archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
6 Commits
1 Branch
0 Tags
4.0 GiB
Branch: master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
windows-xp/Source/XPSP1/NT/base/ntos/se/seastate.c

608 lines
14 KiB
Raw Permalink Normal View History

Add source files
4 years ago
  1. /*++
  3. Module Name:
  5. SeAstate.c
  7. Abstract:
  9. This Module implements the privilege check procedures.
  11. Author:
  13. Robert Reichel (robertre) 20-March-90
  15. Environment:
  17. Kernel Mode
  19. Revision History:
  21. v1: robertre
  22. new file, move Access State related routines here
  24. --*/
  26. #include "pch.h"
  28. #pragma hdrstop
  31. #ifdef ALLOC_PRAGMA
  32. #pragma alloc_text(PAGE,SeCreateAccessState)
  33. #pragma alloc_text(PAGE,SeDeleteAccessState)
  34. #pragma alloc_text(PAGE,SeSetAccessStateGenericMapping)
  35. #pragma alloc_text(PAGE,SeAppendPrivileges)
  36. #pragma alloc_text(PAGE,SepConcatenatePrivileges)
  37. #endif
  40. //
  41. // Define logical sum of all generic accesses.
  42. //
  44. #define GENERIC_ACCESS (GENERIC_READ | GENERIC_WRITE | GENERIC_EXECUTE | GENERIC_ALL)
  47. //
  48. // The PRIVILEGE_SET data structure includes an array including ANYSIZE_ARRAY
  49. // elements. This definition provides the size of an empty PRIVILEGE_SET
  50. // (i.e., one with no privileges in it).
  51. //
  53. #define SEP_PRIVILEGE_SET_HEADER_SIZE \
  54. ((ULONG)sizeof(PRIVILEGE_SET) - \
  55. (ANYSIZE_ARRAY * (ULONG)sizeof(LUID_AND_ATTRIBUTES)))
  61. #if 0
  62. NTSTATUS
  63. SeCreateAccessState(
  64. IN PACCESS_STATE AccessState,
  65. IN ACCESS_MASK DesiredAccess,
  66. IN PGENERIC_MAPPING GenericMapping OPTIONAL
  67. )
  69. /*++
  70. Routine Description:
  72. This routine initializes an ACCESS_STATE structure. This consists
  73. of:
  75. - zeroing the entire structure
  77. - mapping generic access types in the passed DesiredAccess
  78. and putting it into the structure
  80. - "capturing" the Subject Context, which must be held for the
  81. duration of the access attempt (at least until auditing is performed).
  83. - Allocating an Operation ID, which is an LUID that will be used
  84. to associate different parts of the access attempt in the audit
  85. log.
  87. Arguments:
  89. AccessState - a pointer to the structure to be initialized.
  91. DesiredAccess - Access mask containing the desired access
  93. GenericMapping - Optionally supplies a pointer to a generic mapping
  94. that may be used to map any generic access requests that may
  95. have been passed in the DesiredAccess parameter.
  97. Note that if this parameter is not supplied, it must be filled
  98. in at some later point. The IO system does this in IopParseDevice.
  100. Return Value:
  102. Error if the attempt to allocate an LUID fails.
  104. Note that this error may be safely ignored if it is known that all
  105. security checks will be performed with PreviousMode == KernelMode.
  106. Know what you're doing if you choose to ignore this.
  108. --*/
  110. {
  112. ACCESS_MASK MappedAccessMask;
  113. PSECURITY_DESCRIPTOR InputSecurityDescriptor = NULL;
  114. PAUX_ACCESS_DATA AuxData;
  116. PAGED_CODE();
  118. //
  119. // Don't modify what he passed in
  120. //
  122. MappedAccessMask = DesiredAccess;
  124. //
  125. // Map generic access to object specific access iff generic access types
  126. // are specified and a generic access mapping table is provided.
  127. //
  129. if ( ((DesiredAccess & GENERIC_ACCESS) != 0) &&
  130. ARGUMENT_PRESENT(GenericMapping) ) {
  132. RtlMapGenericMask(
  133. &MappedAccessMask,
  134. GenericMapping
  135. );
  136. }
  138. RtlZeroMemory(AccessState, sizeof(ACCESS_STATE));
  140. //
  141. // Assume RtlZeroMemory has initialized these fields properly
  142. //
  144. ASSERT( AccessState->SecurityDescriptor == NULL );
  145. ASSERT( AccessState->PrivilegesAllocated == FALSE );
  147. AccessState->AuxData = ExAllocatePool( PagedPool, sizeof( AUX_ACCESS_DATA ));
  149. if (AccessState->AuxData == NULL) {
  150. return( STATUS_NO_MEMORY );
  151. }
  153. AuxData = (PAUX_ACCESS_DATA)AccessState->AuxData;
  155. SeCaptureSubjectContext(&AccessState->SubjectSecurityContext);
  157. if (((PTOKEN)EffectiveToken( &AccessState->SubjectSecurityContext ))->TokenFlags & TOKEN_HAS_TRAVERSE_PRIVILEGE ) {
  158. AccessState->Flags = TOKEN_HAS_TRAVERSE_PRIVILEGE;
  159. }
  161. if (SeTokenIsRestricted(EffectiveToken( &AccessState-SubjectSecurityContext))) {
  162. AccessState->Flags |= TOKEN_IS_RESTRICTED;
  163. }
  165. AccessState->RemainingDesiredAccess = MappedAccessMask;
  166. AccessState->OriginalDesiredAccess = DesiredAccess;
  167. AuxData->PrivilegesUsed = (PPRIVILEGE_SET)((PUCHAR)AccessState +
  168. (FIELD_OFFSET(ACCESS_STATE, Privileges)));
  170. ExAllocateLocallyUniqueId(&AccessState->OperationID);
  172. if (ARGUMENT_PRESENT(GenericMapping)) {
  173. AuxData->GenericMapping = *GenericMapping;
  174. }
  176. return( STATUS_SUCCESS );
  178. }
  180. #endif
  183. NTSTATUS
  184. SeCreateAccessState(
  185. IN PACCESS_STATE AccessState,
  186. IN PAUX_ACCESS_DATA AuxData,
  187. IN ACCESS_MASK DesiredAccess,
  188. IN PGENERIC_MAPPING GenericMapping OPTIONAL
  189. )
  191. /*++
  192. Routine Description:
  194. This routine initializes an ACCESS_STATE structure. This consists
  195. of:
  197. - zeroing the entire structure
  199. - mapping generic access types in the passed DesiredAccess
  200. and putting it into the structure
  202. - "capturing" the Subject Context, which must be held for the
  203. duration of the access attempt (at least until auditing is performed).
  205. - Allocating an Operation ID, which is an LUID that will be used
  206. to associate different parts of the access attempt in the audit
  207. log.
  209. Arguments:
  211. AccessState - a pointer to the structure to be initialized.
  213. AuxData - Supplies a buffer big enough for an AuxData structure
  214. so we don't have to allocate one.
  216. DesiredAccess - Access mask containing the desired access
  218. GenericMapping - Optionally supplies a pointer to a generic mapping
  219. that may be used to map any generic access requests that may
  220. have been passed in the DesiredAccess parameter.
  222. Note that if this parameter is not supplied, it must be filled
  223. in at some later point. The IO system does this in IopParseDevice.
  225. Return Value:
  227. Error if the attempt to allocate an LUID fails.
  229. Note that this error may be safely ignored if it is known that all
  230. security checks will be performed with PreviousMode == KernelMode.
  231. Know what you're doing if you choose to ignore this.
  233. --*/
  235. {
  237. ACCESS_MASK MappedAccessMask;
  238. PSECURITY_DESCRIPTOR InputSecurityDescriptor = NULL;
  240. PAGED_CODE();
  242. //
  243. // Don't modify what he passed in
  244. //
  246. MappedAccessMask = DesiredAccess;
  248. //
  249. // Map generic access to object specific access iff generic access types
  250. // are specified and a generic access mapping table is provided.
  251. //
  253. if ( ((DesiredAccess & GENERIC_ACCESS) != 0) &&
  254. ARGUMENT_PRESENT(GenericMapping) ) {
  256. RtlMapGenericMask(
  257. &MappedAccessMask,
  258. GenericMapping
  259. );
  260. }
  262. RtlZeroMemory(AccessState, sizeof(ACCESS_STATE));
  263. RtlZeroMemory(AuxData, sizeof(AUX_ACCESS_DATA));
  265. //
  266. // Assume RtlZeroMemory has initialized these fields properly
  267. //
  269. ASSERT( AccessState->SecurityDescriptor == NULL );
  270. ASSERT( AccessState->PrivilegesAllocated == FALSE );
  272. AccessState->AuxData = AuxData;
  274. SeCaptureSubjectContext(&AccessState->SubjectSecurityContext);
  276. if (((PTOKEN)EffectiveToken( &AccessState->SubjectSecurityContext ))->TokenFlags & TOKEN_HAS_TRAVERSE_PRIVILEGE ) {
  277. AccessState->Flags = TOKEN_HAS_TRAVERSE_PRIVILEGE;
  278. }
  280. AccessState->RemainingDesiredAccess = MappedAccessMask;
  281. AccessState->OriginalDesiredAccess = MappedAccessMask;
  282. AuxData->PrivilegesUsed = (PPRIVILEGE_SET)((ULONG_PTR)AccessState +
  283. (FIELD_OFFSET(ACCESS_STATE, Privileges)));
  285. ExAllocateLocallyUniqueId(&AccessState->OperationID);
  287. if (ARGUMENT_PRESENT(GenericMapping)) {
  288. AuxData->GenericMapping = *GenericMapping;
  289. }
  291. return( STATUS_SUCCESS );
  293. }
  296. #if 0
  299. VOID
  300. SeDeleteAccessState(
  301. PACCESS_STATE AccessState
  302. )
  304. /*++
  306. Routine Description:
  308. This routine deallocates any memory that may have been allocated as
  309. part of constructing the access state (normally only for an excessive
  310. number of privileges), and frees the Subject Context.
  312. Arguments:
  314. AccessState - a pointer to the ACCESS_STATE structure to be
  315. deallocated.
  317. Return Value:
  319. None.
  321. --*/
  323. {
  324. PAUX_ACCESS_DATA AuxData;
  326. PAGED_CODE();
  328. AuxData = (PAUX_ACCESS_DATA)AccessState->AuxData;
  330. if (AccessState->PrivilegesAllocated) {
  331. ExFreePool( (PVOID)AuxData->PrivilegesUsed );
  332. }
  334. if (AccessState->ObjectName.Buffer != NULL) {
  335. ExFreePool(AccessState->ObjectName.Buffer);
  336. }
  338. if (AccessState->ObjectTypeName.Buffer != NULL) {
  339. ExFreePool(AccessState->ObjectTypeName.Buffer);
  340. }
  342. ExFreePool( AuxData );
  344. SeReleaseSubjectContext(&AccessState->SubjectSecurityContext);
  346. return;
  347. }
  350. #endif
  352. VOID
  353. SeDeleteAccessState(
  354. PACCESS_STATE AccessState
  355. )
  357. /*++
  359. Routine Description:
  361. This routine deallocates any memory that may have been allocated as
  362. part of constructing the access state (normally only for an excessive
  363. number of privileges), and frees the Subject Context.
  365. Arguments:
  367. AccessState - a pointer to the ACCESS_STATE structure to be
  368. deallocated.
  370. Return Value:
  372. None.
  374. --*/
  376. {
  377. PAUX_ACCESS_DATA AuxData;
  379. PAGED_CODE();
  381. AuxData = (PAUX_ACCESS_DATA)AccessState->AuxData;
  383. if (AccessState->PrivilegesAllocated) {
  384. ExFreePool( (PVOID)AuxData->PrivilegesUsed );
  385. }
  387. if (AccessState->ObjectName.Buffer != NULL) {
  388. ExFreePool(AccessState->ObjectName.Buffer);
  389. }
  391. if (AccessState->ObjectTypeName.Buffer != NULL) {
  392. ExFreePool(AccessState->ObjectTypeName.Buffer);
  393. }
  395. SeReleaseSubjectContext(&AccessState->SubjectSecurityContext);
  397. return;
  398. }
  400. VOID
  401. SeSetAccessStateGenericMapping (
  402. PACCESS_STATE AccessState,
  403. PGENERIC_MAPPING GenericMapping
  404. )
  406. /*++
  408. Routine Description:
  410. This routine sets the GenericMapping field in an AccessState structure.
  411. It must be called before access validation is performed if the GenericMapping
  412. is not passed in when the AccessState structure is created.
  414. Arguments:
  416. AccessState - a pointer to the ACCESS_STATE structure to be modified.
  418. GenericMapping - a pointer to the GenericMapping to be copied into the AccessState.
  420. Return Value:
  423. --*/
  424. {
  425. PAUX_ACCESS_DATA AuxData;
  427. PAGED_CODE();
  429. AuxData = (PAUX_ACCESS_DATA)AccessState->AuxData;
  431. AuxData->GenericMapping = *GenericMapping;
  433. return;
  434. }
  438. NTSTATUS
  439. SeAppendPrivileges(
  440. PACCESS_STATE AccessState,
  441. PPRIVILEGE_SET Privileges
  442. )
  443. /*++
  445. Routine Description:
  447. This routine takes a privilege set and adds it to the privilege set
  448. imbedded in an ACCESS_STATE structure.
  450. An AccessState may contain up to three imbedded privileges. To
  451. add more, this routine will allocate a block of memory, copy
  452. the current privileges into it, and append the new privilege
  453. to that block. A bit is set in the AccessState indicating that
  454. the pointer to the privilge set in the structure points to pool
  455. memory and must be deallocated.
  457. Arguments:
  459. AccessState - The AccessState structure representing the current
  460. access attempt.
  462. Privileges - A pointer to a privilege set to be added.
  464. Return Value:
  466. STATUS_INSUFFICIENT_RESOURCES - an attempt to allocate pool memory
  467. failed.
  469. --*/
  471. {
  472. ULONG NewPrivilegeSetSize;
  473. PPRIVILEGE_SET NewPrivilegeSet;
  474. PAUX_ACCESS_DATA AuxData;
  476. PAGED_CODE();
  478. AuxData = (PAUX_ACCESS_DATA)AccessState->AuxData;
  480. if (Privileges->PrivilegeCount + AuxData->PrivilegesUsed->PrivilegeCount >
  481. INITIAL_PRIVILEGE_COUNT) {
  483. //
  484. // Compute the total size of the two privilege sets
  485. //
  487. NewPrivilegeSetSize = SepPrivilegeSetSize( Privileges ) +
  488. SepPrivilegeSetSize( AuxData->PrivilegesUsed );
  490. NewPrivilegeSet = ExAllocatePoolWithTag( PagedPool, NewPrivilegeSetSize, 'rPeS' );
  492. if (NewPrivilegeSet == NULL) {
  493. return( STATUS_INSUFFICIENT_RESOURCES );
  494. }
  497. RtlCopyMemory(
  498. NewPrivilegeSet,
  499. AuxData->PrivilegesUsed,
  500. SepPrivilegeSetSize( AuxData->PrivilegesUsed )
  501. );
  503. //
  504. // Note that this will adjust the privilege count in the
  505. // structure for us.
  506. //
  508. SepConcatenatePrivileges(
  509. NewPrivilegeSet,
  510. NewPrivilegeSetSize,
  511. Privileges
  512. );
  514. if (AccessState->PrivilegesAllocated) {
  515. ExFreePool( AuxData->PrivilegesUsed );
  516. }
  518. AuxData->PrivilegesUsed = NewPrivilegeSet;
  520. //
  521. // Mark that we've allocated memory for the privilege set,
  522. // so we know to free it when we're cleaning up.
  523. //
  525. AccessState->PrivilegesAllocated = TRUE;
  527. } else {
  529. //
  530. // Note that this will adjust the privilege count in the
  531. // structure for us.
  532. //
  534. SepConcatenatePrivileges(
  535. AuxData->PrivilegesUsed,
  536. sizeof(INITIAL_PRIVILEGE_SET),
  537. Privileges
  538. );
  540. }
  542. return( STATUS_SUCCESS );
  544. }
  547. VOID
  548. SepConcatenatePrivileges(
  549. IN PPRIVILEGE_SET TargetPrivilegeSet,
  550. IN ULONG TargetBufferSize,
  551. IN PPRIVILEGE_SET SourcePrivilegeSet
  552. )
  554. /*++
  556. Routine Description:
  558. Takes two privilege sets and appends the second to the end of the
  559. first.
  561. There must be enough space left at the end of the first privilege
  562. set to contain the second.
  564. Arguments:
  566. TargetPrivilegeSet - Supplies a buffer containing a privilege set.
  567. The buffer must be large enough to contain the second privilege
  568. set.
  570. TargetBufferSize - Supplies the size of the target buffer.
  572. SourcePrivilegeSet - Supplies the privilege set to be copied
  573. into the target buffer.
  575. Return Value:
  577. None
  579. --*/
  581. {
  582. PVOID Base;
  583. PVOID Source;
  584. ULONG Length;
  586. PAGED_CODE();
  588. ASSERT( ((ULONG)SepPrivilegeSetSize( TargetPrivilegeSet ) +
  589. (ULONG)SepPrivilegeSetSize( SourcePrivilegeSet ) -
  590. SEP_PRIVILEGE_SET_HEADER_SIZE ) <=
  591. TargetBufferSize
  592. );
  594. Base = (PVOID)((ULONG_PTR)TargetPrivilegeSet + SepPrivilegeSetSize( TargetPrivilegeSet ));
  596. Source = (PVOID) ((ULONG_PTR)SourcePrivilegeSet + SEP_PRIVILEGE_SET_HEADER_SIZE);
  598. Length = SourcePrivilegeSet->PrivilegeCount * sizeof(LUID_AND_ATTRIBUTES);
  600. RtlMoveMemory(
  601. Base,
  602. Source,
  603. Length
  604. );
  606. TargetPrivilegeSet->PrivilegeCount += SourcePrivilegeSet->PrivilegeCount;
  608. }