/**************************************************************************
* SetSecurityDescriptorSacl [ADVAPI32.@]
*/
BOOL WINAPI SetSecurityDescriptorSacl (
PSECURITY_DESCRIPTOR lpsd,
BOOL saclpresent,
PACL lpsacl,
BOOL sacldefaulted)
{
CallWin32ToNt (RtlSetSaclSecurityDescriptor(lpsd, saclpresent, lpsacl, sacldefaulted));
}
/*
* @implemented
*/
BOOL
WINAPI
SetSecurityDescriptorSacl(PSECURITY_DESCRIPTOR pSecurityDescriptor,
BOOL bSaclPresent,
PACL pSacl,
BOOL bSaclDefaulted)
{
NTSTATUS Status;
Status = RtlSetSaclSecurityDescriptor(pSecurityDescriptor,
bSaclPresent,
pSacl,
bSaclDefaulted);
if (!NT_SUCCESS(Status))
{
SetLastError(RtlNtStatusToDosError(Status));
return FALSE;
}
return TRUE;
}
BOOLEAN
ObInitSystem(
VOID
)
/*++
Routine Description:
This function performs the system initialization for the object
manager. The object manager data structures are self describing
with the exception of the root directory, the type object type and
the directory object type. The initialization code then constructs
these objects by hand to get the ball rolling.
Arguments:
None.
Return Value:
TRUE if successful and FALSE if an error occurred.
The following errors can occur:
- insufficient memory
--*/
{
USHORT CreateInfoMaxDepth;
USHORT NameBufferMaxDepth;
ULONG RegionSegmentSize;
OBJECT_TYPE_INITIALIZER ObjectTypeInitializer;
UNICODE_STRING TypeTypeName;
UNICODE_STRING SymbolicLinkTypeName;
UNICODE_STRING DosDevicesDirectoryName;
UNICODE_STRING DirectoryTypeName;
UNICODE_STRING RootDirectoryName;
UNICODE_STRING TypeDirectoryName;
NTSTATUS Status;
OBJECT_ATTRIBUTES ObjectAttributes;
HANDLE RootDirectoryHandle;
HANDLE TypeDirectoryHandle;
PLIST_ENTRY Next, Head;
POBJECT_HEADER ObjectTypeHeader;
POBJECT_HEADER_CREATOR_INFO CreatorInfo;
POBJECT_HEADER_NAME_INFO NameInfo;
MM_SYSTEMSIZE SystemSize;
SECURITY_DESCRIPTOR AuditSd;
PSECURITY_DESCRIPTOR EffectiveSd;
PACL AuditAllAcl;
UCHAR AuditAllBuffer[250]; // Ample room for the ACL
ULONG AuditAllLength;
PACE_HEADER Ace;
//
// PHASE 0 Initialization
//
if (InitializationPhase == 0) {
//
// Determine the the size of the object creation and the name buffer
// lookaside lists.
//
SystemSize = MmQuerySystemSize();
if (SystemSize == MmLargeSystem) {
if (MmIsThisAnNtAsSystem()) {
CreateInfoMaxDepth = 64;
NameBufferMaxDepth = 32;
} else {
CreateInfoMaxDepth = 32;
NameBufferMaxDepth = 16;
}
} else {
CreateInfoMaxDepth = 3;
NameBufferMaxDepth = 3;
}
//
// Initialize the object creation lookaside list.
//
ExInitializeNPagedLookasideList(&ObpCreateInfoLookasideList,
NULL,
NULL,
0,
sizeof(OBJECT_CREATE_INFORMATION),
'iCbO',
CreateInfoMaxDepth);
//
// Initialize the name buffer lookaside list.
//
ExInitializeNPagedLookasideList(&ObpNameBufferLookasideList,
NULL,
NULL,
0,
OBJECT_NAME_BUFFER_SIZE,
'mNbO',
NameBufferMaxDepth);
InitializeListHead( &ObpRemoveObjectQueue );
//
// Initialize security descriptor cache
//
ObpInitSecurityDescriptorCache();
KeInitializeMutant( &ObpInitKillMutant, FALSE );
KeInitializeEvent( &ObpDefaultObject, NotificationEvent, TRUE );
KeInitializeSpinLock( &ObpLock );
PsGetCurrentProcess()->GrantedAccess = PROCESS_ALL_ACCESS;
PsGetCurrentThread()->GrantedAccess = THREAD_ALL_ACCESS;
//
// Initialize the quota block
//
KeInitializeSpinLock(&PspDefaultQuotaBlock.QuotaLock);
PspDefaultQuotaBlock.ReferenceCount = 1;
PspDefaultQuotaBlock.QuotaPoolLimit[PagedPool] = (ULONG)-1;
PspDefaultQuotaBlock.QuotaPoolLimit[NonPagedPool] = (ULONG)-1;
PspDefaultQuotaBlock.PagefileLimit = (ULONG)-1;
PsGetCurrentProcess()->QuotaBlock = &PspDefaultQuotaBlock;
PsGetCurrentProcess()->ObjectTable =
ExCreateHandleTable( NULL,
0,
0
);
RtlZeroMemory( &ObjectTypeInitializer, sizeof( ObjectTypeInitializer ) );
ObjectTypeInitializer.Length = sizeof( ObjectTypeInitializer );
ObjectTypeInitializer.InvalidAttributes = OBJ_OPENLINK;
ObjectTypeInitializer.PoolType = NonPagedPool;
RtlInitUnicodeString( &TypeTypeName, L"Type" );
ObjectTypeInitializer.ValidAccessMask = OBJECT_TYPE_ALL_ACCESS;
ObjectTypeInitializer.GenericMapping = ObpTypeMapping;
ObjectTypeInitializer.DefaultNonPagedPoolCharge = sizeof( OBJECT_TYPE );
ObjectTypeInitializer.MaintainTypeList = TRUE;
ObjectTypeInitializer.UseDefaultObject = TRUE;
ObCreateObjectType( &TypeTypeName,
&ObjectTypeInitializer,
(PSECURITY_DESCRIPTOR)NULL,
&ObpTypeObjectType
);
RtlInitUnicodeString( &DirectoryTypeName, L"Directory" );
ObjectTypeInitializer.DefaultNonPagedPoolCharge = sizeof( OBJECT_DIRECTORY );
ObjectTypeInitializer.ValidAccessMask = DIRECTORY_ALL_ACCESS;
ObjectTypeInitializer.GenericMapping = ObpDirectoryMapping;
ObjectTypeInitializer.MaintainTypeList = FALSE;
ObCreateObjectType( &DirectoryTypeName,
&ObjectTypeInitializer,
(PSECURITY_DESCRIPTOR)NULL,
&ObpDirectoryObjectType
);
RtlInitUnicodeString( &SymbolicLinkTypeName, L"SymbolicLink" );
ObjectTypeInitializer.DefaultNonPagedPoolCharge = sizeof( OBJECT_SYMBOLIC_LINK );
ObjectTypeInitializer.ValidAccessMask = SYMBOLIC_LINK_ALL_ACCESS;
ObjectTypeInitializer.GenericMapping = ObpSymbolicLinkMapping;
ObjectTypeInitializer.DeleteProcedure = ObpDeleteSymbolicLink;
ObjectTypeInitializer.ParseProcedure = ObpParseSymbolicLink;
ObCreateObjectType( &SymbolicLinkTypeName,
&ObjectTypeInitializer,
(PSECURITY_DESCRIPTOR)NULL,
&ObpSymbolicLinkObjectType
);
ExInitializeResourceLite( &ObpRootDirectoryMutex );
#if i386 && !FPO
ObpCurCachedGrantedAccessIndex = 0;
ObpMaxCachedGrantedAccessIndex = PAGE_SIZE / sizeof( ACCESS_MASK );
ObpCachedGrantedAccesses = ExAllocatePoolWithTag( NonPagedPool, PAGE_SIZE, 'gAbO' );
#endif // i386 && !FPO
#if DBG
ObpCreateObjectEventId = RtlCreateEventId( NULL,
0,
"CreateObject",
6,
RTL_EVENT_ULONG_PARAM, "Object", 0,
RTL_EVENT_PUNICODE_STRING_PARAM, "Type", 0,
RTL_EVENT_ULONG_PARAM, "PagedPool", 0,
RTL_EVENT_ULONG_PARAM, "NonPagedPool", 0,
RTL_EVENT_PUNICODE_STRING_PARAM, "Name", 0,
RTL_EVENT_FLAGS_PARAM, "", 5,
OBJ_INHERIT, "Inherit",
OBJ_PERMANENT, "Permanent",
OBJ_OPENIF, "OpenIf",
OBJ_CASE_INSENSITIVE, "CaseInsenitive",
OBJ_EXCLUSIVE, "Exclusive"
);
ObpFreeObjectEventId = RtlCreateEventId( NULL,
0,
"FreeObject",
3,
RTL_EVENT_ULONG_PARAM, "Object", 0,
RTL_EVENT_ULONG_PARAM, "Type", 0,
RTL_EVENT_PUNICODE_STRING_PARAM, "Name", 0
);
#endif // DBG
} // End of Phase 0 Initializtion
//
// PHASE 1 Initialization
//
if (InitializationPhase == 1) {
EffectiveSd = SePublicDefaultSd;
//
// This code is only executed if base auditing is turned on.
//
if ((ObpAuditBaseDirectories != 0) || (ObpAuditBaseObjects != 0)) {
//
// build an SACL to audit
//
AuditAllAcl = (PACL)AuditAllBuffer;
AuditAllLength = (ULONG)sizeof(ACL) +
((ULONG)sizeof(SYSTEM_AUDIT_ACE)) +
SeLengthSid(SeWorldSid);
ASSERT( sizeof(AuditAllBuffer) > AuditAllLength );
Status = RtlCreateAcl( AuditAllAcl, AuditAllLength, ACL_REVISION2);
ASSERT( NT_SUCCESS(Status) );
Status = RtlAddAuditAccessAce (
AuditAllAcl,
ACL_REVISION2,
GENERIC_ALL,
SeWorldSid,
TRUE, TRUE //Audit success and failure
);
ASSERT( NT_SUCCESS(Status) );
Status = RtlGetAce( AuditAllAcl, 0, (PVOID)&Ace );
ASSERT( NT_SUCCESS(Status) );
if (ObpAuditBaseDirectories != 0) {
Ace->AceFlags |= (CONTAINER_INHERIT_ACE | INHERIT_ONLY_ACE);
}
if (ObpAuditBaseObjects != 0) {
Ace->AceFlags |= (OBJECT_INHERIT_ACE |
CONTAINER_INHERIT_ACE |
INHERIT_ONLY_ACE);
}
//
// Now create a security descriptor that looks just like
// the public default, but has auditing in it as well.
EffectiveSd = (PSECURITY_DESCRIPTOR)&AuditSd;
Status = RtlCreateSecurityDescriptor( EffectiveSd,
SECURITY_DESCRIPTOR_REVISION1 );
ASSERT( NT_SUCCESS(Status) );
Status = RtlSetDaclSecurityDescriptor( EffectiveSd,
TRUE, // DaclPresent
SePublicDefaultDacl,
FALSE // DaclDefaulted
);
ASSERT( NT_SUCCESS(Status) );
Status = RtlSetSaclSecurityDescriptor( EffectiveSd,
TRUE, // DaclPresent
AuditAllAcl,
FALSE // DaclDefaulted
);
ASSERT( NT_SUCCESS(Status) );
}
//
// We only need to use the EffectiveSd on the root. The SACL
// will be inherited by all other objects.
//
RtlInitUnicodeString( &RootDirectoryName, L"\\" );
InitializeObjectAttributes( &ObjectAttributes,
&RootDirectoryName,
OBJ_CASE_INSENSITIVE |
OBJ_PERMANENT,
NULL,
EffectiveSd
);
Status = NtCreateDirectoryObject( &RootDirectoryHandle,
DIRECTORY_ALL_ACCESS,
&ObjectAttributes
);
if (!NT_SUCCESS( Status )) {
return( FALSE );
}
Status = ObReferenceObjectByHandle( RootDirectoryHandle,
0,
ObpDirectoryObjectType,
KernelMode,
(PVOID *)&ObpRootDirectoryObject,
NULL
);
if (!NT_SUCCESS( Status )) {
return( FALSE );
}
Status = NtClose( RootDirectoryHandle );
if (!NT_SUCCESS( Status )) {
return( FALSE );
}
RtlInitUnicodeString( &TypeDirectoryName, L"\\ObjectTypes" );
InitializeObjectAttributes( &ObjectAttributes,
&TypeDirectoryName,
OBJ_CASE_INSENSITIVE |
OBJ_PERMANENT,
NULL,
NULL
);
Status = NtCreateDirectoryObject( &TypeDirectoryHandle,
DIRECTORY_ALL_ACCESS,
&ObjectAttributes
);
if (!NT_SUCCESS( Status )) {
return( FALSE );
}
Status = ObReferenceObjectByHandle( TypeDirectoryHandle,
0,
ObpDirectoryObjectType,
KernelMode,
(PVOID *)&ObpTypeDirectoryObject,
NULL
);
if (!NT_SUCCESS( Status )) {
return( FALSE );
}
Status = NtClose( TypeDirectoryHandle );
if (!NT_SUCCESS( Status )) {
return( FALSE );
}
ObpEnterRootDirectoryMutex();
Head = &ObpTypeObjectType->TypeList;
Next = Head->Flink;
while (Next != Head) {
CreatorInfo = CONTAINING_RECORD( Next,
OBJECT_HEADER_CREATOR_INFO,
TypeList
);
ObjectTypeHeader = (POBJECT_HEADER)(CreatorInfo+1);
NameInfo = OBJECT_HEADER_TO_NAME_INFO( ObjectTypeHeader );
if (NameInfo != NULL && NameInfo->Directory == NULL) {
if (!ObpLookupDirectoryEntry( ObpTypeDirectoryObject,
&NameInfo->Name,
OBJ_CASE_INSENSITIVE
)
) {
ObpInsertDirectoryEntry( ObpTypeDirectoryObject,
&ObjectTypeHeader->Body
);
}
}
Next = Next->Flink;
}
ObpLeaveRootDirectoryMutex();
//
// Create \DosDevices object directory for drive letters and Win32 device names
//
Status = ObpCreateDosDevicesDirectory();
if (!NT_SUCCESS( Status )) {
return FALSE;
}
}
return TRUE;
}
VOID
SepInitProcessAuditSd( VOID )
/*++
Routine Description:
This function initializes SepProcessAuditSd -- a security descriptor
that is used by SepAddSaclToProcess to add SACL to the existing
security descriptor on a system process.
A system process is defined as the one whose token has at least
one of the following sids.
-- SeLocalSystemSid
-- SeLocalServiceSid
-- SeNetworkServiceSid
Arguments:
None.
Return Value:
None.
--*/
{
#define PROCESS_ACCESSES_TO_AUDIT ( PROCESS_CREATE_THREAD |\
PROCESS_SET_INFORMATION |\
PROCESS_SET_PORT |\
PROCESS_SUSPEND_RESUME )
NTSTATUS Status = STATUS_SUCCESS;
ULONG AclLength, TotalSdLength;
PISECURITY_DESCRIPTOR Sd = NULL;
PISECURITY_DESCRIPTOR Sd2 = NULL;
PACL Acl = NULL;
//
// free earlier instance if present
//
if ( SepProcessAuditSd != NULL ) {
ExFreePool( SepProcessAuditSd );
SepProcessAuditSd = NULL;
}
//
// Don't initialize SeProcessAuditSd if SepProcessAccessesToAudit is 0
// This effectively disables process access auditing
//
if ( SepProcessAccessesToAudit == 0 ) {
goto Cleanup;
}
AclLength = (ULONG)sizeof(ACL) +
((ULONG)sizeof(SYSTEM_AUDIT_ACE) - sizeof(ULONG)) +
SeLengthSid( SeWorldSid );
TotalSdLength = sizeof(SECURITY_DESCRIPTOR) + AclLength;
Sd = (PSECURITY_DESCRIPTOR) ExAllocatePoolWithTag(
NonPagedPool,
TotalSdLength,
'cAeS');
if ( Sd == NULL ) {
Status = STATUS_INSUFFICIENT_RESOURCES;
goto Cleanup;
}
Acl = (PACL) (Sd + 1);
Status = RtlCreateAcl( Acl, AclLength, ACL_REVISION2 );
if ( NT_SUCCESS( Status )) {
Status = RtlAddAuditAccessAce(
Acl,
ACL_REVISION2,
SepProcessAccessesToAudit,
SeWorldSid,
TRUE,
TRUE
);
if ( NT_SUCCESS( Status )) {
Status = RtlCreateSecurityDescriptor( Sd,
SECURITY_DESCRIPTOR_REVISION1 );
if ( NT_SUCCESS( Status )) {
Status = RtlSetSaclSecurityDescriptor( Sd,
TRUE, Acl, FALSE );
if ( NT_SUCCESS( Status )) {
SepProcessAuditSd = Sd;
}
}
}
}
ASSERT( NT_SUCCESS(Status) );
if ( !NT_SUCCESS( Status )) {
goto Cleanup;
}
//
// create and initialize SepImportantProcessSd
//
AclLength = (ULONG)sizeof(ACL) +
(3*((ULONG)sizeof(ACCESS_ALLOWED_ACE) - sizeof(ULONG))) +
SeLengthSid( SeLocalSystemSid ) +
SeLengthSid( SeLocalServiceSid ) +
SeLengthSid( SeNetworkServiceSid );
TotalSdLength = sizeof(SECURITY_DESCRIPTOR) + AclLength;
Sd2 = (PSECURITY_DESCRIPTOR) ExAllocatePoolWithTag(
NonPagedPool,
TotalSdLength,
'cAeS');
if ( Sd2 == NULL ) {
Status = STATUS_INSUFFICIENT_RESOURCES;
goto Cleanup;
}
Acl = (PACL) (Sd2 + 1);
Status = RtlCreateAcl( Acl, AclLength, ACL_REVISION2 );
if ( NT_SUCCESS( Status )) {
Status = RtlAddAccessAllowedAce(
Acl,
ACL_REVISION2,
SEP_QUERY_MEMBERSHIP,
SeLocalSystemSid
);
if ( !NT_SUCCESS( Status )) {
goto Cleanup;
}
Status = RtlAddAccessAllowedAce(
Acl,
ACL_REVISION2,
SEP_QUERY_MEMBERSHIP,
SeLocalServiceSid
);
if ( !NT_SUCCESS( Status )) {
goto Cleanup;
}
Status = RtlAddAccessAllowedAce(
Acl,
ACL_REVISION2,
SEP_QUERY_MEMBERSHIP,
SeNetworkServiceSid
);
if ( !NT_SUCCESS( Status )) {
goto Cleanup;
}
Status = RtlCreateSecurityDescriptor( Sd2, SECURITY_DESCRIPTOR_REVISION1 );
if ( NT_SUCCESS( Status )) {
Status = RtlSetDaclSecurityDescriptor( Sd2, TRUE, Acl, FALSE );
if ( NT_SUCCESS( Status )) {
SepImportantProcessSd = Sd2;
}
}
}
Cleanup:
if ( !NT_SUCCESS( Status )) {
ASSERT( FALSE && L"SepInitProcessAuditSd failed" );
//
// this will bugcheck if SepCrashOnAuditFail is TRUE
//
SepAuditFailed( Status );
if ( Sd ) {
ExFreePool( Sd );
Sd = NULL;
SepProcessAuditSd = NULL;
}
if ( Sd2 ) {
ExFreePool( Sd2 );
Sd2 = NULL;
SepImportantProcessSd = NULL;
}
}
}
static
NTSTATUS
LsaSrvQueryPolicySecurity(
PPOLICY_CONTEXT pAccountContext,
SECURITY_INFORMATION SecurityInformation,
PSECURITY_DESCRIPTOR_RELATIVE *ppSecurityDescRelative,
PDWORD pSecurityDescRelativeSize
)
{
NTSTATUS ntStatus = STATUS_SUCCESS;
DWORD err = ERROR_SUCCESS;
PSECURITY_DESCRIPTOR_ABSOLUTE pSecDesc = gpLsaSecDesc;
PSECURITY_DESCRIPTOR_ABSOLUTE pSecurityDesc = NULL;
PSECURITY_DESCRIPTOR_RELATIVE pSecurityDescRelative = NULL;
DWORD securityDescRelativeSize = 0;
err = LwAllocateMemory(
SECURITY_DESCRIPTOR_ABSOLUTE_MIN_SIZE,
OUT_PPVOID(&pSecurityDesc));
BAIL_ON_LSA_ERROR(err);
ntStatus = RtlCreateSecurityDescriptorAbsolute(
pSecurityDesc,
SECURITY_DESCRIPTOR_REVISION);
BAIL_ON_NT_STATUS(ntStatus);
if (SecurityInformation & OWNER_SECURITY_INFORMATION)
{
PSID owner = NULL;
BOOLEAN defaulted = FALSE;
ntStatus = RtlGetOwnerSecurityDescriptor(
pSecDesc,
&owner,
&defaulted);
BAIL_ON_NT_STATUS(ntStatus);
ntStatus = RtlSetOwnerSecurityDescriptor(
pSecurityDesc,
owner,
defaulted);
BAIL_ON_NT_STATUS(ntStatus);
}
if (SecurityInformation & GROUP_SECURITY_INFORMATION)
{
PSID group = NULL;
BOOLEAN defaulted = FALSE;
ntStatus = RtlGetGroupSecurityDescriptor(
pSecDesc,
&group,
&defaulted);
BAIL_ON_NT_STATUS(ntStatus);
ntStatus = RtlSetGroupSecurityDescriptor(
pSecurityDesc,
group,
defaulted);
BAIL_ON_NT_STATUS(ntStatus);
}
if (SecurityInformation & DACL_SECURITY_INFORMATION)
{
PACL pDacl = NULL;
BOOLEAN daclPresent = FALSE;
BOOLEAN defaulted = FALSE;
ntStatus = RtlGetDaclSecurityDescriptor(
pSecDesc,
&daclPresent,
&pDacl,
&defaulted);
BAIL_ON_NT_STATUS(ntStatus);
if (daclPresent)
{
ntStatus = RtlSetDaclSecurityDescriptor(
pSecurityDesc,
daclPresent,
pDacl,
defaulted);
BAIL_ON_NT_STATUS(ntStatus);
}
}
if (SecurityInformation & SACL_SECURITY_INFORMATION)
{
PACL pSacl = NULL;
BOOLEAN saclPresent = FALSE;
BOOLEAN defaulted = FALSE;
ntStatus = RtlGetSaclSecurityDescriptor(
pSecDesc,
&saclPresent,
&pSacl,
&defaulted);
BAIL_ON_NT_STATUS(ntStatus);
if (saclPresent)
{
ntStatus = RtlSetSaclSecurityDescriptor(
pSecurityDesc,
saclPresent,
pSacl,
defaulted);
BAIL_ON_NT_STATUS(ntStatus);
}
}
ntStatus = RtlAbsoluteToSelfRelativeSD(
pSecurityDesc,
pSecurityDescRelative,
&securityDescRelativeSize);
if (ntStatus == STATUS_BUFFER_TOO_SMALL)
{
ntStatus = STATUS_SUCCESS;
}
else if (ntStatus != STATUS_SUCCESS)
{
BAIL_ON_NT_STATUS(ntStatus);
}
ntStatus = LsaSrvAllocateMemory(
OUT_PPVOID(&pSecurityDescRelative),
securityDescRelativeSize);
BAIL_ON_NT_STATUS(ntStatus);
ntStatus = RtlAbsoluteToSelfRelativeSD(
pSecurityDesc,
pSecurityDescRelative,
&securityDescRelativeSize);
BAIL_ON_NT_STATUS(ntStatus);
*ppSecurityDescRelative = pSecurityDescRelative;
*pSecurityDescRelativeSize = securityDescRelativeSize;
error:
if (err || ntStatus)
{
if (pSecurityDescRelative)
{
LsaSrvFreeMemory(pSecurityDescRelative);
}
*ppSecurityDescRelative = NULL;
*pSecurityDescRelativeSize = 0;
}
LW_SAFE_FREE_MEMORY(pSecurityDesc);
if (ntStatus == STATUS_SUCCESS &&
err != ERROR_SUCCESS)
{
ntStatus = LwWin32ErrorToNtStatus(err);
}
return ntStatus;
}
BOOLEAN WepCreateServerObjects(
VOID
)
{
OBJECT_ATTRIBUTES objectAttributes;
WCHAR buffer[256];
UNICODE_STRING objectName;
SECURITY_DESCRIPTOR securityDescriptor;
UCHAR saclBuffer[sizeof(ACL) + FIELD_OFFSET(SYSTEM_MANDATORY_LABEL_ACE, SidStart) + FIELD_OFFSET(SID, SubAuthority) + sizeof(ULONG)];
PACL sacl;
UCHAR mandatoryLabelAceBuffer[FIELD_OFFSET(SYSTEM_MANDATORY_LABEL_ACE, SidStart) + FIELD_OFFSET(SID, SubAuthority) + sizeof(ULONG)];
PSYSTEM_MANDATORY_LABEL_ACE mandatoryLabelAce;
PSID sid;
if (!WeServerSharedSection)
{
LARGE_INTEGER maximumSize;
WeFormatLocalObjectName(WE_SERVER_SHARED_SECTION_NAME, buffer, &objectName);
InitializeObjectAttributes(&objectAttributes, &objectName, OBJ_CASE_INSENSITIVE, NULL, NULL);
maximumSize.QuadPart = sizeof(WE_HOOK_SHARED_DATA);
if (!NT_SUCCESS(NtCreateSection(
&WeServerSharedSection,
SECTION_ALL_ACCESS,
&objectAttributes,
&maximumSize,
PAGE_READWRITE,
SEC_COMMIT,
NULL
)))
{
return FALSE;
}
}
if (!WeServerSharedData)
{
PVOID viewBase;
SIZE_T viewSize;
viewBase = NULL;
viewSize = sizeof(WE_HOOK_SHARED_DATA);
if (!NT_SUCCESS(NtMapViewOfSection(
WeServerSharedSection,
NtCurrentProcess(),
&viewBase,
0,
0,
NULL,
&viewSize,
ViewShare,
0,
PAGE_READWRITE
)))
{
WepCloseServerObjects();
return FALSE;
}
WeServerSharedData = viewBase;
}
if (!WeServerSharedSectionLock)
{
WeFormatLocalObjectName(WE_SERVER_SHARED_SECTION_LOCK_NAME, buffer, &objectName);
InitializeObjectAttributes(&objectAttributes, &objectName, OBJ_CASE_INSENSITIVE, NULL, NULL);
if (!NT_SUCCESS(NtCreateMutant(
&WeServerSharedSectionLock,
MUTANT_ALL_ACCESS,
&objectAttributes,
FALSE
)))
{
WepCloseServerObjects();
return FALSE;
}
}
if (!WeServerSharedSectionEvent)
{
WeFormatLocalObjectName(WE_SERVER_SHARED_SECTION_EVENT_NAME, buffer, &objectName);
InitializeObjectAttributes(&objectAttributes, &objectName, OBJ_CASE_INSENSITIVE, NULL, NULL);
if (!NT_SUCCESS(NtCreateEvent(
&WeServerSharedSectionEvent,
EVENT_ALL_ACCESS,
&objectAttributes,
NotificationEvent,
FALSE
)))
{
WepCloseServerObjects();
return FALSE;
}
}
// If mandatory labels are supported, set it to the lowest possible level.
if (WE_WindowsVersion >= WINDOWS_VISTA)
{
static SID_IDENTIFIER_AUTHORITY mandatoryLabelAuthority = SECURITY_MANDATORY_LABEL_AUTHORITY;
RtlCreateSecurityDescriptor(&securityDescriptor, SECURITY_DESCRIPTOR_REVISION);
sacl = (PACL)saclBuffer;
RtlCreateAcl(sacl, sizeof(saclBuffer), ACL_REVISION);
mandatoryLabelAce = (PSYSTEM_MANDATORY_LABEL_ACE)mandatoryLabelAceBuffer;
mandatoryLabelAce->Header.AceType = SYSTEM_MANDATORY_LABEL_ACE_TYPE;
mandatoryLabelAce->Header.AceFlags = 0;
mandatoryLabelAce->Header.AceSize = sizeof(mandatoryLabelAceBuffer);
mandatoryLabelAce->Mask = SYSTEM_MANDATORY_LABEL_NO_WRITE_UP;
sid = (PSID)&mandatoryLabelAce->SidStart;
RtlInitializeSid(sid, &mandatoryLabelAuthority, 1);
*RtlSubAuthoritySid(sid, 0) = SECURITY_MANDATORY_LOW_RID;
if (NT_SUCCESS(RtlAddAce(sacl, ACL_REVISION, MAXULONG32, mandatoryLabelAce, sizeof(mandatoryLabelAceBuffer))))
{
if (NT_SUCCESS(RtlSetSaclSecurityDescriptor(&securityDescriptor, TRUE, sacl, FALSE)))
{
NtSetSecurityObject(WeServerSharedSection, LABEL_SECURITY_INFORMATION, &securityDescriptor);
NtSetSecurityObject(WeServerSharedSectionLock, LABEL_SECURITY_INFORMATION, &securityDescriptor);
NtSetSecurityObject(WeServerSharedSectionEvent, LABEL_SECURITY_INFORMATION, &securityDescriptor);
}
}
}
return TRUE;
}
