/* $Id$
*
- * COPYRIGHT: See COPYING in the top level directory
- * PROJECT: ReactOS kernel
- * PURPOSE: Security manager
- * FILE: kernel/se/priv.c
- * PROGRAMER: ?
- * REVISION HISTORY:
- * 26/07/98: Added stubs for security functions
+ * COPYRIGHT: See COPYING in the top level directory
+ * PROJECT: ReactOS kernel
+ * FILE: ntoskrnl/se/priv.c
+ * PURPOSE: Security manager
+ *
+ * PROGRAMMERS: No programmer listed.
*/
/* INCLUDES *****************************************************************/
#define NDEBUG
#include <internal/debug.h>
+#if defined (ALLOC_PRAGMA)
+#pragma alloc_text(INIT, SepInitPrivileges)
+#endif
+
/* GLOBALS *******************************************************************/
LUID SeSystemEnvironmentPrivilege;
LUID SeChangeNotifyPrivilege;
LUID SeRemoteShutdownPrivilege;
+LUID SeUndockPrivilege;
+LUID SeSyncAgentPrivilege;
+LUID SeEnableDelegationPrivilege;
/* FUNCTIONS ***************************************************************/
-VOID INIT_FUNCTION
+VOID
+INIT_FUNCTION
+NTAPI
SepInitPrivileges (VOID)
{
SeCreateTokenPrivilege.LowPart = SE_CREATE_TOKEN_PRIVILEGE;
SeChangeNotifyPrivilege.HighPart = 0;
SeRemoteShutdownPrivilege.LowPart = SE_REMOTE_SHUTDOWN_PRIVILEGE;
SeRemoteShutdownPrivilege.HighPart = 0;
+ SeUndockPrivilege.LowPart = SE_UNDOCK_PRIVILEGE;
+ SeUndockPrivilege.HighPart = 0;
+ SeSyncAgentPrivilege.LowPart = SE_SYNC_AGENT_PRIVILEGE;
+ SeSyncAgentPrivilege.HighPart = 0;
+ SeEnableDelegationPrivilege.LowPart = SE_ENABLE_DELEGATION_PRIVILEGE;
+ SeEnableDelegationPrivilege.HighPart = 0;
}
BOOLEAN
+NTAPI
SepPrivilegeCheck (PTOKEN Token,
PLUID_AND_ATTRIBUTES Privileges,
ULONG PrivilegeCount,
DPRINT ("SepPrivilegeCheck() called\n");
+ PAGED_CODE();
+
if (PreviousMode == KernelMode)
{
return TRUE;
NTSTATUS
+NTAPI
SeCaptureLuidAndAttributesArray (PLUID_AND_ATTRIBUTES Src,
ULONG PrivilegeCount,
KPROCESSOR_MODE PreviousMode,
PLUID_AND_ATTRIBUTES* NewMem;
ULONG SrcLength;
+ PAGED_CODE();
+
if (PrivilegeCount == 0)
{
*Dest = 0;
VOID
+NTAPI
SeReleaseLuidAndAttributesArray (PLUID_AND_ATTRIBUTES Privilege,
KPROCESSOR_MODE PreviousMode,
ULONG a)
{
+ PAGED_CODE();
+
ExFreePool (Privilege);
}
ULONG PrivilegeCount;
ULONG PrivilegeControl;
ULONG Length;
+ KPROCESSOR_MODE PreviousMode;
NTSTATUS Status;
+ PAGED_CODE();
+
+ PreviousMode = KeGetPreviousMode();
+
Status = ObReferenceObjectByHandle (ClientToken,
- 0,
+ TOKEN_QUERY,
SepTokenObjectType,
- UserMode,
+ PreviousMode,
(PVOID*)&Token,
NULL);
if (!NT_SUCCESS(Status))
{
PACCESS_TOKEN Token = NULL;
+ PAGED_CODE();
+
if (SubjectContext->ClientToken == NULL)
{
Token = SubjectContext->PrimaryToken;
PRIVILEGE_SET Priv;
BOOLEAN Result;
+ PAGED_CODE();
+
SeCaptureSubjectContext (&SubjectContext);
Priv.PrivilegeCount = 1;