BOOLEAN
NTAPI
IopConnectLogPort(VOID)
{
UNICODE_STRING PortName = RTL_CONSTANT_STRING(L"\\ErrorLogPort");
NTSTATUS Status;
/* Make sure we're not already connected */
if (IopLogPortConnected) return TRUE;
/* Connect the port */
Status = ZwConnectPort(&IopLogPort,
&PortName,
NULL,
NULL,
NULL,
NULL,
NULL,
NULL);
if (NT_SUCCESS(Status))
{
/* Remember we're connected */
IopLogPortConnected = TRUE;
return TRUE;
}
/* We failed, try again */
IopRestartLogWorker();
return FALSE;
}
BOOLEAN
NTAPI
IopConnectLogPort(VOID)
{
NTSTATUS Status;
UNICODE_STRING PortName = RTL_CONSTANT_STRING(ELF_PORT_NAME);
SECURITY_QUALITY_OF_SERVICE SecurityQos;
/* Make sure we're not already connected */
if (IopLogPortConnected) return TRUE;
/* Setup the QoS structure */
SecurityQos.Length = sizeof(SecurityQos);
SecurityQos.ImpersonationLevel = SecurityIdentification;
SecurityQos.ContextTrackingMode = SECURITY_DYNAMIC_TRACKING;
SecurityQos.EffectiveOnly = TRUE;
/* Connect the port */
Status = ZwConnectPort(&IopLogPort,
&PortName,
&SecurityQos,
NULL,
NULL,
NULL,
NULL,
NULL);
if (NT_SUCCESS(Status))
{
/* Remember we're connected */
IopLogPortConnected = TRUE;
return TRUE;
}
/* We failed, try again */
IopRestartLogWorker();
return FALSE;
}
BOOLEAN
SepRmCommandServerThreadInit(
VOID
)
/*++
Routine Description:
This function performs initialization of the Reference Monitor Server
thread. The following steps are performed.
o Wait on the LSA signalling the event. When the event is signalled,
the LSA has already created the LSA Command Server LPC Port
o Close the LSA Init Event Handle. The event is not used again.
o Listen for the LSA to connect to the Port
o Accept the connection.
o Connect to the LSA Command Server LPC Port
Arguments:
None.
Return Value:
--*/
{
NTSTATUS Status;
UNICODE_STRING LsaCommandPortName;
PORT_MESSAGE ConnectionRequest;
SECURITY_QUALITY_OF_SERVICE DynamicQos;
OBJECT_ATTRIBUTES ObjectAttributes;
PORT_VIEW ClientView;
REMOTE_PORT_VIEW LsaClientView;
BOOLEAN BooleanStatus = TRUE;
PAGED_CODE();
//
// Save a pointer to our process so we can get back into this process
// to send commands to the LSA (using a handle to an LPC port created
// below).
//
SepRmLsaCallProcess = PsGetCurrentProcess();
ObReferenceObject(SepRmLsaCallProcess);
//
// Wait on the LSA signalling the event. This means that the LSA
// has created its command port, not that LSA initialization is
// complete.
//
Status = ZwWaitForSingleObject(
SepRmState.LsaInitEventHandle,
FALSE,
NULL);
if ( !NT_SUCCESS(Status) ) {
KdPrint(("Security Rm Init: Waiting for LSA Init Event failed 0x%lx\n", Status));
goto RmCommandServerThreadInitError;
}
//
// Close the LSA Init Event Handle. The event is not used again.
//
ZwClose(SepRmState.LsaInitEventHandle);
//
// Listen for a connection to be made by the LSA to the Reference Monitor
// Command Port. This connection will be made by the LSA process.
//
ConnectionRequest.u1.s1.TotalLength = sizeof(ConnectionRequest);
ConnectionRequest.u1.s1.DataLength = (CSHORT)0;
Status = ZwListenPort(
SepRmState.RmCommandPortHandle,
&ConnectionRequest
);
if (!NT_SUCCESS(Status)) {
KdPrint(("Security Rm Init: Listen to Command Port failed 0x%lx\n",
Status));
goto RmCommandServerThreadInitError;
}
//
// Obtain a handle to the LSA process for use when auditing.
//
InitializeObjectAttributes( &ObjectAttributes, NULL, 0, NULL, NULL );
Status = ZwOpenProcess(
&SepLsaHandle,
PROCESS_VM_OPERATION | PROCESS_VM_WRITE,
&ObjectAttributes,
&ConnectionRequest.ClientId
);
if (!NT_SUCCESS(Status)) {
KdPrint(("Security Rm Init: Open Listen to Command Port failed 0x%lx\n",
Status));
goto RmCommandServerThreadInitError;
}
//
// Accept the connection made by the LSA process.
//
LsaClientView.Length = sizeof(LsaClientView);
Status = ZwAcceptConnectPort(
&SepRmState.RmCommandPortHandle,
NULL,
&ConnectionRequest,
TRUE,
NULL,
&LsaClientView
);
if (!NT_SUCCESS(Status)) {
KdPrint(("Security Rm Init: Accept Connect to Command Port failed 0x%lx\n",
Status));
goto RmCommandServerThreadInitError;
}
//
// Complete the connection.
//
Status = ZwCompleteConnectPort(SepRmState.RmCommandPortHandle);
if (!NT_SUCCESS(Status)) {
KdPrint(("Security Rm Init: Complete Connect to Command Port failed 0x%lx\n",
Status));
goto RmCommandServerThreadInitError;
}
//
// Set up the security quality of service parameters to use over the
// Lsa Command LPC port. Use the most efficient (least overhead) - which
// is dynamic rather than static tracking.
//
DynamicQos.ImpersonationLevel = SecurityImpersonation;
DynamicQos.ContextTrackingMode = SECURITY_DYNAMIC_TRACKING;
DynamicQos.EffectiveOnly = TRUE;
//
// Create the section to be used as unnamed shared memory for
// communication between the RM and LSA.
//
SepRmState.LsaCommandPortSectionSize.LowPart = PAGE_SIZE;
SepRmState.LsaCommandPortSectionSize.HighPart = 0;
Status = ZwCreateSection(
&SepRmState.LsaCommandPortSectionHandle,
SECTION_ALL_ACCESS,
NULL, // ObjectAttributes
&SepRmState.LsaCommandPortSectionSize,
PAGE_READWRITE,
SEC_COMMIT,
NULL // FileHandle
);
if (!NT_SUCCESS(Status)) {
KdPrint(("Security Rm Init: Create Memory Section for LSA port failed: %X\n", Status));
goto RmCommandServerThreadInitError;
}
//
// Set up for a call to NtConnectPort and connect to the LSA port.
// This setup includes a description of the port memory section so that
// the LPC connection logic can make the section visible to both the
// client and server processes.
//
ClientView.Length = sizeof(ClientView);
ClientView.SectionHandle = SepRmState.LsaCommandPortSectionHandle;
ClientView.SectionOffset = 0;
ClientView.ViewSize = SepRmState.LsaCommandPortSectionSize.LowPart;
ClientView.ViewBase = 0;
ClientView.ViewRemoteBase = 0;
//
// Set up the security quality of service parameters to use over the
// port. Use dynamic tracking so that XACTSRV will impersonate the
// user that we are impersonating when we call NtRequestWaitReplyPort.
// If we used static tracking, XACTSRV would impersonate the context
// when the connection is made.
//
DynamicQos.ImpersonationLevel = SecurityImpersonation;
DynamicQos.ContextTrackingMode = SECURITY_DYNAMIC_TRACKING;
DynamicQos.EffectiveOnly = TRUE;
//
// Connect to the Lsa Command LPC Port. This port is used to send
// commands from the RM to the LSA.
//
RtlInitUnicodeString( &LsaCommandPortName, L"\\SeLsaCommandPort" );
Status = ZwConnectPort(
&SepRmState.LsaCommandPortHandle,
&LsaCommandPortName,
&DynamicQos,
&ClientView,
NULL, // ServerView
NULL, // MaxMessageLength
NULL, // ConnectionInformation
NULL // ConnectionInformationLength
);
if (!NT_SUCCESS(Status)) {
KdPrint(("Security Rm Init: Connect to LSA Port failed 0x%lx\n", Status));
goto RmCommandServerThreadInitError;
}
//
// Store information about the section so that we can create pointers
// meaningful to LSA.
//
SepRmState.RmViewPortMemory = ClientView.ViewBase;
SepRmState.LsaCommandPortMemoryDelta =
(LONG)((ULONG_PTR)ClientView.ViewRemoteBase - (ULONG_PTR) ClientView.ViewBase );
SepRmState.LsaViewPortMemory = ClientView.ViewRemoteBase;
/* BugWarning - ScottBi - probably don't need the resource
//
// Create the resource serializing access to the port. This
// resource prevents the port and the shared memory from being
// deleted while worker threads are processing requests.
//
if ( !SepRmState.LsaCommandPortResourceInitialized ) {
ExInitializeResource( &SepRmState.LsaCommandPortResource );
SepRmState.LsaCommandPortResourceInitialized = TRUE;
}
SepRmState.LsaCommandPortActive = TRUE;
*/
RmCommandServerThreadInitFinish:
//
// Dont need this section handle any more, even if returning
// success.
//
if ( SepRmState.LsaCommandPortSectionHandle != NULL ) {
NtClose( SepRmState.LsaCommandPortSectionHandle );
SepRmState.LsaCommandPortSectionHandle = NULL;
}
//
// The Reference Monitor Thread has successfully initialized.
//
return BooleanStatus;
RmCommandServerThreadInitError:
if ( SepRmState.LsaCommandPortHandle != NULL ) {
NtClose( SepRmState.LsaCommandPortHandle );
SepRmState.LsaCommandPortHandle = NULL;
}
BooleanStatus = FALSE;
goto RmCommandServerThreadInitFinish;
}
