mirror of
https://github.com/reactos/reactos.git
synced 2024-06-29 01:12:06 +00:00
- Reformat Se code and put functions to more appropriate locations.
svn path=/trunk/; revision=33129
This commit is contained in:
parent
c72bfe8de2
commit
9dc0da2dea
|
@ -40,8 +40,8 @@ static BOOLEAN UuidSequenceInitialized = FALSE;
|
||||||
static BOOLEAN UuidSequenceChanged = FALSE;
|
static BOOLEAN UuidSequenceChanged = FALSE;
|
||||||
static UCHAR UuidSeed[SEED_BUFFER_SIZE];
|
static UCHAR UuidSeed[SEED_BUFFER_SIZE];
|
||||||
static ULONG UuidCount;
|
static ULONG UuidCount;
|
||||||
|
static LARGE_INTEGER LuidIncrement;
|
||||||
|
static LARGE_INTEGER LuidValue;
|
||||||
|
|
||||||
/* FUNCTIONS ****************************************************************/
|
/* FUNCTIONS ****************************************************************/
|
||||||
|
|
||||||
|
@ -214,6 +214,91 @@ ExpCreateUuids(PULARGE_INTEGER Time,
|
||||||
return STATUS_SUCCESS;
|
return STATUS_SUCCESS;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
VOID
|
||||||
|
INIT_FUNCTION
|
||||||
|
NTAPI
|
||||||
|
ExpInitLuid(VOID)
|
||||||
|
{
|
||||||
|
LUID DummyLuidValue = SYSTEM_LUID;
|
||||||
|
|
||||||
|
LuidValue.u.HighPart = DummyLuidValue.HighPart;
|
||||||
|
LuidValue.u.LowPart = DummyLuidValue.LowPart;
|
||||||
|
LuidIncrement.QuadPart = 1;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
NTSTATUS
|
||||||
|
NTAPI
|
||||||
|
ExpAllocateLocallyUniqueId(OUT LUID *LocallyUniqueId)
|
||||||
|
{
|
||||||
|
LARGE_INTEGER NewLuid, PrevLuid;
|
||||||
|
|
||||||
|
/* atomically increment the luid */
|
||||||
|
do
|
||||||
|
{
|
||||||
|
PrevLuid = LuidValue;
|
||||||
|
NewLuid = RtlLargeIntegerAdd(PrevLuid,
|
||||||
|
LuidIncrement);
|
||||||
|
} while(ExfInterlockedCompareExchange64(&LuidValue.QuadPart,
|
||||||
|
&NewLuid.QuadPart,
|
||||||
|
&PrevLuid.QuadPart) != PrevLuid.QuadPart);
|
||||||
|
|
||||||
|
LocallyUniqueId->LowPart = NewLuid.u.LowPart;
|
||||||
|
LocallyUniqueId->HighPart = NewLuid.u.HighPart;
|
||||||
|
|
||||||
|
return STATUS_SUCCESS;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/*
|
||||||
|
* @implemented
|
||||||
|
*/
|
||||||
|
NTSTATUS STDCALL
|
||||||
|
NtAllocateLocallyUniqueId(OUT LUID *LocallyUniqueId)
|
||||||
|
{
|
||||||
|
LUID NewLuid;
|
||||||
|
KPROCESSOR_MODE PreviousMode;
|
||||||
|
NTSTATUS Status = STATUS_SUCCESS;
|
||||||
|
|
||||||
|
PAGED_CODE();
|
||||||
|
|
||||||
|
PreviousMode = ExGetPreviousMode();
|
||||||
|
|
||||||
|
if(PreviousMode != KernelMode)
|
||||||
|
{
|
||||||
|
_SEH_TRY
|
||||||
|
{
|
||||||
|
ProbeForWrite(LocallyUniqueId,
|
||||||
|
sizeof(LUID),
|
||||||
|
sizeof(ULONG));
|
||||||
|
}
|
||||||
|
_SEH_HANDLE
|
||||||
|
{
|
||||||
|
Status = _SEH_GetExceptionCode();
|
||||||
|
}
|
||||||
|
_SEH_END;
|
||||||
|
|
||||||
|
if(!NT_SUCCESS(Status))
|
||||||
|
{
|
||||||
|
return Status;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
Status = ExpAllocateLocallyUniqueId(&NewLuid);
|
||||||
|
|
||||||
|
_SEH_TRY
|
||||||
|
{
|
||||||
|
*LocallyUniqueId = NewLuid;
|
||||||
|
}
|
||||||
|
_SEH_HANDLE
|
||||||
|
{
|
||||||
|
Status = _SEH_GetExceptionCode();
|
||||||
|
}
|
||||||
|
_SEH_END;
|
||||||
|
|
||||||
|
return Status;
|
||||||
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* @unimplemented
|
* @unimplemented
|
||||||
*/
|
*/
|
||||||
|
|
|
@ -94,7 +94,7 @@ SeInitSRM(VOID);
|
||||||
|
|
||||||
VOID
|
VOID
|
||||||
NTAPI
|
NTAPI
|
||||||
SepInitLuid(VOID);
|
ExpInitLuid(VOID);
|
||||||
|
|
||||||
VOID
|
VOID
|
||||||
NTAPI
|
NTAPI
|
||||||
|
@ -315,6 +315,15 @@ SeSetWorldSecurityDescriptor(
|
||||||
PULONG BufferLength
|
PULONG BufferLength
|
||||||
);
|
);
|
||||||
|
|
||||||
|
NTSTATUS
|
||||||
|
STDCALL
|
||||||
|
SeCopyClientToken(
|
||||||
|
IN PACCESS_TOKEN Token,
|
||||||
|
IN SECURITY_IMPERSONATION_LEVEL Level,
|
||||||
|
IN KPROCESSOR_MODE PreviousMode,
|
||||||
|
OUT PACCESS_TOKEN* NewToken
|
||||||
|
);
|
||||||
|
|
||||||
#define SepAcquireTokenLockExclusive(Token) \
|
#define SepAcquireTokenLockExclusive(Token) \
|
||||||
do { \
|
do { \
|
||||||
KeEnterCriticalRegion(); \
|
KeEnterCriticalRegion(); \
|
||||||
|
|
|
@ -425,7 +425,6 @@
|
||||||
<file>acl.c</file>
|
<file>acl.c</file>
|
||||||
<file>audit.c</file>
|
<file>audit.c</file>
|
||||||
<file>lsa.c</file>
|
<file>lsa.c</file>
|
||||||
<file>luid.c</file>
|
|
||||||
<file>priv.c</file>
|
<file>priv.c</file>
|
||||||
<file>sd.c</file>
|
<file>sd.c</file>
|
||||||
<file>semgr.c</file>
|
<file>semgr.c</file>
|
||||||
|
|
|
@ -8,14 +8,114 @@
|
||||||
* Based on patch by Javier M. Mellid
|
* Based on patch by Javier M. Mellid
|
||||||
*/
|
*/
|
||||||
|
|
||||||
/* INCLUDES *****************************************************************/
|
/* INCLUDES *******************************************************************/
|
||||||
|
|
||||||
#include <ntoskrnl.h>
|
#include <ntoskrnl.h>
|
||||||
#define NDEBUG
|
#define NDEBUG
|
||||||
#include <internal/debug.h>
|
#include <debug.h>
|
||||||
|
|
||||||
/* FUNCTIONS ***************************************************************/
|
/* GLOBALS ********************************************************************/
|
||||||
|
|
||||||
|
ERESOURCE SepSubjectContextLock;
|
||||||
|
|
||||||
|
/* FUNCTIONS ******************************************************************/
|
||||||
|
|
||||||
|
/*
|
||||||
|
* @implemented
|
||||||
|
*/
|
||||||
|
VOID
|
||||||
|
NTAPI
|
||||||
|
SeCaptureSubjectContextEx(IN PETHREAD Thread,
|
||||||
|
IN PEPROCESS Process,
|
||||||
|
OUT PSECURITY_SUBJECT_CONTEXT SubjectContext)
|
||||||
|
{
|
||||||
|
BOOLEAN CopyOnOpen, EffectiveOnly;
|
||||||
|
PAGED_CODE();
|
||||||
|
|
||||||
|
/* Save the unique ID */
|
||||||
|
SubjectContext->ProcessAuditId = Process->UniqueProcessId;
|
||||||
|
|
||||||
|
/* Check if we have a thread */
|
||||||
|
if (!Thread)
|
||||||
|
{
|
||||||
|
/* We don't, so no token */
|
||||||
|
SubjectContext->ClientToken = NULL;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
/* Get the impersonation token */
|
||||||
|
SubjectContext->ClientToken = PsReferenceImpersonationToken(Thread,
|
||||||
|
&CopyOnOpen,
|
||||||
|
&EffectiveOnly,
|
||||||
|
&SubjectContext->ImpersonationLevel);
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Get the primary token */
|
||||||
|
SubjectContext->PrimaryToken = PsReferencePrimaryToken(Process);
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* @implemented
|
||||||
|
*/
|
||||||
|
VOID
|
||||||
|
NTAPI
|
||||||
|
SeCaptureSubjectContext(OUT PSECURITY_SUBJECT_CONTEXT SubjectContext)
|
||||||
|
{
|
||||||
|
/* Call the extended API */
|
||||||
|
SeCaptureSubjectContextEx(PsGetCurrentThread(),
|
||||||
|
PsGetCurrentProcess(),
|
||||||
|
SubjectContext);
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* @implemented
|
||||||
|
*/
|
||||||
|
VOID
|
||||||
|
NTAPI
|
||||||
|
SeLockSubjectContext(IN PSECURITY_SUBJECT_CONTEXT SubjectContext)
|
||||||
|
{
|
||||||
|
PAGED_CODE();
|
||||||
|
|
||||||
|
KeEnterCriticalRegion();
|
||||||
|
ExAcquireResourceExclusiveLite(&SepSubjectContextLock, TRUE);
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* @implemented
|
||||||
|
*/
|
||||||
|
VOID
|
||||||
|
NTAPI
|
||||||
|
SeUnlockSubjectContext(IN PSECURITY_SUBJECT_CONTEXT SubjectContext)
|
||||||
|
{
|
||||||
|
PAGED_CODE();
|
||||||
|
|
||||||
|
ExReleaseResourceLite(&SepSubjectContextLock);
|
||||||
|
KeLeaveCriticalRegion();
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* @implemented
|
||||||
|
*/
|
||||||
|
VOID
|
||||||
|
NTAPI
|
||||||
|
SeReleaseSubjectContext(IN PSECURITY_SUBJECT_CONTEXT SubjectContext)
|
||||||
|
{
|
||||||
|
PAGED_CODE();
|
||||||
|
|
||||||
|
if (SubjectContext->PrimaryToken != NULL)
|
||||||
|
{
|
||||||
|
ObFastDereferenceObject(&PsGetCurrentProcess()->Token, SubjectContext->PrimaryToken);
|
||||||
|
}
|
||||||
|
|
||||||
|
if (SubjectContext->ClientToken != NULL)
|
||||||
|
{
|
||||||
|
ObDereferenceObject(SubjectContext->ClientToken);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* @implemented
|
||||||
|
*/
|
||||||
NTSTATUS
|
NTSTATUS
|
||||||
NTAPI
|
NTAPI
|
||||||
SeCreateAccessStateEx(IN PETHREAD Thread,
|
SeCreateAccessStateEx(IN PETHREAD Thread,
|
||||||
|
@ -83,7 +183,7 @@ SeCreateAccessState(IN OUT PACCESS_STATE AccessState,
|
||||||
{
|
{
|
||||||
PAGED_CODE();
|
PAGED_CODE();
|
||||||
|
|
||||||
/* Call the internal API */
|
/* Call the extended API */
|
||||||
return SeCreateAccessStateEx(PsGetCurrentThread(),
|
return SeCreateAccessStateEx(PsGetCurrentThread(),
|
||||||
PsGetCurrentProcess(),
|
PsGetCurrentProcess(),
|
||||||
AccessState,
|
AccessState,
|
||||||
|
@ -127,8 +227,8 @@ SeDeleteAccessState(IN PACCESS_STATE AccessState)
|
||||||
*/
|
*/
|
||||||
VOID
|
VOID
|
||||||
STDCALL
|
STDCALL
|
||||||
SeSetAccessStateGenericMapping(PACCESS_STATE AccessState,
|
SeSetAccessStateGenericMapping(IN PACCESS_STATE AccessState,
|
||||||
PGENERIC_MAPPING GenericMapping)
|
IN PGENERIC_MAPPING GenericMapping)
|
||||||
{
|
{
|
||||||
PAGED_CODE();
|
PAGED_CODE();
|
||||||
|
|
||||||
|
@ -136,4 +236,137 @@ SeSetAccessStateGenericMapping(PACCESS_STATE AccessState,
|
||||||
((PAUX_DATA)AccessState->AuxData)->GenericMapping = *GenericMapping;
|
((PAUX_DATA)AccessState->AuxData)->GenericMapping = *GenericMapping;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* @implemented
|
||||||
|
*/
|
||||||
|
NTSTATUS
|
||||||
|
NTAPI
|
||||||
|
SeCreateClientSecurity(IN PETHREAD Thread,
|
||||||
|
IN PSECURITY_QUALITY_OF_SERVICE Qos,
|
||||||
|
IN BOOLEAN RemoteClient,
|
||||||
|
OUT PSECURITY_CLIENT_CONTEXT ClientContext)
|
||||||
|
{
|
||||||
|
TOKEN_TYPE TokenType;
|
||||||
|
BOOLEAN ThreadEffectiveOnly;
|
||||||
|
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
|
||||||
|
PACCESS_TOKEN Token;
|
||||||
|
NTSTATUS Status;
|
||||||
|
PACCESS_TOKEN NewToken;
|
||||||
|
PAGED_CODE();
|
||||||
|
|
||||||
|
Token = PsReferenceEffectiveToken(Thread,
|
||||||
|
&TokenType,
|
||||||
|
&ThreadEffectiveOnly,
|
||||||
|
&ImpersonationLevel);
|
||||||
|
if (TokenType != TokenImpersonation)
|
||||||
|
{
|
||||||
|
ClientContext->DirectAccessEffectiveOnly = Qos->EffectiveOnly;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
if (Qos->ImpersonationLevel > ImpersonationLevel)
|
||||||
|
{
|
||||||
|
if (Token) ObDereferenceObject(Token);
|
||||||
|
return STATUS_BAD_IMPERSONATION_LEVEL;
|
||||||
|
}
|
||||||
|
|
||||||
|
if ((ImpersonationLevel == SecurityAnonymous) ||
|
||||||
|
(ImpersonationLevel == SecurityIdentification) ||
|
||||||
|
((RemoteClient) && (ImpersonationLevel != SecurityDelegation)))
|
||||||
|
{
|
||||||
|
if (Token) ObDereferenceObject(Token);
|
||||||
|
return STATUS_BAD_IMPERSONATION_LEVEL;
|
||||||
|
}
|
||||||
|
|
||||||
|
ClientContext->DirectAccessEffectiveOnly = ((ThreadEffectiveOnly) ||
|
||||||
|
(Qos->EffectiveOnly)) ?
|
||||||
|
TRUE : FALSE;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (Qos->ContextTrackingMode == SECURITY_STATIC_TRACKING)
|
||||||
|
{
|
||||||
|
ClientContext->DirectlyAccessClientToken = FALSE;
|
||||||
|
Status = SeCopyClientToken(Token, ImpersonationLevel, 0, &NewToken);
|
||||||
|
if (!NT_SUCCESS(Status)) return Status;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
ClientContext->DirectlyAccessClientToken = TRUE;
|
||||||
|
if (RemoteClient != FALSE)
|
||||||
|
{
|
||||||
|
#if 0
|
||||||
|
SeGetTokenControlInformation(Token,
|
||||||
|
&ClientContext->ClientTokenControl);
|
||||||
|
#endif
|
||||||
|
}
|
||||||
|
|
||||||
|
NewToken = Token;
|
||||||
|
}
|
||||||
|
|
||||||
|
ClientContext->SecurityQos.Length = sizeof(SECURITY_QUALITY_OF_SERVICE);
|
||||||
|
ClientContext->SecurityQos.ImpersonationLevel = Qos->ImpersonationLevel;
|
||||||
|
ClientContext->SecurityQos.ContextTrackingMode = Qos->ContextTrackingMode;
|
||||||
|
ClientContext->SecurityQos.EffectiveOnly = Qos->EffectiveOnly;
|
||||||
|
ClientContext->ServerIsRemote = RemoteClient;
|
||||||
|
ClientContext->ClientToken = NewToken;
|
||||||
|
return STATUS_SUCCESS;
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* @unimplemented
|
||||||
|
*/
|
||||||
|
NTSTATUS
|
||||||
|
NTAPI
|
||||||
|
SeCreateClientSecurityFromSubjectContext(IN PSECURITY_SUBJECT_CONTEXT SubjectContext,
|
||||||
|
IN PSECURITY_QUALITY_OF_SERVICE ClientSecurityQos,
|
||||||
|
IN BOOLEAN ServerIsRemote,
|
||||||
|
OUT PSECURITY_CLIENT_CONTEXT ClientContext)
|
||||||
|
{
|
||||||
|
UNIMPLEMENTED;
|
||||||
|
return STATUS_NOT_IMPLEMENTED;
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* @unimplemented
|
||||||
|
*/
|
||||||
|
NTSTATUS
|
||||||
|
NTAPI
|
||||||
|
SeImpersonateClientEx(IN PSECURITY_CLIENT_CONTEXT ClientContext,
|
||||||
|
IN PETHREAD ServerThread OPTIONAL)
|
||||||
|
{
|
||||||
|
UNIMPLEMENTED;
|
||||||
|
return STATUS_NOT_IMPLEMENTED;
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* @implemented
|
||||||
|
*/
|
||||||
|
VOID
|
||||||
|
NTAPI
|
||||||
|
SeImpersonateClient(IN PSECURITY_CLIENT_CONTEXT ClientContext,
|
||||||
|
IN PETHREAD ServerThread OPTIONAL)
|
||||||
|
{
|
||||||
|
UCHAR b;
|
||||||
|
|
||||||
|
PAGED_CODE();
|
||||||
|
|
||||||
|
if (ClientContext->DirectlyAccessClientToken == FALSE)
|
||||||
|
{
|
||||||
|
b = ClientContext->SecurityQos.EffectiveOnly;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
b = ClientContext->DirectAccessEffectiveOnly;
|
||||||
|
}
|
||||||
|
if (ServerThread == NULL)
|
||||||
|
{
|
||||||
|
ServerThread = PsGetCurrentThread();
|
||||||
|
}
|
||||||
|
PsImpersonateClient(ServerThread,
|
||||||
|
ClientContext->ClientToken,
|
||||||
|
1,
|
||||||
|
b,
|
||||||
|
ClientContext->SecurityQos.ImpersonationLevel);
|
||||||
|
}
|
||||||
|
|
||||||
/* EOF */
|
/* EOF */
|
||||||
|
|
|
@ -7,218 +7,216 @@
|
||||||
* PROGRAMMERS: David Welch <welch@cwcom.net>
|
* PROGRAMMERS: David Welch <welch@cwcom.net>
|
||||||
*/
|
*/
|
||||||
|
|
||||||
/* INCLUDES *****************************************************************/
|
/* INCLUDES *******************************************************************/
|
||||||
|
|
||||||
#include <ntoskrnl.h>
|
#include <ntoskrnl.h>
|
||||||
#include <internal/debug.h>
|
#define NDEBUG
|
||||||
|
#include <debug.h>
|
||||||
|
|
||||||
#if defined (ALLOC_PRAGMA)
|
#if defined (ALLOC_PRAGMA)
|
||||||
#pragma alloc_text(INIT, SepInitDACLs)
|
#pragma alloc_text(INIT, SepInitDACLs)
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
/* GLOBALS ********************************************************************/
|
||||||
/* GLOBALS ******************************************************************/
|
|
||||||
|
|
||||||
PACL SePublicDefaultDacl = NULL;
|
PACL SePublicDefaultDacl = NULL;
|
||||||
PACL SeSystemDefaultDacl = NULL;
|
PACL SeSystemDefaultDacl = NULL;
|
||||||
|
|
||||||
PACL SePublicDefaultUnrestrictedDacl = NULL;
|
PACL SePublicDefaultUnrestrictedDacl = NULL;
|
||||||
PACL SePublicOpenDacl = NULL;
|
PACL SePublicOpenDacl = NULL;
|
||||||
PACL SePublicOpenUnrestrictedDacl = NULL;
|
PACL SePublicOpenUnrestrictedDacl = NULL;
|
||||||
PACL SeUnrestrictedDacl = NULL;
|
PACL SeUnrestrictedDacl = NULL;
|
||||||
|
|
||||||
|
/* FUNCTIONS ******************************************************************/
|
||||||
/* FUNCTIONS ****************************************************************/
|
|
||||||
|
|
||||||
BOOLEAN
|
BOOLEAN
|
||||||
INIT_FUNCTION
|
INIT_FUNCTION
|
||||||
NTAPI
|
NTAPI
|
||||||
SepInitDACLs(VOID)
|
SepInitDACLs(VOID)
|
||||||
{
|
{
|
||||||
ULONG AclLength;
|
ULONG AclLength;
|
||||||
|
|
||||||
/* create PublicDefaultDacl */
|
/* create PublicDefaultDacl */
|
||||||
AclLength = sizeof(ACL) +
|
AclLength = sizeof(ACL) +
|
||||||
(sizeof(ACE) + RtlLengthSid(SeWorldSid)) +
|
(sizeof(ACE) + RtlLengthSid(SeWorldSid)) +
|
||||||
(sizeof(ACE) + RtlLengthSid(SeLocalSystemSid));
|
(sizeof(ACE) + RtlLengthSid(SeLocalSystemSid));
|
||||||
|
|
||||||
SePublicDefaultDacl = ExAllocatePoolWithTag(PagedPool,
|
SePublicDefaultDacl = ExAllocatePoolWithTag(PagedPool,
|
||||||
AclLength,
|
AclLength,
|
||||||
TAG_ACL);
|
TAG_ACL);
|
||||||
if (SePublicDefaultDacl == NULL)
|
if (SePublicDefaultDacl == NULL)
|
||||||
return FALSE;
|
return FALSE;
|
||||||
|
|
||||||
RtlCreateAcl(SePublicDefaultDacl,
|
RtlCreateAcl(SePublicDefaultDacl,
|
||||||
AclLength,
|
AclLength,
|
||||||
ACL_REVISION);
|
ACL_REVISION);
|
||||||
|
|
||||||
RtlAddAccessAllowedAce(SePublicDefaultDacl,
|
RtlAddAccessAllowedAce(SePublicDefaultDacl,
|
||||||
ACL_REVISION,
|
ACL_REVISION,
|
||||||
GENERIC_EXECUTE,
|
GENERIC_EXECUTE,
|
||||||
SeWorldSid);
|
SeWorldSid);
|
||||||
|
|
||||||
RtlAddAccessAllowedAce(SePublicDefaultDacl,
|
RtlAddAccessAllowedAce(SePublicDefaultDacl,
|
||||||
ACL_REVISION,
|
ACL_REVISION,
|
||||||
GENERIC_ALL,
|
GENERIC_ALL,
|
||||||
SeLocalSystemSid);
|
SeLocalSystemSid);
|
||||||
|
|
||||||
|
|
||||||
/* create PublicDefaultUnrestrictedDacl */
|
/* create PublicDefaultUnrestrictedDacl */
|
||||||
AclLength = sizeof(ACL) +
|
AclLength = sizeof(ACL) +
|
||||||
(sizeof(ACE) + RtlLengthSid(SeWorldSid)) +
|
(sizeof(ACE) + RtlLengthSid(SeWorldSid)) +
|
||||||
(sizeof(ACE) + RtlLengthSid(SeLocalSystemSid)) +
|
(sizeof(ACE) + RtlLengthSid(SeLocalSystemSid)) +
|
||||||
(sizeof(ACE) + RtlLengthSid(SeAliasAdminsSid)) +
|
(sizeof(ACE) + RtlLengthSid(SeAliasAdminsSid)) +
|
||||||
(sizeof(ACE) + RtlLengthSid(SeRestrictedCodeSid));
|
(sizeof(ACE) + RtlLengthSid(SeRestrictedCodeSid));
|
||||||
|
|
||||||
SePublicDefaultUnrestrictedDacl = ExAllocatePoolWithTag(PagedPool,
|
SePublicDefaultUnrestrictedDacl = ExAllocatePoolWithTag(PagedPool,
|
||||||
AclLength,
|
AclLength,
|
||||||
TAG_ACL);
|
TAG_ACL);
|
||||||
if (SePublicDefaultUnrestrictedDacl == NULL)
|
if (SePublicDefaultUnrestrictedDacl == NULL)
|
||||||
return FALSE;
|
return FALSE;
|
||||||
|
|
||||||
RtlCreateAcl(SePublicDefaultUnrestrictedDacl,
|
RtlCreateAcl(SePublicDefaultUnrestrictedDacl,
|
||||||
AclLength,
|
AclLength,
|
||||||
ACL_REVISION);
|
ACL_REVISION);
|
||||||
|
|
||||||
RtlAddAccessAllowedAce(SePublicDefaultUnrestrictedDacl,
|
RtlAddAccessAllowedAce(SePublicDefaultUnrestrictedDacl,
|
||||||
ACL_REVISION,
|
ACL_REVISION,
|
||||||
GENERIC_EXECUTE,
|
GENERIC_EXECUTE,
|
||||||
SeWorldSid);
|
SeWorldSid);
|
||||||
|
|
||||||
RtlAddAccessAllowedAce(SePublicDefaultUnrestrictedDacl,
|
RtlAddAccessAllowedAce(SePublicDefaultUnrestrictedDacl,
|
||||||
ACL_REVISION,
|
ACL_REVISION,
|
||||||
GENERIC_ALL,
|
GENERIC_ALL,
|
||||||
SeLocalSystemSid);
|
SeLocalSystemSid);
|
||||||
|
|
||||||
RtlAddAccessAllowedAce(SePublicDefaultUnrestrictedDacl,
|
RtlAddAccessAllowedAce(SePublicDefaultUnrestrictedDacl,
|
||||||
ACL_REVISION,
|
ACL_REVISION,
|
||||||
GENERIC_ALL,
|
GENERIC_ALL,
|
||||||
SeAliasAdminsSid);
|
SeAliasAdminsSid);
|
||||||
|
|
||||||
RtlAddAccessAllowedAce(SePublicDefaultUnrestrictedDacl,
|
RtlAddAccessAllowedAce(SePublicDefaultUnrestrictedDacl,
|
||||||
ACL_REVISION,
|
ACL_REVISION,
|
||||||
GENERIC_READ | GENERIC_EXECUTE | READ_CONTROL,
|
GENERIC_READ | GENERIC_EXECUTE | READ_CONTROL,
|
||||||
SeRestrictedCodeSid);
|
SeRestrictedCodeSid);
|
||||||
|
|
||||||
/* create PublicOpenDacl */
|
/* create PublicOpenDacl */
|
||||||
AclLength = sizeof(ACL) +
|
AclLength = sizeof(ACL) +
|
||||||
(sizeof(ACE) + RtlLengthSid(SeWorldSid)) +
|
(sizeof(ACE) + RtlLengthSid(SeWorldSid)) +
|
||||||
(sizeof(ACE) + RtlLengthSid(SeLocalSystemSid)) +
|
(sizeof(ACE) + RtlLengthSid(SeLocalSystemSid)) +
|
||||||
(sizeof(ACE) + RtlLengthSid(SeAliasAdminsSid));
|
(sizeof(ACE) + RtlLengthSid(SeAliasAdminsSid));
|
||||||
|
|
||||||
SePublicOpenDacl = ExAllocatePoolWithTag(PagedPool,
|
SePublicOpenDacl = ExAllocatePoolWithTag(PagedPool,
|
||||||
AclLength,
|
AclLength,
|
||||||
TAG_ACL);
|
TAG_ACL);
|
||||||
if (SePublicOpenDacl == NULL)
|
if (SePublicOpenDacl == NULL)
|
||||||
return FALSE;
|
return FALSE;
|
||||||
|
|
||||||
RtlCreateAcl(SePublicOpenDacl,
|
RtlCreateAcl(SePublicOpenDacl,
|
||||||
AclLength,
|
AclLength,
|
||||||
ACL_REVISION);
|
ACL_REVISION);
|
||||||
|
|
||||||
RtlAddAccessAllowedAce(SePublicOpenDacl,
|
RtlAddAccessAllowedAce(SePublicOpenDacl,
|
||||||
ACL_REVISION,
|
ACL_REVISION,
|
||||||
GENERIC_READ | GENERIC_WRITE | GENERIC_EXECUTE,
|
GENERIC_READ | GENERIC_WRITE | GENERIC_EXECUTE,
|
||||||
SeWorldSid);
|
SeWorldSid);
|
||||||
|
|
||||||
RtlAddAccessAllowedAce(SePublicOpenDacl,
|
RtlAddAccessAllowedAce(SePublicOpenDacl,
|
||||||
ACL_REVISION,
|
ACL_REVISION,
|
||||||
GENERIC_ALL,
|
GENERIC_ALL,
|
||||||
SeLocalSystemSid);
|
SeLocalSystemSid);
|
||||||
|
|
||||||
RtlAddAccessAllowedAce(SePublicOpenDacl,
|
RtlAddAccessAllowedAce(SePublicOpenDacl,
|
||||||
ACL_REVISION,
|
ACL_REVISION,
|
||||||
GENERIC_ALL,
|
GENERIC_ALL,
|
||||||
SeAliasAdminsSid);
|
SeAliasAdminsSid);
|
||||||
|
|
||||||
/* create PublicOpenUnrestrictedDacl */
|
/* create PublicOpenUnrestrictedDacl */
|
||||||
AclLength = sizeof(ACL) +
|
AclLength = sizeof(ACL) +
|
||||||
(sizeof(ACE) + RtlLengthSid(SeWorldSid)) +
|
(sizeof(ACE) + RtlLengthSid(SeWorldSid)) +
|
||||||
(sizeof(ACE) + RtlLengthSid(SeLocalSystemSid)) +
|
(sizeof(ACE) + RtlLengthSid(SeLocalSystemSid)) +
|
||||||
(sizeof(ACE) + RtlLengthSid(SeAliasAdminsSid)) +
|
(sizeof(ACE) + RtlLengthSid(SeAliasAdminsSid)) +
|
||||||
(sizeof(ACE) + RtlLengthSid(SeRestrictedCodeSid));
|
(sizeof(ACE) + RtlLengthSid(SeRestrictedCodeSid));
|
||||||
|
|
||||||
SePublicOpenUnrestrictedDacl = ExAllocatePoolWithTag(PagedPool,
|
SePublicOpenUnrestrictedDacl = ExAllocatePoolWithTag(PagedPool,
|
||||||
AclLength,
|
AclLength,
|
||||||
TAG_ACL);
|
TAG_ACL);
|
||||||
if (SePublicOpenUnrestrictedDacl == NULL)
|
if (SePublicOpenUnrestrictedDacl == NULL)
|
||||||
return FALSE;
|
return FALSE;
|
||||||
|
|
||||||
RtlCreateAcl(SePublicOpenUnrestrictedDacl,
|
RtlCreateAcl(SePublicOpenUnrestrictedDacl,
|
||||||
AclLength,
|
AclLength,
|
||||||
ACL_REVISION);
|
ACL_REVISION);
|
||||||
|
|
||||||
RtlAddAccessAllowedAce(SePublicOpenUnrestrictedDacl,
|
RtlAddAccessAllowedAce(SePublicOpenUnrestrictedDacl,
|
||||||
ACL_REVISION,
|
ACL_REVISION,
|
||||||
GENERIC_ALL,
|
GENERIC_ALL,
|
||||||
SeWorldSid);
|
SeWorldSid);
|
||||||
|
|
||||||
RtlAddAccessAllowedAce(SePublicOpenUnrestrictedDacl,
|
RtlAddAccessAllowedAce(SePublicOpenUnrestrictedDacl,
|
||||||
ACL_REVISION,
|
ACL_REVISION,
|
||||||
GENERIC_ALL,
|
GENERIC_ALL,
|
||||||
SeLocalSystemSid);
|
SeLocalSystemSid);
|
||||||
|
|
||||||
RtlAddAccessAllowedAce(SePublicOpenUnrestrictedDacl,
|
RtlAddAccessAllowedAce(SePublicOpenUnrestrictedDacl,
|
||||||
ACL_REVISION,
|
ACL_REVISION,
|
||||||
GENERIC_ALL,
|
GENERIC_ALL,
|
||||||
SeAliasAdminsSid);
|
SeAliasAdminsSid);
|
||||||
|
|
||||||
RtlAddAccessAllowedAce(SePublicOpenUnrestrictedDacl,
|
RtlAddAccessAllowedAce(SePublicOpenUnrestrictedDacl,
|
||||||
ACL_REVISION,
|
ACL_REVISION,
|
||||||
GENERIC_READ | GENERIC_EXECUTE,
|
GENERIC_READ | GENERIC_EXECUTE,
|
||||||
SeRestrictedCodeSid);
|
SeRestrictedCodeSid);
|
||||||
|
|
||||||
/* create SystemDefaultDacl */
|
/* create SystemDefaultDacl */
|
||||||
AclLength = sizeof(ACL) +
|
AclLength = sizeof(ACL) +
|
||||||
(sizeof(ACE) + RtlLengthSid(SeLocalSystemSid)) +
|
(sizeof(ACE) + RtlLengthSid(SeLocalSystemSid)) +
|
||||||
(sizeof(ACE) + RtlLengthSid(SeAliasAdminsSid));
|
(sizeof(ACE) + RtlLengthSid(SeAliasAdminsSid));
|
||||||
|
|
||||||
SeSystemDefaultDacl = ExAllocatePoolWithTag(PagedPool,
|
SeSystemDefaultDacl = ExAllocatePoolWithTag(PagedPool,
|
||||||
AclLength,
|
AclLength,
|
||||||
TAG_ACL);
|
TAG_ACL);
|
||||||
if (SeSystemDefaultDacl == NULL)
|
if (SeSystemDefaultDacl == NULL)
|
||||||
return FALSE;
|
return FALSE;
|
||||||
|
|
||||||
RtlCreateAcl(SeSystemDefaultDacl,
|
RtlCreateAcl(SeSystemDefaultDacl,
|
||||||
AclLength,
|
AclLength,
|
||||||
ACL_REVISION);
|
ACL_REVISION);
|
||||||
|
|
||||||
RtlAddAccessAllowedAce(SeSystemDefaultDacl,
|
RtlAddAccessAllowedAce(SeSystemDefaultDacl,
|
||||||
ACL_REVISION,
|
ACL_REVISION,
|
||||||
GENERIC_ALL,
|
GENERIC_ALL,
|
||||||
SeLocalSystemSid);
|
SeLocalSystemSid);
|
||||||
|
|
||||||
RtlAddAccessAllowedAce(SeSystemDefaultDacl,
|
RtlAddAccessAllowedAce(SeSystemDefaultDacl,
|
||||||
ACL_REVISION,
|
ACL_REVISION,
|
||||||
GENERIC_READ | GENERIC_EXECUTE | READ_CONTROL,
|
GENERIC_READ | GENERIC_EXECUTE | READ_CONTROL,
|
||||||
SeAliasAdminsSid);
|
SeAliasAdminsSid);
|
||||||
|
|
||||||
/* create UnrestrictedDacl */
|
/* create UnrestrictedDacl */
|
||||||
AclLength = sizeof(ACL) +
|
AclLength = sizeof(ACL) +
|
||||||
(sizeof(ACE) + RtlLengthSid(SeWorldSid)) +
|
(sizeof(ACE) + RtlLengthSid(SeWorldSid)) +
|
||||||
(sizeof(ACE) + RtlLengthSid(SeRestrictedCodeSid));
|
(sizeof(ACE) + RtlLengthSid(SeRestrictedCodeSid));
|
||||||
|
|
||||||
SeUnrestrictedDacl = ExAllocatePoolWithTag(PagedPool,
|
SeUnrestrictedDacl = ExAllocatePoolWithTag(PagedPool,
|
||||||
AclLength,
|
AclLength,
|
||||||
TAG_ACL);
|
TAG_ACL);
|
||||||
if (SeUnrestrictedDacl == NULL)
|
if (SeUnrestrictedDacl == NULL)
|
||||||
return FALSE;
|
return FALSE;
|
||||||
|
|
||||||
RtlCreateAcl(SeUnrestrictedDacl,
|
RtlCreateAcl(SeUnrestrictedDacl,
|
||||||
AclLength,
|
AclLength,
|
||||||
ACL_REVISION);
|
ACL_REVISION);
|
||||||
|
|
||||||
RtlAddAccessAllowedAce(SeUnrestrictedDacl,
|
RtlAddAccessAllowedAce(SeUnrestrictedDacl,
|
||||||
ACL_REVISION,
|
ACL_REVISION,
|
||||||
GENERIC_ALL,
|
GENERIC_ALL,
|
||||||
SeWorldSid);
|
SeWorldSid);
|
||||||
|
|
||||||
RtlAddAccessAllowedAce(SeUnrestrictedDacl,
|
RtlAddAccessAllowedAce(SeUnrestrictedDacl,
|
||||||
ACL_REVISION,
|
ACL_REVISION,
|
||||||
GENERIC_READ | GENERIC_EXECUTE,
|
GENERIC_READ | GENERIC_EXECUTE,
|
||||||
SeRestrictedCodeSid);
|
SeRestrictedCodeSid);
|
||||||
|
|
||||||
return(TRUE);
|
return(TRUE);
|
||||||
}
|
}
|
||||||
|
|
||||||
NTSTATUS STDCALL
|
NTSTATUS STDCALL
|
||||||
|
@ -226,44 +224,44 @@ SepCreateImpersonationTokenDacl(PTOKEN Token,
|
||||||
PTOKEN PrimaryToken,
|
PTOKEN PrimaryToken,
|
||||||
PACL *Dacl)
|
PACL *Dacl)
|
||||||
{
|
{
|
||||||
ULONG AclLength;
|
ULONG AclLength;
|
||||||
PVOID TokenDacl;
|
PVOID TokenDacl;
|
||||||
|
|
||||||
PAGED_CODE();
|
PAGED_CODE();
|
||||||
|
|
||||||
AclLength = sizeof(ACL) +
|
AclLength = sizeof(ACL) +
|
||||||
(sizeof(ACE) + RtlLengthSid(SeAliasAdminsSid)) +
|
(sizeof(ACE) + RtlLengthSid(SeAliasAdminsSid)) +
|
||||||
(sizeof(ACE) + RtlLengthSid(SeRestrictedCodeSid)) +
|
(sizeof(ACE) + RtlLengthSid(SeRestrictedCodeSid)) +
|
||||||
(sizeof(ACE) + RtlLengthSid(SeLocalSystemSid)) +
|
(sizeof(ACE) + RtlLengthSid(SeLocalSystemSid)) +
|
||||||
(sizeof(ACE) + RtlLengthSid(Token->UserAndGroups->Sid)) +
|
(sizeof(ACE) + RtlLengthSid(Token->UserAndGroups->Sid)) +
|
||||||
(sizeof(ACE) + RtlLengthSid(PrimaryToken->UserAndGroups->Sid));
|
(sizeof(ACE) + RtlLengthSid(PrimaryToken->UserAndGroups->Sid));
|
||||||
|
|
||||||
TokenDacl = ExAllocatePoolWithTag(PagedPool, AclLength, TAG_ACL);
|
TokenDacl = ExAllocatePoolWithTag(PagedPool, AclLength, TAG_ACL);
|
||||||
if (TokenDacl == NULL)
|
if (TokenDacl == NULL)
|
||||||
{
|
{
|
||||||
return STATUS_INSUFFICIENT_RESOURCES;
|
return STATUS_INSUFFICIENT_RESOURCES;
|
||||||
}
|
}
|
||||||
|
|
||||||
RtlCreateAcl(TokenDacl, AclLength, ACL_REVISION);
|
RtlCreateAcl(TokenDacl, AclLength, ACL_REVISION);
|
||||||
RtlAddAccessAllowedAce(TokenDacl, ACL_REVISION, GENERIC_ALL,
|
RtlAddAccessAllowedAce(TokenDacl, ACL_REVISION, GENERIC_ALL,
|
||||||
Token->UserAndGroups->Sid);
|
Token->UserAndGroups->Sid);
|
||||||
RtlAddAccessAllowedAce(TokenDacl, ACL_REVISION, GENERIC_ALL,
|
RtlAddAccessAllowedAce(TokenDacl, ACL_REVISION, GENERIC_ALL,
|
||||||
PrimaryToken->UserAndGroups->Sid);
|
PrimaryToken->UserAndGroups->Sid);
|
||||||
RtlAddAccessAllowedAce(TokenDacl, ACL_REVISION, GENERIC_ALL,
|
RtlAddAccessAllowedAce(TokenDacl, ACL_REVISION, GENERIC_ALL,
|
||||||
SeAliasAdminsSid);
|
SeAliasAdminsSid);
|
||||||
RtlAddAccessAllowedAce(TokenDacl, ACL_REVISION, GENERIC_ALL,
|
RtlAddAccessAllowedAce(TokenDacl, ACL_REVISION, GENERIC_ALL,
|
||||||
SeLocalSystemSid);
|
SeLocalSystemSid);
|
||||||
|
|
||||||
/* FIXME */
|
/* FIXME */
|
||||||
#if 0
|
#if 0
|
||||||
if (Token->RestrictedSids != NULL || PrimaryToken->RestrictedSids != NULL)
|
if (Token->RestrictedSids != NULL || PrimaryToken->RestrictedSids != NULL)
|
||||||
{
|
{
|
||||||
RtlAddAccessAllowedAce(TokenDacl, ACL_REVISION, GENERIC_ALL,
|
RtlAddAccessAllowedAce(TokenDacl, ACL_REVISION, GENERIC_ALL,
|
||||||
SeRestrictedCodeSid);
|
SeRestrictedCodeSid);
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
return STATUS_SUCCESS;
|
return STATUS_SUCCESS;
|
||||||
}
|
}
|
||||||
|
|
||||||
NTSTATUS
|
NTSTATUS
|
||||||
|
@ -274,83 +272,83 @@ SepCaptureAcl(IN PACL InputAcl,
|
||||||
IN BOOLEAN CaptureIfKernel,
|
IN BOOLEAN CaptureIfKernel,
|
||||||
OUT PACL *CapturedAcl)
|
OUT PACL *CapturedAcl)
|
||||||
{
|
{
|
||||||
PACL NewAcl;
|
PACL NewAcl;
|
||||||
ULONG AclSize = 0;
|
ULONG AclSize = 0;
|
||||||
NTSTATUS Status = STATUS_SUCCESS;
|
NTSTATUS Status = STATUS_SUCCESS;
|
||||||
|
|
||||||
PAGED_CODE();
|
PAGED_CODE();
|
||||||
|
|
||||||
if(AccessMode != KernelMode)
|
if(AccessMode != KernelMode)
|
||||||
{
|
|
||||||
_SEH_TRY
|
|
||||||
{
|
{
|
||||||
ProbeForRead(InputAcl,
|
|
||||||
sizeof(ACL),
|
|
||||||
sizeof(ULONG));
|
|
||||||
AclSize = InputAcl->AclSize;
|
|
||||||
ProbeForRead(InputAcl,
|
|
||||||
AclSize,
|
|
||||||
sizeof(ULONG));
|
|
||||||
}
|
|
||||||
_SEH_HANDLE
|
|
||||||
{
|
|
||||||
Status = _SEH_GetExceptionCode();
|
|
||||||
}
|
|
||||||
_SEH_END;
|
|
||||||
|
|
||||||
if(NT_SUCCESS(Status))
|
|
||||||
{
|
|
||||||
NewAcl = ExAllocatePool(PoolType,
|
|
||||||
AclSize);
|
|
||||||
if(NewAcl != NULL)
|
|
||||||
{
|
|
||||||
_SEH_TRY
|
_SEH_TRY
|
||||||
{
|
{
|
||||||
RtlCopyMemory(NewAcl,
|
ProbeForRead(InputAcl,
|
||||||
InputAcl,
|
sizeof(ACL),
|
||||||
AclSize);
|
sizeof(ULONG));
|
||||||
|
AclSize = InputAcl->AclSize;
|
||||||
*CapturedAcl = NewAcl;
|
ProbeForRead(InputAcl,
|
||||||
|
AclSize,
|
||||||
|
sizeof(ULONG));
|
||||||
}
|
}
|
||||||
_SEH_HANDLE
|
_SEH_HANDLE
|
||||||
{
|
{
|
||||||
ExFreePool(NewAcl);
|
Status = _SEH_GetExceptionCode();
|
||||||
Status = _SEH_GetExceptionCode();
|
|
||||||
}
|
}
|
||||||
_SEH_END;
|
_SEH_END;
|
||||||
}
|
|
||||||
else
|
if(NT_SUCCESS(Status))
|
||||||
{
|
{
|
||||||
Status = STATUS_INSUFFICIENT_RESOURCES;
|
NewAcl = ExAllocatePool(PoolType,
|
||||||
}
|
AclSize);
|
||||||
|
if(NewAcl != NULL)
|
||||||
|
{
|
||||||
|
_SEH_TRY
|
||||||
|
{
|
||||||
|
RtlCopyMemory(NewAcl,
|
||||||
|
InputAcl,
|
||||||
|
AclSize);
|
||||||
|
|
||||||
|
*CapturedAcl = NewAcl;
|
||||||
|
}
|
||||||
|
_SEH_HANDLE
|
||||||
|
{
|
||||||
|
ExFreePool(NewAcl);
|
||||||
|
Status = _SEH_GetExceptionCode();
|
||||||
|
}
|
||||||
|
_SEH_END;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
Status = STATUS_INSUFFICIENT_RESOURCES;
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
else if(!CaptureIfKernel)
|
||||||
else if(!CaptureIfKernel)
|
|
||||||
{
|
|
||||||
*CapturedAcl = InputAcl;
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
AclSize = InputAcl->AclSize;
|
|
||||||
|
|
||||||
NewAcl = ExAllocatePool(PoolType,
|
|
||||||
AclSize);
|
|
||||||
|
|
||||||
if(NewAcl != NULL)
|
|
||||||
{
|
{
|
||||||
RtlCopyMemory(NewAcl,
|
*CapturedAcl = InputAcl;
|
||||||
InputAcl,
|
|
||||||
AclSize);
|
|
||||||
|
|
||||||
*CapturedAcl = NewAcl;
|
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
Status = STATUS_INSUFFICIENT_RESOURCES;
|
AclSize = InputAcl->AclSize;
|
||||||
|
|
||||||
|
NewAcl = ExAllocatePool(PoolType,
|
||||||
|
AclSize);
|
||||||
|
|
||||||
|
if(NewAcl != NULL)
|
||||||
|
{
|
||||||
|
RtlCopyMemory(NewAcl,
|
||||||
|
InputAcl,
|
||||||
|
AclSize);
|
||||||
|
|
||||||
|
*CapturedAcl = NewAcl;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
Status = STATUS_INSUFFICIENT_RESOURCES;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
|
||||||
|
return Status;
|
||||||
return Status;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
VOID
|
VOID
|
||||||
|
@ -359,14 +357,14 @@ SepReleaseAcl(IN PACL CapturedAcl,
|
||||||
IN KPROCESSOR_MODE AccessMode,
|
IN KPROCESSOR_MODE AccessMode,
|
||||||
IN BOOLEAN CaptureIfKernel)
|
IN BOOLEAN CaptureIfKernel)
|
||||||
{
|
{
|
||||||
PAGED_CODE();
|
PAGED_CODE();
|
||||||
|
|
||||||
if(CapturedAcl != NULL &&
|
if(CapturedAcl != NULL &&
|
||||||
(AccessMode != KernelMode ||
|
(AccessMode != KernelMode ||
|
||||||
(AccessMode == KernelMode && CaptureIfKernel)))
|
(AccessMode == KernelMode && CaptureIfKernel)))
|
||||||
{
|
{
|
||||||
ExFreePool(CapturedAcl);
|
ExFreePool(CapturedAcl);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/* EOF */
|
/* EOF */
|
||||||
|
|
|
@ -7,12 +7,13 @@
|
||||||
* PROGRAMMERS: Eric Kohl <eric.kohl@t-online.de>
|
* PROGRAMMERS: Eric Kohl <eric.kohl@t-online.de>
|
||||||
*/
|
*/
|
||||||
|
|
||||||
/* INCLUDES *****************************************************************/
|
/* INCLUDES *******************************************************************/
|
||||||
|
|
||||||
#include <ntoskrnl.h>
|
#include <ntoskrnl.h>
|
||||||
#include <internal/debug.h>
|
#define NDEBUG
|
||||||
|
#include <debug.h>
|
||||||
|
|
||||||
/* INTERNAL *****************************************************************/
|
/* PRIVATE FUNCTIONS***********************************************************/
|
||||||
|
|
||||||
BOOLEAN
|
BOOLEAN
|
||||||
NTAPI
|
NTAPI
|
||||||
|
@ -179,7 +180,165 @@ SeLocateProcessImageName(IN PEPROCESS Process,
|
||||||
return Status;
|
return Status;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* FUNCTIONS ****************************************************************/
|
/* PUBLIC FUNCTIONS ***********************************************************/
|
||||||
|
|
||||||
|
/*
|
||||||
|
* @unimplemented
|
||||||
|
*/
|
||||||
|
VOID
|
||||||
|
STDCALL
|
||||||
|
SeAuditHardLinkCreation(IN PUNICODE_STRING FileName,
|
||||||
|
IN PUNICODE_STRING LinkName,
|
||||||
|
IN BOOLEAN bSuccess)
|
||||||
|
{
|
||||||
|
UNIMPLEMENTED;
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* @unimplemented
|
||||||
|
*/
|
||||||
|
BOOLEAN
|
||||||
|
STDCALL
|
||||||
|
SeAuditingFileEvents(IN BOOLEAN AccessGranted,
|
||||||
|
IN PSECURITY_DESCRIPTOR SecurityDescriptor)
|
||||||
|
{
|
||||||
|
UNIMPLEMENTED;
|
||||||
|
return FALSE;
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* @unimplemented
|
||||||
|
*/
|
||||||
|
BOOLEAN
|
||||||
|
STDCALL
|
||||||
|
SeAuditingFileEventsWithContext(IN BOOLEAN AccessGranted,
|
||||||
|
IN PSECURITY_DESCRIPTOR SecurityDescriptor,
|
||||||
|
IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext OPTIONAL)
|
||||||
|
{
|
||||||
|
UNIMPLEMENTED;
|
||||||
|
return FALSE;
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* @unimplemented
|
||||||
|
*/
|
||||||
|
BOOLEAN
|
||||||
|
STDCALL
|
||||||
|
SeAuditingHardLinkEvents(IN BOOLEAN AccessGranted,
|
||||||
|
IN PSECURITY_DESCRIPTOR SecurityDescriptor)
|
||||||
|
{
|
||||||
|
UNIMPLEMENTED;
|
||||||
|
return FALSE;
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* @unimplemented
|
||||||
|
*/
|
||||||
|
BOOLEAN
|
||||||
|
STDCALL
|
||||||
|
SeAuditingHardLinkEventsWithContext(IN BOOLEAN AccessGranted,
|
||||||
|
IN PSECURITY_DESCRIPTOR SecurityDescriptor,
|
||||||
|
IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext OPTIONAL)
|
||||||
|
{
|
||||||
|
UNIMPLEMENTED;
|
||||||
|
return FALSE;
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* @unimplemented
|
||||||
|
*/
|
||||||
|
BOOLEAN
|
||||||
|
STDCALL
|
||||||
|
SeAuditingFileOrGlobalEvents(IN BOOLEAN AccessGranted,
|
||||||
|
IN PSECURITY_DESCRIPTOR SecurityDescriptor,
|
||||||
|
IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext)
|
||||||
|
{
|
||||||
|
UNIMPLEMENTED;
|
||||||
|
return FALSE;
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* @unimplemented
|
||||||
|
*/
|
||||||
|
VOID
|
||||||
|
STDCALL
|
||||||
|
SeCloseObjectAuditAlarm(
|
||||||
|
IN PVOID Object,
|
||||||
|
IN HANDLE Handle,
|
||||||
|
IN BOOLEAN PerformAction
|
||||||
|
)
|
||||||
|
{
|
||||||
|
UNIMPLEMENTED;
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* @unimplemented
|
||||||
|
*/
|
||||||
|
VOID STDCALL
|
||||||
|
SeDeleteObjectAuditAlarm(IN PVOID Object,
|
||||||
|
IN HANDLE Handle)
|
||||||
|
{
|
||||||
|
UNIMPLEMENTED;
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* @unimplemented
|
||||||
|
*/
|
||||||
|
VOID
|
||||||
|
NTAPI
|
||||||
|
SeOpenObjectAuditAlarm(IN PUNICODE_STRING ObjectTypeName,
|
||||||
|
IN PVOID Object OPTIONAL,
|
||||||
|
IN PUNICODE_STRING AbsoluteObjectName OPTIONAL,
|
||||||
|
IN PSECURITY_DESCRIPTOR SecurityDescriptor,
|
||||||
|
IN PACCESS_STATE AccessState,
|
||||||
|
IN BOOLEAN ObjectCreated,
|
||||||
|
IN BOOLEAN AccessGranted,
|
||||||
|
IN KPROCESSOR_MODE AccessMode,
|
||||||
|
OUT PBOOLEAN GenerateOnClose)
|
||||||
|
{
|
||||||
|
PAGED_CODE();
|
||||||
|
|
||||||
|
/* Audits aren't done on kernel-mode access */
|
||||||
|
if (AccessMode == KernelMode) return;
|
||||||
|
|
||||||
|
/* Otherwise, unimplemented! */
|
||||||
|
//UNIMPLEMENTED;
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* @unimplemented
|
||||||
|
*/
|
||||||
|
VOID STDCALL
|
||||||
|
SeOpenObjectForDeleteAuditAlarm(IN PUNICODE_STRING ObjectTypeName,
|
||||||
|
IN PVOID Object OPTIONAL,
|
||||||
|
IN PUNICODE_STRING AbsoluteObjectName OPTIONAL,
|
||||||
|
IN PSECURITY_DESCRIPTOR SecurityDescriptor,
|
||||||
|
IN PACCESS_STATE AccessState,
|
||||||
|
IN BOOLEAN ObjectCreated,
|
||||||
|
IN BOOLEAN AccessGranted,
|
||||||
|
IN KPROCESSOR_MODE AccessMode,
|
||||||
|
OUT PBOOLEAN GenerateOnClose)
|
||||||
|
{
|
||||||
|
UNIMPLEMENTED;
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* @unimplemented
|
||||||
|
*/
|
||||||
|
VOID
|
||||||
|
STDCALL
|
||||||
|
SePrivilegeObjectAuditAlarm(IN HANDLE Handle,
|
||||||
|
IN PSECURITY_SUBJECT_CONTEXT SubjectContext,
|
||||||
|
IN ACCESS_MASK DesiredAccess,
|
||||||
|
IN PPRIVILEGE_SET Privileges,
|
||||||
|
IN BOOLEAN AccessGranted,
|
||||||
|
IN KPROCESSOR_MODE CurrentMode)
|
||||||
|
{
|
||||||
|
UNIMPLEMENTED;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* SYSTEM CALLS ***************************************************************/
|
||||||
|
|
||||||
NTSTATUS
|
NTSTATUS
|
||||||
NTAPI
|
NTAPI
|
||||||
|
@ -202,236 +361,65 @@ NtAccessCheckAndAuditAlarm(IN PUNICODE_STRING SubsystemName,
|
||||||
|
|
||||||
NTSTATUS STDCALL
|
NTSTATUS STDCALL
|
||||||
NtCloseObjectAuditAlarm(IN PUNICODE_STRING SubsystemName,
|
NtCloseObjectAuditAlarm(IN PUNICODE_STRING SubsystemName,
|
||||||
IN PVOID HandleId,
|
IN PVOID HandleId,
|
||||||
IN BOOLEAN GenerateOnClose)
|
IN BOOLEAN GenerateOnClose)
|
||||||
{
|
{
|
||||||
UNIMPLEMENTED;
|
UNIMPLEMENTED;
|
||||||
return(STATUS_NOT_IMPLEMENTED);
|
return(STATUS_NOT_IMPLEMENTED);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
NTSTATUS STDCALL
|
NTSTATUS STDCALL
|
||||||
NtDeleteObjectAuditAlarm(IN PUNICODE_STRING SubsystemName,
|
NtDeleteObjectAuditAlarm(IN PUNICODE_STRING SubsystemName,
|
||||||
IN PVOID HandleId,
|
IN PVOID HandleId,
|
||||||
IN BOOLEAN GenerateOnClose)
|
IN BOOLEAN GenerateOnClose)
|
||||||
{
|
{
|
||||||
UNIMPLEMENTED;
|
UNIMPLEMENTED;
|
||||||
return(STATUS_NOT_IMPLEMENTED);
|
return(STATUS_NOT_IMPLEMENTED);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
NTSTATUS STDCALL
|
NTSTATUS STDCALL
|
||||||
NtOpenObjectAuditAlarm(IN PUNICODE_STRING SubsystemName,
|
NtOpenObjectAuditAlarm(IN PUNICODE_STRING SubsystemName,
|
||||||
IN PVOID HandleId,
|
IN PVOID HandleId,
|
||||||
IN PUNICODE_STRING ObjectTypeName,
|
IN PUNICODE_STRING ObjectTypeName,
|
||||||
IN PUNICODE_STRING ObjectName,
|
IN PUNICODE_STRING ObjectName,
|
||||||
IN PSECURITY_DESCRIPTOR SecurityDescriptor,
|
IN PSECURITY_DESCRIPTOR SecurityDescriptor,
|
||||||
IN HANDLE ClientToken,
|
IN HANDLE ClientToken,
|
||||||
IN ULONG DesiredAccess,
|
IN ULONG DesiredAccess,
|
||||||
IN ULONG GrantedAccess,
|
IN ULONG GrantedAccess,
|
||||||
IN PPRIVILEGE_SET Privileges,
|
IN PPRIVILEGE_SET Privileges,
|
||||||
IN BOOLEAN ObjectCreation,
|
IN BOOLEAN ObjectCreation,
|
||||||
IN BOOLEAN AccessGranted,
|
IN BOOLEAN AccessGranted,
|
||||||
OUT PBOOLEAN GenerateOnClose)
|
OUT PBOOLEAN GenerateOnClose)
|
||||||
{
|
{
|
||||||
UNIMPLEMENTED;
|
UNIMPLEMENTED;
|
||||||
return(STATUS_NOT_IMPLEMENTED);
|
return(STATUS_NOT_IMPLEMENTED);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
NTSTATUS STDCALL
|
NTSTATUS STDCALL
|
||||||
NtPrivilegedServiceAuditAlarm(IN PUNICODE_STRING SubsystemName,
|
NtPrivilegedServiceAuditAlarm(IN PUNICODE_STRING SubsystemName,
|
||||||
IN PUNICODE_STRING ServiceName,
|
IN PUNICODE_STRING ServiceName,
|
||||||
IN HANDLE ClientToken,
|
IN HANDLE ClientToken,
|
||||||
IN PPRIVILEGE_SET Privileges,
|
IN PPRIVILEGE_SET Privileges,
|
||||||
IN BOOLEAN AccessGranted)
|
IN BOOLEAN AccessGranted)
|
||||||
{
|
{
|
||||||
UNIMPLEMENTED;
|
UNIMPLEMENTED;
|
||||||
return(STATUS_NOT_IMPLEMENTED);
|
return(STATUS_NOT_IMPLEMENTED);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
NTSTATUS STDCALL
|
NTSTATUS STDCALL
|
||||||
NtPrivilegeObjectAuditAlarm(IN PUNICODE_STRING SubsystemName,
|
NtPrivilegeObjectAuditAlarm(IN PUNICODE_STRING SubsystemName,
|
||||||
IN PVOID HandleId,
|
IN PVOID HandleId,
|
||||||
IN HANDLE ClientToken,
|
IN HANDLE ClientToken,
|
||||||
IN ULONG DesiredAccess,
|
IN ULONG DesiredAccess,
|
||||||
IN PPRIVILEGE_SET Privileges,
|
IN PPRIVILEGE_SET Privileges,
|
||||||
IN BOOLEAN AccessGranted)
|
IN BOOLEAN AccessGranted)
|
||||||
{
|
{
|
||||||
UNIMPLEMENTED;
|
UNIMPLEMENTED;
|
||||||
return(STATUS_NOT_IMPLEMENTED);
|
return(STATUS_NOT_IMPLEMENTED);
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
/*
|
|
||||||
* @unimplemented
|
|
||||||
*/
|
|
||||||
VOID
|
|
||||||
STDCALL
|
|
||||||
SeAuditHardLinkCreation(
|
|
||||||
IN PUNICODE_STRING FileName,
|
|
||||||
IN PUNICODE_STRING LinkName,
|
|
||||||
IN BOOLEAN bSuccess
|
|
||||||
)
|
|
||||||
{
|
|
||||||
UNIMPLEMENTED;
|
|
||||||
}
|
|
||||||
|
|
||||||
/*
|
|
||||||
* @unimplemented
|
|
||||||
*/
|
|
||||||
BOOLEAN
|
|
||||||
STDCALL
|
|
||||||
SeAuditingFileEvents(
|
|
||||||
IN BOOLEAN AccessGranted,
|
|
||||||
IN PSECURITY_DESCRIPTOR SecurityDescriptor
|
|
||||||
)
|
|
||||||
{
|
|
||||||
UNIMPLEMENTED;
|
|
||||||
return FALSE;
|
|
||||||
}
|
|
||||||
|
|
||||||
/*
|
|
||||||
* @unimplemented
|
|
||||||
*/
|
|
||||||
BOOLEAN
|
|
||||||
STDCALL
|
|
||||||
SeAuditingFileEventsWithContext(
|
|
||||||
IN BOOLEAN AccessGranted,
|
|
||||||
IN PSECURITY_DESCRIPTOR SecurityDescriptor,
|
|
||||||
IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext OPTIONAL
|
|
||||||
)
|
|
||||||
{
|
|
||||||
UNIMPLEMENTED;
|
|
||||||
return FALSE;
|
|
||||||
}
|
|
||||||
|
|
||||||
/*
|
|
||||||
* @unimplemented
|
|
||||||
*/
|
|
||||||
BOOLEAN
|
|
||||||
STDCALL
|
|
||||||
SeAuditingHardLinkEvents(
|
|
||||||
IN BOOLEAN AccessGranted,
|
|
||||||
IN PSECURITY_DESCRIPTOR SecurityDescriptor
|
|
||||||
)
|
|
||||||
{
|
|
||||||
UNIMPLEMENTED;
|
|
||||||
return FALSE;
|
|
||||||
}
|
|
||||||
|
|
||||||
/*
|
|
||||||
* @unimplemented
|
|
||||||
*/
|
|
||||||
BOOLEAN
|
|
||||||
STDCALL
|
|
||||||
SeAuditingHardLinkEventsWithContext(
|
|
||||||
IN BOOLEAN AccessGranted,
|
|
||||||
IN PSECURITY_DESCRIPTOR SecurityDescriptor,
|
|
||||||
IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext OPTIONAL
|
|
||||||
)
|
|
||||||
{
|
|
||||||
UNIMPLEMENTED;
|
|
||||||
return FALSE;
|
|
||||||
}
|
|
||||||
|
|
||||||
/*
|
|
||||||
* @unimplemented
|
|
||||||
*/
|
|
||||||
BOOLEAN
|
|
||||||
STDCALL
|
|
||||||
SeAuditingFileOrGlobalEvents(
|
|
||||||
IN BOOLEAN AccessGranted,
|
|
||||||
IN PSECURITY_DESCRIPTOR SecurityDescriptor,
|
|
||||||
IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext
|
|
||||||
)
|
|
||||||
{
|
|
||||||
UNIMPLEMENTED;
|
|
||||||
return FALSE;
|
|
||||||
}
|
|
||||||
|
|
||||||
/*
|
|
||||||
* @unimplemented
|
|
||||||
*/
|
|
||||||
VOID
|
|
||||||
STDCALL
|
|
||||||
SeCloseObjectAuditAlarm(
|
|
||||||
IN PVOID Object,
|
|
||||||
IN HANDLE Handle,
|
|
||||||
IN BOOLEAN PerformAction
|
|
||||||
)
|
|
||||||
{
|
|
||||||
UNIMPLEMENTED;
|
|
||||||
}
|
|
||||||
|
|
||||||
/*
|
|
||||||
* @unimplemented
|
|
||||||
*/
|
|
||||||
VOID STDCALL
|
|
||||||
SeDeleteObjectAuditAlarm(IN PVOID Object,
|
|
||||||
IN HANDLE Handle)
|
|
||||||
{
|
|
||||||
UNIMPLEMENTED;
|
|
||||||
}
|
|
||||||
|
|
||||||
/*
|
|
||||||
* @unimplemented
|
|
||||||
*/
|
|
||||||
VOID
|
|
||||||
NTAPI
|
|
||||||
SeOpenObjectAuditAlarm(IN PUNICODE_STRING ObjectTypeName,
|
|
||||||
IN PVOID Object OPTIONAL,
|
|
||||||
IN PUNICODE_STRING AbsoluteObjectName OPTIONAL,
|
|
||||||
IN PSECURITY_DESCRIPTOR SecurityDescriptor,
|
|
||||||
IN PACCESS_STATE AccessState,
|
|
||||||
IN BOOLEAN ObjectCreated,
|
|
||||||
IN BOOLEAN AccessGranted,
|
|
||||||
IN KPROCESSOR_MODE AccessMode,
|
|
||||||
OUT PBOOLEAN GenerateOnClose)
|
|
||||||
{
|
|
||||||
PAGED_CODE();
|
|
||||||
|
|
||||||
/* Audits aren't done on kernel-mode access */
|
|
||||||
if (AccessMode == KernelMode) return;
|
|
||||||
|
|
||||||
/* Otherwise, unimplemented! */
|
|
||||||
//UNIMPLEMENTED;
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
|
|
||||||
/*
|
|
||||||
* @unimplemented
|
|
||||||
*/
|
|
||||||
VOID STDCALL
|
|
||||||
SeOpenObjectForDeleteAuditAlarm(IN PUNICODE_STRING ObjectTypeName,
|
|
||||||
IN PVOID Object OPTIONAL,
|
|
||||||
IN PUNICODE_STRING AbsoluteObjectName OPTIONAL,
|
|
||||||
IN PSECURITY_DESCRIPTOR SecurityDescriptor,
|
|
||||||
IN PACCESS_STATE AccessState,
|
|
||||||
IN BOOLEAN ObjectCreated,
|
|
||||||
IN BOOLEAN AccessGranted,
|
|
||||||
IN KPROCESSOR_MODE AccessMode,
|
|
||||||
OUT PBOOLEAN GenerateOnClose)
|
|
||||||
{
|
|
||||||
UNIMPLEMENTED;
|
|
||||||
}
|
|
||||||
|
|
||||||
/*
|
|
||||||
* @unimplemented
|
|
||||||
*/
|
|
||||||
VOID
|
|
||||||
STDCALL
|
|
||||||
SePrivilegeObjectAuditAlarm(
|
|
||||||
IN HANDLE Handle,
|
|
||||||
IN PSECURITY_SUBJECT_CONTEXT SubjectContext,
|
|
||||||
IN ACCESS_MASK DesiredAccess,
|
|
||||||
IN PPRIVILEGE_SET Privileges,
|
|
||||||
IN BOOLEAN AccessGranted,
|
|
||||||
IN KPROCESSOR_MODE CurrentMode
|
|
||||||
)
|
|
||||||
{
|
|
||||||
UNIMPLEMENTED;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/* EOF */
|
/* EOF */
|
||||||
|
|
|
@ -1,28 +1,32 @@
|
||||||
/*
|
/*
|
||||||
* COPYRIGHT: See COPYING in the top level directory
|
* COPYRIGHT: See COPYING in the top level directory
|
||||||
* PROJECT: ReactOS kernel
|
* PROJECT: ReactOS kernel
|
||||||
* FILE: ntoskrnl/se/lsa.c
|
* FILE: ntoskrnl/se/sid.c
|
||||||
* PURPOSE: No purpose listed.
|
* PURPOSE: Security manager
|
||||||
*
|
*
|
||||||
* PROGRAMMERS: No programmer listed.
|
* PROGRAMMERS: David Welch <welch@cwcom.net>
|
||||||
*/
|
*/
|
||||||
|
|
||||||
|
/* INCLUDES *******************************************************************/
|
||||||
|
|
||||||
#include <ntoskrnl.h>
|
#include <ntoskrnl.h>
|
||||||
#define NDEBUG
|
#define NDEBUG
|
||||||
#include <internal/debug.h>
|
#include <debug.h>
|
||||||
|
|
||||||
|
/* FUNCTIONS ******************************************************************/
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* @unimplemented
|
* @unimplemented
|
||||||
*/
|
*/
|
||||||
NTSTATUS STDCALL LsaCallAuthenticationPackage (
|
NTSTATUS
|
||||||
ULONG Unknown0,
|
NTAPI
|
||||||
ULONG Unknown1,
|
LsaCallAuthenticationPackage(ULONG Unknown0,
|
||||||
ULONG Unknown2,
|
ULONG Unknown1,
|
||||||
ULONG Unknown3,
|
ULONG Unknown2,
|
||||||
ULONG Unknown4,
|
ULONG Unknown3,
|
||||||
ULONG Unknown5,
|
ULONG Unknown4,
|
||||||
ULONG Unknown6
|
ULONG Unknown5,
|
||||||
)
|
ULONG Unknown6)
|
||||||
{
|
{
|
||||||
return STATUS_NOT_IMPLEMENTED;
|
return STATUS_NOT_IMPLEMENTED;
|
||||||
}
|
}
|
||||||
|
@ -30,10 +34,10 @@ NTSTATUS STDCALL LsaCallAuthenticationPackage (
|
||||||
/*
|
/*
|
||||||
* @unimplemented
|
* @unimplemented
|
||||||
*/
|
*/
|
||||||
NTSTATUS STDCALL LsaDeregisterLogonProcess (
|
NTSTATUS
|
||||||
ULONG Unknown0,
|
NTAPI
|
||||||
ULONG Unknown1
|
LsaDeregisterLogonProcess(ULONG Unknown0,
|
||||||
)
|
ULONG Unknown1)
|
||||||
{
|
{
|
||||||
return STATUS_NOT_IMPLEMENTED;
|
return STATUS_NOT_IMPLEMENTED;
|
||||||
}
|
}
|
||||||
|
@ -41,16 +45,15 @@ NTSTATUS STDCALL LsaDeregisterLogonProcess (
|
||||||
/*
|
/*
|
||||||
* @implemented
|
* @implemented
|
||||||
*/
|
*/
|
||||||
NTSTATUS STDCALL LsaFreeReturnBuffer (PVOID Buffer)
|
NTSTATUS
|
||||||
|
NTAPI
|
||||||
|
LsaFreeReturnBuffer(PVOID Buffer)
|
||||||
{
|
{
|
||||||
ULONG Size = 0; /* required by MEM_RELEASE */
|
ULONG Size = 0;
|
||||||
|
return ZwFreeVirtualMemory(NtCurrentProcess(),
|
||||||
return ZwFreeVirtualMemory (
|
&Buffer,
|
||||||
NtCurrentProcess(),
|
&Size,
|
||||||
& Buffer,
|
MEM_RELEASE);
|
||||||
& Size,
|
|
||||||
MEM_RELEASE
|
|
||||||
);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
@ -79,11 +82,11 @@ LsaLogonUser(IN HANDLE LsaHandle,
|
||||||
/*
|
/*
|
||||||
* @unimplemented
|
* @unimplemented
|
||||||
*/
|
*/
|
||||||
NTSTATUS STDCALL LsaLookupAuthenticationPackage (
|
NTSTATUS
|
||||||
ULONG Unknown0,
|
NTAPI
|
||||||
ULONG Unknown1,
|
LsaLookupAuthenticationPackage(ULONG Unknown0,
|
||||||
ULONG Unknown2
|
ULONG Unknown1,
|
||||||
)
|
ULONG Unknown2)
|
||||||
{
|
{
|
||||||
return STATUS_NOT_IMPLEMENTED;
|
return STATUS_NOT_IMPLEMENTED;
|
||||||
}
|
}
|
||||||
|
@ -93,9 +96,9 @@ NTSTATUS STDCALL LsaLookupAuthenticationPackage (
|
||||||
*/
|
*/
|
||||||
NTSTATUS
|
NTSTATUS
|
||||||
NTAPI
|
NTAPI
|
||||||
LsaRegisterLogonProcess (IN PLSA_STRING LogonProcessName,
|
LsaRegisterLogonProcess(IN PLSA_STRING LogonProcessName,
|
||||||
OUT PHANDLE LsaHandle,
|
OUT PHANDLE LsaHandle,
|
||||||
OUT PLSA_OPERATIONAL_MODE SecurityMode)
|
OUT PLSA_OPERATIONAL_MODE SecurityMode)
|
||||||
{
|
{
|
||||||
return STATUS_NOT_IMPLEMENTED;
|
return STATUS_NOT_IMPLEMENTED;
|
||||||
}
|
}
|
||||||
|
@ -105,9 +108,7 @@ LsaRegisterLogonProcess (IN PLSA_STRING LogonProcessName,
|
||||||
*/
|
*/
|
||||||
NTSTATUS
|
NTSTATUS
|
||||||
STDCALL
|
STDCALL
|
||||||
SeMarkLogonSessionForTerminationNotification(
|
SeMarkLogonSessionForTerminationNotification(IN PLUID LogonId)
|
||||||
IN PLUID LogonId
|
|
||||||
)
|
|
||||||
{
|
{
|
||||||
UNIMPLEMENTED;
|
UNIMPLEMENTED;
|
||||||
return STATUS_NOT_IMPLEMENTED;
|
return STATUS_NOT_IMPLEMENTED;
|
||||||
|
@ -118,9 +119,7 @@ SeMarkLogonSessionForTerminationNotification(
|
||||||
*/
|
*/
|
||||||
NTSTATUS
|
NTSTATUS
|
||||||
STDCALL
|
STDCALL
|
||||||
SeRegisterLogonSessionTerminatedRoutine(
|
SeRegisterLogonSessionTerminatedRoutine(IN PSE_LOGON_SESSION_TERMINATED_ROUTINE CallbackRoutine)
|
||||||
IN PSE_LOGON_SESSION_TERMINATED_ROUTINE CallbackRoutine
|
|
||||||
)
|
|
||||||
{
|
{
|
||||||
UNIMPLEMENTED;
|
UNIMPLEMENTED;
|
||||||
return STATUS_NOT_IMPLEMENTED;
|
return STATUS_NOT_IMPLEMENTED;
|
||||||
|
@ -131,13 +130,10 @@ SeRegisterLogonSessionTerminatedRoutine(
|
||||||
*/
|
*/
|
||||||
NTSTATUS
|
NTSTATUS
|
||||||
STDCALL
|
STDCALL
|
||||||
SeUnregisterLogonSessionTerminatedRoutine(
|
SeUnregisterLogonSessionTerminatedRoutine(IN PSE_LOGON_SESSION_TERMINATED_ROUTINE CallbackRoutine)
|
||||||
IN PSE_LOGON_SESSION_TERMINATED_ROUTINE CallbackRoutine
|
|
||||||
)
|
|
||||||
{
|
{
|
||||||
UNIMPLEMENTED;
|
UNIMPLEMENTED;
|
||||||
return STATUS_NOT_IMPLEMENTED;
|
return STATUS_NOT_IMPLEMENTED;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
/* EOF */
|
/* EOF */
|
||||||
|
|
|
@ -1,112 +0,0 @@
|
||||||
/*
|
|
||||||
* COPYRIGHT: See COPYING in the top level directory
|
|
||||||
* PROJECT: ReactOS kernel
|
|
||||||
* FILE: ntoskrnl/se/luid.c
|
|
||||||
* PURPOSE: Security manager
|
|
||||||
*
|
|
||||||
* PROGRAMMERS: No programmer listed.
|
|
||||||
*/
|
|
||||||
|
|
||||||
/* INCLUDES *****************************************************************/
|
|
||||||
|
|
||||||
#include <ntoskrnl.h>
|
|
||||||
#include <internal/debug.h>
|
|
||||||
|
|
||||||
#if defined (ALLOC_PRAGMA)
|
|
||||||
#pragma alloc_text(INIT, SepInitLuid)
|
|
||||||
#endif
|
|
||||||
|
|
||||||
|
|
||||||
/* GLOBALS *******************************************************************/
|
|
||||||
|
|
||||||
static LARGE_INTEGER LuidIncrement;
|
|
||||||
static LARGE_INTEGER LuidValue;
|
|
||||||
|
|
||||||
/* FUNCTIONS *****************************************************************/
|
|
||||||
|
|
||||||
VOID
|
|
||||||
INIT_FUNCTION
|
|
||||||
NTAPI
|
|
||||||
SepInitLuid(VOID)
|
|
||||||
{
|
|
||||||
LUID DummyLuidValue = SYSTEM_LUID;
|
|
||||||
|
|
||||||
LuidValue.u.HighPart = DummyLuidValue.HighPart;
|
|
||||||
LuidValue.u.LowPart = DummyLuidValue.LowPart;
|
|
||||||
LuidIncrement.QuadPart = 1;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
NTSTATUS
|
|
||||||
NTAPI
|
|
||||||
ExpAllocateLocallyUniqueId(OUT LUID *LocallyUniqueId)
|
|
||||||
{
|
|
||||||
LARGE_INTEGER NewLuid, PrevLuid;
|
|
||||||
|
|
||||||
/* atomically increment the luid */
|
|
||||||
do
|
|
||||||
{
|
|
||||||
PrevLuid = LuidValue;
|
|
||||||
NewLuid = RtlLargeIntegerAdd(PrevLuid,
|
|
||||||
LuidIncrement);
|
|
||||||
} while(ExfInterlockedCompareExchange64(&LuidValue.QuadPart,
|
|
||||||
&NewLuid.QuadPart,
|
|
||||||
&PrevLuid.QuadPart) != PrevLuid.QuadPart);
|
|
||||||
|
|
||||||
LocallyUniqueId->LowPart = NewLuid.u.LowPart;
|
|
||||||
LocallyUniqueId->HighPart = NewLuid.u.HighPart;
|
|
||||||
|
|
||||||
return STATUS_SUCCESS;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
/*
|
|
||||||
* @implemented
|
|
||||||
*/
|
|
||||||
NTSTATUS STDCALL
|
|
||||||
NtAllocateLocallyUniqueId(OUT LUID *LocallyUniqueId)
|
|
||||||
{
|
|
||||||
LUID NewLuid;
|
|
||||||
KPROCESSOR_MODE PreviousMode;
|
|
||||||
NTSTATUS Status = STATUS_SUCCESS;
|
|
||||||
|
|
||||||
PAGED_CODE();
|
|
||||||
|
|
||||||
PreviousMode = ExGetPreviousMode();
|
|
||||||
|
|
||||||
if(PreviousMode != KernelMode)
|
|
||||||
{
|
|
||||||
_SEH_TRY
|
|
||||||
{
|
|
||||||
ProbeForWrite(LocallyUniqueId,
|
|
||||||
sizeof(LUID),
|
|
||||||
sizeof(ULONG));
|
|
||||||
}
|
|
||||||
_SEH_HANDLE
|
|
||||||
{
|
|
||||||
Status = _SEH_GetExceptionCode();
|
|
||||||
}
|
|
||||||
_SEH_END;
|
|
||||||
|
|
||||||
if(!NT_SUCCESS(Status))
|
|
||||||
{
|
|
||||||
return Status;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
Status = ExpAllocateLocallyUniqueId(&NewLuid);
|
|
||||||
|
|
||||||
_SEH_TRY
|
|
||||||
{
|
|
||||||
*LocallyUniqueId = NewLuid;
|
|
||||||
}
|
|
||||||
_SEH_HANDLE
|
|
||||||
{
|
|
||||||
Status = _SEH_GetExceptionCode();
|
|
||||||
}
|
|
||||||
_SEH_END;
|
|
||||||
|
|
||||||
return Status;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* EOF */
|
|
|
@ -7,18 +7,17 @@
|
||||||
* PROGRAMMERS: No programmer listed.
|
* PROGRAMMERS: No programmer listed.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
/* INCLUDES *****************************************************************/
|
/* INCLUDES ******************************************************************/
|
||||||
|
|
||||||
#include <ntoskrnl.h>
|
#include <ntoskrnl.h>
|
||||||
#define NDEBUG
|
#define NDEBUG
|
||||||
#include <internal/debug.h>
|
#include <debug.h>
|
||||||
|
|
||||||
#if defined (ALLOC_PRAGMA)
|
#if defined (ALLOC_PRAGMA)
|
||||||
#pragma alloc_text(INIT, SepInitPrivileges)
|
#pragma alloc_text(INIT, SepInitPrivileges)
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
/* GLOBALS ********************************************************************/
|
||||||
/* GLOBALS *******************************************************************/
|
|
||||||
|
|
||||||
LUID SeCreateTokenPrivilege;
|
LUID SeCreateTokenPrivilege;
|
||||||
LUID SeAssignPrimaryTokenPrivilege;
|
LUID SeAssignPrimaryTokenPrivilege;
|
||||||
|
@ -47,166 +46,164 @@ LUID SeUndockPrivilege;
|
||||||
LUID SeSyncAgentPrivilege;
|
LUID SeSyncAgentPrivilege;
|
||||||
LUID SeEnableDelegationPrivilege;
|
LUID SeEnableDelegationPrivilege;
|
||||||
|
|
||||||
|
/* PRIVATE FUNCTIONS **********************************************************/
|
||||||
/* FUNCTIONS ***************************************************************/
|
|
||||||
|
|
||||||
VOID
|
VOID
|
||||||
INIT_FUNCTION
|
INIT_FUNCTION
|
||||||
NTAPI
|
NTAPI
|
||||||
SepInitPrivileges (VOID)
|
SepInitPrivileges (VOID)
|
||||||
{
|
{
|
||||||
SeCreateTokenPrivilege.LowPart = SE_CREATE_TOKEN_PRIVILEGE;
|
SeCreateTokenPrivilege.LowPart = SE_CREATE_TOKEN_PRIVILEGE;
|
||||||
SeCreateTokenPrivilege.HighPart = 0;
|
SeCreateTokenPrivilege.HighPart = 0;
|
||||||
SeAssignPrimaryTokenPrivilege.LowPart = SE_ASSIGNPRIMARYTOKEN_PRIVILEGE;
|
SeAssignPrimaryTokenPrivilege.LowPart = SE_ASSIGNPRIMARYTOKEN_PRIVILEGE;
|
||||||
SeAssignPrimaryTokenPrivilege.HighPart = 0;
|
SeAssignPrimaryTokenPrivilege.HighPart = 0;
|
||||||
SeLockMemoryPrivilege.LowPart = SE_LOCK_MEMORY_PRIVILEGE;
|
SeLockMemoryPrivilege.LowPart = SE_LOCK_MEMORY_PRIVILEGE;
|
||||||
SeLockMemoryPrivilege.HighPart = 0;
|
SeLockMemoryPrivilege.HighPart = 0;
|
||||||
SeIncreaseQuotaPrivilege.LowPart = SE_INCREASE_QUOTA_PRIVILEGE;
|
SeIncreaseQuotaPrivilege.LowPart = SE_INCREASE_QUOTA_PRIVILEGE;
|
||||||
SeIncreaseQuotaPrivilege.HighPart = 0;
|
SeIncreaseQuotaPrivilege.HighPart = 0;
|
||||||
SeUnsolicitedInputPrivilege.LowPart = SE_UNSOLICITED_INPUT_PRIVILEGE;
|
SeUnsolicitedInputPrivilege.LowPart = SE_UNSOLICITED_INPUT_PRIVILEGE;
|
||||||
SeUnsolicitedInputPrivilege.HighPart = 0;
|
SeUnsolicitedInputPrivilege.HighPart = 0;
|
||||||
SeTcbPrivilege.LowPart = SE_TCB_PRIVILEGE;
|
SeTcbPrivilege.LowPart = SE_TCB_PRIVILEGE;
|
||||||
SeTcbPrivilege.HighPart = 0;
|
SeTcbPrivilege.HighPart = 0;
|
||||||
SeSecurityPrivilege.LowPart = SE_SECURITY_PRIVILEGE;
|
SeSecurityPrivilege.LowPart = SE_SECURITY_PRIVILEGE;
|
||||||
SeSecurityPrivilege.HighPart = 0;
|
SeSecurityPrivilege.HighPart = 0;
|
||||||
SeTakeOwnershipPrivilege.LowPart = SE_TAKE_OWNERSHIP_PRIVILEGE;
|
SeTakeOwnershipPrivilege.LowPart = SE_TAKE_OWNERSHIP_PRIVILEGE;
|
||||||
SeTakeOwnershipPrivilege.HighPart = 0;
|
SeTakeOwnershipPrivilege.HighPart = 0;
|
||||||
SeLoadDriverPrivilege.LowPart = SE_LOAD_DRIVER_PRIVILEGE;
|
SeLoadDriverPrivilege.LowPart = SE_LOAD_DRIVER_PRIVILEGE;
|
||||||
SeLoadDriverPrivilege.HighPart = 0;
|
SeLoadDriverPrivilege.HighPart = 0;
|
||||||
SeSystemProfilePrivilege.LowPart = SE_SYSTEM_PROFILE_PRIVILEGE;
|
SeSystemProfilePrivilege.LowPart = SE_SYSTEM_PROFILE_PRIVILEGE;
|
||||||
SeSystemProfilePrivilege.HighPart = 0;
|
SeSystemProfilePrivilege.HighPart = 0;
|
||||||
SeSystemtimePrivilege.LowPart = SE_SYSTEMTIME_PRIVILEGE;
|
SeSystemtimePrivilege.LowPart = SE_SYSTEMTIME_PRIVILEGE;
|
||||||
SeSystemtimePrivilege.HighPart = 0;
|
SeSystemtimePrivilege.HighPart = 0;
|
||||||
SeProfileSingleProcessPrivilege.LowPart = SE_PROF_SINGLE_PROCESS_PRIVILEGE;
|
SeProfileSingleProcessPrivilege.LowPart = SE_PROF_SINGLE_PROCESS_PRIVILEGE;
|
||||||
SeProfileSingleProcessPrivilege.HighPart = 0;
|
SeProfileSingleProcessPrivilege.HighPart = 0;
|
||||||
SeIncreaseBasePriorityPrivilege.LowPart = SE_INC_BASE_PRIORITY_PRIVILEGE;
|
SeIncreaseBasePriorityPrivilege.LowPart = SE_INC_BASE_PRIORITY_PRIVILEGE;
|
||||||
SeIncreaseBasePriorityPrivilege.HighPart = 0;
|
SeIncreaseBasePriorityPrivilege.HighPart = 0;
|
||||||
SeCreatePagefilePrivilege.LowPart = SE_CREATE_PAGEFILE_PRIVILEGE;
|
SeCreatePagefilePrivilege.LowPart = SE_CREATE_PAGEFILE_PRIVILEGE;
|
||||||
SeCreatePagefilePrivilege.HighPart = 0;
|
SeCreatePagefilePrivilege.HighPart = 0;
|
||||||
SeCreatePermanentPrivilege.LowPart = SE_CREATE_PERMANENT_PRIVILEGE;
|
SeCreatePermanentPrivilege.LowPart = SE_CREATE_PERMANENT_PRIVILEGE;
|
||||||
SeCreatePermanentPrivilege.HighPart = 0;
|
SeCreatePermanentPrivilege.HighPart = 0;
|
||||||
SeBackupPrivilege.LowPart = SE_BACKUP_PRIVILEGE;
|
SeBackupPrivilege.LowPart = SE_BACKUP_PRIVILEGE;
|
||||||
SeBackupPrivilege.HighPart = 0;
|
SeBackupPrivilege.HighPart = 0;
|
||||||
SeRestorePrivilege.LowPart = SE_RESTORE_PRIVILEGE;
|
SeRestorePrivilege.LowPart = SE_RESTORE_PRIVILEGE;
|
||||||
SeRestorePrivilege.HighPart = 0;
|
SeRestorePrivilege.HighPart = 0;
|
||||||
SeShutdownPrivilege.LowPart = SE_SHUTDOWN_PRIVILEGE;
|
SeShutdownPrivilege.LowPart = SE_SHUTDOWN_PRIVILEGE;
|
||||||
SeShutdownPrivilege.HighPart = 0;
|
SeShutdownPrivilege.HighPart = 0;
|
||||||
SeDebugPrivilege.LowPart = SE_DEBUG_PRIVILEGE;
|
SeDebugPrivilege.LowPart = SE_DEBUG_PRIVILEGE;
|
||||||
SeDebugPrivilege.HighPart = 0;
|
SeDebugPrivilege.HighPart = 0;
|
||||||
SeAuditPrivilege.LowPart = SE_AUDIT_PRIVILEGE;
|
SeAuditPrivilege.LowPart = SE_AUDIT_PRIVILEGE;
|
||||||
SeAuditPrivilege.HighPart = 0;
|
SeAuditPrivilege.HighPart = 0;
|
||||||
SeSystemEnvironmentPrivilege.LowPart = SE_SYSTEM_ENVIRONMENT_PRIVILEGE;
|
SeSystemEnvironmentPrivilege.LowPart = SE_SYSTEM_ENVIRONMENT_PRIVILEGE;
|
||||||
SeSystemEnvironmentPrivilege.HighPart = 0;
|
SeSystemEnvironmentPrivilege.HighPart = 0;
|
||||||
SeChangeNotifyPrivilege.LowPart = SE_CHANGE_NOTIFY_PRIVILEGE;
|
SeChangeNotifyPrivilege.LowPart = SE_CHANGE_NOTIFY_PRIVILEGE;
|
||||||
SeChangeNotifyPrivilege.HighPart = 0;
|
SeChangeNotifyPrivilege.HighPart = 0;
|
||||||
SeRemoteShutdownPrivilege.LowPart = SE_REMOTE_SHUTDOWN_PRIVILEGE;
|
SeRemoteShutdownPrivilege.LowPart = SE_REMOTE_SHUTDOWN_PRIVILEGE;
|
||||||
SeRemoteShutdownPrivilege.HighPart = 0;
|
SeRemoteShutdownPrivilege.HighPart = 0;
|
||||||
SeUndockPrivilege.LowPart = SE_UNDOCK_PRIVILEGE;
|
SeUndockPrivilege.LowPart = SE_UNDOCK_PRIVILEGE;
|
||||||
SeUndockPrivilege.HighPart = 0;
|
SeUndockPrivilege.HighPart = 0;
|
||||||
SeSyncAgentPrivilege.LowPart = SE_SYNC_AGENT_PRIVILEGE;
|
SeSyncAgentPrivilege.LowPart = SE_SYNC_AGENT_PRIVILEGE;
|
||||||
SeSyncAgentPrivilege.HighPart = 0;
|
SeSyncAgentPrivilege.HighPart = 0;
|
||||||
SeEnableDelegationPrivilege.LowPart = SE_ENABLE_DELEGATION_PRIVILEGE;
|
SeEnableDelegationPrivilege.LowPart = SE_ENABLE_DELEGATION_PRIVILEGE;
|
||||||
SeEnableDelegationPrivilege.HighPart = 0;
|
SeEnableDelegationPrivilege.HighPart = 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
BOOLEAN
|
BOOLEAN
|
||||||
NTAPI
|
NTAPI
|
||||||
SepPrivilegeCheck (PTOKEN Token,
|
SepPrivilegeCheck (PTOKEN Token,
|
||||||
PLUID_AND_ATTRIBUTES Privileges,
|
PLUID_AND_ATTRIBUTES Privileges,
|
||||||
ULONG PrivilegeCount,
|
ULONG PrivilegeCount,
|
||||||
ULONG PrivilegeControl,
|
ULONG PrivilegeControl,
|
||||||
KPROCESSOR_MODE PreviousMode)
|
KPROCESSOR_MODE PreviousMode)
|
||||||
{
|
{
|
||||||
ULONG i;
|
ULONG i;
|
||||||
ULONG j;
|
ULONG j;
|
||||||
ULONG k;
|
ULONG k;
|
||||||
|
|
||||||
DPRINT ("SepPrivilegeCheck() called\n");
|
DPRINT ("SepPrivilegeCheck() called\n");
|
||||||
|
|
||||||
PAGED_CODE();
|
PAGED_CODE();
|
||||||
|
|
||||||
if (PreviousMode == KernelMode)
|
if (PreviousMode == KernelMode)
|
||||||
{
|
{
|
||||||
return TRUE;
|
return TRUE;
|
||||||
}
|
}
|
||||||
|
|
||||||
k = 0;
|
k = 0;
|
||||||
if (PrivilegeCount > 0)
|
if (PrivilegeCount > 0)
|
||||||
{
|
{
|
||||||
for (i = 0; i < Token->PrivilegeCount; i++)
|
for (i = 0; i < Token->PrivilegeCount; i++)
|
||||||
{
|
{
|
||||||
for (j = 0; j < PrivilegeCount; j++)
|
for (j = 0; j < PrivilegeCount; j++)
|
||||||
{
|
{
|
||||||
if (Token->Privileges[i].Luid.LowPart == Privileges[j].Luid.LowPart &&
|
if (Token->Privileges[i].Luid.LowPart == Privileges[j].Luid.LowPart &&
|
||||||
Token->Privileges[i].Luid.HighPart == Privileges[j].Luid.HighPart)
|
Token->Privileges[i].Luid.HighPart == Privileges[j].Luid.HighPart)
|
||||||
{
|
{
|
||||||
DPRINT ("Found privilege\n");
|
DPRINT ("Found privilege\n");
|
||||||
DPRINT ("Privilege attributes %lx\n",
|
DPRINT ("Privilege attributes %lx\n",
|
||||||
Token->Privileges[i].Attributes);
|
Token->Privileges[i].Attributes);
|
||||||
|
|
||||||
if (Token->Privileges[i].Attributes & SE_PRIVILEGE_ENABLED)
|
if (Token->Privileges[i].Attributes & SE_PRIVILEGE_ENABLED)
|
||||||
{
|
{
|
||||||
Privileges[j].Attributes |= SE_PRIVILEGE_USED_FOR_ACCESS;
|
Privileges[j].Attributes |= SE_PRIVILEGE_USED_FOR_ACCESS;
|
||||||
k++;
|
k++;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if ((PrivilegeControl & PRIVILEGE_SET_ALL_NECESSARY) &&
|
if ((PrivilegeControl & PRIVILEGE_SET_ALL_NECESSARY) &&
|
||||||
PrivilegeCount == k)
|
PrivilegeCount == k)
|
||||||
{
|
{
|
||||||
return TRUE;
|
return TRUE;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (k > 0 &&
|
if (k > 0 &&
|
||||||
!(PrivilegeControl & PRIVILEGE_SET_ALL_NECESSARY))
|
!(PrivilegeControl & PRIVILEGE_SET_ALL_NECESSARY))
|
||||||
{
|
{
|
||||||
return TRUE;
|
return TRUE;
|
||||||
}
|
}
|
||||||
|
|
||||||
return FALSE;
|
return FALSE;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
NTSTATUS
|
NTSTATUS
|
||||||
NTAPI
|
NTAPI
|
||||||
SeCaptureLuidAndAttributesArray (PLUID_AND_ATTRIBUTES Src,
|
SeCaptureLuidAndAttributesArray (PLUID_AND_ATTRIBUTES Src,
|
||||||
ULONG PrivilegeCount,
|
ULONG PrivilegeCount,
|
||||||
KPROCESSOR_MODE PreviousMode,
|
KPROCESSOR_MODE PreviousMode,
|
||||||
PLUID_AND_ATTRIBUTES AllocatedMem,
|
PLUID_AND_ATTRIBUTES AllocatedMem,
|
||||||
ULONG AllocatedLength,
|
ULONG AllocatedLength,
|
||||||
POOL_TYPE PoolType,
|
POOL_TYPE PoolType,
|
||||||
BOOLEAN CaptureIfKernel,
|
BOOLEAN CaptureIfKernel,
|
||||||
PLUID_AND_ATTRIBUTES* Dest,
|
PLUID_AND_ATTRIBUTES* Dest,
|
||||||
PULONG Length)
|
PULONG Length)
|
||||||
{
|
{
|
||||||
ULONG BufferSize;
|
ULONG BufferSize;
|
||||||
NTSTATUS Status = STATUS_SUCCESS;
|
NTSTATUS Status = STATUS_SUCCESS;
|
||||||
|
|
||||||
PAGED_CODE();
|
PAGED_CODE();
|
||||||
|
|
||||||
if (PrivilegeCount == 0)
|
if (PrivilegeCount == 0)
|
||||||
{
|
{
|
||||||
*Dest = 0;
|
*Dest = 0;
|
||||||
*Length = 0;
|
*Length = 0;
|
||||||
return STATUS_SUCCESS;
|
return STATUS_SUCCESS;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (PreviousMode == KernelMode && !CaptureIfKernel)
|
if (PreviousMode == KernelMode && !CaptureIfKernel)
|
||||||
{
|
{
|
||||||
*Dest = Src;
|
*Dest = Src;
|
||||||
return STATUS_SUCCESS;
|
return STATUS_SUCCESS;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* FIXME - check PrivilegeCount for a valid number so we don't
|
/* FIXME - check PrivilegeCount for a valid number so we don't
|
||||||
cause an integer overflow or exhaust system resources! */
|
cause an integer overflow or exhaust system resources! */
|
||||||
|
|
||||||
BufferSize = PrivilegeCount * sizeof(LUID_AND_ATTRIBUTES);
|
BufferSize = PrivilegeCount * sizeof(LUID_AND_ATTRIBUTES);
|
||||||
*Length = ROUND_UP(BufferSize, 4); /* round up to a 4 byte alignment */
|
*Length = ROUND_UP(BufferSize, 4); /* round up to a 4 byte alignment */
|
||||||
|
|
||||||
/* probe the buffer */
|
/* probe the buffer */
|
||||||
if (PreviousMode != KernelMode)
|
if (PreviousMode != KernelMode)
|
||||||
{
|
{
|
||||||
|
@ -221,35 +218,35 @@ SeCaptureLuidAndAttributesArray (PLUID_AND_ATTRIBUTES Src,
|
||||||
Status = _SEH_GetExceptionCode();
|
Status = _SEH_GetExceptionCode();
|
||||||
}
|
}
|
||||||
_SEH_END;
|
_SEH_END;
|
||||||
|
|
||||||
if (!NT_SUCCESS(Status))
|
if (!NT_SUCCESS(Status))
|
||||||
{
|
{
|
||||||
return Status;
|
return Status;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/* allocate enough memory or check if the provided buffer is
|
/* allocate enough memory or check if the provided buffer is
|
||||||
large enough to hold the array */
|
large enough to hold the array */
|
||||||
if (AllocatedMem != NULL)
|
if (AllocatedMem != NULL)
|
||||||
{
|
{
|
||||||
if (AllocatedLength < BufferSize)
|
if (AllocatedLength < BufferSize)
|
||||||
{
|
{
|
||||||
return STATUS_BUFFER_TOO_SMALL;
|
return STATUS_BUFFER_TOO_SMALL;
|
||||||
}
|
}
|
||||||
|
|
||||||
*Dest = AllocatedMem;
|
*Dest = AllocatedMem;
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
*Dest = ExAllocatePool(PoolType,
|
*Dest = ExAllocatePool(PoolType,
|
||||||
BufferSize);
|
BufferSize);
|
||||||
|
|
||||||
if (&Dest == NULL)
|
if (&Dest == NULL)
|
||||||
{
|
{
|
||||||
return STATUS_INSUFFICIENT_RESOURCES;
|
return STATUS_INSUFFICIENT_RESOURCES;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/* copy the array to the buffer */
|
/* copy the array to the buffer */
|
||||||
_SEH_TRY
|
_SEH_TRY
|
||||||
{
|
{
|
||||||
|
@ -262,24 +259,23 @@ SeCaptureLuidAndAttributesArray (PLUID_AND_ATTRIBUTES Src,
|
||||||
Status = _SEH_GetExceptionCode();
|
Status = _SEH_GetExceptionCode();
|
||||||
}
|
}
|
||||||
_SEH_END;
|
_SEH_END;
|
||||||
|
|
||||||
if (!NT_SUCCESS(Status) && AllocatedMem == NULL)
|
if (!NT_SUCCESS(Status) && AllocatedMem == NULL)
|
||||||
{
|
{
|
||||||
ExFreePool(*Dest);
|
ExFreePool(*Dest);
|
||||||
}
|
}
|
||||||
|
|
||||||
return Status;
|
return Status;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
VOID
|
VOID
|
||||||
NTAPI
|
NTAPI
|
||||||
SeReleaseLuidAndAttributesArray (PLUID_AND_ATTRIBUTES Privilege,
|
SeReleaseLuidAndAttributesArray (PLUID_AND_ATTRIBUTES Privilege,
|
||||||
KPROCESSOR_MODE PreviousMode,
|
KPROCESSOR_MODE PreviousMode,
|
||||||
BOOLEAN CaptureIfKernel)
|
BOOLEAN CaptureIfKernel)
|
||||||
{
|
{
|
||||||
PAGED_CODE();
|
PAGED_CODE();
|
||||||
|
|
||||||
if (Privilege != NULL &&
|
if (Privilege != NULL &&
|
||||||
(PreviousMode != KernelMode || CaptureIfKernel))
|
(PreviousMode != KernelMode || CaptureIfKernel))
|
||||||
{
|
{
|
||||||
|
@ -287,208 +283,232 @@ SeReleaseLuidAndAttributesArray (PLUID_AND_ATTRIBUTES Privilege,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* PUBLIC FUNCTIONS ***********************************************************/
|
||||||
|
|
||||||
NTSTATUS STDCALL
|
/*
|
||||||
NtPrivilegeCheck (IN HANDLE ClientToken,
|
* @unimplemented
|
||||||
IN PPRIVILEGE_SET RequiredPrivileges,
|
*/
|
||||||
OUT PBOOLEAN Result)
|
NTSTATUS
|
||||||
|
STDCALL
|
||||||
|
SeAppendPrivileges(PACCESS_STATE AccessState,
|
||||||
|
PPRIVILEGE_SET Privileges)
|
||||||
{
|
{
|
||||||
PLUID_AND_ATTRIBUTES Privileges;
|
UNIMPLEMENTED;
|
||||||
PTOKEN Token;
|
return STATUS_NOT_IMPLEMENTED;
|
||||||
ULONG PrivilegeCount = 0;
|
|
||||||
ULONG PrivilegeControl = 0;
|
|
||||||
ULONG Length;
|
|
||||||
BOOLEAN CheckResult;
|
|
||||||
KPROCESSOR_MODE PreviousMode;
|
|
||||||
NTSTATUS Status = STATUS_SUCCESS;
|
|
||||||
|
|
||||||
PAGED_CODE();
|
|
||||||
|
|
||||||
PreviousMode = KeGetPreviousMode();
|
|
||||||
|
|
||||||
/* probe the buffers */
|
|
||||||
if (PreviousMode != KernelMode)
|
|
||||||
{
|
|
||||||
_SEH_TRY
|
|
||||||
{
|
|
||||||
ProbeForWrite(RequiredPrivileges,
|
|
||||||
FIELD_OFFSET(PRIVILEGE_SET,
|
|
||||||
Privilege),
|
|
||||||
sizeof(ULONG));
|
|
||||||
|
|
||||||
PrivilegeCount = RequiredPrivileges->PrivilegeCount;
|
|
||||||
PrivilegeControl = RequiredPrivileges->Control;
|
|
||||||
|
|
||||||
/* Check PrivilegeCount to avoid an integer overflow! */
|
|
||||||
if (FIELD_OFFSET(PRIVILEGE_SET,
|
|
||||||
Privilege[PrivilegeCount]) /
|
|
||||||
sizeof(RequiredPrivileges->Privilege[0]) != PrivilegeCount)
|
|
||||||
{
|
|
||||||
Status = STATUS_INVALID_PARAMETER;
|
|
||||||
_SEH_LEAVE;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* probe all of the array */
|
|
||||||
ProbeForWrite(RequiredPrivileges,
|
|
||||||
FIELD_OFFSET(PRIVILEGE_SET,
|
|
||||||
Privilege[PrivilegeCount]),
|
|
||||||
sizeof(ULONG));
|
|
||||||
|
|
||||||
ProbeForWriteBoolean(Result);
|
|
||||||
}
|
|
||||||
_SEH_HANDLE
|
|
||||||
{
|
|
||||||
Status = _SEH_GetExceptionCode();
|
|
||||||
}
|
|
||||||
_SEH_END;
|
|
||||||
|
|
||||||
if (!NT_SUCCESS(Status))
|
|
||||||
{
|
|
||||||
return Status;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
PrivilegeCount = RequiredPrivileges->PrivilegeCount;
|
|
||||||
PrivilegeControl = RequiredPrivileges->Control;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* reference the token and make sure we're
|
|
||||||
not doing an anonymous impersonation */
|
|
||||||
Status = ObReferenceObjectByHandle (ClientToken,
|
|
||||||
TOKEN_QUERY,
|
|
||||||
SepTokenObjectType,
|
|
||||||
PreviousMode,
|
|
||||||
(PVOID*)&Token,
|
|
||||||
NULL);
|
|
||||||
if (!NT_SUCCESS(Status))
|
|
||||||
{
|
|
||||||
return Status;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (Token->TokenType == TokenImpersonation &&
|
|
||||||
Token->ImpersonationLevel < SecurityIdentification)
|
|
||||||
{
|
|
||||||
ObDereferenceObject (Token);
|
|
||||||
return STATUS_BAD_IMPERSONATION_LEVEL;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* capture the privileges */
|
|
||||||
Status = SeCaptureLuidAndAttributesArray (RequiredPrivileges->Privilege,
|
|
||||||
PrivilegeCount,
|
|
||||||
PreviousMode,
|
|
||||||
NULL,
|
|
||||||
0,
|
|
||||||
PagedPool,
|
|
||||||
TRUE,
|
|
||||||
&Privileges,
|
|
||||||
&Length);
|
|
||||||
if (!NT_SUCCESS(Status))
|
|
||||||
{
|
|
||||||
ObDereferenceObject (Token);
|
|
||||||
return Status;
|
|
||||||
}
|
|
||||||
|
|
||||||
CheckResult = SepPrivilegeCheck (Token,
|
|
||||||
Privileges,
|
|
||||||
PrivilegeCount,
|
|
||||||
PrivilegeControl,
|
|
||||||
PreviousMode);
|
|
||||||
|
|
||||||
ObDereferenceObject (Token);
|
|
||||||
|
|
||||||
/* return the array */
|
|
||||||
_SEH_TRY
|
|
||||||
{
|
|
||||||
RtlCopyMemory(RequiredPrivileges->Privilege,
|
|
||||||
Privileges,
|
|
||||||
PrivilegeCount * sizeof(LUID_AND_ATTRIBUTES));
|
|
||||||
*Result = CheckResult;
|
|
||||||
Status = STATUS_SUCCESS;
|
|
||||||
}
|
|
||||||
_SEH_HANDLE
|
|
||||||
{
|
|
||||||
Status = _SEH_GetExceptionCode();
|
|
||||||
}
|
|
||||||
_SEH_END;
|
|
||||||
|
|
||||||
SeReleaseLuidAndAttributesArray (Privileges,
|
|
||||||
PreviousMode,
|
|
||||||
TRUE);
|
|
||||||
|
|
||||||
return Status;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* @unimplemented
|
||||||
|
*/
|
||||||
|
VOID
|
||||||
|
STDCALL
|
||||||
|
SeFreePrivileges(IN PPRIVILEGE_SET Privileges)
|
||||||
|
{
|
||||||
|
UNIMPLEMENTED;
|
||||||
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* @implemented
|
* @implemented
|
||||||
*/
|
*/
|
||||||
BOOLEAN STDCALL
|
BOOLEAN STDCALL
|
||||||
SePrivilegeCheck (PPRIVILEGE_SET Privileges,
|
SePrivilegeCheck (PPRIVILEGE_SET Privileges,
|
||||||
PSECURITY_SUBJECT_CONTEXT SubjectContext,
|
PSECURITY_SUBJECT_CONTEXT SubjectContext,
|
||||||
KPROCESSOR_MODE PreviousMode)
|
KPROCESSOR_MODE PreviousMode)
|
||||||
{
|
{
|
||||||
PACCESS_TOKEN Token = NULL;
|
PACCESS_TOKEN Token = NULL;
|
||||||
|
|
||||||
PAGED_CODE();
|
PAGED_CODE();
|
||||||
|
|
||||||
if (SubjectContext->ClientToken == NULL)
|
if (SubjectContext->ClientToken == NULL)
|
||||||
{
|
{
|
||||||
Token = SubjectContext->PrimaryToken;
|
Token = SubjectContext->PrimaryToken;
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
Token = SubjectContext->ClientToken;
|
Token = SubjectContext->ClientToken;
|
||||||
if (SubjectContext->ImpersonationLevel < 2)
|
if (SubjectContext->ImpersonationLevel < 2)
|
||||||
{
|
{
|
||||||
return FALSE;
|
return FALSE;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
return SepPrivilegeCheck (Token,
|
return SepPrivilegeCheck (Token,
|
||||||
Privileges->Privilege,
|
Privileges->Privilege,
|
||||||
Privileges->PrivilegeCount,
|
Privileges->PrivilegeCount,
|
||||||
Privileges->Control,
|
Privileges->Control,
|
||||||
PreviousMode);
|
PreviousMode);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* @implemented
|
* @implemented
|
||||||
*/
|
*/
|
||||||
BOOLEAN STDCALL
|
BOOLEAN STDCALL
|
||||||
SeSinglePrivilegeCheck (IN LUID PrivilegeValue,
|
SeSinglePrivilegeCheck (IN LUID PrivilegeValue,
|
||||||
IN KPROCESSOR_MODE PreviousMode)
|
IN KPROCESSOR_MODE PreviousMode)
|
||||||
{
|
{
|
||||||
SECURITY_SUBJECT_CONTEXT SubjectContext;
|
SECURITY_SUBJECT_CONTEXT SubjectContext;
|
||||||
PRIVILEGE_SET Priv;
|
PRIVILEGE_SET Priv;
|
||||||
BOOLEAN Result;
|
BOOLEAN Result;
|
||||||
|
|
||||||
PAGED_CODE();
|
PAGED_CODE();
|
||||||
|
|
||||||
SeCaptureSubjectContext (&SubjectContext);
|
SeCaptureSubjectContext (&SubjectContext);
|
||||||
|
|
||||||
Priv.PrivilegeCount = 1;
|
Priv.PrivilegeCount = 1;
|
||||||
Priv.Control = PRIVILEGE_SET_ALL_NECESSARY;
|
Priv.Control = PRIVILEGE_SET_ALL_NECESSARY;
|
||||||
Priv.Privilege[0].Luid = PrivilegeValue;
|
Priv.Privilege[0].Luid = PrivilegeValue;
|
||||||
Priv.Privilege[0].Attributes = SE_PRIVILEGE_ENABLED;
|
Priv.Privilege[0].Attributes = SE_PRIVILEGE_ENABLED;
|
||||||
|
|
||||||
Result = SePrivilegeCheck (&Priv,
|
Result = SePrivilegeCheck (&Priv,
|
||||||
&SubjectContext,
|
&SubjectContext,
|
||||||
PreviousMode);
|
PreviousMode);
|
||||||
|
|
||||||
if (PreviousMode != KernelMode)
|
if (PreviousMode != KernelMode)
|
||||||
{
|
{
|
||||||
#if 0
|
#if 0
|
||||||
SePrivilegedServiceAuditAlarm (0,
|
SePrivilegedServiceAuditAlarm (0,
|
||||||
&SubjectContext,
|
&SubjectContext,
|
||||||
&PrivilegeValue);
|
&PrivilegeValue);
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
|
|
||||||
SeReleaseSubjectContext (&SubjectContext);
|
SeReleaseSubjectContext (&SubjectContext);
|
||||||
|
|
||||||
return Result;
|
return Result;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* SYSTEM CALLS ***************************************************************/
|
||||||
|
|
||||||
|
NTSTATUS STDCALL
|
||||||
|
NtPrivilegeCheck (IN HANDLE ClientToken,
|
||||||
|
IN PPRIVILEGE_SET RequiredPrivileges,
|
||||||
|
OUT PBOOLEAN Result)
|
||||||
|
{
|
||||||
|
PLUID_AND_ATTRIBUTES Privileges;
|
||||||
|
PTOKEN Token;
|
||||||
|
ULONG PrivilegeCount = 0;
|
||||||
|
ULONG PrivilegeControl = 0;
|
||||||
|
ULONG Length;
|
||||||
|
BOOLEAN CheckResult;
|
||||||
|
KPROCESSOR_MODE PreviousMode;
|
||||||
|
NTSTATUS Status = STATUS_SUCCESS;
|
||||||
|
|
||||||
|
PAGED_CODE();
|
||||||
|
|
||||||
|
PreviousMode = KeGetPreviousMode();
|
||||||
|
|
||||||
|
/* probe the buffers */
|
||||||
|
if (PreviousMode != KernelMode)
|
||||||
|
{
|
||||||
|
_SEH_TRY
|
||||||
|
{
|
||||||
|
ProbeForWrite(RequiredPrivileges,
|
||||||
|
FIELD_OFFSET(PRIVILEGE_SET,
|
||||||
|
Privilege),
|
||||||
|
sizeof(ULONG));
|
||||||
|
|
||||||
|
PrivilegeCount = RequiredPrivileges->PrivilegeCount;
|
||||||
|
PrivilegeControl = RequiredPrivileges->Control;
|
||||||
|
|
||||||
|
/* Check PrivilegeCount to avoid an integer overflow! */
|
||||||
|
if (FIELD_OFFSET(PRIVILEGE_SET,
|
||||||
|
Privilege[PrivilegeCount]) /
|
||||||
|
sizeof(RequiredPrivileges->Privilege[0]) != PrivilegeCount)
|
||||||
|
{
|
||||||
|
Status = STATUS_INVALID_PARAMETER;
|
||||||
|
_SEH_LEAVE;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* probe all of the array */
|
||||||
|
ProbeForWrite(RequiredPrivileges,
|
||||||
|
FIELD_OFFSET(PRIVILEGE_SET,
|
||||||
|
Privilege[PrivilegeCount]),
|
||||||
|
sizeof(ULONG));
|
||||||
|
|
||||||
|
ProbeForWriteBoolean(Result);
|
||||||
|
}
|
||||||
|
_SEH_HANDLE
|
||||||
|
{
|
||||||
|
Status = _SEH_GetExceptionCode();
|
||||||
|
}
|
||||||
|
_SEH_END;
|
||||||
|
|
||||||
|
if (!NT_SUCCESS(Status))
|
||||||
|
{
|
||||||
|
return Status;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
PrivilegeCount = RequiredPrivileges->PrivilegeCount;
|
||||||
|
PrivilegeControl = RequiredPrivileges->Control;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* reference the token and make sure we're
|
||||||
|
not doing an anonymous impersonation */
|
||||||
|
Status = ObReferenceObjectByHandle (ClientToken,
|
||||||
|
TOKEN_QUERY,
|
||||||
|
SepTokenObjectType,
|
||||||
|
PreviousMode,
|
||||||
|
(PVOID*)&Token,
|
||||||
|
NULL);
|
||||||
|
if (!NT_SUCCESS(Status))
|
||||||
|
{
|
||||||
|
return Status;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (Token->TokenType == TokenImpersonation &&
|
||||||
|
Token->ImpersonationLevel < SecurityIdentification)
|
||||||
|
{
|
||||||
|
ObDereferenceObject (Token);
|
||||||
|
return STATUS_BAD_IMPERSONATION_LEVEL;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* capture the privileges */
|
||||||
|
Status = SeCaptureLuidAndAttributesArray (RequiredPrivileges->Privilege,
|
||||||
|
PrivilegeCount,
|
||||||
|
PreviousMode,
|
||||||
|
NULL,
|
||||||
|
0,
|
||||||
|
PagedPool,
|
||||||
|
TRUE,
|
||||||
|
&Privileges,
|
||||||
|
&Length);
|
||||||
|
if (!NT_SUCCESS(Status))
|
||||||
|
{
|
||||||
|
ObDereferenceObject (Token);
|
||||||
|
return Status;
|
||||||
|
}
|
||||||
|
|
||||||
|
CheckResult = SepPrivilegeCheck (Token,
|
||||||
|
Privileges,
|
||||||
|
PrivilegeCount,
|
||||||
|
PrivilegeControl,
|
||||||
|
PreviousMode);
|
||||||
|
|
||||||
|
ObDereferenceObject (Token);
|
||||||
|
|
||||||
|
/* return the array */
|
||||||
|
_SEH_TRY
|
||||||
|
{
|
||||||
|
RtlCopyMemory(RequiredPrivileges->Privilege,
|
||||||
|
Privileges,
|
||||||
|
PrivilegeCount * sizeof(LUID_AND_ATTRIBUTES));
|
||||||
|
*Result = CheckResult;
|
||||||
|
Status = STATUS_SUCCESS;
|
||||||
|
}
|
||||||
|
_SEH_HANDLE
|
||||||
|
{
|
||||||
|
Status = _SEH_GetExceptionCode();
|
||||||
|
}
|
||||||
|
_SEH_END;
|
||||||
|
|
||||||
|
SeReleaseLuidAndAttributesArray (Privileges,
|
||||||
|
PreviousMode,
|
||||||
|
TRUE);
|
||||||
|
|
||||||
|
return Status;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
/* EOF */
|
/* EOF */
|
||||||
|
|
File diff suppressed because it is too large
Load diff
File diff suppressed because it is too large
Load diff
|
@ -7,19 +7,17 @@
|
||||||
* PROGRAMMERS: David Welch <welch@cwcom.net>
|
* PROGRAMMERS: David Welch <welch@cwcom.net>
|
||||||
*/
|
*/
|
||||||
|
|
||||||
/* INCLUDES *****************************************************************/
|
/* INCLUDES *******************************************************************/
|
||||||
|
|
||||||
#include <ntoskrnl.h>
|
#include <ntoskrnl.h>
|
||||||
|
|
||||||
#define NDEBUG
|
#define NDEBUG
|
||||||
#include <internal/debug.h>
|
#include <debug.h>
|
||||||
|
|
||||||
#if defined (ALLOC_PRAGMA)
|
#if defined (ALLOC_PRAGMA)
|
||||||
#pragma alloc_text(INIT, SepInitSecurityIDs)
|
#pragma alloc_text(INIT, SepInitSecurityIDs)
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
/* GLOBALS ********************************************************************/
|
||||||
/* GLOBALS ******************************************************************/
|
|
||||||
|
|
||||||
SID_IDENTIFIER_AUTHORITY SeNullSidAuthority = {SECURITY_NULL_SID_AUTHORITY};
|
SID_IDENTIFIER_AUTHORITY SeNullSidAuthority = {SECURITY_NULL_SID_AUTHORITY};
|
||||||
SID_IDENTIFIER_AUTHORITY SeWorldSidAuthority = {SECURITY_WORLD_SID_AUTHORITY};
|
SID_IDENTIFIER_AUTHORITY SeWorldSidAuthority = {SECURITY_WORLD_SID_AUTHORITY};
|
||||||
|
@ -56,174 +54,172 @@ PSID SeAuthenticatedUsersSid = NULL;
|
||||||
PSID SeRestrictedSid = NULL;
|
PSID SeRestrictedSid = NULL;
|
||||||
PSID SeAnonymousLogonSid = NULL;
|
PSID SeAnonymousLogonSid = NULL;
|
||||||
|
|
||||||
|
/* FUNCTIONS ******************************************************************/
|
||||||
/* FUNCTIONS ****************************************************************/
|
|
||||||
|
|
||||||
|
|
||||||
BOOLEAN
|
BOOLEAN
|
||||||
INIT_FUNCTION
|
INIT_FUNCTION
|
||||||
NTAPI
|
NTAPI
|
||||||
SepInitSecurityIDs(VOID)
|
SepInitSecurityIDs(VOID)
|
||||||
{
|
{
|
||||||
ULONG SidLength0;
|
ULONG SidLength0;
|
||||||
ULONG SidLength1;
|
ULONG SidLength1;
|
||||||
ULONG SidLength2;
|
ULONG SidLength2;
|
||||||
PULONG SubAuthority;
|
PULONG SubAuthority;
|
||||||
|
|
||||||
SidLength0 = RtlLengthRequiredSid(0);
|
SidLength0 = RtlLengthRequiredSid(0);
|
||||||
SidLength1 = RtlLengthRequiredSid(1);
|
SidLength1 = RtlLengthRequiredSid(1);
|
||||||
SidLength2 = RtlLengthRequiredSid(2);
|
SidLength2 = RtlLengthRequiredSid(2);
|
||||||
|
|
||||||
/* create NullSid */
|
/* create NullSid */
|
||||||
SeNullSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
|
SeNullSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
|
||||||
SeWorldSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
|
SeWorldSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
|
||||||
SeLocalSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
|
SeLocalSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
|
||||||
SeCreatorOwnerSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
|
SeCreatorOwnerSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
|
||||||
SeCreatorGroupSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
|
SeCreatorGroupSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
|
||||||
SeCreatorOwnerServerSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
|
SeCreatorOwnerServerSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
|
||||||
SeCreatorGroupServerSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
|
SeCreatorGroupServerSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
|
||||||
SeNtAuthoritySid = ExAllocatePoolWithTag(PagedPool, SidLength0, TAG_SID);
|
SeNtAuthoritySid = ExAllocatePoolWithTag(PagedPool, SidLength0, TAG_SID);
|
||||||
SeDialupSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
|
SeDialupSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
|
||||||
SeNetworkSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
|
SeNetworkSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
|
||||||
SeBatchSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
|
SeBatchSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
|
||||||
SeInteractiveSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
|
SeInteractiveSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
|
||||||
SeServiceSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
|
SeServiceSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
|
||||||
SePrincipalSelfSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
|
SePrincipalSelfSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
|
||||||
SeLocalSystemSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
|
SeLocalSystemSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
|
||||||
SeAuthenticatedUserSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
|
SeAuthenticatedUserSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
|
||||||
SeRestrictedCodeSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
|
SeRestrictedCodeSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
|
||||||
SeAliasAdminsSid = ExAllocatePoolWithTag(PagedPool, SidLength2, TAG_SID);
|
SeAliasAdminsSid = ExAllocatePoolWithTag(PagedPool, SidLength2, TAG_SID);
|
||||||
SeAliasUsersSid = ExAllocatePoolWithTag(PagedPool, SidLength2, TAG_SID);
|
SeAliasUsersSid = ExAllocatePoolWithTag(PagedPool, SidLength2, TAG_SID);
|
||||||
SeAliasGuestsSid = ExAllocatePoolWithTag(PagedPool, SidLength2, TAG_SID);
|
SeAliasGuestsSid = ExAllocatePoolWithTag(PagedPool, SidLength2, TAG_SID);
|
||||||
SeAliasPowerUsersSid = ExAllocatePoolWithTag(PagedPool, SidLength2, TAG_SID);
|
SeAliasPowerUsersSid = ExAllocatePoolWithTag(PagedPool, SidLength2, TAG_SID);
|
||||||
SeAliasAccountOpsSid = ExAllocatePoolWithTag(PagedPool, SidLength2, TAG_SID);
|
SeAliasAccountOpsSid = ExAllocatePoolWithTag(PagedPool, SidLength2, TAG_SID);
|
||||||
SeAliasSystemOpsSid = ExAllocatePoolWithTag(PagedPool, SidLength2, TAG_SID);
|
SeAliasSystemOpsSid = ExAllocatePoolWithTag(PagedPool, SidLength2, TAG_SID);
|
||||||
SeAliasPrintOpsSid = ExAllocatePoolWithTag(PagedPool, SidLength2, TAG_SID);
|
SeAliasPrintOpsSid = ExAllocatePoolWithTag(PagedPool, SidLength2, TAG_SID);
|
||||||
SeAliasBackupOpsSid = ExAllocatePoolWithTag(PagedPool, SidLength2, TAG_SID);
|
SeAliasBackupOpsSid = ExAllocatePoolWithTag(PagedPool, SidLength2, TAG_SID);
|
||||||
SeAuthenticatedUsersSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
|
SeAuthenticatedUsersSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
|
||||||
SeRestrictedSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
|
SeRestrictedSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
|
||||||
SeAnonymousLogonSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
|
SeAnonymousLogonSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
|
||||||
|
|
||||||
if (SeNullSid == NULL || SeWorldSid == NULL ||
|
if (SeNullSid == NULL || SeWorldSid == NULL ||
|
||||||
SeLocalSid == NULL || SeCreatorOwnerSid == NULL ||
|
SeLocalSid == NULL || SeCreatorOwnerSid == NULL ||
|
||||||
SeCreatorGroupSid == NULL || SeCreatorOwnerServerSid == NULL ||
|
SeCreatorGroupSid == NULL || SeCreatorOwnerServerSid == NULL ||
|
||||||
SeCreatorGroupServerSid == NULL || SeNtAuthoritySid == NULL ||
|
SeCreatorGroupServerSid == NULL || SeNtAuthoritySid == NULL ||
|
||||||
SeDialupSid == NULL || SeNetworkSid == NULL || SeBatchSid == NULL ||
|
SeDialupSid == NULL || SeNetworkSid == NULL || SeBatchSid == NULL ||
|
||||||
SeInteractiveSid == NULL || SeServiceSid == NULL ||
|
SeInteractiveSid == NULL || SeServiceSid == NULL ||
|
||||||
SePrincipalSelfSid == NULL || SeLocalSystemSid == NULL ||
|
SePrincipalSelfSid == NULL || SeLocalSystemSid == NULL ||
|
||||||
SeAuthenticatedUserSid == NULL || SeRestrictedCodeSid == NULL ||
|
SeAuthenticatedUserSid == NULL || SeRestrictedCodeSid == NULL ||
|
||||||
SeAliasAdminsSid == NULL || SeAliasUsersSid == NULL ||
|
SeAliasAdminsSid == NULL || SeAliasUsersSid == NULL ||
|
||||||
SeAliasGuestsSid == NULL || SeAliasPowerUsersSid == NULL ||
|
SeAliasGuestsSid == NULL || SeAliasPowerUsersSid == NULL ||
|
||||||
SeAliasAccountOpsSid == NULL || SeAliasSystemOpsSid == NULL ||
|
SeAliasAccountOpsSid == NULL || SeAliasSystemOpsSid == NULL ||
|
||||||
SeAliasPrintOpsSid == NULL || SeAliasBackupOpsSid == NULL ||
|
SeAliasPrintOpsSid == NULL || SeAliasBackupOpsSid == NULL ||
|
||||||
SeAuthenticatedUsersSid == NULL || SeRestrictedSid == NULL ||
|
SeAuthenticatedUsersSid == NULL || SeRestrictedSid == NULL ||
|
||||||
SeAnonymousLogonSid == NULL)
|
SeAnonymousLogonSid == NULL)
|
||||||
{
|
{
|
||||||
/* FIXME: We're leaking memory here. */
|
/* FIXME: We're leaking memory here. */
|
||||||
return(FALSE);
|
return(FALSE);
|
||||||
}
|
}
|
||||||
|
|
||||||
RtlInitializeSid(SeNullSid, &SeNullSidAuthority, 1);
|
RtlInitializeSid(SeNullSid, &SeNullSidAuthority, 1);
|
||||||
RtlInitializeSid(SeWorldSid, &SeWorldSidAuthority, 1);
|
RtlInitializeSid(SeWorldSid, &SeWorldSidAuthority, 1);
|
||||||
RtlInitializeSid(SeLocalSid, &SeLocalSidAuthority, 1);
|
RtlInitializeSid(SeLocalSid, &SeLocalSidAuthority, 1);
|
||||||
RtlInitializeSid(SeCreatorOwnerSid, &SeCreatorSidAuthority, 1);
|
RtlInitializeSid(SeCreatorOwnerSid, &SeCreatorSidAuthority, 1);
|
||||||
RtlInitializeSid(SeCreatorGroupSid, &SeCreatorSidAuthority, 1);
|
RtlInitializeSid(SeCreatorGroupSid, &SeCreatorSidAuthority, 1);
|
||||||
RtlInitializeSid(SeCreatorOwnerServerSid, &SeCreatorSidAuthority, 1);
|
RtlInitializeSid(SeCreatorOwnerServerSid, &SeCreatorSidAuthority, 1);
|
||||||
RtlInitializeSid(SeCreatorGroupServerSid, &SeCreatorSidAuthority, 1);
|
RtlInitializeSid(SeCreatorGroupServerSid, &SeCreatorSidAuthority, 1);
|
||||||
RtlInitializeSid(SeNtAuthoritySid, &SeNtSidAuthority, 0);
|
RtlInitializeSid(SeNtAuthoritySid, &SeNtSidAuthority, 0);
|
||||||
RtlInitializeSid(SeDialupSid, &SeNtSidAuthority, 1);
|
RtlInitializeSid(SeDialupSid, &SeNtSidAuthority, 1);
|
||||||
RtlInitializeSid(SeNetworkSid, &SeNtSidAuthority, 1);
|
RtlInitializeSid(SeNetworkSid, &SeNtSidAuthority, 1);
|
||||||
RtlInitializeSid(SeBatchSid, &SeNtSidAuthority, 1);
|
RtlInitializeSid(SeBatchSid, &SeNtSidAuthority, 1);
|
||||||
RtlInitializeSid(SeInteractiveSid, &SeNtSidAuthority, 1);
|
RtlInitializeSid(SeInteractiveSid, &SeNtSidAuthority, 1);
|
||||||
RtlInitializeSid(SeServiceSid, &SeNtSidAuthority, 1);
|
RtlInitializeSid(SeServiceSid, &SeNtSidAuthority, 1);
|
||||||
RtlInitializeSid(SePrincipalSelfSid, &SeNtSidAuthority, 1);
|
RtlInitializeSid(SePrincipalSelfSid, &SeNtSidAuthority, 1);
|
||||||
RtlInitializeSid(SeLocalSystemSid, &SeNtSidAuthority, 1);
|
RtlInitializeSid(SeLocalSystemSid, &SeNtSidAuthority, 1);
|
||||||
RtlInitializeSid(SeAuthenticatedUserSid, &SeNtSidAuthority, 1);
|
RtlInitializeSid(SeAuthenticatedUserSid, &SeNtSidAuthority, 1);
|
||||||
RtlInitializeSid(SeRestrictedCodeSid, &SeNtSidAuthority, 1);
|
RtlInitializeSid(SeRestrictedCodeSid, &SeNtSidAuthority, 1);
|
||||||
RtlInitializeSid(SeAliasAdminsSid, &SeNtSidAuthority, 2);
|
RtlInitializeSid(SeAliasAdminsSid, &SeNtSidAuthority, 2);
|
||||||
RtlInitializeSid(SeAliasUsersSid, &SeNtSidAuthority, 2);
|
RtlInitializeSid(SeAliasUsersSid, &SeNtSidAuthority, 2);
|
||||||
RtlInitializeSid(SeAliasGuestsSid, &SeNtSidAuthority, 2);
|
RtlInitializeSid(SeAliasGuestsSid, &SeNtSidAuthority, 2);
|
||||||
RtlInitializeSid(SeAliasPowerUsersSid, &SeNtSidAuthority, 2);
|
RtlInitializeSid(SeAliasPowerUsersSid, &SeNtSidAuthority, 2);
|
||||||
RtlInitializeSid(SeAliasAccountOpsSid, &SeNtSidAuthority, 2);
|
RtlInitializeSid(SeAliasAccountOpsSid, &SeNtSidAuthority, 2);
|
||||||
RtlInitializeSid(SeAliasSystemOpsSid, &SeNtSidAuthority, 2);
|
RtlInitializeSid(SeAliasSystemOpsSid, &SeNtSidAuthority, 2);
|
||||||
RtlInitializeSid(SeAliasPrintOpsSid, &SeNtSidAuthority, 2);
|
RtlInitializeSid(SeAliasPrintOpsSid, &SeNtSidAuthority, 2);
|
||||||
RtlInitializeSid(SeAliasBackupOpsSid, &SeNtSidAuthority, 2);
|
RtlInitializeSid(SeAliasBackupOpsSid, &SeNtSidAuthority, 2);
|
||||||
RtlInitializeSid(SeAuthenticatedUsersSid, &SeNtSidAuthority, 1);
|
RtlInitializeSid(SeAuthenticatedUsersSid, &SeNtSidAuthority, 1);
|
||||||
RtlInitializeSid(SeRestrictedSid, &SeNtSidAuthority, 1);
|
RtlInitializeSid(SeRestrictedSid, &SeNtSidAuthority, 1);
|
||||||
RtlInitializeSid(SeAnonymousLogonSid, &SeNtSidAuthority, 1);
|
RtlInitializeSid(SeAnonymousLogonSid, &SeNtSidAuthority, 1);
|
||||||
|
|
||||||
SubAuthority = RtlSubAuthoritySid(SeNullSid, 0);
|
SubAuthority = RtlSubAuthoritySid(SeNullSid, 0);
|
||||||
*SubAuthority = SECURITY_NULL_RID;
|
*SubAuthority = SECURITY_NULL_RID;
|
||||||
SubAuthority = RtlSubAuthoritySid(SeWorldSid, 0);
|
SubAuthority = RtlSubAuthoritySid(SeWorldSid, 0);
|
||||||
*SubAuthority = SECURITY_WORLD_RID;
|
*SubAuthority = SECURITY_WORLD_RID;
|
||||||
SubAuthority = RtlSubAuthoritySid(SeLocalSid, 0);
|
SubAuthority = RtlSubAuthoritySid(SeLocalSid, 0);
|
||||||
*SubAuthority = SECURITY_LOCAL_RID;
|
*SubAuthority = SECURITY_LOCAL_RID;
|
||||||
SubAuthority = RtlSubAuthoritySid(SeCreatorOwnerSid, 0);
|
SubAuthority = RtlSubAuthoritySid(SeCreatorOwnerSid, 0);
|
||||||
*SubAuthority = SECURITY_CREATOR_OWNER_RID;
|
*SubAuthority = SECURITY_CREATOR_OWNER_RID;
|
||||||
SubAuthority = RtlSubAuthoritySid(SeCreatorGroupSid, 0);
|
SubAuthority = RtlSubAuthoritySid(SeCreatorGroupSid, 0);
|
||||||
*SubAuthority = SECURITY_CREATOR_GROUP_RID;
|
*SubAuthority = SECURITY_CREATOR_GROUP_RID;
|
||||||
SubAuthority = RtlSubAuthoritySid(SeCreatorOwnerServerSid, 0);
|
SubAuthority = RtlSubAuthoritySid(SeCreatorOwnerServerSid, 0);
|
||||||
*SubAuthority = SECURITY_CREATOR_OWNER_SERVER_RID;
|
*SubAuthority = SECURITY_CREATOR_OWNER_SERVER_RID;
|
||||||
SubAuthority = RtlSubAuthoritySid(SeCreatorGroupServerSid, 0);
|
SubAuthority = RtlSubAuthoritySid(SeCreatorGroupServerSid, 0);
|
||||||
*SubAuthority = SECURITY_CREATOR_GROUP_SERVER_RID;
|
*SubAuthority = SECURITY_CREATOR_GROUP_SERVER_RID;
|
||||||
SubAuthority = RtlSubAuthoritySid(SeDialupSid, 0);
|
SubAuthority = RtlSubAuthoritySid(SeDialupSid, 0);
|
||||||
*SubAuthority = SECURITY_DIALUP_RID;
|
*SubAuthority = SECURITY_DIALUP_RID;
|
||||||
SubAuthority = RtlSubAuthoritySid(SeNetworkSid, 0);
|
SubAuthority = RtlSubAuthoritySid(SeNetworkSid, 0);
|
||||||
*SubAuthority = SECURITY_NETWORK_RID;
|
*SubAuthority = SECURITY_NETWORK_RID;
|
||||||
SubAuthority = RtlSubAuthoritySid(SeBatchSid, 0);
|
SubAuthority = RtlSubAuthoritySid(SeBatchSid, 0);
|
||||||
*SubAuthority = SECURITY_BATCH_RID;
|
*SubAuthority = SECURITY_BATCH_RID;
|
||||||
SubAuthority = RtlSubAuthoritySid(SeInteractiveSid, 0);
|
SubAuthority = RtlSubAuthoritySid(SeInteractiveSid, 0);
|
||||||
*SubAuthority = SECURITY_INTERACTIVE_RID;
|
*SubAuthority = SECURITY_INTERACTIVE_RID;
|
||||||
SubAuthority = RtlSubAuthoritySid(SeServiceSid, 0);
|
SubAuthority = RtlSubAuthoritySid(SeServiceSid, 0);
|
||||||
*SubAuthority = SECURITY_SERVICE_RID;
|
*SubAuthority = SECURITY_SERVICE_RID;
|
||||||
SubAuthority = RtlSubAuthoritySid(SePrincipalSelfSid, 0);
|
SubAuthority = RtlSubAuthoritySid(SePrincipalSelfSid, 0);
|
||||||
*SubAuthority = SECURITY_PRINCIPAL_SELF_RID;
|
*SubAuthority = SECURITY_PRINCIPAL_SELF_RID;
|
||||||
SubAuthority = RtlSubAuthoritySid(SeLocalSystemSid, 0);
|
SubAuthority = RtlSubAuthoritySid(SeLocalSystemSid, 0);
|
||||||
*SubAuthority = SECURITY_LOCAL_SYSTEM_RID;
|
*SubAuthority = SECURITY_LOCAL_SYSTEM_RID;
|
||||||
SubAuthority = RtlSubAuthoritySid(SeAuthenticatedUserSid, 0);
|
SubAuthority = RtlSubAuthoritySid(SeAuthenticatedUserSid, 0);
|
||||||
*SubAuthority = SECURITY_AUTHENTICATED_USER_RID;
|
*SubAuthority = SECURITY_AUTHENTICATED_USER_RID;
|
||||||
SubAuthority = RtlSubAuthoritySid(SeRestrictedCodeSid, 0);
|
SubAuthority = RtlSubAuthoritySid(SeRestrictedCodeSid, 0);
|
||||||
*SubAuthority = SECURITY_RESTRICTED_CODE_RID;
|
*SubAuthority = SECURITY_RESTRICTED_CODE_RID;
|
||||||
SubAuthority = RtlSubAuthoritySid(SeAliasAdminsSid, 0);
|
SubAuthority = RtlSubAuthoritySid(SeAliasAdminsSid, 0);
|
||||||
*SubAuthority = SECURITY_BUILTIN_DOMAIN_RID;
|
*SubAuthority = SECURITY_BUILTIN_DOMAIN_RID;
|
||||||
SubAuthority = RtlSubAuthoritySid(SeAliasAdminsSid, 1);
|
SubAuthority = RtlSubAuthoritySid(SeAliasAdminsSid, 1);
|
||||||
*SubAuthority = DOMAIN_ALIAS_RID_ADMINS;
|
*SubAuthority = DOMAIN_ALIAS_RID_ADMINS;
|
||||||
SubAuthority = RtlSubAuthoritySid(SeAliasUsersSid, 0);
|
SubAuthority = RtlSubAuthoritySid(SeAliasUsersSid, 0);
|
||||||
*SubAuthority = SECURITY_BUILTIN_DOMAIN_RID;
|
*SubAuthority = SECURITY_BUILTIN_DOMAIN_RID;
|
||||||
SubAuthority = RtlSubAuthoritySid(SeAliasUsersSid, 1);
|
SubAuthority = RtlSubAuthoritySid(SeAliasUsersSid, 1);
|
||||||
*SubAuthority = DOMAIN_ALIAS_RID_USERS;
|
*SubAuthority = DOMAIN_ALIAS_RID_USERS;
|
||||||
SubAuthority = RtlSubAuthoritySid(SeAliasGuestsSid, 0);
|
SubAuthority = RtlSubAuthoritySid(SeAliasGuestsSid, 0);
|
||||||
*SubAuthority = SECURITY_BUILTIN_DOMAIN_RID;
|
*SubAuthority = SECURITY_BUILTIN_DOMAIN_RID;
|
||||||
SubAuthority = RtlSubAuthoritySid(SeAliasGuestsSid, 1);
|
SubAuthority = RtlSubAuthoritySid(SeAliasGuestsSid, 1);
|
||||||
*SubAuthority = DOMAIN_ALIAS_RID_GUESTS;
|
*SubAuthority = DOMAIN_ALIAS_RID_GUESTS;
|
||||||
SubAuthority = RtlSubAuthoritySid(SeAliasPowerUsersSid, 0);
|
SubAuthority = RtlSubAuthoritySid(SeAliasPowerUsersSid, 0);
|
||||||
*SubAuthority = SECURITY_BUILTIN_DOMAIN_RID;
|
*SubAuthority = SECURITY_BUILTIN_DOMAIN_RID;
|
||||||
SubAuthority = RtlSubAuthoritySid(SeAliasPowerUsersSid, 1);
|
SubAuthority = RtlSubAuthoritySid(SeAliasPowerUsersSid, 1);
|
||||||
*SubAuthority = DOMAIN_ALIAS_RID_POWER_USERS;
|
*SubAuthority = DOMAIN_ALIAS_RID_POWER_USERS;
|
||||||
SubAuthority = RtlSubAuthoritySid(SeAliasAccountOpsSid, 0);
|
SubAuthority = RtlSubAuthoritySid(SeAliasAccountOpsSid, 0);
|
||||||
*SubAuthority = SECURITY_BUILTIN_DOMAIN_RID;
|
*SubAuthority = SECURITY_BUILTIN_DOMAIN_RID;
|
||||||
SubAuthority = RtlSubAuthoritySid(SeAliasAccountOpsSid, 1);
|
SubAuthority = RtlSubAuthoritySid(SeAliasAccountOpsSid, 1);
|
||||||
*SubAuthority = DOMAIN_ALIAS_RID_ACCOUNT_OPS;
|
*SubAuthority = DOMAIN_ALIAS_RID_ACCOUNT_OPS;
|
||||||
SubAuthority = RtlSubAuthoritySid(SeAliasSystemOpsSid, 0);
|
SubAuthority = RtlSubAuthoritySid(SeAliasSystemOpsSid, 0);
|
||||||
*SubAuthority = SECURITY_BUILTIN_DOMAIN_RID;
|
*SubAuthority = SECURITY_BUILTIN_DOMAIN_RID;
|
||||||
SubAuthority = RtlSubAuthoritySid(SeAliasSystemOpsSid, 1);
|
SubAuthority = RtlSubAuthoritySid(SeAliasSystemOpsSid, 1);
|
||||||
*SubAuthority = DOMAIN_ALIAS_RID_SYSTEM_OPS;
|
*SubAuthority = DOMAIN_ALIAS_RID_SYSTEM_OPS;
|
||||||
SubAuthority = RtlSubAuthoritySid(SeAliasPrintOpsSid, 0);
|
SubAuthority = RtlSubAuthoritySid(SeAliasPrintOpsSid, 0);
|
||||||
*SubAuthority = SECURITY_BUILTIN_DOMAIN_RID;
|
*SubAuthority = SECURITY_BUILTIN_DOMAIN_RID;
|
||||||
SubAuthority = RtlSubAuthoritySid(SeAliasPrintOpsSid, 1);
|
SubAuthority = RtlSubAuthoritySid(SeAliasPrintOpsSid, 1);
|
||||||
*SubAuthority = DOMAIN_ALIAS_RID_PRINT_OPS;
|
*SubAuthority = DOMAIN_ALIAS_RID_PRINT_OPS;
|
||||||
SubAuthority = RtlSubAuthoritySid(SeAliasBackupOpsSid, 0);
|
SubAuthority = RtlSubAuthoritySid(SeAliasBackupOpsSid, 0);
|
||||||
*SubAuthority = SECURITY_BUILTIN_DOMAIN_RID;
|
*SubAuthority = SECURITY_BUILTIN_DOMAIN_RID;
|
||||||
SubAuthority = RtlSubAuthoritySid(SeAliasBackupOpsSid, 1);
|
SubAuthority = RtlSubAuthoritySid(SeAliasBackupOpsSid, 1);
|
||||||
*SubAuthority = DOMAIN_ALIAS_RID_BACKUP_OPS;
|
*SubAuthority = DOMAIN_ALIAS_RID_BACKUP_OPS;
|
||||||
SubAuthority = RtlSubAuthoritySid(SeAuthenticatedUsersSid, 0);
|
SubAuthority = RtlSubAuthoritySid(SeAuthenticatedUsersSid, 0);
|
||||||
*SubAuthority = SECURITY_AUTHENTICATED_USER_RID;
|
*SubAuthority = SECURITY_AUTHENTICATED_USER_RID;
|
||||||
SubAuthority = RtlSubAuthoritySid(SeRestrictedSid, 0);
|
SubAuthority = RtlSubAuthoritySid(SeRestrictedSid, 0);
|
||||||
*SubAuthority = SECURITY_RESTRICTED_CODE_RID;
|
*SubAuthority = SECURITY_RESTRICTED_CODE_RID;
|
||||||
SubAuthority = RtlSubAuthoritySid(SeAnonymousLogonSid, 0);
|
SubAuthority = RtlSubAuthoritySid(SeAnonymousLogonSid, 0);
|
||||||
*SubAuthority = SECURITY_ANONYMOUS_LOGON_RID;
|
*SubAuthority = SECURITY_ANONYMOUS_LOGON_RID;
|
||||||
|
|
||||||
return(TRUE);
|
return(TRUE);
|
||||||
}
|
}
|
||||||
|
|
||||||
NTSTATUS
|
NTSTATUS
|
||||||
|
@ -234,86 +230,86 @@ SepCaptureSid(IN PSID InputSid,
|
||||||
IN BOOLEAN CaptureIfKernel,
|
IN BOOLEAN CaptureIfKernel,
|
||||||
OUT PSID *CapturedSid)
|
OUT PSID *CapturedSid)
|
||||||
{
|
{
|
||||||
ULONG SidSize = 0;
|
ULONG SidSize = 0;
|
||||||
PISID NewSid, Sid = (PISID)InputSid;
|
PISID NewSid, Sid = (PISID)InputSid;
|
||||||
NTSTATUS Status = STATUS_SUCCESS;
|
NTSTATUS Status = STATUS_SUCCESS;
|
||||||
|
|
||||||
PAGED_CODE();
|
PAGED_CODE();
|
||||||
|
|
||||||
if(AccessMode != KernelMode)
|
if(AccessMode != KernelMode)
|
||||||
{
|
|
||||||
_SEH_TRY
|
|
||||||
{
|
{
|
||||||
ProbeForRead(Sid,
|
|
||||||
FIELD_OFFSET(SID,
|
|
||||||
SubAuthority),
|
|
||||||
sizeof(UCHAR));
|
|
||||||
SidSize = RtlLengthRequiredSid(Sid->SubAuthorityCount);
|
|
||||||
ProbeForRead(Sid,
|
|
||||||
SidSize,
|
|
||||||
sizeof(UCHAR));
|
|
||||||
}
|
|
||||||
_SEH_HANDLE
|
|
||||||
{
|
|
||||||
Status = _SEH_GetExceptionCode();
|
|
||||||
}
|
|
||||||
_SEH_END;
|
|
||||||
|
|
||||||
if(NT_SUCCESS(Status))
|
|
||||||
{
|
|
||||||
/* allocate a SID and copy it */
|
|
||||||
NewSid = ExAllocatePool(PoolType,
|
|
||||||
SidSize);
|
|
||||||
if(NewSid != NULL)
|
|
||||||
{
|
|
||||||
_SEH_TRY
|
_SEH_TRY
|
||||||
{
|
{
|
||||||
RtlCopyMemory(NewSid,
|
ProbeForRead(Sid,
|
||||||
Sid,
|
FIELD_OFFSET(SID,
|
||||||
SidSize);
|
SubAuthority),
|
||||||
|
sizeof(UCHAR));
|
||||||
*CapturedSid = NewSid;
|
SidSize = RtlLengthRequiredSid(Sid->SubAuthorityCount);
|
||||||
|
ProbeForRead(Sid,
|
||||||
|
SidSize,
|
||||||
|
sizeof(UCHAR));
|
||||||
}
|
}
|
||||||
_SEH_HANDLE
|
_SEH_HANDLE
|
||||||
{
|
{
|
||||||
ExFreePool(NewSid);
|
Status = _SEH_GetExceptionCode();
|
||||||
Status = _SEH_GetExceptionCode();
|
|
||||||
}
|
}
|
||||||
_SEH_END;
|
_SEH_END;
|
||||||
}
|
|
||||||
else
|
if(NT_SUCCESS(Status))
|
||||||
{
|
{
|
||||||
Status = STATUS_INSUFFICIENT_RESOURCES;
|
/* allocate a SID and copy it */
|
||||||
}
|
NewSid = ExAllocatePool(PoolType,
|
||||||
|
SidSize);
|
||||||
|
if(NewSid != NULL)
|
||||||
|
{
|
||||||
|
_SEH_TRY
|
||||||
|
{
|
||||||
|
RtlCopyMemory(NewSid,
|
||||||
|
Sid,
|
||||||
|
SidSize);
|
||||||
|
|
||||||
|
*CapturedSid = NewSid;
|
||||||
|
}
|
||||||
|
_SEH_HANDLE
|
||||||
|
{
|
||||||
|
ExFreePool(NewSid);
|
||||||
|
Status = _SEH_GetExceptionCode();
|
||||||
|
}
|
||||||
|
_SEH_END;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
Status = STATUS_INSUFFICIENT_RESOURCES;
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
else if(!CaptureIfKernel)
|
||||||
else if(!CaptureIfKernel)
|
|
||||||
{
|
|
||||||
*CapturedSid = InputSid;
|
|
||||||
return STATUS_SUCCESS;
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
SidSize = RtlLengthRequiredSid(Sid->SubAuthorityCount);
|
|
||||||
|
|
||||||
/* allocate a SID and copy it */
|
|
||||||
NewSid = ExAllocatePool(PoolType,
|
|
||||||
SidSize);
|
|
||||||
if(NewSid != NULL)
|
|
||||||
{
|
{
|
||||||
RtlCopyMemory(NewSid,
|
*CapturedSid = InputSid;
|
||||||
Sid,
|
return STATUS_SUCCESS;
|
||||||
SidSize);
|
|
||||||
|
|
||||||
*CapturedSid = NewSid;
|
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
Status = STATUS_INSUFFICIENT_RESOURCES;
|
SidSize = RtlLengthRequiredSid(Sid->SubAuthorityCount);
|
||||||
|
|
||||||
|
/* allocate a SID and copy it */
|
||||||
|
NewSid = ExAllocatePool(PoolType,
|
||||||
|
SidSize);
|
||||||
|
if(NewSid != NULL)
|
||||||
|
{
|
||||||
|
RtlCopyMemory(NewSid,
|
||||||
|
Sid,
|
||||||
|
SidSize);
|
||||||
|
|
||||||
|
*CapturedSid = NewSid;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
Status = STATUS_INSUFFICIENT_RESOURCES;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
|
||||||
|
return Status;
|
||||||
return Status;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
VOID
|
VOID
|
||||||
|
@ -322,14 +318,14 @@ SepReleaseSid(IN PSID CapturedSid,
|
||||||
IN KPROCESSOR_MODE AccessMode,
|
IN KPROCESSOR_MODE AccessMode,
|
||||||
IN BOOLEAN CaptureIfKernel)
|
IN BOOLEAN CaptureIfKernel)
|
||||||
{
|
{
|
||||||
PAGED_CODE();
|
PAGED_CODE();
|
||||||
|
|
||||||
if(CapturedSid != NULL &&
|
if(CapturedSid != NULL &&
|
||||||
(AccessMode != KernelMode ||
|
(AccessMode != KernelMode ||
|
||||||
(AccessMode == KernelMode && CaptureIfKernel)))
|
(AccessMode == KernelMode && CaptureIfKernel)))
|
||||||
{
|
{
|
||||||
ExFreePool(CapturedSid);
|
ExFreePool(CapturedSid);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/* EOF */
|
/* EOF */
|
||||||
|
|
File diff suppressed because it is too large
Load diff
Loading…
Reference in a new issue