static const INFORMATION_CLASS_INFO SeTokenInformationClass[] = {
- /* Class 0 not used, blame M$! */
+ /* Class 0 not used, blame MS! */
ICI_SQ_SAME( 0, 0, 0),
/* TokenUser */
}
/* Mark new token in use */
- NewToken->TokenInUse = 1;
+ NewToken->TokenInUse = TRUE;
/* Reference the New Token */
ObReferenceObject(NewToken);
OldToken = ObFastReplaceObject(&Process->Token, NewToken);
/* Mark the Old Token as free */
- OldToken->TokenInUse = 0;
+ OldToken->TokenInUse = FALSE;
*OldTokenP = (PACCESS_TOKEN)OldToken;
return STATUS_SUCCESS;
OldToken = ObFastReplaceObject(&Process->Token, NULL);
/* Mark the Old Token as free */
- OldToken->TokenInUse = 0;
+ OldToken->TokenInUse = FALSE;
/* Dereference the Token */
ObDereferenceObject(OldToken);
{
ULONG i;
- Token->PrimaryGroup = 0;
+ Token->PrimaryGroup = NULL;
if (DefaultOwner)
{
return STATUS_INVALID_OWNER;
}
- if (Token->PrimaryGroup == 0)
+ if (Token->PrimaryGroup == NULL)
{
return STATUS_INVALID_PRIMARY_GROUP;
}
NTSTATUS
NTAPI
-SepDuplicateToken(PTOKEN Token,
- POBJECT_ATTRIBUTES ObjectAttributes,
- BOOLEAN EffectiveOnly,
- TOKEN_TYPE TokenType,
- SECURITY_IMPERSONATION_LEVEL Level,
- KPROCESSOR_MODE PreviousMode,
- PTOKEN* NewAccessToken)
+SepDuplicateToken(
+ _In_ PTOKEN Token,
+ _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes,
+ _In_ BOOLEAN EffectiveOnly,
+ _In_ TOKEN_TYPE TokenType,
+ _In_ SECURITY_IMPERSONATION_LEVEL Level,
+ _In_ KPROCESSOR_MODE PreviousMode,
+ _Out_ PTOKEN* NewAccessToken)
{
ULONG uLength;
ULONG i;
(PVOID*)&AccessToken);
if (!NT_SUCCESS(Status))
{
- DPRINT1("ObCreateObject() failed (Status %lx)\n", Status);
+ DPRINT1("ObCreateObject() failed (Status 0x%lx)\n", Status);
return Status;
}
0,
NULL,
NULL);
+
Status = SepDuplicateToken(Token,
&ObjectAttributes,
FALSE,
ObInitializeFastReference(&Process->Token, Token);
}
-
NTSTATUS
NTAPI
-SepCreateToken(OUT PHANDLE TokenHandle,
- IN KPROCESSOR_MODE PreviousMode,
- IN ACCESS_MASK DesiredAccess,
- IN POBJECT_ATTRIBUTES ObjectAttributes,
- IN TOKEN_TYPE TokenType,
- IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel,
- IN PLUID AuthenticationId,
- IN PLARGE_INTEGER ExpirationTime,
- IN PSID_AND_ATTRIBUTES User,
- IN ULONG GroupCount,
- IN PSID_AND_ATTRIBUTES Groups,
- IN ULONG GroupLength,
- IN ULONG PrivilegeCount,
- IN PLUID_AND_ATTRIBUTES Privileges,
- IN PSID Owner,
- IN PSID PrimaryGroup,
- IN PACL DefaultDacl,
- IN PTOKEN_SOURCE TokenSource,
- IN BOOLEAN SystemToken)
+SepCreateToken(
+ _Out_ PHANDLE TokenHandle,
+ _In_ KPROCESSOR_MODE PreviousMode,
+ _In_ ACCESS_MASK DesiredAccess,
+ _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes,
+ _In_ TOKEN_TYPE TokenType,
+ _In_ SECURITY_IMPERSONATION_LEVEL ImpersonationLevel,
+ _In_ PLUID AuthenticationId,
+ _In_ PLARGE_INTEGER ExpirationTime,
+ _In_ PSID_AND_ATTRIBUTES User,
+ _In_ ULONG GroupCount,
+ _In_ PSID_AND_ATTRIBUTES Groups,
+ _In_ ULONG GroupsLength,
+ _In_ ULONG PrivilegeCount,
+ _In_ PLUID_AND_ATTRIBUTES Privileges,
+ _In_opt_ PSID Owner,
+ _In_ PSID PrimaryGroup,
+ _In_opt_ PACL DefaultDacl,
+ _In_ PTOKEN_SOURCE TokenSource,
+ _In_ BOOLEAN SystemToken)
{
PTOKEN AccessToken;
LUID TokenId;
(PVOID*)&AccessToken);
if (!NT_SUCCESS(Status))
{
- DPRINT1("ObCreateObject() failed (Status %lx)\n", Status);
+ DPRINT1("ObCreateObject() failed (Status 0x%lx)\n", Status);
return Status;
}
if (!SystemToken)
{
- Status = ObInsertObject((PVOID)AccessToken,
+ Status = ObInsertObject(AccessToken,
NULL,
DesiredAccess,
0,
TokenHandle);
if (!NT_SUCCESS(Status))
{
- DPRINT1("ObInsertObject() failed (Status %lx)\n", Status);
+ DPRINT1("ObInsertObject() failed (Status 0x%lx)\n", Status);
}
}
else
SID_AND_ATTRIBUTES Groups[32];
LARGE_INTEGER Expiration;
SID_AND_ATTRIBUTES UserSid;
- ULONG GroupLength;
+ ULONG GroupsLength;
PSID PrimaryGroup;
OBJECT_ATTRIBUTES ObjectAttributes;
PSID Owner;
Groups[1].Attributes = GroupAttributes;
Groups[2].Sid = SeAuthenticatedUserSid;
Groups[2].Attributes = OwnerAttributes;
- GroupLength = sizeof(SID_AND_ATTRIBUTES) +
- SeLengthSid(Groups[0].Sid) +
- SeLengthSid(Groups[1].Sid) +
- SeLengthSid(Groups[2].Sid);
- ASSERT(GroupLength <= sizeof(Groups));
+ GroupsLength = sizeof(SID_AND_ATTRIBUTES) +
+ SeLengthSid(Groups[0].Sid) +
+ SeLengthSid(Groups[1].Sid) +
+ SeLengthSid(Groups[2].Sid);
+ ASSERT(GroupsLength <= sizeof(Groups));
/* Setup the privileges */
i = 0;
&UserSid,
3,
Groups,
- GroupLength,
+ GroupsLength,
20,
Privileges,
Owner,
* Unimplemented:
* TokenOrigin, TokenDefaultDacl
*/
-
NTSTATUS NTAPI
NtSetInformationToken(IN HANDLE TokenHandle,
IN TOKEN_INFORMATION_CLASS TokenInformationClass,
}
break;
-
}
-
case TokenAuditPolicy:
{
PTOKEN_AUDIT_POLICY_INFORMATION PolicyInformation =
if (NT_SUCCESS(Status))
{
- Status = ObInsertObject((PVOID)NewToken,
+ Status = ObInsertObject(NewToken,
NULL,
(DesiredAccess ? DesiredAccess : HandleInformation.GrantedAccess),
0,
if (DisableAllPrivileges == FALSE && NewState == NULL)
return STATUS_INVALID_PARAMETER;
- PreviousMode = KeGetPreviousMode ();
+ PreviousMode = KeGetPreviousMode();
if (PreviousMode != KernelMode)
{
_SEH2_TRY
NULL);
if (!NT_SUCCESS(Status))
{
- DPRINT1("Failed to reference token (Status %lx)\n", Status);
+ DPRINT1("Failed to reference token (Status 0x%lx)\n", Status);
/* Release the captured privileges */
if (CapturedPrivileges != NULL)
TokenHandle);
}
-
-
/*
* @unimplemented
*/
&IsEqual);
}
else
+ {
IsEqual = TRUE;
+ }
ObDereferenceObject(FirstToken);
ObDereferenceObject(SecondToken);