[NTOS:SE] Create the anonymous logon tokens on Security initialisation phase

2024-06-25 23:41:35 +00:00 · 2021-03-13 20:32:18 +01:00 · 2021-03-13 20:32:18 +01:00 · 5b5b814af8
parent fe0f9d8646
commit 5b5b814af8
2 changed files with 16 additions and 0 deletions
--- a/ntoskrnl/include/internal/se.h
+++ b/ntoskrnl/include/internal/se.h
@ -198,6 +198,10 @@ extern PSECURITY_DESCRIPTOR SeSystemDefaultSd;
 extern PSECURITY_DESCRIPTOR SeUnrestrictedSd;
 extern PSECURITY_DESCRIPTOR SeSystemAnonymousLogonSd;

+/* Anonymous Logon Tokens */
+extern PTOKEN SeAnonymousLogonToken;
+extern PTOKEN SeAnonymousLogonTokenNoEveryone;
+

 #define SepAcquireTokenLockExclusive(Token)                                    \
 {                                                                              \
--- a/ntoskrnl/se/semgr.c
+++ b/ntoskrnl/se/semgr.c
@ -15,6 +15,8 @@

 /* GLOBALS ********************************************************************/

+PTOKEN SeAnonymousLogonToken = NULL;
+PTOKEN SeAnonymousLogonTokenNoEveryone = NULL;
 PSE_EXPORTS SeExports = NULL;
 SE_EXPORTS SepExports;
 ULONG SidInTokenCalls = 0;
@ -122,6 +124,16 @@ SepInitializationPhase0(VOID)
    ObInitializeFastReference(&PsGetCurrentProcess()->Token, NULL);
    ObInitializeFastReference(&PsGetCurrentProcess()->Token,
                              SepCreateSystemProcessToken());
+
+    /* Initialise the anonymous logon tokens */
+    SeAnonymousLogonToken = SepCreateSystemAnonymousLogonToken();
+    if (!SeAnonymousLogonToken)
+        return FALSE;
+
+    SeAnonymousLogonTokenNoEveryone = SepCreateSystemAnonymousLogonTokenNoEveryone();
+    if (!SeAnonymousLogonTokenNoEveryone)
+        return FALSE;
+
    return TRUE;
 }