diff --git a/modules/rostests/kmtests/ntos_se/SeQueryInfoToken.c b/modules/rostests/kmtests/ntos_se/SeQueryInfoToken.c index 2ddf864d086..f58bbc3b17e 100644 --- a/modules/rostests/kmtests/ntos_se/SeQueryInfoToken.c +++ b/modules/rostests/kmtests/ntos_se/SeQueryInfoToken.c @@ -279,7 +279,7 @@ START_TEST(SeQueryInfoToken) // Testing SeAppendPrivileges // //----------------------------------------------------------------// - InitialPrivilegeCount = AuxData->PrivilegeSet->PrivilegeCount; + InitialPrivilegeCount = AuxData->PrivilegesUsed->PrivilegeCount; trace("Initial privilege count = %lu\n", InitialPrivilegeCount); // Testing SeAppendPrivileges. Must change PrivilegeCount to 2 (1 + 1) @@ -291,7 +291,7 @@ START_TEST(SeQueryInfoToken) Status = SeAppendPrivileges(AccessState, NewPrivilegeSet); ok(Status == STATUS_SUCCESS, "SeAppendPrivileges failed\n"); - ok_eq_ulong(AuxData->PrivilegeSet->PrivilegeCount, InitialPrivilegeCount + 1); + ok_eq_ulong(AuxData->PrivilegesUsed->PrivilegeCount, InitialPrivilegeCount + 1); ExFreePoolWithTag(NewPrivilegeSet, 'QSmK'); //----------------------------------------------------------------// @@ -305,7 +305,7 @@ START_TEST(SeQueryInfoToken) Status = SeAppendPrivileges(AccessState, NewPrivilegeSet); ok(Status == STATUS_SUCCESS, "SeAppendPrivileges failed\n"); - ok_eq_ulong(AuxData->PrivilegeSet->PrivilegeCount, InitialPrivilegeCount + 5); + ok_eq_ulong(AuxData->PrivilegesUsed->PrivilegeCount, InitialPrivilegeCount + 5); ExFreePoolWithTag(NewPrivilegeSet, 'QSmK'); //----------------------------------------------------------------// @@ -313,14 +313,14 @@ START_TEST(SeQueryInfoToken) //----------------------------------------------------------------// // KPROCESSOR_MODE is set to KernelMode ===> Always return TRUE - ok(SePrivilegeCheck(AuxData->PrivilegeSet, &(AccessState->SubjectSecurityContext), KernelMode), "SePrivilegeCheck failed with KernelMode mode arg\n"); + ok(SePrivilegeCheck(AuxData->PrivilegesUsed, &(AccessState->SubjectSecurityContext), KernelMode), "SePrivilegeCheck failed with KernelMode mode arg\n"); // and call it again - ok(SePrivilegeCheck(AuxData->PrivilegeSet, &(AccessState->SubjectSecurityContext), KernelMode), "SePrivilegeCheck failed with KernelMode mode arg\n"); + ok(SePrivilegeCheck(AuxData->PrivilegesUsed, &(AccessState->SubjectSecurityContext), KernelMode), "SePrivilegeCheck failed with KernelMode mode arg\n"); //----------------------------------------------------------------// // KPROCESSOR_MODE is set to UserMode. Expect false - ok(!SePrivilegeCheck(AuxData->PrivilegeSet, &(AccessState->SubjectSecurityContext), UserMode), "SePrivilegeCheck unexpected success with UserMode arg\n"); + ok(!SePrivilegeCheck(AuxData->PrivilegesUsed, &(AccessState->SubjectSecurityContext), UserMode), "SePrivilegeCheck unexpected success with UserMode arg\n"); //----------------------------------------------------------------// @@ -345,8 +345,8 @@ START_TEST(SeQueryInfoToken) ok((Privileges != NULL), "Privileges is NULL\n"); if (Privileges) { - trace("AuxData->PrivilegeSet->PrivilegeCount = %d ; Privileges->PrivilegeCount = %d\n", - AuxData->PrivilegeSet->PrivilegeCount, Privileges->PrivilegeCount); + trace("AuxData->PrivilegesUsed->PrivilegeCount = %d ; Privileges->PrivilegeCount = %d\n", + AuxData->PrivilegesUsed->PrivilegeCount, Privileges->PrivilegeCount); } if (Privileges) SeFreePrivileges(Privileges); @@ -375,16 +375,16 @@ START_TEST(SeQueryInfoToken) NewPrivilegeSet->PrivilegeCount = 14; ok((SeAppendPrivileges(AccessState, NewPrivilegeSet)) == STATUS_SUCCESS, "SeAppendPrivileges failed\n"); - ok_eq_ulong(AuxData->PrivilegeSet->PrivilegeCount, InitialPrivilegeCount + 19); + ok_eq_ulong(AuxData->PrivilegesUsed->PrivilegeCount, InitialPrivilegeCount + 19); ExFreePoolWithTag(NewPrivilegeSet, 'QSmK'); - for (i = 0; i < AuxData->PrivilegeSet->PrivilegeCount; i++) + for (i = 0; i < AuxData->PrivilegesUsed->PrivilegeCount; i++) { - AuxData->PrivilegeSet->Privilege[i].Attributes = TPrivileges->Privileges[i].Attributes; - AuxData->PrivilegeSet->Privilege[i].Luid = TPrivileges->Privileges[i].Luid; + AuxData->PrivilegesUsed->Privilege[i].Attributes = TPrivileges->Privileges[i].Attributes; + AuxData->PrivilegesUsed->Privilege[i].Luid = TPrivileges->Privileges[i].Luid; } - //trace("AccessState->privCount = %u\n\n", ((PAUX_ACCESS_DATA)(AccessState->AuxData))->PrivilegeSet->PrivilegeCount); + //trace("AccessState->privCount = %u\n\n", ((PAUX_ACCESS_DATA)(AccessState->AuxData))->PrivilegesUsed->PrivilegeCount); - ok(SePrivilegeCheck(AuxData->PrivilegeSet, &(AccessState->SubjectSecurityContext), UserMode), "SePrivilegeCheck fails in UserMode, but I wish it will success\n"); + ok(SePrivilegeCheck(AuxData->PrivilegesUsed, &(AccessState->SubjectSecurityContext), UserMode), "SePrivilegeCheck fails in UserMode, but I wish it will success\n"); } } @@ -407,8 +407,8 @@ START_TEST(SeQueryInfoToken) ok((Privileges != NULL), "Privileges is NULL\n"); if (Privileges) { - trace("AuxData->PrivilegeSet->PrivilegeCount = %d ; Privileges->PrivilegeCount = %d\n", - AuxData->PrivilegeSet->PrivilegeCount, Privileges->PrivilegeCount); + trace("AuxData->PrivilegesUsed->PrivilegeCount = %d ; Privileges->PrivilegeCount = %d\n", + AuxData->PrivilegesUsed->PrivilegeCount, Privileges->PrivilegeCount); } if (Privileges) SeFreePrivileges(Privileges); diff --git a/ntoskrnl/ob/obhandle.c b/ntoskrnl/ob/obhandle.c index 28a2fc77e36..530e32fbfaf 100644 --- a/ntoskrnl/ob/obhandle.c +++ b/ntoskrnl/ob/obhandle.c @@ -1647,8 +1647,8 @@ ObpCreateHandle(IN OB_OPEN_REASON OpenReason, if (OpenReason == ObCreateHandle) { /* Check if we need to audit the privileges */ - if ((AuxData->PrivilegeSet) && - (AuxData->PrivilegeSet->PrivilegeCount)) + if ((AuxData->PrivilegesUsed) && + (AuxData->PrivilegesUsed->PrivilegeCount)) { /* Do the audit */ #if 0 @@ -1656,7 +1656,7 @@ ObpCreateHandle(IN OB_OPEN_REASON OpenReason, &AccessState-> SubjectSecurityContext, GrantedAccess, - AuxData->PrivilegeSet, + AuxData->PrivilegesUsed, TRUE, ExGetPreviousMode()); #endif diff --git a/ntoskrnl/se/access.c b/ntoskrnl/se/access.c index d9eacc550c7..d1ecd5bd571 100644 --- a/ntoskrnl/se/access.c +++ b/ntoskrnl/se/access.c @@ -88,7 +88,7 @@ SeCreateAccessStateEx( } /* Set the Auxiliary Data */ - AuxData->PrivilegeSet = (PPRIVILEGE_SET)((ULONG_PTR)AccessState + + AuxData->PrivilegesUsed = (PPRIVILEGE_SET)((ULONG_PTR)AccessState + FIELD_OFFSET(ACCESS_STATE, Privileges)); if (GenericMapping) AuxData->GenericMapping = *GenericMapping; @@ -158,7 +158,7 @@ SeDeleteAccessState( /* Deallocate Privileges */ if (AccessState->PrivilegesAllocated) - ExFreePoolWithTag(AuxData->PrivilegeSet, TAG_PRIVILEGE_SET); + ExFreePoolWithTag(AuxData->PrivilegesUsed, TAG_PRIVILEGE_SET); /* Deallocate Name and Type Name */ if (AccessState->ObjectName.Buffer) diff --git a/ntoskrnl/se/priv.c b/ntoskrnl/se/priv.c index a147d2bd2b7..c7f284d293d 100644 --- a/ntoskrnl/se/priv.c +++ b/ntoskrnl/se/priv.c @@ -601,9 +601,9 @@ SeAppendPrivileges( /* Calculate the size of the old privilege set */ OldPrivilegeSetSize = sizeof(PRIVILEGE_SET) + - (AuxData->PrivilegeSet->PrivilegeCount - 1) * sizeof(LUID_AND_ATTRIBUTES); + (AuxData->PrivilegesUsed->PrivilegeCount - 1) * sizeof(LUID_AND_ATTRIBUTES); - if (AuxData->PrivilegeSet->PrivilegeCount + + if (AuxData->PrivilegesUsed->PrivilegeCount + Privileges->PrivilegeCount > INITIAL_PRIVILEGE_COUNT) { /* Calculate the size of the new privilege set */ @@ -619,7 +619,7 @@ SeAppendPrivileges( /* Copy original privileges from the acess state */ RtlCopyMemory(PrivilegeSet, - AuxData->PrivilegeSet, + AuxData->PrivilegesUsed, OldPrivilegeSetSize); /* Append privileges from the privilege set*/ @@ -632,23 +632,23 @@ SeAppendPrivileges( /* Free the old privilege set if it was allocated */ if (AccessState->PrivilegesAllocated != FALSE) - ExFreePoolWithTag(AuxData->PrivilegeSet, TAG_PRIVILEGE_SET); + ExFreePoolWithTag(AuxData->PrivilegesUsed, TAG_PRIVILEGE_SET); /* Now we are using an allocated privilege set */ AccessState->PrivilegesAllocated = TRUE; /* Assign the new privileges to the access state */ - AuxData->PrivilegeSet = PrivilegeSet; + AuxData->PrivilegesUsed = PrivilegeSet; } else { /* Append privileges */ - RtlCopyMemory((PVOID)((ULONG_PTR)AuxData->PrivilegeSet + OldPrivilegeSetSize), + RtlCopyMemory((PVOID)((ULONG_PTR)AuxData->PrivilegesUsed + OldPrivilegeSetSize), (PVOID)((ULONG_PTR)Privileges + sizeof(PRIVILEGE_SET) - sizeof(LUID_AND_ATTRIBUTES)), Privileges->PrivilegeCount * sizeof(LUID_AND_ATTRIBUTES)); /* Adjust the number of privileges in the target privilege set */ - AuxData->PrivilegeSet->PrivilegeCount += Privileges->PrivilegeCount; + AuxData->PrivilegesUsed->PrivilegeCount += Privileges->PrivilegeCount; } return STATUS_SUCCESS; diff --git a/sdk/include/ndk/setypes.h b/sdk/include/ndk/setypes.h index 1f54e097318..d9fe4c4f9b6 100644 --- a/sdk/include/ndk/setypes.h +++ b/sdk/include/ndk/setypes.h @@ -255,9 +255,24 @@ typedef struct _TOKEN typedef struct _AUX_ACCESS_DATA { - PPRIVILEGE_SET PrivilegeSet; + PPRIVILEGE_SET PrivilegesUsed; GENERIC_MAPPING GenericMapping; - ULONG Reserved; + ACCESS_MASK AccessesToAudit; + ACCESS_MASK MaximumAuditMask; +#if (NTDDI_VERSION >= NTDDI_LONGHORN) + GUID TransactionId; +#endif +#if (NTDDI_VERSION >= NTDDI_WIN7) + PVOID NewSecurityDescriptor; + PVOID ExistingSecurityDescriptor; + PVOID ParentSecurityDescriptor; + VOID (NTAPI *DerefSecurityDescriptor)(PVOID, PVOID); + PVOID SDLock; + ACCESS_REASONS AccessReasons; +#endif +#if (NTDDI_VERSION >= NTDDI_WIN8) + BOOLEAN GenerateStagingEvents; +#endif } AUX_ACCESS_DATA, *PAUX_ACCESS_DATA; //