-/* $Id: priv.c,v 1.7 2003/06/17 10:42:37 ekohl Exp $
+/* $Id$
*
- * COPYRIGHT: See COPYING in the top level directory
- * PROJECT: ReactOS kernel
- * PURPOSE: Security manager
- * FILE: kernel/se/priv.c
- * PROGRAMER: ?
- * REVISION HISTORY:
- * 26/07/98: Added stubs for security functions
+ * COPYRIGHT: See COPYING in the top level directory
+ * PROJECT: ReactOS kernel
+ * FILE: ntoskrnl/se/priv.c
+ * PURPOSE: Security manager
+ *
+ * PROGRAMMERS: No programmer listed.
*/
/* INCLUDES *****************************************************************/
-#include <ddk/ntddk.h>
-#include <internal/se.h>
-
+#include <ntoskrnl.h>
+#define NDEBUG
#include <internal/debug.h>
+#if defined (ALLOC_PRAGMA)
+#pragma alloc_text(INIT, SepInitPrivileges)
+#endif
+
/* GLOBALS *******************************************************************/
LUID SeSystemEnvironmentPrivilege;
LUID SeChangeNotifyPrivilege;
LUID SeRemoteShutdownPrivilege;
+LUID SeUndockPrivilege;
+LUID SeSyncAgentPrivilege;
+LUID SeEnableDelegationPrivilege;
/* FUNCTIONS ***************************************************************/
VOID
+INIT_FUNCTION
+NTAPI
SepInitPrivileges (VOID)
{
SeCreateTokenPrivilege.LowPart = SE_CREATE_TOKEN_PRIVILEGE;
SeChangeNotifyPrivilege.HighPart = 0;
SeRemoteShutdownPrivilege.LowPart = SE_REMOTE_SHUTDOWN_PRIVILEGE;
SeRemoteShutdownPrivilege.HighPart = 0;
+ SeUndockPrivilege.LowPart = SE_UNDOCK_PRIVILEGE;
+ SeUndockPrivilege.HighPart = 0;
+ SeSyncAgentPrivilege.LowPart = SE_SYNC_AGENT_PRIVILEGE;
+ SeSyncAgentPrivilege.HighPart = 0;
+ SeEnableDelegationPrivilege.LowPart = SE_ENABLE_DELEGATION_PRIVILEGE;
+ SeEnableDelegationPrivilege.HighPart = 0;
}
BOOLEAN
-SepPrivilegeCheck (PACCESS_TOKEN Token,
+NTAPI
+SepPrivilegeCheck (PTOKEN Token,
PLUID_AND_ATTRIBUTES Privileges,
ULONG PrivilegeCount,
ULONG PrivilegeControl,
DPRINT ("SepPrivilegeCheck() called\n");
+ PAGED_CODE();
+
if (PreviousMode == KernelMode)
{
return TRUE;
NTSTATUS
+NTAPI
SeCaptureLuidAndAttributesArray (PLUID_AND_ATTRIBUTES Src,
ULONG PrivilegeCount,
KPROCESSOR_MODE PreviousMode,
PLUID_AND_ATTRIBUTES* NewMem;
ULONG SrcLength;
+ PAGED_CODE();
+
if (PrivilegeCount == 0)
{
*Dest = 0;
VOID
+NTAPI
SeReleaseLuidAndAttributesArray (PLUID_AND_ATTRIBUTES Privilege,
KPROCESSOR_MODE PreviousMode,
ULONG a)
{
+ PAGED_CODE();
+
ExFreePool (Privilege);
}
IN PBOOLEAN Result)
{
PLUID_AND_ATTRIBUTES Privilege;
- PACCESS_TOKEN Token;
+ PTOKEN Token;
ULONG PrivilegeCount;
ULONG PrivilegeControl;
ULONG Length;
+ KPROCESSOR_MODE PreviousMode;
NTSTATUS Status;
+ PAGED_CODE();
+
+ PreviousMode = KeGetPreviousMode();
+
Status = ObReferenceObjectByHandle (ClientToken,
- 0,
+ TOKEN_QUERY,
SepTokenObjectType,
- UserMode,
+ PreviousMode,
(PVOID*)&Token,
NULL);
if (!NT_SUCCESS(Status))
Privilege = 0;
Status = SeCaptureLuidAndAttributesArray (RequiredPrivileges->Privilege,
PrivilegeCount,
- 1,
+ UserMode,
+ NULL,
0,
- 0,
- 1,
+ PagedPool,
1,
&Privilege,
&Length);
}
+/*
+ * @implemented
+ */
BOOLEAN STDCALL
SePrivilegeCheck (PPRIVILEGE_SET Privileges,
PSECURITY_SUBJECT_CONTEXT SubjectContext,
{
PACCESS_TOKEN Token = NULL;
+ PAGED_CODE();
+
if (SubjectContext->ClientToken == NULL)
{
Token = SubjectContext->PrimaryToken;
}
+/*
+ * @implemented
+ */
BOOLEAN STDCALL
SeSinglePrivilegeCheck (IN LUID PrivilegeValue,
IN KPROCESSOR_MODE PreviousMode)
PRIVILEGE_SET Priv;
BOOLEAN Result;
+ PAGED_CODE();
+
SeCaptureSubjectContext (&SubjectContext);
Priv.PrivilegeCount = 1;