/*
* @implemented
*/
VOID
NTAPI
SeCaptureSubjectContextEx(IN PETHREAD Thread,
IN PEPROCESS Process,
OUT PSECURITY_SUBJECT_CONTEXT SubjectContext)
{
BOOLEAN CopyOnOpen, EffectiveOnly;
PAGED_CODE();
/* Save the unique ID */
SubjectContext->ProcessAuditId = Process->UniqueProcessId;
/* Check if we have a thread */
if (!Thread)
{
/* We don't, so no token */
SubjectContext->ClientToken = NULL;
}
else
{
/* Get the impersonation token */
SubjectContext->ClientToken = PsReferenceImpersonationToken(Thread,
&CopyOnOpen,
&EffectiveOnly,
&SubjectContext->ImpersonationLevel);
}
/* Get the primary token */
SubjectContext->PrimaryToken = PsReferencePrimaryToken(Process);
}
NTSTATUS
GetProcessLuid(
IN PETHREAD Thread OPTIONAL,
IN PEPROCESS Process OPTIONAL,
OUT PLUID Luid)
{
NTSTATUS Status;
PACCESS_TOKEN Token = NULL;
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
BOOLEAN CopyOnOpen, EffectiveOnly;
if (Thread && Process)
return STATUS_INVALID_PARAMETER;
/* If nothing has been specified, use the current thread */
if (!Thread && !Process)
Thread = PsGetCurrentThread();
if (Thread)
{
/* Use a thread token */
ASSERT(!Process);
Token = PsReferenceImpersonationToken(Thread,
&CopyOnOpen,
&EffectiveOnly,
&ImpersonationLevel);
/* If we don't have a thread token, use a process token */
if (!Token)
Process = PsGetThreadProcess(Thread);
}
if (!Token && Process)
{
/* Use a process token */
Token = PsReferencePrimaryToken(Process);
/* If we don't have a token, fail */
if (!Token)
return STATUS_NO_TOKEN;
}
ASSERT(Token);
/* Query the LUID */
Status = SeQueryAuthenticationIdToken(Token, Luid);
/* Get rid of the token and return */
ObDereferenceObject(Token);
return Status;
}
NTSTATUS
SepOpenTokenOfThread(
IN HANDLE ThreadHandle,
IN BOOLEAN OpenAsSelf,
OUT PACCESS_TOKEN *Token,
OUT PETHREAD *Thread,
OUT PBOOLEAN CopyOnOpen,
OUT PBOOLEAN EffectiveOnly,
OUT PSECURITY_IMPERSONATION_LEVEL ImpersonationLevel
)
/*++
Routine Description:
This function does the thread specific processing of
an NtOpenThreadToken() service.
The service validates that the handle has appropriate access
to reference the thread. If so, it goes on to increment
the reference count of the token object to prevent it from
going away while the rest of the NtOpenThreadToken() request
is processed.
NOTE: If this call completes successfully, the caller is responsible
for decrementing the reference count of the target token.
This must be done using PsDereferenceImpersonationToken().
Arguments:
ThreadHandle - Supplies a handle to a thread object.
OpenAsSelf - Is a boolean value indicating whether the access should
be made using the calling thread's current security context, which
may be that of a client (if impersonating), or using the caller's
process-level security context. A value of FALSE indicates the
caller's current context should be used un-modified. A value of
TRUE indicates the request should be fulfilled using the process
level security context.
Token - If successful, receives a pointer to the thread's token
object.
CopyOnOpen - The current value of the Thread->Client->CopyOnOpen field.
EffectiveOnly - The current value of the Thread->Client->EffectiveOnly field.
ImpersonationLevel - The current value of the Thread->Client->ImpersonationLevel
field.
Return Value:
STATUS_SUCCESS - Indicates the call completed successfully.
STATUS_NO_TOKEN - Indicates the referenced thread is not currently
impersonating a client.
STATUS_CANT_OPEN_ANONYMOUS - Indicates the client requested anonymous
impersonation level. An anonymous token can not be openned.
status may also be any value returned by an attemp the reference
the thread object for THREAD_QUERY_INFORMATION access.
--*/
{
NTSTATUS
Status;
KPROCESSOR_MODE
PreviousMode;
SE_IMPERSONATION_STATE
DisabledImpersonationState;
BOOLEAN
RestoreImpersonationState = FALSE;
PreviousMode = KeGetPreviousMode();
//
// Disable impersonation if necessary
//
if (OpenAsSelf) {
RestoreImpersonationState = PsDisableImpersonation(
PsGetCurrentThread(),
&DisabledImpersonationState
);
}
//
// Make sure the handle grants the appropriate access to the specified
// thread.
//
Status = ObReferenceObjectByHandle(
ThreadHandle,
THREAD_QUERY_INFORMATION,
PsThreadType,
PreviousMode,
(PVOID *)Thread,
NULL
);
if (RestoreImpersonationState) {
PsRestoreImpersonation(
PsGetCurrentThread(),
&DisabledImpersonationState
);
}
if (!NT_SUCCESS(Status)) {
return Status;
}
//
// Reference the impersonation token, if there is one
//
(*Token) = PsReferenceImpersonationToken( *Thread,
CopyOnOpen,
EffectiveOnly,
ImpersonationLevel
);
//
// Make sure there is a token
//
if ((*Token) == NULL) {
ObDereferenceObject( *Thread );
(*Thread) = NULL;
return STATUS_NO_TOKEN;
}
//
// Make sure the ImpersonationLevel is high enough to allow
// the token to be openned.
//
if ((*ImpersonationLevel) <= SecurityAnonymous) {
PsDereferenceImpersonationToken( (*Token) );
ObDereferenceObject( *Thread );
(*Thread) = NULL;
(*Token) = NULL;
return STATUS_CANT_OPEN_ANONYMOUS;
}
return STATUS_SUCCESS;
}
VOID
SeCaptureSubjectContextEx (
__in PETHREAD Thread,
__in PEPROCESS Process,
__out PSECURITY_SUBJECT_CONTEXT SubjectContext
)
/*++
Routine Description:
This routine takes a snapshot of the calling thread's security
context (locking tokens as necessary to do so). This function
is intended to support the object manager and other components
that utilize the reference monitor's access validation,
privilege test, and audit generation services.
A subject's security context should be captured before initiating
access validation and should be released after audit messages
are generated. This is necessary to provide a consistent security
context to all those services.
After calling access validation, privilege test, and audit generation
services, the captured context should be released as soon as possible
using the SeReleaseSubjectContext() service.
Arguments:
Thread - Thread to capture the thread token from. If NULL we don't capture
an impersonation token.
Process - Process to capture primary token from.
SubjectContext - Points to a SECURITY_SUBJECT_CONTEXT data structure
to be filled in with a snapshot of the calling thread's security
profile.
Return Value:
none.
--*/
{
BOOLEAN IgnoreCopyOnOpen;
BOOLEAN IgnoreEffectiveOnly;
PAGED_CODE();
SubjectContext->ProcessAuditId = PsProcessAuditId( Process );
//
// Get pointers to primary and impersonation tokens
//
if (Thread == NULL) {
SubjectContext->ClientToken = NULL;
} else {
SubjectContext->ClientToken = PsReferenceImpersonationToken(
Thread,
&IgnoreCopyOnOpen,
&IgnoreEffectiveOnly,
&(SubjectContext->ImpersonationLevel)
);
}
SubjectContext->PrimaryToken = PsReferencePrimaryToken(Process);
#if DBG || TOKEN_LEAK_MONITOR
if (SubjectContext->PrimaryToken) {
InterlockedIncrement(&((PTOKEN)(SubjectContext->PrimaryToken))->CaptureCount);
if (SubjectContext->PrimaryToken == SepTokenLeakToken)
{
DbgBreakPoint();
}
}
if (SubjectContext->ClientToken) {
InterlockedIncrement(&((PTOKEN)(SubjectContext->ClientToken))->CaptureCount);
if (SubjectContext->ClientToken == SepTokenLeakToken)
{
DbgBreakPoint();
}
}
#endif
return;
}
