Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2024-06-29 01:12:06 +00:00
Code Issues Packages Projects Releases Wiki Activity

[NTOSKRNL]

Browse source 
- Initialize SepRmDbLock and create the system and anonymous logon sessions in Phase 0, right before the system process token is created.
- Implement functions to reference and dereference a logon session.
- Reference a logon session in SepCreateToken and SepDuplicateToken.
- Dereference a logon session in SepDeleteToken.

svn path=/trunk/; revision=69735
This commit is contained in:
Eric Kohl 2015-10-29 22:50:14 +00:00
parent dd39558722
commit 58e9053fbc
4 changed files with 128 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
reactos/ntoskrnl/include/internal/se.h
View file

@ -267,6 +267,10 @@ BOOLEAN
NTAPI NTAPI
SepInitSDs(VOID); SepInitSDs(VOID);
BOOLEAN
NTAPI
SeRmInitPhase0(VOID);
BOOLEAN BOOLEAN
NTAPI NTAPI
SeRmInitPhase1(VOID); SeRmInitPhase1(VOID);
@ -502,7 +506,7 @@ SepPropagateAcl(
_In_ BOOLEAN IsInherited, _In_ BOOLEAN IsInherited,
_In_ BOOLEAN IsDirectoryObject, _In_ BOOLEAN IsDirectoryObject,
_In_ PGENERIC_MAPPING GenericMapping); _In_ PGENERIC_MAPPING GenericMapping);
PACL PACL
SepSelectAcl( SepSelectAcl(
_In_opt_ PACL ExplicitAcl, _In_opt_ PACL ExplicitAcl,
@ -577,6 +581,14 @@ SePrivilegedServiceAuditAlarm(
_In_ PPRIVILEGE_SET PrivilegeSet, _In_ PPRIVILEGE_SET PrivilegeSet,
_In_ BOOLEAN AccessGranted); _In_ BOOLEAN AccessGranted);
NTSTATUS
SepRmReferenceLogonSession(
PLUID LogonLuid);
NTSTATUS
SepRmDereferenceLogonSession(
PLUID LogonLuid);
#endif #endif
/* EOF */ /* EOF */

3
reactos/ntoskrnl/se/semgr.c
View file

@ -109,6 +109,9 @@ SepInitializationPhase0(VOID)
/* Initialize token objects */ /* Initialize token objects */
SepInitializeTokenImplementation(); SepInitializeTokenImplementation();
/* Initialize logon sessions */
if (!SeRmInitPhase0()) return FALSE;
/* Clear impersonation info for the idle thread */ /* Clear impersonation info for the idle thread */
PsGetCurrentThread()->ImpersonationInfo = NULL; PsGetCurrentThread()->ImpersonationInfo = NULL;
PspClearCrossThreadFlag(PsGetCurrentThread(), PspClearCrossThreadFlag(PsGetCurrentThread(),

108
reactos/ntoskrnl/se/srm.c
View file

@ -143,28 +143,40 @@ Cleanup:
BOOLEAN BOOLEAN
NTAPI NTAPI
SeRmInitPhase1(VOID) SeRmInitPhase0(VOID)
{ {
UNICODE_STRING Name;
OBJECT_ATTRIBUTES ObjectAttributes;
HANDLE ThreadHandle;
NTSTATUS Status; NTSTATUS Status;
// Windows does this in SeRmInitPhase0, but it should not matter /* Initialize the database lock */
KeInitializeGuardedMutex(&SepRmDbLock); KeInitializeGuardedMutex(&SepRmDbLock);
/* Create the system logon session */
Status = SepRmCreateLogonSession(&SeSystemAuthenticationId); Status = SepRmCreateLogonSession(&SeSystemAuthenticationId);
if (!NT_VERIFY(NT_SUCCESS(Status))) if (!NT_VERIFY(NT_SUCCESS(Status)))
{ {
return FALSE; return FALSE;
} }
/* Create the anonymous logon session */
Status = SepRmCreateLogonSession(&SeAnonymousAuthenticationId); Status = SepRmCreateLogonSession(&SeAnonymousAuthenticationId);
if (!NT_VERIFY(NT_SUCCESS(Status))) if (!NT_VERIFY(NT_SUCCESS(Status)))
{ {
return FALSE; return FALSE;
} }
return TRUE;
}
BOOLEAN
NTAPI
SeRmInitPhase1(VOID)
{
UNICODE_STRING Name;
OBJECT_ATTRIBUTES ObjectAttributes;
HANDLE ThreadHandle;
NTSTATUS Status;
/* Create the SeRm command port */ /* Create the SeRm command port */
RtlInitUnicodeString(&Name, L"\\SeRmCommandPort"); RtlInitUnicodeString(&Name, L"\\SeRmCommandPort");
InitializeObjectAttributes(&ObjectAttributes, &Name, 0, NULL, NULL); InitializeObjectAttributes(&ObjectAttributes, &Name, 0, NULL, NULL);
@ -289,8 +301,8 @@ SepRmCreateLogonSession(
NTSTATUS Status; NTSTATUS Status;
PAGED_CODE(); PAGED_CODE();
DPRINT1("SepRmCreateLogonSession(<0x%lx,0x%lx>)\n", DPRINT("SepRmCreateLogonSession(%08lx:%08lx)\n",
LogonLuid->HighPart, LogonLuid->LowPart); LogonLuid->HighPart, LogonLuid->LowPart);
/* Allocate a new session structure */ /* Allocate a new session structure */
NewSession = ExAllocatePoolWithTag(PagedPool, NewSession = ExAllocatePoolWithTag(PagedPool,
@ -347,8 +359,8 @@ NTSTATUS
SepRmDeleteLogonSession( SepRmDeleteLogonSession(
PLUID LogonLuid) PLUID LogonLuid)
{ {
DPRINT1("SepRmDeleteLogonSession(<0x%lx,0x%lx>)\n", DPRINT("SepRmDeleteLogonSession(%08lx:%08lx)\n",
LogonLuid->HighPart, LogonLuid->LowPart); LogonLuid->HighPart, LogonLuid->LowPart);
UNIMPLEMENTED; UNIMPLEMENTED;
NT_ASSERT(FALSE); NT_ASSERT(FALSE);
@ -356,6 +368,84 @@ SepRmDeleteLogonSession(
} }
NTSTATUS
SepRmReferenceLogonSession(
PLUID LogonLuid)
{
PSEP_LOGON_SESSION_REFERENCES CurrentSession;
PAGED_CODE();
DPRINT("SepRmReferenceLogonSession(%08lx:%08lx)\n",
LogonLuid->HighPart, LogonLuid->LowPart);
/* Acquire the database lock */
KeAcquireGuardedMutex(&SepRmDbLock);
/* Loop all existing sessions */
for (CurrentSession = SepLogonSessions;
CurrentSession != NULL;
CurrentSession = CurrentSession->Next)
{
/* Check if the LUID matches the new one */
if (RtlEqualLuid(&CurrentSession->LogonId, LogonLuid))
{
/* Reference the session */
CurrentSession->ReferenceCount += 1;
DPRINT1("ReferenceCount: %lu\n", CurrentSession->ReferenceCount);
/* Release the database lock */
KeReleaseGuardedMutex(&SepRmDbLock);
return STATUS_SUCCESS;
}
}
/* Release the database lock */
KeReleaseGuardedMutex(&SepRmDbLock);
return STATUS_NO_SUCH_LOGON_SESSION;
}
NTSTATUS
SepRmDereferenceLogonSession(
PLUID LogonLuid)
{
PSEP_LOGON_SESSION_REFERENCES CurrentSession;
DPRINT("SepRmDereferenceLogonSession(%08lx:%08lx)\n",
LogonLuid->HighPart, LogonLuid->LowPart);
/* Acquire the database lock */
KeAcquireGuardedMutex(&SepRmDbLock);
/* Loop all existing sessions */
for (CurrentSession = SepLogonSessions;
CurrentSession != NULL;
CurrentSession = CurrentSession->Next)
{
/* Check if the LUID matches the new one */
if (RtlEqualLuid(&CurrentSession->LogonId, LogonLuid))
{
/* Dereference the session */
CurrentSession->ReferenceCount -= 1;
DPRINT1("ReferenceCount: %lu\n", CurrentSession->ReferenceCount);
/* Release the database lock */
KeReleaseGuardedMutex(&SepRmDbLock);
return STATUS_SUCCESS;
}
}
/* Release the database lock */
KeReleaseGuardedMutex(&SepRmDbLock);
return STATUS_NO_SUCH_LOGON_SESSION;
}
BOOLEAN BOOLEAN
NTAPI NTAPI
SepRmCommandServerThreadInit(VOID) SepRmCommandServerThreadInit(VOID)

13
reactos/ntoskrnl/se/token.c
View file

@ -480,6 +480,9 @@ SepDuplicateToken(PTOKEN Token,
*NewAccessToken = AccessToken; *NewAccessToken = AccessToken;
/* Reference the logon session */
SepRmReferenceLogonSession(&AccessToken->AuthenticationId);
done: done:
if (!NT_SUCCESS(Status)) if (!NT_SUCCESS(Status))
{ {
@ -609,6 +612,11 @@ SepDeleteToken(PVOID ObjectBody)
{ {
PTOKEN AccessToken = (PTOKEN)ObjectBody; PTOKEN AccessToken = (PTOKEN)ObjectBody;
DPRINT1("SepDeleteToken()\n");
/* Dereference the logon session */
SepRmDereferenceLogonSession(&AccessToken->AuthenticationId);
if (AccessToken->UserAndGroups) if (AccessToken->UserAndGroups)
ExFreePoolWithTag(AccessToken->UserAndGroups, TAG_TOKEN_USERS); ExFreePoolWithTag(AccessToken->UserAndGroups, TAG_TOKEN_USERS);
@ -699,6 +707,8 @@ SepCreateToken(OUT PHANDLE TokenHandle,
NTSTATUS Status; NTSTATUS Status;
ULONG TokenFlags = 0; ULONG TokenFlags = 0;
PAGED_CODE();
/* Loop all groups */ /* Loop all groups */
for (i = 0; i < GroupCount; i++) for (i = 0; i < GroupCount; i++)
{ {
@ -886,6 +896,9 @@ SepCreateToken(OUT PHANDLE TokenHandle,
*TokenHandle = (HANDLE)AccessToken; *TokenHandle = (HANDLE)AccessToken;
} }
/* Reference the logon session */
SepRmReferenceLogonSession(AuthenticationId);
done: done:
if (!NT_SUCCESS(Status)) if (!NT_SUCCESS(Status))
{ {