PSE_EXPORTS SeExports = NULL;
SE_EXPORTS SepExports;
+ULONG SidInTokenCalls = 0;
extern ULONG ExpInitializationPhase;
extern ERESOURCE SepSubjectContextLock;
/* PRIVATE FUNCTIONS **********************************************************/
-static BOOLEAN INIT_FUNCTION
+static BOOLEAN
+INIT_FUNCTION
SepInitExports(VOID)
{
SepExports.SeCreateTokenPrivilege = SeCreateTokenPrivilege;
SepInitializationPhase1(VOID)
{
NTSTATUS Status;
+
PAGED_CODE();
/* Insert the system token into the tree */
return STATUS_SUCCESS;
}
-ULONG SidInTokenCalls = 0;
-
static BOOLEAN
SepSidInToken(PACCESS_TOKEN _Token,
PSID Sid)
SidInTokenCalls++;
if (!(SidInTokenCalls % 10000)) DPRINT1("SidInToken Calls: %d\n", SidInTokenCalls);
-
+
if (Token->UserAndGroupCount == 0)
{
return FALSE;
return SepSidInToken(Token, Sid);
}
-VOID NTAPI
+VOID
+NTAPI
SeQuerySecurityAccessMask(IN SECURITY_INFORMATION SecurityInformation,
OUT PACCESS_MASK DesiredAccess)
{
{
*DesiredAccess |= READ_CONTROL;
}
+
if (SecurityInformation & SACL_SECURITY_INFORMATION)
{
*DesiredAccess |= ACCESS_SYSTEM_SECURITY;
}
}
-VOID NTAPI
+VOID
+NTAPI
SeSetSecurityAccessMask(IN SECURITY_INFORMATION SecurityInformation,
OUT PACCESS_MASK DesiredAccess)
{
{
*DesiredAccess |= WRITE_OWNER;
}
+
if (SecurityInformation & DACL_SECURITY_INFORMATION)
{
*DesiredAccess |= WRITE_DAC;
}
+
if (SecurityInformation & SACL_SECURITY_INFORMATION)
{
*DesiredAccess |= ACCESS_SYSTEM_SECURITY;
{
*GrantedAccess = DesiredAccess | PreviouslyGrantedAccess;
}
-
+
*AccessStatus = STATUS_SUCCESS;
return TRUE;
}
/*
* @implemented
*/
-BOOLEAN NTAPI
+BOOLEAN
+NTAPI
SeAccessCheck(IN PSECURITY_DESCRIPTOR SecurityDescriptor,
IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext,
IN BOOLEAN SubjectContextLocked,