mirror of
https://github.com/reactos/reactos.git
synced 2024-07-01 02:10:07 +00:00
[FORMATTING]
No code changes. svn path=/trunk/; revision=47383
This commit is contained in:
parent
4e25539b71
commit
f0910f33d3
|
@ -30,6 +30,7 @@ SeCaptureSubjectContextEx(IN PETHREAD Thread,
|
||||||
OUT PSECURITY_SUBJECT_CONTEXT SubjectContext)
|
OUT PSECURITY_SUBJECT_CONTEXT SubjectContext)
|
||||||
{
|
{
|
||||||
BOOLEAN CopyOnOpen, EffectiveOnly;
|
BOOLEAN CopyOnOpen, EffectiveOnly;
|
||||||
|
|
||||||
PAGED_CODE();
|
PAGED_CODE();
|
||||||
|
|
||||||
/* Save the unique ID */
|
/* Save the unique ID */
|
||||||
|
@ -127,6 +128,7 @@ SeCreateAccessStateEx(IN PETHREAD Thread,
|
||||||
{
|
{
|
||||||
ACCESS_MASK AccessMask = Access;
|
ACCESS_MASK AccessMask = Access;
|
||||||
PTOKEN Token;
|
PTOKEN Token;
|
||||||
|
|
||||||
PAGED_CODE();
|
PAGED_CODE();
|
||||||
|
|
||||||
/* Map the Generic Acess to Specific Access if we have a Mapping */
|
/* Map the Generic Acess to Specific Access if we have a Mapping */
|
||||||
|
@ -200,6 +202,7 @@ NTAPI
|
||||||
SeDeleteAccessState(IN PACCESS_STATE AccessState)
|
SeDeleteAccessState(IN PACCESS_STATE AccessState)
|
||||||
{
|
{
|
||||||
PAUX_ACCESS_DATA AuxData;
|
PAUX_ACCESS_DATA AuxData;
|
||||||
|
|
||||||
PAGED_CODE();
|
PAGED_CODE();
|
||||||
|
|
||||||
/* Get the Auxiliary Data */
|
/* Get the Auxiliary Data */
|
||||||
|
@ -213,6 +216,7 @@ SeDeleteAccessState(IN PACCESS_STATE AccessState)
|
||||||
{
|
{
|
||||||
ExFreePool(AccessState->ObjectName.Buffer);
|
ExFreePool(AccessState->ObjectName.Buffer);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (AccessState->ObjectTypeName.Buffer)
|
if (AccessState->ObjectTypeName.Buffer)
|
||||||
{
|
{
|
||||||
ExFreePool(AccessState->ObjectTypeName.Buffer);
|
ExFreePool(AccessState->ObjectTypeName.Buffer);
|
||||||
|
@ -252,6 +256,7 @@ SeCreateClientSecurity(IN PETHREAD Thread,
|
||||||
PACCESS_TOKEN Token;
|
PACCESS_TOKEN Token;
|
||||||
NTSTATUS Status;
|
NTSTATUS Status;
|
||||||
PACCESS_TOKEN NewToken;
|
PACCESS_TOKEN NewToken;
|
||||||
|
|
||||||
PAGED_CODE();
|
PAGED_CODE();
|
||||||
|
|
||||||
Token = PsReferenceEffectiveToken(Thread,
|
Token = PsReferenceEffectiveToken(Thread,
|
||||||
|
@ -279,8 +284,7 @@ SeCreateClientSecurity(IN PETHREAD Thread,
|
||||||
}
|
}
|
||||||
|
|
||||||
ClientContext->DirectAccessEffectiveOnly = ((ThreadEffectiveOnly) ||
|
ClientContext->DirectAccessEffectiveOnly = ((ThreadEffectiveOnly) ||
|
||||||
(Qos->EffectiveOnly)) ?
|
(Qos->EffectiveOnly)) ? TRUE : FALSE;
|
||||||
TRUE : FALSE;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if (Qos->ContextTrackingMode == SECURITY_STATIC_TRACKING)
|
if (Qos->ContextTrackingMode == SECURITY_STATIC_TRACKING)
|
||||||
|
@ -358,10 +362,12 @@ SeImpersonateClient(IN PSECURITY_CLIENT_CONTEXT ClientContext,
|
||||||
{
|
{
|
||||||
b = ClientContext->DirectAccessEffectiveOnly;
|
b = ClientContext->DirectAccessEffectiveOnly;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (ServerThread == NULL)
|
if (ServerThread == NULL)
|
||||||
{
|
{
|
||||||
ServerThread = PsGetCurrentThread();
|
ServerThread = PsGetCurrentThread();
|
||||||
}
|
}
|
||||||
|
|
||||||
PsImpersonateClient(ServerThread,
|
PsImpersonateClient(ServerThread,
|
||||||
ClientContext->ClientToken,
|
ClientContext->ClientToken,
|
||||||
1,
|
1,
|
||||||
|
|
|
@ -60,7 +60,6 @@ SepInitDACLs(VOID)
|
||||||
GENERIC_ALL,
|
GENERIC_ALL,
|
||||||
SeLocalSystemSid);
|
SeLocalSystemSid);
|
||||||
|
|
||||||
|
|
||||||
/* create PublicDefaultUnrestrictedDacl */
|
/* create PublicDefaultUnrestrictedDacl */
|
||||||
AclLength = sizeof(ACL) +
|
AclLength = sizeof(ACL) +
|
||||||
(sizeof(ACE) + RtlLengthSid(SeWorldSid)) +
|
(sizeof(ACE) + RtlLengthSid(SeWorldSid)) +
|
||||||
|
@ -216,7 +215,7 @@ SepInitDACLs(VOID)
|
||||||
GENERIC_READ | GENERIC_EXECUTE,
|
GENERIC_READ | GENERIC_EXECUTE,
|
||||||
SeRestrictedCodeSid);
|
SeRestrictedCodeSid);
|
||||||
|
|
||||||
return(TRUE);
|
return TRUE;
|
||||||
}
|
}
|
||||||
|
|
||||||
NTSTATUS NTAPI
|
NTSTATUS NTAPI
|
||||||
|
@ -299,7 +298,7 @@ SepCaptureAcl(IN PACL InputAcl,
|
||||||
|
|
||||||
NewAcl = ExAllocatePool(PoolType,
|
NewAcl = ExAllocatePool(PoolType,
|
||||||
AclSize);
|
AclSize);
|
||||||
if(NewAcl != NULL)
|
if (NewAcl != NULL)
|
||||||
{
|
{
|
||||||
_SEH2_TRY
|
_SEH2_TRY
|
||||||
{
|
{
|
||||||
|
@ -322,7 +321,7 @@ SepCaptureAcl(IN PACL InputAcl,
|
||||||
Status = STATUS_INSUFFICIENT_RESOURCES;
|
Status = STATUS_INSUFFICIENT_RESOURCES;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
else if(!CaptureIfKernel)
|
else if (!CaptureIfKernel)
|
||||||
{
|
{
|
||||||
*CapturedAcl = InputAcl;
|
*CapturedAcl = InputAcl;
|
||||||
}
|
}
|
||||||
|
@ -333,7 +332,7 @@ SepCaptureAcl(IN PACL InputAcl,
|
||||||
NewAcl = ExAllocatePool(PoolType,
|
NewAcl = ExAllocatePool(PoolType,
|
||||||
AclSize);
|
AclSize);
|
||||||
|
|
||||||
if(NewAcl != NULL)
|
if (NewAcl != NULL)
|
||||||
{
|
{
|
||||||
RtlCopyMemory(NewAcl,
|
RtlCopyMemory(NewAcl,
|
||||||
InputAcl,
|
InputAcl,
|
||||||
|
@ -358,7 +357,7 @@ SepReleaseAcl(IN PACL CapturedAcl,
|
||||||
{
|
{
|
||||||
PAGED_CODE();
|
PAGED_CODE();
|
||||||
|
|
||||||
if(CapturedAcl != NULL &&
|
if (CapturedAcl != NULL &&
|
||||||
(AccessMode != KernelMode ||
|
(AccessMode != KernelMode ||
|
||||||
(AccessMode == KernelMode && CaptureIfKernel)))
|
(AccessMode == KernelMode && CaptureIfKernel)))
|
||||||
{
|
{
|
||||||
|
|
|
@ -4,7 +4,7 @@
|
||||||
* FILE: ntoskrnl/se/audit.c
|
* FILE: ntoskrnl/se/audit.c
|
||||||
* PURPOSE: Audit functions
|
* PURPOSE: Audit functions
|
||||||
*
|
*
|
||||||
* PROGRAMMERS: Eric Kohl <eric.kohl@t-online.de>
|
* PROGRAMMERS: Eric Kohl
|
||||||
*/
|
*/
|
||||||
|
|
||||||
/* INCLUDES *******************************************************************/
|
/* INCLUDES *******************************************************************/
|
||||||
|
@ -47,6 +47,7 @@ SeInitializeProcessAuditName(IN PFILE_OBJECT FileObject,
|
||||||
POBJECT_NAME_INFORMATION ObjectNameInfo = NULL;
|
POBJECT_NAME_INFORMATION ObjectNameInfo = NULL;
|
||||||
ULONG ReturnLength = 8;
|
ULONG ReturnLength = 8;
|
||||||
NTSTATUS Status;
|
NTSTATUS Status;
|
||||||
|
|
||||||
PAGED_CODE();
|
PAGED_CODE();
|
||||||
ASSERT(AuditInfo);
|
ASSERT(AuditInfo);
|
||||||
|
|
||||||
|
@ -120,6 +121,7 @@ SeLocateProcessImageName(IN PEPROCESS Process,
|
||||||
PUNICODE_STRING ImageName;
|
PUNICODE_STRING ImageName;
|
||||||
PFILE_OBJECT FileObject;
|
PFILE_OBJECT FileObject;
|
||||||
NTSTATUS Status = STATUS_SUCCESS;
|
NTSTATUS Status = STATUS_SUCCESS;
|
||||||
|
|
||||||
PAGED_CODE();
|
PAGED_CODE();
|
||||||
|
|
||||||
/* Assume failure */
|
/* Assume failure */
|
||||||
|
@ -260,11 +262,9 @@ SeAuditingFileOrGlobalEvents(IN BOOLEAN AccessGranted,
|
||||||
*/
|
*/
|
||||||
VOID
|
VOID
|
||||||
NTAPI
|
NTAPI
|
||||||
SeCloseObjectAuditAlarm(
|
SeCloseObjectAuditAlarm(IN PVOID Object,
|
||||||
IN PVOID Object,
|
|
||||||
IN HANDLE Handle,
|
IN HANDLE Handle,
|
||||||
IN BOOLEAN PerformAction
|
IN BOOLEAN PerformAction)
|
||||||
)
|
|
||||||
{
|
{
|
||||||
UNIMPLEMENTED;
|
UNIMPLEMENTED;
|
||||||
}
|
}
|
||||||
|
@ -363,7 +363,7 @@ NtCloseObjectAuditAlarm(IN PUNICODE_STRING SubsystemName,
|
||||||
IN BOOLEAN GenerateOnClose)
|
IN BOOLEAN GenerateOnClose)
|
||||||
{
|
{
|
||||||
UNIMPLEMENTED;
|
UNIMPLEMENTED;
|
||||||
return(STATUS_NOT_IMPLEMENTED);
|
return STATUS_NOT_IMPLEMENTED;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@ -373,7 +373,7 @@ NtDeleteObjectAuditAlarm(IN PUNICODE_STRING SubsystemName,
|
||||||
IN BOOLEAN GenerateOnClose)
|
IN BOOLEAN GenerateOnClose)
|
||||||
{
|
{
|
||||||
UNIMPLEMENTED;
|
UNIMPLEMENTED;
|
||||||
return(STATUS_NOT_IMPLEMENTED);
|
return STATUS_NOT_IMPLEMENTED;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@ -392,7 +392,7 @@ NtOpenObjectAuditAlarm(IN PUNICODE_STRING SubsystemName,
|
||||||
OUT PBOOLEAN GenerateOnClose)
|
OUT PBOOLEAN GenerateOnClose)
|
||||||
{
|
{
|
||||||
UNIMPLEMENTED;
|
UNIMPLEMENTED;
|
||||||
return(STATUS_NOT_IMPLEMENTED);
|
return STATUS_NOT_IMPLEMENTED;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@ -404,7 +404,7 @@ NtPrivilegedServiceAuditAlarm(IN PUNICODE_STRING SubsystemName,
|
||||||
IN BOOLEAN AccessGranted)
|
IN BOOLEAN AccessGranted)
|
||||||
{
|
{
|
||||||
UNIMPLEMENTED;
|
UNIMPLEMENTED;
|
||||||
return(STATUS_NOT_IMPLEMENTED);
|
return STATUS_NOT_IMPLEMENTED;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@ -417,7 +417,7 @@ NtPrivilegeObjectAuditAlarm(IN PUNICODE_STRING SubsystemName,
|
||||||
IN BOOLEAN AccessGranted)
|
IN BOOLEAN AccessGranted)
|
||||||
{
|
{
|
||||||
UNIMPLEMENTED;
|
UNIMPLEMENTED;
|
||||||
return(STATUS_NOT_IMPLEMENTED);
|
return STATUS_NOT_IMPLEMENTED;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* EOF */
|
/* EOF */
|
||||||
|
|
|
@ -51,7 +51,7 @@ LUID SeEnableDelegationPrivilege;
|
||||||
VOID
|
VOID
|
||||||
INIT_FUNCTION
|
INIT_FUNCTION
|
||||||
NTAPI
|
NTAPI
|
||||||
SepInitPrivileges (VOID)
|
SepInitPrivileges(VOID)
|
||||||
{
|
{
|
||||||
SeCreateTokenPrivilege.LowPart = SE_CREATE_TOKEN_PRIVILEGE;
|
SeCreateTokenPrivilege.LowPart = SE_CREATE_TOKEN_PRIVILEGE;
|
||||||
SeCreateTokenPrivilege.HighPart = 0;
|
SeCreateTokenPrivilege.HighPart = 0;
|
||||||
|
@ -110,7 +110,7 @@ SepInitPrivileges (VOID)
|
||||||
|
|
||||||
BOOLEAN
|
BOOLEAN
|
||||||
NTAPI
|
NTAPI
|
||||||
SepPrivilegeCheck (PTOKEN Token,
|
SepPrivilegeCheck(PTOKEN Token,
|
||||||
PLUID_AND_ATTRIBUTES Privileges,
|
PLUID_AND_ATTRIBUTES Privileges,
|
||||||
ULONG PrivilegeCount,
|
ULONG PrivilegeCount,
|
||||||
ULONG PrivilegeControl,
|
ULONG PrivilegeControl,
|
||||||
|
@ -120,7 +120,7 @@ SepPrivilegeCheck (PTOKEN Token,
|
||||||
ULONG j;
|
ULONG j;
|
||||||
ULONG k;
|
ULONG k;
|
||||||
|
|
||||||
DPRINT ("SepPrivilegeCheck() called\n");
|
DPRINT("SepPrivilegeCheck() called\n");
|
||||||
|
|
||||||
PAGED_CODE();
|
PAGED_CODE();
|
||||||
|
|
||||||
|
@ -139,8 +139,8 @@ SepPrivilegeCheck (PTOKEN Token,
|
||||||
if (Token->Privileges[i].Luid.LowPart == Privileges[j].Luid.LowPart &&
|
if (Token->Privileges[i].Luid.LowPart == Privileges[j].Luid.LowPart &&
|
||||||
Token->Privileges[i].Luid.HighPart == Privileges[j].Luid.HighPart)
|
Token->Privileges[i].Luid.HighPart == Privileges[j].Luid.HighPart)
|
||||||
{
|
{
|
||||||
DPRINT ("Found privilege\n");
|
DPRINT("Found privilege\n");
|
||||||
DPRINT ("Privilege attributes %lx\n",
|
DPRINT("Privilege attributes %lx\n",
|
||||||
Token->Privileges[i].Attributes);
|
Token->Privileges[i].Attributes);
|
||||||
|
|
||||||
if (Token->Privileges[i].Attributes & SE_PRIVILEGE_ENABLED)
|
if (Token->Privileges[i].Attributes & SE_PRIVILEGE_ENABLED)
|
||||||
|
@ -170,14 +170,14 @@ SepPrivilegeCheck (PTOKEN Token,
|
||||||
|
|
||||||
NTSTATUS
|
NTSTATUS
|
||||||
NTAPI
|
NTAPI
|
||||||
SeCaptureLuidAndAttributesArray (PLUID_AND_ATTRIBUTES Src,
|
SeCaptureLuidAndAttributesArray(PLUID_AND_ATTRIBUTES Src,
|
||||||
ULONG PrivilegeCount,
|
ULONG PrivilegeCount,
|
||||||
KPROCESSOR_MODE PreviousMode,
|
KPROCESSOR_MODE PreviousMode,
|
||||||
PLUID_AND_ATTRIBUTES AllocatedMem,
|
PLUID_AND_ATTRIBUTES AllocatedMem,
|
||||||
ULONG AllocatedLength,
|
ULONG AllocatedLength,
|
||||||
POOL_TYPE PoolType,
|
POOL_TYPE PoolType,
|
||||||
BOOLEAN CaptureIfKernel,
|
BOOLEAN CaptureIfKernel,
|
||||||
PLUID_AND_ATTRIBUTES* Dest,
|
PLUID_AND_ATTRIBUTES *Dest,
|
||||||
PULONG Length)
|
PULONG Length)
|
||||||
{
|
{
|
||||||
ULONG BufferSize;
|
ULONG BufferSize;
|
||||||
|
@ -236,7 +236,6 @@ SeCaptureLuidAndAttributesArray (PLUID_AND_ATTRIBUTES Src,
|
||||||
{
|
{
|
||||||
*Dest = ExAllocatePool(PoolType,
|
*Dest = ExAllocatePool(PoolType,
|
||||||
BufferSize);
|
BufferSize);
|
||||||
|
|
||||||
if (*Dest == NULL)
|
if (*Dest == NULL)
|
||||||
{
|
{
|
||||||
return STATUS_INSUFFICIENT_RESOURCES;
|
return STATUS_INSUFFICIENT_RESOURCES;
|
||||||
|
@ -266,7 +265,7 @@ SeCaptureLuidAndAttributesArray (PLUID_AND_ATTRIBUTES Src,
|
||||||
|
|
||||||
VOID
|
VOID
|
||||||
NTAPI
|
NTAPI
|
||||||
SeReleaseLuidAndAttributesArray (PLUID_AND_ATTRIBUTES Privilege,
|
SeReleaseLuidAndAttributesArray(PLUID_AND_ATTRIBUTES Privilege,
|
||||||
KPROCESSOR_MODE PreviousMode,
|
KPROCESSOR_MODE PreviousMode,
|
||||||
BOOLEAN CaptureIfKernel)
|
BOOLEAN CaptureIfKernel)
|
||||||
{
|
{
|
||||||
|
@ -307,8 +306,9 @@ SeFreePrivileges(IN PPRIVILEGE_SET Privileges)
|
||||||
/*
|
/*
|
||||||
* @implemented
|
* @implemented
|
||||||
*/
|
*/
|
||||||
BOOLEAN NTAPI
|
BOOLEAN
|
||||||
SePrivilegeCheck (PPRIVILEGE_SET Privileges,
|
NTAPI
|
||||||
|
SePrivilegeCheck(PPRIVILEGE_SET Privileges,
|
||||||
PSECURITY_SUBJECT_CONTEXT SubjectContext,
|
PSECURITY_SUBJECT_CONTEXT SubjectContext,
|
||||||
KPROCESSOR_MODE PreviousMode)
|
KPROCESSOR_MODE PreviousMode)
|
||||||
{
|
{
|
||||||
|
@ -329,7 +329,7 @@ SePrivilegeCheck (PPRIVILEGE_SET Privileges,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
return SepPrivilegeCheck (Token,
|
return SepPrivilegeCheck(Token,
|
||||||
Privileges->Privilege,
|
Privileges->Privilege,
|
||||||
Privileges->PrivilegeCount,
|
Privileges->PrivilegeCount,
|
||||||
Privileges->Control,
|
Privileges->Control,
|
||||||
|
@ -339,8 +339,9 @@ SePrivilegeCheck (PPRIVILEGE_SET Privileges,
|
||||||
/*
|
/*
|
||||||
* @implemented
|
* @implemented
|
||||||
*/
|
*/
|
||||||
BOOLEAN NTAPI
|
BOOLEAN
|
||||||
SeSinglePrivilegeCheck (IN LUID PrivilegeValue,
|
NTAPI
|
||||||
|
SeSinglePrivilegeCheck(IN LUID PrivilegeValue,
|
||||||
IN KPROCESSOR_MODE PreviousMode)
|
IN KPROCESSOR_MODE PreviousMode)
|
||||||
{
|
{
|
||||||
SECURITY_SUBJECT_CONTEXT SubjectContext;
|
SECURITY_SUBJECT_CONTEXT SubjectContext;
|
||||||
|
@ -349,35 +350,36 @@ SeSinglePrivilegeCheck (IN LUID PrivilegeValue,
|
||||||
|
|
||||||
PAGED_CODE();
|
PAGED_CODE();
|
||||||
|
|
||||||
SeCaptureSubjectContext (&SubjectContext);
|
SeCaptureSubjectContext(&SubjectContext);
|
||||||
|
|
||||||
Priv.PrivilegeCount = 1;
|
Priv.PrivilegeCount = 1;
|
||||||
Priv.Control = PRIVILEGE_SET_ALL_NECESSARY;
|
Priv.Control = PRIVILEGE_SET_ALL_NECESSARY;
|
||||||
Priv.Privilege[0].Luid = PrivilegeValue;
|
Priv.Privilege[0].Luid = PrivilegeValue;
|
||||||
Priv.Privilege[0].Attributes = SE_PRIVILEGE_ENABLED;
|
Priv.Privilege[0].Attributes = SE_PRIVILEGE_ENABLED;
|
||||||
|
|
||||||
Result = SePrivilegeCheck (&Priv,
|
Result = SePrivilegeCheck(&Priv,
|
||||||
&SubjectContext,
|
&SubjectContext,
|
||||||
PreviousMode);
|
PreviousMode);
|
||||||
|
|
||||||
if (PreviousMode != KernelMode)
|
if (PreviousMode != KernelMode)
|
||||||
{
|
{
|
||||||
#if 0
|
#if 0
|
||||||
SePrivilegedServiceAuditAlarm (0,
|
SePrivilegedServiceAuditAlarm(0,
|
||||||
&SubjectContext,
|
&SubjectContext,
|
||||||
&PrivilegeValue);
|
&PrivilegeValue);
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
|
|
||||||
SeReleaseSubjectContext (&SubjectContext);
|
SeReleaseSubjectContext(&SubjectContext);
|
||||||
|
|
||||||
return Result;
|
return Result;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* SYSTEM CALLS ***************************************************************/
|
/* SYSTEM CALLS ***************************************************************/
|
||||||
|
|
||||||
NTSTATUS NTAPI
|
NTSTATUS
|
||||||
NtPrivilegeCheck (IN HANDLE ClientToken,
|
NTAPI
|
||||||
|
NtPrivilegeCheck(IN HANDLE ClientToken,
|
||||||
IN PPRIVILEGE_SET RequiredPrivileges,
|
IN PPRIVILEGE_SET RequiredPrivileges,
|
||||||
OUT PBOOLEAN Result)
|
OUT PBOOLEAN Result)
|
||||||
{
|
{
|
||||||
|
@ -438,7 +440,7 @@ NtPrivilegeCheck (IN HANDLE ClientToken,
|
||||||
|
|
||||||
/* reference the token and make sure we're
|
/* reference the token and make sure we're
|
||||||
not doing an anonymous impersonation */
|
not doing an anonymous impersonation */
|
||||||
Status = ObReferenceObjectByHandle (ClientToken,
|
Status = ObReferenceObjectByHandle(ClientToken,
|
||||||
TOKEN_QUERY,
|
TOKEN_QUERY,
|
||||||
SepTokenObjectType,
|
SepTokenObjectType,
|
||||||
PreviousMode,
|
PreviousMode,
|
||||||
|
@ -452,12 +454,12 @@ NtPrivilegeCheck (IN HANDLE ClientToken,
|
||||||
if (Token->TokenType == TokenImpersonation &&
|
if (Token->TokenType == TokenImpersonation &&
|
||||||
Token->ImpersonationLevel < SecurityIdentification)
|
Token->ImpersonationLevel < SecurityIdentification)
|
||||||
{
|
{
|
||||||
ObDereferenceObject (Token);
|
ObDereferenceObject(Token);
|
||||||
return STATUS_BAD_IMPERSONATION_LEVEL;
|
return STATUS_BAD_IMPERSONATION_LEVEL;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* capture the privileges */
|
/* capture the privileges */
|
||||||
Status = SeCaptureLuidAndAttributesArray (RequiredPrivileges->Privilege,
|
Status = SeCaptureLuidAndAttributesArray(RequiredPrivileges->Privilege,
|
||||||
PrivilegeCount,
|
PrivilegeCount,
|
||||||
PreviousMode,
|
PreviousMode,
|
||||||
NULL,
|
NULL,
|
||||||
|
@ -472,13 +474,13 @@ NtPrivilegeCheck (IN HANDLE ClientToken,
|
||||||
return Status;
|
return Status;
|
||||||
}
|
}
|
||||||
|
|
||||||
CheckResult = SepPrivilegeCheck (Token,
|
CheckResult = SepPrivilegeCheck(Token,
|
||||||
Privileges,
|
Privileges,
|
||||||
PrivilegeCount,
|
PrivilegeCount,
|
||||||
PrivilegeControl,
|
PrivilegeControl,
|
||||||
PreviousMode);
|
PreviousMode);
|
||||||
|
|
||||||
ObDereferenceObject (Token);
|
ObDereferenceObject(Token);
|
||||||
|
|
||||||
/* return the array */
|
/* return the array */
|
||||||
_SEH2_TRY
|
_SEH2_TRY
|
||||||
|
@ -495,12 +497,11 @@ NtPrivilegeCheck (IN HANDLE ClientToken,
|
||||||
}
|
}
|
||||||
_SEH2_END;
|
_SEH2_END;
|
||||||
|
|
||||||
SeReleaseLuidAndAttributesArray (Privileges,
|
SeReleaseLuidAndAttributesArray(Privileges,
|
||||||
PreviousMode,
|
PreviousMode,
|
||||||
TRUE);
|
TRUE);
|
||||||
|
|
||||||
return Status;
|
return Status;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
/* EOF */
|
/* EOF */
|
||||||
|
|
|
@ -227,9 +227,9 @@ SepCaptureSecurityQualityOfService(IN POBJECT_ATTRIBUTES ObjectAttributes OPTIO
|
||||||
ASSERT(CapturedSecurityQualityOfService);
|
ASSERT(CapturedSecurityQualityOfService);
|
||||||
ASSERT(Present);
|
ASSERT(Present);
|
||||||
|
|
||||||
if(ObjectAttributes != NULL)
|
if (ObjectAttributes != NULL)
|
||||||
{
|
{
|
||||||
if(AccessMode != KernelMode)
|
if (AccessMode != KernelMode)
|
||||||
{
|
{
|
||||||
SECURITY_QUALITY_OF_SERVICE SafeQos;
|
SECURITY_QUALITY_OF_SERVICE SafeQos;
|
||||||
|
|
||||||
|
@ -238,15 +238,15 @@ SepCaptureSecurityQualityOfService(IN POBJECT_ATTRIBUTES ObjectAttributes OPTIO
|
||||||
ProbeForRead(ObjectAttributes,
|
ProbeForRead(ObjectAttributes,
|
||||||
sizeof(OBJECT_ATTRIBUTES),
|
sizeof(OBJECT_ATTRIBUTES),
|
||||||
sizeof(ULONG));
|
sizeof(ULONG));
|
||||||
if(ObjectAttributes->Length == sizeof(OBJECT_ATTRIBUTES))
|
if (ObjectAttributes->Length == sizeof(OBJECT_ATTRIBUTES))
|
||||||
{
|
{
|
||||||
if(ObjectAttributes->SecurityQualityOfService != NULL)
|
if (ObjectAttributes->SecurityQualityOfService != NULL)
|
||||||
{
|
{
|
||||||
ProbeForRead(ObjectAttributes->SecurityQualityOfService,
|
ProbeForRead(ObjectAttributes->SecurityQualityOfService,
|
||||||
sizeof(SECURITY_QUALITY_OF_SERVICE),
|
sizeof(SECURITY_QUALITY_OF_SERVICE),
|
||||||
sizeof(ULONG));
|
sizeof(ULONG));
|
||||||
|
|
||||||
if(((PSECURITY_QUALITY_OF_SERVICE)ObjectAttributes->SecurityQualityOfService)->Length ==
|
if (((PSECURITY_QUALITY_OF_SERVICE)ObjectAttributes->SecurityQualityOfService)->Length ==
|
||||||
sizeof(SECURITY_QUALITY_OF_SERVICE))
|
sizeof(SECURITY_QUALITY_OF_SERVICE))
|
||||||
{
|
{
|
||||||
/* don't allocate memory here because ExAllocate should bugcheck
|
/* don't allocate memory here because ExAllocate should bugcheck
|
||||||
|
@ -279,13 +279,13 @@ SepCaptureSecurityQualityOfService(IN POBJECT_ATTRIBUTES ObjectAttributes OPTIO
|
||||||
}
|
}
|
||||||
_SEH2_END;
|
_SEH2_END;
|
||||||
|
|
||||||
if(NT_SUCCESS(Status))
|
if (NT_SUCCESS(Status))
|
||||||
{
|
{
|
||||||
if(*Present)
|
if (*Present)
|
||||||
{
|
{
|
||||||
CapturedQos = ExAllocatePool(PoolType,
|
CapturedQos = ExAllocatePool(PoolType,
|
||||||
sizeof(SECURITY_QUALITY_OF_SERVICE));
|
sizeof(SECURITY_QUALITY_OF_SERVICE));
|
||||||
if(CapturedQos != NULL)
|
if (CapturedQos != NULL)
|
||||||
{
|
{
|
||||||
RtlCopyMemory(CapturedQos,
|
RtlCopyMemory(CapturedQos,
|
||||||
&SafeQos,
|
&SafeQos,
|
||||||
|
@ -305,18 +305,18 @@ SepCaptureSecurityQualityOfService(IN POBJECT_ATTRIBUTES ObjectAttributes OPTIO
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
if(ObjectAttributes->Length == sizeof(OBJECT_ATTRIBUTES))
|
if (ObjectAttributes->Length == sizeof(OBJECT_ATTRIBUTES))
|
||||||
{
|
{
|
||||||
if(CaptureIfKernel)
|
if (CaptureIfKernel)
|
||||||
{
|
{
|
||||||
if(ObjectAttributes->SecurityQualityOfService != NULL)
|
if (ObjectAttributes->SecurityQualityOfService != NULL)
|
||||||
{
|
{
|
||||||
if(((PSECURITY_QUALITY_OF_SERVICE)ObjectAttributes->SecurityQualityOfService)->Length ==
|
if (((PSECURITY_QUALITY_OF_SERVICE)ObjectAttributes->SecurityQualityOfService)->Length ==
|
||||||
sizeof(SECURITY_QUALITY_OF_SERVICE))
|
sizeof(SECURITY_QUALITY_OF_SERVICE))
|
||||||
{
|
{
|
||||||
CapturedQos = ExAllocatePool(PoolType,
|
CapturedQos = ExAllocatePool(PoolType,
|
||||||
sizeof(SECURITY_QUALITY_OF_SERVICE));
|
sizeof(SECURITY_QUALITY_OF_SERVICE));
|
||||||
if(CapturedQos != NULL)
|
if (CapturedQos != NULL)
|
||||||
{
|
{
|
||||||
RtlCopyMemory(CapturedQos,
|
RtlCopyMemory(CapturedQos,
|
||||||
ObjectAttributes->SecurityQualityOfService,
|
ObjectAttributes->SecurityQualityOfService,
|
||||||
|
@ -370,7 +370,7 @@ SepReleaseSecurityQualityOfService(IN PSECURITY_QUALITY_OF_SERVICE CapturedSecur
|
||||||
{
|
{
|
||||||
PAGED_CODE();
|
PAGED_CODE();
|
||||||
|
|
||||||
if(CapturedSecurityQualityOfService != NULL &&
|
if (CapturedSecurityQualityOfService != NULL &&
|
||||||
(AccessMode != KernelMode || CaptureIfKernel))
|
(AccessMode != KernelMode || CaptureIfKernel))
|
||||||
{
|
{
|
||||||
ExFreePool(CapturedSecurityQualityOfService);
|
ExFreePool(CapturedSecurityQualityOfService);
|
||||||
|
@ -399,9 +399,9 @@ SeCaptureSecurityDescriptor(IN PSECURITY_DESCRIPTOR _OriginalSecurityDescriptor,
|
||||||
ULONG DescriptorSize = 0;
|
ULONG DescriptorSize = 0;
|
||||||
NTSTATUS Status;
|
NTSTATUS Status;
|
||||||
|
|
||||||
if(OriginalSecurityDescriptor != NULL)
|
if (OriginalSecurityDescriptor != NULL)
|
||||||
{
|
{
|
||||||
if(CurrentMode != KernelMode)
|
if (CurrentMode != KernelMode)
|
||||||
{
|
{
|
||||||
RtlZeroMemory(&DescriptorCopy, sizeof(DescriptorCopy));
|
RtlZeroMemory(&DescriptorCopy, sizeof(DescriptorCopy));
|
||||||
|
|
||||||
|
@ -415,7 +415,7 @@ SeCaptureSecurityDescriptor(IN PSECURITY_DESCRIPTOR _OriginalSecurityDescriptor,
|
||||||
DescriptorSize,
|
DescriptorSize,
|
||||||
sizeof(ULONG));
|
sizeof(ULONG));
|
||||||
|
|
||||||
if(OriginalSecurityDescriptor->Revision != SECURITY_DESCRIPTOR_REVISION1)
|
if (OriginalSecurityDescriptor->Revision != SECURITY_DESCRIPTOR_REVISION1)
|
||||||
{
|
{
|
||||||
_SEH2_YIELD(return STATUS_UNKNOWN_REVISION);
|
_SEH2_YIELD(return STATUS_UNKNOWN_REVISION);
|
||||||
}
|
}
|
||||||
|
@ -432,7 +432,7 @@ SeCaptureSecurityDescriptor(IN PSECURITY_DESCRIPTOR _OriginalSecurityDescriptor,
|
||||||
ProbeForRead(OriginalSecurityDescriptor,
|
ProbeForRead(OriginalSecurityDescriptor,
|
||||||
DescriptorSize,
|
DescriptorSize,
|
||||||
sizeof(ULONG));
|
sizeof(ULONG));
|
||||||
if(DescriptorCopy.Control & SE_SELF_RELATIVE)
|
if (DescriptorCopy.Control & SE_SELF_RELATIVE)
|
||||||
{
|
{
|
||||||
PISECURITY_DESCRIPTOR_RELATIVE RelSD = (PISECURITY_DESCRIPTOR_RELATIVE)OriginalSecurityDescriptor;
|
PISECURITY_DESCRIPTOR_RELATIVE RelSD = (PISECURITY_DESCRIPTOR_RELATIVE)OriginalSecurityDescriptor;
|
||||||
|
|
||||||
|
@ -456,9 +456,9 @@ SeCaptureSecurityDescriptor(IN PSECURITY_DESCRIPTOR _OriginalSecurityDescriptor,
|
||||||
}
|
}
|
||||||
_SEH2_END;
|
_SEH2_END;
|
||||||
}
|
}
|
||||||
else if(!CaptureIfKernel)
|
else if (!CaptureIfKernel)
|
||||||
{
|
{
|
||||||
if(OriginalSecurityDescriptor->Revision != SECURITY_DESCRIPTOR_REVISION1)
|
if (OriginalSecurityDescriptor->Revision != SECURITY_DESCRIPTOR_REVISION1)
|
||||||
{
|
{
|
||||||
return STATUS_UNKNOWN_REVISION;
|
return STATUS_UNKNOWN_REVISION;
|
||||||
}
|
}
|
||||||
|
@ -479,7 +479,7 @@ SeCaptureSecurityDescriptor(IN PSECURITY_DESCRIPTOR _OriginalSecurityDescriptor,
|
||||||
DescriptorCopy.Control = OriginalSecurityDescriptor->Control;
|
DescriptorCopy.Control = OriginalSecurityDescriptor->Control;
|
||||||
DescriptorSize = ((DescriptorCopy.Control & SE_SELF_RELATIVE) ?
|
DescriptorSize = ((DescriptorCopy.Control & SE_SELF_RELATIVE) ?
|
||||||
sizeof(SECURITY_DESCRIPTOR_RELATIVE) : sizeof(SECURITY_DESCRIPTOR));
|
sizeof(SECURITY_DESCRIPTOR_RELATIVE) : sizeof(SECURITY_DESCRIPTOR));
|
||||||
if(DescriptorCopy.Control & SE_SELF_RELATIVE)
|
if (DescriptorCopy.Control & SE_SELF_RELATIVE)
|
||||||
{
|
{
|
||||||
PISECURITY_DESCRIPTOR_RELATIVE RelSD = (PISECURITY_DESCRIPTOR_RELATIVE)OriginalSecurityDescriptor;
|
PISECURITY_DESCRIPTOR_RELATIVE RelSD = (PISECURITY_DESCRIPTOR_RELATIVE)OriginalSecurityDescriptor;
|
||||||
|
|
||||||
|
@ -497,25 +497,25 @@ SeCaptureSecurityDescriptor(IN PSECURITY_DESCRIPTOR _OriginalSecurityDescriptor,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if(DescriptorCopy.Control & SE_SELF_RELATIVE)
|
if (DescriptorCopy.Control & SE_SELF_RELATIVE)
|
||||||
{
|
{
|
||||||
/* in case we're dealing with a self-relative descriptor, do a basic convert
|
/* in case we're dealing with a self-relative descriptor, do a basic convert
|
||||||
to an absolute descriptor. We do this so we can simply access the data
|
to an absolute descriptor. We do this so we can simply access the data
|
||||||
using the pointers without calculating them again. */
|
using the pointers without calculating them again. */
|
||||||
DescriptorCopy.Control &= ~SE_SELF_RELATIVE;
|
DescriptorCopy.Control &= ~SE_SELF_RELATIVE;
|
||||||
if(DescriptorCopy.Owner != NULL)
|
if (DescriptorCopy.Owner != NULL)
|
||||||
{
|
{
|
||||||
DescriptorCopy.Owner = (PSID)((ULONG_PTR)OriginalSecurityDescriptor + (ULONG_PTR)DescriptorCopy.Owner);
|
DescriptorCopy.Owner = (PSID)((ULONG_PTR)OriginalSecurityDescriptor + (ULONG_PTR)DescriptorCopy.Owner);
|
||||||
}
|
}
|
||||||
if(DescriptorCopy.Group != NULL)
|
if (DescriptorCopy.Group != NULL)
|
||||||
{
|
{
|
||||||
DescriptorCopy.Group = (PSID)((ULONG_PTR)OriginalSecurityDescriptor + (ULONG_PTR)DescriptorCopy.Group);
|
DescriptorCopy.Group = (PSID)((ULONG_PTR)OriginalSecurityDescriptor + (ULONG_PTR)DescriptorCopy.Group);
|
||||||
}
|
}
|
||||||
if(DescriptorCopy.Dacl != NULL)
|
if (DescriptorCopy.Dacl != NULL)
|
||||||
{
|
{
|
||||||
DescriptorCopy.Dacl = (PACL)((ULONG_PTR)OriginalSecurityDescriptor + (ULONG_PTR)DescriptorCopy.Dacl);
|
DescriptorCopy.Dacl = (PACL)((ULONG_PTR)OriginalSecurityDescriptor + (ULONG_PTR)DescriptorCopy.Dacl);
|
||||||
}
|
}
|
||||||
if(DescriptorCopy.Sacl != NULL)
|
if (DescriptorCopy.Sacl != NULL)
|
||||||
{
|
{
|
||||||
DescriptorCopy.Sacl = (PACL)((ULONG_PTR)OriginalSecurityDescriptor + (ULONG_PTR)DescriptorCopy.Sacl);
|
DescriptorCopy.Sacl = (PACL)((ULONG_PTR)OriginalSecurityDescriptor + (ULONG_PTR)DescriptorCopy.Sacl);
|
||||||
}
|
}
|
||||||
|
@ -683,7 +683,6 @@ Offset += ROUND_UP(Type##Size, sizeof(ULONG)); \
|
||||||
to the caller */
|
to the caller */
|
||||||
*CapturedSecurityDescriptor = NewDescriptor;
|
*CapturedSecurityDescriptor = NewDescriptor;
|
||||||
return STATUS_SUCCESS;
|
return STATUS_SUCCESS;
|
||||||
|
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
|
@ -899,13 +898,14 @@ SeSetSecurityDescriptorInfo(IN PVOID Object OPTIONAL,
|
||||||
{
|
{
|
||||||
if (SecurityDescriptor->Owner != NULL)
|
if (SecurityDescriptor->Owner != NULL)
|
||||||
{
|
{
|
||||||
if( SecurityDescriptor->Control & SE_SELF_RELATIVE )
|
if (SecurityDescriptor->Control & SE_SELF_RELATIVE)
|
||||||
Owner = (PSID)((ULONG_PTR)SecurityDescriptor->Owner +
|
Owner = (PSID)((ULONG_PTR)SecurityDescriptor->Owner +
|
||||||
(ULONG_PTR)SecurityDescriptor);
|
(ULONG_PTR)SecurityDescriptor);
|
||||||
else
|
else
|
||||||
Owner = (PSID)SecurityDescriptor->Owner;
|
Owner = (PSID)SecurityDescriptor->Owner;
|
||||||
OwnerLength = ROUND_UP(RtlLengthSid(Owner), 4);
|
OwnerLength = ROUND_UP(RtlLengthSid(Owner), 4);
|
||||||
}
|
}
|
||||||
|
|
||||||
Control |= (SecurityDescriptor->Control & SE_OWNER_DEFAULTED);
|
Control |= (SecurityDescriptor->Control & SE_OWNER_DEFAULTED);
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
|
@ -915,6 +915,7 @@ SeSetSecurityDescriptorInfo(IN PVOID Object OPTIONAL,
|
||||||
Owner = (PSID)((ULONG_PTR)ObjectSd->Owner + (ULONG_PTR)ObjectSd);
|
Owner = (PSID)((ULONG_PTR)ObjectSd->Owner + (ULONG_PTR)ObjectSd);
|
||||||
OwnerLength = ROUND_UP(RtlLengthSid(Owner), 4);
|
OwnerLength = ROUND_UP(RtlLengthSid(Owner), 4);
|
||||||
}
|
}
|
||||||
|
|
||||||
Control |= (ObjectSd->Control & SE_OWNER_DEFAULTED);
|
Control |= (ObjectSd->Control & SE_OWNER_DEFAULTED);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -930,6 +931,7 @@ SeSetSecurityDescriptorInfo(IN PVOID Object OPTIONAL,
|
||||||
Group = (PSID)SecurityDescriptor->Group;
|
Group = (PSID)SecurityDescriptor->Group;
|
||||||
GroupLength = ROUND_UP(RtlLengthSid(Group), 4);
|
GroupLength = ROUND_UP(RtlLengthSid(Group), 4);
|
||||||
}
|
}
|
||||||
|
|
||||||
Control |= (SecurityDescriptor->Control & SE_GROUP_DEFAULTED);
|
Control |= (SecurityDescriptor->Control & SE_GROUP_DEFAULTED);
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
|
@ -939,6 +941,7 @@ SeSetSecurityDescriptorInfo(IN PVOID Object OPTIONAL,
|
||||||
Group = (PSID)((ULONG_PTR)ObjectSd->Group + (ULONG_PTR)ObjectSd);
|
Group = (PSID)((ULONG_PTR)ObjectSd->Group + (ULONG_PTR)ObjectSd);
|
||||||
GroupLength = ROUND_UP(RtlLengthSid(Group), 4);
|
GroupLength = ROUND_UP(RtlLengthSid(Group), 4);
|
||||||
}
|
}
|
||||||
|
|
||||||
Control |= (ObjectSd->Control & SE_GROUP_DEFAULTED);
|
Control |= (ObjectSd->Control & SE_GROUP_DEFAULTED);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -956,6 +959,7 @@ SeSetSecurityDescriptorInfo(IN PVOID Object OPTIONAL,
|
||||||
|
|
||||||
DaclLength = ROUND_UP((ULONG)Dacl->AclSize, 4);
|
DaclLength = ROUND_UP((ULONG)Dacl->AclSize, 4);
|
||||||
}
|
}
|
||||||
|
|
||||||
Control |= (SecurityDescriptor->Control & (SE_DACL_DEFAULTED | SE_DACL_PRESENT));
|
Control |= (SecurityDescriptor->Control & (SE_DACL_DEFAULTED | SE_DACL_PRESENT));
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
|
@ -966,6 +970,7 @@ SeSetSecurityDescriptorInfo(IN PVOID Object OPTIONAL,
|
||||||
Dacl = (PACL)((ULONG_PTR)ObjectSd->Dacl + (ULONG_PTR)ObjectSd);
|
Dacl = (PACL)((ULONG_PTR)ObjectSd->Dacl + (ULONG_PTR)ObjectSd);
|
||||||
DaclLength = ROUND_UP((ULONG)Dacl->AclSize, 4);
|
DaclLength = ROUND_UP((ULONG)Dacl->AclSize, 4);
|
||||||
}
|
}
|
||||||
|
|
||||||
Control |= (ObjectSd->Control & (SE_DACL_DEFAULTED | SE_DACL_PRESENT));
|
Control |= (ObjectSd->Control & (SE_DACL_DEFAULTED | SE_DACL_PRESENT));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -982,6 +987,7 @@ SeSetSecurityDescriptorInfo(IN PVOID Object OPTIONAL,
|
||||||
Sacl = (PACL)SecurityDescriptor->Sacl;
|
Sacl = (PACL)SecurityDescriptor->Sacl;
|
||||||
SaclLength = ROUND_UP((ULONG)Sacl->AclSize, 4);
|
SaclLength = ROUND_UP((ULONG)Sacl->AclSize, 4);
|
||||||
}
|
}
|
||||||
|
|
||||||
Control |= (SecurityDescriptor->Control & (SE_SACL_DEFAULTED | SE_SACL_PRESENT));
|
Control |= (SecurityDescriptor->Control & (SE_SACL_DEFAULTED | SE_SACL_PRESENT));
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
|
@ -992,6 +998,7 @@ SeSetSecurityDescriptorInfo(IN PVOID Object OPTIONAL,
|
||||||
Sacl = (PACL)((ULONG_PTR)ObjectSd->Sacl + (ULONG_PTR)ObjectSd);
|
Sacl = (PACL)((ULONG_PTR)ObjectSd->Sacl + (ULONG_PTR)ObjectSd);
|
||||||
SaclLength = ROUND_UP((ULONG)Sacl->AclSize, 4);
|
SaclLength = ROUND_UP((ULONG)Sacl->AclSize, 4);
|
||||||
}
|
}
|
||||||
|
|
||||||
Control |= (ObjectSd->Control & (SE_SACL_DEFAULTED | SE_SACL_PRESENT));
|
Control |= (ObjectSd->Control & (SE_SACL_DEFAULTED | SE_SACL_PRESENT));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1006,6 +1013,7 @@ SeSetSecurityDescriptorInfo(IN PVOID Object OPTIONAL,
|
||||||
|
|
||||||
RtlCreateSecurityDescriptor(NewSd,
|
RtlCreateSecurityDescriptor(NewSd,
|
||||||
SECURITY_DESCRIPTOR_REVISION1);
|
SECURITY_DESCRIPTOR_REVISION1);
|
||||||
|
|
||||||
/* We always build a self-relative descriptor */
|
/* We always build a self-relative descriptor */
|
||||||
NewSd->Control = (USHORT)Control | SE_SELF_RELATIVE;
|
NewSd->Control = (USHORT)Control | SE_SELF_RELATIVE;
|
||||||
|
|
||||||
|
@ -1288,7 +1296,6 @@ SeAssignSecurity(PSECURITY_DESCRIPTOR _ParentDescriptor OPTIONAL,
|
||||||
Token = SubjectContext->PrimaryToken;
|
Token = SubjectContext->PrimaryToken;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
/* Inherit the Owner SID */
|
/* Inherit the Owner SID */
|
||||||
if (ExplicitDescriptor != NULL && ExplicitDescriptor->Owner != NULL)
|
if (ExplicitDescriptor != NULL && ExplicitDescriptor->Owner != NULL)
|
||||||
{
|
{
|
||||||
|
@ -1298,7 +1305,6 @@ SeAssignSecurity(PSECURITY_DESCRIPTOR _ParentDescriptor OPTIONAL,
|
||||||
if (ExplicitDescriptor->Control & SE_SELF_RELATIVE)
|
if (ExplicitDescriptor->Control & SE_SELF_RELATIVE)
|
||||||
{
|
{
|
||||||
Owner = (PSID)(((ULONG_PTR)Owner) + (ULONG_PTR)ExplicitDescriptor);
|
Owner = (PSID)(((ULONG_PTR)Owner) + (ULONG_PTR)ExplicitDescriptor);
|
||||||
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
|
@ -1319,7 +1325,6 @@ SeAssignSecurity(PSECURITY_DESCRIPTOR _ParentDescriptor OPTIONAL,
|
||||||
|
|
||||||
OwnerLength = ROUND_UP(RtlLengthSid(Owner), 4);
|
OwnerLength = ROUND_UP(RtlLengthSid(Owner), 4);
|
||||||
|
|
||||||
|
|
||||||
/* Inherit the Group SID */
|
/* Inherit the Group SID */
|
||||||
if (ExplicitDescriptor != NULL && ExplicitDescriptor->Group != NULL)
|
if (ExplicitDescriptor != NULL && ExplicitDescriptor->Group != NULL)
|
||||||
{
|
{
|
||||||
|
@ -1348,7 +1353,6 @@ SeAssignSecurity(PSECURITY_DESCRIPTOR _ParentDescriptor OPTIONAL,
|
||||||
|
|
||||||
GroupLength = ROUND_UP(RtlLengthSid(Group), 4);
|
GroupLength = ROUND_UP(RtlLengthSid(Group), 4);
|
||||||
|
|
||||||
|
|
||||||
/* Inherit the DACL */
|
/* Inherit the DACL */
|
||||||
if (ExplicitDescriptor != NULL &&
|
if (ExplicitDescriptor != NULL &&
|
||||||
(ExplicitDescriptor->Control & SE_DACL_PRESENT) &&
|
(ExplicitDescriptor->Control & SE_DACL_PRESENT) &&
|
||||||
|
@ -1373,6 +1377,7 @@ SeAssignSecurity(PSECURITY_DESCRIPTOR _ParentDescriptor OPTIONAL,
|
||||||
{
|
{
|
||||||
Dacl = (PACL)(((ULONG_PTR)Dacl) + (ULONG_PTR)ParentDescriptor);
|
Dacl = (PACL)(((ULONG_PTR)Dacl) + (ULONG_PTR)ParentDescriptor);
|
||||||
}
|
}
|
||||||
|
|
||||||
Control |= (SE_DACL_PRESENT | SE_DACL_DEFAULTED);
|
Control |= (SE_DACL_PRESENT | SE_DACL_DEFAULTED);
|
||||||
}
|
}
|
||||||
else if (Token != NULL && Token->DefaultDacl != NULL)
|
else if (Token != NULL && Token->DefaultDacl != NULL)
|
||||||
|
@ -1391,7 +1396,6 @@ SeAssignSecurity(PSECURITY_DESCRIPTOR _ParentDescriptor OPTIONAL,
|
||||||
|
|
||||||
DaclLength = (Dacl != NULL) ? ROUND_UP(Dacl->AclSize, 4) : 0;
|
DaclLength = (Dacl != NULL) ? ROUND_UP(Dacl->AclSize, 4) : 0;
|
||||||
|
|
||||||
|
|
||||||
/* Inherit the SACL */
|
/* Inherit the SACL */
|
||||||
if (ExplicitDescriptor != NULL &&
|
if (ExplicitDescriptor != NULL &&
|
||||||
(ExplicitDescriptor->Control & SE_SACL_PRESENT) &&
|
(ExplicitDescriptor->Control & SE_SACL_PRESENT) &&
|
||||||
|
@ -1416,12 +1420,12 @@ SeAssignSecurity(PSECURITY_DESCRIPTOR _ParentDescriptor OPTIONAL,
|
||||||
{
|
{
|
||||||
Sacl = (PACL)(((ULONG_PTR)Sacl) + (ULONG_PTR)ParentDescriptor);
|
Sacl = (PACL)(((ULONG_PTR)Sacl) + (ULONG_PTR)ParentDescriptor);
|
||||||
}
|
}
|
||||||
|
|
||||||
Control |= (SE_SACL_PRESENT | SE_SACL_DEFAULTED);
|
Control |= (SE_SACL_PRESENT | SE_SACL_DEFAULTED);
|
||||||
}
|
}
|
||||||
|
|
||||||
SaclLength = (Sacl != NULL) ? ROUND_UP(Sacl->AclSize, 4) : 0;
|
SaclLength = (Sacl != NULL) ? ROUND_UP(Sacl->AclSize, 4) : 0;
|
||||||
|
|
||||||
|
|
||||||
/* Allocate and initialize the new security descriptor */
|
/* Allocate and initialize the new security descriptor */
|
||||||
Length = sizeof(SECURITY_DESCRIPTOR) +
|
Length = sizeof(SECURITY_DESCRIPTOR) +
|
||||||
OwnerLength + GroupLength + DaclLength + SaclLength;
|
OwnerLength + GroupLength + DaclLength + SaclLength;
|
||||||
|
@ -1479,7 +1483,9 @@ SeAssignSecurity(PSECURITY_DESCRIPTOR _ParentDescriptor OPTIONAL,
|
||||||
DPRINT("Owner of %x at %x\n", Descriptor, Descriptor->Owner);
|
DPRINT("Owner of %x at %x\n", Descriptor, Descriptor->Owner);
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
|
{
|
||||||
DPRINT("Owner of %x is zero length\n", Descriptor);
|
DPRINT("Owner of %x is zero length\n", Descriptor);
|
||||||
|
}
|
||||||
|
|
||||||
if (GroupLength != 0)
|
if (GroupLength != 0)
|
||||||
{
|
{
|
||||||
|
|
|
@ -17,13 +17,15 @@
|
||||||
|
|
||||||
PSE_EXPORTS SeExports = NULL;
|
PSE_EXPORTS SeExports = NULL;
|
||||||
SE_EXPORTS SepExports;
|
SE_EXPORTS SepExports;
|
||||||
|
ULONG SidInTokenCalls = 0;
|
||||||
|
|
||||||
extern ULONG ExpInitializationPhase;
|
extern ULONG ExpInitializationPhase;
|
||||||
extern ERESOURCE SepSubjectContextLock;
|
extern ERESOURCE SepSubjectContextLock;
|
||||||
|
|
||||||
/* PRIVATE FUNCTIONS **********************************************************/
|
/* PRIVATE FUNCTIONS **********************************************************/
|
||||||
|
|
||||||
static BOOLEAN INIT_FUNCTION
|
static BOOLEAN
|
||||||
|
INIT_FUNCTION
|
||||||
SepInitExports(VOID)
|
SepInitExports(VOID)
|
||||||
{
|
{
|
||||||
SepExports.SeCreateTokenPrivilege = SeCreateTokenPrivilege;
|
SepExports.SeCreateTokenPrivilege = SeCreateTokenPrivilege;
|
||||||
|
@ -118,6 +120,7 @@ NTAPI
|
||||||
SepInitializationPhase1(VOID)
|
SepInitializationPhase1(VOID)
|
||||||
{
|
{
|
||||||
NTSTATUS Status;
|
NTSTATUS Status;
|
||||||
|
|
||||||
PAGED_CODE();
|
PAGED_CODE();
|
||||||
|
|
||||||
/* Insert the system token into the tree */
|
/* Insert the system token into the tree */
|
||||||
|
@ -279,8 +282,6 @@ SeDefaultObjectMethod(IN PVOID Object,
|
||||||
return STATUS_SUCCESS;
|
return STATUS_SUCCESS;
|
||||||
}
|
}
|
||||||
|
|
||||||
ULONG SidInTokenCalls = 0;
|
|
||||||
|
|
||||||
static BOOLEAN
|
static BOOLEAN
|
||||||
SepSidInToken(PACCESS_TOKEN _Token,
|
SepSidInToken(PACCESS_TOKEN _Token,
|
||||||
PSID Sid)
|
PSID Sid)
|
||||||
|
@ -340,7 +341,8 @@ SepTokenIsOwner(PACCESS_TOKEN Token,
|
||||||
return SepSidInToken(Token, Sid);
|
return SepSidInToken(Token, Sid);
|
||||||
}
|
}
|
||||||
|
|
||||||
VOID NTAPI
|
VOID
|
||||||
|
NTAPI
|
||||||
SeQuerySecurityAccessMask(IN SECURITY_INFORMATION SecurityInformation,
|
SeQuerySecurityAccessMask(IN SECURITY_INFORMATION SecurityInformation,
|
||||||
OUT PACCESS_MASK DesiredAccess)
|
OUT PACCESS_MASK DesiredAccess)
|
||||||
{
|
{
|
||||||
|
@ -351,13 +353,15 @@ SeQuerySecurityAccessMask(IN SECURITY_INFORMATION SecurityInformation,
|
||||||
{
|
{
|
||||||
*DesiredAccess |= READ_CONTROL;
|
*DesiredAccess |= READ_CONTROL;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (SecurityInformation & SACL_SECURITY_INFORMATION)
|
if (SecurityInformation & SACL_SECURITY_INFORMATION)
|
||||||
{
|
{
|
||||||
*DesiredAccess |= ACCESS_SYSTEM_SECURITY;
|
*DesiredAccess |= ACCESS_SYSTEM_SECURITY;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
VOID NTAPI
|
VOID
|
||||||
|
NTAPI
|
||||||
SeSetSecurityAccessMask(IN SECURITY_INFORMATION SecurityInformation,
|
SeSetSecurityAccessMask(IN SECURITY_INFORMATION SecurityInformation,
|
||||||
OUT PACCESS_MASK DesiredAccess)
|
OUT PACCESS_MASK DesiredAccess)
|
||||||
{
|
{
|
||||||
|
@ -367,10 +371,12 @@ SeSetSecurityAccessMask(IN SECURITY_INFORMATION SecurityInformation,
|
||||||
{
|
{
|
||||||
*DesiredAccess |= WRITE_OWNER;
|
*DesiredAccess |= WRITE_OWNER;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (SecurityInformation & DACL_SECURITY_INFORMATION)
|
if (SecurityInformation & DACL_SECURITY_INFORMATION)
|
||||||
{
|
{
|
||||||
*DesiredAccess |= WRITE_DAC;
|
*DesiredAccess |= WRITE_DAC;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (SecurityInformation & SACL_SECURITY_INFORMATION)
|
if (SecurityInformation & SACL_SECURITY_INFORMATION)
|
||||||
{
|
{
|
||||||
*DesiredAccess |= ACCESS_SYSTEM_SECURITY;
|
*DesiredAccess |= ACCESS_SYSTEM_SECURITY;
|
||||||
|
@ -763,7 +769,8 @@ SepGetSDGroup(IN PSECURITY_DESCRIPTOR _SecurityDescriptor)
|
||||||
/*
|
/*
|
||||||
* @implemented
|
* @implemented
|
||||||
*/
|
*/
|
||||||
BOOLEAN NTAPI
|
BOOLEAN
|
||||||
|
NTAPI
|
||||||
SeAccessCheck(IN PSECURITY_DESCRIPTOR SecurityDescriptor,
|
SeAccessCheck(IN PSECURITY_DESCRIPTOR SecurityDescriptor,
|
||||||
IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext,
|
IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext,
|
||||||
IN BOOLEAN SubjectContextLocked,
|
IN BOOLEAN SubjectContextLocked,
|
||||||
|
|
|
@ -150,7 +150,7 @@ SepInitSecurityIDs(VOID)
|
||||||
SeAnonymousLogonSid == NULL)
|
SeAnonymousLogonSid == NULL)
|
||||||
{
|
{
|
||||||
FreeInitializedSids();
|
FreeInitializedSids();
|
||||||
return(FALSE);
|
return FALSE;
|
||||||
}
|
}
|
||||||
|
|
||||||
RtlInitializeSid(SeNullSid, &SeNullSidAuthority, 1);
|
RtlInitializeSid(SeNullSid, &SeNullSidAuthority, 1);
|
||||||
|
@ -253,7 +253,7 @@ SepInitSecurityIDs(VOID)
|
||||||
SubAuthority = RtlSubAuthoritySid(SeAnonymousLogonSid, 0);
|
SubAuthority = RtlSubAuthoritySid(SeAnonymousLogonSid, 0);
|
||||||
*SubAuthority = SECURITY_ANONYMOUS_LOGON_RID;
|
*SubAuthority = SECURITY_ANONYMOUS_LOGON_RID;
|
||||||
|
|
||||||
return(TRUE);
|
return TRUE;
|
||||||
}
|
}
|
||||||
|
|
||||||
NTSTATUS
|
NTSTATUS
|
||||||
|
@ -293,7 +293,7 @@ SepCaptureSid(IN PSID InputSid,
|
||||||
/* allocate a SID and copy it */
|
/* allocate a SID and copy it */
|
||||||
NewSid = ExAllocatePool(PoolType,
|
NewSid = ExAllocatePool(PoolType,
|
||||||
SidSize);
|
SidSize);
|
||||||
if(NewSid != NULL)
|
if (NewSid != NULL)
|
||||||
{
|
{
|
||||||
_SEH2_TRY
|
_SEH2_TRY
|
||||||
{
|
{
|
||||||
|
@ -316,7 +316,7 @@ SepCaptureSid(IN PSID InputSid,
|
||||||
Status = STATUS_INSUFFICIENT_RESOURCES;
|
Status = STATUS_INSUFFICIENT_RESOURCES;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
else if(!CaptureIfKernel)
|
else if (!CaptureIfKernel)
|
||||||
{
|
{
|
||||||
*CapturedSid = InputSid;
|
*CapturedSid = InputSid;
|
||||||
return STATUS_SUCCESS;
|
return STATUS_SUCCESS;
|
||||||
|
@ -328,7 +328,7 @@ SepCaptureSid(IN PSID InputSid,
|
||||||
/* allocate a SID and copy it */
|
/* allocate a SID and copy it */
|
||||||
NewSid = ExAllocatePool(PoolType,
|
NewSid = ExAllocatePool(PoolType,
|
||||||
SidSize);
|
SidSize);
|
||||||
if(NewSid != NULL)
|
if (NewSid != NULL)
|
||||||
{
|
{
|
||||||
RtlCopyMemory(NewSid,
|
RtlCopyMemory(NewSid,
|
||||||
Sid,
|
Sid,
|
||||||
|
@ -353,7 +353,7 @@ SepReleaseSid(IN PSID CapturedSid,
|
||||||
{
|
{
|
||||||
PAGED_CODE();
|
PAGED_CODE();
|
||||||
|
|
||||||
if(CapturedSid != NULL &&
|
if (CapturedSid != NULL &&
|
||||||
(AccessMode != KernelMode ||
|
(AccessMode != KernelMode ||
|
||||||
(AccessMode == KernelMode && CaptureIfKernel)))
|
(AccessMode == KernelMode && CaptureIfKernel)))
|
||||||
{
|
{
|
||||||
|
|
|
@ -25,10 +25,12 @@ ERESOURCE SepTokenLock;
|
||||||
TOKEN_SOURCE SeSystemTokenSource = {"*SYSTEM*", {0}};
|
TOKEN_SOURCE SeSystemTokenSource = {"*SYSTEM*", {0}};
|
||||||
LUID SeSystemAuthenticationId = SYSTEM_LUID;
|
LUID SeSystemAuthenticationId = SYSTEM_LUID;
|
||||||
|
|
||||||
static GENERIC_MAPPING SepTokenMapping = {TOKEN_READ,
|
static GENERIC_MAPPING SepTokenMapping = {
|
||||||
|
TOKEN_READ,
|
||||||
TOKEN_WRITE,
|
TOKEN_WRITE,
|
||||||
TOKEN_EXECUTE,
|
TOKEN_EXECUTE,
|
||||||
TOKEN_ALL_ACCESS};
|
TOKEN_ALL_ACCESS
|
||||||
|
};
|
||||||
|
|
||||||
static const INFORMATION_CLASS_INFO SeTokenInformationClass[] = {
|
static const INFORMATION_CLASS_INFO SeTokenInformationClass[] = {
|
||||||
|
|
||||||
|
@ -108,10 +110,11 @@ SepFreeProxyData(PVOID ProxyData)
|
||||||
|
|
||||||
NTSTATUS
|
NTSTATUS
|
||||||
NTAPI
|
NTAPI
|
||||||
SepCopyProxyData(PVOID* Dest, PVOID Src)
|
SepCopyProxyData(PVOID* Dest,
|
||||||
|
PVOID Src)
|
||||||
{
|
{
|
||||||
UNIMPLEMENTED;
|
UNIMPLEMENTED;
|
||||||
return(STATUS_NOT_IMPLEMENTED);
|
return STATUS_NOT_IMPLEMENTED;
|
||||||
}
|
}
|
||||||
|
|
||||||
NTSTATUS
|
NTSTATUS
|
||||||
|
@ -170,7 +173,7 @@ RtlLengthSidAndAttributes(ULONG Count,
|
||||||
for (i = 0; i < Count; i++)
|
for (i = 0; i < Count; i++)
|
||||||
uLength += RtlLengthSid(Src[i].Sid);
|
uLength += RtlLengthSid(Src[i].Sid);
|
||||||
|
|
||||||
return(uLength);
|
return uLength;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@ -214,7 +217,7 @@ SepFindPrimaryGroupAndDefaultOwner(PTOKEN Token,
|
||||||
return(STATUS_INVALID_PRIMARY_GROUP);
|
return(STATUS_INVALID_PRIMARY_GROUP);
|
||||||
}
|
}
|
||||||
|
|
||||||
return(STATUS_SUCCESS);
|
return STATUS_SUCCESS;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@ -248,7 +251,7 @@ SepDuplicateToken(PTOKEN Token,
|
||||||
if (!NT_SUCCESS(Status))
|
if (!NT_SUCCESS(Status))
|
||||||
{
|
{
|
||||||
DPRINT1("ObCreateObject() failed (Status %lx)\n", Status);
|
DPRINT1("ObCreateObject() failed (Status %lx)\n", Status);
|
||||||
return(Status);
|
return Status;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Zero out the buffer */
|
/* Zero out the buffer */
|
||||||
|
@ -258,14 +261,14 @@ SepDuplicateToken(PTOKEN Token,
|
||||||
if (!NT_SUCCESS(Status))
|
if (!NT_SUCCESS(Status))
|
||||||
{
|
{
|
||||||
ObDereferenceObject(AccessToken);
|
ObDereferenceObject(AccessToken);
|
||||||
return(Status);
|
return Status;
|
||||||
}
|
}
|
||||||
|
|
||||||
Status = ZwAllocateLocallyUniqueId(&AccessToken->ModifiedId);
|
Status = ZwAllocateLocallyUniqueId(&AccessToken->ModifiedId);
|
||||||
if (!NT_SUCCESS(Status))
|
if (!NT_SUCCESS(Status))
|
||||||
{
|
{
|
||||||
ObDereferenceObject(AccessToken);
|
ObDereferenceObject(AccessToken);
|
||||||
return(Status);
|
return Status;
|
||||||
}
|
}
|
||||||
|
|
||||||
AccessToken->TokenLock = &SepTokenLock;
|
AccessToken->TokenLock = &SepTokenLock;
|
||||||
|
@ -327,7 +330,7 @@ SepDuplicateToken(PTOKEN Token,
|
||||||
Token->Privileges[i].Attributes;
|
Token->Privileges[i].Attributes;
|
||||||
}
|
}
|
||||||
|
|
||||||
if ( Token->DefaultDacl )
|
if (Token->DefaultDacl)
|
||||||
{
|
{
|
||||||
AccessToken->DefaultDacl =
|
AccessToken->DefaultDacl =
|
||||||
(PACL) ExAllocatePoolWithTag(PagedPool,
|
(PACL) ExAllocatePoolWithTag(PagedPool,
|
||||||
|
@ -339,13 +342,13 @@ SepDuplicateToken(PTOKEN Token,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if ( NT_SUCCESS(Status) )
|
if (NT_SUCCESS(Status))
|
||||||
{
|
{
|
||||||
*NewAccessToken = AccessToken;
|
*NewAccessToken = AccessToken;
|
||||||
return(STATUS_SUCCESS);
|
return(STATUS_SUCCESS);
|
||||||
}
|
}
|
||||||
|
|
||||||
return(Status);
|
return Status;
|
||||||
}
|
}
|
||||||
|
|
||||||
NTSTATUS
|
NTSTATUS
|
||||||
|
@ -447,10 +450,11 @@ SeCopyClientToken(IN PACCESS_TOKEN Token,
|
||||||
PreviousMode,
|
PreviousMode,
|
||||||
(PTOKEN*)NewToken);
|
(PTOKEN*)NewToken);
|
||||||
|
|
||||||
return(Status);
|
return Status;
|
||||||
}
|
}
|
||||||
|
|
||||||
VOID NTAPI
|
VOID
|
||||||
|
NTAPI
|
||||||
SepDeleteToken(PVOID ObjectBody)
|
SepDeleteToken(PVOID ObjectBody)
|
||||||
{
|
{
|
||||||
PTOKEN AccessToken = (PTOKEN)ObjectBody;
|
PTOKEN AccessToken = (PTOKEN)ObjectBody;
|
||||||
|
@ -577,11 +581,11 @@ SepCreateToken(OUT PHANDLE TokenHandle,
|
||||||
|
|
||||||
Status = ZwAllocateLocallyUniqueId(&TokenId);
|
Status = ZwAllocateLocallyUniqueId(&TokenId);
|
||||||
if (!NT_SUCCESS(Status))
|
if (!NT_SUCCESS(Status))
|
||||||
return(Status);
|
return Status;
|
||||||
|
|
||||||
Status = ZwAllocateLocallyUniqueId(&ModifiedId);
|
Status = ZwAllocateLocallyUniqueId(&ModifiedId);
|
||||||
if (!NT_SUCCESS(Status))
|
if (!NT_SUCCESS(Status))
|
||||||
return(Status);
|
return Status;
|
||||||
|
|
||||||
Status = ObCreateObject(PreviousMode,
|
Status = ObCreateObject(PreviousMode,
|
||||||
SepTokenObjectType,
|
SepTokenObjectType,
|
||||||
|
@ -595,7 +599,7 @@ SepCreateToken(OUT PHANDLE TokenHandle,
|
||||||
if (!NT_SUCCESS(Status))
|
if (!NT_SUCCESS(Status))
|
||||||
{
|
{
|
||||||
DPRINT1("ObCreateObject() failed (Status %lx)\n");
|
DPRINT1("ObCreateObject() failed (Status %lx)\n");
|
||||||
return(Status);
|
return Status;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Zero out the buffer */
|
/* Zero out the buffer */
|
||||||
|
@ -708,8 +712,7 @@ SepCreateToken(OUT PHANDLE TokenHandle,
|
||||||
|
|
||||||
if (!SystemToken)
|
if (!SystemToken)
|
||||||
{
|
{
|
||||||
|
Status = ObInsertObject((PVOID)AccessToken,
|
||||||
Status = ObInsertObject ((PVOID)AccessToken,
|
|
||||||
NULL,
|
NULL,
|
||||||
DesiredAccess,
|
DesiredAccess,
|
||||||
0,
|
0,
|
||||||
|
@ -915,7 +918,8 @@ SeQuerySessionIdToken(IN PACCESS_TOKEN Token,
|
||||||
/*
|
/*
|
||||||
* @implemented
|
* @implemented
|
||||||
*/
|
*/
|
||||||
NTSTATUS NTAPI
|
NTSTATUS
|
||||||
|
NTAPI
|
||||||
SeQueryAuthenticationIdToken(IN PACCESS_TOKEN Token,
|
SeQueryAuthenticationIdToken(IN PACCESS_TOKEN Token,
|
||||||
OUT PLUID LogonId)
|
OUT PLUID LogonId)
|
||||||
{
|
{
|
||||||
|
@ -960,6 +964,7 @@ NTAPI
|
||||||
SeTokenIsAdmin(IN PACCESS_TOKEN Token)
|
SeTokenIsAdmin(IN PACCESS_TOKEN Token)
|
||||||
{
|
{
|
||||||
PAGED_CODE();
|
PAGED_CODE();
|
||||||
|
|
||||||
return (((PTOKEN)Token)->TokenFlags & TOKEN_WRITE_RESTRICTED) != 0;
|
return (((PTOKEN)Token)->TokenFlags & TOKEN_WRITE_RESTRICTED) != 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -971,6 +976,7 @@ NTAPI
|
||||||
SeTokenIsRestricted(IN PACCESS_TOKEN Token)
|
SeTokenIsRestricted(IN PACCESS_TOKEN Token)
|
||||||
{
|
{
|
||||||
PAGED_CODE();
|
PAGED_CODE();
|
||||||
|
|
||||||
return (((PTOKEN)Token)->TokenFlags & TOKEN_IS_RESTRICTED) != 0;
|
return (((PTOKEN)Token)->TokenFlags & TOKEN_IS_RESTRICTED) != 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -982,6 +988,7 @@ NTAPI
|
||||||
SeTokenIsWriteRestricted(IN PACCESS_TOKEN Token)
|
SeTokenIsWriteRestricted(IN PACCESS_TOKEN Token)
|
||||||
{
|
{
|
||||||
PAGED_CODE();
|
PAGED_CODE();
|
||||||
|
|
||||||
return (((PTOKEN)Token)->TokenFlags & TOKEN_HAS_RESTORE_PRIVILEGE) != 0;
|
return (((PTOKEN)Token)->TokenFlags & TOKEN_HAS_RESTORE_PRIVILEGE) != 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1020,8 +1027,7 @@ NtQueryInformationToken(IN HANDLE TokenHandle,
|
||||||
ReturnLength,
|
ReturnLength,
|
||||||
NULL,
|
NULL,
|
||||||
PreviousMode);
|
PreviousMode);
|
||||||
|
if (!NT_SUCCESS(Status))
|
||||||
if(!NT_SUCCESS(Status))
|
|
||||||
{
|
{
|
||||||
DPRINT("NtQueryInformationToken() failed, Status: 0x%x\n", Status);
|
DPRINT("NtQueryInformationToken() failed, Status: 0x%x\n", Status);
|
||||||
return Status;
|
return Status;
|
||||||
|
@ -1047,7 +1053,7 @@ NtQueryInformationToken(IN HANDLE TokenHandle,
|
||||||
|
|
||||||
_SEH2_TRY
|
_SEH2_TRY
|
||||||
{
|
{
|
||||||
if(TokenInformationLength >= RequiredLength)
|
if (TokenInformationLength >= RequiredLength)
|
||||||
{
|
{
|
||||||
Status = RtlCopySidAndAttributesArray(1,
|
Status = RtlCopySidAndAttributesArray(1,
|
||||||
&Token->UserAndGroups[0],
|
&Token->UserAndGroups[0],
|
||||||
|
@ -1062,7 +1068,7 @@ NtQueryInformationToken(IN HANDLE TokenHandle,
|
||||||
Status = STATUS_BUFFER_TOO_SMALL;
|
Status = STATUS_BUFFER_TOO_SMALL;
|
||||||
}
|
}
|
||||||
|
|
||||||
if(ReturnLength != NULL)
|
if (ReturnLength != NULL)
|
||||||
{
|
{
|
||||||
*ReturnLength = RequiredLength;
|
*ReturnLength = RequiredLength;
|
||||||
}
|
}
|
||||||
|
@ -1086,7 +1092,7 @@ NtQueryInformationToken(IN HANDLE TokenHandle,
|
||||||
|
|
||||||
_SEH2_TRY
|
_SEH2_TRY
|
||||||
{
|
{
|
||||||
if(TokenInformationLength >= RequiredLength)
|
if (TokenInformationLength >= RequiredLength)
|
||||||
{
|
{
|
||||||
ULONG SidLen = RequiredLength - sizeof(tg->GroupCount) -
|
ULONG SidLen = RequiredLength - sizeof(tg->GroupCount) -
|
||||||
((Token->UserAndGroupCount - 1) * sizeof(SID_AND_ATTRIBUTES));
|
((Token->UserAndGroupCount - 1) * sizeof(SID_AND_ATTRIBUTES));
|
||||||
|
@ -1107,7 +1113,7 @@ NtQueryInformationToken(IN HANDLE TokenHandle,
|
||||||
Status = STATUS_BUFFER_TOO_SMALL;
|
Status = STATUS_BUFFER_TOO_SMALL;
|
||||||
}
|
}
|
||||||
|
|
||||||
if(ReturnLength != NULL)
|
if (ReturnLength != NULL)
|
||||||
{
|
{
|
||||||
*ReturnLength = RequiredLength;
|
*ReturnLength = RequiredLength;
|
||||||
}
|
}
|
||||||
|
@ -1131,7 +1137,7 @@ NtQueryInformationToken(IN HANDLE TokenHandle,
|
||||||
|
|
||||||
_SEH2_TRY
|
_SEH2_TRY
|
||||||
{
|
{
|
||||||
if(TokenInformationLength >= RequiredLength)
|
if (TokenInformationLength >= RequiredLength)
|
||||||
{
|
{
|
||||||
tp->PrivilegeCount = Token->PrivilegeCount;
|
tp->PrivilegeCount = Token->PrivilegeCount;
|
||||||
RtlCopyLuidAndAttributesArray(Token->PrivilegeCount,
|
RtlCopyLuidAndAttributesArray(Token->PrivilegeCount,
|
||||||
|
@ -1143,7 +1149,7 @@ NtQueryInformationToken(IN HANDLE TokenHandle,
|
||||||
Status = STATUS_BUFFER_TOO_SMALL;
|
Status = STATUS_BUFFER_TOO_SMALL;
|
||||||
}
|
}
|
||||||
|
|
||||||
if(ReturnLength != NULL)
|
if (ReturnLength != NULL)
|
||||||
{
|
{
|
||||||
*ReturnLength = RequiredLength;
|
*ReturnLength = RequiredLength;
|
||||||
}
|
}
|
||||||
|
@ -1168,7 +1174,7 @@ NtQueryInformationToken(IN HANDLE TokenHandle,
|
||||||
|
|
||||||
_SEH2_TRY
|
_SEH2_TRY
|
||||||
{
|
{
|
||||||
if(TokenInformationLength >= RequiredLength)
|
if (TokenInformationLength >= RequiredLength)
|
||||||
{
|
{
|
||||||
to->Owner = (PSID)(to + 1);
|
to->Owner = (PSID)(to + 1);
|
||||||
Status = RtlCopySid(SidLen,
|
Status = RtlCopySid(SidLen,
|
||||||
|
@ -1180,7 +1186,7 @@ NtQueryInformationToken(IN HANDLE TokenHandle,
|
||||||
Status = STATUS_BUFFER_TOO_SMALL;
|
Status = STATUS_BUFFER_TOO_SMALL;
|
||||||
}
|
}
|
||||||
|
|
||||||
if(ReturnLength != NULL)
|
if (ReturnLength != NULL)
|
||||||
{
|
{
|
||||||
*ReturnLength = RequiredLength;
|
*ReturnLength = RequiredLength;
|
||||||
}
|
}
|
||||||
|
@ -1205,7 +1211,7 @@ NtQueryInformationToken(IN HANDLE TokenHandle,
|
||||||
|
|
||||||
_SEH2_TRY
|
_SEH2_TRY
|
||||||
{
|
{
|
||||||
if(TokenInformationLength >= RequiredLength)
|
if (TokenInformationLength >= RequiredLength)
|
||||||
{
|
{
|
||||||
tpg->PrimaryGroup = (PSID)(tpg + 1);
|
tpg->PrimaryGroup = (PSID)(tpg + 1);
|
||||||
Status = RtlCopySid(SidLen,
|
Status = RtlCopySid(SidLen,
|
||||||
|
@ -1217,7 +1223,7 @@ NtQueryInformationToken(IN HANDLE TokenHandle,
|
||||||
Status = STATUS_BUFFER_TOO_SMALL;
|
Status = STATUS_BUFFER_TOO_SMALL;
|
||||||
}
|
}
|
||||||
|
|
||||||
if(ReturnLength != NULL)
|
if (ReturnLength != NULL)
|
||||||
{
|
{
|
||||||
*ReturnLength = RequiredLength;
|
*ReturnLength = RequiredLength;
|
||||||
}
|
}
|
||||||
|
@ -1238,16 +1244,16 @@ NtQueryInformationToken(IN HANDLE TokenHandle,
|
||||||
DPRINT("NtQueryInformationToken(TokenDefaultDacl)\n");
|
DPRINT("NtQueryInformationToken(TokenDefaultDacl)\n");
|
||||||
RequiredLength = sizeof(TOKEN_DEFAULT_DACL);
|
RequiredLength = sizeof(TOKEN_DEFAULT_DACL);
|
||||||
|
|
||||||
if(Token->DefaultDacl != NULL)
|
if (Token->DefaultDacl != NULL)
|
||||||
{
|
{
|
||||||
RequiredLength += Token->DefaultDacl->AclSize;
|
RequiredLength += Token->DefaultDacl->AclSize;
|
||||||
}
|
}
|
||||||
|
|
||||||
_SEH2_TRY
|
_SEH2_TRY
|
||||||
{
|
{
|
||||||
if(TokenInformationLength >= RequiredLength)
|
if (TokenInformationLength >= RequiredLength)
|
||||||
{
|
{
|
||||||
if(Token->DefaultDacl != NULL)
|
if (Token->DefaultDacl != NULL)
|
||||||
{
|
{
|
||||||
tdd->DefaultDacl = (PACL)(tdd + 1);
|
tdd->DefaultDacl = (PACL)(tdd + 1);
|
||||||
RtlCopyMemory(tdd->DefaultDacl,
|
RtlCopyMemory(tdd->DefaultDacl,
|
||||||
|
@ -1264,7 +1270,7 @@ NtQueryInformationToken(IN HANDLE TokenHandle,
|
||||||
Status = STATUS_BUFFER_TOO_SMALL;
|
Status = STATUS_BUFFER_TOO_SMALL;
|
||||||
}
|
}
|
||||||
|
|
||||||
if(ReturnLength != NULL)
|
if (ReturnLength != NULL)
|
||||||
{
|
{
|
||||||
*ReturnLength = RequiredLength;
|
*ReturnLength = RequiredLength;
|
||||||
}
|
}
|
||||||
|
@ -1287,7 +1293,7 @@ NtQueryInformationToken(IN HANDLE TokenHandle,
|
||||||
|
|
||||||
_SEH2_TRY
|
_SEH2_TRY
|
||||||
{
|
{
|
||||||
if(TokenInformationLength >= RequiredLength)
|
if (TokenInformationLength >= RequiredLength)
|
||||||
{
|
{
|
||||||
*ts = Token->TokenSource;
|
*ts = Token->TokenSource;
|
||||||
}
|
}
|
||||||
|
@ -1296,7 +1302,7 @@ NtQueryInformationToken(IN HANDLE TokenHandle,
|
||||||
Status = STATUS_BUFFER_TOO_SMALL;
|
Status = STATUS_BUFFER_TOO_SMALL;
|
||||||
}
|
}
|
||||||
|
|
||||||
if(ReturnLength != NULL)
|
if (ReturnLength != NULL)
|
||||||
{
|
{
|
||||||
*ReturnLength = RequiredLength;
|
*ReturnLength = RequiredLength;
|
||||||
}
|
}
|
||||||
|
@ -1319,7 +1325,7 @@ NtQueryInformationToken(IN HANDLE TokenHandle,
|
||||||
|
|
||||||
_SEH2_TRY
|
_SEH2_TRY
|
||||||
{
|
{
|
||||||
if(TokenInformationLength >= RequiredLength)
|
if (TokenInformationLength >= RequiredLength)
|
||||||
{
|
{
|
||||||
*tt = Token->TokenType;
|
*tt = Token->TokenType;
|
||||||
}
|
}
|
||||||
|
@ -1328,7 +1334,7 @@ NtQueryInformationToken(IN HANDLE TokenHandle,
|
||||||
Status = STATUS_BUFFER_TOO_SMALL;
|
Status = STATUS_BUFFER_TOO_SMALL;
|
||||||
}
|
}
|
||||||
|
|
||||||
if(ReturnLength != NULL)
|
if (ReturnLength != NULL)
|
||||||
{
|
{
|
||||||
*ReturnLength = RequiredLength;
|
*ReturnLength = RequiredLength;
|
||||||
}
|
}
|
||||||
|
@ -1359,7 +1365,7 @@ NtQueryInformationToken(IN HANDLE TokenHandle,
|
||||||
|
|
||||||
_SEH2_TRY
|
_SEH2_TRY
|
||||||
{
|
{
|
||||||
if(TokenInformationLength >= RequiredLength)
|
if (TokenInformationLength >= RequiredLength)
|
||||||
{
|
{
|
||||||
*sil = Token->ImpersonationLevel;
|
*sil = Token->ImpersonationLevel;
|
||||||
}
|
}
|
||||||
|
@ -1368,7 +1374,7 @@ NtQueryInformationToken(IN HANDLE TokenHandle,
|
||||||
Status = STATUS_BUFFER_TOO_SMALL;
|
Status = STATUS_BUFFER_TOO_SMALL;
|
||||||
}
|
}
|
||||||
|
|
||||||
if(ReturnLength != NULL)
|
if (ReturnLength != NULL)
|
||||||
{
|
{
|
||||||
*ReturnLength = RequiredLength;
|
*ReturnLength = RequiredLength;
|
||||||
}
|
}
|
||||||
|
@ -1391,7 +1397,7 @@ NtQueryInformationToken(IN HANDLE TokenHandle,
|
||||||
|
|
||||||
_SEH2_TRY
|
_SEH2_TRY
|
||||||
{
|
{
|
||||||
if(TokenInformationLength >= RequiredLength)
|
if (TokenInformationLength >= RequiredLength)
|
||||||
{
|
{
|
||||||
ts->TokenId = Token->TokenId;
|
ts->TokenId = Token->TokenId;
|
||||||
ts->AuthenticationId = Token->AuthenticationId;
|
ts->AuthenticationId = Token->AuthenticationId;
|
||||||
|
@ -1409,7 +1415,7 @@ NtQueryInformationToken(IN HANDLE TokenHandle,
|
||||||
Status = STATUS_BUFFER_TOO_SMALL;
|
Status = STATUS_BUFFER_TOO_SMALL;
|
||||||
}
|
}
|
||||||
|
|
||||||
if(ReturnLength != NULL)
|
if (ReturnLength != NULL)
|
||||||
{
|
{
|
||||||
*ReturnLength = RequiredLength;
|
*ReturnLength = RequiredLength;
|
||||||
}
|
}
|
||||||
|
@ -1432,7 +1438,7 @@ NtQueryInformationToken(IN HANDLE TokenHandle,
|
||||||
|
|
||||||
_SEH2_TRY
|
_SEH2_TRY
|
||||||
{
|
{
|
||||||
if(TokenInformationLength >= RequiredLength)
|
if (TokenInformationLength >= RequiredLength)
|
||||||
{
|
{
|
||||||
RtlCopyLuid(&to->OriginatingLogonSession,
|
RtlCopyLuid(&to->OriginatingLogonSession,
|
||||||
&Token->AuthenticationId);
|
&Token->AuthenticationId);
|
||||||
|
@ -1442,7 +1448,7 @@ NtQueryInformationToken(IN HANDLE TokenHandle,
|
||||||
Status = STATUS_BUFFER_TOO_SMALL;
|
Status = STATUS_BUFFER_TOO_SMALL;
|
||||||
}
|
}
|
||||||
|
|
||||||
if(ReturnLength != NULL)
|
if (ReturnLength != NULL)
|
||||||
{
|
{
|
||||||
*ReturnLength = RequiredLength;
|
*ReturnLength = RequiredLength;
|
||||||
}
|
}
|
||||||
|
@ -1471,7 +1477,7 @@ NtQueryInformationToken(IN HANDLE TokenHandle,
|
||||||
|
|
||||||
_SEH2_TRY
|
_SEH2_TRY
|
||||||
{
|
{
|
||||||
if(TokenInformationLength >= RequiredLength)
|
if (TokenInformationLength >= RequiredLength)
|
||||||
{
|
{
|
||||||
ULONG SidLen = RequiredLength - sizeof(tg->GroupCount) -
|
ULONG SidLen = RequiredLength - sizeof(tg->GroupCount) -
|
||||||
(Token->RestrictedSidCount * sizeof(SID_AND_ATTRIBUTES));
|
(Token->RestrictedSidCount * sizeof(SID_AND_ATTRIBUTES));
|
||||||
|
@ -1492,7 +1498,7 @@ NtQueryInformationToken(IN HANDLE TokenHandle,
|
||||||
Status = STATUS_BUFFER_TOO_SMALL;
|
Status = STATUS_BUFFER_TOO_SMALL;
|
||||||
}
|
}
|
||||||
|
|
||||||
if(ReturnLength != NULL)
|
if (ReturnLength != NULL)
|
||||||
{
|
{
|
||||||
*ReturnLength = RequiredLength;
|
*ReturnLength = RequiredLength;
|
||||||
}
|
}
|
||||||
|
@ -1520,14 +1526,14 @@ NtQueryInformationToken(IN HANDLE TokenHandle,
|
||||||
Status = SeQuerySessionIdToken(Token,
|
Status = SeQuerySessionIdToken(Token,
|
||||||
&SessionId);
|
&SessionId);
|
||||||
|
|
||||||
if(NT_SUCCESS(Status))
|
if (NT_SUCCESS(Status))
|
||||||
{
|
{
|
||||||
_SEH2_TRY
|
_SEH2_TRY
|
||||||
{
|
{
|
||||||
/* buffer size was already verified, no need to check here again */
|
/* buffer size was already verified, no need to check here again */
|
||||||
*(PULONG)TokenInformation = SessionId;
|
*(PULONG)TokenInformation = SessionId;
|
||||||
|
|
||||||
if(ReturnLength != NULL)
|
if (ReturnLength != NULL)
|
||||||
{
|
{
|
||||||
*ReturnLength = sizeof(ULONG);
|
*ReturnLength = sizeof(ULONG);
|
||||||
}
|
}
|
||||||
|
@ -1551,7 +1557,7 @@ NtQueryInformationToken(IN HANDLE TokenHandle,
|
||||||
ObDereferenceObject(Token);
|
ObDereferenceObject(Token);
|
||||||
}
|
}
|
||||||
|
|
||||||
return(Status);
|
return Status;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@ -1582,15 +1588,14 @@ NtSetInformationToken(IN HANDLE TokenHandle,
|
||||||
TokenInformation,
|
TokenInformation,
|
||||||
TokenInformationLength,
|
TokenInformationLength,
|
||||||
PreviousMode);
|
PreviousMode);
|
||||||
|
if (!NT_SUCCESS(Status))
|
||||||
if(!NT_SUCCESS(Status))
|
|
||||||
{
|
{
|
||||||
/* Invalid buffers */
|
/* Invalid buffers */
|
||||||
DPRINT("NtSetInformationToken() failed, Status: 0x%x\n", Status);
|
DPRINT("NtSetInformationToken() failed, Status: 0x%x\n", Status);
|
||||||
return Status;
|
return Status;
|
||||||
}
|
}
|
||||||
|
|
||||||
if(TokenInformationClass == TokenSessionId)
|
if (TokenInformationClass == TokenSessionId)
|
||||||
{
|
{
|
||||||
NeededAccess |= TOKEN_ADJUST_SESSIONID;
|
NeededAccess |= TOKEN_ADJUST_SESSIONID;
|
||||||
}
|
}
|
||||||
|
@ -1607,7 +1612,7 @@ NtSetInformationToken(IN HANDLE TokenHandle,
|
||||||
{
|
{
|
||||||
case TokenOwner:
|
case TokenOwner:
|
||||||
{
|
{
|
||||||
if(TokenInformationLength >= sizeof(TOKEN_OWNER))
|
if (TokenInformationLength >= sizeof(TOKEN_OWNER))
|
||||||
{
|
{
|
||||||
PTOKEN_OWNER to = (PTOKEN_OWNER)TokenInformation;
|
PTOKEN_OWNER to = (PTOKEN_OWNER)TokenInformation;
|
||||||
PSID InputSid = NULL, CapturedSid;
|
PSID InputSid = NULL, CapturedSid;
|
||||||
|
@ -1627,7 +1632,7 @@ NtSetInformationToken(IN HANDLE TokenHandle,
|
||||||
PagedPool,
|
PagedPool,
|
||||||
FALSE,
|
FALSE,
|
||||||
&CapturedSid);
|
&CapturedSid);
|
||||||
if(NT_SUCCESS(Status))
|
if (NT_SUCCESS(Status))
|
||||||
{
|
{
|
||||||
RtlCopySid(RtlLengthSid(CapturedSid),
|
RtlCopySid(RtlLengthSid(CapturedSid),
|
||||||
Token->UserAndGroups[Token->DefaultOwnerIndex].Sid,
|
Token->UserAndGroups[Token->DefaultOwnerIndex].Sid,
|
||||||
|
@ -1646,7 +1651,7 @@ NtSetInformationToken(IN HANDLE TokenHandle,
|
||||||
|
|
||||||
case TokenPrimaryGroup:
|
case TokenPrimaryGroup:
|
||||||
{
|
{
|
||||||
if(TokenInformationLength >= sizeof(TOKEN_PRIMARY_GROUP))
|
if (TokenInformationLength >= sizeof(TOKEN_PRIMARY_GROUP))
|
||||||
{
|
{
|
||||||
PTOKEN_PRIMARY_GROUP tpg = (PTOKEN_PRIMARY_GROUP)TokenInformation;
|
PTOKEN_PRIMARY_GROUP tpg = (PTOKEN_PRIMARY_GROUP)TokenInformation;
|
||||||
PSID InputSid = NULL, CapturedSid;
|
PSID InputSid = NULL, CapturedSid;
|
||||||
|
@ -1666,7 +1671,7 @@ NtSetInformationToken(IN HANDLE TokenHandle,
|
||||||
PagedPool,
|
PagedPool,
|
||||||
FALSE,
|
FALSE,
|
||||||
&CapturedSid);
|
&CapturedSid);
|
||||||
if(NT_SUCCESS(Status))
|
if (NT_SUCCESS(Status))
|
||||||
{
|
{
|
||||||
RtlCopySid(RtlLengthSid(CapturedSid),
|
RtlCopySid(RtlLengthSid(CapturedSid),
|
||||||
Token->PrimaryGroup,
|
Token->PrimaryGroup,
|
||||||
|
@ -1685,7 +1690,7 @@ NtSetInformationToken(IN HANDLE TokenHandle,
|
||||||
|
|
||||||
case TokenDefaultDacl:
|
case TokenDefaultDacl:
|
||||||
{
|
{
|
||||||
if(TokenInformationLength >= sizeof(TOKEN_DEFAULT_DACL))
|
if (TokenInformationLength >= sizeof(TOKEN_DEFAULT_DACL))
|
||||||
{
|
{
|
||||||
PTOKEN_DEFAULT_DACL tdd = (PTOKEN_DEFAULT_DACL)TokenInformation;
|
PTOKEN_DEFAULT_DACL tdd = (PTOKEN_DEFAULT_DACL)TokenInformation;
|
||||||
PACL InputAcl = NULL;
|
PACL InputAcl = NULL;
|
||||||
|
@ -1700,7 +1705,7 @@ NtSetInformationToken(IN HANDLE TokenHandle,
|
||||||
}
|
}
|
||||||
_SEH2_END;
|
_SEH2_END;
|
||||||
|
|
||||||
if(InputAcl != NULL)
|
if (InputAcl != NULL)
|
||||||
{
|
{
|
||||||
PACL CapturedAcl;
|
PACL CapturedAcl;
|
||||||
|
|
||||||
|
@ -1710,7 +1715,7 @@ NtSetInformationToken(IN HANDLE TokenHandle,
|
||||||
PagedPool,
|
PagedPool,
|
||||||
TRUE,
|
TRUE,
|
||||||
&CapturedAcl);
|
&CapturedAcl);
|
||||||
if(NT_SUCCESS(Status))
|
if (NT_SUCCESS(Status))
|
||||||
{
|
{
|
||||||
/* free the previous dacl if present */
|
/* free the previous dacl if present */
|
||||||
if(Token->DefaultDacl != NULL)
|
if(Token->DefaultDacl != NULL)
|
||||||
|
@ -1725,7 +1730,7 @@ NtSetInformationToken(IN HANDLE TokenHandle,
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
/* clear and free the default dacl if present */
|
/* clear and free the default dacl if present */
|
||||||
if(Token->DefaultDacl != NULL)
|
if (Token->DefaultDacl != NULL)
|
||||||
{
|
{
|
||||||
ExFreePool(Token->DefaultDacl);
|
ExFreePool(Token->DefaultDacl);
|
||||||
Token->DefaultDacl = NULL;
|
Token->DefaultDacl = NULL;
|
||||||
|
@ -1754,7 +1759,7 @@ NtSetInformationToken(IN HANDLE TokenHandle,
|
||||||
}
|
}
|
||||||
_SEH2_END;
|
_SEH2_END;
|
||||||
|
|
||||||
if(!SeSinglePrivilegeCheck(SeTcbPrivilege,
|
if (!SeSinglePrivilegeCheck(SeTcbPrivilege,
|
||||||
PreviousMode))
|
PreviousMode))
|
||||||
{
|
{
|
||||||
Status = STATUS_PRIVILEGE_NOT_HELD;
|
Status = STATUS_PRIVILEGE_NOT_HELD;
|
||||||
|
@ -1775,7 +1780,7 @@ NtSetInformationToken(IN HANDLE TokenHandle,
|
||||||
ObDereferenceObject(Token);
|
ObDereferenceObject(Token);
|
||||||
}
|
}
|
||||||
|
|
||||||
return(Status);
|
return Status;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@ -1827,7 +1832,7 @@ NtDuplicateToken(IN HANDLE ExistingTokenHandle,
|
||||||
FALSE,
|
FALSE,
|
||||||
&CapturedSecurityQualityOfService,
|
&CapturedSecurityQualityOfService,
|
||||||
&QoSPresent);
|
&QoSPresent);
|
||||||
if(!NT_SUCCESS(Status))
|
if (!NT_SUCCESS(Status))
|
||||||
{
|
{
|
||||||
DPRINT1("NtDuplicateToken() failed to capture QoS! Status: 0x%x\n", Status);
|
DPRINT1("NtDuplicateToken() failed to capture QoS! Status: 0x%x\n", Status);
|
||||||
return Status;
|
return Status;
|
||||||
|
@ -1899,7 +1904,7 @@ NtAdjustGroupsToken(IN HANDLE TokenHandle,
|
||||||
* @implemented
|
* @implemented
|
||||||
*/
|
*/
|
||||||
NTSTATUS NTAPI
|
NTSTATUS NTAPI
|
||||||
NtAdjustPrivilegesToken (IN HANDLE TokenHandle,
|
NtAdjustPrivilegesToken(IN HANDLE TokenHandle,
|
||||||
IN BOOLEAN DisableAllPrivileges,
|
IN BOOLEAN DisableAllPrivileges,
|
||||||
IN PTOKEN_PRIVILEGES NewState,
|
IN PTOKEN_PRIVILEGES NewState,
|
||||||
IN ULONG BufferLength,
|
IN ULONG BufferLength,
|
||||||
|
@ -1997,6 +2002,7 @@ NtAdjustPrivilegesToken (IN HANDLE TokenHandle,
|
||||||
* accordingly and fail.
|
* accordingly and fail.
|
||||||
*/
|
*/
|
||||||
}
|
}
|
||||||
|
|
||||||
k++;
|
k++;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -2004,6 +2010,7 @@ NtAdjustPrivilegesToken (IN HANDLE TokenHandle,
|
||||||
Token->Privileges[i].Attributes &= ~SE_PRIVILEGE_ENABLED;
|
Token->Privileges[i].Attributes &= ~SE_PRIVILEGE_ENABLED;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
Status = STATUS_SUCCESS;
|
Status = STATUS_SUCCESS;
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
|
@ -2042,6 +2049,7 @@ NtAdjustPrivilegesToken (IN HANDLE TokenHandle,
|
||||||
* accordingly and fail.
|
* accordingly and fail.
|
||||||
*/
|
*/
|
||||||
}
|
}
|
||||||
|
|
||||||
k++;
|
k++;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -2052,10 +2060,12 @@ NtAdjustPrivilegesToken (IN HANDLE TokenHandle,
|
||||||
DPRINT ("New attributes %lx\n",
|
DPRINT ("New attributes %lx\n",
|
||||||
Token->Privileges[i].Attributes);
|
Token->Privileges[i].Attributes);
|
||||||
}
|
}
|
||||||
|
|
||||||
Count++;
|
Count++;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
Status = Count < NewState->PrivilegeCount ? STATUS_NOT_ALL_ASSIGNED : STATUS_SUCCESS;
|
Status = Count < NewState->PrivilegeCount ? STATUS_NOT_ALL_ASSIGNED : STATUS_SUCCESS;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -2102,7 +2112,7 @@ NtCreateToken(OUT PHANDLE TokenHandle,
|
||||||
|
|
||||||
PreviousMode = ExGetPreviousMode();
|
PreviousMode = ExGetPreviousMode();
|
||||||
|
|
||||||
if(PreviousMode != KernelMode)
|
if (PreviousMode != KernelMode)
|
||||||
{
|
{
|
||||||
_SEH2_TRY
|
_SEH2_TRY
|
||||||
{
|
{
|
||||||
|
@ -2324,7 +2334,7 @@ NtOpenThreadTokenEx(IN HANDLE ThreadHandle,
|
||||||
|
|
||||||
if (CopyOnOpen && NewThread) ObDereferenceObject(NewThread);
|
if (CopyOnOpen && NewThread) ObDereferenceObject(NewThread);
|
||||||
|
|
||||||
if(NT_SUCCESS(Status))
|
if (NT_SUCCESS(Status))
|
||||||
{
|
{
|
||||||
_SEH2_TRY
|
_SEH2_TRY
|
||||||
{
|
{
|
||||||
|
|
Loading…
Reference in a new issue