sep.h File Reference

#include "ntos.h"
#include <ntrmlsa.h>
#include "seopaque.h"

Go to the source code of this file.

Classes
struct	_SEP_LSA_WORK_ITEM
struct	_SEP_WORK_ITEM
Defines
#define	IF_SE_GLOBAL(FlagName)   if (FALSE)
#define	SeDiagPrint(FlagName, _Text_)   ;
#define	SE_DIAG_SD_TRACKING   ((ULONG) 0x00000001L)
#define	SepAreFlagsSet(Mask, Bits)
#define	SepSetFlags(Mask, Bits)
#define	SepClearFlags(Mask, Bits)
#define	SepPrivilegeSetSize(PrivilegeSet)
#define	EffectiveToken(SubjectSecurityContext)
#define	SepTokenUserSid(Token)   ((PTOKEN)(Token))->UserAndGroups->Sid
#define	SepTokenAuthenticationId(Token)   (((PTOKEN)(Token))->AuthenticationId)
#define	SepBadImpersonationLevel(IL, SIR)
#define	IsValidElementCount(Count, STRUCTURE)
#define	SEP_MAX_GROUP_COUNT   4096
#define	SEP_MAX_PRIVILEGE_COUNT   4096
#define	SepLockLsaQueue()
#define	SepUnlockLsaQueue()
#define	SepWorkListHead()   ((PSEP_LSA_WORK_ITEM)(&SepLsaQueue)->Flink)
#define	ExAllocatePool(a, b)   ExAllocatePoolWithTag(a,b,' eS')
#define	ExAllocatePoolWithQuota(a, b)   ExAllocatePoolWithQuotaTag(a,b,' eS')
Typedefs
typedef VOID(*	PSEP_LSA_WORKER_CLEANUP_ROUTINE )(IN PVOID Parameter)
typedef enum _SEP_LSA_WORK_ITEM_TAG	SEP_LSA_WORK_ITEM_TAG
typedef enum _SEP_LSA_WORK_ITEM_TAG *	PSEP_LSA_WORK_ITEM_TAG
typedef _SEP_LSA_WORK_ITEM	SEP_LSA_WORK_ITEM
typedef _SEP_LSA_WORK_ITEM *	PSEP_LSA_WORK_ITEM
typedef _SEP_WORK_ITEM	SEP_WORK_ITEM
typedef _SEP_WORK_ITEM *	PSEP_WORK_ITEM
Enumerations
enum	_SEP_LSA_WORK_ITEM_TAG { SepDeleteLogon, SepAuditRecord }
Functions
BOOLEAN	SepDevelopmentTest (VOID)
BOOLEAN	SepInitializationPhase0 (VOID)
BOOLEAN	SepInitializationPhase1 (VOID)
BOOLEAN	SepVariableInitialization (VOID)
NTSTATUS	SepCreateToken (OUT PHANDLE TokenHandle, IN KPROCESSOR_MODE RequestorMode, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, IN TOKEN_TYPE TokenType, IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel OPTIONAL, IN PLUID AuthenticationId, IN PLARGE_INTEGER ExpirationTime, IN PSID_AND_ATTRIBUTES User, IN ULONG GroupCount, IN PSID_AND_ATTRIBUTES Groups, IN ULONG GroupsLength, IN ULONG PrivilegeCount, IN PLUID_AND_ATTRIBUTES Privileges, IN ULONG PrivilegesLength, IN PSID Owner OPTIONAL, IN PSID PrimaryGroup, IN PACL DefaultDacl OPTIONAL, IN PTOKEN_SOURCE TokenSource, IN BOOLEAN SystemToken, IN PSECURITY_TOKEN_PROXY_DATA ProxyData OPTIONAL, IN PSECURITY_TOKEN_AUDIT_DATA AuditData OPTIONAL)
NTSTATUS	SepReferenceLogonSession (IN PLUID LogonId)
VOID	SepDeReferenceLogonSession (IN PLUID LogonId)
VOID	SepLockSubjectContext (IN PSECURITY_SUBJECT_CONTEXT SubjectContext)
VOID	SepFreeSubjectContext (IN PSECURITY_SUBJECT_CONTEXT SubjectContext)
VOID	SepGetDefaultsSubjectContext (IN PSECURITY_SUBJECT_CONTEXT SubjectContext, OUT PSID *Owner, OUT PSID *Group, OUT PSID *ServerOwner, OUT PSID *ServerGroup, OUT PACL *Dacl)
BOOLEAN	SepValidOwnerSubjectContext (IN PSECURITY_SUBJECT_CONTEXT SubjectContext, IN PSID Owner, IN BOOLEAN ServerObject)
BOOLEAN	SepIdAssignableAsGroup (IN PACCESS_TOKEN Token, IN PSID Group)
BOOLEAN	SepCheckAcl (IN PACL Acl, IN ULONG Length)
BOOLEAN	SepAuditAlarm (IN PUNICODE_STRING SubsystemName, IN PVOID HandleId, IN PUNICODE_STRING ObjectTypeName, IN PUNICODE_STRING ObjectName, IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN ACCESS_MASK DesiredAccess, IN BOOLEAN ObjectCreation, IN ACCESS_MASK GrantedAccess, OUT PBOOLEAN GenerateOnClose)
BOOLEAN	SepSinglePrivilegeCheck (LUID DesiredPrivilege, IN PACCESS_TOKEN EffectiveToken, IN KPROCESSOR_MODE PreviousMode)
NTSTATUS	SepRmCallLsa (PSEP_WORK_ITEM SepWorkItem)
BOOLEAN	SepInitializeWorkList (VOID)
BOOLEAN	SepRmInitPhase0 ()
VOID	SepConcatenatePrivileges (IN PPRIVILEGE_SET TargetPrivilegeSet, IN ULONG TargetBufferSize, IN PPRIVILEGE_SET SourcePrivilegeSet)
BOOLEAN	SepTokenIsOwner (IN PACCESS_TOKEN Token, IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN BOOLEAN TokenLocked)
VOID	SepPrintAcl (IN PACL Acl)
VOID	SepPrintSid (IN PSID Sid)
VOID	SepDumpSecurityDescriptor (IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN PSZ TitleString)
BOOLEAN	SepSidTranslation (PSID Sid, PSTRING AccountName)
VOID	SepDumpTokenInfo (IN PACCESS_TOKEN Token)
VOID	SepDumpString (IN PUNICODE_STRING String)
BOOLEAN	SepSidInToken (IN PACCESS_TOKEN Token, IN PSID PrincipalSelfSid, IN PSID Sid, IN BOOLEAN DenyAce)
VOID	SepExamineSacl (IN PACL Sacl, IN PACCESS_TOKEN Token, IN ACCESS_MASK DesiredAccess, IN BOOLEAN AccessGranted, OUT PBOOLEAN GenerateAudit, OUT PBOOLEAN GenerateAlarm)
VOID	SepCopyString (IN PUNICODE_STRING SourceString, OUT PUNICODE_STRING *DestString)
VOID	SepAssemblePrivileges (IN ULONG PrivilegeCount, IN BOOLEAN SystemSecurity, IN BOOLEAN WriteOwner, OUT PPRIVILEGE_SET *Privileges)
PUNICODE_STRING	SepQueryTypeString (IN PVOID Object)
POBJECT_NAME_INFORMATION	SepQueryNameString (IN PVOID Object)
	*++
BOOLEAN	SepFilterPrivilegeAudits (IN PPRIVILEGE_SET PrivilegeSet)
BOOLEAN	SepQueueWorkItem (IN PSEP_LSA_WORK_ITEM LsaWorkItem, IN BOOLEAN ForceQueue)
VOID	SepAdtGenerateDiscardAudit (VOID)
BOOLEAN	SepAdtValidateAuditBounds (ULONG Upper, ULONG Lower)
NTSTATUS	SepAdtInitializeCrashOnFail (VOID)
BOOLEAN	SepAdtInitializePrivilegeAuditing (VOID)
NTSTATUS	SepCopyProxyData (OUT PSECURITY_TOKEN_PROXY_DATA *DestProxyData, IN PSECURITY_TOKEN_PROXY_DATA SourceProxyData)
VOID	SepFreeProxyData (IN PSECURITY_TOKEN_PROXY_DATA ProxyData)
NTSTATUS	SepProbeAndCaptureQosData (IN PSECURITY_ADVANCED_QUALITY_OF_SERVICE CapturedSecurityQos)
PACCESS_TOKEN	SeMakeAnonymousToken ()
Variables
HANDLE	SepLsaHandle
BOOLEAN	SepAuditShutdownEvents
ERESOURCE	SepLsaQueueLock
ULONG	SepLsaQueueLength
LIST_ENTRY	SepLsaQueue
SEP_WORK_ITEM	SepExWorkItem
PSEP_LSA_WORK_ITEM	SepDequeueWorkItem (VOID)

---

Define Documentation

#define EffectiveToken (  SubjectSecurityContext   )

Value: ( \ (SubjectSecurityContext)->ClientToken ? \ (SubjectSecurityContext)->ClientToken : \ (SubjectSecurityContext)->PrimaryToken \ ) \ Definition at line 165 of file sep.h. Referenced by NtCloseObjectAuditAlarm(), NtDeleteObjectAuditAlarm(), SeAccessCheck(), SeAuditHandleDuplication(), SeAuditingFileOrGlobalEvents(), SeCloseObjectAuditAlarm(), SeCreateAccessState(), SeCreateObjectAuditAlarm(), SeDeleteObjectAuditAlarm(), SeObjectReferenceAuditAlarm(), SeOpenObjectAuditAlarm(), SeOpenObjectForDeleteAuditAlarm(), SepAccessCheckAndAuditAlarm(), SepGetDefaultsSubjectContext(), SePrivilegeCheck(), SePrivilegedServiceAuditAlarm(), SePrivilegePolicyCheck(), SepTokenIsOwner(), SepValidOwnerSubjectContext(), SeQueryAuthenticationIdSubjectContext(), and SeTraverseAuditAlarm().

#define ExAllocatePool (  a, b   )     ExAllocatePoolWithTag(a,b,' eS')

Definition at line 296 of file sep.h.

#define ExAllocatePoolWithQuota (  a, b   )     ExAllocatePoolWithQuotaTag(a,b,' eS')

Definition at line 299 of file sep.h.

#define IF_SE_GLOBAL (  FlagName   )     if (FALSE)

Definition at line 79 of file sep.h.

#define IsValidElementCount (  Count, STRUCTURE   )

Value: ( Count < ( (ULONG_PTR) ( (PUCHAR) ( (PUCHAR) (LONG_PTR)(LONG)0xFFFFFFFF - (PUCHAR) MM_SYSTEM_RANGE_START ) + 1 ) \ / sizeof( STRUCTURE ) ) ) Definition at line 242 of file sep.h. Referenced by NtOpenObjectAuditAlarm(), NtPrivilegeCheck(), NtPrivilegedServiceAuditAlarm(), NtPrivilegeObjectAuditAlarm(), SeAccessCheckByType(), SeCaptureObjectTypeList(), and SepAccessCheckAndAuditAlarm().

#define SE_DIAG_SD_TRACKING   ((ULONG) 0x00000001L)

Definition at line 102 of file sep.h.

#define SeDiagPrint (  FlagName, _Text_   )     ;

Definition at line 85 of file sep.h.

#define SEP_MAX_GROUP_COUNT   4096

Definition at line 254 of file sep.h. Referenced by SeCaptureSidAndAttributesArray().

#define SEP_MAX_PRIVILEGE_COUNT   4096

Definition at line 255 of file sep.h. Referenced by SeCaptureLuidAndAttributesArray().

#define SepAreFlagsSet (  Mask, Bits   )

Value: ( \ ((Mask) & ( Bits )) == ( Bits ) \ ) Definition at line 117 of file sep.h.

#define SepBadImpersonationLevel (  IL, SIR   )

Value: (( \ ((IL) == SecurityAnonymous) || ((IL) == SecurityIdentification) || \ ( (SIR) && ((IL) != SecurityDelegation) ) \ ) ? TRUE : FALSE ) Definition at line 225 of file sep.h. Referenced by SepCreateClientSecurity().

#define SepClearFlags (  Mask, Bits   )

Value: ( \ ( Mask ) &= ~( Bits ) \ ) Definition at line 135 of file sep.h.

#define SepLockLsaQueue (   )

Value: KeEnterCriticalRegion(); \ ExAcquireResourceExclusive(&SepLsaQueueLock, TRUE) Definition at line 287 of file sep.h. Referenced by SepDequeueWorkItem(), and SepQueueWorkItem().

#define SepPrivilegeSetSize (  PrivilegeSet   )

Value: ( ( PrivilegeSet ) == NULL ? 0 : \ ((( PrivilegeSet )->PrivilegeCount > 0) \ ? \ ((ULONG)sizeof(PRIVILEGE_SET) + \ ( \ (( PrivilegeSet )->PrivilegeCount - ANYSIZE_ARRAY) * \ (ULONG)sizeof(LUID_AND_ATTRIBUTES) \ ) \ ) \ : ((ULONG)sizeof(PRIVILEGE_SET) - (ULONG)sizeof(LUID_AND_ATTRIBUTES)) \ )) Definition at line 147 of file sep.h. Referenced by SeAccessCheckByType(), SeAppendPrivileges(), and SepConcatenatePrivileges().

#define SepSetFlags (  Mask, Bits   )

Value: ( \ ( Mask ) |= ( Bits ) \ ) Definition at line 126 of file sep.h.

#define SepTokenAuthenticationId (  Token   )     (((PTOKEN)(Token))->AuthenticationId)

Definition at line 183 of file sep.h. Referenced by NtCloseObjectAuditAlarm(), NtDeleteObjectAuditAlarm(), SeAuditProcessCreation(), SeAuditProcessExit(), SeCloseObjectAuditAlarm(), SeCreateObjectAuditAlarm(), SeDeleteObjectAuditAlarm(), SepAdtObjectReferenceAuditAlarm(), SepAdtOpenObjectAuditAlarm(), SepAdtOpenObjectForDeleteAuditAlarm(), SepAdtPrivilegedServiceAuditAlarm(), SepAdtPrivilegeObjectAuditAlarm(), and SeTraverseAuditAlarm().

#define SepTokenUserSid (  Token   )     ((PTOKEN)(Token))->UserAndGroups->Sid

Definition at line 176 of file sep.h. Referenced by NtCloseObjectAuditAlarm(), NtDeleteObjectAuditAlarm(), SeAuditHandleDuplication(), SeAuditProcessCreation(), SeAuditProcessExit(), SeCloseObjectAuditAlarm(), SeCreateObjectAuditAlarm(), SeDeleteObjectAuditAlarm(), SepAdtObjectReferenceAuditAlarm(), SepAdtOpenObjectAuditAlarm(), SepAdtOpenObjectForDeleteAuditAlarm(), SepAdtPrivilegedServiceAuditAlarm(), SepAdtPrivilegeObjectAuditAlarm(), SePrivilegedServiceAuditAlarm(), and SeTraverseAuditAlarm().

#define SepUnlockLsaQueue (   )

Value: ExReleaseResource(&SepLsaQueueLock); \ KeLeaveCriticalRegion() Definition at line 290 of file sep.h. Referenced by SepDequeueWorkItem(), and SepQueueWorkItem().

#define SepWorkListHead (   )     ((PSEP_LSA_WORK_ITEM)(&SepLsaQueue)->Flink)

Definition at line 293 of file sep.h. Referenced by SepRmCallLsa().

---

Typedef Documentation

typedef struct _SEP_LSA_WORK_ITEM * PSEP_LSA_WORK_ITEM

Referenced by SepInformLsaOfDeletedLogon().

typedef enum _SEP_LSA_WORK_ITEM_TAG * PSEP_LSA_WORK_ITEM_TAG

typedef VOID(* PSEP_LSA_WORKER_CLEANUP_ROUTINE)(IN PVOID Parameter)

Definition at line 304 of file sep.h.

typedef struct _SEP_WORK_ITEM * PSEP_WORK_ITEM

Referenced by SepRmCallLsa().

typedef struct _SEP_LSA_WORK_ITEM SEP_LSA_WORK_ITEM

Referenced by SepAdtLogAuditRecord(), and SepInformLsaOfDeletedLogon().

typedef enum _SEP_LSA_WORK_ITEM_TAG SEP_LSA_WORK_ITEM_TAG

typedef struct _SEP_WORK_ITEM SEP_WORK_ITEM

---

Enumeration Type Documentation

enum _SEP_LSA_WORK_ITEM_TAG

Enumeration values: SepDeleteLogon  SepAuditRecord  Definition at line 309 of file sep.h. { SepDeleteLogon, SepAuditRecord } SEP_LSA_WORK_ITEM_TAG, *PSEP_LSA_WORK_ITEM_TAG;

---

Function Documentation

PACCESS_TOKEN SeMakeAnonymousToken (   )

VOID SepAdtGenerateDiscardAudit (  VOID   )

Definition at line 2717 of file sepaudit.c. References ASSERT, PAGED_CODE, SeLocalSystemSid, SepAdtCountEventsDiscarded, SepAdtLogAuditRecord(), SepSetParmTypeSid, SepSetParmTypeString, SepSetParmTypeUlong, and SeSubsystemName. Referenced by SepQueueWorkItem(). 02723 : 02724 02725 Generates an 'audits discarded' audit. 02726 02727 Arguments: 02728 02729 none 02730 02731 Return Value: 02732 02733 None. 02734 02735 --*/ 02736 02737 { 02738 02739 SE_ADT_PARAMETER_ARRAY AuditParameters; 02740 PSID UserSid; 02741 02742 PAGED_CODE(); 02743 02744 UserSid = SeLocalSystemSid; 02745 02746 RtlZeroMemory ( 02747 (PVOID) &AuditParameters, 02748 sizeof( AuditParameters ) 02749 ); 02750 02751 02752 ASSERT( SeAdtParmTypeNone == 0 ); 02753 02754 AuditParameters.CategoryId = SE_CATEGID_SYSTEM; 02755 AuditParameters.AuditId = SE_AUDITID_AUDITS_DISCARDED; 02756 AuditParameters.ParameterCount = 0; 02757 AuditParameters.Type = EVENTLOG_AUDIT_SUCCESS; 02758 02759 SepSetParmTypeSid( AuditParameters, AuditParameters.ParameterCount, UserSid ); 02760 AuditParameters.ParameterCount++; 02761 02762 SepSetParmTypeString( AuditParameters, AuditParameters.ParameterCount, &SeSubsystemName ); 02763 AuditParameters.ParameterCount++; 02764 02765 SepSetParmTypeUlong( AuditParameters, AuditParameters.ParameterCount, SepAdtCountEventsDiscarded ); 02766 AuditParameters.ParameterCount++; 02767 02768 SepAdtLogAuditRecord( &AuditParameters ); 02769 } }

NTSTATUS SepAdtInitializeCrashOnFail (  VOID   )

Definition at line 242 of file adtinit.c. References ASSERT, CHAR, FALSE, KeyName, L, NT_SUCCESS, NtClose(), NtOpenKey(), NtQueryValueKey(), NTSTATUS(), NULL, RtlInitUnicodeString(), SepCrashOnAuditFail, Status, TRUE, and ValueName. Referenced by SeRmInitPhase1(). : Reads the registry to see if the user has told us to crash if an audit fails. Arguments: None. Return Value: STATUS_SUCCESS --*/ { HANDLE KeyHandle; NTSTATUS Status; NTSTATUS TmpStatus; OBJECT_ATTRIBUTES Obja; ULONG ResultLength; UNICODE_STRING KeyName; UNICODE_STRING ValueName; CHAR KeyInfo[sizeof(KEY_VALUE_PARTIAL_INFORMATION) + sizeof(BOOLEAN)]; PKEY_VALUE_PARTIAL_INFORMATION pKeyInfo; SepCrashOnAuditFail = FALSE; // // Check the value of the CrashOnAudit flag in the registry. // RtlInitUnicodeString( &KeyName, L"\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Lsa"); InitializeObjectAttributes( &Obja, &KeyName, OBJ_CASE_INSENSITIVE, NULL, NULL ); Status = NtOpenKey( &KeyHandle, KEY_QUERY_VALUE | KEY_SET_VALUE, &Obja ); if (Status == STATUS_OBJECT_NAME_NOT_FOUND) { return( STATUS_SUCCESS ); } RtlInitUnicodeString( &ValueName, CRASH_ON_AUDIT_FAIL_VALUE ); Status = NtQueryValueKey( KeyHandle, &ValueName, KeyValuePartialInformation, KeyInfo, sizeof(KeyInfo), &ResultLength ); TmpStatus = NtClose(KeyHandle); ASSERT(NT_SUCCESS(TmpStatus)); // // If the key isn't there, don't turn on CrashOnFail. // if (NT_SUCCESS( Status )) { pKeyInfo = (PKEY_VALUE_PARTIAL_INFORMATION)KeyInfo; if ((UCHAR) *(pKeyInfo->Data) == LSAP_CRASH_ON_AUDIT_FAIL) { SepCrashOnAuditFail = TRUE; } } return( STATUS_SUCCESS ); }

BOOLEAN SepAdtInitializePrivilegeAuditing (  VOID   )

Definition at line 329 of file adtinit.c. References ASSERT, CHAR, FALSE, FULL_PRIVILEGE_AUDITING, KeyName, L, NT_SUCCESS, NtClose(), NtOpenKey(), NtQueryValueKey(), NTSTATUS(), NULL, PAGED_CODE, RtlInitUnicodeString(), SepInitializePrivilegeFilter(), Status, and ValueName. Referenced by SeRmInitPhase1(). : Checks to see if there is an entry in the registry telling us to do full privilege auditing (which currently means audit everything we normall audit, plus backup and restore privileges). Arguments: None Return Value: BOOLEAN - TRUE if Auditing has been initialized correctly, else FALSE. --*/ { HANDLE KeyHandle; NTSTATUS Status; NTSTATUS TmpStatus; OBJECT_ATTRIBUTES Obja; ULONG ResultLength; UNICODE_STRING KeyName; UNICODE_STRING ValueName; CHAR KeyInfo[sizeof(KEY_VALUE_PARTIAL_INFORMATION) + sizeof(BOOLEAN)]; PKEY_VALUE_PARTIAL_INFORMATION pKeyInfo; BOOLEAN Verbose; PAGED_CODE(); // // Query the registry to set up the privilege auditing filter. // RtlInitUnicodeString( &KeyName, L"\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Lsa"); InitializeObjectAttributes( &Obja, &KeyName, OBJ_CASE_INSENSITIVE, NULL, NULL ); Status = NtOpenKey( &KeyHandle, KEY_QUERY_VALUE | KEY_SET_VALUE, &Obja ); if (!NT_SUCCESS( Status )) { if (Status == STATUS_OBJECT_NAME_NOT_FOUND) { return ( SepInitializePrivilegeFilter( FALSE )); } else { return( FALSE ); } } RtlInitUnicodeString( &ValueName, FULL_PRIVILEGE_AUDITING ); Status = NtQueryValueKey( KeyHandle, &ValueName, KeyValuePartialInformation, KeyInfo, sizeof(KeyInfo), &ResultLength ); TmpStatus = NtClose(KeyHandle); ASSERT(NT_SUCCESS(TmpStatus)); if (!NT_SUCCESS( Status )) { Verbose = FALSE; } else { pKeyInfo = (PKEY_VALUE_PARTIAL_INFORMATION)KeyInfo; Verbose = (BOOLEAN) *(pKeyInfo->Data); } return ( SepInitializePrivilegeFilter( Verbose )); }

BOOLEAN SepAdtValidateAuditBounds (  ULONG  Upper, ULONG  Lower )

Definition at line 39 of file adtinit.c. References FALSE, PAGED_CODE, and TRUE. Referenced by SepAdtInitializeBounds(). : Examines the audit queue high and low water mark values and performs a general sanity check on them. Arguments: Upper - High water mark. Lower - Low water mark. Return Value: TRUE - values are acceptable. FALSE - values are unacceptable. --*/ { PAGED_CODE(); if ( Lower >= Upper ) { return( FALSE ); } if ( Lower < 16 ) { return( FALSE ); } if ( (Upper - Lower) < 16 ) { return( FALSE ); } return( TRUE ); }

VOID SepAssemblePrivileges (  IN ULONG  PrivilegeCount, IN BOOLEAN  SystemSecurity, IN BOOLEAN  WriteOwner, OUT PPRIVILEGE_SET *  Privileges )

Definition at line 1071 of file seglobal.c. References ASSERT, DoublePrivilegeSetSize, ExAllocatePoolWithTag, NULL, PAGED_CODE, PagedPool, POOL_RAISE_IF_ALLOCATION_FAILURE, SepDoublePrivilegeSet, SepSystemSecurityPrivilegeSet, SepTakeOwnershipPrivilegeSet, and SinglePrivilegeSetSize. Referenced by SepAccessCheck(). : This routine takes the results of the various privilege checks in SeAccessCheck and returns an appropriate privilege set. Arguments: PrivilegeCount - The number of privileges granted. SystemSecurity - Provides a boolean indicating whether to put SeSecurityPrivilege into the output privilege set. WriteOwner - Provides a boolean indicating whether to put SeTakeOwnershipPrivilege into the output privilege set. Privileges - Supplies a pointer that will return the privilege set. Should be freed with ExFreePool when no longer needed. Return Value: None. --*/ { PPRIVILEGE_SET PrivilegeSet; ULONG SizeRequired; PAGED_CODE(); ASSERT( (PrivilegeCount != 0) && (PrivilegeCount <= 2) ); if ( !ARGUMENT_PRESENT( Privileges ) ) { return; } if ( PrivilegeCount == 1 ) { SizeRequired = SinglePrivilegeSetSize; if ( SystemSecurity ) { PrivilegeSet = SepSystemSecurityPrivilegeSet; } else { ASSERT( WriteOwner ); PrivilegeSet = SepTakeOwnershipPrivilegeSet; } } else { SizeRequired = DoublePrivilegeSetSize; PrivilegeSet = SepDoublePrivilegeSet; } *Privileges = ExAllocatePoolWithTag( PagedPool | POOL_RAISE_IF_ALLOCATION_FAILURE, SizeRequired, 'rPeS' ); if ( *Privileges != NULL ) { RtlCopyMemory ( *Privileges, PrivilegeSet, SizeRequired ); } }

BOOLEAN SepAuditAlarm (  IN PUNICODE_STRING  SubsystemName, IN PVOID  HandleId, IN PUNICODE_STRING  ObjectTypeName, IN PUNICODE_STRING  ObjectName, IN PSECURITY_DESCRIPTOR  SecurityDescriptor, IN ACCESS_MASK  DesiredAccess, IN BOOLEAN  ObjectCreation, IN ACCESS_MASK  GrantedAccess, OUT PBOOLEAN  GenerateOnClose )

BOOLEAN SepCheckAcl (  IN PACL  Acl, IN ULONG  Length )

Definition at line 36 of file sep.c. References FALSE, and RtlValidAcl(). Referenced by SeCaptureAcl(), and SeCaptureSecurityDescriptor(). 00043 : 00044 00045 This is a private routine that checks that an acl is well formed. 00046 00047 Arguments: 00048 00049 Acl - Supplies the acl to check 00050 00051 Length - Supplies the real size of the acl. The internal acl size 00052 must agree. 00053 00054 Return Value: 00055 00056 BOOLEAN - TRUE if the acl is well formed and FALSE otherwise 00057 00058 --*/ 00059 { 00060 if ((Length < sizeof(ACL)) || (Length != Acl->AclSize)) { 00061 return FALSE; 00062 } 00063 return RtlValidAcl( Acl ); 00064 } }

VOID SepConcatenatePrivileges (  IN PPRIVILEGE_SET  TargetPrivilegeSet, IN ULONG  TargetBufferSize, IN PPRIVILEGE_SET  SourcePrivilegeSet )

Definition at line 543 of file seastate.c. References ASSERT, PAGED_CODE, SEP_PRIVILEGE_SET_HEADER_SIZE, and SepPrivilegeSetSize. Referenced by SeAppendPrivileges(). 00551 : 00552 00553 Takes two privilege sets and appends the second to the end of the 00554 first. 00555 00556 There must be enough space left at the end of the first privilege 00557 set to contain the second. 00558 00559 Arguments: 00560 00561 TargetPrivilegeSet - Supplies a buffer containing a privilege set. 00562 The buffer must be large enough to contain the second privilege 00563 set. 00564 00565 TargetBufferSize - Supplies the size of the target buffer. 00566 00567 SourcePrivilegeSet - Supplies the privilege set to be copied 00568 into the target buffer. 00569 00570 Return Value: 00571 00572 None 00573 00574 --*/ 00575 00576 { 00577 PVOID Base; 00578 PVOID Source; 00579 ULONG Length; 00580 00581 PAGED_CODE(); 00582 00583 ASSERT( ((ULONG)SepPrivilegeSetSize( TargetPrivilegeSet ) + 00584 (ULONG)SepPrivilegeSetSize( SourcePrivilegeSet ) - 00585 SEP_PRIVILEGE_SET_HEADER_SIZE ) <= 00586 TargetBufferSize 00587 ); 00588 00589 Base = (PVOID)((ULONG_PTR)TargetPrivilegeSet + SepPrivilegeSetSize( TargetPrivilegeSet )); 00590 00591 Source = (PVOID) ((ULONG_PTR)SourcePrivilegeSet + SEP_PRIVILEGE_SET_HEADER_SIZE); 00592 00593 Length = SourcePrivilegeSet->PrivilegeCount * sizeof(LUID_AND_ATTRIBUTES); 00594 00595 RtlMoveMemory( 00596 Base, 00597 Source, 00598 Length 00599 ); 00600 00601 TargetPrivilegeSet->PrivilegeCount += SourcePrivilegeSet->PrivilegeCount; 00602 00603 } }

NTSTATUS SepCopyProxyData (  OUT PSECURITY_TOKEN_PROXY_DATA *  DestProxyData, IN PSECURITY_TOKEN_PROXY_DATA  SourceProxyData )

Definition at line 681 of file se/capture.c. References ExAllocatePoolWithTag, ExFreePool(), NULL, PAGED_CODE, PagedPool, and RtlCopyUnicodeString(). Referenced by SepCreateToken(), SepDuplicateToken(), SepFilterToken(), and SepProbeAndCaptureQosData(). : This routine copies a token proxy data structure from one token to another. Arguments: DestProxyData - Receives a pointer to a new proxy data structure. SourceProxyData - Supplies a pointer to an already existing proxy data structure. Return Value: STATUS_INSUFFICIENT_RESOURCES on failure. --*/ { PAGED_CODE(); *DestProxyData = ExAllocatePoolWithTag( PagedPool, sizeof( SECURITY_TOKEN_PROXY_DATA ), 'dPoT' ); if (*DestProxyData == NULL) { return( STATUS_INSUFFICIENT_RESOURCES ); } (*DestProxyData)->PathInfo.Buffer = ExAllocatePoolWithTag( PagedPool, SourceProxyData->PathInfo.Length, 'dPoT' ); if ((*DestProxyData)->PathInfo.Buffer == NULL) { ExFreePool( *DestProxyData ); *DestProxyData = NULL; return( STATUS_INSUFFICIENT_RESOURCES ); } (*DestProxyData)->Length = SourceProxyData->Length; (*DestProxyData)->ProxyClass = SourceProxyData->ProxyClass; (*DestProxyData)->PathInfo.MaximumLength = (*DestProxyData)->PathInfo.Length = SourceProxyData->PathInfo.Length; (*DestProxyData)->ContainerMask = SourceProxyData->ContainerMask; (*DestProxyData)->ObjectMask = SourceProxyData->ObjectMask; RtlCopyUnicodeString( &(*DestProxyData)->PathInfo, &SourceProxyData->PathInfo ); return( STATUS_SUCCESS ); }

VOID SepCopyString (  IN PUNICODE_STRING  SourceString, OUT PUNICODE_STRING *  DestString )

NTSTATUS SepCreateToken (  OUT PHANDLE  TokenHandle, IN KPROCESSOR_MODE  RequestorMode, IN ACCESS_MASK  DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes  OPTIONAL, IN TOKEN_TYPE  TokenType, IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel  OPTIONAL, IN PLUID  AuthenticationId, IN PLARGE_INTEGER  ExpirationTime, IN PSID_AND_ATTRIBUTES  User, IN ULONG  GroupCount, IN PSID_AND_ATTRIBUTES  Groups, IN ULONG  GroupsLength, IN ULONG  PrivilegeCount, IN PLUID_AND_ATTRIBUTES  Privileges, IN ULONG  PrivilegesLength, IN PSID Owner  OPTIONAL, IN PSID  PrimaryGroup, IN PACL DefaultDacl  OPTIONAL, IN PTOKEN_SOURCE  TokenSource, IN BOOLEAN  SystemToken, IN PSECURITY_TOKEN_PROXY_DATA ProxyData  OPTIONAL, IN PSECURITY_TOKEN_AUDIT_DATA AuditData  OPTIONAL )

Definition at line 2213 of file token.c. References ALIGN_UP, ASSERT, ExAllocateLocallyUniqueId, ExAllocatePool, ExAllocatePoolWithTag, FALSE, _OBJECT_TYPE_INITIALIZER::GenericMapping, NT_SUCCESS, NTSTATUS(), NULL, ObCreateObject(), ObDeleteCapturedInsertInfo(), ObDereferenceObject, ObInsertObject(), ObjectAttributes, Owner, PAGED_CODE, PagedPool, PTOKEN, RtlCopySid(), RtlCopySidAndAttributesArray(), RtlEqualLuid(), RtlEqualSid(), RtlLengthRequiredSid(), SeAliasAdminsSid, SeChangeNotifyPrivilege, SeCreateAccessState(), SeCreateTokenPrivilege, SeDeleteAccessState(), SepArrayGroupAttributes, SepCopyProxyData(), SepDeReferenceLogonSession(), SepReferenceLogonSession(), SepTokenObjectType, SeSinglePrivilegeCheck(), Status, Token, TOKEN_DEFAULT_DYNAMIC_CHARGE, TOKEN_HAS_ADMIN_GROUP, TOKEN_HAS_TRAVERSE_PRIVILEGE, TRUE, _OBJECT_TYPE::TypeInfo, and UserMode. Referenced by NtCreateToken(), SeMakeAnonymousLogonToken(), and SeMakeSystemToken(). 02240 : 02241 02242 Create a token object and return a handle opened for access to 02243 that token. This API implements the bulk of the work needed 02244 for NtCreateToken. 02245 02246 All parameters except DesiredAccess and ObjectAttributes are assumed 02247 to have been probed and captured. 02248 02249 The output parameter (TokenHandle) is expected to be returned to a 02250 safe address, rather than to a user mode address that may cause an 02251 exception. 02252 02253 !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! 02254 NOTE: This routine is also used to create the initial system token. 02255 In that case, the SystemToken parameter is TRUE and no handle 02256 is established to the token. Instead, a pointer to the token 02257 is returned via the TokenHandle parameter. 02258 !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! 02259 02260 02261 Arguments: 02262 02263 TokenHandle - Receives the handle of the newly created token. If the 02264 SystemToken parameter is specified is true, then this parameter 02265 receives a pointer to the token instead of a handle to the token. 02266 02267 RequestorMode - The mode of the caller on whose behalf the token 02268 is being created. 02269 02270 DesiredAccess - Is an access mask indicating which access types 02271 the handle is to provide to the new object. 02272 02273 ObjectAttributes - Points to the standard object attributes data 02274 structure. Refer to the NT Object Management 02275 Specification for a description of this data structure. 02276 02277 TokenType - Type of token to be created. Privilege is required 02278 to create any type of token. 02279 02280 ImpersonationLevel - If the token type is TokenImpersonation, then 02281 this parameter is used to specify the impersonation level of 02282 the token. 02283 02284 AuthenticationId - Points to a LUID (or LUID) providing a unique 02285 identifier associated with the authentication. This is used 02286 within security only, for audit purposes. 02287 02288 ExpirationTime - Time at which the token becomes invalid. If this 02289 value is specified as zero, then the token has no expiration 02290 time. 02291 02292 User - Is the user SID to place in the token. 02293 02294 GroupCount - Indicates the number of groups in the 'Groups' parameter. 02295 This value may be zero, in which case the 'Groups' parameter is 02296 ignored. 02297 02298 Groups - Are the group SIDs, and their corresponding attributes, 02299 to place in the token. 02300 02301 GroupsLength - Indicates the length, in bytes, of the array of groups 02302 to place in the token. 02303 02304 PrivilegeCount - Indicates the number of privileges in the 'Privileges' 02305 parameter. This value may be zero, in which case the 'Privileges' 02306 parameter is ignored. 02307 02308 Privileges - Are the privilege LUIDs, and their corresponding attributes, 02309 to place in the token. 02310 02311 PrivilegesLength - Indicates the length, in bytes, of the array of 02312 privileges to place in the token. 02313 02314 Owner - (Optionally) identifies an identifier that is to be used 02315 as the default owner for the token. If not provided, the 02316 user ID is made the default owner. 02317 02318 PrimaryGroup - Identifies which of the group IDs is to be the 02319 primary group of the token. 02320 02321 DefaultDacl - (optionally) establishes an ACL to be used as the 02322 default discretionary access protection for the token. 02323 02324 TokenSource - Identifies the token source name string and 02325 identifier to be assigned to the token. 02326 02327 Return Value: 02328 02329 STATUS_SUCCESS - Indicates the operation was successful. 02330 02331 STATUS_INVALID_OWNER - Indicates the ID provided to be assigned 02332 as the default owner of the token does not have an attribute 02333 indicating it may be assigned as an owner. 02334 02335 STATUS_INVALID_PRIMARY_GROUP - Indicates the group ID provided 02336 via the PrimaryGroup parameter was not among those assigned 02337 to the token in the Groups parameter. 02338 02339 STATUS_INVALID_PARAMETER - Indicates that a required parameter, 02340 such as User or PrimaryGroup, was not provided with a legitimate 02341 value. 02342 02343 --*/ 02344 02345 { 02346 02347 PTOKEN Token; 02348 NTSTATUS Status; 02349 02350 ULONG PagedPoolSize; 02351 02352 ULONG PrimaryGroupLength; 02353 02354 ULONG TokenBodyLength; 02355 ULONG VariableLength; 02356 02357 ULONG DefaultOwnerIndex; 02358 PUCHAR Where ; 02359 ULONG ComputedPrivLength ; 02360 02361 //ULONG_PTR NextFree; 02362 PSID NextSidFree; 02363 02364 ULONG DynamicLength = TOKEN_DEFAULT_DYNAMIC_CHARGE; 02365 ULONG DynamicLengthUsed; 02366 02367 ULONG SubAuthorityCount; 02368 ULONG GroupIndex; 02369 ULONG PrivilegeIndex; 02370 BOOLEAN OwnerFound; 02371 02372 UCHAR TokenFlags = 0; 02373 02374 ACCESS_STATE AccessState; 02375 AUX_ACCESS_DATA AuxData; 02376 LUID NewModifiedId; 02377 02378 PAGED_CODE(); 02379 02380 ASSERT( sizeof(SECURITY_IMPERSONATION_LEVEL) <= sizeof(ULONG) ); 02381 02382 // 02383 // Make sure the Enabled and Enabled-by-default bits are set on every 02384 // mandatory group. 02385 // 02386 // Also, check to see if the local administrators alias is present. 02387 // if so, turn on the flag so that we can do restrictions later 02388 // 02389 02390 for (GroupIndex=0; GroupIndex < GroupCount; GroupIndex++) { 02391 if (Groups[GroupIndex].Attributes & SE_GROUP_MANDATORY) { 02392 Groups[GroupIndex].Attributes |= (SE_GROUP_ENABLED | SE_GROUP_ENABLED_BY_DEFAULT); 02393 } 02394 if ( RtlEqualSid( SeAliasAdminsSid, Groups[GroupIndex].Sid ) ) 02395 { 02396 TokenFlags |= TOKEN_HAS_ADMIN_GROUP ; 02397 } 02398 } 02399 02400 // 02401 // Check to see if the token being created is going to be granted 02402 // SeChangeNotifyPrivilege. If so, set a flag in the TokenFlags field 02403 // so we can find this out quickly. 02404 // 02405 02406 for (PrivilegeIndex = 0; PrivilegeIndex < PrivilegeCount; PrivilegeIndex++) { 02407 02408 if (((RtlEqualLuid(&Privileges[PrivilegeIndex].Luid,&SeChangeNotifyPrivilege)) 02409 && 02410 (Privileges[PrivilegeIndex].Attributes & SE_PRIVILEGE_ENABLED))) { 02411 02412 TokenFlags |= TOKEN_HAS_TRAVERSE_PRIVILEGE; 02413 break; 02414 } 02415 } 02416 02417 02418 // 02419 // Get a ModifiedId to use 02420 // 02421 02422 ExAllocateLocallyUniqueId( &NewModifiedId ); 02423 02424 // 02425 // Validate the owner ID, if provided and establish the default 02426 // owner index. 02427 // 02428 02429 if (!ARGUMENT_PRESENT(Owner)) { 02430 02431 DefaultOwnerIndex = 0; 02432 02433 } else { 02434 02435 02436 if ( RtlEqualSid( Owner, User->Sid ) ) { 02437 02438 DefaultOwnerIndex = 0; 02439 02440 } else { 02441 02442 GroupIndex = 0; 02443 OwnerFound = FALSE; 02444 02445 while ((GroupIndex < GroupCount) && (!OwnerFound)) { 02446 02447 if ( RtlEqualSid( Owner, (Groups[GroupIndex].Sid) ) ) { 02448 02449 // 02450 // Found a match - make sure it is assignable as owner. 02451 // 02452 02453 if ( SepArrayGroupAttributes( Groups, GroupIndex ) & 02454 SE_GROUP_OWNER ) { 02455 02456 DefaultOwnerIndex = GroupIndex + 1; 02457 OwnerFound = TRUE; 02458 02459 } else { 02460 02461 return STATUS_INVALID_OWNER; 02462 02463 } // endif Owner attribute set 02464 02465 } // endif owner = group 02466 02467 GroupIndex += 1; 02468 02469 } // endwhile 02470 02471 if (!OwnerFound) { 02472 02473 return STATUS_INVALID_OWNER; 02474 02475 } // endif !OwnerFound 02476 } // endif owner = user 02477 } // endif owner specified 02478 02479 02480 02481 // 02482 // Increment the reference count for this logon session 02483 // (fail if there is no corresponding logon session.) 02484 // 02485 02486 Status = SepReferenceLogonSession( AuthenticationId ); 02487 if ( !NT_SUCCESS(Status) ) { 02488 return Status; 02489 } 02490 02491 02492 02493 02494 // 02495 // Calculate the length needed for the variable portion of the token 02496 // This includes the User ID, Group IDs, and Privileges 02497 // 02498 // 02499 // Align the privilege chunk by pointer alignment so that the SIDs will 02500 // be correctly aligned. Align the Groups Length so that the SID_AND_ATTR 02501 // array (which is 02502 // 02503 02504 ComputedPrivLength = PrivilegeCount * sizeof( LUID_AND_ATTRIBUTES ) ; 02505 02506 ComputedPrivLength = ALIGN_UP( ComputedPrivLength, PVOID ); 02507 02508 GroupsLength = ALIGN_UP( GroupsLength, PVOID ); 02509 02510 02511 VariableLength = GroupsLength + ComputedPrivLength + 02512 ALIGN_UP( (GroupCount * sizeof( SID_AND_ATTRIBUTES )), PVOID ) ; 02513 02514 SubAuthorityCount = ((SID *)(User->Sid))->SubAuthorityCount; 02515 VariableLength += sizeof(SID_AND_ATTRIBUTES) + 02516 (ULONG)LongAlignSize(RtlLengthRequiredSid( SubAuthorityCount )); 02517 02518 02519 02520 // 02521 // Calculate the length needed for the dynamic portion of the token 02522 // This includes the default Dacl and the primary group. 02523 // 02524 02525 SubAuthorityCount = ((SID *)PrimaryGroup)->SubAuthorityCount; 02526 DynamicLengthUsed = (ULONG)LongAlignSize(RtlLengthRequiredSid( SubAuthorityCount )); 02527 02528 if (ARGUMENT_PRESENT(DefaultDacl)) { 02529 DynamicLengthUsed += (ULONG)LongAlignSize(DefaultDacl->AclSize); 02530 } 02531 02532 if (DynamicLengthUsed > DynamicLength) { 02533 DynamicLength = DynamicLengthUsed; 02534 } 02535 02536 // 02537 // Now create the token body 02538 // 02539 02540 TokenBodyLength = sizeof(TOKEN) + VariableLength; 02541 PagedPoolSize = TokenBodyLength + DynamicLength; 02542 02543 02544 Status = ObCreateObject( 02545 RequestorMode, // ProbeMode 02546 SepTokenObjectType, // ObjectType 02547 ObjectAttributes, // ObjectAttributes 02548 UserMode, // OwnershipMode 02549 NULL, // ParseContext 02550 TokenBodyLength, // ObjectBodySize 02551 PagedPoolSize, // PagedPoolCharge 02552 0, // NonPagedPoolCharge 02553 (PVOID *)&Token // Return pointer to object 02554 ); 02555 02556 if (!NT_SUCCESS(Status)) { 02557 SepDeReferenceLogonSession( AuthenticationId ); 02558 return Status; 02559 } 02560 02561 // 02562 // After this point, we rely on token deletion to clean up the referenced 02563 // logon session if the creation fails. 02564 // 02565 02566 02567 // 02568 // Main Body initialization 02569 // 02570 02571 02572 ExAllocateLocallyUniqueId( &(Token->TokenId) ); 02573 Token->ParentTokenId = RtlConvertLongToLuid(0); 02574 Token->AuthenticationId = (*AuthenticationId); 02575 Token->TokenInUse = FALSE; 02576 Token->ModifiedId = NewModifiedId; 02577 Token->ExpirationTime = (*ExpirationTime); 02578 Token->TokenType = TokenType; 02579 Token->ImpersonationLevel = ImpersonationLevel; 02580 Token->TokenSource = (*TokenSource); 02581 02582 Token->TokenFlags = TokenFlags; 02583 Token->SessionId = 0; 02584 02585 Token->DynamicCharged = DynamicLength; 02586 Token->DynamicAvailable = DynamicLength - DynamicLengthUsed; 02587 02588 Token->DefaultOwnerIndex = DefaultOwnerIndex; 02589 Token->DefaultDacl = NULL; 02590 02591 Token->VariableLength = VariableLength; 02592 02593 // Ensure SepTokenDeleteMethod knows the buffers aren't allocated yet. 02594 Token->ProxyData = NULL; 02595 Token->AuditData = NULL; 02596 Token->DynamicPart = NULL; 02597 02598 if (ARGUMENT_PRESENT( ProxyData )) { 02599 02600 Status = SepCopyProxyData( 02601 &Token->ProxyData, 02602 ProxyData 02603 ); 02604 02605 if (!NT_SUCCESS(Status)) { 02606 ObDereferenceObject( Token ); 02607 return( STATUS_NO_MEMORY ); 02608 } 02609 02610 } else { 02611 02612 Token->ProxyData = NULL; 02613 } 02614 02615 if (ARGUMENT_PRESENT( AuditData )) { 02616 02617 Token->AuditData = ExAllocatePool( PagedPool, sizeof( SECURITY_TOKEN_AUDIT_DATA )); 02618 02619 if (Token->AuditData == NULL) { 02620 ObDereferenceObject( Token ); 02621 return( STATUS_NO_MEMORY ); 02622 } 02623 02624 *(Token->AuditData) = *AuditData; 02625 02626 } else { 02627 02628 Token->AuditData = NULL; 02629 } 02630 02631 02632 // 02633 // Variable part initialization 02634 // Data is in the following order: 02635 // 02636 // Privileges array 02637 // User (SID_AND_ATTRIBUTES) 02638 // Groups (SID_AND_ATTRIBUTES) 02639 // Restricted Sids (SID_AND_ATTRIBUTES) 02640 // SIDs 02641 // 02642 02643 Where = (PUCHAR) & Token->VariablePart ; 02644 02645 Token->Privileges = (PLUID_AND_ATTRIBUTES) Where ; 02646 Token->PrivilegeCount = PrivilegeCount ; 02647 02648 RtlCopyMemory( 02649 Where, 02650 Privileges, 02651 PrivilegeCount * sizeof(LUID_AND_ATTRIBUTES) ); 02652 02653 ASSERT( ComputedPrivLength >= PrivilegeCount * sizeof( LUID_AND_ATTRIBUTES ) ); 02654 02655 Where += ComputedPrivLength ; 02656 VariableLength -= ComputedPrivLength ; 02657 02658 ASSERT( (((ULONG_PTR) Where ) & (sizeof(PVOID) - 1)) == 0 ); 02659 02660 // 02661 // Now, copy the sid and attributes arrays. 02662 // 02663 02664 NextSidFree = (PSID) (Where + (sizeof( SID_AND_ATTRIBUTES ) * 02665 (GroupCount + 1) ) ); 02666 02667 Token->UserAndGroups = (PSID_AND_ATTRIBUTES) Where ; 02668 Token->UserAndGroupCount = GroupCount + 1 ; 02669 02670 02671 ASSERT(VariableLength >= ((GroupCount + 1) * (ULONG)sizeof(SID_AND_ATTRIBUTES))); 02672 02673 VariableLength -= ((GroupCount + 1) * (ULONG)sizeof(SID_AND_ATTRIBUTES)); 02674 Status = RtlCopySidAndAttributesArray( 02675 1, 02676 User, 02677 VariableLength, 02678 (PSID_AND_ATTRIBUTES)Where, 02679 NextSidFree, 02680 &NextSidFree, 02681 &VariableLength 02682 ); 02683 02684 Where += sizeof( SID_AND_ATTRIBUTES ); 02685 02686 ASSERT( (((ULONG_PTR) Where ) & (sizeof(PVOID) - 1)) == 0 ); 02687 02688 Status = RtlCopySidAndAttributesArray( 02689 GroupCount, 02690 Groups, 02691 VariableLength, 02692 (PSID_AND_ATTRIBUTES)Where, 02693 NextSidFree, 02694 &NextSidFree, 02695 &VariableLength 02696 ); 02697 02698 02699 ASSERT(NT_SUCCESS(Status)); 02700 02701 02702 Token->RestrictedSids = NULL; 02703 Token->RestrictedSidCount = 0; 02704 02705 02706 // 02707 // Dynamic part initialization 02708 // Data is in the following order: 02709 // 02710 // PrimaryGroup (SID) 02711 // Default Discreationary Acl (ACL) 02712 // 02713 02714 Token->DynamicPart = (PULONG)ExAllocatePoolWithTag( PagedPool, DynamicLength, 'dTeS' ); 02715 02716 // 02717 // The attempt to allocate the DynamicPart of the token may have 02718 // failed. Dereference the created object and exit with an error. 02719 // 02720 02721 if (Token->DynamicPart == NULL) { 02722 ObDereferenceObject( Token ); 02723 return( STATUS_NO_MEMORY ); 02724 } 02725 02726 02727 Where = (PUCHAR) Token->DynamicPart; 02728 02729 Token->PrimaryGroup = (PSID) Where; 02730 PrimaryGroupLength = RtlLengthRequiredSid( ((SID *)PrimaryGroup)->SubAuthorityCount ); 02731 RtlCopySid( PrimaryGroupLength, (PSID)Where, PrimaryGroup ); 02732 Where += (ULONG)LongAlignSize(PrimaryGroupLength); 02733 02734 if (ARGUMENT_PRESENT(DefaultDacl)) { 02735 Token->DefaultDacl = (PACL)Where; 02736 02737 RtlCopyMemory( (PVOID)Where, 02738 (PVOID)DefaultDacl, 02739 DefaultDacl->AclSize 02740 ); 02741 } 02742 02743 #ifdef TOKEN_DEBUG 02744 02745 // 02746 // Debug 02747 SepDumpToken( Token ); 02748 // Debug 02749 // 02751 #endif //TOKEN_DEBUG 02752 02753 02754 // 02755 // Insert the token unless it is a system token. 02756 // 02757 02758 if (!SystemToken) { 02759 02760 Status = SeCreateAccessState( 02761 &AccessState, 02762 &AuxData, 02763 DesiredAccess, 02764 &SepTokenObjectType->TypeInfo.GenericMapping 02765 ); 02766 02767 if ( NT_SUCCESS(Status) ) { 02768 BOOLEAN PrivilegeHeld; 02769 02770 PrivilegeHeld = SeSinglePrivilegeCheck( 02771 SeCreateTokenPrivilege, 02772 KeGetPreviousMode() 02773 ); 02774 02775 if (PrivilegeHeld) { 02776 02777 Status = ObInsertObject( Token, 02778 &AccessState, 02779 0, 02780 0, 02781 (PVOID *)NULL, 02782 TokenHandle 02783 ); 02784 02785 } else { 02786 02787 Status = STATUS_PRIVILEGE_NOT_HELD; 02788 ObDereferenceObject( Token ); 02789 } 02790 02791 SeDeleteAccessState( &AccessState ); 02792 02793 } else { 02794 02795 ObDereferenceObject( Token ); 02796 } 02797 } else { 02798 02799 ASSERT( NT_SUCCESS( Status ) ); 02800 ObDeleteCapturedInsertInfo(Token); 02801 // 02802 // Return pointer instead of handle. 02803 // 02804 02805 (*TokenHandle) = (HANDLE)Token; 02806 } 02807 02808 return Status; 02809 02810 }

VOID SepDeReferenceLogonSession (  IN PLUID  LogonId  )

Definition at line 384 of file rmlogon.c. References DbgPrint, ExFreePool(), _SEP_LOGON_SESSION_REFERENCES::Flags, KeBugCheck(), _SEP_LOGON_SESSION_REFERENCES::LogonId, _SEP_LOGON_SESSION_REFERENCES::Next, NULL, PAGED_CODE, PsGetCurrentThread, _SEP_LOGON_SESSION_REFERENCES::ReferenceCount, RtlEqualLuid(), SEP_TERMINATION_NOTIFY, SepInformFileSystemsOfDeletedLogon(), SepInformLsaOfDeletedLogon(), SepLogonSessionIndex, SepLogonSessions, SepRmAcquireDbWriteLock, and SepRmReleaseDbWriteLock. Referenced by SepCreateToken(), SepDuplicateToken(), SepFilterToken(), and SepTokenDeleteMethod(). : This routine decrements the reference count of a logon session tracking record. If the reference count is decremented to zero, then there is no possibility for any more tokens to exist for the logon session. In this case, the LSA is notified that a logon session has terminated. Arguments: LogonId - Pointer to the logon session ID whose logon track is to be decremented. Return Value: None. --*/ { ULONG SessionArrayIndex; PSEP_LOGON_SESSION_REFERENCES Previous, Current; #ifdef SEP_TRACK_LOGON_SESSION_REFS ULONG Refs; #endif //SEP_TRACK_LOGON_SESSION_REFS PAGED_CODE(); SessionArrayIndex = SepLogonSessionIndex( LogonId ); // // Protect modification of reference monitor database // SepRmAcquireDbWriteLock(); // // Now walk the list for our logon session array hash index. // Previous = (PSEP_LOGON_SESSION_REFERENCES) ((PVOID)&SepLogonSessions[ SessionArrayIndex ]); Current = Previous->Next; while (Current != NULL) { // // If we found it, decrement the reference count and return // if (RtlEqualLuid( LogonId, &Current->LogonId) ) { Current->ReferenceCount -= 1; if (Current->ReferenceCount == 0) { // // Pull it from the list // Previous->Next = Current->Next; // // No longer need to protect our pointer to this // record. // SepRmReleaseDbWriteLock(); // // Asynchronoously inform file systems that this logon session // is going away, if atleast one FS expressed interest in this // logon session. // if (Current->Flags & SEP_TERMINATION_NOTIFY) { SepInformFileSystemsOfDeletedLogon( LogonId ); } // // Deallocate the logon session track record. // ExFreePool( (PVOID)Current ); #ifdef SEP_TRACK_LOGON_SESSION_REFS DbgPrint("SE (rm): -- ** logon session: (%d, %d) to ZERO by (%d, %d)\n", LogonId->HighPart, LogonId->LowPart, PsGetCurrentThread()->Cid.UniqueProcess, PsGetCurrentThread()->Cid.UniqueThread); #endif //SEP_TRACK_LOGON_SESSION_REFS // // Inform the LSA about the deletion of this logon session. // SepInformLsaOfDeletedLogon( LogonId ); return; } // // reference count was incremented, but not to zero. // #ifdef SEP_TRACK_LOGON_SESSION_REFS Refs = Current->ReferenceCount; #endif //SEP_TRACK_LOGON_SESSION_REFS SepRmReleaseDbWriteLock(); #ifdef SEP_TRACK_LOGON_SESSION_REFS DbgPrint("SE (rm): -- logon session: (%d, %d) to %d by (%d, %d)\n", LogonId->HighPart, LogonId->LowPart, Refs, PsGetCurrentThread()->Cid.UniqueProcess, PsGetCurrentThread()->Cid.UniqueThread); #endif //SEP_TRACK_LOGON_SESSION_REFS return; } Previous = Current; Current = Current->Next; } SepRmReleaseDbWriteLock(); // // Bad news, someone asked us to decrement the reference count of // a logon session we didn't know existed. // KeBugCheck( DEREF_UNKNOWN_LOGON_SESSION ); return; }

BOOLEAN SepDevelopmentTest (  VOID   )

Referenced by SepInitializationPhase1().

VOID SepDumpSecurityDescriptor (  IN PSECURITY_DESCRIPTOR  SecurityDescriptor, IN PSZ  TitleString )

Definition at line 650 of file seassign.c. References Dacl, DbgPrint, Group, Owner, PAGED_CODE, SepPrintAcl(), and SepPrintSid(). Referenced by SeAccessCheck(), SeAssignSecurity(), SeAssignSecurityEx(), and SepAccessCheck(). : Private routine to dump a security descriptor to the debug screen. Arguments: SecurityDescriptor - Supplies the security descriptor to be dumped. TitleString - A null terminated string to print before dumping the security descriptor. Return Value: None. --*/ { #if DBG PISECURITY_DESCRIPTOR ISecurityDescriptor; UCHAR Revision; SECURITY_DESCRIPTOR_CONTROL Control; PSID Owner; PSID Group; PACL Sacl; PACL Dacl; PAGED_CODE(); if (!SepDumpSD) { return; } if (!ARGUMENT_PRESENT( SecurityDescriptor )) { return; } DbgPrint(TitleString); ISecurityDescriptor = ( PISECURITY_DESCRIPTOR )SecurityDescriptor; Revision = ISecurityDescriptor->Revision; Control = ISecurityDescriptor->Control; Owner = RtlpOwnerAddrSecurityDescriptor( ISecurityDescriptor ); Group = RtlpGroupAddrSecurityDescriptor( ISecurityDescriptor ); Sacl = RtlpSaclAddrSecurityDescriptor( ISecurityDescriptor ); Dacl = RtlpDaclAddrSecurityDescriptor( ISecurityDescriptor ); DbgPrint("\nSECURITY DESCRIPTOR\n"); DbgPrint("Revision = %d\n",Revision); // // Print control info // if (Control & SE_OWNER_DEFAULTED) { DbgPrint("Owner defaulted\n"); } if (Control & SE_GROUP_DEFAULTED) { DbgPrint("Group defaulted\n"); } if (Control & SE_DACL_PRESENT) { DbgPrint("Dacl present\n"); } if (Control & SE_DACL_DEFAULTED) { DbgPrint("Dacl defaulted\n"); } if (Control & SE_SACL_PRESENT) { DbgPrint("Sacl present\n"); } if (Control & SE_SACL_DEFAULTED) { DbgPrint("Sacl defaulted\n"); } if (Control & SE_SELF_RELATIVE) { DbgPrint("Self relative\n"); } if (Control & SE_DACL_UNTRUSTED) { DbgPrint("Dacl untrusted\n"); } if (Control & SE_SERVER_SECURITY) { DbgPrint("Server security\n"); } DbgPrint("Owner "); SepPrintSid( Owner ); DbgPrint("Group "); SepPrintSid( Group ); DbgPrint("Sacl"); SepPrintAcl( Sacl ); DbgPrint("Dacl"); SepPrintAcl( Dacl ); #endif }

VOID SepDumpString (  IN PUNICODE_STRING  String  )

Definition at line 36 of file adtutil.c. References NULL, PAGED_CODE, and String. { PAGED_CODE(); if ( String == NULL) { KdPrint(("<NULL>")); return; } KdPrint(("%Z",String->Buffer)); }

VOID SepDumpTokenInfo (  IN PACCESS_TOKEN  Token  )

Definition at line 995 of file seassign.c. References DbgPrint, PAGED_CODE, PTOKEN, SepPrintSid(), and Token. Referenced by SeAccessCheck(), SepAccessCheck(), SepSidInToken(), and SepSidInTokenEx(). : Prints interesting information in a token. Arguments: Token - Provides the token to be examined. Return Value: None. --*/ { #if DBG ULONG UserAndGroupCount; PSID_AND_ATTRIBUTES TokenSid; ULONG i; PTOKEN IToken; PAGED_CODE(); if (!SepDumpToken) { return; } IToken = (TOKEN *)Token; UserAndGroupCount = IToken->UserAndGroupCount; DbgPrint("\n\nToken Address=%lx\n",IToken); DbgPrint("Token User and Groups Array:\n\n"); for ( i = 0 , TokenSid = IToken->UserAndGroups; i < UserAndGroupCount ; i++, TokenSid++ ) { SepPrintSid( TokenSid->Sid ); } if ( IToken->RestrictedSids ) { UserAndGroupCount = IToken->RestrictedSidCount; DbgPrint("Restricted Sids Array:\n\n"); for ( i = 0 , TokenSid = IToken->RestrictedSids; i < UserAndGroupCount ; i++, TokenSid++ ) { SepPrintSid( TokenSid->Sid ); } } #endif }

VOID SepExamineSacl (  IN PACL  Sacl, IN PACCESS_TOKEN  Token, IN ACCESS_MASK  DesiredAccess, IN BOOLEAN  AccessGranted, OUT PBOOLEAN  GenerateAudit, OUT PBOOLEAN  GenerateAlarm )

Definition at line 3952 of file seaudit.c. References FALSE, FirstAce, NextAce, NULL, PAGED_CODE, SepSidInToken(), Token, and TRUE. Referenced by NtOpenObjectAuditAlarm(), SeCreateObjectAuditAlarm(), SeObjectReferenceAuditAlarm(), SeOpenObjectAuditAlarm(), SeOpenObjectForDeleteAuditAlarm(), and SeTraverseAuditAlarm(). : This routine will examine the passed Sacl and determine what if any action is required based its contents. Note that this routine is not aware of any system state, ie, whether or not auditing is currently enabled for either the system or this particular object type. Arguments: Sacl - Supplies a pointer to the Sacl to be examined. Token - Supplies the effective token of the caller AccessGranted - Supplies whether or not the access attempt was successful. GenerateAudit - Returns a boolean indicating whether or not we should generate an audit. GenerateAlarm - Returns a boolean indiciating whether or not we should generate an alarm. Return Value: STATUS_SUCCESS - The operation completed successfully. --*/ { ULONG i; PVOID Ace; ULONG AceCount; ACCESS_MASK AccessMask; UCHAR AceFlags; BOOLEAN FailedMaximumAllowed; PAGED_CODE(); *GenerateAudit = FALSE; *GenerateAlarm = FALSE; // // If we failed an attempt to open an object for ONLY maximumum allowed, // then we generate an audit if ANY ACCESS_DENIED audit matching this // user's list of sids is found // FailedMaximumAllowed = FALSE; if (!AccessGranted && (DesiredAccess & MAXIMUM_ALLOWED)) { FailedMaximumAllowed = TRUE; } // // If the Sacl is null, do nothing and return // if (Sacl == NULL) { return; } AceCount = Sacl->AceCount; if (AceCount == 0) { return; } // // Iterate through the ACEs on the Sacl until either we reach // the end or discover that we have to take all possible actions, // in which case it doesn't pay to look any further // for ( i = 0, Ace = FirstAce( Sacl ) ; (i < AceCount) && !(*GenerateAudit && *GenerateAlarm); i++, Ace = NextAce( Ace ) ) { if ( !(((PACE_HEADER)Ace)->AceFlags & INHERIT_ONLY_ACE)) { if ( (((PACE_HEADER)Ace)->AceType == SYSTEM_AUDIT_ACE_TYPE) ) { if ( SepSidInToken( (PACCESS_TOKEN)Token, NULL, &((PSYSTEM_AUDIT_ACE)Ace)->SidStart, FALSE ) ) { AccessMask = ((PSYSTEM_AUDIT_ACE)Ace)->Mask; AceFlags = ((PACE_HEADER)Ace)->AceFlags; if ( AccessMask & DesiredAccess ) { if (((AceFlags & SUCCESSFUL_ACCESS_ACE_FLAG) && AccessGranted) || ((AceFlags & FAILED_ACCESS_ACE_FLAG) && !AccessGranted)) { *GenerateAudit = TRUE; } } else if ( FailedMaximumAllowed && (AceFlags & FAILED_ACCESS_ACE_FLAG) ) { *GenerateAudit = TRUE; } } continue; } if ( (((PACE_HEADER)Ace)->AceType == SYSTEM_ALARM_ACE_TYPE) ) { if ( SepSidInToken( (PACCESS_TOKEN)Token, NULL, &((PSYSTEM_ALARM_ACE)Ace)->SidStart, FALSE ) ) { AccessMask = ((PSYSTEM_ALARM_ACE)Ace)->Mask; if ( AccessMask & DesiredAccess ) { AceFlags = ((PACE_HEADER)Ace)->AceFlags; if (((AceFlags & SUCCESSFUL_ACCESS_ACE_FLAG) && AccessGranted) || ((AceFlags & FAILED_ACCESS_ACE_FLAG) && !AccessGranted)) { *GenerateAlarm = TRUE; } } } } } } return; }

BOOLEAN SepFilterPrivilegeAudits (  IN PPRIVILEGE_SET  PrivilegeSet  )

Definition at line 4587 of file seaudit.c. References FALSE, NULL, PAGED_CODE, RtlEqualLuid(), SepFilterPrivileges, and TRUE. Referenced by SeOpenObjectAuditAlarm(), SeOpenObjectForDeleteAuditAlarm(), SepAdtPrivilegeObjectAuditAlarm(), and SePrivilegedServiceAuditAlarm(). : This routine will filter out a list of privileges as listed in the SepFilterPrivileges array. Arguments: Privileges - The privilege set to be audited Return Value: FALSE means that this use of privilege is not to be audited. TRUE means that the audit should continue normally. --*/ { PLUID *Privilege; ULONG Match = 0; ULONG i; PAGED_CODE(); if ( !ARGUMENT_PRESENT(PrivilegeSet) || (PrivilegeSet->PrivilegeCount == 0) ) { return( FALSE ); } for (i=0; i<PrivilegeSet->PrivilegeCount; i++) { Privilege = SepFilterPrivileges; do { if ( RtlEqualLuid( &PrivilegeSet->Privilege[i].Luid, *Privilege )) { Match++; break; } } while ( *++Privilege != NULL ); } if ( Match == PrivilegeSet->PrivilegeCount ) { return( FALSE ); } else { return( TRUE ); } }

VOID SepFreeProxyData (  IN PSECURITY_TOKEN_PROXY_DATA  ProxyData  )

Definition at line 737 of file se/capture.c. References ExFreePool(), NULL, and PAGED_CODE. Referenced by SeCaptureSecurityQos(), SeFreeCapturedSecurityQos(), SepDuplicateToken(), SepFilterToken(), SepProbeAndCaptureQosData(), and SepTokenDeleteMethod(). : This routine frees a SECURITY_TOKEN_PROXY_DATA structure and all sub structures. Arguments: ProxyData - Supplies a pointer to an existing proxy data structure. Return Value: None. --*/ { PAGED_CODE(); if (ProxyData != NULL) { if (ProxyData->PathInfo.Buffer != NULL) { ExFreePool( ProxyData->PathInfo.Buffer ); } ExFreePool( ProxyData ); } }

VOID SepFreeSubjectContext (  IN PSECURITY_SUBJECT_CONTEXT  SubjectContext  )

VOID SepGetDefaultsSubjectContext (  IN PSECURITY_SUBJECT_CONTEXT  SubjectContext, OUT PSID *  Owner, OUT PSID *  Group, OUT PSID *  ServerOwner, OUT PSID *  ServerGroup, OUT PACL *  Dacl )

Definition at line 234 of file subject.c. References EffectiveToken, PAGED_CODE, PrimaryToken, and PTOKEN. Referenced by RtlpNewSecurityObject(), and RtlpSetSecurityObject(). : This routine retrieves pointers to the default owner, primary group, and, if present, discretionary ACL of the provided subject security context. Arguments: SubjectContext - Points to the subject security context whose default values are to be retrieved. Owner - Receives a pointer to the subject's default owner SID. This value will always be returned as a non-zero pointer. That is, a subject's security context must contain a owner SID. Group - Receives a pointer to the subject's default primary group SID. This value will always be returned as a non-zero pointer. That is, a subject's security context must contain a primary group. Dacl - Receives a pointer to the subject's default discretionary ACL, if one is define for the subject. Note that a subject security context does not have to include a default discretionary ACL. In this case, this value will be returned as NULL. Return Value: none. --*/ { PTOKEN EffectiveToken; PTOKEN PrimaryToken; PAGED_CODE(); if (ARGUMENT_PRESENT(SubjectContext->ClientToken)) { EffectiveToken = (PTOKEN)SubjectContext->ClientToken; } else { EffectiveToken = (PTOKEN)SubjectContext->PrimaryToken; } (*Owner) = EffectiveToken->UserAndGroups[EffectiveToken->DefaultOwnerIndex].Sid; (*Group) = EffectiveToken->PrimaryGroup; (*Dacl) = EffectiveToken->DefaultDacl; PrimaryToken = (PTOKEN)SubjectContext->PrimaryToken; *ServerOwner = PrimaryToken->UserAndGroups[PrimaryToken->DefaultOwnerIndex].Sid; *ServerGroup = PrimaryToken->PrimaryGroup; return; }

BOOLEAN SepIdAssignableAsGroup (  IN PACCESS_TOKEN  Token, IN PSID  Group )

Definition at line 306 of file subject.c. References FALSE, Group, Index, NULL, PAGED_CODE, PTOKEN, RtlEqualSid(), SepAcquireTokenReadLock, SepReleaseTokenReadLock, and Token. Referenced by NtSetInformationToken(). : This routine checks to see whether the provided SID is one that may be assigned to be the default primary group in a token. The current criteria is that the passed SID be a group in the token, with no other restrictions. Arguments: Token - Points to the token to be examined. Group - Points to the SID to be checked. Return Value: TRUE - SID passed by be assigned as the default primary group in a token. FALSE - Passed SID may not be so assigned. --*/ { ULONG Index; BOOLEAN Found = FALSE; PTOKEN Token; PAGED_CODE(); Token = (PTOKEN)AToken; // // Let's make it invalid to assign a NULL primary group, // but we may need to revisit this. // if (Group == NULL) { return( FALSE ); } SepAcquireTokenReadLock( Token ); // // Walk through the list of user and group IDs looking // for a match to the specified SID. // Index = 0; while (Index < Token->UserAndGroupCount) { Found = RtlEqualSid( Group, Token->UserAndGroups[Index].Sid ); if ( Found ) { break; } Index += 1; } SepReleaseTokenReadLock( Token ); return Found; }

BOOLEAN SepInitializationPhase0 (  VOID   )

Definition at line 78 of file seinit.c. References ExLuidInitialization(), FALSE, NULL, PAGED_CODE, PsGetCurrentProcess, PsGetCurrentThread, SeMakeSystemToken(), SepInitializeWorkList(), SepRmInitPhase0(), SepTokenInitialization(), and SepVariableInitialization(). Referenced by SeInitSystem(). 00082 : 00083 00084 Perform phase 0 security initialization. 00085 00086 This includes: 00087 00088 - Initialize LUID allocation 00089 - Initialize security global variables 00090 - initialize the token object. 00091 - Initialize the necessary security components of the boot thread/process 00092 00093 00094 Arguments: 00095 00096 None. 00097 00098 Return Value: 00099 00100 TRUE - Initialization was successful. 00101 00102 FALSE - Initialization Failed. 00103 00104 --*/ 00105 00106 { 00107 00108 PAGED_CODE(); 00109 00110 // 00111 // LUID allocation services are needed by security prior to phase 0 00112 // Executive initialization. So, LUID initialization is performed 00113 // here 00114 // 00115 00116 if (ExLuidInitialization() == FALSE) { 00117 KdPrint(("Security: Locally Unique ID initialization failed.\n")); 00118 return FALSE; 00119 } 00120 00121 // 00122 // Initialize security global variables 00123 // 00124 00125 if (!SepVariableInitialization()) { 00126 KdPrint(("Security: Global variable initialization failed.\n")); 00127 return FALSE; 00128 } 00129 00130 // 00131 // Perform Phase 0 Reference Monitor Initialization. 00132 // 00133 00134 if (!SepRmInitPhase0()) { 00135 KdPrint(("Security: Ref Mon state initialization failed.\n")); 00136 return FALSE; 00137 } 00138 00139 // 00140 // Initialize the token object type. 00141 // 00142 00143 if (!SepTokenInitialization()) { 00144 KdPrint(("Security: Token object initialization failed.\n")); 00145 return FALSE; 00146 } 00147 00148 // // 00149 // // Initialize auditing structures 00150 // // 00151 // 00152 // if (!SepAdtInitializePhase0()) { 00153 // KdPrint(("Security: Auditing initialization failed.\n")); 00154 // return FALSE; 00155 // } 00156 // 00157 // 00158 // Initialize SpinLock and list for the LSA worker thread 00159 // 00160 00161 // 00162 // Initialize the work queue spinlock, list head, and semaphore 00163 // for each of the work queues. 00164 // 00165 00166 if (!SepInitializeWorkList()) { 00167 KdPrint(("Security: Unable to initialize work queue\n")); 00168 return FALSE; 00169 } 00170 00171 // 00172 // Initialize the security fields of the boot thread. 00173 // 00174 00175 PsGetCurrentProcess()->Token = SeMakeSystemToken(); 00176 PsGetCurrentThread()->ImpersonationInfo = NULL; 00177 PsGetCurrentThread()->ActiveImpersonationInfo = FALSE; 00178 00179 return ( PsGetCurrentProcess()->Token != NULL ); 00180 }

BOOLEAN SepInitializationPhase1 (  VOID   )

Definition at line 184 of file seinit.c. References ASSERT, ASSERTMSG, Dacl, ExAllocatePool, ExFreePool(), FALSE, Name, NonPagedPool, NT_SUCCESS, NtClose(), NtCreateDirectoryObject(), NtCreateEvent(), NTSTATUS(), NULL, ObjectAttributes, PAGED_CODE, RtlAddAccessAllowedAce(), RtlAnsiStringToUnicodeString(), RtlCreateAcl(), RtlCreateSecurityDescriptor(), RtlFreeUnicodeString(), RtlInitString(), RtlSetDaclSecurityDescriptor(), SeAliasAdminsSid, SeAnonymousLogonToken, SeLocalSystemSid, SeMakeAnonymousLogonToken(), SepAdtInitializePhase1(), SepDevelopmentTest(), SePublicDefaultSd, SeWorldSid, Status, and TRUE. Referenced by SeInitSystem(). 00188 : 00189 00190 Perform phase 1 security initialization. 00191 00192 This includes: 00193 00194 - Create an object directory for security related objects. 00195 (\Security). 00196 00197 - Create an event to be signalled after the LSA has initialized. 00198 (\Security\LSA_Initialized) 00199 00200 00201 00202 00203 Arguments: 00204 00205 None. 00206 00207 Return Value: 00208 00209 TRUE - Initialization was successful. 00210 00211 FALSE - Initialization Failed. 00212 00213 --*/ 00214 00215 { 00216 00217 NTSTATUS Status; 00218 STRING Name; 00219 UNICODE_STRING UnicodeName; 00220 OBJECT_ATTRIBUTES ObjectAttributes; 00221 HANDLE SecurityRoot, TemporaryHandle; 00222 PSECURITY_DESCRIPTOR SD ; 00223 UCHAR SDBuffer[ SECURITY_DESCRIPTOR_MIN_LENGTH ]; 00224 PACL Dacl ; 00225 00226 PAGED_CODE(); 00227 00228 SeAnonymousLogonToken = SeMakeAnonymousLogonToken(); 00229 ASSERT(SeAnonymousLogonToken != NULL); 00230 00231 // 00232 // Create the security object directory. 00233 // 00234 00235 RtlInitString( &Name, "\\Security" ); 00236 Status = RtlAnsiStringToUnicodeString( 00237 &UnicodeName, 00238 &Name, 00239 TRUE ); ASSERT( NT_SUCCESS(Status) ); 00240 00241 // 00242 // Build up the security descriptor 00243 // 00244 00245 SD = (PSECURITY_DESCRIPTOR) SDBuffer ; 00246 00247 RtlCreateSecurityDescriptor( SD, 00248 SECURITY_DESCRIPTOR_REVISION ); 00249 00250 Dacl = ExAllocatePool( 00251 NonPagedPool, 00252 256 ); 00253 00254 if ( !Dacl ) 00255 { 00256 return FALSE ; 00257 } 00258 00259 RtlCreateAcl( Dacl, 256, ACL_REVISION ); 00260 00261 RtlAddAccessAllowedAce( Dacl, 00262 ACL_REVISION, 00263 DIRECTORY_ALL_ACCESS, 00264 SeLocalSystemSid ); 00265 00266 RtlAddAccessAllowedAce( Dacl, 00267 ACL_REVISION, 00268 DIRECTORY_QUERY | DIRECTORY_TRAVERSE | 00269 READ_CONTROL, 00270 SeAliasAdminsSid ); 00271 00272 RtlAddAccessAllowedAce( Dacl, 00273 ACL_REVISION, 00274 DIRECTORY_TRAVERSE, 00275 SeWorldSid ); 00276 00277 RtlSetDaclSecurityDescriptor( 00278 SD, 00279 TRUE, 00280 Dacl, 00281 FALSE ); 00282 00283 InitializeObjectAttributes( 00284 &ObjectAttributes, 00285 &UnicodeName, 00286 (OBJ_PERMANENT | OBJ_CASE_INSENSITIVE), 00287 NULL, 00288 SD 00289 ); 00290 00291 Status = NtCreateDirectoryObject( 00292 &SecurityRoot, 00293 DIRECTORY_ALL_ACCESS, 00294 &ObjectAttributes 00295 ); 00296 RtlFreeUnicodeString( &UnicodeName ); 00297 ASSERTMSG("Security root object directory creation failed.",NT_SUCCESS(Status)); 00298 00299 ExFreePool( Dacl ); 00300 00301 // 00302 // Create an event in the security directory 00303 // 00304 00305 RtlInitString( &Name, "LSA_AUTHENTICATION_INITIALIZED" ); 00306 Status = RtlAnsiStringToUnicodeString( 00307 &UnicodeName, 00308 &Name, 00309 TRUE ); ASSERT( NT_SUCCESS(Status) ); 00310 InitializeObjectAttributes( 00311 &ObjectAttributes, 00312 &UnicodeName, 00313 (OBJ_PERMANENT | OBJ_CASE_INSENSITIVE), 00314 SecurityRoot, 00315 SePublicDefaultSd 00316 ); 00317 00318 Status = NtCreateEvent( 00319 &TemporaryHandle, 00320 GENERIC_WRITE, 00321 &ObjectAttributes, 00322 NotificationEvent, 00323 FALSE 00324 ); 00325 RtlFreeUnicodeString( &UnicodeName ); 00326 ASSERTMSG("LSA Initialization Event Creation Failed.",NT_SUCCESS(Status)); 00327 00328 Status = NtClose( SecurityRoot ); 00329 ASSERTMSG("Security object directory handle closure Failed.",NT_SUCCESS(Status)); 00330 Status = NtClose( TemporaryHandle ); 00331 ASSERTMSG("LSA Initialization Event handle closure Failed.",NT_SUCCESS(Status)); 00332 00333 // 00334 // Initialize auditing structures 00335 // 00336 00337 if (!SepAdtInitializePhase1()) { 00338 KdPrint(("Security: Auditing initialization failed.\n")); 00339 return FALSE; 00340 } 00341 00342 00343 #ifndef SETEST 00344 00345 return TRUE; 00346 00347 #else 00348 00349 return SepDevelopmentTest(); 00350 00351 #endif //SETEST 00352 00353 } }

BOOLEAN SepInitializeWorkList (  VOID   )

Definition at line 1152 of file seglobal.c. References ExInitializeResource, PAGED_CODE, SepLsaQueue, SepLsaQueueLock, and TRUE. Referenced by SepInitializationPhase0(). 01158 : 01159 01160 Initializes the mutex and list head used to queue work from the 01161 Executive to LSA. This mechanism operates on top of the normal ExWorkerThread 01162 mechanism by capturing the first thread to perform LSA work and keeping it 01163 until all the current work is done. 01164 01165 The reduces the number of worker threads that are blocked on I/O to LSA. 01166 01167 Arguments: 01168 01169 None. 01170 01171 01172 Return Value: 01173 01174 TRUE if successful, FALSE otherwise. 01175 01176 --*/ 01177 01178 { 01179 PAGED_CODE(); 01180 01181 ExInitializeResource(&SepLsaQueueLock); 01182 InitializeListHead(&SepLsaQueue); 01183 return( TRUE ); 01184 } }

VOID SepLockSubjectContext (  IN PSECURITY_SUBJECT_CONTEXT  SubjectContext  )

VOID SepPrintAcl (  IN PACL  Acl  )

Definition at line 762 of file seassign.c. References DbgPrint, FALSE, FirstAce, NextAce, NULL, PAGED_CODE, SepPrintSid(), and TRUE. Referenced by SepDumpSecurityDescriptor(). : This routine dumps via (DbgPrint) an Acl for debug purposes. It is specialized to dump standard aces. Arguments: Acl - Supplies the Acl to dump Return Value: None --*/ { #if DBG ULONG i; PKNOWN_ACE Ace; BOOLEAN KnownType; PAGED_CODE(); DbgPrint("@ %8lx\n", Acl); // // Check if the Acl is null // if (Acl == NULL) { return; } // // Dump the Acl header // DbgPrint(" Revision: %02x", Acl->AclRevision); DbgPrint(" Size: %04x", Acl->AclSize); DbgPrint(" AceCount: %04x\n", Acl->AceCount); // // Now for each Ace we want do dump it // for (i = 0, Ace = FirstAce(Acl); i < Acl->AceCount; i++, Ace = NextAce(Ace) ) { // // print out the ace header // DbgPrint("\n AceHeader: %08lx ", *(PULONG)Ace); // // special case on the standard ace types // if ((Ace->Header.AceType == ACCESS_ALLOWED_ACE_TYPE) || (Ace->Header.AceType == ACCESS_DENIED_ACE_TYPE) || (Ace->Header.AceType == SYSTEM_AUDIT_ACE_TYPE) || (Ace->Header.AceType == SYSTEM_ALARM_ACE_TYPE) || (Ace->Header.AceType == ACCESS_ALLOWED_COMPOUND_ACE_TYPE)) { // // The following array is indexed by ace types and must // follow the allowed, denied, audit, alarm seqeuence // PCHAR AceTypes[] = { "Access Allowed", "Access Denied ", "System Audit ", "System Alarm ", "Compound Grant", }; DbgPrint(AceTypes[Ace->Header.AceType]); DbgPrint("\n Access Mask: %08lx ", Ace->Mask); KnownType = TRUE; } else { DbgPrint(" Unknown Ace Type\n"); KnownType = FALSE; } DbgPrint("\n"); DbgPrint(" AceSize = %d\n",Ace->Header.AceSize); DbgPrint(" Ace Flags = "); if (Ace->Header.AceFlags & OBJECT_INHERIT_ACE) { DbgPrint("OBJECT_INHERIT_ACE\n"); DbgPrint(" "); } if (Ace->Header.AceFlags & CONTAINER_INHERIT_ACE) { DbgPrint("CONTAINER_INHERIT_ACE\n"); DbgPrint(" "); } if (Ace->Header.AceFlags & NO_PROPAGATE_INHERIT_ACE) { DbgPrint("NO_PROPAGATE_INHERIT_ACE\n"); DbgPrint(" "); } if (Ace->Header.AceFlags & INHERIT_ONLY_ACE) { DbgPrint("INHERIT_ONLY_ACE\n"); DbgPrint(" "); } if (Ace->Header.AceFlags & SUCCESSFUL_ACCESS_ACE_FLAG) { DbgPrint("SUCCESSFUL_ACCESS_ACE_FLAG\n"); DbgPrint(" "); } if (Ace->Header.AceFlags & FAILED_ACCESS_ACE_FLAG) { DbgPrint("FAILED_ACCESS_ACE_FLAG\n"); DbgPrint(" "); } DbgPrint("\n"); if (KnownType != TRUE) { continue; } if (Ace->Header.AceType != ACCESS_ALLOWED_COMPOUND_ACE_TYPE) { DbgPrint(" Sid = "); SepPrintSid(&Ace->SidStart); } else { DbgPrint(" Server Sid = "); SepPrintSid(RtlCompoundAceServerSid(Ace)); DbgPrint("\n Client Sid = "); SepPrintSid(RtlCompoundAceClientSid( Ace )); } } #endif }

VOID SepPrintSid (  IN PSID  Sid  )

Definition at line 916 of file seassign.c. References Buffer, DbgPrint, NULL, PAGED_CODE, SepSidTranslation(), and USHORT. Referenced by SepDumpSecurityDescriptor(), SepDumpTokenInfo(), and SepPrintAcl(). : Prints a formatted Sid Arguments: Sid - Provides a pointer to the sid to be printed. Return Value: None. --*/ { #if DBG UCHAR i; ULONG Tmp; PISID ISid; STRING AccountName; UCHAR Buffer[128]; PAGED_CODE(); if (Sid == NULL) { DbgPrint("Sid is NULL\n"); return; } Buffer[0] = 0; AccountName.MaximumLength = 127; AccountName.Length = 0; AccountName.Buffer = (PVOID)&Buffer[0]; if (SepSidTranslation( Sid, &AccountName )) { DbgPrint("%s ", AccountName.Buffer ); } ISid = (PISID)Sid; DbgPrint("S-%lu-", (USHORT)ISid->Revision ); if ( (ISid->IdentifierAuthority.Value[0] != 0) || (ISid->IdentifierAuthority.Value[1] != 0) ){ DbgPrint("0x%02hx%02hx%02hx%02hx%02hx%02hx", (USHORT)ISid->IdentifierAuthority.Value[0], (USHORT)ISid->IdentifierAuthority.Value[1], (USHORT)ISid->IdentifierAuthority.Value[2], (USHORT)ISid->IdentifierAuthority.Value[3], (USHORT)ISid->IdentifierAuthority.Value[4], (USHORT)ISid->IdentifierAuthority.Value[5] ); } else { Tmp = (ULONG)ISid->IdentifierAuthority.Value[5] + (ULONG)(ISid->IdentifierAuthority.Value[4] << 8) + (ULONG)(ISid->IdentifierAuthority.Value[3] << 16) + (ULONG)(ISid->IdentifierAuthority.Value[2] << 24); DbgPrint("%lu", Tmp); } for (i=0;i<ISid->SubAuthorityCount ;i++ ) { DbgPrint("-%lu", ISid->SubAuthority[i]); } DbgPrint("\n"); #endif }

NTSTATUS SepProbeAndCaptureQosData (  IN PSECURITY_ADVANCED_QUALITY_OF_SERVICE  CapturedSecurityQos  )

Definition at line 773 of file se/capture.c. References ExAllocatePool, ExFreePool(), NT_SUCCESS, NTSTATUS(), NULL, PAGED_CODE, PagedPool, ProbeForRead, SepCopyProxyData(), SepFreeProxyData(), and Status. Referenced by SeCaptureSecurityQos(). : This routine probes and captures the imbedded structures in a Security Quality of Service structure. This routine assumes that it is being called under an existing try-except clause. Arguments: CapturedSecurityQos - Points to the captured body of a QOS structure. The pointers in this structure are presumed not to be probed or captured at this point. Return Value: STATUS_SUCCESS indicates no exceptions were encountered. Any access violations encountered will be returned. --*/ { NTSTATUS Status; PSECURITY_TOKEN_PROXY_DATA CapturedProxyData; PSECURITY_TOKEN_AUDIT_DATA CapturedAuditData; SECURITY_TOKEN_PROXY_DATA StackProxyData; PAGED_CODE(); CapturedProxyData = CapturedSecurityQos->ProxyData; CapturedSecurityQos->ProxyData = NULL; CapturedAuditData = CapturedSecurityQos->AuditData; CapturedSecurityQos->AuditData = NULL; if (ARGUMENT_PRESENT( CapturedProxyData )) { // // Make sure the body of the proxy data is ok to read. // ProbeForRead( CapturedProxyData, sizeof(SECURITY_TOKEN_PROXY_DATA), sizeof(ULONG) ); StackProxyData = *CapturedProxyData; if (StackProxyData.Length != sizeof( SECURITY_TOKEN_PROXY_DATA )) { return( STATUS_INVALID_PARAMETER ); } // // Probe the passed pathinfo buffer // ProbeForRead( StackProxyData.PathInfo.Buffer, StackProxyData.PathInfo.Length, sizeof( UCHAR ) ); Status = SepCopyProxyData( &CapturedSecurityQos->ProxyData, &StackProxyData ); if (!NT_SUCCESS(Status)) { if (CapturedSecurityQos->ProxyData != NULL) { SepFreeProxyData( CapturedSecurityQos->ProxyData ); CapturedSecurityQos->ProxyData = NULL; } return( Status ); } } if (ARGUMENT_PRESENT( CapturedAuditData )) { PSECURITY_TOKEN_AUDIT_DATA LocalAuditData; // // Probe the audit data structure and make sure it looks ok // ProbeForRead( CapturedAuditData, sizeof( SECURITY_TOKEN_AUDIT_DATA ), sizeof( ULONG ) ); LocalAuditData = ExAllocatePool( PagedPool, sizeof( SECURITY_TOKEN_AUDIT_DATA )); if (LocalAuditData == NULL) { // // Cleanup any proxy data we may have allocated. // SepFreeProxyData( CapturedSecurityQos->ProxyData ); CapturedSecurityQos->ProxyData = NULL; return( STATUS_INSUFFICIENT_RESOURCES ); } // // Copy the data to the local buffer. Note: we do this in this // order so that if the final assignment fails the caller will // still be able to free the allocated pool. // CapturedSecurityQos->AuditData = LocalAuditData; *CapturedSecurityQos->AuditData = *CapturedAuditData; if ( LocalAuditData->Length != sizeof( SECURITY_TOKEN_AUDIT_DATA ) ) { SepFreeProxyData( CapturedSecurityQos->ProxyData ); CapturedSecurityQos->ProxyData = NULL; ExFreePool(CapturedSecurityQos->AuditData); CapturedSecurityQos->AuditData = NULL; return( STATUS_INVALID_PARAMETER ); } } return( STATUS_SUCCESS ); }

POBJECT_NAME_INFORMATION SepQueryNameString (  IN PVOID  Object  )

*++ Definition at line 2324 of file sepaudit.c. References ExAllocatePoolWithTag, ExFreePool(), NT_SUCCESS, NTSTATUS(), NULL, ObQueryNameString(), PAGED_CODE, PagedPool, and Status. Referenced by SeCreateObjectAuditAlarm(), SeOpenObjectAuditAlarm(), SeOpenObjectForDeleteAuditAlarm(), and SepAdtObjectReferenceAuditAlarm(). : Takes a pointer to an object and returns the name of the object. Arguments: Object - a pointer to an object. Return Value: A pointer to a buffer containing a POBJECT_NAME_INFORMATION structure containing the name of the object. The string is allocated out of paged pool and should be freed by the caller. NULL may also be returned. --*/ { NTSTATUS Status; ULONG ReturnLength = 0; POBJECT_NAME_INFORMATION ObjectNameInfo = NULL; PUNICODE_STRING ObjectName = NULL; PAGED_CODE(); Status = ObQueryNameString( Object, ObjectNameInfo, 0, &ReturnLength ); if ( Status == STATUS_INFO_LENGTH_MISMATCH ) { ObjectNameInfo = ExAllocatePoolWithTag( PagedPool, ReturnLength, 'nOeS' ); if ( ObjectNameInfo != NULL ) { Status = ObQueryNameString( Object, ObjectNameInfo, ReturnLength, &ReturnLength ); if ( NT_SUCCESS( Status )) { if (ObjectNameInfo->Name.Length != 0) { return( ObjectNameInfo ); } else { ExFreePool( ObjectNameInfo ); return( NULL ); } } } } return( NULL ); }

PUNICODE_STRING SepQueryTypeString (  IN PVOID  Object  )

Definition at line 2400 of file sepaudit.c. References ExAllocatePoolWithTag, NT_SUCCESS, NTSTATUS(), NULL, ObQueryTypeName(), PAGED_CODE, PagedPool, and Status. Referenced by SeOpenObjectAuditAlarm(), SeOpenObjectForDeleteAuditAlarm(), and SepAdtObjectReferenceAuditAlarm(). : Takes a pointer to an object and returns the type of the object. Arguments: Object - a pointer to an object. Return Value: A pointer to a UNICODE_STRING that contains the name of the object type. The string is allocated out of paged pool and should be freed by the caller. NULL may also be returned. --*/ { NTSTATUS Status; PUNICODE_STRING TypeName = NULL; ULONG ReturnLength; PAGED_CODE(); Status = ObQueryTypeName( Object, TypeName, 0, &ReturnLength ); if ( Status == STATUS_INFO_LENGTH_MISMATCH ) { TypeName = ExAllocatePoolWithTag( PagedPool, ReturnLength, 'nTeS' ); if ( TypeName != NULL ) { Status = ObQueryTypeName( Object, TypeName, ReturnLength, &ReturnLength ); if ( NT_SUCCESS( Status )) { return( TypeName ); } } } return( NULL ); }

BOOLEAN SepQueueWorkItem (  IN PSEP_LSA_WORK_ITEM  LsaWorkItem, IN BOOLEAN  ForceQueue )

Definition at line 600 of file adtlog.c. References DbgPrint, DelayedWorkQueue, ExInitializeWorkItem, ExQueueWorkItem(), FALSE, PAGED_CODE, PWORKER_THREAD_ROUTINE, SepAdtCountEventsDiscarded, SepAdtCurrentListLength, SepAdtDiscardingAudits, SepAdtGenerateDiscardAudit(), SepAdtMaxListLength, SepAdtMinListLength, SepExWorkItem, SepLockLsaQueue, SepLsaQueue, SepRmCallLsa(), SepUnlockLsaQueue, TRUE, and _SEP_WORK_ITEM::WorkItem. Referenced by SepAdtLogAuditRecord(), and SepInformLsaOfDeletedLogon(). : Puts the passed work item on the queue to be passed to LSA, and returns the state of the queue upon arrival. Arguments: LsaWorkItem - Pointer to the work item to be queued. ForceQueue - Indicate that this item is not to be discarded due because of a full queue. Return Value: TRUE - The item was successfully queued. FALSE - The item was not queued and must be discarded. --*/ { BOOLEAN rc = TRUE; BOOLEAN StartExThread = FALSE ; PAGED_CODE(); #if 0 DbgPrint("Queueing an audit\n"); #endif SepLockLsaQueue(); if (SepAdtDiscardingAudits && !ForceQueue) { if (SepAdtCurrentListLength < SepAdtMinListLength) { // // We need to generate an audit saying how many audits we've // discarded. // // Since we have the mutex protecting the Audit queue, we don't // have to worry about anyone coming along and logging an // audit. But *we* can, since a mutex may be acquired recursively. // // Since we are so protected, turn off the SepAdtDiscardingAudits // flag here so that we don't come through this path again. // SepAdtDiscardingAudits = FALSE; SepAdtGenerateDiscardAudit(); #if 0 DbgPrint("Auditing resumed\n"); #endif // // We must assume that that worked, so clear the discard count. // SepAdtCountEventsDiscarded = 0; // // Our 'audits discarded' audit is now on the queue, // continue logging the one we started with. // } else { // // We are not yet below our low water mark. Toss // this audit and increment the discard count. // SepAdtCountEventsDiscarded++; rc = FALSE; goto Exit; } } if (SepAdtCurrentListLength < SepAdtMaxListLength || ForceQueue) { InsertTailList(&SepLsaQueue, &LsaWorkItem->List); if (++SepAdtCurrentListLength == 1) { #if 0 DbgPrint("Queueing a work item\n"); #endif StartExThread = TRUE ; } } else { // // There is no room for this audit on the queue, // so change our state to 'discarding' and tell // the caller to toss this audit. // SepAdtDiscardingAudits = TRUE; #if 0 DbgPrint("Starting to discard audits\n"); #endif rc = FALSE; } Exit: SepUnlockLsaQueue(); if ( StartExThread ) { ExInitializeWorkItem( &SepExWorkItem.WorkItem, (PWORKER_THREAD_ROUTINE) SepRmCallLsa, &SepExWorkItem ); ExQueueWorkItem( &SepExWorkItem.WorkItem, DelayedWorkQueue ); } return( rc ); }

NTSTATUS SepReferenceLogonSession (  IN PLUID  LogonId  )

Definition at line 278 of file rmlogon.c. References DbgPrint, _SEP_LOGON_SESSION_REFERENCES::LogonId, _SEP_LOGON_SESSION_REFERENCES::Next, NULL, PAGED_CODE, PSEP_LOGON_SESSION_REFERENCES, PsGetCurrentThread, _SEP_LOGON_SESSION_REFERENCES::ReferenceCount, RtlEqualLuid(), SepLogonSessionIndex, SepLogonSessions, SepRmAcquireDbWriteLock, and SepRmReleaseDbWriteLock. Referenced by SepCreateToken(), SepDuplicateToken(), and SepFilterToken(). : This routine increments the reference count of a logon session tracking record. Arguments: LogonId - Pointer to the logon session ID whose logon track is to be incremented. Return Value: STATUS_SUCCESS - The reference count was successfully incremented. STATUS_NO_SUCH_LOGON_SESSION - The specified logon session doesn't exist in the reference monitor's database. --*/ { ULONG SessionArrayIndex; PSEP_LOGON_SESSION_REFERENCES Previous, Current; #ifdef SEP_TRACK_LOGON_SESSION_REFS ULONG Refs; #endif //SEP_TRACK_LOGON_SESSION_REFS PAGED_CODE(); SessionArrayIndex = SepLogonSessionIndex( LogonId ); // // Protect modification of reference monitor database // SepRmAcquireDbWriteLock(); // // Now walk the list for our logon session array hash index. // Previous = (PSEP_LOGON_SESSION_REFERENCES) ((PVOID)&SepLogonSessions[ SessionArrayIndex ]); Current = Previous->Next; while (Current != NULL) { // // If we found it, increment the reference count and return // if (RtlEqualLuid( LogonId, &Current->LogonId) ) { #ifdef SEP_TRACK_LOGON_SESSION_REFS ULONG Refs; #endif //SEP_TRACK_LOGON_SESSION_REFS Current->ReferenceCount += 1; #ifdef SEP_TRACK_LOGON_SESSION_REFS Refs = Current->ReferenceCount; #endif //SEP_TRACK_LOGON_SESSION_REFS SepRmReleaseDbWriteLock(); #ifdef SEP_TRACK_LOGON_SESSION_REFS DbgPrint("SE (rm): ++ logon session: (%d, %d) to %d by (%d, %d)\n", LogonId->HighPart, LogonId->LowPart, Refs, PsGetCurrentThread()->Cid.UniqueProcess, PsGetCurrentThread()->Cid.UniqueThread); #endif //SEP_TRACK_LOGON_SESSION_REFS return STATUS_SUCCESS; } Previous = Current; Current = Current->Next; } SepRmReleaseDbWriteLock(); // // Bad news, someone asked us to increment the reference count of // a logon session we didn't know existed. This might be a new // token being created, so return an error status and let the caller // decide if it warrants a bug check or not. // return STATUS_NO_SUCH_LOGON_SESSION; }

NTSTATUS SepRmCallLsa (  PSEP_WORK_ITEM  SepWorkItem  )

Definition at line 907 of file rmmain.c. References ASSERT, _SEP_LSA_WORK_ITEM::CleanupFunction, _SEP_LSA_WORK_ITEM::CleanupParameter, _SEP_LSA_WORK_ITEM::CommandNumber, _SEP_LSA_WORK_ITEM::CommandParams, _SEP_LSA_WORK_ITEM::CommandParamsLength, _SEP_LSA_WORK_ITEM::CommandParamsMemoryType, DbgPrint, ExFreePool(), KeAttachProcess(), KeDetachProcess(), _SEP_RM_STATE::LsaCommandPortHandle, _SEP_RM_STATE::LsaViewPortMemory, NT_SUCCESS, NTSTATUS(), NULL, PAGED_CODE, _EPROCESS::Pcb, PSEP_WORK_ITEM, _SEP_LSA_WORK_ITEM::ReplyBuffer, _SEP_LSA_WORK_ITEM::ReplyBufferLength, ReplyMessage(), _SEP_RM_STATE::RmViewPortMemory, SEP_RM_LSA_SHARED_MEMORY_SIZE, SepAdtCopyToLsaSharedMemory(), SepDequeueWorkItem(), SepLsaHandle, SepLsaQueueLength, SepRmLsaCallProcess, SepRmState, SepWorkListHead, and Status. Referenced by SepQueueWorkItem(). : This function sends a command to the LSA via the LSA Reference Monitor Server Command LPC Port. If the command has parameters, they will be copied directly into a message structure and sent via LPC, therefore, the supplied parameters may not contain any absolute pointers. A caller must remove pointers by "marshalling" them into the buffer CommandParams. This function will create a queue of requests. This is in order to allow greater throughput for the majority if its callers. If a thread enters this routine and finds the queue empty, it is the responsibility of that thread to service all requests that come in while it is working until the queue is empty again. Other threads that enter will simply hook their work item onto the queue and exit. To implement a new LSA command, do the following: ================================================ (1) If the command takes no parameters, just call this routine directly and provide an LSA worker routine called Lsap<command>Wrkr. See file lsa\server\lsarm.c for examples (2) If the command takes parameters, provide a routine called SepRmSend<command>Command that takes the parameters in unmarshalled form and calls SepRmCallLsa() with the command id, marshalled parameters, length of marshalled parameters and pointer to optional reply message. The marshalled parameters are free format: the only restriction is that there must be no absolute address pointers. These parameters are all placed in the passed LsaWorkItem structure. (3) In file private\inc\ntrmlsa.h, append a command name to the enumerated type LSA_COMMAND_NUMBER defined in file private\inc\ntrmlsa.h. Change the #define for LsapMaximumCommand to reference the new command. (4) Add the Lsap<command>Wrkr to the command dispatch table structure LsapCommandDispatch[] in file lsarm.c. (5) Add function prototypes to lsap.h and sep.h. Arguments: LsaWorkItem - Supplies a pointer to an SE_LSA_WORK_ITEM containing the information to be passed to LSA. This structure will be freed asynchronously by some invocation of this routine, not necessarily in the current context. !THIS PARAMETER MUST BE ALLOCATED OUT OF NONPAGED POOL! Return Value: NTSTATUS - Result Code. This is either a result code returned from trying to send the command/receive the reply, or a status code from the command itself. --*/ { NTSTATUS Status = STATUS_SUCCESS; LSA_COMMAND_MESSAGE CommandMessage; LSA_REPLY_MESSAGE ReplyMessage; PSEP_LSA_WORK_ITEM WorkQueueItem; ULONG LocalListLength = 0; SIZE_T RegionSize; PVOID CopiedCommandParams = NULL; PVOID LsaViewCopiedCommandParams = NULL; PAGED_CODE(); #if 0 DbgPrint("Entering SepRmCallLsa\n"); #endif WorkQueueItem = SepWorkListHead(); KeAttachProcess( &SepRmLsaCallProcess->Pcb ); while ( WorkQueueItem ) { #if 0 DbgPrint("Got a work item from head of queue, processing\n"); #endif // // Construct a message for LPC. First, fill in the message header // fields for LPC, specifying the message type and data sizes for // the outgoing CommandMessage and the incoming ReplyMessage. // CommandMessage.MessageHeader.u2.ZeroInit = 0; CommandMessage.MessageHeader.u1.s1.TotalLength = ((CSHORT) RM_COMMAND_MESSAGE_HEADER_SIZE + (CSHORT) WorkQueueItem->CommandParamsLength); CommandMessage.MessageHeader.u1.s1.DataLength = CommandMessage.MessageHeader.u1.s1.TotalLength - (CSHORT) sizeof(PORT_MESSAGE); ReplyMessage.MessageHeader.u2.ZeroInit = 0; ReplyMessage.MessageHeader.u1.s1.DataLength = (CSHORT) WorkQueueItem->ReplyBufferLength; ReplyMessage.MessageHeader.u1.s1.TotalLength = ReplyMessage.MessageHeader.u1.s1.DataLength + (CSHORT) sizeof(PORT_MESSAGE); // // Next, fill in the header info needed by the LSA. // CommandMessage.CommandNumber = WorkQueueItem->CommandNumber; ReplyMessage.ReturnedStatus = STATUS_SUCCESS; // // Set up the Command Parameters either in the LPC Command Message // itself, in the preallocated Lsa shared memory block, or in a // specially allocated block. The parameters are either // immediate (i.e. in the WorkQueueItem itself, or are in a buffer // pointed to by the address in the WorkQueueItem. // switch (WorkQueueItem->CommandParamsMemoryType) { case SepRmImmediateMemory: // // The Command Parameters are in the CommandParams buffer // in the Work Queue Item. Just copy them to the corresponding // buffer in the CommandMessage buffer. // CommandMessage.CommandParamsMemoryType = SepRmImmediateMemory; RtlCopyMemory( CommandMessage.CommandParams, &WorkQueueItem->CommandParams, WorkQueueItem->CommandParamsLength ); break; case SepRmPagedPoolMemory: case SepRmUnspecifiedMemory: // // The Command Parameters are contained in paged pool memory. // Since this memory is is not accessible by the LSA, we must // copy of them either to the LPC Command Message Block, or // into LSA shared memory. // if (WorkQueueItem->CommandParamsLength <= LSA_MAXIMUM_COMMAND_PARAM_SIZE) { // // Parameters will fit into the LPC Command Message block. // CopiedCommandParams = CommandMessage.CommandParams; RtlCopyMemory( CopiedCommandParams, WorkQueueItem->CommandParams.BaseAddress, WorkQueueItem->CommandParamsLength ); CommandMessage.CommandParamsMemoryType = SepRmImmediateMemory; } else { // // Parameters too large for LPC Command Message block. // If possible, copy them to the preallocated Lsa Shared // Memory block. If they are too large to fit, copy them // to an individually allocated chunk of Shared Virtual // Memory. // if (WorkQueueItem->CommandParamsLength <= SEP_RM_LSA_SHARED_MEMORY_SIZE) { RtlCopyMemory( SepRmState.RmViewPortMemory, WorkQueueItem->CommandParams.BaseAddress, WorkQueueItem->CommandParamsLength ); LsaViewCopiedCommandParams = SepRmState.LsaViewPortMemory; CommandMessage.CommandParamsMemoryType = SepRmLsaCommandPortSharedMemory; } else { Status = SepAdtCopyToLsaSharedMemory( SepLsaHandle, WorkQueueItem->CommandParams.BaseAddress, WorkQueueItem->CommandParamsLength, &LsaViewCopiedCommandParams ); if (!NT_SUCCESS(Status)) { // // An error occurred, most likely in allocating // shared virtual memory. For now, just ignore // the error and discard the Audit Record. Later, // we may consider generating a warning record // indicating some records lost. // break; } CommandMessage.CommandParamsMemoryType = SepRmLsaCustomSharedMemory; } // // Buffer has been successfully copied to a shared Lsa // memory buffer. Place the address of the buffer valid in // the LSA's process context in the Command Message. // *((PVOID *) CommandMessage.CommandParams) = LsaViewCopiedCommandParams; CommandMessage.MessageHeader.u1.s1.TotalLength = ((CSHORT) RM_COMMAND_MESSAGE_HEADER_SIZE + (CSHORT) sizeof( LsaViewCopiedCommandParams )); CommandMessage.MessageHeader.u1.s1.DataLength = CommandMessage.MessageHeader.u1.s1.TotalLength - (CSHORT) sizeof(PORT_MESSAGE); } // // Free input command params buffer if Paged Pool. // if (WorkQueueItem->CommandParamsMemoryType == SepRmPagedPoolMemory) { ExFreePool( WorkQueueItem->CommandParams.BaseAddress ); } break; default: Status = STATUS_INVALID_PARAMETER; break; } if (NT_SUCCESS(Status)) { // // Send Message to the LSA via the LSA Server Command LPC Port. // This must be done in the process in which the handle was created. // Status = ZwRequestWaitReplyPort( SepRmState.LsaCommandPortHandle, (PPORT_MESSAGE) &CommandMessage, (PPORT_MESSAGE) &ReplyMessage ); // // If the command was successful, copy the data back to the output // buffer. // if (NT_SUCCESS(Status)) { // // Move output from command (if any) to buffer. Note that this // is done even if the command returns status, because some status // values are not errors. // if (ARGUMENT_PRESENT(WorkQueueItem->ReplyBuffer)) { RtlCopyMemory( WorkQueueItem->ReplyBuffer, ReplyMessage.ReplyBuffer, WorkQueueItem->ReplyBufferLength ); } // // Return status from command. // Status = ReplyMessage.ReturnedStatus; if (!NT_SUCCESS(Status)) { KdPrint(("Security: Command sent from RM to LSA returned 0x%lx\n", Status)); } } else { KdPrint(("Security: Sending Command RM to LSA failed 0x%lx\n", Status)); } // // On return from the LPC call to the LSA, we expect the called // LSA worker routine to have copied the Command Parameters // buffer (if any). If a custom shared memory boffer was allocated, // free it now. // if (CommandMessage.CommandParamsMemoryType == SepRmLsaCustomSharedMemory) { RegionSize = 0; Status = ZwFreeVirtualMemory( SepLsaHandle, (PVOID *) &CommandMessage.CommandParams, &RegionSize, MEM_RELEASE ); ASSERT(NT_SUCCESS(Status)); } } // // Clean up. We must call the cleanup functions on its parameter // and then free the used WorkQueueItem itself. // if ( ARGUMENT_PRESENT( WorkQueueItem->CleanupFunction)) { (WorkQueueItem->CleanupFunction)(WorkQueueItem->CleanupParameter); } // // Determine if there is more work to do on this list // WorkQueueItem = SepDequeueWorkItem(); #if 0 if ( WorkQueueItem ) { DbgPrint("Got another item from list, going back\n"); } else { DbgPrint("List is empty, leaving\n"); } #endif } KeDetachProcess(); if ( LocalListLength > SepLsaQueueLength ) { SepLsaQueueLength = LocalListLength; } return Status; }

BOOLEAN SepRmInitPhase0 (   )

Definition at line 1275 of file rmmain.c. References PAGED_CODE, and SepRmDbInitialization(). Referenced by SepInitializationPhase0(). 01280 : 01281 01282 This function performs Reference Monitor Phase 0 initialization. 01283 This includes initializing the reference monitor database to a state 01284 which allows access validation routines to operate (always granting 01285 access) prior to the main init of the Reference Monitor in Phase 1 01286 initialization, without having to check if the RM is initialized. 01287 01288 01289 Arguments: 01290 01291 None. 01292 01293 Return Value: 01294 01295 BOOLEAN - TRUE if successful, else FALSE 01296 01297 --*/ 01298 01299 { 01300 01301 BOOLEAN CompletionStatus; 01302 01303 PAGED_CODE(); 01304 01305 CompletionStatus = SepRmDbInitialization(); 01306 01307 return CompletionStatus; 01308 } }

BOOLEAN SepSidInToken (  IN PACCESS_TOKEN  Token, IN PSID  PrincipalSelfSid, IN PSID  Sid, IN BOOLEAN  DenyAce )

Definition at line 733 of file accessck.c. References FALSE, NULL, PAGED_CODE, PTOKEN, RtlEqualSid(), SepDumpTokenInfo(), SePrincipalSelfSid, Token, and TRUE. Referenced by SepAccessCheck(), SepExamineSacl(), SepExamineSaclEx(), and SepTokenIsOwner(). : Checks to see if a given SID is in the given token. N.B. The code to compute the length of a SID and test for equality is duplicated from the security runtime since this is such a frequently used routine. Arguments: Token - Pointer to the token to be examined PrincipalSelfSid - If the object being access checked is an object which represents a principal (e.g., a user object), this parameter should be the SID of the object. Any ACE containing the constant PRINCIPAL_SELF_SID is replaced by this SID. The parameter should be NULL if the object does not represent a principal. Sid - Pointer to the SID of interest Return Value: A value of TRUE indicates that the SID is in the token, FALSE otherwise. --*/ { ULONG i; PISID MatchSid; ULONG SidLength; PTOKEN Token; PSID_AND_ATTRIBUTES TokenSid; ULONG UserAndGroupCount; PAGED_CODE(); #if DBG SepDumpTokenInfo(AToken); #endif // // If Sid is the constant PrincipalSelfSid, // replace it with the passed in PrincipalSelfSid. // if ( PrincipalSelfSid != NULL && RtlEqualSid( SePrincipalSelfSid, Sid ) ) { Sid = PrincipalSelfSid; } // // Get the length of the source SID since this only needs to be computed // once. // SidLength = 8 + (4 * ((PISID)Sid)->SubAuthorityCount); // // Get address of user/group array and number of user/groups. // Token = (PTOKEN)AToken; TokenSid = Token->UserAndGroups; UserAndGroupCount = Token->UserAndGroupCount; // // Scan through the user/groups and attempt to find a match with the // specified SID. // for (i = 0 ; i < UserAndGroupCount ; i += 1) { MatchSid = (PISID)TokenSid->Sid; // // If the SID revision and length matches, then compare the SIDs // for equality. // if ((((PISID)Sid)->Revision == MatchSid->Revision) && (SidLength == (8 + (4 * (ULONG)MatchSid->SubAuthorityCount)))) { if (RtlEqualMemory(Sid, MatchSid, SidLength)) { // // If this is the first one in the list, then it is the User, // and return success immediately. // // If this is not the first one, then it represents a group, // and we must make sure the group is currently enabled before // we can say that the group is "in" the token. // if ((i == 0) || (TokenSid->Attributes & SE_GROUP_ENABLED) || (DenyAce && (TokenSid->Attributes & SE_GROUP_USE_FOR_DENY_ONLY))) { return TRUE; } else { return FALSE; } } } TokenSid += 1; } return FALSE; }

BOOLEAN SepSidTranslation (  PSID  Sid, PSTRING  AccountName )

Definition at line 1065 of file seassign.c. References FALSE, PAGED_CODE, RtlEqualSid(), RtlInitString(), SeBatchSid, SeCreatorGroupServerSid, SeCreatorGroupSid, SeCreatorOwnerServerSid, SeCreatorOwnerSid, SeInteractiveSid, SeLocalSid, SeLocalSystemSid, SeNetworkSid, SeWorldSid, and TRUE. Referenced by SepPrintSid(). : This routine translates well-known SIDs into English names. Arguments: Sid - Provides the sid to be examined. AccountName - Provides a string buffer in which to place the translated name. Return Value: None --*/ // AccountName is expected to have a large maximum length { PAGED_CODE(); if (RtlEqualSid(Sid, SeWorldSid)) { RtlInitString( AccountName, "WORLD "); return(TRUE); } if (RtlEqualSid(Sid, SeLocalSid)) { RtlInitString( AccountName, "LOCAL "); return(TRUE); } if (RtlEqualSid(Sid, SeNetworkSid)) { RtlInitString( AccountName, "NETWORK "); return(TRUE); } if (RtlEqualSid(Sid, SeBatchSid)) { RtlInitString( AccountName, "BATCH "); return(TRUE); } if (RtlEqualSid(Sid, SeInteractiveSid)) { RtlInitString( AccountName, "INTERACTIVE "); return(TRUE); } if (RtlEqualSid(Sid, SeLocalSystemSid)) { RtlInitString( AccountName, "SYSTEM "); return(TRUE); } if (RtlEqualSid(Sid, SeCreatorOwnerSid)) { RtlInitString( AccountName, "CREATOR_OWNER "); return(TRUE); } if (RtlEqualSid(Sid, SeCreatorGroupSid)) { RtlInitString( AccountName, "CREATOR_GROUP "); return(TRUE); } if (RtlEqualSid(Sid, SeCreatorOwnerServerSid)) { RtlInitString( AccountName, "CREATOR_OWNER_SERVER "); return(TRUE); } if (RtlEqualSid(Sid, SeCreatorGroupServerSid)) { RtlInitString( AccountName, "CREATOR_GROUP_SERVER "); return(TRUE); } return(FALSE); }

BOOLEAN SepSinglePrivilegeCheck (  LUID  DesiredPrivilege, IN PACCESS_TOKEN  EffectiveToken, IN KPROCESSOR_MODE  PreviousMode )

Definition at line 143 of file seaudit.c. References ASSERT, PAGED_CODE, SepPrivilegeCheck(), SeTcbPrivilege, and Token. Referenced by SepAccessCheck(), and SePrivilegePolicyCheck(). : Determines if the passed token has the passed privilege. Arguments: DesiredPrivilege - The privilege to be tested for. Token - The token being examined. PreviousMode - The previous processor mode. Return Value: Returns TRUE of the subject has the passed privilege, FALSE otherwise. --*/ { LUID_AND_ATTRIBUTES Privilege; BOOLEAN Result; PAGED_CODE(); // // Don't let anyone call this to test for SeTcbPrivilege // ASSERT(!((DesiredPrivilege.LowPart == SeTcbPrivilege.LowPart) && (DesiredPrivilege.HighPart == SeTcbPrivilege.HighPart))); Privilege.Luid = DesiredPrivilege; Privilege.Attributes = 0; Result = SepPrivilegeCheck( Token, &Privilege, 1, PRIVILEGE_SET_ALL_NECESSARY, PreviousMode ); return(Result); }

BOOLEAN SepTokenIsOwner (  IN PACCESS_TOKEN  Token, IN PSECURITY_DESCRIPTOR  SecurityDescriptor, IN BOOLEAN  TokenLocked )

Definition at line 3796 of file accessck.c. References ASSERT, EffectiveToken, FALSE, NULL, Owner, PAGED_CODE, PTOKEN, SepAcquireTokenReadLock, SepReleaseTokenReadLock, SepSidInToken(), SepSidInTokenEx(), Token, TOKEN_IS_RESTRICTED, and TRUE. Referenced by SeAccessCheck(), SeAccessCheckByType(), and SepAccessCheckAndAuditAlarm(). : This routine will determine of the Owner of the passed security descriptor is in the passed token. If the token is restricted it cannot be the owner. Arguments: Token - The token representing the current user. SecurityDescriptor - The security descriptor for the object being accessed. TokenLocked - A boolean describing whether the caller has taken a read lock for the token. Return Value: TRUE - The user of the token is the owner of the object. FALSE - The user of the token is not the owner of the object. --*/ { PSID Owner; BOOLEAN rc; PISECURITY_DESCRIPTOR ISecurityDescriptor; PTOKEN Token; PAGED_CODE(); ISecurityDescriptor = (PISECURITY_DESCRIPTOR)SecurityDescriptor; Token = (PTOKEN)EffectiveToken; if (!TokenLocked) { SepAcquireTokenReadLock( Token ); } Owner = RtlpOwnerAddrSecurityDescriptor( ISecurityDescriptor ); ASSERT( Owner != NULL ); rc = SepSidInToken( Token, NULL, Owner, FALSE ); // // For restricted tokens, check the restricted sids too. // if (rc && (Token->TokenFlags & TOKEN_IS_RESTRICTED) != 0) { rc = SepSidInTokenEx( Token, NULL, Owner, FALSE, TRUE ); } if (!TokenLocked) { SepReleaseTokenReadLock( Token ); } return( rc ); }

BOOLEAN SepValidOwnerSubjectContext (  IN PSECURITY_SUBJECT_CONTEXT  SubjectContext, IN PSID  Owner, IN BOOLEAN  ServerObject )

Definition at line 381 of file subject.c. References EffectiveToken, exit, FALSE, Index, NULL, Owner, PAGED_CODE, PTOKEN, RtlEqualSid(), SepAcquireTokenReadLock, SepIdAssignableAsOwner(), SepReleaseTokenReadLock, SeRestorePrivilege, SeSinglePrivilegeCheck(), TRUE, and UserMode. Referenced by RtlpNewSecurityObject(), and RtlpSetSecurityObject(). : This routine checks to see whether the provided SID is one the subject is authorized to assign as the owner of objects. It will also check to see if the caller has SeRestorePrivilege, if so, the request is granted. Arguments: SubjectContext - Points to the subject's security context. Owner - Points to the SID to be checked. Return Value: none. --*/ { ULONG Index; BOOLEAN Found; PTOKEN EffectiveToken; BOOLEAN Rc = FALSE; PAGED_CODE(); // // It is invalid to assign a NULL owner, regardless of // whether you have SeRestorePrivilege or not. // if (Owner == NULL) { return( FALSE ); } // // Allowable owners come from the primary if it's a server object. // if (!ServerObject && ARGUMENT_PRESENT(SubjectContext->ClientToken)) { EffectiveToken = (PTOKEN)SubjectContext->ClientToken; } else { EffectiveToken = (PTOKEN)SubjectContext->PrimaryToken; } // // If we're impersonating, make sure we're at TokenImpersonation // or above. This prevents someone from setting the owner of an // object when impersonating at less Identify or Anonymous. // if (EffectiveToken->TokenType == TokenImpersonation) { if (EffectiveToken->ImpersonationLevel < SecurityImpersonation) { return( FALSE ); } } SepAcquireTokenReadLock( EffectiveToken ); // // Walk through the list of user and group IDs looking // for a match to the specified SID. If one is found, // make sure it may be assigned as an owner. // // This code is similar to that performed to set the default // owner of a token (NtSetInformationToken). // Index = 0; while (Index < EffectiveToken->UserAndGroupCount) { Found = RtlEqualSid( Owner, EffectiveToken->UserAndGroups[Index].Sid ); if ( Found ) { // // We may return success if the Sid is one that may be assigned // as an owner, or if the caller has SeRestorePrivilege // if ( SepIdAssignableAsOwner(EffectiveToken,Index) ) { SepReleaseTokenReadLock( EffectiveToken ); Rc = TRUE; goto exit; } else { // // Rc is already set to FALSE, just exit. // SepReleaseTokenReadLock( EffectiveToken ); goto exit; } //endif assignable } //endif Found Index += 1; } //endwhile SepReleaseTokenReadLock( EffectiveToken ); exit: // // If we are going to fail this call, check for Restore privilege, // and succeed if he has it. // // // We should really have gotten PreviousMode from the caller, but we // didn't, so hard wire it to be user-mode here. // if ( Rc == FALSE ) { Rc = SeSinglePrivilegeCheck( SeRestorePrivilege, UserMode ); } return Rc; }

BOOLEAN SepVariableInitialization (  VOID   )

---

Variable Documentation

BOOLEAN SepAuditShutdownEvents

Definition at line 267 of file sep.h.

PSEP_LSA_WORK_ITEM SepDequeueWorkItem(VOID)

SEP_WORK_ITEM SepExWorkItem

Definition at line 376 of file sep.h. Referenced by SepQueueWorkItem().

HANDLE SepLsaHandle

Definition at line 265 of file sep.h. Referenced by SepRmCallLsa(), and SepRmCommandServerThreadInit().

LIST_ENTRY SepLsaQueue

Definition at line 281 of file sep.h. Referenced by SepDequeueWorkItem(), SepInitializeWorkList(), and SepQueueWorkItem().

ULONG SepLsaQueueLength

Definition at line 275 of file sep.h. Referenced by SepRmCallLsa().

ERESOURCE SepLsaQueueLock

Definition at line 273 of file sep.h. Referenced by SepInitializeWorkList().

---