ReactOS 0.4.16-dev-737-g3368adc
|
#include <ntoskrnl.h>
#include <debug.h>
Go to the source code of this file.
Classes | |
struct | _SEP_LOGON_SESSION_TERMINATED_NOTIFICATION |
Macros | |
#define | NDEBUG |
#define | POLICY_AUDIT_EVENT_TYPE_COUNT 9 |
Functions | |
VOID NTAPI | SepRmCommandServerThread (_In_ PVOID StartContext) |
Manages the SRM server API commands, that is, receiving such API command messages from the user mode side of the security standpoint, the LSASS. | |
static NTSTATUS | SepCleanupLUIDDeviceMapDirectory (_In_ PLUID LogonLuid) |
Cleans the DOS device map directory of a logon session. | |
static NTSTATUS | SepRmCreateLogonSession (_In_ PLUID LogonLuid) |
Creates a logon session. The security reference monitoring (SRM) module of Executive uses this as an internal kernel data for respective logon sessions management within the kernel, as in form of a SEP_LOGON_SESSION_REFERENCES data structure. | |
NTSTATUS NTAPI | SepRegQueryHelper (_In_ PCWSTR KeyName, _In_ PCWSTR ValueName, _In_ ULONG ValueType, _In_ ULONG DataLength, _Out_ PVOID ValueData) |
A private registry helper that returns the desired value data based on the specifics requested by the caller. | |
BOOLEAN NTAPI | SeRmInitPhase0 (VOID) |
Manages the phase 0 initialization of the security reference monitoring module of the kernel. | |
BOOLEAN NTAPI | SeRmInitPhase1 (VOID) |
Manages the phase 1 initialization of the security reference monitoring module of the kernel. | |
static VOID | SepAdtInitializeBounds (VOID) |
Initializes the local security authority audit bounds. | |
static NTSTATUS | SepRmSetAuditEvent (_Inout_ PSEP_RM_API_MESSAGE Message) |
Sets an audit event for future security auditing monitoring. | |
NTSTATUS NTAPI | SepRmInsertLogonSessionIntoToken (_Inout_ PTOKEN Token) |
Inserts a logon session into an access token specified by the caller. | |
NTSTATUS NTAPI | SepRmRemoveLogonSessionFromToken (_Inout_ PTOKEN Token) |
Removes a logon session from an access token. | |
static NTSTATUS | SepRmDeleteLogonSession (_In_ PLUID LogonLuid) |
Deletes a logon session from the logon sessions database. | |
NTSTATUS | SepRmReferenceLogonSession (_In_ PLUID LogonLuid) |
References a logon session. | |
NTSTATUS | SepRmDereferenceLogonSession (_In_ PLUID LogonLuid) |
De-references a logon session. If the session has a reference count of 0 by the time the function has de-referenced the logon, that means the session is no longer used and can be safely deleted from the logon sessions database. | |
BOOLEAN NTAPI | SepRmCommandServerThreadInit (VOID) |
Main SRM server thread initialization function. It deals with security manager and LSASS port connection, thus thereby allowing communication between the kernel side (the SRM) and user mode side (the LSASS) of the security world of the operating system. | |
NTSTATUS NTAPI | SeGetLogonIdDeviceMap (_In_ PLUID LogonId, _Out_ PDEVICE_MAP *DeviceMap) |
Retrieves the DOS device map from a logon session. | |
NTSTATUS NTAPI | SeMarkLogonSessionForTerminationNotification (_In_ PLUID LogonId) |
Marks a logon session for future termination, given its logon ID. This triggers a callout (the registered callback) when the logon is no longer used by anyone, that is, no token is still referencing the speciffied logon session. | |
NTSTATUS NTAPI | SeRegisterLogonSessionTerminatedRoutine (_In_ PSE_LOGON_SESSION_TERMINATED_ROUTINE CallbackRoutine) |
Registers a callback that will be called once a logon session terminates. | |
NTSTATUS NTAPI | SeUnregisterLogonSessionTerminatedRoutine (_In_ PSE_LOGON_SESSION_TERMINATED_ROUTINE CallbackRoutine) |
Un-registers a callback routine, previously registered by SeRegisterLogonSessionTerminatedRoutine function. | |
typedef struct _SEP_LOGON_SESSION_TERMINATED_NOTIFICATION * PSEP_LOGON_SESSION_TERMINATED_NOTIFICATION |
Retrieves the DOS device map from a logon session.
[in] | LogonId | A valid logon session ID. |
[out] | DeviceMap | The returned device map buffer from the logon session. |
Definition at line 1347 of file srm.c.
Referenced by ObpReferenceDeviceMap(), and ObpSetCurrentProcessDeviceMap().
Marks a logon session for future termination, given its logon ID. This triggers a callout (the registered callback) when the logon is no longer used by anyone, that is, no token is still referencing the speciffied logon session.
[in] | LogonId | The ID of the logon session. |
Definition at line 1510 of file srm.c.
Referenced by LogonMarkTermination().
Initializes the local security authority audit bounds.
Definition at line 274 of file srm.c.
Referenced by SepRmSetAuditEvent().
Cleans the DOS device map directory of a logon session.
[in] | LogonLuid | A logon session ID where its DOS device map directory is to be cleaned. |
Definition at line 751 of file srm.c.
Referenced by SepRmDeleteLogonSession(), and SepRmDereferenceLogonSession().
NTSTATUS NTAPI SepRegQueryHelper | ( | _In_ PCWSTR | KeyName, |
_In_ PCWSTR | ValueName, | ||
_In_ ULONG | ValueType, | ||
_In_ ULONG | DataLength, | ||
_Out_ PVOID | ValueData | ||
) |
A private registry helper that returns the desired value data based on the specifics requested by the caller.
[in] | KeyName | Name of the key. |
[in] | ValueName | Name of the registry value. |
[in] | ValueType | The type of the registry value. |
[in] | DataLength | The data length, in bytes, representing the size of the registry value. |
[out] | ValueData | The requested value data provided by the function. |
Definition at line 93 of file srm.c.
Referenced by SepAdtInitializeBounds(), and SepImpersonateAnonymousToken().
Manages the SRM server API commands, that is, receiving such API command messages from the user mode side of the security standpoint, the LSASS.
Definition at line 1226 of file srm.c.
Referenced by SeRmInitPhase1().
Main SRM server thread initialization function. It deals with security manager and LSASS port connection, thus thereby allowing communication between the kernel side (the SRM) and user mode side (the LSASS) of the security world of the operating system.
Definition at line 1075 of file srm.c.
Referenced by SepRmCommandServerThread().
Creates a logon session. The security reference monitoring (SRM) module of Executive uses this as an internal kernel data for respective logon sessions management within the kernel, as in form of a SEP_LOGON_SESSION_REFERENCES data structure.
[in] | LogonLuid | A logon ID represented as a LUID. This LUID is used to create our logon session and add it to the sessions database. |
Definition at line 512 of file srm.c.
Referenced by SepRmCommandServerThread(), and SeRmInitPhase0().
Deletes a logon session from the logon sessions database.
[in] | LogonLuid | A logon ID represented as a LUID. This LUID is used to point the exact logon session saved within the database. |
Definition at line 590 of file srm.c.
Referenced by SepRmCommandServerThread().
De-references a logon session. If the session has a reference count of 0 by the time the function has de-referenced the logon, that means the session is no longer used and can be safely deleted from the logon sessions database.
[in] | LogonLuid | A logon session ID to de-reference. |
Definition at line 1008 of file srm.c.
Referenced by SeGetLogonIdDeviceMap().
Inserts a logon session into an access token specified by the caller.
[in,out] | Token | An access token where the logon session is about to be inserted in. |
Definition at line 368 of file srm.c.
Referenced by SepCreateToken(), SepDuplicateToken(), and SepPerformTokenFiltering().
References a logon session.
[in] | LogonLuid | A valid LUID that points to the logon session in the database that we're going to reference it. |
Definition at line 695 of file srm.c.
Removes a logon session from an access token.
[in,out] | Token | An access token whose logon session is to be removed from it. |
Definition at line 449 of file srm.c.
Referenced by NtSetInformationToken(), and SepDeleteToken().
|
static |
Sets an audit event for future security auditing monitoring.
[in,out] | Message | The reference monitoring API message. It is used to determine if the right API message number is provided, RmAuditSetCommand in this case. |
Definition at line 324 of file srm.c.
Referenced by SepRmCommandServerThread().
NTSTATUS NTAPI SeRegisterLogonSessionTerminatedRoutine | ( | _In_ PSE_LOGON_SESSION_TERMINATED_ROUTINE | CallbackRoutine | ) |
Registers a callback that will be called once a logon session terminates.
[in] | CallbackRoutine | Callback routine address. |
Definition at line 1572 of file srm.c.
Manages the phase 0 initialization of the security reference monitoring module of the kernel.
Definition at line 176 of file srm.c.
Referenced by SepInitializationPhase0().
Manages the phase 1 initialization of the security reference monitoring module of the kernel.
Definition at line 211 of file srm.c.
Referenced by Phase1InitializationDiscard().
NTSTATUS NTAPI SeUnregisterLogonSessionTerminatedRoutine | ( | _In_ PSE_LOGON_SESSION_TERMINATED_ROUTINE | CallbackRoutine | ) |
Un-registers a callback routine, previously registered by SeRegisterLogonSessionTerminatedRoutine function.
[in] | CallbackRoutine | Callback routine address to un-register. |
Definition at line 1621 of file srm.c.
|
extern |
Definition at line 21 of file token.c.
Referenced by SepCreateSystemAnonymousLogonToken(), SepCreateSystemAnonymousLogonTokenNoEveryone(), SepRmDeleteLogonSession(), SeRmInitPhase0(), and SeTokenCanImpersonate().
UCHAR SeAuditingState[POLICY_AUDIT_EVENT_TYPE_COUNT] |
Definition at line 59 of file srm.c.
Referenced by SepRmSetAuditEvent().
HANDLE SeLsaInitEvent |
Definition at line 46 of file srm.c.
Referenced by SepRmCommandServerThreadInit(), and SeRmInitPhase1().
BOOLEAN SepAdtAuditingEnabled |
Definition at line 54 of file srm.c.
Referenced by SepRmSetAuditEvent().
ULONG SepAdtMaxListLength = 0x3000 |
Definition at line 56 of file srm.c.
Referenced by SepAdtInitializeBounds().
ULONG SepAdtMinListLength = 0x2000 |
Definition at line 55 of file srm.c.
Referenced by SepAdtInitializeBounds().
PVOID SepCommandPortViewBase |
Definition at line 48 of file srm.c.
Referenced by SepRmCommandServerThreadInit().
ULONG_PTR SepCommandPortViewBaseOffset |
Definition at line 50 of file srm.c.
Referenced by SepRmCommandServerThreadInit().
PVOID SepCommandPortViewRemoteBase |
Definition at line 49 of file srm.c.
Referenced by SepRmCommandServerThreadInit().
PSEP_LOGON_SESSION_TERMINATED_NOTIFICATION SepLogonNotifications = NULL |
Definition at line 63 of file srm.c.
Referenced by SeRegisterLogonSessionTerminatedRoutine(), and SeUnregisterLogonSessionTerminatedRoutine().
PSEP_LOGON_SESSION_REFERENCES SepLogonSessions = NULL |
Definition at line 62 of file srm.c.
Referenced by SeGetLogonIdDeviceMap(), SeMarkLogonSessionForTerminationNotification(), SepRmCreateLogonSession(), SepRmDeleteLogonSession(), SepRmDereferenceLogonSession(), SepRmInsertLogonSessionIntoToken(), SepRmReferenceLogonSession(), and SepRmRemoveLogonSessionFromToken().
|
static |
Definition at line 52 of file srm.c.
Referenced by SepRmCommandServerThread(), and SepRmCommandServerThreadInit().
KGUARDED_MUTEX SepRmDbLock |
Definition at line 61 of file srm.c.
Referenced by SeGetLogonIdDeviceMap(), SeMarkLogonSessionForTerminationNotification(), SepRmCreateLogonSession(), SepRmDeleteLogonSession(), SepRmDereferenceLogonSession(), SepRmInsertLogonSessionIntoToken(), SepRmReferenceLogonSession(), SepRmRemoveLogonSessionFromToken(), SeRegisterLogonSessionTerminatedRoutine(), SeRmInitPhase0(), and SeUnregisterLogonSessionTerminatedRoutine().
|
extern |
Definition at line 20 of file token.c.
Referenced by SepCreateSystemProcessToken(), SepRmDeleteLogonSession(), and SeRmInitPhase0().