NTSTATUS CreateLpcPort(PLPC_PORT LpcPort, LPCWSTR PortName)
{
NTSTATUS status;
OBJECT_ATTRIBUTES portAttr;
UNICODE_STRING usPortName;
ULONG maxDataSize;
maxDataSize = sizeof(LPC_MESSAGE);
RtlInitUnicodeString(&usPortName, PortName);
InitializeObjectAttributes(&portAttr, &usPortName, 0, NULL, NULL);
log("Port Creating...");
status = NtCreatePort(
&LpcPort->hPort,
&portAttr,
MAX_CONNECT_INFO_SIZE,
maxDataSize,
0);
if (NT_SUCCESS(status)) {
log("OK\n");
} else {
log("Failed.\nstatus: %x\n", status);
}
return status;
}
main()
{
NTSTATUS st;
OBJECT_ATTRIBUTES Obja;
InitializeObjectAttributes(&Obja, NULL, 0, NULL, NULL);
st = NtCreatePort(
&DebugPort,
&Obja,
0L,
256,
256 * 16
);
ASSERT(NT_SUCCESS(st));
UdbgTest2();
UdbgTest1();
}
NTSTATUS
StartAuthenticationPort(VOID)
{
OBJECT_ATTRIBUTES ObjectAttributes;
UNICODE_STRING PortName;
DWORD ThreadId;
UNICODE_STRING EventName;
HANDLE EventHandle;
NTSTATUS Status;
TRACE("StartAuthenticationPort()\n");
/* Initialize the logon context list */
InitializeListHead(&LsapLogonContextList);
RtlInitUnicodeString(&PortName,
L"\\LsaAuthenticationPort");
InitializeObjectAttributes(&ObjectAttributes,
&PortName,
0,
NULL,
NULL);
Status = NtCreatePort(&AuthPortHandle,
&ObjectAttributes,
sizeof(LSA_CONNECTION_INFO),
sizeof(LSA_API_MSG),
sizeof(LSA_API_MSG) * 32);
if (!NT_SUCCESS(Status))
{
WARN("NtCreatePort() failed (Status %lx)\n", Status);
return Status;
}
RtlInitUnicodeString(&EventName,
L"\\SECURITY\\LSA_AUTHENTICATION_INITIALIZED");
InitializeObjectAttributes(&ObjectAttributes,
&EventName,
OBJ_CASE_INSENSITIVE | OBJ_PERMANENT,
NULL,
NULL);
Status = NtOpenEvent(&EventHandle,
EVENT_MODIFY_STATE,
&ObjectAttributes);
if (!NT_SUCCESS(Status))
{
TRACE("NtOpenEvent failed (Status 0x%08lx)\n", Status);
Status = NtCreateEvent(&EventHandle,
EVENT_MODIFY_STATE,
&ObjectAttributes,
NotificationEvent,
FALSE);
if (!NT_SUCCESS(Status))
{
WARN("NtCreateEvent failed (Status 0x%08lx)\n", Status);
return Status;
}
}
Status = NtSetEvent(EventHandle, NULL);
NtClose(EventHandle);
if (!NT_SUCCESS(Status))
{
WARN("NtSetEvent failed (Status 0x%08lx)\n", Status);
return Status;
}
PortThreadHandle = CreateThread(NULL,
0x1000,
(LPTHREAD_START_ROUTINE)AuthPortThreadRoutine,
NULL,
0,
&ThreadId);
return STATUS_SUCCESS;
}
NTSTATUS PhSvcApiPortInitialization(
_In_ PUNICODE_STRING PortName
)
{
static SID_IDENTIFIER_AUTHORITY ntAuthority = SECURITY_NT_AUTHORITY;
NTSTATUS status;
OBJECT_ATTRIBUTES objectAttributes;
PSECURITY_DESCRIPTOR securityDescriptor;
ULONG sdAllocationLength;
UCHAR administratorsSidBuffer[FIELD_OFFSET(SID, SubAuthority) + sizeof(ULONG) * 2];
PSID administratorsSid;
PACL dacl;
ULONG i;
// Create the API port.
administratorsSid = (PSID)administratorsSidBuffer;
RtlInitializeSid(administratorsSid, &ntAuthority, 2);
*RtlSubAuthoritySid(administratorsSid, 0) = SECURITY_BUILTIN_DOMAIN_RID;
*RtlSubAuthoritySid(administratorsSid, 1) = DOMAIN_ALIAS_RID_ADMINS;
sdAllocationLength = SECURITY_DESCRIPTOR_MIN_LENGTH +
(ULONG)sizeof(ACL) +
(ULONG)sizeof(ACCESS_ALLOWED_ACE) +
RtlLengthSid(administratorsSid) +
(ULONG)sizeof(ACCESS_ALLOWED_ACE) +
RtlLengthSid(&PhSeEveryoneSid);
securityDescriptor = PhAllocate(sdAllocationLength);
dacl = (PACL)PTR_ADD_OFFSET(securityDescriptor, SECURITY_DESCRIPTOR_MIN_LENGTH);
RtlCreateSecurityDescriptor(securityDescriptor, SECURITY_DESCRIPTOR_REVISION);
RtlCreateAcl(dacl, sdAllocationLength - SECURITY_DESCRIPTOR_MIN_LENGTH, ACL_REVISION);
RtlAddAccessAllowedAce(dacl, ACL_REVISION, PORT_ALL_ACCESS, administratorsSid);
RtlAddAccessAllowedAce(dacl, ACL_REVISION, PORT_CONNECT, &PhSeEveryoneSid);
RtlSetDaclSecurityDescriptor(securityDescriptor, TRUE, dacl, FALSE);
InitializeObjectAttributes(
&objectAttributes,
PortName,
OBJ_CASE_INSENSITIVE,
NULL,
securityDescriptor
);
status = NtCreatePort(
&PhSvcApiPortHandle,
&objectAttributes,
sizeof(PHSVC_API_CONNECTINFO),
PhIsExecutingInWow64() ? sizeof(PHSVC_API_MSG64) : sizeof(PHSVC_API_MSG),
0
);
PhFree(securityDescriptor);
if (!NT_SUCCESS(status))
return status;
// Start the API threads.
PhSvcApiThreadContextTlsIndex = TlsAlloc();
for (i = 0; i < 2; i++)
{
PhCreateThread2(PhSvcApiRequestThreadStart, NULL);
}
return status;
}
/*++
* @name CsrSbApiPortInitialize
*
* The CsrSbApiPortInitialize routine initializes the LPC Port used for
* communications with the Session Manager (SM) and initializes the static
* thread that will handle connection requests and APIs.
*
* @param None
*
* @return STATUS_SUCCESS in case of success, STATUS_UNSUCCESSFUL otherwise.
*
* @remarks None.
*
*--*/
NTSTATUS
NTAPI
CsrSbApiPortInitialize(VOID)
{
ULONG Size;
PSECURITY_DESCRIPTOR PortSd;
OBJECT_ATTRIBUTES ObjectAttributes;
NTSTATUS Status;
HANDLE hRequestThread;
CLIENT_ID ClientId;
/* Calculate how much space we'll need for the Port Name */
Size = CsrDirectoryName.Length + sizeof(SB_PORT_NAME) + sizeof(WCHAR);
/* Create the buffer for it */
CsrSbApiPortName.Buffer = RtlAllocateHeap(CsrHeap, 0, Size);
if (!CsrSbApiPortName.Buffer) return STATUS_NO_MEMORY;
/* Setup the rest of the empty string */
CsrSbApiPortName.Length = 0;
CsrSbApiPortName.MaximumLength = (USHORT)Size;
/* Now append the full port name */
RtlAppendUnicodeStringToString(&CsrSbApiPortName, &CsrDirectoryName);
RtlAppendUnicodeToString(&CsrSbApiPortName, UNICODE_PATH_SEP);
RtlAppendUnicodeToString(&CsrSbApiPortName, SB_PORT_NAME);
if (CsrDebug & 2) DPRINT1("CSRSS: Creating %wZ port and associated thread\n", &CsrSbApiPortName);
/* Create Security Descriptor for this Port */
Status = CsrCreateLocalSystemSD(&PortSd);
if (!NT_SUCCESS(Status)) return Status;
/* Initialize the Attributes */
InitializeObjectAttributes(&ObjectAttributes,
&CsrSbApiPortName,
0,
NULL,
PortSd);
/* Create the Port Object */
Status = NtCreatePort(&CsrSbApiPort,
&ObjectAttributes,
sizeof(SB_CONNECTION_INFO),
sizeof(SB_API_MSG),
32 * sizeof(SB_API_MSG));
if (PortSd) RtlFreeHeap(CsrHeap, 0, PortSd);
if (NT_SUCCESS(Status))
{
/* Create the Thread to handle the API Requests */
Status = RtlCreateUserThread(NtCurrentProcess(),
NULL,
TRUE,
0,
0,
0,
(PVOID)CsrSbApiRequestThread,
NULL,
&hRequestThread,
&ClientId);
if (NT_SUCCESS(Status))
{
/* Add it as a Static Server Thread */
CsrSbApiRequestThreadPtr = CsrAddStaticServerThread(hRequestThread,
&ClientId,
0);
/* Activate it */
Status = NtResumeThread(hRequestThread, NULL);
}
}
return Status;
}
int security_reference_monitor_t::run()
{
const int maxlen = 0x100;
//dprintf("starting kthread %p p = %p\n", this, process);
current = static_cast<thread_t*>( this );
//dprintf("current->process = %p\n", current->process);
object_attributes_t rm_oa( (PCWSTR) L"\\SeRmCommandPort" );
HANDLE port = 0, client = 0;
NTSTATUS r = NtCreatePort( &port, &rm_oa, 0x100, 0x100, 0 );
if (r == STATUS_THREAD_IS_TERMINATING)
return 0;
if (r < STATUS_SUCCESS)
die("NtCreatePort(SeRmCommandPort) failed r = %08lx\n", r);
BYTE buf[maxlen];
LPC_MESSAGE *req = (LPC_MESSAGE*) buf;
r = NtListenPort( port, req );
if (r == STATUS_THREAD_IS_TERMINATING)
return 0;
if (r < STATUS_SUCCESS)
die("NtListenPort(SeRmCommandPort) failed r = %08lx\n", r);
HANDLE conn_port = 0;
r = NtAcceptConnectPort( &conn_port, 0, req, TRUE, NULL, NULL );
if (r == STATUS_THREAD_IS_TERMINATING)
return 0;
if (r < STATUS_SUCCESS)
die("NtAcceptConnectPort(SeRmCommandPort) failed r = %08lx\n", r);
r = NtCompleteConnectPort( conn_port );
if (r == STATUS_THREAD_IS_TERMINATING)
return 0;
if (r < STATUS_SUCCESS)
die("NtCompleteConnectPort(SeRmCommandPort) failed r = %08lx\n", r);
unicode_string_t lsa;
lsa.copy( (PCWSTR) L"\\SeLsaCommandPort" );
SECURITY_QUALITY_OF_SERVICE qos;
qos.Length = sizeof(qos);
qos.ImpersonationLevel = SecurityAnonymous;
qos.ContextTrackingMode = SECURITY_DYNAMIC_TRACKING;
qos.EffectiveOnly = TRUE;
r = NtConnectPort( &client, &lsa, &qos, NULL, NULL, NULL, NULL, NULL );
if (r == STATUS_THREAD_IS_TERMINATING)
return 0;
if (r < STATUS_SUCCESS)
die("NtConnectPort(SeLsaCommandPort) failed r = %08lx\n", r);
while (!terminated)
{
ULONG client_handle;
r = NtReplyWaitReceivePort( port, &client_handle, 0, req );
if (r == STATUS_THREAD_IS_TERMINATING)
return 0;
if (r < STATUS_SUCCESS)
die("NtReplyWaitReceivePort(SeRmCommandPort) failed r = %08lx\n", r);
dprintf("got message %ld\n", req->MessageId );
// send something back...
r = NtReplyPort( port, req );
if (r == STATUS_THREAD_IS_TERMINATING)
return 0;
if (r < STATUS_SUCCESS)
die("NtReplyPort(SeRmCommandPort) failed r = %08lx\n", r);
}
dprintf("done\n");
return 0;
}
/**********************************************************************
* PdxInitializeListener/1 PRIVATE
*
* DESCRIPTION
* Initialize a thread to make an LPC port listen.
*/
PRIVATE NTSTATUS STDCALL
PdxInitializeListener (ULONG ulIndex)
{
NTSTATUS Status;
OBJECT_ATTRIBUTES Oa;
ULONG ulThreadIndex;
RtlInitUnicodeString (
& Server.Port[ulIndex].usName,
Server.Port[ulIndex].wsName
);
InitializeObjectAttributes(
& Oa,
& Server.Port[ulIndex].usName,
0,
NULL,
NULL
);
/* Create the listening LPC port */
Status = NtCreatePort (
& Server.Port[ulIndex].hObject,
& Oa,
260,
328,
0
);
if (!NT_SUCCESS(Status))
{
debug_print(
L"PSXSS: Unable to create port \"%s\": Status %08x\n",
Server.Port[ulIndex].wsName,
Status);
return Status;
}
/*
* Create the server thread that will process
* messages sent to this port.
*/
for ( ulThreadIndex = 0;
(ulThreadIndex < PSXSS_THREADS_PER_PORT);
ulThreadIndex ++
)
{
#ifdef __PSXSS_ON_W32__
Server.Port[ulIndex].ThreadInfo[ulThreadIndex].hObject =
CreateThread (
NULL,
0,
(PTHREAD_START_ROUTINE) Server.Port[ulIndex].EntryPoint,
(PVOID) ulIndex,
CREATE_SUSPENDED,
& Server.Port[ulIndex].ThreadInfo[ulThreadIndex].Id
);
if (NULL == Server.Port[ulIndex].ThreadInfo[ulThreadIndex].hObject)
#else
if (!NT_SUCCESS(Status))
#endif
{
debug_print(
L"PSXSS: Unable to create a server thread for port \"%s\": Status %08x\n",
Server.Port[ulIndex].wsName,
Status
);
NtClose (Server.Port[ulIndex].hObject);
return Status;
}
}
return STATUS_SUCCESS;
}
NTSTATUS
LsapRmInitializeServer(VOID)
{
UNICODE_STRING Name;
OBJECT_ATTRIBUTES ObjectAttributes;
SECURITY_QUALITY_OF_SERVICE SecurityQos;
HANDLE InitEvent;
HANDLE ThreadHandle;
DWORD ThreadId;
NTSTATUS Status;
/* Create the LSA command port */
RtlInitUnicodeString(&Name, L"\\SeLsaCommandPort");
InitializeObjectAttributes(&ObjectAttributes, &Name, 0, NULL, NULL);
Status = NtCreatePort(&SeLsaCommandPort,
&ObjectAttributes,
0,
PORT_MAXIMUM_MESSAGE_LENGTH,
2 * PAGE_SIZE);
if (!NT_SUCCESS(Status))
{
ERR("LsapRmInitializeServer - Port Create failed 0x%lx\n", Status);
return Status;
}
/* Open the LSA init event */
RtlInitUnicodeString(&Name, L"\\SeLsaInitEvent");
InitializeObjectAttributes(&ObjectAttributes, &Name, 0, NULL, NULL);
Status = NtOpenEvent(&InitEvent, 2, &ObjectAttributes);
if (!NT_SUCCESS(Status))
{
ERR("LsapRmInitializeServer - Lsa Init Event Open failed 0x%lx\n", Status);
return Status;
}
/* Signal the kernel, that we are ready */
Status = NtSetEvent(InitEvent, 0);
if (!NT_SUCCESS(Status))
{
ERR("LsapRmInitializeServer - Set Init Event failed 0x%lx\n", Status);
return Status;
}
/* Setup the QoS structure */
SecurityQos.ImpersonationLevel = SecurityIdentification;
SecurityQos.ContextTrackingMode = SECURITY_DYNAMIC_TRACKING;
SecurityQos.EffectiveOnly = TRUE;
/* Connect to the kernel server */
RtlInitUnicodeString(&Name, L"\\SeRmCommandPort");
Status = NtConnectPort(&SeRmCommandPort,
&Name,
&SecurityQos,
NULL,
NULL,
NULL,
NULL,
NULL);
if (!NT_SUCCESS(Status))
{
ERR("LsapRmInitializeServer - Connect to Rm Command Port failed 0x%lx\n", Status);
return Status;
}
/* Create the server thread */
ThreadHandle = CreateThread(NULL, 0, LsapRmServerThread, NULL, 0, &ThreadId);
if (ThreadHandle == NULL)
{
ERR("LsapRmInitializeServer - Create Thread failed 0x%lx\n", Status);
return STATUS_INSUFFICIENT_RESOURCES;
}
/* Close the server thread handle */
CloseHandle(ThreadHandle);
return STATUS_SUCCESS;
}
NTSTATUS
SepServerInitialize(
)
{
NTSTATUS Status;
OBJECT_ATTRIBUTES ThreadAttributes;
PTEB CurrentTeb;
DbgPrint("Se: Server Initializing ...\n");
//
// Initialize global variables
//
RequestCount = 0;
//
// Get a handle to our thread to so that we can access our thread
// even when impersonating an anonymous client (which we can't do
// using NtCurrentThread()).
//
CurrentTeb = NtCurrentTeb();
InitializeObjectAttributes(&ThreadAttributes, NULL, 0, NULL, NULL);
Status = NtOpenThread(
&SepServerThread, // TargetHandle
THREAD_ALL_ACCESS, // DesiredAccess
&ThreadAttributes, // ObjectAttributes
&CurrentTeb->ClientId // ClientId
);
ASSERT( NT_SUCCESS(Status) );
//
// Create the server's port
//
InitializeObjectAttributes(
&ObjectAttributes,
&PortName,
0,
NULL,
NULL );
Status = NtCreatePort(
&EarPort,
&ObjectAttributes,
0,
4,
4 * 256
); SEASSERT_SUCCESS(Status);
//
// Spawn a copy of ourselves...
//
DbgPrint("Se: Server Spawning client process ...\n");
SepServerSpawnClientProcess();
DbgPrint("Se: Server waiting for start of test signal ...\n");
Status = NtWaitForSingleObject(
EventHandle,
TRUE,
NULL
); SEASSERT_SUCCESS(Status);
Status = NtClose( EventHandle ); SEASSERT_SUCCESS(Status);
return STATUS_SUCCESS;
}
