Some cleanup.
svn path=/trunk/; revision=2637
-/* $Id: rtl.h,v 1.59 2002/01/14 01:41:08 ekohl Exp $
+/* $Id: rtl.h,v 1.60 2002/02/20 20:09:52 ekohl Exp $
*
*/
PSECURITY_DESCRIPTOR SecurityDescriptor
);
+BOOLEAN STDCALL
+RtlValidSid(IN PSID Sid);
+
NTSTATUS
STDCALL
RtlWriteRegistryValue (
#ifndef _INCLUDE_DDK_SEFUNCS_H
#define _INCLUDE_DDK_SEFUNCS_H
-/* $Id: sefuncs.h,v 1.14 2001/07/06 21:32:43 ekohl Exp $ */
-
-BOOLEAN STDCALL SeAccessCheck (IN PSECURITY_DESCRIPTOR SecurityDescriptor,
- IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext,
- IN BOOLEAN SubjectContextLocked,
- IN ACCESS_MASK DesiredAccess,
- IN ACCESS_MASK PreviouslyGrantedAccess,
- OUT PPRIVILEGE_SET* Privileges,
- IN PGENERIC_MAPPING GenericMapping,
- IN KPROCESSOR_MODE AccessMode,
- OUT PACCESS_MODE GrantedAccess,
- OUT PNTSTATUS AccessStatus);
-NTSTATUS STDCALL SeAssignSecurity (PSECURITY_DESCRIPTOR ParentDescriptor,
- PSECURITY_DESCRIPTOR ExplicitDescriptor,
- PSECURITY_DESCRIPTOR* NewDescriptor,
- BOOLEAN IsDirectoryObject,
- PSECURITY_SUBJECT_CONTEXT SubjectContext,
- PGENERIC_MAPPING GenericMapping,
- POOL_TYPE PoolType);
-NTSTATUS STDCALL SeDeassignSecurity (PSECURITY_DESCRIPTOR* SecurityDescriptor);
-BOOLEAN STDCALL SeSinglePrivilegeCheck (LUID PrivilegeValue, KPROCESSOR_MODE PreviousMode);
-VOID STDCALL SeImpersonateClient(PSE_SOME_STRUCT2 a,
- struct _ETHREAD* Thread);
-
-NTSTATUS STDCALL SeCreateClientSecurity(struct _ETHREAD* Thread,
- PSECURITY_QUALITY_OF_SERVICE Qos,
- ULONG e,
- PSE_SOME_STRUCT2 f);
-NTSTATUS SeExchangePrimaryToken(struct _EPROCESS* Process,
- PACCESS_TOKEN NewToken,
- PACCESS_TOKEN* OldTokenP);
-VOID STDCALL SeReleaseSubjectContext (PSECURITY_SUBJECT_CONTEXT SubjectContext);
-VOID STDCALL SeCaptureSubjectContext (PSECURITY_SUBJECT_CONTEXT SubjectContext);
-NTSTATUS SeCaptureLuidAndAttributesArray(PLUID_AND_ATTRIBUTES Src,
- ULONG PrivilegeCount,
- KPROCESSOR_MODE PreviousMode,
- PLUID_AND_ATTRIBUTES AllocatedMem,
- ULONG AllocatedLength,
- POOL_TYPE PoolType,
- ULONG d,
- PLUID_AND_ATTRIBUTES* Dest,
- PULONG Length);
+/* $Id: sefuncs.h,v 1.15 2002/02/20 20:09:52 ekohl Exp $ */
+BOOLEAN STDCALL
+SeAccessCheck(IN PSECURITY_DESCRIPTOR SecurityDescriptor,
+ IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext,
+ IN BOOLEAN SubjectContextLocked,
+ IN ACCESS_MASK DesiredAccess,
+ IN ACCESS_MASK PreviouslyGrantedAccess,
+ OUT PPRIVILEGE_SET* Privileges,
+ IN PGENERIC_MAPPING GenericMapping,
+ IN KPROCESSOR_MODE AccessMode,
+ OUT PACCESS_MODE GrantedAccess,
+ OUT PNTSTATUS AccessStatus);
+
+NTSTATUS STDCALL
+SeAssignSecurity(PSECURITY_DESCRIPTOR ParentDescriptor,
+ PSECURITY_DESCRIPTOR ExplicitDescriptor,
+ PSECURITY_DESCRIPTOR* NewDescriptor,
+ BOOLEAN IsDirectoryObject,
+ PSECURITY_SUBJECT_CONTEXT SubjectContext,
+ PGENERIC_MAPPING GenericMapping,
+ POOL_TYPE PoolType);
+
+VOID STDCALL
+SeCaptureSubjectContext(OUT PSECURITY_SUBJECT_CONTEXT SubjectContext);
+
+NTSTATUS STDCALL
+SeCreateClientSecurity(IN struct _ETHREAD *Thread,
+ IN PSECURITY_QUALITY_OF_SERVICE Qos,
+ IN BOOLEAN RemoteClient,
+ OUT PSECURITY_CLIENT_CONTEXT ClientContext);
+
+NTSTATUS STDCALL
+SeDeassignSecurity(PSECURITY_DESCRIPTOR* SecurityDescriptor);
+
+VOID STDCALL
+SeImpersonateClient(IN PSECURITY_CLIENT_CONTEXT ClientContext,
+ IN struct _ETHREAD *ServerThread OPTIONAL);
+
+VOID STDCALL
+SeReleaseSubjectContext(IN PSECURITY_SUBJECT_CONTEXT SubjectContext);
+
+BOOLEAN STDCALL
+SeSinglePrivilegeCheck(LUID PrivilegeValue,
+ KPROCESSOR_MODE PreviousMode);
+
+TOKEN_TYPE STDCALL
+SeTokenType(IN PACCESS_TOKEN Token);
#endif /* ndef _INCLUDE_DDK_SEFUNCS_H */
-/* $Id: setypes.h,v 1.5 2000/06/29 23:35:12 dwelch Exp $
+/* $Id: setypes.h,v 1.6 2002/02/20 20:09:52 ekohl Exp $
*
* COPYRIGHT: See COPYING in the top level directory for details
* PROJECT: ReactOS kernel
#include <ntos/security.h>
-/* SID */
-#define SECURITY_NULL_RID (0L)
-#define SECURITY_WORLD_RID (0L)
-#define SECURITY_LOCAL_RID (0L)
-#define SECURITY_CREATOR_OWNER_RID (0L)
-#define SECURITY_CREATOR_GROUP_RID (0x1L)
-#define SECURITY_DIALUP_RID (0x1L)
-#define SECURITY_NETWORK_RID (0x2L)
-#define SECURITY_BATCH_RID (0x3L)
-#define SECURITY_INTERACTIVE_RID (0x4L)
-#define SECURITY_LOGON_IDS_RID (0x5L)
-#define SECURITY_LOGON_IDS_RID_COUNT (0x3L)
-#define SECURITY_SERVICE_RID (0x6L)
-#define SECURITY_LOCAL_SYSTEM_RID (0x12L)
-#define SECURITY_BUILTIN_DOMAIN_RID (0x20L)
-#define DOMAIN_USER_RID_ADMIN (0x1f4L)
-#define DOMAIN_USER_RID_GUEST (0x1f5L)
-#define DOMAIN_GROUP_RID_ADMINS (0x200L)
-#define DOMAIN_GROUP_RID_USERS (0x201L)
-#define DOMAIN_ALIAS_RID_ADMINS (0x220L)
-#define DOMAIN_ALIAS_RID_USERS (0x221L)
-#define DOMAIN_ALIAS_RID_GUESTS (0x222L)
-#define DOMAIN_ALIAS_RID_POWER_USERS (0x223L)
-#define DOMAIN_ALIAS_RID_ACCOUNT_OPS (0x224L)
-#define DOMAIN_ALIAS_RID_SYSTEM_OPS (0x225L)
-#define DOMAIN_ALIAS_RID_PRINT_OPS (0x226L)
-#define DOMAIN_ALIAS_RID_BACKUP_OPS (0x227L)
-#define DOMAIN_ALIAS_RID_REPLICATOR (0x228L)
-
/* TOKEN_GROUPS structure */
#define SE_GROUP_MANDATORY (0x1L)
#define SE_GROUP_ENABLED_BY_DEFAULT (0x2L)
#define SE_PRIVILEGE_USED_FOR_ACCESS (0x80000000L)
#define PRIVILEGE_SET_ALL_NECESSARY (0x1)
-typedef struct _ACCESS_TOKEN
+typedef struct _ACCESS_TOKEN
{
- TOKEN_SOURCE TokenSource; // 0x00
- LUID TokenId; // 0x10
- LUID AuthenticationId; // 0x18
- LARGE_INTEGER ExpirationTime; // 0x20
- LUID ModifiedId; // 0x28
- ULONG UserAndGroupCount; // 0x30
- ULONG PrivilegeCount; // 0x34
- ULONG VariableLength; // 0x38
- ULONG DynamicCharged; // 0x3C
- ULONG DynamicAvailable; // 0x40
- ULONG DefaultOwnerIndex; // 0x44
- PSID_AND_ATTRIBUTES UserAndGroups; // 0x48
- PSID PrimaryGroup; // 0x4C
- PLUID_AND_ATTRIBUTES Privileges; // 0x50
- ULONG Unknown1; // 0x54
- PACL DefaultDacl; // 0x58
- TOKEN_TYPE TokenType; // 0x5C
- SECURITY_IMPERSONATION_LEVEL ImpersonationLevel; // 0x60
- UCHAR TokenFlags; // 0x64
- UCHAR TokenInUse; // 0x65
- UCHAR Unused[2]; // 0x66
- PVOID ProxyData; // 0x68
- PVOID AuditData; // 0x6c
- UCHAR VariablePart[0]; // 0x70
+ TOKEN_SOURCE TokenSource; // 0x00
+ LUID TokenId; // 0x10
+ LUID AuthenticationId; // 0x18
+ LARGE_INTEGER ExpirationTime; // 0x20
+ LUID ModifiedId; // 0x28
+ ULONG UserAndGroupCount; // 0x30
+ ULONG PrivilegeCount; // 0x34
+ ULONG VariableLength; // 0x38
+ ULONG DynamicCharged; // 0x3C
+ ULONG DynamicAvailable; // 0x40
+ ULONG DefaultOwnerIndex; // 0x44
+ PSID_AND_ATTRIBUTES UserAndGroups; // 0x48
+ PSID PrimaryGroup; // 0x4C
+ PLUID_AND_ATTRIBUTES Privileges; // 0x50
+ ULONG Unknown1; // 0x54
+ PACL DefaultDacl; // 0x58
+ TOKEN_TYPE TokenType; // 0x5C
+ SECURITY_IMPERSONATION_LEVEL ImpersonationLevel; // 0x60
+ UCHAR TokenFlags; // 0x64
+ UCHAR TokenInUse; // 0x65
+ UCHAR Unused[2]; // 0x66
+ PVOID ProxyData; // 0x68
+ PVOID AuditData; // 0x6c
+ UCHAR VariablePart[0]; // 0x70
} ACCESS_TOKEN, *PACCESS_TOKEN;
typedef struct _SECURITY_SUBJECT_CONTEXT
{
- PACCESS_TOKEN ClientToken; // 0x0
- SECURITY_IMPERSONATION_LEVEL ImpersonationLevel; // 0x4
- PACCESS_TOKEN PrimaryToken; // 0x8
- PVOID ProcessAuditId; // 0xC
+ PACCESS_TOKEN ClientToken; // 0x0
+ SECURITY_IMPERSONATION_LEVEL ImpersonationLevel; // 0x4
+ PACCESS_TOKEN PrimaryToken; // 0x8
+ PVOID ProcessAuditId; // 0xC
} SECURITY_SUBJECT_CONTEXT, *PSECURITY_SUBJECT_CONTEXT;
-BOOLEAN STDCALL RtlValidSid (PSID Sid);
-/*
- * from ntoskrnl/se/token.c:
- */
-extern struct _OBJECT_TYPE* SeTokenType;
-typedef struct
+typedef struct _SECURITY_CLIENT_CONTEXT
{
- ULONG Unknown1; // 0x0
- SECURITY_IMPERSONATION_LEVEL Level; // 0x4
- UCHAR ContextTrackingMode; // 0x8
- UCHAR EffectiveOnly; // 0x9
- UCHAR Unknown5; // 0xa
- UCHAR Unknown6; // 0xb
- PACCESS_TOKEN Token; // 0xc
- UCHAR Unknown8; // 0x10
- UCHAR Unknown9; // 0x11
- UCHAR Unknown10; // 0x12
- UCHAR Pad[1]; // 0x13
- ULONG Unknown11; // 0x14
-} SE_SOME_STRUCT2, *PSE_SOME_STRUCT2;
+ SECURITY_QUALITY_OF_SERVICE SecurityQos; // 0x00
+ PACCESS_TOKEN Token; // 0x0C
+ BOOLEAN DirectlyAccessClientToken; // 0x10
+ BOOLEAN DirectAccessEffectiveOnly; // 0x11
+ BOOLEAN ServerIsRemote; // 0x12
+ TOKEN_CONTROL ClientTokenControl; // 0x14
+} SECURITY_CLIENT_CONTEXT, *PSECURITY_CLIENT_CONTEXT;
+typedef struct _SE_EXPORTS
+{
+ /* Privilege values */
+ LUID SeCreateTokenPrivilege;
+ LUID SeAssignPrimaryTokenPrivilege;
+ LUID SeLockMemoryPrivilege;
+ LUID SeIncreaseQuotaPrivilege;
+ LUID SeUnsolicitedInputPrivilege;
+ LUID SeTcbPrivilege;
+ LUID SeSecurityPrivilege;
+ LUID SeTakeOwnershipPrivilege;
+ LUID SeLoadDriverPrivilege;
+ LUID SeCreatePagefilePrivilege;
+ LUID SeIncreaseBasePriorityPrivilege;
+ LUID SeSystemProfilePrivilege;
+ LUID SeSystemtimePrivilege;
+ LUID SeProfileSingleProcessPrivilege;
+ LUID SeCreatePermanentPrivilege;
+ LUID SeBackupPrivilege;
+ LUID SeRestorePrivilege;
+ LUID SeShutdownPrivilege;
+ LUID SeDebugPrivilege;
+ LUID SeAuditPrivilege;
+ LUID SeSystemEnvironmentPrivilege;
+ LUID SeChangeNotifyPrivilege;
+ LUID SeRemoteShutdownPrivilege;
+
+ /* Universally defined SIDs */
+ PSID SeNullSid;
+ PSID SeWorldSid;
+ PSID SeLocalSid;
+ PSID SeCreatorOwnerSid;
+ PSID SeCreatorGroupSid;
+
+ /* Nt defined SIDs */
+ PSID SeNtAuthoritySid;
+ PSID SeDialupSid;
+ PSID SeNetworkSid;
+ PSID SeBatchSid;
+ PSID SeInteractiveSid;
+ PSID SeLocalSystemSid;
+ PSID SeAliasAdminsSid;
+ PSID SeAliasUsersSid;
+ PSID SeAliasGuestsSid;
+ PSID SeAliasPowerUsersSid;
+ PSID SeAliasAccountOpsSid;
+ PSID SeAliasSystemOpsSid;
+ PSID SeAliasPrintOpsSid;
+ PSID SeAliasBackupOpsSid;
+} SE_EXPORTS, *PSE_EXPORTS;
#endif
+
+/* EOF */
#include <ntos/ntdef.h>
#include <ntos/types.h>
+/* SID Auhority */
+#define SECURITY_NULL_SID_AUTHORITY {0,0,0,0,0,0}
+#define SECURITY_WORLD_SID_AUTHORITY {0,0,0,0,0,1}
+#define SECURITY_LOCAL_SID_AUTHORITY {0,0,0,0,0,2}
+#define SECURITY_CREATOR_SID_AUTHORITY {0,0,0,0,0,3}
+#define SECURITY_NON_UNIQUE_AUTHORITY {0,0,0,0,0,4}
+#define SECURITY_NT_AUTHORITY {0,0,0,0,0,5}
+
+/* SID */
+#define SECURITY_NULL_RID (0L)
+#define SECURITY_WORLD_RID (0L)
+#define SECURITY_LOCAL_RID (0L)
+#define SECURITY_CREATOR_OWNER_RID (0L)
+#define SECURITY_CREATOR_GROUP_RID (0x1L)
+#define SECURITY_CREATOR_OWNER_SERVER_RID (0x2L)
+#define SECURITY_CREATOR_GROUP_SERVER_RID (0x3L)
+#define SECURITY_DIALUP_RID (0x1L)
+#define SECURITY_NETWORK_RID (0x2L)
+#define SECURITY_BATCH_RID (0x3L)
+#define SECURITY_INTERACTIVE_RID (0x4L)
+#define SECURITY_LOGON_IDS_RID (0x5L)
+#define SECURITY_LOGON_IDS_RID_COUNT (0x3L)
+#define SECURITY_SERVICE_RID (0x6L)
+#define SECURITY_ANONYMOUS_LOGON_RID (0x7L)
+#define SECURITY_PROXY_RID (0x8L)
+#define SECURITY_ENTERPRISE_CONTROLLERS_RID (0x9L)
+#define SECURITY_SERVER_LOGON_RID SECURITY_ENTERPRISE_CONTROLLERS_RID
+#define SECURITY_PRINCIPAL_SELF_RID (0xAL)
+#define SECURITY_AUTHENTICATED_USER_RID (0xBL)
+#define SECURITY_RESTRICTED_CODE_RID (0xCL)
+#define SECURITY_LOCAL_SYSTEM_RID (0x12L)
+#define SECURITY_NT_NON_UNIQUE_RID (0x15L)
+#define SECURITY_BUILTIN_DOMAIN_RID (0x20L)
+#define DOMAIN_USER_RID_ADMIN (0x1F4L)
+#define DOMAIN_USER_RID_GUEST (0x1F5L)
+#define DOMAIN_GROUP_RID_ADMINS (0x200L)
+#define DOMAIN_GROUP_RID_USERS (0x201L)
+#define DOMAIN_ALIAS_RID_ADMINS (0x220L)
+#define DOMAIN_ALIAS_RID_USERS (0x221L)
+#define DOMAIN_ALIAS_RID_GUESTS (0x222L)
+#define DOMAIN_ALIAS_RID_POWER_USERS (0x223L)
+#define DOMAIN_ALIAS_RID_ACCOUNT_OPS (0x224L)
+#define DOMAIN_ALIAS_RID_SYSTEM_OPS (0x225L)
+#define DOMAIN_ALIAS_RID_PRINT_OPS (0x226L)
+#define DOMAIN_ALIAS_RID_BACKUP_OPS (0x227L)
+#define DOMAIN_ALIAS_RID_REPLICATOR (0x228L)
+
+/* Privileges */
+#define SE_MIN_WELL_KNOWN_PRIVILEGE (2L)
+#define SE_CREATE_TOKEN_PRIVILEGE (2L)
+#define SE_ASSIGNPRIMARYTOKEN_PRIVILEGE (3L)
+#define SE_LOCK_MEMORY_PRIVILEGE (4L)
+#define SE_INCREASE_QUOTA_PRIVILEGE (5L)
+#define SE_UNSOLICITED_INPUT_PRIVILEGE (6L) /* unused */
+#define SE_MACHINE_ACCOUNT_PRIVILEGE (6L)
+#define SE_TCB_PRIVILEGE (7L)
+#define SE_SECURITY_PRIVILEGE (8L)
+#define SE_TAKE_OWNERSHIP_PRIVILEGE (9L)
+#define SE_LOAD_DRIVER_PRIVILEGE (10L)
+#define SE_SYSTEM_PROFILE_PRIVILEGE (11L)
+#define SE_SYSTEMTIME_PRIVILEGE (12L)
+#define SE_PROF_SINGLE_PROCESS_PRIVILEGE (13L)
+#define SE_INC_BASE_PRIORITY_PRIVILEGE (14L)
+#define SE_CREATE_PAGEFILE_PRIVILEGE (15L)
+#define SE_CREATE_PERMANENT_PRIVILEGE (16L)
+#define SE_BACKUP_PRIVILEGE (17L)
+#define SE_RESTORE_PRIVILEGE (18L)
+#define SE_SHUTDOWN_PRIVILEGE (19L)
+#define SE_DEBUG_PRIVILEGE (20L)
+#define SE_AUDIT_PRIVILEGE (21L)
+#define SE_SYSTEM_ENVIRONMENT_PRIVILEGE (22L)
+#define SE_CHANGE_NOTIFY_PRIVILEGE (23L)
+#define SE_REMOTE_SHUTDOWN_PRIVILEGE (24L)
+#define SE_MAX_WELL_KNOWN_PRIVILEGE SE_REMOTE_SHUTDOWN_PRIVILEGE
+
#if 0
/* Security descriptor control. */
#define SECURITY_DESCRIPTOR_REVISION (1)
typedef ULONG SECURITY_INFORMATION, *PSECURITY_INFORMATION;
-typedef enum _TOKEN_INFORMATION_CLASS {
- TokenUser = 1,
- TokenGroups,
- TokenPrivileges,
- TokenOwner,
- TokenPrimaryGroup,
- TokenDefaultDacl,
- TokenSource,
- TokenType,
- TokenImpersonationLevel,
- TokenStatistics
-} TOKEN_INFORMATION_CLASS;
+typedef enum _TOKEN_INFORMATION_CLASS
+{
+ TokenUser = 1,
+ TokenGroups,
+ TokenPrivileges,
+ TokenOwner,
+ TokenPrimaryGroup,
+ TokenDefaultDacl,
+ TokenSource,
+ TokenType,
+ TokenImpersonationLevel,
+ TokenStatistics
+} TOKEN_INFORMATION_CLASS;
typedef ULONG SECURITY_IMPERSONATION_LEVEL, *PSECURITY_IMPERSONATION_LEVEL;
typedef ULONG ACCESS_MASK, *PACCESS_MASK;
typedef ULONG ACCESS_MODE, *PACCESS_MODE;
-typedef struct _SECURITY_QUALITY_OF_SERVICE {
- DWORD Length;
+typedef struct _SECURITY_QUALITY_OF_SERVICE
+{
+ ULONG Length;
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
SECURITY_CONTEXT_TRACKING_MODE ContextTrackingMode;
BOOLEAN EffectiveOnly;
typedef struct _ACE_HEADER
{
- CHAR AceType;
- CHAR AceFlags;
- USHORT AceSize;
- ACCESS_MASK AccessMask;
+ CHAR AceType;
+ CHAR AceFlags;
+ USHORT AceSize;
+ ACCESS_MASK AccessMask;
} ACE_HEADER, *PACE_HEADER;
typedef struct
{
- ACE_HEADER Header;
+ ACE_HEADER Header;
} ACE, *PACE;
typedef struct _SID_IDENTIFIER_AUTHORITY
{
- BYTE Value[6];
+ BYTE Value[6];
} SID_IDENTIFIER_AUTHORITY, *PSID_IDENTIFIER_AUTHORITY;
-#define SECURITY_WORLD_SID_AUTHORITY {0,0,0,0,0,1}
-
typedef struct _SID
{
- UCHAR Revision;
- UCHAR SubAuthorityCount;
- SID_IDENTIFIER_AUTHORITY IdentifierAuthority;
- ULONG SubAuthority[1];
+ UCHAR Revision;
+ UCHAR SubAuthorityCount;
+ SID_IDENTIFIER_AUTHORITY IdentifierAuthority;
+ ULONG SubAuthority[1];
} SID, *PSID;
-typedef struct _ACL {
- UCHAR AclRevision;
- UCHAR Sbz1;
- USHORT AclSize;
- USHORT AceCount;
- USHORT Sbz2;
-} ACL, *PACL;
+typedef struct _ACL
+{
+ UCHAR AclRevision;
+ UCHAR Sbz1;
+ USHORT AclSize;
+ USHORT AceCount;
+ USHORT Sbz2;
+} ACL, *PACL;
typedef USHORT SECURITY_DESCRIPTOR_CONTROL, *PSECURITY_DESCRIPTOR_CONTROL;
typedef LARGE_INTEGER LUID, *PLUID;
-typedef struct _SECURITY_DESCRIPTOR {
+typedef struct _SECURITY_DESCRIPTOR
+{
UCHAR Revision;
UCHAR Sbz1;
SECURITY_DESCRIPTOR_CONTROL Control;
PACL Dacl;
} SECURITY_DESCRIPTOR, *PSECURITY_DESCRIPTOR;
-typedef struct _LUID_AND_ATTRIBUTES
-{
- LUID Luid;
- DWORD Attributes;
+typedef struct _LUID_AND_ATTRIBUTES
+{
+ LUID Luid;
+ DWORD Attributes;
} LUID_AND_ATTRIBUTES, *PLUID_AND_ATTRIBUTES;
-typedef struct _TOKEN_SOURCE {
- CHAR SourceName[8];
- LUID SourceIdentifier;
-} TOKEN_SOURCE, *PTOKEN_SOURCE;
+typedef struct _TOKEN_SOURCE
+{
+ CHAR SourceName[8];
+ LUID SourceIdentifier;
+} TOKEN_SOURCE, *PTOKEN_SOURCE;
+
+typedef struct _TOKEN_CONTROL
+{
+ LUID TokenId;
+ LUID AuthenticationId;
+ LUID ModifiedId;
+ TOKEN_SOURCE TokenSource;
+} TOKEN_CONTROL, *PTOKEN_CONTROL;
-typedef struct _SID_AND_ATTRIBUTES {
- PSID Sid;
- DWORD Attributes;
+typedef struct _SID_AND_ATTRIBUTES
+{
+ PSID Sid;
+ DWORD Attributes;
} SID_AND_ATTRIBUTES, *PSID_AND_ATTRIBUTES;
-
+
typedef SID_AND_ATTRIBUTES SID_AND_ATTRIBUTES_ARRAY[ANYSIZE_ARRAY];
typedef SID_AND_ATTRIBUTES_ARRAY *PSID_AND_ATTRIBUTES_ARRAY;
-typedef struct _TOKEN_USER {
- SID_AND_ATTRIBUTES User;
-} TOKEN_USER, *PTOKEN_USER;
+typedef struct _TOKEN_USER
+{
+ SID_AND_ATTRIBUTES User;
+} TOKEN_USER, *PTOKEN_USER;
-typedef struct _TOKEN_PRIMARY_GROUP {
- PSID PrimaryGroup;
-} TOKEN_PRIMARY_GROUP, *PTOKEN_PRIMARY_GROUP;
+typedef struct _TOKEN_PRIMARY_GROUP
+{
+ PSID PrimaryGroup;
+} TOKEN_PRIMARY_GROUP, *PTOKEN_PRIMARY_GROUP;
-typedef struct _TOKEN_GROUPS {
- DWORD GroupCount;
- SID_AND_ATTRIBUTES Groups[ANYSIZE_ARRAY];
-} TOKEN_GROUPS, *PTOKEN_GROUPS, *LPTOKEN_GROUPS;
+typedef struct _TOKEN_GROUPS
+{
+ DWORD GroupCount;
+ SID_AND_ATTRIBUTES Groups[ANYSIZE_ARRAY];
+} TOKEN_GROUPS, *PTOKEN_GROUPS, *LPTOKEN_GROUPS;
-typedef struct _TOKEN_PRIVILEGES {
- DWORD PrivilegeCount;
- LUID_AND_ATTRIBUTES Privileges[ANYSIZE_ARRAY];
-} TOKEN_PRIVILEGES, *PTOKEN_PRIVILEGES, *LPTOKEN_PRIVILEGES;
+typedef struct _TOKEN_PRIVILEGES
+{
+ DWORD PrivilegeCount;
+ LUID_AND_ATTRIBUTES Privileges[ANYSIZE_ARRAY];
+} TOKEN_PRIVILEGES, *PTOKEN_PRIVILEGES, *LPTOKEN_PRIVILEGES;
-typedef struct _TOKEN_OWNER {
- PSID Owner;
-} TOKEN_OWNER, *PTOKEN_OWNER;
+typedef struct _TOKEN_OWNER
+{
+ PSID Owner;
+} TOKEN_OWNER, *PTOKEN_OWNER;
-typedef struct _TOKEN_DEFAULT_DACL {
- PACL DefaultDacl;
+typedef struct _TOKEN_DEFAULT_DACL
+{
+ PACL DefaultDacl;
} TOKEN_DEFAULT_DACL, *PTOKEN_DEFAULT_DACL;
-typedef struct _TOKEN_STATISTICS {
- LUID TokenId;
- LUID AuthenticationId;
- LARGE_INTEGER ExpirationTime;
- TOKEN_TYPE TokenType;
- SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
- DWORD DynamicCharged;
- DWORD DynamicAvailable;
- DWORD GroupCount;
- DWORD PrivilegeCount;
- LUID ModifiedId;
-} TOKEN_STATISTICS, *PTOKEN_STATISTICS;
-
-typedef struct _GENERIC_MAPPING {
+typedef struct _TOKEN_STATISTICS
+{
+ LUID TokenId;
+ LUID AuthenticationId;
+ LARGE_INTEGER ExpirationTime;
+ TOKEN_TYPE TokenType;
+ SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
+ DWORD DynamicCharged;
+ DWORD DynamicAvailable;
+ DWORD GroupCount;
+ DWORD PrivilegeCount;
+ LUID ModifiedId;
+} TOKEN_STATISTICS, *PTOKEN_STATISTICS;
+
+typedef struct _GENERIC_MAPPING
+{
ACCESS_MASK GenericRead;
ACCESS_MASK GenericWrite;
ACCESS_MASK GenericExecute;
ACCESS_MASK GenericAll;
} GENERIC_MAPPING, *PGENERIC_MAPPING;
-typedef struct _PRIVILEGE_SET {
+typedef struct _PRIVILEGE_SET
+{
DWORD PrivilegeCount;
DWORD Control;
LUID_AND_ATTRIBUTES Privilege[ANYSIZE_ARRAY];
} PRIVILEGE_SET, *PPRIVILEGE_SET, *LPPRIVILEGE_SET;
-typedef enum _ACL_INFORMATION_CLASS {
- AclRevisionInformation = 1,
- AclSizeInformation
-} ACL_INFORMATION_CLASS;
+typedef enum _ACL_INFORMATION_CLASS
+{
+ AclRevisionInformation = 1,
+ AclSizeInformation
+} ACL_INFORMATION_CLASS;
-typedef struct _SECURITY_ATTRIBUTES {
- DWORD nLength;
- LPVOID lpSecurityDescriptor;
- BOOL bInheritHandle;
-} SECURITY_ATTRIBUTES, *LPSECURITY_ATTRIBUTES;
+typedef struct _SECURITY_ATTRIBUTES
+{
+ DWORD nLength;
+ LPVOID lpSecurityDescriptor;
+ BOOL bInheritHandle;
+} SECURITY_ATTRIBUTES, *LPSECURITY_ATTRIBUTES;
#endif /* __INCLUDE_SECURITY_H */
--- /dev/null
+/*
+ * ReactOS kernel
+ * Copyright (C) 2002 ReactOS Team
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ */
+
+#ifndef __NTOSKRNL_INCLUDE_INTERNAL_SE_H
+#define __NTOSKRNL_INCLUDE_INTERNAL_SE_H
+
+
+extern POBJECT_TYPE SepTokenObjectType;
+
+/* SID Authorities */
+extern SID_IDENTIFIER_AUTHORITY SeNullSidAuthority;
+extern SID_IDENTIFIER_AUTHORITY SeWorldSidAuthority;
+extern SID_IDENTIFIER_AUTHORITY SeLocalSidAuthority;
+extern SID_IDENTIFIER_AUTHORITY SeCreatorSidAuthority;
+extern SID_IDENTIFIER_AUTHORITY SeNtSidAuthority;
+
+/* SIDs */
+extern PSID SeNullSid;
+extern PSID SeWorldSid;
+extern PSID SeLocalSid;
+extern PSID SeCreatorOwnerSid;
+extern PSID SeCreatorGroupSid;
+extern PSID SeCreatorOwnerServerSid;
+extern PSID SeCreatorGroupServerSid;
+extern PSID SeNtAuthoritySid;
+extern PSID SeDialupSid;
+extern PSID SeNetworkSid;
+extern PSID SeBatchSid;
+extern PSID SeInteractiveSid;
+extern PSID SeServiceSid;
+extern PSID SeAnonymousLogonSid;
+extern PSID SePrincipalSelfSid;
+extern PSID SeLocalSystemSid;
+extern PSID SeAuthenticatedUserSid;
+extern PSID SeRestrictedCodeSid;
+extern PSID SeAliasAdminsSid;
+extern PSID SeAliasUsersSid;
+extern PSID SeAliasGuestsSid;
+extern PSID SeAliasPowerUsersSid;
+extern PSID SeAliasAccountOpsSid;
+extern PSID SeAliasSystemOpsSid;
+extern PSID SeAliasPrintOpsSid;
+extern PSID SeAliasBackupOpsSid;
+
+/* Privileges */
+extern LUID SeCreateTokenPrivilege;
+extern LUID SeAssignPrimaryTokenPrivilege;
+extern LUID SeLockMemoryPrivilege;
+extern LUID SeIncreaseQuotaPrivilege;
+extern LUID SeUnsolicitedInputPrivilege;
+extern LUID SeTcbPrivilege;
+extern LUID SeSecurityPrivilege;
+extern LUID SeTakeOwnershipPrivilege;
+extern LUID SeLoadDriverPrivilege;
+extern LUID SeCreatePagefilePrivilege;
+extern LUID SeIncreaseBasePriorityPrivilege;
+extern LUID SeSystemProfilePrivilege;
+extern LUID SeSystemtimePrivilege;
+extern LUID SeProfileSingleProcessPrivilege;
+extern LUID SeCreatePermanentPrivilege;
+extern LUID SeBackupPrivilege;
+extern LUID SeRestorePrivilege;
+extern LUID SeShutdownPrivilege;
+extern LUID SeDebugPrivilege;
+extern LUID SeAuditPrivilege;
+extern LUID SeSystemEnvironmentPrivilege;
+extern LUID SeChangeNotifyPrivilege;
+extern LUID SeRemoteShutdownPrivilege;
+
+/* DACLs */
+extern PACL SePublicDefaultUnrestrictedDacl;
+extern PACL SePublicOpenDacl;
+extern PACL SePublicOpenUnrestrictedDacl;
+extern PACL SeUnrestrictedDacl;
+
+
+/* Functions */
+
+BOOLEAN SeInit1(VOID);
+BOOLEAN SeInit2(VOID);
+
+VOID SepInitLuid(VOID);
+VOID SepInitPrivileges(VOID);
+BOOLEAN SepInitSecurityIDs(VOID);
+BOOLEAN SepInitDACLs(VOID);
+BOOLEAN SepInitSDs(VOID);
+
+
+NTSTATUS SeExchangePrimaryToken(struct _EPROCESS* Process,
+ PACCESS_TOKEN NewToken,
+ PACCESS_TOKEN* OldTokenP);
+
+NTSTATUS SeCaptureLuidAndAttributesArray(PLUID_AND_ATTRIBUTES Src,
+ ULONG PrivilegeCount,
+ KPROCESSOR_MODE PreviousMode,
+ PLUID_AND_ATTRIBUTES AllocatedMem,
+ ULONG AllocatedLength,
+ POOL_TYPE PoolType,
+ ULONG d,
+ PLUID_AND_ATTRIBUTES* Dest,
+ PULONG Length);
+
+
+#endif /* __NTOSKRNL_INCLUDE_INTERNAL_SE_H */
+
+/* EOF */
\ No newline at end of file
* along with this program; if not, write to the Free Software
* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*/
-/* $Id: main.c,v 1.113 2002/02/08 02:57:06 chorns Exp $
+/* $Id: main.c,v 1.114 2002/02/20 20:14:22 ekohl Exp $
*
* PROJECT: ReactOS kernel
* FILE: ntoskrnl/ke/main.c
#include <internal/io.h>
#include <internal/po.h>
#include <internal/cc.h>
-//#include <internal/se.h>
+#include <internal/se.h>
#include <napi/shared_data.h>
#include <internal/v86m.h>
#include <internal/kd.h>
#include <internal/trap.h>
#include "../dbg/kdb.h"
#include <internal/registry.h>
+#include <reactos/bugcodes.h>
#ifdef HALDBG
#include <internal/ntosdbg.h>
KeLowerIrql(PASSIVE_LEVEL);
+ if (!SeInit1())
+ KeBugCheck(SECURITY_INITIALIZATION_FAILED);
+
ObInit();
PiInitProcessManager();
*/
InitSystemSharedUserPage ((PUCHAR)KeLoaderBlock.CommandLine);
+ if (!SeInit2())
+ KeBugCheck(SECURITY1_INITIALIZATION_FAILED);
+
/*
* Launch initial process
*/
-; $Id: ntoskrnl.def,v 1.127 2002/02/19 00:09:21 ekohl Exp $
+; $Id: ntoskrnl.def,v 1.128 2002/02/20 20:16:49 ekohl Exp $
;
; reactos/ntoskrnl/ntoskrnl.def
;
;KeI386Call16BitFunction
;KeI386FlatToGdtSelector
;KeI386GetLid
-;KeI386MachineType
+;KeI386MachineType DATA
;KeI386ReleaseGdtSelectors
;KeI386ReleaseLid
;KeI386SetGdtSelector
SeDeassignSecurity@4
;SeDeleteAccessState@4
;SeDeleteObjectAuditAlarm@8
-;SeExports DATA ???
+SeExports DATA
;SeFreePrivileges@4
SeImpersonateClient@8
;SeLockSubjectContext@4
;SeOpenObjectForDeleteAuditAlarm@36
SePrivilegeCheck@12
;SePrivilegeObjectAuditAlarm@24
-;SePublicDefaultDacl DATA
+SePublicDefaultDacl DATA
;SeQueryAuthenticationIdToken@8
;SeQuerySecurityDescriptorInfo@16
;SeRegisterLogonSessionTerminatedRoutine@4
;SeSetAccessStateGenericMapping@8
;SeSetSecurityDescriptorInfo@24
;SeSinglePrivilegeCheck@12
-;SeSystemDefaultDacl DATA
+SeSystemDefaultDacl DATA
;SeTokenImpersonationLevel@4
-SeTokenType DATA
+SeTokenType@4
;SeUnlockSubjectContext@4
;SeUnregisterLogonSessionTerminatedRoutine@4
;SeValidSecurityDescriptor@8
-; $Id: ntoskrnl.edf,v 1.113 2002/02/19 00:09:21 ekohl Exp $
+; $Id: ntoskrnl.edf,v 1.114 2002/02/20 20:16:49 ekohl Exp $
;
; reactos/ntoskrnl/ntoskrnl.def
;
;KeI386Call16BitFunction
;KeI386FlatToGdtSelector
;KeI386GetLid
-;KeI386MachineType
+;KeI386MachineType DATA
;KeI386ReleaseGdtSelectors
;KeI386ReleaseLid
;KeI386SetGdtSelector
SeDeassignSecurity=SeDeassignSecurity@4
;SeDeleteAccessState=SeDeleteAccessState@4
;SeDeleteObjectAuditAlarm=SeDeleteObjectAuditAlarm@8
-;SeExports DATA
+SeExports DATA
;SeFreePrivileges=SeFreePrivileges@4
SeImpersonateClient=SeImpersonateClient@8
;SeLockSubjectContext=SeLockSubjectContext@4
;SeOpenObjectForDeleteAuditAlarm=SeOpenObjectForDeleteAuditAlarm@36
SePrivilegeCheck=SePrivilegeCheck@12
;SePrivilegeObjectAuditAlarm=SePrivilegeObjectAuditAlarm@24
-;SePublicDefaultDacl DATA
+SePublicDefaultDacl DATA
;SeQueryAuthenticationIdToken=SeQueryAuthenticationIdToken@8
;SeQuerySecurityDescriptorInfo=SeQuerySecurityDescriptorInfo@16
;SeRegisterLogonSessionTerminatedRoutine=SeRegisterLogonSessionTerminatedRoutine@4
;SeSetAccessStateGenericMapping=SeSetAccessStateGenericMapping@8
;SeSetSecurityDescriptorInfo=SeSetSecurityDescriptorInfo@24
;SeSinglePrivilegeCheck=SeSinglePrivilegeCheck@12
-;SeSystemDefaultDacl DATA
+SeSystemDefaultDacl DATA
;SeTokenImpersonationLevel=SeTokenImpersonationLevel@4
-SeTokenType DATA
+SeTokenType=SeTokenType@4
;SeUnlockSubjectContext=SeUnlockSubjectContext@4
;SeUnregisterLogonSessionTerminatedRoutine=SeUnregisterLogonSessionTerminatedRoutine@4
;SeValidSecurityDescriptor=SeValidSecurityDescriptor@8
-/* $Id: create.c,v 1.44 2002/02/15 14:47:55 ekohl Exp $
+/* $Id: create.c,v 1.45 2002/02/20 20:15:07 ekohl Exp $
*
* COPYRIGHT: See COPYING in the top level directory
* PROJECT: ReactOS kernel
#include <internal/ke.h>
#include <internal/ob.h>
#include <internal/ps.h>
-#include <internal/ob.h>
+#include <internal/se.h>
#include <internal/id.h>
#include <internal/dbg.h>
{
Status = ObReferenceObjectByHandle(TokenHandle,
0,
- SeTokenType,
+ SepTokenObjectType,
UserMode,
(PVOID*)&Token,
NULL);
Thread->ImpersonationInfo->Token = Token;
ObReferenceObjectByPointer(Token,
0,
- SeTokenType,
+ SepTokenObjectType,
KernelMode);
Thread->ActiveImpersonationInfo = 1;
}
return(Token);
}
-NTSTATUS STDCALL
-NtImpersonateThread (IN HANDLE ThreadHandle,
- IN HANDLE ThreadToImpersonateHandle,
- IN PSECURITY_QUALITY_OF_SERVICE
- SecurityQualityOfService)
+NTSTATUS STDCALL
+NtImpersonateThread(IN HANDLE ThreadHandle,
+ IN HANDLE ThreadToImpersonateHandle,
+ IN PSECURITY_QUALITY_OF_SERVICE SecurityQualityOfService)
{
PETHREAD Thread;
PETHREAD ThreadToImpersonate;
NTSTATUS Status;
- SE_SOME_STRUCT2 b;
+ SECURITY_CLIENT_CONTEXT ClientContext;
Status = ObReferenceObjectByHandle(ThreadHandle,
0,
Status = SeCreateClientSecurity(ThreadToImpersonate,
SecurityQualityOfService,
0,
- &b);
+ &ClientContext);
if (!NT_SUCCESS(Status))
{
ObDereferenceObject(Thread);
return(Status);
}
- SeImpersonateClient(&b, Thread);
- if (b.Token != NULL)
+ SeImpersonateClient(&ClientContext, Thread);
+ if (ClientContext.Token != NULL)
{
- ObDereferenceObject(b.Token);
+ ObDereferenceObject(ClientContext.Token);
}
return(STATUS_SUCCESS);
}
-NTSTATUS STDCALL
+NTSTATUS STDCALL
NtOpenThreadToken(IN HANDLE ThreadHandle,
IN ACCESS_MASK DesiredAccess,
IN BOOLEAN OpenAsSelf,
*Unknown2 = Thread->ImpersonationInfo->Unknown2;
ObReferenceObjectByPointer(Thread->ImpersonationInfo->Token,
TOKEN_ALL_ACCESS,
- SeTokenType,
+ SepTokenObjectType,
KernelMode);
return(Thread->ImpersonationInfo->Token);
}
-/* $Id: process.c,v 1.77 2002/02/08 02:57:07 chorns Exp $
+/* $Id: process.c,v 1.78 2002/02/20 20:15:07 ekohl Exp $
*
* COPYRIGHT: See COPYING in the top level directory
* PROJECT: ReactOS kernel
#include <internal/mm.h>
#include <internal/ke.h>
#include <internal/ps.h>
+#include <internal/se.h>
#include <internal/id.h>
#include <napi/teb.h>
#include <internal/ldr.h>
{
ObReferenceObjectByPointer(Process->Token,
TOKEN_ALL_ACCESS,
- SeTokenType,
+ SepTokenObjectType,
UserMode);
return(Process->Token);
}
Status = ObReferenceObjectByHandle(TokenHandle,
0,
- SeTokenType,
+ SepTokenObjectType,
UserMode,
(PVOID*)&Token,
NULL);
-/* $Id: acl.c,v 1.4 2000/04/05 15:52:23 ekohl Exp $
+/* $Id: acl.c,v 1.5 2002/02/20 20:15:38 ekohl Exp $
*
* COPYRIGHT: See COPYING in the top level directory
* PROJECT: ReactOS kernel
/* INCLUDES *****************************************************************/
#include <ddk/ntddk.h>
+#include <internal/se.h>
#include <internal/debug.h>
-/* FUNCTIONS ***************************************************************/
+#define TAG_ACL TAG('A', 'C', 'L', 'T')
+
+
+/* GLOBALS ******************************************************************/
+
+PACL EXPORTED SePublicDefaultDacl = NULL;
+PACL EXPORTED SeSystemDefaultDacl = NULL;
+
+PACL SePublicDefaultUnrestrictedDacl = NULL;
+PACL SePublicOpenDacl = NULL;
+PACL SePublicOpenUnrestrictedDacl = NULL;
+PACL SeUnrestrictedDacl = NULL;
+
+
+/* FUNCTIONS ****************************************************************/
+
+BOOLEAN
+SepInitDACLs(VOID)
+{
+ ULONG AclLength2;
+ ULONG AclLength3;
+ ULONG AclLength4;
+
+ AclLength2 = sizeof(ACL) +
+ 2 * (RtlLengthRequiredSid(1) + sizeof(ACE_HEADER));
+ AclLength3 = sizeof(ACL) +
+ 3 * (RtlLengthRequiredSid(1) + sizeof(ACE_HEADER));
+ AclLength4 = sizeof(ACL) +
+ 4 * (RtlLengthRequiredSid(1) + sizeof(ACE_HEADER));
+
+ /* create PublicDefaultDacl */
+ SePublicDefaultDacl = ExAllocatePoolWithTag(NonPagedPool,
+ AclLength2,
+ TAG_ACL);
+ if (SePublicDefaultDacl == NULL)
+ return(FALSE);
+
+ RtlCreateAcl(SePublicDefaultDacl,
+ AclLength2,
+ 2);
+
+ RtlAddAccessAllowedAce(SePublicDefaultDacl,
+ 2,
+ GENERIC_EXECUTE,
+ SeWorldSid);
+
+ RtlAddAccessAllowedAce(SePublicDefaultDacl,
+ 2,
+ GENERIC_ALL,
+ SeLocalSystemSid);
+
+
+ /* create PublicDefaultUnrestrictedDacl */
+ SePublicDefaultUnrestrictedDacl = ExAllocatePoolWithTag(NonPagedPool,
+ AclLength4,
+ TAG_ACL);
+ if (SePublicDefaultUnrestrictedDacl == NULL)
+ return(FALSE);
+
+ RtlCreateAcl(SePublicDefaultUnrestrictedDacl,
+ AclLength4,
+ 2);
+
+ RtlAddAccessAllowedAce(SePublicDefaultUnrestrictedDacl,
+ 4,
+ GENERIC_EXECUTE,
+ SeWorldSid);
+
+ RtlAddAccessAllowedAce(SePublicDefaultUnrestrictedDacl,
+ 4,
+ GENERIC_ALL,
+ SeLocalSystemSid);
+
+ RtlAddAccessAllowedAce(SePublicDefaultUnrestrictedDacl,
+ 4,
+ GENERIC_ALL,
+ SeAliasAdminsSid);
+
+ RtlAddAccessAllowedAce(SePublicDefaultUnrestrictedDacl,
+ 4,
+ GENERIC_READ | GENERIC_EXECUTE | STANDARD_RIGHTS_READ,
+ SeRestrictedCodeSid);
+
+ /* create PublicOpenDacl */
+ SePublicOpenDacl = ExAllocatePoolWithTag(NonPagedPool,
+ AclLength3,
+ TAG_ACL);
+ if (SePublicOpenDacl == NULL)
+ return(FALSE);
+
+ RtlCreateAcl(SePublicOpenDacl,
+ AclLength3,
+ 3);
+
+ RtlAddAccessAllowedAce(SePublicOpenDacl,
+ 2,
+ GENERIC_READ | GENERIC_WRITE | GENERIC_EXECUTE,
+ SeWorldSid);
+
+ RtlAddAccessAllowedAce(SePublicOpenDacl,
+ 2,
+ GENERIC_ALL,
+ SeLocalSystemSid);
+
+ RtlAddAccessAllowedAce(SePublicOpenDacl,
+ 2,
+ GENERIC_ALL,
+ SeAliasAdminsSid);
+
+
+ return(TRUE);
+}
+
BOOLEAN
STDCALL
return(STATUS_SUCCESS);
}
-NTSTATUS
-STDCALL
+NTSTATUS STDCALL
RtlAddAccessAllowedAce(PACL Acl,
ULONG Revision,
ACCESS_MASK AccessMask,
return(RtlpAddKnownAce(Acl, Revision, AccessMask, Sid, 0));
}
-NTSTATUS
-STDCALL
+NTSTATUS STDCALL
RtlAddAce(PACL Acl,
ULONG AclRevision,
ULONG StartingIndex,
return(TRUE);
}
-NTSTATUS
-STDCALL
-RtlCreateAcl(PACL Acl, ULONG AclSize, ULONG AclRevision)
+
+NTSTATUS STDCALL
+RtlCreateAcl(PACL Acl,
+ ULONG AclSize,
+ ULONG AclRevision)
{
if (AclSize < 8)
{
-/* $Id: luid.c,v 1.3 1999/12/29 01:36:06 ekohl Exp $
+/* $Id: luid.c,v 1.4 2002/02/20 20:15:38 ekohl Exp $
*
* COPYRIGHT: See COPYING in the top level directory
* PROJECT: ReactOS kernel
/* FUNCTIONS *****************************************************************/
-NTSTATUS STDCALL NtAllocateLocallyUniqueId(OUT LUID* LocallyUniqueId)
+VOID
+SepInitLuid(VOID)
{
- KIRQL oldIrql;
- LUID ReturnedLuid;
-
- KeAcquireSpinLock(&LuidLock, &oldIrql);
- ReturnedLuid = Luid;
- Luid = RtlLargeIntegerAdd(Luid, LuidIncrement);
- KeReleaseSpinLock(&LuidLock, oldIrql);
- *LocallyUniqueId = ReturnedLuid;
- return(STATUS_SUCCESS);
+ KeInitializeSpinLock(&LuidLock);
+ Luid.QuadPart = 999; /* SYSTEM_LUID */
+ LuidIncrement.QuadPart = 1;
}
-VOID
-STDCALL
-RtlCopyLuid (
- PLUID LuidDest,
- PLUID LuidSrc
- )
+
+NTSTATUS STDCALL
+NtAllocateLocallyUniqueId(OUT LUID* LocallyUniqueId)
+{
+ KIRQL oldIrql;
+ LUID ReturnedLuid;
+
+ KeAcquireSpinLock(&LuidLock,
+ &oldIrql);
+ ReturnedLuid = Luid;
+ Luid = RtlLargeIntegerAdd(Luid,
+ LuidIncrement);
+ KeReleaseSpinLock(&LuidLock,
+ oldIrql);
+ *LocallyUniqueId = ReturnedLuid;
+
+ return(STATUS_SUCCESS);
+}
+
+
+VOID STDCALL
+RtlCopyLuid(IN PLUID LuidDest,
+ IN PLUID LuidSrc)
{
- LuidDest->QuadPart = LuidSrc->QuadPart;
+ LuidDest->QuadPart = LuidSrc->QuadPart;
}
-BOOLEAN
-STDCALL
-RtlEqualLuid (
- PLUID Luid1,
- PLUID Luid2
- )
+
+BOOLEAN STDCALL
+RtlEqualLuid(IN PLUID Luid1,
+ IN PLUID Luid2)
{
- return ((Luid1->QuadPart == Luid2->QuadPart) ? TRUE : FALSE);
+ return((Luid1->QuadPart == Luid2->QuadPart) ? TRUE : FALSE);
}
/* EOF */
-/* $Id: priv.c,v 1.1 2000/01/26 10:07:30 dwelch Exp $
+/* $Id: priv.c,v 1.2 2002/02/20 20:15:38 ekohl Exp $
*
* COPYRIGHT: See COPYING in the top level directory
* PROJECT: ReactOS kernel
/* INCLUDES *****************************************************************/
#include <ddk/ntddk.h>
+#include <internal/se.h>
#include <internal/debug.h>
+
+/* GLOBALS *******************************************************************/
+
+LUID SeCreateTokenPrivilege;
+LUID SeAssignPrimaryTokenPrivilege;
+LUID SeLockMemoryPrivilege;
+LUID SeIncreaseQuotaPrivilege;
+LUID SeUnsolicitedInputPrivilege;
+LUID SeTcbPrivilege;
+LUID SeSecurityPrivilege;
+LUID SeTakeOwnershipPrivilege;
+LUID SeLoadDriverPrivilege;
+LUID SeCreatePagefilePrivilege;
+LUID SeIncreaseBasePriorityPrivilege;
+LUID SeSystemProfilePrivilege;
+LUID SeSystemtimePrivilege;
+LUID SeProfileSingleProcessPrivilege;
+LUID SeCreatePermanentPrivilege;
+LUID SeBackupPrivilege;
+LUID SeRestorePrivilege;
+LUID SeShutdownPrivilege;
+LUID SeDebugPrivilege;
+LUID SeAuditPrivilege;
+LUID SeSystemEnvironmentPrivilege;
+LUID SeChangeNotifyPrivilege;
+LUID SeRemoteShutdownPrivilege;
+
+
/* FUNCTIONS ***************************************************************/
+VOID
+SepInitPrivileges(VOID)
+{
+ SeCreateTokenPrivilege.QuadPart = SE_CREATE_TOKEN_PRIVILEGE;
+ SeAssignPrimaryTokenPrivilege.QuadPart = SE_ASSIGNPRIMARYTOKEN_PRIVILEGE;
+ SeLockMemoryPrivilege.QuadPart = SE_LOCK_MEMORY_PRIVILEGE;
+ SeIncreaseQuotaPrivilege.QuadPart = SE_INCREASE_QUOTA_PRIVILEGE;
+ SeUnsolicitedInputPrivilege.QuadPart = SE_UNSOLICITED_INPUT_PRIVILEGE;
+ SeTcbPrivilege.QuadPart = SE_TCB_PRIVILEGE;
+ SeSecurityPrivilege.QuadPart = SE_SECURITY_PRIVILEGE;
+ SeTakeOwnershipPrivilege.QuadPart = SE_TAKE_OWNERSHIP_PRIVILEGE;
+ SeLoadDriverPrivilege.QuadPart = SE_LOAD_DRIVER_PRIVILEGE;
+ SeSystemProfilePrivilege.QuadPart = SE_SYSTEM_PROFILE_PRIVILEGE;
+ SeSystemtimePrivilege.QuadPart = SE_SYSTEMTIME_PRIVILEGE;
+ SeProfileSingleProcessPrivilege.QuadPart = SE_PROF_SINGLE_PROCESS_PRIVILEGE;
+ SeIncreaseBasePriorityPrivilege.QuadPart = SE_INC_BASE_PRIORITY_PRIVILEGE;
+ SeCreatePagefilePrivilege.QuadPart = SE_CREATE_PAGEFILE_PRIVILEGE;
+ SeCreatePermanentPrivilege.QuadPart = SE_CREATE_PERMANENT_PRIVILEGE;
+ SeBackupPrivilege.QuadPart = SE_BACKUP_PRIVILEGE;
+ SeRestorePrivilege.QuadPart = SE_RESTORE_PRIVILEGE;
+ SeShutdownPrivilege.QuadPart = SE_SHUTDOWN_PRIVILEGE;
+ SeDebugPrivilege.QuadPart = SE_DEBUG_PRIVILEGE;
+ SeAuditPrivilege.QuadPart = SE_AUDIT_PRIVILEGE;
+ SeSystemEnvironmentPrivilege.QuadPart = SE_SYSTEM_ENVIRONMENT_PRIVILEGE;
+ SeChangeNotifyPrivilege.QuadPart = SE_CHANGE_NOTIFY_PRIVILEGE;
+ SeRemoteShutdownPrivilege.QuadPart = SE_REMOTE_SHUTDOWN_PRIVILEGE;
+}
+
+
BOOLEAN SepPrivilegeCheck(PACCESS_TOKEN Token,
PLUID_AND_ATTRIBUTES Privileges,
ULONG PrivilegeCount,
memmove(*Dest, Src, SrcLength);
return(STATUS_SUCCESS);
}
-
-VOID SeReleaseLuidAndAttributesArray(PLUID_AND_ATTRIBUTES Privilege,
- KPROCESSOR_MODE PreviousMode,
- ULONG a)
+
+VOID
+SeReleaseLuidAndAttributesArray(PLUID_AND_ATTRIBUTES Privilege,
+ KPROCESSOR_MODE PreviousMode,
+ ULONG a)
{
ExFreePool(Privilege);
}
-NTSTATUS STDCALL NtPrivilegeCheck (IN HANDLE ClientToken,
- IN PPRIVILEGE_SET RequiredPrivileges,
- IN PBOOLEAN Result)
+NTSTATUS STDCALL
+NtPrivilegeCheck(IN HANDLE ClientToken,
+ IN PPRIVILEGE_SET RequiredPrivileges,
+ IN PBOOLEAN Result)
{
NTSTATUS Status;
PACCESS_TOKEN Token;
Status = ObReferenceObjectByHandle(ClientToken,
0,
- SeTokenType,
+ SepTokenObjectType,
UserMode,
(PVOID*)&Token,
NULL);
return(STATUS_SUCCESS);
}
-BOOLEAN STDCALL SePrivilegeCheck(PPRIVILEGE_SET Privileges,
- PSECURITY_SUBJECT_CONTEXT SubjectContext,
- KPROCESSOR_MODE PreviousMode)
+BOOLEAN STDCALL
+SePrivilegeCheck(PPRIVILEGE_SET Privileges,
+ PSECURITY_SUBJECT_CONTEXT SubjectContext,
+ KPROCESSOR_MODE PreviousMode)
{
PACCESS_TOKEN Token = NULL;
Privileges->Privilege,
Privileges->PrivilegeCount,
Privileges->Control,
- PreviousMode));
+ PreviousMode));
}
-BOOLEAN STDCALL SeSinglePrivilegeCheck(LUID PrivilegeValue,
- KPROCESSOR_MODE PreviousMode)
+BOOLEAN STDCALL
+SeSinglePrivilegeCheck(LUID PrivilegeValue,
+ KPROCESSOR_MODE PreviousMode)
{
SECURITY_SUBJECT_CONTEXT SubjectContext;
BOOLEAN r;
-/* $Id: sd.c,v 1.5 2001/12/05 01:40:25 dwelch Exp $
+/* $Id: sd.c,v 1.6 2002/02/20 20:15:38 ekohl Exp $
*
* COPYRIGHT: See COPYING in the top level directory
* PROJECT: ReactOS kernel
/* INCLUDES *****************************************************************/
#include <ddk/ntddk.h>
+#include <internal/se.h>
#include <internal/debug.h>
+
/* FUNCTIONS ***************************************************************/
+BOOLEAN
+SepInitSDs(VOID)
+{
+ return(TRUE);
+}
+
+
NTSTATUS STDCALL
RtlCreateSecurityDescriptor(PSECURITY_DESCRIPTOR SecurityDescriptor,
ULONG Revision)
-/* $Id: semgr.c,v 1.17 2000/09/03 14:53:13 ekohl Exp $
+/* $Id: semgr.c,v 1.18 2002/02/20 20:15:38 ekohl Exp $
*
* COPYRIGHT: See COPYING in the top level directory
* PROJECT: ReactOS kernel
#include <ddk/ntddk.h>
#include <internal/ps.h>
+#include <internal/se.h>
#include <internal/debug.h>
-/* FUNCTIONS ***************************************************************/
+#define TAG_SXPT TAG('S', 'X', 'P', 'T')
+
+
+/* GLOBALS ******************************************************************/
+
+PSE_EXPORTS EXPORTED SeExports = NULL;
+
+
+/* PROTOTYPES ***************************************************************/
+
+static BOOLEAN SepInitExports(VOID);
+
+/* FUNCTIONS ****************************************************************/
+
+
+BOOLEAN
+SeInit1(VOID)
+{
+ SepInitLuid();
+
+ if (!SepInitSecurityIDs())
+ return(FALSE);
+
+ if (!SepInitDACLs())
+ return(FALSE);
+
+ if (!SepInitSDs())
+ return(FALSE);
+
+ SepInitPrivileges();
+
+ if (!SepInitExports())
+ return(FALSE);
+
+ return(TRUE);
+}
+
+
+BOOLEAN
+SeInit2(VOID)
+{
+ return TRUE;
+}
+
+
+static BOOLEAN
+SepInitExports(VOID)
+{
+ SeExports = ExAllocatePoolWithTag(NonPagedPool,
+ sizeof(SE_EXPORTS),
+ TAG_SXPT);
+ if (SeExports == NULL)
+ return(FALSE);
+
+ SeExports->SeCreateTokenPrivilege = SeCreateTokenPrivilege;
+ SeExports->SeAssignPrimaryTokenPrivilege = SeAssignPrimaryTokenPrivilege;
+ SeExports->SeLockMemoryPrivilege = SeLockMemoryPrivilege;
+ SeExports->SeIncreaseQuotaPrivilege = SeIncreaseQuotaPrivilege;
+ SeExports->SeUnsolicitedInputPrivilege = SeUnsolicitedInputPrivilege;
+ SeExports->SeTcbPrivilege = SeTcbPrivilege;
+ SeExports->SeSecurityPrivilege = SeSecurityPrivilege;
+ SeExports->SeTakeOwnershipPrivilege = SeTakeOwnershipPrivilege;
+ SeExports->SeLoadDriverPrivilege = SeLoadDriverPrivilege;
+ SeExports->SeCreatePagefilePrivilege = SeCreatePagefilePrivilege;
+ SeExports->SeIncreaseBasePriorityPrivilege = SeIncreaseBasePriorityPrivilege;
+ SeExports->SeSystemProfilePrivilege = SeSystemProfilePrivilege;
+ SeExports->SeSystemtimePrivilege = SeSystemtimePrivilege;
+ SeExports->SeProfileSingleProcessPrivilege = SeProfileSingleProcessPrivilege;
+ SeExports->SeCreatePermanentPrivilege = SeCreatePermanentPrivilege;
+ SeExports->SeBackupPrivilege = SeBackupPrivilege;
+ SeExports->SeRestorePrivilege = SeRestorePrivilege;
+ SeExports->SeShutdownPrivilege = SeShutdownPrivilege;
+ SeExports->SeDebugPrivilege = SeDebugPrivilege;
+ SeExports->SeAuditPrivilege = SeAuditPrivilege;
+ SeExports->SeSystemEnvironmentPrivilege = SeSystemEnvironmentPrivilege;
+ SeExports->SeChangeNotifyPrivilege = SeChangeNotifyPrivilege;
+ SeExports->SeRemoteShutdownPrivilege = SeRemoteShutdownPrivilege;
+
+ SeExports->SeNullSid = SeNullSid;
+ SeExports->SeWorldSid = SeWorldSid;
+ SeExports->SeLocalSid = SeLocalSid;
+ SeExports->SeCreatorOwnerSid = SeCreatorOwnerSid;
+ SeExports->SeCreatorGroupSid = SeCreatorGroupSid;
+ SeExports->SeNtAuthoritySid = SeNtAuthoritySid;
+ SeExports->SeDialupSid = SeDialupSid;
+ SeExports->SeNetworkSid = SeNetworkSid;
+ SeExports->SeBatchSid = SeBatchSid;
+ SeExports->SeInteractiveSid = SeInteractiveSid;
+ SeExports->SeLocalSystemSid = SeLocalSystemSid;
+ SeExports->SeAliasAdminsSid = SeAliasAdminsSid;
+ SeExports->SeAliasUsersSid = SeAliasUsersSid;
+ SeExports->SeAliasGuestsSid = SeAliasGuestsSid;
+ SeExports->SeAliasPowerUsersSid = SeAliasPowerUsersSid;
+ SeExports->SeAliasAccountOpsSid = SeAliasAccountOpsSid;
+ SeExports->SeAliasSystemOpsSid = SeAliasSystemOpsSid;
+ SeExports->SeAliasPrintOpsSid = SeAliasPrintOpsSid;
+ SeExports->SeAliasBackupOpsSid = SeAliasBackupOpsSid;
+
+ return(TRUE);
+}
+
VOID SepReferenceLogonSession(PLUID AuthenticationId)
{
UNIMPLEMENTED;
}
-NTSTATUS STDCALL NtPrivilegedServiceAuditAlarm(
- IN PUNICODE_STRING SubsystemName,
- IN PUNICODE_STRING ServiceName,
- IN HANDLE ClientToken,
- IN PPRIVILEGE_SET Privileges,
- IN BOOLEAN AccessGranted)
+NTSTATUS STDCALL
+NtPrivilegedServiceAuditAlarm(IN PUNICODE_STRING SubsystemName,
+ IN PUNICODE_STRING ServiceName,
+ IN HANDLE ClientToken,
+ IN PPRIVILEGE_SET Privileges,
+ IN BOOLEAN AccessGranted)
{
- UNIMPLEMENTED;
+ UNIMPLEMENTED;
}
-NTSTATUS
-STDCALL
-NtPrivilegeObjectAuditAlarm (
- IN PUNICODE_STRING SubsystemName,
- IN PVOID HandleId,
- IN HANDLE ClientToken,
- IN ULONG DesiredAccess,
- IN PPRIVILEGE_SET Privileges,
- IN BOOLEAN AccessGranted
- )
+NTSTATUS STDCALL
+NtPrivilegeObjectAuditAlarm(IN PUNICODE_STRING SubsystemName,
+ IN PVOID HandleId,
+ IN HANDLE ClientToken,
+ IN ULONG DesiredAccess,
+ IN PPRIVILEGE_SET Privileges,
+ IN BOOLEAN AccessGranted)
{
- UNIMPLEMENTED;
+ UNIMPLEMENTED;
}
-NTSTATUS
-STDCALL
-NtOpenObjectAuditAlarm (
- IN PUNICODE_STRING SubsystemName,
- IN PVOID HandleId,
- IN POBJECT_ATTRIBUTES ObjectAttributes,
- IN HANDLE ClientToken,
- IN ULONG DesiredAccess,
- IN ULONG GrantedAccess,
- IN PPRIVILEGE_SET Privileges,
- IN BOOLEAN ObjectCreation,
- IN BOOLEAN AccessGranted,
- OUT PBOOLEAN GenerateOnClose
- )
+NTSTATUS STDCALL
+NtOpenObjectAuditAlarm(IN PUNICODE_STRING SubsystemName,
+ IN PVOID HandleId,
+ IN POBJECT_ATTRIBUTES ObjectAttributes,
+ IN HANDLE ClientToken,
+ IN ULONG DesiredAccess,
+ IN ULONG GrantedAccess,
+ IN PPRIVILEGE_SET Privileges,
+ IN BOOLEAN ObjectCreation,
+ IN BOOLEAN AccessGranted,
+ OUT PBOOLEAN GenerateOnClose)
{
- UNIMPLEMENTED;
+ UNIMPLEMENTED;
}
-NTSTATUS
-STDCALL
-NtAccessCheckAndAuditAlarm (
- IN PUNICODE_STRING SubsystemName,
- IN PHANDLE ObjectHandle,
- IN POBJECT_ATTRIBUTES ObjectAttributes,
- IN ACCESS_MASK DesiredAccess,
- IN PGENERIC_MAPPING GenericMapping,
- IN BOOLEAN ObjectCreation,
- OUT PULONG GrantedAccess,
- OUT PBOOLEAN AccessStatus,
- OUT PBOOLEAN GenerateOnClose
+
+NTSTATUS STDCALL
+NtAccessCheckAndAuditAlarm(IN PUNICODE_STRING SubsystemName,
+ IN PHANDLE ObjectHandle,
+ IN POBJECT_ATTRIBUTES ObjectAttributes,
+ IN ACCESS_MASK DesiredAccess,
+ IN PGENERIC_MAPPING GenericMapping,
+ IN BOOLEAN ObjectCreation,
+ OUT PULONG GrantedAccess,
+ OUT PBOOLEAN AccessStatus,
+ OUT PBOOLEAN GenerateOnClose
)
{
- UNIMPLEMENTED;
+ UNIMPLEMENTED;
}
-NTSTATUS
-STDCALL
-NtAllocateUuids (
- PULARGE_INTEGER Time,
- PULONG Range,
- PULONG Sequence
- )
+NTSTATUS STDCALL
+NtAllocateUuids(PULARGE_INTEGER Time,
+ PULONG Range,
+ PULONG Sequence)
{
- UNIMPLEMENTED;
+ UNIMPLEMENTED;
}
-NTSTATUS STDCALL NtCloseObjectAuditAlarm(IN PUNICODE_STRING SubsystemName,
- IN PVOID HandleId,
- IN BOOLEAN GenerateOnClose)
+NTSTATUS STDCALL
+NtCloseObjectAuditAlarm(IN PUNICODE_STRING SubsystemName,
+ IN PVOID HandleId,
+ IN BOOLEAN GenerateOnClose)
{
- UNIMPLEMENTED;
+ UNIMPLEMENTED;
}
-NTSTATUS STDCALL NtAccessCheck(IN PSECURITY_DESCRIPTOR SecurityDescriptor,
- IN HANDLE ClientToken,
- IN ACCESS_MASK DesiredAccess,
- IN PGENERIC_MAPPING GenericMapping,
- OUT PPRIVILEGE_SET PrivilegeSet,
- OUT PULONG ReturnLength,
- OUT PULONG GrantedAccess,
- OUT PBOOLEAN AccessStatus)
+
+NTSTATUS STDCALL
+NtAccessCheck(IN PSECURITY_DESCRIPTOR SecurityDescriptor,
+ IN HANDLE ClientToken,
+ IN ACCESS_MASK DesiredAccess,
+ IN PGENERIC_MAPPING GenericMapping,
+ OUT PPRIVILEGE_SET PrivilegeSet,
+ OUT PULONG ReturnLength,
+ OUT PULONG GrantedAccess,
+ OUT PBOOLEAN AccessStatus)
{
- UNIMPLEMENTED;
+ UNIMPLEMENTED;
}
-NTSTATUS
-STDCALL
-NtDeleteObjectAuditAlarm (
- IN PUNICODE_STRING SubsystemName,
- IN PVOID HandleId,
- IN BOOLEAN GenerateOnClose
- )
+NTSTATUS STDCALL
+NtDeleteObjectAuditAlarm(IN PUNICODE_STRING SubsystemName,
+ IN PVOID HandleId,
+ IN BOOLEAN GenerateOnClose)
{
- UNIMPLEMENTED;
+ UNIMPLEMENTED;
}
&SubjectContext->ImpersonationLevel);
SubjectContext->PrimaryToken = PsReferencePrimaryToken(Process);
}
-
-NTSTATUS STDCALL SeDeassignSecurity(PSECURITY_DESCRIPTOR* SecurityDescriptor)
+
+
+NTSTATUS STDCALL
+SeDeassignSecurity(PSECURITY_DESCRIPTOR* SecurityDescriptor)
{
- if ((*SecurityDescriptor) != NULL)
- {
- ExFreePool(*SecurityDescriptor);
- (*SecurityDescriptor) = NULL;
- }
- return(STATUS_SUCCESS);
+ if ((*SecurityDescriptor) != NULL)
+ {
+ ExFreePool(*SecurityDescriptor);
+ (*SecurityDescriptor) = NULL;
+ }
+ return(STATUS_SUCCESS);
}
+
#if 0
VOID SepGetDefaultsSubjectContext(PSECURITY_SUBJECT_CONTEXT SubjectContext,
PSID* Owner,
}
#endif
-NTSTATUS STDCALL SeAssignSecurity(PSECURITY_DESCRIPTOR ParentDescriptor,
- PSECURITY_DESCRIPTOR ExplicitDescriptor,
- PSECURITY_DESCRIPTOR* NewDescriptor,
- BOOLEAN IsDirectoryObject,
- PSECURITY_SUBJECT_CONTEXT SubjectContext,
- PGENERIC_MAPPING GenericMapping,
- POOL_TYPE PoolType)
+NTSTATUS STDCALL
+SeAssignSecurity(PSECURITY_DESCRIPTOR ParentDescriptor,
+ PSECURITY_DESCRIPTOR ExplicitDescriptor,
+ PSECURITY_DESCRIPTOR* NewDescriptor,
+ BOOLEAN IsDirectoryObject,
+ PSECURITY_SUBJECT_CONTEXT SubjectContext,
+ PGENERIC_MAPPING GenericMapping,
+ POOL_TYPE PoolType)
{
#if 0
PSECURITY_DESCRIPTOR Descriptor;
return(FALSE);
}
-BOOLEAN STDCALL SeAccessCheck (IN PSECURITY_DESCRIPTOR SecurityDescriptor,
- IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext,
- IN BOOLEAN SubjectContextLocked,
- IN ACCESS_MASK DesiredAccess,
- IN ACCESS_MASK PreviouslyGrantedAccess,
- OUT PPRIVILEGE_SET* Privileges,
- IN PGENERIC_MAPPING GenericMapping,
- IN KPROCESSOR_MODE AccessMode,
- OUT PACCESS_MODE GrantedAccess,
- OUT PNTSTATUS AccessStatus)
+
+BOOLEAN STDCALL
+SeAccessCheck(IN PSECURITY_DESCRIPTOR SecurityDescriptor,
+ IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext,
+ IN BOOLEAN SubjectContextLocked,
+ IN ACCESS_MASK DesiredAccess,
+ IN ACCESS_MASK PreviouslyGrantedAccess,
+ OUT PPRIVILEGE_SET* Privileges,
+ IN PGENERIC_MAPPING GenericMapping,
+ IN KPROCESSOR_MODE AccessMode,
+ OUT PACCESS_MODE GrantedAccess,
+ OUT PNTSTATUS AccessStatus)
/*
* FUNCTION: Determines whether the requested access rights can be granted
* to an object protected by a security descriptor and an object owner
if (SepSidInToken(SubjectSecurityContext->ClientToken, Sid))
{
CurrentAccess = CurrentAccess |
- CurrentAce->Header.AccessMask;
+ CurrentAce->Header.AccessMask;
}
}
}
-/* $Id: sid.c,v 1.7 2001/02/19 15:04:51 dwelch Exp $
+/* $Id: sid.c,v 1.8 2002/02/20 20:15:38 ekohl Exp $
*
* COPYRIGHT: See COPYING in the top level directory
* PROJECT: ReactOS kernel
/* INCLUDES *****************************************************************/
#include <ddk/ntddk.h>
-#include <string.h>
+#include <internal/se.h>
#include <internal/debug.h>
-/* FUNCTIONS ***************************************************************/
+#define TAG_SID TAG('S', 'I', 'D', 'T')
-BOOLEAN STDCALL RtlValidSid (PSID Sid)
+
+/* GLOBALS ******************************************************************/
+
+SID_IDENTIFIER_AUTHORITY SeNullSidAuthority = {SECURITY_NULL_SID_AUTHORITY};
+SID_IDENTIFIER_AUTHORITY SeWorldSidAuthority = {SECURITY_WORLD_SID_AUTHORITY};
+SID_IDENTIFIER_AUTHORITY SeLocalSidAuthority = {SECURITY_LOCAL_SID_AUTHORITY};
+SID_IDENTIFIER_AUTHORITY SeCreatorSidAuthority = {SECURITY_CREATOR_SID_AUTHORITY};
+SID_IDENTIFIER_AUTHORITY SeNtSidAuthority = {SECURITY_NT_AUTHORITY};
+
+PSID SeNullSid = NULL;
+PSID SeWorldSid = NULL;
+PSID SeLocalSid = NULL;
+PSID SeCreatorOwnerSid = NULL;
+PSID SeCreatorGroupSid = NULL;
+PSID SeCreatorOwnerServerSid = NULL;
+PSID SeCreatorGroupServerSid = NULL;
+PSID SeNtAuthoritySid = NULL;
+PSID SeDialupSid = NULL;
+PSID SeNetworkSid = NULL;
+PSID SeBatchSid = NULL;
+PSID SeInteractiveSid = NULL;
+PSID SeServiceSid = NULL;
+PSID SeAnonymousLogonSid = NULL;
+PSID SePrincipalSelfSid = NULL;
+PSID SeLocalSystemSid = NULL;
+PSID SeAuthenticatedUserSid = NULL;
+PSID SeRestrictedCodeSid = NULL;
+PSID SeAliasAdminsSid = NULL;
+PSID SeAliasUsersSid = NULL;
+PSID SeAliasGuestsSid = NULL;
+PSID SeAliasPowerUsersSid = NULL;
+PSID SeAliasAccountOpsSid = NULL;
+PSID SeAliasSystemOpsSid = NULL;
+PSID SeAliasPrintOpsSid = NULL;
+PSID SeAliasBackupOpsSid = NULL;
+
+
+/* FUNCTIONS ****************************************************************/
+
+
+BOOLEAN
+SepInitSecurityIDs(VOID)
+{
+ ULONG SidLength0;
+ ULONG SidLength1;
+ ULONG SidLength2;
+ PULONG SubAuthority;
+
+ SidLength0 = RtlLengthRequiredSid(0);
+ SidLength1 = RtlLengthRequiredSid(1);
+ SidLength2 = RtlLengthRequiredSid(2);
+
+ /* create NullSid */
+ SeNullSid = ExAllocatePoolWithTag(NonPagedPool,
+ SidLength1,
+ TAG_SID);
+ if (SeNullSid == NULL)
+ return(FALSE);
+
+ RtlInitializeSid(SeNullSid,
+ &SeNullSidAuthority,
+ 1);
+ SubAuthority = RtlSubAuthoritySid(SeNullSid,
+ 0);
+ *SubAuthority = SECURITY_NULL_RID;
+
+ /* create WorldSid */
+ SeWorldSid = ExAllocatePoolWithTag(NonPagedPool,
+ SidLength1,
+ TAG_SID);
+ if (SeWorldSid == NULL)
+ return(FALSE);
+
+ RtlInitializeSid(SeWorldSid,
+ &SeWorldSidAuthority,
+ 1);
+ SubAuthority = RtlSubAuthoritySid(SeWorldSid,
+ 0);
+ *SubAuthority = SECURITY_WORLD_RID;
+
+ /* create LocalSid */
+ SeLocalSid = ExAllocatePoolWithTag(NonPagedPool,
+ SidLength1,
+ TAG_SID);
+ if (SeLocalSid == NULL)
+ return(FALSE);
+
+ RtlInitializeSid(SeLocalSid,
+ &SeLocalSidAuthority,
+ 1);
+ SubAuthority = RtlSubAuthoritySid(SeLocalSid,
+ 0);
+ *SubAuthority = SECURITY_LOCAL_RID;
+
+ /* create CreatorOwnerSid */
+ SeCreatorOwnerSid = ExAllocatePoolWithTag(NonPagedPool,
+ SidLength1,
+ TAG_SID);
+ if (SeCreatorOwnerSid == NULL)
+ return(FALSE);
+
+ RtlInitializeSid(SeCreatorOwnerSid,
+ &SeCreatorSidAuthority,
+ 1);
+ SubAuthority = RtlSubAuthoritySid(SeCreatorOwnerSid,
+ 0);
+ *SubAuthority = SECURITY_CREATOR_OWNER_RID;
+
+ /* create CreatorGroupSid */
+ SeCreatorGroupSid = ExAllocatePoolWithTag(NonPagedPool,
+ SidLength1,
+ TAG_SID);
+ if (SeCreatorGroupSid == NULL)
+ return(FALSE);
+
+ RtlInitializeSid(SeCreatorGroupSid,
+ &SeCreatorSidAuthority,
+ 1);
+ SubAuthority = RtlSubAuthoritySid(SeCreatorGroupSid,
+ 0);
+ *SubAuthority = SECURITY_CREATOR_GROUP_RID;
+
+ /* create CreatorOwnerServerSid */
+ SeCreatorOwnerServerSid = ExAllocatePoolWithTag(NonPagedPool,
+ SidLength1,
+ TAG_SID);
+ if (SeCreatorOwnerServerSid == NULL)
+ return(FALSE);
+
+ RtlInitializeSid(SeCreatorOwnerServerSid,
+ &SeCreatorSidAuthority,
+ 1);
+ SubAuthority = RtlSubAuthoritySid(SeCreatorOwnerServerSid,
+ 0);
+ *SubAuthority = SECURITY_CREATOR_OWNER_SERVER_RID;
+
+ /* create CreatorGroupServerSid */
+ SeCreatorGroupServerSid = ExAllocatePoolWithTag(NonPagedPool,
+ SidLength1,
+ TAG_SID);
+ if (SeCreatorGroupServerSid == NULL)
+ return(FALSE);
+
+ RtlInitializeSid(SeCreatorGroupServerSid,
+ &SeCreatorSidAuthority,
+ 1);
+ SubAuthority = RtlSubAuthoritySid(SeCreatorGroupServerSid,
+ 0);
+ *SubAuthority = SECURITY_CREATOR_GROUP_SERVER_RID;
+
+
+ /* create NtAuthoritySid */
+ SeNtAuthoritySid = ExAllocatePoolWithTag(NonPagedPool,
+ SidLength0,
+ TAG_SID);
+ if (SeNtAuthoritySid == NULL)
+ return(FALSE);
+
+ RtlInitializeSid(SeNtAuthoritySid,
+ &SeNtSidAuthority,
+ 0);
+
+ /* create DialupSid */
+ SeDialupSid = ExAllocatePoolWithTag(NonPagedPool,
+ SidLength1,
+ TAG_SID);
+ if (SeDialupSid == NULL)
+ return(FALSE);
+
+ RtlInitializeSid(SeDialupSid,
+ &SeNtSidAuthority,
+ 1);
+ SubAuthority = RtlSubAuthoritySid(SeDialupSid,
+ 0);
+ *SubAuthority = SECURITY_DIALUP_RID;
+
+ /* create NetworkSid */
+ SeNetworkSid = ExAllocatePoolWithTag(NonPagedPool,
+ SidLength1,
+ TAG_SID);
+ if (SeNetworkSid == NULL)
+ return(FALSE);
+
+ RtlInitializeSid(SeNetworkSid,
+ &SeNtSidAuthority,
+ 1);
+ SubAuthority = RtlSubAuthoritySid(SeNetworkSid,
+ 0);
+ *SubAuthority = SECURITY_NETWORK_RID;
+
+ /* create BatchSid */
+ SeBatchSid = ExAllocatePoolWithTag(NonPagedPool,
+ SidLength1,
+ TAG_SID);
+ if (SeBatchSid == NULL)
+ return(FALSE);
+
+ RtlInitializeSid(SeBatchSid,
+ &SeNtSidAuthority,
+ 1);
+ SubAuthority = RtlSubAuthoritySid(SeBatchSid,
+ 0);
+ *SubAuthority = SECURITY_BATCH_RID;
+
+ /* create InteractiveSid */
+ SeInteractiveSid = ExAllocatePoolWithTag(NonPagedPool,
+ SidLength1,
+ TAG_SID);
+ if (SeInteractiveSid == NULL)
+ return(FALSE);
+
+ RtlInitializeSid(SeInteractiveSid,
+ &SeNtSidAuthority,
+ 1);
+ SubAuthority = RtlSubAuthoritySid(SeInteractiveSid,
+ 0);
+ *SubAuthority = SECURITY_INTERACTIVE_RID;
+
+ /* create ServiceSid */
+ SeServiceSid = ExAllocatePoolWithTag(NonPagedPool,
+ SidLength1,
+ TAG_SID);
+ if (SeServiceSid == NULL)
+ return(FALSE);
+
+ RtlInitializeSid(SeServiceSid,
+ &SeNtSidAuthority,
+ 1);
+ SubAuthority = RtlSubAuthoritySid(SeServiceSid,
+ 0);
+ *SubAuthority = SECURITY_SERVICE_RID;
+
+ /* create AnonymousLogonSid */
+ SeAnonymousLogonSid = ExAllocatePoolWithTag(NonPagedPool,
+ SidLength1,
+ TAG_SID);
+ if (SeAnonymousLogonSid == NULL)
+ return(FALSE);
+
+ RtlInitializeSid(SeAnonymousLogonSid,
+ &SeNtSidAuthority,
+ 1);
+ SubAuthority = RtlSubAuthoritySid(SeAnonymousLogonSid,
+ 0);
+ *SubAuthority = SECURITY_ANONYMOUS_LOGON_RID;
+
+ /* create PrincipalSelfSid */
+ SePrincipalSelfSid = ExAllocatePoolWithTag(NonPagedPool,
+ SidLength1,
+ TAG_SID);
+ if (SePrincipalSelfSid == NULL)
+ return(FALSE);
+
+ RtlInitializeSid(SePrincipalSelfSid,
+ &SeNtSidAuthority,
+ 1);
+ SubAuthority = RtlSubAuthoritySid(SePrincipalSelfSid,
+ 0);
+ *SubAuthority = SECURITY_PRINCIPAL_SELF_RID;
+
+ /* create LocalSystemSid */
+ SeLocalSystemSid = ExAllocatePoolWithTag(NonPagedPool,
+ SidLength1,
+ TAG_SID);
+ if (SeLocalSystemSid == NULL)
+ return(FALSE);
+
+ RtlInitializeSid(SeLocalSystemSid,
+ &SeNtSidAuthority,
+ 1);
+ SubAuthority = RtlSubAuthoritySid(SeLocalSystemSid,
+ 0);
+ *SubAuthority = SECURITY_LOCAL_SYSTEM_RID;
+
+ /* create AuthenticatedUserSid */
+ SeAuthenticatedUserSid = ExAllocatePoolWithTag(NonPagedPool,
+ SidLength1,
+ TAG_SID);
+ if (SeAuthenticatedUserSid == NULL)
+ return(FALSE);
+
+ RtlInitializeSid(SeAuthenticatedUserSid,
+ &SeNtSidAuthority,
+ 1);
+ SubAuthority = RtlSubAuthoritySid(SeAuthenticatedUserSid,
+ 0);
+ *SubAuthority = SECURITY_AUTHENTICATED_USER_RID;
+
+ /* create RestrictedCodeSid */
+ SeRestrictedCodeSid = ExAllocatePoolWithTag(NonPagedPool,
+ SidLength1,
+ TAG_SID);
+ if (SeRestrictedCodeSid == NULL)
+ return(FALSE);
+
+ RtlInitializeSid(SeRestrictedCodeSid,
+ &SeNtSidAuthority,
+ 1);
+ SubAuthority = RtlSubAuthoritySid(SeRestrictedCodeSid,
+ 0);
+ *SubAuthority = SECURITY_RESTRICTED_CODE_RID;
+
+ /* create AliasAdminsSid */
+ SeAliasAdminsSid = ExAllocatePoolWithTag(NonPagedPool,
+ SidLength2,
+ TAG_SID);
+ if (SeAliasAdminsSid == NULL)
+ return(FALSE);
+
+ RtlInitializeSid(SeAliasAdminsSid,
+ &SeNtSidAuthority,
+ 2);
+ SubAuthority = RtlSubAuthoritySid(SeAliasAdminsSid,
+ 0);
+ *SubAuthority = SECURITY_BUILTIN_DOMAIN_RID;
+
+ SubAuthority = RtlSubAuthoritySid(SeAliasAdminsSid,
+ 1);
+ *SubAuthority = DOMAIN_ALIAS_RID_ADMINS;
+
+ /* create AliasUsersSid */
+ SeAliasUsersSid = ExAllocatePoolWithTag(NonPagedPool,
+ SidLength2,
+ TAG_SID);
+ if (SeAliasUsersSid == NULL)
+ return(FALSE);
+
+ RtlInitializeSid(SeAliasUsersSid,
+ &SeNtSidAuthority,
+ 2);
+ SubAuthority = RtlSubAuthoritySid(SeAliasUsersSid,
+ 0);
+ *SubAuthority = SECURITY_BUILTIN_DOMAIN_RID;
+
+ SubAuthority = RtlSubAuthoritySid(SeAliasUsersSid,
+ 1);
+ *SubAuthority = DOMAIN_ALIAS_RID_USERS;
+
+ /* create AliasGuestsSid */
+ SeAliasGuestsSid = ExAllocatePoolWithTag(NonPagedPool,
+ SidLength2,
+ TAG_SID);
+ if (SeAliasGuestsSid == NULL)
+ return(FALSE);
+
+ RtlInitializeSid(SeAliasGuestsSid,
+ &SeNtSidAuthority,
+ 2);
+ SubAuthority = RtlSubAuthoritySid(SeAliasGuestsSid,
+ 0);
+ *SubAuthority = SECURITY_BUILTIN_DOMAIN_RID;
+
+ SubAuthority = RtlSubAuthoritySid(SeAliasGuestsSid,
+ 1);
+ *SubAuthority = DOMAIN_ALIAS_RID_GUESTS;
+
+ /* create AliasPowerUsersSid */
+ SeAliasPowerUsersSid = ExAllocatePoolWithTag(NonPagedPool,
+ SidLength2,
+ TAG_SID);
+ if (SeAliasPowerUsersSid == NULL)
+ return(FALSE);
+
+ RtlInitializeSid(SeAliasPowerUsersSid,
+ &SeNtSidAuthority,
+ 2);
+ SubAuthority = RtlSubAuthoritySid(SeAliasPowerUsersSid,
+ 0);
+ *SubAuthority = SECURITY_BUILTIN_DOMAIN_RID;
+
+ SubAuthority = RtlSubAuthoritySid(SeAliasPowerUsersSid,
+ 1);
+ *SubAuthority = DOMAIN_ALIAS_RID_POWER_USERS;
+
+ /* create AliasAccountOpsSid */
+ SeAliasAccountOpsSid = ExAllocatePoolWithTag(NonPagedPool,
+ SidLength2,
+ TAG_SID);
+ if (SeAliasAccountOpsSid == NULL)
+ return(FALSE);
+
+ RtlInitializeSid(SeAliasAccountOpsSid,
+ &SeNtSidAuthority,
+ 2);
+ SubAuthority = RtlSubAuthoritySid(SeAliasAccountOpsSid,
+ 0);
+ *SubAuthority = SECURITY_BUILTIN_DOMAIN_RID;
+
+ SubAuthority = RtlSubAuthoritySid(SeAliasAccountOpsSid,
+ 1);
+ *SubAuthority = DOMAIN_ALIAS_RID_ACCOUNT_OPS;
+
+ /* create AliasSystemOpsSid */
+ SeAliasSystemOpsSid = ExAllocatePoolWithTag(NonPagedPool,
+ SidLength2,
+ TAG_SID);
+ if (SeAliasSystemOpsSid == NULL)
+ return(FALSE);
+
+ RtlInitializeSid(SeAliasSystemOpsSid,
+ &SeNtSidAuthority,
+ 2);
+ SubAuthority = RtlSubAuthoritySid(SeAliasSystemOpsSid,
+ 0);
+ *SubAuthority = SECURITY_BUILTIN_DOMAIN_RID;
+
+ SubAuthority = RtlSubAuthoritySid(SeAliasSystemOpsSid,
+ 1);
+ *SubAuthority = DOMAIN_ALIAS_RID_SYSTEM_OPS;
+
+ /* create AliasPrintOpsSid */
+ SeAliasPrintOpsSid = ExAllocatePoolWithTag(NonPagedPool,
+ SidLength2,
+ TAG_SID);
+ if (SeAliasPrintOpsSid == NULL)
+ return(FALSE);
+
+ RtlInitializeSid(SeAliasPrintOpsSid,
+ &SeNtSidAuthority,
+ 2);
+ SubAuthority = RtlSubAuthoritySid(SeAliasPrintOpsSid,
+ 0);
+ *SubAuthority = SECURITY_BUILTIN_DOMAIN_RID;
+
+ SubAuthority = RtlSubAuthoritySid(SeAliasPrintOpsSid,
+ 1);
+ *SubAuthority = DOMAIN_ALIAS_RID_PRINT_OPS;
+
+ /* create AliasBackupOpsSid */
+ SeAliasBackupOpsSid = ExAllocatePoolWithTag(NonPagedPool,
+ SidLength2,
+ TAG_SID);
+ if (SeAliasBackupOpsSid == NULL)
+ return(FALSE);
+
+ RtlInitializeSid(SeAliasBackupOpsSid,
+ &SeNtSidAuthority,
+ 2);
+ SubAuthority = RtlSubAuthoritySid(SeAliasBackupOpsSid,
+ 0);
+ *SubAuthority = SECURITY_BUILTIN_DOMAIN_RID;
+
+ SubAuthority = RtlSubAuthoritySid(SeAliasBackupOpsSid,
+ 1);
+ *SubAuthority = DOMAIN_ALIAS_RID_BACKUP_OPS;
+
+ return(TRUE);
+}
+
+
+BOOLEAN STDCALL
+RtlValidSid(PSID Sid)
{
if ((Sid->Revision & 0xf) != 1)
{
return(TRUE);
}
-ULONG STDCALL RtlLengthRequiredSid (UCHAR SubAuthorityCount)
+
+ULONG STDCALL
+RtlLengthRequiredSid(UCHAR SubAuthorityCount)
{
- return(sizeof(SID) + (SubAuthorityCount - 1) * sizeof(ULONG));
+ return(sizeof(SID) + (SubAuthorityCount - 1) * sizeof(ULONG));
}
-NTSTATUS STDCALL RtlInitializeSid (PSID Sid,
- PSID_IDENTIFIER_AUTHORITY IdentifierAuthority,
- UCHAR SubAuthorityCount)
+
+NTSTATUS STDCALL
+RtlInitializeSid(PSID Sid,
+ PSID_IDENTIFIER_AUTHORITY IdentifierAuthority,
+ UCHAR SubAuthorityCount)
{
- Sid->Revision = 1;
- Sid->SubAuthorityCount = SubAuthorityCount;
- memcpy(&Sid->IdentifierAuthority, IdentifierAuthority,
- sizeof(SID_IDENTIFIER_AUTHORITY));
- return(STATUS_SUCCESS);
+ Sid->Revision = 1;
+ Sid->SubAuthorityCount = SubAuthorityCount;
+ RtlCopyMemory(&Sid->IdentifierAuthority,
+ IdentifierAuthority,
+ sizeof(SID_IDENTIFIER_AUTHORITY));
+ return(STATUS_SUCCESS);
}
-PULONG STDCALL RtlSubAuthoritySid (PSID Sid, ULONG SubAuthority)
+
+PULONG STDCALL
+RtlSubAuthoritySid(PSID Sid,
+ ULONG SubAuthority)
{
- return(&Sid->SubAuthority[SubAuthority]);
+ return(&Sid->SubAuthority[SubAuthority]);
}
-PUCHAR STDCALL RtlSubAuthorityCountSid (PSID Sid)
+
+PUCHAR STDCALL
+RtlSubAuthorityCountSid (PSID Sid)
{
- return(&Sid->SubAuthorityCount);
+ return(&Sid->SubAuthorityCount);
}
-BOOLEAN STDCALL RtlEqualSid (PSID Sid1, PSID Sid2)
+
+BOOLEAN STDCALL
+RtlEqualSid(PSID Sid1,
+ PSID Sid2)
{
if (Sid1->Revision != Sid2->Revision)
{
return(TRUE);
}
-ULONG STDCALL RtlLengthSid (PSID Sid)
+
+ULONG STDCALL
+RtlLengthSid(PSID Sid)
{
- return(sizeof(SID) + (Sid->SubAuthorityCount-1)*4);
+ return(sizeof(SID) + (Sid->SubAuthorityCount-1)*4);
}
-NTSTATUS STDCALL RtlCopySid (ULONG BufferLength, PSID Dest, PSID Src)
+
+NTSTATUS STDCALL
+RtlCopySid(ULONG BufferLength,
+ PSID Dest,
+ PSID Src)
{
if (BufferLength < RtlLengthSid(Src))
{
return(STATUS_SUCCESS);
}
+
NTSTATUS STDCALL
RtlConvertSidToUnicodeString(PUNICODE_STRING String,
PSID Sid,
-/* $Id: token.c,v 1.12 2001/12/05 01:40:25 dwelch Exp $
+/* $Id: token.c,v 1.13 2002/02/20 20:15:38 ekohl Exp $
*
* COPYRIGHT: See COPYING in the top level directory
* PROJECT: ReactOS kernel
#include <limits.h>
#include <ddk/ntddk.h>
#include <internal/ps.h>
-#include <internal/pool.h>
+#include <internal/se.h>
#include <internal/debug.h>
/* GLOBALS *******************************************************************/
-POBJECT_TYPE EXPORTED SeTokenType = NULL;
+POBJECT_TYPE SepTokenObjectType = NULL;
static GENERIC_MAPPING SepTokenMapping = {TOKEN_READ,
TOKEN_WRITE,
NewToken->TokenInUse = 1;
ObReferenceObjectByPointer(NewToken,
TOKEN_ALL_ACCESS,
- SeTokenType,
+ SepTokenObjectType,
KernelMode);
OldToken->TokenInUse = 0;
*OldTokenP = OldToken;
return(Status);
}
-NTSTATUS
-STDCALL
-SeCreateClientSecurity (
- PETHREAD Thread,
- PSECURITY_QUALITY_OF_SERVICE Qos,
- ULONG e,
- PSE_SOME_STRUCT2 f
- )
+
+NTSTATUS STDCALL
+SeCreateClientSecurity(IN struct _ETHREAD *Thread,
+ IN PSECURITY_QUALITY_OF_SERVICE Qos,
+ IN BOOLEAN RemoteClient,
+ OUT PSECURITY_CLIENT_CONTEXT ClientContext)
{
TOKEN_TYPE TokenType;
UCHAR b;
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
PACCESS_TOKEN Token;
- ULONG g;
+ ULONG g;
PACCESS_TOKEN NewToken;
Token = PsReferenceEffectiveToken(Thread,
&ImpersonationLevel);
if (TokenType != 2)
{
- f->Unknown9 = Qos->EffectiveOnly;
+ ClientContext->DirectAccessEffectiveOnly = Qos->EffectiveOnly;
}
else
{
}
if (ImpersonationLevel == 0 ||
ImpersonationLevel == 1 ||
- (e != 0 && ImpersonationLevel != 3))
+ (RemoteClient != FALSE && ImpersonationLevel != 3))
{
if (Token != NULL)
{
if (b != 0 ||
Qos->EffectiveOnly != 0)
{
- f->Unknown9 = 1;
+ ClientContext->DirectAccessEffectiveOnly = TRUE;
}
else
{
- f->Unknown9 = 0;
- }
+ ClientContext->DirectAccessEffectiveOnly = FALSE;
+ }
}
if (Qos->ContextTrackingMode == 0)
{
- f->Unknown8 = 0;
+ ClientContext->DirectlyAccessClientToken = FALSE;
g = SeCopyClientToken(Token, ImpersonationLevel, 0, &NewToken);
if (g >= 0)
{
// ObDeleteCapturedInsertInfo(NewToken);
}
- if (TokenType == TokenPrimary || Token != NULL)
+ if (TokenType == TokenPrimary || Token != NULL)
{
ObDereferenceObject(Token);
}
{
return(g);
}
- }
- else
- {
- f->Unknown8 = 1;
- if (e != 0)
+ }
+ else
+ {
+ ClientContext->DirectlyAccessClientToken = TRUE;
+ if (RemoteClient != FALSE)
{
-// SeGetTokenControlInformation(Token, &f->Unknown11);
+// SeGetTokenControlInformation(Token, &ClientContext->Unknown11);
}
NewToken = Token;
- }
- f->Unknown1 = 0xc;
- f->Level = Qos->ImpersonationLevel;
- f->ContextTrackingMode = Qos->ContextTrackingMode;
- f->EffectiveOnly = Qos->EffectiveOnly;
- f->Unknown10 = e;
- f->Token = NewToken;
-
- return(STATUS_SUCCESS);
+ }
+ ClientContext->SecurityQos.Length = sizeof(SECURITY_QUALITY_OF_SERVICE);
+ ClientContext->SecurityQos.ImpersonationLevel = Qos->ImpersonationLevel;
+ ClientContext->SecurityQos.ContextTrackingMode = Qos->ContextTrackingMode;
+ ClientContext->SecurityQos.EffectiveOnly = Qos->EffectiveOnly;
+ ClientContext->ServerIsRemote = RemoteClient;
+ ClientContext->Token = NewToken;
+
+ return(STATUS_SUCCESS);
}
-VOID
-STDCALL
-SeImpersonateClient (
- PSE_SOME_STRUCT2 a,
- PETHREAD Thread
- )
+VOID STDCALL
+SeImpersonateClient(IN PSECURITY_CLIENT_CONTEXT ClientContext,
+ IN PETHREAD ServerThread OPTIONAL)
{
- UCHAR b;
-
- if (a->Unknown8 == 0)
- {
- b = a->EffectiveOnly;
- }
- else
- {
- b = a->Unknown9;
- }
- if (Thread == NULL)
- {
- Thread = PsGetCurrentThread();
- }
- PsImpersonateClient(Thread,
- a->Token,
- 1,
- (ULONG)b,
- a->Level);
+ UCHAR b;
+
+ if (ClientContext->DirectlyAccessClientToken == FALSE)
+ {
+ b = ClientContext->SecurityQos.EffectiveOnly;
+ }
+ else
+ {
+ b = ClientContext->DirectAccessEffectiveOnly;
+ }
+ if (ServerThread == NULL)
+ {
+ ServerThread = PsGetCurrentThread();
+ }
+ PsImpersonateClient(ServerThread,
+ ClientContext->Token,
+ 1,
+ (ULONG)b,
+ ClientContext->SecurityQos.ImpersonationLevel);
}
-VOID SeInitializeTokenManager(VOID)
+
+VOID
+SeInitializeTokenManager(VOID)
{
- UNICODE_STRING TypeName;
-
- RtlInitUnicodeString(&TypeName, L"Token");
-
- SeTokenType = ExAllocatePool(NonPagedPool, sizeof(OBJECT_TYPE));
-
- SeTokenType->Tag = TAG('T', 'O', 'K', 'T');
- SeTokenType->MaxObjects = ULONG_MAX;
- SeTokenType->MaxHandles = ULONG_MAX;
- SeTokenType->TotalObjects = 0;
- SeTokenType->TotalHandles = 0;
- SeTokenType->PagedPoolCharge = 0;
- SeTokenType->NonpagedPoolCharge = 0;
- SeTokenType->Mapping = &SepTokenMapping;
- SeTokenType->Dump = NULL;
- SeTokenType->Open = NULL;
- SeTokenType->Close = NULL;
- SeTokenType->Delete = NULL;
- SeTokenType->Parse = NULL;
- SeTokenType->Security = NULL;
- SeTokenType->QueryName = NULL;
- SeTokenType->OkayToClose = NULL;
- SeTokenType->Create = NULL;
- SeTokenType->DuplicationNotify = NULL;
+ SepTokenObjectType = ExAllocatePool(NonPagedPool, sizeof(OBJECT_TYPE));
+
+ SepTokenObjectType->Tag = TAG('T', 'O', 'K', 'T');
+ SepTokenObjectType->MaxObjects = ULONG_MAX;
+ SepTokenObjectType->MaxHandles = ULONG_MAX;
+ SepTokenObjectType->TotalObjects = 0;
+ SepTokenObjectType->TotalHandles = 0;
+ SepTokenObjectType->PagedPoolCharge = 0;
+ SepTokenObjectType->NonpagedPoolCharge = sizeof(ACCESS_TOKEN);
+ SepTokenObjectType->Mapping = &SepTokenMapping;
+ SepTokenObjectType->Dump = NULL;
+ SepTokenObjectType->Open = NULL;
+ SepTokenObjectType->Close = NULL;
+ SepTokenObjectType->Delete = NULL;
+ SepTokenObjectType->Parse = NULL;
+ SepTokenObjectType->Security = NULL;
+ SepTokenObjectType->QueryName = NULL;
+ SepTokenObjectType->OkayToClose = NULL;
+ SepTokenObjectType->Create = NULL;
+ SepTokenObjectType->DuplicationNotify = NULL;
+ RtlCreateUnicodeString(&SepTokenObjectType->TypeName,
+ L"Token");
}
-NTSTATUS RtlCopySidAndAttributesArray(ULONG Count, // ebp + 8
- PSID_AND_ATTRIBUTES Src, // ebp + C
- ULONG MaxLength, // ebp + 10
- PSID_AND_ATTRIBUTES Dest, // ebp + 14
- PVOID e, // ebp + 18
- PVOID* f, // ebp + 1C
- PULONG g) // ebp + 20
+NTSTATUS
+RtlCopySidAndAttributesArray(ULONG Count, // ebp + 8
+ PSID_AND_ATTRIBUTES Src, // ebp + C
+ ULONG MaxLength, // ebp + 10
+ PSID_AND_ATTRIBUTES Dest, // ebp + 14
+ PVOID e, // ebp + 18
+ PVOID* f, // ebp + 1C
+ PULONG g) // ebp + 20
{
ULONG Length; // ebp - 4
ULONG i;
return(STATUS_SUCCESS);
}
-NTSTATUS STDCALL NtQueryInformationToken(IN HANDLE TokenHandle,
- IN TOKEN_INFORMATION_CLASS
- TokenInformationClass,
- OUT PVOID TokenInformation,
- IN ULONG TokenInformationLength,
- OUT PULONG ReturnLength)
+
+NTSTATUS STDCALL
+NtQueryInformationToken(IN HANDLE TokenHandle,
+ IN TOKEN_INFORMATION_CLASS TokenInformationClass,
+ OUT PVOID TokenInformation,
+ IN ULONG TokenInformationLength,
+ OUT PULONG ReturnLength)
{
NTSTATUS Status;
PACCESS_TOKEN Token;
Status = ObReferenceObjectByHandle(TokenHandle,
0,
- SeTokenType,
+ SepTokenObjectType,
UserMode,
(PVOID*)&Token,
NULL);
}
break;
- case TokenPrivileges:
+ case TokenPrivileges:
break;
case TokenOwner:
}
-
-
-NTSTATUS
-STDCALL
-NtSetInformationToken(
- IN HANDLE TokenHandle,
- IN TOKEN_INFORMATION_CLASS TokenInformationClass,
- OUT PVOID TokenInformation,
- IN ULONG TokenInformationLength
- )
+NTSTATUS STDCALL
+NtSetInformationToken(IN HANDLE TokenHandle,
+ IN TOKEN_INFORMATION_CLASS TokenInformationClass,
+ OUT PVOID TokenInformation,
+ IN ULONG TokenInformationLength)
{
- UNIMPLEMENTED;
+ UNIMPLEMENTED;
}
-NTSTATUS STDCALL NtDuplicateToken(IN HANDLE ExistingTokenHandle,
- IN ACCESS_MASK DesiredAccess,
- IN POBJECT_ATTRIBUTES ObjectAttributes,
- IN SECURITY_IMPERSONATION_LEVEL
- ImpersonationLevel,
- IN TOKEN_TYPE TokenType,
- OUT PHANDLE NewTokenHandle)
+
+NTSTATUS STDCALL
+NtDuplicateToken(IN HANDLE ExistingTokenHandle,
+ IN ACCESS_MASK DesiredAccess,
+ IN POBJECT_ATTRIBUTES ObjectAttributes,
+ IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel,
+ IN TOKEN_TYPE TokenType,
+ OUT PHANDLE NewTokenHandle)
{
#if 0
PACCESS_TOKEN Token;
Status = ObReferenceObjectByHandle(ExistingTokenHandle,
?,
- SeTokenType,
+ SepTokenObjectType,
UserMode,
(PVOID*)&Token,
NULL);
UNIMPLEMENTED;
}
-NTSTATUS STDCALL NtAdjustGroupsToken(IN HANDLE TokenHandle,
- IN BOOLEAN ResetToDefault,
- IN PTOKEN_GROUPS NewState,
- IN ULONG BufferLength,
- OUT PTOKEN_GROUPS PreviousState OPTIONAL,
- OUT PULONG ReturnLength)
+
+NTSTATUS STDCALL
+NtAdjustGroupsToken(IN HANDLE TokenHandle,
+ IN BOOLEAN ResetToDefault,
+ IN PTOKEN_GROUPS NewState,
+ IN ULONG BufferLength,
+ OUT PTOKEN_GROUPS PreviousState OPTIONAL,
+ OUT PULONG ReturnLength)
{
#if 0
NTSTATUS Status;
Status = ObReferenceObjectByHandle(TokenHandle,
?,
- SeTokenType,
+ SepTokenObjectType,
UserMode,
(PVOID*)&Token,
NULL);
#endif
}
+
#if 0
NTSTATUS SepAdjustPrivileges(PACCESS_TOKEN Token, // 0x8
ULONG a, // 0xC
if (
}
#endif
-
-NTSTATUS STDCALL NtAdjustPrivilegesToken(IN HANDLE TokenHandle,
- IN BOOLEAN DisableAllPrivileges,
- IN PTOKEN_PRIVILEGES NewState,
- IN ULONG BufferLength,
- OUT PTOKEN_PRIVILEGES PreviousState,
- OUT PULONG ReturnLength)
+
+
+NTSTATUS STDCALL
+NtAdjustPrivilegesToken(IN HANDLE TokenHandle,
+ IN BOOLEAN DisableAllPrivileges,
+ IN PTOKEN_PRIVILEGES NewState,
+ IN ULONG BufferLength,
+ OUT PTOKEN_PRIVILEGES PreviousState,
+ OUT PULONG ReturnLength)
{
#if 0
ULONG PrivilegeCount;
#endif
}
-NTSTATUS STDCALL NtCreateToken(OUT PHANDLE TokenHandle,
- IN ACCESS_MASK DesiredAccess,
- IN POBJECT_ATTRIBUTES ObjectAttributes,
- IN TOKEN_TYPE TokenType,
- IN PLUID AuthenticationId,
- IN PLARGE_INTEGER ExpirationTime,
- IN PTOKEN_USER TokenUser,
- IN PTOKEN_GROUPS TokenGroups,
- IN PTOKEN_PRIVILEGES TokenPrivileges,
- IN PTOKEN_OWNER TokenOwner,
- IN PTOKEN_PRIMARY_GROUP TokenPrimaryGroup,
- IN PTOKEN_DEFAULT_DACL TokenDefaultDacl,
- IN PTOKEN_SOURCE TokenSource)
+NTSTATUS STDCALL
+NtCreateToken(OUT PHANDLE TokenHandle,
+ IN ACCESS_MASK DesiredAccess,
+ IN POBJECT_ATTRIBUTES ObjectAttributes,
+ IN TOKEN_TYPE TokenType,
+ IN PLUID AuthenticationId,
+ IN PLARGE_INTEGER ExpirationTime,
+ IN PTOKEN_USER TokenUser,
+ IN PTOKEN_GROUPS TokenGroups,
+ IN PTOKEN_PRIVILEGES TokenPrivileges,
+ IN PTOKEN_OWNER TokenOwner,
+ IN PTOKEN_PRIMARY_GROUP TokenPrimaryGroup,
+ IN PTOKEN_DEFAULT_DACL TokenDefaultDacl,
+ IN PTOKEN_SOURCE TokenSource)
{
#if 0
PACCESS_TOKEN AccessToken;
UNIMPLEMENTED;
}
+TOKEN_TYPE STDCALL
+SeTokenType(IN PACCESS_TOKEN Token)
+{
+ return(Token->TokenType);
+}
/* EOF */