ReactOS  0.4.14-dev-77-gd9e7c48
accesschk.c File Reference
#include <ntoskrnl.h>
#include <debug.h>
Include dependency graph for accesschk.c:

Go to the source code of this file.

Macros

#define NDEBUG
 

Functions

BOOLEAN NTAPI SepAccessCheck (IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE_LIST ObjectTypeList, IN ULONG ObjectTypeListLength, IN ACCESS_MASK PreviouslyGrantedAccess, OUT PPRIVILEGE_SET *Privileges, IN PGENERIC_MAPPING GenericMapping, IN KPROCESSOR_MODE AccessMode, OUT PACCESS_MASK GrantedAccessList, OUT PNTSTATUS AccessStatusList, IN BOOLEAN UseResultList)
 
static PSID SepGetSDOwner (IN PSECURITY_DESCRIPTOR _SecurityDescriptor)
 
static PSID SepGetSDGroup (IN PSECURITY_DESCRIPTOR _SecurityDescriptor)
 
static ULONG SepGetPrivilegeSetLength (IN PPRIVILEGE_SET PrivilegeSet)
 
BOOLEAN NTAPI SeAccessCheck (IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext, IN BOOLEAN SubjectContextLocked, IN ACCESS_MASK DesiredAccess, IN ACCESS_MASK PreviouslyGrantedAccess, OUT PPRIVILEGE_SET *Privileges, IN PGENERIC_MAPPING GenericMapping, IN KPROCESSOR_MODE AccessMode, OUT PACCESS_MASK GrantedAccess, OUT PNTSTATUS AccessStatus)
 
BOOLEAN NTAPI SeFastTraverseCheck (IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN PACCESS_STATE AccessState, IN ACCESS_MASK DesiredAccess, IN KPROCESSOR_MODE AccessMode)
 
NTSTATUS NTAPI NtAccessCheck (IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN HANDLE TokenHandle, IN ACCESS_MASK DesiredAccess, IN PGENERIC_MAPPING GenericMapping, OUT PPRIVILEGE_SET PrivilegeSet OPTIONAL, IN OUT PULONG PrivilegeSetLength, OUT PACCESS_MASK GrantedAccess, OUT PNTSTATUS AccessStatus)
 
NTSTATUS NTAPI NtAccessCheckByType (IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN PSID PrincipalSelfSid, IN HANDLE ClientToken, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE_LIST ObjectTypeList, IN ULONG ObjectTypeLength, IN PGENERIC_MAPPING GenericMapping, IN PPRIVILEGE_SET PrivilegeSet, IN OUT PULONG PrivilegeSetLength, OUT PACCESS_MASK GrantedAccess, OUT PNTSTATUS AccessStatus)
 
NTSTATUS NTAPI NtAccessCheckByTypeResultList (IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN PSID PrincipalSelfSid, IN HANDLE ClientToken, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE_LIST ObjectTypeList, IN ULONG ObjectTypeLength, IN PGENERIC_MAPPING GenericMapping, IN PPRIVILEGE_SET PrivilegeSet, IN OUT PULONG PrivilegeSetLength, OUT PACCESS_MASK GrantedAccess, OUT PNTSTATUS AccessStatus)
 

Macro Definition Documentation

◆ NDEBUG

#define NDEBUG

Definition at line 13 of file accesschk.c.

Function Documentation

◆ NtAccessCheck()

NTSTATUS NTAPI NtAccessCheck ( IN PSECURITY_DESCRIPTOR  SecurityDescriptor,
IN HANDLE  TokenHandle,
IN ACCESS_MASK  DesiredAccess,
IN PGENERIC_MAPPING  GenericMapping,
OUT PPRIVILEGE_SET PrivilegeSet  OPTIONAL,
IN OUT PULONG  PrivilegeSetLength,
OUT PACCESS_MASK  GrantedAccess,
OUT PNTSTATUS  AccessStatus 
)

Definition at line 529 of file accesschk.c.

537 {
538  PSECURITY_DESCRIPTOR CapturedSecurityDescriptor = NULL;
543  ULONG CapturedPrivilegeSetLength, RequiredPrivilegeSetLength;
544  PTOKEN Token;
546  PAGED_CODE();
547 
548  /* Check if this is kernel mode */
549  if (PreviousMode == KernelMode)
550  {
551  /* Check if kernel wants everything */
553  {
554  /* Give it */
557  }
558  else
559  {
560  /* Just give the desired access */
562  }
563 
564  /* Success */
566  return STATUS_SUCCESS;
567  }
568 
569  /* Protect probe in SEH */
570  _SEH2_TRY
571  {
572  /* Probe all pointers */
574  ProbeForRead(PrivilegeSetLength, sizeof(ULONG), sizeof(ULONG));
575  ProbeForWrite(PrivilegeSet, *PrivilegeSetLength, sizeof(ULONG));
576  ProbeForWrite(GrantedAccess, sizeof(ACCESS_MASK), sizeof(ULONG));
577  ProbeForWrite(AccessStatus, sizeof(NTSTATUS), sizeof(ULONG));
578 
579  /* Capture the privilege set length and the mapping */
580  CapturedPrivilegeSetLength = *PrivilegeSetLength;
581  }
583  {
584  /* Return the exception code */
586  }
587  _SEH2_END;
588 
589  /* Check for unmapped access rights */
592 
593  /* Reference the token */
595  TOKEN_QUERY,
597  PreviousMode,
598  (PVOID*)&Token,
599  NULL);
600  if (!NT_SUCCESS(Status))
601  {
602  DPRINT("Failed to reference token (Status %lx)\n", Status);
603  return Status;
604  }
605 
606  /* Check token type */
607  if (Token->TokenType != TokenImpersonation)
608  {
609  DPRINT("No impersonation token\n");
612  }
613 
614  /* Check the impersonation level */
615  if (Token->ImpersonationLevel < SecurityIdentification)
616  {
617  DPRINT("Impersonation level < SecurityIdentification\n");
620  }
621 
622  /* Check for ACCESS_SYSTEM_SECURITY and WRITE_OWNER access */
625  NULL,
626  Token,
627  &Privileges,
628  PreviousMode);
629  if (!NT_SUCCESS(Status))
630  {
631  DPRINT("SePrivilegePolicyCheck failed (Status 0x%08lx)\n", Status);
633  *AccessStatus = Status;
634  *GrantedAccess = 0;
635  return STATUS_SUCCESS;
636  }
637 
638  /* Check the size of the privilege set and return the privileges */
639  if (Privileges != NULL)
640  {
641  DPRINT("Privileges != NULL\n");
642 
643  /* Calculate the required privilege set buffer size */
644  RequiredPrivilegeSetLength = SepGetPrivilegeSetLength(Privileges);
645 
646  /* Fail if the privilege set buffer is too small */
647  if (CapturedPrivilegeSetLength < RequiredPrivilegeSetLength)
648  {
651  *PrivilegeSetLength = RequiredPrivilegeSetLength;
653  }
654 
655  /* Copy the privilege set to the caller */
656  RtlCopyMemory(PrivilegeSet,
657  Privileges,
658  RequiredPrivilegeSetLength);
659 
660  /* Free the local privilege set */
662  }
663  else
664  {
665  DPRINT("Privileges == NULL\n");
666 
667  /* Fail if the privilege set buffer is too small */
668  if (CapturedPrivilegeSetLength < sizeof(PRIVILEGE_SET))
669  {
671  *PrivilegeSetLength = sizeof(PRIVILEGE_SET);
673  }
674 
675  /* Initialize the privilege set */
676  PrivilegeSet->PrivilegeCount = 0;
677  PrivilegeSet->Control = 0;
678  }
679 
680  /* Capture the security descriptor */
682  PreviousMode,
683  PagedPool,
684  FALSE,
685  &CapturedSecurityDescriptor);
686  if (!NT_SUCCESS(Status))
687  {
688  DPRINT("Failed to capture the Security Descriptor\n");
690  return Status;
691  }
692 
693  /* Check the captured security descriptor */
694  if (CapturedSecurityDescriptor == NULL)
695  {
696  DPRINT("Security Descriptor is NULL\n");
699  }
700 
701  /* Check security descriptor for valid owner and group */
702  if (SepGetSDOwner(SecurityDescriptor) == NULL || // FIXME: use CapturedSecurityDescriptor
703  SepGetSDGroup(SecurityDescriptor) == NULL) // FIXME: use CapturedSecurityDescriptor
704  {
705  DPRINT("Security Descriptor does not have a valid group or owner\n");
706  SeReleaseSecurityDescriptor(CapturedSecurityDescriptor,
707  PreviousMode,
708  FALSE);
711  }
712 
713  /* Set up the subject context, and lock it */
715 
716  /* Lock the token */
718 
719  /* Check if the token is the owner and grant WRITE_DAC and READ_CONTROL rights */
721  {
722  if (SepTokenIsOwner(Token, SecurityDescriptor, FALSE)) // FIXME: use CapturedSecurityDescriptor
723  {
726  else
728 
730  }
731  }
732 
733  if (DesiredAccess == 0)
734  {
737  }
738  else
739  {
740  /* Now perform the access check */
741  SepAccessCheck(SecurityDescriptor, // FIXME: use CapturedSecurityDescriptor
744  NULL,
745  0,
747  &PrivilegeSet, //FIXME
749  PreviousMode,
751  AccessStatus,
752  FALSE);
753  }
754 
755  /* Release subject context and unlock the token */
758 
759  /* Release the captured security descriptor */
760  SeReleaseSecurityDescriptor(CapturedSecurityDescriptor,
761  PreviousMode,
762  FALSE);
763 
764  /* Dereference the token */
766 
767  /* Check succeeded */
768  return STATUS_SUCCESS;
769 }
#define MAXIMUM_ALLOWED
Definition: nt_native.h:83
VOID NTAPI SeCaptureSubjectContext(OUT PSECURITY_SUBJECT_CONTEXT SubjectContext)
Definition: access.c:301
VOID NTAPI SeReleaseSubjectContext(IN PSECURITY_SUBJECT_CONTEXT SubjectContext)
Definition: access.c:360
#define GENERIC_ALL
Definition: nt_native.h:92
NTSYSAPI VOID NTAPI RtlCopyMemory(VOID UNALIGNED *Destination, CONST VOID UNALIGNED *Source, ULONG Length)
#define STATUS_INVALID_SECURITY_DESCR
Definition: ntstatus.h:343
#define STATUS_BAD_IMPERSONATION_LEVEL
Definition: ntstatus.h:387
struct _PRIVILEGE_SET PRIVILEGE_SET
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK _Out_ PNTSTATUS AccessStatus
Definition: sefuncs.h:13
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:182
LONG NTSTATUS
Definition: precomp.h:26
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
KPROCESSOR_MODE NTAPI ExGetPreviousMode(VOID)
Definition: sysinfo.c:3066
VOID NTAPI ObDereferenceObject(IN PVOID Object)
Definition: obref.c:375
VOID NTAPI ProbeForWrite(IN PVOID Address, IN SIZE_T Length, IN ULONG Alignment)
Definition: exintrin.c:143
BOOLEAN NTAPI SepTokenIsOwner(IN PACCESS_TOKEN _Token, IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN BOOLEAN TokenLocked)
Definition: access.c:120
#define PAGED_CODE()
Definition: video.h:57
NTSTATUS NTAPI SeReleaseSecurityDescriptor(IN PSECURITY_DESCRIPTOR CapturedSecurityDescriptor, IN KPROCESSOR_MODE CurrentMode, IN BOOLEAN CaptureIfKernelMode)
Definition: sd.c:766
#define STATUS_BUFFER_TOO_SMALL
Definition: shellext.h:64
_SEH2_TRY
Definition: create.c:4250
NTSTATUS NTAPI ObReferenceObjectByHandle(IN HANDLE Handle, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, OUT PVOID *Object, OUT POBJECT_HANDLE_INFORMATION HandleInformation OPTIONAL)
Definition: obref.c:496
#define GENERIC_WRITE
Definition: nt_native.h:90
#define STATUS_GENERIC_NOT_MAPPED
Definition: ntstatus.h:452
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:85
smooth NULL
Definition: ftsmooth.c:416
POBJECT_TYPE SeTokenObjectType
Definition: token.c:34
void DPRINT(...)
Definition: polytest.cpp:61
_In_ ACCESS_MASK _In_ ULONG _Out_ PHANDLE TokenHandle
Definition: psfuncs.h:715
static PSID SepGetSDOwner(IN PSECURITY_DESCRIPTOR _SecurityDescriptor)
Definition: accesschk.c:290
#define STATUS_NO_IMPERSONATION_TOKEN
Definition: ntstatus.h:314
_In_ KPROCESSOR_MODE PreviousMode
Definition: sefuncs.h:103
#define TOKEN_QUERY
Definition: setypes.h:874
#define _SEH2_YIELD(STMT_)
Definition: pseh2_64.h:8
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
static ULONG SepGetPrivilegeSetLength(IN PPRIVILEGE_SET PrivilegeSet)
Definition: accesschk.c:321
#define WRITE_DAC
Definition: nt_native.h:59
CCHAR KPROCESSOR_MODE
Definition: ketypes.h:7
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET * Privileges
Definition: sefuncs.h:13
#define READ_CONTROL
Definition: nt_native.h:58
VOID NTAPI ProbeForRead(IN CONST VOID *Address, IN SIZE_T Length, IN ULONG Alignment)
Definition: exintrin.c:102
#define SepReleaseTokenLock(Token)
Definition: se.h:211
NTSTATUS NTAPI SePrivilegePolicyCheck(_Inout_ PACCESS_MASK DesiredAccess, _Inout_ PACCESS_MASK GrantedAccess, _In_ PSECURITY_SUBJECT_CONTEXT SubjectContext, _In_ PTOKEN Token, _Out_opt_ PPRIVILEGE_SET *OutPrivilegeSet, _In_ KPROCESSOR_MODE PreviousMode)
Definition: priv.c:158
#define GENERIC_READ
Definition: compat.h:124
Status
Definition: gdiplustypes.h:24
static GENERIC_MAPPING GenericMapping
Definition: SeInheritance.c:11
_SEH2_END
Definition: create.c:4424
VOID NTAPI SeFreePrivileges(IN PPRIVILEGE_SET Privileges)
Definition: priv.c:480
_In_ PIO_STACK_LOCATION _Inout_ PFILE_OBJECT _Inout_ PVCB _Outptr_result_maybenull_ PDCB _In_ PDCB _In_ PDIRENT _In_ ULONG _In_ ULONG _In_ PUNICODE_STRING _In_ PACCESS_MASK DesiredAccess
Definition: create.c:4157
#define SepAcquireTokenLockShared(Token)
Definition: se.h:205
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK PreviouslyGrantedAccess
Definition: sefuncs.h:13
static PSID SepGetSDGroup(IN PSECURITY_DESCRIPTOR _SecurityDescriptor)
Definition: accesschk.c:305
unsigned int ULONG
Definition: retypes.h:1
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:6
NTSTATUS NTAPI SeCaptureSecurityDescriptor(IN PSECURITY_DESCRIPTOR _OriginalSecurityDescriptor, IN KPROCESSOR_MODE CurrentMode, IN POOL_TYPE PoolType, IN BOOLEAN CaptureIfKernel, OUT PSECURITY_DESCRIPTOR *CapturedSecurityDescriptor)
Definition: sd.c:434
#define _SEH2_GetExceptionCode()
Definition: pseh2_64.h:12
ACCESS_MASK GenericAll
Definition: nt_native.h:568
BOOLEAN NTAPI SepAccessCheck(IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE_LIST ObjectTypeList, IN ULONG ObjectTypeListLength, IN ACCESS_MASK PreviouslyGrantedAccess, OUT PPRIVILEGE_SET *Privileges, IN PGENERIC_MAPPING GenericMapping, IN KPROCESSOR_MODE AccessMode, OUT PACCESS_MASK GrantedAccessList, OUT PNTSTATUS AccessStatusList, IN BOOLEAN UseResultList)
Definition: accesschk.c:25
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK GrantedAccess
Definition: sefuncs.h:13
#define GENERIC_EXECUTE
Definition: nt_native.h:91
return STATUS_SUCCESS
Definition: btrfs.c:2966
ULONG ACCESS_MASK
Definition: nt_native.h:40
_In_ PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext
Definition: sefuncs.h:13

Referenced by AccessCheck(), and CheckTokenMembership().

◆ NtAccessCheckByType()

NTSTATUS NTAPI NtAccessCheckByType ( IN PSECURITY_DESCRIPTOR  SecurityDescriptor,
IN PSID  PrincipalSelfSid,
IN HANDLE  ClientToken,
IN ACCESS_MASK  DesiredAccess,
IN POBJECT_TYPE_LIST  ObjectTypeList,
IN ULONG  ObjectTypeLength,
IN PGENERIC_MAPPING  GenericMapping,
IN PPRIVILEGE_SET  PrivilegeSet,
IN OUT PULONG  PrivilegeSetLength,
OUT PACCESS_MASK  GrantedAccess,
OUT PNTSTATUS  AccessStatus 
)

Definition at line 774 of file accesschk.c.

785 {
787  return STATUS_NOT_IMPLEMENTED;
788 }
#define STATUS_NOT_IMPLEMENTED
Definition: ntstatus.h:225
#define UNIMPLEMENTED
Definition: debug.h:114

◆ NtAccessCheckByTypeResultList()

NTSTATUS NTAPI NtAccessCheckByTypeResultList ( IN PSECURITY_DESCRIPTOR  SecurityDescriptor,
IN PSID  PrincipalSelfSid,
IN HANDLE  ClientToken,
IN ACCESS_MASK  DesiredAccess,
IN POBJECT_TYPE_LIST  ObjectTypeList,
IN ULONG  ObjectTypeLength,
IN PGENERIC_MAPPING  GenericMapping,
IN PPRIVILEGE_SET  PrivilegeSet,
IN OUT PULONG  PrivilegeSetLength,
OUT PACCESS_MASK  GrantedAccess,
OUT PNTSTATUS  AccessStatus 
)

Definition at line 792 of file accesschk.c.

803 {
805  return STATUS_NOT_IMPLEMENTED;
806 }
#define STATUS_NOT_IMPLEMENTED
Definition: ntstatus.h:225
#define UNIMPLEMENTED
Definition: debug.h:114

◆ SeAccessCheck()

BOOLEAN NTAPI SeAccessCheck ( IN PSECURITY_DESCRIPTOR  SecurityDescriptor,
IN PSECURITY_SUBJECT_CONTEXT  SubjectSecurityContext,
IN BOOLEAN  SubjectContextLocked,
IN ACCESS_MASK  DesiredAccess,
IN ACCESS_MASK  PreviouslyGrantedAccess,
OUT PPRIVILEGE_SET Privileges,
IN PGENERIC_MAPPING  GenericMapping,
IN KPROCESSOR_MODE  AccessMode,
OUT PACCESS_MASK  GrantedAccess,
OUT PNTSTATUS  AccessStatus 
)

Definition at line 340 of file accesschk.c.

350 {
351  BOOLEAN ret;
352 
353  PAGED_CODE();
354 
355  /* Check if this is kernel mode */
356  if (AccessMode == KernelMode)
357  {
358  /* Check if kernel wants everything */
360  {
361  /* Give it */
365  }
366  else
367  {
368  /* Give the desired and previous access */
370  }
371 
372  /* Success */
374  return TRUE;
375  }
376 
377  /* Check if we didn't get an SD */
378  if (!SecurityDescriptor)
379  {
380  /* Automatic failure */
382  return FALSE;
383  }
384 
385  /* Check for invalid impersonation */
388  {
390  return FALSE;
391  }
392 
393  /* Acquire the lock if needed */
396 
397  /* Check if the token is the owner and grant WRITE_DAC and READ_CONTROL rights */
399  {
402 
405  FALSE))
406  {
409  else
411 
413  }
414  }
415 
416  if (DesiredAccess == 0)
417  {
419  if (PreviouslyGrantedAccess == 0)
420  {
421  DPRINT1("Request for zero access to an object. Denying.\n");
423  ret = FALSE;
424  }
425  else
426  {
428  ret = TRUE;
429  }
430  }
431  else
432  {
433  /* Call the internal function */
437  NULL,
438  0,
440  Privileges,
442  AccessMode,
444  AccessStatus,
445  FALSE);
446  }
447 
448  /* Release the lock if needed */
451 
452  return ret;
453 }
#define MAXIMUM_ALLOWED
Definition: nt_native.h:83
#define TRUE
Definition: types.h:120
#define STATUS_BAD_IMPERSONATION_LEVEL
Definition: ntstatus.h:387
VOID NTAPI SeUnlockSubjectContext(IN PSECURITY_SUBJECT_CONTEXT SubjectContext)
Definition: access.c:336
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK _Out_ PNTSTATUS AccessStatus
Definition: sefuncs.h:13
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:182
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
VOID NTAPI SeLockSubjectContext(IN PSECURITY_SUBJECT_CONTEXT SubjectContext)
Definition: access.c:314
BOOLEAN NTAPI SepTokenIsOwner(IN PACCESS_TOKEN _Token, IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN BOOLEAN TokenLocked)
Definition: access.c:120
#define PAGED_CODE()
Definition: video.h:57
_In_ PEPROCESS _In_ KPROCESSOR_MODE AccessMode
Definition: mmfuncs.h:396
unsigned char BOOLEAN
smooth NULL
Definition: ftsmooth.c:416
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN SubjectContextLocked
Definition: sefuncs.h:13
PACCESS_TOKEN PrimaryToken
Definition: setypes.h:192
#define WRITE_DAC
Definition: nt_native.h:59
#define STATUS_ACCESS_DENIED
Definition: udferr_usr.h:145
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET * Privileges
Definition: sefuncs.h:13
#define READ_CONTROL
Definition: nt_native.h:58
int ret
static GENERIC_MAPPING GenericMapping
Definition: SeInheritance.c:11
_In_ PIO_STACK_LOCATION _Inout_ PFILE_OBJECT _Inout_ PVCB _Outptr_result_maybenull_ PDCB _In_ PDCB _In_ PDIRENT _In_ ULONG _In_ ULONG _In_ PUNICODE_STRING _In_ PACCESS_MASK DesiredAccess
Definition: create.c:4157
#define DPRINT1
Definition: precomp.h:8
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
Definition: setypes.h:191
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK PreviouslyGrantedAccess
Definition: sefuncs.h:13
ACCESS_MASK GenericAll
Definition: nt_native.h:568
BOOLEAN NTAPI SepAccessCheck(IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE_LIST ObjectTypeList, IN ULONG ObjectTypeListLength, IN ACCESS_MASK PreviouslyGrantedAccess, OUT PPRIVILEGE_SET *Privileges, IN PGENERIC_MAPPING GenericMapping, IN KPROCESSOR_MODE AccessMode, OUT PACCESS_MASK GrantedAccessList, OUT PNTSTATUS AccessStatusList, IN BOOLEAN UseResultList)
Definition: accesschk.c:25
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK GrantedAccess
Definition: sefuncs.h:13
return STATUS_SUCCESS
Definition: btrfs.c:2966
PACCESS_TOKEN ClientToken
Definition: setypes.h:190
_In_ PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext
Definition: sefuncs.h:13

Referenced by create_stream(), FatExplicitDeviceAccessGranted(), file_create(), IopParseDevice(), NpCreateClientEnd(), NpCreateExistingNamedPipe(), ObCheckCreateObjectAccess(), ObCheckObjectAccess(), ObpCheckObjectReference(), ObpCheckTraverseAccess(), open_file2(), PspCreateProcess(), PspCreateThread(), PspSetPrimaryToken(), set_link_information(), set_rename_information(), START_TEST(), and UDFCheckAccessRights().

◆ SeFastTraverseCheck()

BOOLEAN NTAPI SeFastTraverseCheck ( IN PSECURITY_DESCRIPTOR  SecurityDescriptor,
IN PACCESS_STATE  AccessState,
IN ACCESS_MASK  DesiredAccess,
IN KPROCESSOR_MODE  AccessMode 
)

Definition at line 460 of file accesschk.c.

464 {
465  PACL Dacl;
466  ULONG AceIndex;
467  PKNOWN_ACE Ace;
468 
469  PAGED_CODE();
470 
472 
473  if (SecurityDescriptor == NULL)
474  return FALSE;
475 
476  /* Get DACL */
478  /* If no DACL, grant access */
479  if (Dacl == NULL)
480  return TRUE;
481 
482  /* No ACE -> Deny */
483  if (!Dacl->AceCount)
484  return FALSE;
485 
486  /* Can't perform the check on restricted token */
487  if (AccessState->Flags & TOKEN_IS_RESTRICTED)
488  return FALSE;
489 
490  /* Browse the ACEs */
491  for (AceIndex = 0, Ace = (PKNOWN_ACE)((ULONG_PTR)Dacl + sizeof(ACL));
492  AceIndex < Dacl->AceCount;
493  AceIndex++, Ace = (PKNOWN_ACE)((ULONG_PTR)Ace + Ace->Header.AceSize))
494  {
495  if (Ace->Header.AceFlags & INHERIT_ONLY_ACE)
496  continue;
497 
498  /* If access-allowed ACE */
499  if (Ace->Header.AceType == ACCESS_ALLOWED_ACE_TYPE)
500  {
501  /* Check if all accesses are granted */
502  if (!(Ace->Mask & DesiredAccess))
503  continue;
504 
505  /* Check SID and grant access if matching */
506  if (RtlEqualSid(SeWorldSid, &(Ace->SidStart)))
507  return TRUE;
508  }
509  /* If access-denied ACE */
510  else if (Ace->Header.AceType == ACCESS_DENIED_ACE_TYPE)
511  {
512  /* Here, only check if it denies any access wanted and deny if so */
513  if (Ace->Mask & DesiredAccess)
514  return FALSE;
515  }
516  }
517 
518  /* Faulty, deny */
519  return FALSE;
520 }
struct _KNOWN_ACE * PKNOWN_ACE
#define TRUE
Definition: types.h:120
Definition: se.h:3
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:182
#define PAGED_CODE()
Definition: video.h:57
uint32_t ULONG_PTR
Definition: typedefs.h:63
_In_ PEPROCESS _In_ KPROCESSOR_MODE AccessMode
Definition: mmfuncs.h:396
Definition: card.h:12
smooth NULL
Definition: ftsmooth.c:416
#define ACCESS_ALLOWED_ACE_TYPE
Definition: setypes.h:685
#define ACCESS_DENIED_ACE_TYPE
Definition: setypes.h:686
ASSERT((InvokeOnSuccess||InvokeOnError||InvokeOnCancel) ?(CompletionRoutine !=NULL) :TRUE)
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE AccessState
Definition: sefuncs.h:414
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL Dacl
Definition: rtlfuncs.h:1553
_In_ ULONG AceIndex
Definition: rtlfuncs.h:1864
PSID SeWorldSid
Definition: sid.c:31
FORCEINLINE PACL SepGetDaclFromDescriptor(PVOID _Descriptor)
Definition: se.h:67
_In_ PIO_STACK_LOCATION _Inout_ PFILE_OBJECT _Inout_ PVCB _Outptr_result_maybenull_ PDCB _In_ PDCB _In_ PDIRENT _In_ ULONG _In_ ULONG _In_ PUNICODE_STRING _In_ PACCESS_MASK DesiredAccess
Definition: create.c:4157
unsigned int ULONG
Definition: retypes.h:1
#define INHERIT_ONLY_ACE
Definition: setypes.h:717
NTSYSAPI BOOLEAN NTAPI RtlEqualSid(_In_ PSID Sid1, _In_ PSID Sid2)
#define TOKEN_IS_RESTRICTED
Definition: setypes.h:1129

Referenced by IopParseDevice(), and ObpCheckTraverseAccess().

◆ SepAccessCheck()

BOOLEAN NTAPI SepAccessCheck ( IN PSECURITY_DESCRIPTOR  SecurityDescriptor,
IN PSECURITY_SUBJECT_CONTEXT  SubjectSecurityContext,
IN ACCESS_MASK  DesiredAccess,
IN POBJECT_TYPE_LIST  ObjectTypeList,
IN ULONG  ObjectTypeListLength,
IN ACCESS_MASK  PreviouslyGrantedAccess,
OUT PPRIVILEGE_SET Privileges,
IN PGENERIC_MAPPING  GenericMapping,
IN KPROCESSOR_MODE  AccessMode,
OUT PACCESS_MASK  GrantedAccessList,
OUT PNTSTATUS  AccessStatusList,
IN BOOLEAN  UseResultList 
)

Definition at line 25 of file accesschk.c.

37 {
38  ACCESS_MASK RemainingAccess;
39  ACCESS_MASK TempAccess;
40  ACCESS_MASK TempGrantedAccess = 0;
41  ACCESS_MASK TempDeniedAccess = 0;
43  ULONG i, ResultListLength;
44  PACL Dacl;
45  BOOLEAN Present;
46  BOOLEAN Defaulted;
47  PACE CurrentAce;
48  PSID Sid;
50  PAGED_CODE();
51 
52  DPRINT("SepAccessCheck()\n");
53 
54  /* Check for no access desired */
55  if (!DesiredAccess)
56  {
57  /* Check if we had no previous access */
59  {
60  /* Then there's nothing to give */
62  goto ReturnCommonStatus;
63  }
64 
65  /* Return the previous access only */
67  *Privileges = NULL;
68  goto ReturnCommonStatus;
69  }
70 
71  /* Map given accesses */
75 
76  /* Initialize remaining access rights */
77  RemainingAccess = DesiredAccess;
78 
81 
82  /* Check for ACCESS_SYSTEM_SECURITY and WRITE_OWNER access */
83  Status = SePrivilegePolicyCheck(&RemainingAccess,
85  NULL,
86  Token,
87  NULL,
88  UserMode);
89  if (!NT_SUCCESS(Status))
90  {
91  goto ReturnCommonStatus;
92  }
93 
94  /* Succeed if there are no more rights to grant */
95  if (RemainingAccess == 0)
96  {
98  goto ReturnCommonStatus;
99  }
100 
101  /* Get the DACL */
103  &Present,
104  &Dacl,
105  &Defaulted);
106  if (!NT_SUCCESS(Status))
107  {
108  goto ReturnCommonStatus;
109  }
110 
111  /* RULE 1: Grant desired access if the object is unprotected */
112  if (Present == FALSE || Dacl == NULL)
113  {
114  PreviouslyGrantedAccess |= RemainingAccess;
115  if (RemainingAccess & MAXIMUM_ALLOWED)
116  {
119  }
120 
122  goto ReturnCommonStatus;
123  }
124 
125  /* Deny access if the DACL is empty */
126  if (Dacl->AceCount == 0)
127  {
128  if (RemainingAccess == MAXIMUM_ALLOWED && PreviouslyGrantedAccess != 0)
129  {
131  }
132  else
133  {
136  }
137  goto ReturnCommonStatus;
138  }
139 
140  /* Determine the MAXIMUM_ALLOWED access rights according to the DACL */
142  {
143  CurrentAce = (PACE)(Dacl + 1);
144  for (i = 0; i < Dacl->AceCount; i++)
145  {
146  if (!(CurrentAce->Header.AceFlags & INHERIT_ONLY_ACE))
147  {
148  Sid = (PSID)(CurrentAce + 1);
149  if (CurrentAce->Header.AceType == ACCESS_DENIED_ACE_TYPE)
150  {
151  if (SepSidInToken(Token, Sid))
152  {
153  /* Map access rights from the ACE */
154  TempAccess = CurrentAce->AccessMask;
155  RtlMapGenericMask(&TempAccess, GenericMapping);
156 
157  /* Deny access rights that have not been granted yet */
158  TempDeniedAccess |= (TempAccess & ~TempGrantedAccess);
159  }
160  }
161  else if (CurrentAce->Header.AceType == ACCESS_ALLOWED_ACE_TYPE)
162  {
163  if (SepSidInToken(Token, Sid))
164  {
165  /* Map access rights from the ACE */
166  TempAccess = CurrentAce->AccessMask;
167  RtlMapGenericMask(&TempAccess, GenericMapping);
168 
169  /* Grant access rights that have not been denied yet */
170  TempGrantedAccess |= (TempAccess & ~TempDeniedAccess);
171  }
172  }
173  else
174  {
175  DPRINT1("Unsupported ACE type 0x%lx\n", CurrentAce->Header.AceType);
176  }
177  }
178 
179  /* Get the next ACE */
180  CurrentAce = (PACE)((ULONG_PTR)CurrentAce + CurrentAce->Header.AceSize);
181  }
182 
183  /* Fail if some rights have not been granted */
184  RemainingAccess &= ~(MAXIMUM_ALLOWED | TempGrantedAccess);
185  if (RemainingAccess != 0)
186  {
189  goto ReturnCommonStatus;
190  }
191 
192  /* Set granted access right and access status */
193  PreviouslyGrantedAccess |= TempGrantedAccess;
194  if (PreviouslyGrantedAccess != 0)
195  {
197  }
198  else
199  {
201  }
202  goto ReturnCommonStatus;
203  }
204 
205  /* RULE 4: Grant rights according to the DACL */
206  CurrentAce = (PACE)(Dacl + 1);
207  for (i = 0; i < Dacl->AceCount; i++)
208  {
209  if (!(CurrentAce->Header.AceFlags & INHERIT_ONLY_ACE))
210  {
211  Sid = (PSID)(CurrentAce + 1);
212  if (CurrentAce->Header.AceType == ACCESS_DENIED_ACE_TYPE)
213  {
214  if (SepSidInToken(Token, Sid))
215  {
216  /* Map access rights from the ACE */
217  TempAccess = CurrentAce->AccessMask;
218  RtlMapGenericMask(&TempAccess, GenericMapping);
219 
220  /* Leave if a remaining right must be denied */
221  if (RemainingAccess & TempAccess)
222  break;
223  }
224  }
225  else if (CurrentAce->Header.AceType == ACCESS_ALLOWED_ACE_TYPE)
226  {
227  if (SepSidInToken(Token, Sid))
228  {
229  /* Map access rights from the ACE */
230  TempAccess = CurrentAce->AccessMask;
231  DPRINT("TempAccess 0x%08lx\n", TempAccess);
232  RtlMapGenericMask(&TempAccess, GenericMapping);
233 
234  /* Remove granted rights */
235  DPRINT("RemainingAccess 0x%08lx TempAccess 0x%08lx\n", RemainingAccess, TempAccess);
236  RemainingAccess &= ~TempAccess;
237  DPRINT("RemainingAccess 0x%08lx\n", RemainingAccess);
238  }
239  }
240  else
241  {
242  DPRINT1("Unsupported ACE type 0x%lx\n", CurrentAce->Header.AceType);
243  }
244  }
245 
246  /* Get the next ACE */
247  CurrentAce = (PACE)((ULONG_PTR)CurrentAce + CurrentAce->Header.AceSize);
248  }
249 
250  DPRINT("DesiredAccess %08lx\nPreviouslyGrantedAccess %08lx\nRemainingAccess %08lx\n",
251  DesiredAccess, PreviouslyGrantedAccess, RemainingAccess);
252 
253  /* Fail if some rights have not been granted */
254  if (RemainingAccess != 0)
255  {
256  DPRINT("HACK: RemainingAccess = 0x%08lx DesiredAccess = 0x%08lx\n", RemainingAccess, DesiredAccess);
257 #if 0
258  /* HACK HACK HACK */
260  goto ReturnCommonStatus;
261 #endif
262  }
263 
264  /* Set granted access rights */
266 
267  /* Fail if no rights have been granted */
268  if (PreviouslyGrantedAccess == 0)
269  {
270  DPRINT1("PreviouslyGrantedAccess == 0 DesiredAccess = %08lx\n", DesiredAccess);
272  goto ReturnCommonStatus;
273  }
274 
276  goto ReturnCommonStatus;
277 
278 ReturnCommonStatus:
279  ResultListLength = UseResultList ? ObjectTypeListLength : 1;
280  for (i = 0; i < ResultListLength; i++)
281  {
282  GrantedAccessList[i] = PreviouslyGrantedAccess;
283  AccessStatusList[i] = Status;
284  }
285 
286  return NT_SUCCESS(Status);
287 }
#define MAXIMUM_ALLOWED
Definition: nt_native.h:83
UCHAR AceFlags
Definition: ms-dtyp.idl:211
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:182
struct _ACE * PACE
LONG NTSTATUS
Definition: precomp.h:26
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
ACCESS_MASK AccessMask
Definition: rtltypes.h:991
#define PAGED_CODE()
Definition: video.h:57
NTSYSAPI NTSTATUS NTAPI RtlGetDaclSecurityDescriptor(_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _Out_ PBOOLEAN DaclPresent, _Out_ PACL *Dacl, _Out_ PBOOLEAN DaclDefaulted)
uint32_t ULONG_PTR
Definition: typedefs.h:63
USHORT AceSize
Definition: ms-dtyp.idl:212
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
unsigned char BOOLEAN
smooth NULL
Definition: ftsmooth.c:416
_In_ ULONG _In_ ACCESS_MASK _In_ PSID Sid
Definition: rtlfuncs.h:1104
void DPRINT(...)
Definition: polytest.cpp:61
PACCESS_TOKEN PrimaryToken
Definition: setypes.h:192
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
#define ACCESS_ALLOWED_ACE_TYPE
Definition: setypes.h:685
#define STATUS_ACCESS_DENIED
Definition: udferr_usr.h:145
#define ACCESS_DENIED_ACE_TYPE
Definition: setypes.h:686
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET * Privileges
Definition: sefuncs.h:13
struct _SID * PSID
Definition: eventlog.c:35
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL Dacl
Definition: rtlfuncs.h:1553
UCHAR AceType
Definition: ms-dtyp.idl:210
BOOLEAN NTAPI SepSidInToken(IN PACCESS_TOKEN _Token, IN PSID Sid)
Definition: access.c:111
NTSTATUS NTAPI SePrivilegePolicyCheck(_Inout_ PACCESS_MASK DesiredAccess, _Inout_ PACCESS_MASK GrantedAccess, _In_ PSECURITY_SUBJECT_CONTEXT SubjectContext, _In_ PTOKEN Token, _Out_opt_ PPRIVILEGE_SET *OutPrivilegeSet, _In_ KPROCESSOR_MODE PreviousMode)
Definition: priv.c:158
Status
Definition: gdiplustypes.h:24
static GENERIC_MAPPING GenericMapping
Definition: SeInheritance.c:11
_In_ PIO_STACK_LOCATION _Inout_ PFILE_OBJECT _Inout_ PVCB _Outptr_result_maybenull_ PDCB _In_ PDCB _In_ PDIRENT _In_ ULONG _In_ ULONG _In_ PUNICODE_STRING _In_ PACCESS_MASK DesiredAccess
Definition: create.c:4157
#define DPRINT1
Definition: precomp.h:8
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK PreviouslyGrantedAccess
Definition: sefuncs.h:13
unsigned int ULONG
Definition: retypes.h:1
#define INHERIT_ONLY_ACE
Definition: setypes.h:717
ACCESS_MASK GenericAll
Definition: nt_native.h:568
return STATUS_SUCCESS
Definition: btrfs.c:2966
PACCESS_TOKEN ClientToken
Definition: setypes.h:190
Definition: rtltypes.h:988
ACE_HEADER Header
Definition: rtltypes.h:990
ULONG ACCESS_MASK
Definition: nt_native.h:40
NTSYSAPI VOID NTAPI RtlMapGenericMask(PACCESS_MASK AccessMask, PGENERIC_MAPPING GenericMapping)
_In_ PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext
Definition: sefuncs.h:13

Referenced by NtAccessCheck(), and SeAccessCheck().

◆ SepGetPrivilegeSetLength()

static ULONG SepGetPrivilegeSetLength ( IN PPRIVILEGE_SET  PrivilegeSet)
static

Definition at line 321 of file accesschk.c.

322 {
323  if (PrivilegeSet == NULL)
324  return 0;
325 
326  if (PrivilegeSet->PrivilegeCount == 0)
327  return (ULONG)(sizeof(PRIVILEGE_SET) - sizeof(LUID_AND_ATTRIBUTES));
328 
329  return (ULONG)(sizeof(PRIVILEGE_SET) +
330  (PrivilegeSet->PrivilegeCount - 1) * sizeof(LUID_AND_ATTRIBUTES));
331 }
struct _PRIVILEGE_SET PRIVILEGE_SET
struct _LUID_AND_ATTRIBUTES LUID_AND_ATTRIBUTES
smooth NULL
Definition: ftsmooth.c:416
unsigned int ULONG
Definition: retypes.h:1

Referenced by NtAccessCheck().

◆ SepGetSDGroup()

static PSID SepGetSDGroup ( IN PSECURITY_DESCRIPTOR  _SecurityDescriptor)
static

Definition at line 305 of file accesschk.c.

306 {
307  PISECURITY_DESCRIPTOR SecurityDescriptor = _SecurityDescriptor;
308  PSID Group;
309 
310  if (SecurityDescriptor->Control & SE_SELF_RELATIVE)
311  Group = (PSID)((ULONG_PTR)SecurityDescriptor->Group +
313  else
314  Group = (PSID)SecurityDescriptor->Group;
315 
316  return Group;
317 }
#define SE_SELF_RELATIVE
Definition: setypes.h:780
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:182
_In_opt_ PSID Group
Definition: rtlfuncs.h:1606
uint32_t ULONG_PTR
Definition: typedefs.h:63
struct _SID * PSID
Definition: eventlog.c:35
#define ULONG_PTR
Definition: config.h:101

Referenced by NtAccessCheck().

◆ SepGetSDOwner()

static PSID SepGetSDOwner ( IN PSECURITY_DESCRIPTOR  _SecurityDescriptor)
static

Definition at line 290 of file accesschk.c.

291 {
292  PISECURITY_DESCRIPTOR SecurityDescriptor = _SecurityDescriptor;
293  PSID Owner;
294 
295  if (SecurityDescriptor->Control & SE_SELF_RELATIVE)
296  Owner = (PSID)((ULONG_PTR)SecurityDescriptor->Owner +
298  else
300 
301  return Owner;
302 }
#define SE_SELF_RELATIVE
Definition: setypes.h:780
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:182
uint32_t ULONG_PTR
Definition: typedefs.h:63
struct _SID * PSID
Definition: eventlog.c:35
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ SaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ OwnerSize PSID Owner
Definition: rtlfuncs.h:1557
#define ULONG_PTR
Definition: config.h:101

Referenced by NtAccessCheck().