1 /* $Id: semgr.c,v 1.47 2004/10/01 01:28:56 arty Exp $
3 * COPYRIGHT: See COPYING in the top level directory
4 * PROJECT: ReactOS kernel
5 * PURPOSE: Security manager
6 * FILE: kernel/se/semgr.c
9 * 26/07/98: Added stubs for security functions
12 /* INCLUDES *****************************************************************/
16 #include <internal/debug.h>
18 #define TAG_SXPT TAG('S', 'X', 'P', 'T')
21 /* GLOBALS ******************************************************************/
23 PSE_EXPORTS EXPORTED SeExports
= NULL
;
25 static ERESOURCE SepSubjectContextLock
;
28 /* PROTOTYPES ***************************************************************/
30 static BOOLEAN
SepInitExports(VOID
);
33 /* FUNCTIONS ****************************************************************/
40 if (!SepInitSecurityIDs())
51 if (!SepInitExports())
54 /* Initialize the subject context lock */
55 ExInitializeResource(&SepSubjectContextLock
);
64 SepInitializeTokenImplementation();
73 OBJECT_ATTRIBUTES ObjectAttributes
;
75 HANDLE DirectoryHandle
;
79 /* Create '\Security' directory */
80 RtlInitUnicodeString(&Name
,
82 InitializeObjectAttributes(&ObjectAttributes
,
87 Status
= NtCreateDirectoryObject(&DirectoryHandle
,
90 if (!NT_SUCCESS(Status
))
92 DPRINT1("Failed to create 'Security' directory!\n");
96 /* Create 'LSA_AUTHENTICATION_INITALIZED' event */
97 RtlInitUnicodeString(&Name
,
98 L
"\\LSA_AUTHENTICATION_INITALIZED");
99 InitializeObjectAttributes(&ObjectAttributes
,
104 Status
= NtCreateEvent(&EventHandle
,
109 if (!NT_SUCCESS(Status
))
111 DPRINT1("Failed to create 'LSA_AUTHENTICATION_INITALIZED' event!\n");
112 NtClose(DirectoryHandle
);
116 NtClose(EventHandle
);
117 NtClose(DirectoryHandle
);
119 /* FIXME: Create SRM port and listener thread */
125 static BOOLEAN INIT_FUNCTION
128 SeExports
= ExAllocatePoolWithTag(NonPagedPool
,
131 if (SeExports
== NULL
)
134 SeExports
->SeCreateTokenPrivilege
= SeCreateTokenPrivilege
;
135 SeExports
->SeAssignPrimaryTokenPrivilege
= SeAssignPrimaryTokenPrivilege
;
136 SeExports
->SeLockMemoryPrivilege
= SeLockMemoryPrivilege
;
137 SeExports
->SeIncreaseQuotaPrivilege
= SeIncreaseQuotaPrivilege
;
138 SeExports
->SeUnsolicitedInputPrivilege
= SeUnsolicitedInputPrivilege
;
139 SeExports
->SeTcbPrivilege
= SeTcbPrivilege
;
140 SeExports
->SeSecurityPrivilege
= SeSecurityPrivilege
;
141 SeExports
->SeTakeOwnershipPrivilege
= SeTakeOwnershipPrivilege
;
142 SeExports
->SeLoadDriverPrivilege
= SeLoadDriverPrivilege
;
143 SeExports
->SeCreatePagefilePrivilege
= SeCreatePagefilePrivilege
;
144 SeExports
->SeIncreaseBasePriorityPrivilege
= SeIncreaseBasePriorityPrivilege
;
145 SeExports
->SeSystemProfilePrivilege
= SeSystemProfilePrivilege
;
146 SeExports
->SeSystemtimePrivilege
= SeSystemtimePrivilege
;
147 SeExports
->SeProfileSingleProcessPrivilege
= SeProfileSingleProcessPrivilege
;
148 SeExports
->SeCreatePermanentPrivilege
= SeCreatePermanentPrivilege
;
149 SeExports
->SeBackupPrivilege
= SeBackupPrivilege
;
150 SeExports
->SeRestorePrivilege
= SeRestorePrivilege
;
151 SeExports
->SeShutdownPrivilege
= SeShutdownPrivilege
;
152 SeExports
->SeDebugPrivilege
= SeDebugPrivilege
;
153 SeExports
->SeAuditPrivilege
= SeAuditPrivilege
;
154 SeExports
->SeSystemEnvironmentPrivilege
= SeSystemEnvironmentPrivilege
;
155 SeExports
->SeChangeNotifyPrivilege
= SeChangeNotifyPrivilege
;
156 SeExports
->SeRemoteShutdownPrivilege
= SeRemoteShutdownPrivilege
;
158 SeExports
->SeNullSid
= SeNullSid
;
159 SeExports
->SeWorldSid
= SeWorldSid
;
160 SeExports
->SeLocalSid
= SeLocalSid
;
161 SeExports
->SeCreatorOwnerSid
= SeCreatorOwnerSid
;
162 SeExports
->SeCreatorGroupSid
= SeCreatorGroupSid
;
163 SeExports
->SeNtAuthoritySid
= SeNtAuthoritySid
;
164 SeExports
->SeDialupSid
= SeDialupSid
;
165 SeExports
->SeNetworkSid
= SeNetworkSid
;
166 SeExports
->SeBatchSid
= SeBatchSid
;
167 SeExports
->SeInteractiveSid
= SeInteractiveSid
;
168 SeExports
->SeLocalSystemSid
= SeLocalSystemSid
;
169 SeExports
->SeAliasAdminsSid
= SeAliasAdminsSid
;
170 SeExports
->SeAliasUsersSid
= SeAliasUsersSid
;
171 SeExports
->SeAliasGuestsSid
= SeAliasGuestsSid
;
172 SeExports
->SeAliasPowerUsersSid
= SeAliasPowerUsersSid
;
173 SeExports
->SeAliasAccountOpsSid
= SeAliasAccountOpsSid
;
174 SeExports
->SeAliasSystemOpsSid
= SeAliasSystemOpsSid
;
175 SeExports
->SeAliasPrintOpsSid
= SeAliasPrintOpsSid
;
176 SeExports
->SeAliasBackupOpsSid
= SeAliasBackupOpsSid
;
182 VOID
SepReferenceLogonSession(PLUID AuthenticationId
)
187 VOID
SepDeReferenceLogonSession(PLUID AuthenticationId
)
198 NtAllocateUuids(PULARGE_INTEGER Time
,
203 return(STATUS_NOT_IMPLEMENTED
);
211 SeCaptureSubjectContext(OUT PSECURITY_SUBJECT_CONTEXT SubjectContext
)
215 BOOLEAN EffectiveOnly
;
217 Thread
= PsGetCurrentThread();
220 SubjectContext
->ProcessAuditId
= 0;
221 SubjectContext
->PrimaryToken
= NULL
;
222 SubjectContext
->ClientToken
= NULL
;
223 SubjectContext
->ImpersonationLevel
= 0;
227 SubjectContext
->ProcessAuditId
= Thread
->ThreadsProcess
;
228 SubjectContext
->ClientToken
=
229 PsReferenceImpersonationToken(Thread
,
232 &SubjectContext
->ImpersonationLevel
);
233 SubjectContext
->PrimaryToken
= PsReferencePrimaryToken(Thread
->ThreadsProcess
);
242 SeLockSubjectContext(IN PSECURITY_SUBJECT_CONTEXT SubjectContext
)
244 ExAcquireResourceExclusiveLite(&SepSubjectContextLock
, TRUE
);
252 SeUnlockSubjectContext(IN PSECURITY_SUBJECT_CONTEXT SubjectContext
)
254 ExReleaseResourceLite(&SepSubjectContextLock
);
262 SeReleaseSubjectContext(IN PSECURITY_SUBJECT_CONTEXT SubjectContext
)
264 if (SubjectContext
->PrimaryToken
!= NULL
)
266 ObDereferenceObject(SubjectContext
->PrimaryToken
);
269 if (SubjectContext
->ClientToken
!= NULL
)
271 ObDereferenceObject(SubjectContext
->ClientToken
);
280 SeDeassignSecurity(PSECURITY_DESCRIPTOR
*SecurityDescriptor
)
282 if (*SecurityDescriptor
!= NULL
)
284 ExFreePool(*SecurityDescriptor
);
285 *SecurityDescriptor
= NULL
;
288 return STATUS_SUCCESS
;
296 SeAssignSecurityEx(IN PSECURITY_DESCRIPTOR ParentDescriptor OPTIONAL
,
297 IN PSECURITY_DESCRIPTOR ExplicitDescriptor OPTIONAL
,
298 OUT PSECURITY_DESCRIPTOR
*NewDescriptor
,
299 IN GUID
*ObjectType OPTIONAL
,
300 IN BOOLEAN IsDirectoryObject
,
301 IN ULONG AutoInheritFlags
,
302 IN PSECURITY_SUBJECT_CONTEXT SubjectContext
,
303 IN PGENERIC_MAPPING GenericMapping
,
304 IN POOL_TYPE PoolType
)
307 return STATUS_NOT_IMPLEMENTED
;
312 * FUNCTION: Creates a security descriptor for a new object.
315 * ExplicitDescriptor =
317 * IsDirectoryObject =
326 SeAssignSecurity(PSECURITY_DESCRIPTOR ParentDescriptor OPTIONAL
,
327 PSECURITY_DESCRIPTOR ExplicitDescriptor OPTIONAL
,
328 PSECURITY_DESCRIPTOR
*NewDescriptor
,
329 BOOLEAN IsDirectoryObject
,
330 PSECURITY_SUBJECT_CONTEXT SubjectContext
,
331 PGENERIC_MAPPING GenericMapping
,
334 PSECURITY_DESCRIPTOR Descriptor
;
336 ULONG OwnerLength
= 0;
337 ULONG GroupLength
= 0;
338 ULONG DaclLength
= 0;
339 ULONG SaclLength
= 0;
348 /* Lock subject context */
349 SeLockSubjectContext(SubjectContext
);
351 if (SubjectContext
->ClientToken
!= NULL
)
353 Token
= SubjectContext
->ClientToken
;
357 Token
= SubjectContext
->PrimaryToken
;
361 /* Inherit the Owner SID */
362 if (ExplicitDescriptor
!= NULL
&& ExplicitDescriptor
->Owner
!= NULL
)
364 DPRINT("Use explicit owner sid!\n");
365 Owner
= ExplicitDescriptor
->Owner
;
366 if (ExplicitDescriptor
->Control
& SE_SELF_RELATIVE
)
368 Owner
= (PSID
)(((ULONG_PTR
)Owner
) + (ULONG_PTR
)ExplicitDescriptor
);
375 DPRINT("Use token owner sid!\n");
376 Owner
= Token
->UserAndGroups
[Token
->DefaultOwnerIndex
].Sid
;
380 DPRINT("Use default owner sid!\n");
381 Owner
= SeLocalSystemSid
;
384 Control
|= SE_OWNER_DEFAULTED
;
387 OwnerLength
= ROUND_UP(RtlLengthSid(Owner
), 4);
390 /* Inherit the Group SID */
391 if (ExplicitDescriptor
!= NULL
&& ExplicitDescriptor
->Group
!= NULL
)
393 DPRINT("Use explicit group sid!\n");
394 Group
= ExplicitDescriptor
->Group
;
395 if (ExplicitDescriptor
->Control
& SE_SELF_RELATIVE
)
397 Group
= (PSID
)(((ULONG_PTR
)Group
) + (ULONG_PTR
)ExplicitDescriptor
);
404 DPRINT("Use token group sid!\n");
405 Group
= Token
->PrimaryGroup
;
409 DPRINT("Use default group sid!\n");
410 Group
= SeLocalSystemSid
;
413 Control
|= SE_OWNER_DEFAULTED
;
416 GroupLength
= ROUND_UP(RtlLengthSid(Group
), 4);
419 /* Inherit the DACL */
420 if (ExplicitDescriptor
!= NULL
&&
421 (ExplicitDescriptor
->Control
& SE_DACL_PRESENT
) &&
422 !(ExplicitDescriptor
->Control
& SE_DACL_DEFAULTED
))
424 DPRINT("Use explicit DACL!\n");
425 Dacl
= ExplicitDescriptor
->Dacl
;
426 if (Dacl
!= NULL
&& (ExplicitDescriptor
->Control
& SE_SELF_RELATIVE
))
428 Dacl
= (PACL
)(((ULONG_PTR
)Dacl
) + (ULONG_PTR
)ExplicitDescriptor
);
431 Control
|= SE_DACL_PRESENT
;
433 else if (ParentDescriptor
!= NULL
&&
434 (ParentDescriptor
->Control
& SE_DACL_PRESENT
))
436 DPRINT("Use parent DACL!\n");
438 Dacl
= ParentDescriptor
->Dacl
;
439 if (Dacl
!= NULL
&& (ParentDescriptor
->Control
& SE_SELF_RELATIVE
))
441 Dacl
= (PACL
)(((ULONG_PTR
)Dacl
) + (ULONG_PTR
)ParentDescriptor
);
443 Control
|= (SE_DACL_PRESENT
| SE_DACL_DEFAULTED
);
445 else if (Token
!= NULL
&& Token
->DefaultDacl
!= NULL
)
447 DPRINT("Use token default DACL!\n");
449 Dacl
= Token
->DefaultDacl
;
450 Control
|= (SE_DACL_PRESENT
| SE_DACL_DEFAULTED
);
454 DPRINT("Use NULL DACL!\n");
456 Control
|= (SE_DACL_PRESENT
| SE_DACL_DEFAULTED
);
459 DaclLength
= (Dacl
!= NULL
) ? ROUND_UP(Dacl
->AclSize
, 4) : 0;
462 /* Inherit the SACL */
463 if (ExplicitDescriptor
!= NULL
&&
464 (ExplicitDescriptor
->Control
& SE_SACL_PRESENT
) &&
465 !(ExplicitDescriptor
->Control
& SE_SACL_DEFAULTED
))
467 DPRINT("Use explicit SACL!\n");
468 Sacl
= ExplicitDescriptor
->Sacl
;
469 if (Sacl
!= NULL
&& (ExplicitDescriptor
->Control
& SE_SELF_RELATIVE
))
471 Sacl
= (PACL
)(((ULONG_PTR
)Sacl
) + (ULONG_PTR
)ExplicitDescriptor
);
474 Control
|= SE_SACL_PRESENT
;
476 else if (ParentDescriptor
!= NULL
&&
477 (ParentDescriptor
->Control
& SE_SACL_PRESENT
))
479 DPRINT("Use parent SACL!\n");
481 Sacl
= ParentDescriptor
->Sacl
;
482 if (Sacl
!= NULL
&& (ParentDescriptor
->Control
& SE_SELF_RELATIVE
))
484 Sacl
= (PACL
)(((ULONG_PTR
)Sacl
) + (ULONG_PTR
)ParentDescriptor
);
486 Control
|= (SE_SACL_PRESENT
| SE_SACL_DEFAULTED
);
489 SaclLength
= (Sacl
!= NULL
) ? ROUND_UP(Sacl
->AclSize
, 4) : 0;
492 /* Allocate and initialize the new security descriptor */
493 Length
= sizeof(SECURITY_DESCRIPTOR
) +
494 OwnerLength
+ GroupLength
+ DaclLength
+ SaclLength
;
496 DPRINT("L: sizeof(SECURITY_DESCRIPTOR) %d OwnerLength %d GroupLength %d DaclLength %d SaclLength %d\n",
497 sizeof(SECURITY_DESCRIPTOR
),
503 Descriptor
= ExAllocatePool(NonPagedPool
,
505 RtlZeroMemory( Descriptor
, Length
);
507 if (Descriptor
== NULL
)
509 DPRINT1("ExAlloctePool() failed\n");
510 /* FIXME: Unlock subject context */
511 return STATUS_INSUFFICIENT_RESOURCES
;
514 RtlCreateSecurityDescriptor(Descriptor
,
515 SECURITY_DESCRIPTOR_REVISION
);
517 Descriptor
->Control
= Control
| SE_SELF_RELATIVE
;
519 Current
= (ULONG_PTR
)Descriptor
+ sizeof(SECURITY_DESCRIPTOR
);
523 RtlCopyMemory((PVOID
)Current
,
526 Descriptor
->Sacl
= (PACL
)((ULONG_PTR
)Current
- (ULONG_PTR
)Descriptor
);
527 Current
+= SaclLength
;
532 RtlCopyMemory((PVOID
)Current
,
535 Descriptor
->Dacl
= (PACL
)((ULONG_PTR
)Current
- (ULONG_PTR
)Descriptor
);
536 Current
+= DaclLength
;
539 if (OwnerLength
!= 0)
541 RtlCopyMemory((PVOID
)Current
,
544 Descriptor
->Owner
= (PSID
)((ULONG_PTR
)Current
- (ULONG_PTR
)Descriptor
);
545 Current
+= OwnerLength
;
546 DPRINT("Owner of %x at %x\n", Descriptor
, Descriptor
->Owner
);
549 DPRINT("Owner of %x is zero length\n", Descriptor
);
551 if (GroupLength
!= 0)
553 memmove((PVOID
)Current
,
556 Descriptor
->Group
= (PSID
)((ULONG_PTR
)Current
- (ULONG_PTR
)Descriptor
);
559 /* Unlock subject context */
560 SeUnlockSubjectContext(SubjectContext
);
562 *NewDescriptor
= Descriptor
;
564 DPRINT("Descrptor %x\n", Descriptor
);
565 assert( RtlLengthSecurityDescriptor( Descriptor
) );
567 return STATUS_SUCCESS
;
572 SepSidInToken(PACCESS_TOKEN Token
,
577 if (Token
->UserAndGroupCount
== 0)
582 for (i
=0; i
<Token
->UserAndGroupCount
; i
++)
584 if (RtlEqualSid(Sid
, Token
->UserAndGroups
[i
].Sid
))
586 if (Token
->UserAndGroups
[i
].Attributes
& SE_GROUP_ENABLED
)
600 * FUNCTION: Determines whether the requested access rights can be granted
601 * to an object protected by a security descriptor and an object owner
603 * SecurityDescriptor = Security descriptor protecting the object
604 * SubjectSecurityContext = Subject's captured security context
605 * SubjectContextLocked = Indicates the user's subject context is locked
606 * DesiredAccess = Access rights the caller is trying to acquire
607 * PreviouslyGrantedAccess = Specified the access rights already granted
609 * GenericMapping = Generic mapping associated with the object
610 * AccessMode = Access mode used for the check
611 * GrantedAccess (OUT) = On return specifies the access granted
612 * AccessStatus (OUT) = Status indicating why access was denied
613 * RETURNS: If access was granted, returns TRUE
618 SeAccessCheck(IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
619 IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext
,
620 IN BOOLEAN SubjectContextLocked
,
621 IN ACCESS_MASK DesiredAccess
,
622 IN ACCESS_MASK PreviouslyGrantedAccess
,
623 OUT PPRIVILEGE_SET
* Privileges
,
624 IN PGENERIC_MAPPING GenericMapping
,
625 IN KPROCESSOR_MODE AccessMode
,
626 OUT PACCESS_MASK GrantedAccess
,
627 OUT PNTSTATUS AccessStatus
)
629 LUID_AND_ATTRIBUTES Privilege
;
630 ACCESS_MASK CurrentAccess
;
640 CurrentAccess
= PreviouslyGrantedAccess
;
642 if (SubjectContextLocked
== FALSE
)
644 SeLockSubjectContext(SubjectSecurityContext
);
647 Token
= SubjectSecurityContext
->ClientToken
?
648 SubjectSecurityContext
->ClientToken
: SubjectSecurityContext
->PrimaryToken
;
651 Status
= RtlGetDaclSecurityDescriptor(SecurityDescriptor
,
655 if (!NT_SUCCESS(Status
))
657 if (SubjectContextLocked
== FALSE
)
659 SeUnlockSubjectContext(SubjectSecurityContext
);
662 *AccessStatus
= Status
;
666 /* RULE 1: Grant desired access if the object is unprotected */
667 if (Present
== TRUE
&& Dacl
== NULL
)
669 if (SubjectContextLocked
== FALSE
)
671 SeUnlockSubjectContext(SubjectSecurityContext
);
674 *GrantedAccess
= DesiredAccess
;
675 *AccessStatus
= STATUS_SUCCESS
;
679 CurrentAccess
= PreviouslyGrantedAccess
;
681 /* RULE 2: Check token for 'take ownership' privilege */
682 Privilege
.Luid
= SeTakeOwnershipPrivilege
;
683 Privilege
.Attributes
= SE_PRIVILEGE_ENABLED
;
685 if (SepPrivilegeCheck(Token
,
688 PRIVILEGE_SET_ALL_NECESSARY
,
691 CurrentAccess
|= WRITE_OWNER
;
692 if (DesiredAccess
== CurrentAccess
)
694 if (SubjectContextLocked
== FALSE
)
696 SeUnlockSubjectContext(SubjectSecurityContext
);
699 *GrantedAccess
= CurrentAccess
;
700 *AccessStatus
= STATUS_SUCCESS
;
705 /* RULE 3: Check whether the token is the owner */
706 Status
= RtlGetOwnerSecurityDescriptor(SecurityDescriptor
,
709 if (!NT_SUCCESS(Status
))
711 DPRINT1("RtlGetOwnerSecurityDescriptor() failed (Status %lx)\n", Status
);
712 if (SubjectContextLocked
== FALSE
)
714 SeUnlockSubjectContext(SubjectSecurityContext
);
717 *AccessStatus
= Status
;
721 if (SepSidInToken(Token
, Sid
))
723 CurrentAccess
|= (READ_CONTROL
| WRITE_DAC
);
724 if (DesiredAccess
== CurrentAccess
)
726 if (SubjectContextLocked
== FALSE
)
728 SeUnlockSubjectContext(SubjectSecurityContext
);
731 *GrantedAccess
= CurrentAccess
;
732 *AccessStatus
= STATUS_SUCCESS
;
737 /* Fail if DACL is absent */
738 if (Present
== FALSE
)
740 if (SubjectContextLocked
== FALSE
)
742 SeUnlockSubjectContext(SubjectSecurityContext
);
746 *AccessStatus
= STATUS_ACCESS_DENIED
;
750 /* RULE 4: Grant rights according to the DACL */
751 CurrentAce
= (PACE
)(Dacl
+ 1);
752 for (i
= 0; i
< Dacl
->AceCount
; i
++)
754 Sid
= (PSID
)(CurrentAce
+ 1);
755 if (CurrentAce
->Header
.AceType
== ACCESS_DENIED_ACE_TYPE
)
757 if (SepSidInToken(Token
, Sid
))
759 if (SubjectContextLocked
== FALSE
)
761 SeUnlockSubjectContext(SubjectSecurityContext
);
765 *AccessStatus
= STATUS_ACCESS_DENIED
;
770 if (CurrentAce
->Header
.AceType
== ACCESS_ALLOWED_ACE_TYPE
)
772 if (SepSidInToken(Token
, Sid
))
774 CurrentAccess
|= CurrentAce
->AccessMask
;
779 if (SubjectContextLocked
== FALSE
)
781 SeUnlockSubjectContext(SubjectSecurityContext
);
784 DPRINT("CurrentAccess %08lx\n DesiredAccess %08lx\n",
785 CurrentAccess
, DesiredAccess
);
787 *GrantedAccess
= CurrentAccess
& DesiredAccess
;
790 (*GrantedAccess
== DesiredAccess
) ? STATUS_SUCCESS
: STATUS_ACCESS_DENIED
;
797 NtAccessCheck(IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
798 IN HANDLE TokenHandle
,
799 IN ACCESS_MASK DesiredAccess
,
800 IN PGENERIC_MAPPING GenericMapping
,
801 OUT PPRIVILEGE_SET PrivilegeSet
,
802 OUT PULONG ReturnLength
,
803 OUT PACCESS_MASK GrantedAccess
,
804 OUT PNTSTATUS AccessStatus
)
806 SECURITY_SUBJECT_CONTEXT SubjectSecurityContext
;
807 KPROCESSOR_MODE PreviousMode
;
811 DPRINT("NtAccessCheck() called\n");
813 PreviousMode
= KeGetPreviousMode();
814 if (PreviousMode
== KernelMode
)
816 *GrantedAccess
= DesiredAccess
;
817 *AccessStatus
= STATUS_SUCCESS
;
818 return STATUS_SUCCESS
;
821 Status
= ObReferenceObjectByHandle(TokenHandle
,
827 if (!NT_SUCCESS(Status
))
829 DPRINT1("Failed to reference token (Status %lx)\n", Status
);
833 /* Check token type */
834 if (Token
->TokenType
!= TokenImpersonation
)
836 DPRINT1("No impersonation token\n");
837 ObDereferenceObject(Token
);
838 return STATUS_ACCESS_VIOLATION
;
841 /* Check impersonation level */
842 if (Token
->ImpersonationLevel
< SecurityAnonymous
)
844 DPRINT1("Invalid impersonation level\n");
845 ObDereferenceObject(Token
);
846 return STATUS_ACCESS_VIOLATION
;
849 RtlZeroMemory(&SubjectSecurityContext
,
850 sizeof(SECURITY_SUBJECT_CONTEXT
));
851 SubjectSecurityContext
.ClientToken
= Token
;
852 SubjectSecurityContext
.ImpersonationLevel
= Token
->ImpersonationLevel
;
854 /* Lock subject context */
855 SeLockSubjectContext(&SubjectSecurityContext
);
857 if (SeAccessCheck(SecurityDescriptor
,
858 &SubjectSecurityContext
,
868 Status
= *AccessStatus
;
872 Status
= STATUS_ACCESS_DENIED
;
875 /* Unlock subject context */
876 SeUnlockSubjectContext(&SubjectSecurityContext
);
878 ObDereferenceObject(Token
);
880 DPRINT("NtAccessCheck() done\n");
projects / reactos.git / blob