Source code of Windows XP (NT5)
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
|
|
/*++
Copyright (c) 1989 Microsoft Corporation
Module Name:
rmvars.c
Abstract:
This module contains the variables used to implement the run-time reference monitor database.
Author:
Jim Kelly (JimK) 2-Apr-1991
Environment:
Kernel mode only.
Revision History:
--*/
#include "pch.h"
#pragma hdrstop
#ifdef ALLOC_PRAGMA
#pragma alloc_text(INIT,SepRmDbInitialization)
#endif
�////////////////////////////////////////////////////////////////////////////////
// //
// Read/Write Reference Monitor Variables //
// //
// Access to these variables is protected by the SepRmDbLock. //
// //
////////////////////////////////////////////////////////////////////////////////
//
// Resource Lock - This lock protects access to the modifiable fields of
// the reference monitor database
//
ERESOURCE SepRmDbLock = {0};
#ifdef ALLOC_DATA_PRAGMA
#pragma data_seg("PAGEDATA")
#endif
�////////////////////////////////////////////////////////////////////////////////
// //
// Read Only Reference Monitor Variables //
// //
////////////////////////////////////////////////////////////////////////////////
//
// The process within which the RM --> LSA command LPC port was established.
// All calls from the reference monitor to the LSA must be made in this
// process in order for the handle to be valid.
PEPROCESS SepRmLsaCallProcess = NULL;
//
// State of the reference monitor
//
SEP_RM_STATE SepRmState = {0};
//
// The following array is used as a hash bucket for tracking logon sessions.
// The sequence number of logon LUIDs is ANDed with 0x0F and then used as an
// index into this array. This entry in the array serves as a listhead of
// logon session reference count records.
//
PSEP_LOGON_SESSION_REFERENCES *SepLogonSessions = NULL;
�////////////////////////////////////////////////////////////////////////
// //
// Variable Initialization Routines //
// //
////////////////////////////////////////////////////////////////////////
BOOLEANSepRmDbInitialization( VOID )/*++
Routine Description:
This function initializes the reference monitor in-memory database.
Arguments:
None.
Return Value:
TRUE if database successfully initialized. FALSE if not successfully initialized.
--*/{ NTSTATUS Status; ULONG i;
//
// Create the reference monitor database lock
//
// Use SepRmAcquireDbReadLock()
// SepRmAcquireDbWriteLock()
// SepRmReleaseDbReadLock()
// SepRmReleaseDbWriteLock()
//
// to gain access to the reference monitor database.
//
ExInitializeResourceLite(&SepRmDbLock);
//
// Initialize the Logon Session tracking array.
//
SepLogonSessions = ExAllocatePoolWithTag( PagedPool, sizeof( PSEP_LOGON_SESSION_REFERENCES ) * SEP_LOGON_TRACK_ARRAY_SIZE, 'SLeS' );
if (SepLogonSessions == NULL) { return( FALSE ); }
for (i=0;i<SEP_LOGON_TRACK_ARRAY_SIZE;i++) {
SepLogonSessions[ i ] = NULL; }
//
// Now add in a record representing the system logon session.
//
Status = SepCreateLogonSessionTrack( (PLUID)&SeSystemAuthenticationId ); ASSERT( NT_SUCCESS(Status) ); if ( !NT_SUCCESS(Status)) { return FALSE; }
//
// Add one for the null session logon session
//
Status = SepCreateLogonSessionTrack( (PLUID)&SeAnonymousAuthenticationId ); ASSERT( NT_SUCCESS(Status) ); if ( !NT_SUCCESS(Status)) { return FALSE; }
//
// The correct RM state will be set when the local security policy
// information is retrieved (by the LSA) and subsequently passed to
// the reference monitor later on in initialization. For now, initialize
// the state to something that will work for the remainder of
// system initialization.
//
SepRmState.AuditingEnabled = 0; // auditing state disabled.
SepRmState.OperationalMode = LSA_MODE_PASSWORD_PROTECTED;
return TRUE;
}
|
