Defaulted);
151  if (!NT_SUCCESS(Status))
152  {
153  goto ReturnCommonStatus;
154  }
155 
156  /* RULE 1: Grant desired access if the object is unprotected */
157  if (Present == FALSE || Dacl == NULL)
158  {
159  PreviouslyGrantedAccess |= RemainingAccess;
160  if (RemainingAccess & MAXIMUM_ALLOWED)
161  {
164  }
165 
167  goto ReturnCommonStatus;
168  }
169 
170  /* Deny access if the DACL is empty */
171  if (Dacl->AceCount == 0)
172  {
173  if (RemainingAccess == MAXIMUM_ALLOWED && PreviouslyGrantedAccess != 0)
174  {
176  }
177  else
178  {
181  }
182  goto ReturnCommonStatus;
183  }
184 
185  /* Determine the MAXIMUM_ALLOWED access rights according to the DACL */
187  {
188  CurrentAce = (PACE)(Dacl + 1);
189  for (i = 0; i < Dacl->AceCount; i++)
190  {
191  if (!(CurrentAce->Header.AceFlags & INHERIT_ONLY_ACE))
192  {
193  Sid = (PSID)(CurrentAce + 1);
194  if (CurrentAce->Header.AceType == ACCESS_DENIED_ACE_TYPE)
195  {
196  if (SepSidInToken(Token, Sid))
197  {
198  /* Map access rights from the ACE */
199  TempAccess = CurrentAce->AccessMask;
200  RtlMapGenericMask(&TempAccess, GenericMapping);
201 
202  /* Deny access rights that have not been granted yet */
203  TempDeniedAccess |= (TempAccess & ~TempGrantedAccess);
204  }
205  }
206  else if (CurrentAce->Header.AceType == ACCESS_ALLOWED_ACE_TYPE)
207  {
208  if (SepSidInToken(Token, Sid))
209  {
210  /* Map access rights from the ACE */
211  TempAccess = CurrentAce->AccessMask;
212  RtlMapGenericMask(&TempAccess, GenericMapping);
213 
214  /* Grant access rights that have not been denied yet */
215  TempGrantedAccess |= (TempAccess & ~TempDeniedAccess);
216  }
217  }
218  else
219  {
220  DPRINT1("Unsupported ACE type 0x%lx\n", CurrentAce->Header.AceType);
221  }
222  }
223 
224  /* Get the next ACE */
225  CurrentAce = (PACE)((ULONG_PTR)CurrentAce + CurrentAce->Header.AceSize);
226  }
227 
228  /* Fail if some rights have not been granted */
229  RemainingAccess &= ~(MAXIMUM_ALLOWED | TempGrantedAccess);
230  if (RemainingAccess != 0)
231  {
234  goto ReturnCommonStatus;
235  }
236 
237  /* Set granted access right and access status */
238  PreviouslyGrantedAccess |= TempGrantedAccess;
239  if (PreviouslyGrantedAccess != 0)
240  {
242  }
243  else
244  {
246  }
247  goto ReturnCommonStatus;
248  }
249 
250  /* RULE 4: Grant rights according to the DACL */
251  CurrentAce = (PACE)(Dacl + 1);
252  for (i = 0; i < Dacl->AceCount; i++)
253  {
254  if (!(CurrentAce->Header.AceFlags & INHERIT_ONLY_ACE))
255  {
256  Sid = (PSID)(CurrentAce + 1);
257  if (CurrentAce->Header.AceType == ACCESS_DENIED_ACE_TYPE)
258  {
259  if (SepSidInToken(Token, Sid))
260  {
261  /* Map access rights from the ACE */
262  TempAccess = CurrentAce->AccessMask;
263  RtlMapGenericMask(&TempAccess, GenericMapping);
264 
265  /* Leave if a remaining right must be denied */
266  if (RemainingAccess & TempAccess)
267  break;
268  }
269  }
270  else if (CurrentAce->Header.AceType == ACCESS_ALLOWED_ACE_TYPE)
271  {
272  if (SepSidInToken(Token, Sid))
273  {
274  /* Map access rights from the ACE */
275  TempAccess = CurrentAce->AccessMask;
276  DPRINT("TempAccess 0x%08lx\n", TempAccess);
277  RtlMapGenericMask(&TempAccess, GenericMapping);
278 
279  /* Remove granted rights */
280  DPRINT("RemainingAccess 0x%08lx TempAccess 0x%08lx\n", RemainingAccess, TempAccess);
281  RemainingAccess &= ~TempAccess;
282  DPRINT("RemainingAccess 0x%08lx\n", RemainingAccess);
283  }
284  }
285  else
286  {
287  DPRINT1("Unsupported ACE type 0x%lx\n", CurrentAce->Header.AceType);
288  }
289  }
290 
291  /* Get the next ACE */
292  CurrentAce = (PACE)((ULONG_PTR)CurrentAce + CurrentAce->Header.AceSize);
293  }
294 
295  DPRINT("DesiredAccess %08lx\nPreviouslyGrantedAccess %08lx\nRemainingAccess %08lx\n",
296  DesiredAccess, PreviouslyGrantedAccess, RemainingAccess);
297 
298  /* Fail if some rights have not been granted */
299  if (RemainingAccess != 0)
300  {
301  DPRINT("HACK: RemainingAccess = 0x%08lx DesiredAccess = 0x%08lx\n", RemainingAccess, DesiredAccess);
302 #if 0
303  /* HACK HACK HACK */
305  goto ReturnCommonStatus;
306 #endif
307  }
308 
309  /* Set granted access rights */
311 
312  /* Fail if no rights have been granted */
313  if (PreviouslyGrantedAccess == 0)
314  {
315  DPRINT1("PreviouslyGrantedAccess == 0 DesiredAccess = %08lx\n", DesiredAccess);
317  goto ReturnCommonStatus;
318  }
319 
321  goto ReturnCommonStatus;
322 
323 ReturnCommonStatus:
324  ResultListLength = UseResultList ? ObjectTypeListLength : 1;
325  for (i = 0; i < ResultListLength; i++)
326  {
327  GrantedAccessList[i] = PreviouslyGrantedAccess;
328  AccessStatusList[i] = Status;
329  }
330 
331  return NT_SUCCESS(Status);
332 }
#define MAXIMUM_ALLOWED
Definition: nt_native.h:83
_Must_inspect_result_ _In_ WDFDEVICE _In_ ULONG _In_ ACCESS_MASK DesiredAccess
Definition: wdfdevice.h:2654
UCHAR AceFlags
Definition: ms-dtyp.idl:211
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:182
struct _ACE * PACE
LONG NTSTATUS
Definition: precomp.h:26
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
ACCESS_MASK AccessMask
Definition: rtltypes.h:993
NTSYSAPI NTSTATUS NTAPI RtlGetDaclSecurityDescriptor(_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _Out_ PBOOLEAN DaclPresent, _Out_ PACL *Dacl, _Out_ PBOOLEAN DaclDefaulted)
uint32_t ULONG_PTR
Definition: typedefs.h:65
USHORT AceSize
Definition: ms-dtyp.idl:212
#define FALSE
Definition: types.h:117
unsigned char BOOLEAN
_In_ ULONG _In_ ACCESS_MASK _In_ PSID Sid
Definition: rtlfuncs.h:1103
Status
Definition: gdiplustypes.h:24
PACCESS_TOKEN PrimaryToken
Definition: setypes.h:207
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
#define ACCESS_ALLOWED_ACE_TYPE
Definition: setypes.h:704
#define STATUS_ACCESS_DENIED
Definition: udferr_usr.h:145
#define ACCESS_DENIED_ACE_TYPE
Definition: setypes.h:705
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET * Privileges
Definition: sefuncs.h:13
struct _SID * PSID
Definition: eventlog.c:35
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL Dacl
Definition: rtlfuncs.h:1552
UCHAR AceType
Definition: ms-dtyp.idl:210
NTSTATUS NTAPI SePrivilegePolicyCheck(_Inout_ PACCESS_MASK DesiredAccess, _Inout_ PACCESS_MASK GrantedAccess, _In_ PSECURITY_SUBJECT_CONTEXT SubjectContext, _In_ PTOKEN Token, _Out_opt_ PPRIVILEGE_SET *OutPrivilegeSet, _In_ KPROCESSOR_MODE PreviousMode)
Checks the security policy and returns a set of privileges based upon the said security policy contex...
Definition: priv.c:242
static GENERIC_MAPPING GenericMapping
Definition: SeInheritance.c:11
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
#define NULL
Definition: types.h:112
#define DPRINT1
Definition: precomp.h:8
BOOLEAN NTAPI SepSidInToken(_In_ PACCESS_TOKEN _Token, _In_ PSID Sid)
Checks if a SID is present in a token.
Definition: access.c:149
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK PreviouslyGrantedAccess
Definition: sefuncs.h:13
unsigned int ULONG
Definition: retypes.h:1
#define INHERIT_ONLY_ACE
Definition: setypes.h:736
#define STATUS_SUCCESS
Definition: shellext.h:65
ACCESS_MASK GenericAll
Definition: nt_native.h:568
#define DPRINT
Definition: sndvol32.h:71
PACCESS_TOKEN ClientToken
Definition: setypes.h:205
Definition: rtltypes.h:990
ACE_HEADER Header
Definition: rtltypes.h:992
ULONG ACCESS_MASK
Definition: nt_native.h:40
NTSYSAPI VOID NTAPI RtlMapGenericMask(PACCESS_MASK AccessMask, PGENERIC_MAPPING GenericMapping)
#define PAGED_CODE()
_In_ PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext
Definition: sefuncs.h:13

Referenced by NtAccessCheck(), and SeAccessCheck().

◆ SepGetPrivilegeSetLength()

static ULONG SepGetPrivilegeSetLength ( _In_ PPRIVILEGE_SET  PrivilegeSet)
static

Retrieves the length size of a set list of privileges structure.

Parameters
[in]PrivilegeSetA valid set of privileges.
Returns
Returns the total length of a set of privileges.

Definition at line 400 of file accesschk.c.

402 {
403  if (PrivilegeSet == NULL)
404  return 0;
405 
406  if (PrivilegeSet->PrivilegeCount == 0)
407  return (ULONG)(sizeof(PRIVILEGE_SET) - sizeof(LUID_AND_ATTRIBUTES));
408 
409  return (ULONG)(sizeof(PRIVILEGE_SET) +
410  (PrivilegeSet->PrivilegeCount - 1) * sizeof(LUID_AND_ATTRIBUTES));
411 }
struct _PRIVILEGE_SET PRIVILEGE_SET
struct _LUID_AND_ATTRIBUTES LUID_AND_ATTRIBUTES
#define NULL
Definition: types.h:112
unsigned int ULONG
Definition: retypes.h:1

Referenced by NtAccessCheck().

◆ SepGetSDGroup()

static PSID SepGetSDGroup ( _In_ PSECURITY_DESCRIPTOR  _SecurityDescriptor)
static

Retrieves the group from a security descriptor.

Parameters
[in]SecurityDescriptorA valid allocated security descriptor structure where the group is to be retrieved.
Returns
Returns a SID that represents a group.

Definition at line 373 of file accesschk.c.

375 {
376  PISECURITY_DESCRIPTOR SecurityDescriptor = _SecurityDescriptor;
377  PSID Group;
378 
379  if (SecurityDescriptor->Control & SE_SELF_RELATIVE)
380  Group = (PSID)((ULONG_PTR)SecurityDescriptor->Group +
382  else
383  Group = (PSID)SecurityDescriptor->Group;
384 
385  return Group;
386 }
#define SE_SELF_RELATIVE
Definition: setypes.h:799
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:182
_In_opt_ PSID Group
Definition: rtlfuncs.h:1605
uint32_t ULONG_PTR
Definition: typedefs.h:65
struct _SID * PSID
Definition: eventlog.c:35
#define ULONG_PTR
Definition: config.h:101

Referenced by NtAccessCheck().

◆ SepGetSDOwner()

static PSID SepGetSDOwner ( _In_ PSECURITY_DESCRIPTOR  _SecurityDescriptor)
static

Retrieves the main user from a security descriptor.

Parameters
[in]SecurityDescriptorA valid allocated security descriptor structure where the owner is to be retrieved.
Returns
Returns a SID that represents the main user (owner).

Definition at line 346 of file accesschk.c.

348 {
349  PISECURITY_DESCRIPTOR SecurityDescriptor = _SecurityDescriptor;
350  PSID Owner;
351 
352  if (SecurityDescriptor->Control & SE_SELF_RELATIVE)
353  Owner = (PSID)((ULONG_PTR)SecurityDescriptor->Owner +
355  else
357 
358  return Owner;
359 }
#define SE_SELF_RELATIVE
Definition: setypes.h:799
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:182
uint32_t ULONG_PTR
Definition: typedefs.h:65
struct _SID * PSID
Definition: eventlog.c:35
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ SaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ OwnerSize PSID Owner
Definition: rtlfuncs.h:1556
#define ULONG_PTR
Definition: config.h:101

Referenced by NtAccessCheck().