Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2024-06-26 07:51:52 +00:00
Code Issues Packages Projects Releases Wiki Activity

Implemented more security functions

Browse source 
Moved general security types into new header file
Implemented ThreadImpersonationToken info class
Bug fixes to queuing code

svn path=/trunk/; revision=919
This commit is contained in:
David Welch 2000-01-05 21:57:00 +00:00
parent 453f513ed3
commit 623093eaaa
18 changed files with 1016 additions and 431 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

26
reactos/include/base.h
View file

@ -88,17 +88,6 @@ typedef CHAR *PCH;
typedef void *HANDLE;
typedef char CCHAR;
typedef enum _SECURITY_IMPERSONATION_LEVEL {
SecurityAnonymous,
SecurityIdentification,
SecurityImpersonation,
SecurityDelegation
} SECURITY_IMPERSONATION_LEVEL;
typedef enum tagTOKEN_TYPE {
TokenPrimary = 1,
TokenImpersonation
} TOKEN_TYPE;
#define FALSE 0
#define TRUE 1
@ -403,21 +392,6 @@ typedef enum _SID_NAME_USE {
SidTypeUnknown
} SID_NAME_USE, *PSID_NAME_USE;
#define TOKEN_INFORMATION_CLASS_DEFINED 1
typedef enum _TOKEN_INFORMATION_CLASS {
TokenUser = 1,
TokenGroups,
TokenPrivileges,
TokenOwner,
TokenPrimaryGroup,
TokenDefaultDacl,
TokenSource,
TokenType,
TokenImpersonationLevel,
TokenStatistics
} TOKEN_INFORMATION_CLASS;
#endif /* ! defined (RC_INVOKED) */
/*

15
reactos/include/ddk/psfuncs.h
View file

@ -1,4 +1,11 @@
PACCESS_TOKEN PsReferenceEffectiveToken(PETHREAD Thread,
PTOKEN_TYPE TokenType,
PUCHAR b,
PSECURITY_IMPERSONATION_LEVEL Level);
NTSTATUS PsOpenTokenOfProcess(HANDLE ProcessHandle,
PACCESS_TOKEN* Token);
HANDLE PsGetCurrentProcessId(VOID);
HANDLE PsGetCurrentThreadId(VOID);
@ -41,3 +48,11 @@ PACCESS_TOKEN PsReferenceImpersonationToken(PETHREAD Thread,
SECURITY_IMPERSONATION_LEVEL*
Level);
PACCESS_TOKEN PsReferencePrimaryToken(PEPROCESS Process);
NTSTATUS PsAssignImpersonationToken(PETHREAD Thread,
HANDLE TokenHandle);
VOID PsImpersonateClient(PETHREAD Thread,
PACCESS_TOKEN Token,
UCHAR b,
UCHAR c,
SECURITY_IMPERSONATION_LEVEL Level);

47
reactos/include/ddk/pstypes.h
View file

@ -271,30 +271,31 @@ typedef struct _TOP_LEVEL_IRP
typedef struct
{
PACCESS_TOKEN Token;
UCHAR Unknown1;
UCHAR Unknown2;
UCHAR Pad[2];
SECURITY_IMPERSONATION_LEVEL Level;
} IMPERSONATION_INFO, *PIMPERSONATION_INFO;
PACCESS_TOKEN Token; // 0x0
UCHAR Unknown1; // 0x4
UCHAR Unknown2; // 0x5
UCHAR Pad[2]; // 0x6
SECURITY_IMPERSONATION_LEVEL Level; // 0x8
} PS_IMPERSONATION_INFO, *PPS_IMPERSONATION_INFO;
typedef struct _ETHREAD {
KTHREAD Tcb;
TIME CreateTime;
TIME ExitTime;
NTSTATUS ExitStatus;
LIST_ENTRY PostBlockList;
LIST_ENTRY TerminationPortList;
ULONG ActiveTimerListLock;
PVOID ActiveTimerListHead;
CLIENT_ID Cid;
PLARGE_INTEGER LpcReplySemaphore;
PVOID LpcReplyMessage;
PLARGE_INTEGER LpcReplyMessageId;
PIMPERSONATION_INFO ImpersonationInfo;
LIST_ENTRY IrpList; //
TOP_LEVEL_IRP TopLevelIrp;
ULONG ReadClusterSize;
typedef struct _ETHREAD
{
KTHREAD Tcb;
TIME CreateTime;
TIME ExitTime;
NTSTATUS ExitStatus;
LIST_ENTRY PostBlockList;
LIST_ENTRY TerminationPortList;
ULONG ActiveTimerListLock;
PVOID ActiveTimerListHead;
CLIENT_ID Cid;
PLARGE_INTEGER LpcReplySemaphore;
PVOID LpcReplyMessage;
PLARGE_INTEGER LpcReplyMessageId;
PPS_IMPERSONATION_INFO ImpersonationInfo;
LIST_ENTRY IrpList; //
TOP_LEVEL_IRP TopLevelIrp;
ULONG ReadClusterSize;
UCHAR ForwardClusterOnly;
UCHAR DisablePageFaultClustering;
UCHAR DeadThread;

14
reactos/include/ddk/sefuncs.h
View file

@ -1,6 +1,6 @@
#ifndef _INCLUDE_DDK_SEFUNCS_H
#define _INCLUDE_DDK_SEFUNCS_H
/* $Id: sefuncs.h,v 1.3 1999/12/26 17:22:18 ea Exp $ */
/* $Id: sefuncs.h,v 1.4 2000/01/05 21:56:58 dwelch Exp $ */
NTSTATUS STDCALL RtlCreateSecurityDescriptor (PSECURITY_DESCRIPTOR SecurityDescriptor, ULONG Revision);
BOOLEAN STDCALL RtlValidSecurityDescriptor (PSECURITY_DESCRIPTOR SecurityDescriptor);
ULONG STDCALL RtlLengthSecurityDescriptor (PSECURITY_DESCRIPTOR SecurityDescriptor);
@ -16,7 +16,7 @@ PULONG STDCALL RtlSubAuthoritySid (PSID Sid, ULONG SubAuthority);
BOOLEAN STDCALL RtlEqualSid(PSID Sid1, PSID Sid2);
NTSTATUS STDCALL RtlAbsoluteToSelfRelativeSD (PSECURITY_DESCRIPTOR AbsSD, PSECURITY_DESCRIPTOR RelSD, PULONG BufferLength);
BOOLEAN STDCALL SeAccessCheck (IN PSECURITY_DESCRIPTOR SecurityDescriptor,
IN PSECURITY_DESCRIPTOR_CONTEXT SubjectSecurityContext,
IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext,
IN BOOLEAN SubjectContextLocked,
IN ACCESS_MASK DesiredAccess,
IN ACCESS_MASK PreviouslyGrantedAccess,
@ -35,4 +35,14 @@ NTSTATUS STDCALL SeDeassignSecurity (PSECURITY_DESCRIPTOR* SecurityDescriptor);
BOOLEAN STDCALL SeSinglePrivilegeCheck (LUID PrivilegeValue, KPROCESSOR_MODE PreviousMode);
ULONG STDCALL RtlLengthSid (PSID Sid);
NTSTATUS STDCALL RtlCopySid(ULONG BufferLength, PSID Src, PSID Dest);
VOID SeImpersonateClient(PSE_SOME_STRUCT2 a,
PETHREAD Thread);
NTSTATUS SeCreateClientSecurity(PETHREAD Thread,
PSECURITY_QUALITY_OF_SERVICE Qos,
ULONG e,
PSE_SOME_STRUCT2 f);
#endif /* ndef _INCLUDE_DDK_SEFUNCS_H */

128
reactos/include/ddk/setypes.h
View file

@ -1,4 +1,4 @@
/* $Id: setypes.h,v 1.3 1999/12/26 17:22:18 ea Exp $
/* $Id: setypes.h,v 1.4 2000/01/05 21:56:58 dwelch Exp $
*
* COPYRIGHT: See COPYING in the top level directory for details
* PROJECT: ReactOS kernel
@ -12,6 +12,8 @@
#ifndef __INCLUDE_DDK_SETYPES_H
#define __INCLUDE_DDK_SETYPES_H
#include <security.h>
/* SID */
#define SECURITY_NULL_RID (0L)
#define SECURITY_WORLD_RID (0L)
@ -82,93 +84,24 @@
#define SE_PRIVILEGE_USED_FOR_ACCESS (0x80000000L)
#define PRIVILEGE_SET_ALL_NECESSARY (0x1)
typedef ULONG ACCESS_MASK;
typedef ULONG ACCESS_MODE, *PACCESS_MODE;
typedef struct _SECURITY_QUALITY_OF_SERVICE {
DWORD Length;
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
/* SECURITY_CONTEXT_TRACKING_MODE ContextTrackingMode; */
WINBOOL ContextTrackingMode;
BOOLEAN EffectiveOnly;
} SECURITY_QUALITY_OF_SERVICE;
typedef SECURITY_QUALITY_OF_SERVICE* PSECURITY_QUALITY_OF_SERVICE;
typedef struct _ACE_HEADER
{
CHAR AceType;
CHAR AceFlags;
USHORT AceSize;
ACCESS_MASK AccessMask;
} ACE_HEADER, *PACE_HEADER;
typedef struct
{
ACE_HEADER Header;
} ACE, *PACE;
typedef struct _SID_IDENTIFIER_AUTHORITY
{
BYTE Value[6];
} SID_IDENTIFIER_AUTHORITY, *PSID_IDENTIFIER_AUTHORITY;
#define SECURITY_WORLD_SID_AUTHORITY {0,0,0,0,0,1}
typedef struct _SID
{
UCHAR Revision;
UCHAR SubAuthorityCount;
SID_IDENTIFIER_AUTHORITY IdentifierAuthority;
ULONG SubAuthority[1];
} SID, *PSID;
typedef struct _ACL {
UCHAR AclRevision;
UCHAR Sbz1;
USHORT AclSize;
USHORT AceCount;
USHORT Sbz2;
} ACL, *PACL;
typedef USHORT SECURITY_DESCRIPTOR_CONTROL, *PSECURITY_DESCRIPTOR_CONTROL;
typedef struct _SECURITY_DESCRIPTOR_CONTEXT
{
} SECURITY_DESCRIPTOR_CONTEXT, *PSECURITY_DESCRIPTOR_CONTEXT;
typedef LARGE_INTEGER LUID, *PLUID;
typedef struct _LUID_AND_ATTRIBUTES
{
LUID Luid;
DWORD Attributes;
} LUID_AND_ATTRIBUTES, *PLUID_AND_ATTRIBUTES;
typedef struct _TOKEN_SOURCE
{
CHAR SourceName[8];
LARGE_INTEGER Unknown;
LUID SourceIdentifier;
} TOKEN_SOURCE, *PTOKEN_SOURCE;
typedef struct _ACCESS_TOKEN
{
TOKEN_SOURCE TokenSource; // 0x00
LUID TokenId; // 0x10
LUID AuthenticationId; // 0x18
LARGE_INTEGER ExpirationTime; // 0x20
LARGE_INTEGER ExpirationTime; // 0x20
LUID ModifiedId; // 0x28
ULONG UserAndGroupCount; // 0x30
ULONG PrivilegeCount; // 0x34
ULONG VariableLength; // 0x38
ULONG DynamicCharged; // 0x3C
ULONG DynamicAvailable; // 0x40
ULONG DefaultOwnerIndex; // 0x44
ULONG Unknown[2]; // 0x48
PLUID_AND_ATTRIBUTES Privileges; // 0x50
ULONG Unknown1; // 0x54
PACL DefaultDacl; // 0x58
ULONG UserAndGroupCount; // 0x30
ULONG PrivilegeCount; // 0x34
ULONG VariableLength; // 0x38
ULONG DynamicCharged; // 0x3C
ULONG DynamicAvailable; // 0x40
ULONG DefaultOwnerIndex; // 0x44
PSID_AND_ATTRIBUTES UserAndGroups; // 0x48
PSID PrimaryGroup; // 0x4C
PLUID_AND_ATTRIBUTES Privileges; // 0x50
ULONG Unknown1; // 0x54
PACL DefaultDacl; // 0x58
TOKEN_TYPE TokenType; // 0x5C
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel; // 0x60
UCHAR TokenFlags; // 0x64
@ -188,23 +121,28 @@ typedef struct _SECURITY_SUBJECT_CONTEXT
PVOID ProcessAuditId; // 0xC
} SECURITY_SUBJECT_CONTEXT, *PSECURITY_SUBJECT_CONTEXT;
typedef struct _SECURITY_DESCRIPTOR {
UCHAR Revision;
UCHAR Sbz1;
SECURITY_DESCRIPTOR_CONTROL Control;
PSID Owner;
PSID Group;
PACL Sacl;
PACL Dacl;
} SECURITY_DESCRIPTOR, *PSECURITY_DESCRIPTOR;
BOOLEAN STDCALL RtlValidSid (PSID Sid);
/*
* from ntoskrnl/se/token.c:
*/
extern struct _OBJECT_TYPE* SeTokenType;
typedef struct
{
ULONG Unknown1; // 0x0
SECURITY_IMPERSONATION_LEVEL Level; // 0x4
UCHAR ContextTrackingMode; // 0x8
UCHAR EffectiveOnly; // 0x9
UCHAR Unknown5; // 0xa
UCHAR Unknown6; // 0xb
PACCESS_TOKEN Token; // 0xc
UCHAR Unknown8; // 0x10
UCHAR Unknown9; // 0x11
UCHAR Unknown10; // 0x12
UCHAR Pad[1]; // 0x13
ULONG Unknown11; // 0x14
} SE_SOME_STRUCT2, *PSE_SOME_STRUCT2;
#endif

52
reactos/include/ddk/zw.h
View file

@ -1,5 +1,5 @@
/* $Id: zw.h,v 1.24 1999/12/18 17:48:21 dwelch Exp $
/* $Id: zw.h,v 1.25 2000/01/05 21:56:58 dwelch Exp $
*
* COPYRIGHT: See COPYING in the top level directory
* PROJECT: ReactOS kernel
@ -17,57 +17,7 @@
#ifndef __DDK_ZW_H
#define __DDK_ZW_H
#if defined(WIN32_LEAN_AND_MEAN) && !defined(TOKEN_INFORMATION_CLASS_DEFINED)
typedef enum _TOKEN_INFORMATION_CLASS {
TokenUser = 1,
TokenGroups,
TokenPrivileges,
TokenOwner,
TokenPrimaryGroup,
TokenDefaultDacl,
TokenSource,
TokenType,
TokenImpersonationLevel,
TokenStatistics
} TOKEN_INFORMATION_CLASS;
typedef struct _SID_AND_ATTRIBUTES {
PSID Sid;
DWORD Attributes;
} SID_AND_ATTRIBUTES ;
typedef SID_AND_ATTRIBUTES SID_AND_ATTRIBUTES_ARRAY[ANYSIZE_ARRAY];
typedef SID_AND_ATTRIBUTES_ARRAY *PSID_AND_ATTRIBUTES_ARRAY;
typedef struct _TOKEN_DEFAULT_DACL {
PACL DefaultDacl;
} TOKEN_DEFAULT_DACL, *PTOKEN_DEFAULT_DACL;
typedef struct _TOKEN_GROUPS {
DWORD GroupCount;
SID_AND_ATTRIBUTES Groups[ANYSIZE_ARRAY];
} TOKEN_GROUPS, *PTOKEN_GROUPS, *LPTOKEN_GROUPS;
typedef struct _TOKEN_OWNER {
PSID Owner;
} TOKEN_OWNER, *PTOKEN_OWNER;
typedef struct _TOKEN_PRIMARY_GROUP {
PSID PrimaryGroup;
} TOKEN_PRIMARY_GROUP, *PTOKEN_PRIMARY_GROUP;
typedef struct _TOKEN_PRIVILEGES {
DWORD PrivilegeCount;
LUID_AND_ATTRIBUTES Privileges[ANYSIZE_ARRAY];
} TOKEN_PRIVILEGES, *PTOKEN_PRIVILEGES, *LPTOKEN_PRIVILEGES;
typedef struct _TOKEN_USER {
SID_AND_ATTRIBUTES User;
} TOKEN_USER, *PTOKEN_USER;
#endif
#define LCID ULONG
#define SECURITY_INFORMATION ULONG

154
reactos/include/security.h Normal file
View file

@ -0,0 +1,154 @@
#ifndef __INCLUDE_SECURITY_H
#define __INCLUDE_SECURITY_H
typedef enum _TOKEN_INFORMATION_CLASS {
TokenUser = 1,
TokenGroups,
TokenPrivileges,
TokenOwner,
TokenPrimaryGroup,
TokenDefaultDacl,
TokenSource,
TokenType,
TokenImpersonationLevel,
TokenStatistics
} TOKEN_INFORMATION_CLASS;
typedef ULONG SECURITY_IMPERSONATION_LEVEL, *PSECURITY_IMPERSONATION_LEVEL;
#define SecurityAnonymous ((SECURITY_IMPERSONATION_LEVEL)1)
#define SecurityIdentification ((SECURITY_IMPERSONATION_LEVEL)2)
#define SecurityImpersonation ((SECURITY_IMPERSONATION_LEVEL)3)
#define SecurityDelegation ((SECURITY_IMPERSONATION_LEVEL)4)
typedef ULONG TOKEN_TYPE, *PTOKEN_TYPE;
#define TokenPrimary ((TOKEN_TYPE)1)
#define TokenImpersonation ((TOKEN_TYPE)2)
typedef ULONG ACCESS_MASK;
typedef ULONG ACCESS_MODE, *PACCESS_MODE;
typedef struct _SECURITY_QUALITY_OF_SERVICE {
DWORD Length;
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
/* SECURITY_CONTEXT_TRACKING_MODE ContextTrackingMode; */
WINBOOL ContextTrackingMode;
BOOLEAN EffectiveOnly;
} SECURITY_QUALITY_OF_SERVICE;
typedef SECURITY_QUALITY_OF_SERVICE* PSECURITY_QUALITY_OF_SERVICE;
typedef struct _ACE_HEADER
{
CHAR AceType;
CHAR AceFlags;
USHORT AceSize;
ACCESS_MASK AccessMask;
} ACE_HEADER, *PACE_HEADER;
typedef struct
{
ACE_HEADER Header;
} ACE, *PACE;
typedef struct _SID_IDENTIFIER_AUTHORITY
{
BYTE Value[6];
} SID_IDENTIFIER_AUTHORITY, *PSID_IDENTIFIER_AUTHORITY;
#define SECURITY_WORLD_SID_AUTHORITY {0,0,0,0,0,1}
typedef struct _SID
{
UCHAR Revision;
UCHAR SubAuthorityCount;
SID_IDENTIFIER_AUTHORITY IdentifierAuthority;
ULONG SubAuthority[1];
} SID, *PSID;
typedef struct _ACL {
UCHAR AclRevision;
UCHAR Sbz1;
USHORT AclSize;
USHORT AceCount;
USHORT Sbz2;
} ACL, *PACL;
typedef USHORT SECURITY_DESCRIPTOR_CONTROL, *PSECURITY_DESCRIPTOR_CONTROL;
typedef struct _SECURITY_DESCRIPTOR_CONTEXT
{
} SECURITY_DESCRIPTOR_CONTEXT, *PSECURITY_DESCRIPTOR_CONTEXT;
typedef LARGE_INTEGER LUID, *PLUID;
typedef struct _SECURITY_DESCRIPTOR {
UCHAR Revision;
UCHAR Sbz1;
SECURITY_DESCRIPTOR_CONTROL Control;
PSID Owner;
PSID Group;
PACL Sacl;
PACL Dacl;
} SECURITY_DESCRIPTOR, *PSECURITY_DESCRIPTOR;
typedef struct _LUID_AND_ATTRIBUTES
{
LUID Luid;
DWORD Attributes;
} LUID_AND_ATTRIBUTES, *PLUID_AND_ATTRIBUTES;
typedef struct _TOKEN_SOURCE {
CHAR SourceName[8];
LUID SourceIdentifier;
} TOKEN_SOURCE, *PTOKEN_SOURCE;
typedef struct _SID_AND_ATTRIBUTES {
PSID Sid;
DWORD Attributes;
} SID_AND_ATTRIBUTES, *PSID_AND_ATTRIBUTES;
typedef SID_AND_ATTRIBUTES SID_AND_ATTRIBUTES_ARRAY[ANYSIZE_ARRAY];
typedef SID_AND_ATTRIBUTES_ARRAY *PSID_AND_ATTRIBUTES_ARRAY;
typedef struct _TOKEN_USER {
SID_AND_ATTRIBUTES User;
} TOKEN_USER, *PTOKEN_USER;
typedef struct _TOKEN_PRIMARY_GROUP {
PSID PrimaryGroup;
} TOKEN_PRIMARY_GROUP, *PTOKEN_PRIMARY_GROUP;
typedef struct _TOKEN_GROUPS {
DWORD GroupCount;
SID_AND_ATTRIBUTES Groups[ANYSIZE_ARRAY];
} TOKEN_GROUPS, *PTOKEN_GROUPS, *LPTOKEN_GROUPS;
typedef struct _TOKEN_PRIVILEGES {
DWORD PrivilegeCount;
LUID_AND_ATTRIBUTES Privileges[ANYSIZE_ARRAY];
} TOKEN_PRIVILEGES, *PTOKEN_PRIVILEGES, *LPTOKEN_PRIVILEGES;
typedef struct _TOKEN_OWNER {
PSID Owner;
} TOKEN_OWNER, *PTOKEN_OWNER;
typedef struct _TOKEN_DEFAULT_DACL {
PACL DefaultDacl;
} TOKEN_DEFAULT_DACL, *PTOKEN_DEFAULT_DACL;
typedef struct _TOKEN_STATISTICS {
LUID TokenId;
LUID AuthenticationId;
LARGE_INTEGER ExpirationTime;
TOKEN_TYPE TokenType;
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
DWORD DynamicCharged;
DWORD DynamicAvailable;
DWORD GroupCount;
DWORD PrivilegeCount;
LUID ModifiedId;
} TOKEN_STATISTICS, *PTOKEN_STATISTICS;
#endif /* __INCLUDE_SECURITY_H */

52
reactos/include/structs.h
View file

@ -53,7 +53,7 @@ typedef union _ULARGE_INTEGER
ULONGLONG QuadPart;
} ULARGE_INTEGER, *PULARGE_INTEGER;
#include <ddk/setypes.h>
#include <security.h>
typedef struct _LIST_ENTRY {
struct _LIST_ENTRY *Flink;
@ -3880,15 +3880,6 @@ typedef struct _SHNAMEMAPPING {
int cchNewPath;
} SHNAMEMAPPING, *LPSHNAMEMAPPING;
typedef struct _SID_AND_ATTRIBUTES {
PSID Sid;
DWORD Attributes;
} SID_AND_ATTRIBUTES ;
typedef SID_AND_ATTRIBUTES SID_AND_ATTRIBUTES_ARRAY[ANYSIZE_ARRAY];
typedef SID_AND_ATTRIBUTES_ARRAY *PSID_AND_ATTRIBUTES_ARRAY;
typedef struct tagSOUNDSENTRY {
UINT cbSize;
DWORD dwFlags;
@ -4155,46 +4146,7 @@ typedef struct _TOKEN_CONTROL {
LUID ModifiedId;
TOKEN_SOURCE TokenSource;
} TOKEN_CONTROL, *PTOKEN_CONTROL ;
typedef struct _TOKEN_DEFAULT_DACL {
PACL DefaultDacl;
} TOKEN_DEFAULT_DACL, *PTOKEN_DEFAULT_DACL;
typedef struct _TOKEN_GROUPS {
DWORD GroupCount;
SID_AND_ATTRIBUTES Groups[ANYSIZE_ARRAY];
} TOKEN_GROUPS, *PTOKEN_GROUPS, *LPTOKEN_GROUPS;
typedef struct _TOKEN_OWNER {
PSID Owner;
} TOKEN_OWNER, *PTOKEN_OWNER;
typedef struct _TOKEN_PRIMARY_GROUP {
PSID PrimaryGroup;
} TOKEN_PRIMARY_GROUP, *PTOKEN_PRIMARY_GROUP;
typedef struct _TOKEN_PRIVILEGES {
DWORD PrivilegeCount;
LUID_AND_ATTRIBUTES Privileges[ANYSIZE_ARRAY];
} TOKEN_PRIVILEGES, *PTOKEN_PRIVILEGES, *LPTOKEN_PRIVILEGES;
typedef struct _TOKEN_STATISTICS {
LUID TokenId;
LUID AuthenticationId;
LARGE_INTEGER ExpirationTime;
TOKEN_TYPE TokenType;
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
DWORD DynamicCharged;
DWORD DynamicAvailable;
DWORD GroupCount;
DWORD PrivilegeCount;
LUID ModifiedId;
} TOKEN_STATISTICS, *PTOKEN_STATISTICS;
typedef struct _TOKEN_USER {
SID_AND_ATTRIBUTES User;
} TOKEN_USER, *PTOKEN_USER;
typedef struct {
UINT cbSize;
UINT uFlags;

2
reactos/lib/advapi32/sec/sec.c
View file

@ -18,7 +18,9 @@ GetSecurityDescriptorLength (
PSECURITY_DESCRIPTOR pSecurityDescriptor
)
{
#if 0
return RtlLengthSecurityDescriptor(pSecurityDescriptor);
#endif
}

2
reactos/ntoskrnl/io/queue.c
View file

@ -10,7 +10,7 @@
#include <ddk/ntddk.h>
#define NDEBUG
//#define NDEBUG
#include <internal/debug.h>
/* FUNCTIONS *****************************************************************/

2
reactos/ntoskrnl/ke/kqueue.c
View file

@ -12,7 +12,7 @@
#include <ddk/ntddk.h>
#define NDEBUG
//#define NDEBUG
#include <internal/debug.h>
/* FUNCTIONS *****************************************************************/

189
reactos/ntoskrnl/ps/create.c
View file

@ -1,4 +1,4 @@
/* $Id: create.c,v 1.6 1999/12/26 15:50:51 dwelch Exp $
/* $Id: create.c,v 1.7 2000/01/05 21:57:00 dwelch Exp $
*
* COPYRIGHT: See COPYING in the top level directory
* PROJECT: ReactOS kernel
@ -43,6 +43,193 @@ extern LIST_ENTRY PiThreadListHead;
/* FUNCTIONS ***************************************************************/
NTSTATUS PsAssignImpersonationToken(PETHREAD Thread,
HANDLE TokenHandle)
{
PACCESS_TOKEN Token;
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
NTSTATUS Status;
if (TokenHandle != NULL)
{
Status = ObReferenceObjectByHandle(TokenHandle,
0,
SeTokenType,
UserMode,
(PVOID*)&Token,
NULL);
if (!NT_SUCCESS(Status))
{
return(Status);
}
ImpersonationLevel = Token->ImpersonationLevel;
}
else
{
Token = NULL;
ImpersonationLevel = 0;
}
PsImpersonateClient(Thread,
Token,
0,
0,
ImpersonationLevel);
if (Token != NULL)
{
ObDereferenceObject(Token);
}
return(STATUS_SUCCESS);
}
VOID PsRevertToSelf(PETHREAD Thread)
{
if (Thread->ActiveImpersonationInfo != 0)
{
Thread->ActiveImpersonationInfo = 0;
ObDereferenceObject(Thread->ImpersonationInfo->Token);
}
}
VOID PsImpersonateClient(PETHREAD Thread,
PACCESS_TOKEN Token,
UCHAR b,
UCHAR c,
SECURITY_IMPERSONATION_LEVEL Level)
{
if (Token == 0)
{
if (Thread->ActiveImpersonationInfo != 0)
{
Thread->ActiveImpersonationInfo = 0;
if (Thread->ImpersonationInfo->Token != NULL)
{
ObDereferenceObject(Thread->ImpersonationInfo->Token);
}
}
return;
}
if (Thread->ActiveImpersonationInfo == 0 ||
Thread->ImpersonationInfo == NULL)
{
Thread->ImpersonationInfo = ExAllocatePool(NonPagedPool,
sizeof(PS_IMPERSONATION_INFO));
}
Thread->ImpersonationInfo->Level = Level;
Thread->ImpersonationInfo->Unknown2 = c;
Thread->ImpersonationInfo->Unknown1 = b;
Thread->ImpersonationInfo->Token = Token;
ObReferenceObjectByPointer(Token,
0,
SeTokenType,
KernelMode);
Thread->ActiveImpersonationInfo = 1;
}
PACCESS_TOKEN PsReferenceEffectiveToken(PETHREAD Thread,
PTOKEN_TYPE TokenType,
PUCHAR b,
PSECURITY_IMPERSONATION_LEVEL Level)
{
PEPROCESS Process;
PACCESS_TOKEN Token;
if (Thread->ActiveImpersonationInfo == 0)
{
Process = Thread->ThreadsProcess;
*TokenType = TokenPrimary;
*b = 0;
Token = Process->Token;
}
else
{
Token = Thread->ImpersonationInfo->Token;
*TokenType = TokenImpersonation;
*b = Thread->ImpersonationInfo->Unknown2;
*Level = Thread->ImpersonationInfo->Level;
}
return(Token);
}
NTSTATUS STDCALL NtImpersonateThread (IN HANDLE ThreadHandle,
IN HANDLE ThreadToImpersonateHandle,
IN PSECURITY_QUALITY_OF_SERVICE
SecurityQualityOfService)
{
PETHREAD Thread;
PETHREAD ThreadToImpersonate;
NTSTATUS Status;
SE_SOME_STRUCT2 b;
Status = ObReferenceObjectByHandle(ThreadHandle,
0,
PsThreadType,
UserMode,
(PVOID*)&Thread,
NULL);
if (!NT_SUCCESS(Status))
{
return(Status);
}
Status = ObReferenceObjectByHandle(ThreadToImpersonateHandle,
0,
PsThreadType,
UserMode,
(PVOID*)&ThreadToImpersonate,
NULL);
if (!NT_SUCCESS(Status))
{
ObDereferenceObject(Thread);
return(Status);
}
Status = SeCreateClientSecurity(ThreadToImpersonate,
SecurityQualityOfService,
0,
&b);
if (!NT_SUCCESS(Status))
{
ObDereferenceObject(Thread);
ObDereferenceObject(ThreadToImpersonate);
return(Status);
}
SeImpersonateClient(&b, Thread);
if (b.Token != NULL)
{
ObDereferenceObject(b.Token);
}
return(STATUS_SUCCESS);
}
NTSTATUS STDCALL NtOpenThreadToken(IN HANDLE ThreadHandle,
IN ACCESS_MASK DesiredAccess,
IN BOOLEAN OpenAsSelf,
OUT PHANDLE TokenHandle)
{
#if 0
PETHREAD Thread;
NTSTATUS Status;
PACCESS_TOKEN Token;
Status = ObReferenceObjectByHandle(ThreadHandle,
0,
PsThreadType,
UserMode,
(PVOID*)&Thread,
NULL);
if (!NT_SUCCESS(Status))
{
return(Status);
}
Token = PsReferencePrimaryToken(Thread->ThreadsProcess);
SepCreateImpersonationTokenDacl(Token);
#endif
return(STATUS_UNSUCCESSFUL);
}
PACCESS_TOKEN PsReferenceImpersonationToken(PETHREAD Thread,
PULONG Unknown1,
PULONG Unknown2,

22
reactos/ntoskrnl/ps/process.c
View file

@ -36,6 +36,28 @@ static ULONG PiNextProcessUniqueId = 0;
/* FUNCTIONS *****************************************************************/
NTSTATUS STDCALL NtOpenProcessToken(IN HANDLE ProcessHandle,
IN ACCESS_MASK DesiredAccess,
OUT PHANDLE TokenHandle)
{
PACCESS_TOKEN Token;
NTSTATUS Status;
Status = PsOpenTokenOfProcess(ProcessHandle,
&Token);
if (!NT_SUCCESS(Status))
{
return(Status);
}
Status = ObCreateHandle(PsGetCurrentProcess(),
Token,
DesiredAccess,
FALSE,
ProcessHandle);
ObDereferenceObject(Token);
return(Status);
}
PACCESS_TOKEN PsReferencePrimaryToken(PEPROCESS Process)
{
ObReferenceObjectByPointer(Process->Token,

171
reactos/ntoskrnl/ps/tinfo.c
View file

@ -17,98 +17,91 @@
/* FUNCTIONS *****************************************************************/
NTSTATUS
STDCALL
NtSetInformationThread (
HANDLE ThreadHandle,
THREADINFOCLASS ThreadInformationClass,
PVOID ThreadInformation,
ULONG ThreadInformationLength
)
NTSTATUS STDCALL NtSetInformationThread(HANDLE ThreadHandle,
THREADINFOCLASS ThreadInformationClass,
PVOID ThreadInformation,
ULONG ThreadInformationLength)
{
PETHREAD Thread;
NTSTATUS Status;
PTHREAD_BASIC_INFORMATION ThreadBasicInformationP;
PETHREAD Thread;
NTSTATUS Status;
PTHREAD_BASIC_INFORMATION ThreadBasicInformationP;
Status = ObReferenceObjectByHandle(
ThreadHandle,
THREAD_SET_INFORMATION,
PsThreadType,
UserMode,
(PVOID*) & Thread,
NULL
);
if (Status != STATUS_SUCCESS)
{
return Status;
}
switch (ThreadInformationClass)
{
case ThreadBasicInformation:
ThreadBasicInformationP =
(PTHREAD_BASIC_INFORMATION) ThreadInformation;
ThreadBasicInformationP->ExitStatus =
Thread->ExitStatus;
ThreadBasicInformationP->TebBaseAddress =
Thread->Tcb.Teb;
ThreadBasicInformationP->AffinityMask =
Thread->Tcb.Affinity;
ThreadBasicInformationP->BasePriority =
Thread->Tcb.BasePriority;
ThreadBasicInformationP->UniqueThreadId =
(ULONG) Thread->Cid.UniqueThread;
Status = STATUS_SUCCESS;
break;
case ThreadTimes:
break;
case ThreadPriority:
KeSetPriorityThread(
& Thread->Tcb,
* (KPRIORITY *) ThreadInformation
);
Status = STATUS_SUCCESS;
break;
case ThreadBasePriority:
break;
case ThreadAffinityMask:
break;
case ThreadImpersonationToken:
break;
case ThreadDescriptorTableEntry:
UNIMPLEMENTED;
break;
case ThreadEventPair:
UNIMPLEMENTED;
break;
case ThreadQuerySetWin32StartAddress:
break;
case ThreadZeroTlsCell:
break;
case ThreadPerformanceCount:
break;
case ThreadAmILastThread:
break;
case ThreadPriorityBoost:
break;
default:
Status = STATUS_UNSUCCESSFUL;
}
ObDereferenceObject(Thread);
Status = ObReferenceObjectByHandle(ThreadHandle,
THREAD_SET_INFORMATION,
PsThreadType,
UserMode,
(PVOID*)&Thread,
NULL);
if (!NT_SUCCESS(Status))
{
return Status;
}
switch (ThreadInformationClass)
{
case ThreadBasicInformation:
ThreadBasicInformationP =
(PTHREAD_BASIC_INFORMATION) ThreadInformation;
ThreadBasicInformationP->ExitStatus =
Thread->ExitStatus;
ThreadBasicInformationP->TebBaseAddress =
Thread->Tcb.Teb;
ThreadBasicInformationP->AffinityMask =
Thread->Tcb.Affinity;
ThreadBasicInformationP->BasePriority =
Thread->Tcb.BasePriority;
ThreadBasicInformationP->UniqueThreadId =
(ULONG) Thread->Cid.UniqueThread;
Status = STATUS_SUCCESS;
break;
case ThreadTimes:
break;
case ThreadPriority:
KeSetPriorityThread(&Thread->Tcb, *(KPRIORITY *)ThreadInformation);
Status = STATUS_SUCCESS;
break;
case ThreadBasePriority:
break;
case ThreadAffinityMask:
break;
case ThreadImpersonationToken:
Status = PsAssignImpersonationToken(Thread,
*((PHANDLE)ThreadInformation));
break;
case ThreadDescriptorTableEntry:
UNIMPLEMENTED;
break;
case ThreadEventPair:
UNIMPLEMENTED;
break;
case ThreadQuerySetWin32StartAddress:
break;
case ThreadZeroTlsCell:
break;
case ThreadPerformanceCount:
break;
case ThreadAmILastThread:
break;
case ThreadPriorityBoost:
break;
default:
Status = STATUS_UNSUCCESSFUL;
}
ObDereferenceObject(Thread);
return Status;
}

4
reactos/ntoskrnl/se/acl.c
View file

@ -1,4 +1,4 @@
/* $Id: acl.c,v 1.2 1999/12/26 17:22:19 ea Exp $
/* $Id: acl.c,v 1.3 2000/01/05 21:57:00 dwelch Exp $
*
* COPYRIGHT: See COPYING in the top level directory
* PROJECT: ReactOS kernel
@ -94,7 +94,7 @@ NTSTATUS RtlpAddKnownAce(PACL Acl,
Ace->Header.AceType = Type;
Ace->Header.AceSize = RtlLengthSid(Sid) + sizeof(ACE);
Ace->Header.AccessMask = AccessMask;
RtlCopySid(RtlLengthSid(Sid), Sid, (PSID)Ace + 1);
RtlCopySid(RtlLengthSid(Sid), (PSID)Ace + 1, Sid);
Acl->AceCount++;
Acl->AclRevision = Revision;
return(STATUS_SUCCESS);

389
reactos/ntoskrnl/se/semgr.c
View file

@ -1,4 +1,4 @@
/* $Id: semgr.c,v 1.13 1999/12/26 17:22:19 ea Exp $
/* $Id: semgr.c,v 1.14 2000/01/05 21:57:00 dwelch Exp $
*
* COPYRIGHT: See COPYING in the top level directory
* PROJECT: ReactOS kernel
@ -17,6 +17,266 @@
/* FUNCTIONS ***************************************************************/
VOID SepReferenceLogonSession(PLUID AuthenticationId)
{
UNIMPLEMENTED;
}
VOID SepDeReferenceLogonSession(PLUID AuthenticationId)
{
UNIMPLEMENTED;
}
VOID SepFreeProxyData(PVOID ProxyData)
{
UNIMPLEMENTED;
}
NTSTATUS SepCopyProxyData(PVOID* Dest, PVOID Src)
{
UNIMPLEMENTED;
}
NTSTATUS SepDuplicationToken(PACCESS_TOKEN Token,
PULONG a,
ULONG b,
TOKEN_TYPE TokenType,
SECURITY_IMPERSONATION_LEVEL Level,
ULONG d,
PACCESS_TOKEN* e)
{
#if 0
PVOID mem1;
PVOID mem2;
PVOID f;
PACCESS_TOKEN g;
NTSTATUS Status;
if (TokenType == 2 &&
(Level > 3 || Level < 0))
{
return(STATUS_UNSUCCESSFUL);
}
SepReferenceLogonSession(&Token->AuthenticationId);
mem1 = ExAllocatePool(NonPagedPool, Token->DynamicCharged);
if (mem1 == NULL)
{
SepDeReferenceLogonSession(&Token->AuthenticationId);
return(STATUS_UNSUCCESSFUL);
}
if (Token->ProxyData != NULL)
{
Status = SepCopyProxyData(&f, Token->ProxyData);
if (!NT_SUCCESS(Status))
{
SepDeReferenceLogonSession(&Token->AuthenticationId);
ExFreePool(mem1);
return(Status);
}
}
else
{
f = 0;
}
if (Token->AuditData != NULL)
{
mem2 = ExAllocatePool(NonPagedPool, 0xc);
if (mem2 == NULL)
{
SepFreeProxyData(f);
SepDeReferenceLogonSession(&Token->AuthenticationId);
ExFreePool(mem1);
return(STATUS_UNSUCCESSFUL);
}
memcpy(mem2, Token->AuditData, 0xc);
}
else
{
mem2 = NULL;
}
Status = ObCreateObject(d,
SeTokenType,
b,
d,
0,
Token->VariableLength + 0x78,
Token->DynamicCharged,
Token->VariableLength + 0x78,
&g);
if (!NT_SUCCESS(Status))
{
SepDeReferenceLogonSession(Token->AuthenticationId);
ExFreePool(mem1);
SepFreeProxyData(f);
if (mem2 != NULL)
{
ExFreePool(mem2);
}
return(Status);
}
g->TokenId = Token->TokenId;
g->ModifiedId = Token->ModifiedId;
g->ExpirationTime = Token->ExpirationTime;
memcpy(&g->TokenSource, &Token->TokenSource, sizeof(TOKEN_SOURCE));
g->DynamicCharged = Token->DynamicCharged;
g->DynamicAvailable = Token->DynamicAvailable;
g->DefaultOwnerIndex = Token->DefaultOwnerIndex;
g->UserAndGroupCount = Token->UserAndGroupCount;
g->PrivilegeCount = Token->PrivilegeCount;
g->VariableLength = Token->VariableLength;
g->TokenFlags = Token->TokenFlags;
g->ProxyData = f;
g->AuditData = mem2;
//g->TokenId = ExInterlockedExchangeAdd();
g->TokenInUse = 0;
g->TokenType = TokenType;
g->ImpersonationLevel = Level;
memmove(g->VariablePart, Token->VariablePart, Token->VariableLength);
/* ... */
*e = g;
return(STATUS_SUCCESS);
#endif
UNIMPLEMENTED;
}
NTSTATUS SeCopyClientToken(PACCESS_TOKEN Token,
SECURITY_IMPERSONATION_LEVEL Level,
ULONG a,
PACCESS_TOKEN* b)
{
ULONG c;
PACCESS_TOKEN d;
NTSTATUS Status;
c = 18;
Status = SepDuplicationToken(Token,
&c,
0,
TokenImpersonation,
Level,
a,
&d);
*b = d;
return(Status);
}
NTSTATUS SeCreateClientSecurity(PETHREAD Thread,
PSECURITY_QUALITY_OF_SERVICE Qos,
ULONG e,
PSE_SOME_STRUCT2 f)
{
TOKEN_TYPE TokenType;
UCHAR b;
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
PACCESS_TOKEN Token;
ULONG g;
PACCESS_TOKEN NewToken;
Token = PsReferenceEffectiveToken(Thread,
&TokenType,
&b,
&ImpersonationLevel);
if (TokenType != 2)
{
f->Unknown9 = Qos->EffectiveOnly;
}
else
{
if (Qos->ImpersonationLevel > ImpersonationLevel)
{
if (Token != NULL)
{
ObDereferenceObject(Token);
}
return(STATUS_UNSUCCESSFUL);
}
if (ImpersonationLevel == 0 ||
ImpersonationLevel == 1 ||
(e != 0 && ImpersonationLevel != 3))
{
if (Token != NULL)
{
ObDereferenceObject(Token);
}
return(STATUS_UNSUCCESSFUL);
}
if (b != 0 ||
Qos->EffectiveOnly != 0)
{
f->Unknown9 = 1;
}
else
{
f->Unknown9 = 0;
}
}
if (Qos->ContextTrackingMode == 0)
{
f->Unknown8 = 0;
g = SeCopyClientToken(Token, ImpersonationLevel, 0, &NewToken);
if (g >= 0)
{
// ObDeleteCapturedInsertInfo(NewToken);
}
if (TokenType == TokenPrimary || Token != NULL)
{
ObDereferenceObject(Token);
}
if (g < 0)
{
return(g);
}
}
else
{
f->Unknown8 = 1;
if (e != 0)
{
// SeGetTokenControlInformation(Token, &f->Unknown11);
}
NewToken = Token;
}
f->Unknown1 = 0xc;
f->Level = Qos->ImpersonationLevel;
f->ContextTrackingMode = Qos->ContextTrackingMode;
f->EffectiveOnly = Qos->EffectiveOnly;
f->Unknown10 = e;
f->Token = NewToken;
return(STATUS_SUCCESS);
}
VOID SeImpersonateClient(PSE_SOME_STRUCT2 a,
PETHREAD Thread)
{
UCHAR b;
if (a->Unknown8 == 0)
{
b = a->EffectiveOnly;
}
else
{
b = a->Unknown9;
}
if (Thread == NULL)
{
Thread = PsGetCurrentThread();
}
PsImpersonateClient(Thread,
a->Token,
1,
(ULONG)b,
a->Level);
}
NTSTATUS STDCALL NtPrivilegeCheck (IN HANDLE ClientToken,
@ -27,15 +287,12 @@ NTSTATUS STDCALL NtPrivilegeCheck (IN HANDLE ClientToken,
}
NTSTATUS
STDCALL
NtPrivilegedServiceAuditAlarm (
IN PUNICODE_STRING SubsystemName,
IN PUNICODE_STRING ServiceName,
IN HANDLE ClientToken,
IN PPRIVILEGE_SET Privileges,
IN BOOLEAN AccessGranted
)
NTSTATUS STDCALL NtPrivilegedServiceAuditAlarm(
IN PUNICODE_STRING SubsystemName,
IN PUNICODE_STRING ServiceName,
IN HANDLE ClientToken,
IN PPRIVILEGE_SET Privileges,
IN BOOLEAN AccessGranted)
{
UNIMPLEMENTED;
}
@ -74,44 +331,6 @@ NtOpenObjectAuditAlarm (
UNIMPLEMENTED;
}
NTSTATUS
STDCALL
NtOpenProcessToken (
IN HANDLE ProcessHandle,
IN ACCESS_MASK DesiredAccess,
OUT PHANDLE TokenHandle
)
{
UNIMPLEMENTED;
}
NTSTATUS
STDCALL
NtOpenThreadToken (
IN HANDLE ThreadHandle,
IN ACCESS_MASK DesiredAccess,
IN BOOLEAN OpenAsSelf,
OUT PHANDLE TokenHandle
)
{
UNIMPLEMENTED;
}
NTSTATUS STDCALL NtImpersonateThread (IN HANDLE ThreadHandle,
IN HANDLE ThreadToImpersonate,
IN PSECURITY_QUALITY_OF_SERVICE
SecurityQualityOfService)
{
UNIMPLEMENTED;
}
NTSTATUS
STDCALL
NtAccessCheckAndAuditAlarm (
@ -130,33 +349,6 @@ NtAccessCheckAndAuditAlarm (
}
NTSTATUS
STDCALL
NtAdjustGroupsToken (
IN HANDLE TokenHandle,
IN BOOLEAN ResetToDefault,
IN PTOKEN_GROUPS NewState,
IN ULONG BufferLength,
OUT PTOKEN_GROUPS PreviousState OPTIONAL,
OUT PULONG ReturnLength
)
{
UNIMPLEMENTED;
}
NTSTATUS
STDCALL
NtAdjustPrivilegesToken(IN HANDLE TokenHandle,
IN BOOLEAN DisableAllPrivileges,
IN PTOKEN_PRIVILEGES NewState,
IN ULONG BufferLength,
OUT PTOKEN_PRIVILEGES PreviousState,
OUT PULONG ReturnLength)
{
UNIMPLEMENTED;
}
NTSTATUS
STDCALL
NtAllocateUuids (
@ -202,7 +394,11 @@ NtDeleteObjectAuditAlarm (
VOID STDCALL SeReleaseSubjectContext (PSECURITY_SUBJECT_CONTEXT SubjectContext)
{
ObDereferenceObject(SubjectContext->PrimaryToken);
if (SubjectContext->ClientToken != NULL)
{
ObDereferenceObject(SubjectContext->ClientToken);
}
}
VOID STDCALL SeCaptureSubjectContext (PSECURITY_SUBJECT_CONTEXT SubjectContext)
@ -337,17 +533,42 @@ NTSTATUS STDCALL SeDeassignSecurity(PSECURITY_DESCRIPTOR* SecurityDescriptor)
}
NTSTATUS STDCALL SeAssignSecurity(PSECURITY_DESCRIPTOR ParentDescriptor,
PSECURITY_DESCRIPTOR ExplicitDescriptor,
BOOLEAN IsDirectoryObject,
PSECURITY_SUBJECT_CONTEXT SubjectContext,
PGENERIC_MAPPING GenericMapping,
POOL_TYPE PoolType)
PSECURITY_DESCRIPTOR ExplicitDescriptor,
BOOLEAN IsDirectoryObject,
PSECURITY_SUBJECT_CONTEXT SubjectContext,
PGENERIC_MAPPING GenericMapping,
POOL_TYPE PoolType)
{
UNIMPLEMENTED;
}
BOOLEAN SepSidInToken(PACCESS_TOKEN Token,
PSID Sid)
{
ULONG i;
if (Token->UserAndGroupCount == 0)
{
return(FALSE);
}
for (i=0; i<Token->UserAndGroupCount; i++)
{
if (RtlEqualSid(Sid, Token->UserAndGroups[i].Sid))
{
if (i == 0 ||
(!(Token->UserAndGroups[i].Attributes & 0x4)))
{
return(TRUE);
}
return(FALSE);
}
}
return(FALSE);
}
BOOLEAN STDCALL SeAccessCheck (IN PSECURITY_DESCRIPTOR SecurityDescriptor,
IN PSECURITY_DESCRIPTOR_CONTEXT SubjectSecurityContext,
IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext,
IN BOOLEAN SubjectContextLocked,
IN ACCESS_MASK DesiredAccess,
IN ACCESS_MASK PreviouslyGrantedAccess,
@ -406,7 +627,7 @@ BOOLEAN STDCALL SeAccessCheck (IN PSECURITY_DESCRIPTOR SecurityDescriptor,
Sid = (PSID)(CurrentAce + 1);
if (CurrentAce->Header.AceType == ACCESS_DENIED_ACE_TYPE)
{
if (RtlEqualSid(Sid, NULL))
if (SepSidInToken(SubjectSecurityContext->ClientToken, Sid))
{
*AccessStatus = STATUS_ACCESS_DENIED;
*GrantedAccess = 0;
@ -415,7 +636,7 @@ BOOLEAN STDCALL SeAccessCheck (IN PSECURITY_DESCRIPTOR SecurityDescriptor,
}
if (CurrentAce->Header.AceType == ACCESS_ALLOWED_ACE_TYPE)
{
if (RtlEqualSid(Sid, NULL))
if (SepSidInToken(SubjectSecurityContext->ClientToken, Sid))
{
CurrentAccess = CurrentAccess |
CurrentAce->Header.AccessMask;

5
reactos/ntoskrnl/se/sid.c
View file

@ -1,4 +1,4 @@
/* $Id: sid.c,v 1.2 1999/12/26 17:22:19 ea Exp $
/* $Id: sid.c,v 1.3 2000/01/05 21:57:00 dwelch Exp $
*
* COPYRIGHT: See COPYING in the top level directory
* PROJECT: ReactOS kernel
@ -79,8 +79,7 @@ ULONG STDCALL RtlLengthSid (PSID Sid)
return(sizeof(SID) + (Sid->SubAuthorityCount-1)*4);
}
NTSTATUS STDCALL RtlCopySid (ULONG BufferLength, PSID Src, PSID Dest)
NTSTATUS STDCALL RtlCopySid (ULONG BufferLength, PSID Dest, PSID Src)
{
if (BufferLength < RtlLengthSid(Src))
{

173
reactos/ntoskrnl/se/token.c
View file

@ -1,4 +1,4 @@
/* $Id: token.c,v 1.2 1999/12/26 17:22:19 ea Exp $
/* $Id: token.c,v 1.3 2000/01/05 21:57:00 dwelch Exp $
*
* COPYRIGHT: See COPYING in the top level directory
* PROJECT: ReactOS kernel
@ -47,6 +47,36 @@ VOID SeInitializeTokenManager(VOID)
}
NTSTATUS RtlCopySidAndAttributesArray(ULONG Count, // ebp + 8
PSID_AND_ATTRIBUTES Src, // ebp + C
ULONG MaxLength, // ebp + 10
PSID_AND_ATTRIBUTES Dest, // ebp + 14
PVOID e, // ebp + 18
PVOID* f, // ebp + 1C
PULONG g) // ebp + 20
{
ULONG Length; // ebp - 4
ULONG i;
Length = MaxLength;
for (i=0; i<Count; i++)
{
if (RtlLengthSid(Src[i].Sid) > Length)
{
return(STATUS_UNSUCCESSFUL);
}
Length = Length - RtlLengthSid(Src[i].Sid);
Dest[i].Sid = e;
Dest[i].Attributes = Src[i].Attributes;
RtlCopySid(RtlLengthSid(Src[i].Sid), e, Src[i].Sid);
e = e + RtlLengthSid(Src[i].Sid) + sizeof(ULONG);
}
*f = e;
*g = Length;
return(STATUS_SUCCESS);
}
NTSTATUS STDCALL NtQueryInformationToken(IN HANDLE TokenHandle,
IN TOKEN_INFORMATION_CLASS
TokenInformationClass,
@ -56,9 +86,13 @@ NTSTATUS STDCALL NtQueryInformationToken(IN HANDLE TokenHandle,
{
NTSTATUS Status;
PACCESS_TOKEN Token;
PVOID UnusedInfo;
PVOID EndMem;
PTOKEN_GROUPS PtrTokenGroups;
PTOKEN_DEFAULT_DACL PtrDefaultDacl;
PTOKEN_STATISTICS PtrTokenStatistics;
Status = ObReferenceObjectByHandle(TokenHandle,
// TOKEN_QUERY_INFORMATION,
0,
SeTokenType,
UserMode,
@ -69,6 +103,98 @@ NTSTATUS STDCALL NtQueryInformationToken(IN HANDLE TokenHandle,
return(Status);
}
switch (TokenInformationClass)
{
case TokenUser:
Status = RtlCopySidAndAttributesArray(1,
Token->UserAndGroups,
TokenInformationLength,
TokenInformation,
TokenInformation + 8,
&UnusedInfo,
ReturnLength);
if (!NT_SUCCESS(Status))
{
ObDereferenceObject(Token);
return(Status);
}
break;
case TokenGroups:
EndMem = TokenInformation +
Token->UserAndGroupCount * sizeof(SID_AND_ATTRIBUTES);
PtrTokenGroups = (PTOKEN_GROUPS)TokenInformation;
PtrTokenGroups->GroupCount = Token->UserAndGroupCount - 1;
Status = RtlCopySidAndAttributesArray(Token->UserAndGroupCount - 1,
&Token->UserAndGroups[1],
TokenInformationLength,
PtrTokenGroups->Groups,
EndMem,
&UnusedInfo,
ReturnLength);
if (!NT_SUCCESS(Status))
{
ObDereferenceObject(Token);
return(Status);
}
break;
case TokenPrivileges:
break;
case TokenOwner:
((PTOKEN_OWNER)TokenInformation)->Owner =
(PSID)(((PTOKEN_OWNER)TokenInformation) + 1);
RtlCopySid(TokenInformationLength - sizeof(TOKEN_OWNER),
((PTOKEN_OWNER)TokenInformation)->Owner,
Token->UserAndGroups[Token->DefaultOwnerIndex].Sid);
break;
case TokenPrimaryGroup:
((PTOKEN_PRIMARY_GROUP)TokenInformation)->PrimaryGroup =
(PSID)(((PTOKEN_PRIMARY_GROUP)TokenInformation) + 1);
RtlCopySid(TokenInformationLength - sizeof(TOKEN_OWNER),
((PTOKEN_PRIMARY_GROUP)TokenInformation)->PrimaryGroup,
Token->PrimaryGroup);
break;
case TokenDefaultDacl:
PtrDefaultDacl = (PTOKEN_DEFAULT_DACL)TokenInformation;
PtrDefaultDacl->DefaultDacl = (PACL)(PtrDefaultDacl + 1);
memmove(PtrDefaultDacl->DefaultDacl,
Token->DefaultDacl,
Token->DefaultDacl->AclSize);
break;
case TokenSource:
memcpy(TokenInformation, &Token->TokenSource, sizeof(TOKEN_SOURCE));
break;
case TokenType:
*((PTOKEN_TYPE)TokenInformation) = Token->TokenType;
break;
case TokenImpersonationLevel:
*((PSECURITY_IMPERSONATION_LEVEL)TokenInformation) =
Token->ImpersonationLevel;
break;
case TokenStatistics:
PtrTokenStatistics = (PTOKEN_STATISTICS)TokenInformation;
PtrTokenStatistics->TokenId = Token->TokenId;
PtrTokenStatistics->AuthenticationId = Token->AuthenticationId;
PtrTokenStatistics->ExpirationTime = Token->ExpirationTime;
PtrTokenStatistics->TokenType = Token->TokenType;
PtrTokenStatistics->ImpersonationLevel = Token->ImpersonationLevel;
PtrTokenStatistics->DynamicCharged = Token->DynamicCharged;
PtrTokenStatistics->DynamicAvailable = Token->DynamicAvailable;
PtrTokenStatistics->GroupCount = Token->UserAndGroupCount - 1;
PtrTokenStatistics->PrivilegeCount = Token->PrivilegeCount;
PtrTokenStatistics->ModifiedId = Token->ModifiedId;
break;
}
ObDereferenceObject(Token);
return(STATUS_SUCCESS);
}
@ -102,6 +228,29 @@ NtDuplicateToken (
UNIMPLEMENTED;
}
NTSTATUS STDCALL NtAdjustGroupsToken(IN HANDLE TokenHandle,
IN BOOLEAN ResetToDefault,
IN PTOKEN_GROUPS NewState,
IN ULONG BufferLength,
OUT PTOKEN_GROUPS PreviousState OPTIONAL,
OUT PULONG ReturnLength)
{
UNIMPLEMENTED;
}
NTSTATUS
STDCALL
NtAdjustPrivilegesToken(IN HANDLE TokenHandle,
IN BOOLEAN DisableAllPrivileges,
IN PTOKEN_PRIVILEGES NewState,
IN ULONG BufferLength,
OUT PTOKEN_PRIVILEGES PreviousState,
OUT PULONG ReturnLength)
{
UNIMPLEMENTED;
}
NTSTATUS STDCALL NtCreateToken(OUT PHANDLE TokenHandle,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes,
@ -116,7 +265,25 @@ NTSTATUS STDCALL NtCreateToken(OUT PHANDLE TokenHandle,
IN PTOKEN_DEFAULT_DACL TokenDefaultDacl,
IN PTOKEN_SOURCE TokenSource)
{
UNIMPLEMENTED;
#if 0
PACCESS_TOKEN AccessToken;
NTSTATUS Status;
Status = ObCreateObject(TokenHandle,
DesiredAccess,
ObjectAttributes,
SeTokenType);
if (!NT_SUCCESS(Status))
{
return(Status);
}
AccessToken->TokenType = TokenType;
RtlCopyLuid(&AccessToken->AuthenticationId, AuthenticationId);
AccessToken->ExpirationTime = *ExpirationTime;
AccessToken->
#endif
UNIMPLEMENTED;
}