NTSTATUS ConnectLpcPort(PLPC_PORT LpcPort, LPCWSTR PortName)
{
NTSTATUS status;
UNICODE_STRING usPortName;
SECURITY_QUALITY_OF_SERVICE securityQos =
{
sizeof(securityQos), SecurityImpersonation, SECURITY_DYNAMIC_TRACKING, TRUE
};
RtlInitUnicodeString(&usPortName, PortName);
log("Connecting to port: %S\n", PortName);
status = NtConnectPort(
&LpcPort->hPort,
&usPortName,
&securityQos,
NULL,
NULL,
NULL,
NULL,
NULL
);
LpcPort->flags = 0;
log("NtConnectPort: %x\n", status);
return status;
}
VOID
SepClientConnect(
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel,
SECURITY_CONTEXT_TRACKING_MODE TrackingMode,
BOOLEAN EffectiveOnly
)
{
SecurityQos.ImpersonationLevel = ImpersonationLevel;
SecurityQos.ContextTrackingMode = TrackingMode;
SecurityQos.EffectiveOnly = EffectiveOnly;
Status = NtConnectPort(
&TalkPort,
&PortName,
&SecurityQos,
0L,
NULL,
NULL,
NULL,
NULL,
NULL
); SEASSERT_SUCCESS(Status);
return;
}
/**********************************************************************
* NAME EXPORTED
* SmConnectApiPort/4
*
* DESCRIPTION
* Connect to SM API port and register a session "begin" port (Sb)
* or to issue API requests to SmApiPort.
*
* ARGUMENTS
* pSbApiPortName: name of the Sb port the calling subsystem
* server already created in the system name space;
* hSbApiPort: LPC port handle (checked, but not used: the
* subsystem is required to have already created
* the callback port before it connects to the SM);
* wSubsystem: a valid IMAGE_SUBSYSTEM_xxx value;
* phSmApiPort: a pointer to a HANDLE, which will be
* filled with a valid client-side LPC comm port.
*
* There should be only two ways to call this API:
* a) subsystems willing to register with SM will use it
* with full parameters (the function checks them);
* b) regular SM clients, will set to 0 the 1st, the 2nd,
* and the 3rd parameter.
*
* RETURN VALUE
* If all three optional values are omitted, an LPC status.
* STATUS_INVALID_PARAMETER_MIX if PortName is defined and
* both hSbApiPort and wSubsystem are 0.
*/
NTSTATUS WINAPI
SmConnectApiPort (IN PUNICODE_STRING pSbApiPortName OPTIONAL,
IN HANDLE hSbApiPort OPTIONAL,
IN WORD wSubSystemId OPTIONAL,
IN OUT PHANDLE phSmApiPort)
{
UNICODE_STRING SmApiPortName;
SECURITY_QUALITY_OF_SERVICE SecurityQos;
NTSTATUS Status = STATUS_SUCCESS;
SM_CONNECT_DATA ConnectData = {0,0,{0}};
ULONG ConnectDataLength = 0;
DPRINT("SMLIB: %s called\n", __FUNCTION__);
if (pSbApiPortName)
{
if (pSbApiPortName->Length > (sizeof pSbApiPortName->Buffer[0] * SM_SB_NAME_MAX_LENGTH))
{
return STATUS_INVALID_PARAMETER_1;
}
if (NULL == hSbApiPort || IMAGE_SUBSYSTEM_UNKNOWN == wSubSystemId)
{
return STATUS_INVALID_PARAMETER_MIX;
}
RtlZeroMemory (& ConnectData, sizeof ConnectData);
ConnectData.Unused = 0;
ConnectData.SubSystemId = wSubSystemId;
if (pSbApiPortName->Length > 0)
{
RtlCopyMemory (& ConnectData.SbName,
pSbApiPortName->Buffer,
pSbApiPortName->Length);
}
}
ConnectDataLength = sizeof ConnectData;
SecurityQos.Length = sizeof (SecurityQos);
SecurityQos.ImpersonationLevel = SecurityIdentification;
SecurityQos.ContextTrackingMode = SECURITY_DYNAMIC_TRACKING;
SecurityQos.EffectiveOnly = TRUE;
RtlInitUnicodeString (& SmApiPortName, SM_API_PORT_NAME);
Status = NtConnectPort (
phSmApiPort,
& SmApiPortName,
& SecurityQos,
NULL,
NULL,
NULL,
& ConnectData,
& ConnectDataLength
);
if (NT_SUCCESS(Status))
{
return STATUS_SUCCESS;
}
DPRINT("SMLIB: %s failed (Status=0x%08lx)\n", __FUNCTION__, Status);
return Status;
}
NTSTATUS
SampleClient_Connect(
VOID
)
/*++
Routine Name:
SampleClient_Connect
Description:
Client function for connecting to server
Arguments:
None.
Return Values:
NTSTATUS - STATUS_SUCCESS if successful.
--*/
{
NTSTATUS Status;
UNICODE_STRING PortName;
SECURITY_QUALITY_OF_SERVICE DynamicQos;
//
// Set up the QoS parameters to use dynamic tracking.
//
DynamicQos.ImpersonationLevel = SecurityImpersonation;
DynamicQos.ContextTrackingMode = SECURITY_DYNAMIC_TRACKING;
DynamicQos.EffectiveOnly = TRUE;
//
// Connect to the server port.
//
RtlInitUnicodeString(&PortName, L"\\SampleServer");
Status = NtConnectPort(&SampleClient_PortHandle,
&PortName,
&DynamicQos,
NULL,
NULL,
NULL,
NULL,
0
);
if(!NT_SUCCESS(Status)) {
printf("Client: NtConnectPort failed with status: 0x%08lx\n", Status);
return Status;
}
return Status;
}
NTSTATUS
DbgSspConnectToDbg( VOID )
/*++
Routine Description:
This routine makes a connection between the caller and the
DbgSs port in the Dbg subsystem.
Arguments:
None.
Return Value:
TBD.
--*/
{
NTSTATUS st;
UNICODE_STRING PortName;
SECURITY_QUALITY_OF_SERVICE DynamicQos;
//
// Set up the security quality of service parameters to use over the
// port. Use the most efficient (least overhead) - which is dynamic
// rather than static tracking.
//
DynamicQos.ImpersonationLevel = SecurityImpersonation;
DynamicQos.ContextTrackingMode = SECURITY_DYNAMIC_TRACKING;
DynamicQos.EffectiveOnly = TRUE;
RtlInitUnicodeString(&PortName,L"\\DbgSsApiPort");
st = NtConnectPort(
&DbgSspApiPort,
&PortName,
&DynamicQos,
NULL,
NULL,
NULL,
NULL,
0L
);
return st;
}
NTSTATUS
LsapOpenLsaPort(VOID)
{
UNICODE_STRING PortName;
SECURITY_QUALITY_OF_SERVICE SecurityQos;
LSA_CONNECTION_INFO ConnectInfo;
ULONG ConnectInfoLength;
NTSTATUS Status;
TRACE("LsapOpenLsaPort()\n");
if (LsaPortHandle != NULL)
return STATUS_SUCCESS;
RtlInitUnicodeString(&PortName,
L"\\LsaAuthenticationPort");
SecurityQos.Length = sizeof(SecurityQos);
SecurityQos.ImpersonationLevel = SecurityIdentification;
SecurityQos.ContextTrackingMode = SECURITY_DYNAMIC_TRACKING;
SecurityQos.EffectiveOnly = TRUE;
RtlZeroMemory(&ConnectInfo,
sizeof(ConnectInfo));
ConnectInfo.CreateContext = FALSE;
ConnectInfoLength = sizeof(LSA_CONNECTION_INFO);
Status = NtConnectPort(&LsaPortHandle,
&PortName,
&SecurityQos,
NULL,
NULL,
NULL,
&ConnectInfo,
&ConnectInfoLength);
if (!NT_SUCCESS(Status))
{
TRACE("NtConnectPort failed (Status 0x%08lx)\n", Status);
}
return Status;
/*
if (!NT_SUCCESS(ConnectInfo.Status))
{
DPRINT1("ConnectInfo.Status: 0x%08lx\n", ConnectInfo.Status);
}
return ConnectInfo.Status;
*/
}
int main(int argc, char* argv[])
{
UNICODE_STRING PortName = ROS_STRING_INITIALIZER(TEST_PORT_NAME_U);
NTSTATUS Status;
HANDLE PortHandle;
LPC_MAX_MESSAGE Request;
ULONG ConnectInfo;
ULONG ConnectInfoLength = 0;
SECURITY_QUALITY_OF_SERVICE Sqos;
printf("%s: Lpc test client\n", MyName);
printf("%s: Connecting to port \"%s\"...\n", MyName, TEST_PORT_NAME);
ConnectInfoLength = 0;
ZeroMemory (& Sqos, sizeof Sqos);
Status = NtConnectPort(&PortHandle,
&PortName,
& Sqos,
0,
0,
0,
NULL,
&ConnectInfoLength);
if (!NT_SUCCESS(Status))
{
printf("%s: NtConnectPort() failed with status = 0x%08X.\n", MyName, Status);
return EXIT_FAILURE;
}
printf("%s: Connected to \"%s\" with anonymous port 0x%x.\n", MyName, TEST_PORT_NAME, PortHandle);
ZeroMemory(& Request, sizeof Request);
strcpy(Request.Data, GetCommandLineA());
Request.Header.DataSize = strlen(Request.Data);
Request.Header.MessageSize = sizeof(LPC_MESSAGE) +
Request.Header.DataSize;
printf("%s: Sending to port 0x%x message \"%s\"...\n",
MyName,
PortHandle,
(char *) Request.Data);
Status = NtRequestPort(PortHandle,
&Request.Header);
if (!NT_SUCCESS(Status))
{
printf("%s: NtRequestPort(0x%x) failed with status = 0x%8X.\n",
MyName,
PortHandle,
Status);
return EXIT_FAILURE;
}
printf("%s: Sending datagram to port 0x%x succeeded.\n", MyName, PortHandle);
Sleep(2000);
printf("%s: Disconnecting...", MyName);
NtClose (PortHandle);
return EXIT_SUCCESS;
}
NTSTATUS
CsrpConnectToServer(
IN PWSTR ObjectDirectory
)
{
NTSTATUS Status;
REMOTE_PORT_VIEW ServerView;
ULONG MaxMessageLength;
ULONG ConnectionInformationLength;
CSR_API_CONNECTINFO ConnectionInformation;
SECURITY_QUALITY_OF_SERVICE DynamicQos;
HANDLE PortSection;
PORT_VIEW ClientView;
ULONG n;
LARGE_INTEGER SectionSize;
//
// Create the port name string by combining the passed in object directory
// name with the port name.
//
n = ((wcslen( ObjectDirectory ) + 1) * sizeof( WCHAR )) +
sizeof( CSR_API_PORT_NAME );
CsrPortName.Length = 0;
CsrPortName.MaximumLength = (USHORT)n;
CsrPortName.Buffer = RtlAllocateHeap( CsrHeap, MAKE_TAG( CSR_TAG ), n );
if (CsrPortName.Buffer == NULL) {
return( STATUS_NO_MEMORY );
}
RtlAppendUnicodeToString( &CsrPortName, ObjectDirectory );
RtlAppendUnicodeToString( &CsrPortName, L"\\" );
RtlAppendUnicodeToString( &CsrPortName, CSR_API_PORT_NAME );
//
// Set up the security quality of service parameters to use over the
// port. Use the most efficient (least overhead) - which is dynamic
// rather than static tracking.
//
DynamicQos.ImpersonationLevel = SecurityImpersonation;
DynamicQos.ContextTrackingMode = SECURITY_DYNAMIC_TRACKING;
DynamicQos.EffectiveOnly = TRUE;
//
// Create a section to contain the Port Memory. Port Memory is private
// memory that is shared between the client and server processes.
// This allows data that is too large to fit into an API request message
// to be passed to the server.
//
SectionSize.LowPart = CSR_PORT_MEMORY_SIZE;
SectionSize.HighPart = 0;
Status = NtCreateSection( &PortSection,
SECTION_ALL_ACCESS,
NULL,
&SectionSize,
PAGE_READWRITE,
SEC_RESERVE,
NULL
);
if (!NT_SUCCESS( Status )) {
return( Status );
}
//
// Connect to the server. This includes a description of the Port Memory
// section so that the LPC connection logic can make the section visible
// to both the client and server processes. Also pass information the
// server needs in the connection information structure.
//
ClientView.Length = sizeof( ClientView );
ClientView.SectionHandle = PortSection;
ClientView.SectionOffset = 0;
ClientView.ViewSize = SectionSize.LowPart;
ClientView.ViewBase = 0;
ClientView.ViewRemoteBase = 0;
ServerView.Length = sizeof( ServerView );
ServerView.ViewSize = 0;
ServerView.ViewBase = 0;
ConnectionInformationLength = sizeof( ConnectionInformation );
ConnectionInformation.ExpectedVersion = CSR_VERSION;
Status = NtConnectPort( &CsrPortHandle,
&CsrPortName,
&DynamicQos,
&ClientView,
&ServerView,
(PULONG)&MaxMessageLength,
(PVOID)&ConnectionInformation,
(PULONG)&ConnectionInformationLength
);
NtClose( PortSection );
if (!NT_SUCCESS( Status )) {
IF_DEBUG {
DbgPrint( "CSRDLL: Unable to connect to %wZ Server - Status == %X\n",
&CsrPortName,
Status
);
}
return( Status );
}
NTSTATUS
SmpHandleConnectionRequest(
IN HANDLE ConnectionPort,
IN PSBAPIMSG Message
)
/*++
Routine Description:
This routine handles connection requests from either known subsystems,
or other clients. Other clients are admin processes.
The protocol for connection from a known subsystem is:
capture the name of the sub systems Sb API port
Accept the connection
Connect to the subsystems Sb API port
Store the communication port handle in the known subsystem database
signal the event associated with the known subsystem
The protocol for others is to simply validate and accept the connection
request.
Arguments:
Return Value:
None.
--*/
{
NTSTATUS st;
HANDLE CommunicationPort;
REMOTE_PORT_VIEW ClientView;
PSBCONNECTINFO ConnectInfo;
ULONG ConnectInfoLength;
PSMPKNOWNSUBSYS KnownSubSys;
BOOLEAN Accept;
UNICODE_STRING SubSystemPort;
SECURITY_QUALITY_OF_SERVICE DynamicQos;
PSMP_CLIENT_CONTEXT ClientContext;
//
// Set up the security quality of service parameters to use over the
// sb API port. Use the most efficient (least overhead) - which is dynamic
// rather than static tracking.
//
DynamicQos.ImpersonationLevel = SecurityIdentification;
DynamicQos.ContextTrackingMode = SECURITY_DYNAMIC_TRACKING;
DynamicQos.EffectiveOnly = TRUE;
ConnectInfo = &Message->ConnectionRequest;
KnownSubSys = SmpLocateKnownSubSysByCid(&Message->h.ClientId);
if ( KnownSubSys ) {
if ( SmpLocateKnownSubSysByType(ConnectInfo->SubsystemImageType) ==
KnownSubSys ) {
Accept = FALSE;
KdPrint(("SMSS: Connection from SubSystem rejected\n"));
KdPrint(("SMSS: Image type already being served\n"));
} else {
Accept = TRUE;
KnownSubSys->ImageType = ConnectInfo->SubsystemImageType;
}
} else {
//
// Authenticate the SOB
//
Accept = TRUE;
}
if (Accept) {
ClientContext = RtlAllocateHeap(SmpHeap, MAKE_TAG( SM_TAG ), sizeof(SMP_CLIENT_CONTEXT));
ClientContext->KnownSubSys = KnownSubSys;
}
ClientView.Length = sizeof(ClientView);
st = NtAcceptConnectPort(
&CommunicationPort,
ClientContext,
(PPORT_MESSAGE)Message,
Accept,
NULL,
&ClientView
);
ASSERT( NT_SUCCESS(st) );
if ( Accept ) {
if ( KnownSubSys ) {
KnownSubSys->SmApiCommunicationPort = CommunicationPort;
}
st = NtCompleteConnectPort(CommunicationPort);
ASSERT( NT_SUCCESS(st) );
//
// Connect Back to subsystem
//
if ( KnownSubSys ) {
RtlCreateUnicodeString( &SubSystemPort,
ConnectInfo->EmulationSubSystemPortName
);
ConnectInfoLength = sizeof( *ConnectInfo );
st = NtConnectPort(
&KnownSubSys->SbApiCommunicationPort,
&SubSystemPort,
&DynamicQos,
NULL,
NULL,
NULL,
NULL,
NULL
);
if ( !NT_SUCCESS(st) ) {
KdPrint(("SMSS: Connect back to Sb %wZ failed %lx\n",&SubSystemPort,st));
}
RtlFreeUnicodeString( &SubSystemPort );
NtSetEvent(KnownSubSys->Active,NULL);
}
}
return st;
}
int security_reference_monitor_t::run()
{
const int maxlen = 0x100;
//dprintf("starting kthread %p p = %p\n", this, process);
current = static_cast<thread_t*>( this );
//dprintf("current->process = %p\n", current->process);
object_attributes_t rm_oa( (PCWSTR) L"\\SeRmCommandPort" );
HANDLE port = 0, client = 0;
NTSTATUS r = NtCreatePort( &port, &rm_oa, 0x100, 0x100, 0 );
if (r == STATUS_THREAD_IS_TERMINATING)
return 0;
if (r < STATUS_SUCCESS)
die("NtCreatePort(SeRmCommandPort) failed r = %08lx\n", r);
BYTE buf[maxlen];
LPC_MESSAGE *req = (LPC_MESSAGE*) buf;
r = NtListenPort( port, req );
if (r == STATUS_THREAD_IS_TERMINATING)
return 0;
if (r < STATUS_SUCCESS)
die("NtListenPort(SeRmCommandPort) failed r = %08lx\n", r);
HANDLE conn_port = 0;
r = NtAcceptConnectPort( &conn_port, 0, req, TRUE, NULL, NULL );
if (r == STATUS_THREAD_IS_TERMINATING)
return 0;
if (r < STATUS_SUCCESS)
die("NtAcceptConnectPort(SeRmCommandPort) failed r = %08lx\n", r);
r = NtCompleteConnectPort( conn_port );
if (r == STATUS_THREAD_IS_TERMINATING)
return 0;
if (r < STATUS_SUCCESS)
die("NtCompleteConnectPort(SeRmCommandPort) failed r = %08lx\n", r);
unicode_string_t lsa;
lsa.copy( (PCWSTR) L"\\SeLsaCommandPort" );
SECURITY_QUALITY_OF_SERVICE qos;
qos.Length = sizeof(qos);
qos.ImpersonationLevel = SecurityAnonymous;
qos.ContextTrackingMode = SECURITY_DYNAMIC_TRACKING;
qos.EffectiveOnly = TRUE;
r = NtConnectPort( &client, &lsa, &qos, NULL, NULL, NULL, NULL, NULL );
if (r == STATUS_THREAD_IS_TERMINATING)
return 0;
if (r < STATUS_SUCCESS)
die("NtConnectPort(SeLsaCommandPort) failed r = %08lx\n", r);
while (!terminated)
{
ULONG client_handle;
r = NtReplyWaitReceivePort( port, &client_handle, 0, req );
if (r == STATUS_THREAD_IS_TERMINATING)
return 0;
if (r < STATUS_SUCCESS)
die("NtReplyWaitReceivePort(SeRmCommandPort) failed r = %08lx\n", r);
dprintf("got message %ld\n", req->MessageId );
// send something back...
r = NtReplyPort( port, req );
if (r == STATUS_THREAD_IS_TERMINATING)
return 0;
if (r < STATUS_SUCCESS)
die("NtReplyPort(SeRmCommandPort) failed r = %08lx\n", r);
}
dprintf("done\n");
return 0;
}
NTSTATUS
NTAPI
SmpHandleConnectionRequest(IN HANDLE SmApiPort,
IN PSB_API_MSG SbApiMsg)
{
BOOLEAN Accept = TRUE;
HANDLE PortHandle, ProcessHandle;
ULONG SessionId;
UNICODE_STRING SubsystemPort;
SMP_CLIENT_CONTEXT *ClientContext;
NTSTATUS Status;
OBJECT_ATTRIBUTES ObjectAttributes;
REMOTE_PORT_VIEW PortView;
SECURITY_QUALITY_OF_SERVICE SecurityQos;
PSMP_SUBSYSTEM CidSubsystem, TypeSubsystem;
/* Initialize QoS data */
SecurityQos.ImpersonationLevel = SecurityIdentification;
SecurityQos.ContextTrackingMode = SECURITY_DYNAMIC_TRACKING;
SecurityQos.EffectiveOnly = TRUE;
/* Check if this is SM connecting to itself */
if (SbApiMsg->h.ClientId.UniqueProcess == SmUniqueProcessId)
{
/* No need to get any handle -- assume session 0 */
ProcessHandle = NULL;
SessionId = 0;
}
else
{
/* Reference the foreign process */
InitializeObjectAttributes(&ObjectAttributes, NULL, 0, NULL, NULL);
Status = NtOpenProcess(&ProcessHandle,
PROCESS_QUERY_INFORMATION,
&ObjectAttributes,
&SbApiMsg->h.ClientId);
if (!NT_SUCCESS(Status)) Accept = FALSE;
/* Get its session ID */
SmpGetProcessMuSessionId(ProcessHandle, &SessionId);
}
/* See if we already know about the caller's subystem */
CidSubsystem = SmpLocateKnownSubSysByCid(&SbApiMsg->h.ClientId);
if ((CidSubsystem) && (Accept))
{
/* Check if we already have a subsystem for this kind of image */
TypeSubsystem = SmpLocateKnownSubSysByType(SessionId,
SbApiMsg->ConnectionInfo.SubsystemType);
if (TypeSubsystem == CidSubsystem)
{
/* Someone is trying to take control of an existing subsystem, fail */
Accept = FALSE;
DPRINT1("SMSS: Connection from SubSystem rejected\n");
DPRINT1("SMSS: Image type already being served\n");
}
else
{
/* Set this image type as the type for this subsystem */
CidSubsystem->ImageType = SbApiMsg->ConnectionInfo.SubsystemType;
}
/* Drop the reference we had acquired */
if (TypeSubsystem) SmpDereferenceSubsystem(TypeSubsystem);
}
/* Check if we'll be accepting the connection */
if (Accept)
{
/* We will, so create a client context for it */
ClientContext = RtlAllocateHeap(SmpHeap, 0, sizeof(SMP_CLIENT_CONTEXT));
if (ClientContext)
{
ClientContext->ProcessHandle = ProcessHandle;
ClientContext->Subsystem = CidSubsystem;
ClientContext->dword10 = 0;
ClientContext->PortHandle = NULL;
}
else
{
/* Failed to allocate a client context, so reject the connection */
DPRINT1("Rejecting connectiond due to lack of memory\n");
Accept = FALSE;
}
}
else
{
/* Use a bogus context since we're going to reject the message */
ClientContext = (PSMP_CLIENT_CONTEXT)SbApiMsg;
}
/* Now send the actual accept reply (which could be a rejection) */
PortView.Length = sizeof(PortView);
Status = NtAcceptConnectPort(&PortHandle,
ClientContext,
&SbApiMsg->h,
Accept,
NULL,
&PortView);
if (!(Accept) || !(NT_SUCCESS(Status)))
{
/* Close the process handle, reference the subsystem, and exit */
DPRINT1("Accept failed or rejected: %lx\n", Status);
if (ClientContext != (PVOID)SbApiMsg) RtlFreeHeap(SmpHeap, 0, ClientContext);
if (ProcessHandle) NtClose(ProcessHandle);
if (CidSubsystem) SmpDereferenceSubsystem(CidSubsystem);
return Status;
}
/* Save the port handle now that we've accepted it */
if (ClientContext) ClientContext->PortHandle = PortHandle;
if (CidSubsystem) CidSubsystem->PortHandle = PortHandle;
/* Complete the port connection */
Status = NtCompleteConnectPort(PortHandle);
if ((NT_SUCCESS(Status)) && (CidSubsystem))
{
/* This was an actual subsystem, so connect back to it */
SbApiMsg->ConnectionInfo.SbApiPortName[119] = UNICODE_NULL;
RtlCreateUnicodeString(&SubsystemPort,
SbApiMsg->ConnectionInfo.SbApiPortName);
Status = NtConnectPort(&CidSubsystem->SbApiPort,
&SubsystemPort,
&SecurityQos,
NULL,
NULL,
NULL,
NULL,
NULL);
if (!NT_SUCCESS(Status))
{
DPRINT1("SMSS: Connect back to Sb %wZ failed %lx\n", &SubsystemPort, Status);
}
RtlFreeUnicodeString(&SubsystemPort);
/* Now that we're connected, signal the event handle */
NtSetEvent(CidSubsystem->Event, NULL);
}
else if (CidSubsystem)
{
/* We failed to complete the connection, so clear the port handle */
DPRINT1("Completing the connection failed: %lx\n", Status);
CidSubsystem->PortHandle = NULL;
}
/* Dereference the subsystem and return the result */
if (CidSubsystem) SmpDereferenceSubsystem(CidSubsystem);
return Status;
}
NTSTATUS
LsapRmInitializeServer(VOID)
{
UNICODE_STRING Name;
OBJECT_ATTRIBUTES ObjectAttributes;
SECURITY_QUALITY_OF_SERVICE SecurityQos;
HANDLE InitEvent;
HANDLE ThreadHandle;
DWORD ThreadId;
NTSTATUS Status;
/* Create the LSA command port */
RtlInitUnicodeString(&Name, L"\\SeLsaCommandPort");
InitializeObjectAttributes(&ObjectAttributes, &Name, 0, NULL, NULL);
Status = NtCreatePort(&SeLsaCommandPort,
&ObjectAttributes,
0,
PORT_MAXIMUM_MESSAGE_LENGTH,
2 * PAGE_SIZE);
if (!NT_SUCCESS(Status))
{
ERR("LsapRmInitializeServer - Port Create failed 0x%lx\n", Status);
return Status;
}
/* Open the LSA init event */
RtlInitUnicodeString(&Name, L"\\SeLsaInitEvent");
InitializeObjectAttributes(&ObjectAttributes, &Name, 0, NULL, NULL);
Status = NtOpenEvent(&InitEvent, 2, &ObjectAttributes);
if (!NT_SUCCESS(Status))
{
ERR("LsapRmInitializeServer - Lsa Init Event Open failed 0x%lx\n", Status);
return Status;
}
/* Signal the kernel, that we are ready */
Status = NtSetEvent(InitEvent, 0);
if (!NT_SUCCESS(Status))
{
ERR("LsapRmInitializeServer - Set Init Event failed 0x%lx\n", Status);
return Status;
}
/* Setup the QoS structure */
SecurityQos.ImpersonationLevel = SecurityIdentification;
SecurityQos.ContextTrackingMode = SECURITY_DYNAMIC_TRACKING;
SecurityQos.EffectiveOnly = TRUE;
/* Connect to the kernel server */
RtlInitUnicodeString(&Name, L"\\SeRmCommandPort");
Status = NtConnectPort(&SeRmCommandPort,
&Name,
&SecurityQos,
NULL,
NULL,
NULL,
NULL,
NULL);
if (!NT_SUCCESS(Status))
{
ERR("LsapRmInitializeServer - Connect to Rm Command Port failed 0x%lx\n", Status);
return Status;
}
/* Create the server thread */
ThreadHandle = CreateThread(NULL, 0, LsapRmServerThread, NULL, 0, &ThreadId);
if (ThreadHandle == NULL)
{
ERR("LsapRmInitializeServer - Create Thread failed 0x%lx\n", Status);
return STATUS_INSUFFICIENT_RESOURCES;
}
/* Close the server thread handle */
CloseHandle(ThreadHandle);
return STATUS_SUCCESS;
}
BOOLEAN
IopErrorLogConnectPort(
VOID
)
/*++
Routine Description:
This routine attempts to connect to the error log port. If the connection
was made successfully and the port allows suficiently large messages, then
the ErrorLogPort to the port handle, ErrorLogPortConnected is set to
TRUE and TRUE is retuned. Otherwise a timer is started to queue a
worker thread at a later time, unless there is a pending connection.
Arguments:
None.
Return Value:
Returns TRUE if the port was connected.
--*/
{
UNICODE_STRING errorPortName;
NTSTATUS status;
ULONG maxMessageLength;
SECURITY_QUALITY_OF_SERVICE dynamicQos;
PAGED_CODE();
//
// If the ErrorLogPort is connected then return true.
//
if (ErrorLogPortConnected) {
//
// The port is connect return.
//
return(TRUE);
}
//
// Set up the security quality of service parameters to use over the
// port. Use the most efficient (least overhead) - which is dynamic
// rather than static tracking.
//
dynamicQos.ImpersonationLevel = SecurityImpersonation;
dynamicQos.ContextTrackingMode = SECURITY_DYNAMIC_TRACKING;
dynamicQos.EffectiveOnly = TRUE;
//
// Generate the string structure for describing the error logger's port.
//
RtlInitUnicodeString( &errorPortName, ELF_PORT_NAME_U );
status = NtConnectPort( &ErrorLogPort,
&errorPortName,
&dynamicQos,
(PPORT_VIEW) NULL,
(PREMOTE_PORT_VIEW) NULL,
&maxMessageLength,
(PVOID) NULL,
(PULONG) NULL );
if (NT_SUCCESS( status )) {
if (maxMessageLength >= IO_ERROR_LOG_MESSAGE_LENGTH) {
ErrorLogPortConnected = TRUE;
return(TRUE);
} else {
NtClose(ErrorLogPort);
}
}
//
// The port was not successfully opened, or its message size was unsuitable
// for use here. Queue a later request to run the error log thread.
//
IopErrorLogQueueRequest();
//
// The port could not be connected at this time return false.
//
return(FALSE);
}
/*
* @implemented
*/
NTSTATUS
NTAPI
LsaConnectUntrusted(
OUT PHANDLE LsaHandle)
{
UNICODE_STRING PortName;
SECURITY_QUALITY_OF_SERVICE SecurityQos;
LSA_CONNECTION_INFO ConnectInfo;
ULONG ConnectInfoLength = sizeof(ConnectInfo);
OBJECT_ATTRIBUTES ObjectAttributes;
UNICODE_STRING EventName;
HANDLE EventHandle;
NTSTATUS Status;
TRACE("LsaConnectUntrusted(%p)\n", LsaHandle);
// TODO: we may need to impersonate ourselves before, because we are untrusted!
/* Wait for the LSA authentication thread */
RtlInitUnicodeString(&EventName,
L"\\SECURITY\\LSA_AUTHENTICATION_INITIALIZED");
InitializeObjectAttributes(&ObjectAttributes,
&EventName,
OBJ_CASE_INSENSITIVE | OBJ_PERMANENT,
NULL,
NULL);
Status = NtOpenEvent(&EventHandle,
SYNCHRONIZE,
&ObjectAttributes);
if (!NT_SUCCESS(Status))
{
WARN("NtOpenEvent failed (Status 0x%08lx)\n", Status);
Status = NtCreateEvent(&EventHandle,
SYNCHRONIZE,
&ObjectAttributes,
NotificationEvent,
FALSE);
if (!NT_SUCCESS(Status))
{
WARN("NtCreateEvent failed (Status 0x%08lx)\n", Status);
return Status;
}
}
Status = NtWaitForSingleObject(EventHandle,
TRUE,
NULL);
NtClose(EventHandle);
if (!NT_SUCCESS(Status))
{
ERR("NtWaitForSingleObject failed (Status 0x%08lx)\n", Status);
return Status;
}
/* Connect to the authentication port */
RtlInitUnicodeString(&PortName,
L"\\LsaAuthenticationPort");
SecurityQos.Length = sizeof(SecurityQos);
SecurityQos.ImpersonationLevel = SecurityIdentification;
SecurityQos.ContextTrackingMode = SECURITY_DYNAMIC_TRACKING;
SecurityQos.EffectiveOnly = TRUE;
RtlZeroMemory(&ConnectInfo,
ConnectInfoLength);
ConnectInfo.CreateContext = TRUE;
Status = NtConnectPort(LsaHandle,
&PortName,
&SecurityQos,
NULL,
NULL,
NULL,
&ConnectInfo,
&ConnectInfoLength);
if (!NT_SUCCESS(Status))
{
ERR("NtConnectPort failed (Status 0x%08lx)\n", Status);
return Status;
}
if (!NT_SUCCESS(ConnectInfo.Status))
{
ERR("ConnectInfo.Status: 0x%08lx\n", ConnectInfo.Status);
}
return ConnectInfo.Status;
}
NTSTATUS
DbgUiConnectToDbg( VOID )
/*++
Routine Description:
This routine makes a connection between the caller and the DbgUi
port in the Dbg subsystem. In addition to returning a handle to a
port object, a handle to a state change semaphore is returned. This
semaphore is used in DbgUiWaitStateChange APIs.
Arguments:
None.
Return Value:
TBD.
--*/
{
NTSTATUS st;
UNICODE_STRING PortName;
ULONG ConnectionInformationLength;
SECURITY_QUALITY_OF_SERVICE DynamicQos;
//
// if app is already connected, don't reconnect
//
st = STATUS_SUCCESS;
if ( !DbgUiApiPort ) {
//
// Set up the security quality of service parameters to use over the
// port. Use the most efficient (least overhead) - which is dynamic
// rather than static tracking.
//
DynamicQos.ImpersonationLevel = SecurityImpersonation;
DynamicQos.ContextTrackingMode = SECURITY_DYNAMIC_TRACKING;
DynamicQos.EffectiveOnly = TRUE;
RtlInitUnicodeString(&PortName,L"\\DbgUiApiPort");
ConnectionInformationLength = sizeof(DbgStateChangeSemaphore);
st = NtConnectPort(
&DbgUiApiPort,
&PortName,
&DynamicQos,
NULL,
NULL,
NULL,
(PVOID)&DbgStateChangeSemaphore,
&ConnectionInformationLength
);
if ( NT_SUCCESS(st) ) {
NtRegisterThreadTerminatePort(DbgUiApiPort);
} else {
DbgUiApiPort = NULL;
}
}
return st;
}
NTSTATUS
NTAPI
SmConnectToSm(IN PUNICODE_STRING SbApiPortName,
IN HANDLE SbApiPort,
IN ULONG ImageType,
IN HANDLE SmApiPort)
{
NTSTATUS Status;
SB_CONNECTION_INFO ConnectInfo;
UNICODE_STRING DestinationString;
SECURITY_QUALITY_OF_SERVICE SecurityQos;
ULONG ConnectInfoLength = sizeof(ConnectInfo);
/* Setup the QoS structure */
SecurityQos.ImpersonationLevel = SecurityIdentification;
SecurityQos.ContextTrackingMode = SECURITY_DYNAMIC_TRACKING;
SecurityQos.EffectiveOnly = TRUE;
/* Set the SM API port name */
RtlInitUnicodeString(&DestinationString, L"\\SmApiPort2");
/* Check if this is a client connecting to SMSS, or SMSS to itself */
if (SbApiPortName)
{
/* A client SB port as well as an image type must be present */
if (!(SbApiPort) || !(ImageType)) return STATUS_INVALID_PARAMETER_MIX;
/* Copy the client port name, and NULL-terminate it */
RtlCopyMemory(ConnectInfo.SbApiPortName,
SbApiPortName->Buffer,
SbApiPortName->Length);
ConnectInfo.SbApiPortName[SbApiPortName->Length /
sizeof(WCHAR)] = UNICODE_NULL;
/* Save the subsystem type */
ConnectInfo.SubsystemType = ImageType;
}
else
{
/* No client port, and the subsystem type is not set */
ConnectInfo.SbApiPortName[0] = UNICODE_NULL;
ConnectInfo.SubsystemType = IMAGE_SUBSYSTEM_UNKNOWN;
}
/* Connect to SMSS and exchange connection information */
Status = NtConnectPort(SmApiPort,
&DestinationString,
&SecurityQos,
NULL,
NULL,
NULL,
&ConnectInfo,
&ConnectInfoLength);
if (!NT_SUCCESS(Status))
{
DPRINT1("SmConnectToSm: Connect to Sm failed %lx\n", Status);
}
else
{
/* Treat a warning or informational status as success */
Status = STATUS_SUCCESS;
}
/* Return if the connection was successful or not */
return Status;
}
NTSTATUS PhSvcConnectToServer(
_In_ PUNICODE_STRING PortName,
_In_opt_ SIZE_T PortSectionSize
)
{
NTSTATUS status;
HANDLE sectionHandle;
LARGE_INTEGER sectionSize;
PORT_VIEW clientView;
REMOTE_PORT_VIEW serverView;
SECURITY_QUALITY_OF_SERVICE securityQos;
ULONG maxMessageLength;
PHSVC_API_CONNECTINFO connectInfo;
ULONG connectInfoLength;
if (PhSvcClPortHandle)
return STATUS_ADDRESS_ALREADY_EXISTS;
if (PortSectionSize == 0)
PortSectionSize = 512 * 1024;
// Create the port section and connect to the port.
sectionSize.QuadPart = PortSectionSize;
status = NtCreateSection(
§ionHandle,
SECTION_ALL_ACCESS,
NULL,
§ionSize,
PAGE_READWRITE,
SEC_COMMIT,
NULL
);
if (!NT_SUCCESS(status))
return status;
clientView.Length = sizeof(PORT_VIEW);
clientView.SectionHandle = sectionHandle;
clientView.SectionOffset = 0;
clientView.ViewSize = PortSectionSize;
clientView.ViewBase = NULL;
clientView.ViewRemoteBase = NULL;
serverView.Length = sizeof(REMOTE_PORT_VIEW);
serverView.ViewSize = 0;
serverView.ViewBase = NULL;
securityQos.Length = sizeof(SECURITY_QUALITY_OF_SERVICE);
securityQos.ImpersonationLevel = SecurityImpersonation;
securityQos.ContextTrackingMode = SECURITY_DYNAMIC_TRACKING;
securityQos.EffectiveOnly = TRUE;
connectInfoLength = sizeof(PHSVC_API_CONNECTINFO);
status = NtConnectPort(
&PhSvcClPortHandle,
PortName,
&securityQos,
&clientView,
&serverView,
&maxMessageLength,
&connectInfo,
&connectInfoLength
);
NtClose(sectionHandle);
if (!NT_SUCCESS(status))
return status;
PhSvcClServerProcessId = connectInfo.ServerProcessId;
// Create the port heap.
PhSvcClPortHeap = RtlCreateHeap(
HEAP_CLASS_1,
clientView.ViewBase,
clientView.ViewSize,
PAGE_SIZE,
NULL,
NULL
);
if (!PhSvcClPortHeap)
{
NtClose(PhSvcClPortHandle);
return STATUS_INSUFFICIENT_RESOURCES;
}
return status;
}
