https://git.reactos.org/?p=reactos.git;a=commitdiff;h=11d9c88c35951d4e9f4b1…
commit 11d9c88c35951d4e9f4b1dee76a4917e46e27c0e
Author: George Bișoc <george.bisoc(a)reactos.org>
AuthorDate: Mon Apr 18 10:39:33 2022 +0200
Commit: George Bișoc <george.bisoc(a)reactos.org>
CommitDate: Tue Apr 19 11:04:59 2022 +0200
[NTOS:SE] Add token debug code
Implement initial token debug code. For now debug information that is being tracked are: process image file name, process and thread client IDs and token creation method. More specific debug code can be added later only if needed.
As for the token creation method, this follows the same principle as on Windows where the creation method is defined by a value denoting the first letter of the said method of creation. That is, 0xC is for token creation, 0xD is for token duplication and 0xF is for token filtering. The debug field names are taken from Windows PDB symbols for WinDBG debug extension support purposes. The names must not be changed!
---
ntoskrnl/include/internal/se.h | 4 ++++
ntoskrnl/se/token.c | 48 ++++++++++++++++++++++++++++++++++++++++++
sdk/include/ndk/setypes.h | 16 +++++++++++++-
3 files changed, 67 insertions(+), 1 deletion(-)
diff --git a/ntoskrnl/include/internal/se.h b/ntoskrnl/include/internal/se.h
index 46cf4380488..90c318878a9 100644
--- a/ntoskrnl/include/internal/se.h
+++ b/ntoskrnl/include/internal/se.h
@@ -34,6 +34,10 @@ typedef struct _TOKEN_AUDIT_POLICY_INFORMATION
} Policies[1];
} TOKEN_AUDIT_POLICY_INFORMATION, *PTOKEN_AUDIT_POLICY_INFORMATION;
+#define TOKEN_CREATE_METHOD 0xCUL
+#define TOKEN_DUPLICATE_METHOD 0xDUL
+#define TOKEN_FILTER_METHOD 0xFUL
+
FORCEINLINE
PSID
SepGetGroupFromDescriptor(
diff --git a/ntoskrnl/se/token.c b/ntoskrnl/se/token.c
index c0f3e08585a..1415e36009d 100644
--- a/ntoskrnl/se/token.c
+++ b/ntoskrnl/se/token.c
@@ -1086,6 +1086,17 @@ SepDuplicateToken(
goto Quit;
}
+ /* Fill in token debug information */
+#if DBG
+ RtlCopyMemory(AccessToken->ImageFileName,
+ PsGetCurrentProcess()->ImageFileName,
+ min(sizeof(AccessToken->ImageFileName), sizeof(PsGetCurrentProcess()->ImageFileName)));
+
+ AccessToken->ProcessCid = PsGetCurrentProcessId();
+ AccessToken->ThreadCid = PsGetCurrentThreadId();
+ AccessToken->CreateMethod = TOKEN_DUPLICATE_METHOD;
+#endif
+
/* Assign the data that reside in the TOKEN's variable information area */
AccessToken->VariableLength = VariableLength;
EndMem = (PVOID)&AccessToken->VariablePart;
@@ -1844,6 +1855,32 @@ SepCreateToken(
goto Quit;
}
+ /* Fill in token debug information */
+#if DBG
+ /*
+ * We must determine ourselves that the current
+ * process is not the initial CPU one. The initial
+ * process is not a "real" process, that is, the
+ * Process Manager has not yet been initialized and
+ * as a matter of fact we are creating a token before
+ * any process gets created by Ps. If it turns out
+ * that the current process is the initial CPU process
+ * where token creation execution takes place, don't
+ * do anything.
+ */
+ if (PsGetCurrentProcess() != &KiInitialProcess)
+ {
+ RtlCopyMemory(AccessToken->ImageFileName,
+ PsGetCurrentProcess()->ImageFileName,
+ min(sizeof(AccessToken->ImageFileName), sizeof(PsGetCurrentProcess()->ImageFileName)));
+
+ AccessToken->ProcessCid = PsGetCurrentProcessId();
+ AccessToken->ThreadCid = PsGetCurrentThreadId();
+ }
+
+ AccessToken->CreateMethod = TOKEN_CREATE_METHOD;
+#endif
+
/* Assign the data that reside in the TOKEN's variable information area */
AccessToken->VariableLength = VariableLength;
EndMem = (PVOID)&AccessToken->VariablePart;
@@ -2181,6 +2218,17 @@ SepPerformTokenFiltering(
goto Quit;
}
+ /* Fill in token debug information */
+#if DBG
+ RtlCopyMemory(AccessToken->ImageFileName,
+ PsGetCurrentProcess()->ImageFileName,
+ min(sizeof(AccessToken->ImageFileName), sizeof(PsGetCurrentProcess()->ImageFileName)));
+
+ AccessToken->ProcessCid = PsGetCurrentProcessId();
+ AccessToken->ThreadCid = PsGetCurrentThreadId();
+ AccessToken->CreateMethod = TOKEN_FILTER_METHOD;
+#endif
+
/* Assign the data that reside in the token's variable information area */
AccessToken->VariableLength = VariableLength;
EndMem = (PVOID)&AccessToken->VariablePart;
diff --git a/sdk/include/ndk/setypes.h b/sdk/include/ndk/setypes.h
index b76b0a144ff..1f54e097318 100644
--- a/sdk/include/ndk/setypes.h
+++ b/sdk/include/ndk/setypes.h
@@ -204,6 +204,14 @@ typedef struct _SECURITY_TOKEN_PROXY_DATA
//
// Token and auxiliary data
//
+// ===================!!!IMPORTANT NOTE!!!=====================
+// ImageFileName, ProcessCid, ThreadCid and CreateMethod field
+// names are taken from Windows Server 2003 SP2 checked build
+// WinDBG debug extensions command purposes (such as !logonsession
+// command respectively). As such names are hardcoded, we have
+// to be compatible with them. THESE FIELD NAMES MUST NOT BE
+// CHANGED!!!
+// ============================================================
typedef struct _TOKEN
{
TOKEN_SOURCE TokenSource; /* 0x00 */
@@ -236,7 +244,13 @@ typedef struct _TOKEN
PSECURITY_TOKEN_AUDIT_DATA AuditData; /* 0x94 */
PSEP_LOGON_SESSION_REFERENCES LogonSession; /* 0x98 */
LUID OriginatingLogonSession; /* 0x9C */
- ULONG VariablePart; /* 0xA4 */
+#if DBG
+ UCHAR ImageFileName[16]; /* 0xA4 */
+ HANDLE ProcessCid; /* 0xB4 */
+ HANDLE ThreadCid; /* 0xB8 */
+ ULONG CreateMethod; /* 0xBC */
+#endif
+ ULONG VariablePart; /* 0xC0 */
} TOKEN, *PTOKEN;
typedef struct _AUX_ACCESS_DATA