/*++ Copyright (c) 1991 Microsoft Corporation Module Name: rmp.h Abstract: Security Reference Monitor Private Data Types, Functions and Defines Author: Scott Birrell (ScottBi) March 12, 1991 Environment: Revision History: --*/ #ifndef _RMP_H_ #define _RMP_H_ #include #include #include "sep.h" /////////////////////////////////////////////////////////////////////////////// // // // Reference Monitor Private defines // // // /////////////////////////////////////////////////////////////////////////////// // // Used to define the bounds of the array used to track logon session // reference counts. // #define SEP_LOGON_TRACK_INDEX_MASK (0x0000000FL) #define SEP_LOGON_TRACK_ARRAY_SIZE (0x00000010L) // // Used to define the bounds of the locks array used to reference the logon // sessions. We use a hardcoded index of ZERO for when LogonId is not // available. // The number of locks was chosen to be 4 based on performance tests on // uniproc and 8-proc machines. // #define SEP_LOGON_TRACK_LOCK_INDEX_MASK (0x00000003L) #define SEP_LOGON_TRACK_LOCK_ARRAY_SIZE (0x00000004L) #define SEP_HARDCODED_LOCK_INDEX (0) /////////////////////////////////////////////////////////////////////////////// // // // Reference Monitor Private Macros // // // /////////////////////////////////////////////////////////////////////////////// // // acquire exclusive access to a token // #define SepRmAcquireDbReadLock(i) KeEnterCriticalRegion(); \ ExAcquireResourceSharedLite(&(SepRmDbLock[(i) & SEP_LOGON_TRACK_LOCK_INDEX_MASK]), TRUE) #define SepRmAcquireDbWriteLock(i) KeEnterCriticalRegion(); \ ExAcquireResourceExclusiveLite(&(SepRmDbLock[(i) & SEP_LOGON_TRACK_LOCK_INDEX_MASK]), TRUE) #define SepRmReleaseDbReadLock(i) ExReleaseResourceLite(&(SepRmDbLock[(i) & SEP_LOGON_TRACK_LOCK_INDEX_MASK])); \ KeLeaveCriticalRegion() #define SepRmReleaseDbWriteLock(i) ExReleaseResourceLite(&(SepRmDbLock[(i) & SEP_LOGON_TRACK_LOCK_INDEX_MASK])); \ KeLeaveCriticalRegion() /////////////////////////////////////////////////////////////////////////////// // // // Reference Monitor Private Data Types // // // /////////////////////////////////////////////////////////////////////////////// #define SEP_RM_LSA_SHARED_MEMORY_SIZE ((ULONG) PAGE_SIZE) // // Reference Monitor Private Global State Data Structure // typedef struct _SEP_RM_STATE { HANDLE LsaInitEventHandle; HANDLE LsaCommandPortHandle; HANDLE SepRmThreadHandle; HANDLE RmCommandPortHandle; HANDLE RmCommandServerPortHandle; ULONG AuditingEnabled; LSA_OPERATIONAL_MODE OperationalMode; HANDLE LsaCommandPortSectionHandle; LARGE_INTEGER LsaCommandPortSectionSize; PVOID LsaViewPortMemory; PVOID RmViewPortMemory; LONG LsaCommandPortMemoryDelta; // BOOLEAN LsaCommandPortResourceInitialized; BOOLEAN LsaCommandPortActive; // ERESOURCE LsaCommandPortResource; } SEP_RM_STATE, *PSEP_RM_STATE; // // Reference Monitor Command Port Connection Info // typedef struct _SEP_RM_CONNECT_INFO { ULONG ConnectInfo; } SEP_RM_CONNECT_INFO; typedef struct SEP_RM_CONNECT_INFO *PSEP_RM_CONNECT_INFO; // // Reference Monitor Command Table Entry Format // #define SEP_RM_COMMAND_MAX 4 typedef VOID (*SEP_RM_COMMAND_WORKER)( PRM_COMMAND_MESSAGE, PRM_REPLY_MESSAGE ); typedef struct _SEP_LOGON_SESSION_TOKEN { LIST_ENTRY ListEntry; PTOKEN Token; } SEP_LOGON_SESSION_TOKEN, *PSEP_LOGON_SESSION_TOKEN; #define SEP_TERMINATION_NOTIFY 0x1 // // File systems interested in being notified when a logon session is being // terminated register a callback routine. The following data structure // describes the callback routines. // // The global list of callback routines is pointed to by SeFileSystemNotifyRoutines. // This list is protected by the RM database lock. // typedef struct _SEP_LOGON_SESSION_TERMINATED_NOTIFICATION { struct _SEP_LOGON_SESSION_TERMINATED_NOTIFICATION *Next; PSE_LOGON_SESSION_TERMINATED_ROUTINE CallbackRoutine; } SEP_LOGON_SESSION_TERMINATED_NOTIFICATION, *PSEP_LOGON_SESSION_TERMINATED_NOTIFICATION; extern SEP_LOGON_SESSION_TERMINATED_NOTIFICATION SeFileSystemNotifyRoutinesHead; /////////////////////////////////////////////////////////////////////////////// // // // Reference Monitor Private Function Prototypes // // // /////////////////////////////////////////////////////////////////////////////// BOOLEAN SepRmDbInitialization( VOID ); VOID SepRmCommandServerThread( IN PVOID StartContext ); BOOLEAN SepRmCommandServerThreadInit( ); VOID SepRmComponentTestCommandWrkr( IN PRM_COMMAND_MESSAGE CommandMessage, OUT PRM_REPLY_MESSAGE ReplyMessage ); VOID SepRmSetAuditEventWrkr( IN PRM_COMMAND_MESSAGE CommandMessage, OUT PRM_REPLY_MESSAGE ReplyMessage ); VOID SepRmSendCommandToLsaWrkr( IN PRM_COMMAND_MESSAGE CommandMessage, OUT PRM_REPLY_MESSAGE ReplyMessage ); VOID SepRmCreateLogonSessionWrkr( IN PRM_COMMAND_MESSAGE CommandMessage, OUT PRM_REPLY_MESSAGE ReplyMessage ); VOID SepRmDeleteLogonSessionWrkr( IN PRM_COMMAND_MESSAGE CommandMessage, OUT PRM_REPLY_MESSAGE ReplyMessage ) ; NTSTATUS SepCreateLogonSessionTrack( IN PLUID LogonId ); NTSTATUS SepDeleteLogonSessionTrack( IN PLUID LogonId ); /////////////////////////////////////////////////////////////////////////////// // // // Reference Monitor Private Variables Declarations // // These variables are defined in rmvars.c // // // /////////////////////////////////////////////////////////////////////////////// extern PEPROCESS SepRmLsaCallProcess; extern SEP_RM_STATE SepRmState; extern ERESOURCE SepRmDbLock[]; extern PSEP_LOGON_SESSION_REFERENCES *SepLogonSessions; #endif // _RMP_H_