mirror of
https://github.com/reactos/reactos.git
synced 2024-06-29 01:12:06 +00:00
Started security manager initialization.
Some cleanup. svn path=/trunk/; revision=2637
This commit is contained in:
Eric Kohl
parent
19ad3d7a30
commit
8393800e76
|
|
@ -1,4 +1,4 @@
|
|||
/* $Id: rtl.h,v 1.59 2002/01/14 01:41:08 ekohl Exp $
|
||||
/* $Id: rtl.h,v 1.60 2002/02/20 20:09:52 ekohl Exp $
|
||||
*
|
||||
*/
|
||||
|
||||
|
|
@ -1780,6 +1780,9 @@ RtlValidSecurityDescriptor (
|
|||
PSECURITY_DESCRIPTOR SecurityDescriptor
|
||||
);
|
||||
|
||||
BOOLEAN STDCALL
|
||||
RtlValidSid(IN PSID Sid);
|
||||
|
||||
NTSTATUS
|
||||
STDCALL
|
||||
RtlWriteRegistryValue (
|
||||
|
|
|
|||
|
|
@ -1,8 +1,9 @@
|
|||
#ifndef _INCLUDE_DDK_SEFUNCS_H
|
||||
#define _INCLUDE_DDK_SEFUNCS_H
|
||||
/* $Id: sefuncs.h,v 1.14 2001/07/06 21:32:43 ekohl Exp $ */
|
||||
/* $Id: sefuncs.h,v 1.15 2002/02/20 20:09:52 ekohl Exp $ */
|
||||
|
||||
BOOLEAN STDCALL SeAccessCheck (IN PSECURITY_DESCRIPTOR SecurityDescriptor,
|
||||
BOOLEAN STDCALL
|
||||
SeAccessCheck(IN PSECURITY_DESCRIPTOR SecurityDescriptor,
|
||||
IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext,
|
||||
IN BOOLEAN SubjectContextLocked,
|
||||
IN ACCESS_MASK DesiredAccess,
|
||||
|
|
@ -12,36 +13,40 @@ BOOLEAN STDCALL SeAccessCheck (IN PSECURITY_DESCRIPTOR SecurityDescriptor,
|
|||
IN KPROCESSOR_MODE AccessMode,
|
||||
OUT PACCESS_MODE GrantedAccess,
|
||||
OUT PNTSTATUS AccessStatus);
|
||||
NTSTATUS STDCALL SeAssignSecurity (PSECURITY_DESCRIPTOR ParentDescriptor,
|
||||
|
||||
NTSTATUS STDCALL
|
||||
SeAssignSecurity(PSECURITY_DESCRIPTOR ParentDescriptor,
|
||||
PSECURITY_DESCRIPTOR ExplicitDescriptor,
|
||||
PSECURITY_DESCRIPTOR* NewDescriptor,
|
||||
BOOLEAN IsDirectoryObject,
|
||||
PSECURITY_SUBJECT_CONTEXT SubjectContext,
|
||||
PGENERIC_MAPPING GenericMapping,
|
||||
POOL_TYPE PoolType);
|
||||
NTSTATUS STDCALL SeDeassignSecurity (PSECURITY_DESCRIPTOR* SecurityDescriptor);
|
||||
BOOLEAN STDCALL SeSinglePrivilegeCheck (LUID PrivilegeValue, KPROCESSOR_MODE PreviousMode);
|
||||
VOID STDCALL SeImpersonateClient(PSE_SOME_STRUCT2 a,
|
||||
struct _ETHREAD* Thread);
|
||||
|
||||
NTSTATUS STDCALL SeCreateClientSecurity(struct _ETHREAD* Thread,
|
||||
PSECURITY_QUALITY_OF_SERVICE Qos,
|
||||
ULONG e,
|
||||
PSE_SOME_STRUCT2 f);
|
||||
NTSTATUS SeExchangePrimaryToken(struct _EPROCESS* Process,
|
||||
PACCESS_TOKEN NewToken,
|
||||
PACCESS_TOKEN* OldTokenP);
|
||||
VOID STDCALL SeReleaseSubjectContext (PSECURITY_SUBJECT_CONTEXT SubjectContext);
|
||||
VOID STDCALL SeCaptureSubjectContext (PSECURITY_SUBJECT_CONTEXT SubjectContext);
|
||||
NTSTATUS SeCaptureLuidAndAttributesArray(PLUID_AND_ATTRIBUTES Src,
|
||||
ULONG PrivilegeCount,
|
||||
KPROCESSOR_MODE PreviousMode,
|
||||
PLUID_AND_ATTRIBUTES AllocatedMem,
|
||||
ULONG AllocatedLength,
|
||||
POOL_TYPE PoolType,
|
||||
ULONG d,
|
||||
PLUID_AND_ATTRIBUTES* Dest,
|
||||
PULONG Length);
|
||||
VOID STDCALL
|
||||
SeCaptureSubjectContext(OUT PSECURITY_SUBJECT_CONTEXT SubjectContext);
|
||||
|
||||
NTSTATUS STDCALL
|
||||
SeCreateClientSecurity(IN struct _ETHREAD *Thread,
|
||||
IN PSECURITY_QUALITY_OF_SERVICE Qos,
|
||||
IN BOOLEAN RemoteClient,
|
||||
OUT PSECURITY_CLIENT_CONTEXT ClientContext);
|
||||
|
||||
NTSTATUS STDCALL
|
||||
SeDeassignSecurity(PSECURITY_DESCRIPTOR* SecurityDescriptor);
|
||||
|
||||
VOID STDCALL
|
||||
SeImpersonateClient(IN PSECURITY_CLIENT_CONTEXT ClientContext,
|
||||
IN struct _ETHREAD *ServerThread OPTIONAL);
|
||||
|
||||
VOID STDCALL
|
||||
SeReleaseSubjectContext(IN PSECURITY_SUBJECT_CONTEXT SubjectContext);
|
||||
|
||||
BOOLEAN STDCALL
|
||||
SeSinglePrivilegeCheck(LUID PrivilegeValue,
|
||||
KPROCESSOR_MODE PreviousMode);
|
||||
|
||||
TOKEN_TYPE STDCALL
|
||||
SeTokenType(IN PACCESS_TOKEN Token);
|
||||
|
||||
#endif /* ndef _INCLUDE_DDK_SEFUNCS_H */
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
/* $Id: setypes.h,v 1.5 2000/06/29 23:35:12 dwelch Exp $
|
||||
/* $Id: setypes.h,v 1.6 2002/02/20 20:09:52 ekohl Exp $
|
||||
*
|
||||
* COPYRIGHT: See COPYING in the top level directory for details
|
||||
* PROJECT: ReactOS kernel
|
||||
|
|
@ -14,35 +14,6 @@
|
|||
|
||||
#include <ntos/security.h>
|
||||
|
||||
/* SID */
|
||||
#define SECURITY_NULL_RID (0L)
|
||||
#define SECURITY_WORLD_RID (0L)
|
||||
#define SECURITY_LOCAL_RID (0L)
|
||||
#define SECURITY_CREATOR_OWNER_RID (0L)
|
||||
#define SECURITY_CREATOR_GROUP_RID (0x1L)
|
||||
#define SECURITY_DIALUP_RID (0x1L)
|
||||
#define SECURITY_NETWORK_RID (0x2L)
|
||||
#define SECURITY_BATCH_RID (0x3L)
|
||||
#define SECURITY_INTERACTIVE_RID (0x4L)
|
||||
#define SECURITY_LOGON_IDS_RID (0x5L)
|
||||
#define SECURITY_LOGON_IDS_RID_COUNT (0x3L)
|
||||
#define SECURITY_SERVICE_RID (0x6L)
|
||||
#define SECURITY_LOCAL_SYSTEM_RID (0x12L)
|
||||
#define SECURITY_BUILTIN_DOMAIN_RID (0x20L)
|
||||
#define DOMAIN_USER_RID_ADMIN (0x1f4L)
|
||||
#define DOMAIN_USER_RID_GUEST (0x1f5L)
|
||||
#define DOMAIN_GROUP_RID_ADMINS (0x200L)
|
||||
#define DOMAIN_GROUP_RID_USERS (0x201L)
|
||||
#define DOMAIN_ALIAS_RID_ADMINS (0x220L)
|
||||
#define DOMAIN_ALIAS_RID_USERS (0x221L)
|
||||
#define DOMAIN_ALIAS_RID_GUESTS (0x222L)
|
||||
#define DOMAIN_ALIAS_RID_POWER_USERS (0x223L)
|
||||
#define DOMAIN_ALIAS_RID_ACCOUNT_OPS (0x224L)
|
||||
#define DOMAIN_ALIAS_RID_SYSTEM_OPS (0x225L)
|
||||
#define DOMAIN_ALIAS_RID_PRINT_OPS (0x226L)
|
||||
#define DOMAIN_ALIAS_RID_BACKUP_OPS (0x227L)
|
||||
#define DOMAIN_ALIAS_RID_REPLICATOR (0x228L)
|
||||
|
||||
/* TOKEN_GROUPS structure */
|
||||
#define SE_GROUP_MANDATORY (0x1L)
|
||||
#define SE_GROUP_ENABLED_BY_DEFAULT (0x2L)
|
||||
|
|
@ -121,28 +92,69 @@ typedef struct _SECURITY_SUBJECT_CONTEXT
|
|||
PVOID ProcessAuditId; // 0xC
|
||||
} SECURITY_SUBJECT_CONTEXT, *PSECURITY_SUBJECT_CONTEXT;
|
||||
|
||||
BOOLEAN STDCALL RtlValidSid (PSID Sid);
|
||||
/*
|
||||
* from ntoskrnl/se/token.c:
|
||||
*/
|
||||
extern struct _OBJECT_TYPE* SeTokenType;
|
||||
|
||||
typedef struct
|
||||
typedef struct _SECURITY_CLIENT_CONTEXT
|
||||
{
|
||||
ULONG Unknown1; // 0x0
|
||||
SECURITY_IMPERSONATION_LEVEL Level; // 0x4
|
||||
UCHAR ContextTrackingMode; // 0x8
|
||||
UCHAR EffectiveOnly; // 0x9
|
||||
UCHAR Unknown5; // 0xa
|
||||
UCHAR Unknown6; // 0xb
|
||||
PACCESS_TOKEN Token; // 0xc
|
||||
UCHAR Unknown8; // 0x10
|
||||
UCHAR Unknown9; // 0x11
|
||||
UCHAR Unknown10; // 0x12
|
||||
UCHAR Pad[1]; // 0x13
|
||||
ULONG Unknown11; // 0x14
|
||||
} SE_SOME_STRUCT2, *PSE_SOME_STRUCT2;
|
||||
SECURITY_QUALITY_OF_SERVICE SecurityQos; // 0x00
|
||||
PACCESS_TOKEN Token; // 0x0C
|
||||
BOOLEAN DirectlyAccessClientToken; // 0x10
|
||||
BOOLEAN DirectAccessEffectiveOnly; // 0x11
|
||||
BOOLEAN ServerIsRemote; // 0x12
|
||||
TOKEN_CONTROL ClientTokenControl; // 0x14
|
||||
} SECURITY_CLIENT_CONTEXT, *PSECURITY_CLIENT_CONTEXT;
|
||||
|
||||
|
||||
typedef struct _SE_EXPORTS
|
||||
{
|
||||
/* Privilege values */
|
||||
LUID SeCreateTokenPrivilege;
|
||||
LUID SeAssignPrimaryTokenPrivilege;
|
||||
LUID SeLockMemoryPrivilege;
|
||||
LUID SeIncreaseQuotaPrivilege;
|
||||
LUID SeUnsolicitedInputPrivilege;
|
||||
LUID SeTcbPrivilege;
|
||||
LUID SeSecurityPrivilege;
|
||||
LUID SeTakeOwnershipPrivilege;
|
||||
LUID SeLoadDriverPrivilege;
|
||||
LUID SeCreatePagefilePrivilege;
|
||||
LUID SeIncreaseBasePriorityPrivilege;
|
||||
LUID SeSystemProfilePrivilege;
|
||||
LUID SeSystemtimePrivilege;
|
||||
LUID SeProfileSingleProcessPrivilege;
|
||||
LUID SeCreatePermanentPrivilege;
|
||||
LUID SeBackupPrivilege;
|
||||
LUID SeRestorePrivilege;
|
||||
LUID SeShutdownPrivilege;
|
||||
LUID SeDebugPrivilege;
|
||||
LUID SeAuditPrivilege;
|
||||
LUID SeSystemEnvironmentPrivilege;
|
||||
LUID SeChangeNotifyPrivilege;
|
||||
LUID SeRemoteShutdownPrivilege;
|
||||
|
||||
/* Universally defined SIDs */
|
||||
PSID SeNullSid;
|
||||
PSID SeWorldSid;
|
||||
PSID SeLocalSid;
|
||||
PSID SeCreatorOwnerSid;
|
||||
PSID SeCreatorGroupSid;
|
||||
|
||||
/* Nt defined SIDs */
|
||||
PSID SeNtAuthoritySid;
|
||||
PSID SeDialupSid;
|
||||
PSID SeNetworkSid;
|
||||
PSID SeBatchSid;
|
||||
PSID SeInteractiveSid;
|
||||
PSID SeLocalSystemSid;
|
||||
PSID SeAliasAdminsSid;
|
||||
PSID SeAliasUsersSid;
|
||||
PSID SeAliasGuestsSid;
|
||||
PSID SeAliasPowerUsersSid;
|
||||
PSID SeAliasAccountOpsSid;
|
||||
PSID SeAliasSystemOpsSid;
|
||||
PSID SeAliasPrintOpsSid;
|
||||
PSID SeAliasBackupOpsSid;
|
||||
} SE_EXPORTS, *PSE_EXPORTS;
|
||||
|
||||
#endif
|
||||
|
||||
/* EOF */
|
||||
|
|
|
|||
|
|
@ -4,6 +4,81 @@
|
|||
#include <ntos/ntdef.h>
|
||||
#include <ntos/types.h>
|
||||
|
||||
/* SID Auhority */
|
||||
#define SECURITY_NULL_SID_AUTHORITY {0,0,0,0,0,0}
|
||||
#define SECURITY_WORLD_SID_AUTHORITY {0,0,0,0,0,1}
|
||||
#define SECURITY_LOCAL_SID_AUTHORITY {0,0,0,0,0,2}
|
||||
#define SECURITY_CREATOR_SID_AUTHORITY {0,0,0,0,0,3}
|
||||
#define SECURITY_NON_UNIQUE_AUTHORITY {0,0,0,0,0,4}
|
||||
#define SECURITY_NT_AUTHORITY {0,0,0,0,0,5}
|
||||
|
||||
/* SID */
|
||||
#define SECURITY_NULL_RID (0L)
|
||||
#define SECURITY_WORLD_RID (0L)
|
||||
#define SECURITY_LOCAL_RID (0L)
|
||||
#define SECURITY_CREATOR_OWNER_RID (0L)
|
||||
#define SECURITY_CREATOR_GROUP_RID (0x1L)
|
||||
#define SECURITY_CREATOR_OWNER_SERVER_RID (0x2L)
|
||||
#define SECURITY_CREATOR_GROUP_SERVER_RID (0x3L)
|
||||
#define SECURITY_DIALUP_RID (0x1L)
|
||||
#define SECURITY_NETWORK_RID (0x2L)
|
||||
#define SECURITY_BATCH_RID (0x3L)
|
||||
#define SECURITY_INTERACTIVE_RID (0x4L)
|
||||
#define SECURITY_LOGON_IDS_RID (0x5L)
|
||||
#define SECURITY_LOGON_IDS_RID_COUNT (0x3L)
|
||||
#define SECURITY_SERVICE_RID (0x6L)
|
||||
#define SECURITY_ANONYMOUS_LOGON_RID (0x7L)
|
||||
#define SECURITY_PROXY_RID (0x8L)
|
||||
#define SECURITY_ENTERPRISE_CONTROLLERS_RID (0x9L)
|
||||
#define SECURITY_SERVER_LOGON_RID SECURITY_ENTERPRISE_CONTROLLERS_RID
|
||||
#define SECURITY_PRINCIPAL_SELF_RID (0xAL)
|
||||
#define SECURITY_AUTHENTICATED_USER_RID (0xBL)
|
||||
#define SECURITY_RESTRICTED_CODE_RID (0xCL)
|
||||
#define SECURITY_LOCAL_SYSTEM_RID (0x12L)
|
||||
#define SECURITY_NT_NON_UNIQUE_RID (0x15L)
|
||||
#define SECURITY_BUILTIN_DOMAIN_RID (0x20L)
|
||||
#define DOMAIN_USER_RID_ADMIN (0x1F4L)
|
||||
#define DOMAIN_USER_RID_GUEST (0x1F5L)
|
||||
#define DOMAIN_GROUP_RID_ADMINS (0x200L)
|
||||
#define DOMAIN_GROUP_RID_USERS (0x201L)
|
||||
#define DOMAIN_ALIAS_RID_ADMINS (0x220L)
|
||||
#define DOMAIN_ALIAS_RID_USERS (0x221L)
|
||||
#define DOMAIN_ALIAS_RID_GUESTS (0x222L)
|
||||
#define DOMAIN_ALIAS_RID_POWER_USERS (0x223L)
|
||||
#define DOMAIN_ALIAS_RID_ACCOUNT_OPS (0x224L)
|
||||
#define DOMAIN_ALIAS_RID_SYSTEM_OPS (0x225L)
|
||||
#define DOMAIN_ALIAS_RID_PRINT_OPS (0x226L)
|
||||
#define DOMAIN_ALIAS_RID_BACKUP_OPS (0x227L)
|
||||
#define DOMAIN_ALIAS_RID_REPLICATOR (0x228L)
|
||||
|
||||
/* Privileges */
|
||||
#define SE_MIN_WELL_KNOWN_PRIVILEGE (2L)
|
||||
#define SE_CREATE_TOKEN_PRIVILEGE (2L)
|
||||
#define SE_ASSIGNPRIMARYTOKEN_PRIVILEGE (3L)
|
||||
#define SE_LOCK_MEMORY_PRIVILEGE (4L)
|
||||
#define SE_INCREASE_QUOTA_PRIVILEGE (5L)
|
||||
#define SE_UNSOLICITED_INPUT_PRIVILEGE (6L) /* unused */
|
||||
#define SE_MACHINE_ACCOUNT_PRIVILEGE (6L)
|
||||
#define SE_TCB_PRIVILEGE (7L)
|
||||
#define SE_SECURITY_PRIVILEGE (8L)
|
||||
#define SE_TAKE_OWNERSHIP_PRIVILEGE (9L)
|
||||
#define SE_LOAD_DRIVER_PRIVILEGE (10L)
|
||||
#define SE_SYSTEM_PROFILE_PRIVILEGE (11L)
|
||||
#define SE_SYSTEMTIME_PRIVILEGE (12L)
|
||||
#define SE_PROF_SINGLE_PROCESS_PRIVILEGE (13L)
|
||||
#define SE_INC_BASE_PRIORITY_PRIVILEGE (14L)
|
||||
#define SE_CREATE_PAGEFILE_PRIVILEGE (15L)
|
||||
#define SE_CREATE_PERMANENT_PRIVILEGE (16L)
|
||||
#define SE_BACKUP_PRIVILEGE (17L)
|
||||
#define SE_RESTORE_PRIVILEGE (18L)
|
||||
#define SE_SHUTDOWN_PRIVILEGE (19L)
|
||||
#define SE_DEBUG_PRIVILEGE (20L)
|
||||
#define SE_AUDIT_PRIVILEGE (21L)
|
||||
#define SE_SYSTEM_ENVIRONMENT_PRIVILEGE (22L)
|
||||
#define SE_CHANGE_NOTIFY_PRIVILEGE (23L)
|
||||
#define SE_REMOTE_SHUTDOWN_PRIVILEGE (24L)
|
||||
#define SE_MAX_WELL_KNOWN_PRIVILEGE SE_REMOTE_SHUTDOWN_PRIVILEGE
|
||||
|
||||
#if 0
|
||||
/* Security descriptor control. */
|
||||
#define SECURITY_DESCRIPTOR_REVISION (1)
|
||||
|
|
@ -52,7 +127,8 @@ typedef BOOL SECURITY_CONTEXT_TRACKING_MODE;
|
|||
|
||||
typedef ULONG SECURITY_INFORMATION, *PSECURITY_INFORMATION;
|
||||
|
||||
typedef enum _TOKEN_INFORMATION_CLASS {
|
||||
typedef enum _TOKEN_INFORMATION_CLASS
|
||||
{
|
||||
TokenUser = 1,
|
||||
TokenGroups,
|
||||
TokenPrivileges,
|
||||
|
|
@ -85,8 +161,9 @@ typedef ULONG TOKEN_TYPE, *PTOKEN_TYPE;
|
|||
typedef ULONG ACCESS_MASK, *PACCESS_MASK;
|
||||
typedef ULONG ACCESS_MODE, *PACCESS_MODE;
|
||||
|
||||
typedef struct _SECURITY_QUALITY_OF_SERVICE {
|
||||
DWORD Length;
|
||||
typedef struct _SECURITY_QUALITY_OF_SERVICE
|
||||
{
|
||||
ULONG Length;
|
||||
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
|
||||
SECURITY_CONTEXT_TRACKING_MODE ContextTrackingMode;
|
||||
BOOLEAN EffectiveOnly;
|
||||
|
|
@ -112,8 +189,6 @@ typedef struct _SID_IDENTIFIER_AUTHORITY
|
|||
BYTE Value[6];
|
||||
} SID_IDENTIFIER_AUTHORITY, *PSID_IDENTIFIER_AUTHORITY;
|
||||
|
||||
#define SECURITY_WORLD_SID_AUTHORITY {0,0,0,0,0,1}
|
||||
|
||||
typedef struct _SID
|
||||
{
|
||||
UCHAR Revision;
|
||||
|
|
@ -122,7 +197,8 @@ typedef struct _SID
|
|||
ULONG SubAuthority[1];
|
||||
} SID, *PSID;
|
||||
|
||||
typedef struct _ACL {
|
||||
typedef struct _ACL
|
||||
{
|
||||
UCHAR AclRevision;
|
||||
UCHAR Sbz1;
|
||||
USHORT AclSize;
|
||||
|
|
@ -138,7 +214,8 @@ typedef struct _SECURITY_DESCRIPTOR_CONTEXT
|
|||
|
||||
typedef LARGE_INTEGER LUID, *PLUID;
|
||||
|
||||
typedef struct _SECURITY_DESCRIPTOR {
|
||||
typedef struct _SECURITY_DESCRIPTOR
|
||||
{
|
||||
UCHAR Revision;
|
||||
UCHAR Sbz1;
|
||||
SECURITY_DESCRIPTOR_CONTROL Control;
|
||||
|
|
@ -154,12 +231,22 @@ typedef struct _LUID_AND_ATTRIBUTES
|
|||
DWORD Attributes;
|
||||
} LUID_AND_ATTRIBUTES, *PLUID_AND_ATTRIBUTES;
|
||||
|
||||
typedef struct _TOKEN_SOURCE {
|
||||
typedef struct _TOKEN_SOURCE
|
||||
{
|
||||
CHAR SourceName[8];
|
||||
LUID SourceIdentifier;
|
||||
} TOKEN_SOURCE, *PTOKEN_SOURCE;
|
||||
|
||||
typedef struct _SID_AND_ATTRIBUTES {
|
||||
typedef struct _TOKEN_CONTROL
|
||||
{
|
||||
LUID TokenId;
|
||||
LUID AuthenticationId;
|
||||
LUID ModifiedId;
|
||||
TOKEN_SOURCE TokenSource;
|
||||
} TOKEN_CONTROL, *PTOKEN_CONTROL;
|
||||
|
||||
typedef struct _SID_AND_ATTRIBUTES
|
||||
{
|
||||
PSID Sid;
|
||||
DWORD Attributes;
|
||||
} SID_AND_ATTRIBUTES, *PSID_AND_ATTRIBUTES;
|
||||
|
|
@ -167,33 +254,40 @@ typedef struct _SID_AND_ATTRIBUTES {
|
|||
typedef SID_AND_ATTRIBUTES SID_AND_ATTRIBUTES_ARRAY[ANYSIZE_ARRAY];
|
||||
typedef SID_AND_ATTRIBUTES_ARRAY *PSID_AND_ATTRIBUTES_ARRAY;
|
||||
|
||||
typedef struct _TOKEN_USER {
|
||||
typedef struct _TOKEN_USER
|
||||
{
|
||||
SID_AND_ATTRIBUTES User;
|
||||
} TOKEN_USER, *PTOKEN_USER;
|
||||
|
||||
typedef struct _TOKEN_PRIMARY_GROUP {
|
||||
typedef struct _TOKEN_PRIMARY_GROUP
|
||||
{
|
||||
PSID PrimaryGroup;
|
||||
} TOKEN_PRIMARY_GROUP, *PTOKEN_PRIMARY_GROUP;
|
||||
|
||||
typedef struct _TOKEN_GROUPS {
|
||||
typedef struct _TOKEN_GROUPS
|
||||
{
|
||||
DWORD GroupCount;
|
||||
SID_AND_ATTRIBUTES Groups[ANYSIZE_ARRAY];
|
||||
} TOKEN_GROUPS, *PTOKEN_GROUPS, *LPTOKEN_GROUPS;
|
||||
|
||||
typedef struct _TOKEN_PRIVILEGES {
|
||||
typedef struct _TOKEN_PRIVILEGES
|
||||
{
|
||||
DWORD PrivilegeCount;
|
||||
LUID_AND_ATTRIBUTES Privileges[ANYSIZE_ARRAY];
|
||||
} TOKEN_PRIVILEGES, *PTOKEN_PRIVILEGES, *LPTOKEN_PRIVILEGES;
|
||||
|
||||
typedef struct _TOKEN_OWNER {
|
||||
typedef struct _TOKEN_OWNER
|
||||
{
|
||||
PSID Owner;
|
||||
} TOKEN_OWNER, *PTOKEN_OWNER;
|
||||
|
||||
typedef struct _TOKEN_DEFAULT_DACL {
|
||||
typedef struct _TOKEN_DEFAULT_DACL
|
||||
{
|
||||
PACL DefaultDacl;
|
||||
} TOKEN_DEFAULT_DACL, *PTOKEN_DEFAULT_DACL;
|
||||
|
||||
typedef struct _TOKEN_STATISTICS {
|
||||
typedef struct _TOKEN_STATISTICS
|
||||
{
|
||||
LUID TokenId;
|
||||
LUID AuthenticationId;
|
||||
LARGE_INTEGER ExpirationTime;
|
||||
|
|
@ -206,25 +300,29 @@ typedef struct _TOKEN_STATISTICS {
|
|||
LUID ModifiedId;
|
||||
} TOKEN_STATISTICS, *PTOKEN_STATISTICS;
|
||||
|
||||
typedef struct _GENERIC_MAPPING {
|
||||
typedef struct _GENERIC_MAPPING
|
||||
{
|
||||
ACCESS_MASK GenericRead;
|
||||
ACCESS_MASK GenericWrite;
|
||||
ACCESS_MASK GenericExecute;
|
||||
ACCESS_MASK GenericAll;
|
||||
} GENERIC_MAPPING, *PGENERIC_MAPPING;
|
||||
|
||||
typedef struct _PRIVILEGE_SET {
|
||||
typedef struct _PRIVILEGE_SET
|
||||
{
|
||||
DWORD PrivilegeCount;
|
||||
DWORD Control;
|
||||
LUID_AND_ATTRIBUTES Privilege[ANYSIZE_ARRAY];
|
||||
} PRIVILEGE_SET, *PPRIVILEGE_SET, *LPPRIVILEGE_SET;
|
||||
|
||||
typedef enum _ACL_INFORMATION_CLASS {
|
||||
typedef enum _ACL_INFORMATION_CLASS
|
||||
{
|
||||
AclRevisionInformation = 1,
|
||||
AclSizeInformation
|
||||
} ACL_INFORMATION_CLASS;
|
||||
|
||||
typedef struct _SECURITY_ATTRIBUTES {
|
||||
typedef struct _SECURITY_ATTRIBUTES
|
||||
{
|
||||
DWORD nLength;
|
||||
LPVOID lpSecurityDescriptor;
|
||||
BOOL bInheritHandle;
|
||||
|
|
|
|||
122
reactos/ntoskrnl/include/internal/se.h
Normal file
122
reactos/ntoskrnl/include/internal/se.h
Normal file
|
|
@ -0,0 +1,122 @@
|
|||
/*
|
||||
* ReactOS kernel
|
||||
* Copyright (C) 2002 ReactOS Team
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation; either version 2 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
|
||||
*/
|
||||
|
||||
#ifndef __NTOSKRNL_INCLUDE_INTERNAL_SE_H
|
||||
#define __NTOSKRNL_INCLUDE_INTERNAL_SE_H
|
||||
|
||||
|
||||
extern POBJECT_TYPE SepTokenObjectType;
|
||||
|
||||
/* SID Authorities */
|
||||
extern SID_IDENTIFIER_AUTHORITY SeNullSidAuthority;
|
||||
extern SID_IDENTIFIER_AUTHORITY SeWorldSidAuthority;
|
||||
extern SID_IDENTIFIER_AUTHORITY SeLocalSidAuthority;
|
||||
extern SID_IDENTIFIER_AUTHORITY SeCreatorSidAuthority;
|
||||
extern SID_IDENTIFIER_AUTHORITY SeNtSidAuthority;
|
||||
|
||||
/* SIDs */
|
||||
extern PSID SeNullSid;
|
||||
extern PSID SeWorldSid;
|
||||
extern PSID SeLocalSid;
|
||||
extern PSID SeCreatorOwnerSid;
|
||||
extern PSID SeCreatorGroupSid;
|
||||
extern PSID SeCreatorOwnerServerSid;
|
||||
extern PSID SeCreatorGroupServerSid;
|
||||
extern PSID SeNtAuthoritySid;
|
||||
extern PSID SeDialupSid;
|
||||
extern PSID SeNetworkSid;
|
||||
extern PSID SeBatchSid;
|
||||
extern PSID SeInteractiveSid;
|
||||
extern PSID SeServiceSid;
|
||||
extern PSID SeAnonymousLogonSid;
|
||||
extern PSID SePrincipalSelfSid;
|
||||
extern PSID SeLocalSystemSid;
|
||||
extern PSID SeAuthenticatedUserSid;
|
||||
extern PSID SeRestrictedCodeSid;
|
||||
extern PSID SeAliasAdminsSid;
|
||||
extern PSID SeAliasUsersSid;
|
||||
extern PSID SeAliasGuestsSid;
|
||||
extern PSID SeAliasPowerUsersSid;
|
||||
extern PSID SeAliasAccountOpsSid;
|
||||
extern PSID SeAliasSystemOpsSid;
|
||||
extern PSID SeAliasPrintOpsSid;
|
||||
extern PSID SeAliasBackupOpsSid;
|
||||
|
||||
/* Privileges */
|
||||
extern LUID SeCreateTokenPrivilege;
|
||||
extern LUID SeAssignPrimaryTokenPrivilege;
|
||||
extern LUID SeLockMemoryPrivilege;
|
||||
extern LUID SeIncreaseQuotaPrivilege;
|
||||
extern LUID SeUnsolicitedInputPrivilege;
|
||||
extern LUID SeTcbPrivilege;
|
||||
extern LUID SeSecurityPrivilege;
|
||||
extern LUID SeTakeOwnershipPrivilege;
|
||||
extern LUID SeLoadDriverPrivilege;
|
||||
extern LUID SeCreatePagefilePrivilege;
|
||||
extern LUID SeIncreaseBasePriorityPrivilege;
|
||||
extern LUID SeSystemProfilePrivilege;
|
||||
extern LUID SeSystemtimePrivilege;
|
||||
extern LUID SeProfileSingleProcessPrivilege;
|
||||
extern LUID SeCreatePermanentPrivilege;
|
||||
extern LUID SeBackupPrivilege;
|
||||
extern LUID SeRestorePrivilege;
|
||||
extern LUID SeShutdownPrivilege;
|
||||
extern LUID SeDebugPrivilege;
|
||||
extern LUID SeAuditPrivilege;
|
||||
extern LUID SeSystemEnvironmentPrivilege;
|
||||
extern LUID SeChangeNotifyPrivilege;
|
||||
extern LUID SeRemoteShutdownPrivilege;
|
||||
|
||||
/* DACLs */
|
||||
extern PACL SePublicDefaultUnrestrictedDacl;
|
||||
extern PACL SePublicOpenDacl;
|
||||
extern PACL SePublicOpenUnrestrictedDacl;
|
||||
extern PACL SeUnrestrictedDacl;
|
||||
|
||||
|
||||
/* Functions */
|
||||
|
||||
BOOLEAN SeInit1(VOID);
|
||||
BOOLEAN SeInit2(VOID);
|
||||
|
||||
VOID SepInitLuid(VOID);
|
||||
VOID SepInitPrivileges(VOID);
|
||||
BOOLEAN SepInitSecurityIDs(VOID);
|
||||
BOOLEAN SepInitDACLs(VOID);
|
||||
BOOLEAN SepInitSDs(VOID);
|
||||
|
||||
|
||||
NTSTATUS SeExchangePrimaryToken(struct _EPROCESS* Process,
|
||||
PACCESS_TOKEN NewToken,
|
||||
PACCESS_TOKEN* OldTokenP);
|
||||
|
||||
NTSTATUS SeCaptureLuidAndAttributesArray(PLUID_AND_ATTRIBUTES Src,
|
||||
ULONG PrivilegeCount,
|
||||
KPROCESSOR_MODE PreviousMode,
|
||||
PLUID_AND_ATTRIBUTES AllocatedMem,
|
||||
ULONG AllocatedLength,
|
||||
POOL_TYPE PoolType,
|
||||
ULONG d,
|
||||
PLUID_AND_ATTRIBUTES* Dest,
|
||||
PULONG Length);
|
||||
|
||||
|
||||
#endif /* __NTOSKRNL_INCLUDE_INTERNAL_SE_H */
|
||||
|
||||
/* EOF */
|
||||
|
|
@ -16,7 +16,7 @@
|
|||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
|
||||
*/
|
||||
/* $Id: main.c,v 1.113 2002/02/08 02:57:06 chorns Exp $
|
||||
/* $Id: main.c,v 1.114 2002/02/20 20:14:22 ekohl Exp $
|
||||
*
|
||||
* PROJECT: ReactOS kernel
|
||||
* FILE: ntoskrnl/ke/main.c
|
||||
|
|
@ -40,13 +40,14 @@
|
|||
#include <internal/io.h>
|
||||
#include <internal/po.h>
|
||||
#include <internal/cc.h>
|
||||
//#include <internal/se.h>
|
||||
#include <internal/se.h>
|
||||
#include <napi/shared_data.h>
|
||||
#include <internal/v86m.h>
|
||||
#include <internal/kd.h>
|
||||
#include <internal/trap.h>
|
||||
#include "../dbg/kdb.h"
|
||||
#include <internal/registry.h>
|
||||
#include <reactos/bugcodes.h>
|
||||
|
||||
#ifdef HALDBG
|
||||
#include <internal/ntosdbg.h>
|
||||
|
|
@ -959,6 +960,9 @@ ExpInitializeExecutive(VOID)
|
|||
|
||||
KeLowerIrql(PASSIVE_LEVEL);
|
||||
|
||||
if (!SeInit1())
|
||||
KeBugCheck(SECURITY_INITIALIZATION_FAILED);
|
||||
|
||||
ObInit();
|
||||
PiInitProcessManager();
|
||||
|
||||
|
|
@ -1170,6 +1174,9 @@ ExpInitializeExecutive(VOID)
|
|||
*/
|
||||
InitSystemSharedUserPage ((PUCHAR)KeLoaderBlock.CommandLine);
|
||||
|
||||
if (!SeInit2())
|
||||
KeBugCheck(SECURITY1_INITIALIZATION_FAILED);
|
||||
|
||||
/*
|
||||
* Launch initial process
|
||||
*/
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
; $Id: ntoskrnl.def,v 1.127 2002/02/19 00:09:21 ekohl Exp $
|
||||
; $Id: ntoskrnl.def,v 1.128 2002/02/20 20:16:49 ekohl Exp $
|
||||
;
|
||||
; reactos/ntoskrnl/ntoskrnl.def
|
||||
;
|
||||
|
|
@ -344,7 +344,7 @@ KeGetPreviousMode@0
|
|||
;KeI386Call16BitFunction
|
||||
;KeI386FlatToGdtSelector
|
||||
;KeI386GetLid
|
||||
;KeI386MachineType
|
||||
;KeI386MachineType DATA
|
||||
;KeI386ReleaseGdtSelectors
|
||||
;KeI386ReleaseLid
|
||||
;KeI386SetGdtSelector
|
||||
|
|
@ -829,7 +829,7 @@ SeCreateClientSecurity@16
|
|||
SeDeassignSecurity@4
|
||||
;SeDeleteAccessState@4
|
||||
;SeDeleteObjectAuditAlarm@8
|
||||
;SeExports DATA ???
|
||||
SeExports DATA
|
||||
;SeFreePrivileges@4
|
||||
SeImpersonateClient@8
|
||||
;SeLockSubjectContext@4
|
||||
|
|
@ -838,7 +838,7 @@ SeImpersonateClient@8
|
|||
;SeOpenObjectForDeleteAuditAlarm@36
|
||||
SePrivilegeCheck@12
|
||||
;SePrivilegeObjectAuditAlarm@24
|
||||
;SePublicDefaultDacl DATA
|
||||
SePublicDefaultDacl DATA
|
||||
;SeQueryAuthenticationIdToken@8
|
||||
;SeQuerySecurityDescriptorInfo@16
|
||||
;SeRegisterLogonSessionTerminatedRoutine@4
|
||||
|
|
@ -847,9 +847,9 @@ SeReleaseSubjectContext@4
|
|||
;SeSetAccessStateGenericMapping@8
|
||||
;SeSetSecurityDescriptorInfo@24
|
||||
;SeSinglePrivilegeCheck@12
|
||||
;SeSystemDefaultDacl DATA
|
||||
SeSystemDefaultDacl DATA
|
||||
;SeTokenImpersonationLevel@4
|
||||
SeTokenType DATA
|
||||
SeTokenType@4
|
||||
;SeUnlockSubjectContext@4
|
||||
;SeUnregisterLogonSessionTerminatedRoutine@4
|
||||
;SeValidSecurityDescriptor@8
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
; $Id: ntoskrnl.edf,v 1.113 2002/02/19 00:09:21 ekohl Exp $
|
||||
; $Id: ntoskrnl.edf,v 1.114 2002/02/20 20:16:49 ekohl Exp $
|
||||
;
|
||||
; reactos/ntoskrnl/ntoskrnl.def
|
||||
;
|
||||
|
|
@ -344,7 +344,7 @@ KeGetPreviousMode=KeGetPreviousMode@0
|
|||
;KeI386Call16BitFunction
|
||||
;KeI386FlatToGdtSelector
|
||||
;KeI386GetLid
|
||||
;KeI386MachineType
|
||||
;KeI386MachineType DATA
|
||||
;KeI386ReleaseGdtSelectors
|
||||
;KeI386ReleaseLid
|
||||
;KeI386SetGdtSelector
|
||||
|
|
@ -828,7 +828,7 @@ SeCreateClientSecurity=SeCreateClientSecurity@16
|
|||
SeDeassignSecurity=SeDeassignSecurity@4
|
||||
;SeDeleteAccessState=SeDeleteAccessState@4
|
||||
;SeDeleteObjectAuditAlarm=SeDeleteObjectAuditAlarm@8
|
||||
;SeExports DATA
|
||||
SeExports DATA
|
||||
;SeFreePrivileges=SeFreePrivileges@4
|
||||
SeImpersonateClient=SeImpersonateClient@8
|
||||
;SeLockSubjectContext=SeLockSubjectContext@4
|
||||
|
|
@ -837,7 +837,7 @@ SeImpersonateClient=SeImpersonateClient@8
|
|||
;SeOpenObjectForDeleteAuditAlarm=SeOpenObjectForDeleteAuditAlarm@36
|
||||
SePrivilegeCheck=SePrivilegeCheck@12
|
||||
;SePrivilegeObjectAuditAlarm=SePrivilegeObjectAuditAlarm@24
|
||||
;SePublicDefaultDacl DATA
|
||||
SePublicDefaultDacl DATA
|
||||
;SeQueryAuthenticationIdToken=SeQueryAuthenticationIdToken@8
|
||||
;SeQuerySecurityDescriptorInfo=SeQuerySecurityDescriptorInfo@16
|
||||
;SeRegisterLogonSessionTerminatedRoutine=SeRegisterLogonSessionTerminatedRoutine@4
|
||||
|
|
@ -846,9 +846,9 @@ SeReleaseSubjectContext=SeReleaseSubjectContext@4
|
|||
;SeSetAccessStateGenericMapping=SeSetAccessStateGenericMapping@8
|
||||
;SeSetSecurityDescriptorInfo=SeSetSecurityDescriptorInfo@24
|
||||
;SeSinglePrivilegeCheck=SeSinglePrivilegeCheck@12
|
||||
;SeSystemDefaultDacl DATA
|
||||
SeSystemDefaultDacl DATA
|
||||
;SeTokenImpersonationLevel=SeTokenImpersonationLevel@4
|
||||
SeTokenType DATA
|
||||
SeTokenType=SeTokenType@4
|
||||
;SeUnlockSubjectContext=SeUnlockSubjectContext@4
|
||||
;SeUnregisterLogonSessionTerminatedRoutine=SeUnregisterLogonSessionTerminatedRoutine@4
|
||||
;SeValidSecurityDescriptor=SeValidSecurityDescriptor@8
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
/* $Id: create.c,v 1.44 2002/02/15 14:47:55 ekohl Exp $
|
||||
/* $Id: create.c,v 1.45 2002/02/20 20:15:07 ekohl Exp $
|
||||
*
|
||||
* COPYRIGHT: See COPYING in the top level directory
|
||||
* PROJECT: ReactOS kernel
|
||||
|
|
@ -24,7 +24,7 @@
|
|||
#include <internal/ke.h>
|
||||
#include <internal/ob.h>
|
||||
#include <internal/ps.h>
|
||||
#include <internal/ob.h>
|
||||
#include <internal/se.h>
|
||||
#include <internal/id.h>
|
||||
#include <internal/dbg.h>
|
||||
|
||||
|
|
@ -60,7 +60,7 @@ PsAssignImpersonationToken(PETHREAD Thread,
|
|||
{
|
||||
Status = ObReferenceObjectByHandle(TokenHandle,
|
||||
0,
|
||||
SeTokenType,
|
||||
SepTokenObjectType,
|
||||
UserMode,
|
||||
(PVOID*)&Token,
|
||||
NULL);
|
||||
|
|
@ -133,7 +133,7 @@ PsImpersonateClient(PETHREAD Thread,
|
|||
Thread->ImpersonationInfo->Token = Token;
|
||||
ObReferenceObjectByPointer(Token,
|
||||
0,
|
||||
SeTokenType,
|
||||
SepTokenObjectType,
|
||||
KernelMode);
|
||||
Thread->ActiveImpersonationInfo = 1;
|
||||
}
|
||||
|
|
@ -165,15 +165,14 @@ PsReferenceEffectiveToken(PETHREAD Thread,
|
|||
}
|
||||
|
||||
NTSTATUS STDCALL
|
||||
NtImpersonateThread (IN HANDLE ThreadHandle,
|
||||
NtImpersonateThread(IN HANDLE ThreadHandle,
|
||||
IN HANDLE ThreadToImpersonateHandle,
|
||||
IN PSECURITY_QUALITY_OF_SERVICE
|
||||
SecurityQualityOfService)
|
||||
IN PSECURITY_QUALITY_OF_SERVICE SecurityQualityOfService)
|
||||
{
|
||||
PETHREAD Thread;
|
||||
PETHREAD ThreadToImpersonate;
|
||||
NTSTATUS Status;
|
||||
SE_SOME_STRUCT2 b;
|
||||
SECURITY_CLIENT_CONTEXT ClientContext;
|
||||
|
||||
Status = ObReferenceObjectByHandle(ThreadHandle,
|
||||
0,
|
||||
|
|
@ -201,7 +200,7 @@ NtImpersonateThread (IN HANDLE ThreadHandle,
|
|||
Status = SeCreateClientSecurity(ThreadToImpersonate,
|
||||
SecurityQualityOfService,
|
||||
0,
|
||||
&b);
|
||||
&ClientContext);
|
||||
if (!NT_SUCCESS(Status))
|
||||
{
|
||||
ObDereferenceObject(Thread);
|
||||
|
|
@ -209,10 +208,10 @@ NtImpersonateThread (IN HANDLE ThreadHandle,
|
|||
return(Status);
|
||||
}
|
||||
|
||||
SeImpersonateClient(&b, Thread);
|
||||
if (b.Token != NULL)
|
||||
SeImpersonateClient(&ClientContext, Thread);
|
||||
if (ClientContext.Token != NULL)
|
||||
{
|
||||
ObDereferenceObject(b.Token);
|
||||
ObDereferenceObject(ClientContext.Token);
|
||||
}
|
||||
return(STATUS_SUCCESS);
|
||||
}
|
||||
|
|
@ -261,7 +260,7 @@ PsReferenceImpersonationToken(PETHREAD Thread,
|
|||
*Unknown2 = Thread->ImpersonationInfo->Unknown2;
|
||||
ObReferenceObjectByPointer(Thread->ImpersonationInfo->Token,
|
||||
TOKEN_ALL_ACCESS,
|
||||
SeTokenType,
|
||||
SepTokenObjectType,
|
||||
KernelMode);
|
||||
return(Thread->ImpersonationInfo->Token);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
/* $Id: process.c,v 1.77 2002/02/08 02:57:07 chorns Exp $
|
||||
/* $Id: process.c,v 1.78 2002/02/20 20:15:07 ekohl Exp $
|
||||
*
|
||||
* COPYRIGHT: See COPYING in the top level directory
|
||||
* PROJECT: ReactOS kernel
|
||||
|
|
@ -17,6 +17,7 @@
|
|||
#include <internal/mm.h>
|
||||
#include <internal/ke.h>
|
||||
#include <internal/ps.h>
|
||||
#include <internal/se.h>
|
||||
#include <internal/id.h>
|
||||
#include <napi/teb.h>
|
||||
#include <internal/ldr.h>
|
||||
|
|
@ -132,7 +133,7 @@ PsReferencePrimaryToken(PEPROCESS Process)
|
|||
{
|
||||
ObReferenceObjectByPointer(Process->Token,
|
||||
TOKEN_ALL_ACCESS,
|
||||
SeTokenType,
|
||||
SepTokenObjectType,
|
||||
UserMode);
|
||||
return(Process->Token);
|
||||
}
|
||||
|
|
@ -863,7 +864,7 @@ PspAssignPrimaryToken(PEPROCESS Process,
|
|||
|
||||
Status = ObReferenceObjectByHandle(TokenHandle,
|
||||
0,
|
||||
SeTokenType,
|
||||
SepTokenObjectType,
|
||||
UserMode,
|
||||
(PVOID*)&Token,
|
||||
NULL);
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
/* $Id: acl.c,v 1.4 2000/04/05 15:52:23 ekohl Exp $
|
||||
/* $Id: acl.c,v 1.5 2002/02/20 20:15:38 ekohl Exp $
|
||||
*
|
||||
* COPYRIGHT: See COPYING in the top level directory
|
||||
* PROJECT: ReactOS kernel
|
||||
|
|
@ -12,10 +12,123 @@
|
|||
/* INCLUDES *****************************************************************/
|
||||
|
||||
#include <ddk/ntddk.h>
|
||||
#include <internal/se.h>
|
||||
|
||||
#include <internal/debug.h>
|
||||
|
||||
/* FUNCTIONS ***************************************************************/
|
||||
#define TAG_ACL TAG('A', 'C', 'L', 'T')
|
||||
|
||||
|
||||
/* GLOBALS ******************************************************************/
|
||||
|
||||
PACL EXPORTED SePublicDefaultDacl = NULL;
|
||||
PACL EXPORTED SeSystemDefaultDacl = NULL;
|
||||
|
||||
PACL SePublicDefaultUnrestrictedDacl = NULL;
|
||||
PACL SePublicOpenDacl = NULL;
|
||||
PACL SePublicOpenUnrestrictedDacl = NULL;
|
||||
PACL SeUnrestrictedDacl = NULL;
|
||||
|
||||
|
||||
/* FUNCTIONS ****************************************************************/
|
||||
|
||||
BOOLEAN
|
||||
SepInitDACLs(VOID)
|
||||
{
|
||||
ULONG AclLength2;
|
||||
ULONG AclLength3;
|
||||
ULONG AclLength4;
|
||||
|
||||
AclLength2 = sizeof(ACL) +
|
||||
2 * (RtlLengthRequiredSid(1) + sizeof(ACE_HEADER));
|
||||
AclLength3 = sizeof(ACL) +
|
||||
3 * (RtlLengthRequiredSid(1) + sizeof(ACE_HEADER));
|
||||
AclLength4 = sizeof(ACL) +
|
||||
4 * (RtlLengthRequiredSid(1) + sizeof(ACE_HEADER));
|
||||
|
||||
/* create PublicDefaultDacl */
|
||||
SePublicDefaultDacl = ExAllocatePoolWithTag(NonPagedPool,
|
||||
AclLength2,
|
||||
TAG_ACL);
|
||||
if (SePublicDefaultDacl == NULL)
|
||||
return(FALSE);
|
||||
|
||||
RtlCreateAcl(SePublicDefaultDacl,
|
||||
AclLength2,
|
||||
2);
|
||||
|
||||
RtlAddAccessAllowedAce(SePublicDefaultDacl,
|
||||
2,
|
||||
GENERIC_EXECUTE,
|
||||
SeWorldSid);
|
||||
|
||||
RtlAddAccessAllowedAce(SePublicDefaultDacl,
|
||||
2,
|
||||
GENERIC_ALL,
|
||||
SeLocalSystemSid);
|
||||
|
||||
|
||||
/* create PublicDefaultUnrestrictedDacl */
|
||||
SePublicDefaultUnrestrictedDacl = ExAllocatePoolWithTag(NonPagedPool,
|
||||
AclLength4,
|
||||
TAG_ACL);
|
||||
if (SePublicDefaultUnrestrictedDacl == NULL)
|
||||
return(FALSE);
|
||||
|
||||
RtlCreateAcl(SePublicDefaultUnrestrictedDacl,
|
||||
AclLength4,
|
||||
2);
|
||||
|
||||
RtlAddAccessAllowedAce(SePublicDefaultUnrestrictedDacl,
|
||||
4,
|
||||
GENERIC_EXECUTE,
|
||||
SeWorldSid);
|
||||
|
||||
RtlAddAccessAllowedAce(SePublicDefaultUnrestrictedDacl,
|
||||
4,
|
||||
GENERIC_ALL,
|
||||
SeLocalSystemSid);
|
||||
|
||||
RtlAddAccessAllowedAce(SePublicDefaultUnrestrictedDacl,
|
||||
4,
|
||||
GENERIC_ALL,
|
||||
SeAliasAdminsSid);
|
||||
|
||||
RtlAddAccessAllowedAce(SePublicDefaultUnrestrictedDacl,
|
||||
4,
|
||||
GENERIC_READ | GENERIC_EXECUTE | STANDARD_RIGHTS_READ,
|
||||
SeRestrictedCodeSid);
|
||||
|
||||
/* create PublicOpenDacl */
|
||||
SePublicOpenDacl = ExAllocatePoolWithTag(NonPagedPool,
|
||||
AclLength3,
|
||||
TAG_ACL);
|
||||
if (SePublicOpenDacl == NULL)
|
||||
return(FALSE);
|
||||
|
||||
RtlCreateAcl(SePublicOpenDacl,
|
||||
AclLength3,
|
||||
3);
|
||||
|
||||
RtlAddAccessAllowedAce(SePublicOpenDacl,
|
||||
2,
|
||||
GENERIC_READ | GENERIC_WRITE | GENERIC_EXECUTE,
|
||||
SeWorldSid);
|
||||
|
||||
RtlAddAccessAllowedAce(SePublicOpenDacl,
|
||||
2,
|
||||
GENERIC_ALL,
|
||||
SeLocalSystemSid);
|
||||
|
||||
RtlAddAccessAllowedAce(SePublicOpenDacl,
|
||||
2,
|
||||
GENERIC_ALL,
|
||||
SeAliasAdminsSid);
|
||||
|
||||
|
||||
return(TRUE);
|
||||
}
|
||||
|
||||
|
||||
BOOLEAN
|
||||
STDCALL
|
||||
|
|
@ -102,8 +215,7 @@ NTSTATUS RtlpAddKnownAce(PACL Acl,
|
|||
return(STATUS_SUCCESS);
|
||||
}
|
||||
|
||||
NTSTATUS
|
||||
STDCALL
|
||||
NTSTATUS STDCALL
|
||||
RtlAddAccessAllowedAce(PACL Acl,
|
||||
ULONG Revision,
|
||||
ACCESS_MASK AccessMask,
|
||||
|
|
@ -112,8 +224,7 @@ RtlAddAccessAllowedAce(PACL Acl,
|
|||
return(RtlpAddKnownAce(Acl, Revision, AccessMask, Sid, 0));
|
||||
}
|
||||
|
||||
NTSTATUS
|
||||
STDCALL
|
||||
NTSTATUS STDCALL
|
||||
RtlAddAce(PACL Acl,
|
||||
ULONG AclRevision,
|
||||
ULONG StartingIndex,
|
||||
|
|
@ -179,9 +290,11 @@ RtlAddAce(PACL Acl,
|
|||
return(TRUE);
|
||||
}
|
||||
|
||||
NTSTATUS
|
||||
STDCALL
|
||||
RtlCreateAcl(PACL Acl, ULONG AclSize, ULONG AclRevision)
|
||||
|
||||
NTSTATUS STDCALL
|
||||
RtlCreateAcl(PACL Acl,
|
||||
ULONG AclSize,
|
||||
ULONG AclRevision)
|
||||
{
|
||||
if (AclSize < 8)
|
||||
{
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
/* $Id: luid.c,v 1.3 1999/12/29 01:36:06 ekohl Exp $
|
||||
/* $Id: luid.c,v 1.4 2002/02/20 20:15:38 ekohl Exp $
|
||||
*
|
||||
* COPYRIGHT: See COPYING in the top level directory
|
||||
* PROJECT: ReactOS kernel
|
||||
|
|
@ -23,37 +23,47 @@ static LUID Luid;
|
|||
|
||||
/* FUNCTIONS *****************************************************************/
|
||||
|
||||
NTSTATUS STDCALL NtAllocateLocallyUniqueId(OUT LUID* LocallyUniqueId)
|
||||
VOID
|
||||
SepInitLuid(VOID)
|
||||
{
|
||||
KeInitializeSpinLock(&LuidLock);
|
||||
Luid.QuadPart = 999; /* SYSTEM_LUID */
|
||||
LuidIncrement.QuadPart = 1;
|
||||
}
|
||||
|
||||
|
||||
NTSTATUS STDCALL
|
||||
NtAllocateLocallyUniqueId(OUT LUID* LocallyUniqueId)
|
||||
{
|
||||
KIRQL oldIrql;
|
||||
LUID ReturnedLuid;
|
||||
|
||||
KeAcquireSpinLock(&LuidLock, &oldIrql);
|
||||
KeAcquireSpinLock(&LuidLock,
|
||||
&oldIrql);
|
||||
ReturnedLuid = Luid;
|
||||
Luid = RtlLargeIntegerAdd(Luid, LuidIncrement);
|
||||
KeReleaseSpinLock(&LuidLock, oldIrql);
|
||||
Luid = RtlLargeIntegerAdd(Luid,
|
||||
LuidIncrement);
|
||||
KeReleaseSpinLock(&LuidLock,
|
||||
oldIrql);
|
||||
*LocallyUniqueId = ReturnedLuid;
|
||||
|
||||
return(STATUS_SUCCESS);
|
||||
}
|
||||
|
||||
VOID
|
||||
STDCALL
|
||||
RtlCopyLuid (
|
||||
PLUID LuidDest,
|
||||
PLUID LuidSrc
|
||||
)
|
||||
|
||||
VOID STDCALL
|
||||
RtlCopyLuid(IN PLUID LuidDest,
|
||||
IN PLUID LuidSrc)
|
||||
{
|
||||
LuidDest->QuadPart = LuidSrc->QuadPart;
|
||||
}
|
||||
|
||||
BOOLEAN
|
||||
STDCALL
|
||||
RtlEqualLuid (
|
||||
PLUID Luid1,
|
||||
PLUID Luid2
|
||||
)
|
||||
|
||||
BOOLEAN STDCALL
|
||||
RtlEqualLuid(IN PLUID Luid1,
|
||||
IN PLUID Luid2)
|
||||
{
|
||||
return ((Luid1->QuadPart == Luid2->QuadPart) ? TRUE : FALSE);
|
||||
return((Luid1->QuadPart == Luid2->QuadPart) ? TRUE : FALSE);
|
||||
}
|
||||
|
||||
/* EOF */
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
/* $Id: priv.c,v 1.1 2000/01/26 10:07:30 dwelch Exp $
|
||||
/* $Id: priv.c,v 1.2 2002/02/20 20:15:38 ekohl Exp $
|
||||
*
|
||||
* COPYRIGHT: See COPYING in the top level directory
|
||||
* PROJECT: ReactOS kernel
|
||||
|
|
@ -12,11 +12,69 @@
|
|||
/* INCLUDES *****************************************************************/
|
||||
|
||||
#include <ddk/ntddk.h>
|
||||
#include <internal/se.h>
|
||||
|
||||
#include <internal/debug.h>
|
||||
|
||||
|
||||
/* GLOBALS *******************************************************************/
|
||||
|
||||
LUID SeCreateTokenPrivilege;
|
||||
LUID SeAssignPrimaryTokenPrivilege;
|
||||
LUID SeLockMemoryPrivilege;
|
||||
LUID SeIncreaseQuotaPrivilege;
|
||||
LUID SeUnsolicitedInputPrivilege;
|
||||
LUID SeTcbPrivilege;
|
||||
LUID SeSecurityPrivilege;
|
||||
LUID SeTakeOwnershipPrivilege;
|
||||
LUID SeLoadDriverPrivilege;
|
||||
LUID SeCreatePagefilePrivilege;
|
||||
LUID SeIncreaseBasePriorityPrivilege;
|
||||
LUID SeSystemProfilePrivilege;
|
||||
LUID SeSystemtimePrivilege;
|
||||
LUID SeProfileSingleProcessPrivilege;
|
||||
LUID SeCreatePermanentPrivilege;
|
||||
LUID SeBackupPrivilege;
|
||||
LUID SeRestorePrivilege;
|
||||
LUID SeShutdownPrivilege;
|
||||
LUID SeDebugPrivilege;
|
||||
LUID SeAuditPrivilege;
|
||||
LUID SeSystemEnvironmentPrivilege;
|
||||
LUID SeChangeNotifyPrivilege;
|
||||
LUID SeRemoteShutdownPrivilege;
|
||||
|
||||
|
||||
/* FUNCTIONS ***************************************************************/
|
||||
|
||||
VOID
|
||||
SepInitPrivileges(VOID)
|
||||
{
|
||||
SeCreateTokenPrivilege.QuadPart = SE_CREATE_TOKEN_PRIVILEGE;
|
||||
SeAssignPrimaryTokenPrivilege.QuadPart = SE_ASSIGNPRIMARYTOKEN_PRIVILEGE;
|
||||
SeLockMemoryPrivilege.QuadPart = SE_LOCK_MEMORY_PRIVILEGE;
|
||||
SeIncreaseQuotaPrivilege.QuadPart = SE_INCREASE_QUOTA_PRIVILEGE;
|
||||
SeUnsolicitedInputPrivilege.QuadPart = SE_UNSOLICITED_INPUT_PRIVILEGE;
|
||||
SeTcbPrivilege.QuadPart = SE_TCB_PRIVILEGE;
|
||||
SeSecurityPrivilege.QuadPart = SE_SECURITY_PRIVILEGE;
|
||||
SeTakeOwnershipPrivilege.QuadPart = SE_TAKE_OWNERSHIP_PRIVILEGE;
|
||||
SeLoadDriverPrivilege.QuadPart = SE_LOAD_DRIVER_PRIVILEGE;
|
||||
SeSystemProfilePrivilege.QuadPart = SE_SYSTEM_PROFILE_PRIVILEGE;
|
||||
SeSystemtimePrivilege.QuadPart = SE_SYSTEMTIME_PRIVILEGE;
|
||||
SeProfileSingleProcessPrivilege.QuadPart = SE_PROF_SINGLE_PROCESS_PRIVILEGE;
|
||||
SeIncreaseBasePriorityPrivilege.QuadPart = SE_INC_BASE_PRIORITY_PRIVILEGE;
|
||||
SeCreatePagefilePrivilege.QuadPart = SE_CREATE_PAGEFILE_PRIVILEGE;
|
||||
SeCreatePermanentPrivilege.QuadPart = SE_CREATE_PERMANENT_PRIVILEGE;
|
||||
SeBackupPrivilege.QuadPart = SE_BACKUP_PRIVILEGE;
|
||||
SeRestorePrivilege.QuadPart = SE_RESTORE_PRIVILEGE;
|
||||
SeShutdownPrivilege.QuadPart = SE_SHUTDOWN_PRIVILEGE;
|
||||
SeDebugPrivilege.QuadPart = SE_DEBUG_PRIVILEGE;
|
||||
SeAuditPrivilege.QuadPart = SE_AUDIT_PRIVILEGE;
|
||||
SeSystemEnvironmentPrivilege.QuadPart = SE_SYSTEM_ENVIRONMENT_PRIVILEGE;
|
||||
SeChangeNotifyPrivilege.QuadPart = SE_CHANGE_NOTIFY_PRIVILEGE;
|
||||
SeRemoteShutdownPrivilege.QuadPart = SE_REMOTE_SHUTDOWN_PRIVILEGE;
|
||||
}
|
||||
|
||||
|
||||
BOOLEAN SepPrivilegeCheck(PACCESS_TOKEN Token,
|
||||
PLUID_AND_ATTRIBUTES Privileges,
|
||||
ULONG PrivilegeCount,
|
||||
|
|
@ -123,14 +181,16 @@ NTSTATUS SeCaptureLuidAndAttributesArray(PLUID_AND_ATTRIBUTES Src,
|
|||
return(STATUS_SUCCESS);
|
||||
}
|
||||
|
||||
VOID SeReleaseLuidAndAttributesArray(PLUID_AND_ATTRIBUTES Privilege,
|
||||
VOID
|
||||
SeReleaseLuidAndAttributesArray(PLUID_AND_ATTRIBUTES Privilege,
|
||||
KPROCESSOR_MODE PreviousMode,
|
||||
ULONG a)
|
||||
{
|
||||
ExFreePool(Privilege);
|
||||
}
|
||||
|
||||
NTSTATUS STDCALL NtPrivilegeCheck (IN HANDLE ClientToken,
|
||||
NTSTATUS STDCALL
|
||||
NtPrivilegeCheck(IN HANDLE ClientToken,
|
||||
IN PPRIVILEGE_SET RequiredPrivileges,
|
||||
IN PBOOLEAN Result)
|
||||
{
|
||||
|
|
@ -144,7 +204,7 @@ NTSTATUS STDCALL NtPrivilegeCheck (IN HANDLE ClientToken,
|
|||
|
||||
Status = ObReferenceObjectByHandle(ClientToken,
|
||||
0,
|
||||
SeTokenType,
|
||||
SepTokenObjectType,
|
||||
UserMode,
|
||||
(PVOID*)&Token,
|
||||
NULL);
|
||||
|
|
@ -186,7 +246,8 @@ NTSTATUS STDCALL NtPrivilegeCheck (IN HANDLE ClientToken,
|
|||
return(STATUS_SUCCESS);
|
||||
}
|
||||
|
||||
BOOLEAN STDCALL SePrivilegeCheck(PPRIVILEGE_SET Privileges,
|
||||
BOOLEAN STDCALL
|
||||
SePrivilegeCheck(PPRIVILEGE_SET Privileges,
|
||||
PSECURITY_SUBJECT_CONTEXT SubjectContext,
|
||||
KPROCESSOR_MODE PreviousMode)
|
||||
{
|
||||
|
|
@ -212,7 +273,8 @@ BOOLEAN STDCALL SePrivilegeCheck(PPRIVILEGE_SET Privileges,
|
|||
PreviousMode));
|
||||
}
|
||||
|
||||
BOOLEAN STDCALL SeSinglePrivilegeCheck(LUID PrivilegeValue,
|
||||
BOOLEAN STDCALL
|
||||
SeSinglePrivilegeCheck(LUID PrivilegeValue,
|
||||
KPROCESSOR_MODE PreviousMode)
|
||||
{
|
||||
SECURITY_SUBJECT_CONTEXT SubjectContext;
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
/* $Id: sd.c,v 1.5 2001/12/05 01:40:25 dwelch Exp $
|
||||
/* $Id: sd.c,v 1.6 2002/02/20 20:15:38 ekohl Exp $
|
||||
*
|
||||
* COPYRIGHT: See COPYING in the top level directory
|
||||
* PROJECT: ReactOS kernel
|
||||
|
|
@ -12,11 +12,20 @@
|
|||
/* INCLUDES *****************************************************************/
|
||||
|
||||
#include <ddk/ntddk.h>
|
||||
#include <internal/se.h>
|
||||
|
||||
#include <internal/debug.h>
|
||||
|
||||
|
||||
/* FUNCTIONS ***************************************************************/
|
||||
|
||||
BOOLEAN
|
||||
SepInitSDs(VOID)
|
||||
{
|
||||
return(TRUE);
|
||||
}
|
||||
|
||||
|
||||
NTSTATUS STDCALL
|
||||
RtlCreateSecurityDescriptor(PSECURITY_DESCRIPTOR SecurityDescriptor,
|
||||
ULONG Revision)
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
/* $Id: semgr.c,v 1.17 2000/09/03 14:53:13 ekohl Exp $
|
||||
/* $Id: semgr.c,v 1.18 2002/02/20 20:15:38 ekohl Exp $
|
||||
*
|
||||
* COPYRIGHT: See COPYING in the top level directory
|
||||
* PROJECT: ReactOS kernel
|
||||
|
|
@ -13,10 +13,111 @@
|
|||
|
||||
#include <ddk/ntddk.h>
|
||||
#include <internal/ps.h>
|
||||
#include <internal/se.h>
|
||||
|
||||
#include <internal/debug.h>
|
||||
|
||||
/* FUNCTIONS ***************************************************************/
|
||||
#define TAG_SXPT TAG('S', 'X', 'P', 'T')
|
||||
|
||||
|
||||
/* GLOBALS ******************************************************************/
|
||||
|
||||
PSE_EXPORTS EXPORTED SeExports = NULL;
|
||||
|
||||
|
||||
/* PROTOTYPES ***************************************************************/
|
||||
|
||||
static BOOLEAN SepInitExports(VOID);
|
||||
|
||||
/* FUNCTIONS ****************************************************************/
|
||||
|
||||
|
||||
BOOLEAN
|
||||
SeInit1(VOID)
|
||||
{
|
||||
SepInitLuid();
|
||||
|
||||
if (!SepInitSecurityIDs())
|
||||
return(FALSE);
|
||||
|
||||
if (!SepInitDACLs())
|
||||
return(FALSE);
|
||||
|
||||
if (!SepInitSDs())
|
||||
return(FALSE);
|
||||
|
||||
SepInitPrivileges();
|
||||
|
||||
if (!SepInitExports())
|
||||
return(FALSE);
|
||||
|
||||
return(TRUE);
|
||||
}
|
||||
|
||||
|
||||
BOOLEAN
|
||||
SeInit2(VOID)
|
||||
{
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
|
||||
static BOOLEAN
|
||||
SepInitExports(VOID)
|
||||
{
|
||||
SeExports = ExAllocatePoolWithTag(NonPagedPool,
|
||||
sizeof(SE_EXPORTS),
|
||||
TAG_SXPT);
|
||||
if (SeExports == NULL)
|
||||
return(FALSE);
|
||||
|
||||
SeExports->SeCreateTokenPrivilege = SeCreateTokenPrivilege;
|
||||
SeExports->SeAssignPrimaryTokenPrivilege = SeAssignPrimaryTokenPrivilege;
|
||||
SeExports->SeLockMemoryPrivilege = SeLockMemoryPrivilege;
|
||||
SeExports->SeIncreaseQuotaPrivilege = SeIncreaseQuotaPrivilege;
|
||||
SeExports->SeUnsolicitedInputPrivilege = SeUnsolicitedInputPrivilege;
|
||||
SeExports->SeTcbPrivilege = SeTcbPrivilege;
|
||||
SeExports->SeSecurityPrivilege = SeSecurityPrivilege;
|
||||
SeExports->SeTakeOwnershipPrivilege = SeTakeOwnershipPrivilege;
|
||||
SeExports->SeLoadDriverPrivilege = SeLoadDriverPrivilege;
|
||||
SeExports->SeCreatePagefilePrivilege = SeCreatePagefilePrivilege;
|
||||
SeExports->SeIncreaseBasePriorityPrivilege = SeIncreaseBasePriorityPrivilege;
|
||||
SeExports->SeSystemProfilePrivilege = SeSystemProfilePrivilege;
|
||||
SeExports->SeSystemtimePrivilege = SeSystemtimePrivilege;
|
||||
SeExports->SeProfileSingleProcessPrivilege = SeProfileSingleProcessPrivilege;
|
||||
SeExports->SeCreatePermanentPrivilege = SeCreatePermanentPrivilege;
|
||||
SeExports->SeBackupPrivilege = SeBackupPrivilege;
|
||||
SeExports->SeRestorePrivilege = SeRestorePrivilege;
|
||||
SeExports->SeShutdownPrivilege = SeShutdownPrivilege;
|
||||
SeExports->SeDebugPrivilege = SeDebugPrivilege;
|
||||
SeExports->SeAuditPrivilege = SeAuditPrivilege;
|
||||
SeExports->SeSystemEnvironmentPrivilege = SeSystemEnvironmentPrivilege;
|
||||
SeExports->SeChangeNotifyPrivilege = SeChangeNotifyPrivilege;
|
||||
SeExports->SeRemoteShutdownPrivilege = SeRemoteShutdownPrivilege;
|
||||
|
||||
SeExports->SeNullSid = SeNullSid;
|
||||
SeExports->SeWorldSid = SeWorldSid;
|
||||
SeExports->SeLocalSid = SeLocalSid;
|
||||
SeExports->SeCreatorOwnerSid = SeCreatorOwnerSid;
|
||||
SeExports->SeCreatorGroupSid = SeCreatorGroupSid;
|
||||
SeExports->SeNtAuthoritySid = SeNtAuthoritySid;
|
||||
SeExports->SeDialupSid = SeDialupSid;
|
||||
SeExports->SeNetworkSid = SeNetworkSid;
|
||||
SeExports->SeBatchSid = SeBatchSid;
|
||||
SeExports->SeInteractiveSid = SeInteractiveSid;
|
||||
SeExports->SeLocalSystemSid = SeLocalSystemSid;
|
||||
SeExports->SeAliasAdminsSid = SeAliasAdminsSid;
|
||||
SeExports->SeAliasUsersSid = SeAliasUsersSid;
|
||||
SeExports->SeAliasGuestsSid = SeAliasGuestsSid;
|
||||
SeExports->SeAliasPowerUsersSid = SeAliasPowerUsersSid;
|
||||
SeExports->SeAliasAccountOpsSid = SeAliasAccountOpsSid;
|
||||
SeExports->SeAliasSystemOpsSid = SeAliasSystemOpsSid;
|
||||
SeExports->SeAliasPrintOpsSid = SeAliasPrintOpsSid;
|
||||
SeExports->SeAliasBackupOpsSid = SeAliasBackupOpsSid;
|
||||
|
||||
return(TRUE);
|
||||
}
|
||||
|
||||
|
||||
VOID SepReferenceLogonSession(PLUID AuthenticationId)
|
||||
{
|
||||
|
|
@ -28,8 +129,8 @@ VOID SepDeReferenceLogonSession(PLUID AuthenticationId)
|
|||
UNIMPLEMENTED;
|
||||
}
|
||||
|
||||
NTSTATUS STDCALL NtPrivilegedServiceAuditAlarm(
|
||||
IN PUNICODE_STRING SubsystemName,
|
||||
NTSTATUS STDCALL
|
||||
NtPrivilegedServiceAuditAlarm(IN PUNICODE_STRING SubsystemName,
|
||||
IN PUNICODE_STRING ServiceName,
|
||||
IN HANDLE ClientToken,
|
||||
IN PPRIVILEGE_SET Privileges,
|
||||
|
|
@ -39,25 +140,20 @@ NTSTATUS STDCALL NtPrivilegedServiceAuditAlarm(
|
|||
}
|
||||
|
||||
|
||||
NTSTATUS
|
||||
STDCALL
|
||||
NtPrivilegeObjectAuditAlarm (
|
||||
IN PUNICODE_STRING SubsystemName,
|
||||
NTSTATUS STDCALL
|
||||
NtPrivilegeObjectAuditAlarm(IN PUNICODE_STRING SubsystemName,
|
||||
IN PVOID HandleId,
|
||||
IN HANDLE ClientToken,
|
||||
IN ULONG DesiredAccess,
|
||||
IN PPRIVILEGE_SET Privileges,
|
||||
IN BOOLEAN AccessGranted
|
||||
)
|
||||
IN BOOLEAN AccessGranted)
|
||||
{
|
||||
UNIMPLEMENTED;
|
||||
}
|
||||
|
||||
|
||||
NTSTATUS
|
||||
STDCALL
|
||||
NtOpenObjectAuditAlarm (
|
||||
IN PUNICODE_STRING SubsystemName,
|
||||
NTSTATUS STDCALL
|
||||
NtOpenObjectAuditAlarm(IN PUNICODE_STRING SubsystemName,
|
||||
IN PVOID HandleId,
|
||||
IN POBJECT_ATTRIBUTES ObjectAttributes,
|
||||
IN HANDLE ClientToken,
|
||||
|
|
@ -66,16 +162,14 @@ NtOpenObjectAuditAlarm (
|
|||
IN PPRIVILEGE_SET Privileges,
|
||||
IN BOOLEAN ObjectCreation,
|
||||
IN BOOLEAN AccessGranted,
|
||||
OUT PBOOLEAN GenerateOnClose
|
||||
)
|
||||
OUT PBOOLEAN GenerateOnClose)
|
||||
{
|
||||
UNIMPLEMENTED;
|
||||
}
|
||||
|
||||
NTSTATUS
|
||||
STDCALL
|
||||
NtAccessCheckAndAuditAlarm (
|
||||
IN PUNICODE_STRING SubsystemName,
|
||||
|
||||
NTSTATUS STDCALL
|
||||
NtAccessCheckAndAuditAlarm(IN PUNICODE_STRING SubsystemName,
|
||||
IN PHANDLE ObjectHandle,
|
||||
IN POBJECT_ATTRIBUTES ObjectAttributes,
|
||||
IN ACCESS_MASK DesiredAccess,
|
||||
|
|
@ -90,26 +184,26 @@ NtAccessCheckAndAuditAlarm (
|
|||
}
|
||||
|
||||
|
||||
NTSTATUS
|
||||
STDCALL
|
||||
NtAllocateUuids (
|
||||
PULARGE_INTEGER Time,
|
||||
NTSTATUS STDCALL
|
||||
NtAllocateUuids(PULARGE_INTEGER Time,
|
||||
PULONG Range,
|
||||
PULONG Sequence
|
||||
)
|
||||
PULONG Sequence)
|
||||
{
|
||||
UNIMPLEMENTED;
|
||||
}
|
||||
|
||||
|
||||
NTSTATUS STDCALL NtCloseObjectAuditAlarm(IN PUNICODE_STRING SubsystemName,
|
||||
NTSTATUS STDCALL
|
||||
NtCloseObjectAuditAlarm(IN PUNICODE_STRING SubsystemName,
|
||||
IN PVOID HandleId,
|
||||
IN BOOLEAN GenerateOnClose)
|
||||
{
|
||||
UNIMPLEMENTED;
|
||||
}
|
||||
|
||||
NTSTATUS STDCALL NtAccessCheck(IN PSECURITY_DESCRIPTOR SecurityDescriptor,
|
||||
|
||||
NTSTATUS STDCALL
|
||||
NtAccessCheck(IN PSECURITY_DESCRIPTOR SecurityDescriptor,
|
||||
IN HANDLE ClientToken,
|
||||
IN ACCESS_MASK DesiredAccess,
|
||||
IN PGENERIC_MAPPING GenericMapping,
|
||||
|
|
@ -122,13 +216,10 @@ NTSTATUS STDCALL NtAccessCheck(IN PSECURITY_DESCRIPTOR SecurityDescriptor,
|
|||
}
|
||||
|
||||
|
||||
NTSTATUS
|
||||
STDCALL
|
||||
NtDeleteObjectAuditAlarm (
|
||||
IN PUNICODE_STRING SubsystemName,
|
||||
NTSTATUS STDCALL
|
||||
NtDeleteObjectAuditAlarm(IN PUNICODE_STRING SubsystemName,
|
||||
IN PVOID HandleId,
|
||||
IN BOOLEAN GenerateOnClose
|
||||
)
|
||||
IN BOOLEAN GenerateOnClose)
|
||||
{
|
||||
UNIMPLEMENTED;
|
||||
}
|
||||
|
|
@ -161,7 +252,9 @@ VOID STDCALL SeCaptureSubjectContext (PSECURITY_SUBJECT_CONTEXT SubjectContext)
|
|||
SubjectContext->PrimaryToken = PsReferencePrimaryToken(Process);
|
||||
}
|
||||
|
||||
NTSTATUS STDCALL SeDeassignSecurity(PSECURITY_DESCRIPTOR* SecurityDescriptor)
|
||||
|
||||
NTSTATUS STDCALL
|
||||
SeDeassignSecurity(PSECURITY_DESCRIPTOR* SecurityDescriptor)
|
||||
{
|
||||
if ((*SecurityDescriptor) != NULL)
|
||||
{
|
||||
|
|
@ -171,6 +264,7 @@ NTSTATUS STDCALL SeDeassignSecurity(PSECURITY_DESCRIPTOR* SecurityDescriptor)
|
|||
return(STATUS_SUCCESS);
|
||||
}
|
||||
|
||||
|
||||
#if 0
|
||||
VOID SepGetDefaultsSubjectContext(PSECURITY_SUBJECT_CONTEXT SubjectContext,
|
||||
PSID* Owner,
|
||||
|
|
@ -219,7 +313,8 @@ NTSTATUS SepInheritAcl(PACL Acl,
|
|||
}
|
||||
#endif
|
||||
|
||||
NTSTATUS STDCALL SeAssignSecurity(PSECURITY_DESCRIPTOR ParentDescriptor,
|
||||
NTSTATUS STDCALL
|
||||
SeAssignSecurity(PSECURITY_DESCRIPTOR ParentDescriptor,
|
||||
PSECURITY_DESCRIPTOR ExplicitDescriptor,
|
||||
PSECURITY_DESCRIPTOR* NewDescriptor,
|
||||
BOOLEAN IsDirectoryObject,
|
||||
|
|
@ -308,7 +403,9 @@ BOOLEAN SepSidInToken(PACCESS_TOKEN Token,
|
|||
return(FALSE);
|
||||
}
|
||||
|
||||
BOOLEAN STDCALL SeAccessCheck (IN PSECURITY_DESCRIPTOR SecurityDescriptor,
|
||||
|
||||
BOOLEAN STDCALL
|
||||
SeAccessCheck(IN PSECURITY_DESCRIPTOR SecurityDescriptor,
|
||||
IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext,
|
||||
IN BOOLEAN SubjectContextLocked,
|
||||
IN ACCESS_MASK DesiredAccess,
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
/* $Id: sid.c,v 1.7 2001/02/19 15:04:51 dwelch Exp $
|
||||
/* $Id: sid.c,v 1.8 2002/02/20 20:15:38 ekohl Exp $
|
||||
*
|
||||
* COPYRIGHT: See COPYING in the top level directory
|
||||
* PROJECT: ReactOS kernel
|
||||
|
|
@ -12,13 +12,464 @@
|
|||
/* INCLUDES *****************************************************************/
|
||||
|
||||
#include <ddk/ntddk.h>
|
||||
#include <string.h>
|
||||
#include <internal/se.h>
|
||||
|
||||
#include <internal/debug.h>
|
||||
|
||||
/* FUNCTIONS ***************************************************************/
|
||||
#define TAG_SID TAG('S', 'I', 'D', 'T')
|
||||
|
||||
BOOLEAN STDCALL RtlValidSid (PSID Sid)
|
||||
|
||||
/* GLOBALS ******************************************************************/
|
||||
|
||||
SID_IDENTIFIER_AUTHORITY SeNullSidAuthority = {SECURITY_NULL_SID_AUTHORITY};
|
||||
SID_IDENTIFIER_AUTHORITY SeWorldSidAuthority = {SECURITY_WORLD_SID_AUTHORITY};
|
||||
SID_IDENTIFIER_AUTHORITY SeLocalSidAuthority = {SECURITY_LOCAL_SID_AUTHORITY};
|
||||
SID_IDENTIFIER_AUTHORITY SeCreatorSidAuthority = {SECURITY_CREATOR_SID_AUTHORITY};
|
||||
SID_IDENTIFIER_AUTHORITY SeNtSidAuthority = {SECURITY_NT_AUTHORITY};
|
||||
|
||||
PSID SeNullSid = NULL;
|
||||
PSID SeWorldSid = NULL;
|
||||
PSID SeLocalSid = NULL;
|
||||
PSID SeCreatorOwnerSid = NULL;
|
||||
PSID SeCreatorGroupSid = NULL;
|
||||
PSID SeCreatorOwnerServerSid = NULL;
|
||||
PSID SeCreatorGroupServerSid = NULL;
|
||||
PSID SeNtAuthoritySid = NULL;
|
||||
PSID SeDialupSid = NULL;
|
||||
PSID SeNetworkSid = NULL;
|
||||
PSID SeBatchSid = NULL;
|
||||
PSID SeInteractiveSid = NULL;
|
||||
PSID SeServiceSid = NULL;
|
||||
PSID SeAnonymousLogonSid = NULL;
|
||||
PSID SePrincipalSelfSid = NULL;
|
||||
PSID SeLocalSystemSid = NULL;
|
||||
PSID SeAuthenticatedUserSid = NULL;
|
||||
PSID SeRestrictedCodeSid = NULL;
|
||||
PSID SeAliasAdminsSid = NULL;
|
||||
PSID SeAliasUsersSid = NULL;
|
||||
PSID SeAliasGuestsSid = NULL;
|
||||
PSID SeAliasPowerUsersSid = NULL;
|
||||
PSID SeAliasAccountOpsSid = NULL;
|
||||
PSID SeAliasSystemOpsSid = NULL;
|
||||
PSID SeAliasPrintOpsSid = NULL;
|
||||
PSID SeAliasBackupOpsSid = NULL;
|
||||
|
||||
|
||||
/* FUNCTIONS ****************************************************************/
|
||||
|
||||
|
||||
BOOLEAN
|
||||
SepInitSecurityIDs(VOID)
|
||||
{
|
||||
ULONG SidLength0;
|
||||
ULONG SidLength1;
|
||||
ULONG SidLength2;
|
||||
PULONG SubAuthority;
|
||||
|
||||
SidLength0 = RtlLengthRequiredSid(0);
|
||||
SidLength1 = RtlLengthRequiredSid(1);
|
||||
SidLength2 = RtlLengthRequiredSid(2);
|
||||
|
||||
/* create NullSid */
|
||||
SeNullSid = ExAllocatePoolWithTag(NonPagedPool,
|
||||
SidLength1,
|
||||
TAG_SID);
|
||||
if (SeNullSid == NULL)
|
||||
return(FALSE);
|
||||
|
||||
RtlInitializeSid(SeNullSid,
|
||||
&SeNullSidAuthority,
|
||||
1);
|
||||
SubAuthority = RtlSubAuthoritySid(SeNullSid,
|
||||
0);
|
||||
*SubAuthority = SECURITY_NULL_RID;
|
||||
|
||||
/* create WorldSid */
|
||||
SeWorldSid = ExAllocatePoolWithTag(NonPagedPool,
|
||||
SidLength1,
|
||||
TAG_SID);
|
||||
if (SeWorldSid == NULL)
|
||||
return(FALSE);
|
||||
|
||||
RtlInitializeSid(SeWorldSid,
|
||||
&SeWorldSidAuthority,
|
||||
1);
|
||||
SubAuthority = RtlSubAuthoritySid(SeWorldSid,
|
||||
0);
|
||||
*SubAuthority = SECURITY_WORLD_RID;
|
||||
|
||||
/* create LocalSid */
|
||||
SeLocalSid = ExAllocatePoolWithTag(NonPagedPool,
|
||||
SidLength1,
|
||||
TAG_SID);
|
||||
if (SeLocalSid == NULL)
|
||||
return(FALSE);
|
||||
|
||||
RtlInitializeSid(SeLocalSid,
|
||||
&SeLocalSidAuthority,
|
||||
1);
|
||||
SubAuthority = RtlSubAuthoritySid(SeLocalSid,
|
||||
0);
|
||||
*SubAuthority = SECURITY_LOCAL_RID;
|
||||
|
||||
/* create CreatorOwnerSid */
|
||||
SeCreatorOwnerSid = ExAllocatePoolWithTag(NonPagedPool,
|
||||
SidLength1,
|
||||
TAG_SID);
|
||||
if (SeCreatorOwnerSid == NULL)
|
||||
return(FALSE);
|
||||
|
||||
RtlInitializeSid(SeCreatorOwnerSid,
|
||||
&SeCreatorSidAuthority,
|
||||
1);
|
||||
SubAuthority = RtlSubAuthoritySid(SeCreatorOwnerSid,
|
||||
0);
|
||||
*SubAuthority = SECURITY_CREATOR_OWNER_RID;
|
||||
|
||||
/* create CreatorGroupSid */
|
||||
SeCreatorGroupSid = ExAllocatePoolWithTag(NonPagedPool,
|
||||
SidLength1,
|
||||
TAG_SID);
|
||||
if (SeCreatorGroupSid == NULL)
|
||||
return(FALSE);
|
||||
|
||||
RtlInitializeSid(SeCreatorGroupSid,
|
||||
&SeCreatorSidAuthority,
|
||||
1);
|
||||
SubAuthority = RtlSubAuthoritySid(SeCreatorGroupSid,
|
||||
0);
|
||||
*SubAuthority = SECURITY_CREATOR_GROUP_RID;
|
||||
|
||||
/* create CreatorOwnerServerSid */
|
||||
SeCreatorOwnerServerSid = ExAllocatePoolWithTag(NonPagedPool,
|
||||
SidLength1,
|
||||
TAG_SID);
|
||||
if (SeCreatorOwnerServerSid == NULL)
|
||||
return(FALSE);
|
||||
|
||||
RtlInitializeSid(SeCreatorOwnerServerSid,
|
||||
&SeCreatorSidAuthority,
|
||||
1);
|
||||
SubAuthority = RtlSubAuthoritySid(SeCreatorOwnerServerSid,
|
||||
0);
|
||||
*SubAuthority = SECURITY_CREATOR_OWNER_SERVER_RID;
|
||||
|
||||
/* create CreatorGroupServerSid */
|
||||
SeCreatorGroupServerSid = ExAllocatePoolWithTag(NonPagedPool,
|
||||
SidLength1,
|
||||
TAG_SID);
|
||||
if (SeCreatorGroupServerSid == NULL)
|
||||
return(FALSE);
|
||||
|
||||
RtlInitializeSid(SeCreatorGroupServerSid,
|
||||
&SeCreatorSidAuthority,
|
||||
1);
|
||||
SubAuthority = RtlSubAuthoritySid(SeCreatorGroupServerSid,
|
||||
0);
|
||||
*SubAuthority = SECURITY_CREATOR_GROUP_SERVER_RID;
|
||||
|
||||
|
||||
/* create NtAuthoritySid */
|
||||
SeNtAuthoritySid = ExAllocatePoolWithTag(NonPagedPool,
|
||||
SidLength0,
|
||||
TAG_SID);
|
||||
if (SeNtAuthoritySid == NULL)
|
||||
return(FALSE);
|
||||
|
||||
RtlInitializeSid(SeNtAuthoritySid,
|
||||
&SeNtSidAuthority,
|
||||
0);
|
||||
|
||||
/* create DialupSid */
|
||||
SeDialupSid = ExAllocatePoolWithTag(NonPagedPool,
|
||||
SidLength1,
|
||||
TAG_SID);
|
||||
if (SeDialupSid == NULL)
|
||||
return(FALSE);
|
||||
|
||||
RtlInitializeSid(SeDialupSid,
|
||||
&SeNtSidAuthority,
|
||||
1);
|
||||
SubAuthority = RtlSubAuthoritySid(SeDialupSid,
|
||||
0);
|
||||
*SubAuthority = SECURITY_DIALUP_RID;
|
||||
|
||||
/* create NetworkSid */
|
||||
SeNetworkSid = ExAllocatePoolWithTag(NonPagedPool,
|
||||
SidLength1,
|
||||
TAG_SID);
|
||||
if (SeNetworkSid == NULL)
|
||||
return(FALSE);
|
||||
|
||||
RtlInitializeSid(SeNetworkSid,
|
||||
&SeNtSidAuthority,
|
||||
1);
|
||||
SubAuthority = RtlSubAuthoritySid(SeNetworkSid,
|
||||
0);
|
||||
*SubAuthority = SECURITY_NETWORK_RID;
|
||||
|
||||
/* create BatchSid */
|
||||
SeBatchSid = ExAllocatePoolWithTag(NonPagedPool,
|
||||
SidLength1,
|
||||
TAG_SID);
|
||||
if (SeBatchSid == NULL)
|
||||
return(FALSE);
|
||||
|
||||
RtlInitializeSid(SeBatchSid,
|
||||
&SeNtSidAuthority,
|
||||
1);
|
||||
SubAuthority = RtlSubAuthoritySid(SeBatchSid,
|
||||
0);
|
||||
*SubAuthority = SECURITY_BATCH_RID;
|
||||
|
||||
/* create InteractiveSid */
|
||||
SeInteractiveSid = ExAllocatePoolWithTag(NonPagedPool,
|
||||
SidLength1,
|
||||
TAG_SID);
|
||||
if (SeInteractiveSid == NULL)
|
||||
return(FALSE);
|
||||
|
||||
RtlInitializeSid(SeInteractiveSid,
|
||||
&SeNtSidAuthority,
|
||||
1);
|
||||
SubAuthority = RtlSubAuthoritySid(SeInteractiveSid,
|
||||
0);
|
||||
*SubAuthority = SECURITY_INTERACTIVE_RID;
|
||||
|
||||
/* create ServiceSid */
|
||||
SeServiceSid = ExAllocatePoolWithTag(NonPagedPool,
|
||||
SidLength1,
|
||||
TAG_SID);
|
||||
if (SeServiceSid == NULL)
|
||||
return(FALSE);
|
||||
|
||||
RtlInitializeSid(SeServiceSid,
|
||||
&SeNtSidAuthority,
|
||||
1);
|
||||
SubAuthority = RtlSubAuthoritySid(SeServiceSid,
|
||||
0);
|
||||
*SubAuthority = SECURITY_SERVICE_RID;
|
||||
|
||||
/* create AnonymousLogonSid */
|
||||
SeAnonymousLogonSid = ExAllocatePoolWithTag(NonPagedPool,
|
||||
SidLength1,
|
||||
TAG_SID);
|
||||
if (SeAnonymousLogonSid == NULL)
|
||||
return(FALSE);
|
||||
|
||||
RtlInitializeSid(SeAnonymousLogonSid,
|
||||
&SeNtSidAuthority,
|
||||
1);
|
||||
SubAuthority = RtlSubAuthoritySid(SeAnonymousLogonSid,
|
||||
0);
|
||||
*SubAuthority = SECURITY_ANONYMOUS_LOGON_RID;
|
||||
|
||||
/* create PrincipalSelfSid */
|
||||
SePrincipalSelfSid = ExAllocatePoolWithTag(NonPagedPool,
|
||||
SidLength1,
|
||||
TAG_SID);
|
||||
if (SePrincipalSelfSid == NULL)
|
||||
return(FALSE);
|
||||
|
||||
RtlInitializeSid(SePrincipalSelfSid,
|
||||
&SeNtSidAuthority,
|
||||
1);
|
||||
SubAuthority = RtlSubAuthoritySid(SePrincipalSelfSid,
|
||||
0);
|
||||
*SubAuthority = SECURITY_PRINCIPAL_SELF_RID;
|
||||
|
||||
/* create LocalSystemSid */
|
||||
SeLocalSystemSid = ExAllocatePoolWithTag(NonPagedPool,
|
||||
SidLength1,
|
||||
TAG_SID);
|
||||
if (SeLocalSystemSid == NULL)
|
||||
return(FALSE);
|
||||
|
||||
RtlInitializeSid(SeLocalSystemSid,
|
||||
&SeNtSidAuthority,
|
||||
1);
|
||||
SubAuthority = RtlSubAuthoritySid(SeLocalSystemSid,
|
||||
0);
|
||||
*SubAuthority = SECURITY_LOCAL_SYSTEM_RID;
|
||||
|
||||
/* create AuthenticatedUserSid */
|
||||
SeAuthenticatedUserSid = ExAllocatePoolWithTag(NonPagedPool,
|
||||
SidLength1,
|
||||
TAG_SID);
|
||||
if (SeAuthenticatedUserSid == NULL)
|
||||
return(FALSE);
|
||||
|
||||
RtlInitializeSid(SeAuthenticatedUserSid,
|
||||
&SeNtSidAuthority,
|
||||
1);
|
||||
SubAuthority = RtlSubAuthoritySid(SeAuthenticatedUserSid,
|
||||
0);
|
||||
*SubAuthority = SECURITY_AUTHENTICATED_USER_RID;
|
||||
|
||||
/* create RestrictedCodeSid */
|
||||
SeRestrictedCodeSid = ExAllocatePoolWithTag(NonPagedPool,
|
||||
SidLength1,
|
||||
TAG_SID);
|
||||
if (SeRestrictedCodeSid == NULL)
|
||||
return(FALSE);
|
||||
|
||||
RtlInitializeSid(SeRestrictedCodeSid,
|
||||
&SeNtSidAuthority,
|
||||
1);
|
||||
SubAuthority = RtlSubAuthoritySid(SeRestrictedCodeSid,
|
||||
0);
|
||||
*SubAuthority = SECURITY_RESTRICTED_CODE_RID;
|
||||
|
||||
/* create AliasAdminsSid */
|
||||
SeAliasAdminsSid = ExAllocatePoolWithTag(NonPagedPool,
|
||||
SidLength2,
|
||||
TAG_SID);
|
||||
if (SeAliasAdminsSid == NULL)
|
||||
return(FALSE);
|
||||
|
||||
RtlInitializeSid(SeAliasAdminsSid,
|
||||
&SeNtSidAuthority,
|
||||
2);
|
||||
SubAuthority = RtlSubAuthoritySid(SeAliasAdminsSid,
|
||||
0);
|
||||
*SubAuthority = SECURITY_BUILTIN_DOMAIN_RID;
|
||||
|
||||
SubAuthority = RtlSubAuthoritySid(SeAliasAdminsSid,
|
||||
1);
|
||||
*SubAuthority = DOMAIN_ALIAS_RID_ADMINS;
|
||||
|
||||
/* create AliasUsersSid */
|
||||
SeAliasUsersSid = ExAllocatePoolWithTag(NonPagedPool,
|
||||
SidLength2,
|
||||
TAG_SID);
|
||||
if (SeAliasUsersSid == NULL)
|
||||
return(FALSE);
|
||||
|
||||
RtlInitializeSid(SeAliasUsersSid,
|
||||
&SeNtSidAuthority,
|
||||
2);
|
||||
SubAuthority = RtlSubAuthoritySid(SeAliasUsersSid,
|
||||
0);
|
||||
*SubAuthority = SECURITY_BUILTIN_DOMAIN_RID;
|
||||
|
||||
SubAuthority = RtlSubAuthoritySid(SeAliasUsersSid,
|
||||
1);
|
||||
*SubAuthority = DOMAIN_ALIAS_RID_USERS;
|
||||
|
||||
/* create AliasGuestsSid */
|
||||
SeAliasGuestsSid = ExAllocatePoolWithTag(NonPagedPool,
|
||||
SidLength2,
|
||||
TAG_SID);
|
||||
if (SeAliasGuestsSid == NULL)
|
||||
return(FALSE);
|
||||
|
||||
RtlInitializeSid(SeAliasGuestsSid,
|
||||
&SeNtSidAuthority,
|
||||
2);
|
||||
SubAuthority = RtlSubAuthoritySid(SeAliasGuestsSid,
|
||||
0);
|
||||
*SubAuthority = SECURITY_BUILTIN_DOMAIN_RID;
|
||||
|
||||
SubAuthority = RtlSubAuthoritySid(SeAliasGuestsSid,
|
||||
1);
|
||||
*SubAuthority = DOMAIN_ALIAS_RID_GUESTS;
|
||||
|
||||
/* create AliasPowerUsersSid */
|
||||
SeAliasPowerUsersSid = ExAllocatePoolWithTag(NonPagedPool,
|
||||
SidLength2,
|
||||
TAG_SID);
|
||||
if (SeAliasPowerUsersSid == NULL)
|
||||
return(FALSE);
|
||||
|
||||
RtlInitializeSid(SeAliasPowerUsersSid,
|
||||
&SeNtSidAuthority,
|
||||
2);
|
||||
SubAuthority = RtlSubAuthoritySid(SeAliasPowerUsersSid,
|
||||
0);
|
||||
*SubAuthority = SECURITY_BUILTIN_DOMAIN_RID;
|
||||
|
||||
SubAuthority = RtlSubAuthoritySid(SeAliasPowerUsersSid,
|
||||
1);
|
||||
*SubAuthority = DOMAIN_ALIAS_RID_POWER_USERS;
|
||||
|
||||
/* create AliasAccountOpsSid */
|
||||
SeAliasAccountOpsSid = ExAllocatePoolWithTag(NonPagedPool,
|
||||
SidLength2,
|
||||
TAG_SID);
|
||||
if (SeAliasAccountOpsSid == NULL)
|
||||
return(FALSE);
|
||||
|
||||
RtlInitializeSid(SeAliasAccountOpsSid,
|
||||
&SeNtSidAuthority,
|
||||
2);
|
||||
SubAuthority = RtlSubAuthoritySid(SeAliasAccountOpsSid,
|
||||
0);
|
||||
*SubAuthority = SECURITY_BUILTIN_DOMAIN_RID;
|
||||
|
||||
SubAuthority = RtlSubAuthoritySid(SeAliasAccountOpsSid,
|
||||
1);
|
||||
*SubAuthority = DOMAIN_ALIAS_RID_ACCOUNT_OPS;
|
||||
|
||||
/* create AliasSystemOpsSid */
|
||||
SeAliasSystemOpsSid = ExAllocatePoolWithTag(NonPagedPool,
|
||||
SidLength2,
|
||||
TAG_SID);
|
||||
if (SeAliasSystemOpsSid == NULL)
|
||||
return(FALSE);
|
||||
|
||||
RtlInitializeSid(SeAliasSystemOpsSid,
|
||||
&SeNtSidAuthority,
|
||||
2);
|
||||
SubAuthority = RtlSubAuthoritySid(SeAliasSystemOpsSid,
|
||||
0);
|
||||
*SubAuthority = SECURITY_BUILTIN_DOMAIN_RID;
|
||||
|
||||
SubAuthority = RtlSubAuthoritySid(SeAliasSystemOpsSid,
|
||||
1);
|
||||
*SubAuthority = DOMAIN_ALIAS_RID_SYSTEM_OPS;
|
||||
|
||||
/* create AliasPrintOpsSid */
|
||||
SeAliasPrintOpsSid = ExAllocatePoolWithTag(NonPagedPool,
|
||||
SidLength2,
|
||||
TAG_SID);
|
||||
if (SeAliasPrintOpsSid == NULL)
|
||||
return(FALSE);
|
||||
|
||||
RtlInitializeSid(SeAliasPrintOpsSid,
|
||||
&SeNtSidAuthority,
|
||||
2);
|
||||
SubAuthority = RtlSubAuthoritySid(SeAliasPrintOpsSid,
|
||||
0);
|
||||
*SubAuthority = SECURITY_BUILTIN_DOMAIN_RID;
|
||||
|
||||
SubAuthority = RtlSubAuthoritySid(SeAliasPrintOpsSid,
|
||||
1);
|
||||
*SubAuthority = DOMAIN_ALIAS_RID_PRINT_OPS;
|
||||
|
||||
/* create AliasBackupOpsSid */
|
||||
SeAliasBackupOpsSid = ExAllocatePoolWithTag(NonPagedPool,
|
||||
SidLength2,
|
||||
TAG_SID);
|
||||
if (SeAliasBackupOpsSid == NULL)
|
||||
return(FALSE);
|
||||
|
||||
RtlInitializeSid(SeAliasBackupOpsSid,
|
||||
&SeNtSidAuthority,
|
||||
2);
|
||||
SubAuthority = RtlSubAuthoritySid(SeAliasBackupOpsSid,
|
||||
0);
|
||||
*SubAuthority = SECURITY_BUILTIN_DOMAIN_RID;
|
||||
|
||||
SubAuthority = RtlSubAuthoritySid(SeAliasBackupOpsSid,
|
||||
1);
|
||||
*SubAuthority = DOMAIN_ALIAS_RID_BACKUP_OPS;
|
||||
|
||||
return(TRUE);
|
||||
}
|
||||
|
||||
|
||||
BOOLEAN STDCALL
|
||||
RtlValidSid(PSID Sid)
|
||||
{
|
||||
if ((Sid->Revision & 0xf) != 1)
|
||||
{
|
||||
|
|
@ -31,33 +482,46 @@ BOOLEAN STDCALL RtlValidSid (PSID Sid)
|
|||
return(TRUE);
|
||||
}
|
||||
|
||||
ULONG STDCALL RtlLengthRequiredSid (UCHAR SubAuthorityCount)
|
||||
|
||||
ULONG STDCALL
|
||||
RtlLengthRequiredSid(UCHAR SubAuthorityCount)
|
||||
{
|
||||
return(sizeof(SID) + (SubAuthorityCount - 1) * sizeof(ULONG));
|
||||
}
|
||||
|
||||
NTSTATUS STDCALL RtlInitializeSid (PSID Sid,
|
||||
|
||||
NTSTATUS STDCALL
|
||||
RtlInitializeSid(PSID Sid,
|
||||
PSID_IDENTIFIER_AUTHORITY IdentifierAuthority,
|
||||
UCHAR SubAuthorityCount)
|
||||
{
|
||||
Sid->Revision = 1;
|
||||
Sid->SubAuthorityCount = SubAuthorityCount;
|
||||
memcpy(&Sid->IdentifierAuthority, IdentifierAuthority,
|
||||
RtlCopyMemory(&Sid->IdentifierAuthority,
|
||||
IdentifierAuthority,
|
||||
sizeof(SID_IDENTIFIER_AUTHORITY));
|
||||
return(STATUS_SUCCESS);
|
||||
}
|
||||
|
||||
PULONG STDCALL RtlSubAuthoritySid (PSID Sid, ULONG SubAuthority)
|
||||
|
||||
PULONG STDCALL
|
||||
RtlSubAuthoritySid(PSID Sid,
|
||||
ULONG SubAuthority)
|
||||
{
|
||||
return(&Sid->SubAuthority[SubAuthority]);
|
||||
}
|
||||
|
||||
PUCHAR STDCALL RtlSubAuthorityCountSid (PSID Sid)
|
||||
|
||||
PUCHAR STDCALL
|
||||
RtlSubAuthorityCountSid (PSID Sid)
|
||||
{
|
||||
return(&Sid->SubAuthorityCount);
|
||||
}
|
||||
|
||||
BOOLEAN STDCALL RtlEqualSid (PSID Sid1, PSID Sid2)
|
||||
|
||||
BOOLEAN STDCALL
|
||||
RtlEqualSid(PSID Sid1,
|
||||
PSID Sid2)
|
||||
{
|
||||
if (Sid1->Revision != Sid2->Revision)
|
||||
{
|
||||
|
|
@ -75,12 +539,18 @@ BOOLEAN STDCALL RtlEqualSid (PSID Sid1, PSID Sid2)
|
|||
return(TRUE);
|
||||
}
|
||||
|
||||
ULONG STDCALL RtlLengthSid (PSID Sid)
|
||||
|
||||
ULONG STDCALL
|
||||
RtlLengthSid(PSID Sid)
|
||||
{
|
||||
return(sizeof(SID) + (Sid->SubAuthorityCount-1)*4);
|
||||
}
|
||||
|
||||
NTSTATUS STDCALL RtlCopySid (ULONG BufferLength, PSID Dest, PSID Src)
|
||||
|
||||
NTSTATUS STDCALL
|
||||
RtlCopySid(ULONG BufferLength,
|
||||
PSID Dest,
|
||||
PSID Src)
|
||||
{
|
||||
if (BufferLength < RtlLengthSid(Src))
|
||||
{
|
||||
|
|
@ -90,6 +560,7 @@ NTSTATUS STDCALL RtlCopySid (ULONG BufferLength, PSID Dest, PSID Src)
|
|||
return(STATUS_SUCCESS);
|
||||
}
|
||||
|
||||
|
||||
NTSTATUS STDCALL
|
||||
RtlConvertSidToUnicodeString(PUNICODE_STRING String,
|
||||
PSID Sid,
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
/* $Id: token.c,v 1.12 2001/12/05 01:40:25 dwelch Exp $
|
||||
/* $Id: token.c,v 1.13 2002/02/20 20:15:38 ekohl Exp $
|
||||
*
|
||||
* COPYRIGHT: See COPYING in the top level directory
|
||||
* PROJECT: ReactOS kernel
|
||||
|
|
@ -14,13 +14,13 @@
|
|||
#include <limits.h>
|
||||
#include <ddk/ntddk.h>
|
||||
#include <internal/ps.h>
|
||||
#include <internal/pool.h>
|
||||
#include <internal/se.h>
|
||||
|
||||
#include <internal/debug.h>
|
||||
|
||||
/* GLOBALS *******************************************************************/
|
||||
|
||||
POBJECT_TYPE EXPORTED SeTokenType = NULL;
|
||||
POBJECT_TYPE SepTokenObjectType = NULL;
|
||||
|
||||
static GENERIC_MAPPING SepTokenMapping = {TOKEN_READ,
|
||||
TOKEN_WRITE,
|
||||
|
|
@ -58,7 +58,7 @@ NTSTATUS SeExchangePrimaryToken(PEPROCESS Process,
|
|||
NewToken->TokenInUse = 1;
|
||||
ObReferenceObjectByPointer(NewToken,
|
||||
TOKEN_ALL_ACCESS,
|
||||
SeTokenType,
|
||||
SepTokenObjectType,
|
||||
KernelMode);
|
||||
OldToken->TokenInUse = 0;
|
||||
*OldTokenP = OldToken;
|
||||
|
|
@ -99,14 +99,12 @@ NTSTATUS SeCopyClientToken(PACCESS_TOKEN Token,
|
|||
return(Status);
|
||||
}
|
||||
|
||||
NTSTATUS
|
||||
STDCALL
|
||||
SeCreateClientSecurity (
|
||||
PETHREAD Thread,
|
||||
PSECURITY_QUALITY_OF_SERVICE Qos,
|
||||
ULONG e,
|
||||
PSE_SOME_STRUCT2 f
|
||||
)
|
||||
|
||||
NTSTATUS STDCALL
|
||||
SeCreateClientSecurity(IN struct _ETHREAD *Thread,
|
||||
IN PSECURITY_QUALITY_OF_SERVICE Qos,
|
||||
IN BOOLEAN RemoteClient,
|
||||
OUT PSECURITY_CLIENT_CONTEXT ClientContext)
|
||||
{
|
||||
TOKEN_TYPE TokenType;
|
||||
UCHAR b;
|
||||
|
|
@ -121,7 +119,7 @@ SeCreateClientSecurity (
|
|||
&ImpersonationLevel);
|
||||
if (TokenType != 2)
|
||||
{
|
||||
f->Unknown9 = Qos->EffectiveOnly;
|
||||
ClientContext->DirectAccessEffectiveOnly = Qos->EffectiveOnly;
|
||||
}
|
||||
else
|
||||
{
|
||||
|
|
@ -135,7 +133,7 @@ SeCreateClientSecurity (
|
|||
}
|
||||
if (ImpersonationLevel == 0 ||
|
||||
ImpersonationLevel == 1 ||
|
||||
(e != 0 && ImpersonationLevel != 3))
|
||||
(RemoteClient != FALSE && ImpersonationLevel != 3))
|
||||
{
|
||||
if (Token != NULL)
|
||||
{
|
||||
|
|
@ -146,17 +144,17 @@ SeCreateClientSecurity (
|
|||
if (b != 0 ||
|
||||
Qos->EffectiveOnly != 0)
|
||||
{
|
||||
f->Unknown9 = 1;
|
||||
ClientContext->DirectAccessEffectiveOnly = TRUE;
|
||||
}
|
||||
else
|
||||
{
|
||||
f->Unknown9 = 0;
|
||||
ClientContext->DirectAccessEffectiveOnly = FALSE;
|
||||
}
|
||||
}
|
||||
|
||||
if (Qos->ContextTrackingMode == 0)
|
||||
{
|
||||
f->Unknown8 = 0;
|
||||
ClientContext->DirectlyAccessClientToken = FALSE;
|
||||
g = SeCopyClientToken(Token, ImpersonationLevel, 0, &NewToken);
|
||||
if (g >= 0)
|
||||
{
|
||||
|
|
@ -173,81 +171,79 @@ SeCreateClientSecurity (
|
|||
}
|
||||
else
|
||||
{
|
||||
f->Unknown8 = 1;
|
||||
if (e != 0)
|
||||
ClientContext->DirectlyAccessClientToken = TRUE;
|
||||
if (RemoteClient != FALSE)
|
||||
{
|
||||
// SeGetTokenControlInformation(Token, &f->Unknown11);
|
||||
// SeGetTokenControlInformation(Token, &ClientContext->Unknown11);
|
||||
}
|
||||
NewToken = Token;
|
||||
}
|
||||
f->Unknown1 = 0xc;
|
||||
f->Level = Qos->ImpersonationLevel;
|
||||
f->ContextTrackingMode = Qos->ContextTrackingMode;
|
||||
f->EffectiveOnly = Qos->EffectiveOnly;
|
||||
f->Unknown10 = e;
|
||||
f->Token = NewToken;
|
||||
ClientContext->SecurityQos.Length = sizeof(SECURITY_QUALITY_OF_SERVICE);
|
||||
ClientContext->SecurityQos.ImpersonationLevel = Qos->ImpersonationLevel;
|
||||
ClientContext->SecurityQos.ContextTrackingMode = Qos->ContextTrackingMode;
|
||||
ClientContext->SecurityQos.EffectiveOnly = Qos->EffectiveOnly;
|
||||
ClientContext->ServerIsRemote = RemoteClient;
|
||||
ClientContext->Token = NewToken;
|
||||
|
||||
return(STATUS_SUCCESS);
|
||||
}
|
||||
|
||||
|
||||
VOID
|
||||
STDCALL
|
||||
SeImpersonateClient (
|
||||
PSE_SOME_STRUCT2 a,
|
||||
PETHREAD Thread
|
||||
)
|
||||
VOID STDCALL
|
||||
SeImpersonateClient(IN PSECURITY_CLIENT_CONTEXT ClientContext,
|
||||
IN PETHREAD ServerThread OPTIONAL)
|
||||
{
|
||||
UCHAR b;
|
||||
|
||||
if (a->Unknown8 == 0)
|
||||
if (ClientContext->DirectlyAccessClientToken == FALSE)
|
||||
{
|
||||
b = a->EffectiveOnly;
|
||||
b = ClientContext->SecurityQos.EffectiveOnly;
|
||||
}
|
||||
else
|
||||
{
|
||||
b = a->Unknown9;
|
||||
b = ClientContext->DirectAccessEffectiveOnly;
|
||||
}
|
||||
if (Thread == NULL)
|
||||
if (ServerThread == NULL)
|
||||
{
|
||||
Thread = PsGetCurrentThread();
|
||||
ServerThread = PsGetCurrentThread();
|
||||
}
|
||||
PsImpersonateClient(Thread,
|
||||
a->Token,
|
||||
PsImpersonateClient(ServerThread,
|
||||
ClientContext->Token,
|
||||
1,
|
||||
(ULONG)b,
|
||||
a->Level);
|
||||
ClientContext->SecurityQos.ImpersonationLevel);
|
||||
}
|
||||
|
||||
VOID SeInitializeTokenManager(VOID)
|
||||
|
||||
VOID
|
||||
SeInitializeTokenManager(VOID)
|
||||
{
|
||||
UNICODE_STRING TypeName;
|
||||
SepTokenObjectType = ExAllocatePool(NonPagedPool, sizeof(OBJECT_TYPE));
|
||||
|
||||
RtlInitUnicodeString(&TypeName, L"Token");
|
||||
|
||||
SeTokenType = ExAllocatePool(NonPagedPool, sizeof(OBJECT_TYPE));
|
||||
|
||||
SeTokenType->Tag = TAG('T', 'O', 'K', 'T');
|
||||
SeTokenType->MaxObjects = ULONG_MAX;
|
||||
SeTokenType->MaxHandles = ULONG_MAX;
|
||||
SeTokenType->TotalObjects = 0;
|
||||
SeTokenType->TotalHandles = 0;
|
||||
SeTokenType->PagedPoolCharge = 0;
|
||||
SeTokenType->NonpagedPoolCharge = 0;
|
||||
SeTokenType->Mapping = &SepTokenMapping;
|
||||
SeTokenType->Dump = NULL;
|
||||
SeTokenType->Open = NULL;
|
||||
SeTokenType->Close = NULL;
|
||||
SeTokenType->Delete = NULL;
|
||||
SeTokenType->Parse = NULL;
|
||||
SeTokenType->Security = NULL;
|
||||
SeTokenType->QueryName = NULL;
|
||||
SeTokenType->OkayToClose = NULL;
|
||||
SeTokenType->Create = NULL;
|
||||
SeTokenType->DuplicationNotify = NULL;
|
||||
SepTokenObjectType->Tag = TAG('T', 'O', 'K', 'T');
|
||||
SepTokenObjectType->MaxObjects = ULONG_MAX;
|
||||
SepTokenObjectType->MaxHandles = ULONG_MAX;
|
||||
SepTokenObjectType->TotalObjects = 0;
|
||||
SepTokenObjectType->TotalHandles = 0;
|
||||
SepTokenObjectType->PagedPoolCharge = 0;
|
||||
SepTokenObjectType->NonpagedPoolCharge = sizeof(ACCESS_TOKEN);
|
||||
SepTokenObjectType->Mapping = &SepTokenMapping;
|
||||
SepTokenObjectType->Dump = NULL;
|
||||
SepTokenObjectType->Open = NULL;
|
||||
SepTokenObjectType->Close = NULL;
|
||||
SepTokenObjectType->Delete = NULL;
|
||||
SepTokenObjectType->Parse = NULL;
|
||||
SepTokenObjectType->Security = NULL;
|
||||
SepTokenObjectType->QueryName = NULL;
|
||||
SepTokenObjectType->OkayToClose = NULL;
|
||||
SepTokenObjectType->Create = NULL;
|
||||
SepTokenObjectType->DuplicationNotify = NULL;
|
||||
RtlCreateUnicodeString(&SepTokenObjectType->TypeName,
|
||||
L"Token");
|
||||
}
|
||||
|
||||
NTSTATUS RtlCopySidAndAttributesArray(ULONG Count, // ebp + 8
|
||||
NTSTATUS
|
||||
RtlCopySidAndAttributesArray(ULONG Count, // ebp + 8
|
||||
PSID_AND_ATTRIBUTES Src, // ebp + C
|
||||
ULONG MaxLength, // ebp + 10
|
||||
PSID_AND_ATTRIBUTES Dest, // ebp + 14
|
||||
|
|
@ -277,9 +273,10 @@ NTSTATUS RtlCopySidAndAttributesArray(ULONG Count, // ebp + 8
|
|||
return(STATUS_SUCCESS);
|
||||
}
|
||||
|
||||
NTSTATUS STDCALL NtQueryInformationToken(IN HANDLE TokenHandle,
|
||||
IN TOKEN_INFORMATION_CLASS
|
||||
TokenInformationClass,
|
||||
|
||||
NTSTATUS STDCALL
|
||||
NtQueryInformationToken(IN HANDLE TokenHandle,
|
||||
IN TOKEN_INFORMATION_CLASS TokenInformationClass,
|
||||
OUT PVOID TokenInformation,
|
||||
IN ULONG TokenInformationLength,
|
||||
OUT PULONG ReturnLength)
|
||||
|
|
@ -294,7 +291,7 @@ NTSTATUS STDCALL NtQueryInformationToken(IN HANDLE TokenHandle,
|
|||
|
||||
Status = ObReferenceObjectByHandle(TokenHandle,
|
||||
0,
|
||||
SeTokenType,
|
||||
SepTokenObjectType,
|
||||
UserMode,
|
||||
(PVOID*)&Token,
|
||||
NULL);
|
||||
|
|
@ -400,25 +397,21 @@ NTSTATUS STDCALL NtQueryInformationToken(IN HANDLE TokenHandle,
|
|||
}
|
||||
|
||||
|
||||
|
||||
|
||||
NTSTATUS
|
||||
STDCALL
|
||||
NtSetInformationToken(
|
||||
IN HANDLE TokenHandle,
|
||||
NTSTATUS STDCALL
|
||||
NtSetInformationToken(IN HANDLE TokenHandle,
|
||||
IN TOKEN_INFORMATION_CLASS TokenInformationClass,
|
||||
OUT PVOID TokenInformation,
|
||||
IN ULONG TokenInformationLength
|
||||
)
|
||||
IN ULONG TokenInformationLength)
|
||||
{
|
||||
UNIMPLEMENTED;
|
||||
}
|
||||
|
||||
NTSTATUS STDCALL NtDuplicateToken(IN HANDLE ExistingTokenHandle,
|
||||
|
||||
NTSTATUS STDCALL
|
||||
NtDuplicateToken(IN HANDLE ExistingTokenHandle,
|
||||
IN ACCESS_MASK DesiredAccess,
|
||||
IN POBJECT_ATTRIBUTES ObjectAttributes,
|
||||
IN SECURITY_IMPERSONATION_LEVEL
|
||||
ImpersonationLevel,
|
||||
IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel,
|
||||
IN TOKEN_TYPE TokenType,
|
||||
OUT PHANDLE NewTokenHandle)
|
||||
{
|
||||
|
|
@ -430,7 +423,7 @@ NTSTATUS STDCALL NtDuplicateToken(IN HANDLE ExistingTokenHandle,
|
|||
|
||||
Status = ObReferenceObjectByHandle(ExistingTokenHandle,
|
||||
?,
|
||||
SeTokenType,
|
||||
SepTokenObjectType,
|
||||
UserMode,
|
||||
(PVOID*)&Token,
|
||||
NULL);
|
||||
|
|
@ -462,7 +455,9 @@ VOID SepAdjustGroups(PACCESS_TOKEN Token,
|
|||
UNIMPLEMENTED;
|
||||
}
|
||||
|
||||
NTSTATUS STDCALL NtAdjustGroupsToken(IN HANDLE TokenHandle,
|
||||
|
||||
NTSTATUS STDCALL
|
||||
NtAdjustGroupsToken(IN HANDLE TokenHandle,
|
||||
IN BOOLEAN ResetToDefault,
|
||||
IN PTOKEN_GROUPS NewState,
|
||||
IN ULONG BufferLength,
|
||||
|
|
@ -478,7 +473,7 @@ NTSTATUS STDCALL NtAdjustGroupsToken(IN HANDLE TokenHandle,
|
|||
|
||||
Status = ObReferenceObjectByHandle(TokenHandle,
|
||||
?,
|
||||
SeTokenType,
|
||||
SepTokenObjectType,
|
||||
UserMode,
|
||||
(PVOID*)&Token,
|
||||
NULL);
|
||||
|
|
@ -499,6 +494,7 @@ NTSTATUS STDCALL NtAdjustGroupsToken(IN HANDLE TokenHandle,
|
|||
#endif
|
||||
}
|
||||
|
||||
|
||||
#if 0
|
||||
NTSTATUS SepAdjustPrivileges(PACCESS_TOKEN Token, // 0x8
|
||||
ULONG a, // 0xC
|
||||
|
|
@ -553,7 +549,9 @@ NTSTATUS SepAdjustPrivileges(PACCESS_TOKEN Token, // 0x8
|
|||
}
|
||||
#endif
|
||||
|
||||
NTSTATUS STDCALL NtAdjustPrivilegesToken(IN HANDLE TokenHandle,
|
||||
|
||||
NTSTATUS STDCALL
|
||||
NtAdjustPrivilegesToken(IN HANDLE TokenHandle,
|
||||
IN BOOLEAN DisableAllPrivileges,
|
||||
IN PTOKEN_PRIVILEGES NewState,
|
||||
IN ULONG BufferLength,
|
||||
|
|
@ -593,7 +591,8 @@ NTSTATUS STDCALL NtAdjustPrivilegesToken(IN HANDLE TokenHandle,
|
|||
#endif
|
||||
}
|
||||
|
||||
NTSTATUS STDCALL NtCreateToken(OUT PHANDLE TokenHandle,
|
||||
NTSTATUS STDCALL
|
||||
NtCreateToken(OUT PHANDLE TokenHandle,
|
||||
IN ACCESS_MASK DesiredAccess,
|
||||
IN POBJECT_ATTRIBUTES ObjectAttributes,
|
||||
IN TOKEN_TYPE TokenType,
|
||||
|
|
@ -628,5 +627,10 @@ NTSTATUS STDCALL NtCreateToken(OUT PHANDLE TokenHandle,
|
|||
UNIMPLEMENTED;
|
||||
}
|
||||
|
||||
TOKEN_TYPE STDCALL
|
||||
SeTokenType(IN PACCESS_TOKEN Token)
|
||||
{
|
||||
return(Token->TokenType);
|
||||
}
|
||||
|
||||
/* EOF */
|
||||
|
|
|
|||
Loading…
Reference in a new issue