58#define POLICY_AUDIT_EVENT_TYPE_COUNT 9
109 } KeyValueInformation;
130 &KeyValueInformation.Partial,
131 sizeof(KeyValueInformation),
138 if ((KeyValueInformation.Partial.Type !=
ValueType) ||
139 (KeyValueInformation.Partial.DataLength !=
DataLength))
228 DPRINT1(
"Security: Rm Create Command Port failed 0x%lx\n",
Status);
242 DPRINT1(
"Security: LSA init event creation failed.0x%xl\n",
Status);
256 DPRINT1(
"Security: Rm Server Thread creation failed 0x%lx\n",
Status);
296 if ((ListBounds.MaxLength < ListBounds.MinLength) ||
297 (ListBounds.MinLength < 16) ||
298 (ListBounds.MaxLength - ListBounds.MinLength < 16))
300 DPRINT1(
"ListBounds are invalid: %u, %u\n",
301 ListBounds.MinLength, ListBounds.MaxLength);
381 LogonSession !=
NULL;
382 LogonSession = LogonSession->
Next)
396 if (LogonSession ==
NULL)
398 DPRINT1(
"SepRmInsertLogonSessionIntoToken(): Couldn't insert the logon session into the specific access token!\n");
412 DPRINT1(
"SepRmInsertLogonSessionIntoToken(): Couldn't allocate new logon session into the memory pool!\n");
422 Token->LogonSession->Next = LogonSession->
Next;
425 Token->LogonSession->Flags = LogonSession->
Flags;
462 LogonSession !=
NULL;
463 LogonSession = LogonSession->
Next)
476 if (LogonSession ==
NULL)
478 DPRINT1(
"SepRmRemoveLogonSessionFromToken(): Couldn't remove the logon session from the access token!\n");
519 DPRINT(
"SepRmCreateLogonSession(%08lx:%08lx)\n",
520 LogonLuid->HighPart, LogonLuid->LowPart);
526 if (NewSession ==
NULL)
532 NewSession->
LogonId = *LogonLuid;
534 NewSession->
Flags = 0;
543 CurrentSession !=
NULL;
544 CurrentSession = CurrentSession->
Next)
597 DPRINT(
"SepRmDeleteLogonSession(%08lx:%08lx)\n",
598 LogonLuid->HighPart, LogonLuid->LowPart);
605 SessionToDelete !=
NULL;
606 SessionToDelete = SessionToDelete->
Next)
620 DPRINT1(
"SepRmDeleteLogonSession(): We're not allowed to delete anonymous/system sessions!\n");
636 if (SessionToDelete ==
NULL)
638 DPRINT1(
"SepRmDeleteLogonSession(): The logon session with this LUID doesn't exist!\n");
647 DPRINT1(
"SepRmDeleteLogonSession(): The logon session is still in use!\n");
662 DPRINT1(
"SepRmDeleteLogonSession(): Failed to clean the LUID device map directory of the logon (Status: 0x%lx)\n",
Status);
671 DPRINT(
"SepRmDeleteLogonSession(): Logon session deleted with success!\n");
702 DPRINT(
"SepRmReferenceLogonSession(%08lx:%08lx)\n",
703 LogonLuid->HighPart, LogonLuid->LowPart);
710 CurrentSession !=
NULL;
711 CurrentSession = CurrentSession->
Next)
769 if (LogonLuid ==
NULL)
789 L"\\Sessions\\0\\DosDevices\\%08x-%08x",
815 DirectoryInfo =
NULL;
821 LinksSize = LinksCount *
sizeof(
HANDLE);
833 if (LinksBuffer ==
NULL)
845 if (DirectoryInfo !=
NULL)
888 if (DirectoryInfo !=
NULL)
898 if (DirectoryInfo ==
NULL)
918 if (CurrentLinks >= LinksCount)
921 for (
i = 0;
i < CurrentLinks; ++
i)
930 LinksSize = LinksCount *
sizeof(
HANDLE);
933 goto AllocateLinksAgain;
938 &DirectoryInfo->
Name,
954 LinksBuffer[CurrentLinks] = LinkHandle;
967 for (
i = 0;
i < CurrentLinks; ++
i)
975 if (DirectoryInfo !=
NULL)
1015 DPRINT(
"SepRmDereferenceLogonSession(%08lx:%08lx)\n",
1016 LogonLuid->HighPart, LogonLuid->LowPart);
1023 CurrentSession !=
NULL;
1024 CurrentSession = CurrentSession->
Next)
1041 if (DeviceMap !=
NULL)
1088 SectionHandle =
NULL;
1098 DPRINT1(
"Security Rm Init: Waiting for LSA Init Event failed 0x%lx\n",
Status);
1107 Message.Header.u1.s1.DataLength = 0;
1113 DPRINT1(
"Security Rm Init: Listen to Command Port failed 0x%lx\n",
Status);
1118 RemotePortView.
Length =
sizeof(RemotePortView);
1129 DPRINT1(
"Security Rm Init: Accept Connect to Command Port failed 0x%lx\n",
Status);
1137 DPRINT1(
"Security Rm Init: Complete Connect to Command Port failed 0x%lx\n",
Status);
1143 Status = ZwCreateSection(&SectionHandle,
1152 DPRINT1(
"Security Rm Init: Create Memory Section for LSA port failed: %X\n",
Status);
1157 PortView.
Length =
sizeof(PortView);
1165 SecurityQos.
Length =
sizeof(SecurityQos);
1182 DPRINT1(
"Security Rm Init: Connect to LSA Port failed 0x%lx\n",
Status);
1192 DPRINT(
"SepRmCommandServerThreadInit: done\n");
1198 if (PortHandle !=
NULL)
1207 if (SectionHandle !=
NULL)
1237 DPRINT1(
"Security: Terminating Rm Command Server Thread\n");
1286 DPRINT1(
"SepRmCommandServerThread: unexpected message type: 0x%lx\n",
1311 DPRINT1(
"SepRmDispatchRequest: invalid API number: 0x%lx\n",
1372 CurrentSession !=
NULL;
1373 CurrentSession = CurrentSession->
Next)
1383 if (CurrentSession ==
NULL)
1414 L"\\Sessions\\0\\DosDevices\\%08x-%08x",
1516 DPRINT(
"SeMarkLogonSessionForTerminationNotification(%08lx:%08lx)\n",
1524 SessionToMark !=
NULL;
1525 SessionToMark = SessionToMark->
Next)
1539 if (SessionToMark ==
NULL)
1541 DPRINT1(
"SeMarkLogonSessionForTerminationNotification(): Logon session couldn't be found!\n");
1548 DPRINT(
"SeMarkLogonSessionForTerminationNotification(): Logon session marked for termination with success!\n");
1638 Current = Current->
Next)
1647 if (Current ==
NULL)
1654 if (Previous ==
NULL)
static UNICODE_STRING PortName
static HANDLE DirectoryHandle
_In_ ULONG _In_opt_ WDFREQUEST _In_opt_ PVOID _In_ size_t _In_ PVOID _In_ size_t _Out_ size_t * DataLength
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
#define NT_SUCCESS(StatCode)
static const WCHAR Message[]
static const WCHAR Cleanup[]
IN CINT OUT PVOID IN ULONG OUT PULONG ReturnLength
#define RemoveEntryList(Entry)
#define InsertHeadList(ListHead, Entry)
#define ExAllocatePoolWithTag(hernya, size, tag)
#define InitializeListHead(ListHead)
_Must_inspect_result_ _In_ PFILE_OBJECT _In_ ULONG _In_ BOOLEAN _In_ ULONG _In_opt_ PULONG _In_ BOOLEAN RestartScan
_Must_inspect_result_ _In_ PFLT_GET_OPERATION_STATUS_CALLBACK CallbackRoutine
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
VOID FASTCALL KeInitializeGuardedMutex(OUT PKGUARDED_MUTEX GuardedMutex)
VOID FASTCALL KeReleaseGuardedMutex(IN OUT PKGUARDED_MUTEX GuardedMutex)
VOID FASTCALL KeAcquireGuardedMutex(IN PKGUARDED_MUTEX GuardedMutex)
_In_ GUID _In_ PVOID ValueData
#define OBJ_KERNEL_HANDLE
#define OBJ_CASE_INSENSITIVE
NTSYSAPI NTSTATUS NTAPI ZwListenPort(_In_ HANDLE PortHandle, _In_ PPORT_MESSAGE ConnectionRequest)
NTSYSAPI NTSTATUS NTAPI ZwReplyWaitReceivePort(_In_ HANDLE PortHandle, _Out_opt_ PVOID *PortContext, _In_opt_ PPORT_MESSAGE ReplyMessage, _Out_ PPORT_MESSAGE ReceiveMessage)
NTSYSAPI NTSTATUS NTAPI ZwAcceptConnectPort(_Out_ PHANDLE PortHandle, _In_opt_ PVOID PortContext, _In_ PPORT_MESSAGE ConnectionRequest, _In_ BOOLEAN AcceptConnection, _In_opt_ PPORT_VIEW ServerView, _In_opt_ PREMOTE_PORT_VIEW ClientView)
NTSYSAPI NTSTATUS NTAPI ZwCreatePort(_Out_ PHANDLE PortHandle, _In_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ ULONG MaxConnectionInfoLength, _In_ ULONG MaxMessageLength, _In_ ULONG MaxPoolUsage)
NTSYSAPI NTSTATUS NTAPI ZwConnectPort(_Out_ PHANDLE PortHandle, _In_ PUNICODE_STRING PortName, _In_ PSECURITY_QUALITY_OF_SERVICE SecurityQos, _In_opt_ PPORT_VIEW ClientView, _In_opt_ PREMOTE_PORT_VIEW ServerView, _In_opt_ PULONG MaxMessageLength, _In_opt_ PVOID ConnectionInformation, _In_opt_ PULONG ConnectionInformationLength)
NTSYSAPI NTSTATUS NTAPI ZwCompleteConnectPort(_In_ HANDLE PortHandle)
#define ExFreePoolWithTag(_P, _T)
int _snwprintf(wchar_t *buffer, size_t count, const wchar_t *format,...)
#define LPC_CONNECTION_REQUEST
#define InitializeObjectAttributes(p, n, a, r, s)
_Must_inspect_result_ _Out_ PNDIS_STATUS _In_ NDIS_HANDLE _In_ ULONG _Out_ PNDIS_STRING _Out_ PNDIS_HANDLE KeyHandle
NTSYSAPI NTSTATUS NTAPI ZwOpenSymbolicLinkObject(_Out_ PHANDLE SymbolicLinkHandle, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_ATTRIBUTES ObjectAttributes)
NTSYSAPI NTSTATUS NTAPI ZwOpenDirectoryObject(_Out_ PHANDLE FileHandle, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_ATTRIBUTES ObjectAttributes)
NTSYSAPI NTSTATUS NTAPI ZwClose(_In_ HANDLE Handle)
NTSYSAPI NTSTATUS NTAPI ZwCreateSymbolicLinkObject(_Out_ PHANDLE SymbolicLinkHandle, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ PUNICODE_STRING Name)
NTSYSAPI NTSTATUS NTAPI ZwMakeTemporaryObject(_In_ HANDLE Handle)
NTSYSAPI NTSTATUS NTAPI ZwCreateDirectoryObject(_Out_ PHANDLE DirectoryHandle, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_ATTRIBUTES ObjectAttributes)
#define SYMBOLIC_LINK_ALL_ACCESS
#define THREAD_ALL_ACCESS
@ KeyValuePartialInformation
#define SECTION_ALL_ACCESS
NTSYSAPI VOID NTAPI RtlInitUnicodeString(PUNICODE_STRING DestinationString, PCWSTR SourceString)
#define DIRECTORY_ALL_ACCESS
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID LogonId
_Out_ PKAPC_STATE ApcState
NTSTATUS NTAPI PsCreateSystemThread(OUT PHANDLE ThreadHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes, IN HANDLE ProcessHandle, IN PCLIENT_ID ClientId, IN PKSTART_ROUTINE StartRoutine, IN PVOID StartContext)
NTSTATUS NTAPI SepRmRemoveLogonSessionFromToken(_Inout_ PTOKEN Token)
Removes a logon session from an access token.
NTSTATUS NTAPI SeRegisterLogonSessionTerminatedRoutine(_In_ PSE_LOGON_SESSION_TERMINATED_ROUTINE CallbackRoutine)
Registers a callback that will be called once a logon session terminates.
NTSTATUS NTAPI SepRmInsertLogonSessionIntoToken(_Inout_ PTOKEN Token)
Inserts a logon session into an access token specified by the caller.
NTSTATUS SepRmDereferenceLogonSession(_In_ PLUID LogonLuid)
De-references a logon session. If the session has a reference count of 0 by the time the function has...
struct _SEP_LOGON_SESSION_TERMINATED_NOTIFICATION * PSEP_LOGON_SESSION_TERMINATED_NOTIFICATION
UCHAR SeAuditingState[POLICY_AUDIT_EVENT_TYPE_COUNT]
BOOLEAN SepAdtAuditingEnabled
NTSTATUS SepRmReferenceLogonSession(_In_ PLUID LogonLuid)
References a logon session.
NTSTATUS NTAPI SepRegQueryHelper(_In_ PCWSTR KeyName, _In_ PCWSTR ValueName, _In_ ULONG ValueType, _In_ ULONG DataLength, _Out_ PVOID ValueData)
A private registry helper that returns the desired value data based on the specifics requested by the...
NTSTATUS NTAPI SeUnregisterLogonSessionTerminatedRoutine(_In_ PSE_LOGON_SESSION_TERMINATED_ROUTINE CallbackRoutine)
Un-registers a callback routine, previously registered by SeRegisterLogonSessionTerminatedRoutine fun...
PVOID SepCommandPortViewBase
NTSTATUS NTAPI SeMarkLogonSessionForTerminationNotification(_In_ PLUID LogonId)
Marks a logon session for future termination, given its logon ID. This triggers a callout (the regist...
VOID NTAPI SepRmCommandServerThread(_In_ PVOID StartContext)
Manages the SRM server API commands, that is, receiving such API command messages from the user mode ...
static NTSTATUS SepRmDeleteLogonSession(_In_ PLUID LogonLuid)
Deletes a logon session from the logon sessions database.
KGUARDED_MUTEX SepRmDbLock
BOOLEAN NTAPI SeRmInitPhase0(VOID)
Manages the phase 0 initialization of the security reference monitoring module of the kernel.
static HANDLE SepRmCommandMessagePort
NTSTATUS NTAPI SeGetLogonIdDeviceMap(_In_ PLUID LogonId, _Out_ PDEVICE_MAP *DeviceMap)
Retrieves the DOS device map from a logon session.
LUID SeSystemAuthenticationId
static NTSTATUS SepRmCreateLogonSession(_In_ PLUID LogonLuid)
Creates a logon session. The security reference monitoring (SRM) module of Executive uses this as an ...
static NTSTATUS SepCleanupLUIDDeviceMapDirectory(_In_ PLUID LogonLuid)
Cleans the DOS device map directory of a logon session.
ULONG SepAdtMinListLength
LUID SeAnonymousAuthenticationId
#define POLICY_AUDIT_EVENT_TYPE_COUNT
PVOID SepCommandPortViewRemoteBase
BOOLEAN NTAPI SepRmCommandServerThreadInit(VOID)
Main SRM server thread initialization function. It deals with security manager and LSASS port connect...
ULONG_PTR SepCommandPortViewBaseOffset
static VOID SepAdtInitializeBounds(VOID)
Initializes the local security authority audit bounds.
static NTSTATUS SepRmSetAuditEvent(_Inout_ PSEP_RM_API_MESSAGE Message)
Sets an audit event for future security auditing monitoring.
BOOLEAN NTAPI SeRmInitPhase1(VOID)
Manages the phase 1 initialization of the security reference monitoring module of the kernel.
ULONG SepAdtMaxListLength
struct _SEP_LOGON_SESSION_TERMINATED_NOTIFICATION SEP_LOGON_SESSION_TERMINATED_NOTIFICATION
PSEP_LOGON_SESSION_TERMINATED_NOTIFICATION SepLogonNotifications
PSEP_LOGON_SESSION_REFERENCES SepLogonSessions
#define STATUS_BAD_LOGON_SESSION_STATE
#define STATUS_NO_SUCH_LOGON_SESSION
#define STATUS_NO_MORE_ENTRIES
#define STATUS_LOGON_SESSION_EXISTS
#define STATUS_OBJECT_TYPE_MISMATCH
NTSTATUS NTAPI ObSetDirectoryDeviceMap(OUT PDEVICE_MAP *DeviceMap, IN HANDLE DirectoryHandle)
BOOLEAN FASTCALL ObReferenceObjectSafe(IN PVOID Object)
VOID FASTCALL ObfDereferenceDeviceMap(IN PDEVICE_MAP DeviceMap)
NTSTATUS NTAPI ObCloseHandle(IN HANDLE Handle, IN KPROCESSOR_MODE AccessMode)
VOID NTAPI KeStackAttachProcess(IN PKPROCESS Process, OUT PRKAPC_STATE ApcState)
VOID NTAPI KeUnstackDetachProcess(IN PRKAPC_STATE ApcState)
PEPROCESS PsInitialSystemProcess
_Check_return_ _CRTIMP int __cdecl wcscmp(_In_z_ const wchar_t *_Str1, _In_z_ const wchar_t *_Str2)
#define STATUS_BUFFER_TOO_SMALL
SECURITY_CONTEXT_TRACKING_MODE ContextTrackingMode
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
struct _SEP_LOGON_SESSION_REFERENCES * Next
struct _SEP_LOGON_SESSION_TERMINATED_NOTIFICATION * Next
PSE_LOGON_SESSION_TERMINATED_ROUTINE CallbackRoutine
#define TAG_LOGON_SESSION
#define TAG_SE_DIR_BUFFER
#define TAG_LOGON_NOTIFICATION
#define TAG_SE_HANDLES_TAB
#define RtlCopyMemory(Destination, Source, Length)
#define STATUS_INVALID_PARAMETER
#define STATUS_INSUFFICIENT_RESOURCES
_In_ PWDFDEVICE_INIT _In_ PFN_WDF_DEVICE_SHUTDOWN_NOTIFICATION Notification
_Must_inspect_result_ _In_ WDFDEVICE _In_ DEVICE_REGISTRY_PROPERTY _In_ ULONG _Out_ PULONG ResultLength
_Must_inspect_result_ _In_ WDFDEVICE _In_ PCUNICODE_STRING KeyName
_Must_inspect_result_ _In_ WDFKEY _In_ PCUNICODE_STRING _In_ ULONG _Out_opt_ PULONG _Out_opt_ PULONG ValueType
_Must_inspect_result_ _In_ WDFKEY _In_ PCUNICODE_STRING ValueName
BOOL WINAPI ReplyMessage(_In_ LRESULT)
_At_(*)(_In_ PWSK_CLIENT Client, _In_opt_ PUNICODE_STRING NodeName, _In_opt_ PUNICODE_STRING ServiceName, _In_opt_ ULONG NameSpace, _In_opt_ GUID *Provider, _In_opt_ PADDRINFOEXW Hints, _Outptr_ PADDRINFOEXW *Result, _In_opt_ PEPROCESS OwningProcess, _In_opt_ PETHREAD OwningThread, _Inout_ PIRP Irp Result)(Mem)) NTSTATUS(WSKAPI *PFN_WSK_GET_ADDRESS_INFO
#define PORT_MAXIMUM_MESSAGE_LENGTH
#define ObDereferenceObject
#define PsGetCurrentProcess
#define RtlEqualLuid(Luid1, Luid2)
NTSTATUS(NTAPI * PSE_LOGON_SESSION_TERMINATED_ROUTINE)(IN PLUID LogonId)
#define SEP_LOGON_SESSION_TERMINATION_NOTIFY
#define SECURITY_DYNAMIC_TRACKING