Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2024-06-26 07:51:52 +00:00
Code Issues Packages Projects Releases Wiki Activity

[NTOSKRNL]

Browse source 
- Initialize SepRmDbLock and create the system and anonymous logon sessions in Phase 0, right before the system process token is created.
- Implement functions to reference and dereference a logon session.
- Reference a logon session in SepCreateToken and SepDuplicateToken.
- Dereference a logon session in SepDeleteToken.

svn path=/trunk/; revision=69735
This commit is contained in:
Eric Kohl 2015-10-29 22:50:14 +00:00
parent dd39558722
commit 58e9053fbc
4 changed files with 128 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
reactos/ntoskrnl/include/internal/se.h
View file

@ -267,6 +267,10 @@ BOOLEAN
NTAPI
SepInitSDs(VOID);
BOOLEAN
NTAPI
SeRmInitPhase0(VOID);
BOOLEAN
NTAPI
SeRmInitPhase1(VOID);
@ -502,7 +506,7 @@ SepPropagateAcl(
_In_ BOOLEAN IsInherited,
_In_ BOOLEAN IsDirectoryObject,
_In_ PGENERIC_MAPPING GenericMapping);
PACL
SepSelectAcl(
_In_opt_ PACL ExplicitAcl,
@ -577,6 +581,14 @@ SePrivilegedServiceAuditAlarm(
_In_ PPRIVILEGE_SET PrivilegeSet,
_In_ BOOLEAN AccessGranted);
NTSTATUS
SepRmReferenceLogonSession(
PLUID LogonLuid);
NTSTATUS
SepRmDereferenceLogonSession(
PLUID LogonLuid);
#endif
/* EOF */

3
reactos/ntoskrnl/se/semgr.c
View file

@ -109,6 +109,9 @@ SepInitializationPhase0(VOID)
/* Initialize token objects */
SepInitializeTokenImplementation();
/* Initialize logon sessions */
if (!SeRmInitPhase0()) return FALSE;
/* Clear impersonation info for the idle thread */
PsGetCurrentThread()->ImpersonationInfo = NULL;
PspClearCrossThreadFlag(PsGetCurrentThread(),

108
reactos/ntoskrnl/se/srm.c
View file

@ -143,28 +143,40 @@ Cleanup:
BOOLEAN
NTAPI
SeRmInitPhase1(VOID)
SeRmInitPhase0(VOID)
{
UNICODE_STRING Name;
OBJECT_ATTRIBUTES ObjectAttributes;
HANDLE ThreadHandle;
NTSTATUS Status;
// Windows does this in SeRmInitPhase0, but it should not matter
/* Initialize the database lock */
KeInitializeGuardedMutex(&SepRmDbLock);
/* Create the system logon session */
Status = SepRmCreateLogonSession(&SeSystemAuthenticationId);
if (!NT_VERIFY(NT_SUCCESS(Status)))
{
return FALSE;
}
/* Create the anonymous logon session */
Status = SepRmCreateLogonSession(&SeAnonymousAuthenticationId);
if (!NT_VERIFY(NT_SUCCESS(Status)))
{
return FALSE;
}
return TRUE;
}
BOOLEAN
NTAPI
SeRmInitPhase1(VOID)
{
UNICODE_STRING Name;
OBJECT_ATTRIBUTES ObjectAttributes;
HANDLE ThreadHandle;
NTSTATUS Status;
/* Create the SeRm command port */
RtlInitUnicodeString(&Name, L"\\SeRmCommandPort");
InitializeObjectAttributes(&ObjectAttributes, &Name, 0, NULL, NULL);
@ -289,8 +301,8 @@ SepRmCreateLogonSession(
NTSTATUS Status;
PAGED_CODE();
DPRINT1("SepRmCreateLogonSession(<0x%lx,0x%lx>)\n",
LogonLuid->HighPart, LogonLuid->LowPart);
DPRINT("SepRmCreateLogonSession(%08lx:%08lx)\n",
LogonLuid->HighPart, LogonLuid->LowPart);
/* Allocate a new session structure */
NewSession = ExAllocatePoolWithTag(PagedPool,
@ -347,8 +359,8 @@ NTSTATUS
SepRmDeleteLogonSession(
PLUID LogonLuid)
{
DPRINT1("SepRmDeleteLogonSession(<0x%lx,0x%lx>)\n",
LogonLuid->HighPart, LogonLuid->LowPart);
DPRINT("SepRmDeleteLogonSession(%08lx:%08lx)\n",
LogonLuid->HighPart, LogonLuid->LowPart);
UNIMPLEMENTED;
NT_ASSERT(FALSE);
@ -356,6 +368,84 @@ SepRmDeleteLogonSession(
}
NTSTATUS
SepRmReferenceLogonSession(
PLUID LogonLuid)
{
PSEP_LOGON_SESSION_REFERENCES CurrentSession;
PAGED_CODE();
DPRINT("SepRmReferenceLogonSession(%08lx:%08lx)\n",
LogonLuid->HighPart, LogonLuid->LowPart);
/* Acquire the database lock */
KeAcquireGuardedMutex(&SepRmDbLock);
/* Loop all existing sessions */
for (CurrentSession = SepLogonSessions;
CurrentSession != NULL;
CurrentSession = CurrentSession->Next)
{
/* Check if the LUID matches the new one */
if (RtlEqualLuid(&CurrentSession->LogonId, LogonLuid))
{
/* Reference the session */
CurrentSession->ReferenceCount += 1;
DPRINT1("ReferenceCount: %lu\n", CurrentSession->ReferenceCount);
/* Release the database lock */
KeReleaseGuardedMutex(&SepRmDbLock);
return STATUS_SUCCESS;
}
}
/* Release the database lock */
KeReleaseGuardedMutex(&SepRmDbLock);
return STATUS_NO_SUCH_LOGON_SESSION;
}
NTSTATUS
SepRmDereferenceLogonSession(
PLUID LogonLuid)
{
PSEP_LOGON_SESSION_REFERENCES CurrentSession;
DPRINT("SepRmDereferenceLogonSession(%08lx:%08lx)\n",
LogonLuid->HighPart, LogonLuid->LowPart);
/* Acquire the database lock */
KeAcquireGuardedMutex(&SepRmDbLock);
/* Loop all existing sessions */
for (CurrentSession = SepLogonSessions;
CurrentSession != NULL;
CurrentSession = CurrentSession->Next)
{
/* Check if the LUID matches the new one */
if (RtlEqualLuid(&CurrentSession->LogonId, LogonLuid))
{
/* Dereference the session */
CurrentSession->ReferenceCount -= 1;
DPRINT1("ReferenceCount: %lu\n", CurrentSession->ReferenceCount);
/* Release the database lock */
KeReleaseGuardedMutex(&SepRmDbLock);
return STATUS_SUCCESS;
}
}
/* Release the database lock */
KeReleaseGuardedMutex(&SepRmDbLock);
return STATUS_NO_SUCH_LOGON_SESSION;
}
BOOLEAN
NTAPI
SepRmCommandServerThreadInit(VOID)

13
reactos/ntoskrnl/se/token.c
View file

@ -480,6 +480,9 @@ SepDuplicateToken(PTOKEN Token,
*NewAccessToken = AccessToken;
/* Reference the logon session */
SepRmReferenceLogonSession(&AccessToken->AuthenticationId);
done:
if (!NT_SUCCESS(Status))
{
@ -609,6 +612,11 @@ SepDeleteToken(PVOID ObjectBody)
{
PTOKEN AccessToken = (PTOKEN)ObjectBody;
DPRINT1("SepDeleteToken()\n");
/* Dereference the logon session */
SepRmDereferenceLogonSession(&AccessToken->AuthenticationId);
if (AccessToken->UserAndGroups)
ExFreePoolWithTag(AccessToken->UserAndGroups, TAG_TOKEN_USERS);
@ -699,6 +707,8 @@ SepCreateToken(OUT PHANDLE TokenHandle,
NTSTATUS Status;
ULONG TokenFlags = 0;
PAGED_CODE();
/* Loop all groups */
for (i = 0; i < GroupCount; i++)
{
@ -886,6 +896,9 @@ SepCreateToken(OUT PHANDLE TokenHandle,
*TokenHandle = (HANDLE)AccessToken;
}
/* Reference the logon session */
SepRmReferenceLogonSession(AuthenticationId);
done:
if (!NT_SUCCESS(Status))
{