Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

202 lines
5.1 KiB

  1. /*++
  2. Copyright (c) 1989 Microsoft Corporation
  3. Module Name:
  4. rmvars.c
  5. Abstract:
  6. This module contains the variables used to implement the run-time
  7. reference monitor database.
  8. Author:
  9. Jim Kelly (JimK) 2-Apr-1991
  10. Environment:
  11. Kernel mode only.
  12. Revision History:
  13. --*/
  14. #include "pch.h"
  15. #pragma hdrstop
  16. #ifdef ALLOC_PRAGMA
  17. #pragma alloc_text(INIT,SepRmDbInitialization)
  18. #endif
  19. ////////////////////////////////////////////////////////////////////////////////
  20. // //
  21. // Read/Write Reference Monitor Variables //
  22. // //
  23. // Access to these variables is protected by the SepRmDbLock. //
  24. // //
  25. ////////////////////////////////////////////////////////////////////////////////
  26. //
  27. // Resource Locks - These locks protect access to the modifiable fields of
  28. // the reference monitor database. There is one lock for
  29. // a set of hash buckets.
  30. //
  31. ERESOURCE SepRmDbLock[SEP_LOGON_TRACK_LOCK_ARRAY_SIZE] = {0};
  32. #ifdef ALLOC_DATA_PRAGMA
  33. #pragma data_seg("PAGEDATA")
  34. #endif
  35. ////////////////////////////////////////////////////////////////////////////////
  36. // //
  37. // Read Only Reference Monitor Variables //
  38. // //
  39. ////////////////////////////////////////////////////////////////////////////////
  40. //
  41. // The process within which the RM --> LSA command LPC port was established.
  42. // All calls from the reference monitor to the LSA must be made in this
  43. // process in order for the handle to be valid.
  44. PEPROCESS SepRmLsaCallProcess = NULL;
  45. //
  46. // State of the reference monitor
  47. //
  48. SEP_RM_STATE SepRmState = {0};
  49. //
  50. // The following array is used as a hash bucket for tracking logon sessions.
  51. // The sequence number of logon LUIDs is ANDed with 0x0F and then used as an
  52. // index into this array. This entry in the array serves as a listhead of
  53. // logon session reference count records.
  54. //
  55. PSEP_LOGON_SESSION_REFERENCES *SepLogonSessions = NULL;
  56. ////////////////////////////////////////////////////////////////////////
  57. // //
  58. // Variable Initialization Routines //
  59. // //
  60. ////////////////////////////////////////////////////////////////////////
  61. BOOLEAN
  62. SepRmDbInitialization(
  63. VOID
  64. )
  65. /*++
  66. Routine Description:
  67. This function initializes the reference monitor in-memory database.
  68. Arguments:
  69. None.
  70. Return Value:
  71. TRUE if database successfully initialized.
  72. FALSE if not successfully initialized.
  73. --*/
  74. {
  75. NTSTATUS Status;
  76. ULONG i;
  77. //
  78. // Create the reference monitor database lock
  79. //
  80. // Use SepRmAcquireDbReadLock()
  81. // SepRmAcquireDbWriteLock()
  82. // SepRmReleaseDbReadLock()
  83. // SepRmReleaseDbWriteLock()
  84. //
  85. // to gain access to the reference monitor database.
  86. //
  87. for (i=0;i<SEP_LOGON_TRACK_LOCK_ARRAY_SIZE;i++) {
  88. ExInitializeResourceLite(&(SepRmDbLock[ i ]));
  89. }
  90. //
  91. // Initialize the Logon Session tracking array.
  92. //
  93. SepLogonSessions = ExAllocatePoolWithTag( PagedPool,
  94. sizeof( PSEP_LOGON_SESSION_REFERENCES ) * SEP_LOGON_TRACK_ARRAY_SIZE,
  95. 'SLeS'
  96. );
  97. if (SepLogonSessions == NULL) {
  98. return( FALSE );
  99. }
  100. for (i=0;i<SEP_LOGON_TRACK_ARRAY_SIZE;i++) {
  101. SepLogonSessions[ i ] = NULL;
  102. }
  103. //
  104. // Now add in a record representing the system logon session.
  105. //
  106. Status = SepCreateLogonSessionTrack( (PLUID)&SeSystemAuthenticationId );
  107. ASSERT( NT_SUCCESS(Status) );
  108. if ( !NT_SUCCESS(Status)) {
  109. return FALSE;
  110. }
  111. //
  112. // Add one for the null session logon session
  113. //
  114. Status = SepCreateLogonSessionTrack( (PLUID)&SeAnonymousAuthenticationId );
  115. ASSERT( NT_SUCCESS(Status) );
  116. if ( !NT_SUCCESS(Status)) {
  117. return FALSE;
  118. }
  119. //
  120. // The correct RM state will be set when the local security policy
  121. // information is retrieved (by the LSA) and subsequently passed to
  122. // the reference monitor later on in initialization. For now, initialize
  123. // the state to something that will work for the remainder of
  124. // system initialization.
  125. //
  126. SepRmState.AuditingEnabled = 0; // auditing state disabled.
  127. SepRmState.OperationalMode = LSA_MODE_PASSWORD_PROTECTED;
  128. return TRUE;
  129. }
  130. #ifdef ALLOC_DATA_PRAGMA
  131. #pragma data_seg()
  132. #endif