No code changes.
svn path=/trunk/; revision=47383
OUT PSECURITY_SUBJECT_CONTEXT SubjectContext)
{
BOOLEAN CopyOnOpen, EffectiveOnly;
+
PAGED_CODE();
-
+
/* Save the unique ID */
SubjectContext->ProcessAuditId = Process->UniqueProcessId;
-
+
/* Check if we have a thread */
if (!Thread)
{
&EffectiveOnly,
&SubjectContext->ImpersonationLevel);
}
-
+
/* Get the primary token */
SubjectContext->PrimaryToken = PsReferencePrimaryToken(Process);
}
SeLockSubjectContext(IN PSECURITY_SUBJECT_CONTEXT SubjectContext)
{
PAGED_CODE();
-
+
KeEnterCriticalRegion();
ExAcquireResourceExclusiveLite(&SepSubjectContextLock, TRUE);
}
SeUnlockSubjectContext(IN PSECURITY_SUBJECT_CONTEXT SubjectContext)
{
PAGED_CODE();
-
+
ExReleaseResourceLite(&SepSubjectContextLock);
KeLeaveCriticalRegion();
}
SeReleaseSubjectContext(IN PSECURITY_SUBJECT_CONTEXT SubjectContext)
{
PAGED_CODE();
-
+
if (SubjectContext->PrimaryToken != NULL)
{
ObFastDereferenceObject(&PsGetCurrentProcess()->Token, SubjectContext->PrimaryToken);
}
-
+
if (SubjectContext->ClientToken != NULL)
{
ObDereferenceObject(SubjectContext->ClientToken);
{
ACCESS_MASK AccessMask = Access;
PTOKEN Token;
+
PAGED_CODE();
/* Map the Generic Acess to Specific Access if we have a Mapping */
ExpAllocateLocallyUniqueId(&AccessState->OperationID);
/* Get the Token to use */
- Token = AccessState->SubjectSecurityContext.ClientToken ?
- (PTOKEN)&AccessState->SubjectSecurityContext.ClientToken :
- (PTOKEN)&AccessState->SubjectSecurityContext.PrimaryToken;
+ Token = AccessState->SubjectSecurityContext.ClientToken ?
+ (PTOKEN)&AccessState->SubjectSecurityContext.ClientToken :
+ (PTOKEN)&AccessState->SubjectSecurityContext.PrimaryToken;
/* Check for Travers Privilege */
if (Token->TokenFlags & TOKEN_HAS_TRAVERSE_PRIVILEGE)
SeDeleteAccessState(IN PACCESS_STATE AccessState)
{
PAUX_ACCESS_DATA AuxData;
+
PAGED_CODE();
/* Get the Auxiliary Data */
{
ExFreePool(AccessState->ObjectName.Buffer);
}
- if (AccessState->ObjectTypeName.Buffer)
+
+ if (AccessState->ObjectTypeName.Buffer)
{
ExFreePool(AccessState->ObjectTypeName.Buffer);
}
PACCESS_TOKEN Token;
NTSTATUS Status;
PACCESS_TOKEN NewToken;
+
PAGED_CODE();
-
+
Token = PsReferenceEffectiveToken(Thread,
&TokenType,
&ThreadEffectiveOnly,
if (Token) ObDereferenceObject(Token);
return STATUS_BAD_IMPERSONATION_LEVEL;
}
-
+
if ((ImpersonationLevel == SecurityAnonymous) ||
(ImpersonationLevel == SecurityIdentification) ||
((RemoteClient) && (ImpersonationLevel != SecurityDelegation)))
if (Token) ObDereferenceObject(Token);
return STATUS_BAD_IMPERSONATION_LEVEL;
}
-
+
ClientContext->DirectAccessEffectiveOnly = ((ThreadEffectiveOnly) ||
- (Qos->EffectiveOnly)) ?
- TRUE : FALSE;
+ (Qos->EffectiveOnly)) ? TRUE : FALSE;
}
-
+
if (Qos->ContextTrackingMode == SECURITY_STATIC_TRACKING)
{
ClientContext->DirectlyAccessClientToken = FALSE;
&ClientContext->ClientTokenControl);
#endif
}
-
+
NewToken = Token;
}
-
+
ClientContext->SecurityQos.Length = sizeof(SECURITY_QUALITY_OF_SERVICE);
ClientContext->SecurityQos.ImpersonationLevel = Qos->ImpersonationLevel;
ClientContext->SecurityQos.ContextTrackingMode = Qos->ContextTrackingMode;
IN PETHREAD ServerThread OPTIONAL)
{
UCHAR b;
-
+
PAGED_CODE();
-
+
if (ClientContext->DirectlyAccessClientToken == FALSE)
{
b = ClientContext->SecurityQos.EffectiveOnly;
{
b = ClientContext->DirectAccessEffectiveOnly;
}
+
if (ServerThread == NULL)
{
ServerThread = PsGetCurrentThread();
}
+
PsImpersonateClient(ServerThread,
ClientContext->ClientToken,
1,
SepInitDACLs(VOID)
{
ULONG AclLength;
-
+
/* create PublicDefaultDacl */
AclLength = sizeof(ACL) +
- (sizeof(ACE) + RtlLengthSid(SeWorldSid)) +
- (sizeof(ACE) + RtlLengthSid(SeLocalSystemSid));
-
+ (sizeof(ACE) + RtlLengthSid(SeWorldSid)) +
+ (sizeof(ACE) + RtlLengthSid(SeLocalSystemSid));
+
SePublicDefaultDacl = ExAllocatePoolWithTag(PagedPool,
AclLength,
TAG_ACL);
if (SePublicDefaultDacl == NULL)
return FALSE;
-
+
RtlCreateAcl(SePublicDefaultDacl,
AclLength,
ACL_REVISION);
-
+
RtlAddAccessAllowedAce(SePublicDefaultDacl,
ACL_REVISION,
GENERIC_EXECUTE,
SeWorldSid);
-
+
RtlAddAccessAllowedAce(SePublicDefaultDacl,
ACL_REVISION,
GENERIC_ALL,
SeLocalSystemSid);
-
-
+
/* create PublicDefaultUnrestrictedDacl */
AclLength = sizeof(ACL) +
- (sizeof(ACE) + RtlLengthSid(SeWorldSid)) +
- (sizeof(ACE) + RtlLengthSid(SeLocalSystemSid)) +
- (sizeof(ACE) + RtlLengthSid(SeAliasAdminsSid)) +
- (sizeof(ACE) + RtlLengthSid(SeRestrictedCodeSid));
-
+ (sizeof(ACE) + RtlLengthSid(SeWorldSid)) +
+ (sizeof(ACE) + RtlLengthSid(SeLocalSystemSid)) +
+ (sizeof(ACE) + RtlLengthSid(SeAliasAdminsSid)) +
+ (sizeof(ACE) + RtlLengthSid(SeRestrictedCodeSid));
+
SePublicDefaultUnrestrictedDacl = ExAllocatePoolWithTag(PagedPool,
AclLength,
TAG_ACL);
if (SePublicDefaultUnrestrictedDacl == NULL)
return FALSE;
-
+
RtlCreateAcl(SePublicDefaultUnrestrictedDacl,
AclLength,
ACL_REVISION);
-
+
RtlAddAccessAllowedAce(SePublicDefaultUnrestrictedDacl,
ACL_REVISION,
GENERIC_EXECUTE,
SeWorldSid);
-
+
RtlAddAccessAllowedAce(SePublicDefaultUnrestrictedDacl,
ACL_REVISION,
GENERIC_ALL,
SeLocalSystemSid);
-
+
RtlAddAccessAllowedAce(SePublicDefaultUnrestrictedDacl,
ACL_REVISION,
GENERIC_ALL,
SeAliasAdminsSid);
-
+
RtlAddAccessAllowedAce(SePublicDefaultUnrestrictedDacl,
ACL_REVISION,
GENERIC_READ | GENERIC_EXECUTE | READ_CONTROL,
SeRestrictedCodeSid);
-
+
/* create PublicOpenDacl */
AclLength = sizeof(ACL) +
- (sizeof(ACE) + RtlLengthSid(SeWorldSid)) +
- (sizeof(ACE) + RtlLengthSid(SeLocalSystemSid)) +
- (sizeof(ACE) + RtlLengthSid(SeAliasAdminsSid));
-
+ (sizeof(ACE) + RtlLengthSid(SeWorldSid)) +
+ (sizeof(ACE) + RtlLengthSid(SeLocalSystemSid)) +
+ (sizeof(ACE) + RtlLengthSid(SeAliasAdminsSid));
+
SePublicOpenDacl = ExAllocatePoolWithTag(PagedPool,
AclLength,
TAG_ACL);
if (SePublicOpenDacl == NULL)
return FALSE;
-
+
RtlCreateAcl(SePublicOpenDacl,
AclLength,
ACL_REVISION);
-
+
RtlAddAccessAllowedAce(SePublicOpenDacl,
ACL_REVISION,
GENERIC_READ | GENERIC_WRITE | GENERIC_EXECUTE,
SeWorldSid);
-
+
RtlAddAccessAllowedAce(SePublicOpenDacl,
ACL_REVISION,
GENERIC_ALL,
SeLocalSystemSid);
-
+
RtlAddAccessAllowedAce(SePublicOpenDacl,
ACL_REVISION,
GENERIC_ALL,
SeAliasAdminsSid);
-
+
/* create PublicOpenUnrestrictedDacl */
AclLength = sizeof(ACL) +
- (sizeof(ACE) + RtlLengthSid(SeWorldSid)) +
- (sizeof(ACE) + RtlLengthSid(SeLocalSystemSid)) +
- (sizeof(ACE) + RtlLengthSid(SeAliasAdminsSid)) +
- (sizeof(ACE) + RtlLengthSid(SeRestrictedCodeSid));
-
+ (sizeof(ACE) + RtlLengthSid(SeWorldSid)) +
+ (sizeof(ACE) + RtlLengthSid(SeLocalSystemSid)) +
+ (sizeof(ACE) + RtlLengthSid(SeAliasAdminsSid)) +
+ (sizeof(ACE) + RtlLengthSid(SeRestrictedCodeSid));
+
SePublicOpenUnrestrictedDacl = ExAllocatePoolWithTag(PagedPool,
AclLength,
TAG_ACL);
if (SePublicOpenUnrestrictedDacl == NULL)
return FALSE;
-
+
RtlCreateAcl(SePublicOpenUnrestrictedDacl,
AclLength,
ACL_REVISION);
-
+
RtlAddAccessAllowedAce(SePublicOpenUnrestrictedDacl,
ACL_REVISION,
GENERIC_ALL,
SeWorldSid);
-
+
RtlAddAccessAllowedAce(SePublicOpenUnrestrictedDacl,
ACL_REVISION,
GENERIC_ALL,
SeLocalSystemSid);
-
+
RtlAddAccessAllowedAce(SePublicOpenUnrestrictedDacl,
ACL_REVISION,
GENERIC_ALL,
SeAliasAdminsSid);
-
+
RtlAddAccessAllowedAce(SePublicOpenUnrestrictedDacl,
ACL_REVISION,
GENERIC_READ | GENERIC_EXECUTE,
SeRestrictedCodeSid);
-
+
/* create SystemDefaultDacl */
AclLength = sizeof(ACL) +
- (sizeof(ACE) + RtlLengthSid(SeLocalSystemSid)) +
- (sizeof(ACE) + RtlLengthSid(SeAliasAdminsSid));
-
+ (sizeof(ACE) + RtlLengthSid(SeLocalSystemSid)) +
+ (sizeof(ACE) + RtlLengthSid(SeAliasAdminsSid));
+
SeSystemDefaultDacl = ExAllocatePoolWithTag(PagedPool,
AclLength,
TAG_ACL);
if (SeSystemDefaultDacl == NULL)
return FALSE;
-
+
RtlCreateAcl(SeSystemDefaultDacl,
AclLength,
ACL_REVISION);
-
+
RtlAddAccessAllowedAce(SeSystemDefaultDacl,
ACL_REVISION,
GENERIC_ALL,
SeLocalSystemSid);
-
+
RtlAddAccessAllowedAce(SeSystemDefaultDacl,
ACL_REVISION,
GENERIC_READ | GENERIC_EXECUTE | READ_CONTROL,
SeAliasAdminsSid);
-
+
/* create UnrestrictedDacl */
AclLength = sizeof(ACL) +
- (sizeof(ACE) + RtlLengthSid(SeWorldSid)) +
- (sizeof(ACE) + RtlLengthSid(SeRestrictedCodeSid));
-
+ (sizeof(ACE) + RtlLengthSid(SeWorldSid)) +
+ (sizeof(ACE) + RtlLengthSid(SeRestrictedCodeSid));
+
SeUnrestrictedDacl = ExAllocatePoolWithTag(PagedPool,
AclLength,
TAG_ACL);
if (SeUnrestrictedDacl == NULL)
return FALSE;
-
+
RtlCreateAcl(SeUnrestrictedDacl,
AclLength,
ACL_REVISION);
-
+
RtlAddAccessAllowedAce(SeUnrestrictedDacl,
ACL_REVISION,
GENERIC_ALL,
SeWorldSid);
-
+
RtlAddAccessAllowedAce(SeUnrestrictedDacl,
ACL_REVISION,
GENERIC_READ | GENERIC_EXECUTE,
SeRestrictedCodeSid);
-
- return(TRUE);
+
+ return TRUE;
}
NTSTATUS NTAPI
{
ULONG AclLength;
PVOID TokenDacl;
-
+
PAGED_CODE();
-
+
AclLength = sizeof(ACL) +
(sizeof(ACE) + RtlLengthSid(SeAliasAdminsSid)) +
(sizeof(ACE) + RtlLengthSid(SeRestrictedCodeSid)) +
(sizeof(ACE) + RtlLengthSid(SeLocalSystemSid)) +
(sizeof(ACE) + RtlLengthSid(Token->UserAndGroups->Sid)) +
(sizeof(ACE) + RtlLengthSid(PrimaryToken->UserAndGroups->Sid));
-
+
TokenDacl = ExAllocatePoolWithTag(PagedPool, AclLength, TAG_ACL);
if (TokenDacl == NULL)
{
return STATUS_INSUFFICIENT_RESOURCES;
}
-
+
RtlCreateAcl(TokenDacl, AclLength, ACL_REVISION);
RtlAddAccessAllowedAce(TokenDacl, ACL_REVISION, GENERIC_ALL,
Token->UserAndGroups->Sid);
SeAliasAdminsSid);
RtlAddAccessAllowedAce(TokenDacl, ACL_REVISION, GENERIC_ALL,
SeLocalSystemSid);
-
+
/* FIXME */
#if 0
if (Token->RestrictedSids != NULL || PrimaryToken->RestrictedSids != NULL)
SeRestrictedCodeSid);
}
#endif
-
+
return STATUS_SUCCESS;
}
PACL NewAcl;
ULONG AclSize = 0;
NTSTATUS Status = STATUS_SUCCESS;
-
+
PAGED_CODE();
-
+
if (AccessMode != KernelMode)
{
_SEH2_TRY
_SEH2_YIELD(return _SEH2_GetExceptionCode());
}
_SEH2_END;
-
+
NewAcl = ExAllocatePool(PoolType,
AclSize);
- if(NewAcl != NULL)
+ if (NewAcl != NULL)
{
_SEH2_TRY
{
Status = STATUS_INSUFFICIENT_RESOURCES;
}
}
- else if(!CaptureIfKernel)
+ else if (!CaptureIfKernel)
{
*CapturedAcl = InputAcl;
}
else
{
AclSize = InputAcl->AclSize;
-
+
NewAcl = ExAllocatePool(PoolType,
AclSize);
-
- if(NewAcl != NULL)
+
+ if (NewAcl != NULL)
{
RtlCopyMemory(NewAcl,
InputAcl,
AclSize);
-
+
*CapturedAcl = NewAcl;
}
else
Status = STATUS_INSUFFICIENT_RESOURCES;
}
}
-
+
return Status;
}
IN BOOLEAN CaptureIfKernel)
{
PAGED_CODE();
-
- if(CapturedAcl != NULL &&
- (AccessMode != KernelMode ||
- (AccessMode == KernelMode && CaptureIfKernel)))
+
+ if (CapturedAcl != NULL &&
+ (AccessMode != KernelMode ||
+ (AccessMode == KernelMode && CaptureIfKernel)))
{
ExFreePool(CapturedAcl);
}
* FILE: ntoskrnl/se/audit.c
* PURPOSE: Audit functions
*
- * PROGRAMMERS: Eric Kohl <eric.kohl@t-online.de>
+ * PROGRAMMERS: Eric Kohl
*/
/* INCLUDES *******************************************************************/
POBJECT_NAME_INFORMATION ObjectNameInfo = NULL;
ULONG ReturnLength = 8;
NTSTATUS Status;
+
PAGED_CODE();
ASSERT(AuditInfo);
PUNICODE_STRING ImageName;
PFILE_OBJECT FileObject;
NTSTATUS Status = STATUS_SUCCESS;
+
PAGED_CODE();
/* Assume failure */
IN PUNICODE_STRING LinkName,
IN BOOLEAN bSuccess)
{
- UNIMPLEMENTED;
+ UNIMPLEMENTED;
}
/*
SeAuditingFileEvents(IN BOOLEAN AccessGranted,
IN PSECURITY_DESCRIPTOR SecurityDescriptor)
{
- UNIMPLEMENTED;
- return FALSE;
+ UNIMPLEMENTED;
+ return FALSE;
}
/*
IN PSECURITY_DESCRIPTOR SecurityDescriptor,
IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext OPTIONAL)
{
- UNIMPLEMENTED;
- return FALSE;
+ UNIMPLEMENTED;
+ return FALSE;
}
/*
SeAuditingHardLinkEvents(IN BOOLEAN AccessGranted,
IN PSECURITY_DESCRIPTOR SecurityDescriptor)
{
- UNIMPLEMENTED;
- return FALSE;
+ UNIMPLEMENTED;
+ return FALSE;
}
/*
IN PSECURITY_DESCRIPTOR SecurityDescriptor,
IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext OPTIONAL)
{
- UNIMPLEMENTED;
- return FALSE;
+ UNIMPLEMENTED;
+ return FALSE;
}
/*
IN PSECURITY_DESCRIPTOR SecurityDescriptor,
IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext)
{
- UNIMPLEMENTED;
- return FALSE;
+ UNIMPLEMENTED;
+ return FALSE;
}
/*
*/
VOID
NTAPI
-SeCloseObjectAuditAlarm(
- IN PVOID Object,
+SeCloseObjectAuditAlarm(IN PVOID Object,
IN HANDLE Handle,
- IN BOOLEAN PerformAction
- )
+ IN BOOLEAN PerformAction)
{
- UNIMPLEMENTED;
+ UNIMPLEMENTED;
}
/*
OUT PBOOLEAN GenerateOnClose)
{
PAGED_CODE();
-
+
/* Audits aren't done on kernel-mode access */
if (AccessMode == KernelMode) return;
-
+
/* Otherwise, unimplemented! */
//UNIMPLEMENTED;
return;
IN BOOLEAN AccessGranted,
IN KPROCESSOR_MODE CurrentMode)
{
- UNIMPLEMENTED;
+ UNIMPLEMENTED;
}
/* SYSTEM CALLS ***************************************************************/
IN BOOLEAN GenerateOnClose)
{
UNIMPLEMENTED;
- return(STATUS_NOT_IMPLEMENTED);
+ return STATUS_NOT_IMPLEMENTED;
}
IN BOOLEAN GenerateOnClose)
{
UNIMPLEMENTED;
- return(STATUS_NOT_IMPLEMENTED);
+ return STATUS_NOT_IMPLEMENTED;
}
OUT PBOOLEAN GenerateOnClose)
{
UNIMPLEMENTED;
- return(STATUS_NOT_IMPLEMENTED);
+ return STATUS_NOT_IMPLEMENTED;
}
IN BOOLEAN AccessGranted)
{
UNIMPLEMENTED;
- return(STATUS_NOT_IMPLEMENTED);
+ return STATUS_NOT_IMPLEMENTED;
}
IN BOOLEAN AccessGranted)
{
UNIMPLEMENTED;
- return(STATUS_NOT_IMPLEMENTED);
+ return STATUS_NOT_IMPLEMENTED;
}
/* EOF */
NTAPI
SeMarkLogonSessionForTerminationNotification(IN PLUID LogonId)
{
- UNIMPLEMENTED;
- return STATUS_NOT_IMPLEMENTED;
+ UNIMPLEMENTED;
+ return STATUS_NOT_IMPLEMENTED;
}
/*
NTAPI
SeRegisterLogonSessionTerminatedRoutine(IN PSE_LOGON_SESSION_TERMINATED_ROUTINE CallbackRoutine)
{
- UNIMPLEMENTED;
- return STATUS_NOT_IMPLEMENTED;
+ UNIMPLEMENTED;
+ return STATUS_NOT_IMPLEMENTED;
}
/*
NTAPI
SeUnregisterLogonSessionTerminatedRoutine(IN PSE_LOGON_SESSION_TERMINATED_ROUTINE CallbackRoutine)
{
- UNIMPLEMENTED;
- return STATUS_NOT_IMPLEMENTED;
+ UNIMPLEMENTED;
+ return STATUS_NOT_IMPLEMENTED;
}
/* EOF */
VOID
INIT_FUNCTION
NTAPI
-SepInitPrivileges (VOID)
+SepInitPrivileges(VOID)
{
SeCreateTokenPrivilege.LowPart = SE_CREATE_TOKEN_PRIVILEGE;
SeCreateTokenPrivilege.HighPart = 0;
BOOLEAN
NTAPI
-SepPrivilegeCheck (PTOKEN Token,
- PLUID_AND_ATTRIBUTES Privileges,
- ULONG PrivilegeCount,
- ULONG PrivilegeControl,
- KPROCESSOR_MODE PreviousMode)
+SepPrivilegeCheck(PTOKEN Token,
+ PLUID_AND_ATTRIBUTES Privileges,
+ ULONG PrivilegeCount,
+ ULONG PrivilegeControl,
+ KPROCESSOR_MODE PreviousMode)
{
ULONG i;
ULONG j;
ULONG k;
-
- DPRINT ("SepPrivilegeCheck() called\n");
-
+
+ DPRINT("SepPrivilegeCheck() called\n");
+
PAGED_CODE();
-
+
if (PreviousMode == KernelMode)
{
return TRUE;
}
-
+
k = 0;
if (PrivilegeCount > 0)
{
if (Token->Privileges[i].Luid.LowPart == Privileges[j].Luid.LowPart &&
Token->Privileges[i].Luid.HighPart == Privileges[j].Luid.HighPart)
{
- DPRINT ("Found privilege\n");
- DPRINT ("Privilege attributes %lx\n",
- Token->Privileges[i].Attributes);
-
+ DPRINT("Found privilege\n");
+ DPRINT("Privilege attributes %lx\n",
+ Token->Privileges[i].Attributes);
+
if (Token->Privileges[i].Attributes & SE_PRIVILEGE_ENABLED)
{
Privileges[j].Attributes |= SE_PRIVILEGE_USED_FOR_ACCESS;
}
}
}
-
+
if ((PrivilegeControl & PRIVILEGE_SET_ALL_NECESSARY) &&
PrivilegeCount == k)
{
return TRUE;
}
-
+
if (k > 0 &&
!(PrivilegeControl & PRIVILEGE_SET_ALL_NECESSARY))
{
return TRUE;
}
-
+
return FALSE;
}
NTSTATUS
NTAPI
-SeCaptureLuidAndAttributesArray (PLUID_AND_ATTRIBUTES Src,
- ULONG PrivilegeCount,
- KPROCESSOR_MODE PreviousMode,
- PLUID_AND_ATTRIBUTES AllocatedMem,
- ULONG AllocatedLength,
- POOL_TYPE PoolType,
- BOOLEAN CaptureIfKernel,
- PLUID_AND_ATTRIBUTES* Dest,
- PULONG Length)
+SeCaptureLuidAndAttributesArray(PLUID_AND_ATTRIBUTES Src,
+ ULONG PrivilegeCount,
+ KPROCESSOR_MODE PreviousMode,
+ PLUID_AND_ATTRIBUTES AllocatedMem,
+ ULONG AllocatedLength,
+ POOL_TYPE PoolType,
+ BOOLEAN CaptureIfKernel,
+ PLUID_AND_ATTRIBUTES *Dest,
+ PULONG Length)
{
ULONG BufferSize;
NTSTATUS Status = STATUS_SUCCESS;
-
+
PAGED_CODE();
-
+
if (PrivilegeCount == 0)
{
*Dest = 0;
*Length = 0;
return STATUS_SUCCESS;
}
-
+
if (PreviousMode == KernelMode && !CaptureIfKernel)
{
*Dest = Src;
return STATUS_SUCCESS;
}
-
+
/* FIXME - check PrivilegeCount for a valid number so we don't
cause an integer overflow or exhaust system resources! */
-
+
BufferSize = PrivilegeCount * sizeof(LUID_AND_ATTRIBUTES);
*Length = ROUND_UP(BufferSize, 4); /* round up to a 4 byte alignment */
-
+
/* probe the buffer */
if (PreviousMode != KernelMode)
{
}
_SEH2_END;
}
-
+
/* allocate enough memory or check if the provided buffer is
large enough to hold the array */
if (AllocatedMem != NULL)
{
return STATUS_BUFFER_TOO_SMALL;
}
-
+
*Dest = AllocatedMem;
}
else
{
*Dest = ExAllocatePool(PoolType,
BufferSize);
-
if (*Dest == NULL)
{
return STATUS_INSUFFICIENT_RESOURCES;
Status = _SEH2_GetExceptionCode();
}
_SEH2_END;
-
+
if (!NT_SUCCESS(Status) && AllocatedMem == NULL)
{
ExFreePool(*Dest);
}
-
+
return Status;
}
VOID
NTAPI
-SeReleaseLuidAndAttributesArray (PLUID_AND_ATTRIBUTES Privilege,
- KPROCESSOR_MODE PreviousMode,
- BOOLEAN CaptureIfKernel)
+SeReleaseLuidAndAttributesArray(PLUID_AND_ATTRIBUTES Privilege,
+ KPROCESSOR_MODE PreviousMode,
+ BOOLEAN CaptureIfKernel)
{
PAGED_CODE();
-
+
if (Privilege != NULL &&
(PreviousMode != KernelMode || CaptureIfKernel))
{
/*
* @implemented
*/
-BOOLEAN NTAPI
-SePrivilegeCheck (PPRIVILEGE_SET Privileges,
- PSECURITY_SUBJECT_CONTEXT SubjectContext,
- KPROCESSOR_MODE PreviousMode)
+BOOLEAN
+NTAPI
+SePrivilegeCheck(PPRIVILEGE_SET Privileges,
+ PSECURITY_SUBJECT_CONTEXT SubjectContext,
+ KPROCESSOR_MODE PreviousMode)
{
PACCESS_TOKEN Token = NULL;
-
+
PAGED_CODE();
-
+
if (SubjectContext->ClientToken == NULL)
{
Token = SubjectContext->PrimaryToken;
return FALSE;
}
}
-
- return SepPrivilegeCheck (Token,
- Privileges->Privilege,
- Privileges->PrivilegeCount,
- Privileges->Control,
- PreviousMode);
+
+ return SepPrivilegeCheck(Token,
+ Privileges->Privilege,
+ Privileges->PrivilegeCount,
+ Privileges->Control,
+ PreviousMode);
}
/*
* @implemented
*/
-BOOLEAN NTAPI
-SeSinglePrivilegeCheck (IN LUID PrivilegeValue,
- IN KPROCESSOR_MODE PreviousMode)
+BOOLEAN
+NTAPI
+SeSinglePrivilegeCheck(IN LUID PrivilegeValue,
+ IN KPROCESSOR_MODE PreviousMode)
{
SECURITY_SUBJECT_CONTEXT SubjectContext;
PRIVILEGE_SET Priv;
BOOLEAN Result;
-
+
PAGED_CODE();
-
- SeCaptureSubjectContext (&SubjectContext);
-
+
+ SeCaptureSubjectContext(&SubjectContext);
+
Priv.PrivilegeCount = 1;
Priv.Control = PRIVILEGE_SET_ALL_NECESSARY;
Priv.Privilege[0].Luid = PrivilegeValue;
Priv.Privilege[0].Attributes = SE_PRIVILEGE_ENABLED;
-
- Result = SePrivilegeCheck (&Priv,
- &SubjectContext,
- PreviousMode);
-
+
+ Result = SePrivilegeCheck(&Priv,
+ &SubjectContext,
+ PreviousMode);
+
if (PreviousMode != KernelMode)
{
#if 0
- SePrivilegedServiceAuditAlarm (0,
- &SubjectContext,
- &PrivilegeValue);
+ SePrivilegedServiceAuditAlarm(0,
+ &SubjectContext,
+ &PrivilegeValue);
#endif
}
-
- SeReleaseSubjectContext (&SubjectContext);
-
+
+ SeReleaseSubjectContext(&SubjectContext);
+
return Result;
}
/* SYSTEM CALLS ***************************************************************/
-NTSTATUS NTAPI
-NtPrivilegeCheck (IN HANDLE ClientToken,
- IN PPRIVILEGE_SET RequiredPrivileges,
- OUT PBOOLEAN Result)
+NTSTATUS
+NTAPI
+NtPrivilegeCheck(IN HANDLE ClientToken,
+ IN PPRIVILEGE_SET RequiredPrivileges,
+ OUT PBOOLEAN Result)
{
PLUID_AND_ATTRIBUTES Privileges;
PTOKEN Token;
BOOLEAN CheckResult;
KPROCESSOR_MODE PreviousMode;
NTSTATUS Status;
-
+
PAGED_CODE();
-
+
PreviousMode = KeGetPreviousMode();
-
+
/* probe the buffers */
if (PreviousMode != KernelMode)
{
FIELD_OFFSET(PRIVILEGE_SET,
Privilege),
sizeof(ULONG));
-
+
PrivilegeCount = RequiredPrivileges->PrivilegeCount;
PrivilegeControl = RequiredPrivileges->Control;
-
+
/* Check PrivilegeCount to avoid an integer overflow! */
if (FIELD_OFFSET(PRIVILEGE_SET,
Privilege[PrivilegeCount]) /
{
_SEH2_YIELD(return STATUS_INVALID_PARAMETER);
}
-
+
/* probe all of the array */
ProbeForWrite(RequiredPrivileges,
FIELD_OFFSET(PRIVILEGE_SET,
Privilege[PrivilegeCount]),
sizeof(ULONG));
-
+
ProbeForWriteBoolean(Result);
}
_SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
PrivilegeCount = RequiredPrivileges->PrivilegeCount;
PrivilegeControl = RequiredPrivileges->Control;
}
-
+
/* reference the token and make sure we're
not doing an anonymous impersonation */
- Status = ObReferenceObjectByHandle (ClientToken,
- TOKEN_QUERY,
- SepTokenObjectType,
- PreviousMode,
- (PVOID*)&Token,
- NULL);
+ Status = ObReferenceObjectByHandle(ClientToken,
+ TOKEN_QUERY,
+ SepTokenObjectType,
+ PreviousMode,
+ (PVOID*)&Token,
+ NULL);
if (!NT_SUCCESS(Status))
{
return Status;
}
-
+
if (Token->TokenType == TokenImpersonation &&
Token->ImpersonationLevel < SecurityIdentification)
{
- ObDereferenceObject (Token);
+ ObDereferenceObject(Token);
return STATUS_BAD_IMPERSONATION_LEVEL;
}
-
+
/* capture the privileges */
- Status = SeCaptureLuidAndAttributesArray (RequiredPrivileges->Privilege,
- PrivilegeCount,
- PreviousMode,
- NULL,
- 0,
- PagedPool,
- TRUE,
- &Privileges,
- &Length);
+ Status = SeCaptureLuidAndAttributesArray(RequiredPrivileges->Privilege,
+ PrivilegeCount,
+ PreviousMode,
+ NULL,
+ 0,
+ PagedPool,
+ TRUE,
+ &Privileges,
+ &Length);
if (!NT_SUCCESS(Status))
{
ObDereferenceObject (Token);
return Status;
}
-
- CheckResult = SepPrivilegeCheck (Token,
- Privileges,
- PrivilegeCount,
- PrivilegeControl,
- PreviousMode);
-
- ObDereferenceObject (Token);
-
+
+ CheckResult = SepPrivilegeCheck(Token,
+ Privileges,
+ PrivilegeCount,
+ PrivilegeControl,
+ PreviousMode);
+
+ ObDereferenceObject(Token);
+
/* return the array */
_SEH2_TRY
{
Status = _SEH2_GetExceptionCode();
}
_SEH2_END;
-
- SeReleaseLuidAndAttributesArray (Privileges,
- PreviousMode,
- TRUE);
-
+
+ SeReleaseLuidAndAttributesArray(Privileges,
+ PreviousMode,
+ TRUE);
+
return Status;
}
-
/* EOF */
sizeof(SECURITY_DESCRIPTOR), TAG_SD);
if (SePublicDefaultSd == NULL)
return FALSE;
-
+
RtlCreateSecurityDescriptor(SePublicDefaultSd,
SECURITY_DESCRIPTOR_REVISION);
RtlSetDaclSecurityDescriptor(SePublicDefaultSd,
TRUE,
SePublicDefaultDacl,
FALSE);
-
+
/* Create PublicDefaultUnrestrictedSd */
SePublicDefaultUnrestrictedSd = ExAllocatePoolWithTag(PagedPool,
sizeof(SECURITY_DESCRIPTOR), TAG_SD);
if (SePublicDefaultUnrestrictedSd == NULL)
return FALSE;
-
+
RtlCreateSecurityDescriptor(SePublicDefaultUnrestrictedSd,
SECURITY_DESCRIPTOR_REVISION);
RtlSetDaclSecurityDescriptor(SePublicDefaultUnrestrictedSd,
TRUE,
SePublicDefaultUnrestrictedDacl,
FALSE);
-
+
/* Create PublicOpenSd */
SePublicOpenSd = ExAllocatePoolWithTag(PagedPool,
sizeof(SECURITY_DESCRIPTOR), TAG_SD);
if (SePublicOpenSd == NULL)
return FALSE;
-
+
RtlCreateSecurityDescriptor(SePublicOpenSd,
SECURITY_DESCRIPTOR_REVISION);
RtlSetDaclSecurityDescriptor(SePublicOpenSd,
TRUE,
SePublicOpenDacl,
FALSE);
-
+
/* Create PublicOpenUnrestrictedSd */
SePublicOpenUnrestrictedSd = ExAllocatePoolWithTag(PagedPool,
sizeof(SECURITY_DESCRIPTOR), TAG_SD);
if (SePublicOpenUnrestrictedSd == NULL)
return FALSE;
-
+
RtlCreateSecurityDescriptor(SePublicOpenUnrestrictedSd,
SECURITY_DESCRIPTOR_REVISION);
RtlSetDaclSecurityDescriptor(SePublicOpenUnrestrictedSd,
TRUE,
SePublicOpenUnrestrictedDacl,
FALSE);
-
+
/* Create SystemDefaultSd */
SeSystemDefaultSd = ExAllocatePoolWithTag(PagedPool,
sizeof(SECURITY_DESCRIPTOR), TAG_SD);
if (SeSystemDefaultSd == NULL)
return FALSE;
-
+
RtlCreateSecurityDescriptor(SeSystemDefaultSd,
SECURITY_DESCRIPTOR_REVISION);
RtlSetDaclSecurityDescriptor(SeSystemDefaultSd,
TRUE,
SeSystemDefaultDacl,
FALSE);
-
+
/* Create UnrestrictedSd */
SeUnrestrictedSd = ExAllocatePoolWithTag(PagedPool,
sizeof(SECURITY_DESCRIPTOR), TAG_SD);
if (SeUnrestrictedSd == NULL)
return FALSE;
-
+
RtlCreateSecurityDescriptor(SeUnrestrictedSd,
SECURITY_DESCRIPTOR_REVISION);
RtlSetDaclSecurityDescriptor(SeUnrestrictedSd,
TRUE,
SeUnrestrictedDacl,
FALSE);
-
+
return TRUE;
}
ULONG SdSize;
NTSTATUS Status;
PISECURITY_DESCRIPTOR_RELATIVE SdRel = (PISECURITY_DESCRIPTOR_RELATIVE)SecurityDescriptor;
-
+
DPRINT("SeSetWorldSecurityDescriptor() called\n");
-
+
if (SecurityInformation == 0)
{
return STATUS_ACCESS_DENIED;
}
-
+
/* calculate the minimum size of the buffer */
SidSize = RtlLengthSid(SeWorldSid);
SdSize = sizeof(SECURITY_DESCRIPTOR_RELATIVE);
{
SdSize += sizeof(ACL) + sizeof(ACE) + SidSize;
}
-
+
if (*BufferLength < SdSize)
{
*BufferLength = SdSize;
return STATUS_BUFFER_TOO_SMALL;
}
-
+
*BufferLength = SdSize;
-
+
Status = RtlCreateSecurityDescriptorRelative(SdRel,
SECURITY_DESCRIPTOR_REVISION);
if (!NT_SUCCESS(Status))
{
return Status;
}
-
+
Current = (ULONG_PTR)(SdRel + 1);
-
+
if (SecurityInformation & OWNER_SECURITY_INFORMATION)
{
RtlCopyMemory((PVOID)Current,
SdRel->Owner = (ULONG)((ULONG_PTR)Current - (ULONG_PTR)SdRel);
Current += SidSize;
}
-
+
if (SecurityInformation & GROUP_SECURITY_INFORMATION)
{
RtlCopyMemory((PVOID)Current,
SdRel->Group = (ULONG)((ULONG_PTR)Current - (ULONG_PTR)SdRel);
Current += SidSize;
}
-
+
if (SecurityInformation & DACL_SECURITY_INFORMATION)
{
PACL Dacl = (PACL)Current;
SdRel->Control |= SE_DACL_PRESENT;
-
+
Status = RtlCreateAcl(Dacl,
sizeof(ACL) + sizeof(ACE) + SidSize,
ACL_REVISION);
if (!NT_SUCCESS(Status))
return Status;
-
+
Status = RtlAddAccessAllowedAce(Dacl,
ACL_REVISION,
GENERIC_ALL,
SeWorldSid);
if (!NT_SUCCESS(Status))
return Status;
-
+
SdRel->Dacl = (ULONG)((ULONG_PTR)Current - (ULONG_PTR)SdRel);
}
-
+
if (SecurityInformation & SACL_SECURITY_INFORMATION)
{
/* FIXME - SdRel->Control |= SE_SACL_PRESENT; */
}
-
+
return STATUS_SUCCESS;
}
{
PSECURITY_QUALITY_OF_SERVICE CapturedQos;
NTSTATUS Status = STATUS_SUCCESS;
-
+
PAGED_CODE();
-
+
ASSERT(CapturedSecurityQualityOfService);
ASSERT(Present);
-
- if(ObjectAttributes != NULL)
+
+ if (ObjectAttributes != NULL)
{
- if(AccessMode != KernelMode)
+ if (AccessMode != KernelMode)
{
SECURITY_QUALITY_OF_SERVICE SafeQos;
-
+
_SEH2_TRY
{
ProbeForRead(ObjectAttributes,
sizeof(OBJECT_ATTRIBUTES),
sizeof(ULONG));
- if(ObjectAttributes->Length == sizeof(OBJECT_ATTRIBUTES))
+ if (ObjectAttributes->Length == sizeof(OBJECT_ATTRIBUTES))
{
- if(ObjectAttributes->SecurityQualityOfService != NULL)
+ if (ObjectAttributes->SecurityQualityOfService != NULL)
{
ProbeForRead(ObjectAttributes->SecurityQualityOfService,
sizeof(SECURITY_QUALITY_OF_SERVICE),
sizeof(ULONG));
- if(((PSECURITY_QUALITY_OF_SERVICE)ObjectAttributes->SecurityQualityOfService)->Length ==
- sizeof(SECURITY_QUALITY_OF_SERVICE))
+ if (((PSECURITY_QUALITY_OF_SERVICE)ObjectAttributes->SecurityQualityOfService)->Length ==
+ sizeof(SECURITY_QUALITY_OF_SERVICE))
{
/* don't allocate memory here because ExAllocate should bugcheck
the system if it's buggy, SEH would catch that! So make a local
Status = _SEH2_GetExceptionCode();
}
_SEH2_END;
-
- if(NT_SUCCESS(Status))
+
+ if (NT_SUCCESS(Status))
{
- if(*Present)
+ if (*Present)
{
CapturedQos = ExAllocatePool(PoolType,
sizeof(SECURITY_QUALITY_OF_SERVICE));
- if(CapturedQos != NULL)
+ if (CapturedQos != NULL)
{
RtlCopyMemory(CapturedQos,
&SafeQos,
}
else
{
- if(ObjectAttributes->Length == sizeof(OBJECT_ATTRIBUTES))
+ if (ObjectAttributes->Length == sizeof(OBJECT_ATTRIBUTES))
{
- if(CaptureIfKernel)
+ if (CaptureIfKernel)
{
- if(ObjectAttributes->SecurityQualityOfService != NULL)
+ if (ObjectAttributes->SecurityQualityOfService != NULL)
{
- if(((PSECURITY_QUALITY_OF_SERVICE)ObjectAttributes->SecurityQualityOfService)->Length ==
- sizeof(SECURITY_QUALITY_OF_SERVICE))
+ if (((PSECURITY_QUALITY_OF_SERVICE)ObjectAttributes->SecurityQualityOfService)->Length ==
+ sizeof(SECURITY_QUALITY_OF_SERVICE))
{
CapturedQos = ExAllocatePool(PoolType,
sizeof(SECURITY_QUALITY_OF_SERVICE));
- if(CapturedQos != NULL)
+ if (CapturedQos != NULL)
{
RtlCopyMemory(CapturedQos,
ObjectAttributes->SecurityQualityOfService,
*CapturedSecurityQualityOfService = NULL;
*Present = FALSE;
}
-
+
return Status;
}
IN BOOLEAN CaptureIfKernel)
{
PAGED_CODE();
-
- if(CapturedSecurityQualityOfService != NULL &&
- (AccessMode != KernelMode || CaptureIfKernel))
+
+ if (CapturedSecurityQualityOfService != NULL &&
+ (AccessMode != KernelMode || CaptureIfKernel))
{
ExFreePool(CapturedSecurityQualityOfService);
}
ULONG SaclSize = 0, DaclSize = 0;
ULONG DescriptorSize = 0;
NTSTATUS Status;
-
- if(OriginalSecurityDescriptor != NULL)
+
+ if (OriginalSecurityDescriptor != NULL)
{
- if(CurrentMode != KernelMode)
+ if (CurrentMode != KernelMode)
{
RtlZeroMemory(&DescriptorCopy, sizeof(DescriptorCopy));
-
+
_SEH2_TRY
{
/* first only probe and copy until the control field of the descriptor
ProbeForRead(OriginalSecurityDescriptor,
DescriptorSize,
sizeof(ULONG));
-
- if(OriginalSecurityDescriptor->Revision != SECURITY_DESCRIPTOR_REVISION1)
+
+ if (OriginalSecurityDescriptor->Revision != SECURITY_DESCRIPTOR_REVISION1)
{
_SEH2_YIELD(return STATUS_UNKNOWN_REVISION);
}
-
+
/* make a copy on the stack */
DescriptorCopy.Revision = OriginalSecurityDescriptor->Revision;
DescriptorCopy.Sbz1 = OriginalSecurityDescriptor->Sbz1;
DescriptorCopy.Control = OriginalSecurityDescriptor->Control;
DescriptorSize = ((DescriptorCopy.Control & SE_SELF_RELATIVE) ?
sizeof(SECURITY_DESCRIPTOR_RELATIVE) : sizeof(SECURITY_DESCRIPTOR));
-
+
/* probe and copy the entire security descriptor structure. The SIDs
and ACLs will be probed and copied later though */
ProbeForRead(OriginalSecurityDescriptor,
DescriptorSize,
sizeof(ULONG));
- if(DescriptorCopy.Control & SE_SELF_RELATIVE)
+ if (DescriptorCopy.Control & SE_SELF_RELATIVE)
{
PISECURITY_DESCRIPTOR_RELATIVE RelSD = (PISECURITY_DESCRIPTOR_RELATIVE)OriginalSecurityDescriptor;
}
_SEH2_END;
}
- else if(!CaptureIfKernel)
+ else if (!CaptureIfKernel)
{
- if(OriginalSecurityDescriptor->Revision != SECURITY_DESCRIPTOR_REVISION1)
+ if (OriginalSecurityDescriptor->Revision != SECURITY_DESCRIPTOR_REVISION1)
{
return STATUS_UNKNOWN_REVISION;
}
-
+
*CapturedSecurityDescriptor = OriginalSecurityDescriptor;
return STATUS_SUCCESS;
}
{
return STATUS_UNKNOWN_REVISION;
}
-
+
/* make a copy on the stack */
DescriptorCopy.Revision = OriginalSecurityDescriptor->Revision;
DescriptorCopy.Sbz1 = OriginalSecurityDescriptor->Sbz1;
DescriptorCopy.Control = OriginalSecurityDescriptor->Control;
DescriptorSize = ((DescriptorCopy.Control & SE_SELF_RELATIVE) ?
sizeof(SECURITY_DESCRIPTOR_RELATIVE) : sizeof(SECURITY_DESCRIPTOR));
- if(DescriptorCopy.Control & SE_SELF_RELATIVE)
+ if (DescriptorCopy.Control & SE_SELF_RELATIVE)
{
PISECURITY_DESCRIPTOR_RELATIVE RelSD = (PISECURITY_DESCRIPTOR_RELATIVE)OriginalSecurityDescriptor;
DescriptorCopy.Dacl = OriginalSecurityDescriptor->Dacl;
}
}
-
- if(DescriptorCopy.Control & SE_SELF_RELATIVE)
+
+ if (DescriptorCopy.Control & SE_SELF_RELATIVE)
{
/* in case we're dealing with a self-relative descriptor, do a basic convert
to an absolute descriptor. We do this so we can simply access the data
using the pointers without calculating them again. */
DescriptorCopy.Control &= ~SE_SELF_RELATIVE;
- if(DescriptorCopy.Owner != NULL)
+ if (DescriptorCopy.Owner != NULL)
{
DescriptorCopy.Owner = (PSID)((ULONG_PTR)OriginalSecurityDescriptor + (ULONG_PTR)DescriptorCopy.Owner);
}
- if(DescriptorCopy.Group != NULL)
+ if (DescriptorCopy.Group != NULL)
{
DescriptorCopy.Group = (PSID)((ULONG_PTR)OriginalSecurityDescriptor + (ULONG_PTR)DescriptorCopy.Group);
}
- if(DescriptorCopy.Dacl != NULL)
+ if (DescriptorCopy.Dacl != NULL)
{
DescriptorCopy.Dacl = (PACL)((ULONG_PTR)OriginalSecurityDescriptor + (ULONG_PTR)DescriptorCopy.Dacl);
}
- if(DescriptorCopy.Sacl != NULL)
+ if (DescriptorCopy.Sacl != NULL)
{
DescriptorCopy.Sacl = (PACL)((ULONG_PTR)OriginalSecurityDescriptor + (ULONG_PTR)DescriptorCopy.Sacl);
}
}
-
+
/* determine the size of the SIDs */
#define DetermineSIDSize(SidType) \
do { \
} \
} \
} while(0)
-
+
DetermineSIDSize(Owner);
DetermineSIDSize(Group);
-
+
#undef DetermineSIDSize
-
+
/* determine the size of the ACLs */
#define DetermineACLSize(AclType, AclFlag) \
do { \
DescriptorCopy.AclType = NULL; \
} \
} while(0)
-
+
DetermineACLSize(Sacl, SACL);
DetermineACLSize(Dacl, DACL);
-
+
#undef DetermineACLSize
-
+
/* allocate enough memory to store a complete copy of a self-relative
security descriptor */
NewDescriptor = ExAllocatePoolWithTag(PoolType,
Offset += ROUND_UP(Type##Size, sizeof(ULONG)); \
} \
} while(0)
-
+
CopySID(Owner);
CopySID(Group);
-
+
#undef CopySID
-
+
#define CopyACL(Type) \
do { \
if(DescriptorCopy.Type != NULL) \
Offset += ROUND_UP(Type##Size, sizeof(ULONG)); \
} \
} while(0)
-
+
CopyACL(Sacl);
CopyACL(Dacl);
-
+
#undef CopyACL
}
_SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
_SEH2_YIELD(return _SEH2_GetExceptionCode());
}
_SEH2_END;
-
+
/* we're finally done! copy the pointer to the captured descriptor to
to the caller */
*CapturedSecurityDescriptor = NewDescriptor;
return STATUS_SUCCESS;
-
}
else
{
/* nothing to do... */
*CapturedSecurityDescriptor = NULL;
}
-
+
return Status;
}
ULONG Control = 0;
ULONG_PTR Current;
ULONG SdLength;
-
+
RelSD = (PISECURITY_DESCRIPTOR_RELATIVE)SecurityDescriptor;
-
+
if (*ObjectsSecurityDescriptor == NULL)
{
if (*Length < sizeof(SECURITY_DESCRIPTOR_RELATIVE))
*Length = sizeof(SECURITY_DESCRIPTOR_RELATIVE);
return STATUS_BUFFER_TOO_SMALL;
}
-
+
*Length = sizeof(SECURITY_DESCRIPTOR_RELATIVE);
RtlCreateSecurityDescriptorRelative(RelSD,
SECURITY_DESCRIPTOR_REVISION);
return STATUS_SUCCESS;
}
-
+
ObjectSd = *ObjectsSecurityDescriptor;
-
+
/* Calculate the required security descriptor length */
Control = SE_SELF_RELATIVE;
if ((*SecurityInformation & OWNER_SECURITY_INFORMATION) &&
OwnerLength = ROUND_UP(RtlLengthSid(Owner), 4);
Control |= (ObjectSd->Control & SE_OWNER_DEFAULTED);
}
-
+
if ((*SecurityInformation & GROUP_SECURITY_INFORMATION) &&
(ObjectSd->Group != NULL))
{
GroupLength = ROUND_UP(RtlLengthSid(Group), 4);
Control |= (ObjectSd->Control & SE_GROUP_DEFAULTED);
}
-
+
if ((*SecurityInformation & DACL_SECURITY_INFORMATION) &&
(ObjectSd->Control & SE_DACL_PRESENT))
{
}
Control |= (ObjectSd->Control & (SE_DACL_DEFAULTED | SE_DACL_PRESENT));
}
-
+
if ((*SecurityInformation & SACL_SECURITY_INFORMATION) &&
(ObjectSd->Control & SE_SACL_PRESENT))
{
}
Control |= (ObjectSd->Control & (SE_SACL_DEFAULTED | SE_SACL_PRESENT));
}
-
+
SdLength = OwnerLength + GroupLength + DaclLength +
SaclLength + sizeof(SECURITY_DESCRIPTOR_RELATIVE);
if (*Length < SdLength)
*Length = SdLength;
return STATUS_BUFFER_TOO_SMALL;
}
-
+
/* Build the new security descrtiptor */
RtlCreateSecurityDescriptorRelative(RelSD,
SECURITY_DESCRIPTOR_REVISION);
RelSD->Control = (USHORT)Control;
-
+
Current = (ULONG_PTR)(RelSD + 1);
-
+
if (OwnerLength != 0)
{
RtlCopyMemory((PVOID)Current,
RelSD->Owner = (ULONG)(Current - (ULONG_PTR)SecurityDescriptor);
Current += OwnerLength;
}
-
+
if (GroupLength != 0)
{
RtlCopyMemory((PVOID)Current,
RelSD->Group = (ULONG)(Current - (ULONG_PTR)SecurityDescriptor);
Current += GroupLength;
}
-
+
if (DaclLength != 0)
{
RtlCopyMemory((PVOID)Current,
RelSD->Dacl = (ULONG)(Current - (ULONG_PTR)SecurityDescriptor);
Current += DaclLength;
}
-
+
if (SaclLength != 0)
{
RtlCopyMemory((PVOID)Current,
RelSD->Sacl = (ULONG)(Current - (ULONG_PTR)SecurityDescriptor);
Current += SaclLength;
}
-
+
*Length = SdLength;
-
+
return STATUS_SUCCESS;
}
IN BOOLEAN CaptureIfKernelMode)
{
PAGED_CODE();
-
+
/* WARNING! You need to call this function with the same value for CurrentMode
and CaptureIfKernelMode that you previously passed to
SeCaptureSecurityDescriptor() in order to avoid memory leaks! */
/* only delete the descriptor when SeCaptureSecurityDescriptor() allocated one! */
ExFreePoolWithTag(CapturedSecurityDescriptor, TAG_SD);
}
-
+
return STATUS_SUCCESS;
}
ULONG Control = 0;
ULONG_PTR Current;
SECURITY_INFORMATION SecurityInformation;
-
+
ObjectSd = *ObjectsSecurityDescriptor;
-
+
if (!ObjectSd)
return STATUS_NO_SECURITY_ON_OBJECT; // The object does not have a security descriptor.
-
+
SecurityInformation = *_SecurityInformation;
-
+
/* Get owner and owner size */
if (SecurityInformation & OWNER_SECURITY_INFORMATION)
{
if (SecurityDescriptor->Owner != NULL)
{
- if( SecurityDescriptor->Control & SE_SELF_RELATIVE )
+ if (SecurityDescriptor->Control & SE_SELF_RELATIVE)
Owner = (PSID)((ULONG_PTR)SecurityDescriptor->Owner +
(ULONG_PTR)SecurityDescriptor);
else
Owner = (PSID)SecurityDescriptor->Owner;
OwnerLength = ROUND_UP(RtlLengthSid(Owner), 4);
}
+
Control |= (SecurityDescriptor->Control & SE_OWNER_DEFAULTED);
}
else
Owner = (PSID)((ULONG_PTR)ObjectSd->Owner + (ULONG_PTR)ObjectSd);
OwnerLength = ROUND_UP(RtlLengthSid(Owner), 4);
}
+
Control |= (ObjectSd->Control & SE_OWNER_DEFAULTED);
}
Group = (PSID)SecurityDescriptor->Group;
GroupLength = ROUND_UP(RtlLengthSid(Group), 4);
}
+
Control |= (SecurityDescriptor->Control & SE_GROUP_DEFAULTED);
}
else
Group = (PSID)((ULONG_PTR)ObjectSd->Group + (ULONG_PTR)ObjectSd);
GroupLength = ROUND_UP(RtlLengthSid(Group), 4);
}
+
Control |= (ObjectSd->Control & SE_GROUP_DEFAULTED);
}
-
+
/* Get DACL and DACL size */
if (SecurityInformation & DACL_SECURITY_INFORMATION)
{
(ULONG_PTR)SecurityDescriptor);
else
Dacl = (PACL)SecurityDescriptor->Dacl;
-
+
DaclLength = ROUND_UP((ULONG)Dacl->AclSize, 4);
}
+
Control |= (SecurityDescriptor->Control & (SE_DACL_DEFAULTED | SE_DACL_PRESENT));
}
else
Dacl = (PACL)((ULONG_PTR)ObjectSd->Dacl + (ULONG_PTR)ObjectSd);
DaclLength = ROUND_UP((ULONG)Dacl->AclSize, 4);
}
+
Control |= (ObjectSd->Control & (SE_DACL_DEFAULTED | SE_DACL_PRESENT));
}
Sacl = (PACL)SecurityDescriptor->Sacl;
SaclLength = ROUND_UP((ULONG)Sacl->AclSize, 4);
}
+
Control |= (SecurityDescriptor->Control & (SE_SACL_DEFAULTED | SE_SACL_PRESENT));
}
else
Sacl = (PACL)((ULONG_PTR)ObjectSd->Sacl + (ULONG_PTR)ObjectSd);
SaclLength = ROUND_UP((ULONG)Sacl->AclSize, 4);
}
+
Control |= (ObjectSd->Control & (SE_SACL_DEFAULTED | SE_SACL_PRESENT));
}
-
+
NewSd = ExAllocatePool(NonPagedPool,
sizeof(SECURITY_DESCRIPTOR) + OwnerLength + GroupLength +
DaclLength + SaclLength);
ObDereferenceObject(Object);
return STATUS_INSUFFICIENT_RESOURCES;
}
-
+
RtlCreateSecurityDescriptor(NewSd,
SECURITY_DESCRIPTOR_REVISION1);
+
/* We always build a self-relative descriptor */
NewSd->Control = (USHORT)Control | SE_SELF_RELATIVE;
-
+
Current = (ULONG_PTR)NewSd + sizeof(SECURITY_DESCRIPTOR);
-
+
if (OwnerLength != 0)
{
RtlCopyMemory((PVOID)Current,
NewSd->Owner = (PSID)(Current - (ULONG_PTR)NewSd);
Current += OwnerLength;
}
-
+
if (GroupLength != 0)
{
RtlCopyMemory((PVOID)Current,
NewSd->Group = (PSID)(Current - (ULONG_PTR)NewSd);
Current += GroupLength;
}
-
+
if (DaclLength != 0)
{
RtlCopyMemory((PVOID)Current,
NewSd->Dacl = (PACL)(Current - (ULONG_PTR)NewSd);
Current += DaclLength;
}
-
+
if (SaclLength != 0)
{
RtlCopyMemory((PVOID)Current,
SaclLength);
NewSd->Sacl = (PACL)(Current - (ULONG_PTR)NewSd);
Current += SaclLength;
- }
-
+ }
+
*ObjectsSecurityDescriptor = NewSd;
return STATUS_SUCCESS;
}
IN PGENERIC_MAPPING GenericMapping)
{
PISECURITY_DESCRIPTOR ObjectSd = *ObjectsSecurityDescriptor;
-
+
if (!ObjectSd)
return STATUS_NO_SECURITY_ON_OBJECT; // The object does not have a security descriptor.
-
- UNIMPLEMENTED;
- return STATUS_NOT_IMPLEMENTED;
+
+ UNIMPLEMENTED;
+ return STATUS_NOT_IMPLEMENTED;
}
PISID Sid;
PACL Acl;
PISECURITY_DESCRIPTOR SecurityDescriptor = _SecurityDescriptor;
-
+
if (Length < SECURITY_DESCRIPTOR_MIN_LENGTH)
{
DPRINT1("Invalid Security Descriptor revision\n");
return FALSE;
}
-
+
if (SecurityDescriptor->Revision != SECURITY_DESCRIPTOR_REVISION1)
{
DPRINT1("Invalid Security Descriptor revision\n");
return FALSE;
}
-
+
if (!(SecurityDescriptor->Control & SE_SELF_RELATIVE))
{
DPRINT1("No self-relative Security Descriptor\n");
return FALSE;
}
-
+
SdLength = sizeof(SECURITY_DESCRIPTOR);
-
+
/* Check Owner SID */
if (SecurityDescriptor->Owner == NULL)
{
DPRINT1("No Owner SID\n");
return FALSE;
}
-
+
if ((ULONG_PTR)SecurityDescriptor->Owner % sizeof(ULONG))
{
DPRINT1("Invalid Owner SID alignment\n");
return FALSE;
}
-
+
Sid = (PISID)((ULONG_PTR)SecurityDescriptor + (ULONG_PTR)SecurityDescriptor->Owner);
if (Sid->Revision != SID_REVISION)
{
DPRINT1("Invalid Owner SID revision\n");
return FALSE;
}
-
+
SdLength += (sizeof(SID) + (Sid->SubAuthorityCount - 1) * sizeof(ULONG));
if (Length < SdLength)
{
DPRINT1("Invalid Owner SID size\n");
return FALSE;
}
-
+
/* Check Group SID */
if (SecurityDescriptor->Group != NULL)
{
DPRINT1("Invalid Group SID alignment\n");
return FALSE;
}
-
+
Sid = (PSID)((ULONG_PTR)SecurityDescriptor + (ULONG_PTR)SecurityDescriptor->Group);
if (Sid->Revision != SID_REVISION)
{
DPRINT1("Invalid Group SID revision\n");
return FALSE;
}
-
+
SdLength += (sizeof(SID) + (Sid->SubAuthorityCount - 1) * sizeof(ULONG));
if (Length < SdLength)
{
return FALSE;
}
}
-
+
/* Check DACL */
if (SecurityDescriptor->Dacl != NULL)
{
DPRINT1("Invalid DACL alignment\n");
return FALSE;
}
-
+
Acl = (PACL)((ULONG_PTR)SecurityDescriptor + (ULONG_PTR)SecurityDescriptor->Dacl);
if ((Acl->AclRevision < MIN_ACL_REVISION) &&
(Acl->AclRevision > MAX_ACL_REVISION))
DPRINT1("Invalid DACL revision\n");
return FALSE;
}
-
+
SdLength += Acl->AclSize;
if (Length < SdLength)
{
return FALSE;
}
}
-
+
/* Check SACL */
if (SecurityDescriptor->Sacl != NULL)
{
DPRINT1("Invalid SACL alignment\n");
return FALSE;
}
-
+
Acl = (PACL)((ULONG_PTR)SecurityDescriptor + (ULONG_PTR)SecurityDescriptor->Sacl);
if ((Acl->AclRevision < MIN_ACL_REVISION) ||
(Acl->AclRevision > MAX_ACL_REVISION))
DPRINT1("Invalid SACL revision\n");
return FALSE;
}
-
+
SdLength += Acl->AclSize;
if (Length < SdLength)
{
return FALSE;
}
}
-
+
return TRUE;
}
SeDeassignSecurity(PSECURITY_DESCRIPTOR *SecurityDescriptor)
{
PAGED_CODE();
-
+
if (*SecurityDescriptor != NULL)
{
ExFreePool(*SecurityDescriptor);
*SecurityDescriptor = NULL;
}
-
+
return STATUS_SUCCESS;
}
PSID Group = NULL;
PACL Dacl = NULL;
PACL Sacl = NULL;
-
+
PAGED_CODE();
-
+
/* Lock subject context */
SeLockSubjectContext(SubjectContext);
-
+
if (SubjectContext->ClientToken != NULL)
{
Token = SubjectContext->ClientToken;
{
Token = SubjectContext->PrimaryToken;
}
-
-
+
/* Inherit the Owner SID */
if (ExplicitDescriptor != NULL && ExplicitDescriptor->Owner != NULL)
{
DPRINT("Use explicit owner sid!\n");
Owner = ExplicitDescriptor->Owner;
-
+
if (ExplicitDescriptor->Control & SE_SELF_RELATIVE)
{
Owner = (PSID)(((ULONG_PTR)Owner) + (ULONG_PTR)ExplicitDescriptor);
-
}
}
else
DPRINT("Use default owner sid!\n");
Owner = SeLocalSystemSid;
}
-
+
Control |= SE_OWNER_DEFAULTED;
}
-
+
OwnerLength = ROUND_UP(RtlLengthSid(Owner), 4);
-
-
+
/* Inherit the Group SID */
if (ExplicitDescriptor != NULL && ExplicitDescriptor->Group != NULL)
{
DPRINT("Use default group sid!\n");
Group = SeLocalSystemSid;
}
-
+
Control |= SE_OWNER_DEFAULTED;
}
-
+
GroupLength = ROUND_UP(RtlLengthSid(Group), 4);
-
-
+
/* Inherit the DACL */
if (ExplicitDescriptor != NULL &&
(ExplicitDescriptor->Control & SE_DACL_PRESENT) &&
{
Dacl = (PACL)(((ULONG_PTR)Dacl) + (ULONG_PTR)ExplicitDescriptor);
}
-
+
Control |= SE_DACL_PRESENT;
}
else if (ParentDescriptor != NULL &&
{
Dacl = (PACL)(((ULONG_PTR)Dacl) + (ULONG_PTR)ParentDescriptor);
}
+
Control |= (SE_DACL_PRESENT | SE_DACL_DEFAULTED);
}
else if (Token != NULL && Token->DefaultDacl != NULL)
Dacl = NULL;
Control |= (SE_DACL_PRESENT | SE_DACL_DEFAULTED);
}
-
+
DaclLength = (Dacl != NULL) ? ROUND_UP(Dacl->AclSize, 4) : 0;
-
-
+
/* Inherit the SACL */
if (ExplicitDescriptor != NULL &&
(ExplicitDescriptor->Control & SE_SACL_PRESENT) &&
{
Sacl = (PACL)(((ULONG_PTR)Sacl) + (ULONG_PTR)ExplicitDescriptor);
}
-
+
Control |= SE_SACL_PRESENT;
}
else if (ParentDescriptor != NULL &&
{
Sacl = (PACL)(((ULONG_PTR)Sacl) + (ULONG_PTR)ParentDescriptor);
}
+
Control |= (SE_SACL_PRESENT | SE_SACL_DEFAULTED);
}
-
+
SaclLength = (Sacl != NULL) ? ROUND_UP(Sacl->AclSize, 4) : 0;
-
-
+
/* Allocate and initialize the new security descriptor */
Length = sizeof(SECURITY_DESCRIPTOR) +
OwnerLength + GroupLength + DaclLength + SaclLength;
-
+
DPRINT("L: sizeof(SECURITY_DESCRIPTOR) %d OwnerLength %d GroupLength %d DaclLength %d SaclLength %d\n",
sizeof(SECURITY_DESCRIPTOR),
OwnerLength,
GroupLength,
DaclLength,
SaclLength);
-
+
Descriptor = ExAllocatePoolWithTag(PagedPool,
Length,
TAG_SD);
/* FIXME: Unlock subject context */
return STATUS_INSUFFICIENT_RESOURCES;
}
-
+
RtlZeroMemory( Descriptor, Length );
RtlCreateSecurityDescriptor(Descriptor,
SECURITY_DESCRIPTOR_REVISION);
-
+
Descriptor->Control = (USHORT)Control | SE_SELF_RELATIVE;
-
+
Current = (ULONG_PTR)Descriptor + sizeof(SECURITY_DESCRIPTOR);
-
+
if (SaclLength != 0)
{
RtlCopyMemory((PVOID)Current,
Descriptor->Sacl = (PACL)((ULONG_PTR)Current - (ULONG_PTR)Descriptor);
Current += SaclLength;
}
-
+
if (DaclLength != 0)
{
RtlCopyMemory((PVOID)Current,
Descriptor->Dacl = (PACL)((ULONG_PTR)Current - (ULONG_PTR)Descriptor);
Current += DaclLength;
}
-
+
if (OwnerLength != 0)
{
RtlCopyMemory((PVOID)Current,
DPRINT("Owner of %x at %x\n", Descriptor, Descriptor->Owner);
}
else
+ {
DPRINT("Owner of %x is zero length\n", Descriptor);
-
+ }
+
if (GroupLength != 0)
{
memmove((PVOID)Current,
GroupLength);
Descriptor->Group = (PSID)((ULONG_PTR)Current - (ULONG_PTR)Descriptor);
}
-
+
/* Unlock subject context */
SeUnlockSubjectContext(SubjectContext);
-
+
*NewDescriptor = Descriptor;
-
+
DPRINT("Descrptor %x\n", Descriptor);
ASSERT(RtlLengthSecurityDescriptor(Descriptor));
-
+
return STATUS_SUCCESS;
}
PSE_EXPORTS SeExports = NULL;
SE_EXPORTS SepExports;
+ULONG SidInTokenCalls = 0;
extern ULONG ExpInitializationPhase;
extern ERESOURCE SepSubjectContextLock;
/* PRIVATE FUNCTIONS **********************************************************/
-static BOOLEAN INIT_FUNCTION
+static BOOLEAN
+INIT_FUNCTION
SepInitExports(VOID)
{
SepExports.SeCreateTokenPrivilege = SeCreateTokenPrivilege;
SepInitializationPhase1(VOID)
{
NTSTATUS Status;
+
PAGED_CODE();
/* Insert the system token into the tree */
return STATUS_SUCCESS;
}
-ULONG SidInTokenCalls = 0;
-
static BOOLEAN
SepSidInToken(PACCESS_TOKEN _Token,
PSID Sid)
SidInTokenCalls++;
if (!(SidInTokenCalls % 10000)) DPRINT1("SidInToken Calls: %d\n", SidInTokenCalls);
-
+
if (Token->UserAndGroupCount == 0)
{
return FALSE;
return SepSidInToken(Token, Sid);
}
-VOID NTAPI
+VOID
+NTAPI
SeQuerySecurityAccessMask(IN SECURITY_INFORMATION SecurityInformation,
OUT PACCESS_MASK DesiredAccess)
{
{
*DesiredAccess |= READ_CONTROL;
}
+
if (SecurityInformation & SACL_SECURITY_INFORMATION)
{
*DesiredAccess |= ACCESS_SYSTEM_SECURITY;
}
}
-VOID NTAPI
+VOID
+NTAPI
SeSetSecurityAccessMask(IN SECURITY_INFORMATION SecurityInformation,
OUT PACCESS_MASK DesiredAccess)
{
{
*DesiredAccess |= WRITE_OWNER;
}
+
if (SecurityInformation & DACL_SECURITY_INFORMATION)
{
*DesiredAccess |= WRITE_DAC;
}
+
if (SecurityInformation & SACL_SECURITY_INFORMATION)
{
*DesiredAccess |= ACCESS_SYSTEM_SECURITY;
{
*GrantedAccess = DesiredAccess | PreviouslyGrantedAccess;
}
-
+
*AccessStatus = STATUS_SUCCESS;
return TRUE;
}
/*
* @implemented
*/
-BOOLEAN NTAPI
+BOOLEAN
+NTAPI
SeAccessCheck(IN PSECURITY_DESCRIPTOR SecurityDescriptor,
IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext,
IN BOOLEAN SubjectContextLocked,
ULONG SidLength1;
ULONG SidLength2;
PULONG SubAuthority;
-
+
SidLength0 = RtlLengthRequiredSid(0);
SidLength1 = RtlLengthRequiredSid(1);
SidLength2 = RtlLengthRequiredSid(2);
-
+
/* create NullSid */
SeNullSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
SeWorldSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
SeAnonymousLogonSid == NULL)
{
FreeInitializedSids();
- return(FALSE);
+ return FALSE;
}
-
+
RtlInitializeSid(SeNullSid, &SeNullSidAuthority, 1);
RtlInitializeSid(SeWorldSid, &SeWorldSidAuthority, 1);
RtlInitializeSid(SeLocalSid, &SeLocalSidAuthority, 1);
RtlInitializeSid(SeAuthenticatedUsersSid, &SeNtSidAuthority, 1);
RtlInitializeSid(SeRestrictedSid, &SeNtSidAuthority, 1);
RtlInitializeSid(SeAnonymousLogonSid, &SeNtSidAuthority, 1);
-
+
SubAuthority = RtlSubAuthoritySid(SeNullSid, 0);
*SubAuthority = SECURITY_NULL_RID;
SubAuthority = RtlSubAuthoritySid(SeWorldSid, 0);
*SubAuthority = SECURITY_RESTRICTED_CODE_RID;
SubAuthority = RtlSubAuthoritySid(SeAnonymousLogonSid, 0);
*SubAuthority = SECURITY_ANONYMOUS_LOGON_RID;
-
- return(TRUE);
+
+ return TRUE;
}
NTSTATUS
ULONG SidSize = 0;
PISID NewSid, Sid = (PISID)InputSid;
NTSTATUS Status;
-
+
PAGED_CODE();
-
+
if (AccessMode != KernelMode)
{
_SEH2_TRY
_SEH2_YIELD(return _SEH2_GetExceptionCode());
}
_SEH2_END;
-
+
/* allocate a SID and copy it */
NewSid = ExAllocatePool(PoolType,
SidSize);
- if(NewSid != NULL)
+ if (NewSid != NULL)
{
_SEH2_TRY
{
Status = STATUS_INSUFFICIENT_RESOURCES;
}
}
- else if(!CaptureIfKernel)
+ else if (!CaptureIfKernel)
{
*CapturedSid = InputSid;
return STATUS_SUCCESS;
else
{
SidSize = RtlLengthRequiredSid(Sid->SubAuthorityCount);
-
+
/* allocate a SID and copy it */
NewSid = ExAllocatePool(PoolType,
SidSize);
- if(NewSid != NULL)
+ if (NewSid != NULL)
{
RtlCopyMemory(NewSid,
Sid,
SidSize);
-
+
*CapturedSid = NewSid;
}
else
Status = STATUS_INSUFFICIENT_RESOURCES;
}
}
-
+
return Status;
}
IN BOOLEAN CaptureIfKernel)
{
PAGED_CODE();
-
- if(CapturedSid != NULL &&
- (AccessMode != KernelMode ||
- (AccessMode == KernelMode && CaptureIfKernel)))
+
+ if (CapturedSid != NULL &&
+ (AccessMode != KernelMode ||
+ (AccessMode == KernelMode && CaptureIfKernel)))
{
ExFreePool(CapturedSid);
}
TOKEN_SOURCE SeSystemTokenSource = {"*SYSTEM*", {0}};
LUID SeSystemAuthenticationId = SYSTEM_LUID;
-static GENERIC_MAPPING SepTokenMapping = {TOKEN_READ,
+static GENERIC_MAPPING SepTokenMapping = {
+ TOKEN_READ,
TOKEN_WRITE,
TOKEN_EXECUTE,
-TOKEN_ALL_ACCESS};
+ TOKEN_ALL_ACCESS
+};
static const INFORMATION_CLASS_INFO SeTokenInformationClass[] = {
-
+
/* Class 0 not used, blame M$! */
ICI_SQ_SAME( 0, 0, 0),
-
+
/* TokenUser */
ICI_SQ_SAME( sizeof(TOKEN_USER), sizeof(ULONG), ICIF_QUERY | ICIF_QUERY_SIZE_VARIABLE | ICIF_SET | ICIF_SET_SIZE_VARIABLE ),
/* TokenGroups */
OUT PBOOLEAN Equal)
{
BOOLEAN Restricted, IsEqual = FALSE;
-
+
ASSERT(FirstToken != SecondToken);
-
+
/* FIXME: Check if every SID that is present in either token is also present in the other one */
-
+
Restricted = SeTokenIsRestricted(FirstToken);
if (Restricted == SeTokenIsRestricted(SecondToken))
{
{
/* FIXME: Check if every SID that is restricted in either token is also restricted in the other one */
}
-
+
/* FIXME: Check if every privilege that is present in either token is also present in the other one */
}
-
+
*Equal = IsEqual;
return STATUS_SUCCESS;
}
NTSTATUS
NTAPI
-SepCopyProxyData(PVOID* Dest, PVOID Src)
+SepCopyProxyData(PVOID* Dest,
+ PVOID Src)
{
UNIMPLEMENTED;
- return(STATUS_NOT_IMPLEMENTED);
+ return STATUS_NOT_IMPLEMENTED;
}
NTSTATUS
{
PTOKEN OldToken;
PTOKEN NewToken = (PTOKEN)NewTokenP;
-
+
PAGED_CODE();
-
+
if (NewToken->TokenType != TokenPrimary) return(STATUS_BAD_TOKEN_TYPE);
if (NewToken->TokenInUse) return(STATUS_TOKEN_ALREADY_IN_USE);
-
+
/* Mark new token in use */
NewToken->TokenInUse = 1;
-
+
/* Reference the New Token */
ObReferenceObject(NewToken);
-
+
/* Replace the old with the new */
OldToken = ObFastReplaceObject(&Process->Token, NewToken);
-
+
/* Mark the Old Token as free */
OldToken->TokenInUse = 0;
-
+
*OldTokenP = (PACCESS_TOKEN)OldToken;
return STATUS_SUCCESS;
}
SeDeassignPrimaryToken(PEPROCESS Process)
{
PTOKEN OldToken;
-
+
/* Remove the Token */
OldToken = ObFastReplaceObject(&Process->Token, NULL);
-
+
/* Mark the Old Token as free */
OldToken->TokenInUse = 0;
}
{
ULONG i;
ULONG uLength;
-
+
PAGED_CODE();
-
+
uLength = Count * sizeof(SID_AND_ATTRIBUTES);
for (i = 0; i < Count; i++)
uLength += RtlLengthSid(Src[i].Sid);
-
- return(uLength);
+
+ return uLength;
}
PSID DefaultOwner)
{
ULONG i;
-
+
Token->PrimaryGroup = 0;
-
+
if (DefaultOwner)
{
Token->DefaultOwnerIndex = Token->UserAndGroupCount;
}
-
+
/* Validate and set the primary group and user pointers */
for (i = 0; i < Token->UserAndGroupCount; i++)
{
{
Token->DefaultOwnerIndex = i;
}
-
+
if (RtlEqualSid(Token->UserAndGroups[i].Sid, PrimaryGroup))
{
Token->PrimaryGroup = Token->UserAndGroups[i].Sid;
}
}
-
+
if (Token->DefaultOwnerIndex == Token->UserAndGroupCount)
{
return(STATUS_INVALID_OWNER);
}
-
+
if (Token->PrimaryGroup == 0)
{
return(STATUS_INVALID_PRIMARY_GROUP);
}
-
- return(STATUS_SUCCESS);
+
+ return STATUS_SUCCESS;
}
PVOID EndMem;
PTOKEN AccessToken;
NTSTATUS Status;
-
+
PAGED_CODE();
-
+
Status = ObCreateObject(PreviousMode,
SepTokenObjectType,
ObjectAttributes,
if (!NT_SUCCESS(Status))
{
DPRINT1("ObCreateObject() failed (Status %lx)\n", Status);
- return(Status);
+ return Status;
}
/* Zero out the buffer */
if (!NT_SUCCESS(Status))
{
ObDereferenceObject(AccessToken);
- return(Status);
+ return Status;
}
-
+
Status = ZwAllocateLocallyUniqueId(&AccessToken->ModifiedId);
if (!NT_SUCCESS(Status))
{
ObDereferenceObject(AccessToken);
- return(Status);
+ return Status;
}
-
+
AccessToken->TokenLock = &SepTokenLock;
-
+
AccessToken->TokenType = TokenType;
AccessToken->ImpersonationLevel = Level;
RtlCopyLuid(&AccessToken->AuthenticationId, &Token->AuthenticationId);
-
+
AccessToken->TokenSource.SourceIdentifier.LowPart = Token->TokenSource.SourceIdentifier.LowPart;
AccessToken->TokenSource.SourceIdentifier.HighPart = Token->TokenSource.SourceIdentifier.HighPart;
memcpy(AccessToken->TokenSource.SourceName,
AccessToken->ExpirationTime.QuadPart = Token->ExpirationTime.QuadPart;
AccessToken->UserAndGroupCount = Token->UserAndGroupCount;
AccessToken->DefaultOwnerIndex = Token->DefaultOwnerIndex;
-
+
uLength = sizeof(SID_AND_ATTRIBUTES) * AccessToken->UserAndGroupCount;
for (i = 0; i < Token->UserAndGroupCount; i++)
uLength += RtlLengthSid(Token->UserAndGroups[i].Sid);
-
+
AccessToken->UserAndGroups =
(PSID_AND_ATTRIBUTES)ExAllocatePoolWithTag(PagedPool,
uLength,
'uKOT');
-
+
EndMem = &AccessToken->UserAndGroups[AccessToken->UserAndGroupCount];
-
+
Status = RtlCopySidAndAttributesArray(AccessToken->UserAndGroupCount,
Token->UserAndGroups,
uLength,
Token->PrimaryGroup,
0);
}
-
+
if (NT_SUCCESS(Status))
{
AccessToken->PrivilegeCount = Token->PrivilegeCount;
-
+
uLength = AccessToken->PrivilegeCount * sizeof(LUID_AND_ATTRIBUTES);
AccessToken->Privileges =
(PLUID_AND_ATTRIBUTES)ExAllocatePoolWithTag(PagedPool,
uLength,
'pKOT');
-
+
for (i = 0; i < AccessToken->PrivilegeCount; i++)
{
RtlCopyLuid(&AccessToken->Privileges[i].Luid,
AccessToken->Privileges[i].Attributes =
Token->Privileges[i].Attributes;
}
-
- if ( Token->DefaultDacl )
+
+ if (Token->DefaultDacl)
{
AccessToken->DefaultDacl =
(PACL) ExAllocatePoolWithTag(PagedPool,
Token->DefaultDacl->AclSize);
}
}
-
- if ( NT_SUCCESS(Status) )
+
+ if (NT_SUCCESS(Status))
{
*NewAccessToken = AccessToken;
return(STATUS_SUCCESS);
}
-
- return(Status);
+
+ return Status;
}
NTSTATUS
PTOKEN NewToken;
OBJECT_ATTRIBUTES ObjectAttributes;
NTSTATUS Status;
-
+
/* Initialize the attributes and duplicate it */
InitializeObjectAttributes(&ObjectAttributes, NULL, 0, NULL, NULL);
Status = SepDuplicateToken(ParentToken,
/* Set the session ID */
NewToken->SessionId = SessionId;
NewToken->TokenInUse = InUse;
-
+
/* Return the token */
*Token = NewToken;
}
}
-
+
/* Return status */
return Status;
}
{
PTOKEN ProcessToken;
LUID ProcessLuid, CallerLuid;
-
+
/* Assume failure */
*IsChild = FALSE;
-
+
/* Reference the process token */
ProcessToken = PsReferencePrimaryToken(PsGetCurrentProcess());
-
+
/* Get the ID */
ProcessLuid = ProcessToken->TokenId;
-
+
/* Dereference the token */
ObFastDereferenceObject(&PsGetCurrentProcess()->Token, ProcessToken);
-
+
/* Get our LUID */
CallerLuid = Token->TokenId;
-
+
/* Compare the LUIDs */
if (RtlEqualLuid(&CallerLuid, &ProcessLuid)) *IsChild = TRUE;
-
+
/* Return success */
return STATUS_SUCCESS;
}
{
NTSTATUS Status;
OBJECT_ATTRIBUTES ObjectAttributes;
-
+
PAGED_CODE();
-
+
InitializeObjectAttributes(&ObjectAttributes,
NULL,
0,
Level,
PreviousMode,
(PTOKEN*)NewToken);
-
- return(Status);
+
+ return Status;
}
-VOID NTAPI
+VOID
+NTAPI
SepDeleteToken(PVOID ObjectBody)
{
PTOKEN AccessToken = (PTOKEN)ObjectBody;
-
+
if (AccessToken->UserAndGroups)
ExFreePool(AccessToken->UserAndGroups);
-
+
if (AccessToken->Privileges)
ExFreePool(AccessToken->Privileges);
-
+
if (AccessToken->DefaultDacl)
ExFreePool(AccessToken->DefaultDacl);
}
{
UNICODE_STRING Name;
OBJECT_TYPE_INITIALIZER ObjectTypeInitializer;
-
+
ExInitializeResource(&SepTokenLock);
-
+
DPRINT("Creating Token Object Type\n");
-
- /* Initialize the Token type */
+
+ /* Initialize the Token type */
RtlZeroMemory(&ObjectTypeInitializer, sizeof(ObjectTypeInitializer));
RtlInitUnicodeString(&Name, L"Token");
ObjectTypeInitializer.Length = sizeof(ObjectTypeInitializer);
IN PTOKEN Token)
{
PAGED_CODE();
-
+
/* Sanity checks */
ASSERT(Token->TokenType == TokenPrimary);
ASSERT(!Token->TokenInUse);
-
+
/* Clean any previous token */
if (Process->Token.Object) SeDeassignPrimaryToken(Process);
-
+
/* Set the new token */
ObReferenceObject(Token);
Token->TokenInUse = TRUE;
NTSTATUS
NTAPI
SepCreateToken(OUT PHANDLE TokenHandle,
- IN KPROCESSOR_MODE PreviousMode,
- IN ACCESS_MASK DesiredAccess,
- IN POBJECT_ATTRIBUTES ObjectAttributes,
- IN TOKEN_TYPE TokenType,
- IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel,
- IN PLUID AuthenticationId,
- IN PLARGE_INTEGER ExpirationTime,
- IN PSID_AND_ATTRIBUTES User,
- IN ULONG GroupCount,
- IN PSID_AND_ATTRIBUTES Groups,
- IN ULONG GroupLength,
- IN ULONG PrivilegeCount,
- IN PLUID_AND_ATTRIBUTES Privileges,
- IN PSID Owner,
- IN PSID PrimaryGroup,
- IN PACL DefaultDacl,
- IN PTOKEN_SOURCE TokenSource,
- IN BOOLEAN SystemToken)
-{
+ IN KPROCESSOR_MODE PreviousMode,
+ IN ACCESS_MASK DesiredAccess,
+ IN POBJECT_ATTRIBUTES ObjectAttributes,
+ IN TOKEN_TYPE TokenType,
+ IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel,
+ IN PLUID AuthenticationId,
+ IN PLARGE_INTEGER ExpirationTime,
+ IN PSID_AND_ATTRIBUTES User,
+ IN ULONG GroupCount,
+ IN PSID_AND_ATTRIBUTES Groups,
+ IN ULONG GroupLength,
+ IN ULONG PrivilegeCount,
+ IN PLUID_AND_ATTRIBUTES Privileges,
+ IN PSID Owner,
+ IN PSID PrimaryGroup,
+ IN PACL DefaultDacl,
+ IN PTOKEN_SOURCE TokenSource,
+ IN BOOLEAN SystemToken)
+{
PTOKEN AccessToken;
LUID TokenId;
LUID ModifiedId;
ULONG i;
NTSTATUS Status;
ULONG TokenFlags = 0;
-
+
/* Loop all groups */
for (i = 0; i < GroupCount; i++)
{
/* Force them to be enabled */
Groups[i].Attributes |= (SE_GROUP_ENABLED | SE_GROUP_ENABLED_BY_DEFAULT);
}
-
+
/* Check of the group is an admin group */
if (RtlEqualSid(SeAliasAdminsSid, Groups[i].Sid))
{
TokenFlags |= TOKEN_HAS_ADMIN_GROUP;
}
}
-
+
/* Loop all privileges */
for (i = 0; i < PrivilegeCount; i++)
{
Status = ZwAllocateLocallyUniqueId(&TokenId);
if (!NT_SUCCESS(Status))
- return(Status);
-
+ return Status;
+
Status = ZwAllocateLocallyUniqueId(&ModifiedId);
if (!NT_SUCCESS(Status))
- return(Status);
-
+ return Status;
+
Status = ObCreateObject(PreviousMode,
SepTokenObjectType,
ObjectAttributes,
if (!NT_SUCCESS(Status))
{
DPRINT1("ObCreateObject() failed (Status %lx)\n");
- return(Status);
+ return Status;
}
/* Zero out the buffer */
RtlZeroMemory(AccessToken, sizeof(TOKEN));
-
+
AccessToken->TokenLock = &SepTokenLock;
-
+
RtlCopyLuid(&AccessToken->TokenSource.SourceIdentifier,
&TokenSource->SourceIdentifier);
memcpy(AccessToken->TokenSource.SourceName,
TokenSource->SourceName,
sizeof(TokenSource->SourceName));
-
+
RtlCopyLuid(&AccessToken->TokenId, &TokenId);
RtlCopyLuid(&AccessToken->AuthenticationId, AuthenticationId);
AccessToken->ExpirationTime = *ExpirationTime;
RtlCopyLuid(&AccessToken->ModifiedId, &ModifiedId);
-
+
AccessToken->UserAndGroupCount = GroupCount + 1;
AccessToken->PrivilegeCount = PrivilegeCount;
-
+
AccessToken->TokenFlags = TokenFlags;
AccessToken->TokenType = TokenType;
AccessToken->ImpersonationLevel = ImpersonationLevel;
-
+
/*
* Normally we would just point these members into the variable information
* area; however, our ObCreateObject() call can't allocate a variable information
* area, so we allocate them seperately and provide a destroy function.
*/
-
+
uLength = sizeof(SID_AND_ATTRIBUTES) * AccessToken->UserAndGroupCount;
uLength += RtlLengthSid(User);
for (i = 0; i < GroupCount; i++)
uLength += RtlLengthSid(Groups[i].Sid);
-
+
AccessToken->UserAndGroups =
(PSID_AND_ATTRIBUTES)ExAllocatePoolWithTag(PagedPool,
uLength,
'uKOT');
-
+
EndMem = &AccessToken->UserAndGroups[AccessToken->UserAndGroupCount];
-
+
Status = RtlCopySidAndAttributesArray(1,
User,
uLength,
&EndMem,
&uLength);
}
-
+
if (NT_SUCCESS(Status))
{
Status = SepFindPrimaryGroupAndDefaultOwner(
PrimaryGroup,
Owner);
}
-
+
if (NT_SUCCESS(Status))
{
uLength = PrivilegeCount * sizeof(LUID_AND_ATTRIBUTES);
(PLUID_AND_ATTRIBUTES)ExAllocatePoolWithTag(PagedPool,
uLength,
'pKOT');
-
+
if (PreviousMode != KernelMode)
{
_SEH2_TRY
PrivilegeCount * sizeof(LUID_AND_ATTRIBUTES));
}
}
-
+
if (NT_SUCCESS(Status))
{
AccessToken->DefaultDacl =
DefaultDacl,
DefaultDacl->AclSize);
}
-
+
if (!SystemToken)
{
-
- Status = ObInsertObject ((PVOID)AccessToken,
- NULL,
- DesiredAccess,
- 0,
- NULL,
- TokenHandle);
+ Status = ObInsertObject((PVOID)AccessToken,
+ NULL,
+ DesiredAccess,
+ 0,
+ NULL,
+ TokenHandle);
if (!NT_SUCCESS(Status))
{
DPRINT1("ObInsertObject() failed (Status %lx)\n", Status);
ULONG i;
PTOKEN Token;
NTSTATUS Status;
-
+
/* Don't ever expire */
Expiration.QuadPart = -1;
-
+
/* All groups mandatory and enabled */
GroupAttributes = SE_GROUP_ENABLED | SE_GROUP_MANDATORY | SE_GROUP_ENABLED_BY_DEFAULT;
OwnerAttributes = SE_GROUP_ENABLED | SE_GROUP_OWNER | SE_GROUP_ENABLED_BY_DEFAULT;
-
+
/* User is system */
UserSid.Sid = SeLocalSystemSid;
UserSid.Attributes = 0;
-
+
/* Primary group is local system */
PrimaryGroup = SeLocalSystemSid;
-
+
/* Owner is admins */
Owner = SeAliasAdminsSid;
-
+
/* Groups are admins, world, and authenticated users */
Groups[0].Sid = SeAliasAdminsSid;
Groups[0].Attributes = OwnerAttributes;
i = 0;
Privileges[i].Attributes = SE_PRIVILEGE_ENABLED_BY_DEFAULT | SE_PRIVILEGE_ENABLED;
Privileges[i++].Luid = SeTcbPrivilege;
-
+
Privileges[i].Attributes = 0;
Privileges[i++].Luid = SeCreateTokenPrivilege;
-
+
Privileges[i].Attributes = 0;
Privileges[i++].Luid = SeTakeOwnershipPrivilege;
-
+
Privileges[i].Attributes = SE_PRIVILEGE_ENABLED_BY_DEFAULT|SE_PRIVILEGE_ENABLED;
Privileges[i++].Luid = SeCreatePagefilePrivilege;
-
+
Privileges[i].Attributes = SE_PRIVILEGE_ENABLED_BY_DEFAULT|SE_PRIVILEGE_ENABLED;
Privileges[i++].Luid = SeLockMemoryPrivilege;
-
+
Privileges[i].Attributes = 0;
Privileges[i++].Luid = SeAssignPrimaryTokenPrivilege;
-
+
Privileges[i].Attributes = 0;
Privileges[i++].Luid = SeIncreaseQuotaPrivilege;
-
+
Privileges[i].Attributes = SE_PRIVILEGE_ENABLED_BY_DEFAULT|SE_PRIVILEGE_ENABLED;
Privileges[i++].Luid = SeIncreaseBasePriorityPrivilege;
-
+
Privileges[i].Attributes = SE_PRIVILEGE_ENABLED_BY_DEFAULT|SE_PRIVILEGE_ENABLED;
Privileges[i++].Luid = SeCreatePermanentPrivilege;
-
+
Privileges[i].Attributes = SE_PRIVILEGE_ENABLED_BY_DEFAULT|SE_PRIVILEGE_ENABLED;
Privileges[i++].Luid = SeDebugPrivilege;
-
+
Privileges[i].Attributes = SE_PRIVILEGE_ENABLED_BY_DEFAULT|SE_PRIVILEGE_ENABLED;
Privileges[i++].Luid = SeAuditPrivilege;
-
+
Privileges[i].Attributes = 0;
Privileges[i++].Luid = SeSecurityPrivilege;
-
+
Privileges[i].Attributes = 0;
Privileges[i++].Luid = SeSystemEnvironmentPrivilege;
-
+
Privileges[i].Attributes = SE_PRIVILEGE_ENABLED_BY_DEFAULT|SE_PRIVILEGE_ENABLED;
Privileges[i++].Luid = SeChangeNotifyPrivilege;
-
+
Privileges[i].Attributes = 0;
Privileges[i++].Luid = SeBackupPrivilege;
-
+
Privileges[i].Attributes = 0;
Privileges[i++].Luid = SeRestorePrivilege;
-
+
Privileges[i].Attributes = 0;
Privileges[i++].Luid = SeShutdownPrivilege;
-
+
Privileges[i].Attributes = 0;
Privileges[i++].Luid = SeLoadDriverPrivilege;
-
+
Privileges[i].Attributes = SE_PRIVILEGE_ENABLED_BY_DEFAULT|SE_PRIVILEGE_ENABLED;
Privileges[i++].Luid = SeProfileSingleProcessPrivilege;
-
+
Privileges[i].Attributes = 0;
Privileges[i++].Luid = SeSystemtimePrivilege;
ASSERT(i == 20);
-
+
/* Setup the object attributes */
InitializeObjectAttributes(&ObjectAttributes, NULL, 0, NULL, NULL);
ASSERT(SeSystemDefaultDacl != NULL);
-
+
/* Create the token */
Status = SepCreateToken((PHANDLE)&Token,
KernelMode,
&SeSystemTokenSource,
TRUE);
ASSERT(Status == STATUS_SUCCESS);
-
+
/* Return the token */
return Token;
}
/* PUBLIC FUNCTIONS ***********************************************************/
-
+
/*
* @unimplemented
*/
/*
* @implemented
*/
-NTSTATUS NTAPI
+NTSTATUS
+NTAPI
SeQueryAuthenticationIdToken(IN PACCESS_TOKEN Token,
OUT PLUID LogonId)
{
PAGED_CODE();
-
+
*LogonId = ((PTOKEN)Token)->AuthenticationId;
-
+
return STATUS_SUCCESS;
}
SeTokenImpersonationLevel(IN PACCESS_TOKEN Token)
{
PAGED_CODE();
-
+
return ((PTOKEN)Token)->ImpersonationLevel;
}
SeTokenType(IN PACCESS_TOKEN Token)
{
PAGED_CODE();
-
+
return ((PTOKEN)Token)->TokenType;
}
SeTokenIsAdmin(IN PACCESS_TOKEN Token)
{
PAGED_CODE();
+
return (((PTOKEN)Token)->TokenFlags & TOKEN_WRITE_RESTRICTED) != 0;
}
SeTokenIsRestricted(IN PACCESS_TOKEN Token)
{
PAGED_CODE();
+
return (((PTOKEN)Token)->TokenFlags & TOKEN_IS_RESTRICTED) != 0;
}
SeTokenIsWriteRestricted(IN PACCESS_TOKEN Token)
{
PAGED_CODE();
+
return (((PTOKEN)Token)->TokenFlags & TOKEN_HAS_RESTORE_PRIVILEGE) != 0;
}
ULONG RequiredLength;
KPROCESSOR_MODE PreviousMode;
NTSTATUS Status = STATUS_SUCCESS;
-
+
PAGED_CODE();
-
+
PreviousMode = ExGetPreviousMode();
-
+
/* Check buffers and class validity */
Status = DefaultQueryInfoBufferCheck(TokenInformationClass,
SeTokenInformationClass,
ReturnLength,
NULL,
PreviousMode);
-
- if(!NT_SUCCESS(Status))
+ if (!NT_SUCCESS(Status))
{
DPRINT("NtQueryInformationToken() failed, Status: 0x%x\n", Status);
return Status;
}
-
+
Status = ObReferenceObjectByHandle(TokenHandle,
(TokenInformationClass == TokenSource) ? TOKEN_QUERY_SOURCE : TOKEN_QUERY,
SepTokenObjectType,
case TokenUser:
{
PTOKEN_USER tu = (PTOKEN_USER)TokenInformation;
-
+
DPRINT("NtQueryInformationToken(TokenUser)\n");
RequiredLength = sizeof(TOKEN_USER) +
RtlLengthSid(Token->UserAndGroups[0].Sid);
-
+
_SEH2_TRY
{
- if(TokenInformationLength >= RequiredLength)
+ if (TokenInformationLength >= RequiredLength)
{
Status = RtlCopySidAndAttributesArray(1,
&Token->UserAndGroups[0],
{
Status = STATUS_BUFFER_TOO_SMALL;
}
-
- if(ReturnLength != NULL)
+
+ if (ReturnLength != NULL)
{
*ReturnLength = RequiredLength;
}
Status = _SEH2_GetExceptionCode();
}
_SEH2_END;
-
+
break;
}
-
+
case TokenGroups:
{
PTOKEN_GROUPS tg = (PTOKEN_GROUPS)TokenInformation;
-
+
DPRINT("NtQueryInformationToken(TokenGroups)\n");
RequiredLength = sizeof(tg->GroupCount) +
RtlLengthSidAndAttributes(Token->UserAndGroupCount - 1, &Token->UserAndGroups[1]);
-
+
_SEH2_TRY
{
- if(TokenInformationLength >= RequiredLength)
+ if (TokenInformationLength >= RequiredLength)
{
ULONG SidLen = RequiredLength - sizeof(tg->GroupCount) -
((Token->UserAndGroupCount - 1) * sizeof(SID_AND_ATTRIBUTES));
PSID_AND_ATTRIBUTES Sid = (PSID_AND_ATTRIBUTES)((ULONG_PTR)TokenInformation + sizeof(tg->GroupCount) +
((Token->UserAndGroupCount - 1) * sizeof(SID_AND_ATTRIBUTES)));
-
+
tg->GroupCount = Token->UserAndGroupCount - 1;
Status = RtlCopySidAndAttributesArray(Token->UserAndGroupCount - 1,
&Token->UserAndGroups[1],
{
Status = STATUS_BUFFER_TOO_SMALL;
}
-
- if(ReturnLength != NULL)
+
+ if (ReturnLength != NULL)
{
*ReturnLength = RequiredLength;
}
Status = _SEH2_GetExceptionCode();
}
_SEH2_END;
-
+
break;
}
-
+
case TokenPrivileges:
{
PTOKEN_PRIVILEGES tp = (PTOKEN_PRIVILEGES)TokenInformation;
-
+
DPRINT("NtQueryInformationToken(TokenPrivileges)\n");
RequiredLength = sizeof(tp->PrivilegeCount) +
(Token->PrivilegeCount * sizeof(LUID_AND_ATTRIBUTES));
-
+
_SEH2_TRY
{
- if(TokenInformationLength >= RequiredLength)
+ if (TokenInformationLength >= RequiredLength)
{
tp->PrivilegeCount = Token->PrivilegeCount;
RtlCopyLuidAndAttributesArray(Token->PrivilegeCount,
{
Status = STATUS_BUFFER_TOO_SMALL;
}
-
- if(ReturnLength != NULL)
+
+ if (ReturnLength != NULL)
{
*ReturnLength = RequiredLength;
}
Status = _SEH2_GetExceptionCode();
}
_SEH2_END;
-
+
break;
}
-
+
case TokenOwner:
{
ULONG SidLen;
PTOKEN_OWNER to = (PTOKEN_OWNER)TokenInformation;
-
+
DPRINT("NtQueryInformationToken(TokenOwner)\n");
SidLen = RtlLengthSid(Token->UserAndGroups[Token->DefaultOwnerIndex].Sid);
RequiredLength = sizeof(TOKEN_OWNER) + SidLen;
-
+
_SEH2_TRY
{
- if(TokenInformationLength >= RequiredLength)
+ if (TokenInformationLength >= RequiredLength)
{
to->Owner = (PSID)(to + 1);
Status = RtlCopySid(SidLen,
{
Status = STATUS_BUFFER_TOO_SMALL;
}
-
- if(ReturnLength != NULL)
+
+ if (ReturnLength != NULL)
{
*ReturnLength = RequiredLength;
}
Status = _SEH2_GetExceptionCode();
}
_SEH2_END;
-
+
break;
}
-
+
case TokenPrimaryGroup:
{
ULONG SidLen;
PTOKEN_PRIMARY_GROUP tpg = (PTOKEN_PRIMARY_GROUP)TokenInformation;
-
+
DPRINT("NtQueryInformationToken(TokenPrimaryGroup)\n");
SidLen = RtlLengthSid(Token->PrimaryGroup);
RequiredLength = sizeof(TOKEN_PRIMARY_GROUP) + SidLen;
-
+
_SEH2_TRY
{
- if(TokenInformationLength >= RequiredLength)
+ if (TokenInformationLength >= RequiredLength)
{
tpg->PrimaryGroup = (PSID)(tpg + 1);
Status = RtlCopySid(SidLen,
{
Status = STATUS_BUFFER_TOO_SMALL;
}
-
- if(ReturnLength != NULL)
+
+ if (ReturnLength != NULL)
{
*ReturnLength = RequiredLength;
}
Status = _SEH2_GetExceptionCode();
}
_SEH2_END;
-
+
break;
}
-
+
case TokenDefaultDacl:
{
PTOKEN_DEFAULT_DACL tdd = (PTOKEN_DEFAULT_DACL)TokenInformation;
-
+
DPRINT("NtQueryInformationToken(TokenDefaultDacl)\n");
RequiredLength = sizeof(TOKEN_DEFAULT_DACL);
-
- if(Token->DefaultDacl != NULL)
+
+ if (Token->DefaultDacl != NULL)
{
RequiredLength += Token->DefaultDacl->AclSize;
}
-
+
_SEH2_TRY
{
- if(TokenInformationLength >= RequiredLength)
+ if (TokenInformationLength >= RequiredLength)
{
- if(Token->DefaultDacl != NULL)
+ if (Token->DefaultDacl != NULL)
{
tdd->DefaultDacl = (PACL)(tdd + 1);
RtlCopyMemory(tdd->DefaultDacl,
{
Status = STATUS_BUFFER_TOO_SMALL;
}
-
- if(ReturnLength != NULL)
+
+ if (ReturnLength != NULL)
{
*ReturnLength = RequiredLength;
}
Status = _SEH2_GetExceptionCode();
}
_SEH2_END;
-
+
break;
}
-
+
case TokenSource:
{
PTOKEN_SOURCE ts = (PTOKEN_SOURCE)TokenInformation;
-
+
DPRINT("NtQueryInformationToken(TokenSource)\n");
RequiredLength = sizeof(TOKEN_SOURCE);
-
+
_SEH2_TRY
{
- if(TokenInformationLength >= RequiredLength)
+ if (TokenInformationLength >= RequiredLength)
{
*ts = Token->TokenSource;
}
{
Status = STATUS_BUFFER_TOO_SMALL;
}
-
- if(ReturnLength != NULL)
+
+ if (ReturnLength != NULL)
{
*ReturnLength = RequiredLength;
}
Status = _SEH2_GetExceptionCode();
}
_SEH2_END;
-
+
break;
}
-
+
case TokenType:
{
PTOKEN_TYPE tt = (PTOKEN_TYPE)TokenInformation;
-
+
DPRINT("NtQueryInformationToken(TokenType)\n");
RequiredLength = sizeof(TOKEN_TYPE);
-
+
_SEH2_TRY
{
- if(TokenInformationLength >= RequiredLength)
+ if (TokenInformationLength >= RequiredLength)
{
*tt = Token->TokenType;
}
{
Status = STATUS_BUFFER_TOO_SMALL;
}
-
- if(ReturnLength != NULL)
+
+ if (ReturnLength != NULL)
{
*ReturnLength = RequiredLength;
}
Status = _SEH2_GetExceptionCode();
}
_SEH2_END;
-
+
break;
}
-
+
case TokenImpersonationLevel:
{
PSECURITY_IMPERSONATION_LEVEL sil = (PSECURITY_IMPERSONATION_LEVEL)TokenInformation;
-
+
DPRINT("NtQueryInformationToken(TokenImpersonationLevel)\n");
/* Fail if the token is not an impersonation token */
}
RequiredLength = sizeof(SECURITY_IMPERSONATION_LEVEL);
-
+
_SEH2_TRY
{
- if(TokenInformationLength >= RequiredLength)
+ if (TokenInformationLength >= RequiredLength)
{
*sil = Token->ImpersonationLevel;
}
{
Status = STATUS_BUFFER_TOO_SMALL;
}
-
- if(ReturnLength != NULL)
+
+ if (ReturnLength != NULL)
{
*ReturnLength = RequiredLength;
}
Status = _SEH2_GetExceptionCode();
}
_SEH2_END;
-
+
break;
}
-
+
case TokenStatistics:
{
PTOKEN_STATISTICS ts = (PTOKEN_STATISTICS)TokenInformation;
-
+
DPRINT("NtQueryInformationToken(TokenStatistics)\n");
RequiredLength = sizeof(TOKEN_STATISTICS);
-
+
_SEH2_TRY
{
- if(TokenInformationLength >= RequiredLength)
+ if (TokenInformationLength >= RequiredLength)
{
ts->TokenId = Token->TokenId;
ts->AuthenticationId = Token->AuthenticationId;
{
Status = STATUS_BUFFER_TOO_SMALL;
}
-
- if(ReturnLength != NULL)
+
+ if (ReturnLength != NULL)
{
*ReturnLength = RequiredLength;
}
Status = _SEH2_GetExceptionCode();
}
_SEH2_END;
-
+
break;
}
-
+
case TokenOrigin:
{
PTOKEN_ORIGIN to = (PTOKEN_ORIGIN)TokenInformation;
-
+
DPRINT("NtQueryInformationToken(TokenOrigin)\n");
RequiredLength = sizeof(TOKEN_ORIGIN);
-
+
_SEH2_TRY
{
- if(TokenInformationLength >= RequiredLength)
+ if (TokenInformationLength >= RequiredLength)
{
RtlCopyLuid(&to->OriginatingLogonSession,
&Token->AuthenticationId);
{
Status = STATUS_BUFFER_TOO_SMALL;
}
-
- if(ReturnLength != NULL)
+
+ if (ReturnLength != NULL)
{
*ReturnLength = RequiredLength;
}
Status = _SEH2_GetExceptionCode();
}
_SEH2_END;
-
+
break;
}
-
+
case TokenGroupsAndPrivileges:
DPRINT1("NtQueryInformationToken(TokenGroupsAndPrivileges) not implemented\n");
Status = STATUS_NOT_IMPLEMENTED;
break;
-
+
case TokenRestrictedSids:
{
PTOKEN_GROUPS tg = (PTOKEN_GROUPS)TokenInformation;
-
+
DPRINT("NtQueryInformationToken(TokenRestrictedSids)\n");
RequiredLength = sizeof(tg->GroupCount) +
RtlLengthSidAndAttributes(Token->RestrictedSidCount, Token->RestrictedSids);
-
+
_SEH2_TRY
{
- if(TokenInformationLength >= RequiredLength)
+ if (TokenInformationLength >= RequiredLength)
{
ULONG SidLen = RequiredLength - sizeof(tg->GroupCount) -
(Token->RestrictedSidCount * sizeof(SID_AND_ATTRIBUTES));
PSID_AND_ATTRIBUTES Sid = (PSID_AND_ATTRIBUTES)((ULONG_PTR)TokenInformation + sizeof(tg->GroupCount) +
(Token->RestrictedSidCount * sizeof(SID_AND_ATTRIBUTES)));
-
+
tg->GroupCount = Token->RestrictedSidCount;
Status = RtlCopySidAndAttributesArray(Token->RestrictedSidCount,
Token->RestrictedSids,
{
Status = STATUS_BUFFER_TOO_SMALL;
}
-
- if(ReturnLength != NULL)
+
+ if (ReturnLength != NULL)
{
*ReturnLength = RequiredLength;
}
Status = _SEH2_GetExceptionCode();
}
_SEH2_END;
-
+
break;
}
-
+
case TokenSandBoxInert:
DPRINT1("NtQueryInformationToken(TokenSandboxInert) not implemented\n");
Status = STATUS_NOT_IMPLEMENTED;
break;
-
+
case TokenSessionId:
{
ULONG SessionId = 0;
-
+
DPRINT("NtQueryInformationToken(TokenSessionId)\n");
-
+
Status = SeQuerySessionIdToken(Token,
&SessionId);
-
- if(NT_SUCCESS(Status))
+
+ if (NT_SUCCESS(Status))
{
_SEH2_TRY
{
/* buffer size was already verified, no need to check here again */
*(PULONG)TokenInformation = SessionId;
-
- if(ReturnLength != NULL)
+
+ if (ReturnLength != NULL)
{
*ReturnLength = sizeof(ULONG);
}
}
_SEH2_END;
}
-
+
break;
}
-
+
default:
DPRINT1("NtQueryInformationToken(%d) invalid information class\n", TokenInformationClass);
Status = STATUS_INVALID_INFO_CLASS;
break;
}
-
+
ObDereferenceObject(Token);
}
-
- return(Status);
+
+ return Status;
}
KPROCESSOR_MODE PreviousMode;
ULONG NeededAccess = TOKEN_ADJUST_DEFAULT;
NTSTATUS Status;
-
+
PAGED_CODE();
-
+
PreviousMode = ExGetPreviousMode();
-
+
Status = DefaultSetInfoBufferCheck(TokenInformationClass,
SeTokenInformationClass,
sizeof(SeTokenInformationClass) / sizeof(SeTokenInformationClass[0]),
TokenInformation,
TokenInformationLength,
PreviousMode);
-
- if(!NT_SUCCESS(Status))
+ if (!NT_SUCCESS(Status))
{
/* Invalid buffers */
DPRINT("NtSetInformationToken() failed, Status: 0x%x\n", Status);
return Status;
}
-
- if(TokenInformationClass == TokenSessionId)
+
+ if (TokenInformationClass == TokenSessionId)
{
NeededAccess |= TOKEN_ADJUST_SESSIONID;
}
-
+
Status = ObReferenceObjectByHandle(TokenHandle,
NeededAccess,
SepTokenObjectType,
{
case TokenOwner:
{
- if(TokenInformationLength >= sizeof(TOKEN_OWNER))
+ if (TokenInformationLength >= sizeof(TOKEN_OWNER))
{
PTOKEN_OWNER to = (PTOKEN_OWNER)TokenInformation;
PSID InputSid = NULL, CapturedSid;
-
+
_SEH2_TRY
{
InputSid = to->Owner;
_SEH2_YIELD(return _SEH2_GetExceptionCode());
}
_SEH2_END;
-
+
Status = SepCaptureSid(InputSid,
PreviousMode,
PagedPool,
FALSE,
&CapturedSid);
- if(NT_SUCCESS(Status))
+ if (NT_SUCCESS(Status))
{
RtlCopySid(RtlLengthSid(CapturedSid),
Token->UserAndGroups[Token->DefaultOwnerIndex].Sid,
}
break;
}
-
+
case TokenPrimaryGroup:
{
- if(TokenInformationLength >= sizeof(TOKEN_PRIMARY_GROUP))
+ if (TokenInformationLength >= sizeof(TOKEN_PRIMARY_GROUP))
{
PTOKEN_PRIMARY_GROUP tpg = (PTOKEN_PRIMARY_GROUP)TokenInformation;
PSID InputSid = NULL, CapturedSid;
-
+
_SEH2_TRY
{
InputSid = tpg->PrimaryGroup;
_SEH2_YIELD(return _SEH2_GetExceptionCode());
}
_SEH2_END;
-
+
Status = SepCaptureSid(InputSid,
PreviousMode,
PagedPool,
FALSE,
&CapturedSid);
- if(NT_SUCCESS(Status))
+ if (NT_SUCCESS(Status))
{
RtlCopySid(RtlLengthSid(CapturedSid),
Token->PrimaryGroup,
}
break;
}
-
+
case TokenDefaultDacl:
{
- if(TokenInformationLength >= sizeof(TOKEN_DEFAULT_DACL))
+ if (TokenInformationLength >= sizeof(TOKEN_DEFAULT_DACL))
{
PTOKEN_DEFAULT_DACL tdd = (PTOKEN_DEFAULT_DACL)TokenInformation;
PACL InputAcl = NULL;
-
+
_SEH2_TRY
{
InputAcl = tdd->DefaultDacl;
}
_SEH2_END;
- if(InputAcl != NULL)
+ if (InputAcl != NULL)
{
PACL CapturedAcl;
PagedPool,
TRUE,
&CapturedAcl);
- if(NT_SUCCESS(Status))
+ if (NT_SUCCESS(Status))
{
/* free the previous dacl if present */
if(Token->DefaultDacl != NULL)
else
{
/* clear and free the default dacl if present */
- if(Token->DefaultDacl != NULL)
+ if (Token->DefaultDacl != NULL)
{
ExFreePool(Token->DefaultDacl);
Token->DefaultDacl = NULL;
}
break;
}
-
+
case TokenSessionId:
{
ULONG SessionId = 0;
-
+
_SEH2_TRY
{
/* buffer size was already verified, no need to check here again */
_SEH2_YIELD(return _SEH2_GetExceptionCode());
}
_SEH2_END;
-
- if(!SeSinglePrivilegeCheck(SeTcbPrivilege,
- PreviousMode))
+
+ if (!SeSinglePrivilegeCheck(SeTcbPrivilege,
+ PreviousMode))
{
Status = STATUS_PRIVILEGE_NOT_HELD;
break;
Token->SessionId = SessionId;
break;
}
-
+
default:
{
Status = STATUS_NOT_IMPLEMENTED;
break;
}
}
-
+
ObDereferenceObject(Token);
}
-
- return(Status);
+
+ return Status;
}
PSECURITY_QUALITY_OF_SERVICE CapturedSecurityQualityOfService;
BOOLEAN QoSPresent;
NTSTATUS Status;
-
+
PAGED_CODE();
-
+
PreviousMode = KeGetPreviousMode();
-
+
if (PreviousMode != KernelMode)
{
_SEH2_TRY
}
_SEH2_END;
}
-
+
Status = SepCaptureSecurityQualityOfService(ObjectAttributes,
PreviousMode,
PagedPool,
FALSE,
&CapturedSecurityQualityOfService,
&QoSPresent);
- if(!NT_SUCCESS(Status))
+ if (!NT_SUCCESS(Status))
{
DPRINT1("NtDuplicateToken() failed to capture QoS! Status: 0x%x\n", Status);
return Status;
}
-
+
Status = ObReferenceObjectByHandle(ExistingTokenHandle,
TOKEN_DUPLICATE,
SepTokenObjectType,
(QoSPresent ? CapturedSecurityQualityOfService->ImpersonationLevel : SecurityAnonymous),
PreviousMode,
&NewToken);
-
+
ObDereferenceObject(Token);
-
+
if (NT_SUCCESS(Status))
{
Status = ObInsertObject((PVOID)NewToken,
0,
NULL,
&hToken);
-
+
if (NT_SUCCESS(Status))
{
_SEH2_TRY
}
}
}
-
+
/* free the captured structure */
SepReleaseSecurityQualityOfService(CapturedSecurityQualityOfService,
PreviousMode,
FALSE);
-
+
return Status;
}
* @implemented
*/
NTSTATUS NTAPI
-NtAdjustPrivilegesToken (IN HANDLE TokenHandle,
- IN BOOLEAN DisableAllPrivileges,
- IN PTOKEN_PRIVILEGES NewState,
- IN ULONG BufferLength,
- OUT PTOKEN_PRIVILEGES PreviousState OPTIONAL,
- OUT PULONG ReturnLength OPTIONAL)
+NtAdjustPrivilegesToken(IN HANDLE TokenHandle,
+ IN BOOLEAN DisableAllPrivileges,
+ IN PTOKEN_PRIVILEGES NewState,
+ IN ULONG BufferLength,
+ OUT PTOKEN_PRIVILEGES PreviousState OPTIONAL,
+ OUT PULONG ReturnLength OPTIONAL)
{
// PLUID_AND_ATTRIBUTES Privileges;
KPROCESSOR_MODE PreviousMode;
ULONG c;
#endif
NTSTATUS Status;
-
+
PAGED_CODE();
-
+
DPRINT ("NtAdjustPrivilegesToken() called\n");
-
+
// PrivilegeCount = NewState->PrivilegeCount;
PreviousMode = KeGetPreviousMode ();
// SeCaptureLuidAndAttributesArray(NewState->Privileges,
// 1,
// &Privileges,
// &Length);
-
+
Status = ObReferenceObjectByHandle (TokenHandle,
TOKEN_ADJUST_PRIVILEGES | (PreviousState != NULL ? TOKEN_QUERY : 0),
SepTokenObjectType,
// 0);
return Status;
}
-
-
+
+
#if 0
SepAdjustPrivileges(Token,
0,
&b,
&c);
#endif
-
+
PrivilegeCount = (BufferLength - FIELD_OFFSET(TOKEN_PRIVILEGES, Privileges)) /
sizeof(LUID_AND_ATTRIBUTES);
-
+
if (PreviousState != NULL)
PreviousState->PrivilegeCount = 0;
-
+
k = 0;
if (DisableAllPrivileges == TRUE)
{
if (Token->Privileges[i].Attributes != 0)
{
DPRINT ("Attributes differ\n");
-
+
/* Save current privilege */
if (PreviousState != NULL)
{
* accordingly and fail.
*/
}
+
k++;
}
-
+
/* Update current privlege */
Token->Privileges[i].Attributes &= ~SE_PRIVILEGE_ENABLED;
}
}
+
Status = STATUS_SUCCESS;
}
else
Token->Privileges[i].Luid.HighPart == NewState->Privileges[j].Luid.HighPart)
{
DPRINT ("Found privilege\n");
-
+
if ((Token->Privileges[i].Attributes & SE_PRIVILEGE_ENABLED) !=
(NewState->Privileges[j].Attributes & SE_PRIVILEGE_ENABLED))
{
DPRINT ("Current attributes %lx desired attributes %lx\n",
Token->Privileges[i].Attributes,
NewState->Privileges[j].Attributes);
-
+
/* Save current privilege */
if (PreviousState != NULL)
{
* accordingly and fail.
*/
}
+
k++;
}
-
+
/* Update current privlege */
Token->Privileges[i].Attributes &= ~SE_PRIVILEGE_ENABLED;
Token->Privileges[i].Attributes |=
DPRINT ("New attributes %lx\n",
Token->Privileges[i].Attributes);
}
+
Count++;
}
}
}
+
Status = Count < NewState->PrivilegeCount ? STATUS_NOT_ALL_ASSIGNED : STATUS_SUCCESS;
}
-
+
if (ReturnLength != NULL)
{
*ReturnLength = sizeof(TOKEN_PRIVILEGES) +
(sizeof(LUID_AND_ATTRIBUTES) * (k - 1));
}
-
+
ObDereferenceObject (Token);
-
+
// SeReleaseLuidAndAttributesArray(Privileges,
// PreviousMode,
// 0);
-
+
DPRINT ("NtAdjustPrivilegesToken() done\n");
-
+
return Status;
}
ULONG nTokenPrivileges = 0;
LARGE_INTEGER LocalExpirationTime = {{0, 0}};
NTSTATUS Status;
-
+
PAGED_CODE();
-
+
PreviousMode = ExGetPreviousMode();
-
- if(PreviousMode != KernelMode)
+
+ if (PreviousMode != KernelMode)
{
_SEH2_TRY
{
nTokenPrivileges = TokenPrivileges->PrivilegeCount;
LocalExpirationTime = *ExpirationTime;
}
-
+
Status = SepCreateToken(&hToken,
PreviousMode,
DesiredAccess,
}
_SEH2_END;
}
-
+
return Status;
}
PACL Dacl = NULL;
KPROCESSOR_MODE PreviousMode;
NTSTATUS Status;
-
+
PAGED_CODE();
-
+
PreviousMode = ExGetPreviousMode();
-
+
if (PreviousMode != KernelMode)
{
_SEH2_TRY
}
_SEH2_END;
}
-
+
/*
* At first open the thread token for information access and verify
* that the token associated with thread is valid.
*/
-
+
Status = ObReferenceObjectByHandle(ThreadHandle, THREAD_QUERY_INFORMATION,
PsThreadType, PreviousMode, (PVOID*)&Thread,
NULL);
{
return Status;
}
-
+
Token = PsReferenceImpersonationToken(Thread, &CopyOnOpen, &EffectiveOnly,
&ImpersonationLevel);
if (Token == NULL)
ObDereferenceObject(Thread);
return STATUS_NO_TOKEN;
}
-
+
if (ImpersonationLevel == SecurityAnonymous)
{
PsDereferenceImpersonationToken(Token);
ObDereferenceObject(Thread);
return STATUS_CANT_OPEN_ANONYMOUS;
}
-
+
/*
* Revert to self if OpenAsSelf is specified.
*/
-
+
if (OpenAsSelf)
{
PsDisableImpersonation(PsGetCurrentThread(), &ImpersonationState);
}
-
+
if (CopyOnOpen)
{
Status = ObReferenceObjectByHandle(ThreadHandle, THREAD_ALL_ACCESS,
if (NT_SUCCESS(Status))
{
PrimaryToken = PsReferencePrimaryToken(NewThread->ThreadsProcess);
-
+
Status = SepCreateImpersonationTokenDacl(Token, PrimaryToken, &Dacl);
ObFastDereferenceObject(&NewThread->ThreadsProcess->Token, PrimaryToken);
-
+
if (NT_SUCCESS(Status))
{
if (Dacl)
RtlSetDaclSecurityDescriptor(&SecurityDescriptor, TRUE, Dacl,
FALSE);
}
-
+
InitializeObjectAttributes(&ObjectAttributes, NULL, HandleAttributes,
NULL, Dacl ? &SecurityDescriptor : NULL);
-
+
Status = SepDuplicateToken(Token, &ObjectAttributes, EffectiveOnly,
TokenImpersonation, ImpersonationLevel,
NULL, DesiredAccess, SepTokenObjectType,
PreviousMode, &hToken);
}
-
+
if (Dacl) ExFreePool(Dacl);
-
+
if (OpenAsSelf)
{
PsRestoreImpersonation(PsGetCurrentThread(), &ImpersonationState);
}
-
+
ObDereferenceObject(Token);
-
+
if (NT_SUCCESS(Status) && CopyOnOpen)
{
PsImpersonateClient(Thread, NewToken, FALSE, EffectiveOnly, ImpersonationLevel);
}
-
+
if (NewToken) ObDereferenceObject(NewToken);
if (CopyOnOpen && NewThread) ObDereferenceObject(NewThread);
- if(NT_SUCCESS(Status))
+ if (NT_SUCCESS(Status))
{
_SEH2_TRY
{
}
_SEH2_END;
}
-
+
return Status;
}
PTOKEN FirstToken, SecondToken;
BOOLEAN IsEqual;
NTSTATUS Status;
-
+
PAGED_CODE();
-
+
PreviousMode = ExGetPreviousMode();
-
+
if (PreviousMode != KernelMode)
{
_SEH2_TRY
}
_SEH2_END;
}
-
+
Status = ObReferenceObjectByHandle(FirstTokenHandle,
TOKEN_QUERY,
SepTokenObjectType,
NULL);
if (!NT_SUCCESS(Status))
return Status;
-
+
Status = ObReferenceObjectByHandle(SecondTokenHandle,
TOKEN_QUERY,
SepTokenObjectType,
ObDereferenceObject(FirstToken);
return Status;
}
-
+
if (FirstToken != SecondToken)
{
Status = SepCompareTokens(FirstToken,
}
else
IsEqual = TRUE;
-
+
ObDereferenceObject(FirstToken);
ObDereferenceObject(SecondToken);
-
+
if (NT_SUCCESS(Status))
{
_SEH2_TRY
}
_SEH2_END;
}
-
+
return Status;
}