[NTOSKRNL] Disable LUID mapping until it's properly implemented

boot/bootdata/hivesys.inf

@@ -1445,6 +1445,7 @@ HKLM,"SYSTEM\CurrentControlSet\Control\Session Manager","ObjectDirectories",0x00
  "\Windows", \
  "\RPC Control"
 HKLM,"SYSTEM\CurrentControlSet\Control\Session Manager","ProtectionMode", 0x00010003, 0x00000001
+HKLM,"SYSTEM\CurrentControlSet\Control\Session Manager","LUIDDeviceMapsDisabled", 0x00010003, 0x00000001
 
 ; DOS devices
 HKLM,"SYSTEM\CurrentControlSet\Control\Session Manager\DOS Devices","AUX",0x00000002,"\DosDevices\COM1"

ntoskrnl/config/cmdata.c

@@ -157,7 +157,7 @@ INIT_SECTION CM_SYSTEM_CONTROL_VECTOR CmControlVector[] =
     {
         L"Session Manager",
         L"LUIDDeviceMapsDisabled",
-        &DummyData,
+        &ObpLUIDDeviceMapsDisabled,
         NULL,
         NULL
     },

ntoskrnl/include/internal/ob.h

@@ -620,6 +620,7 @@ extern WCHAR ObpUnsecureGlobalNamesBuffer[128];
 extern ULONG ObpUnsecureGlobalNamesLength;
 extern ULONG ObpObjectSecurityMode;
 extern ULONG ObpProtectionMode;
+extern ULONG ObpLUIDDeviceMapsDisabled;
 
 //
 // Inlined Functions

ntoskrnl/ob/obname.c

@@ -32,6 +32,9 @@ UNICODE_STRING ObpDosDevicesShortName =
 WCHAR ObpUnsecureGlobalNamesBuffer[128] = {0};
 ULONG ObpUnsecureGlobalNamesLength = sizeof(ObpUnsecureGlobalNamesBuffer);
 
+ULONG ObpLUIDDeviceMapsDisabled;
+ULONG ObpLUIDDeviceMapsEnabled;
+
 /* PRIVATE FUNCTIONS *********************************************************/
 
 INIT_FUNCTION
@@ -182,6 +185,13 @@ ObpCreateDosDevicesDirectory(VOID)
     SECURITY_DESCRIPTOR DosDevicesSD;
     NTSTATUS Status;
 
+    /*
+     * Enable LUID mappings only if not explicitely disabled
+     * and if protection mode is set
+     */
+    if (ObpProtectionMode == 0 || ObpLUIDDeviceMapsDisabled != 0)
+        ObpLUIDDeviceMapsEnabled = 0;
+
     /* Create a custom security descriptor for the global DosDevices directory */
     Status = ObpGetDosDevicesProtection(&DosDevicesSD);
     if (!NT_SUCCESS(Status))