1c2c66affSColin Finck /*
2c2c66affSColin Finck * COPYRIGHT: See COPYING in the top level directory
3c2c66affSColin Finck * PROJECT: Local Security Authority Server DLL
4c2c66affSColin Finck * FILE: dll/win32/lsasrv/srm.c
5c2c66affSColin Finck * PURPOSE: Security Reference Monitor Server
6c2c66affSColin Finck *
7c2c66affSColin Finck * PROGRAMMERS: Timo Kreuzer (timo.kreuzer@reactos.org)
8c2c66affSColin Finck */
9c2c66affSColin Finck
10c2c66affSColin Finck /* INCLUDES ****************************************************************/
11c2c66affSColin Finck
12c2c66affSColin Finck #include "lsasrv.h"
13c2c66affSColin Finck #include <ndk/ntndk.h>
14c2c66affSColin Finck
15c2c66affSColin Finck /* GLOBALS *****************************************************************/
16c2c66affSColin Finck
17c2c66affSColin Finck HANDLE SeLsaCommandPort;
18c2c66affSColin Finck HANDLE SeRmCommandPort;
19c2c66affSColin Finck
20c2c66affSColin Finck /* FUNCTIONS ***************************************************************/
21c2c66affSColin Finck
22c2c66affSColin Finck static
23c2c66affSColin Finck VOID
LsapComponentTest(PLSAP_RM_API_MESSAGE Message)24c2c66affSColin Finck LsapComponentTest(
25c2c66affSColin Finck PLSAP_RM_API_MESSAGE Message)
26c2c66affSColin Finck {
27c2c66affSColin Finck ERR("Security: LSA Component Test Command Received\n");
28c2c66affSColin Finck }
29c2c66affSColin Finck
30c2c66affSColin Finck static
31c2c66affSColin Finck VOID
LsapAdtWriteLog(PLSAP_RM_API_MESSAGE Message)32c2c66affSColin Finck LsapAdtWriteLog(
33c2c66affSColin Finck PLSAP_RM_API_MESSAGE Message)
34c2c66affSColin Finck {
35c2c66affSColin Finck ERR("LsapAdtWriteLog\n");
36c2c66affSColin Finck }
37c2c66affSColin Finck
38c2c66affSColin Finck static
39c2c66affSColin Finck VOID
LsapAsync(PLSAP_RM_API_MESSAGE Message)40c2c66affSColin Finck LsapAsync(
41c2c66affSColin Finck PLSAP_RM_API_MESSAGE Message)
42c2c66affSColin Finck {
43c2c66affSColin Finck ERR("LsapAsync\n");
44c2c66affSColin Finck }
45c2c66affSColin Finck
46c2c66affSColin Finck static
47c2c66affSColin Finck DWORD
48c2c66affSColin Finck WINAPI
LsapRmServerThread(PVOID StartContext)49c2c66affSColin Finck LsapRmServerThread(
50c2c66affSColin Finck PVOID StartContext)
51c2c66affSColin Finck {
52c2c66affSColin Finck LSAP_RM_API_MESSAGE Message;
53c2c66affSColin Finck PPORT_MESSAGE ReplyMessage;
54c2c66affSColin Finck REMOTE_PORT_VIEW RemotePortView;
55c2c66affSColin Finck HANDLE MessagePort, DummyPortHandle;
56c2c66affSColin Finck NTSTATUS Status;
57c2c66affSColin Finck
58c2c66affSColin Finck /* Initialize the port message */
59c2c66affSColin Finck Message.Header.u1.s1.TotalLength = sizeof(Message);
60c2c66affSColin Finck Message.Header.u1.s1.DataLength = 0;
61c2c66affSColin Finck
62c2c66affSColin Finck /* Listen on the LSA command port */
63c2c66affSColin Finck Status = NtListenPort(SeLsaCommandPort, &Message.Header);
64c2c66affSColin Finck if (!NT_SUCCESS(Status))
65c2c66affSColin Finck {
66c2c66affSColin Finck ERR("LsapRmServerThread - Port Listen failed 0x%lx\n", Status);
67c2c66affSColin Finck return Status;
68c2c66affSColin Finck }
69c2c66affSColin Finck
70c2c66affSColin Finck /* Setup the Port View Structure */
71c2c66affSColin Finck RemotePortView.Length = sizeof(REMOTE_PORT_VIEW);
72c2c66affSColin Finck RemotePortView.ViewSize = 0;
73c2c66affSColin Finck RemotePortView.ViewBase = NULL;
74c2c66affSColin Finck
75c2c66affSColin Finck /* Accept the connection */
76c2c66affSColin Finck Status = NtAcceptConnectPort(&MessagePort,
77c2c66affSColin Finck 0,
78c2c66affSColin Finck &Message.Header,
79c2c66affSColin Finck TRUE,
80c2c66affSColin Finck NULL,
81c2c66affSColin Finck &RemotePortView);
82c2c66affSColin Finck if (!NT_SUCCESS(Status))
83c2c66affSColin Finck {
84c2c66affSColin Finck ERR("LsapRmServerThread - Port Accept Connect failed 0x%lx\n", Status);
85c2c66affSColin Finck return Status;
86c2c66affSColin Finck }
87c2c66affSColin Finck
88c2c66affSColin Finck /* Complete the connection */
89c2c66affSColin Finck Status = NtCompleteConnectPort(MessagePort);
90c2c66affSColin Finck if (!NT_SUCCESS(Status))
91c2c66affSColin Finck {
92c2c66affSColin Finck ERR("LsapRmServerThread - Port Complete Connect failed 0x%lx\n", Status);
93c2c66affSColin Finck return Status;
94c2c66affSColin Finck }
95c2c66affSColin Finck
96c2c66affSColin Finck /* No reply yet */
97c2c66affSColin Finck ReplyMessage = NULL;
98c2c66affSColin Finck
99c2c66affSColin Finck /* Start looping */
100c2c66affSColin Finck while (TRUE)
101c2c66affSColin Finck {
102c2c66affSColin Finck /* Wait for a message */
103c2c66affSColin Finck Status = NtReplyWaitReceivePort(MessagePort,
104c2c66affSColin Finck NULL,
105c2c66affSColin Finck ReplyMessage,
106c2c66affSColin Finck &Message.Header);
107c2c66affSColin Finck if (!NT_SUCCESS(Status))
108c2c66affSColin Finck {
109*03422451SSerge Gautherie ERR("LsapRmServerThread - Failed to get message: 0x%lx\n", Status);
110c2c66affSColin Finck ReplyMessage = NULL;
111c2c66affSColin Finck continue;
112c2c66affSColin Finck }
113c2c66affSColin Finck
114c2c66affSColin Finck /* Check if this is a connection request */
115c2c66affSColin Finck if (Message.Header.u2.s2.Type == LPC_CONNECTION_REQUEST)
116c2c66affSColin Finck {
117c2c66affSColin Finck /* Reject connection request */
118c2c66affSColin Finck NtAcceptConnectPort(&DummyPortHandle,
119c2c66affSColin Finck NULL,
120c2c66affSColin Finck &Message.Header,
121c2c66affSColin Finck FALSE,
122c2c66affSColin Finck NULL,
123c2c66affSColin Finck NULL);
124c2c66affSColin Finck
125c2c66affSColin Finck /* Start over */
126c2c66affSColin Finck ReplyMessage = NULL;
127c2c66affSColin Finck continue;
128c2c66affSColin Finck }
129c2c66affSColin Finck
130c2c66affSColin Finck /* Check if this is an actual request */
131c2c66affSColin Finck if (Message.Header.u2.s2.Type == LPC_REQUEST)
132c2c66affSColin Finck {
133c2c66affSColin Finck ReplyMessage = &Message.Header;
134c2c66affSColin Finck
135c2c66affSColin Finck switch (Message.ApiNumber)
136c2c66affSColin Finck {
137c2c66affSColin Finck case LsapAdtWriteLogApi:
138c2c66affSColin Finck LsapAdtWriteLog(&Message);
139c2c66affSColin Finck break;
140c2c66affSColin Finck
141c2c66affSColin Finck case LsapAsyncApi:
142c2c66affSColin Finck LsapAsync(&Message);
143c2c66affSColin Finck break;
144c2c66affSColin Finck
145c2c66affSColin Finck case LsapComponentTestApi:
146c2c66affSColin Finck LsapComponentTest(&Message);
147c2c66affSColin Finck break;
148c2c66affSColin Finck
149c2c66affSColin Finck default:
150c2c66affSColin Finck ERR("LsapRmServerThread - invalid API number: 0x%lx\n",
151c2c66affSColin Finck Message.ApiNumber);
152c2c66affSColin Finck ReplyMessage = NULL;
153c2c66affSColin Finck }
154c2c66affSColin Finck
155c2c66affSColin Finck continue;
156c2c66affSColin Finck }
157c2c66affSColin Finck
158c2c66affSColin Finck ERR("LsapRmServerThread - unexpected message type: 0x%lx\n",
159c2c66affSColin Finck Message.Header.u2.s2.Type);
160c2c66affSColin Finck
161c2c66affSColin Finck /* Start over */
162c2c66affSColin Finck ReplyMessage = NULL;
163c2c66affSColin Finck }
164c2c66affSColin Finck }
165c2c66affSColin Finck
166c2c66affSColin Finck NTSTATUS
LsapRmInitializeServer(VOID)167c2c66affSColin Finck LsapRmInitializeServer(VOID)
168c2c66affSColin Finck {
169c2c66affSColin Finck UNICODE_STRING Name;
170c2c66affSColin Finck OBJECT_ATTRIBUTES ObjectAttributes;
171c2c66affSColin Finck SECURITY_QUALITY_OF_SERVICE SecurityQos;
172c2c66affSColin Finck HANDLE InitEvent;
173c2c66affSColin Finck HANDLE ThreadHandle;
174c2c66affSColin Finck DWORD ThreadId;
175c2c66affSColin Finck NTSTATUS Status;
176c2c66affSColin Finck
177c2c66affSColin Finck /* Create the LSA command port */
178c2c66affSColin Finck RtlInitUnicodeString(&Name, L"\\SeLsaCommandPort");
179c2c66affSColin Finck InitializeObjectAttributes(&ObjectAttributes, &Name, 0, NULL, NULL);
180c2c66affSColin Finck Status = NtCreatePort(&SeLsaCommandPort,
181c2c66affSColin Finck &ObjectAttributes,
182c2c66affSColin Finck 0,
183c2c66affSColin Finck PORT_MAXIMUM_MESSAGE_LENGTH,
184c2c66affSColin Finck 2 * PAGE_SIZE);
185c2c66affSColin Finck if (!NT_SUCCESS(Status))
186c2c66affSColin Finck {
187c2c66affSColin Finck ERR("LsapRmInitializeServer - Port Create failed 0x%lx\n", Status);
188c2c66affSColin Finck return Status;
189c2c66affSColin Finck }
190c2c66affSColin Finck
191c2c66affSColin Finck /* Open the LSA init event */
192c2c66affSColin Finck RtlInitUnicodeString(&Name, L"\\SeLsaInitEvent");
193c2c66affSColin Finck InitializeObjectAttributes(&ObjectAttributes, &Name, 0, NULL, NULL);
194c2c66affSColin Finck Status = NtOpenEvent(&InitEvent, 2, &ObjectAttributes);
195c2c66affSColin Finck if (!NT_SUCCESS(Status))
196c2c66affSColin Finck {
197c2c66affSColin Finck ERR("LsapRmInitializeServer - Lsa Init Event Open failed 0x%lx\n", Status);
198c2c66affSColin Finck return Status;
199c2c66affSColin Finck }
200c2c66affSColin Finck
201c2c66affSColin Finck /* Signal the kernel, that we are ready */
202c2c66affSColin Finck Status = NtSetEvent(InitEvent, 0);
203c2c66affSColin Finck if (!NT_SUCCESS(Status))
204c2c66affSColin Finck {
205c2c66affSColin Finck ERR("LsapRmInitializeServer - Set Init Event failed 0x%lx\n", Status);
206c2c66affSColin Finck return Status;
207c2c66affSColin Finck }
208c2c66affSColin Finck
209c2c66affSColin Finck /* Setup the QoS structure */
210c2c66affSColin Finck SecurityQos.ImpersonationLevel = SecurityIdentification;
211c2c66affSColin Finck SecurityQos.ContextTrackingMode = SECURITY_DYNAMIC_TRACKING;
212c2c66affSColin Finck SecurityQos.EffectiveOnly = TRUE;
213c2c66affSColin Finck
214c2c66affSColin Finck /* Connect to the kernel server */
215c2c66affSColin Finck RtlInitUnicodeString(&Name, L"\\SeRmCommandPort");
216c2c66affSColin Finck Status = NtConnectPort(&SeRmCommandPort,
217c2c66affSColin Finck &Name,
218c2c66affSColin Finck &SecurityQos,
219c2c66affSColin Finck NULL,
220c2c66affSColin Finck NULL,
221c2c66affSColin Finck NULL,
222c2c66affSColin Finck NULL,
223c2c66affSColin Finck NULL);
224c2c66affSColin Finck if (!NT_SUCCESS(Status))
225c2c66affSColin Finck {
226c2c66affSColin Finck ERR("LsapRmInitializeServer - Connect to Rm Command Port failed 0x%lx\n", Status);
227c2c66affSColin Finck return Status;
228c2c66affSColin Finck }
229c2c66affSColin Finck
230c2c66affSColin Finck /* Create the server thread */
231c2c66affSColin Finck ThreadHandle = CreateThread(NULL, 0, LsapRmServerThread, NULL, 0, &ThreadId);
232c2c66affSColin Finck if (ThreadHandle == NULL)
233c2c66affSColin Finck {
234c2c66affSColin Finck ERR("LsapRmInitializeServer - Create Thread failed 0x%lx\n", Status);
235c2c66affSColin Finck return STATUS_INSUFFICIENT_RESOURCES;
236c2c66affSColin Finck }
237c2c66affSColin Finck
238c2c66affSColin Finck /* Close the server thread handle */
239c2c66affSColin Finck CloseHandle(ThreadHandle);
240c2c66affSColin Finck
241c2c66affSColin Finck return STATUS_SUCCESS;
242c2c66affSColin Finck }
243c2c66affSColin Finck
244c2c66affSColin Finck NTSTATUS
LsapRmCreateLogonSession(PLUID LogonId)245c2c66affSColin Finck LsapRmCreateLogonSession(
246c2c66affSColin Finck PLUID LogonId)
247c2c66affSColin Finck {
248c2c66affSColin Finck SEP_RM_API_MESSAGE RequestMessage;
249c2c66affSColin Finck SEP_RM_API_MESSAGE ReplyMessage;
250c2c66affSColin Finck NTSTATUS Status;
251c2c66affSColin Finck
252c2c66affSColin Finck TRACE("LsapRmCreateLogonSession(%p)\n", LogonId);
253c2c66affSColin Finck
254c2c66affSColin Finck RequestMessage.Header.u2.ZeroInit = 0;
255c2c66affSColin Finck RequestMessage.Header.u1.s1.TotalLength =
256c2c66affSColin Finck (CSHORT)(sizeof(PORT_MESSAGE) + sizeof(ULONG) + sizeof(LUID));
257c2c66affSColin Finck RequestMessage.Header.u1.s1.DataLength =
258c2c66affSColin Finck RequestMessage.Header.u1.s1.TotalLength -
259c2c66affSColin Finck (CSHORT)sizeof(PORT_MESSAGE);
260c2c66affSColin Finck
261c2c66affSColin Finck RequestMessage.ApiNumber = (ULONG)RmCreateLogonSession;
262c2c66affSColin Finck RtlCopyLuid(&RequestMessage.u.LogonLuid, LogonId);
263c2c66affSColin Finck
264c2c66affSColin Finck ReplyMessage.Header.u2.ZeroInit = 0;
265c2c66affSColin Finck ReplyMessage.Header.u1.s1.TotalLength =
266c2c66affSColin Finck (CSHORT)(sizeof(PORT_MESSAGE) + sizeof(ULONG) + sizeof(NTSTATUS));
267c2c66affSColin Finck ReplyMessage.Header.u1.s1.DataLength =
268c2c66affSColin Finck ReplyMessage.Header.u1.s1.TotalLength -
269c2c66affSColin Finck (CSHORT)sizeof(PORT_MESSAGE);
270c2c66affSColin Finck
271c2c66affSColin Finck ReplyMessage.u.ResultStatus = STATUS_SUCCESS;
272c2c66affSColin Finck
273c2c66affSColin Finck Status = NtRequestWaitReplyPort(SeRmCommandPort,
274c2c66affSColin Finck (PPORT_MESSAGE)&RequestMessage,
275c2c66affSColin Finck (PPORT_MESSAGE)&ReplyMessage);
276c2c66affSColin Finck if (NT_SUCCESS(Status))
277c2c66affSColin Finck {
278c2c66affSColin Finck Status = ReplyMessage.u.ResultStatus;
279c2c66affSColin Finck }
280c2c66affSColin Finck
281c2c66affSColin Finck return Status;
282c2c66affSColin Finck }
283c2c66affSColin Finck
284c2c66affSColin Finck NTSTATUS
LsapRmDeleteLogonSession(PLUID LogonId)285c2c66affSColin Finck LsapRmDeleteLogonSession(
286c2c66affSColin Finck PLUID LogonId)
287c2c66affSColin Finck {
288c2c66affSColin Finck SEP_RM_API_MESSAGE RequestMessage;
289c2c66affSColin Finck SEP_RM_API_MESSAGE ReplyMessage;
290c2c66affSColin Finck NTSTATUS Status;
291c2c66affSColin Finck
292c2c66affSColin Finck TRACE("LsapRmDeleteLogonSession(%p)\n", LogonId);
293c2c66affSColin Finck
294c2c66affSColin Finck RequestMessage.Header.u2.ZeroInit = 0;
295c2c66affSColin Finck RequestMessage.Header.u1.s1.TotalLength =
296c2c66affSColin Finck (CSHORT)(sizeof(PORT_MESSAGE) + sizeof(ULONG) + sizeof(LUID));
297c2c66affSColin Finck RequestMessage.Header.u1.s1.DataLength =
298c2c66affSColin Finck RequestMessage.Header.u1.s1.TotalLength -
299c2c66affSColin Finck (CSHORT)sizeof(PORT_MESSAGE);
300c2c66affSColin Finck
301c2c66affSColin Finck RequestMessage.ApiNumber = (ULONG)RmDeleteLogonSession;
302c2c66affSColin Finck RtlCopyLuid(&RequestMessage.u.LogonLuid, LogonId);
303c2c66affSColin Finck
304c2c66affSColin Finck ReplyMessage.Header.u2.ZeroInit = 0;
305c2c66affSColin Finck ReplyMessage.Header.u1.s1.TotalLength =
306c2c66affSColin Finck (CSHORT)(sizeof(PORT_MESSAGE) + sizeof(ULONG) + sizeof(NTSTATUS));
307c2c66affSColin Finck ReplyMessage.Header.u1.s1.DataLength =
308c2c66affSColin Finck ReplyMessage.Header.u1.s1.TotalLength -
309c2c66affSColin Finck (CSHORT)sizeof(PORT_MESSAGE);
310c2c66affSColin Finck
311c2c66affSColin Finck ReplyMessage.u.ResultStatus = STATUS_SUCCESS;
312c2c66affSColin Finck
313c2c66affSColin Finck Status = NtRequestWaitReplyPort(SeRmCommandPort,
314c2c66affSColin Finck (PPORT_MESSAGE)&RequestMessage,
315c2c66affSColin Finck (PPORT_MESSAGE)&ReplyMessage);
316c2c66affSColin Finck if (NT_SUCCESS(Status))
317c2c66affSColin Finck {
318c2c66affSColin Finck Status = ReplyMessage.u.ResultStatus;
319c2c66affSColin Finck }
320c2c66affSColin Finck
321c2c66affSColin Finck return Status;
322c2c66affSColin Finck }
323