private/ntos/se/rmp.h


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229

/*++

Copyright (c) 1991  Microsoft Corporation

Module Name:

    rmp.h

Abstract:

    Security Reference Monitor Private Data Types, Functions and Defines

Author:

    Scott Birrell       (ScottBi)       March 12, 1991

Environment:

Revision History:

--*/

#include <nt.h>
#include <ntlsa.h>
#include "sep.h"


///////////////////////////////////////////////////////////////////////////////
//                                                                           //
//  Reference Monitor Private defines                                        //
//                                                                           //
///////////////////////////////////////////////////////////////////////////////


//
// Used to define the bounds of the array used to track logon session
// reference counts.
//

#define SEP_LOGON_TRACK_INDEX_MASK (0x0000000FL)
#define SEP_LOGON_TRACK_ARRAY_SIZE (0x00000010L)


///////////////////////////////////////////////////////////////////////////////
//                                                                           //
//  Reference Monitor Private Macros                                         //
//                                                                           //
///////////////////////////////////////////////////////////////////////////////

//
//  acquire exclusive access to a token
//

#define SepRmAcquireDbReadLock()  KeEnterCriticalRegion();         \
                                  ExAcquireResourceShared(&SepRmDbLock, TRUE)

#define SepRmAcquireDbWriteLock() KeEnterCriticalRegion();         \
                                  ExAcquireResourceExclusive(&SepRmDbLock, TRUE)

#define SepRmReleaseDbReadLock()  ExReleaseResource(&SepRmDbLock); \
                                  KeLeaveCriticalRegion()

#define SepRmReleaseDbWriteLock() ExReleaseResource(&SepRmDbLock); \
                                  KeLeaveCriticalRegion()


///////////////////////////////////////////////////////////////////////////////
//                                                                           //
//  Reference Monitor Private Data Types                                     //
//                                                                           //
///////////////////////////////////////////////////////////////////////////////

#define SEP_RM_LSA_SHARED_MEMORY_SIZE ((ULONG) PAGE_SIZE)

//
// Reference Monitor Private Global State Data Structure
//

typedef struct _SEP_RM_STATE {

    HANDLE LsaInitEventHandle;
    HANDLE LsaCommandPortHandle;
    HANDLE SepRmThreadHandle;
    HANDLE RmCommandPortHandle;
    ULONG AuditingEnabled;
    LSA_OPERATIONAL_MODE OperationalMode;
    HANDLE LsaCommandPortSectionHandle;
    LARGE_INTEGER LsaCommandPortSectionSize;
    PVOID LsaViewPortMemory;
    PVOID RmViewPortMemory;
    LONG LsaCommandPortMemoryDelta;
    BOOLEAN LsaCommandPortResourceInitialized;
    BOOLEAN LsaCommandPortActive;
    ERESOURCE LsaCommandPortResource;

} SEP_RM_STATE, *PSEP_RM_STATE;

//
// Reference Monitor Command Port Connection Info
//

typedef struct _SEP_RM_CONNECT_INFO {
    ULONG ConnectInfo;
} SEP_RM_CONNECT_INFO;

typedef struct SEP_RM_CONNECT_INFO *PSEP_RM_CONNECT_INFO;


//
// Reference Monitor Command Table Entry Format
//

#define SEP_RM_COMMAND_MAX 4

typedef VOID (*SEP_RM_COMMAND_WORKER)( PRM_COMMAND_MESSAGE, PRM_REPLY_MESSAGE );


//
// Each logon session active in the system has a corresponding record of
// the following type...
//

typedef struct _SEP_LOGON_SESSION_REFERENCES {
    struct _SEP_LOGON_SESSION_REFERENCES *Next;
    LUID LogonId;
    ULONG ReferenceCount;
    ULONG Flags;
} SEP_LOGON_SESSION_REFERENCES, *PSEP_LOGON_SESSION_REFERENCES;

#define SEP_TERMINATION_NOTIFY  0x1

//
// File systems interested in being notified when a logon session is being
// terminated register a callback routine. The following data structure
// describes the callback routines.
//
// The global list of callback routines is pointed to by SeFileSystemNotifyRoutines.
// This list is protected by the RM database lock.
//

typedef struct _SEP_LOGON_SESSION_TERMINATED_NOTIFICATION {
    struct _SEP_LOGON_SESSION_TERMINATED_NOTIFICATION *Next;
    PSE_LOGON_SESSION_TERMINATED_ROUTINE CallbackRoutine;
} SEP_LOGON_SESSION_TERMINATED_NOTIFICATION, *PSEP_LOGON_SESSION_TERMINATED_NOTIFICATION;

extern SEP_LOGON_SESSION_TERMINATED_NOTIFICATION
SeFileSystemNotifyRoutinesHead;


///////////////////////////////////////////////////////////////////////////////
//                                                                           //
//  Reference Monitor Private Function Prototypes                            //
//                                                                           //
///////////////////////////////////////////////////////////////////////////////

BOOLEAN
SepRmDbInitialization(
    VOID
    );

VOID
SepRmCommandServerThread(
    IN PVOID StartContext
    );

BOOLEAN SepRmCommandServerThreadInit(
    );

VOID
SepRmComponentTestCommandWrkr(
    IN PRM_COMMAND_MESSAGE CommandMessage,
    OUT PRM_REPLY_MESSAGE ReplyMessage
    );

VOID
SepRmSetAuditEventWrkr(
    IN PRM_COMMAND_MESSAGE CommandMessage,
    OUT PRM_REPLY_MESSAGE ReplyMessage
    );

VOID
SepRmSendCommandToLsaWrkr(
    IN PRM_COMMAND_MESSAGE CommandMessage,
    OUT PRM_REPLY_MESSAGE ReplyMessage
    );

VOID
SepRmCreateLogonSessionWrkr(
    IN PRM_COMMAND_MESSAGE CommandMessage,
    OUT PRM_REPLY_MESSAGE ReplyMessage
    );

VOID
SepRmDeleteLogonSessionWrkr(
    IN PRM_COMMAND_MESSAGE CommandMessage,
    OUT PRM_REPLY_MESSAGE ReplyMessage
    ) ;


NTSTATUS
SepCreateLogonSessionTrack(
    IN PLUID LogonId
    );

NTSTATUS
SepDeleteLogonSessionTrack(
    IN PLUID LogonId
    );


///////////////////////////////////////////////////////////////////////////////
//                                                                           //
// Reference Monitor Private Variables Declarations                          //
// These variables are defined in rmvars.c                                   //
//                                                                           //
///////////////////////////////////////////////////////////////////////////////

extern PEPROCESS SepRmLsaCallProcess;
extern SEP_RM_STATE SepRmState;
extern ERESOURCE SepRmDbLock;
extern PSEP_LOGON_SESSION_REFERENCES *SepLogonSessions;