From b28530d4acf3e3909fa89eda14f4945a941de0b3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?George=20Bi=C8=99oc?= Date: Sat, 13 Mar 2021 14:33:15 +0100 Subject: [PATCH] [NTOS:SE] Set up an ACL and SD for the anonymous logon --- ntoskrnl/include/internal/se.h | 2 ++ ntoskrnl/se/acl.c | 26 ++++++++++++++++++++++++++ ntoskrnl/se/sd.c | 14 ++++++++++++++ 3 files changed, 42 insertions(+) diff --git a/ntoskrnl/include/internal/se.h b/ntoskrnl/include/internal/se.h index 56a1287d8bf..cb812c2fbdc 100644 --- a/ntoskrnl/include/internal/se.h +++ b/ntoskrnl/include/internal/se.h @@ -187,6 +187,7 @@ extern PACL SePublicDefaultUnrestrictedDacl; extern PACL SePublicOpenDacl; extern PACL SePublicOpenUnrestrictedDacl; extern PACL SeUnrestrictedDacl; +extern PACL SeSystemAnonymousLogonDacl; /* SDs */ extern PSECURITY_DESCRIPTOR SePublicDefaultSd; @@ -195,6 +196,7 @@ extern PSECURITY_DESCRIPTOR SePublicOpenSd; extern PSECURITY_DESCRIPTOR SePublicOpenUnrestrictedSd; extern PSECURITY_DESCRIPTOR SeSystemDefaultSd; extern PSECURITY_DESCRIPTOR SeUnrestrictedSd; +extern PSECURITY_DESCRIPTOR SeSystemAnonymousLogonSd; #define SepAcquireTokenLockExclusive(Token) \ diff --git a/ntoskrnl/se/acl.c b/ntoskrnl/se/acl.c index 25635610a16..1da423b43c2 100644 --- a/ntoskrnl/se/acl.c +++ b/ntoskrnl/se/acl.c @@ -21,6 +21,7 @@ PACL SePublicDefaultUnrestrictedDacl = NULL; PACL SePublicOpenDacl = NULL; PACL SePublicOpenUnrestrictedDacl = NULL; PACL SeUnrestrictedDacl = NULL; +PACL SeSystemAnonymousLogonDacl = NULL; /* FUNCTIONS ******************************************************************/ @@ -217,6 +218,31 @@ SepInitDACLs(VOID) GENERIC_READ | GENERIC_EXECUTE, SeRestrictedCodeSid); + /* create SystemAnonymousLogonDacl */ + AclLength = sizeof(ACL) + + (sizeof(ACE) + RtlLengthSid(SeWorldSid)) + + (sizeof(ACE) + RtlLengthSid(SeAnonymousLogonSid)); + + SeSystemAnonymousLogonDacl = ExAllocatePoolWithTag(PagedPool, + AclLength, + TAG_ACL); + if (SeSystemAnonymousLogonDacl == NULL) + return FALSE; + + RtlCreateAcl(SeSystemAnonymousLogonDacl, + AclLength, + ACL_REVISION); + + RtlAddAccessAllowedAce(SeSystemAnonymousLogonDacl, + ACL_REVISION, + GENERIC_ALL, + SeWorldSid); + + RtlAddAccessAllowedAce(SeSystemAnonymousLogonDacl, + ACL_REVISION, + GENERIC_ALL, + SeAnonymousLogonSid); + return TRUE; } diff --git a/ntoskrnl/se/sd.c b/ntoskrnl/se/sd.c index ccf17bb8388..dca0db419ff 100644 --- a/ntoskrnl/se/sd.c +++ b/ntoskrnl/se/sd.c @@ -21,6 +21,7 @@ PSECURITY_DESCRIPTOR SePublicOpenSd = NULL; PSECURITY_DESCRIPTOR SePublicOpenUnrestrictedSd = NULL; PSECURITY_DESCRIPTOR SeSystemDefaultSd = NULL; PSECURITY_DESCRIPTOR SeUnrestrictedSd = NULL; +PSECURITY_DESCRIPTOR SeSystemAnonymousLogonSd = NULL; /* PRIVATE FUNCTIONS **********************************************************/ @@ -107,6 +108,19 @@ SepInitSDs(VOID) SeUnrestrictedDacl, FALSE); + /* Create SystemAnonymousLogonSd */ + SeSystemAnonymousLogonSd = ExAllocatePoolWithTag(PagedPool, + sizeof(SECURITY_DESCRIPTOR), TAG_SD); + if (SeSystemAnonymousLogonSd == NULL) + return FALSE; + + RtlCreateSecurityDescriptor(SeSystemAnonymousLogonSd, + SECURITY_DESCRIPTOR_REVISION); + RtlSetDaclSecurityDescriptor(SeSystemAnonymousLogonSd, + TRUE, + SeSystemAnonymousLogonDacl, + FALSE); + return TRUE; }