ctaccess.c File Reference

#include "tsecomm.c"

Go to the source code of this file.

Classes
struct	_STANDARD_ACE
Defines
#define	FirstAce(Acl)   ((PVOID)((PUCHAR)(Acl) + sizeof(ACL)))
#define	NextAce(Ace)   ((PVOID)((PUCHAR)(Ace) + ((PACE_HEADER)(Ace))->AceSize))
#define	DEFAULT_DACL_LENGTH   (1024L)
#define	GROUP_IDS_LENGTH   (1024L)
#define	NEW_GROUP_STATE_LENGTH   (1024L)
#define	PRIVILEGES_LENGTH   (128L)
#define	TOO_BIG_ACL_SIZE   (2048L)
#define	FLINTSTONE_INDEX   (0L)
#define	CHILD_INDEX   (1L)
#define	NEANDERTHOL_INDEX   (2L)
#define	WORLD_INDEX   (3L)
#define	GROUP_COUNT   (4L)
#define	UNSOLICITED_INDEX   (0L)
#define	SECURITY_INDEX   (1L)
#define	PRIVILEGE_COUNT   (2L)
#define	SET_WIDGET_COLOR   0x00000001
#define	SET_WIDGET_SIZE   0x00000002
#define	GET_WIDGET_COLOR   0x00000004
#define	GET_WIDGET_SIZE   0x00000008
#define	START_WIDGET   0x00000010
#define	STOP_WIDGET   0x00000020
#define	GIVE_WIDGET   0x00000040
#define	TAKE_WIDGET   0x00000080
Typedefs
typedef _STANDARD_ACE	STANDARD_ACE
typedef STANDARD_ACE *	PSTANDARD_ACE
Functions
VOID	DumpAcl (IN PACL Acl)
BOOLEAN	TestTokenInitialize ()
BOOLEAN	CreateDAclToken ()
BOOLEAN	CTAccess ()
Variables
NTSTATUS	Status
HANDLE	SimpleToken
HANDLE	TokenWithGroups
HANDLE	TokenWithDefaultOwner
HANDLE	TokenWithPrivileges
HANDLE	TokenWithDefaultDacl
HANDLE	Token
HANDLE	ImpersonationToken
HANDLE	PrimaryToken
HANDLE	AnonymousToken
OBJECT_ATTRIBUTES	PrimaryTokenAttributes
PSECURITY_DESCRIPTOR	PrimarySecurityDescriptor
SECURITY_QUALITY_OF_SERVICE	PrimarySecurityQos
OBJECT_ATTRIBUTES	ImpersonationTokenAttributes
PSECURITY_DESCRIPTOR	ImpersonationSecurityDescriptor
SECURITY_QUALITY_OF_SERVICE	ImpersonationSecurityQos
OBJECT_ATTRIBUTES	AnonymousTokenAttributes
PSECURITY_DESCRIPTOR	AnonymousSecurityDescriptor
SECURITY_QUALITY_OF_SERVICE	AnonymousSecurityQos
ULONG	DisabledGroupAttributes
ULONG	OptionalGroupAttributes
ULONG	NormalGroupAttributes
ULONG	OwnerGroupAttributes
ULONG	LengthAvailable
ULONG	CurrentLength
TIME_FIELDS	TempTimeFields = {3000, 1, 1, 1, 1, 1, 1, 1}
LARGE_INTEGER	NoExpiration
LUID	DummyAuthenticationId
LUID	SystemAuthenticationId = SYSTEM_LUID
TOKEN_SOURCE	TestSource = {"SE: TEST", 0}
PSID	Owner
PSID	Group
PACL	Dacl
PSID	TempOwner
PSID	TempGroup
PACL	TempDacl

---

Define Documentation

#define CHILD_INDEX   (1L)

Definition at line 87 of file ctaccess.c. Referenced by CreateDAclToken(), TestTokenAdjustGroups(), TestTokenAssignPrimary(), TestTokenCreate(), TestTokenFilter(), and TestTokenQuery().

#define DEFAULT_DACL_LENGTH   (1024L)

Definition at line 76 of file ctaccess.c. Referenced by CreateDAclToken(), TestTokenAssignPrimary(), and TestTokenCreate().

#define FirstAce (  Acl   )     ((PVOID)((PUCHAR)(Acl) + sizeof(ACL)))

Definition at line 51 of file ctaccess.c.

#define FLINTSTONE_INDEX   (0L)

Definition at line 86 of file ctaccess.c. Referenced by CreateDAclToken(), TestTokenAdjustGroups(), TestTokenAssignPrimary(), TestTokenCreate(), TestTokenFilter(), and TestTokenQuery().

#define GET_WIDGET_COLOR   0x00000004

Definition at line 107 of file ctaccess.c.

#define GET_WIDGET_SIZE   0x00000008

Definition at line 108 of file ctaccess.c.

#define GIVE_WIDGET   0x00000040

Definition at line 111 of file ctaccess.c.

#define GROUP_COUNT   (4L)

Definition at line 90 of file ctaccess.c. Referenced by CreateDAclToken(), TestTokenAdjustGroups(), TestTokenAssignPrimary(), TestTokenCreate(), and TestTokenQuery().

#define GROUP_IDS_LENGTH   (1024L)

Definition at line 77 of file ctaccess.c. Referenced by CreateDAclToken(), TestTokenAssignPrimary(), TestTokenCreate(), and TestTokenFilter().

#define NEANDERTHOL_INDEX   (2L)

Definition at line 88 of file ctaccess.c. Referenced by CreateDAclToken(), TestTokenAdjustGroups(), TestTokenAssignPrimary(), TestTokenCreate(), and TestTokenQuery().

#define NEW_GROUP_STATE_LENGTH   (1024L)

Definition at line 78 of file ctaccess.c.

#define NextAce (  Ace   )     ((PVOID)((PUCHAR)(Ace) + ((PACE_HEADER)(Ace))->AceSize))

Definition at line 63 of file ctaccess.c.

#define PRIVILEGE_COUNT   (2L)

Definition at line 99 of file ctaccess.c. Referenced by CreateDAclToken(), TestTokenAdjustPrivileges(), TestTokenAssignPrimary(), TestTokenCreate(), and TestTokenQuery().

#define PRIVILEGES_LENGTH   (128L)

Definition at line 79 of file ctaccess.c. Referenced by CreateDAclToken(), TestTokenAssignPrimary(), TestTokenCreate(), and TestTokenFilter().

#define SECURITY_INDEX   (1L)

Definition at line 98 of file ctaccess.c. Referenced by CreateDAclToken(), TestTokenAdjustPrivileges(), TestTokenAssignPrimary(), TestTokenCreate(), TestTokenFilter(), and TestTokenQuery().

#define SET_WIDGET_COLOR   0x00000001

Definition at line 105 of file ctaccess.c. Referenced by CreateDAclToken().

#define SET_WIDGET_SIZE   0x00000002

Definition at line 106 of file ctaccess.c. Referenced by CreateDAclToken().

#define START_WIDGET   0x00000010

Definition at line 109 of file ctaccess.c.

#define STOP_WIDGET   0x00000020

Definition at line 110 of file ctaccess.c.

#define TAKE_WIDGET   0x00000080

Definition at line 112 of file ctaccess.c.

#define TOO_BIG_ACL_SIZE   (2048L)

Definition at line 80 of file ctaccess.c. Referenced by TestTokenSet().

#define UNSOLICITED_INDEX   (0L)

Definition at line 97 of file ctaccess.c. Referenced by CreateDAclToken(), TestTokenAdjustPrivileges(), TestTokenAssignPrimary(), TestTokenCreate(), TestTokenFilter(), and TestTokenQuery().

#define WORLD_INDEX   (3L)

Definition at line 89 of file ctaccess.c. Referenced by CreateDAclToken(), TestTokenAdjustGroups(), TestTokenAssignPrimary(), TestTokenCreate(), and TestTokenQuery().

---

Typedef Documentation

typedef STANDARD_ACE* PSTANDARD_ACE

Definition at line 1134 of file ctaccess.c. Referenced by DumpAcl(), and main().

typedef struct _STANDARD_ACE STANDARD_ACE

Referenced by main(), and TestAddAce().

---

Function Documentation

BOOLEAN CreateDAclToken (   )

Definition at line 299 of file ctaccess.c. References ASSERT, BarneySid, CHILD_INDEX, ChildSid, Dacl, DbgPrint, DEFAULT_DACL_LENGTH, DummyAuthenticationId, DumpAcl(), FALSE, FLINTSTONE_INDEX, FlintstoneSid, FredSid, GROUP_COUNT, GROUP_IDS_LENGTH, ImpersonationToken, ImpersonationTokenAttributes, NEANDERTHOL_INDEX, NeandertholSid, NoExpiration, NormalGroupAttributes, NT_SUCCESS, NtAccessCheck(), NtCreateToken(), NtSetInformationProcess(), NtSetInformationThread(), NTSTATUS(), NULL, OptionalGroupAttributes, Owner, OwnerGroupAttributes, PagedPool, PebblesSid, PrimaryToken, PrimaryTokenAttributes, PRIVILEGE_COUNT, PRIVILEGES_LENGTH, RtlAddAce(), RtlCopySid(), RtlCreateAcl(), RtlCreateSecurityDescriptor(), RtlDeleteAce(), RtlSetDaclSecurityDescriptor(), RtlSetGroupSecurityDescriptor(), RtlSetOwnerSecurityDescriptor(), RtlSetSaclSecurityDescriptor(), SECURITY_INDEX, SecurityPrivilege, SeLengthSid, SET_WIDGET_COLOR, SET_WIDGET_SIZE, Status, TestSource, TRUE, UNSOLICITED_INDEX, UnsolicitedInputPrivilege, USHORT, WORLD_INDEX, and WorldSid. Referenced by CTAccess(). { BOOLEAN CompletionStatus = TRUE; TOKEN_USER UserId; TOKEN_PRIMARY_GROUP PrimaryGroup; PTOKEN_GROUPS GroupIds; PTOKEN_PRIVILEGES Privileges; TOKEN_DEFAULT_DACL DefaultDacl; TOKEN_OWNER Owner; PSECURITY_DESCRIPTOR Widget1SecurityDescriptor; NTSTATUS AccessStatus; ACCESS_MASK GrantedAccess; PACCESS_ALLOWED_ACE AllowBarneySetColor; PACCESS_ALLOWED_ACE AllowFredSetColor; PACCESS_DENIED_ACE DenyPebblesSetColor; PACCESS_ALLOWED_ACE AllowPebblesSetColor; PACCESS_DENIED_ACE DenyFredSetColor; PACCESS_ALLOWED_ACE AllowBarneySetSize; PACCESS_ALLOWED_ACE AllowPebblesSetSize; PACCESS_ALLOWED_ACE AllowPebblesGetColor; PACCESS_ALLOWED_ACE AllowPebblesGetSize; USHORT AllowBarneySetColorLength; USHORT AllowFredSetColorLength; USHORT DenyPebblesSetColorLength; USHORT AllowPebblesSetColorLength; USHORT DenyFredSetColorLength; USHORT AllowBarneySetSizeLength; USHORT AllowPebblesSetSizeLength; USHORT AllowPebblesGetColorLength; USHORT AllowPebblesGetSizeLength; DbgPrint("\n"); GroupIds = (PTOKEN_GROUPS)TstAllocatePool( PagedPool, GROUP_IDS_LENGTH ); Privileges = (PTOKEN_PRIVILEGES)TstAllocatePool( PagedPool, PRIVILEGES_LENGTH ); DefaultDacl.DefaultDacl = (PACL)TstAllocatePool( PagedPool, DEFAULT_DACL_LENGTH ); // // Create a token with default DACL // DbgPrint("Se: Create Token With Default Dacl ... "); GroupIds->GroupCount = GROUP_COUNT; GroupIds->Groups[FLINTSTONE_INDEX].Sid = FlintstoneSid; GroupIds->Groups[CHILD_INDEX].Sid = ChildSid; GroupIds->Groups[NEANDERTHOL_INDEX].Sid = NeandertholSid; GroupIds->Groups[WORLD_INDEX].Sid = WorldSid; GroupIds->Groups[FLINTSTONE_INDEX].Attributes = OwnerGroupAttributes; GroupIds->Groups[CHILD_INDEX].Attributes = OptionalGroupAttributes; GroupIds->Groups[NEANDERTHOL_INDEX].Attributes = OptionalGroupAttributes; GroupIds->Groups[WORLD_INDEX].Attributes = NormalGroupAttributes; UserId.User.Sid = PebblesSid; UserId.User.Attributes = 0; Owner.Owner = FlintstoneSid; Privileges->PrivilegeCount = PRIVILEGE_COUNT; Privileges->Privileges[UNSOLICITED_INDEX].Luid = UnsolicitedInputPrivilege; Privileges->Privileges[SECURITY_INDEX].Luid = SecurityPrivilege; Privileges->Privileges[UNSOLICITED_INDEX].Attributes = 0; Privileges->Privileges[SECURITY_INDEX].Attributes = 0; PrimaryGroup.PrimaryGroup = FlintstoneSid; Status = RtlCreateAcl( DefaultDacl.DefaultDacl, DEFAULT_DACL_LENGTH, ACL_REVISION); ASSERT(NT_SUCCESS(Status) ); Status = NtCreateToken( &PrimaryToken, // Handle (TOKEN_ALL_ACCESS), // DesiredAccess &PrimaryTokenAttributes, // ObjectAttributes TokenPrimary, // TokenType &DummyAuthenticationId, // Authentication LUID &NoExpiration, // Expiration Time &UserId, // Owner ID GroupIds, // Group IDs Privileges, // Privileges &Owner, // Owner &PrimaryGroup, // Primary Group &DefaultDacl, // Default Dacl &TestSource // TokenSource ); if (NT_SUCCESS(Status)) { DbgPrint("Succeeded.\n"); } else { DbgPrint("********** Failed ************\n"); DbgPrint("Status is: 0x%lx \n", Status); CompletionStatus = FALSE; } ASSERT(NT_SUCCESS(Status));  // // Create an impersonation token, Impersonation level = Impersonation // DbgPrint("Se: Create an impersonation token ... "); GroupIds->GroupCount = GROUP_COUNT; GroupIds->Groups[FLINTSTONE_INDEX].Sid = FlintstoneSid; GroupIds->Groups[CHILD_INDEX].Sid = ChildSid; GroupIds->Groups[NEANDERTHOL_INDEX].Sid = NeandertholSid; GroupIds->Groups[WORLD_INDEX].Sid = WorldSid; GroupIds->Groups[FLINTSTONE_INDEX].Attributes = OwnerGroupAttributes; GroupIds->Groups[CHILD_INDEX].Attributes = OptionalGroupAttributes; GroupIds->Groups[NEANDERTHOL_INDEX].Attributes = OptionalGroupAttributes; GroupIds->Groups[WORLD_INDEX].Attributes = NormalGroupAttributes; UserId.User.Sid = PebblesSid; UserId.User.Attributes = 0; Owner.Owner = FlintstoneSid; Privileges->PrivilegeCount = PRIVILEGE_COUNT; Privileges->Privileges[UNSOLICITED_INDEX].Luid = UnsolicitedInputPrivilege; Privileges->Privileges[SECURITY_INDEX].Luid = SecurityPrivilege; Privileges->Privileges[UNSOLICITED_INDEX].Attributes = 0; Privileges->Privileges[SECURITY_INDEX].Attributes = 0; PrimaryGroup.PrimaryGroup = FlintstoneSid; Status = RtlCreateAcl( DefaultDacl.DefaultDacl, DEFAULT_DACL_LENGTH, ACL_REVISION); ASSERT(NT_SUCCESS(Status) ); Status = NtCreateToken( &ImpersonationToken, // Handle (TOKEN_ALL_ACCESS), // DesiredAccess &ImpersonationTokenAttributes, // ObjectAttributes TokenImpersonation, // TokenType &DummyAuthenticationId, // Authentication LUID &NoExpiration, // Expiration Time &UserId, // Owner ID GroupIds, // Group IDs Privileges, // Privileges &Owner, // Owner &PrimaryGroup, // Primary Group &DefaultDacl, // Default Dacl &TestSource // TokenSource ); if (NT_SUCCESS(Status)) { DbgPrint("Succeeded.\n"); } else { DbgPrint("********** Failed ************\n"); DbgPrint("Status is: 0x%lx \n", Status); CompletionStatus = FALSE; } ASSERT(NT_SUCCESS(Status)); // // Attach tokens to process // NtSetInformationProcess( NtCurrentProcess(), ProcessAccessToken, &PrimaryToken, sizeof( PHANDLE )); NtSetInformationThread( NtCurrentThread(), ThreadImpersonationToken, &ImpersonationToken, sizeof( PHANDLE ));  // Create some ACEs // AllowBarneySetColor AllowBarneySetColorLength = (USHORT)(sizeof( ACCESS_ALLOWED_ACE ) - sizeof( ULONG ) + SeLengthSid( BarneySid )); AllowBarneySetColor = (PVOID) TstAllocatePool ( PagedPool, AllowBarneySetColorLength ); AllowBarneySetColor->Header.AceType = ACCESS_ALLOWED_ACE_TYPE; AllowBarneySetColor->Header.AceSize = AllowBarneySetColorLength; AllowBarneySetColor->Header.AceFlags = 0; AllowBarneySetColor->Mask = SET_WIDGET_COLOR; RtlCopySid( SeLengthSid( BarneySid ), &(AllowBarneySetColor->SidStart), BarneySid ); // DenyPebblesSetColor DenyPebblesSetColorLength = (USHORT)(sizeof( ACCESS_DENIED_ACE ) - sizeof( ULONG ) + SeLengthSid( BarneySid )); DenyPebblesSetColor = (PVOID) TstAllocatePool ( PagedPool, DenyPebblesSetColorLength ); DenyPebblesSetColor->Header.AceType = ACCESS_DENIED_ACE_TYPE; DenyPebblesSetColor->Header.AceSize = DenyPebblesSetColorLength; DenyPebblesSetColor->Header.AceFlags = 0; DenyPebblesSetColor->Mask = SET_WIDGET_COLOR; RtlCopySid( SeLengthSid( PebblesSid ), &(DenyPebblesSetColor->SidStart), PebblesSid ); // AllowFredSetColor AllowFredSetColorLength = (USHORT)(sizeof( ACCESS_ALLOWED_ACE ) - sizeof( ULONG ) + SeLengthSid( FredSid )); AllowFredSetColor = (PVOID) TstAllocatePool ( PagedPool, AllowFredSetColorLength ); AllowFredSetColor->Header.AceType = ACCESS_ALLOWED_ACE_TYPE; AllowFredSetColor->Header.AceSize = AllowFredSetColorLength; AllowFredSetColor->Header.AceFlags = 0; AllowFredSetColor->Mask = SET_WIDGET_COLOR; RtlCopySid( SeLengthSid( FredSid ), &(AllowFredSetColor->SidStart), FredSid ); // AllowPebblesSetColor AllowPebblesSetColorLength = (USHORT)(sizeof( ACCESS_ALLOWED_ACE ) - sizeof( ULONG ) + SeLengthSid( PebblesSid )); AllowPebblesSetColor = (PVOID) TstAllocatePool ( PagedPool, AllowPebblesSetColorLength ); AllowPebblesSetColor->Header.AceType = ACCESS_ALLOWED_ACE_TYPE; AllowPebblesSetColor->Header.AceSize = AllowPebblesSetColorLength; AllowPebblesSetColor->Header.AceFlags = 0; AllowPebblesSetColor->Mask = SET_WIDGET_COLOR; RtlCopySid( SeLengthSid( PebblesSid ), &(AllowPebblesSetColor->SidStart), PebblesSid ); // DenyFredSetColor DenyFredSetColorLength = (USHORT)(sizeof( ACCESS_DENIED_ACE ) - sizeof( ULONG ) + SeLengthSid( FredSid )); DenyFredSetColor = (PVOID) TstAllocatePool ( PagedPool, DenyFredSetColorLength ); DenyFredSetColor->Header.AceType = ACCESS_DENIED_ACE_TYPE; DenyFredSetColor->Header.AceSize = DenyFredSetColorLength; DenyFredSetColor->Header.AceFlags = 0; DenyFredSetColor->Mask = SET_WIDGET_COLOR; RtlCopySid( SeLengthSid( FredSid ), &(DenyFredSetColor->SidStart), FredSid ); // AllowBarneySetSize AllowBarneySetSizeLength = (USHORT)(sizeof( ACCESS_ALLOWED_ACE ) - sizeof( ULONG ) + SeLengthSid( BarneySid )); AllowBarneySetSize = (PVOID) TstAllocatePool ( PagedPool, AllowBarneySetSizeLength ); AllowBarneySetSize->Header.AceType = ACCESS_ALLOWED_ACE_TYPE; AllowBarneySetSize->Header.AceSize = AllowBarneySetSizeLength; AllowBarneySetSize->Header.AceFlags = 0; AllowBarneySetSize->Mask = SET_WIDGET_SIZE; RtlCopySid( SeLengthSid( BarneySid ), &(AllowBarneySetSize->SidStart), BarneySid ); // AllowPebblesSetSize AllowPebblesSetSizeLength = (USHORT)(sizeof( ACCESS_ALLOWED_ACE ) - sizeof( ULONG ) + SeLengthSid( PebblesSid )); AllowPebblesSetSize = (PVOID) TstAllocatePool ( PagedPool, AllowPebblesSetSizeLength ); AllowPebblesSetSize->Header.AceType = ACCESS_ALLOWED_ACE_TYPE; AllowPebblesSetSize->Header.AceSize = AllowPebblesSetSizeLength; AllowPebblesSetSize->Header.AceFlags = 0; AllowPebblesSetSize->Mask = SET_WIDGET_SIZE; RtlCopySid( SeLengthSid( PebblesSid ), &(AllowPebblesSetSize->SidStart), PebblesSid ); // AllowPebblesGetSize AllowPebblesGetSizeLength = (USHORT)(sizeof( ACCESS_ALLOWED_ACE ) - sizeof( ULONG ) + SeLengthSid( PebblesSid )); AllowPebblesGetSize = (PVOID) TstAllocatePool ( PagedPool, AllowPebblesGetSizeLength ); AllowPebblesGetSize->Header.AceType = ACCESS_ALLOWED_ACE_TYPE; AllowPebblesGetSize->Header.AceSize = AllowPebblesGetSizeLength; AllowPebblesGetSize->Header.AceFlags = 0; AllowPebblesGetSize->Mask = SET_WIDGET_SIZE; RtlCopySid( SeLengthSid( PebblesSid ), &(AllowPebblesGetSize->SidStart), PebblesSid ); // AllowPebblesGetColor AllowPebblesGetColorLength = (USHORT)(sizeof( ACCESS_ALLOWED_ACE ) - sizeof( ULONG ) + SeLengthSid( PebblesSid )); AllowPebblesGetColor = (PVOID) TstAllocatePool ( PagedPool, AllowPebblesGetColorLength ); AllowPebblesGetColor->Header.AceType = ACCESS_ALLOWED_ACE_TYPE; AllowPebblesGetColor->Header.AceSize = AllowPebblesGetColorLength; AllowPebblesGetColor->Header.AceFlags = 0; AllowPebblesGetColor->Mask = SET_WIDGET_COLOR; RtlCopySid( SeLengthSid( PebblesSid ), &(AllowPebblesGetColor->SidStart), PebblesSid ); // // Create some ACLs that we can put into a Security Descriptor // DbgBreakPoint(); // // Dacl // // +----------------+ +----------------+ +----------------+ // | 1st ACE | | 2nd ACE | | 3rd ACE | // +----------------+ +----------------+ +----------------+ // | AccessAllowed | | AccessDenied | | AccessAllowed | // +----------------+ +----------------+ +----------------+ // | BARNEY | | PEBBLES | | FRED | // +----------------+ +----------------+ +----------------+ // | SetWidgeColor | | SetWidgeColor | | SetWidgeColor | // +----------------+ +----------------+ +----------------+ // Dacl = (PACL) TstAllocatePool ( PagedPool, 2048 ); RtlCreateAcl( Dacl, 2048, ACL_REVISION); RtlAddAce ( Dacl, ACL_REVISION, 0, AllowBarneySetColor, AllowBarneySetColorLength ); RtlAddAce ( Dacl, ACL_REVISION, 1, DenyPebblesSetColor, DenyPebblesSetColorLength ); RtlAddAce ( Dacl, ACL_REVISION, 2, DenyFredSetColor, AllowFredSetColorLength ); DumpAcl (Dacl); // Create a security descriptor // // Owner = Pebbles // Group = Flintstone // Dacl = Dacl // Sacl = NULL // Widget1SecurityDescriptor = (PSECURITY_DESCRIPTOR)TstAllocatePool( PagedPool, 1024 ); RtlCreateSecurityDescriptor( Widget1SecurityDescriptor, 1 ); RtlSetOwnerSecurityDescriptor( Widget1SecurityDescriptor, PebblesSid, FALSE ); RtlSetGroupSecurityDescriptor( Widget1SecurityDescriptor, FlintstoneSid, FALSE ); RtlSetDaclSecurityDescriptor( Widget1SecurityDescriptor, TRUE, Dacl, FALSE ); RtlSetSaclSecurityDescriptor( Widget1SecurityDescriptor, FALSE, NULL, NULL ); // See if Pebbles is allowed SET_WIDGET_COLOR (should be denied) Status = NtAccessCheck( Widget1SecurityDescriptor, PrimaryToken, (ACCESS_MASK) SET_WIDGET_COLOR, &GrantedAccess, &AccessStatus ); // DbgBreakPoint(); ASSERT(NT_SUCCESS(Status)); ASSERT(!NT_SUCCESS(AccessStatus)); ASSERT(GrantedAccess == NULL); // Update Dacl to be the following: // // Dacl2 // // +----------------+ +----------------+ +----------------+ // | 1st ACE | | 2nd ACE | | 3rd ACE | // +----------------+ +----------------+ +----------------+ // | AccessAllowed | | AccessAllowed | | AccessDenied | // +----------------+ +----------------+ +----------------+ // | BARNEY | | PEBBLES | | FRED | // +----------------+ +----------------+ +----------------+ // | SetWidgeColor | | SetWidgeColor | | SetWidgeColor | // +----------------+ +----------------+ +----------------+ // // Delete 2nd Ace RtlDeleteAce (Dacl, 1); RtlAddAce ( Dacl, ACL_REVISION, 1, AllowPebblesSetColor, AllowPebblesSetColorLength ); RtlDeleteAce ( Dacl, 2 ); RtlAddAce ( Dacl, ACL_REVISION, 1, DenyFredSetColor, DenyFredSetColorLength ); // Change the security descriptor to use updated Dacl // // Owner = Pebbles // Group = Flintstone // Dacl = Dacl2 // Sacl = NULL // RtlSetDaclSecurityDescriptor( Widget1SecurityDescriptor, TRUE, Dacl, FALSE ); // See if Pebbles is allowed SET_WIDGET_COLOR (should be permitted) Status = NtAccessCheck( Widget1SecurityDescriptor, PrimaryToken, (ACCESS_MASK) SET_WIDGET_COLOR, &GrantedAccess, &AccessStatus ); ASSERT(NT_SUCCESS(Status)); ASSERT(NT_SUCCESS(AccessStatus)); ASSERT(GrantedAccess == (ACCESS_MASK)SET_WIDGET_COLOR); // // Dacl3 // // +----------------+ +----------------+ +----------------+ // | 1st ACE | | 2nd ACE | | 3rd ACE | // +----------------+ +----------------+ +----------------+ // | AccessAllowed | | AccessAllowed | | AccessDenied | // +----------------+ +----------------+ +----------------+ // | BARNEY | | PEBBLES | | FRED | // +----------------+ +----------------+ +----------------+ // | SetWidgeColor | | SetWidgeColor | | SetWidgeColor | // +----------------+ +----------------+ +----------------+ // // +----------------+ +----------------+ // | 4th ACE | | 5th ACE | // +----------------+ +----------------+ // | AccessAllowed | | AccessAllowed | // +----------------+ +----------------+ // | BARNEY | | PEBBLES | // +----------------+ +----------------+ // | SetWidgeSize | | SetWidgeSize | // +----------------+ +----------------+ // RtlAddAce ( Dacl, ACL_REVISION, MAXULONG, AllowBarneySetSize, AllowBarneySetSizeLength ); RtlAddAce ( Dacl, ACL_REVISION, MAXULONG, AllowPebblesSetSize, AllowPebblesSetSizeLength ); // Change the security descriptor to use Dacl3 // // Owner = Pebbles // Group = Flintstone // Dacl = Dacl3 // Sacl = NULL // RtlSetDaclSecurityDescriptor( Widget1SecurityDescriptor, TRUE, Dacl, FALSE ); // Request MAXIMUM_ACCESS for Pebbles. Should get back SetWidgetSize // and SetWidgetColor Status = NtAccessCheck( Widget1SecurityDescriptor, PrimaryToken, (ACCESS_MASK) MAXIMUM_ALLOWED, &GrantedAccess, &AccessStatus ); ASSERT(NT_SUCCESS(Status)); ASSERT(NT_SUCCESS(AccessStatus)); ASSERT(GrantedAccess == (ACCESS_MASK) (SET_WIDGET_COLOR | SET_WIDGET_SIZE)); // // Dacl4 // // +----------------+ +----------------+ +----------------+ // | 1st ACE | | 2nd ACE | | 3rd ACE | // +----------------+ +----------------+ +----------------+ // | AccessAllowed | | AccessAllowed | | AccessDenied | // +----------------+ +----------------+ +----------------+ // | BARNEY | | PEBBLES | | FRED | // +----------------+ +----------------+ +----------------+ // | SetWidgeColor | | SetWidgeColor | | SetWidgeColor | // +----------------+ +----------------+ +----------------+ // // +----------------+ +----------------+ +----------------+ // | 4th ACE | | 5th ACE | | 6th ACE | // +----------------+ +----------------+ +----------------+ // | AccessAllowed | | AccessAllowed | | AccessDenied | // +----------------+ +----------------+ +----------------+ // | BARNEY | | PEBBLES | | PEBBLES | // +----------------+ +----------------+ +----------------+ // | SetWidgeSize | | SetWidgeSize | | SetWidgeColor | // +----------------+ +----------------+ +----------------+ // RtlAddAce ( Dacl, ACL_REVISION, MAXULONG, DenyPebblesSetColor, DenyPebblesSetColorLength ); RtlSetDaclSecurityDescriptor( Widget1SecurityDescriptor, TRUE, Dacl, FALSE ); // Request MAXIMUM_ACCESS for Pebbles. Should get back SetWidgetSize // and SetWidgetColor Status = NtAccessCheck( Widget1SecurityDescriptor, PrimaryToken, (ACCESS_MASK) MAXIMUM_ALLOWED, &GrantedAccess, &AccessStatus ); ASSERT(NT_SUCCESS(Status)); ASSERT(NT_SUCCESS(AccessStatus)); ASSERT(GrantedAccess == (ACCESS_MASK) (SET_WIDGET_COLOR | SET_WIDGET_SIZE)); // // Dacl5 // // +----------------+ +----------------+ +----------------+ // | 1st ACE | | 2nd ACE | | 3rd ACE | // +----------------+ +----------------+ +----------------+ // | AccessAllowed | | AccessDenied | | AccessDenied | // +----------------+ +----------------+ +----------------+ // | BARNEY | | PEBBLES | | FRED | // +----------------+ +----------------+ +----------------+ // | SetWidgeColor | | SetWidgeColor | | SetWidgeColor | // +----------------+ +----------------+ +----------------+ // // +----------------+ +----------------+ +----------------+ // | 4th ACE | | 5th ACE | | 6th ACE | // +----------------+ +----------------+ +----------------+ // | AccessAllowed | | AccessAllowed | | AccessAllowed | // +----------------+ +----------------+ +----------------+ // | BARNEY | | PEBBLES | | PEBBLES | // +----------------+ +----------------+ +----------------+ // | SetWidgeSize | | SetWidgeSize | | SetWidgeColor | // +----------------+ +----------------+ +----------------+ // RtlDeleteAce (Dacl, 1); RtlAddAce ( Dacl, ACL_REVISION, 1, DenyPebblesSetColor, DenyPebblesSetColorLength ); RtlDeleteAce (Dacl, 5); RtlAddAce ( Dacl, ACL_REVISION, MAXULONG, AllowPebblesSetColor, AllowPebblesSetColorLength ); DumpAcl ( Dacl ); RtlSetDaclSecurityDescriptor( Widget1SecurityDescriptor, TRUE, Dacl, FALSE ); // Request MAXIMUM_ACCESS for Pebbles. Should get back SetWidgetSize Status = NtAccessCheck( Widget1SecurityDescriptor, PrimaryToken, (ACCESS_MASK) MAXIMUM_ALLOWED, &GrantedAccess, &AccessStatus ); ASSERT(NT_SUCCESS(Status)); ASSERT(NT_SUCCESS(AccessStatus)); ASSERT(GrantedAccess == (ACCESS_MASK) SET_WIDGET_SIZE); // // Dacl6 // // +----------------+ +----------------+ +----------------+ // | 1st ACE | | 2nd ACE | | 3rd ACE | // +----------------+ +----------------+ +----------------+ // | AccessAllowed | | AccessDenied | | AccessDenied | // +----------------+ +----------------+ +----------------+ // | BARNEY | | PEBBLES | | FRED | // +----------------+ +----------------+ +----------------+ // | SetWidgeColor | | SetWidgeColor | | SetWidgeColor | // +----------------+ +----------------+ +----------------+ // // +----------------+ +----------------+ +----------------+ // | 4th ACE | | 5th ACE | | 6th ACE | // +----------------+ +----------------+ +----------------+ // | AccessAllowed | | AccessAllowed | | AccessAllowed | // +----------------+ +----------------+ +----------------+ // | BARNEY | | PEBBLES | | PEBBLES | // +----------------+ +----------------+ +----------------+ // | SetWidgeSize | | SetWidgeSize | | SetWidgeColor | // +----------------+ +----------------+ +----------------+ // // +----------------+ +----------------+ // | 7th ACE | | 8th ACE | // +----------------+ +----------------+ // | AccessAllowed | | AccessAllowed | // +----------------+ +----------------+ // | PEBBLES | | PEBBLES | // +----------------+ +----------------+ // | GetWidgeSize | | GetWidgeColor | // +----------------+ +----------------+ // RtlAddAce ( Dacl, ACL_REVISION, MAXULONG, AllowPebblesGetSize, AllowPebblesGetSizeLength ); RtlAddAce ( Dacl, ACL_REVISION, MAXULONG, AllowPebblesGetColor, AllowPebblesGetColorLength ); DumpAcl ( Dacl ); RtlSetDaclSecurityDescriptor( Widget1SecurityDescriptor, TRUE, Dacl, FALSE ); // Request MAXIMUM_ACCESS for Pebbles. Should get back SetWidgetSize Status = NtAccessCheck( Widget1SecurityDescriptor, PrimaryToken, (ACCESS_MASK) MAXIMUM_ALLOWED, &GrantedAccess, &AccessStatus ); ASSERT(NT_SUCCESS(Status)); ASSERT(NT_SUCCESS(AccessStatus)); ASSERT(GrantedAccess == (ACCESS_MASK) SET_WIDGET_SIZE); return(TRUE); }

BOOLEAN CTAccess (   )

Definition at line 1107 of file ctaccess.c. References CreateDAclToken(), DbgPrint, FALSE, TestTokenInitialize(), TRUE, and TSeVariableInitialization(). Referenced by Test(). { BOOLEAN Result = TRUE; if (!TSeVariableInitialization()) { DbgPrint("Se: Failed to initialize global test variables.\n"); return FALSE; } DbgPrint("Se: Initialization..."); TestTokenInitialize(); CreateDAclToken(); }

VOID DumpAcl (  IN PACL  Acl  )

Definition at line 1139 of file ctaccess.c. References DbgPrint, FirstAce, NextAce, NULL, and PSTANDARD_ACE. Referenced by CreateDAclToken(). 01145 : 01146 01147 This routine dumps via (DbgPrint) an Acl for debug purposes. It is 01148 specialized to dump standard aces. 01149 01150 Arguments: 01151 01152 Acl - Supplies the Acl to dump 01153 01154 Return Value: 01155 01156 None 01157 01158 --*/ 01159 01160 01161 { 01162 ULONG i; 01163 PSTANDARD_ACE Ace; 01164 01165 DbgPrint("DumpAcl @ %8lx", Acl); 01166 01167 // 01168 // Check if the Acl is null 01169 // 01170 01171 if (Acl == NULL) { 01172 01173 return; 01174 01175 } 01176 01177 // 01178 // Dump the Acl header 01179 // 01180 01181 DbgPrint(" Revision: %02x", Acl->AclRevision); 01182 DbgPrint(" Size: %04x", Acl->AclSize); 01183 DbgPrint(" AceCount: %04x\n", Acl->AceCount); 01184 01185 // 01186 // Now for each Ace we want do dump it 01187 // 01188 01189 for (i = 0, Ace = FirstAce(Acl); 01190 i < Acl->AceCount; 01191 i++, Ace = NextAce(Ace) ) { 01192 01193 // 01194 // print out the ace header 01195 // 01196 01197 DbgPrint(" AceHeader: %08lx ", *(PULONG)Ace); 01198 01199 // 01200 // special case on the standard ace types 01201 // 01202 01203 if ((Ace->Header.AceType == ACCESS_ALLOWED_ACE_TYPE) || 01204 (Ace->Header.AceType == ACCESS_DENIED_ACE_TYPE) || 01205 (Ace->Header.AceType == SYSTEM_AUDIT_ACE_TYPE) || 01206 (Ace->Header.AceType == SYSTEM_ALARM_ACE_TYPE)) { 01207 01208 // 01209 // The following array is indexed by ace types and must 01210 // follow the allowed, denied, audit, alarm seqeuence 01211 // 01212 01213 static PCHAR AceTypes[] = { "Access Allowed", 01214 "Access Denied ", 01215 "System Audit ", 01216 "System Alarm " 01217 }; 01218 01219 DbgPrint(AceTypes[Ace->Header.AceType]); 01220 DbgPrint("\nAccess Mask: %08lx ", Ace->Mask); 01221 01222 } else { 01223 01224 DbgPrint("Unknown Ace Type\n"); 01225 01226 } 01227 01228 DbgPrint("\n"); 01229 01230 DbgPrint("AceSize = %d\n",Ace->Header.AceSize); 01231 DbgPrint("Ace Flags = "); 01232 if (Ace->Header.AceFlags & OBJECT_INHERIT_ACE) { 01233 DbgPrint("OBJECT_INHERIT_ACE\n"); 01234 DbgPrint(" "); 01235 } 01236 if (Ace->Header.AceFlags & CONTAINER_INHERIT_ACE) { 01237 DbgPrint("CONTAINER_INHERIT_ACE\n"); 01238 DbgPrint(" "); 01239 } 01240 01241 if (Ace->Header.AceFlags & NO_PROPAGATE_INHERIT_ACE) { 01242 DbgPrint("NO_PROPAGATE_INHERIT_ACE\n"); 01243 DbgPrint(" "); 01244 } 01245 01246 if (Ace->Header.AceFlags & INHERIT_ONLY_ACE) { 01247 DbgPrint("INHERIT_ONLY_ACE\n"); 01248 DbgPrint(" "); 01249 } 01250 01251 01252 if (Ace->Header.AceFlags & SUCCESSFUL_ACCESS_ACE_FLAG) { 01253 DbgPrint("SUCCESSFUL_ACCESS_ACE_FLAG\n"); 01254 DbgPrint(" "); 01255 } 01256 01257 if (Ace->Header.AceFlags & FAILED_ACCESS_ACE_FLAG) { 01258 DbgPrint("FAILED_ACCESS_ACE_FLAG\n"); 01259 DbgPrint(" "); 01260 } 01261 01262 DbgPrint("\n"); 01263 01264 01265 } 01266 01267 } }

BOOLEAN TestTokenInitialize (   )

Definition at line 178 of file ctaccess.c. References AnonymousSecurityDescriptor, AnonymousSecurityQos, AnonymousTokenAttributes, Dacl, DbgPrint, DisabledGroupAttributes, DummyAuthenticationId, FALSE, ImpersonationSecurityDescriptor, ImpersonationSecurityQos, ImpersonationTokenAttributes, NoExpiration, NormalGroupAttributes, NtAllocateLocallyUniqueId(), NULL, OptionalGroupAttributes, OwnerGroupAttributes, PagedPool, PrimarySecurityDescriptor, PrimaryTokenAttributes, RtlTimeFieldsToTime(), TempTimeFields, TestSource, TRUE, and TSeVariableInitialization(). Referenced by CTAccess(), CTToken(), and TestTokenInitialize(). { TSeVariableInitialization(); // Initialize global variables DisabledGroupAttributes = (SE_GROUP_ENABLED_BY_DEFAULT); OptionalGroupAttributes = (SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_ENABLED ); NormalGroupAttributes = (SE_GROUP_MANDATORY | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_ENABLED ); OwnerGroupAttributes = (SE_GROUP_MANDATORY | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_ENABLED | SE_GROUP_OWNER ); PrimarySecurityDescriptor = (PSECURITY_DESCRIPTOR)TstAllocatePool( PagedPool, 1024 ); InitializeObjectAttributes( &PrimaryTokenAttributes, NULL, OBJ_INHERIT, NULL, NULL ); ImpersonationSecurityDescriptor = (PSECURITY_DESCRIPTOR)TstAllocatePool( PagedPool, 1024 ); ImpersonationSecurityQos.Length = (ULONG)sizeof(SECURITY_QUALITY_OF_SERVICE); ImpersonationSecurityQos.ImpersonationLevel = SecurityImpersonation; ImpersonationSecurityQos.ContextTrackingMode = SECURITY_DYNAMIC_TRACKING; ImpersonationSecurityQos.EffectiveOnly = FALSE; InitializeObjectAttributes( &ImpersonationTokenAttributes, NULL, OBJ_INHERIT, NULL, NULL ); ImpersonationTokenAttributes.SecurityQualityOfService = &ImpersonationSecurityQos; AnonymousSecurityDescriptor = (PSECURITY_DESCRIPTOR)TstAllocatePool( PagedPool, 1024 ); AnonymousSecurityQos.Length = (ULONG)sizeof(SECURITY_QUALITY_OF_SERVICE); AnonymousSecurityQos.ImpersonationLevel = SecurityAnonymous; AnonymousSecurityQos.ContextTrackingMode = SECURITY_DYNAMIC_TRACKING; AnonymousSecurityQos.EffectiveOnly = FALSE; InitializeObjectAttributes( &AnonymousTokenAttributes, NULL, OBJ_INHERIT, NULL, NULL ); AnonymousTokenAttributes.SecurityQualityOfService = &AnonymousSecurityQos; // // Build an ACL for use. // Dacl = (PACL)TstAllocatePool( PagedPool, 256 ); Dacl->AclRevision=ACL_REVISION; Dacl->Sbz1=0; Dacl->Sbz2=0; Dacl->AclSize=256; Dacl->AceCount=0; // // Set up expiration times // TempTimeFields.Year = 3000; TempTimeFields.Month = 1; TempTimeFields.Day = 1; TempTimeFields.Hour = 1; TempTimeFields.Minute = 1; TempTimeFields.Second = 1; TempTimeFields.Milliseconds = 1; TempTimeFields.Weekday = 1; RtlTimeFieldsToTime( &TempTimeFields, &NoExpiration ); // // Use a dummy authentication ID for a while. // DummyAuthenticationId = FredLuid; // // Use a token source specific to security test // NtAllocateLocallyUniqueId( &(TestSource.SourceIdentifier) ); DbgPrint("Done.\n"); return TRUE; }

---

Variable Documentation

PSECURITY_DESCRIPTOR AnonymousSecurityDescriptor

Definition at line 139 of file ctaccess.c. Referenced by TestTokenInitialize().

SECURITY_QUALITY_OF_SERVICE AnonymousSecurityQos

Definition at line 140 of file ctaccess.c. Referenced by TestTokenInitialize().

HANDLE AnonymousToken

Definition at line 128 of file ctaccess.c. Referenced by TestTokenCreate(), and TestTokenImpersonation().

OBJECT_ATTRIBUTES AnonymousTokenAttributes

Definition at line 138 of file ctaccess.c. Referenced by TestTokenCreate(), and TestTokenInitialize().

ULONG CurrentLength

Definition at line 148 of file ctaccess.c. Referenced by LowTraverseChildren(), NtSetInformationToken(), and TestTokenSet().

PACL Dacl

Definition at line 161 of file ctaccess.c. Referenced by CreateDAclToken(), DumpSecurity(), ObpFreeDosDevicesProtection(), ObpHashSecurityDescriptor(), RtlCopySecurityDescriptor(), RtlCreateAndSetSD(), RtlGetDaclSecurityDescriptor(), RtlpQuerySecurityDescriptor(), RtlQuerySecurityObject(), RtlSelfRelativeToAbsoluteSD(), RtlSetDaclSecurityDescriptor(), RtlValidRelativeSecurityDescriptor(), RtlValidSecurityDescriptor(), SeComputeQuotaInformationSize(), SeFastTraverseCheck(), SepAccessCheck(), SepDumpSecurityDescriptor(), SepInitializationPhase1(), SepMaximumAccessCheck(), SepNormalAccessCheck(), SeValidSecurityDescriptor(), TestCaptureSecurityDescriptor(), and TestTokenInitialize().

ULONG DisabledGroupAttributes

Definition at line 142 of file ctaccess.c. Referenced by TestTokenAdjustGroups(), and TestTokenInitialize().

LUID DummyAuthenticationId

Definition at line 154 of file ctaccess.c. Referenced by CreateDAclToken(), and TestTokenInitialize().

PSID Group

Definition at line 160 of file ctaccess.c. Referenced by ChangeMemberState(), CreateFtMember(), ObpHashSecurityDescriptor(), OrphanMember(), RegenerateMember(), RestoreOrphan(), RtlGetGroupSecurityDescriptor(), RtlQuerySecurityObject(), RtlSetGroupSecurityDescriptor(), RtlValidSecurityDescriptor(), SeComputeQuotaInformationSize(), SepDumpSecurityDescriptor(), and SepIdAssignableAsGroup().

PSECURITY_DESCRIPTOR ImpersonationSecurityDescriptor

Definition at line 135 of file ctaccess.c. Referenced by TestTokenInitialize().

SECURITY_QUALITY_OF_SERVICE ImpersonationSecurityQos

Definition at line 136 of file ctaccess.c. Referenced by TestTokenInitialize().

HANDLE ImpersonationToken

Definition at line 124 of file ctaccess.c. Referenced by CreateDAclToken(), TestTokenCreate(), TestTokenDuplicate(), and TestTokenImpersonation().

OBJECT_ATTRIBUTES ImpersonationTokenAttributes

Definition at line 134 of file ctaccess.c. Referenced by CreateDAclToken(), TestTokenAssignPrimary(), TestTokenCreate(), and TestTokenInitialize().

ULONG LengthAvailable

Definition at line 147 of file ctaccess.c. Referenced by TestTokenSet().

LARGE_INTEGER NoExpiration

Definition at line 152 of file ctaccess.c. Referenced by CreateDAclToken(), SeMakeAnonymousLogonToken(), SeMakeSystemToken(), TestTokenAssignPrimary(), TestTokenCreate(), and TestTokenInitialize().

ULONG NormalGroupAttributes

Definition at line 144 of file ctaccess.c. Referenced by CreateDAclToken(), SeMakeAnonymousLogonToken(), SeMakeSystemToken(), TestSeSid(), TestTokenAdjustGroups(), TestTokenAssignPrimary(), TestTokenCreate(), TestTokenInitialize(), and TestTokenQuery().

ULONG OptionalGroupAttributes

Definition at line 143 of file ctaccess.c. Referenced by CreateDAclToken(), TestTokenAdjustGroups(), TestTokenAssignPrimary(), TestTokenCreate(), TestTokenFilter(), TestTokenInitialize(), and TestTokenQuery().

PSID Owner

Definition at line 159 of file ctaccess.c. Referenced by CreateDAclToken(), GetMySid(), KeI386GetLid(), NtCreateToken(), ObpHashSecurityDescriptor(), RtlAddRange(), RtlCopySecurityDescriptor(), RtlDeleteOwnersRanges(), RtlDeleteRange(), RtlGetOwnerSecurityDescriptor(), RtlMakeSelfRelativeSD(), RtlpCreateRangeListEntry(), RtlpQuerySecurityDescriptor(), RtlpValidOwnerSubjectContext(), RtlQuerySecurityObject(), RtlSelfRelativeToAbsoluteSD(), RtlSetOwnerSecurityDescriptor(), RtlValidSecurityDescriptor(), SeMakeAnonymousLogonToken(), SeMakeSystemToken(), SepCreateToken(), SepDumpSecurityDescriptor(), SepTokenIsOwner(), SepValidOwnerSubjectContext(), TestTokenAssignPrimary(), TestTokenCreate(), and TestTokenQuery().

ULONG OwnerGroupAttributes

Definition at line 145 of file ctaccess.c. Referenced by CreateDAclToken(), SeMakeSystemToken(), TestSeSid(), TestTokenAdjustGroups(), TestTokenAssignPrimary(), TestTokenCreate(), TestTokenFilter(), TestTokenInitialize(), and TestTokenQuery().

PSECURITY_DESCRIPTOR PrimarySecurityDescriptor

Definition at line 131 of file ctaccess.c. Referenced by TestTokenInitialize().

SECURITY_QUALITY_OF_SERVICE PrimarySecurityQos

Definition at line 132 of file ctaccess.c.

HANDLE PrimaryToken

Definition at line 126 of file ctaccess.c. Referenced by CreateDAclToken(), NtOpenThreadToken(), RtlpConvertToAutoInheritSecurityObject(), RtlpGetDefaultsSubjectContext(), RtlpSetSecurityObject(), SepAccessCheck(), SepAdtObjectReferenceAuditAlarm(), SepAdtOpenObjectAuditAlarm(), SepAdtOpenObjectForDeleteAuditAlarm(), SepAdtPrivilegedServiceAuditAlarm(), SepAdtPrivilegeObjectAuditAlarm(), SepCreateImpersonationTokenDacl(), SepGetDefaultsSubjectContext(), SepMaximumAccessCheck(), and SepNormalAccessCheck().

OBJECT_ATTRIBUTES PrimaryTokenAttributes

Definition at line 130 of file ctaccess.c. Referenced by CreateDAclToken(), SeSubProcessToken(), TestTokenAssignPrimary(), TestTokenCreate(), and TestTokenInitialize().

HANDLE SimpleToken

Definition at line 117 of file ctaccess.c. Referenced by TestTokenAdjustGroups(), TestTokenAdjustPrivileges(), TestTokenCreate(), TestTokenDuplicate(), and TestTokenQuery().

NTSTATUS Status

Definition at line 115 of file ctaccess.c.

LUID SystemAuthenticationId = SYSTEM_LUID

Definition at line 155 of file ctaccess.c. Referenced by DisplaySecurityContext(), TestTokenAssignPrimary(), and TestTokenCreate().

PACL TempDacl

Definition at line 165 of file ctaccess.c.

PSID TempGroup

Definition at line 164 of file ctaccess.c.

PSID TempOwner

Definition at line 163 of file ctaccess.c.

TIME_FIELDS TempTimeFields = {3000, 1, 1, 1, 1, 1, 1, 1}

Definition at line 151 of file ctaccess.c. Referenced by TestTokenInitialize().

TOKEN_SOURCE TestSource = {"SE: TEST", 0}

Definition at line 157 of file ctaccess.c. Referenced by CreateDAclToken(), TestTokenAssignPrimary(), TestTokenCreate(), TestTokenInitialize(), and TestTokenQuery().

HANDLE Token

Definition at line 123 of file ctaccess.c. Referenced by _UserTestTokenForInteractive(), ChooseDisk(), CmpGetToken(), DisableAllPrivileges(), EhpAttachSecurity(), EnableAllPrivileges(), GetMySid(), NtAdjustGroupsToken(), NtAdjustPrivilegesToken(), NtDuplicateToken(), NtFilterToken(), NtOpenObjectAuditAlarm(), NtOpenProcessToken(), NtOpenThreadToken(), NtPrivilegeCheck(), NtPrivilegedServiceAuditAlarm(), NtPrivilegeObjectAuditAlarm(), NtQueryInformationToken(), NtSecureConnectPort(), NtSetInformationProcess(), NtSetInformationToken(), OpenAppropriateToken(), PsAssignImpersonationToken(), PsImpersonateClient(), PsOpenTokenOfJobObject(), PsOpenTokenOfThread(), PspAssignPrimaryToken(), PsReferenceEffectiveToken(), PsReferenceImpersonationToken(), PsReferencePrimaryToken(), ResetAllPrivileges(), RtlAdjustPrivilege(), RtlNewInstanceSecurityObject(), RtlNewSecurityGrantedAccess(), RtlNewSecurityObject(), RtlNewSecurityObjectEx(), RtlpNewSecurityObject(), RtlpSetSecurityObject(), RtlpValidOwnerSubjectContext(), RtlSetSecurityObject(), RtlSetSecurityObjectEx(), SeAccessCheckByType(), SeAssignPrimaryToken(), SeAuditProcessExit(), SeCreateClientSecurity(), SeCreateClientSecurityFromSubjectContext(), SeFilterToken(), SeGetTokenControlInformation(), SeIsChildToken(), SeIsChildTokenByPointer(), SeMakeAnonymousLogonToken(), SeMakeSystemToken(), SeOpenObjectAuditAlarm(), SeOpenObjectForDeleteAuditAlarm(), SepAdjustGroups(), SepAdjustPrivileges(), SepAppendDefaultDacl(), SepAppendPrimaryGroup(), SepCreateClientSecurity(), SepCreateImpersonationTokenDacl(), SepCreateToken(), SepDumpTokenInfo(), SepExamineSacl(), SepExamineSaclEx(), SepFreeDefaultDacl(), SepFreePrimaryGroup(), SepIdAssignableAsGroup(), SepIdAssignableAsOwner(), SepMakeTokenEffectiveOnly(), SepOpenTokenOfThread(), SepPrivilegeCheck(), SepRemoveDisabledGroupsAndPrivileges(), SePrivilegedServiceAuditAlarm(), SePrivilegePolicyCheck(), SepSidInSidAndAttributes(), SepSidInToken(), SepSidInTokenEx(), SepSinglePrivilegeCheck(), SepTokenDeleteMethod(), SepTokenIsOwner(), SeQueryAuthenticationIdToken(), SeQueryInformationToken(), SeQuerySessionIdToken(), SeSetSessionIdToken(), SeTokenImpersonationLevel(), SeTokenIsAdmin(), SeTokenIsRestricted(), SeTokenType(), TestAccessCheck(), TestAssignSecurity(), TestMakeSystemToken(), TestTokenAssignPrimary(), TestTokenCreate(), TestTokenFilter(), TestTokenImpersonation(), TestTokenSize(), WriteHNAToken(), and WriteStringToken().

HANDLE TokenWithDefaultDacl

Definition at line 121 of file ctaccess.c. Referenced by TestTokenCreate(), and TestTokenQuery().

HANDLE TokenWithDefaultOwner

Definition at line 119 of file ctaccess.c. Referenced by TestTokenCreate(), and TestTokenQuery().

HANDLE TokenWithGroups

Definition at line 118 of file ctaccess.c. Referenced by TestTokenAdjustGroups(), TestTokenCreate(), TestTokenFilter(), TestTokenImpersonation(), TestTokenQuery(), and TestTokenSet().

HANDLE TokenWithPrivileges

Definition at line 120 of file ctaccess.c. Referenced by TestTokenAdjustPrivileges(), TestTokenCreate(), TestTokenFilter(), and TestTokenQuery().

---