blob: 8e9245c37664f4660e6766817246178b9613416c (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
|
/*++
Copyright (c) 1989 Microsoft Corporation
Module Name:
rmvars.c
Abstract:
This module contains the variables used to implement the run-time
reference monitor database.
Author:
Jim Kelly (JimK) 2-Apr-1991
Environment:
Kernel mode only.
Revision History:
--*/
#include "rmp.h"
#ifdef ALLOC_PRAGMA
#pragma alloc_text(INIT,SepRmDbInitialization)
#endif
�
////////////////////////////////////////////////////////////////////////////////
// //
// Read Only Reference Monitor Variables //
// //
////////////////////////////////////////////////////////////////////////////////
//
// The process within which the RM --> LSA command LPC port was established.
// All calls from the reference monitor to the LSA must be made in this
// process in order for the handle to be valid.
PEPROCESS SepRmLsaCallProcess;
�
////////////////////////////////////////////////////////////////////////////////
// //
// Read/Write Reference Monitor Variables //
// //
// Access to these variables is protected by the SepRmDbLock. //
// //
////////////////////////////////////////////////////////////////////////////////
//
// Resource Lock - This lock protects access to the modifiable fields of
// the reference monitor database
//
ERESOURCE SepRmDbLock;
//
// State of the reference monitor
//
SEP_RM_STATE SepRmState;
//
// The following array is used as a hash bucket for tracking logon sessions.
// The sequence number of logon LUIDs is ANDed with 0x0F and then used as an
// index into this array. This entry in the array serves as a listhead of
// logon session reference count records.
//
PSEP_LOGON_SESSION_REFERENCES *SepLogonSessions = NULL;
�
////////////////////////////////////////////////////////////////////////
// //
// Variable Initialization Routines //
// //
////////////////////////////////////////////////////////////////////////
BOOLEAN
SepRmDbInitialization(
VOID
)
/*++
Routine Description:
This function initializes the reference monitor in-memory database.
Arguments:
None.
Return Value:
TRUE if database successfully initialized.
FALSE if not successfully initialized.
--*/
{
NTSTATUS Status;
ULONG i;
//
// Create the reference monitor database lock
//
// Use SepRmAcquireDbReadLock()
// SepRmAcquireDbWriteLock()
// SepRmReleaseDbReadLock()
// SepRmReleaseDbWriteLock()
//
// to gain access to the reference monitor database.
//
ExInitializeResource(&SepRmDbLock);
//
// Initialize the Logon Session tracking array.
//
SepLogonSessions = ExAllocatePoolWithTag( PagedPool,
sizeof( PSEP_LOGON_SESSION_REFERENCES ) * SEP_LOGON_TRACK_ARRAY_SIZE,
'SLeS'
);
if (SepLogonSessions == NULL) {
return( FALSE );
}
for (i=0;i<SEP_LOGON_TRACK_ARRAY_SIZE;i++) {
SepLogonSessions[ i ] = NULL;
}
//
// Now add in a record representing the system logon session.
//
Status = SepCreateLogonSessionTrack( &SeSystemAuthenticationId );
ASSERT( NT_SUCCESS(Status) );
if ( !NT_SUCCESS(Status)) {
return FALSE;
}
//
// The correct RM state will be set when the local security policy
// information is retrieved (by the LSA) and subsequently passed to
// the reference monitor later on in initialization. For now, initialize
// the state to something that will work for the remainder of
// system initialization.
//
SepRmState.AuditingEnabled = 0; // auditing state disabled.
SepRmState.OperationalMode = LSA_MODE_PASSWORD_PROTECTED;
return TRUE;
}
|
