ReactOS  0.4.15-dev-3017-g1d9542d
srm.c
Go to the documentation of this file.
1 /*
2  * PROJECT: ReactOS Kernel
3  * LICENSE: GPL-2.0-or-later (https://spdx.org/licenses/GPL-2.0-or-later)
4  * PURPOSE: Security Reference Monitor Server
5  * COPYRIGHT: Copyright Timo Kreuzer <timo.kreuzer@reactos.org>
6  * Copyright Pierre Schweitzer <pierre@reactos.org>
7  * Copyright 2021 George BiČ™oc <george.bisoc@reactos.org>
8  */
9 
10 /* INCLUDES *******************************************************************/
11 
12 #include <ntoskrnl.h>
13 #define NDEBUG
14 #include <debug.h>
15 
18 
19 /* PRIVATE DEFINITIONS ********************************************************/
20 
22 {
26 
27 VOID
28 NTAPI
30  PVOID StartContext);
31 
32 static
35  _In_ PLUID LogonLuid);
36 
37 static
40  PLUID LogonLuid);
41 
42 
43 /* GLOBALS ********************************************************************/
44 
47 
51 
53 
57 
58 #define POLICY_AUDIT_EVENT_TYPE_COUNT 9 // (AuditCategoryAccountLogon - AuditCategorySystem + 1)
60 
64 
65 
66 /* PRIVATE FUNCTIONS **********************************************************/
67 
93 NTAPI
100 {
101  UNICODE_STRING ValueNameString;
102  UNICODE_STRING KeyNameString;
106  struct
107  {
109  UCHAR Buffer[64];
110  } KeyValueInformation;
111  NTSTATUS Status, CloseStatus;
112  PAGED_CODE();
113 
114  RtlInitUnicodeString(&KeyNameString, KeyName);
116  &KeyNameString,
118  NULL,
119  NULL);
120 
122  if (!NT_SUCCESS(Status))
123  {
124  return Status;
125  }
126 
127  RtlInitUnicodeString(&ValueNameString, ValueName);
128  Status = ZwQueryValueKey(KeyHandle,
129  &ValueNameString,
131  &KeyValueInformation.Partial,
132  sizeof(KeyValueInformation),
133  &ResultLength);
134  if (!NT_SUCCESS(Status))
135  {
136  goto Cleanup;
137  }
138 
139  if ((KeyValueInformation.Partial.Type != ValueType) ||
140  (KeyValueInformation.Partial.DataLength != DataLength))
141  {
143  goto Cleanup;
144  }
145 
146  if (ValueType == REG_BINARY)
147  {
148  RtlCopyMemory(ValueData, KeyValueInformation.Partial.Data, DataLength);
149  }
150  else if (ValueType == REG_DWORD)
151  {
152  *(PULONG)ValueData = *(PULONG)KeyValueInformation.Partial.Data;
153  }
154  else
155  {
157  }
158 
159 Cleanup:
160  CloseStatus = ZwClose(KeyHandle);
161  ASSERT(NT_SUCCESS( CloseStatus ));
162 
163  return Status;
164 }
165 
166 
167 BOOLEAN
168 NTAPI
170 {
172 
173  /* Initialize the database lock */
175 
176  /* Create the system logon session */
178  if (!NT_VERIFY(NT_SUCCESS(Status)))
179  {
180  return FALSE;
181  }
182 
183  /* Create the anonymous logon session */
185  if (!NT_VERIFY(NT_SUCCESS(Status)))
186  {
187  return FALSE;
188  }
189 
190  return TRUE;
191 }
192 
193 
194 BOOLEAN
195 NTAPI
197 {
200  HANDLE ThreadHandle;
202 
203  /* Create the SeRm command port */
204  RtlInitUnicodeString(&Name, L"\\SeRmCommandPort");
208  sizeof(ULONG),
210  2 * PAGE_SIZE);
211  if (!NT_SUCCESS(Status))
212  {
213  DPRINT1("Security: Rm Create Command Port failed 0x%lx\n", Status);
214  return FALSE;
215  }
216 
217  /* Create SeLsaInitEvent */
218  RtlInitUnicodeString(&Name, L"\\SeLsaInitEvent");
220  Status = ZwCreateEvent(&SeLsaInitEvent,
224  FALSE);
225  if (!NT_VERIFY((NT_SUCCESS(Status))))
226  {
227  DPRINT1("Security: LSA init event creation failed.0x%xl\n", Status);
228  return FALSE;
229  }
230 
231  /* Create the SeRm server thread */
232  Status = PsCreateSystemThread(&ThreadHandle,
234  NULL,
235  NULL,
236  NULL,
238  NULL);
239  if (!NT_SUCCESS(Status))
240  {
241  DPRINT1("Security: Rm Server Thread creation failed 0x%lx\n", Status);
242  return FALSE;
243  }
244 
245  ObCloseHandle(ThreadHandle, KernelMode);
246 
247  return TRUE;
248 }
249 
250 static
251 VOID
253 {
254  struct
255  {
256  ULONG MaxLength;
257  ULONG MinLength;
258  } ListBounds;
260  PAGED_CODE();
261 
262  Status = SepRegQueryHelper(L"\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Lsa",
263  L"Bounds",
264  REG_BINARY,
265  sizeof(ListBounds),
266  &ListBounds);
267  if (!NT_SUCCESS(Status))
268  {
269  /* No registry values, so keep hardcoded defaults */
270  return;
271  }
272 
273  /* Check if the bounds are valid */
274  if ((ListBounds.MaxLength < ListBounds.MinLength) ||
275  (ListBounds.MinLength < 16) ||
276  (ListBounds.MaxLength - ListBounds.MinLength < 16))
277  {
278  DPRINT1("ListBounds are invalid: %u, %u\n",
279  ListBounds.MinLength, ListBounds.MaxLength);
280  return;
281  }
282 
283  /* Set the new bounds globally */
284  SepAdtMinListLength = ListBounds.MinLength;
285  SepAdtMaxListLength = ListBounds.MaxLength;
286 }
287 
288 
289 static
290 NTSTATUS
293 {
294  ULONG i;
295  PAGED_CODE();
296 
297  /* First re-initialize the bounds from the registry */
299 
300  /* Make sure we have the right message and clear */
301  ASSERT(Message->ApiNumber == RmAuditSetCommand);
302  Message->ApiNumber = 0;
303 
304  /* Store the enable flag in the global variable */
305  SepAdtAuditingEnabled = Message->u.SetAuditEvent.Enabled;
306 
307  /* Loop all audit event types */
308  for (i = 0; i < POLICY_AUDIT_EVENT_TYPE_COUNT; i++)
309  {
310  /* Save the provided flags in the global array */
311  SeAuditingState[i] = (UCHAR)Message->u.SetAuditEvent.Flags[i];
312  }
313 
314  return STATUS_SUCCESS;
315 }
316 
333 NTSTATUS
334 NTAPI
337 {
338  PSEP_LOGON_SESSION_REFERENCES LogonSession;
339  PAGED_CODE();
340 
341  /* Ensure that our token is not some plain garbage */
342  ASSERT(Token);
343 
344  /* Acquire the database lock */
346 
347  for (LogonSession = SepLogonSessions;
348  LogonSession != NULL;
349  LogonSession = LogonSession->Next)
350  {
351  /*
352  * The insertion of a logon session into the token has to be done
353  * only IF the authentication ID of the token matches with the ID
354  * of the logon itself.
355  */
356  if (RtlEqualLuid(&LogonSession->LogonId, &Token->AuthenticationId))
357  {
358  break;
359  }
360  }
361 
362  /* If we reach this then we cannot proceed further */
363  if (LogonSession == NULL)
364  {
365  DPRINT1("SepRmInsertLogonSessionIntoToken(): Couldn't insert the logon session into the specific access token!\n");
368  }
369 
370  /*
371  * Allocate the session that we are going
372  * to insert it to the token.
373  */
374  Token->LogonSession = ExAllocatePoolWithTag(PagedPool,
377  if (Token->LogonSession == NULL)
378  {
379  DPRINT1("SepRmInsertLogonSessionIntoToken(): Couldn't allocate new logon session into the memory pool!\n");
382  }
383 
384  /*
385  * Begin copying the logon session references data from the
386  * session whose ID matches with the token authentication ID to
387  * the new session we've allocated blocks of pool memory for it.
388  */
389  Token->LogonSession->Next = LogonSession->Next;
390  Token->LogonSession->LogonId = LogonSession->LogonId;
391  Token->LogonSession->ReferenceCount = LogonSession->ReferenceCount;
392  Token->LogonSession->Flags = LogonSession->Flags;
393  Token->LogonSession->pDeviceMap = LogonSession->pDeviceMap;
394  InsertHeadList(&LogonSession->TokenList, &Token->LogonSession->TokenList);
395 
396  /* Release the database lock and we're done */
398  return STATUS_SUCCESS;
399 }
400 
414 NTSTATUS
415 NTAPI
418 {
419  PSEP_LOGON_SESSION_REFERENCES LogonSession;
420  PAGED_CODE();
421 
422  /* Ensure that our token is not some plain garbage */
423  ASSERT(Token);
424 
425  /* Acquire the database lock */
427 
428  for (LogonSession = SepLogonSessions;
429  LogonSession != NULL;
430  LogonSession = LogonSession->Next)
431  {
432  /*
433  * Remove the logon session only when the IDs of the token and the
434  * logon match.
435  */
436  if (RtlEqualLuid(&LogonSession->LogonId, &Token->AuthenticationId))
437  {
438  break;
439  }
440  }
441 
442  /* They don't match */
443  if (LogonSession == NULL)
444  {
445  DPRINT1("SepRmRemoveLogonSessionFromToken(): Couldn't remove the logon session from the access token!\n");
448  }
449 
450  /* Now it's time to delete the logon session from the token */
451  RemoveEntryList(&Token->LogonSession->TokenList);
452  ExFreePoolWithTag(Token->LogonSession, TAG_LOGON_SESSION);
453 
454  /* Release the database lock and we're done */
456  return STATUS_SUCCESS;
457 }
458 
459 static
460 NTSTATUS
462  PLUID LogonLuid)
463 {
464  PSEP_LOGON_SESSION_REFERENCES CurrentSession, NewSession;
466  PAGED_CODE();
467 
468  DPRINT("SepRmCreateLogonSession(%08lx:%08lx)\n",
469  LogonLuid->HighPart, LogonLuid->LowPart);
470 
471  /* Allocate a new session structure */
472  NewSession = ExAllocatePoolWithTag(PagedPool,
475  if (NewSession == NULL)
476  {
478  }
479 
480  /* Initialize it */
481  NewSession->LogonId = *LogonLuid;
482  NewSession->ReferenceCount = 0;
483  NewSession->Flags = 0;
484  NewSession->pDeviceMap = NULL;
485  InitializeListHead(&NewSession->TokenList);
486 
487  /* Acquire the database lock */
489 
490  /* Loop all existing sessions */
491  for (CurrentSession = SepLogonSessions;
492  CurrentSession != NULL;
493  CurrentSession = CurrentSession->Next)
494  {
495  /* Check if the LUID matches the new one */
496  if (RtlEqualLuid(&CurrentSession->LogonId, LogonLuid))
497  {
499  goto Leave;
500  }
501  }
502 
503  /* Insert the new session */
504  NewSession->Next = SepLogonSessions;
505  SepLogonSessions = NewSession;
506 
508 
509 Leave:
510  /* Release the database lock */
512 
513  if (!NT_SUCCESS(Status))
514  {
516  }
517 
518  return Status;
519 }
520 
537 static
538 NTSTATUS
540  _In_ PLUID LogonLuid)
541 {
542  PSEP_LOGON_SESSION_REFERENCES SessionToDelete;
544  PAGED_CODE();
545 
546  DPRINT("SepRmDeleteLogonSession(%08lx:%08lx)\n",
547  LogonLuid->HighPart, LogonLuid->LowPart);
548 
549  /* Acquire the database lock */
551 
552  /* Loop over the existing logon sessions */
553  for (SessionToDelete = SepLogonSessions;
554  SessionToDelete != NULL;
555  SessionToDelete = SessionToDelete->Next)
556  {
557  /*
558  * Does the actual logon session exist in the
559  * saved logon sessions database with the LUID
560  * provided?
561  */
562  if (RtlEqualLuid(&SessionToDelete->LogonId, LogonLuid))
563  {
564  /* Did the caller supply one of these internal sessions? */
565  if (RtlEqualLuid(&SessionToDelete->LogonId, &SeSystemAuthenticationId) ||
566  RtlEqualLuid(&SessionToDelete->LogonId, &SeAnonymousAuthenticationId))
567  {
568  /* These logons are critical stuff, we can't delete them */
569  DPRINT1("SepRmDeleteLogonSession(): We're not allowed to delete anonymous/system sessions!\n");
571  goto Leave;
572  }
573  else
574  {
575  /* We found the logon as exactly as we wanted, break the loop */
576  break;
577  }
578  }
579  }
580 
581  /*
582  * If we reach this then that means we've exhausted all the logon
583  * sessions and couldn't find one with the desired LUID.
584  */
585  if (SessionToDelete == NULL)
586  {
587  DPRINT1("SepRmDeleteLogonSession(): The logon session with this LUID doesn't exist!\n");
589  goto Leave;
590  }
591 
592  /* Is somebody still using this logon session? */
593  if (SessionToDelete->ReferenceCount != 0)
594  {
595  /* The logon session is still in use, we cannot delete it... */
596  DPRINT1("SepRmDeleteLogonSession(): The logon session is still in use!\n");
598  goto Leave;
599  }
600 
601  /* If we have a LUID device map, clean it */
602  if (SessionToDelete->pDeviceMap != NULL)
603  {
605  if (!NT_SUCCESS(Status))
606  {
607  /*
608  * We had one job on cleaning the device map directory
609  * of the logon session but we failed, quit...
610  */
611  DPRINT1("SepRmDeleteLogonSession(): Failed to clean the LUID device map directory of the logon (Status: 0x%lx)\n", Status);
612  goto Leave;
613  }
614 
615  /* And dereference the device map of the logon */
616  ObfDereferenceDeviceMap(SessionToDelete->pDeviceMap);
617  }
618 
619  /* If we're here then we've deleted the logon session successfully */
620  DPRINT("SepRmDeleteLogonSession(): Logon session deleted with success!\n");
622  ExFreePoolWithTag(SessionToDelete, TAG_LOGON_SESSION);
623 
624 Leave:
625  /* Release the database lock */
627  return Status;
628 }
629 
630 
631 NTSTATUS
633  PLUID LogonLuid)
634 {
635  PSEP_LOGON_SESSION_REFERENCES CurrentSession;
636 
637  PAGED_CODE();
638 
639  DPRINT("SepRmReferenceLogonSession(%08lx:%08lx)\n",
640  LogonLuid->HighPart, LogonLuid->LowPart);
641 
642  /* Acquire the database lock */
644 
645  /* Loop all existing sessions */
646  for (CurrentSession = SepLogonSessions;
647  CurrentSession != NULL;
648  CurrentSession = CurrentSession->Next)
649  {
650  /* Check if the LUID matches the new one */
651  if (RtlEqualLuid(&CurrentSession->LogonId, LogonLuid))
652  {
653  /* Reference the session */
654  ++CurrentSession->ReferenceCount;
655  DPRINT("ReferenceCount: %lu\n", CurrentSession->ReferenceCount);
656 
657  /* Release the database lock */
659 
660  return STATUS_SUCCESS;
661  }
662  }
663 
664  /* Release the database lock */
666 
668 }
669 
670 static
671 NTSTATUS
673  _In_ PLUID LogonLuid)
674 {
675  BOOLEAN UseCurrentProc;
677  WCHAR Buffer[63];
678  UNICODE_STRING DirectoryName;
681  HANDLE DirectoryHandle, LinkHandle;
682  PHANDLE LinksBuffer;
683  POBJECT_DIRECTORY_INFORMATION DirectoryInfo;
684  ULONG LinksCount, LinksSize, DirInfoLength, ReturnLength, Context, CurrentLinks, i;
686 
687  PAGED_CODE();
688 
689  /* We need a logon LUID */
690  if (LogonLuid == NULL)
691  {
693  }
694 
695  /* Use current process */
696  UseCurrentProc = ObReferenceObjectSafe(PsGetCurrentProcess());
697  if (UseCurrentProc)
698  {
700  }
701  /* Unless it's gone, then use system process */
702  else
703  {
705  }
706 
707  /* Initialize our directory name */
709  sizeof(Buffer) / sizeof(WCHAR),
710  L"\\Sessions\\0\\DosDevices\\%08x-%08x",
711  LogonLuid->HighPart,
712  LogonLuid->LowPart);
713  RtlInitUnicodeString(&DirectoryName, Buffer);
714 
715  /* And open it */
717  &DirectoryName,
719  NULL,
720  NULL);
724  if (!NT_SUCCESS(Status))
725  {
726  if (!UseCurrentProc)
727  {
729  }
730 
731  return Status;
732  }
733 
734  /* Some initialization needed for browsing all our links... */
735  Context = 0;
736  DirectoryInfo = NULL;
737  DirInfoLength = 0;
738  /* In our buffer, we'll store at max 100 HANDLE */
739  LinksCount = 100;
740  CurrentLinks = 0;
741  /* Which gives a certain size */
742  LinksSize = LinksCount * sizeof(HANDLE);
743 
744  /*
745  * This label is hit if we need to store more than a hundred
746  * of links. In that case, we jump here after having cleaned
747  * and deleted previous buffer.
748  * All handles have been already closed
749  */
750 AllocateLinksAgain:
751  LinksBuffer = ExAllocatePoolWithTag(PagedPool,
752  LinksSize,
754  if (LinksBuffer == NULL)
755  {
756  /*
757  * Failure path: no need to clear handles:
758  * already closed and the buffer is already gone
759  */
761 
762  /*
763  * On the first round, DirectoryInfo is NULL,
764  * if we grow LinksBuffer, it has been allocated
765  */
766  if (DirectoryInfo != NULL)
767  {
768  ExFreePoolWithTag(DirectoryInfo, TAG_SE_DIR_BUFFER);
769  }
770 
771  if (!UseCurrentProc)
772  {
774  }
775 
776  return STATUS_NO_MEMORY;
777  }
778 
779  /*
780  * We always restart scan, but on the first loop
781  * if we couldn't fit everything in our buffer,
782  * then, we continue scan.
783  * But we restart if link buffer was too small
784  */
785  for (RestartScan = TRUE; ; RestartScan = FALSE)
786  {
787  /*
788  * Loop until our buffer is big enough to store
789  * one entry
790  */
791  while (TRUE)
792  {
793  Status = ZwQueryDirectoryObject(DirectoryHandle,
794  DirectoryInfo,
795  DirInfoLength,
796  TRUE,
797  RestartScan,
798  &Context,
799  &ReturnLength);
800  /* Only handle buffer growth in that loop */
802  {
803  break;
804  }
805 
806  /* Get output length as new length */
807  DirInfoLength = ReturnLength;
808  /* Delete old buffer if any */
809  if (DirectoryInfo != NULL)
810  {
811  ExFreePoolWithTag(DirectoryInfo, 'bDeS');
812  }
813 
814  /* And reallocate a bigger one */
815  DirectoryInfo = ExAllocatePoolWithTag(PagedPool,
816  DirInfoLength,
818  /* Fail if we cannot allocate */
819  if (DirectoryInfo == NULL)
820  {
822  break;
823  }
824  }
825 
826  /* If querying the entry failed, quit */
827  if (!NT_SUCCESS(Status))
828  {
829  break;
830  }
831 
832  /* We only look for symbolic links, the rest, we ignore */
833  if (wcscmp(DirectoryInfo->TypeName.Buffer, L"SymbolicLink"))
834  {
835  continue;
836  }
837 
838  /* If our link buffer is out of space, reallocate */
839  if (CurrentLinks >= LinksCount)
840  {
841  /* First, close the links */
842  for (i = 0; i < CurrentLinks; ++i)
843  {
844  ZwClose(LinksBuffer[i]);
845  }
846 
847  /* Allow 20 more HANDLEs */
848  LinksCount += 20;
849  CurrentLinks = 0;
851  LinksSize = LinksCount * sizeof(HANDLE);
852 
853  /* And reloop again */
854  goto AllocateLinksAgain;
855  }
856 
857  /* Open the found link */
859  &DirectoryInfo->Name,
862  NULL);
863  if (NT_SUCCESS(ZwOpenSymbolicLinkObject(&LinkHandle,
865  &ObjectAttributes)))
866  {
867  /* If we cannot make it temporary, just close the link handle */
868  if (!NT_SUCCESS(ZwMakeTemporaryObject(LinkHandle)))
869  {
870  ZwClose(LinkHandle);
871  }
872  /* Otherwise, store it to defer deletion */
873  else
874  {
875  LinksBuffer[CurrentLinks] = LinkHandle;
876  ++CurrentLinks;
877  }
878  }
879  }
880 
881  /* No more entries means we handled all links, that's not a failure */
883  {
885  }
886 
887  /* Close all the links we stored, this will like cause their deletion */
888  for (i = 0; i < CurrentLinks; ++i)
889  {
890  ZwClose(LinksBuffer[i]);
891  }
892  /* And free our links buffer */
894 
895  /* Free our directory info buffer - it might be NULL if we failed realloc */
896  if (DirectoryInfo != NULL)
897  {
898  ExFreePoolWithTag(DirectoryInfo, TAG_SE_DIR_BUFFER);
899  }
900 
901  /* Close our session directory */
903 
904  /* And detach from system */
905  if (!UseCurrentProc)
906  {
908  }
909 
910  return Status;
911 }
912 
913 
914 NTSTATUS
916  PLUID LogonLuid)
917 {
918  ULONG RefCount;
919  PDEVICE_MAP DeviceMap;
920  PSEP_LOGON_SESSION_REFERENCES CurrentSession;
921 
922  DPRINT("SepRmDereferenceLogonSession(%08lx:%08lx)\n",
923  LogonLuid->HighPart, LogonLuid->LowPart);
924 
925  /* Acquire the database lock */
927 
928  /* Loop all existing sessions */
929  for (CurrentSession = SepLogonSessions;
930  CurrentSession != NULL;
931  CurrentSession = CurrentSession->Next)
932  {
933  /* Check if the LUID matches the new one */
934  if (RtlEqualLuid(&CurrentSession->LogonId, LogonLuid))
935  {
936  /* Dereference the session */
937  RefCount = --CurrentSession->ReferenceCount;
938  DPRINT("ReferenceCount: %lu\n", CurrentSession->ReferenceCount);
939 
940  /* Release the database lock */
942 
943  /* We're done with the session */
944  if (RefCount == 0)
945  {
946  /* Get rid of the LUID device map */
947  DeviceMap = CurrentSession->pDeviceMap;
948  if (DeviceMap != NULL)
949  {
950  CurrentSession->pDeviceMap = NULL;
952  ObfDereferenceDeviceMap(DeviceMap);
953  }
954 
955  /* FIXME: Alert LSA and filesystems that a logon is about to be deleted */
956  }
957 
958  return STATUS_SUCCESS;
959  }
960  }
961 
962  /* Release the database lock */
964 
966 }
967 
968 
969 BOOLEAN
970 NTAPI
972 {
973  SECURITY_QUALITY_OF_SERVICE SecurityQos;
976  REMOTE_PORT_VIEW RemotePortView;
977  PORT_VIEW PortView;
978  LARGE_INTEGER SectionSize;
979  HANDLE SectionHandle;
980  HANDLE PortHandle;
982  BOOLEAN Result;
983 
984  SectionHandle = NULL;
985  PortHandle = NULL;
986 
987  /* Assume success */
988  Result = TRUE;
989 
990  /* Wait until LSASS is ready */
991  Status = ZwWaitForSingleObject(SeLsaInitEvent, FALSE, NULL);
992  if (!NT_SUCCESS(Status))
993  {
994  DPRINT1("Security Rm Init: Waiting for LSA Init Event failed 0x%lx\n", Status);
995  goto Cleanup;
996  }
997 
998  /* We don't need this event anymore */
1000 
1001  /* Initialize the connection message */
1002  Message.Header.u1.s1.TotalLength = sizeof(Message);
1003  Message.Header.u1.s1.DataLength = 0;
1004 
1005  /* Only LSASS can connect, so handle the connection right now */
1007  if (!NT_SUCCESS(Status))
1008  {
1009  DPRINT1("Security Rm Init: Listen to Command Port failed 0x%lx\n", Status);
1010  goto Cleanup;
1011  }
1012 
1013  /* Set the Port View structure length */
1014  RemotePortView.Length = sizeof(RemotePortView);
1015 
1016  /* Accept the connection */
1018  NULL,
1019  &Message.Header,
1020  TRUE,
1021  NULL,
1022  &RemotePortView);
1023  if (!NT_SUCCESS(Status))
1024  {
1025  DPRINT1("Security Rm Init: Accept Connect to Command Port failed 0x%lx\n", Status);
1026  goto Cleanup;
1027  }
1028 
1029  /* Complete the connection */
1031  if (!NT_SUCCESS(Status))
1032  {
1033  DPRINT1("Security Rm Init: Complete Connect to Command Port failed 0x%lx\n", Status);
1034  goto Cleanup;
1035  }
1036 
1037  /* Create a section for messages */
1038  SectionSize.QuadPart = PAGE_SIZE;
1039  Status = ZwCreateSection(&SectionHandle,
1041  NULL,
1042  &SectionSize,
1044  SEC_COMMIT,
1045  NULL);
1046  if (!NT_SUCCESS(Status))
1047  {
1048  DPRINT1("Security Rm Init: Create Memory Section for LSA port failed: %X\n", Status);
1049  goto Cleanup;
1050  }
1051 
1052  /* Setup the PORT_VIEW structure */
1053  PortView.Length = sizeof(PortView);
1054  PortView.SectionHandle = SectionHandle;
1055  PortView.SectionOffset = 0;
1056  PortView.ViewSize = SectionSize.LowPart;
1057  PortView.ViewBase = NULL;
1058  PortView.ViewRemoteBase = NULL;
1059 
1060  /* Setup security QOS */
1061  SecurityQos.Length = sizeof(SecurityQos);
1064  SecurityQos.EffectiveOnly = TRUE;
1065 
1066  /* Connect to LSASS */
1067  RtlInitUnicodeString(&PortName, L"\\SeLsaCommandPort");
1068  Status = ZwConnectPort(&PortHandle,
1069  &PortName,
1070  &SecurityQos,
1071  &PortView,
1072  NULL,
1073  0,
1074  0,
1075  0);
1076  if (!NT_SUCCESS(Status))
1077  {
1078  DPRINT1("Security Rm Init: Connect to LSA Port failed 0x%lx\n", Status);
1079  goto Cleanup;
1080  }
1081 
1082  /* Remember section base and view offset */
1083  SepCommandPortViewBase = PortView.ViewBase;
1087 
1088  DPRINT("SepRmCommandServerThreadInit: done\n");
1089 
1090 Cleanup:
1091  /* Check for failure */
1092  if (!NT_SUCCESS(Status))
1093  {
1094  if (PortHandle != NULL)
1095  {
1096  ObCloseHandle(PortHandle, KernelMode);
1097  }
1098 
1099  Result = FALSE;
1100  }
1101 
1102  /* Did we create a section? */
1103  if (SectionHandle != NULL)
1104  {
1105  ObCloseHandle(SectionHandle, KernelMode);
1106  }
1107 
1108  return Result;
1109 }
1110 
1111 VOID
1112 NTAPI
1114  PVOID StartContext)
1115 {
1118  HANDLE DummyPortHandle;
1119  NTSTATUS Status;
1120 
1121  /* Initialize the server thread */
1123  {
1124  DPRINT1("Security: Terminating Rm Command Server Thread\n");
1125  return;
1126  }
1127 
1128  /* No reply yet */
1129  ReplyMessage = NULL;
1130 
1131  /* Start looping */
1132  while (TRUE)
1133  {
1134  /* Wait for a message */
1136  NULL,
1137  ReplyMessage,
1138  &Message.Header);
1139  if (!NT_SUCCESS(Status))
1140  {
1141  DPRINT1("Failed to get message: 0x%lx", Status);
1142  ReplyMessage = NULL;
1143  continue;
1144  }
1145 
1146  /* Check if this is a connection request */
1147  if (Message.Header.u2.s2.Type == LPC_CONNECTION_REQUEST)
1148  {
1149  /* Reject connection request */
1150  ZwAcceptConnectPort(&DummyPortHandle,
1151  NULL,
1152  &Message.Header,
1153  FALSE,
1154  NULL,
1155  NULL);
1156 
1157  /* Start over */
1158  ReplyMessage = NULL;
1159  continue;
1160  }
1161 
1162  /* Check if the port died */
1163  if ((Message.Header.u2.s2.Type == LPC_PORT_CLOSED) ||
1164  (Message.Header.u2.s2.Type == LPC_CLIENT_DIED))
1165  {
1166  /* LSASS is dead, so let's quit as well */
1167  break;
1168  }
1169 
1170  /* Check if this is an actual request */
1171  if (Message.Header.u2.s2.Type != LPC_REQUEST)
1172  {
1173  DPRINT1("SepRmCommandServerThread: unexpected message type: 0x%lx\n",
1174  Message.Header.u2.s2.Type);
1175 
1176  /* Restart without replying */
1177  ReplyMessage = NULL;
1178  continue;
1179  }
1180 
1181  ReplyMessage = &Message.Header;
1182 
1183  switch (Message.ApiNumber)
1184  {
1185  case RmAuditSetCommand:
1187  break;
1188 
1189  case RmCreateLogonSession:
1190  Status = SepRmCreateLogonSession(&Message.u.LogonLuid);
1191  break;
1192 
1193  case RmDeleteLogonSession:
1194  Status = SepRmDeleteLogonSession(&Message.u.LogonLuid);
1195  break;
1196 
1197  default:
1198  DPRINT1("SepRmDispatchRequest: invalid API number: 0x%lx\n",
1199  Message.ApiNumber);
1200  ReplyMessage = NULL;
1201  }
1202 
1203  Message.u.ResultStatus = Status;
1204  }
1205 
1206  /* Close the port handles */
1209 }
1210 
1211 
1212 /* PUBLIC FUNCTIONS ***********************************************************/
1213 
1214 /*
1215  * @unimplemented
1216  */
1217 NTSTATUS
1218 NTAPI
1220  IN PLUID LogonId,
1221  OUT PDEVICE_MAP * DeviceMap
1222  )
1223 {
1224  NTSTATUS Status;
1225  WCHAR Buffer[63];
1226  PDEVICE_MAP LocalMap;
1227  HANDLE DirectoryHandle, LinkHandle;
1229  PSEP_LOGON_SESSION_REFERENCES CurrentSession;
1230  UNICODE_STRING DirectoryName, LinkName, TargetName;
1231 
1232  PAGED_CODE();
1233 
1234  if (LogonId == NULL ||
1235  DeviceMap == NULL)
1236  {
1237  return STATUS_INVALID_PARAMETER;
1238  }
1239 
1240  /* Acquire the database lock */
1242 
1243  /* Loop all existing sessions */
1244  for (CurrentSession = SepLogonSessions;
1245  CurrentSession != NULL;
1246  CurrentSession = CurrentSession->Next)
1247  {
1248  /* Check if the LUID matches the provided one */
1249  if (RtlEqualLuid(&CurrentSession->LogonId, LogonId))
1250  {
1251  break;
1252  }
1253  }
1254 
1255  /* No session found, fail */
1256  if (CurrentSession == NULL)
1257  {
1258  /* Release the database lock */
1260 
1262  }
1263 
1264  /* The found session has a device map, return it! */
1265  if (CurrentSession->pDeviceMap != NULL)
1266  {
1267  *DeviceMap = CurrentSession->pDeviceMap;
1268 
1269  /* Release the database lock */
1271 
1272  return STATUS_SUCCESS;
1273  }
1274 
1275  /* At that point, we'll setup a new device map for the session */
1276  LocalMap = NULL;
1277 
1278  /* Reference the session so that it doesn't go away */
1279  CurrentSession->ReferenceCount += 1;
1280 
1281  /* Release the database lock */
1283 
1284  /* Create our object directory given the LUID */
1286  sizeof(Buffer) / sizeof(WCHAR),
1287  L"\\Sessions\\0\\DosDevices\\%08x-%08x",
1288  LogonId->HighPart,
1289  LogonId->LowPart);
1290  RtlInitUnicodeString(&DirectoryName, Buffer);
1291 
1293  &DirectoryName,
1295  NULL,
1296  NULL);
1299  &ObjectAttributes);
1300  if (NT_SUCCESS(Status))
1301  {
1302  /* Create the associated device map */
1304  if (NT_SUCCESS(Status))
1305  {
1306  /* Make Global point to \Global?? in the directory */
1307  RtlInitUnicodeString(&LinkName, L"Global");
1308  RtlInitUnicodeString(&TargetName, L"\\Global??");
1309 
1311  &LinkName,
1314  NULL);
1315  Status = ZwCreateSymbolicLinkObject(&LinkHandle,
1318  &TargetName);
1319  if (!NT_SUCCESS(Status))
1320  {
1321  ObfDereferenceDeviceMap(LocalMap);
1322  }
1323  else
1324  {
1325  ZwClose(LinkHandle);
1326  }
1327  }
1328 
1330  }
1331 
1332  /* Acquire the database lock */
1334 
1335  /* If we succeed... */
1336  if (NT_SUCCESS(Status))
1337  {
1338  /* The session now has a device map? We raced with someone else */
1339  if (CurrentSession->pDeviceMap != NULL)
1340  {
1341  /* Give up on our new device map */
1342  ObfDereferenceDeviceMap(LocalMap);
1343  }
1344  /* Otherwise use our newly allocated device map */
1345  else
1346  {
1347  CurrentSession->pDeviceMap = LocalMap;
1348  }
1349 
1350  /* Return the device map */
1351  *DeviceMap = CurrentSession->pDeviceMap;
1352  }
1353  /* Zero output */
1354  else
1355  {
1356  *DeviceMap = NULL;
1357  }
1358 
1359  /* Release the database lock */
1361 
1362  /* We're done with the session */
1363  SepRmDereferenceLogonSession(&CurrentSession->LogonId);
1364 
1365  return Status;
1366 }
1367 
1381 NTSTATUS
1382 NTAPI
1384  _In_ PLUID LogonId)
1385 {
1386  PSEP_LOGON_SESSION_REFERENCES SessionToMark;
1387  PAGED_CODE();
1388 
1389  DPRINT("SeMarkLogonSessionForTerminationNotification(%08lx:%08lx)\n",
1390  LogonId->HighPart, LogonId->LowPart);
1391 
1392  /* Acquire the database lock */
1394 
1395  /* Loop over the existing logon sessions */
1396  for (SessionToMark = SepLogonSessions;
1397  SessionToMark != NULL;
1398  SessionToMark = SessionToMark->Next)
1399  {
1400  /* Does the logon with the given ID exist? */
1401  if (RtlEqualLuid(&SessionToMark->LogonId, LogonId))
1402  {
1403  /* We found it */
1404  break;
1405  }
1406  }
1407 
1408  /*
1409  * We've exhausted all the remaining logon sessions and
1410  * couldn't find one with the provided ID.
1411  */
1412  if (SessionToMark == NULL)
1413  {
1414  DPRINT1("SeMarkLogonSessionForTerminationNotification(): Logon session couldn't be found!\n");
1416  return STATUS_NOT_FOUND;
1417  }
1418 
1419  /* Mark the logon session for termination */
1420  SessionToMark->Flags |= SEP_LOGON_SESSION_TERMINATION_NOTIFY;
1421  DPRINT("SeMarkLogonSessionForTerminationNotification(): Logon session marked for termination with success!\n");
1422 
1423  /* Release the database lock */
1425  return STATUS_SUCCESS;
1426 }
1427 
1428 
1429 /*
1430  * @implemented
1431  */
1432 NTSTATUS
1433 NTAPI
1436 {
1438  PAGED_CODE();
1439 
1440  /* Fail, if we don not have a callback routine */
1441  if (CallbackRoutine == NULL)
1442  return STATUS_INVALID_PARAMETER;
1443 
1444  /* Allocate a new notification item */
1448  if (Notification == NULL)
1450 
1451  /* Acquire the database lock */
1453 
1454  /* Set the callback routine */
1455  Notification->CallbackRoutine = CallbackRoutine;
1456 
1457  /* Insert the new notification item into the list */
1460 
1461  /* Release the database lock */
1463 
1464  return STATUS_SUCCESS;
1465 }
1466 
1467 
1468 /*
1469  * @implemented
1470  */
1471 NTSTATUS
1472 NTAPI
1475 {
1477  NTSTATUS Status;
1478  PAGED_CODE();
1479 
1480  /* Fail, if we don not have a callback routine */
1481  if (CallbackRoutine == NULL)
1482  return STATUS_INVALID_PARAMETER;
1483 
1484  /* Acquire the database lock */
1486 
1487  /* Loop all registered notification items */
1488  for (Current = SepLogonNotifications;
1489  Current != NULL;
1490  Current = Current->Next)
1491  {
1492  /* Check if the callback routine matches the provided one */
1493  if (Current->CallbackRoutine == CallbackRoutine)
1494  break;
1495 
1496  Previous = Current;
1497  }
1498 
1499  if (Current == NULL)
1500  {
1502  }
1503  else
1504  {
1505  /* Remove the current notification item from the list */
1506  if (Previous == NULL)
1507  SepLogonNotifications = Current->Next;
1508  else
1509  Previous->Next = Current->Next;
1510 
1511  /* Free the current notification item */
1512  ExFreePoolWithTag(Current,
1514 
1516  }
1517 
1518  /* Release the database lock */
1520 
1521  return Status;
1522 }
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:35
IN CINT OUT PVOID IN ULONG OUT PULONG ReturnLength
Definition: dumpinfo.c:39
const uint16_t * PCWSTR
Definition: typedefs.h:57
#define IN
Definition: typedefs.h:39
NTSYSAPI NTSTATUS NTAPI ZwListenPort(_In_ HANDLE PortHandle, _In_ PPORT_MESSAGE ConnectionRequest)
#define STATUS_BAD_LOGON_SESSION_STATE
Definition: ntstatus.h:496
#define THREAD_ALL_ACCESS
Definition: nt_native.h:1339
HANDLE SeRmCommandPort
Definition: srm.c:18
struct _SEP_LOGON_SESSION_TERMINATED_NOTIFICATION SEP_LOGON_SESSION_TERMINATED_NOTIFICATION
KAPC_STATE
Definition: ketypes.h:1280
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
BOOLEAN NTAPI SeRmInitPhase0(VOID)
Definition: srm.c:169
BOOLEAN SepAdtAuditingEnabled
Definition: srm.c:54
#define STATUS_NO_MORE_ENTRIES
Definition: ntstatus.h:205
#define _Inout_
Definition: ms_sal.h:378
_Must_inspect_result_ _In_ PFILE_OBJECT _In_ ULONG _In_ BOOLEAN _In_ ULONG _In_opt_ PULONG _In_ BOOLEAN RestartScan
Definition: fltkernel.h:2297
#define OBJ_CASE_INSENSITIVE
Definition: winternl.h:228
_Must_inspect_result_ _Out_ PNDIS_STATUS _In_ NDIS_HANDLE _In_ ULONG _Out_ PNDIS_STRING _Out_ PNDIS_HANDLE KeyHandle
Definition: ndis.h:4711
#define SEP_LOGON_SESSION_TERMINATION_NOTIFY
Definition: setypes.h:680
VOID FASTCALL KeAcquireGuardedMutex(IN PKGUARDED_MUTEX GuardedMutex)
Definition: gmutex.c:42
#define _Out_
Definition: ms_sal.h:345
NTSYSAPI NTSTATUS NTAPI ZwCompleteConnectPort(_In_ HANDLE PortHandle)
#define REG_BINARY
Definition: nt_native.h:1496
#define STATUS_NO_SUCH_LOGON_SESSION
Definition: ntstatus.h:331
#define TRUE
Definition: types.h:120
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135
NTSYSAPI NTSTATUS NTAPI ZwClose(_In_ HANDLE Handle)
FORCEINLINE VOID InsertHeadList(_Inout_ PLIST_ENTRY ListHead, _Inout_ __drv_aliasesMem PLIST_ENTRY Entry)
Definition: rtlfuncs.h:201
VOID FASTCALL ObfDereferenceDeviceMap(IN PDEVICE_MAP DeviceMap)
Definition: devicemap.c:477
NTSTATUS NTAPI SeGetLogonIdDeviceMap(IN PLUID LogonId, OUT PDEVICE_MAP *DeviceMap)
Definition: srm.c:1219
NTSYSAPI NTSTATUS NTAPI ZwAcceptConnectPort(_Out_ PHANDLE PortHandle, _In_opt_ PVOID PortContext, _In_ PPORT_MESSAGE ConnectionRequest, _In_ BOOLEAN AcceptConnection, _In_opt_ PPORT_VIEW ServerView, _In_opt_ PREMOTE_PORT_VIEW ClientView)
ULONG SepAdtMinListLength
Definition: srm.c:55
LONG NTSTATUS
Definition: precomp.h:26
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
static HANDLE DirectoryHandle
Definition: ObType.c:48
NTSYSAPI NTSTATUS NTAPI ZwOpenDirectoryObject(_Out_ PHANDLE FileHandle, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_ATTRIBUTES ObjectAttributes)
static NTSTATUS SepRmCreateLogonSession(PLUID LogonLuid)
Definition: srm.c:461
ULONG SectionOffset
#define NT_VERIFY(exp)
Definition: rtlfuncs.h:3287
NTSTATUS SepRmReferenceLogonSession(PLUID LogonLuid)
Definition: srm.c:632
PVOID SepCommandPortViewRemoteBase
Definition: srm.c:49
_Must_inspect_result_ _In_ WDFKEY _In_ PCUNICODE_STRING _In_ ULONG _Out_opt_ PULONG _Out_opt_ PULONG ValueType
Definition: wdfregistry.h:279
#define OBJ_KERNEL_HANDLE
Definition: winternl.h:231
#define SYMBOLIC_LINK_ALL_ACCESS
Definition: nt_native.h:1267
static NTSTATUS SepRmDeleteLogonSession(_In_ PLUID LogonLuid)
Deletes a logon session from the logon sessions database.
Definition: srm.c:539
#define TAG_LOGON_SESSION
Definition: tag.h:186
#define OBJ_OPENIF
Definition: winternl.h:229
#define STATUS_BUFFER_TOO_SMALL
Definition: shellext.h:69
SECURITY_CONTEXT_TRACKING_MODE ContextTrackingMode
Definition: lsa.idl:66
BOOLEAN FASTCALL ObReferenceObjectSafe(IN PVOID Object)
Definition: obref.c:22
struct _SEP_LOGON_SESSION_TERMINATED_NOTIFICATION * PSEP_LOGON_SESSION_TERMINATED_NOTIFICATION
uint32_t ULONG_PTR
Definition: typedefs.h:65
PVOID SepCommandPortViewBase
Definition: srm.c:48
FORCEINLINE BOOLEAN RemoveEntryList(_In_ PLIST_ENTRY Entry)
Definition: rtlfuncs.h:105
_Must_inspect_result_ _In_ PFLT_GET_OPERATION_STATUS_CALLBACK CallbackRoutine
Definition: fltkernel.h:1035
#define SECTION_ALL_ACCESS
Definition: nt_native.h:1293
VOID NTAPI SepRmCommandServerThread(PVOID StartContext)
Definition: srm.c:1113
ULONG SepAdtMaxListLength
Definition: srm.c:56
#define TAG_SE_DIR_BUFFER
Definition: tag.h:183
ULONG_PTR SepCommandPortViewBaseOffset
Definition: srm.c:50
static HANDLE SepRmCommandMessagePort
Definition: srm.c:52
#define SEC_COMMIT
Definition: mmtypes.h:99
NTSTATUS(* NTAPI)(IN PFILE_FULL_EA_INFORMATION EaBuffer, IN ULONG EaLength, OUT PULONG ErrorOffset)
Definition: IoEaTest.cpp:117
#define FALSE
Definition: types.h:117
PEPROCESS PsInitialSystemProcess
Definition: psmgr.c:50
VOID NTAPI KeStackAttachProcess(IN PKPROCESS Process, OUT PRKAPC_STATE ApcState)
Definition: procobj.c:704
#define RtlEqualLuid(Luid1, Luid2)
Definition: rtlfuncs.h:301
NTSTATUS NTAPI ObSetDirectoryDeviceMap(OUT PDEVICE_MAP *DeviceMap, IN HANDLE DirectoryHandle)
Definition: devicemap.c:149
#define GENERIC_WRITE
Definition: nt_native.h:90
PSE_LOGON_SESSION_TERMINATED_ROUTINE CallbackRoutine
Definition: srm.c:24
struct NameRec_ * Name
Definition: cdprocs.h:459
#define PsGetCurrentProcess
Definition: psfuncs.h:17
NTSYSAPI NTSTATUS NTAPI ZwCreateDirectoryObject(_Out_ PHANDLE DirectoryHandle, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_ATTRIBUTES ObjectAttributes)
unsigned char BOOLEAN
#define TAG_LOGON_NOTIFICATION
Definition: tag.h:187
LPC_PVOID ViewRemoteBase
UCHAR SeAuditingState[POLICY_AUDIT_EVENT_TYPE_COUNT]
Definition: srm.c:59
int _snwprintf(wchar_t *buffer, size_t count, const wchar_t *format,...)
#define STATUS_LOGON_SESSION_EXISTS
Definition: ntstatus.h:474
_At_(*)(_In_ PWSK_CLIENT Client, _In_opt_ PUNICODE_STRING NodeName, _In_opt_ PUNICODE_STRING ServiceName, _In_opt_ ULONG NameSpace, _In_opt_ GUID *Provider, _In_opt_ PADDRINFOEXW Hints, _Outptr_ PADDRINFOEXW *Result, _In_opt_ PEPROCESS OwningProcess, _In_opt_ PETHREAD OwningThread, _Inout_ PIRP Irp Result)(Mem)) NTSTATUS(WSKAPI *PFN_WSK_GET_ADDRESS_INFO
Definition: wsk.h:426
#define _In_
Definition: ms_sal.h:308
NTSTATUS NTAPI SepRegQueryHelper(_In_ PCWSTR KeyName, _In_ PCWSTR ValueName, _In_ ULONG ValueType, _In_ ULONG DataLength, _Out_ PVOID ValueData)
A private registry helper that returns the desired value data based on the specifics requested by the...
Definition: srm.c:94
static NTSTATUS SepRmSetAuditEvent(PSEP_RM_API_MESSAGE Message)
Definition: srm.c:291
_In_ ULONG _In_opt_ WDFREQUEST _In_opt_ PVOID _In_ size_t _In_ PVOID _In_ size_t _Out_ size_t * DataLength
Definition: cdrom.h:1437
Definition: bufpool.h:45
BOOL WINAPI ReplyMessage(_In_ LRESULT)
_Must_inspect_result_ _In_ WDFDEVICE _In_ PCUNICODE_STRING KeyName
Definition: wdfdevice.h:2697
#define POLICY_AUDIT_EVENT_TYPE_COUNT
Definition: srm.c:58
NTSTATUS NTAPI SepRmRemoveLogonSessionFromToken(_Inout_ PTOKEN Token)
Removes a logon session from an access token.
Definition: srm.c:416
BOOLEAN NTAPI SepRmCommandServerThreadInit(VOID)
Definition: srm.c:971
Status
Definition: gdiplustypes.h:24
NTSYSAPI NTSTATUS NTAPI ZwConnectPort(_Out_ PHANDLE PortHandle, _In_ PUNICODE_STRING PortName, _In_ PSECURITY_QUALITY_OF_SERVICE SecurityQos, _In_opt_ PPORT_VIEW ClientView, _In_opt_ PREMOTE_PORT_VIEW ServerView, _In_opt_ PULONG MaxMessageLength, _In_opt_ PVOID ConnectionInformation, _In_opt_ PULONG ConnectionInformationLength)
#define STATUS_NOT_FOUND
Definition: shellext.h:72
#define STATUS_OBJECT_TYPE_MISMATCH
Definition: ntstatus.h:273
#define ASSERT(a)
Definition: mode.c:44
__wchar_t WCHAR
Definition: xmlstorage.h:180
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
DWORD LowPart
LPC_SIZE_T ViewSize
NTSYSAPI NTSTATUS NTAPI ZwCreateSymbolicLinkObject(_Out_ PHANDLE SymbolicLinkHandle, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ PUNICODE_STRING Name)
NTSTATUS(NTAPI * PSE_LOGON_SESSION_TERMINATED_ROUTINE)(IN PLUID LogonId)
Definition: setypes.h:1213
#define ObDereferenceObject
Definition: obfuncs.h:203
LUID SeAnonymousAuthenticationId
Definition: token.c:23
_In_ GUID _In_ PVOID ValueData
Definition: hubbusif.h:311
struct _SEP_LOGON_SESSION_REFERENCES * Next
Definition: setypes.h:159
PVOID HANDLE
Definition: typedefs.h:73
LUID SeSystemAuthenticationId
Definition: token.c:22
#define TAG_SE_HANDLES_TAB
Definition: tag.h:182
CHAR Message[80]
Definition: alive.c:5
#define ExAllocatePoolWithTag(hernya, size, tag)
Definition: env_spec_w32.h:350
_Must_inspect_result_ _In_ WDFKEY _In_ PCUNICODE_STRING ValueName
Definition: wdfregistry.h:240
unsigned char UCHAR
Definition: xmlstorage.h:181
NTSTATUS NTAPI ObCloseHandle(IN HANDLE Handle, IN KPROCESSOR_MODE AccessMode)
Definition: obhandle.c:3375
#define SECURITY_DYNAMIC_TRACKING
Definition: setypes.h:103
PSEP_LOGON_SESSION_TERMINATED_NOTIFICATION SepLogonNotifications
Definition: srm.c:63
static const WCHAR L[]
Definition: oid.c:1250
LONG HighPart
PVOID *typedef PHANDLE
Definition: ntsecpkg.h:454
#define OBJ_PERMANENT
Definition: winternl.h:226
ULONG LowPart
Definition: typedefs.h:106
WCHAR TargetName[256]
Definition: arping.c:27
#define PAGE_SIZE
Definition: env_spec_w32.h:49
HANDLE SeLsaInitEvent
Definition: srm.c:46
NTSYSAPI NTSTATUS NTAPI ZwReplyWaitReceivePort(_In_ HANDLE PortHandle, _Out_opt_ PVOID *PortContext, _In_opt_ PPORT_MESSAGE ReplyMessage, _Out_ PPORT_MESSAGE ReceiveMessage)
KPROCESS Pcb
Definition: pstypes.h:1262
static const WCHAR Cleanup[]
Definition: register.c:80
_In_ PWDFDEVICE_INIT _In_ PFN_WDF_DEVICE_SHUTDOWN_NOTIFICATION Notification
Definition: wdfcontrol.h:113
NTSTATUS NTAPI SepRmInsertLogonSessionIntoToken(_Inout_ PTOKEN Token)
Inserts a logon session into an access token specified by the caller.
Definition: srm.c:335
_Check_return_ _CRTIMP int __cdecl wcscmp(_In_z_ const wchar_t *_Str1, _In_z_ const wchar_t *_Str2)
static VOID SepAdtInitializeBounds(VOID)
Definition: srm.c:252
LPC_PVOID ViewBase
VOID FASTCALL KeInitializeGuardedMutex(OUT PKGUARDED_MUTEX GuardedMutex)
Definition: gmutex.c:31
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
#define KEY_QUERY_VALUE
Definition: nt_native.h:1016
VOID NTAPI KeUnstackDetachProcess(IN PRKAPC_STATE ApcState)
Definition: procobj.c:756
#define InitializeListHead(ListHead)
Definition: env_spec_w32.h:944
#define DIRECTORY_ALL_ACCESS
Definition: nt_native.h:1259
struct _SEP_LOGON_SESSION_TERMINATED_NOTIFICATION * Next
Definition: srm.c:23
#define PORT_MAXIMUM_MESSAGE_LENGTH
Definition: iotypes.h:2029
#define STATUS_NO_MEMORY
Definition: ntstatus.h:260
PSEP_LOGON_SESSION_REFERENCES SepLogonSessions
Definition: srm.c:62
NTSTATUS NTAPI PsCreateSystemThread(OUT PHANDLE ThreadHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes, IN HANDLE ProcessHandle, IN PCLIENT_ID ClientId, IN PKSTART_ROUTINE StartRoutine, IN PVOID StartContext)
Definition: thread.c:602
_Out_ PKAPC_STATE ApcState
Definition: mm.h:1679
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
Definition: lsa.idl:65
unsigned int * PULONG
Definition: retypes.h:1
#define NULL
Definition: types.h:112
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID LogonId
VOID FASTCALL KeReleaseGuardedMutex(IN OUT PKGUARDED_MUTEX GuardedMutex)
Definition: gmutex.c:53
#define DPRINT1
Definition: precomp.h:8
static NTSTATUS SepCleanupLUIDDeviceMapDirectory(_In_ PLUID LogonLuid)
Definition: srm.c:672
struct tagContext Context
Definition: acpixf.h:1034
#define OUT
Definition: typedefs.h:40
BOOLEAN NTAPI SeRmInitPhase1(VOID)
Definition: srm.c:196
unsigned int ULONG
Definition: retypes.h:1
#define DIRECTORY_QUERY
Definition: nt_native.h:1254
NTSYSAPI VOID NTAPI RtlInitUnicodeString(PUNICODE_STRING DestinationString, PCWSTR SourceString)
#define ULONG_PTR
Definition: config.h:101
#define InitializeObjectAttributes(p, n, a, r, s)
Definition: reg.c:106
NTSTATUS NTAPI SeMarkLogonSessionForTerminationNotification(_In_ PLUID LogonId)
Marks a logon session for future termination, given its logon ID. This triggers a callout (the regist...
Definition: srm.c:1383
NTSTATUS NTAPI SeUnregisterLogonSessionTerminatedRoutine(IN PSE_LOGON_SESSION_TERMINATED_ROUTINE CallbackRoutine)
Definition: srm.c:1473
#define RtlCopyMemory(Destination, Source, Length)
Definition: typedefs.h:263
NTSYSAPI NTSTATUS NTAPI ZwCreatePort(_Out_ PHANDLE PortHandle, _In_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ ULONG MaxConnectionInfoLength, _In_ ULONG MaxMessageLength, _In_ ULONG MaxPoolUsage)
_Must_inspect_result_ _In_ WDFDEVICE _In_ DEVICE_REGISTRY_PROPERTY _In_ ULONG _Out_ PULONG ResultLength
Definition: wdfdevice.h:3776
LPC_HANDLE SectionHandle
#define STATUS_SUCCESS
Definition: shellext.h:65
#define DPRINT
Definition: sndvol32.h:71
NTSTATUS NTAPI SeRegisterLogonSessionTerminatedRoutine(IN PSE_LOGON_SESSION_TERMINATED_ROUTINE CallbackRoutine)
Definition: srm.c:1434
NTSTATUS SepRmDereferenceLogonSession(PLUID LogonLuid)
Definition: srm.c:915
#define REG_DWORD
Definition: sdbapi.c:596
#define ExFreePoolWithTag(_P, _T)
Definition: module.h:1099
NTSYSAPI NTSTATUS NTAPI ZwMakeTemporaryObject(_In_ HANDLE Handle)
NTSYSAPI NTSTATUS NTAPI ZwOpenSymbolicLinkObject(_Out_ PHANDLE SymbolicLinkHandle, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_ATTRIBUTES ObjectAttributes)
LONGLONG QuadPart
Definition: typedefs.h:114
UNICODE_STRING TypeName
Definition: obtypes.h:279
#define PAGE_READWRITE
Definition: nt_native.h:1304
IN PUNICODE_STRING PortName
Definition: conport.c:35
#define PAGED_CODE()
KGUARDED_MUTEX SepRmDbLock
Definition: srm.c:61