token.c File Reference

#include "sep.h"
#include "sertlp.h"
#include <zwapi.h>
#include "tokenp.h"

Go to the source code of this file.

Functions
TOKEN_TYPE	SeTokenType (IN PACCESS_TOKEN Token)
NTKERNELAPI BOOLEAN	SeTokenIsAdmin (IN PACCESS_TOKEN Token)
NTKERNELAPI BOOLEAN	SeTokenIsRestricted (IN PACCESS_TOKEN Token)
SECURITY_IMPERSONATION_LEVEL	SeTokenImpersonationLevel (IN PACCESS_TOKEN Token)
VOID	SeAssignPrimaryToken (IN PEPROCESS Process, IN PACCESS_TOKEN Token)
VOID	SeDeassignPrimaryToken (IN PEPROCESS Process)
NTSTATUS	SeExchangePrimaryToken (IN PEPROCESS Process, IN PACCESS_TOKEN NewAccessToken, OUT PACCESS_TOKEN *OldAccessToken)
VOID	SeGetTokenControlInformation (IN PACCESS_TOKEN Token, OUT PTOKEN_CONTROL TokenControl)
PACCESS_TOKEN	SeMakeSystemToken ()
PACCESS_TOKEN	SeMakeAnonymousLogonToken (VOID)
NTSTATUS	SeSubProcessToken (IN PEPROCESS ParentProcess, OUT PACCESS_TOKEN *ChildToken)
BOOLEAN	SepTokenInitialization (VOID)
NTSTATUS	NtCreateToken (OUT PHANDLE TokenHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, IN TOKEN_TYPE TokenType, IN PLUID AuthenticationId, IN PLARGE_INTEGER ExpirationTime, IN PTOKEN_USER User, IN PTOKEN_GROUPS Groups, IN PTOKEN_PRIVILEGES Privileges, IN PTOKEN_OWNER Owner OPTIONAL, IN PTOKEN_PRIMARY_GROUP PrimaryGroup, IN PTOKEN_DEFAULT_DACL DefaultDacl OPTIONAL, IN PTOKEN_SOURCE TokenSource)
VOID	SepTokenDeleteMethod (IN PVOID Token)
NTSTATUS	SepCreateToken (OUT PHANDLE TokenHandle, IN KPROCESSOR_MODE RequestorMode, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, IN TOKEN_TYPE TokenType, IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel OPTIONAL, IN PLUID AuthenticationId, IN PLARGE_INTEGER ExpirationTime, IN PSID_AND_ATTRIBUTES User, IN ULONG GroupCount, IN PSID_AND_ATTRIBUTES Groups, IN ULONG GroupsLength, IN ULONG PrivilegeCount, IN PLUID_AND_ATTRIBUTES Privileges, IN ULONG PrivilegesLength, IN PSID Owner OPTIONAL, IN PSID PrimaryGroup, IN PACL DefaultDacl OPTIONAL, IN PTOKEN_SOURCE TokenSource, IN BOOLEAN SystemToken, IN PSECURITY_TOKEN_PROXY_DATA ProxyData OPTIONAL, IN PSECURITY_TOKEN_AUDIT_DATA AuditData OPTIONAL)
BOOLEAN	SepIdAssignableAsOwner (IN PTOKEN Token, IN ULONG Index)
NTSTATUS	SeIsChildToken (IN HANDLE Token, OUT PBOOLEAN IsChild)
NTSTATUS	SeIsChildTokenByPointer (IN PACCESS_TOKEN Token, OUT PBOOLEAN IsChild)
NTSTATUS	NtImpersonateAnonymousToken (IN HANDLE ThreadHandle)
Variables
GENERIC_MAPPING	SepTokenMapping
POBJECT_TYPE	SepTokenObjectType
ERESOURCE	SepTokenLock

---

Function Documentation

NTSTATUS NtCreateToken (  OUT PHANDLE  TokenHandle, IN ACCESS_MASK  DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes  OPTIONAL, IN TOKEN_TYPE  TokenType, IN PLUID  AuthenticationId, IN PLARGE_INTEGER  ExpirationTime, IN PTOKEN_USER  User, IN PTOKEN_GROUPS  Groups, IN PTOKEN_PRIVILEGES  Privileges, IN PTOKEN_OWNER Owner  OPTIONAL, IN PTOKEN_PRIMARY_GROUP  PrimaryGroup, IN PTOKEN_DEFAULT_DACL DefaultDacl  OPTIONAL, IN PTOKEN_SOURCE  TokenSource )

Definition at line 1690 of file token.c. References EXCEPTION_EXECUTE_HANDLER, FALSE, KernelMode, KPROCESSOR_MODE, NonPagedPool, NT_SUCCESS, NTSTATUS(), NULL, ObjectAttributes, Owner, PAGED_CODE, PagedPool, ProbeForRead, ProbeForWriteHandle, RtlCopyLuid(), SeCaptureAcl(), SeCaptureLuidAndAttributesArray(), SeCaptureSecurityQos(), SeCaptureSid(), SeCaptureSidAndAttributesArray(), SeFreeCapturedSecurityQos(), SepCreateToken(), SeReleaseAcl(), SeReleaseLuidAndAttributesArray(), SeReleaseSid(), SeReleaseSidAndAttributesArray(), Status, and TRUE. Referenced by CreateDAclToken(), TestTokenAssignPrimary(), and TestTokenCreate(). : Create a token object and return a handle opened for access to that token. This API requires SeCreateTokenPrivilege privilege. Arguments: TokenHandle - Receives the handle of the newly created token. DesiredAccess - Is an access mask indicating which access types the handle is to provide to the new object. ObjectAttributes - Points to the standard object attributes data structure. Refer to the NT Object Management Specification for a description of this data structure. If the token type is TokenImpersonation, then this parameter must specify the impersonation level of the token. TokenType - Type of token to be created. Privilege is required to create any type of token. AuthenticationId - Points to a LUID (or LUID) providing a unique identifier associated with the authentication. This is used within security only, for audit purposes. ExpirationTime - Time at which the token becomes invalid. If this value is specified as zero, then the token has no expiration time. User - Is the user SID to place in the token. Groups - Are the group SIDs to place in the token. Privileges - Are the privileges to place in the token. Owner - (Optionally) identifies an identifier that is to be used as the default owner for the token. If not provided, the user ID is made the default owner. PrimaryGroup - Identifies which of the group IDs is to be the primary group of the token. DefaultDacl - (optionally) establishes an ACL to be used as the default discretionary access protection for the token. TokenSource - Identifies the token source name string and identifier to be assigned to the token. Return Value: STATUS_SUCCESS - Indicates the operation was successful. STATUS_INVALID_OWNER - Indicates the ID provided to be assigned as the default owner of the token does not have an attribute indicating it may be assigned as an owner. STATUS_INVALID_PRIMARY_GROUP - Indicates the group ID provided via the PrimaryGroup parameter was not among those assigned to the token in the Groups parameter. STATUS_BAD_IMPERSONATION_LEVEL - Indicates no impersonation level was provided when attempting to create a token of type TokenImpersonation. --*/ { KPROCESSOR_MODE PreviousMode; NTSTATUS Status; ULONG Ignore; HANDLE LocalHandle; BOOLEAN SecurityQosPresent = FALSE; SECURITY_ADVANCED_QUALITY_OF_SERVICE CapturedSecurityQos; LUID CapturedAuthenticationId; LARGE_INTEGER CapturedExpirationTime; PSID_AND_ATTRIBUTES CapturedUser = NULL; ULONG CapturedUserLength; ULONG CapturedGroupCount; PSID_AND_ATTRIBUTES CapturedGroups = NULL; ULONG CapturedGroupsLength; ULONG CapturedPrivilegeCount; PLUID_AND_ATTRIBUTES CapturedPrivileges = NULL; ULONG CapturedPrivilegesLength; PSID CapturedOwner = NULL; PSID CapturedPrimaryGroup = NULL; PACL CapturedDefaultDacl = NULL; TOKEN_SOURCE CapturedTokenSource; PVOID CapturedAddress; PAGED_CODE(); PreviousMode = KeGetPreviousMode(); if (PreviousMode != KernelMode) { // // Probe everything necessary for input to the capture subroutines. // try { ProbeForWriteHandle(TokenHandle); ProbeForRead( ExpirationTime, sizeof(LARGE_INTEGER), sizeof(ULONG) ); ProbeForRead( Groups, sizeof(TOKEN_GROUPS), sizeof(ULONG) ); ProbeForRead( Privileges, sizeof(TOKEN_PRIVILEGES), sizeof(ULONG) ); ProbeForRead( TokenSource, sizeof(TOKEN_SOURCE), sizeof(ULONG) ); if ( ARGUMENT_PRESENT(Owner) ) { ProbeForRead( Owner, sizeof(TOKEN_OWNER), sizeof(ULONG) ); } ProbeForRead( PrimaryGroup, sizeof(TOKEN_PRIMARY_GROUP), sizeof(ULONG) ); if ( ARGUMENT_PRESENT(DefaultDacl) ) { ProbeForRead( DefaultDacl, sizeof(TOKEN_DEFAULT_DACL), sizeof(ULONG) ); } ProbeForRead( AuthenticationId, sizeof(LUID), sizeof(ULONG) ); } except(EXCEPTION_EXECUTE_HANDLER) { return GetExceptionCode(); } // end_try } //end_if // // Capture the security quality of service. // This capture routine necessarily does some probing of its own. // Status = SeCaptureSecurityQos( ObjectAttributes, PreviousMode, &SecurityQosPresent, &CapturedSecurityQos ); if (!NT_SUCCESS(Status)) { return Status; } if (TokenType == TokenImpersonation) { if (!SecurityQosPresent) { return STATUS_BAD_IMPERSONATION_LEVEL; } // endif } // endif // // Capture the rest of the arguments. // These arguments have already been probed. // try { Status = STATUS_SUCCESS; // // Capture and validate AuthenticationID // RtlCopyLuid( &CapturedAuthenticationId, AuthenticationId ); // // Capture ExpirationTime // CapturedExpirationTime = (*ExpirationTime); // // Capture User // if (NT_SUCCESS(Status)) { Status = SeCaptureSidAndAttributesArray( &(User->User), 1, PreviousMode, NULL, 0, PagedPool, TRUE, &CapturedUser, &CapturedUserLength ); } // // Capture Groups // if (NT_SUCCESS(Status)) { CapturedGroupCount = Groups->GroupCount; Status = SeCaptureSidAndAttributesArray( (Groups->Groups), CapturedGroupCount, PreviousMode, NULL, 0, PagedPool, TRUE, &CapturedGroups, &CapturedGroupsLength ); } // // Capture Privileges // if (NT_SUCCESS(Status)) { CapturedPrivilegeCount = Privileges->PrivilegeCount; Status = SeCaptureLuidAndAttributesArray( (Privileges->Privileges), CapturedPrivilegeCount, PreviousMode, NULL, 0, PagedPool, TRUE, &CapturedPrivileges, &CapturedPrivilegesLength ); } // // Capture Owner // if ( ARGUMENT_PRESENT(Owner) && NT_SUCCESS(Status)) { CapturedAddress = Owner->Owner; Status = SeCaptureSid( (PSID)CapturedAddress, PreviousMode, NULL, 0, PagedPool, TRUE, &CapturedOwner ); } // // Capture PrimaryGroup // if (NT_SUCCESS(Status)) { CapturedAddress = PrimaryGroup->PrimaryGroup; Status = SeCaptureSid( (PSID)CapturedAddress, PreviousMode, NULL, 0, PagedPool, TRUE, &CapturedPrimaryGroup ); } // // Capture DefaultDacl // if ( ARGUMENT_PRESENT(DefaultDacl) && NT_SUCCESS(Status) ) { CapturedAddress = DefaultDacl->DefaultDacl; if (CapturedAddress != NULL) { Status = SeCaptureAcl( (PACL)CapturedAddress, PreviousMode, NULL, 0, NonPagedPool, TRUE, &CapturedDefaultDacl, &Ignore ); } } // // Capture TokenSource // CapturedTokenSource = (*TokenSource); } except(EXCEPTION_EXECUTE_HANDLER) { if (CapturedUser != NULL) { SeReleaseSidAndAttributesArray( CapturedUser, PreviousMode, TRUE ); } if (CapturedGroups != NULL) { SeReleaseSidAndAttributesArray( CapturedGroups, PreviousMode, TRUE ); } if (CapturedPrivileges != NULL) { SeReleaseLuidAndAttributesArray( CapturedPrivileges, PreviousMode, TRUE ); } if (CapturedOwner != NULL) { SeReleaseSid( CapturedOwner, PreviousMode, TRUE); } if (CapturedPrimaryGroup != NULL) { SeReleaseSid( CapturedPrimaryGroup, PreviousMode, TRUE); } if (CapturedDefaultDacl != NULL) { SeReleaseAcl( CapturedDefaultDacl, PreviousMode, TRUE); } if (SecurityQosPresent == TRUE) { SeFreeCapturedSecurityQos( &CapturedSecurityQos ); } return GetExceptionCode(); } // end_try{} // // Create the token // if (NT_SUCCESS(Status)) { Status = SepCreateToken( &LocalHandle, PreviousMode, DesiredAccess, ObjectAttributes, TokenType, CapturedSecurityQos.ImpersonationLevel, &CapturedAuthenticationId, &CapturedExpirationTime, CapturedUser, CapturedGroupCount, CapturedGroups, CapturedGroupsLength, CapturedPrivilegeCount, CapturedPrivileges, CapturedPrivilegesLength, CapturedOwner, CapturedPrimaryGroup, CapturedDefaultDacl, &CapturedTokenSource, FALSE, // Not a system token SecurityQosPresent ? CapturedSecurityQos.ProxyData : NULL, SecurityQosPresent ? CapturedSecurityQos.AuditData : NULL ); } // // Clean up the temporary capture buffers // if (CapturedUser != NULL) { SeReleaseSidAndAttributesArray( CapturedUser, PreviousMode, TRUE); } if (CapturedGroups != NULL) { SeReleaseSidAndAttributesArray( CapturedGroups, PreviousMode, TRUE); } if (CapturedPrivileges != NULL) { SeReleaseLuidAndAttributesArray( CapturedPrivileges, PreviousMode, TRUE); } if (CapturedOwner != NULL) { SeReleaseSid( CapturedOwner, PreviousMode, TRUE); } if (CapturedPrimaryGroup != NULL) { SeReleaseSid( CapturedPrimaryGroup, PreviousMode, TRUE); } if (CapturedDefaultDacl != NULL) { SeReleaseAcl( CapturedDefaultDacl, PreviousMode, TRUE); } if (SecurityQosPresent == TRUE) { SeFreeCapturedSecurityQos( &CapturedSecurityQos ); } // // Return the handle to this new token // if (NT_SUCCESS(Status)) { try { *TokenHandle = LocalHandle; } except(EXCEPTION_EXECUTE_HANDLER) { return GetExceptionCode(); } } return Status; }

NTSTATUS NtImpersonateAnonymousToken (  IN HANDLE  ThreadHandle  )

Definition at line 3038 of file token.c. References FALSE, NT_SUCCESS, NTSTATUS(), NULL, ObDereferenceObject, ObReferenceObjectByHandle(), ObReferenceObjectByPointer(), PsImpersonateClient(), PsThreadType, SeAnonymousLogonToken, SepTokenObjectType, Status, ThreadHandle, and TRUE. 03044 : 03045 03046 Impersonates the system's anonymous logon token on this thread. 03047 03048 Arguments: 03049 03050 ThreadHandle - Handle to the thread to do the impersonation. 03051 03052 Return Value: 03053 03054 STATUS_SUCCESS - Indicates the operation was successful. 03055 03056 STATUS_INVALID_HANDLE - the thread handle is invalid. 03057 03058 STATUS_ACCESS_DENIED - The thread handle is not open for impersonation 03059 access. 03060 --*/ 03061 { 03062 PETHREAD CallerThread = NULL; 03063 NTSTATUS Status = STATUS_SUCCESS; 03064 03065 // 03066 // Reference the caller's thread to make sure we can impersonate 03067 // 03068 03069 Status = ObReferenceObjectByHandle( 03070 ThreadHandle, 03071 THREAD_IMPERSONATE, 03072 PsThreadType, 03073 KeGetPreviousMode(), 03074 (PVOID *)&CallerThread, 03075 NULL 03076 ); 03077 if (!NT_SUCCESS(Status)) { 03078 goto Cleanup; 03079 } 03080 03081 // 03082 // Reference the impersonation token to make sure we are allowed to 03083 // impersonate it. 03084 // 03085 03086 Status = ObReferenceObjectByPointer( 03087 SeAnonymousLogonToken, 03088 TOKEN_IMPERSONATE, 03089 SepTokenObjectType, 03090 KeGetPreviousMode() 03091 ); 03092 if (!NT_SUCCESS(Status)) 03093 { 03094 goto Cleanup; 03095 } 03096 03097 ObDereferenceObject(SeAnonymousLogonToken); 03098 03099 // 03100 // Do the impersonation. We want copy on open so the caller can't 03101 // actually modify this system's copy of this token. 03102 // 03103 03104 Status = PsImpersonateClient( 03105 CallerThread, 03106 SeAnonymousLogonToken, 03107 TRUE, // copy on open 03108 FALSE, // no effective only 03109 SecurityImpersonation 03110 ); 03111 Cleanup: 03112 03113 if (CallerThread != NULL) { 03114 ObDereferenceObject(CallerThread); 03115 } 03116 return(Status); 03117 } }

VOID SeAssignPrimaryToken (  IN PEPROCESS  Process, IN PACCESS_TOKEN  Token )

Definition at line 241 of file token.c. References ASSERT, NTSTATUS(), NULL, ObReferenceObject, PAGED_CODE, PTOKEN, SeDeassignPrimaryToken(), Status, Token, and TRUE. Referenced by PspInitializeProcessSecurity(). : This function establishes a primary token for a process. Arguments: Token - Points to the new primary token. Return Value: None. --*/ { NTSTATUS Status; PTOKEN NewToken = (PTOKEN)Token; PAGED_CODE(); ASSERT(NewToken->TokenType == TokenPrimary); ASSERT( !NewToken->TokenInUse ); // // Dereference the old token if there is one. // // Processes typically already have a token that must be // dereferenced. There are two cases where this may not // be the situation. First, during phase 0 system initialization, // the initial system process starts out without a token. Second, // if an error occurs during process creation, we may be cleaning // up a process that hasn't yet had a primary token assigned. // if (Process->Token != NULL) { SeDeassignPrimaryToken( Process ); } Process->Token=Token; NewToken->TokenInUse = TRUE; ObReferenceObject(NewToken); return; }

VOID SeDeassignPrimaryToken (  IN PEPROCESS  Process  )

Definition at line 302 of file token.c. References ASSERT, FALSE, ObDereferenceObject, PAGED_CODE, and PTOKEN. Referenced by PspDeleteProcessSecurity(), and SeAssignPrimaryToken(). : This function causes a process reference to a token to be dropped. Arguments: Process - Points to the process whose primary token is no longer needed. This is probably only the case at process deletion or when a primary token is being replaced. Return Value: None. --*/ { PTOKEN OldToken = (PTOKEN)(Process->Token); PAGED_CODE(); ASSERT(OldToken->TokenType == TokenPrimary); ASSERT(OldToken->TokenInUse); OldToken->TokenInUse = FALSE; ObDereferenceObject( OldToken ); return; }

NTSTATUS SeExchangePrimaryToken (  IN PEPROCESS  Process, IN PACCESS_TOKEN  NewAccessToken, OUT PACCESS_TOKEN *  OldAccessToken )

Definition at line 346 of file token.c. References ASSERT, FALSE, NTSTATUS(), ObReferenceObject, PAGED_CODE, PTOKEN, Status, and TRUE. Referenced by PspAssignPrimaryToken(). : This function is used to perform the portions of changing a primary token that reference the internals of token structures. The new token is checked to make sure it is not already in use. The !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!! WARNING WARNING WARNING !!!!!!!! !!!!!!!! !!!!!!!! !!!!!!!! THIS ROUTINE MUST BE CALLED WITH THE GOBAL !!!!!!!! !!!!!!!! PROCESS SECURITY FIELDS LOCK HELD !!!!!!!! !!!!!!!! !!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! Arguments: Process - Points to the process whose primary token is being exchanged. NewAccessToken - Points to the process's new primary token. OldAccessToken - Receives a pointer to the process's current token. The caller is responsible for dereferencing this token when it is no longer needed. This can't be done while the process security locks are held. Return Value: STATUS_SUCCESS - Everything has been updated. STATUS_TOKEN_ALREADY_IN_USE - A primary token can only be used by a single process. That is, each process must have its own primary token. The token passed to be assigned as the primary token is already in use as a primary token. STATUS_BAD_TOKEN_TYPE - The new token is not a primary token. --*/ { NTSTATUS Status; PTOKEN OldToken = (PTOKEN)(Process->Token); PTOKEN NewToken = (PTOKEN)NewAccessToken; PAGED_CODE(); // // We need to access the security fields of both tokens. // Access to these fields is guarded by the global Process Security // fields lock. // ASSERT(OldToken->TokenType == TokenPrimary); ASSERT(OldToken->TokenInUse); // // Make sure the new token is a primary token... // if ( NewToken->TokenType != TokenPrimary ) { return(STATUS_BAD_TOKEN_TYPE); } // // and that it is not already in use... // if (NewToken->TokenInUse) { return(STATUS_TOKEN_ALREADY_IN_USE); } // // Ensure SessionId consistent for hydra // NewToken->SessionId = OldToken->SessionId ; // // Switch the tokens // Process->Token=NewAccessToken; NewToken->TokenInUse = TRUE; ObReferenceObject(NewToken); // // Mark the token as "NOT USED" // OldToken->TokenInUse = FALSE; // // Return the pointer to the old token. The caller // is responsible for dereferencing it if they don't need it. // (*OldAccessToken) = OldToken; return (STATUS_SUCCESS); }

VOID SeGetTokenControlInformation (  IN PACCESS_TOKEN  Token, OUT PTOKEN_CONTROL  TokenControl )

Definition at line 475 of file token.c. References PAGED_CODE, PTOKEN, SepAcquireTokenReadLock, SepReleaseTokenReadLock, and Token. Referenced by SepCreateClientSecurity(). 00482 : 00483 00484 This routine is provided for communication session layers, or 00485 any other executive component that needs to keep track of 00486 whether a caller's security context has changed between calls. 00487 Communication session layers will need to check this, for some 00488 security quality of service modes, to determine whether or not 00489 a server's security context needs to be updated to reflect 00490 changes in the client's security context. 00491 00492 This routine will also be useful to communications subsystems 00493 that need to retrieve client' authentication information from 00494 the local security authority in order to perform a remote 00495 authentication. 00496 00497 00498 Parameters: 00499 00500 Token - Points to the token whose information is to be retrieved. 00501 00502 TokenControl - Points to the buffer to receive the token control 00503 information. 00504 00505 Return Value: 00506 00507 None. 00508 00509 --*/ 00510 00511 { 00512 PAGED_CODE(); 00513 00514 // 00515 // acquire exclusive access to the token 00516 // 00517 00518 SepAcquireTokenReadLock( (PTOKEN)Token ); 00519 00520 // 00521 // Grab the data and run 00522 // 00523 00524 TokenControl->TokenId = ((TOKEN *)Token)->TokenId; 00525 TokenControl->AuthenticationId = ((TOKEN *)Token)->AuthenticationId; 00526 TokenControl->ModifiedId = ((TOKEN *)Token)->ModifiedId; 00527 TokenControl->TokenSource = ((TOKEN *)Token)->TokenSource; 00528 00529 SepReleaseTokenReadLock( (PTOKEN)Token ); 00530 00531 return; 00532 00533 }

NTSTATUS SeIsChildToken (  IN HANDLE  Token, OUT PBOOLEAN  IsChild )

Definition at line 2867 of file token.c. References FALSE, IsChild(), NT_SUCCESS, NTSTATUS(), NULL, ObDereferenceObject, ObReferenceObjectByHandle(), PsDereferencePrimaryToken, PsGetCurrentProcess, PsReferencePrimaryToken(), PTOKEN, RtlEqualLuid(), SepAcquireTokenReadLock, SepReleaseTokenReadLock, SepTokenObjectType, Status, Token, and TRUE. : This routine returns TRUE if the supplied token is a child of the caller's process token. This is done by comparing the ParentTokenId field of the supplied token to the TokenId field of the token from the current subject context. Arguments: Token - Token to check for childhood IsChild - Contains results of comparison. TRUE - The supplied token is a child of the caller's token FALSE- The supplied token is not a child of the caller's token Returns: Status codes from any NT services called. --*/ { PTOKEN CallerToken; PTOKEN SuppliedToken; LUID CallerTokenId; LUID SuppliedParentTokenId; NTSTATUS Status = STATUS_SUCCESS; *IsChild = FALSE; // // Capture the caller's token and get the token id // CallerToken = (PTOKEN) PsReferencePrimaryToken(PsGetCurrentProcess()); SepAcquireTokenReadLock( CallerToken ); CallerTokenId = CallerToken->TokenId; SepReleaseTokenReadLock( CallerToken ); PsDereferencePrimaryToken(CallerToken); // // Reference the supplied token and get the parent token id. // Status = ObReferenceObjectByHandle( Token, // Handle 0, // DesiredAccess SepTokenObjectType, // ObjectType KeGetPreviousMode(), // AccessMode (PVOID *)&SuppliedToken, // Object NULL // GrantedAccess ); if (NT_SUCCESS(Status)) { SepAcquireTokenReadLock( SuppliedToken ); SuppliedParentTokenId = SuppliedToken->ParentTokenId; SepReleaseTokenReadLock( SuppliedToken ); ObDereferenceObject(SuppliedToken); // // Check to see if the supplied token's parent ID is the ID // of the caller. // if (RtlEqualLuid( &SuppliedParentTokenId, &CallerTokenId )) { *IsChild = TRUE; } } return(Status); }

NTSTATUS SeIsChildTokenByPointer (  IN PACCESS_TOKEN  Token, OUT PBOOLEAN  IsChild )

Definition at line 2960 of file token.c. References FALSE, IsChild(), NTSTATUS(), PsDereferencePrimaryToken, PsGetCurrentProcess, PsReferencePrimaryToken(), PTOKEN, RtlEqualLuid(), SepAcquireTokenReadLock, SepReleaseTokenReadLock, Status, Token, and TRUE. Referenced by NtSetInformationJobObject(), and PspSetPrimaryToken(). : This routine returns TRUE if the supplied token is a child of the caller's token. This is done by comparing the ParentTokenId field of the supplied token to the TokenId field of the token from the current subject context. Arguments: Token - Token to check for childhood IsChild - Contains results of comparison. TRUE - The supplied token is a child of the caller's token FALSE- The supplied token is not a child of the caller's token Returns: Status codes from any NT services called. --*/ { SECURITY_SUBJECT_CONTEXT SubjectSecurityContext; PTOKEN CallerToken; PTOKEN SuppliedToken; LUID CallerTokenId; LUID SuppliedParentTokenId; NTSTATUS Status = STATUS_SUCCESS; *IsChild = FALSE; // // Capture the caller's token and get the token id // CallerToken = (PTOKEN) PsReferencePrimaryToken(PsGetCurrentProcess()); SepAcquireTokenReadLock( CallerToken ); CallerTokenId = CallerToken->TokenId; SepReleaseTokenReadLock( CallerToken ); PsDereferencePrimaryToken(CallerToken); SuppliedToken = (PTOKEN) Token ; SepAcquireTokenReadLock( SuppliedToken ); SuppliedParentTokenId = SuppliedToken->ParentTokenId; SepReleaseTokenReadLock( SuppliedToken ); // // Check to see if the supplied token's parent ID is the ID // of the caller. // if (RtlEqualLuid( &SuppliedParentTokenId, &CallerTokenId )) { *IsChild = TRUE; } return(Status); }

PACCESS_TOKEN SeMakeAnonymousLogonToken (  VOID   )

Definition at line 1010 of file token.c. References ASSERT, Buffer, DbgPrint, ExAllocatePoolWithTag, ExFreePool(), FALSE, KernelMode, NoExpiration, NormalGroupAttributes, NT_SUCCESS, NTSTATUS(), NULL, ObAssignObjectSecurityDescriptor(), ObDereferenceObject, Owner, PAGED_CODE, PagedPool, RtlAbsoluteToSelfRelativeSD(), RtlAddAccessAllowedAce(), RtlCreateAcl(), RtlCreateSecurityDescriptor(), RtlSetDaclSecurityDescriptor(), RtlSetGroupSecurityDescriptor(), RtlSetOwnerSecurityDescriptor(), RtlTimeFieldsToTime(), SeAliasAdminsSid, SeAnonymousAuthenticationId, SeAnonymousLogonSid, SeLengthSid, SepCreateToken(), SeSystemTokenSource, SeWorldSid, Status, TimeFields, Token, and TRUE. : This routine is provided for use by executive components DURING SYSTEM INITIALIZATION ONLY. It creates a token for use by system components. A system token has the following characteristics: - It has ANONYMOUS_LOGON as its user ID - It has the following groups with the corresponding attributes: WORLD EnabledByDefault | Enabled | Mandatory - It has WORLD as its primary group. - It has no privileges/ - It has protection that provides TOKEN_ALL_ACCESS to the WORLD ID. - It has a default ACL that grants GENERIC_ALL access to WORLD. Parameters: None. Return Value: Pointer to a system token. --*/ { NTSTATUS Status; PVOID Token; SID_AND_ATTRIBUTES UserId; PSID_AND_ATTRIBUTES GroupIds; TOKEN_PRIMARY_GROUP PrimaryGroup; ULONG GroupIdsLength; PACL TokenAcl; PSID Owner; ULONG NormalGroupAttributes; ULONG Length; OBJECT_ATTRIBUTES TokenObjectAttributes; PSECURITY_DESCRIPTOR TokenSecurityDescriptor; ULONG BufferLength; PVOID Buffer; ULONG_PTR GroupIdsBuffer[128 * sizeof(ULONG) / sizeof(ULONG_PTR)]; TIME_FIELDS TimeFields; LARGE_INTEGER NoExpiration; PAGED_CODE(); // // Set up expiration times // TimeFields.Year = 3000; TimeFields.Month = 1; TimeFields.Day = 1; TimeFields.Hour = 1; TimeFields.Minute = 1; TimeFields.Second = 1; TimeFields.Milliseconds = 1; TimeFields.Weekday = 1; RtlTimeFieldsToTime( &TimeFields, &NoExpiration ); GroupIds = (PSID_AND_ATTRIBUTES)GroupIdsBuffer; // // Set up the attributes to be assigned to groups // NormalGroupAttributes = (SE_GROUP_MANDATORY | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_ENABLED ); // // Set up the user ID // UserId.Sid = SeAnonymousLogonSid; UserId.Attributes = 0; // // Set up the groups // GroupIds->Sid = SeWorldSid; GroupIds->Attributes = NormalGroupAttributes; GroupIdsLength = (ULONG)LongAlignSize(SeLengthSid(GroupIds->Sid)) + sizeof(SID_AND_ATTRIBUTES); ASSERT( GroupIdsLength <= 128 * sizeof(ULONG) ); // // Privileges // // // Establish the primary group and default owner // PrimaryGroup.PrimaryGroup = SeAnonymousLogonSid; // Primary group // // Set up an ACL to protect token as well ... // give system full reign of terror. This includes user-mode components // running as part of the system. // Length = (ULONG)sizeof(ACL) + (ULONG)sizeof(ACCESS_ALLOWED_ACE) + SeLengthSid( SeWorldSid ) + 8; // The 8 is just for good measure ASSERT( Length < 200 ); TokenAcl = (PACL)ExAllocatePoolWithTag(PagedPool, 200, 'cAeS'); if ( !TokenAcl ) { return NULL ; } Status = RtlCreateAcl( TokenAcl, Length, ACL_REVISION2); ASSERT( NT_SUCCESS(Status) ); Status = RtlAddAccessAllowedAce ( TokenAcl, ACL_REVISION2, TOKEN_ALL_ACCESS, SeWorldSid ); ASSERT( NT_SUCCESS(Status) ); TokenSecurityDescriptor = (PSECURITY_DESCRIPTOR)ExAllocatePoolWithTag( PagedPool, SECURITY_DESCRIPTOR_MIN_LENGTH, 'dSeS' ); if ( !TokenSecurityDescriptor ) { ExFreePool( TokenAcl ); return NULL ; } Status = RtlCreateSecurityDescriptor( TokenSecurityDescriptor, SECURITY_DESCRIPTOR_REVISION ); ASSERT( NT_SUCCESS(Status) ); Status = RtlSetDaclSecurityDescriptor ( TokenSecurityDescriptor, TRUE, TokenAcl, FALSE ); ASSERT( NT_SUCCESS(Status) ); Status = RtlSetOwnerSecurityDescriptor ( TokenSecurityDescriptor, SeWorldSid, FALSE // Owner defaulted ); ASSERT( NT_SUCCESS(Status) ); Status = RtlSetGroupSecurityDescriptor ( TokenSecurityDescriptor, SeWorldSid, FALSE // Group defaulted ); ASSERT( NT_SUCCESS(Status) ); // // Create the system token // #ifdef TOKEN_DEBUG // // Debug DbgPrint("\n Creating system token...\n"); // Debug // #endif //TOKEN_DEBUG InitializeObjectAttributes( &TokenObjectAttributes, NULL, 0, NULL, TokenSecurityDescriptor ); Status = SepCreateToken( (PHANDLE)&Token, KernelMode, 0, // No handle created for system token &TokenObjectAttributes, TokenPrimary, (SECURITY_IMPERSONATION_LEVEL)0, &SeAnonymousAuthenticationId, &NoExpiration, &UserId, 1, // GroupCount GroupIds, GroupIdsLength, 0, // no privileges NULL, // no Privileges, 0, // no privileges NULL, PrimaryGroup.PrimaryGroup, TokenAcl, &SeSystemTokenSource, TRUE, // System token NULL, NULL ); ASSERT(NT_SUCCESS(Status)); // // Assign the security descriptor here, since we don't do it // in SepCreateToken for the System Token. // BufferLength = Length + sizeof(SECURITY_DESCRIPTOR) + 2 * SeLengthSid(SeAliasAdminsSid); Buffer = (PSECURITY_DESCRIPTOR)ExAllocatePoolWithTag( PagedPool, BufferLength, 'dSeS' ); if ( Buffer ) { Status = RtlAbsoluteToSelfRelativeSD( TokenSecurityDescriptor, Buffer, &BufferLength ); ASSERT(NT_SUCCESS(Status)); Status = ObAssignObjectSecurityDescriptor( Token, Buffer, PagedPool ); ASSERT(NT_SUCCESS(Status)); } else { ObDereferenceObject( Token ); Token = NULL ; } // // We can free the old one now. // ExFreePool( TokenAcl ); ExFreePool( TokenSecurityDescriptor ); return (PACCESS_TOKEN)Token; }

PACCESS_TOKEN SeMakeSystemToken (   )

Definition at line 536 of file token.c. References ASSERT, Buffer, DbgPrint, ExAllocatePoolWithTag, ExFreePool(), FALSE, KernelMode, NoExpiration, NormalGroupAttributes, NT_SUCCESS, NTSTATUS(), NULL, ObAssignObjectSecurityDescriptor(), ObDereferenceObject, Owner, OwnerGroupAttributes, PAGED_CODE, PagedPool, RtlAbsoluteToSelfRelativeSD(), RtlAddAccessAllowedAce(), RtlCreateAcl(), RtlCreateSecurityDescriptor(), RtlSetDaclSecurityDescriptor(), RtlSetGroupSecurityDescriptor(), RtlSetOwnerSecurityDescriptor(), RtlTimeFieldsToTime(), SeAliasAdminsSid, SeAssignPrimaryTokenPrivilege, SeAuditPrivilege, SeAuthenticatedUsersSid, SeBackupPrivilege, SeChangeNotifyPrivilege, SeCreatePagefilePrivilege, SeCreatePermanentPrivilege, SeCreateTokenPrivilege, SeDebugPrivilege, SeIncreaseBasePriorityPrivilege, SeIncreaseQuotaPrivilege, SeLengthSid, SeLoadDriverPrivilege, SeLocalSystemSid, SeLockMemoryPrivilege, SepCreateToken(), SeProfileSingleProcessPrivilege, SeRestorePrivilege, SeSecurityPrivilege, SeShutdownPrivilege, SeSystemAuthenticationId, SeSystemDefaultDacl, SeSystemEnvironmentPrivilege, SeSystemtimePrivilege, SeSystemTokenSource, SeTakeOwnershipPrivilege, SeTcbPrivilege, SeUndockPrivilege, SeWorldSid, Status, TimeFields, Token, and TRUE. Referenced by SepInitializationPhase0(), and TestMakeSystemToken(). : This routine is provided for use by executive components DURING SYSTEM INITIALIZATION ONLY. It creates a token for use by system components. A system token has the following characteristics: - It has LOCAL_SYSTEM as its user ID - It has the following groups with the corresponding attributes: ADMINS_ALIAS EnabledByDefault | Enabled | Owner WORLD EnabledByDefault | Enabled | Mandatory ADMINISTRATORS (alias) Owner (disabled) AUTHENTICATED_USER EnabledByDefault | Enabled | Mandatory - It has LOCAL_SYSTEM as its primary group. - It has the privileges shown in comments below. - It has protection that provides TOKEN_ALL_ACCESS to the LOCAL_SYSTEM ID. - It has a default ACL that grants GENERIC_ALL access to LOCAL_SYSTEM and GENERIC_EXECUTE to WORLD. Parameters: None. Return Value: Pointer to a system token. --*/ { NTSTATUS Status; PVOID Token; SID_AND_ATTRIBUTES UserId; TOKEN_PRIMARY_GROUP PrimaryGroup; PSID_AND_ATTRIBUTES GroupIds; ULONG GroupIdsLength; LUID_AND_ATTRIBUTES Privileges[30]; PACL TokenAcl; PSID Owner; ULONG NormalGroupAttributes; ULONG OwnerGroupAttributes; ULONG Length; OBJECT_ATTRIBUTES TokenObjectAttributes; PSECURITY_DESCRIPTOR TokenSecurityDescriptor; ULONG BufferLength; PVOID Buffer; ULONG_PTR GroupIdsBuffer[128 * sizeof(ULONG) / sizeof(ULONG_PTR)]; TIME_FIELDS TimeFields; LARGE_INTEGER NoExpiration; PAGED_CODE(); // // Make sure only one system token gets created. // #if DBG ASSERT( !SystemTokenCreated ); SystemTokenCreated = TRUE; #endif //DBG // // Set up expiration times // TimeFields.Year = 3000; TimeFields.Month = 1; TimeFields.Day = 1; TimeFields.Hour = 1; TimeFields.Minute = 1; TimeFields.Second = 1; TimeFields.Milliseconds = 1; TimeFields.Weekday = 1; RtlTimeFieldsToTime( &TimeFields, &NoExpiration ); // // // // The amount of memory used in the following is gross overkill, but // // it is freed up immediately after creating the token. // // // // GroupIds = (PSID_AND_ATTRIBUTES)ExAllocatePool( NonPagedPool, 512 ); GroupIds = (PSID_AND_ATTRIBUTES)GroupIdsBuffer; // // Set up the attributes to be assigned to groups // NormalGroupAttributes = (SE_GROUP_MANDATORY | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_ENABLED ); OwnerGroupAttributes = (SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_ENABLED | SE_GROUP_OWNER ); // // Set up the user ID // UserId.Sid = SeLocalSystemSid; UserId.Attributes = 0; // // Set up the groups // GroupIds->Sid = SeAliasAdminsSid; (GroupIds+1)->Sid = SeWorldSid; (GroupIds+2)->Sid = SeAuthenticatedUsersSid; GroupIds->Attributes = OwnerGroupAttributes; (GroupIds+1)->Attributes = NormalGroupAttributes; (GroupIds+2)->Attributes = NormalGroupAttributes; GroupIdsLength = (ULONG)LongAlignSize(SeLengthSid(GroupIds->Sid)) + (ULONG)LongAlignSize(SeLengthSid((GroupIds+1)->Sid)) + (ULONG)LongAlignSize(SeLengthSid((GroupIds+2)->Sid)) + sizeof(SID_AND_ATTRIBUTES); ASSERT( GroupIdsLength <= 128 * sizeof(ULONG) ); // // Privileges // // // The privileges in the system token are as follows: // // Privilege Name Attributes // -------------- ---------- // // SeTcbPrivilege enabled/enabled by default // SeCreateTokenPrivilege DISabled/NOT enabled by default // SeTakeOwnershipPrivilege DISabled/NOT enabled by default // SeCreatePagefilePrivilege enabled/enabled by default // SeLockMemoryPrivilege enabled/enabled by default // SeAssignPrimaryTokenPrivilege DISabled/NOT enabled by default // SeIncreaseQuotaPrivilege DISabled/NOT enabled by default // SeIncreaseBasePriorityPrivilege enabled/enabled by default // SeCreatePermanentPrivilege enabled/enabled by default // SeDebugPrivilege enabled/enabled by default // SeAuditPrivilege enabled/enabled by default // SeSecurityPrivilege DISabled/NOT enabled by default // SeSystemEnvironmentPrivilege DISabled/NOT enabled by default // SeChangeNotifyPrivilege enabled/enabled by default // SeBackupPrivilege DISabled/NOT enabled by default // SeRestorePrivilege DISabled/NOT enabled by default // SeShutdownPrivilege DISabled/NOT enabled by default // SeLoadDriverPrivilege DISabled/NOT enabled by default // SeProfileSingleProcessPrivilege enabled/enabled by default // SeSystemtimePrivilege DISabled/NOT enabled by default // SeUndockPrivilege DISabled/NOT enabled by default // // The following privileges are not present, and should never be present in // the local system token: // // SeRemoteShutdownPrivilege no one can come in as local system // SeSyncAgentPrivilege only users specified by the admin can // be sync agents // SeEnableDelegationPrivilege only users specified by the admin can // enable delegation on accounts. // Privileges[0].Luid = SeTcbPrivilege; Privileges[0].Attributes = (SE_PRIVILEGE_ENABLED_BY_DEFAULT | // Enabled by default SE_PRIVILEGE_ENABLED); // Enabled Privileges[1].Luid = SeCreateTokenPrivilege; Privileges[1].Attributes = 0; // Only the LSA should enable this. Privileges[2].Luid = SeTakeOwnershipPrivilege; Privileges[2].Attributes = 0; Privileges[3].Luid = SeCreatePagefilePrivilege; Privileges[3].Attributes = (SE_PRIVILEGE_ENABLED_BY_DEFAULT | // Enabled by default SE_PRIVILEGE_ENABLED); // Enabled Privileges[4].Luid = SeLockMemoryPrivilege; Privileges[4].Attributes = (SE_PRIVILEGE_ENABLED_BY_DEFAULT | // Enabled by default SE_PRIVILEGE_ENABLED); // Enabled Privileges[5].Luid = SeAssignPrimaryTokenPrivilege; Privileges[5].Attributes = 0; // disabled, not enabled by default Privileges[6].Luid = SeIncreaseQuotaPrivilege; Privileges[6].Attributes = 0; // disabled, not enabled by default Privileges[7].Luid = SeIncreaseBasePriorityPrivilege; Privileges[7].Attributes = (SE_PRIVILEGE_ENABLED_BY_DEFAULT | // Enabled by default SE_PRIVILEGE_ENABLED); // Enabled Privileges[8].Luid = SeCreatePermanentPrivilege; Privileges[8].Attributes = (SE_PRIVILEGE_ENABLED_BY_DEFAULT | // Enabled by default SE_PRIVILEGE_ENABLED); // Enabled Privileges[9].Luid = SeDebugPrivilege; Privileges[9].Attributes = (SE_PRIVILEGE_ENABLED_BY_DEFAULT | // Enabled by default SE_PRIVILEGE_ENABLED); // Enabled Privileges[10].Luid = SeAuditPrivilege; Privileges[10].Attributes = (SE_PRIVILEGE_ENABLED_BY_DEFAULT | // Enabled by default SE_PRIVILEGE_ENABLED); // Enabled Privileges[11].Luid = SeSecurityPrivilege; Privileges[11].Attributes = 0; // disabled, not enabled by default Privileges[12].Luid = SeSystemEnvironmentPrivilege; Privileges[12].Attributes = 0; // disabled, not enabled by default Privileges[13].Luid = SeChangeNotifyPrivilege; Privileges[13].Attributes = (SE_PRIVILEGE_ENABLED_BY_DEFAULT | // Enabled by default SE_PRIVILEGE_ENABLED); // Enabled Privileges[14].Luid = SeBackupPrivilege; Privileges[14].Attributes = 0; // disabled, not enabled by default Privileges[15].Luid = SeRestorePrivilege; Privileges[15].Attributes = 0; // disabled, not enabled by default Privileges[16].Luid = SeShutdownPrivilege; Privileges[16].Attributes = 0; // disabled, not enabled by default Privileges[17].Luid = SeLoadDriverPrivilege; Privileges[17].Attributes = 0; // disabled, not enabled by default Privileges[18].Luid = SeProfileSingleProcessPrivilege; Privileges[18].Attributes = (SE_PRIVILEGE_ENABLED_BY_DEFAULT | // Enabled by default SE_PRIVILEGE_ENABLED); // Enabled Privileges[19].Luid = SeSystemtimePrivilege; Privileges[19].Attributes = 0; // disabled, not enabled by default Privileges[20].Luid = SeUndockPrivilege ; Privileges[20].Attributes = 0 ; // disabled, not enabled by default //BEFORE ADDING ANOTHER PRIVILEGE ^^ HERE ^^ CHECK THE ARRAY BOUND //ALSO INCREMENT THE PRIVILEGE COUNT IN THE SepCreateToken() call // // Establish the primary group and default owner // PrimaryGroup.PrimaryGroup = SeLocalSystemSid; // Primary group Owner = SeAliasAdminsSid; // Default owner // // Set up an ACL to protect token as well ... // give system full reign of terror. This includes user-mode components // running as part of the system. // Length = (ULONG)sizeof(ACL) + ((ULONG)sizeof(ACCESS_ALLOWED_ACE) - sizeof(ULONG)) + SeLengthSid( SeLocalSystemSid ) ; TokenAcl = (PACL)ExAllocatePoolWithTag(PagedPool, Length, 'cAeS'); if ( TokenAcl == NULL ) { return NULL ; } Status = RtlCreateAcl( TokenAcl, Length, ACL_REVISION2); ASSERT( NT_SUCCESS(Status) ); Status = RtlAddAccessAllowedAce ( TokenAcl, ACL_REVISION2, TOKEN_ALL_ACCESS, SeLocalSystemSid ); ASSERT( NT_SUCCESS(Status) ); TokenSecurityDescriptor = (PSECURITY_DESCRIPTOR)ExAllocatePoolWithTag( PagedPool, sizeof(SECURITY_DESCRIPTOR), 'dSeS' ); if ( TokenSecurityDescriptor == NULL ) { ExFreePool( TokenAcl ); return NULL ; } Status = RtlCreateSecurityDescriptor( TokenSecurityDescriptor, SECURITY_DESCRIPTOR_REVISION ); ASSERT( NT_SUCCESS(Status) ); Status = RtlSetDaclSecurityDescriptor ( TokenSecurityDescriptor, TRUE, TokenAcl, FALSE ); ASSERT( NT_SUCCESS(Status) ); Status = RtlSetOwnerSecurityDescriptor ( TokenSecurityDescriptor, SeAliasAdminsSid, FALSE // Owner defaulted ); ASSERT( NT_SUCCESS(Status) ); Status = RtlSetGroupSecurityDescriptor ( TokenSecurityDescriptor, SeAliasAdminsSid, FALSE // Group defaulted ); ASSERT( NT_SUCCESS(Status) ); // // Create the system token // #ifdef TOKEN_DEBUG // // Debug DbgPrint("\n Creating system token...\n"); // Debug // #endif //TOKEN_DEBUG InitializeObjectAttributes( &TokenObjectAttributes, NULL, 0, NULL, TokenSecurityDescriptor ); ASSERT(SeSystemDefaultDacl != NULL); Status = SepCreateToken( (PHANDLE)&Token, KernelMode, 0, // No handle created for system token &TokenObjectAttributes, TokenPrimary, (SECURITY_IMPERSONATION_LEVEL)0, &SeSystemAuthenticationId, &NoExpiration, &UserId, 3, // GroupCount GroupIds, GroupIdsLength, 21, // privileges Privileges, sizeof(Privileges), Owner, PrimaryGroup.PrimaryGroup, SeSystemDefaultDacl, &SeSystemTokenSource, TRUE, // System token NULL, NULL ); ASSERT(NT_SUCCESS(Status)); // // Assign the security descriptor here, since we don't do it // in SepCreateToken for the System Token. // BufferLength = Length + sizeof(SECURITY_DESCRIPTOR_RELATIVE) + 2 * SeLengthSid(SeAliasAdminsSid); Buffer = (PSECURITY_DESCRIPTOR)ExAllocatePoolWithTag( PagedPool, BufferLength, 'dSeS' ); if ( Buffer ) { Status = RtlAbsoluteToSelfRelativeSD( TokenSecurityDescriptor, Buffer, &BufferLength ); ASSERT(NT_SUCCESS(Status)); Status = ObAssignObjectSecurityDescriptor( Token, Buffer, PagedPool ); ASSERT(NT_SUCCESS(Status)); } else { ObDereferenceObject( Token ); Token = NULL ; } // // We can free the old one now. // ExFreePool( TokenAcl ); ExFreePool( TokenSecurityDescriptor ); return (PACCESS_TOKEN)Token; }

NTSTATUS SepCreateToken (  OUT PHANDLE  TokenHandle, IN KPROCESSOR_MODE  RequestorMode, IN ACCESS_MASK  DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes  OPTIONAL, IN TOKEN_TYPE  TokenType, IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel  OPTIONAL, IN PLUID  AuthenticationId, IN PLARGE_INTEGER  ExpirationTime, IN PSID_AND_ATTRIBUTES  User, IN ULONG  GroupCount, IN PSID_AND_ATTRIBUTES  Groups, IN ULONG  GroupsLength, IN ULONG  PrivilegeCount, IN PLUID_AND_ATTRIBUTES  Privileges, IN ULONG  PrivilegesLength, IN PSID Owner  OPTIONAL, IN PSID  PrimaryGroup, IN PACL DefaultDacl  OPTIONAL, IN PTOKEN_SOURCE  TokenSource, IN BOOLEAN  SystemToken, IN PSECURITY_TOKEN_PROXY_DATA ProxyData  OPTIONAL, IN PSECURITY_TOKEN_AUDIT_DATA AuditData  OPTIONAL )

Definition at line 2213 of file token.c. References ALIGN_UP, ASSERT, ExAllocateLocallyUniqueId, ExAllocatePool, ExAllocatePoolWithTag, FALSE, _OBJECT_TYPE_INITIALIZER::GenericMapping, NT_SUCCESS, NTSTATUS(), NULL, ObCreateObject(), ObDeleteCapturedInsertInfo(), ObDereferenceObject, ObInsertObject(), ObjectAttributes, Owner, PAGED_CODE, PagedPool, PTOKEN, RtlCopySid(), RtlCopySidAndAttributesArray(), RtlEqualLuid(), RtlEqualSid(), RtlLengthRequiredSid(), SeAliasAdminsSid, SeChangeNotifyPrivilege, SeCreateAccessState(), SeCreateTokenPrivilege, SeDeleteAccessState(), SepArrayGroupAttributes, SepCopyProxyData(), SepDeReferenceLogonSession(), SepReferenceLogonSession(), SepTokenObjectType, SeSinglePrivilegeCheck(), Status, Token, TOKEN_DEFAULT_DYNAMIC_CHARGE, TOKEN_HAS_ADMIN_GROUP, TOKEN_HAS_TRAVERSE_PRIVILEGE, TRUE, _OBJECT_TYPE::TypeInfo, and UserMode. Referenced by NtCreateToken(), SeMakeAnonymousLogonToken(), and SeMakeSystemToken(). 02240 : 02241 02242 Create a token object and return a handle opened for access to 02243 that token. This API implements the bulk of the work needed 02244 for NtCreateToken. 02245 02246 All parameters except DesiredAccess and ObjectAttributes are assumed 02247 to have been probed and captured. 02248 02249 The output parameter (TokenHandle) is expected to be returned to a 02250 safe address, rather than to a user mode address that may cause an 02251 exception. 02252 02253 !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! 02254 NOTE: This routine is also used to create the initial system token. 02255 In that case, the SystemToken parameter is TRUE and no handle 02256 is established to the token. Instead, a pointer to the token 02257 is returned via the TokenHandle parameter. 02258 !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! 02259 02260 02261 Arguments: 02262 02263 TokenHandle - Receives the handle of the newly created token. If the 02264 SystemToken parameter is specified is true, then this parameter 02265 receives a pointer to the token instead of a handle to the token. 02266 02267 RequestorMode - The mode of the caller on whose behalf the token 02268 is being created. 02269 02270 DesiredAccess - Is an access mask indicating which access types 02271 the handle is to provide to the new object. 02272 02273 ObjectAttributes - Points to the standard object attributes data 02274 structure. Refer to the NT Object Management 02275 Specification for a description of this data structure. 02276 02277 TokenType - Type of token to be created. Privilege is required 02278 to create any type of token. 02279 02280 ImpersonationLevel - If the token type is TokenImpersonation, then 02281 this parameter is used to specify the impersonation level of 02282 the token. 02283 02284 AuthenticationId - Points to a LUID (or LUID) providing a unique 02285 identifier associated with the authentication. This is used 02286 within security only, for audit purposes. 02287 02288 ExpirationTime - Time at which the token becomes invalid. If this 02289 value is specified as zero, then the token has no expiration 02290 time. 02291 02292 User - Is the user SID to place in the token. 02293 02294 GroupCount - Indicates the number of groups in the 'Groups' parameter. 02295 This value may be zero, in which case the 'Groups' parameter is 02296 ignored. 02297 02298 Groups - Are the group SIDs, and their corresponding attributes, 02299 to place in the token. 02300 02301 GroupsLength - Indicates the length, in bytes, of the array of groups 02302 to place in the token. 02303 02304 PrivilegeCount - Indicates the number of privileges in the 'Privileges' 02305 parameter. This value may be zero, in which case the 'Privileges' 02306 parameter is ignored. 02307 02308 Privileges - Are the privilege LUIDs, and their corresponding attributes, 02309 to place in the token. 02310 02311 PrivilegesLength - Indicates the length, in bytes, of the array of 02312 privileges to place in the token. 02313 02314 Owner - (Optionally) identifies an identifier that is to be used 02315 as the default owner for the token. If not provided, the 02316 user ID is made the default owner. 02317 02318 PrimaryGroup - Identifies which of the group IDs is to be the 02319 primary group of the token. 02320 02321 DefaultDacl - (optionally) establishes an ACL to be used as the 02322 default discretionary access protection for the token. 02323 02324 TokenSource - Identifies the token source name string and 02325 identifier to be assigned to the token. 02326 02327 Return Value: 02328 02329 STATUS_SUCCESS - Indicates the operation was successful. 02330 02331 STATUS_INVALID_OWNER - Indicates the ID provided to be assigned 02332 as the default owner of the token does not have an attribute 02333 indicating it may be assigned as an owner. 02334 02335 STATUS_INVALID_PRIMARY_GROUP - Indicates the group ID provided 02336 via the PrimaryGroup parameter was not among those assigned 02337 to the token in the Groups parameter. 02338 02339 STATUS_INVALID_PARAMETER - Indicates that a required parameter, 02340 such as User or PrimaryGroup, was not provided with a legitimate 02341 value. 02342 02343 --*/ 02344 02345 { 02346 02347 PTOKEN Token; 02348 NTSTATUS Status; 02349 02350 ULONG PagedPoolSize; 02351 02352 ULONG PrimaryGroupLength; 02353 02354 ULONG TokenBodyLength; 02355 ULONG VariableLength; 02356 02357 ULONG DefaultOwnerIndex; 02358 PUCHAR Where ; 02359 ULONG ComputedPrivLength ; 02360 02361 //ULONG_PTR NextFree; 02362 PSID NextSidFree; 02363 02364 ULONG DynamicLength = TOKEN_DEFAULT_DYNAMIC_CHARGE; 02365 ULONG DynamicLengthUsed; 02366 02367 ULONG SubAuthorityCount; 02368 ULONG GroupIndex; 02369 ULONG PrivilegeIndex; 02370 BOOLEAN OwnerFound; 02371 02372 UCHAR TokenFlags = 0; 02373 02374 ACCESS_STATE AccessState; 02375 AUX_ACCESS_DATA AuxData; 02376 LUID NewModifiedId; 02377 02378 PAGED_CODE(); 02379 02380 ASSERT( sizeof(SECURITY_IMPERSONATION_LEVEL) <= sizeof(ULONG) ); 02381 02382 // 02383 // Make sure the Enabled and Enabled-by-default bits are set on every 02384 // mandatory group. 02385 // 02386 // Also, check to see if the local administrators alias is present. 02387 // if so, turn on the flag so that we can do restrictions later 02388 // 02389 02390 for (GroupIndex=0; GroupIndex < GroupCount; GroupIndex++) { 02391 if (Groups[GroupIndex].Attributes & SE_GROUP_MANDATORY) { 02392 Groups[GroupIndex].Attributes |= (SE_GROUP_ENABLED | SE_GROUP_ENABLED_BY_DEFAULT); 02393 } 02394 if ( RtlEqualSid( SeAliasAdminsSid, Groups[GroupIndex].Sid ) ) 02395 { 02396 TokenFlags |= TOKEN_HAS_ADMIN_GROUP ; 02397 } 02398 } 02399 02400 // 02401 // Check to see if the token being created is going to be granted 02402 // SeChangeNotifyPrivilege. If so, set a flag in the TokenFlags field 02403 // so we can find this out quickly. 02404 // 02405 02406 for (PrivilegeIndex = 0; PrivilegeIndex < PrivilegeCount; PrivilegeIndex++) { 02407 02408 if (((RtlEqualLuid(&Privileges[PrivilegeIndex].Luid,&SeChangeNotifyPrivilege)) 02409 && 02410 (Privileges[PrivilegeIndex].Attributes & SE_PRIVILEGE_ENABLED))) { 02411 02412 TokenFlags |= TOKEN_HAS_TRAVERSE_PRIVILEGE; 02413 break; 02414 } 02415 } 02416 02417 02418 // 02419 // Get a ModifiedId to use 02420 // 02421 02422 ExAllocateLocallyUniqueId( &NewModifiedId ); 02423 02424 // 02425 // Validate the owner ID, if provided and establish the default 02426 // owner index. 02427 // 02428 02429 if (!ARGUMENT_PRESENT(Owner)) { 02430 02431 DefaultOwnerIndex = 0; 02432 02433 } else { 02434 02435 02436 if ( RtlEqualSid( Owner, User->Sid ) ) { 02437 02438 DefaultOwnerIndex = 0; 02439 02440 } else { 02441 02442 GroupIndex = 0; 02443 OwnerFound = FALSE; 02444 02445 while ((GroupIndex < GroupCount) && (!OwnerFound)) { 02446 02447 if ( RtlEqualSid( Owner, (Groups[GroupIndex].Sid) ) ) { 02448 02449 // 02450 // Found a match - make sure it is assignable as owner. 02451 // 02452 02453 if ( SepArrayGroupAttributes( Groups, GroupIndex ) & 02454 SE_GROUP_OWNER ) { 02455 02456 DefaultOwnerIndex = GroupIndex + 1; 02457 OwnerFound = TRUE; 02458 02459 } else { 02460 02461 return STATUS_INVALID_OWNER; 02462 02463 } // endif Owner attribute set 02464 02465 } // endif owner = group 02466 02467 GroupIndex += 1; 02468 02469 } // endwhile 02470 02471 if (!OwnerFound) { 02472 02473 return STATUS_INVALID_OWNER; 02474 02475 } // endif !OwnerFound 02476 } // endif owner = user 02477 } // endif owner specified 02478 02479 02480 02481 // 02482 // Increment the reference count for this logon session 02483 // (fail if there is no corresponding logon session.) 02484 // 02485 02486 Status = SepReferenceLogonSession( AuthenticationId ); 02487 if ( !NT_SUCCESS(Status) ) { 02488 return Status; 02489 } 02490 02491 02492 02493 02494 // 02495 // Calculate the length needed for the variable portion of the token 02496 // This includes the User ID, Group IDs, and Privileges 02497 // 02498 // 02499 // Align the privilege chunk by pointer alignment so that the SIDs will 02500 // be correctly aligned. Align the Groups Length so that the SID_AND_ATTR 02501 // array (which is 02502 // 02503 02504 ComputedPrivLength = PrivilegeCount * sizeof( LUID_AND_ATTRIBUTES ) ; 02505 02506 ComputedPrivLength = ALIGN_UP( ComputedPrivLength, PVOID ); 02507 02508 GroupsLength = ALIGN_UP( GroupsLength, PVOID ); 02509 02510 02511 VariableLength = GroupsLength + ComputedPrivLength + 02512 ALIGN_UP( (GroupCount * sizeof( SID_AND_ATTRIBUTES )), PVOID ) ; 02513 02514 SubAuthorityCount = ((SID *)(User->Sid))->SubAuthorityCount; 02515 VariableLength += sizeof(SID_AND_ATTRIBUTES) + 02516 (ULONG)LongAlignSize(RtlLengthRequiredSid( SubAuthorityCount )); 02517 02518 02519 02520 // 02521 // Calculate the length needed for the dynamic portion of the token 02522 // This includes the default Dacl and the primary group. 02523 // 02524 02525 SubAuthorityCount = ((SID *)PrimaryGroup)->SubAuthorityCount; 02526 DynamicLengthUsed = (ULONG)LongAlignSize(RtlLengthRequiredSid( SubAuthorityCount )); 02527 02528 if (ARGUMENT_PRESENT(DefaultDacl)) { 02529 DynamicLengthUsed += (ULONG)LongAlignSize(DefaultDacl->AclSize); 02530 } 02531 02532 if (DynamicLengthUsed > DynamicLength) { 02533 DynamicLength = DynamicLengthUsed; 02534 } 02535 02536 // 02537 // Now create the token body 02538 // 02539 02540 TokenBodyLength = sizeof(TOKEN) + VariableLength; 02541 PagedPoolSize = TokenBodyLength + DynamicLength; 02542 02543 02544 Status = ObCreateObject( 02545 RequestorMode, // ProbeMode 02546 SepTokenObjectType, // ObjectType 02547 ObjectAttributes, // ObjectAttributes 02548 UserMode, // OwnershipMode 02549 NULL, // ParseContext 02550 TokenBodyLength, // ObjectBodySize 02551 PagedPoolSize, // PagedPoolCharge 02552 0, // NonPagedPoolCharge 02553 (PVOID *)&Token // Return pointer to object 02554 ); 02555 02556 if (!NT_SUCCESS(Status)) { 02557 SepDeReferenceLogonSession( AuthenticationId ); 02558 return Status; 02559 } 02560 02561 // 02562 // After this point, we rely on token deletion to clean up the referenced 02563 // logon session if the creation fails. 02564 // 02565 02566 02567 // 02568 // Main Body initialization 02569 // 02570 02571 02572 ExAllocateLocallyUniqueId( &(Token->TokenId) ); 02573 Token->ParentTokenId = RtlConvertLongToLuid(0); 02574 Token->AuthenticationId = (*AuthenticationId); 02575 Token->TokenInUse = FALSE; 02576 Token->ModifiedId = NewModifiedId; 02577 Token->ExpirationTime = (*ExpirationTime); 02578 Token->TokenType = TokenType; 02579 Token->ImpersonationLevel = ImpersonationLevel; 02580 Token->TokenSource = (*TokenSource); 02581 02582 Token->TokenFlags = TokenFlags; 02583 Token->SessionId = 0; 02584 02585 Token->DynamicCharged = DynamicLength; 02586 Token->DynamicAvailable = DynamicLength - DynamicLengthUsed; 02587 02588 Token->DefaultOwnerIndex = DefaultOwnerIndex; 02589 Token->DefaultDacl = NULL; 02590 02591 Token->VariableLength = VariableLength; 02592 02593 // Ensure SepTokenDeleteMethod knows the buffers aren't allocated yet. 02594 Token->ProxyData = NULL; 02595 Token->AuditData = NULL; 02596 Token->DynamicPart = NULL; 02597 02598 if (ARGUMENT_PRESENT( ProxyData )) { 02599 02600 Status = SepCopyProxyData( 02601 &Token->ProxyData, 02602 ProxyData 02603 ); 02604 02605 if (!NT_SUCCESS(Status)) { 02606 ObDereferenceObject( Token ); 02607 return( STATUS_NO_MEMORY ); 02608 } 02609 02610 } else { 02611 02612 Token->ProxyData = NULL; 02613 } 02614 02615 if (ARGUMENT_PRESENT( AuditData )) { 02616 02617 Token->AuditData = ExAllocatePool( PagedPool, sizeof( SECURITY_TOKEN_AUDIT_DATA )); 02618 02619 if (Token->AuditData == NULL) { 02620 ObDereferenceObject( Token ); 02621 return( STATUS_NO_MEMORY ); 02622 } 02623 02624 *(Token->AuditData) = *AuditData; 02625 02626 } else { 02627 02628 Token->AuditData = NULL; 02629 } 02630 02631 02632 // 02633 // Variable part initialization 02634 // Data is in the following order: 02635 // 02636 // Privileges array 02637 // User (SID_AND_ATTRIBUTES) 02638 // Groups (SID_AND_ATTRIBUTES) 02639 // Restricted Sids (SID_AND_ATTRIBUTES) 02640 // SIDs 02641 // 02642 02643 Where = (PUCHAR) & Token->VariablePart ; 02644 02645 Token->Privileges = (PLUID_AND_ATTRIBUTES) Where ; 02646 Token->PrivilegeCount = PrivilegeCount ; 02647 02648 RtlCopyMemory( 02649 Where, 02650 Privileges, 02651 PrivilegeCount * sizeof(LUID_AND_ATTRIBUTES) ); 02652 02653 ASSERT( ComputedPrivLength >= PrivilegeCount * sizeof( LUID_AND_ATTRIBUTES ) ); 02654 02655 Where += ComputedPrivLength ; 02656 VariableLength -= ComputedPrivLength ; 02657 02658 ASSERT( (((ULONG_PTR) Where ) & (sizeof(PVOID) - 1)) == 0 ); 02659 02660 // 02661 // Now, copy the sid and attributes arrays. 02662 // 02663 02664 NextSidFree = (PSID) (Where + (sizeof( SID_AND_ATTRIBUTES ) * 02665 (GroupCount + 1) ) ); 02666 02667 Token->UserAndGroups = (PSID_AND_ATTRIBUTES) Where ; 02668 Token->UserAndGroupCount = GroupCount + 1 ; 02669 02670 02671 ASSERT(VariableLength >= ((GroupCount + 1) * (ULONG)sizeof(SID_AND_ATTRIBUTES))); 02672 02673 VariableLength -= ((GroupCount + 1) * (ULONG)sizeof(SID_AND_ATTRIBUTES)); 02674 Status = RtlCopySidAndAttributesArray( 02675 1, 02676 User, 02677 VariableLength, 02678 (PSID_AND_ATTRIBUTES)Where, 02679 NextSidFree, 02680 &NextSidFree, 02681 &VariableLength 02682 ); 02683 02684 Where += sizeof( SID_AND_ATTRIBUTES ); 02685 02686 ASSERT( (((ULONG_PTR) Where ) & (sizeof(PVOID) - 1)) == 0 ); 02687 02688 Status = RtlCopySidAndAttributesArray( 02689 GroupCount, 02690 Groups, 02691 VariableLength, 02692 (PSID_AND_ATTRIBUTES)Where, 02693 NextSidFree, 02694 &NextSidFree, 02695 &VariableLength 02696 ); 02697 02698 02699 ASSERT(NT_SUCCESS(Status)); 02700 02701 02702 Token->RestrictedSids = NULL; 02703 Token->RestrictedSidCount = 0; 02704 02705 02706 // 02707 // Dynamic part initialization 02708 // Data is in the following order: 02709 // 02710 // PrimaryGroup (SID) 02711 // Default Discreationary Acl (ACL) 02712 // 02713 02714 Token->DynamicPart = (PULONG)ExAllocatePoolWithTag( PagedPool, DynamicLength, 'dTeS' ); 02715 02716 // 02717 // The attempt to allocate the DynamicPart of the token may have 02718 // failed. Dereference the created object and exit with an error. 02719 // 02720 02721 if (Token->DynamicPart == NULL) { 02722 ObDereferenceObject( Token ); 02723 return( STATUS_NO_MEMORY ); 02724 } 02725 02726 02727 Where = (PUCHAR) Token->DynamicPart; 02728 02729 Token->PrimaryGroup = (PSID) Where; 02730 PrimaryGroupLength = RtlLengthRequiredSid( ((SID *)PrimaryGroup)->SubAuthorityCount ); 02731 RtlCopySid( PrimaryGroupLength, (PSID)Where, PrimaryGroup ); 02732 Where += (ULONG)LongAlignSize(PrimaryGroupLength); 02733 02734 if (ARGUMENT_PRESENT(DefaultDacl)) { 02735 Token->DefaultDacl = (PACL)Where; 02736 02737 RtlCopyMemory( (PVOID)Where, 02738 (PVOID)DefaultDacl, 02739 DefaultDacl->AclSize 02740 ); 02741 } 02742 02743 #ifdef TOKEN_DEBUG 02744 02745 // 02746 // Debug 02747 SepDumpToken( Token ); 02748 // Debug 02749 // 02751 #endif //TOKEN_DEBUG 02752 02753 02754 // 02755 // Insert the token unless it is a system token. 02756 // 02757 02758 if (!SystemToken) { 02759 02760 Status = SeCreateAccessState( 02761 &AccessState, 02762 &AuxData, 02763 DesiredAccess, 02764 &SepTokenObjectType->TypeInfo.GenericMapping 02765 ); 02766 02767 if ( NT_SUCCESS(Status) ) { 02768 BOOLEAN PrivilegeHeld; 02769 02770 PrivilegeHeld = SeSinglePrivilegeCheck( 02771 SeCreateTokenPrivilege, 02772 KeGetPreviousMode() 02773 ); 02774 02775 if (PrivilegeHeld) { 02776 02777 Status = ObInsertObject( Token, 02778 &AccessState, 02779 0, 02780 0, 02781 (PVOID *)NULL, 02782 TokenHandle 02783 ); 02784 02785 } else { 02786 02787 Status = STATUS_PRIVILEGE_NOT_HELD; 02788 ObDereferenceObject( Token ); 02789 } 02790 02791 SeDeleteAccessState( &AccessState ); 02792 02793 } else { 02794 02795 ObDereferenceObject( Token ); 02796 } 02797 } else { 02798 02799 ASSERT( NT_SUCCESS( Status ) ); 02800 ObDeleteCapturedInsertInfo(Token); 02801 // 02802 // Return pointer instead of handle. 02803 // 02804 02805 (*TokenHandle) = (HANDLE)Token; 02806 } 02807 02808 return Status; 02809 02810 }

BOOLEAN SepIdAssignableAsOwner (  IN PTOKEN  Token, IN ULONG  Index )

Definition at line 2813 of file token.c. References Index, PAGED_CODE, SepTokenGroupAttributes, Token, and TRUE. Referenced by NtSetInformationToken(), and SepValidOwnerSubjectContext(). : This routine returns a boolean value indicating whether the user or group ID in the specified token with the specified index is assignable as the owner of an object. If the index is 0, which is always the USER ID, then the ID is assignable as owner. Otherwise, the ID is that of a group, and it must have the "Owner" attribute set to be assignable. Arguments: Token - Pointer to a locked Token to use. Index - Index into the Token's UserAndGroupsArray. This value is assumed to be valid. Return Value: TRUE - Indicates the index corresponds to an ID that may be assigned as the owner of objects. FALSE - Indicates the index does not correspond to an ID that may be assigned as the owner of objects. --*/ { PAGED_CODE(); if (Index == 0) { return TRUE; } else { return (BOOLEAN) ( (SepTokenGroupAttributes(Token,Index) & SE_GROUP_OWNER) != 0 ); } }

VOID SepTokenDeleteMethod (  IN PVOID  Token  )

Definition at line 2156 of file token.c. References ExFreePool(), PAGED_CODE, SepDeReferenceLogonSession(), SepFreeProxyData(), and Token. Referenced by SepTokenInitialization(). 02162 : 02163 02164 This function is the token object type-specific delete method. 02165 It is needed to ensure that all memory allocated for the token 02166 gets deallocated. 02167 02168 Arguments: 02169 02170 Token - Points to the token object being deleted. 02171 02172 Return Value: 02173 02174 None. 02175 02176 --*/ 02177 02178 { 02179 PAGED_CODE(); 02180 02181 // 02182 // De-reference the logon session referenced by this token object 02183 // 02184 02185 SepDeReferenceLogonSession( &(((TOKEN *)Token)->AuthenticationId) ); 02186 02187 02188 // 02189 // If the token has an associated Dynamic part, deallocate it. 02190 // 02191 02192 if (ARGUMENT_PRESENT( ((TOKEN *)Token)->DynamicPart)) { 02193 ExFreePool( ((TOKEN *)Token)->DynamicPart ); 02194 } 02195 02196 // 02197 // Free the Proxy and Global audit structures if present. 02198 // 02199 02200 if (ARGUMENT_PRESENT(((TOKEN *) Token)->ProxyData)) { 02201 SepFreeProxyData( ((TOKEN *)Token)->ProxyData ); 02202 } 02203 02204 if (ARGUMENT_PRESENT(((TOKEN *)Token)->AuditData )) { 02205 ExFreePool( (((TOKEN *)Token)->AuditData) ); 02206 } 02207 02208 02209 return; 02210 }

BOOLEAN SepTokenInitialization (  VOID   )

Definition at line 1460 of file token.c. References ExInitializeResource, L, NT_SUCCESS, NTSTATUS(), NULL, ObCreateObjectType(), PAGED_CODE, PagedPool, RtlInitUnicodeString(), SepTokenDeleteMethod(), SepTokenLock, SepTokenMapping, SepTokenObjectType, Status, and TRUE. Referenced by SepInitializationPhase0(). 01464 : 01465 01466 This function creates the token object type descriptor at system 01467 initialization and stores the address of the object type descriptor 01468 in global storage. It also created token related global variables. 01469 01470 Furthermore, some number of pseudo tokens are created during system 01471 initialization. These tokens are tracked down and replaced with 01472 real tokens. 01473 01474 Arguments: 01475 01476 None. 01477 01478 Return Value: 01479 01480 A value of TRUE is returned if the object type descriptor is 01481 successfully initialized. Otherwise a value of FALSE is returned. 01482 01483 --*/ 01484 01485 { 01486 01487 OBJECT_TYPE_INITIALIZER ObjectTypeInitializer; 01488 NTSTATUS Status; 01489 UNICODE_STRING TypeName; 01490 01491 PAGED_CODE(); 01492 01493 // 01494 // Initialize string descriptor. 01495 // 01496 01497 RtlInitUnicodeString(&TypeName, L"Token"); 01498 01499 01500 // 01501 // Create the global token lock 01502 // 01503 01504 ExInitializeResource(&SepTokenLock); 01505 01506 01507 #if 0 01508 BUG, BUG Need to get system default ACL to protect token object 01509 #endif 01510 01511 // 01512 // Create object type descriptor. 01513 // 01514 01515 RtlZeroMemory(&ObjectTypeInitializer,sizeof(ObjectTypeInitializer)); 01516 ObjectTypeInitializer.Length = sizeof(ObjectTypeInitializer); 01517 ObjectTypeInitializer.InvalidAttributes = OBJ_OPENLINK; 01518 ObjectTypeInitializer.GenericMapping = SepTokenMapping; 01519 ObjectTypeInitializer.SecurityRequired = TRUE; 01520 ObjectTypeInitializer.UseDefaultObject = TRUE; 01521 ObjectTypeInitializer.PoolType = PagedPool; 01522 ObjectTypeInitializer.ValidAccessMask = TOKEN_ALL_ACCESS; 01523 ObjectTypeInitializer.DeleteProcedure = SepTokenDeleteMethod; 01524 01525 Status = ObCreateObjectType(&TypeName, 01526 &ObjectTypeInitializer, 01527 (PSECURITY_DESCRIPTOR)NULL, // BUG, BUG assign real protection 01528 &SepTokenObjectType 01529 ); 01530 01531 01532 #if 0 01533 BUG, BUG Now track down all pseudo tokens used during system initialization 01534 BUG, BUG and replace them with real ones. 01535 #endif 01536 01537 // 01538 // If the object type descriptor was successfully created, then 01539 // return a value of TRUE. Otherwise return a value of FALSE. 01540 // 01541 01542 return (BOOLEAN)NT_SUCCESS(Status); 01543 }

NTSTATUS SeSubProcessToken (  IN PEPROCESS  ParentProcess, OUT PACCESS_TOKEN *  ChildToken )

Definition at line 1327 of file token.c. References DbgPrint, FALSE, KernelMode, KPROCESSOR_MODE, NT_SUCCESS, NTSTATUS(), NULL, ObInsertObject(), PAGED_CODE, PrimaryTokenAttributes, PsDereferencePrimaryToken, PsReferencePrimaryToken(), PTOKEN, SepDuplicateToken(), Status, and TRUE. Referenced by PspInitializeProcessSecurity(). : This routine makes a token for a sub-process that is a duplicate of the parent process's token. Parameters: ParentProcess - Pointer to the parent process object. This is used to locate the parent process's primary token, and for logging purposes. ChildToken - Receives a pointer to the child process's token. Return Value: STATUS_SUCCESS - Indicates the sub-process's token has been created successfully. Other status values may be returned from memory allocation or object creation services used and typically indicate insufficient resources or quota on the requestor's part. --*/ { // // NOTE: THIS ROUTINE CAN BE MADE MUCH MORE EFFICIENT. // IT IS DONE IN A BRUTE FORCE FASHION FOR THE LARGE_INTEGER // BEING TO GET THINGS UP AND RUNNING. // // THE PERFORMANCE OF THIS ROUTINE DIRECTLY IMPACTS // THE PERFORMANCE OF SUB-PROCESS CREATION. // KPROCESSOR_MODE PreviousMode; PTOKEN ParentToken; PTOKEN NewToken; HANDLE NewTokenHandle; OBJECT_ATTRIBUTES PrimaryTokenAttributes; PTOKEN InsertedToken; NTSTATUS Status; NTSTATUS IgnoreStatus; PAGED_CODE(); PreviousMode = KeGetPreviousMode(); InitializeObjectAttributes( &PrimaryTokenAttributes, NULL, 0, NULL, NULL ); #ifdef TOKEN_DEBUG DbgPrint("\nCreating sub-process token...\n"); DbgPrint("Parent token address = 0x%lx\n", ParentProcess->Token); #endif //TOKEN_DEBUG ParentToken = (PTOKEN)PsReferencePrimaryToken( ParentProcess ); Status = SepDuplicateToken( ParentToken, // ExistingToken &PrimaryTokenAttributes, // ObjectAttributes FALSE, // EffectiveOnly TokenPrimary, // TokenType (SECURITY_IMPERSONATION_LEVEL)0, // ImpersonationLevel KernelMode, // RequestorMode &NewToken // NewToken ); PsDereferencePrimaryToken( (PACCESS_TOKEN)ParentToken ); if (NT_SUCCESS(Status)) { // // Insert the new token object, up its ref count, and then // delete the new handle. // Status = ObInsertObject( NewToken, NULL, 0, 1, // ObjectPointerBias (PVOID *)&InsertedToken, &NewTokenHandle ); if (NT_SUCCESS(Status)) { *ChildToken = InsertedToken; InsertedToken->TokenInUse = TRUE; IgnoreStatus = ZwClose( NewTokenHandle ); // // At this point, either the token has a reference // outstanding (and no handles), or the reference // failed. If the reference failed, the status will // be returned indicating why. // } else { // // ObInsertObject dereferences the passed object if it // fails, so we don't have to do any cleanup on NewToken // here. // } } return Status; }

SECURITY_IMPERSONATION_LEVEL SeTokenImpersonationLevel (  IN PACCESS_TOKEN  Token  )

Definition at line 211 of file token.c. References PAGED_CODE, PTOKEN, and Token. Referenced by PsAssignImpersonationToken(). : This function returns the impersonation level of a token. The token is assumed to be a TokenImpersonation type token. Arguments: Token - Points to the token whose impersonation level is to be returned. Return Value: The token's impersonation level. --*/ { PAGED_CODE(); return ((PTOKEN)Token)->ImpersonationLevel; }

NTKERNELAPI BOOLEAN SeTokenIsAdmin (  IN PACCESS_TOKEN  Token  )

Definition at line 150 of file token.c. References PAGED_CODE, PTOKEN, Token, and TOKEN_HAS_ADMIN_GROUP. Referenced by NtAssignProcessToJobObject(), NtSetInformationJobObject(), PsAssignImpersonationToken(), and PsImpersonateClient(). : Returns if the token is a member of the local admin group. Arguments: Token - Points to the token. Return Value: TRUE - Token contains the local admin group FALSE - no admin. --*/ { PAGED_CODE(); return ((((PTOKEN)Token)->TokenFlags & TOKEN_HAS_ADMIN_GROUP) != 0 ); }

NTKERNELAPI BOOLEAN SeTokenIsRestricted (  IN PACCESS_TOKEN  Token  )

Definition at line 181 of file token.c. References PAGED_CODE, PTOKEN, Token, and TOKEN_IS_RESTRICTED. Referenced by IsRestricted(), PsAssignImpersonationToken(), PsImpersonateClient(), and SepAccessCheck(). : Returns if the token is a restricted token. Arguments: Token - Points to the token. Return Value: TRUE - Token contains restricted sids FALSE - no admin. --*/ { PAGED_CODE(); return ((((PTOKEN)Token)->TokenFlags & TOKEN_IS_RESTRICTED) != 0 ); }

TOKEN_TYPE SeTokenType (  IN PACCESS_TOKEN  Token  )

Definition at line 118 of file token.c. References PAGED_CODE, PTOKEN, and Token. Referenced by PsAssignImpersonationToken(). : This function returns the type of an instance of a token (TokenPrimary, or TokenImpersonation). Arguments: Token - Points to the token whose type is to be returned. Return Value: The token's type. --*/ { PAGED_CODE(); return (((PTOKEN)Token)->TokenType); }

---

Variable Documentation

ERESOURCE SepTokenLock

Definition at line 93 of file token.c. Referenced by SepTokenInitialization().

GENERIC_MAPPING SepTokenMapping

Initial value: { TOKEN_READ, TOKEN_WRITE, TOKEN_EXECUTE, TOKEN_ALL_ACCESS } Definition at line 67 of file token.c. Referenced by SepTokenInitialization().

POBJECT_TYPE SepTokenObjectType

Definition at line 77 of file token.c.

---