mirror of
https://github.com/reactos/reactos.git
synced 2025-01-01 03:54:02 +00:00
4d494caf61
- Overhaul SepCreateToken() and SepDuplicateToken() so that they implement the "variable information area" of the token, where immutable lists of user & groups and privileges reside, and the "dynamic information area" (allocated separately in paged pool), where mutable data such as the token's default DACL is stored. Perform the necessary adaptations in SepDeleteToken() and in NtSetInformationToken(). - Actually dereference the token's logon session, when needed, in the 'TokenSessionReference' case in NtSetInformationToken(). - Overhaul SepFindPrimaryGroupAndDefaultOwner() so that it returns the indices of candidate primary group and default owner within the token's user & groups array. This allows for fixing the 'TokenOwner' and 'TokenPrimaryGroup' cases of NtSetInformationToken(), since the owner or primary group being set *MUST* already exist in the token's user & groups array (as a by-product, memory corruptions that existed before due to the broken way of setting these properties disappear too). - Lock tokens every time operations are performed on them (NOTE: we still use a global token lock!). - Touch the ModifiedId LUID member of tokens everytime a write operation (property change, etc...) is made on them. - Fix some group attributes in the SYSTEM process token, SepCreateSystemProcessToken(). - Make the SeCreateTokenPrivilege mandatory when calling NtCreateToken(). - Update the token pool tags. - Explicitly use the Ex*ResourceLite() versions of the locking functions in the token locking macros.
522 lines
11 KiB
C
522 lines
11 KiB
C
/*++ NDK Version: 0098
|
|
|
|
Copyright (c) Alex Ionescu. All rights reserved.
|
|
|
|
Header Name:
|
|
|
|
sefuncs.h
|
|
|
|
Abstract:
|
|
|
|
Function definitions for the security manager.
|
|
|
|
Author:
|
|
|
|
Alex Ionescu (alexi@tinykrnl.org) - Updated - 27-Feb-2006
|
|
|
|
--*/
|
|
|
|
#ifndef _SEFUNCS_H
|
|
#define _SEFUNCS_H
|
|
|
|
//
|
|
// Dependencies
|
|
//
|
|
#include <umtypes.h>
|
|
|
|
#ifndef NTOS_MODE_USER
|
|
|
|
//
|
|
// Security Descriptors
|
|
//
|
|
NTKERNELAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
SeCaptureSecurityDescriptor(
|
|
_In_ PSECURITY_DESCRIPTOR OriginalSecurityDescriptor,
|
|
_In_ KPROCESSOR_MODE CurrentMode,
|
|
_In_ POOL_TYPE PoolType,
|
|
_In_ BOOLEAN CaptureIfKernel,
|
|
_Out_ PSECURITY_DESCRIPTOR *CapturedSecurityDescriptor
|
|
);
|
|
|
|
NTKERNELAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
SeReleaseSecurityDescriptor(
|
|
_In_ PSECURITY_DESCRIPTOR CapturedSecurityDescriptor,
|
|
_In_ KPROCESSOR_MODE CurrentMode,
|
|
_In_ BOOLEAN CaptureIfKernelMode
|
|
);
|
|
|
|
//
|
|
// Access States
|
|
//
|
|
NTKERNELAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
SeCreateAccessState(
|
|
PACCESS_STATE AccessState,
|
|
PAUX_ACCESS_DATA AuxData,
|
|
ACCESS_MASK Access,
|
|
PGENERIC_MAPPING GenericMapping
|
|
);
|
|
|
|
NTKERNELAPI
|
|
VOID
|
|
NTAPI
|
|
SeDeleteAccessState(
|
|
_In_ PACCESS_STATE AccessState
|
|
);
|
|
|
|
//
|
|
// Impersonation
|
|
//
|
|
NTKERNELAPI
|
|
SECURITY_IMPERSONATION_LEVEL
|
|
NTAPI
|
|
SeTokenImpersonationLevel(
|
|
_In_ PACCESS_TOKEN Token
|
|
);
|
|
|
|
#endif
|
|
|
|
//
|
|
// Native Calls
|
|
//
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtAccessCheck(
|
|
_In_ PSECURITY_DESCRIPTOR SecurityDescriptor,
|
|
_In_ HANDLE ClientToken,
|
|
_In_ ACCESS_MASK DesiredAccess,
|
|
_In_ PGENERIC_MAPPING GenericMapping,
|
|
_Out_ PPRIVILEGE_SET PrivilegeSet,
|
|
_Out_ PULONG ReturnLength,
|
|
_Out_ PACCESS_MASK GrantedAccess,
|
|
_Out_ PNTSTATUS AccessStatus
|
|
);
|
|
|
|
NTSTATUS
|
|
NTAPI
|
|
NtAccessCheckByType(
|
|
_In_ PSECURITY_DESCRIPTOR SecurityDescriptor,
|
|
_In_ PSID PrincipalSelfSid,
|
|
_In_ HANDLE ClientToken,
|
|
_In_ ACCESS_MASK DesiredAccess,
|
|
_In_ POBJECT_TYPE_LIST ObjectTypeList,
|
|
_In_ ULONG ObjectTypeLength,
|
|
_In_ PGENERIC_MAPPING GenericMapping,
|
|
_In_ PPRIVILEGE_SET PrivilegeSet,
|
|
_Inout_ PULONG PrivilegeSetLength,
|
|
_Out_ PACCESS_MASK GrantedAccess,
|
|
_Out_ PNTSTATUS AccessStatus
|
|
);
|
|
|
|
NTSTATUS
|
|
NTAPI
|
|
NtAccessCheckByTypeResultList(
|
|
_In_ PSECURITY_DESCRIPTOR SecurityDescriptor,
|
|
_In_ PSID PrincipalSelfSid,
|
|
_In_ HANDLE ClientToken,
|
|
_In_ ACCESS_MASK DesiredAccess,
|
|
_In_ POBJECT_TYPE_LIST ObjectTypeList,
|
|
_In_ ULONG ObjectTypeLength,
|
|
_In_ PGENERIC_MAPPING GenericMapping,
|
|
_In_ PPRIVILEGE_SET PrivilegeSet,
|
|
_Inout_ PULONG PrivilegeSetLength,
|
|
_Out_ PACCESS_MASK GrantedAccess,
|
|
_Out_ PNTSTATUS AccessStatus
|
|
);
|
|
|
|
_Must_inspect_result_
|
|
__kernel_entry NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtAccessCheckAndAuditAlarm(
|
|
_In_ PUNICODE_STRING SubsystemName,
|
|
_In_opt_ PVOID HandleId,
|
|
_In_ PUNICODE_STRING ObjectTypeName,
|
|
_In_ PUNICODE_STRING ObjectName,
|
|
_In_ PSECURITY_DESCRIPTOR SecurityDescriptor,
|
|
_In_ ACCESS_MASK DesiredAccess,
|
|
_In_ PGENERIC_MAPPING GenericMapping,
|
|
_In_ BOOLEAN ObjectCreation,
|
|
_Out_ PACCESS_MASK GrantedAccess,
|
|
_Out_ PNTSTATUS AccessStatus,
|
|
_Out_ PBOOLEAN GenerateOnClose
|
|
);
|
|
|
|
_Must_inspect_result_
|
|
__kernel_entry
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtAdjustGroupsToken(
|
|
_In_ HANDLE TokenHandle,
|
|
_In_ BOOLEAN ResetToDefault,
|
|
_In_opt_ PTOKEN_GROUPS NewState,
|
|
_In_opt_ ULONG BufferLength,
|
|
_Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_GROUPS PreviousState,
|
|
_Out_ PULONG ReturnLength
|
|
);
|
|
|
|
_Must_inspect_result_
|
|
__kernel_entry
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtAdjustPrivilegesToken(
|
|
_In_ HANDLE TokenHandle,
|
|
_In_ BOOLEAN DisableAllPrivileges,
|
|
_In_opt_ PTOKEN_PRIVILEGES NewState,
|
|
_In_ ULONG BufferLength,
|
|
_Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_PRIVILEGES PreviousState,
|
|
_When_(PreviousState != NULL, _Out_) PULONG ReturnLength
|
|
);
|
|
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtAllocateLocallyUniqueId(
|
|
_Out_ LUID *LocallyUniqueId
|
|
);
|
|
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtAllocateUuids(
|
|
PULARGE_INTEGER Time,
|
|
PULONG Range,
|
|
PULONG Sequence,
|
|
PUCHAR Seed
|
|
);
|
|
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtCompareTokens(
|
|
_In_ HANDLE FirstTokenHandle,
|
|
_In_ HANDLE SecondTokenHandle,
|
|
_Out_ PBOOLEAN Equal);
|
|
|
|
__kernel_entry
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtCreateToken(
|
|
_Out_ PHANDLE TokenHandle,
|
|
_In_ ACCESS_MASK DesiredAccess,
|
|
_In_opt_ POBJECT_ATTRIBUTES ObjectAttributes,
|
|
_In_ TOKEN_TYPE TokenType,
|
|
_In_ PLUID AuthenticationId,
|
|
_In_ PLARGE_INTEGER ExpirationTime,
|
|
_In_ PTOKEN_USER TokenUser,
|
|
_In_ PTOKEN_GROUPS TokenGroups,
|
|
_In_ PTOKEN_PRIVILEGES TokenPrivileges,
|
|
_In_opt_ PTOKEN_OWNER TokenOwner,
|
|
_In_ PTOKEN_PRIMARY_GROUP TokenPrimaryGroup,
|
|
_In_opt_ PTOKEN_DEFAULT_DACL TokenDefaultDacl,
|
|
_In_ PTOKEN_SOURCE TokenSource
|
|
);
|
|
|
|
_Must_inspect_result_
|
|
__kernel_entry
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtDuplicateToken(
|
|
_In_ HANDLE ExistingTokenHandle,
|
|
_In_ ACCESS_MASK DesiredAccess,
|
|
_In_opt_ POBJECT_ATTRIBUTES ObjectAttributes,
|
|
_In_ BOOLEAN EffectiveOnly,
|
|
_In_ TOKEN_TYPE TokenType,
|
|
_Out_ PHANDLE NewTokenHandle
|
|
);
|
|
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtImpersonateAnonymousToken(
|
|
_In_ HANDLE Thread
|
|
);
|
|
|
|
__kernel_entry
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtOpenObjectAuditAlarm(
|
|
_In_ PUNICODE_STRING SubsystemName,
|
|
_In_opt_ PVOID HandleId,
|
|
_In_ PUNICODE_STRING ObjectTypeName,
|
|
_In_ PUNICODE_STRING ObjectName,
|
|
_In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor,
|
|
_In_ HANDLE ClientToken,
|
|
_In_ ACCESS_MASK DesiredAccess,
|
|
_In_ ACCESS_MASK GrantedAccess,
|
|
_In_opt_ PPRIVILEGE_SET Privileges,
|
|
_In_ BOOLEAN ObjectCreation,
|
|
_In_ BOOLEAN AccessGranted,
|
|
_Out_ PBOOLEAN GenerateOnClose
|
|
);
|
|
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtOpenProcessTokenEx(
|
|
_In_ HANDLE ProcessHandle,
|
|
_In_ ACCESS_MASK DesiredAccess,
|
|
_In_ ULONG HandleAttributes,
|
|
_Out_ PHANDLE TokenHandle
|
|
);
|
|
|
|
_Must_inspect_result_
|
|
__kernel_entry
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtPrivilegeCheck(
|
|
_In_ HANDLE ClientToken,
|
|
_Inout_ PPRIVILEGE_SET RequiredPrivileges,
|
|
_Out_ PBOOLEAN Result
|
|
);
|
|
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtPrivilegedServiceAuditAlarm(
|
|
_In_ PUNICODE_STRING SubsystemName,
|
|
_In_ PUNICODE_STRING ServiceName,
|
|
_In_ HANDLE ClientToken,
|
|
_In_ PPRIVILEGE_SET Privileges,
|
|
_In_ BOOLEAN AccessGranted
|
|
);
|
|
|
|
__kernel_entry
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtPrivilegeObjectAuditAlarm(
|
|
_In_ PUNICODE_STRING SubsystemName,
|
|
_In_opt_ PVOID HandleId,
|
|
_In_ HANDLE ClientToken,
|
|
_In_ ACCESS_MASK DesiredAccess,
|
|
_In_ PPRIVILEGE_SET Privileges,
|
|
_In_ BOOLEAN AccessGranted
|
|
);
|
|
|
|
_When_(TokenInformationClass == TokenAccessInformation,
|
|
_At_(TokenInformationLength, _In_range_(>=, sizeof(TOKEN_ACCESS_INFORMATION))))
|
|
_Must_inspect_result_
|
|
__kernel_entry
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtQueryInformationToken(
|
|
_In_ HANDLE TokenHandle,
|
|
_In_ TOKEN_INFORMATION_CLASS TokenInformationClass,
|
|
_Out_writes_bytes_to_opt_(TokenInformationLength, *ReturnLength) PVOID TokenInformation,
|
|
_In_ ULONG TokenInformationLength,
|
|
_Out_ PULONG ReturnLength
|
|
);
|
|
|
|
_Must_inspect_result_
|
|
__kernel_entry
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtSetInformationToken(
|
|
_In_ HANDLE TokenHandle,
|
|
_In_ TOKEN_INFORMATION_CLASS TokenInformationClass,
|
|
_In_reads_bytes_(TokenInformationLength) PVOID TokenInformation,
|
|
_In_ ULONG TokenInformationLength
|
|
);
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwAccessCheck(
|
|
_In_ PSECURITY_DESCRIPTOR SecurityDescriptor,
|
|
_In_ HANDLE ClientToken,
|
|
_In_ ACCESS_MASK DesiredAccess,
|
|
_In_ PGENERIC_MAPPING GenericMapping,
|
|
_Out_ PPRIVILEGE_SET PrivilegeSet,
|
|
_Out_ PULONG ReturnLength,
|
|
_Out_ PACCESS_MASK GrantedAccess,
|
|
_Out_ PNTSTATUS AccessStatus
|
|
);
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwAdjustGroupsToken(
|
|
_In_ HANDLE TokenHandle,
|
|
_In_ BOOLEAN ResetToDefault,
|
|
_In_ PTOKEN_GROUPS NewState,
|
|
_In_ ULONG BufferLength,
|
|
_Out_opt_ PTOKEN_GROUPS PreviousState,
|
|
_Out_ PULONG ReturnLength
|
|
);
|
|
|
|
_Must_inspect_result_
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwAdjustPrivilegesToken(
|
|
_In_ HANDLE TokenHandle,
|
|
_In_ BOOLEAN DisableAllPrivileges,
|
|
_In_opt_ PTOKEN_PRIVILEGES NewState,
|
|
_In_ ULONG BufferLength,
|
|
_Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_PRIVILEGES PreviousState,
|
|
_When_(PreviousState != NULL, _Out_) PULONG ReturnLength
|
|
);
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwAllocateLocallyUniqueId(
|
|
_Out_ LUID *LocallyUniqueId
|
|
);
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwAllocateUuids(
|
|
PULARGE_INTEGER Time,
|
|
PULONG Range,
|
|
PULONG Sequence,
|
|
PUCHAR Seed
|
|
);
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwCreateToken(
|
|
_Out_ PHANDLE TokenHandle,
|
|
_In_ ACCESS_MASK DesiredAccess,
|
|
_In_ POBJECT_ATTRIBUTES ObjectAttributes,
|
|
_In_ TOKEN_TYPE TokenType,
|
|
_In_ PLUID AuthenticationId,
|
|
_In_ PLARGE_INTEGER ExpirationTime,
|
|
_In_ PTOKEN_USER TokenUser,
|
|
_In_ PTOKEN_GROUPS TokenGroups,
|
|
_In_ PTOKEN_PRIVILEGES TokenPrivileges,
|
|
_In_ PTOKEN_OWNER TokenOwner,
|
|
_In_ PTOKEN_PRIMARY_GROUP TokenPrimaryGroup,
|
|
_In_ PTOKEN_DEFAULT_DACL TokenDefaultDacl,
|
|
_In_ PTOKEN_SOURCE TokenSource
|
|
);
|
|
|
|
_IRQL_requires_max_(PASSIVE_LEVEL)
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwDuplicateToken(
|
|
_In_ HANDLE ExistingTokenHandle,
|
|
_In_ ACCESS_MASK DesiredAccess,
|
|
_In_opt_ POBJECT_ATTRIBUTES ObjectAttributes,
|
|
_In_ BOOLEAN EffectiveOnly,
|
|
_In_ TOKEN_TYPE TokenType,
|
|
_Out_ PHANDLE NewTokenHandle
|
|
);
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwImpersonateAnonymousToken(
|
|
_In_ HANDLE Thread
|
|
);
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwOpenObjectAuditAlarm(
|
|
_In_ PUNICODE_STRING SubsystemName,
|
|
_In_ PVOID HandleId,
|
|
_In_ PUNICODE_STRING ObjectTypeName,
|
|
_In_ PUNICODE_STRING ObjectName,
|
|
_In_ PSECURITY_DESCRIPTOR SecurityDescriptor,
|
|
_In_ HANDLE ClientToken,
|
|
_In_ ULONG DesiredAccess,
|
|
_In_ ULONG GrantedAccess,
|
|
_In_ PPRIVILEGE_SET Privileges,
|
|
_In_ BOOLEAN ObjectCreation,
|
|
_In_ BOOLEAN AccessGranted,
|
|
_Out_ PBOOLEAN GenerateOnClose
|
|
);
|
|
|
|
_IRQL_requires_max_(PASSIVE_LEVEL)
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwOpenProcessToken(
|
|
_In_ HANDLE ProcessHandle,
|
|
_In_ ACCESS_MASK DesiredAccess,
|
|
_Out_ PHANDLE TokenHandle
|
|
);
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwOpenProcessTokenEx(
|
|
_In_ HANDLE ProcessHandle,
|
|
_In_ ACCESS_MASK DesiredAccess,
|
|
_In_ ULONG HandleAttributes,
|
|
_Out_ PHANDLE TokenHandle
|
|
);
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwPrivilegeCheck(
|
|
_In_ HANDLE ClientToken,
|
|
_In_ PPRIVILEGE_SET RequiredPrivileges,
|
|
_In_ PBOOLEAN Result
|
|
);
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwPrivilegedServiceAuditAlarm(
|
|
_In_ PUNICODE_STRING SubsystemName,
|
|
_In_ PUNICODE_STRING ServiceName,
|
|
_In_ HANDLE ClientToken,
|
|
_In_ PPRIVILEGE_SET Privileges,
|
|
_In_ BOOLEAN AccessGranted
|
|
);
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwPrivilegeObjectAuditAlarm(
|
|
_In_ PUNICODE_STRING SubsystemName,
|
|
_In_ PVOID HandleId,
|
|
_In_ HANDLE ClientToken,
|
|
_In_ ULONG DesiredAccess,
|
|
_In_ PPRIVILEGE_SET Privileges,
|
|
_In_ BOOLEAN AccessGranted
|
|
);
|
|
|
|
_IRQL_requires_max_(PASSIVE_LEVEL)
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwQueryInformationToken(
|
|
_In_ HANDLE TokenHandle,
|
|
_In_ TOKEN_INFORMATION_CLASS TokenInformationClass,
|
|
_Out_writes_bytes_to_opt_(Length,*ResultLength) PVOID TokenInformation,
|
|
_In_ ULONG Length,
|
|
_Out_ PULONG ResultLength
|
|
);
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwSetInformationToken(
|
|
_In_ HANDLE TokenHandle,
|
|
_In_ TOKEN_INFORMATION_CLASS TokenInformationClass,
|
|
_Out_ PVOID TokenInformation,
|
|
_In_ ULONG TokenInformationLength
|
|
);
|
|
#endif
|