mirror of
https://github.com/reactos/reactos.git
synced 2024-06-26 07:51:52 +00:00
[FORMATTING]
No code changes. svn path=/trunk/; revision=47383
This commit is contained in:
parent
4e25539b71
commit
f0910f33d3
|
@ -30,11 +30,12 @@ SeCaptureSubjectContextEx(IN PETHREAD Thread,
|
|||
OUT PSECURITY_SUBJECT_CONTEXT SubjectContext)
|
||||
{
|
||||
BOOLEAN CopyOnOpen, EffectiveOnly;
|
||||
|
||||
PAGED_CODE();
|
||||
|
||||
|
||||
/* Save the unique ID */
|
||||
SubjectContext->ProcessAuditId = Process->UniqueProcessId;
|
||||
|
||||
|
||||
/* Check if we have a thread */
|
||||
if (!Thread)
|
||||
{
|
||||
|
@ -49,7 +50,7 @@ SeCaptureSubjectContextEx(IN PETHREAD Thread,
|
|||
&EffectiveOnly,
|
||||
&SubjectContext->ImpersonationLevel);
|
||||
}
|
||||
|
||||
|
||||
/* Get the primary token */
|
||||
SubjectContext->PrimaryToken = PsReferencePrimaryToken(Process);
|
||||
}
|
||||
|
@ -75,7 +76,7 @@ NTAPI
|
|||
SeLockSubjectContext(IN PSECURITY_SUBJECT_CONTEXT SubjectContext)
|
||||
{
|
||||
PAGED_CODE();
|
||||
|
||||
|
||||
KeEnterCriticalRegion();
|
||||
ExAcquireResourceExclusiveLite(&SepSubjectContextLock, TRUE);
|
||||
}
|
||||
|
@ -88,7 +89,7 @@ NTAPI
|
|||
SeUnlockSubjectContext(IN PSECURITY_SUBJECT_CONTEXT SubjectContext)
|
||||
{
|
||||
PAGED_CODE();
|
||||
|
||||
|
||||
ExReleaseResourceLite(&SepSubjectContextLock);
|
||||
KeLeaveCriticalRegion();
|
||||
}
|
||||
|
@ -101,12 +102,12 @@ NTAPI
|
|||
SeReleaseSubjectContext(IN PSECURITY_SUBJECT_CONTEXT SubjectContext)
|
||||
{
|
||||
PAGED_CODE();
|
||||
|
||||
|
||||
if (SubjectContext->PrimaryToken != NULL)
|
||||
{
|
||||
ObFastDereferenceObject(&PsGetCurrentProcess()->Token, SubjectContext->PrimaryToken);
|
||||
}
|
||||
|
||||
|
||||
if (SubjectContext->ClientToken != NULL)
|
||||
{
|
||||
ObDereferenceObject(SubjectContext->ClientToken);
|
||||
|
@ -127,6 +128,7 @@ SeCreateAccessStateEx(IN PETHREAD Thread,
|
|||
{
|
||||
ACCESS_MASK AccessMask = Access;
|
||||
PTOKEN Token;
|
||||
|
||||
PAGED_CODE();
|
||||
|
||||
/* Map the Generic Acess to Specific Access if we have a Mapping */
|
||||
|
@ -150,9 +152,9 @@ SeCreateAccessStateEx(IN PETHREAD Thread,
|
|||
ExpAllocateLocallyUniqueId(&AccessState->OperationID);
|
||||
|
||||
/* Get the Token to use */
|
||||
Token = AccessState->SubjectSecurityContext.ClientToken ?
|
||||
(PTOKEN)&AccessState->SubjectSecurityContext.ClientToken :
|
||||
(PTOKEN)&AccessState->SubjectSecurityContext.PrimaryToken;
|
||||
Token = AccessState->SubjectSecurityContext.ClientToken ?
|
||||
(PTOKEN)&AccessState->SubjectSecurityContext.ClientToken :
|
||||
(PTOKEN)&AccessState->SubjectSecurityContext.PrimaryToken;
|
||||
|
||||
/* Check for Travers Privilege */
|
||||
if (Token->TokenFlags & TOKEN_HAS_TRAVERSE_PRIVILEGE)
|
||||
|
@ -200,6 +202,7 @@ NTAPI
|
|||
SeDeleteAccessState(IN PACCESS_STATE AccessState)
|
||||
{
|
||||
PAUX_ACCESS_DATA AuxData;
|
||||
|
||||
PAGED_CODE();
|
||||
|
||||
/* Get the Auxiliary Data */
|
||||
|
@ -213,7 +216,8 @@ SeDeleteAccessState(IN PACCESS_STATE AccessState)
|
|||
{
|
||||
ExFreePool(AccessState->ObjectName.Buffer);
|
||||
}
|
||||
if (AccessState->ObjectTypeName.Buffer)
|
||||
|
||||
if (AccessState->ObjectTypeName.Buffer)
|
||||
{
|
||||
ExFreePool(AccessState->ObjectTypeName.Buffer);
|
||||
}
|
||||
|
@ -252,8 +256,9 @@ SeCreateClientSecurity(IN PETHREAD Thread,
|
|||
PACCESS_TOKEN Token;
|
||||
NTSTATUS Status;
|
||||
PACCESS_TOKEN NewToken;
|
||||
|
||||
PAGED_CODE();
|
||||
|
||||
|
||||
Token = PsReferenceEffectiveToken(Thread,
|
||||
&TokenType,
|
||||
&ThreadEffectiveOnly,
|
||||
|
@ -269,7 +274,7 @@ SeCreateClientSecurity(IN PETHREAD Thread,
|
|||
if (Token) ObDereferenceObject(Token);
|
||||
return STATUS_BAD_IMPERSONATION_LEVEL;
|
||||
}
|
||||
|
||||
|
||||
if ((ImpersonationLevel == SecurityAnonymous) ||
|
||||
(ImpersonationLevel == SecurityIdentification) ||
|
||||
((RemoteClient) && (ImpersonationLevel != SecurityDelegation)))
|
||||
|
@ -277,12 +282,11 @@ SeCreateClientSecurity(IN PETHREAD Thread,
|
|||
if (Token) ObDereferenceObject(Token);
|
||||
return STATUS_BAD_IMPERSONATION_LEVEL;
|
||||
}
|
||||
|
||||
|
||||
ClientContext->DirectAccessEffectiveOnly = ((ThreadEffectiveOnly) ||
|
||||
(Qos->EffectiveOnly)) ?
|
||||
TRUE : FALSE;
|
||||
(Qos->EffectiveOnly)) ? TRUE : FALSE;
|
||||
}
|
||||
|
||||
|
||||
if (Qos->ContextTrackingMode == SECURITY_STATIC_TRACKING)
|
||||
{
|
||||
ClientContext->DirectlyAccessClientToken = FALSE;
|
||||
|
@ -299,10 +303,10 @@ SeCreateClientSecurity(IN PETHREAD Thread,
|
|||
&ClientContext->ClientTokenControl);
|
||||
#endif
|
||||
}
|
||||
|
||||
|
||||
NewToken = Token;
|
||||
}
|
||||
|
||||
|
||||
ClientContext->SecurityQos.Length = sizeof(SECURITY_QUALITY_OF_SERVICE);
|
||||
ClientContext->SecurityQos.ImpersonationLevel = Qos->ImpersonationLevel;
|
||||
ClientContext->SecurityQos.ContextTrackingMode = Qos->ContextTrackingMode;
|
||||
|
@ -347,9 +351,9 @@ SeImpersonateClient(IN PSECURITY_CLIENT_CONTEXT ClientContext,
|
|||
IN PETHREAD ServerThread OPTIONAL)
|
||||
{
|
||||
UCHAR b;
|
||||
|
||||
|
||||
PAGED_CODE();
|
||||
|
||||
|
||||
if (ClientContext->DirectlyAccessClientToken == FALSE)
|
||||
{
|
||||
b = ClientContext->SecurityQos.EffectiveOnly;
|
||||
|
@ -358,10 +362,12 @@ SeImpersonateClient(IN PSECURITY_CLIENT_CONTEXT ClientContext,
|
|||
{
|
||||
b = ClientContext->DirectAccessEffectiveOnly;
|
||||
}
|
||||
|
||||
if (ServerThread == NULL)
|
||||
{
|
||||
ServerThread = PsGetCurrentThread();
|
||||
}
|
||||
|
||||
PsImpersonateClient(ServerThread,
|
||||
ClientContext->ClientToken,
|
||||
1,
|
||||
|
|
|
@ -34,189 +34,188 @@ NTAPI
|
|||
SepInitDACLs(VOID)
|
||||
{
|
||||
ULONG AclLength;
|
||||
|
||||
|
||||
/* create PublicDefaultDacl */
|
||||
AclLength = sizeof(ACL) +
|
||||
(sizeof(ACE) + RtlLengthSid(SeWorldSid)) +
|
||||
(sizeof(ACE) + RtlLengthSid(SeLocalSystemSid));
|
||||
|
||||
(sizeof(ACE) + RtlLengthSid(SeWorldSid)) +
|
||||
(sizeof(ACE) + RtlLengthSid(SeLocalSystemSid));
|
||||
|
||||
SePublicDefaultDacl = ExAllocatePoolWithTag(PagedPool,
|
||||
AclLength,
|
||||
TAG_ACL);
|
||||
if (SePublicDefaultDacl == NULL)
|
||||
return FALSE;
|
||||
|
||||
|
||||
RtlCreateAcl(SePublicDefaultDacl,
|
||||
AclLength,
|
||||
ACL_REVISION);
|
||||
|
||||
|
||||
RtlAddAccessAllowedAce(SePublicDefaultDacl,
|
||||
ACL_REVISION,
|
||||
GENERIC_EXECUTE,
|
||||
SeWorldSid);
|
||||
|
||||
|
||||
RtlAddAccessAllowedAce(SePublicDefaultDacl,
|
||||
ACL_REVISION,
|
||||
GENERIC_ALL,
|
||||
SeLocalSystemSid);
|
||||
|
||||
|
||||
|
||||
/* create PublicDefaultUnrestrictedDacl */
|
||||
AclLength = sizeof(ACL) +
|
||||
(sizeof(ACE) + RtlLengthSid(SeWorldSid)) +
|
||||
(sizeof(ACE) + RtlLengthSid(SeLocalSystemSid)) +
|
||||
(sizeof(ACE) + RtlLengthSid(SeAliasAdminsSid)) +
|
||||
(sizeof(ACE) + RtlLengthSid(SeRestrictedCodeSid));
|
||||
|
||||
(sizeof(ACE) + RtlLengthSid(SeWorldSid)) +
|
||||
(sizeof(ACE) + RtlLengthSid(SeLocalSystemSid)) +
|
||||
(sizeof(ACE) + RtlLengthSid(SeAliasAdminsSid)) +
|
||||
(sizeof(ACE) + RtlLengthSid(SeRestrictedCodeSid));
|
||||
|
||||
SePublicDefaultUnrestrictedDacl = ExAllocatePoolWithTag(PagedPool,
|
||||
AclLength,
|
||||
TAG_ACL);
|
||||
if (SePublicDefaultUnrestrictedDacl == NULL)
|
||||
return FALSE;
|
||||
|
||||
|
||||
RtlCreateAcl(SePublicDefaultUnrestrictedDacl,
|
||||
AclLength,
|
||||
ACL_REVISION);
|
||||
|
||||
|
||||
RtlAddAccessAllowedAce(SePublicDefaultUnrestrictedDacl,
|
||||
ACL_REVISION,
|
||||
GENERIC_EXECUTE,
|
||||
SeWorldSid);
|
||||
|
||||
|
||||
RtlAddAccessAllowedAce(SePublicDefaultUnrestrictedDacl,
|
||||
ACL_REVISION,
|
||||
GENERIC_ALL,
|
||||
SeLocalSystemSid);
|
||||
|
||||
|
||||
RtlAddAccessAllowedAce(SePublicDefaultUnrestrictedDacl,
|
||||
ACL_REVISION,
|
||||
GENERIC_ALL,
|
||||
SeAliasAdminsSid);
|
||||
|
||||
|
||||
RtlAddAccessAllowedAce(SePublicDefaultUnrestrictedDacl,
|
||||
ACL_REVISION,
|
||||
GENERIC_READ | GENERIC_EXECUTE | READ_CONTROL,
|
||||
SeRestrictedCodeSid);
|
||||
|
||||
|
||||
/* create PublicOpenDacl */
|
||||
AclLength = sizeof(ACL) +
|
||||
(sizeof(ACE) + RtlLengthSid(SeWorldSid)) +
|
||||
(sizeof(ACE) + RtlLengthSid(SeLocalSystemSid)) +
|
||||
(sizeof(ACE) + RtlLengthSid(SeAliasAdminsSid));
|
||||
|
||||
(sizeof(ACE) + RtlLengthSid(SeWorldSid)) +
|
||||
(sizeof(ACE) + RtlLengthSid(SeLocalSystemSid)) +
|
||||
(sizeof(ACE) + RtlLengthSid(SeAliasAdminsSid));
|
||||
|
||||
SePublicOpenDacl = ExAllocatePoolWithTag(PagedPool,
|
||||
AclLength,
|
||||
TAG_ACL);
|
||||
if (SePublicOpenDacl == NULL)
|
||||
return FALSE;
|
||||
|
||||
|
||||
RtlCreateAcl(SePublicOpenDacl,
|
||||
AclLength,
|
||||
ACL_REVISION);
|
||||
|
||||
|
||||
RtlAddAccessAllowedAce(SePublicOpenDacl,
|
||||
ACL_REVISION,
|
||||
GENERIC_READ | GENERIC_WRITE | GENERIC_EXECUTE,
|
||||
SeWorldSid);
|
||||
|
||||
|
||||
RtlAddAccessAllowedAce(SePublicOpenDacl,
|
||||
ACL_REVISION,
|
||||
GENERIC_ALL,
|
||||
SeLocalSystemSid);
|
||||
|
||||
|
||||
RtlAddAccessAllowedAce(SePublicOpenDacl,
|
||||
ACL_REVISION,
|
||||
GENERIC_ALL,
|
||||
SeAliasAdminsSid);
|
||||
|
||||
|
||||
/* create PublicOpenUnrestrictedDacl */
|
||||
AclLength = sizeof(ACL) +
|
||||
(sizeof(ACE) + RtlLengthSid(SeWorldSid)) +
|
||||
(sizeof(ACE) + RtlLengthSid(SeLocalSystemSid)) +
|
||||
(sizeof(ACE) + RtlLengthSid(SeAliasAdminsSid)) +
|
||||
(sizeof(ACE) + RtlLengthSid(SeRestrictedCodeSid));
|
||||
|
||||
(sizeof(ACE) + RtlLengthSid(SeWorldSid)) +
|
||||
(sizeof(ACE) + RtlLengthSid(SeLocalSystemSid)) +
|
||||
(sizeof(ACE) + RtlLengthSid(SeAliasAdminsSid)) +
|
||||
(sizeof(ACE) + RtlLengthSid(SeRestrictedCodeSid));
|
||||
|
||||
SePublicOpenUnrestrictedDacl = ExAllocatePoolWithTag(PagedPool,
|
||||
AclLength,
|
||||
TAG_ACL);
|
||||
if (SePublicOpenUnrestrictedDacl == NULL)
|
||||
return FALSE;
|
||||
|
||||
|
||||
RtlCreateAcl(SePublicOpenUnrestrictedDacl,
|
||||
AclLength,
|
||||
ACL_REVISION);
|
||||
|
||||
|
||||
RtlAddAccessAllowedAce(SePublicOpenUnrestrictedDacl,
|
||||
ACL_REVISION,
|
||||
GENERIC_ALL,
|
||||
SeWorldSid);
|
||||
|
||||
|
||||
RtlAddAccessAllowedAce(SePublicOpenUnrestrictedDacl,
|
||||
ACL_REVISION,
|
||||
GENERIC_ALL,
|
||||
SeLocalSystemSid);
|
||||
|
||||
|
||||
RtlAddAccessAllowedAce(SePublicOpenUnrestrictedDacl,
|
||||
ACL_REVISION,
|
||||
GENERIC_ALL,
|
||||
SeAliasAdminsSid);
|
||||
|
||||
|
||||
RtlAddAccessAllowedAce(SePublicOpenUnrestrictedDacl,
|
||||
ACL_REVISION,
|
||||
GENERIC_READ | GENERIC_EXECUTE,
|
||||
SeRestrictedCodeSid);
|
||||
|
||||
|
||||
/* create SystemDefaultDacl */
|
||||
AclLength = sizeof(ACL) +
|
||||
(sizeof(ACE) + RtlLengthSid(SeLocalSystemSid)) +
|
||||
(sizeof(ACE) + RtlLengthSid(SeAliasAdminsSid));
|
||||
|
||||
(sizeof(ACE) + RtlLengthSid(SeLocalSystemSid)) +
|
||||
(sizeof(ACE) + RtlLengthSid(SeAliasAdminsSid));
|
||||
|
||||
SeSystemDefaultDacl = ExAllocatePoolWithTag(PagedPool,
|
||||
AclLength,
|
||||
TAG_ACL);
|
||||
if (SeSystemDefaultDacl == NULL)
|
||||
return FALSE;
|
||||
|
||||
|
||||
RtlCreateAcl(SeSystemDefaultDacl,
|
||||
AclLength,
|
||||
ACL_REVISION);
|
||||
|
||||
|
||||
RtlAddAccessAllowedAce(SeSystemDefaultDacl,
|
||||
ACL_REVISION,
|
||||
GENERIC_ALL,
|
||||
SeLocalSystemSid);
|
||||
|
||||
|
||||
RtlAddAccessAllowedAce(SeSystemDefaultDacl,
|
||||
ACL_REVISION,
|
||||
GENERIC_READ | GENERIC_EXECUTE | READ_CONTROL,
|
||||
SeAliasAdminsSid);
|
||||
|
||||
|
||||
/* create UnrestrictedDacl */
|
||||
AclLength = sizeof(ACL) +
|
||||
(sizeof(ACE) + RtlLengthSid(SeWorldSid)) +
|
||||
(sizeof(ACE) + RtlLengthSid(SeRestrictedCodeSid));
|
||||
|
||||
(sizeof(ACE) + RtlLengthSid(SeWorldSid)) +
|
||||
(sizeof(ACE) + RtlLengthSid(SeRestrictedCodeSid));
|
||||
|
||||
SeUnrestrictedDacl = ExAllocatePoolWithTag(PagedPool,
|
||||
AclLength,
|
||||
TAG_ACL);
|
||||
if (SeUnrestrictedDacl == NULL)
|
||||
return FALSE;
|
||||
|
||||
|
||||
RtlCreateAcl(SeUnrestrictedDacl,
|
||||
AclLength,
|
||||
ACL_REVISION);
|
||||
|
||||
|
||||
RtlAddAccessAllowedAce(SeUnrestrictedDacl,
|
||||
ACL_REVISION,
|
||||
GENERIC_ALL,
|
||||
SeWorldSid);
|
||||
|
||||
|
||||
RtlAddAccessAllowedAce(SeUnrestrictedDacl,
|
||||
ACL_REVISION,
|
||||
GENERIC_READ | GENERIC_EXECUTE,
|
||||
SeRestrictedCodeSid);
|
||||
|
||||
return(TRUE);
|
||||
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
NTSTATUS NTAPI
|
||||
|
@ -226,22 +225,22 @@ SepCreateImpersonationTokenDacl(PTOKEN Token,
|
|||
{
|
||||
ULONG AclLength;
|
||||
PVOID TokenDacl;
|
||||
|
||||
|
||||
PAGED_CODE();
|
||||
|
||||
|
||||
AclLength = sizeof(ACL) +
|
||||
(sizeof(ACE) + RtlLengthSid(SeAliasAdminsSid)) +
|
||||
(sizeof(ACE) + RtlLengthSid(SeRestrictedCodeSid)) +
|
||||
(sizeof(ACE) + RtlLengthSid(SeLocalSystemSid)) +
|
||||
(sizeof(ACE) + RtlLengthSid(Token->UserAndGroups->Sid)) +
|
||||
(sizeof(ACE) + RtlLengthSid(PrimaryToken->UserAndGroups->Sid));
|
||||
|
||||
|
||||
TokenDacl = ExAllocatePoolWithTag(PagedPool, AclLength, TAG_ACL);
|
||||
if (TokenDacl == NULL)
|
||||
{
|
||||
return STATUS_INSUFFICIENT_RESOURCES;
|
||||
}
|
||||
|
||||
|
||||
RtlCreateAcl(TokenDacl, AclLength, ACL_REVISION);
|
||||
RtlAddAccessAllowedAce(TokenDacl, ACL_REVISION, GENERIC_ALL,
|
||||
Token->UserAndGroups->Sid);
|
||||
|
@ -251,7 +250,7 @@ SepCreateImpersonationTokenDacl(PTOKEN Token,
|
|||
SeAliasAdminsSid);
|
||||
RtlAddAccessAllowedAce(TokenDacl, ACL_REVISION, GENERIC_ALL,
|
||||
SeLocalSystemSid);
|
||||
|
||||
|
||||
/* FIXME */
|
||||
#if 0
|
||||
if (Token->RestrictedSids != NULL || PrimaryToken->RestrictedSids != NULL)
|
||||
|
@ -260,7 +259,7 @@ SepCreateImpersonationTokenDacl(PTOKEN Token,
|
|||
SeRestrictedCodeSid);
|
||||
}
|
||||
#endif
|
||||
|
||||
|
||||
return STATUS_SUCCESS;
|
||||
}
|
||||
|
||||
|
@ -275,9 +274,9 @@ SepCaptureAcl(IN PACL InputAcl,
|
|||
PACL NewAcl;
|
||||
ULONG AclSize = 0;
|
||||
NTSTATUS Status = STATUS_SUCCESS;
|
||||
|
||||
|
||||
PAGED_CODE();
|
||||
|
||||
|
||||
if (AccessMode != KernelMode)
|
||||
{
|
||||
_SEH2_TRY
|
||||
|
@ -296,10 +295,10 @@ SepCaptureAcl(IN PACL InputAcl,
|
|||
_SEH2_YIELD(return _SEH2_GetExceptionCode());
|
||||
}
|
||||
_SEH2_END;
|
||||
|
||||
|
||||
NewAcl = ExAllocatePool(PoolType,
|
||||
AclSize);
|
||||
if(NewAcl != NULL)
|
||||
if (NewAcl != NULL)
|
||||
{
|
||||
_SEH2_TRY
|
||||
{
|
||||
|
@ -322,23 +321,23 @@ SepCaptureAcl(IN PACL InputAcl,
|
|||
Status = STATUS_INSUFFICIENT_RESOURCES;
|
||||
}
|
||||
}
|
||||
else if(!CaptureIfKernel)
|
||||
else if (!CaptureIfKernel)
|
||||
{
|
||||
*CapturedAcl = InputAcl;
|
||||
}
|
||||
else
|
||||
{
|
||||
AclSize = InputAcl->AclSize;
|
||||
|
||||
|
||||
NewAcl = ExAllocatePool(PoolType,
|
||||
AclSize);
|
||||
|
||||
if(NewAcl != NULL)
|
||||
|
||||
if (NewAcl != NULL)
|
||||
{
|
||||
RtlCopyMemory(NewAcl,
|
||||
InputAcl,
|
||||
AclSize);
|
||||
|
||||
|
||||
*CapturedAcl = NewAcl;
|
||||
}
|
||||
else
|
||||
|
@ -346,7 +345,7 @@ SepCaptureAcl(IN PACL InputAcl,
|
|||
Status = STATUS_INSUFFICIENT_RESOURCES;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
return Status;
|
||||
}
|
||||
|
||||
|
@ -357,10 +356,10 @@ SepReleaseAcl(IN PACL CapturedAcl,
|
|||
IN BOOLEAN CaptureIfKernel)
|
||||
{
|
||||
PAGED_CODE();
|
||||
|
||||
if(CapturedAcl != NULL &&
|
||||
(AccessMode != KernelMode ||
|
||||
(AccessMode == KernelMode && CaptureIfKernel)))
|
||||
|
||||
if (CapturedAcl != NULL &&
|
||||
(AccessMode != KernelMode ||
|
||||
(AccessMode == KernelMode && CaptureIfKernel)))
|
||||
{
|
||||
ExFreePool(CapturedAcl);
|
||||
}
|
||||
|
|
|
@ -4,7 +4,7 @@
|
|||
* FILE: ntoskrnl/se/audit.c
|
||||
* PURPOSE: Audit functions
|
||||
*
|
||||
* PROGRAMMERS: Eric Kohl <eric.kohl@t-online.de>
|
||||
* PROGRAMMERS: Eric Kohl
|
||||
*/
|
||||
|
||||
/* INCLUDES *******************************************************************/
|
||||
|
@ -47,6 +47,7 @@ SeInitializeProcessAuditName(IN PFILE_OBJECT FileObject,
|
|||
POBJECT_NAME_INFORMATION ObjectNameInfo = NULL;
|
||||
ULONG ReturnLength = 8;
|
||||
NTSTATUS Status;
|
||||
|
||||
PAGED_CODE();
|
||||
ASSERT(AuditInfo);
|
||||
|
||||
|
@ -120,6 +121,7 @@ SeLocateProcessImageName(IN PEPROCESS Process,
|
|||
PUNICODE_STRING ImageName;
|
||||
PFILE_OBJECT FileObject;
|
||||
NTSTATUS Status = STATUS_SUCCESS;
|
||||
|
||||
PAGED_CODE();
|
||||
|
||||
/* Assume failure */
|
||||
|
@ -189,7 +191,7 @@ SeAuditHardLinkCreation(IN PUNICODE_STRING FileName,
|
|||
IN PUNICODE_STRING LinkName,
|
||||
IN BOOLEAN bSuccess)
|
||||
{
|
||||
UNIMPLEMENTED;
|
||||
UNIMPLEMENTED;
|
||||
}
|
||||
|
||||
/*
|
||||
|
@ -200,8 +202,8 @@ NTAPI
|
|||
SeAuditingFileEvents(IN BOOLEAN AccessGranted,
|
||||
IN PSECURITY_DESCRIPTOR SecurityDescriptor)
|
||||
{
|
||||
UNIMPLEMENTED;
|
||||
return FALSE;
|
||||
UNIMPLEMENTED;
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
/*
|
||||
|
@ -213,8 +215,8 @@ SeAuditingFileEventsWithContext(IN BOOLEAN AccessGranted,
|
|||
IN PSECURITY_DESCRIPTOR SecurityDescriptor,
|
||||
IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext OPTIONAL)
|
||||
{
|
||||
UNIMPLEMENTED;
|
||||
return FALSE;
|
||||
UNIMPLEMENTED;
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
/*
|
||||
|
@ -225,8 +227,8 @@ NTAPI
|
|||
SeAuditingHardLinkEvents(IN BOOLEAN AccessGranted,
|
||||
IN PSECURITY_DESCRIPTOR SecurityDescriptor)
|
||||
{
|
||||
UNIMPLEMENTED;
|
||||
return FALSE;
|
||||
UNIMPLEMENTED;
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
/*
|
||||
|
@ -238,8 +240,8 @@ SeAuditingHardLinkEventsWithContext(IN BOOLEAN AccessGranted,
|
|||
IN PSECURITY_DESCRIPTOR SecurityDescriptor,
|
||||
IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext OPTIONAL)
|
||||
{
|
||||
UNIMPLEMENTED;
|
||||
return FALSE;
|
||||
UNIMPLEMENTED;
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
/*
|
||||
|
@ -251,8 +253,8 @@ SeAuditingFileOrGlobalEvents(IN BOOLEAN AccessGranted,
|
|||
IN PSECURITY_DESCRIPTOR SecurityDescriptor,
|
||||
IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext)
|
||||
{
|
||||
UNIMPLEMENTED;
|
||||
return FALSE;
|
||||
UNIMPLEMENTED;
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
/*
|
||||
|
@ -260,13 +262,11 @@ SeAuditingFileOrGlobalEvents(IN BOOLEAN AccessGranted,
|
|||
*/
|
||||
VOID
|
||||
NTAPI
|
||||
SeCloseObjectAuditAlarm(
|
||||
IN PVOID Object,
|
||||
SeCloseObjectAuditAlarm(IN PVOID Object,
|
||||
IN HANDLE Handle,
|
||||
IN BOOLEAN PerformAction
|
||||
)
|
||||
IN BOOLEAN PerformAction)
|
||||
{
|
||||
UNIMPLEMENTED;
|
||||
UNIMPLEMENTED;
|
||||
}
|
||||
|
||||
/*
|
||||
|
@ -295,10 +295,10 @@ SeOpenObjectAuditAlarm(IN PUNICODE_STRING ObjectTypeName,
|
|||
OUT PBOOLEAN GenerateOnClose)
|
||||
{
|
||||
PAGED_CODE();
|
||||
|
||||
|
||||
/* Audits aren't done on kernel-mode access */
|
||||
if (AccessMode == KernelMode) return;
|
||||
|
||||
|
||||
/* Otherwise, unimplemented! */
|
||||
//UNIMPLEMENTED;
|
||||
return;
|
||||
|
@ -333,7 +333,7 @@ SePrivilegeObjectAuditAlarm(IN HANDLE Handle,
|
|||
IN BOOLEAN AccessGranted,
|
||||
IN KPROCESSOR_MODE CurrentMode)
|
||||
{
|
||||
UNIMPLEMENTED;
|
||||
UNIMPLEMENTED;
|
||||
}
|
||||
|
||||
/* SYSTEM CALLS ***************************************************************/
|
||||
|
@ -363,7 +363,7 @@ NtCloseObjectAuditAlarm(IN PUNICODE_STRING SubsystemName,
|
|||
IN BOOLEAN GenerateOnClose)
|
||||
{
|
||||
UNIMPLEMENTED;
|
||||
return(STATUS_NOT_IMPLEMENTED);
|
||||
return STATUS_NOT_IMPLEMENTED;
|
||||
}
|
||||
|
||||
|
||||
|
@ -373,7 +373,7 @@ NtDeleteObjectAuditAlarm(IN PUNICODE_STRING SubsystemName,
|
|||
IN BOOLEAN GenerateOnClose)
|
||||
{
|
||||
UNIMPLEMENTED;
|
||||
return(STATUS_NOT_IMPLEMENTED);
|
||||
return STATUS_NOT_IMPLEMENTED;
|
||||
}
|
||||
|
||||
|
||||
|
@ -392,7 +392,7 @@ NtOpenObjectAuditAlarm(IN PUNICODE_STRING SubsystemName,
|
|||
OUT PBOOLEAN GenerateOnClose)
|
||||
{
|
||||
UNIMPLEMENTED;
|
||||
return(STATUS_NOT_IMPLEMENTED);
|
||||
return STATUS_NOT_IMPLEMENTED;
|
||||
}
|
||||
|
||||
|
||||
|
@ -404,7 +404,7 @@ NtPrivilegedServiceAuditAlarm(IN PUNICODE_STRING SubsystemName,
|
|||
IN BOOLEAN AccessGranted)
|
||||
{
|
||||
UNIMPLEMENTED;
|
||||
return(STATUS_NOT_IMPLEMENTED);
|
||||
return STATUS_NOT_IMPLEMENTED;
|
||||
}
|
||||
|
||||
|
||||
|
@ -417,7 +417,7 @@ NtPrivilegeObjectAuditAlarm(IN PUNICODE_STRING SubsystemName,
|
|||
IN BOOLEAN AccessGranted)
|
||||
{
|
||||
UNIMPLEMENTED;
|
||||
return(STATUS_NOT_IMPLEMENTED);
|
||||
return STATUS_NOT_IMPLEMENTED;
|
||||
}
|
||||
|
||||
/* EOF */
|
||||
|
|
|
@ -110,8 +110,8 @@ NTSTATUS
|
|||
NTAPI
|
||||
SeMarkLogonSessionForTerminationNotification(IN PLUID LogonId)
|
||||
{
|
||||
UNIMPLEMENTED;
|
||||
return STATUS_NOT_IMPLEMENTED;
|
||||
UNIMPLEMENTED;
|
||||
return STATUS_NOT_IMPLEMENTED;
|
||||
}
|
||||
|
||||
/*
|
||||
|
@ -121,8 +121,8 @@ NTSTATUS
|
|||
NTAPI
|
||||
SeRegisterLogonSessionTerminatedRoutine(IN PSE_LOGON_SESSION_TERMINATED_ROUTINE CallbackRoutine)
|
||||
{
|
||||
UNIMPLEMENTED;
|
||||
return STATUS_NOT_IMPLEMENTED;
|
||||
UNIMPLEMENTED;
|
||||
return STATUS_NOT_IMPLEMENTED;
|
||||
}
|
||||
|
||||
/*
|
||||
|
@ -132,8 +132,8 @@ NTSTATUS
|
|||
NTAPI
|
||||
SeUnregisterLogonSessionTerminatedRoutine(IN PSE_LOGON_SESSION_TERMINATED_ROUTINE CallbackRoutine)
|
||||
{
|
||||
UNIMPLEMENTED;
|
||||
return STATUS_NOT_IMPLEMENTED;
|
||||
UNIMPLEMENTED;
|
||||
return STATUS_NOT_IMPLEMENTED;
|
||||
}
|
||||
|
||||
/* EOF */
|
||||
|
|
|
@ -51,7 +51,7 @@ LUID SeEnableDelegationPrivilege;
|
|||
VOID
|
||||
INIT_FUNCTION
|
||||
NTAPI
|
||||
SepInitPrivileges (VOID)
|
||||
SepInitPrivileges(VOID)
|
||||
{
|
||||
SeCreateTokenPrivilege.LowPart = SE_CREATE_TOKEN_PRIVILEGE;
|
||||
SeCreateTokenPrivilege.HighPart = 0;
|
||||
|
@ -110,25 +110,25 @@ SepInitPrivileges (VOID)
|
|||
|
||||
BOOLEAN
|
||||
NTAPI
|
||||
SepPrivilegeCheck (PTOKEN Token,
|
||||
PLUID_AND_ATTRIBUTES Privileges,
|
||||
ULONG PrivilegeCount,
|
||||
ULONG PrivilegeControl,
|
||||
KPROCESSOR_MODE PreviousMode)
|
||||
SepPrivilegeCheck(PTOKEN Token,
|
||||
PLUID_AND_ATTRIBUTES Privileges,
|
||||
ULONG PrivilegeCount,
|
||||
ULONG PrivilegeControl,
|
||||
KPROCESSOR_MODE PreviousMode)
|
||||
{
|
||||
ULONG i;
|
||||
ULONG j;
|
||||
ULONG k;
|
||||
|
||||
DPRINT ("SepPrivilegeCheck() called\n");
|
||||
|
||||
|
||||
DPRINT("SepPrivilegeCheck() called\n");
|
||||
|
||||
PAGED_CODE();
|
||||
|
||||
|
||||
if (PreviousMode == KernelMode)
|
||||
{
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
|
||||
k = 0;
|
||||
if (PrivilegeCount > 0)
|
||||
{
|
||||
|
@ -139,10 +139,10 @@ SepPrivilegeCheck (PTOKEN Token,
|
|||
if (Token->Privileges[i].Luid.LowPart == Privileges[j].Luid.LowPart &&
|
||||
Token->Privileges[i].Luid.HighPart == Privileges[j].Luid.HighPart)
|
||||
{
|
||||
DPRINT ("Found privilege\n");
|
||||
DPRINT ("Privilege attributes %lx\n",
|
||||
Token->Privileges[i].Attributes);
|
||||
|
||||
DPRINT("Found privilege\n");
|
||||
DPRINT("Privilege attributes %lx\n",
|
||||
Token->Privileges[i].Attributes);
|
||||
|
||||
if (Token->Privileges[i].Attributes & SE_PRIVILEGE_ENABLED)
|
||||
{
|
||||
Privileges[j].Attributes |= SE_PRIVILEGE_USED_FOR_ACCESS;
|
||||
|
@ -152,58 +152,58 @@ SepPrivilegeCheck (PTOKEN Token,
|
|||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
if ((PrivilegeControl & PRIVILEGE_SET_ALL_NECESSARY) &&
|
||||
PrivilegeCount == k)
|
||||
{
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
|
||||
if (k > 0 &&
|
||||
!(PrivilegeControl & PRIVILEGE_SET_ALL_NECESSARY))
|
||||
{
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
NTSTATUS
|
||||
NTAPI
|
||||
SeCaptureLuidAndAttributesArray (PLUID_AND_ATTRIBUTES Src,
|
||||
ULONG PrivilegeCount,
|
||||
KPROCESSOR_MODE PreviousMode,
|
||||
PLUID_AND_ATTRIBUTES AllocatedMem,
|
||||
ULONG AllocatedLength,
|
||||
POOL_TYPE PoolType,
|
||||
BOOLEAN CaptureIfKernel,
|
||||
PLUID_AND_ATTRIBUTES* Dest,
|
||||
PULONG Length)
|
||||
SeCaptureLuidAndAttributesArray(PLUID_AND_ATTRIBUTES Src,
|
||||
ULONG PrivilegeCount,
|
||||
KPROCESSOR_MODE PreviousMode,
|
||||
PLUID_AND_ATTRIBUTES AllocatedMem,
|
||||
ULONG AllocatedLength,
|
||||
POOL_TYPE PoolType,
|
||||
BOOLEAN CaptureIfKernel,
|
||||
PLUID_AND_ATTRIBUTES *Dest,
|
||||
PULONG Length)
|
||||
{
|
||||
ULONG BufferSize;
|
||||
NTSTATUS Status = STATUS_SUCCESS;
|
||||
|
||||
|
||||
PAGED_CODE();
|
||||
|
||||
|
||||
if (PrivilegeCount == 0)
|
||||
{
|
||||
*Dest = 0;
|
||||
*Length = 0;
|
||||
return STATUS_SUCCESS;
|
||||
}
|
||||
|
||||
|
||||
if (PreviousMode == KernelMode && !CaptureIfKernel)
|
||||
{
|
||||
*Dest = Src;
|
||||
return STATUS_SUCCESS;
|
||||
}
|
||||
|
||||
|
||||
/* FIXME - check PrivilegeCount for a valid number so we don't
|
||||
cause an integer overflow or exhaust system resources! */
|
||||
|
||||
|
||||
BufferSize = PrivilegeCount * sizeof(LUID_AND_ATTRIBUTES);
|
||||
*Length = ROUND_UP(BufferSize, 4); /* round up to a 4 byte alignment */
|
||||
|
||||
|
||||
/* probe the buffer */
|
||||
if (PreviousMode != KernelMode)
|
||||
{
|
||||
|
@ -220,7 +220,7 @@ SeCaptureLuidAndAttributesArray (PLUID_AND_ATTRIBUTES Src,
|
|||
}
|
||||
_SEH2_END;
|
||||
}
|
||||
|
||||
|
||||
/* allocate enough memory or check if the provided buffer is
|
||||
large enough to hold the array */
|
||||
if (AllocatedMem != NULL)
|
||||
|
@ -229,14 +229,13 @@ SeCaptureLuidAndAttributesArray (PLUID_AND_ATTRIBUTES Src,
|
|||
{
|
||||
return STATUS_BUFFER_TOO_SMALL;
|
||||
}
|
||||
|
||||
|
||||
*Dest = AllocatedMem;
|
||||
}
|
||||
else
|
||||
{
|
||||
*Dest = ExAllocatePool(PoolType,
|
||||
BufferSize);
|
||||
|
||||
if (*Dest == NULL)
|
||||
{
|
||||
return STATUS_INSUFFICIENT_RESOURCES;
|
||||
|
@ -255,23 +254,23 @@ SeCaptureLuidAndAttributesArray (PLUID_AND_ATTRIBUTES Src,
|
|||
Status = _SEH2_GetExceptionCode();
|
||||
}
|
||||
_SEH2_END;
|
||||
|
||||
|
||||
if (!NT_SUCCESS(Status) && AllocatedMem == NULL)
|
||||
{
|
||||
ExFreePool(*Dest);
|
||||
}
|
||||
|
||||
|
||||
return Status;
|
||||
}
|
||||
|
||||
VOID
|
||||
NTAPI
|
||||
SeReleaseLuidAndAttributesArray (PLUID_AND_ATTRIBUTES Privilege,
|
||||
KPROCESSOR_MODE PreviousMode,
|
||||
BOOLEAN CaptureIfKernel)
|
||||
SeReleaseLuidAndAttributesArray(PLUID_AND_ATTRIBUTES Privilege,
|
||||
KPROCESSOR_MODE PreviousMode,
|
||||
BOOLEAN CaptureIfKernel)
|
||||
{
|
||||
PAGED_CODE();
|
||||
|
||||
|
||||
if (Privilege != NULL &&
|
||||
(PreviousMode != KernelMode || CaptureIfKernel))
|
||||
{
|
||||
|
@ -307,15 +306,16 @@ SeFreePrivileges(IN PPRIVILEGE_SET Privileges)
|
|||
/*
|
||||
* @implemented
|
||||
*/
|
||||
BOOLEAN NTAPI
|
||||
SePrivilegeCheck (PPRIVILEGE_SET Privileges,
|
||||
PSECURITY_SUBJECT_CONTEXT SubjectContext,
|
||||
KPROCESSOR_MODE PreviousMode)
|
||||
BOOLEAN
|
||||
NTAPI
|
||||
SePrivilegeCheck(PPRIVILEGE_SET Privileges,
|
||||
PSECURITY_SUBJECT_CONTEXT SubjectContext,
|
||||
KPROCESSOR_MODE PreviousMode)
|
||||
{
|
||||
PACCESS_TOKEN Token = NULL;
|
||||
|
||||
|
||||
PAGED_CODE();
|
||||
|
||||
|
||||
if (SubjectContext->ClientToken == NULL)
|
||||
{
|
||||
Token = SubjectContext->PrimaryToken;
|
||||
|
@ -328,58 +328,60 @@ SePrivilegeCheck (PPRIVILEGE_SET Privileges,
|
|||
return FALSE;
|
||||
}
|
||||
}
|
||||
|
||||
return SepPrivilegeCheck (Token,
|
||||
Privileges->Privilege,
|
||||
Privileges->PrivilegeCount,
|
||||
Privileges->Control,
|
||||
PreviousMode);
|
||||
|
||||
return SepPrivilegeCheck(Token,
|
||||
Privileges->Privilege,
|
||||
Privileges->PrivilegeCount,
|
||||
Privileges->Control,
|
||||
PreviousMode);
|
||||
}
|
||||
|
||||
/*
|
||||
* @implemented
|
||||
*/
|
||||
BOOLEAN NTAPI
|
||||
SeSinglePrivilegeCheck (IN LUID PrivilegeValue,
|
||||
IN KPROCESSOR_MODE PreviousMode)
|
||||
BOOLEAN
|
||||
NTAPI
|
||||
SeSinglePrivilegeCheck(IN LUID PrivilegeValue,
|
||||
IN KPROCESSOR_MODE PreviousMode)
|
||||
{
|
||||
SECURITY_SUBJECT_CONTEXT SubjectContext;
|
||||
PRIVILEGE_SET Priv;
|
||||
BOOLEAN Result;
|
||||
|
||||
|
||||
PAGED_CODE();
|
||||
|
||||
SeCaptureSubjectContext (&SubjectContext);
|
||||
|
||||
|
||||
SeCaptureSubjectContext(&SubjectContext);
|
||||
|
||||
Priv.PrivilegeCount = 1;
|
||||
Priv.Control = PRIVILEGE_SET_ALL_NECESSARY;
|
||||
Priv.Privilege[0].Luid = PrivilegeValue;
|
||||
Priv.Privilege[0].Attributes = SE_PRIVILEGE_ENABLED;
|
||||
|
||||
Result = SePrivilegeCheck (&Priv,
|
||||
&SubjectContext,
|
||||
PreviousMode);
|
||||
|
||||
|
||||
Result = SePrivilegeCheck(&Priv,
|
||||
&SubjectContext,
|
||||
PreviousMode);
|
||||
|
||||
if (PreviousMode != KernelMode)
|
||||
{
|
||||
#if 0
|
||||
SePrivilegedServiceAuditAlarm (0,
|
||||
&SubjectContext,
|
||||
&PrivilegeValue);
|
||||
SePrivilegedServiceAuditAlarm(0,
|
||||
&SubjectContext,
|
||||
&PrivilegeValue);
|
||||
#endif
|
||||
}
|
||||
|
||||
SeReleaseSubjectContext (&SubjectContext);
|
||||
|
||||
|
||||
SeReleaseSubjectContext(&SubjectContext);
|
||||
|
||||
return Result;
|
||||
}
|
||||
|
||||
/* SYSTEM CALLS ***************************************************************/
|
||||
|
||||
NTSTATUS NTAPI
|
||||
NtPrivilegeCheck (IN HANDLE ClientToken,
|
||||
IN PPRIVILEGE_SET RequiredPrivileges,
|
||||
OUT PBOOLEAN Result)
|
||||
NTSTATUS
|
||||
NTAPI
|
||||
NtPrivilegeCheck(IN HANDLE ClientToken,
|
||||
IN PPRIVILEGE_SET RequiredPrivileges,
|
||||
OUT PBOOLEAN Result)
|
||||
{
|
||||
PLUID_AND_ATTRIBUTES Privileges;
|
||||
PTOKEN Token;
|
||||
|
@ -389,11 +391,11 @@ NtPrivilegeCheck (IN HANDLE ClientToken,
|
|||
BOOLEAN CheckResult;
|
||||
KPROCESSOR_MODE PreviousMode;
|
||||
NTSTATUS Status;
|
||||
|
||||
|
||||
PAGED_CODE();
|
||||
|
||||
|
||||
PreviousMode = KeGetPreviousMode();
|
||||
|
||||
|
||||
/* probe the buffers */
|
||||
if (PreviousMode != KernelMode)
|
||||
{
|
||||
|
@ -403,10 +405,10 @@ NtPrivilegeCheck (IN HANDLE ClientToken,
|
|||
FIELD_OFFSET(PRIVILEGE_SET,
|
||||
Privilege),
|
||||
sizeof(ULONG));
|
||||
|
||||
|
||||
PrivilegeCount = RequiredPrivileges->PrivilegeCount;
|
||||
PrivilegeControl = RequiredPrivileges->Control;
|
||||
|
||||
|
||||
/* Check PrivilegeCount to avoid an integer overflow! */
|
||||
if (FIELD_OFFSET(PRIVILEGE_SET,
|
||||
Privilege[PrivilegeCount]) /
|
||||
|
@ -414,13 +416,13 @@ NtPrivilegeCheck (IN HANDLE ClientToken,
|
|||
{
|
||||
_SEH2_YIELD(return STATUS_INVALID_PARAMETER);
|
||||
}
|
||||
|
||||
|
||||
/* probe all of the array */
|
||||
ProbeForWrite(RequiredPrivileges,
|
||||
FIELD_OFFSET(PRIVILEGE_SET,
|
||||
Privilege[PrivilegeCount]),
|
||||
sizeof(ULONG));
|
||||
|
||||
|
||||
ProbeForWriteBoolean(Result);
|
||||
}
|
||||
_SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
|
||||
|
@ -435,51 +437,51 @@ NtPrivilegeCheck (IN HANDLE ClientToken,
|
|||
PrivilegeCount = RequiredPrivileges->PrivilegeCount;
|
||||
PrivilegeControl = RequiredPrivileges->Control;
|
||||
}
|
||||
|
||||
|
||||
/* reference the token and make sure we're
|
||||
not doing an anonymous impersonation */
|
||||
Status = ObReferenceObjectByHandle (ClientToken,
|
||||
TOKEN_QUERY,
|
||||
SepTokenObjectType,
|
||||
PreviousMode,
|
||||
(PVOID*)&Token,
|
||||
NULL);
|
||||
Status = ObReferenceObjectByHandle(ClientToken,
|
||||
TOKEN_QUERY,
|
||||
SepTokenObjectType,
|
||||
PreviousMode,
|
||||
(PVOID*)&Token,
|
||||
NULL);
|
||||
if (!NT_SUCCESS(Status))
|
||||
{
|
||||
return Status;
|
||||
}
|
||||
|
||||
|
||||
if (Token->TokenType == TokenImpersonation &&
|
||||
Token->ImpersonationLevel < SecurityIdentification)
|
||||
{
|
||||
ObDereferenceObject (Token);
|
||||
ObDereferenceObject(Token);
|
||||
return STATUS_BAD_IMPERSONATION_LEVEL;
|
||||
}
|
||||
|
||||
|
||||
/* capture the privileges */
|
||||
Status = SeCaptureLuidAndAttributesArray (RequiredPrivileges->Privilege,
|
||||
PrivilegeCount,
|
||||
PreviousMode,
|
||||
NULL,
|
||||
0,
|
||||
PagedPool,
|
||||
TRUE,
|
||||
&Privileges,
|
||||
&Length);
|
||||
Status = SeCaptureLuidAndAttributesArray(RequiredPrivileges->Privilege,
|
||||
PrivilegeCount,
|
||||
PreviousMode,
|
||||
NULL,
|
||||
0,
|
||||
PagedPool,
|
||||
TRUE,
|
||||
&Privileges,
|
||||
&Length);
|
||||
if (!NT_SUCCESS(Status))
|
||||
{
|
||||
ObDereferenceObject (Token);
|
||||
return Status;
|
||||
}
|
||||
|
||||
CheckResult = SepPrivilegeCheck (Token,
|
||||
Privileges,
|
||||
PrivilegeCount,
|
||||
PrivilegeControl,
|
||||
PreviousMode);
|
||||
|
||||
ObDereferenceObject (Token);
|
||||
|
||||
|
||||
CheckResult = SepPrivilegeCheck(Token,
|
||||
Privileges,
|
||||
PrivilegeCount,
|
||||
PrivilegeControl,
|
||||
PreviousMode);
|
||||
|
||||
ObDereferenceObject(Token);
|
||||
|
||||
/* return the array */
|
||||
_SEH2_TRY
|
||||
{
|
||||
|
@ -494,13 +496,12 @@ NtPrivilegeCheck (IN HANDLE ClientToken,
|
|||
Status = _SEH2_GetExceptionCode();
|
||||
}
|
||||
_SEH2_END;
|
||||
|
||||
SeReleaseLuidAndAttributesArray (Privileges,
|
||||
PreviousMode,
|
||||
TRUE);
|
||||
|
||||
|
||||
SeReleaseLuidAndAttributesArray(Privileges,
|
||||
PreviousMode,
|
||||
TRUE);
|
||||
|
||||
return Status;
|
||||
}
|
||||
|
||||
|
||||
/* EOF */
|
||||
|
|
File diff suppressed because it is too large
Load diff
|
@ -17,13 +17,15 @@
|
|||
|
||||
PSE_EXPORTS SeExports = NULL;
|
||||
SE_EXPORTS SepExports;
|
||||
ULONG SidInTokenCalls = 0;
|
||||
|
||||
extern ULONG ExpInitializationPhase;
|
||||
extern ERESOURCE SepSubjectContextLock;
|
||||
|
||||
/* PRIVATE FUNCTIONS **********************************************************/
|
||||
|
||||
static BOOLEAN INIT_FUNCTION
|
||||
static BOOLEAN
|
||||
INIT_FUNCTION
|
||||
SepInitExports(VOID)
|
||||
{
|
||||
SepExports.SeCreateTokenPrivilege = SeCreateTokenPrivilege;
|
||||
|
@ -118,6 +120,7 @@ NTAPI
|
|||
SepInitializationPhase1(VOID)
|
||||
{
|
||||
NTSTATUS Status;
|
||||
|
||||
PAGED_CODE();
|
||||
|
||||
/* Insert the system token into the tree */
|
||||
|
@ -279,8 +282,6 @@ SeDefaultObjectMethod(IN PVOID Object,
|
|||
return STATUS_SUCCESS;
|
||||
}
|
||||
|
||||
ULONG SidInTokenCalls = 0;
|
||||
|
||||
static BOOLEAN
|
||||
SepSidInToken(PACCESS_TOKEN _Token,
|
||||
PSID Sid)
|
||||
|
@ -292,7 +293,7 @@ SepSidInToken(PACCESS_TOKEN _Token,
|
|||
|
||||
SidInTokenCalls++;
|
||||
if (!(SidInTokenCalls % 10000)) DPRINT1("SidInToken Calls: %d\n", SidInTokenCalls);
|
||||
|
||||
|
||||
if (Token->UserAndGroupCount == 0)
|
||||
{
|
||||
return FALSE;
|
||||
|
@ -340,7 +341,8 @@ SepTokenIsOwner(PACCESS_TOKEN Token,
|
|||
return SepSidInToken(Token, Sid);
|
||||
}
|
||||
|
||||
VOID NTAPI
|
||||
VOID
|
||||
NTAPI
|
||||
SeQuerySecurityAccessMask(IN SECURITY_INFORMATION SecurityInformation,
|
||||
OUT PACCESS_MASK DesiredAccess)
|
||||
{
|
||||
|
@ -351,13 +353,15 @@ SeQuerySecurityAccessMask(IN SECURITY_INFORMATION SecurityInformation,
|
|||
{
|
||||
*DesiredAccess |= READ_CONTROL;
|
||||
}
|
||||
|
||||
if (SecurityInformation & SACL_SECURITY_INFORMATION)
|
||||
{
|
||||
*DesiredAccess |= ACCESS_SYSTEM_SECURITY;
|
||||
}
|
||||
}
|
||||
|
||||
VOID NTAPI
|
||||
VOID
|
||||
NTAPI
|
||||
SeSetSecurityAccessMask(IN SECURITY_INFORMATION SecurityInformation,
|
||||
OUT PACCESS_MASK DesiredAccess)
|
||||
{
|
||||
|
@ -367,10 +371,12 @@ SeSetSecurityAccessMask(IN SECURITY_INFORMATION SecurityInformation,
|
|||
{
|
||||
*DesiredAccess |= WRITE_OWNER;
|
||||
}
|
||||
|
||||
if (SecurityInformation & DACL_SECURITY_INFORMATION)
|
||||
{
|
||||
*DesiredAccess |= WRITE_DAC;
|
||||
}
|
||||
|
||||
if (SecurityInformation & SACL_SECURITY_INFORMATION)
|
||||
{
|
||||
*DesiredAccess |= ACCESS_SYSTEM_SECURITY;
|
||||
|
@ -494,7 +500,7 @@ SepAccessCheck(IN PSECURITY_DESCRIPTOR SecurityDescriptor,
|
|||
{
|
||||
*GrantedAccess = DesiredAccess | PreviouslyGrantedAccess;
|
||||
}
|
||||
|
||||
|
||||
*AccessStatus = STATUS_SUCCESS;
|
||||
return TRUE;
|
||||
}
|
||||
|
@ -763,7 +769,8 @@ SepGetSDGroup(IN PSECURITY_DESCRIPTOR _SecurityDescriptor)
|
|||
/*
|
||||
* @implemented
|
||||
*/
|
||||
BOOLEAN NTAPI
|
||||
BOOLEAN
|
||||
NTAPI
|
||||
SeAccessCheck(IN PSECURITY_DESCRIPTOR SecurityDescriptor,
|
||||
IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext,
|
||||
IN BOOLEAN SubjectContextLocked,
|
||||
|
|
|
@ -99,11 +99,11 @@ SepInitSecurityIDs(VOID)
|
|||
ULONG SidLength1;
|
||||
ULONG SidLength2;
|
||||
PULONG SubAuthority;
|
||||
|
||||
|
||||
SidLength0 = RtlLengthRequiredSid(0);
|
||||
SidLength1 = RtlLengthRequiredSid(1);
|
||||
SidLength2 = RtlLengthRequiredSid(2);
|
||||
|
||||
|
||||
/* create NullSid */
|
||||
SeNullSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
|
||||
SeWorldSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
|
||||
|
@ -150,9 +150,9 @@ SepInitSecurityIDs(VOID)
|
|||
SeAnonymousLogonSid == NULL)
|
||||
{
|
||||
FreeInitializedSids();
|
||||
return(FALSE);
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
|
||||
RtlInitializeSid(SeNullSid, &SeNullSidAuthority, 1);
|
||||
RtlInitializeSid(SeWorldSid, &SeWorldSidAuthority, 1);
|
||||
RtlInitializeSid(SeLocalSid, &SeLocalSidAuthority, 1);
|
||||
|
@ -181,7 +181,7 @@ SepInitSecurityIDs(VOID)
|
|||
RtlInitializeSid(SeAuthenticatedUsersSid, &SeNtSidAuthority, 1);
|
||||
RtlInitializeSid(SeRestrictedSid, &SeNtSidAuthority, 1);
|
||||
RtlInitializeSid(SeAnonymousLogonSid, &SeNtSidAuthority, 1);
|
||||
|
||||
|
||||
SubAuthority = RtlSubAuthoritySid(SeNullSid, 0);
|
||||
*SubAuthority = SECURITY_NULL_RID;
|
||||
SubAuthority = RtlSubAuthoritySid(SeWorldSid, 0);
|
||||
|
@ -252,8 +252,8 @@ SepInitSecurityIDs(VOID)
|
|||
*SubAuthority = SECURITY_RESTRICTED_CODE_RID;
|
||||
SubAuthority = RtlSubAuthoritySid(SeAnonymousLogonSid, 0);
|
||||
*SubAuthority = SECURITY_ANONYMOUS_LOGON_RID;
|
||||
|
||||
return(TRUE);
|
||||
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
NTSTATUS
|
||||
|
@ -267,9 +267,9 @@ SepCaptureSid(IN PSID InputSid,
|
|||
ULONG SidSize = 0;
|
||||
PISID NewSid, Sid = (PISID)InputSid;
|
||||
NTSTATUS Status;
|
||||
|
||||
|
||||
PAGED_CODE();
|
||||
|
||||
|
||||
if (AccessMode != KernelMode)
|
||||
{
|
||||
_SEH2_TRY
|
||||
|
@ -289,11 +289,11 @@ SepCaptureSid(IN PSID InputSid,
|
|||
_SEH2_YIELD(return _SEH2_GetExceptionCode());
|
||||
}
|
||||
_SEH2_END;
|
||||
|
||||
|
||||
/* allocate a SID and copy it */
|
||||
NewSid = ExAllocatePool(PoolType,
|
||||
SidSize);
|
||||
if(NewSid != NULL)
|
||||
if (NewSid != NULL)
|
||||
{
|
||||
_SEH2_TRY
|
||||
{
|
||||
|
@ -316,7 +316,7 @@ SepCaptureSid(IN PSID InputSid,
|
|||
Status = STATUS_INSUFFICIENT_RESOURCES;
|
||||
}
|
||||
}
|
||||
else if(!CaptureIfKernel)
|
||||
else if (!CaptureIfKernel)
|
||||
{
|
||||
*CapturedSid = InputSid;
|
||||
return STATUS_SUCCESS;
|
||||
|
@ -324,16 +324,16 @@ SepCaptureSid(IN PSID InputSid,
|
|||
else
|
||||
{
|
||||
SidSize = RtlLengthRequiredSid(Sid->SubAuthorityCount);
|
||||
|
||||
|
||||
/* allocate a SID and copy it */
|
||||
NewSid = ExAllocatePool(PoolType,
|
||||
SidSize);
|
||||
if(NewSid != NULL)
|
||||
if (NewSid != NULL)
|
||||
{
|
||||
RtlCopyMemory(NewSid,
|
||||
Sid,
|
||||
SidSize);
|
||||
|
||||
|
||||
*CapturedSid = NewSid;
|
||||
}
|
||||
else
|
||||
|
@ -341,7 +341,7 @@ SepCaptureSid(IN PSID InputSid,
|
|||
Status = STATUS_INSUFFICIENT_RESOURCES;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
return Status;
|
||||
}
|
||||
|
||||
|
@ -352,10 +352,10 @@ SepReleaseSid(IN PSID CapturedSid,
|
|||
IN BOOLEAN CaptureIfKernel)
|
||||
{
|
||||
PAGED_CODE();
|
||||
|
||||
if(CapturedSid != NULL &&
|
||||
(AccessMode != KernelMode ||
|
||||
(AccessMode == KernelMode && CaptureIfKernel)))
|
||||
|
||||
if (CapturedSid != NULL &&
|
||||
(AccessMode != KernelMode ||
|
||||
(AccessMode == KernelMode && CaptureIfKernel)))
|
||||
{
|
||||
ExFreePool(CapturedSid);
|
||||
}
|
||||
|
|
File diff suppressed because it is too large
Load diff
Loading…
Reference in a new issue