mirror of
https://github.com/reactos/reactos.git
synced 2024-06-29 01:12:06 +00:00
- Reformat Se code and put functions to more appropriate locations.
svn path=/trunk/; revision=33129
This commit is contained in:
parent
c72bfe8de2
commit
9dc0da2dea
|
@ -40,8 +40,8 @@ static BOOLEAN UuidSequenceInitialized = FALSE;
|
|||
static BOOLEAN UuidSequenceChanged = FALSE;
|
||||
static UCHAR UuidSeed[SEED_BUFFER_SIZE];
|
||||
static ULONG UuidCount;
|
||||
|
||||
|
||||
static LARGE_INTEGER LuidIncrement;
|
||||
static LARGE_INTEGER LuidValue;
|
||||
|
||||
/* FUNCTIONS ****************************************************************/
|
||||
|
||||
|
@ -214,6 +214,91 @@ ExpCreateUuids(PULARGE_INTEGER Time,
|
|||
return STATUS_SUCCESS;
|
||||
}
|
||||
|
||||
VOID
|
||||
INIT_FUNCTION
|
||||
NTAPI
|
||||
ExpInitLuid(VOID)
|
||||
{
|
||||
LUID DummyLuidValue = SYSTEM_LUID;
|
||||
|
||||
LuidValue.u.HighPart = DummyLuidValue.HighPart;
|
||||
LuidValue.u.LowPart = DummyLuidValue.LowPart;
|
||||
LuidIncrement.QuadPart = 1;
|
||||
}
|
||||
|
||||
|
||||
NTSTATUS
|
||||
NTAPI
|
||||
ExpAllocateLocallyUniqueId(OUT LUID *LocallyUniqueId)
|
||||
{
|
||||
LARGE_INTEGER NewLuid, PrevLuid;
|
||||
|
||||
/* atomically increment the luid */
|
||||
do
|
||||
{
|
||||
PrevLuid = LuidValue;
|
||||
NewLuid = RtlLargeIntegerAdd(PrevLuid,
|
||||
LuidIncrement);
|
||||
} while(ExfInterlockedCompareExchange64(&LuidValue.QuadPart,
|
||||
&NewLuid.QuadPart,
|
||||
&PrevLuid.QuadPart) != PrevLuid.QuadPart);
|
||||
|
||||
LocallyUniqueId->LowPart = NewLuid.u.LowPart;
|
||||
LocallyUniqueId->HighPart = NewLuid.u.HighPart;
|
||||
|
||||
return STATUS_SUCCESS;
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
* @implemented
|
||||
*/
|
||||
NTSTATUS STDCALL
|
||||
NtAllocateLocallyUniqueId(OUT LUID *LocallyUniqueId)
|
||||
{
|
||||
LUID NewLuid;
|
||||
KPROCESSOR_MODE PreviousMode;
|
||||
NTSTATUS Status = STATUS_SUCCESS;
|
||||
|
||||
PAGED_CODE();
|
||||
|
||||
PreviousMode = ExGetPreviousMode();
|
||||
|
||||
if(PreviousMode != KernelMode)
|
||||
{
|
||||
_SEH_TRY
|
||||
{
|
||||
ProbeForWrite(LocallyUniqueId,
|
||||
sizeof(LUID),
|
||||
sizeof(ULONG));
|
||||
}
|
||||
_SEH_HANDLE
|
||||
{
|
||||
Status = _SEH_GetExceptionCode();
|
||||
}
|
||||
_SEH_END;
|
||||
|
||||
if(!NT_SUCCESS(Status))
|
||||
{
|
||||
return Status;
|
||||
}
|
||||
}
|
||||
|
||||
Status = ExpAllocateLocallyUniqueId(&NewLuid);
|
||||
|
||||
_SEH_TRY
|
||||
{
|
||||
*LocallyUniqueId = NewLuid;
|
||||
}
|
||||
_SEH_HANDLE
|
||||
{
|
||||
Status = _SEH_GetExceptionCode();
|
||||
}
|
||||
_SEH_END;
|
||||
|
||||
return Status;
|
||||
}
|
||||
|
||||
/*
|
||||
* @unimplemented
|
||||
*/
|
||||
|
|
|
@ -94,7 +94,7 @@ SeInitSRM(VOID);
|
|||
|
||||
VOID
|
||||
NTAPI
|
||||
SepInitLuid(VOID);
|
||||
ExpInitLuid(VOID);
|
||||
|
||||
VOID
|
||||
NTAPI
|
||||
|
@ -315,6 +315,15 @@ SeSetWorldSecurityDescriptor(
|
|||
PULONG BufferLength
|
||||
);
|
||||
|
||||
NTSTATUS
|
||||
STDCALL
|
||||
SeCopyClientToken(
|
||||
IN PACCESS_TOKEN Token,
|
||||
IN SECURITY_IMPERSONATION_LEVEL Level,
|
||||
IN KPROCESSOR_MODE PreviousMode,
|
||||
OUT PACCESS_TOKEN* NewToken
|
||||
);
|
||||
|
||||
#define SepAcquireTokenLockExclusive(Token) \
|
||||
do { \
|
||||
KeEnterCriticalRegion(); \
|
||||
|
|
|
@ -425,7 +425,6 @@
|
|||
<file>acl.c</file>
|
||||
<file>audit.c</file>
|
||||
<file>lsa.c</file>
|
||||
<file>luid.c</file>
|
||||
<file>priv.c</file>
|
||||
<file>sd.c</file>
|
||||
<file>semgr.c</file>
|
||||
|
|
|
@ -8,14 +8,114 @@
|
|||
* Based on patch by Javier M. Mellid
|
||||
*/
|
||||
|
||||
/* INCLUDES *****************************************************************/
|
||||
/* INCLUDES *******************************************************************/
|
||||
|
||||
#include <ntoskrnl.h>
|
||||
#define NDEBUG
|
||||
#include <internal/debug.h>
|
||||
#include <debug.h>
|
||||
|
||||
/* FUNCTIONS ***************************************************************/
|
||||
/* GLOBALS ********************************************************************/
|
||||
|
||||
ERESOURCE SepSubjectContextLock;
|
||||
|
||||
/* FUNCTIONS ******************************************************************/
|
||||
|
||||
/*
|
||||
* @implemented
|
||||
*/
|
||||
VOID
|
||||
NTAPI
|
||||
SeCaptureSubjectContextEx(IN PETHREAD Thread,
|
||||
IN PEPROCESS Process,
|
||||
OUT PSECURITY_SUBJECT_CONTEXT SubjectContext)
|
||||
{
|
||||
BOOLEAN CopyOnOpen, EffectiveOnly;
|
||||
PAGED_CODE();
|
||||
|
||||
/* Save the unique ID */
|
||||
SubjectContext->ProcessAuditId = Process->UniqueProcessId;
|
||||
|
||||
/* Check if we have a thread */
|
||||
if (!Thread)
|
||||
{
|
||||
/* We don't, so no token */
|
||||
SubjectContext->ClientToken = NULL;
|
||||
}
|
||||
else
|
||||
{
|
||||
/* Get the impersonation token */
|
||||
SubjectContext->ClientToken = PsReferenceImpersonationToken(Thread,
|
||||
&CopyOnOpen,
|
||||
&EffectiveOnly,
|
||||
&SubjectContext->ImpersonationLevel);
|
||||
}
|
||||
|
||||
/* Get the primary token */
|
||||
SubjectContext->PrimaryToken = PsReferencePrimaryToken(Process);
|
||||
}
|
||||
|
||||
/*
|
||||
* @implemented
|
||||
*/
|
||||
VOID
|
||||
NTAPI
|
||||
SeCaptureSubjectContext(OUT PSECURITY_SUBJECT_CONTEXT SubjectContext)
|
||||
{
|
||||
/* Call the extended API */
|
||||
SeCaptureSubjectContextEx(PsGetCurrentThread(),
|
||||
PsGetCurrentProcess(),
|
||||
SubjectContext);
|
||||
}
|
||||
|
||||
/*
|
||||
* @implemented
|
||||
*/
|
||||
VOID
|
||||
NTAPI
|
||||
SeLockSubjectContext(IN PSECURITY_SUBJECT_CONTEXT SubjectContext)
|
||||
{
|
||||
PAGED_CODE();
|
||||
|
||||
KeEnterCriticalRegion();
|
||||
ExAcquireResourceExclusiveLite(&SepSubjectContextLock, TRUE);
|
||||
}
|
||||
|
||||
/*
|
||||
* @implemented
|
||||
*/
|
||||
VOID
|
||||
NTAPI
|
||||
SeUnlockSubjectContext(IN PSECURITY_SUBJECT_CONTEXT SubjectContext)
|
||||
{
|
||||
PAGED_CODE();
|
||||
|
||||
ExReleaseResourceLite(&SepSubjectContextLock);
|
||||
KeLeaveCriticalRegion();
|
||||
}
|
||||
|
||||
/*
|
||||
* @implemented
|
||||
*/
|
||||
VOID
|
||||
NTAPI
|
||||
SeReleaseSubjectContext(IN PSECURITY_SUBJECT_CONTEXT SubjectContext)
|
||||
{
|
||||
PAGED_CODE();
|
||||
|
||||
if (SubjectContext->PrimaryToken != NULL)
|
||||
{
|
||||
ObFastDereferenceObject(&PsGetCurrentProcess()->Token, SubjectContext->PrimaryToken);
|
||||
}
|
||||
|
||||
if (SubjectContext->ClientToken != NULL)
|
||||
{
|
||||
ObDereferenceObject(SubjectContext->ClientToken);
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* @implemented
|
||||
*/
|
||||
NTSTATUS
|
||||
NTAPI
|
||||
SeCreateAccessStateEx(IN PETHREAD Thread,
|
||||
|
@ -83,7 +183,7 @@ SeCreateAccessState(IN OUT PACCESS_STATE AccessState,
|
|||
{
|
||||
PAGED_CODE();
|
||||
|
||||
/* Call the internal API */
|
||||
/* Call the extended API */
|
||||
return SeCreateAccessStateEx(PsGetCurrentThread(),
|
||||
PsGetCurrentProcess(),
|
||||
AccessState,
|
||||
|
@ -127,8 +227,8 @@ SeDeleteAccessState(IN PACCESS_STATE AccessState)
|
|||
*/
|
||||
VOID
|
||||
STDCALL
|
||||
SeSetAccessStateGenericMapping(PACCESS_STATE AccessState,
|
||||
PGENERIC_MAPPING GenericMapping)
|
||||
SeSetAccessStateGenericMapping(IN PACCESS_STATE AccessState,
|
||||
IN PGENERIC_MAPPING GenericMapping)
|
||||
{
|
||||
PAGED_CODE();
|
||||
|
||||
|
@ -136,4 +236,137 @@ SeSetAccessStateGenericMapping(PACCESS_STATE AccessState,
|
|||
((PAUX_DATA)AccessState->AuxData)->GenericMapping = *GenericMapping;
|
||||
}
|
||||
|
||||
/*
|
||||
* @implemented
|
||||
*/
|
||||
NTSTATUS
|
||||
NTAPI
|
||||
SeCreateClientSecurity(IN PETHREAD Thread,
|
||||
IN PSECURITY_QUALITY_OF_SERVICE Qos,
|
||||
IN BOOLEAN RemoteClient,
|
||||
OUT PSECURITY_CLIENT_CONTEXT ClientContext)
|
||||
{
|
||||
TOKEN_TYPE TokenType;
|
||||
BOOLEAN ThreadEffectiveOnly;
|
||||
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
|
||||
PACCESS_TOKEN Token;
|
||||
NTSTATUS Status;
|
||||
PACCESS_TOKEN NewToken;
|
||||
PAGED_CODE();
|
||||
|
||||
Token = PsReferenceEffectiveToken(Thread,
|
||||
&TokenType,
|
||||
&ThreadEffectiveOnly,
|
||||
&ImpersonationLevel);
|
||||
if (TokenType != TokenImpersonation)
|
||||
{
|
||||
ClientContext->DirectAccessEffectiveOnly = Qos->EffectiveOnly;
|
||||
}
|
||||
else
|
||||
{
|
||||
if (Qos->ImpersonationLevel > ImpersonationLevel)
|
||||
{
|
||||
if (Token) ObDereferenceObject(Token);
|
||||
return STATUS_BAD_IMPERSONATION_LEVEL;
|
||||
}
|
||||
|
||||
if ((ImpersonationLevel == SecurityAnonymous) ||
|
||||
(ImpersonationLevel == SecurityIdentification) ||
|
||||
((RemoteClient) && (ImpersonationLevel != SecurityDelegation)))
|
||||
{
|
||||
if (Token) ObDereferenceObject(Token);
|
||||
return STATUS_BAD_IMPERSONATION_LEVEL;
|
||||
}
|
||||
|
||||
ClientContext->DirectAccessEffectiveOnly = ((ThreadEffectiveOnly) ||
|
||||
(Qos->EffectiveOnly)) ?
|
||||
TRUE : FALSE;
|
||||
}
|
||||
|
||||
if (Qos->ContextTrackingMode == SECURITY_STATIC_TRACKING)
|
||||
{
|
||||
ClientContext->DirectlyAccessClientToken = FALSE;
|
||||
Status = SeCopyClientToken(Token, ImpersonationLevel, 0, &NewToken);
|
||||
if (!NT_SUCCESS(Status)) return Status;
|
||||
}
|
||||
else
|
||||
{
|
||||
ClientContext->DirectlyAccessClientToken = TRUE;
|
||||
if (RemoteClient != FALSE)
|
||||
{
|
||||
#if 0
|
||||
SeGetTokenControlInformation(Token,
|
||||
&ClientContext->ClientTokenControl);
|
||||
#endif
|
||||
}
|
||||
|
||||
NewToken = Token;
|
||||
}
|
||||
|
||||
ClientContext->SecurityQos.Length = sizeof(SECURITY_QUALITY_OF_SERVICE);
|
||||
ClientContext->SecurityQos.ImpersonationLevel = Qos->ImpersonationLevel;
|
||||
ClientContext->SecurityQos.ContextTrackingMode = Qos->ContextTrackingMode;
|
||||
ClientContext->SecurityQos.EffectiveOnly = Qos->EffectiveOnly;
|
||||
ClientContext->ServerIsRemote = RemoteClient;
|
||||
ClientContext->ClientToken = NewToken;
|
||||
return STATUS_SUCCESS;
|
||||
}
|
||||
|
||||
/*
|
||||
* @unimplemented
|
||||
*/
|
||||
NTSTATUS
|
||||
NTAPI
|
||||
SeCreateClientSecurityFromSubjectContext(IN PSECURITY_SUBJECT_CONTEXT SubjectContext,
|
||||
IN PSECURITY_QUALITY_OF_SERVICE ClientSecurityQos,
|
||||
IN BOOLEAN ServerIsRemote,
|
||||
OUT PSECURITY_CLIENT_CONTEXT ClientContext)
|
||||
{
|
||||
UNIMPLEMENTED;
|
||||
return STATUS_NOT_IMPLEMENTED;
|
||||
}
|
||||
|
||||
/*
|
||||
* @unimplemented
|
||||
*/
|
||||
NTSTATUS
|
||||
NTAPI
|
||||
SeImpersonateClientEx(IN PSECURITY_CLIENT_CONTEXT ClientContext,
|
||||
IN PETHREAD ServerThread OPTIONAL)
|
||||
{
|
||||
UNIMPLEMENTED;
|
||||
return STATUS_NOT_IMPLEMENTED;
|
||||
}
|
||||
|
||||
/*
|
||||
* @implemented
|
||||
*/
|
||||
VOID
|
||||
NTAPI
|
||||
SeImpersonateClient(IN PSECURITY_CLIENT_CONTEXT ClientContext,
|
||||
IN PETHREAD ServerThread OPTIONAL)
|
||||
{
|
||||
UCHAR b;
|
||||
|
||||
PAGED_CODE();
|
||||
|
||||
if (ClientContext->DirectlyAccessClientToken == FALSE)
|
||||
{
|
||||
b = ClientContext->SecurityQos.EffectiveOnly;
|
||||
}
|
||||
else
|
||||
{
|
||||
b = ClientContext->DirectAccessEffectiveOnly;
|
||||
}
|
||||
if (ServerThread == NULL)
|
||||
{
|
||||
ServerThread = PsGetCurrentThread();
|
||||
}
|
||||
PsImpersonateClient(ServerThread,
|
||||
ClientContext->ClientToken,
|
||||
1,
|
||||
b,
|
||||
ClientContext->SecurityQos.ImpersonationLevel);
|
||||
}
|
||||
|
||||
/* EOF */
|
||||
|
|
|
@ -7,218 +7,216 @@
|
|||
* PROGRAMMERS: David Welch <welch@cwcom.net>
|
||||
*/
|
||||
|
||||
/* INCLUDES *****************************************************************/
|
||||
/* INCLUDES *******************************************************************/
|
||||
|
||||
#include <ntoskrnl.h>
|
||||
#include <internal/debug.h>
|
||||
#define NDEBUG
|
||||
#include <debug.h>
|
||||
|
||||
#if defined (ALLOC_PRAGMA)
|
||||
#pragma alloc_text(INIT, SepInitDACLs)
|
||||
#endif
|
||||
|
||||
|
||||
/* GLOBALS ******************************************************************/
|
||||
/* GLOBALS ********************************************************************/
|
||||
|
||||
PACL SePublicDefaultDacl = NULL;
|
||||
PACL SeSystemDefaultDacl = NULL;
|
||||
|
||||
PACL SePublicDefaultUnrestrictedDacl = NULL;
|
||||
PACL SePublicOpenDacl = NULL;
|
||||
PACL SePublicOpenUnrestrictedDacl = NULL;
|
||||
PACL SeUnrestrictedDacl = NULL;
|
||||
|
||||
|
||||
/* FUNCTIONS ****************************************************************/
|
||||
/* FUNCTIONS ******************************************************************/
|
||||
|
||||
BOOLEAN
|
||||
INIT_FUNCTION
|
||||
NTAPI
|
||||
SepInitDACLs(VOID)
|
||||
{
|
||||
ULONG AclLength;
|
||||
ULONG AclLength;
|
||||
|
||||
/* create PublicDefaultDacl */
|
||||
AclLength = sizeof(ACL) +
|
||||
(sizeof(ACE) + RtlLengthSid(SeWorldSid)) +
|
||||
(sizeof(ACE) + RtlLengthSid(SeLocalSystemSid));
|
||||
/* create PublicDefaultDacl */
|
||||
AclLength = sizeof(ACL) +
|
||||
(sizeof(ACE) + RtlLengthSid(SeWorldSid)) +
|
||||
(sizeof(ACE) + RtlLengthSid(SeLocalSystemSid));
|
||||
|
||||
SePublicDefaultDacl = ExAllocatePoolWithTag(PagedPool,
|
||||
AclLength,
|
||||
TAG_ACL);
|
||||
if (SePublicDefaultDacl == NULL)
|
||||
return FALSE;
|
||||
SePublicDefaultDacl = ExAllocatePoolWithTag(PagedPool,
|
||||
AclLength,
|
||||
TAG_ACL);
|
||||
if (SePublicDefaultDacl == NULL)
|
||||
return FALSE;
|
||||
|
||||
RtlCreateAcl(SePublicDefaultDacl,
|
||||
AclLength,
|
||||
ACL_REVISION);
|
||||
RtlCreateAcl(SePublicDefaultDacl,
|
||||
AclLength,
|
||||
ACL_REVISION);
|
||||
|
||||
RtlAddAccessAllowedAce(SePublicDefaultDacl,
|
||||
ACL_REVISION,
|
||||
GENERIC_EXECUTE,
|
||||
SeWorldSid);
|
||||
RtlAddAccessAllowedAce(SePublicDefaultDacl,
|
||||
ACL_REVISION,
|
||||
GENERIC_EXECUTE,
|
||||
SeWorldSid);
|
||||
|
||||
RtlAddAccessAllowedAce(SePublicDefaultDacl,
|
||||
ACL_REVISION,
|
||||
GENERIC_ALL,
|
||||
SeLocalSystemSid);
|
||||
RtlAddAccessAllowedAce(SePublicDefaultDacl,
|
||||
ACL_REVISION,
|
||||
GENERIC_ALL,
|
||||
SeLocalSystemSid);
|
||||
|
||||
|
||||
/* create PublicDefaultUnrestrictedDacl */
|
||||
AclLength = sizeof(ACL) +
|
||||
(sizeof(ACE) + RtlLengthSid(SeWorldSid)) +
|
||||
(sizeof(ACE) + RtlLengthSid(SeLocalSystemSid)) +
|
||||
(sizeof(ACE) + RtlLengthSid(SeAliasAdminsSid)) +
|
||||
(sizeof(ACE) + RtlLengthSid(SeRestrictedCodeSid));
|
||||
/* create PublicDefaultUnrestrictedDacl */
|
||||
AclLength = sizeof(ACL) +
|
||||
(sizeof(ACE) + RtlLengthSid(SeWorldSid)) +
|
||||
(sizeof(ACE) + RtlLengthSid(SeLocalSystemSid)) +
|
||||
(sizeof(ACE) + RtlLengthSid(SeAliasAdminsSid)) +
|
||||
(sizeof(ACE) + RtlLengthSid(SeRestrictedCodeSid));
|
||||
|
||||
SePublicDefaultUnrestrictedDacl = ExAllocatePoolWithTag(PagedPool,
|
||||
AclLength,
|
||||
TAG_ACL);
|
||||
if (SePublicDefaultUnrestrictedDacl == NULL)
|
||||
return FALSE;
|
||||
SePublicDefaultUnrestrictedDacl = ExAllocatePoolWithTag(PagedPool,
|
||||
AclLength,
|
||||
TAG_ACL);
|
||||
if (SePublicDefaultUnrestrictedDacl == NULL)
|
||||
return FALSE;
|
||||
|
||||
RtlCreateAcl(SePublicDefaultUnrestrictedDacl,
|
||||
AclLength,
|
||||
ACL_REVISION);
|
||||
RtlCreateAcl(SePublicDefaultUnrestrictedDacl,
|
||||
AclLength,
|
||||
ACL_REVISION);
|
||||
|
||||
RtlAddAccessAllowedAce(SePublicDefaultUnrestrictedDacl,
|
||||
ACL_REVISION,
|
||||
GENERIC_EXECUTE,
|
||||
SeWorldSid);
|
||||
RtlAddAccessAllowedAce(SePublicDefaultUnrestrictedDacl,
|
||||
ACL_REVISION,
|
||||
GENERIC_EXECUTE,
|
||||
SeWorldSid);
|
||||
|
||||
RtlAddAccessAllowedAce(SePublicDefaultUnrestrictedDacl,
|
||||
ACL_REVISION,
|
||||
GENERIC_ALL,
|
||||
SeLocalSystemSid);
|
||||
RtlAddAccessAllowedAce(SePublicDefaultUnrestrictedDacl,
|
||||
ACL_REVISION,
|
||||
GENERIC_ALL,
|
||||
SeLocalSystemSid);
|
||||
|
||||
RtlAddAccessAllowedAce(SePublicDefaultUnrestrictedDacl,
|
||||
ACL_REVISION,
|
||||
GENERIC_ALL,
|
||||
SeAliasAdminsSid);
|
||||
RtlAddAccessAllowedAce(SePublicDefaultUnrestrictedDacl,
|
||||
ACL_REVISION,
|
||||
GENERIC_ALL,
|
||||
SeAliasAdminsSid);
|
||||
|
||||
RtlAddAccessAllowedAce(SePublicDefaultUnrestrictedDacl,
|
||||
ACL_REVISION,
|
||||
GENERIC_READ | GENERIC_EXECUTE | READ_CONTROL,
|
||||
SeRestrictedCodeSid);
|
||||
RtlAddAccessAllowedAce(SePublicDefaultUnrestrictedDacl,
|
||||
ACL_REVISION,
|
||||
GENERIC_READ | GENERIC_EXECUTE | READ_CONTROL,
|
||||
SeRestrictedCodeSid);
|
||||
|
||||
/* create PublicOpenDacl */
|
||||
AclLength = sizeof(ACL) +
|
||||
(sizeof(ACE) + RtlLengthSid(SeWorldSid)) +
|
||||
(sizeof(ACE) + RtlLengthSid(SeLocalSystemSid)) +
|
||||
(sizeof(ACE) + RtlLengthSid(SeAliasAdminsSid));
|
||||
/* create PublicOpenDacl */
|
||||
AclLength = sizeof(ACL) +
|
||||
(sizeof(ACE) + RtlLengthSid(SeWorldSid)) +
|
||||
(sizeof(ACE) + RtlLengthSid(SeLocalSystemSid)) +
|
||||
(sizeof(ACE) + RtlLengthSid(SeAliasAdminsSid));
|
||||
|
||||
SePublicOpenDacl = ExAllocatePoolWithTag(PagedPool,
|
||||
AclLength,
|
||||
TAG_ACL);
|
||||
if (SePublicOpenDacl == NULL)
|
||||
return FALSE;
|
||||
SePublicOpenDacl = ExAllocatePoolWithTag(PagedPool,
|
||||
AclLength,
|
||||
TAG_ACL);
|
||||
if (SePublicOpenDacl == NULL)
|
||||
return FALSE;
|
||||
|
||||
RtlCreateAcl(SePublicOpenDacl,
|
||||
AclLength,
|
||||
ACL_REVISION);
|
||||
RtlCreateAcl(SePublicOpenDacl,
|
||||
AclLength,
|
||||
ACL_REVISION);
|
||||
|
||||
RtlAddAccessAllowedAce(SePublicOpenDacl,
|
||||
ACL_REVISION,
|
||||
GENERIC_READ | GENERIC_WRITE | GENERIC_EXECUTE,
|
||||
SeWorldSid);
|
||||
RtlAddAccessAllowedAce(SePublicOpenDacl,
|
||||
ACL_REVISION,
|
||||
GENERIC_READ | GENERIC_WRITE | GENERIC_EXECUTE,
|
||||
SeWorldSid);
|
||||
|
||||
RtlAddAccessAllowedAce(SePublicOpenDacl,
|
||||
ACL_REVISION,
|
||||
GENERIC_ALL,
|
||||
SeLocalSystemSid);
|
||||
RtlAddAccessAllowedAce(SePublicOpenDacl,
|
||||
ACL_REVISION,
|
||||
GENERIC_ALL,
|
||||
SeLocalSystemSid);
|
||||
|
||||
RtlAddAccessAllowedAce(SePublicOpenDacl,
|
||||
ACL_REVISION,
|
||||
GENERIC_ALL,
|
||||
SeAliasAdminsSid);
|
||||
RtlAddAccessAllowedAce(SePublicOpenDacl,
|
||||
ACL_REVISION,
|
||||
GENERIC_ALL,
|
||||
SeAliasAdminsSid);
|
||||
|
||||
/* create PublicOpenUnrestrictedDacl */
|
||||
AclLength = sizeof(ACL) +
|
||||
(sizeof(ACE) + RtlLengthSid(SeWorldSid)) +
|
||||
(sizeof(ACE) + RtlLengthSid(SeLocalSystemSid)) +
|
||||
(sizeof(ACE) + RtlLengthSid(SeAliasAdminsSid)) +
|
||||
(sizeof(ACE) + RtlLengthSid(SeRestrictedCodeSid));
|
||||
/* create PublicOpenUnrestrictedDacl */
|
||||
AclLength = sizeof(ACL) +
|
||||
(sizeof(ACE) + RtlLengthSid(SeWorldSid)) +
|
||||
(sizeof(ACE) + RtlLengthSid(SeLocalSystemSid)) +
|
||||
(sizeof(ACE) + RtlLengthSid(SeAliasAdminsSid)) +
|
||||
(sizeof(ACE) + RtlLengthSid(SeRestrictedCodeSid));
|
||||
|
||||
SePublicOpenUnrestrictedDacl = ExAllocatePoolWithTag(PagedPool,
|
||||
AclLength,
|
||||
TAG_ACL);
|
||||
if (SePublicOpenUnrestrictedDacl == NULL)
|
||||
return FALSE;
|
||||
SePublicOpenUnrestrictedDacl = ExAllocatePoolWithTag(PagedPool,
|
||||
AclLength,
|
||||
TAG_ACL);
|
||||
if (SePublicOpenUnrestrictedDacl == NULL)
|
||||
return FALSE;
|
||||
|
||||
RtlCreateAcl(SePublicOpenUnrestrictedDacl,
|
||||
AclLength,
|
||||
ACL_REVISION);
|
||||
RtlCreateAcl(SePublicOpenUnrestrictedDacl,
|
||||
AclLength,
|
||||
ACL_REVISION);
|
||||
|
||||
RtlAddAccessAllowedAce(SePublicOpenUnrestrictedDacl,
|
||||
ACL_REVISION,
|
||||
GENERIC_ALL,
|
||||
SeWorldSid);
|
||||
RtlAddAccessAllowedAce(SePublicOpenUnrestrictedDacl,
|
||||
ACL_REVISION,
|
||||
GENERIC_ALL,
|
||||
SeWorldSid);
|
||||
|
||||
RtlAddAccessAllowedAce(SePublicOpenUnrestrictedDacl,
|
||||
ACL_REVISION,
|
||||
GENERIC_ALL,
|
||||
SeLocalSystemSid);
|
||||
RtlAddAccessAllowedAce(SePublicOpenUnrestrictedDacl,
|
||||
ACL_REVISION,
|
||||
GENERIC_ALL,
|
||||
SeLocalSystemSid);
|
||||
|
||||
RtlAddAccessAllowedAce(SePublicOpenUnrestrictedDacl,
|
||||
ACL_REVISION,
|
||||
GENERIC_ALL,
|
||||
SeAliasAdminsSid);
|
||||
RtlAddAccessAllowedAce(SePublicOpenUnrestrictedDacl,
|
||||
ACL_REVISION,
|
||||
GENERIC_ALL,
|
||||
SeAliasAdminsSid);
|
||||
|
||||
RtlAddAccessAllowedAce(SePublicOpenUnrestrictedDacl,
|
||||
ACL_REVISION,
|
||||
GENERIC_READ | GENERIC_EXECUTE,
|
||||
SeRestrictedCodeSid);
|
||||
RtlAddAccessAllowedAce(SePublicOpenUnrestrictedDacl,
|
||||
ACL_REVISION,
|
||||
GENERIC_READ | GENERIC_EXECUTE,
|
||||
SeRestrictedCodeSid);
|
||||
|
||||
/* create SystemDefaultDacl */
|
||||
AclLength = sizeof(ACL) +
|
||||
(sizeof(ACE) + RtlLengthSid(SeLocalSystemSid)) +
|
||||
(sizeof(ACE) + RtlLengthSid(SeAliasAdminsSid));
|
||||
/* create SystemDefaultDacl */
|
||||
AclLength = sizeof(ACL) +
|
||||
(sizeof(ACE) + RtlLengthSid(SeLocalSystemSid)) +
|
||||
(sizeof(ACE) + RtlLengthSid(SeAliasAdminsSid));
|
||||
|
||||
SeSystemDefaultDacl = ExAllocatePoolWithTag(PagedPool,
|
||||
AclLength,
|
||||
TAG_ACL);
|
||||
if (SeSystemDefaultDacl == NULL)
|
||||
return FALSE;
|
||||
SeSystemDefaultDacl = ExAllocatePoolWithTag(PagedPool,
|
||||
AclLength,
|
||||
TAG_ACL);
|
||||
if (SeSystemDefaultDacl == NULL)
|
||||
return FALSE;
|
||||
|
||||
RtlCreateAcl(SeSystemDefaultDacl,
|
||||
AclLength,
|
||||
ACL_REVISION);
|
||||
RtlCreateAcl(SeSystemDefaultDacl,
|
||||
AclLength,
|
||||
ACL_REVISION);
|
||||
|
||||
RtlAddAccessAllowedAce(SeSystemDefaultDacl,
|
||||
ACL_REVISION,
|
||||
GENERIC_ALL,
|
||||
SeLocalSystemSid);
|
||||
RtlAddAccessAllowedAce(SeSystemDefaultDacl,
|
||||
ACL_REVISION,
|
||||
GENERIC_ALL,
|
||||
SeLocalSystemSid);
|
||||
|
||||
RtlAddAccessAllowedAce(SeSystemDefaultDacl,
|
||||
ACL_REVISION,
|
||||
GENERIC_READ | GENERIC_EXECUTE | READ_CONTROL,
|
||||
SeAliasAdminsSid);
|
||||
RtlAddAccessAllowedAce(SeSystemDefaultDacl,
|
||||
ACL_REVISION,
|
||||
GENERIC_READ | GENERIC_EXECUTE | READ_CONTROL,
|
||||
SeAliasAdminsSid);
|
||||
|
||||
/* create UnrestrictedDacl */
|
||||
AclLength = sizeof(ACL) +
|
||||
(sizeof(ACE) + RtlLengthSid(SeWorldSid)) +
|
||||
(sizeof(ACE) + RtlLengthSid(SeRestrictedCodeSid));
|
||||
/* create UnrestrictedDacl */
|
||||
AclLength = sizeof(ACL) +
|
||||
(sizeof(ACE) + RtlLengthSid(SeWorldSid)) +
|
||||
(sizeof(ACE) + RtlLengthSid(SeRestrictedCodeSid));
|
||||
|
||||
SeUnrestrictedDacl = ExAllocatePoolWithTag(PagedPool,
|
||||
AclLength,
|
||||
TAG_ACL);
|
||||
if (SeUnrestrictedDacl == NULL)
|
||||
return FALSE;
|
||||
SeUnrestrictedDacl = ExAllocatePoolWithTag(PagedPool,
|
||||
AclLength,
|
||||
TAG_ACL);
|
||||
if (SeUnrestrictedDacl == NULL)
|
||||
return FALSE;
|
||||
|
||||
RtlCreateAcl(SeUnrestrictedDacl,
|
||||
AclLength,
|
||||
ACL_REVISION);
|
||||
RtlCreateAcl(SeUnrestrictedDacl,
|
||||
AclLength,
|
||||
ACL_REVISION);
|
||||
|
||||
RtlAddAccessAllowedAce(SeUnrestrictedDacl,
|
||||
ACL_REVISION,
|
||||
GENERIC_ALL,
|
||||
SeWorldSid);
|
||||
RtlAddAccessAllowedAce(SeUnrestrictedDacl,
|
||||
ACL_REVISION,
|
||||
GENERIC_ALL,
|
||||
SeWorldSid);
|
||||
|
||||
RtlAddAccessAllowedAce(SeUnrestrictedDacl,
|
||||
ACL_REVISION,
|
||||
GENERIC_READ | GENERIC_EXECUTE,
|
||||
SeRestrictedCodeSid);
|
||||
RtlAddAccessAllowedAce(SeUnrestrictedDacl,
|
||||
ACL_REVISION,
|
||||
GENERIC_READ | GENERIC_EXECUTE,
|
||||
SeRestrictedCodeSid);
|
||||
|
||||
return(TRUE);
|
||||
return(TRUE);
|
||||
}
|
||||
|
||||
NTSTATUS STDCALL
|
||||
|
@ -226,44 +224,44 @@ SepCreateImpersonationTokenDacl(PTOKEN Token,
|
|||
PTOKEN PrimaryToken,
|
||||
PACL *Dacl)
|
||||
{
|
||||
ULONG AclLength;
|
||||
PVOID TokenDacl;
|
||||
ULONG AclLength;
|
||||
PVOID TokenDacl;
|
||||
|
||||
PAGED_CODE();
|
||||
PAGED_CODE();
|
||||
|
||||
AclLength = sizeof(ACL) +
|
||||
(sizeof(ACE) + RtlLengthSid(SeAliasAdminsSid)) +
|
||||
(sizeof(ACE) + RtlLengthSid(SeRestrictedCodeSid)) +
|
||||
(sizeof(ACE) + RtlLengthSid(SeLocalSystemSid)) +
|
||||
(sizeof(ACE) + RtlLengthSid(Token->UserAndGroups->Sid)) +
|
||||
(sizeof(ACE) + RtlLengthSid(PrimaryToken->UserAndGroups->Sid));
|
||||
AclLength = sizeof(ACL) +
|
||||
(sizeof(ACE) + RtlLengthSid(SeAliasAdminsSid)) +
|
||||
(sizeof(ACE) + RtlLengthSid(SeRestrictedCodeSid)) +
|
||||
(sizeof(ACE) + RtlLengthSid(SeLocalSystemSid)) +
|
||||
(sizeof(ACE) + RtlLengthSid(Token->UserAndGroups->Sid)) +
|
||||
(sizeof(ACE) + RtlLengthSid(PrimaryToken->UserAndGroups->Sid));
|
||||
|
||||
TokenDacl = ExAllocatePoolWithTag(PagedPool, AclLength, TAG_ACL);
|
||||
if (TokenDacl == NULL)
|
||||
TokenDacl = ExAllocatePoolWithTag(PagedPool, AclLength, TAG_ACL);
|
||||
if (TokenDacl == NULL)
|
||||
{
|
||||
return STATUS_INSUFFICIENT_RESOURCES;
|
||||
return STATUS_INSUFFICIENT_RESOURCES;
|
||||
}
|
||||
|
||||
RtlCreateAcl(TokenDacl, AclLength, ACL_REVISION);
|
||||
RtlAddAccessAllowedAce(TokenDacl, ACL_REVISION, GENERIC_ALL,
|
||||
Token->UserAndGroups->Sid);
|
||||
RtlAddAccessAllowedAce(TokenDacl, ACL_REVISION, GENERIC_ALL,
|
||||
PrimaryToken->UserAndGroups->Sid);
|
||||
RtlAddAccessAllowedAce(TokenDacl, ACL_REVISION, GENERIC_ALL,
|
||||
SeAliasAdminsSid);
|
||||
RtlAddAccessAllowedAce(TokenDacl, ACL_REVISION, GENERIC_ALL,
|
||||
SeLocalSystemSid);
|
||||
RtlCreateAcl(TokenDacl, AclLength, ACL_REVISION);
|
||||
RtlAddAccessAllowedAce(TokenDacl, ACL_REVISION, GENERIC_ALL,
|
||||
Token->UserAndGroups->Sid);
|
||||
RtlAddAccessAllowedAce(TokenDacl, ACL_REVISION, GENERIC_ALL,
|
||||
PrimaryToken->UserAndGroups->Sid);
|
||||
RtlAddAccessAllowedAce(TokenDacl, ACL_REVISION, GENERIC_ALL,
|
||||
SeAliasAdminsSid);
|
||||
RtlAddAccessAllowedAce(TokenDacl, ACL_REVISION, GENERIC_ALL,
|
||||
SeLocalSystemSid);
|
||||
|
||||
/* FIXME */
|
||||
/* FIXME */
|
||||
#if 0
|
||||
if (Token->RestrictedSids != NULL || PrimaryToken->RestrictedSids != NULL)
|
||||
if (Token->RestrictedSids != NULL || PrimaryToken->RestrictedSids != NULL)
|
||||
{
|
||||
RtlAddAccessAllowedAce(TokenDacl, ACL_REVISION, GENERIC_ALL,
|
||||
SeRestrictedCodeSid);
|
||||
RtlAddAccessAllowedAce(TokenDacl, ACL_REVISION, GENERIC_ALL,
|
||||
SeRestrictedCodeSid);
|
||||
}
|
||||
#endif
|
||||
|
||||
return STATUS_SUCCESS;
|
||||
return STATUS_SUCCESS;
|
||||
}
|
||||
|
||||
NTSTATUS
|
||||
|
@ -274,83 +272,83 @@ SepCaptureAcl(IN PACL InputAcl,
|
|||
IN BOOLEAN CaptureIfKernel,
|
||||
OUT PACL *CapturedAcl)
|
||||
{
|
||||
PACL NewAcl;
|
||||
ULONG AclSize = 0;
|
||||
NTSTATUS Status = STATUS_SUCCESS;
|
||||
PACL NewAcl;
|
||||
ULONG AclSize = 0;
|
||||
NTSTATUS Status = STATUS_SUCCESS;
|
||||
|
||||
PAGED_CODE();
|
||||
PAGED_CODE();
|
||||
|
||||
if(AccessMode != KernelMode)
|
||||
{
|
||||
_SEH_TRY
|
||||
if(AccessMode != KernelMode)
|
||||
{
|
||||
ProbeForRead(InputAcl,
|
||||
sizeof(ACL),
|
||||
sizeof(ULONG));
|
||||
AclSize = InputAcl->AclSize;
|
||||
ProbeForRead(InputAcl,
|
||||
AclSize,
|
||||
sizeof(ULONG));
|
||||
}
|
||||
_SEH_HANDLE
|
||||
{
|
||||
Status = _SEH_GetExceptionCode();
|
||||
}
|
||||
_SEH_END;
|
||||
|
||||
if(NT_SUCCESS(Status))
|
||||
{
|
||||
NewAcl = ExAllocatePool(PoolType,
|
||||
AclSize);
|
||||
if(NewAcl != NULL)
|
||||
{
|
||||
_SEH_TRY
|
||||
{
|
||||
RtlCopyMemory(NewAcl,
|
||||
InputAcl,
|
||||
AclSize);
|
||||
|
||||
*CapturedAcl = NewAcl;
|
||||
ProbeForRead(InputAcl,
|
||||
sizeof(ACL),
|
||||
sizeof(ULONG));
|
||||
AclSize = InputAcl->AclSize;
|
||||
ProbeForRead(InputAcl,
|
||||
AclSize,
|
||||
sizeof(ULONG));
|
||||
}
|
||||
_SEH_HANDLE
|
||||
{
|
||||
ExFreePool(NewAcl);
|
||||
Status = _SEH_GetExceptionCode();
|
||||
Status = _SEH_GetExceptionCode();
|
||||
}
|
||||
_SEH_END;
|
||||
}
|
||||
else
|
||||
{
|
||||
Status = STATUS_INSUFFICIENT_RESOURCES;
|
||||
}
|
||||
|
||||
if(NT_SUCCESS(Status))
|
||||
{
|
||||
NewAcl = ExAllocatePool(PoolType,
|
||||
AclSize);
|
||||
if(NewAcl != NULL)
|
||||
{
|
||||
_SEH_TRY
|
||||
{
|
||||
RtlCopyMemory(NewAcl,
|
||||
InputAcl,
|
||||
AclSize);
|
||||
|
||||
*CapturedAcl = NewAcl;
|
||||
}
|
||||
_SEH_HANDLE
|
||||
{
|
||||
ExFreePool(NewAcl);
|
||||
Status = _SEH_GetExceptionCode();
|
||||
}
|
||||
_SEH_END;
|
||||
}
|
||||
else
|
||||
{
|
||||
Status = STATUS_INSUFFICIENT_RESOURCES;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
else if(!CaptureIfKernel)
|
||||
{
|
||||
*CapturedAcl = InputAcl;
|
||||
}
|
||||
else
|
||||
{
|
||||
AclSize = InputAcl->AclSize;
|
||||
|
||||
NewAcl = ExAllocatePool(PoolType,
|
||||
AclSize);
|
||||
|
||||
if(NewAcl != NULL)
|
||||
else if(!CaptureIfKernel)
|
||||
{
|
||||
RtlCopyMemory(NewAcl,
|
||||
InputAcl,
|
||||
AclSize);
|
||||
|
||||
*CapturedAcl = NewAcl;
|
||||
*CapturedAcl = InputAcl;
|
||||
}
|
||||
else
|
||||
{
|
||||
Status = STATUS_INSUFFICIENT_RESOURCES;
|
||||
}
|
||||
}
|
||||
AclSize = InputAcl->AclSize;
|
||||
|
||||
return Status;
|
||||
NewAcl = ExAllocatePool(PoolType,
|
||||
AclSize);
|
||||
|
||||
if(NewAcl != NULL)
|
||||
{
|
||||
RtlCopyMemory(NewAcl,
|
||||
InputAcl,
|
||||
AclSize);
|
||||
|
||||
*CapturedAcl = NewAcl;
|
||||
}
|
||||
else
|
||||
{
|
||||
Status = STATUS_INSUFFICIENT_RESOURCES;
|
||||
}
|
||||
}
|
||||
|
||||
return Status;
|
||||
}
|
||||
|
||||
VOID
|
||||
|
@ -359,14 +357,14 @@ SepReleaseAcl(IN PACL CapturedAcl,
|
|||
IN KPROCESSOR_MODE AccessMode,
|
||||
IN BOOLEAN CaptureIfKernel)
|
||||
{
|
||||
PAGED_CODE();
|
||||
PAGED_CODE();
|
||||
|
||||
if(CapturedAcl != NULL &&
|
||||
(AccessMode != KernelMode ||
|
||||
(AccessMode == KernelMode && CaptureIfKernel)))
|
||||
{
|
||||
ExFreePool(CapturedAcl);
|
||||
}
|
||||
if(CapturedAcl != NULL &&
|
||||
(AccessMode != KernelMode ||
|
||||
(AccessMode == KernelMode && CaptureIfKernel)))
|
||||
{
|
||||
ExFreePool(CapturedAcl);
|
||||
}
|
||||
}
|
||||
|
||||
/* EOF */
|
||||
|
|
|
@ -7,12 +7,13 @@
|
|||
* PROGRAMMERS: Eric Kohl <eric.kohl@t-online.de>
|
||||
*/
|
||||
|
||||
/* INCLUDES *****************************************************************/
|
||||
/* INCLUDES *******************************************************************/
|
||||
|
||||
#include <ntoskrnl.h>
|
||||
#include <internal/debug.h>
|
||||
#define NDEBUG
|
||||
#include <debug.h>
|
||||
|
||||
/* INTERNAL *****************************************************************/
|
||||
/* PRIVATE FUNCTIONS***********************************************************/
|
||||
|
||||
BOOLEAN
|
||||
NTAPI
|
||||
|
@ -179,101 +180,16 @@ SeLocateProcessImageName(IN PEPROCESS Process,
|
|||
return Status;
|
||||
}
|
||||
|
||||
/* FUNCTIONS ****************************************************************/
|
||||
|
||||
NTSTATUS
|
||||
NTAPI
|
||||
NtAccessCheckAndAuditAlarm(IN PUNICODE_STRING SubsystemName,
|
||||
IN HANDLE HandleId,
|
||||
IN PUNICODE_STRING ObjectTypeName,
|
||||
IN PUNICODE_STRING ObjectName,
|
||||
IN PSECURITY_DESCRIPTOR SecurityDescriptor,
|
||||
IN ACCESS_MASK DesiredAccess,
|
||||
IN PGENERIC_MAPPING GenericMapping,
|
||||
IN BOOLEAN ObjectCreation,
|
||||
OUT PACCESS_MASK GrantedAccess,
|
||||
OUT PNTSTATUS AccessStatus,
|
||||
OUT PBOOLEAN GenerateOnClose)
|
||||
{
|
||||
UNIMPLEMENTED;
|
||||
return STATUS_NOT_IMPLEMENTED;
|
||||
}
|
||||
|
||||
|
||||
NTSTATUS STDCALL
|
||||
NtCloseObjectAuditAlarm(IN PUNICODE_STRING SubsystemName,
|
||||
IN PVOID HandleId,
|
||||
IN BOOLEAN GenerateOnClose)
|
||||
{
|
||||
UNIMPLEMENTED;
|
||||
return(STATUS_NOT_IMPLEMENTED);
|
||||
}
|
||||
|
||||
|
||||
NTSTATUS STDCALL
|
||||
NtDeleteObjectAuditAlarm(IN PUNICODE_STRING SubsystemName,
|
||||
IN PVOID HandleId,
|
||||
IN BOOLEAN GenerateOnClose)
|
||||
{
|
||||
UNIMPLEMENTED;
|
||||
return(STATUS_NOT_IMPLEMENTED);
|
||||
}
|
||||
|
||||
|
||||
NTSTATUS STDCALL
|
||||
NtOpenObjectAuditAlarm(IN PUNICODE_STRING SubsystemName,
|
||||
IN PVOID HandleId,
|
||||
IN PUNICODE_STRING ObjectTypeName,
|
||||
IN PUNICODE_STRING ObjectName,
|
||||
IN PSECURITY_DESCRIPTOR SecurityDescriptor,
|
||||
IN HANDLE ClientToken,
|
||||
IN ULONG DesiredAccess,
|
||||
IN ULONG GrantedAccess,
|
||||
IN PPRIVILEGE_SET Privileges,
|
||||
IN BOOLEAN ObjectCreation,
|
||||
IN BOOLEAN AccessGranted,
|
||||
OUT PBOOLEAN GenerateOnClose)
|
||||
{
|
||||
UNIMPLEMENTED;
|
||||
return(STATUS_NOT_IMPLEMENTED);
|
||||
}
|
||||
|
||||
|
||||
NTSTATUS STDCALL
|
||||
NtPrivilegedServiceAuditAlarm(IN PUNICODE_STRING SubsystemName,
|
||||
IN PUNICODE_STRING ServiceName,
|
||||
IN HANDLE ClientToken,
|
||||
IN PPRIVILEGE_SET Privileges,
|
||||
IN BOOLEAN AccessGranted)
|
||||
{
|
||||
UNIMPLEMENTED;
|
||||
return(STATUS_NOT_IMPLEMENTED);
|
||||
}
|
||||
|
||||
|
||||
NTSTATUS STDCALL
|
||||
NtPrivilegeObjectAuditAlarm(IN PUNICODE_STRING SubsystemName,
|
||||
IN PVOID HandleId,
|
||||
IN HANDLE ClientToken,
|
||||
IN ULONG DesiredAccess,
|
||||
IN PPRIVILEGE_SET Privileges,
|
||||
IN BOOLEAN AccessGranted)
|
||||
{
|
||||
UNIMPLEMENTED;
|
||||
return(STATUS_NOT_IMPLEMENTED);
|
||||
}
|
||||
|
||||
/* PUBLIC FUNCTIONS ***********************************************************/
|
||||
|
||||
/*
|
||||
* @unimplemented
|
||||
*/
|
||||
VOID
|
||||
STDCALL
|
||||
SeAuditHardLinkCreation(
|
||||
IN PUNICODE_STRING FileName,
|
||||
IN PUNICODE_STRING LinkName,
|
||||
IN BOOLEAN bSuccess
|
||||
)
|
||||
SeAuditHardLinkCreation(IN PUNICODE_STRING FileName,
|
||||
IN PUNICODE_STRING LinkName,
|
||||
IN BOOLEAN bSuccess)
|
||||
{
|
||||
UNIMPLEMENTED;
|
||||
}
|
||||
|
@ -283,10 +199,8 @@ SeAuditHardLinkCreation(
|
|||
*/
|
||||
BOOLEAN
|
||||
STDCALL
|
||||
SeAuditingFileEvents(
|
||||
IN BOOLEAN AccessGranted,
|
||||
IN PSECURITY_DESCRIPTOR SecurityDescriptor
|
||||
)
|
||||
SeAuditingFileEvents(IN BOOLEAN AccessGranted,
|
||||
IN PSECURITY_DESCRIPTOR SecurityDescriptor)
|
||||
{
|
||||
UNIMPLEMENTED;
|
||||
return FALSE;
|
||||
|
@ -297,11 +211,9 @@ SeAuditingFileEvents(
|
|||
*/
|
||||
BOOLEAN
|
||||
STDCALL
|
||||
SeAuditingFileEventsWithContext(
|
||||
IN BOOLEAN AccessGranted,
|
||||
IN PSECURITY_DESCRIPTOR SecurityDescriptor,
|
||||
IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext OPTIONAL
|
||||
)
|
||||
SeAuditingFileEventsWithContext(IN BOOLEAN AccessGranted,
|
||||
IN PSECURITY_DESCRIPTOR SecurityDescriptor,
|
||||
IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext OPTIONAL)
|
||||
{
|
||||
UNIMPLEMENTED;
|
||||
return FALSE;
|
||||
|
@ -312,10 +224,8 @@ SeAuditingFileEventsWithContext(
|
|||
*/
|
||||
BOOLEAN
|
||||
STDCALL
|
||||
SeAuditingHardLinkEvents(
|
||||
IN BOOLEAN AccessGranted,
|
||||
IN PSECURITY_DESCRIPTOR SecurityDescriptor
|
||||
)
|
||||
SeAuditingHardLinkEvents(IN BOOLEAN AccessGranted,
|
||||
IN PSECURITY_DESCRIPTOR SecurityDescriptor)
|
||||
{
|
||||
UNIMPLEMENTED;
|
||||
return FALSE;
|
||||
|
@ -326,11 +236,9 @@ SeAuditingHardLinkEvents(
|
|||
*/
|
||||
BOOLEAN
|
||||
STDCALL
|
||||
SeAuditingHardLinkEventsWithContext(
|
||||
IN BOOLEAN AccessGranted,
|
||||
IN PSECURITY_DESCRIPTOR SecurityDescriptor,
|
||||
IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext OPTIONAL
|
||||
)
|
||||
SeAuditingHardLinkEventsWithContext(IN BOOLEAN AccessGranted,
|
||||
IN PSECURITY_DESCRIPTOR SecurityDescriptor,
|
||||
IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext OPTIONAL)
|
||||
{
|
||||
UNIMPLEMENTED;
|
||||
return FALSE;
|
||||
|
@ -341,11 +249,9 @@ SeAuditingHardLinkEventsWithContext(
|
|||
*/
|
||||
BOOLEAN
|
||||
STDCALL
|
||||
SeAuditingFileOrGlobalEvents(
|
||||
IN BOOLEAN AccessGranted,
|
||||
IN PSECURITY_DESCRIPTOR SecurityDescriptor,
|
||||
IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext
|
||||
)
|
||||
SeAuditingFileOrGlobalEvents(IN BOOLEAN AccessGranted,
|
||||
IN PSECURITY_DESCRIPTOR SecurityDescriptor,
|
||||
IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext)
|
||||
{
|
||||
UNIMPLEMENTED;
|
||||
return FALSE;
|
||||
|
@ -357,10 +263,10 @@ SeAuditingFileOrGlobalEvents(
|
|||
VOID
|
||||
STDCALL
|
||||
SeCloseObjectAuditAlarm(
|
||||
IN PVOID Object,
|
||||
IN HANDLE Handle,
|
||||
IN BOOLEAN PerformAction
|
||||
)
|
||||
IN PVOID Object,
|
||||
IN HANDLE Handle,
|
||||
IN BOOLEAN PerformAction
|
||||
)
|
||||
{
|
||||
UNIMPLEMENTED;
|
||||
}
|
||||
|
@ -370,9 +276,9 @@ SeCloseObjectAuditAlarm(
|
|||
*/
|
||||
VOID STDCALL
|
||||
SeDeleteObjectAuditAlarm(IN PVOID Object,
|
||||
IN HANDLE Handle)
|
||||
IN HANDLE Handle)
|
||||
{
|
||||
UNIMPLEMENTED;
|
||||
UNIMPLEMENTED;
|
||||
}
|
||||
|
||||
/*
|
||||
|
@ -405,16 +311,16 @@ SeOpenObjectAuditAlarm(IN PUNICODE_STRING ObjectTypeName,
|
|||
*/
|
||||
VOID STDCALL
|
||||
SeOpenObjectForDeleteAuditAlarm(IN PUNICODE_STRING ObjectTypeName,
|
||||
IN PVOID Object OPTIONAL,
|
||||
IN PUNICODE_STRING AbsoluteObjectName OPTIONAL,
|
||||
IN PSECURITY_DESCRIPTOR SecurityDescriptor,
|
||||
IN PACCESS_STATE AccessState,
|
||||
IN BOOLEAN ObjectCreated,
|
||||
IN BOOLEAN AccessGranted,
|
||||
IN KPROCESSOR_MODE AccessMode,
|
||||
OUT PBOOLEAN GenerateOnClose)
|
||||
IN PVOID Object OPTIONAL,
|
||||
IN PUNICODE_STRING AbsoluteObjectName OPTIONAL,
|
||||
IN PSECURITY_DESCRIPTOR SecurityDescriptor,
|
||||
IN PACCESS_STATE AccessState,
|
||||
IN BOOLEAN ObjectCreated,
|
||||
IN BOOLEAN AccessGranted,
|
||||
IN KPROCESSOR_MODE AccessMode,
|
||||
OUT PBOOLEAN GenerateOnClose)
|
||||
{
|
||||
UNIMPLEMENTED;
|
||||
UNIMPLEMENTED;
|
||||
}
|
||||
|
||||
/*
|
||||
|
@ -422,16 +328,98 @@ SeOpenObjectForDeleteAuditAlarm(IN PUNICODE_STRING ObjectTypeName,
|
|||
*/
|
||||
VOID
|
||||
STDCALL
|
||||
SePrivilegeObjectAuditAlarm(
|
||||
IN HANDLE Handle,
|
||||
IN PSECURITY_SUBJECT_CONTEXT SubjectContext,
|
||||
IN ACCESS_MASK DesiredAccess,
|
||||
IN PPRIVILEGE_SET Privileges,
|
||||
IN BOOLEAN AccessGranted,
|
||||
IN KPROCESSOR_MODE CurrentMode
|
||||
)
|
||||
SePrivilegeObjectAuditAlarm(IN HANDLE Handle,
|
||||
IN PSECURITY_SUBJECT_CONTEXT SubjectContext,
|
||||
IN ACCESS_MASK DesiredAccess,
|
||||
IN PPRIVILEGE_SET Privileges,
|
||||
IN BOOLEAN AccessGranted,
|
||||
IN KPROCESSOR_MODE CurrentMode)
|
||||
{
|
||||
UNIMPLEMENTED;
|
||||
}
|
||||
|
||||
/* SYSTEM CALLS ***************************************************************/
|
||||
|
||||
NTSTATUS
|
||||
NTAPI
|
||||
NtAccessCheckAndAuditAlarm(IN PUNICODE_STRING SubsystemName,
|
||||
IN HANDLE HandleId,
|
||||
IN PUNICODE_STRING ObjectTypeName,
|
||||
IN PUNICODE_STRING ObjectName,
|
||||
IN PSECURITY_DESCRIPTOR SecurityDescriptor,
|
||||
IN ACCESS_MASK DesiredAccess,
|
||||
IN PGENERIC_MAPPING GenericMapping,
|
||||
IN BOOLEAN ObjectCreation,
|
||||
OUT PACCESS_MASK GrantedAccess,
|
||||
OUT PNTSTATUS AccessStatus,
|
||||
OUT PBOOLEAN GenerateOnClose)
|
||||
{
|
||||
UNIMPLEMENTED;
|
||||
return STATUS_NOT_IMPLEMENTED;
|
||||
}
|
||||
|
||||
|
||||
NTSTATUS STDCALL
|
||||
NtCloseObjectAuditAlarm(IN PUNICODE_STRING SubsystemName,
|
||||
IN PVOID HandleId,
|
||||
IN BOOLEAN GenerateOnClose)
|
||||
{
|
||||
UNIMPLEMENTED;
|
||||
return(STATUS_NOT_IMPLEMENTED);
|
||||
}
|
||||
|
||||
|
||||
NTSTATUS STDCALL
|
||||
NtDeleteObjectAuditAlarm(IN PUNICODE_STRING SubsystemName,
|
||||
IN PVOID HandleId,
|
||||
IN BOOLEAN GenerateOnClose)
|
||||
{
|
||||
UNIMPLEMENTED;
|
||||
return(STATUS_NOT_IMPLEMENTED);
|
||||
}
|
||||
|
||||
|
||||
NTSTATUS STDCALL
|
||||
NtOpenObjectAuditAlarm(IN PUNICODE_STRING SubsystemName,
|
||||
IN PVOID HandleId,
|
||||
IN PUNICODE_STRING ObjectTypeName,
|
||||
IN PUNICODE_STRING ObjectName,
|
||||
IN PSECURITY_DESCRIPTOR SecurityDescriptor,
|
||||
IN HANDLE ClientToken,
|
||||
IN ULONG DesiredAccess,
|
||||
IN ULONG GrantedAccess,
|
||||
IN PPRIVILEGE_SET Privileges,
|
||||
IN BOOLEAN ObjectCreation,
|
||||
IN BOOLEAN AccessGranted,
|
||||
OUT PBOOLEAN GenerateOnClose)
|
||||
{
|
||||
UNIMPLEMENTED;
|
||||
return(STATUS_NOT_IMPLEMENTED);
|
||||
}
|
||||
|
||||
|
||||
NTSTATUS STDCALL
|
||||
NtPrivilegedServiceAuditAlarm(IN PUNICODE_STRING SubsystemName,
|
||||
IN PUNICODE_STRING ServiceName,
|
||||
IN HANDLE ClientToken,
|
||||
IN PPRIVILEGE_SET Privileges,
|
||||
IN BOOLEAN AccessGranted)
|
||||
{
|
||||
UNIMPLEMENTED;
|
||||
return(STATUS_NOT_IMPLEMENTED);
|
||||
}
|
||||
|
||||
|
||||
NTSTATUS STDCALL
|
||||
NtPrivilegeObjectAuditAlarm(IN PUNICODE_STRING SubsystemName,
|
||||
IN PVOID HandleId,
|
||||
IN HANDLE ClientToken,
|
||||
IN ULONG DesiredAccess,
|
||||
IN PPRIVILEGE_SET Privileges,
|
||||
IN BOOLEAN AccessGranted)
|
||||
{
|
||||
UNIMPLEMENTED;
|
||||
return(STATUS_NOT_IMPLEMENTED);
|
||||
}
|
||||
|
||||
/* EOF */
|
||||
|
|
|
@ -1,28 +1,32 @@
|
|||
/*
|
||||
* COPYRIGHT: See COPYING in the top level directory
|
||||
* PROJECT: ReactOS kernel
|
||||
* FILE: ntoskrnl/se/lsa.c
|
||||
* PURPOSE: No purpose listed.
|
||||
* FILE: ntoskrnl/se/sid.c
|
||||
* PURPOSE: Security manager
|
||||
*
|
||||
* PROGRAMMERS: No programmer listed.
|
||||
* PROGRAMMERS: David Welch <welch@cwcom.net>
|
||||
*/
|
||||
|
||||
/* INCLUDES *******************************************************************/
|
||||
|
||||
#include <ntoskrnl.h>
|
||||
#define NDEBUG
|
||||
#include <internal/debug.h>
|
||||
#include <debug.h>
|
||||
|
||||
/* FUNCTIONS ******************************************************************/
|
||||
|
||||
/*
|
||||
* @unimplemented
|
||||
*/
|
||||
NTSTATUS STDCALL LsaCallAuthenticationPackage (
|
||||
ULONG Unknown0,
|
||||
ULONG Unknown1,
|
||||
ULONG Unknown2,
|
||||
ULONG Unknown3,
|
||||
ULONG Unknown4,
|
||||
ULONG Unknown5,
|
||||
ULONG Unknown6
|
||||
)
|
||||
NTSTATUS
|
||||
NTAPI
|
||||
LsaCallAuthenticationPackage(ULONG Unknown0,
|
||||
ULONG Unknown1,
|
||||
ULONG Unknown2,
|
||||
ULONG Unknown3,
|
||||
ULONG Unknown4,
|
||||
ULONG Unknown5,
|
||||
ULONG Unknown6)
|
||||
{
|
||||
return STATUS_NOT_IMPLEMENTED;
|
||||
}
|
||||
|
@ -30,10 +34,10 @@ NTSTATUS STDCALL LsaCallAuthenticationPackage (
|
|||
/*
|
||||
* @unimplemented
|
||||
*/
|
||||
NTSTATUS STDCALL LsaDeregisterLogonProcess (
|
||||
ULONG Unknown0,
|
||||
ULONG Unknown1
|
||||
)
|
||||
NTSTATUS
|
||||
NTAPI
|
||||
LsaDeregisterLogonProcess(ULONG Unknown0,
|
||||
ULONG Unknown1)
|
||||
{
|
||||
return STATUS_NOT_IMPLEMENTED;
|
||||
}
|
||||
|
@ -41,16 +45,15 @@ NTSTATUS STDCALL LsaDeregisterLogonProcess (
|
|||
/*
|
||||
* @implemented
|
||||
*/
|
||||
NTSTATUS STDCALL LsaFreeReturnBuffer (PVOID Buffer)
|
||||
NTSTATUS
|
||||
NTAPI
|
||||
LsaFreeReturnBuffer(PVOID Buffer)
|
||||
{
|
||||
ULONG Size = 0; /* required by MEM_RELEASE */
|
||||
|
||||
return ZwFreeVirtualMemory (
|
||||
NtCurrentProcess(),
|
||||
& Buffer,
|
||||
& Size,
|
||||
MEM_RELEASE
|
||||
);
|
||||
ULONG Size = 0;
|
||||
return ZwFreeVirtualMemory(NtCurrentProcess(),
|
||||
&Buffer,
|
||||
&Size,
|
||||
MEM_RELEASE);
|
||||
}
|
||||
|
||||
/*
|
||||
|
@ -79,11 +82,11 @@ LsaLogonUser(IN HANDLE LsaHandle,
|
|||
/*
|
||||
* @unimplemented
|
||||
*/
|
||||
NTSTATUS STDCALL LsaLookupAuthenticationPackage (
|
||||
ULONG Unknown0,
|
||||
ULONG Unknown1,
|
||||
ULONG Unknown2
|
||||
)
|
||||
NTSTATUS
|
||||
NTAPI
|
||||
LsaLookupAuthenticationPackage(ULONG Unknown0,
|
||||
ULONG Unknown1,
|
||||
ULONG Unknown2)
|
||||
{
|
||||
return STATUS_NOT_IMPLEMENTED;
|
||||
}
|
||||
|
@ -93,9 +96,9 @@ NTSTATUS STDCALL LsaLookupAuthenticationPackage (
|
|||
*/
|
||||
NTSTATUS
|
||||
NTAPI
|
||||
LsaRegisterLogonProcess (IN PLSA_STRING LogonProcessName,
|
||||
OUT PHANDLE LsaHandle,
|
||||
OUT PLSA_OPERATIONAL_MODE SecurityMode)
|
||||
LsaRegisterLogonProcess(IN PLSA_STRING LogonProcessName,
|
||||
OUT PHANDLE LsaHandle,
|
||||
OUT PLSA_OPERATIONAL_MODE SecurityMode)
|
||||
{
|
||||
return STATUS_NOT_IMPLEMENTED;
|
||||
}
|
||||
|
@ -105,9 +108,7 @@ LsaRegisterLogonProcess (IN PLSA_STRING LogonProcessName,
|
|||
*/
|
||||
NTSTATUS
|
||||
STDCALL
|
||||
SeMarkLogonSessionForTerminationNotification(
|
||||
IN PLUID LogonId
|
||||
)
|
||||
SeMarkLogonSessionForTerminationNotification(IN PLUID LogonId)
|
||||
{
|
||||
UNIMPLEMENTED;
|
||||
return STATUS_NOT_IMPLEMENTED;
|
||||
|
@ -118,9 +119,7 @@ SeMarkLogonSessionForTerminationNotification(
|
|||
*/
|
||||
NTSTATUS
|
||||
STDCALL
|
||||
SeRegisterLogonSessionTerminatedRoutine(
|
||||
IN PSE_LOGON_SESSION_TERMINATED_ROUTINE CallbackRoutine
|
||||
)
|
||||
SeRegisterLogonSessionTerminatedRoutine(IN PSE_LOGON_SESSION_TERMINATED_ROUTINE CallbackRoutine)
|
||||
{
|
||||
UNIMPLEMENTED;
|
||||
return STATUS_NOT_IMPLEMENTED;
|
||||
|
@ -131,13 +130,10 @@ SeRegisterLogonSessionTerminatedRoutine(
|
|||
*/
|
||||
NTSTATUS
|
||||
STDCALL
|
||||
SeUnregisterLogonSessionTerminatedRoutine(
|
||||
IN PSE_LOGON_SESSION_TERMINATED_ROUTINE CallbackRoutine
|
||||
)
|
||||
SeUnregisterLogonSessionTerminatedRoutine(IN PSE_LOGON_SESSION_TERMINATED_ROUTINE CallbackRoutine)
|
||||
{
|
||||
UNIMPLEMENTED;
|
||||
return STATUS_NOT_IMPLEMENTED;
|
||||
}
|
||||
|
||||
|
||||
/* EOF */
|
||||
|
|
|
@ -1,112 +0,0 @@
|
|||
/*
|
||||
* COPYRIGHT: See COPYING in the top level directory
|
||||
* PROJECT: ReactOS kernel
|
||||
* FILE: ntoskrnl/se/luid.c
|
||||
* PURPOSE: Security manager
|
||||
*
|
||||
* PROGRAMMERS: No programmer listed.
|
||||
*/
|
||||
|
||||
/* INCLUDES *****************************************************************/
|
||||
|
||||
#include <ntoskrnl.h>
|
||||
#include <internal/debug.h>
|
||||
|
||||
#if defined (ALLOC_PRAGMA)
|
||||
#pragma alloc_text(INIT, SepInitLuid)
|
||||
#endif
|
||||
|
||||
|
||||
/* GLOBALS *******************************************************************/
|
||||
|
||||
static LARGE_INTEGER LuidIncrement;
|
||||
static LARGE_INTEGER LuidValue;
|
||||
|
||||
/* FUNCTIONS *****************************************************************/
|
||||
|
||||
VOID
|
||||
INIT_FUNCTION
|
||||
NTAPI
|
||||
SepInitLuid(VOID)
|
||||
{
|
||||
LUID DummyLuidValue = SYSTEM_LUID;
|
||||
|
||||
LuidValue.u.HighPart = DummyLuidValue.HighPart;
|
||||
LuidValue.u.LowPart = DummyLuidValue.LowPart;
|
||||
LuidIncrement.QuadPart = 1;
|
||||
}
|
||||
|
||||
|
||||
NTSTATUS
|
||||
NTAPI
|
||||
ExpAllocateLocallyUniqueId(OUT LUID *LocallyUniqueId)
|
||||
{
|
||||
LARGE_INTEGER NewLuid, PrevLuid;
|
||||
|
||||
/* atomically increment the luid */
|
||||
do
|
||||
{
|
||||
PrevLuid = LuidValue;
|
||||
NewLuid = RtlLargeIntegerAdd(PrevLuid,
|
||||
LuidIncrement);
|
||||
} while(ExfInterlockedCompareExchange64(&LuidValue.QuadPart,
|
||||
&NewLuid.QuadPart,
|
||||
&PrevLuid.QuadPart) != PrevLuid.QuadPart);
|
||||
|
||||
LocallyUniqueId->LowPart = NewLuid.u.LowPart;
|
||||
LocallyUniqueId->HighPart = NewLuid.u.HighPart;
|
||||
|
||||
return STATUS_SUCCESS;
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
* @implemented
|
||||
*/
|
||||
NTSTATUS STDCALL
|
||||
NtAllocateLocallyUniqueId(OUT LUID *LocallyUniqueId)
|
||||
{
|
||||
LUID NewLuid;
|
||||
KPROCESSOR_MODE PreviousMode;
|
||||
NTSTATUS Status = STATUS_SUCCESS;
|
||||
|
||||
PAGED_CODE();
|
||||
|
||||
PreviousMode = ExGetPreviousMode();
|
||||
|
||||
if(PreviousMode != KernelMode)
|
||||
{
|
||||
_SEH_TRY
|
||||
{
|
||||
ProbeForWrite(LocallyUniqueId,
|
||||
sizeof(LUID),
|
||||
sizeof(ULONG));
|
||||
}
|
||||
_SEH_HANDLE
|
||||
{
|
||||
Status = _SEH_GetExceptionCode();
|
||||
}
|
||||
_SEH_END;
|
||||
|
||||
if(!NT_SUCCESS(Status))
|
||||
{
|
||||
return Status;
|
||||
}
|
||||
}
|
||||
|
||||
Status = ExpAllocateLocallyUniqueId(&NewLuid);
|
||||
|
||||
_SEH_TRY
|
||||
{
|
||||
*LocallyUniqueId = NewLuid;
|
||||
}
|
||||
_SEH_HANDLE
|
||||
{
|
||||
Status = _SEH_GetExceptionCode();
|
||||
}
|
||||
_SEH_END;
|
||||
|
||||
return Status;
|
||||
}
|
||||
|
||||
/* EOF */
|
|
@ -7,18 +7,17 @@
|
|||
* PROGRAMMERS: No programmer listed.
|
||||
*/
|
||||
|
||||
/* INCLUDES *****************************************************************/
|
||||
/* INCLUDES ******************************************************************/
|
||||
|
||||
#include <ntoskrnl.h>
|
||||
#define NDEBUG
|
||||
#include <internal/debug.h>
|
||||
#include <debug.h>
|
||||
|
||||
#if defined (ALLOC_PRAGMA)
|
||||
#pragma alloc_text(INIT, SepInitPrivileges)
|
||||
#endif
|
||||
|
||||
|
||||
/* GLOBALS *******************************************************************/
|
||||
/* GLOBALS ********************************************************************/
|
||||
|
||||
LUID SeCreateTokenPrivilege;
|
||||
LUID SeAssignPrimaryTokenPrivilege;
|
||||
|
@ -47,141 +46,139 @@ LUID SeUndockPrivilege;
|
|||
LUID SeSyncAgentPrivilege;
|
||||
LUID SeEnableDelegationPrivilege;
|
||||
|
||||
|
||||
/* FUNCTIONS ***************************************************************/
|
||||
/* PRIVATE FUNCTIONS **********************************************************/
|
||||
|
||||
VOID
|
||||
INIT_FUNCTION
|
||||
NTAPI
|
||||
SepInitPrivileges (VOID)
|
||||
{
|
||||
SeCreateTokenPrivilege.LowPart = SE_CREATE_TOKEN_PRIVILEGE;
|
||||
SeCreateTokenPrivilege.HighPart = 0;
|
||||
SeAssignPrimaryTokenPrivilege.LowPart = SE_ASSIGNPRIMARYTOKEN_PRIVILEGE;
|
||||
SeAssignPrimaryTokenPrivilege.HighPart = 0;
|
||||
SeLockMemoryPrivilege.LowPart = SE_LOCK_MEMORY_PRIVILEGE;
|
||||
SeLockMemoryPrivilege.HighPart = 0;
|
||||
SeIncreaseQuotaPrivilege.LowPart = SE_INCREASE_QUOTA_PRIVILEGE;
|
||||
SeIncreaseQuotaPrivilege.HighPart = 0;
|
||||
SeUnsolicitedInputPrivilege.LowPart = SE_UNSOLICITED_INPUT_PRIVILEGE;
|
||||
SeUnsolicitedInputPrivilege.HighPart = 0;
|
||||
SeTcbPrivilege.LowPart = SE_TCB_PRIVILEGE;
|
||||
SeTcbPrivilege.HighPart = 0;
|
||||
SeSecurityPrivilege.LowPart = SE_SECURITY_PRIVILEGE;
|
||||
SeSecurityPrivilege.HighPart = 0;
|
||||
SeTakeOwnershipPrivilege.LowPart = SE_TAKE_OWNERSHIP_PRIVILEGE;
|
||||
SeTakeOwnershipPrivilege.HighPart = 0;
|
||||
SeLoadDriverPrivilege.LowPart = SE_LOAD_DRIVER_PRIVILEGE;
|
||||
SeLoadDriverPrivilege.HighPart = 0;
|
||||
SeSystemProfilePrivilege.LowPart = SE_SYSTEM_PROFILE_PRIVILEGE;
|
||||
SeSystemProfilePrivilege.HighPart = 0;
|
||||
SeSystemtimePrivilege.LowPart = SE_SYSTEMTIME_PRIVILEGE;
|
||||
SeSystemtimePrivilege.HighPart = 0;
|
||||
SeProfileSingleProcessPrivilege.LowPart = SE_PROF_SINGLE_PROCESS_PRIVILEGE;
|
||||
SeProfileSingleProcessPrivilege.HighPart = 0;
|
||||
SeIncreaseBasePriorityPrivilege.LowPart = SE_INC_BASE_PRIORITY_PRIVILEGE;
|
||||
SeIncreaseBasePriorityPrivilege.HighPart = 0;
|
||||
SeCreatePagefilePrivilege.LowPart = SE_CREATE_PAGEFILE_PRIVILEGE;
|
||||
SeCreatePagefilePrivilege.HighPart = 0;
|
||||
SeCreatePermanentPrivilege.LowPart = SE_CREATE_PERMANENT_PRIVILEGE;
|
||||
SeCreatePermanentPrivilege.HighPart = 0;
|
||||
SeBackupPrivilege.LowPart = SE_BACKUP_PRIVILEGE;
|
||||
SeBackupPrivilege.HighPart = 0;
|
||||
SeRestorePrivilege.LowPart = SE_RESTORE_PRIVILEGE;
|
||||
SeRestorePrivilege.HighPart = 0;
|
||||
SeShutdownPrivilege.LowPart = SE_SHUTDOWN_PRIVILEGE;
|
||||
SeShutdownPrivilege.HighPart = 0;
|
||||
SeDebugPrivilege.LowPart = SE_DEBUG_PRIVILEGE;
|
||||
SeDebugPrivilege.HighPart = 0;
|
||||
SeAuditPrivilege.LowPart = SE_AUDIT_PRIVILEGE;
|
||||
SeAuditPrivilege.HighPart = 0;
|
||||
SeSystemEnvironmentPrivilege.LowPart = SE_SYSTEM_ENVIRONMENT_PRIVILEGE;
|
||||
SeSystemEnvironmentPrivilege.HighPart = 0;
|
||||
SeChangeNotifyPrivilege.LowPart = SE_CHANGE_NOTIFY_PRIVILEGE;
|
||||
SeChangeNotifyPrivilege.HighPart = 0;
|
||||
SeRemoteShutdownPrivilege.LowPart = SE_REMOTE_SHUTDOWN_PRIVILEGE;
|
||||
SeRemoteShutdownPrivilege.HighPart = 0;
|
||||
SeUndockPrivilege.LowPart = SE_UNDOCK_PRIVILEGE;
|
||||
SeUndockPrivilege.HighPart = 0;
|
||||
SeSyncAgentPrivilege.LowPart = SE_SYNC_AGENT_PRIVILEGE;
|
||||
SeSyncAgentPrivilege.HighPart = 0;
|
||||
SeEnableDelegationPrivilege.LowPart = SE_ENABLE_DELEGATION_PRIVILEGE;
|
||||
SeEnableDelegationPrivilege.HighPart = 0;
|
||||
SeCreateTokenPrivilege.LowPart = SE_CREATE_TOKEN_PRIVILEGE;
|
||||
SeCreateTokenPrivilege.HighPart = 0;
|
||||
SeAssignPrimaryTokenPrivilege.LowPart = SE_ASSIGNPRIMARYTOKEN_PRIVILEGE;
|
||||
SeAssignPrimaryTokenPrivilege.HighPart = 0;
|
||||
SeLockMemoryPrivilege.LowPart = SE_LOCK_MEMORY_PRIVILEGE;
|
||||
SeLockMemoryPrivilege.HighPart = 0;
|
||||
SeIncreaseQuotaPrivilege.LowPart = SE_INCREASE_QUOTA_PRIVILEGE;
|
||||
SeIncreaseQuotaPrivilege.HighPart = 0;
|
||||
SeUnsolicitedInputPrivilege.LowPart = SE_UNSOLICITED_INPUT_PRIVILEGE;
|
||||
SeUnsolicitedInputPrivilege.HighPart = 0;
|
||||
SeTcbPrivilege.LowPart = SE_TCB_PRIVILEGE;
|
||||
SeTcbPrivilege.HighPart = 0;
|
||||
SeSecurityPrivilege.LowPart = SE_SECURITY_PRIVILEGE;
|
||||
SeSecurityPrivilege.HighPart = 0;
|
||||
SeTakeOwnershipPrivilege.LowPart = SE_TAKE_OWNERSHIP_PRIVILEGE;
|
||||
SeTakeOwnershipPrivilege.HighPart = 0;
|
||||
SeLoadDriverPrivilege.LowPart = SE_LOAD_DRIVER_PRIVILEGE;
|
||||
SeLoadDriverPrivilege.HighPart = 0;
|
||||
SeSystemProfilePrivilege.LowPart = SE_SYSTEM_PROFILE_PRIVILEGE;
|
||||
SeSystemProfilePrivilege.HighPart = 0;
|
||||
SeSystemtimePrivilege.LowPart = SE_SYSTEMTIME_PRIVILEGE;
|
||||
SeSystemtimePrivilege.HighPart = 0;
|
||||
SeProfileSingleProcessPrivilege.LowPart = SE_PROF_SINGLE_PROCESS_PRIVILEGE;
|
||||
SeProfileSingleProcessPrivilege.HighPart = 0;
|
||||
SeIncreaseBasePriorityPrivilege.LowPart = SE_INC_BASE_PRIORITY_PRIVILEGE;
|
||||
SeIncreaseBasePriorityPrivilege.HighPart = 0;
|
||||
SeCreatePagefilePrivilege.LowPart = SE_CREATE_PAGEFILE_PRIVILEGE;
|
||||
SeCreatePagefilePrivilege.HighPart = 0;
|
||||
SeCreatePermanentPrivilege.LowPart = SE_CREATE_PERMANENT_PRIVILEGE;
|
||||
SeCreatePermanentPrivilege.HighPart = 0;
|
||||
SeBackupPrivilege.LowPart = SE_BACKUP_PRIVILEGE;
|
||||
SeBackupPrivilege.HighPart = 0;
|
||||
SeRestorePrivilege.LowPart = SE_RESTORE_PRIVILEGE;
|
||||
SeRestorePrivilege.HighPart = 0;
|
||||
SeShutdownPrivilege.LowPart = SE_SHUTDOWN_PRIVILEGE;
|
||||
SeShutdownPrivilege.HighPart = 0;
|
||||
SeDebugPrivilege.LowPart = SE_DEBUG_PRIVILEGE;
|
||||
SeDebugPrivilege.HighPart = 0;
|
||||
SeAuditPrivilege.LowPart = SE_AUDIT_PRIVILEGE;
|
||||
SeAuditPrivilege.HighPart = 0;
|
||||
SeSystemEnvironmentPrivilege.LowPart = SE_SYSTEM_ENVIRONMENT_PRIVILEGE;
|
||||
SeSystemEnvironmentPrivilege.HighPart = 0;
|
||||
SeChangeNotifyPrivilege.LowPart = SE_CHANGE_NOTIFY_PRIVILEGE;
|
||||
SeChangeNotifyPrivilege.HighPart = 0;
|
||||
SeRemoteShutdownPrivilege.LowPart = SE_REMOTE_SHUTDOWN_PRIVILEGE;
|
||||
SeRemoteShutdownPrivilege.HighPart = 0;
|
||||
SeUndockPrivilege.LowPart = SE_UNDOCK_PRIVILEGE;
|
||||
SeUndockPrivilege.HighPart = 0;
|
||||
SeSyncAgentPrivilege.LowPart = SE_SYNC_AGENT_PRIVILEGE;
|
||||
SeSyncAgentPrivilege.HighPart = 0;
|
||||
SeEnableDelegationPrivilege.LowPart = SE_ENABLE_DELEGATION_PRIVILEGE;
|
||||
SeEnableDelegationPrivilege.HighPart = 0;
|
||||
}
|
||||
|
||||
|
||||
BOOLEAN
|
||||
NTAPI
|
||||
SepPrivilegeCheck (PTOKEN Token,
|
||||
PLUID_AND_ATTRIBUTES Privileges,
|
||||
ULONG PrivilegeCount,
|
||||
ULONG PrivilegeControl,
|
||||
KPROCESSOR_MODE PreviousMode)
|
||||
PLUID_AND_ATTRIBUTES Privileges,
|
||||
ULONG PrivilegeCount,
|
||||
ULONG PrivilegeControl,
|
||||
KPROCESSOR_MODE PreviousMode)
|
||||
{
|
||||
ULONG i;
|
||||
ULONG j;
|
||||
ULONG k;
|
||||
ULONG i;
|
||||
ULONG j;
|
||||
ULONG k;
|
||||
|
||||
DPRINT ("SepPrivilegeCheck() called\n");
|
||||
DPRINT ("SepPrivilegeCheck() called\n");
|
||||
|
||||
PAGED_CODE();
|
||||
PAGED_CODE();
|
||||
|
||||
if (PreviousMode == KernelMode)
|
||||
if (PreviousMode == KernelMode)
|
||||
{
|
||||
return TRUE;
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
k = 0;
|
||||
if (PrivilegeCount > 0)
|
||||
k = 0;
|
||||
if (PrivilegeCount > 0)
|
||||
{
|
||||
for (i = 0; i < Token->PrivilegeCount; i++)
|
||||
{
|
||||
for (j = 0; j < PrivilegeCount; j++)
|
||||
{
|
||||
if (Token->Privileges[i].Luid.LowPart == Privileges[j].Luid.LowPart &&
|
||||
Token->Privileges[i].Luid.HighPart == Privileges[j].Luid.HighPart)
|
||||
{
|
||||
DPRINT ("Found privilege\n");
|
||||
DPRINT ("Privilege attributes %lx\n",
|
||||
Token->Privileges[i].Attributes);
|
||||
for (i = 0; i < Token->PrivilegeCount; i++)
|
||||
{
|
||||
for (j = 0; j < PrivilegeCount; j++)
|
||||
{
|
||||
if (Token->Privileges[i].Luid.LowPart == Privileges[j].Luid.LowPart &&
|
||||
Token->Privileges[i].Luid.HighPart == Privileges[j].Luid.HighPart)
|
||||
{
|
||||
DPRINT ("Found privilege\n");
|
||||
DPRINT ("Privilege attributes %lx\n",
|
||||
Token->Privileges[i].Attributes);
|
||||
|
||||
if (Token->Privileges[i].Attributes & SE_PRIVILEGE_ENABLED)
|
||||
{
|
||||
Privileges[j].Attributes |= SE_PRIVILEGE_USED_FOR_ACCESS;
|
||||
k++;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
if (Token->Privileges[i].Attributes & SE_PRIVILEGE_ENABLED)
|
||||
{
|
||||
Privileges[j].Attributes |= SE_PRIVILEGE_USED_FOR_ACCESS;
|
||||
k++;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if ((PrivilegeControl & PRIVILEGE_SET_ALL_NECESSARY) &&
|
||||
PrivilegeCount == k)
|
||||
if ((PrivilegeControl & PRIVILEGE_SET_ALL_NECESSARY) &&
|
||||
PrivilegeCount == k)
|
||||
{
|
||||
return TRUE;
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
if (k > 0 &&
|
||||
!(PrivilegeControl & PRIVILEGE_SET_ALL_NECESSARY))
|
||||
if (k > 0 &&
|
||||
!(PrivilegeControl & PRIVILEGE_SET_ALL_NECESSARY))
|
||||
{
|
||||
return TRUE;
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
return FALSE;
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
|
||||
NTSTATUS
|
||||
NTAPI
|
||||
SeCaptureLuidAndAttributesArray (PLUID_AND_ATTRIBUTES Src,
|
||||
ULONG PrivilegeCount,
|
||||
KPROCESSOR_MODE PreviousMode,
|
||||
PLUID_AND_ATTRIBUTES AllocatedMem,
|
||||
ULONG AllocatedLength,
|
||||
POOL_TYPE PoolType,
|
||||
BOOLEAN CaptureIfKernel,
|
||||
PLUID_AND_ATTRIBUTES* Dest,
|
||||
PULONG Length)
|
||||
ULONG PrivilegeCount,
|
||||
KPROCESSOR_MODE PreviousMode,
|
||||
PLUID_AND_ATTRIBUTES AllocatedMem,
|
||||
ULONG AllocatedLength,
|
||||
POOL_TYPE PoolType,
|
||||
BOOLEAN CaptureIfKernel,
|
||||
PLUID_AND_ATTRIBUTES* Dest,
|
||||
PULONG Length)
|
||||
{
|
||||
ULONG BufferSize;
|
||||
NTSTATUS Status = STATUS_SUCCESS;
|
||||
|
@ -202,7 +199,7 @@ SeCaptureLuidAndAttributesArray (PLUID_AND_ATTRIBUTES Src,
|
|||
}
|
||||
|
||||
/* FIXME - check PrivilegeCount for a valid number so we don't
|
||||
cause an integer overflow or exhaust system resources! */
|
||||
cause an integer overflow or exhaust system resources! */
|
||||
|
||||
BufferSize = PrivilegeCount * sizeof(LUID_AND_ATTRIBUTES);
|
||||
*Length = ROUND_UP(BufferSize, 4); /* round up to a 4 byte alignment */
|
||||
|
@ -229,7 +226,7 @@ SeCaptureLuidAndAttributesArray (PLUID_AND_ATTRIBUTES Src,
|
|||
}
|
||||
|
||||
/* allocate enough memory or check if the provided buffer is
|
||||
large enough to hold the array */
|
||||
large enough to hold the array */
|
||||
if (AllocatedMem != NULL)
|
||||
{
|
||||
if (AllocatedLength < BufferSize)
|
||||
|
@ -271,12 +268,11 @@ SeCaptureLuidAndAttributesArray (PLUID_AND_ATTRIBUTES Src,
|
|||
return Status;
|
||||
}
|
||||
|
||||
|
||||
VOID
|
||||
NTAPI
|
||||
SeReleaseLuidAndAttributesArray (PLUID_AND_ATTRIBUTES Privilege,
|
||||
KPROCESSOR_MODE PreviousMode,
|
||||
BOOLEAN CaptureIfKernel)
|
||||
KPROCESSOR_MODE PreviousMode,
|
||||
BOOLEAN CaptureIfKernel)
|
||||
{
|
||||
PAGED_CODE();
|
||||
|
||||
|
@ -287,208 +283,232 @@ SeReleaseLuidAndAttributesArray (PLUID_AND_ATTRIBUTES Privilege,
|
|||
}
|
||||
}
|
||||
|
||||
/* PUBLIC FUNCTIONS ***********************************************************/
|
||||
|
||||
NTSTATUS STDCALL
|
||||
NtPrivilegeCheck (IN HANDLE ClientToken,
|
||||
IN PPRIVILEGE_SET RequiredPrivileges,
|
||||
OUT PBOOLEAN Result)
|
||||
/*
|
||||
* @unimplemented
|
||||
*/
|
||||
NTSTATUS
|
||||
STDCALL
|
||||
SeAppendPrivileges(PACCESS_STATE AccessState,
|
||||
PPRIVILEGE_SET Privileges)
|
||||
{
|
||||
PLUID_AND_ATTRIBUTES Privileges;
|
||||
PTOKEN Token;
|
||||
ULONG PrivilegeCount = 0;
|
||||
ULONG PrivilegeControl = 0;
|
||||
ULONG Length;
|
||||
BOOLEAN CheckResult;
|
||||
KPROCESSOR_MODE PreviousMode;
|
||||
NTSTATUS Status = STATUS_SUCCESS;
|
||||
|
||||
PAGED_CODE();
|
||||
|
||||
PreviousMode = KeGetPreviousMode();
|
||||
|
||||
/* probe the buffers */
|
||||
if (PreviousMode != KernelMode)
|
||||
{
|
||||
_SEH_TRY
|
||||
{
|
||||
ProbeForWrite(RequiredPrivileges,
|
||||
FIELD_OFFSET(PRIVILEGE_SET,
|
||||
Privilege),
|
||||
sizeof(ULONG));
|
||||
|
||||
PrivilegeCount = RequiredPrivileges->PrivilegeCount;
|
||||
PrivilegeControl = RequiredPrivileges->Control;
|
||||
|
||||
/* Check PrivilegeCount to avoid an integer overflow! */
|
||||
if (FIELD_OFFSET(PRIVILEGE_SET,
|
||||
Privilege[PrivilegeCount]) /
|
||||
sizeof(RequiredPrivileges->Privilege[0]) != PrivilegeCount)
|
||||
{
|
||||
Status = STATUS_INVALID_PARAMETER;
|
||||
_SEH_LEAVE;
|
||||
}
|
||||
|
||||
/* probe all of the array */
|
||||
ProbeForWrite(RequiredPrivileges,
|
||||
FIELD_OFFSET(PRIVILEGE_SET,
|
||||
Privilege[PrivilegeCount]),
|
||||
sizeof(ULONG));
|
||||
|
||||
ProbeForWriteBoolean(Result);
|
||||
}
|
||||
_SEH_HANDLE
|
||||
{
|
||||
Status = _SEH_GetExceptionCode();
|
||||
}
|
||||
_SEH_END;
|
||||
|
||||
if (!NT_SUCCESS(Status))
|
||||
{
|
||||
return Status;
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
PrivilegeCount = RequiredPrivileges->PrivilegeCount;
|
||||
PrivilegeControl = RequiredPrivileges->Control;
|
||||
}
|
||||
|
||||
/* reference the token and make sure we're
|
||||
not doing an anonymous impersonation */
|
||||
Status = ObReferenceObjectByHandle (ClientToken,
|
||||
TOKEN_QUERY,
|
||||
SepTokenObjectType,
|
||||
PreviousMode,
|
||||
(PVOID*)&Token,
|
||||
NULL);
|
||||
if (!NT_SUCCESS(Status))
|
||||
{
|
||||
return Status;
|
||||
}
|
||||
|
||||
if (Token->TokenType == TokenImpersonation &&
|
||||
Token->ImpersonationLevel < SecurityIdentification)
|
||||
{
|
||||
ObDereferenceObject (Token);
|
||||
return STATUS_BAD_IMPERSONATION_LEVEL;
|
||||
}
|
||||
|
||||
/* capture the privileges */
|
||||
Status = SeCaptureLuidAndAttributesArray (RequiredPrivileges->Privilege,
|
||||
PrivilegeCount,
|
||||
PreviousMode,
|
||||
NULL,
|
||||
0,
|
||||
PagedPool,
|
||||
TRUE,
|
||||
&Privileges,
|
||||
&Length);
|
||||
if (!NT_SUCCESS(Status))
|
||||
{
|
||||
ObDereferenceObject (Token);
|
||||
return Status;
|
||||
}
|
||||
|
||||
CheckResult = SepPrivilegeCheck (Token,
|
||||
Privileges,
|
||||
PrivilegeCount,
|
||||
PrivilegeControl,
|
||||
PreviousMode);
|
||||
|
||||
ObDereferenceObject (Token);
|
||||
|
||||
/* return the array */
|
||||
_SEH_TRY
|
||||
{
|
||||
RtlCopyMemory(RequiredPrivileges->Privilege,
|
||||
Privileges,
|
||||
PrivilegeCount * sizeof(LUID_AND_ATTRIBUTES));
|
||||
*Result = CheckResult;
|
||||
Status = STATUS_SUCCESS;
|
||||
}
|
||||
_SEH_HANDLE
|
||||
{
|
||||
Status = _SEH_GetExceptionCode();
|
||||
}
|
||||
_SEH_END;
|
||||
|
||||
SeReleaseLuidAndAttributesArray (Privileges,
|
||||
PreviousMode,
|
||||
TRUE);
|
||||
|
||||
return Status;
|
||||
UNIMPLEMENTED;
|
||||
return STATUS_NOT_IMPLEMENTED;
|
||||
}
|
||||
|
||||
/*
|
||||
* @unimplemented
|
||||
*/
|
||||
VOID
|
||||
STDCALL
|
||||
SeFreePrivileges(IN PPRIVILEGE_SET Privileges)
|
||||
{
|
||||
UNIMPLEMENTED;
|
||||
}
|
||||
|
||||
/*
|
||||
* @implemented
|
||||
*/
|
||||
BOOLEAN STDCALL
|
||||
SePrivilegeCheck (PPRIVILEGE_SET Privileges,
|
||||
PSECURITY_SUBJECT_CONTEXT SubjectContext,
|
||||
KPROCESSOR_MODE PreviousMode)
|
||||
PSECURITY_SUBJECT_CONTEXT SubjectContext,
|
||||
KPROCESSOR_MODE PreviousMode)
|
||||
{
|
||||
PACCESS_TOKEN Token = NULL;
|
||||
PACCESS_TOKEN Token = NULL;
|
||||
|
||||
PAGED_CODE();
|
||||
PAGED_CODE();
|
||||
|
||||
if (SubjectContext->ClientToken == NULL)
|
||||
if (SubjectContext->ClientToken == NULL)
|
||||
{
|
||||
Token = SubjectContext->PrimaryToken;
|
||||
Token = SubjectContext->PrimaryToken;
|
||||
}
|
||||
else
|
||||
else
|
||||
{
|
||||
Token = SubjectContext->ClientToken;
|
||||
if (SubjectContext->ImpersonationLevel < 2)
|
||||
{
|
||||
return FALSE;
|
||||
}
|
||||
Token = SubjectContext->ClientToken;
|
||||
if (SubjectContext->ImpersonationLevel < 2)
|
||||
{
|
||||
return FALSE;
|
||||
}
|
||||
}
|
||||
|
||||
return SepPrivilegeCheck (Token,
|
||||
Privileges->Privilege,
|
||||
Privileges->PrivilegeCount,
|
||||
Privileges->Control,
|
||||
PreviousMode);
|
||||
return SepPrivilegeCheck (Token,
|
||||
Privileges->Privilege,
|
||||
Privileges->PrivilegeCount,
|
||||
Privileges->Control,
|
||||
PreviousMode);
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
* @implemented
|
||||
*/
|
||||
BOOLEAN STDCALL
|
||||
SeSinglePrivilegeCheck (IN LUID PrivilegeValue,
|
||||
IN KPROCESSOR_MODE PreviousMode)
|
||||
IN KPROCESSOR_MODE PreviousMode)
|
||||
{
|
||||
SECURITY_SUBJECT_CONTEXT SubjectContext;
|
||||
PRIVILEGE_SET Priv;
|
||||
BOOLEAN Result;
|
||||
SECURITY_SUBJECT_CONTEXT SubjectContext;
|
||||
PRIVILEGE_SET Priv;
|
||||
BOOLEAN Result;
|
||||
|
||||
PAGED_CODE();
|
||||
PAGED_CODE();
|
||||
|
||||
SeCaptureSubjectContext (&SubjectContext);
|
||||
SeCaptureSubjectContext (&SubjectContext);
|
||||
|
||||
Priv.PrivilegeCount = 1;
|
||||
Priv.Control = PRIVILEGE_SET_ALL_NECESSARY;
|
||||
Priv.Privilege[0].Luid = PrivilegeValue;
|
||||
Priv.Privilege[0].Attributes = SE_PRIVILEGE_ENABLED;
|
||||
Priv.PrivilegeCount = 1;
|
||||
Priv.Control = PRIVILEGE_SET_ALL_NECESSARY;
|
||||
Priv.Privilege[0].Luid = PrivilegeValue;
|
||||
Priv.Privilege[0].Attributes = SE_PRIVILEGE_ENABLED;
|
||||
|
||||
Result = SePrivilegeCheck (&Priv,
|
||||
&SubjectContext,
|
||||
PreviousMode);
|
||||
Result = SePrivilegeCheck (&Priv,
|
||||
&SubjectContext,
|
||||
PreviousMode);
|
||||
|
||||
if (PreviousMode != KernelMode)
|
||||
if (PreviousMode != KernelMode)
|
||||
{
|
||||
#if 0
|
||||
SePrivilegedServiceAuditAlarm (0,
|
||||
&SubjectContext,
|
||||
&PrivilegeValue);
|
||||
SePrivilegedServiceAuditAlarm (0,
|
||||
&SubjectContext,
|
||||
&PrivilegeValue);
|
||||
#endif
|
||||
}
|
||||
|
||||
SeReleaseSubjectContext (&SubjectContext);
|
||||
SeReleaseSubjectContext (&SubjectContext);
|
||||
|
||||
return Result;
|
||||
return Result;
|
||||
}
|
||||
|
||||
/* SYSTEM CALLS ***************************************************************/
|
||||
|
||||
NTSTATUS STDCALL
|
||||
NtPrivilegeCheck (IN HANDLE ClientToken,
|
||||
IN PPRIVILEGE_SET RequiredPrivileges,
|
||||
OUT PBOOLEAN Result)
|
||||
{
|
||||
PLUID_AND_ATTRIBUTES Privileges;
|
||||
PTOKEN Token;
|
||||
ULONG PrivilegeCount = 0;
|
||||
ULONG PrivilegeControl = 0;
|
||||
ULONG Length;
|
||||
BOOLEAN CheckResult;
|
||||
KPROCESSOR_MODE PreviousMode;
|
||||
NTSTATUS Status = STATUS_SUCCESS;
|
||||
|
||||
PAGED_CODE();
|
||||
|
||||
PreviousMode = KeGetPreviousMode();
|
||||
|
||||
/* probe the buffers */
|
||||
if (PreviousMode != KernelMode)
|
||||
{
|
||||
_SEH_TRY
|
||||
{
|
||||
ProbeForWrite(RequiredPrivileges,
|
||||
FIELD_OFFSET(PRIVILEGE_SET,
|
||||
Privilege),
|
||||
sizeof(ULONG));
|
||||
|
||||
PrivilegeCount = RequiredPrivileges->PrivilegeCount;
|
||||
PrivilegeControl = RequiredPrivileges->Control;
|
||||
|
||||
/* Check PrivilegeCount to avoid an integer overflow! */
|
||||
if (FIELD_OFFSET(PRIVILEGE_SET,
|
||||
Privilege[PrivilegeCount]) /
|
||||
sizeof(RequiredPrivileges->Privilege[0]) != PrivilegeCount)
|
||||
{
|
||||
Status = STATUS_INVALID_PARAMETER;
|
||||
_SEH_LEAVE;
|
||||
}
|
||||
|
||||
/* probe all of the array */
|
||||
ProbeForWrite(RequiredPrivileges,
|
||||
FIELD_OFFSET(PRIVILEGE_SET,
|
||||
Privilege[PrivilegeCount]),
|
||||
sizeof(ULONG));
|
||||
|
||||
ProbeForWriteBoolean(Result);
|
||||
}
|
||||
_SEH_HANDLE
|
||||
{
|
||||
Status = _SEH_GetExceptionCode();
|
||||
}
|
||||
_SEH_END;
|
||||
|
||||
if (!NT_SUCCESS(Status))
|
||||
{
|
||||
return Status;
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
PrivilegeCount = RequiredPrivileges->PrivilegeCount;
|
||||
PrivilegeControl = RequiredPrivileges->Control;
|
||||
}
|
||||
|
||||
/* reference the token and make sure we're
|
||||
not doing an anonymous impersonation */
|
||||
Status = ObReferenceObjectByHandle (ClientToken,
|
||||
TOKEN_QUERY,
|
||||
SepTokenObjectType,
|
||||
PreviousMode,
|
||||
(PVOID*)&Token,
|
||||
NULL);
|
||||
if (!NT_SUCCESS(Status))
|
||||
{
|
||||
return Status;
|
||||
}
|
||||
|
||||
if (Token->TokenType == TokenImpersonation &&
|
||||
Token->ImpersonationLevel < SecurityIdentification)
|
||||
{
|
||||
ObDereferenceObject (Token);
|
||||
return STATUS_BAD_IMPERSONATION_LEVEL;
|
||||
}
|
||||
|
||||
/* capture the privileges */
|
||||
Status = SeCaptureLuidAndAttributesArray (RequiredPrivileges->Privilege,
|
||||
PrivilegeCount,
|
||||
PreviousMode,
|
||||
NULL,
|
||||
0,
|
||||
PagedPool,
|
||||
TRUE,
|
||||
&Privileges,
|
||||
&Length);
|
||||
if (!NT_SUCCESS(Status))
|
||||
{
|
||||
ObDereferenceObject (Token);
|
||||
return Status;
|
||||
}
|
||||
|
||||
CheckResult = SepPrivilegeCheck (Token,
|
||||
Privileges,
|
||||
PrivilegeCount,
|
||||
PrivilegeControl,
|
||||
PreviousMode);
|
||||
|
||||
ObDereferenceObject (Token);
|
||||
|
||||
/* return the array */
|
||||
_SEH_TRY
|
||||
{
|
||||
RtlCopyMemory(RequiredPrivileges->Privilege,
|
||||
Privileges,
|
||||
PrivilegeCount * sizeof(LUID_AND_ATTRIBUTES));
|
||||
*Result = CheckResult;
|
||||
Status = STATUS_SUCCESS;
|
||||
}
|
||||
_SEH_HANDLE
|
||||
{
|
||||
Status = _SEH_GetExceptionCode();
|
||||
}
|
||||
_SEH_END;
|
||||
|
||||
SeReleaseLuidAndAttributesArray (Privileges,
|
||||
PreviousMode,
|
||||
TRUE);
|
||||
|
||||
return Status;
|
||||
}
|
||||
|
||||
|
||||
/* EOF */
|
||||
|
|
File diff suppressed because it is too large
Load diff
File diff suppressed because it is too large
Load diff
|
@ -7,19 +7,17 @@
|
|||
* PROGRAMMERS: David Welch <welch@cwcom.net>
|
||||
*/
|
||||
|
||||
/* INCLUDES *****************************************************************/
|
||||
/* INCLUDES *******************************************************************/
|
||||
|
||||
#include <ntoskrnl.h>
|
||||
|
||||
#define NDEBUG
|
||||
#include <internal/debug.h>
|
||||
#include <debug.h>
|
||||
|
||||
#if defined (ALLOC_PRAGMA)
|
||||
#pragma alloc_text(INIT, SepInitSecurityIDs)
|
||||
#endif
|
||||
|
||||
|
||||
/* GLOBALS ******************************************************************/
|
||||
/* GLOBALS ********************************************************************/
|
||||
|
||||
SID_IDENTIFIER_AUTHORITY SeNullSidAuthority = {SECURITY_NULL_SID_AUTHORITY};
|
||||
SID_IDENTIFIER_AUTHORITY SeWorldSidAuthority = {SECURITY_WORLD_SID_AUTHORITY};
|
||||
|
@ -56,174 +54,172 @@ PSID SeAuthenticatedUsersSid = NULL;
|
|||
PSID SeRestrictedSid = NULL;
|
||||
PSID SeAnonymousLogonSid = NULL;
|
||||
|
||||
|
||||
/* FUNCTIONS ****************************************************************/
|
||||
|
||||
/* FUNCTIONS ******************************************************************/
|
||||
|
||||
BOOLEAN
|
||||
INIT_FUNCTION
|
||||
NTAPI
|
||||
SepInitSecurityIDs(VOID)
|
||||
{
|
||||
ULONG SidLength0;
|
||||
ULONG SidLength1;
|
||||
ULONG SidLength2;
|
||||
PULONG SubAuthority;
|
||||
ULONG SidLength0;
|
||||
ULONG SidLength1;
|
||||
ULONG SidLength2;
|
||||
PULONG SubAuthority;
|
||||
|
||||
SidLength0 = RtlLengthRequiredSid(0);
|
||||
SidLength1 = RtlLengthRequiredSid(1);
|
||||
SidLength2 = RtlLengthRequiredSid(2);
|
||||
SidLength0 = RtlLengthRequiredSid(0);
|
||||
SidLength1 = RtlLengthRequiredSid(1);
|
||||
SidLength2 = RtlLengthRequiredSid(2);
|
||||
|
||||
/* create NullSid */
|
||||
SeNullSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
|
||||
SeWorldSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
|
||||
SeLocalSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
|
||||
SeCreatorOwnerSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
|
||||
SeCreatorGroupSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
|
||||
SeCreatorOwnerServerSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
|
||||
SeCreatorGroupServerSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
|
||||
SeNtAuthoritySid = ExAllocatePoolWithTag(PagedPool, SidLength0, TAG_SID);
|
||||
SeDialupSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
|
||||
SeNetworkSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
|
||||
SeBatchSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
|
||||
SeInteractiveSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
|
||||
SeServiceSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
|
||||
SePrincipalSelfSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
|
||||
SeLocalSystemSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
|
||||
SeAuthenticatedUserSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
|
||||
SeRestrictedCodeSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
|
||||
SeAliasAdminsSid = ExAllocatePoolWithTag(PagedPool, SidLength2, TAG_SID);
|
||||
SeAliasUsersSid = ExAllocatePoolWithTag(PagedPool, SidLength2, TAG_SID);
|
||||
SeAliasGuestsSid = ExAllocatePoolWithTag(PagedPool, SidLength2, TAG_SID);
|
||||
SeAliasPowerUsersSid = ExAllocatePoolWithTag(PagedPool, SidLength2, TAG_SID);
|
||||
SeAliasAccountOpsSid = ExAllocatePoolWithTag(PagedPool, SidLength2, TAG_SID);
|
||||
SeAliasSystemOpsSid = ExAllocatePoolWithTag(PagedPool, SidLength2, TAG_SID);
|
||||
SeAliasPrintOpsSid = ExAllocatePoolWithTag(PagedPool, SidLength2, TAG_SID);
|
||||
SeAliasBackupOpsSid = ExAllocatePoolWithTag(PagedPool, SidLength2, TAG_SID);
|
||||
SeAuthenticatedUsersSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
|
||||
SeRestrictedSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
|
||||
SeAnonymousLogonSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
|
||||
/* create NullSid */
|
||||
SeNullSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
|
||||
SeWorldSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
|
||||
SeLocalSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
|
||||
SeCreatorOwnerSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
|
||||
SeCreatorGroupSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
|
||||
SeCreatorOwnerServerSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
|
||||
SeCreatorGroupServerSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
|
||||
SeNtAuthoritySid = ExAllocatePoolWithTag(PagedPool, SidLength0, TAG_SID);
|
||||
SeDialupSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
|
||||
SeNetworkSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
|
||||
SeBatchSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
|
||||
SeInteractiveSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
|
||||
SeServiceSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
|
||||
SePrincipalSelfSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
|
||||
SeLocalSystemSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
|
||||
SeAuthenticatedUserSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
|
||||
SeRestrictedCodeSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
|
||||
SeAliasAdminsSid = ExAllocatePoolWithTag(PagedPool, SidLength2, TAG_SID);
|
||||
SeAliasUsersSid = ExAllocatePoolWithTag(PagedPool, SidLength2, TAG_SID);
|
||||
SeAliasGuestsSid = ExAllocatePoolWithTag(PagedPool, SidLength2, TAG_SID);
|
||||
SeAliasPowerUsersSid = ExAllocatePoolWithTag(PagedPool, SidLength2, TAG_SID);
|
||||
SeAliasAccountOpsSid = ExAllocatePoolWithTag(PagedPool, SidLength2, TAG_SID);
|
||||
SeAliasSystemOpsSid = ExAllocatePoolWithTag(PagedPool, SidLength2, TAG_SID);
|
||||
SeAliasPrintOpsSid = ExAllocatePoolWithTag(PagedPool, SidLength2, TAG_SID);
|
||||
SeAliasBackupOpsSid = ExAllocatePoolWithTag(PagedPool, SidLength2, TAG_SID);
|
||||
SeAuthenticatedUsersSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
|
||||
SeRestrictedSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
|
||||
SeAnonymousLogonSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
|
||||
|
||||
if (SeNullSid == NULL || SeWorldSid == NULL ||
|
||||
SeLocalSid == NULL || SeCreatorOwnerSid == NULL ||
|
||||
SeCreatorGroupSid == NULL || SeCreatorOwnerServerSid == NULL ||
|
||||
SeCreatorGroupServerSid == NULL || SeNtAuthoritySid == NULL ||
|
||||
SeDialupSid == NULL || SeNetworkSid == NULL || SeBatchSid == NULL ||
|
||||
SeInteractiveSid == NULL || SeServiceSid == NULL ||
|
||||
SePrincipalSelfSid == NULL || SeLocalSystemSid == NULL ||
|
||||
SeAuthenticatedUserSid == NULL || SeRestrictedCodeSid == NULL ||
|
||||
SeAliasAdminsSid == NULL || SeAliasUsersSid == NULL ||
|
||||
SeAliasGuestsSid == NULL || SeAliasPowerUsersSid == NULL ||
|
||||
SeAliasAccountOpsSid == NULL || SeAliasSystemOpsSid == NULL ||
|
||||
SeAliasPrintOpsSid == NULL || SeAliasBackupOpsSid == NULL ||
|
||||
SeAuthenticatedUsersSid == NULL || SeRestrictedSid == NULL ||
|
||||
SeAnonymousLogonSid == NULL)
|
||||
{
|
||||
/* FIXME: We're leaking memory here. */
|
||||
return(FALSE);
|
||||
}
|
||||
if (SeNullSid == NULL || SeWorldSid == NULL ||
|
||||
SeLocalSid == NULL || SeCreatorOwnerSid == NULL ||
|
||||
SeCreatorGroupSid == NULL || SeCreatorOwnerServerSid == NULL ||
|
||||
SeCreatorGroupServerSid == NULL || SeNtAuthoritySid == NULL ||
|
||||
SeDialupSid == NULL || SeNetworkSid == NULL || SeBatchSid == NULL ||
|
||||
SeInteractiveSid == NULL || SeServiceSid == NULL ||
|
||||
SePrincipalSelfSid == NULL || SeLocalSystemSid == NULL ||
|
||||
SeAuthenticatedUserSid == NULL || SeRestrictedCodeSid == NULL ||
|
||||
SeAliasAdminsSid == NULL || SeAliasUsersSid == NULL ||
|
||||
SeAliasGuestsSid == NULL || SeAliasPowerUsersSid == NULL ||
|
||||
SeAliasAccountOpsSid == NULL || SeAliasSystemOpsSid == NULL ||
|
||||
SeAliasPrintOpsSid == NULL || SeAliasBackupOpsSid == NULL ||
|
||||
SeAuthenticatedUsersSid == NULL || SeRestrictedSid == NULL ||
|
||||
SeAnonymousLogonSid == NULL)
|
||||
{
|
||||
/* FIXME: We're leaking memory here. */
|
||||
return(FALSE);
|
||||
}
|
||||
|
||||
RtlInitializeSid(SeNullSid, &SeNullSidAuthority, 1);
|
||||
RtlInitializeSid(SeWorldSid, &SeWorldSidAuthority, 1);
|
||||
RtlInitializeSid(SeLocalSid, &SeLocalSidAuthority, 1);
|
||||
RtlInitializeSid(SeCreatorOwnerSid, &SeCreatorSidAuthority, 1);
|
||||
RtlInitializeSid(SeCreatorGroupSid, &SeCreatorSidAuthority, 1);
|
||||
RtlInitializeSid(SeCreatorOwnerServerSid, &SeCreatorSidAuthority, 1);
|
||||
RtlInitializeSid(SeCreatorGroupServerSid, &SeCreatorSidAuthority, 1);
|
||||
RtlInitializeSid(SeNtAuthoritySid, &SeNtSidAuthority, 0);
|
||||
RtlInitializeSid(SeDialupSid, &SeNtSidAuthority, 1);
|
||||
RtlInitializeSid(SeNetworkSid, &SeNtSidAuthority, 1);
|
||||
RtlInitializeSid(SeBatchSid, &SeNtSidAuthority, 1);
|
||||
RtlInitializeSid(SeInteractiveSid, &SeNtSidAuthority, 1);
|
||||
RtlInitializeSid(SeServiceSid, &SeNtSidAuthority, 1);
|
||||
RtlInitializeSid(SePrincipalSelfSid, &SeNtSidAuthority, 1);
|
||||
RtlInitializeSid(SeLocalSystemSid, &SeNtSidAuthority, 1);
|
||||
RtlInitializeSid(SeAuthenticatedUserSid, &SeNtSidAuthority, 1);
|
||||
RtlInitializeSid(SeRestrictedCodeSid, &SeNtSidAuthority, 1);
|
||||
RtlInitializeSid(SeAliasAdminsSid, &SeNtSidAuthority, 2);
|
||||
RtlInitializeSid(SeAliasUsersSid, &SeNtSidAuthority, 2);
|
||||
RtlInitializeSid(SeAliasGuestsSid, &SeNtSidAuthority, 2);
|
||||
RtlInitializeSid(SeAliasPowerUsersSid, &SeNtSidAuthority, 2);
|
||||
RtlInitializeSid(SeAliasAccountOpsSid, &SeNtSidAuthority, 2);
|
||||
RtlInitializeSid(SeAliasSystemOpsSid, &SeNtSidAuthority, 2);
|
||||
RtlInitializeSid(SeAliasPrintOpsSid, &SeNtSidAuthority, 2);
|
||||
RtlInitializeSid(SeAliasBackupOpsSid, &SeNtSidAuthority, 2);
|
||||
RtlInitializeSid(SeAuthenticatedUsersSid, &SeNtSidAuthority, 1);
|
||||
RtlInitializeSid(SeRestrictedSid, &SeNtSidAuthority, 1);
|
||||
RtlInitializeSid(SeAnonymousLogonSid, &SeNtSidAuthority, 1);
|
||||
RtlInitializeSid(SeNullSid, &SeNullSidAuthority, 1);
|
||||
RtlInitializeSid(SeWorldSid, &SeWorldSidAuthority, 1);
|
||||
RtlInitializeSid(SeLocalSid, &SeLocalSidAuthority, 1);
|
||||
RtlInitializeSid(SeCreatorOwnerSid, &SeCreatorSidAuthority, 1);
|
||||
RtlInitializeSid(SeCreatorGroupSid, &SeCreatorSidAuthority, 1);
|
||||
RtlInitializeSid(SeCreatorOwnerServerSid, &SeCreatorSidAuthority, 1);
|
||||
RtlInitializeSid(SeCreatorGroupServerSid, &SeCreatorSidAuthority, 1);
|
||||
RtlInitializeSid(SeNtAuthoritySid, &SeNtSidAuthority, 0);
|
||||
RtlInitializeSid(SeDialupSid, &SeNtSidAuthority, 1);
|
||||
RtlInitializeSid(SeNetworkSid, &SeNtSidAuthority, 1);
|
||||
RtlInitializeSid(SeBatchSid, &SeNtSidAuthority, 1);
|
||||
RtlInitializeSid(SeInteractiveSid, &SeNtSidAuthority, 1);
|
||||
RtlInitializeSid(SeServiceSid, &SeNtSidAuthority, 1);
|
||||
RtlInitializeSid(SePrincipalSelfSid, &SeNtSidAuthority, 1);
|
||||
RtlInitializeSid(SeLocalSystemSid, &SeNtSidAuthority, 1);
|
||||
RtlInitializeSid(SeAuthenticatedUserSid, &SeNtSidAuthority, 1);
|
||||
RtlInitializeSid(SeRestrictedCodeSid, &SeNtSidAuthority, 1);
|
||||
RtlInitializeSid(SeAliasAdminsSid, &SeNtSidAuthority, 2);
|
||||
RtlInitializeSid(SeAliasUsersSid, &SeNtSidAuthority, 2);
|
||||
RtlInitializeSid(SeAliasGuestsSid, &SeNtSidAuthority, 2);
|
||||
RtlInitializeSid(SeAliasPowerUsersSid, &SeNtSidAuthority, 2);
|
||||
RtlInitializeSid(SeAliasAccountOpsSid, &SeNtSidAuthority, 2);
|
||||
RtlInitializeSid(SeAliasSystemOpsSid, &SeNtSidAuthority, 2);
|
||||
RtlInitializeSid(SeAliasPrintOpsSid, &SeNtSidAuthority, 2);
|
||||
RtlInitializeSid(SeAliasBackupOpsSid, &SeNtSidAuthority, 2);
|
||||
RtlInitializeSid(SeAuthenticatedUsersSid, &SeNtSidAuthority, 1);
|
||||
RtlInitializeSid(SeRestrictedSid, &SeNtSidAuthority, 1);
|
||||
RtlInitializeSid(SeAnonymousLogonSid, &SeNtSidAuthority, 1);
|
||||
|
||||
SubAuthority = RtlSubAuthoritySid(SeNullSid, 0);
|
||||
*SubAuthority = SECURITY_NULL_RID;
|
||||
SubAuthority = RtlSubAuthoritySid(SeWorldSid, 0);
|
||||
*SubAuthority = SECURITY_WORLD_RID;
|
||||
SubAuthority = RtlSubAuthoritySid(SeLocalSid, 0);
|
||||
*SubAuthority = SECURITY_LOCAL_RID;
|
||||
SubAuthority = RtlSubAuthoritySid(SeCreatorOwnerSid, 0);
|
||||
*SubAuthority = SECURITY_CREATOR_OWNER_RID;
|
||||
SubAuthority = RtlSubAuthoritySid(SeCreatorGroupSid, 0);
|
||||
*SubAuthority = SECURITY_CREATOR_GROUP_RID;
|
||||
SubAuthority = RtlSubAuthoritySid(SeCreatorOwnerServerSid, 0);
|
||||
*SubAuthority = SECURITY_CREATOR_OWNER_SERVER_RID;
|
||||
SubAuthority = RtlSubAuthoritySid(SeCreatorGroupServerSid, 0);
|
||||
*SubAuthority = SECURITY_CREATOR_GROUP_SERVER_RID;
|
||||
SubAuthority = RtlSubAuthoritySid(SeDialupSid, 0);
|
||||
*SubAuthority = SECURITY_DIALUP_RID;
|
||||
SubAuthority = RtlSubAuthoritySid(SeNetworkSid, 0);
|
||||
*SubAuthority = SECURITY_NETWORK_RID;
|
||||
SubAuthority = RtlSubAuthoritySid(SeBatchSid, 0);
|
||||
*SubAuthority = SECURITY_BATCH_RID;
|
||||
SubAuthority = RtlSubAuthoritySid(SeInteractiveSid, 0);
|
||||
*SubAuthority = SECURITY_INTERACTIVE_RID;
|
||||
SubAuthority = RtlSubAuthoritySid(SeServiceSid, 0);
|
||||
*SubAuthority = SECURITY_SERVICE_RID;
|
||||
SubAuthority = RtlSubAuthoritySid(SePrincipalSelfSid, 0);
|
||||
*SubAuthority = SECURITY_PRINCIPAL_SELF_RID;
|
||||
SubAuthority = RtlSubAuthoritySid(SeLocalSystemSid, 0);
|
||||
*SubAuthority = SECURITY_LOCAL_SYSTEM_RID;
|
||||
SubAuthority = RtlSubAuthoritySid(SeAuthenticatedUserSid, 0);
|
||||
*SubAuthority = SECURITY_AUTHENTICATED_USER_RID;
|
||||
SubAuthority = RtlSubAuthoritySid(SeRestrictedCodeSid, 0);
|
||||
*SubAuthority = SECURITY_RESTRICTED_CODE_RID;
|
||||
SubAuthority = RtlSubAuthoritySid(SeAliasAdminsSid, 0);
|
||||
*SubAuthority = SECURITY_BUILTIN_DOMAIN_RID;
|
||||
SubAuthority = RtlSubAuthoritySid(SeAliasAdminsSid, 1);
|
||||
*SubAuthority = DOMAIN_ALIAS_RID_ADMINS;
|
||||
SubAuthority = RtlSubAuthoritySid(SeAliasUsersSid, 0);
|
||||
*SubAuthority = SECURITY_BUILTIN_DOMAIN_RID;
|
||||
SubAuthority = RtlSubAuthoritySid(SeAliasUsersSid, 1);
|
||||
*SubAuthority = DOMAIN_ALIAS_RID_USERS;
|
||||
SubAuthority = RtlSubAuthoritySid(SeAliasGuestsSid, 0);
|
||||
*SubAuthority = SECURITY_BUILTIN_DOMAIN_RID;
|
||||
SubAuthority = RtlSubAuthoritySid(SeAliasGuestsSid, 1);
|
||||
*SubAuthority = DOMAIN_ALIAS_RID_GUESTS;
|
||||
SubAuthority = RtlSubAuthoritySid(SeAliasPowerUsersSid, 0);
|
||||
*SubAuthority = SECURITY_BUILTIN_DOMAIN_RID;
|
||||
SubAuthority = RtlSubAuthoritySid(SeAliasPowerUsersSid, 1);
|
||||
*SubAuthority = DOMAIN_ALIAS_RID_POWER_USERS;
|
||||
SubAuthority = RtlSubAuthoritySid(SeAliasAccountOpsSid, 0);
|
||||
*SubAuthority = SECURITY_BUILTIN_DOMAIN_RID;
|
||||
SubAuthority = RtlSubAuthoritySid(SeAliasAccountOpsSid, 1);
|
||||
*SubAuthority = DOMAIN_ALIAS_RID_ACCOUNT_OPS;
|
||||
SubAuthority = RtlSubAuthoritySid(SeAliasSystemOpsSid, 0);
|
||||
*SubAuthority = SECURITY_BUILTIN_DOMAIN_RID;
|
||||
SubAuthority = RtlSubAuthoritySid(SeAliasSystemOpsSid, 1);
|
||||
*SubAuthority = DOMAIN_ALIAS_RID_SYSTEM_OPS;
|
||||
SubAuthority = RtlSubAuthoritySid(SeAliasPrintOpsSid, 0);
|
||||
*SubAuthority = SECURITY_BUILTIN_DOMAIN_RID;
|
||||
SubAuthority = RtlSubAuthoritySid(SeAliasPrintOpsSid, 1);
|
||||
*SubAuthority = DOMAIN_ALIAS_RID_PRINT_OPS;
|
||||
SubAuthority = RtlSubAuthoritySid(SeAliasBackupOpsSid, 0);
|
||||
*SubAuthority = SECURITY_BUILTIN_DOMAIN_RID;
|
||||
SubAuthority = RtlSubAuthoritySid(SeAliasBackupOpsSid, 1);
|
||||
*SubAuthority = DOMAIN_ALIAS_RID_BACKUP_OPS;
|
||||
SubAuthority = RtlSubAuthoritySid(SeAuthenticatedUsersSid, 0);
|
||||
*SubAuthority = SECURITY_AUTHENTICATED_USER_RID;
|
||||
SubAuthority = RtlSubAuthoritySid(SeRestrictedSid, 0);
|
||||
*SubAuthority = SECURITY_RESTRICTED_CODE_RID;
|
||||
SubAuthority = RtlSubAuthoritySid(SeAnonymousLogonSid, 0);
|
||||
*SubAuthority = SECURITY_ANONYMOUS_LOGON_RID;
|
||||
SubAuthority = RtlSubAuthoritySid(SeNullSid, 0);
|
||||
*SubAuthority = SECURITY_NULL_RID;
|
||||
SubAuthority = RtlSubAuthoritySid(SeWorldSid, 0);
|
||||
*SubAuthority = SECURITY_WORLD_RID;
|
||||
SubAuthority = RtlSubAuthoritySid(SeLocalSid, 0);
|
||||
*SubAuthority = SECURITY_LOCAL_RID;
|
||||
SubAuthority = RtlSubAuthoritySid(SeCreatorOwnerSid, 0);
|
||||
*SubAuthority = SECURITY_CREATOR_OWNER_RID;
|
||||
SubAuthority = RtlSubAuthoritySid(SeCreatorGroupSid, 0);
|
||||
*SubAuthority = SECURITY_CREATOR_GROUP_RID;
|
||||
SubAuthority = RtlSubAuthoritySid(SeCreatorOwnerServerSid, 0);
|
||||
*SubAuthority = SECURITY_CREATOR_OWNER_SERVER_RID;
|
||||
SubAuthority = RtlSubAuthoritySid(SeCreatorGroupServerSid, 0);
|
||||
*SubAuthority = SECURITY_CREATOR_GROUP_SERVER_RID;
|
||||
SubAuthority = RtlSubAuthoritySid(SeDialupSid, 0);
|
||||
*SubAuthority = SECURITY_DIALUP_RID;
|
||||
SubAuthority = RtlSubAuthoritySid(SeNetworkSid, 0);
|
||||
*SubAuthority = SECURITY_NETWORK_RID;
|
||||
SubAuthority = RtlSubAuthoritySid(SeBatchSid, 0);
|
||||
*SubAuthority = SECURITY_BATCH_RID;
|
||||
SubAuthority = RtlSubAuthoritySid(SeInteractiveSid, 0);
|
||||
*SubAuthority = SECURITY_INTERACTIVE_RID;
|
||||
SubAuthority = RtlSubAuthoritySid(SeServiceSid, 0);
|
||||
*SubAuthority = SECURITY_SERVICE_RID;
|
||||
SubAuthority = RtlSubAuthoritySid(SePrincipalSelfSid, 0);
|
||||
*SubAuthority = SECURITY_PRINCIPAL_SELF_RID;
|
||||
SubAuthority = RtlSubAuthoritySid(SeLocalSystemSid, 0);
|
||||
*SubAuthority = SECURITY_LOCAL_SYSTEM_RID;
|
||||
SubAuthority = RtlSubAuthoritySid(SeAuthenticatedUserSid, 0);
|
||||
*SubAuthority = SECURITY_AUTHENTICATED_USER_RID;
|
||||
SubAuthority = RtlSubAuthoritySid(SeRestrictedCodeSid, 0);
|
||||
*SubAuthority = SECURITY_RESTRICTED_CODE_RID;
|
||||
SubAuthority = RtlSubAuthoritySid(SeAliasAdminsSid, 0);
|
||||
*SubAuthority = SECURITY_BUILTIN_DOMAIN_RID;
|
||||
SubAuthority = RtlSubAuthoritySid(SeAliasAdminsSid, 1);
|
||||
*SubAuthority = DOMAIN_ALIAS_RID_ADMINS;
|
||||
SubAuthority = RtlSubAuthoritySid(SeAliasUsersSid, 0);
|
||||
*SubAuthority = SECURITY_BUILTIN_DOMAIN_RID;
|
||||
SubAuthority = RtlSubAuthoritySid(SeAliasUsersSid, 1);
|
||||
*SubAuthority = DOMAIN_ALIAS_RID_USERS;
|
||||
SubAuthority = RtlSubAuthoritySid(SeAliasGuestsSid, 0);
|
||||
*SubAuthority = SECURITY_BUILTIN_DOMAIN_RID;
|
||||
SubAuthority = RtlSubAuthoritySid(SeAliasGuestsSid, 1);
|
||||
*SubAuthority = DOMAIN_ALIAS_RID_GUESTS;
|
||||
SubAuthority = RtlSubAuthoritySid(SeAliasPowerUsersSid, 0);
|
||||
*SubAuthority = SECURITY_BUILTIN_DOMAIN_RID;
|
||||
SubAuthority = RtlSubAuthoritySid(SeAliasPowerUsersSid, 1);
|
||||
*SubAuthority = DOMAIN_ALIAS_RID_POWER_USERS;
|
||||
SubAuthority = RtlSubAuthoritySid(SeAliasAccountOpsSid, 0);
|
||||
*SubAuthority = SECURITY_BUILTIN_DOMAIN_RID;
|
||||
SubAuthority = RtlSubAuthoritySid(SeAliasAccountOpsSid, 1);
|
||||
*SubAuthority = DOMAIN_ALIAS_RID_ACCOUNT_OPS;
|
||||
SubAuthority = RtlSubAuthoritySid(SeAliasSystemOpsSid, 0);
|
||||
*SubAuthority = SECURITY_BUILTIN_DOMAIN_RID;
|
||||
SubAuthority = RtlSubAuthoritySid(SeAliasSystemOpsSid, 1);
|
||||
*SubAuthority = DOMAIN_ALIAS_RID_SYSTEM_OPS;
|
||||
SubAuthority = RtlSubAuthoritySid(SeAliasPrintOpsSid, 0);
|
||||
*SubAuthority = SECURITY_BUILTIN_DOMAIN_RID;
|
||||
SubAuthority = RtlSubAuthoritySid(SeAliasPrintOpsSid, 1);
|
||||
*SubAuthority = DOMAIN_ALIAS_RID_PRINT_OPS;
|
||||
SubAuthority = RtlSubAuthoritySid(SeAliasBackupOpsSid, 0);
|
||||
*SubAuthority = SECURITY_BUILTIN_DOMAIN_RID;
|
||||
SubAuthority = RtlSubAuthoritySid(SeAliasBackupOpsSid, 1);
|
||||
*SubAuthority = DOMAIN_ALIAS_RID_BACKUP_OPS;
|
||||
SubAuthority = RtlSubAuthoritySid(SeAuthenticatedUsersSid, 0);
|
||||
*SubAuthority = SECURITY_AUTHENTICATED_USER_RID;
|
||||
SubAuthority = RtlSubAuthoritySid(SeRestrictedSid, 0);
|
||||
*SubAuthority = SECURITY_RESTRICTED_CODE_RID;
|
||||
SubAuthority = RtlSubAuthoritySid(SeAnonymousLogonSid, 0);
|
||||
*SubAuthority = SECURITY_ANONYMOUS_LOGON_RID;
|
||||
|
||||
return(TRUE);
|
||||
return(TRUE);
|
||||
}
|
||||
|
||||
NTSTATUS
|
||||
|
@ -234,86 +230,86 @@ SepCaptureSid(IN PSID InputSid,
|
|||
IN BOOLEAN CaptureIfKernel,
|
||||
OUT PSID *CapturedSid)
|
||||
{
|
||||
ULONG SidSize = 0;
|
||||
PISID NewSid, Sid = (PISID)InputSid;
|
||||
NTSTATUS Status = STATUS_SUCCESS;
|
||||
ULONG SidSize = 0;
|
||||
PISID NewSid, Sid = (PISID)InputSid;
|
||||
NTSTATUS Status = STATUS_SUCCESS;
|
||||
|
||||
PAGED_CODE();
|
||||
PAGED_CODE();
|
||||
|
||||
if(AccessMode != KernelMode)
|
||||
{
|
||||
_SEH_TRY
|
||||
if(AccessMode != KernelMode)
|
||||
{
|
||||
ProbeForRead(Sid,
|
||||
FIELD_OFFSET(SID,
|
||||
SubAuthority),
|
||||
sizeof(UCHAR));
|
||||
SidSize = RtlLengthRequiredSid(Sid->SubAuthorityCount);
|
||||
ProbeForRead(Sid,
|
||||
SidSize,
|
||||
sizeof(UCHAR));
|
||||
}
|
||||
_SEH_HANDLE
|
||||
{
|
||||
Status = _SEH_GetExceptionCode();
|
||||
}
|
||||
_SEH_END;
|
||||
|
||||
if(NT_SUCCESS(Status))
|
||||
{
|
||||
/* allocate a SID and copy it */
|
||||
NewSid = ExAllocatePool(PoolType,
|
||||
SidSize);
|
||||
if(NewSid != NULL)
|
||||
{
|
||||
_SEH_TRY
|
||||
{
|
||||
RtlCopyMemory(NewSid,
|
||||
Sid,
|
||||
SidSize);
|
||||
|
||||
*CapturedSid = NewSid;
|
||||
ProbeForRead(Sid,
|
||||
FIELD_OFFSET(SID,
|
||||
SubAuthority),
|
||||
sizeof(UCHAR));
|
||||
SidSize = RtlLengthRequiredSid(Sid->SubAuthorityCount);
|
||||
ProbeForRead(Sid,
|
||||
SidSize,
|
||||
sizeof(UCHAR));
|
||||
}
|
||||
_SEH_HANDLE
|
||||
{
|
||||
ExFreePool(NewSid);
|
||||
Status = _SEH_GetExceptionCode();
|
||||
Status = _SEH_GetExceptionCode();
|
||||
}
|
||||
_SEH_END;
|
||||
}
|
||||
else
|
||||
{
|
||||
Status = STATUS_INSUFFICIENT_RESOURCES;
|
||||
}
|
||||
|
||||
if(NT_SUCCESS(Status))
|
||||
{
|
||||
/* allocate a SID and copy it */
|
||||
NewSid = ExAllocatePool(PoolType,
|
||||
SidSize);
|
||||
if(NewSid != NULL)
|
||||
{
|
||||
_SEH_TRY
|
||||
{
|
||||
RtlCopyMemory(NewSid,
|
||||
Sid,
|
||||
SidSize);
|
||||
|
||||
*CapturedSid = NewSid;
|
||||
}
|
||||
_SEH_HANDLE
|
||||
{
|
||||
ExFreePool(NewSid);
|
||||
Status = _SEH_GetExceptionCode();
|
||||
}
|
||||
_SEH_END;
|
||||
}
|
||||
else
|
||||
{
|
||||
Status = STATUS_INSUFFICIENT_RESOURCES;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
else if(!CaptureIfKernel)
|
||||
{
|
||||
*CapturedSid = InputSid;
|
||||
return STATUS_SUCCESS;
|
||||
}
|
||||
else
|
||||
{
|
||||
SidSize = RtlLengthRequiredSid(Sid->SubAuthorityCount);
|
||||
|
||||
/* allocate a SID and copy it */
|
||||
NewSid = ExAllocatePool(PoolType,
|
||||
SidSize);
|
||||
if(NewSid != NULL)
|
||||
else if(!CaptureIfKernel)
|
||||
{
|
||||
RtlCopyMemory(NewSid,
|
||||
Sid,
|
||||
SidSize);
|
||||
|
||||
*CapturedSid = NewSid;
|
||||
*CapturedSid = InputSid;
|
||||
return STATUS_SUCCESS;
|
||||
}
|
||||
else
|
||||
{
|
||||
Status = STATUS_INSUFFICIENT_RESOURCES;
|
||||
}
|
||||
}
|
||||
SidSize = RtlLengthRequiredSid(Sid->SubAuthorityCount);
|
||||
|
||||
return Status;
|
||||
/* allocate a SID and copy it */
|
||||
NewSid = ExAllocatePool(PoolType,
|
||||
SidSize);
|
||||
if(NewSid != NULL)
|
||||
{
|
||||
RtlCopyMemory(NewSid,
|
||||
Sid,
|
||||
SidSize);
|
||||
|
||||
*CapturedSid = NewSid;
|
||||
}
|
||||
else
|
||||
{
|
||||
Status = STATUS_INSUFFICIENT_RESOURCES;
|
||||
}
|
||||
}
|
||||
|
||||
return Status;
|
||||
}
|
||||
|
||||
VOID
|
||||
|
@ -322,14 +318,14 @@ SepReleaseSid(IN PSID CapturedSid,
|
|||
IN KPROCESSOR_MODE AccessMode,
|
||||
IN BOOLEAN CaptureIfKernel)
|
||||
{
|
||||
PAGED_CODE();
|
||||
PAGED_CODE();
|
||||
|
||||
if(CapturedSid != NULL &&
|
||||
(AccessMode != KernelMode ||
|
||||
(AccessMode == KernelMode && CaptureIfKernel)))
|
||||
{
|
||||
ExFreePool(CapturedSid);
|
||||
}
|
||||
if(CapturedSid != NULL &&
|
||||
(AccessMode != KernelMode ||
|
||||
(AccessMode == KernelMode && CaptureIfKernel)))
|
||||
{
|
||||
ExFreePool(CapturedSid);
|
||||
}
|
||||
}
|
||||
|
||||
/* EOF */
|
||||
|
|
File diff suppressed because it is too large
Load diff
Loading…
Reference in a new issue