mirror of
https://github.com/reactos/reactos.git
synced 2024-06-29 01:12:06 +00:00
- Reformat Se code and put functions to more appropriate locations.
svn path=/trunk/; revision=33129
This commit is contained in:
parent
c72bfe8de2
commit
9dc0da2dea
|
@ -40,8 +40,8 @@ static BOOLEAN UuidSequenceInitialized = FALSE;
|
|||
static BOOLEAN UuidSequenceChanged = FALSE;
|
||||
static UCHAR UuidSeed[SEED_BUFFER_SIZE];
|
||||
static ULONG UuidCount;
|
||||
|
||||
|
||||
static LARGE_INTEGER LuidIncrement;
|
||||
static LARGE_INTEGER LuidValue;
|
||||
|
||||
/* FUNCTIONS ****************************************************************/
|
||||
|
||||
|
@ -214,6 +214,91 @@ ExpCreateUuids(PULARGE_INTEGER Time,
|
|||
return STATUS_SUCCESS;
|
||||
}
|
||||
|
||||
VOID
|
||||
INIT_FUNCTION
|
||||
NTAPI
|
||||
ExpInitLuid(VOID)
|
||||
{
|
||||
LUID DummyLuidValue = SYSTEM_LUID;
|
||||
|
||||
LuidValue.u.HighPart = DummyLuidValue.HighPart;
|
||||
LuidValue.u.LowPart = DummyLuidValue.LowPart;
|
||||
LuidIncrement.QuadPart = 1;
|
||||
}
|
||||
|
||||
|
||||
NTSTATUS
|
||||
NTAPI
|
||||
ExpAllocateLocallyUniqueId(OUT LUID *LocallyUniqueId)
|
||||
{
|
||||
LARGE_INTEGER NewLuid, PrevLuid;
|
||||
|
||||
/* atomically increment the luid */
|
||||
do
|
||||
{
|
||||
PrevLuid = LuidValue;
|
||||
NewLuid = RtlLargeIntegerAdd(PrevLuid,
|
||||
LuidIncrement);
|
||||
} while(ExfInterlockedCompareExchange64(&LuidValue.QuadPart,
|
||||
&NewLuid.QuadPart,
|
||||
&PrevLuid.QuadPart) != PrevLuid.QuadPart);
|
||||
|
||||
LocallyUniqueId->LowPart = NewLuid.u.LowPart;
|
||||
LocallyUniqueId->HighPart = NewLuid.u.HighPart;
|
||||
|
||||
return STATUS_SUCCESS;
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
* @implemented
|
||||
*/
|
||||
NTSTATUS STDCALL
|
||||
NtAllocateLocallyUniqueId(OUT LUID *LocallyUniqueId)
|
||||
{
|
||||
LUID NewLuid;
|
||||
KPROCESSOR_MODE PreviousMode;
|
||||
NTSTATUS Status = STATUS_SUCCESS;
|
||||
|
||||
PAGED_CODE();
|
||||
|
||||
PreviousMode = ExGetPreviousMode();
|
||||
|
||||
if(PreviousMode != KernelMode)
|
||||
{
|
||||
_SEH_TRY
|
||||
{
|
||||
ProbeForWrite(LocallyUniqueId,
|
||||
sizeof(LUID),
|
||||
sizeof(ULONG));
|
||||
}
|
||||
_SEH_HANDLE
|
||||
{
|
||||
Status = _SEH_GetExceptionCode();
|
||||
}
|
||||
_SEH_END;
|
||||
|
||||
if(!NT_SUCCESS(Status))
|
||||
{
|
||||
return Status;
|
||||
}
|
||||
}
|
||||
|
||||
Status = ExpAllocateLocallyUniqueId(&NewLuid);
|
||||
|
||||
_SEH_TRY
|
||||
{
|
||||
*LocallyUniqueId = NewLuid;
|
||||
}
|
||||
_SEH_HANDLE
|
||||
{
|
||||
Status = _SEH_GetExceptionCode();
|
||||
}
|
||||
_SEH_END;
|
||||
|
||||
return Status;
|
||||
}
|
||||
|
||||
/*
|
||||
* @unimplemented
|
||||
*/
|
||||
|
|
|
@ -94,7 +94,7 @@ SeInitSRM(VOID);
|
|||
|
||||
VOID
|
||||
NTAPI
|
||||
SepInitLuid(VOID);
|
||||
ExpInitLuid(VOID);
|
||||
|
||||
VOID
|
||||
NTAPI
|
||||
|
@ -315,6 +315,15 @@ SeSetWorldSecurityDescriptor(
|
|||
PULONG BufferLength
|
||||
);
|
||||
|
||||
NTSTATUS
|
||||
STDCALL
|
||||
SeCopyClientToken(
|
||||
IN PACCESS_TOKEN Token,
|
||||
IN SECURITY_IMPERSONATION_LEVEL Level,
|
||||
IN KPROCESSOR_MODE PreviousMode,
|
||||
OUT PACCESS_TOKEN* NewToken
|
||||
);
|
||||
|
||||
#define SepAcquireTokenLockExclusive(Token) \
|
||||
do { \
|
||||
KeEnterCriticalRegion(); \
|
||||
|
|
|
@ -425,7 +425,6 @@
|
|||
<file>acl.c</file>
|
||||
<file>audit.c</file>
|
||||
<file>lsa.c</file>
|
||||
<file>luid.c</file>
|
||||
<file>priv.c</file>
|
||||
<file>sd.c</file>
|
||||
<file>semgr.c</file>
|
||||
|
|
|
@ -8,14 +8,114 @@
|
|||
* Based on patch by Javier M. Mellid
|
||||
*/
|
||||
|
||||
/* INCLUDES *****************************************************************/
|
||||
/* INCLUDES *******************************************************************/
|
||||
|
||||
#include <ntoskrnl.h>
|
||||
#define NDEBUG
|
||||
#include <internal/debug.h>
|
||||
#include <debug.h>
|
||||
|
||||
/* FUNCTIONS ***************************************************************/
|
||||
/* GLOBALS ********************************************************************/
|
||||
|
||||
ERESOURCE SepSubjectContextLock;
|
||||
|
||||
/* FUNCTIONS ******************************************************************/
|
||||
|
||||
/*
|
||||
* @implemented
|
||||
*/
|
||||
VOID
|
||||
NTAPI
|
||||
SeCaptureSubjectContextEx(IN PETHREAD Thread,
|
||||
IN PEPROCESS Process,
|
||||
OUT PSECURITY_SUBJECT_CONTEXT SubjectContext)
|
||||
{
|
||||
BOOLEAN CopyOnOpen, EffectiveOnly;
|
||||
PAGED_CODE();
|
||||
|
||||
/* Save the unique ID */
|
||||
SubjectContext->ProcessAuditId = Process->UniqueProcessId;
|
||||
|
||||
/* Check if we have a thread */
|
||||
if (!Thread)
|
||||
{
|
||||
/* We don't, so no token */
|
||||
SubjectContext->ClientToken = NULL;
|
||||
}
|
||||
else
|
||||
{
|
||||
/* Get the impersonation token */
|
||||
SubjectContext->ClientToken = PsReferenceImpersonationToken(Thread,
|
||||
&CopyOnOpen,
|
||||
&EffectiveOnly,
|
||||
&SubjectContext->ImpersonationLevel);
|
||||
}
|
||||
|
||||
/* Get the primary token */
|
||||
SubjectContext->PrimaryToken = PsReferencePrimaryToken(Process);
|
||||
}
|
||||
|
||||
/*
|
||||
* @implemented
|
||||
*/
|
||||
VOID
|
||||
NTAPI
|
||||
SeCaptureSubjectContext(OUT PSECURITY_SUBJECT_CONTEXT SubjectContext)
|
||||
{
|
||||
/* Call the extended API */
|
||||
SeCaptureSubjectContextEx(PsGetCurrentThread(),
|
||||
PsGetCurrentProcess(),
|
||||
SubjectContext);
|
||||
}
|
||||
|
||||
/*
|
||||
* @implemented
|
||||
*/
|
||||
VOID
|
||||
NTAPI
|
||||
SeLockSubjectContext(IN PSECURITY_SUBJECT_CONTEXT SubjectContext)
|
||||
{
|
||||
PAGED_CODE();
|
||||
|
||||
KeEnterCriticalRegion();
|
||||
ExAcquireResourceExclusiveLite(&SepSubjectContextLock, TRUE);
|
||||
}
|
||||
|
||||
/*
|
||||
* @implemented
|
||||
*/
|
||||
VOID
|
||||
NTAPI
|
||||
SeUnlockSubjectContext(IN PSECURITY_SUBJECT_CONTEXT SubjectContext)
|
||||
{
|
||||
PAGED_CODE();
|
||||
|
||||
ExReleaseResourceLite(&SepSubjectContextLock);
|
||||
KeLeaveCriticalRegion();
|
||||
}
|
||||
|
||||
/*
|
||||
* @implemented
|
||||
*/
|
||||
VOID
|
||||
NTAPI
|
||||
SeReleaseSubjectContext(IN PSECURITY_SUBJECT_CONTEXT SubjectContext)
|
||||
{
|
||||
PAGED_CODE();
|
||||
|
||||
if (SubjectContext->PrimaryToken != NULL)
|
||||
{
|
||||
ObFastDereferenceObject(&PsGetCurrentProcess()->Token, SubjectContext->PrimaryToken);
|
||||
}
|
||||
|
||||
if (SubjectContext->ClientToken != NULL)
|
||||
{
|
||||
ObDereferenceObject(SubjectContext->ClientToken);
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* @implemented
|
||||
*/
|
||||
NTSTATUS
|
||||
NTAPI
|
||||
SeCreateAccessStateEx(IN PETHREAD Thread,
|
||||
|
@ -83,7 +183,7 @@ SeCreateAccessState(IN OUT PACCESS_STATE AccessState,
|
|||
{
|
||||
PAGED_CODE();
|
||||
|
||||
/* Call the internal API */
|
||||
/* Call the extended API */
|
||||
return SeCreateAccessStateEx(PsGetCurrentThread(),
|
||||
PsGetCurrentProcess(),
|
||||
AccessState,
|
||||
|
@ -127,8 +227,8 @@ SeDeleteAccessState(IN PACCESS_STATE AccessState)
|
|||
*/
|
||||
VOID
|
||||
STDCALL
|
||||
SeSetAccessStateGenericMapping(PACCESS_STATE AccessState,
|
||||
PGENERIC_MAPPING GenericMapping)
|
||||
SeSetAccessStateGenericMapping(IN PACCESS_STATE AccessState,
|
||||
IN PGENERIC_MAPPING GenericMapping)
|
||||
{
|
||||
PAGED_CODE();
|
||||
|
||||
|
@ -136,4 +236,137 @@ SeSetAccessStateGenericMapping(PACCESS_STATE AccessState,
|
|||
((PAUX_DATA)AccessState->AuxData)->GenericMapping = *GenericMapping;
|
||||
}
|
||||
|
||||
/*
|
||||
* @implemented
|
||||
*/
|
||||
NTSTATUS
|
||||
NTAPI
|
||||
SeCreateClientSecurity(IN PETHREAD Thread,
|
||||
IN PSECURITY_QUALITY_OF_SERVICE Qos,
|
||||
IN BOOLEAN RemoteClient,
|
||||
OUT PSECURITY_CLIENT_CONTEXT ClientContext)
|
||||
{
|
||||
TOKEN_TYPE TokenType;
|
||||
BOOLEAN ThreadEffectiveOnly;
|
||||
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
|
||||
PACCESS_TOKEN Token;
|
||||
NTSTATUS Status;
|
||||
PACCESS_TOKEN NewToken;
|
||||
PAGED_CODE();
|
||||
|
||||
Token = PsReferenceEffectiveToken(Thread,
|
||||
&TokenType,
|
||||
&ThreadEffectiveOnly,
|
||||
&ImpersonationLevel);
|
||||
if (TokenType != TokenImpersonation)
|
||||
{
|
||||
ClientContext->DirectAccessEffectiveOnly = Qos->EffectiveOnly;
|
||||
}
|
||||
else
|
||||
{
|
||||
if (Qos->ImpersonationLevel > ImpersonationLevel)
|
||||
{
|
||||
if (Token) ObDereferenceObject(Token);
|
||||
return STATUS_BAD_IMPERSONATION_LEVEL;
|
||||
}
|
||||
|
||||
if ((ImpersonationLevel == SecurityAnonymous) ||
|
||||
(ImpersonationLevel == SecurityIdentification) ||
|
||||
((RemoteClient) && (ImpersonationLevel != SecurityDelegation)))
|
||||
{
|
||||
if (Token) ObDereferenceObject(Token);
|
||||
return STATUS_BAD_IMPERSONATION_LEVEL;
|
||||
}
|
||||
|
||||
ClientContext->DirectAccessEffectiveOnly = ((ThreadEffectiveOnly) ||
|
||||
(Qos->EffectiveOnly)) ?
|
||||
TRUE : FALSE;
|
||||
}
|
||||
|
||||
if (Qos->ContextTrackingMode == SECURITY_STATIC_TRACKING)
|
||||
{
|
||||
ClientContext->DirectlyAccessClientToken = FALSE;
|
||||
Status = SeCopyClientToken(Token, ImpersonationLevel, 0, &NewToken);
|
||||
if (!NT_SUCCESS(Status)) return Status;
|
||||
}
|
||||
else
|
||||
{
|
||||
ClientContext->DirectlyAccessClientToken = TRUE;
|
||||
if (RemoteClient != FALSE)
|
||||
{
|
||||
#if 0
|
||||
SeGetTokenControlInformation(Token,
|
||||
&ClientContext->ClientTokenControl);
|
||||
#endif
|
||||
}
|
||||
|
||||
NewToken = Token;
|
||||
}
|
||||
|
||||
ClientContext->SecurityQos.Length = sizeof(SECURITY_QUALITY_OF_SERVICE);
|
||||
ClientContext->SecurityQos.ImpersonationLevel = Qos->ImpersonationLevel;
|
||||
ClientContext->SecurityQos.ContextTrackingMode = Qos->ContextTrackingMode;
|
||||
ClientContext->SecurityQos.EffectiveOnly = Qos->EffectiveOnly;
|
||||
ClientContext->ServerIsRemote = RemoteClient;
|
||||
ClientContext->ClientToken = NewToken;
|
||||
return STATUS_SUCCESS;
|
||||
}
|
||||
|
||||
/*
|
||||
* @unimplemented
|
||||
*/
|
||||
NTSTATUS
|
||||
NTAPI
|
||||
SeCreateClientSecurityFromSubjectContext(IN PSECURITY_SUBJECT_CONTEXT SubjectContext,
|
||||
IN PSECURITY_QUALITY_OF_SERVICE ClientSecurityQos,
|
||||
IN BOOLEAN ServerIsRemote,
|
||||
OUT PSECURITY_CLIENT_CONTEXT ClientContext)
|
||||
{
|
||||
UNIMPLEMENTED;
|
||||
return STATUS_NOT_IMPLEMENTED;
|
||||
}
|
||||
|
||||
/*
|
||||
* @unimplemented
|
||||
*/
|
||||
NTSTATUS
|
||||
NTAPI
|
||||
SeImpersonateClientEx(IN PSECURITY_CLIENT_CONTEXT ClientContext,
|
||||
IN PETHREAD ServerThread OPTIONAL)
|
||||
{
|
||||
UNIMPLEMENTED;
|
||||
return STATUS_NOT_IMPLEMENTED;
|
||||
}
|
||||
|
||||
/*
|
||||
* @implemented
|
||||
*/
|
||||
VOID
|
||||
NTAPI
|
||||
SeImpersonateClient(IN PSECURITY_CLIENT_CONTEXT ClientContext,
|
||||
IN PETHREAD ServerThread OPTIONAL)
|
||||
{
|
||||
UCHAR b;
|
||||
|
||||
PAGED_CODE();
|
||||
|
||||
if (ClientContext->DirectlyAccessClientToken == FALSE)
|
||||
{
|
||||
b = ClientContext->SecurityQos.EffectiveOnly;
|
||||
}
|
||||
else
|
||||
{
|
||||
b = ClientContext->DirectAccessEffectiveOnly;
|
||||
}
|
||||
if (ServerThread == NULL)
|
||||
{
|
||||
ServerThread = PsGetCurrentThread();
|
||||
}
|
||||
PsImpersonateClient(ServerThread,
|
||||
ClientContext->ClientToken,
|
||||
1,
|
||||
b,
|
||||
ClientContext->SecurityQos.ImpersonationLevel);
|
||||
}
|
||||
|
||||
/* EOF */
|
||||
|
|
|
@ -7,28 +7,26 @@
|
|||
* PROGRAMMERS: David Welch <welch@cwcom.net>
|
||||
*/
|
||||
|
||||
/* INCLUDES *****************************************************************/
|
||||
/* INCLUDES *******************************************************************/
|
||||
|
||||
#include <ntoskrnl.h>
|
||||
#include <internal/debug.h>
|
||||
#define NDEBUG
|
||||
#include <debug.h>
|
||||
|
||||
#if defined (ALLOC_PRAGMA)
|
||||
#pragma alloc_text(INIT, SepInitDACLs)
|
||||
#endif
|
||||
|
||||
|
||||
/* GLOBALS ******************************************************************/
|
||||
/* GLOBALS ********************************************************************/
|
||||
|
||||
PACL SePublicDefaultDacl = NULL;
|
||||
PACL SeSystemDefaultDacl = NULL;
|
||||
|
||||
PACL SePublicDefaultUnrestrictedDacl = NULL;
|
||||
PACL SePublicOpenDacl = NULL;
|
||||
PACL SePublicOpenUnrestrictedDacl = NULL;
|
||||
PACL SeUnrestrictedDacl = NULL;
|
||||
|
||||
|
||||
/* FUNCTIONS ****************************************************************/
|
||||
/* FUNCTIONS ******************************************************************/
|
||||
|
||||
BOOLEAN
|
||||
INIT_FUNCTION
|
||||
|
|
|
@ -7,12 +7,13 @@
|
|||
* PROGRAMMERS: Eric Kohl <eric.kohl@t-online.de>
|
||||
*/
|
||||
|
||||
/* INCLUDES *****************************************************************/
|
||||
/* INCLUDES *******************************************************************/
|
||||
|
||||
#include <ntoskrnl.h>
|
||||
#include <internal/debug.h>
|
||||
#define NDEBUG
|
||||
#include <debug.h>
|
||||
|
||||
/* INTERNAL *****************************************************************/
|
||||
/* PRIVATE FUNCTIONS***********************************************************/
|
||||
|
||||
BOOLEAN
|
||||
NTAPI
|
||||
|
@ -179,7 +180,165 @@ SeLocateProcessImageName(IN PEPROCESS Process,
|
|||
return Status;
|
||||
}
|
||||
|
||||
/* FUNCTIONS ****************************************************************/
|
||||
/* PUBLIC FUNCTIONS ***********************************************************/
|
||||
|
||||
/*
|
||||
* @unimplemented
|
||||
*/
|
||||
VOID
|
||||
STDCALL
|
||||
SeAuditHardLinkCreation(IN PUNICODE_STRING FileName,
|
||||
IN PUNICODE_STRING LinkName,
|
||||
IN BOOLEAN bSuccess)
|
||||
{
|
||||
UNIMPLEMENTED;
|
||||
}
|
||||
|
||||
/*
|
||||
* @unimplemented
|
||||
*/
|
||||
BOOLEAN
|
||||
STDCALL
|
||||
SeAuditingFileEvents(IN BOOLEAN AccessGranted,
|
||||
IN PSECURITY_DESCRIPTOR SecurityDescriptor)
|
||||
{
|
||||
UNIMPLEMENTED;
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
/*
|
||||
* @unimplemented
|
||||
*/
|
||||
BOOLEAN
|
||||
STDCALL
|
||||
SeAuditingFileEventsWithContext(IN BOOLEAN AccessGranted,
|
||||
IN PSECURITY_DESCRIPTOR SecurityDescriptor,
|
||||
IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext OPTIONAL)
|
||||
{
|
||||
UNIMPLEMENTED;
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
/*
|
||||
* @unimplemented
|
||||
*/
|
||||
BOOLEAN
|
||||
STDCALL
|
||||
SeAuditingHardLinkEvents(IN BOOLEAN AccessGranted,
|
||||
IN PSECURITY_DESCRIPTOR SecurityDescriptor)
|
||||
{
|
||||
UNIMPLEMENTED;
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
/*
|
||||
* @unimplemented
|
||||
*/
|
||||
BOOLEAN
|
||||
STDCALL
|
||||
SeAuditingHardLinkEventsWithContext(IN BOOLEAN AccessGranted,
|
||||
IN PSECURITY_DESCRIPTOR SecurityDescriptor,
|
||||
IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext OPTIONAL)
|
||||
{
|
||||
UNIMPLEMENTED;
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
/*
|
||||
* @unimplemented
|
||||
*/
|
||||
BOOLEAN
|
||||
STDCALL
|
||||
SeAuditingFileOrGlobalEvents(IN BOOLEAN AccessGranted,
|
||||
IN PSECURITY_DESCRIPTOR SecurityDescriptor,
|
||||
IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext)
|
||||
{
|
||||
UNIMPLEMENTED;
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
/*
|
||||
* @unimplemented
|
||||
*/
|
||||
VOID
|
||||
STDCALL
|
||||
SeCloseObjectAuditAlarm(
|
||||
IN PVOID Object,
|
||||
IN HANDLE Handle,
|
||||
IN BOOLEAN PerformAction
|
||||
)
|
||||
{
|
||||
UNIMPLEMENTED;
|
||||
}
|
||||
|
||||
/*
|
||||
* @unimplemented
|
||||
*/
|
||||
VOID STDCALL
|
||||
SeDeleteObjectAuditAlarm(IN PVOID Object,
|
||||
IN HANDLE Handle)
|
||||
{
|
||||
UNIMPLEMENTED;
|
||||
}
|
||||
|
||||
/*
|
||||
* @unimplemented
|
||||
*/
|
||||
VOID
|
||||
NTAPI
|
||||
SeOpenObjectAuditAlarm(IN PUNICODE_STRING ObjectTypeName,
|
||||
IN PVOID Object OPTIONAL,
|
||||
IN PUNICODE_STRING AbsoluteObjectName OPTIONAL,
|
||||
IN PSECURITY_DESCRIPTOR SecurityDescriptor,
|
||||
IN PACCESS_STATE AccessState,
|
||||
IN BOOLEAN ObjectCreated,
|
||||
IN BOOLEAN AccessGranted,
|
||||
IN KPROCESSOR_MODE AccessMode,
|
||||
OUT PBOOLEAN GenerateOnClose)
|
||||
{
|
||||
PAGED_CODE();
|
||||
|
||||
/* Audits aren't done on kernel-mode access */
|
||||
if (AccessMode == KernelMode) return;
|
||||
|
||||
/* Otherwise, unimplemented! */
|
||||
//UNIMPLEMENTED;
|
||||
return;
|
||||
}
|
||||
|
||||
/*
|
||||
* @unimplemented
|
||||
*/
|
||||
VOID STDCALL
|
||||
SeOpenObjectForDeleteAuditAlarm(IN PUNICODE_STRING ObjectTypeName,
|
||||
IN PVOID Object OPTIONAL,
|
||||
IN PUNICODE_STRING AbsoluteObjectName OPTIONAL,
|
||||
IN PSECURITY_DESCRIPTOR SecurityDescriptor,
|
||||
IN PACCESS_STATE AccessState,
|
||||
IN BOOLEAN ObjectCreated,
|
||||
IN BOOLEAN AccessGranted,
|
||||
IN KPROCESSOR_MODE AccessMode,
|
||||
OUT PBOOLEAN GenerateOnClose)
|
||||
{
|
||||
UNIMPLEMENTED;
|
||||
}
|
||||
|
||||
/*
|
||||
* @unimplemented
|
||||
*/
|
||||
VOID
|
||||
STDCALL
|
||||
SePrivilegeObjectAuditAlarm(IN HANDLE Handle,
|
||||
IN PSECURITY_SUBJECT_CONTEXT SubjectContext,
|
||||
IN ACCESS_MASK DesiredAccess,
|
||||
IN PPRIVILEGE_SET Privileges,
|
||||
IN BOOLEAN AccessGranted,
|
||||
IN KPROCESSOR_MODE CurrentMode)
|
||||
{
|
||||
UNIMPLEMENTED;
|
||||
}
|
||||
|
||||
/* SYSTEM CALLS ***************************************************************/
|
||||
|
||||
NTSTATUS
|
||||
NTAPI
|
||||
|
@ -263,175 +422,4 @@ NtPrivilegeObjectAuditAlarm(IN PUNICODE_STRING SubsystemName,
|
|||
return(STATUS_NOT_IMPLEMENTED);
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
* @unimplemented
|
||||
*/
|
||||
VOID
|
||||
STDCALL
|
||||
SeAuditHardLinkCreation(
|
||||
IN PUNICODE_STRING FileName,
|
||||
IN PUNICODE_STRING LinkName,
|
||||
IN BOOLEAN bSuccess
|
||||
)
|
||||
{
|
||||
UNIMPLEMENTED;
|
||||
}
|
||||
|
||||
/*
|
||||
* @unimplemented
|
||||
*/
|
||||
BOOLEAN
|
||||
STDCALL
|
||||
SeAuditingFileEvents(
|
||||
IN BOOLEAN AccessGranted,
|
||||
IN PSECURITY_DESCRIPTOR SecurityDescriptor
|
||||
)
|
||||
{
|
||||
UNIMPLEMENTED;
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
/*
|
||||
* @unimplemented
|
||||
*/
|
||||
BOOLEAN
|
||||
STDCALL
|
||||
SeAuditingFileEventsWithContext(
|
||||
IN BOOLEAN AccessGranted,
|
||||
IN PSECURITY_DESCRIPTOR SecurityDescriptor,
|
||||
IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext OPTIONAL
|
||||
)
|
||||
{
|
||||
UNIMPLEMENTED;
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
/*
|
||||
* @unimplemented
|
||||
*/
|
||||
BOOLEAN
|
||||
STDCALL
|
||||
SeAuditingHardLinkEvents(
|
||||
IN BOOLEAN AccessGranted,
|
||||
IN PSECURITY_DESCRIPTOR SecurityDescriptor
|
||||
)
|
||||
{
|
||||
UNIMPLEMENTED;
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
/*
|
||||
* @unimplemented
|
||||
*/
|
||||
BOOLEAN
|
||||
STDCALL
|
||||
SeAuditingHardLinkEventsWithContext(
|
||||
IN BOOLEAN AccessGranted,
|
||||
IN PSECURITY_DESCRIPTOR SecurityDescriptor,
|
||||
IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext OPTIONAL
|
||||
)
|
||||
{
|
||||
UNIMPLEMENTED;
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
/*
|
||||
* @unimplemented
|
||||
*/
|
||||
BOOLEAN
|
||||
STDCALL
|
||||
SeAuditingFileOrGlobalEvents(
|
||||
IN BOOLEAN AccessGranted,
|
||||
IN PSECURITY_DESCRIPTOR SecurityDescriptor,
|
||||
IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext
|
||||
)
|
||||
{
|
||||
UNIMPLEMENTED;
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
/*
|
||||
* @unimplemented
|
||||
*/
|
||||
VOID
|
||||
STDCALL
|
||||
SeCloseObjectAuditAlarm(
|
||||
IN PVOID Object,
|
||||
IN HANDLE Handle,
|
||||
IN BOOLEAN PerformAction
|
||||
)
|
||||
{
|
||||
UNIMPLEMENTED;
|
||||
}
|
||||
|
||||
/*
|
||||
* @unimplemented
|
||||
*/
|
||||
VOID STDCALL
|
||||
SeDeleteObjectAuditAlarm(IN PVOID Object,
|
||||
IN HANDLE Handle)
|
||||
{
|
||||
UNIMPLEMENTED;
|
||||
}
|
||||
|
||||
/*
|
||||
* @unimplemented
|
||||
*/
|
||||
VOID
|
||||
NTAPI
|
||||
SeOpenObjectAuditAlarm(IN PUNICODE_STRING ObjectTypeName,
|
||||
IN PVOID Object OPTIONAL,
|
||||
IN PUNICODE_STRING AbsoluteObjectName OPTIONAL,
|
||||
IN PSECURITY_DESCRIPTOR SecurityDescriptor,
|
||||
IN PACCESS_STATE AccessState,
|
||||
IN BOOLEAN ObjectCreated,
|
||||
IN BOOLEAN AccessGranted,
|
||||
IN KPROCESSOR_MODE AccessMode,
|
||||
OUT PBOOLEAN GenerateOnClose)
|
||||
{
|
||||
PAGED_CODE();
|
||||
|
||||
/* Audits aren't done on kernel-mode access */
|
||||
if (AccessMode == KernelMode) return;
|
||||
|
||||
/* Otherwise, unimplemented! */
|
||||
//UNIMPLEMENTED;
|
||||
return;
|
||||
}
|
||||
|
||||
/*
|
||||
* @unimplemented
|
||||
*/
|
||||
VOID STDCALL
|
||||
SeOpenObjectForDeleteAuditAlarm(IN PUNICODE_STRING ObjectTypeName,
|
||||
IN PVOID Object OPTIONAL,
|
||||
IN PUNICODE_STRING AbsoluteObjectName OPTIONAL,
|
||||
IN PSECURITY_DESCRIPTOR SecurityDescriptor,
|
||||
IN PACCESS_STATE AccessState,
|
||||
IN BOOLEAN ObjectCreated,
|
||||
IN BOOLEAN AccessGranted,
|
||||
IN KPROCESSOR_MODE AccessMode,
|
||||
OUT PBOOLEAN GenerateOnClose)
|
||||
{
|
||||
UNIMPLEMENTED;
|
||||
}
|
||||
|
||||
/*
|
||||
* @unimplemented
|
||||
*/
|
||||
VOID
|
||||
STDCALL
|
||||
SePrivilegeObjectAuditAlarm(
|
||||
IN HANDLE Handle,
|
||||
IN PSECURITY_SUBJECT_CONTEXT SubjectContext,
|
||||
IN ACCESS_MASK DesiredAccess,
|
||||
IN PPRIVILEGE_SET Privileges,
|
||||
IN BOOLEAN AccessGranted,
|
||||
IN KPROCESSOR_MODE CurrentMode
|
||||
)
|
||||
{
|
||||
UNIMPLEMENTED;
|
||||
}
|
||||
|
||||
/* EOF */
|
||||
|
|
|
@ -1,28 +1,32 @@
|
|||
/*
|
||||
* COPYRIGHT: See COPYING in the top level directory
|
||||
* PROJECT: ReactOS kernel
|
||||
* FILE: ntoskrnl/se/lsa.c
|
||||
* PURPOSE: No purpose listed.
|
||||
* FILE: ntoskrnl/se/sid.c
|
||||
* PURPOSE: Security manager
|
||||
*
|
||||
* PROGRAMMERS: No programmer listed.
|
||||
* PROGRAMMERS: David Welch <welch@cwcom.net>
|
||||
*/
|
||||
|
||||
/* INCLUDES *******************************************************************/
|
||||
|
||||
#include <ntoskrnl.h>
|
||||
#define NDEBUG
|
||||
#include <internal/debug.h>
|
||||
#include <debug.h>
|
||||
|
||||
/* FUNCTIONS ******************************************************************/
|
||||
|
||||
/*
|
||||
* @unimplemented
|
||||
*/
|
||||
NTSTATUS STDCALL LsaCallAuthenticationPackage (
|
||||
ULONG Unknown0,
|
||||
NTSTATUS
|
||||
NTAPI
|
||||
LsaCallAuthenticationPackage(ULONG Unknown0,
|
||||
ULONG Unknown1,
|
||||
ULONG Unknown2,
|
||||
ULONG Unknown3,
|
||||
ULONG Unknown4,
|
||||
ULONG Unknown5,
|
||||
ULONG Unknown6
|
||||
)
|
||||
ULONG Unknown6)
|
||||
{
|
||||
return STATUS_NOT_IMPLEMENTED;
|
||||
}
|
||||
|
@ -30,10 +34,10 @@ NTSTATUS STDCALL LsaCallAuthenticationPackage (
|
|||
/*
|
||||
* @unimplemented
|
||||
*/
|
||||
NTSTATUS STDCALL LsaDeregisterLogonProcess (
|
||||
ULONG Unknown0,
|
||||
ULONG Unknown1
|
||||
)
|
||||
NTSTATUS
|
||||
NTAPI
|
||||
LsaDeregisterLogonProcess(ULONG Unknown0,
|
||||
ULONG Unknown1)
|
||||
{
|
||||
return STATUS_NOT_IMPLEMENTED;
|
||||
}
|
||||
|
@ -41,16 +45,15 @@ NTSTATUS STDCALL LsaDeregisterLogonProcess (
|
|||
/*
|
||||
* @implemented
|
||||
*/
|
||||
NTSTATUS STDCALL LsaFreeReturnBuffer (PVOID Buffer)
|
||||
NTSTATUS
|
||||
NTAPI
|
||||
LsaFreeReturnBuffer(PVOID Buffer)
|
||||
{
|
||||
ULONG Size = 0; /* required by MEM_RELEASE */
|
||||
|
||||
return ZwFreeVirtualMemory (
|
||||
NtCurrentProcess(),
|
||||
ULONG Size = 0;
|
||||
return ZwFreeVirtualMemory(NtCurrentProcess(),
|
||||
&Buffer,
|
||||
&Size,
|
||||
MEM_RELEASE
|
||||
);
|
||||
MEM_RELEASE);
|
||||
}
|
||||
|
||||
/*
|
||||
|
@ -79,11 +82,11 @@ LsaLogonUser(IN HANDLE LsaHandle,
|
|||
/*
|
||||
* @unimplemented
|
||||
*/
|
||||
NTSTATUS STDCALL LsaLookupAuthenticationPackage (
|
||||
ULONG Unknown0,
|
||||
NTSTATUS
|
||||
NTAPI
|
||||
LsaLookupAuthenticationPackage(ULONG Unknown0,
|
||||
ULONG Unknown1,
|
||||
ULONG Unknown2
|
||||
)
|
||||
ULONG Unknown2)
|
||||
{
|
||||
return STATUS_NOT_IMPLEMENTED;
|
||||
}
|
||||
|
@ -105,9 +108,7 @@ LsaRegisterLogonProcess (IN PLSA_STRING LogonProcessName,
|
|||
*/
|
||||
NTSTATUS
|
||||
STDCALL
|
||||
SeMarkLogonSessionForTerminationNotification(
|
||||
IN PLUID LogonId
|
||||
)
|
||||
SeMarkLogonSessionForTerminationNotification(IN PLUID LogonId)
|
||||
{
|
||||
UNIMPLEMENTED;
|
||||
return STATUS_NOT_IMPLEMENTED;
|
||||
|
@ -118,9 +119,7 @@ SeMarkLogonSessionForTerminationNotification(
|
|||
*/
|
||||
NTSTATUS
|
||||
STDCALL
|
||||
SeRegisterLogonSessionTerminatedRoutine(
|
||||
IN PSE_LOGON_SESSION_TERMINATED_ROUTINE CallbackRoutine
|
||||
)
|
||||
SeRegisterLogonSessionTerminatedRoutine(IN PSE_LOGON_SESSION_TERMINATED_ROUTINE CallbackRoutine)
|
||||
{
|
||||
UNIMPLEMENTED;
|
||||
return STATUS_NOT_IMPLEMENTED;
|
||||
|
@ -131,13 +130,10 @@ SeRegisterLogonSessionTerminatedRoutine(
|
|||
*/
|
||||
NTSTATUS
|
||||
STDCALL
|
||||
SeUnregisterLogonSessionTerminatedRoutine(
|
||||
IN PSE_LOGON_SESSION_TERMINATED_ROUTINE CallbackRoutine
|
||||
)
|
||||
SeUnregisterLogonSessionTerminatedRoutine(IN PSE_LOGON_SESSION_TERMINATED_ROUTINE CallbackRoutine)
|
||||
{
|
||||
UNIMPLEMENTED;
|
||||
return STATUS_NOT_IMPLEMENTED;
|
||||
}
|
||||
|
||||
|
||||
/* EOF */
|
||||
|
|
|
@ -1,112 +0,0 @@
|
|||
/*
|
||||
* COPYRIGHT: See COPYING in the top level directory
|
||||
* PROJECT: ReactOS kernel
|
||||
* FILE: ntoskrnl/se/luid.c
|
||||
* PURPOSE: Security manager
|
||||
*
|
||||
* PROGRAMMERS: No programmer listed.
|
||||
*/
|
||||
|
||||
/* INCLUDES *****************************************************************/
|
||||
|
||||
#include <ntoskrnl.h>
|
||||
#include <internal/debug.h>
|
||||
|
||||
#if defined (ALLOC_PRAGMA)
|
||||
#pragma alloc_text(INIT, SepInitLuid)
|
||||
#endif
|
||||
|
||||
|
||||
/* GLOBALS *******************************************************************/
|
||||
|
||||
static LARGE_INTEGER LuidIncrement;
|
||||
static LARGE_INTEGER LuidValue;
|
||||
|
||||
/* FUNCTIONS *****************************************************************/
|
||||
|
||||
VOID
|
||||
INIT_FUNCTION
|
||||
NTAPI
|
||||
SepInitLuid(VOID)
|
||||
{
|
||||
LUID DummyLuidValue = SYSTEM_LUID;
|
||||
|
||||
LuidValue.u.HighPart = DummyLuidValue.HighPart;
|
||||
LuidValue.u.LowPart = DummyLuidValue.LowPart;
|
||||
LuidIncrement.QuadPart = 1;
|
||||
}
|
||||
|
||||
|
||||
NTSTATUS
|
||||
NTAPI
|
||||
ExpAllocateLocallyUniqueId(OUT LUID *LocallyUniqueId)
|
||||
{
|
||||
LARGE_INTEGER NewLuid, PrevLuid;
|
||||
|
||||
/* atomically increment the luid */
|
||||
do
|
||||
{
|
||||
PrevLuid = LuidValue;
|
||||
NewLuid = RtlLargeIntegerAdd(PrevLuid,
|
||||
LuidIncrement);
|
||||
} while(ExfInterlockedCompareExchange64(&LuidValue.QuadPart,
|
||||
&NewLuid.QuadPart,
|
||||
&PrevLuid.QuadPart) != PrevLuid.QuadPart);
|
||||
|
||||
LocallyUniqueId->LowPart = NewLuid.u.LowPart;
|
||||
LocallyUniqueId->HighPart = NewLuid.u.HighPart;
|
||||
|
||||
return STATUS_SUCCESS;
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
* @implemented
|
||||
*/
|
||||
NTSTATUS STDCALL
|
||||
NtAllocateLocallyUniqueId(OUT LUID *LocallyUniqueId)
|
||||
{
|
||||
LUID NewLuid;
|
||||
KPROCESSOR_MODE PreviousMode;
|
||||
NTSTATUS Status = STATUS_SUCCESS;
|
||||
|
||||
PAGED_CODE();
|
||||
|
||||
PreviousMode = ExGetPreviousMode();
|
||||
|
||||
if(PreviousMode != KernelMode)
|
||||
{
|
||||
_SEH_TRY
|
||||
{
|
||||
ProbeForWrite(LocallyUniqueId,
|
||||
sizeof(LUID),
|
||||
sizeof(ULONG));
|
||||
}
|
||||
_SEH_HANDLE
|
||||
{
|
||||
Status = _SEH_GetExceptionCode();
|
||||
}
|
||||
_SEH_END;
|
||||
|
||||
if(!NT_SUCCESS(Status))
|
||||
{
|
||||
return Status;
|
||||
}
|
||||
}
|
||||
|
||||
Status = ExpAllocateLocallyUniqueId(&NewLuid);
|
||||
|
||||
_SEH_TRY
|
||||
{
|
||||
*LocallyUniqueId = NewLuid;
|
||||
}
|
||||
_SEH_HANDLE
|
||||
{
|
||||
Status = _SEH_GetExceptionCode();
|
||||
}
|
||||
_SEH_END;
|
||||
|
||||
return Status;
|
||||
}
|
||||
|
||||
/* EOF */
|
|
@ -7,18 +7,17 @@
|
|||
* PROGRAMMERS: No programmer listed.
|
||||
*/
|
||||
|
||||
/* INCLUDES *****************************************************************/
|
||||
/* INCLUDES ******************************************************************/
|
||||
|
||||
#include <ntoskrnl.h>
|
||||
#define NDEBUG
|
||||
#include <internal/debug.h>
|
||||
#include <debug.h>
|
||||
|
||||
#if defined (ALLOC_PRAGMA)
|
||||
#pragma alloc_text(INIT, SepInitPrivileges)
|
||||
#endif
|
||||
|
||||
|
||||
/* GLOBALS *******************************************************************/
|
||||
/* GLOBALS ********************************************************************/
|
||||
|
||||
LUID SeCreateTokenPrivilege;
|
||||
LUID SeAssignPrimaryTokenPrivilege;
|
||||
|
@ -47,8 +46,7 @@ LUID SeUndockPrivilege;
|
|||
LUID SeSyncAgentPrivilege;
|
||||
LUID SeEnableDelegationPrivilege;
|
||||
|
||||
|
||||
/* FUNCTIONS ***************************************************************/
|
||||
/* PRIVATE FUNCTIONS **********************************************************/
|
||||
|
||||
VOID
|
||||
INIT_FUNCTION
|
||||
|
@ -170,7 +168,6 @@ SepPrivilegeCheck (PTOKEN Token,
|
|||
return FALSE;
|
||||
}
|
||||
|
||||
|
||||
NTSTATUS
|
||||
NTAPI
|
||||
SeCaptureLuidAndAttributesArray (PLUID_AND_ATTRIBUTES Src,
|
||||
|
@ -271,7 +268,6 @@ SeCaptureLuidAndAttributesArray (PLUID_AND_ATTRIBUTES Src,
|
|||
return Status;
|
||||
}
|
||||
|
||||
|
||||
VOID
|
||||
NTAPI
|
||||
SeReleaseLuidAndAttributesArray (PLUID_AND_ATTRIBUTES Privilege,
|
||||
|
@ -287,6 +283,101 @@ SeReleaseLuidAndAttributesArray (PLUID_AND_ATTRIBUTES Privilege,
|
|||
}
|
||||
}
|
||||
|
||||
/* PUBLIC FUNCTIONS ***********************************************************/
|
||||
|
||||
/*
|
||||
* @unimplemented
|
||||
*/
|
||||
NTSTATUS
|
||||
STDCALL
|
||||
SeAppendPrivileges(PACCESS_STATE AccessState,
|
||||
PPRIVILEGE_SET Privileges)
|
||||
{
|
||||
UNIMPLEMENTED;
|
||||
return STATUS_NOT_IMPLEMENTED;
|
||||
}
|
||||
|
||||
/*
|
||||
* @unimplemented
|
||||
*/
|
||||
VOID
|
||||
STDCALL
|
||||
SeFreePrivileges(IN PPRIVILEGE_SET Privileges)
|
||||
{
|
||||
UNIMPLEMENTED;
|
||||
}
|
||||
|
||||
/*
|
||||
* @implemented
|
||||
*/
|
||||
BOOLEAN STDCALL
|
||||
SePrivilegeCheck (PPRIVILEGE_SET Privileges,
|
||||
PSECURITY_SUBJECT_CONTEXT SubjectContext,
|
||||
KPROCESSOR_MODE PreviousMode)
|
||||
{
|
||||
PACCESS_TOKEN Token = NULL;
|
||||
|
||||
PAGED_CODE();
|
||||
|
||||
if (SubjectContext->ClientToken == NULL)
|
||||
{
|
||||
Token = SubjectContext->PrimaryToken;
|
||||
}
|
||||
else
|
||||
{
|
||||
Token = SubjectContext->ClientToken;
|
||||
if (SubjectContext->ImpersonationLevel < 2)
|
||||
{
|
||||
return FALSE;
|
||||
}
|
||||
}
|
||||
|
||||
return SepPrivilegeCheck (Token,
|
||||
Privileges->Privilege,
|
||||
Privileges->PrivilegeCount,
|
||||
Privileges->Control,
|
||||
PreviousMode);
|
||||
}
|
||||
|
||||
/*
|
||||
* @implemented
|
||||
*/
|
||||
BOOLEAN STDCALL
|
||||
SeSinglePrivilegeCheck (IN LUID PrivilegeValue,
|
||||
IN KPROCESSOR_MODE PreviousMode)
|
||||
{
|
||||
SECURITY_SUBJECT_CONTEXT SubjectContext;
|
||||
PRIVILEGE_SET Priv;
|
||||
BOOLEAN Result;
|
||||
|
||||
PAGED_CODE();
|
||||
|
||||
SeCaptureSubjectContext (&SubjectContext);
|
||||
|
||||
Priv.PrivilegeCount = 1;
|
||||
Priv.Control = PRIVILEGE_SET_ALL_NECESSARY;
|
||||
Priv.Privilege[0].Luid = PrivilegeValue;
|
||||
Priv.Privilege[0].Attributes = SE_PRIVILEGE_ENABLED;
|
||||
|
||||
Result = SePrivilegeCheck (&Priv,
|
||||
&SubjectContext,
|
||||
PreviousMode);
|
||||
|
||||
if (PreviousMode != KernelMode)
|
||||
{
|
||||
#if 0
|
||||
SePrivilegedServiceAuditAlarm (0,
|
||||
&SubjectContext,
|
||||
&PrivilegeValue);
|
||||
#endif
|
||||
}
|
||||
|
||||
SeReleaseSubjectContext (&SubjectContext);
|
||||
|
||||
return Result;
|
||||
}
|
||||
|
||||
/* SYSTEM CALLS ***************************************************************/
|
||||
|
||||
NTSTATUS STDCALL
|
||||
NtPrivilegeCheck (IN HANDLE ClientToken,
|
||||
|
@ -420,75 +511,4 @@ NtPrivilegeCheck (IN HANDLE ClientToken,
|
|||
}
|
||||
|
||||
|
||||
/*
|
||||
* @implemented
|
||||
*/
|
||||
BOOLEAN STDCALL
|
||||
SePrivilegeCheck (PPRIVILEGE_SET Privileges,
|
||||
PSECURITY_SUBJECT_CONTEXT SubjectContext,
|
||||
KPROCESSOR_MODE PreviousMode)
|
||||
{
|
||||
PACCESS_TOKEN Token = NULL;
|
||||
|
||||
PAGED_CODE();
|
||||
|
||||
if (SubjectContext->ClientToken == NULL)
|
||||
{
|
||||
Token = SubjectContext->PrimaryToken;
|
||||
}
|
||||
else
|
||||
{
|
||||
Token = SubjectContext->ClientToken;
|
||||
if (SubjectContext->ImpersonationLevel < 2)
|
||||
{
|
||||
return FALSE;
|
||||
}
|
||||
}
|
||||
|
||||
return SepPrivilegeCheck (Token,
|
||||
Privileges->Privilege,
|
||||
Privileges->PrivilegeCount,
|
||||
Privileges->Control,
|
||||
PreviousMode);
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
* @implemented
|
||||
*/
|
||||
BOOLEAN STDCALL
|
||||
SeSinglePrivilegeCheck (IN LUID PrivilegeValue,
|
||||
IN KPROCESSOR_MODE PreviousMode)
|
||||
{
|
||||
SECURITY_SUBJECT_CONTEXT SubjectContext;
|
||||
PRIVILEGE_SET Priv;
|
||||
BOOLEAN Result;
|
||||
|
||||
PAGED_CODE();
|
||||
|
||||
SeCaptureSubjectContext (&SubjectContext);
|
||||
|
||||
Priv.PrivilegeCount = 1;
|
||||
Priv.Control = PRIVILEGE_SET_ALL_NECESSARY;
|
||||
Priv.Privilege[0].Luid = PrivilegeValue;
|
||||
Priv.Privilege[0].Attributes = SE_PRIVILEGE_ENABLED;
|
||||
|
||||
Result = SePrivilegeCheck (&Priv,
|
||||
&SubjectContext,
|
||||
PreviousMode);
|
||||
|
||||
if (PreviousMode != KernelMode)
|
||||
{
|
||||
#if 0
|
||||
SePrivilegedServiceAuditAlarm (0,
|
||||
&SubjectContext,
|
||||
&PrivilegeValue);
|
||||
#endif
|
||||
}
|
||||
|
||||
SeReleaseSubjectContext (&SubjectContext);
|
||||
|
||||
return Result;
|
||||
}
|
||||
|
||||
/* EOF */
|
||||
|
|
|
@ -7,17 +7,17 @@
|
|||
* PROGRAMMERS: David Welch <welch@cwcom.net>
|
||||
*/
|
||||
|
||||
/* INCLUDES *****************************************************************/
|
||||
/* INCLUDES *******************************************************************/
|
||||
|
||||
#include <ntoskrnl.h>
|
||||
#include <internal/debug.h>
|
||||
#define NDEBUG
|
||||
#include <debug.h>
|
||||
|
||||
#if defined (ALLOC_PRAGMA)
|
||||
#pragma alloc_text(INIT, SepInitSDs)
|
||||
#endif
|
||||
|
||||
|
||||
/* GLOBALS ******************************************************************/
|
||||
/* GLOBALS ********************************************************************/
|
||||
|
||||
PSECURITY_DESCRIPTOR SePublicDefaultSd = NULL;
|
||||
PSECURITY_DESCRIPTOR SePublicDefaultUnrestrictedSd = NULL;
|
||||
|
@ -26,7 +26,7 @@ PSECURITY_DESCRIPTOR SePublicOpenUnrestrictedSd = NULL;
|
|||
PSECURITY_DESCRIPTOR SeSystemDefaultSd = NULL;
|
||||
PSECURITY_DESCRIPTOR SeUnrestrictedSd = NULL;
|
||||
|
||||
/* FUNCTIONS ***************************************************************/
|
||||
/* PRIVATE FUNCTIONS **********************************************************/
|
||||
|
||||
BOOLEAN
|
||||
INIT_FUNCTION
|
||||
|
@ -377,19 +377,18 @@ SepReleaseSecurityQualityOfService(IN PSECURITY_QUALITY_OF_SERVICE CapturedSecur
|
|||
}
|
||||
}
|
||||
|
||||
/* PUBLIC FUNCTIONS ***********************************************************/
|
||||
|
||||
/*
|
||||
* @implemented
|
||||
*/
|
||||
NTSTATUS
|
||||
STDCALL
|
||||
SeCaptureSecurityDescriptor(
|
||||
IN PSECURITY_DESCRIPTOR _OriginalSecurityDescriptor,
|
||||
SeCaptureSecurityDescriptor(IN PSECURITY_DESCRIPTOR _OriginalSecurityDescriptor,
|
||||
IN KPROCESSOR_MODE CurrentMode,
|
||||
IN POOL_TYPE PoolType,
|
||||
IN BOOLEAN CaptureIfKernel,
|
||||
OUT PSECURITY_DESCRIPTOR *CapturedSecurityDescriptor
|
||||
)
|
||||
OUT PSECURITY_DESCRIPTOR *CapturedSecurityDescriptor)
|
||||
{
|
||||
PISECURITY_DESCRIPTOR OriginalSecurityDescriptor = _OriginalSecurityDescriptor;
|
||||
SECURITY_DESCRIPTOR DescriptorCopy;
|
||||
|
@ -859,11 +858,9 @@ SeQuerySecurityDescriptorInfo(IN PSECURITY_INFORMATION SecurityInformation,
|
|||
*/
|
||||
NTSTATUS
|
||||
STDCALL
|
||||
SeReleaseSecurityDescriptor(
|
||||
IN PSECURITY_DESCRIPTOR CapturedSecurityDescriptor,
|
||||
SeReleaseSecurityDescriptor(IN PSECURITY_DESCRIPTOR CapturedSecurityDescriptor,
|
||||
IN KPROCESSOR_MODE CurrentMode,
|
||||
IN BOOLEAN CaptureIfKernelMode
|
||||
)
|
||||
IN BOOLEAN CaptureIfKernelMode)
|
||||
{
|
||||
PAGED_CODE();
|
||||
|
||||
|
@ -1076,15 +1073,13 @@ SeSetSecurityDescriptorInfo(IN PVOID Object OPTIONAL,
|
|||
*/
|
||||
NTSTATUS
|
||||
STDCALL
|
||||
SeSetSecurityDescriptorInfoEx(
|
||||
IN PVOID Object OPTIONAL,
|
||||
SeSetSecurityDescriptorInfoEx(IN PVOID Object OPTIONAL,
|
||||
IN PSECURITY_INFORMATION SecurityInformation,
|
||||
IN PSECURITY_DESCRIPTOR ModificationDescriptor,
|
||||
IN OUT PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor,
|
||||
IN ULONG AutoInheritFlags,
|
||||
IN POOL_TYPE PoolType,
|
||||
IN PGENERIC_MAPPING GenericMapping
|
||||
)
|
||||
IN PGENERIC_MAPPING GenericMapping)
|
||||
{
|
||||
PISECURITY_DESCRIPTOR ObjectSd = *ObjectsSecurityDescriptor;
|
||||
|
||||
|
@ -1232,4 +1227,293 @@ SeValidSecurityDescriptor(IN ULONG Length,
|
|||
return TRUE;
|
||||
}
|
||||
|
||||
/*
|
||||
* @implemented
|
||||
*/
|
||||
NTSTATUS STDCALL
|
||||
SeDeassignSecurity(PSECURITY_DESCRIPTOR *SecurityDescriptor)
|
||||
{
|
||||
PAGED_CODE();
|
||||
|
||||
if (*SecurityDescriptor != NULL)
|
||||
{
|
||||
ExFreePool(*SecurityDescriptor);
|
||||
*SecurityDescriptor = NULL;
|
||||
}
|
||||
|
||||
return STATUS_SUCCESS;
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
* @unimplemented
|
||||
*/
|
||||
NTSTATUS STDCALL
|
||||
SeAssignSecurityEx(IN PSECURITY_DESCRIPTOR ParentDescriptor OPTIONAL,
|
||||
IN PSECURITY_DESCRIPTOR ExplicitDescriptor OPTIONAL,
|
||||
OUT PSECURITY_DESCRIPTOR *NewDescriptor,
|
||||
IN GUID *ObjectType OPTIONAL,
|
||||
IN BOOLEAN IsDirectoryObject,
|
||||
IN ULONG AutoInheritFlags,
|
||||
IN PSECURITY_SUBJECT_CONTEXT SubjectContext,
|
||||
IN PGENERIC_MAPPING GenericMapping,
|
||||
IN POOL_TYPE PoolType)
|
||||
{
|
||||
UNIMPLEMENTED;
|
||||
return STATUS_NOT_IMPLEMENTED;
|
||||
}
|
||||
|
||||
/*
|
||||
* @implemented
|
||||
*/
|
||||
NTSTATUS STDCALL
|
||||
SeAssignSecurity(PSECURITY_DESCRIPTOR _ParentDescriptor OPTIONAL,
|
||||
PSECURITY_DESCRIPTOR _ExplicitDescriptor OPTIONAL,
|
||||
PSECURITY_DESCRIPTOR *NewDescriptor,
|
||||
BOOLEAN IsDirectoryObject,
|
||||
PSECURITY_SUBJECT_CONTEXT SubjectContext,
|
||||
PGENERIC_MAPPING GenericMapping,
|
||||
POOL_TYPE PoolType)
|
||||
{
|
||||
PISECURITY_DESCRIPTOR ParentDescriptor = _ParentDescriptor;
|
||||
PISECURITY_DESCRIPTOR ExplicitDescriptor = _ExplicitDescriptor;
|
||||
PISECURITY_DESCRIPTOR Descriptor;
|
||||
PTOKEN Token;
|
||||
ULONG OwnerLength = 0;
|
||||
ULONG GroupLength = 0;
|
||||
ULONG DaclLength = 0;
|
||||
ULONG SaclLength = 0;
|
||||
ULONG Length = 0;
|
||||
ULONG Control = 0;
|
||||
ULONG_PTR Current;
|
||||
PSID Owner = NULL;
|
||||
PSID Group = NULL;
|
||||
PACL Dacl = NULL;
|
||||
PACL Sacl = NULL;
|
||||
|
||||
PAGED_CODE();
|
||||
|
||||
/* Lock subject context */
|
||||
SeLockSubjectContext(SubjectContext);
|
||||
|
||||
if (SubjectContext->ClientToken != NULL)
|
||||
{
|
||||
Token = SubjectContext->ClientToken;
|
||||
}
|
||||
else
|
||||
{
|
||||
Token = SubjectContext->PrimaryToken;
|
||||
}
|
||||
|
||||
|
||||
/* Inherit the Owner SID */
|
||||
if (ExplicitDescriptor != NULL && ExplicitDescriptor->Owner != NULL)
|
||||
{
|
||||
DPRINT("Use explicit owner sid!\n");
|
||||
Owner = ExplicitDescriptor->Owner;
|
||||
|
||||
if (ExplicitDescriptor->Control & SE_SELF_RELATIVE)
|
||||
{
|
||||
Owner = (PSID)(((ULONG_PTR)Owner) + (ULONG_PTR)ExplicitDescriptor);
|
||||
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
if (Token != NULL)
|
||||
{
|
||||
DPRINT("Use token owner sid!\n");
|
||||
Owner = Token->UserAndGroups[Token->DefaultOwnerIndex].Sid;
|
||||
}
|
||||
else
|
||||
{
|
||||
DPRINT("Use default owner sid!\n");
|
||||
Owner = SeLocalSystemSid;
|
||||
}
|
||||
|
||||
Control |= SE_OWNER_DEFAULTED;
|
||||
}
|
||||
|
||||
OwnerLength = ROUND_UP(RtlLengthSid(Owner), 4);
|
||||
|
||||
|
||||
/* Inherit the Group SID */
|
||||
if (ExplicitDescriptor != NULL && ExplicitDescriptor->Group != NULL)
|
||||
{
|
||||
DPRINT("Use explicit group sid!\n");
|
||||
Group = ExplicitDescriptor->Group;
|
||||
if (ExplicitDescriptor->Control & SE_SELF_RELATIVE)
|
||||
{
|
||||
Group = (PSID)(((ULONG_PTR)Group) + (ULONG_PTR)ExplicitDescriptor);
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
if (Token != NULL)
|
||||
{
|
||||
DPRINT("Use token group sid!\n");
|
||||
Group = Token->PrimaryGroup;
|
||||
}
|
||||
else
|
||||
{
|
||||
DPRINT("Use default group sid!\n");
|
||||
Group = SeLocalSystemSid;
|
||||
}
|
||||
|
||||
Control |= SE_OWNER_DEFAULTED;
|
||||
}
|
||||
|
||||
GroupLength = ROUND_UP(RtlLengthSid(Group), 4);
|
||||
|
||||
|
||||
/* Inherit the DACL */
|
||||
if (ExplicitDescriptor != NULL &&
|
||||
(ExplicitDescriptor->Control & SE_DACL_PRESENT) &&
|
||||
!(ExplicitDescriptor->Control & SE_DACL_DEFAULTED))
|
||||
{
|
||||
DPRINT("Use explicit DACL!\n");
|
||||
Dacl = ExplicitDescriptor->Dacl;
|
||||
if (Dacl != NULL && (ExplicitDescriptor->Control & SE_SELF_RELATIVE))
|
||||
{
|
||||
Dacl = (PACL)(((ULONG_PTR)Dacl) + (ULONG_PTR)ExplicitDescriptor);
|
||||
}
|
||||
|
||||
Control |= SE_DACL_PRESENT;
|
||||
}
|
||||
else if (ParentDescriptor != NULL &&
|
||||
(ParentDescriptor->Control & SE_DACL_PRESENT))
|
||||
{
|
||||
DPRINT("Use parent DACL!\n");
|
||||
/* FIXME: Inherit */
|
||||
Dacl = ParentDescriptor->Dacl;
|
||||
if (Dacl != NULL && (ParentDescriptor->Control & SE_SELF_RELATIVE))
|
||||
{
|
||||
Dacl = (PACL)(((ULONG_PTR)Dacl) + (ULONG_PTR)ParentDescriptor);
|
||||
}
|
||||
Control |= (SE_DACL_PRESENT | SE_DACL_DEFAULTED);
|
||||
}
|
||||
else if (Token != NULL && Token->DefaultDacl != NULL)
|
||||
{
|
||||
DPRINT("Use token default DACL!\n");
|
||||
/* FIXME: Inherit */
|
||||
Dacl = Token->DefaultDacl;
|
||||
Control |= (SE_DACL_PRESENT | SE_DACL_DEFAULTED);
|
||||
}
|
||||
else
|
||||
{
|
||||
DPRINT("Use NULL DACL!\n");
|
||||
Dacl = NULL;
|
||||
Control |= (SE_DACL_PRESENT | SE_DACL_DEFAULTED);
|
||||
}
|
||||
|
||||
DaclLength = (Dacl != NULL) ? ROUND_UP(Dacl->AclSize, 4) : 0;
|
||||
|
||||
|
||||
/* Inherit the SACL */
|
||||
if (ExplicitDescriptor != NULL &&
|
||||
(ExplicitDescriptor->Control & SE_SACL_PRESENT) &&
|
||||
!(ExplicitDescriptor->Control & SE_SACL_DEFAULTED))
|
||||
{
|
||||
DPRINT("Use explicit SACL!\n");
|
||||
Sacl = ExplicitDescriptor->Sacl;
|
||||
if (Sacl != NULL && (ExplicitDescriptor->Control & SE_SELF_RELATIVE))
|
||||
{
|
||||
Sacl = (PACL)(((ULONG_PTR)Sacl) + (ULONG_PTR)ExplicitDescriptor);
|
||||
}
|
||||
|
||||
Control |= SE_SACL_PRESENT;
|
||||
}
|
||||
else if (ParentDescriptor != NULL &&
|
||||
(ParentDescriptor->Control & SE_SACL_PRESENT))
|
||||
{
|
||||
DPRINT("Use parent SACL!\n");
|
||||
/* FIXME: Inherit */
|
||||
Sacl = ParentDescriptor->Sacl;
|
||||
if (Sacl != NULL && (ParentDescriptor->Control & SE_SELF_RELATIVE))
|
||||
{
|
||||
Sacl = (PACL)(((ULONG_PTR)Sacl) + (ULONG_PTR)ParentDescriptor);
|
||||
}
|
||||
Control |= (SE_SACL_PRESENT | SE_SACL_DEFAULTED);
|
||||
}
|
||||
|
||||
SaclLength = (Sacl != NULL) ? ROUND_UP(Sacl->AclSize, 4) : 0;
|
||||
|
||||
|
||||
/* Allocate and initialize the new security descriptor */
|
||||
Length = sizeof(SECURITY_DESCRIPTOR) +
|
||||
OwnerLength + GroupLength + DaclLength + SaclLength;
|
||||
|
||||
DPRINT("L: sizeof(SECURITY_DESCRIPTOR) %d OwnerLength %d GroupLength %d DaclLength %d SaclLength %d\n",
|
||||
sizeof(SECURITY_DESCRIPTOR),
|
||||
OwnerLength,
|
||||
GroupLength,
|
||||
DaclLength,
|
||||
SaclLength);
|
||||
|
||||
Descriptor = ExAllocatePool(PagedPool,
|
||||
Length);
|
||||
if (Descriptor == NULL)
|
||||
{
|
||||
DPRINT1("ExAlloctePool() failed\n");
|
||||
/* FIXME: Unlock subject context */
|
||||
return STATUS_INSUFFICIENT_RESOURCES;
|
||||
}
|
||||
|
||||
RtlZeroMemory( Descriptor, Length );
|
||||
RtlCreateSecurityDescriptor(Descriptor,
|
||||
SECURITY_DESCRIPTOR_REVISION);
|
||||
|
||||
Descriptor->Control = (USHORT)Control | SE_SELF_RELATIVE;
|
||||
|
||||
Current = (ULONG_PTR)Descriptor + sizeof(SECURITY_DESCRIPTOR);
|
||||
|
||||
if (SaclLength != 0)
|
||||
{
|
||||
RtlCopyMemory((PVOID)Current,
|
||||
Sacl,
|
||||
SaclLength);
|
||||
Descriptor->Sacl = (PACL)((ULONG_PTR)Current - (ULONG_PTR)Descriptor);
|
||||
Current += SaclLength;
|
||||
}
|
||||
|
||||
if (DaclLength != 0)
|
||||
{
|
||||
RtlCopyMemory((PVOID)Current,
|
||||
Dacl,
|
||||
DaclLength);
|
||||
Descriptor->Dacl = (PACL)((ULONG_PTR)Current - (ULONG_PTR)Descriptor);
|
||||
Current += DaclLength;
|
||||
}
|
||||
|
||||
if (OwnerLength != 0)
|
||||
{
|
||||
RtlCopyMemory((PVOID)Current,
|
||||
Owner,
|
||||
OwnerLength);
|
||||
Descriptor->Owner = (PSID)((ULONG_PTR)Current - (ULONG_PTR)Descriptor);
|
||||
Current += OwnerLength;
|
||||
DPRINT("Owner of %x at %x\n", Descriptor, Descriptor->Owner);
|
||||
}
|
||||
else
|
||||
DPRINT("Owner of %x is zero length\n", Descriptor);
|
||||
|
||||
if (GroupLength != 0)
|
||||
{
|
||||
memmove((PVOID)Current,
|
||||
Group,
|
||||
GroupLength);
|
||||
Descriptor->Group = (PSID)((ULONG_PTR)Current - (ULONG_PTR)Descriptor);
|
||||
}
|
||||
|
||||
/* Unlock subject context */
|
||||
SeUnlockSubjectContext(SubjectContext);
|
||||
|
||||
*NewDescriptor = Descriptor;
|
||||
|
||||
DPRINT("Descrptor %x\n", Descriptor);
|
||||
ASSERT(RtlLengthSecurityDescriptor(Descriptor));
|
||||
|
||||
return STATUS_SUCCESS;
|
||||
}
|
||||
|
||||
/* EOF */
|
||||
|
|
|
@ -7,32 +7,86 @@
|
|||
* PROGRAMMERS: No programmer listed.
|
||||
*/
|
||||
|
||||
/* INCLUDES *****************************************************************/
|
||||
/* INCLUDES *******************************************************************/
|
||||
|
||||
#include <ntoskrnl.h>
|
||||
#define NDEBUG
|
||||
#include <internal/debug.h>
|
||||
#include <debug.h>
|
||||
|
||||
/* GLOBALS ******************************************************************/
|
||||
/* GLOBALS ********************************************************************/
|
||||
|
||||
PSE_EXPORTS SeExports = NULL;
|
||||
SE_EXPORTS SepExports;
|
||||
|
||||
static ERESOURCE SepSubjectContextLock;
|
||||
extern ULONG ExpInitializationPhase;
|
||||
extern ERESOURCE SepSubjectContextLock;
|
||||
|
||||
/* PRIVATE FUNCTIONS **********************************************************/
|
||||
|
||||
/* PROTOTYPES ***************************************************************/
|
||||
static BOOLEAN INIT_FUNCTION
|
||||
SepInitExports(VOID)
|
||||
{
|
||||
SepExports.SeCreateTokenPrivilege = SeCreateTokenPrivilege;
|
||||
SepExports.SeAssignPrimaryTokenPrivilege = SeAssignPrimaryTokenPrivilege;
|
||||
SepExports.SeLockMemoryPrivilege = SeLockMemoryPrivilege;
|
||||
SepExports.SeIncreaseQuotaPrivilege = SeIncreaseQuotaPrivilege;
|
||||
SepExports.SeUnsolicitedInputPrivilege = SeUnsolicitedInputPrivilege;
|
||||
SepExports.SeTcbPrivilege = SeTcbPrivilege;
|
||||
SepExports.SeSecurityPrivilege = SeSecurityPrivilege;
|
||||
SepExports.SeTakeOwnershipPrivilege = SeTakeOwnershipPrivilege;
|
||||
SepExports.SeLoadDriverPrivilege = SeLoadDriverPrivilege;
|
||||
SepExports.SeCreatePagefilePrivilege = SeCreatePagefilePrivilege;
|
||||
SepExports.SeIncreaseBasePriorityPrivilege = SeIncreaseBasePriorityPrivilege;
|
||||
SepExports.SeSystemProfilePrivilege = SeSystemProfilePrivilege;
|
||||
SepExports.SeSystemtimePrivilege = SeSystemtimePrivilege;
|
||||
SepExports.SeProfileSingleProcessPrivilege = SeProfileSingleProcessPrivilege;
|
||||
SepExports.SeCreatePermanentPrivilege = SeCreatePermanentPrivilege;
|
||||
SepExports.SeBackupPrivilege = SeBackupPrivilege;
|
||||
SepExports.SeRestorePrivilege = SeRestorePrivilege;
|
||||
SepExports.SeShutdownPrivilege = SeShutdownPrivilege;
|
||||
SepExports.SeDebugPrivilege = SeDebugPrivilege;
|
||||
SepExports.SeAuditPrivilege = SeAuditPrivilege;
|
||||
SepExports.SeSystemEnvironmentPrivilege = SeSystemEnvironmentPrivilege;
|
||||
SepExports.SeChangeNotifyPrivilege = SeChangeNotifyPrivilege;
|
||||
SepExports.SeRemoteShutdownPrivilege = SeRemoteShutdownPrivilege;
|
||||
|
||||
static BOOLEAN SepInitExports(VOID);
|
||||
SepExports.SeNullSid = SeNullSid;
|
||||
SepExports.SeWorldSid = SeWorldSid;
|
||||
SepExports.SeLocalSid = SeLocalSid;
|
||||
SepExports.SeCreatorOwnerSid = SeCreatorOwnerSid;
|
||||
SepExports.SeCreatorGroupSid = SeCreatorGroupSid;
|
||||
SepExports.SeNtAuthoritySid = SeNtAuthoritySid;
|
||||
SepExports.SeDialupSid = SeDialupSid;
|
||||
SepExports.SeNetworkSid = SeNetworkSid;
|
||||
SepExports.SeBatchSid = SeBatchSid;
|
||||
SepExports.SeInteractiveSid = SeInteractiveSid;
|
||||
SepExports.SeLocalSystemSid = SeLocalSystemSid;
|
||||
SepExports.SeAliasAdminsSid = SeAliasAdminsSid;
|
||||
SepExports.SeAliasUsersSid = SeAliasUsersSid;
|
||||
SepExports.SeAliasGuestsSid = SeAliasGuestsSid;
|
||||
SepExports.SeAliasPowerUsersSid = SeAliasPowerUsersSid;
|
||||
SepExports.SeAliasAccountOpsSid = SeAliasAccountOpsSid;
|
||||
SepExports.SeAliasSystemOpsSid = SeAliasSystemOpsSid;
|
||||
SepExports.SeAliasPrintOpsSid = SeAliasPrintOpsSid;
|
||||
SepExports.SeAliasBackupOpsSid = SeAliasBackupOpsSid;
|
||||
SepExports.SeAuthenticatedUsersSid = SeAuthenticatedUsersSid;
|
||||
SepExports.SeRestrictedSid = SeRestrictedSid;
|
||||
SepExports.SeAnonymousLogonSid = SeAnonymousLogonSid;
|
||||
|
||||
SepExports.SeUndockPrivilege = SeUndockPrivilege;
|
||||
SepExports.SeSyncAgentPrivilege = SeSyncAgentPrivilege;
|
||||
SepExports.SeEnableDelegationPrivilege = SeEnableDelegationPrivilege;
|
||||
|
||||
SeExports = &SepExports;
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
/* FUNCTIONS ****************************************************************/
|
||||
|
||||
BOOLEAN
|
||||
NTAPI
|
||||
SepInitializationPhase0(VOID)
|
||||
{
|
||||
SepInitLuid();
|
||||
ExpInitLuid();
|
||||
if (!SepInitSecurityIDs()) return FALSE;
|
||||
if (!SepInitDACLs()) return FALSE;
|
||||
if (!SepInitSDs()) return FALSE;
|
||||
|
@ -162,76 +216,6 @@ SeInitSRM(VOID)
|
|||
return TRUE;
|
||||
}
|
||||
|
||||
|
||||
static BOOLEAN INIT_FUNCTION
|
||||
SepInitExports(VOID)
|
||||
{
|
||||
SepExports.SeCreateTokenPrivilege = SeCreateTokenPrivilege;
|
||||
SepExports.SeAssignPrimaryTokenPrivilege = SeAssignPrimaryTokenPrivilege;
|
||||
SepExports.SeLockMemoryPrivilege = SeLockMemoryPrivilege;
|
||||
SepExports.SeIncreaseQuotaPrivilege = SeIncreaseQuotaPrivilege;
|
||||
SepExports.SeUnsolicitedInputPrivilege = SeUnsolicitedInputPrivilege;
|
||||
SepExports.SeTcbPrivilege = SeTcbPrivilege;
|
||||
SepExports.SeSecurityPrivilege = SeSecurityPrivilege;
|
||||
SepExports.SeTakeOwnershipPrivilege = SeTakeOwnershipPrivilege;
|
||||
SepExports.SeLoadDriverPrivilege = SeLoadDriverPrivilege;
|
||||
SepExports.SeCreatePagefilePrivilege = SeCreatePagefilePrivilege;
|
||||
SepExports.SeIncreaseBasePriorityPrivilege = SeIncreaseBasePriorityPrivilege;
|
||||
SepExports.SeSystemProfilePrivilege = SeSystemProfilePrivilege;
|
||||
SepExports.SeSystemtimePrivilege = SeSystemtimePrivilege;
|
||||
SepExports.SeProfileSingleProcessPrivilege = SeProfileSingleProcessPrivilege;
|
||||
SepExports.SeCreatePermanentPrivilege = SeCreatePermanentPrivilege;
|
||||
SepExports.SeBackupPrivilege = SeBackupPrivilege;
|
||||
SepExports.SeRestorePrivilege = SeRestorePrivilege;
|
||||
SepExports.SeShutdownPrivilege = SeShutdownPrivilege;
|
||||
SepExports.SeDebugPrivilege = SeDebugPrivilege;
|
||||
SepExports.SeAuditPrivilege = SeAuditPrivilege;
|
||||
SepExports.SeSystemEnvironmentPrivilege = SeSystemEnvironmentPrivilege;
|
||||
SepExports.SeChangeNotifyPrivilege = SeChangeNotifyPrivilege;
|
||||
SepExports.SeRemoteShutdownPrivilege = SeRemoteShutdownPrivilege;
|
||||
|
||||
SepExports.SeNullSid = SeNullSid;
|
||||
SepExports.SeWorldSid = SeWorldSid;
|
||||
SepExports.SeLocalSid = SeLocalSid;
|
||||
SepExports.SeCreatorOwnerSid = SeCreatorOwnerSid;
|
||||
SepExports.SeCreatorGroupSid = SeCreatorGroupSid;
|
||||
SepExports.SeNtAuthoritySid = SeNtAuthoritySid;
|
||||
SepExports.SeDialupSid = SeDialupSid;
|
||||
SepExports.SeNetworkSid = SeNetworkSid;
|
||||
SepExports.SeBatchSid = SeBatchSid;
|
||||
SepExports.SeInteractiveSid = SeInteractiveSid;
|
||||
SepExports.SeLocalSystemSid = SeLocalSystemSid;
|
||||
SepExports.SeAliasAdminsSid = SeAliasAdminsSid;
|
||||
SepExports.SeAliasUsersSid = SeAliasUsersSid;
|
||||
SepExports.SeAliasGuestsSid = SeAliasGuestsSid;
|
||||
SepExports.SeAliasPowerUsersSid = SeAliasPowerUsersSid;
|
||||
SepExports.SeAliasAccountOpsSid = SeAliasAccountOpsSid;
|
||||
SepExports.SeAliasSystemOpsSid = SeAliasSystemOpsSid;
|
||||
SepExports.SeAliasPrintOpsSid = SeAliasPrintOpsSid;
|
||||
SepExports.SeAliasBackupOpsSid = SeAliasBackupOpsSid;
|
||||
SepExports.SeAuthenticatedUsersSid = SeAuthenticatedUsersSid;
|
||||
SepExports.SeRestrictedSid = SeRestrictedSid;
|
||||
SepExports.SeAnonymousLogonSid = SeAnonymousLogonSid;
|
||||
|
||||
SepExports.SeUndockPrivilege = SeUndockPrivilege;
|
||||
SepExports.SeSyncAgentPrivilege = SeSyncAgentPrivilege;
|
||||
SepExports.SeEnableDelegationPrivilege = SeEnableDelegationPrivilege;
|
||||
|
||||
SeExports = &SepExports;
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
|
||||
VOID SepReferenceLogonSession(PLUID AuthenticationId)
|
||||
{
|
||||
UNIMPLEMENTED;
|
||||
}
|
||||
|
||||
VOID SepDeReferenceLogonSession(PLUID AuthenticationId)
|
||||
{
|
||||
UNIMPLEMENTED;
|
||||
}
|
||||
|
||||
NTSTATUS
|
||||
NTAPI
|
||||
SeDefaultObjectMethod(IN PVOID Object,
|
||||
|
@ -293,399 +277,6 @@ SeDefaultObjectMethod(IN PVOID Object,
|
|||
return STATUS_SUCCESS;
|
||||
}
|
||||
|
||||
VOID
|
||||
NTAPI
|
||||
SeCaptureSubjectContextEx(IN PETHREAD Thread,
|
||||
IN PEPROCESS Process,
|
||||
OUT PSECURITY_SUBJECT_CONTEXT SubjectContext)
|
||||
{
|
||||
BOOLEAN CopyOnOpen, EffectiveOnly;
|
||||
PAGED_CODE();
|
||||
|
||||
/* Save the unique ID */
|
||||
SubjectContext->ProcessAuditId = Process->UniqueProcessId;
|
||||
|
||||
/* Check if we have a thread */
|
||||
if (!Thread)
|
||||
{
|
||||
/* We don't, so no token */
|
||||
SubjectContext->ClientToken = NULL;
|
||||
}
|
||||
else
|
||||
{
|
||||
/* Get the impersonation token */
|
||||
SubjectContext->ClientToken =
|
||||
PsReferenceImpersonationToken(Thread,
|
||||
&CopyOnOpen,
|
||||
&EffectiveOnly,
|
||||
&SubjectContext->ImpersonationLevel);
|
||||
}
|
||||
|
||||
/* Get the primary token */
|
||||
SubjectContext->PrimaryToken = PsReferencePrimaryToken(Process);
|
||||
}
|
||||
|
||||
/*
|
||||
* @implemented
|
||||
*/
|
||||
VOID
|
||||
NTAPI
|
||||
SeCaptureSubjectContext(OUT PSECURITY_SUBJECT_CONTEXT SubjectContext)
|
||||
{
|
||||
/* Call the internal API */
|
||||
SeCaptureSubjectContextEx(PsGetCurrentThread(),
|
||||
PsGetCurrentProcess(),
|
||||
SubjectContext);
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
* @implemented
|
||||
*/
|
||||
VOID STDCALL
|
||||
SeLockSubjectContext(IN PSECURITY_SUBJECT_CONTEXT SubjectContext)
|
||||
{
|
||||
PAGED_CODE();
|
||||
|
||||
KeEnterCriticalRegion();
|
||||
ExAcquireResourceExclusiveLite(&SepSubjectContextLock, TRUE);
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
* @implemented
|
||||
*/
|
||||
VOID STDCALL
|
||||
SeUnlockSubjectContext(IN PSECURITY_SUBJECT_CONTEXT SubjectContext)
|
||||
{
|
||||
PAGED_CODE();
|
||||
|
||||
ExReleaseResourceLite(&SepSubjectContextLock);
|
||||
KeLeaveCriticalRegion();
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
* @implemented
|
||||
*/
|
||||
VOID STDCALL
|
||||
SeReleaseSubjectContext(IN PSECURITY_SUBJECT_CONTEXT SubjectContext)
|
||||
{
|
||||
PAGED_CODE();
|
||||
|
||||
if (SubjectContext->PrimaryToken != NULL)
|
||||
{
|
||||
ObFastDereferenceObject(&PsGetCurrentProcess()->Token, SubjectContext->PrimaryToken);
|
||||
}
|
||||
|
||||
if (SubjectContext->ClientToken != NULL)
|
||||
{
|
||||
ObDereferenceObject(SubjectContext->ClientToken);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
* @implemented
|
||||
*/
|
||||
NTSTATUS STDCALL
|
||||
SeDeassignSecurity(PSECURITY_DESCRIPTOR *SecurityDescriptor)
|
||||
{
|
||||
PAGED_CODE();
|
||||
|
||||
if (*SecurityDescriptor != NULL)
|
||||
{
|
||||
ExFreePool(*SecurityDescriptor);
|
||||
*SecurityDescriptor = NULL;
|
||||
}
|
||||
|
||||
return STATUS_SUCCESS;
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
* @unimplemented
|
||||
*/
|
||||
NTSTATUS STDCALL
|
||||
SeAssignSecurityEx(IN PSECURITY_DESCRIPTOR ParentDescriptor OPTIONAL,
|
||||
IN PSECURITY_DESCRIPTOR ExplicitDescriptor OPTIONAL,
|
||||
OUT PSECURITY_DESCRIPTOR *NewDescriptor,
|
||||
IN GUID *ObjectType OPTIONAL,
|
||||
IN BOOLEAN IsDirectoryObject,
|
||||
IN ULONG AutoInheritFlags,
|
||||
IN PSECURITY_SUBJECT_CONTEXT SubjectContext,
|
||||
IN PGENERIC_MAPPING GenericMapping,
|
||||
IN POOL_TYPE PoolType)
|
||||
{
|
||||
UNIMPLEMENTED;
|
||||
return STATUS_NOT_IMPLEMENTED;
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
* FUNCTION: Creates a security descriptor for a new object.
|
||||
* ARGUMENTS:
|
||||
* ParentDescriptor =
|
||||
* ExplicitDescriptor =
|
||||
* NewDescriptor =
|
||||
* IsDirectoryObject =
|
||||
* SubjectContext =
|
||||
* GeneralMapping =
|
||||
* PoolType =
|
||||
* RETURNS: Status
|
||||
*
|
||||
* @implemented
|
||||
*/
|
||||
NTSTATUS STDCALL
|
||||
SeAssignSecurity(PSECURITY_DESCRIPTOR _ParentDescriptor OPTIONAL,
|
||||
PSECURITY_DESCRIPTOR _ExplicitDescriptor OPTIONAL,
|
||||
PSECURITY_DESCRIPTOR *NewDescriptor,
|
||||
BOOLEAN IsDirectoryObject,
|
||||
PSECURITY_SUBJECT_CONTEXT SubjectContext,
|
||||
PGENERIC_MAPPING GenericMapping,
|
||||
POOL_TYPE PoolType)
|
||||
{
|
||||
PISECURITY_DESCRIPTOR ParentDescriptor = _ParentDescriptor;
|
||||
PISECURITY_DESCRIPTOR ExplicitDescriptor = _ExplicitDescriptor;
|
||||
PISECURITY_DESCRIPTOR Descriptor;
|
||||
PTOKEN Token;
|
||||
ULONG OwnerLength = 0;
|
||||
ULONG GroupLength = 0;
|
||||
ULONG DaclLength = 0;
|
||||
ULONG SaclLength = 0;
|
||||
ULONG Length = 0;
|
||||
ULONG Control = 0;
|
||||
ULONG_PTR Current;
|
||||
PSID Owner = NULL;
|
||||
PSID Group = NULL;
|
||||
PACL Dacl = NULL;
|
||||
PACL Sacl = NULL;
|
||||
|
||||
PAGED_CODE();
|
||||
|
||||
/* Lock subject context */
|
||||
SeLockSubjectContext(SubjectContext);
|
||||
|
||||
if (SubjectContext->ClientToken != NULL)
|
||||
{
|
||||
Token = SubjectContext->ClientToken;
|
||||
}
|
||||
else
|
||||
{
|
||||
Token = SubjectContext->PrimaryToken;
|
||||
}
|
||||
|
||||
|
||||
/* Inherit the Owner SID */
|
||||
if (ExplicitDescriptor != NULL && ExplicitDescriptor->Owner != NULL)
|
||||
{
|
||||
DPRINT("Use explicit owner sid!\n");
|
||||
Owner = ExplicitDescriptor->Owner;
|
||||
|
||||
if (ExplicitDescriptor->Control & SE_SELF_RELATIVE)
|
||||
{
|
||||
Owner = (PSID)(((ULONG_PTR)Owner) + (ULONG_PTR)ExplicitDescriptor);
|
||||
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
if (Token != NULL)
|
||||
{
|
||||
DPRINT("Use token owner sid!\n");
|
||||
Owner = Token->UserAndGroups[Token->DefaultOwnerIndex].Sid;
|
||||
}
|
||||
else
|
||||
{
|
||||
DPRINT("Use default owner sid!\n");
|
||||
Owner = SeLocalSystemSid;
|
||||
}
|
||||
|
||||
Control |= SE_OWNER_DEFAULTED;
|
||||
}
|
||||
|
||||
OwnerLength = ROUND_UP(RtlLengthSid(Owner), 4);
|
||||
|
||||
|
||||
/* Inherit the Group SID */
|
||||
if (ExplicitDescriptor != NULL && ExplicitDescriptor->Group != NULL)
|
||||
{
|
||||
DPRINT("Use explicit group sid!\n");
|
||||
Group = ExplicitDescriptor->Group;
|
||||
if (ExplicitDescriptor->Control & SE_SELF_RELATIVE)
|
||||
{
|
||||
Group = (PSID)(((ULONG_PTR)Group) + (ULONG_PTR)ExplicitDescriptor);
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
if (Token != NULL)
|
||||
{
|
||||
DPRINT("Use token group sid!\n");
|
||||
Group = Token->PrimaryGroup;
|
||||
}
|
||||
else
|
||||
{
|
||||
DPRINT("Use default group sid!\n");
|
||||
Group = SeLocalSystemSid;
|
||||
}
|
||||
|
||||
Control |= SE_OWNER_DEFAULTED;
|
||||
}
|
||||
|
||||
GroupLength = ROUND_UP(RtlLengthSid(Group), 4);
|
||||
|
||||
|
||||
/* Inherit the DACL */
|
||||
if (ExplicitDescriptor != NULL &&
|
||||
(ExplicitDescriptor->Control & SE_DACL_PRESENT) &&
|
||||
!(ExplicitDescriptor->Control & SE_DACL_DEFAULTED))
|
||||
{
|
||||
DPRINT("Use explicit DACL!\n");
|
||||
Dacl = ExplicitDescriptor->Dacl;
|
||||
if (Dacl != NULL && (ExplicitDescriptor->Control & SE_SELF_RELATIVE))
|
||||
{
|
||||
Dacl = (PACL)(((ULONG_PTR)Dacl) + (ULONG_PTR)ExplicitDescriptor);
|
||||
}
|
||||
|
||||
Control |= SE_DACL_PRESENT;
|
||||
}
|
||||
else if (ParentDescriptor != NULL &&
|
||||
(ParentDescriptor->Control & SE_DACL_PRESENT))
|
||||
{
|
||||
DPRINT("Use parent DACL!\n");
|
||||
/* FIXME: Inherit */
|
||||
Dacl = ParentDescriptor->Dacl;
|
||||
if (Dacl != NULL && (ParentDescriptor->Control & SE_SELF_RELATIVE))
|
||||
{
|
||||
Dacl = (PACL)(((ULONG_PTR)Dacl) + (ULONG_PTR)ParentDescriptor);
|
||||
}
|
||||
Control |= (SE_DACL_PRESENT | SE_DACL_DEFAULTED);
|
||||
}
|
||||
else if (Token != NULL && Token->DefaultDacl != NULL)
|
||||
{
|
||||
DPRINT("Use token default DACL!\n");
|
||||
/* FIXME: Inherit */
|
||||
Dacl = Token->DefaultDacl;
|
||||
Control |= (SE_DACL_PRESENT | SE_DACL_DEFAULTED);
|
||||
}
|
||||
else
|
||||
{
|
||||
DPRINT("Use NULL DACL!\n");
|
||||
Dacl = NULL;
|
||||
Control |= (SE_DACL_PRESENT | SE_DACL_DEFAULTED);
|
||||
}
|
||||
|
||||
DaclLength = (Dacl != NULL) ? ROUND_UP(Dacl->AclSize, 4) : 0;
|
||||
|
||||
|
||||
/* Inherit the SACL */
|
||||
if (ExplicitDescriptor != NULL &&
|
||||
(ExplicitDescriptor->Control & SE_SACL_PRESENT) &&
|
||||
!(ExplicitDescriptor->Control & SE_SACL_DEFAULTED))
|
||||
{
|
||||
DPRINT("Use explicit SACL!\n");
|
||||
Sacl = ExplicitDescriptor->Sacl;
|
||||
if (Sacl != NULL && (ExplicitDescriptor->Control & SE_SELF_RELATIVE))
|
||||
{
|
||||
Sacl = (PACL)(((ULONG_PTR)Sacl) + (ULONG_PTR)ExplicitDescriptor);
|
||||
}
|
||||
|
||||
Control |= SE_SACL_PRESENT;
|
||||
}
|
||||
else if (ParentDescriptor != NULL &&
|
||||
(ParentDescriptor->Control & SE_SACL_PRESENT))
|
||||
{
|
||||
DPRINT("Use parent SACL!\n");
|
||||
/* FIXME: Inherit */
|
||||
Sacl = ParentDescriptor->Sacl;
|
||||
if (Sacl != NULL && (ParentDescriptor->Control & SE_SELF_RELATIVE))
|
||||
{
|
||||
Sacl = (PACL)(((ULONG_PTR)Sacl) + (ULONG_PTR)ParentDescriptor);
|
||||
}
|
||||
Control |= (SE_SACL_PRESENT | SE_SACL_DEFAULTED);
|
||||
}
|
||||
|
||||
SaclLength = (Sacl != NULL) ? ROUND_UP(Sacl->AclSize, 4) : 0;
|
||||
|
||||
|
||||
/* Allocate and initialize the new security descriptor */
|
||||
Length = sizeof(SECURITY_DESCRIPTOR) +
|
||||
OwnerLength + GroupLength + DaclLength + SaclLength;
|
||||
|
||||
DPRINT("L: sizeof(SECURITY_DESCRIPTOR) %d OwnerLength %d GroupLength %d DaclLength %d SaclLength %d\n",
|
||||
sizeof(SECURITY_DESCRIPTOR),
|
||||
OwnerLength,
|
||||
GroupLength,
|
||||
DaclLength,
|
||||
SaclLength);
|
||||
|
||||
Descriptor = ExAllocatePool(PagedPool,
|
||||
Length);
|
||||
if (Descriptor == NULL)
|
||||
{
|
||||
DPRINT1("ExAlloctePool() failed\n");
|
||||
/* FIXME: Unlock subject context */
|
||||
return STATUS_INSUFFICIENT_RESOURCES;
|
||||
}
|
||||
|
||||
RtlZeroMemory( Descriptor, Length );
|
||||
RtlCreateSecurityDescriptor(Descriptor,
|
||||
SECURITY_DESCRIPTOR_REVISION);
|
||||
|
||||
Descriptor->Control = (USHORT)Control | SE_SELF_RELATIVE;
|
||||
|
||||
Current = (ULONG_PTR)Descriptor + sizeof(SECURITY_DESCRIPTOR);
|
||||
|
||||
if (SaclLength != 0)
|
||||
{
|
||||
RtlCopyMemory((PVOID)Current,
|
||||
Sacl,
|
||||
SaclLength);
|
||||
Descriptor->Sacl = (PACL)((ULONG_PTR)Current - (ULONG_PTR)Descriptor);
|
||||
Current += SaclLength;
|
||||
}
|
||||
|
||||
if (DaclLength != 0)
|
||||
{
|
||||
RtlCopyMemory((PVOID)Current,
|
||||
Dacl,
|
||||
DaclLength);
|
||||
Descriptor->Dacl = (PACL)((ULONG_PTR)Current - (ULONG_PTR)Descriptor);
|
||||
Current += DaclLength;
|
||||
}
|
||||
|
||||
if (OwnerLength != 0)
|
||||
{
|
||||
RtlCopyMemory((PVOID)Current,
|
||||
Owner,
|
||||
OwnerLength);
|
||||
Descriptor->Owner = (PSID)((ULONG_PTR)Current - (ULONG_PTR)Descriptor);
|
||||
Current += OwnerLength;
|
||||
DPRINT("Owner of %x at %x\n", Descriptor, Descriptor->Owner);
|
||||
}
|
||||
else
|
||||
DPRINT("Owner of %x is zero length\n", Descriptor);
|
||||
|
||||
if (GroupLength != 0)
|
||||
{
|
||||
memmove((PVOID)Current,
|
||||
Group,
|
||||
GroupLength);
|
||||
Descriptor->Group = (PSID)((ULONG_PTR)Current - (ULONG_PTR)Descriptor);
|
||||
}
|
||||
|
||||
/* Unlock subject context */
|
||||
SeUnlockSubjectContext(SubjectContext);
|
||||
|
||||
*NewDescriptor = Descriptor;
|
||||
|
||||
DPRINT("Descrptor %x\n", Descriptor);
|
||||
ASSERT(RtlLengthSecurityDescriptor(Descriptor));
|
||||
|
||||
return STATUS_SUCCESS;
|
||||
}
|
||||
|
||||
|
||||
static BOOLEAN
|
||||
SepSidInToken(PACCESS_TOKEN _Token,
|
||||
|
@ -718,22 +309,46 @@ SepSidInToken(PACCESS_TOKEN _Token,
|
|||
}
|
||||
|
||||
|
||||
VOID STDCALL
|
||||
SeQuerySecurityAccessMask(IN SECURITY_INFORMATION SecurityInformation,
|
||||
OUT PACCESS_MASK DesiredAccess)
|
||||
{
|
||||
*DesiredAccess = 0;
|
||||
|
||||
if (SecurityInformation & (OWNER_SECURITY_INFORMATION |
|
||||
GROUP_SECURITY_INFORMATION | DACL_SECURITY_INFORMATION))
|
||||
{
|
||||
*DesiredAccess |= READ_CONTROL;
|
||||
}
|
||||
if (SecurityInformation & SACL_SECURITY_INFORMATION)
|
||||
{
|
||||
*DesiredAccess |= ACCESS_SYSTEM_SECURITY;
|
||||
}
|
||||
}
|
||||
|
||||
VOID STDCALL
|
||||
SeSetSecurityAccessMask(IN SECURITY_INFORMATION SecurityInformation,
|
||||
OUT PACCESS_MASK DesiredAccess)
|
||||
{
|
||||
*DesiredAccess = 0;
|
||||
|
||||
if (SecurityInformation & (OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION))
|
||||
{
|
||||
*DesiredAccess |= WRITE_OWNER;
|
||||
}
|
||||
if (SecurityInformation & DACL_SECURITY_INFORMATION)
|
||||
{
|
||||
*DesiredAccess |= WRITE_DAC;
|
||||
}
|
||||
if (SecurityInformation & SACL_SECURITY_INFORMATION)
|
||||
{
|
||||
*DesiredAccess |= ACCESS_SYSTEM_SECURITY;
|
||||
}
|
||||
}
|
||||
|
||||
/* PUBLIC FUNCTIONS ***********************************************************/
|
||||
|
||||
/*
|
||||
* FUNCTION: Determines whether the requested access rights can be granted
|
||||
* to an object protected by a security descriptor and an object owner
|
||||
* ARGUMENTS:
|
||||
* SecurityDescriptor = Security descriptor protecting the object
|
||||
* SubjectSecurityContext = Subject's captured security context
|
||||
* SubjectContextLocked = Indicates the user's subject context is locked
|
||||
* DesiredAccess = Access rights the caller is trying to acquire
|
||||
* PreviouslyGrantedAccess = Specified the access rights already granted
|
||||
* Privileges = ?
|
||||
* GenericMapping = Generic mapping associated with the object
|
||||
* AccessMode = Access mode used for the check
|
||||
* GrantedAccess (OUT) = On return specifies the access granted
|
||||
* AccessStatus (OUT) = Status indicating why access was denied
|
||||
* RETURNS: If access was granted, returns TRUE
|
||||
*
|
||||
* @implemented
|
||||
*/
|
||||
BOOLEAN STDCALL
|
||||
|
@ -1002,6 +617,7 @@ SeAccessCheck(IN PSECURITY_DESCRIPTOR SecurityDescriptor,
|
|||
}
|
||||
}
|
||||
|
||||
/* SYSTEM CALLS ***************************************************************/
|
||||
|
||||
NTSTATUS STDCALL
|
||||
NtAccessCheck(IN PSECURITY_DESCRIPTOR SecurityDescriptor,
|
||||
|
@ -1198,41 +814,4 @@ NtAccessCheckByTypeResultListAndAuditAlarmByHandle(IN PUNICODE_STRING SubsystemN
|
|||
return STATUS_NOT_IMPLEMENTED;
|
||||
}
|
||||
|
||||
VOID STDCALL
|
||||
SeQuerySecurityAccessMask(IN SECURITY_INFORMATION SecurityInformation,
|
||||
OUT PACCESS_MASK DesiredAccess)
|
||||
{
|
||||
*DesiredAccess = 0;
|
||||
|
||||
if (SecurityInformation & (OWNER_SECURITY_INFORMATION |
|
||||
GROUP_SECURITY_INFORMATION | DACL_SECURITY_INFORMATION))
|
||||
{
|
||||
*DesiredAccess |= READ_CONTROL;
|
||||
}
|
||||
if (SecurityInformation & SACL_SECURITY_INFORMATION)
|
||||
{
|
||||
*DesiredAccess |= ACCESS_SYSTEM_SECURITY;
|
||||
}
|
||||
}
|
||||
|
||||
VOID STDCALL
|
||||
SeSetSecurityAccessMask(IN SECURITY_INFORMATION SecurityInformation,
|
||||
OUT PACCESS_MASK DesiredAccess)
|
||||
{
|
||||
*DesiredAccess = 0;
|
||||
|
||||
if (SecurityInformation & (OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION))
|
||||
{
|
||||
*DesiredAccess |= WRITE_OWNER;
|
||||
}
|
||||
if (SecurityInformation & DACL_SECURITY_INFORMATION)
|
||||
{
|
||||
*DesiredAccess |= WRITE_DAC;
|
||||
}
|
||||
if (SecurityInformation & SACL_SECURITY_INFORMATION)
|
||||
{
|
||||
*DesiredAccess |= ACCESS_SYSTEM_SECURITY;
|
||||
}
|
||||
}
|
||||
|
||||
/* EOF */
|
||||
|
|
|
@ -7,19 +7,17 @@
|
|||
* PROGRAMMERS: David Welch <welch@cwcom.net>
|
||||
*/
|
||||
|
||||
/* INCLUDES *****************************************************************/
|
||||
/* INCLUDES *******************************************************************/
|
||||
|
||||
#include <ntoskrnl.h>
|
||||
|
||||
#define NDEBUG
|
||||
#include <internal/debug.h>
|
||||
#include <debug.h>
|
||||
|
||||
#if defined (ALLOC_PRAGMA)
|
||||
#pragma alloc_text(INIT, SepInitSecurityIDs)
|
||||
#endif
|
||||
|
||||
|
||||
/* GLOBALS ******************************************************************/
|
||||
/* GLOBALS ********************************************************************/
|
||||
|
||||
SID_IDENTIFIER_AUTHORITY SeNullSidAuthority = {SECURITY_NULL_SID_AUTHORITY};
|
||||
SID_IDENTIFIER_AUTHORITY SeWorldSidAuthority = {SECURITY_WORLD_SID_AUTHORITY};
|
||||
|
@ -56,9 +54,7 @@ PSID SeAuthenticatedUsersSid = NULL;
|
|||
PSID SeRestrictedSid = NULL;
|
||||
PSID SeAnonymousLogonSid = NULL;
|
||||
|
||||
|
||||
/* FUNCTIONS ****************************************************************/
|
||||
|
||||
/* FUNCTIONS ******************************************************************/
|
||||
|
||||
BOOLEAN
|
||||
INIT_FUNCTION
|
||||
|
|
File diff suppressed because it is too large
Load diff
Loading…
Reference in a new issue