se.h File Reference

Go to the source code of this file.

Classes

struct _SECURITY_SUBJECT_CONTEXT

struct _INITIAL_PRIVILEGE_SET

struct _ACCESS_STATE

struct _AUX_ACCESS_DATA

struct _SE_AUDITING_STATE

struct _SE_PROCESS_AUDIT_INFO

struct _SE_EXPORTS

Defines

#define SE_DEFAULT_SECURITY_QUOTA   2048

#define TOKEN_HAS_TRAVERSE_PRIVILEGE   0x01

#define TOKEN_HAS_BACKUP_PRIVILEGE   0x02

#define TOKEN_HAS_RESTORE_PRIVILEGE   0x04

#define TOKEN_HAS_ADMIN_GROUP   0x08

#define TOKEN_IS_RESTRICTED   0x10

#define SE_BACKUP_PRIVILEGES_CHECKED   0x00000010

#define INITIAL_PRIVILEGE_COUNT   3

#define SeComputeDeniedAccesses(GrantedAccess, DesiredAccess)   ((~(GrantedAccess)) & (DesiredAccess) )

#define SeComputeGrantedAccesses(GrantedAccess, DesiredAccess)   ((GrantedAccess) & (DesiredAccess) )

#define SeLengthSid(Sid)   (8 + (4 * ((SID *)Sid)->SubAuthorityCount))

#define SeSameToken(TC1, TC2)

#define SeDeleteClientSecurity(C)

*++

#define SeStopImpersonatingClient()   PsRevertToSelf()

*++

#define SeAssertMappedCanonicalAccess(AccessMask)

#define SeComputeSecurityQuota(Size)

#define SeQuerySubjectContextToken(SubjectContext)

#define SeTokenObjectType()   (PVOID)SepTokenObjectType

#define SeEnableAccessToExports()

Typedefs

typedef enum _SECURITY_OPERATION_CODE SECURITY_OPERATION_CODE

typedef enum _SECURITY_OPERATION_CODE * PSECURITY_OPERATION_CODE

typedef _SECURITY_SUBJECT_CONTEXT SECURITY_SUBJECT_CONTEXT

typedef _SECURITY_SUBJECT_CONTEXT * PSECURITY_SUBJECT_CONTEXT

typedef _INITIAL_PRIVILEGE_SET INITIAL_PRIVILEGE_SET

typedef _INITIAL_PRIVILEGE_SET * PINITIAL_PRIVILEGE_SET

typedef _ACCESS_STATE ACCESS_STATE

typedef _ACCESS_STATE * PACCESS_STATE

typedef _AUX_ACCESS_DATA AUX_ACCESS_DATA

typedef _AUX_ACCESS_DATA * PAUX_ACCESS_DATA

typedef _SE_AUDITING_STATE SE_AUDITING_STATE

typedef _SE_AUDITING_STATE * PSE_AUDITING_STATE

typedef _SE_PROCESS_AUDIT_INFO SE_PROCESS_AUDIT_INFO

typedef _SE_PROCESS_AUDIT_INFO * PSE_PROCESS_AUDIT_INFO

typedef _SE_EXPORTS SE_EXPORTS

typedef _SE_EXPORTS * PSE_EXPORTS

typedef NTSTATUS(* PSE_LOGON_SESSION_TERMINATED_ROUTINE )(IN PLUID LogonId)

Enumerations

enum _SECURITY_OPERATION_CODE { SetSecurityDescriptor, QuerySecurityDescriptor, DeleteSecurityDescriptor, AssignSecurityDescriptor }

Functions

BOOLEAN SeInitSystem (VOID)

VOID SeSetSecurityAccessMask (IN SECURITY_INFORMATION SecurityInformation, OUT PACCESS_MASK DesiredAccess)

VOID SeQuerySecurityAccessMask (IN SECURITY_INFORMATION SecurityInformation, OUT PACCESS_MASK DesiredAccess)

NTSTATUS SeDefaultObjectMethod (IN PVOID Object, IN SECURITY_OPERATION_CODE OperationCode, IN PSECURITY_INFORMATION SecurityInformation, IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor, IN OUT PULONG Length, IN OUT PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor, IN POOL_TYPE PoolType, IN PGENERIC_MAPPING GenericMapping)

NTKERNELAPI NTSTATUS SeCaptureSecurityDescriptor (IN PSECURITY_DESCRIPTOR InputSecurityDescriptor, IN KPROCESSOR_MODE RequestorMode, IN POOL_TYPE PoolType, IN BOOLEAN ForceCapture, OUT PSECURITY_DESCRIPTOR *OutputSecurityDescriptor)

NTKERNELAPI VOID SeReleaseSecurityDescriptor (IN PSECURITY_DESCRIPTOR CapturedSecurityDescriptor, IN KPROCESSOR_MODE RequestorMode, IN BOOLEAN ForceCapture)

NTKERNELAPI VOID SeCaptureSubjectContext (OUT PSECURITY_SUBJECT_CONTEXT SubjectContext)

NTKERNELAPI VOID SeLockSubjectContext (IN PSECURITY_SUBJECT_CONTEXT SubjectContext)

NTKERNELAPI VOID SeUnlockSubjectContext (IN PSECURITY_SUBJECT_CONTEXT SubjectContext)

NTKERNELAPI VOID SeReleaseSubjectContext (IN PSECURITY_SUBJECT_CONTEXT SubjectContext)

NTSTATUS SeCaptureSecurityQos (IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, IN KPROCESSOR_MODE RequestorMode, IN PBOOLEAN SecurityQosPresent, IN PSECURITY_ADVANCED_QUALITY_OF_SERVICE CapturedSecurityQos)

VOID SeFreeCapturedSecurityQos (IN PVOID SecurityQos)

NTSTATUS SeCaptureSid (IN PSID InputSid, IN KPROCESSOR_MODE RequestorMode, IN PVOID CaptureBuffer OPTIONAL, IN ULONG CaptureBufferLength, IN POOL_TYPE PoolType, IN BOOLEAN ForceCapture, OUT PSID *CapturedSid)

VOID SeReleaseSid (IN PSID CapturedSid, IN KPROCESSOR_MODE RequestorMode, IN BOOLEAN ForceCapture)

NTSTATUS SeCaptureAcl (IN PACL InputAcl, IN KPROCESSOR_MODE RequestorMode, IN PVOID CaptureBuffer OPTIONAL, IN ULONG CaptureBufferLength, IN POOL_TYPE PoolType, IN BOOLEAN ForceCapture, OUT PACL *CapturedAcl, OUT PULONG AlignedAclSize)

VOID SeReleaseAcl (IN PACL CapturedAcl, IN KPROCESSOR_MODE RequestorMode, IN BOOLEAN ForceCapture)

NTSTATUS SeCaptureLuidAndAttributesArray (IN PLUID_AND_ATTRIBUTES InputArray, IN ULONG ArrayCount, IN KPROCESSOR_MODE RequestorMode, IN PVOID CaptureBuffer OPTIONAL, IN ULONG CaptureBufferLength, IN POOL_TYPE PoolType, IN BOOLEAN ForceCapture, OUT PLUID_AND_ATTRIBUTES *CapturedArray, OUT PULONG AlignedArraySize)

VOID SeReleaseLuidAndAttributesArray (IN PLUID_AND_ATTRIBUTES CapturedArray, IN KPROCESSOR_MODE RequestorMode, IN BOOLEAN ForceCapture)

NTSTATUS SeCaptureSidAndAttributesArray (IN PSID_AND_ATTRIBUTES InputArray, IN ULONG ArrayCount, IN KPROCESSOR_MODE RequestorMode, IN PVOID CaptureBuffer OPTIONAL, IN ULONG CaptureBufferLength, IN POOL_TYPE PoolType, IN BOOLEAN ForceCapture, OUT PSID_AND_ATTRIBUTES *CapturedArray, OUT PULONG AlignedArraySize)

VOID SeReleaseSidAndAttributesArray (IN PSID_AND_ATTRIBUTES CapturedArray, IN KPROCESSOR_MODE RequestorMode, IN BOOLEAN ForceCapture)

NTKERNELAPI NTSTATUS SeAssignSecurity (IN PSECURITY_DESCRIPTOR ParentDescriptor OPTIONAL, IN PSECURITY_DESCRIPTOR ExplicitDescriptor, OUT PSECURITY_DESCRIPTOR *NewDescriptor, IN BOOLEAN IsDirectoryObject, IN PSECURITY_SUBJECT_CONTEXT SubjectContext, IN PGENERIC_MAPPING GenericMapping, IN POOL_TYPE PoolType)

NTKERNELAPI NTSTATUS SeAssignSecurityEx (IN PSECURITY_DESCRIPTOR ParentDescriptor OPTIONAL, IN PSECURITY_DESCRIPTOR ExplicitDescriptor OPTIONAL, OUT PSECURITY_DESCRIPTOR *NewDescriptor, IN GUID *ObjectType OPTIONAL, IN BOOLEAN IsDirectoryObject, IN ULONG AutoInheritFlags, IN PSECURITY_SUBJECT_CONTEXT SubjectContext, IN PGENERIC_MAPPING GenericMapping, IN POOL_TYPE PoolType)

NTKERNELAPI NTSTATUS SeDeassignSecurity (IN OUT PSECURITY_DESCRIPTOR *SecurityDescriptor)

NTKERNELAPI BOOLEAN SeAccessCheck (IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext, IN BOOLEAN SubjectContextLocked, IN ACCESS_MASK DesiredAccess, IN ACCESS_MASK PreviouslyGrantedAccess, OUT PPRIVILEGE_SET *Privileges OPTIONAL, IN PGENERIC_MAPPING GenericMapping, IN KPROCESSOR_MODE AccessMode, OUT PACCESS_MASK GrantedAccess, OUT PNTSTATUS AccessStatus)

BOOLEAN SeProxyAccessCheck (IN PUNICODE_STRING Volume, IN PUNICODE_STRING RelativePath, IN BOOLEAN ContainerObject, IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext, IN BOOLEAN SubjectContextLocked, IN ACCESS_MASK DesiredAccess, IN ACCESS_MASK PreviouslyGrantedAccess, OUT PPRIVILEGE_SET *Privileges OPTIONAL, IN PGENERIC_MAPPING GenericMapping, IN KPROCESSOR_MODE AccessMode, OUT PACCESS_MASK GrantedAccess, OUT PNTSTATUS AccessStatus)

NTKERNELAPI BOOLEAN SePrivilegeCheck (IN OUT PPRIVILEGE_SET RequiredPrivileges, IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext, IN KPROCESSOR_MODE AccessMode)

NTKERNELAPI VOID SeFreePrivileges (IN PPRIVILEGE_SET Privileges)

NTSTATUS SePrivilegePolicyCheck (IN OUT PACCESS_MASK RemainingDesiredAccess, IN OUT PACCESS_MASK PreviouslyGrantedAccess, IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext OPTIONAL, IN PACCESS_TOKEN Token OPTIONAL, OUT PPRIVILEGE_SET *PrivilegeSet, IN KPROCESSOR_MODE PreviousMode)

VOID SeGenerateMessage (IN PSTRING ObjectName, IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN PACCESS_TOKEN Token, IN ACCESS_MASK DesiredAccess, IN BOOLEAN AccessGranted, IN HANDLE AuditPort, IN HANDLE AlarmPort, IN KPROCESSOR_MODE AccessMode)

NTKERNELAPI VOID SeOpenObjectAuditAlarm (IN PUNICODE_STRING ObjectTypeName, IN PVOID Object OPTIONAL, IN PUNICODE_STRING AbsoluteObjectName OPTIONAL, IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN PACCESS_STATE AccessState, IN BOOLEAN ObjectCreated, IN BOOLEAN AccessGranted, IN KPROCESSOR_MODE AccessMode, OUT PBOOLEAN GenerateOnClose)

NTKERNELAPI VOID SeOpenObjectForDeleteAuditAlarm (IN PUNICODE_STRING ObjectTypeName, IN PVOID Object OPTIONAL, IN PUNICODE_STRING AbsoluteObjectName OPTIONAL, IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN PACCESS_STATE AccessState, IN BOOLEAN ObjectCreated, IN BOOLEAN AccessGranted, IN KPROCESSOR_MODE AccessMode, OUT PBOOLEAN GenerateOnClose)

VOID SeDeleteObjectAuditAlarm (IN PVOID Object, IN HANDLE Handle)

VOID SeCloseObjectAuditAlarm (IN PVOID Object, IN HANDLE Handle, IN BOOLEAN GenerateOnClose)

VOID SeTraverseAuditAlarm (IN PLUID OperationID, IN PVOID DirectoryObject, IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext, IN BOOLEAN SubjectContextLocked, IN ACCESS_MASK TraverseAccess, IN PPRIVILEGE_SET Privileges OPTIONAL, IN BOOLEAN AccessGranted, IN KPROCESSOR_MODE AccessMode)

VOID SeCreateInstanceAuditAlarm (IN PLUID OperationID OPTIONAL, IN PVOID Object, IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext, IN ACCESS_MASK DesiredAccess, IN PPRIVILEGE_SET Privileges OPTIONAL, IN BOOLEAN AccessGranted, IN KPROCESSOR_MODE AccessMode)

VOID SeCreateObjectAuditAlarm (IN PLUID OperationID OPTIONAL, IN PVOID Object, IN PUNICODE_STRING ComponentName, IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext, IN ACCESS_MASK DesiredAccess, IN PPRIVILEGE_SET Privileges OPTIONAL, IN BOOLEAN AccessGranted, OUT PBOOLEAN AuditPerformed, IN KPROCESSOR_MODE AccessMode)

VOID SeObjectReferenceAuditAlarm (IN PLUID OperationID OPTIONAL, IN PVOID Object, IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext, IN ACCESS_MASK DesiredAccess, IN PPRIVILEGE_SET Privileges OPTIONAL, IN BOOLEAN AccessGranted, IN KPROCESSOR_MODE AccessMode)

NTKERNELAPI VOID SePrivilegeObjectAuditAlarm (IN HANDLE Handle, IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext, IN ACCESS_MASK DesiredAccess, IN PPRIVILEGE_SET Privileges, IN BOOLEAN AccessGranted, IN KPROCESSOR_MODE AccessMode)

BOOLEAN SeCheckPrivilegedObject (LUID PrivilegeValue, HANDLE ObjectHandle, ACCESS_MASK DesiredAccess, KPROCESSOR_MODE PreviousMode)

NTKERNELAPI BOOLEAN SeValidSecurityDescriptor (IN ULONG Length, IN PSECURITY_DESCRIPTOR SecurityDescriptor)

VOID SeAuditHandleCreation (IN PACCESS_STATE AccessState, IN HANDLE Handle)

PACCESS_TOKEN SeMakeSystemToken ()

PACCESS_TOKEN SeMakeAnonymousLogonToken ()

VOID SeGetTokenControlInformation (IN PACCESS_TOKEN Token, OUT PTOKEN_CONTROL TokenControl)

NTKERNELAPI TOKEN_TYPE SeTokenType (IN PACCESS_TOKEN Token)

SECURITY_IMPERSONATION_LEVEL SeTokenImpersonationLevel (IN PACCESS_TOKEN Token)

NTKERNELAPI BOOLEAN SeTokenIsAdmin (IN PACCESS_TOKEN Token)

NTKERNELAPI BOOLEAN SeTokenIsRestricted (IN PACCESS_TOKEN Token)

NTSTATUS SeSubProcessToken (IN PEPROCESS ParentProcess, OUT PACCESS_TOKEN *ChildToken)

VOID SeAssignPrimaryToken (IN PEPROCESS Process, IN PACCESS_TOKEN Token)

VOID SeDeassignPrimaryToken (IN PEPROCESS Process)

NTSTATUS SeExchangePrimaryToken (IN PEPROCESS Process, IN PACCESS_TOKEN NewAccessToken, OUT PACCESS_TOKEN *OldAccessToken)

NTSTATUS SeCopyClientToken (IN PACCESS_TOKEN ClientToken, IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel, IN KPROCESSOR_MODE RequestorMode, OUT PACCESS_TOKEN *DuplicateToken)

NTSTATUS SeFilterToken (IN PACCESS_TOKEN ExistingToken, IN ULONG Flags, IN PTOKEN_GROUPS SidsToDisable OPTIONAL, IN PTOKEN_PRIVILEGES PrivilegesToDelete OPTIONAL, IN PTOKEN_GROUPS RestrictedSids OPTIONAL, OUT PACCESS_TOKEN *FilteredToken)

NTKERNELAPI NTSTATUS SeQueryAuthenticationIdToken (IN PACCESS_TOKEN Token, OUT PLUID AuthenticationId)

NTKERNELAPI NTSTATUS SeQuerySessionIdToken (IN PACCESS_TOKEN, IN PULONG pSessionId)

NTKERNELAPI NTSTATUS SeSetSessionIdToken (IN PACCESS_TOKEN, IN ULONG SessionId)

NTKERNELAPI NTSTATUS SeCreateClientSecurity (IN PETHREAD ClientThread, IN PSECURITY_QUALITY_OF_SERVICE ClientSecurityQos, IN BOOLEAN RemoteSession, OUT PSECURITY_CLIENT_CONTEXT ClientContext)

NTKERNELAPI VOID SeImpersonateClient (IN PSECURITY_CLIENT_CONTEXT ClientContext, IN PETHREAD ServerThread OPTIONAL)

NTKERNELAPI NTSTATUS SeImpersonateClientEx (IN PSECURITY_CLIENT_CONTEXT ClientContext, IN PETHREAD ServerThread OPTIONAL)

NTKERNELAPI NTSTATUS SeCreateClientSecurityFromSubjectContext (IN PSECURITY_SUBJECT_CONTEXT SubjectContext, IN PSECURITY_QUALITY_OF_SERVICE ClientSecurityQos, IN BOOLEAN ServerIsRemote, OUT PSECURITY_CLIENT_CONTEXT ClientContext)

NTKERNELAPI NTSTATUS SeCreateAccessState (IN PACCESS_STATE AccessState, IN PAUX_ACCESS_DATA AuxData, IN ACCESS_MASK DesiredAccess, IN PGENERIC_MAPPING GenericMapping)

NTKERNELAPI VOID SeDeleteAccessState (IN PACCESS_STATE AccessState)

NTSTATUS SeUpdateClientSecurity (IN PETHREAD ClientThread, IN OUT PSECURITY_CLIENT_CONTEXT ClientContext, OUT PBOOLEAN ChangesMade, OUT PBOOLEAN NewToken)

BOOLEAN SeRmInitPhase1 ()

NTKERNELAPI NTSTATUS SeQuerySecurityDescriptorInfo (IN PSECURITY_INFORMATION SecurityInformation, OUT PSECURITY_DESCRIPTOR SecurityDescriptor, IN OUT PULONG Length, IN PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor)

NTKERNELAPI NTSTATUS SeSetSecurityDescriptorInfo (IN PVOID Object OPTIONAL, IN PSECURITY_INFORMATION SecurityInformation, IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN OUT PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor, IN POOL_TYPE PoolType, IN PGENERIC_MAPPING GenericMapping)

NTKERNELAPI NTSTATUS SeSetSecurityDescriptorInfoEx (IN PVOID Object OPTIONAL, IN PSECURITY_INFORMATION SecurityInformation, IN PSECURITY_DESCRIPTOR ModificationDescriptor, IN OUT PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor, IN ULONG AutoInheritFlags, IN POOL_TYPE PoolType, IN PGENERIC_MAPPING GenericMapping)

NTKERNELAPI NTSTATUS SeAppendPrivileges (PACCESS_STATE AccessState, PPRIVILEGE_SET Privileges)

NTSTATUS SeComputeQuotaInformationSize (IN PSECURITY_DESCRIPTOR SecurityDescriptor, OUT PULONG Size)

VOID SePrivilegedServiceAuditAlarm (IN PUNICODE_STRING ServiceName, IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext, IN PPRIVILEGE_SET Privileges, IN BOOLEAN AccessGranted)

NTKERNELAPI BOOLEAN SeSinglePrivilegeCheck (LUID PrivilegeValue, KPROCESSOR_MODE PreviousMode)

BOOLEAN SeCheckAuditPrivilege (IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext, IN KPROCESSOR_MODE PreviousMode)

NTSTATUS SeAssignWorldSecurityDescriptor (IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN OUT PULONG Length, IN PSECURITY_INFORMATION SecurityInformation)

BOOLEAN SeFastTraverseCheck (PSECURITY_DESCRIPTOR SecurityDescriptor, ACCESS_MASK TraverseAccess, KPROCESSOR_MODE AccessMode)

NTKERNELAPI BOOLEAN SeAuditingFileEvents (IN BOOLEAN AccessGranted, IN PSECURITY_DESCRIPTOR SecurityDescriptor)

NTKERNELAPI BOOLEAN SeAuditingFileOrGlobalEvents (IN BOOLEAN AccessGranted, IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext)

VOID SeAuditProcessCreation (PEPROCESS Process, PEPROCESS Parent, PUNICODE_STRING ImageFileName)

VOID SeAuditProcessExit (PEPROCESS Process)

VOID SeAuditHandleDuplication (PVOID SourceHandle, PVOID NewHandle, PEPROCESS SourceProcess, PEPROCESS TargetProcess)

VOID SeSetAccessStateGenericMapping (PACCESS_STATE AccessState, PGENERIC_MAPPING GenericMapping)

NTKERNELAPI NTSTATUS SeRegisterLogonSessionTerminatedRoutine (IN PSE_LOGON_SESSION_TERMINATED_ROUTINE CallbackRoutine)

NTKERNELAPI NTSTATUS SeUnregisterLogonSessionTerminatedRoutine (IN PSE_LOGON_SESSION_TERMINATED_ROUTINE CallbackRoutine)

NTKERNELAPI NTSTATUS SeMarkLogonSessionForTerminationNotification (IN PLUID LogonId)

NTKERNELAPI NTSTATUS SeQueryInformationToken (IN PACCESS_TOKEN Token, IN TOKEN_INFORMATION_CLASS TokenInformationClass, OUT PVOID *TokenInformation)

NTSTATUS SeIsChildToken (IN HANDLE Token, OUT PBOOLEAN IsChild)

NTSTATUS SeIsChildTokenByPointer (IN PACCESS_TOKEN Token, OUT PBOOLEAN IsChild)

NTSTATUS SeFastFilterToken (IN PACCESS_TOKEN ExistingToken, IN KPROCESSOR_MODE RequestorMode, IN ULONG Flags, IN ULONG GroupCount, IN PSID_AND_ATTRIBUTES GroupsToDisable OPTIONAL, IN ULONG PrivilegeCount, IN PLUID_AND_ATTRIBUTES PrivilegesToDelete OPTIONAL, IN ULONG SidCount, IN PSID_AND_ATTRIBUTES RestrictedSids OPTIONAL, IN ULONG SidLength, OUT PACCESS_TOKEN *FilteredToken)

Variables

_OBJECT_TYPE * SepTokenObjectType

NTKERNELAPI PSE_EXPORTS SeExports

LUID SeSystemAuthenticationId

LUID SeAnonymousAuthenticationId

TOKEN_SOURCE SeSystemTokenSource

PSID SeNullSid

PSID SeWorldSid

PSID SeLocalSid

PSID SeCreatorOwnerSid

PSID SeCreatorGroupSid

PSID SeCreatorOwnerServerSid

PSID SeCreatorGroupServerSid

PSID SePrincipalSelfSid

PSID SeNtAuthoritySid

PSID SeDialupSid

PSID SeNetworkSid

PSID SeBatchSid

PSID SeInteractiveSid

PSID SeLocalSystemSid

PSID SeAuthenticatedUsersSid

PSID SeAliasAdminsSid

PSID SeRestrictedSid

PSID SeAnonymousLogonSid

PSID SeAliasUsersSid

PSID SeAliasGuestsSid

PSID SeAliasPowerUsersSid

PSID SeAliasAccountOpsSid

PSID SeAliasSystemOpsSid

PSID SeAliasPrintOpsSid

PSID SeAliasBackupOpsSid

PACCESS_TOKEN SeAnonymousLogonToken

PSECURITY_DESCRIPTOR SePublicDefaultSd

PSECURITY_DESCRIPTOR SePublicDefaultUnrestrictedSd

PSECURITY_DESCRIPTOR SePublicOpenSd

PSECURITY_DESCRIPTOR SePublicOpenUnrestrictedSd

PSECURITY_DESCRIPTOR SeSystemDefaultSd

PSECURITY_DESCRIPTOR SeUnrestrictedSd

PACL SePublicDefaultDacl

PACL SePublicDefaultUnrestrictedDacl

PACL SePublicOpenDacl

PACL SePublicOpenUnrestrictedDacl

PACL SeSystemDefaultDacl

PACL SeUnrestrictedDacl

LUID SeCreateTokenPrivilege

LUID SeAssignPrimaryTokenPrivilege

LUID SeLockMemoryPrivilege

LUID SeIncreaseQuotaPrivilege

LUID SeUnsolicitedInputPrivilege

LUID SeTcbPrivilege

LUID SeSecurityPrivilege

LUID SeTakeOwnershipPrivilege

LUID SeLoadDriverPrivilege

LUID SeCreatePagefilePrivilege

LUID SeIncreaseBasePriorityPrivilege

LUID SeSystemProfilePrivilege

LUID SeSystemtimePrivilege

LUID SeProfileSingleProcessPrivilege

LUID SeCreatePermanentPrivilege

LUID SeBackupPrivilege

LUID SeRestorePrivilege

LUID SeShutdownPrivilege

LUID SeDebugPrivilege

LUID SeAuditPrivilege

LUID SeSystemEnvironmentPrivilege

LUID SeChangeNotifyPrivilege

LUID SeRemoteShutdownPrivilege

LUID SeUndockPrivilege

LUID SeSyncAgentPrivilege

LUID SeEnableDelegationPrivilege

SE_AUDITING_STATE SeAuditingState []

BOOLEAN SeDetailedAuditing

UNICODE_STRING SeSubsystemName

Define Documentation

#define INITIAL_PRIVILEGE_COUNT 3

Definition at line 147 of file se.h.
Referenced by SeAppendPrivileges().

#define SE_BACKUP_PRIVILEGES_CHECKED 0x00000010

Definition at line 85 of file se.h.
Referenced by IopCheckBackupRestorePrivilege(), and IopParseDevice().

#define SE_DEFAULT_SECURITY_QUOTA 2048

Definition at line 62 of file se.h.
Referenced by ObpAllocateObject(), ObpChargeQuotaForObject(), ObpFreeObject(), and ObValidateSecurityQuota().

#define SeAssertMappedCanonicalAccess ( AccessMask )

Value:
ASSERT(!( ( AccessMask ) & \ ( GENERIC_READ | \ GENERIC_WRITE | \ GENERIC_EXECUTE | \ GENERIC_ALL )) \ )

Definition at line 650 of file se.h.
Referenced by SeAccessCheck(), and SepAccessCheck().

#define SeComputeDeniedAccesses ( GrantedAccess,
DesiredAccess ) ((~(GrantedAccess)) & (DesiredAccess) )

Definition at line 480 of file se.h.
Referenced by IoCheckDesiredAccess(), IoCheckFunctionAccess(), NtSignalAndWaitForSingleObject(), NtWaitForMultipleObjects(), and ObReferenceObjectByHandle().

#define SeComputeGrantedAccesses ( GrantedAccess,
DesiredAccess ) ((GrantedAccess) & (DesiredAccess) )

Definition at line 515 of file se.h.
Referenced by IoCheckFunctionAccess(), IopXxxControlFile(), NtFlushBuffersFile(), NtLockFile(), NtUnlockFile(), NtWriteFile(), and NtWriteFileGather().

#define SeComputeSecurityQuota ( Size )

Value:
( \ ((( Size ) * 2 ) > SE_DEFAULT_SECURITY_QUOTA) ? \ (( Size ) * 2 ) : SE_DEFAULT_SECURITY_QUOTA \ )

Definition at line 676 of file se.h.
Referenced by ObpCaptureObjectCreateInformation().

#define SeDeleteClientSecurity ( C )

Value:
{ \ if (SeTokenType((C)->ClientToken) == TokenPrimary) { \ PsDereferencePrimaryToken( (C)->ClientToken ); \ } else { \ PsDereferenceImpersonationToken( (C)->ClientToken ); \ } \ }
*++

Definition at line 612 of file se.h.
Referenced by CmLoadKey(), FreeDdeConv(), LpcpFreePortClientSecurity(), MESSAGECALL(), and NtImpersonateThread().

#define SeEnableAccessToExports ( )

Definition at line 1589 of file se.h.
Referenced by InitSecurity().

#define SeLengthSid ( Sid ) (8 + (4 * ((SID *)Sid)->SubAuthorityCount))

Definition at line 540 of file se.h.
Referenced by CmpHiveRootSecurityDescriptor(), CreateDAclToken(), GenerateDescriptor(), IopApplySystemPartitionProt(), NtCloseObjectAuditAlarm(), NtDeleteObjectAuditAlarm(), NtQueryInformationToken(), NtSetInformationToken(), ObInitSystem(), RtlAddCompoundAce(), RtlCopySid(), RtlCopySidAndAttributesArray(), RtlEqualSid(), RtlLengthSecurityDescriptor(), RtlLengthSid(), RtlLengthUsedSecurityDescriptor(), RtlpAddKnownAce(), RtlpAddKnownObjectAce(), RtlpConvertToAutoInheritSecurityObject(), RtlpCopyEffectiveAce(), RtlpCreateServerAcl(), RtlpNewSecurityObject(), RtlpQuerySecurityDescriptor(), RtlpSetSecurityObject(), RtlQuerySecurityObject(), RtlSelfRelativeToAbsoluteSD(), RtlValidAcl(), RtlValidRelativeSecurityDescriptor(), SeAssignWorldSecurityDescriptor(), SeComputeQuotaInformationSize(), SeMakeAnonymousLogonToken(), SeMakeSystemToken(), SepAdjustGroups(), SepAppendDefaultDacl(), SepAppendPrimaryGroup(), SepCreateImpersonationTokenDacl(), SepFreeDefaultDacl(), SepFreePrimaryGroup(), SepInitSystemDacls(), SeQueryInformationToken(), SeQuerySecurityDescriptorInfo(), SeRmInitPhase1(), SeValidSecurityDescriptor(), TestSeSid(), and TestTokenSet().

#define SeQuerySubjectContextToken ( SubjectContext )

Value:
( ARGUMENT_PRESENT( ((PSECURITY_SUBJECT_CONTEXT) SubjectContext)->ClientToken) ? \ ((PSECURITY_SUBJECT_CONTEXT) SubjectContext)->ClientToken : \ ((PSECURITY_SUBJECT_CONTEXT) SubjectContext)->PrimaryToken )

Definition at line 732 of file se.h.
Referenced by NtSetUuidSeed(), and SeCreateClientSecurityFromSubjectContext().

#define SeSameToken ( TC1,
TC2 )

Value:
( \ ((TC1)->TokenId.HighPart == (TC2)->TokenId.HighPart) && \ ((TC1)->TokenId.LowPart == (TC2)->TokenId.LowPart) && \ (RtlEqualLuid(&(TC1)->AuthenticationId,&(TC2)->AuthenticationId)) \ )

Definition at line 577 of file se.h.

#define SeStopImpersonatingClient ( ) PsRevertToSelf()

*++

Definition at line 647 of file se.h.

#define SeTokenObjectType ( ) (PVOID)SepTokenObjectType

Definition at line 1213 of file se.h.
Referenced by NtSetInformationJobObject(), PsAssignImpersonationToken(), PspAssignPrimaryToken(), and PspSetPrimaryToken().

#define TOKEN_HAS_ADMIN_GROUP 0x08

Definition at line 75 of file se.h.
Referenced by SepCreateToken(), SepMakeTokenEffectiveOnly(), SepRemoveDisabledGroupsAndPrivileges(), and SeTokenIsAdmin().

#define TOKEN_HAS_BACKUP_PRIVILEGE 0x02

Definition at line 73 of file se.h.
Referenced by IopCheckBackupRestorePrivilege().

#define TOKEN_HAS_RESTORE_PRIVILEGE 0x04

Definition at line 74 of file se.h.
Referenced by IopCheckBackupRestorePrivilege().

#define TOKEN_HAS_TRAVERSE_PRIVILEGE 0x01

Definition at line 72 of file se.h.
Referenced by IopParseDevice(), ObpLookupObjectName(), SeCreateAccessState(), SepAdjustPrivileges(), SepCreateToken(), and SepRemoveDisabledGroupsAndPrivileges().

#define TOKEN_IS_RESTRICTED 0x10

Definition at line 76 of file se.h.
Referenced by IopParseDevice(), ObpCheckTraverseAccess(), SepFilterToken(), SepTokenIsOwner(), and SeTokenIsRestricted().

Typedef Documentation

typedef struct _ACCESS_STATE ACCESS_STATE

Referenced by SeCreateAccessState().

typedef struct _AUX_ACCESS_DATA AUX_ACCESS_DATA

Referenced by NtDuplicateObject().

typedef struct _INITIAL_PRIVILEGE_SET INITIAL_PRIVILEGE_SET

typedef struct _ACCESS_STATE * PACCESS_STATE

typedef struct _AUX_ACCESS_DATA * PAUX_ACCESS_DATA

Referenced by ObpCreateHandle().

typedef struct _INITIAL_PRIVILEGE_SET * PINITIAL_PRIVILEGE_SET

typedef struct _SE_AUDITING_STATE * PSE_AUDITING_STATE

typedef struct _SE_EXPORTS * PSE_EXPORTS

typedef NTSTATUS(* PSE_LOGON_SESSION_TERMINATED_ROUTINE)(IN PLUID LogonId)

Definition at line 434 of file se.h.
Referenced by SeRegisterLogonSessionTerminatedRoutine().

typedef struct _SE_PROCESS_AUDIT_INFO * PSE_PROCESS_AUDIT_INFO

Referenced by ObAuditInheritedHandleProcedure().

typedef enum _SECURITY_OPERATION_CODE * PSECURITY_OPERATION_CODE

typedef struct _SECURITY_SUBJECT_CONTEXT * PSECURITY_SUBJECT_CONTEXT

Referenced by SeAccessCheck().

typedef struct _SE_AUDITING_STATE SE_AUDITING_STATE

typedef struct _SE_EXPORTS SE_EXPORTS

typedef struct _SE_PROCESS_AUDIT_INFO SE_PROCESS_AUDIT_INFO

Referenced by ObInitProcess().

typedef enum _SECURITY_OPERATION_CODE SECURITY_OPERATION_CODE

typedef struct _SECURITY_SUBJECT_CONTEXT SECURITY_SUBJECT_CONTEXT

Referenced by SeAccessCheckByType(), and SeSinglePrivilegeCheck().

Enumeration Type Documentation

enum _SECURITY_OPERATION_CODE

Enumeration values:

SetSecurityDescriptor

QuerySecurityDescriptor

DeleteSecurityDescriptor

AssignSecurityDescriptor

Definition at line 43 of file se.h.

00043 { 00044 SetSecurityDescriptor, 00045 QuerySecurityDescriptor, 00046 DeleteSecurityDescriptor, 00047 AssignSecurityDescriptor 00048 } SECURITY_OPERATION_CODE, *PSECURITY_OPERATION_CODE;

Function Documentation

NTKERNELAPI BOOLEAN SeAccessCheck ( IN PSECURITY_DESCRIPTOR SecurityDescriptor,

IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext,

IN BOOLEAN SubjectContextLocked,

IN ACCESS_MASK DesiredAccess,

IN ACCESS_MASK PreviouslyGrantedAccess,

OUT PPRIVILEGE_SET *Privileges OPTIONAL,

IN PGENERIC_MAPPING GenericMapping,

IN KPROCESSOR_MODE AccessMode,

OUT PACCESS_MASK GrantedAccess,

OUT PNTSTATUS AccessStatus

)

Definition at line 3323 of file accessck.c.
References DbgPrint, EffectiveToken, FALSE, KernelMode, NULL, PAGED_CODE, PSECURITY_SUBJECT_CONTEXT, SeAssertMappedCanonicalAccess, SeLockSubjectContext(), SepAccessCheck(), SepDumpSecurityDescriptor(), SepDumpTokenInfo(), SepTokenIsOwner(), SeUnlockSubjectContext(), and TRUE.
Referenced by CmpCheckCreateAccess(), CmpCheckNotifyAccess(), IopParseDevice(), ObCheckCreateObjectAccess(), ObCheckObjectAccess(), ObpCheckObjectReference(), ObpCheckTraverseAccess(), PspCreateProcess(), PspCreateThread(), PspSetPrimaryToken(), SeProxyAccessCheck(), and TestAccessCheck().

03338 : 03339 03340 See module abstract 03341 03342 This routine MAY perform tests for the following 03343 privileges: 03344 03345 SeTakeOwnershipPrivilege 03346 SeSecurityPrivilege 03347 03348 depending upon the accesses being requested. 03349 03350 This routine may also check to see if the subject is the owner 03351 of the object (to grant WRITE_DAC access). 03352 03353 Arguments: 03354 03355 SecurityDescriptor - Supplies the security descriptor protecting the 03356 object being accessed 03357 03358 SubjectSecurityContext - A pointer to the subject's captured security 03359 context 03360 03361 SubjectContextLocked - Supplies a flag indiciating whether or not 03362 the user's subject context is locked, so that it does not have 03363 to be locked again. 03364 03365 DesiredAccess - Supplies the access mask that the user is attempting to 03366 acquire 03367 03368 PreviouslyGrantedAccess - Supplies any accesses that the user has 03369 already been granted, for example, as a result of holding a 03370 privilege. 03371 03372 Privileges - Supplies a pointer in which will be returned a privilege 03373 set indicating any privileges that were used as part of the 03374 access validation. 03375 03376 GenericMapping - Supplies the generic mapping associated with this 03377 object type. 03378 03379 AccessMode - Supplies the access mode to be used in the check 03380 03381 GrantedAccess - Pointer to a returned access mask indicatating the 03382 granted access 03383 03384 AccessStatus - Status value that may be returned indicating the 03385 reason why access was denied. Routines should avoid hardcoding a 03386 return value of STATUS_ACCESS_DENIED so that a different value can 03387 be returned when mandatory access control is implemented. 03388 03389 03390 Return Value: 03391 03392 BOOLEAN - TRUE if access is allowed and FALSE otherwise 03393 03394 --*/ 03395 03396 { 03397 BOOLEAN Success; 03398 03399 PAGED_CODE(); 03400 03401 if (AccessMode == KernelMode) { 03402 03403 if (DesiredAccess & MAXIMUM_ALLOWED) { 03404 03405 // 03406 // Give him: 03407 // GenericAll 03408 // Anything else he asked for 03409 // 03410 03411 *GrantedAccess = GenericMapping->GenericAll; 03412 *GrantedAccess |= (DesiredAccess & ~MAXIMUM_ALLOWED); 03413 *GrantedAccess |= PreviouslyGrantedAccess; 03414 03415 } else { 03416 03417 *GrantedAccess = DesiredAccess | PreviouslyGrantedAccess; 03418 } 03419 *AccessStatus = STATUS_SUCCESS; 03420 return(TRUE); 03421 } 03422 03423 // 03424 // If the object doesn't have a security descriptor (and it's supposed 03425 // to), return access denied. 03426 // 03427 03428 if ( SecurityDescriptor == NULL) { 03429 03430 *AccessStatus = STATUS_ACCESS_DENIED; 03431 return( FALSE ); 03432 03433 } 03434 03435 // 03436 // If we're impersonating a client, we have to be at impersonation level 03437 // of SecurityImpersonation or above. 03438 // 03439 03440 if ( (SubjectSecurityContext->ClientToken != NULL) && 03441 (SubjectSecurityContext->ImpersonationLevel < SecurityImpersonation) 03442 ) { 03443 *AccessStatus = STATUS_BAD_IMPERSONATION_LEVEL; 03444 return( FALSE ); 03445 } 03446 03447 if ( DesiredAccess == 0 ) { 03448 03449 if ( PreviouslyGrantedAccess == 0 ) { 03450 *AccessStatus = STATUS_ACCESS_DENIED; 03451 return( FALSE ); 03452 } 03453 03454 *GrantedAccess = PreviouslyGrantedAccess; 03455 *AccessStatus = STATUS_SUCCESS; 03456 *Privileges = NULL; 03457 return( TRUE ); 03458 03459 } 03460 03461 SeAssertMappedCanonicalAccess( DesiredAccess ); 03462 03463 03464 // 03465 // If the caller did not lock the subject context for us, 03466 // lock it here to keep lower level routines from having 03467 // to lock it. 03468 // 03469 03470 if ( !SubjectContextLocked ) { 03471 SeLockSubjectContext( SubjectSecurityContext ); 03472 } 03473 03474 // 03475 // If the user in the token is the owner of the object, we 03476 // must automatically grant ReadControl and WriteDac access 03477 // if desired. If the DesiredAccess mask is empty after 03478 // these bits are turned off, we don't have to do any more 03479 // access checking (ref section 4, DSA ACL Arch) 03480 // 03481 03482 if ( DesiredAccess & (WRITE_DAC | READ_CONTROL | MAXIMUM_ALLOWED) ) { 03483 03484 if ( SepTokenIsOwner( 03485 EffectiveToken( SubjectSecurityContext ), 03486 SecurityDescriptor, 03487 TRUE 03488 ) ) { 03489 03490 if ( DesiredAccess & MAXIMUM_ALLOWED ) { 03491 03492 PreviouslyGrantedAccess |= (WRITE_DAC | READ_CONTROL); 03493 03494 } else { 03495 03496 PreviouslyGrantedAccess |= (DesiredAccess & (WRITE_DAC | READ_CONTROL)); 03497 } 03498 03499 DesiredAccess &= ~(WRITE_DAC | READ_CONTROL); 03500 } 03501 } 03502 03503 if (DesiredAccess == 0) { 03504 03505 if ( !SubjectContextLocked ) { 03506 SeUnlockSubjectContext( SubjectSecurityContext ); 03507 } 03508 03509 *GrantedAccess = PreviouslyGrantedAccess; 03510 *AccessStatus = STATUS_SUCCESS; 03511 return( TRUE ); 03512 03513 } else { 03514 03515 SepAccessCheck( 03516 SecurityDescriptor, 03517 NULL, // No PrincipalSelfSid 03518 SubjectSecurityContext->PrimaryToken, 03519 SubjectSecurityContext->ClientToken, 03520 DesiredAccess, 03521 NULL, // No object type list 03522 0, // No object type list 03523 GenericMapping, 03524 PreviouslyGrantedAccess, 03525 AccessMode, 03526 GrantedAccess, 03527 Privileges, 03528 AccessStatus, 03529 FALSE, // Don't return a list 03530 &Success, 03531 NULL 03532 ); 03533 #if DBG 03534 if (!Success && SepShowAccessFail) { 03535 DbgPrint("SE: Access check failed, DesiredAccess = 0x%x\n", 03536 DesiredAccess); 03537 SepDumpSD = TRUE; 03538 SepDumpSecurityDescriptor( 03539 SecurityDescriptor, 03540 "Input to SeAccessCheck\n" 03541 ); 03542 SepDumpSD = FALSE; 03543 SepDumpToken = TRUE; 03544 SepDumpTokenInfo( EffectiveToken( SubjectSecurityContext ) ); 03545 SepDumpToken = FALSE; 03546 } 03547 #endif 03548 03549 // 03550 // If we locked it in this routine, unlock it before we 03551 // leave. 03552 // 03553 03554 if ( !SubjectContextLocked ) { 03555 SeUnlockSubjectContext( SubjectSecurityContext ); 03556 } 03557 03558 return( Success ); 03559 } 03560 }

NTKERNELAPI NTSTATUS SeAppendPrivileges ( PACCESS_STATE AccessState,

PPRIVILEGE_SET Privileges

)

Definition at line 434 of file seastate.c.
References _ACCESS_STATE::AuxData, ExAllocatePoolWithTag, ExFreePool(), INITIAL_PRIVILEGE_COUNT, NULL, PAGED_CODE, PagedPool, _ACCESS_STATE::PrivilegesAllocated, _AUX_ACCESS_DATA::PrivilegesUsed, SepConcatenatePrivileges(), SepPrivilegeSetSize, and TRUE.
Referenced by IopCheckBackupRestorePrivilege(), IopParseDevice(), ObCheckCreateObjectAccess(), ObCheckObjectAccess(), ObpCheckTraverseAccess(), and ObpIncrementHandleCount().

00440 : 00441 00442 This routine takes a privilege set and adds it to the privilege set 00443 imbedded in an ACCESS_STATE structure. 00444 00445 An AccessState may contain up to three imbedded privileges. To 00446 add more, this routine will allocate a block of memory, copy 00447 the current privileges into it, and append the new privilege 00448 to that block. A bit is set in the AccessState indicating that 00449 the pointer to the privilge set in the structure points to pool 00450 memory and must be deallocated. 00451 00452 Arguments: 00453 00454 AccessState - The AccessState structure representing the current 00455 access attempt. 00456 00457 Privileges - A pointer to a privilege set to be added. 00458 00459 Return Value: 00460 00461 STATUS_INSUFFICIENT_RESOURCES - an attempt to allocate pool memory 00462 failed. 00463 00464 --*/ 00465 00466 { 00467 ULONG NewPrivilegeSetSize; 00468 PPRIVILEGE_SET NewPrivilegeSet; 00469 PAUX_ACCESS_DATA AuxData; 00470 00471 PAGED_CODE(); 00472 00473 AuxData = (PAUX_ACCESS_DATA)AccessState->AuxData; 00474 00475 if (Privileges->PrivilegeCount + AuxData->PrivilegesUsed->PrivilegeCount > 00476 INITIAL_PRIVILEGE_COUNT) { 00477 00478 // 00479 // Compute the total size of the two privilege sets 00480 // 00481 00482 NewPrivilegeSetSize = SepPrivilegeSetSize( Privileges ) + 00483 SepPrivilegeSetSize( AuxData->PrivilegesUsed ); 00484 00485 NewPrivilegeSet = ExAllocatePoolWithTag( PagedPool, NewPrivilegeSetSize, 'rPeS' ); 00486 00487 if (NewPrivilegeSet == NULL) { 00488 return( STATUS_INSUFFICIENT_RESOURCES ); 00489 } 00490 00491 00492 RtlCopyMemory( 00493 NewPrivilegeSet, 00494 AuxData->PrivilegesUsed, 00495 SepPrivilegeSetSize( AuxData->PrivilegesUsed ) 00496 ); 00497 00498 // 00499 // Note that this will adjust the privilege count in the 00500 // structure for us. 00501 // 00502 00503 SepConcatenatePrivileges( 00504 NewPrivilegeSet, 00505 NewPrivilegeSetSize, 00506 Privileges 00507 ); 00508 00509 if (AccessState->PrivilegesAllocated) { 00510 ExFreePool( AuxData->PrivilegesUsed ); 00511 } 00512 00513 AuxData->PrivilegesUsed = NewPrivilegeSet; 00514 00515 // 00516 // Mark that we've allocated memory for the privilege set, 00517 // so we know to free it when we're cleaning up. 00518 // 00519 00520 AccessState->PrivilegesAllocated = TRUE; 00521 00522 } else { 00523 00524 // 00525 // Note that this will adjust the privilege count in the 00526 // structure for us. 00527 // 00528 00529 SepConcatenatePrivileges( 00530 AuxData->PrivilegesUsed, 00531 sizeof(INITIAL_PRIVILEGE_SET), 00532 Privileges 00533 ); 00534 00535 } 00536 00537 return( STATUS_SUCCESS ); 00538 00539 }

VOID SeAssignPrimaryToken ( IN PEPROCESS Process,

IN PACCESS_TOKEN Token

)

Definition at line 241 of file token.c.
References ASSERT, NTSTATUS(), NULL, ObReferenceObject, PAGED_CODE, PTOKEN, SeDeassignPrimaryToken(), Status, Token, and TRUE.
Referenced by PspInitializeProcessSecurity().

00249 : 00250 00251 This function establishes a primary token for a process. 00252 00253 Arguments: 00254 00255 Token - Points to the new primary token. 00256 00257 Return Value: 00258 00259 None. 00260 00261 --*/ 00262 00263 { 00264 00265 NTSTATUS 00266 Status; 00267 00268 PTOKEN 00269 NewToken = (PTOKEN)Token; 00270 00271 PAGED_CODE(); 00272 00273 ASSERT(NewToken->TokenType == TokenPrimary); 00274 ASSERT( !NewToken->TokenInUse ); 00275 00276 00277 // 00278 // Dereference the old token if there is one. 00279 // 00280 // Processes typically already have a token that must be 00281 // dereferenced. There are two cases where this may not 00282 // be the situation. First, during phase 0 system initialization, 00283 // the initial system process starts out without a token. Second, 00284 // if an error occurs during process creation, we may be cleaning 00285 // up a process that hasn't yet had a primary token assigned. 00286 // 00287 00288 if (Process->Token != NULL) { 00289 SeDeassignPrimaryToken( Process ); 00290 } 00291 00292 00293 Process->Token=Token; 00294 NewToken->TokenInUse = TRUE; 00295 ObReferenceObject(NewToken); 00296 return; 00297 }

NTKERNELAPI NTSTATUS SeAssignSecurity ( IN PSECURITY_DESCRIPTOR ParentDescriptor OPTIONAL,

IN PSECURITY_DESCRIPTOR ExplicitDescriptor,

OUT PSECURITY_DESCRIPTOR * NewDescriptor,

IN BOOLEAN IsDirectoryObject,

IN PSECURITY_SUBJECT_CONTEXT SubjectContext,

IN PGENERIC_MAPPING GenericMapping,

IN POOL_TYPE PoolType

)

Definition at line 89 of file seassign.c.
References NT_SUCCESS, NTSTATUS(), NULL, PAGED_CODE, PagedPool, RtlpNewSecurityObject(), SepDumpSecurityDescriptor(), and Status.
Referenced by CmpDoCreateChild(), ObAssignSecurity(), TestAssignSecurity(), and xxxCreateWindowStation().

00101 : 00102 00103 This routine assumes privilege checking HAS NOT yet been performed 00104 and so will be performed by this routine. 00105 00106 This procedure is used to build a security descriptor for a new object 00107 given the security descriptor of its parent directory and any originally 00108 requested security for the object. The final security descriptor 00109 returned to the caller may contain a mix of information, some explicitly 00110 provided other from the new object's parent. 00111 00112 00113 See RtlpNewSecurityObject for a descriptor of how the NewDescriptor is 00114 built. 00115 00116 00117 Arguments: 00118 00119 ParentDescriptor - Optionally supplies the security descriptor of the 00120 parent directory under which this new object is being created. 00121 00122 ExplicitDescriptor - Supplies the address of a pointer to the security 00123 descriptor as specified by the user that is to be applied to 00124 the new object. 00125 00126 NewDescriptor - Returns the actual security descriptor for the new 00127 object that has been modified according to above rules. 00128 00129 IsDirectoryObject - Specifies if the new object is itself a directory 00130 object. A value of TRUE indicates the object is a container of other 00131 objects. 00132 00133 SubjectContext - Supplies the security context of the subject creating the 00134 object. This is used to retrieve default security information for the 00135 new object, such as default owner, primary group, and discretionary 00136 access control. 00137 00138 GenericMapping - Supplies a pointer to an array of access mask values 00139 denoting the mapping between each generic right to non-generic rights. 00140 00141 PoolType - Specifies the pool type to use to when allocating a new 00142 security descriptor. 00143 00144 Return Value: 00145 00146 STATUS_SUCCESS - indicates the operation was successful. 00147 00148 STATUS_INVALID_OWNER - The owner SID provided as the owner of the 00149 target security descriptor is not one the caller is authorized 00150 to assign as the owner of an object. 00151 00152 STATUS_PRIVILEGE_NOT_HELD - The caller does not have the privilege 00153 necessary to explicitly assign the specified system ACL. 00154 SeSecurityPrivilege privilege is needed to explicitly assign 00155 system ACLs to objects. 00156 --*/ 00157 00158 { 00159 NTSTATUS Status; 00160 ULONG AutoInherit = 0; 00161 PAGED_CODE(); 00162 00163 #if DBG 00164 if ( ARGUMENT_PRESENT( ExplicitDescriptor) ) { 00165 SepDumpSecurityDescriptor( ExplicitDescriptor, 00166 "\nSeAssignSecurity: Input security descriptor = \n" 00167 ); 00168 } 00169 00170 if (ARGUMENT_PRESENT( ParentDescriptor )) { 00171 SepDumpSecurityDescriptor( ParentDescriptor, 00172 "\nSeAssignSecurity: Parent security descriptor = \n" 00173 ); 00174 } 00175 #endif // DBG 00176 00177 // 00178 // If the Parent SD was created via AutoInheritance, 00179 // and this object is being created with no explicit descriptor, 00180 // then we can safely create this object as AutoInherit. 00181 // 00182 00183 if ( ParentDescriptor != NULL ) { 00184 00185 if ( (ExplicitDescriptor == NULL || 00186 (((PISECURITY_DESCRIPTOR)ExplicitDescriptor)->Control & SE_DACL_PRESENT) == 0 ) && 00187 (((PISECURITY_DESCRIPTOR)ParentDescriptor)->Control & SE_DACL_AUTO_INHERITED) != 0 ) { 00188 AutoInherit |= SEF_DACL_AUTO_INHERIT; 00189 } 00190 00191 if ( (ExplicitDescriptor == NULL || 00192 (((PISECURITY_DESCRIPTOR)ExplicitDescriptor)->Control & SE_SACL_PRESENT) == 0 ) && 00193 (((PISECURITY_DESCRIPTOR)ParentDescriptor)->Control & SE_SACL_AUTO_INHERITED) != 0 ) { 00194 AutoInherit |= SEF_SACL_AUTO_INHERIT; 00195 } 00196 00197 } 00198 00199 00200 Status = RtlpNewSecurityObject ( 00201 ParentDescriptor OPTIONAL, 00202 ExplicitDescriptor OPTIONAL, 00203 NewDescriptor, 00204 NULL, // No object type 00205 IsDirectoryObject, 00206 AutoInherit, 00207 (HANDLE) SubjectContext, 00208 GenericMapping ); 00209 00210 #if DBG 00211 if ( NT_SUCCESS(Status)) { 00212 SepDumpSecurityDescriptor( *NewDescriptor, 00213 "SeAssignSecurity: Final security descriptor = \n" 00214 ); 00215 } 00216 #endif 00217 00218 return Status; 00219 00220 00221 // RtlpNewSecurityObject always uses PagedPool. 00222 UNREFERENCED_PARAMETER( PagedPool ); 00223 00224 }

NTKERNELAPI NTSTATUS SeAssignSecurityEx ( IN PSECURITY_DESCRIPTOR ParentDescriptor OPTIONAL,

IN PSECURITY_DESCRIPTOR ExplicitDescriptor OPTIONAL,

OUT PSECURITY_DESCRIPTOR * NewDescriptor,

IN GUID *ObjectType OPTIONAL,

IN BOOLEAN IsDirectoryObject,

IN ULONG AutoInheritFlags,

IN PSECURITY_SUBJECT_CONTEXT SubjectContext,

IN PGENERIC_MAPPING GenericMapping,

IN POOL_TYPE PoolType

)

Definition at line 228 of file seassign.c.
References NT_SUCCESS, NTSTATUS(), PAGED_CODE, PagedPool, RtlpNewSecurityObject(), SepDumpSecurityDescriptor(), and Status.

00242 : 00243 00244 This routine assumes privilege checking HAS NOT yet been performed 00245 and so will be performed by this routine. 00246 00247 This procedure is used to build a security descriptor for a new object 00248 given the security descriptor of its parent directory and any originally 00249 requested security for the object. The final security descriptor 00250 returned to the caller may contain a mix of information, some explicitly 00251 provided other from the new object's parent. 00252 00253 00254 See RtlpNewSecurityObject for a descriptor of how the NewDescriptor is 00255 built. 00256 00257 00258 Arguments: 00259 00260 ParentDescriptor - Optionally supplies the security descriptor of the 00261 parent directory under which this new object is being created. 00262 00263 ExplicitDescriptor - Supplies the address of a pointer to the security 00264 descriptor as specified by the user that is to be applied to 00265 the new object. 00266 00267 NewDescriptor - Returns the actual security descriptor for the new 00268 object that has been modified according to above rules. 00269 00270 ObjectType - GUID of the object type being created. If the object being 00271 created has no GUID associated with it, then this argument is 00272 specified as NULL. 00273 00274 IsDirectoryObject - Specifies if the new object is itself a directory 00275 object. A value of TRUE indicates the object is a container of other 00276 objects. 00277 00278 AutoInheritFlags - Controls automatic inheritance of ACES from the Parent 00279 Descriptor. Valid values are a bits mask of the logical OR of 00280 one or more of the following bits: 00281 00282 SEF_DACL_AUTO_INHERIT - If set, inherit ACEs from the 00283 DACL ParentDescriptor are inherited to NewDescriptor in addition 00284 to any explicit ACEs specified by the CreatorDescriptor. 00285 00286 SEF_SACL_AUTO_INHERIT - If set, inherit ACEs from the 00287 SACL ParentDescriptor are inherited to NewDescriptor in addition 00288 to any explicit ACEs specified by the CreatorDescriptor. 00289 00290 SEF_DEFAULT_DESCRIPTOR_FOR_OBJECT - If set, the CreatorDescriptor 00291 is the default descriptor for ObjectType. As such, the 00292 CreatorDescriptor will be ignored if any ObjectType specific 00293 ACEs are inherited from the parent. If no such ACEs are inherited, 00294 the CreatorDescriptor is handled as though this flag were not 00295 specified. 00296 00297 SEF_AVOID_PRIVILEGE_CHECK - If set, no privilege checking is done by this 00298 routine. This flag is useful while implementing automatic inheritance 00299 to avoid checking privileges on each child updated. 00300 00301 SubjectContext - Supplies the security context of the subject creating the 00302 object. This is used to retrieve default security information for the 00303 new object, such as default owner, primary group, and discretionary 00304 access control. 00305 00306 GenericMapping - Supplies a pointer to an array of access mask values 00307 denoting the mapping between each generic right to non-generic rights. 00308 00309 PoolType - Specifies the pool type to use to when allocating a new 00310 security descriptor. 00311 00312 Return Value: 00313 00314 STATUS_SUCCESS - indicates the operation was successful. 00315 00316 STATUS_INVALID_OWNER - The owner SID provided as the owner of the 00317 target security descriptor is not one the caller is authorized 00318 to assign as the owner of an object. 00319 00320 STATUS_PRIVILEGE_NOT_HELD - The caller does not have the privilege 00321 necessary to explicitly assign the specified system ACL. 00322 SeSecurityPrivilege privilege is needed to explicitly assign 00323 system ACLs to objects. 00324 --*/ 00325 00326 { 00327 NTSTATUS Status; 00328 PAGED_CODE(); 00329 00330 #if DBG 00331 if ( ARGUMENT_PRESENT( ExplicitDescriptor) ) { 00332 SepDumpSecurityDescriptor( ExplicitDescriptor, 00333 "\nSeAssignSecurityEx: Input security descriptor = \n" 00334 ); 00335 } 00336 00337 if (ARGUMENT_PRESENT( ParentDescriptor )) { 00338 SepDumpSecurityDescriptor( ParentDescriptor, 00339 "\nSeAssignSecurityEx: Parent security descriptor = \n" 00340 ); 00341 } 00342 #endif // DBG 00343 00344 00345 Status = RtlpNewSecurityObject ( 00346 ParentDescriptor OPTIONAL, 00347 ExplicitDescriptor OPTIONAL, 00348 NewDescriptor, 00349 ObjectType, 00350 IsDirectoryObject, 00351 AutoInheritFlags, 00352 (HANDLE) SubjectContext, 00353 GenericMapping ); 00354 00355 #if DBG 00356 if ( NT_SUCCESS(Status)) { 00357 SepDumpSecurityDescriptor( *NewDescriptor, 00358 "SeAssignSecurityEx: Final security descriptor = \n" 00359 ); 00360 } 00361 #endif 00362 00363 return Status; 00364 00365 00366 // RtlpNewSecurityObject always uses PagedPool. 00367 UNREFERENCED_PARAMETER( PagedPool ); 00368 00369 }

NTSTATUS SeAssignWorldSecurityDescriptor ( IN PSECURITY_DESCRIPTOR SecurityDescriptor,

IN OUT PULONG Length,

IN PSECURITY_INFORMATION SecurityInformation

)

Definition at line 529 of file seassign.c.
References NT_SUCCESS, NTSTATUS(), PAGED_CODE, RtlCreateSecurityDescriptorRelative(), SeLengthSid, SeWorldSid, and Status.
Referenced by IopGetSetSecurityObject().

00537 : 00538 00539 This routine is called by the I/O system to properly initialize a 00540 security descriptor for a FAT file. It will take a pointer to a 00541 buffer containing an emptry security descriptor, and create in the 00542 buffer a self-relative security descriptor with 00543 00544 Owner = WorldSid, 00545 00546 Group = WorldSid. 00547 00548 Thus, a FAT file is accessable to all. 00549 00550 Arguments: 00551 00552 SecurityDescriptor - Supplies a pointer to a buffer in which will be 00553 created a self-relative security descriptor as described above. 00554 00555 Length - The length in bytes of the buffer. If the length is too 00556 small, it will contain the minimum size required upon exit. 00557 00558 00559 Return Value: 00560 00561 STATUS_BUFFER_TOO_SMALL - The buffer was not big enough to contain 00562 the requested information. 00563 00564 00565 --*/ 00566 00567 { 00568 00569 PCHAR Field; 00570 PCHAR Base; 00571 ULONG WorldSidLength; 00572 PISECURITY_DESCRIPTOR_RELATIVE ISecurityDescriptor; 00573 ULONG MinSize; 00574 NTSTATUS Status; 00575 00576 PAGED_CODE(); 00577 00578 if ( !ARGUMENT_PRESENT( SecurityInformation )) { 00579 00580 return( STATUS_ACCESS_DENIED ); 00581 } 00582 00583 WorldSidLength = SeLengthSid( SeWorldSid ); 00584 00585 MinSize = sizeof( SECURITY_DESCRIPTOR_RELATIVE ) + 2 * WorldSidLength; 00586 00587 if ( *Length < MinSize ) { 00588 00589 *Length = MinSize; 00590 return( STATUS_BUFFER_TOO_SMALL ); 00591 } 00592 00593 *Length = MinSize; 00594 00595 ISecurityDescriptor = (SECURITY_DESCRIPTOR_RELATIVE *)SecurityDescriptor; 00596 00597 Status = RtlCreateSecurityDescriptorRelative( ISecurityDescriptor, 00598 SECURITY_DESCRIPTOR_REVISION ); 00599 00600 if (!NT_SUCCESS( Status )) { 00601 return( Status ); 00602 } 00603 00604 Base = (PCHAR)(ISecurityDescriptor); 00605 Field = Base + sizeof(SECURITY_DESCRIPTOR_RELATIVE); 00606 00607 if ( *SecurityInformation & OWNER_SECURITY_INFORMATION ) { 00608 00609 RtlCopyMemory( Field, SeWorldSid, WorldSidLength ); 00610 ISecurityDescriptor->Owner = RtlPointerToOffset(Base,Field); 00611 Field += WorldSidLength; 00612 } 00613 00614 if ( *SecurityInformation & GROUP_SECURITY_INFORMATION ) { 00615 00616 RtlCopyMemory( Field, SeWorldSid, WorldSidLength ); 00617 ISecurityDescriptor->Group = RtlPointerToOffset(Base,Field); 00618 } 00619 00620 if ( *SecurityInformation & DACL_SECURITY_INFORMATION ) { 00621 RtlpSetControlBits( ISecurityDescriptor, SE_DACL_PRESENT ); 00622 } 00623 00624 if ( *SecurityInformation & SACL_SECURITY_INFORMATION ) { 00625 RtlpSetControlBits( ISecurityDescriptor, SE_SACL_PRESENT ); 00626 } 00627 00628 RtlpSetControlBits( ISecurityDescriptor, SE_SELF_RELATIVE ); 00629 00630 return( STATUS_SUCCESS ); 00631 00632 }

VOID SeAuditHandleCreation ( IN PACCESS_STATE AccessState,

IN HANDLE Handle

)

Definition at line 3736 of file seaudit.c.
References FALSE, Handle, NULL, PAGED_CODE, _AUX_ACCESS_DATA::PrivilegesUsed, PsGetCurrentProcessId(), PTOKEN, SepAdtOpenObjectAuditAlarm(), SepAdtPrivilegeObjectAuditAlarm(), SeSubsystemName, and TRUE.
Referenced by NtDuplicateObject(), and ObpCreateHandle().

03743 : 03744 03745 This function audits the creation of a handle. 03746 03747 It will examine the AuditHandleCreation field in the passed AccessState, 03748 which will indicate whether auditing was performed when the object 03749 was found or created. 03750 03751 This routine is necessary because object name decoding and handle 03752 allocation occur in widely separate places, preventing us from 03753 auditing everything at once. 03754 03755 Arguments: 03756 03757 AccessState - Supplies a pointer to the AccessState structure 03758 representing this access attempt. 03759 03760 Handle - The newly allocated handle value. 03761 03762 Return Value: 03763 03764 None. 03765 03766 --*/ 03767 03768 { 03769 BOOLEAN AuditPerformed = FALSE; 03770 PAUX_ACCESS_DATA AuxData; 03771 03772 PAGED_CODE(); 03773 03774 AuxData = (PAUX_ACCESS_DATA)AccessState->AuxData; 03775 03776 if ( AccessState->GenerateAudit ) { 03777 03778 if ( AccessState->AuditPrivileges ) { 03779 03780 AuditPerformed = SepAdtPrivilegeObjectAuditAlarm ( 03781 &SeSubsystemName, 03782 Handle, 03783 (PTOKEN)AccessState->SubjectSecurityContext.ClientToken, 03784 (PTOKEN)AccessState->SubjectSecurityContext.PrimaryToken, 03785 &AccessState->SubjectSecurityContext.ProcessAuditId, 03786 AccessState->PreviouslyGrantedAccess, 03787 AuxData->PrivilegesUsed, 03788 TRUE 03789 ); 03790 } else { 03791 03792 AuditPerformed = SepAdtOpenObjectAuditAlarm ( &SeSubsystemName, 03793 &Handle, 03794 &AccessState->ObjectTypeName, 03795 NULL, 03796 &AccessState->ObjectName, 03797 AccessState->SubjectSecurityContext.ClientToken, 03798 AccessState->SubjectSecurityContext.PrimaryToken, 03799 AccessState->OriginalDesiredAccess, 03800 AccessState->PreviouslyGrantedAccess, 03801 &AccessState->OperationID, 03802 AuxData->PrivilegesUsed, 03803 FALSE, 03804 TRUE, 03805 TRUE, 03806 FALSE, 03807 PsGetCurrentProcessId(), 03808 AuditCategoryObjectAccess, 03809 NULL, 03810 0, 03811 NULL ); 03812 } 03813 } 03814 03815 // 03816 // If we generated an 'open' audit, make sure we generate a close 03817 // 03818 03819 AccessState->GenerateOnClose = AuditPerformed; 03820 03821 return; 03822 }

VOID SeAuditHandleDuplication ( PVOID SourceHandle,

PVOID NewHandle,

PEPROCESS SourceProcess,

PEPROCESS TargetProcess

)

Definition at line 2573 of file sepaudit.c.
References ASSERT, EffectiveToken, PAGED_CODE, PsProcessAuditId, SeCaptureSubjectContext(), SepAdtLogAuditRecord(), SepSetParmTypeSid, SepSetParmTypeString, SepSetParmTypeUlong, SepTokenUserSid, SeReleaseSubjectContext(), and SeSubsystemName.
Referenced by NtDuplicateObject(), and ObAuditInheritedHandleProcedure().

02582 : 02583 02584 This routine generates a handle duplication audit. It is up to the caller 02585 to determine if this routine should be called or not. 02586 02587 Arguments: 02588 02589 SourceHandle - Original handle 02590 02591 NewHandle - New handle 02592 02593 SourceProcess - Process containing SourceHandle 02594 02595 TargetProcess - Process containing NewHandle 02596 02597 Return Value: 02598 02599 None. 02600 02601 --*/ 02602 02603 { 02604 SE_ADT_PARAMETER_ARRAY AuditParameters; 02605 SECURITY_SUBJECT_CONTEXT SubjectSecurityContext; 02606 PSID UserSid; 02607 02608 PAGED_CODE(); 02609 02610 SeCaptureSubjectContext( &SubjectSecurityContext ); 02611 02612 UserSid = SepTokenUserSid( EffectiveToken( &SubjectSecurityContext )); 02613 02614 RtlZeroMemory ( 02615 (PVOID) &AuditParameters, 02616 sizeof( AuditParameters ) 02617 ); 02618 02619 02620 ASSERT( SeAdtParmTypeNone == 0 ); 02621 02622 AuditParameters.CategoryId = SE_CATEGID_DETAILED_TRACKING; 02623 AuditParameters.AuditId = SE_AUDITID_DUPLICATE_HANDLE; 02624 AuditParameters.ParameterCount = 0; 02625 AuditParameters.Type = EVENTLOG_AUDIT_SUCCESS; 02626 02627 SepSetParmTypeSid( AuditParameters, AuditParameters.ParameterCount, UserSid ); 02628 AuditParameters.ParameterCount++; 02629 02630 SepSetParmTypeString( AuditParameters, AuditParameters.ParameterCount, &SeSubsystemName ); 02631 AuditParameters.ParameterCount++; 02632 02633 SepSetParmTypeUlong( AuditParameters, AuditParameters.ParameterCount, (ULONG)((ULONG_PTR)SourceHandle) ); 02634 AuditParameters.ParameterCount++; 02635 02636 SepSetParmTypeUlong( AuditParameters, AuditParameters.ParameterCount, (ULONG)((ULONG_PTR)PsProcessAuditId( SourceProcess ))); 02637 AuditParameters.ParameterCount++; 02638 02639 SepSetParmTypeUlong( AuditParameters, AuditParameters.ParameterCount, (ULONG)((ULONG_PTR)NewHandle) ); 02640 AuditParameters.ParameterCount++; 02641 02642 SepSetParmTypeUlong( AuditParameters, AuditParameters.ParameterCount, (ULONG)((ULONG_PTR)PsProcessAuditId( TargetProcess ))); 02643 AuditParameters.ParameterCount++; 02644 02645 02646 SepAdtLogAuditRecord( &AuditParameters ); 02647 02648 SeReleaseSubjectContext( &SubjectSecurityContext ); 02649 }

NTKERNELAPI BOOLEAN SeAuditingFileEvents ( IN BOOLEAN AccessGranted,

IN PSECURITY_DESCRIPTOR SecurityDescriptor

)

Definition at line 4693 of file seaudit.c.
References PAGED_CODE, and SepAdtAuditThisEvent.

04700 : 04701 04702 This routine is to be called by a file system to quickly determine 04703 if we are auditing file open events. This allows the file system 04704 to avoid the often considerable setup involved in generating an audit. 04705 04706 Arguments: 04707 04708 AccessGranted - Supplies whether the access attempt was successful 04709 or a failure. 04710 04711 Return Value: 04712 04713 Boolean - TRUE if events of type AccessGranted are being audited, FALSE 04714 otherwise. 04715 04716 --*/ 04717 04718 { 04719 PAGED_CODE(); 04720 04721 UNREFERENCED_PARAMETER( SecurityDescriptor ); 04722 04723 return( SepAdtAuditThisEvent( AuditCategoryObjectAccess, &AccessGranted ) ); 04724 }

NTKERNELAPI BOOLEAN SeAuditingFileOrGlobalEvents ( IN BOOLEAN AccessGranted,

IN PSECURITY_DESCRIPTOR SecurityDescriptor,

IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext

)

Definition at line 4648 of file seaudit.c.
References EffectiveToken, FALSE, NULL, PAGED_CODE, PTOKEN, SepAdtAuditThisEvent, and TRUE.

04656 : 04657 04658 This routine is to be called by a file system to quickly determine 04659 if we are auditing file open events. This allows the file system 04660 to avoid the often considerable setup involved in generating an audit. 04661 04662 Arguments: 04663 04664 AccessGranted - Supplies whether the access attempt was successful 04665 or a failure. 04666 04667 Return Value: 04668 04669 Boolean - TRUE if events of type AccessGranted are being audited, FALSE 04670 otherwise. 04671 04672 --*/ 04673 04674 { 04675 PISECURITY_DESCRIPTOR ISecurityDescriptor = (PISECURITY_DESCRIPTOR) SecurityDescriptor; 04676 04677 PAGED_CODE(); 04678 04679 if ( ((PTOKEN)EffectiveToken( SubjectSecurityContext ))->AuditData != NULL) { 04680 return( TRUE ); 04681 } 04682 04683 if ( RtlpSaclAddrSecurityDescriptor( ISecurityDescriptor ) == NULL ) { 04684 04685 return( FALSE ); 04686 } 04687 04688 return( SepAdtAuditThisEvent( AuditCategoryObjectAccess, &AccessGranted ) ); 04689 }

VOID SeAuditProcessCreation ( PEPROCESS Process,

PEPROCESS Parent,

PUNICODE_STRING ImageFileName

)

Definition at line 2466 of file sepaudit.c.
References ASSERT, NTSTATUS(), NULL, PAGED_CODE, _SECURITY_SUBJECT_CONTEXT::PrimaryToken, SeCaptureSubjectContext(), SepAdtLogAuditRecord(), SepSetParmTypeLogonId, SepSetParmTypeSid, SepSetParmTypeString, SepSetParmTypeUlong, SepTokenAuthenticationId, SepTokenUserSid, SeReleaseSubjectContext(), SeSubsystemName, and Status.
Referenced by PspCreateProcess().

02473 : 02474 02475 Audits the creation of a process. It is the caller's responsibility 02476 to determine if process auditing is in progress. 02477 02478 02479 Arguments: 02480 02481 Process - Points to the new process object. 02482 02483 Parent - Points to the creator (parent) process object. 02484 02485 ImageFileName - the name of the image 02486 02487 Return Value: 02488 02489 None. 02490 02491 --*/ 02492 02493 { 02494 ANSI_STRING Ansi; 02495 LUID UserAuthenticationId; 02496 NTSTATUS Status; 02497 PSID UserSid; 02498 SECURITY_SUBJECT_CONTEXT SubjectSecurityContext; 02499 SE_ADT_PARAMETER_ARRAY AuditParameters; 02500 02501 PAGED_CODE(); 02502 02503 if ( ImageFileName == NULL ) 02504 { 02505 return ; 02506 } 02507 02508 // 02509 // NtCreateProcess with no section will cause this to be NULL 02510 // fork() for posix will do this, or someone calling NtCreateProcess 02511 // directly. 02512 // 02513 02514 if ( ImageFileName->Buffer == NULL ) 02515 { 02516 return; 02517 } 02518 02519 SeCaptureSubjectContext( &SubjectSecurityContext ); 02520 02521 RtlZeroMemory ( 02522 (PVOID) &AuditParameters, 02523 sizeof( AuditParameters ) 02524 ); 02525 02526 ASSERT( SeAdtParmTypeNone == 0 ); 02527 02528 AuditParameters.CategoryId = SE_CATEGID_DETAILED_TRACKING; 02529 AuditParameters.AuditId = SE_AUDITID_PROCESS_CREATED; 02530 AuditParameters.ParameterCount = 0; 02531 AuditParameters.Type = EVENTLOG_AUDIT_SUCCESS; 02532 02533 // 02534 // Use the primary token here, because that's what's going to show up 02535 // when the created process exits. 02536 // 02537 02538 UserSid = SepTokenUserSid( SubjectSecurityContext.PrimaryToken ); 02539 02540 UserAuthenticationId = SepTokenAuthenticationId( SubjectSecurityContext.PrimaryToken ); 02541 02542 // 02543 // Fill in the AuditParameters structure. 02544 // 02545 02546 SepSetParmTypeSid( AuditParameters, AuditParameters.ParameterCount, UserSid ); 02547 AuditParameters.ParameterCount++; 02548 02549 SepSetParmTypeString( AuditParameters, AuditParameters.ParameterCount, &SeSubsystemName ); 02550 AuditParameters.ParameterCount++; 02551 02552 SepSetParmTypeUlong( AuditParameters, AuditParameters.ParameterCount, (ULONG)((ULONG_PTR)Process) ); 02553 AuditParameters.ParameterCount++; 02554 02555 SepSetParmTypeString( AuditParameters, AuditParameters.ParameterCount, ImageFileName ); 02556 AuditParameters.ParameterCount++; 02557 02558 SepSetParmTypeUlong( AuditParameters, AuditParameters.ParameterCount, (ULONG)((ULONG_PTR)Parent) ); 02559 AuditParameters.ParameterCount++; 02560 02561 SepSetParmTypeLogonId( AuditParameters, AuditParameters.ParameterCount, UserAuthenticationId ); 02562 AuditParameters.ParameterCount++; 02563 02564 SepAdtLogAuditRecord( &AuditParameters ); 02565 02566 SeReleaseSubjectContext( &SubjectSecurityContext ); 02567 02568 return; 02569 }

VOID SeAuditProcessExit ( PEPROCESS Process )

Definition at line 2653 of file sepaudit.c.
References ASSERT, PAGED_CODE, PsProcessAuditId, PTOKEN, SepAdtLogAuditRecord(), SepSetParmTypeLogonId, SepSetParmTypeSid, SepSetParmTypeString, SepSetParmTypeUlong, SepTokenAuthenticationId, SepTokenUserSid, SeSubsystemName, Token, and _EPROCESS::Token.
Referenced by PspProcessDelete().

02658 : 02659 02660 Audits the exit of a process. The caller is responsible for 02661 determining if this should be called. 02662 02663 Arguments: 02664 02665 Process - Pointer to the process object that is exiting. 02666 02667 Return Value: 02668 02669 None. 02670 02671 --*/ 02672 02673 { 02674 PTOKEN Token; 02675 SE_ADT_PARAMETER_ARRAY AuditParameters; 02676 PSID UserSid; 02677 LUID LogonId; 02678 02679 PAGED_CODE(); 02680 02681 Token = (PTOKEN)Process->Token; 02682 02683 UserSid = SepTokenUserSid( Token ); 02684 LogonId = SepTokenAuthenticationId( Token ); 02685 02686 RtlZeroMemory ( 02687 (PVOID) &AuditParameters, 02688 sizeof( AuditParameters ) 02689 ); 02690 02691 02692 ASSERT( SeAdtParmTypeNone == 0 ); 02693 02694 AuditParameters.CategoryId = SE_CATEGID_DETAILED_TRACKING; 02695 AuditParameters.AuditId = SE_AUDITID_PROCESS_EXIT; 02696 AuditParameters.ParameterCount = 0; 02697 AuditParameters.Type = EVENTLOG_AUDIT_SUCCESS; 02698 02699 SepSetParmTypeSid( AuditParameters, AuditParameters.ParameterCount, UserSid ); 02700 AuditParameters.ParameterCount++; 02701 02702 SepSetParmTypeString( AuditParameters, AuditParameters.ParameterCount, &SeSubsystemName ); 02703 AuditParameters.ParameterCount++; 02704 02705 SepSetParmTypeUlong( AuditParameters, AuditParameters.ParameterCount, (ULONG)((ULONG_PTR)PsProcessAuditId( Process ))); 02706 AuditParameters.ParameterCount++; 02707 02708 SepSetParmTypeLogonId( AuditParameters, AuditParameters.ParameterCount, LogonId ); 02709 AuditParameters.ParameterCount++; 02710 02711 SepAdtLogAuditRecord( &AuditParameters ); 02712 }

NTSTATUS SeCaptureAcl ( IN PACL InputAcl,

IN KPROCESSOR_MODE RequestorMode,

IN PVOID CaptureBuffer OPTIONAL,

IN ULONG CaptureBufferLength,

IN POOL_TYPE PoolType,

IN BOOLEAN ForceCapture,

OUT PACL * CapturedAcl,

OUT PULONG AlignedAclSize

)

Definition at line 1370 of file se/capture.c.
References ExAllocatePoolWithTag, EXCEPTION_EXECUTE_HANDLER, ExFreePool(), FALSE, KernelMode, NULL, PAGED_CODE, ProbeAndReadUshort, ProbeForRead, and SepCheckAcl().
Referenced by NtCreateToken(), and NtSetInformationToken().

01383 : 01384 01385 This routine probes and captures a copy of the specified ACL. 01386 The ACL is either captured into a provided buffer, or pool 01387 allocated to receive the ACL. 01388 01389 Any ACL captured will have its structure validated. 01390 01391 01392 if the requestor mode is not kernel mode then 01393 01394 probe and capture the input ACL 01395 01396 if the requstor mode is kernel mode then 01397 01398 if force capture is true then 01399 01400 do not probe the input ACL, but do capture it 01401 01402 else 01403 01404 return address of original, but don't copy 01405 01406 Arguments: 01407 01408 InputAcl - Supplies the ACL to capture. This parameter is assumed 01409 to have been provided by the mode specified in RequestorMode. 01410 01411 RequestorMode - Specifies the caller's access mode. 01412 01413 CaptureBuffer - Specifies a buffer into which the ACL is to be 01414 captured. If this parameter is not provided, pool will be allocated 01415 to hold the captured data. 01416 01417 CaptureBufferLength - Indicates the length, in bytes, of the capture 01418 buffer. 01419 01420 PoolType - Specifies which pool type to allocate to capture the 01421 ACL into. This parameter is ignored if CaptureBuffer is provided. 01422 01423 ForceCapture - Specifies whether the ACL should be captured even if 01424 requestor mode is kernel. 01425 01426 CapturedAcl - Supplies the address of a pointer to an ACL. 01427 The pointer will be set to point to the captured (or uncaptured) ACL. 01428 01429 AlignedAclSize - Supplies the address of a ULONG to receive the length 01430 of the ACL rounded up to the next longword boundary. 01431 01432 Return Value: 01433 01434 STATUS_SUCCESS indicates the capture was successful. 01435 01436 STATUS_BUFFER_TOO_SMALL - indicates the buffer provided to capture the ACL 01437 into wasn't large enough to hold the ACL. 01438 01439 Any access violations encountered will be returned. 01440 01441 --*/ 01442 01443 { 01444 01445 ULONG AclSize; 01446 01447 PAGED_CODE(); 01448 01449 // 01450 // check if the requestors mode is kernel mode and we are not 01451 // to force a capture. 01452 // 01453 01454 if ((RequestorMode == KernelMode) && (ForceCapture == FALSE)) { 01455 01456 // 01457 // We don't need to do any work and can simply 01458 // return a pointer to the input ACL 01459 // 01460 01461 (*CapturedAcl) = InputAcl; 01462 01463 return STATUS_SUCCESS; 01464 } 01465 01466 01467 // 01468 // Get the length needed to hold the ACL 01469 // 01470 01471 if (RequestorMode != KernelMode) { 01472 01473 try { 01474 01475 AclSize = ProbeAndReadUshort( &(InputAcl->AclSize) ); 01476 01477 ProbeForRead( InputAcl, 01478 AclSize, 01479 sizeof(ULONG) ); 01480 01481 } except(EXCEPTION_EXECUTE_HANDLER) { 01482 return GetExceptionCode(); 01483 } 01484 01485 } else { 01486 01487 AclSize = InputAcl->AclSize; 01488 01489 } 01490 01491 // 01492 // If the passed pointer is non-null, it has better at least 01493 // point to a well formed ACL 01494 // 01495 01496 if (AclSize < sizeof(ACL)) { 01497 return( STATUS_INVALID_ACL ); 01498 } 01499 01500 (*AlignedAclSize) = (ULONG)LongAlignSize( AclSize ); 01501 01502 01503 // 01504 // If a buffer was provided, compare lengths. 01505 // Otherwise, allocate a buffer. 01506 // 01507 01508 if (ARGUMENT_PRESENT(CaptureBuffer)) { 01509 01510 if (AclSize > CaptureBufferLength) { 01511 return STATUS_BUFFER_TOO_SMALL; 01512 } else { 01513 01514 (*CapturedAcl) = CaptureBuffer; 01515 } 01516 01517 } else { 01518 01519 (*CapturedAcl) = (PACL)ExAllocatePoolWithTag(PoolType, AclSize, 'cAeS'); 01520 01521 if ( *CapturedAcl == NULL ) { 01522 return( STATUS_INSUFFICIENT_RESOURCES ); 01523 } 01524 01525 } 01526 01527 // 01528 // Now copy the ACL and validate it 01529 // 01530 01531 try { 01532 01533 RtlMoveMemory( (*CapturedAcl), InputAcl, AclSize ); 01534 01535 } except(EXCEPTION_EXECUTE_HANDLER) { 01536 if (!ARGUMENT_PRESENT(CaptureBuffer)) { 01537 ExFreePool( (*CapturedAcl) ); 01538 } 01539 01540 *CapturedAcl = NULL; 01541 return GetExceptionCode(); 01542 } 01543 01544 if ( (!SepCheckAcl( (*CapturedAcl), AclSize )) ) { 01545 01546 if (!ARGUMENT_PRESENT(CaptureBuffer)) { 01547 ExFreePool( (*CapturedAcl) ); 01548 } 01549 01550 *CapturedAcl = NULL; 01551 return STATUS_INVALID_ACL; 01552 } 01553 01554 return STATUS_SUCCESS; 01555 01556 }

NTSTATUS SeCaptureLuidAndAttributesArray ( IN PLUID_AND_ATTRIBUTES InputArray,

IN ULONG ArrayCount,

IN KPROCESSOR_MODE RequestorMode,

IN PVOID CaptureBuffer OPTIONAL,

IN ULONG CaptureBufferLength,

IN POOL_TYPE PoolType,

IN BOOLEAN ForceCapture,

OUT PLUID_AND_ATTRIBUTES * CapturedArray,

OUT PULONG AlignedArraySize

)

Definition at line 1608 of file se/capture.c.
References ExAllocatePoolWithTag, EXCEPTION_EXECUTE_HANDLER, ExFreePool(), FALSE, InputArray, KernelMode, NULL, PAGED_CODE, ProbeForRead, and SEP_MAX_PRIVILEGE_COUNT.
Referenced by NtAdjustPrivilegesToken(), NtCreateToken(), NtFilterToken(), NtPrivilegeCheck(), and PspCaptureTokenFilter().

01622 : 01623 01624 This routine probes and captures a copy of the specified 01625 LUID_AND_ATTRIBUTES array. 01626 01627 The array is either captured into a provided buffer, or pool 01628 allocated to receive the array. 01629 01630 01631 if the requestor mode is not kernel mode then 01632 01633 probe and capture the input array 01634 01635 if the requstor mode is kernel mode then 01636 01637 if force capture is true then 01638 01639 do not probe the input array, but do capture it 01640 01641 else 01642 01643 return address of original, but don't copy 01644 01645 Arguments: 01646 01647 InputArray - Supplies the array to capture. This parameter is assumed 01648 to have been provided by the mode specified in RequestorMode. 01649 01650 ArrayCount - Indicates the number of elements in the array to capture. 01651 01652 RequestorMode - Specifies the caller's access mode. 01653 01654 CaptureBuffer - Specifies a buffer into which the array is to be 01655 captured. If this parameter is not provided, pool will be allocated 01656 to hold the captured data. 01657 01658 CaptureBufferLength - Indicates the length, in bytes, of the capture 01659 buffer. 01660 01661 PoolType - Specifies which pool type to allocate to capture the 01662 array into. This parameter is ignored if CaptureBuffer is provided. 01663 01664 ForceCapture - Specifies whether the array should be captured even if 01665 requestor mode is kernel. 01666 01667 CapturedArray - Supplies the address of a pointer to an array. 01668 The pointer will be set to point to the captured (or uncaptured) array. 01669 01670 AlignedArraySize - Supplies the address of a ULONG to receive the length 01671 of the array rounded up to the next longword boundary. 01672 01673 Return Value: 01674 01675 STATUS_SUCCESS indicates the capture was successful. 01676 01677 STATUS_BUFFER_TOO_SMALL - indicates the buffer provided to capture the array 01678 into wasn't large enough to hold the array. 01679 01680 Any access violations encountered will be returned. 01681 01682 --*/ 01683 01684 { 01685 01686 ULONG ArraySize; 01687 01688 PAGED_CODE(); 01689 01690 // 01691 // Make sure the array isn't empty 01692 // 01693 01694 if (ArrayCount == 0) { 01695 (*CapturedArray) = NULL; 01696 (*AlignedArraySize) = 0; 01697 return STATUS_SUCCESS; 01698 } 01699 01700 // 01701 // If there are too many LUIDs, return failure 01702 // 01703 01704 if (ArrayCount > SEP_MAX_PRIVILEGE_COUNT) { 01705 return(STATUS_INVALID_PARAMETER); 01706 } 01707 01708 // 01709 // check if the requestors mode is kernel mode and we are not 01710 // to force a capture. 01711 // 01712 01713 if ((RequestorMode == KernelMode) && (ForceCapture == FALSE)) { 01714 01715 // 01716 // We don't need to do any work and can simply 01717 // return a pointer to the input array 01718 // 01719 01720 (*CapturedArray) = InputArray; 01721 01722 return STATUS_SUCCESS; 01723 } 01724 01725 01726 // 01727 // Get the length needed to hold the array 01728 // 01729 01730 ArraySize = ArrayCount * (ULONG)sizeof(LUID_AND_ATTRIBUTES); 01731 (*AlignedArraySize) = (ULONG)LongAlignSize( ArraySize ); 01732 01733 if (RequestorMode != KernelMode) { 01734 01735 try { 01736 01737 01738 ProbeForRead( InputArray, 01739 ArraySize, 01740 sizeof(ULONG) ); 01741 01742 } except(EXCEPTION_EXECUTE_HANDLER) { 01743 return GetExceptionCode(); 01744 } 01745 01746 } 01747 01748 01749 01750 // 01751 // If a buffer was provided, compare lengths. 01752 // Otherwise, allocate a buffer. 01753 // 01754 01755 if (ARGUMENT_PRESENT(CaptureBuffer)) { 01756 01757 if (ArraySize > CaptureBufferLength) { 01758 return STATUS_BUFFER_TOO_SMALL; 01759 } else { 01760 01761 (*CapturedArray) = CaptureBuffer; 01762 } 01763 01764 } else { 01765 01766 (*CapturedArray) = 01767 (PLUID_AND_ATTRIBUTES)ExAllocatePoolWithTag(PoolType, ArraySize, 'uLeS'); 01768 01769 if ( *CapturedArray == NULL ) { 01770 return( STATUS_INSUFFICIENT_RESOURCES ); 01771 } 01772 01773 } 01774 01775 // 01776 // Now copy the array 01777 // 01778 01779 try { 01780 01781 RtlMoveMemory( (*CapturedArray), InputArray, ArraySize ); 01782 01783 } except(EXCEPTION_EXECUTE_HANDLER) { 01784 if (!ARGUMENT_PRESENT(CaptureBuffer)) { 01785 ExFreePool( (*CapturedArray) ); 01786 } 01787 01788 return GetExceptionCode(); 01789 } 01790 01791 return STATUS_SUCCESS; 01792 01793 }

NTKERNELAPI NTSTATUS SeCaptureSecurityDescriptor ( IN PSECURITY_DESCRIPTOR InputSecurityDescriptor,

IN KPROCESSOR_MODE RequestorMode,

IN POOL_TYPE PoolType,

IN BOOLEAN ForceCapture,

OUT PSECURITY_DESCRIPTOR * OutputSecurityDescriptor

)

Definition at line 53 of file se/capture.c.
References ExAllocatePoolWithTag, EXCEPTION_EXECUTE_HANDLER, ExFreePool(), ExRaiseDatatypeMisalignment(), FALSE, KernelMode, NULL, PAGED_CODE, ProbeAndReadUchar, ProbeAndReadUshort, ProbeForRead, RtlLengthRequiredSid(), RtlValidSid(), SepCheckAcl(), Size, and USHORT.
Referenced by IopGetRegistrySecurityWithFallback(), IopSetSecurityObjectFromRegistry(), NtLoadKey2(), NtOpenObjectAuditAlarm(), NtSetSecurityObject(), NtUserCreateWindowStation(), ObpCaptureObjectCreateInformation(), SeAccessCheckByType(), SepAccessCheckAndAuditAlarm(), and TestCaptureSecurityDescriptor().

00063 : 00064 00065 This routine probes and captures a copy of the security descriptor based 00066 upon the following tests. 00067 00068 if the requestor mode is not kernel mode then 00069 00070 probe and capture the input descriptor 00071 (the captured descriptor is self-relative) 00072 00073 if the requstor mode is kernel mode then 00074 00075 if force capture is true then 00076 00077 do not probe the input descriptor, but do capture it. 00078 (the captured descriptor is self-relative) 00079 00080 else 00081 00082 do nothing 00083 (the input descriptor is expected to be self-relative) 00084 00085 Arguments: 00086 00087 InputSecurityDescriptor - Supplies the security descriptor to capture. 00088 This parameter is assumed to have been provided by the mode specified 00089 in RequestorMode. 00090 00091 RequestorMode - Specifies the caller's access mode. 00092 00093 PoolType - Specifies which pool type to allocate the captured 00094 descriptor from 00095 00096 ForceCapture - Specifies whether the input descriptor should always be 00097 captured 00098 00099 OutputSecurityDescriptor - Supplies the address of a pointer to the 00100 output security descriptor. The captured descriptor will be 00101 self-relative format. 00102 00103 Return Value: 00104 00105 STATUS_SUCCESS if the operation is successful. 00106 00107 STATUS_INVALID_SID - An SID within the security descriptor is not 00108 a valid SID. 00109 00110 STATUS_INVALID_ACL - An ACL within the security descriptor is not 00111 a valid ACL. 00112 00113 STATUS_UNKNOWN_REVISION - The revision level of the security descriptor 00114 is not one known to this revision of the capture routine. 00115 --*/ 00116 00117 { 00118 SECURITY_DESCRIPTOR Captured; 00119 SECURITY_DESCRIPTOR_RELATIVE *PIOutputSecurityDescriptor; 00120 PCHAR DescriptorOffset; 00121 00122 ULONG SaclSize; 00123 ULONG NewSaclSize; 00124 00125 ULONG DaclSize; 00126 ULONG NewDaclSize; 00127 00128 ULONG OwnerSubAuthorityCount; 00129 ULONG OwnerSize; 00130 ULONG NewOwnerSize; 00131 00132 ULONG GroupSubAuthorityCount; 00133 ULONG GroupSize; 00134 ULONG NewGroupSize; 00135 00136 ULONG Size; 00137 00138 PAGED_CODE(); 00139 00140 // 00141 // if the security descriptor is null then there is really nothing to 00142 // capture 00143 // 00144 00145 if (InputSecurityDescriptor == NULL) { 00146 00147 (*OutputSecurityDescriptor) = NULL; 00148 00149 return STATUS_SUCCESS; 00150 00151 } 00152 00153 // 00154 // check if the requestors mode is kernel mode and we are not 00155 // to force a capture 00156 // 00157 00158 if ((RequestorMode == KernelMode) && (ForceCapture == FALSE)) { 00159 00160 // 00161 // Yes it is so we don't need to do any work and can simply 00162 // return a pointer to the input descriptor 00163 // 00164 00165 (*OutputSecurityDescriptor) = InputSecurityDescriptor; 00166 00167 return STATUS_SUCCESS; 00168 00169 } 00170 00171 00172 // 00173 // We need to probe and capture the descriptor. 00174 // To do this we need to probe the main security descriptor record 00175 // first. 00176 // 00177 00178 if (RequestorMode != KernelMode) { 00179 00180 // 00181 // Capture of UserMode SecurityDescriptor. 00182 // 00183 00184 try { 00185 00186 // 00187 // Probe the main record of the input SecurityDescriptor 00188 // 00189 00190 ProbeForRead( InputSecurityDescriptor, 00191 sizeof(SECURITY_DESCRIPTOR_RELATIVE), 00192 sizeof(ULONG) ); 00193 00194 // 00195 // Capture the SecurityDescriptor main record. 00196 // 00197 00198 RtlCopyMemory( (&Captured), 00199 InputSecurityDescriptor, 00200 sizeof(SECURITY_DESCRIPTOR_RELATIVE) ); 00201 00202 // 00203 // Verify the alignment is correct for absolute case. This is 00204 // only needed when pointer are 64 bits. 00205 // 00206 00207 if (!(Captured.Control & SE_SELF_RELATIVE)) { 00208 00209 if ((ULONG_PTR) InputSecurityDescriptor & (sizeof(ULONG_PTR) - 1)) { 00210 ExRaiseDatatypeMisalignment(); 00211 } 00212 } 00213 00214 00215 } except(EXCEPTION_EXECUTE_HANDLER) { 00216 return GetExceptionCode(); 00217 } 00218 00219 } else { 00220 00221 // 00222 // Force capture of kernel mode SecurityDescriptor. 00223 // 00224 // Capture the SecurityDescriptor main record. 00225 // It doesn't need probing because requestor mode is kernel. 00226 // 00227 00228 RtlCopyMemory( (&Captured), 00229 InputSecurityDescriptor, 00230 sizeof(SECURITY_DESCRIPTOR_RELATIVE) ); 00231 00232 } 00233 00234 // 00235 // Make sure it is a revision we recognize 00236 // 00237 00238 if (Captured.Revision != SECURITY_DESCRIPTOR_REVISION) { 00239 return STATUS_UNKNOWN_REVISION; 00240 } 00241 00242 00243 // 00244 // In case the input security descriptor is self-relative, change the 00245 // captured main record to appear as an absolute form so we can use 00246 // common code for both cases below. 00247 // 00248 // Note that the fields of Captured are left pointing to user 00249 // space addresses. Treat them carefully. 00250 // 00251 00252 try { 00253 00254 Captured.Owner = RtlpOwnerAddrSecurityDescriptor( 00255 (SECURITY_DESCRIPTOR *)InputSecurityDescriptor 00256 ); 00257 Captured.Group = RtlpGroupAddrSecurityDescriptor( 00258 (SECURITY_DESCRIPTOR *)InputSecurityDescriptor 00259 ); 00260 Captured.Sacl = RtlpSaclAddrSecurityDescriptor ( 00261 (SECURITY_DESCRIPTOR *)InputSecurityDescriptor 00262 ); 00263 Captured.Dacl = RtlpDaclAddrSecurityDescriptor ( 00264 (SECURITY_DESCRIPTOR *)InputSecurityDescriptor 00265 ); 00266 Captured.Control &= ~SE_SELF_RELATIVE; 00267 00268 } except(EXCEPTION_EXECUTE_HANDLER) { 00269 return GetExceptionCode(); 00270 } 00271 00272 00273 00274 // 00275 // Indicate the size we are going to need to allocate for the captured 00276 // acls 00277 // 00278 00279 SaclSize = 0; 00280 DaclSize = 0; 00281 00282 NewSaclSize = 0; 00283 NewDaclSize = 0; 00284 NewGroupSize = 0; 00285 NewOwnerSize = 0; 00286 00287 // 00288 // Probe (if necessary) and capture each of the components of a 00289 // SECURITY_DESCRIPTOR. 00290 // 00291 00292 // 00293 // System ACL first 00294 // 00295 00296 if ((Captured.Control & SE_SACL_PRESENT) && 00297 (Captured.Sacl != NULL) ) { 00298 00299 if (RequestorMode != KernelMode) { 00300 00301 try { 00302 SaclSize = ProbeAndReadUshort( &(Captured.Sacl->AclSize) ); 00303 ProbeForRead( Captured.Sacl, 00304 SaclSize, 00305 sizeof(ULONG) ); 00306 } except(EXCEPTION_EXECUTE_HANDLER) { 00307 return GetExceptionCode(); 00308 } 00309 00310 } else { 00311 00312 SaclSize = Captured.Sacl->AclSize; 00313 00314 } 00315 00316 NewSaclSize = (ULONG)LongAlignSize( SaclSize ); 00317 00318 } else { 00319 // 00320 // Force the SACL to null if the bit is off 00321 // 00322 Captured.Sacl = NULL; 00323 } 00324 00325 // 00326 // Discretionary ACL 00327 // 00328 00329 if ((Captured.Control & SE_DACL_PRESENT) && 00330 (Captured.Dacl != NULL) ) { 00331 00332 if (RequestorMode != KernelMode) { 00333 00334 try { 00335 DaclSize = ProbeAndReadUshort( &(Captured.Dacl->AclSize) ); 00336 ProbeForRead( Captured.Dacl, 00337 DaclSize, 00338 sizeof(ULONG) ); 00339 } except(EXCEPTION_EXECUTE_HANDLER) { 00340 return GetExceptionCode(); 00341 } 00342 00343 } else { 00344 00345 DaclSize = Captured.Dacl->AclSize; 00346 00347 } 00348 00349 NewDaclSize = (ULONG)LongAlignSize( DaclSize ); 00350 00351 } else { 00352 // 00353 // Force the DACL to null if it is not present 00354 // 00355 Captured.Dacl = NULL; 00356 } 00357 00358 // 00359 // Owner SID 00360 // 00361 00362 if (Captured.Owner != NULL) { 00363 00364 if (RequestorMode != KernelMode) { 00365 00366 try { 00367 OwnerSubAuthorityCount = 00368 ProbeAndReadUchar( &(((SID *)(Captured.Owner))->SubAuthorityCount) ); 00369 OwnerSize = RtlLengthRequiredSid( OwnerSubAuthorityCount ); 00370 ProbeForRead( Captured.Owner, 00371 OwnerSize, 00372 sizeof(ULONG) ); 00373 } except(EXCEPTION_EXECUTE_HANDLER) { 00374 return GetExceptionCode(); 00375 } 00376 00377 } else { 00378 00379 OwnerSubAuthorityCount = ((SID *)(Captured.Owner))->SubAuthorityCount; 00380 OwnerSize = RtlLengthRequiredSid( OwnerSubAuthorityCount ); 00381 00382 } 00383 00384 NewOwnerSize = (ULONG)LongAlignSize( OwnerSize ); 00385 00386 } 00387 00388 // 00389 // Group SID 00390 // 00391 00392 if (Captured.Group != NULL) { 00393 00394 if (RequestorMode != KernelMode) { 00395 00396 try { 00397 GroupSubAuthorityCount = 00398 ProbeAndReadUchar( &(((SID *)(Captured.Group))->SubAuthorityCount) ); 00399 GroupSize = RtlLengthRequiredSid( GroupSubAuthorityCount ); 00400 ProbeForRead( Captured.Group, 00401 GroupSize, 00402 sizeof(ULONG) ); 00403 } except(EXCEPTION_EXECUTE_HANDLER) { 00404 return GetExceptionCode(); 00405 } 00406 00407 } else { 00408 00409 GroupSubAuthorityCount = ((SID *)(Captured.Group))->SubAuthorityCount; 00410 GroupSize = RtlLengthRequiredSid( GroupSubAuthorityCount ); 00411 00412 } 00413 00414 NewGroupSize = (ULONG)LongAlignSize( GroupSize ); 00415 00416 } 00417 00418 00419 00420 // 00421 // Now allocate enough pool to hold the descriptor 00422 // 00423 00424 Size = sizeof(SECURITY_DESCRIPTOR_RELATIVE) + 00425 NewSaclSize + 00426 NewDaclSize + 00427 NewOwnerSize + 00428 NewGroupSize; 00429 00430 (PIOutputSecurityDescriptor) = (SECURITY_DESCRIPTOR_RELATIVE *)ExAllocatePoolWithTag( PoolType, 00431 Size, 00432 'cSeS' ); 00433 00434 if ( PIOutputSecurityDescriptor == NULL ) { 00435 return( STATUS_INSUFFICIENT_RESOURCES ); 00436 } 00437 00438 (*OutputSecurityDescriptor) = (PSECURITY_DESCRIPTOR)PIOutputSecurityDescriptor; 00439 DescriptorOffset = (PCHAR)(PIOutputSecurityDescriptor); 00440 00441 00442 // 00443 // Copy the main security descriptor record over 00444 // 00445 00446 RtlCopyMemory( DescriptorOffset, 00447 &Captured, 00448 sizeof(SECURITY_DESCRIPTOR_RELATIVE) ); 00449 DescriptorOffset += sizeof(SECURITY_DESCRIPTOR_RELATIVE); 00450 00451 // 00452 // Indicate the output descriptor is self-relative 00453 // 00454 00455 PIOutputSecurityDescriptor->Control |= SE_SELF_RELATIVE; 00456 00457 // 00458 // If there is a System Acl, copy it over and set 00459 // the output descriptor's offset to point to the newly captured copy. 00460 // 00461 00462 if ((Captured.Control & SE_SACL_PRESENT) && (Captured.Sacl != NULL)) { 00463 00464 00465 try { 00466 RtlCopyMemory( DescriptorOffset, 00467 Captured.Sacl, 00468 SaclSize ); 00469 00470 00471 } except(EXCEPTION_EXECUTE_HANDLER) { 00472 ExFreePool( PIOutputSecurityDescriptor ); 00473 return GetExceptionCode(); 00474 } 00475 00476 if ((RequestorMode != KernelMode) && 00477 (!SepCheckAcl( (PACL) DescriptorOffset, SaclSize )) ) { 00478 00479 ExFreePool( PIOutputSecurityDescriptor ); 00480 return STATUS_INVALID_ACL; 00481 } 00482 00483 // 00484 // Change pointer to offset 00485 // 00486 00487 PIOutputSecurityDescriptor->Sacl = 00488 RtlPointerToOffset( PIOutputSecurityDescriptor, 00489 DescriptorOffset, 00490 ); 00491 00492 ((PACL) DescriptorOffset)->AclSize = (USHORT) NewSaclSize; 00493 DescriptorOffset += NewSaclSize; 00494 } else { 00495 PIOutputSecurityDescriptor->Sacl = 0; 00496 } 00497 00498 // 00499 // If there is a Discretionary Acl, copy it over and set 00500 // the output descriptor's offset to point to the newly captured copy. 00501 // 00502 00503 if ((Captured.Control & SE_DACL_PRESENT) && (Captured.Dacl != NULL)) { 00504 00505 00506 try { 00507 RtlCopyMemory( DescriptorOffset, 00508 Captured.Dacl, 00509 DaclSize ); 00510 } except(EXCEPTION_EXECUTE_HANDLER) { 00511 ExFreePool( PIOutputSecurityDescriptor ); 00512 return GetExceptionCode(); 00513 } 00514 00515 if ((RequestorMode != KernelMode) && 00516 (!SepCheckAcl( (PACL) DescriptorOffset, DaclSize )) ) { 00517 00518 ExFreePool( PIOutputSecurityDescriptor ); 00519 return STATUS_INVALID_ACL; 00520 } 00521 00522 // 00523 // Change pointer to offset 00524 // 00525 00526 PIOutputSecurityDescriptor->Dacl = 00527 RtlPointerToOffset( 00528 PIOutputSecurityDescriptor, 00529 DescriptorOffset 00530 ); 00531 00532 ((PACL) DescriptorOffset)->AclSize = (USHORT) NewDaclSize; 00533 DescriptorOffset += NewDaclSize; 00534 } else { 00535 PIOutputSecurityDescriptor->Dacl = 0; 00536 } 00537 00538 // 00539 // If there is an Owner SID, copy it over and set 00540 // the output descriptor's offset to point to the newly captured copy. 00541 // 00542 00543 if (Captured.Owner != NULL) { 00544 00545 00546 try { 00547 RtlCopyMemory( DescriptorOffset, 00548 Captured.Owner, 00549 OwnerSize ); 00550 ((SID *) (DescriptorOffset))->SubAuthorityCount = (UCHAR) OwnerSubAuthorityCount; 00551 00552 } except(EXCEPTION_EXECUTE_HANDLER) { 00553 ExFreePool( PIOutputSecurityDescriptor ); 00554 return GetExceptionCode(); 00555 } 00556 00557 if ((RequestorMode != KernelMode) && 00558 (!RtlValidSid( (PSID) DescriptorOffset )) ) { 00559 00560 ExFreePool( PIOutputSecurityDescriptor ); 00561 return STATUS_INVALID_SID; 00562 } 00563 00564 // 00565 // Change pointer to offset 00566 // 00567 00568 PIOutputSecurityDescriptor->Owner = 00569 RtlPointerToOffset( 00570 PIOutputSecurityDescriptor, 00571 DescriptorOffset 00572 ); 00573 00574 DescriptorOffset += NewOwnerSize; 00575 00576 } else { 00577 PIOutputSecurityDescriptor->Owner = 0; 00578 } 00579 00580 // 00581 // If there is a group SID, copy it over and set 00582 // the output descriptor's offset to point to the newly captured copy. 00583 // 00584 00585 if (Captured.Group != NULL) { 00586 00587 00588 try { 00589 RtlCopyMemory( DescriptorOffset, 00590 Captured.Group, 00591 GroupSize ); 00592 00593 ((SID *) DescriptorOffset)->SubAuthorityCount = (UCHAR) GroupSubAuthorityCount; 00594 } except(EXCEPTION_EXECUTE_HANDLER) { 00595 ExFreePool( PIOutputSecurityDescriptor ); 00596 return GetExceptionCode(); 00597 } 00598 00599 if ((RequestorMode != KernelMode) && 00600 (!RtlValidSid( (PSID) DescriptorOffset )) ) { 00601 00602 ExFreePool( PIOutputSecurityDescriptor ); 00603 return STATUS_INVALID_SID; 00604 } 00605 00606 // 00607 // Change pointer to offset 00608 // 00609 00610 PIOutputSecurityDescriptor->Group = 00611 RtlPointerToOffset( 00612 PIOutputSecurityDescriptor, 00613 DescriptorOffset 00614 ); 00615 00616 DescriptorOffset += NewGroupSize; 00617 } else { 00618 PIOutputSecurityDescriptor->Group = 0; 00619 } 00620 00621 // 00622 // And return to our caller 00623 // 00624 00625 return STATUS_SUCCESS; 00626 00627 }

NTSTATUS SeCaptureSecurityQos ( IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,

IN KPROCESSOR_MODE RequestorMode,

IN PBOOLEAN SecurityQosPresent,

IN PSECURITY_ADVANCED_QUALITY_OF_SERVICE CapturedSecurityQos

)

NTSTATUS SeCaptureSid ( IN PSID InputSid,

IN KPROCESSOR_MODE RequestorMode,

IN PVOID CaptureBuffer OPTIONAL,

IN ULONG CaptureBufferLength,

IN POOL_TYPE PoolType,

IN BOOLEAN ForceCapture,

OUT PSID * CapturedSid

)

Definition at line 1141 of file se/capture.c.
References ExAllocatePoolWithTag, EXCEPTION_EXECUTE_HANDLER, ExFreePool(), FALSE, KernelMode, NULL, PAGED_CODE, ProbeAndReadUchar, ProbeForRead, RtlLengthRequiredSid(), and RtlValidSid().
Referenced by NtCreateToken(), NtSecureConnectPort(), NtSetInformationToken(), SeAccessCheckByType(), and SepAccessCheckAndAuditAlarm().

01152 : 01153 01154 This routine probes and captures a copy of the specified SID. 01155 The SID is either captured into a provided buffer, or pool 01156 allocated to receive the SID. 01157 01158 01159 if the requestor mode is not kernel mode then 01160 01161 probe and capture the input SID 01162 01163 if the requstor mode is kernel mode then 01164 01165 if force capture is true then 01166 01167 do not probe the input SID, but do capture it 01168 01169 else 01170 01171 return address of original, but don't copy 01172 01173 Arguments: 01174 01175 InputSid - Supplies the SID to capture. This parameter is assumed 01176 to have been provided by the mode specified in RequestorMode. 01177 01178 RequestorMode - Specifies the caller's access mode. 01179 01180 CaptureBuffer - Specifies a buffer into which the SID is to be 01181 captured. If this parameter is not provided, pool will be allocated 01182 to hold the captured data. 01183 01184 CaptureBufferLength - Indicates the length, in bytes, of the capture 01185 buffer. 01186 01187 PoolType - Specifies which pool type to allocate to capture the 01188 SID into. This parameter is ignored if CaptureBuffer is provided. 01189 01190 ForceCapture - Specifies whether the SID should be captured even if 01191 requestor mode is kernel. 01192 01193 CapturedSid - Supplies the address of a pointer to an SID. 01194 The pointer will be set to point to the captured (or uncaptured) SID. 01195 01196 AlignedSidSize - Supplies the address of a ULONG to receive the length 01197 of the SID rounded up to the next longword boundary. 01198 01199 Return Value: 01200 01201 STATUS_SUCCESS indicates the capture was successful. 01202 01203 STATUS_BUFFER_TOO_SMALL - indicates the buffer provided to capture the SID 01204 into wasn't large enough to hold the SID. 01205 01206 Any access violations encountered will be returned. 01207 01208 --*/ 01209 01210 { 01211 01212 01213 01214 ULONG GetSidSubAuthorityCount; 01215 ULONG SidSize; 01216 01217 PAGED_CODE(); 01218 01219 // 01220 // check if the requestors mode is kernel mode and we are not 01221 // to force a capture. 01222 // 01223 01224 if ((RequestorMode == KernelMode) && (ForceCapture == FALSE)) { 01225 01226 // 01227 // We don't need to do any work and can simply 01228 // return a pointer to the input SID 01229 // 01230 01231 (*CapturedSid) = InputSid; 01232 01233 return STATUS_SUCCESS; 01234 } 01235 01236 01237 // 01238 // Get the length needed to hold the SID 01239 // 01240 01241 if (RequestorMode != KernelMode) { 01242 01243 try { 01244 GetSidSubAuthorityCount = 01245 ProbeAndReadUchar( &(((SID *)(InputSid))->SubAuthorityCount) ); 01246 SidSize = RtlLengthRequiredSid( GetSidSubAuthorityCount ); 01247 ProbeForRead( InputSid, 01248 SidSize, 01249 sizeof(ULONG) ); 01250 } except(EXCEPTION_EXECUTE_HANDLER) { 01251 return GetExceptionCode(); 01252 } 01253 01254 } else { 01255 01256 GetSidSubAuthorityCount = ((SID *)(InputSid))->SubAuthorityCount; 01257 SidSize = RtlLengthRequiredSid( GetSidSubAuthorityCount ); 01258 01259 } 01260 01261 01262 // 01263 // If a buffer was provided, compare lengths. 01264 // Otherwise, allocate a buffer. 01265 // 01266 01267 if (ARGUMENT_PRESENT(CaptureBuffer)) { 01268 01269 if (SidSize > CaptureBufferLength) { 01270 return STATUS_BUFFER_TOO_SMALL; 01271 } else { 01272 01273 (*CapturedSid) = CaptureBuffer; 01274 } 01275 01276 } else { 01277 01278 (*CapturedSid) = (PSID)ExAllocatePoolWithTag(PoolType, SidSize, 'iSeS'); 01279 01280 if ( *CapturedSid == NULL ) { 01281 return( STATUS_INSUFFICIENT_RESOURCES ); 01282 } 01283 01284 } 01285 01286 // 01287 // Now copy the SID and validate it 01288 // 01289 01290 try { 01291 01292 RtlMoveMemory( (*CapturedSid), InputSid, SidSize ); 01293 ((SID *)(*CapturedSid))->SubAuthorityCount = (UCHAR) GetSidSubAuthorityCount; 01294 01295 } except(EXCEPTION_EXECUTE_HANDLER) { 01296 if (!ARGUMENT_PRESENT(CaptureBuffer)) { 01297 ExFreePool( (*CapturedSid) ); 01298 *CapturedSid = NULL; 01299 } 01300 01301 return GetExceptionCode(); 01302 } 01303 01304 if ((!RtlValidSid( (*CapturedSid) )) ) { 01305 01306 if (!ARGUMENT_PRESENT(CaptureBuffer)) { 01307 ExFreePool( (*CapturedSid) ); 01308 *CapturedSid = NULL; 01309 } 01310 01311 return STATUS_INVALID_SID; 01312 } 01313 01314 return STATUS_SUCCESS; 01315 01316 }

NTSTATUS SeCaptureSidAndAttributesArray ( IN PSID_AND_ATTRIBUTES InputArray,

IN ULONG ArrayCount,

IN KPROCESSOR_MODE RequestorMode,

IN PVOID CaptureBuffer OPTIONAL,

IN ULONG CaptureBufferLength,

IN POOL_TYPE PoolType,

IN BOOLEAN ForceCapture,

OUT PSID_AND_ATTRIBUTES * CapturedArray,

OUT PULONG AlignedArraySize

)

Definition at line 1850 of file se/capture.c.
References ExAllocatePoolWithTag, EXCEPTION_EXECUTE_HANDLER, ExFreePool(), FALSE, InputArray, KernelMode, NT_SUCCESS, NTSTATUS(), NULL, PAGED_CODE, ProbeAndReadUchar, ProbeForRead, RtlLengthRequiredSid(), RtlLengthSid(), RtlValidSid(), and SEP_MAX_GROUP_COUNT.
Referenced by NtAdjustGroupsToken(), NtCreateToken(), NtFilterToken(), and PspCaptureTokenFilter().

01864 : 01865 01866 This routine probes and captures a copy of the specified 01867 SID_AND_ATTRIBUTES array, along with the SID values pointed 01868 to. 01869 01870 The array is either captured into a provided buffer, or pool 01871 allocated to receive the array. 01872 01873 The format of the captured information is an array of SID_AND_ATTRIBUTES 01874 data structures followed by the SID values. THIS MAY NOT BE THE CASE 01875 FOR KERNEL MODE UNLESS A FORCE CAPTURE IS SPECIFIED. 01876 01877 01878 if the requestor mode is not kernel mode then 01879 01880 probe and capture the input array 01881 01882 if the requstor mode is kernel mode then 01883 01884 if force capture is true then 01885 01886 do not probe the input array, but do capture it 01887 01888 else 01889 01890 return address of original, but don't copy 01891 01892 Arguments: 01893 01894 InputArray - Supplies the array to capture. This parameter is assumed 01895 to have been provided by the mode specified in RequestorMode. 01896 01897 ArrayCount - Indicates the number of elements in the array to capture. 01898 01899 RequestorMode - Specifies the caller's access mode. 01900 01901 CaptureBuffer - Specifies a buffer into which the array is to be 01902 captured. If this parameter is not provided, pool will be allocated 01903 to hold the captured data. 01904 01905 CaptureBufferLength - Indicates the length, in bytes, of the capture 01906 buffer. 01907 01908 PoolType - Specifies which pool type to allocate to capture the 01909 array into. This parameter is ignored if CaptureBuffer is provided. 01910 01911 ForceCapture - Specifies whether the array should be captured even if 01912 requestor mode is kernel. 01913 01914 CapturedArray - Supplies the address of a pointer to an array. 01915 The pointer will be set to point to the captured (or uncaptured) array. 01916 01917 AlignedArraySize - Supplies the address of a ULONG to receive the length 01918 of the array rounded up to the next longword boundary. 01919 01920 Return Value: 01921 01922 STATUS_SUCCESS indicates the capture was successful. 01923 01924 STATUS_BUFFER_TOO_SMALL - indicates the buffer provided to capture the array 01925 into wasn't large enough to hold the array. 01926 01927 Any access violations encountered will be returned. 01928 01929 --*/ 01930 01931 { 01932 01933 typedef struct _TEMP_ARRAY_ELEMENT { 01934 PISID Sid; 01935 ULONG SidLength; 01936 } TEMP_ARRAY_ELEMENT; 01937 01938 01939 TEMP_ARRAY_ELEMENT *TempArray; 01940 01941 NTSTATUS CompletionStatus = STATUS_SUCCESS; 01942 01943 ULONG ArraySize; 01944 ULONG AlignedLengthRequired; 01945 01946 ULONG NextIndex; 01947 01948 PSID_AND_ATTRIBUTES NextElement; 01949 PVOID NextBufferLocation; 01950 01951 ULONG GetSidSubAuthorityCount; 01952 ULONG SidSize; 01953 ULONG AlignedSidSize; 01954 01955 PAGED_CODE(); 01956 01957 // 01958 // Make sure the array isn't empty 01959 // 01960 01961 if (ArrayCount == 0) { 01962 (*CapturedArray) = NULL; 01963 (*AlignedArraySize) = 0; 01964 return STATUS_SUCCESS; 01965 } 01966 01967 // 01968 // Check there aren't too many SIDs 01969 // 01970 01971 if (ArrayCount > SEP_MAX_GROUP_COUNT) { 01972 return(STATUS_INVALID_PARAMETER); 01973 } 01974 // 01975 // check if the requestor's mode is kernel mode and we are not 01976 // to force a capture. 01977 // 01978 01979 if ((RequestorMode == KernelMode) && (ForceCapture == FALSE)) { 01980 01981 // 01982 // We don't need to do any work and can simply 01983 // return a pointer to the input array 01984 // 01985 01986 (*CapturedArray) = InputArray; 01987 01988 return STATUS_SUCCESS; 01989 } 01990 01991 01992 // 01993 // ---------- For RequestorMode == UserMode ---------------------- 01994 // 01995 // the algorithm for capturing an SID_AND_ATTRIBUTES array is somewhat 01996 // convoluted to avoid problems that could occur if the data is 01997 // being changed while being captured. 01998 // 01999 // The algorithm uses two loops. 02000 // 02001 // Allocate a temporary buffer to house the fixed length data. 02002 // 02003 // 1st loop: 02004 // For each SID: 02005 // Capture the Pointers to the SID and the length of the SID. 02006 // 02007 // Allocate a buffer large enough to hold all of the data. 02008 // 02009 // 2nd loop: 02010 // For each SID: 02011 // Capture the Attributes. 02012 // Capture the SID. 02013 // Set the pointer to the SID. 02014 // 02015 // Deallocate temporary buffer. 02016 // 02017 // ------------ For RequestorMode == KernelMode -------------------- 02018 // 02019 // There is no need to capture the length and address of the SIDs 02020 // in the first loop (since the kernel can be trusted not to change 02021 // them while they are being copied.) So for kernel mode, the first 02022 // loop just adds up the length needed. Kernel mode, thus, avoids 02023 // having to allocate a temporary buffer. 02024 // 02025 02026 // 02027 // Get the length needed to hold the array elements. 02028 // 02029 02030 ArraySize = ArrayCount * (ULONG)sizeof(SID_AND_ATTRIBUTES); 02031 AlignedLengthRequired = (ULONG)LongAlignSize( ArraySize ); 02032 02033 if (RequestorMode != KernelMode) { 02034 02035 // 02036 // Allocate a temporary array to capture the array elements into 02037 // 02038 02039 TempArray = 02040 (TEMP_ARRAY_ELEMENT *)ExAllocatePoolWithTag(PoolType, AlignedLengthRequired, 'aTeS'); 02041 02042 if ( TempArray == NULL ) { 02043 return( STATUS_INSUFFICIENT_RESOURCES ); 02044 } 02045 02046 02047 try { 02048 02049 // 02050 // Make sure we can read each SID_AND_ATTRIBUTE 02051 // 02052 02053 ProbeForRead( InputArray, 02054 ArraySize, 02055 sizeof(ULONG) ); 02056 02057 // 02058 // Probe and capture the length and address of each SID 02059 // 02060 02061 NextIndex = 0; 02062 while (NextIndex < ArrayCount) { 02063 PSID TempSid; 02064 02065 TempSid = InputArray[NextIndex].Sid; 02066 GetSidSubAuthorityCount = 02067 ProbeAndReadUchar( &((PISID)TempSid)->SubAuthorityCount); 02068 02069 if (GetSidSubAuthorityCount > SID_MAX_SUB_AUTHORITIES) { 02070 CompletionStatus = STATUS_INVALID_SID; 02071 break; 02072 } 02073 02074 TempArray[NextIndex].Sid = ((PISID)(TempSid)); 02075 TempArray[NextIndex].SidLength = 02076 RtlLengthRequiredSid( GetSidSubAuthorityCount ); 02077 02078 ProbeForRead( TempArray[NextIndex].Sid, 02079 TempArray[NextIndex].SidLength, 02080 sizeof(ULONG) ); 02081 02082 AlignedLengthRequired += 02083 (ULONG)LongAlignSize( TempArray[NextIndex].SidLength ); 02084 02085 NextIndex += 1; 02086 02087 } //end while 02088 02089 } except(EXCEPTION_EXECUTE_HANDLER) { 02090 02091 ExFreePool( TempArray ); 02092 return GetExceptionCode(); 02093 } 02094 02095 if (!NT_SUCCESS(CompletionStatus)) { 02096 ExFreePool( TempArray ); 02097 return(CompletionStatus); 02098 } 02099 02100 } else { 02101 02102 // 02103 // No need to capture anything. 02104 // But, we do need to add up the lengths of the SIDs 02105 // so we can allocate a buffer (or check the size of one provided). 02106 // 02107 02108 NextIndex = 0; 02109 02110 while (NextIndex < ArrayCount) { 02111 02112 GetSidSubAuthorityCount = 02113 ((PISID)(InputArray[NextIndex].Sid))->SubAuthorityCount; 02114 02115 AlignedLengthRequired += 02116 (ULONG)LongAlignSize(RtlLengthRequiredSid(GetSidSubAuthorityCount)); 02117 02118 NextIndex += 1; 02119 02120 } //end while 02121 02122 } 02123 02124 02125 // 02126 // Now we know how much memory we need. 02127 // Return this value in the output parameter. 02128 // 02129 02130 (*AlignedArraySize) = AlignedLengthRequired; 02131 02132 // 02133 // If a buffer was provided, make sure it is long enough. 02134 // Otherwise, allocate a buffer. 02135 // 02136 02137 if (ARGUMENT_PRESENT(CaptureBuffer)) { 02138 02139 if (AlignedLengthRequired > CaptureBufferLength) { 02140 02141 if (RequestorMode != KernelMode) { 02142 ExFreePool( TempArray ); 02143 } 02144 02145 return STATUS_BUFFER_TOO_SMALL; 02146 02147 } else { 02148 02149 (*CapturedArray) = CaptureBuffer; 02150 } 02151 02152 } else { 02153 02154 (*CapturedArray) = 02155 (PSID_AND_ATTRIBUTES)ExAllocatePoolWithTag(PoolType, AlignedLengthRequired, 'aSeS'); 02156 02157 if ( *CapturedArray == NULL ) { 02158 if (RequestorMode != KernelMode) { 02159 ExFreePool( TempArray ); 02160 } 02161 return( STATUS_INSUFFICIENT_RESOURCES ); 02162 } 02163 } 02164 02165 02166 // 02167 // Now copy everything. 02168 // This is done by copying all the SID_AND_ATTRIBUTES and then 02169 // copying each individual SID. 02170 // 02171 // All SIDs have already been probed for READ access. We just 02172 // need to copy them. 02173 // 02174 // 02175 02176 if (RequestorMode != KernelMode) { 02177 try { 02178 02179 // 02180 // Copy the SID_AND_ATTRIBUTES array elements 02181 // This really only sets the attributes, since we 02182 // over-write the SID pointer field later on. 02183 // 02184 02185 NextBufferLocation = (*CapturedArray); 02186 RtlMoveMemory( NextBufferLocation, InputArray, ArraySize ); 02187 NextBufferLocation = (PVOID)((ULONG_PTR)NextBufferLocation + 02188 (ULONG)LongAlignSize(ArraySize) ); 02189 02190 // 02191 // Now go through and copy each referenced SID. 02192 // Validate each SID as it is copied. 02193 // 02194 02195 NextIndex = 0; 02196 NextElement = (*CapturedArray); 02197 while ( (NextIndex < ArrayCount) && 02198 (CompletionStatus == STATUS_SUCCESS) ) { 02199 02200 02201 RtlMoveMemory( NextBufferLocation, 02202 TempArray[NextIndex].Sid, 02203 TempArray[NextIndex].SidLength ); 02204 02205 02206 NextElement[NextIndex].Sid = (PSID)NextBufferLocation; 02207 NextBufferLocation = 02208 (PVOID)((ULONG_PTR)NextBufferLocation + 02209 (ULONG)LongAlignSize(TempArray[NextIndex].SidLength)); 02210 02211 // 02212 // Verify the sid is valid and its length didn't change 02213 // 02214 02215 if (!RtlValidSid(NextElement[NextIndex].Sid) ) { 02216 CompletionStatus = STATUS_INVALID_SID; 02217 } else if (RtlLengthSid(NextElement[NextIndex].Sid) != TempArray[NextIndex].SidLength) { 02218 CompletionStatus = STATUS_INVALID_SID; 02219 } 02220 02221 02222 NextIndex += 1; 02223 02224 } //end while 02225 02226 02227 } except(EXCEPTION_EXECUTE_HANDLER) { 02228 02229 if (!ARGUMENT_PRESENT(CaptureBuffer)) { 02230 ExFreePool( (*CapturedArray) ); 02231 } 02232 02233 ExFreePool( TempArray ); 02234 02235 return GetExceptionCode(); 02236 } 02237 } else { 02238 02239 // 02240 // Requestor mode is kernel mode - 02241 // don't need protection, probing, and validating 02242 // 02243 02244 // 02245 // Copy the SID_AND_ATTRIBUTES array elements 02246 // This really only sets the attributes, since we 02247 // over-write the SID pointer field later on. 02248 // 02249 02250 NextBufferLocation = (*CapturedArray); 02251 RtlMoveMemory( NextBufferLocation, InputArray, ArraySize ); 02252 NextBufferLocation = (PVOID)( (ULONG_PTR)NextBufferLocation + 02253 (ULONG)LongAlignSize(ArraySize)); 02254 02255 // 02256 // Now go through and copy each referenced SID 02257 // 02258 02259 NextIndex = 0; 02260 NextElement = (*CapturedArray); 02261 while (NextIndex < ArrayCount) { 02262 02263 GetSidSubAuthorityCount = 02264 ((PISID)(NextElement[NextIndex].Sid))->SubAuthorityCount; 02265 02266 RtlMoveMemory( 02267 NextBufferLocation, 02268 NextElement[NextIndex].Sid, 02269 RtlLengthRequiredSid(GetSidSubAuthorityCount) ); 02270 SidSize = RtlLengthRequiredSid( GetSidSubAuthorityCount ); 02271 AlignedSidSize = (ULONG)LongAlignSize(SidSize); 02272 02273 NextElement[NextIndex].Sid = (PSID)NextBufferLocation; 02274 02275 NextIndex += 1; 02276 NextBufferLocation = (PVOID)((ULONG_PTR)NextBufferLocation + 02277 AlignedSidSize); 02278 02279 } //end while 02280 02281 } 02282 02283 if (RequestorMode != KernelMode) { 02284 ExFreePool( TempArray ); 02285 } 02286 02287 if (!ARGUMENT_PRESENT(CaptureBuffer) && !NT_SUCCESS(CompletionStatus)) { 02288 ExFreePool( (*CapturedArray) ); 02289 *CapturedArray = NULL ; 02290 } 02291 02292 return CompletionStatus; 02293 }

NTKERNELAPI VOID SeCaptureSubjectContext ( OUT PSECURITY_SUBJECT_CONTEXT SubjectContext )

Definition at line 46 of file subject.c.
References PAGED_CODE, PsGetCurrentProcess, PsGetCurrentThread, PsProcessAuditId, PsReferenceImpersonationToken(), and PsReferencePrimaryToken().
Referenced by CmpNotifyChangeKey(), IsPrivileged(), NtCloseObjectAuditAlarm(), NtDeleteObjectAuditAlarm(), NtOpenObjectAuditAlarm(), NtPrivilegedServiceAuditAlarm(), NtPrivilegeObjectAuditAlarm(), NtSetUuidSeed(), RtlpSetSecurityObject(), SeAccessCheckByType(), SeAuditHandleDuplication(), SeAuditProcessCreation(), SeCheckPrivilegedObject(), SeCloseObjectAuditAlarm(), SeCreateAccessState(), SeDeleteObjectAuditAlarm(), SepAccessCheckAndAuditAlarm(), SeSinglePrivilegeCheck(), and xxxCreateWindowStation().

00052 : 00053 00054 This routine takes a snapshot of the calling thread's security 00055 context (locking tokens as necessary to do so). This function 00056 is intended to support the object manager and other components 00057 that utilize the reference monitor's access validation, 00058 privilege test, and audit generation services. 00059 00060 A subject's security context should be captured before initiating 00061 access validation and should be released after audit messages 00062 are generated. This is necessary to provide a consistent security 00063 context to all those services. 00064 00065 After calling access validation, privilege test, and audit generation 00066 services, the captured context should be released as soon as possible 00067 using the SeReleaseSubjectContext() service. 00068 00069 Arguments: 00070 00071 SubjectContext - Points to a SECURITY_SUBJECT_CONTEXT data structure 00072 to be filled in with a snapshot of the calling thread's security 00073 profile. 00074 00075 Return Value: 00076 00077 none. 00078 00079 --*/ 00080 00081 { 00082 00083 PEPROCESS CurrentProcess; 00084 00085 //PVOID Objects[2]; 00086 00087 BOOLEAN IgnoreCopyOnOpen; 00088 BOOLEAN IgnoreEffectiveOnly; 00089 00090 PAGED_CODE(); 00091 00092 CurrentProcess = PsGetCurrentProcess(); 00093 SubjectContext->ProcessAuditId = PsProcessAuditId( CurrentProcess ); 00094 00095 // 00096 // Get pointers to primary and impersonation tokens 00097 // 00098 00099 SubjectContext->ClientToken = PsReferenceImpersonationToken( 00100 PsGetCurrentThread(), 00101 &IgnoreCopyOnOpen, 00102 &IgnoreEffectiveOnly, 00103 &(SubjectContext->ImpersonationLevel) 00104 ); 00105 00106 SubjectContext->PrimaryToken = PsReferencePrimaryToken(CurrentProcess); 00107 00108 return; 00109 00110 }

BOOLEAN SeCheckAuditPrivilege ( IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext,

IN KPROCESSOR_MODE PreviousMode

)

Definition at line 199 of file seaudit.c.
References KernelMode, NULL, PAGED_CODE, SeAuditPrivilege, SepPrivilegeCheck(), and SePrivilegedServiceAuditAlarm().
Referenced by NtCloseObjectAuditAlarm(), NtDeleteObjectAuditAlarm(), NtOpenObjectAuditAlarm(), NtPrivilegedServiceAuditAlarm(), NtPrivilegeObjectAuditAlarm(), and SepAccessCheckAndAuditAlarm().

00205 : 00206 00207 This routine specifically searches the primary token (rather than 00208 the effective token) of the calling process for SeAuditPrivilege. 00209 In order to do this it must call the underlying worker 00210 SepPrivilegeCheck directly, to ensure that the correct token is 00211 searched 00212 00213 Arguments: 00214 00215 SubjectSecurityContext - The subject being examined. 00216 00217 PreviousMode - The previous processor mode. 00218 00219 Return Value: 00220 00221 Returns TRUE if the subject has SeAuditPrivilege, FALSE otherwise. 00222 00223 --*/ 00224 { 00225 00226 PRIVILEGE_SET RequiredPrivileges; 00227 BOOLEAN AccessGranted; 00228 00229 PAGED_CODE(); 00230 00231 RequiredPrivileges.PrivilegeCount = 1; 00232 RequiredPrivileges.Control = PRIVILEGE_SET_ALL_NECESSARY; 00233 RequiredPrivileges.Privilege[0].Luid = SeAuditPrivilege; 00234 RequiredPrivileges.Privilege[0].Attributes = 0; 00235 00236 AccessGranted = SepPrivilegeCheck( 00237 SubjectSecurityContext->PrimaryToken, // token 00238 RequiredPrivileges.Privilege, // privilege set 00239 RequiredPrivileges.PrivilegeCount, // privilege count 00240 PRIVILEGE_SET_ALL_NECESSARY, // privilege control 00241 PreviousMode // previous mode 00242 ); 00243 00244 if ( PreviousMode != KernelMode ) { 00245 00246 SePrivilegedServiceAuditAlarm ( 00247 NULL, // BUGWARNING need service name 00248 SubjectSecurityContext, 00249 &RequiredPrivileges, 00250 AccessGranted 00251 ); 00252 } 00253 00254 return( AccessGranted ); 00255 }

BOOLEAN SeCheckPrivilegedObject ( LUID PrivilegeValue,

HANDLE ObjectHandle,

ACCESS_MASK DesiredAccess,

KPROCESSOR_MODE PreviousMode

)

Definition at line 504 of file privileg.c.
References KernelMode, PAGED_CODE, SeCaptureSubjectContext(), SePrivilegeCheck(), SePrivilegeObjectAuditAlarm(), and SeReleaseSubjectContext().
Referenced by NtSetInformationJobObject(), NtSetInformationProcess(), NtSetInformationThread(), and PspSetPrimaryToken().

00513 : 00514 00515 This function will check for the passed privilege value in the 00516 current context, and generate audits as appropriate. 00517 00518 Arguments: 00519 00520 PrivilegeValue - The value of the privilege being checked. 00521 00522 Object - Specifies a pointer to the object being accessed. 00523 00524 ObjectHandle - Specifies the object handle being used. 00525 00526 DesiredAccess - The desired access mask, if any 00527 00528 PreviousMode - The previous processor mode 00529 00530 00531 Return Value: 00532 00533 TRUE - The current subject has the desired privilege. 00534 00535 FALSE - The current subject does not have the desired privilege. 00536 --*/ 00537 00538 { 00539 BOOLEAN AccessGranted; 00540 PRIVILEGE_SET RequiredPrivileges; 00541 SECURITY_SUBJECT_CONTEXT SubjectSecurityContext; 00542 00543 PAGED_CODE(); 00544 00545 // 00546 // Make sure the caller has the privilege to make this 00547 // call. 00548 // 00549 00550 RequiredPrivileges.PrivilegeCount = 1; 00551 RequiredPrivileges.Control = PRIVILEGE_SET_ALL_NECESSARY; 00552 RequiredPrivileges.Privilege[0].Luid = PrivilegeValue; 00553 RequiredPrivileges.Privilege[0].Attributes = 0; 00554 00555 SeCaptureSubjectContext( &SubjectSecurityContext ); 00556 00557 AccessGranted = SePrivilegeCheck( 00558 &RequiredPrivileges, 00559 &SubjectSecurityContext, 00560 PreviousMode 00561 ); 00562 00563 if ( PreviousMode != KernelMode ) { 00564 00565 SePrivilegeObjectAuditAlarm( 00566 ObjectHandle, 00567 &SubjectSecurityContext, 00568 DesiredAccess, 00569 &RequiredPrivileges, 00570 AccessGranted, 00571 PreviousMode 00572 ); 00573 00574 } 00575 00576 00577 SeReleaseSubjectContext( &SubjectSecurityContext ); 00578 00579 return( AccessGranted ); 00580 00581 } }

VOID SeCloseObjectAuditAlarm ( IN PVOID Object,

IN HANDLE Handle,

IN BOOLEAN GenerateOnClose

)

Definition at line 3826 of file seaudit.c.
References EffectiveToken, Handle, NTSTATUS(), PAGED_CODE, SeCaptureSubjectContext(), SepAdtCloseObjectAuditAlarm(), SepTokenAuthenticationId, SepTokenUserSid, SeReleaseSubjectContext(), SeSubsystemName, and Status.
Referenced by NtClose().

03834 : 03835 03836 This routine is used to generate audit and alarm messages when a handle 03837 to an object is deleted. 03838 03839 This routine may result in several messages being generated and sent to 03840 Port objects. This may result in a significant latency before 03841 returning. Design of routines that must call this routine must take 03842 this potential latency into account. This may have an impact on the 03843 approach taken for data structure mutex locking, for example. 03844 03845 Arguments: 03846 03847 Object - Address of the object being accessed. This value will not be 03848 used as a pointer (referenced). It is necessary only to enter into 03849 log messages. 03850 03851 Handle - Supplies the handle value assigned to the open. 03852 03853 GenerateOnClose - Is a boolean value returned from a corresponding 03854 SeOpenObjectAuditAlarm() call when the object handle was created. 03855 03856 Return Value: 03857 03858 None. 03859 03860 --*/ 03861 03862 { 03863 SECURITY_SUBJECT_CONTEXT SubjectSecurityContext; 03864 PSID UserSid; 03865 NTSTATUS Status; 03866 03867 PAGED_CODE(); 03868 03869 if (GenerateOnClose) { 03870 03871 SeCaptureSubjectContext ( &SubjectSecurityContext ); 03872 03873 UserSid = SepTokenUserSid( EffectiveToken (&SubjectSecurityContext)); 03874 03875 03876 SepAdtCloseObjectAuditAlarm ( 03877 &SeSubsystemName, 03878 (PVOID)Handle, 03879 Object, 03880 UserSid, 03881 SepTokenAuthenticationId( EffectiveToken (&SubjectSecurityContext)) 03882 ); 03883 03884 SeReleaseSubjectContext ( &SubjectSecurityContext ); 03885 } 03886 03887 return; 03888 }

NTSTATUS SeComputeQuotaInformationSize ( IN PSECURITY_DESCRIPTOR SecurityDescriptor,

OUT PULONG Size

)

Definition at line 2350 of file se/capture.c.
References Dacl, Group, NULL, PAGED_CODE, SeLengthSid, and Size.
Referenced by ObpCaptureObjectCreateInformation().

02357 : 02358 02359 This routine computes the size of the Group and DACL for the 02360 passed security descriptor. 02361 02362 This quantity will later be used in calculating the amount 02363 of quota to charge for this object. 02364 02365 Arguments: 02366 02367 SecurityDescriptor - Supplies a pointer to the security descriptor 02368 to be examined. 02369 02370 Size - Returns the size in bytes of the sum of the Group and Dacl 02371 fields of the security descriptor. 02372 02373 Return Value: 02374 02375 STATUS_SUCCESS - The operation was successful. 02376 02377 STATUS_INVALID_REVISION - The passed security descriptor was of 02378 an unknown revision. 02379 02380 --*/ 02381 02382 { 02383 PISECURITY_DESCRIPTOR ISecurityDescriptor; 02384 02385 PSID Group; 02386 PACL Dacl; 02387 02388 PAGED_CODE(); 02389 02390 ISecurityDescriptor = (PISECURITY_DESCRIPTOR)SecurityDescriptor; 02391 *Size = 0; 02392 02393 if (ISecurityDescriptor->Revision != SECURITY_DESCRIPTOR_REVISION) { 02394 return( STATUS_UNKNOWN_REVISION ); 02395 } 02396 02397 Group = RtlpGroupAddrSecurityDescriptor( ISecurityDescriptor ); 02398 02399 Dacl = RtlpDaclAddrSecurityDescriptor( ISecurityDescriptor ); 02400 02401 if (Group != NULL) { 02402 *Size += (ULONG)LongAlignSize(SeLengthSid( Group )); 02403 } 02404 02405 if (Dacl != NULL) { 02406 *Size += (ULONG)LongAlignSize(Dacl->AclSize); 02407 } 02408 02409 return( STATUS_SUCCESS ); 02410 }

NTSTATUS SeCopyClientToken ( IN PACCESS_TOKEN ClientToken,

IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel,

IN KPROCESSOR_MODE RequestorMode,

OUT PACCESS_TOKEN * DuplicateToken

)

Definition at line 1227 of file tokendup.c.
References ClientToken, FALSE, NTSTATUS(), NULL, ObjectAttributes, PAGED_CODE, PTOKEN, SepDuplicateToken(), and Status.
Referenced by SepCreateClientSecurity().

01237 : 01238 01239 This routine copies a client's token as part of establishing a client 01240 context for impersonation. 01241 01242 The result will be an impersonation token. 01243 01244 No handles to the new token are established. 01245 01246 The token will be an exact duplicate of the source token. It is the 01247 caller's responsibility to ensure an effective only copy of the token 01248 is produced when the token is opened, if necessary. 01249 01250 01251 Arguments: 01252 01253 ClientToken - Points to the token to be duplicated. This may be either 01254 a primary or impersonation token. 01255 01256 ImpersonationLevel - The impersonation level to be assigned to the new 01257 token. 01258 01259 RequestorMode - Mode to be assigned as the owner mode of the new token. 01260 01261 DuplicateToken - Receives a pointer to the duplicate token. 01262 The token has not yet been inserted into any object table. 01263 No exceptions are expected when tring to set this OUT value. 01264 01265 Return Value: 01266 01267 STATUS_SUCCESS - The service successfully completed the requested 01268 operation. 01269 01270 01271 --*/ 01272 { 01273 NTSTATUS Status; 01274 OBJECT_ATTRIBUTES ObjectAttributes; 01275 PTOKEN NewToken; 01276 01277 PAGED_CODE(); 01278 01279 InitializeObjectAttributes( 01280 &ObjectAttributes, 01281 NULL, 01282 0, 01283 NULL, 01284 NULL 01285 ); 01286 01287 Status = SepDuplicateToken( 01288 (PTOKEN)ClientToken, // ExistingToken 01289 &ObjectAttributes, // ObjectAttributes 01290 FALSE, // EffectiveOnly 01291 TokenImpersonation, // TokenType (target) 01292 ImpersonationLevel, // ImpersonationLevel 01293 RequestorMode, // RequestorMode 01294 &NewToken // DuplicateToken 01295 ); 01296 01297 (*DuplicateToken) = (PACCESS_TOKEN)NewToken; 01298 01299 return Status; 01300 01301 }

NTKERNELAPI NTSTATUS SeCreateAccessState ( IN PACCESS_STATE AccessState,

IN PAUX_ACCESS_DATA AuxData,

IN ACCESS_MASK DesiredAccess,

IN PGENERIC_MAPPING GenericMapping

)

Definition at line 180 of file seastate.c.
References ACCESS_STATE, ASSERT, EffectiveToken, ExAllocateLocallyUniqueId, FALSE, GENERIC_ACCESS, NULL, PAGED_CODE, PTOKEN, RtlMapGenericMask(), SeCaptureSubjectContext(), and TOKEN_HAS_TRAVERSE_PRIVILEGE.
Referenced by AccessCheckObject(), NtDuplicateObject(), NtOpenProcess(), NtOpenThread(), ObInsertObject(), ObOpenObjectByName(), ObOpenObjectByPointer(), ObReferenceObjectByName(), and SepCreateToken().

00188 : 00189 00190 This routine initializes an ACCESS_STATE structure. This consists 00191 of: 00192 00193 - zeroing the entire structure 00194 00195 - mapping generic access types in the passed DesiredAccess 00196 and putting it into the structure 00197 00198 - "capturing" the Subject Context, which must be held for the 00199 duration of the access attempt (at least until auditing is performed). 00200 00201 - Allocating an Operation ID, which is an LUID that will be used 00202 to associate different parts of the access attempt in the audit 00203 log. 00204 00205 Arguments: 00206 00207 AccessState - a pointer to the structure to be initialized. 00208 00209 AuxData - Supplies a buffer big enough for an AuxData structure 00210 so we don't have to allocate one. 00211 00212 DesiredAccess - Access mask containing the desired access 00213 00214 GenericMapping - Optionally supplies a pointer to a generic mapping 00215 that may be used to map any generic access requests that may 00216 have been passed in the DesiredAccess parameter. 00217 00218 Note that if this parameter is not supplied, it must be filled 00219 in at some later point. The IO system does this in IopParseDevice. 00220 00221 Return Value: 00222 00223 Error if the attempt to allocate an LUID fails. 00224 00225 Note that this error may be safely ignored if it is known that all 00226 security checks will be performed with PreviousMode == KernelMode. 00227 Know what you're doing if you choose to ignore this. 00228 00229 --*/ 00230 00231 { 00232 00233 ACCESS_MASK MappedAccessMask; 00234 PSECURITY_DESCRIPTOR InputSecurityDescriptor = NULL; 00235 00236 PAGED_CODE(); 00237 00238 // 00239 // Don't modify what he passed in 00240 // 00241 00242 MappedAccessMask = DesiredAccess; 00243 00244 // 00245 // Map generic access to object specific access iff generic access types 00246 // are specified and a generic access mapping table is provided. 00247 // 00248 00249 if ( ((DesiredAccess & GENERIC_ACCESS) != 0) && 00250 ARGUMENT_PRESENT(GenericMapping) ) { 00251 00252 RtlMapGenericMask( 00253 &MappedAccessMask, 00254 GenericMapping 00255 ); 00256 } 00257 00258 RtlZeroMemory(AccessState, sizeof(ACCESS_STATE)); 00259 00260 // 00261 // Assume RtlZeroMemory has initialized these fields properly 00262 // 00263 00264 ASSERT( AccessState->SecurityDescriptor == NULL ); 00265 ASSERT( AccessState->PrivilegesAllocated == FALSE ); 00266 00267 AccessState->AuxData = AuxData; 00268 00269 SeCaptureSubjectContext(&AccessState->SubjectSecurityContext); 00270 00271 if (((PTOKEN)EffectiveToken( &AccessState->SubjectSecurityContext ))->TokenFlags & TOKEN_HAS_TRAVERSE_PRIVILEGE ) { 00272 AccessState->Flags = TOKEN_HAS_TRAVERSE_PRIVILEGE; 00273 } 00274 00275 AccessState->RemainingDesiredAccess = MappedAccessMask; 00276 AccessState->OriginalDesiredAccess = MappedAccessMask; 00277 AuxData->PrivilegesUsed = (PPRIVILEGE_SET)((ULONG_PTR)AccessState + 00278 (FIELD_OFFSET(ACCESS_STATE, Privileges))); 00279 00280 ExAllocateLocallyUniqueId(&AccessState->OperationID); 00281 00282 if (ARGUMENT_PRESENT(GenericMapping)) { 00283 AuxData->GenericMapping = *GenericMapping; 00284 } 00285 00286 return( STATUS_SUCCESS ); 00287 00288 }

NTKERNELAPI NTSTATUS SeCreateClientSecurity ( IN PETHREAD ClientThread,

IN PSECURITY_QUALITY_OF_SERVICE ClientSecurityQos,

IN BOOLEAN RemoteSession,

OUT PSECURITY_CLIENT_CONTEXT ClientContext

)

Definition at line 209 of file seclient.c.
References ClientThread(), NTSTATUS(), PAGED_CODE, PsReferenceEffectiveToken(), SepCreateClientSecurity(), Status, and Token.
Referenced by CmLoadKey(), MESSAGECALL(), NtImpersonateThread(), and NtSecureConnectPort().

00218 : 00219 00220 This service initializes a context block to represent a client's 00221 security context. This may simply result in a reference to the 00222 client's token, or may cause the client's token to be duplicated, 00223 depending upon the security quality of service information specified. 00224 00225 NOTE 00226 00227 The code in this routine is optimized for DYNAMIC context 00228 tracking. This is only mode in which direct access to a 00229 caller's token is allowed, and the mode expected to be used 00230 most often. STATIC context tracking always requires the 00231 caller's token to be copied. 00232 00233 00234 Arguments: 00235 00236 ClientThread - Points to the client's thread. This is used to 00237 locate the client's security context (token). 00238 00239 ClientSecurityQos - Points to the security quality of service 00240 parameters specified by the client for this communication 00241 session. 00242 00243 ServerIsRemote - Provides an indication as to whether the session 00244 this context block is being used for is an inter-system 00245 session or intra-system session. This is reconciled with the 00246 impersonation level of the client thread's token (in case the 00247 client has a client of his own that didn't specify delegation). 00248 00249 ClientContext - Points to the client security context block to be 00250 initialized. 00251 00252 00253 Return Value: 00254 00255 STATUS_SUCCESS - The service completed successfully. 00256 00257 STATUS_BAD_IMPERSONATION_LEVEL - The client is currently 00258 impersonating either an Anonymous or Identification level 00259 token, which can not be passed on for use by another server. 00260 This status may also be returned if the security context 00261 block is for an inter-system communication session and the 00262 client thread is impersonating a client of its own using 00263 other than delegation impersonation level. 00264 00265 00266 --*/ 00267 00268 { 00269 NTSTATUS Status = STATUS_SUCCESS; 00270 PACCESS_TOKEN Token; 00271 TOKEN_TYPE TokenType; 00272 BOOLEAN ThreadEffectiveOnly; 00273 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel; 00274 PACCESS_TOKEN DuplicateToken; 00275 00276 PAGED_CODE(); 00277 00278 // 00279 // Gain access to the client thread's effective token 00280 // 00281 00282 Token = PsReferenceEffectiveToken( 00283 ClientThread, 00284 &TokenType, 00285 &ThreadEffectiveOnly, 00286 &ImpersonationLevel 00287 ); 00288 00289 00290 Status = SepCreateClientSecurity( 00291 Token, 00292 ClientSecurityQos, 00293 ServerIsRemote, 00294 TokenType, 00295 ThreadEffectiveOnly, 00296 ImpersonationLevel, 00297 ClientContext ); 00298 00299 return Status ; 00300 }

NTKERNELAPI NTSTATUS SeCreateClientSecurityFromSubjectContext ( IN PSECURITY_SUBJECT_CONTEXT SubjectContext,

IN PSECURITY_QUALITY_OF_SERVICE ClientSecurityQos,

IN BOOLEAN ServerIsRemote,

OUT PSECURITY_CLIENT_CONTEXT ClientContext

)

Definition at line 712 of file seclient.c.
References FALSE, NTSTATUS(), ObReferenceObject, PAGED_CODE, SepCreateClientSecurity(), SeQuerySubjectContextToken, Status, and Token.

00720 : 00721 00722 This service initializes a context block to represent a client's 00723 security context. This may simply result in a reference to the 00724 client's token, or may cause the client's token to be duplicated, 00725 depending upon the security quality of service information specified. 00726 00727 NOTE 00728 00729 The code in this routine is optimized for DYNAMIC context 00730 tracking. This is only mode in which direct access to a 00731 caller's token is allowed, and the mode expected to be used 00732 most often. STATIC context tracking always requires the 00733 caller's token to be copied. 00734 00735 00736 Arguments: 00737 00738 SubjectContext - Points to the SubjectContext that should serve 00739 as the basis for this client context. 00740 00741 ClientSecurityQos - Points to the security quality of service 00742 parameters specified by the client for this communication 00743 session. 00744 00745 ServerIsRemote - Provides an indication as to whether the session 00746 this context block is being used for is an inter-system 00747 session or intra-system session. This is reconciled with the 00748 impersonation level of the client thread's token (in case the 00749 client has a client of his own that didn't specify delegation). 00750 00751 ClientContext - Points to the client security context block to be 00752 initialized. 00753 00754 00755 Return Value: 00756 00757 STATUS_SUCCESS - The service completed successfully. 00758 00759 STATUS_BAD_IMPERSONATION_LEVEL - The client is currently 00760 impersonating either an Anonymous or Identification level 00761 token, which can not be passed on for use by another server. 00762 This status may also be returned if the security context 00763 block is for an inter-system communication session and the 00764 client thread is impersonating a client of its own using 00765 other than delegation impersonation level. 00766 00767 00768 --*/ 00769 00770 { 00771 NTSTATUS Status = STATUS_SUCCESS; 00772 PACCESS_TOKEN Token; 00773 TOKEN_TYPE Type; 00774 BOOLEAN ThreadEffectiveOnly; 00775 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel; 00776 PACCESS_TOKEN DuplicateToken; 00777 00778 PAGED_CODE(); 00779 00780 Token = SeQuerySubjectContextToken( 00781 SubjectContext 00782 ); 00783 00784 ObReferenceObject( Token ); 00785 00786 if ( SubjectContext->ClientToken ) 00787 { 00788 Type = TokenImpersonation ; 00789 } 00790 else 00791 { 00792 Type = TokenPrimary ; 00793 } 00794 00795 Status = SepCreateClientSecurity( 00796 Token, 00797 ClientSecurityQos, 00798 ServerIsRemote, 00799 Type, 00800 FALSE, 00801 SubjectContext->ImpersonationLevel, 00802 ClientContext 00803 ); 00804 00805 00806 return Status ; 00807 }

VOID SeCreateInstanceAuditAlarm ( IN PLUID OperationID OPTIONAL,

IN PVOID Object,

IN PSECURITY_DESCRIPTOR SecurityDescriptor,

IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext,

IN ACCESS_MASK DesiredAccess,

IN PPRIVILEGE_SET Privileges OPTIONAL,

IN BOOLEAN AccessGranted,

IN KPROCESSOR_MODE AccessMode

)

VOID SeCreateObjectAuditAlarm ( IN PLUID OperationID OPTIONAL,

IN PVOID Object,

IN PUNICODE_STRING ComponentName,

IN PSECURITY_DESCRIPTOR SecurityDescriptor,

IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext,

IN ACCESS_MASK DesiredAccess,

IN PPRIVILEGE_SET Privileges OPTIONAL,

IN BOOLEAN AccessGranted,

OUT PBOOLEAN AuditPerformed,

IN KPROCESSOR_MODE AccessMode

)

Definition at line 3538 of file seaudit.c.
References DirectoryName, EffectiveToken, ExFreePool(), FALSE, KernelMode, NULL, PAGED_CODE, SepAdtAuditThisEvent, SepAdtCreateObjectAuditAlarm(), SepExamineSacl(), SepQueryNameString(), SepTokenAuthenticationId, SepTokenUserSid, and TRUE.
Referenced by CmpCheckCreateAccess(), and ObCheckCreateObjectAccess().

03553 : 03554 03555 Audits the creation of an object in a directory. 03556 03557 Arguments: 03558 03559 OperationID - Optionally supplies the LUID representing the operation 03560 id for this operation. 03561 03562 DirectoryObject - Provides a pointer to the directory object being 03563 examined. 03564 03565 ComponentName - Provides a pointer to a Unicode string containing the 03566 relative name of the object being created. 03567 03568 SecurityDescriptor - The security descriptor for the passed direcctory. 03569 03570 SubjectSecurityContext - The current subject context. 03571 03572 DesiredAccess - The desired access to the directory. 03573 03574 Privileges - Returns any privileges that were used for the access attempt. 03575 03576 AccessGranted - Returns whether or not the access was successful. 03577 03578 AuditPerformed - Returns whether or not auditing was performed. 03579 03580 AccessMode - The previous mode. 03581 03582 Return Value: 03583 03584 return-value - Description of conditions needed to return value. - or - 03585 None. 03586 03587 --*/ 03588 03589 { 03590 PAGED_CODE(); 03591 #if 0 03592 03593 BOOLEAN GenerateAudit = FALSE; 03594 BOOLEAN GenerateAlarm = FALSE; 03595 PUNICODE_STRING DirectoryName; 03596 POBJECT_NAME_INFORMATION ObjectNameInformation = NULL; 03597 03598 UNREFERENCED_PARAMETER( DirectoryObject ); 03599 UNREFERENCED_PARAMETER( Privileges ); 03600 03601 if (AccessMode == KernelMode) { 03602 return; 03603 } 03604 03605 if ( SecurityDescriptor != NULL ) { 03606 03607 if ( SepAdtAuditThisEvent( AuditCategoryObjectAccess, &AccessGranted )) { 03608 03609 SepExamineSacl( 03610 RtlpSaclAddrSecurityDescriptor( (PISECURITY_DESCRIPTOR)SecurityDescriptor ), 03611 EffectiveToken( SubjectSecurityContext ), 03612 DesiredAccess, 03613 AccessGranted, 03614 &GenerateAudit, 03615 &GenerateAlarm 03616 ); 03617 03618 if ( GenerateAudit || GenerateAlarm ) { 03619 03620 // 03621 // Call ob for the name of the directory. 03622 // 03623 03624 ObjectNameInformation = SepQueryNameString( DirectoryObject ); 03625 03626 if ( ObjectNameInformation != NULL ) { 03627 03628 DirectoryName = &ObjectNameInformation->Name; 03629 } 03630 03631 SepAdtCreateObjectAuditAlarm( 03632 OperationID, 03633 DirectoryName, 03634 ComponentName, 03635 SepTokenUserSid(EffectiveToken( SubjectSecurityContext )), 03636 SepTokenAuthenticationId( EffectiveToken( SubjectSecurityContext )), 03637 DesiredAccess, 03638 AccessGranted, 03639 GenerateAudit, 03640 GenerateAlarm 03641 ); 03642 03643 *AuditPerformed = TRUE; 03644 03645 if ( DirectoryName != NULL ) { 03646 03647 ExFreePool( DirectoryName ); 03648 } 03649 } 03650 } 03651 } 03652 03653 #endif 03654 03655 return; 03656 }

VOID SeDeassignPrimaryToken ( IN PEPROCESS Process )

Definition at line 302 of file token.c.
References ASSERT, FALSE, ObDereferenceObject, PAGED_CODE, and PTOKEN.
Referenced by PspDeleteProcessSecurity(), and SeAssignPrimaryToken().

00309 : 00310 00311 This function causes a process reference to a token to be 00312 dropped. 00313 00314 Arguments: 00315 00316 Process - Points to the process whose primary token is no longer needed. 00317 This is probably only the case at process deletion or when 00318 a primary token is being replaced. 00319 00320 Return Value: 00321 00322 None. 00323 00324 --*/ 00325 00326 { 00327 00328 PTOKEN 00329 OldToken = (PTOKEN)(Process->Token); 00330 00331 PAGED_CODE(); 00332 00333 ASSERT(OldToken->TokenType == TokenPrimary); 00334 ASSERT(OldToken->TokenInUse); 00335 00336 OldToken->TokenInUse = FALSE; 00337 ObDereferenceObject( OldToken ); 00338 00339 00340 return; 00341 }

NTKERNELAPI NTSTATUS SeDeassignSecurity ( IN OUT PSECURITY_DESCRIPTOR * SecurityDescriptor )

Definition at line 373 of file seassign.c.
References ExFreePool(), NULL, and PAGED_CODE.
Referenced by CmpDoCreateChild(), ObAssignSecurity(), and xxxCreateWindowStation().

00379 : 00380 00381 This routine deallocates the memory associated with a security descriptor 00382 that was assigned using SeAssignSecurity. 00383 00384 00385 Arguments: 00386 00387 SecurityDescriptor - Supplies the address of a pointer to the security 00388 descriptor being deleted. 00389 00390 Return Value: 00391 00392 STATUS_SUCCESS - The deallocation was successful. 00393 00394 --*/ 00395 00396 { 00397 PAGED_CODE(); 00398 00399 if ((*SecurityDescriptor) != NULL) { 00400 ExFreePool( (*SecurityDescriptor) ); 00401 } 00402 00403 // 00404 // And zero out the pointer to it for safety sake 00405 // 00406 00407 (*SecurityDescriptor) = NULL; 00408 00409 return( STATUS_SUCCESS ); 00410 00411 }

NTSTATUS SeDefaultObjectMethod ( IN PVOID Object,

IN SECURITY_OPERATION_CODE OperationCode,

IN PSECURITY_INFORMATION SecurityInformation,

IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor,

IN OUT PULONG Length,

IN OUT PSECURITY_DESCRIPTOR * ObjectsSecurityDescriptor,

IN POOL_TYPE PoolType,

IN PGENERIC_MAPPING GenericMapping

)

Definition at line 195 of file semethod.c.
References ASSERT, AssignSecurityDescriptor, DeleteSecurityDescriptor, KeBugCheck(), NonPagedPool, NULL, ObAssignObjectSecurityDescriptor(), ObQuerySecurityDescriptorInfo(), ObSetSecurityDescriptorInfo(), PAGED_CODE, PagedPool, QuerySecurityDescriptor, SepDefaultDeleteMethod(), and SetSecurityDescriptor.
Referenced by NtDuplicateObject(), ObCreateObjectType(), and TestDefaultObjectMethod().

00208 : 00209 00210 This is the default security method for objects. It is responsible 00211 for either retrieving, setting, and deleting the security descriptor of 00212 an object. It is not used to assign the original security descriptor 00213 to an object (use SeAssignSecurity for that purpose). 00214 00215 00216 IT IS ASSUMED THAT THE OBJECT MANAGER HAS ALREADY DONE THE ACCESS 00217 VALIDATIONS NECESSARY TO ALLOW THE REQUESTED OPERATIONS TO BE PERFORMED. 00218 00219 Arguments: 00220 00221 Object - Supplies a pointer to the object being used. 00222 00223 OperationCode - Indicates if the operation is for setting, querying, or 00224 deleting the object's security descriptor. 00225 00226 SecurityInformation - Indicates which security information is being 00227 queried or set. This argument is ignored for the delete operation. 00228 00229 SecurityDescriptor - The meaning of this parameter depends on the 00230 OperationCode: 00231 00232 QuerySecurityDescriptor - For the query operation this supplies the 00233 buffer to copy the descriptor into. The security descriptor is 00234 assumed to have been probed up to the size passed in in Length. 00235 Since it still points into user space, it must always be 00236 accessed in a try clause in case it should suddenly disappear. 00237 00238 SetSecurityDescriptor - For a set operation this supplies the 00239 security descriptor to copy into the object. The security 00240 descriptor must be captured before this routine is called. 00241 00242 DeleteSecurityDescriptor - It is ignored when deleting a security 00243 descriptor. 00244 00245 AssignSecurityDescriptor - For assign operations this is the 00246 security descriptor that will be assigned to the object. 00247 It is assumed to be in kernel space, and is therefore not 00248 probed or captured. 00249 00250 CapturedLength - For the query operation this specifies the length, in 00251 bytes, of the security descriptor buffer, and upon return contains 00252 the number of bytes needed to store the descriptor. If the length 00253 needed is greater than the length supplied the operation will fail. 00254 It is ignored in the set and delete operation. 00255 00256 This parameter is assumed to be captured and probed as appropriate. 00257 00258 ObjectsSecurityDescriptor - For the Set operation this supplies the address 00259 of a pointer to the object's current security descriptor. This routine 00260 will either modify the security descriptor in place or allocate a new 00261 security descriptor and use this variable to indicate its new location. 00262 For the query operation it simply supplies the security descriptor 00263 being queried. The caller is responsible for freeing the old security 00264 descriptor. 00265 00266 PoolType - For the set operation this specifies the pool type to use if 00267 a new security descriptor needs to be allocated. It is ignored 00268 in the query and delete operation. 00269 00270 the mapping of generic to specific/standard access types for the object 00271 being accessed. This mapping structure is expected to be safe to 00272 access (i.e., captured if necessary) prior to be passed to this routine. 00273 00274 Return Value: 00275 00276 NTSTATUS - STATUS_SUCCESS if the operation is successful and an 00277 appropriate error status otherwise. 00278 00279 --*/ 00280 00281 { 00282 PAGED_CODE(); 00283 00284 // 00285 // If the object's security descriptor is null, then object is not 00286 // one that has security information associated with it. Return 00287 // an error. 00288 // 00289 00290 // 00291 // Make sure the common parts of our input are proper 00292 // 00293 00294 ASSERT( (OperationCode == SetSecurityDescriptor) || 00295 (OperationCode == QuerySecurityDescriptor) || 00296 (OperationCode == AssignSecurityDescriptor) || 00297 (OperationCode == DeleteSecurityDescriptor) ); 00298 00299 // 00300 // This routine simply cases off of the operation code to decide 00301 // which support routine to call 00302 // 00303 00304 switch (OperationCode) { 00305 00306 case SetSecurityDescriptor: 00307 00308 ASSERT( (PoolType == PagedPool) || (PoolType == NonPagedPool) ); 00309 00310 return ObSetSecurityDescriptorInfo( Object, 00311 SecurityInformation, 00312 SecurityDescriptor, 00313 ObjectsSecurityDescriptor, 00314 PoolType, 00315 GenericMapping 00316 ); 00317 00318 00319 00320 case QuerySecurityDescriptor: 00321 00322 // 00323 // check the rest of our input and call the default query security 00324 // method 00325 // 00326 00327 ASSERT( CapturedLength != NULL ); 00328 00329 return ObQuerySecurityDescriptorInfo( SecurityInformation, 00330 SecurityDescriptor, 00331 CapturedLength, 00332 ObjectsSecurityDescriptor ); 00333 00334 case DeleteSecurityDescriptor: 00335 00336 // 00337 // call the default delete security method 00338 // 00339 00340 return SepDefaultDeleteMethod( ObjectsSecurityDescriptor ); 00341 00342 case AssignSecurityDescriptor: 00343 00344 ObAssignObjectSecurityDescriptor( Object, SecurityDescriptor, PoolType ); 00345 return( STATUS_SUCCESS ); 00346 00347 default: 00348 00349 // 00350 // Bugcheck on any other operation code, We won't get here if 00351 // the earlier asserts are still checked. 00352 // 00353 00354 KeBugCheck( SECURITY_SYSTEM ); 00355 return( STATUS_INVALID_PARAMETER ); 00356 00357 } 00358 00359 }

NTKERNELAPI VOID SeDeleteAccessState ( IN PACCESS_STATE AccessState )

VOID SeDeleteObjectAuditAlarm ( IN PVOID Object,

IN HANDLE Handle

)

Definition at line 3892 of file seaudit.c.
References EffectiveToken, Handle, NTSTATUS(), PAGED_CODE, SeCaptureSubjectContext(), SepAdtDeleteObjectAuditAlarm(), SepTokenAuthenticationId, SepTokenUserSid, SeReleaseSubjectContext(), SeSubsystemName, and Status.
Referenced by NtDeleteKey(), and NtMakeTemporaryObject().

03899 : 03900 03901 This routine is used to generate audit and alarm messages when an object 03902 is marked for deletion. 03903 03904 This routine may result in several messages being generated and sent to 03905 Port objects. This may result in a significant latency before 03906 returning. Design of routines that must call this routine must take 03907 this potential latency into account. This may have an impact on the 03908 approach taken for data structure mutex locking, for example. 03909 03910 Arguments: 03911 03912 Object - Address of the object being accessed. This value will not be 03913 used as a pointer (referenced). It is necessary only to enter into 03914 log messages. 03915 03916 Handle - Supplies the handle value assigned to the open. 03917 03918 Return Value: 03919 03920 None. 03921 03922 --*/ 03923 03924 { 03925 SECURITY_SUBJECT_CONTEXT SubjectSecurityContext; 03926 PSID UserSid; 03927 NTSTATUS Status; 03928 03929 PAGED_CODE(); 03930 03931 SeCaptureSubjectContext ( &SubjectSecurityContext ); 03932 03933 UserSid = SepTokenUserSid( EffectiveToken (&SubjectSecurityContext)); 03934 03935 03936 03937 SepAdtDeleteObjectAuditAlarm ( 03938 &SeSubsystemName, 03939 (PVOID)Handle, 03940 Object, 03941 UserSid, 03942 SepTokenAuthenticationId( EffectiveToken (&SubjectSecurityContext)) 03943 ); 03944 03945 SeReleaseSubjectContext ( &SubjectSecurityContext ); 03946 03947 return; 03948 }

NTSTATUS SeExchangePrimaryToken ( IN PEPROCESS Process,

IN PACCESS_TOKEN NewAccessToken,

OUT PACCESS_TOKEN * OldAccessToken

)

Definition at line 346 of file token.c.
References ASSERT, FALSE, NTSTATUS(), ObReferenceObject, PAGED_CODE, PTOKEN, Status, and TRUE.
Referenced by PspAssignPrimaryToken().

00355 : 00356 00357 This function is used to perform the portions of changing a primary 00358 token that reference the internals of token structures. 00359 00360 The new token is checked to make sure it is not already in use. 00361 00362 The 00363 00364 00365 !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! 00366 !!!!!!!! WARNING WARNING WARNING !!!!!!!! 00367 !!!!!!!! !!!!!!!! 00368 !!!!!!!! THIS ROUTINE MUST BE CALLED WITH THE GOBAL !!!!!!!! 00369 !!!!!!!! PROCESS SECURITY FIELDS LOCK HELD !!!!!!!! 00370 !!!!!!!! !!!!!!!! 00371 !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! 00372 00373 Arguments: 00374 00375 Process - Points to the process whose primary token is being exchanged. 00376 00377 NewAccessToken - Points to the process's new primary token. 00378 00379 OldAccessToken - Receives a pointer to the process's current token. 00380 The caller is responsible for dereferencing this token when 00381 it is no longer needed. This can't be done while the process 00382 security locks are held. 00383 00384 00385 Return Value: 00386 00387 STATUS_SUCCESS - Everything has been updated. 00388 00389 STATUS_TOKEN_ALREADY_IN_USE - A primary token can only be used by a 00390 single process. That is, each process must have its own primary 00391 token. The token passed to be assigned as the primary token is 00392 already in use as a primary token. 00393 00394 STATUS_BAD_TOKEN_TYPE - The new token is not a primary token. 00395 00396 00397 --*/ 00398 00399 { 00400 NTSTATUS 00401 Status; 00402 00403 PTOKEN 00404 OldToken = (PTOKEN)(Process->Token); 00405 00406 PTOKEN 00407 NewToken = (PTOKEN)NewAccessToken; 00408 00409 PAGED_CODE(); 00410 00411 00412 // 00413 // We need to access the security fields of both tokens. 00414 // Access to these fields is guarded by the global Process Security 00415 // fields lock. 00416 // 00417 00418 ASSERT(OldToken->TokenType == TokenPrimary); 00419 ASSERT(OldToken->TokenInUse); 00420 00421 00422 // 00423 // Make sure the new token is a primary token... 00424 // 00425 00426 if ( NewToken->TokenType != TokenPrimary ) { 00427 return(STATUS_BAD_TOKEN_TYPE); 00428 } 00429 00430 // 00431 // and that it is not already in use... 00432 // 00433 00434 if (NewToken->TokenInUse) { 00435 return(STATUS_TOKEN_ALREADY_IN_USE); 00436 } 00437 00438 // 00439 // Ensure SessionId consistent for hydra 00440 // 00441 00442 NewToken->SessionId = OldToken->SessionId ; 00443 00444 00445 00446 // 00447 // Switch the tokens 00448 // 00449 00450 Process->Token=NewAccessToken; 00451 NewToken->TokenInUse = TRUE; 00452 ObReferenceObject(NewToken); 00453 00454 // 00455 // Mark the token as "NOT USED" 00456 // 00457 00458 OldToken->TokenInUse = FALSE; 00459 00460 // 00461 // Return the pointer to the old token. The caller 00462 // is responsible for dereferencing it if they don't need it. 00463 // 00464 00465 (*OldAccessToken) = OldToken; 00466 00467 return (STATUS_SUCCESS); 00468 }

NTSTATUS SeFastFilterToken ( IN PACCESS_TOKEN ExistingToken,

IN KPROCESSOR_MODE RequestorMode,

IN ULONG Flags,

IN ULONG GroupCount,

IN PSID_AND_ATTRIBUTES GroupsToDisable OPTIONAL,

IN ULONG PrivilegeCount,

IN PLUID_AND_ATTRIBUTES PrivilegesToDelete OPTIONAL,

IN ULONG SidCount,

IN PSID_AND_ATTRIBUTES RestrictedSids OPTIONAL,

IN ULONG SidLength,

OUT PACCESS_TOKEN * FilteredToken

)

Definition at line 1859 of file tokendup.c.
References PTOKEN, and SepFilterToken().
Referenced by PsAssignImpersonationToken(), and PsImpersonateClient().

01874 : 01875 01876 This is a fast wrapper for the Ps code to filter a token 01877 inline of an impersonate. 01878 01879 This routine acquires a read lock on the token being filtered. 01880 01881 Arguments: 01882 01883 ExistingToken - Points to the token to be duplicated. 01884 01885 GroupCount - Count of groups to disable 01886 01887 GroupsToDisable - Contains a list of sids and attributes. All sids with 01888 the USE_FOR_DENY_ONLY attribute that also exist in the token will 01889 cause the new token to have that sid set with the USE_FOR_DENY_ONLY 01890 attribute. 01891 01892 PrivilegeCount - Count of privileges to delete 01893 01894 PrivilegesToDelete - Privileges in this list that are present in the 01895 existing token will not exist in the final token. This is similar 01896 to duplicating a token effective only with these privileges set to 01897 disabled. 01898 01899 SidCount - Count of restricted sids to add. 01900 01901 RestrictedSids - Contains a list of SIDs and attributes that will be 01902 stored in the RestrictedSids field of the new token. These SIDs 01903 are used after a normal access check to futher restrict access. 01904 The attributes of these groups are always SE_GROUP_MANDATORY | 01905 SE_GROUP_ENABLED | SE_GROUP_ENABLED_BY_DEFAULT. If there already 01906 exist RestrictedSids in the original token, these sids will be 01907 appended. 01908 01909 SidLength - Length of added restricted sids. 01910 01911 FilteredToken - Receives a pointer to the duplicate token. 01912 The token has not yet been inserted into any object table. 01913 No exceptions are expected when tring to set this OUT value. 01914 01915 Return Value: 01916 01917 STATUS_SUCCESS - The service successfully completed the requested 01918 operation. 01919 01920 01921 --*/ 01922 { 01923 return SepFilterToken( (PTOKEN) ExistingToken, 01924 RequestorMode, 01925 Flags, 01926 GroupCount, 01927 GroupsToDisable, 01928 PrivilegeCount, 01929 PrivilegesToDelete, 01930 SidCount, 01931 RestrictedSids, 01932 SidLength, 01933 (PTOKEN *) FilteredToken ); 01934 }

BOOLEAN SeFastTraverseCheck ( PSECURITY_DESCRIPTOR SecurityDescriptor,

ACCESS_MASK TraverseAccess,

KPROCESSOR_MODE AccessMode

)

Definition at line 3871 of file accessck.c.
References Dacl, FALSE, FirstAce, KernelMode, NextAce, NULL, PAGED_CODE, RtlEqualSid(), SeWorldSid, and TRUE.
Referenced by IopParseDevice(), ObpCheckTraverseAccess(), ObpProcessDosDeviceSymbolicLink(), and ObSetSecurityDescriptorInfo().

03878 : 03879 03880 This routine will examine the DACL of the passed Security Descriptor 03881 to see if WORLD has Traverse access. If so, no further access checking 03882 is necessary. 03883 03884 Note that the SubjectContext for the client process does not have 03885 to be locked to make this call, since it does not examine any data 03886 structures in the Token. 03887 03888 Arguments: 03889 03890 SecurityDescriptor - The Security Descriptor protecting the container 03891 object being traversed. 03892 03893 TraverseAccess - Access mask describing Traverse access for this 03894 object type. 03895 03896 AccessMode - Supplies the access mode to be used in the check 03897 03898 03899 Return Value: 03900 03901 TRUE - WORLD has Traverse access to this container. FALSE 03902 otherwise. 03903 03904 --*/ 03905 03906 { 03907 PACL Dacl; 03908 ULONG i; 03909 PVOID Ace; 03910 ULONG AceCount; 03911 03912 PAGED_CODE(); 03913 03914 if ( AccessMode == KernelMode ) { 03915 return( TRUE ); 03916 } 03917 03918 if (SecurityDescriptor == NULL) { 03919 return( FALSE ); 03920 } 03921 03922 // 03923 // See if there is a valid DACL in the passed Security Descriptor. 03924 // No DACL, no security, all is granted. 03925 // 03926 03927 Dacl = RtlpDaclAddrSecurityDescriptor( (PISECURITY_DESCRIPTOR)SecurityDescriptor ); 03928 03929 // 03930 // If the SE_DACL_PRESENT bit is not set, the object has no 03931 // security, so all accesses are granted. 03932 // 03933 // Also grant all access if the Dacl is NULL. 03934 // 03935 03936 if ( !RtlpAreControlBitsSet( 03937 (PISECURITY_DESCRIPTOR)SecurityDescriptor, SE_DACL_PRESENT 03938 ) 03939 || (Dacl == NULL)) { 03940 03941 return(TRUE); 03942 } 03943 03944 // 03945 // There is security on this object. If the DACL is empty, 03946 // deny all access immediately 03947 // 03948 03949 if ((AceCount = Dacl->AceCount) == 0) { 03950 03951 return( FALSE ); 03952 } 03953 03954 // 03955 // There's stuff in the DACL, walk down the list and see 03956 // if WORLD has been granted TraverseAccess 03957 // 03958 03959 for ( i = 0, Ace = FirstAce( Dacl ) ; 03960 i < AceCount ; 03961 i++, Ace = NextAce( Ace ) 03962 ) { 03963 03964 if ( !(((PACE_HEADER)Ace)->AceFlags & INHERIT_ONLY_ACE)) { 03965 03966 if ( (((PACE_HEADER)Ace)->AceType == ACCESS_ALLOWED_ACE_TYPE) ) { 03967 03968 if ( (TraverseAccess & ((PACCESS_ALLOWED_ACE)Ace)->Mask) ) { 03969 03970 if ( RtlEqualSid( SeWorldSid, &((PACCESS_ALLOWED_ACE)Ace)->SidStart ) ) { 03971 03972 return( TRUE ); 03973 } 03974 } 03975 03976 } else { 03977 03978 if ( (((PACE_HEADER)Ace)->AceType == ACCESS_DENIED_ACE_TYPE) ) { 03979 03980 if ( (TraverseAccess & ((PACCESS_DENIED_ACE)Ace)->Mask) ) { 03981 03982 if ( RtlEqualSid( SeWorldSid, &((PACCESS_DENIED_ACE)Ace)->SidStart ) ) { 03983 03984 return( FALSE ); 03985 } 03986 } 03987 } 03988 } 03989 } 03990 } 03991 03992 return( FALSE ); 03993 } }

NTSTATUS SeFilterToken ( IN PACCESS_TOKEN ExistingToken,

IN ULONG Flags,

IN PTOKEN_GROUPS SidsToDisable OPTIONAL,

IN PTOKEN_PRIVILEGES PrivilegesToDelete OPTIONAL,

IN PTOKEN_GROUPS RestrictedSids OPTIONAL,

OUT PACCESS_TOKEN * FilteredToken

)

Definition at line 1634 of file tokendup.c.
References DbgPrint, Index, KernelMode, KPROCESSOR_MODE, NT_SUCCESS, NtClose(), NTSTATUS(), NULL, ObInsertObject(), ObReferenceObjectByHandle(), PAGED_CODE, PTOKEN, SepAcquireTokenReadLock, SepFilterToken(), SepReleaseTokenReadLock, SepTokenObjectType, Status, Token, and VOID().

01645 : 01646 01647 Create a new token that is a subset of an existing token. 01648 01649 Arguments: 01650 01651 ExistingToken - Is a token already open for 01652 TOKEN_DUPLICATE access. 01653 01654 Flags - Flags indicating additional filtering. The flags may be: 01655 01656 DISABLE_ALL_GROUPS - disable all groups in token 01657 DELETE_ALL_PRIVILEGES - Disable all privileges 01658 01659 01660 SidsToDisable - Contains a list of sids and attributes. All sids with 01661 the USE_FOR_DENY_ONLY attribute that also exist in the token will 01662 cause the new token to have that sid set with the USE_FOR_DENY_ONLY 01663 attribte. 01664 01665 PrivilegesToDelete - Privileges in this list that are present in the 01666 existing token will not exist in the final token. This is similar 01667 to duplicating a token effective only with these privileges set to 01668 disabled. 01669 01670 RestrictedSids - Contains a list of SIDs and attributes that will be 01671 stored in the RestrictedSids field of the new token. These SIDs 01672 are used after a normal access check to futher restrict access. 01673 The attributes of these groups are always SE_GROUP_MANDATORY | 01674 SE_GROUP_ENABLED | SE_GROUP_ENABLED_BY_DEFAULT. If there already 01675 exist RestrictedSids in the original token, these sids will be 01676 appended. 01677 01678 NewToken - Receives a pointer to the newly created token. 01679 01680 Return Value: 01681 01682 STATUS_SUCCESS - Indicates the operation was successful. 01683 01684 STATUS_INVALID_PARAMETER - Indicates one or more of the parameter values 01685 was invalid. This value is returned if the target token is not 01686 an impersonation token. 01687 01688 01689 --*/ 01690 { 01691 01692 PTOKEN Token; 01693 PTOKEN FilteredToken = NULL; 01694 KPROCESSOR_MODE PreviousMode; 01695 NTSTATUS Status = STATUS_SUCCESS; 01696 ULONG Index; 01697 01698 ULONG CapturedSidCount = 0; 01699 PSID_AND_ATTRIBUTES CapturedSids = NULL; 01700 ULONG CapturedSidsLength = 0; 01701 01702 ULONG CapturedGroupCount = 0; 01703 PSID_AND_ATTRIBUTES CapturedGroups = NULL; 01704 ULONG CapturedGroupsLength = 0; 01705 01706 ULONG CapturedPrivilegeCount = 0; 01707 PLUID_AND_ATTRIBUTES CapturedPrivileges = NULL; 01708 ULONG CapturedPrivilegesLength = 0; 01709 01710 HANDLE LocalHandle; 01711 01712 OBJECT_HANDLE_INFORMATION HandleInformation; 01713 ACCESS_MASK EffectiveDesiredAccess; 01714 01715 PAGED_CODE(); 01716 01717 PreviousMode = KeGetPreviousMode(); 01718 01719 // 01720 // Probe parameters 01721 // 01722 01723 *NewToken = NULL; 01724 01725 01726 // 01727 // Capture Sids to remove 01728 // 01729 01730 if (ARGUMENT_PRESENT(SidsToDisable)) { 01731 01732 CapturedGroupCount = SidsToDisable->GroupCount; 01733 CapturedGroups = SidsToDisable->Groups; 01734 01735 } 01736 01737 // 01738 // Capture PrivilegesToDelete 01739 // 01740 01741 if (ARGUMENT_PRESENT(PrivilegesToDelete)) { 01742 01743 CapturedPrivilegeCount = PrivilegesToDelete->PrivilegeCount; 01744 CapturedPrivileges = PrivilegesToDelete->Privileges; 01745 01746 } 01747 01748 // 01749 // Capture Restricted Sids 01750 // 01751 01752 if (ARGUMENT_PRESENT(RestrictedSids)) { 01753 01754 CapturedSidCount = RestrictedSids->GroupCount; 01755 CapturedSids = RestrictedSids->Groups; 01756 01757 // 01758 // Check that the attribtes are all zero for the restricted sids 01759 // 01760 01761 for (Index = 0; Index < CapturedSidCount ; Index++ ) { 01762 if (CapturedSids[Index].Attributes != 0) { 01763 return(STATUS_INVALID_PARAMETER); 01764 } 01765 } 01766 01767 } 01768 01769 01770 01771 // 01772 // Check the handle's access to the existing token and get 01773 // a pointer to that token. Pick up the default desired 01774 // access mask from the handle while we're at it. 01775 // 01776 01777 Token = (PTOKEN) ExistingToken; 01778 01779 01780 #ifdef TOKEN_DEBUG 01781 01782 // 01783 // Debug 01784 SepAcquireTokenReadLock( Token ); 01785 DbgPrint("\n"); 01786 DbgPrint("\n"); 01787 DbgPrint("Token being filtered: \n"); 01788 SepDumpToken( Token ); 01789 SepReleaseTokenReadLock( Token ); 01790 // Debug 01791 // 01793 #endif //TOKEN_DEBUG 01794 01795 01796 // 01797 // Filter the existing token 01798 // 01799 01800 Status = SepFilterToken( 01801 Token, 01802 KernelMode, 01803 Flags, 01804 CapturedGroupCount, 01805 CapturedGroups, 01806 CapturedPrivilegeCount, 01807 CapturedPrivileges, 01808 CapturedSidCount, 01809 CapturedSids, 01810 CapturedSidsLength, 01811 &FilteredToken 01812 ); 01813 01814 01815 if (NT_SUCCESS(Status)) { 01816 01817 // 01818 // Insert the new token 01819 // 01820 01821 Status = ObInsertObject( FilteredToken, 01822 NULL, 01823 0, 01824 0, 01825 (PVOID *)NULL, 01826 &LocalHandle 01827 ); 01828 01829 if (!NT_SUCCESS( Status )) { 01830 #ifdef TOKEN_DEBUG 01831 DbgPrint( "SE: ObInsertObject failed (%x) for token at %x\n", Status, NewToken ); 01832 #endif 01833 } else { 01834 Status = ObReferenceObjectByHandle( 01835 LocalHandle, 01836 TOKEN_IMPERSONATE, 01837 SepTokenObjectType, 01838 KernelMode, 01839 (PVOID * ) NewToken, 01840 NULL // granted acess 01841 ); 01842 01843 (VOID) NtClose(LocalHandle); 01844 01845 } 01846 01847 } else if (NewToken != NULL) { 01848 #ifdef TOKEN_DEBUG 01849 DbgPrint( "SE: SepFilterToken failed (%x) but allocated token at %x\n", Status, NewToken ); 01850 #endif 01851 } 01852 01853 01854 01855 return Status; 01856 }

VOID SeFreeCapturedSecurityQos ( IN PVOID SecurityQos )

Definition at line 910 of file se/capture.c.
References ExFreePool(), NULL, PAGED_CODE, SecurityQos, and SepFreeProxyData().
Referenced by NtCreateToken(), and NtDuplicateToken().

00916 : 00917 00918 This routine frees the data associated with a captured SecurityQos 00919 structure. It does not free the body of the structure, just whatever 00920 its internal fields point to. 00921 00922 Arguments: 00923 00924 SecurityQos - Points to a captured security QOS structure. 00925 00926 Return Value: 00927 00928 None. 00929 00930 --*/ 00931 00932 { 00933 PSECURITY_ADVANCED_QUALITY_OF_SERVICE IAdvancedSecurityQos; 00934 00935 PAGED_CODE(); 00936 00937 IAdvancedSecurityQos = (PSECURITY_ADVANCED_QUALITY_OF_SERVICE)SecurityQos; 00938 00939 if (IAdvancedSecurityQos->Length == sizeof( SECURITY_ADVANCED_QUALITY_OF_SERVICE )) { 00940 00941 if (IAdvancedSecurityQos->AuditData != NULL) { 00942 ExFreePool( IAdvancedSecurityQos->AuditData ); 00943 } 00944 00945 SepFreeProxyData( IAdvancedSecurityQos->ProxyData ); 00946 } 00947 00948 return; 00949 }

NTKERNELAPI VOID SeFreePrivileges ( IN PPRIVILEGE_SET Privileges )

Definition at line 3294 of file accessck.c.
References ExFreePool(), and PAGED_CODE.
Referenced by IopParseDevice(), ObCheckCreateObjectAccess(), ObCheckObjectAccess(), ObpCheckTraverseAccess(), and SeAccessCheckByType().

03300 : 03301 03302 This routine frees a privilege set returned by SeAccessCheck. 03303 03304 Arguments: 03305 03306 Privileges - Supplies a pointer to the privilege set to be freed. 03307 03308 Return Value: 03309 03310 None. 03311 03312 --*/ 03313 03314 { 03315 PAGED_CODE(); 03316 03317 ExFreePool( Privileges ); 03318 }

VOID SeGenerateMessage ( IN PSTRING ObjectName,

IN PSECURITY_DESCRIPTOR SecurityDescriptor,

IN PACCESS_TOKEN Token,

IN ACCESS_MASK DesiredAccess,

IN BOOLEAN AccessGranted,

IN HANDLE AuditPort,

IN HANDLE AlarmPort,

IN KPROCESSOR_MODE AccessMode

)

VOID SeGetTokenControlInformation ( IN PACCESS_TOKEN Token,

OUT PTOKEN_CONTROL TokenControl

)

Definition at line 475 of file token.c.
References PAGED_CODE, PTOKEN, SepAcquireTokenReadLock, SepReleaseTokenReadLock, and Token.
Referenced by SepCreateClientSecurity().

00482 : 00483 00484 This routine is provided for communication session layers, or 00485 any other executive component that needs to keep track of 00486 whether a caller's security context has changed between calls. 00487 Communication session layers will need to check this, for some 00488 security quality of service modes, to determine whether or not 00489 a server's security context needs to be updated to reflect 00490 changes in the client's security context. 00491 00492 This routine will also be useful to communications subsystems 00493 that need to retrieve client' authentication information from 00494 the local security authority in order to perform a remote 00495 authentication. 00496 00497 00498 Parameters: 00499 00500 Token - Points to the token whose information is to be retrieved. 00501 00502 TokenControl - Points to the buffer to receive the token control 00503 information. 00504 00505 Return Value: 00506 00507 None. 00508 00509 --*/ 00510 00511 { 00512 PAGED_CODE(); 00513 00514 // 00515 // acquire exclusive access to the token 00516 // 00517 00518 SepAcquireTokenReadLock( (PTOKEN)Token ); 00519 00520 // 00521 // Grab the data and run 00522 // 00523 00524 TokenControl->TokenId = ((TOKEN *)Token)->TokenId; 00525 TokenControl->AuthenticationId = ((TOKEN *)Token)->AuthenticationId; 00526 TokenControl->ModifiedId = ((TOKEN *)Token)->ModifiedId; 00527 TokenControl->TokenSource = ((TOKEN *)Token)->TokenSource; 00528 00529 SepReleaseTokenReadLock( (PTOKEN)Token ); 00530 00531 return; 00532 00533 }

NTKERNELAPI VOID SeImpersonateClient ( IN PSECURITY_CLIENT_CONTEXT ClientContext,

IN PETHREAD ServerThread OPTIONAL

)

Definition at line 593 of file seclient.c.
References DbgPrint, PAGED_CODE, SeImpersonateClientEx(), ServerThread(), and VOID().

00599 : 00600 00601 This service is used to cause the calling thread to impersonate a 00602 client. The client security context in ClientContext is assumed to 00603 be up to date. 00604 00605 00606 Arguments: 00607 00608 ClientContext - Points to client security context block. 00609 00610 ServerThread - (Optional) Specifies the thread which is to be made to 00611 impersonate the client. If not specified, the calling thread is 00612 used. 00613 00614 00615 Return Value: 00616 00617 None. 00618 00619 00620 --*/ 00621 00622 00623 { 00624 00625 PAGED_CODE(); 00626 00627 #if DBG 00628 DbgPrint("SE: Obsolete call: SeImpersonateClient\n"); 00629 #endif 00630 00631 (VOID) SeImpersonateClientEx( ClientContext, ServerThread ); 00632 }

NTKERNELAPI NTSTATUS SeImpersonateClientEx ( IN PSECURITY_CLIENT_CONTEXT ClientContext,

IN PETHREAD ServerThread OPTIONAL

)

Definition at line 636 of file seclient.c.
References NTSTATUS(), PAGED_CODE, PsGetCurrentThread, PsImpersonateClient(), ServerThread(), Status, and TRUE.
Referenced by _ImpersonateDdeClientWindow(), CmpWorker(), NtImpersonateClientOfPort(), NtImpersonateThread(), and SeImpersonateClient().

00642 : 00643 00644 This service is used to cause the calling thread to impersonate a 00645 client. The client security context in ClientContext is assumed to 00646 be up to date. 00647 00648 00649 Arguments: 00650 00651 ClientContext - Points to client security context block. 00652 00653 ServerThread - (Optional) Specifies the thread which is to be made to 00654 impersonate the client. If not specified, the calling thread is 00655 used. 00656 00657 00658 Return Value: 00659 00660 None. 00661 00662 00663 --*/ 00664 00665 00666 { 00667 00668 BOOLEAN EffectiveValueToUse; 00669 PETHREAD Thread; 00670 NTSTATUS Status ; 00671 00672 PAGED_CODE(); 00673 00674 if (ClientContext->DirectlyAccessClientToken) { 00675 EffectiveValueToUse = ClientContext->DirectAccessEffectiveOnly; 00676 } else { 00677 EffectiveValueToUse = ClientContext->SecurityQos.EffectiveOnly; 00678 } 00679 00680 00681 00682 // 00683 // if a ServerThread wasn't specified, then default to the current 00684 // thread. 00685 // 00686 00687 if (!ARGUMENT_PRESENT(ServerThread)) { 00688 Thread = PsGetCurrentThread(); 00689 } else { 00690 Thread = ServerThread; 00691 } 00692 00693 00694 00695 // 00696 // Assign the context to the calling thread 00697 // 00698 00699 Status = PsImpersonateClient( Thread, 00700 ClientContext->ClientToken, 00701 TRUE, 00702 EffectiveValueToUse, 00703 ClientContext->SecurityQos.ImpersonationLevel 00704 ); 00705 00706 return Status ; 00707 00708 }

BOOLEAN SeInitSystem ( VOID )

Definition at line 41 of file seinit.c.
References InitializationPhase, KeBugCheck(), PAGED_CODE, SepInitializationPhase0(), and SepInitializationPhase1().

00045 : 00046 00047 Perform security related system initialization functions. 00048 00049 Arguments: 00050 00051 None. 00052 00053 Return Value: 00054 00055 TRUE - Initialization succeeded. 00056 00057 FALSE - Initialization failed. 00058 00059 --*/ 00060 00061 { 00062 PAGED_CODE(); 00063 00064 switch ( InitializationPhase ) { 00065 00066 case 0 : 00067 return SepInitializationPhase0(); 00068 case 1 : 00069 return SepInitializationPhase1(); 00070 default: 00071 KeBugCheck(UNEXPECTED_INITIALIZATION_CALL); 00072 } 00073 return 0; // Bash compiler warning 00074 }

NTSTATUS SeIsChildToken ( IN HANDLE Token,

OUT PBOOLEAN IsChild

)

Definition at line 2867 of file token.c.
References FALSE, IsChild(), NT_SUCCESS, NTSTATUS(), NULL, ObDereferenceObject, ObReferenceObjectByHandle(), PsDereferencePrimaryToken, PsGetCurrentProcess, PsReferencePrimaryToken(), PTOKEN, RtlEqualLuid(), SepAcquireTokenReadLock, SepReleaseTokenReadLock, SepTokenObjectType, Status, Token, and TRUE.

02873 : 02874 02875 This routine returns TRUE if the supplied token is a child of the caller's 02876 process token. This is done by comparing the ParentTokenId field of the 02877 supplied token to the TokenId field of the token from the current subject 02878 context. 02879 02880 Arguments: 02881 02882 Token - Token to check for childhood 02883 02884 IsChild - Contains results of comparison. 02885 02886 TRUE - The supplied token is a child of the caller's token 02887 FALSE- The supplied token is not a child of the caller's token 02888 02889 Returns: 02890 02891 Status codes from any NT services called. 02892 02893 --*/ 02894 { 02895 PTOKEN CallerToken; 02896 PTOKEN SuppliedToken; 02897 LUID CallerTokenId; 02898 LUID SuppliedParentTokenId; 02899 NTSTATUS Status = STATUS_SUCCESS; 02900 02901 *IsChild = FALSE; 02902 02903 // 02904 // Capture the caller's token and get the token id 02905 // 02906 02907 CallerToken = (PTOKEN) PsReferencePrimaryToken(PsGetCurrentProcess()); 02908 02909 02910 SepAcquireTokenReadLock( CallerToken ); 02911 02912 CallerTokenId = CallerToken->TokenId; 02913 02914 SepReleaseTokenReadLock( CallerToken ); 02915 02916 PsDereferencePrimaryToken(CallerToken); 02917 02918 // 02919 // Reference the supplied token and get the parent token id. 02920 // 02921 02922 Status = ObReferenceObjectByHandle( 02923 Token, // Handle 02924 0, // DesiredAccess 02925 SepTokenObjectType, // ObjectType 02926 KeGetPreviousMode(), // AccessMode 02927 (PVOID *)&SuppliedToken, // Object 02928 NULL // GrantedAccess 02929 ); 02930 02931 if (NT_SUCCESS(Status)) 02932 { 02933 SepAcquireTokenReadLock( SuppliedToken ); 02934 02935 SuppliedParentTokenId = SuppliedToken->ParentTokenId; 02936 02937 SepReleaseTokenReadLock( SuppliedToken ); 02938 02939 ObDereferenceObject(SuppliedToken); 02940 02941 // 02942 // Check to see if the supplied token's parent ID is the ID 02943 // of the caller. 02944 // 02945 02946 if (RtlEqualLuid( 02947 &SuppliedParentTokenId, 02948 &CallerTokenId 02949 )) { 02950 02951 *IsChild = TRUE; 02952 } 02953 02954 } 02955 return(Status); 02956 }

NTSTATUS SeIsChildTokenByPointer ( IN PACCESS_TOKEN Token,

OUT PBOOLEAN IsChild

)

Definition at line 2960 of file token.c.
References FALSE, IsChild(), NTSTATUS(), PsDereferencePrimaryToken, PsGetCurrentProcess, PsReferencePrimaryToken(), PTOKEN, RtlEqualLuid(), SepAcquireTokenReadLock, SepReleaseTokenReadLock, Status, Token, and TRUE.
Referenced by NtSetInformationJobObject(), and PspSetPrimaryToken().

02966 : 02967 02968 This routine returns TRUE if the supplied token is a child of the caller's 02969 token. This is done by comparing the ParentTokenId field of the supplied 02970 token to the TokenId field of the token from the current subject context. 02971 02972 Arguments: 02973 02974 Token - Token to check for childhood 02975 02976 IsChild - Contains results of comparison. 02977 02978 TRUE - The supplied token is a child of the caller's token 02979 FALSE- The supplied token is not a child of the caller's token 02980 02981 Returns: 02982 02983 Status codes from any NT services called. 02984 02985 --*/ 02986 { 02987 SECURITY_SUBJECT_CONTEXT SubjectSecurityContext; 02988 PTOKEN CallerToken; 02989 PTOKEN SuppliedToken; 02990 LUID CallerTokenId; 02991 LUID SuppliedParentTokenId; 02992 NTSTATUS Status = STATUS_SUCCESS; 02993 02994 *IsChild = FALSE; 02995 02996 // 02997 // Capture the caller's token and get the token id 02998 // 02999 03000 CallerToken = (PTOKEN) PsReferencePrimaryToken(PsGetCurrentProcess()); 03001 03002 03003 SepAcquireTokenReadLock( CallerToken ); 03004 03005 CallerTokenId = CallerToken->TokenId; 03006 03007 SepReleaseTokenReadLock( CallerToken ); 03008 03009 PsDereferencePrimaryToken(CallerToken); 03010 03011 SuppliedToken = (PTOKEN) Token ; 03012 03013 SepAcquireTokenReadLock( SuppliedToken ); 03014 03015 SuppliedParentTokenId = SuppliedToken->ParentTokenId; 03016 03017 SepReleaseTokenReadLock( SuppliedToken ); 03018 03019 // 03020 // Check to see if the supplied token's parent ID is the ID 03021 // of the caller. 03022 // 03023 03024 if (RtlEqualLuid( 03025 &SuppliedParentTokenId, 03026 &CallerTokenId 03027 )) { 03028 03029 *IsChild = TRUE; 03030 } 03031 03032 03033 03034 return(Status); 03035 }

NTKERNELAPI VOID SeLockSubjectContext ( IN PSECURITY_SUBJECT_CONTEXT SubjectContext )

Definition at line 115 of file subject.c.
References PAGED_CODE, PTOKEN, and SepAcquireTokenReadLock.
Referenced by CmpCheckCreateAccess(), CmpCheckNotifyAccess(), IopParseDevice(), IsPrivileged(), ObCheckCreateObjectAccess(), ObCheckObjectAccess(), ObpCheckObjectReference(), ObpCheckTraverseAccess(), RtlpNewSecurityObject(), SeAccessCheck(), SepAccessCheckAndAuditAlarm(), SeQueryAuthenticationIdSubjectContext(), SeTraverseAuditAlarm(), and xxxCreateWindowStation().

00121 : 00122 00123 Acquires READ LOCKS on the primary and impersonation tokens 00124 in the passed SubjectContext. 00125 00126 This call must be undone by a call to SeUnlockSubjectContext(). 00127 00128 No one outside of the SE component should need to acquire a 00129 write lock to a token. Therefore there is no public interface 00130 to do this. 00131 00132 Arguments: 00133 00134 SubjectContext - Points to a SECURITY_SUBJECT_CONTEXT data structure 00135 which points to a primary token and an optional impersonation token. 00136 00137 Return Value: 00138 00139 None 00140 00141 --*/ 00142 00143 { 00144 PAGED_CODE(); 00145 00146 SepAcquireTokenReadLock((PTOKEN)(SubjectContext->PrimaryToken)); 00147 00148 if (ARGUMENT_PRESENT(SubjectContext->ClientToken)) { 00149 00150 SepAcquireTokenReadLock((PTOKEN)(SubjectContext->ClientToken)); 00151 } 00152 00153 return; 00154 }

PACCESS_TOKEN SeMakeAnonymousLogonToken ( )

Referenced by SepInitializationPhase1().

PACCESS_TOKEN SeMakeSystemToken ( )

Definition at line 536 of file token.c.
References ASSERT, Buffer, DbgPrint, ExAllocatePoolWithTag, ExFreePool(), FALSE, KernelMode, NoExpiration, NormalGroupAttributes, NT_SUCCESS, NTSTATUS(), NULL, ObAssignObjectSecurityDescriptor(), ObDereferenceObject, Owner, OwnerGroupAttributes, PAGED_CODE, PagedPool, RtlAbsoluteToSelfRelativeSD(), RtlAddAccessAllowedAce(), RtlCreateAcl(), RtlCreateSecurityDescriptor(), RtlSetDaclSecurityDescriptor(), RtlSetGroupSecurityDescriptor(), RtlSetOwnerSecurityDescriptor(), RtlTimeFieldsToTime(), SeAliasAdminsSid, SeAssignPrimaryTokenPrivilege, SeAuditPrivilege, SeAuthenticatedUsersSid, SeBackupPrivilege, SeChangeNotifyPrivilege, SeCreatePagefilePrivilege, SeCreatePermanentPrivilege, SeCreateTokenPrivilege, SeDebugPrivilege, SeIncreaseBasePriorityPrivilege, SeIncreaseQuotaPrivilege, SeLengthSid, SeLoadDriverPrivilege, SeLocalSystemSid, SeLockMemoryPrivilege, SepCreateToken(), SeProfileSingleProcessPrivilege, SeRestorePrivilege, SeSecurityPrivilege, SeShutdownPrivilege, SeSystemAuthenticationId, SeSystemDefaultDacl, SeSystemEnvironmentPrivilege, SeSystemtimePrivilege, SeSystemTokenSource, SeTakeOwnershipPrivilege, SeTcbPrivilege, SeUndockPrivilege, SeWorldSid, Status, TimeFields, Token, and TRUE.
Referenced by SepInitializationPhase0(), and TestMakeSystemToken().

00540 : 00541 00542 This routine is provided for use by executive components 00543 DURING SYSTEM INITIALIZATION ONLY. It creates a token for 00544 use by system components. 00545 00546 A system token has the following characteristics: 00547 00548 - It has LOCAL_SYSTEM as its user ID 00549 00550 - It has the following groups with the corresponding 00551 attributes: 00552 00553 ADMINS_ALIAS EnabledByDefault | 00554 Enabled | 00555 Owner 00556 00557 WORLD EnabledByDefault | 00558 Enabled | 00559 Mandatory 00560 00561 ADMINISTRATORS (alias) Owner (disabled) 00562 00563 AUTHENTICATED_USER 00564 EnabledByDefault | 00565 Enabled | 00566 Mandatory 00567 00568 00569 - It has LOCAL_SYSTEM as its primary group. 00570 00571 - It has the privileges shown in comments below. 00572 00573 00574 - It has protection that provides TOKEN_ALL_ACCESS to 00575 the LOCAL_SYSTEM ID. 00576 00577 00578 - It has a default ACL that grants GENERIC_ALL access 00579 to LOCAL_SYSTEM and GENERIC_EXECUTE to WORLD. 00580 00581 00582 Parameters: 00583 00584 None. 00585 00586 Return Value: 00587 00588 Pointer to a system token. 00589 00590 --*/ 00591 00592 { 00593 NTSTATUS Status; 00594 00595 PVOID Token; 00596 00597 SID_AND_ATTRIBUTES UserId; 00598 TOKEN_PRIMARY_GROUP PrimaryGroup; 00599 PSID_AND_ATTRIBUTES GroupIds; 00600 ULONG GroupIdsLength; 00601 LUID_AND_ATTRIBUTES Privileges[30]; 00602 PACL TokenAcl; 00603 PSID Owner; 00604 ULONG NormalGroupAttributes; 00605 ULONG OwnerGroupAttributes; 00606 ULONG Length; 00607 OBJECT_ATTRIBUTES TokenObjectAttributes; 00608 PSECURITY_DESCRIPTOR TokenSecurityDescriptor; 00609 ULONG BufferLength; 00610 PVOID Buffer; 00611 00612 ULONG_PTR GroupIdsBuffer[128 * sizeof(ULONG) / sizeof(ULONG_PTR)]; 00613 00614 TIME_FIELDS TimeFields; 00615 LARGE_INTEGER NoExpiration; 00616 00617 PAGED_CODE(); 00618 00619 00620 // 00621 // Make sure only one system token gets created. 00622 // 00623 00624 #if DBG 00625 ASSERT( !SystemTokenCreated ); 00626 SystemTokenCreated = TRUE; 00627 #endif //DBG 00628 00629 00630 // 00631 // Set up expiration times 00632 // 00633 00634 TimeFields.Year = 3000; 00635 TimeFields.Month = 1; 00636 TimeFields.Day = 1; 00637 TimeFields.Hour = 1; 00638 TimeFields.Minute = 1; 00639 TimeFields.Second = 1; 00640 TimeFields.Milliseconds = 1; 00641 TimeFields.Weekday = 1; 00642 00643 RtlTimeFieldsToTime( &TimeFields, &NoExpiration ); 00644 00645 00646 // // 00647 // // The amount of memory used in the following is gross overkill, but 00648 // // it is freed up immediately after creating the token. 00649 // // 00650 // 00651 // GroupIds = (PSID_AND_ATTRIBUTES)ExAllocatePool( NonPagedPool, 512 ); 00652 00653 GroupIds = (PSID_AND_ATTRIBUTES)GroupIdsBuffer; 00654 00655 00656 // 00657 // Set up the attributes to be assigned to groups 00658 // 00659 00660 NormalGroupAttributes = (SE_GROUP_MANDATORY | 00661 SE_GROUP_ENABLED_BY_DEFAULT | 00662 SE_GROUP_ENABLED 00663 ); 00664 00665 OwnerGroupAttributes = (SE_GROUP_ENABLED_BY_DEFAULT | 00666 SE_GROUP_ENABLED | 00667 SE_GROUP_OWNER 00668 ); 00669 00670 // 00671 // Set up the user ID 00672 // 00673 00674 UserId.Sid = SeLocalSystemSid; 00675 UserId.Attributes = 0; 00676 00677 // 00678 // Set up the groups 00679 // 00680 00681 00682 GroupIds->Sid = SeAliasAdminsSid; 00683 (GroupIds+1)->Sid = SeWorldSid; 00684 (GroupIds+2)->Sid = SeAuthenticatedUsersSid; 00685 00686 GroupIds->Attributes = OwnerGroupAttributes; 00687 (GroupIds+1)->Attributes = NormalGroupAttributes; 00688 (GroupIds+2)->Attributes = NormalGroupAttributes; 00689 00690 GroupIdsLength = (ULONG)LongAlignSize(SeLengthSid(GroupIds->Sid)) + 00691 (ULONG)LongAlignSize(SeLengthSid((GroupIds+1)->Sid)) + 00692 (ULONG)LongAlignSize(SeLengthSid((GroupIds+2)->Sid)) + 00693 sizeof(SID_AND_ATTRIBUTES); 00694 00695 ASSERT( GroupIdsLength <= 128 * sizeof(ULONG) ); 00696 00697 00698 // 00699 // Privileges 00700 // 00701 00702 // 00703 // The privileges in the system token are as follows: 00704 // 00705 // Privilege Name Attributes 00706 // -------------- ---------- 00707 // 00708 // SeTcbPrivilege enabled/enabled by default 00709 // SeCreateTokenPrivilege DISabled/NOT enabled by default 00710 // SeTakeOwnershipPrivilege DISabled/NOT enabled by default 00711 // SeCreatePagefilePrivilege enabled/enabled by default 00712 // SeLockMemoryPrivilege enabled/enabled by default 00713 // SeAssignPrimaryTokenPrivilege DISabled/NOT enabled by default 00714 // SeIncreaseQuotaPrivilege DISabled/NOT enabled by default 00715 // SeIncreaseBasePriorityPrivilege enabled/enabled by default 00716 // SeCreatePermanentPrivilege enabled/enabled by default 00717 // SeDebugPrivilege enabled/enabled by default 00718 // SeAuditPrivilege enabled/enabled by default 00719 // SeSecurityPrivilege DISabled/NOT enabled by default 00720 // SeSystemEnvironmentPrivilege DISabled/NOT enabled by default 00721 // SeChangeNotifyPrivilege enabled/enabled by default 00722 // SeBackupPrivilege DISabled/NOT enabled by default 00723 // SeRestorePrivilege DISabled/NOT enabled by default 00724 // SeShutdownPrivilege DISabled/NOT enabled by default 00725 // SeLoadDriverPrivilege DISabled/NOT enabled by default 00726 // SeProfileSingleProcessPrivilege enabled/enabled by default 00727 // SeSystemtimePrivilege DISabled/NOT enabled by default 00728 // SeUndockPrivilege DISabled/NOT enabled by default 00729 // 00730 // The following privileges are not present, and should never be present in 00731 // the local system token: 00732 // 00733 // SeRemoteShutdownPrivilege no one can come in as local system 00734 // SeSyncAgentPrivilege only users specified by the admin can 00735 // be sync agents 00736 // SeEnableDelegationPrivilege only users specified by the admin can 00737 // enable delegation on accounts. 00738 // 00739 00740 Privileges[0].Luid = SeTcbPrivilege; 00741 Privileges[0].Attributes = 00742 (SE_PRIVILEGE_ENABLED_BY_DEFAULT | // Enabled by default 00743 SE_PRIVILEGE_ENABLED); // Enabled 00744 00745 Privileges[1].Luid = SeCreateTokenPrivilege; 00746 Privileges[1].Attributes = 0; // Only the LSA should enable this. 00747 00748 Privileges[2].Luid = SeTakeOwnershipPrivilege; 00749 Privileges[2].Attributes = 0; 00750 00751 Privileges[3].Luid = SeCreatePagefilePrivilege; 00752 Privileges[3].Attributes = 00753 (SE_PRIVILEGE_ENABLED_BY_DEFAULT | // Enabled by default 00754 SE_PRIVILEGE_ENABLED); // Enabled 00755 00756 Privileges[4].Luid = SeLockMemoryPrivilege; 00757 Privileges[4].Attributes = 00758 (SE_PRIVILEGE_ENABLED_BY_DEFAULT | // Enabled by default 00759 SE_PRIVILEGE_ENABLED); // Enabled 00760 00761 Privileges[5].Luid = SeAssignPrimaryTokenPrivilege; 00762 Privileges[5].Attributes = 0; // disabled, not enabled by default 00763 00764 Privileges[6].Luid = SeIncreaseQuotaPrivilege; 00765 Privileges[6].Attributes = 0; // disabled, not enabled by default 00766 00767 Privileges[7].Luid = SeIncreaseBasePriorityPrivilege; 00768 Privileges[7].Attributes = 00769 (SE_PRIVILEGE_ENABLED_BY_DEFAULT | // Enabled by default 00770 SE_PRIVILEGE_ENABLED); // Enabled 00771 00772 Privileges[8].Luid = SeCreatePermanentPrivilege; 00773 Privileges[8].Attributes = 00774 (SE_PRIVILEGE_ENABLED_BY_DEFAULT | // Enabled by default 00775 SE_PRIVILEGE_ENABLED); // Enabled 00776 00777 Privileges[9].Luid = SeDebugPrivilege; 00778 Privileges[9].Attributes = 00779 (SE_PRIVILEGE_ENABLED_BY_DEFAULT | // Enabled by default 00780 SE_PRIVILEGE_ENABLED); // Enabled 00781 00782 Privileges[10].Luid = SeAuditPrivilege; 00783 Privileges[10].Attributes = 00784 (SE_PRIVILEGE_ENABLED_BY_DEFAULT | // Enabled by default 00785 SE_PRIVILEGE_ENABLED); // Enabled 00786 00787 Privileges[11].Luid = SeSecurityPrivilege; 00788 Privileges[11].Attributes = 0; // disabled, not enabled by default 00789 00790 Privileges[12].Luid = SeSystemEnvironmentPrivilege; 00791 Privileges[12].Attributes = 0; // disabled, not enabled by default 00792 00793 Privileges[13].Luid = SeChangeNotifyPrivilege; 00794 Privileges[13].Attributes = 00795 (SE_PRIVILEGE_ENABLED_BY_DEFAULT | // Enabled by default 00796 SE_PRIVILEGE_ENABLED); // Enabled 00797 00798 00799 Privileges[14].Luid = SeBackupPrivilege; 00800 Privileges[14].Attributes = 0; // disabled, not enabled by default 00801 00802 Privileges[15].Luid = SeRestorePrivilege; 00803 Privileges[15].Attributes = 0; // disabled, not enabled by default 00804 00805 Privileges[16].Luid = SeShutdownPrivilege; 00806 Privileges[16].Attributes = 0; // disabled, not enabled by default 00807 00808 Privileges[17].Luid = SeLoadDriverPrivilege; 00809 Privileges[17].Attributes = 0; // disabled, not enabled by default 00810 00811 Privileges[18].Luid = SeProfileSingleProcessPrivilege; 00812 Privileges[18].Attributes = 00813 (SE_PRIVILEGE_ENABLED_BY_DEFAULT | // Enabled by default 00814 SE_PRIVILEGE_ENABLED); // Enabled 00815 00816 Privileges[19].Luid = SeSystemtimePrivilege; 00817 Privileges[19].Attributes = 0; // disabled, not enabled by default 00818 00819 Privileges[20].Luid = SeUndockPrivilege ; 00820 Privileges[20].Attributes = 0 ; // disabled, not enabled by default 00821 00822 //BEFORE ADDING ANOTHER PRIVILEGE ^^ HERE ^^ CHECK THE ARRAY BOUND 00823 //ALSO INCREMENT THE PRIVILEGE COUNT IN THE SepCreateToken() call 00824 00825 00826 // 00827 // Establish the primary group and default owner 00828 // 00829 00830 PrimaryGroup.PrimaryGroup = SeLocalSystemSid; // Primary group 00831 Owner = SeAliasAdminsSid; // Default owner 00832 00833 00834 00835 00836 00837 // 00838 // Set up an ACL to protect token as well ... 00839 // give system full reign of terror. This includes user-mode components 00840 // running as part of the system. 00841 // 00842 00843 Length = (ULONG)sizeof(ACL) + 00844 ((ULONG)sizeof(ACCESS_ALLOWED_ACE) - sizeof(ULONG)) + 00845 SeLengthSid( SeLocalSystemSid ) ; 00846 00847 TokenAcl = (PACL)ExAllocatePoolWithTag(PagedPool, Length, 'cAeS'); 00848 00849 if ( TokenAcl == NULL ) { 00850 00851 return NULL ; 00852 } 00853 00854 Status = RtlCreateAcl( TokenAcl, Length, ACL_REVISION2); 00855 ASSERT( NT_SUCCESS(Status) ); 00856 00857 Status = RtlAddAccessAllowedAce ( 00858 TokenAcl, 00859 ACL_REVISION2, 00860 TOKEN_ALL_ACCESS, 00861 SeLocalSystemSid 00862 ); 00863 ASSERT( NT_SUCCESS(Status) ); 00864 00865 TokenSecurityDescriptor = 00866 (PSECURITY_DESCRIPTOR)ExAllocatePoolWithTag( 00867 PagedPool, 00868 sizeof(SECURITY_DESCRIPTOR), 00869 'dSeS' 00870 ); 00871 00872 if ( TokenSecurityDescriptor == NULL ) { 00873 00874 ExFreePool( TokenAcl ); 00875 00876 return NULL ; 00877 } 00878 00879 Status = RtlCreateSecurityDescriptor( 00880 TokenSecurityDescriptor, 00881 SECURITY_DESCRIPTOR_REVISION 00882 ); 00883 ASSERT( NT_SUCCESS(Status) ); 00884 00885 Status = RtlSetDaclSecurityDescriptor ( 00886 TokenSecurityDescriptor, 00887 TRUE, 00888 TokenAcl, 00889 FALSE 00890 ); 00891 ASSERT( NT_SUCCESS(Status) ); 00892 00893 00894 Status = RtlSetOwnerSecurityDescriptor ( 00895 TokenSecurityDescriptor, 00896 SeAliasAdminsSid, 00897 FALSE // Owner defaulted 00898 ); 00899 ASSERT( NT_SUCCESS(Status) ); 00900 00901 Status = RtlSetGroupSecurityDescriptor ( 00902 TokenSecurityDescriptor, 00903 SeAliasAdminsSid, 00904 FALSE // Group defaulted 00905 ); 00906 ASSERT( NT_SUCCESS(Status) ); 00907 00908 00909 // 00910 // Create the system token 00911 // 00912 00913 #ifdef TOKEN_DEBUG 00914 00915 // 00916 // Debug 00917 DbgPrint("\n Creating system token...\n"); 00918 // Debug 00919 // 00921 #endif //TOKEN_DEBUG 00922 00923 InitializeObjectAttributes( 00924 &TokenObjectAttributes, 00925 NULL, 00926 0, 00927 NULL, 00928 TokenSecurityDescriptor 00929 ); 00930 00931 00932 00933 ASSERT(SeSystemDefaultDacl != NULL); 00934 Status = SepCreateToken( 00935 (PHANDLE)&Token, 00936 KernelMode, 00937 0, // No handle created for system token 00938 &TokenObjectAttributes, 00939 TokenPrimary, 00940 (SECURITY_IMPERSONATION_LEVEL)0, 00941 &SeSystemAuthenticationId, 00942 &NoExpiration, 00943 &UserId, 00944 3, // GroupCount 00945 GroupIds, 00946 GroupIdsLength, 00947 21, // privileges 00948 Privileges, 00949 sizeof(Privileges), 00950 Owner, 00951 PrimaryGroup.PrimaryGroup, 00952 SeSystemDefaultDacl, 00953 &SeSystemTokenSource, 00954 TRUE, // System token 00955 NULL, 00956 NULL 00957 ); 00958 00959 ASSERT(NT_SUCCESS(Status)); 00960 00961 // 00962 // Assign the security descriptor here, since we don't do it 00963 // in SepCreateToken for the System Token. 00964 // 00965 00966 BufferLength = Length + 00967 sizeof(SECURITY_DESCRIPTOR_RELATIVE) + 00968 2 * SeLengthSid(SeAliasAdminsSid); 00969 00970 Buffer = (PSECURITY_DESCRIPTOR)ExAllocatePoolWithTag( PagedPool, 00971 BufferLength, 00972 'dSeS' 00973 ); 00974 00975 if ( Buffer ) { 00976 00977 Status = RtlAbsoluteToSelfRelativeSD( TokenSecurityDescriptor, 00978 Buffer, 00979 &BufferLength 00980 ); 00981 ASSERT(NT_SUCCESS(Status)); 00982 00983 Status = ObAssignObjectSecurityDescriptor( Token, 00984 Buffer, 00985 PagedPool 00986 ); 00987 ASSERT(NT_SUCCESS(Status)); 00988 00989 } else { 00990 00991 ObDereferenceObject( Token ); 00992 00993 Token = NULL ; 00994 00995 } 00996 00997 // 00998 // We can free the old one now. 00999 // 01000 01001 ExFreePool( TokenAcl ); 01002 ExFreePool( TokenSecurityDescriptor ); 01003 01004 return (PACCESS_TOKEN)Token; 01005 01006 }

NTKERNELAPI NTSTATUS SeMarkLogonSessionForTerminationNotification ( IN PLUID LogonId )

Definition at line 979 of file rmlogon.c.
References _SEP_LOGON_SESSION_REFERENCES::Flags, _SEP_LOGON_SESSION_REFERENCES::LogonId, _SEP_LOGON_SESSION_REFERENCES::Next, NULL, PAGED_CODE, RtlEqualLuid(), SEP_TERMINATION_NOTIFY, SepLogonSessionIndex, SepLogonSessions, SepRmAcquireDbWriteLock, and SepRmReleaseDbWriteLock.

00985 : 00986 00987 File systems that have registered for logon-termination notification 00988 can mark logon sessions they are interested in for callback by calling 00989 this routine. 00990 00991 Arguments: 00992 00993 LogonId - The logon id for which the file system should be notified 00994 when the logon session is terminated. 00995 00996 Returns: 00997 00998 Nothing. 00999 01000 --*/ 01001 01002 { 01003 01004 ULONG SessionArrayIndex; 01005 PSEP_LOGON_SESSION_REFERENCES Previous, Current; 01006 01007 PAGED_CODE(); 01008 01009 SessionArrayIndex = SepLogonSessionIndex( LogonId ); 01010 01011 // 01012 // Protect modification of reference monitor database 01013 // 01014 01015 SepRmAcquireDbWriteLock(); 01016 01017 01018 // 01019 // Now walk the list for our logon session array hash index. 01020 // 01021 01022 Previous = (PSEP_LOGON_SESSION_REFERENCES) 01023 ((PVOID)&SepLogonSessions[ SessionArrayIndex ]); 01024 Current = Previous->Next; 01025 01026 while (Current != NULL) { 01027 01028 // 01029 // If we found it, decrement the reference count and return 01030 // 01031 01032 if (RtlEqualLuid( LogonId, &Current->LogonId) ) { 01033 Current->Flags |= SEP_TERMINATION_NOTIFY; 01034 break; 01035 } 01036 01037 Previous = Current; 01038 Current = Current->Next; 01039 } 01040 01041 SepRmReleaseDbWriteLock(); 01042 01043 return( (Current != NULL) ? STATUS_SUCCESS : STATUS_NOT_FOUND ); 01044 01045 }

VOID SeObjectReferenceAuditAlarm ( IN PLUID OperationID OPTIONAL,

IN PVOID Object,

IN PSECURITY_DESCRIPTOR SecurityDescriptor,

IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext,

IN ACCESS_MASK DesiredAccess,

IN PPRIVILEGE_SET Privileges OPTIONAL,

IN BOOLEAN AccessGranted,

IN KPROCESSOR_MODE AccessMode

)

Definition at line 3660 of file seaudit.c.
References EffectiveToken, FALSE, KernelMode, NULL, PAGED_CODE, SepAdtAuditThisEvent, SepAdtObjectReferenceAuditAlarm(), and SepExamineSacl().
Referenced by ObpCheckObjectReference().

03673 : 03674 03675 description-of-function. 03676 03677 Arguments: 03678 03679 argument-name - Supplies | Returns description of argument. 03680 . 03681 . 03682 03683 Return Value: 03684 03685 return-value - Description of conditions needed to return value. - or - 03686 None. 03687 03688 --*/ 03689 03690 { 03691 BOOLEAN GenerateAudit = FALSE; 03692 BOOLEAN GenerateAlarm = FALSE; 03693 03694 PAGED_CODE(); 03695 03696 if (AccessMode == KernelMode) { 03697 return; 03698 } 03699 03700 if ( SecurityDescriptor != NULL ) { 03701 03702 if ( SepAdtAuditThisEvent( AuditCategoryDetailedTracking, &AccessGranted )) { 03703 03704 SepExamineSacl( 03705 RtlpSaclAddrSecurityDescriptor( (PISECURITY_DESCRIPTOR)SecurityDescriptor ), 03706 EffectiveToken( SubjectSecurityContext ), 03707 DesiredAccess, 03708 AccessGranted, 03709 &GenerateAudit, 03710 &GenerateAlarm 03711 ); 03712 03713 if ( GenerateAudit || GenerateAlarm ) { 03714 03715 SepAdtObjectReferenceAuditAlarm( 03716 OperationID, 03717 Object, 03718 SubjectSecurityContext, 03719 DesiredAccess, 03720 Privileges, 03721 AccessGranted, 03722 GenerateAudit, 03723 GenerateAlarm 03724 ); 03725 } 03726 } 03727 } 03728 03729 return; 03730 03731 }

NTKERNELAPI VOID SeOpenObjectAuditAlarm ( IN PUNICODE_STRING ObjectTypeName,

IN PVOID Object OPTIONAL,

IN PUNICODE_STRING AbsoluteObjectName OPTIONAL,

IN PSECURITY_DESCRIPTOR SecurityDescriptor,

IN PACCESS_STATE AccessState,

IN BOOLEAN ObjectCreated,

IN BOOLEAN AccessGranted,

IN KPROCESSOR_MODE AccessMode,

OUT PBOOLEAN GenerateOnClose

)

Definition at line 2765 of file seaudit.c.
References EffectiveToken, ExAllocatePool, ExFreePool(), FALSE, _AUX_ACCESS_DATA::GenericMapping, KernelMode, NULL, PAGED_CODE, PagedPool, _AUX_ACCESS_DATA::PrivilegesUsed, PTOKEN, RtlCopyUnicodeString(), RtlMapGenericMask(), SepAdtAuditThisEvent, SepAdtOpenObjectAuditAlarm(), SepExamineSacl(), SepFilterPrivilegeAudits(), SepQueryNameString(), SepQueryTypeString(), SeSubsystemName, Token, and TRUE.
Referenced by IopParseDevice(), and ObCheckObjectAccess().

02778 : 02779 02780 SeOpenObjectAuditAlarm is used by the object manager that open objects 02781 to generate any necessary audit or alarm messages. The open may be to 02782 existing objects or for newly created objects. No messages will be 02783 generated for Kernel mode accesses. 02784 02785 This routine is used to generate audit and alarm messages when an 02786 attempt is made to open an object. 02787 02788 This routine may result in several messages being generated and sent to 02789 Port objects. This may result in a significant latency before 02790 returning. Design of routines that must call this routine must take 02791 this potential latency into account. This may have an impact on the 02792 approach taken for data structure mutex locking, for example. 02793 02794 Arguments: 02795 02796 ObjectTypeName - Supplies the name of the type of object being 02797 accessed. This must be the same name provided to the 02798 ObCreateObjectType service when the object type was created. 02799 02800 Object - Address of the object accessed. This value will not be used 02801 as a pointer (referenced). It is necessary only to enter into log 02802 messages. If the open was not successful, then this argument is 02803 ignored. Otherwise, it must be provided. 02804 02805 AbsoluteObjectName - Supplies the name of the object being accessed. 02806 If the object doesn't have a name, then this field is left null. 02807 Otherwise, it must be provided. 02808 02809 SecurityDescriptor - A pointer to the security descriptor of the 02810 object being accessed. 02811 02812 AccessState - A pointer to an access state structure containing the 02813 subject context, the remaining desired access types, the granted 02814 access types, and optionally a privilege set to indicate which 02815 privileges were used to permit the access. 02816 02817 ObjectCreated - A boolean flag indicating whether the access resulted 02818 in a new object being created. A value of TRUE indicates an object 02819 was created, FALSE indicates an existing object was opened. 02820 02821 AccessGranted - Indicates if the access was granted or denied based on 02822 the access check or privilege check. 02823 02824 AccessMode - Indicates the access mode used for the access check. One 02825 of UserMode or KernelMode. Messages will not be generated by 02826 kernel mode accesses. 02827 02828 GenerateOnClose - Points to a boolean that is set by the audit 02829 generation routine and must be passed to SeCloseObjectAuditAlarm() 02830 when the object handle is closed. 02831 02832 Return value: 02833 02834 None. 02835 02836 --*/ 02837 { 02838 BOOLEAN GenerateAudit = FALSE; 02839 BOOLEAN GenerateAlarm = FALSE; 02840 ACCESS_MASK RequestedAccess; 02841 POBJECT_NAME_INFORMATION ObjectNameInfo = NULL; 02842 PUNICODE_STRING ObjectTypeNameInfo = NULL; 02843 PUNICODE_STRING ObjectName = NULL; 02844 PUNICODE_STRING LocalObjectTypeName = NULL; 02845 PLUID PrimaryAuthenticationId = NULL; 02846 PLUID ClientAuthenticationId = NULL; 02847 BOOLEAN AuditPrivileges = FALSE; 02848 BOOLEAN AuditPerformed; 02849 PTOKEN Token; 02850 ACCESS_MASK MappedGrantMask = (ACCESS_MASK)0; 02851 ACCESS_MASK MappedDenyMask = (ACCESS_MASK)0; 02852 PAUX_ACCESS_DATA AuxData; 02853 02854 PAGED_CODE(); 02855 02856 if ( AccessMode == KernelMode ) { 02857 return; 02858 } 02859 02860 AuxData = (PAUX_ACCESS_DATA)AccessState->AuxData; 02861 02862 Token = EffectiveToken( &AccessState->SubjectSecurityContext ); 02863 02864 if (ARGUMENT_PRESENT(Token->AuditData)) { 02865 02866 MappedGrantMask = Token->AuditData->GrantMask; 02867 02868 RtlMapGenericMask( 02869 &MappedGrantMask, 02870 &AuxData->GenericMapping 02871 ); 02872 02873 MappedDenyMask = Token->AuditData->DenyMask; 02874 02875 RtlMapGenericMask( 02876 &MappedDenyMask, 02877 &AuxData->GenericMapping 02878 ); 02879 } 02880 02881 if (SecurityDescriptor != NULL) { 02882 02883 RequestedAccess = AccessState->RemainingDesiredAccess | 02884 AccessState->PreviouslyGrantedAccess; 02885 02886 if ( SepAdtAuditThisEvent( AuditCategoryObjectAccess, &AccessGranted )) { 02887 02888 if ( RequestedAccess & (AccessGranted ? MappedGrantMask : MappedDenyMask)) { 02889 02890 GenerateAudit = TRUE; 02891 02892 } else { 02893 02894 SepExamineSacl( 02895 RtlpSaclAddrSecurityDescriptor( (PISECURITY_DESCRIPTOR)SecurityDescriptor ), 02896 Token, 02897 RequestedAccess, 02898 AccessGranted, 02899 &GenerateAudit, 02900 &GenerateAlarm 02901 ); 02902 } 02903 02904 // 02905 // Only generate an audit on close of we're auditing from SACL 02906 // settings. 02907 // 02908 02909 if (GenerateAudit) { 02910 *GenerateOnClose = TRUE; 02911 } 02912 } 02913 } 02914 02915 // 02916 // If we don't generate an audit via the SACL, see if we need to generate 02917 // one for privilege use. 02918 // 02919 // Note that we only audit privileges successfully used to open objects, 02920 // so we don't care about a failed privilege use here. Therefore, only 02921 // do this test of access has been granted. 02922 // 02923 02924 if (!GenerateAudit && (AccessGranted == TRUE)) { 02925 02926 if ( SepAdtAuditThisEvent( AuditCategoryPrivilegeUse, &AccessGranted )) { 02927 02928 if ((AuxData->PrivilegesUsed != NULL) && 02929 (AuxData->PrivilegesUsed->PrivilegeCount > 0) ) { 02930 02931 // 02932 // Make sure these are actually privileges that we want to audit 02933 // 02934 02935 if (SepFilterPrivilegeAudits( AuxData->PrivilegesUsed )) { 02936 02937 GenerateAudit = TRUE; 02938 02939 // 02940 // When we finally try to generate this audit, this flag 02941 // will tell us that we need to audit the fact that we 02942 // used a privilege, as opposed to audit due to the SACL. 02943 // 02944 02945 AccessState->AuditPrivileges = TRUE; 02946 } 02947 } 02948 } 02949 } 02950 02951 // 02952 // Set up either to generate an audit (if the access check has failed), or save 02953 // the stuff that we're going to audit later into the AccessState structure. 02954 // 02955 02956 if (GenerateAudit || GenerateAlarm) { 02957 02958 AccessState->GenerateAudit = TRUE; 02959 02960 // 02961 // Figure out what we've been passed, and obtain as much 02962 // missing information as possible. 02963 // 02964 02965 if ( !ARGUMENT_PRESENT( AbsoluteObjectName )) { 02966 02967 if ( ARGUMENT_PRESENT( Object )) { 02968 02969 ObjectNameInfo = SepQueryNameString( Object ); 02970 02971 if ( ObjectNameInfo != NULL ) { 02972 02973 ObjectName = &ObjectNameInfo->Name; 02974 } 02975 } 02976 02977 } else { 02978 02979 ObjectName = AbsoluteObjectName; 02980 } 02981 02982 if ( !ARGUMENT_PRESENT( ObjectTypeName )) { 02983 02984 if ( ARGUMENT_PRESENT( Object )) { 02985 02986 ObjectTypeNameInfo = SepQueryTypeString( Object ); 02987 02988 if ( ObjectTypeNameInfo != NULL ) { 02989 02990 LocalObjectTypeName = ObjectTypeNameInfo; 02991 } 02992 } 02993 02994 } else { 02995 02996 LocalObjectTypeName = ObjectTypeName; 02997 } 02998 02999 // 03000 // If the access attempt failed, do the audit here. If it succeeded, 03001 // we'll do the audit later, when the handle is allocated. 03002 // 03003 // 03004 03005 if (!AccessGranted) { 03006 03007 AuditPerformed = SepAdtOpenObjectAuditAlarm ( &SeSubsystemName, 03008 NULL, 03009 LocalObjectTypeName, 03010 NULL, 03011 ObjectName, 03012 AccessState->SubjectSecurityContext.ClientToken, 03013 AccessState->SubjectSecurityContext.PrimaryToken, 03014 AccessState->OriginalDesiredAccess, 03015 AccessState->PreviouslyGrantedAccess, 03016 &AccessState->OperationID, 03017 AuxData->PrivilegesUsed, 03018 FALSE, 03019 FALSE, 03020 TRUE, 03021 FALSE, 03022 AccessState->SubjectSecurityContext.ProcessAuditId, 03023 AuditCategoryObjectAccess, 03024 NULL, 03025 0, 03026 NULL ); 03027 } else { 03028 03029 // 03030 // Copy all the stuff we're going to need into the 03031 // AccessState and return. 03032 // 03033 03034 if ( ObjectName != NULL ) { 03035 03036 if ( AccessState->ObjectName.Buffer != NULL ) { 03037 03038 ExFreePool( AccessState->ObjectName.Buffer ); 03039 AccessState->ObjectName.Length = 0; 03040 AccessState->ObjectName.MaximumLength = 0; 03041 } 03042 03043 AccessState->ObjectName.Buffer = ExAllocatePool( PagedPool,ObjectName->MaximumLength ); 03044 if (AccessState->ObjectName.Buffer != NULL) { 03045 03046 AccessState->ObjectName.MaximumLength = ObjectName->MaximumLength; 03047 RtlCopyUnicodeString( &AccessState->ObjectName, ObjectName ); 03048 } 03049 } 03050 03051 if ( LocalObjectTypeName != NULL ) { 03052 03053 if ( AccessState->ObjectTypeName.Buffer != NULL ) { 03054 03055 ExFreePool( AccessState->ObjectTypeName.Buffer ); 03056 AccessState->ObjectTypeName.Length = 0; 03057 AccessState->ObjectTypeName.MaximumLength = 0; 03058 } 03059 03060 AccessState->ObjectTypeName.Buffer = ExAllocatePool( PagedPool, LocalObjectTypeName->MaximumLength ); 03061 if (AccessState->ObjectTypeName.Buffer != NULL) { 03062 03063 AccessState->ObjectTypeName.MaximumLength = LocalObjectTypeName->MaximumLength; 03064 RtlCopyUnicodeString( &AccessState->ObjectTypeName, LocalObjectTypeName ); 03065 } 03066 } 03067 } 03068 03069 if ( ObjectNameInfo != NULL ) { 03070 03071 ExFreePool( ObjectNameInfo ); 03072 } 03073 03074 if ( ObjectTypeNameInfo != NULL ) { 03075 03076 ExFreePool( ObjectTypeNameInfo ); 03077 } 03078 } 03079 03080 return; 03081 }

NTKERNELAPI VOID SeOpenObjectForDeleteAuditAlarm ( IN PUNICODE_STRING ObjectTypeName,

IN PVOID Object OPTIONAL,

IN PUNICODE_STRING AbsoluteObjectName OPTIONAL,

IN PSECURITY_DESCRIPTOR SecurityDescriptor,

IN PACCESS_STATE AccessState,

IN BOOLEAN ObjectCreated,

IN BOOLEAN AccessGranted,

IN KPROCESSOR_MODE AccessMode,

OUT PBOOLEAN GenerateOnClose

)

Definition at line 3085 of file seaudit.c.
References EffectiveToken, ExAllocatePool, ExFreePool(), FALSE, _AUX_ACCESS_DATA::GenericMapping, KernelMode, NULL, PAGED_CODE, PagedPool, _AUX_ACCESS_DATA::PrivilegesUsed, PTOKEN, RtlCopyUnicodeString(), RtlMapGenericMask(), SepAdtAuditThisEvent, SepAdtOpenObjectAuditAlarm(), SepAdtOpenObjectForDeleteAuditAlarm(), SepExamineSacl(), SepFilterPrivilegeAudits(), SepQueryNameString(), SepQueryTypeString(), SeSubsystemName, Token, and TRUE.

03098 : 03099 03100 SeOpenObjectForDeleteAuditAlarm is used by the object manager that open 03101 objects to generate any necessary audit or alarm messages. The open may 03102 be to existing objects or for newly created objects. No messages will be 03103 generated for Kernel mode accesses. 03104 03105 This routine is used to generate audit and alarm messages when an 03106 attempt is made to open an object with the intent to delete it. 03107 Specifically, this is used by file systems when the flag 03108 FILE_DELETE_ON_CLOSE is specified. 03109 03110 This routine may result in several messages being generated and sent to 03111 Port objects. This may result in a significant latency before 03112 returning. Design of routines that must call this routine must take 03113 this potential latency into account. This may have an impact on the 03114 approach taken for data structure mutex locking, for example. 03115 03116 Arguments: 03117 03118 ObjectTypeName - Supplies the name of the type of object being 03119 accessed. This must be the same name provided to the 03120 ObCreateObjectType service when the object type was created. 03121 03122 Object - Address of the object accessed. This value will not be used 03123 as a pointer (referenced). It is necessary only to enter into log 03124 messages. If the open was not successful, then this argument is 03125 ignored. Otherwise, it must be provided. 03126 03127 AbsoluteObjectName - Supplies the name of the object being accessed. 03128 If the object doesn't have a name, then this field is left null. 03129 Otherwise, it must be provided. 03130 03131 SecurityDescriptor - A pointer to the security descriptor of the 03132 object being accessed. 03133 03134 AccessState - A pointer to an access state structure containing the 03135 subject context, the remaining desired access types, the granted 03136 access types, and optionally a privilege set to indicate which 03137 privileges were used to permit the access. 03138 03139 ObjectCreated - A boolean flag indicating whether the access resulted 03140 in a new object being created. A value of TRUE indicates an object 03141 was created, FALSE indicates an existing object was opened. 03142 03143 AccessGranted - Indicates if the access was granted or denied based on 03144 the access check or privilege check. 03145 03146 AccessMode - Indicates the access mode used for the access check. One 03147 of UserMode or KernelMode. Messages will not be generated by 03148 kernel mode accesses. 03149 03150 GenerateOnClose - Points to a boolean that is set by the audit 03151 generation routine and must be passed to SeCloseObjectAuditAlarm() 03152 when the object handle is closed. 03153 03154 Return value: 03155 03156 None. 03157 03158 --*/ 03159 { 03160 BOOLEAN GenerateAudit = FALSE; 03161 BOOLEAN GenerateAlarm = FALSE; 03162 ACCESS_MASK RequestedAccess; 03163 POBJECT_NAME_INFORMATION ObjectNameInfo = NULL; 03164 PUNICODE_STRING ObjectTypeNameInfo = NULL; 03165 PUNICODE_STRING ObjectName = NULL; 03166 PUNICODE_STRING LocalObjectTypeName = NULL; 03167 PLUID PrimaryAuthenticationId = NULL; 03168 PLUID ClientAuthenticationId = NULL; 03169 BOOLEAN AuditPrivileges = FALSE; 03170 BOOLEAN AuditPerformed; 03171 PTOKEN Token; 03172 ACCESS_MASK MappedGrantMask = (ACCESS_MASK)0; 03173 ACCESS_MASK MappedDenyMask = (ACCESS_MASK)0; 03174 PAUX_ACCESS_DATA AuxData; 03175 03176 PAGED_CODE(); 03177 03178 if ( AccessMode == KernelMode ) { 03179 return; 03180 } 03181 03182 AuxData = (PAUX_ACCESS_DATA)AccessState->AuxData; 03183 03184 Token = EffectiveToken( &AccessState->SubjectSecurityContext ); 03185 03186 if (ARGUMENT_PRESENT(Token->AuditData)) { 03187 03188 MappedGrantMask = Token->AuditData->GrantMask; 03189 03190 RtlMapGenericMask( 03191 &MappedGrantMask, 03192 &AuxData->GenericMapping 03193 ); 03194 03195 MappedDenyMask = Token->AuditData->DenyMask; 03196 03197 RtlMapGenericMask( 03198 &MappedDenyMask, 03199 &AuxData->GenericMapping 03200 ); 03201 } 03202 03203 if (SecurityDescriptor != NULL) { 03204 03205 RequestedAccess = AccessState->RemainingDesiredAccess | 03206 AccessState->PreviouslyGrantedAccess; 03207 03208 if ( SepAdtAuditThisEvent( AuditCategoryObjectAccess, &AccessGranted )) { 03209 03210 if ( RequestedAccess & (AccessGranted ? MappedGrantMask : MappedDenyMask)) { 03211 03212 GenerateAudit = TRUE; 03213 03214 } else { 03215 03216 SepExamineSacl( 03217 RtlpSaclAddrSecurityDescriptor( (PISECURITY_DESCRIPTOR)SecurityDescriptor ), 03218 Token, 03219 RequestedAccess, 03220 AccessGranted, 03221 &GenerateAudit, 03222 &GenerateAlarm 03223 ); 03224 } 03225 03226 // 03227 // Only generate an audit on close of we're auditing from SACL 03228 // settings. 03229 // 03230 03231 if (GenerateAudit) { 03232 *GenerateOnClose = TRUE; 03233 } 03234 } 03235 } 03236 03237 // 03238 // If we don't generate an audit via the SACL, see if we need to generate 03239 // one for privilege use. 03240 // 03241 // Note that we only audit privileges successfully used to open objects, 03242 // so we don't care about a failed privilege use here. Therefore, only 03243 // do this test of access has been granted. 03244 // 03245 03246 if (!GenerateAudit && (AccessGranted == TRUE)) { 03247 03248 if ( SepAdtAuditThisEvent( AuditCategoryPrivilegeUse, &AccessGranted )) { 03249 03250 if ((AuxData->PrivilegesUsed != NULL) && 03251 (AuxData->PrivilegesUsed->PrivilegeCount > 0) ) { 03252 03253 // 03254 // Make sure these are actually privileges that we want to audit 03255 // 03256 03257 if (SepFilterPrivilegeAudits( AuxData->PrivilegesUsed )) { 03258 03259 GenerateAudit = TRUE; 03260 03261 // 03262 // When we finally try to generate this audit, this flag 03263 // will tell us that we need to audit the fact that we 03264 // used a privilege, as opposed to audit due to the SACL. 03265 // 03266 03267 AccessState->AuditPrivileges = TRUE; 03268 } 03269 } 03270 } 03271 } 03272 03273 // 03274 // Set up either to generate an audit (if the access check has failed), or save 03275 // the stuff that we're going to audit later into the AccessState structure. 03276 // 03277 03278 if (GenerateAudit || GenerateAlarm) { 03279 03280 AccessState->GenerateAudit = TRUE; 03281 03282 // 03283 // Figure out what we've been passed, and obtain as much 03284 // missing information as possible. 03285 // 03286 03287 if ( !ARGUMENT_PRESENT( AbsoluteObjectName )) { 03288 03289 if ( ARGUMENT_PRESENT( Object )) { 03290 03291 ObjectNameInfo = SepQueryNameString( Object ); 03292 03293 if ( ObjectNameInfo != NULL ) { 03294 03295 ObjectName = &ObjectNameInfo->Name; 03296 } 03297 } 03298 03299 } else { 03300 03301 ObjectName = AbsoluteObjectName; 03302 } 03303 03304 if ( !ARGUMENT_PRESENT( ObjectTypeName )) { 03305 03306 if ( ARGUMENT_PRESENT( Object )) { 03307 03308 ObjectTypeNameInfo = SepQueryTypeString( Object ); 03309 03310 if ( ObjectTypeNameInfo != NULL ) { 03311 03312 LocalObjectTypeName = ObjectTypeNameInfo; 03313 } 03314 } 03315 03316 } else { 03317 03318 LocalObjectTypeName = ObjectTypeName; 03319 } 03320 03321 // 03322 // If the access attempt failed, do the audit here. If it succeeded, 03323 // we'll do the audit later, when the handle is allocated. 03324 // 03325 // 03326 03327 if (!AccessGranted) { 03328 03329 AuditPerformed = SepAdtOpenObjectAuditAlarm ( &SeSubsystemName, 03330 NULL, 03331 LocalObjectTypeName, 03332 NULL, 03333 ObjectName, 03334 AccessState->SubjectSecurityContext.ClientToken, 03335 AccessState->SubjectSecurityContext.PrimaryToken, 03336 AccessState->OriginalDesiredAccess, 03337 AccessState->PreviouslyGrantedAccess, 03338 &AccessState->OperationID, 03339 AuxData->PrivilegesUsed, 03340 FALSE, 03341 FALSE, 03342 TRUE, 03343 FALSE, 03344 AccessState->SubjectSecurityContext.ProcessAuditId, 03345 AuditCategoryObjectAccess, 03346 NULL, 03347 0, 03348 NULL ); 03349 } else { 03350 03351 // 03352 // Generate the delete audit first 03353 // 03354 03355 SepAdtOpenObjectForDeleteAuditAlarm ( &SeSubsystemName, 03356 NULL, 03357 LocalObjectTypeName, 03358 NULL, 03359 ObjectName, 03360 AccessState->SubjectSecurityContext.ClientToken, 03361 AccessState->SubjectSecurityContext.PrimaryToken, 03362 AccessState->OriginalDesiredAccess, 03363 AccessState->PreviouslyGrantedAccess, 03364 &AccessState->OperationID, 03365 AuxData->PrivilegesUsed, 03366 FALSE, 03367 TRUE, 03368 TRUE, 03369 FALSE, 03370 AccessState->SubjectSecurityContext.ProcessAuditId ); 03371 03372 // 03373 // Copy all the stuff we're going to need into the 03374 // AccessState and return. 03375 // 03376 03377 if ( ObjectName != NULL ) { 03378 03379 if ( AccessState->ObjectName.Buffer != NULL ) { 03380 03381 ExFreePool( AccessState->ObjectName.Buffer ); 03382 AccessState->ObjectName.Length = 0; 03383 AccessState->ObjectName.MaximumLength = 0; 03384 } 03385 03386 AccessState->ObjectName.Buffer = ExAllocatePool( PagedPool,ObjectName->MaximumLength ); 03387 if (AccessState->ObjectName.Buffer != NULL) { 03388 03389 AccessState->ObjectName.MaximumLength = ObjectName->MaximumLength; 03390 RtlCopyUnicodeString( &AccessState->ObjectName, ObjectName ); 03391 } 03392 } 03393 03394 if ( LocalObjectTypeName != NULL ) { 03395 03396 if ( AccessState->ObjectTypeName.Buffer != NULL ) { 03397 03398 ExFreePool( AccessState->ObjectTypeName.Buffer ); 03399 AccessState->ObjectTypeName.Length = 0; 03400 AccessState->ObjectTypeName.MaximumLength = 0; 03401 } 03402 03403 AccessState->ObjectTypeName.Buffer = ExAllocatePool( PagedPool, LocalObjectTypeName->MaximumLength ); 03404 if (AccessState->ObjectTypeName.Buffer != NULL) { 03405 03406 AccessState->ObjectTypeName.MaximumLength = LocalObjectTypeName->MaximumLength; 03407 RtlCopyUnicodeString( &AccessState->ObjectTypeName, LocalObjectTypeName ); 03408 } 03409 } 03410 } 03411 03412 if ( ObjectNameInfo != NULL ) { 03413 03414 ExFreePool( ObjectNameInfo ); 03415 } 03416 03417 if ( ObjectTypeNameInfo != NULL ) { 03418 03419 ExFreePool( ObjectTypeNameInfo ); 03420 } 03421 } 03422 03423 return; 03424 }

NTKERNELAPI BOOLEAN SePrivilegeCheck ( IN OUT PPRIVILEGE_SET RequiredPrivileges,

IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext,

IN KPROCESSOR_MODE AccessMode

)

Definition at line 158 of file privileg.c.
References EffectiveToken, FALSE, NULL, PAGED_CODE, SepPrivilegeCheck(), and Status.
Referenced by IopCheckBackupRestorePrivilege(), IsPrivileged(), ObpIncrementHandleCount(), RtlpNewSecurityObject(), SeCheckPrivilegedObject(), and SeSinglePrivilegeCheck().

00165 : 00166 00167 This routine checks to see if the token contains the specified 00168 privileges. 00169 00170 Arguments: 00171 00172 RequiredPrivileges - Points to a set of privileges. The subject's 00173 security context is to be checked to see which of the specified 00174 privileges are present. The results will be indicated in the 00175 attributes associated with each privilege. Note that 00176 flags in this parameter indicate whether all the privileges listed 00177 are needed, or any of the privileges. 00178 00179 SubjectSecurityContext - A pointer to the subject's captured security 00180 context. 00181 00182 AccessMode - Indicates the access mode to use for access check. One of 00183 UserMode or KernelMode. If the mode is kernel, then all privileges 00184 will be marked as being possessed by the subject, and successful 00185 completion status is returned. 00186 00187 00188 Return Value: 00189 00190 BOOLEAN - TRUE if all specified privileges are held by the subject, 00191 otherwise FALSE. 00192 00193 00194 --*/ 00195 00196 { 00197 BOOLEAN Status; 00198 00199 PAGED_CODE(); 00200 00201 // 00202 // If we're impersonating a client, we have to be at impersonation level 00203 // of SecurityImpersonation or above. 00204 // 00205 00206 if ( (SubjectSecurityContext->ClientToken != NULL) && 00207 (SubjectSecurityContext->ImpersonationLevel < SecurityImpersonation) 00208 ) { 00209 00210 return(FALSE); 00211 } 00212 00213 // 00214 // SepPrivilegeCheck locks the passed token for read access 00215 // 00216 00217 Status = SepPrivilegeCheck( 00218 EffectiveToken( SubjectSecurityContext ), 00219 RequiredPrivileges->Privilege, 00220 RequiredPrivileges->PrivilegeCount, 00221 RequiredPrivileges->Control, 00222 AccessMode 00223 ); 00224 00225 return(Status); 00226 }

VOID SePrivilegedServiceAuditAlarm ( IN PUNICODE_STRING ServiceName,

IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext,

IN PPRIVILEGE_SET Privileges,

IN BOOLEAN AccessGranted

)

Definition at line 989 of file seaudit.c.
References EffectiveToken, PAGED_CODE, PTOKEN, RtlEqualSid(), SeLocalSystemSid, SepAdtAuditThisEvent, SepAdtPrivilegedServiceAuditAlarm(), SepFilterPrivilegeAudits(), SepTokenUserSid, SeSubsystemName, and Token.
Referenced by ObpIncrementHandleCount(), RtlpNewSecurityObject(), SeCheckAuditPrivilege(), and SeSinglePrivilegeCheck().

00997 : 00998 00999 This routine is to be called whenever a privileged system service 01000 is attempted. It should be called immediately after the privilege 01001 check regardless of whether or not the test succeeds. 01002 01003 Arguments: 01004 01005 ServiceName - Supplies the name of the privileged system service. 01006 01007 SubjectSecurityContext - The subject security context representing 01008 the caller of the system service. 01009 01010 Privileges - Supplies a privilge set containing the privilege(s) 01011 required for the access. 01012 01013 AccessGranted - Supplies the results of the privilege test. 01014 01015 Return Value: 01016 01017 None. 01018 01019 --*/ 01020 01021 { 01022 PTOKEN Token; 01023 01024 PAGED_CODE(); 01025 01026 if ( SepAdtAuditThisEvent( AuditCategoryPrivilegeUse, &AccessGranted ) && 01027 SepFilterPrivilegeAudits( Privileges )) { 01028 01029 Token = (PTOKEN)EffectiveToken( SubjectSecurityContext ); 01030 01031 if ( RtlEqualSid( SeLocalSystemSid, SepTokenUserSid( Token ))) { 01032 return; 01033 } 01034 01035 SepAdtPrivilegedServiceAuditAlarm ( 01036 &SeSubsystemName, 01037 ServiceName, 01038 SubjectSecurityContext->ClientToken, 01039 SubjectSecurityContext->PrimaryToken, 01040 Privileges, 01041 AccessGranted 01042 ); 01043 } 01044 01045 return; 01046 }

NTKERNELAPI VOID SePrivilegeObjectAuditAlarm ( IN HANDLE Handle,

IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext,

IN ACCESS_MASK DesiredAccess,

IN PPRIVILEGE_SET Privileges,

IN BOOLEAN AccessGranted,

IN KPROCESSOR_MODE AccessMode

)

Definition at line 650 of file seaudit.c.
References Handle, KernelMode, PAGED_CODE, SepAdtPrivilegeObjectAuditAlarm(), and SeSubsystemName.
Referenced by IsPrivileged(), ObpCreateHandle(), and SeCheckPrivilegedObject().

00661 : 00662 00663 This routine is used by object methods that perform privileged 00664 operations to generate audit and alarm messages related to the use 00665 of privileges, or attempts to use privileges. 00666 00667 Arguments: 00668 00669 Object - Address of the object accessed. This value will not be 00670 used as a pointer (referenced). It is necessary only to enter 00671 into log messages. 00672 00673 Handle - Provides the handle value assigned for the open. 00674 00675 SecurityDescriptor - A pointer to the security descriptor of the 00676 object being accessed. 00677 00678 SubjectSecurityContext - A pointer to the captured security 00679 context of the subject attempting to open the object. 00680 00681 DesiredAccess - The desired access mask. This mask must have been 00682 previously mapped to contain no generic accesses. 00683 00684 Privileges - Points to a set of privileges required for the access 00685 attempt. Those privileges that were held by the subject are 00686 marked using the UsedForAccess flag of the PRIVILEGE_ATTRIBUTES 00687 associated with each privilege. 00688 00689 AccessGranted - Indicates whether the access was granted or 00690 denied. A value of TRUE indicates the access was allowed. A 00691 value of FALSE indicates the access was denied. 00692 00693 AccessMode - Indicates the access mode used for the access check. 00694 Messages will not be generated by kernel mode accesses. 00695 00696 Return Value: 00697 00698 None. 00699 00700 --*/ 00701 00702 { 00703 BOOLEAN AuditPerformed; 00704 00705 PAGED_CODE(); 00706 00707 if (AccessMode != KernelMode) { 00708 00709 AuditPerformed = SepAdtPrivilegeObjectAuditAlarm ( 00710 &SeSubsystemName, 00711 Handle, 00712 SubjectSecurityContext->ClientToken, 00713 SubjectSecurityContext->PrimaryToken, 00714 SubjectSecurityContext->ProcessAuditId, 00715 DesiredAccess, 00716 Privileges, 00717 AccessGranted 00718 ); 00719 } 00720 }

NTSTATUS SePrivilegePolicyCheck ( IN OUT PACCESS_MASK RemainingDesiredAccess,

IN OUT PACCESS_MASK PreviouslyGrantedAccess,

IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext OPTIONAL,

IN PACCESS_TOKEN Token OPTIONAL,

OUT PPRIVILEGE_SET * PrivilegeSet,

IN KPROCESSOR_MODE PreviousMode

)

BOOLEAN SeProxyAccessCheck ( IN PUNICODE_STRING Volume,

IN PUNICODE_STRING RelativePath,

IN BOOLEAN ContainerObject,

IN PSECURITY_DESCRIPTOR SecurityDescriptor,

IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext,

IN BOOLEAN SubjectContextLocked,

IN ACCESS_MASK DesiredAccess,

IN ACCESS_MASK PreviouslyGrantedAccess,

OUT PPRIVILEGE_SET *Privileges OPTIONAL,

IN PGENERIC_MAPPING GenericMapping,

IN KPROCESSOR_MODE AccessMode,

OUT PACCESS_MASK GrantedAccess,

OUT PNTSTATUS AccessStatus

)

Definition at line 3564 of file accessck.c.
References SeAccessCheck().

03582 : 03583 03584 03585 Arguments: 03586 03587 Volume - Supplies the volume information of the file being opened. 03588 03589 RelativePath - The volume-relative path of the file being opened. The full path of the 03590 file is the RelativePath appended to the Volume string. 03591 03592 ContainerObject - Indicates if the access is to a container object (TRUE), or a leaf object (FALSE). 03593 03594 SecurityDescriptor - Supplies the security descriptor protecting the 03595 object being accessed 03596 03597 SubjectSecurityContext - A pointer to the subject's captured security 03598 context 03599 03600 SubjectContextLocked - Supplies a flag indiciating whether or not 03601 the user's subject context is locked, so that it does not have 03602 to be locked again. 03603 03604 DesiredAccess - Supplies the access mask that the user is attempting to 03605 acquire 03606 03607 PreviouslyGrantedAccess - Supplies any accesses that the user has 03608 already been granted, for example, as a result of holding a 03609 privilege. 03610 03611 Privileges - Supplies a pointer in which will be returned a privilege 03612 set indicating any privileges that were used as part of the 03613 access validation. 03614 03615 GenericMapping - Supplies the generic mapping associated with this 03616 object type. 03617 03618 AccessMode - Supplies the access mode to be used in the check 03619 03620 GrantedAccess - Pointer to a returned access mask indicatating the 03621 granted access 03622 03623 AccessStatus - Status value that may be returned indicating the 03624 reason why access was denied. Routines should avoid hardcoding a 03625 return value of STATUS_ACCESS_DENIED so that a different value can 03626 be returned when mandatory access control is implemented. 03627 03628 03629 Return Value: 03630 03631 BOOLEAN - TRUE if access is allowed and FALSE otherwise 03632 03633 --*/ 03634 03635 { 03636 return SeAccessCheck ( 03637 SecurityDescriptor, 03638 SubjectSecurityContext, 03639 SubjectContextLocked, 03640 DesiredAccess, 03641 PreviouslyGrantedAccess, 03642 Privileges, 03643 GenericMapping, 03644 AccessMode, 03645 GrantedAccess, 03646 AccessStatus 03647 ); 03648 }

NTKERNELAPI NTSTATUS SeQueryAuthenticationIdToken ( IN PACCESS_TOKEN Token,

OUT PLUID AuthenticationId

)

Definition at line 1152 of file tokenqry.c.
References PAGED_CODE, PTOKEN, SepAcquireTokenReadLock, SepReleaseTokenReadLock, and Token.
Referenced by CheckAllowForeground(), GetProcessLuid(), NtSetUuidSeed(), and SeQueryAuthenticationIdSubjectContext().

01160 : 01161 01162 Retrieve authentication ID out of the token. 01163 01164 Arguments: 01165 01166 Token - Referenced pointer to a token. 01167 01168 AutenticationId - Receives the token's authentication ID. 01169 01170 Return Value: 01171 01172 STATUS_SUCCESS - Indicates the operation was successful. 01173 01174 This is the only expected status. 01175 01176 --*/ 01177 { 01178 PAGED_CODE(); 01179 01180 SepAcquireTokenReadLock( ((PTOKEN)Token) ); 01181 (*AuthenticationId) = ((PTOKEN)Token)->AuthenticationId; 01182 SepReleaseTokenReadLock( ((PTOKEN)Token) ); 01183 return(STATUS_SUCCESS); 01184 }

NTKERNELAPI NTSTATUS SeQueryInformationToken ( IN PACCESS_TOKEN Token,

IN TOKEN_INFORMATION_CLASS TokenInformationClass,

OUT PVOID * TokenInformation

)

Definition at line 1189 of file tokenqry.c.
References ANYSIZE_ARRAY, ASSERT, ExAllocatePool, Index, NT_SUCCESS, NTSTATUS(), NULL, PAGED_CODE, PagedPool, PTOKEN, RtlCopyLuidAndAttributesArray(), RtlCopySid(), RtlCopySidAndAttributesArray(), SeLengthSid, SepAcquireTokenReadLock, SepReleaseTokenReadLock, SeQuerySessionIdToken(), Status, and Token.
Referenced by NtSecureConnectPort().

01198 : 01199 01200 Retrieve information about a specified token. 01201 01202 Arguments: 01203 01204 TokenHandle - Provides a handle to the token to operate on. 01205 01206 TokenInformationClass - The token information class about which 01207 to retrieve information. 01208 01209 TokenInformation - Receives a pointer to the requested information. 01210 The actual structures returned are dependent upon the information 01211 class requested, as defined in the TokenInformationClass parameter 01212 description. 01213 01214 TokenInformation Format By Information Class: 01215 01216 TokenUser => TOKEN_USER data structure. TOKEN_QUERY 01217 access is needed to retrieve this information about a 01218 token. 01219 01220 TokenGroups => TOKEN_GROUPS data structure. TOKEN_QUERY 01221 access is needed to retrieve this information about a 01222 token. 01223 01224 TokenPrivileges => TOKEN_PRIVILEGES data structure. 01225 TOKEN_QUERY access is needed to retrieve this information 01226 about a token. 01227 01228 TokenOwner => TOKEN_OWNER data structure. TOKEN_QUERY 01229 access is needed to retrieve this information about a 01230 token. 01231 01232 TokenPrimaryGroup => TOKEN_PRIMARY_GROUP data structure. 01233 TOKEN_QUERY access is needed to retrieve this information 01234 about a token. 01235 01236 TokenDefaultDacl => TOKEN_DEFAULT_DACL data structure. 01237 TOKEN_QUERY access is needed to retrieve this information 01238 about a token. 01239 01240 TokenSource => TOKEN_SOURCE data structure. 01241 TOKEN_QUERY_SOURCE access is needed to retrieve this 01242 information about a token. 01243 01244 TokenType => TOKEN_TYPE data structure. 01245 TOKEN_QUERY access is needed to retrieve this information 01246 about a token. 01247 01248 TokenStatistics => TOKEN_STATISTICS data structure. 01249 TOKEN_QUERY access is needed to retrieve this 01250 information about a token. 01251 01252 Return Value: 01253 01254 STATUS_SUCCESS - Indicates the operation was successful. 01255 01256 --*/ 01257 { 01258 01259 NTSTATUS Status; 01260 01261 ULONG RequiredLength; 01262 ULONG Index; 01263 01264 PSID PSid; 01265 PACL PAcl; 01266 01267 PVOID Ignore; 01268 PTOKEN Token = (PTOKEN)AccessToken; 01269 01270 PAGED_CODE(); 01271 01272 // 01273 // Case on information class. 01274 // 01275 01276 switch ( TokenInformationClass ) { 01277 01278 case TokenUser: 01279 { 01280 PTOKEN_USER LocalUser; 01281 01282 // 01283 // Gain exclusive access to the token. 01284 // 01285 01286 SepAcquireTokenReadLock( Token ); 01287 01288 // 01289 // Return the length required now in case not enough buffer 01290 // was provided by the caller and we have to return an error. 01291 // 01292 01293 RequiredLength = SeLengthSid( Token->UserAndGroups[0].Sid) + 01294 (ULONG)sizeof( TOKEN_USER ); 01295 01296 LocalUser = ExAllocatePool( PagedPool, RequiredLength ); 01297 01298 if (LocalUser == NULL) { 01299 SepReleaseTokenReadLock( Token ); 01300 return( STATUS_INSUFFICIENT_RESOURCES ); 01301 } 01302 01303 // 01304 // Return the user SID 01305 // 01306 // Put SID immediately following TOKEN_USER data structure 01307 // 01308 01309 PSid = (PSID)( (ULONG_PTR)LocalUser + (ULONG)sizeof(TOKEN_USER) ); 01310 01311 RtlCopySidAndAttributesArray( 01312 1, 01313 Token->UserAndGroups, 01314 RequiredLength, 01315 &(LocalUser->User), 01316 PSid, 01317 ((PSID *)&Ignore), 01318 ((PULONG)&Ignore) 01319 ); 01320 01321 SepReleaseTokenReadLock( Token ); 01322 *TokenInformation = LocalUser; 01323 return STATUS_SUCCESS; 01324 } 01325 01326 01327 case TokenGroups: 01328 { 01329 PTOKEN_GROUPS LocalGroups; 01330 01331 // 01332 // Gain exclusive access to the token. 01333 // 01334 01335 SepAcquireTokenReadLock( Token ); 01336 01337 // 01338 // Figure out how much space is needed to return the group SIDs. 01339 // That's the size of TOKEN_GROUPS (without any array entries) 01340 // plus the size of an SID_AND_ATTRIBUTES times the number of groups. 01341 // The number of groups is Token->UserAndGroups-1 (since the count 01342 // includes the user ID). Then the lengths of each individual group 01343 // must be added. 01344 // 01345 01346 RequiredLength = (ULONG)sizeof(TOKEN_GROUPS) + 01347 ((Token->UserAndGroupCount - ANYSIZE_ARRAY - 1) * 01348 ((ULONG)sizeof(SID_AND_ATTRIBUTES)) ); 01349 01350 Index = 1; 01351 while (Index < Token->UserAndGroupCount) { 01352 01353 RequiredLength += SeLengthSid( Token->UserAndGroups[Index].Sid ); 01354 01355 Index += 1; 01356 01357 } // endwhile 01358 01359 LocalGroups = ExAllocatePool( PagedPool, RequiredLength ); 01360 01361 if (LocalGroups == NULL) { 01362 SepReleaseTokenReadLock( Token ); 01363 return( STATUS_INSUFFICIENT_RESOURCES ); 01364 } 01365 01366 // 01367 // Now copy the groups. 01368 // 01369 01370 LocalGroups->GroupCount = Token->UserAndGroupCount - 1; 01371 01372 PSid = (PSID)( (ULONG_PTR)LocalGroups + 01373 (ULONG)sizeof(TOKEN_GROUPS) + 01374 ( (Token->UserAndGroupCount - ANYSIZE_ARRAY - 1) * 01375 (ULONG)sizeof(SID_AND_ATTRIBUTES) ) 01376 ); 01377 01378 RtlCopySidAndAttributesArray( 01379 (ULONG)(Token->UserAndGroupCount - 1), 01380 &(Token->UserAndGroups[1]), 01381 RequiredLength, 01382 LocalGroups->Groups, 01383 PSid, 01384 ((PSID *)&Ignore), 01385 ((PULONG)&Ignore) 01386 ); 01387 01388 SepReleaseTokenReadLock( Token ); 01389 *TokenInformation = LocalGroups; 01390 return STATUS_SUCCESS; 01391 } 01392 01393 01394 case TokenPrivileges: 01395 { 01396 PTOKEN_PRIVILEGES LocalPrivileges; 01397 01398 // 01399 // Gain exclusive access to the token to prevent changes 01400 // from occuring to the privileges. 01401 // 01402 01403 SepAcquireTokenReadLock( Token ); 01404 01405 // 01406 // Return the length required now in case not enough buffer 01407 // was provided by the caller and we have to return an error. 01408 // 01409 01410 RequiredLength = (ULONG)sizeof(TOKEN_PRIVILEGES) + 01411 ((Token->PrivilegeCount - ANYSIZE_ARRAY) * 01412 ((ULONG)sizeof(LUID_AND_ATTRIBUTES)) ); 01413 01414 LocalPrivileges = ExAllocatePool( PagedPool, RequiredLength ); 01415 01416 if (LocalPrivileges == NULL) { 01417 SepReleaseTokenReadLock( Token ); 01418 return( STATUS_INSUFFICIENT_RESOURCES ); 01419 } 01420 01421 // 01422 // Return the token privileges. 01423 // 01424 01425 LocalPrivileges->PrivilegeCount = Token->PrivilegeCount; 01426 01427 RtlCopyLuidAndAttributesArray( 01428 Token->PrivilegeCount, 01429 Token->Privileges, 01430 LocalPrivileges->Privileges 01431 ); 01432 01433 SepReleaseTokenReadLock( Token ); 01434 *TokenInformation = LocalPrivileges; 01435 return STATUS_SUCCESS; 01436 } 01437 01438 01439 case TokenOwner: 01440 { 01441 PTOKEN_OWNER LocalOwner; 01442 01443 // 01444 // Gain exclusive access to the token to prevent changes 01445 // from occuring to the owner. 01446 // 01447 01448 SepAcquireTokenReadLock( Token ); 01449 01450 // 01451 // Return the length required now in case not enough buffer 01452 // was provided by the caller and we have to return an error. 01453 // 01454 01455 PSid = Token->UserAndGroups[Token->DefaultOwnerIndex].Sid; 01456 RequiredLength = (ULONG)sizeof(TOKEN_OWNER) + 01457 SeLengthSid( PSid ); 01458 01459 LocalOwner = ExAllocatePool( PagedPool, RequiredLength ); 01460 01461 if (LocalOwner == NULL) { 01462 SepReleaseTokenReadLock( Token ); 01463 return( STATUS_INSUFFICIENT_RESOURCES ); 01464 } 01465 01466 // 01467 // Return the owner SID 01468 // 01469 01470 PSid = (PSID)((ULONG_PTR)LocalOwner + 01471 (ULONG)sizeof(TOKEN_OWNER)); 01472 01473 LocalOwner->Owner = PSid; 01474 01475 Status = RtlCopySid( 01476 (RequiredLength - (ULONG)sizeof(TOKEN_OWNER)), 01477 PSid, 01478 Token->UserAndGroups[Token->DefaultOwnerIndex].Sid 01479 ); 01480 01481 ASSERT( NT_SUCCESS(Status) ); 01482 01483 SepReleaseTokenReadLock( Token ); 01484 *TokenInformation = LocalOwner; 01485 return STATUS_SUCCESS; 01486 } 01487 01488 01489 case TokenPrimaryGroup: 01490 { 01491 PTOKEN_PRIMARY_GROUP LocalPrimaryGroup; 01492 01493 // 01494 // Gain exclusive access to the token to prevent changes 01495 // from occuring to the owner. 01496 // 01497 01498 SepAcquireTokenReadLock( Token ); 01499 01500 // 01501 // Return the length required now in case not enough buffer 01502 // was provided by the caller and we have to return an error. 01503 // 01504 01505 RequiredLength = (ULONG)sizeof(TOKEN_PRIMARY_GROUP) + 01506 SeLengthSid( Token->PrimaryGroup ); 01507 01508 LocalPrimaryGroup = ExAllocatePool( PagedPool, RequiredLength ); 01509 01510 if (LocalPrimaryGroup == NULL) { 01511 SepReleaseTokenReadLock( Token ); 01512 return( STATUS_INSUFFICIENT_RESOURCES ); 01513 } 01514 01515 // 01516 // Return the primary group SID 01517 // 01518 01519 PSid = (PSID)((ULONG_PTR)LocalPrimaryGroup + 01520 (ULONG)sizeof(TOKEN_PRIMARY_GROUP)); 01521 01522 LocalPrimaryGroup->PrimaryGroup = PSid; 01523 01524 Status = RtlCopySid( (RequiredLength - (ULONG)sizeof(TOKEN_PRIMARY_GROUP)), 01525 PSid, 01526 Token->PrimaryGroup 01527 ); 01528 01529 ASSERT( NT_SUCCESS(Status) ); 01530 01531 SepReleaseTokenReadLock( Token ); 01532 *TokenInformation = LocalPrimaryGroup; 01533 return STATUS_SUCCESS; 01534 } 01535 01536 01537 case TokenDefaultDacl: 01538 { 01539 PTOKEN_DEFAULT_DACL LocalDefaultDacl; 01540 01541 // 01542 // Gain exclusive access to the token to prevent changes 01543 // from occuring to the owner. 01544 // 01545 01546 SepAcquireTokenReadLock( Token ); 01547 01548 // 01549 // Return the length required now in case not enough buffer 01550 // was provided by the caller and we have to return an error. 01551 // 01552 01553 RequiredLength = (ULONG)sizeof(TOKEN_DEFAULT_DACL); 01554 01555 if (ARGUMENT_PRESENT(Token->DefaultDacl)) { 01556 01557 RequiredLength += Token->DefaultDacl->AclSize; 01558 } 01559 01560 LocalDefaultDacl = ExAllocatePool( PagedPool, RequiredLength ); 01561 01562 if (LocalDefaultDacl == NULL) { 01563 SepReleaseTokenReadLock( Token ); 01564 return( STATUS_INSUFFICIENT_RESOURCES ); 01565 } 01566 01567 // 01568 // Return the default Dacl 01569 // 01570 01571 PAcl = (PACL)((ULONG_PTR)LocalDefaultDacl + 01572 (ULONG)sizeof(TOKEN_DEFAULT_DACL)); 01573 01574 if (ARGUMENT_PRESENT(Token->DefaultDacl)) { 01575 01576 LocalDefaultDacl->DefaultDacl = PAcl; 01577 01578 RtlCopyMemory( (PVOID)PAcl, 01579 (PVOID)Token->DefaultDacl, 01580 Token->DefaultDacl->AclSize 01581 ); 01582 } else { 01583 01584 LocalDefaultDacl->DefaultDacl = NULL; 01585 } 01586 01587 SepReleaseTokenReadLock( Token ); 01588 *TokenInformation = LocalDefaultDacl; 01589 return STATUS_SUCCESS; 01590 } 01591 01592 01593 case TokenSource: 01594 { 01595 PTOKEN_SOURCE LocalSource; 01596 01597 // 01598 // The type of a token can not be changed, so 01599 // exclusive access to the token is not necessary. 01600 // 01601 01602 // 01603 // Return the length required now in case not enough buffer 01604 // was provided by the caller and we have to return an error. 01605 // 01606 01607 RequiredLength = (ULONG) sizeof(TOKEN_SOURCE); 01608 01609 LocalSource = ExAllocatePool( PagedPool, RequiredLength ); 01610 01611 if (LocalSource == NULL) { 01612 return( STATUS_INSUFFICIENT_RESOURCES ); 01613 } 01614 01615 // 01616 // Return the token source 01617 // 01618 01619 (*LocalSource) = Token->TokenSource; 01620 *TokenInformation = LocalSource; 01621 01622 return STATUS_SUCCESS; 01623 } 01624 01625 01626 case TokenType: 01627 { 01628 PTOKEN_TYPE LocalType; 01629 01630 // 01631 // The type of a token can not be changed, so 01632 // exclusive access to the token is not necessary. 01633 // 01634 01635 // 01636 // Return the length required now in case not enough buffer 01637 // was provided by the caller and we have to return an error. 01638 // 01639 01640 RequiredLength = (ULONG) sizeof(TOKEN_TYPE); 01641 01642 LocalType = ExAllocatePool( PagedPool, RequiredLength ); 01643 01644 if (LocalType == NULL) { 01645 return( STATUS_INSUFFICIENT_RESOURCES ); 01646 } 01647 01648 // 01649 // Return the token type 01650 // 01651 01652 (*LocalType) = Token->TokenType; 01653 *TokenInformation = LocalType; 01654 return STATUS_SUCCESS; 01655 } 01656 01657 01658 case TokenImpersonationLevel: 01659 { 01660 PSECURITY_IMPERSONATION_LEVEL LocalImpersonationLevel; 01661 01662 // 01663 // The impersonation level of a token can not be changed, so 01664 // exclusive access to the token is not necessary. 01665 // 01666 01667 // 01668 // Make sure the token is an appropriate type to be retrieving 01669 // the impersonation level from. 01670 // 01671 01672 if (Token->TokenType != TokenImpersonation) { 01673 01674 return STATUS_INVALID_INFO_CLASS; 01675 } 01676 01677 // 01678 // Return the length required now in case not enough buffer 01679 // was provided by the caller and we have to return an error. 01680 // 01681 01682 RequiredLength = (ULONG) sizeof(SECURITY_IMPERSONATION_LEVEL); 01683 01684 LocalImpersonationLevel = ExAllocatePool( PagedPool, RequiredLength ); 01685 01686 if (LocalImpersonationLevel == NULL) { 01687 return( STATUS_INSUFFICIENT_RESOURCES ); 01688 } 01689 01690 // 01691 // Return the impersonation level 01692 // 01693 01694 (*LocalImpersonationLevel) = Token->ImpersonationLevel; 01695 *TokenInformation = LocalImpersonationLevel; 01696 return STATUS_SUCCESS; 01697 } 01698 01699 01700 case TokenStatistics: 01701 { 01702 PTOKEN_STATISTICS LocalStatistics; 01703 01704 // 01705 // Gain exclusive access to the token. 01706 // 01707 01708 SepAcquireTokenReadLock( Token ); 01709 01710 // 01711 // Return the length required now in case not enough buffer 01712 // was provided by the caller and we have to return an error. 01713 // 01714 01715 RequiredLength = (ULONG)sizeof( TOKEN_STATISTICS ); 01716 01717 LocalStatistics = ExAllocatePool( PagedPool, RequiredLength ); 01718 01719 if (LocalStatistics == NULL) { 01720 SepReleaseTokenReadLock( Token ); 01721 return( STATUS_INSUFFICIENT_RESOURCES ); 01722 } 01723 01724 // 01725 // Return the statistics 01726 // 01727 01728 LocalStatistics->TokenId = Token->TokenId; 01729 LocalStatistics->AuthenticationId = Token->AuthenticationId; 01730 LocalStatistics->ExpirationTime = Token->ExpirationTime; 01731 LocalStatistics->TokenType = Token->TokenType; 01732 LocalStatistics->ImpersonationLevel = Token->ImpersonationLevel; 01733 LocalStatistics->DynamicCharged = Token->DynamicCharged; 01734 LocalStatistics->DynamicAvailable = Token->DynamicAvailable; 01735 LocalStatistics->GroupCount = Token->UserAndGroupCount-1; 01736 LocalStatistics->PrivilegeCount = Token->PrivilegeCount; 01737 LocalStatistics->ModifiedId = Token->ModifiedId; 01738 01739 SepReleaseTokenReadLock( Token ); 01740 *TokenInformation = LocalStatistics; 01741 return STATUS_SUCCESS; 01742 } 01743 01744 case TokenSessionId: 01745 01746 /* 01747 * Get SessionId for the token 01748 */ 01749 SeQuerySessionIdToken( (PACCESS_TOKEN)Token, 01750 (PULONG)TokenInformation ); 01751 01752 return( STATUS_SUCCESS ); 01753 01754 default: 01755 01756 return STATUS_INVALID_INFO_CLASS; 01757 } 01758 }

VOID SeQuerySecurityAccessMask ( IN SECURITY_INFORMATION SecurityInformation,

OUT PACCESS_MASK DesiredAccess

)

Definition at line 138 of file semethod.c.
References PAGED_CODE.
Referenced by IoCheckFunctionAccess(), and NtQuerySecurityObject().

00145 : 00146 00147 This routine builds an access mask representing the accesses necessary 00148 to query the object security information specified in the 00149 SecurityInformation parameter. While it is not difficult to determine 00150 this information, the use of a single routine to generate it will ensure 00151 minimal impact when the security information associated with an object is 00152 extended in the future (to include mandatory access control information). 00153 00154 Arguments: 00155 00156 SecurityInformation - Identifies the object's security information to be 00157 queried. 00158 00159 DesiredAccess - Points to an access mask to be set to represent the 00160 accesses necessary to query the information specified in the 00161 SecurityInformation parameter. 00162 00163 Return Value: 00164 00165 None. 00166 00167 --*/ 00168 00169 { 00170 PAGED_CODE(); 00171 00172 // 00173 // Figure out accesses needed to perform the indicated operation(s). 00174 // 00175 00176 (*DesiredAccess) = 0; 00177 00178 if ((SecurityInformation & OWNER_SECURITY_INFORMATION) || 00179 (SecurityInformation & GROUP_SECURITY_INFORMATION) || 00180 (SecurityInformation & DACL_SECURITY_INFORMATION)) { 00181 (*DesiredAccess) |= READ_CONTROL; 00182 } 00183 00184 if ((SecurityInformation & SACL_SECURITY_INFORMATION)) { 00185 (*DesiredAccess) |= ACCESS_SYSTEM_SECURITY; 00186 } 00187 00188 return; 00189 00190 }

NTKERNELAPI NTSTATUS SeQuerySecurityDescriptorInfo ( IN PSECURITY_INFORMATION SecurityInformation,

OUT PSECURITY_DESCRIPTOR SecurityDescriptor,

IN OUT PULONG Length,

IN PSECURITY_DESCRIPTOR * ObjectsSecurityDescriptor

)

Definition at line 559 of file semethod.c.
References EXCEPTION_EXECUTE_HANDLER, LongAlignPtr, NULL, PAGED_CODE, RtlCreateSecurityDescriptorRelative(), SeLengthSid, and Size.
Referenced by CmpQuerySecurityDescriptorInfo(), IopGetSetSecurityObject(), and ObQuerySecurityDescriptorInfo().

00568 : 00569 00570 This routine will extract the desired information from the 00571 passed security descriptor and return the information in 00572 the passed buffer as a security descriptor in self-relative 00573 format. 00574 00575 Arguments: 00576 00577 SecurityInformation - Specifies what information is being queried. 00578 00579 SecurityDescriptor - Supplies the buffer to output the requested 00580 information into. 00581 00582 This buffer has been probed only to the size indicated by 00583 the Length parameter. Since it still points into user space, 00584 it must always be accessed in a try clause. 00585 00586 Length - Supplies the address of a variable containing the length of 00587 the security descriptor buffer. Upon return this variable will 00588 contain the length needed to store the requested information. 00589 00590 ObjectsSecurityDescriptor - Supplies the address of a pointer to 00591 the objects security descriptor. The passed security descriptor 00592 must be in self-relative format. 00593 00594 Return Value: 00595 00596 NTSTATUS - STATUS_SUCCESS if successful and an appropriate error value 00597 otherwise 00598 00599 --*/ 00600 00601 { 00602 ULONG BufferLength; 00603 00604 ULONG Size; 00605 ULONG OwnerLength; 00606 ULONG GroupLength; 00607 ULONG DaclLength; 00608 ULONG SaclLength; 00609 PUCHAR NextFree; 00610 SECURITY_DESCRIPTOR IObjectSecurity; 00611 00612 // 00613 // Note that IObjectSecurity is not a pointer to a pointer 00614 // like ObjectsSecurityDescriptor is. 00615 // 00616 00617 SECURITY_DESCRIPTOR_RELATIVE *ISecurityDescriptor = SecurityDescriptor; 00618 00619 PAGED_CODE(); 00620 00621 // 00622 // We will be accessing user memory throughout this routine, 00623 // therefore do everything in a try-except clause. 00624 // 00625 00626 try { 00627 00628 BufferLength = *Length; 00629 00630 // 00631 // Check if the object's descriptor is null, and if it is then 00632 // we only need to return a blank security descriptor record 00633 // 00634 00635 if (*ObjectsSecurityDescriptor == NULL) { 00636 00637 *Length = sizeof(SECURITY_DESCRIPTOR_RELATIVE); 00638 00639 // 00640 // Now make sure it's large enough for the security descriptor 00641 // record 00642 // 00643 00644 if (BufferLength < sizeof(SECURITY_DESCRIPTOR_RELATIVE)) { 00645 00646 return STATUS_BUFFER_TOO_SMALL; 00647 00648 } 00649 00650 // 00651 // It's large enough to make a blank security descriptor record 00652 // 00653 // Note that this parameter has been probed for write by the 00654 // object manager, however, we still have to be careful when 00655 // writing to it. 00656 // 00657 00658 // 00659 // We do not have to probe this here, because the object 00660 // manager has probed it for length=BufferLength, which we 00661 // know at this point is at least as large as a security 00662 // descriptor. 00663 // 00664 00665 RtlCreateSecurityDescriptorRelative( SecurityDescriptor, 00666 SECURITY_DESCRIPTOR_REVISION ); 00667 00668 // 00669 // Mark it as self-relative 00670 // 00671 00672 RtlpSetControlBits( ISecurityDescriptor, SE_SELF_RELATIVE ); 00673 00674 // 00675 // And return to our caller 00676 // 00677 00678 return STATUS_SUCCESS; 00679 00680 } 00681 00682 // 00683 // Create an absolute format SD on the stack pointing into 00684 // user space to simplify the following code 00685 // 00686 00687 RtlCopyMemory( (&IObjectSecurity), 00688 *ObjectsSecurityDescriptor, 00689 sizeof(SECURITY_DESCRIPTOR_RELATIVE) ); 00690 00691 IObjectSecurity.Owner = RtlpOwnerAddrSecurityDescriptor( 00692 (SECURITY_DESCRIPTOR *) *ObjectsSecurityDescriptor ); 00693 IObjectSecurity.Group = RtlpGroupAddrSecurityDescriptor( 00694 (SECURITY_DESCRIPTOR *) *ObjectsSecurityDescriptor ); 00695 IObjectSecurity.Dacl = RtlpDaclAddrSecurityDescriptor( 00696 (SECURITY_DESCRIPTOR *) *ObjectsSecurityDescriptor ); 00697 IObjectSecurity.Sacl = RtlpSaclAddrSecurityDescriptor( 00698 (SECURITY_DESCRIPTOR *) *ObjectsSecurityDescriptor ); 00699 00700 IObjectSecurity.Control &= ~SE_SELF_RELATIVE; 00701 00702 // 00703 // This is not a blank descriptor so we need to determine the size 00704 // needed to store the requested information. It is the size of the 00705 // descriptor record plus the size of each requested component. 00706 // 00707 00708 Size = sizeof(SECURITY_DESCRIPTOR_RELATIVE); 00709 00710 if ( (((*SecurityInformation) & OWNER_SECURITY_INFORMATION)) && 00711 (IObjectSecurity.Owner != NULL) ) { 00712 00713 OwnerLength = SeLengthSid( IObjectSecurity.Owner ); 00714 Size += (ULONG)LongAlignSize(OwnerLength); 00715 00716 } 00717 00718 if ( (((*SecurityInformation) & GROUP_SECURITY_INFORMATION)) && 00719 (IObjectSecurity.Group != NULL) ) { 00720 00721 GroupLength = SeLengthSid( IObjectSecurity.Group ); 00722 Size += (ULONG)LongAlignSize(GroupLength); 00723 00724 } 00725 00726 if ( (((*SecurityInformation) & DACL_SECURITY_INFORMATION)) && 00727 (IObjectSecurity.Control & SE_DACL_PRESENT) && 00728 (IObjectSecurity.Dacl != NULL) ) { 00729 00730 00731 DaclLength = (ULONG)LongAlignSize((IObjectSecurity.Dacl)->AclSize); 00732 Size += DaclLength; 00733 00734 } 00735 00736 if ( (((*SecurityInformation) & SACL_SECURITY_INFORMATION)) && 00737 (IObjectSecurity.Control & SE_SACL_PRESENT) && 00738 (IObjectSecurity.Sacl != NULL) ) { 00739 00740 SaclLength = (ULONG)LongAlignSize((IObjectSecurity.Sacl)->AclSize); 00741 Size += SaclLength; 00742 00743 } 00744 00745 // 00746 // Tell the caller how much space this will require 00747 // (whether we actually fit or not) 00748 // 00749 00750 *Length = Size; 00751 00752 // 00753 // Now make sure the size is less than or equal to the length 00754 // we were passed 00755 // 00756 00757 if (Size > BufferLength) { 00758 00759 return STATUS_BUFFER_TOO_SMALL; 00760 00761 } 00762 00763 // 00764 // The length is fine. 00765 // 00766 // Fill in the length and flags part of the security descriptor. 00767 // The real addresses of each acl will be filled in later when we 00768 // copy the ACLs over. 00769 // 00770 // Note that we only set a flag in the descriptor if the information 00771 // was requested, which is a simple copy of the requested information 00772 // input variable 00773 // 00774 // The output buffer has already been probed to the passed size, 00775 // so we can just write to it. 00776 // 00777 00778 RtlCreateSecurityDescriptorRelative( SecurityDescriptor, 00779 SECURITY_DESCRIPTOR_REVISION ); 00780 00781 // 00782 // Mark the returned Security Descriptor as being in 00783 // self-relative format 00784 // 00785 00786 RtlpSetControlBits( ISecurityDescriptor, SE_SELF_RELATIVE ); 00787 00788 // 00789 // NextFree is used to point to the next free spot in the 00790 // returned security descriptor. 00791 // 00792 00793 NextFree = LongAlignPtr((PUCHAR)SecurityDescriptor + 00794 sizeof(SECURITY_DESCRIPTOR_RELATIVE)); 00795 00796 // 00797 // Copy the Owner SID if necessary and update the NextFree pointer, 00798 // keeping it longword aligned. 00799 // 00800 00801 if ( ((*SecurityInformation) & OWNER_SECURITY_INFORMATION) && 00802 ((IObjectSecurity.Owner) != NULL) ) { 00803 00804 RtlMoveMemory( NextFree, 00805 IObjectSecurity.Owner, 00806 OwnerLength ); 00807 00808 ISecurityDescriptor->Owner = (ULONG)((PUCHAR)NextFree - (PUCHAR)SecurityDescriptor); 00809 00810 RtlpPropagateControlBits( 00811 ISecurityDescriptor, 00812 &IObjectSecurity, 00813 SE_OWNER_DEFAULTED 00814 ); 00815 00816 NextFree += (ULONG)LongAlignSize(OwnerLength); 00817 00818 } 00819 00820 00821 // 00822 // Copy the Group SID if necessary and update the NextFree pointer, 00823 // keeping it longword aligned. 00824 // 00825 00826 if ( ((*SecurityInformation) & GROUP_SECURITY_INFORMATION) && 00827 (IObjectSecurity.Group != NULL) ) { 00828 00829 RtlMoveMemory( NextFree, 00830 IObjectSecurity.Group, 00831 GroupLength ); 00832 00833 ISecurityDescriptor->Group = (ULONG)((PUCHAR)NextFree - (PUCHAR)SecurityDescriptor); 00834 00835 RtlpPropagateControlBits( 00836 ISecurityDescriptor, 00837 &IObjectSecurity, 00838 SE_GROUP_DEFAULTED 00839 ); 00840 00841 NextFree += (ULONG)LongAlignSize(GroupLength); 00842 00843 } 00844 00845 00846 // 00847 // Set discretionary acl information if requested. 00848 // If not set in object's security, 00849 // then everything is already set properly. 00850 // 00851 00852 if ( (*SecurityInformation) & DACL_SECURITY_INFORMATION) { 00853 00854 RtlpPropagateControlBits( 00855 ISecurityDescriptor, 00856 &IObjectSecurity, 00857 SE_DACL_PRESENT | SE_DACL_DEFAULTED | SE_DACL_PROTECTED | SE_DACL_AUTO_INHERITED 00858 ); 00859 00860 // 00861 // Copy the acl if non-null and update the NextFree pointer, 00862 // keeping it longword aligned. 00863 // 00864 00865 if ( (IObjectSecurity.Control & SE_DACL_PRESENT) != 0 && 00866 IObjectSecurity.Dacl != NULL) { 00867 00868 RtlMoveMemory( NextFree, 00869 IObjectSecurity.Dacl, 00870 (IObjectSecurity.Dacl)->AclSize ); 00871 00872 ISecurityDescriptor->Dacl = (ULONG)((PUCHAR)NextFree - (PUCHAR)SecurityDescriptor); 00873 00874 NextFree += DaclLength; 00875 00876 } 00877 } 00878 00879 00880 // 00881 // Set system acl information if requested. 00882 // If not set in object's security, 00883 // then everything is already set properly. 00884 // 00885 00886 if ( (*SecurityInformation) & SACL_SECURITY_INFORMATION) { 00887 00888 RtlpPropagateControlBits( 00889 ISecurityDescriptor, 00890 &IObjectSecurity, 00891 SE_SACL_PRESENT | SE_SACL_DEFAULTED | SE_SACL_PROTECTED | SE_SACL_AUTO_INHERITED 00892 ); 00893 00894 // 00895 // Copy the acl if non-null and update the NextFree pointer, 00896 // keeping it longword aligned. 00897 // 00898 if ( (IObjectSecurity.Control & SE_SACL_PRESENT) != 0 && 00899 IObjectSecurity.Sacl != NULL) { 00900 00901 RtlMoveMemory( NextFree, 00902 IObjectSecurity.Sacl, 00903 (IObjectSecurity.Sacl)->AclSize ); 00904 00905 ISecurityDescriptor->Sacl = (ULONG)((PUCHAR)NextFree - (PUCHAR)SecurityDescriptor); 00906 00907 } 00908 } 00909 00910 } except(EXCEPTION_EXECUTE_HANDLER) { 00911 return(GetExceptionCode()); 00912 } 00913 00914 return STATUS_SUCCESS; 00915 00916 }

NTKERNELAPI NTSTATUS SeQuerySessionIdToken ( IN PACCESS_TOKEN,

IN PULONG pSessionId

)

NTKERNELAPI NTSTATUS SeRegisterLogonSessionTerminatedRoutine ( IN PSE_LOGON_SESSION_TERMINATED_ROUTINE CallbackRoutine )

Definition at line 849 of file rmlogon.c.
References _SEP_LOGON_SESSION_TERMINATED_NOTIFICATION::CallbackRoutine, ExAllocatePoolWithTag, _SEP_LOGON_SESSION_TERMINATED_NOTIFICATION::Next, NULL, PAGED_CODE, PagedPool, PSE_LOGON_SESSION_TERMINATED_ROUTINE, PSEP_LOGON_SESSION_TERMINATED_NOTIFICATION, SeFileSystemNotifyRoutinesHead, SepRmAcquireDbWriteLock, and SepRmReleaseDbWriteLock.

00855 : 00856 00857 This routine is called by file systems that are interested in being 00858 notified when a logon session is being deleted. 00859 00860 Arguments: 00861 00862 CallbackRoutine - Address of routine to call back when a logon session 00863 is being deleted. 00864 00865 Return Value: 00866 00867 STATUS_SUCCESS - Successfully registered routine 00868 00869 STATUS_INVALID_PARAMETER - CallbackRoutine is NULL 00870 00871 STATUS_INSUFFICIENT_RESOURCE - Unable to allocate list entry. 00872 00873 --*/ 00874 00875 { 00876 PSEP_LOGON_SESSION_TERMINATED_NOTIFICATION NewCallback; 00877 00878 PAGED_CODE(); 00879 00880 if (CallbackRoutine == NULL) { 00881 return( STATUS_INVALID_PARAMETER ); 00882 } 00883 00884 NewCallback = ExAllocatePoolWithTag( 00885 PagedPool, 00886 sizeof(SEP_LOGON_SESSION_TERMINATED_NOTIFICATION), 00887 'SFeS'); 00888 00889 if (NewCallback == NULL) { 00890 return( STATUS_INSUFFICIENT_RESOURCES ); 00891 } 00892 00893 SepRmAcquireDbWriteLock(); 00894 00895 NewCallback->Next = SeFileSystemNotifyRoutinesHead.Next; 00896 00897 NewCallback->CallbackRoutine = CallbackRoutine; 00898 00899 SeFileSystemNotifyRoutinesHead.Next = NewCallback; 00900 00901 SepRmReleaseDbWriteLock(); 00902 00903 return( STATUS_SUCCESS ); 00904 }

VOID SeReleaseAcl ( IN PACL CapturedAcl,

IN KPROCESSOR_MODE RequestorMode,

IN BOOLEAN ForceCapture

)

Definition at line 1560 of file se/capture.c.
References ExFreePool(), KernelMode, PAGED_CODE, TRUE, and UserMode.
Referenced by NtCreateToken(), and NtSetInformationToken().

01568 : 01569 01570 This routine releases a previously captured ACL. 01571 01572 This routine should NOT be called if the ACL was captured into a 01573 provided CaptureBuffer (see SeCaptureAcl). 01574 01575 Arguments: 01576 01577 CapturedAcl - Supplies the ACL to release. 01578 01579 RequestorMode - The processor mode specified when the ACL was captured. 01580 01581 ForceCapture - The ForceCapture value specified when the ACL was 01582 captured. 01583 01584 Return Value: 01585 01586 None. 01587 01588 --*/ 01589 01590 { 01591 // 01592 // We only have something to deallocate if the requestor was user 01593 // mode or kernel mode requesting ForceCapture. 01594 // 01595 01596 PAGED_CODE(); 01597 01598 if ( ((RequestorMode == KernelMode) && (ForceCapture == TRUE)) || 01599 (RequestorMode == UserMode ) ) { 01600 01601 ExFreePool(CapturedAcl); 01602 01603 } 01604 01605 }

VOID SeReleaseLuidAndAttributesArray ( IN PLUID_AND_ATTRIBUTES CapturedArray,

IN KPROCESSOR_MODE RequestorMode,

IN BOOLEAN ForceCapture

)

Definition at line 1797 of file se/capture.c.
References ExFreePool(), KernelMode, NULL, PAGED_CODE, TRUE, and UserMode.
Referenced by NtAdjustPrivilegesToken(), NtCreateToken(), NtFilterToken(), and NtPrivilegeCheck().

01805 : 01806 01807 This routine releases a previously captured array of LUID_AND_ATTRIBUTES. 01808 01809 This routine should NOT be called if the array was captured into a 01810 provided CaptureBuffer (see SeCaptureLuidAndAttributesArray). 01811 01812 Arguments: 01813 01814 CapturedArray - Supplies the array to release. 01815 01816 RequestorMode - The processor mode specified when the array was captured. 01817 01818 ForceCapture - The ForceCapture value specified when the array was 01819 captured. 01820 01821 Return Value: 01822 01823 None. 01824 01825 --*/ 01826 01827 { 01828 // 01829 // We only have something to deallocate if the requestor was user 01830 // mode or kernel mode requesting ForceCapture. 01831 // 01832 01833 PAGED_CODE(); 01834 01835 if ( ((RequestorMode == KernelMode) && (ForceCapture == TRUE)) || 01836 (RequestorMode == UserMode )) { 01837 // 01838 // the capture routine returns success with a null pointer for zero elements. 01839 // 01840 if (CapturedArray != NULL) 01841 ExFreePool(CapturedArray); 01842 01843 } 01844 01845 return; 01846 01847 }

NTKERNELAPI VOID SeReleaseSecurityDescriptor ( IN PSECURITY_DESCRIPTOR CapturedSecurityDescriptor,

IN KPROCESSOR_MODE RequestorMode,

IN BOOLEAN ForceCapture

)

Definition at line 631 of file se/capture.c.
References ExFreePool(), KernelMode, PAGED_CODE, TRUE, and UserMode.
Referenced by IopSetSecurityObjectFromRegistry(), NtOpenObjectAuditAlarm(), NtSetSecurityObject(), NtUserCreateWindowStation(), ObInsertObject(), SeAccessCheckByType(), and SepAccessCheckAndAuditAlarm().

00639 : 00640 00641 This routine releases a previously captured security descriptor. 00642 Only 00643 00644 Arguments: 00645 00646 CapturedSecurityDescriptor - Supplies the security descriptor to release. 00647 00648 RequestorMode - The processor mode specified when the descriptor was 00649 captured. 00650 00651 ForceCapture - The ForceCapture value specified when the descriptor was 00652 captured. 00653 00654 Return Value: 00655 00656 None. 00657 00658 --*/ 00659 00660 { 00661 // 00662 // We only have something to deallocate if the requestor was user 00663 // mode or kernel mode requesting ForceCapture. 00664 // 00665 00666 PAGED_CODE(); 00667 00668 if ( ((RequestorMode == KernelMode) && (ForceCapture == TRUE)) || 00669 (RequestorMode == UserMode ) ) { 00670 if ( CapturedSecurityDescriptor ) { 00671 ExFreePool(CapturedSecurityDescriptor); 00672 } 00673 } 00674 00675 return; 00676 00677 }

VOID SeReleaseSid ( IN PSID CapturedSid,

IN KPROCESSOR_MODE RequestorMode,

IN BOOLEAN ForceCapture

)

Definition at line 1320 of file se/capture.c.
References ExFreePool(), KernelMode, PAGED_CODE, TRUE, and UserMode.
Referenced by NtCreateToken(), NtSecureConnectPort(), NtSetInformationToken(), SeAccessCheckByType(), and SepAccessCheckAndAuditAlarm().

01328 : 01329 01330 This routine releases a previously captured SID. 01331 01332 This routine should NOT be called if the SID was captured into a 01333 provided CaptureBuffer (see SeCaptureSid). 01334 01335 Arguments: 01336 01337 CapturedSid - Supplies the SID to release. 01338 01339 RequestorMode - The processor mode specified when the SID was captured. 01340 01341 ForceCapture - The ForceCapture value specified when the SID was 01342 captured. 01343 01344 Return Value: 01345 01346 None. 01347 01348 --*/ 01349 01350 { 01351 // 01352 // We only have something to deallocate if the requestor was user 01353 // mode or kernel mode requesting ForceCapture. 01354 // 01355 01356 PAGED_CODE(); 01357 01358 if ( ((RequestorMode == KernelMode) && (ForceCapture == TRUE)) || 01359 (RequestorMode == UserMode ) ) { 01360 01361 ExFreePool(CapturedSid); 01362 01363 } 01364 01365 return; 01366 01367 }

VOID SeReleaseSidAndAttributesArray ( IN PSID_AND_ATTRIBUTES CapturedArray,

IN KPROCESSOR_MODE RequestorMode,

IN BOOLEAN ForceCapture

)

Definition at line 2297 of file se/capture.c.
References ExFreePool(), KernelMode, PAGED_CODE, TRUE, and UserMode.
Referenced by NtAdjustGroupsToken(), NtCreateToken(), and NtFilterToken().

02305 : 02306 02307 This routine releases a previously captured array of SID_AND_ATTRIBUTES. 02308 02309 This routine should NOT be called if the array was captured into a 02310 provided CaptureBuffer (see SeCaptureSidAndAttributesArray). 02311 02312 Arguments: 02313 02314 CapturedArray - Supplies the array to release. 02315 02316 RequestorMode - The processor mode specified when the array was captured. 02317 02318 ForceCapture - The ForceCapture value specified when the array was 02319 captured. 02320 02321 Return Value: 02322 02323 None. 02324 02325 --*/ 02326 02327 { 02328 // 02329 // We only have something to deallocate if the requestor was user 02330 // mode or kernel mode requesting ForceCapture. 02331 // 02332 02333 PAGED_CODE(); 02334 02335 if ( ((RequestorMode == KernelMode) && (ForceCapture == TRUE)) || 02336 (RequestorMode == UserMode ) ) { 02337 02338 ExFreePool(CapturedArray); 02339 02340 } 02341 02342 return; 02343 02344 }

NTKERNELAPI VOID SeReleaseSubjectContext ( IN PSECURITY_SUBJECT_CONTEXT SubjectContext )

Definition at line 196 of file subject.c.
References NULL, PAGED_CODE, PsDereferenceImpersonationToken, and PsDereferencePrimaryToken.
Referenced by CmpFlushNotify(), FsRtlCancelNotify(), FsRtlNotifyCleanup(), FsRtlNotifyFullChangeDirectory(), IsPrivileged(), NtCloseObjectAuditAlarm(), NtDeleteObjectAuditAlarm(), NtOpenObjectAuditAlarm(), NtPrivilegedServiceAuditAlarm(), NtPrivilegeObjectAuditAlarm(), NtSetUuidSeed(), RtlpSetSecurityObject(), SeAccessCheckByType(), SeAuditHandleDuplication(), SeAuditProcessCreation(), SeCheckPrivilegedObject(), SeCloseObjectAuditAlarm(), SeDeleteAccessState(), SeDeleteObjectAuditAlarm(), SepAccessCheckAndAuditAlarm(), SeSinglePrivilegeCheck(), and xxxCreateWindowStation().

00203 : 00204 00205 This routine releases a subject security context previously captured by 00206 SeCaptureSubjectContext(). 00207 00208 Arguments: 00209 00210 SubjectContext - Points to a SECURITY_SUBJECT_CONTEXT data structure 00211 containing a subject's previously captured security context. 00212 00213 Return Value: 00214 00215 none. 00216 00217 --*/ 00218 00219 { 00220 PAGED_CODE(); 00221 00222 PsDereferencePrimaryToken( SubjectContext->PrimaryToken ); 00223 SubjectContext->PrimaryToken = NULL; 00224 00225 00226 PsDereferenceImpersonationToken( SubjectContext->ClientToken ); 00227 SubjectContext->ClientToken = NULL; 00228 00229 return; 00230 00231 }

BOOLEAN SeRmInitPhase1 ( )

Definition at line 60 of file rmmain.c.
References ASSERT, ExAllocatePoolWithTag, ExFreePool(), FALSE, _SEP_RM_STATE::LsaInitEventHandle, NT_SUCCESS, NTSTATUS(), NULL, ObjectAttributes, PAGED_CODE, PagedPool, PsCreateSystemThread(), _SEP_RM_STATE::RmCommandPortHandle, RtlAddAccessAllowedAce(), RtlAnsiStringToUnicodeString(), RtlCreateAcl(), RtlCreateSecurityDescriptor(), RtlFreeUnicodeString(), RtlInitString(), SeLengthSid, SeLocalSystemSid, SEP_RM_CONNECT_INFO, SepAdtInitializeAuditingOptions(), SepAdtInitializeCrashOnFail(), SepAdtInitializePrivilegeAuditing(), SepRmCommandServerThread(), SepRmState, _SEP_RM_STATE::SepRmThreadHandle, Status, and TRUE.

00065 : 00066 00067 This function is called by Phase 1 System Initialization to initialize 00068 the Security Reference Monitor. Note that initialization of the 00069 Reference Monitor Global State has already been performed in Phase 0 00070 initialization to allow access validation routines to operate without 00071 having to check that Reference Monitor Initialization is complete. 00072 00073 The steps listed below are performed in this routine. The remainder 00074 of Reference Monitor initialization requires the LSA subsystem to have run, 00075 so that initialization is performed in a separate thread (the RM Command 00076 Server Thread, see below), so that the present thread can create the 00077 Session Manager which execs the LSA. 00078 00079 o Create the Reference Monitor Command LPC port. The LSA subsystem sends 00080 commands (e.g. turn on auditing) which change the Reference Monitor 00081 Global State. 00082 o Create an Event for use in synchronizing with the LSA subsystem. The 00083 LSA will signal the event when the portion of LSA initialization upon 00084 with the Reference Monitor depends is complete. The Reference Monitor 00085 uses another LPC port, called the LSA Command Port to send commands 00086 to the LSA, so the RM must know that this port has been created before 00087 trying to connect to it. 00088 o Create the Reference Monitor Command Server Thread. This thread is 00089 a permanent thread of the System Init process that fields the Reference 00090 Monitor State Change commands described above. 00091 00092 00093 Arguments: 00094 00095 None. 00096 00097 Return Value: 00098 00099 BOOLEAN - TRUE if Rm Initialization (Phase 1) succeeded, else FALSE 00100 00101 --*/ 00102 00103 { 00104 NTSTATUS Status; 00105 STRING RmCommandPortName; 00106 UNICODE_STRING UnicodeRmCommandPortName; 00107 OBJECT_ATTRIBUTES ObjectAttributes; 00108 STRING LsaInitEventName; 00109 UNICODE_STRING UnicodeLsaInitEventName; 00110 OBJECT_ATTRIBUTES LsaInitEventObjectAttributes; 00111 SECURITY_DESCRIPTOR LsaInitEventSecurityDescriptor; 00112 ULONG AclSize; 00113 00114 PAGED_CODE(); 00115 00116 // 00117 // Create an LPC port called the Reference Monitor Command Port. 00118 // This will be used by the LSA to send commands to the Reference 00119 // Monitor to update its state data. 00120 // 00121 00122 RtlInitString( &RmCommandPortName, "\\SeRmCommandPort" ); 00123 Status = RtlAnsiStringToUnicodeString( 00124 &UnicodeRmCommandPortName, 00125 &RmCommandPortName, 00126 TRUE ); ASSERT( NT_SUCCESS(Status) ); 00127 InitializeObjectAttributes( 00128 &ObjectAttributes, 00129 &UnicodeRmCommandPortName, 00130 0, 00131 NULL, 00132 NULL 00133 ); 00134 00135 Status = ZwCreatePort( 00136 &SepRmState.RmCommandPortHandle, 00137 &ObjectAttributes, 00138 sizeof(SEP_RM_CONNECT_INFO), 00139 sizeof(RM_COMMAND_MESSAGE), 00140 sizeof(RM_COMMAND_MESSAGE) * 32 00141 ); 00142 RtlFreeUnicodeString( &UnicodeRmCommandPortName ); 00143 00144 if( !NT_SUCCESS(Status) ) { 00145 00146 KdPrint(("Security: Rm Create Command Port failed 0x%lx\n", Status)); 00147 return FALSE; 00148 } 00149 00150 // 00151 // Prepare to create an event for synchronizing with the LSA. 00152 // First, build the Security Descriptor for the Init Event Object 00153 // 00154 00155 Status = RtlCreateSecurityDescriptor( 00156 &LsaInitEventSecurityDescriptor, 00157 SECURITY_DESCRIPTOR_REVISION 00158 ); 00159 00160 if (!NT_SUCCESS(Status)) { 00161 00162 KdPrint(("Security: Creating Lsa Init Event Desc failed 0x%lx\n", 00163 Status)); 00164 return FALSE; 00165 } 00166 00167 // 00168 // Allocate a temporary buffer from the paged pool. It is a fatal 00169 // system error if the allocation fails since security cannot be 00170 // enabled. 00171 // 00172 00173 AclSize = sizeof(ACL) + 00174 sizeof(ACCESS_ALLOWED_ACE) + 00175 SeLengthSid(SeLocalSystemSid); 00176 LsaInitEventSecurityDescriptor.Dacl = 00177 ExAllocatePoolWithTag(PagedPool, AclSize, 'cAeS'); 00178 00179 if (LsaInitEventSecurityDescriptor.Dacl == NULL) { 00180 00181 KdPrint(("Security LSA: Insufficient resources to initialize\n")); 00182 return FALSE; 00183 } 00184 00185 // 00186 // Now create the Discretionary ACL within the Security Descriptor 00187 // 00188 00189 Status = RtlCreateAcl( 00190 LsaInitEventSecurityDescriptor.Dacl, 00191 AclSize, 00192 ACL_REVISION2 00193 ); 00194 00195 if (!NT_SUCCESS(Status)) { 00196 00197 KdPrint(("Security: Creating Lsa Init Event Dacl failed 0x%lx\n", 00198 Status)); 00199 return FALSE; 00200 } 00201 00202 // 00203 // Now add an ACE giving GENERIC_ALL access to the User ID 00204 // 00205 00206 Status = RtlAddAccessAllowedAce( 00207 LsaInitEventSecurityDescriptor.Dacl, 00208 ACL_REVISION2, 00209 GENERIC_ALL, 00210 SeLocalSystemSid 00211 ); 00212 00213 if (!NT_SUCCESS(Status)) { 00214 00215 KdPrint(("Security: Adding Lsa Init Event ACE failed 0x%lx\n", 00216 Status)); 00217 return FALSE; 00218 } 00219 00220 // 00221 // Set up the Object Attributes for the Lsa Initialization Event 00222 // 00223 00224 RtlInitString( &LsaInitEventName, "\\SeLsaInitEvent" ); 00225 Status = RtlAnsiStringToUnicodeString( 00226 &UnicodeLsaInitEventName, 00227 &LsaInitEventName, 00228 TRUE ); ASSERT( NT_SUCCESS(Status) ); 00229 InitializeObjectAttributes( 00230 &LsaInitEventObjectAttributes, 00231 &UnicodeLsaInitEventName, 00232 0, 00233 NULL, 00234 &LsaInitEventSecurityDescriptor 00235 ); 00236 00237 // 00238 // Create an event for use in synchronizing with the LSA. The LSA will 00239 // signal this event when LSA initialization has reached the point 00240 // where the LSA's Reference Monitor Server Port has been created. 00241 // 00242 00243 Status = ZwCreateEvent( 00244 &(SepRmState.LsaInitEventHandle), 00245 EVENT_MODIFY_STATE, 00246 &LsaInitEventObjectAttributes, 00247 NotificationEvent, 00248 FALSE); 00249 00250 RtlFreeUnicodeString( &UnicodeLsaInitEventName ); 00251 00252 if (!NT_SUCCESS(Status)) { 00253 00254 KdPrint(("Security: LSA init event creation failed.0x%xl\n", 00255 Status)); 00256 return FALSE; 00257 } 00258 00259 // 00260 // Deallocate the pool memory used for the Init Event DACL 00261 // 00262 00263 ExFreePool( LsaInitEventSecurityDescriptor.Dacl ); 00264 00265 // 00266 // Create a permanent thread of the Sysinit Process, called the 00267 // Reference Monitor Server Thread. This thread is dedicated to 00268 // receiving Reference Monitor commands and dispatching them. 00269 // 00270 00271 Status = PsCreateSystemThread( 00272 &SepRmState.SepRmThreadHandle, 00273 THREAD_GET_CONTEXT | 00274 THREAD_SET_CONTEXT | 00275 THREAD_SET_INFORMATION, 00276 NULL, 00277 NULL, 00278 NULL, 00279 SepRmCommandServerThread, 00280 NULL 00281 ); 00282 00283 if (!NT_SUCCESS(Status)) { 00284 00285 KdPrint(("Security: Rm Server Thread creation failed 0x%lx\n", Status)); 00286 return FALSE; 00287 } 00288 00289 // 00290 // Initialize data from the registry. This must go here because all other 00291 // Se initialization takes place before the registry is initialized. 00292 // 00293 00294 SepAdtInitializeCrashOnFail(); 00295 SepAdtInitializePrivilegeAuditing(); 00296 SepAdtInitializeAuditingOptions(); 00297 00298 // 00299 // Reference Monitor initialization is successful if we get to here. 00300 // 00301 00302 ZwClose( SepRmState.SepRmThreadHandle ); 00303 SepRmState.SepRmThreadHandle = NULL; 00304 return TRUE; 00305 }

VOID SeSetAccessStateGenericMapping ( PACCESS_STATE AccessState,

PGENERIC_MAPPING GenericMapping

)

Definition at line 396 of file seastate.c.
References _ACCESS_STATE::AuxData, _AUX_ACCESS_DATA::GenericMapping, and PAGED_CODE.
Referenced by IopParseDevice().

00403 : 00404 00405 This routine sets the GenericMapping field in an AccessState structure. 00406 It must be called before access validation is performed if the GenericMapping 00407 is not passed in when the AccessState structure is created. 00408 00409 Arguments: 00410 00411 AccessState - a pointer to the ACCESS_STATE structure to be modified. 00412 00413 GenericMapping - a pointer to the GenericMapping to be copied into the AccessState. 00414 00415 Return Value: 00416 00417 00418 --*/ 00419 { 00420 PAUX_ACCESS_DATA AuxData; 00421 00422 PAGED_CODE(); 00423 00424 AuxData = (PAUX_ACCESS_DATA)AccessState->AuxData; 00425 00426 AuxData->GenericMapping = *GenericMapping; 00427 00428 return; 00429 }

VOID SeSetSecurityAccessMask ( IN SECURITY_INFORMATION SecurityInformation,

OUT PACCESS_MASK DesiredAccess

)

Definition at line 78 of file semethod.c.
References PAGED_CODE.
Referenced by IoCheckFunctionAccess(), and NtSetSecurityObject().

00085 : 00086 00087 This routine builds an access mask representing the accesses necessary 00088 to set the object security information specified in the SecurityInformation 00089 parameter. While it is not difficult to determine this information, 00090 the use of a single routine to generate it will ensure minimal impact 00091 when the security information associated with an object is extended in 00092 the future (to include mandatory access control information). 00093 00094 Arguments: 00095 00096 SecurityInformation - Identifies the object's security information to be 00097 modified. 00098 00099 DesiredAccess - Points to an access mask to be set to represent the 00100 accesses necessary to modify the information specified in the 00101 SecurityInformation parameter. 00102 00103 Return Value: 00104 00105 None. 00106 00107 --*/ 00108 00109 { 00110 00111 PAGED_CODE(); 00112 00113 // 00114 // Figure out accesses needed to perform the indicated operation(s). 00115 // 00116 00117 (*DesiredAccess) = 0; 00118 00119 if ((SecurityInformation & OWNER_SECURITY_INFORMATION) || 00120 (SecurityInformation & GROUP_SECURITY_INFORMATION) ) { 00121 (*DesiredAccess) |= WRITE_OWNER; 00122 } 00123 00124 if (SecurityInformation & DACL_SECURITY_INFORMATION) { 00125 (*DesiredAccess) |= WRITE_DAC; 00126 } 00127 00128 if (SecurityInformation & SACL_SECURITY_INFORMATION) { 00129 (*DesiredAccess) |= ACCESS_SYSTEM_SECURITY; 00130 } 00131 00132 return; 00133 00134 }

NTKERNELAPI NTSTATUS SeSetSecurityDescriptorInfo ( IN PVOID Object OPTIONAL,

IN PSECURITY_INFORMATION SecurityInformation,

IN PSECURITY_DESCRIPTOR SecurityDescriptor,

IN OUT PSECURITY_DESCRIPTOR * ObjectsSecurityDescriptor,

IN POOL_TYPE PoolType,

IN PGENERIC_MAPPING GenericMapping

)

Definition at line 365 of file semethod.c.
References NULL, and RtlpSetSecurityObject().
Referenced by CmpSetSecurityDescriptorInfo(), IopSetDeviceSecurityDescriptors(), and ObSetSecurityDescriptorInfo().

00376 : 00377 00378 This routine will set an object's security descriptor. The input 00379 security descriptor must be previously captured. 00380 00381 Arguments: 00382 00383 Object - Optionally supplies the object whose security is 00384 being adjusted. This is used to update security quota 00385 information. 00386 00387 SecurityInformation - Indicates which security information is 00388 to be applied to the object. The value(s) to be assigned are 00389 passed in the SecurityDescriptor parameter. 00390 00391 ModificationDescriptor - Supplies the input security descriptor to be 00392 applied to the object. The caller of this routine is expected 00393 to probe and capture the passed security descriptor before calling 00394 and release it after calling. 00395 00396 ObjectsSecurityDescriptor - Supplies the address of a pointer to 00397 the objects security descriptor that is going to be altered by 00398 this procedure. This structure must be deallocated by the caller. 00399 00400 PoolType - Specifies the type of pool to allocate for the objects 00401 security descriptor. 00402 00403 GenericMapping - This argument provides the mapping of generic to 00404 specific/standard access types for the object being accessed. 00405 This mapping structure is expected to be safe to access 00406 (i.e., captured if necessary) prior to be passed to this routine. 00407 00408 Return Value: 00409 00410 NTSTATUS - STATUS_SUCCESS if successful and an appropriate error 00411 value otherwise. 00412 00413 --*/ 00414 00415 { 00416 00417 00418 00419 // 00420 // Make sure the object already has a security descriptor. 00421 // Objects that 'may' have security descriptors 'must' have security 00422 // descriptors. If this one doesn't already have one, then we can't 00423 // assign one to it. 00424 // 00425 00426 if ((*ObjectsSecurityDescriptor) == NULL) { 00427 return(STATUS_NO_SECURITY_ON_OBJECT); 00428 } 00429 00430 00431 // 00432 // Pass this call to the common Rtlp routine. 00433 // 00434 00435 return RtlpSetSecurityObject ( 00436 Object, 00437 *SecurityInformation, 00438 ModificationDescriptor, 00439 ObjectsSecurityDescriptor, 00440 0, // No Auto Inheritance 00441 PoolType, 00442 GenericMapping, 00443 NULL ); // No Token 00444 00445 00446 }

NTKERNELAPI NTSTATUS SeSetSecurityDescriptorInfoEx ( IN PVOID Object OPTIONAL,

IN PSECURITY_INFORMATION SecurityInformation,

IN PSECURITY_DESCRIPTOR ModificationDescriptor,

IN OUT PSECURITY_DESCRIPTOR * ObjectsSecurityDescriptor,

IN ULONG AutoInheritFlags,

IN POOL_TYPE PoolType,

IN PGENERIC_MAPPING GenericMapping

)

Definition at line 452 of file semethod.c.
References NULL, and RtlpSetSecurityObject().

00464 : 00465 00466 This routine will set an object's security descriptor. The input 00467 security descriptor must be previously captured. 00468 00469 Arguments: 00470 00471 Object - Optionally supplies the object whose security is 00472 being adjusted. This is used to update security quota 00473 information. 00474 00475 SecurityInformation - Indicates which security information is 00476 to be applied to the object. The value(s) to be assigned are 00477 passed in the SecurityDescriptor parameter. 00478 00479 ModificationDescriptor - Supplies the input security descriptor to be 00480 applied to the object. The caller of this routine is expected 00481 to probe and capture the passed security descriptor before calling 00482 and release it after calling. 00483 00484 ObjectsSecurityDescriptor - Supplies the address of a pointer to 00485 the objects security descriptor that is going to be altered by 00486 this procedure. This structure must be deallocated by the caller. 00487 00488 AutoInheritFlags - Controls automatic inheritance of ACES. 00489 Valid values are a bits mask of the logical OR of 00490 one or more of the following bits: 00491 00492 SEF_DACL_AUTO_INHERIT - If set, inherited ACEs from the 00493 DACL in the ObjectsSecurityDescriptor are preserved and inherited ACEs from 00494 the ModificationDescriptor are ignored. Inherited ACEs are not supposed 00495 to be modified; so preserving them across this call is appropriate. 00496 If a protected server does not itself implement auto inheritance, it should 00497 not set this bit. The caller of the protected server may implement 00498 auto inheritance and my indeed be modifying inherited ACEs. 00499 00500 SEF_SACL_AUTO_INHERIT - If set, inherited ACEs from the 00501 SACL in the ObjectsSecurityDescriptor are preserved and inherited ACEs from 00502 the ModificationDescriptor are ignored. Inherited ACEs are not supposed 00503 to be modified; so preserving them across this call is appropriate. 00504 If a protected server does not itself implement auto inheritance, it should 00505 not set this bit. The caller of the protected server may implement 00506 auto inheritance and my indeed be modifying inherited ACEs. 00507 00508 PoolType - Specifies the type of pool to allocate for the objects 00509 security descriptor. 00510 00511 GenericMapping - This argument provides the mapping of generic to 00512 specific/standard access types for the object being accessed. 00513 This mapping structure is expected to be safe to access 00514 (i.e., captured if necessary) prior to be passed to this routine. 00515 00516 Return Value: 00517 00518 NTSTATUS - STATUS_SUCCESS if successful and an appropriate error 00519 value otherwise. 00520 00521 --*/ 00522 00523 { 00524 00525 00526 00527 // 00528 // Make sure the object already has a security descriptor. 00529 // Objects that 'may' have security descriptors 'must' have security 00530 // descriptors. If this one doesn't already have one, then we can't 00531 // assign one to it. 00532 // 00533 00534 if ((*ObjectsSecurityDescriptor) == NULL) { 00535 return(STATUS_NO_SECURITY_ON_OBJECT); 00536 } 00537 00538 00539 // 00540 // Pass this call to the common Rtlp routine. 00541 // 00542 00543 return RtlpSetSecurityObject ( 00544 Object, 00545 *SecurityInformation, 00546 ModificationDescriptor, 00547 ObjectsSecurityDescriptor, 00548 AutoInheritFlags, 00549 PoolType, 00550 GenericMapping, 00551 NULL ); // No Token 00552 00553 00554 }

NTKERNELAPI NTSTATUS SeSetSessionIdToken ( IN PACCESS_TOKEN,

IN ULONG SessionId

)

NTKERNELAPI BOOLEAN SeSinglePrivilegeCheck ( LUID PrivilegeValue,

KPROCESSOR_MODE PreviousMode

)

Definition at line 436 of file privileg.c.
References KernelMode, NULL, PAGED_CODE, SeCaptureSubjectContext(), SECURITY_SUBJECT_CONTEXT, SePrivilegeCheck(), SePrivilegedServiceAuditAlarm(), and SeReleaseSubjectContext().
Referenced by CmpDoOpen(), CmpRefreshHive(), ExpRaiseHardError(), NtAllocateUserPhysicalPages(), NtCreatePagingFile(), NtCreateProfile(), NtLoadDriver(), NtLoadKey2(), NtLockVirtualMemory(), NtOpenProcess(), NtOpenThread(), NtQuerySystemEnvironmentValue(), NtQuerySystemInformation(), NtReplaceKey(), NtRestoreKey(), NtSaveKey(), NtSaveMergedKeys(), NtSetDefaultHardErrorPort(), NtSetInformationProcess(), NtSetInformationToken(), NtSetSystemEnvironmentValue(), NtSetSystemInformation(), NtSystemDebugControl(), NtUnloadDriver(), NtUnloadKey(), NtUnlockVirtualMemory(), ObCreateObject(), PspSetQuotaLimits(), SepCreateToken(), SepValidOwnerSubjectContext(), and UdfInvalidateVolumes().

00443 : 00444 00445 This function will check for the passed privilege value in the 00446 current context. 00447 00448 Arguments: 00449 00450 PrivilegeValue - The value of the privilege being checked. 00451 00452 00453 Return Value: 00454 00455 TRUE - The current subject has the desired privilege. 00456 00457 FALSE - The current subject does not have the desired privilege. 00458 --*/ 00459 00460 { 00461 BOOLEAN AccessGranted; 00462 PRIVILEGE_SET RequiredPrivileges; 00463 SECURITY_SUBJECT_CONTEXT SubjectSecurityContext; 00464 00465 PAGED_CODE(); 00466 00467 // 00468 // Make sure the caller has the privilege to make this 00469 // call. 00470 // 00471 00472 RequiredPrivileges.PrivilegeCount = 1; 00473 RequiredPrivileges.Control = PRIVILEGE_SET_ALL_NECESSARY; 00474 RequiredPrivileges.Privilege[0].Luid = PrivilegeValue; 00475 RequiredPrivileges.Privilege[0].Attributes = 0; 00476 00477 SeCaptureSubjectContext( &SubjectSecurityContext ); 00478 00479 AccessGranted = SePrivilegeCheck( 00480 &RequiredPrivileges, 00481 &SubjectSecurityContext, 00482 PreviousMode 00483 ); 00484 00485 if ( PreviousMode != KernelMode ) { 00486 00487 SePrivilegedServiceAuditAlarm ( 00488 NULL, // BUGWARNING need service name 00489 &SubjectSecurityContext, 00490 &RequiredPrivileges, 00491 AccessGranted 00492 ); 00493 } 00494 00495 00496 SeReleaseSubjectContext( &SubjectSecurityContext ); 00497 00498 return( AccessGranted ); 00499 00500 }

NTSTATUS SeSubProcessToken ( IN PEPROCESS ParentProcess,

OUT PACCESS_TOKEN * ChildToken

)

Definition at line 1327 of file token.c.
References DbgPrint, FALSE, KernelMode, KPROCESSOR_MODE, NT_SUCCESS, NTSTATUS(), NULL, ObInsertObject(), PAGED_CODE, PrimaryTokenAttributes, PsDereferencePrimaryToken, PsReferencePrimaryToken(), PTOKEN, SepDuplicateToken(), Status, and TRUE.
Referenced by PspInitializeProcessSecurity().

01334 : 01335 01336 This routine makes a token for a sub-process that is a duplicate 01337 of the parent process's token. 01338 01339 01340 01341 Parameters: 01342 01343 ParentProcess - Pointer to the parent process object. This is used 01344 to locate the parent process's primary token, and for logging 01345 purposes. 01346 01347 ChildToken - Receives a pointer to the child process's token. 01348 01349 Return Value: 01350 01351 STATUS_SUCCESS - Indicates the sub-process's token has been created 01352 successfully. 01353 01354 Other status values may be returned from memory allocation or object 01355 creation services used and typically indicate insufficient resources 01356 or quota on the requestor's part. 01357 01358 01359 01360 --*/ 01361 01362 { 01363 01364 // 01365 // NOTE: THIS ROUTINE CAN BE MADE MUCH MORE EFFICIENT. 01366 // IT IS DONE IN A BRUTE FORCE FASHION FOR THE LARGE_INTEGER 01367 // BEING TO GET THINGS UP AND RUNNING. 01368 // 01369 // THE PERFORMANCE OF THIS ROUTINE DIRECTLY IMPACTS 01370 // THE PERFORMANCE OF SUB-PROCESS CREATION. 01371 // 01372 01373 01374 KPROCESSOR_MODE PreviousMode; 01375 PTOKEN ParentToken; 01376 PTOKEN NewToken; 01377 HANDLE NewTokenHandle; 01378 OBJECT_ATTRIBUTES PrimaryTokenAttributes; 01379 01380 PTOKEN InsertedToken; 01381 01382 NTSTATUS Status; 01383 NTSTATUS IgnoreStatus; 01384 01385 PAGED_CODE(); 01386 01387 PreviousMode = KeGetPreviousMode(); 01388 01389 InitializeObjectAttributes( 01390 &PrimaryTokenAttributes, 01391 NULL, 01392 0, 01393 NULL, 01394 NULL 01395 ); 01396 01397 #ifdef TOKEN_DEBUG 01398 DbgPrint("\nCreating sub-process token...\n"); 01399 DbgPrint("Parent token address = 0x%lx\n", ParentProcess->Token); 01400 #endif //TOKEN_DEBUG 01401 01402 ParentToken = (PTOKEN)PsReferencePrimaryToken( ParentProcess ); 01403 01404 Status = SepDuplicateToken( 01405 ParentToken, // ExistingToken 01406 &PrimaryTokenAttributes, // ObjectAttributes 01407 FALSE, // EffectiveOnly 01408 TokenPrimary, // TokenType 01409 (SECURITY_IMPERSONATION_LEVEL)0, // ImpersonationLevel 01410 KernelMode, // RequestorMode 01411 &NewToken // NewToken 01412 ); 01413 01414 PsDereferencePrimaryToken( (PACCESS_TOKEN)ParentToken ); 01415 01416 if (NT_SUCCESS(Status)) { 01417 01418 // 01419 // Insert the new token object, up its ref count, and then 01420 // delete the new handle. 01421 // 01422 01423 Status = ObInsertObject( 01424 NewToken, 01425 NULL, 01426 0, 01427 1, // ObjectPointerBias 01428 (PVOID *)&InsertedToken, 01429 &NewTokenHandle 01430 ); 01431 01432 if (NT_SUCCESS(Status)) { 01433 01434 *ChildToken = InsertedToken; 01435 InsertedToken->TokenInUse = TRUE; 01436 IgnoreStatus = ZwClose( NewTokenHandle ); 01437 01438 // 01439 // At this point, either the token has a reference 01440 // outstanding (and no handles), or the reference 01441 // failed. If the reference failed, the status will 01442 // be returned indicating why. 01443 // 01444 01445 } else { 01446 01447 // 01448 // ObInsertObject dereferences the passed object if it 01449 // fails, so we don't have to do any cleanup on NewToken 01450 // here. 01451 // 01452 } 01453 } 01454 01455 return Status; 01456 }

SECURITY_IMPERSONATION_LEVEL SeTokenImpersonationLevel ( IN PACCESS_TOKEN Token )

Definition at line 211 of file token.c.
References PAGED_CODE, PTOKEN, and Token.
Referenced by PsAssignImpersonationToken().

00217 : 00218 00219 This function returns the impersonation level of a token. The token 00220 is assumed to be a TokenImpersonation type token. 00221 00222 00223 Arguments: 00224 00225 Token - Points to the token whose impersonation level is to be returned. 00226 00227 Return Value: 00228 00229 The token's impersonation level. 00230 00231 --*/ 00232 00233 { 00234 PAGED_CODE(); 00235 00236 return ((PTOKEN)Token)->ImpersonationLevel; 00237 }

NTKERNELAPI BOOLEAN SeTokenIsAdmin ( IN PACCESS_TOKEN Token )

Definition at line 150 of file token.c.
References PAGED_CODE, PTOKEN, Token, and TOKEN_HAS_ADMIN_GROUP.
Referenced by NtAssignProcessToJobObject(), NtSetInformationJobObject(), PsAssignImpersonationToken(), and PsImpersonateClient().

00156 : 00157 00158 Returns if the token is a member of the local admin group. 00159 00160 Arguments: 00161 00162 Token - Points to the token. 00163 00164 Return Value: 00165 00166 TRUE - Token contains the local admin group 00167 FALSE - no admin. 00168 00169 --*/ 00170 00171 { 00172 PAGED_CODE(); 00173 00174 return ((((PTOKEN)Token)->TokenFlags & TOKEN_HAS_ADMIN_GROUP) != 0 ); 00175 }

NTKERNELAPI BOOLEAN SeTokenIsRestricted ( IN PACCESS_TOKEN Token )

Definition at line 181 of file token.c.
References PAGED_CODE, PTOKEN, Token, and TOKEN_IS_RESTRICTED.
Referenced by IsRestricted(), PsAssignImpersonationToken(), PsImpersonateClient(), and SepAccessCheck().

00187 : 00188 00189 Returns if the token is a restricted token. 00190 00191 Arguments: 00192 00193 Token - Points to the token. 00194 00195 Return Value: 00196 00197 TRUE - Token contains restricted sids 00198 FALSE - no admin. 00199 00200 --*/ 00201 00202 { 00203 PAGED_CODE(); 00204 00205 return ((((PTOKEN)Token)->TokenFlags & TOKEN_IS_RESTRICTED) != 0 ); 00206 }

NTKERNELAPI TOKEN_TYPE SeTokenType ( IN PACCESS_TOKEN Token )

Definition at line 118 of file token.c.
References PAGED_CODE, PTOKEN, and Token.
Referenced by PsAssignImpersonationToken().

00124 : 00125 00126 This function returns the type of an instance of a token (TokenPrimary, 00127 or TokenImpersonation). 00128 00129 00130 Arguments: 00131 00132 Token - Points to the token whose type is to be returned. 00133 00134 Return Value: 00135 00136 The token's type. 00137 00138 --*/ 00139 00140 { 00141 PAGED_CODE(); 00142 00143 return (((PTOKEN)Token)->TokenType); 00144 }

VOID SeTraverseAuditAlarm ( IN PLUID OperationID,

IN PVOID DirectoryObject,

IN PSECURITY_DESCRIPTOR SecurityDescriptor,

IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext,

IN BOOLEAN SubjectContextLocked,

IN ACCESS_MASK TraverseAccess,

IN PPRIVILEGE_SET Privileges OPTIONAL,

IN BOOLEAN AccessGranted,

IN KPROCESSOR_MODE AccessMode

)

Definition at line 3429 of file seaudit.c.
References _SE_AUDITING_STATE::AuditOnFailure, _SE_AUDITING_STATE::AuditOnSuccess, EffectiveToken, FALSE, KernelMode, NULL, PAGED_CODE, SeAuditingState, SeLockSubjectContext(), SepAdtTraverseAuditAlarm(), SepExamineSacl(), SepTokenAuthenticationId, SepTokenUserSid, and SeUnlockSubjectContext().
Referenced by IopParseDevice().

03442 : 03443 03444 This routine is called to audit directory traverse operations 03445 specifically. It should be called by parse procedures as they traverse 03446 directories as part of their operation. 03447 03448 Arguments: 03449 03450 OperationID - LUID identifying the operation in progress 03451 03452 DirectoryObject - Pointer to the directory being traversed. 03453 03454 SecurityDescriptor - The security descriptor (if any) attached to the 03455 directory being traversed. 03456 03457 SubjectSecurityContext - Security context of the client. 03458 03459 SubjectContextLocked - Supplies whether the SubjectContext is locked 03460 for shared access. 03461 03462 TraverseAccess - Mask to indicate the traverse access for this object 03463 type. 03464 03465 Privileges - Optional parameter to indicate any privilges that the 03466 subject may have used to gain access to the object. 03467 03468 AccessGranted - Indicates if the access was granted or denied based on 03469 the access check or privilege check. 03470 03471 AccessMode - Indicates the access mode used for the access check. One 03472 of UserMode or KernelMode. Messages will not be generated by 03473 kernel mode accesses. 03474 03475 Return value: 03476 03477 None. 03478 03479 --*/ 03480 03481 { 03482 PAGED_CODE(); 03483 03484 #if 0 03485 BOOLEAN GenerateAudit = FALSE; 03486 BOOLEAN GenerateAlarm = FALSE; 03487 03488 if (AccessMode == KernelMode) { 03489 return; 03490 } 03491 03492 if ((SeAuditingState[AuditEventTraverse].AuditOnSuccess && AccessGranted) || 03493 SeAuditingState[AuditEventTraverse].AuditOnFailure && !AccessGranted) { 03494 03495 if ( SecurityDescriptor != NULL ) { 03496 03497 if ( !SubjectContextLocked ) { 03498 SeLockSubjectContext( SubjectSecurityContext ); 03499 } 03500 03501 SepExamineSacl( 03502 RtlpSaclAddrSecurityDescriptor( (PISECURITY_DESCRIPTOR)SecurityDescriptor ), 03503 EffectiveToken( SubjectSecurityContext ), 03504 TraverseAccess, 03505 AccessGranted, 03506 &GenerateAudit, 03507 &GenerateAlarm 03508 ); 03509 03510 if (GenerateAudit || GenerateAlarm) { 03511 03512 SepAdtTraverseAuditAlarm( 03513 OperationID, 03514 DirectoryObject, 03515 SepTokenUserSid(EffectiveToken( SubjectSecurityContext )), 03516 SepTokenAuthenticationId(EffectiveToken( SubjectSecurityContext )), 03517 TraverseAccess, 03518 Privileges, 03519 AccessGranted, 03520 GenerateAudit, 03521 GenerateAlarm 03522 ); 03523 } 03524 03525 if ( !SubjectContextLocked ) { 03526 SeUnlockSubjectContext( SubjectSecurityContext ); 03527 } 03528 } 03529 } 03530 03531 #endif 03532 03533 return; 03534 }

NTKERNELAPI VOID SeUnlockSubjectContext ( IN PSECURITY_SUBJECT_CONTEXT SubjectContext )

Definition at line 159 of file subject.c.
References PAGED_CODE, PTOKEN, and SepReleaseTokenReadLock.
Referenced by CmpCheckCreateAccess(), CmpCheckNotifyAccess(), IopParseDevice(), IsPrivileged(), ObCheckCreateObjectAccess(), ObCheckObjectAccess(), ObpCheckObjectReference(), ObpCheckTraverseAccess(), RtlpNewSecurityObject(), SeAccessCheck(), SepAccessCheckAndAuditAlarm(), SeQueryAuthenticationIdSubjectContext(), SeTraverseAuditAlarm(), and xxxCreateWindowStation().

00165 : 00166 00167 Releases the read locks on the token(s) in the passed SubjectContext. 00168 00169 Arguments: 00170 00171 SubjectContext - Points to a SECURITY_SUBJECT_CONTEXT data structure 00172 which points to a primary token and an optional impersonation token. 00173 00174 Return Value: 00175 00176 None 00177 00178 --*/ 00179 00180 { 00181 PAGED_CODE(); 00182 00183 SepReleaseTokenReadLock((PTOKEN)(SubjectContext->PrimaryToken)); 00184 00185 if (ARGUMENT_PRESENT(SubjectContext->ClientToken)) { 00186 00187 SepReleaseTokenReadLock((PTOKEN)(SubjectContext->ClientToken)); 00188 } 00189 00190 00191 }

NTKERNELAPI NTSTATUS SeUnregisterLogonSessionTerminatedRoutine ( IN PSE_LOGON_SESSION_TERMINATED_ROUTINE CallbackRoutine )

Definition at line 908 of file rmlogon.c.
References ExFreePool(), _SEP_LOGON_SESSION_TERMINATED_NOTIFICATION::Next, NTSTATUS(), NULL, PAGED_CODE, SeFileSystemNotifyRoutinesHead, SepRmAcquireDbWriteLock, SepRmReleaseDbWriteLock, and Status.

00914 : 00915 00916 This is the dual of SeRegisterLogonSessionTerminatedRoutine. A File System 00917 *MUST* call this before it is unloaded. 00918 00919 Arguments: 00920 00921 CallbackRoutine - Address of routine that was originally passed in to 00922 SeRegisterLogonSessionTerminatedRoutine. 00923 00924 Return Value: 00925 00926 STATUS_SUCCESS - Successfully removed callback routine 00927 00928 STATUS_INVALID_PARAMETER - CallbackRoutine is NULL 00929 00930 STATUS_NOT_FOUND - Didn't find and entry for CallbackRoutine 00931 00932 --*/ 00933 { 00934 NTSTATUS Status; 00935 PSEP_LOGON_SESSION_TERMINATED_NOTIFICATION PreviousEntry; 00936 PSEP_LOGON_SESSION_TERMINATED_NOTIFICATION NotifyEntry; 00937 00938 PAGED_CODE(); 00939 00940 if (CallbackRoutine == NULL) { 00941 return( STATUS_INVALID_PARAMETER ); 00942 } 00943 00944 SepRmAcquireDbWriteLock(); 00945 00946 for (PreviousEntry = &SeFileSystemNotifyRoutinesHead, 00947 NotifyEntry = SeFileSystemNotifyRoutinesHead.Next; 00948 NotifyEntry != NULL; 00949 PreviousEntry = NotifyEntry, 00950 NotifyEntry = NotifyEntry->Next) { 00951 00952 if (NotifyEntry->CallbackRoutine == CallbackRoutine) 00953 break; 00954 00955 } 00956 00957 if (NotifyEntry != NULL) { 00958 00959 PreviousEntry->Next = NotifyEntry->Next; 00960 00961 ExFreePool( NotifyEntry ); 00962 00963 Status = STATUS_SUCCESS; 00964 00965 } else { 00966 00967 Status = STATUS_NOT_FOUND; 00968 00969 } 00970 00971 SepRmReleaseDbWriteLock(); 00972 00973 return( Status ); 00974 00975 }

NTSTATUS SeUpdateClientSecurity ( IN PETHREAD ClientThread,

IN OUT PSECURITY_CLIENT_CONTEXT ClientContext,

OUT PBOOLEAN ChangesMade,

OUT PBOOLEAN NewToken

)

NTKERNELAPI BOOLEAN SeValidSecurityDescriptor ( IN ULONG Length,

IN PSECURITY_DESCRIPTOR SecurityDescriptor

)

Definition at line 2414 of file se/capture.c.
References Dacl, FALSE, LongAligned, RtlValidAcl(), SeLengthSid, and TRUE.
Referenced by CmpValidateHiveSecurityDescriptors().

02421 : 02422 02423 Validates a security descriptor for structural correctness. The idea is to make 02424 sure that the security descriptor may be passed to other kernel callers, without 02425 fear that they're going to choke while manipulating it. 02426 02427 This routine does not enforce policy (e.g., ACL/ACE revision information). It is 02428 entirely possible for a security descriptor to be approved by this routine, only 02429 to be later found to be invalid by some later routine. 02430 02431 This routine is designed to be used by callers who have a security descriptor in 02432 kernel memory. Callers wishing to validate a security descriptor passed from user 02433 mode should call RtlValidSecurityDescriptor. 02434 02435 Arguments: 02436 02437 Length - Length in bytes of passed Security Descriptor. 02438 02439 SecurityDescriptor - Points to the Security Descriptor (in kernel memory) to be 02440 validatated. 02441 02442 Return Value: 02443 02444 TRUE - The passed security descriptor is correctly structured 02445 FALSE - The passed security descriptor is badly formed 02446 02447 --*/ 02448 02449 { 02450 PISECURITY_DESCRIPTOR_RELATIVE ISecurityDescriptor = 02451 (PISECURITY_DESCRIPTOR_RELATIVE)SecurityDescriptor; 02452 PISID OwnerSid; 02453 PISID GroupSid; 02454 PACE_HEADER Ace; 02455 PISID Sid; 02456 PISID Sid2; 02457 PACL Dacl; 02458 PACL Sacl; 02459 ULONG i; 02460 02461 if (Length < sizeof(SECURITY_DESCRIPTOR_RELATIVE)) { 02462 return(FALSE); 02463 } 02464 02465 // 02466 // Check the revision information. 02467 // 02468 02469 if (ISecurityDescriptor->Revision != SECURITY_DESCRIPTOR_REVISION) { 02470 return(FALSE); 02471 } 02472 02473 // 02474 // Make sure the passed SecurityDescriptor is in self-relative form 02475 // 02476 02477 if (!(ISecurityDescriptor->Control & SE_SELF_RELATIVE)) { 02478 return(FALSE); 02479 } 02480 02481 // 02482 // Check the owner. A valid SecurityDescriptor must have an owner. 02483 // It must also be long aligned. 02484 // 02485 02486 if ((ISecurityDescriptor->Owner == 0) || 02487 (!LongAligned((PVOID)(ULONG_PTR)(ULONG)ISecurityDescriptor->Owner)) || 02488 (ISecurityDescriptor->Owner > Length) || 02489 (Length - ISecurityDescriptor->Owner < sizeof(SID))) { 02490 02491 return(FALSE); 02492 } 02493 02494 // 02495 // It is safe to reference the owner's SubAuthorityCount, compute the 02496 // expected length of the SID 02497 // 02498 02499 OwnerSid = (PSID)RtlOffsetToPointer( ISecurityDescriptor, ISecurityDescriptor->Owner ); 02500 02501 if (OwnerSid->Revision != SID_REVISION) { 02502 return(FALSE); 02503 } 02504 02505 if (OwnerSid->SubAuthorityCount > SID_MAX_SUB_AUTHORITIES) { 02506 return(FALSE); 02507 } 02508 02509 if (Length - ISecurityDescriptor->Owner < (ULONG) SeLengthSid(OwnerSid)) { 02510 return(FALSE); 02511 } 02512 02513 // 02514 // The owner appears to be a structurally valid SID that lies within 02515 // the bounds of the security descriptor. Do the same for the Group 02516 // if there is one. 02517 // 02518 02519 if (ISecurityDescriptor->Group != 0) { 02520 02521 // 02522 // Check alignment 02523 // 02524 02525 if (!LongAligned( (PVOID)(ULONG_PTR)(ULONG)ISecurityDescriptor->Group)) { 02526 return(FALSE); 02527 } 02528 02529 if (ISecurityDescriptor->Group > Length) { 02530 return(FALSE); 02531 } 02532 02533 if (Length - ISecurityDescriptor->Group < sizeof (SID)) { 02534 return(FALSE); 02535 } 02536 02537 // 02538 // It is safe to reference the Group's SubAuthorityCount, compute the 02539 // expected length of the SID 02540 // 02541 02542 GroupSid = (PSID)RtlOffsetToPointer( ISecurityDescriptor, ISecurityDescriptor->Group ); 02543 02544 if (GroupSid->Revision != SID_REVISION) { 02545 return(FALSE); 02546 } 02547 02548 if (GroupSid->SubAuthorityCount > SID_MAX_SUB_AUTHORITIES) { 02549 return(FALSE); 02550 } 02551 02552 if (Length - ISecurityDescriptor->Group < (ULONG) SeLengthSid(GroupSid)) { 02553 return(FALSE); 02554 } 02555 } 02556 02557 // 02558 // Validate the DACL. A structurally valid SecurityDescriptor may not necessarily 02559 // have a DACL. 02560 // 02561 02562 if (ISecurityDescriptor->Dacl != 0) { 02563 02564 // 02565 // Check alignment 02566 // 02567 02568 if (!LongAligned( (PVOID)(ULONG_PTR)(ULONG)ISecurityDescriptor->Dacl)) { 02569 return(FALSE); 02570 } 02571 02572 // 02573 // Make sure the DACL structure is within the bounds of the security descriptor. 02574 // 02575 02576 if ((ISecurityDescriptor->Dacl > Length) || 02577 (Length - ISecurityDescriptor->Dacl < sizeof(ACL))) { 02578 return(FALSE); 02579 } 02580 02581 Dacl = (PACL) RtlOffsetToPointer( ISecurityDescriptor, ISecurityDescriptor->Dacl ); 02582 02583 02584 // 02585 // Make sure the DACL length fits within the bounds of the security descriptor. 02586 // 02587 02588 if (Length - ISecurityDescriptor->Dacl < Dacl->AclSize) { 02589 return(FALSE); 02590 } 02591 02592 // 02593 // Make sure the ACL is structurally valid. 02594 // 02595 02596 if (!RtlValidAcl( Dacl )) { 02597 return(FALSE); 02598 } 02599 } 02600 02601 // 02602 // Validate the SACL. A structurally valid SecurityDescriptor may not 02603 // have a SACL. 02604 // 02605 02606 if (ISecurityDescriptor->Sacl != 0) { 02607 02608 // 02609 // Check alignment 02610 // 02611 02612 if (!LongAligned( (PVOID)(ULONG_PTR)(ULONG)ISecurityDescriptor->Sacl)) { 02613 return(FALSE); 02614 } 02615 02616 // 02617 // Make sure the SACL structure is within the bounds of the security descriptor. 02618 // 02619 02620 if ((ISecurityDescriptor->Sacl > Length) || 02621 (Length - ISecurityDescriptor->Sacl < sizeof(ACL))) { 02622 return(FALSE); 02623 } 02624 02625 // 02626 // Make sure the Sacl structure is within the bounds of the security descriptor. 02627 // 02628 02629 Sacl = (PACL)RtlOffsetToPointer( ISecurityDescriptor, ISecurityDescriptor->Sacl ); 02630 02631 02632 if (Length - ISecurityDescriptor->Sacl < Sacl->AclSize) { 02633 return(FALSE); 02634 } 02635 02636 // 02637 // Make sure the ACL is structurally valid. 02638 // 02639 02640 if (!RtlValidAcl( Sacl )) { 02641 return(FALSE); 02642 } 02643 } 02644 02645 return(TRUE); 02646 }

Variable Documentation

PSID SeAliasAccountOpsSid

Definition at line 1636 of file se.h.
Referenced by SepVariableInitialization().

PSID SeAliasAdminsSid

Definition at line 1630 of file se.h.
Referenced by IopApplySystemPartitionProt(), IopCreateDefaultDeviceSecurityDescriptor(), IopOpenDeviceParametersSubkey(), ObpGetDosDevicesProtection(), SeMakeAnonymousLogonToken(), SeMakeSystemToken(), SepCreateImpersonationTokenDacl(), SepCreateToken(), SepInitializationPhase1(), SepInitSystemDacls(), SepMakeTokenEffectiveOnly(), SepRemoveDisabledGroupsAndPrivileges(), and SepVariableInitialization().

PSID SeAliasBackupOpsSid

Definition at line 1639 of file se.h.
Referenced by SepVariableInitialization().

PSID SeAliasGuestsSid

Definition at line 1634 of file se.h.
Referenced by SepVariableInitialization().

PSID SeAliasPowerUsersSid

Definition at line 1635 of file se.h.
Referenced by SepVariableInitialization().

PSID SeAliasPrintOpsSid

Definition at line 1638 of file se.h.
Referenced by SepVariableInitialization().

PSID SeAliasSystemOpsSid

Definition at line 1637 of file se.h.
Referenced by SepVariableInitialization().

PSID SeAliasUsersSid

Definition at line 1633 of file se.h.
Referenced by SepVariableInitialization().

LUID SeAnonymousAuthenticationId

Definition at line 1600 of file se.h.
Referenced by SeMakeAnonymousLogonToken(), and SepRmDbInitialization().

PSID SeAnonymousLogonSid

Definition at line 1632 of file se.h.
Referenced by SeMakeAnonymousLogonToken(), and SepVariableInitialization().

PACCESS_TOKEN SeAnonymousLogonToken

Definition at line 1645 of file se.h.
Referenced by NtImpersonateAnonymousToken(), and SepInitializationPhase1().

LUID SeAssignPrimaryTokenPrivilege

Definition at line 1671 of file se.h.
Referenced by NtSetInformationJobObject(), PspSetPrimaryToken(), SeMakeSystemToken(), and SepVariableInitialization().

SE_AUDITING_STATE SeAuditingState[]

Definition at line 1702 of file se.h.
Referenced by SepRmSetAuditEventWrkr(), and SeTraverseAuditAlarm().

LUID SeAuditPrivilege

Definition at line 1689 of file se.h.
Referenced by SeCheckAuditPrivilege(), SeMakeSystemToken(), and SepVariableInitialization().

PSID SeAuthenticatedUsersSid

Definition at line 1629 of file se.h.
Referenced by SeMakeSystemToken(), and SepVariableInitialization().

LUID SeBackupPrivilege

Definition at line 1685 of file se.h.
Referenced by CmpDoOpen(), IopCheckBackupRestorePrivilege(), NtSaveKey(), NtSaveMergedKeys(), SeMakeSystemToken(), and SepVariableInitialization().

PSID SeBatchSid

Definition at line 1626 of file se.h.
Referenced by SepSidTranslation(), and SepVariableInitialization().

LUID SeChangeNotifyPrivilege

Definition at line 1691 of file se.h.
Referenced by SeMakeSystemToken(), SepAdjustPrivileges(), SepCreateToken(), SepRemoveDisabledGroupsAndPrivileges(), and SepVariableInitialization().

LUID SeCreatePagefilePrivilege

Definition at line 1679 of file se.h.
Referenced by NtCreatePagingFile(), NtQuerySystemInformation(), NtSetSystemInformation(), SeMakeSystemToken(), and SepVariableInitialization().

LUID SeCreatePermanentPrivilege

Definition at line 1684 of file se.h.
Referenced by ObCreateObject(), SeMakeSystemToken(), and SepVariableInitialization().

LUID SeCreateTokenPrivilege

Definition at line 1670 of file se.h.
Referenced by SeMakeSystemToken(), SepCreateToken(), and SepVariableInitialization().

PSID SeCreatorGroupServerSid

Definition at line 1614 of file se.h.
Referenced by SepSidTranslation(), and SepVariableInitialization().

PSID SeCreatorGroupSid

Definition at line 1612 of file se.h.
Referenced by SepSidTranslation(), and SepVariableInitialization().

PSID SeCreatorOwnerServerSid

Definition at line 1613 of file se.h.
Referenced by SepSidTranslation(), and SepVariableInitialization().

PSID SeCreatorOwnerSid

Definition at line 1611 of file se.h.
Referenced by ObpGetDosDevicesProtection(), SepSidTranslation(), and SepVariableInitialization().

LUID SeDebugPrivilege

Definition at line 1688 of file se.h.
Referenced by NtOpenProcess(), NtOpenThread(), NtSetSystemInformation(), NtSystemDebugControl(), SeMakeSystemToken(), and SepVariableInitialization().

BOOLEAN SeDetailedAuditing

Definition at line 1709 of file se.h.
Referenced by NtDuplicateObject(), ObInitProcess(), PspCreateProcess(), PspProcessDelete(), and SepRmSetAuditEventWrkr().

PSID SeDialupSid

Definition at line 1624 of file se.h.
Referenced by SepVariableInitialization().

LUID SeEnableDelegationPrivilege

Definition at line 1695 of file se.h.
Referenced by SepVariableInitialization().

NTKERNELAPI PSE_EXPORTS SeExports

Definition at line 1590 of file se.h.
Referenced by InitSecurity(), SepVariableInitialization(), SmbTraceStart(), xxxConnectService(), and xxxCreateWindowStation().

LUID SeIncreaseBasePriorityPrivilege

Definition at line 1680 of file se.h.
Referenced by NtSetInformationJobObject(), NtSetInformationProcess(), NtSetInformationThread(), SeMakeSystemToken(), and SepVariableInitialization().

LUID SeIncreaseQuotaPrivilege

Definition at line 1673 of file se.h.
Referenced by NtSetSystemInformation(), PspSetQuotaLimits(), SeMakeSystemToken(), and SepVariableInitialization().

PSID SeInteractiveSid

Definition at line 1627 of file se.h.
Referenced by SepSidTranslation(), and SepVariableInitialization().

LUID SeLoadDriverPrivilege

Definition at line 1678 of file se.h.
Referenced by NtLoadDriver(), NtSetSystemInformation(), NtUnloadDriver(), SeMakeSystemToken(), and SepVariableInitialization().

PSID SeLocalSid

Definition at line 1610 of file se.h.
Referenced by SepSidTranslation(), and SepVariableInitialization().

PSID SeLocalSystemSid

Definition at line 1628 of file se.h.
Referenced by IopApplySystemPartitionProt(), IopInitializePlugPlayServices(), ObpGetDosDevicesProtection(), SeMakeSystemToken(), SepAdtGenerateDiscardAudit(), SepAdtPrivilegeObjectAuditAlarm(), SepCreateImpersonationTokenDacl(), SepInitializationPhase1(), SepInitSystemDacls(), SePrivilegedServiceAuditAlarm(), SepSidTranslation(), SepVariableInitialization(), and SeRmInitPhase1().

LUID SeLockMemoryPrivilege

Definition at line 1672 of file se.h.
Referenced by NtAllocateUserPhysicalPages(), NtLockVirtualMemory(), NtUnlockVirtualMemory(), SeMakeSystemToken(), and SepVariableInitialization().

PSID SeNetworkSid

Definition at line 1625 of file se.h.
Referenced by SepSidTranslation(), and SepVariableInitialization().

PSID SeNtAuthoritySid

Definition at line 1622 of file se.h.
Referenced by SepVariableInitialization().

PSID SeNullSid

Definition at line 1608 of file se.h.
Referenced by SepVariableInitialization().

PSID SePrincipalSelfSid

Definition at line 1615 of file se.h.
Referenced by SepSidInSidAndAttributes(), SepSidInToken(), SepSidInTokenEx(), and SepVariableInitialization().

LUID SeProfileSingleProcessPrivilege

Definition at line 1683 of file se.h.
Referenced by SeMakeSystemToken(), and SepVariableInitialization().

struct _OBJECT_TYPE* SepTokenObjectType

Definition at line 1212 of file se.h.
Referenced by NtAdjustGroupsToken(), NtAdjustPrivilegesToken(), NtDuplicateToken(), NtFilterToken(), NtImpersonateAnonymousToken(), NtOpenObjectAuditAlarm(), NtOpenProcessToken(), NtOpenThreadToken(), NtPrivilegeCheck(), NtPrivilegedServiceAuditAlarm(), NtPrivilegeObjectAuditAlarm(), NtQueryInformationToken(), NtSetInformationToken(), SeAccessCheckByType(), SeFilterToken(), SeIsChildToken(), SepAccessCheckAndAuditAlarm(), SepCreateToken(), SepDuplicateToken(), SepFilterToken(), and SepTokenInitialization().

PACL SePublicDefaultDacl

Definition at line 1658 of file se.h.
Referenced by SepInitSystemDacls().

PSECURITY_DESCRIPTOR SePublicDefaultSd

Definition at line 1651 of file se.h.
Referenced by ExpInitializeCallbacks(), SepInitializationPhase1(), and SepInitSystemDacls().

PACL SePublicDefaultUnrestrictedDacl

Definition at line 1659 of file se.h.
Referenced by IopCreateDefaultDeviceSecurityDescriptor(), ObInitSystem(), and SepInitSystemDacls().

PSECURITY_DESCRIPTOR SePublicDefaultUnrestrictedSd

Definition at line 1652 of file se.h.
Referenced by IoCreateSymbolicLink(), ObInitSystem(), and SepInitSystemDacls().

PACL SePublicOpenDacl

Definition at line 1660 of file se.h.
Referenced by SepInitSystemDacls().

PSECURITY_DESCRIPTOR SePublicOpenSd

Definition at line 1653 of file se.h.
Referenced by SepInitSystemDacls().

PACL SePublicOpenUnrestrictedDacl

Definition at line 1661 of file se.h.
Referenced by IopCreateDefaultDeviceSecurityDescriptor(), and SepInitSystemDacls().

PSECURITY_DESCRIPTOR SePublicOpenUnrestrictedSd

Definition at line 1654 of file se.h.
Referenced by SepInitSystemDacls().

LUID SeRemoteShutdownPrivilege

Definition at line 1692 of file se.h.
Referenced by SepVariableInitialization().

LUID SeRestorePrivilege

Definition at line 1686 of file se.h.
Referenced by CmpDoOpen(), IopCheckBackupRestorePrivilege(), NtLoadKey2(), NtReplaceKey(), NtRestoreKey(), NtUnloadKey(), SeMakeSystemToken(), SepValidOwnerSubjectContext(), and SepVariableInitialization().

PSID SeRestrictedSid

Definition at line 1631 of file se.h.
Referenced by SepCreateImpersonationTokenDacl(), SepInitSystemDacls(), and SepVariableInitialization().

LUID SeSecurityPrivilege

Definition at line 1676 of file se.h.
Referenced by ObpIncrementHandleCount(), RtlpNewSecurityObject(), SeMakeSystemToken(), SepAccessCheck(), SepInitializePrivilegeSets(), SePrivilegePolicyCheck(), and SepVariableInitialization().

LUID SeShutdownPrivilege

Definition at line 1687 of file se.h.
Referenced by ExpRaiseHardError(), SeMakeSystemToken(), and SepVariableInitialization().

UNICODE_STRING SeSubsystemName

Definition at line 1711 of file se.h.
Referenced by SeAuditHandleCreation(), SeAuditHandleDuplication(), SeAuditProcessCreation(), SeAuditProcessExit(), SeCloseObjectAuditAlarm(), SeDeleteObjectAuditAlarm(), SeOpenObjectAuditAlarm(), SeOpenObjectForDeleteAuditAlarm(), SepAdtGenerateDiscardAudit(), SepAdtInitializePhase1(), SepAdtObjectReferenceAuditAlarm(), SepAdtPrivilegedServiceAuditAlarm(), SePrivilegedServiceAuditAlarm(), and SePrivilegeObjectAuditAlarm().

LUID SeSyncAgentPrivilege

Definition at line 1694 of file se.h.
Referenced by SepVariableInitialization().

LUID SeSystemAuthenticationId

Definition at line 1599 of file se.h.
Referenced by SeMakeSystemToken(), and SepRmDbInitialization().

PACL SeSystemDefaultDacl

Definition at line 1662 of file se.h.
Referenced by SeMakeSystemToken(), and SepInitSystemDacls().

PSECURITY_DESCRIPTOR SeSystemDefaultSd

Definition at line 1655 of file se.h.
Referenced by SepInitSystemDacls().

LUID SeSystemEnvironmentPrivilege

Definition at line 1690 of file se.h.
Referenced by NtQuerySystemEnvironmentValue(), NtSetSystemEnvironmentValue(), SeMakeSystemToken(), and SepVariableInitialization().

LUID SeSystemProfilePrivilege

Definition at line 1681 of file se.h.
Referenced by NtCreateProfile(), and SepVariableInitialization().

LUID SeSystemtimePrivilege

Definition at line 1682 of file se.h.
Referenced by NtSetSystemInformation(), SeMakeSystemToken(), and SepVariableInitialization().

TOKEN_SOURCE SeSystemTokenSource

Definition at line 1602 of file se.h.
Referenced by SeMakeAnonymousLogonToken(), and SeMakeSystemToken().

LUID SeTakeOwnershipPrivilege

Definition at line 1677 of file se.h.
Referenced by SeMakeSystemToken(), SepAccessCheck(), SepInitializePrivilegeSets(), SePrivilegePolicyCheck(), and SepVariableInitialization().

LUID SeTcbPrivilege

Definition at line 1675 of file se.h.
Referenced by CmpRefreshHive(), NtSetDefaultHardErrorPort(), NtSetInformationProcess(), NtSetInformationToken(), SeMakeSystemToken(), SepSinglePrivilegeCheck(), and SepVariableInitialization().

LUID SeUndockPrivilege

Definition at line 1693 of file se.h.
Referenced by SeMakeSystemToken(), and SepVariableInitialization().

PACL SeUnrestrictedDacl

Definition at line 1663 of file se.h.
Referenced by SepInitSystemDacls().

PSECURITY_DESCRIPTOR SeUnrestrictedSd

Definition at line 1656 of file se.h.
Referenced by SepInitSystemDacls().

LUID SeUnsolicitedInputPrivilege

Definition at line 1674 of file se.h.
Referenced by SepVariableInitialization().

PSID SeWorldSid

Definition at line 1609 of file se.h.
Referenced by IopCreateDefaultDeviceSecurityDescriptor(), IopInitializePlugPlayServices(), ObInitSystem(), ObpGetDosDevicesProtection(), SeAssignWorldSecurityDescriptor(), SeFastTraverseCheck(), SeMakeAnonymousLogonToken(), SeMakeSystemToken(), SepInitializationPhase1(), SepInitSystemDacls(), SepSidTranslation(), and SepVariableInitialization().

Generated on Sat May 15 19:45:33 2004 for test by

1.3.7


Classes
struct	_SECURITY_SUBJECT_CONTEXT
struct	_INITIAL_PRIVILEGE_SET
struct	_ACCESS_STATE
struct	_AUX_ACCESS_DATA
struct	_SE_AUDITING_STATE
struct	_SE_PROCESS_AUDIT_INFO
struct	_SE_EXPORTS
Defines
#define	SE_DEFAULT_SECURITY_QUOTA 2048
#define	TOKEN_HAS_TRAVERSE_PRIVILEGE 0x01
#define	TOKEN_HAS_BACKUP_PRIVILEGE 0x02
#define	TOKEN_HAS_RESTORE_PRIVILEGE 0x04
#define	TOKEN_HAS_ADMIN_GROUP 0x08
#define	TOKEN_IS_RESTRICTED 0x10
#define	SE_BACKUP_PRIVILEGES_CHECKED 0x00000010
#define	INITIAL_PRIVILEGE_COUNT 3
#define	SeComputeDeniedAccesses(GrantedAccess, DesiredAccess) ((~(GrantedAccess)) & (DesiredAccess) )
#define	SeComputeGrantedAccesses(GrantedAccess, DesiredAccess) ((GrantedAccess) & (DesiredAccess) )
#define	SeLengthSid(Sid) (8 + (4 * ((SID *)Sid)->SubAuthorityCount))
#define	SeSameToken(TC1, TC2)
#define	SeDeleteClientSecurity(C)
	*++
#define	SeStopImpersonatingClient() PsRevertToSelf()
	*++
#define	SeAssertMappedCanonicalAccess(AccessMask)
#define	SeComputeSecurityQuota(Size)
#define	SeQuerySubjectContextToken(SubjectContext)
#define	SeTokenObjectType() (PVOID)SepTokenObjectType
#define	SeEnableAccessToExports()
Typedefs
typedef enum _SECURITY_OPERATION_CODE	SECURITY_OPERATION_CODE
typedef enum _SECURITY_OPERATION_CODE *	PSECURITY_OPERATION_CODE
typedef _SECURITY_SUBJECT_CONTEXT	SECURITY_SUBJECT_CONTEXT
typedef _SECURITY_SUBJECT_CONTEXT *	PSECURITY_SUBJECT_CONTEXT
typedef _INITIAL_PRIVILEGE_SET	INITIAL_PRIVILEGE_SET
typedef _INITIAL_PRIVILEGE_SET *	PINITIAL_PRIVILEGE_SET
typedef _ACCESS_STATE	ACCESS_STATE
typedef _ACCESS_STATE *	PACCESS_STATE
typedef _AUX_ACCESS_DATA	AUX_ACCESS_DATA
typedef _AUX_ACCESS_DATA *	PAUX_ACCESS_DATA
typedef _SE_AUDITING_STATE	SE_AUDITING_STATE
typedef _SE_AUDITING_STATE *	PSE_AUDITING_STATE
typedef _SE_PROCESS_AUDIT_INFO	SE_PROCESS_AUDIT_INFO
typedef _SE_PROCESS_AUDIT_INFO *	PSE_PROCESS_AUDIT_INFO
typedef _SE_EXPORTS	SE_EXPORTS
typedef _SE_EXPORTS *	PSE_EXPORTS
typedef NTSTATUS(*	PSE_LOGON_SESSION_TERMINATED_ROUTINE )(IN PLUID LogonId)
Enumerations
enum	_SECURITY_OPERATION_CODE { SetSecurityDescriptor, QuerySecurityDescriptor, DeleteSecurityDescriptor, AssignSecurityDescriptor }
Functions
BOOLEAN	SeInitSystem (VOID)
VOID	SeSetSecurityAccessMask (IN SECURITY_INFORMATION SecurityInformation, OUT PACCESS_MASK DesiredAccess)
VOID	SeQuerySecurityAccessMask (IN SECURITY_INFORMATION SecurityInformation, OUT PACCESS_MASK DesiredAccess)
NTSTATUS	SeDefaultObjectMethod (IN PVOID Object, IN SECURITY_OPERATION_CODE OperationCode, IN PSECURITY_INFORMATION SecurityInformation, IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor, IN OUT PULONG Length, IN OUT PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor, IN POOL_TYPE PoolType, IN PGENERIC_MAPPING GenericMapping)
NTKERNELAPI NTSTATUS	SeCaptureSecurityDescriptor (IN PSECURITY_DESCRIPTOR InputSecurityDescriptor, IN KPROCESSOR_MODE RequestorMode, IN POOL_TYPE PoolType, IN BOOLEAN ForceCapture, OUT PSECURITY_DESCRIPTOR *OutputSecurityDescriptor)
NTKERNELAPI VOID	SeReleaseSecurityDescriptor (IN PSECURITY_DESCRIPTOR CapturedSecurityDescriptor, IN KPROCESSOR_MODE RequestorMode, IN BOOLEAN ForceCapture)
NTKERNELAPI VOID	SeCaptureSubjectContext (OUT PSECURITY_SUBJECT_CONTEXT SubjectContext)
NTKERNELAPI VOID	SeLockSubjectContext (IN PSECURITY_SUBJECT_CONTEXT SubjectContext)
NTKERNELAPI VOID	SeUnlockSubjectContext (IN PSECURITY_SUBJECT_CONTEXT SubjectContext)
NTKERNELAPI VOID	SeReleaseSubjectContext (IN PSECURITY_SUBJECT_CONTEXT SubjectContext)
NTSTATUS	SeCaptureSecurityQos (IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, IN KPROCESSOR_MODE RequestorMode, IN PBOOLEAN SecurityQosPresent, IN PSECURITY_ADVANCED_QUALITY_OF_SERVICE CapturedSecurityQos)
VOID	SeFreeCapturedSecurityQos (IN PVOID SecurityQos)
NTSTATUS	SeCaptureSid (IN PSID InputSid, IN KPROCESSOR_MODE RequestorMode, IN PVOID CaptureBuffer OPTIONAL, IN ULONG CaptureBufferLength, IN POOL_TYPE PoolType, IN BOOLEAN ForceCapture, OUT PSID *CapturedSid)
VOID	SeReleaseSid (IN PSID CapturedSid, IN KPROCESSOR_MODE RequestorMode, IN BOOLEAN ForceCapture)
NTSTATUS	SeCaptureAcl (IN PACL InputAcl, IN KPROCESSOR_MODE RequestorMode, IN PVOID CaptureBuffer OPTIONAL, IN ULONG CaptureBufferLength, IN POOL_TYPE PoolType, IN BOOLEAN ForceCapture, OUT PACL *CapturedAcl, OUT PULONG AlignedAclSize)
VOID	SeReleaseAcl (IN PACL CapturedAcl, IN KPROCESSOR_MODE RequestorMode, IN BOOLEAN ForceCapture)
NTSTATUS	SeCaptureLuidAndAttributesArray (IN PLUID_AND_ATTRIBUTES InputArray, IN ULONG ArrayCount, IN KPROCESSOR_MODE RequestorMode, IN PVOID CaptureBuffer OPTIONAL, IN ULONG CaptureBufferLength, IN POOL_TYPE PoolType, IN BOOLEAN ForceCapture, OUT PLUID_AND_ATTRIBUTES *CapturedArray, OUT PULONG AlignedArraySize)
VOID	SeReleaseLuidAndAttributesArray (IN PLUID_AND_ATTRIBUTES CapturedArray, IN KPROCESSOR_MODE RequestorMode, IN BOOLEAN ForceCapture)
NTSTATUS	SeCaptureSidAndAttributesArray (IN PSID_AND_ATTRIBUTES InputArray, IN ULONG ArrayCount, IN KPROCESSOR_MODE RequestorMode, IN PVOID CaptureBuffer OPTIONAL, IN ULONG CaptureBufferLength, IN POOL_TYPE PoolType, IN BOOLEAN ForceCapture, OUT PSID_AND_ATTRIBUTES *CapturedArray, OUT PULONG AlignedArraySize)
VOID	SeReleaseSidAndAttributesArray (IN PSID_AND_ATTRIBUTES CapturedArray, IN KPROCESSOR_MODE RequestorMode, IN BOOLEAN ForceCapture)
NTKERNELAPI NTSTATUS	SeAssignSecurity (IN PSECURITY_DESCRIPTOR ParentDescriptor OPTIONAL, IN PSECURITY_DESCRIPTOR ExplicitDescriptor, OUT PSECURITY_DESCRIPTOR *NewDescriptor, IN BOOLEAN IsDirectoryObject, IN PSECURITY_SUBJECT_CONTEXT SubjectContext, IN PGENERIC_MAPPING GenericMapping, IN POOL_TYPE PoolType)
NTKERNELAPI NTSTATUS	SeAssignSecurityEx (IN PSECURITY_DESCRIPTOR ParentDescriptor OPTIONAL, IN PSECURITY_DESCRIPTOR ExplicitDescriptor OPTIONAL, OUT PSECURITY_DESCRIPTOR NewDescriptor, IN GUID ObjectType OPTIONAL, IN BOOLEAN IsDirectoryObject, IN ULONG AutoInheritFlags, IN PSECURITY_SUBJECT_CONTEXT SubjectContext, IN PGENERIC_MAPPING GenericMapping, IN POOL_TYPE PoolType)
NTKERNELAPI NTSTATUS	SeDeassignSecurity (IN OUT PSECURITY_DESCRIPTOR *SecurityDescriptor)
NTKERNELAPI BOOLEAN	SeAccessCheck (IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext, IN BOOLEAN SubjectContextLocked, IN ACCESS_MASK DesiredAccess, IN ACCESS_MASK PreviouslyGrantedAccess, OUT PPRIVILEGE_SET *Privileges OPTIONAL, IN PGENERIC_MAPPING GenericMapping, IN KPROCESSOR_MODE AccessMode, OUT PACCESS_MASK GrantedAccess, OUT PNTSTATUS AccessStatus)
BOOLEAN	SeProxyAccessCheck (IN PUNICODE_STRING Volume, IN PUNICODE_STRING RelativePath, IN BOOLEAN ContainerObject, IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext, IN BOOLEAN SubjectContextLocked, IN ACCESS_MASK DesiredAccess, IN ACCESS_MASK PreviouslyGrantedAccess, OUT PPRIVILEGE_SET *Privileges OPTIONAL, IN PGENERIC_MAPPING GenericMapping, IN KPROCESSOR_MODE AccessMode, OUT PACCESS_MASK GrantedAccess, OUT PNTSTATUS AccessStatus)
NTKERNELAPI BOOLEAN	SePrivilegeCheck (IN OUT PPRIVILEGE_SET RequiredPrivileges, IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext, IN KPROCESSOR_MODE AccessMode)
NTKERNELAPI VOID	SeFreePrivileges (IN PPRIVILEGE_SET Privileges)
NTSTATUS	SePrivilegePolicyCheck (IN OUT PACCESS_MASK RemainingDesiredAccess, IN OUT PACCESS_MASK PreviouslyGrantedAccess, IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext OPTIONAL, IN PACCESS_TOKEN Token OPTIONAL, OUT PPRIVILEGE_SET *PrivilegeSet, IN KPROCESSOR_MODE PreviousMode)
VOID	SeGenerateMessage (IN PSTRING ObjectName, IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN PACCESS_TOKEN Token, IN ACCESS_MASK DesiredAccess, IN BOOLEAN AccessGranted, IN HANDLE AuditPort, IN HANDLE AlarmPort, IN KPROCESSOR_MODE AccessMode)
NTKERNELAPI VOID	SeOpenObjectAuditAlarm (IN PUNICODE_STRING ObjectTypeName, IN PVOID Object OPTIONAL, IN PUNICODE_STRING AbsoluteObjectName OPTIONAL, IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN PACCESS_STATE AccessState, IN BOOLEAN ObjectCreated, IN BOOLEAN AccessGranted, IN KPROCESSOR_MODE AccessMode, OUT PBOOLEAN GenerateOnClose)
NTKERNELAPI VOID	SeOpenObjectForDeleteAuditAlarm (IN PUNICODE_STRING ObjectTypeName, IN PVOID Object OPTIONAL, IN PUNICODE_STRING AbsoluteObjectName OPTIONAL, IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN PACCESS_STATE AccessState, IN BOOLEAN ObjectCreated, IN BOOLEAN AccessGranted, IN KPROCESSOR_MODE AccessMode, OUT PBOOLEAN GenerateOnClose)
VOID	SeDeleteObjectAuditAlarm (IN PVOID Object, IN HANDLE Handle)
VOID	SeCloseObjectAuditAlarm (IN PVOID Object, IN HANDLE Handle, IN BOOLEAN GenerateOnClose)
VOID	SeTraverseAuditAlarm (IN PLUID OperationID, IN PVOID DirectoryObject, IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext, IN BOOLEAN SubjectContextLocked, IN ACCESS_MASK TraverseAccess, IN PPRIVILEGE_SET Privileges OPTIONAL, IN BOOLEAN AccessGranted, IN KPROCESSOR_MODE AccessMode)
VOID	SeCreateInstanceAuditAlarm (IN PLUID OperationID OPTIONAL, IN PVOID Object, IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext, IN ACCESS_MASK DesiredAccess, IN PPRIVILEGE_SET Privileges OPTIONAL, IN BOOLEAN AccessGranted, IN KPROCESSOR_MODE AccessMode)
VOID	SeCreateObjectAuditAlarm (IN PLUID OperationID OPTIONAL, IN PVOID Object, IN PUNICODE_STRING ComponentName, IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext, IN ACCESS_MASK DesiredAccess, IN PPRIVILEGE_SET Privileges OPTIONAL, IN BOOLEAN AccessGranted, OUT PBOOLEAN AuditPerformed, IN KPROCESSOR_MODE AccessMode)
VOID	SeObjectReferenceAuditAlarm (IN PLUID OperationID OPTIONAL, IN PVOID Object, IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext, IN ACCESS_MASK DesiredAccess, IN PPRIVILEGE_SET Privileges OPTIONAL, IN BOOLEAN AccessGranted, IN KPROCESSOR_MODE AccessMode)
NTKERNELAPI VOID	SePrivilegeObjectAuditAlarm (IN HANDLE Handle, IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext, IN ACCESS_MASK DesiredAccess, IN PPRIVILEGE_SET Privileges, IN BOOLEAN AccessGranted, IN KPROCESSOR_MODE AccessMode)
BOOLEAN	SeCheckPrivilegedObject (LUID PrivilegeValue, HANDLE ObjectHandle, ACCESS_MASK DesiredAccess, KPROCESSOR_MODE PreviousMode)
NTKERNELAPI BOOLEAN	SeValidSecurityDescriptor (IN ULONG Length, IN PSECURITY_DESCRIPTOR SecurityDescriptor)
VOID	SeAuditHandleCreation (IN PACCESS_STATE AccessState, IN HANDLE Handle)
PACCESS_TOKEN	SeMakeSystemToken ()
PACCESS_TOKEN	SeMakeAnonymousLogonToken ()
VOID	SeGetTokenControlInformation (IN PACCESS_TOKEN Token, OUT PTOKEN_CONTROL TokenControl)
NTKERNELAPI TOKEN_TYPE	SeTokenType (IN PACCESS_TOKEN Token)
SECURITY_IMPERSONATION_LEVEL	SeTokenImpersonationLevel (IN PACCESS_TOKEN Token)
NTKERNELAPI BOOLEAN	SeTokenIsAdmin (IN PACCESS_TOKEN Token)
NTKERNELAPI BOOLEAN	SeTokenIsRestricted (IN PACCESS_TOKEN Token)
NTSTATUS	SeSubProcessToken (IN PEPROCESS ParentProcess, OUT PACCESS_TOKEN *ChildToken)
VOID	SeAssignPrimaryToken (IN PEPROCESS Process, IN PACCESS_TOKEN Token)
VOID	SeDeassignPrimaryToken (IN PEPROCESS Process)
NTSTATUS	SeExchangePrimaryToken (IN PEPROCESS Process, IN PACCESS_TOKEN NewAccessToken, OUT PACCESS_TOKEN *OldAccessToken)
NTSTATUS	SeCopyClientToken (IN PACCESS_TOKEN ClientToken, IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel, IN KPROCESSOR_MODE RequestorMode, OUT PACCESS_TOKEN *DuplicateToken)
NTSTATUS	SeFilterToken (IN PACCESS_TOKEN ExistingToken, IN ULONG Flags, IN PTOKEN_GROUPS SidsToDisable OPTIONAL, IN PTOKEN_PRIVILEGES PrivilegesToDelete OPTIONAL, IN PTOKEN_GROUPS RestrictedSids OPTIONAL, OUT PACCESS_TOKEN *FilteredToken)
NTKERNELAPI NTSTATUS	SeQueryAuthenticationIdToken (IN PACCESS_TOKEN Token, OUT PLUID AuthenticationId)
NTKERNELAPI NTSTATUS	SeQuerySessionIdToken (IN PACCESS_TOKEN, IN PULONG pSessionId)
NTKERNELAPI NTSTATUS	SeSetSessionIdToken (IN PACCESS_TOKEN, IN ULONG SessionId)
NTKERNELAPI NTSTATUS	SeCreateClientSecurity (IN PETHREAD ClientThread, IN PSECURITY_QUALITY_OF_SERVICE ClientSecurityQos, IN BOOLEAN RemoteSession, OUT PSECURITY_CLIENT_CONTEXT ClientContext)
NTKERNELAPI VOID	SeImpersonateClient (IN PSECURITY_CLIENT_CONTEXT ClientContext, IN PETHREAD ServerThread OPTIONAL)
NTKERNELAPI NTSTATUS	SeImpersonateClientEx (IN PSECURITY_CLIENT_CONTEXT ClientContext, IN PETHREAD ServerThread OPTIONAL)
NTKERNELAPI NTSTATUS	SeCreateClientSecurityFromSubjectContext (IN PSECURITY_SUBJECT_CONTEXT SubjectContext, IN PSECURITY_QUALITY_OF_SERVICE ClientSecurityQos, IN BOOLEAN ServerIsRemote, OUT PSECURITY_CLIENT_CONTEXT ClientContext)
NTKERNELAPI NTSTATUS	SeCreateAccessState (IN PACCESS_STATE AccessState, IN PAUX_ACCESS_DATA AuxData, IN ACCESS_MASK DesiredAccess, IN PGENERIC_MAPPING GenericMapping)
NTKERNELAPI VOID	SeDeleteAccessState (IN PACCESS_STATE AccessState)
NTSTATUS	SeUpdateClientSecurity (IN PETHREAD ClientThread, IN OUT PSECURITY_CLIENT_CONTEXT ClientContext, OUT PBOOLEAN ChangesMade, OUT PBOOLEAN NewToken)
BOOLEAN	SeRmInitPhase1 ()
NTKERNELAPI NTSTATUS	SeQuerySecurityDescriptorInfo (IN PSECURITY_INFORMATION SecurityInformation, OUT PSECURITY_DESCRIPTOR SecurityDescriptor, IN OUT PULONG Length, IN PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor)
NTKERNELAPI NTSTATUS	SeSetSecurityDescriptorInfo (IN PVOID Object OPTIONAL, IN PSECURITY_INFORMATION SecurityInformation, IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN OUT PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor, IN POOL_TYPE PoolType, IN PGENERIC_MAPPING GenericMapping)
NTKERNELAPI NTSTATUS	SeSetSecurityDescriptorInfoEx (IN PVOID Object OPTIONAL, IN PSECURITY_INFORMATION SecurityInformation, IN PSECURITY_DESCRIPTOR ModificationDescriptor, IN OUT PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor, IN ULONG AutoInheritFlags, IN POOL_TYPE PoolType, IN PGENERIC_MAPPING GenericMapping)
NTKERNELAPI NTSTATUS	SeAppendPrivileges (PACCESS_STATE AccessState, PPRIVILEGE_SET Privileges)
NTSTATUS	SeComputeQuotaInformationSize (IN PSECURITY_DESCRIPTOR SecurityDescriptor, OUT PULONG Size)
VOID	SePrivilegedServiceAuditAlarm (IN PUNICODE_STRING ServiceName, IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext, IN PPRIVILEGE_SET Privileges, IN BOOLEAN AccessGranted)
NTKERNELAPI BOOLEAN	SeSinglePrivilegeCheck (LUID PrivilegeValue, KPROCESSOR_MODE PreviousMode)
BOOLEAN	SeCheckAuditPrivilege (IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext, IN KPROCESSOR_MODE PreviousMode)
NTSTATUS	SeAssignWorldSecurityDescriptor (IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN OUT PULONG Length, IN PSECURITY_INFORMATION SecurityInformation)
BOOLEAN	SeFastTraverseCheck (PSECURITY_DESCRIPTOR SecurityDescriptor, ACCESS_MASK TraverseAccess, KPROCESSOR_MODE AccessMode)
NTKERNELAPI BOOLEAN	SeAuditingFileEvents (IN BOOLEAN AccessGranted, IN PSECURITY_DESCRIPTOR SecurityDescriptor)
NTKERNELAPI BOOLEAN	SeAuditingFileOrGlobalEvents (IN BOOLEAN AccessGranted, IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext)
VOID	SeAuditProcessCreation (PEPROCESS Process, PEPROCESS Parent, PUNICODE_STRING ImageFileName)
VOID	SeAuditProcessExit (PEPROCESS Process)
VOID	SeAuditHandleDuplication (PVOID SourceHandle, PVOID NewHandle, PEPROCESS SourceProcess, PEPROCESS TargetProcess)
VOID	SeSetAccessStateGenericMapping (PACCESS_STATE AccessState, PGENERIC_MAPPING GenericMapping)
NTKERNELAPI NTSTATUS	SeRegisterLogonSessionTerminatedRoutine (IN PSE_LOGON_SESSION_TERMINATED_ROUTINE CallbackRoutine)
NTKERNELAPI NTSTATUS	SeUnregisterLogonSessionTerminatedRoutine (IN PSE_LOGON_SESSION_TERMINATED_ROUTINE CallbackRoutine)
NTKERNELAPI NTSTATUS	SeMarkLogonSessionForTerminationNotification (IN PLUID LogonId)
NTKERNELAPI NTSTATUS	SeQueryInformationToken (IN PACCESS_TOKEN Token, IN TOKEN_INFORMATION_CLASS TokenInformationClass, OUT PVOID *TokenInformation)
NTSTATUS	SeIsChildToken (IN HANDLE Token, OUT PBOOLEAN IsChild)
NTSTATUS	SeIsChildTokenByPointer (IN PACCESS_TOKEN Token, OUT PBOOLEAN IsChild)
NTSTATUS	SeFastFilterToken (IN PACCESS_TOKEN ExistingToken, IN KPROCESSOR_MODE RequestorMode, IN ULONG Flags, IN ULONG GroupCount, IN PSID_AND_ATTRIBUTES GroupsToDisable OPTIONAL, IN ULONG PrivilegeCount, IN PLUID_AND_ATTRIBUTES PrivilegesToDelete OPTIONAL, IN ULONG SidCount, IN PSID_AND_ATTRIBUTES RestrictedSids OPTIONAL, IN ULONG SidLength, OUT PACCESS_TOKEN *FilteredToken)
Variables
_OBJECT_TYPE *	SepTokenObjectType
NTKERNELAPI PSE_EXPORTS	SeExports
LUID	SeSystemAuthenticationId
LUID	SeAnonymousAuthenticationId
TOKEN_SOURCE	SeSystemTokenSource
PSID	SeNullSid
PSID	SeWorldSid
PSID	SeLocalSid
PSID	SeCreatorOwnerSid
PSID	SeCreatorGroupSid
PSID	SeCreatorOwnerServerSid
PSID	SeCreatorGroupServerSid
PSID	SePrincipalSelfSid
PSID	SeNtAuthoritySid
PSID	SeDialupSid
PSID	SeNetworkSid
PSID	SeBatchSid
PSID	SeInteractiveSid
PSID	SeLocalSystemSid
PSID	SeAuthenticatedUsersSid
PSID	SeAliasAdminsSid
PSID	SeRestrictedSid
PSID	SeAnonymousLogonSid
PSID	SeAliasUsersSid
PSID	SeAliasGuestsSid
PSID	SeAliasPowerUsersSid
PSID	SeAliasAccountOpsSid
PSID	SeAliasSystemOpsSid
PSID	SeAliasPrintOpsSid
PSID	SeAliasBackupOpsSid
PACCESS_TOKEN	SeAnonymousLogonToken
PSECURITY_DESCRIPTOR	SePublicDefaultSd
PSECURITY_DESCRIPTOR	SePublicDefaultUnrestrictedSd
PSECURITY_DESCRIPTOR	SePublicOpenSd
PSECURITY_DESCRIPTOR	SePublicOpenUnrestrictedSd
PSECURITY_DESCRIPTOR	SeSystemDefaultSd
PSECURITY_DESCRIPTOR	SeUnrestrictedSd
PACL	SePublicDefaultDacl
PACL	SePublicDefaultUnrestrictedDacl
PACL	SePublicOpenDacl
PACL	SePublicOpenUnrestrictedDacl
PACL	SeSystemDefaultDacl
PACL	SeUnrestrictedDacl
LUID	SeCreateTokenPrivilege
LUID	SeAssignPrimaryTokenPrivilege
LUID	SeLockMemoryPrivilege
LUID	SeIncreaseQuotaPrivilege
LUID	SeUnsolicitedInputPrivilege
LUID	SeTcbPrivilege
LUID	SeSecurityPrivilege
LUID	SeTakeOwnershipPrivilege
LUID	SeLoadDriverPrivilege
LUID	SeCreatePagefilePrivilege
LUID	SeIncreaseBasePriorityPrivilege
LUID	SeSystemProfilePrivilege
LUID	SeSystemtimePrivilege
LUID	SeProfileSingleProcessPrivilege
LUID	SeCreatePermanentPrivilege
LUID	SeBackupPrivilege
LUID	SeRestorePrivilege
LUID	SeShutdownPrivilege
LUID	SeDebugPrivilege
LUID	SeAuditPrivilege
LUID	SeSystemEnvironmentPrivilege
LUID	SeChangeNotifyPrivilege
LUID	SeRemoteShutdownPrivilege
LUID	SeUndockPrivilege
LUID	SeSyncAgentPrivilege
LUID	SeEnableDelegationPrivilege
SE_AUDITING_STATE	SeAuditingState []
BOOLEAN	SeDetailedAuditing
UNICODE_STRING	SeSubsystemName