[NTOS:SE] Implement SECURITY_TOKEN_PROXY_DATA, SECURITY_TOKEN_AUDIT_D… (#3432)

ProxyData and AuditData are pointers to an arbitrary data, which instead, they should point to their respective data structures. This serves as preparation for SepFreeProxyData and SepCopyProxyData functions implementations in the future (regarding the proxy data stuff specifically). For further details: https://www.vergiliusproject.com/kernels/x86/Windows%202003/SP2/_TOKEN https://www.nirsoft.net/kernel_struct/vista/SECURITY_TOKEN_AUDIT_DATA.html https://www.nirsoft.net/kernel_struct/vista/SECURITY_TOKEN_PROXY_DATA.html https://www.nirsoft.net/kernel_struct/vista/PROXY_CLASS.html
2024-06-29 01:12:06 +00:00 · 2021-02-01 23:55:42 +01:00 · 2021-02-01 23:55:42 +01:00 · 1903b568b6
parent 34914ca220
commit 1903b568b6
2 changed files with 36 additions and 2 deletions
--- a/ntoskrnl/include/internal/tag.h
+++ b/ntoskrnl/include/internal/tag.h
@ -180,6 +180,7 @@
 #define TAG_TOKEN_DYNAMIC     'dTeS'
 #define TAG_SE_HANDLES_TAB    'aHeS'
 #define TAG_SE_DIR_BUFFER     'bDeS'
+#define TAG_SE_PROXY_DATA     'dPoT'

 /* LPC Tags */
 #define TAG_LPC_MESSAGE   'McpL'
--- a/sdk/include/ndk/setypes.h
+++ b/sdk/include/ndk/setypes.h
@ -108,6 +108,17 @@ typedef struct _TOKEN_ACCESS_INFORMATION
     SE_GROUP_INTEGRITY                                 |   \
     SE_GROUP_INTEGRITY_ENABLED)

+//
+// Proxy Class enumeration
+//
+typedef enum _PROXY_CLASS
+{
+    ProxyFull = 0,
+    ProxyService,
+    ProxyTree,
+    ProxyDirectory
+} PROXY_CLASS;
+
 //
 // Audit and Policy Structures
 //
@ -145,6 +156,28 @@ typedef struct _SE_AUDIT_PROCESS_CREATION_INFO
    POBJECT_NAME_INFORMATION ImageFileName;
 } SE_AUDIT_PROCESS_CREATION_INFO, *PSE_AUDIT_PROCESS_CREATION_INFO;

+//
+// Token Audit Data
+//
+typedef struct _SECURITY_TOKEN_AUDIT_DATA
+{
+    ULONG Length;
+    ULONG GrantMask;
+    ULONG DenyMask;
+} SECURITY_TOKEN_AUDIT_DATA, *PSECURITY_TOKEN_AUDIT_DATA;
+
+//
+// Token Proxy Data
+//
+typedef struct _SECURITY_TOKEN_PROXY_DATA
+{
+    ULONG Length;
+    PROXY_CLASS ProxyClass;
+    UNICODE_STRING PathInfo;
+    ULONG ContainerMask;
+    ULONG ObjectMask;
+} SECURITY_TOKEN_PROXY_DATA, *PSECURITY_TOKEN_PROXY_DATA;
+
 //
 // Token and auxiliary data
 //
@ -176,8 +209,8 @@ typedef struct _TOKEN
    SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;  /* 0x84 */
    ULONG TokenFlags;                                 /* 0x88 */
    BOOLEAN TokenInUse;                               /* 0x8C */
-    PVOID ProxyData;                                  /* 0x90 */
-    PVOID AuditData;                                  /* 0x94 */
+    PSECURITY_TOKEN_PROXY_DATA ProxyData;             /* 0x90 */
+    PSECURITY_TOKEN_AUDIT_DATA AuditData;             /* 0x94 */
    LUID OriginatingLogonSession;                     /* 0x98 */
    ULONG VariablePart;                               /* 0xA0 */
 } TOKEN, *PTOKEN;