// Debug information
//
-#define AFS_DBG_FLAG_BREAK_ON_ENTRY 0x00000001 // Only enabled in checked build
-#define AFS_DBG_TRACE_TO_DEBUGGER 0x00000002
-#define AFS_DBG_FLAG_ENABLE_FORCE_CRASH 0x00000004 // Only enabled in checked build
-#define AFS_DBG_BUGCHECK_EXCEPTION 0x00000008
-#define AFS_DBG_CLEAN_SHUTDOWN 0x00000010
-#define AFS_DBG_REQUIRE_CLEAN_SHUTDOWN 0x00000020
+#define AFS_DBG_FLAG_BREAK_ON_ENTRY 0x00000001 // Only enabled in checked build
+#define AFS_DBG_TRACE_TO_DEBUGGER 0x00000002
+#define AFS_DBG_FLAG_ENABLE_FORCE_CRASH 0x00000004 // Only enabled in checked build
+#define AFS_DBG_BUGCHECK_EXCEPTION 0x00000008
+#define AFS_DBG_CLEAN_SHUTDOWN 0x00000010
+#define AFS_DBG_REQUIRE_CLEAN_SHUTDOWN 0x00000020
+#define AFS_DBG_DISABLE_SYSTEM_SID_CHECK 0x00000040
//
// Pool state
case IOCTL_AFS_INITIALIZE_CONTROL_DEVICE:
{
+ if ( !AFSIsUser( SeExports->SeLocalSystemSid)
+#if DBG
+ && !BooleanFlagOn( AFSDebugFlags, AFS_DBG_DISABLE_SYSTEM_SID_CHECK)
+#endif
+ )
+ {
+ ntStatus = STATUS_ACCESS_DENIED;
+ break;
+ }
//
// Go intialize the pool
//
-
ntStatus = AFSInitIrpPool();
if( !NT_SUCCESS( ntStatus))
return pThreadCB;
}
+
+BOOLEAN
+AFSIsUser( IN PSID Sid)
+{
+ SECURITY_SUBJECT_CONTEXT subjectContext;
+ PTOKEN_USER user;
+ PACCESS_TOKEN token;
+ BOOLEAN retVal = FALSE;
+
+ SeCaptureSubjectContext( &subjectContext);
+ SeLockSubjectContext( &subjectContext);
+
+ token = SeQuerySubjectContextToken( &subjectContext);
+
+ if (NT_SUCCESS (SeQueryInformationToken( token, TokenUser, (PVOID*) &user)))
+ {
+
+ retVal = RtlEqualSid( user->User.Sid, Sid);
+
+ ExFreePool( user );
+ }
+ SeUnlockSubjectContext( &subjectContext);
+ SeReleaseSubjectContext( &subjectContext);
+ return retVal;
+}
AFSInitializeThreadCB( IN AFSProcessCB *ProcessCB,
IN ULONGLONG ThreadId);
+BOOLEAN
+AFSIsUser( IN PSID Sid);
+
};
#endif /* _AFS_COMMON_H */