OUT PSECURITY_SUBJECT_CONTEXT SubjectContext)
{
BOOLEAN CopyOnOpen, EffectiveOnly;
+
PAGED_CODE();
-
+
/* Save the unique ID */
SubjectContext->ProcessAuditId = Process->UniqueProcessId;
-
+
/* Check if we have a thread */
if (!Thread)
{
&EffectiveOnly,
&SubjectContext->ImpersonationLevel);
}
-
+
/* Get the primary token */
SubjectContext->PrimaryToken = PsReferencePrimaryToken(Process);
}
SeLockSubjectContext(IN PSECURITY_SUBJECT_CONTEXT SubjectContext)
{
PAGED_CODE();
-
+
KeEnterCriticalRegion();
ExAcquireResourceExclusiveLite(&SepSubjectContextLock, TRUE);
}
SeUnlockSubjectContext(IN PSECURITY_SUBJECT_CONTEXT SubjectContext)
{
PAGED_CODE();
-
+
ExReleaseResourceLite(&SepSubjectContextLock);
KeLeaveCriticalRegion();
}
SeReleaseSubjectContext(IN PSECURITY_SUBJECT_CONTEXT SubjectContext)
{
PAGED_CODE();
-
+
if (SubjectContext->PrimaryToken != NULL)
{
ObFastDereferenceObject(&PsGetCurrentProcess()->Token, SubjectContext->PrimaryToken);
}
-
+
if (SubjectContext->ClientToken != NULL)
{
ObDereferenceObject(SubjectContext->ClientToken);
{
ACCESS_MASK AccessMask = Access;
PTOKEN Token;
+
PAGED_CODE();
/* Map the Generic Acess to Specific Access if we have a Mapping */
ExpAllocateLocallyUniqueId(&AccessState->OperationID);
/* Get the Token to use */
- Token = AccessState->SubjectSecurityContext.ClientToken ?
- (PTOKEN)&AccessState->SubjectSecurityContext.ClientToken :
- (PTOKEN)&AccessState->SubjectSecurityContext.PrimaryToken;
+ Token = AccessState->SubjectSecurityContext.ClientToken ?
+ (PTOKEN)&AccessState->SubjectSecurityContext.ClientToken :
+ (PTOKEN)&AccessState->SubjectSecurityContext.PrimaryToken;
/* Check for Travers Privilege */
if (Token->TokenFlags & TOKEN_HAS_TRAVERSE_PRIVILEGE)
SeDeleteAccessState(IN PACCESS_STATE AccessState)
{
PAUX_ACCESS_DATA AuxData;
+
PAGED_CODE();
/* Get the Auxiliary Data */
{
ExFreePool(AccessState->ObjectName.Buffer);
}
- if (AccessState->ObjectTypeName.Buffer)
+
+ if (AccessState->ObjectTypeName.Buffer)
{
ExFreePool(AccessState->ObjectTypeName.Buffer);
}
PACCESS_TOKEN Token;
NTSTATUS Status;
PACCESS_TOKEN NewToken;
+
PAGED_CODE();
-
+
Token = PsReferenceEffectiveToken(Thread,
&TokenType,
&ThreadEffectiveOnly,
if (Token) ObDereferenceObject(Token);
return STATUS_BAD_IMPERSONATION_LEVEL;
}
-
+
if ((ImpersonationLevel == SecurityAnonymous) ||
(ImpersonationLevel == SecurityIdentification) ||
((RemoteClient) && (ImpersonationLevel != SecurityDelegation)))
if (Token) ObDereferenceObject(Token);
return STATUS_BAD_IMPERSONATION_LEVEL;
}
-
+
ClientContext->DirectAccessEffectiveOnly = ((ThreadEffectiveOnly) ||
- (Qos->EffectiveOnly)) ?
- TRUE : FALSE;
+ (Qos->EffectiveOnly)) ? TRUE : FALSE;
}
-
+
if (Qos->ContextTrackingMode == SECURITY_STATIC_TRACKING)
{
ClientContext->DirectlyAccessClientToken = FALSE;
&ClientContext->ClientTokenControl);
#endif
}
-
+
NewToken = Token;
}
-
+
ClientContext->SecurityQos.Length = sizeof(SECURITY_QUALITY_OF_SERVICE);
ClientContext->SecurityQos.ImpersonationLevel = Qos->ImpersonationLevel;
ClientContext->SecurityQos.ContextTrackingMode = Qos->ContextTrackingMode;
IN PETHREAD ServerThread OPTIONAL)
{
UCHAR b;
-
+
PAGED_CODE();
-
+
if (ClientContext->DirectlyAccessClientToken == FALSE)
{
b = ClientContext->SecurityQos.EffectiveOnly;
{
b = ClientContext->DirectAccessEffectiveOnly;
}
+
if (ServerThread == NULL)
{
ServerThread = PsGetCurrentThread();
}
+
PsImpersonateClient(ServerThread,
ClientContext->ClientToken,
1,