Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2024-06-26 07:51:52 +00:00
Code Issues Packages Projects Releases Wiki Activity

[NTOS:SE] Document the whole subsystem in Doxygen format

Browse source 
And update the file comment headers.
This commit is contained in:
George Bișoc 2021-08-11 16:24:45 +02:00
parent f831ec7e0a
commit 6413009c10
No known key found for this signature in database
GPG key ID: 688C4FBE25D7DEF6
10 changed files with 3577 additions and 192 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

327
ntoskrnl/se/access.c
View file

@ -1,11 +1,8 @@
/*
* COPYRIGHT: See COPYING in the top level directory
* PROJECT: ReactOS kernel
* FILE: ntoskrnl/se/access.c
* PURPOSE: Access state functions
*
* PROGRAMMERS: Alex Ionescu (alex@relsoft.net) -
* Based on patch by Javier M. Mellid
* PROJECT: ReactOS Kernel
* LICENSE: GPL-2.0-or-later (https://spdx.org/licenses/GPL-2.0-or-later)
* PURPOSE: Security access state functions support
* COPYRIGHT: Copyright Alex Ionescu <alex@relsoft.net>
*/
/* INCLUDES *******************************************************************/
@ -20,6 +17,32 @@ ERESOURCE SepSubjectContextLock;
/* PRIVATE FUNCTIONS **********************************************************/
/**
* @brief
* Checks if a SID is present in a token.
*
* @param[in] _Token
* A valid token object.
*
* @param[in] PrincipalSelfSid
* A principal self SID.
*
* @param[in] _Sid
* A regular SID.
*
* @param[in] Deny
* If set to TRUE, the caller expected that a SID in a token
* must be a deny-only SID, that is, access checks are performed
* only for deny-only ACEs of the said SID.
*
* @param[in] Restricted
* If set to TRUE, the caller expects that a SID in a token is
* restricted.
*
* @return
* Returns TRUE if the specified SID in the call is present in the token,
* FALSE otherwise.
*/
BOOLEAN
NTAPI
SepSidInTokenEx(IN PACCESS_TOKEN _Token,
@ -106,6 +129,20 @@ SepSidInTokenEx(IN PACCESS_TOKEN _Token,
return FALSE;
}
/**
* @brief
* Checks if a SID is present in a token.
*
* @param[in] _Token
* A valid token object.
*
* @param[in] _Sid
* A regular SID.
*
* @return
* Returns TRUE if the specified SID in the call is present in the token,
* FALSE otherwise.
*/
BOOLEAN
NTAPI
SepSidInToken(IN PACCESS_TOKEN _Token,
@ -115,6 +152,24 @@ SepSidInToken(IN PACCESS_TOKEN _Token,
return SepSidInTokenEx(_Token, NULL, Sid, FALSE, FALSE);
}
/**
* @brief
* Checks if a token belongs to the main user, being the owner.
*
* @param[in] _Token
* A valid token object.
*
* @param[in] SecurityDescriptor
* A security descriptor where the owner is to be found.
*
* @param[in] TokenLocked
* If set to TRUE, the token has been already locked and there's
* no need to lock it again. Otherwise the function will acquire
* the lock.
*
* @return
* Returns TRUE if the token belongs to a owner, FALSE otherwise.
*/
BOOLEAN
NTAPI
SepTokenIsOwner(IN PACCESS_TOKEN _Token,
@ -146,6 +201,19 @@ SepTokenIsOwner(IN PACCESS_TOKEN _Token,
return Result;
}
/**
* @brief
* Retrieves token control information.
*
* @param[in] _Token
* A valid token object.
*
* @param[out] SecurityDescriptor
* The returned token control information.
*
* @return
* Nothing.
*/
VOID
NTAPI
SeGetTokenControlInformation(IN PACCESS_TOKEN _Token,
@ -169,6 +237,41 @@ SeGetTokenControlInformation(IN PACCESS_TOKEN _Token,
SepReleaseTokenLock(Token);
}
/**
* @brief
* Creates a client security context based upon an access token.
*
* @param[in] Token
* A valid token object.
*
* @param[in] ClientSecurityQos
* The Quality of Service (QoS) of a client security context.
*
* @param[in] ServerIsRemote
* If the client is a remote server (TRUE), the function will retrieve the
* control information of an access token, that is, we're doing delegation
* and that the server isn't local.
*
* @param[in] TokenType
* Type of token.
*
* @param[in] ThreadEffectiveOnly
* If set to TRUE, the client wants that the current thread wants to modify
* (enable or disable) privileges and groups.
*
* @param[in] ImpersonationLevel
* Security impersonation level filled in the QoS context.
*
* @param[out] ClientContext
* The returned security client context.
*
* @return
* Returns STATUS_SUCCESS if client security creation has completed successfully.
* STATUS_INVALID_PARAMETER is returned if one or more of the parameters are bogus.
* STATUS_BAD_IMPERSONATION_LEVEL is returned if the current impersonation level
* within QoS context doesn't meet with the conditions required. A failure
* NTSTATUS code is returned otherwise.
*/
NTSTATUS
NTAPI
SepCreateClientSecurity(IN PACCESS_TOKEN Token,
@ -258,8 +361,24 @@ SepCreateClientSecurity(IN PACCESS_TOKEN Token,
/* PUBLIC FUNCTIONS ***********************************************************/
/*
* @implemented
/**
* @brief
* An extended function that captures the security subject context based upon
* the specified thread and process.
*
* @param[in] Thread
* A thread where the calling thread's token is to be referenced for
* the security context.
*
* @param[in] Process
* A process where the main process' token is to be referenced for
* the security context.
*
* @param[out] SubjectContext
* The returned security subject context.
*
* @return
* Nothing.
*/
VOID
NTAPI
@ -293,8 +412,16 @@ SeCaptureSubjectContextEx(IN PETHREAD Thread,
SubjectContext->PrimaryToken = PsReferencePrimaryToken(Process);
}
/*
* @implemented
/**
* @brief
* Captures the security subject context of the calling thread and calling
* process.
*
* @param[out] SubjectContext
* The returned security subject context.
*
* @return
* Nothing.
*/
VOID
NTAPI
@ -306,8 +433,16 @@ SeCaptureSubjectContext(OUT PSECURITY_SUBJECT_CONTEXT SubjectContext)
SubjectContext);
}
/*
* @implemented
/**
* @brief
* Locks both the referenced primary and client access tokens of a
* security subject context.
*
* @param[in] SubjectContext
* A valid security context with both referenced tokens.
*
* @return
* Nothing.
*/
VOID
NTAPI
@ -328,8 +463,16 @@ SeLockSubjectContext(IN PSECURITY_SUBJECT_CONTEXT SubjectContext)
SepAcquireTokenLockShared(ClientToken);
}
/*
* @implemented
/**
* @brief
* Unlocks both the referenced primary and client access tokens of a
* security subject context.
*
* @param[in] SubjectContext
* A valid security context with both referenced tokens.
*
* @return
* Nothing.
*/
VOID
NTAPI
@ -352,8 +495,16 @@ SeUnlockSubjectContext(IN PSECURITY_SUBJECT_CONTEXT SubjectContext)
SepReleaseTokenLock(PrimaryToken);
}
/*
* @implemented
/**
* @brief
* Releases both the primary and client tokens of a security
* subject context.
*
* @param[in] SubjectContext
* The captured security context.
*
* @return
* Nothing.
*/
VOID
NTAPI
@ -370,8 +521,30 @@ SeReleaseSubjectContext(IN PSECURITY_SUBJECT_CONTEXT SubjectContext)
SubjectContext->ClientToken = NULL;
}
/*
* @implemented
/**
* @brief
* An extended function that creates an access state.
*
* @param[in] Thread
* Valid thread object where subject context is to be captured.
*
* @param[in] Process
* Valid process object where subject context is to be captured.
*
* @param[in, out] AccessState
* An initialized returned parameter to an access state.
*
* @param[in] AuxData
* Auxiliary security data for access state.
*
* @param[in] Access
* Type of access mask to assign.
*
* @param[in] GenericMapping
* Generic mapping for the access state to assign.
*
* @return
* Returns STATUS_SUCCESS.
*/
NTSTATUS
NTAPI
@ -431,8 +604,24 @@ SeCreateAccessStateEx(IN PETHREAD Thread,
return STATUS_SUCCESS;
}
/*
* @implemented
/**
* @brief
* Creates an access state.
*
* @param[in, out] AccessState
* An initialized returned parameter to an access state.
*
* @param[in] AuxData
* Auxiliary security data for access state.
*
* @param[in] Access
* Type of access mask to assign.
*
* @param[in] GenericMapping
* Generic mapping for the access state to assign.
*
* @return
* See SeCreateAccessStateEx.
*/
NTSTATUS
NTAPI
@ -452,8 +641,15 @@ SeCreateAccessState(IN OUT PACCESS_STATE AccessState,
GenericMapping);
}
/*
* @implemented
/**
* @brief
* Deletes an allocated access state from the memory.
*
* @param[in] AccessState
* A valid access state.
*
* @return
* Nothing.
*/
VOID
NTAPI
@ -484,8 +680,18 @@ SeDeleteAccessState(IN PACCESS_STATE AccessState)
SeReleaseSubjectContext(&AccessState->SubjectSecurityContext);
}
/*
* @implemented
/**
* @brief
* Sets a new generic mapping for an allocated access state.
*
* @param[in] AccessState
* A valid access state.
*
* @param[in] GenericMapping
* New generic mapping to assign.
*
* @return
* Nothing.
*/
VOID
NTAPI
@ -498,8 +704,24 @@ SeSetAccessStateGenericMapping(IN PACCESS_STATE AccessState,
((PAUX_ACCESS_DATA)AccessState->AuxData)->GenericMapping = *GenericMapping;
}
/*
* @implemented
/**
* @brief
* Creates a client security context.
*
* @param[in] Thread
* Thread object of the client where impersonation has to begin.
*
* @param[in] Qos
* Quality of service to specify what kind of impersonation to be done.
*
* @param[in] RemoteClient
* If set to TRUE, the client that we're going to impersonate is remote.
*
* @param[out] ClientContext
* The returned security client context.
*
* @return
* See SepCreateClientSecurity.
*/
NTSTATUS
NTAPI
@ -541,8 +763,26 @@ SeCreateClientSecurity(IN PETHREAD Thread,
return Status;
}
/*
* @implemented
/**
* @brief
* Creates a client security context based upon the captured security
* subject context.
*
* @param[in] SubjectContext
* The captured subject context where client security is to be created
* from.
*
* @param[in] ClientSecurityQos
* Quality of service to specify what kind of impersonation to be done.
*
* @param[in] ServerIsRemote
* If set to TRUE, the client that we're going to impersonate is remote.
*
* @param[out] ClientContext
* The returned security client context.
*
* @return
* See SepCreateClientSecurity.
*/
NTSTATUS
NTAPI
@ -581,8 +821,19 @@ SeCreateClientSecurityFromSubjectContext(IN PSECURITY_SUBJECT_CONTEXT SubjectCon
return Status;
}
/*
* @implemented
/**
* @brief
* Extended function that impersonates a client.
*
* @param[in] ClientContext
* A valid client context.
*
* @param[in] ServerThread
* The thread where impersonation is to be done.
*
* @return
* STATUS_SUCCESS is returned if the calling thread successfully impersonates
* the client. A failure NTSTATUS code is returned otherwise.
*/
NTSTATUS
NTAPI
@ -615,8 +866,18 @@ SeImpersonateClientEx(IN PSECURITY_CLIENT_CONTEXT ClientContext,
ClientContext->SecurityQos.ImpersonationLevel);
}
/*
* @implemented
/**
* @brief
* Impersonates a client user.
*
* @param[in] ClientContext
* A valid client context.
*
* @param[in] ServerThread
* The thread where impersonation is to be done.
* *
* @return
* Nothing.
*/
VOID
NTAPI

290
ntoskrnl/se/accesschk.c
View file

@ -1,10 +1,9 @@
/*
* COPYRIGHT: See COPYING in the top level directory
* PROJECT: ReactOS kernel
* FILE: ntoskrnl/se/accesschk.c
* PURPOSE: Security manager
*
* PROGRAMMERS: No programmer listed.
* PROJECT: ReactOS Kernel
* LICENSE: GPL-2.0-or-later (https://spdx.org/licenses/GPL-2.0-or-later)
* PURPOSE: Security access check control implementation
* COPYRIGHT: Copyright Timo Kreuzer <timo.kreuzer@reactos.org>
* Copyright Eric Kohl
*/
/* INCLUDES *******************************************************************/
@ -18,8 +17,53 @@
/* PRIVATE FUNCTIONS **********************************************************/
/*
* FIXME: Incomplete!
/**
* @brief
* Private function that determines whether security access rights can be given
* to an object depending on the security descriptor and other security context
* entities, such as an owner.
*
* @param[in] SecurityDescriptor
* Security descriptor of the object that is being accessed.
*
* @param[in] SubjectSecurityContext
* The captured subject security context.
*
* @param[in] DesiredAccess
* Access right bitmask that the calling thread wants to acquire.
*
* @param[in] ObjectTypeListLength
* The length of a object type list.
*
* @param[in] PreviouslyGrantedAccess
* The access rights previously acquired in the past.
*
* @param[out] Privileges
* The returned set of privileges.
*
* @param[in] GenericMapping
* The generic mapping of access rights of an object type.
*
* @param[in] AccessMode
* The processor request level mode.
*
* @param[out] GrantedAccessList
* A list of granted access rights.
*
* @param[out] AccessStatusList
* The returned status code specifying why access cannot be made
* onto an object (if said access is denied in the first place).
*
* @param[in] UseResultList
* If set to TRUE, the function will return complete lists of
* access status codes and granted access rights.
*
* @return
* Returns TRUE if access onto the specific object is allowed, FALSE
* otherwise.
*
* @remarks
* The function is currently incomplete!
*/
BOOLEAN NTAPI
SepAccessCheck(IN PSECURITY_DESCRIPTOR SecurityDescriptor,
@ -286,6 +330,17 @@ ReturnCommonStatus:
return NT_SUCCESS(Status);
}
/**
* @brief
* Retrieves the main user from a security descriptor.
*
* @param[in] SecurityDescriptor
* A valid allocated security descriptor structure where the owner
* is to be retrieved.
*
* @return
* Returns a SID that represents the main user (owner).
*/
static PSID
SepGetSDOwner(IN PSECURITY_DESCRIPTOR _SecurityDescriptor)
{
@ -301,6 +356,17 @@ SepGetSDOwner(IN PSECURITY_DESCRIPTOR _SecurityDescriptor)
return Owner;
}
/**
* @brief
* Retrieves the group from a security descriptor.
*
* @param[in] SecurityDescriptor
* A valid allocated security descriptor structure where the group
* is to be retrieved.
*
* @return
* Returns a SID that represents a group.
*/
static PSID
SepGetSDGroup(IN PSECURITY_DESCRIPTOR _SecurityDescriptor)
{
@ -316,6 +382,16 @@ SepGetSDGroup(IN PSECURITY_DESCRIPTOR _SecurityDescriptor)
return Group;
}
/**
* @brief
* Retrieves the length size of a set list of privileges structure.
*
* @param[in] PrivilegeSet
* A valid set of privileges.
*
* @return
* Returns the total length of a set of privileges.
*/
static
ULONG
SepGetPrivilegeSetLength(IN PPRIVILEGE_SET PrivilegeSet)
@ -332,8 +408,47 @@ SepGetPrivilegeSetLength(IN PPRIVILEGE_SET PrivilegeSet)
/* PUBLIC FUNCTIONS ***********************************************************/
/*
* @implemented
/**
* @brief
* Determines whether security access rights can be given to an object
* depending on the security descriptor and other security context
* entities, such as an owner.
*
* @param[in] SecurityDescriptor
* Security descriptor of the object that is being accessed.
*
* @param[in] SubjectSecurityContext
* The captured subject security context.
*
* @param[in] SubjectContextLocked
* If set to TRUE, a lock must be acquired for the security subject
* context.
*
* @param[in] DesiredAccess
* Access right bitmask that the calling thread wants to acquire.
*
* @param[in] PreviouslyGrantedAccess
* The access rights previously acquired in the past.
*
* @param[out] Privileges
* The returned set of privileges.
*
* @param[in] GenericMapping
* The generic mapping of access rights of an object type.
*
* @param[in] AccessMode
* The processor request level mode.
*
* @param[out] GrantedAccess
* A list of granted access rights.
*
* @param[out] AccessStatus
* The returned status code specifying why access cannot be made
* onto an object (if said access is denied in the first place).
*
* @return
* Returns TRUE if access onto the specific object is allowed, FALSE
* otherwise.
*/
BOOLEAN
NTAPI
@ -452,8 +567,29 @@ SeAccessCheck(IN PSECURITY_DESCRIPTOR SecurityDescriptor,
return ret;
}
/*
* @implemented
/**
* @brief
* Determines whether security access rights can be given to an object
* depending on the security descriptor. Unlike the regular access check
* procedure in the NT kernel, the fast traverse check is a faster way
* to quickly check if access can be made into an object.
*
* @param[in] SecurityDescriptor
* Security descriptor of the object that is being accessed.
*
* @param[in] AccessState
* An access state to determine if the access token in the current
* security context of the object is an restricted token.
*
* @param[in] DesiredAccess
* The access right bitmask where the calling thread wants to acquire.
*
* @param[in] AccessMode
* Process level request mode.
*
* @return
* Returns TRUE if access onto the specific object is allowed, FALSE
* otherwise.
*/
BOOLEAN
NTAPI
@ -521,8 +657,48 @@ SeFastTraverseCheck(IN PSECURITY_DESCRIPTOR SecurityDescriptor,
/* SYSTEM CALLS ***************************************************************/
/*
* @implemented
/**
* @brief
* Determines whether security access rights can be given to an object
* depending on the security descriptor and a valid handle to an access
* token.
*
* @param[in] SecurityDescriptor
* Security descriptor of the object that is being accessed.
*
* @param[in] TokenHandle
* A handle to a token.
*
* @param[in] DesiredAccess
* The access right bitmask where the calling thread wants to acquire.
*
* @param[in] GenericMapping
* The generic mapping of access rights of an object type.
*
* @param[out] PrivilegeSet
* The returned set of privileges.
*
* @param[in,out] PrivilegeSetLength
* The total length size of a set of privileges.
*
* @param[out] GrantedAccess
* A list of granted access rights.
*
* @param[out] AccessStatus
* The returned status code specifying why access cannot be made
* onto an object (if said access is denied in the first place).
*
* @return
* Returns STATUS_SUCCESS if access check has been done without problems
* and that the object can be accessed. STATUS_GENERIC_NOT_MAPPED is returned
* if no generic access right is mapped. STATUS_NO_IMPERSONATION_TOKEN is returned
* if the token from the handle is not an impersonation token.
* STATUS_BAD_IMPERSONATION_LEVEL is returned if the token cannot be impersonated
* because the current security impersonation level doesn't permit so.
* STATUS_INVALID_SECURITY_DESCR is returned if the security descriptor given
* to the call is not a valid one. STATUS_BUFFER_TOO_SMALL is returned if
* the buffer to the captured privileges has a length that is less than the required
* size of the set of privileges. A failure NTSTATUS code is returned otherwise.
*/
NTSTATUS
NTAPI
@ -768,7 +944,48 @@ NtAccessCheck(IN PSECURITY_DESCRIPTOR SecurityDescriptor,
return STATUS_SUCCESS;
}
/**
* @brief
* Determines whether security access could be granted or not on
* an object by the requestor who wants such access through type.
*
* @param[in] SecurityDescriptor
* A security descriptor with information data for auditing.
*
* @param[in] PrincipalSelfSid
* A principal self user SID.
*
* @param[in] ClientToken
* A client access token.
*
* @param[in] DesiredAccess
* The desired access masks rights requested by the caller.
*
* @param[in] ObjectTypeList
* A list of object types.
*
* @param[in] ObjectTypeLength
* The length size of the list.
*
* @param[in] GenericMapping
* The generic mapping list of access masks rights.
*
* @param[in] PrivilegeSet
* An array set of privileges.
*
* @param[in,out] PrivilegeSetLength
* The length size of the array set of privileges.
*
* @param[out] GrantedAccess
* The returned granted access rights.
*
* @param[out] AccessStatus
* The returned NTSTATUS code indicating the final results
* of auditing.
*
* @return
* To be added...
*/
NTSTATUS
NTAPI
NtAccessCheckByType(IN PSECURITY_DESCRIPTOR SecurityDescriptor,
@ -787,6 +1004,49 @@ NtAccessCheckByType(IN PSECURITY_DESCRIPTOR SecurityDescriptor,
return STATUS_NOT_IMPLEMENTED;
}
/**
* @brief
* Determines whether security access could be granted or not on
* an object by the requestor who wants such access through
* type list.
*
* @param[in] SecurityDescriptor
* A security descriptor with information data for auditing.
*
* @param[in] PrincipalSelfSid
* A principal self user SID.
*
* @param[in] ClientToken
* A client access token.
*
* @param[in] DesiredAccess
* The desired access masks rights requested by the caller.
*
* @param[in] ObjectTypeList
* A list of object types.
*
* @param[in] ObjectTypeLength
* The length size of the list.
*
* @param[in] GenericMapping
* The generic mapping list of access masks rights.
*
* @param[in] PrivilegeSet
* An array set of privileges.
*
* @param[in,out] PrivilegeSetLength
* The length size of the array set of privileges.
*
* @param[out] GrantedAccess
* The returned granted access rights.
*
* @param[out] AccessStatus
* The returned NTSTATUS code indicating the final results
* of auditing.
*
* @return
* To be added...
*/
NTSTATUS
NTAPI
NtAccessCheckByTypeResultList(IN PSECURITY_DESCRIPTOR SecurityDescriptor,

196
ntoskrnl/se/acl.c
View file

@ -1,10 +1,8 @@
/*
* COPYRIGHT: See COPYING in the top level directory
* PROJECT: ReactOS kernel
* FILE: ntoskrnl/se/acl.c
* PURPOSE: Security manager
*
* PROGRAMMERS: David Welch <welch@cwcom.net>
* PROJECT: ReactOS Kernel
* LICENSE: GPL-2.0-or-later (https://spdx.org/licenses/GPL-2.0-or-later)
* PURPOSE: Access control lists (ACLs) implementation
* COPYRIGHT: Copyright David Welch <welch@cwcom.net>
*/
/* INCLUDES *******************************************************************/
@ -25,6 +23,15 @@ PACL SeSystemAnonymousLogonDacl = NULL;
/* FUNCTIONS ******************************************************************/
/**
* @brief
* Initializes known discretionary access control lists in the system upon
* kernel and Executive initialization procedure.
*
* @return
* Returns TRUE if all the DACLs have been successfully initialized,
* FALSE otherwise.
*/
CODE_SEG("INIT")
BOOLEAN
NTAPI
@ -246,6 +253,25 @@ SepInitDACLs(VOID)
return TRUE;
}
/**
* @brief
* Allocates a discretionary access control list based on certain properties
* of a regular and primary access tokens.
*
* @param[in] Token
* An access token.
*
* @param[in] PrimaryToken
* A primary access token.
*
* @param[out] Dacl
* The returned allocated DACL.
*
* @return
* Returns STATUS_SUCCESS if DACL creation from tokens has completed
* successfully. STATUS_INSUFFICIENT_RESOURCES is returned if DACL
* allocation from memory pool fails otherwise.
*/
NTSTATUS
NTAPI
SepCreateImpersonationTokenDacl(
@ -294,6 +320,33 @@ SepCreateImpersonationTokenDacl(
return STATUS_SUCCESS;
}
/**
* @brief
* Captures an access control list from an already valid input ACL.
*
* @param[in] InputAcl
* A valid ACL.
*
* @param[in] AccessMode
* Processor level access mode. The processor mode determines how
* are the input arguments probed.
*
* @param[in] PoolType
* Pool type for new captured ACL for creation. The pool type determines
* how the ACL data should reside in the pool memory.
*
* @param[in] CaptureIfKernel
* If set to TRUE and the processor access mode being KernelMode, we're
* capturing an ACL directly in the kernel. Otherwise we're capturing
* within a kernel mode driver.
*
* @param[out] CapturedAcl
* The returned and allocated captured ACL.
*
* @return
* Returns STATUS_SUCCESS if the ACL has been successfully captured.
* STATUS_INSUFFICIENT_RESOURCES is returned otherwise.
*/
NTSTATUS
NTAPI
SepCaptureAcl(IN PACL InputAcl,
@ -382,6 +435,24 @@ SepCaptureAcl(IN PACL InputAcl,
return Status;
}
/**
* @brief
* Releases (frees) a captured ACL from the memory pool.
*
* @param[in] CapturedAcl
* A valid captured ACL to free.
*
* @param[in] AccessMode
* Processor level access mode.
*
* @param[in] CaptureIfKernel
* If set to TRUE and the processor access mode being KernelMode, we're
* releasing an ACL directly in the kernel. Otherwise we're releasing
* within a kernel mode driver.
*
* @return
* Nothing.
*/
VOID
NTAPI
SepReleaseAcl(IN PACL CapturedAcl,
@ -398,6 +469,29 @@ SepReleaseAcl(IN PACL CapturedAcl,
}
}
/**
* @brief
* Determines if a certain ACE can or cannot be propagated based on
* ACE inheritation flags and whatnot.
*
* @param[in] AceFlags
* Bit flags of an ACE to perform propagation checks.
*
* @param[out] NewAceFlags
* New ACE bit blags based on the specific ACE flags of the first
* argument parameter.
*
* @param[in] IsInherited
* If set to TRUE, an ACE is deemed as directly inherited from another
* instance. In that case we're allowed to propagate.
*
* @param[in] IsDirectoryObject
* If set to TRUE, an object directly inherits this ACE so we can propagate
* it.
*
* @return
* Returns TRUE if an ACE can be propagated, FALSE otherwise.
*/
BOOLEAN
SepShouldPropagateAce(
_In_ UCHAR AceFlags,
@ -446,6 +540,42 @@ SepShouldPropagateAce(
return FALSE;
}
/**
* @brief
* Propagates (copies) an access control list.
*
* @param[out] AclDest
* The destination parameter with propagated ACL.
*
* @param[in,out] AclLength
* The length of the ACL that we propagate.
*
* @param[in] AclSource
* The source instance of a valid ACL.
*
* @param[in] Owner
* A SID that represents the main user that identifies the ACL.
*
* @param[in] Group
* A SID that represents a group that identifies the ACL.
*
* @param[in] IsInherited
* If set to TRUE, that means the ACL is directly inherited.
*
* @param[in] IsDirectoryObject
* If set to TRUE, that means the ACL is directly inherited because
* of the object that inherits it.
*
* @param[in] GenericMapping
* Generic mapping of access rights to map only certain effective
* ACEs.
*
* @return
* Returns STATUS_SUCCESS if ACL has been propagated successfully.
* STATUS_BUFFER_TOO_SMALL is returned if the ACL length is not greater
* than the maximum written size of the buffer for ACL propagation
* otherwise.
*/
NTSTATUS
SepPropagateAcl(
_Out_writes_bytes_opt_(AclLength) PACL AclDest,
@ -609,6 +739,60 @@ SepPropagateAcl(
return STATUS_SUCCESS;
}
/**
* @brief
* Selects an ACL and returns it to the caller.
*
* @param[in] ExplicitAcl
* If specified, the specified ACL to the call will be
* the selected ACL for the caller.
*
* @param[in] ExplicitPresent
* If set to TRUE and with specific ACL filled to the call, the
* function will immediately return the specific ACL as the selected
* ACL for the caller.
*
* @param[in] ExplicitDefaulted
* If set to FALSE and with specific ACL filled to the call, the ACL
* is not a default ACL. Otherwise it's a default ACL that we cannot
* select it as is.
*
* @param[in] ParentAcl
* If specified, the parent ACL will be used to determine the exact ACL
* length to check if the ACL in question is not empty. If the list
* is not empty then the function will select such ACL to the caller.
*
* @param[in] DefaultAcl
* If specified, the default ACL will be the selected one for the caller.
*
* @param[out] AclLength
* The size length of an ACL.
*
* @param[in] Owner
* A SID that represents the main user that identifies the ACL.
*
* @param[in] Group
* A SID that represents a group that identifies the ACL.
*
* @param[out] AclPresent
* The returned boolean value, indicating if the ACL that we want to select
* does actually exist.
*
* @param[out] IsInherited
* The returned boolean value, indicating if the ACL we want to select it
* is actually inherited or not.
*
* @param[in] IsDirectoryObject
* If set to TRUE, the object inherits this ACL.
*
* @param[in] GenericMapping
* Generic mapping of access rights to map only certain effective
* ACEs of an ACL that we want to select it.
*
* @return
* Returns the selected access control list (ACL) to the caller,
* NULL otherwise.
*/
PACL
SepSelectAcl(
_In_opt_ PACL ExplicitAcl,

1030
ntoskrnl/se/audit.c
View file

File diff suppressed because it is too large Load diff

288
ntoskrnl/se/priv.c
View file

@ -1,10 +1,10 @@
/*
* COPYRIGHT: See COPYING in the top level directory
* PROJECT: ReactOS kernel
* FILE: ntoskrnl/se/priv.c
* PURPOSE: Security manager
*
* PROGRAMMERS: No programmer listed.
* PROJECT: ReactOS Kernel
* LICENSE: GPL-2.0-or-later (https://spdx.org/licenses/GPL-2.0-or-later)
* PURPOSE: Security privileges support
* COPYRIGHT: Copyright Alex Ionescu <alex@relsoft.net>
* Copyright Timo Kreuzer <timo.kreuzer@reactos.org>
* Copyright Eric Kohl
*/
/* INCLUDES ******************************************************************/
@ -54,6 +54,15 @@ const LUID SeCreateSymbolicLinkPrivilege = CONST_LUID(SE_CREATE_SYMBOLIC_LINK_PR
/* PRIVATE FUNCTIONS **********************************************************/
/**
* @brief
* Initializes the privileges during the startup phase of the security
* manager module. This function serves as a placeholder as it currently
* does nothing.
*
* @return
* Nothing.
*/
CODE_SEG("INIT")
VOID
NTAPI
@ -62,7 +71,32 @@ SepInitPrivileges(VOID)
}
/**
* @brief
* Checks the privileges pointed by Privileges array argument if they exist and
* match with the privileges from an access token.
*
* @param[in] Token
* An access token where privileges are to be checked.
*
* @param[in] Privileges
* An array of privileges with attributes used as checking indicator for
* the function.
*
* @param[in] PrivilegeCount
* The total number count of privileges in the array.
*
* @param[in] PrivilegeControl
* Privilege control bit mask to determine if we should check all the
* privileges based on the number count of privileges or not.
*
* @param[in] PreviousMode
* Processor level access mode.
*
* @return
* Returns TRUE if the required privileges exist and that they do match.
* Otherwise the functions returns FALSE.
*/
BOOLEAN
NTAPI
SepPrivilegeCheck(PTOKEN Token,
@ -129,6 +163,25 @@ SepPrivilegeCheck(PTOKEN Token,
return FALSE;
}
/**
* @brief
* Checks only single privilege based upon the privilege pointed by a LUID and
* if it matches with the one from an access token.
*
* @param[in] PrivilegeValue
* The privilege to be checked.
*
* @param[in] Token
* An access token where its privilege is to be checked against the one
* provided by the caller.
*
* @param[in] PreviousMode
* Processor level access mode.
*
* @return
* Returns TRUE if the required privilege exists and that it matches
* with the one from the access token, FALSE otherwise.
*/
NTSTATUS
NTAPI
SepSinglePrivilegeCheck(
@ -149,6 +202,40 @@ SepSinglePrivilegeCheck(
PreviousMode);
}
/**
* @brief
* Checks the security policy and returns a set of privileges
* based upon the said security policy context.
*
* @param[in,out] DesiredAccess
* The desired access right mask.
*
* @param[in,out] GrantedAccess
* The granted access rights masks. The rights are granted depending
* on the desired access rights requested by the calling thread.
*
* @param[in] SubjectContext
* Security subject context. If the caller supplies one, the access token
* supplied by the caller will be assigned to one of client or primary tokens
* of the subject context in question.
*
* @param[in] Token
* An access token.
*
* @param[out] OutPrivilegeSet
* An array set of privileges to be reported to the caller, if the actual
* calling thread wants such set of privileges in the first place.
*
* @param[in] PreviousMode
* Processor level access mode.
*
* @return
* Returns STATUS_PRIVILEGE_NOT_HELD if the respective operations have succeeded
* without problems. STATUS_PRIVILEGE_NOT_HELD is returned if the access token
* doesn't have SeSecurityPrivilege privilege to warrant ACCESS_SYSTEM_SECURITY
* access right. STATUS_INSUFFICIENT_RESOURCES is returned if we failed
* to allocate block of memory pool for the array set of privileges.
*/
NTSTATUS
NTAPI
SePrivilegePolicyCheck(
@ -248,6 +335,23 @@ SePrivilegePolicyCheck(
return STATUS_SUCCESS;
}
/**
* @brief
* Checks a single privilege and performs an audit
* against a privileged service based on a security subject
* context.
*
* @param[in] DesiredAccess
* Security subject context used for privileged service
* auditing.
*
* @param[in] PreviousMode
* Processor level access mode.
*
* @return
* Returns TRUE if service auditing and privilege checking
* tests have succeeded, FALSE otherwise.
*/
BOOLEAN
NTAPI
SeCheckAuditPrivilege(
@ -282,6 +386,48 @@ SeCheckAuditPrivilege(
return Result;
}
/**
* @brief
* Captures a LUID with attributes structure. This function is mainly
* tied in the context of privileges.
*
* @param[in] Src
* Source of a valid LUID with attributes structure.
*
* @param[in] PrivilegeCount
* Count number of privileges to be captured.
*
* @param[in] PreviousMode
* Processor level access mode.
*
* @param[in] AllocatedMem
* If specified, the function will use this allocated block memory
* buffer for the captured LUID and attributes structure. Otherwise
* the function will automatically allocate some buffer for it.
*
* @param[in] AllocatedLength
* The length of the buffer, pointed by AllocatedMem.
*
* @param[in] PoolType
* Pool type of the memory allocation.
*
* @param[in] CaptureIfKernel
* If set to TRUE, the capturing is done in the kernel itself.
* FALSE if the capturing is done in a kernel mode driver instead.
*
* @param[out] Dest
* The captured LUID with attributes buffer.
*
* @param[in,out] Length
* The length of the captured privileges count.
*
* @return
* Returns STATUS_SUCCESS if the LUID and attributes array
* has been captured successfully. STATUS_INSUFFICIENT_RESOURCES is returned
* if memory pool allocation for the captured buffer has failed.
* STATUS_BUFFER_TOO_SMALL is returned if the buffer size is less than the
* required size.
*/
NTSTATUS
NTAPI
SeCaptureLuidAndAttributesArray(PLUID_AND_ATTRIBUTES Src,
@ -378,6 +524,23 @@ SeCaptureLuidAndAttributesArray(PLUID_AND_ATTRIBUTES Src,
return Status;
}
/**
* @brief
* Releases a LUID with attributes structure.
*
* @param[in] Privilege
* Array of a LUID and attributes that represents a privilege.
*
* @param[in] PreviousMode
* Processor level access mode.
*
* @param[in] CaptureIfKernel
* If set to TRUE, the releasing is done in the kernel itself.
* FALSE if the releasing is done in a kernel mode driver instead.
*
* @return
* Nothing.
*/
VOID
NTAPI
SeReleaseLuidAndAttributesArray(PLUID_AND_ATTRIBUTES Privilege,
@ -395,8 +558,21 @@ SeReleaseLuidAndAttributesArray(PLUID_AND_ATTRIBUTES Privilege,
/* PUBLIC FUNCTIONS ***********************************************************/
/*
* @implemented
/**
* @brief
* Appends additional privileges.
*
* @param[in] AccessState
* Access request to append.
*
* @param[in] Privileges
* Set of new privileges to append.
*
* @return
* Returns STATUS_SUCCESS if the privileges have been successfully
* appended. Otherwise STATUS_INSUFFICIENT_RESOURCES is returned,
* indicating that pool allocation has failed for the buffer to hold
* the new set of privileges.
*/
NTSTATUS
NTAPI
@ -468,8 +644,15 @@ SeAppendPrivileges(IN OUT PACCESS_STATE AccessState,
return STATUS_SUCCESS;
}
/*
* @implemented
/**
* @brief
* Frees a set of privileges.
*
* @param[in] Privileges
* Set of privileges array to be freed.
*
* @return
* Nothing.
*/
VOID
NTAPI
@ -479,8 +662,25 @@ SeFreePrivileges(IN PPRIVILEGE_SET Privileges)
ExFreePoolWithTag(Privileges, TAG_PRIVILEGE_SET);
}
/*
* @implemented
/**
* @brief
* Checks if a set of privileges exist and match within a
* security subject context.
*
* @param[in] Privileges
* A set of privileges where the check must be performed
* against the subject context.
*
* @param[in] SubjectContext
* A subject security context.
*
* @param[in] PreviousMode
* Processor level access mode.
*
* @return
* Returns TRUE if all the privileges do exist and match
* with the ones specified by the caller and subject
* context, FALSE otherwise.
*/
BOOLEAN
NTAPI
@ -512,8 +712,20 @@ SePrivilegeCheck(PPRIVILEGE_SET Privileges,
PreviousMode);
}
/*
* @implemented
/**
* @brief
* Checks if a single privilege is present in the context
* of the calling thread.
*
* @param[in] PrivilegeValue
* The specific privilege to be checked.
*
* @param[in] PreviousMode
* Processor level access mode.
*
* @return
* Returns TRUE if the privilege is present, FALSE
* otherwise.
*/
BOOLEAN
NTAPI
@ -551,6 +763,28 @@ SeSinglePrivilegeCheck(IN LUID PrivilegeValue,
return Result;
}
/**
* @brief
* Checks a privileged object if such object has
* the specific privilege submitted by the caller.
*
* @param[in] PrivilegeValue
* A privilege to be checked against the one from
* the object.
*
* @param[in] ObjectHandle
* A handle to any kind of object.
*
* @param[in] DesiredAccess
* Desired access right mask requested by the caller.
*
* @param[in] PreviousMode
* Processor level access mode.
*
* @return
* Returns TRUE if the privilege is present, FALSE
* otherwise.
*/
BOOLEAN
NTAPI
SeCheckPrivilegedObject(IN LUID PrivilegeValue,
@ -591,6 +825,30 @@ SeCheckPrivilegedObject(IN LUID PrivilegeValue,
/* SYSTEM CALLS ***************************************************************/
/**
* @brief
* Checks a client access token if it has the required set of
* privileges.
*
* @param[in] ClientToken
* A handle to an access client token.
*
* @param[in] RequiredPrivileges
* A set of required privileges to be checked against the privileges
* of the access token.
*
* @param[out] Result
* The result, as a boolean value. If TRUE, the token has all the required
* privileges, FALSE otherwise.
*
* @return
* Returns STATUS_SUCCESS if the function has completed successfully.
* STATUS_INVALID_PARAMETER is returned if the set array of required
* privileges has a bogus number of privileges, that is, the array
* has a count of privileges that exceeds the maximum threshold
* (or in other words, an integer overflow). A failure NTSTATUS code
* is returned otherwise.
*/
NTSTATUS
NTAPI
NtPrivilegeCheck(IN HANDLE ClientToken,

348
ntoskrnl/se/sd.c
View file

@ -1,10 +1,8 @@
/*
* COPYRIGHT: See COPYING in the top level directory
* PROJECT: ReactOS kernel
* FILE: ntoskrnl/se/sd.c
* PURPOSE: Security manager
*
* PROGRAMMERS: David Welch <welch@cwcom.net>
* PROJECT: ReactOS Kernel
* LICENSE: GPL-2.0-or-later (https://spdx.org/licenses/GPL-2.0-or-later)
* PURPOSE: Security descriptors (SDs) implementation support
* COPYRIGHT: Copyright David Welch <welch@cwcom.net>
*/
/* INCLUDES *******************************************************************/
@ -25,6 +23,14 @@ PSECURITY_DESCRIPTOR SeSystemAnonymousLogonSd = NULL;
/* PRIVATE FUNCTIONS **********************************************************/
/**
* @brief
* Initializes the known security descriptors in the system.
*
* @return
* Returns TRUE if all the security descriptors have been initialized,
* FALSE otherwise.
*/
CODE_SEG("INIT")
BOOLEAN
NTAPI
@ -124,6 +130,26 @@ SepInitSDs(VOID)
return TRUE;
}
/**
* @brief
* Sets a "World" security descriptor.
*
* @param[in] SecurityInformation
* Security information details, alongside with the security
* descriptor to set the World SD.
*
* @param[in] SecurityDescriptor
* A security descriptor buffer.
*
* @param[in] BufferLength
* Length size of the buffer.
*
* @return
* Returns STATUS_SUCCESS if the World security descriptor has been
* set. STATUS_ACCESS_DENIED is returned if the caller hasn't
* provided security information details thus the SD cannot
* be set.
*/
NTSTATUS
NTAPI
SeSetWorldSecurityDescriptor(SECURITY_INFORMATION SecurityInformation,
@ -217,6 +243,23 @@ SeSetWorldSecurityDescriptor(SECURITY_INFORMATION SecurityInformation,
/* PUBLIC FUNCTIONS ***********************************************************/
/**
* @brief
* Determines the size of a SID.
*
* @param[in] Sid
* A security identifier where its size is to be determined.
*
* @param[in,out] OutSAC
* The returned sub authority count of the security
* identifier.
*
* @param[in] ProcessorMode
* Processor level access mode.
*
* @return
* Returns the size length of a security identifier (SID).
*/
static
ULONG
DetermineSIDSize(
@ -248,6 +291,21 @@ DetermineSIDSize(
return Size;
}
/**
* @brief
* Determines the size of an ACL.
*
* @param[in] Acl
* An access control list where its size is to be
* determined.
*
* @param[in] ProcessorMode
* Processor level access mode.
*
* @return
* Returns the size length of a an access control
* list (ACL).
*/
static
ULONG
DetermineACLSize(
@ -267,6 +325,37 @@ DetermineACLSize(
return Size;
}
/**
* @brief
* Captures a security descriptor.
*
* @param[in] _OriginalSecurityDescriptor
* An already existing and valid security descriptor
* to be captured.
*
* @param[in] CurrentMode
* Processor level access mode.
*
* @param[in] PoolType
* Pool type to be used when allocating the captured
* buffer.
*
* @param[in] CaptureIfKernel
* Set this to TRUE if capturing is done within the
* kernel.
*
* @param[out] CapturedSecurityDescriptor
* The captured security descriptor.
*
* @return
* Returns STATUS_SUCCESS if the operations have been
* completed successfully and that the security descriptor
* has been captured. STATUS_UNKNOWN_REVISION is returned
* if the security descriptor has an unknown revision.
* STATUS_INSUFFICIENT_RESOURCES is returned if memory
* pool allocation for the captured buffer has failed.
* A failure NTSTATUS code is returned otherwise.
*/
NTSTATUS
NTAPI
SeCaptureSecurityDescriptor(
@ -452,8 +541,32 @@ SeCaptureSecurityDescriptor(
return STATUS_SUCCESS;
}
/*
* @implemented
/**
* @brief
* Queries information details about a security
* descriptor.
*
* @param[in] SecurityInformation
* Security information details to be queried
* from a security descriptor.
*
* @param[out] SecurityDescriptor
* The returned security descriptor with security information
* data.
*
* @param[in,out] Length
* The returned length of a security descriptor.
*
* @param[in,out] ObjectsSecurityDescriptor
* The returned object security descriptor.
*
* @return
* Returns STATUS_SUCCESS if the operations have been
* completed successfully and that the specific information
* about the security descriptor has been queried.
* STATUS_BUFFER_TOO_SMALL is returned if the buffer size
* is too small to contain the queried info about the
* security descriptor.
*/
_IRQL_requires_max_(PASSIVE_LEVEL)
NTSTATUS
@ -600,8 +713,22 @@ SeQuerySecurityDescriptorInfo(
return STATUS_SUCCESS;
}
/*
* @implemented
/**
* @brief
* Releases a captured security descriptor buffer.
*
* @param[in] CapturedSecurityDescriptor
* The captured security descriptor to be freed.
*
* @param[in] CurrentMode
* Processor level access mode.
*
* @param[in] CaptureIfKernelMode
* Set this to TRUE if the releasing is to be done within
* the kernel.
*
* @return
* Returns STATUS_SUCCESS.
*/
NTSTATUS
NTAPI
@ -627,8 +754,32 @@ SeReleaseSecurityDescriptor(IN PSECURITY_DESCRIPTOR CapturedSecurityDescriptor,
return STATUS_SUCCESS;
}
/*
* @implemented
/**
* @brief
* Modifies some information data about a security
* descriptor.
*
* @param[in] Object
* If specified, the function will use this arbitrary
* object that points to an object security descriptor.
*
* @param[in] SecurityInformation
* Security information details to be set.
*
* @param[in] SecurityDescriptor
* A security descriptor where its info is to be changed.
*
* @param[in,out] ObjectsSecurityDescriptor
* The returned pointer to security descriptor objects.
*
* @param[in] PoolType
* Pool type for the new security descriptor to allocate.
*
* @param[in] GenericMapping
* The generic mapping of access rights masks.
*
* @return
* See SeSetSecurityDescriptorInfoEx.
*/
_IRQL_requires_max_(PASSIVE_LEVEL)
NTSTATUS
@ -652,8 +803,42 @@ SeSetSecurityDescriptorInfo(
GenericMapping);
}
/*
* @implemented
/**
* @brief
* An extended function that sets new information data to
* a security descriptor.
*
* @param[in] Object
* If specified, the function will use this arbitrary
* object that points to an object security descriptor.
*
* @param[in] SecurityInformation
* Security information details to be set.
*
* @param[in] SecurityDescriptor
* A security descriptor where its info is to be changed.
*
* @param[in,out] ObjectsSecurityDescriptor
* The returned pointer to security descriptor objects.
*
* @param[in] AutoInheritFlags
* Flags bitmask inheritation, influencing how the security
* descriptor can be inherited and if it can be in the first
* place.
*
* @param[in] PoolType
* Pool type for the new security descriptor to allocate.
*
* @param[in] GenericMapping
* The generic mapping of access rights masks.
*
* @return
* Returns STATUS_SUCCESS if the operations have been
* completed without problems and that new info has been
* set to the security descriptor. STATUS_NO_SECURITY_ON_OBJECT
* is returned if the object does not have a security descriptor.
* STATUS_INSUFFICIENT_RESOURCES is returned if memory pool allocation
* for the new security descriptor with new info set has failed.
*/
_IRQL_requires_max_(PASSIVE_LEVEL)
NTSTATUS
@ -795,9 +980,22 @@ SeSetSecurityDescriptorInfoEx(
return STATUS_SUCCESS;
}
/*
* @implemented
/**
* @brief
* Determines if a security descriptor is valid according
* to the general security requirements and conditions
* set by the kernel.
*
* @param[in] Length
* The length of a security descriptor.
*
* @param[in] _SecurityDescriptor
* A security descriptor where its properties are to be
* checked for validity.
*
* @return
* Returns TRUE if the given security descriptor is valid,
* FALSE otherwise.
*/
BOOLEAN NTAPI
SeValidSecurityDescriptor(IN ULONG Length,
@ -932,8 +1130,15 @@ SeValidSecurityDescriptor(IN ULONG Length,
return TRUE;
}
/*
* @implemented
/**
* @brief
* Frees a security descriptor.
*
* @param[in] SecurityDescriptor
* A security descriptor to be freed from memory.
*
* @return
* Returns STATUS_SUCCESS.
*/
_IRQL_requires_max_(PASSIVE_LEVEL)
NTSTATUS
@ -952,8 +1157,58 @@ SeDeassignSecurity(
return STATUS_SUCCESS;
}
/*
* @implemented
/**
* @brief
* An extended function that assigns a security descriptor for a new
* object.
*
* @param[in] _ParentDescriptor
* A security descriptor of the parent object that is being
* created.
*
* @param[in] _ExplicitDescriptor
* An explicit security descriptor that is applied to a new
* object.
*
* @param[out] NewDescriptor
* The new allocated security descriptor.
*
* @param[in] ObjectType
* The type of the new object.
*
* @param[in] IsDirectoryObject
* Set this to TRUE if the newly created object is a directory
* object, otherwise set this to FALSE.
*
* @param[in] AutoInheritFlags
* Automatic inheritance flags that influence how access control
* entries within ACLs from security descriptors are inherited.
*
* @param[in] SubjectContext
* Security subject context of the new object.
*
* @param[in] GenericMapping
* Generic mapping of access mask rights.
*
* @param[in] PoolType
* This parameter is unused.
*
* @return
* Returns STATUS_SUCCESS if the operations have been completed
* successfully and that the security descriptor has been
* assigned to the new object. STATUS_NO_TOKEN is returned
* if the caller hasn't supplied a valid argument to a security
* subject context. STATUS_INVALID_OWNER is returned if the caller
* hasn't supplied a parent descriptor that belongs to the main
* user (owner). STATUS_INVALID_PRIMARY_GROUP is returned
* by the same reason as with the previous NTSTATUS code.
* The two NTSTATUS codes are returned if the calling thread
* stated that the owner and/or group is defaulted to the
* parent descriptor (SEF_DEFAULT_OWNER_FROM_PARENT and/or
* SEF_DEFAULT_GROUP_FROM_PARENT respectively).
* STATUS_INSUFFICIENT_RESOURCES is returned if memory pool allocation
* for the descriptor buffer has failed. A failure NTSTATUS is returned
* otherwise.
*/
_IRQL_requires_max_(PASSIVE_LEVEL)
NTSTATUS
@ -1244,8 +1499,36 @@ SeAssignSecurityEx(
return STATUS_SUCCESS;
}
/*
* @implemented
/**
* @brief
* Assigns a security descriptor for a new object.
*
* @param[in] ParentDescriptor
* A security descriptor of the parent object that is being
* created.
*
* @param[in] ExplicitDescriptor
* An explicit security descriptor that is applied to a new
* object.
*
* @param[out] NewDescriptor
* The new allocated security descriptor.
*
* @param[in] IsDirectoryObject
* Set this to TRUE if the newly created object is a directory
* object, otherwise set this to FALSE.
*
* @param[in] SubjectContext
* Security subject context of the new object.
*
* @param[in] GenericMapping
* Generic mapping of access mask rights.
*
* @param[in] PoolType
* This parameter is unused.
*
* @return
* See SeAssignSecurityEx.
*/
_IRQL_requires_max_(PASSIVE_LEVEL)
NTSTATUS
@ -1272,8 +1555,23 @@ SeAssignSecurity(
PoolType);
}
/*
* @implemented
/**
* @brief
* Computes the quota size of a security descriptor.
*
* @param[in] SecurityDescriptor
* A security descriptor.
*
* @param[out] QuotaInfoSize
* The returned quota size of the given security descriptor to
* the caller. The function may return 0 to this parameter if
* the descriptor doesn't have a group or a discretionary
* access control list (DACL) even.
*
* @return
* Returns STATUS_SUCCESS if the quota size of a security
* descriptor has been computed successfully. STATUS_UNKNOWN_REVISION
* is returned if the security descriptor has an invalid revision.
*/
_IRQL_requires_max_(PASSIVE_LEVEL)
NTSTATUS

158
ntoskrnl/se/semgr.c
View file

@ -1,10 +1,11 @@
/*
* COPYRIGHT: See COPYING in the top level directory
* PROJECT: ReactOS kernel
* FILE: ntoskrnl/se/semgr.c
* PURPOSE: Security manager
*
* PROGRAMMERS: No programmer listed.
* PROJECT: ReactOS Kernel
* LICENSE: GPL-2.0-or-later (https://spdx.org/licenses/GPL-2.0-or-later)
* PURPOSE: Security manager infrastructure
* COPYRIGHT: Copyright Timo Kreuzer <timo.kreuzer@reactos.org>
* Copyright Eric Kohl
* Copyright Aleksey Bragin
* Copyright Alex Ionescu <alex@relsoft.net>
*/
/* INCLUDES *******************************************************************/
@ -26,6 +27,14 @@ extern ERESOURCE SepSubjectContextLock;
/* PRIVATE FUNCTIONS **********************************************************/
/**
* @brief
* Initializes all the security exports upon initialization phase of
* the module.
*
* @return
* Returns TRUE.
*/
static
CODE_SEG("INIT")
BOOLEAN
@ -91,7 +100,15 @@ SepInitExports(VOID)
return TRUE;
}
/**
* @brief
* Handles the phase 0 procedure of the SRM initialization.
*
* @return
* Returns TRUE if the phase 0 initialization has succeeded and that
* we can proceed further with next initialization phase, FALSE
* otherwise.
*/
CODE_SEG("INIT")
BOOLEAN
NTAPI
@ -137,6 +154,14 @@ SepInitializationPhase0(VOID)
return TRUE;
}
/**
* @brief
* Handles the phase 1 procedure of the SRM initialization.
*
* @return
* Returns TRUE if the phase 1 initialization has succeeded, FALSE
* otherwise.
*/
CODE_SEG("INIT")
BOOLEAN
NTAPI
@ -245,6 +270,15 @@ SepInitializationPhase1(VOID)
return TRUE;
}
/**
* @brief
* Main security manager initialization function.
*
* @return
* Returns a boolean value according to the phase initialization
* routine that handles it. If TRUE, the routine deems the initialization
* phase as complete, FALSE otherwise.
*/
CODE_SEG("INIT")
BOOLEAN
NTAPI
@ -275,6 +309,43 @@ SeInitSystem(VOID)
}
}
/**
* @brief
* Internal function that is responsible for querying, deleting, assigning and
* setting a security descriptor for an object in the NT kernel. It is the default
* security method for objects regarding the security context of objects.
*
* @param[in] Object
* The object that has the default security method, which the function has been
* called upon.
*
* @param[in] OperationType
* Operation type to perform to that object.
*
* @param[in] SecurityInformation
* Auxiliary security information of the object.
*
* @param[in] SecurityDescriptor
* A security descriptor. This SD is used accordingly to the operation type
* requested by the caller.
*
* @param[in] ReturnLength
* The length size of the queried security descriptor, in bytes.
*
* @param[in] OldSecurityDescriptor
* The old SD that belonged to the object, in case we're either deleting
* or replacing it.
*
* @param[in] PoolType
* Pool type allocation for the security descriptor.
*
* @param[in] GenericMapping
* The generic mapping of access rights masks for the object.
*
* @return
* Returns STATUS_SUCCESS if the specific operation tasked has been
* completed. Otherwise a failure NTSTATUS code is returned.
*/
NTSTATUS
NTAPI
SeDefaultObjectMethod(IN PVOID Object,
@ -336,6 +407,20 @@ SeDefaultObjectMethod(IN PVOID Object,
return STATUS_SUCCESS;
}
/**
* @brief
* Queries the access mask from a security information context.
*
* @param[in] SecurityInformation
* The security information context where the access mask is to be
* gathered.
*
* @param[out] DesiredAccess
* The queried access mask right.
*
* @return
* Nothing.
*/
VOID
NTAPI
SeQuerySecurityAccessMask(IN SECURITY_INFORMATION SecurityInformation,
@ -355,6 +440,19 @@ SeQuerySecurityAccessMask(IN SECURITY_INFORMATION SecurityInformation,
}
}
/**
* @brief
* Sets the access mask for a security information context.
*
* @param[in] SecurityInformation
* The security information context to apply a new access right.
*
* @param[out] DesiredAccess
* The returned access mask right.
*
* @return
* Nothing.
*/
VOID
NTAPI
SeSetSecurityAccessMask(IN SECURITY_INFORMATION SecurityInformation,
@ -378,6 +476,30 @@ SeSetSecurityAccessMask(IN SECURITY_INFORMATION SecurityInformation,
}
}
/**
* @unimplemented
* @brief
* Report a security event to the security manager.
*
* @param[in] Flags
* Flags that influence how the event should be reported.
*
* @param[in] SourceName
* A Unicode string that represents the source name of the event.
*
* @param[in] UserSid
* The SID that represents a user that initiated the reporting.
*
* @param[in] AuditParameters
* An array of parameters for auditing purposes. This is used
* for reporting the event which the security manager will take
* care subsequently of doing eventual security auditing.
*
* @return
* Returns STATUS_SUCCESS if the security event has been reported.
* STATUS_INVALID_PARAMETER is returned if one of the parameters
* do not satisfy the requirements expected by the function.
*/
NTSTATUS
NTAPI
SeReportSecurityEvent(
@ -447,6 +569,28 @@ SeReportSecurityEvent(
return STATUS_SUCCESS;
}
/**
* @unimplemented
* @brief
* Sets an array of audit parameters for later security auditing use.
*
* @param[in,out] AuditParameters
* An array of audit parameters to be set.
*
* @param[in] Type
* The type of audit parameters to be set.
*
* @param[in] Index
* Index number that represents an instance of an audit parameters.
* Such index must be within the maximum range of audit parameters.
*
* @param[in] Data
* An arbitrary buffer data that is bounds to what kind of audit parameter
* type must be set.
*
* @return
* To be added...
*/
_Const_
NTSTATUS
NTAPI

131
ntoskrnl/se/sid.c
View file

@ -1,10 +1,8 @@
/*
* COPYRIGHT: See COPYING in the top level directory
* PROJECT: ReactOS kernel
* FILE: ntoskrnl/se/sid.c
* PURPOSE: Security manager
*
* PROGRAMMERS: David Welch <welch@cwcom.net>
* PROJECT: ReactOS Kernel
* LICENSE: GPL-2.0-or-later (https://spdx.org/licenses/GPL-2.0-or-later)
* PURPOSE: Security Identifier (SID) implementation support and handling
* COPYRIGHT: Copyright David Welch <welch@cwcom.net>
*/
/* INCLUDES *******************************************************************/
@ -54,6 +52,13 @@ PSID SeNetworkServiceSid = NULL;
/* FUNCTIONS ******************************************************************/
/**
* @brief
* Frees all the known initialized SIDs in the system from the memory.
*
* @return
* Nothing.
*/
VOID
NTAPI
FreeInitializedSids(VOID)
@ -88,6 +93,14 @@ FreeInitializedSids(VOID)
if (SeAnonymousLogonSid) ExFreePoolWithTag(SeAnonymousLogonSid, TAG_SID);
}
/**
* @brief
* Initializes all the SIDs known in the system.
*
* @return
* Returns TRUE if all the SIDs have been initialized,
* FALSE otherwise.
*/
CODE_SEG("INIT")
BOOLEAN
NTAPI
@ -263,6 +276,31 @@ SepInitSecurityIDs(VOID)
return TRUE;
}
/**
* @brief
* Captures a SID.
*
* @param[in] InputSid
* A valid security identifier to be captured.
*
* @param[in] AccessMode
* Processor level access mode.
*
* @param[in] PoolType
* Pool memory type for the captured SID to assign upon
* allocation.
*
* @param[in] CaptureIfKernel
* If set to TRUE, the capturing is done within the kernel.
* Otherwise the capturing is done in a kernel mode driver.
*
* @param[out] CapturedSid
* The captured security identifier, returned to the caller.
*
* @return
* Returns STATUS_SUCCESS if the SID was captured. STATUS_INSUFFICIENT_RESOURCES
* is returned if memory pool allocation for the captured SID has failed.
*/
NTSTATUS
NTAPI
SepCaptureSid(IN PSID InputSid,
@ -331,6 +369,23 @@ SepCaptureSid(IN PSID InputSid,
return STATUS_SUCCESS;
}
/**
* @brief
* Releases a captured SID.
*
* @param[in] CapturedSid
* The captured SID to be released.
*
* @param[in] AccessMode
* Processor level access mode.
*
* @param[in] CaptureIfKernel
* If set to TRUE, the releasing is done within the kernel.
* Otherwise the releasing is done in a kernel mode driver.
*
* @return
* Nothing.
*/
VOID
NTAPI
SepReleaseSid(IN PSID CapturedSid,
@ -347,6 +402,52 @@ SepReleaseSid(IN PSID CapturedSid,
}
}
/**
* @brief
* Captures a SID with attributes.
*
* @param[in] SrcSidAndAttributes
* Source of the SID with attributes to be captured.
*
* @param[in] AttributeCount
* The number count of attributes, in total.
*
* @param[in] PreviousMode
* Processor access level mode.
*
* @param[in] AllocatedMem
* The allocated memory buffer for the captured SID. If the caller
* supplies no allocated block of memory then the function will
* allocate some buffer block of memory for the captured SID
* automatically.
*
* @param[in] AllocatedLength
* The length of the buffer that points to the allocated memory,
* in bytes.
*
* @param[in] PoolType
* The pool type for the captured SID and attributes to assign.
*
* @param[in] CaptureIfKernel
* If set to TRUE, the capturing is done within the kernel.
* Otherwise the capturing is done in a kernel mode driver.
*
* @param[out] CapturedSidAndAttributes
* The captured SID and attributes.
*
* @param[out] ResultLength
* The length of the captured SID and attributes, in bytes.
*
* @return
* Returns STATUS_SUCCESS if SID and attributes capturing
* has been completed successfully. STATUS_INVALID_PARAMETER
* is returned if the count of attributes exceeds the maximum
* threshold that the kernel can permit. STATUS_INSUFFICIENT_RESOURCES
* is returned if memory pool allocation for the captured SID has failed.
* STATUS_BUFFER_TOO_SMALL is returned if the length of the allocated
* buffer is less than the required size. A failure NTSTATUS code is
* returned otherwise.
*/
NTSTATUS
NTAPI
SeCaptureSidAndAttributesArray(
@ -548,6 +649,23 @@ SeCaptureSidAndAttributesArray(
return Status;
}
/**
* @brief
* Releases a captured SID with attributes.
*
* @param[in] CapturedSidAndAttributes
* The captured SID with attributes to be released.
*
* @param[in] AccessMode
* Processor access level mode.
*
* @param[in] CaptureIfKernel
* If set to TRUE, the releasing is done within the kernel.
* Otherwise the releasing is done in a kernel mode driver.
*
* @return
* Nothing.
*/
VOID
NTAPI
SeReleaseSidAndAttributesArray(
@ -564,5 +682,4 @@ SeReleaseSidAndAttributesArray(
}
}
/* EOF */

187
ntoskrnl/se/srm.c
View file

@ -13,9 +13,6 @@
#define NDEBUG
#include <debug.h>
extern LUID SeSystemAuthenticationId;
extern LUID SeAnonymousAuthenticationId;
/* PRIVATE DEFINITIONS ********************************************************/
typedef struct _SEP_LOGON_SESSION_TERMINATED_NOTIFICATION
@ -42,6 +39,9 @@ SepRmCreateLogonSession(
/* GLOBALS ********************************************************************/
extern LUID SeSystemAuthenticationId;
extern LUID SeAnonymousAuthenticationId;
HANDLE SeRmCommandPort;
HANDLE SeLsaInitEvent;
@ -62,7 +62,6 @@ KGUARDED_MUTEX SepRmDbLock;
PSEP_LOGON_SESSION_REFERENCES SepLogonSessions = NULL;
PSEP_LOGON_SESSION_TERMINATED_NOTIFICATION SepLogonNotifications = NULL;
/* PRIVATE FUNCTIONS **********************************************************/
/**
@ -163,7 +162,15 @@ Cleanup:
return Status;
}
/**
* @brief
* Manages the phase 0 initialization of the security reference
* monitoring module of the kernel.
*
* @return
* Returns TRUE when phase 0 initialization has completed without
* problems, FALSE otherwise.
*/
BOOLEAN
NTAPI
SeRmInitPhase0(VOID)
@ -190,7 +197,15 @@ SeRmInitPhase0(VOID)
return TRUE;
}
/**
* @brief
* Manages the phase 1 initialization of the security reference
* monitoring module of the kernel.
*
* @return
* Returns TRUE when phase 1 initialization has completed without
* problems, FALSE otherwise.
*/
BOOLEAN
NTAPI
SeRmInitPhase1(VOID)
@ -247,6 +262,13 @@ SeRmInitPhase1(VOID)
return TRUE;
}
/**
* @brief
* Initializes the local security authority audit bounds.
*
* @return
* Nothing.
*/
static
VOID
SepAdtInitializeBounds(VOID)
@ -285,7 +307,18 @@ SepAdtInitializeBounds(VOID)
SepAdtMaxListLength = ListBounds.MaxLength;
}
/**
* @brief
* Sets an audit event for future security auditing monitoring.
*
* @param[in,out] Message
* The reference monitoring API message. It is used to determine
* if the right API message number is provided, RmAuditSetCommand
* in this case.
*
* @return
* Returns STATUS_SUCCESS.
*/
static
NTSTATUS
SepRmSetAuditEvent(
@ -456,6 +489,24 @@ SepRmRemoveLogonSessionFromToken(
return STATUS_SUCCESS;
}
/**
* @brief
* Creates a logon session. The security reference monitoring (SRM)
* module of Executive uses this as an internal kernel data for
* respective logon sessions management within the kernel,
* as in form of a SEP_LOGON_SESSION_REFERENCES data structure.
*
* @param[in,out] LogonLuid
* A logon ID represented as a LUID. This LUID is used to create
* our logon session and add it to the sessions database.
*
* @return
* Returns STATUS_SUCCESS if the logon has been created successfully.
* STATUS_LOGON_SESSION_EXISTS is returned if a logon session with
* the pointed logon ID in the call already exists.
* STATUS_INSUFFICIENT_RESOURCES is returned if logon session allocation
* has failed because of lack of memory pool resources.
*/
static
NTSTATUS
SepRmCreateLogonSession(
@ -627,7 +678,19 @@ Leave:
return Status;
}
/**
* @brief
* References a logon session.
*
* @param[in,out] LogonLuid
* A valid LUID that points to the logon session in the database that
* we're going to reference it.
*
* @return
* Returns STATUS_SUCCESS if the logon has been referenced.
* STATUS_NO_SUCH_LOGON_SESSION is returned if the session couldn't be
* found otherwise.
*/
NTSTATUS
SepRmReferenceLogonSession(
PLUID LogonLuid)
@ -667,6 +730,22 @@ SepRmReferenceLogonSession(
return STATUS_NO_SUCH_LOGON_SESSION;
}
/**
* @brief
* Cleans the DOS device map directory of a logon
* session.
*
* @param[in] LogonLuid
* A logon session ID where its DOS device map directory
* is to be cleaned.
*
* @return
* Returns STATUS_SUCCESS if the device map directory has been
* successfully cleaned from the logon session. STATUS_INVALID_PARAMETER
* is returned if the caller hasn't submitted any logon ID. STATUS_NO_MEMORY
* is returned if buffer allocation for links has failed. A failure
* NTSTATUS code is returned otherwise.
*/
static
NTSTATUS
SepCleanupLUIDDeviceMapDirectory(
@ -910,7 +989,21 @@ AllocateLinksAgain:
return Status;
}
/**
* @brief
* De-references a logon session. If the session has a reference
* count of 0 by the time the function has de-referenced the logon,
* that means the session is no longer used and can be safely deleted
* from the logon sessions database.
*
* @param[in,out] LogonLuid
* A logon session ID to de-reference.
*
* @return
* Returns STATUS_SUCCESS if the logon session has been de-referenced
* without issues. STATUS_NO_SUCH_LOGON_SESSION is returned if no
* such logon exists otherwise.
*/
NTSTATUS
SepRmDereferenceLogonSession(
PLUID LogonLuid)
@ -965,7 +1058,18 @@ SepRmDereferenceLogonSession(
return STATUS_NO_SUCH_LOGON_SESSION;
}
/**
* @brief
* Main SRM server thread initialization function. It deals
* with security manager and LSASS port connection, thus
* thereby allowing communication between the kernel side
* (the SRM) and user mode side (the LSASS) of the security
* world of the operating system.
*
* @return
* Returns TRUE if command server connection between SRM
* and LSASS has succeeded, FALSE otherwise.
*/
BOOLEAN
NTAPI
SepRmCommandServerThreadInit(VOID)
@ -1108,6 +1212,15 @@ Cleanup:
return Result;
}
/**
* @brief
* Manages the SRM server API commands, that is, receiving such API
* command messages from the user mode side of the security standpoint,
* the LSASS.
*
* @return
* Nothing.
*/
VOID
NTAPI
SepRmCommandServerThread(
@ -1211,8 +1324,23 @@ SepRmCommandServerThread(
/* PUBLIC FUNCTIONS ***********************************************************/
/*
* @unimplemented
/**
* @brief
* Retrieves the DOS device map from a logon session.
*
* @param[in] LogonId
* A valid logon session ID.
*
* @param[out] DeviceMap
* The returned device map buffer from the logon session.
*
* @return
* Returns STATUS_SUCCESS if the device map could be gathered
* from the logon session. STATUS_INVALID_PARAMETER is returned if
* one of the parameters aren't initialized (that is, the caller has
* submitted a NULL pointer variable). STATUS_NO_SUCH_LOGON_SESSION is
* returned if no such session could be found. A failure NTSTATUS code
* is returned otherwise.
*/
NTSTATUS
NTAPI
@ -1425,9 +1553,20 @@ SeMarkLogonSessionForTerminationNotification(
return STATUS_SUCCESS;
}
/*
* @implemented
/**
* @brief
* Registers a callback that will be called once a logon session
* terminates.
*
* @param[in] CallbackRoutine
* Callback routine address.
*
* @return
* Returns STATUS_SUCCESS if the callback routine was registered
* successfully. STATUS_INVALID_PARAMETER is returned if the caller
* did not provide a callback routine. STATUS_INSUFFICIENT_RESOURCES
* is returned if the callback notification data couldn't be allocated
* because of lack of memory pool resources.
*/
NTSTATUS
NTAPI
@ -1464,9 +1603,19 @@ SeRegisterLogonSessionTerminatedRoutine(
return STATUS_SUCCESS;
}
/*
* @implemented
/**
* @brief
* Un-registers a callback routine, previously registered by
* SeRegisterLogonSessionTerminatedRoutine function.
*
* @param[in] CallbackRoutine
* Callback routine address to un-register.
*
* @return
* Returns STATUS_SUCCESS if the callback routine was un-registered
* successfully. STATUS_INVALID_PARAMETER is returned if the caller
* did not provide a callback routine. STATUS_NOT_FOUND is returned
* if the callback notification item couldn't be found.
*/
NTSTATUS
NTAPI
@ -1520,3 +1669,5 @@ SeUnregisterLogonSessionTerminatedRoutine(
return Status;
}
/* EOF */

814
ntoskrnl/se/token.c
View file

File diff suppressed because it is too large Load diff