#include <ntoskrnl.h>
#include <internal/debug.h>
+#if defined (ALLOC_PRAGMA)
+#pragma alloc_text(INIT, SepInitSDs)
+#endif
+
+
/* GLOBALS ******************************************************************/
PSECURITY_DESCRIPTOR SePublicDefaultSd = NULL;
/* FUNCTIONS ***************************************************************/
-BOOLEAN INIT_FUNCTION
+BOOLEAN
+INIT_FUNCTION
+NTAPI
SepInitSDs(VOID)
{
/* Create PublicDefaultSd */
- SePublicDefaultSd = ExAllocatePool(NonPagedPool,
- sizeof(SECURITY_DESCRIPTOR));
+ SePublicDefaultSd = ExAllocatePoolWithTag(PagedPool,
+ sizeof(SECURITY_DESCRIPTOR), TAG_SD);
if (SePublicDefaultSd == NULL)
return FALSE;
FALSE);
/* Create PublicDefaultUnrestrictedSd */
- SePublicDefaultUnrestrictedSd = ExAllocatePool(NonPagedPool,
- sizeof(SECURITY_DESCRIPTOR));
+ SePublicDefaultUnrestrictedSd = ExAllocatePoolWithTag(PagedPool,
+ sizeof(SECURITY_DESCRIPTOR), TAG_SD);
if (SePublicDefaultUnrestrictedSd == NULL)
return FALSE;
FALSE);
/* Create PublicOpenSd */
- SePublicOpenSd = ExAllocatePool(NonPagedPool,
- sizeof(SECURITY_DESCRIPTOR));
+ SePublicOpenSd = ExAllocatePoolWithTag(PagedPool,
+ sizeof(SECURITY_DESCRIPTOR), TAG_SD);
if (SePublicOpenSd == NULL)
return FALSE;
FALSE);
/* Create PublicOpenUnrestrictedSd */
- SePublicOpenUnrestrictedSd = ExAllocatePool(NonPagedPool,
- sizeof(SECURITY_DESCRIPTOR));
+ SePublicOpenUnrestrictedSd = ExAllocatePoolWithTag(PagedPool,
+ sizeof(SECURITY_DESCRIPTOR), TAG_SD);
if (SePublicOpenUnrestrictedSd == NULL)
return FALSE;
FALSE);
/* Create SystemDefaultSd */
- SeSystemDefaultSd = ExAllocatePool(NonPagedPool,
- sizeof(SECURITY_DESCRIPTOR));
+ SeSystemDefaultSd = ExAllocatePoolWithTag(PagedPool,
+ sizeof(SECURITY_DESCRIPTOR), TAG_SD);
if (SeSystemDefaultSd == NULL)
return FALSE;
FALSE);
/* Create UnrestrictedSd */
- SeUnrestrictedSd = ExAllocatePool(NonPagedPool,
- sizeof(SECURITY_DESCRIPTOR));
+ SeUnrestrictedSd = ExAllocatePoolWithTag(PagedPool,
+ sizeof(SECURITY_DESCRIPTOR), TAG_SD);
if (SeUnrestrictedSd == NULL)
return FALSE;
NTSTATUS
STDCALL
SeSetWorldSecurityDescriptor(SECURITY_INFORMATION SecurityInformation,
- PSECURITY_DESCRIPTOR SecurityDescriptor,
+ PISECURITY_DESCRIPTOR SecurityDescriptor,
PULONG BufferLength)
{
ULONG_PTR Current;
NTSTATUS
+NTAPI
SepCaptureSecurityQualityOfService(IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
IN KPROCESSOR_MODE AccessMode,
IN POOL_TYPE PoolType,
VOID
+NTAPI
SepReleaseSecurityQualityOfService(IN PSECURITY_QUALITY_OF_SERVICE CapturedSecurityQualityOfService OPTIONAL,
IN KPROCESSOR_MODE AccessMode,
IN BOOLEAN CaptureIfKernel)
PAGED_CODE();
if(CapturedSecurityQualityOfService != NULL &&
- (AccessMode == UserMode ||
+ (AccessMode != KernelMode ||
(AccessMode == KernelMode && CaptureIfKernel)))
{
ExFreePool(CapturedSecurityQualityOfService);
NTSTATUS
STDCALL
SeCaptureSecurityDescriptor(
- IN PSECURITY_DESCRIPTOR OriginalSecurityDescriptor,
+ IN PSECURITY_DESCRIPTOR _OriginalSecurityDescriptor,
IN KPROCESSOR_MODE CurrentMode,
IN POOL_TYPE PoolType,
IN BOOLEAN CaptureIfKernel,
OUT PSECURITY_DESCRIPTOR *CapturedSecurityDescriptor
)
{
+ PISECURITY_DESCRIPTOR OriginalSecurityDescriptor = _OriginalSecurityDescriptor;
SECURITY_DESCRIPTOR DescriptorCopy;
- PSECURITY_DESCRIPTOR NewDescriptor;
+ PISECURITY_DESCRIPTOR NewDescriptor;
ULONG OwnerSAC = 0, GroupSAC = 0;
ULONG OwnerSize = 0, GroupSize = 0;
ULONG SaclSize = 0, DaclSize = 0;
sizeof(ULONG));
if(DescriptorCopy.Control & SE_SELF_RELATIVE)
{
- PSECURITY_DESCRIPTOR_RELATIVE RelSD = (PSECURITY_DESCRIPTOR_RELATIVE)OriginalSecurityDescriptor;
+ PISECURITY_DESCRIPTOR_RELATIVE RelSD = (PISECURITY_DESCRIPTOR_RELATIVE)OriginalSecurityDescriptor;
DescriptorCopy.Owner = (PSID)RelSD->Owner;
DescriptorCopy.Group = (PSID)RelSD->Group;
sizeof(SECURITY_DESCRIPTOR_RELATIVE) : sizeof(SECURITY_DESCRIPTOR));
if(DescriptorCopy.Control & SE_SELF_RELATIVE)
{
- PSECURITY_DESCRIPTOR_RELATIVE RelSD = (PSECURITY_DESCRIPTOR_RELATIVE)OriginalSecurityDescriptor;
+ PISECURITY_DESCRIPTOR_RELATIVE RelSD = (PISECURITY_DESCRIPTOR_RELATIVE)OriginalSecurityDescriptor;
DescriptorCopy.Owner = (PSID)RelSD->Owner;
DescriptorCopy.Group = (PSID)RelSD->Group;
{
ULONG_PTR Offset = sizeof(SECURITY_DESCRIPTOR);
+ RtlZeroMemory(NewDescriptor, DescriptorSize);
NewDescriptor->Revision = DescriptorCopy.Revision;
NewDescriptor->Sbz1 = DescriptorCopy.Sbz1;
NewDescriptor->Control = DescriptorCopy.Control | SE_SELF_RELATIVE;
IN OUT PULONG Length,
IN PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor OPTIONAL)
{
- PSECURITY_DESCRIPTOR ObjectSd;
- PSECURITY_DESCRIPTOR_RELATIVE RelSD;
+ PISECURITY_DESCRIPTOR ObjectSd;
+ PISECURITY_DESCRIPTOR_RELATIVE RelSD;
PSID Owner = NULL;
PSID Group = NULL;
PACL Dacl = NULL;
ULONG_PTR Current;
ULONG SdLength;
- RelSD = (PSECURITY_DESCRIPTOR_RELATIVE)SecurityDescriptor;
+ RelSD = (PISECURITY_DESCRIPTOR_RELATIVE)SecurityDescriptor;
if (*ObjectsSecurityDescriptor == NULL)
{
and CaptureIfKernelMode that you previously passed to
SeCaptureSecurityDescriptor() in order to avoid memory leaks! */
if(CapturedSecurityDescriptor != NULL &&
- (CurrentMode == UserMode ||
+ (CurrentMode != KernelMode ||
(CurrentMode == KernelMode && CaptureIfKernelMode)))
{
/* only delete the descriptor when SeCaptureSecurityDescriptor() allocated one! */
*/
BOOLEAN STDCALL
SeValidSecurityDescriptor(IN ULONG Length,
- IN PSECURITY_DESCRIPTOR SecurityDescriptor)
+ IN PSECURITY_DESCRIPTOR _SecurityDescriptor)
{
ULONG SdLength;
PISID Sid;
PACL Acl;
+ PISECURITY_DESCRIPTOR SecurityDescriptor = _SecurityDescriptor;
if (Length < SECURITY_DESCRIPTOR_MIN_LENGTH)
{