mirror of
https://github.com/reactos/reactos.git
synced 2024-12-28 10:04:49 +00:00
Implemented more security functions
Moved general security types into new header file Implemented ThreadImpersonationToken info class Bug fixes to queuing code svn path=/trunk/; revision=919
This commit is contained in:
parent
453f513ed3
commit
623093eaaa
18 changed files with 1016 additions and 431 deletions
|
@ -88,17 +88,6 @@ typedef CHAR *PCH;
|
|||
typedef void *HANDLE;
|
||||
typedef char CCHAR;
|
||||
|
||||
typedef enum _SECURITY_IMPERSONATION_LEVEL {
|
||||
SecurityAnonymous,
|
||||
SecurityIdentification,
|
||||
SecurityImpersonation,
|
||||
SecurityDelegation
|
||||
} SECURITY_IMPERSONATION_LEVEL;
|
||||
|
||||
typedef enum tagTOKEN_TYPE {
|
||||
TokenPrimary = 1,
|
||||
TokenImpersonation
|
||||
} TOKEN_TYPE;
|
||||
|
||||
#define FALSE 0
|
||||
#define TRUE 1
|
||||
|
@ -403,21 +392,6 @@ typedef enum _SID_NAME_USE {
|
|||
SidTypeUnknown
|
||||
} SID_NAME_USE, *PSID_NAME_USE;
|
||||
|
||||
#define TOKEN_INFORMATION_CLASS_DEFINED 1
|
||||
|
||||
typedef enum _TOKEN_INFORMATION_CLASS {
|
||||
TokenUser = 1,
|
||||
TokenGroups,
|
||||
TokenPrivileges,
|
||||
TokenOwner,
|
||||
TokenPrimaryGroup,
|
||||
TokenDefaultDacl,
|
||||
TokenSource,
|
||||
TokenType,
|
||||
TokenImpersonationLevel,
|
||||
TokenStatistics
|
||||
} TOKEN_INFORMATION_CLASS;
|
||||
|
||||
#endif /* ! defined (RC_INVOKED) */
|
||||
|
||||
/*
|
||||
|
|
|
@ -1,4 +1,11 @@
|
|||
|
||||
PACCESS_TOKEN PsReferenceEffectiveToken(PETHREAD Thread,
|
||||
PTOKEN_TYPE TokenType,
|
||||
PUCHAR b,
|
||||
PSECURITY_IMPERSONATION_LEVEL Level);
|
||||
|
||||
NTSTATUS PsOpenTokenOfProcess(HANDLE ProcessHandle,
|
||||
PACCESS_TOKEN* Token);
|
||||
|
||||
HANDLE PsGetCurrentProcessId(VOID);
|
||||
HANDLE PsGetCurrentThreadId(VOID);
|
||||
|
@ -41,3 +48,11 @@ PACCESS_TOKEN PsReferenceImpersonationToken(PETHREAD Thread,
|
|||
SECURITY_IMPERSONATION_LEVEL*
|
||||
Level);
|
||||
PACCESS_TOKEN PsReferencePrimaryToken(PEPROCESS Process);
|
||||
NTSTATUS PsAssignImpersonationToken(PETHREAD Thread,
|
||||
HANDLE TokenHandle);
|
||||
|
||||
VOID PsImpersonateClient(PETHREAD Thread,
|
||||
PACCESS_TOKEN Token,
|
||||
UCHAR b,
|
||||
UCHAR c,
|
||||
SECURITY_IMPERSONATION_LEVEL Level);
|
||||
|
|
|
@ -271,14 +271,15 @@ typedef struct _TOP_LEVEL_IRP
|
|||
|
||||
typedef struct
|
||||
{
|
||||
PACCESS_TOKEN Token;
|
||||
UCHAR Unknown1;
|
||||
UCHAR Unknown2;
|
||||
UCHAR Pad[2];
|
||||
SECURITY_IMPERSONATION_LEVEL Level;
|
||||
} IMPERSONATION_INFO, *PIMPERSONATION_INFO;
|
||||
PACCESS_TOKEN Token; // 0x0
|
||||
UCHAR Unknown1; // 0x4
|
||||
UCHAR Unknown2; // 0x5
|
||||
UCHAR Pad[2]; // 0x6
|
||||
SECURITY_IMPERSONATION_LEVEL Level; // 0x8
|
||||
} PS_IMPERSONATION_INFO, *PPS_IMPERSONATION_INFO;
|
||||
|
||||
typedef struct _ETHREAD {
|
||||
typedef struct _ETHREAD
|
||||
{
|
||||
KTHREAD Tcb;
|
||||
TIME CreateTime;
|
||||
TIME ExitTime;
|
||||
|
@ -291,7 +292,7 @@ typedef struct _ETHREAD {
|
|||
PLARGE_INTEGER LpcReplySemaphore;
|
||||
PVOID LpcReplyMessage;
|
||||
PLARGE_INTEGER LpcReplyMessageId;
|
||||
PIMPERSONATION_INFO ImpersonationInfo;
|
||||
PPS_IMPERSONATION_INFO ImpersonationInfo;
|
||||
LIST_ENTRY IrpList; //
|
||||
TOP_LEVEL_IRP TopLevelIrp;
|
||||
ULONG ReadClusterSize;
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
#ifndef _INCLUDE_DDK_SEFUNCS_H
|
||||
#define _INCLUDE_DDK_SEFUNCS_H
|
||||
/* $Id: sefuncs.h,v 1.3 1999/12/26 17:22:18 ea Exp $ */
|
||||
/* $Id: sefuncs.h,v 1.4 2000/01/05 21:56:58 dwelch Exp $ */
|
||||
NTSTATUS STDCALL RtlCreateSecurityDescriptor (PSECURITY_DESCRIPTOR SecurityDescriptor, ULONG Revision);
|
||||
BOOLEAN STDCALL RtlValidSecurityDescriptor (PSECURITY_DESCRIPTOR SecurityDescriptor);
|
||||
ULONG STDCALL RtlLengthSecurityDescriptor (PSECURITY_DESCRIPTOR SecurityDescriptor);
|
||||
|
@ -16,7 +16,7 @@ PULONG STDCALL RtlSubAuthoritySid (PSID Sid, ULONG SubAuthority);
|
|||
BOOLEAN STDCALL RtlEqualSid(PSID Sid1, PSID Sid2);
|
||||
NTSTATUS STDCALL RtlAbsoluteToSelfRelativeSD (PSECURITY_DESCRIPTOR AbsSD, PSECURITY_DESCRIPTOR RelSD, PULONG BufferLength);
|
||||
BOOLEAN STDCALL SeAccessCheck (IN PSECURITY_DESCRIPTOR SecurityDescriptor,
|
||||
IN PSECURITY_DESCRIPTOR_CONTEXT SubjectSecurityContext,
|
||||
IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext,
|
||||
IN BOOLEAN SubjectContextLocked,
|
||||
IN ACCESS_MASK DesiredAccess,
|
||||
IN ACCESS_MASK PreviouslyGrantedAccess,
|
||||
|
@ -35,4 +35,14 @@ NTSTATUS STDCALL SeDeassignSecurity (PSECURITY_DESCRIPTOR* SecurityDescriptor);
|
|||
BOOLEAN STDCALL SeSinglePrivilegeCheck (LUID PrivilegeValue, KPROCESSOR_MODE PreviousMode);
|
||||
ULONG STDCALL RtlLengthSid (PSID Sid);
|
||||
NTSTATUS STDCALL RtlCopySid(ULONG BufferLength, PSID Src, PSID Dest);
|
||||
|
||||
VOID SeImpersonateClient(PSE_SOME_STRUCT2 a,
|
||||
PETHREAD Thread);
|
||||
|
||||
NTSTATUS SeCreateClientSecurity(PETHREAD Thread,
|
||||
PSECURITY_QUALITY_OF_SERVICE Qos,
|
||||
ULONG e,
|
||||
PSE_SOME_STRUCT2 f);
|
||||
|
||||
|
||||
#endif /* ndef _INCLUDE_DDK_SEFUNCS_H */
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $Id: setypes.h,v 1.3 1999/12/26 17:22:18 ea Exp $
|
||||
/* $Id: setypes.h,v 1.4 2000/01/05 21:56:58 dwelch Exp $
|
||||
*
|
||||
* COPYRIGHT: See COPYING in the top level directory for details
|
||||
* PROJECT: ReactOS kernel
|
||||
|
@ -12,6 +12,8 @@
|
|||
#ifndef __INCLUDE_DDK_SETYPES_H
|
||||
#define __INCLUDE_DDK_SETYPES_H
|
||||
|
||||
#include <security.h>
|
||||
|
||||
/* SID */
|
||||
#define SECURITY_NULL_RID (0L)
|
||||
#define SECURITY_WORLD_RID (0L)
|
||||
|
@ -82,80 +84,10 @@
|
|||
#define SE_PRIVILEGE_USED_FOR_ACCESS (0x80000000L)
|
||||
#define PRIVILEGE_SET_ALL_NECESSARY (0x1)
|
||||
|
||||
typedef ULONG ACCESS_MASK;
|
||||
typedef ULONG ACCESS_MODE, *PACCESS_MODE;
|
||||
|
||||
typedef struct _SECURITY_QUALITY_OF_SERVICE {
|
||||
DWORD Length;
|
||||
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
|
||||
/* SECURITY_CONTEXT_TRACKING_MODE ContextTrackingMode; */
|
||||
WINBOOL ContextTrackingMode;
|
||||
BOOLEAN EffectiveOnly;
|
||||
} SECURITY_QUALITY_OF_SERVICE;
|
||||
|
||||
typedef SECURITY_QUALITY_OF_SERVICE* PSECURITY_QUALITY_OF_SERVICE;
|
||||
|
||||
typedef struct _ACE_HEADER
|
||||
{
|
||||
CHAR AceType;
|
||||
CHAR AceFlags;
|
||||
USHORT AceSize;
|
||||
ACCESS_MASK AccessMask;
|
||||
} ACE_HEADER, *PACE_HEADER;
|
||||
|
||||
typedef struct
|
||||
{
|
||||
ACE_HEADER Header;
|
||||
} ACE, *PACE;
|
||||
|
||||
typedef struct _SID_IDENTIFIER_AUTHORITY
|
||||
{
|
||||
BYTE Value[6];
|
||||
} SID_IDENTIFIER_AUTHORITY, *PSID_IDENTIFIER_AUTHORITY;
|
||||
|
||||
#define SECURITY_WORLD_SID_AUTHORITY {0,0,0,0,0,1}
|
||||
|
||||
typedef struct _SID
|
||||
{
|
||||
UCHAR Revision;
|
||||
UCHAR SubAuthorityCount;
|
||||
SID_IDENTIFIER_AUTHORITY IdentifierAuthority;
|
||||
ULONG SubAuthority[1];
|
||||
} SID, *PSID;
|
||||
|
||||
typedef struct _ACL {
|
||||
UCHAR AclRevision;
|
||||
UCHAR Sbz1;
|
||||
USHORT AclSize;
|
||||
USHORT AceCount;
|
||||
USHORT Sbz2;
|
||||
} ACL, *PACL;
|
||||
|
||||
typedef USHORT SECURITY_DESCRIPTOR_CONTROL, *PSECURITY_DESCRIPTOR_CONTROL;
|
||||
|
||||
typedef struct _SECURITY_DESCRIPTOR_CONTEXT
|
||||
{
|
||||
} SECURITY_DESCRIPTOR_CONTEXT, *PSECURITY_DESCRIPTOR_CONTEXT;
|
||||
|
||||
typedef LARGE_INTEGER LUID, *PLUID;
|
||||
|
||||
typedef struct _LUID_AND_ATTRIBUTES
|
||||
{
|
||||
LUID Luid;
|
||||
DWORD Attributes;
|
||||
} LUID_AND_ATTRIBUTES, *PLUID_AND_ATTRIBUTES;
|
||||
|
||||
typedef struct _TOKEN_SOURCE
|
||||
{
|
||||
CHAR SourceName[8];
|
||||
LARGE_INTEGER Unknown;
|
||||
LUID SourceIdentifier;
|
||||
} TOKEN_SOURCE, *PTOKEN_SOURCE;
|
||||
|
||||
|
||||
typedef struct _ACCESS_TOKEN
|
||||
{
|
||||
TOKEN_SOURCE TokenSource; // 0x00
|
||||
LUID TokenId; // 0x10
|
||||
LUID AuthenticationId; // 0x18
|
||||
LARGE_INTEGER ExpirationTime; // 0x20
|
||||
LUID ModifiedId; // 0x28
|
||||
|
@ -165,7 +97,8 @@ typedef struct _ACCESS_TOKEN
|
|||
ULONG DynamicCharged; // 0x3C
|
||||
ULONG DynamicAvailable; // 0x40
|
||||
ULONG DefaultOwnerIndex; // 0x44
|
||||
ULONG Unknown[2]; // 0x48
|
||||
PSID_AND_ATTRIBUTES UserAndGroups; // 0x48
|
||||
PSID PrimaryGroup; // 0x4C
|
||||
PLUID_AND_ATTRIBUTES Privileges; // 0x50
|
||||
ULONG Unknown1; // 0x54
|
||||
PACL DefaultDacl; // 0x58
|
||||
|
@ -188,23 +121,28 @@ typedef struct _SECURITY_SUBJECT_CONTEXT
|
|||
PVOID ProcessAuditId; // 0xC
|
||||
} SECURITY_SUBJECT_CONTEXT, *PSECURITY_SUBJECT_CONTEXT;
|
||||
|
||||
|
||||
typedef struct _SECURITY_DESCRIPTOR {
|
||||
UCHAR Revision;
|
||||
UCHAR Sbz1;
|
||||
SECURITY_DESCRIPTOR_CONTROL Control;
|
||||
PSID Owner;
|
||||
PSID Group;
|
||||
PACL Sacl;
|
||||
PACL Dacl;
|
||||
} SECURITY_DESCRIPTOR, *PSECURITY_DESCRIPTOR;
|
||||
|
||||
BOOLEAN STDCALL RtlValidSid (PSID Sid);
|
||||
|
||||
/*
|
||||
* from ntoskrnl/se/token.c:
|
||||
*/
|
||||
extern struct _OBJECT_TYPE* SeTokenType;
|
||||
|
||||
typedef struct
|
||||
{
|
||||
ULONG Unknown1; // 0x0
|
||||
SECURITY_IMPERSONATION_LEVEL Level; // 0x4
|
||||
UCHAR ContextTrackingMode; // 0x8
|
||||
UCHAR EffectiveOnly; // 0x9
|
||||
UCHAR Unknown5; // 0xa
|
||||
UCHAR Unknown6; // 0xb
|
||||
PACCESS_TOKEN Token; // 0xc
|
||||
UCHAR Unknown8; // 0x10
|
||||
UCHAR Unknown9; // 0x11
|
||||
UCHAR Unknown10; // 0x12
|
||||
UCHAR Pad[1]; // 0x13
|
||||
ULONG Unknown11; // 0x14
|
||||
} SE_SOME_STRUCT2, *PSE_SOME_STRUCT2;
|
||||
|
||||
|
||||
|
||||
#endif
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
/* $Id: zw.h,v 1.24 1999/12/18 17:48:21 dwelch Exp $
|
||||
/* $Id: zw.h,v 1.25 2000/01/05 21:56:58 dwelch Exp $
|
||||
*
|
||||
* COPYRIGHT: See COPYING in the top level directory
|
||||
* PROJECT: ReactOS kernel
|
||||
|
@ -17,56 +17,6 @@
|
|||
#ifndef __DDK_ZW_H
|
||||
#define __DDK_ZW_H
|
||||
|
||||
#if defined(WIN32_LEAN_AND_MEAN) && !defined(TOKEN_INFORMATION_CLASS_DEFINED)
|
||||
|
||||
typedef enum _TOKEN_INFORMATION_CLASS {
|
||||
TokenUser = 1,
|
||||
TokenGroups,
|
||||
TokenPrivileges,
|
||||
TokenOwner,
|
||||
TokenPrimaryGroup,
|
||||
TokenDefaultDacl,
|
||||
TokenSource,
|
||||
TokenType,
|
||||
TokenImpersonationLevel,
|
||||
TokenStatistics
|
||||
} TOKEN_INFORMATION_CLASS;
|
||||
|
||||
typedef struct _SID_AND_ATTRIBUTES {
|
||||
PSID Sid;
|
||||
DWORD Attributes;
|
||||
} SID_AND_ATTRIBUTES ;
|
||||
|
||||
typedef SID_AND_ATTRIBUTES SID_AND_ATTRIBUTES_ARRAY[ANYSIZE_ARRAY];
|
||||
typedef SID_AND_ATTRIBUTES_ARRAY *PSID_AND_ATTRIBUTES_ARRAY;
|
||||
|
||||
typedef struct _TOKEN_DEFAULT_DACL {
|
||||
PACL DefaultDacl;
|
||||
} TOKEN_DEFAULT_DACL, *PTOKEN_DEFAULT_DACL;
|
||||
|
||||
typedef struct _TOKEN_GROUPS {
|
||||
DWORD GroupCount;
|
||||
SID_AND_ATTRIBUTES Groups[ANYSIZE_ARRAY];
|
||||
} TOKEN_GROUPS, *PTOKEN_GROUPS, *LPTOKEN_GROUPS;
|
||||
|
||||
typedef struct _TOKEN_OWNER {
|
||||
PSID Owner;
|
||||
} TOKEN_OWNER, *PTOKEN_OWNER;
|
||||
|
||||
typedef struct _TOKEN_PRIMARY_GROUP {
|
||||
PSID PrimaryGroup;
|
||||
} TOKEN_PRIMARY_GROUP, *PTOKEN_PRIMARY_GROUP;
|
||||
|
||||
typedef struct _TOKEN_PRIVILEGES {
|
||||
DWORD PrivilegeCount;
|
||||
LUID_AND_ATTRIBUTES Privileges[ANYSIZE_ARRAY];
|
||||
} TOKEN_PRIVILEGES, *PTOKEN_PRIVILEGES, *LPTOKEN_PRIVILEGES;
|
||||
|
||||
typedef struct _TOKEN_USER {
|
||||
SID_AND_ATTRIBUTES User;
|
||||
} TOKEN_USER, *PTOKEN_USER;
|
||||
|
||||
#endif
|
||||
|
||||
#define LCID ULONG
|
||||
#define SECURITY_INFORMATION ULONG
|
||||
|
|
154
reactos/include/security.h
Normal file
154
reactos/include/security.h
Normal file
|
@ -0,0 +1,154 @@
|
|||
#ifndef __INCLUDE_SECURITY_H
|
||||
#define __INCLUDE_SECURITY_H
|
||||
|
||||
typedef enum _TOKEN_INFORMATION_CLASS {
|
||||
TokenUser = 1,
|
||||
TokenGroups,
|
||||
TokenPrivileges,
|
||||
TokenOwner,
|
||||
TokenPrimaryGroup,
|
||||
TokenDefaultDacl,
|
||||
TokenSource,
|
||||
TokenType,
|
||||
TokenImpersonationLevel,
|
||||
TokenStatistics
|
||||
} TOKEN_INFORMATION_CLASS;
|
||||
|
||||
typedef ULONG SECURITY_IMPERSONATION_LEVEL, *PSECURITY_IMPERSONATION_LEVEL;
|
||||
|
||||
#define SecurityAnonymous ((SECURITY_IMPERSONATION_LEVEL)1)
|
||||
#define SecurityIdentification ((SECURITY_IMPERSONATION_LEVEL)2)
|
||||
#define SecurityImpersonation ((SECURITY_IMPERSONATION_LEVEL)3)
|
||||
#define SecurityDelegation ((SECURITY_IMPERSONATION_LEVEL)4)
|
||||
|
||||
typedef ULONG TOKEN_TYPE, *PTOKEN_TYPE;
|
||||
|
||||
#define TokenPrimary ((TOKEN_TYPE)1)
|
||||
#define TokenImpersonation ((TOKEN_TYPE)2)
|
||||
|
||||
typedef ULONG ACCESS_MASK;
|
||||
typedef ULONG ACCESS_MODE, *PACCESS_MODE;
|
||||
|
||||
typedef struct _SECURITY_QUALITY_OF_SERVICE {
|
||||
DWORD Length;
|
||||
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
|
||||
/* SECURITY_CONTEXT_TRACKING_MODE ContextTrackingMode; */
|
||||
WINBOOL ContextTrackingMode;
|
||||
BOOLEAN EffectiveOnly;
|
||||
} SECURITY_QUALITY_OF_SERVICE;
|
||||
|
||||
typedef SECURITY_QUALITY_OF_SERVICE* PSECURITY_QUALITY_OF_SERVICE;
|
||||
|
||||
typedef struct _ACE_HEADER
|
||||
{
|
||||
CHAR AceType;
|
||||
CHAR AceFlags;
|
||||
USHORT AceSize;
|
||||
ACCESS_MASK AccessMask;
|
||||
} ACE_HEADER, *PACE_HEADER;
|
||||
|
||||
typedef struct
|
||||
{
|
||||
ACE_HEADER Header;
|
||||
} ACE, *PACE;
|
||||
|
||||
typedef struct _SID_IDENTIFIER_AUTHORITY
|
||||
{
|
||||
BYTE Value[6];
|
||||
} SID_IDENTIFIER_AUTHORITY, *PSID_IDENTIFIER_AUTHORITY;
|
||||
|
||||
#define SECURITY_WORLD_SID_AUTHORITY {0,0,0,0,0,1}
|
||||
|
||||
typedef struct _SID
|
||||
{
|
||||
UCHAR Revision;
|
||||
UCHAR SubAuthorityCount;
|
||||
SID_IDENTIFIER_AUTHORITY IdentifierAuthority;
|
||||
ULONG SubAuthority[1];
|
||||
} SID, *PSID;
|
||||
|
||||
typedef struct _ACL {
|
||||
UCHAR AclRevision;
|
||||
UCHAR Sbz1;
|
||||
USHORT AclSize;
|
||||
USHORT AceCount;
|
||||
USHORT Sbz2;
|
||||
} ACL, *PACL;
|
||||
|
||||
typedef USHORT SECURITY_DESCRIPTOR_CONTROL, *PSECURITY_DESCRIPTOR_CONTROL;
|
||||
|
||||
typedef struct _SECURITY_DESCRIPTOR_CONTEXT
|
||||
{
|
||||
} SECURITY_DESCRIPTOR_CONTEXT, *PSECURITY_DESCRIPTOR_CONTEXT;
|
||||
|
||||
typedef LARGE_INTEGER LUID, *PLUID;
|
||||
|
||||
typedef struct _SECURITY_DESCRIPTOR {
|
||||
UCHAR Revision;
|
||||
UCHAR Sbz1;
|
||||
SECURITY_DESCRIPTOR_CONTROL Control;
|
||||
PSID Owner;
|
||||
PSID Group;
|
||||
PACL Sacl;
|
||||
PACL Dacl;
|
||||
} SECURITY_DESCRIPTOR, *PSECURITY_DESCRIPTOR;
|
||||
|
||||
typedef struct _LUID_AND_ATTRIBUTES
|
||||
{
|
||||
LUID Luid;
|
||||
DWORD Attributes;
|
||||
} LUID_AND_ATTRIBUTES, *PLUID_AND_ATTRIBUTES;
|
||||
|
||||
typedef struct _TOKEN_SOURCE {
|
||||
CHAR SourceName[8];
|
||||
LUID SourceIdentifier;
|
||||
} TOKEN_SOURCE, *PTOKEN_SOURCE;
|
||||
|
||||
typedef struct _SID_AND_ATTRIBUTES {
|
||||
PSID Sid;
|
||||
DWORD Attributes;
|
||||
} SID_AND_ATTRIBUTES, *PSID_AND_ATTRIBUTES;
|
||||
|
||||
typedef SID_AND_ATTRIBUTES SID_AND_ATTRIBUTES_ARRAY[ANYSIZE_ARRAY];
|
||||
typedef SID_AND_ATTRIBUTES_ARRAY *PSID_AND_ATTRIBUTES_ARRAY;
|
||||
|
||||
typedef struct _TOKEN_USER {
|
||||
SID_AND_ATTRIBUTES User;
|
||||
} TOKEN_USER, *PTOKEN_USER;
|
||||
|
||||
typedef struct _TOKEN_PRIMARY_GROUP {
|
||||
PSID PrimaryGroup;
|
||||
} TOKEN_PRIMARY_GROUP, *PTOKEN_PRIMARY_GROUP;
|
||||
|
||||
typedef struct _TOKEN_GROUPS {
|
||||
DWORD GroupCount;
|
||||
SID_AND_ATTRIBUTES Groups[ANYSIZE_ARRAY];
|
||||
} TOKEN_GROUPS, *PTOKEN_GROUPS, *LPTOKEN_GROUPS;
|
||||
|
||||
typedef struct _TOKEN_PRIVILEGES {
|
||||
DWORD PrivilegeCount;
|
||||
LUID_AND_ATTRIBUTES Privileges[ANYSIZE_ARRAY];
|
||||
} TOKEN_PRIVILEGES, *PTOKEN_PRIVILEGES, *LPTOKEN_PRIVILEGES;
|
||||
|
||||
typedef struct _TOKEN_OWNER {
|
||||
PSID Owner;
|
||||
} TOKEN_OWNER, *PTOKEN_OWNER;
|
||||
|
||||
typedef struct _TOKEN_DEFAULT_DACL {
|
||||
PACL DefaultDacl;
|
||||
} TOKEN_DEFAULT_DACL, *PTOKEN_DEFAULT_DACL;
|
||||
|
||||
typedef struct _TOKEN_STATISTICS {
|
||||
LUID TokenId;
|
||||
LUID AuthenticationId;
|
||||
LARGE_INTEGER ExpirationTime;
|
||||
TOKEN_TYPE TokenType;
|
||||
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
|
||||
DWORD DynamicCharged;
|
||||
DWORD DynamicAvailable;
|
||||
DWORD GroupCount;
|
||||
DWORD PrivilegeCount;
|
||||
LUID ModifiedId;
|
||||
} TOKEN_STATISTICS, *PTOKEN_STATISTICS;
|
||||
|
||||
#endif /* __INCLUDE_SECURITY_H */
|
|
@ -53,7 +53,7 @@ typedef union _ULARGE_INTEGER
|
|||
ULONGLONG QuadPart;
|
||||
} ULARGE_INTEGER, *PULARGE_INTEGER;
|
||||
|
||||
#include <ddk/setypes.h>
|
||||
#include <security.h>
|
||||
|
||||
typedef struct _LIST_ENTRY {
|
||||
struct _LIST_ENTRY *Flink;
|
||||
|
@ -3880,15 +3880,6 @@ typedef struct _SHNAMEMAPPING {
|
|||
int cchNewPath;
|
||||
} SHNAMEMAPPING, *LPSHNAMEMAPPING;
|
||||
|
||||
typedef struct _SID_AND_ATTRIBUTES {
|
||||
PSID Sid;
|
||||
DWORD Attributes;
|
||||
} SID_AND_ATTRIBUTES ;
|
||||
|
||||
typedef SID_AND_ATTRIBUTES SID_AND_ATTRIBUTES_ARRAY[ANYSIZE_ARRAY];
|
||||
typedef SID_AND_ATTRIBUTES_ARRAY *PSID_AND_ATTRIBUTES_ARRAY;
|
||||
|
||||
|
||||
typedef struct tagSOUNDSENTRY {
|
||||
UINT cbSize;
|
||||
DWORD dwFlags;
|
||||
|
@ -4156,45 +4147,6 @@ typedef struct _TOKEN_CONTROL {
|
|||
TOKEN_SOURCE TokenSource;
|
||||
} TOKEN_CONTROL, *PTOKEN_CONTROL ;
|
||||
|
||||
typedef struct _TOKEN_DEFAULT_DACL {
|
||||
PACL DefaultDacl;
|
||||
} TOKEN_DEFAULT_DACL, *PTOKEN_DEFAULT_DACL;
|
||||
|
||||
typedef struct _TOKEN_GROUPS {
|
||||
DWORD GroupCount;
|
||||
SID_AND_ATTRIBUTES Groups[ANYSIZE_ARRAY];
|
||||
} TOKEN_GROUPS, *PTOKEN_GROUPS, *LPTOKEN_GROUPS;
|
||||
|
||||
typedef struct _TOKEN_OWNER {
|
||||
PSID Owner;
|
||||
} TOKEN_OWNER, *PTOKEN_OWNER;
|
||||
|
||||
typedef struct _TOKEN_PRIMARY_GROUP {
|
||||
PSID PrimaryGroup;
|
||||
} TOKEN_PRIMARY_GROUP, *PTOKEN_PRIMARY_GROUP;
|
||||
|
||||
typedef struct _TOKEN_PRIVILEGES {
|
||||
DWORD PrivilegeCount;
|
||||
LUID_AND_ATTRIBUTES Privileges[ANYSIZE_ARRAY];
|
||||
} TOKEN_PRIVILEGES, *PTOKEN_PRIVILEGES, *LPTOKEN_PRIVILEGES;
|
||||
|
||||
typedef struct _TOKEN_STATISTICS {
|
||||
LUID TokenId;
|
||||
LUID AuthenticationId;
|
||||
LARGE_INTEGER ExpirationTime;
|
||||
TOKEN_TYPE TokenType;
|
||||
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
|
||||
DWORD DynamicCharged;
|
||||
DWORD DynamicAvailable;
|
||||
DWORD GroupCount;
|
||||
DWORD PrivilegeCount;
|
||||
LUID ModifiedId;
|
||||
} TOKEN_STATISTICS, *PTOKEN_STATISTICS;
|
||||
|
||||
typedef struct _TOKEN_USER {
|
||||
SID_AND_ATTRIBUTES User;
|
||||
} TOKEN_USER, *PTOKEN_USER;
|
||||
|
||||
typedef struct {
|
||||
UINT cbSize;
|
||||
UINT uFlags;
|
||||
|
|
|
@ -18,7 +18,9 @@ GetSecurityDescriptorLength (
|
|||
PSECURITY_DESCRIPTOR pSecurityDescriptor
|
||||
)
|
||||
{
|
||||
#if 0
|
||||
return RtlLengthSecurityDescriptor(pSecurityDescriptor);
|
||||
#endif
|
||||
}
|
||||
|
||||
|
||||
|
|
|
@ -10,7 +10,7 @@
|
|||
|
||||
#include <ddk/ntddk.h>
|
||||
|
||||
#define NDEBUG
|
||||
//#define NDEBUG
|
||||
#include <internal/debug.h>
|
||||
|
||||
/* FUNCTIONS *****************************************************************/
|
||||
|
|
|
@ -12,7 +12,7 @@
|
|||
|
||||
#include <ddk/ntddk.h>
|
||||
|
||||
#define NDEBUG
|
||||
//#define NDEBUG
|
||||
#include <internal/debug.h>
|
||||
|
||||
/* FUNCTIONS *****************************************************************/
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $Id: create.c,v 1.6 1999/12/26 15:50:51 dwelch Exp $
|
||||
/* $Id: create.c,v 1.7 2000/01/05 21:57:00 dwelch Exp $
|
||||
*
|
||||
* COPYRIGHT: See COPYING in the top level directory
|
||||
* PROJECT: ReactOS kernel
|
||||
|
@ -43,6 +43,193 @@ extern LIST_ENTRY PiThreadListHead;
|
|||
|
||||
/* FUNCTIONS ***************************************************************/
|
||||
|
||||
NTSTATUS PsAssignImpersonationToken(PETHREAD Thread,
|
||||
HANDLE TokenHandle)
|
||||
{
|
||||
PACCESS_TOKEN Token;
|
||||
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
|
||||
NTSTATUS Status;
|
||||
|
||||
if (TokenHandle != NULL)
|
||||
{
|
||||
Status = ObReferenceObjectByHandle(TokenHandle,
|
||||
0,
|
||||
SeTokenType,
|
||||
UserMode,
|
||||
(PVOID*)&Token,
|
||||
NULL);
|
||||
if (!NT_SUCCESS(Status))
|
||||
{
|
||||
return(Status);
|
||||
}
|
||||
ImpersonationLevel = Token->ImpersonationLevel;
|
||||
}
|
||||
else
|
||||
{
|
||||
Token = NULL;
|
||||
ImpersonationLevel = 0;
|
||||
}
|
||||
|
||||
PsImpersonateClient(Thread,
|
||||
Token,
|
||||
0,
|
||||
0,
|
||||
ImpersonationLevel);
|
||||
if (Token != NULL)
|
||||
{
|
||||
ObDereferenceObject(Token);
|
||||
}
|
||||
return(STATUS_SUCCESS);
|
||||
}
|
||||
|
||||
VOID PsRevertToSelf(PETHREAD Thread)
|
||||
{
|
||||
if (Thread->ActiveImpersonationInfo != 0)
|
||||
{
|
||||
Thread->ActiveImpersonationInfo = 0;
|
||||
ObDereferenceObject(Thread->ImpersonationInfo->Token);
|
||||
}
|
||||
}
|
||||
|
||||
VOID PsImpersonateClient(PETHREAD Thread,
|
||||
PACCESS_TOKEN Token,
|
||||
UCHAR b,
|
||||
UCHAR c,
|
||||
SECURITY_IMPERSONATION_LEVEL Level)
|
||||
{
|
||||
if (Token == 0)
|
||||
{
|
||||
if (Thread->ActiveImpersonationInfo != 0)
|
||||
{
|
||||
Thread->ActiveImpersonationInfo = 0;
|
||||
if (Thread->ImpersonationInfo->Token != NULL)
|
||||
{
|
||||
ObDereferenceObject(Thread->ImpersonationInfo->Token);
|
||||
}
|
||||
}
|
||||
return;
|
||||
}
|
||||
if (Thread->ActiveImpersonationInfo == 0 ||
|
||||
Thread->ImpersonationInfo == NULL)
|
||||
{
|
||||
Thread->ImpersonationInfo = ExAllocatePool(NonPagedPool,
|
||||
sizeof(PS_IMPERSONATION_INFO));
|
||||
}
|
||||
Thread->ImpersonationInfo->Level = Level;
|
||||
Thread->ImpersonationInfo->Unknown2 = c;
|
||||
Thread->ImpersonationInfo->Unknown1 = b;
|
||||
Thread->ImpersonationInfo->Token = Token;
|
||||
ObReferenceObjectByPointer(Token,
|
||||
0,
|
||||
SeTokenType,
|
||||
KernelMode);
|
||||
Thread->ActiveImpersonationInfo = 1;
|
||||
}
|
||||
|
||||
PACCESS_TOKEN PsReferenceEffectiveToken(PETHREAD Thread,
|
||||
PTOKEN_TYPE TokenType,
|
||||
PUCHAR b,
|
||||
PSECURITY_IMPERSONATION_LEVEL Level)
|
||||
{
|
||||
PEPROCESS Process;
|
||||
PACCESS_TOKEN Token;
|
||||
|
||||
if (Thread->ActiveImpersonationInfo == 0)
|
||||
{
|
||||
Process = Thread->ThreadsProcess;
|
||||
*TokenType = TokenPrimary;
|
||||
*b = 0;
|
||||
Token = Process->Token;
|
||||
}
|
||||
else
|
||||
{
|
||||
Token = Thread->ImpersonationInfo->Token;
|
||||
*TokenType = TokenImpersonation;
|
||||
*b = Thread->ImpersonationInfo->Unknown2;
|
||||
*Level = Thread->ImpersonationInfo->Level;
|
||||
}
|
||||
return(Token);
|
||||
}
|
||||
|
||||
NTSTATUS STDCALL NtImpersonateThread (IN HANDLE ThreadHandle,
|
||||
IN HANDLE ThreadToImpersonateHandle,
|
||||
IN PSECURITY_QUALITY_OF_SERVICE
|
||||
SecurityQualityOfService)
|
||||
{
|
||||
PETHREAD Thread;
|
||||
PETHREAD ThreadToImpersonate;
|
||||
NTSTATUS Status;
|
||||
SE_SOME_STRUCT2 b;
|
||||
|
||||
Status = ObReferenceObjectByHandle(ThreadHandle,
|
||||
0,
|
||||
PsThreadType,
|
||||
UserMode,
|
||||
(PVOID*)&Thread,
|
||||
NULL);
|
||||
if (!NT_SUCCESS(Status))
|
||||
{
|
||||
return(Status);
|
||||
}
|
||||
|
||||
Status = ObReferenceObjectByHandle(ThreadToImpersonateHandle,
|
||||
0,
|
||||
PsThreadType,
|
||||
UserMode,
|
||||
(PVOID*)&ThreadToImpersonate,
|
||||
NULL);
|
||||
if (!NT_SUCCESS(Status))
|
||||
{
|
||||
ObDereferenceObject(Thread);
|
||||
return(Status);
|
||||
}
|
||||
|
||||
Status = SeCreateClientSecurity(ThreadToImpersonate,
|
||||
SecurityQualityOfService,
|
||||
0,
|
||||
&b);
|
||||
if (!NT_SUCCESS(Status))
|
||||
{
|
||||
ObDereferenceObject(Thread);
|
||||
ObDereferenceObject(ThreadToImpersonate);
|
||||
return(Status);
|
||||
}
|
||||
|
||||
SeImpersonateClient(&b, Thread);
|
||||
if (b.Token != NULL)
|
||||
{
|
||||
ObDereferenceObject(b.Token);
|
||||
}
|
||||
return(STATUS_SUCCESS);
|
||||
}
|
||||
|
||||
NTSTATUS STDCALL NtOpenThreadToken(IN HANDLE ThreadHandle,
|
||||
IN ACCESS_MASK DesiredAccess,
|
||||
IN BOOLEAN OpenAsSelf,
|
||||
OUT PHANDLE TokenHandle)
|
||||
{
|
||||
#if 0
|
||||
PETHREAD Thread;
|
||||
NTSTATUS Status;
|
||||
PACCESS_TOKEN Token;
|
||||
|
||||
Status = ObReferenceObjectByHandle(ThreadHandle,
|
||||
0,
|
||||
PsThreadType,
|
||||
UserMode,
|
||||
(PVOID*)&Thread,
|
||||
NULL);
|
||||
if (!NT_SUCCESS(Status))
|
||||
{
|
||||
return(Status);
|
||||
}
|
||||
|
||||
Token = PsReferencePrimaryToken(Thread->ThreadsProcess);
|
||||
SepCreateImpersonationTokenDacl(Token);
|
||||
#endif
|
||||
return(STATUS_UNSUCCESSFUL);
|
||||
}
|
||||
|
||||
PACCESS_TOKEN PsReferenceImpersonationToken(PETHREAD Thread,
|
||||
PULONG Unknown1,
|
||||
PULONG Unknown2,
|
||||
|
|
|
@ -36,6 +36,28 @@ static ULONG PiNextProcessUniqueId = 0;
|
|||
|
||||
/* FUNCTIONS *****************************************************************/
|
||||
|
||||
NTSTATUS STDCALL NtOpenProcessToken(IN HANDLE ProcessHandle,
|
||||
IN ACCESS_MASK DesiredAccess,
|
||||
OUT PHANDLE TokenHandle)
|
||||
{
|
||||
PACCESS_TOKEN Token;
|
||||
NTSTATUS Status;
|
||||
|
||||
Status = PsOpenTokenOfProcess(ProcessHandle,
|
||||
&Token);
|
||||
if (!NT_SUCCESS(Status))
|
||||
{
|
||||
return(Status);
|
||||
}
|
||||
Status = ObCreateHandle(PsGetCurrentProcess(),
|
||||
Token,
|
||||
DesiredAccess,
|
||||
FALSE,
|
||||
ProcessHandle);
|
||||
ObDereferenceObject(Token);
|
||||
return(Status);
|
||||
}
|
||||
|
||||
PACCESS_TOKEN PsReferencePrimaryToken(PEPROCESS Process)
|
||||
{
|
||||
ObReferenceObjectByPointer(Process->Token,
|
||||
|
|
|
@ -17,28 +17,22 @@
|
|||
|
||||
/* FUNCTIONS *****************************************************************/
|
||||
|
||||
NTSTATUS
|
||||
STDCALL
|
||||
NtSetInformationThread (
|
||||
HANDLE ThreadHandle,
|
||||
NTSTATUS STDCALL NtSetInformationThread(HANDLE ThreadHandle,
|
||||
THREADINFOCLASS ThreadInformationClass,
|
||||
PVOID ThreadInformation,
|
||||
ULONG ThreadInformationLength
|
||||
)
|
||||
ULONG ThreadInformationLength)
|
||||
{
|
||||
PETHREAD Thread;
|
||||
NTSTATUS Status;
|
||||
PTHREAD_BASIC_INFORMATION ThreadBasicInformationP;
|
||||
|
||||
Status = ObReferenceObjectByHandle(
|
||||
ThreadHandle,
|
||||
Status = ObReferenceObjectByHandle(ThreadHandle,
|
||||
THREAD_SET_INFORMATION,
|
||||
PsThreadType,
|
||||
UserMode,
|
||||
(PVOID*) & Thread,
|
||||
NULL
|
||||
);
|
||||
if (Status != STATUS_SUCCESS)
|
||||
(PVOID*)&Thread,
|
||||
NULL);
|
||||
if (!NT_SUCCESS(Status))
|
||||
{
|
||||
return Status;
|
||||
}
|
||||
|
@ -65,10 +59,7 @@ NtSetInformationThread (
|
|||
break;
|
||||
|
||||
case ThreadPriority:
|
||||
KeSetPriorityThread(
|
||||
& Thread->Tcb,
|
||||
* (KPRIORITY *) ThreadInformation
|
||||
);
|
||||
KeSetPriorityThread(&Thread->Tcb, *(KPRIORITY *)ThreadInformation);
|
||||
Status = STATUS_SUCCESS;
|
||||
break;
|
||||
|
||||
|
@ -79,6 +70,8 @@ NtSetInformationThread (
|
|||
break;
|
||||
|
||||
case ThreadImpersonationToken:
|
||||
Status = PsAssignImpersonationToken(Thread,
|
||||
*((PHANDLE)ThreadInformation));
|
||||
break;
|
||||
|
||||
case ThreadDescriptorTableEntry:
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $Id: acl.c,v 1.2 1999/12/26 17:22:19 ea Exp $
|
||||
/* $Id: acl.c,v 1.3 2000/01/05 21:57:00 dwelch Exp $
|
||||
*
|
||||
* COPYRIGHT: See COPYING in the top level directory
|
||||
* PROJECT: ReactOS kernel
|
||||
|
@ -94,7 +94,7 @@ NTSTATUS RtlpAddKnownAce(PACL Acl,
|
|||
Ace->Header.AceType = Type;
|
||||
Ace->Header.AceSize = RtlLengthSid(Sid) + sizeof(ACE);
|
||||
Ace->Header.AccessMask = AccessMask;
|
||||
RtlCopySid(RtlLengthSid(Sid), Sid, (PSID)Ace + 1);
|
||||
RtlCopySid(RtlLengthSid(Sid), (PSID)Ace + 1, Sid);
|
||||
Acl->AceCount++;
|
||||
Acl->AclRevision = Revision;
|
||||
return(STATUS_SUCCESS);
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $Id: semgr.c,v 1.13 1999/12/26 17:22:19 ea Exp $
|
||||
/* $Id: semgr.c,v 1.14 2000/01/05 21:57:00 dwelch Exp $
|
||||
*
|
||||
* COPYRIGHT: See COPYING in the top level directory
|
||||
* PROJECT: ReactOS kernel
|
||||
|
@ -17,6 +17,266 @@
|
|||
|
||||
/* FUNCTIONS ***************************************************************/
|
||||
|
||||
VOID SepReferenceLogonSession(PLUID AuthenticationId)
|
||||
{
|
||||
UNIMPLEMENTED;
|
||||
}
|
||||
|
||||
VOID SepDeReferenceLogonSession(PLUID AuthenticationId)
|
||||
{
|
||||
UNIMPLEMENTED;
|
||||
}
|
||||
|
||||
VOID SepFreeProxyData(PVOID ProxyData)
|
||||
{
|
||||
UNIMPLEMENTED;
|
||||
}
|
||||
|
||||
NTSTATUS SepCopyProxyData(PVOID* Dest, PVOID Src)
|
||||
{
|
||||
UNIMPLEMENTED;
|
||||
}
|
||||
|
||||
NTSTATUS SepDuplicationToken(PACCESS_TOKEN Token,
|
||||
PULONG a,
|
||||
ULONG b,
|
||||
TOKEN_TYPE TokenType,
|
||||
SECURITY_IMPERSONATION_LEVEL Level,
|
||||
ULONG d,
|
||||
PACCESS_TOKEN* e)
|
||||
{
|
||||
#if 0
|
||||
PVOID mem1;
|
||||
PVOID mem2;
|
||||
PVOID f;
|
||||
PACCESS_TOKEN g;
|
||||
NTSTATUS Status;
|
||||
|
||||
if (TokenType == 2 &&
|
||||
(Level > 3 || Level < 0))
|
||||
{
|
||||
return(STATUS_UNSUCCESSFUL);
|
||||
}
|
||||
|
||||
SepReferenceLogonSession(&Token->AuthenticationId);
|
||||
|
||||
mem1 = ExAllocatePool(NonPagedPool, Token->DynamicCharged);
|
||||
if (mem1 == NULL)
|
||||
{
|
||||
SepDeReferenceLogonSession(&Token->AuthenticationId);
|
||||
return(STATUS_UNSUCCESSFUL);
|
||||
}
|
||||
if (Token->ProxyData != NULL)
|
||||
{
|
||||
Status = SepCopyProxyData(&f, Token->ProxyData);
|
||||
if (!NT_SUCCESS(Status))
|
||||
{
|
||||
SepDeReferenceLogonSession(&Token->AuthenticationId);
|
||||
ExFreePool(mem1);
|
||||
return(Status);
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
f = 0;
|
||||
}
|
||||
if (Token->AuditData != NULL)
|
||||
{
|
||||
mem2 = ExAllocatePool(NonPagedPool, 0xc);
|
||||
if (mem2 == NULL)
|
||||
{
|
||||
SepFreeProxyData(f);
|
||||
SepDeReferenceLogonSession(&Token->AuthenticationId);
|
||||
ExFreePool(mem1);
|
||||
return(STATUS_UNSUCCESSFUL);
|
||||
}
|
||||
memcpy(mem2, Token->AuditData, 0xc);
|
||||
}
|
||||
else
|
||||
{
|
||||
mem2 = NULL;
|
||||
}
|
||||
|
||||
Status = ObCreateObject(d,
|
||||
SeTokenType,
|
||||
b,
|
||||
d,
|
||||
0,
|
||||
Token->VariableLength + 0x78,
|
||||
Token->DynamicCharged,
|
||||
Token->VariableLength + 0x78,
|
||||
&g);
|
||||
if (!NT_SUCCESS(Status))
|
||||
{
|
||||
SepDeReferenceLogonSession(Token->AuthenticationId);
|
||||
ExFreePool(mem1);
|
||||
SepFreeProxyData(f);
|
||||
if (mem2 != NULL)
|
||||
{
|
||||
ExFreePool(mem2);
|
||||
}
|
||||
return(Status);
|
||||
}
|
||||
|
||||
g->TokenId = Token->TokenId;
|
||||
g->ModifiedId = Token->ModifiedId;
|
||||
g->ExpirationTime = Token->ExpirationTime;
|
||||
memcpy(&g->TokenSource, &Token->TokenSource, sizeof(TOKEN_SOURCE));
|
||||
g->DynamicCharged = Token->DynamicCharged;
|
||||
g->DynamicAvailable = Token->DynamicAvailable;
|
||||
g->DefaultOwnerIndex = Token->DefaultOwnerIndex;
|
||||
g->UserAndGroupCount = Token->UserAndGroupCount;
|
||||
g->PrivilegeCount = Token->PrivilegeCount;
|
||||
g->VariableLength = Token->VariableLength;
|
||||
g->TokenFlags = Token->TokenFlags;
|
||||
g->ProxyData = f;
|
||||
g->AuditData = mem2;
|
||||
//g->TokenId = ExInterlockedExchangeAdd();
|
||||
g->TokenInUse = 0;
|
||||
g->TokenType = TokenType;
|
||||
g->ImpersonationLevel = Level;
|
||||
memmove(g->VariablePart, Token->VariablePart, Token->VariableLength);
|
||||
/* ... */
|
||||
*e = g;
|
||||
return(STATUS_SUCCESS);
|
||||
#endif
|
||||
UNIMPLEMENTED;
|
||||
}
|
||||
|
||||
NTSTATUS SeCopyClientToken(PACCESS_TOKEN Token,
|
||||
SECURITY_IMPERSONATION_LEVEL Level,
|
||||
ULONG a,
|
||||
PACCESS_TOKEN* b)
|
||||
{
|
||||
ULONG c;
|
||||
PACCESS_TOKEN d;
|
||||
NTSTATUS Status;
|
||||
|
||||
c = 18;
|
||||
Status = SepDuplicationToken(Token,
|
||||
&c,
|
||||
0,
|
||||
TokenImpersonation,
|
||||
Level,
|
||||
a,
|
||||
&d);
|
||||
*b = d;
|
||||
return(Status);
|
||||
}
|
||||
|
||||
NTSTATUS SeCreateClientSecurity(PETHREAD Thread,
|
||||
PSECURITY_QUALITY_OF_SERVICE Qos,
|
||||
ULONG e,
|
||||
PSE_SOME_STRUCT2 f)
|
||||
{
|
||||
TOKEN_TYPE TokenType;
|
||||
UCHAR b;
|
||||
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
|
||||
PACCESS_TOKEN Token;
|
||||
ULONG g;
|
||||
PACCESS_TOKEN NewToken;
|
||||
|
||||
Token = PsReferenceEffectiveToken(Thread,
|
||||
&TokenType,
|
||||
&b,
|
||||
&ImpersonationLevel);
|
||||
if (TokenType != 2)
|
||||
{
|
||||
f->Unknown9 = Qos->EffectiveOnly;
|
||||
}
|
||||
else
|
||||
{
|
||||
if (Qos->ImpersonationLevel > ImpersonationLevel)
|
||||
{
|
||||
if (Token != NULL)
|
||||
{
|
||||
ObDereferenceObject(Token);
|
||||
}
|
||||
return(STATUS_UNSUCCESSFUL);
|
||||
}
|
||||
if (ImpersonationLevel == 0 ||
|
||||
ImpersonationLevel == 1 ||
|
||||
(e != 0 && ImpersonationLevel != 3))
|
||||
{
|
||||
if (Token != NULL)
|
||||
{
|
||||
ObDereferenceObject(Token);
|
||||
}
|
||||
return(STATUS_UNSUCCESSFUL);
|
||||
}
|
||||
if (b != 0 ||
|
||||
Qos->EffectiveOnly != 0)
|
||||
{
|
||||
f->Unknown9 = 1;
|
||||
}
|
||||
else
|
||||
{
|
||||
f->Unknown9 = 0;
|
||||
}
|
||||
}
|
||||
|
||||
if (Qos->ContextTrackingMode == 0)
|
||||
{
|
||||
f->Unknown8 = 0;
|
||||
g = SeCopyClientToken(Token, ImpersonationLevel, 0, &NewToken);
|
||||
if (g >= 0)
|
||||
{
|
||||
// ObDeleteCapturedInsertInfo(NewToken);
|
||||
}
|
||||
if (TokenType == TokenPrimary || Token != NULL)
|
||||
{
|
||||
ObDereferenceObject(Token);
|
||||
}
|
||||
if (g < 0)
|
||||
{
|
||||
return(g);
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
f->Unknown8 = 1;
|
||||
if (e != 0)
|
||||
{
|
||||
// SeGetTokenControlInformation(Token, &f->Unknown11);
|
||||
}
|
||||
NewToken = Token;
|
||||
}
|
||||
f->Unknown1 = 0xc;
|
||||
f->Level = Qos->ImpersonationLevel;
|
||||
f->ContextTrackingMode = Qos->ContextTrackingMode;
|
||||
f->EffectiveOnly = Qos->EffectiveOnly;
|
||||
f->Unknown10 = e;
|
||||
f->Token = NewToken;
|
||||
|
||||
return(STATUS_SUCCESS);
|
||||
}
|
||||
|
||||
|
||||
VOID SeImpersonateClient(PSE_SOME_STRUCT2 a,
|
||||
PETHREAD Thread)
|
||||
{
|
||||
UCHAR b;
|
||||
|
||||
if (a->Unknown8 == 0)
|
||||
{
|
||||
b = a->EffectiveOnly;
|
||||
}
|
||||
else
|
||||
{
|
||||
b = a->Unknown9;
|
||||
}
|
||||
if (Thread == NULL)
|
||||
{
|
||||
Thread = PsGetCurrentThread();
|
||||
}
|
||||
PsImpersonateClient(Thread,
|
||||
a->Token,
|
||||
1,
|
||||
(ULONG)b,
|
||||
a->Level);
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
||||
NTSTATUS STDCALL NtPrivilegeCheck (IN HANDLE ClientToken,
|
||||
|
@ -27,15 +287,12 @@ NTSTATUS STDCALL NtPrivilegeCheck (IN HANDLE ClientToken,
|
|||
}
|
||||
|
||||
|
||||
NTSTATUS
|
||||
STDCALL
|
||||
NtPrivilegedServiceAuditAlarm (
|
||||
NTSTATUS STDCALL NtPrivilegedServiceAuditAlarm(
|
||||
IN PUNICODE_STRING SubsystemName,
|
||||
IN PUNICODE_STRING ServiceName,
|
||||
IN HANDLE ClientToken,
|
||||
IN PPRIVILEGE_SET Privileges,
|
||||
IN BOOLEAN AccessGranted
|
||||
)
|
||||
IN BOOLEAN AccessGranted)
|
||||
{
|
||||
UNIMPLEMENTED;
|
||||
}
|
||||
|
@ -74,44 +331,6 @@ NtOpenObjectAuditAlarm (
|
|||
UNIMPLEMENTED;
|
||||
}
|
||||
|
||||
|
||||
NTSTATUS
|
||||
STDCALL
|
||||
NtOpenProcessToken (
|
||||
IN HANDLE ProcessHandle,
|
||||
IN ACCESS_MASK DesiredAccess,
|
||||
OUT PHANDLE TokenHandle
|
||||
)
|
||||
{
|
||||
UNIMPLEMENTED;
|
||||
}
|
||||
|
||||
|
||||
NTSTATUS
|
||||
STDCALL
|
||||
NtOpenThreadToken (
|
||||
IN HANDLE ThreadHandle,
|
||||
IN ACCESS_MASK DesiredAccess,
|
||||
IN BOOLEAN OpenAsSelf,
|
||||
OUT PHANDLE TokenHandle
|
||||
)
|
||||
{
|
||||
UNIMPLEMENTED;
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
||||
NTSTATUS STDCALL NtImpersonateThread (IN HANDLE ThreadHandle,
|
||||
IN HANDLE ThreadToImpersonate,
|
||||
IN PSECURITY_QUALITY_OF_SERVICE
|
||||
SecurityQualityOfService)
|
||||
{
|
||||
UNIMPLEMENTED;
|
||||
}
|
||||
|
||||
|
||||
|
||||
NTSTATUS
|
||||
STDCALL
|
||||
NtAccessCheckAndAuditAlarm (
|
||||
|
@ -130,33 +349,6 @@ NtAccessCheckAndAuditAlarm (
|
|||
}
|
||||
|
||||
|
||||
NTSTATUS
|
||||
STDCALL
|
||||
NtAdjustGroupsToken (
|
||||
IN HANDLE TokenHandle,
|
||||
IN BOOLEAN ResetToDefault,
|
||||
IN PTOKEN_GROUPS NewState,
|
||||
IN ULONG BufferLength,
|
||||
OUT PTOKEN_GROUPS PreviousState OPTIONAL,
|
||||
OUT PULONG ReturnLength
|
||||
)
|
||||
{
|
||||
UNIMPLEMENTED;
|
||||
}
|
||||
|
||||
|
||||
NTSTATUS
|
||||
STDCALL
|
||||
NtAdjustPrivilegesToken(IN HANDLE TokenHandle,
|
||||
IN BOOLEAN DisableAllPrivileges,
|
||||
IN PTOKEN_PRIVILEGES NewState,
|
||||
IN ULONG BufferLength,
|
||||
OUT PTOKEN_PRIVILEGES PreviousState,
|
||||
OUT PULONG ReturnLength)
|
||||
{
|
||||
UNIMPLEMENTED;
|
||||
}
|
||||
|
||||
NTSTATUS
|
||||
STDCALL
|
||||
NtAllocateUuids (
|
||||
|
@ -202,7 +394,11 @@ NtDeleteObjectAuditAlarm (
|
|||
|
||||
VOID STDCALL SeReleaseSubjectContext (PSECURITY_SUBJECT_CONTEXT SubjectContext)
|
||||
{
|
||||
|
||||
ObDereferenceObject(SubjectContext->PrimaryToken);
|
||||
if (SubjectContext->ClientToken != NULL)
|
||||
{
|
||||
ObDereferenceObject(SubjectContext->ClientToken);
|
||||
}
|
||||
}
|
||||
|
||||
VOID STDCALL SeCaptureSubjectContext (PSECURITY_SUBJECT_CONTEXT SubjectContext)
|
||||
|
@ -346,8 +542,33 @@ NTSTATUS STDCALL SeAssignSecurity(PSECURITY_DESCRIPTOR ParentDescriptor,
|
|||
UNIMPLEMENTED;
|
||||
}
|
||||
|
||||
BOOLEAN SepSidInToken(PACCESS_TOKEN Token,
|
||||
PSID Sid)
|
||||
{
|
||||
ULONG i;
|
||||
|
||||
if (Token->UserAndGroupCount == 0)
|
||||
{
|
||||
return(FALSE);
|
||||
}
|
||||
|
||||
for (i=0; i<Token->UserAndGroupCount; i++)
|
||||
{
|
||||
if (RtlEqualSid(Sid, Token->UserAndGroups[i].Sid))
|
||||
{
|
||||
if (i == 0 ||
|
||||
(!(Token->UserAndGroups[i].Attributes & 0x4)))
|
||||
{
|
||||
return(TRUE);
|
||||
}
|
||||
return(FALSE);
|
||||
}
|
||||
}
|
||||
return(FALSE);
|
||||
}
|
||||
|
||||
BOOLEAN STDCALL SeAccessCheck (IN PSECURITY_DESCRIPTOR SecurityDescriptor,
|
||||
IN PSECURITY_DESCRIPTOR_CONTEXT SubjectSecurityContext,
|
||||
IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext,
|
||||
IN BOOLEAN SubjectContextLocked,
|
||||
IN ACCESS_MASK DesiredAccess,
|
||||
IN ACCESS_MASK PreviouslyGrantedAccess,
|
||||
|
@ -406,7 +627,7 @@ BOOLEAN STDCALL SeAccessCheck (IN PSECURITY_DESCRIPTOR SecurityDescriptor,
|
|||
Sid = (PSID)(CurrentAce + 1);
|
||||
if (CurrentAce->Header.AceType == ACCESS_DENIED_ACE_TYPE)
|
||||
{
|
||||
if (RtlEqualSid(Sid, NULL))
|
||||
if (SepSidInToken(SubjectSecurityContext->ClientToken, Sid))
|
||||
{
|
||||
*AccessStatus = STATUS_ACCESS_DENIED;
|
||||
*GrantedAccess = 0;
|
||||
|
@ -415,7 +636,7 @@ BOOLEAN STDCALL SeAccessCheck (IN PSECURITY_DESCRIPTOR SecurityDescriptor,
|
|||
}
|
||||
if (CurrentAce->Header.AceType == ACCESS_ALLOWED_ACE_TYPE)
|
||||
{
|
||||
if (RtlEqualSid(Sid, NULL))
|
||||
if (SepSidInToken(SubjectSecurityContext->ClientToken, Sid))
|
||||
{
|
||||
CurrentAccess = CurrentAccess |
|
||||
CurrentAce->Header.AccessMask;
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $Id: sid.c,v 1.2 1999/12/26 17:22:19 ea Exp $
|
||||
/* $Id: sid.c,v 1.3 2000/01/05 21:57:00 dwelch Exp $
|
||||
*
|
||||
* COPYRIGHT: See COPYING in the top level directory
|
||||
* PROJECT: ReactOS kernel
|
||||
|
@ -79,8 +79,7 @@ ULONG STDCALL RtlLengthSid (PSID Sid)
|
|||
return(sizeof(SID) + (Sid->SubAuthorityCount-1)*4);
|
||||
}
|
||||
|
||||
|
||||
NTSTATUS STDCALL RtlCopySid (ULONG BufferLength, PSID Src, PSID Dest)
|
||||
NTSTATUS STDCALL RtlCopySid (ULONG BufferLength, PSID Dest, PSID Src)
|
||||
{
|
||||
if (BufferLength < RtlLengthSid(Src))
|
||||
{
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $Id: token.c,v 1.2 1999/12/26 17:22:19 ea Exp $
|
||||
/* $Id: token.c,v 1.3 2000/01/05 21:57:00 dwelch Exp $
|
||||
*
|
||||
* COPYRIGHT: See COPYING in the top level directory
|
||||
* PROJECT: ReactOS kernel
|
||||
|
@ -47,6 +47,36 @@ VOID SeInitializeTokenManager(VOID)
|
|||
|
||||
}
|
||||
|
||||
NTSTATUS RtlCopySidAndAttributesArray(ULONG Count, // ebp + 8
|
||||
PSID_AND_ATTRIBUTES Src, // ebp + C
|
||||
ULONG MaxLength, // ebp + 10
|
||||
PSID_AND_ATTRIBUTES Dest, // ebp + 14
|
||||
PVOID e, // ebp + 18
|
||||
PVOID* f, // ebp + 1C
|
||||
PULONG g) // ebp + 20
|
||||
{
|
||||
ULONG Length; // ebp - 4
|
||||
ULONG i;
|
||||
|
||||
Length = MaxLength;
|
||||
|
||||
for (i=0; i<Count; i++)
|
||||
{
|
||||
if (RtlLengthSid(Src[i].Sid) > Length)
|
||||
{
|
||||
return(STATUS_UNSUCCESSFUL);
|
||||
}
|
||||
Length = Length - RtlLengthSid(Src[i].Sid);
|
||||
Dest[i].Sid = e;
|
||||
Dest[i].Attributes = Src[i].Attributes;
|
||||
RtlCopySid(RtlLengthSid(Src[i].Sid), e, Src[i].Sid);
|
||||
e = e + RtlLengthSid(Src[i].Sid) + sizeof(ULONG);
|
||||
}
|
||||
*f = e;
|
||||
*g = Length;
|
||||
return(STATUS_SUCCESS);
|
||||
}
|
||||
|
||||
NTSTATUS STDCALL NtQueryInformationToken(IN HANDLE TokenHandle,
|
||||
IN TOKEN_INFORMATION_CLASS
|
||||
TokenInformationClass,
|
||||
|
@ -56,9 +86,13 @@ NTSTATUS STDCALL NtQueryInformationToken(IN HANDLE TokenHandle,
|
|||
{
|
||||
NTSTATUS Status;
|
||||
PACCESS_TOKEN Token;
|
||||
PVOID UnusedInfo;
|
||||
PVOID EndMem;
|
||||
PTOKEN_GROUPS PtrTokenGroups;
|
||||
PTOKEN_DEFAULT_DACL PtrDefaultDacl;
|
||||
PTOKEN_STATISTICS PtrTokenStatistics;
|
||||
|
||||
Status = ObReferenceObjectByHandle(TokenHandle,
|
||||
// TOKEN_QUERY_INFORMATION,
|
||||
0,
|
||||
SeTokenType,
|
||||
UserMode,
|
||||
|
@ -69,6 +103,98 @@ NTSTATUS STDCALL NtQueryInformationToken(IN HANDLE TokenHandle,
|
|||
return(Status);
|
||||
}
|
||||
|
||||
switch (TokenInformationClass)
|
||||
{
|
||||
case TokenUser:
|
||||
Status = RtlCopySidAndAttributesArray(1,
|
||||
Token->UserAndGroups,
|
||||
TokenInformationLength,
|
||||
TokenInformation,
|
||||
TokenInformation + 8,
|
||||
&UnusedInfo,
|
||||
ReturnLength);
|
||||
if (!NT_SUCCESS(Status))
|
||||
{
|
||||
ObDereferenceObject(Token);
|
||||
return(Status);
|
||||
}
|
||||
break;
|
||||
|
||||
|
||||
case TokenGroups:
|
||||
EndMem = TokenInformation +
|
||||
Token->UserAndGroupCount * sizeof(SID_AND_ATTRIBUTES);
|
||||
PtrTokenGroups = (PTOKEN_GROUPS)TokenInformation;
|
||||
PtrTokenGroups->GroupCount = Token->UserAndGroupCount - 1;
|
||||
Status = RtlCopySidAndAttributesArray(Token->UserAndGroupCount - 1,
|
||||
&Token->UserAndGroups[1],
|
||||
TokenInformationLength,
|
||||
PtrTokenGroups->Groups,
|
||||
EndMem,
|
||||
&UnusedInfo,
|
||||
ReturnLength);
|
||||
if (!NT_SUCCESS(Status))
|
||||
{
|
||||
ObDereferenceObject(Token);
|
||||
return(Status);
|
||||
}
|
||||
break;
|
||||
|
||||
case TokenPrivileges:
|
||||
break;
|
||||
|
||||
case TokenOwner:
|
||||
((PTOKEN_OWNER)TokenInformation)->Owner =
|
||||
(PSID)(((PTOKEN_OWNER)TokenInformation) + 1);
|
||||
RtlCopySid(TokenInformationLength - sizeof(TOKEN_OWNER),
|
||||
((PTOKEN_OWNER)TokenInformation)->Owner,
|
||||
Token->UserAndGroups[Token->DefaultOwnerIndex].Sid);
|
||||
break;
|
||||
|
||||
case TokenPrimaryGroup:
|
||||
((PTOKEN_PRIMARY_GROUP)TokenInformation)->PrimaryGroup =
|
||||
(PSID)(((PTOKEN_PRIMARY_GROUP)TokenInformation) + 1);
|
||||
RtlCopySid(TokenInformationLength - sizeof(TOKEN_OWNER),
|
||||
((PTOKEN_PRIMARY_GROUP)TokenInformation)->PrimaryGroup,
|
||||
Token->PrimaryGroup);
|
||||
break;
|
||||
|
||||
case TokenDefaultDacl:
|
||||
PtrDefaultDacl = (PTOKEN_DEFAULT_DACL)TokenInformation;
|
||||
PtrDefaultDacl->DefaultDacl = (PACL)(PtrDefaultDacl + 1);
|
||||
memmove(PtrDefaultDacl->DefaultDacl,
|
||||
Token->DefaultDacl,
|
||||
Token->DefaultDacl->AclSize);
|
||||
break;
|
||||
|
||||
case TokenSource:
|
||||
memcpy(TokenInformation, &Token->TokenSource, sizeof(TOKEN_SOURCE));
|
||||
break;
|
||||
|
||||
case TokenType:
|
||||
*((PTOKEN_TYPE)TokenInformation) = Token->TokenType;
|
||||
break;
|
||||
|
||||
case TokenImpersonationLevel:
|
||||
*((PSECURITY_IMPERSONATION_LEVEL)TokenInformation) =
|
||||
Token->ImpersonationLevel;
|
||||
break;
|
||||
|
||||
case TokenStatistics:
|
||||
PtrTokenStatistics = (PTOKEN_STATISTICS)TokenInformation;
|
||||
PtrTokenStatistics->TokenId = Token->TokenId;
|
||||
PtrTokenStatistics->AuthenticationId = Token->AuthenticationId;
|
||||
PtrTokenStatistics->ExpirationTime = Token->ExpirationTime;
|
||||
PtrTokenStatistics->TokenType = Token->TokenType;
|
||||
PtrTokenStatistics->ImpersonationLevel = Token->ImpersonationLevel;
|
||||
PtrTokenStatistics->DynamicCharged = Token->DynamicCharged;
|
||||
PtrTokenStatistics->DynamicAvailable = Token->DynamicAvailable;
|
||||
PtrTokenStatistics->GroupCount = Token->UserAndGroupCount - 1;
|
||||
PtrTokenStatistics->PrivilegeCount = Token->PrivilegeCount;
|
||||
PtrTokenStatistics->ModifiedId = Token->ModifiedId;
|
||||
break;
|
||||
}
|
||||
|
||||
ObDereferenceObject(Token);
|
||||
return(STATUS_SUCCESS);
|
||||
}
|
||||
|
@ -102,6 +228,29 @@ NtDuplicateToken (
|
|||
UNIMPLEMENTED;
|
||||
}
|
||||
|
||||
NTSTATUS STDCALL NtAdjustGroupsToken(IN HANDLE TokenHandle,
|
||||
IN BOOLEAN ResetToDefault,
|
||||
IN PTOKEN_GROUPS NewState,
|
||||
IN ULONG BufferLength,
|
||||
OUT PTOKEN_GROUPS PreviousState OPTIONAL,
|
||||
OUT PULONG ReturnLength)
|
||||
{
|
||||
UNIMPLEMENTED;
|
||||
}
|
||||
|
||||
|
||||
NTSTATUS
|
||||
STDCALL
|
||||
NtAdjustPrivilegesToken(IN HANDLE TokenHandle,
|
||||
IN BOOLEAN DisableAllPrivileges,
|
||||
IN PTOKEN_PRIVILEGES NewState,
|
||||
IN ULONG BufferLength,
|
||||
OUT PTOKEN_PRIVILEGES PreviousState,
|
||||
OUT PULONG ReturnLength)
|
||||
{
|
||||
UNIMPLEMENTED;
|
||||
}
|
||||
|
||||
NTSTATUS STDCALL NtCreateToken(OUT PHANDLE TokenHandle,
|
||||
IN ACCESS_MASK DesiredAccess,
|
||||
IN POBJECT_ATTRIBUTES ObjectAttributes,
|
||||
|
@ -116,6 +265,24 @@ NTSTATUS STDCALL NtCreateToken(OUT PHANDLE TokenHandle,
|
|||
IN PTOKEN_DEFAULT_DACL TokenDefaultDacl,
|
||||
IN PTOKEN_SOURCE TokenSource)
|
||||
{
|
||||
#if 0
|
||||
PACCESS_TOKEN AccessToken;
|
||||
NTSTATUS Status;
|
||||
|
||||
Status = ObCreateObject(TokenHandle,
|
||||
DesiredAccess,
|
||||
ObjectAttributes,
|
||||
SeTokenType);
|
||||
if (!NT_SUCCESS(Status))
|
||||
{
|
||||
return(Status);
|
||||
}
|
||||
|
||||
AccessToken->TokenType = TokenType;
|
||||
RtlCopyLuid(&AccessToken->AuthenticationId, AuthenticationId);
|
||||
AccessToken->ExpirationTime = *ExpirationTime;
|
||||
AccessToken->
|
||||
#endif
|
||||
UNIMPLEMENTED;
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in a new issue