5 commits

Author	SHA1	Message	Date
unknown	310563aece	[NTOS:SE] Let SepGetSidFromAce figure out the ACE type ... As the commit title says. Instead of having the caller figuring out what the ACE type should be of the ACE.	2023-08-23 17:54:47 +02:00
George Bișoc	5f3fab72a9	[NTOS:SE] Implement SepDumpAccessAndStatusList ... This function will dump all the access status and granted access rights of each object list of a list whenever an access check by type (or by type result list) fails. This is for debugging purposes.	2023-08-22 17:54:17 +02:00
George Bișoc	b284e82f47	[NTOS:SE] Do not allocate memory pool just for the access rights ... Access check is an expensive operation, that is, whenever an access to an object is performed an access check has to be done to ensure the access can be allowed to the calling thread who attempts to access such object. Currently SepAnalyzeAcesFromDacl allocates a block of pool memory for access check rights, nagging the Memory Manager like a desperate naughty creep. So instead initialize the access rights as a simple variable in SepAccessCheck and pass it out as an address to SepAnalyzeAcesFromDacl so that the function will fill it up with access rights. This helps with performance, avoiding wasting a few bits of memory just to hold these access rights. In addition to that, add a few asserts and fix the copyright header on both se.h and accesschk.c, to reflect the Coding Style rules.	2023-03-07 17:50:39 +01:00
George Bișoc	a804ba3200	[NTOS:SE] Print debug output only if NDEBUG is not defined ... This mutes a lot of debug spam that fills up the debugger when an access check fails because a requestor doesn't have enough privileges to access an object.	2023-03-06 20:03:44 +01:00
George Bișoc	caa3571cd7	[NTOS:SE] Implement security debug facility routines ... debug.c will serve as a centralized facility for security debugging routines and everything related to that. This file will be expanded with further debug functions for the Security subsystem if needed.	2022-11-08 18:24:37 +01:00