mirror of
https://github.com/reactos/reactos.git
synced 2024-06-29 01:12:06 +00:00
[NTOS:SE] Document the whole subsystem in Doxygen format
And update the file comment headers.
This commit is contained in:
parent
f831ec7e0a
commit
6413009c10
|
@ -1,11 +1,8 @@
|
|||
/*
|
||||
* COPYRIGHT: See COPYING in the top level directory
|
||||
* PROJECT: ReactOS kernel
|
||||
* FILE: ntoskrnl/se/access.c
|
||||
* PURPOSE: Access state functions
|
||||
*
|
||||
* PROGRAMMERS: Alex Ionescu (alex@relsoft.net) -
|
||||
* Based on patch by Javier M. Mellid
|
||||
* PROJECT: ReactOS Kernel
|
||||
* LICENSE: GPL-2.0-or-later (https://spdx.org/licenses/GPL-2.0-or-later)
|
||||
* PURPOSE: Security access state functions support
|
||||
* COPYRIGHT: Copyright Alex Ionescu <alex@relsoft.net>
|
||||
*/
|
||||
|
||||
/* INCLUDES *******************************************************************/
|
||||
|
@ -20,6 +17,32 @@ ERESOURCE SepSubjectContextLock;
|
|||
|
||||
/* PRIVATE FUNCTIONS **********************************************************/
|
||||
|
||||
/**
|
||||
* @brief
|
||||
* Checks if a SID is present in a token.
|
||||
*
|
||||
* @param[in] _Token
|
||||
* A valid token object.
|
||||
*
|
||||
* @param[in] PrincipalSelfSid
|
||||
* A principal self SID.
|
||||
*
|
||||
* @param[in] _Sid
|
||||
* A regular SID.
|
||||
*
|
||||
* @param[in] Deny
|
||||
* If set to TRUE, the caller expected that a SID in a token
|
||||
* must be a deny-only SID, that is, access checks are performed
|
||||
* only for deny-only ACEs of the said SID.
|
||||
*
|
||||
* @param[in] Restricted
|
||||
* If set to TRUE, the caller expects that a SID in a token is
|
||||
* restricted.
|
||||
*
|
||||
* @return
|
||||
* Returns TRUE if the specified SID in the call is present in the token,
|
||||
* FALSE otherwise.
|
||||
*/
|
||||
BOOLEAN
|
||||
NTAPI
|
||||
SepSidInTokenEx(IN PACCESS_TOKEN _Token,
|
||||
|
@ -106,6 +129,20 @@ SepSidInTokenEx(IN PACCESS_TOKEN _Token,
|
|||
return FALSE;
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief
|
||||
* Checks if a SID is present in a token.
|
||||
*
|
||||
* @param[in] _Token
|
||||
* A valid token object.
|
||||
*
|
||||
* @param[in] _Sid
|
||||
* A regular SID.
|
||||
*
|
||||
* @return
|
||||
* Returns TRUE if the specified SID in the call is present in the token,
|
||||
* FALSE otherwise.
|
||||
*/
|
||||
BOOLEAN
|
||||
NTAPI
|
||||
SepSidInToken(IN PACCESS_TOKEN _Token,
|
||||
|
@ -115,6 +152,24 @@ SepSidInToken(IN PACCESS_TOKEN _Token,
|
|||
return SepSidInTokenEx(_Token, NULL, Sid, FALSE, FALSE);
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief
|
||||
* Checks if a token belongs to the main user, being the owner.
|
||||
*
|
||||
* @param[in] _Token
|
||||
* A valid token object.
|
||||
*
|
||||
* @param[in] SecurityDescriptor
|
||||
* A security descriptor where the owner is to be found.
|
||||
*
|
||||
* @param[in] TokenLocked
|
||||
* If set to TRUE, the token has been already locked and there's
|
||||
* no need to lock it again. Otherwise the function will acquire
|
||||
* the lock.
|
||||
*
|
||||
* @return
|
||||
* Returns TRUE if the token belongs to a owner, FALSE otherwise.
|
||||
*/
|
||||
BOOLEAN
|
||||
NTAPI
|
||||
SepTokenIsOwner(IN PACCESS_TOKEN _Token,
|
||||
|
@ -146,6 +201,19 @@ SepTokenIsOwner(IN PACCESS_TOKEN _Token,
|
|||
return Result;
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief
|
||||
* Retrieves token control information.
|
||||
*
|
||||
* @param[in] _Token
|
||||
* A valid token object.
|
||||
*
|
||||
* @param[out] SecurityDescriptor
|
||||
* The returned token control information.
|
||||
*
|
||||
* @return
|
||||
* Nothing.
|
||||
*/
|
||||
VOID
|
||||
NTAPI
|
||||
SeGetTokenControlInformation(IN PACCESS_TOKEN _Token,
|
||||
|
@ -169,6 +237,41 @@ SeGetTokenControlInformation(IN PACCESS_TOKEN _Token,
|
|||
SepReleaseTokenLock(Token);
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief
|
||||
* Creates a client security context based upon an access token.
|
||||
*
|
||||
* @param[in] Token
|
||||
* A valid token object.
|
||||
*
|
||||
* @param[in] ClientSecurityQos
|
||||
* The Quality of Service (QoS) of a client security context.
|
||||
*
|
||||
* @param[in] ServerIsRemote
|
||||
* If the client is a remote server (TRUE), the function will retrieve the
|
||||
* control information of an access token, that is, we're doing delegation
|
||||
* and that the server isn't local.
|
||||
*
|
||||
* @param[in] TokenType
|
||||
* Type of token.
|
||||
*
|
||||
* @param[in] ThreadEffectiveOnly
|
||||
* If set to TRUE, the client wants that the current thread wants to modify
|
||||
* (enable or disable) privileges and groups.
|
||||
*
|
||||
* @param[in] ImpersonationLevel
|
||||
* Security impersonation level filled in the QoS context.
|
||||
*
|
||||
* @param[out] ClientContext
|
||||
* The returned security client context.
|
||||
*
|
||||
* @return
|
||||
* Returns STATUS_SUCCESS if client security creation has completed successfully.
|
||||
* STATUS_INVALID_PARAMETER is returned if one or more of the parameters are bogus.
|
||||
* STATUS_BAD_IMPERSONATION_LEVEL is returned if the current impersonation level
|
||||
* within QoS context doesn't meet with the conditions required. A failure
|
||||
* NTSTATUS code is returned otherwise.
|
||||
*/
|
||||
NTSTATUS
|
||||
NTAPI
|
||||
SepCreateClientSecurity(IN PACCESS_TOKEN Token,
|
||||
|
@ -258,8 +361,24 @@ SepCreateClientSecurity(IN PACCESS_TOKEN Token,
|
|||
|
||||
/* PUBLIC FUNCTIONS ***********************************************************/
|
||||
|
||||
/*
|
||||
* @implemented
|
||||
/**
|
||||
* @brief
|
||||
* An extended function that captures the security subject context based upon
|
||||
* the specified thread and process.
|
||||
*
|
||||
* @param[in] Thread
|
||||
* A thread where the calling thread's token is to be referenced for
|
||||
* the security context.
|
||||
*
|
||||
* @param[in] Process
|
||||
* A process where the main process' token is to be referenced for
|
||||
* the security context.
|
||||
*
|
||||
* @param[out] SubjectContext
|
||||
* The returned security subject context.
|
||||
*
|
||||
* @return
|
||||
* Nothing.
|
||||
*/
|
||||
VOID
|
||||
NTAPI
|
||||
|
@ -293,8 +412,16 @@ SeCaptureSubjectContextEx(IN PETHREAD Thread,
|
|||
SubjectContext->PrimaryToken = PsReferencePrimaryToken(Process);
|
||||
}
|
||||
|
||||
/*
|
||||
* @implemented
|
||||
/**
|
||||
* @brief
|
||||
* Captures the security subject context of the calling thread and calling
|
||||
* process.
|
||||
*
|
||||
* @param[out] SubjectContext
|
||||
* The returned security subject context.
|
||||
*
|
||||
* @return
|
||||
* Nothing.
|
||||
*/
|
||||
VOID
|
||||
NTAPI
|
||||
|
@ -306,8 +433,16 @@ SeCaptureSubjectContext(OUT PSECURITY_SUBJECT_CONTEXT SubjectContext)
|
|||
SubjectContext);
|
||||
}
|
||||
|
||||
/*
|
||||
* @implemented
|
||||
/**
|
||||
* @brief
|
||||
* Locks both the referenced primary and client access tokens of a
|
||||
* security subject context.
|
||||
*
|
||||
* @param[in] SubjectContext
|
||||
* A valid security context with both referenced tokens.
|
||||
*
|
||||
* @return
|
||||
* Nothing.
|
||||
*/
|
||||
VOID
|
||||
NTAPI
|
||||
|
@ -328,8 +463,16 @@ SeLockSubjectContext(IN PSECURITY_SUBJECT_CONTEXT SubjectContext)
|
|||
SepAcquireTokenLockShared(ClientToken);
|
||||
}
|
||||
|
||||
/*
|
||||
* @implemented
|
||||
/**
|
||||
* @brief
|
||||
* Unlocks both the referenced primary and client access tokens of a
|
||||
* security subject context.
|
||||
*
|
||||
* @param[in] SubjectContext
|
||||
* A valid security context with both referenced tokens.
|
||||
*
|
||||
* @return
|
||||
* Nothing.
|
||||
*/
|
||||
VOID
|
||||
NTAPI
|
||||
|
@ -352,8 +495,16 @@ SeUnlockSubjectContext(IN PSECURITY_SUBJECT_CONTEXT SubjectContext)
|
|||
SepReleaseTokenLock(PrimaryToken);
|
||||
}
|
||||
|
||||
/*
|
||||
* @implemented
|
||||
/**
|
||||
* @brief
|
||||
* Releases both the primary and client tokens of a security
|
||||
* subject context.
|
||||
*
|
||||
* @param[in] SubjectContext
|
||||
* The captured security context.
|
||||
*
|
||||
* @return
|
||||
* Nothing.
|
||||
*/
|
||||
VOID
|
||||
NTAPI
|
||||
|
@ -370,8 +521,30 @@ SeReleaseSubjectContext(IN PSECURITY_SUBJECT_CONTEXT SubjectContext)
|
|||
SubjectContext->ClientToken = NULL;
|
||||
}
|
||||
|
||||
/*
|
||||
* @implemented
|
||||
/**
|
||||
* @brief
|
||||
* An extended function that creates an access state.
|
||||
*
|
||||
* @param[in] Thread
|
||||
* Valid thread object where subject context is to be captured.
|
||||
*
|
||||
* @param[in] Process
|
||||
* Valid process object where subject context is to be captured.
|
||||
*
|
||||
* @param[in, out] AccessState
|
||||
* An initialized returned parameter to an access state.
|
||||
*
|
||||
* @param[in] AuxData
|
||||
* Auxiliary security data for access state.
|
||||
*
|
||||
* @param[in] Access
|
||||
* Type of access mask to assign.
|
||||
*
|
||||
* @param[in] GenericMapping
|
||||
* Generic mapping for the access state to assign.
|
||||
*
|
||||
* @return
|
||||
* Returns STATUS_SUCCESS.
|
||||
*/
|
||||
NTSTATUS
|
||||
NTAPI
|
||||
|
@ -431,8 +604,24 @@ SeCreateAccessStateEx(IN PETHREAD Thread,
|
|||
return STATUS_SUCCESS;
|
||||
}
|
||||
|
||||
/*
|
||||
* @implemented
|
||||
/**
|
||||
* @brief
|
||||
* Creates an access state.
|
||||
*
|
||||
* @param[in, out] AccessState
|
||||
* An initialized returned parameter to an access state.
|
||||
*
|
||||
* @param[in] AuxData
|
||||
* Auxiliary security data for access state.
|
||||
*
|
||||
* @param[in] Access
|
||||
* Type of access mask to assign.
|
||||
*
|
||||
* @param[in] GenericMapping
|
||||
* Generic mapping for the access state to assign.
|
||||
*
|
||||
* @return
|
||||
* See SeCreateAccessStateEx.
|
||||
*/
|
||||
NTSTATUS
|
||||
NTAPI
|
||||
|
@ -452,8 +641,15 @@ SeCreateAccessState(IN OUT PACCESS_STATE AccessState,
|
|||
GenericMapping);
|
||||
}
|
||||
|
||||
/*
|
||||
* @implemented
|
||||
/**
|
||||
* @brief
|
||||
* Deletes an allocated access state from the memory.
|
||||
*
|
||||
* @param[in] AccessState
|
||||
* A valid access state.
|
||||
*
|
||||
* @return
|
||||
* Nothing.
|
||||
*/
|
||||
VOID
|
||||
NTAPI
|
||||
|
@ -484,8 +680,18 @@ SeDeleteAccessState(IN PACCESS_STATE AccessState)
|
|||
SeReleaseSubjectContext(&AccessState->SubjectSecurityContext);
|
||||
}
|
||||
|
||||
/*
|
||||
* @implemented
|
||||
/**
|
||||
* @brief
|
||||
* Sets a new generic mapping for an allocated access state.
|
||||
*
|
||||
* @param[in] AccessState
|
||||
* A valid access state.
|
||||
*
|
||||
* @param[in] GenericMapping
|
||||
* New generic mapping to assign.
|
||||
*
|
||||
* @return
|
||||
* Nothing.
|
||||
*/
|
||||
VOID
|
||||
NTAPI
|
||||
|
@ -498,8 +704,24 @@ SeSetAccessStateGenericMapping(IN PACCESS_STATE AccessState,
|
|||
((PAUX_ACCESS_DATA)AccessState->AuxData)->GenericMapping = *GenericMapping;
|
||||
}
|
||||
|
||||
/*
|
||||
* @implemented
|
||||
/**
|
||||
* @brief
|
||||
* Creates a client security context.
|
||||
*
|
||||
* @param[in] Thread
|
||||
* Thread object of the client where impersonation has to begin.
|
||||
*
|
||||
* @param[in] Qos
|
||||
* Quality of service to specify what kind of impersonation to be done.
|
||||
*
|
||||
* @param[in] RemoteClient
|
||||
* If set to TRUE, the client that we're going to impersonate is remote.
|
||||
*
|
||||
* @param[out] ClientContext
|
||||
* The returned security client context.
|
||||
*
|
||||
* @return
|
||||
* See SepCreateClientSecurity.
|
||||
*/
|
||||
NTSTATUS
|
||||
NTAPI
|
||||
|
@ -541,8 +763,26 @@ SeCreateClientSecurity(IN PETHREAD Thread,
|
|||
return Status;
|
||||
}
|
||||
|
||||
/*
|
||||
* @implemented
|
||||
/**
|
||||
* @brief
|
||||
* Creates a client security context based upon the captured security
|
||||
* subject context.
|
||||
*
|
||||
* @param[in] SubjectContext
|
||||
* The captured subject context where client security is to be created
|
||||
* from.
|
||||
*
|
||||
* @param[in] ClientSecurityQos
|
||||
* Quality of service to specify what kind of impersonation to be done.
|
||||
*
|
||||
* @param[in] ServerIsRemote
|
||||
* If set to TRUE, the client that we're going to impersonate is remote.
|
||||
*
|
||||
* @param[out] ClientContext
|
||||
* The returned security client context.
|
||||
*
|
||||
* @return
|
||||
* See SepCreateClientSecurity.
|
||||
*/
|
||||
NTSTATUS
|
||||
NTAPI
|
||||
|
@ -581,8 +821,19 @@ SeCreateClientSecurityFromSubjectContext(IN PSECURITY_SUBJECT_CONTEXT SubjectCon
|
|||
return Status;
|
||||
}
|
||||
|
||||
/*
|
||||
* @implemented
|
||||
/**
|
||||
* @brief
|
||||
* Extended function that impersonates a client.
|
||||
*
|
||||
* @param[in] ClientContext
|
||||
* A valid client context.
|
||||
*
|
||||
* @param[in] ServerThread
|
||||
* The thread where impersonation is to be done.
|
||||
*
|
||||
* @return
|
||||
* STATUS_SUCCESS is returned if the calling thread successfully impersonates
|
||||
* the client. A failure NTSTATUS code is returned otherwise.
|
||||
*/
|
||||
NTSTATUS
|
||||
NTAPI
|
||||
|
@ -615,8 +866,18 @@ SeImpersonateClientEx(IN PSECURITY_CLIENT_CONTEXT ClientContext,
|
|||
ClientContext->SecurityQos.ImpersonationLevel);
|
||||
}
|
||||
|
||||
/*
|
||||
* @implemented
|
||||
/**
|
||||
* @brief
|
||||
* Impersonates a client user.
|
||||
*
|
||||
* @param[in] ClientContext
|
||||
* A valid client context.
|
||||
*
|
||||
* @param[in] ServerThread
|
||||
* The thread where impersonation is to be done.
|
||||
* *
|
||||
* @return
|
||||
* Nothing.
|
||||
*/
|
||||
VOID
|
||||
NTAPI
|
||||
|
|
|
@ -1,10 +1,9 @@
|
|||
/*
|
||||
* COPYRIGHT: See COPYING in the top level directory
|
||||
* PROJECT: ReactOS kernel
|
||||
* FILE: ntoskrnl/se/accesschk.c
|
||||
* PURPOSE: Security manager
|
||||
*
|
||||
* PROGRAMMERS: No programmer listed.
|
||||
* PROJECT: ReactOS Kernel
|
||||
* LICENSE: GPL-2.0-or-later (https://spdx.org/licenses/GPL-2.0-or-later)
|
||||
* PURPOSE: Security access check control implementation
|
||||
* COPYRIGHT: Copyright Timo Kreuzer <timo.kreuzer@reactos.org>
|
||||
* Copyright Eric Kohl
|
||||
*/
|
||||
|
||||
/* INCLUDES *******************************************************************/
|
||||
|
@ -18,8 +17,53 @@
|
|||
|
||||
/* PRIVATE FUNCTIONS **********************************************************/
|
||||
|
||||
/*
|
||||
* FIXME: Incomplete!
|
||||
/**
|
||||
* @brief
|
||||
* Private function that determines whether security access rights can be given
|
||||
* to an object depending on the security descriptor and other security context
|
||||
* entities, such as an owner.
|
||||
*
|
||||
* @param[in] SecurityDescriptor
|
||||
* Security descriptor of the object that is being accessed.
|
||||
*
|
||||
* @param[in] SubjectSecurityContext
|
||||
* The captured subject security context.
|
||||
*
|
||||
* @param[in] DesiredAccess
|
||||
* Access right bitmask that the calling thread wants to acquire.
|
||||
*
|
||||
* @param[in] ObjectTypeListLength
|
||||
* The length of a object type list.
|
||||
*
|
||||
* @param[in] PreviouslyGrantedAccess
|
||||
* The access rights previously acquired in the past.
|
||||
*
|
||||
* @param[out] Privileges
|
||||
* The returned set of privileges.
|
||||
*
|
||||
* @param[in] GenericMapping
|
||||
* The generic mapping of access rights of an object type.
|
||||
*
|
||||
* @param[in] AccessMode
|
||||
* The processor request level mode.
|
||||
*
|
||||
* @param[out] GrantedAccessList
|
||||
* A list of granted access rights.
|
||||
*
|
||||
* @param[out] AccessStatusList
|
||||
* The returned status code specifying why access cannot be made
|
||||
* onto an object (if said access is denied in the first place).
|
||||
*
|
||||
* @param[in] UseResultList
|
||||
* If set to TRUE, the function will return complete lists of
|
||||
* access status codes and granted access rights.
|
||||
*
|
||||
* @return
|
||||
* Returns TRUE if access onto the specific object is allowed, FALSE
|
||||
* otherwise.
|
||||
*
|
||||
* @remarks
|
||||
* The function is currently incomplete!
|
||||
*/
|
||||
BOOLEAN NTAPI
|
||||
SepAccessCheck(IN PSECURITY_DESCRIPTOR SecurityDescriptor,
|
||||
|
@ -286,6 +330,17 @@ ReturnCommonStatus:
|
|||
return NT_SUCCESS(Status);
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief
|
||||
* Retrieves the main user from a security descriptor.
|
||||
*
|
||||
* @param[in] SecurityDescriptor
|
||||
* A valid allocated security descriptor structure where the owner
|
||||
* is to be retrieved.
|
||||
*
|
||||
* @return
|
||||
* Returns a SID that represents the main user (owner).
|
||||
*/
|
||||
static PSID
|
||||
SepGetSDOwner(IN PSECURITY_DESCRIPTOR _SecurityDescriptor)
|
||||
{
|
||||
|
@ -301,6 +356,17 @@ SepGetSDOwner(IN PSECURITY_DESCRIPTOR _SecurityDescriptor)
|
|||
return Owner;
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief
|
||||
* Retrieves the group from a security descriptor.
|
||||
*
|
||||
* @param[in] SecurityDescriptor
|
||||
* A valid allocated security descriptor structure where the group
|
||||
* is to be retrieved.
|
||||
*
|
||||
* @return
|
||||
* Returns a SID that represents a group.
|
||||
*/
|
||||
static PSID
|
||||
SepGetSDGroup(IN PSECURITY_DESCRIPTOR _SecurityDescriptor)
|
||||
{
|
||||
|
@ -316,6 +382,16 @@ SepGetSDGroup(IN PSECURITY_DESCRIPTOR _SecurityDescriptor)
|
|||
return Group;
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief
|
||||
* Retrieves the length size of a set list of privileges structure.
|
||||
*
|
||||
* @param[in] PrivilegeSet
|
||||
* A valid set of privileges.
|
||||
*
|
||||
* @return
|
||||
* Returns the total length of a set of privileges.
|
||||
*/
|
||||
static
|
||||
ULONG
|
||||
SepGetPrivilegeSetLength(IN PPRIVILEGE_SET PrivilegeSet)
|
||||
|
@ -332,8 +408,47 @@ SepGetPrivilegeSetLength(IN PPRIVILEGE_SET PrivilegeSet)
|
|||
|
||||
/* PUBLIC FUNCTIONS ***********************************************************/
|
||||
|
||||
/*
|
||||
* @implemented
|
||||
/**
|
||||
* @brief
|
||||
* Determines whether security access rights can be given to an object
|
||||
* depending on the security descriptor and other security context
|
||||
* entities, such as an owner.
|
||||
*
|
||||
* @param[in] SecurityDescriptor
|
||||
* Security descriptor of the object that is being accessed.
|
||||
*
|
||||
* @param[in] SubjectSecurityContext
|
||||
* The captured subject security context.
|
||||
*
|
||||
* @param[in] SubjectContextLocked
|
||||
* If set to TRUE, a lock must be acquired for the security subject
|
||||
* context.
|
||||
*
|
||||
* @param[in] DesiredAccess
|
||||
* Access right bitmask that the calling thread wants to acquire.
|
||||
*
|
||||
* @param[in] PreviouslyGrantedAccess
|
||||
* The access rights previously acquired in the past.
|
||||
*
|
||||
* @param[out] Privileges
|
||||
* The returned set of privileges.
|
||||
*
|
||||
* @param[in] GenericMapping
|
||||
* The generic mapping of access rights of an object type.
|
||||
*
|
||||
* @param[in] AccessMode
|
||||
* The processor request level mode.
|
||||
*
|
||||
* @param[out] GrantedAccess
|
||||
* A list of granted access rights.
|
||||
*
|
||||
* @param[out] AccessStatus
|
||||
* The returned status code specifying why access cannot be made
|
||||
* onto an object (if said access is denied in the first place).
|
||||
*
|
||||
* @return
|
||||
* Returns TRUE if access onto the specific object is allowed, FALSE
|
||||
* otherwise.
|
||||
*/
|
||||
BOOLEAN
|
||||
NTAPI
|
||||
|
@ -452,8 +567,29 @@ SeAccessCheck(IN PSECURITY_DESCRIPTOR SecurityDescriptor,
|
|||
return ret;
|
||||
}
|
||||
|
||||
/*
|
||||
* @implemented
|
||||
/**
|
||||
* @brief
|
||||
* Determines whether security access rights can be given to an object
|
||||
* depending on the security descriptor. Unlike the regular access check
|
||||
* procedure in the NT kernel, the fast traverse check is a faster way
|
||||
* to quickly check if access can be made into an object.
|
||||
*
|
||||
* @param[in] SecurityDescriptor
|
||||
* Security descriptor of the object that is being accessed.
|
||||
*
|
||||
* @param[in] AccessState
|
||||
* An access state to determine if the access token in the current
|
||||
* security context of the object is an restricted token.
|
||||
*
|
||||
* @param[in] DesiredAccess
|
||||
* The access right bitmask where the calling thread wants to acquire.
|
||||
*
|
||||
* @param[in] AccessMode
|
||||
* Process level request mode.
|
||||
*
|
||||
* @return
|
||||
* Returns TRUE if access onto the specific object is allowed, FALSE
|
||||
* otherwise.
|
||||
*/
|
||||
BOOLEAN
|
||||
NTAPI
|
||||
|
@ -521,8 +657,48 @@ SeFastTraverseCheck(IN PSECURITY_DESCRIPTOR SecurityDescriptor,
|
|||
|
||||
/* SYSTEM CALLS ***************************************************************/
|
||||
|
||||
/*
|
||||
* @implemented
|
||||
/**
|
||||
* @brief
|
||||
* Determines whether security access rights can be given to an object
|
||||
* depending on the security descriptor and a valid handle to an access
|
||||
* token.
|
||||
*
|
||||
* @param[in] SecurityDescriptor
|
||||
* Security descriptor of the object that is being accessed.
|
||||
*
|
||||
* @param[in] TokenHandle
|
||||
* A handle to a token.
|
||||
*
|
||||
* @param[in] DesiredAccess
|
||||
* The access right bitmask where the calling thread wants to acquire.
|
||||
*
|
||||
* @param[in] GenericMapping
|
||||
* The generic mapping of access rights of an object type.
|
||||
*
|
||||
* @param[out] PrivilegeSet
|
||||
* The returned set of privileges.
|
||||
*
|
||||
* @param[in,out] PrivilegeSetLength
|
||||
* The total length size of a set of privileges.
|
||||
*
|
||||
* @param[out] GrantedAccess
|
||||
* A list of granted access rights.
|
||||
*
|
||||
* @param[out] AccessStatus
|
||||
* The returned status code specifying why access cannot be made
|
||||
* onto an object (if said access is denied in the first place).
|
||||
*
|
||||
* @return
|
||||
* Returns STATUS_SUCCESS if access check has been done without problems
|
||||
* and that the object can be accessed. STATUS_GENERIC_NOT_MAPPED is returned
|
||||
* if no generic access right is mapped. STATUS_NO_IMPERSONATION_TOKEN is returned
|
||||
* if the token from the handle is not an impersonation token.
|
||||
* STATUS_BAD_IMPERSONATION_LEVEL is returned if the token cannot be impersonated
|
||||
* because the current security impersonation level doesn't permit so.
|
||||
* STATUS_INVALID_SECURITY_DESCR is returned if the security descriptor given
|
||||
* to the call is not a valid one. STATUS_BUFFER_TOO_SMALL is returned if
|
||||
* the buffer to the captured privileges has a length that is less than the required
|
||||
* size of the set of privileges. A failure NTSTATUS code is returned otherwise.
|
||||
*/
|
||||
NTSTATUS
|
||||
NTAPI
|
||||
|
@ -768,7 +944,48 @@ NtAccessCheck(IN PSECURITY_DESCRIPTOR SecurityDescriptor,
|
|||
return STATUS_SUCCESS;
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* @brief
|
||||
* Determines whether security access could be granted or not on
|
||||
* an object by the requestor who wants such access through type.
|
||||
*
|
||||
* @param[in] SecurityDescriptor
|
||||
* A security descriptor with information data for auditing.
|
||||
*
|
||||
* @param[in] PrincipalSelfSid
|
||||
* A principal self user SID.
|
||||
*
|
||||
* @param[in] ClientToken
|
||||
* A client access token.
|
||||
*
|
||||
* @param[in] DesiredAccess
|
||||
* The desired access masks rights requested by the caller.
|
||||
*
|
||||
* @param[in] ObjectTypeList
|
||||
* A list of object types.
|
||||
*
|
||||
* @param[in] ObjectTypeLength
|
||||
* The length size of the list.
|
||||
*
|
||||
* @param[in] GenericMapping
|
||||
* The generic mapping list of access masks rights.
|
||||
*
|
||||
* @param[in] PrivilegeSet
|
||||
* An array set of privileges.
|
||||
*
|
||||
* @param[in,out] PrivilegeSetLength
|
||||
* The length size of the array set of privileges.
|
||||
*
|
||||
* @param[out] GrantedAccess
|
||||
* The returned granted access rights.
|
||||
*
|
||||
* @param[out] AccessStatus
|
||||
* The returned NTSTATUS code indicating the final results
|
||||
* of auditing.
|
||||
*
|
||||
* @return
|
||||
* To be added...
|
||||
*/
|
||||
NTSTATUS
|
||||
NTAPI
|
||||
NtAccessCheckByType(IN PSECURITY_DESCRIPTOR SecurityDescriptor,
|
||||
|
@ -787,6 +1004,49 @@ NtAccessCheckByType(IN PSECURITY_DESCRIPTOR SecurityDescriptor,
|
|||
return STATUS_NOT_IMPLEMENTED;
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief
|
||||
* Determines whether security access could be granted or not on
|
||||
* an object by the requestor who wants such access through
|
||||
* type list.
|
||||
*
|
||||
* @param[in] SecurityDescriptor
|
||||
* A security descriptor with information data for auditing.
|
||||
*
|
||||
* @param[in] PrincipalSelfSid
|
||||
* A principal self user SID.
|
||||
*
|
||||
* @param[in] ClientToken
|
||||
* A client access token.
|
||||
*
|
||||
* @param[in] DesiredAccess
|
||||
* The desired access masks rights requested by the caller.
|
||||
*
|
||||
* @param[in] ObjectTypeList
|
||||
* A list of object types.
|
||||
*
|
||||
* @param[in] ObjectTypeLength
|
||||
* The length size of the list.
|
||||
*
|
||||
* @param[in] GenericMapping
|
||||
* The generic mapping list of access masks rights.
|
||||
*
|
||||
* @param[in] PrivilegeSet
|
||||
* An array set of privileges.
|
||||
*
|
||||
* @param[in,out] PrivilegeSetLength
|
||||
* The length size of the array set of privileges.
|
||||
*
|
||||
* @param[out] GrantedAccess
|
||||
* The returned granted access rights.
|
||||
*
|
||||
* @param[out] AccessStatus
|
||||
* The returned NTSTATUS code indicating the final results
|
||||
* of auditing.
|
||||
*
|
||||
* @return
|
||||
* To be added...
|
||||
*/
|
||||
NTSTATUS
|
||||
NTAPI
|
||||
NtAccessCheckByTypeResultList(IN PSECURITY_DESCRIPTOR SecurityDescriptor,
|
||||
|
|
|
@ -1,10 +1,8 @@
|
|||
/*
|
||||
* COPYRIGHT: See COPYING in the top level directory
|
||||
* PROJECT: ReactOS kernel
|
||||
* FILE: ntoskrnl/se/acl.c
|
||||
* PURPOSE: Security manager
|
||||
*
|
||||
* PROGRAMMERS: David Welch <welch@cwcom.net>
|
||||
* PROJECT: ReactOS Kernel
|
||||
* LICENSE: GPL-2.0-or-later (https://spdx.org/licenses/GPL-2.0-or-later)
|
||||
* PURPOSE: Access control lists (ACLs) implementation
|
||||
* COPYRIGHT: Copyright David Welch <welch@cwcom.net>
|
||||
*/
|
||||
|
||||
/* INCLUDES *******************************************************************/
|
||||
|
@ -25,6 +23,15 @@ PACL SeSystemAnonymousLogonDacl = NULL;
|
|||
|
||||
/* FUNCTIONS ******************************************************************/
|
||||
|
||||
/**
|
||||
* @brief
|
||||
* Initializes known discretionary access control lists in the system upon
|
||||
* kernel and Executive initialization procedure.
|
||||
*
|
||||
* @return
|
||||
* Returns TRUE if all the DACLs have been successfully initialized,
|
||||
* FALSE otherwise.
|
||||
*/
|
||||
CODE_SEG("INIT")
|
||||
BOOLEAN
|
||||
NTAPI
|
||||
|
@ -246,6 +253,25 @@ SepInitDACLs(VOID)
|
|||
return TRUE;
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief
|
||||
* Allocates a discretionary access control list based on certain properties
|
||||
* of a regular and primary access tokens.
|
||||
*
|
||||
* @param[in] Token
|
||||
* An access token.
|
||||
*
|
||||
* @param[in] PrimaryToken
|
||||
* A primary access token.
|
||||
*
|
||||
* @param[out] Dacl
|
||||
* The returned allocated DACL.
|
||||
*
|
||||
* @return
|
||||
* Returns STATUS_SUCCESS if DACL creation from tokens has completed
|
||||
* successfully. STATUS_INSUFFICIENT_RESOURCES is returned if DACL
|
||||
* allocation from memory pool fails otherwise.
|
||||
*/
|
||||
NTSTATUS
|
||||
NTAPI
|
||||
SepCreateImpersonationTokenDacl(
|
||||
|
@ -294,6 +320,33 @@ SepCreateImpersonationTokenDacl(
|
|||
return STATUS_SUCCESS;
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief
|
||||
* Captures an access control list from an already valid input ACL.
|
||||
*
|
||||
* @param[in] InputAcl
|
||||
* A valid ACL.
|
||||
*
|
||||
* @param[in] AccessMode
|
||||
* Processor level access mode. The processor mode determines how
|
||||
* are the input arguments probed.
|
||||
*
|
||||
* @param[in] PoolType
|
||||
* Pool type for new captured ACL for creation. The pool type determines
|
||||
* how the ACL data should reside in the pool memory.
|
||||
*
|
||||
* @param[in] CaptureIfKernel
|
||||
* If set to TRUE and the processor access mode being KernelMode, we're
|
||||
* capturing an ACL directly in the kernel. Otherwise we're capturing
|
||||
* within a kernel mode driver.
|
||||
*
|
||||
* @param[out] CapturedAcl
|
||||
* The returned and allocated captured ACL.
|
||||
*
|
||||
* @return
|
||||
* Returns STATUS_SUCCESS if the ACL has been successfully captured.
|
||||
* STATUS_INSUFFICIENT_RESOURCES is returned otherwise.
|
||||
*/
|
||||
NTSTATUS
|
||||
NTAPI
|
||||
SepCaptureAcl(IN PACL InputAcl,
|
||||
|
@ -382,6 +435,24 @@ SepCaptureAcl(IN PACL InputAcl,
|
|||
return Status;
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief
|
||||
* Releases (frees) a captured ACL from the memory pool.
|
||||
*
|
||||
* @param[in] CapturedAcl
|
||||
* A valid captured ACL to free.
|
||||
*
|
||||
* @param[in] AccessMode
|
||||
* Processor level access mode.
|
||||
*
|
||||
* @param[in] CaptureIfKernel
|
||||
* If set to TRUE and the processor access mode being KernelMode, we're
|
||||
* releasing an ACL directly in the kernel. Otherwise we're releasing
|
||||
* within a kernel mode driver.
|
||||
*
|
||||
* @return
|
||||
* Nothing.
|
||||
*/
|
||||
VOID
|
||||
NTAPI
|
||||
SepReleaseAcl(IN PACL CapturedAcl,
|
||||
|
@ -398,6 +469,29 @@ SepReleaseAcl(IN PACL CapturedAcl,
|
|||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief
|
||||
* Determines if a certain ACE can or cannot be propagated based on
|
||||
* ACE inheritation flags and whatnot.
|
||||
*
|
||||
* @param[in] AceFlags
|
||||
* Bit flags of an ACE to perform propagation checks.
|
||||
*
|
||||
* @param[out] NewAceFlags
|
||||
* New ACE bit blags based on the specific ACE flags of the first
|
||||
* argument parameter.
|
||||
*
|
||||
* @param[in] IsInherited
|
||||
* If set to TRUE, an ACE is deemed as directly inherited from another
|
||||
* instance. In that case we're allowed to propagate.
|
||||
*
|
||||
* @param[in] IsDirectoryObject
|
||||
* If set to TRUE, an object directly inherits this ACE so we can propagate
|
||||
* it.
|
||||
*
|
||||
* @return
|
||||
* Returns TRUE if an ACE can be propagated, FALSE otherwise.
|
||||
*/
|
||||
BOOLEAN
|
||||
SepShouldPropagateAce(
|
||||
_In_ UCHAR AceFlags,
|
||||
|
@ -446,6 +540,42 @@ SepShouldPropagateAce(
|
|||
return FALSE;
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief
|
||||
* Propagates (copies) an access control list.
|
||||
*
|
||||
* @param[out] AclDest
|
||||
* The destination parameter with propagated ACL.
|
||||
*
|
||||
* @param[in,out] AclLength
|
||||
* The length of the ACL that we propagate.
|
||||
*
|
||||
* @param[in] AclSource
|
||||
* The source instance of a valid ACL.
|
||||
*
|
||||
* @param[in] Owner
|
||||
* A SID that represents the main user that identifies the ACL.
|
||||
*
|
||||
* @param[in] Group
|
||||
* A SID that represents a group that identifies the ACL.
|
||||
*
|
||||
* @param[in] IsInherited
|
||||
* If set to TRUE, that means the ACL is directly inherited.
|
||||
*
|
||||
* @param[in] IsDirectoryObject
|
||||
* If set to TRUE, that means the ACL is directly inherited because
|
||||
* of the object that inherits it.
|
||||
*
|
||||
* @param[in] GenericMapping
|
||||
* Generic mapping of access rights to map only certain effective
|
||||
* ACEs.
|
||||
*
|
||||
* @return
|
||||
* Returns STATUS_SUCCESS if ACL has been propagated successfully.
|
||||
* STATUS_BUFFER_TOO_SMALL is returned if the ACL length is not greater
|
||||
* than the maximum written size of the buffer for ACL propagation
|
||||
* otherwise.
|
||||
*/
|
||||
NTSTATUS
|
||||
SepPropagateAcl(
|
||||
_Out_writes_bytes_opt_(AclLength) PACL AclDest,
|
||||
|
@ -609,6 +739,60 @@ SepPropagateAcl(
|
|||
return STATUS_SUCCESS;
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief
|
||||
* Selects an ACL and returns it to the caller.
|
||||
*
|
||||
* @param[in] ExplicitAcl
|
||||
* If specified, the specified ACL to the call will be
|
||||
* the selected ACL for the caller.
|
||||
*
|
||||
* @param[in] ExplicitPresent
|
||||
* If set to TRUE and with specific ACL filled to the call, the
|
||||
* function will immediately return the specific ACL as the selected
|
||||
* ACL for the caller.
|
||||
*
|
||||
* @param[in] ExplicitDefaulted
|
||||
* If set to FALSE and with specific ACL filled to the call, the ACL
|
||||
* is not a default ACL. Otherwise it's a default ACL that we cannot
|
||||
* select it as is.
|
||||
*
|
||||
* @param[in] ParentAcl
|
||||
* If specified, the parent ACL will be used to determine the exact ACL
|
||||
* length to check if the ACL in question is not empty. If the list
|
||||
* is not empty then the function will select such ACL to the caller.
|
||||
*
|
||||
* @param[in] DefaultAcl
|
||||
* If specified, the default ACL will be the selected one for the caller.
|
||||
*
|
||||
* @param[out] AclLength
|
||||
* The size length of an ACL.
|
||||
*
|
||||
* @param[in] Owner
|
||||
* A SID that represents the main user that identifies the ACL.
|
||||
*
|
||||
* @param[in] Group
|
||||
* A SID that represents a group that identifies the ACL.
|
||||
*
|
||||
* @param[out] AclPresent
|
||||
* The returned boolean value, indicating if the ACL that we want to select
|
||||
* does actually exist.
|
||||
*
|
||||
* @param[out] IsInherited
|
||||
* The returned boolean value, indicating if the ACL we want to select it
|
||||
* is actually inherited or not.
|
||||
*
|
||||
* @param[in] IsDirectoryObject
|
||||
* If set to TRUE, the object inherits this ACL.
|
||||
*
|
||||
* @param[in] GenericMapping
|
||||
* Generic mapping of access rights to map only certain effective
|
||||
* ACEs of an ACL that we want to select it.
|
||||
*
|
||||
* @return
|
||||
* Returns the selected access control list (ACL) to the caller,
|
||||
* NULL otherwise.
|
||||
*/
|
||||
PACL
|
||||
SepSelectAcl(
|
||||
_In_opt_ PACL ExplicitAcl,
|
||||
|
|
1030
ntoskrnl/se/audit.c
1030
ntoskrnl/se/audit.c
File diff suppressed because it is too large
Load diff
|
@ -1,10 +1,10 @@
|
|||
/*
|
||||
* COPYRIGHT: See COPYING in the top level directory
|
||||
* PROJECT: ReactOS kernel
|
||||
* FILE: ntoskrnl/se/priv.c
|
||||
* PURPOSE: Security manager
|
||||
*
|
||||
* PROGRAMMERS: No programmer listed.
|
||||
* PROJECT: ReactOS Kernel
|
||||
* LICENSE: GPL-2.0-or-later (https://spdx.org/licenses/GPL-2.0-or-later)
|
||||
* PURPOSE: Security privileges support
|
||||
* COPYRIGHT: Copyright Alex Ionescu <alex@relsoft.net>
|
||||
* Copyright Timo Kreuzer <timo.kreuzer@reactos.org>
|
||||
* Copyright Eric Kohl
|
||||
*/
|
||||
|
||||
/* INCLUDES ******************************************************************/
|
||||
|
@ -54,6 +54,15 @@ const LUID SeCreateSymbolicLinkPrivilege = CONST_LUID(SE_CREATE_SYMBOLIC_LINK_PR
|
|||
|
||||
/* PRIVATE FUNCTIONS **********************************************************/
|
||||
|
||||
/**
|
||||
* @brief
|
||||
* Initializes the privileges during the startup phase of the security
|
||||
* manager module. This function serves as a placeholder as it currently
|
||||
* does nothing.
|
||||
*
|
||||
* @return
|
||||
* Nothing.
|
||||
*/
|
||||
CODE_SEG("INIT")
|
||||
VOID
|
||||
NTAPI
|
||||
|
@ -62,7 +71,32 @@ SepInitPrivileges(VOID)
|
|||
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* @brief
|
||||
* Checks the privileges pointed by Privileges array argument if they exist and
|
||||
* match with the privileges from an access token.
|
||||
*
|
||||
* @param[in] Token
|
||||
* An access token where privileges are to be checked.
|
||||
*
|
||||
* @param[in] Privileges
|
||||
* An array of privileges with attributes used as checking indicator for
|
||||
* the function.
|
||||
*
|
||||
* @param[in] PrivilegeCount
|
||||
* The total number count of privileges in the array.
|
||||
*
|
||||
* @param[in] PrivilegeControl
|
||||
* Privilege control bit mask to determine if we should check all the
|
||||
* privileges based on the number count of privileges or not.
|
||||
*
|
||||
* @param[in] PreviousMode
|
||||
* Processor level access mode.
|
||||
*
|
||||
* @return
|
||||
* Returns TRUE if the required privileges exist and that they do match.
|
||||
* Otherwise the functions returns FALSE.
|
||||
*/
|
||||
BOOLEAN
|
||||
NTAPI
|
||||
SepPrivilegeCheck(PTOKEN Token,
|
||||
|
@ -129,6 +163,25 @@ SepPrivilegeCheck(PTOKEN Token,
|
|||
return FALSE;
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief
|
||||
* Checks only single privilege based upon the privilege pointed by a LUID and
|
||||
* if it matches with the one from an access token.
|
||||
*
|
||||
* @param[in] PrivilegeValue
|
||||
* The privilege to be checked.
|
||||
*
|
||||
* @param[in] Token
|
||||
* An access token where its privilege is to be checked against the one
|
||||
* provided by the caller.
|
||||
*
|
||||
* @param[in] PreviousMode
|
||||
* Processor level access mode.
|
||||
*
|
||||
* @return
|
||||
* Returns TRUE if the required privilege exists and that it matches
|
||||
* with the one from the access token, FALSE otherwise.
|
||||
*/
|
||||
NTSTATUS
|
||||
NTAPI
|
||||
SepSinglePrivilegeCheck(
|
||||
|
@ -149,6 +202,40 @@ SepSinglePrivilegeCheck(
|
|||
PreviousMode);
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief
|
||||
* Checks the security policy and returns a set of privileges
|
||||
* based upon the said security policy context.
|
||||
*
|
||||
* @param[in,out] DesiredAccess
|
||||
* The desired access right mask.
|
||||
*
|
||||
* @param[in,out] GrantedAccess
|
||||
* The granted access rights masks. The rights are granted depending
|
||||
* on the desired access rights requested by the calling thread.
|
||||
*
|
||||
* @param[in] SubjectContext
|
||||
* Security subject context. If the caller supplies one, the access token
|
||||
* supplied by the caller will be assigned to one of client or primary tokens
|
||||
* of the subject context in question.
|
||||
*
|
||||
* @param[in] Token
|
||||
* An access token.
|
||||
*
|
||||
* @param[out] OutPrivilegeSet
|
||||
* An array set of privileges to be reported to the caller, if the actual
|
||||
* calling thread wants such set of privileges in the first place.
|
||||
*
|
||||
* @param[in] PreviousMode
|
||||
* Processor level access mode.
|
||||
*
|
||||
* @return
|
||||
* Returns STATUS_PRIVILEGE_NOT_HELD if the respective operations have succeeded
|
||||
* without problems. STATUS_PRIVILEGE_NOT_HELD is returned if the access token
|
||||
* doesn't have SeSecurityPrivilege privilege to warrant ACCESS_SYSTEM_SECURITY
|
||||
* access right. STATUS_INSUFFICIENT_RESOURCES is returned if we failed
|
||||
* to allocate block of memory pool for the array set of privileges.
|
||||
*/
|
||||
NTSTATUS
|
||||
NTAPI
|
||||
SePrivilegePolicyCheck(
|
||||
|
@ -248,6 +335,23 @@ SePrivilegePolicyCheck(
|
|||
return STATUS_SUCCESS;
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief
|
||||
* Checks a single privilege and performs an audit
|
||||
* against a privileged service based on a security subject
|
||||
* context.
|
||||
*
|
||||
* @param[in] DesiredAccess
|
||||
* Security subject context used for privileged service
|
||||
* auditing.
|
||||
*
|
||||
* @param[in] PreviousMode
|
||||
* Processor level access mode.
|
||||
*
|
||||
* @return
|
||||
* Returns TRUE if service auditing and privilege checking
|
||||
* tests have succeeded, FALSE otherwise.
|
||||
*/
|
||||
BOOLEAN
|
||||
NTAPI
|
||||
SeCheckAuditPrivilege(
|
||||
|
@ -282,6 +386,48 @@ SeCheckAuditPrivilege(
|
|||
return Result;
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief
|
||||
* Captures a LUID with attributes structure. This function is mainly
|
||||
* tied in the context of privileges.
|
||||
*
|
||||
* @param[in] Src
|
||||
* Source of a valid LUID with attributes structure.
|
||||
*
|
||||
* @param[in] PrivilegeCount
|
||||
* Count number of privileges to be captured.
|
||||
*
|
||||
* @param[in] PreviousMode
|
||||
* Processor level access mode.
|
||||
*
|
||||
* @param[in] AllocatedMem
|
||||
* If specified, the function will use this allocated block memory
|
||||
* buffer for the captured LUID and attributes structure. Otherwise
|
||||
* the function will automatically allocate some buffer for it.
|
||||
*
|
||||
* @param[in] AllocatedLength
|
||||
* The length of the buffer, pointed by AllocatedMem.
|
||||
*
|
||||
* @param[in] PoolType
|
||||
* Pool type of the memory allocation.
|
||||
*
|
||||
* @param[in] CaptureIfKernel
|
||||
* If set to TRUE, the capturing is done in the kernel itself.
|
||||
* FALSE if the capturing is done in a kernel mode driver instead.
|
||||
*
|
||||
* @param[out] Dest
|
||||
* The captured LUID with attributes buffer.
|
||||
*
|
||||
* @param[in,out] Length
|
||||
* The length of the captured privileges count.
|
||||
*
|
||||
* @return
|
||||
* Returns STATUS_SUCCESS if the LUID and attributes array
|
||||
* has been captured successfully. STATUS_INSUFFICIENT_RESOURCES is returned
|
||||
* if memory pool allocation for the captured buffer has failed.
|
||||
* STATUS_BUFFER_TOO_SMALL is returned if the buffer size is less than the
|
||||
* required size.
|
||||
*/
|
||||
NTSTATUS
|
||||
NTAPI
|
||||
SeCaptureLuidAndAttributesArray(PLUID_AND_ATTRIBUTES Src,
|
||||
|
@ -378,6 +524,23 @@ SeCaptureLuidAndAttributesArray(PLUID_AND_ATTRIBUTES Src,
|
|||
return Status;
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief
|
||||
* Releases a LUID with attributes structure.
|
||||
*
|
||||
* @param[in] Privilege
|
||||
* Array of a LUID and attributes that represents a privilege.
|
||||
*
|
||||
* @param[in] PreviousMode
|
||||
* Processor level access mode.
|
||||
*
|
||||
* @param[in] CaptureIfKernel
|
||||
* If set to TRUE, the releasing is done in the kernel itself.
|
||||
* FALSE if the releasing is done in a kernel mode driver instead.
|
||||
*
|
||||
* @return
|
||||
* Nothing.
|
||||
*/
|
||||
VOID
|
||||
NTAPI
|
||||
SeReleaseLuidAndAttributesArray(PLUID_AND_ATTRIBUTES Privilege,
|
||||
|
@ -395,8 +558,21 @@ SeReleaseLuidAndAttributesArray(PLUID_AND_ATTRIBUTES Privilege,
|
|||
|
||||
/* PUBLIC FUNCTIONS ***********************************************************/
|
||||
|
||||
/*
|
||||
* @implemented
|
||||
/**
|
||||
* @brief
|
||||
* Appends additional privileges.
|
||||
*
|
||||
* @param[in] AccessState
|
||||
* Access request to append.
|
||||
*
|
||||
* @param[in] Privileges
|
||||
* Set of new privileges to append.
|
||||
*
|
||||
* @return
|
||||
* Returns STATUS_SUCCESS if the privileges have been successfully
|
||||
* appended. Otherwise STATUS_INSUFFICIENT_RESOURCES is returned,
|
||||
* indicating that pool allocation has failed for the buffer to hold
|
||||
* the new set of privileges.
|
||||
*/
|
||||
NTSTATUS
|
||||
NTAPI
|
||||
|
@ -468,8 +644,15 @@ SeAppendPrivileges(IN OUT PACCESS_STATE AccessState,
|
|||
return STATUS_SUCCESS;
|
||||
}
|
||||
|
||||
/*
|
||||
* @implemented
|
||||
/**
|
||||
* @brief
|
||||
* Frees a set of privileges.
|
||||
*
|
||||
* @param[in] Privileges
|
||||
* Set of privileges array to be freed.
|
||||
*
|
||||
* @return
|
||||
* Nothing.
|
||||
*/
|
||||
VOID
|
||||
NTAPI
|
||||
|
@ -479,8 +662,25 @@ SeFreePrivileges(IN PPRIVILEGE_SET Privileges)
|
|||
ExFreePoolWithTag(Privileges, TAG_PRIVILEGE_SET);
|
||||
}
|
||||
|
||||
/*
|
||||
* @implemented
|
||||
/**
|
||||
* @brief
|
||||
* Checks if a set of privileges exist and match within a
|
||||
* security subject context.
|
||||
*
|
||||
* @param[in] Privileges
|
||||
* A set of privileges where the check must be performed
|
||||
* against the subject context.
|
||||
*
|
||||
* @param[in] SubjectContext
|
||||
* A subject security context.
|
||||
*
|
||||
* @param[in] PreviousMode
|
||||
* Processor level access mode.
|
||||
*
|
||||
* @return
|
||||
* Returns TRUE if all the privileges do exist and match
|
||||
* with the ones specified by the caller and subject
|
||||
* context, FALSE otherwise.
|
||||
*/
|
||||
BOOLEAN
|
||||
NTAPI
|
||||
|
@ -512,8 +712,20 @@ SePrivilegeCheck(PPRIVILEGE_SET Privileges,
|
|||
PreviousMode);
|
||||
}
|
||||
|
||||
/*
|
||||
* @implemented
|
||||
/**
|
||||
* @brief
|
||||
* Checks if a single privilege is present in the context
|
||||
* of the calling thread.
|
||||
*
|
||||
* @param[in] PrivilegeValue
|
||||
* The specific privilege to be checked.
|
||||
*
|
||||
* @param[in] PreviousMode
|
||||
* Processor level access mode.
|
||||
*
|
||||
* @return
|
||||
* Returns TRUE if the privilege is present, FALSE
|
||||
* otherwise.
|
||||
*/
|
||||
BOOLEAN
|
||||
NTAPI
|
||||
|
@ -551,6 +763,28 @@ SeSinglePrivilegeCheck(IN LUID PrivilegeValue,
|
|||
return Result;
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief
|
||||
* Checks a privileged object if such object has
|
||||
* the specific privilege submitted by the caller.
|
||||
*
|
||||
* @param[in] PrivilegeValue
|
||||
* A privilege to be checked against the one from
|
||||
* the object.
|
||||
*
|
||||
* @param[in] ObjectHandle
|
||||
* A handle to any kind of object.
|
||||
*
|
||||
* @param[in] DesiredAccess
|
||||
* Desired access right mask requested by the caller.
|
||||
*
|
||||
* @param[in] PreviousMode
|
||||
* Processor level access mode.
|
||||
*
|
||||
* @return
|
||||
* Returns TRUE if the privilege is present, FALSE
|
||||
* otherwise.
|
||||
*/
|
||||
BOOLEAN
|
||||
NTAPI
|
||||
SeCheckPrivilegedObject(IN LUID PrivilegeValue,
|
||||
|
@ -591,6 +825,30 @@ SeCheckPrivilegedObject(IN LUID PrivilegeValue,
|
|||
|
||||
/* SYSTEM CALLS ***************************************************************/
|
||||
|
||||
/**
|
||||
* @brief
|
||||
* Checks a client access token if it has the required set of
|
||||
* privileges.
|
||||
*
|
||||
* @param[in] ClientToken
|
||||
* A handle to an access client token.
|
||||
*
|
||||
* @param[in] RequiredPrivileges
|
||||
* A set of required privileges to be checked against the privileges
|
||||
* of the access token.
|
||||
*
|
||||
* @param[out] Result
|
||||
* The result, as a boolean value. If TRUE, the token has all the required
|
||||
* privileges, FALSE otherwise.
|
||||
*
|
||||
* @return
|
||||
* Returns STATUS_SUCCESS if the function has completed successfully.
|
||||
* STATUS_INVALID_PARAMETER is returned if the set array of required
|
||||
* privileges has a bogus number of privileges, that is, the array
|
||||
* has a count of privileges that exceeds the maximum threshold
|
||||
* (or in other words, an integer overflow). A failure NTSTATUS code
|
||||
* is returned otherwise.
|
||||
*/
|
||||
NTSTATUS
|
||||
NTAPI
|
||||
NtPrivilegeCheck(IN HANDLE ClientToken,
|
||||
|
|
348
ntoskrnl/se/sd.c
348
ntoskrnl/se/sd.c
|
@ -1,10 +1,8 @@
|
|||
/*
|
||||
* COPYRIGHT: See COPYING in the top level directory
|
||||
* PROJECT: ReactOS kernel
|
||||
* FILE: ntoskrnl/se/sd.c
|
||||
* PURPOSE: Security manager
|
||||
*
|
||||
* PROGRAMMERS: David Welch <welch@cwcom.net>
|
||||
* PROJECT: ReactOS Kernel
|
||||
* LICENSE: GPL-2.0-or-later (https://spdx.org/licenses/GPL-2.0-or-later)
|
||||
* PURPOSE: Security descriptors (SDs) implementation support
|
||||
* COPYRIGHT: Copyright David Welch <welch@cwcom.net>
|
||||
*/
|
||||
|
||||
/* INCLUDES *******************************************************************/
|
||||
|
@ -25,6 +23,14 @@ PSECURITY_DESCRIPTOR SeSystemAnonymousLogonSd = NULL;
|
|||
|
||||
/* PRIVATE FUNCTIONS **********************************************************/
|
||||
|
||||
/**
|
||||
* @brief
|
||||
* Initializes the known security descriptors in the system.
|
||||
*
|
||||
* @return
|
||||
* Returns TRUE if all the security descriptors have been initialized,
|
||||
* FALSE otherwise.
|
||||
*/
|
||||
CODE_SEG("INIT")
|
||||
BOOLEAN
|
||||
NTAPI
|
||||
|
@ -124,6 +130,26 @@ SepInitSDs(VOID)
|
|||
return TRUE;
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief
|
||||
* Sets a "World" security descriptor.
|
||||
*
|
||||
* @param[in] SecurityInformation
|
||||
* Security information details, alongside with the security
|
||||
* descriptor to set the World SD.
|
||||
*
|
||||
* @param[in] SecurityDescriptor
|
||||
* A security descriptor buffer.
|
||||
*
|
||||
* @param[in] BufferLength
|
||||
* Length size of the buffer.
|
||||
*
|
||||
* @return
|
||||
* Returns STATUS_SUCCESS if the World security descriptor has been
|
||||
* set. STATUS_ACCESS_DENIED is returned if the caller hasn't
|
||||
* provided security information details thus the SD cannot
|
||||
* be set.
|
||||
*/
|
||||
NTSTATUS
|
||||
NTAPI
|
||||
SeSetWorldSecurityDescriptor(SECURITY_INFORMATION SecurityInformation,
|
||||
|
@ -217,6 +243,23 @@ SeSetWorldSecurityDescriptor(SECURITY_INFORMATION SecurityInformation,
|
|||
|
||||
/* PUBLIC FUNCTIONS ***********************************************************/
|
||||
|
||||
/**
|
||||
* @brief
|
||||
* Determines the size of a SID.
|
||||
*
|
||||
* @param[in] Sid
|
||||
* A security identifier where its size is to be determined.
|
||||
*
|
||||
* @param[in,out] OutSAC
|
||||
* The returned sub authority count of the security
|
||||
* identifier.
|
||||
*
|
||||
* @param[in] ProcessorMode
|
||||
* Processor level access mode.
|
||||
*
|
||||
* @return
|
||||
* Returns the size length of a security identifier (SID).
|
||||
*/
|
||||
static
|
||||
ULONG
|
||||
DetermineSIDSize(
|
||||
|
@ -248,6 +291,21 @@ DetermineSIDSize(
|
|||
return Size;
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief
|
||||
* Determines the size of an ACL.
|
||||
*
|
||||
* @param[in] Acl
|
||||
* An access control list where its size is to be
|
||||
* determined.
|
||||
*
|
||||
* @param[in] ProcessorMode
|
||||
* Processor level access mode.
|
||||
*
|
||||
* @return
|
||||
* Returns the size length of a an access control
|
||||
* list (ACL).
|
||||
*/
|
||||
static
|
||||
ULONG
|
||||
DetermineACLSize(
|
||||
|
@ -267,6 +325,37 @@ DetermineACLSize(
|
|||
return Size;
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief
|
||||
* Captures a security descriptor.
|
||||
*
|
||||
* @param[in] _OriginalSecurityDescriptor
|
||||
* An already existing and valid security descriptor
|
||||
* to be captured.
|
||||
*
|
||||
* @param[in] CurrentMode
|
||||
* Processor level access mode.
|
||||
*
|
||||
* @param[in] PoolType
|
||||
* Pool type to be used when allocating the captured
|
||||
* buffer.
|
||||
*
|
||||
* @param[in] CaptureIfKernel
|
||||
* Set this to TRUE if capturing is done within the
|
||||
* kernel.
|
||||
*
|
||||
* @param[out] CapturedSecurityDescriptor
|
||||
* The captured security descriptor.
|
||||
*
|
||||
* @return
|
||||
* Returns STATUS_SUCCESS if the operations have been
|
||||
* completed successfully and that the security descriptor
|
||||
* has been captured. STATUS_UNKNOWN_REVISION is returned
|
||||
* if the security descriptor has an unknown revision.
|
||||
* STATUS_INSUFFICIENT_RESOURCES is returned if memory
|
||||
* pool allocation for the captured buffer has failed.
|
||||
* A failure NTSTATUS code is returned otherwise.
|
||||
*/
|
||||
NTSTATUS
|
||||
NTAPI
|
||||
SeCaptureSecurityDescriptor(
|
||||
|
@ -452,8 +541,32 @@ SeCaptureSecurityDescriptor(
|
|||
return STATUS_SUCCESS;
|
||||
}
|
||||
|
||||
/*
|
||||
* @implemented
|
||||
/**
|
||||
* @brief
|
||||
* Queries information details about a security
|
||||
* descriptor.
|
||||
*
|
||||
* @param[in] SecurityInformation
|
||||
* Security information details to be queried
|
||||
* from a security descriptor.
|
||||
*
|
||||
* @param[out] SecurityDescriptor
|
||||
* The returned security descriptor with security information
|
||||
* data.
|
||||
*
|
||||
* @param[in,out] Length
|
||||
* The returned length of a security descriptor.
|
||||
*
|
||||
* @param[in,out] ObjectsSecurityDescriptor
|
||||
* The returned object security descriptor.
|
||||
*
|
||||
* @return
|
||||
* Returns STATUS_SUCCESS if the operations have been
|
||||
* completed successfully and that the specific information
|
||||
* about the security descriptor has been queried.
|
||||
* STATUS_BUFFER_TOO_SMALL is returned if the buffer size
|
||||
* is too small to contain the queried info about the
|
||||
* security descriptor.
|
||||
*/
|
||||
_IRQL_requires_max_(PASSIVE_LEVEL)
|
||||
NTSTATUS
|
||||
|
@ -600,8 +713,22 @@ SeQuerySecurityDescriptorInfo(
|
|||
return STATUS_SUCCESS;
|
||||
}
|
||||
|
||||
/*
|
||||
* @implemented
|
||||
/**
|
||||
* @brief
|
||||
* Releases a captured security descriptor buffer.
|
||||
*
|
||||
* @param[in] CapturedSecurityDescriptor
|
||||
* The captured security descriptor to be freed.
|
||||
*
|
||||
* @param[in] CurrentMode
|
||||
* Processor level access mode.
|
||||
*
|
||||
* @param[in] CaptureIfKernelMode
|
||||
* Set this to TRUE if the releasing is to be done within
|
||||
* the kernel.
|
||||
*
|
||||
* @return
|
||||
* Returns STATUS_SUCCESS.
|
||||
*/
|
||||
NTSTATUS
|
||||
NTAPI
|
||||
|
@ -627,8 +754,32 @@ SeReleaseSecurityDescriptor(IN PSECURITY_DESCRIPTOR CapturedSecurityDescriptor,
|
|||
return STATUS_SUCCESS;
|
||||
}
|
||||
|
||||
/*
|
||||
* @implemented
|
||||
/**
|
||||
* @brief
|
||||
* Modifies some information data about a security
|
||||
* descriptor.
|
||||
*
|
||||
* @param[in] Object
|
||||
* If specified, the function will use this arbitrary
|
||||
* object that points to an object security descriptor.
|
||||
*
|
||||
* @param[in] SecurityInformation
|
||||
* Security information details to be set.
|
||||
*
|
||||
* @param[in] SecurityDescriptor
|
||||
* A security descriptor where its info is to be changed.
|
||||
*
|
||||
* @param[in,out] ObjectsSecurityDescriptor
|
||||
* The returned pointer to security descriptor objects.
|
||||
*
|
||||
* @param[in] PoolType
|
||||
* Pool type for the new security descriptor to allocate.
|
||||
*
|
||||
* @param[in] GenericMapping
|
||||
* The generic mapping of access rights masks.
|
||||
*
|
||||
* @return
|
||||
* See SeSetSecurityDescriptorInfoEx.
|
||||
*/
|
||||
_IRQL_requires_max_(PASSIVE_LEVEL)
|
||||
NTSTATUS
|
||||
|
@ -652,8 +803,42 @@ SeSetSecurityDescriptorInfo(
|
|||
GenericMapping);
|
||||
}
|
||||
|
||||
/*
|
||||
* @implemented
|
||||
/**
|
||||
* @brief
|
||||
* An extended function that sets new information data to
|
||||
* a security descriptor.
|
||||
*
|
||||
* @param[in] Object
|
||||
* If specified, the function will use this arbitrary
|
||||
* object that points to an object security descriptor.
|
||||
*
|
||||
* @param[in] SecurityInformation
|
||||
* Security information details to be set.
|
||||
*
|
||||
* @param[in] SecurityDescriptor
|
||||
* A security descriptor where its info is to be changed.
|
||||
*
|
||||
* @param[in,out] ObjectsSecurityDescriptor
|
||||
* The returned pointer to security descriptor objects.
|
||||
*
|
||||
* @param[in] AutoInheritFlags
|
||||
* Flags bitmask inheritation, influencing how the security
|
||||
* descriptor can be inherited and if it can be in the first
|
||||
* place.
|
||||
*
|
||||
* @param[in] PoolType
|
||||
* Pool type for the new security descriptor to allocate.
|
||||
*
|
||||
* @param[in] GenericMapping
|
||||
* The generic mapping of access rights masks.
|
||||
*
|
||||
* @return
|
||||
* Returns STATUS_SUCCESS if the operations have been
|
||||
* completed without problems and that new info has been
|
||||
* set to the security descriptor. STATUS_NO_SECURITY_ON_OBJECT
|
||||
* is returned if the object does not have a security descriptor.
|
||||
* STATUS_INSUFFICIENT_RESOURCES is returned if memory pool allocation
|
||||
* for the new security descriptor with new info set has failed.
|
||||
*/
|
||||
_IRQL_requires_max_(PASSIVE_LEVEL)
|
||||
NTSTATUS
|
||||
|
@ -795,9 +980,22 @@ SeSetSecurityDescriptorInfoEx(
|
|||
return STATUS_SUCCESS;
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
* @implemented
|
||||
/**
|
||||
* @brief
|
||||
* Determines if a security descriptor is valid according
|
||||
* to the general security requirements and conditions
|
||||
* set by the kernel.
|
||||
*
|
||||
* @param[in] Length
|
||||
* The length of a security descriptor.
|
||||
*
|
||||
* @param[in] _SecurityDescriptor
|
||||
* A security descriptor where its properties are to be
|
||||
* checked for validity.
|
||||
*
|
||||
* @return
|
||||
* Returns TRUE if the given security descriptor is valid,
|
||||
* FALSE otherwise.
|
||||
*/
|
||||
BOOLEAN NTAPI
|
||||
SeValidSecurityDescriptor(IN ULONG Length,
|
||||
|
@ -932,8 +1130,15 @@ SeValidSecurityDescriptor(IN ULONG Length,
|
|||
return TRUE;
|
||||
}
|
||||
|
||||
/*
|
||||
* @implemented
|
||||
/**
|
||||
* @brief
|
||||
* Frees a security descriptor.
|
||||
*
|
||||
* @param[in] SecurityDescriptor
|
||||
* A security descriptor to be freed from memory.
|
||||
*
|
||||
* @return
|
||||
* Returns STATUS_SUCCESS.
|
||||
*/
|
||||
_IRQL_requires_max_(PASSIVE_LEVEL)
|
||||
NTSTATUS
|
||||
|
@ -952,8 +1157,58 @@ SeDeassignSecurity(
|
|||
return STATUS_SUCCESS;
|
||||
}
|
||||
|
||||
/*
|
||||
* @implemented
|
||||
/**
|
||||
* @brief
|
||||
* An extended function that assigns a security descriptor for a new
|
||||
* object.
|
||||
*
|
||||
* @param[in] _ParentDescriptor
|
||||
* A security descriptor of the parent object that is being
|
||||
* created.
|
||||
*
|
||||
* @param[in] _ExplicitDescriptor
|
||||
* An explicit security descriptor that is applied to a new
|
||||
* object.
|
||||
*
|
||||
* @param[out] NewDescriptor
|
||||
* The new allocated security descriptor.
|
||||
*
|
||||
* @param[in] ObjectType
|
||||
* The type of the new object.
|
||||
*
|
||||
* @param[in] IsDirectoryObject
|
||||
* Set this to TRUE if the newly created object is a directory
|
||||
* object, otherwise set this to FALSE.
|
||||
*
|
||||
* @param[in] AutoInheritFlags
|
||||
* Automatic inheritance flags that influence how access control
|
||||
* entries within ACLs from security descriptors are inherited.
|
||||
*
|
||||
* @param[in] SubjectContext
|
||||
* Security subject context of the new object.
|
||||
*
|
||||
* @param[in] GenericMapping
|
||||
* Generic mapping of access mask rights.
|
||||
*
|
||||
* @param[in] PoolType
|
||||
* This parameter is unused.
|
||||
*
|
||||
* @return
|
||||
* Returns STATUS_SUCCESS if the operations have been completed
|
||||
* successfully and that the security descriptor has been
|
||||
* assigned to the new object. STATUS_NO_TOKEN is returned
|
||||
* if the caller hasn't supplied a valid argument to a security
|
||||
* subject context. STATUS_INVALID_OWNER is returned if the caller
|
||||
* hasn't supplied a parent descriptor that belongs to the main
|
||||
* user (owner). STATUS_INVALID_PRIMARY_GROUP is returned
|
||||
* by the same reason as with the previous NTSTATUS code.
|
||||
* The two NTSTATUS codes are returned if the calling thread
|
||||
* stated that the owner and/or group is defaulted to the
|
||||
* parent descriptor (SEF_DEFAULT_OWNER_FROM_PARENT and/or
|
||||
* SEF_DEFAULT_GROUP_FROM_PARENT respectively).
|
||||
* STATUS_INSUFFICIENT_RESOURCES is returned if memory pool allocation
|
||||
* for the descriptor buffer has failed. A failure NTSTATUS is returned
|
||||
* otherwise.
|
||||
*/
|
||||
_IRQL_requires_max_(PASSIVE_LEVEL)
|
||||
NTSTATUS
|
||||
|
@ -1244,8 +1499,36 @@ SeAssignSecurityEx(
|
|||
return STATUS_SUCCESS;
|
||||
}
|
||||
|
||||
/*
|
||||
* @implemented
|
||||
/**
|
||||
* @brief
|
||||
* Assigns a security descriptor for a new object.
|
||||
*
|
||||
* @param[in] ParentDescriptor
|
||||
* A security descriptor of the parent object that is being
|
||||
* created.
|
||||
*
|
||||
* @param[in] ExplicitDescriptor
|
||||
* An explicit security descriptor that is applied to a new
|
||||
* object.
|
||||
*
|
||||
* @param[out] NewDescriptor
|
||||
* The new allocated security descriptor.
|
||||
*
|
||||
* @param[in] IsDirectoryObject
|
||||
* Set this to TRUE if the newly created object is a directory
|
||||
* object, otherwise set this to FALSE.
|
||||
*
|
||||
* @param[in] SubjectContext
|
||||
* Security subject context of the new object.
|
||||
*
|
||||
* @param[in] GenericMapping
|
||||
* Generic mapping of access mask rights.
|
||||
*
|
||||
* @param[in] PoolType
|
||||
* This parameter is unused.
|
||||
*
|
||||
* @return
|
||||
* See SeAssignSecurityEx.
|
||||
*/
|
||||
_IRQL_requires_max_(PASSIVE_LEVEL)
|
||||
NTSTATUS
|
||||
|
@ -1272,8 +1555,23 @@ SeAssignSecurity(
|
|||
PoolType);
|
||||
}
|
||||
|
||||
/*
|
||||
* @implemented
|
||||
/**
|
||||
* @brief
|
||||
* Computes the quota size of a security descriptor.
|
||||
*
|
||||
* @param[in] SecurityDescriptor
|
||||
* A security descriptor.
|
||||
*
|
||||
* @param[out] QuotaInfoSize
|
||||
* The returned quota size of the given security descriptor to
|
||||
* the caller. The function may return 0 to this parameter if
|
||||
* the descriptor doesn't have a group or a discretionary
|
||||
* access control list (DACL) even.
|
||||
*
|
||||
* @return
|
||||
* Returns STATUS_SUCCESS if the quota size of a security
|
||||
* descriptor has been computed successfully. STATUS_UNKNOWN_REVISION
|
||||
* is returned if the security descriptor has an invalid revision.
|
||||
*/
|
||||
_IRQL_requires_max_(PASSIVE_LEVEL)
|
||||
NTSTATUS
|
||||
|
|
|
@ -1,10 +1,11 @@
|
|||
/*
|
||||
* COPYRIGHT: See COPYING in the top level directory
|
||||
* PROJECT: ReactOS kernel
|
||||
* FILE: ntoskrnl/se/semgr.c
|
||||
* PURPOSE: Security manager
|
||||
*
|
||||
* PROGRAMMERS: No programmer listed.
|
||||
* PROJECT: ReactOS Kernel
|
||||
* LICENSE: GPL-2.0-or-later (https://spdx.org/licenses/GPL-2.0-or-later)
|
||||
* PURPOSE: Security manager infrastructure
|
||||
* COPYRIGHT: Copyright Timo Kreuzer <timo.kreuzer@reactos.org>
|
||||
* Copyright Eric Kohl
|
||||
* Copyright Aleksey Bragin
|
||||
* Copyright Alex Ionescu <alex@relsoft.net>
|
||||
*/
|
||||
|
||||
/* INCLUDES *******************************************************************/
|
||||
|
@ -26,6 +27,14 @@ extern ERESOURCE SepSubjectContextLock;
|
|||
|
||||
/* PRIVATE FUNCTIONS **********************************************************/
|
||||
|
||||
/**
|
||||
* @brief
|
||||
* Initializes all the security exports upon initialization phase of
|
||||
* the module.
|
||||
*
|
||||
* @return
|
||||
* Returns TRUE.
|
||||
*/
|
||||
static
|
||||
CODE_SEG("INIT")
|
||||
BOOLEAN
|
||||
|
@ -91,7 +100,15 @@ SepInitExports(VOID)
|
|||
return TRUE;
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* @brief
|
||||
* Handles the phase 0 procedure of the SRM initialization.
|
||||
*
|
||||
* @return
|
||||
* Returns TRUE if the phase 0 initialization has succeeded and that
|
||||
* we can proceed further with next initialization phase, FALSE
|
||||
* otherwise.
|
||||
*/
|
||||
CODE_SEG("INIT")
|
||||
BOOLEAN
|
||||
NTAPI
|
||||
|
@ -137,6 +154,14 @@ SepInitializationPhase0(VOID)
|
|||
return TRUE;
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief
|
||||
* Handles the phase 1 procedure of the SRM initialization.
|
||||
*
|
||||
* @return
|
||||
* Returns TRUE if the phase 1 initialization has succeeded, FALSE
|
||||
* otherwise.
|
||||
*/
|
||||
CODE_SEG("INIT")
|
||||
BOOLEAN
|
||||
NTAPI
|
||||
|
@ -245,6 +270,15 @@ SepInitializationPhase1(VOID)
|
|||
return TRUE;
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief
|
||||
* Main security manager initialization function.
|
||||
*
|
||||
* @return
|
||||
* Returns a boolean value according to the phase initialization
|
||||
* routine that handles it. If TRUE, the routine deems the initialization
|
||||
* phase as complete, FALSE otherwise.
|
||||
*/
|
||||
CODE_SEG("INIT")
|
||||
BOOLEAN
|
||||
NTAPI
|
||||
|
@ -275,6 +309,43 @@ SeInitSystem(VOID)
|
|||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief
|
||||
* Internal function that is responsible for querying, deleting, assigning and
|
||||
* setting a security descriptor for an object in the NT kernel. It is the default
|
||||
* security method for objects regarding the security context of objects.
|
||||
*
|
||||
* @param[in] Object
|
||||
* The object that has the default security method, which the function has been
|
||||
* called upon.
|
||||
*
|
||||
* @param[in] OperationType
|
||||
* Operation type to perform to that object.
|
||||
*
|
||||
* @param[in] SecurityInformation
|
||||
* Auxiliary security information of the object.
|
||||
*
|
||||
* @param[in] SecurityDescriptor
|
||||
* A security descriptor. This SD is used accordingly to the operation type
|
||||
* requested by the caller.
|
||||
*
|
||||
* @param[in] ReturnLength
|
||||
* The length size of the queried security descriptor, in bytes.
|
||||
*
|
||||
* @param[in] OldSecurityDescriptor
|
||||
* The old SD that belonged to the object, in case we're either deleting
|
||||
* or replacing it.
|
||||
*
|
||||
* @param[in] PoolType
|
||||
* Pool type allocation for the security descriptor.
|
||||
*
|
||||
* @param[in] GenericMapping
|
||||
* The generic mapping of access rights masks for the object.
|
||||
*
|
||||
* @return
|
||||
* Returns STATUS_SUCCESS if the specific operation tasked has been
|
||||
* completed. Otherwise a failure NTSTATUS code is returned.
|
||||
*/
|
||||
NTSTATUS
|
||||
NTAPI
|
||||
SeDefaultObjectMethod(IN PVOID Object,
|
||||
|
@ -336,6 +407,20 @@ SeDefaultObjectMethod(IN PVOID Object,
|
|||
return STATUS_SUCCESS;
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief
|
||||
* Queries the access mask from a security information context.
|
||||
*
|
||||
* @param[in] SecurityInformation
|
||||
* The security information context where the access mask is to be
|
||||
* gathered.
|
||||
*
|
||||
* @param[out] DesiredAccess
|
||||
* The queried access mask right.
|
||||
*
|
||||
* @return
|
||||
* Nothing.
|
||||
*/
|
||||
VOID
|
||||
NTAPI
|
||||
SeQuerySecurityAccessMask(IN SECURITY_INFORMATION SecurityInformation,
|
||||
|
@ -355,6 +440,19 @@ SeQuerySecurityAccessMask(IN SECURITY_INFORMATION SecurityInformation,
|
|||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief
|
||||
* Sets the access mask for a security information context.
|
||||
*
|
||||
* @param[in] SecurityInformation
|
||||
* The security information context to apply a new access right.
|
||||
*
|
||||
* @param[out] DesiredAccess
|
||||
* The returned access mask right.
|
||||
*
|
||||
* @return
|
||||
* Nothing.
|
||||
*/
|
||||
VOID
|
||||
NTAPI
|
||||
SeSetSecurityAccessMask(IN SECURITY_INFORMATION SecurityInformation,
|
||||
|
@ -378,6 +476,30 @@ SeSetSecurityAccessMask(IN SECURITY_INFORMATION SecurityInformation,
|
|||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* @unimplemented
|
||||
* @brief
|
||||
* Report a security event to the security manager.
|
||||
*
|
||||
* @param[in] Flags
|
||||
* Flags that influence how the event should be reported.
|
||||
*
|
||||
* @param[in] SourceName
|
||||
* A Unicode string that represents the source name of the event.
|
||||
*
|
||||
* @param[in] UserSid
|
||||
* The SID that represents a user that initiated the reporting.
|
||||
*
|
||||
* @param[in] AuditParameters
|
||||
* An array of parameters for auditing purposes. This is used
|
||||
* for reporting the event which the security manager will take
|
||||
* care subsequently of doing eventual security auditing.
|
||||
*
|
||||
* @return
|
||||
* Returns STATUS_SUCCESS if the security event has been reported.
|
||||
* STATUS_INVALID_PARAMETER is returned if one of the parameters
|
||||
* do not satisfy the requirements expected by the function.
|
||||
*/
|
||||
NTSTATUS
|
||||
NTAPI
|
||||
SeReportSecurityEvent(
|
||||
|
@ -447,6 +569,28 @@ SeReportSecurityEvent(
|
|||
return STATUS_SUCCESS;
|
||||
}
|
||||
|
||||
/**
|
||||
* @unimplemented
|
||||
* @brief
|
||||
* Sets an array of audit parameters for later security auditing use.
|
||||
*
|
||||
* @param[in,out] AuditParameters
|
||||
* An array of audit parameters to be set.
|
||||
*
|
||||
* @param[in] Type
|
||||
* The type of audit parameters to be set.
|
||||
*
|
||||
* @param[in] Index
|
||||
* Index number that represents an instance of an audit parameters.
|
||||
* Such index must be within the maximum range of audit parameters.
|
||||
*
|
||||
* @param[in] Data
|
||||
* An arbitrary buffer data that is bounds to what kind of audit parameter
|
||||
* type must be set.
|
||||
*
|
||||
* @return
|
||||
* To be added...
|
||||
*/
|
||||
_Const_
|
||||
NTSTATUS
|
||||
NTAPI
|
||||
|
|
|
@ -1,10 +1,8 @@
|
|||
/*
|
||||
* COPYRIGHT: See COPYING in the top level directory
|
||||
* PROJECT: ReactOS kernel
|
||||
* FILE: ntoskrnl/se/sid.c
|
||||
* PURPOSE: Security manager
|
||||
*
|
||||
* PROGRAMMERS: David Welch <welch@cwcom.net>
|
||||
* PROJECT: ReactOS Kernel
|
||||
* LICENSE: GPL-2.0-or-later (https://spdx.org/licenses/GPL-2.0-or-later)
|
||||
* PURPOSE: Security Identifier (SID) implementation support and handling
|
||||
* COPYRIGHT: Copyright David Welch <welch@cwcom.net>
|
||||
*/
|
||||
|
||||
/* INCLUDES *******************************************************************/
|
||||
|
@ -54,6 +52,13 @@ PSID SeNetworkServiceSid = NULL;
|
|||
|
||||
/* FUNCTIONS ******************************************************************/
|
||||
|
||||
/**
|
||||
* @brief
|
||||
* Frees all the known initialized SIDs in the system from the memory.
|
||||
*
|
||||
* @return
|
||||
* Nothing.
|
||||
*/
|
||||
VOID
|
||||
NTAPI
|
||||
FreeInitializedSids(VOID)
|
||||
|
@ -88,6 +93,14 @@ FreeInitializedSids(VOID)
|
|||
if (SeAnonymousLogonSid) ExFreePoolWithTag(SeAnonymousLogonSid, TAG_SID);
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief
|
||||
* Initializes all the SIDs known in the system.
|
||||
*
|
||||
* @return
|
||||
* Returns TRUE if all the SIDs have been initialized,
|
||||
* FALSE otherwise.
|
||||
*/
|
||||
CODE_SEG("INIT")
|
||||
BOOLEAN
|
||||
NTAPI
|
||||
|
@ -263,6 +276,31 @@ SepInitSecurityIDs(VOID)
|
|||
return TRUE;
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief
|
||||
* Captures a SID.
|
||||
*
|
||||
* @param[in] InputSid
|
||||
* A valid security identifier to be captured.
|
||||
*
|
||||
* @param[in] AccessMode
|
||||
* Processor level access mode.
|
||||
*
|
||||
* @param[in] PoolType
|
||||
* Pool memory type for the captured SID to assign upon
|
||||
* allocation.
|
||||
*
|
||||
* @param[in] CaptureIfKernel
|
||||
* If set to TRUE, the capturing is done within the kernel.
|
||||
* Otherwise the capturing is done in a kernel mode driver.
|
||||
*
|
||||
* @param[out] CapturedSid
|
||||
* The captured security identifier, returned to the caller.
|
||||
*
|
||||
* @return
|
||||
* Returns STATUS_SUCCESS if the SID was captured. STATUS_INSUFFICIENT_RESOURCES
|
||||
* is returned if memory pool allocation for the captured SID has failed.
|
||||
*/
|
||||
NTSTATUS
|
||||
NTAPI
|
||||
SepCaptureSid(IN PSID InputSid,
|
||||
|
@ -331,6 +369,23 @@ SepCaptureSid(IN PSID InputSid,
|
|||
return STATUS_SUCCESS;
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief
|
||||
* Releases a captured SID.
|
||||
*
|
||||
* @param[in] CapturedSid
|
||||
* The captured SID to be released.
|
||||
*
|
||||
* @param[in] AccessMode
|
||||
* Processor level access mode.
|
||||
*
|
||||
* @param[in] CaptureIfKernel
|
||||
* If set to TRUE, the releasing is done within the kernel.
|
||||
* Otherwise the releasing is done in a kernel mode driver.
|
||||
*
|
||||
* @return
|
||||
* Nothing.
|
||||
*/
|
||||
VOID
|
||||
NTAPI
|
||||
SepReleaseSid(IN PSID CapturedSid,
|
||||
|
@ -347,6 +402,52 @@ SepReleaseSid(IN PSID CapturedSid,
|
|||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief
|
||||
* Captures a SID with attributes.
|
||||
*
|
||||
* @param[in] SrcSidAndAttributes
|
||||
* Source of the SID with attributes to be captured.
|
||||
*
|
||||
* @param[in] AttributeCount
|
||||
* The number count of attributes, in total.
|
||||
*
|
||||
* @param[in] PreviousMode
|
||||
* Processor access level mode.
|
||||
*
|
||||
* @param[in] AllocatedMem
|
||||
* The allocated memory buffer for the captured SID. If the caller
|
||||
* supplies no allocated block of memory then the function will
|
||||
* allocate some buffer block of memory for the captured SID
|
||||
* automatically.
|
||||
*
|
||||
* @param[in] AllocatedLength
|
||||
* The length of the buffer that points to the allocated memory,
|
||||
* in bytes.
|
||||
*
|
||||
* @param[in] PoolType
|
||||
* The pool type for the captured SID and attributes to assign.
|
||||
*
|
||||
* @param[in] CaptureIfKernel
|
||||
* If set to TRUE, the capturing is done within the kernel.
|
||||
* Otherwise the capturing is done in a kernel mode driver.
|
||||
*
|
||||
* @param[out] CapturedSidAndAttributes
|
||||
* The captured SID and attributes.
|
||||
*
|
||||
* @param[out] ResultLength
|
||||
* The length of the captured SID and attributes, in bytes.
|
||||
*
|
||||
* @return
|
||||
* Returns STATUS_SUCCESS if SID and attributes capturing
|
||||
* has been completed successfully. STATUS_INVALID_PARAMETER
|
||||
* is returned if the count of attributes exceeds the maximum
|
||||
* threshold that the kernel can permit. STATUS_INSUFFICIENT_RESOURCES
|
||||
* is returned if memory pool allocation for the captured SID has failed.
|
||||
* STATUS_BUFFER_TOO_SMALL is returned if the length of the allocated
|
||||
* buffer is less than the required size. A failure NTSTATUS code is
|
||||
* returned otherwise.
|
||||
*/
|
||||
NTSTATUS
|
||||
NTAPI
|
||||
SeCaptureSidAndAttributesArray(
|
||||
|
@ -548,6 +649,23 @@ SeCaptureSidAndAttributesArray(
|
|||
return Status;
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief
|
||||
* Releases a captured SID with attributes.
|
||||
*
|
||||
* @param[in] CapturedSidAndAttributes
|
||||
* The captured SID with attributes to be released.
|
||||
*
|
||||
* @param[in] AccessMode
|
||||
* Processor access level mode.
|
||||
*
|
||||
* @param[in] CaptureIfKernel
|
||||
* If set to TRUE, the releasing is done within the kernel.
|
||||
* Otherwise the releasing is done in a kernel mode driver.
|
||||
*
|
||||
* @return
|
||||
* Nothing.
|
||||
*/
|
||||
VOID
|
||||
NTAPI
|
||||
SeReleaseSidAndAttributesArray(
|
||||
|
@ -564,5 +682,4 @@ SeReleaseSidAndAttributesArray(
|
|||
}
|
||||
}
|
||||
|
||||
|
||||
/* EOF */
|
||||
|
|
|
@ -13,9 +13,6 @@
|
|||
#define NDEBUG
|
||||
#include <debug.h>
|
||||
|
||||
extern LUID SeSystemAuthenticationId;
|
||||
extern LUID SeAnonymousAuthenticationId;
|
||||
|
||||
/* PRIVATE DEFINITIONS ********************************************************/
|
||||
|
||||
typedef struct _SEP_LOGON_SESSION_TERMINATED_NOTIFICATION
|
||||
|
@ -42,6 +39,9 @@ SepRmCreateLogonSession(
|
|||
|
||||
/* GLOBALS ********************************************************************/
|
||||
|
||||
extern LUID SeSystemAuthenticationId;
|
||||
extern LUID SeAnonymousAuthenticationId;
|
||||
|
||||
HANDLE SeRmCommandPort;
|
||||
HANDLE SeLsaInitEvent;
|
||||
|
||||
|
@ -62,7 +62,6 @@ KGUARDED_MUTEX SepRmDbLock;
|
|||
PSEP_LOGON_SESSION_REFERENCES SepLogonSessions = NULL;
|
||||
PSEP_LOGON_SESSION_TERMINATED_NOTIFICATION SepLogonNotifications = NULL;
|
||||
|
||||
|
||||
/* PRIVATE FUNCTIONS **********************************************************/
|
||||
|
||||
/**
|
||||
|
@ -163,7 +162,15 @@ Cleanup:
|
|||
return Status;
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* @brief
|
||||
* Manages the phase 0 initialization of the security reference
|
||||
* monitoring module of the kernel.
|
||||
*
|
||||
* @return
|
||||
* Returns TRUE when phase 0 initialization has completed without
|
||||
* problems, FALSE otherwise.
|
||||
*/
|
||||
BOOLEAN
|
||||
NTAPI
|
||||
SeRmInitPhase0(VOID)
|
||||
|
@ -190,7 +197,15 @@ SeRmInitPhase0(VOID)
|
|||
return TRUE;
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* @brief
|
||||
* Manages the phase 1 initialization of the security reference
|
||||
* monitoring module of the kernel.
|
||||
*
|
||||
* @return
|
||||
* Returns TRUE when phase 1 initialization has completed without
|
||||
* problems, FALSE otherwise.
|
||||
*/
|
||||
BOOLEAN
|
||||
NTAPI
|
||||
SeRmInitPhase1(VOID)
|
||||
|
@ -247,6 +262,13 @@ SeRmInitPhase1(VOID)
|
|||
return TRUE;
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief
|
||||
* Initializes the local security authority audit bounds.
|
||||
*
|
||||
* @return
|
||||
* Nothing.
|
||||
*/
|
||||
static
|
||||
VOID
|
||||
SepAdtInitializeBounds(VOID)
|
||||
|
@ -285,7 +307,18 @@ SepAdtInitializeBounds(VOID)
|
|||
SepAdtMaxListLength = ListBounds.MaxLength;
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* @brief
|
||||
* Sets an audit event for future security auditing monitoring.
|
||||
*
|
||||
* @param[in,out] Message
|
||||
* The reference monitoring API message. It is used to determine
|
||||
* if the right API message number is provided, RmAuditSetCommand
|
||||
* in this case.
|
||||
*
|
||||
* @return
|
||||
* Returns STATUS_SUCCESS.
|
||||
*/
|
||||
static
|
||||
NTSTATUS
|
||||
SepRmSetAuditEvent(
|
||||
|
@ -456,6 +489,24 @@ SepRmRemoveLogonSessionFromToken(
|
|||
return STATUS_SUCCESS;
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief
|
||||
* Creates a logon session. The security reference monitoring (SRM)
|
||||
* module of Executive uses this as an internal kernel data for
|
||||
* respective logon sessions management within the kernel,
|
||||
* as in form of a SEP_LOGON_SESSION_REFERENCES data structure.
|
||||
*
|
||||
* @param[in,out] LogonLuid
|
||||
* A logon ID represented as a LUID. This LUID is used to create
|
||||
* our logon session and add it to the sessions database.
|
||||
*
|
||||
* @return
|
||||
* Returns STATUS_SUCCESS if the logon has been created successfully.
|
||||
* STATUS_LOGON_SESSION_EXISTS is returned if a logon session with
|
||||
* the pointed logon ID in the call already exists.
|
||||
* STATUS_INSUFFICIENT_RESOURCES is returned if logon session allocation
|
||||
* has failed because of lack of memory pool resources.
|
||||
*/
|
||||
static
|
||||
NTSTATUS
|
||||
SepRmCreateLogonSession(
|
||||
|
@ -627,7 +678,19 @@ Leave:
|
|||
return Status;
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* @brief
|
||||
* References a logon session.
|
||||
*
|
||||
* @param[in,out] LogonLuid
|
||||
* A valid LUID that points to the logon session in the database that
|
||||
* we're going to reference it.
|
||||
*
|
||||
* @return
|
||||
* Returns STATUS_SUCCESS if the logon has been referenced.
|
||||
* STATUS_NO_SUCH_LOGON_SESSION is returned if the session couldn't be
|
||||
* found otherwise.
|
||||
*/
|
||||
NTSTATUS
|
||||
SepRmReferenceLogonSession(
|
||||
PLUID LogonLuid)
|
||||
|
@ -667,6 +730,22 @@ SepRmReferenceLogonSession(
|
|||
return STATUS_NO_SUCH_LOGON_SESSION;
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief
|
||||
* Cleans the DOS device map directory of a logon
|
||||
* session.
|
||||
*
|
||||
* @param[in] LogonLuid
|
||||
* A logon session ID where its DOS device map directory
|
||||
* is to be cleaned.
|
||||
*
|
||||
* @return
|
||||
* Returns STATUS_SUCCESS if the device map directory has been
|
||||
* successfully cleaned from the logon session. STATUS_INVALID_PARAMETER
|
||||
* is returned if the caller hasn't submitted any logon ID. STATUS_NO_MEMORY
|
||||
* is returned if buffer allocation for links has failed. A failure
|
||||
* NTSTATUS code is returned otherwise.
|
||||
*/
|
||||
static
|
||||
NTSTATUS
|
||||
SepCleanupLUIDDeviceMapDirectory(
|
||||
|
@ -910,7 +989,21 @@ AllocateLinksAgain:
|
|||
return Status;
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* @brief
|
||||
* De-references a logon session. If the session has a reference
|
||||
* count of 0 by the time the function has de-referenced the logon,
|
||||
* that means the session is no longer used and can be safely deleted
|
||||
* from the logon sessions database.
|
||||
*
|
||||
* @param[in,out] LogonLuid
|
||||
* A logon session ID to de-reference.
|
||||
*
|
||||
* @return
|
||||
* Returns STATUS_SUCCESS if the logon session has been de-referenced
|
||||
* without issues. STATUS_NO_SUCH_LOGON_SESSION is returned if no
|
||||
* such logon exists otherwise.
|
||||
*/
|
||||
NTSTATUS
|
||||
SepRmDereferenceLogonSession(
|
||||
PLUID LogonLuid)
|
||||
|
@ -965,7 +1058,18 @@ SepRmDereferenceLogonSession(
|
|||
return STATUS_NO_SUCH_LOGON_SESSION;
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* @brief
|
||||
* Main SRM server thread initialization function. It deals
|
||||
* with security manager and LSASS port connection, thus
|
||||
* thereby allowing communication between the kernel side
|
||||
* (the SRM) and user mode side (the LSASS) of the security
|
||||
* world of the operating system.
|
||||
*
|
||||
* @return
|
||||
* Returns TRUE if command server connection between SRM
|
||||
* and LSASS has succeeded, FALSE otherwise.
|
||||
*/
|
||||
BOOLEAN
|
||||
NTAPI
|
||||
SepRmCommandServerThreadInit(VOID)
|
||||
|
@ -1108,6 +1212,15 @@ Cleanup:
|
|||
return Result;
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief
|
||||
* Manages the SRM server API commands, that is, receiving such API
|
||||
* command messages from the user mode side of the security standpoint,
|
||||
* the LSASS.
|
||||
*
|
||||
* @return
|
||||
* Nothing.
|
||||
*/
|
||||
VOID
|
||||
NTAPI
|
||||
SepRmCommandServerThread(
|
||||
|
@ -1211,8 +1324,23 @@ SepRmCommandServerThread(
|
|||
|
||||
/* PUBLIC FUNCTIONS ***********************************************************/
|
||||
|
||||
/*
|
||||
* @unimplemented
|
||||
/**
|
||||
* @brief
|
||||
* Retrieves the DOS device map from a logon session.
|
||||
*
|
||||
* @param[in] LogonId
|
||||
* A valid logon session ID.
|
||||
*
|
||||
* @param[out] DeviceMap
|
||||
* The returned device map buffer from the logon session.
|
||||
*
|
||||
* @return
|
||||
* Returns STATUS_SUCCESS if the device map could be gathered
|
||||
* from the logon session. STATUS_INVALID_PARAMETER is returned if
|
||||
* one of the parameters aren't initialized (that is, the caller has
|
||||
* submitted a NULL pointer variable). STATUS_NO_SUCH_LOGON_SESSION is
|
||||
* returned if no such session could be found. A failure NTSTATUS code
|
||||
* is returned otherwise.
|
||||
*/
|
||||
NTSTATUS
|
||||
NTAPI
|
||||
|
@ -1425,9 +1553,20 @@ SeMarkLogonSessionForTerminationNotification(
|
|||
return STATUS_SUCCESS;
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
* @implemented
|
||||
/**
|
||||
* @brief
|
||||
* Registers a callback that will be called once a logon session
|
||||
* terminates.
|
||||
*
|
||||
* @param[in] CallbackRoutine
|
||||
* Callback routine address.
|
||||
*
|
||||
* @return
|
||||
* Returns STATUS_SUCCESS if the callback routine was registered
|
||||
* successfully. STATUS_INVALID_PARAMETER is returned if the caller
|
||||
* did not provide a callback routine. STATUS_INSUFFICIENT_RESOURCES
|
||||
* is returned if the callback notification data couldn't be allocated
|
||||
* because of lack of memory pool resources.
|
||||
*/
|
||||
NTSTATUS
|
||||
NTAPI
|
||||
|
@ -1464,9 +1603,19 @@ SeRegisterLogonSessionTerminatedRoutine(
|
|||
return STATUS_SUCCESS;
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
* @implemented
|
||||
/**
|
||||
* @brief
|
||||
* Un-registers a callback routine, previously registered by
|
||||
* SeRegisterLogonSessionTerminatedRoutine function.
|
||||
*
|
||||
* @param[in] CallbackRoutine
|
||||
* Callback routine address to un-register.
|
||||
*
|
||||
* @return
|
||||
* Returns STATUS_SUCCESS if the callback routine was un-registered
|
||||
* successfully. STATUS_INVALID_PARAMETER is returned if the caller
|
||||
* did not provide a callback routine. STATUS_NOT_FOUND is returned
|
||||
* if the callback notification item couldn't be found.
|
||||
*/
|
||||
NTSTATUS
|
||||
NTAPI
|
||||
|
@ -1520,3 +1669,5 @@ SeUnregisterLogonSessionTerminatedRoutine(
|
|||
|
||||
return Status;
|
||||
}
|
||||
|
||||
/* EOF */
|
||||
|
|
File diff suppressed because it is too large
Load diff
Loading…
Reference in a new issue