From 58e9053fbc6b271eeca80249db42d379d0b8f531 Mon Sep 17 00:00:00 2001 From: Eric Kohl Date: Thu, 29 Oct 2015 22:50:14 +0000 Subject: [PATCH] [NTOSKRNL] - Initialize SepRmDbLock and create the system and anonymous logon sessions in Phase 0, right before the system process token is created. - Implement functions to reference and dereference a logon session. - Reference a logon session in SepCreateToken and SepDuplicateToken. - Dereference a logon session in SepDeleteToken. svn path=/trunk/; revision=69735 --- reactos/ntoskrnl/include/internal/se.h | 14 +++- reactos/ntoskrnl/se/semgr.c | 3 + reactos/ntoskrnl/se/srm.c | 108 ++++++++++++++++++++++--- reactos/ntoskrnl/se/token.c | 13 +++ 4 files changed, 128 insertions(+), 10 deletions(-) diff --git a/reactos/ntoskrnl/include/internal/se.h b/reactos/ntoskrnl/include/internal/se.h index d71d16de90b..125055fe110 100644 --- a/reactos/ntoskrnl/include/internal/se.h +++ b/reactos/ntoskrnl/include/internal/se.h @@ -267,6 +267,10 @@ BOOLEAN NTAPI SepInitSDs(VOID); +BOOLEAN +NTAPI +SeRmInitPhase0(VOID); + BOOLEAN NTAPI SeRmInitPhase1(VOID); @@ -502,7 +506,7 @@ SepPropagateAcl( _In_ BOOLEAN IsInherited, _In_ BOOLEAN IsDirectoryObject, _In_ PGENERIC_MAPPING GenericMapping); - + PACL SepSelectAcl( _In_opt_ PACL ExplicitAcl, @@ -577,6 +581,14 @@ SePrivilegedServiceAuditAlarm( _In_ PPRIVILEGE_SET PrivilegeSet, _In_ BOOLEAN AccessGranted); +NTSTATUS +SepRmReferenceLogonSession( + PLUID LogonLuid); + +NTSTATUS +SepRmDereferenceLogonSession( + PLUID LogonLuid); + #endif /* EOF */ diff --git a/reactos/ntoskrnl/se/semgr.c b/reactos/ntoskrnl/se/semgr.c index 2c14c93c802..090b761810a 100644 --- a/reactos/ntoskrnl/se/semgr.c +++ b/reactos/ntoskrnl/se/semgr.c @@ -109,6 +109,9 @@ SepInitializationPhase0(VOID) /* Initialize token objects */ SepInitializeTokenImplementation(); + /* Initialize logon sessions */ + if (!SeRmInitPhase0()) return FALSE; + /* Clear impersonation info for the idle thread */ PsGetCurrentThread()->ImpersonationInfo = NULL; PspClearCrossThreadFlag(PsGetCurrentThread(), diff --git a/reactos/ntoskrnl/se/srm.c b/reactos/ntoskrnl/se/srm.c index b2d579404d1..f03e119f161 100644 --- a/reactos/ntoskrnl/se/srm.c +++ b/reactos/ntoskrnl/se/srm.c @@ -143,28 +143,40 @@ Cleanup: BOOLEAN NTAPI -SeRmInitPhase1(VOID) +SeRmInitPhase0(VOID) { - UNICODE_STRING Name; - OBJECT_ATTRIBUTES ObjectAttributes; - HANDLE ThreadHandle; NTSTATUS Status; - // Windows does this in SeRmInitPhase0, but it should not matter + /* Initialize the database lock */ KeInitializeGuardedMutex(&SepRmDbLock); + /* Create the system logon session */ Status = SepRmCreateLogonSession(&SeSystemAuthenticationId); if (!NT_VERIFY(NT_SUCCESS(Status))) { return FALSE; } + /* Create the anonymous logon session */ Status = SepRmCreateLogonSession(&SeAnonymousAuthenticationId); if (!NT_VERIFY(NT_SUCCESS(Status))) { return FALSE; } + return TRUE; +} + + +BOOLEAN +NTAPI +SeRmInitPhase1(VOID) +{ + UNICODE_STRING Name; + OBJECT_ATTRIBUTES ObjectAttributes; + HANDLE ThreadHandle; + NTSTATUS Status; + /* Create the SeRm command port */ RtlInitUnicodeString(&Name, L"\\SeRmCommandPort"); InitializeObjectAttributes(&ObjectAttributes, &Name, 0, NULL, NULL); @@ -289,8 +301,8 @@ SepRmCreateLogonSession( NTSTATUS Status; PAGED_CODE(); - DPRINT1("SepRmCreateLogonSession(<0x%lx,0x%lx>)\n", - LogonLuid->HighPart, LogonLuid->LowPart); + DPRINT("SepRmCreateLogonSession(%08lx:%08lx)\n", + LogonLuid->HighPart, LogonLuid->LowPart); /* Allocate a new session structure */ NewSession = ExAllocatePoolWithTag(PagedPool, @@ -347,8 +359,8 @@ NTSTATUS SepRmDeleteLogonSession( PLUID LogonLuid) { - DPRINT1("SepRmDeleteLogonSession(<0x%lx,0x%lx>)\n", - LogonLuid->HighPart, LogonLuid->LowPart); + DPRINT("SepRmDeleteLogonSession(%08lx:%08lx)\n", + LogonLuid->HighPart, LogonLuid->LowPart); UNIMPLEMENTED; NT_ASSERT(FALSE); @@ -356,6 +368,84 @@ SepRmDeleteLogonSession( } +NTSTATUS +SepRmReferenceLogonSession( + PLUID LogonLuid) +{ + PSEP_LOGON_SESSION_REFERENCES CurrentSession; + + PAGED_CODE(); + + DPRINT("SepRmReferenceLogonSession(%08lx:%08lx)\n", + LogonLuid->HighPart, LogonLuid->LowPart); + + /* Acquire the database lock */ + KeAcquireGuardedMutex(&SepRmDbLock); + + /* Loop all existing sessions */ + for (CurrentSession = SepLogonSessions; + CurrentSession != NULL; + CurrentSession = CurrentSession->Next) + { + /* Check if the LUID matches the new one */ + if (RtlEqualLuid(&CurrentSession->LogonId, LogonLuid)) + { + /* Reference the session */ + CurrentSession->ReferenceCount += 1; + DPRINT1("ReferenceCount: %lu\n", CurrentSession->ReferenceCount); + + /* Release the database lock */ + KeReleaseGuardedMutex(&SepRmDbLock); + + return STATUS_SUCCESS; + } + } + + /* Release the database lock */ + KeReleaseGuardedMutex(&SepRmDbLock); + + return STATUS_NO_SUCH_LOGON_SESSION; +} + + +NTSTATUS +SepRmDereferenceLogonSession( + PLUID LogonLuid) +{ + PSEP_LOGON_SESSION_REFERENCES CurrentSession; + + DPRINT("SepRmDereferenceLogonSession(%08lx:%08lx)\n", + LogonLuid->HighPart, LogonLuid->LowPart); + + /* Acquire the database lock */ + KeAcquireGuardedMutex(&SepRmDbLock); + + /* Loop all existing sessions */ + for (CurrentSession = SepLogonSessions; + CurrentSession != NULL; + CurrentSession = CurrentSession->Next) + { + /* Check if the LUID matches the new one */ + if (RtlEqualLuid(&CurrentSession->LogonId, LogonLuid)) + { + /* Dereference the session */ + CurrentSession->ReferenceCount -= 1; + DPRINT1("ReferenceCount: %lu\n", CurrentSession->ReferenceCount); + + /* Release the database lock */ + KeReleaseGuardedMutex(&SepRmDbLock); + + return STATUS_SUCCESS; + } + } + + /* Release the database lock */ + KeReleaseGuardedMutex(&SepRmDbLock); + + return STATUS_NO_SUCH_LOGON_SESSION; +} + + BOOLEAN NTAPI SepRmCommandServerThreadInit(VOID) diff --git a/reactos/ntoskrnl/se/token.c b/reactos/ntoskrnl/se/token.c index 2eeb1ff0719..e9ba93109a6 100644 --- a/reactos/ntoskrnl/se/token.c +++ b/reactos/ntoskrnl/se/token.c @@ -480,6 +480,9 @@ SepDuplicateToken(PTOKEN Token, *NewAccessToken = AccessToken; + /* Reference the logon session */ + SepRmReferenceLogonSession(&AccessToken->AuthenticationId); + done: if (!NT_SUCCESS(Status)) { @@ -609,6 +612,11 @@ SepDeleteToken(PVOID ObjectBody) { PTOKEN AccessToken = (PTOKEN)ObjectBody; + DPRINT1("SepDeleteToken()\n"); + + /* Dereference the logon session */ + SepRmDereferenceLogonSession(&AccessToken->AuthenticationId); + if (AccessToken->UserAndGroups) ExFreePoolWithTag(AccessToken->UserAndGroups, TAG_TOKEN_USERS); @@ -699,6 +707,8 @@ SepCreateToken(OUT PHANDLE TokenHandle, NTSTATUS Status; ULONG TokenFlags = 0; + PAGED_CODE(); + /* Loop all groups */ for (i = 0; i < GroupCount; i++) { @@ -886,6 +896,9 @@ SepCreateToken(OUT PHANDLE TokenHandle, *TokenHandle = (HANDLE)AccessToken; } + /* Reference the logon session */ + SepRmReferenceLogonSession(AuthenticationId); + done: if (!NT_SUCCESS(Status)) {