mirror of
https://github.com/reactos/reactos.git
synced 2024-06-29 01:12:06 +00:00
[FORMATTING]
No code changes. svn path=/trunk/; revision=47383
This commit is contained in:
parent
4e25539b71
commit
f0910f33d3
|
@ -30,6 +30,7 @@ SeCaptureSubjectContextEx(IN PETHREAD Thread,
|
|||
OUT PSECURITY_SUBJECT_CONTEXT SubjectContext)
|
||||
{
|
||||
BOOLEAN CopyOnOpen, EffectiveOnly;
|
||||
|
||||
PAGED_CODE();
|
||||
|
||||
/* Save the unique ID */
|
||||
|
@ -127,6 +128,7 @@ SeCreateAccessStateEx(IN PETHREAD Thread,
|
|||
{
|
||||
ACCESS_MASK AccessMask = Access;
|
||||
PTOKEN Token;
|
||||
|
||||
PAGED_CODE();
|
||||
|
||||
/* Map the Generic Acess to Specific Access if we have a Mapping */
|
||||
|
@ -200,6 +202,7 @@ NTAPI
|
|||
SeDeleteAccessState(IN PACCESS_STATE AccessState)
|
||||
{
|
||||
PAUX_ACCESS_DATA AuxData;
|
||||
|
||||
PAGED_CODE();
|
||||
|
||||
/* Get the Auxiliary Data */
|
||||
|
@ -213,6 +216,7 @@ SeDeleteAccessState(IN PACCESS_STATE AccessState)
|
|||
{
|
||||
ExFreePool(AccessState->ObjectName.Buffer);
|
||||
}
|
||||
|
||||
if (AccessState->ObjectTypeName.Buffer)
|
||||
{
|
||||
ExFreePool(AccessState->ObjectTypeName.Buffer);
|
||||
|
@ -252,6 +256,7 @@ SeCreateClientSecurity(IN PETHREAD Thread,
|
|||
PACCESS_TOKEN Token;
|
||||
NTSTATUS Status;
|
||||
PACCESS_TOKEN NewToken;
|
||||
|
||||
PAGED_CODE();
|
||||
|
||||
Token = PsReferenceEffectiveToken(Thread,
|
||||
|
@ -279,8 +284,7 @@ SeCreateClientSecurity(IN PETHREAD Thread,
|
|||
}
|
||||
|
||||
ClientContext->DirectAccessEffectiveOnly = ((ThreadEffectiveOnly) ||
|
||||
(Qos->EffectiveOnly)) ?
|
||||
TRUE : FALSE;
|
||||
(Qos->EffectiveOnly)) ? TRUE : FALSE;
|
||||
}
|
||||
|
||||
if (Qos->ContextTrackingMode == SECURITY_STATIC_TRACKING)
|
||||
|
@ -358,10 +362,12 @@ SeImpersonateClient(IN PSECURITY_CLIENT_CONTEXT ClientContext,
|
|||
{
|
||||
b = ClientContext->DirectAccessEffectiveOnly;
|
||||
}
|
||||
|
||||
if (ServerThread == NULL)
|
||||
{
|
||||
ServerThread = PsGetCurrentThread();
|
||||
}
|
||||
|
||||
PsImpersonateClient(ServerThread,
|
||||
ClientContext->ClientToken,
|
||||
1,
|
||||
|
|
|
@ -60,7 +60,6 @@ SepInitDACLs(VOID)
|
|||
GENERIC_ALL,
|
||||
SeLocalSystemSid);
|
||||
|
||||
|
||||
/* create PublicDefaultUnrestrictedDacl */
|
||||
AclLength = sizeof(ACL) +
|
||||
(sizeof(ACE) + RtlLengthSid(SeWorldSid)) +
|
||||
|
@ -216,7 +215,7 @@ SepInitDACLs(VOID)
|
|||
GENERIC_READ | GENERIC_EXECUTE,
|
||||
SeRestrictedCodeSid);
|
||||
|
||||
return(TRUE);
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
NTSTATUS NTAPI
|
||||
|
@ -299,7 +298,7 @@ SepCaptureAcl(IN PACL InputAcl,
|
|||
|
||||
NewAcl = ExAllocatePool(PoolType,
|
||||
AclSize);
|
||||
if(NewAcl != NULL)
|
||||
if (NewAcl != NULL)
|
||||
{
|
||||
_SEH2_TRY
|
||||
{
|
||||
|
@ -322,7 +321,7 @@ SepCaptureAcl(IN PACL InputAcl,
|
|||
Status = STATUS_INSUFFICIENT_RESOURCES;
|
||||
}
|
||||
}
|
||||
else if(!CaptureIfKernel)
|
||||
else if (!CaptureIfKernel)
|
||||
{
|
||||
*CapturedAcl = InputAcl;
|
||||
}
|
||||
|
@ -333,7 +332,7 @@ SepCaptureAcl(IN PACL InputAcl,
|
|||
NewAcl = ExAllocatePool(PoolType,
|
||||
AclSize);
|
||||
|
||||
if(NewAcl != NULL)
|
||||
if (NewAcl != NULL)
|
||||
{
|
||||
RtlCopyMemory(NewAcl,
|
||||
InputAcl,
|
||||
|
@ -358,7 +357,7 @@ SepReleaseAcl(IN PACL CapturedAcl,
|
|||
{
|
||||
PAGED_CODE();
|
||||
|
||||
if(CapturedAcl != NULL &&
|
||||
if (CapturedAcl != NULL &&
|
||||
(AccessMode != KernelMode ||
|
||||
(AccessMode == KernelMode && CaptureIfKernel)))
|
||||
{
|
||||
|
|
|
@ -4,7 +4,7 @@
|
|||
* FILE: ntoskrnl/se/audit.c
|
||||
* PURPOSE: Audit functions
|
||||
*
|
||||
* PROGRAMMERS: Eric Kohl <eric.kohl@t-online.de>
|
||||
* PROGRAMMERS: Eric Kohl
|
||||
*/
|
||||
|
||||
/* INCLUDES *******************************************************************/
|
||||
|
@ -47,6 +47,7 @@ SeInitializeProcessAuditName(IN PFILE_OBJECT FileObject,
|
|||
POBJECT_NAME_INFORMATION ObjectNameInfo = NULL;
|
||||
ULONG ReturnLength = 8;
|
||||
NTSTATUS Status;
|
||||
|
||||
PAGED_CODE();
|
||||
ASSERT(AuditInfo);
|
||||
|
||||
|
@ -120,6 +121,7 @@ SeLocateProcessImageName(IN PEPROCESS Process,
|
|||
PUNICODE_STRING ImageName;
|
||||
PFILE_OBJECT FileObject;
|
||||
NTSTATUS Status = STATUS_SUCCESS;
|
||||
|
||||
PAGED_CODE();
|
||||
|
||||
/* Assume failure */
|
||||
|
@ -260,11 +262,9 @@ SeAuditingFileOrGlobalEvents(IN BOOLEAN AccessGranted,
|
|||
*/
|
||||
VOID
|
||||
NTAPI
|
||||
SeCloseObjectAuditAlarm(
|
||||
IN PVOID Object,
|
||||
SeCloseObjectAuditAlarm(IN PVOID Object,
|
||||
IN HANDLE Handle,
|
||||
IN BOOLEAN PerformAction
|
||||
)
|
||||
IN BOOLEAN PerformAction)
|
||||
{
|
||||
UNIMPLEMENTED;
|
||||
}
|
||||
|
@ -363,7 +363,7 @@ NtCloseObjectAuditAlarm(IN PUNICODE_STRING SubsystemName,
|
|||
IN BOOLEAN GenerateOnClose)
|
||||
{
|
||||
UNIMPLEMENTED;
|
||||
return(STATUS_NOT_IMPLEMENTED);
|
||||
return STATUS_NOT_IMPLEMENTED;
|
||||
}
|
||||
|
||||
|
||||
|
@ -373,7 +373,7 @@ NtDeleteObjectAuditAlarm(IN PUNICODE_STRING SubsystemName,
|
|||
IN BOOLEAN GenerateOnClose)
|
||||
{
|
||||
UNIMPLEMENTED;
|
||||
return(STATUS_NOT_IMPLEMENTED);
|
||||
return STATUS_NOT_IMPLEMENTED;
|
||||
}
|
||||
|
||||
|
||||
|
@ -392,7 +392,7 @@ NtOpenObjectAuditAlarm(IN PUNICODE_STRING SubsystemName,
|
|||
OUT PBOOLEAN GenerateOnClose)
|
||||
{
|
||||
UNIMPLEMENTED;
|
||||
return(STATUS_NOT_IMPLEMENTED);
|
||||
return STATUS_NOT_IMPLEMENTED;
|
||||
}
|
||||
|
||||
|
||||
|
@ -404,7 +404,7 @@ NtPrivilegedServiceAuditAlarm(IN PUNICODE_STRING SubsystemName,
|
|||
IN BOOLEAN AccessGranted)
|
||||
{
|
||||
UNIMPLEMENTED;
|
||||
return(STATUS_NOT_IMPLEMENTED);
|
||||
return STATUS_NOT_IMPLEMENTED;
|
||||
}
|
||||
|
||||
|
||||
|
@ -417,7 +417,7 @@ NtPrivilegeObjectAuditAlarm(IN PUNICODE_STRING SubsystemName,
|
|||
IN BOOLEAN AccessGranted)
|
||||
{
|
||||
UNIMPLEMENTED;
|
||||
return(STATUS_NOT_IMPLEMENTED);
|
||||
return STATUS_NOT_IMPLEMENTED;
|
||||
}
|
||||
|
||||
/* EOF */
|
||||
|
|
|
@ -51,7 +51,7 @@ LUID SeEnableDelegationPrivilege;
|
|||
VOID
|
||||
INIT_FUNCTION
|
||||
NTAPI
|
||||
SepInitPrivileges (VOID)
|
||||
SepInitPrivileges(VOID)
|
||||
{
|
||||
SeCreateTokenPrivilege.LowPart = SE_CREATE_TOKEN_PRIVILEGE;
|
||||
SeCreateTokenPrivilege.HighPart = 0;
|
||||
|
@ -110,7 +110,7 @@ SepInitPrivileges (VOID)
|
|||
|
||||
BOOLEAN
|
||||
NTAPI
|
||||
SepPrivilegeCheck (PTOKEN Token,
|
||||
SepPrivilegeCheck(PTOKEN Token,
|
||||
PLUID_AND_ATTRIBUTES Privileges,
|
||||
ULONG PrivilegeCount,
|
||||
ULONG PrivilegeControl,
|
||||
|
@ -120,7 +120,7 @@ SepPrivilegeCheck (PTOKEN Token,
|
|||
ULONG j;
|
||||
ULONG k;
|
||||
|
||||
DPRINT ("SepPrivilegeCheck() called\n");
|
||||
DPRINT("SepPrivilegeCheck() called\n");
|
||||
|
||||
PAGED_CODE();
|
||||
|
||||
|
@ -139,8 +139,8 @@ SepPrivilegeCheck (PTOKEN Token,
|
|||
if (Token->Privileges[i].Luid.LowPart == Privileges[j].Luid.LowPart &&
|
||||
Token->Privileges[i].Luid.HighPart == Privileges[j].Luid.HighPart)
|
||||
{
|
||||
DPRINT ("Found privilege\n");
|
||||
DPRINT ("Privilege attributes %lx\n",
|
||||
DPRINT("Found privilege\n");
|
||||
DPRINT("Privilege attributes %lx\n",
|
||||
Token->Privileges[i].Attributes);
|
||||
|
||||
if (Token->Privileges[i].Attributes & SE_PRIVILEGE_ENABLED)
|
||||
|
@ -170,14 +170,14 @@ SepPrivilegeCheck (PTOKEN Token,
|
|||
|
||||
NTSTATUS
|
||||
NTAPI
|
||||
SeCaptureLuidAndAttributesArray (PLUID_AND_ATTRIBUTES Src,
|
||||
SeCaptureLuidAndAttributesArray(PLUID_AND_ATTRIBUTES Src,
|
||||
ULONG PrivilegeCount,
|
||||
KPROCESSOR_MODE PreviousMode,
|
||||
PLUID_AND_ATTRIBUTES AllocatedMem,
|
||||
ULONG AllocatedLength,
|
||||
POOL_TYPE PoolType,
|
||||
BOOLEAN CaptureIfKernel,
|
||||
PLUID_AND_ATTRIBUTES* Dest,
|
||||
PLUID_AND_ATTRIBUTES *Dest,
|
||||
PULONG Length)
|
||||
{
|
||||
ULONG BufferSize;
|
||||
|
@ -236,7 +236,6 @@ SeCaptureLuidAndAttributesArray (PLUID_AND_ATTRIBUTES Src,
|
|||
{
|
||||
*Dest = ExAllocatePool(PoolType,
|
||||
BufferSize);
|
||||
|
||||
if (*Dest == NULL)
|
||||
{
|
||||
return STATUS_INSUFFICIENT_RESOURCES;
|
||||
|
@ -266,7 +265,7 @@ SeCaptureLuidAndAttributesArray (PLUID_AND_ATTRIBUTES Src,
|
|||
|
||||
VOID
|
||||
NTAPI
|
||||
SeReleaseLuidAndAttributesArray (PLUID_AND_ATTRIBUTES Privilege,
|
||||
SeReleaseLuidAndAttributesArray(PLUID_AND_ATTRIBUTES Privilege,
|
||||
KPROCESSOR_MODE PreviousMode,
|
||||
BOOLEAN CaptureIfKernel)
|
||||
{
|
||||
|
@ -307,8 +306,9 @@ SeFreePrivileges(IN PPRIVILEGE_SET Privileges)
|
|||
/*
|
||||
* @implemented
|
||||
*/
|
||||
BOOLEAN NTAPI
|
||||
SePrivilegeCheck (PPRIVILEGE_SET Privileges,
|
||||
BOOLEAN
|
||||
NTAPI
|
||||
SePrivilegeCheck(PPRIVILEGE_SET Privileges,
|
||||
PSECURITY_SUBJECT_CONTEXT SubjectContext,
|
||||
KPROCESSOR_MODE PreviousMode)
|
||||
{
|
||||
|
@ -329,7 +329,7 @@ SePrivilegeCheck (PPRIVILEGE_SET Privileges,
|
|||
}
|
||||
}
|
||||
|
||||
return SepPrivilegeCheck (Token,
|
||||
return SepPrivilegeCheck(Token,
|
||||
Privileges->Privilege,
|
||||
Privileges->PrivilegeCount,
|
||||
Privileges->Control,
|
||||
|
@ -339,8 +339,9 @@ SePrivilegeCheck (PPRIVILEGE_SET Privileges,
|
|||
/*
|
||||
* @implemented
|
||||
*/
|
||||
BOOLEAN NTAPI
|
||||
SeSinglePrivilegeCheck (IN LUID PrivilegeValue,
|
||||
BOOLEAN
|
||||
NTAPI
|
||||
SeSinglePrivilegeCheck(IN LUID PrivilegeValue,
|
||||
IN KPROCESSOR_MODE PreviousMode)
|
||||
{
|
||||
SECURITY_SUBJECT_CONTEXT SubjectContext;
|
||||
|
@ -349,35 +350,36 @@ SeSinglePrivilegeCheck (IN LUID PrivilegeValue,
|
|||
|
||||
PAGED_CODE();
|
||||
|
||||
SeCaptureSubjectContext (&SubjectContext);
|
||||
SeCaptureSubjectContext(&SubjectContext);
|
||||
|
||||
Priv.PrivilegeCount = 1;
|
||||
Priv.Control = PRIVILEGE_SET_ALL_NECESSARY;
|
||||
Priv.Privilege[0].Luid = PrivilegeValue;
|
||||
Priv.Privilege[0].Attributes = SE_PRIVILEGE_ENABLED;
|
||||
|
||||
Result = SePrivilegeCheck (&Priv,
|
||||
Result = SePrivilegeCheck(&Priv,
|
||||
&SubjectContext,
|
||||
PreviousMode);
|
||||
|
||||
if (PreviousMode != KernelMode)
|
||||
{
|
||||
#if 0
|
||||
SePrivilegedServiceAuditAlarm (0,
|
||||
SePrivilegedServiceAuditAlarm(0,
|
||||
&SubjectContext,
|
||||
&PrivilegeValue);
|
||||
#endif
|
||||
}
|
||||
|
||||
SeReleaseSubjectContext (&SubjectContext);
|
||||
SeReleaseSubjectContext(&SubjectContext);
|
||||
|
||||
return Result;
|
||||
}
|
||||
|
||||
/* SYSTEM CALLS ***************************************************************/
|
||||
|
||||
NTSTATUS NTAPI
|
||||
NtPrivilegeCheck (IN HANDLE ClientToken,
|
||||
NTSTATUS
|
||||
NTAPI
|
||||
NtPrivilegeCheck(IN HANDLE ClientToken,
|
||||
IN PPRIVILEGE_SET RequiredPrivileges,
|
||||
OUT PBOOLEAN Result)
|
||||
{
|
||||
|
@ -438,7 +440,7 @@ NtPrivilegeCheck (IN HANDLE ClientToken,
|
|||
|
||||
/* reference the token and make sure we're
|
||||
not doing an anonymous impersonation */
|
||||
Status = ObReferenceObjectByHandle (ClientToken,
|
||||
Status = ObReferenceObjectByHandle(ClientToken,
|
||||
TOKEN_QUERY,
|
||||
SepTokenObjectType,
|
||||
PreviousMode,
|
||||
|
@ -452,12 +454,12 @@ NtPrivilegeCheck (IN HANDLE ClientToken,
|
|||
if (Token->TokenType == TokenImpersonation &&
|
||||
Token->ImpersonationLevel < SecurityIdentification)
|
||||
{
|
||||
ObDereferenceObject (Token);
|
||||
ObDereferenceObject(Token);
|
||||
return STATUS_BAD_IMPERSONATION_LEVEL;
|
||||
}
|
||||
|
||||
/* capture the privileges */
|
||||
Status = SeCaptureLuidAndAttributesArray (RequiredPrivileges->Privilege,
|
||||
Status = SeCaptureLuidAndAttributesArray(RequiredPrivileges->Privilege,
|
||||
PrivilegeCount,
|
||||
PreviousMode,
|
||||
NULL,
|
||||
|
@ -472,13 +474,13 @@ NtPrivilegeCheck (IN HANDLE ClientToken,
|
|||
return Status;
|
||||
}
|
||||
|
||||
CheckResult = SepPrivilegeCheck (Token,
|
||||
CheckResult = SepPrivilegeCheck(Token,
|
||||
Privileges,
|
||||
PrivilegeCount,
|
||||
PrivilegeControl,
|
||||
PreviousMode);
|
||||
|
||||
ObDereferenceObject (Token);
|
||||
ObDereferenceObject(Token);
|
||||
|
||||
/* return the array */
|
||||
_SEH2_TRY
|
||||
|
@ -495,12 +497,11 @@ NtPrivilegeCheck (IN HANDLE ClientToken,
|
|||
}
|
||||
_SEH2_END;
|
||||
|
||||
SeReleaseLuidAndAttributesArray (Privileges,
|
||||
SeReleaseLuidAndAttributesArray(Privileges,
|
||||
PreviousMode,
|
||||
TRUE);
|
||||
|
||||
return Status;
|
||||
}
|
||||
|
||||
|
||||
/* EOF */
|
||||
|
|
|
@ -227,9 +227,9 @@ SepCaptureSecurityQualityOfService(IN POBJECT_ATTRIBUTES ObjectAttributes OPTIO
|
|||
ASSERT(CapturedSecurityQualityOfService);
|
||||
ASSERT(Present);
|
||||
|
||||
if(ObjectAttributes != NULL)
|
||||
if (ObjectAttributes != NULL)
|
||||
{
|
||||
if(AccessMode != KernelMode)
|
||||
if (AccessMode != KernelMode)
|
||||
{
|
||||
SECURITY_QUALITY_OF_SERVICE SafeQos;
|
||||
|
||||
|
@ -238,15 +238,15 @@ SepCaptureSecurityQualityOfService(IN POBJECT_ATTRIBUTES ObjectAttributes OPTIO
|
|||
ProbeForRead(ObjectAttributes,
|
||||
sizeof(OBJECT_ATTRIBUTES),
|
||||
sizeof(ULONG));
|
||||
if(ObjectAttributes->Length == sizeof(OBJECT_ATTRIBUTES))
|
||||
if (ObjectAttributes->Length == sizeof(OBJECT_ATTRIBUTES))
|
||||
{
|
||||
if(ObjectAttributes->SecurityQualityOfService != NULL)
|
||||
if (ObjectAttributes->SecurityQualityOfService != NULL)
|
||||
{
|
||||
ProbeForRead(ObjectAttributes->SecurityQualityOfService,
|
||||
sizeof(SECURITY_QUALITY_OF_SERVICE),
|
||||
sizeof(ULONG));
|
||||
|
||||
if(((PSECURITY_QUALITY_OF_SERVICE)ObjectAttributes->SecurityQualityOfService)->Length ==
|
||||
if (((PSECURITY_QUALITY_OF_SERVICE)ObjectAttributes->SecurityQualityOfService)->Length ==
|
||||
sizeof(SECURITY_QUALITY_OF_SERVICE))
|
||||
{
|
||||
/* don't allocate memory here because ExAllocate should bugcheck
|
||||
|
@ -279,13 +279,13 @@ SepCaptureSecurityQualityOfService(IN POBJECT_ATTRIBUTES ObjectAttributes OPTIO
|
|||
}
|
||||
_SEH2_END;
|
||||
|
||||
if(NT_SUCCESS(Status))
|
||||
if (NT_SUCCESS(Status))
|
||||
{
|
||||
if(*Present)
|
||||
if (*Present)
|
||||
{
|
||||
CapturedQos = ExAllocatePool(PoolType,
|
||||
sizeof(SECURITY_QUALITY_OF_SERVICE));
|
||||
if(CapturedQos != NULL)
|
||||
if (CapturedQos != NULL)
|
||||
{
|
||||
RtlCopyMemory(CapturedQos,
|
||||
&SafeQos,
|
||||
|
@ -305,18 +305,18 @@ SepCaptureSecurityQualityOfService(IN POBJECT_ATTRIBUTES ObjectAttributes OPTIO
|
|||
}
|
||||
else
|
||||
{
|
||||
if(ObjectAttributes->Length == sizeof(OBJECT_ATTRIBUTES))
|
||||
if (ObjectAttributes->Length == sizeof(OBJECT_ATTRIBUTES))
|
||||
{
|
||||
if(CaptureIfKernel)
|
||||
if (CaptureIfKernel)
|
||||
{
|
||||
if(ObjectAttributes->SecurityQualityOfService != NULL)
|
||||
if (ObjectAttributes->SecurityQualityOfService != NULL)
|
||||
{
|
||||
if(((PSECURITY_QUALITY_OF_SERVICE)ObjectAttributes->SecurityQualityOfService)->Length ==
|
||||
if (((PSECURITY_QUALITY_OF_SERVICE)ObjectAttributes->SecurityQualityOfService)->Length ==
|
||||
sizeof(SECURITY_QUALITY_OF_SERVICE))
|
||||
{
|
||||
CapturedQos = ExAllocatePool(PoolType,
|
||||
sizeof(SECURITY_QUALITY_OF_SERVICE));
|
||||
if(CapturedQos != NULL)
|
||||
if (CapturedQos != NULL)
|
||||
{
|
||||
RtlCopyMemory(CapturedQos,
|
||||
ObjectAttributes->SecurityQualityOfService,
|
||||
|
@ -370,7 +370,7 @@ SepReleaseSecurityQualityOfService(IN PSECURITY_QUALITY_OF_SERVICE CapturedSecur
|
|||
{
|
||||
PAGED_CODE();
|
||||
|
||||
if(CapturedSecurityQualityOfService != NULL &&
|
||||
if (CapturedSecurityQualityOfService != NULL &&
|
||||
(AccessMode != KernelMode || CaptureIfKernel))
|
||||
{
|
||||
ExFreePool(CapturedSecurityQualityOfService);
|
||||
|
@ -399,9 +399,9 @@ SeCaptureSecurityDescriptor(IN PSECURITY_DESCRIPTOR _OriginalSecurityDescriptor,
|
|||
ULONG DescriptorSize = 0;
|
||||
NTSTATUS Status;
|
||||
|
||||
if(OriginalSecurityDescriptor != NULL)
|
||||
if (OriginalSecurityDescriptor != NULL)
|
||||
{
|
||||
if(CurrentMode != KernelMode)
|
||||
if (CurrentMode != KernelMode)
|
||||
{
|
||||
RtlZeroMemory(&DescriptorCopy, sizeof(DescriptorCopy));
|
||||
|
||||
|
@ -415,7 +415,7 @@ SeCaptureSecurityDescriptor(IN PSECURITY_DESCRIPTOR _OriginalSecurityDescriptor,
|
|||
DescriptorSize,
|
||||
sizeof(ULONG));
|
||||
|
||||
if(OriginalSecurityDescriptor->Revision != SECURITY_DESCRIPTOR_REVISION1)
|
||||
if (OriginalSecurityDescriptor->Revision != SECURITY_DESCRIPTOR_REVISION1)
|
||||
{
|
||||
_SEH2_YIELD(return STATUS_UNKNOWN_REVISION);
|
||||
}
|
||||
|
@ -432,7 +432,7 @@ SeCaptureSecurityDescriptor(IN PSECURITY_DESCRIPTOR _OriginalSecurityDescriptor,
|
|||
ProbeForRead(OriginalSecurityDescriptor,
|
||||
DescriptorSize,
|
||||
sizeof(ULONG));
|
||||
if(DescriptorCopy.Control & SE_SELF_RELATIVE)
|
||||
if (DescriptorCopy.Control & SE_SELF_RELATIVE)
|
||||
{
|
||||
PISECURITY_DESCRIPTOR_RELATIVE RelSD = (PISECURITY_DESCRIPTOR_RELATIVE)OriginalSecurityDescriptor;
|
||||
|
||||
|
@ -456,9 +456,9 @@ SeCaptureSecurityDescriptor(IN PSECURITY_DESCRIPTOR _OriginalSecurityDescriptor,
|
|||
}
|
||||
_SEH2_END;
|
||||
}
|
||||
else if(!CaptureIfKernel)
|
||||
else if (!CaptureIfKernel)
|
||||
{
|
||||
if(OriginalSecurityDescriptor->Revision != SECURITY_DESCRIPTOR_REVISION1)
|
||||
if (OriginalSecurityDescriptor->Revision != SECURITY_DESCRIPTOR_REVISION1)
|
||||
{
|
||||
return STATUS_UNKNOWN_REVISION;
|
||||
}
|
||||
|
@ -479,7 +479,7 @@ SeCaptureSecurityDescriptor(IN PSECURITY_DESCRIPTOR _OriginalSecurityDescriptor,
|
|||
DescriptorCopy.Control = OriginalSecurityDescriptor->Control;
|
||||
DescriptorSize = ((DescriptorCopy.Control & SE_SELF_RELATIVE) ?
|
||||
sizeof(SECURITY_DESCRIPTOR_RELATIVE) : sizeof(SECURITY_DESCRIPTOR));
|
||||
if(DescriptorCopy.Control & SE_SELF_RELATIVE)
|
||||
if (DescriptorCopy.Control & SE_SELF_RELATIVE)
|
||||
{
|
||||
PISECURITY_DESCRIPTOR_RELATIVE RelSD = (PISECURITY_DESCRIPTOR_RELATIVE)OriginalSecurityDescriptor;
|
||||
|
||||
|
@ -497,25 +497,25 @@ SeCaptureSecurityDescriptor(IN PSECURITY_DESCRIPTOR _OriginalSecurityDescriptor,
|
|||
}
|
||||
}
|
||||
|
||||
if(DescriptorCopy.Control & SE_SELF_RELATIVE)
|
||||
if (DescriptorCopy.Control & SE_SELF_RELATIVE)
|
||||
{
|
||||
/* in case we're dealing with a self-relative descriptor, do a basic convert
|
||||
to an absolute descriptor. We do this so we can simply access the data
|
||||
using the pointers without calculating them again. */
|
||||
DescriptorCopy.Control &= ~SE_SELF_RELATIVE;
|
||||
if(DescriptorCopy.Owner != NULL)
|
||||
if (DescriptorCopy.Owner != NULL)
|
||||
{
|
||||
DescriptorCopy.Owner = (PSID)((ULONG_PTR)OriginalSecurityDescriptor + (ULONG_PTR)DescriptorCopy.Owner);
|
||||
}
|
||||
if(DescriptorCopy.Group != NULL)
|
||||
if (DescriptorCopy.Group != NULL)
|
||||
{
|
||||
DescriptorCopy.Group = (PSID)((ULONG_PTR)OriginalSecurityDescriptor + (ULONG_PTR)DescriptorCopy.Group);
|
||||
}
|
||||
if(DescriptorCopy.Dacl != NULL)
|
||||
if (DescriptorCopy.Dacl != NULL)
|
||||
{
|
||||
DescriptorCopy.Dacl = (PACL)((ULONG_PTR)OriginalSecurityDescriptor + (ULONG_PTR)DescriptorCopy.Dacl);
|
||||
}
|
||||
if(DescriptorCopy.Sacl != NULL)
|
||||
if (DescriptorCopy.Sacl != NULL)
|
||||
{
|
||||
DescriptorCopy.Sacl = (PACL)((ULONG_PTR)OriginalSecurityDescriptor + (ULONG_PTR)DescriptorCopy.Sacl);
|
||||
}
|
||||
|
@ -683,7 +683,6 @@ Offset += ROUND_UP(Type##Size, sizeof(ULONG)); \
|
|||
to the caller */
|
||||
*CapturedSecurityDescriptor = NewDescriptor;
|
||||
return STATUS_SUCCESS;
|
||||
|
||||
}
|
||||
else
|
||||
{
|
||||
|
@ -899,13 +898,14 @@ SeSetSecurityDescriptorInfo(IN PVOID Object OPTIONAL,
|
|||
{
|
||||
if (SecurityDescriptor->Owner != NULL)
|
||||
{
|
||||
if( SecurityDescriptor->Control & SE_SELF_RELATIVE )
|
||||
if (SecurityDescriptor->Control & SE_SELF_RELATIVE)
|
||||
Owner = (PSID)((ULONG_PTR)SecurityDescriptor->Owner +
|
||||
(ULONG_PTR)SecurityDescriptor);
|
||||
else
|
||||
Owner = (PSID)SecurityDescriptor->Owner;
|
||||
OwnerLength = ROUND_UP(RtlLengthSid(Owner), 4);
|
||||
}
|
||||
|
||||
Control |= (SecurityDescriptor->Control & SE_OWNER_DEFAULTED);
|
||||
}
|
||||
else
|
||||
|
@ -915,6 +915,7 @@ SeSetSecurityDescriptorInfo(IN PVOID Object OPTIONAL,
|
|||
Owner = (PSID)((ULONG_PTR)ObjectSd->Owner + (ULONG_PTR)ObjectSd);
|
||||
OwnerLength = ROUND_UP(RtlLengthSid(Owner), 4);
|
||||
}
|
||||
|
||||
Control |= (ObjectSd->Control & SE_OWNER_DEFAULTED);
|
||||
}
|
||||
|
||||
|
@ -930,6 +931,7 @@ SeSetSecurityDescriptorInfo(IN PVOID Object OPTIONAL,
|
|||
Group = (PSID)SecurityDescriptor->Group;
|
||||
GroupLength = ROUND_UP(RtlLengthSid(Group), 4);
|
||||
}
|
||||
|
||||
Control |= (SecurityDescriptor->Control & SE_GROUP_DEFAULTED);
|
||||
}
|
||||
else
|
||||
|
@ -939,6 +941,7 @@ SeSetSecurityDescriptorInfo(IN PVOID Object OPTIONAL,
|
|||
Group = (PSID)((ULONG_PTR)ObjectSd->Group + (ULONG_PTR)ObjectSd);
|
||||
GroupLength = ROUND_UP(RtlLengthSid(Group), 4);
|
||||
}
|
||||
|
||||
Control |= (ObjectSd->Control & SE_GROUP_DEFAULTED);
|
||||
}
|
||||
|
||||
|
@ -956,6 +959,7 @@ SeSetSecurityDescriptorInfo(IN PVOID Object OPTIONAL,
|
|||
|
||||
DaclLength = ROUND_UP((ULONG)Dacl->AclSize, 4);
|
||||
}
|
||||
|
||||
Control |= (SecurityDescriptor->Control & (SE_DACL_DEFAULTED | SE_DACL_PRESENT));
|
||||
}
|
||||
else
|
||||
|
@ -966,6 +970,7 @@ SeSetSecurityDescriptorInfo(IN PVOID Object OPTIONAL,
|
|||
Dacl = (PACL)((ULONG_PTR)ObjectSd->Dacl + (ULONG_PTR)ObjectSd);
|
||||
DaclLength = ROUND_UP((ULONG)Dacl->AclSize, 4);
|
||||
}
|
||||
|
||||
Control |= (ObjectSd->Control & (SE_DACL_DEFAULTED | SE_DACL_PRESENT));
|
||||
}
|
||||
|
||||
|
@ -982,6 +987,7 @@ SeSetSecurityDescriptorInfo(IN PVOID Object OPTIONAL,
|
|||
Sacl = (PACL)SecurityDescriptor->Sacl;
|
||||
SaclLength = ROUND_UP((ULONG)Sacl->AclSize, 4);
|
||||
}
|
||||
|
||||
Control |= (SecurityDescriptor->Control & (SE_SACL_DEFAULTED | SE_SACL_PRESENT));
|
||||
}
|
||||
else
|
||||
|
@ -992,6 +998,7 @@ SeSetSecurityDescriptorInfo(IN PVOID Object OPTIONAL,
|
|||
Sacl = (PACL)((ULONG_PTR)ObjectSd->Sacl + (ULONG_PTR)ObjectSd);
|
||||
SaclLength = ROUND_UP((ULONG)Sacl->AclSize, 4);
|
||||
}
|
||||
|
||||
Control |= (ObjectSd->Control & (SE_SACL_DEFAULTED | SE_SACL_PRESENT));
|
||||
}
|
||||
|
||||
|
@ -1006,6 +1013,7 @@ SeSetSecurityDescriptorInfo(IN PVOID Object OPTIONAL,
|
|||
|
||||
RtlCreateSecurityDescriptor(NewSd,
|
||||
SECURITY_DESCRIPTOR_REVISION1);
|
||||
|
||||
/* We always build a self-relative descriptor */
|
||||
NewSd->Control = (USHORT)Control | SE_SELF_RELATIVE;
|
||||
|
||||
|
@ -1288,7 +1296,6 @@ SeAssignSecurity(PSECURITY_DESCRIPTOR _ParentDescriptor OPTIONAL,
|
|||
Token = SubjectContext->PrimaryToken;
|
||||
}
|
||||
|
||||
|
||||
/* Inherit the Owner SID */
|
||||
if (ExplicitDescriptor != NULL && ExplicitDescriptor->Owner != NULL)
|
||||
{
|
||||
|
@ -1298,7 +1305,6 @@ SeAssignSecurity(PSECURITY_DESCRIPTOR _ParentDescriptor OPTIONAL,
|
|||
if (ExplicitDescriptor->Control & SE_SELF_RELATIVE)
|
||||
{
|
||||
Owner = (PSID)(((ULONG_PTR)Owner) + (ULONG_PTR)ExplicitDescriptor);
|
||||
|
||||
}
|
||||
}
|
||||
else
|
||||
|
@ -1319,7 +1325,6 @@ SeAssignSecurity(PSECURITY_DESCRIPTOR _ParentDescriptor OPTIONAL,
|
|||
|
||||
OwnerLength = ROUND_UP(RtlLengthSid(Owner), 4);
|
||||
|
||||
|
||||
/* Inherit the Group SID */
|
||||
if (ExplicitDescriptor != NULL && ExplicitDescriptor->Group != NULL)
|
||||
{
|
||||
|
@ -1348,7 +1353,6 @@ SeAssignSecurity(PSECURITY_DESCRIPTOR _ParentDescriptor OPTIONAL,
|
|||
|
||||
GroupLength = ROUND_UP(RtlLengthSid(Group), 4);
|
||||
|
||||
|
||||
/* Inherit the DACL */
|
||||
if (ExplicitDescriptor != NULL &&
|
||||
(ExplicitDescriptor->Control & SE_DACL_PRESENT) &&
|
||||
|
@ -1373,6 +1377,7 @@ SeAssignSecurity(PSECURITY_DESCRIPTOR _ParentDescriptor OPTIONAL,
|
|||
{
|
||||
Dacl = (PACL)(((ULONG_PTR)Dacl) + (ULONG_PTR)ParentDescriptor);
|
||||
}
|
||||
|
||||
Control |= (SE_DACL_PRESENT | SE_DACL_DEFAULTED);
|
||||
}
|
||||
else if (Token != NULL && Token->DefaultDacl != NULL)
|
||||
|
@ -1391,7 +1396,6 @@ SeAssignSecurity(PSECURITY_DESCRIPTOR _ParentDescriptor OPTIONAL,
|
|||
|
||||
DaclLength = (Dacl != NULL) ? ROUND_UP(Dacl->AclSize, 4) : 0;
|
||||
|
||||
|
||||
/* Inherit the SACL */
|
||||
if (ExplicitDescriptor != NULL &&
|
||||
(ExplicitDescriptor->Control & SE_SACL_PRESENT) &&
|
||||
|
@ -1416,12 +1420,12 @@ SeAssignSecurity(PSECURITY_DESCRIPTOR _ParentDescriptor OPTIONAL,
|
|||
{
|
||||
Sacl = (PACL)(((ULONG_PTR)Sacl) + (ULONG_PTR)ParentDescriptor);
|
||||
}
|
||||
|
||||
Control |= (SE_SACL_PRESENT | SE_SACL_DEFAULTED);
|
||||
}
|
||||
|
||||
SaclLength = (Sacl != NULL) ? ROUND_UP(Sacl->AclSize, 4) : 0;
|
||||
|
||||
|
||||
/* Allocate and initialize the new security descriptor */
|
||||
Length = sizeof(SECURITY_DESCRIPTOR) +
|
||||
OwnerLength + GroupLength + DaclLength + SaclLength;
|
||||
|
@ -1479,7 +1483,9 @@ SeAssignSecurity(PSECURITY_DESCRIPTOR _ParentDescriptor OPTIONAL,
|
|||
DPRINT("Owner of %x at %x\n", Descriptor, Descriptor->Owner);
|
||||
}
|
||||
else
|
||||
{
|
||||
DPRINT("Owner of %x is zero length\n", Descriptor);
|
||||
}
|
||||
|
||||
if (GroupLength != 0)
|
||||
{
|
||||
|
|
|
@ -17,13 +17,15 @@
|
|||
|
||||
PSE_EXPORTS SeExports = NULL;
|
||||
SE_EXPORTS SepExports;
|
||||
ULONG SidInTokenCalls = 0;
|
||||
|
||||
extern ULONG ExpInitializationPhase;
|
||||
extern ERESOURCE SepSubjectContextLock;
|
||||
|
||||
/* PRIVATE FUNCTIONS **********************************************************/
|
||||
|
||||
static BOOLEAN INIT_FUNCTION
|
||||
static BOOLEAN
|
||||
INIT_FUNCTION
|
||||
SepInitExports(VOID)
|
||||
{
|
||||
SepExports.SeCreateTokenPrivilege = SeCreateTokenPrivilege;
|
||||
|
@ -118,6 +120,7 @@ NTAPI
|
|||
SepInitializationPhase1(VOID)
|
||||
{
|
||||
NTSTATUS Status;
|
||||
|
||||
PAGED_CODE();
|
||||
|
||||
/* Insert the system token into the tree */
|
||||
|
@ -279,8 +282,6 @@ SeDefaultObjectMethod(IN PVOID Object,
|
|||
return STATUS_SUCCESS;
|
||||
}
|
||||
|
||||
ULONG SidInTokenCalls = 0;
|
||||
|
||||
static BOOLEAN
|
||||
SepSidInToken(PACCESS_TOKEN _Token,
|
||||
PSID Sid)
|
||||
|
@ -340,7 +341,8 @@ SepTokenIsOwner(PACCESS_TOKEN Token,
|
|||
return SepSidInToken(Token, Sid);
|
||||
}
|
||||
|
||||
VOID NTAPI
|
||||
VOID
|
||||
NTAPI
|
||||
SeQuerySecurityAccessMask(IN SECURITY_INFORMATION SecurityInformation,
|
||||
OUT PACCESS_MASK DesiredAccess)
|
||||
{
|
||||
|
@ -351,13 +353,15 @@ SeQuerySecurityAccessMask(IN SECURITY_INFORMATION SecurityInformation,
|
|||
{
|
||||
*DesiredAccess |= READ_CONTROL;
|
||||
}
|
||||
|
||||
if (SecurityInformation & SACL_SECURITY_INFORMATION)
|
||||
{
|
||||
*DesiredAccess |= ACCESS_SYSTEM_SECURITY;
|
||||
}
|
||||
}
|
||||
|
||||
VOID NTAPI
|
||||
VOID
|
||||
NTAPI
|
||||
SeSetSecurityAccessMask(IN SECURITY_INFORMATION SecurityInformation,
|
||||
OUT PACCESS_MASK DesiredAccess)
|
||||
{
|
||||
|
@ -367,10 +371,12 @@ SeSetSecurityAccessMask(IN SECURITY_INFORMATION SecurityInformation,
|
|||
{
|
||||
*DesiredAccess |= WRITE_OWNER;
|
||||
}
|
||||
|
||||
if (SecurityInformation & DACL_SECURITY_INFORMATION)
|
||||
{
|
||||
*DesiredAccess |= WRITE_DAC;
|
||||
}
|
||||
|
||||
if (SecurityInformation & SACL_SECURITY_INFORMATION)
|
||||
{
|
||||
*DesiredAccess |= ACCESS_SYSTEM_SECURITY;
|
||||
|
@ -763,7 +769,8 @@ SepGetSDGroup(IN PSECURITY_DESCRIPTOR _SecurityDescriptor)
|
|||
/*
|
||||
* @implemented
|
||||
*/
|
||||
BOOLEAN NTAPI
|
||||
BOOLEAN
|
||||
NTAPI
|
||||
SeAccessCheck(IN PSECURITY_DESCRIPTOR SecurityDescriptor,
|
||||
IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext,
|
||||
IN BOOLEAN SubjectContextLocked,
|
||||
|
|
|
@ -150,7 +150,7 @@ SepInitSecurityIDs(VOID)
|
|||
SeAnonymousLogonSid == NULL)
|
||||
{
|
||||
FreeInitializedSids();
|
||||
return(FALSE);
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
RtlInitializeSid(SeNullSid, &SeNullSidAuthority, 1);
|
||||
|
@ -253,7 +253,7 @@ SepInitSecurityIDs(VOID)
|
|||
SubAuthority = RtlSubAuthoritySid(SeAnonymousLogonSid, 0);
|
||||
*SubAuthority = SECURITY_ANONYMOUS_LOGON_RID;
|
||||
|
||||
return(TRUE);
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
NTSTATUS
|
||||
|
@ -293,7 +293,7 @@ SepCaptureSid(IN PSID InputSid,
|
|||
/* allocate a SID and copy it */
|
||||
NewSid = ExAllocatePool(PoolType,
|
||||
SidSize);
|
||||
if(NewSid != NULL)
|
||||
if (NewSid != NULL)
|
||||
{
|
||||
_SEH2_TRY
|
||||
{
|
||||
|
@ -316,7 +316,7 @@ SepCaptureSid(IN PSID InputSid,
|
|||
Status = STATUS_INSUFFICIENT_RESOURCES;
|
||||
}
|
||||
}
|
||||
else if(!CaptureIfKernel)
|
||||
else if (!CaptureIfKernel)
|
||||
{
|
||||
*CapturedSid = InputSid;
|
||||
return STATUS_SUCCESS;
|
||||
|
@ -328,7 +328,7 @@ SepCaptureSid(IN PSID InputSid,
|
|||
/* allocate a SID and copy it */
|
||||
NewSid = ExAllocatePool(PoolType,
|
||||
SidSize);
|
||||
if(NewSid != NULL)
|
||||
if (NewSid != NULL)
|
||||
{
|
||||
RtlCopyMemory(NewSid,
|
||||
Sid,
|
||||
|
@ -353,7 +353,7 @@ SepReleaseSid(IN PSID CapturedSid,
|
|||
{
|
||||
PAGED_CODE();
|
||||
|
||||
if(CapturedSid != NULL &&
|
||||
if (CapturedSid != NULL &&
|
||||
(AccessMode != KernelMode ||
|
||||
(AccessMode == KernelMode && CaptureIfKernel)))
|
||||
{
|
||||
|
|
|
@ -25,10 +25,12 @@ ERESOURCE SepTokenLock;
|
|||
TOKEN_SOURCE SeSystemTokenSource = {"*SYSTEM*", {0}};
|
||||
LUID SeSystemAuthenticationId = SYSTEM_LUID;
|
||||
|
||||
static GENERIC_MAPPING SepTokenMapping = {TOKEN_READ,
|
||||
static GENERIC_MAPPING SepTokenMapping = {
|
||||
TOKEN_READ,
|
||||
TOKEN_WRITE,
|
||||
TOKEN_EXECUTE,
|
||||
TOKEN_ALL_ACCESS};
|
||||
TOKEN_ALL_ACCESS
|
||||
};
|
||||
|
||||
static const INFORMATION_CLASS_INFO SeTokenInformationClass[] = {
|
||||
|
||||
|
@ -108,10 +110,11 @@ SepFreeProxyData(PVOID ProxyData)
|
|||
|
||||
NTSTATUS
|
||||
NTAPI
|
||||
SepCopyProxyData(PVOID* Dest, PVOID Src)
|
||||
SepCopyProxyData(PVOID* Dest,
|
||||
PVOID Src)
|
||||
{
|
||||
UNIMPLEMENTED;
|
||||
return(STATUS_NOT_IMPLEMENTED);
|
||||
return STATUS_NOT_IMPLEMENTED;
|
||||
}
|
||||
|
||||
NTSTATUS
|
||||
|
@ -170,7 +173,7 @@ RtlLengthSidAndAttributes(ULONG Count,
|
|||
for (i = 0; i < Count; i++)
|
||||
uLength += RtlLengthSid(Src[i].Sid);
|
||||
|
||||
return(uLength);
|
||||
return uLength;
|
||||
}
|
||||
|
||||
|
||||
|
@ -214,7 +217,7 @@ SepFindPrimaryGroupAndDefaultOwner(PTOKEN Token,
|
|||
return(STATUS_INVALID_PRIMARY_GROUP);
|
||||
}
|
||||
|
||||
return(STATUS_SUCCESS);
|
||||
return STATUS_SUCCESS;
|
||||
}
|
||||
|
||||
|
||||
|
@ -248,7 +251,7 @@ SepDuplicateToken(PTOKEN Token,
|
|||
if (!NT_SUCCESS(Status))
|
||||
{
|
||||
DPRINT1("ObCreateObject() failed (Status %lx)\n", Status);
|
||||
return(Status);
|
||||
return Status;
|
||||
}
|
||||
|
||||
/* Zero out the buffer */
|
||||
|
@ -258,14 +261,14 @@ SepDuplicateToken(PTOKEN Token,
|
|||
if (!NT_SUCCESS(Status))
|
||||
{
|
||||
ObDereferenceObject(AccessToken);
|
||||
return(Status);
|
||||
return Status;
|
||||
}
|
||||
|
||||
Status = ZwAllocateLocallyUniqueId(&AccessToken->ModifiedId);
|
||||
if (!NT_SUCCESS(Status))
|
||||
{
|
||||
ObDereferenceObject(AccessToken);
|
||||
return(Status);
|
||||
return Status;
|
||||
}
|
||||
|
||||
AccessToken->TokenLock = &SepTokenLock;
|
||||
|
@ -327,7 +330,7 @@ SepDuplicateToken(PTOKEN Token,
|
|||
Token->Privileges[i].Attributes;
|
||||
}
|
||||
|
||||
if ( Token->DefaultDacl )
|
||||
if (Token->DefaultDacl)
|
||||
{
|
||||
AccessToken->DefaultDacl =
|
||||
(PACL) ExAllocatePoolWithTag(PagedPool,
|
||||
|
@ -339,13 +342,13 @@ SepDuplicateToken(PTOKEN Token,
|
|||
}
|
||||
}
|
||||
|
||||
if ( NT_SUCCESS(Status) )
|
||||
if (NT_SUCCESS(Status))
|
||||
{
|
||||
*NewAccessToken = AccessToken;
|
||||
return(STATUS_SUCCESS);
|
||||
}
|
||||
|
||||
return(Status);
|
||||
return Status;
|
||||
}
|
||||
|
||||
NTSTATUS
|
||||
|
@ -447,10 +450,11 @@ SeCopyClientToken(IN PACCESS_TOKEN Token,
|
|||
PreviousMode,
|
||||
(PTOKEN*)NewToken);
|
||||
|
||||
return(Status);
|
||||
return Status;
|
||||
}
|
||||
|
||||
VOID NTAPI
|
||||
VOID
|
||||
NTAPI
|
||||
SepDeleteToken(PVOID ObjectBody)
|
||||
{
|
||||
PTOKEN AccessToken = (PTOKEN)ObjectBody;
|
||||
|
@ -577,11 +581,11 @@ SepCreateToken(OUT PHANDLE TokenHandle,
|
|||
|
||||
Status = ZwAllocateLocallyUniqueId(&TokenId);
|
||||
if (!NT_SUCCESS(Status))
|
||||
return(Status);
|
||||
return Status;
|
||||
|
||||
Status = ZwAllocateLocallyUniqueId(&ModifiedId);
|
||||
if (!NT_SUCCESS(Status))
|
||||
return(Status);
|
||||
return Status;
|
||||
|
||||
Status = ObCreateObject(PreviousMode,
|
||||
SepTokenObjectType,
|
||||
|
@ -595,7 +599,7 @@ SepCreateToken(OUT PHANDLE TokenHandle,
|
|||
if (!NT_SUCCESS(Status))
|
||||
{
|
||||
DPRINT1("ObCreateObject() failed (Status %lx)\n");
|
||||
return(Status);
|
||||
return Status;
|
||||
}
|
||||
|
||||
/* Zero out the buffer */
|
||||
|
@ -708,8 +712,7 @@ SepCreateToken(OUT PHANDLE TokenHandle,
|
|||
|
||||
if (!SystemToken)
|
||||
{
|
||||
|
||||
Status = ObInsertObject ((PVOID)AccessToken,
|
||||
Status = ObInsertObject((PVOID)AccessToken,
|
||||
NULL,
|
||||
DesiredAccess,
|
||||
0,
|
||||
|
@ -915,7 +918,8 @@ SeQuerySessionIdToken(IN PACCESS_TOKEN Token,
|
|||
/*
|
||||
* @implemented
|
||||
*/
|
||||
NTSTATUS NTAPI
|
||||
NTSTATUS
|
||||
NTAPI
|
||||
SeQueryAuthenticationIdToken(IN PACCESS_TOKEN Token,
|
||||
OUT PLUID LogonId)
|
||||
{
|
||||
|
@ -960,6 +964,7 @@ NTAPI
|
|||
SeTokenIsAdmin(IN PACCESS_TOKEN Token)
|
||||
{
|
||||
PAGED_CODE();
|
||||
|
||||
return (((PTOKEN)Token)->TokenFlags & TOKEN_WRITE_RESTRICTED) != 0;
|
||||
}
|
||||
|
||||
|
@ -971,6 +976,7 @@ NTAPI
|
|||
SeTokenIsRestricted(IN PACCESS_TOKEN Token)
|
||||
{
|
||||
PAGED_CODE();
|
||||
|
||||
return (((PTOKEN)Token)->TokenFlags & TOKEN_IS_RESTRICTED) != 0;
|
||||
}
|
||||
|
||||
|
@ -982,6 +988,7 @@ NTAPI
|
|||
SeTokenIsWriteRestricted(IN PACCESS_TOKEN Token)
|
||||
{
|
||||
PAGED_CODE();
|
||||
|
||||
return (((PTOKEN)Token)->TokenFlags & TOKEN_HAS_RESTORE_PRIVILEGE) != 0;
|
||||
}
|
||||
|
||||
|
@ -1020,8 +1027,7 @@ NtQueryInformationToken(IN HANDLE TokenHandle,
|
|||
ReturnLength,
|
||||
NULL,
|
||||
PreviousMode);
|
||||
|
||||
if(!NT_SUCCESS(Status))
|
||||
if (!NT_SUCCESS(Status))
|
||||
{
|
||||
DPRINT("NtQueryInformationToken() failed, Status: 0x%x\n", Status);
|
||||
return Status;
|
||||
|
@ -1047,7 +1053,7 @@ NtQueryInformationToken(IN HANDLE TokenHandle,
|
|||
|
||||
_SEH2_TRY
|
||||
{
|
||||
if(TokenInformationLength >= RequiredLength)
|
||||
if (TokenInformationLength >= RequiredLength)
|
||||
{
|
||||
Status = RtlCopySidAndAttributesArray(1,
|
||||
&Token->UserAndGroups[0],
|
||||
|
@ -1062,7 +1068,7 @@ NtQueryInformationToken(IN HANDLE TokenHandle,
|
|||
Status = STATUS_BUFFER_TOO_SMALL;
|
||||
}
|
||||
|
||||
if(ReturnLength != NULL)
|
||||
if (ReturnLength != NULL)
|
||||
{
|
||||
*ReturnLength = RequiredLength;
|
||||
}
|
||||
|
@ -1086,7 +1092,7 @@ NtQueryInformationToken(IN HANDLE TokenHandle,
|
|||
|
||||
_SEH2_TRY
|
||||
{
|
||||
if(TokenInformationLength >= RequiredLength)
|
||||
if (TokenInformationLength >= RequiredLength)
|
||||
{
|
||||
ULONG SidLen = RequiredLength - sizeof(tg->GroupCount) -
|
||||
((Token->UserAndGroupCount - 1) * sizeof(SID_AND_ATTRIBUTES));
|
||||
|
@ -1107,7 +1113,7 @@ NtQueryInformationToken(IN HANDLE TokenHandle,
|
|||
Status = STATUS_BUFFER_TOO_SMALL;
|
||||
}
|
||||
|
||||
if(ReturnLength != NULL)
|
||||
if (ReturnLength != NULL)
|
||||
{
|
||||
*ReturnLength = RequiredLength;
|
||||
}
|
||||
|
@ -1131,7 +1137,7 @@ NtQueryInformationToken(IN HANDLE TokenHandle,
|
|||
|
||||
_SEH2_TRY
|
||||
{
|
||||
if(TokenInformationLength >= RequiredLength)
|
||||
if (TokenInformationLength >= RequiredLength)
|
||||
{
|
||||
tp->PrivilegeCount = Token->PrivilegeCount;
|
||||
RtlCopyLuidAndAttributesArray(Token->PrivilegeCount,
|
||||
|
@ -1143,7 +1149,7 @@ NtQueryInformationToken(IN HANDLE TokenHandle,
|
|||
Status = STATUS_BUFFER_TOO_SMALL;
|
||||
}
|
||||
|
||||
if(ReturnLength != NULL)
|
||||
if (ReturnLength != NULL)
|
||||
{
|
||||
*ReturnLength = RequiredLength;
|
||||
}
|
||||
|
@ -1168,7 +1174,7 @@ NtQueryInformationToken(IN HANDLE TokenHandle,
|
|||
|
||||
_SEH2_TRY
|
||||
{
|
||||
if(TokenInformationLength >= RequiredLength)
|
||||
if (TokenInformationLength >= RequiredLength)
|
||||
{
|
||||
to->Owner = (PSID)(to + 1);
|
||||
Status = RtlCopySid(SidLen,
|
||||
|
@ -1180,7 +1186,7 @@ NtQueryInformationToken(IN HANDLE TokenHandle,
|
|||
Status = STATUS_BUFFER_TOO_SMALL;
|
||||
}
|
||||
|
||||
if(ReturnLength != NULL)
|
||||
if (ReturnLength != NULL)
|
||||
{
|
||||
*ReturnLength = RequiredLength;
|
||||
}
|
||||
|
@ -1205,7 +1211,7 @@ NtQueryInformationToken(IN HANDLE TokenHandle,
|
|||
|
||||
_SEH2_TRY
|
||||
{
|
||||
if(TokenInformationLength >= RequiredLength)
|
||||
if (TokenInformationLength >= RequiredLength)
|
||||
{
|
||||
tpg->PrimaryGroup = (PSID)(tpg + 1);
|
||||
Status = RtlCopySid(SidLen,
|
||||
|
@ -1217,7 +1223,7 @@ NtQueryInformationToken(IN HANDLE TokenHandle,
|
|||
Status = STATUS_BUFFER_TOO_SMALL;
|
||||
}
|
||||
|
||||
if(ReturnLength != NULL)
|
||||
if (ReturnLength != NULL)
|
||||
{
|
||||
*ReturnLength = RequiredLength;
|
||||
}
|
||||
|
@ -1238,16 +1244,16 @@ NtQueryInformationToken(IN HANDLE TokenHandle,
|
|||
DPRINT("NtQueryInformationToken(TokenDefaultDacl)\n");
|
||||
RequiredLength = sizeof(TOKEN_DEFAULT_DACL);
|
||||
|
||||
if(Token->DefaultDacl != NULL)
|
||||
if (Token->DefaultDacl != NULL)
|
||||
{
|
||||
RequiredLength += Token->DefaultDacl->AclSize;
|
||||
}
|
||||
|
||||
_SEH2_TRY
|
||||
{
|
||||
if(TokenInformationLength >= RequiredLength)
|
||||
if (TokenInformationLength >= RequiredLength)
|
||||
{
|
||||
if(Token->DefaultDacl != NULL)
|
||||
if (Token->DefaultDacl != NULL)
|
||||
{
|
||||
tdd->DefaultDacl = (PACL)(tdd + 1);
|
||||
RtlCopyMemory(tdd->DefaultDacl,
|
||||
|
@ -1264,7 +1270,7 @@ NtQueryInformationToken(IN HANDLE TokenHandle,
|
|||
Status = STATUS_BUFFER_TOO_SMALL;
|
||||
}
|
||||
|
||||
if(ReturnLength != NULL)
|
||||
if (ReturnLength != NULL)
|
||||
{
|
||||
*ReturnLength = RequiredLength;
|
||||
}
|
||||
|
@ -1287,7 +1293,7 @@ NtQueryInformationToken(IN HANDLE TokenHandle,
|
|||
|
||||
_SEH2_TRY
|
||||
{
|
||||
if(TokenInformationLength >= RequiredLength)
|
||||
if (TokenInformationLength >= RequiredLength)
|
||||
{
|
||||
*ts = Token->TokenSource;
|
||||
}
|
||||
|
@ -1296,7 +1302,7 @@ NtQueryInformationToken(IN HANDLE TokenHandle,
|
|||
Status = STATUS_BUFFER_TOO_SMALL;
|
||||
}
|
||||
|
||||
if(ReturnLength != NULL)
|
||||
if (ReturnLength != NULL)
|
||||
{
|
||||
*ReturnLength = RequiredLength;
|
||||
}
|
||||
|
@ -1319,7 +1325,7 @@ NtQueryInformationToken(IN HANDLE TokenHandle,
|
|||
|
||||
_SEH2_TRY
|
||||
{
|
||||
if(TokenInformationLength >= RequiredLength)
|
||||
if (TokenInformationLength >= RequiredLength)
|
||||
{
|
||||
*tt = Token->TokenType;
|
||||
}
|
||||
|
@ -1328,7 +1334,7 @@ NtQueryInformationToken(IN HANDLE TokenHandle,
|
|||
Status = STATUS_BUFFER_TOO_SMALL;
|
||||
}
|
||||
|
||||
if(ReturnLength != NULL)
|
||||
if (ReturnLength != NULL)
|
||||
{
|
||||
*ReturnLength = RequiredLength;
|
||||
}
|
||||
|
@ -1359,7 +1365,7 @@ NtQueryInformationToken(IN HANDLE TokenHandle,
|
|||
|
||||
_SEH2_TRY
|
||||
{
|
||||
if(TokenInformationLength >= RequiredLength)
|
||||
if (TokenInformationLength >= RequiredLength)
|
||||
{
|
||||
*sil = Token->ImpersonationLevel;
|
||||
}
|
||||
|
@ -1368,7 +1374,7 @@ NtQueryInformationToken(IN HANDLE TokenHandle,
|
|||
Status = STATUS_BUFFER_TOO_SMALL;
|
||||
}
|
||||
|
||||
if(ReturnLength != NULL)
|
||||
if (ReturnLength != NULL)
|
||||
{
|
||||
*ReturnLength = RequiredLength;
|
||||
}
|
||||
|
@ -1391,7 +1397,7 @@ NtQueryInformationToken(IN HANDLE TokenHandle,
|
|||
|
||||
_SEH2_TRY
|
||||
{
|
||||
if(TokenInformationLength >= RequiredLength)
|
||||
if (TokenInformationLength >= RequiredLength)
|
||||
{
|
||||
ts->TokenId = Token->TokenId;
|
||||
ts->AuthenticationId = Token->AuthenticationId;
|
||||
|
@ -1409,7 +1415,7 @@ NtQueryInformationToken(IN HANDLE TokenHandle,
|
|||
Status = STATUS_BUFFER_TOO_SMALL;
|
||||
}
|
||||
|
||||
if(ReturnLength != NULL)
|
||||
if (ReturnLength != NULL)
|
||||
{
|
||||
*ReturnLength = RequiredLength;
|
||||
}
|
||||
|
@ -1432,7 +1438,7 @@ NtQueryInformationToken(IN HANDLE TokenHandle,
|
|||
|
||||
_SEH2_TRY
|
||||
{
|
||||
if(TokenInformationLength >= RequiredLength)
|
||||
if (TokenInformationLength >= RequiredLength)
|
||||
{
|
||||
RtlCopyLuid(&to->OriginatingLogonSession,
|
||||
&Token->AuthenticationId);
|
||||
|
@ -1442,7 +1448,7 @@ NtQueryInformationToken(IN HANDLE TokenHandle,
|
|||
Status = STATUS_BUFFER_TOO_SMALL;
|
||||
}
|
||||
|
||||
if(ReturnLength != NULL)
|
||||
if (ReturnLength != NULL)
|
||||
{
|
||||
*ReturnLength = RequiredLength;
|
||||
}
|
||||
|
@ -1471,7 +1477,7 @@ NtQueryInformationToken(IN HANDLE TokenHandle,
|
|||
|
||||
_SEH2_TRY
|
||||
{
|
||||
if(TokenInformationLength >= RequiredLength)
|
||||
if (TokenInformationLength >= RequiredLength)
|
||||
{
|
||||
ULONG SidLen = RequiredLength - sizeof(tg->GroupCount) -
|
||||
(Token->RestrictedSidCount * sizeof(SID_AND_ATTRIBUTES));
|
||||
|
@ -1492,7 +1498,7 @@ NtQueryInformationToken(IN HANDLE TokenHandle,
|
|||
Status = STATUS_BUFFER_TOO_SMALL;
|
||||
}
|
||||
|
||||
if(ReturnLength != NULL)
|
||||
if (ReturnLength != NULL)
|
||||
{
|
||||
*ReturnLength = RequiredLength;
|
||||
}
|
||||
|
@ -1520,14 +1526,14 @@ NtQueryInformationToken(IN HANDLE TokenHandle,
|
|||
Status = SeQuerySessionIdToken(Token,
|
||||
&SessionId);
|
||||
|
||||
if(NT_SUCCESS(Status))
|
||||
if (NT_SUCCESS(Status))
|
||||
{
|
||||
_SEH2_TRY
|
||||
{
|
||||
/* buffer size was already verified, no need to check here again */
|
||||
*(PULONG)TokenInformation = SessionId;
|
||||
|
||||
if(ReturnLength != NULL)
|
||||
if (ReturnLength != NULL)
|
||||
{
|
||||
*ReturnLength = sizeof(ULONG);
|
||||
}
|
||||
|
@ -1551,7 +1557,7 @@ NtQueryInformationToken(IN HANDLE TokenHandle,
|
|||
ObDereferenceObject(Token);
|
||||
}
|
||||
|
||||
return(Status);
|
||||
return Status;
|
||||
}
|
||||
|
||||
|
||||
|
@ -1582,15 +1588,14 @@ NtSetInformationToken(IN HANDLE TokenHandle,
|
|||
TokenInformation,
|
||||
TokenInformationLength,
|
||||
PreviousMode);
|
||||
|
||||
if(!NT_SUCCESS(Status))
|
||||
if (!NT_SUCCESS(Status))
|
||||
{
|
||||
/* Invalid buffers */
|
||||
DPRINT("NtSetInformationToken() failed, Status: 0x%x\n", Status);
|
||||
return Status;
|
||||
}
|
||||
|
||||
if(TokenInformationClass == TokenSessionId)
|
||||
if (TokenInformationClass == TokenSessionId)
|
||||
{
|
||||
NeededAccess |= TOKEN_ADJUST_SESSIONID;
|
||||
}
|
||||
|
@ -1607,7 +1612,7 @@ NtSetInformationToken(IN HANDLE TokenHandle,
|
|||
{
|
||||
case TokenOwner:
|
||||
{
|
||||
if(TokenInformationLength >= sizeof(TOKEN_OWNER))
|
||||
if (TokenInformationLength >= sizeof(TOKEN_OWNER))
|
||||
{
|
||||
PTOKEN_OWNER to = (PTOKEN_OWNER)TokenInformation;
|
||||
PSID InputSid = NULL, CapturedSid;
|
||||
|
@ -1627,7 +1632,7 @@ NtSetInformationToken(IN HANDLE TokenHandle,
|
|||
PagedPool,
|
||||
FALSE,
|
||||
&CapturedSid);
|
||||
if(NT_SUCCESS(Status))
|
||||
if (NT_SUCCESS(Status))
|
||||
{
|
||||
RtlCopySid(RtlLengthSid(CapturedSid),
|
||||
Token->UserAndGroups[Token->DefaultOwnerIndex].Sid,
|
||||
|
@ -1646,7 +1651,7 @@ NtSetInformationToken(IN HANDLE TokenHandle,
|
|||
|
||||
case TokenPrimaryGroup:
|
||||
{
|
||||
if(TokenInformationLength >= sizeof(TOKEN_PRIMARY_GROUP))
|
||||
if (TokenInformationLength >= sizeof(TOKEN_PRIMARY_GROUP))
|
||||
{
|
||||
PTOKEN_PRIMARY_GROUP tpg = (PTOKEN_PRIMARY_GROUP)TokenInformation;
|
||||
PSID InputSid = NULL, CapturedSid;
|
||||
|
@ -1666,7 +1671,7 @@ NtSetInformationToken(IN HANDLE TokenHandle,
|
|||
PagedPool,
|
||||
FALSE,
|
||||
&CapturedSid);
|
||||
if(NT_SUCCESS(Status))
|
||||
if (NT_SUCCESS(Status))
|
||||
{
|
||||
RtlCopySid(RtlLengthSid(CapturedSid),
|
||||
Token->PrimaryGroup,
|
||||
|
@ -1685,7 +1690,7 @@ NtSetInformationToken(IN HANDLE TokenHandle,
|
|||
|
||||
case TokenDefaultDacl:
|
||||
{
|
||||
if(TokenInformationLength >= sizeof(TOKEN_DEFAULT_DACL))
|
||||
if (TokenInformationLength >= sizeof(TOKEN_DEFAULT_DACL))
|
||||
{
|
||||
PTOKEN_DEFAULT_DACL tdd = (PTOKEN_DEFAULT_DACL)TokenInformation;
|
||||
PACL InputAcl = NULL;
|
||||
|
@ -1700,7 +1705,7 @@ NtSetInformationToken(IN HANDLE TokenHandle,
|
|||
}
|
||||
_SEH2_END;
|
||||
|
||||
if(InputAcl != NULL)
|
||||
if (InputAcl != NULL)
|
||||
{
|
||||
PACL CapturedAcl;
|
||||
|
||||
|
@ -1710,7 +1715,7 @@ NtSetInformationToken(IN HANDLE TokenHandle,
|
|||
PagedPool,
|
||||
TRUE,
|
||||
&CapturedAcl);
|
||||
if(NT_SUCCESS(Status))
|
||||
if (NT_SUCCESS(Status))
|
||||
{
|
||||
/* free the previous dacl if present */
|
||||
if(Token->DefaultDacl != NULL)
|
||||
|
@ -1725,7 +1730,7 @@ NtSetInformationToken(IN HANDLE TokenHandle,
|
|||
else
|
||||
{
|
||||
/* clear and free the default dacl if present */
|
||||
if(Token->DefaultDacl != NULL)
|
||||
if (Token->DefaultDacl != NULL)
|
||||
{
|
||||
ExFreePool(Token->DefaultDacl);
|
||||
Token->DefaultDacl = NULL;
|
||||
|
@ -1754,7 +1759,7 @@ NtSetInformationToken(IN HANDLE TokenHandle,
|
|||
}
|
||||
_SEH2_END;
|
||||
|
||||
if(!SeSinglePrivilegeCheck(SeTcbPrivilege,
|
||||
if (!SeSinglePrivilegeCheck(SeTcbPrivilege,
|
||||
PreviousMode))
|
||||
{
|
||||
Status = STATUS_PRIVILEGE_NOT_HELD;
|
||||
|
@ -1775,7 +1780,7 @@ NtSetInformationToken(IN HANDLE TokenHandle,
|
|||
ObDereferenceObject(Token);
|
||||
}
|
||||
|
||||
return(Status);
|
||||
return Status;
|
||||
}
|
||||
|
||||
|
||||
|
@ -1827,7 +1832,7 @@ NtDuplicateToken(IN HANDLE ExistingTokenHandle,
|
|||
FALSE,
|
||||
&CapturedSecurityQualityOfService,
|
||||
&QoSPresent);
|
||||
if(!NT_SUCCESS(Status))
|
||||
if (!NT_SUCCESS(Status))
|
||||
{
|
||||
DPRINT1("NtDuplicateToken() failed to capture QoS! Status: 0x%x\n", Status);
|
||||
return Status;
|
||||
|
@ -1899,7 +1904,7 @@ NtAdjustGroupsToken(IN HANDLE TokenHandle,
|
|||
* @implemented
|
||||
*/
|
||||
NTSTATUS NTAPI
|
||||
NtAdjustPrivilegesToken (IN HANDLE TokenHandle,
|
||||
NtAdjustPrivilegesToken(IN HANDLE TokenHandle,
|
||||
IN BOOLEAN DisableAllPrivileges,
|
||||
IN PTOKEN_PRIVILEGES NewState,
|
||||
IN ULONG BufferLength,
|
||||
|
@ -1997,6 +2002,7 @@ NtAdjustPrivilegesToken (IN HANDLE TokenHandle,
|
|||
* accordingly and fail.
|
||||
*/
|
||||
}
|
||||
|
||||
k++;
|
||||
}
|
||||
|
||||
|
@ -2004,6 +2010,7 @@ NtAdjustPrivilegesToken (IN HANDLE TokenHandle,
|
|||
Token->Privileges[i].Attributes &= ~SE_PRIVILEGE_ENABLED;
|
||||
}
|
||||
}
|
||||
|
||||
Status = STATUS_SUCCESS;
|
||||
}
|
||||
else
|
||||
|
@ -2042,6 +2049,7 @@ NtAdjustPrivilegesToken (IN HANDLE TokenHandle,
|
|||
* accordingly and fail.
|
||||
*/
|
||||
}
|
||||
|
||||
k++;
|
||||
}
|
||||
|
||||
|
@ -2052,10 +2060,12 @@ NtAdjustPrivilegesToken (IN HANDLE TokenHandle,
|
|||
DPRINT ("New attributes %lx\n",
|
||||
Token->Privileges[i].Attributes);
|
||||
}
|
||||
|
||||
Count++;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
Status = Count < NewState->PrivilegeCount ? STATUS_NOT_ALL_ASSIGNED : STATUS_SUCCESS;
|
||||
}
|
||||
|
||||
|
@ -2102,7 +2112,7 @@ NtCreateToken(OUT PHANDLE TokenHandle,
|
|||
|
||||
PreviousMode = ExGetPreviousMode();
|
||||
|
||||
if(PreviousMode != KernelMode)
|
||||
if (PreviousMode != KernelMode)
|
||||
{
|
||||
_SEH2_TRY
|
||||
{
|
||||
|
@ -2324,7 +2334,7 @@ NtOpenThreadTokenEx(IN HANDLE ThreadHandle,
|
|||
|
||||
if (CopyOnOpen && NewThread) ObDereferenceObject(NewThread);
|
||||
|
||||
if(NT_SUCCESS(Status))
|
||||
if (NT_SUCCESS(Status))
|
||||
{
|
||||
_SEH2_TRY
|
||||
{
|
||||
|
|
Loading…
Reference in a new issue