Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2024-06-29 01:12:06 +00:00
Code Issues Packages Projects Releases Wiki Activity

Implemented more security functions

Browse source 
Moved general security types into new header file
Implemented ThreadImpersonationToken info class
Bug fixes to queuing code

svn path=/trunk/; revision=919
This commit is contained in:
David Welch 2000-01-05 21:57:00 +00:00
parent 453f513ed3
commit 623093eaaa
18 changed files with 1016 additions and 431 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

26
reactos/include/base.h
View file

@ -88,17 +88,6 @@ typedef CHAR *PCH;
typedef void *HANDLE; typedef void *HANDLE;
typedef char CCHAR; typedef char CCHAR;
typedef enum _SECURITY_IMPERSONATION_LEVEL {
SecurityAnonymous,
SecurityIdentification,
SecurityImpersonation,
SecurityDelegation
} SECURITY_IMPERSONATION_LEVEL;
typedef enum tagTOKEN_TYPE {
TokenPrimary = 1,
TokenImpersonation
} TOKEN_TYPE;
#define FALSE 0 #define FALSE 0
#define TRUE 1 #define TRUE 1
@ -403,21 +392,6 @@ typedef enum _SID_NAME_USE {
SidTypeUnknown SidTypeUnknown
} SID_NAME_USE, *PSID_NAME_USE; } SID_NAME_USE, *PSID_NAME_USE;
#define TOKEN_INFORMATION_CLASS_DEFINED 1
typedef enum _TOKEN_INFORMATION_CLASS {
TokenUser = 1,
TokenGroups,
TokenPrivileges,
TokenOwner,
TokenPrimaryGroup,
TokenDefaultDacl,
TokenSource,
TokenType,
TokenImpersonationLevel,
TokenStatistics
} TOKEN_INFORMATION_CLASS;
#endif /* ! defined (RC_INVOKED) */ #endif /* ! defined (RC_INVOKED) */
/* /*

15
reactos/include/ddk/psfuncs.h
View file

@ -1,4 +1,11 @@
PACCESS_TOKEN PsReferenceEffectiveToken(PETHREAD Thread,
PTOKEN_TYPE TokenType,
PUCHAR b,
PSECURITY_IMPERSONATION_LEVEL Level);
NTSTATUS PsOpenTokenOfProcess(HANDLE ProcessHandle,
PACCESS_TOKEN* Token);
HANDLE PsGetCurrentProcessId(VOID); HANDLE PsGetCurrentProcessId(VOID);
HANDLE PsGetCurrentThreadId(VOID); HANDLE PsGetCurrentThreadId(VOID);
@ -41,3 +48,11 @@ PACCESS_TOKEN PsReferenceImpersonationToken(PETHREAD Thread,
SECURITY_IMPERSONATION_LEVEL* SECURITY_IMPERSONATION_LEVEL*
Level); Level);
PACCESS_TOKEN PsReferencePrimaryToken(PEPROCESS Process); PACCESS_TOKEN PsReferencePrimaryToken(PEPROCESS Process);
NTSTATUS PsAssignImpersonationToken(PETHREAD Thread,
HANDLE TokenHandle);
VOID PsImpersonateClient(PETHREAD Thread,
PACCESS_TOKEN Token,
UCHAR b,
UCHAR c,
SECURITY_IMPERSONATION_LEVEL Level);

47
reactos/include/ddk/pstypes.h
View file

@ -271,30 +271,31 @@ typedef struct _TOP_LEVEL_IRP
typedef struct typedef struct
{ {
PACCESS_TOKEN Token; PACCESS_TOKEN Token; // 0x0
UCHAR Unknown1; UCHAR Unknown1; // 0x4
UCHAR Unknown2; UCHAR Unknown2; // 0x5
UCHAR Pad[2]; UCHAR Pad[2]; // 0x6
SECURITY_IMPERSONATION_LEVEL Level; SECURITY_IMPERSONATION_LEVEL Level; // 0x8
} IMPERSONATION_INFO, *PIMPERSONATION_INFO; } PS_IMPERSONATION_INFO, *PPS_IMPERSONATION_INFO;
typedef struct _ETHREAD { typedef struct _ETHREAD
KTHREAD Tcb; {
TIME CreateTime; KTHREAD Tcb;
TIME ExitTime; TIME CreateTime;
NTSTATUS ExitStatus; TIME ExitTime;
LIST_ENTRY PostBlockList; NTSTATUS ExitStatus;
LIST_ENTRY TerminationPortList; LIST_ENTRY PostBlockList;
ULONG ActiveTimerListLock; LIST_ENTRY TerminationPortList;
PVOID ActiveTimerListHead; ULONG ActiveTimerListLock;
CLIENT_ID Cid; PVOID ActiveTimerListHead;
PLARGE_INTEGER LpcReplySemaphore; CLIENT_ID Cid;
PVOID LpcReplyMessage; PLARGE_INTEGER LpcReplySemaphore;
PLARGE_INTEGER LpcReplyMessageId; PVOID LpcReplyMessage;
PIMPERSONATION_INFO ImpersonationInfo; PLARGE_INTEGER LpcReplyMessageId;
LIST_ENTRY IrpList; // PPS_IMPERSONATION_INFO ImpersonationInfo;
TOP_LEVEL_IRP TopLevelIrp; LIST_ENTRY IrpList; //
ULONG ReadClusterSize; TOP_LEVEL_IRP TopLevelIrp;
ULONG ReadClusterSize;
UCHAR ForwardClusterOnly; UCHAR ForwardClusterOnly;
UCHAR DisablePageFaultClustering; UCHAR DisablePageFaultClustering;
UCHAR DeadThread; UCHAR DeadThread;

14
reactos/include/ddk/sefuncs.h
View file

@ -1,6 +1,6 @@
#ifndef _INCLUDE_DDK_SEFUNCS_H #ifndef _INCLUDE_DDK_SEFUNCS_H
#define _INCLUDE_DDK_SEFUNCS_H #define _INCLUDE_DDK_SEFUNCS_H
/* $Id: sefuncs.h,v 1.3 1999/12/26 17:22:18 ea Exp $ */ /* $Id: sefuncs.h,v 1.4 2000/01/05 21:56:58 dwelch Exp $ */
NTSTATUS STDCALL RtlCreateSecurityDescriptor (PSECURITY_DESCRIPTOR SecurityDescriptor, ULONG Revision); NTSTATUS STDCALL RtlCreateSecurityDescriptor (PSECURITY_DESCRIPTOR SecurityDescriptor, ULONG Revision);
BOOLEAN STDCALL RtlValidSecurityDescriptor (PSECURITY_DESCRIPTOR SecurityDescriptor); BOOLEAN STDCALL RtlValidSecurityDescriptor (PSECURITY_DESCRIPTOR SecurityDescriptor);
ULONG STDCALL RtlLengthSecurityDescriptor (PSECURITY_DESCRIPTOR SecurityDescriptor); ULONG STDCALL RtlLengthSecurityDescriptor (PSECURITY_DESCRIPTOR SecurityDescriptor);
@ -16,7 +16,7 @@ PULONG STDCALL RtlSubAuthoritySid (PSID Sid, ULONG SubAuthority);
BOOLEAN STDCALL RtlEqualSid(PSID Sid1, PSID Sid2); BOOLEAN STDCALL RtlEqualSid(PSID Sid1, PSID Sid2);
NTSTATUS STDCALL RtlAbsoluteToSelfRelativeSD (PSECURITY_DESCRIPTOR AbsSD, PSECURITY_DESCRIPTOR RelSD, PULONG BufferLength); NTSTATUS STDCALL RtlAbsoluteToSelfRelativeSD (PSECURITY_DESCRIPTOR AbsSD, PSECURITY_DESCRIPTOR RelSD, PULONG BufferLength);
BOOLEAN STDCALL SeAccessCheck (IN PSECURITY_DESCRIPTOR SecurityDescriptor, BOOLEAN STDCALL SeAccessCheck (IN PSECURITY_DESCRIPTOR SecurityDescriptor,
IN PSECURITY_DESCRIPTOR_CONTEXT SubjectSecurityContext, IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext,
IN BOOLEAN SubjectContextLocked, IN BOOLEAN SubjectContextLocked,
IN ACCESS_MASK DesiredAccess, IN ACCESS_MASK DesiredAccess,
IN ACCESS_MASK PreviouslyGrantedAccess, IN ACCESS_MASK PreviouslyGrantedAccess,
@ -35,4 +35,14 @@ NTSTATUS STDCALL SeDeassignSecurity (PSECURITY_DESCRIPTOR* SecurityDescriptor);
BOOLEAN STDCALL SeSinglePrivilegeCheck (LUID PrivilegeValue, KPROCESSOR_MODE PreviousMode); BOOLEAN STDCALL SeSinglePrivilegeCheck (LUID PrivilegeValue, KPROCESSOR_MODE PreviousMode);
ULONG STDCALL RtlLengthSid (PSID Sid); ULONG STDCALL RtlLengthSid (PSID Sid);
NTSTATUS STDCALL RtlCopySid(ULONG BufferLength, PSID Src, PSID Dest); NTSTATUS STDCALL RtlCopySid(ULONG BufferLength, PSID Src, PSID Dest);
VOID SeImpersonateClient(PSE_SOME_STRUCT2 a,
PETHREAD Thread);
NTSTATUS SeCreateClientSecurity(PETHREAD Thread,
PSECURITY_QUALITY_OF_SERVICE Qos,
ULONG e,
PSE_SOME_STRUCT2 f);
#endif /* ndef _INCLUDE_DDK_SEFUNCS_H */ #endif /* ndef _INCLUDE_DDK_SEFUNCS_H */

128
reactos/include/ddk/setypes.h
View file

@ -1,4 +1,4 @@
/* $Id: setypes.h,v 1.3 1999/12/26 17:22:18 ea Exp $ /* $Id: setypes.h,v 1.4 2000/01/05 21:56:58 dwelch Exp $
* *
* COPYRIGHT: See COPYING in the top level directory for details * COPYRIGHT: See COPYING in the top level directory for details
* PROJECT: ReactOS kernel * PROJECT: ReactOS kernel
@ -12,6 +12,8 @@
#ifndef __INCLUDE_DDK_SETYPES_H #ifndef __INCLUDE_DDK_SETYPES_H
#define __INCLUDE_DDK_SETYPES_H #define __INCLUDE_DDK_SETYPES_H
#include <security.h>
/* SID */ /* SID */
#define SECURITY_NULL_RID (0L) #define SECURITY_NULL_RID (0L)
#define SECURITY_WORLD_RID (0L) #define SECURITY_WORLD_RID (0L)
@ -82,93 +84,24 @@
#define SE_PRIVILEGE_USED_FOR_ACCESS (0x80000000L) #define SE_PRIVILEGE_USED_FOR_ACCESS (0x80000000L)
#define PRIVILEGE_SET_ALL_NECESSARY (0x1) #define PRIVILEGE_SET_ALL_NECESSARY (0x1)
typedef ULONG ACCESS_MASK;
typedef ULONG ACCESS_MODE, *PACCESS_MODE;
typedef struct _SECURITY_QUALITY_OF_SERVICE {
DWORD Length;
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
/* SECURITY_CONTEXT_TRACKING_MODE ContextTrackingMode; */
WINBOOL ContextTrackingMode;
BOOLEAN EffectiveOnly;
} SECURITY_QUALITY_OF_SERVICE;
typedef SECURITY_QUALITY_OF_SERVICE* PSECURITY_QUALITY_OF_SERVICE;
typedef struct _ACE_HEADER
{
CHAR AceType;
CHAR AceFlags;
USHORT AceSize;
ACCESS_MASK AccessMask;
} ACE_HEADER, *PACE_HEADER;
typedef struct
{
ACE_HEADER Header;
} ACE, *PACE;
typedef struct _SID_IDENTIFIER_AUTHORITY
{
BYTE Value[6];
} SID_IDENTIFIER_AUTHORITY, *PSID_IDENTIFIER_AUTHORITY;
#define SECURITY_WORLD_SID_AUTHORITY {0,0,0,0,0,1}
typedef struct _SID
{
UCHAR Revision;
UCHAR SubAuthorityCount;
SID_IDENTIFIER_AUTHORITY IdentifierAuthority;
ULONG SubAuthority[1];
} SID, *PSID;
typedef struct _ACL {
UCHAR AclRevision;
UCHAR Sbz1;
USHORT AclSize;
USHORT AceCount;
USHORT Sbz2;
} ACL, *PACL;
typedef USHORT SECURITY_DESCRIPTOR_CONTROL, *PSECURITY_DESCRIPTOR_CONTROL;
typedef struct _SECURITY_DESCRIPTOR_CONTEXT
{
} SECURITY_DESCRIPTOR_CONTEXT, *PSECURITY_DESCRIPTOR_CONTEXT;
typedef LARGE_INTEGER LUID, *PLUID;
typedef struct _LUID_AND_ATTRIBUTES
{
LUID Luid;
DWORD Attributes;
} LUID_AND_ATTRIBUTES, *PLUID_AND_ATTRIBUTES;
typedef struct _TOKEN_SOURCE
{
CHAR SourceName[8];
LARGE_INTEGER Unknown;
LUID SourceIdentifier;
} TOKEN_SOURCE, *PTOKEN_SOURCE;
typedef struct _ACCESS_TOKEN typedef struct _ACCESS_TOKEN
{ {
TOKEN_SOURCE TokenSource; // 0x00 TOKEN_SOURCE TokenSource; // 0x00
LUID TokenId; // 0x10
LUID AuthenticationId; // 0x18 LUID AuthenticationId; // 0x18
LARGE_INTEGER ExpirationTime; // 0x20 LARGE_INTEGER ExpirationTime; // 0x20
LUID ModifiedId; // 0x28 LUID ModifiedId; // 0x28
ULONG UserAndGroupCount; // 0x30 ULONG UserAndGroupCount; // 0x30
ULONG PrivilegeCount; // 0x34 ULONG PrivilegeCount; // 0x34
ULONG VariableLength; // 0x38 ULONG VariableLength; // 0x38
ULONG DynamicCharged; // 0x3C ULONG DynamicCharged; // 0x3C
ULONG DynamicAvailable; // 0x40 ULONG DynamicAvailable; // 0x40
ULONG DefaultOwnerIndex; // 0x44 ULONG DefaultOwnerIndex; // 0x44
ULONG Unknown[2]; // 0x48 PSID_AND_ATTRIBUTES UserAndGroups; // 0x48
PLUID_AND_ATTRIBUTES Privileges; // 0x50 PSID PrimaryGroup; // 0x4C
ULONG Unknown1; // 0x54 PLUID_AND_ATTRIBUTES Privileges; // 0x50
PACL DefaultDacl; // 0x58 ULONG Unknown1; // 0x54
PACL DefaultDacl; // 0x58
TOKEN_TYPE TokenType; // 0x5C TOKEN_TYPE TokenType; // 0x5C
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel; // 0x60 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel; // 0x60
UCHAR TokenFlags; // 0x64 UCHAR TokenFlags; // 0x64
@ -188,23 +121,28 @@ typedef struct _SECURITY_SUBJECT_CONTEXT
PVOID ProcessAuditId; // 0xC PVOID ProcessAuditId; // 0xC
} SECURITY_SUBJECT_CONTEXT, *PSECURITY_SUBJECT_CONTEXT; } SECURITY_SUBJECT_CONTEXT, *PSECURITY_SUBJECT_CONTEXT;
typedef struct _SECURITY_DESCRIPTOR {
UCHAR Revision;
UCHAR Sbz1;
SECURITY_DESCRIPTOR_CONTROL Control;
PSID Owner;
PSID Group;
PACL Sacl;
PACL Dacl;
} SECURITY_DESCRIPTOR, *PSECURITY_DESCRIPTOR;
BOOLEAN STDCALL RtlValidSid (PSID Sid); BOOLEAN STDCALL RtlValidSid (PSID Sid);
/* /*
* from ntoskrnl/se/token.c: * from ntoskrnl/se/token.c:
*/ */
extern struct _OBJECT_TYPE* SeTokenType; extern struct _OBJECT_TYPE* SeTokenType;
typedef struct
{
ULONG Unknown1; // 0x0
SECURITY_IMPERSONATION_LEVEL Level; // 0x4
UCHAR ContextTrackingMode; // 0x8
UCHAR EffectiveOnly; // 0x9
UCHAR Unknown5; // 0xa
UCHAR Unknown6; // 0xb
PACCESS_TOKEN Token; // 0xc
UCHAR Unknown8; // 0x10
UCHAR Unknown9; // 0x11
UCHAR Unknown10; // 0x12
UCHAR Pad[1]; // 0x13
ULONG Unknown11; // 0x14
} SE_SOME_STRUCT2, *PSE_SOME_STRUCT2;
#endif #endif

52
reactos/include/ddk/zw.h
View file

@ -1,5 +1,5 @@
/* $Id: zw.h,v 1.24 1999/12/18 17:48:21 dwelch Exp $ /* $Id: zw.h,v 1.25 2000/01/05 21:56:58 dwelch Exp $
* *
* COPYRIGHT: See COPYING in the top level directory * COPYRIGHT: See COPYING in the top level directory
* PROJECT: ReactOS kernel * PROJECT: ReactOS kernel
@ -17,57 +17,7 @@
#ifndef __DDK_ZW_H #ifndef __DDK_ZW_H
#define __DDK_ZW_H #define __DDK_ZW_H
#if defined(WIN32_LEAN_AND_MEAN) && !defined(TOKEN_INFORMATION_CLASS_DEFINED)
typedef enum _TOKEN_INFORMATION_CLASS {
TokenUser = 1,
TokenGroups,
TokenPrivileges,
TokenOwner,
TokenPrimaryGroup,
TokenDefaultDacl,
TokenSource,
TokenType,
TokenImpersonationLevel,
TokenStatistics
} TOKEN_INFORMATION_CLASS;
typedef struct _SID_AND_ATTRIBUTES {
PSID Sid;
DWORD Attributes;
} SID_AND_ATTRIBUTES ;
typedef SID_AND_ATTRIBUTES SID_AND_ATTRIBUTES_ARRAY[ANYSIZE_ARRAY];
typedef SID_AND_ATTRIBUTES_ARRAY *PSID_AND_ATTRIBUTES_ARRAY;
typedef struct _TOKEN_DEFAULT_DACL {
PACL DefaultDacl;
} TOKEN_DEFAULT_DACL, *PTOKEN_DEFAULT_DACL;
typedef struct _TOKEN_GROUPS {
DWORD GroupCount;
SID_AND_ATTRIBUTES Groups[ANYSIZE_ARRAY];
} TOKEN_GROUPS, *PTOKEN_GROUPS, *LPTOKEN_GROUPS;
typedef struct _TOKEN_OWNER {
PSID Owner;
} TOKEN_OWNER, *PTOKEN_OWNER;
typedef struct _TOKEN_PRIMARY_GROUP {
PSID PrimaryGroup;
} TOKEN_PRIMARY_GROUP, *PTOKEN_PRIMARY_GROUP;
typedef struct _TOKEN_PRIVILEGES {
DWORD PrivilegeCount;
LUID_AND_ATTRIBUTES Privileges[ANYSIZE_ARRAY];
} TOKEN_PRIVILEGES, *PTOKEN_PRIVILEGES, *LPTOKEN_PRIVILEGES;
typedef struct _TOKEN_USER {
SID_AND_ATTRIBUTES User;
} TOKEN_USER, *PTOKEN_USER;
#endif
#define LCID ULONG #define LCID ULONG
#define SECURITY_INFORMATION ULONG #define SECURITY_INFORMATION ULONG

154
reactos/include/security.h Normal file
View file

@ -0,0 +1,154 @@
#ifndef __INCLUDE_SECURITY_H
#define __INCLUDE_SECURITY_H
typedef enum _TOKEN_INFORMATION_CLASS {
TokenUser = 1,
TokenGroups,
TokenPrivileges,
TokenOwner,
TokenPrimaryGroup,
TokenDefaultDacl,
TokenSource,
TokenType,
TokenImpersonationLevel,
TokenStatistics
} TOKEN_INFORMATION_CLASS;
typedef ULONG SECURITY_IMPERSONATION_LEVEL, *PSECURITY_IMPERSONATION_LEVEL;
#define SecurityAnonymous ((SECURITY_IMPERSONATION_LEVEL)1)
#define SecurityIdentification ((SECURITY_IMPERSONATION_LEVEL)2)
#define SecurityImpersonation ((SECURITY_IMPERSONATION_LEVEL)3)
#define SecurityDelegation ((SECURITY_IMPERSONATION_LEVEL)4)
typedef ULONG TOKEN_TYPE, *PTOKEN_TYPE;
#define TokenPrimary ((TOKEN_TYPE)1)
#define TokenImpersonation ((TOKEN_TYPE)2)
typedef ULONG ACCESS_MASK;
typedef ULONG ACCESS_MODE, *PACCESS_MODE;
typedef struct _SECURITY_QUALITY_OF_SERVICE {
DWORD Length;
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
/* SECURITY_CONTEXT_TRACKING_MODE ContextTrackingMode; */
WINBOOL ContextTrackingMode;
BOOLEAN EffectiveOnly;
} SECURITY_QUALITY_OF_SERVICE;
typedef SECURITY_QUALITY_OF_SERVICE* PSECURITY_QUALITY_OF_SERVICE;
typedef struct _ACE_HEADER
{
CHAR AceType;
CHAR AceFlags;
USHORT AceSize;
ACCESS_MASK AccessMask;
} ACE_HEADER, *PACE_HEADER;
typedef struct
{
ACE_HEADER Header;
} ACE, *PACE;
typedef struct _SID_IDENTIFIER_AUTHORITY
{
BYTE Value[6];
} SID_IDENTIFIER_AUTHORITY, *PSID_IDENTIFIER_AUTHORITY;
#define SECURITY_WORLD_SID_AUTHORITY {0,0,0,0,0,1}
typedef struct _SID
{
UCHAR Revision;
UCHAR SubAuthorityCount;
SID_IDENTIFIER_AUTHORITY IdentifierAuthority;
ULONG SubAuthority[1];
} SID, *PSID;
typedef struct _ACL {
UCHAR AclRevision;
UCHAR Sbz1;
USHORT AclSize;
USHORT AceCount;
USHORT Sbz2;
} ACL, *PACL;
typedef USHORT SECURITY_DESCRIPTOR_CONTROL, *PSECURITY_DESCRIPTOR_CONTROL;
typedef struct _SECURITY_DESCRIPTOR_CONTEXT
{
} SECURITY_DESCRIPTOR_CONTEXT, *PSECURITY_DESCRIPTOR_CONTEXT;
typedef LARGE_INTEGER LUID, *PLUID;
typedef struct _SECURITY_DESCRIPTOR {
UCHAR Revision;
UCHAR Sbz1;
SECURITY_DESCRIPTOR_CONTROL Control;
PSID Owner;
PSID Group;
PACL Sacl;
PACL Dacl;
} SECURITY_DESCRIPTOR, *PSECURITY_DESCRIPTOR;
typedef struct _LUID_AND_ATTRIBUTES
{
LUID Luid;
DWORD Attributes;
} LUID_AND_ATTRIBUTES, *PLUID_AND_ATTRIBUTES;
typedef struct _TOKEN_SOURCE {
CHAR SourceName[8];
LUID SourceIdentifier;
} TOKEN_SOURCE, *PTOKEN_SOURCE;
typedef struct _SID_AND_ATTRIBUTES {
PSID Sid;
DWORD Attributes;
} SID_AND_ATTRIBUTES, *PSID_AND_ATTRIBUTES;
typedef SID_AND_ATTRIBUTES SID_AND_ATTRIBUTES_ARRAY[ANYSIZE_ARRAY];
typedef SID_AND_ATTRIBUTES_ARRAY *PSID_AND_ATTRIBUTES_ARRAY;
typedef struct _TOKEN_USER {
SID_AND_ATTRIBUTES User;
} TOKEN_USER, *PTOKEN_USER;
typedef struct _TOKEN_PRIMARY_GROUP {
PSID PrimaryGroup;
} TOKEN_PRIMARY_GROUP, *PTOKEN_PRIMARY_GROUP;
typedef struct _TOKEN_GROUPS {
DWORD GroupCount;
SID_AND_ATTRIBUTES Groups[ANYSIZE_ARRAY];
} TOKEN_GROUPS, *PTOKEN_GROUPS, *LPTOKEN_GROUPS;
typedef struct _TOKEN_PRIVILEGES {
DWORD PrivilegeCount;
LUID_AND_ATTRIBUTES Privileges[ANYSIZE_ARRAY];
} TOKEN_PRIVILEGES, *PTOKEN_PRIVILEGES, *LPTOKEN_PRIVILEGES;
typedef struct _TOKEN_OWNER {
PSID Owner;
} TOKEN_OWNER, *PTOKEN_OWNER;
typedef struct _TOKEN_DEFAULT_DACL {
PACL DefaultDacl;
} TOKEN_DEFAULT_DACL, *PTOKEN_DEFAULT_DACL;
typedef struct _TOKEN_STATISTICS {
LUID TokenId;
LUID AuthenticationId;
LARGE_INTEGER ExpirationTime;
TOKEN_TYPE TokenType;
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
DWORD DynamicCharged;
DWORD DynamicAvailable;
DWORD GroupCount;
DWORD PrivilegeCount;
LUID ModifiedId;
} TOKEN_STATISTICS, *PTOKEN_STATISTICS;
#endif /* __INCLUDE_SECURITY_H */

52
reactos/include/structs.h
View file

@ -53,7 +53,7 @@ typedef union _ULARGE_INTEGER
ULONGLONG QuadPart; ULONGLONG QuadPart;
} ULARGE_INTEGER, *PULARGE_INTEGER; } ULARGE_INTEGER, *PULARGE_INTEGER;
#include <ddk/setypes.h> #include <security.h>
typedef struct _LIST_ENTRY { typedef struct _LIST_ENTRY {
struct _LIST_ENTRY *Flink; struct _LIST_ENTRY *Flink;
@ -3880,15 +3880,6 @@ typedef struct _SHNAMEMAPPING {
int cchNewPath; int cchNewPath;
} SHNAMEMAPPING, *LPSHNAMEMAPPING; } SHNAMEMAPPING, *LPSHNAMEMAPPING;
typedef struct _SID_AND_ATTRIBUTES {
PSID Sid;
DWORD Attributes;
} SID_AND_ATTRIBUTES ;
typedef SID_AND_ATTRIBUTES SID_AND_ATTRIBUTES_ARRAY[ANYSIZE_ARRAY];
typedef SID_AND_ATTRIBUTES_ARRAY *PSID_AND_ATTRIBUTES_ARRAY;
typedef struct tagSOUNDSENTRY { typedef struct tagSOUNDSENTRY {
UINT cbSize; UINT cbSize;
DWORD dwFlags; DWORD dwFlags;
@ -4155,46 +4146,7 @@ typedef struct _TOKEN_CONTROL {
LUID ModifiedId; LUID ModifiedId;
TOKEN_SOURCE TokenSource; TOKEN_SOURCE TokenSource;
} TOKEN_CONTROL, *PTOKEN_CONTROL ; } TOKEN_CONTROL, *PTOKEN_CONTROL ;
typedef struct _TOKEN_DEFAULT_DACL {
PACL DefaultDacl;
} TOKEN_DEFAULT_DACL, *PTOKEN_DEFAULT_DACL;
typedef struct _TOKEN_GROUPS {
DWORD GroupCount;
SID_AND_ATTRIBUTES Groups[ANYSIZE_ARRAY];
} TOKEN_GROUPS, *PTOKEN_GROUPS, *LPTOKEN_GROUPS;
typedef struct _TOKEN_OWNER {
PSID Owner;
} TOKEN_OWNER, *PTOKEN_OWNER;
typedef struct _TOKEN_PRIMARY_GROUP {
PSID PrimaryGroup;
} TOKEN_PRIMARY_GROUP, *PTOKEN_PRIMARY_GROUP;
typedef struct _TOKEN_PRIVILEGES {
DWORD PrivilegeCount;
LUID_AND_ATTRIBUTES Privileges[ANYSIZE_ARRAY];
} TOKEN_PRIVILEGES, *PTOKEN_PRIVILEGES, *LPTOKEN_PRIVILEGES;
typedef struct _TOKEN_STATISTICS {
LUID TokenId;
LUID AuthenticationId;
LARGE_INTEGER ExpirationTime;
TOKEN_TYPE TokenType;
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
DWORD DynamicCharged;
DWORD DynamicAvailable;
DWORD GroupCount;
DWORD PrivilegeCount;
LUID ModifiedId;
} TOKEN_STATISTICS, *PTOKEN_STATISTICS;
typedef struct _TOKEN_USER {
SID_AND_ATTRIBUTES User;
} TOKEN_USER, *PTOKEN_USER;
typedef struct { typedef struct {
UINT cbSize; UINT cbSize;
UINT uFlags; UINT uFlags;

2
reactos/lib/advapi32/sec/sec.c
View file

@ -18,7 +18,9 @@ GetSecurityDescriptorLength (
PSECURITY_DESCRIPTOR pSecurityDescriptor PSECURITY_DESCRIPTOR pSecurityDescriptor
) )
{ {
#if 0
return RtlLengthSecurityDescriptor(pSecurityDescriptor); return RtlLengthSecurityDescriptor(pSecurityDescriptor);
#endif
} }

2
reactos/ntoskrnl/io/queue.c
View file

@ -10,7 +10,7 @@
#include <ddk/ntddk.h> #include <ddk/ntddk.h>
#define NDEBUG //#define NDEBUG
#include <internal/debug.h> #include <internal/debug.h>
/* FUNCTIONS *****************************************************************/ /* FUNCTIONS *****************************************************************/

2
reactos/ntoskrnl/ke/kqueue.c
View file

@ -12,7 +12,7 @@
#include <ddk/ntddk.h> #include <ddk/ntddk.h>
#define NDEBUG //#define NDEBUG
#include <internal/debug.h> #include <internal/debug.h>
/* FUNCTIONS *****************************************************************/ /* FUNCTIONS *****************************************************************/

189
reactos/ntoskrnl/ps/create.c
View file

@ -1,4 +1,4 @@
/* $Id: create.c,v 1.6 1999/12/26 15:50:51 dwelch Exp $ /* $Id: create.c,v 1.7 2000/01/05 21:57:00 dwelch Exp $
* *
* COPYRIGHT: See COPYING in the top level directory * COPYRIGHT: See COPYING in the top level directory
* PROJECT: ReactOS kernel * PROJECT: ReactOS kernel
@ -43,6 +43,193 @@ extern LIST_ENTRY PiThreadListHead;
/* FUNCTIONS ***************************************************************/ /* FUNCTIONS ***************************************************************/
NTSTATUS PsAssignImpersonationToken(PETHREAD Thread,
HANDLE TokenHandle)
{
PACCESS_TOKEN Token;
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
NTSTATUS Status;
if (TokenHandle != NULL)
{
Status = ObReferenceObjectByHandle(TokenHandle,
0,
SeTokenType,
UserMode,
(PVOID*)&Token,
NULL);
if (!NT_SUCCESS(Status))
{
return(Status);
}
ImpersonationLevel = Token->ImpersonationLevel;
}
else
{
Token = NULL;
ImpersonationLevel = 0;
}
PsImpersonateClient(Thread,
Token,
0,
0,
ImpersonationLevel);
if (Token != NULL)
{
ObDereferenceObject(Token);
}
return(STATUS_SUCCESS);
}
VOID PsRevertToSelf(PETHREAD Thread)
{
if (Thread->ActiveImpersonationInfo != 0)
{
Thread->ActiveImpersonationInfo = 0;
ObDereferenceObject(Thread->ImpersonationInfo->Token);
}
}
VOID PsImpersonateClient(PETHREAD Thread,
PACCESS_TOKEN Token,
UCHAR b,
UCHAR c,
SECURITY_IMPERSONATION_LEVEL Level)
{
if (Token == 0)
{
if (Thread->ActiveImpersonationInfo != 0)
{
Thread->ActiveImpersonationInfo = 0;
if (Thread->ImpersonationInfo->Token != NULL)
{
ObDereferenceObject(Thread->ImpersonationInfo->Token);
}
}
return;
}
if (Thread->ActiveImpersonationInfo == 0 ||
Thread->ImpersonationInfo == NULL)
{
Thread->ImpersonationInfo = ExAllocatePool(NonPagedPool,
sizeof(PS_IMPERSONATION_INFO));
}
Thread->ImpersonationInfo->Level = Level;
Thread->ImpersonationInfo->Unknown2 = c;
Thread->ImpersonationInfo->Unknown1 = b;
Thread->ImpersonationInfo->Token = Token;
ObReferenceObjectByPointer(Token,
0,
SeTokenType,
KernelMode);
Thread->ActiveImpersonationInfo = 1;
}
PACCESS_TOKEN PsReferenceEffectiveToken(PETHREAD Thread,
PTOKEN_TYPE TokenType,
PUCHAR b,
PSECURITY_IMPERSONATION_LEVEL Level)
{
PEPROCESS Process;
PACCESS_TOKEN Token;
if (Thread->ActiveImpersonationInfo == 0)
{
Process = Thread->ThreadsProcess;
*TokenType = TokenPrimary;
*b = 0;
Token = Process->Token;
}
else
{
Token = Thread->ImpersonationInfo->Token;
*TokenType = TokenImpersonation;
*b = Thread->ImpersonationInfo->Unknown2;
*Level = Thread->ImpersonationInfo->Level;
}
return(Token);
}
NTSTATUS STDCALL NtImpersonateThread (IN HANDLE ThreadHandle,
IN HANDLE ThreadToImpersonateHandle,
IN PSECURITY_QUALITY_OF_SERVICE
SecurityQualityOfService)
{
PETHREAD Thread;
PETHREAD ThreadToImpersonate;
NTSTATUS Status;
SE_SOME_STRUCT2 b;
Status = ObReferenceObjectByHandle(ThreadHandle,
0,
PsThreadType,
UserMode,
(PVOID*)&Thread,
NULL);
if (!NT_SUCCESS(Status))
{
return(Status);
}
Status = ObReferenceObjectByHandle(ThreadToImpersonateHandle,
0,
PsThreadType,
UserMode,
(PVOID*)&ThreadToImpersonate,
NULL);
if (!NT_SUCCESS(Status))
{
ObDereferenceObject(Thread);
return(Status);
}
Status = SeCreateClientSecurity(ThreadToImpersonate,
SecurityQualityOfService,
0,
&b);
if (!NT_SUCCESS(Status))
{
ObDereferenceObject(Thread);
ObDereferenceObject(ThreadToImpersonate);
return(Status);
}
SeImpersonateClient(&b, Thread);
if (b.Token != NULL)
{
ObDereferenceObject(b.Token);
}
return(STATUS_SUCCESS);
}
NTSTATUS STDCALL NtOpenThreadToken(IN HANDLE ThreadHandle,
IN ACCESS_MASK DesiredAccess,
IN BOOLEAN OpenAsSelf,
OUT PHANDLE TokenHandle)
{
#if 0
PETHREAD Thread;
NTSTATUS Status;
PACCESS_TOKEN Token;
Status = ObReferenceObjectByHandle(ThreadHandle,
0,
PsThreadType,
UserMode,
(PVOID*)&Thread,
NULL);
if (!NT_SUCCESS(Status))
{
return(Status);
}
Token = PsReferencePrimaryToken(Thread->ThreadsProcess);
SepCreateImpersonationTokenDacl(Token);
#endif
return(STATUS_UNSUCCESSFUL);
}
PACCESS_TOKEN PsReferenceImpersonationToken(PETHREAD Thread, PACCESS_TOKEN PsReferenceImpersonationToken(PETHREAD Thread,
PULONG Unknown1, PULONG Unknown1,
PULONG Unknown2, PULONG Unknown2,

22
reactos/ntoskrnl/ps/process.c
View file

@ -36,6 +36,28 @@ static ULONG PiNextProcessUniqueId = 0;
/* FUNCTIONS *****************************************************************/ /* FUNCTIONS *****************************************************************/
NTSTATUS STDCALL NtOpenProcessToken(IN HANDLE ProcessHandle,
IN ACCESS_MASK DesiredAccess,
OUT PHANDLE TokenHandle)
{
PACCESS_TOKEN Token;
NTSTATUS Status;
Status = PsOpenTokenOfProcess(ProcessHandle,
&Token);
if (!NT_SUCCESS(Status))
{
return(Status);
}
Status = ObCreateHandle(PsGetCurrentProcess(),
Token,
DesiredAccess,
FALSE,
ProcessHandle);
ObDereferenceObject(Token);
return(Status);
}
PACCESS_TOKEN PsReferencePrimaryToken(PEPROCESS Process) PACCESS_TOKEN PsReferencePrimaryToken(PEPROCESS Process)
{ {
ObReferenceObjectByPointer(Process->Token, ObReferenceObjectByPointer(Process->Token,

171
reactos/ntoskrnl/ps/tinfo.c
View file

@ -17,98 +17,91 @@
/* FUNCTIONS *****************************************************************/ /* FUNCTIONS *****************************************************************/
NTSTATUS NTSTATUS STDCALL NtSetInformationThread(HANDLE ThreadHandle,
STDCALL THREADINFOCLASS ThreadInformationClass,
NtSetInformationThread ( PVOID ThreadInformation,
HANDLE ThreadHandle, ULONG ThreadInformationLength)
THREADINFOCLASS ThreadInformationClass,
PVOID ThreadInformation,
ULONG ThreadInformationLength
)
{ {
PETHREAD Thread; PETHREAD Thread;
NTSTATUS Status; NTSTATUS Status;
PTHREAD_BASIC_INFORMATION ThreadBasicInformationP; PTHREAD_BASIC_INFORMATION ThreadBasicInformationP;
Status = ObReferenceObjectByHandle( Status = ObReferenceObjectByHandle(ThreadHandle,
ThreadHandle, THREAD_SET_INFORMATION,
THREAD_SET_INFORMATION, PsThreadType,
PsThreadType, UserMode,
UserMode, (PVOID*)&Thread,
(PVOID*) & Thread, NULL);
NULL if (!NT_SUCCESS(Status))
); {
if (Status != STATUS_SUCCESS)
{
return Status;
}
switch (ThreadInformationClass)
{
case ThreadBasicInformation:
ThreadBasicInformationP =
(PTHREAD_BASIC_INFORMATION) ThreadInformation;
ThreadBasicInformationP->ExitStatus =
Thread->ExitStatus;
ThreadBasicInformationP->TebBaseAddress =
Thread->Tcb.Teb;
ThreadBasicInformationP->AffinityMask =
Thread->Tcb.Affinity;
ThreadBasicInformationP->BasePriority =
Thread->Tcb.BasePriority;
ThreadBasicInformationP->UniqueThreadId =
(ULONG) Thread->Cid.UniqueThread;
Status = STATUS_SUCCESS;
break;
case ThreadTimes:
break;
case ThreadPriority:
KeSetPriorityThread(
& Thread->Tcb,
* (KPRIORITY *) ThreadInformation
);
Status = STATUS_SUCCESS;
break;
case ThreadBasePriority:
break;
case ThreadAffinityMask:
break;
case ThreadImpersonationToken:
break;
case ThreadDescriptorTableEntry:
UNIMPLEMENTED;
break;
case ThreadEventPair:
UNIMPLEMENTED;
break;
case ThreadQuerySetWin32StartAddress:
break;
case ThreadZeroTlsCell:
break;
case ThreadPerformanceCount:
break;
case ThreadAmILastThread:
break;
case ThreadPriorityBoost:
break;
default:
Status = STATUS_UNSUCCESSFUL;
}
ObDereferenceObject(Thread);
return Status; return Status;
}
switch (ThreadInformationClass)
{
case ThreadBasicInformation:
ThreadBasicInformationP =
(PTHREAD_BASIC_INFORMATION) ThreadInformation;
ThreadBasicInformationP->ExitStatus =
Thread->ExitStatus;
ThreadBasicInformationP->TebBaseAddress =
Thread->Tcb.Teb;
ThreadBasicInformationP->AffinityMask =
Thread->Tcb.Affinity;
ThreadBasicInformationP->BasePriority =
Thread->Tcb.BasePriority;
ThreadBasicInformationP->UniqueThreadId =
(ULONG) Thread->Cid.UniqueThread;
Status = STATUS_SUCCESS;
break;
case ThreadTimes:
break;
case ThreadPriority:
KeSetPriorityThread(&Thread->Tcb, *(KPRIORITY *)ThreadInformation);
Status = STATUS_SUCCESS;
break;
case ThreadBasePriority:
break;
case ThreadAffinityMask:
break;
case ThreadImpersonationToken:
Status = PsAssignImpersonationToken(Thread,
*((PHANDLE)ThreadInformation));
break;
case ThreadDescriptorTableEntry:
UNIMPLEMENTED;
break;
case ThreadEventPair:
UNIMPLEMENTED;
break;
case ThreadQuerySetWin32StartAddress:
break;
case ThreadZeroTlsCell:
break;
case ThreadPerformanceCount:
break;
case ThreadAmILastThread:
break;
case ThreadPriorityBoost:
break;
default:
Status = STATUS_UNSUCCESSFUL;
}
ObDereferenceObject(Thread);
return Status;
} }

4
reactos/ntoskrnl/se/acl.c
View file

@ -1,4 +1,4 @@
/* $Id: acl.c,v 1.2 1999/12/26 17:22:19 ea Exp $ /* $Id: acl.c,v 1.3 2000/01/05 21:57:00 dwelch Exp $
* *
* COPYRIGHT: See COPYING in the top level directory * COPYRIGHT: See COPYING in the top level directory
* PROJECT: ReactOS kernel * PROJECT: ReactOS kernel
@ -94,7 +94,7 @@ NTSTATUS RtlpAddKnownAce(PACL Acl,
Ace->Header.AceType = Type; Ace->Header.AceType = Type;
Ace->Header.AceSize = RtlLengthSid(Sid) + sizeof(ACE); Ace->Header.AceSize = RtlLengthSid(Sid) + sizeof(ACE);
Ace->Header.AccessMask = AccessMask; Ace->Header.AccessMask = AccessMask;
RtlCopySid(RtlLengthSid(Sid), Sid, (PSID)Ace + 1); RtlCopySid(RtlLengthSid(Sid), (PSID)Ace + 1, Sid);
Acl->AceCount++; Acl->AceCount++;
Acl->AclRevision = Revision; Acl->AclRevision = Revision;
return(STATUS_SUCCESS); return(STATUS_SUCCESS);

389
reactos/ntoskrnl/se/semgr.c
View file

@ -1,4 +1,4 @@
/* $Id: semgr.c,v 1.13 1999/12/26 17:22:19 ea Exp $ /* $Id: semgr.c,v 1.14 2000/01/05 21:57:00 dwelch Exp $
* *
* COPYRIGHT: See COPYING in the top level directory * COPYRIGHT: See COPYING in the top level directory
* PROJECT: ReactOS kernel * PROJECT: ReactOS kernel
@ -17,6 +17,266 @@
/* FUNCTIONS ***************************************************************/ /* FUNCTIONS ***************************************************************/
VOID SepReferenceLogonSession(PLUID AuthenticationId)
{
UNIMPLEMENTED;
}
VOID SepDeReferenceLogonSession(PLUID AuthenticationId)
{
UNIMPLEMENTED;
}
VOID SepFreeProxyData(PVOID ProxyData)
{
UNIMPLEMENTED;
}
NTSTATUS SepCopyProxyData(PVOID* Dest, PVOID Src)
{
UNIMPLEMENTED;
}
NTSTATUS SepDuplicationToken(PACCESS_TOKEN Token,
PULONG a,
ULONG b,
TOKEN_TYPE TokenType,
SECURITY_IMPERSONATION_LEVEL Level,
ULONG d,
PACCESS_TOKEN* e)
{
#if 0
PVOID mem1;
PVOID mem2;
PVOID f;
PACCESS_TOKEN g;
NTSTATUS Status;
if (TokenType == 2 &&
(Level > 3 || Level < 0))
{
return(STATUS_UNSUCCESSFUL);
}
SepReferenceLogonSession(&Token->AuthenticationId);
mem1 = ExAllocatePool(NonPagedPool, Token->DynamicCharged);
if (mem1 == NULL)
{
SepDeReferenceLogonSession(&Token->AuthenticationId);
return(STATUS_UNSUCCESSFUL);
}
if (Token->ProxyData != NULL)
{
Status = SepCopyProxyData(&f, Token->ProxyData);
if (!NT_SUCCESS(Status))
{
SepDeReferenceLogonSession(&Token->AuthenticationId);
ExFreePool(mem1);
return(Status);
}
}
else
{
f = 0;
}
if (Token->AuditData != NULL)
{
mem2 = ExAllocatePool(NonPagedPool, 0xc);
if (mem2 == NULL)
{
SepFreeProxyData(f);
SepDeReferenceLogonSession(&Token->AuthenticationId);
ExFreePool(mem1);
return(STATUS_UNSUCCESSFUL);
}
memcpy(mem2, Token->AuditData, 0xc);
}
else
{
mem2 = NULL;
}
Status = ObCreateObject(d,
SeTokenType,
b,
d,
0,
Token->VariableLength + 0x78,
Token->DynamicCharged,
Token->VariableLength + 0x78,
&g);
if (!NT_SUCCESS(Status))
{
SepDeReferenceLogonSession(Token->AuthenticationId);
ExFreePool(mem1);
SepFreeProxyData(f);
if (mem2 != NULL)
{
ExFreePool(mem2);
}
return(Status);
}
g->TokenId = Token->TokenId;
g->ModifiedId = Token->ModifiedId;
g->ExpirationTime = Token->ExpirationTime;
memcpy(&g->TokenSource, &Token->TokenSource, sizeof(TOKEN_SOURCE));
g->DynamicCharged = Token->DynamicCharged;
g->DynamicAvailable = Token->DynamicAvailable;
g->DefaultOwnerIndex = Token->DefaultOwnerIndex;
g->UserAndGroupCount = Token->UserAndGroupCount;
g->PrivilegeCount = Token->PrivilegeCount;
g->VariableLength = Token->VariableLength;
g->TokenFlags = Token->TokenFlags;
g->ProxyData = f;
g->AuditData = mem2;
//g->TokenId = ExInterlockedExchangeAdd();
g->TokenInUse = 0;
g->TokenType = TokenType;
g->ImpersonationLevel = Level;
memmove(g->VariablePart, Token->VariablePart, Token->VariableLength);
/* ... */
*e = g;
return(STATUS_SUCCESS);
#endif
UNIMPLEMENTED;
}
NTSTATUS SeCopyClientToken(PACCESS_TOKEN Token,
SECURITY_IMPERSONATION_LEVEL Level,
ULONG a,
PACCESS_TOKEN* b)
{
ULONG c;
PACCESS_TOKEN d;
NTSTATUS Status;
c = 18;
Status = SepDuplicationToken(Token,
&c,
0,
TokenImpersonation,
Level,
a,
&d);
*b = d;
return(Status);
}
NTSTATUS SeCreateClientSecurity(PETHREAD Thread,
PSECURITY_QUALITY_OF_SERVICE Qos,
ULONG e,
PSE_SOME_STRUCT2 f)
{
TOKEN_TYPE TokenType;
UCHAR b;
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
PACCESS_TOKEN Token;
ULONG g;
PACCESS_TOKEN NewToken;
Token = PsReferenceEffectiveToken(Thread,
&TokenType,
&b,
&ImpersonationLevel);
if (TokenType != 2)
{
f->Unknown9 = Qos->EffectiveOnly;
}
else
{
if (Qos->ImpersonationLevel > ImpersonationLevel)
{
if (Token != NULL)
{
ObDereferenceObject(Token);
}
return(STATUS_UNSUCCESSFUL);
}
if (ImpersonationLevel == 0 ||
ImpersonationLevel == 1 ||
(e != 0 && ImpersonationLevel != 3))
{
if (Token != NULL)
{
ObDereferenceObject(Token);
}
return(STATUS_UNSUCCESSFUL);
}
if (b != 0 ||
Qos->EffectiveOnly != 0)
{
f->Unknown9 = 1;
}
else
{
f->Unknown9 = 0;
}
}
if (Qos->ContextTrackingMode == 0)
{
f->Unknown8 = 0;
g = SeCopyClientToken(Token, ImpersonationLevel, 0, &NewToken);
if (g >= 0)
{
// ObDeleteCapturedInsertInfo(NewToken);
}
if (TokenType == TokenPrimary || Token != NULL)
{
ObDereferenceObject(Token);
}
if (g < 0)
{
return(g);
}
}
else
{
f->Unknown8 = 1;
if (e != 0)
{
// SeGetTokenControlInformation(Token, &f->Unknown11);
}
NewToken = Token;
}
f->Unknown1 = 0xc;
f->Level = Qos->ImpersonationLevel;
f->ContextTrackingMode = Qos->ContextTrackingMode;
f->EffectiveOnly = Qos->EffectiveOnly;
f->Unknown10 = e;
f->Token = NewToken;
return(STATUS_SUCCESS);
}
VOID SeImpersonateClient(PSE_SOME_STRUCT2 a,
PETHREAD Thread)
{
UCHAR b;
if (a->Unknown8 == 0)
{
b = a->EffectiveOnly;
}
else
{
b = a->Unknown9;
}
if (Thread == NULL)
{
Thread = PsGetCurrentThread();
}
PsImpersonateClient(Thread,
a->Token,
1,
(ULONG)b,
a->Level);
}
NTSTATUS STDCALL NtPrivilegeCheck (IN HANDLE ClientToken, NTSTATUS STDCALL NtPrivilegeCheck (IN HANDLE ClientToken,
@ -27,15 +287,12 @@ NTSTATUS STDCALL NtPrivilegeCheck (IN HANDLE ClientToken,
} }
NTSTATUS NTSTATUS STDCALL NtPrivilegedServiceAuditAlarm(
STDCALL IN PUNICODE_STRING SubsystemName,
NtPrivilegedServiceAuditAlarm ( IN PUNICODE_STRING ServiceName,
IN PUNICODE_STRING SubsystemName, IN HANDLE ClientToken,
IN PUNICODE_STRING ServiceName, IN PPRIVILEGE_SET Privileges,
IN HANDLE ClientToken, IN BOOLEAN AccessGranted)
IN PPRIVILEGE_SET Privileges,
IN BOOLEAN AccessGranted
)
{ {
UNIMPLEMENTED; UNIMPLEMENTED;
} }
@ -74,44 +331,6 @@ NtOpenObjectAuditAlarm (
UNIMPLEMENTED; UNIMPLEMENTED;
} }
NTSTATUS
STDCALL
NtOpenProcessToken (
IN HANDLE ProcessHandle,
IN ACCESS_MASK DesiredAccess,
OUT PHANDLE TokenHandle
)
{
UNIMPLEMENTED;
}
NTSTATUS
STDCALL
NtOpenThreadToken (
IN HANDLE ThreadHandle,
IN ACCESS_MASK DesiredAccess,
IN BOOLEAN OpenAsSelf,
OUT PHANDLE TokenHandle
)
{
UNIMPLEMENTED;
}
NTSTATUS STDCALL NtImpersonateThread (IN HANDLE ThreadHandle,
IN HANDLE ThreadToImpersonate,
IN PSECURITY_QUALITY_OF_SERVICE
SecurityQualityOfService)
{
UNIMPLEMENTED;
}
NTSTATUS NTSTATUS
STDCALL STDCALL
NtAccessCheckAndAuditAlarm ( NtAccessCheckAndAuditAlarm (
@ -130,33 +349,6 @@ NtAccessCheckAndAuditAlarm (
} }
NTSTATUS
STDCALL
NtAdjustGroupsToken (
IN HANDLE TokenHandle,
IN BOOLEAN ResetToDefault,
IN PTOKEN_GROUPS NewState,
IN ULONG BufferLength,
OUT PTOKEN_GROUPS PreviousState OPTIONAL,
OUT PULONG ReturnLength
)
{
UNIMPLEMENTED;
}
NTSTATUS
STDCALL
NtAdjustPrivilegesToken(IN HANDLE TokenHandle,
IN BOOLEAN DisableAllPrivileges,
IN PTOKEN_PRIVILEGES NewState,
IN ULONG BufferLength,
OUT PTOKEN_PRIVILEGES PreviousState,
OUT PULONG ReturnLength)
{
UNIMPLEMENTED;
}
NTSTATUS NTSTATUS
STDCALL STDCALL
NtAllocateUuids ( NtAllocateUuids (
@ -202,7 +394,11 @@ NtDeleteObjectAuditAlarm (
VOID STDCALL SeReleaseSubjectContext (PSECURITY_SUBJECT_CONTEXT SubjectContext) VOID STDCALL SeReleaseSubjectContext (PSECURITY_SUBJECT_CONTEXT SubjectContext)
{ {
ObDereferenceObject(SubjectContext->PrimaryToken);
if (SubjectContext->ClientToken != NULL)
{
ObDereferenceObject(SubjectContext->ClientToken);
}
} }
VOID STDCALL SeCaptureSubjectContext (PSECURITY_SUBJECT_CONTEXT SubjectContext) VOID STDCALL SeCaptureSubjectContext (PSECURITY_SUBJECT_CONTEXT SubjectContext)
@ -337,17 +533,42 @@ NTSTATUS STDCALL SeDeassignSecurity(PSECURITY_DESCRIPTOR* SecurityDescriptor)
} }
NTSTATUS STDCALL SeAssignSecurity(PSECURITY_DESCRIPTOR ParentDescriptor, NTSTATUS STDCALL SeAssignSecurity(PSECURITY_DESCRIPTOR ParentDescriptor,
PSECURITY_DESCRIPTOR ExplicitDescriptor, PSECURITY_DESCRIPTOR ExplicitDescriptor,
BOOLEAN IsDirectoryObject, BOOLEAN IsDirectoryObject,
PSECURITY_SUBJECT_CONTEXT SubjectContext, PSECURITY_SUBJECT_CONTEXT SubjectContext,
PGENERIC_MAPPING GenericMapping, PGENERIC_MAPPING GenericMapping,
POOL_TYPE PoolType) POOL_TYPE PoolType)
{ {
UNIMPLEMENTED; UNIMPLEMENTED;
} }
BOOLEAN SepSidInToken(PACCESS_TOKEN Token,
PSID Sid)
{
ULONG i;
if (Token->UserAndGroupCount == 0)
{
return(FALSE);
}
for (i=0; i<Token->UserAndGroupCount; i++)
{
if (RtlEqualSid(Sid, Token->UserAndGroups[i].Sid))
{
if (i == 0 ||
(!(Token->UserAndGroups[i].Attributes & 0x4)))
{
return(TRUE);
}
return(FALSE);
}
}
return(FALSE);
}
BOOLEAN STDCALL SeAccessCheck (IN PSECURITY_DESCRIPTOR SecurityDescriptor, BOOLEAN STDCALL SeAccessCheck (IN PSECURITY_DESCRIPTOR SecurityDescriptor,
IN PSECURITY_DESCRIPTOR_CONTEXT SubjectSecurityContext, IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext,
IN BOOLEAN SubjectContextLocked, IN BOOLEAN SubjectContextLocked,
IN ACCESS_MASK DesiredAccess, IN ACCESS_MASK DesiredAccess,
IN ACCESS_MASK PreviouslyGrantedAccess, IN ACCESS_MASK PreviouslyGrantedAccess,
@ -406,7 +627,7 @@ BOOLEAN STDCALL SeAccessCheck (IN PSECURITY_DESCRIPTOR SecurityDescriptor,
Sid = (PSID)(CurrentAce + 1); Sid = (PSID)(CurrentAce + 1);
if (CurrentAce->Header.AceType == ACCESS_DENIED_ACE_TYPE) if (CurrentAce->Header.AceType == ACCESS_DENIED_ACE_TYPE)
{ {
if (RtlEqualSid(Sid, NULL)) if (SepSidInToken(SubjectSecurityContext->ClientToken, Sid))
{ {
*AccessStatus = STATUS_ACCESS_DENIED; *AccessStatus = STATUS_ACCESS_DENIED;
*GrantedAccess = 0; *GrantedAccess = 0;
@ -415,7 +636,7 @@ BOOLEAN STDCALL SeAccessCheck (IN PSECURITY_DESCRIPTOR SecurityDescriptor,
} }
if (CurrentAce->Header.AceType == ACCESS_ALLOWED_ACE_TYPE) if (CurrentAce->Header.AceType == ACCESS_ALLOWED_ACE_TYPE)
{ {
if (RtlEqualSid(Sid, NULL)) if (SepSidInToken(SubjectSecurityContext->ClientToken, Sid))
{ {
CurrentAccess = CurrentAccess | CurrentAccess = CurrentAccess |
CurrentAce->Header.AccessMask; CurrentAce->Header.AccessMask;

5
reactos/ntoskrnl/se/sid.c
View file

@ -1,4 +1,4 @@
/* $Id: sid.c,v 1.2 1999/12/26 17:22:19 ea Exp $ /* $Id: sid.c,v 1.3 2000/01/05 21:57:00 dwelch Exp $
* *
* COPYRIGHT: See COPYING in the top level directory * COPYRIGHT: See COPYING in the top level directory
* PROJECT: ReactOS kernel * PROJECT: ReactOS kernel
@ -79,8 +79,7 @@ ULONG STDCALL RtlLengthSid (PSID Sid)
return(sizeof(SID) + (Sid->SubAuthorityCount-1)*4); return(sizeof(SID) + (Sid->SubAuthorityCount-1)*4);
} }
NTSTATUS STDCALL RtlCopySid (ULONG BufferLength, PSID Dest, PSID Src)
NTSTATUS STDCALL RtlCopySid (ULONG BufferLength, PSID Src, PSID Dest)
{ {
if (BufferLength < RtlLengthSid(Src)) if (BufferLength < RtlLengthSid(Src))
{ {

173
reactos/ntoskrnl/se/token.c
View file

@ -1,4 +1,4 @@
/* $Id: token.c,v 1.2 1999/12/26 17:22:19 ea Exp $ /* $Id: token.c,v 1.3 2000/01/05 21:57:00 dwelch Exp $
* *
* COPYRIGHT: See COPYING in the top level directory * COPYRIGHT: See COPYING in the top level directory
* PROJECT: ReactOS kernel * PROJECT: ReactOS kernel
@ -47,6 +47,36 @@ VOID SeInitializeTokenManager(VOID)
} }
NTSTATUS RtlCopySidAndAttributesArray(ULONG Count, // ebp + 8
PSID_AND_ATTRIBUTES Src, // ebp + C
ULONG MaxLength, // ebp + 10
PSID_AND_ATTRIBUTES Dest, // ebp + 14
PVOID e, // ebp + 18
PVOID* f, // ebp + 1C
PULONG g) // ebp + 20
{
ULONG Length; // ebp - 4
ULONG i;
Length = MaxLength;
for (i=0; i<Count; i++)
{
if (RtlLengthSid(Src[i].Sid) > Length)
{
return(STATUS_UNSUCCESSFUL);
}
Length = Length - RtlLengthSid(Src[i].Sid);
Dest[i].Sid = e;
Dest[i].Attributes = Src[i].Attributes;
RtlCopySid(RtlLengthSid(Src[i].Sid), e, Src[i].Sid);
e = e + RtlLengthSid(Src[i].Sid) + sizeof(ULONG);
}
*f = e;
*g = Length;
return(STATUS_SUCCESS);
}
NTSTATUS STDCALL NtQueryInformationToken(IN HANDLE TokenHandle, NTSTATUS STDCALL NtQueryInformationToken(IN HANDLE TokenHandle,
IN TOKEN_INFORMATION_CLASS IN TOKEN_INFORMATION_CLASS
TokenInformationClass, TokenInformationClass,
@ -56,9 +86,13 @@ NTSTATUS STDCALL NtQueryInformationToken(IN HANDLE TokenHandle,
{ {
NTSTATUS Status; NTSTATUS Status;
PACCESS_TOKEN Token; PACCESS_TOKEN Token;
PVOID UnusedInfo;
PVOID EndMem;
PTOKEN_GROUPS PtrTokenGroups;
PTOKEN_DEFAULT_DACL PtrDefaultDacl;
PTOKEN_STATISTICS PtrTokenStatistics;
Status = ObReferenceObjectByHandle(TokenHandle, Status = ObReferenceObjectByHandle(TokenHandle,
// TOKEN_QUERY_INFORMATION,
0, 0,
SeTokenType, SeTokenType,
UserMode, UserMode,
@ -69,6 +103,98 @@ NTSTATUS STDCALL NtQueryInformationToken(IN HANDLE TokenHandle,
return(Status); return(Status);
} }
switch (TokenInformationClass)
{
case TokenUser:
Status = RtlCopySidAndAttributesArray(1,
Token->UserAndGroups,
TokenInformationLength,
TokenInformation,
TokenInformation + 8,
&UnusedInfo,
ReturnLength);
if (!NT_SUCCESS(Status))
{
ObDereferenceObject(Token);
return(Status);
}
break;
case TokenGroups:
EndMem = TokenInformation +
Token->UserAndGroupCount * sizeof(SID_AND_ATTRIBUTES);
PtrTokenGroups = (PTOKEN_GROUPS)TokenInformation;
PtrTokenGroups->GroupCount = Token->UserAndGroupCount - 1;
Status = RtlCopySidAndAttributesArray(Token->UserAndGroupCount - 1,
&Token->UserAndGroups[1],
TokenInformationLength,
PtrTokenGroups->Groups,
EndMem,
&UnusedInfo,
ReturnLength);
if (!NT_SUCCESS(Status))
{
ObDereferenceObject(Token);
return(Status);
}
break;
case TokenPrivileges:
break;
case TokenOwner:
((PTOKEN_OWNER)TokenInformation)->Owner =
(PSID)(((PTOKEN_OWNER)TokenInformation) + 1);
RtlCopySid(TokenInformationLength - sizeof(TOKEN_OWNER),
((PTOKEN_OWNER)TokenInformation)->Owner,
Token->UserAndGroups[Token->DefaultOwnerIndex].Sid);
break;
case TokenPrimaryGroup:
((PTOKEN_PRIMARY_GROUP)TokenInformation)->PrimaryGroup =
(PSID)(((PTOKEN_PRIMARY_GROUP)TokenInformation) + 1);
RtlCopySid(TokenInformationLength - sizeof(TOKEN_OWNER),
((PTOKEN_PRIMARY_GROUP)TokenInformation)->PrimaryGroup,
Token->PrimaryGroup);
break;
case TokenDefaultDacl:
PtrDefaultDacl = (PTOKEN_DEFAULT_DACL)TokenInformation;
PtrDefaultDacl->DefaultDacl = (PACL)(PtrDefaultDacl + 1);
memmove(PtrDefaultDacl->DefaultDacl,
Token->DefaultDacl,
Token->DefaultDacl->AclSize);
break;
case TokenSource:
memcpy(TokenInformation, &Token->TokenSource, sizeof(TOKEN_SOURCE));
break;
case TokenType:
*((PTOKEN_TYPE)TokenInformation) = Token->TokenType;
break;
case TokenImpersonationLevel:
*((PSECURITY_IMPERSONATION_LEVEL)TokenInformation) =
Token->ImpersonationLevel;
break;
case TokenStatistics:
PtrTokenStatistics = (PTOKEN_STATISTICS)TokenInformation;
PtrTokenStatistics->TokenId = Token->TokenId;
PtrTokenStatistics->AuthenticationId = Token->AuthenticationId;
PtrTokenStatistics->ExpirationTime = Token->ExpirationTime;
PtrTokenStatistics->TokenType = Token->TokenType;
PtrTokenStatistics->ImpersonationLevel = Token->ImpersonationLevel;
PtrTokenStatistics->DynamicCharged = Token->DynamicCharged;
PtrTokenStatistics->DynamicAvailable = Token->DynamicAvailable;
PtrTokenStatistics->GroupCount = Token->UserAndGroupCount - 1;
PtrTokenStatistics->PrivilegeCount = Token->PrivilegeCount;
PtrTokenStatistics->ModifiedId = Token->ModifiedId;
break;
}
ObDereferenceObject(Token); ObDereferenceObject(Token);
return(STATUS_SUCCESS); return(STATUS_SUCCESS);
} }
@ -102,6 +228,29 @@ NtDuplicateToken (
UNIMPLEMENTED; UNIMPLEMENTED;
} }
NTSTATUS STDCALL NtAdjustGroupsToken(IN HANDLE TokenHandle,
IN BOOLEAN ResetToDefault,
IN PTOKEN_GROUPS NewState,
IN ULONG BufferLength,
OUT PTOKEN_GROUPS PreviousState OPTIONAL,
OUT PULONG ReturnLength)
{
UNIMPLEMENTED;
}
NTSTATUS
STDCALL
NtAdjustPrivilegesToken(IN HANDLE TokenHandle,
IN BOOLEAN DisableAllPrivileges,
IN PTOKEN_PRIVILEGES NewState,
IN ULONG BufferLength,
OUT PTOKEN_PRIVILEGES PreviousState,
OUT PULONG ReturnLength)
{
UNIMPLEMENTED;
}
NTSTATUS STDCALL NtCreateToken(OUT PHANDLE TokenHandle, NTSTATUS STDCALL NtCreateToken(OUT PHANDLE TokenHandle,
IN ACCESS_MASK DesiredAccess, IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes, IN POBJECT_ATTRIBUTES ObjectAttributes,
@ -116,7 +265,25 @@ NTSTATUS STDCALL NtCreateToken(OUT PHANDLE TokenHandle,
IN PTOKEN_DEFAULT_DACL TokenDefaultDacl, IN PTOKEN_DEFAULT_DACL TokenDefaultDacl,
IN PTOKEN_SOURCE TokenSource) IN PTOKEN_SOURCE TokenSource)
{ {
UNIMPLEMENTED; #if 0
PACCESS_TOKEN AccessToken;
NTSTATUS Status;
Status = ObCreateObject(TokenHandle,
DesiredAccess,
ObjectAttributes,
SeTokenType);
if (!NT_SUCCESS(Status))
{
return(Status);
}
AccessToken->TokenType = TokenType;
RtlCopyLuid(&AccessToken->AuthenticationId, AuthenticationId);
AccessToken->ExpirationTime = *ExpirationTime;
AccessToken->
#endif
UNIMPLEMENTED;
} }