ReactOS  0.4.15-dev-3017-g1d9542d
srm.c
Go to the documentation of this file.
1 /*
2  * PROJECT: ReactOS Kernel
3  * LICENSE: GPL-2.0-or-later (https://spdx.org/licenses/GPL-2.0-or-later)
4  * PURPOSE: Security Reference Monitor Server
5  * COPYRIGHT: Copyright Timo Kreuzer <timo.kreuzer@reactos.org>
6  * Copyright Pierre Schweitzer <pierre@reactos.org>
7  * Copyright 2021 George BiČ™oc <george.bisoc@reactos.org>
8  */
9 
10 /* INCLUDES *******************************************************************/
11 
12 #include <ntoskrnl.h>
13 #define NDEBUG
14 #include <debug.h>
15 
16 extern LUID SeSystemAuthenticationId;
17 extern LUID SeAnonymousAuthenticationId;
18 
19 /* PRIVATE DEFINITIONS ********************************************************/
20 
21 typedef struct _SEP_LOGON_SESSION_TERMINATED_NOTIFICATION
22 {
23  struct _SEP_LOGON_SESSION_TERMINATED_NOTIFICATION *Next;
24  PSE_LOGON_SESSION_TERMINATED_ROUTINE CallbackRoutine;
25 } SEP_LOGON_SESSION_TERMINATED_NOTIFICATION, *PSEP_LOGON_SESSION_TERMINATED_NOTIFICATION;
26 
27 VOID
28 NTAPI
29 SepRmCommandServerThread(
30  PVOID StartContext);
31 
32 static
33 NTSTATUS
34 SepCleanupLUIDDeviceMapDirectory(
35  _In_ PLUID LogonLuid);
36 
37 static
38 NTSTATUS
39 SepRmCreateLogonSession(
40  PLUID LogonLuid);
41 
42 
43 /* GLOBALS ********************************************************************/
44 
45 HANDLE SeRmCommandPort;
46 HANDLE SeLsaInitEvent;
47 
48 PVOID SepCommandPortViewBase;
49 PVOID SepCommandPortViewRemoteBase;
50 ULONG_PTR SepCommandPortViewBaseOffset;
51 
52 static HANDLE SepRmCommandMessagePort;
53 
54 BOOLEAN SepAdtAuditingEnabled;
55 ULONG SepAdtMinListLength = 0x2000;
56 ULONG SepAdtMaxListLength = 0x3000;
57 
58 #define POLICY_AUDIT_EVENT_TYPE_COUNT 9 // (AuditCategoryAccountLogon - AuditCategorySystem + 1)
59 UCHAR SeAuditingState[POLICY_AUDIT_EVENT_TYPE_COUNT];
60 
61 KGUARDED_MUTEX SepRmDbLock;
62 PSEP_LOGON_SESSION_REFERENCES SepLogonSessions = NULL;
63 PSEP_LOGON_SESSION_TERMINATED_NOTIFICATION SepLogonNotifications = NULL;
64 
65 
66 /* PRIVATE FUNCTIONS **********************************************************/
67 
92 NTSTATUS
93 NTAPI
94 SepRegQueryHelper(
95  _In_ PCWSTR KeyName,
96  _In_ PCWSTR ValueName,
97  _In_ ULONG ValueType,
98  _In_ ULONG DataLength,
99  _Out_ PVOID ValueData)
100 {
101  UNICODE_STRING ValueNameString;
102  UNICODE_STRING KeyNameString;
103  ULONG ResultLength;
104  OBJECT_ATTRIBUTES ObjectAttributes;
105  HANDLE KeyHandle = NULL;
106  struct
107  {
108  KEY_VALUE_PARTIAL_INFORMATION Partial;
109  UCHAR Buffer[64];
110  } KeyValueInformation;
111  NTSTATUS Status, CloseStatus;
112  PAGED_CODE();
113 
114  RtlInitUnicodeString(&KeyNameString, KeyName);
115  InitializeObjectAttributes(&ObjectAttributes,
116  &KeyNameString,
117  OBJ_KERNEL_HANDLE | OBJ_CASE_INSENSITIVE,
118  NULL,
119  NULL);
120 
121  Status = ZwOpenKey(&KeyHandle, KEY_QUERY_VALUE, &ObjectAttributes);
122  if (!NT_SUCCESS(Status))
123  {
124  return Status;
125  }
126 
127  RtlInitUnicodeString(&ValueNameString, ValueName);
128  Status = ZwQueryValueKey(KeyHandle,
129  &ValueNameString,
130  KeyValuePartialInformation,
131  &KeyValueInformation.Partial,
132  sizeof(KeyValueInformation),
133  &ResultLength);
134  if (!NT_SUCCESS(Status))
135  {
136  goto Cleanup;
137  }
138 
139  if ((KeyValueInformation.Partial.Type != ValueType) ||
140  (KeyValueInformation.Partial.DataLength != DataLength))
141  {
142  Status = STATUS_OBJECT_TYPE_MISMATCH;
143  goto Cleanup;
144  }
145 
146  if (ValueType == REG_BINARY)
147  {
148  RtlCopyMemory(ValueData, KeyValueInformation.Partial.Data, DataLength);
149  }
150  else if (ValueType == REG_DWORD)
151  {
152  *(PULONG)ValueData = *(PULONG)KeyValueInformation.Partial.Data;
153  }
154  else
155  {
156  Status = STATUS_INVALID_PARAMETER;
157  }
158 
159 Cleanup:
160  CloseStatus = ZwClose(KeyHandle);
161  ASSERT(NT_SUCCESS( CloseStatus ));
162 
163  return Status;
164 }
165 
166 
167 BOOLEAN
168 NTAPI
169 SeRmInitPhase0(VOID)
170 {
171  NTSTATUS Status;
172 
173  /* Initialize the database lock */
174  KeInitializeGuardedMutex(&SepRmDbLock);
175 
176  /* Create the system logon session */
177  Status = SepRmCreateLogonSession(&SeSystemAuthenticationId);
178  if (!NT_VERIFY(NT_SUCCESS(Status)))
179  {
180  return FALSE;
181  }
182 
183  /* Create the anonymous logon session */
184  Status = SepRmCreateLogonSession(&SeAnonymousAuthenticationId);
185  if (!NT_VERIFY(NT_SUCCESS(Status)))
186  {
187  return FALSE;
188  }
189 
190  return TRUE;
191 }
192 
193 
194 BOOLEAN
195 NTAPI
196 SeRmInitPhase1(VOID)
197 {
198  UNICODE_STRING Name;
199  OBJECT_ATTRIBUTES ObjectAttributes;
200  HANDLE ThreadHandle;
201  NTSTATUS Status;
202 
203  /* Create the SeRm command port */
204  RtlInitUnicodeString(&Name, L"\\SeRmCommandPort");
205  InitializeObjectAttributes(&ObjectAttributes, &Name, 0, NULL, NULL);
206  Status = ZwCreatePort(&SeRmCommandPort,
207  &ObjectAttributes,
208  sizeof(ULONG),
209  PORT_MAXIMUM_MESSAGE_LENGTH,
210  2 * PAGE_SIZE);
211  if (!NT_SUCCESS(Status))
212  {
213  DPRINT1("Security: Rm Create Command Port failed 0x%lx\n", Status);
214  return FALSE;
215  }
216 
217  /* Create SeLsaInitEvent */
218  RtlInitUnicodeString(&Name, L"\\SeLsaInitEvent");
219  InitializeObjectAttributes(&ObjectAttributes, &Name, 0, NULL, NULL);
220  Status = ZwCreateEvent(&SeLsaInitEvent,
221  GENERIC_WRITE,
222  &ObjectAttributes,
223  NotificationEvent,
224  FALSE);
225  if (!NT_VERIFY((NT_SUCCESS(Status))))
226  {
227  DPRINT1("Security: LSA init event creation failed.0x%xl\n", Status);
228  return FALSE;
229  }
230 
231  /* Create the SeRm server thread */
232  Status = PsCreateSystemThread(&ThreadHandle,
233  THREAD_ALL_ACCESS,
234  NULL,
235  NULL,
236  NULL,
237  SepRmCommandServerThread,
238  NULL);
239  if (!NT_SUCCESS(Status))
240  {
241  DPRINT1("Security: Rm Server Thread creation failed 0x%lx\n", Status);
242  return FALSE;
243  }
244 
245  ObCloseHandle(ThreadHandle, KernelMode);
246 
247  return TRUE;
248 }
249 
250 static
251 VOID
252 SepAdtInitializeBounds(VOID)
253 {
254  struct
255  {
256  ULONG MaxLength;
257  ULONG MinLength;
258  } ListBounds;
259  NTSTATUS Status;
260  PAGED_CODE();
261 
262  Status = SepRegQueryHelper(L"\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Lsa",
263  L"Bounds",
264  REG_BINARY,
265  sizeof(ListBounds),
266  &ListBounds);
267  if (!NT_SUCCESS(Status))
268  {
269  /* No registry values, so keep hardcoded defaults */
270  return;
271  }
272 
273  /* Check if the bounds are valid */
274  if ((ListBounds.MaxLength < ListBounds.MinLength) ||
275  (ListBounds.MinLength < 16) ||
276  (ListBounds.MaxLength - ListBounds.MinLength < 16))
277  {
278  DPRINT1("ListBounds are invalid: %u, %u\n",
279  ListBounds.MinLength, ListBounds.MaxLength);
280  return;
281  }
282 
283  /* Set the new bounds globally */
284  SepAdtMinListLength = ListBounds.MinLength;
285  SepAdtMaxListLength = ListBounds.MaxLength;
286 }
287 
288 
289 static
290 NTSTATUS
291 SepRmSetAuditEvent(
292  PSEP_RM_API_MESSAGE Message)
293 {
294  ULONG i;
295  PAGED_CODE();
296 
297  /* First re-initialize the bounds from the registry */
298  SepAdtInitializeBounds();
299 
300  /* Make sure we have the right message and clear */
301  ASSERT(Message->ApiNumber == RmAuditSetCommand);
302  Message->ApiNumber = 0;
303 
304  /* Store the enable flag in the global variable */
305  SepAdtAuditingEnabled = Message->u.SetAuditEvent.Enabled;
306 
307  /* Loop all audit event types */
308  for (i = 0; i < POLICY_AUDIT_EVENT_TYPE_COUNT; i++)
309  {
310  /* Save the provided flags in the global array */
311  SeAuditingState[i] = (UCHAR)Message->u.SetAuditEvent.Flags[i];
312  }
313 
314  return STATUS_SUCCESS;
315 }
316 
333 NTSTATUS
334 NTAPI
335 SepRmInsertLogonSessionIntoToken(
336  _Inout_ PTOKEN Token)
337 {
338  PSEP_LOGON_SESSION_REFERENCES LogonSession;
339  PAGED_CODE();
340 
341  /* Ensure that our token is not some plain garbage */
342  ASSERT(Token);
343 
344  /* Acquire the database lock */
345  KeAcquireGuardedMutex(&SepRmDbLock);
346 
347  for (LogonSession = SepLogonSessions;
348  LogonSession != NULL;
349  LogonSession = LogonSession->Next)
350  {
351  /*
352  * The insertion of a logon session into the token has to be done
353  * only IF the authentication ID of the token matches with the ID
354  * of the logon itself.
355  */
356  if (RtlEqualLuid(&LogonSession->LogonId, &Token->AuthenticationId))
357  {
358  break;
359  }
360  }
361 
362  /* If we reach this then we cannot proceed further */
363  if (LogonSession == NULL)
364  {
365  DPRINT1("SepRmInsertLogonSessionIntoToken(): Couldn't insert the logon session into the specific access token!\n");
366  KeReleaseGuardedMutex(&SepRmDbLock);
367  return STATUS_NO_SUCH_LOGON_SESSION;
368  }
369 
370  /*
371  * Allocate the session that we are going
372  * to insert it to the token.
373  */
374  Token->LogonSession = ExAllocatePoolWithTag(PagedPool,
375  sizeof(SEP_LOGON_SESSION_REFERENCES),
376  TAG_LOGON_SESSION);
377  if (Token->LogonSession == NULL)
378  {
379  DPRINT1("SepRmInsertLogonSessionIntoToken(): Couldn't allocate new logon session into the memory pool!\n");
380  KeReleaseGuardedMutex(&SepRmDbLock);
381  return STATUS_INSUFFICIENT_RESOURCES;
382  }
383 
384  /*
385  * Begin copying the logon session references data from the
386  * session whose ID matches with the token authentication ID to
387  * the new session we've allocated blocks of pool memory for it.
388  */
389  Token->LogonSession->Next = LogonSession->Next;
390  Token->LogonSession->LogonId = LogonSession->LogonId;
391  Token->LogonSession->ReferenceCount = LogonSession->ReferenceCount;
392  Token->LogonSession->Flags = LogonSession->Flags;
393  Token->LogonSession->pDeviceMap = LogonSession->pDeviceMap;
394  InsertHeadList(&LogonSession->TokenList, &Token->LogonSession->TokenList);
395 
396  /* Release the database lock and we're done */
397  KeReleaseGuardedMutex(&SepRmDbLock);
398  return STATUS_SUCCESS;
399 }
400 
414 NTSTATUS
415 NTAPI
416 SepRmRemoveLogonSessionFromToken(
417  _Inout_ PTOKEN Token)
418 {
419  PSEP_LOGON_SESSION_REFERENCES LogonSession;
420  PAGED_CODE();
421 
422  /* Ensure that our token is not some plain garbage */
423  ASSERT(Token);
424 
425  /* Acquire the database lock */
426  KeAcquireGuardedMutex(&SepRmDbLock);
427 
428  for (LogonSession = SepLogonSessions;
429  LogonSession != NULL;
430  LogonSession = LogonSession->Next)
431  {
432  /*
433  * Remove the logon session only when the IDs of the token and the
434  * logon match.
435  */
436  if (RtlEqualLuid(&LogonSession->LogonId, &Token->AuthenticationId))
437  {
438  break;
439  }
440  }
441 
442  /* They don't match */
443  if (LogonSession == NULL)
444  {
445  DPRINT1("SepRmRemoveLogonSessionFromToken(): Couldn't remove the logon session from the access token!\n");
446  KeReleaseGuardedMutex(&SepRmDbLock);
447  return STATUS_NO_SUCH_LOGON_SESSION;
448  }
449 
450  /* Now it's time to delete the logon session from the token */
451  RemoveEntryList(&Token->LogonSession->TokenList);
452  ExFreePoolWithTag(Token->LogonSession, TAG_LOGON_SESSION);
453 
454  /* Release the database lock and we're done */
455  KeReleaseGuardedMutex(&SepRmDbLock);
456  return STATUS_SUCCESS;
457 }
458 
459 static
460 NTSTATUS
461 SepRmCreateLogonSession(
462  PLUID LogonLuid)
463 {
464  PSEP_LOGON_SESSION_REFERENCES CurrentSession, NewSession;
465  NTSTATUS Status;
466  PAGED_CODE();
467 
468  DPRINT("SepRmCreateLogonSession(%08lx:%08lx)\n",
469  LogonLuid->HighPart, LogonLuid->LowPart);
470 
471  /* Allocate a new session structure */
472  NewSession = ExAllocatePoolWithTag(PagedPool,
473  sizeof(SEP_LOGON_SESSION_REFERENCES),
474  TAG_LOGON_SESSION);
475  if (NewSession == NULL)
476  {
477  return STATUS_INSUFFICIENT_RESOURCES;
478  }
479 
480  /* Initialize it */
481  NewSession->LogonId = *LogonLuid;
482  NewSession->ReferenceCount = 0;
483  NewSession->Flags = 0;
484  NewSession->pDeviceMap = NULL;
485  InitializeListHead(&NewSession->TokenList);
486 
487  /* Acquire the database lock */
488  KeAcquireGuardedMutex(&SepRmDbLock);
489 
490  /* Loop all existing sessions */
491  for (CurrentSession = SepLogonSessions;
492  CurrentSession != NULL;
493  CurrentSession = CurrentSession->Next)
494  {
495  /* Check if the LUID matches the new one */
496  if (RtlEqualLuid(&CurrentSession->LogonId, LogonLuid))
497  {
498  Status = STATUS_LOGON_SESSION_EXISTS;
499  goto Leave;
500  }
501  }
502 
503  /* Insert the new session */
504  NewSession->Next = SepLogonSessions;
505  SepLogonSessions = NewSession;
506 
507  Status = STATUS_SUCCESS;
508 
509 Leave:
510  /* Release the database lock */
511  KeReleaseGuardedMutex(&SepRmDbLock);
512 
513  if (!NT_SUCCESS(Status))
514  {
515  ExFreePoolWithTag(NewSession, TAG_LOGON_SESSION);
516  }
517 
518  return Status;
519 }
520 
537 static
538 NTSTATUS
539 SepRmDeleteLogonSession(
540  _In_ PLUID LogonLuid)
541 {
542  PSEP_LOGON_SESSION_REFERENCES SessionToDelete;
543  NTSTATUS Status;
544  PAGED_CODE();
545 
546  DPRINT("SepRmDeleteLogonSession(%08lx:%08lx)\n",
547  LogonLuid->HighPart, LogonLuid->LowPart);
548 
549  /* Acquire the database lock */
550  KeAcquireGuardedMutex(&SepRmDbLock);
551 
552  /* Loop over the existing logon sessions */
553  for (SessionToDelete = SepLogonSessions;
554  SessionToDelete != NULL;
555  SessionToDelete = SessionToDelete->Next)
556  {
557  /*
558  * Does the actual logon session exist in the
559  * saved logon sessions database with the LUID
560  * provided?
561  */
562  if (RtlEqualLuid(&SessionToDelete->LogonId, LogonLuid))
563  {
564  /* Did the caller supply one of these internal sessions? */
565  if (RtlEqualLuid(&SessionToDelete->LogonId, &SeSystemAuthenticationId) ||
566  RtlEqualLuid(&SessionToDelete->LogonId, &SeAnonymousAuthenticationId))
567  {
568  /* These logons are critical stuff, we can't delete them */
569  DPRINT1("SepRmDeleteLogonSession(): We're not allowed to delete anonymous/system sessions!\n");
570  Status = STATUS_BAD_LOGON_SESSION_STATE;
571  goto Leave;
572  }
573  else
574  {
575  /* We found the logon as exactly as we wanted, break the loop */
576  break;
577  }
578  }
579  }
580 
581  /*
582  * If we reach this then that means we've exhausted all the logon
583  * sessions and couldn't find one with the desired LUID.
584  */
585  if (SessionToDelete == NULL)
586  {
587  DPRINT1("SepRmDeleteLogonSession(): The logon session with this LUID doesn't exist!\n");
588  Status = STATUS_NO_SUCH_LOGON_SESSION;
589  goto Leave;
590  }
591 
592  /* Is somebody still using this logon session? */
593  if (SessionToDelete->ReferenceCount != 0)
594  {
595  /* The logon session is still in use, we cannot delete it... */
596  DPRINT1("SepRmDeleteLogonSession(): The logon session is still in use!\n");
597  Status = STATUS_BAD_LOGON_SESSION_STATE;
598  goto Leave;
599  }
600 
601  /* If we have a LUID device map, clean it */
602  if (SessionToDelete->pDeviceMap != NULL)
603  {
604  Status = SepCleanupLUIDDeviceMapDirectory(LogonLuid);
605  if (!NT_SUCCESS(Status))
606  {
607  /*
608  * We had one job on cleaning the device map directory
609  * of the logon session but we failed, quit...
610  */
611  DPRINT1("SepRmDeleteLogonSession(): Failed to clean the LUID device map directory of the logon (Status: 0x%lx)\n", Status);
612  goto Leave;
613  }
614 
615  /* And dereference the device map of the logon */
616  ObfDereferenceDeviceMap(SessionToDelete->pDeviceMap);
617  }
618 
619  /* If we're here then we've deleted the logon session successfully */
620  DPRINT("SepRmDeleteLogonSession(): Logon session deleted with success!\n");
621  Status = STATUS_SUCCESS;
622  ExFreePoolWithTag(SessionToDelete, TAG_LOGON_SESSION);
623 
624 Leave:
625  /* Release the database lock */
626  KeReleaseGuardedMutex(&SepRmDbLock);
627  return Status;
628 }
629 
630 
631 NTSTATUS
632 SepRmReferenceLogonSession(
633  PLUID LogonLuid)
634 {
635  PSEP_LOGON_SESSION_REFERENCES CurrentSession;
636 
637  PAGED_CODE();
638 
639  DPRINT("SepRmReferenceLogonSession(%08lx:%08lx)\n",
640  LogonLuid->HighPart, LogonLuid->LowPart);
641 
642  /* Acquire the database lock */
643  KeAcquireGuardedMutex(&SepRmDbLock);
644 
645  /* Loop all existing sessions */
646  for (CurrentSession = SepLogonSessions;
647  CurrentSession != NULL;
648  CurrentSession = CurrentSession->Next)
649  {
650  /* Check if the LUID matches the new one */
651  if (RtlEqualLuid(&CurrentSession->LogonId, LogonLuid))
652  {
653  /* Reference the session */
654  ++CurrentSession->ReferenceCount;
655  DPRINT("ReferenceCount: %lu\n", CurrentSession->ReferenceCount);
656 
657  /* Release the database lock */
658  KeReleaseGuardedMutex(&SepRmDbLock);
659 
660  return STATUS_SUCCESS;
661  }
662  }
663 
664  /* Release the database lock */
665  KeReleaseGuardedMutex(&SepRmDbLock);
666 
667  return STATUS_NO_SUCH_LOGON_SESSION;
668 }
669 
670 static
671 NTSTATUS
672 SepCleanupLUIDDeviceMapDirectory(
673  _In_ PLUID LogonLuid)
674 {
675  BOOLEAN UseCurrentProc;
676  KAPC_STATE ApcState;
677  WCHAR Buffer[63];
678  UNICODE_STRING DirectoryName;
679  OBJECT_ATTRIBUTES ObjectAttributes;
680  NTSTATUS Status;
681  HANDLE DirectoryHandle, LinkHandle;
682  PHANDLE LinksBuffer;
683  POBJECT_DIRECTORY_INFORMATION DirectoryInfo;
684  ULONG LinksCount, LinksSize, DirInfoLength, ReturnLength, Context, CurrentLinks, i;
685  BOOLEAN RestartScan;
686 
687  PAGED_CODE();
688 
689  /* We need a logon LUID */
690  if (LogonLuid == NULL)
691  {
692  return STATUS_INVALID_PARAMETER;
693  }
694 
695  /* Use current process */
696  UseCurrentProc = ObReferenceObjectSafe(PsGetCurrentProcess());
697  if (UseCurrentProc)
698  {
699  ObDereferenceObject(PsGetCurrentProcess());
700  }
701  /* Unless it's gone, then use system process */
702  else
703  {
704  KeStackAttachProcess(&PsInitialSystemProcess->Pcb, &ApcState);
705  }
706 
707  /* Initialize our directory name */
708  _snwprintf(Buffer,
709  sizeof(Buffer) / sizeof(WCHAR),
710  L"\\Sessions\\0\\DosDevices\\%08x-%08x",
711  LogonLuid->HighPart,
712  LogonLuid->LowPart);
713  RtlInitUnicodeString(&DirectoryName, Buffer);
714 
715  /* And open it */
716  InitializeObjectAttributes(&ObjectAttributes,
717  &DirectoryName,
718  OBJ_KERNEL_HANDLE | OBJ_CASE_INSENSITIVE,
719  NULL,
720  NULL);
721  Status = ZwOpenDirectoryObject(&DirectoryHandle,
722  DIRECTORY_QUERY,
723  &ObjectAttributes);
724  if (!NT_SUCCESS(Status))
725  {
726  if (!UseCurrentProc)
727  {
728  KeUnstackDetachProcess(&ApcState);
729  }
730 
731  return Status;
732  }
733 
734  /* Some initialization needed for browsing all our links... */
735  Context = 0;
736  DirectoryInfo = NULL;
737  DirInfoLength = 0;
738  /* In our buffer, we'll store at max 100 HANDLE */
739  LinksCount = 100;
740  CurrentLinks = 0;
741  /* Which gives a certain size */
742  LinksSize = LinksCount * sizeof(HANDLE);
743 
744  /*
745  * This label is hit if we need to store more than a hundred
746  * of links. In that case, we jump here after having cleaned
747  * and deleted previous buffer.
748  * All handles have been already closed
749  */
750 AllocateLinksAgain:
751  LinksBuffer = ExAllocatePoolWithTag(PagedPool,
752  LinksSize,
753  TAG_SE_HANDLES_TAB);
754  if (LinksBuffer == NULL)
755  {
756  /*
757  * Failure path: no need to clear handles:
758  * already closed and the buffer is already gone
759  */
760  ZwClose(DirectoryHandle);
761 
762  /*
763  * On the first round, DirectoryInfo is NULL,
764  * if we grow LinksBuffer, it has been allocated
765  */
766  if (DirectoryInfo != NULL)
767  {
768  ExFreePoolWithTag(DirectoryInfo, TAG_SE_DIR_BUFFER);
769  }
770 
771  if (!UseCurrentProc)
772  {
773  KeUnstackDetachProcess(&ApcState);
774  }
775 
776  return STATUS_NO_MEMORY;
777  }
778 
779  /*
780  * We always restart scan, but on the first loop
781  * if we couldn't fit everything in our buffer,
782  * then, we continue scan.
783  * But we restart if link buffer was too small
784  */
785  for (RestartScan = TRUE; ; RestartScan = FALSE)
786  {
787  /*
788  * Loop until our buffer is big enough to store
789  * one entry
790  */
791  while (TRUE)
792  {
793  Status = ZwQueryDirectoryObject(DirectoryHandle,
794  DirectoryInfo,
795  DirInfoLength,
796  TRUE,
797  RestartScan,
798  &Context,
799  &ReturnLength);
800  /* Only handle buffer growth in that loop */
801  if (Status != STATUS_BUFFER_TOO_SMALL)
802  {
803  break;
804  }
805 
806  /* Get output length as new length */
807  DirInfoLength = ReturnLength;
808  /* Delete old buffer if any */
809  if (DirectoryInfo != NULL)
810  {
811  ExFreePoolWithTag(DirectoryInfo, 'bDeS');
812  }
813 
814  /* And reallocate a bigger one */
815  DirectoryInfo = ExAllocatePoolWithTag(PagedPool,
816  DirInfoLength,
817  TAG_SE_DIR_BUFFER);
818  /* Fail if we cannot allocate */
819  if (DirectoryInfo == NULL)
820  {
821  Status = STATUS_INSUFFICIENT_RESOURCES;
822  break;
823  }
824  }
825 
826  /* If querying the entry failed, quit */
827  if (!NT_SUCCESS(Status))
828  {
829  break;
830  }
831 
832  /* We only look for symbolic links, the rest, we ignore */
833  if (wcscmp(DirectoryInfo->TypeName.Buffer, L"SymbolicLink"))
834  {
835  continue;
836  }
837 
838  /* If our link buffer is out of space, reallocate */
839  if (CurrentLinks >= LinksCount)
840  {
841  /* First, close the links */
842  for (i = 0; i < CurrentLinks; ++i)
843  {
844  ZwClose(LinksBuffer[i]);
845  }
846 
847  /* Allow 20 more HANDLEs */
848  LinksCount += 20;
849  CurrentLinks = 0;
850  ExFreePoolWithTag(LinksBuffer, TAG_SE_HANDLES_TAB);
851  LinksSize = LinksCount * sizeof(HANDLE);
852 
853  /* And reloop again */
854  goto AllocateLinksAgain;
855  }
856 
857  /* Open the found link */
858  InitializeObjectAttributes(&ObjectAttributes,
859  &DirectoryInfo->Name,
860  OBJ_KERNEL_HANDLE | OBJ_CASE_INSENSITIVE,
861  DirectoryHandle,
862  NULL);
863  if (NT_SUCCESS(ZwOpenSymbolicLinkObject(&LinkHandle,
864  SYMBOLIC_LINK_ALL_ACCESS,
865  &ObjectAttributes)))
866  {
867  /* If we cannot make it temporary, just close the link handle */
868  if (!NT_SUCCESS(ZwMakeTemporaryObject(LinkHandle)))
869  {
870  ZwClose(LinkHandle);
871  }
872  /* Otherwise, store it to defer deletion */
873  else
874  {
875  LinksBuffer[CurrentLinks] = LinkHandle;
876  ++CurrentLinks;
877  }
878  }
879  }
880 
881  /* No more entries means we handled all links, that's not a failure */
882  if (Status == STATUS_NO_MORE_ENTRIES)
883  {
884  Status = STATUS_SUCCESS;
885  }
886 
887  /* Close all the links we stored, this will like cause their deletion */
888  for (i = 0; i < CurrentLinks; ++i)
889  {
890  ZwClose(LinksBuffer[i]);
891  }
892  /* And free our links buffer */
893  ExFreePoolWithTag(LinksBuffer, TAG_SE_HANDLES_TAB);
894 
895  /* Free our directory info buffer - it might be NULL if we failed realloc */
896  if (DirectoryInfo != NULL)
897  {
898  ExFreePoolWithTag(DirectoryInfo, TAG_SE_DIR_BUFFER);
899  }
900 
901  /* Close our session directory */
902  ZwClose(DirectoryHandle);
903 
904  /* And detach from system */
905  if (!UseCurrentProc)
906  {
907  KeUnstackDetachProcess(&ApcState);
908  }
909 
910  return Status;
911 }
912 
913 
914 NTSTATUS
915 SepRmDereferenceLogonSession(
916  PLUID LogonLuid)
917 {
918  ULONG RefCount;
919  PDEVICE_MAP DeviceMap;
920  PSEP_LOGON_SESSION_REFERENCES CurrentSession;
921 
922  DPRINT("SepRmDereferenceLogonSession(%08lx:%08lx)\n",
923  LogonLuid->HighPart, LogonLuid->LowPart);
924 
925  /* Acquire the database lock */
926  KeAcquireGuardedMutex(&SepRmDbLock);
927 
928  /* Loop all existing sessions */
929  for (CurrentSession = SepLogonSessions;
930  CurrentSession != NULL;
931  CurrentSession = CurrentSession->Next)
932  {
933  /* Check if the LUID matches the new one */
934  if (RtlEqualLuid(&CurrentSession->LogonId, LogonLuid))
935  {
936  /* Dereference the session */
937  RefCount = --CurrentSession->ReferenceCount;
938  DPRINT("ReferenceCount: %lu\n", CurrentSession->ReferenceCount);
939 
940  /* Release the database lock */
941  KeReleaseGuardedMutex(&SepRmDbLock);
942 
943  /* We're done with the session */
944  if (RefCount == 0)
945  {
946  /* Get rid of the LUID device map */
947  DeviceMap = CurrentSession->pDeviceMap;
948  if (DeviceMap != NULL)
949  {
950  CurrentSession->pDeviceMap = NULL;
951  SepCleanupLUIDDeviceMapDirectory(LogonLuid);
952  ObfDereferenceDeviceMap(DeviceMap);
953  }
954 
955  /* FIXME: Alert LSA and filesystems that a logon is about to be deleted */
956  }
957 
958  return STATUS_SUCCESS;
959  }
960  }
961 
962  /* Release the database lock */
963  KeReleaseGuardedMutex(&SepRmDbLock);
964 
965  return STATUS_NO_SUCH_LOGON_SESSION;
966 }
967 
968 
969 BOOLEAN
970 NTAPI
971 SepRmCommandServerThreadInit(VOID)
972 {
973  SECURITY_QUALITY_OF_SERVICE SecurityQos;
974  SEP_RM_API_MESSAGE Message;
975  UNICODE_STRING PortName;
976  REMOTE_PORT_VIEW RemotePortView;
977  PORT_VIEW PortView;
978  LARGE_INTEGER SectionSize;
979  HANDLE SectionHandle;
980  HANDLE PortHandle;
981  NTSTATUS Status;
982  BOOLEAN Result;
983 
984  SectionHandle = NULL;
985  PortHandle = NULL;
986 
987  /* Assume success */
988  Result = TRUE;
989 
990  /* Wait until LSASS is ready */
991  Status = ZwWaitForSingleObject(SeLsaInitEvent, FALSE, NULL);
992  if (!NT_SUCCESS(Status))
993  {
994  DPRINT1("Security Rm Init: Waiting for LSA Init Event failed 0x%lx\n", Status);
995  goto Cleanup;
996  }
997 
998  /* We don't need this event anymore */
999  ObCloseHandle(SeLsaInitEvent, KernelMode);
1000 
1001  /* Initialize the connection message */
1002  Message.Header.u1.s1.TotalLength = sizeof(Message);
1003  Message.Header.u1.s1.DataLength = 0;
1004 
1005  /* Only LSASS can connect, so handle the connection right now */
1006  Status = ZwListenPort(SeRmCommandPort, &Message.Header);
1007  if (!NT_SUCCESS(Status))
1008  {
1009  DPRINT1("Security Rm Init: Listen to Command Port failed 0x%lx\n", Status);
1010  goto Cleanup;
1011  }
1012 
1013  /* Set the Port View structure length */
1014  RemotePortView.Length = sizeof(RemotePortView);
1015 
1016  /* Accept the connection */
1017  Status = ZwAcceptConnectPort(&SepRmCommandMessagePort,
1018  NULL,
1019  &Message.Header,
1020  TRUE,
1021  NULL,
1022  &RemotePortView);
1023  if (!NT_SUCCESS(Status))
1024  {
1025  DPRINT1("Security Rm Init: Accept Connect to Command Port failed 0x%lx\n", Status);
1026  goto Cleanup;
1027  }
1028 
1029  /* Complete the connection */
1030  Status = ZwCompleteConnectPort(SepRmCommandMessagePort);
1031  if (!NT_SUCCESS(Status))
1032  {
1033  DPRINT1("Security Rm Init: Complete Connect to Command Port failed 0x%lx\n", Status);
1034  goto Cleanup;
1035  }
1036 
1037  /* Create a section for messages */
1038  SectionSize.QuadPart = PAGE_SIZE;
1039  Status = ZwCreateSection(&SectionHandle,
1040  SECTION_ALL_ACCESS,
1041  NULL,
1042  &SectionSize,
1043  PAGE_READWRITE,
1044  SEC_COMMIT,
1045  NULL);
1046  if (!NT_SUCCESS(Status))
1047  {
1048  DPRINT1("Security Rm Init: Create Memory Section for LSA port failed: %X\n", Status);
1049  goto Cleanup;
1050  }
1051 
1052  /* Setup the PORT_VIEW structure */
1053  PortView.Length = sizeof(PortView);
1054  PortView.SectionHandle = SectionHandle;
1055  PortView.SectionOffset = 0;
1056  PortView.ViewSize = SectionSize.LowPart;
1057  PortView.ViewBase = NULL;
1058  PortView.ViewRemoteBase = NULL;
1059 
1060  /* Setup security QOS */
1061  SecurityQos.Length = sizeof(SecurityQos);
1062  SecurityQos.ImpersonationLevel = SecurityImpersonation;
1063  SecurityQos.ContextTrackingMode = SECURITY_DYNAMIC_TRACKING;
1064  SecurityQos.EffectiveOnly = TRUE;
1065 
1066  /* Connect to LSASS */
1067  RtlInitUnicodeString(&PortName, L"\\SeLsaCommandPort");
1068  Status = ZwConnectPort(&PortHandle,
1069  &PortName,
1070  &SecurityQos,
1071  &PortView,
1072  NULL,
1073  0,
1074  0,
1075  0);
1076  if (!NT_SUCCESS(Status))
1077  {
1078  DPRINT1("Security Rm Init: Connect to LSA Port failed 0x%lx\n", Status);
1079  goto Cleanup;
1080  }
1081 
1082  /* Remember section base and view offset */
1083  SepCommandPortViewBase = PortView.ViewBase;
1084  SepCommandPortViewRemoteBase = PortView.ViewRemoteBase;
1085  SepCommandPortViewBaseOffset = (ULONG_PTR)SepCommandPortViewRemoteBase -
1086  (ULONG_PTR)SepCommandPortViewBase;
1087 
1088  DPRINT("SepRmCommandServerThreadInit: done\n");
1089 
1090 Cleanup:
1091  /* Check for failure */
1092  if (!NT_SUCCESS(Status))
1093  {
1094  if (PortHandle != NULL)
1095  {
1096  ObCloseHandle(PortHandle, KernelMode);
1097  }
1098 
1099  Result = FALSE;
1100  }
1101 
1102  /* Did we create a section? */
1103  if (SectionHandle != NULL)
1104  {
1105  ObCloseHandle(SectionHandle, KernelMode);
1106  }
1107 
1108  return Result;
1109 }
1110 
1111 VOID
1112 NTAPI
1113 SepRmCommandServerThread(
1114  PVOID StartContext)
1115 {
1116  SEP_RM_API_MESSAGE Message;
1117  PPORT_MESSAGE ReplyMessage;
1118  HANDLE DummyPortHandle;
1119  NTSTATUS Status;
1120 
1121  /* Initialize the server thread */
1122  if (!SepRmCommandServerThreadInit())
1123  {
1124  DPRINT1("Security: Terminating Rm Command Server Thread\n");
1125  return;
1126  }
1127 
1128  /* No reply yet */
1129  ReplyMessage = NULL;
1130 
1131  /* Start looping */
1132  while (TRUE)
1133  {
1134  /* Wait for a message */
1135  Status = ZwReplyWaitReceivePort(SepRmCommandMessagePort,
1136  NULL,
1137  ReplyMessage,
1138  &Message.Header);
1139  if (!NT_SUCCESS(Status))
1140  {
1141  DPRINT1("Failed to get message: 0x%lx", Status);
1142  ReplyMessage = NULL;
1143  continue;
1144  }
1145 
1146  /* Check if this is a connection request */
1147  if (Message.Header.u2.s2.Type == LPC_CONNECTION_REQUEST)
1148  {
1149  /* Reject connection request */
1150  ZwAcceptConnectPort(&DummyPortHandle,
1151  NULL,
1152  &Message.Header,
1153  FALSE,
1154  NULL,
1155  NULL);
1156 
1157  /* Start over */
1158  ReplyMessage = NULL;
1159  continue;
1160  }
1161 
1162  /* Check if the port died */
1163  if ((Message.Header.u2.s2.Type == LPC_PORT_CLOSED) ||
1164  (Message.Header.u2.s2.Type == LPC_CLIENT_DIED))
1165  {
1166  /* LSASS is dead, so let's quit as well */
1167  break;
1168  }
1169 
1170  /* Check if this is an actual request */
1171  if (Message.Header.u2.s2.Type != LPC_REQUEST)
1172  {
1173  DPRINT1("SepRmCommandServerThread: unexpected message type: 0x%lx\n",
1174  Message.Header.u2.s2.Type);
1175 
1176  /* Restart without replying */
1177  ReplyMessage = NULL;
1178  continue;
1179  }
1180 
1181  ReplyMessage = &Message.Header;
1182 
1183  switch (Message.ApiNumber)
1184  {
1185  case RmAuditSetCommand:
1186  Status = SepRmSetAuditEvent(&Message);
1187  break;
1188 
1189  case RmCreateLogonSession:
1190  Status = SepRmCreateLogonSession(&Message.u.LogonLuid);
1191  break;
1192 
1193  case RmDeleteLogonSession:
1194  Status = SepRmDeleteLogonSession(&Message.u.LogonLuid);
1195  break;
1196 
1197  default:
1198  DPRINT1("SepRmDispatchRequest: invalid API number: 0x%lx\n",
1199  Message.ApiNumber);
1200  ReplyMessage = NULL;
1201  }
1202 
1203  Message.u.ResultStatus = Status;
1204  }
1205 
1206  /* Close the port handles */
1207  ObCloseHandle(SepRmCommandMessagePort, KernelMode);
1208  ObCloseHandle(SeRmCommandPort, KernelMode);
1209 }
1210 
1211 
1212 /* PUBLIC FUNCTIONS ***********************************************************/
1213 
1214 /*
1215  * @unimplemented
1216  */
1217 NTSTATUS
1218 NTAPI
1219 SeGetLogonIdDeviceMap(
1220  IN PLUID LogonId,
1221  OUT PDEVICE_MAP * DeviceMap
1222  )
1223 {
1224  NTSTATUS Status;
1225  WCHAR Buffer[63];
1226  PDEVICE_MAP LocalMap;
1227  HANDLE DirectoryHandle, LinkHandle;
1228  OBJECT_ATTRIBUTES ObjectAttributes;
1229  PSEP_LOGON_SESSION_REFERENCES CurrentSession;
1230  UNICODE_STRING DirectoryName, LinkName, TargetName;
1231 
1232  PAGED_CODE();
1233 
1234  if (LogonId == NULL ||
1235  DeviceMap == NULL)
1236  {
1237  return STATUS_INVALID_PARAMETER;
1238  }
1239 
1240  /* Acquire the database lock */
1241  KeAcquireGuardedMutex(&SepRmDbLock);
1242 
1243  /* Loop all existing sessions */
1244  for (CurrentSession = SepLogonSessions;
1245  CurrentSession != NULL;
1246  CurrentSession = CurrentSession->Next)
1247  {
1248  /* Check if the LUID matches the provided one */
1249  if (RtlEqualLuid(&CurrentSession->LogonId, LogonId))
1250  {
1251  break;
1252  }
1253  }
1254 
1255  /* No session found, fail */
1256  if (CurrentSession == NULL)
1257  {
1258  /* Release the database lock */
1259  KeReleaseGuardedMutex(&SepRmDbLock);
1260 
1261  return STATUS_NO_SUCH_LOGON_SESSION;
1262  }
1263 
1264  /* The found session has a device map, return it! */
1265  if (CurrentSession->pDeviceMap != NULL)
1266  {
1267  *DeviceMap = CurrentSession->pDeviceMap;
1268 
1269  /* Release the database lock */
1270  KeReleaseGuardedMutex(&SepRmDbLock);
1271 
1272  return STATUS_SUCCESS;
1273  }
1274 
1275  /* At that point, we'll setup a new device map for the session */
1276  LocalMap = NULL;
1277 
1278  /* Reference the session so that it doesn't go away */
1279  CurrentSession->ReferenceCount += 1;
1280 
1281  /* Release the database lock */
1282  KeReleaseGuardedMutex(&SepRmDbLock);
1283 
1284  /* Create our object directory given the LUID */
1285  _snwprintf(Buffer,
1286  sizeof(Buffer) / sizeof(WCHAR),
1287  L"\\Sessions\\0\\DosDevices\\%08x-%08x",
1288  LogonId->HighPart,
1289  LogonId->LowPart);
1290  RtlInitUnicodeString(&DirectoryName, Buffer);
1291 
1292  InitializeObjectAttributes(&ObjectAttributes,
1293  &DirectoryName,
1294  OBJ_KERNEL_HANDLE | OBJ_OPENIF | OBJ_CASE_INSENSITIVE,
1295  NULL,
1296  NULL);
1297  Status = ZwCreateDirectoryObject(&DirectoryHandle,
1298  DIRECTORY_ALL_ACCESS,
1299  &ObjectAttributes);
1300  if (NT_SUCCESS(Status))
1301  {
1302  /* Create the associated device map */
1303  Status = ObSetDirectoryDeviceMap(&LocalMap, DirectoryHandle);
1304  if (NT_SUCCESS(Status))
1305  {
1306  /* Make Global point to \Global?? in the directory */
1307  RtlInitUnicodeString(&LinkName, L"Global");
1308  RtlInitUnicodeString(&TargetName, L"\\Global??");
1309 
1310  InitializeObjectAttributes(&ObjectAttributes,
1311  &LinkName,
1312  OBJ_KERNEL_HANDLE | OBJ_OPENIF | OBJ_CASE_INSENSITIVE | OBJ_PERMANENT,
1313  DirectoryHandle,
1314  NULL);
1315  Status = ZwCreateSymbolicLinkObject(&LinkHandle,
1316  SYMBOLIC_LINK_ALL_ACCESS,
1317  &ObjectAttributes,
1318  &TargetName);
1319  if (!NT_SUCCESS(Status))
1320  {
1321  ObfDereferenceDeviceMap(LocalMap);
1322  }
1323  else
1324  {
1325  ZwClose(LinkHandle);
1326  }
1327  }
1328 
1329  ZwClose(DirectoryHandle);
1330  }
1331 
1332  /* Acquire the database lock */
1333  KeAcquireGuardedMutex(&SepRmDbLock);
1334 
1335  /* If we succeed... */
1336  if (NT_SUCCESS(Status))
1337  {
1338  /* The session now has a device map? We raced with someone else */
1339  if (CurrentSession->pDeviceMap != NULL)
1340  {
1341  /* Give up on our new device map */
1342  ObfDereferenceDeviceMap(LocalMap);
1343  }
1344  /* Otherwise use our newly allocated device map */
1345  else
1346  {
1347  CurrentSession->pDeviceMap = LocalMap;
1348  }
1349 
1350  /* Return the device map */
1351  *DeviceMap = CurrentSession->pDeviceMap;
1352  }
1353  /* Zero output */
1354  else
1355  {
1356  *DeviceMap = NULL;
1357  }
1358 
1359  /* Release the database lock */
1360  KeReleaseGuardedMutex(&SepRmDbLock);
1361 
1362  /* We're done with the session */
1363  SepRmDereferenceLogonSession(&CurrentSession->LogonId);
1364 
1365  return Status;
1366 }
1367 
1381 NTSTATUS
1382 NTAPI
1383 SeMarkLogonSessionForTerminationNotification(
1384  _In_ PLUID LogonId)
1385 {
1386  PSEP_LOGON_SESSION_REFERENCES SessionToMark;
1387  PAGED_CODE();
1388 
1389  DPRINT("SeMarkLogonSessionForTerminationNotification(%08lx:%08lx)\n",
1390  LogonId->HighPart, LogonId->LowPart);
1391 
1392  /* Acquire the database lock */
1393  KeAcquireGuardedMutex(&SepRmDbLock);
1394 
1395  /* Loop over the existing logon sessions */
1396  for (SessionToMark = SepLogonSessions;
1397  SessionToMark != NULL;
1398  SessionToMark = SessionToMark->Next)
1399  {
1400  /* Does the logon with the given ID exist? */
1401  if (RtlEqualLuid(&SessionToMark->LogonId, LogonId))
1402  {
1403  /* We found it */
1404  break;
1405  }
1406  }
1407 
1408  /*
1409  * We've exhausted all the remaining logon sessions and
1410  * couldn't find one with the provided ID.
1411  */
1412  if (SessionToMark == NULL)
1413  {
1414  DPRINT1("SeMarkLogonSessionForTerminationNotification(): Logon session couldn't be found!\n");
1415  KeReleaseGuardedMutex(&SepRmDbLock);
1416  return STATUS_NOT_FOUND;
1417  }
1418 
1419  /* Mark the logon session for termination */
1420  SessionToMark->Flags |= SEP_LOGON_SESSION_TERMINATION_NOTIFY;
1421  DPRINT("SeMarkLogonSessionForTerminationNotification(): Logon session marked for termination with success!\n");
1422 
1423  /* Release the database lock */
1424  KeReleaseGuardedMutex(&SepRmDbLock);
1425  return STATUS_SUCCESS;
1426 }
1427 
1428 
1429 /*
1430  * @implemented
1431  */
1432 NTSTATUS
1433 NTAPI
1434 SeRegisterLogonSessionTerminatedRoutine(
1435  IN PSE_LOGON_SESSION_TERMINATED_ROUTINE CallbackRoutine)
1436 {
1437  PSEP_LOGON_SESSION_TERMINATED_NOTIFICATION Notification;
1438  PAGED_CODE();
1439 
1440  /* Fail, if we don not have a callback routine */
1441  if (CallbackRoutine == NULL)
1442  return STATUS_INVALID_PARAMETER;
1443 
1444  /* Allocate a new notification item */
1445  Notification = ExAllocatePoolWithTag(PagedPool,
1446  sizeof(SEP_LOGON_SESSION_TERMINATED_NOTIFICATION),
1447  TAG_LOGON_NOTIFICATION);
1448  if (Notification == NULL)
1449  return STATUS_INSUFFICIENT_RESOURCES;
1450 
1451  /* Acquire the database lock */
1452  KeAcquireGuardedMutex(&SepRmDbLock);
1453 
1454  /* Set the callback routine */
1455  Notification->CallbackRoutine = CallbackRoutine;
1456 
1457  /* Insert the new notification item into the list */
1458  Notification->Next = SepLogonNotifications;
1459  SepLogonNotifications = Notification;
1460 
1461  /* Release the database lock */
1462  KeReleaseGuardedMutex(&SepRmDbLock);
1463 
1464  return STATUS_SUCCESS;
1465 }
1466 
1467 
1468 /*
1469  * @implemented
1470  */
1471 NTSTATUS
1472 NTAPI
1473 SeUnregisterLogonSessionTerminatedRoutine(
1474  IN PSE_LOGON_SESSION_TERMINATED_ROUTINE CallbackRoutine)
1475 {
1476  PSEP_LOGON_SESSION_TERMINATED_NOTIFICATION Current, Previous = NULL;
1477  NTSTATUS Status;
1478  PAGED_CODE();
1479 
1480  /* Fail, if we don not have a callback routine */
1481  if (CallbackRoutine == NULL)
1482  return STATUS_INVALID_PARAMETER;
1483 
1484  /* Acquire the database lock */
1485  KeAcquireGuardedMutex(&SepRmDbLock);
1486 
1487  /* Loop all registered notification items */
1488  for (Current = SepLogonNotifications;
1489  Current != NULL;
1490  Current = Current->Next)
1491  {
1492  /* Check if the callback routine matches the provided one */
1493  if (Current->CallbackRoutine == CallbackRoutine)
1494  break;
1495 
1496  Previous = Current;
1497  }
1498 
1499  if (Current == NULL)
1500  {
1501  Status = STATUS_NOT_FOUND;
1502  }
1503  else
1504  {
1505  /* Remove the current notification item from the list */
1506  if (Previous == NULL)
1507  SepLogonNotifications = Current->Next;
1508  else
1509  Previous->Next = Current->Next;
1510 
1511  /* Free the current notification item */
1512  ExFreePoolWithTag(Current,
1513  TAG_LOGON_NOTIFICATION);
1514 
1515  Status = STATUS_SUCCESS;
1516  }
1517 
1518  /* Release the database lock */
1519  KeReleaseGuardedMutex(&SepRmDbLock);
1520 
1521  return Status;
1522 }
_SEP_RM_API_MESSAGE
Definition: srmp.h:11
_OBJECT_DIRECTORY_INFORMATION
Definition: obtypes.h:276
ObjectAttributes
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:35
ReturnLength
IN CINT OUT PVOID IN ULONG OUT PULONG ReturnLength
Definition: dumpinfo.c:39
PCWSTR
const uint16_t * PCWSTR
Definition: typedefs.h:57
IN
#define IN
Definition: typedefs.h:39
ZwListenPort
NTSYSAPI NTSTATUS NTAPI ZwListenPort(_In_ HANDLE PortHandle, _In_ PPORT_MESSAGE ConnectionRequest)
STATUS_BAD_LOGON_SESSION_STATE
#define STATUS_BAD_LOGON_SESSION_STATE
Definition: ntstatus.h:496
THREAD_ALL_ACCESS
#define THREAD_ALL_ACCESS
Definition: nt_native.h:1339
SeRmCommandPort
HANDLE SeRmCommandPort
Definition: srm.c:18
SEP_LOGON_SESSION_TERMINATED_NOTIFICATION
struct _SEP_LOGON_SESSION_TERMINATED_NOTIFICATION SEP_LOGON_SESSION_TERMINATED_NOTIFICATION
KAPC_STATE
KAPC_STATE
Definition: ketypes.h:1280
STATUS_INSUFFICIENT_RESOURCES
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
SeRmInitPhase0
BOOLEAN NTAPI SeRmInitPhase0(VOID)
Definition: srm.c:169
SepAdtAuditingEnabled
BOOLEAN SepAdtAuditingEnabled
Definition: srm.c:54
STATUS_NO_MORE_ENTRIES
#define STATUS_NO_MORE_ENTRIES
Definition: ntstatus.h:205
_Inout_
#define _Inout_
Definition: ms_sal.h:378
RestartScan
_Must_inspect_result_ _In_ PFILE_OBJECT _In_ ULONG _In_ BOOLEAN _In_ ULONG _In_opt_ PULONG _In_ BOOLEAN RestartScan
Definition: fltkernel.h:2297
OBJ_CASE_INSENSITIVE
#define OBJ_CASE_INSENSITIVE
Definition: winternl.h:228
KeyHandle
_Must_inspect_result_ _Out_ PNDIS_STATUS _In_ NDIS_HANDLE _In_ ULONG _Out_ PNDIS_STRING _Out_ PNDIS_HANDLE KeyHandle
Definition: ndis.h:4711
SEP_LOGON_SESSION_TERMINATION_NOTIFY
#define SEP_LOGON_SESSION_TERMINATION_NOTIFY
Definition: setypes.h:680
KeAcquireGuardedMutex
VOID FASTCALL KeAcquireGuardedMutex(IN PKGUARDED_MUTEX GuardedMutex)
Definition: gmutex.c:42
_Out_
#define _Out_
Definition: ms_sal.h:345
ZwCompleteConnectPort
NTSYSAPI NTSTATUS NTAPI ZwCompleteConnectPort(_In_ HANDLE PortHandle)
REG_BINARY
#define REG_BINARY
Definition: nt_native.h:1496
STATUS_NO_SUCH_LOGON_SESSION
#define STATUS_NO_SUCH_LOGON_SESSION
Definition: ntstatus.h:331
TRUE
#define TRUE
Definition: types.h:120
_OBJECT_ATTRIBUTES
Definition: umtypes.h:181
_REMOTE_PORT_VIEW::Length
ULONG Length
Definition: ntifs.template.h:1638
STATUS_INVALID_PARAMETER
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135
ZwClose
NTSYSAPI NTSTATUS NTAPI ZwClose(_In_ HANDLE Handle)
InsertHeadList
FORCEINLINE VOID InsertHeadList(_Inout_ PLIST_ENTRY ListHead, _Inout_ __drv_aliasesMem PLIST_ENTRY Entry)
Definition: rtlfuncs.h:201
ObfDereferenceDeviceMap
VOID FASTCALL ObfDereferenceDeviceMap(IN PDEVICE_MAP DeviceMap)
Definition: devicemap.c:477
SeGetLogonIdDeviceMap
NTSTATUS NTAPI SeGetLogonIdDeviceMap(IN PLUID LogonId, OUT PDEVICE_MAP *DeviceMap)
Definition: srm.c:1219
ZwAcceptConnectPort
NTSYSAPI NTSTATUS NTAPI ZwAcceptConnectPort(_Out_ PHANDLE PortHandle, _In_opt_ PVOID PortContext, _In_ PPORT_MESSAGE ConnectionRequest, _In_ BOOLEAN AcceptConnection, _In_opt_ PPORT_VIEW ServerView, _In_opt_ PREMOTE_PORT_VIEW ClientView)
SepAdtMinListLength
ULONG SepAdtMinListLength
Definition: srm.c:55
NTSTATUS
LONG NTSTATUS
Definition: precomp.h:26
Token
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
Definition: ntifs.template.h:711
DirectoryHandle
static HANDLE DirectoryHandle
Definition: ObType.c:48
ZwOpenDirectoryObject
NTSYSAPI NTSTATUS NTAPI ZwOpenDirectoryObject(_Out_ PHANDLE FileHandle, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_ATTRIBUTES ObjectAttributes)
SepRmCreateLogonSession
static NTSTATUS SepRmCreateLogonSession(PLUID LogonLuid)
Definition: srm.c:461
_PORT_VIEW
Definition: ntifs.template.h:1626
_PORT_VIEW::SectionOffset
ULONG SectionOffset
Definition: ntifs.template.h:1630
NT_VERIFY
#define NT_VERIFY(exp)
Definition: rtlfuncs.h:3287
SepRmReferenceLogonSession
NTSTATUS SepRmReferenceLogonSession(PLUID LogonLuid)
Definition: srm.c:632
SepCommandPortViewRemoteBase
PVOID SepCommandPortViewRemoteBase
Definition: srm.c:49
ValueType
_Must_inspect_result_ _In_ WDFKEY _In_ PCUNICODE_STRING _In_ ULONG _Out_opt_ PULONG _Out_opt_ PULONG ValueType
Definition: wdfregistry.h:279
OBJ_KERNEL_HANDLE
#define OBJ_KERNEL_HANDLE
Definition: winternl.h:231
SYMBOLIC_LINK_ALL_ACCESS
#define SYMBOLIC_LINK_ALL_ACCESS
Definition: nt_native.h:1267
SepRmDeleteLogonSession
static NTSTATUS SepRmDeleteLogonSession(_In_ PLUID LogonLuid)
Deletes a logon session from the logon sessions database.
Definition: srm.c:539
TAG_LOGON_SESSION
#define TAG_LOGON_SESSION
Definition: tag.h:186
OBJ_OPENIF
#define OBJ_OPENIF
Definition: winternl.h:229
STATUS_BUFFER_TOO_SMALL
#define STATUS_BUFFER_TOO_SMALL
Definition: shellext.h:69
_SECURITY_QUALITY_OF_SERVICE::ContextTrackingMode
SECURITY_CONTEXT_TRACKING_MODE ContextTrackingMode
Definition: lsa.idl:66
ObReferenceObjectSafe
BOOLEAN FASTCALL ObReferenceObjectSafe(IN PVOID Object)
Definition: obref.c:22
PSEP_LOGON_SESSION_TERMINATED_NOTIFICATION
struct _SEP_LOGON_SESSION_TERMINATED_NOTIFICATION * PSEP_LOGON_SESSION_TERMINATED_NOTIFICATION
ULONG_PTR
uint32_t ULONG_PTR
Definition: typedefs.h:65
SepCommandPortViewBase
PVOID SepCommandPortViewBase
Definition: srm.c:48
RemoveEntryList
FORCEINLINE BOOLEAN RemoveEntryList(_In_ PLIST_ENTRY Entry)
Definition: rtlfuncs.h:105
_PORT_MESSAGE_HEADER
Definition: winternl.h:1746
CallbackRoutine
_Must_inspect_result_ _In_ PFLT_GET_OPERATION_STATUS_CALLBACK CallbackRoutine
Definition: fltkernel.h:1035
SECTION_ALL_ACCESS
#define SECTION_ALL_ACCESS
Definition: nt_native.h:1293
SepRmCommandServerThread
VOID NTAPI SepRmCommandServerThread(PVOID StartContext)
Definition: srm.c:1113
SepAdtMaxListLength
ULONG SepAdtMaxListLength
Definition: srm.c:56
TAG_SE_DIR_BUFFER
#define TAG_SE_DIR_BUFFER
Definition: tag.h:183
SepCommandPortViewBaseOffset
ULONG_PTR SepCommandPortViewBaseOffset
Definition: srm.c:50
SepRmCommandMessagePort
static HANDLE SepRmCommandMessagePort
Definition: srm.c:52
SEC_COMMIT
#define SEC_COMMIT
Definition: mmtypes.h:99
NTAPI
NTSTATUS(* NTAPI)(IN PFILE_FULL_EA_INFORMATION EaBuffer, IN ULONG EaLength, OUT PULONG ErrorOffset)
Definition: IoEaTest.cpp:117
FALSE
#define FALSE
Definition: types.h:117
PsInitialSystemProcess
PEPROCESS PsInitialSystemProcess
Definition: psmgr.c:50
KeStackAttachProcess
VOID NTAPI KeStackAttachProcess(IN PKPROCESS Process, OUT PRKAPC_STATE ApcState)
Definition: procobj.c:704
_LUID
Definition: devicetopology.idl:136
RtlEqualLuid
#define RtlEqualLuid(Luid1, Luid2)
Definition: rtlfuncs.h:301
ObSetDirectoryDeviceMap
NTSTATUS NTAPI ObSetDirectoryDeviceMap(OUT PDEVICE_MAP *DeviceMap, IN HANDLE DirectoryHandle)
Definition: devicemap.c:149
_UNICODE_STRING::Buffer
PWSTR Buffer
Definition: env_spec_w32.h:371
GENERIC_WRITE
#define GENERIC_WRITE
Definition: nt_native.h:90
_SEP_LOGON_SESSION_TERMINATED_NOTIFICATION::CallbackRoutine
PSE_LOGON_SESSION_TERMINATED_ROUTINE CallbackRoutine
Definition: srm.c:24
_SEP_LOGON_SESSION_REFERENCES::LogonId
LUID LogonId
Definition: setypes.h:160
Name
struct NameRec_ * Name
Definition: cdprocs.h:459
PsGetCurrentProcess
#define PsGetCurrentProcess
Definition: psfuncs.h:17
ZwCreateDirectoryObject
NTSYSAPI NTSTATUS NTAPI ZwCreateDirectoryObject(_Out_ PHANDLE DirectoryHandle, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_ATTRIBUTES ObjectAttributes)
BOOLEAN
unsigned char BOOLEAN
Definition: ProcessorBind.h:185
TAG_LOGON_NOTIFICATION
#define TAG_LOGON_NOTIFICATION
Definition: tag.h:187
_PORT_VIEW::ViewRemoteBase
LPC_PVOID ViewRemoteBase
Definition: ntifs.template.h:1633
SeAuditingState
UCHAR SeAuditingState[POLICY_AUDIT_EVENT_TYPE_COUNT]
Definition: srm.c:59
_snwprintf
int _snwprintf(wchar_t *buffer, size_t count, const wchar_t *format,...)
_DEVICE_MAP
Definition: obtypes.h:523
NameRec_
Definition: apinames.c:48
STATUS_LOGON_SESSION_EXISTS
#define STATUS_LOGON_SESSION_EXISTS
Definition: ntstatus.h:474
Result
_At_(*)(_In_ PWSK_CLIENT Client, _In_opt_ PUNICODE_STRING NodeName, _In_opt_ PUNICODE_STRING ServiceName, _In_opt_ ULONG NameSpace, _In_opt_ GUID *Provider, _In_opt_ PADDRINFOEXW Hints, _Outptr_ PADDRINFOEXW *Result, _In_opt_ PEPROCESS OwningProcess, _In_opt_ PETHREAD OwningThread, _Inout_ PIRP Irp Result)(Mem)) NTSTATUS(WSKAPI *PFN_WSK_GET_ADDRESS_INFO
Definition: wsk.h:426
_In_
#define _In_
Definition: ms_sal.h:308
SepRegQueryHelper
NTSTATUS NTAPI SepRegQueryHelper(_In_ PCWSTR KeyName, _In_ PCWSTR ValueName, _In_ ULONG ValueType, _In_ ULONG DataLength, _Out_ PVOID ValueData)
A private registry helper that returns the desired value data based on the specifics requested by the...
Definition: srm.c:94
SepRmSetAuditEvent
static NTSTATUS SepRmSetAuditEvent(PSEP_RM_API_MESSAGE Message)
Definition: srm.c:291
DataLength
_In_ ULONG _In_opt_ WDFREQUEST _In_opt_ PVOID _In_ size_t _In_ PVOID _In_ size_t _Out_ size_t * DataLength
Definition: cdrom.h:1437
Buffer
Definition: bufpool.h:45
ReplyMessage
BOOL WINAPI ReplyMessage(_In_ LRESULT)
KeyValuePartialInformation
Definition: nt_native.h:1182
KeyName
_Must_inspect_result_ _In_ WDFDEVICE _In_ PCUNICODE_STRING KeyName
Definition: wdfdevice.h:2697
_PORT_VIEW::Length
ULONG Length
Definition: ntifs.template.h:1628
POLICY_AUDIT_EVENT_TYPE_COUNT
#define POLICY_AUDIT_EVENT_TYPE_COUNT
Definition: srm.c:58
SepRmRemoveLogonSessionFromToken
NTSTATUS NTAPI SepRmRemoveLogonSessionFromToken(_Inout_ PTOKEN Token)
Removes a logon session from an access token.
Definition: srm.c:416
SepRmCommandServerThreadInit
BOOLEAN NTAPI SepRmCommandServerThreadInit(VOID)
Definition: srm.c:971
Status
Status
Definition: gdiplustypes.h:24
ZwConnectPort
NTSYSAPI NTSTATUS NTAPI ZwConnectPort(_Out_ PHANDLE PortHandle, _In_ PUNICODE_STRING PortName, _In_ PSECURITY_QUALITY_OF_SERVICE SecurityQos, _In_opt_ PPORT_VIEW ClientView, _In_opt_ PREMOTE_PORT_VIEW ServerView, _In_opt_ PULONG MaxMessageLength, _In_opt_ PVOID ConnectionInformation, _In_opt_ PULONG ConnectionInformationLength)
STATUS_NOT_FOUND
#define STATUS_NOT_FOUND
Definition: shellext.h:72
STATUS_OBJECT_TYPE_MISMATCH
#define STATUS_OBJECT_TYPE_MISMATCH
Definition: ntstatus.h:273
ASSERT
#define ASSERT(a)
Definition: mode.c:44
WCHAR
__wchar_t WCHAR
Definition: xmlstorage.h:180
NT_SUCCESS
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
_LUID::LowPart
DWORD LowPart
Definition: devicetopology.idl:138
_PORT_VIEW::ViewSize
LPC_SIZE_T ViewSize
Definition: ntifs.template.h:1631
ZwCreateSymbolicLinkObject
NTSYSAPI NTSTATUS NTAPI ZwCreateSymbolicLinkObject(_Out_ PHANDLE SymbolicLinkHandle, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ PUNICODE_STRING Name)
PSE_LOGON_SESSION_TERMINATED_ROUTINE
NTSTATUS(NTAPI * PSE_LOGON_SESSION_TERMINATED_ROUTINE)(IN PLUID LogonId)
Definition: setypes.h:1213
ObDereferenceObject
#define ObDereferenceObject
Definition: obfuncs.h:203
SeAnonymousAuthenticationId
LUID SeAnonymousAuthenticationId
Definition: token.c:23
ValueData
_In_ GUID _In_ PVOID ValueData
Definition: hubbusif.h:311
_SEP_LOGON_SESSION_REFERENCES::Next
struct _SEP_LOGON_SESSION_REFERENCES * Next
Definition: setypes.h:159
HANDLE
PVOID HANDLE
Definition: typedefs.h:73
_OBJECT_DIRECTORY_INFORMATION::Name
UNICODE_STRING Name
Definition: obtypes.h:278
SeSystemAuthenticationId
LUID SeSystemAuthenticationId
Definition: token.c:22
_SECURITY_QUALITY_OF_SERVICE
Definition: lsa.idl:63
TAG_SE_HANDLES_TAB
#define TAG_SE_HANDLES_TAB
Definition: tag.h:182
Message
CHAR Message[80]
Definition: alive.c:5
ExAllocatePoolWithTag
#define ExAllocatePoolWithTag(hernya, size, tag)
Definition: env_spec_w32.h:350
ValueName
_Must_inspect_result_ _In_ WDFKEY _In_ PCUNICODE_STRING ValueName
Definition: wdfregistry.h:240
UCHAR
unsigned char UCHAR
Definition: xmlstorage.h:181
ObCloseHandle
NTSTATUS NTAPI ObCloseHandle(IN HANDLE Handle, IN KPROCESSOR_MODE AccessMode)
Definition: obhandle.c:3375
SECURITY_DYNAMIC_TRACKING
#define SECURITY_DYNAMIC_TRACKING
Definition: setypes.h:103
SepLogonNotifications
PSEP_LOGON_SESSION_TERMINATED_NOTIFICATION SepLogonNotifications
Definition: srm.c:63
L
static const WCHAR L[]
Definition: oid.c:1250
_LUID::HighPart
LONG HighPart
Definition: devicetopology.idl:139
PHANDLE
PVOID *typedef PHANDLE
Definition: ntsecpkg.h:454
OBJ_PERMANENT
#define OBJ_PERMANENT
Definition: winternl.h:226
_LARGE_INTEGER::LowPart
ULONG LowPart
Definition: typedefs.h:106
TargetName
WCHAR TargetName[256]
Definition: arping.c:27
PAGE_SIZE
#define PAGE_SIZE
Definition: env_spec_w32.h:49
SeLsaInitEvent
HANDLE SeLsaInitEvent
Definition: srm.c:46
ZwReplyWaitReceivePort
NTSYSAPI NTSTATUS NTAPI ZwReplyWaitReceivePort(_In_ HANDLE PortHandle, _Out_opt_ PVOID *PortContext, _In_opt_ PPORT_MESSAGE ReplyMessage, _Out_ PPORT_MESSAGE ReceiveMessage)
_EPROCESS::Pcb
KPROCESS Pcb
Definition: pstypes.h:1262
Cleanup
static const WCHAR Cleanup[]
Definition: register.c:80
Notification
_In_ PWDFDEVICE_INIT _In_ PFN_WDF_DEVICE_SHUTDOWN_NOTIFICATION Notification
Definition: wdfcontrol.h:113
_SEP_LOGON_SESSION_REFERENCES::pDeviceMap
PDEVICE_MAP pDeviceMap
Definition: setypes.h:163
SepRmInsertLogonSessionIntoToken
NTSTATUS NTAPI SepRmInsertLogonSessionIntoToken(_Inout_ PTOKEN Token)
Inserts a logon session into an access token specified by the caller.
Definition: srm.c:335
_SECURITY_QUALITY_OF_SERVICE::Length
DWORD Length
Definition: lsa.idl:64
wcscmp
_Check_return_ _CRTIMP int __cdecl wcscmp(_In_z_ const wchar_t *_Str1, _In_z_ const wchar_t *_Str2)
_UNICODE_STRING
Definition: env_spec_w32.h:368
SepAdtInitializeBounds
static VOID SepAdtInitializeBounds(VOID)
Definition: srm.c:252
_PORT_VIEW::ViewBase
LPC_PVOID ViewBase
Definition: ntifs.template.h:1632
KeInitializeGuardedMutex
VOID FASTCALL KeInitializeGuardedMutex(OUT PKGUARDED_MUTEX GuardedMutex)
Definition: gmutex.c:31
_SEP_LOGON_SESSION_REFERENCES
Definition: setypes.h:157
i
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
KEY_QUERY_VALUE
#define KEY_QUERY_VALUE
Definition: nt_native.h:1016
KeUnstackDetachProcess
VOID NTAPI KeUnstackDetachProcess(IN PRKAPC_STATE ApcState)
Definition: procobj.c:756
InitializeListHead
#define InitializeListHead(ListHead)
Definition: env_spec_w32.h:944
DIRECTORY_ALL_ACCESS
#define DIRECTORY_ALL_ACCESS
Definition: nt_native.h:1259
_SEP_LOGON_SESSION_TERMINATED_NOTIFICATION::Next
struct _SEP_LOGON_SESSION_TERMINATED_NOTIFICATION * Next
Definition: srm.c:23
PORT_MAXIMUM_MESSAGE_LENGTH
#define PORT_MAXIMUM_MESSAGE_LENGTH
Definition: iotypes.h:2029
STATUS_NO_MEMORY
#define STATUS_NO_MEMORY
Definition: ntstatus.h:260
SepLogonSessions
PSEP_LOGON_SESSION_REFERENCES SepLogonSessions
Definition: srm.c:62
PsCreateSystemThread
NTSTATUS NTAPI PsCreateSystemThread(OUT PHANDLE ThreadHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes, IN HANDLE ProcessHandle, IN PCLIENT_ID ClientId, IN PKSTART_ROUTINE StartRoutine, IN PVOID StartContext)
Definition: thread.c:602
_SEP_LOGON_SESSION_REFERENCES::ReferenceCount
ULONG ReferenceCount
Definition: setypes.h:161
ApcState
_Out_ PKAPC_STATE ApcState
Definition: mm.h:1679
_SECURITY_QUALITY_OF_SERVICE::ImpersonationLevel
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
Definition: lsa.idl:65
PULONG
unsigned int * PULONG
Definition: retypes.h:1
NULL
#define NULL
Definition: types.h:112
LogonId
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID LogonId
Definition: ntifs.template.h:711
_KGUARDED_MUTEX
Definition: ketypes.h:814
_KEY_VALUE_PARTIAL_INFORMATION
Definition: nt_native.h:1165
KeReleaseGuardedMutex
VOID FASTCALL KeReleaseGuardedMutex(IN OUT PKGUARDED_MUTEX GuardedMutex)
Definition: gmutex.c:53
_LARGE_INTEGER
Definition: typedefs.h:102
DPRINT1
#define DPRINT1
Definition: precomp.h:8
SepCleanupLUIDDeviceMapDirectory
static NTSTATUS SepCleanupLUIDDeviceMapDirectory(_In_ PLUID LogonLuid)
Definition: srm.c:672
_SECURITY_QUALITY_OF_SERVICE::EffectiveOnly
BOOLEAN EffectiveOnly
Definition: lsa.idl:67
Context
struct tagContext Context
Definition: acpixf.h:1034
OUT
#define OUT
Definition: typedefs.h:40
_SEP_LOGON_SESSION_REFERENCES::TokenList
LIST_ENTRY TokenList
Definition: setypes.h:164
SeRmInitPhase1
BOOLEAN NTAPI SeRmInitPhase1(VOID)
Definition: srm.c:196
ULONG
unsigned int ULONG
Definition: retypes.h:1
DIRECTORY_QUERY
#define DIRECTORY_QUERY
Definition: nt_native.h:1254
RtlInitUnicodeString
NTSYSAPI VOID NTAPI RtlInitUnicodeString(PUNICODE_STRING DestinationString, PCWSTR SourceString)
ULONG_PTR
#define ULONG_PTR
Definition: config.h:101
InitializeObjectAttributes
#define InitializeObjectAttributes(p, n, a, r, s)
Definition: reg.c:106
SeMarkLogonSessionForTerminationNotification
NTSTATUS NTAPI SeMarkLogonSessionForTerminationNotification(_In_ PLUID LogonId)
Marks a logon session for future termination, given its logon ID. This triggers a callout (the regist...
Definition: srm.c:1383
SeUnregisterLogonSessionTerminatedRoutine
NTSTATUS NTAPI SeUnregisterLogonSessionTerminatedRoutine(IN PSE_LOGON_SESSION_TERMINATED_ROUTINE CallbackRoutine)
Definition: srm.c:1473
RtlCopyMemory
#define RtlCopyMemory(Destination, Source, Length)
Definition: typedefs.h:263
ZwCreatePort
NTSYSAPI NTSTATUS NTAPI ZwCreatePort(_Out_ PHANDLE PortHandle, _In_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ ULONG MaxConnectionInfoLength, _In_ ULONG MaxMessageLength, _In_ ULONG MaxPoolUsage)
ResultLength
_Must_inspect_result_ _In_ WDFDEVICE _In_ DEVICE_REGISTRY_PROPERTY _In_ ULONG _Out_ PULONG ResultLength
Definition: wdfdevice.h:3776
_PORT_VIEW::SectionHandle
LPC_HANDLE SectionHandle
Definition: ntifs.template.h:1629
STATUS_SUCCESS
#define STATUS_SUCCESS
Definition: shellext.h:65
DPRINT
#define DPRINT
Definition: sndvol32.h:71
SeRegisterLogonSessionTerminatedRoutine
NTSTATUS NTAPI SeRegisterLogonSessionTerminatedRoutine(IN PSE_LOGON_SESSION_TERMINATED_ROUTINE CallbackRoutine)
Definition: srm.c:1434
SepRmDereferenceLogonSession
NTSTATUS SepRmDereferenceLogonSession(PLUID LogonLuid)
Definition: srm.c:915
_TOKEN
Definition: setypes.h:197
REG_DWORD
#define REG_DWORD
Definition: sdbapi.c:596
ExFreePoolWithTag
#define ExFreePoolWithTag(_P, _T)
Definition: module.h:1099
ZwMakeTemporaryObject
NTSYSAPI NTSTATUS NTAPI ZwMakeTemporaryObject(_In_ HANDLE Handle)
_SEP_LOGON_SESSION_TERMINATED_NOTIFICATION
Definition: srm.c:21
_SEP_LOGON_SESSION_REFERENCES::Flags
ULONG Flags
Definition: setypes.h:162
ZwOpenSymbolicLinkObject
NTSYSAPI NTSTATUS NTAPI ZwOpenSymbolicLinkObject(_Out_ PHANDLE SymbolicLinkHandle, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_ATTRIBUTES ObjectAttributes)
_LARGE_INTEGER::QuadPart
LONGLONG QuadPart
Definition: typedefs.h:114
_OBJECT_DIRECTORY_INFORMATION::TypeName
UNICODE_STRING TypeName
Definition: obtypes.h:279
_REMOTE_PORT_VIEW
Definition: ntifs.template.h:1636
PAGE_READWRITE
#define PAGE_READWRITE
Definition: nt_native.h:1304
PortName
IN PUNICODE_STRING PortName
Definition: conport.c:35
PAGED_CODE
#define PAGED_CODE()
Definition: Bus_PDO_QueryResourceRequirements.c:89
SepRmDbLock
KGUARDED_MUTEX SepRmDbLock
Definition: srm.c:61