Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2024-06-26 07:51:52 +00:00
Code Issues Packages Projects Releases Wiki Activity

Started security manager initialization.

Browse source 
Some cleanup.

svn path=/trunk/; revision=2637
This commit is contained in:
Eric Kohl 2002-02-20 20:16:49 +00:00
parent 19ad3d7a30
commit 8393800e76
17 changed files with 1584 additions and 571 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
reactos/include/ddk/rtl.h
View file

@ -1,4 +1,4 @@
/* $Id: rtl.h,v 1.59 2002/01/14 01:41:08 ekohl Exp $
/* $Id: rtl.h,v 1.60 2002/02/20 20:09:52 ekohl Exp $
*
*/
@ -1780,6 +1780,9 @@ RtlValidSecurityDescriptor (
PSECURITY_DESCRIPTOR SecurityDescriptor
);
BOOLEAN STDCALL
RtlValidSid(IN PSID Sid);
NTSTATUS
STDCALL
RtlWriteRegistryValue (

85
reactos/include/ddk/sefuncs.h
View file

@ -1,47 +1,52 @@
#ifndef _INCLUDE_DDK_SEFUNCS_H
#define _INCLUDE_DDK_SEFUNCS_H
/* $Id: sefuncs.h,v 1.14 2001/07/06 21:32:43 ekohl Exp $ */
/* $Id: sefuncs.h,v 1.15 2002/02/20 20:09:52 ekohl Exp $ */
BOOLEAN STDCALL SeAccessCheck (IN PSECURITY_DESCRIPTOR SecurityDescriptor,
IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext,
IN BOOLEAN SubjectContextLocked,
IN ACCESS_MASK DesiredAccess,
IN ACCESS_MASK PreviouslyGrantedAccess,
OUT PPRIVILEGE_SET* Privileges,
IN PGENERIC_MAPPING GenericMapping,
IN KPROCESSOR_MODE AccessMode,
OUT PACCESS_MODE GrantedAccess,
OUT PNTSTATUS AccessStatus);
NTSTATUS STDCALL SeAssignSecurity (PSECURITY_DESCRIPTOR ParentDescriptor,
PSECURITY_DESCRIPTOR ExplicitDescriptor,
PSECURITY_DESCRIPTOR* NewDescriptor,
BOOLEAN IsDirectoryObject,
PSECURITY_SUBJECT_CONTEXT SubjectContext,
PGENERIC_MAPPING GenericMapping,
POOL_TYPE PoolType);
NTSTATUS STDCALL SeDeassignSecurity (PSECURITY_DESCRIPTOR* SecurityDescriptor);
BOOLEAN STDCALL SeSinglePrivilegeCheck (LUID PrivilegeValue, KPROCESSOR_MODE PreviousMode);
VOID STDCALL SeImpersonateClient(PSE_SOME_STRUCT2 a,
struct _ETHREAD* Thread);
BOOLEAN STDCALL
SeAccessCheck(IN PSECURITY_DESCRIPTOR SecurityDescriptor,
IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext,
IN BOOLEAN SubjectContextLocked,
IN ACCESS_MASK DesiredAccess,
IN ACCESS_MASK PreviouslyGrantedAccess,
OUT PPRIVILEGE_SET* Privileges,
IN PGENERIC_MAPPING GenericMapping,
IN KPROCESSOR_MODE AccessMode,
OUT PACCESS_MODE GrantedAccess,
OUT PNTSTATUS AccessStatus);
NTSTATUS STDCALL SeCreateClientSecurity(struct _ETHREAD* Thread,
PSECURITY_QUALITY_OF_SERVICE Qos,
ULONG e,
PSE_SOME_STRUCT2 f);
NTSTATUS SeExchangePrimaryToken(struct _EPROCESS* Process,
PACCESS_TOKEN NewToken,
PACCESS_TOKEN* OldTokenP);
VOID STDCALL SeReleaseSubjectContext (PSECURITY_SUBJECT_CONTEXT SubjectContext);
VOID STDCALL SeCaptureSubjectContext (PSECURITY_SUBJECT_CONTEXT SubjectContext);
NTSTATUS SeCaptureLuidAndAttributesArray(PLUID_AND_ATTRIBUTES Src,
ULONG PrivilegeCount,
KPROCESSOR_MODE PreviousMode,
PLUID_AND_ATTRIBUTES AllocatedMem,
ULONG AllocatedLength,
POOL_TYPE PoolType,
ULONG d,
PLUID_AND_ATTRIBUTES* Dest,
PULONG Length);
NTSTATUS STDCALL
SeAssignSecurity(PSECURITY_DESCRIPTOR ParentDescriptor,
PSECURITY_DESCRIPTOR ExplicitDescriptor,
PSECURITY_DESCRIPTOR* NewDescriptor,
BOOLEAN IsDirectoryObject,
PSECURITY_SUBJECT_CONTEXT SubjectContext,
PGENERIC_MAPPING GenericMapping,
POOL_TYPE PoolType);
VOID STDCALL
SeCaptureSubjectContext(OUT PSECURITY_SUBJECT_CONTEXT SubjectContext);
NTSTATUS STDCALL
SeCreateClientSecurity(IN struct _ETHREAD *Thread,
IN PSECURITY_QUALITY_OF_SERVICE Qos,
IN BOOLEAN RemoteClient,
OUT PSECURITY_CLIENT_CONTEXT ClientContext);
NTSTATUS STDCALL
SeDeassignSecurity(PSECURITY_DESCRIPTOR* SecurityDescriptor);
VOID STDCALL
SeImpersonateClient(IN PSECURITY_CLIENT_CONTEXT ClientContext,
IN struct _ETHREAD *ServerThread OPTIONAL);
VOID STDCALL
SeReleaseSubjectContext(IN PSECURITY_SUBJECT_CONTEXT SubjectContext);
BOOLEAN STDCALL
SeSinglePrivilegeCheck(LUID PrivilegeValue,
KPROCESSOR_MODE PreviousMode);
TOKEN_TYPE STDCALL
SeTokenType(IN PACCESS_TOKEN Token);
#endif /* ndef _INCLUDE_DDK_SEFUNCS_H */

168
reactos/include/ddk/setypes.h
View file

@ -1,4 +1,4 @@
/* $Id: setypes.h,v 1.5 2000/06/29 23:35:12 dwelch Exp $
/* $Id: setypes.h,v 1.6 2002/02/20 20:09:52 ekohl Exp $
*
* COPYRIGHT: See COPYING in the top level directory for details
* PROJECT: ReactOS kernel
@ -14,35 +14,6 @@
#include <ntos/security.h>
/* SID */
#define SECURITY_NULL_RID (0L)
#define SECURITY_WORLD_RID (0L)
#define SECURITY_LOCAL_RID (0L)
#define SECURITY_CREATOR_OWNER_RID (0L)
#define SECURITY_CREATOR_GROUP_RID (0x1L)
#define SECURITY_DIALUP_RID (0x1L)
#define SECURITY_NETWORK_RID (0x2L)
#define SECURITY_BATCH_RID (0x3L)
#define SECURITY_INTERACTIVE_RID (0x4L)
#define SECURITY_LOGON_IDS_RID (0x5L)
#define SECURITY_LOGON_IDS_RID_COUNT (0x3L)
#define SECURITY_SERVICE_RID (0x6L)
#define SECURITY_LOCAL_SYSTEM_RID (0x12L)
#define SECURITY_BUILTIN_DOMAIN_RID (0x20L)
#define DOMAIN_USER_RID_ADMIN (0x1f4L)
#define DOMAIN_USER_RID_GUEST (0x1f5L)
#define DOMAIN_GROUP_RID_ADMINS (0x200L)
#define DOMAIN_GROUP_RID_USERS (0x201L)
#define DOMAIN_ALIAS_RID_ADMINS (0x220L)
#define DOMAIN_ALIAS_RID_USERS (0x221L)
#define DOMAIN_ALIAS_RID_GUESTS (0x222L)
#define DOMAIN_ALIAS_RID_POWER_USERS (0x223L)
#define DOMAIN_ALIAS_RID_ACCOUNT_OPS (0x224L)
#define DOMAIN_ALIAS_RID_SYSTEM_OPS (0x225L)
#define DOMAIN_ALIAS_RID_PRINT_OPS (0x226L)
#define DOMAIN_ALIAS_RID_BACKUP_OPS (0x227L)
#define DOMAIN_ALIAS_RID_REPLICATOR (0x228L)
/* TOKEN_GROUPS structure */
#define SE_GROUP_MANDATORY (0x1L)
#define SE_GROUP_ENABLED_BY_DEFAULT (0x2L)
@ -84,65 +55,106 @@
#define SE_PRIVILEGE_USED_FOR_ACCESS (0x80000000L)
#define PRIVILEGE_SET_ALL_NECESSARY (0x1)
typedef struct _ACCESS_TOKEN
typedef struct _ACCESS_TOKEN
{
TOKEN_SOURCE TokenSource; // 0x00
LUID TokenId; // 0x10
LUID AuthenticationId; // 0x18
LARGE_INTEGER ExpirationTime; // 0x20
LUID ModifiedId; // 0x28
ULONG UserAndGroupCount; // 0x30
ULONG PrivilegeCount; // 0x34
ULONG VariableLength; // 0x38
ULONG DynamicCharged; // 0x3C
ULONG DynamicAvailable; // 0x40
ULONG DefaultOwnerIndex; // 0x44
PSID_AND_ATTRIBUTES UserAndGroups; // 0x48
PSID PrimaryGroup; // 0x4C
PLUID_AND_ATTRIBUTES Privileges; // 0x50
ULONG Unknown1; // 0x54
PACL DefaultDacl; // 0x58
TOKEN_TYPE TokenType; // 0x5C
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel; // 0x60
UCHAR TokenFlags; // 0x64
UCHAR TokenInUse; // 0x65
UCHAR Unused[2]; // 0x66
PVOID ProxyData; // 0x68
PVOID AuditData; // 0x6c
UCHAR VariablePart[0]; // 0x70
TOKEN_SOURCE TokenSource; // 0x00
LUID TokenId; // 0x10
LUID AuthenticationId; // 0x18
LARGE_INTEGER ExpirationTime; // 0x20
LUID ModifiedId; // 0x28
ULONG UserAndGroupCount; // 0x30
ULONG PrivilegeCount; // 0x34
ULONG VariableLength; // 0x38
ULONG DynamicCharged; // 0x3C
ULONG DynamicAvailable; // 0x40
ULONG DefaultOwnerIndex; // 0x44
PSID_AND_ATTRIBUTES UserAndGroups; // 0x48
PSID PrimaryGroup; // 0x4C
PLUID_AND_ATTRIBUTES Privileges; // 0x50
ULONG Unknown1; // 0x54
PACL DefaultDacl; // 0x58
TOKEN_TYPE TokenType; // 0x5C
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel; // 0x60
UCHAR TokenFlags; // 0x64
UCHAR TokenInUse; // 0x65
UCHAR Unused[2]; // 0x66
PVOID ProxyData; // 0x68
PVOID AuditData; // 0x6c
UCHAR VariablePart[0]; // 0x70
} ACCESS_TOKEN, *PACCESS_TOKEN;
typedef struct _SECURITY_SUBJECT_CONTEXT
{
PACCESS_TOKEN ClientToken; // 0x0
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel; // 0x4
PACCESS_TOKEN PrimaryToken; // 0x8
PVOID ProcessAuditId; // 0xC
PACCESS_TOKEN ClientToken; // 0x0
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel; // 0x4
PACCESS_TOKEN PrimaryToken; // 0x8
PVOID ProcessAuditId; // 0xC
} SECURITY_SUBJECT_CONTEXT, *PSECURITY_SUBJECT_CONTEXT;
BOOLEAN STDCALL RtlValidSid (PSID Sid);
/*
* from ntoskrnl/se/token.c:
*/
extern struct _OBJECT_TYPE* SeTokenType;
typedef struct
typedef struct _SECURITY_CLIENT_CONTEXT
{
ULONG Unknown1; // 0x0
SECURITY_IMPERSONATION_LEVEL Level; // 0x4
UCHAR ContextTrackingMode; // 0x8
UCHAR EffectiveOnly; // 0x9
UCHAR Unknown5; // 0xa
UCHAR Unknown6; // 0xb
PACCESS_TOKEN Token; // 0xc
UCHAR Unknown8; // 0x10
UCHAR Unknown9; // 0x11
UCHAR Unknown10; // 0x12
UCHAR Pad[1]; // 0x13
ULONG Unknown11; // 0x14
} SE_SOME_STRUCT2, *PSE_SOME_STRUCT2;
SECURITY_QUALITY_OF_SERVICE SecurityQos; // 0x00
PACCESS_TOKEN Token; // 0x0C
BOOLEAN DirectlyAccessClientToken; // 0x10
BOOLEAN DirectAccessEffectiveOnly; // 0x11
BOOLEAN ServerIsRemote; // 0x12
TOKEN_CONTROL ClientTokenControl; // 0x14
} SECURITY_CLIENT_CONTEXT, *PSECURITY_CLIENT_CONTEXT;
typedef struct _SE_EXPORTS
{
/* Privilege values */
LUID SeCreateTokenPrivilege;
LUID SeAssignPrimaryTokenPrivilege;
LUID SeLockMemoryPrivilege;
LUID SeIncreaseQuotaPrivilege;
LUID SeUnsolicitedInputPrivilege;
LUID SeTcbPrivilege;
LUID SeSecurityPrivilege;
LUID SeTakeOwnershipPrivilege;
LUID SeLoadDriverPrivilege;
LUID SeCreatePagefilePrivilege;
LUID SeIncreaseBasePriorityPrivilege;
LUID SeSystemProfilePrivilege;
LUID SeSystemtimePrivilege;
LUID SeProfileSingleProcessPrivilege;
LUID SeCreatePermanentPrivilege;
LUID SeBackupPrivilege;
LUID SeRestorePrivilege;
LUID SeShutdownPrivilege;
LUID SeDebugPrivilege;
LUID SeAuditPrivilege;
LUID SeSystemEnvironmentPrivilege;
LUID SeChangeNotifyPrivilege;
LUID SeRemoteShutdownPrivilege;
/* Universally defined SIDs */
PSID SeNullSid;
PSID SeWorldSid;
PSID SeLocalSid;
PSID SeCreatorOwnerSid;
PSID SeCreatorGroupSid;
/* Nt defined SIDs */
PSID SeNtAuthoritySid;
PSID SeDialupSid;
PSID SeNetworkSid;
PSID SeBatchSid;
PSID SeInteractiveSid;
PSID SeLocalSystemSid;
PSID SeAliasAdminsSid;
PSID SeAliasUsersSid;
PSID SeAliasGuestsSid;
PSID SeAliasPowerUsersSid;
PSID SeAliasAccountOpsSid;
PSID SeAliasSystemOpsSid;
PSID SeAliasPrintOpsSid;
PSID SeAliasBackupOpsSid;
} SE_EXPORTS, *PSE_EXPORTS;
#endif
/* EOF */

274
reactos/include/ntos/security.h
View file

@ -4,6 +4,81 @@
#include <ntos/ntdef.h>
#include <ntos/types.h>
/* SID Auhority */
#define SECURITY_NULL_SID_AUTHORITY {0,0,0,0,0,0}
#define SECURITY_WORLD_SID_AUTHORITY {0,0,0,0,0,1}
#define SECURITY_LOCAL_SID_AUTHORITY {0,0,0,0,0,2}
#define SECURITY_CREATOR_SID_AUTHORITY {0,0,0,0,0,3}
#define SECURITY_NON_UNIQUE_AUTHORITY {0,0,0,0,0,4}
#define SECURITY_NT_AUTHORITY {0,0,0,0,0,5}
/* SID */
#define SECURITY_NULL_RID (0L)
#define SECURITY_WORLD_RID (0L)
#define SECURITY_LOCAL_RID (0L)
#define SECURITY_CREATOR_OWNER_RID (0L)
#define SECURITY_CREATOR_GROUP_RID (0x1L)
#define SECURITY_CREATOR_OWNER_SERVER_RID (0x2L)
#define SECURITY_CREATOR_GROUP_SERVER_RID (0x3L)
#define SECURITY_DIALUP_RID (0x1L)
#define SECURITY_NETWORK_RID (0x2L)
#define SECURITY_BATCH_RID (0x3L)
#define SECURITY_INTERACTIVE_RID (0x4L)
#define SECURITY_LOGON_IDS_RID (0x5L)
#define SECURITY_LOGON_IDS_RID_COUNT (0x3L)
#define SECURITY_SERVICE_RID (0x6L)
#define SECURITY_ANONYMOUS_LOGON_RID (0x7L)
#define SECURITY_PROXY_RID (0x8L)
#define SECURITY_ENTERPRISE_CONTROLLERS_RID (0x9L)
#define SECURITY_SERVER_LOGON_RID SECURITY_ENTERPRISE_CONTROLLERS_RID
#define SECURITY_PRINCIPAL_SELF_RID (0xAL)
#define SECURITY_AUTHENTICATED_USER_RID (0xBL)
#define SECURITY_RESTRICTED_CODE_RID (0xCL)
#define SECURITY_LOCAL_SYSTEM_RID (0x12L)
#define SECURITY_NT_NON_UNIQUE_RID (0x15L)
#define SECURITY_BUILTIN_DOMAIN_RID (0x20L)
#define DOMAIN_USER_RID_ADMIN (0x1F4L)
#define DOMAIN_USER_RID_GUEST (0x1F5L)
#define DOMAIN_GROUP_RID_ADMINS (0x200L)
#define DOMAIN_GROUP_RID_USERS (0x201L)
#define DOMAIN_ALIAS_RID_ADMINS (0x220L)
#define DOMAIN_ALIAS_RID_USERS (0x221L)
#define DOMAIN_ALIAS_RID_GUESTS (0x222L)
#define DOMAIN_ALIAS_RID_POWER_USERS (0x223L)
#define DOMAIN_ALIAS_RID_ACCOUNT_OPS (0x224L)
#define DOMAIN_ALIAS_RID_SYSTEM_OPS (0x225L)
#define DOMAIN_ALIAS_RID_PRINT_OPS (0x226L)
#define DOMAIN_ALIAS_RID_BACKUP_OPS (0x227L)
#define DOMAIN_ALIAS_RID_REPLICATOR (0x228L)
/* Privileges */
#define SE_MIN_WELL_KNOWN_PRIVILEGE (2L)
#define SE_CREATE_TOKEN_PRIVILEGE (2L)
#define SE_ASSIGNPRIMARYTOKEN_PRIVILEGE (3L)
#define SE_LOCK_MEMORY_PRIVILEGE (4L)
#define SE_INCREASE_QUOTA_PRIVILEGE (5L)
#define SE_UNSOLICITED_INPUT_PRIVILEGE (6L) /* unused */
#define SE_MACHINE_ACCOUNT_PRIVILEGE (6L)
#define SE_TCB_PRIVILEGE (7L)
#define SE_SECURITY_PRIVILEGE (8L)
#define SE_TAKE_OWNERSHIP_PRIVILEGE (9L)
#define SE_LOAD_DRIVER_PRIVILEGE (10L)
#define SE_SYSTEM_PROFILE_PRIVILEGE (11L)
#define SE_SYSTEMTIME_PRIVILEGE (12L)
#define SE_PROF_SINGLE_PROCESS_PRIVILEGE (13L)
#define SE_INC_BASE_PRIORITY_PRIVILEGE (14L)
#define SE_CREATE_PAGEFILE_PRIVILEGE (15L)
#define SE_CREATE_PERMANENT_PRIVILEGE (16L)
#define SE_BACKUP_PRIVILEGE (17L)
#define SE_RESTORE_PRIVILEGE (18L)
#define SE_SHUTDOWN_PRIVILEGE (19L)
#define SE_DEBUG_PRIVILEGE (20L)
#define SE_AUDIT_PRIVILEGE (21L)
#define SE_SYSTEM_ENVIRONMENT_PRIVILEGE (22L)
#define SE_CHANGE_NOTIFY_PRIVILEGE (23L)
#define SE_REMOTE_SHUTDOWN_PRIVILEGE (24L)
#define SE_MAX_WELL_KNOWN_PRIVILEGE SE_REMOTE_SHUTDOWN_PRIVILEGE
#if 0
/* Security descriptor control. */
#define SECURITY_DESCRIPTOR_REVISION (1)
@ -52,18 +127,19 @@ typedef BOOL SECURITY_CONTEXT_TRACKING_MODE;
typedef ULONG SECURITY_INFORMATION, *PSECURITY_INFORMATION;
typedef enum _TOKEN_INFORMATION_CLASS {
TokenUser = 1,
TokenGroups,
TokenPrivileges,
TokenOwner,
TokenPrimaryGroup,
TokenDefaultDacl,
TokenSource,
TokenType,
TokenImpersonationLevel,
TokenStatistics
} TOKEN_INFORMATION_CLASS;
typedef enum _TOKEN_INFORMATION_CLASS
{
TokenUser = 1,
TokenGroups,
TokenPrivileges,
TokenOwner,
TokenPrimaryGroup,
TokenDefaultDacl,
TokenSource,
TokenType,
TokenImpersonationLevel,
TokenStatistics
} TOKEN_INFORMATION_CLASS;
typedef ULONG SECURITY_IMPERSONATION_LEVEL, *PSECURITY_IMPERSONATION_LEVEL;
@ -85,8 +161,9 @@ typedef ULONG TOKEN_TYPE, *PTOKEN_TYPE;
typedef ULONG ACCESS_MASK, *PACCESS_MASK;
typedef ULONG ACCESS_MODE, *PACCESS_MODE;
typedef struct _SECURITY_QUALITY_OF_SERVICE {
DWORD Length;
typedef struct _SECURITY_QUALITY_OF_SERVICE
{
ULONG Length;
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
SECURITY_CONTEXT_TRACKING_MODE ContextTrackingMode;
BOOLEAN EffectiveOnly;
@ -96,39 +173,38 @@ typedef SECURITY_QUALITY_OF_SERVICE* PSECURITY_QUALITY_OF_SERVICE;
typedef struct _ACE_HEADER
{
CHAR AceType;
CHAR AceFlags;
USHORT AceSize;
ACCESS_MASK AccessMask;
CHAR AceType;
CHAR AceFlags;
USHORT AceSize;
ACCESS_MASK AccessMask;
} ACE_HEADER, *PACE_HEADER;
typedef struct
{
ACE_HEADER Header;
ACE_HEADER Header;
} ACE, *PACE;
typedef struct _SID_IDENTIFIER_AUTHORITY
{
BYTE Value[6];
BYTE Value[6];
} SID_IDENTIFIER_AUTHORITY, *PSID_IDENTIFIER_AUTHORITY;
#define SECURITY_WORLD_SID_AUTHORITY {0,0,0,0,0,1}
typedef struct _SID
{
UCHAR Revision;
UCHAR SubAuthorityCount;
SID_IDENTIFIER_AUTHORITY IdentifierAuthority;
ULONG SubAuthority[1];
UCHAR Revision;
UCHAR SubAuthorityCount;
SID_IDENTIFIER_AUTHORITY IdentifierAuthority;
ULONG SubAuthority[1];
} SID, *PSID;
typedef struct _ACL {
UCHAR AclRevision;
UCHAR Sbz1;
USHORT AclSize;
USHORT AceCount;
USHORT Sbz2;
} ACL, *PACL;
typedef struct _ACL
{
UCHAR AclRevision;
UCHAR Sbz1;
USHORT AclSize;
USHORT AceCount;
USHORT Sbz2;
} ACL, *PACL;
typedef USHORT SECURITY_DESCRIPTOR_CONTROL, *PSECURITY_DESCRIPTOR_CONTROL;
@ -138,7 +214,8 @@ typedef struct _SECURITY_DESCRIPTOR_CONTEXT
typedef LARGE_INTEGER LUID, *PLUID;
typedef struct _SECURITY_DESCRIPTOR {
typedef struct _SECURITY_DESCRIPTOR
{
UCHAR Revision;
UCHAR Sbz1;
SECURITY_DESCRIPTOR_CONTROL Control;
@ -148,87 +225,108 @@ typedef struct _SECURITY_DESCRIPTOR {
PACL Dacl;
} SECURITY_DESCRIPTOR, *PSECURITY_DESCRIPTOR;
typedef struct _LUID_AND_ATTRIBUTES
{
LUID Luid;
DWORD Attributes;
typedef struct _LUID_AND_ATTRIBUTES
{
LUID Luid;
DWORD Attributes;
} LUID_AND_ATTRIBUTES, *PLUID_AND_ATTRIBUTES;
typedef struct _TOKEN_SOURCE {
CHAR SourceName[8];
LUID SourceIdentifier;
} TOKEN_SOURCE, *PTOKEN_SOURCE;
typedef struct _TOKEN_SOURCE
{
CHAR SourceName[8];
LUID SourceIdentifier;
} TOKEN_SOURCE, *PTOKEN_SOURCE;
typedef struct _SID_AND_ATTRIBUTES {
PSID Sid;
DWORD Attributes;
typedef struct _TOKEN_CONTROL
{
LUID TokenId;
LUID AuthenticationId;
LUID ModifiedId;
TOKEN_SOURCE TokenSource;
} TOKEN_CONTROL, *PTOKEN_CONTROL;
typedef struct _SID_AND_ATTRIBUTES
{
PSID Sid;
DWORD Attributes;
} SID_AND_ATTRIBUTES, *PSID_AND_ATTRIBUTES;
typedef SID_AND_ATTRIBUTES SID_AND_ATTRIBUTES_ARRAY[ANYSIZE_ARRAY];
typedef SID_AND_ATTRIBUTES_ARRAY *PSID_AND_ATTRIBUTES_ARRAY;
typedef struct _TOKEN_USER {
SID_AND_ATTRIBUTES User;
} TOKEN_USER, *PTOKEN_USER;
typedef struct _TOKEN_USER
{
SID_AND_ATTRIBUTES User;
} TOKEN_USER, *PTOKEN_USER;
typedef struct _TOKEN_PRIMARY_GROUP {
PSID PrimaryGroup;
} TOKEN_PRIMARY_GROUP, *PTOKEN_PRIMARY_GROUP;
typedef struct _TOKEN_PRIMARY_GROUP
{
PSID PrimaryGroup;
} TOKEN_PRIMARY_GROUP, *PTOKEN_PRIMARY_GROUP;
typedef struct _TOKEN_GROUPS {
DWORD GroupCount;
SID_AND_ATTRIBUTES Groups[ANYSIZE_ARRAY];
} TOKEN_GROUPS, *PTOKEN_GROUPS, *LPTOKEN_GROUPS;
typedef struct _TOKEN_GROUPS
{
DWORD GroupCount;
SID_AND_ATTRIBUTES Groups[ANYSIZE_ARRAY];
} TOKEN_GROUPS, *PTOKEN_GROUPS, *LPTOKEN_GROUPS;
typedef struct _TOKEN_PRIVILEGES {
DWORD PrivilegeCount;
LUID_AND_ATTRIBUTES Privileges[ANYSIZE_ARRAY];
} TOKEN_PRIVILEGES, *PTOKEN_PRIVILEGES, *LPTOKEN_PRIVILEGES;
typedef struct _TOKEN_PRIVILEGES
{
DWORD PrivilegeCount;
LUID_AND_ATTRIBUTES Privileges[ANYSIZE_ARRAY];
} TOKEN_PRIVILEGES, *PTOKEN_PRIVILEGES, *LPTOKEN_PRIVILEGES;
typedef struct _TOKEN_OWNER {
PSID Owner;
} TOKEN_OWNER, *PTOKEN_OWNER;
typedef struct _TOKEN_OWNER
{
PSID Owner;
} TOKEN_OWNER, *PTOKEN_OWNER;
typedef struct _TOKEN_DEFAULT_DACL {
PACL DefaultDacl;
typedef struct _TOKEN_DEFAULT_DACL
{
PACL DefaultDacl;
} TOKEN_DEFAULT_DACL, *PTOKEN_DEFAULT_DACL;
typedef struct _TOKEN_STATISTICS {
LUID TokenId;
LUID AuthenticationId;
LARGE_INTEGER ExpirationTime;
TOKEN_TYPE TokenType;
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
DWORD DynamicCharged;
DWORD DynamicAvailable;
DWORD GroupCount;
DWORD PrivilegeCount;
LUID ModifiedId;
} TOKEN_STATISTICS, *PTOKEN_STATISTICS;
typedef struct _TOKEN_STATISTICS
{
LUID TokenId;
LUID AuthenticationId;
LARGE_INTEGER ExpirationTime;
TOKEN_TYPE TokenType;
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
DWORD DynamicCharged;
DWORD DynamicAvailable;
DWORD GroupCount;
DWORD PrivilegeCount;
LUID ModifiedId;
} TOKEN_STATISTICS, *PTOKEN_STATISTICS;
typedef struct _GENERIC_MAPPING {
typedef struct _GENERIC_MAPPING
{
ACCESS_MASK GenericRead;
ACCESS_MASK GenericWrite;
ACCESS_MASK GenericExecute;
ACCESS_MASK GenericAll;
} GENERIC_MAPPING, *PGENERIC_MAPPING;
typedef struct _PRIVILEGE_SET {
typedef struct _PRIVILEGE_SET
{
DWORD PrivilegeCount;
DWORD Control;
LUID_AND_ATTRIBUTES Privilege[ANYSIZE_ARRAY];
} PRIVILEGE_SET, *PPRIVILEGE_SET, *LPPRIVILEGE_SET;
typedef enum _ACL_INFORMATION_CLASS {
AclRevisionInformation = 1,
AclSizeInformation
} ACL_INFORMATION_CLASS;
typedef enum _ACL_INFORMATION_CLASS
{
AclRevisionInformation = 1,
AclSizeInformation
} ACL_INFORMATION_CLASS;
typedef struct _SECURITY_ATTRIBUTES {
DWORD nLength;
LPVOID lpSecurityDescriptor;
BOOL bInheritHandle;
} SECURITY_ATTRIBUTES, *LPSECURITY_ATTRIBUTES;
typedef struct _SECURITY_ATTRIBUTES
{
DWORD nLength;
LPVOID lpSecurityDescriptor;
BOOL bInheritHandle;
} SECURITY_ATTRIBUTES, *LPSECURITY_ATTRIBUTES;
#endif /* __INCLUDE_SECURITY_H */

122
reactos/ntoskrnl/include/internal/se.h Normal file
View file

@ -0,0 +1,122 @@
/*
* ReactOS kernel
* Copyright (C) 2002 ReactOS Team
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*/
#ifndef __NTOSKRNL_INCLUDE_INTERNAL_SE_H
#define __NTOSKRNL_INCLUDE_INTERNAL_SE_H
extern POBJECT_TYPE SepTokenObjectType;
/* SID Authorities */
extern SID_IDENTIFIER_AUTHORITY SeNullSidAuthority;
extern SID_IDENTIFIER_AUTHORITY SeWorldSidAuthority;
extern SID_IDENTIFIER_AUTHORITY SeLocalSidAuthority;
extern SID_IDENTIFIER_AUTHORITY SeCreatorSidAuthority;
extern SID_IDENTIFIER_AUTHORITY SeNtSidAuthority;
/* SIDs */
extern PSID SeNullSid;
extern PSID SeWorldSid;
extern PSID SeLocalSid;
extern PSID SeCreatorOwnerSid;
extern PSID SeCreatorGroupSid;
extern PSID SeCreatorOwnerServerSid;
extern PSID SeCreatorGroupServerSid;
extern PSID SeNtAuthoritySid;
extern PSID SeDialupSid;
extern PSID SeNetworkSid;
extern PSID SeBatchSid;
extern PSID SeInteractiveSid;
extern PSID SeServiceSid;
extern PSID SeAnonymousLogonSid;
extern PSID SePrincipalSelfSid;
extern PSID SeLocalSystemSid;
extern PSID SeAuthenticatedUserSid;
extern PSID SeRestrictedCodeSid;
extern PSID SeAliasAdminsSid;
extern PSID SeAliasUsersSid;
extern PSID SeAliasGuestsSid;
extern PSID SeAliasPowerUsersSid;
extern PSID SeAliasAccountOpsSid;
extern PSID SeAliasSystemOpsSid;
extern PSID SeAliasPrintOpsSid;
extern PSID SeAliasBackupOpsSid;
/* Privileges */
extern LUID SeCreateTokenPrivilege;
extern LUID SeAssignPrimaryTokenPrivilege;
extern LUID SeLockMemoryPrivilege;
extern LUID SeIncreaseQuotaPrivilege;
extern LUID SeUnsolicitedInputPrivilege;
extern LUID SeTcbPrivilege;
extern LUID SeSecurityPrivilege;
extern LUID SeTakeOwnershipPrivilege;
extern LUID SeLoadDriverPrivilege;
extern LUID SeCreatePagefilePrivilege;
extern LUID SeIncreaseBasePriorityPrivilege;
extern LUID SeSystemProfilePrivilege;
extern LUID SeSystemtimePrivilege;
extern LUID SeProfileSingleProcessPrivilege;
extern LUID SeCreatePermanentPrivilege;
extern LUID SeBackupPrivilege;
extern LUID SeRestorePrivilege;
extern LUID SeShutdownPrivilege;
extern LUID SeDebugPrivilege;
extern LUID SeAuditPrivilege;
extern LUID SeSystemEnvironmentPrivilege;
extern LUID SeChangeNotifyPrivilege;
extern LUID SeRemoteShutdownPrivilege;
/* DACLs */
extern PACL SePublicDefaultUnrestrictedDacl;
extern PACL SePublicOpenDacl;
extern PACL SePublicOpenUnrestrictedDacl;
extern PACL SeUnrestrictedDacl;
/* Functions */
BOOLEAN SeInit1(VOID);
BOOLEAN SeInit2(VOID);
VOID SepInitLuid(VOID);
VOID SepInitPrivileges(VOID);
BOOLEAN SepInitSecurityIDs(VOID);
BOOLEAN SepInitDACLs(VOID);
BOOLEAN SepInitSDs(VOID);
NTSTATUS SeExchangePrimaryToken(struct _EPROCESS* Process,
PACCESS_TOKEN NewToken,
PACCESS_TOKEN* OldTokenP);
NTSTATUS SeCaptureLuidAndAttributesArray(PLUID_AND_ATTRIBUTES Src,
ULONG PrivilegeCount,
KPROCESSOR_MODE PreviousMode,
PLUID_AND_ATTRIBUTES AllocatedMem,
ULONG AllocatedLength,
POOL_TYPE PoolType,
ULONG d,
PLUID_AND_ATTRIBUTES* Dest,
PULONG Length);
#endif /* __NTOSKRNL_INCLUDE_INTERNAL_SE_H */
/* EOF */

11
reactos/ntoskrnl/ke/main.c
View file

@ -16,7 +16,7 @@
* along with this program; if not, write to the Free Software
* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*/
/* $Id: main.c,v 1.113 2002/02/08 02:57:06 chorns Exp $
/* $Id: main.c,v 1.114 2002/02/20 20:14:22 ekohl Exp $
*
* PROJECT: ReactOS kernel
* FILE: ntoskrnl/ke/main.c
@ -40,13 +40,14 @@
#include <internal/io.h>
#include <internal/po.h>
#include <internal/cc.h>
//#include <internal/se.h>
#include <internal/se.h>
#include <napi/shared_data.h>
#include <internal/v86m.h>
#include <internal/kd.h>
#include <internal/trap.h>
#include "../dbg/kdb.h"
#include <internal/registry.h>
#include <reactos/bugcodes.h>
#ifdef HALDBG
#include <internal/ntosdbg.h>
@ -959,6 +960,9 @@ ExpInitializeExecutive(VOID)
KeLowerIrql(PASSIVE_LEVEL);
if (!SeInit1())
KeBugCheck(SECURITY_INITIALIZATION_FAILED);
ObInit();
PiInitProcessManager();
@ -1170,6 +1174,9 @@ ExpInitializeExecutive(VOID)
*/
InitSystemSharedUserPage ((PUCHAR)KeLoaderBlock.CommandLine);
if (!SeInit2())
KeBugCheck(SECURITY1_INITIALIZATION_FAILED);
/*
* Launch initial process
*/

12
reactos/ntoskrnl/ntoskrnl.def
View file

@ -1,4 +1,4 @@
; $Id: ntoskrnl.def,v 1.127 2002/02/19 00:09:21 ekohl Exp $
; $Id: ntoskrnl.def,v 1.128 2002/02/20 20:16:49 ekohl Exp $
;
; reactos/ntoskrnl/ntoskrnl.def
;
@ -344,7 +344,7 @@ KeGetPreviousMode@0
;KeI386Call16BitFunction
;KeI386FlatToGdtSelector
;KeI386GetLid
;KeI386MachineType
;KeI386MachineType DATA
;KeI386ReleaseGdtSelectors
;KeI386ReleaseLid
;KeI386SetGdtSelector
@ -829,7 +829,7 @@ SeCreateClientSecurity@16
SeDeassignSecurity@4
;SeDeleteAccessState@4
;SeDeleteObjectAuditAlarm@8
;SeExports DATA ???
SeExports DATA
;SeFreePrivileges@4
SeImpersonateClient@8
;SeLockSubjectContext@4
@ -838,7 +838,7 @@ SeImpersonateClient@8
;SeOpenObjectForDeleteAuditAlarm@36
SePrivilegeCheck@12
;SePrivilegeObjectAuditAlarm@24
;SePublicDefaultDacl DATA
SePublicDefaultDacl DATA
;SeQueryAuthenticationIdToken@8
;SeQuerySecurityDescriptorInfo@16
;SeRegisterLogonSessionTerminatedRoutine@4
@ -847,9 +847,9 @@ SeReleaseSubjectContext@4
;SeSetAccessStateGenericMapping@8
;SeSetSecurityDescriptorInfo@24
;SeSinglePrivilegeCheck@12
;SeSystemDefaultDacl DATA
SeSystemDefaultDacl DATA
;SeTokenImpersonationLevel@4
SeTokenType DATA
SeTokenType@4
;SeUnlockSubjectContext@4
;SeUnregisterLogonSessionTerminatedRoutine@4
;SeValidSecurityDescriptor@8

12
reactos/ntoskrnl/ntoskrnl.edf
View file

@ -1,4 +1,4 @@
; $Id: ntoskrnl.edf,v 1.113 2002/02/19 00:09:21 ekohl Exp $
; $Id: ntoskrnl.edf,v 1.114 2002/02/20 20:16:49 ekohl Exp $
;
; reactos/ntoskrnl/ntoskrnl.def
;
@ -344,7 +344,7 @@ KeGetPreviousMode=KeGetPreviousMode@0
;KeI386Call16BitFunction
;KeI386FlatToGdtSelector
;KeI386GetLid
;KeI386MachineType
;KeI386MachineType DATA
;KeI386ReleaseGdtSelectors
;KeI386ReleaseLid
;KeI386SetGdtSelector
@ -828,7 +828,7 @@ SeCreateClientSecurity=SeCreateClientSecurity@16
SeDeassignSecurity=SeDeassignSecurity@4
;SeDeleteAccessState=SeDeleteAccessState@4
;SeDeleteObjectAuditAlarm=SeDeleteObjectAuditAlarm@8
;SeExports DATA
SeExports DATA
;SeFreePrivileges=SeFreePrivileges@4
SeImpersonateClient=SeImpersonateClient@8
;SeLockSubjectContext=SeLockSubjectContext@4
@ -837,7 +837,7 @@ SeImpersonateClient=SeImpersonateClient@8
;SeOpenObjectForDeleteAuditAlarm=SeOpenObjectForDeleteAuditAlarm@36
SePrivilegeCheck=SePrivilegeCheck@12
;SePrivilegeObjectAuditAlarm=SePrivilegeObjectAuditAlarm@24
;SePublicDefaultDacl DATA
SePublicDefaultDacl DATA
;SeQueryAuthenticationIdToken=SeQueryAuthenticationIdToken@8
;SeQuerySecurityDescriptorInfo=SeQuerySecurityDescriptorInfo@16
;SeRegisterLogonSessionTerminatedRoutine=SeRegisterLogonSessionTerminatedRoutine@4
@ -846,9 +846,9 @@ SeReleaseSubjectContext=SeReleaseSubjectContext@4
;SeSetAccessStateGenericMapping=SeSetAccessStateGenericMapping@8
;SeSetSecurityDescriptorInfo=SeSetSecurityDescriptorInfo@24
;SeSinglePrivilegeCheck=SeSinglePrivilegeCheck@12
;SeSystemDefaultDacl DATA
SeSystemDefaultDacl DATA
;SeTokenImpersonationLevel=SeTokenImpersonationLevel@4
SeTokenType DATA
SeTokenType=SeTokenType@4
;SeUnlockSubjectContext=SeUnlockSubjectContext@4
;SeUnregisterLogonSessionTerminatedRoutine=SeUnregisterLogonSessionTerminatedRoutine@4
;SeValidSecurityDescriptor=SeValidSecurityDescriptor@8

31
reactos/ntoskrnl/ps/create.c
View file

@ -1,4 +1,4 @@
/* $Id: create.c,v 1.44 2002/02/15 14:47:55 ekohl Exp $
/* $Id: create.c,v 1.45 2002/02/20 20:15:07 ekohl Exp $
*
* COPYRIGHT: See COPYING in the top level directory
* PROJECT: ReactOS kernel
@ -24,7 +24,7 @@
#include <internal/ke.h>
#include <internal/ob.h>
#include <internal/ps.h>
#include <internal/ob.h>
#include <internal/se.h>
#include <internal/id.h>
#include <internal/dbg.h>
@ -60,7 +60,7 @@ PsAssignImpersonationToken(PETHREAD Thread,
{
Status = ObReferenceObjectByHandle(TokenHandle,
0,
SeTokenType,
SepTokenObjectType,
UserMode,
(PVOID*)&Token,
NULL);
@ -133,7 +133,7 @@ PsImpersonateClient(PETHREAD Thread,
Thread->ImpersonationInfo->Token = Token;
ObReferenceObjectByPointer(Token,
0,
SeTokenType,
SepTokenObjectType,
KernelMode);
Thread->ActiveImpersonationInfo = 1;
}
@ -164,16 +164,15 @@ PsReferenceEffectiveToken(PETHREAD Thread,
return(Token);
}
NTSTATUS STDCALL
NtImpersonateThread (IN HANDLE ThreadHandle,
IN HANDLE ThreadToImpersonateHandle,
IN PSECURITY_QUALITY_OF_SERVICE
SecurityQualityOfService)
NTSTATUS STDCALL
NtImpersonateThread(IN HANDLE ThreadHandle,
IN HANDLE ThreadToImpersonateHandle,
IN PSECURITY_QUALITY_OF_SERVICE SecurityQualityOfService)
{
PETHREAD Thread;
PETHREAD ThreadToImpersonate;
NTSTATUS Status;
SE_SOME_STRUCT2 b;
SECURITY_CLIENT_CONTEXT ClientContext;
Status = ObReferenceObjectByHandle(ThreadHandle,
0,
@ -201,7 +200,7 @@ NtImpersonateThread (IN HANDLE ThreadHandle,
Status = SeCreateClientSecurity(ThreadToImpersonate,
SecurityQualityOfService,
0,
&b);
&ClientContext);
if (!NT_SUCCESS(Status))
{
ObDereferenceObject(Thread);
@ -209,15 +208,15 @@ NtImpersonateThread (IN HANDLE ThreadHandle,
return(Status);
}
SeImpersonateClient(&b, Thread);
if (b.Token != NULL)
SeImpersonateClient(&ClientContext, Thread);
if (ClientContext.Token != NULL)
{
ObDereferenceObject(b.Token);
ObDereferenceObject(ClientContext.Token);
}
return(STATUS_SUCCESS);
}
NTSTATUS STDCALL
NTSTATUS STDCALL
NtOpenThreadToken(IN HANDLE ThreadHandle,
IN ACCESS_MASK DesiredAccess,
IN BOOLEAN OpenAsSelf,
@ -261,7 +260,7 @@ PsReferenceImpersonationToken(PETHREAD Thread,
*Unknown2 = Thread->ImpersonationInfo->Unknown2;
ObReferenceObjectByPointer(Thread->ImpersonationInfo->Token,
TOKEN_ALL_ACCESS,
SeTokenType,
SepTokenObjectType,
KernelMode);
return(Thread->ImpersonationInfo->Token);
}

7
reactos/ntoskrnl/ps/process.c
View file

@ -1,4 +1,4 @@
/* $Id: process.c,v 1.77 2002/02/08 02:57:07 chorns Exp $
/* $Id: process.c,v 1.78 2002/02/20 20:15:07 ekohl Exp $
*
* COPYRIGHT: See COPYING in the top level directory
* PROJECT: ReactOS kernel
@ -17,6 +17,7 @@
#include <internal/mm.h>
#include <internal/ke.h>
#include <internal/ps.h>
#include <internal/se.h>
#include <internal/id.h>
#include <napi/teb.h>
#include <internal/ldr.h>
@ -132,7 +133,7 @@ PsReferencePrimaryToken(PEPROCESS Process)
{
ObReferenceObjectByPointer(Process->Token,
TOKEN_ALL_ACCESS,
SeTokenType,
SepTokenObjectType,
UserMode);
return(Process->Token);
}
@ -863,7 +864,7 @@ PspAssignPrimaryToken(PEPROCESS Process,
Status = ObReferenceObjectByHandle(TokenHandle,
0,
SeTokenType,
SepTokenObjectType,
UserMode,
(PVOID*)&Token,
NULL);

131
reactos/ntoskrnl/se/acl.c
View file

@ -1,4 +1,4 @@
/* $Id: acl.c,v 1.4 2000/04/05 15:52:23 ekohl Exp $
/* $Id: acl.c,v 1.5 2002/02/20 20:15:38 ekohl Exp $
*
* COPYRIGHT: See COPYING in the top level directory
* PROJECT: ReactOS kernel
@ -12,10 +12,123 @@
/* INCLUDES *****************************************************************/
#include <ddk/ntddk.h>
#include <internal/se.h>
#include <internal/debug.h>
/* FUNCTIONS ***************************************************************/
#define TAG_ACL TAG('A', 'C', 'L', 'T')
/* GLOBALS ******************************************************************/
PACL EXPORTED SePublicDefaultDacl = NULL;
PACL EXPORTED SeSystemDefaultDacl = NULL;
PACL SePublicDefaultUnrestrictedDacl = NULL;
PACL SePublicOpenDacl = NULL;
PACL SePublicOpenUnrestrictedDacl = NULL;
PACL SeUnrestrictedDacl = NULL;
/* FUNCTIONS ****************************************************************/
BOOLEAN
SepInitDACLs(VOID)
{
ULONG AclLength2;
ULONG AclLength3;
ULONG AclLength4;
AclLength2 = sizeof(ACL) +
2 * (RtlLengthRequiredSid(1) + sizeof(ACE_HEADER));
AclLength3 = sizeof(ACL) +
3 * (RtlLengthRequiredSid(1) + sizeof(ACE_HEADER));
AclLength4 = sizeof(ACL) +
4 * (RtlLengthRequiredSid(1) + sizeof(ACE_HEADER));
/* create PublicDefaultDacl */
SePublicDefaultDacl = ExAllocatePoolWithTag(NonPagedPool,
AclLength2,
TAG_ACL);
if (SePublicDefaultDacl == NULL)
return(FALSE);
RtlCreateAcl(SePublicDefaultDacl,
AclLength2,
2);
RtlAddAccessAllowedAce(SePublicDefaultDacl,
2,
GENERIC_EXECUTE,
SeWorldSid);
RtlAddAccessAllowedAce(SePublicDefaultDacl,
2,
GENERIC_ALL,
SeLocalSystemSid);
/* create PublicDefaultUnrestrictedDacl */
SePublicDefaultUnrestrictedDacl = ExAllocatePoolWithTag(NonPagedPool,
AclLength4,
TAG_ACL);
if (SePublicDefaultUnrestrictedDacl == NULL)
return(FALSE);
RtlCreateAcl(SePublicDefaultUnrestrictedDacl,
AclLength4,
2);
RtlAddAccessAllowedAce(SePublicDefaultUnrestrictedDacl,
4,
GENERIC_EXECUTE,
SeWorldSid);
RtlAddAccessAllowedAce(SePublicDefaultUnrestrictedDacl,
4,
GENERIC_ALL,
SeLocalSystemSid);
RtlAddAccessAllowedAce(SePublicDefaultUnrestrictedDacl,
4,
GENERIC_ALL,
SeAliasAdminsSid);
RtlAddAccessAllowedAce(SePublicDefaultUnrestrictedDacl,
4,
GENERIC_READ | GENERIC_EXECUTE | STANDARD_RIGHTS_READ,
SeRestrictedCodeSid);
/* create PublicOpenDacl */
SePublicOpenDacl = ExAllocatePoolWithTag(NonPagedPool,
AclLength3,
TAG_ACL);
if (SePublicOpenDacl == NULL)
return(FALSE);
RtlCreateAcl(SePublicOpenDacl,
AclLength3,
3);
RtlAddAccessAllowedAce(SePublicOpenDacl,
2,
GENERIC_READ | GENERIC_WRITE | GENERIC_EXECUTE,
SeWorldSid);
RtlAddAccessAllowedAce(SePublicOpenDacl,
2,
GENERIC_ALL,
SeLocalSystemSid);
RtlAddAccessAllowedAce(SePublicOpenDacl,
2,
GENERIC_ALL,
SeAliasAdminsSid);
return(TRUE);
}
BOOLEAN
STDCALL
@ -102,8 +215,7 @@ NTSTATUS RtlpAddKnownAce(PACL Acl,
return(STATUS_SUCCESS);
}
NTSTATUS
STDCALL
NTSTATUS STDCALL
RtlAddAccessAllowedAce(PACL Acl,
ULONG Revision,
ACCESS_MASK AccessMask,
@ -112,8 +224,7 @@ RtlAddAccessAllowedAce(PACL Acl,
return(RtlpAddKnownAce(Acl, Revision, AccessMask, Sid, 0));
}
NTSTATUS
STDCALL
NTSTATUS STDCALL
RtlAddAce(PACL Acl,
ULONG AclRevision,
ULONG StartingIndex,
@ -179,9 +290,11 @@ RtlAddAce(PACL Acl,
return(TRUE);
}
NTSTATUS
STDCALL
RtlCreateAcl(PACL Acl, ULONG AclSize, ULONG AclRevision)
NTSTATUS STDCALL
RtlCreateAcl(PACL Acl,
ULONG AclSize,
ULONG AclRevision)
{
if (AclSize < 8)
{

64
reactos/ntoskrnl/se/luid.c
View file

@ -1,4 +1,4 @@
/* $Id: luid.c,v 1.3 1999/12/29 01:36:06 ekohl Exp $
/* $Id: luid.c,v 1.4 2002/02/20 20:15:38 ekohl Exp $
*
* COPYRIGHT: See COPYING in the top level directory
* PROJECT: ReactOS kernel
@ -23,37 +23,47 @@ static LUID Luid;
/* FUNCTIONS *****************************************************************/
NTSTATUS STDCALL NtAllocateLocallyUniqueId(OUT LUID* LocallyUniqueId)
{
KIRQL oldIrql;
LUID ReturnedLuid;
KeAcquireSpinLock(&LuidLock, &oldIrql);
ReturnedLuid = Luid;
Luid = RtlLargeIntegerAdd(Luid, LuidIncrement);
KeReleaseSpinLock(&LuidLock, oldIrql);
*LocallyUniqueId = ReturnedLuid;
return(STATUS_SUCCESS);
}
VOID
STDCALL
RtlCopyLuid (
PLUID LuidDest,
PLUID LuidSrc
)
SepInitLuid(VOID)
{
LuidDest->QuadPart = LuidSrc->QuadPart;
KeInitializeSpinLock(&LuidLock);
Luid.QuadPart = 999; /* SYSTEM_LUID */
LuidIncrement.QuadPart = 1;
}
BOOLEAN
STDCALL
RtlEqualLuid (
PLUID Luid1,
PLUID Luid2
)
NTSTATUS STDCALL
NtAllocateLocallyUniqueId(OUT LUID* LocallyUniqueId)
{
return ((Luid1->QuadPart == Luid2->QuadPart) ? TRUE : FALSE);
KIRQL oldIrql;
LUID ReturnedLuid;
KeAcquireSpinLock(&LuidLock,
&oldIrql);
ReturnedLuid = Luid;
Luid = RtlLargeIntegerAdd(Luid,
LuidIncrement);
KeReleaseSpinLock(&LuidLock,
oldIrql);
*LocallyUniqueId = ReturnedLuid;
return(STATUS_SUCCESS);
}
VOID STDCALL
RtlCopyLuid(IN PLUID LuidDest,
IN PLUID LuidSrc)
{
LuidDest->QuadPart = LuidSrc->QuadPart;
}
BOOLEAN STDCALL
RtlEqualLuid(IN PLUID Luid1,
IN PLUID Luid2)
{
return((Luid1->QuadPart == Luid2->QuadPart) ? TRUE : FALSE);
}
/* EOF */

92
reactos/ntoskrnl/se/priv.c
View file

@ -1,4 +1,4 @@
/* $Id: priv.c,v 1.1 2000/01/26 10:07:30 dwelch Exp $
/* $Id: priv.c,v 1.2 2002/02/20 20:15:38 ekohl Exp $
*
* COPYRIGHT: See COPYING in the top level directory
* PROJECT: ReactOS kernel
@ -12,11 +12,69 @@
/* INCLUDES *****************************************************************/
#include <ddk/ntddk.h>
#include <internal/se.h>
#include <internal/debug.h>
/* GLOBALS *******************************************************************/
LUID SeCreateTokenPrivilege;
LUID SeAssignPrimaryTokenPrivilege;
LUID SeLockMemoryPrivilege;
LUID SeIncreaseQuotaPrivilege;
LUID SeUnsolicitedInputPrivilege;
LUID SeTcbPrivilege;
LUID SeSecurityPrivilege;
LUID SeTakeOwnershipPrivilege;
LUID SeLoadDriverPrivilege;
LUID SeCreatePagefilePrivilege;
LUID SeIncreaseBasePriorityPrivilege;
LUID SeSystemProfilePrivilege;
LUID SeSystemtimePrivilege;
LUID SeProfileSingleProcessPrivilege;
LUID SeCreatePermanentPrivilege;
LUID SeBackupPrivilege;
LUID SeRestorePrivilege;
LUID SeShutdownPrivilege;
LUID SeDebugPrivilege;
LUID SeAuditPrivilege;
LUID SeSystemEnvironmentPrivilege;
LUID SeChangeNotifyPrivilege;
LUID SeRemoteShutdownPrivilege;
/* FUNCTIONS ***************************************************************/
VOID
SepInitPrivileges(VOID)
{
SeCreateTokenPrivilege.QuadPart = SE_CREATE_TOKEN_PRIVILEGE;
SeAssignPrimaryTokenPrivilege.QuadPart = SE_ASSIGNPRIMARYTOKEN_PRIVILEGE;
SeLockMemoryPrivilege.QuadPart = SE_LOCK_MEMORY_PRIVILEGE;
SeIncreaseQuotaPrivilege.QuadPart = SE_INCREASE_QUOTA_PRIVILEGE;
SeUnsolicitedInputPrivilege.QuadPart = SE_UNSOLICITED_INPUT_PRIVILEGE;
SeTcbPrivilege.QuadPart = SE_TCB_PRIVILEGE;
SeSecurityPrivilege.QuadPart = SE_SECURITY_PRIVILEGE;
SeTakeOwnershipPrivilege.QuadPart = SE_TAKE_OWNERSHIP_PRIVILEGE;
SeLoadDriverPrivilege.QuadPart = SE_LOAD_DRIVER_PRIVILEGE;
SeSystemProfilePrivilege.QuadPart = SE_SYSTEM_PROFILE_PRIVILEGE;
SeSystemtimePrivilege.QuadPart = SE_SYSTEMTIME_PRIVILEGE;
SeProfileSingleProcessPrivilege.QuadPart = SE_PROF_SINGLE_PROCESS_PRIVILEGE;
SeIncreaseBasePriorityPrivilege.QuadPart = SE_INC_BASE_PRIORITY_PRIVILEGE;
SeCreatePagefilePrivilege.QuadPart = SE_CREATE_PAGEFILE_PRIVILEGE;
SeCreatePermanentPrivilege.QuadPart = SE_CREATE_PERMANENT_PRIVILEGE;
SeBackupPrivilege.QuadPart = SE_BACKUP_PRIVILEGE;
SeRestorePrivilege.QuadPart = SE_RESTORE_PRIVILEGE;
SeShutdownPrivilege.QuadPart = SE_SHUTDOWN_PRIVILEGE;
SeDebugPrivilege.QuadPart = SE_DEBUG_PRIVILEGE;
SeAuditPrivilege.QuadPart = SE_AUDIT_PRIVILEGE;
SeSystemEnvironmentPrivilege.QuadPart = SE_SYSTEM_ENVIRONMENT_PRIVILEGE;
SeChangeNotifyPrivilege.QuadPart = SE_CHANGE_NOTIFY_PRIVILEGE;
SeRemoteShutdownPrivilege.QuadPart = SE_REMOTE_SHUTDOWN_PRIVILEGE;
}
BOOLEAN SepPrivilegeCheck(PACCESS_TOKEN Token,
PLUID_AND_ATTRIBUTES Privileges,
ULONG PrivilegeCount,
@ -122,17 +180,19 @@ NTSTATUS SeCaptureLuidAndAttributesArray(PLUID_AND_ATTRIBUTES Src,
memmove(*Dest, Src, SrcLength);
return(STATUS_SUCCESS);
}
VOID SeReleaseLuidAndAttributesArray(PLUID_AND_ATTRIBUTES Privilege,
KPROCESSOR_MODE PreviousMode,
ULONG a)
VOID
SeReleaseLuidAndAttributesArray(PLUID_AND_ATTRIBUTES Privilege,
KPROCESSOR_MODE PreviousMode,
ULONG a)
{
ExFreePool(Privilege);
}
NTSTATUS STDCALL NtPrivilegeCheck (IN HANDLE ClientToken,
IN PPRIVILEGE_SET RequiredPrivileges,
IN PBOOLEAN Result)
NTSTATUS STDCALL
NtPrivilegeCheck(IN HANDLE ClientToken,
IN PPRIVILEGE_SET RequiredPrivileges,
IN PBOOLEAN Result)
{
NTSTATUS Status;
PACCESS_TOKEN Token;
@ -144,7 +204,7 @@ NTSTATUS STDCALL NtPrivilegeCheck (IN HANDLE ClientToken,
Status = ObReferenceObjectByHandle(ClientToken,
0,
SeTokenType,
SepTokenObjectType,
UserMode,
(PVOID*)&Token,
NULL);
@ -186,9 +246,10 @@ NTSTATUS STDCALL NtPrivilegeCheck (IN HANDLE ClientToken,
return(STATUS_SUCCESS);
}
BOOLEAN STDCALL SePrivilegeCheck(PPRIVILEGE_SET Privileges,
PSECURITY_SUBJECT_CONTEXT SubjectContext,
KPROCESSOR_MODE PreviousMode)
BOOLEAN STDCALL
SePrivilegeCheck(PPRIVILEGE_SET Privileges,
PSECURITY_SUBJECT_CONTEXT SubjectContext,
KPROCESSOR_MODE PreviousMode)
{
PACCESS_TOKEN Token = NULL;
@ -209,11 +270,12 @@ BOOLEAN STDCALL SePrivilegeCheck(PPRIVILEGE_SET Privileges,
Privileges->Privilege,
Privileges->PrivilegeCount,
Privileges->Control,
PreviousMode));
PreviousMode));
}
BOOLEAN STDCALL SeSinglePrivilegeCheck(LUID PrivilegeValue,
KPROCESSOR_MODE PreviousMode)
BOOLEAN STDCALL
SeSinglePrivilegeCheck(LUID PrivilegeValue,
KPROCESSOR_MODE PreviousMode)
{
SECURITY_SUBJECT_CONTEXT SubjectContext;
BOOLEAN r;

11
reactos/ntoskrnl/se/sd.c
View file

@ -1,4 +1,4 @@
/* $Id: sd.c,v 1.5 2001/12/05 01:40:25 dwelch Exp $
/* $Id: sd.c,v 1.6 2002/02/20 20:15:38 ekohl Exp $
*
* COPYRIGHT: See COPYING in the top level directory
* PROJECT: ReactOS kernel
@ -12,11 +12,20 @@
/* INCLUDES *****************************************************************/
#include <ddk/ntddk.h>
#include <internal/se.h>
#include <internal/debug.h>
/* FUNCTIONS ***************************************************************/
BOOLEAN
SepInitSDs(VOID)
{
return(TRUE);
}
NTSTATUS STDCALL
RtlCreateSecurityDescriptor(PSECURITY_DESCRIPTOR SecurityDescriptor,
ULONG Revision)

315
reactos/ntoskrnl/se/semgr.c
View file

@ -1,4 +1,4 @@
/* $Id: semgr.c,v 1.17 2000/09/03 14:53:13 ekohl Exp $
/* $Id: semgr.c,v 1.18 2002/02/20 20:15:38 ekohl Exp $
*
* COPYRIGHT: See COPYING in the top level directory
* PROJECT: ReactOS kernel
@ -13,10 +13,111 @@
#include <ddk/ntddk.h>
#include <internal/ps.h>
#include <internal/se.h>
#include <internal/debug.h>
/* FUNCTIONS ***************************************************************/
#define TAG_SXPT TAG('S', 'X', 'P', 'T')
/* GLOBALS ******************************************************************/
PSE_EXPORTS EXPORTED SeExports = NULL;
/* PROTOTYPES ***************************************************************/
static BOOLEAN SepInitExports(VOID);
/* FUNCTIONS ****************************************************************/
BOOLEAN
SeInit1(VOID)
{
SepInitLuid();
if (!SepInitSecurityIDs())
return(FALSE);
if (!SepInitDACLs())
return(FALSE);
if (!SepInitSDs())
return(FALSE);
SepInitPrivileges();
if (!SepInitExports())
return(FALSE);
return(TRUE);
}
BOOLEAN
SeInit2(VOID)
{
return TRUE;
}
static BOOLEAN
SepInitExports(VOID)
{
SeExports = ExAllocatePoolWithTag(NonPagedPool,
sizeof(SE_EXPORTS),
TAG_SXPT);
if (SeExports == NULL)
return(FALSE);
SeExports->SeCreateTokenPrivilege = SeCreateTokenPrivilege;
SeExports->SeAssignPrimaryTokenPrivilege = SeAssignPrimaryTokenPrivilege;
SeExports->SeLockMemoryPrivilege = SeLockMemoryPrivilege;
SeExports->SeIncreaseQuotaPrivilege = SeIncreaseQuotaPrivilege;
SeExports->SeUnsolicitedInputPrivilege = SeUnsolicitedInputPrivilege;
SeExports->SeTcbPrivilege = SeTcbPrivilege;
SeExports->SeSecurityPrivilege = SeSecurityPrivilege;
SeExports->SeTakeOwnershipPrivilege = SeTakeOwnershipPrivilege;
SeExports->SeLoadDriverPrivilege = SeLoadDriverPrivilege;
SeExports->SeCreatePagefilePrivilege = SeCreatePagefilePrivilege;
SeExports->SeIncreaseBasePriorityPrivilege = SeIncreaseBasePriorityPrivilege;
SeExports->SeSystemProfilePrivilege = SeSystemProfilePrivilege;
SeExports->SeSystemtimePrivilege = SeSystemtimePrivilege;
SeExports->SeProfileSingleProcessPrivilege = SeProfileSingleProcessPrivilege;
SeExports->SeCreatePermanentPrivilege = SeCreatePermanentPrivilege;
SeExports->SeBackupPrivilege = SeBackupPrivilege;
SeExports->SeRestorePrivilege = SeRestorePrivilege;
SeExports->SeShutdownPrivilege = SeShutdownPrivilege;
SeExports->SeDebugPrivilege = SeDebugPrivilege;
SeExports->SeAuditPrivilege = SeAuditPrivilege;
SeExports->SeSystemEnvironmentPrivilege = SeSystemEnvironmentPrivilege;
SeExports->SeChangeNotifyPrivilege = SeChangeNotifyPrivilege;
SeExports->SeRemoteShutdownPrivilege = SeRemoteShutdownPrivilege;
SeExports->SeNullSid = SeNullSid;
SeExports->SeWorldSid = SeWorldSid;
SeExports->SeLocalSid = SeLocalSid;
SeExports->SeCreatorOwnerSid = SeCreatorOwnerSid;
SeExports->SeCreatorGroupSid = SeCreatorGroupSid;
SeExports->SeNtAuthoritySid = SeNtAuthoritySid;
SeExports->SeDialupSid = SeDialupSid;
SeExports->SeNetworkSid = SeNetworkSid;
SeExports->SeBatchSid = SeBatchSid;
SeExports->SeInteractiveSid = SeInteractiveSid;
SeExports->SeLocalSystemSid = SeLocalSystemSid;
SeExports->SeAliasAdminsSid = SeAliasAdminsSid;
SeExports->SeAliasUsersSid = SeAliasUsersSid;
SeExports->SeAliasGuestsSid = SeAliasGuestsSid;
SeExports->SeAliasPowerUsersSid = SeAliasPowerUsersSid;
SeExports->SeAliasAccountOpsSid = SeAliasAccountOpsSid;
SeExports->SeAliasSystemOpsSid = SeAliasSystemOpsSid;
SeExports->SeAliasPrintOpsSid = SeAliasPrintOpsSid;
SeExports->SeAliasBackupOpsSid = SeAliasBackupOpsSid;
return(TRUE);
}
VOID SepReferenceLogonSession(PLUID AuthenticationId)
{
@ -28,109 +129,99 @@ VOID SepDeReferenceLogonSession(PLUID AuthenticationId)
UNIMPLEMENTED;
}
NTSTATUS STDCALL NtPrivilegedServiceAuditAlarm(
IN PUNICODE_STRING SubsystemName,
IN PUNICODE_STRING ServiceName,
IN HANDLE ClientToken,
IN PPRIVILEGE_SET Privileges,
IN BOOLEAN AccessGranted)
NTSTATUS STDCALL
NtPrivilegedServiceAuditAlarm(IN PUNICODE_STRING SubsystemName,
IN PUNICODE_STRING ServiceName,
IN HANDLE ClientToken,
IN PPRIVILEGE_SET Privileges,
IN BOOLEAN AccessGranted)
{
UNIMPLEMENTED;
UNIMPLEMENTED;
}
NTSTATUS
STDCALL
NtPrivilegeObjectAuditAlarm (
IN PUNICODE_STRING SubsystemName,
IN PVOID HandleId,
IN HANDLE ClientToken,
IN ULONG DesiredAccess,
IN PPRIVILEGE_SET Privileges,
IN BOOLEAN AccessGranted
NTSTATUS STDCALL
NtPrivilegeObjectAuditAlarm(IN PUNICODE_STRING SubsystemName,
IN PVOID HandleId,
IN HANDLE ClientToken,
IN ULONG DesiredAccess,
IN PPRIVILEGE_SET Privileges,
IN BOOLEAN AccessGranted)
{
UNIMPLEMENTED;
}
NTSTATUS STDCALL
NtOpenObjectAuditAlarm(IN PUNICODE_STRING SubsystemName,
IN PVOID HandleId,
IN POBJECT_ATTRIBUTES ObjectAttributes,
IN HANDLE ClientToken,
IN ULONG DesiredAccess,
IN ULONG GrantedAccess,
IN PPRIVILEGE_SET Privileges,
IN BOOLEAN ObjectCreation,
IN BOOLEAN AccessGranted,
OUT PBOOLEAN GenerateOnClose)
{
UNIMPLEMENTED;
}
NTSTATUS STDCALL
NtAccessCheckAndAuditAlarm(IN PUNICODE_STRING SubsystemName,
IN PHANDLE ObjectHandle,
IN POBJECT_ATTRIBUTES ObjectAttributes,
IN ACCESS_MASK DesiredAccess,
IN PGENERIC_MAPPING GenericMapping,
IN BOOLEAN ObjectCreation,
OUT PULONG GrantedAccess,
OUT PBOOLEAN AccessStatus,
OUT PBOOLEAN GenerateOnClose
)
{
UNIMPLEMENTED;
UNIMPLEMENTED;
}
NTSTATUS
STDCALL
NtOpenObjectAuditAlarm (
IN PUNICODE_STRING SubsystemName,
IN PVOID HandleId,
IN POBJECT_ATTRIBUTES ObjectAttributes,
IN HANDLE ClientToken,
IN ULONG DesiredAccess,
IN ULONG GrantedAccess,
IN PPRIVILEGE_SET Privileges,
IN BOOLEAN ObjectCreation,
IN BOOLEAN AccessGranted,
OUT PBOOLEAN GenerateOnClose
)
NTSTATUS STDCALL
NtAllocateUuids(PULARGE_INTEGER Time,
PULONG Range,
PULONG Sequence)
{
UNIMPLEMENTED;
}
NTSTATUS
STDCALL
NtAccessCheckAndAuditAlarm (
IN PUNICODE_STRING SubsystemName,
IN PHANDLE ObjectHandle,
IN POBJECT_ATTRIBUTES ObjectAttributes,
IN ACCESS_MASK DesiredAccess,
IN PGENERIC_MAPPING GenericMapping,
IN BOOLEAN ObjectCreation,
OUT PULONG GrantedAccess,
OUT PBOOLEAN AccessStatus,
OUT PBOOLEAN GenerateOnClose
)
{
UNIMPLEMENTED;
UNIMPLEMENTED;
}
NTSTATUS
STDCALL
NtAllocateUuids (
PULARGE_INTEGER Time,
PULONG Range,
PULONG Sequence
)
NTSTATUS STDCALL
NtCloseObjectAuditAlarm(IN PUNICODE_STRING SubsystemName,
IN PVOID HandleId,
IN BOOLEAN GenerateOnClose)
{
UNIMPLEMENTED;
UNIMPLEMENTED;
}
NTSTATUS STDCALL NtCloseObjectAuditAlarm(IN PUNICODE_STRING SubsystemName,
IN PVOID HandleId,
IN BOOLEAN GenerateOnClose)
NTSTATUS STDCALL
NtAccessCheck(IN PSECURITY_DESCRIPTOR SecurityDescriptor,
IN HANDLE ClientToken,
IN ACCESS_MASK DesiredAccess,
IN PGENERIC_MAPPING GenericMapping,
OUT PPRIVILEGE_SET PrivilegeSet,
OUT PULONG ReturnLength,
OUT PULONG GrantedAccess,
OUT PBOOLEAN AccessStatus)
{
UNIMPLEMENTED;
}
NTSTATUS STDCALL NtAccessCheck(IN PSECURITY_DESCRIPTOR SecurityDescriptor,
IN HANDLE ClientToken,
IN ACCESS_MASK DesiredAccess,
IN PGENERIC_MAPPING GenericMapping,
OUT PPRIVILEGE_SET PrivilegeSet,
OUT PULONG ReturnLength,
OUT PULONG GrantedAccess,
OUT PBOOLEAN AccessStatus)
{
UNIMPLEMENTED;
UNIMPLEMENTED;
}
NTSTATUS
STDCALL
NtDeleteObjectAuditAlarm (
IN PUNICODE_STRING SubsystemName,
IN PVOID HandleId,
IN BOOLEAN GenerateOnClose
)
NTSTATUS STDCALL
NtDeleteObjectAuditAlarm(IN PUNICODE_STRING SubsystemName,
IN PVOID HandleId,
IN BOOLEAN GenerateOnClose)
{
UNIMPLEMENTED;
UNIMPLEMENTED;
}
@ -160,17 +251,20 @@ VOID STDCALL SeCaptureSubjectContext (PSECURITY_SUBJECT_CONTEXT SubjectContext)
&SubjectContext->ImpersonationLevel);
SubjectContext->PrimaryToken = PsReferencePrimaryToken(Process);
}
NTSTATUS STDCALL SeDeassignSecurity(PSECURITY_DESCRIPTOR* SecurityDescriptor)
NTSTATUS STDCALL
SeDeassignSecurity(PSECURITY_DESCRIPTOR* SecurityDescriptor)
{
if ((*SecurityDescriptor) != NULL)
{
ExFreePool(*SecurityDescriptor);
(*SecurityDescriptor) = NULL;
}
return(STATUS_SUCCESS);
if ((*SecurityDescriptor) != NULL)
{
ExFreePool(*SecurityDescriptor);
(*SecurityDescriptor) = NULL;
}
return(STATUS_SUCCESS);
}
#if 0
VOID SepGetDefaultsSubjectContext(PSECURITY_SUBJECT_CONTEXT SubjectContext,
PSID* Owner,
@ -219,13 +313,14 @@ NTSTATUS SepInheritAcl(PACL Acl,
}
#endif
NTSTATUS STDCALL SeAssignSecurity(PSECURITY_DESCRIPTOR ParentDescriptor,
PSECURITY_DESCRIPTOR ExplicitDescriptor,
PSECURITY_DESCRIPTOR* NewDescriptor,
BOOLEAN IsDirectoryObject,
PSECURITY_SUBJECT_CONTEXT SubjectContext,
PGENERIC_MAPPING GenericMapping,
POOL_TYPE PoolType)
NTSTATUS STDCALL
SeAssignSecurity(PSECURITY_DESCRIPTOR ParentDescriptor,
PSECURITY_DESCRIPTOR ExplicitDescriptor,
PSECURITY_DESCRIPTOR* NewDescriptor,
BOOLEAN IsDirectoryObject,
PSECURITY_SUBJECT_CONTEXT SubjectContext,
PGENERIC_MAPPING GenericMapping,
POOL_TYPE PoolType)
{
#if 0
PSECURITY_DESCRIPTOR Descriptor;
@ -308,16 +403,18 @@ BOOLEAN SepSidInToken(PACCESS_TOKEN Token,
return(FALSE);
}
BOOLEAN STDCALL SeAccessCheck (IN PSECURITY_DESCRIPTOR SecurityDescriptor,
IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext,
IN BOOLEAN SubjectContextLocked,
IN ACCESS_MASK DesiredAccess,
IN ACCESS_MASK PreviouslyGrantedAccess,
OUT PPRIVILEGE_SET* Privileges,
IN PGENERIC_MAPPING GenericMapping,
IN KPROCESSOR_MODE AccessMode,
OUT PACCESS_MODE GrantedAccess,
OUT PNTSTATUS AccessStatus)
BOOLEAN STDCALL
SeAccessCheck(IN PSECURITY_DESCRIPTOR SecurityDescriptor,
IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext,
IN BOOLEAN SubjectContextLocked,
IN ACCESS_MASK DesiredAccess,
IN ACCESS_MASK PreviouslyGrantedAccess,
OUT PPRIVILEGE_SET* Privileges,
IN PGENERIC_MAPPING GenericMapping,
IN KPROCESSOR_MODE AccessMode,
OUT PACCESS_MODE GrantedAccess,
OUT PNTSTATUS AccessStatus)
/*
* FUNCTION: Determines whether the requested access rights can be granted
* to an object protected by a security descriptor and an object owner
@ -380,7 +477,7 @@ BOOLEAN STDCALL SeAccessCheck (IN PSECURITY_DESCRIPTOR SecurityDescriptor,
if (SepSidInToken(SubjectSecurityContext->ClientToken, Sid))
{
CurrentAccess = CurrentAccess |
CurrentAce->Header.AccessMask;
CurrentAce->Header.AccessMask;
}
}
}

515
reactos/ntoskrnl/se/sid.c
View file

@ -1,4 +1,4 @@
/* $Id: sid.c,v 1.7 2001/02/19 15:04:51 dwelch Exp $
/* $Id: sid.c,v 1.8 2002/02/20 20:15:38 ekohl Exp $
*
* COPYRIGHT: See COPYING in the top level directory
* PROJECT: ReactOS kernel
@ -12,13 +12,464 @@
/* INCLUDES *****************************************************************/
#include <ddk/ntddk.h>
#include <string.h>
#include <internal/se.h>
#include <internal/debug.h>
/* FUNCTIONS ***************************************************************/
#define TAG_SID TAG('S', 'I', 'D', 'T')
BOOLEAN STDCALL RtlValidSid (PSID Sid)
/* GLOBALS ******************************************************************/
SID_IDENTIFIER_AUTHORITY SeNullSidAuthority = {SECURITY_NULL_SID_AUTHORITY};
SID_IDENTIFIER_AUTHORITY SeWorldSidAuthority = {SECURITY_WORLD_SID_AUTHORITY};
SID_IDENTIFIER_AUTHORITY SeLocalSidAuthority = {SECURITY_LOCAL_SID_AUTHORITY};
SID_IDENTIFIER_AUTHORITY SeCreatorSidAuthority = {SECURITY_CREATOR_SID_AUTHORITY};
SID_IDENTIFIER_AUTHORITY SeNtSidAuthority = {SECURITY_NT_AUTHORITY};
PSID SeNullSid = NULL;
PSID SeWorldSid = NULL;
PSID SeLocalSid = NULL;
PSID SeCreatorOwnerSid = NULL;
PSID SeCreatorGroupSid = NULL;
PSID SeCreatorOwnerServerSid = NULL;
PSID SeCreatorGroupServerSid = NULL;
PSID SeNtAuthoritySid = NULL;
PSID SeDialupSid = NULL;
PSID SeNetworkSid = NULL;
PSID SeBatchSid = NULL;
PSID SeInteractiveSid = NULL;
PSID SeServiceSid = NULL;
PSID SeAnonymousLogonSid = NULL;
PSID SePrincipalSelfSid = NULL;
PSID SeLocalSystemSid = NULL;
PSID SeAuthenticatedUserSid = NULL;
PSID SeRestrictedCodeSid = NULL;
PSID SeAliasAdminsSid = NULL;
PSID SeAliasUsersSid = NULL;
PSID SeAliasGuestsSid = NULL;
PSID SeAliasPowerUsersSid = NULL;
PSID SeAliasAccountOpsSid = NULL;
PSID SeAliasSystemOpsSid = NULL;
PSID SeAliasPrintOpsSid = NULL;
PSID SeAliasBackupOpsSid = NULL;
/* FUNCTIONS ****************************************************************/
BOOLEAN
SepInitSecurityIDs(VOID)
{
ULONG SidLength0;
ULONG SidLength1;
ULONG SidLength2;
PULONG SubAuthority;
SidLength0 = RtlLengthRequiredSid(0);
SidLength1 = RtlLengthRequiredSid(1);
SidLength2 = RtlLengthRequiredSid(2);
/* create NullSid */
SeNullSid = ExAllocatePoolWithTag(NonPagedPool,
SidLength1,
TAG_SID);
if (SeNullSid == NULL)
return(FALSE);
RtlInitializeSid(SeNullSid,
&SeNullSidAuthority,
1);
SubAuthority = RtlSubAuthoritySid(SeNullSid,
0);
*SubAuthority = SECURITY_NULL_RID;
/* create WorldSid */
SeWorldSid = ExAllocatePoolWithTag(NonPagedPool,
SidLength1,
TAG_SID);
if (SeWorldSid == NULL)
return(FALSE);
RtlInitializeSid(SeWorldSid,
&SeWorldSidAuthority,
1);
SubAuthority = RtlSubAuthoritySid(SeWorldSid,
0);
*SubAuthority = SECURITY_WORLD_RID;
/* create LocalSid */
SeLocalSid = ExAllocatePoolWithTag(NonPagedPool,
SidLength1,
TAG_SID);
if (SeLocalSid == NULL)
return(FALSE);
RtlInitializeSid(SeLocalSid,
&SeLocalSidAuthority,
1);
SubAuthority = RtlSubAuthoritySid(SeLocalSid,
0);
*SubAuthority = SECURITY_LOCAL_RID;
/* create CreatorOwnerSid */
SeCreatorOwnerSid = ExAllocatePoolWithTag(NonPagedPool,
SidLength1,
TAG_SID);
if (SeCreatorOwnerSid == NULL)
return(FALSE);
RtlInitializeSid(SeCreatorOwnerSid,
&SeCreatorSidAuthority,
1);
SubAuthority = RtlSubAuthoritySid(SeCreatorOwnerSid,
0);
*SubAuthority = SECURITY_CREATOR_OWNER_RID;
/* create CreatorGroupSid */
SeCreatorGroupSid = ExAllocatePoolWithTag(NonPagedPool,
SidLength1,
TAG_SID);
if (SeCreatorGroupSid == NULL)
return(FALSE);
RtlInitializeSid(SeCreatorGroupSid,
&SeCreatorSidAuthority,
1);
SubAuthority = RtlSubAuthoritySid(SeCreatorGroupSid,
0);
*SubAuthority = SECURITY_CREATOR_GROUP_RID;
/* create CreatorOwnerServerSid */
SeCreatorOwnerServerSid = ExAllocatePoolWithTag(NonPagedPool,
SidLength1,
TAG_SID);
if (SeCreatorOwnerServerSid == NULL)
return(FALSE);
RtlInitializeSid(SeCreatorOwnerServerSid,
&SeCreatorSidAuthority,
1);
SubAuthority = RtlSubAuthoritySid(SeCreatorOwnerServerSid,
0);
*SubAuthority = SECURITY_CREATOR_OWNER_SERVER_RID;
/* create CreatorGroupServerSid */
SeCreatorGroupServerSid = ExAllocatePoolWithTag(NonPagedPool,
SidLength1,
TAG_SID);
if (SeCreatorGroupServerSid == NULL)
return(FALSE);
RtlInitializeSid(SeCreatorGroupServerSid,
&SeCreatorSidAuthority,
1);
SubAuthority = RtlSubAuthoritySid(SeCreatorGroupServerSid,
0);
*SubAuthority = SECURITY_CREATOR_GROUP_SERVER_RID;
/* create NtAuthoritySid */
SeNtAuthoritySid = ExAllocatePoolWithTag(NonPagedPool,
SidLength0,
TAG_SID);
if (SeNtAuthoritySid == NULL)
return(FALSE);
RtlInitializeSid(SeNtAuthoritySid,
&SeNtSidAuthority,
0);
/* create DialupSid */
SeDialupSid = ExAllocatePoolWithTag(NonPagedPool,
SidLength1,
TAG_SID);
if (SeDialupSid == NULL)
return(FALSE);
RtlInitializeSid(SeDialupSid,
&SeNtSidAuthority,
1);
SubAuthority = RtlSubAuthoritySid(SeDialupSid,
0);
*SubAuthority = SECURITY_DIALUP_RID;
/* create NetworkSid */
SeNetworkSid = ExAllocatePoolWithTag(NonPagedPool,
SidLength1,
TAG_SID);
if (SeNetworkSid == NULL)
return(FALSE);
RtlInitializeSid(SeNetworkSid,
&SeNtSidAuthority,
1);
SubAuthority = RtlSubAuthoritySid(SeNetworkSid,
0);
*SubAuthority = SECURITY_NETWORK_RID;
/* create BatchSid */
SeBatchSid = ExAllocatePoolWithTag(NonPagedPool,
SidLength1,
TAG_SID);
if (SeBatchSid == NULL)
return(FALSE);
RtlInitializeSid(SeBatchSid,
&SeNtSidAuthority,
1);
SubAuthority = RtlSubAuthoritySid(SeBatchSid,
0);
*SubAuthority = SECURITY_BATCH_RID;
/* create InteractiveSid */
SeInteractiveSid = ExAllocatePoolWithTag(NonPagedPool,
SidLength1,
TAG_SID);
if (SeInteractiveSid == NULL)
return(FALSE);
RtlInitializeSid(SeInteractiveSid,
&SeNtSidAuthority,
1);
SubAuthority = RtlSubAuthoritySid(SeInteractiveSid,
0);
*SubAuthority = SECURITY_INTERACTIVE_RID;
/* create ServiceSid */
SeServiceSid = ExAllocatePoolWithTag(NonPagedPool,
SidLength1,
TAG_SID);
if (SeServiceSid == NULL)
return(FALSE);
RtlInitializeSid(SeServiceSid,
&SeNtSidAuthority,
1);
SubAuthority = RtlSubAuthoritySid(SeServiceSid,
0);
*SubAuthority = SECURITY_SERVICE_RID;
/* create AnonymousLogonSid */
SeAnonymousLogonSid = ExAllocatePoolWithTag(NonPagedPool,
SidLength1,
TAG_SID);
if (SeAnonymousLogonSid == NULL)
return(FALSE);
RtlInitializeSid(SeAnonymousLogonSid,
&SeNtSidAuthority,
1);
SubAuthority = RtlSubAuthoritySid(SeAnonymousLogonSid,
0);
*SubAuthority = SECURITY_ANONYMOUS_LOGON_RID;
/* create PrincipalSelfSid */
SePrincipalSelfSid = ExAllocatePoolWithTag(NonPagedPool,
SidLength1,
TAG_SID);
if (SePrincipalSelfSid == NULL)
return(FALSE);
RtlInitializeSid(SePrincipalSelfSid,
&SeNtSidAuthority,
1);
SubAuthority = RtlSubAuthoritySid(SePrincipalSelfSid,
0);
*SubAuthority = SECURITY_PRINCIPAL_SELF_RID;
/* create LocalSystemSid */
SeLocalSystemSid = ExAllocatePoolWithTag(NonPagedPool,
SidLength1,
TAG_SID);
if (SeLocalSystemSid == NULL)
return(FALSE);
RtlInitializeSid(SeLocalSystemSid,
&SeNtSidAuthority,
1);
SubAuthority = RtlSubAuthoritySid(SeLocalSystemSid,
0);
*SubAuthority = SECURITY_LOCAL_SYSTEM_RID;
/* create AuthenticatedUserSid */
SeAuthenticatedUserSid = ExAllocatePoolWithTag(NonPagedPool,
SidLength1,
TAG_SID);
if (SeAuthenticatedUserSid == NULL)
return(FALSE);
RtlInitializeSid(SeAuthenticatedUserSid,
&SeNtSidAuthority,
1);
SubAuthority = RtlSubAuthoritySid(SeAuthenticatedUserSid,
0);
*SubAuthority = SECURITY_AUTHENTICATED_USER_RID;
/* create RestrictedCodeSid */
SeRestrictedCodeSid = ExAllocatePoolWithTag(NonPagedPool,
SidLength1,
TAG_SID);
if (SeRestrictedCodeSid == NULL)
return(FALSE);
RtlInitializeSid(SeRestrictedCodeSid,
&SeNtSidAuthority,
1);
SubAuthority = RtlSubAuthoritySid(SeRestrictedCodeSid,
0);
*SubAuthority = SECURITY_RESTRICTED_CODE_RID;
/* create AliasAdminsSid */
SeAliasAdminsSid = ExAllocatePoolWithTag(NonPagedPool,
SidLength2,
TAG_SID);
if (SeAliasAdminsSid == NULL)
return(FALSE);
RtlInitializeSid(SeAliasAdminsSid,
&SeNtSidAuthority,
2);
SubAuthority = RtlSubAuthoritySid(SeAliasAdminsSid,
0);
*SubAuthority = SECURITY_BUILTIN_DOMAIN_RID;
SubAuthority = RtlSubAuthoritySid(SeAliasAdminsSid,
1);
*SubAuthority = DOMAIN_ALIAS_RID_ADMINS;
/* create AliasUsersSid */
SeAliasUsersSid = ExAllocatePoolWithTag(NonPagedPool,
SidLength2,
TAG_SID);
if (SeAliasUsersSid == NULL)
return(FALSE);
RtlInitializeSid(SeAliasUsersSid,
&SeNtSidAuthority,
2);
SubAuthority = RtlSubAuthoritySid(SeAliasUsersSid,
0);
*SubAuthority = SECURITY_BUILTIN_DOMAIN_RID;
SubAuthority = RtlSubAuthoritySid(SeAliasUsersSid,
1);
*SubAuthority = DOMAIN_ALIAS_RID_USERS;
/* create AliasGuestsSid */
SeAliasGuestsSid = ExAllocatePoolWithTag(NonPagedPool,
SidLength2,
TAG_SID);
if (SeAliasGuestsSid == NULL)
return(FALSE);
RtlInitializeSid(SeAliasGuestsSid,
&SeNtSidAuthority,
2);
SubAuthority = RtlSubAuthoritySid(SeAliasGuestsSid,
0);
*SubAuthority = SECURITY_BUILTIN_DOMAIN_RID;
SubAuthority = RtlSubAuthoritySid(SeAliasGuestsSid,
1);
*SubAuthority = DOMAIN_ALIAS_RID_GUESTS;
/* create AliasPowerUsersSid */
SeAliasPowerUsersSid = ExAllocatePoolWithTag(NonPagedPool,
SidLength2,
TAG_SID);
if (SeAliasPowerUsersSid == NULL)
return(FALSE);
RtlInitializeSid(SeAliasPowerUsersSid,
&SeNtSidAuthority,
2);
SubAuthority = RtlSubAuthoritySid(SeAliasPowerUsersSid,
0);
*SubAuthority = SECURITY_BUILTIN_DOMAIN_RID;
SubAuthority = RtlSubAuthoritySid(SeAliasPowerUsersSid,
1);
*SubAuthority = DOMAIN_ALIAS_RID_POWER_USERS;
/* create AliasAccountOpsSid */
SeAliasAccountOpsSid = ExAllocatePoolWithTag(NonPagedPool,
SidLength2,
TAG_SID);
if (SeAliasAccountOpsSid == NULL)
return(FALSE);
RtlInitializeSid(SeAliasAccountOpsSid,
&SeNtSidAuthority,
2);
SubAuthority = RtlSubAuthoritySid(SeAliasAccountOpsSid,
0);
*SubAuthority = SECURITY_BUILTIN_DOMAIN_RID;
SubAuthority = RtlSubAuthoritySid(SeAliasAccountOpsSid,
1);
*SubAuthority = DOMAIN_ALIAS_RID_ACCOUNT_OPS;
/* create AliasSystemOpsSid */
SeAliasSystemOpsSid = ExAllocatePoolWithTag(NonPagedPool,
SidLength2,
TAG_SID);
if (SeAliasSystemOpsSid == NULL)
return(FALSE);
RtlInitializeSid(SeAliasSystemOpsSid,
&SeNtSidAuthority,
2);
SubAuthority = RtlSubAuthoritySid(SeAliasSystemOpsSid,
0);
*SubAuthority = SECURITY_BUILTIN_DOMAIN_RID;
SubAuthority = RtlSubAuthoritySid(SeAliasSystemOpsSid,
1);
*SubAuthority = DOMAIN_ALIAS_RID_SYSTEM_OPS;
/* create AliasPrintOpsSid */
SeAliasPrintOpsSid = ExAllocatePoolWithTag(NonPagedPool,
SidLength2,
TAG_SID);
if (SeAliasPrintOpsSid == NULL)
return(FALSE);
RtlInitializeSid(SeAliasPrintOpsSid,
&SeNtSidAuthority,
2);
SubAuthority = RtlSubAuthoritySid(SeAliasPrintOpsSid,
0);
*SubAuthority = SECURITY_BUILTIN_DOMAIN_RID;
SubAuthority = RtlSubAuthoritySid(SeAliasPrintOpsSid,
1);
*SubAuthority = DOMAIN_ALIAS_RID_PRINT_OPS;
/* create AliasBackupOpsSid */
SeAliasBackupOpsSid = ExAllocatePoolWithTag(NonPagedPool,
SidLength2,
TAG_SID);
if (SeAliasBackupOpsSid == NULL)
return(FALSE);
RtlInitializeSid(SeAliasBackupOpsSid,
&SeNtSidAuthority,
2);
SubAuthority = RtlSubAuthoritySid(SeAliasBackupOpsSid,
0);
*SubAuthority = SECURITY_BUILTIN_DOMAIN_RID;
SubAuthority = RtlSubAuthoritySid(SeAliasBackupOpsSid,
1);
*SubAuthority = DOMAIN_ALIAS_RID_BACKUP_OPS;
return(TRUE);
}
BOOLEAN STDCALL
RtlValidSid(PSID Sid)
{
if ((Sid->Revision & 0xf) != 1)
{
@ -31,33 +482,46 @@ BOOLEAN STDCALL RtlValidSid (PSID Sid)
return(TRUE);
}
ULONG STDCALL RtlLengthRequiredSid (UCHAR SubAuthorityCount)
ULONG STDCALL
RtlLengthRequiredSid(UCHAR SubAuthorityCount)
{
return(sizeof(SID) + (SubAuthorityCount - 1) * sizeof(ULONG));
return(sizeof(SID) + (SubAuthorityCount - 1) * sizeof(ULONG));
}
NTSTATUS STDCALL RtlInitializeSid (PSID Sid,
PSID_IDENTIFIER_AUTHORITY IdentifierAuthority,
UCHAR SubAuthorityCount)
NTSTATUS STDCALL
RtlInitializeSid(PSID Sid,
PSID_IDENTIFIER_AUTHORITY IdentifierAuthority,
UCHAR SubAuthorityCount)
{
Sid->Revision = 1;
Sid->SubAuthorityCount = SubAuthorityCount;
memcpy(&Sid->IdentifierAuthority, IdentifierAuthority,
sizeof(SID_IDENTIFIER_AUTHORITY));
return(STATUS_SUCCESS);
Sid->Revision = 1;
Sid->SubAuthorityCount = SubAuthorityCount;
RtlCopyMemory(&Sid->IdentifierAuthority,
IdentifierAuthority,
sizeof(SID_IDENTIFIER_AUTHORITY));
return(STATUS_SUCCESS);
}
PULONG STDCALL RtlSubAuthoritySid (PSID Sid, ULONG SubAuthority)
PULONG STDCALL
RtlSubAuthoritySid(PSID Sid,
ULONG SubAuthority)
{
return(&Sid->SubAuthority[SubAuthority]);
return(&Sid->SubAuthority[SubAuthority]);
}
PUCHAR STDCALL RtlSubAuthorityCountSid (PSID Sid)
PUCHAR STDCALL
RtlSubAuthorityCountSid (PSID Sid)
{
return(&Sid->SubAuthorityCount);
return(&Sid->SubAuthorityCount);
}
BOOLEAN STDCALL RtlEqualSid (PSID Sid1, PSID Sid2)
BOOLEAN STDCALL
RtlEqualSid(PSID Sid1,
PSID Sid2)
{
if (Sid1->Revision != Sid2->Revision)
{
@ -75,12 +539,18 @@ BOOLEAN STDCALL RtlEqualSid (PSID Sid1, PSID Sid2)
return(TRUE);
}
ULONG STDCALL RtlLengthSid (PSID Sid)
ULONG STDCALL
RtlLengthSid(PSID Sid)
{
return(sizeof(SID) + (Sid->SubAuthorityCount-1)*4);
return(sizeof(SID) + (Sid->SubAuthorityCount-1)*4);
}
NTSTATUS STDCALL RtlCopySid (ULONG BufferLength, PSID Dest, PSID Src)
NTSTATUS STDCALL
RtlCopySid(ULONG BufferLength,
PSID Dest,
PSID Src)
{
if (BufferLength < RtlLengthSid(Src))
{
@ -90,6 +560,7 @@ NTSTATUS STDCALL RtlCopySid (ULONG BufferLength, PSID Dest, PSID Src)
return(STATUS_SUCCESS);
}
NTSTATUS STDCALL
RtlConvertSidToUnicodeString(PUNICODE_STRING String,
PSID Sid,

300
reactos/ntoskrnl/se/token.c
View file

@ -1,4 +1,4 @@
/* $Id: token.c,v 1.12 2001/12/05 01:40:25 dwelch Exp $
/* $Id: token.c,v 1.13 2002/02/20 20:15:38 ekohl Exp $
*
* COPYRIGHT: See COPYING in the top level directory
* PROJECT: ReactOS kernel
@ -14,13 +14,13 @@
#include <limits.h>
#include <ddk/ntddk.h>
#include <internal/ps.h>
#include <internal/pool.h>
#include <internal/se.h>
#include <internal/debug.h>
/* GLOBALS *******************************************************************/
POBJECT_TYPE EXPORTED SeTokenType = NULL;
POBJECT_TYPE SepTokenObjectType = NULL;
static GENERIC_MAPPING SepTokenMapping = {TOKEN_READ,
TOKEN_WRITE,
@ -58,7 +58,7 @@ NTSTATUS SeExchangePrimaryToken(PEPROCESS Process,
NewToken->TokenInUse = 1;
ObReferenceObjectByPointer(NewToken,
TOKEN_ALL_ACCESS,
SeTokenType,
SepTokenObjectType,
KernelMode);
OldToken->TokenInUse = 0;
*OldTokenP = OldToken;
@ -99,20 +99,18 @@ NTSTATUS SeCopyClientToken(PACCESS_TOKEN Token,
return(Status);
}
NTSTATUS
STDCALL
SeCreateClientSecurity (
PETHREAD Thread,
PSECURITY_QUALITY_OF_SERVICE Qos,
ULONG e,
PSE_SOME_STRUCT2 f
)
NTSTATUS STDCALL
SeCreateClientSecurity(IN struct _ETHREAD *Thread,
IN PSECURITY_QUALITY_OF_SERVICE Qos,
IN BOOLEAN RemoteClient,
OUT PSECURITY_CLIENT_CONTEXT ClientContext)
{
TOKEN_TYPE TokenType;
UCHAR b;
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
PACCESS_TOKEN Token;
ULONG g;
ULONG g;
PACCESS_TOKEN NewToken;
Token = PsReferenceEffectiveToken(Thread,
@ -121,7 +119,7 @@ SeCreateClientSecurity (
&ImpersonationLevel);
if (TokenType != 2)
{
f->Unknown9 = Qos->EffectiveOnly;
ClientContext->DirectAccessEffectiveOnly = Qos->EffectiveOnly;
}
else
{
@ -135,7 +133,7 @@ SeCreateClientSecurity (
}
if (ImpersonationLevel == 0 ||
ImpersonationLevel == 1 ||
(e != 0 && ImpersonationLevel != 3))
(RemoteClient != FALSE && ImpersonationLevel != 3))
{
if (Token != NULL)
{
@ -146,23 +144,23 @@ SeCreateClientSecurity (
if (b != 0 ||
Qos->EffectiveOnly != 0)
{
f->Unknown9 = 1;
ClientContext->DirectAccessEffectiveOnly = TRUE;
}
else
{
f->Unknown9 = 0;
}
ClientContext->DirectAccessEffectiveOnly = FALSE;
}
}
if (Qos->ContextTrackingMode == 0)
{
f->Unknown8 = 0;
ClientContext->DirectlyAccessClientToken = FALSE;
g = SeCopyClientToken(Token, ImpersonationLevel, 0, &NewToken);
if (g >= 0)
{
// ObDeleteCapturedInsertInfo(NewToken);
}
if (TokenType == TokenPrimary || Token != NULL)
if (TokenType == TokenPrimary || Token != NULL)
{
ObDereferenceObject(Token);
}
@ -170,90 +168,88 @@ SeCreateClientSecurity (
{
return(g);
}
}
else
{
f->Unknown8 = 1;
if (e != 0)
}
else
{
ClientContext->DirectlyAccessClientToken = TRUE;
if (RemoteClient != FALSE)
{
// SeGetTokenControlInformation(Token, &f->Unknown11);
// SeGetTokenControlInformation(Token, &ClientContext->Unknown11);
}
NewToken = Token;
}
f->Unknown1 = 0xc;
f->Level = Qos->ImpersonationLevel;
f->ContextTrackingMode = Qos->ContextTrackingMode;
f->EffectiveOnly = Qos->EffectiveOnly;
f->Unknown10 = e;
f->Token = NewToken;
return(STATUS_SUCCESS);
}
ClientContext->SecurityQos.Length = sizeof(SECURITY_QUALITY_OF_SERVICE);
ClientContext->SecurityQos.ImpersonationLevel = Qos->ImpersonationLevel;
ClientContext->SecurityQos.ContextTrackingMode = Qos->ContextTrackingMode;
ClientContext->SecurityQos.EffectiveOnly = Qos->EffectiveOnly;
ClientContext->ServerIsRemote = RemoteClient;
ClientContext->Token = NewToken;
return(STATUS_SUCCESS);
}
VOID STDCALL
SeImpersonateClient(IN PSECURITY_CLIENT_CONTEXT ClientContext,
IN PETHREAD ServerThread OPTIONAL)
{
UCHAR b;
if (ClientContext->DirectlyAccessClientToken == FALSE)
{
b = ClientContext->SecurityQos.EffectiveOnly;
}
else
{
b = ClientContext->DirectAccessEffectiveOnly;
}
if (ServerThread == NULL)
{
ServerThread = PsGetCurrentThread();
}
PsImpersonateClient(ServerThread,
ClientContext->Token,
1,
(ULONG)b,
ClientContext->SecurityQos.ImpersonationLevel);
}
VOID
STDCALL
SeImpersonateClient (
PSE_SOME_STRUCT2 a,
PETHREAD Thread
)
SeInitializeTokenManager(VOID)
{
UCHAR b;
if (a->Unknown8 == 0)
{
b = a->EffectiveOnly;
}
else
{
b = a->Unknown9;
}
if (Thread == NULL)
{
Thread = PsGetCurrentThread();
}
PsImpersonateClient(Thread,
a->Token,
1,
(ULONG)b,
a->Level);
SepTokenObjectType = ExAllocatePool(NonPagedPool, sizeof(OBJECT_TYPE));
SepTokenObjectType->Tag = TAG('T', 'O', 'K', 'T');
SepTokenObjectType->MaxObjects = ULONG_MAX;
SepTokenObjectType->MaxHandles = ULONG_MAX;
SepTokenObjectType->TotalObjects = 0;
SepTokenObjectType->TotalHandles = 0;
SepTokenObjectType->PagedPoolCharge = 0;
SepTokenObjectType->NonpagedPoolCharge = sizeof(ACCESS_TOKEN);
SepTokenObjectType->Mapping = &SepTokenMapping;
SepTokenObjectType->Dump = NULL;
SepTokenObjectType->Open = NULL;
SepTokenObjectType->Close = NULL;
SepTokenObjectType->Delete = NULL;
SepTokenObjectType->Parse = NULL;
SepTokenObjectType->Security = NULL;
SepTokenObjectType->QueryName = NULL;
SepTokenObjectType->OkayToClose = NULL;
SepTokenObjectType->Create = NULL;
SepTokenObjectType->DuplicationNotify = NULL;
RtlCreateUnicodeString(&SepTokenObjectType->TypeName,
L"Token");
}
VOID SeInitializeTokenManager(VOID)
{
UNICODE_STRING TypeName;
RtlInitUnicodeString(&TypeName, L"Token");
SeTokenType = ExAllocatePool(NonPagedPool, sizeof(OBJECT_TYPE));
SeTokenType->Tag = TAG('T', 'O', 'K', 'T');
SeTokenType->MaxObjects = ULONG_MAX;
SeTokenType->MaxHandles = ULONG_MAX;
SeTokenType->TotalObjects = 0;
SeTokenType->TotalHandles = 0;
SeTokenType->PagedPoolCharge = 0;
SeTokenType->NonpagedPoolCharge = 0;
SeTokenType->Mapping = &SepTokenMapping;
SeTokenType->Dump = NULL;
SeTokenType->Open = NULL;
SeTokenType->Close = NULL;
SeTokenType->Delete = NULL;
SeTokenType->Parse = NULL;
SeTokenType->Security = NULL;
SeTokenType->QueryName = NULL;
SeTokenType->OkayToClose = NULL;
SeTokenType->Create = NULL;
SeTokenType->DuplicationNotify = NULL;
}
NTSTATUS RtlCopySidAndAttributesArray(ULONG Count, // ebp + 8
PSID_AND_ATTRIBUTES Src, // ebp + C
ULONG MaxLength, // ebp + 10
PSID_AND_ATTRIBUTES Dest, // ebp + 14
PVOID e, // ebp + 18
PVOID* f, // ebp + 1C
PULONG g) // ebp + 20
NTSTATUS
RtlCopySidAndAttributesArray(ULONG Count, // ebp + 8
PSID_AND_ATTRIBUTES Src, // ebp + C
ULONG MaxLength, // ebp + 10
PSID_AND_ATTRIBUTES Dest, // ebp + 14
PVOID e, // ebp + 18
PVOID* f, // ebp + 1C
PULONG g) // ebp + 20
{
ULONG Length; // ebp - 4
ULONG i;
@ -277,12 +273,13 @@ NTSTATUS RtlCopySidAndAttributesArray(ULONG Count, // ebp + 8
return(STATUS_SUCCESS);
}
NTSTATUS STDCALL NtQueryInformationToken(IN HANDLE TokenHandle,
IN TOKEN_INFORMATION_CLASS
TokenInformationClass,
OUT PVOID TokenInformation,
IN ULONG TokenInformationLength,
OUT PULONG ReturnLength)
NTSTATUS STDCALL
NtQueryInformationToken(IN HANDLE TokenHandle,
IN TOKEN_INFORMATION_CLASS TokenInformationClass,
OUT PVOID TokenInformation,
IN ULONG TokenInformationLength,
OUT PULONG ReturnLength)
{
NTSTATUS Status;
PACCESS_TOKEN Token;
@ -294,7 +291,7 @@ NTSTATUS STDCALL NtQueryInformationToken(IN HANDLE TokenHandle,
Status = ObReferenceObjectByHandle(TokenHandle,
0,
SeTokenType,
SepTokenObjectType,
UserMode,
(PVOID*)&Token,
NULL);
@ -340,7 +337,7 @@ NTSTATUS STDCALL NtQueryInformationToken(IN HANDLE TokenHandle,
}
break;
case TokenPrivileges:
case TokenPrivileges:
break;
case TokenOwner:
@ -400,27 +397,23 @@ NTSTATUS STDCALL NtQueryInformationToken(IN HANDLE TokenHandle,
}
NTSTATUS
STDCALL
NtSetInformationToken(
IN HANDLE TokenHandle,
IN TOKEN_INFORMATION_CLASS TokenInformationClass,
OUT PVOID TokenInformation,
IN ULONG TokenInformationLength
)
NTSTATUS STDCALL
NtSetInformationToken(IN HANDLE TokenHandle,
IN TOKEN_INFORMATION_CLASS TokenInformationClass,
OUT PVOID TokenInformation,
IN ULONG TokenInformationLength)
{
UNIMPLEMENTED;
UNIMPLEMENTED;
}
NTSTATUS STDCALL NtDuplicateToken(IN HANDLE ExistingTokenHandle,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes,
IN SECURITY_IMPERSONATION_LEVEL
ImpersonationLevel,
IN TOKEN_TYPE TokenType,
OUT PHANDLE NewTokenHandle)
NTSTATUS STDCALL
NtDuplicateToken(IN HANDLE ExistingTokenHandle,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes,
IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel,
IN TOKEN_TYPE TokenType,
OUT PHANDLE NewTokenHandle)
{
#if 0
PACCESS_TOKEN Token;
@ -430,7 +423,7 @@ NTSTATUS STDCALL NtDuplicateToken(IN HANDLE ExistingTokenHandle,
Status = ObReferenceObjectByHandle(ExistingTokenHandle,
?,
SeTokenType,
SepTokenObjectType,
UserMode,
(PVOID*)&Token,
NULL);
@ -462,12 +455,14 @@ VOID SepAdjustGroups(PACCESS_TOKEN Token,
UNIMPLEMENTED;
}
NTSTATUS STDCALL NtAdjustGroupsToken(IN HANDLE TokenHandle,
IN BOOLEAN ResetToDefault,
IN PTOKEN_GROUPS NewState,
IN ULONG BufferLength,
OUT PTOKEN_GROUPS PreviousState OPTIONAL,
OUT PULONG ReturnLength)
NTSTATUS STDCALL
NtAdjustGroupsToken(IN HANDLE TokenHandle,
IN BOOLEAN ResetToDefault,
IN PTOKEN_GROUPS NewState,
IN ULONG BufferLength,
OUT PTOKEN_GROUPS PreviousState OPTIONAL,
OUT PULONG ReturnLength)
{
#if 0
NTSTATUS Status;
@ -478,7 +473,7 @@ NTSTATUS STDCALL NtAdjustGroupsToken(IN HANDLE TokenHandle,
Status = ObReferenceObjectByHandle(TokenHandle,
?,
SeTokenType,
SepTokenObjectType,
UserMode,
(PVOID*)&Token,
NULL);
@ -499,6 +494,7 @@ NTSTATUS STDCALL NtAdjustGroupsToken(IN HANDLE TokenHandle,
#endif
}
#if 0
NTSTATUS SepAdjustPrivileges(PACCESS_TOKEN Token, // 0x8
ULONG a, // 0xC
@ -552,13 +548,15 @@ NTSTATUS SepAdjustPrivileges(PACCESS_TOKEN Token, // 0x8
if (
}
#endif
NTSTATUS STDCALL NtAdjustPrivilegesToken(IN HANDLE TokenHandle,
IN BOOLEAN DisableAllPrivileges,
IN PTOKEN_PRIVILEGES NewState,
IN ULONG BufferLength,
OUT PTOKEN_PRIVILEGES PreviousState,
OUT PULONG ReturnLength)
NTSTATUS STDCALL
NtAdjustPrivilegesToken(IN HANDLE TokenHandle,
IN BOOLEAN DisableAllPrivileges,
IN PTOKEN_PRIVILEGES NewState,
IN ULONG BufferLength,
OUT PTOKEN_PRIVILEGES PreviousState,
OUT PULONG ReturnLength)
{
#if 0
ULONG PrivilegeCount;
@ -593,19 +591,20 @@ NTSTATUS STDCALL NtAdjustPrivilegesToken(IN HANDLE TokenHandle,
#endif
}
NTSTATUS STDCALL NtCreateToken(OUT PHANDLE TokenHandle,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes,
IN TOKEN_TYPE TokenType,
IN PLUID AuthenticationId,
IN PLARGE_INTEGER ExpirationTime,
IN PTOKEN_USER TokenUser,
IN PTOKEN_GROUPS TokenGroups,
IN PTOKEN_PRIVILEGES TokenPrivileges,
IN PTOKEN_OWNER TokenOwner,
IN PTOKEN_PRIMARY_GROUP TokenPrimaryGroup,
IN PTOKEN_DEFAULT_DACL TokenDefaultDacl,
IN PTOKEN_SOURCE TokenSource)
NTSTATUS STDCALL
NtCreateToken(OUT PHANDLE TokenHandle,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes,
IN TOKEN_TYPE TokenType,
IN PLUID AuthenticationId,
IN PLARGE_INTEGER ExpirationTime,
IN PTOKEN_USER TokenUser,
IN PTOKEN_GROUPS TokenGroups,
IN PTOKEN_PRIVILEGES TokenPrivileges,
IN PTOKEN_OWNER TokenOwner,
IN PTOKEN_PRIMARY_GROUP TokenPrimaryGroup,
IN PTOKEN_DEFAULT_DACL TokenDefaultDacl,
IN PTOKEN_SOURCE TokenSource)
{
#if 0
PACCESS_TOKEN AccessToken;
@ -628,5 +627,10 @@ NTSTATUS STDCALL NtCreateToken(OUT PHANDLE TokenHandle,
UNIMPLEMENTED;
}
TOKEN_TYPE STDCALL
SeTokenType(IN PACCESS_TOKEN Token)
{
return(Token->TokenType);
}
/* EOF */