Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2024-12-28 18:15:11 +00:00
Code Issues Projects Releases Packages Wiki Activity

[NTOS:SE] Annotate the remaining functions with SAL

Browse source
This commit is contained in:
George Bișoc 2021-08-20 11:48:19 +02:00
parent 6413009c10
commit 8567d8145e
No known key found for this signature in database
GPG key ID: 688C4FBE25D7DEF6
12 changed files with 604 additions and 568 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

262
ntoskrnl/include/internal/se.h
View file

@ -36,7 +36,8 @@ typedef struct _TOKEN_AUDIT_POLICY_INFORMATION
FORCEINLINE FORCEINLINE
PSID PSID
SepGetGroupFromDescriptor(PVOID _Descriptor) SepGetGroupFromDescriptor(
_Inout_ PVOID _Descriptor)
{ {
PISECURITY_DESCRIPTOR Descriptor = (PISECURITY_DESCRIPTOR)_Descriptor; PISECURITY_DESCRIPTOR Descriptor = (PISECURITY_DESCRIPTOR)_Descriptor;
PISECURITY_DESCRIPTOR_RELATIVE SdRel; PISECURITY_DESCRIPTOR_RELATIVE SdRel;
@ -55,7 +56,8 @@ SepGetGroupFromDescriptor(PVOID _Descriptor)
FORCEINLINE FORCEINLINE
PSID PSID
SepGetOwnerFromDescriptor(PVOID _Descriptor) SepGetOwnerFromDescriptor(
_Inout_ PVOID _Descriptor)
{ {
PISECURITY_DESCRIPTOR Descriptor = (PISECURITY_DESCRIPTOR)_Descriptor; PISECURITY_DESCRIPTOR Descriptor = (PISECURITY_DESCRIPTOR)_Descriptor;
PISECURITY_DESCRIPTOR_RELATIVE SdRel; PISECURITY_DESCRIPTOR_RELATIVE SdRel;
@ -74,7 +76,8 @@ SepGetOwnerFromDescriptor(PVOID _Descriptor)
FORCEINLINE FORCEINLINE
PACL PACL
SepGetDaclFromDescriptor(PVOID _Descriptor) SepGetDaclFromDescriptor(
_Inout_ PVOID _Descriptor)
{ {
PISECURITY_DESCRIPTOR Descriptor = (PISECURITY_DESCRIPTOR)_Descriptor; PISECURITY_DESCRIPTOR Descriptor = (PISECURITY_DESCRIPTOR)_Descriptor;
PISECURITY_DESCRIPTOR_RELATIVE SdRel; PISECURITY_DESCRIPTOR_RELATIVE SdRel;
@ -95,7 +98,8 @@ SepGetDaclFromDescriptor(PVOID _Descriptor)
FORCEINLINE FORCEINLINE
PACL PACL
SepGetSaclFromDescriptor(PVOID _Descriptor) SepGetSaclFromDescriptor(
_Inout_ PVOID _Descriptor)
{ {
PISECURITY_DESCRIPTOR Descriptor = (PISECURITY_DESCRIPTOR)_Descriptor; PISECURITY_DESCRIPTOR Descriptor = (PISECURITY_DESCRIPTOR)_Descriptor;
PISECURITY_DESCRIPTOR_RELATIVE SdRel; PISECURITY_DESCRIPTOR_RELATIVE SdRel;
@ -236,27 +240,24 @@ extern PTOKEN SeAnonymousLogonTokenNoEveryone;
BOOLEAN BOOLEAN
NTAPI NTAPI
SepTokenIsOwner( SepTokenIsOwner(
IN PACCESS_TOKEN _Token, _In_ PACCESS_TOKEN _Token,
IN PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor,
IN BOOLEAN TokenLocked _In_ BOOLEAN TokenLocked);
);
BOOLEAN BOOLEAN
NTAPI NTAPI
SepSidInToken( SepSidInToken(
IN PACCESS_TOKEN _Token, _In_ PACCESS_TOKEN _Token,
IN PSID Sid _In_ PSID Sid);
);
BOOLEAN BOOLEAN
NTAPI NTAPI
SepSidInTokenEx( SepSidInTokenEx(
IN PACCESS_TOKEN _Token, _In_ PACCESS_TOKEN _Token,
IN PSID PrincipalSelfSid, _In_ PSID PrincipalSelfSid,
IN PSID _Sid, _In_ PSID _Sid,
IN BOOLEAN Deny, _In_ BOOLEAN Deny,
IN BOOLEAN Restricted _In_ BOOLEAN Restricted);
);
BOOLEAN BOOLEAN
NTAPI NTAPI
@ -301,69 +302,62 @@ SeRmInitPhase1(VOID);
VOID VOID
NTAPI NTAPI
SeDeassignPrimaryToken(struct _EPROCESS *Process); SeDeassignPrimaryToken(
_Inout_ PEPROCESS Process);
NTSTATUS NTSTATUS
NTAPI NTAPI
SeSubProcessToken( SeSubProcessToken(
IN PTOKEN Parent, _In_ PTOKEN Parent,
OUT PTOKEN *Token, _Out_ PTOKEN *Token,
IN BOOLEAN InUse, _In_ BOOLEAN InUse,
IN ULONG SessionId _In_ ULONG SessionId);
);
NTSTATUS NTSTATUS
NTAPI NTAPI
SeInitializeProcessAuditName( SeInitializeProcessAuditName(
IN PFILE_OBJECT FileObject, _In_ PFILE_OBJECT FileObject,
IN BOOLEAN DoAudit, _In_ BOOLEAN DoAudit,
OUT POBJECT_NAME_INFORMATION *AuditInfo _Out_ POBJECT_NAME_INFORMATION *AuditInfo);
);
NTSTATUS NTSTATUS
NTAPI NTAPI
SeCreateAccessStateEx( SeCreateAccessStateEx(
IN PETHREAD Thread, _In_ PETHREAD Thread,
IN PEPROCESS Process, _In_ PEPROCESS Process,
IN OUT PACCESS_STATE AccessState, _In_ OUT PACCESS_STATE AccessState,
IN PAUX_ACCESS_DATA AuxData, _In_ PAUX_ACCESS_DATA AuxData,
IN ACCESS_MASK Access, _In_ ACCESS_MASK Access,
IN PGENERIC_MAPPING GenericMapping _In_ PGENERIC_MAPPING GenericMapping);
);
NTSTATUS NTSTATUS
NTAPI NTAPI
SeIsTokenChild( SeIsTokenChild(
IN PTOKEN Token, _In_ PTOKEN Token,
OUT PBOOLEAN IsChild _Out_ PBOOLEAN IsChild);
);
NTSTATUS NTSTATUS
NTAPI NTAPI
SeIsTokenSibling( SeIsTokenSibling(
IN PTOKEN Token, _In_ PTOKEN Token,
OUT PBOOLEAN IsSibling _Out_ PBOOLEAN IsSibling);
);
NTSTATUS NTSTATUS
NTAPI NTAPI
SepCreateImpersonationTokenDacl( SepCreateImpersonationTokenDacl(
_In_ PTOKEN Token, _In_ PTOKEN Token,
_In_ PTOKEN PrimaryToken, _In_ PTOKEN PrimaryToken,
_Out_ PACL* Dacl _Out_ PACL* Dacl);
);
NTSTATUS NTSTATUS
NTAPI NTAPI
SepRmInsertLogonSessionIntoToken( SepRmInsertLogonSessionIntoToken(
_Inout_ PTOKEN Token _Inout_ PTOKEN Token);
);
NTSTATUS NTSTATUS
NTAPI NTAPI
SepRmRemoveLogonSessionFromToken( SepRmRemoveLogonSessionFromToken(
_Inout_ PTOKEN Token _Inout_ PTOKEN Token);
);
CODE_SEG("INIT") CODE_SEG("INIT")
VOID VOID
@ -385,63 +379,61 @@ SepCreateSystemAnonymousLogonTokenNoEveryone(VOID);
BOOLEAN BOOLEAN
NTAPI NTAPI
SeDetailedAuditingWithToken(IN PTOKEN Token); SeDetailedAuditingWithToken(
_In_ PTOKEN Token);
VOID VOID
NTAPI NTAPI
SeAuditProcessExit(IN PEPROCESS Process); SeAuditProcessExit(
_In_ PEPROCESS Process);
VOID VOID
NTAPI NTAPI
SeAuditProcessCreate(IN PEPROCESS Process); SeAuditProcessCreate(
_In_ PEPROCESS Process);
NTSTATUS NTSTATUS
NTAPI NTAPI
SeExchangePrimaryToken( SeExchangePrimaryToken(
_In_ PEPROCESS Process, _In_ PEPROCESS Process,
_In_ PACCESS_TOKEN NewAccessToken, _In_ PACCESS_TOKEN NewAccessToken,
_Out_ PACCESS_TOKEN* OldAccessToken _Out_ PACCESS_TOKEN* OldAccessToken);
);
VOID VOID
NTAPI NTAPI
SeCaptureSubjectContextEx( SeCaptureSubjectContextEx(
IN PETHREAD Thread, _In_ PETHREAD Thread,
IN PEPROCESS Process, _In_ PEPROCESS Process,
OUT PSECURITY_SUBJECT_CONTEXT SubjectContext _Out_ PSECURITY_SUBJECT_CONTEXT SubjectContext);
);
NTSTATUS NTSTATUS
NTAPI NTAPI
SeCaptureLuidAndAttributesArray( SeCaptureLuidAndAttributesArray(
PLUID_AND_ATTRIBUTES Src, _In_ PLUID_AND_ATTRIBUTES Src,
ULONG PrivilegeCount, _In_ ULONG PrivilegeCount,
KPROCESSOR_MODE PreviousMode, _In_ KPROCESSOR_MODE PreviousMode,
PLUID_AND_ATTRIBUTES AllocatedMem, _In_ PLUID_AND_ATTRIBUTES AllocatedMem,
ULONG AllocatedLength, _In_ ULONG AllocatedLength,
POOL_TYPE PoolType, _In_ POOL_TYPE PoolType,
BOOLEAN CaptureIfKernel, _In_ BOOLEAN CaptureIfKernel,
PLUID_AND_ATTRIBUTES* Dest, _Out_ PLUID_AND_ATTRIBUTES* Dest,
PULONG Length _Inout_ PULONG Length);
);
VOID VOID
NTAPI NTAPI
SeReleaseLuidAndAttributesArray( SeReleaseLuidAndAttributesArray(
PLUID_AND_ATTRIBUTES Privilege, _In_ PLUID_AND_ATTRIBUTES Privilege,
KPROCESSOR_MODE PreviousMode, _In_ KPROCESSOR_MODE PreviousMode,
BOOLEAN CaptureIfKernel _In_ BOOLEAN CaptureIfKernel);
);
BOOLEAN BOOLEAN
NTAPI NTAPI
SepPrivilegeCheck( SepPrivilegeCheck(
PTOKEN Token, _In_ PTOKEN Token,
PLUID_AND_ATTRIBUTES Privileges, _In_ PLUID_AND_ATTRIBUTES Privileges,
ULONG PrivilegeCount, _In_ ULONG PrivilegeCount,
ULONG PrivilegeControl, _In_ ULONG PrivilegeControl,
KPROCESSOR_MODE PreviousMode _In_ KPROCESSOR_MODE PreviousMode);
);
NTSTATUS NTSTATUS
NTAPI NTAPI
@ -456,11 +448,10 @@ SePrivilegePolicyCheck(
BOOLEAN BOOLEAN
NTAPI NTAPI
SeCheckPrivilegedObject( SeCheckPrivilegedObject(
IN LUID PrivilegeValue, _In_ LUID PrivilegeValue,
IN HANDLE ObjectHandle, _In_ HANDLE ObjectHandle,
IN ACCESS_MASK DesiredAccess, _In_ ACCESS_MASK DesiredAccess,
IN KPROCESSOR_MODE PreviousMode _In_ KPROCESSOR_MODE PreviousMode);
);
NTSTATUS NTSTATUS
NTAPI NTAPI
@ -471,8 +462,7 @@ SepDuplicateToken(
_In_ TOKEN_TYPE TokenType, _In_ TOKEN_TYPE TokenType,
_In_ SECURITY_IMPERSONATION_LEVEL Level, _In_ SECURITY_IMPERSONATION_LEVEL Level,
_In_ KPROCESSOR_MODE PreviousMode, _In_ KPROCESSOR_MODE PreviousMode,
_Out_ PTOKEN* NewAccessToken _Out_ PTOKEN* NewAccessToken);
);
NTSTATUS NTSTATUS
NTAPI NTAPI
@ -482,34 +472,30 @@ SepCaptureSecurityQualityOfService(
_In_ POOL_TYPE PoolType, _In_ POOL_TYPE PoolType,
_In_ BOOLEAN CaptureIfKernel, _In_ BOOLEAN CaptureIfKernel,
_Out_ PSECURITY_QUALITY_OF_SERVICE *CapturedSecurityQualityOfService, _Out_ PSECURITY_QUALITY_OF_SERVICE *CapturedSecurityQualityOfService,
_Out_ PBOOLEAN Present _Out_ PBOOLEAN Present);
);
VOID VOID
NTAPI NTAPI
SepReleaseSecurityQualityOfService( SepReleaseSecurityQualityOfService(
_In_opt_ PSECURITY_QUALITY_OF_SERVICE CapturedSecurityQualityOfService, _In_opt_ PSECURITY_QUALITY_OF_SERVICE CapturedSecurityQualityOfService,
_In_ KPROCESSOR_MODE AccessMode, _In_ KPROCESSOR_MODE AccessMode,
_In_ BOOLEAN CaptureIfKernel _In_ BOOLEAN CaptureIfKernel);
);
NTSTATUS NTSTATUS
NTAPI NTAPI
SepCaptureSid( SepCaptureSid(
IN PSID InputSid, _In_ PSID InputSid,
IN KPROCESSOR_MODE AccessMode, _In_ KPROCESSOR_MODE AccessMode,
IN POOL_TYPE PoolType, _In_ POOL_TYPE PoolType,
IN BOOLEAN CaptureIfKernel, _In_ BOOLEAN CaptureIfKernel,
OUT PSID *CapturedSid _Out_ PSID *CapturedSid);
);
VOID VOID
NTAPI NTAPI
SepReleaseSid( SepReleaseSid(
IN PSID CapturedSid, _In_ PSID CapturedSid,
IN KPROCESSOR_MODE AccessMode, _In_ KPROCESSOR_MODE AccessMode,
IN BOOLEAN CaptureIfKernel _In_ BOOLEAN CaptureIfKernel);
);
NTSTATUS NTSTATUS
NTAPI NTAPI
@ -540,20 +526,18 @@ SeComputeQuotaInformationSize(
NTSTATUS NTSTATUS
NTAPI NTAPI
SepCaptureAcl( SepCaptureAcl(
IN PACL InputAcl, _In_ PACL InputAcl,
IN KPROCESSOR_MODE AccessMode, _In_ KPROCESSOR_MODE AccessMode,
IN POOL_TYPE PoolType, _In_ POOL_TYPE PoolType,
IN BOOLEAN CaptureIfKernel, _In_ BOOLEAN CaptureIfKernel,
OUT PACL *CapturedAcl _Out_ PACL *CapturedAcl);
);
VOID VOID
NTAPI NTAPI
SepReleaseAcl( SepReleaseAcl(
IN PACL CapturedAcl, _In_ PACL CapturedAcl,
IN KPROCESSOR_MODE AccessMode, _In_ KPROCESSOR_MODE AccessMode,
IN BOOLEAN CaptureIfKernel _In_ BOOLEAN CaptureIfKernel);
);
NTSTATUS NTSTATUS
SepPropagateAcl( SepPropagateAcl(
@ -584,32 +568,29 @@ SepSelectAcl(
NTSTATUS NTSTATUS
NTAPI NTAPI
SeDefaultObjectMethod( SeDefaultObjectMethod(
PVOID Object, _In_ PVOID Object,
SECURITY_OPERATION_CODE OperationType, _In_ SECURITY_OPERATION_CODE OperationType,
PSECURITY_INFORMATION SecurityInformation, _In_ PSECURITY_INFORMATION SecurityInformation,
PSECURITY_DESCRIPTOR NewSecurityDescriptor, _Inout_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor,
PULONG ReturnLength, _Inout_opt_ PULONG ReturnLength,
PSECURITY_DESCRIPTOR *OldSecurityDescriptor, _Inout_opt_ PSECURITY_DESCRIPTOR *OldSecurityDescriptor,
POOL_TYPE PoolType, _In_ POOL_TYPE PoolType,
PGENERIC_MAPPING GenericMapping _In_ PGENERIC_MAPPING GenericMapping);
);
NTSTATUS NTSTATUS
NTAPI NTAPI
SeSetWorldSecurityDescriptor( SeSetWorldSecurityDescriptor(
SECURITY_INFORMATION SecurityInformation, _In_ SECURITY_INFORMATION SecurityInformation,
PISECURITY_DESCRIPTOR SecurityDescriptor, _In_ PISECURITY_DESCRIPTOR SecurityDescriptor,
PULONG BufferLength _In_ PULONG BufferLength);
);
NTSTATUS NTSTATUS
NTAPI NTAPI
SeCopyClientToken( SeCopyClientToken(
IN PACCESS_TOKEN Token, _In_ PACCESS_TOKEN Token,
IN SECURITY_IMPERSONATION_LEVEL Level, _In_ SECURITY_IMPERSONATION_LEVEL Level,
IN KPROCESSOR_MODE PreviousMode, _In_ KPROCESSOR_MODE PreviousMode,
OUT PACCESS_TOKEN* NewToken _Out_ PACCESS_TOKEN* NewToken);
);
NTSTATUS NTSTATUS
NTAPI NTAPI
@ -620,20 +601,25 @@ SepRegQueryHelper(
_In_ ULONG DataLength, _In_ ULONG DataLength,
_Out_ PVOID ValueData); _Out_ PVOID ValueData);
VOID NTAPI VOID
SeQuerySecurityAccessMask(IN SECURITY_INFORMATION SecurityInformation, NTAPI
OUT PACCESS_MASK DesiredAccess); SeQuerySecurityAccessMask(
_In_ SECURITY_INFORMATION SecurityInformation,
_Out_ PACCESS_MASK DesiredAccess);
VOID NTAPI VOID
SeSetSecurityAccessMask(IN SECURITY_INFORMATION SecurityInformation, NTAPI
OUT PACCESS_MASK DesiredAccess); SeSetSecurityAccessMask(
_In_ SECURITY_INFORMATION SecurityInformation,
_Out_ PACCESS_MASK DesiredAccess);
BOOLEAN BOOLEAN
NTAPI NTAPI
SeFastTraverseCheck(IN PSECURITY_DESCRIPTOR SecurityDescriptor, SeFastTraverseCheck(
IN PACCESS_STATE AccessState, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor,
IN ACCESS_MASK DesiredAccess, _In_ PACCESS_STATE AccessState,
IN KPROCESSOR_MODE AccessMode); _In_ ACCESS_MASK DesiredAccess,
_In_ KPROCESSOR_MODE AccessMode);
BOOLEAN BOOLEAN
NTAPI NTAPI
@ -651,17 +637,17 @@ SePrivilegedServiceAuditAlarm(
NTSTATUS NTSTATUS
SepRmReferenceLogonSession( SepRmReferenceLogonSession(
PLUID LogonLuid); _Inout_ PLUID LogonLuid);
NTSTATUS NTSTATUS
SepRmDereferenceLogonSession( SepRmDereferenceLogonSession(
PLUID LogonLuid); _Inout_ PLUID LogonLuid);
NTSTATUS NTSTATUS
NTAPI NTAPI
SeGetLogonIdDeviceMap( SeGetLogonIdDeviceMap(
IN PLUID LogonId, _In_ PLUID LogonId,
OUT PDEVICE_MAP * DeviceMap); _Out_ PDEVICE_MAP *DeviceMap);
#endif #endif

124
ntoskrnl/se/access.c
View file

@ -45,11 +45,12 @@ ERESOURCE SepSubjectContextLock;
*/ */
BOOLEAN BOOLEAN
NTAPI NTAPI
SepSidInTokenEx(IN PACCESS_TOKEN _Token, SepSidInTokenEx(
IN PSID PrincipalSelfSid, _In_ PACCESS_TOKEN _Token,
IN PSID _Sid, _In_ PSID PrincipalSelfSid,
IN BOOLEAN Deny, _In_ PSID _Sid,
IN BOOLEAN Restricted) _In_ BOOLEAN Deny,
_In_ BOOLEAN Restricted)
{ {
ULONG i; ULONG i;
PTOKEN Token = (PTOKEN)_Token; PTOKEN Token = (PTOKEN)_Token;
@ -145,8 +146,9 @@ SepSidInTokenEx(IN PACCESS_TOKEN _Token,
*/ */
BOOLEAN BOOLEAN
NTAPI NTAPI
SepSidInToken(IN PACCESS_TOKEN _Token, SepSidInToken(
IN PSID Sid) _In_ PACCESS_TOKEN _Token,
_In_ PSID Sid)
{ {
/* Call extended API */ /* Call extended API */
return SepSidInTokenEx(_Token, NULL, Sid, FALSE, FALSE); return SepSidInTokenEx(_Token, NULL, Sid, FALSE, FALSE);
@ -172,9 +174,10 @@ SepSidInToken(IN PACCESS_TOKEN _Token,
*/ */
BOOLEAN BOOLEAN
NTAPI NTAPI
SepTokenIsOwner(IN PACCESS_TOKEN _Token, SepTokenIsOwner(
IN PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ PACCESS_TOKEN _Token,
IN BOOLEAN TokenLocked) _In_ PSECURITY_DESCRIPTOR SecurityDescriptor,
_In_ BOOLEAN TokenLocked)
{ {
PSID Sid; PSID Sid;
BOOLEAN Result; BOOLEAN Result;
@ -216,8 +219,9 @@ SepTokenIsOwner(IN PACCESS_TOKEN _Token,
*/ */
VOID VOID
NTAPI NTAPI
SeGetTokenControlInformation(IN PACCESS_TOKEN _Token, SeGetTokenControlInformation(
OUT PTOKEN_CONTROL TokenControl) _In_ PACCESS_TOKEN _Token,
_Out_ PTOKEN_CONTROL TokenControl)
{ {
PTOKEN Token = _Token; PTOKEN Token = _Token;
PAGED_CODE(); PAGED_CODE();
@ -274,13 +278,14 @@ SeGetTokenControlInformation(IN PACCESS_TOKEN _Token,
*/ */
NTSTATUS NTSTATUS
NTAPI NTAPI
SepCreateClientSecurity(IN PACCESS_TOKEN Token, SepCreateClientSecurity(
IN PSECURITY_QUALITY_OF_SERVICE ClientSecurityQos, _In_ PACCESS_TOKEN Token,
IN BOOLEAN ServerIsRemote, _In_ PSECURITY_QUALITY_OF_SERVICE ClientSecurityQos,
IN TOKEN_TYPE TokenType, _In_ BOOLEAN ServerIsRemote,
IN BOOLEAN ThreadEffectiveOnly, _In_ TOKEN_TYPE TokenType,
IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel, _In_ BOOLEAN ThreadEffectiveOnly,
OUT PSECURITY_CLIENT_CONTEXT ClientContext) _In_ SECURITY_IMPERSONATION_LEVEL ImpersonationLevel,
_Out_ PSECURITY_CLIENT_CONTEXT ClientContext)
{ {
NTSTATUS Status; NTSTATUS Status;
PACCESS_TOKEN NewToken; PACCESS_TOKEN NewToken;
@ -382,9 +387,10 @@ SepCreateClientSecurity(IN PACCESS_TOKEN Token,
*/ */
VOID VOID
NTAPI NTAPI
SeCaptureSubjectContextEx(IN PETHREAD Thread, SeCaptureSubjectContextEx(
IN PEPROCESS Process, _In_ PETHREAD Thread,
OUT PSECURITY_SUBJECT_CONTEXT SubjectContext) _In_ PEPROCESS Process,
_Out_ PSECURITY_SUBJECT_CONTEXT SubjectContext)
{ {
BOOLEAN CopyOnOpen, EffectiveOnly; BOOLEAN CopyOnOpen, EffectiveOnly;
@ -425,7 +431,8 @@ SeCaptureSubjectContextEx(IN PETHREAD Thread,
*/ */
VOID VOID
NTAPI NTAPI
SeCaptureSubjectContext(OUT PSECURITY_SUBJECT_CONTEXT SubjectContext) SeCaptureSubjectContext(
_Out_ PSECURITY_SUBJECT_CONTEXT SubjectContext)
{ {
/* Call the extended API */ /* Call the extended API */
SeCaptureSubjectContextEx(PsGetCurrentThread(), SeCaptureSubjectContextEx(PsGetCurrentThread(),
@ -446,7 +453,8 @@ SeCaptureSubjectContext(OUT PSECURITY_SUBJECT_CONTEXT SubjectContext)
*/ */
VOID VOID
NTAPI NTAPI
SeLockSubjectContext(IN PSECURITY_SUBJECT_CONTEXT SubjectContext) SeLockSubjectContext(
_In_ PSECURITY_SUBJECT_CONTEXT SubjectContext)
{ {
PTOKEN PrimaryToken, ClientToken; PTOKEN PrimaryToken, ClientToken;
PAGED_CODE(); PAGED_CODE();
@ -476,7 +484,8 @@ SeLockSubjectContext(IN PSECURITY_SUBJECT_CONTEXT SubjectContext)
*/ */
VOID VOID
NTAPI NTAPI
SeUnlockSubjectContext(IN PSECURITY_SUBJECT_CONTEXT SubjectContext) SeUnlockSubjectContext(
_In_ PSECURITY_SUBJECT_CONTEXT SubjectContext)
{ {
PTOKEN PrimaryToken, ClientToken; PTOKEN PrimaryToken, ClientToken;
PAGED_CODE(); PAGED_CODE();
@ -508,7 +517,8 @@ SeUnlockSubjectContext(IN PSECURITY_SUBJECT_CONTEXT SubjectContext)
*/ */
VOID VOID
NTAPI NTAPI
SeReleaseSubjectContext(IN PSECURITY_SUBJECT_CONTEXT SubjectContext) SeReleaseSubjectContext(
_In_ PSECURITY_SUBJECT_CONTEXT SubjectContext)
{ {
PAGED_CODE(); PAGED_CODE();
@ -531,7 +541,7 @@ SeReleaseSubjectContext(IN PSECURITY_SUBJECT_CONTEXT SubjectContext)
* @param[in] Process * @param[in] Process
* Valid process object where subject context is to be captured. * Valid process object where subject context is to be captured.
* *
* @param[in, out] AccessState * @param[in,out] AccessState
* An initialized returned parameter to an access state. * An initialized returned parameter to an access state.
* *
* @param[in] AuxData * @param[in] AuxData
@ -548,12 +558,13 @@ SeReleaseSubjectContext(IN PSECURITY_SUBJECT_CONTEXT SubjectContext)
*/ */
NTSTATUS NTSTATUS
NTAPI NTAPI
SeCreateAccessStateEx(IN PETHREAD Thread, SeCreateAccessStateEx(
IN PEPROCESS Process, _In_ PETHREAD Thread,
IN OUT PACCESS_STATE AccessState, _In_ PEPROCESS Process,
IN PAUX_ACCESS_DATA AuxData, _Inout_ PACCESS_STATE AccessState,
IN ACCESS_MASK Access, _In_ PAUX_ACCESS_DATA AuxData,
IN PGENERIC_MAPPING GenericMapping) _In_ ACCESS_MASK Access,
_In_ PGENERIC_MAPPING GenericMapping)
{ {
ACCESS_MASK AccessMask = Access; ACCESS_MASK AccessMask = Access;
PTOKEN Token; PTOKEN Token;
@ -608,7 +619,7 @@ SeCreateAccessStateEx(IN PETHREAD Thread,
* @brief * @brief
* Creates an access state. * Creates an access state.
* *
* @param[in, out] AccessState * @param[in,out] AccessState
* An initialized returned parameter to an access state. * An initialized returned parameter to an access state.
* *
* @param[in] AuxData * @param[in] AuxData
@ -625,10 +636,11 @@ SeCreateAccessStateEx(IN PETHREAD Thread,
*/ */
NTSTATUS NTSTATUS
NTAPI NTAPI
SeCreateAccessState(IN OUT PACCESS_STATE AccessState, SeCreateAccessState(
IN PAUX_ACCESS_DATA AuxData, _Inout_ PACCESS_STATE AccessState,
IN ACCESS_MASK Access, _In_ PAUX_ACCESS_DATA AuxData,
IN PGENERIC_MAPPING GenericMapping) _In_ ACCESS_MASK Access,
_In_ PGENERIC_MAPPING GenericMapping)
{ {
PAGED_CODE(); PAGED_CODE();
@ -653,7 +665,8 @@ SeCreateAccessState(IN OUT PACCESS_STATE AccessState,
*/ */
VOID VOID
NTAPI NTAPI
SeDeleteAccessState(IN PACCESS_STATE AccessState) SeDeleteAccessState(
_In_ PACCESS_STATE AccessState)
{ {
PAUX_ACCESS_DATA AuxData; PAUX_ACCESS_DATA AuxData;
PAGED_CODE(); PAGED_CODE();
@ -695,8 +708,9 @@ SeDeleteAccessState(IN PACCESS_STATE AccessState)
*/ */
VOID VOID
NTAPI NTAPI
SeSetAccessStateGenericMapping(IN PACCESS_STATE AccessState, SeSetAccessStateGenericMapping(
IN PGENERIC_MAPPING GenericMapping) _In_ PACCESS_STATE AccessState,
_In_ PGENERIC_MAPPING GenericMapping)
{ {
PAGED_CODE(); PAGED_CODE();
@ -725,10 +739,11 @@ SeSetAccessStateGenericMapping(IN PACCESS_STATE AccessState,
*/ */
NTSTATUS NTSTATUS
NTAPI NTAPI
SeCreateClientSecurity(IN PETHREAD Thread, SeCreateClientSecurity(
IN PSECURITY_QUALITY_OF_SERVICE Qos, _In_ PETHREAD Thread,
IN BOOLEAN RemoteClient, _In_ PSECURITY_QUALITY_OF_SERVICE Qos,
OUT PSECURITY_CLIENT_CONTEXT ClientContext) _In_ BOOLEAN RemoteClient,
_Out_ PSECURITY_CLIENT_CONTEXT ClientContext)
{ {
TOKEN_TYPE TokenType; TOKEN_TYPE TokenType;
BOOLEAN ThreadEffectiveOnly; BOOLEAN ThreadEffectiveOnly;
@ -786,10 +801,11 @@ SeCreateClientSecurity(IN PETHREAD Thread,
*/ */
NTSTATUS NTSTATUS
NTAPI NTAPI
SeCreateClientSecurityFromSubjectContext(IN PSECURITY_SUBJECT_CONTEXT SubjectContext, SeCreateClientSecurityFromSubjectContext(
IN PSECURITY_QUALITY_OF_SERVICE ClientSecurityQos, _In_ PSECURITY_SUBJECT_CONTEXT SubjectContext,
IN BOOLEAN ServerIsRemote, _In_ PSECURITY_QUALITY_OF_SERVICE ClientSecurityQos,
OUT PSECURITY_CLIENT_CONTEXT ClientContext) _In_ BOOLEAN ServerIsRemote,
_Out_ PSECURITY_CLIENT_CONTEXT ClientContext)
{ {
PACCESS_TOKEN Token; PACCESS_TOKEN Token;
NTSTATUS Status; NTSTATUS Status;
@ -837,8 +853,9 @@ SeCreateClientSecurityFromSubjectContext(IN PSECURITY_SUBJECT_CONTEXT SubjectCon
*/ */
NTSTATUS NTSTATUS
NTAPI NTAPI
SeImpersonateClientEx(IN PSECURITY_CLIENT_CONTEXT ClientContext, SeImpersonateClientEx(
IN PETHREAD ServerThread OPTIONAL) _In_ PSECURITY_CLIENT_CONTEXT ClientContext,
_In_opt_ PETHREAD ServerThread)
{ {
BOOLEAN EffectiveOnly; BOOLEAN EffectiveOnly;
PAGED_CODE(); PAGED_CODE();
@ -881,8 +898,9 @@ SeImpersonateClientEx(IN PSECURITY_CLIENT_CONTEXT ClientContext,
*/ */
VOID VOID
NTAPI NTAPI
SeImpersonateClient(IN PSECURITY_CLIENT_CONTEXT ClientContext, SeImpersonateClient(
IN PETHREAD ServerThread OPTIONAL) _In_ PSECURITY_CLIENT_CONTEXT ClientContext,
_In_opt_ PETHREAD ServerThread)
{ {
PAGED_CODE(); PAGED_CODE();

127
ntoskrnl/se/accesschk.c
View file

@ -66,18 +66,19 @@
* The function is currently incomplete! * The function is currently incomplete!
*/ */
BOOLEAN NTAPI BOOLEAN NTAPI
SepAccessCheck(IN PSECURITY_DESCRIPTOR SecurityDescriptor, SepAccessCheck(
IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor,
IN ACCESS_MASK DesiredAccess, _In_ PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext,
IN POBJECT_TYPE_LIST ObjectTypeList, _In_ ACCESS_MASK DesiredAccess,
IN ULONG ObjectTypeListLength, _In_ POBJECT_TYPE_LIST ObjectTypeList,
IN ACCESS_MASK PreviouslyGrantedAccess, _In_ ULONG ObjectTypeListLength,
OUT PPRIVILEGE_SET* Privileges, _In_ ACCESS_MASK PreviouslyGrantedAccess,
IN PGENERIC_MAPPING GenericMapping, _Out_ PPRIVILEGE_SET* Privileges,
IN KPROCESSOR_MODE AccessMode, _In_ PGENERIC_MAPPING GenericMapping,
OUT PACCESS_MASK GrantedAccessList, _In_ KPROCESSOR_MODE AccessMode,
OUT PNTSTATUS AccessStatusList, _Out_ PACCESS_MASK GrantedAccessList,
IN BOOLEAN UseResultList) _Out_ PNTSTATUS AccessStatusList,
_In_ BOOLEAN UseResultList)
{ {
ACCESS_MASK RemainingAccess; ACCESS_MASK RemainingAccess;
ACCESS_MASK TempAccess; ACCESS_MASK TempAccess;
@ -342,7 +343,8 @@ ReturnCommonStatus:
* Returns a SID that represents the main user (owner). * Returns a SID that represents the main user (owner).
*/ */
static PSID static PSID
SepGetSDOwner(IN PSECURITY_DESCRIPTOR _SecurityDescriptor) SepGetSDOwner(
_In_ PSECURITY_DESCRIPTOR _SecurityDescriptor)
{ {
PISECURITY_DESCRIPTOR SecurityDescriptor = _SecurityDescriptor; PISECURITY_DESCRIPTOR SecurityDescriptor = _SecurityDescriptor;
PSID Owner; PSID Owner;
@ -368,7 +370,8 @@ SepGetSDOwner(IN PSECURITY_DESCRIPTOR _SecurityDescriptor)
* Returns a SID that represents a group. * Returns a SID that represents a group.
*/ */
static PSID static PSID
SepGetSDGroup(IN PSECURITY_DESCRIPTOR _SecurityDescriptor) SepGetSDGroup(
_In_ PSECURITY_DESCRIPTOR _SecurityDescriptor)
{ {
PISECURITY_DESCRIPTOR SecurityDescriptor = _SecurityDescriptor; PISECURITY_DESCRIPTOR SecurityDescriptor = _SecurityDescriptor;
PSID Group; PSID Group;
@ -394,7 +397,8 @@ SepGetSDGroup(IN PSECURITY_DESCRIPTOR _SecurityDescriptor)
*/ */
static static
ULONG ULONG
SepGetPrivilegeSetLength(IN PPRIVILEGE_SET PrivilegeSet) SepGetPrivilegeSetLength(
_In_ PPRIVILEGE_SET PrivilegeSet)
{ {
if (PrivilegeSet == NULL) if (PrivilegeSet == NULL)
return 0; return 0;
@ -452,16 +456,17 @@ SepGetPrivilegeSetLength(IN PPRIVILEGE_SET PrivilegeSet)
*/ */
BOOLEAN BOOLEAN
NTAPI NTAPI
SeAccessCheck(IN PSECURITY_DESCRIPTOR SecurityDescriptor, SeAccessCheck(
IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor,
IN BOOLEAN SubjectContextLocked, _In_ PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext,
IN ACCESS_MASK DesiredAccess, _In_ BOOLEAN SubjectContextLocked,
IN ACCESS_MASK PreviouslyGrantedAccess, _In_ ACCESS_MASK DesiredAccess,
OUT PPRIVILEGE_SET* Privileges, _In_ ACCESS_MASK PreviouslyGrantedAccess,
IN PGENERIC_MAPPING GenericMapping, _Out_ PPRIVILEGE_SET* Privileges,
IN KPROCESSOR_MODE AccessMode, _In_ PGENERIC_MAPPING GenericMapping,
OUT PACCESS_MASK GrantedAccess, _In_ KPROCESSOR_MODE AccessMode,
OUT PNTSTATUS AccessStatus) _Out_ PACCESS_MASK GrantedAccess,
_Out_ PNTSTATUS AccessStatus)
{ {
BOOLEAN ret; BOOLEAN ret;
@ -593,10 +598,11 @@ SeAccessCheck(IN PSECURITY_DESCRIPTOR SecurityDescriptor,
*/ */
BOOLEAN BOOLEAN
NTAPI NTAPI
SeFastTraverseCheck(IN PSECURITY_DESCRIPTOR SecurityDescriptor, SeFastTraverseCheck(
IN PACCESS_STATE AccessState, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor,
IN ACCESS_MASK DesiredAccess, _In_ PACCESS_STATE AccessState,
IN KPROCESSOR_MODE AccessMode) _In_ ACCESS_MASK DesiredAccess,
_In_ KPROCESSOR_MODE AccessMode)
{ {
PACL Dacl; PACL Dacl;
ULONG AceIndex; ULONG AceIndex;
@ -702,14 +708,15 @@ SeFastTraverseCheck(IN PSECURITY_DESCRIPTOR SecurityDescriptor,
*/ */
NTSTATUS NTSTATUS
NTAPI NTAPI
NtAccessCheck(IN PSECURITY_DESCRIPTOR SecurityDescriptor, NtAccessCheck(
IN HANDLE TokenHandle, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor,
IN ACCESS_MASK DesiredAccess, _In_ HANDLE TokenHandle,
IN PGENERIC_MAPPING GenericMapping, _In_ ACCESS_MASK DesiredAccess,
OUT PPRIVILEGE_SET PrivilegeSet OPTIONAL, _In_ PGENERIC_MAPPING GenericMapping,
IN OUT PULONG PrivilegeSetLength, _Out_opt_ PPRIVILEGE_SET PrivilegeSet,
OUT PACCESS_MASK GrantedAccess, _Inout_ PULONG PrivilegeSetLength,
OUT PNTSTATUS AccessStatus) _Out_ PACCESS_MASK GrantedAccess,
_Out_ PNTSTATUS AccessStatus)
{ {
PSECURITY_DESCRIPTOR CapturedSecurityDescriptor = NULL; PSECURITY_DESCRIPTOR CapturedSecurityDescriptor = NULL;
SECURITY_SUBJECT_CONTEXT SubjectSecurityContext; SECURITY_SUBJECT_CONTEXT SubjectSecurityContext;
@ -988,17 +995,18 @@ NtAccessCheck(IN PSECURITY_DESCRIPTOR SecurityDescriptor,
*/ */
NTSTATUS NTSTATUS
NTAPI NTAPI
NtAccessCheckByType(IN PSECURITY_DESCRIPTOR SecurityDescriptor, NtAccessCheckByType(
IN PSID PrincipalSelfSid, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor,
IN HANDLE ClientToken, _In_ PSID PrincipalSelfSid,
IN ACCESS_MASK DesiredAccess, _In_ HANDLE ClientToken,
IN POBJECT_TYPE_LIST ObjectTypeList, _In_ ACCESS_MASK DesiredAccess,
IN ULONG ObjectTypeLength, _In_ POBJECT_TYPE_LIST ObjectTypeList,
IN PGENERIC_MAPPING GenericMapping, _In_ ULONG ObjectTypeLength,
IN PPRIVILEGE_SET PrivilegeSet, _In_ PGENERIC_MAPPING GenericMapping,
IN OUT PULONG PrivilegeSetLength, _In_ PPRIVILEGE_SET PrivilegeSet,
OUT PACCESS_MASK GrantedAccess, _Inout_ PULONG PrivilegeSetLength,
OUT PNTSTATUS AccessStatus) _Out_ PACCESS_MASK GrantedAccess,
_Out_ PNTSTATUS AccessStatus)
{ {
UNIMPLEMENTED; UNIMPLEMENTED;
return STATUS_NOT_IMPLEMENTED; return STATUS_NOT_IMPLEMENTED;
@ -1049,17 +1057,18 @@ NtAccessCheckByType(IN PSECURITY_DESCRIPTOR SecurityDescriptor,
*/ */
NTSTATUS NTSTATUS
NTAPI NTAPI
NtAccessCheckByTypeResultList(IN PSECURITY_DESCRIPTOR SecurityDescriptor, NtAccessCheckByTypeResultList(
IN PSID PrincipalSelfSid, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor,
IN HANDLE ClientToken, _In_ PSID PrincipalSelfSid,
IN ACCESS_MASK DesiredAccess, _In_ HANDLE ClientToken,
IN POBJECT_TYPE_LIST ObjectTypeList, _In_ ACCESS_MASK DesiredAccess,
IN ULONG ObjectTypeLength, _In_ POBJECT_TYPE_LIST ObjectTypeList,
IN PGENERIC_MAPPING GenericMapping, _In_ ULONG ObjectTypeLength,
IN PPRIVILEGE_SET PrivilegeSet, _In_ PGENERIC_MAPPING GenericMapping,
IN OUT PULONG PrivilegeSetLength, _In_ PPRIVILEGE_SET PrivilegeSet,
OUT PACCESS_MASK GrantedAccess, _Inout_ PULONG PrivilegeSetLength,
OUT PNTSTATUS AccessStatus) _Out_ PACCESS_MASK GrantedAccess,
_Out_ PNTSTATUS AccessStatus)
{ {
UNIMPLEMENTED; UNIMPLEMENTED;
return STATUS_NOT_IMPLEMENTED; return STATUS_NOT_IMPLEMENTED;

18
ntoskrnl/se/acl.c
View file

@ -349,11 +349,12 @@ SepCreateImpersonationTokenDacl(
*/ */
NTSTATUS NTSTATUS
NTAPI NTAPI
SepCaptureAcl(IN PACL InputAcl, SepCaptureAcl(
IN KPROCESSOR_MODE AccessMode, _In_ PACL InputAcl,
IN POOL_TYPE PoolType, _In_ KPROCESSOR_MODE AccessMode,
IN BOOLEAN CaptureIfKernel, _In_ POOL_TYPE PoolType,
OUT PACL *CapturedAcl) _In_ BOOLEAN CaptureIfKernel,
_Out_ PACL *CapturedAcl)
{ {
PACL NewAcl; PACL NewAcl;
ULONG AclSize = 0; ULONG AclSize = 0;
@ -455,9 +456,10 @@ SepCaptureAcl(IN PACL InputAcl,
*/ */
VOID VOID
NTAPI NTAPI
SepReleaseAcl(IN PACL CapturedAcl, SepReleaseAcl(
IN KPROCESSOR_MODE AccessMode, _In_ PACL CapturedAcl,
IN BOOLEAN CaptureIfKernel) _In_ KPROCESSOR_MODE AccessMode,
_In_ BOOLEAN CaptureIfKernel)
{ {
PAGED_CODE(); PAGED_CODE();

158
ntoskrnl/se/audit.c
View file

@ -31,7 +31,8 @@ UNICODE_STRING SeSubsystemName = RTL_CONSTANT_STRING(L"Security");
*/ */
BOOLEAN BOOLEAN
NTAPI NTAPI
SeDetailedAuditingWithToken(IN PTOKEN Token) SeDetailedAuditingWithToken(
_In_ PTOKEN Token)
{ {
/* FIXME */ /* FIXME */
return FALSE; return FALSE;
@ -52,7 +53,8 @@ SeDetailedAuditingWithToken(IN PTOKEN Token)
*/ */
VOID VOID
NTAPI NTAPI
SeAuditProcessCreate(IN PEPROCESS Process) SeAuditProcessCreate(
_In_ PEPROCESS Process)
{ {
/* FIXME */ /* FIXME */
} }
@ -72,7 +74,8 @@ SeAuditProcessCreate(IN PEPROCESS Process)
*/ */
VOID VOID
NTAPI NTAPI
SeAuditProcessExit(IN PEPROCESS Process) SeAuditProcessExit(
_In_ PEPROCESS Process)
{ {
/* FIXME */ /* FIXME */
} }
@ -99,9 +102,10 @@ SeAuditProcessExit(IN PEPROCESS Process)
*/ */
NTSTATUS NTSTATUS
NTAPI NTAPI
SeInitializeProcessAuditName(IN PFILE_OBJECT FileObject, SeInitializeProcessAuditName(
IN BOOLEAN DoAudit, _In_ PFILE_OBJECT FileObject,
OUT POBJECT_NAME_INFORMATION *AuditInfo) _In_ BOOLEAN DoAudit,
_Out_ POBJECT_NAME_INFORMATION *AuditInfo)
{ {
OBJECT_NAME_INFORMATION LocalNameInfo; OBJECT_NAME_INFORMATION LocalNameInfo;
POBJECT_NAME_INFORMATION ObjectNameInfo = NULL; POBJECT_NAME_INFORMATION ObjectNameInfo = NULL;
@ -192,8 +196,9 @@ SeInitializeProcessAuditName(IN PFILE_OBJECT FileObject,
*/ */
NTSTATUS NTSTATUS
NTAPI NTAPI
SeLocateProcessImageName(IN PEPROCESS Process, SeLocateProcessImageName(
OUT PUNICODE_STRING *ProcessImageName) _In_ PEPROCESS Process,
_Out_ PUNICODE_STRING *ProcessImageName)
{ {
POBJECT_NAME_INFORMATION AuditName; POBJECT_NAME_INFORMATION AuditName;
PUNICODE_STRING ImageName; PUNICODE_STRING ImageName;
@ -280,9 +285,9 @@ SeLocateProcessImageName(IN PEPROCESS Process,
VOID VOID
NTAPI NTAPI
SepAdtCloseObjectAuditAlarm( SepAdtCloseObjectAuditAlarm(
PUNICODE_STRING SubsystemName, _In_ PUNICODE_STRING SubsystemName,
PVOID HandleId, _In_ PVOID HandleId,
PSID Sid) _In_ PSID Sid)
{ {
UNIMPLEMENTED; UNIMPLEMENTED;
} }
@ -325,7 +330,7 @@ SepAdtCloseObjectAuditAlarm(
VOID VOID
NTAPI NTAPI
SepAdtPrivilegedServiceAuditAlarm( SepAdtPrivilegedServiceAuditAlarm(
PSECURITY_SUBJECT_CONTEXT SubjectContext, _In_ PSECURITY_SUBJECT_CONTEXT SubjectContext,
_In_opt_ PUNICODE_STRING SubsystemName, _In_opt_ PUNICODE_STRING SubsystemName,
_In_opt_ PUNICODE_STRING ServiceName, _In_opt_ PUNICODE_STRING ServiceName,
_In_ PTOKEN Token, _In_ PTOKEN Token,
@ -1060,9 +1065,10 @@ Cleanup:
*/ */
VOID VOID
NTAPI NTAPI
SeAuditHardLinkCreation(IN PUNICODE_STRING FileName, SeAuditHardLinkCreation(
IN PUNICODE_STRING LinkName, _In_ PUNICODE_STRING FileName,
IN BOOLEAN bSuccess) _In_ PUNICODE_STRING LinkName,
_In_ BOOLEAN bSuccess)
{ {
UNIMPLEMENTED; UNIMPLEMENTED;
} }
@ -1085,8 +1091,9 @@ SeAuditHardLinkCreation(IN PUNICODE_STRING FileName,
*/ */
BOOLEAN BOOLEAN
NTAPI NTAPI
SeAuditingFileEvents(IN BOOLEAN AccessGranted, SeAuditingFileEvents(
IN PSECURITY_DESCRIPTOR SecurityDescriptor) _In_ BOOLEAN AccessGranted,
_In_ PSECURITY_DESCRIPTOR SecurityDescriptor)
{ {
UNIMPLEMENTED; UNIMPLEMENTED;
return FALSE; return FALSE;
@ -1114,9 +1121,10 @@ SeAuditingFileEvents(IN BOOLEAN AccessGranted,
*/ */
BOOLEAN BOOLEAN
NTAPI NTAPI
SeAuditingFileEventsWithContext(IN BOOLEAN AccessGranted, SeAuditingFileEventsWithContext(
IN PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ BOOLEAN AccessGranted,
IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext OPTIONAL) _In_ PSECURITY_DESCRIPTOR SecurityDescriptor,
_In_opt_ PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext)
{ {
UNIMPLEMENTED_ONCE; UNIMPLEMENTED_ONCE;
return FALSE; return FALSE;
@ -1140,8 +1148,9 @@ SeAuditingFileEventsWithContext(IN BOOLEAN AccessGranted,
*/ */
BOOLEAN BOOLEAN
NTAPI NTAPI
SeAuditingHardLinkEvents(IN BOOLEAN AccessGranted, SeAuditingHardLinkEvents(
IN PSECURITY_DESCRIPTOR SecurityDescriptor) _In_ BOOLEAN AccessGranted,
_In_ PSECURITY_DESCRIPTOR SecurityDescriptor)
{ {
UNIMPLEMENTED; UNIMPLEMENTED;
return FALSE; return FALSE;
@ -1169,9 +1178,10 @@ SeAuditingHardLinkEvents(IN BOOLEAN AccessGranted,
*/ */
BOOLEAN BOOLEAN
NTAPI NTAPI
SeAuditingHardLinkEventsWithContext(IN BOOLEAN AccessGranted, SeAuditingHardLinkEventsWithContext(
IN PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ BOOLEAN AccessGranted,
IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext OPTIONAL) _In_ PSECURITY_DESCRIPTOR SecurityDescriptor,
_In_opt_ PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext)
{ {
UNIMPLEMENTED; UNIMPLEMENTED;
return FALSE; return FALSE;
@ -1199,9 +1209,10 @@ SeAuditingHardLinkEventsWithContext(IN BOOLEAN AccessGranted,
*/ */
BOOLEAN BOOLEAN
NTAPI NTAPI
SeAuditingFileOrGlobalEvents(IN BOOLEAN AccessGranted, SeAuditingFileOrGlobalEvents(
IN PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ BOOLEAN AccessGranted,
IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext) _In_ PSECURITY_DESCRIPTOR SecurityDescriptor,
_In_ PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext)
{ {
UNIMPLEMENTED; UNIMPLEMENTED;
return FALSE; return FALSE;
@ -1227,9 +1238,10 @@ SeAuditingFileOrGlobalEvents(IN BOOLEAN AccessGranted,
*/ */
VOID VOID
NTAPI NTAPI
SeCloseObjectAuditAlarm(IN PVOID Object, SeCloseObjectAuditAlarm(
IN HANDLE Handle, _In_ PVOID Object,
IN BOOLEAN PerformAction) _In_ HANDLE Handle,
_In_ BOOLEAN PerformAction)
{ {
UNIMPLEMENTED; UNIMPLEMENTED;
} }
@ -1249,8 +1261,9 @@ SeCloseObjectAuditAlarm(IN PVOID Object,
* Nothing. * Nothing.
*/ */
VOID NTAPI VOID NTAPI
SeDeleteObjectAuditAlarm(IN PVOID Object, SeDeleteObjectAuditAlarm(
IN HANDLE Handle) _In_ PVOID Object,
_In_ HANDLE Handle)
{ {
UNIMPLEMENTED; UNIMPLEMENTED;
} }
@ -1298,15 +1311,16 @@ SeDeleteObjectAuditAlarm(IN PVOID Object,
*/ */
VOID VOID
NTAPI NTAPI
SeOpenObjectAuditAlarm(IN PUNICODE_STRING ObjectTypeName, SeOpenObjectAuditAlarm(
IN PVOID Object OPTIONAL, _In_ PUNICODE_STRING ObjectTypeName,
IN PUNICODE_STRING AbsoluteObjectName OPTIONAL, _In_opt_ PVOID Object,
IN PSECURITY_DESCRIPTOR SecurityDescriptor, _In_opt_ PUNICODE_STRING AbsoluteObjectName,
IN PACCESS_STATE AccessState, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor,
IN BOOLEAN ObjectCreated, _In_ PACCESS_STATE AccessState,
IN BOOLEAN AccessGranted, _In_ BOOLEAN ObjectCreated,
IN KPROCESSOR_MODE AccessMode, _In_ BOOLEAN AccessGranted,
OUT PBOOLEAN GenerateOnClose) _In_ KPROCESSOR_MODE AccessMode,
_Out_ PBOOLEAN GenerateOnClose)
{ {
PAGED_CODE(); PAGED_CODE();
@ -1360,15 +1374,16 @@ SeOpenObjectAuditAlarm(IN PUNICODE_STRING ObjectTypeName,
* Nothing. * Nothing.
*/ */
VOID NTAPI VOID NTAPI
SeOpenObjectForDeleteAuditAlarm(IN PUNICODE_STRING ObjectTypeName, SeOpenObjectForDeleteAuditAlarm(
IN PVOID Object OPTIONAL, _In_ PUNICODE_STRING ObjectTypeName,
IN PUNICODE_STRING AbsoluteObjectName OPTIONAL, _In_opt_ PVOID Object,
IN PSECURITY_DESCRIPTOR SecurityDescriptor, _In_opt_ PUNICODE_STRING AbsoluteObjectName,
IN PACCESS_STATE AccessState, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor,
IN BOOLEAN ObjectCreated, _In_ PACCESS_STATE AccessState,
IN BOOLEAN AccessGranted, _In_ BOOLEAN ObjectCreated,
IN KPROCESSOR_MODE AccessMode, _In_ BOOLEAN AccessGranted,
OUT PBOOLEAN GenerateOnClose) _In_ KPROCESSOR_MODE AccessMode,
_Out_ PBOOLEAN GenerateOnClose)
{ {
UNIMPLEMENTED; UNIMPLEMENTED;
} }
@ -1404,12 +1419,13 @@ SeOpenObjectForDeleteAuditAlarm(IN PUNICODE_STRING ObjectTypeName,
*/ */
VOID VOID
NTAPI NTAPI
SePrivilegeObjectAuditAlarm(IN HANDLE Handle, SePrivilegeObjectAuditAlarm(
IN PSECURITY_SUBJECT_CONTEXT SubjectContext, _In_ HANDLE Handle,
IN ACCESS_MASK DesiredAccess, _In_ PSECURITY_SUBJECT_CONTEXT SubjectContext,
IN PPRIVILEGE_SET Privileges, _In_ ACCESS_MASK DesiredAccess,
IN BOOLEAN AccessGranted, _In_ PPRIVILEGE_SET Privileges,
IN KPROCESSOR_MODE CurrentMode) _In_ BOOLEAN AccessGranted,
_In_ KPROCESSOR_MODE CurrentMode)
{ {
UNIMPLEMENTED; UNIMPLEMENTED;
} }
@ -1441,9 +1457,9 @@ SePrivilegeObjectAuditAlarm(IN HANDLE Handle,
NTSTATUS NTSTATUS
NTAPI NTAPI
NtCloseObjectAuditAlarm( NtCloseObjectAuditAlarm(
PUNICODE_STRING SubsystemName, _In_ PUNICODE_STRING SubsystemName,
PVOID HandleId, _In_ PVOID HandleId,
BOOLEAN GenerateOnClose) _In_ BOOLEAN GenerateOnClose)
{ {
SECURITY_SUBJECT_CONTEXT SubjectContext; SECURITY_SUBJECT_CONTEXT SubjectContext;
UNICODE_STRING CapturedSubsystemName; UNICODE_STRING CapturedSubsystemName;
@ -1557,9 +1573,10 @@ Cleanup:
* To be added... * To be added...
*/ */
NTSTATUS NTAPI NTSTATUS NTAPI
NtDeleteObjectAuditAlarm(IN PUNICODE_STRING SubsystemName, NtDeleteObjectAuditAlarm(
IN PVOID HandleId, _In_ PUNICODE_STRING SubsystemName,
IN BOOLEAN GenerateOnClose) _In_ PVOID HandleId,
_In_ BOOLEAN GenerateOnClose)
{ {
UNIMPLEMENTED; UNIMPLEMENTED;
return STATUS_NOT_IMPLEMENTED; return STATUS_NOT_IMPLEMENTED;
@ -1969,7 +1986,7 @@ NtPrivilegedServiceAuditAlarm(
_In_opt_ PUNICODE_STRING ServiceName, _In_opt_ PUNICODE_STRING ServiceName,
_In_ HANDLE ClientTokenHandle, _In_ HANDLE ClientTokenHandle,
_In_ PPRIVILEGE_SET Privileges, _In_ PPRIVILEGE_SET Privileges,
_In_ BOOLEAN AccessGranted ) _In_ BOOLEAN AccessGranted)
{ {
KPROCESSOR_MODE PreviousMode; KPROCESSOR_MODE PreviousMode;
PTOKEN ClientToken; PTOKEN ClientToken;
@ -2147,12 +2164,13 @@ Cleanup:
* To be added... * To be added...
*/ */
NTSTATUS NTAPI NTSTATUS NTAPI
NtPrivilegeObjectAuditAlarm(IN PUNICODE_STRING SubsystemName, NtPrivilegeObjectAuditAlarm(
IN PVOID HandleId, _In_ PUNICODE_STRING SubsystemName,
IN HANDLE ClientToken, _In_ PVOID HandleId,
IN ULONG DesiredAccess, _In_ HANDLE ClientToken,
IN PPRIVILEGE_SET Privileges, _In_ ULONG DesiredAccess,
IN BOOLEAN AccessGranted) _In_ PPRIVILEGE_SET Privileges,
_In_ BOOLEAN AccessGranted)
{ {
UNIMPLEMENTED; UNIMPLEMENTED;
return STATUS_NOT_IMPLEMENTED; return STATUS_NOT_IMPLEMENTED;

79
ntoskrnl/se/priv.c
View file

@ -99,11 +99,12 @@ SepInitPrivileges(VOID)
*/ */
BOOLEAN BOOLEAN
NTAPI NTAPI
SepPrivilegeCheck(PTOKEN Token, SepPrivilegeCheck(
PLUID_AND_ATTRIBUTES Privileges, _In_ PTOKEN Token,
ULONG PrivilegeCount, _In_ PLUID_AND_ATTRIBUTES Privileges,
ULONG PrivilegeControl, _In_ ULONG PrivilegeCount,
KPROCESSOR_MODE PreviousMode) _In_ ULONG PrivilegeControl,
_In_ KPROCESSOR_MODE PreviousMode)
{ {
ULONG i; ULONG i;
ULONG j; ULONG j;
@ -185,9 +186,9 @@ SepPrivilegeCheck(PTOKEN Token,
NTSTATUS NTSTATUS
NTAPI NTAPI
SepSinglePrivilegeCheck( SepSinglePrivilegeCheck(
LUID PrivilegeValue, _In_ LUID PrivilegeValue,
PTOKEN Token, _In_ PTOKEN Token,
KPROCESSOR_MODE PreviousMode) _In_ KPROCESSOR_MODE PreviousMode)
{ {
LUID_AND_ATTRIBUTES Privilege; LUID_AND_ATTRIBUTES Privilege;
PAGED_CODE(); PAGED_CODE();
@ -430,15 +431,16 @@ SeCheckAuditPrivilege(
*/ */
NTSTATUS NTSTATUS
NTAPI NTAPI
SeCaptureLuidAndAttributesArray(PLUID_AND_ATTRIBUTES Src, SeCaptureLuidAndAttributesArray(
ULONG PrivilegeCount, _In_ PLUID_AND_ATTRIBUTES Src,
KPROCESSOR_MODE PreviousMode, _In_ ULONG PrivilegeCount,
PLUID_AND_ATTRIBUTES AllocatedMem, _In_ KPROCESSOR_MODE PreviousMode,
ULONG AllocatedLength, _In_opt_ PLUID_AND_ATTRIBUTES AllocatedMem,
POOL_TYPE PoolType, _In_opt_ ULONG AllocatedLength,
BOOLEAN CaptureIfKernel, _In_ POOL_TYPE PoolType,
PLUID_AND_ATTRIBUTES *Dest, _In_ BOOLEAN CaptureIfKernel,
PULONG Length) _Out_ PLUID_AND_ATTRIBUTES *Dest,
_Inout_ PULONG Length)
{ {
ULONG BufferSize; ULONG BufferSize;
NTSTATUS Status = STATUS_SUCCESS; NTSTATUS Status = STATUS_SUCCESS;
@ -543,9 +545,10 @@ SeCaptureLuidAndAttributesArray(PLUID_AND_ATTRIBUTES Src,
*/ */
VOID VOID
NTAPI NTAPI
SeReleaseLuidAndAttributesArray(PLUID_AND_ATTRIBUTES Privilege, SeReleaseLuidAndAttributesArray(
KPROCESSOR_MODE PreviousMode, _In_ PLUID_AND_ATTRIBUTES Privilege,
BOOLEAN CaptureIfKernel) _In_ KPROCESSOR_MODE PreviousMode,
_In_ BOOLEAN CaptureIfKernel)
{ {
PAGED_CODE(); PAGED_CODE();
@ -576,8 +579,9 @@ SeReleaseLuidAndAttributesArray(PLUID_AND_ATTRIBUTES Privilege,
*/ */
NTSTATUS NTSTATUS
NTAPI NTAPI
SeAppendPrivileges(IN OUT PACCESS_STATE AccessState, SeAppendPrivileges(
IN PPRIVILEGE_SET Privileges) _Inout_ PACCESS_STATE AccessState,
_In_ PPRIVILEGE_SET Privileges)
{ {
PAUX_ACCESS_DATA AuxData; PAUX_ACCESS_DATA AuxData;
ULONG OldPrivilegeSetSize; ULONG OldPrivilegeSetSize;
@ -656,7 +660,8 @@ SeAppendPrivileges(IN OUT PACCESS_STATE AccessState,
*/ */
VOID VOID
NTAPI NTAPI
SeFreePrivileges(IN PPRIVILEGE_SET Privileges) SeFreePrivileges(
_In_ PPRIVILEGE_SET Privileges)
{ {
PAGED_CODE(); PAGED_CODE();
ExFreePoolWithTag(Privileges, TAG_PRIVILEGE_SET); ExFreePoolWithTag(Privileges, TAG_PRIVILEGE_SET);
@ -684,9 +689,10 @@ SeFreePrivileges(IN PPRIVILEGE_SET Privileges)
*/ */
BOOLEAN BOOLEAN
NTAPI NTAPI
SePrivilegeCheck(PPRIVILEGE_SET Privileges, SePrivilegeCheck(
PSECURITY_SUBJECT_CONTEXT SubjectContext, _In_ PPRIVILEGE_SET Privileges,
KPROCESSOR_MODE PreviousMode) _In_ PSECURITY_SUBJECT_CONTEXT SubjectContext,
_In_ KPROCESSOR_MODE PreviousMode)
{ {
PACCESS_TOKEN Token = NULL; PACCESS_TOKEN Token = NULL;
@ -729,8 +735,9 @@ SePrivilegeCheck(PPRIVILEGE_SET Privileges,
*/ */
BOOLEAN BOOLEAN
NTAPI NTAPI
SeSinglePrivilegeCheck(IN LUID PrivilegeValue, SeSinglePrivilegeCheck(
IN KPROCESSOR_MODE PreviousMode) _In_ LUID PrivilegeValue,
_In_ KPROCESSOR_MODE PreviousMode)
{ {
SECURITY_SUBJECT_CONTEXT SubjectContext; SECURITY_SUBJECT_CONTEXT SubjectContext;
PRIVILEGE_SET Priv; PRIVILEGE_SET Priv;
@ -787,10 +794,11 @@ SeSinglePrivilegeCheck(IN LUID PrivilegeValue,
*/ */
BOOLEAN BOOLEAN
NTAPI NTAPI
SeCheckPrivilegedObject(IN LUID PrivilegeValue, SeCheckPrivilegedObject(
IN HANDLE ObjectHandle, _In_ LUID PrivilegeValue,
IN ACCESS_MASK DesiredAccess, _In_ HANDLE ObjectHandle,
IN KPROCESSOR_MODE PreviousMode) _In_ ACCESS_MASK DesiredAccess,
_In_ KPROCESSOR_MODE PreviousMode)
{ {
SECURITY_SUBJECT_CONTEXT SubjectContext; SECURITY_SUBJECT_CONTEXT SubjectContext;
PRIVILEGE_SET Priv; PRIVILEGE_SET Priv;
@ -851,9 +859,10 @@ SeCheckPrivilegedObject(IN LUID PrivilegeValue,
*/ */
NTSTATUS NTSTATUS
NTAPI NTAPI
NtPrivilegeCheck(IN HANDLE ClientToken, NtPrivilegeCheck(
IN PPRIVILEGE_SET RequiredPrivileges, _In_ HANDLE ClientToken,
OUT PBOOLEAN Result) _In_ PPRIVILEGE_SET RequiredPrivileges,
_Out_ PBOOLEAN Result)
{ {
PLUID_AND_ATTRIBUTES Privileges; PLUID_AND_ATTRIBUTES Privileges;
PTOKEN Token; PTOKEN Token;

39
ntoskrnl/se/sd.c
View file

@ -152,9 +152,10 @@ SepInitSDs(VOID)
*/ */
NTSTATUS NTSTATUS
NTAPI NTAPI
SeSetWorldSecurityDescriptor(SECURITY_INFORMATION SecurityInformation, SeSetWorldSecurityDescriptor(
PISECURITY_DESCRIPTOR SecurityDescriptor, _In_ SECURITY_INFORMATION SecurityInformation,
PULONG BufferLength) _In_ PISECURITY_DESCRIPTOR SecurityDescriptor,
_In_ PULONG BufferLength)
{ {
ULONG Current; ULONG Current;
ULONG SidSize; ULONG SidSize;
@ -263,9 +264,9 @@ SeSetWorldSecurityDescriptor(SECURITY_INFORMATION SecurityInformation,
static static
ULONG ULONG
DetermineSIDSize( DetermineSIDSize(
PISID Sid, _In_ PISID Sid,
PULONG OutSAC, _Inout_ PULONG OutSAC,
KPROCESSOR_MODE ProcessorMode) _In_ KPROCESSOR_MODE ProcessorMode)
{ {
ULONG Size; ULONG Size;
@ -309,8 +310,8 @@ DetermineSIDSize(
static static
ULONG ULONG
DetermineACLSize( DetermineACLSize(
PACL Acl, _In_ PACL Acl,
KPROCESSOR_MODE ProcessorMode) _In_ KPROCESSOR_MODE ProcessorMode)
{ {
ULONG Size; ULONG Size;
@ -359,11 +360,11 @@ DetermineACLSize(
NTSTATUS NTSTATUS
NTAPI NTAPI
SeCaptureSecurityDescriptor( SeCaptureSecurityDescriptor(
IN PSECURITY_DESCRIPTOR _OriginalSecurityDescriptor, _In_ PSECURITY_DESCRIPTOR _OriginalSecurityDescriptor,
IN KPROCESSOR_MODE CurrentMode, _In_ KPROCESSOR_MODE CurrentMode,
IN POOL_TYPE PoolType, _In_ POOL_TYPE PoolType,
IN BOOLEAN CaptureIfKernel, _In_ BOOLEAN CaptureIfKernel,
OUT PSECURITY_DESCRIPTOR *CapturedSecurityDescriptor) _Out_ PSECURITY_DESCRIPTOR *CapturedSecurityDescriptor)
{ {
PISECURITY_DESCRIPTOR OriginalDescriptor = _OriginalSecurityDescriptor; PISECURITY_DESCRIPTOR OriginalDescriptor = _OriginalSecurityDescriptor;
SECURITY_DESCRIPTOR DescriptorCopy; SECURITY_DESCRIPTOR DescriptorCopy;
@ -732,9 +733,10 @@ SeQuerySecurityDescriptorInfo(
*/ */
NTSTATUS NTSTATUS
NTAPI NTAPI
SeReleaseSecurityDescriptor(IN PSECURITY_DESCRIPTOR CapturedSecurityDescriptor, SeReleaseSecurityDescriptor(
IN KPROCESSOR_MODE CurrentMode, _In_ PSECURITY_DESCRIPTOR CapturedSecurityDescriptor,
IN BOOLEAN CaptureIfKernelMode) _In_ KPROCESSOR_MODE CurrentMode,
_In_ BOOLEAN CaptureIfKernelMode)
{ {
PAGED_CODE(); PAGED_CODE();
@ -998,8 +1000,9 @@ SeSetSecurityDescriptorInfoEx(
* FALSE otherwise. * FALSE otherwise.
*/ */
BOOLEAN NTAPI BOOLEAN NTAPI
SeValidSecurityDescriptor(IN ULONG Length, SeValidSecurityDescriptor(
IN PSECURITY_DESCRIPTOR _SecurityDescriptor) _In_ ULONG Length,
_In_ PSECURITY_DESCRIPTOR _SecurityDescriptor)
{ {
ULONG SdLength; ULONG SdLength;
PISID Sid; PISID Sid;

33
ntoskrnl/se/semgr.c
View file

@ -325,14 +325,14 @@ SeInitSystem(VOID)
* @param[in] SecurityInformation * @param[in] SecurityInformation
* Auxiliary security information of the object. * Auxiliary security information of the object.
* *
* @param[in] SecurityDescriptor * @param[in,out] SecurityDescriptor
* A security descriptor. This SD is used accordingly to the operation type * A security descriptor. This SD is used accordingly to the operation type
* requested by the caller. * requested by the caller.
* *
* @param[in] ReturnLength * @param[in,out] ReturnLength
* The length size of the queried security descriptor, in bytes. * The length size of the queried security descriptor, in bytes.
* *
* @param[in] OldSecurityDescriptor * @param[in,out] OldSecurityDescriptor
* The old SD that belonged to the object, in case we're either deleting * The old SD that belonged to the object, in case we're either deleting
* or replacing it. * or replacing it.
* *
@ -348,14 +348,15 @@ SeInitSystem(VOID)
*/ */
NTSTATUS NTSTATUS
NTAPI NTAPI
SeDefaultObjectMethod(IN PVOID Object, SeDefaultObjectMethod(
IN SECURITY_OPERATION_CODE OperationType, _In_ PVOID Object,
IN PSECURITY_INFORMATION SecurityInformation, _In_ SECURITY_OPERATION_CODE OperationType,
IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ PSECURITY_INFORMATION SecurityInformation,
IN OUT PULONG ReturnLength OPTIONAL, _Inout_ PSECURITY_DESCRIPTOR SecurityDescriptor,
IN OUT PSECURITY_DESCRIPTOR *OldSecurityDescriptor, _Inout_opt_ PULONG ReturnLength,
IN POOL_TYPE PoolType, _Inout_ PSECURITY_DESCRIPTOR *OldSecurityDescriptor,
IN PGENERIC_MAPPING GenericMapping) _In_ POOL_TYPE PoolType,
_In_ PGENERIC_MAPPING GenericMapping)
{ {
PAGED_CODE(); PAGED_CODE();
@ -423,8 +424,9 @@ SeDefaultObjectMethod(IN PVOID Object,
*/ */
VOID VOID
NTAPI NTAPI
SeQuerySecurityAccessMask(IN SECURITY_INFORMATION SecurityInformation, SeQuerySecurityAccessMask(
OUT PACCESS_MASK DesiredAccess) _In_ SECURITY_INFORMATION SecurityInformation,
_Out_ PACCESS_MASK DesiredAccess)
{ {
*DesiredAccess = 0; *DesiredAccess = 0;
@ -455,8 +457,9 @@ SeQuerySecurityAccessMask(IN SECURITY_INFORMATION SecurityInformation,
*/ */
VOID VOID
NTAPI NTAPI
SeSetSecurityAccessMask(IN SECURITY_INFORMATION SecurityInformation, SeSetSecurityAccessMask(
OUT PACCESS_MASK DesiredAccess) _In_ SECURITY_INFORMATION SecurityInformation,
_Out_ PACCESS_MASK DesiredAccess)
{ {
*DesiredAccess = 0; *DesiredAccess = 0;

18
ntoskrnl/se/sid.c
View file

@ -303,11 +303,12 @@ SepInitSecurityIDs(VOID)
*/ */
NTSTATUS NTSTATUS
NTAPI NTAPI
SepCaptureSid(IN PSID InputSid, SepCaptureSid(
IN KPROCESSOR_MODE AccessMode, _In_ PSID InputSid,
IN POOL_TYPE PoolType, _In_ KPROCESSOR_MODE AccessMode,
IN BOOLEAN CaptureIfKernel, _In_ POOL_TYPE PoolType,
OUT PSID *CapturedSid) _In_ BOOLEAN CaptureIfKernel,
_Out_ PSID *CapturedSid)
{ {
ULONG SidSize = 0; ULONG SidSize = 0;
PISID NewSid, Sid = (PISID)InputSid; PISID NewSid, Sid = (PISID)InputSid;
@ -388,9 +389,10 @@ SepCaptureSid(IN PSID InputSid,
*/ */
VOID VOID
NTAPI NTAPI
SepReleaseSid(IN PSID CapturedSid, SepReleaseSid(
IN KPROCESSOR_MODE AccessMode, _In_ PSID CapturedSid,
IN BOOLEAN CaptureIfKernel) _In_ KPROCESSOR_MODE AccessMode,
_In_ BOOLEAN CaptureIfKernel)
{ {
PAGED_CODE(); PAGED_CODE();

29
ntoskrnl/se/srm.c
View file

@ -24,7 +24,7 @@ typedef struct _SEP_LOGON_SESSION_TERMINATED_NOTIFICATION
VOID VOID
NTAPI NTAPI
SepRmCommandServerThread( SepRmCommandServerThread(
PVOID StartContext); _In_ PVOID StartContext);
static static
NTSTATUS NTSTATUS
@ -34,7 +34,7 @@ SepCleanupLUIDDeviceMapDirectory(
static static
NTSTATUS NTSTATUS
SepRmCreateLogonSession( SepRmCreateLogonSession(
PLUID LogonLuid); _In_ PLUID LogonLuid);
/* GLOBALS ********************************************************************/ /* GLOBALS ********************************************************************/
@ -322,7 +322,7 @@ SepAdtInitializeBounds(VOID)
static static
NTSTATUS NTSTATUS
SepRmSetAuditEvent( SepRmSetAuditEvent(
PSEP_RM_API_MESSAGE Message) _Inout_ PSEP_RM_API_MESSAGE Message)
{ {
ULONG i; ULONG i;
PAGED_CODE(); PAGED_CODE();
@ -496,7 +496,7 @@ SepRmRemoveLogonSessionFromToken(
* respective logon sessions management within the kernel, * respective logon sessions management within the kernel,
* as in form of a SEP_LOGON_SESSION_REFERENCES data structure. * as in form of a SEP_LOGON_SESSION_REFERENCES data structure.
* *
* @param[in,out] LogonLuid * @param[in] LogonLuid
* A logon ID represented as a LUID. This LUID is used to create * A logon ID represented as a LUID. This LUID is used to create
* our logon session and add it to the sessions database. * our logon session and add it to the sessions database.
* *
@ -510,7 +510,7 @@ SepRmRemoveLogonSessionFromToken(
static static
NTSTATUS NTSTATUS
SepRmCreateLogonSession( SepRmCreateLogonSession(
PLUID LogonLuid) _In_ PLUID LogonLuid)
{ {
PSEP_LOGON_SESSION_REFERENCES CurrentSession, NewSession; PSEP_LOGON_SESSION_REFERENCES CurrentSession, NewSession;
NTSTATUS Status; NTSTATUS Status;
@ -682,7 +682,7 @@ Leave:
* @brief * @brief
* References a logon session. * References a logon session.
* *
* @param[in,out] LogonLuid * @param[in] LogonLuid
* A valid LUID that points to the logon session in the database that * A valid LUID that points to the logon session in the database that
* we're going to reference it. * we're going to reference it.
* *
@ -693,7 +693,7 @@ Leave:
*/ */
NTSTATUS NTSTATUS
SepRmReferenceLogonSession( SepRmReferenceLogonSession(
PLUID LogonLuid) _In_ PLUID LogonLuid)
{ {
PSEP_LOGON_SESSION_REFERENCES CurrentSession; PSEP_LOGON_SESSION_REFERENCES CurrentSession;
@ -996,7 +996,7 @@ AllocateLinksAgain:
* that means the session is no longer used and can be safely deleted * that means the session is no longer used and can be safely deleted
* from the logon sessions database. * from the logon sessions database.
* *
* @param[in,out] LogonLuid * @param[in] LogonLuid
* A logon session ID to de-reference. * A logon session ID to de-reference.
* *
* @return * @return
@ -1006,7 +1006,7 @@ AllocateLinksAgain:
*/ */
NTSTATUS NTSTATUS
SepRmDereferenceLogonSession( SepRmDereferenceLogonSession(
PLUID LogonLuid) _In_ PLUID LogonLuid)
{ {
ULONG RefCount; ULONG RefCount;
PDEVICE_MAP DeviceMap; PDEVICE_MAP DeviceMap;
@ -1224,7 +1224,7 @@ Cleanup:
VOID VOID
NTAPI NTAPI
SepRmCommandServerThread( SepRmCommandServerThread(
PVOID StartContext) _In_ PVOID StartContext)
{ {
SEP_RM_API_MESSAGE Message; SEP_RM_API_MESSAGE Message;
PPORT_MESSAGE ReplyMessage; PPORT_MESSAGE ReplyMessage;
@ -1345,9 +1345,8 @@ SepRmCommandServerThread(
NTSTATUS NTSTATUS
NTAPI NTAPI
SeGetLogonIdDeviceMap( SeGetLogonIdDeviceMap(
IN PLUID LogonId, _In_ PLUID LogonId,
OUT PDEVICE_MAP * DeviceMap _Out_ PDEVICE_MAP *DeviceMap)
)
{ {
NTSTATUS Status; NTSTATUS Status;
WCHAR Buffer[63]; WCHAR Buffer[63];
@ -1571,7 +1570,7 @@ SeMarkLogonSessionForTerminationNotification(
NTSTATUS NTSTATUS
NTAPI NTAPI
SeRegisterLogonSessionTerminatedRoutine( SeRegisterLogonSessionTerminatedRoutine(
IN PSE_LOGON_SESSION_TERMINATED_ROUTINE CallbackRoutine) _In_ PSE_LOGON_SESSION_TERMINATED_ROUTINE CallbackRoutine)
{ {
PSEP_LOGON_SESSION_TERMINATED_NOTIFICATION Notification; PSEP_LOGON_SESSION_TERMINATED_NOTIFICATION Notification;
PAGED_CODE(); PAGED_CODE();
@ -1620,7 +1619,7 @@ SeRegisterLogonSessionTerminatedRoutine(
NTSTATUS NTSTATUS
NTAPI NTAPI
SeUnregisterLogonSessionTerminatedRoutine( SeUnregisterLogonSessionTerminatedRoutine(
IN PSE_LOGON_SESSION_TERMINATED_ROUTINE CallbackRoutine) _In_ PSE_LOGON_SESSION_TERMINATED_ROUTINE CallbackRoutine)
{ {
PSEP_LOGON_SESSION_TERMINATED_NOTIFICATION Current, Previous = NULL; PSEP_LOGON_SESSION_TERMINATED_NOTIFICATION Current, Previous = NULL;
NTSTATUS Status; NTSTATUS Status;

149
ntoskrnl/se/token.c
View file

@ -611,7 +611,8 @@ SepRemovePrivilegeToken(
*/ */
VOID VOID
NTAPI NTAPI
SepFreeProxyData(PVOID ProxyData) SepFreeProxyData(
_Inout_ PVOID ProxyData)
{ {
UNIMPLEMENTED; UNIMPLEMENTED;
} }
@ -624,7 +625,7 @@ SepFreeProxyData(PVOID ProxyData)
* @param[out] Dest * @param[out] Dest
* The destination path where the proxy data is to be copied to. * The destination path where the proxy data is to be copied to.
* *
* @param[out] Src * @param[in] Src
* The source path where the proxy data is be copied from. * The source path where the proxy data is be copied from.
* *
* @return * @return
@ -632,8 +633,9 @@ SepFreeProxyData(PVOID ProxyData)
*/ */
NTSTATUS NTSTATUS
NTAPI NTAPI
SepCopyProxyData(PVOID* Dest, SepCopyProxyData(
PVOID Src) _Out_ PVOID* Dest,
_In_ PVOID Src)
{ {
UNIMPLEMENTED; UNIMPLEMENTED;
return STATUS_NOT_IMPLEMENTED; return STATUS_NOT_IMPLEMENTED;
@ -744,7 +746,7 @@ SeExchangePrimaryToken(
* @brief * @brief
* Removes the primary token of a process. * Removes the primary token of a process.
* *
* @param[in, out] Process * @param[in,out] Process
* The process instance with the access token to be removed. * The process instance with the access token to be removed.
* *
* @return * @return
@ -752,7 +754,8 @@ SeExchangePrimaryToken(
*/ */
VOID VOID
NTAPI NTAPI
SeDeassignPrimaryToken(PEPROCESS Process) SeDeassignPrimaryToken(
_Inout_ PEPROCESS Process)
{ {
PTOKEN OldToken; PTOKEN OldToken;
@ -780,8 +783,9 @@ SeDeassignPrimaryToken(PEPROCESS Process)
* Returns the total length of a SID size. * Returns the total length of a SID size.
*/ */
static ULONG static ULONG
RtlLengthSidAndAttributes(ULONG Count, RtlLengthSidAndAttributes(
PSID_AND_ATTRIBUTES Src) _In_ ULONG Count,
_In_ PSID_AND_ATTRIBUTES Src)
{ {
ULONG i; ULONG i;
ULONG uLength; ULONG uLength;
@ -1216,10 +1220,11 @@ Quit:
*/ */
NTSTATUS NTSTATUS
NTAPI NTAPI
SeSubProcessToken(IN PTOKEN ParentToken, SeSubProcessToken(
OUT PTOKEN *Token, _In_ PTOKEN ParentToken,
IN BOOLEAN InUse, _Out_ PTOKEN *Token,
IN ULONG SessionId) _In_ BOOLEAN InUse,
_In_ ULONG SessionId)
{ {
PTOKEN NewToken; PTOKEN NewToken;
OBJECT_ATTRIBUTES ObjectAttributes; OBJECT_ATTRIBUTES ObjectAttributes;
@ -1275,8 +1280,9 @@ SeSubProcessToken(IN PTOKEN ParentToken,
*/ */
NTSTATUS NTSTATUS
NTAPI NTAPI
SeIsTokenChild(IN PTOKEN Token, SeIsTokenChild(
OUT PBOOLEAN IsChild) _In_ PTOKEN Token,
_Out_ PBOOLEAN IsChild)
{ {
PTOKEN ProcessToken; PTOKEN ProcessToken;
LUID ProcessTokenId, CallerParentId; LUID ProcessTokenId, CallerParentId;
@ -1323,8 +1329,9 @@ SeIsTokenChild(IN PTOKEN Token,
*/ */
NTSTATUS NTSTATUS
NTAPI NTAPI
SeIsTokenSibling(IN PTOKEN Token, SeIsTokenSibling(
OUT PBOOLEAN IsSibling) _In_ PTOKEN Token,
_Out_ PBOOLEAN IsSibling)
{ {
PTOKEN ProcessToken; PTOKEN ProcessToken;
LUID ProcessParentId, ProcessAuthId; LUID ProcessParentId, ProcessAuthId;
@ -1382,10 +1389,11 @@ SeIsTokenSibling(IN PTOKEN Token,
*/ */
NTSTATUS NTSTATUS
NTAPI NTAPI
SeCopyClientToken(IN PACCESS_TOKEN Token, SeCopyClientToken(
IN SECURITY_IMPERSONATION_LEVEL Level, _In_ PACCESS_TOKEN Token,
IN KPROCESSOR_MODE PreviousMode, _In_ SECURITY_IMPERSONATION_LEVEL Level,
OUT PACCESS_TOKEN* NewToken) _In_ KPROCESSOR_MODE PreviousMode,
_Out_ PACCESS_TOKEN* NewToken)
{ {
NTSTATUS Status; NTSTATUS Status;
OBJECT_ATTRIBUTES ObjectAttributes; OBJECT_ATTRIBUTES ObjectAttributes;
@ -1423,7 +1431,8 @@ SeCopyClientToken(IN PACCESS_TOKEN Token,
*/ */
VOID VOID
NTAPI NTAPI
SepDeleteToken(PVOID ObjectBody) SepDeleteToken(
_In_ PVOID ObjectBody)
{ {
NTSTATUS Status; NTSTATUS Status;
PTOKEN AccessToken = (PTOKEN)ObjectBody; PTOKEN AccessToken = (PTOKEN)ObjectBody;
@ -1503,8 +1512,9 @@ SepInitializeTokenImplementation(VOID)
*/ */
VOID VOID
NTAPI NTAPI
SeAssignPrimaryToken(IN PEPROCESS Process, SeAssignPrimaryToken(
IN PTOKEN Token) _In_ PEPROCESS Process,
_In_ PTOKEN Token)
{ {
PAGED_CODE(); PAGED_CODE();
@ -2180,12 +2190,13 @@ SepCreateSystemAnonymousLogonTokenNoEveryone(VOID)
*/ */
NTSTATUS NTSTATUS
NTAPI NTAPI
SeFilterToken(IN PACCESS_TOKEN ExistingToken, SeFilterToken(
IN ULONG Flags, _In_ PACCESS_TOKEN ExistingToken,
IN PTOKEN_GROUPS SidsToDisable OPTIONAL, _In_ ULONG Flags,
IN PTOKEN_PRIVILEGES PrivilegesToDelete OPTIONAL, _In_opt_ PTOKEN_GROUPS SidsToDisable,
IN PTOKEN_GROUPS RestrictedSids OPTIONAL, _In_opt_ PTOKEN_PRIVILEGES PrivilegesToDelete,
OUT PACCESS_TOKEN * FilteredToken) _In_opt_ PTOKEN_GROUPS RestrictedSids,
_Out_ PACCESS_TOKEN * FilteredToken)
{ {
UNIMPLEMENTED; UNIMPLEMENTED;
return STATUS_NOT_IMPLEMENTED; return STATUS_NOT_IMPLEMENTED;
@ -2575,8 +2586,9 @@ SeQueryInformationToken(
*/ */
NTSTATUS NTSTATUS
NTAPI NTAPI
SeQuerySessionIdToken(IN PACCESS_TOKEN Token, SeQuerySessionIdToken(
IN PULONG pSessionId) _In_ PACCESS_TOKEN Token,
_Out_ PULONG pSessionId)
{ {
PAGED_CODE(); PAGED_CODE();
@ -2606,8 +2618,9 @@ SeQuerySessionIdToken(IN PACCESS_TOKEN Token,
*/ */
NTSTATUS NTSTATUS
NTAPI NTAPI
SeQueryAuthenticationIdToken(IN PACCESS_TOKEN Token, SeQueryAuthenticationIdToken(
OUT PLUID LogonId) _In_ PACCESS_TOKEN Token,
_Out_ PLUID LogonId)
{ {
PAGED_CODE(); PAGED_CODE();
@ -2628,7 +2641,8 @@ SeQueryAuthenticationIdToken(IN PACCESS_TOKEN Token,
*/ */
SECURITY_IMPERSONATION_LEVEL SECURITY_IMPERSONATION_LEVEL
NTAPI NTAPI
SeTokenImpersonationLevel(IN PACCESS_TOKEN Token) SeTokenImpersonationLevel(
_In_ PACCESS_TOKEN Token)
{ {
PAGED_CODE(); PAGED_CODE();
@ -2646,8 +2660,10 @@ SeTokenImpersonationLevel(IN PACCESS_TOKEN Token)
* @return * @return
* Returns the token type from a valid token. * Returns the token type from a valid token.
*/ */
TOKEN_TYPE NTAPI TOKEN_TYPE
SeTokenType(IN PACCESS_TOKEN Token) NTAPI
SeTokenType(
_In_ PACCESS_TOKEN Token)
{ {
PAGED_CODE(); PAGED_CODE();
@ -2669,7 +2685,8 @@ SeTokenType(IN PACCESS_TOKEN Token)
*/ */
BOOLEAN BOOLEAN
NTAPI NTAPI
SeTokenIsAdmin(IN PACCESS_TOKEN Token) SeTokenIsAdmin(
_In_ PACCESS_TOKEN Token)
{ {
PAGED_CODE(); PAGED_CODE();
@ -2691,7 +2708,8 @@ SeTokenIsAdmin(IN PACCESS_TOKEN Token)
*/ */
BOOLEAN BOOLEAN
NTAPI NTAPI
SeTokenIsRestricted(IN PACCESS_TOKEN Token) SeTokenIsRestricted(
_In_ PACCESS_TOKEN Token)
{ {
PAGED_CODE(); PAGED_CODE();
@ -2715,7 +2733,8 @@ SeTokenIsRestricted(IN PACCESS_TOKEN Token)
*/ */
BOOLEAN BOOLEAN
NTAPI NTAPI
SeTokenIsWriteRestricted(IN PACCESS_TOKEN Token) SeTokenIsWriteRestricted(
_In_ PACCESS_TOKEN Token)
{ {
PAGED_CODE(); PAGED_CODE();
@ -4192,13 +4211,15 @@ NtDuplicateToken(
* @return * @return
* To be added... * To be added...
*/ */
NTSTATUS NTAPI NTSTATUS
NtAdjustGroupsToken(IN HANDLE TokenHandle, NTAPI
IN BOOLEAN ResetToDefault, NtAdjustGroupsToken(
IN PTOKEN_GROUPS NewState, _In_ HANDLE TokenHandle,
IN ULONG BufferLength, _In_ BOOLEAN ResetToDefault,
OUT PTOKEN_GROUPS PreviousState OPTIONAL, _In_ PTOKEN_GROUPS NewState,
OUT PULONG ReturnLength) _In_ ULONG BufferLength,
_Out_opt_ PTOKEN_GROUPS PreviousState,
_Out_ PULONG ReturnLength)
{ {
UNIMPLEMENTED; UNIMPLEMENTED;
return STATUS_NOT_IMPLEMENTED; return STATUS_NOT_IMPLEMENTED;
@ -4946,11 +4967,12 @@ Cleanup:
*/ */
NTSTATUS NTSTATUS
NTAPI NTAPI
NtOpenThreadTokenEx(IN HANDLE ThreadHandle, NtOpenThreadTokenEx(
IN ACCESS_MASK DesiredAccess, _In_ HANDLE ThreadHandle,
IN BOOLEAN OpenAsSelf, _In_ ACCESS_MASK DesiredAccess,
IN ULONG HandleAttributes, _In_ BOOLEAN OpenAsSelf,
OUT PHANDLE TokenHandle) _In_ ULONG HandleAttributes,
_Out_ PHANDLE TokenHandle)
{ {
PETHREAD Thread; PETHREAD Thread;
HANDLE hToken; HANDLE hToken;
@ -5145,11 +5167,13 @@ NtOpenThreadTokenEx(IN HANDLE ThreadHandle,
* @return * @return
* See NtOpenThreadTokenEx. * See NtOpenThreadTokenEx.
*/ */
NTSTATUS NTAPI NTSTATUS
NtOpenThreadToken(IN HANDLE ThreadHandle, NTAPI
IN ACCESS_MASK DesiredAccess, NtOpenThreadToken(
IN BOOLEAN OpenAsSelf, _In_ HANDLE ThreadHandle,
OUT PHANDLE TokenHandle) _In_ ACCESS_MASK DesiredAccess,
_In_ BOOLEAN OpenAsSelf,
_Out_ PHANDLE TokenHandle)
{ {
return NtOpenThreadTokenEx(ThreadHandle, DesiredAccess, OpenAsSelf, 0, return NtOpenThreadTokenEx(ThreadHandle, DesiredAccess, OpenAsSelf, 0,
TokenHandle); TokenHandle);
@ -5286,12 +5310,13 @@ NtCompareTokens(
*/ */
NTSTATUS NTSTATUS
NTAPI NTAPI
NtFilterToken(IN HANDLE ExistingTokenHandle, NtFilterToken(
IN ULONG Flags, _In_ HANDLE ExistingTokenHandle,
IN PTOKEN_GROUPS SidsToDisable OPTIONAL, _In_ ULONG Flags,
IN PTOKEN_PRIVILEGES PrivilegesToDelete OPTIONAL, _In_opt_ PTOKEN_GROUPS SidsToDisable,
IN PTOKEN_GROUPS RestrictedSids OPTIONAL, _In_opt_ PTOKEN_PRIVILEGES PrivilegesToDelete,
OUT PHANDLE NewTokenHandle) _In_opt_ PTOKEN_GROUPS RestrictedSids,
_Out_ PHANDLE NewTokenHandle)
{ {
UNIMPLEMENTED; UNIMPLEMENTED;
return STATUS_NOT_IMPLEMENTED; return STATUS_NOT_IMPLEMENTED;

136
sdk/include/ndk/sefuncs.h
View file

@ -37,8 +37,7 @@ SeCaptureSecurityDescriptor(
_In_ KPROCESSOR_MODE CurrentMode, _In_ KPROCESSOR_MODE CurrentMode,
_In_ POOL_TYPE PoolType, _In_ POOL_TYPE PoolType,
_In_ BOOLEAN CaptureIfKernel, _In_ BOOLEAN CaptureIfKernel,
_Out_ PSECURITY_DESCRIPTOR *CapturedSecurityDescriptor _Out_ PSECURITY_DESCRIPTOR *CapturedSecurityDescriptor);
);
NTKERNELAPI NTKERNELAPI
NTSTATUS NTSTATUS
@ -46,8 +45,7 @@ NTAPI
SeReleaseSecurityDescriptor( SeReleaseSecurityDescriptor(
_In_ PSECURITY_DESCRIPTOR CapturedSecurityDescriptor, _In_ PSECURITY_DESCRIPTOR CapturedSecurityDescriptor,
_In_ KPROCESSOR_MODE CurrentMode, _In_ KPROCESSOR_MODE CurrentMode,
_In_ BOOLEAN CaptureIfKernelMode _In_ BOOLEAN CaptureIfKernelMode);
);
// //
// Access States // Access States
@ -56,18 +54,16 @@ NTKERNELAPI
NTSTATUS NTSTATUS
NTAPI NTAPI
SeCreateAccessState( SeCreateAccessState(
PACCESS_STATE AccessState, _In_ PACCESS_STATE AccessState,
PAUX_ACCESS_DATA AuxData, _In_ PAUX_ACCESS_DATA AuxData,
ACCESS_MASK Access, _In_ ACCESS_MASK Access,
PGENERIC_MAPPING GenericMapping _In_ PGENERIC_MAPPING GenericMapping);
);
NTKERNELAPI NTKERNELAPI
VOID VOID
NTAPI NTAPI
SeDeleteAccessState( SeDeleteAccessState(
_In_ PACCESS_STATE AccessState _In_ PACCESS_STATE AccessState);
);
// //
// Impersonation // Impersonation
@ -76,8 +72,7 @@ NTKERNELAPI
SECURITY_IMPERSONATION_LEVEL SECURITY_IMPERSONATION_LEVEL
NTAPI NTAPI
SeTokenImpersonationLevel( SeTokenImpersonationLevel(
_In_ PACCESS_TOKEN Token _In_ PACCESS_TOKEN Token);
);
#endif #endif
@ -95,8 +90,7 @@ NtAccessCheck(
_Out_ PPRIVILEGE_SET PrivilegeSet, _Out_ PPRIVILEGE_SET PrivilegeSet,
_Out_ PULONG ReturnLength, _Out_ PULONG ReturnLength,
_Out_ PACCESS_MASK GrantedAccess, _Out_ PACCESS_MASK GrantedAccess,
_Out_ PNTSTATUS AccessStatus _Out_ PNTSTATUS AccessStatus);
);
NTSTATUS NTSTATUS
NTAPI NTAPI
@ -111,8 +105,7 @@ NtAccessCheckByType(
_In_ PPRIVILEGE_SET PrivilegeSet, _In_ PPRIVILEGE_SET PrivilegeSet,
_Inout_ PULONG PrivilegeSetLength, _Inout_ PULONG PrivilegeSetLength,
_Out_ PACCESS_MASK GrantedAccess, _Out_ PACCESS_MASK GrantedAccess,
_Out_ PNTSTATUS AccessStatus _Out_ PNTSTATUS AccessStatus);
);
NTSTATUS NTSTATUS
NTAPI NTAPI
@ -127,8 +120,7 @@ NtAccessCheckByTypeResultList(
_In_ PPRIVILEGE_SET PrivilegeSet, _In_ PPRIVILEGE_SET PrivilegeSet,
_Inout_ PULONG PrivilegeSetLength, _Inout_ PULONG PrivilegeSetLength,
_Out_ PACCESS_MASK GrantedAccess, _Out_ PACCESS_MASK GrantedAccess,
_Out_ PNTSTATUS AccessStatus _Out_ PNTSTATUS AccessStatus);
);
_Must_inspect_result_ _Must_inspect_result_
__kernel_entry NTSYSCALLAPI __kernel_entry NTSYSCALLAPI
@ -145,8 +137,7 @@ NtAccessCheckAndAuditAlarm(
_In_ BOOLEAN ObjectCreation, _In_ BOOLEAN ObjectCreation,
_Out_ PACCESS_MASK GrantedAccess, _Out_ PACCESS_MASK GrantedAccess,
_Out_ PNTSTATUS AccessStatus, _Out_ PNTSTATUS AccessStatus,
_Out_ PBOOLEAN GenerateOnClose _Out_ PBOOLEAN GenerateOnClose);
);
_Must_inspect_result_ _Must_inspect_result_
__kernel_entry __kernel_entry
@ -159,8 +150,7 @@ NtAdjustGroupsToken(
_In_opt_ PTOKEN_GROUPS NewState, _In_opt_ PTOKEN_GROUPS NewState,
_In_opt_ ULONG BufferLength, _In_opt_ ULONG BufferLength,
_Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_GROUPS PreviousState, _Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_GROUPS PreviousState,
_Out_ PULONG ReturnLength _Out_ PULONG ReturnLength);
);
_Must_inspect_result_ _Must_inspect_result_
__kernel_entry __kernel_entry
@ -173,25 +163,22 @@ NtAdjustPrivilegesToken(
_In_opt_ PTOKEN_PRIVILEGES NewState, _In_opt_ PTOKEN_PRIVILEGES NewState,
_In_ ULONG BufferLength, _In_ ULONG BufferLength,
_Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_PRIVILEGES PreviousState, _Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_PRIVILEGES PreviousState,
_When_(PreviousState != NULL, _Out_) PULONG ReturnLength _When_(PreviousState != NULL, _Out_) PULONG ReturnLength);
);
NTSYSCALLAPI NTSYSCALLAPI
NTSTATUS NTSTATUS
NTAPI NTAPI
NtAllocateLocallyUniqueId( NtAllocateLocallyUniqueId(
_Out_ LUID *LocallyUniqueId _Out_ LUID *LocallyUniqueId);
);
NTSYSCALLAPI NTSYSCALLAPI
NTSTATUS NTSTATUS
NTAPI NTAPI
NtAllocateUuids( NtAllocateUuids(
PULARGE_INTEGER Time, _Out_ PULARGE_INTEGER Time,
PULONG Range, _Out_ PULONG Range,
PULONG Sequence, _Out_ PULONG Sequence,
PUCHAR Seed _Out_ PUCHAR Seed);
);
NTSYSCALLAPI NTSYSCALLAPI
NTSTATUS NTSTATUS
@ -218,8 +205,7 @@ NtCreateToken(
_In_opt_ PTOKEN_OWNER TokenOwner, _In_opt_ PTOKEN_OWNER TokenOwner,
_In_ PTOKEN_PRIMARY_GROUP TokenPrimaryGroup, _In_ PTOKEN_PRIMARY_GROUP TokenPrimaryGroup,
_In_opt_ PTOKEN_DEFAULT_DACL TokenDefaultDacl, _In_opt_ PTOKEN_DEFAULT_DACL TokenDefaultDacl,
_In_ PTOKEN_SOURCE TokenSource _In_ PTOKEN_SOURCE TokenSource);
);
_Must_inspect_result_ _Must_inspect_result_
__kernel_entry __kernel_entry
@ -232,15 +218,13 @@ NtDuplicateToken(
_In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes,
_In_ BOOLEAN EffectiveOnly, _In_ BOOLEAN EffectiveOnly,
_In_ TOKEN_TYPE TokenType, _In_ TOKEN_TYPE TokenType,
_Out_ PHANDLE NewTokenHandle _Out_ PHANDLE NewTokenHandle);
);
NTSYSCALLAPI NTSYSCALLAPI
NTSTATUS NTSTATUS
NTAPI NTAPI
NtImpersonateAnonymousToken( NtImpersonateAnonymousToken(
_In_ HANDLE ThreadHandle _In_ HANDLE ThreadHandle);
);
__kernel_entry __kernel_entry
NTSYSCALLAPI NTSYSCALLAPI
@ -258,8 +242,7 @@ NtOpenObjectAuditAlarm(
_In_opt_ PPRIVILEGE_SET Privileges, _In_opt_ PPRIVILEGE_SET Privileges,
_In_ BOOLEAN ObjectCreation, _In_ BOOLEAN ObjectCreation,
_In_ BOOLEAN AccessGranted, _In_ BOOLEAN AccessGranted,
_Out_ PBOOLEAN GenerateOnClose _Out_ PBOOLEAN GenerateOnClose);
);
NTSYSCALLAPI NTSYSCALLAPI
NTSTATUS NTSTATUS
@ -268,8 +251,7 @@ NtOpenProcessTokenEx(
_In_ HANDLE ProcessHandle, _In_ HANDLE ProcessHandle,
_In_ ACCESS_MASK DesiredAccess, _In_ ACCESS_MASK DesiredAccess,
_In_ ULONG HandleAttributes, _In_ ULONG HandleAttributes,
_Out_ PHANDLE TokenHandle _Out_ PHANDLE TokenHandle);
);
_Must_inspect_result_ _Must_inspect_result_
__kernel_entry __kernel_entry
@ -279,8 +261,7 @@ NTAPI
NtPrivilegeCheck( NtPrivilegeCheck(
_In_ HANDLE ClientToken, _In_ HANDLE ClientToken,
_Inout_ PPRIVILEGE_SET RequiredPrivileges, _Inout_ PPRIVILEGE_SET RequiredPrivileges,
_Out_ PBOOLEAN Result _Out_ PBOOLEAN Result);
);
NTSYSCALLAPI NTSYSCALLAPI
NTSTATUS NTSTATUS
@ -290,8 +271,7 @@ NtPrivilegedServiceAuditAlarm(
_In_ PUNICODE_STRING ServiceName, _In_ PUNICODE_STRING ServiceName,
_In_ HANDLE ClientToken, _In_ HANDLE ClientToken,
_In_ PPRIVILEGE_SET Privileges, _In_ PPRIVILEGE_SET Privileges,
_In_ BOOLEAN AccessGranted _In_ BOOLEAN AccessGranted);
);
__kernel_entry __kernel_entry
NTSYSCALLAPI NTSYSCALLAPI
@ -303,8 +283,7 @@ NtPrivilegeObjectAuditAlarm(
_In_ HANDLE ClientToken, _In_ HANDLE ClientToken,
_In_ ACCESS_MASK DesiredAccess, _In_ ACCESS_MASK DesiredAccess,
_In_ PPRIVILEGE_SET Privileges, _In_ PPRIVILEGE_SET Privileges,
_In_ BOOLEAN AccessGranted _In_ BOOLEAN AccessGranted);
);
_When_(TokenInformationClass == TokenAccessInformation, _When_(TokenInformationClass == TokenAccessInformation,
_At_(TokenInformationLength, _In_range_(>=, sizeof(TOKEN_ACCESS_INFORMATION)))) _At_(TokenInformationLength, _In_range_(>=, sizeof(TOKEN_ACCESS_INFORMATION))))
@ -318,8 +297,7 @@ NtQueryInformationToken(
_In_ TOKEN_INFORMATION_CLASS TokenInformationClass, _In_ TOKEN_INFORMATION_CLASS TokenInformationClass,
_Out_writes_bytes_to_opt_(TokenInformationLength, *ReturnLength) PVOID TokenInformation, _Out_writes_bytes_to_opt_(TokenInformationLength, *ReturnLength) PVOID TokenInformation,
_In_ ULONG TokenInformationLength, _In_ ULONG TokenInformationLength,
_Out_ PULONG ReturnLength _Out_ PULONG ReturnLength);
);
_Must_inspect_result_ _Must_inspect_result_
__kernel_entry __kernel_entry
@ -330,8 +308,7 @@ NtSetInformationToken(
_In_ HANDLE TokenHandle, _In_ HANDLE TokenHandle,
_In_ TOKEN_INFORMATION_CLASS TokenInformationClass, _In_ TOKEN_INFORMATION_CLASS TokenInformationClass,
_In_reads_bytes_(TokenInformationLength) PVOID TokenInformation, _In_reads_bytes_(TokenInformationLength) PVOID TokenInformation,
_In_ ULONG TokenInformationLength _In_ ULONG TokenInformationLength);
);
NTSYSAPI NTSYSAPI
NTSTATUS NTSTATUS
@ -344,8 +321,7 @@ ZwAccessCheck(
_Out_ PPRIVILEGE_SET PrivilegeSet, _Out_ PPRIVILEGE_SET PrivilegeSet,
_Out_ PULONG ReturnLength, _Out_ PULONG ReturnLength,
_Out_ PACCESS_MASK GrantedAccess, _Out_ PACCESS_MASK GrantedAccess,
_Out_ PNTSTATUS AccessStatus _Out_ PNTSTATUS AccessStatus);
);
NTSYSAPI NTSYSAPI
NTSTATUS NTSTATUS
@ -356,8 +332,7 @@ ZwAdjustGroupsToken(
_In_ PTOKEN_GROUPS NewState, _In_ PTOKEN_GROUPS NewState,
_In_ ULONG BufferLength, _In_ ULONG BufferLength,
_Out_opt_ PTOKEN_GROUPS PreviousState, _Out_opt_ PTOKEN_GROUPS PreviousState,
_Out_ PULONG ReturnLength _Out_ PULONG ReturnLength);
);
_Must_inspect_result_ _Must_inspect_result_
NTSYSAPI NTSYSAPI
@ -369,25 +344,22 @@ ZwAdjustPrivilegesToken(
_In_opt_ PTOKEN_PRIVILEGES NewState, _In_opt_ PTOKEN_PRIVILEGES NewState,
_In_ ULONG BufferLength, _In_ ULONG BufferLength,
_Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_PRIVILEGES PreviousState, _Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_PRIVILEGES PreviousState,
_When_(PreviousState != NULL, _Out_) PULONG ReturnLength _When_(PreviousState != NULL, _Out_) PULONG ReturnLength);
);
NTSYSAPI NTSYSAPI
NTSTATUS NTSTATUS
NTAPI NTAPI
ZwAllocateLocallyUniqueId( ZwAllocateLocallyUniqueId(
_Out_ LUID *LocallyUniqueId _Out_ LUID *LocallyUniqueId);
);
NTSYSAPI NTSYSAPI
NTSTATUS NTSTATUS
NTAPI NTAPI
ZwAllocateUuids( ZwAllocateUuids(
PULARGE_INTEGER Time, _Out_ PULARGE_INTEGER Time,
PULONG Range, _Out_ PULONG Range,
PULONG Sequence, _Out_ PULONG Sequence,
PUCHAR Seed _Out_ PUCHAR Seed);
);
NTSYSAPI NTSYSAPI
NTSTATUS NTSTATUS
@ -405,8 +377,7 @@ ZwCreateToken(
_In_ PTOKEN_OWNER TokenOwner, _In_ PTOKEN_OWNER TokenOwner,
_In_ PTOKEN_PRIMARY_GROUP TokenPrimaryGroup, _In_ PTOKEN_PRIMARY_GROUP TokenPrimaryGroup,
_In_ PTOKEN_DEFAULT_DACL TokenDefaultDacl, _In_ PTOKEN_DEFAULT_DACL TokenDefaultDacl,
_In_ PTOKEN_SOURCE TokenSource _In_ PTOKEN_SOURCE TokenSource);
);
_IRQL_requires_max_(PASSIVE_LEVEL) _IRQL_requires_max_(PASSIVE_LEVEL)
NTSYSAPI NTSYSAPI
@ -418,15 +389,13 @@ ZwDuplicateToken(
_In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes,
_In_ BOOLEAN EffectiveOnly, _In_ BOOLEAN EffectiveOnly,
_In_ TOKEN_TYPE TokenType, _In_ TOKEN_TYPE TokenType,
_Out_ PHANDLE NewTokenHandle _Out_ PHANDLE NewTokenHandle);
);
NTSYSAPI NTSYSAPI
NTSTATUS NTSTATUS
NTAPI NTAPI
ZwImpersonateAnonymousToken( ZwImpersonateAnonymousToken(
_In_ HANDLE Thread _In_ HANDLE Thread);
);
NTSYSAPI NTSYSAPI
NTSTATUS NTSTATUS
@ -443,8 +412,7 @@ ZwOpenObjectAuditAlarm(
_In_ PPRIVILEGE_SET Privileges, _In_ PPRIVILEGE_SET Privileges,
_In_ BOOLEAN ObjectCreation, _In_ BOOLEAN ObjectCreation,
_In_ BOOLEAN AccessGranted, _In_ BOOLEAN AccessGranted,
_Out_ PBOOLEAN GenerateOnClose _Out_ PBOOLEAN GenerateOnClose);
);
_IRQL_requires_max_(PASSIVE_LEVEL) _IRQL_requires_max_(PASSIVE_LEVEL)
NTSYSAPI NTSYSAPI
@ -453,8 +421,7 @@ NTAPI
ZwOpenProcessToken( ZwOpenProcessToken(
_In_ HANDLE ProcessHandle, _In_ HANDLE ProcessHandle,
_In_ ACCESS_MASK DesiredAccess, _In_ ACCESS_MASK DesiredAccess,
_Out_ PHANDLE TokenHandle _Out_ PHANDLE TokenHandle);
);
NTSYSAPI NTSYSAPI
NTSTATUS NTSTATUS
@ -463,8 +430,7 @@ ZwOpenProcessTokenEx(
_In_ HANDLE ProcessHandle, _In_ HANDLE ProcessHandle,
_In_ ACCESS_MASK DesiredAccess, _In_ ACCESS_MASK DesiredAccess,
_In_ ULONG HandleAttributes, _In_ ULONG HandleAttributes,
_Out_ PHANDLE TokenHandle _Out_ PHANDLE TokenHandle);
);
NTSYSAPI NTSYSAPI
NTSTATUS NTSTATUS
@ -472,8 +438,7 @@ NTAPI
ZwPrivilegeCheck( ZwPrivilegeCheck(
_In_ HANDLE ClientToken, _In_ HANDLE ClientToken,
_In_ PPRIVILEGE_SET RequiredPrivileges, _In_ PPRIVILEGE_SET RequiredPrivileges,
_In_ PBOOLEAN Result _In_ PBOOLEAN Result);
);
NTSYSAPI NTSYSAPI
NTSTATUS NTSTATUS
@ -483,8 +448,7 @@ ZwPrivilegedServiceAuditAlarm(
_In_ PUNICODE_STRING ServiceName, _In_ PUNICODE_STRING ServiceName,
_In_ HANDLE ClientToken, _In_ HANDLE ClientToken,
_In_ PPRIVILEGE_SET Privileges, _In_ PPRIVILEGE_SET Privileges,
_In_ BOOLEAN AccessGranted _In_ BOOLEAN AccessGranted);
);
NTSYSAPI NTSYSAPI
NTSTATUS NTSTATUS
@ -495,8 +459,7 @@ ZwPrivilegeObjectAuditAlarm(
_In_ HANDLE ClientToken, _In_ HANDLE ClientToken,
_In_ ULONG DesiredAccess, _In_ ULONG DesiredAccess,
_In_ PPRIVILEGE_SET Privileges, _In_ PPRIVILEGE_SET Privileges,
_In_ BOOLEAN AccessGranted _In_ BOOLEAN AccessGranted);
);
_IRQL_requires_max_(PASSIVE_LEVEL) _IRQL_requires_max_(PASSIVE_LEVEL)
NTSYSAPI NTSYSAPI
@ -507,8 +470,7 @@ ZwQueryInformationToken(
_In_ TOKEN_INFORMATION_CLASS TokenInformationClass, _In_ TOKEN_INFORMATION_CLASS TokenInformationClass,
_Out_writes_bytes_to_opt_(Length,*ResultLength) PVOID TokenInformation, _Out_writes_bytes_to_opt_(Length,*ResultLength) PVOID TokenInformation,
_In_ ULONG Length, _In_ ULONG Length,
_Out_ PULONG ResultLength _Out_ PULONG ResultLength);
);
NTSYSAPI NTSYSAPI
NTSTATUS NTSTATUS
@ -517,6 +479,6 @@ ZwSetInformationToken(
_In_ HANDLE TokenHandle, _In_ HANDLE TokenHandle,
_In_ TOKEN_INFORMATION_CLASS TokenInformationClass, _In_ TOKEN_INFORMATION_CLASS TokenInformationClass,
_Out_ PVOID TokenInformation, _Out_ PVOID TokenInformation,
_In_ ULONG TokenInformationLength _In_ ULONG TokenInformationLength);
);
#endif #endif