[RTL] Improve usage of absolte vs self-relative security descriptors

- RtlpQuerySecurityDescriptor: Change argument type of first parameter from PISECURITY_DESCRIPTOR to PSECURITY_DESCRIPTOR, since

[RTL] Improve usage of absolte vs self-relative security descriptors

- RtlpQuerySecurityDescriptor: Change argument type of first parameter from PISECURITY_DESCRIPTOR to PSECURITY_DESCRIPTOR, since it handles both absolute and self-relative SDs.
- RtlMakeSelfRelativeSD: rename first parameter from AbsoluteSD to SecurityDescriptor, since it handles both absolute and self-relative SDs.
- SepGetGroupFromDescriptor/SepGetOwnerFromDescriptor/SepGetDaclFromDescriptor/SepGetSaclFromDescriptor: Change parameter type from PVOID to PSECURITY_DESCRIPTOR for clarity.

show more ...

[NTOS:SE] Let SepGetSidFromAce figure out the ACE type

As the commit title says. Instead of having the caller figuring out what
the ACE type should be of the ACE.

[NTOS:SE] Declare function prototypes & add OBJECT_TYPE_LIST_INTERNAL

OBJECT_TYPE_LIST_INTERNAL will serve as an internal kernel data structure
to hold validated object type contents that are copied

[NTOS:SE] Declare function prototypes & add OBJECT_TYPE_LIST_INTERNAL

OBJECT_TYPE_LIST_INTERNAL will serve as an internal kernel data structure
to hold validated object type contents that are copied from UM.

The difference between the public and the internal one is that the internal structure has
an additional member for access check rights that have been granted on each
object element in the list.

show more ...

[NTOS:SE] Do not allocate memory pool just for the access rights

Access check is an expensive operation, that is, whenever an access to an
object is performed an access check has to be done to ensur

[NTOS:SE] Do not allocate memory pool just for the access rights

Access check is an expensive operation, that is, whenever an access to an
object is performed an access check has to be done to ensure the access
can be allowed to the calling thread who attempts to access such object.

Currently SepAnalyzeAcesFromDacl allocates a block of pool memory for
access check rights, nagging the Memory Manager like a desperate naughty
creep. So instead initialize the access rights as a simple variable in
SepAccessCheck and pass it out as an address to SepAnalyzeAcesFromDacl so
that the function will fill it up with access rights. This helps with
performance, avoiding wasting a few bits of memory just to hold these
access rights.

In addition to that, add a few asserts and fix the copyright header on
both se.h and accesschk.c, to reflect the Coding Style rules.

show more ...

[NTOS:SE] Implement security debug facility routines

debug.c will serve as a centralized facility for security debugging routines and everything related to that. This file will be expanded with furt

[NTOS:SE] Implement security debug facility routines

debug.c will serve as a centralized facility for security debugging routines and everything related to that. This file will be expanded with further debug functions for the Security subsystem if needed.

show more ...

[NTOS:SE] Properly handle dynamic counters in token

On current master, ReactOS faces these problems:

- ObCreateObject charges both paged and non paged pool a size of TOKEN structure, not the actual

[NTOS:SE] Properly handle dynamic counters in token

On current master, ReactOS faces these problems:

- ObCreateObject charges both paged and non paged pool a size of TOKEN structure, not the actual dynamic contents of WHAT IS inside a token. For paged pool charge the size is that of the dynamic area (primary group + default DACL if any). This is basically what DynamicCharged is for.
For the non paged pool charge, the actual charge is that of TOKEN structure upon creation. On duplication and filtering however, the paged pool charge size is that of the inherited dynamic charged space from an existing token whereas the non paged pool size is that of the calculated token body
length for the new duplicated/filtered token. On current master, we're literally cheating the kernel by charging the wrong amount of quota not taking into account the dynamic contents which they come from UM.

- Both DynamicCharged and DynamicAvailable are not fully handled (DynamicAvailable is pretty much poorly handled with some cases still to be taking into account). DynamicCharged is barely handled, like at all.

- As a result of these two points above, NtSetInformationToken doesn't check when the caller wants to set up a new default token DACL or primary group if the newly DACL or the said group exceeds the dynamic charged boundary. So what happens is that I'm going to act like a smug bastard fat politician and whack
the primary group and DACL of an token however I want to, because why in the hell not? In reality no, the kernel has to punish whoever attempts to do that, although we currently don't.

- The dynamic area (aka DynamicPart) only picks up the default DACL but not the primary group as well. Generally the dynamic part is composed of primary group and default DACL, if provided.

In addition to that, we aren't returning the dynamic charged and available area in token statistics. SepComputeAvailableDynamicSpace helper is here to accommodate that. Apparently Windows is calculating the dynamic available area rather than just querying the DynamicAvailable field directly from the token.
My theory regarding this is like the following: on Windows both TokenDefaultDacl and TokenPrimaryGroup classes are barely used by the system components during startup (LSASS provides both a DACL and primary group when calling NtCreateToken anyway). In fact DynamicAvailable is 0 during token creation, duplication and filtering when inspecting a token with WinDBG. So
if an application wants to query token statistics that application will face a dynamic available space of 0.

show more ...

[NTOS:SE] NtQueryInformationToken: implement token sandbox inert querying

[NTOS:SE] Reorganize the security manager component

The current state of Security manager's code is kind of a mess. Mainly, there's code scattered around places where they shouldn't belong and token

[NTOS:SE] Reorganize the security manager component

The current state of Security manager's code is kind of a mess. Mainly, there's code scattered around places where they shouldn't belong and token implementation (token.c) is already of a bloat in itself as it is. The file has over 6k lines and it's subject to grow exponentially with improvements, features, whatever that is.

With that being said, the token implementation code in the kernel will be split accordingly and rest of the code moved to appropriate places. The new layout will look as follows (excluding the already existing files):

- client.c (Client security implementation code)
- objtype.c (Object type list implementation code -- more code related to object types will be put here when I'm going to implement object type access checks in the future)
- subject.c (Subject security context support)

The token implementation in the kernel will be split in 4 distinct files as shown:

- token.c (Base token support routines)
- tokenlif.c (Life management of a token object -- that is Duplication, Creation and Filtering)
- tokencls.c (Token Query/Set Information Classes support)
- tokenadj.c (Token privileges/groups adjusting support)

In addition to that, tidy up the internal header and reorganize it as well.

show more ...

[NTOS:SE] Add SepGetSidFromAce prototype & Niscellaneous Stuff

[NTOS:SE] Add token debug code

Implement initial token debug code. For now debug information that is being tracked are: process image file name, process and thread client IDs and token creation meth

[NTOS:SE] Add token debug code

Implement initial token debug code. For now debug information that is being tracked are: process image file name, process and thread client IDs and token creation method. More specific debug code can be added later only if needed.

As for the token creation method, this follows the same principle as on Windows where the creation method is defined by a value denoting the first letter of the said method of creation. That is, 0xC is for token creation, 0xD is for token duplication and 0xF is for token filtering. The debug field names are taken from Windows PDB symbols for WinDBG debug extension support purposes. The names must not be changed!

show more ...

[FORMATTING] Remove trailing whitespace. Addendum to 34593d93.

Excluded: 3rd-party code (incl. wine) and most of the win32ss.

[NTOS:SE] Annotate the remaining functions with SAL

[NTOS:SE] Implement logon reference insertion/removal to tokens

[NTOS:SE] Move SQOS capturing in its own file

* Quality of service kernel stuff bears nothing with security descriptors in anyway, so just have a file specifically for it
* Annotate the function arg

[NTOS:SE] Move SQOS capturing in its own file

* Quality of service kernel stuff bears nothing with security descriptors in anyway, so just have a file specifically for it
* Annotate the function arguments parameters with SAL
* Document the functions

show more ...

[NTOS:SE] Do some cleanup on ICIF flags in token information classes

A few of these classes have fixed size lengths, the rest are arbitrary. Also the TokenAuditPolicy class hasn't a size length type

[NTOS:SE] Do some cleanup on ICIF flags in token information classes

A few of these classes have fixed size lengths, the rest are arbitrary. Also the TokenAuditPolicy class hasn't a size length type specified in the table, which is wrong (and move the corresponding TOKEN_AUDIT_POLICY_INFORMATION structure into the private header).

show more ...

[REACTOS] Addendum to 5c7ce4475e246560d1622b8cc60dc603e3955f66 - Fix MSVC 2015 build

Put data into PAGEDATA or INITDATA sections
Keep section declaration for prototypes

CORE-17540

[NTOS:SE] Implement SeTokenCanImpersonate routine

SeTokenCanImpersonate ensures whether the client impersonation can occur, and if not, the call signals this to the caller.

[NTOS:SE] Add the declaration prototype of SepRegQueryHelper in the internal header

[NTOS:SE] Create the anonymous logon tokens on Security initialisation phase

[NTOS:SE] Implement SepCreateSystemAnonymousLogonToken and SepCreateSystemAnonymousLogonTokenNoEveryone functions

These private functions are needed to set up two different kinds of system's anonymo

[NTOS:SE] Implement SepCreateSystemAnonymousLogonToken and SepCreateSystemAnonymousLogonTokenNoEveryone functions

These private functions are needed to set up two different kinds of system's anonymous logon tokens: one that includes everyone in the group and the other that doesn't. These functions are needed as next step closer to the
implementation of NtImpersonateAnonymousToken system call.

show more ...

[NTOS:SE] Set up an ACL and SD for the anonymous logon

[REACTOS] Cleanup INIT and some PAGE section allocations

- Change INIT_FUNCTION and INIT_SECTION to CODE_SEG("INIT") and DATA_SEG("INIT") respectively
- Remove INIT_FUNCTION from function prototypes

[REACTOS] Cleanup INIT and some PAGE section allocations

- Change INIT_FUNCTION and INIT_SECTION to CODE_SEG("INIT") and DATA_SEG("INIT") respectively
- Remove INIT_FUNCTION from function prototypes
- Remove alloc_text pragma calls as they are not needed anymore

show more ...

[NTOSKRNL] Stub SeGetLogonIdDeviceMap

[NTOSKRNL] Rewrite/fix our UUID generation implementation
So that it matches Windows behavior
Also implement ExUuidCreate that will generate UUID version 1

The implementation is based on the RFC 4122

[NDK][NTOS] Add global definition of INIT_FUNCTION/INIT_SECTION (#779)

* Add an NDK header to define INIT_FUNCTION/INIT_SECTION globally
* Use _declspec(allocate(x)) and _declspec(code_seg(x)) on M

[NDK][NTOS] Add global definition of INIT_FUNCTION/INIT_SECTION (#779)

* Add an NDK header to define INIT_FUNCTION/INIT_SECTION globally
* Use _declspec(allocate(x)) and _declspec(code_seg(x)) on MSVC versions that support it
* Use INIT_FUNCTION on functions only and INIT_SECTION on data only (required by MSVC)
* Place INIT_FUNCTION before the return type (required by MSVC)
* Make sure declarations and implementations share the same modifiers (required by MSVC)
* Add a global linker option to suppress warnings about defined but unused INIT section
* Merge INIT section into .text in freeldr

show more ...