Implemented more security functions

Moved general security types into new header file
Implemented ThreadImpersonationToken info class
Bug fixes to queuing code

svn path=/trunk/; revision=919
This commit is contained in:
David Welch 2000-01-05 21:57:00 +00:00
parent 453f513ed3
commit 623093eaaa
18 changed files with 1016 additions and 431 deletions

View file

@ -88,17 +88,6 @@ typedef CHAR *PCH;
typedef void *HANDLE;
typedef char CCHAR;
typedef enum _SECURITY_IMPERSONATION_LEVEL {
SecurityAnonymous,
SecurityIdentification,
SecurityImpersonation,
SecurityDelegation
} SECURITY_IMPERSONATION_LEVEL;
typedef enum tagTOKEN_TYPE {
TokenPrimary = 1,
TokenImpersonation
} TOKEN_TYPE;
#define FALSE 0
#define TRUE 1
@ -403,21 +392,6 @@ typedef enum _SID_NAME_USE {
SidTypeUnknown
} SID_NAME_USE, *PSID_NAME_USE;
#define TOKEN_INFORMATION_CLASS_DEFINED 1
typedef enum _TOKEN_INFORMATION_CLASS {
TokenUser = 1,
TokenGroups,
TokenPrivileges,
TokenOwner,
TokenPrimaryGroup,
TokenDefaultDacl,
TokenSource,
TokenType,
TokenImpersonationLevel,
TokenStatistics
} TOKEN_INFORMATION_CLASS;
#endif /* ! defined (RC_INVOKED) */
/*

View file

@ -1,4 +1,11 @@
PACCESS_TOKEN PsReferenceEffectiveToken(PETHREAD Thread,
PTOKEN_TYPE TokenType,
PUCHAR b,
PSECURITY_IMPERSONATION_LEVEL Level);
NTSTATUS PsOpenTokenOfProcess(HANDLE ProcessHandle,
PACCESS_TOKEN* Token);
HANDLE PsGetCurrentProcessId(VOID);
HANDLE PsGetCurrentThreadId(VOID);
@ -41,3 +48,11 @@ PACCESS_TOKEN PsReferenceImpersonationToken(PETHREAD Thread,
SECURITY_IMPERSONATION_LEVEL*
Level);
PACCESS_TOKEN PsReferencePrimaryToken(PEPROCESS Process);
NTSTATUS PsAssignImpersonationToken(PETHREAD Thread,
HANDLE TokenHandle);
VOID PsImpersonateClient(PETHREAD Thread,
PACCESS_TOKEN Token,
UCHAR b,
UCHAR c,
SECURITY_IMPERSONATION_LEVEL Level);

View file

@ -271,30 +271,31 @@ typedef struct _TOP_LEVEL_IRP
typedef struct
{
PACCESS_TOKEN Token;
UCHAR Unknown1;
UCHAR Unknown2;
UCHAR Pad[2];
SECURITY_IMPERSONATION_LEVEL Level;
} IMPERSONATION_INFO, *PIMPERSONATION_INFO;
PACCESS_TOKEN Token; // 0x0
UCHAR Unknown1; // 0x4
UCHAR Unknown2; // 0x5
UCHAR Pad[2]; // 0x6
SECURITY_IMPERSONATION_LEVEL Level; // 0x8
} PS_IMPERSONATION_INFO, *PPS_IMPERSONATION_INFO;
typedef struct _ETHREAD {
KTHREAD Tcb;
TIME CreateTime;
TIME ExitTime;
NTSTATUS ExitStatus;
LIST_ENTRY PostBlockList;
LIST_ENTRY TerminationPortList;
ULONG ActiveTimerListLock;
PVOID ActiveTimerListHead;
CLIENT_ID Cid;
PLARGE_INTEGER LpcReplySemaphore;
PVOID LpcReplyMessage;
PLARGE_INTEGER LpcReplyMessageId;
PIMPERSONATION_INFO ImpersonationInfo;
LIST_ENTRY IrpList; //
TOP_LEVEL_IRP TopLevelIrp;
ULONG ReadClusterSize;
typedef struct _ETHREAD
{
KTHREAD Tcb;
TIME CreateTime;
TIME ExitTime;
NTSTATUS ExitStatus;
LIST_ENTRY PostBlockList;
LIST_ENTRY TerminationPortList;
ULONG ActiveTimerListLock;
PVOID ActiveTimerListHead;
CLIENT_ID Cid;
PLARGE_INTEGER LpcReplySemaphore;
PVOID LpcReplyMessage;
PLARGE_INTEGER LpcReplyMessageId;
PPS_IMPERSONATION_INFO ImpersonationInfo;
LIST_ENTRY IrpList; //
TOP_LEVEL_IRP TopLevelIrp;
ULONG ReadClusterSize;
UCHAR ForwardClusterOnly;
UCHAR DisablePageFaultClustering;
UCHAR DeadThread;

View file

@ -1,6 +1,6 @@
#ifndef _INCLUDE_DDK_SEFUNCS_H
#define _INCLUDE_DDK_SEFUNCS_H
/* $Id: sefuncs.h,v 1.3 1999/12/26 17:22:18 ea Exp $ */
/* $Id: sefuncs.h,v 1.4 2000/01/05 21:56:58 dwelch Exp $ */
NTSTATUS STDCALL RtlCreateSecurityDescriptor (PSECURITY_DESCRIPTOR SecurityDescriptor, ULONG Revision);
BOOLEAN STDCALL RtlValidSecurityDescriptor (PSECURITY_DESCRIPTOR SecurityDescriptor);
ULONG STDCALL RtlLengthSecurityDescriptor (PSECURITY_DESCRIPTOR SecurityDescriptor);
@ -16,7 +16,7 @@ PULONG STDCALL RtlSubAuthoritySid (PSID Sid, ULONG SubAuthority);
BOOLEAN STDCALL RtlEqualSid(PSID Sid1, PSID Sid2);
NTSTATUS STDCALL RtlAbsoluteToSelfRelativeSD (PSECURITY_DESCRIPTOR AbsSD, PSECURITY_DESCRIPTOR RelSD, PULONG BufferLength);
BOOLEAN STDCALL SeAccessCheck (IN PSECURITY_DESCRIPTOR SecurityDescriptor,
IN PSECURITY_DESCRIPTOR_CONTEXT SubjectSecurityContext,
IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext,
IN BOOLEAN SubjectContextLocked,
IN ACCESS_MASK DesiredAccess,
IN ACCESS_MASK PreviouslyGrantedAccess,
@ -35,4 +35,14 @@ NTSTATUS STDCALL SeDeassignSecurity (PSECURITY_DESCRIPTOR* SecurityDescriptor);
BOOLEAN STDCALL SeSinglePrivilegeCheck (LUID PrivilegeValue, KPROCESSOR_MODE PreviousMode);
ULONG STDCALL RtlLengthSid (PSID Sid);
NTSTATUS STDCALL RtlCopySid(ULONG BufferLength, PSID Src, PSID Dest);
VOID SeImpersonateClient(PSE_SOME_STRUCT2 a,
PETHREAD Thread);
NTSTATUS SeCreateClientSecurity(PETHREAD Thread,
PSECURITY_QUALITY_OF_SERVICE Qos,
ULONG e,
PSE_SOME_STRUCT2 f);
#endif /* ndef _INCLUDE_DDK_SEFUNCS_H */

View file

@ -1,4 +1,4 @@
/* $Id: setypes.h,v 1.3 1999/12/26 17:22:18 ea Exp $
/* $Id: setypes.h,v 1.4 2000/01/05 21:56:58 dwelch Exp $
*
* COPYRIGHT: See COPYING in the top level directory for details
* PROJECT: ReactOS kernel
@ -12,6 +12,8 @@
#ifndef __INCLUDE_DDK_SETYPES_H
#define __INCLUDE_DDK_SETYPES_H
#include <security.h>
/* SID */
#define SECURITY_NULL_RID (0L)
#define SECURITY_WORLD_RID (0L)
@ -82,93 +84,24 @@
#define SE_PRIVILEGE_USED_FOR_ACCESS (0x80000000L)
#define PRIVILEGE_SET_ALL_NECESSARY (0x1)
typedef ULONG ACCESS_MASK;
typedef ULONG ACCESS_MODE, *PACCESS_MODE;
typedef struct _SECURITY_QUALITY_OF_SERVICE {
DWORD Length;
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
/* SECURITY_CONTEXT_TRACKING_MODE ContextTrackingMode; */
WINBOOL ContextTrackingMode;
BOOLEAN EffectiveOnly;
} SECURITY_QUALITY_OF_SERVICE;
typedef SECURITY_QUALITY_OF_SERVICE* PSECURITY_QUALITY_OF_SERVICE;
typedef struct _ACE_HEADER
{
CHAR AceType;
CHAR AceFlags;
USHORT AceSize;
ACCESS_MASK AccessMask;
} ACE_HEADER, *PACE_HEADER;
typedef struct
{
ACE_HEADER Header;
} ACE, *PACE;
typedef struct _SID_IDENTIFIER_AUTHORITY
{
BYTE Value[6];
} SID_IDENTIFIER_AUTHORITY, *PSID_IDENTIFIER_AUTHORITY;
#define SECURITY_WORLD_SID_AUTHORITY {0,0,0,0,0,1}
typedef struct _SID
{
UCHAR Revision;
UCHAR SubAuthorityCount;
SID_IDENTIFIER_AUTHORITY IdentifierAuthority;
ULONG SubAuthority[1];
} SID, *PSID;
typedef struct _ACL {
UCHAR AclRevision;
UCHAR Sbz1;
USHORT AclSize;
USHORT AceCount;
USHORT Sbz2;
} ACL, *PACL;
typedef USHORT SECURITY_DESCRIPTOR_CONTROL, *PSECURITY_DESCRIPTOR_CONTROL;
typedef struct _SECURITY_DESCRIPTOR_CONTEXT
{
} SECURITY_DESCRIPTOR_CONTEXT, *PSECURITY_DESCRIPTOR_CONTEXT;
typedef LARGE_INTEGER LUID, *PLUID;
typedef struct _LUID_AND_ATTRIBUTES
{
LUID Luid;
DWORD Attributes;
} LUID_AND_ATTRIBUTES, *PLUID_AND_ATTRIBUTES;
typedef struct _TOKEN_SOURCE
{
CHAR SourceName[8];
LARGE_INTEGER Unknown;
LUID SourceIdentifier;
} TOKEN_SOURCE, *PTOKEN_SOURCE;
typedef struct _ACCESS_TOKEN
{
TOKEN_SOURCE TokenSource; // 0x00
LUID TokenId; // 0x10
LUID AuthenticationId; // 0x18
LARGE_INTEGER ExpirationTime; // 0x20
LARGE_INTEGER ExpirationTime; // 0x20
LUID ModifiedId; // 0x28
ULONG UserAndGroupCount; // 0x30
ULONG PrivilegeCount; // 0x34
ULONG VariableLength; // 0x38
ULONG DynamicCharged; // 0x3C
ULONG DynamicAvailable; // 0x40
ULONG DefaultOwnerIndex; // 0x44
ULONG Unknown[2]; // 0x48
PLUID_AND_ATTRIBUTES Privileges; // 0x50
ULONG Unknown1; // 0x54
PACL DefaultDacl; // 0x58
ULONG UserAndGroupCount; // 0x30
ULONG PrivilegeCount; // 0x34
ULONG VariableLength; // 0x38
ULONG DynamicCharged; // 0x3C
ULONG DynamicAvailable; // 0x40
ULONG DefaultOwnerIndex; // 0x44
PSID_AND_ATTRIBUTES UserAndGroups; // 0x48
PSID PrimaryGroup; // 0x4C
PLUID_AND_ATTRIBUTES Privileges; // 0x50
ULONG Unknown1; // 0x54
PACL DefaultDacl; // 0x58
TOKEN_TYPE TokenType; // 0x5C
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel; // 0x60
UCHAR TokenFlags; // 0x64
@ -188,23 +121,28 @@ typedef struct _SECURITY_SUBJECT_CONTEXT
PVOID ProcessAuditId; // 0xC
} SECURITY_SUBJECT_CONTEXT, *PSECURITY_SUBJECT_CONTEXT;
typedef struct _SECURITY_DESCRIPTOR {
UCHAR Revision;
UCHAR Sbz1;
SECURITY_DESCRIPTOR_CONTROL Control;
PSID Owner;
PSID Group;
PACL Sacl;
PACL Dacl;
} SECURITY_DESCRIPTOR, *PSECURITY_DESCRIPTOR;
BOOLEAN STDCALL RtlValidSid (PSID Sid);
/*
* from ntoskrnl/se/token.c:
*/
extern struct _OBJECT_TYPE* SeTokenType;
typedef struct
{
ULONG Unknown1; // 0x0
SECURITY_IMPERSONATION_LEVEL Level; // 0x4
UCHAR ContextTrackingMode; // 0x8
UCHAR EffectiveOnly; // 0x9
UCHAR Unknown5; // 0xa
UCHAR Unknown6; // 0xb
PACCESS_TOKEN Token; // 0xc
UCHAR Unknown8; // 0x10
UCHAR Unknown9; // 0x11
UCHAR Unknown10; // 0x12
UCHAR Pad[1]; // 0x13
ULONG Unknown11; // 0x14
} SE_SOME_STRUCT2, *PSE_SOME_STRUCT2;
#endif

View file

@ -1,5 +1,5 @@
/* $Id: zw.h,v 1.24 1999/12/18 17:48:21 dwelch Exp $
/* $Id: zw.h,v 1.25 2000/01/05 21:56:58 dwelch Exp $
*
* COPYRIGHT: See COPYING in the top level directory
* PROJECT: ReactOS kernel
@ -17,57 +17,7 @@
#ifndef __DDK_ZW_H
#define __DDK_ZW_H
#if defined(WIN32_LEAN_AND_MEAN) && !defined(TOKEN_INFORMATION_CLASS_DEFINED)
typedef enum _TOKEN_INFORMATION_CLASS {
TokenUser = 1,
TokenGroups,
TokenPrivileges,
TokenOwner,
TokenPrimaryGroup,
TokenDefaultDacl,
TokenSource,
TokenType,
TokenImpersonationLevel,
TokenStatistics
} TOKEN_INFORMATION_CLASS;
typedef struct _SID_AND_ATTRIBUTES {
PSID Sid;
DWORD Attributes;
} SID_AND_ATTRIBUTES ;
typedef SID_AND_ATTRIBUTES SID_AND_ATTRIBUTES_ARRAY[ANYSIZE_ARRAY];
typedef SID_AND_ATTRIBUTES_ARRAY *PSID_AND_ATTRIBUTES_ARRAY;
typedef struct _TOKEN_DEFAULT_DACL {
PACL DefaultDacl;
} TOKEN_DEFAULT_DACL, *PTOKEN_DEFAULT_DACL;
typedef struct _TOKEN_GROUPS {
DWORD GroupCount;
SID_AND_ATTRIBUTES Groups[ANYSIZE_ARRAY];
} TOKEN_GROUPS, *PTOKEN_GROUPS, *LPTOKEN_GROUPS;
typedef struct _TOKEN_OWNER {
PSID Owner;
} TOKEN_OWNER, *PTOKEN_OWNER;
typedef struct _TOKEN_PRIMARY_GROUP {
PSID PrimaryGroup;
} TOKEN_PRIMARY_GROUP, *PTOKEN_PRIMARY_GROUP;
typedef struct _TOKEN_PRIVILEGES {
DWORD PrivilegeCount;
LUID_AND_ATTRIBUTES Privileges[ANYSIZE_ARRAY];
} TOKEN_PRIVILEGES, *PTOKEN_PRIVILEGES, *LPTOKEN_PRIVILEGES;
typedef struct _TOKEN_USER {
SID_AND_ATTRIBUTES User;
} TOKEN_USER, *PTOKEN_USER;
#endif
#define LCID ULONG
#define SECURITY_INFORMATION ULONG

154
reactos/include/security.h Normal file
View file

@ -0,0 +1,154 @@
#ifndef __INCLUDE_SECURITY_H
#define __INCLUDE_SECURITY_H
typedef enum _TOKEN_INFORMATION_CLASS {
TokenUser = 1,
TokenGroups,
TokenPrivileges,
TokenOwner,
TokenPrimaryGroup,
TokenDefaultDacl,
TokenSource,
TokenType,
TokenImpersonationLevel,
TokenStatistics
} TOKEN_INFORMATION_CLASS;
typedef ULONG SECURITY_IMPERSONATION_LEVEL, *PSECURITY_IMPERSONATION_LEVEL;
#define SecurityAnonymous ((SECURITY_IMPERSONATION_LEVEL)1)
#define SecurityIdentification ((SECURITY_IMPERSONATION_LEVEL)2)
#define SecurityImpersonation ((SECURITY_IMPERSONATION_LEVEL)3)
#define SecurityDelegation ((SECURITY_IMPERSONATION_LEVEL)4)
typedef ULONG TOKEN_TYPE, *PTOKEN_TYPE;
#define TokenPrimary ((TOKEN_TYPE)1)
#define TokenImpersonation ((TOKEN_TYPE)2)
typedef ULONG ACCESS_MASK;
typedef ULONG ACCESS_MODE, *PACCESS_MODE;
typedef struct _SECURITY_QUALITY_OF_SERVICE {
DWORD Length;
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
/* SECURITY_CONTEXT_TRACKING_MODE ContextTrackingMode; */
WINBOOL ContextTrackingMode;
BOOLEAN EffectiveOnly;
} SECURITY_QUALITY_OF_SERVICE;
typedef SECURITY_QUALITY_OF_SERVICE* PSECURITY_QUALITY_OF_SERVICE;
typedef struct _ACE_HEADER
{
CHAR AceType;
CHAR AceFlags;
USHORT AceSize;
ACCESS_MASK AccessMask;
} ACE_HEADER, *PACE_HEADER;
typedef struct
{
ACE_HEADER Header;
} ACE, *PACE;
typedef struct _SID_IDENTIFIER_AUTHORITY
{
BYTE Value[6];
} SID_IDENTIFIER_AUTHORITY, *PSID_IDENTIFIER_AUTHORITY;
#define SECURITY_WORLD_SID_AUTHORITY {0,0,0,0,0,1}
typedef struct _SID
{
UCHAR Revision;
UCHAR SubAuthorityCount;
SID_IDENTIFIER_AUTHORITY IdentifierAuthority;
ULONG SubAuthority[1];
} SID, *PSID;
typedef struct _ACL {
UCHAR AclRevision;
UCHAR Sbz1;
USHORT AclSize;
USHORT AceCount;
USHORT Sbz2;
} ACL, *PACL;
typedef USHORT SECURITY_DESCRIPTOR_CONTROL, *PSECURITY_DESCRIPTOR_CONTROL;
typedef struct _SECURITY_DESCRIPTOR_CONTEXT
{
} SECURITY_DESCRIPTOR_CONTEXT, *PSECURITY_DESCRIPTOR_CONTEXT;
typedef LARGE_INTEGER LUID, *PLUID;
typedef struct _SECURITY_DESCRIPTOR {
UCHAR Revision;
UCHAR Sbz1;
SECURITY_DESCRIPTOR_CONTROL Control;
PSID Owner;
PSID Group;
PACL Sacl;
PACL Dacl;
} SECURITY_DESCRIPTOR, *PSECURITY_DESCRIPTOR;
typedef struct _LUID_AND_ATTRIBUTES
{
LUID Luid;
DWORD Attributes;
} LUID_AND_ATTRIBUTES, *PLUID_AND_ATTRIBUTES;
typedef struct _TOKEN_SOURCE {
CHAR SourceName[8];
LUID SourceIdentifier;
} TOKEN_SOURCE, *PTOKEN_SOURCE;
typedef struct _SID_AND_ATTRIBUTES {
PSID Sid;
DWORD Attributes;
} SID_AND_ATTRIBUTES, *PSID_AND_ATTRIBUTES;
typedef SID_AND_ATTRIBUTES SID_AND_ATTRIBUTES_ARRAY[ANYSIZE_ARRAY];
typedef SID_AND_ATTRIBUTES_ARRAY *PSID_AND_ATTRIBUTES_ARRAY;
typedef struct _TOKEN_USER {
SID_AND_ATTRIBUTES User;
} TOKEN_USER, *PTOKEN_USER;
typedef struct _TOKEN_PRIMARY_GROUP {
PSID PrimaryGroup;
} TOKEN_PRIMARY_GROUP, *PTOKEN_PRIMARY_GROUP;
typedef struct _TOKEN_GROUPS {
DWORD GroupCount;
SID_AND_ATTRIBUTES Groups[ANYSIZE_ARRAY];
} TOKEN_GROUPS, *PTOKEN_GROUPS, *LPTOKEN_GROUPS;
typedef struct _TOKEN_PRIVILEGES {
DWORD PrivilegeCount;
LUID_AND_ATTRIBUTES Privileges[ANYSIZE_ARRAY];
} TOKEN_PRIVILEGES, *PTOKEN_PRIVILEGES, *LPTOKEN_PRIVILEGES;
typedef struct _TOKEN_OWNER {
PSID Owner;
} TOKEN_OWNER, *PTOKEN_OWNER;
typedef struct _TOKEN_DEFAULT_DACL {
PACL DefaultDacl;
} TOKEN_DEFAULT_DACL, *PTOKEN_DEFAULT_DACL;
typedef struct _TOKEN_STATISTICS {
LUID TokenId;
LUID AuthenticationId;
LARGE_INTEGER ExpirationTime;
TOKEN_TYPE TokenType;
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
DWORD DynamicCharged;
DWORD DynamicAvailable;
DWORD GroupCount;
DWORD PrivilegeCount;
LUID ModifiedId;
} TOKEN_STATISTICS, *PTOKEN_STATISTICS;
#endif /* __INCLUDE_SECURITY_H */

View file

@ -53,7 +53,7 @@ typedef union _ULARGE_INTEGER
ULONGLONG QuadPart;
} ULARGE_INTEGER, *PULARGE_INTEGER;
#include <ddk/setypes.h>
#include <security.h>
typedef struct _LIST_ENTRY {
struct _LIST_ENTRY *Flink;
@ -3880,15 +3880,6 @@ typedef struct _SHNAMEMAPPING {
int cchNewPath;
} SHNAMEMAPPING, *LPSHNAMEMAPPING;
typedef struct _SID_AND_ATTRIBUTES {
PSID Sid;
DWORD Attributes;
} SID_AND_ATTRIBUTES ;
typedef SID_AND_ATTRIBUTES SID_AND_ATTRIBUTES_ARRAY[ANYSIZE_ARRAY];
typedef SID_AND_ATTRIBUTES_ARRAY *PSID_AND_ATTRIBUTES_ARRAY;
typedef struct tagSOUNDSENTRY {
UINT cbSize;
DWORD dwFlags;
@ -4155,46 +4146,7 @@ typedef struct _TOKEN_CONTROL {
LUID ModifiedId;
TOKEN_SOURCE TokenSource;
} TOKEN_CONTROL, *PTOKEN_CONTROL ;
typedef struct _TOKEN_DEFAULT_DACL {
PACL DefaultDacl;
} TOKEN_DEFAULT_DACL, *PTOKEN_DEFAULT_DACL;
typedef struct _TOKEN_GROUPS {
DWORD GroupCount;
SID_AND_ATTRIBUTES Groups[ANYSIZE_ARRAY];
} TOKEN_GROUPS, *PTOKEN_GROUPS, *LPTOKEN_GROUPS;
typedef struct _TOKEN_OWNER {
PSID Owner;
} TOKEN_OWNER, *PTOKEN_OWNER;
typedef struct _TOKEN_PRIMARY_GROUP {
PSID PrimaryGroup;
} TOKEN_PRIMARY_GROUP, *PTOKEN_PRIMARY_GROUP;
typedef struct _TOKEN_PRIVILEGES {
DWORD PrivilegeCount;
LUID_AND_ATTRIBUTES Privileges[ANYSIZE_ARRAY];
} TOKEN_PRIVILEGES, *PTOKEN_PRIVILEGES, *LPTOKEN_PRIVILEGES;
typedef struct _TOKEN_STATISTICS {
LUID TokenId;
LUID AuthenticationId;
LARGE_INTEGER ExpirationTime;
TOKEN_TYPE TokenType;
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
DWORD DynamicCharged;
DWORD DynamicAvailable;
DWORD GroupCount;
DWORD PrivilegeCount;
LUID ModifiedId;
} TOKEN_STATISTICS, *PTOKEN_STATISTICS;
typedef struct _TOKEN_USER {
SID_AND_ATTRIBUTES User;
} TOKEN_USER, *PTOKEN_USER;
typedef struct {
UINT cbSize;
UINT uFlags;

View file

@ -18,7 +18,9 @@ GetSecurityDescriptorLength (
PSECURITY_DESCRIPTOR pSecurityDescriptor
)
{
#if 0
return RtlLengthSecurityDescriptor(pSecurityDescriptor);
#endif
}

View file

@ -10,7 +10,7 @@
#include <ddk/ntddk.h>
#define NDEBUG
//#define NDEBUG
#include <internal/debug.h>
/* FUNCTIONS *****************************************************************/

View file

@ -12,7 +12,7 @@
#include <ddk/ntddk.h>
#define NDEBUG
//#define NDEBUG
#include <internal/debug.h>
/* FUNCTIONS *****************************************************************/

View file

@ -1,4 +1,4 @@
/* $Id: create.c,v 1.6 1999/12/26 15:50:51 dwelch Exp $
/* $Id: create.c,v 1.7 2000/01/05 21:57:00 dwelch Exp $
*
* COPYRIGHT: See COPYING in the top level directory
* PROJECT: ReactOS kernel
@ -43,6 +43,193 @@ extern LIST_ENTRY PiThreadListHead;
/* FUNCTIONS ***************************************************************/
NTSTATUS PsAssignImpersonationToken(PETHREAD Thread,
HANDLE TokenHandle)
{
PACCESS_TOKEN Token;
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
NTSTATUS Status;
if (TokenHandle != NULL)
{
Status = ObReferenceObjectByHandle(TokenHandle,
0,
SeTokenType,
UserMode,
(PVOID*)&Token,
NULL);
if (!NT_SUCCESS(Status))
{
return(Status);
}
ImpersonationLevel = Token->ImpersonationLevel;
}
else
{
Token = NULL;
ImpersonationLevel = 0;
}
PsImpersonateClient(Thread,
Token,
0,
0,
ImpersonationLevel);
if (Token != NULL)
{
ObDereferenceObject(Token);
}
return(STATUS_SUCCESS);
}
VOID PsRevertToSelf(PETHREAD Thread)
{
if (Thread->ActiveImpersonationInfo != 0)
{
Thread->ActiveImpersonationInfo = 0;
ObDereferenceObject(Thread->ImpersonationInfo->Token);
}
}
VOID PsImpersonateClient(PETHREAD Thread,
PACCESS_TOKEN Token,
UCHAR b,
UCHAR c,
SECURITY_IMPERSONATION_LEVEL Level)
{
if (Token == 0)
{
if (Thread->ActiveImpersonationInfo != 0)
{
Thread->ActiveImpersonationInfo = 0;
if (Thread->ImpersonationInfo->Token != NULL)
{
ObDereferenceObject(Thread->ImpersonationInfo->Token);
}
}
return;
}
if (Thread->ActiveImpersonationInfo == 0 ||
Thread->ImpersonationInfo == NULL)
{
Thread->ImpersonationInfo = ExAllocatePool(NonPagedPool,
sizeof(PS_IMPERSONATION_INFO));
}
Thread->ImpersonationInfo->Level = Level;
Thread->ImpersonationInfo->Unknown2 = c;
Thread->ImpersonationInfo->Unknown1 = b;
Thread->ImpersonationInfo->Token = Token;
ObReferenceObjectByPointer(Token,
0,
SeTokenType,
KernelMode);
Thread->ActiveImpersonationInfo = 1;
}
PACCESS_TOKEN PsReferenceEffectiveToken(PETHREAD Thread,
PTOKEN_TYPE TokenType,
PUCHAR b,
PSECURITY_IMPERSONATION_LEVEL Level)
{
PEPROCESS Process;
PACCESS_TOKEN Token;
if (Thread->ActiveImpersonationInfo == 0)
{
Process = Thread->ThreadsProcess;
*TokenType = TokenPrimary;
*b = 0;
Token = Process->Token;
}
else
{
Token = Thread->ImpersonationInfo->Token;
*TokenType = TokenImpersonation;
*b = Thread->ImpersonationInfo->Unknown2;
*Level = Thread->ImpersonationInfo->Level;
}
return(Token);
}
NTSTATUS STDCALL NtImpersonateThread (IN HANDLE ThreadHandle,
IN HANDLE ThreadToImpersonateHandle,
IN PSECURITY_QUALITY_OF_SERVICE
SecurityQualityOfService)
{
PETHREAD Thread;
PETHREAD ThreadToImpersonate;
NTSTATUS Status;
SE_SOME_STRUCT2 b;
Status = ObReferenceObjectByHandle(ThreadHandle,
0,
PsThreadType,
UserMode,
(PVOID*)&Thread,
NULL);
if (!NT_SUCCESS(Status))
{
return(Status);
}
Status = ObReferenceObjectByHandle(ThreadToImpersonateHandle,
0,
PsThreadType,
UserMode,
(PVOID*)&ThreadToImpersonate,
NULL);
if (!NT_SUCCESS(Status))
{
ObDereferenceObject(Thread);
return(Status);
}
Status = SeCreateClientSecurity(ThreadToImpersonate,
SecurityQualityOfService,
0,
&b);
if (!NT_SUCCESS(Status))
{
ObDereferenceObject(Thread);
ObDereferenceObject(ThreadToImpersonate);
return(Status);
}
SeImpersonateClient(&b, Thread);
if (b.Token != NULL)
{
ObDereferenceObject(b.Token);
}
return(STATUS_SUCCESS);
}
NTSTATUS STDCALL NtOpenThreadToken(IN HANDLE ThreadHandle,
IN ACCESS_MASK DesiredAccess,
IN BOOLEAN OpenAsSelf,
OUT PHANDLE TokenHandle)
{
#if 0
PETHREAD Thread;
NTSTATUS Status;
PACCESS_TOKEN Token;
Status = ObReferenceObjectByHandle(ThreadHandle,
0,
PsThreadType,
UserMode,
(PVOID*)&Thread,
NULL);
if (!NT_SUCCESS(Status))
{
return(Status);
}
Token = PsReferencePrimaryToken(Thread->ThreadsProcess);
SepCreateImpersonationTokenDacl(Token);
#endif
return(STATUS_UNSUCCESSFUL);
}
PACCESS_TOKEN PsReferenceImpersonationToken(PETHREAD Thread,
PULONG Unknown1,
PULONG Unknown2,

View file

@ -36,6 +36,28 @@ static ULONG PiNextProcessUniqueId = 0;
/* FUNCTIONS *****************************************************************/
NTSTATUS STDCALL NtOpenProcessToken(IN HANDLE ProcessHandle,
IN ACCESS_MASK DesiredAccess,
OUT PHANDLE TokenHandle)
{
PACCESS_TOKEN Token;
NTSTATUS Status;
Status = PsOpenTokenOfProcess(ProcessHandle,
&Token);
if (!NT_SUCCESS(Status))
{
return(Status);
}
Status = ObCreateHandle(PsGetCurrentProcess(),
Token,
DesiredAccess,
FALSE,
ProcessHandle);
ObDereferenceObject(Token);
return(Status);
}
PACCESS_TOKEN PsReferencePrimaryToken(PEPROCESS Process)
{
ObReferenceObjectByPointer(Process->Token,

View file

@ -17,98 +17,91 @@
/* FUNCTIONS *****************************************************************/
NTSTATUS
STDCALL
NtSetInformationThread (
HANDLE ThreadHandle,
THREADINFOCLASS ThreadInformationClass,
PVOID ThreadInformation,
ULONG ThreadInformationLength
)
NTSTATUS STDCALL NtSetInformationThread(HANDLE ThreadHandle,
THREADINFOCLASS ThreadInformationClass,
PVOID ThreadInformation,
ULONG ThreadInformationLength)
{
PETHREAD Thread;
NTSTATUS Status;
PTHREAD_BASIC_INFORMATION ThreadBasicInformationP;
PETHREAD Thread;
NTSTATUS Status;
PTHREAD_BASIC_INFORMATION ThreadBasicInformationP;
Status = ObReferenceObjectByHandle(
ThreadHandle,
THREAD_SET_INFORMATION,
PsThreadType,
UserMode,
(PVOID*) & Thread,
NULL
);
if (Status != STATUS_SUCCESS)
{
return Status;
}
switch (ThreadInformationClass)
{
case ThreadBasicInformation:
ThreadBasicInformationP =
(PTHREAD_BASIC_INFORMATION) ThreadInformation;
ThreadBasicInformationP->ExitStatus =
Thread->ExitStatus;
ThreadBasicInformationP->TebBaseAddress =
Thread->Tcb.Teb;
ThreadBasicInformationP->AffinityMask =
Thread->Tcb.Affinity;
ThreadBasicInformationP->BasePriority =
Thread->Tcb.BasePriority;
ThreadBasicInformationP->UniqueThreadId =
(ULONG) Thread->Cid.UniqueThread;
Status = STATUS_SUCCESS;
break;
case ThreadTimes:
break;
case ThreadPriority:
KeSetPriorityThread(
& Thread->Tcb,
* (KPRIORITY *) ThreadInformation
);
Status = STATUS_SUCCESS;
break;
case ThreadBasePriority:
break;
case ThreadAffinityMask:
break;
case ThreadImpersonationToken:
break;
case ThreadDescriptorTableEntry:
UNIMPLEMENTED;
break;
case ThreadEventPair:
UNIMPLEMENTED;
break;
case ThreadQuerySetWin32StartAddress:
break;
case ThreadZeroTlsCell:
break;
case ThreadPerformanceCount:
break;
case ThreadAmILastThread:
break;
case ThreadPriorityBoost:
break;
default:
Status = STATUS_UNSUCCESSFUL;
}
ObDereferenceObject(Thread);
Status = ObReferenceObjectByHandle(ThreadHandle,
THREAD_SET_INFORMATION,
PsThreadType,
UserMode,
(PVOID*)&Thread,
NULL);
if (!NT_SUCCESS(Status))
{
return Status;
}
switch (ThreadInformationClass)
{
case ThreadBasicInformation:
ThreadBasicInformationP =
(PTHREAD_BASIC_INFORMATION) ThreadInformation;
ThreadBasicInformationP->ExitStatus =
Thread->ExitStatus;
ThreadBasicInformationP->TebBaseAddress =
Thread->Tcb.Teb;
ThreadBasicInformationP->AffinityMask =
Thread->Tcb.Affinity;
ThreadBasicInformationP->BasePriority =
Thread->Tcb.BasePriority;
ThreadBasicInformationP->UniqueThreadId =
(ULONG) Thread->Cid.UniqueThread;
Status = STATUS_SUCCESS;
break;
case ThreadTimes:
break;
case ThreadPriority:
KeSetPriorityThread(&Thread->Tcb, *(KPRIORITY *)ThreadInformation);
Status = STATUS_SUCCESS;
break;
case ThreadBasePriority:
break;
case ThreadAffinityMask:
break;
case ThreadImpersonationToken:
Status = PsAssignImpersonationToken(Thread,
*((PHANDLE)ThreadInformation));
break;
case ThreadDescriptorTableEntry:
UNIMPLEMENTED;
break;
case ThreadEventPair:
UNIMPLEMENTED;
break;
case ThreadQuerySetWin32StartAddress:
break;
case ThreadZeroTlsCell:
break;
case ThreadPerformanceCount:
break;
case ThreadAmILastThread:
break;
case ThreadPriorityBoost:
break;
default:
Status = STATUS_UNSUCCESSFUL;
}
ObDereferenceObject(Thread);
return Status;
}

View file

@ -1,4 +1,4 @@
/* $Id: acl.c,v 1.2 1999/12/26 17:22:19 ea Exp $
/* $Id: acl.c,v 1.3 2000/01/05 21:57:00 dwelch Exp $
*
* COPYRIGHT: See COPYING in the top level directory
* PROJECT: ReactOS kernel
@ -94,7 +94,7 @@ NTSTATUS RtlpAddKnownAce(PACL Acl,
Ace->Header.AceType = Type;
Ace->Header.AceSize = RtlLengthSid(Sid) + sizeof(ACE);
Ace->Header.AccessMask = AccessMask;
RtlCopySid(RtlLengthSid(Sid), Sid, (PSID)Ace + 1);
RtlCopySid(RtlLengthSid(Sid), (PSID)Ace + 1, Sid);
Acl->AceCount++;
Acl->AclRevision = Revision;
return(STATUS_SUCCESS);

View file

@ -1,4 +1,4 @@
/* $Id: semgr.c,v 1.13 1999/12/26 17:22:19 ea Exp $
/* $Id: semgr.c,v 1.14 2000/01/05 21:57:00 dwelch Exp $
*
* COPYRIGHT: See COPYING in the top level directory
* PROJECT: ReactOS kernel
@ -17,6 +17,266 @@
/* FUNCTIONS ***************************************************************/
VOID SepReferenceLogonSession(PLUID AuthenticationId)
{
UNIMPLEMENTED;
}
VOID SepDeReferenceLogonSession(PLUID AuthenticationId)
{
UNIMPLEMENTED;
}
VOID SepFreeProxyData(PVOID ProxyData)
{
UNIMPLEMENTED;
}
NTSTATUS SepCopyProxyData(PVOID* Dest, PVOID Src)
{
UNIMPLEMENTED;
}
NTSTATUS SepDuplicationToken(PACCESS_TOKEN Token,
PULONG a,
ULONG b,
TOKEN_TYPE TokenType,
SECURITY_IMPERSONATION_LEVEL Level,
ULONG d,
PACCESS_TOKEN* e)
{
#if 0
PVOID mem1;
PVOID mem2;
PVOID f;
PACCESS_TOKEN g;
NTSTATUS Status;
if (TokenType == 2 &&
(Level > 3 || Level < 0))
{
return(STATUS_UNSUCCESSFUL);
}
SepReferenceLogonSession(&Token->AuthenticationId);
mem1 = ExAllocatePool(NonPagedPool, Token->DynamicCharged);
if (mem1 == NULL)
{
SepDeReferenceLogonSession(&Token->AuthenticationId);
return(STATUS_UNSUCCESSFUL);
}
if (Token->ProxyData != NULL)
{
Status = SepCopyProxyData(&f, Token->ProxyData);
if (!NT_SUCCESS(Status))
{
SepDeReferenceLogonSession(&Token->AuthenticationId);
ExFreePool(mem1);
return(Status);
}
}
else
{
f = 0;
}
if (Token->AuditData != NULL)
{
mem2 = ExAllocatePool(NonPagedPool, 0xc);
if (mem2 == NULL)
{
SepFreeProxyData(f);
SepDeReferenceLogonSession(&Token->AuthenticationId);
ExFreePool(mem1);
return(STATUS_UNSUCCESSFUL);
}
memcpy(mem2, Token->AuditData, 0xc);
}
else
{
mem2 = NULL;
}
Status = ObCreateObject(d,
SeTokenType,
b,
d,
0,
Token->VariableLength + 0x78,
Token->DynamicCharged,
Token->VariableLength + 0x78,
&g);
if (!NT_SUCCESS(Status))
{
SepDeReferenceLogonSession(Token->AuthenticationId);
ExFreePool(mem1);
SepFreeProxyData(f);
if (mem2 != NULL)
{
ExFreePool(mem2);
}
return(Status);
}
g->TokenId = Token->TokenId;
g->ModifiedId = Token->ModifiedId;
g->ExpirationTime = Token->ExpirationTime;
memcpy(&g->TokenSource, &Token->TokenSource, sizeof(TOKEN_SOURCE));
g->DynamicCharged = Token->DynamicCharged;
g->DynamicAvailable = Token->DynamicAvailable;
g->DefaultOwnerIndex = Token->DefaultOwnerIndex;
g->UserAndGroupCount = Token->UserAndGroupCount;
g->PrivilegeCount = Token->PrivilegeCount;
g->VariableLength = Token->VariableLength;
g->TokenFlags = Token->TokenFlags;
g->ProxyData = f;
g->AuditData = mem2;
//g->TokenId = ExInterlockedExchangeAdd();
g->TokenInUse = 0;
g->TokenType = TokenType;
g->ImpersonationLevel = Level;
memmove(g->VariablePart, Token->VariablePart, Token->VariableLength);
/* ... */
*e = g;
return(STATUS_SUCCESS);
#endif
UNIMPLEMENTED;
}
NTSTATUS SeCopyClientToken(PACCESS_TOKEN Token,
SECURITY_IMPERSONATION_LEVEL Level,
ULONG a,
PACCESS_TOKEN* b)
{
ULONG c;
PACCESS_TOKEN d;
NTSTATUS Status;
c = 18;
Status = SepDuplicationToken(Token,
&c,
0,
TokenImpersonation,
Level,
a,
&d);
*b = d;
return(Status);
}
NTSTATUS SeCreateClientSecurity(PETHREAD Thread,
PSECURITY_QUALITY_OF_SERVICE Qos,
ULONG e,
PSE_SOME_STRUCT2 f)
{
TOKEN_TYPE TokenType;
UCHAR b;
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
PACCESS_TOKEN Token;
ULONG g;
PACCESS_TOKEN NewToken;
Token = PsReferenceEffectiveToken(Thread,
&TokenType,
&b,
&ImpersonationLevel);
if (TokenType != 2)
{
f->Unknown9 = Qos->EffectiveOnly;
}
else
{
if (Qos->ImpersonationLevel > ImpersonationLevel)
{
if (Token != NULL)
{
ObDereferenceObject(Token);
}
return(STATUS_UNSUCCESSFUL);
}
if (ImpersonationLevel == 0 ||
ImpersonationLevel == 1 ||
(e != 0 && ImpersonationLevel != 3))
{
if (Token != NULL)
{
ObDereferenceObject(Token);
}
return(STATUS_UNSUCCESSFUL);
}
if (b != 0 ||
Qos->EffectiveOnly != 0)
{
f->Unknown9 = 1;
}
else
{
f->Unknown9 = 0;
}
}
if (Qos->ContextTrackingMode == 0)
{
f->Unknown8 = 0;
g = SeCopyClientToken(Token, ImpersonationLevel, 0, &NewToken);
if (g >= 0)
{
// ObDeleteCapturedInsertInfo(NewToken);
}
if (TokenType == TokenPrimary || Token != NULL)
{
ObDereferenceObject(Token);
}
if (g < 0)
{
return(g);
}
}
else
{
f->Unknown8 = 1;
if (e != 0)
{
// SeGetTokenControlInformation(Token, &f->Unknown11);
}
NewToken = Token;
}
f->Unknown1 = 0xc;
f->Level = Qos->ImpersonationLevel;
f->ContextTrackingMode = Qos->ContextTrackingMode;
f->EffectiveOnly = Qos->EffectiveOnly;
f->Unknown10 = e;
f->Token = NewToken;
return(STATUS_SUCCESS);
}
VOID SeImpersonateClient(PSE_SOME_STRUCT2 a,
PETHREAD Thread)
{
UCHAR b;
if (a->Unknown8 == 0)
{
b = a->EffectiveOnly;
}
else
{
b = a->Unknown9;
}
if (Thread == NULL)
{
Thread = PsGetCurrentThread();
}
PsImpersonateClient(Thread,
a->Token,
1,
(ULONG)b,
a->Level);
}
NTSTATUS STDCALL NtPrivilegeCheck (IN HANDLE ClientToken,
@ -27,15 +287,12 @@ NTSTATUS STDCALL NtPrivilegeCheck (IN HANDLE ClientToken,
}
NTSTATUS
STDCALL
NtPrivilegedServiceAuditAlarm (
IN PUNICODE_STRING SubsystemName,
IN PUNICODE_STRING ServiceName,
IN HANDLE ClientToken,
IN PPRIVILEGE_SET Privileges,
IN BOOLEAN AccessGranted
)
NTSTATUS STDCALL NtPrivilegedServiceAuditAlarm(
IN PUNICODE_STRING SubsystemName,
IN PUNICODE_STRING ServiceName,
IN HANDLE ClientToken,
IN PPRIVILEGE_SET Privileges,
IN BOOLEAN AccessGranted)
{
UNIMPLEMENTED;
}
@ -74,44 +331,6 @@ NtOpenObjectAuditAlarm (
UNIMPLEMENTED;
}
NTSTATUS
STDCALL
NtOpenProcessToken (
IN HANDLE ProcessHandle,
IN ACCESS_MASK DesiredAccess,
OUT PHANDLE TokenHandle
)
{
UNIMPLEMENTED;
}
NTSTATUS
STDCALL
NtOpenThreadToken (
IN HANDLE ThreadHandle,
IN ACCESS_MASK DesiredAccess,
IN BOOLEAN OpenAsSelf,
OUT PHANDLE TokenHandle
)
{
UNIMPLEMENTED;
}
NTSTATUS STDCALL NtImpersonateThread (IN HANDLE ThreadHandle,
IN HANDLE ThreadToImpersonate,
IN PSECURITY_QUALITY_OF_SERVICE
SecurityQualityOfService)
{
UNIMPLEMENTED;
}
NTSTATUS
STDCALL
NtAccessCheckAndAuditAlarm (
@ -130,33 +349,6 @@ NtAccessCheckAndAuditAlarm (
}
NTSTATUS
STDCALL
NtAdjustGroupsToken (
IN HANDLE TokenHandle,
IN BOOLEAN ResetToDefault,
IN PTOKEN_GROUPS NewState,
IN ULONG BufferLength,
OUT PTOKEN_GROUPS PreviousState OPTIONAL,
OUT PULONG ReturnLength
)
{
UNIMPLEMENTED;
}
NTSTATUS
STDCALL
NtAdjustPrivilegesToken(IN HANDLE TokenHandle,
IN BOOLEAN DisableAllPrivileges,
IN PTOKEN_PRIVILEGES NewState,
IN ULONG BufferLength,
OUT PTOKEN_PRIVILEGES PreviousState,
OUT PULONG ReturnLength)
{
UNIMPLEMENTED;
}
NTSTATUS
STDCALL
NtAllocateUuids (
@ -202,7 +394,11 @@ NtDeleteObjectAuditAlarm (
VOID STDCALL SeReleaseSubjectContext (PSECURITY_SUBJECT_CONTEXT SubjectContext)
{
ObDereferenceObject(SubjectContext->PrimaryToken);
if (SubjectContext->ClientToken != NULL)
{
ObDereferenceObject(SubjectContext->ClientToken);
}
}
VOID STDCALL SeCaptureSubjectContext (PSECURITY_SUBJECT_CONTEXT SubjectContext)
@ -337,17 +533,42 @@ NTSTATUS STDCALL SeDeassignSecurity(PSECURITY_DESCRIPTOR* SecurityDescriptor)
}
NTSTATUS STDCALL SeAssignSecurity(PSECURITY_DESCRIPTOR ParentDescriptor,
PSECURITY_DESCRIPTOR ExplicitDescriptor,
BOOLEAN IsDirectoryObject,
PSECURITY_SUBJECT_CONTEXT SubjectContext,
PGENERIC_MAPPING GenericMapping,
POOL_TYPE PoolType)
PSECURITY_DESCRIPTOR ExplicitDescriptor,
BOOLEAN IsDirectoryObject,
PSECURITY_SUBJECT_CONTEXT SubjectContext,
PGENERIC_MAPPING GenericMapping,
POOL_TYPE PoolType)
{
UNIMPLEMENTED;
}
BOOLEAN SepSidInToken(PACCESS_TOKEN Token,
PSID Sid)
{
ULONG i;
if (Token->UserAndGroupCount == 0)
{
return(FALSE);
}
for (i=0; i<Token->UserAndGroupCount; i++)
{
if (RtlEqualSid(Sid, Token->UserAndGroups[i].Sid))
{
if (i == 0 ||
(!(Token->UserAndGroups[i].Attributes & 0x4)))
{
return(TRUE);
}
return(FALSE);
}
}
return(FALSE);
}
BOOLEAN STDCALL SeAccessCheck (IN PSECURITY_DESCRIPTOR SecurityDescriptor,
IN PSECURITY_DESCRIPTOR_CONTEXT SubjectSecurityContext,
IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext,
IN BOOLEAN SubjectContextLocked,
IN ACCESS_MASK DesiredAccess,
IN ACCESS_MASK PreviouslyGrantedAccess,
@ -406,7 +627,7 @@ BOOLEAN STDCALL SeAccessCheck (IN PSECURITY_DESCRIPTOR SecurityDescriptor,
Sid = (PSID)(CurrentAce + 1);
if (CurrentAce->Header.AceType == ACCESS_DENIED_ACE_TYPE)
{
if (RtlEqualSid(Sid, NULL))
if (SepSidInToken(SubjectSecurityContext->ClientToken, Sid))
{
*AccessStatus = STATUS_ACCESS_DENIED;
*GrantedAccess = 0;
@ -415,7 +636,7 @@ BOOLEAN STDCALL SeAccessCheck (IN PSECURITY_DESCRIPTOR SecurityDescriptor,
}
if (CurrentAce->Header.AceType == ACCESS_ALLOWED_ACE_TYPE)
{
if (RtlEqualSid(Sid, NULL))
if (SepSidInToken(SubjectSecurityContext->ClientToken, Sid))
{
CurrentAccess = CurrentAccess |
CurrentAce->Header.AccessMask;

View file

@ -1,4 +1,4 @@
/* $Id: sid.c,v 1.2 1999/12/26 17:22:19 ea Exp $
/* $Id: sid.c,v 1.3 2000/01/05 21:57:00 dwelch Exp $
*
* COPYRIGHT: See COPYING in the top level directory
* PROJECT: ReactOS kernel
@ -79,8 +79,7 @@ ULONG STDCALL RtlLengthSid (PSID Sid)
return(sizeof(SID) + (Sid->SubAuthorityCount-1)*4);
}
NTSTATUS STDCALL RtlCopySid (ULONG BufferLength, PSID Src, PSID Dest)
NTSTATUS STDCALL RtlCopySid (ULONG BufferLength, PSID Dest, PSID Src)
{
if (BufferLength < RtlLengthSid(Src))
{

View file

@ -1,4 +1,4 @@
/* $Id: token.c,v 1.2 1999/12/26 17:22:19 ea Exp $
/* $Id: token.c,v 1.3 2000/01/05 21:57:00 dwelch Exp $
*
* COPYRIGHT: See COPYING in the top level directory
* PROJECT: ReactOS kernel
@ -47,6 +47,36 @@ VOID SeInitializeTokenManager(VOID)
}
NTSTATUS RtlCopySidAndAttributesArray(ULONG Count, // ebp + 8
PSID_AND_ATTRIBUTES Src, // ebp + C
ULONG MaxLength, // ebp + 10
PSID_AND_ATTRIBUTES Dest, // ebp + 14
PVOID e, // ebp + 18
PVOID* f, // ebp + 1C
PULONG g) // ebp + 20
{
ULONG Length; // ebp - 4
ULONG i;
Length = MaxLength;
for (i=0; i<Count; i++)
{
if (RtlLengthSid(Src[i].Sid) > Length)
{
return(STATUS_UNSUCCESSFUL);
}
Length = Length - RtlLengthSid(Src[i].Sid);
Dest[i].Sid = e;
Dest[i].Attributes = Src[i].Attributes;
RtlCopySid(RtlLengthSid(Src[i].Sid), e, Src[i].Sid);
e = e + RtlLengthSid(Src[i].Sid) + sizeof(ULONG);
}
*f = e;
*g = Length;
return(STATUS_SUCCESS);
}
NTSTATUS STDCALL NtQueryInformationToken(IN HANDLE TokenHandle,
IN TOKEN_INFORMATION_CLASS
TokenInformationClass,
@ -56,9 +86,13 @@ NTSTATUS STDCALL NtQueryInformationToken(IN HANDLE TokenHandle,
{
NTSTATUS Status;
PACCESS_TOKEN Token;
PVOID UnusedInfo;
PVOID EndMem;
PTOKEN_GROUPS PtrTokenGroups;
PTOKEN_DEFAULT_DACL PtrDefaultDacl;
PTOKEN_STATISTICS PtrTokenStatistics;
Status = ObReferenceObjectByHandle(TokenHandle,
// TOKEN_QUERY_INFORMATION,
0,
SeTokenType,
UserMode,
@ -69,6 +103,98 @@ NTSTATUS STDCALL NtQueryInformationToken(IN HANDLE TokenHandle,
return(Status);
}
switch (TokenInformationClass)
{
case TokenUser:
Status = RtlCopySidAndAttributesArray(1,
Token->UserAndGroups,
TokenInformationLength,
TokenInformation,
TokenInformation + 8,
&UnusedInfo,
ReturnLength);
if (!NT_SUCCESS(Status))
{
ObDereferenceObject(Token);
return(Status);
}
break;
case TokenGroups:
EndMem = TokenInformation +
Token->UserAndGroupCount * sizeof(SID_AND_ATTRIBUTES);
PtrTokenGroups = (PTOKEN_GROUPS)TokenInformation;
PtrTokenGroups->GroupCount = Token->UserAndGroupCount - 1;
Status = RtlCopySidAndAttributesArray(Token->UserAndGroupCount - 1,
&Token->UserAndGroups[1],
TokenInformationLength,
PtrTokenGroups->Groups,
EndMem,
&UnusedInfo,
ReturnLength);
if (!NT_SUCCESS(Status))
{
ObDereferenceObject(Token);
return(Status);
}
break;
case TokenPrivileges:
break;
case TokenOwner:
((PTOKEN_OWNER)TokenInformation)->Owner =
(PSID)(((PTOKEN_OWNER)TokenInformation) + 1);
RtlCopySid(TokenInformationLength - sizeof(TOKEN_OWNER),
((PTOKEN_OWNER)TokenInformation)->Owner,
Token->UserAndGroups[Token->DefaultOwnerIndex].Sid);
break;
case TokenPrimaryGroup:
((PTOKEN_PRIMARY_GROUP)TokenInformation)->PrimaryGroup =
(PSID)(((PTOKEN_PRIMARY_GROUP)TokenInformation) + 1);
RtlCopySid(TokenInformationLength - sizeof(TOKEN_OWNER),
((PTOKEN_PRIMARY_GROUP)TokenInformation)->PrimaryGroup,
Token->PrimaryGroup);
break;
case TokenDefaultDacl:
PtrDefaultDacl = (PTOKEN_DEFAULT_DACL)TokenInformation;
PtrDefaultDacl->DefaultDacl = (PACL)(PtrDefaultDacl + 1);
memmove(PtrDefaultDacl->DefaultDacl,
Token->DefaultDacl,
Token->DefaultDacl->AclSize);
break;
case TokenSource:
memcpy(TokenInformation, &Token->TokenSource, sizeof(TOKEN_SOURCE));
break;
case TokenType:
*((PTOKEN_TYPE)TokenInformation) = Token->TokenType;
break;
case TokenImpersonationLevel:
*((PSECURITY_IMPERSONATION_LEVEL)TokenInformation) =
Token->ImpersonationLevel;
break;
case TokenStatistics:
PtrTokenStatistics = (PTOKEN_STATISTICS)TokenInformation;
PtrTokenStatistics->TokenId = Token->TokenId;
PtrTokenStatistics->AuthenticationId = Token->AuthenticationId;
PtrTokenStatistics->ExpirationTime = Token->ExpirationTime;
PtrTokenStatistics->TokenType = Token->TokenType;
PtrTokenStatistics->ImpersonationLevel = Token->ImpersonationLevel;
PtrTokenStatistics->DynamicCharged = Token->DynamicCharged;
PtrTokenStatistics->DynamicAvailable = Token->DynamicAvailable;
PtrTokenStatistics->GroupCount = Token->UserAndGroupCount - 1;
PtrTokenStatistics->PrivilegeCount = Token->PrivilegeCount;
PtrTokenStatistics->ModifiedId = Token->ModifiedId;
break;
}
ObDereferenceObject(Token);
return(STATUS_SUCCESS);
}
@ -102,6 +228,29 @@ NtDuplicateToken (
UNIMPLEMENTED;
}
NTSTATUS STDCALL NtAdjustGroupsToken(IN HANDLE TokenHandle,
IN BOOLEAN ResetToDefault,
IN PTOKEN_GROUPS NewState,
IN ULONG BufferLength,
OUT PTOKEN_GROUPS PreviousState OPTIONAL,
OUT PULONG ReturnLength)
{
UNIMPLEMENTED;
}
NTSTATUS
STDCALL
NtAdjustPrivilegesToken(IN HANDLE TokenHandle,
IN BOOLEAN DisableAllPrivileges,
IN PTOKEN_PRIVILEGES NewState,
IN ULONG BufferLength,
OUT PTOKEN_PRIVILEGES PreviousState,
OUT PULONG ReturnLength)
{
UNIMPLEMENTED;
}
NTSTATUS STDCALL NtCreateToken(OUT PHANDLE TokenHandle,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes,
@ -116,7 +265,25 @@ NTSTATUS STDCALL NtCreateToken(OUT PHANDLE TokenHandle,
IN PTOKEN_DEFAULT_DACL TokenDefaultDacl,
IN PTOKEN_SOURCE TokenSource)
{
UNIMPLEMENTED;
#if 0
PACCESS_TOKEN AccessToken;
NTSTATUS Status;
Status = ObCreateObject(TokenHandle,
DesiredAccess,
ObjectAttributes,
SeTokenType);
if (!NT_SUCCESS(Status))
{
return(Status);
}
AccessToken->TokenType = TokenType;
RtlCopyLuid(&AccessToken->AuthenticationId, AuthenticationId);
AccessToken->ExpirationTime = *ExpirationTime;
AccessToken->
#endif
UNIMPLEMENTED;
}