2 * Copyright (c) 2008, 2009, 2010, 2011 Kernel Drivers, LLC.
3 * Copyright (c) 2009, 2010, 2011 Your File System, Inc.
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
10 * - Redistributions of source code must retain the above copyright notice,
11 * this list of conditions and the following disclaimer.
12 * - Redistributions in binary form must reproduce the above copyright
14 * this list of conditions and the following disclaimer in the
16 * and/or other materials provided with the distribution.
17 * - Neither the names of Kernel Drivers, LLC and Your File System, Inc.
18 * nor the names of their contributors may be used to endorse or promote
19 * products derived from this software without specific prior written
20 * permission from Kernel Drivers, LLC and Your File System, Inc.
22 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
23 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
24 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
25 * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER
26 * OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
27 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
28 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
29 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
30 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
31 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
32 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36 // File: AFSProcessSupport.cpp
39 #include "AFSCommon.h"
41 static HANDLE AFSServicePid = NULL;
44 AFSProcessNotify( IN HANDLE ParentId,
50 // If this is a create notification then update our tree, otherwise remove the
57 AFSProcessCreate( ParentId,
59 PsGetCurrentProcessId(),
60 PsGetCurrentThreadId());
65 AFSProcessDestroy( ProcessId);
72 AFSProcessNotifyEx( IN OUT PEPROCESS Process,
74 IN OUT PPS_CREATE_NOTIFY_INFO CreateInfo)
76 UNREFERENCED_PARAMETER(Process);
81 AFSProcessCreate( CreateInfo->ParentProcessId,
83 CreateInfo->CreatingThreadId.UniqueProcess,
84 CreateInfo->CreatingThreadId.UniqueThread);
89 AFSProcessDestroy( ProcessId);
95 AFSProcessCreate( IN HANDLE ParentId,
97 IN HANDLE CreatingProcessId,
98 IN HANDLE CreatingThreadId)
100 AFSDeviceExt *pDeviceExt = (AFSDeviceExt *)AFSDeviceObject->DeviceExtension;
101 AFSProcessCB *pProcessCB = NULL;
106 AFSDbgTrace(( AFS_SUBSYSTEM_LOCK_PROCESSING,
107 AFS_TRACE_LEVEL_VERBOSE,
108 "AFSProcessCreate Acquiring Control ProcessTree.TreeLock lock %p EXCL %08lX\n",
109 pDeviceExt->Specific.Control.ProcessTree.TreeLock,
110 PsGetCurrentThread()));
112 AFSAcquireExcl( pDeviceExt->Specific.Control.ProcessTree.TreeLock,
115 AFSDbgTrace(( AFS_SUBSYSTEM_PROCESS_PROCESSING,
116 AFS_TRACE_LEVEL_VERBOSE,
117 "AFSProcessCreate Parent %08lX Process %08lX %08lX\n",
120 PsGetCurrentThread()));
122 pProcessCB = AFSInitializeProcessCB( (ULONGLONG)ParentId,
123 (ULONGLONG)ProcessId);
125 if( pProcessCB != NULL)
128 pProcessCB->CreatingProcessId = (ULONGLONG)CreatingProcessId;
130 pProcessCB->CreatingThreadId = (ULONGLONG)CreatingThreadId;
133 // Now assign the AuthGroup ACE
136 AFSValidateProcessEntry( ProcessId,
142 AFSDbgTrace(( AFS_SUBSYSTEM_PROCESS_PROCESSING,
143 AFS_TRACE_LEVEL_ERROR,
144 "AFSProcessCreate Initialization failure for Parent %08lX Process %08lX %08lX\n",
147 PsGetCurrentThread()));
150 AFSReleaseResource( pDeviceExt->Specific.Control.ProcessTree.TreeLock);
157 AFSProcessDestroy( IN HANDLE ProcessId)
160 NTSTATUS ntStatus = STATUS_SUCCESS;
161 AFSDeviceExt *pDeviceExt = (AFSDeviceExt *)AFSDeviceObject->DeviceExtension;
162 AFSProcessCB *pProcessCB = NULL;
163 AFSProcessAuthGroupCB *pProcessAuthGroup = NULL, *pLastAuthGroup = NULL;
164 AFSThreadCB *pThreadCB = NULL, *pNextThreadCB = NULL;
169 AFSDbgTrace(( AFS_SUBSYSTEM_LOCK_PROCESSING,
170 AFS_TRACE_LEVEL_VERBOSE,
171 "AFSProcessDestroy Acquiring Control ProcessTree.TreeLock lock %p EXCL %08lX\n",
172 pDeviceExt->Specific.Control.ProcessTree.TreeLock,
173 PsGetCurrentThreadId()));
175 AFSAcquireExcl( pDeviceExt->Specific.Control.ProcessTree.TreeLock,
178 // It's a remove so pull the entry
181 AFSDbgTrace(( AFS_SUBSYSTEM_PROCESS_PROCESSING,
182 AFS_TRACE_LEVEL_VERBOSE,
183 "AFSProcessDestroy Process %08lX %08lX\n",
185 PsGetCurrentThread()));
187 ntStatus = AFSLocateHashEntry( pDeviceExt->Specific.Control.ProcessTree.TreeHead,
188 (ULONGLONG)ProcessId,
189 (AFSBTreeEntry **)&pProcessCB);
191 if( NT_SUCCESS( ntStatus) &&
195 AFSRemoveHashEntry( &pDeviceExt->Specific.Control.ProcessTree.TreeHead,
196 (AFSBTreeEntry *)pProcessCB);
198 pProcessAuthGroup = pProcessCB->AuthGroupList;
200 while( pProcessAuthGroup != NULL)
203 pLastAuthGroup = pProcessAuthGroup->Next;
205 ExFreePool( pProcessAuthGroup);
207 pProcessAuthGroup = pLastAuthGroup;
210 pThreadCB = pProcessCB->ThreadList;
212 while( pThreadCB != NULL)
215 pNextThreadCB = pThreadCB->Next;
217 ExFreePool( pThreadCB);
219 pThreadCB = pNextThreadCB;
222 ExDeleteResourceLite( &pProcessCB->Lock);
224 ExFreePool( pProcessCB);
228 AFSDbgTrace(( AFS_SUBSYSTEM_PROCESS_PROCESSING,
229 AFS_TRACE_LEVEL_WARNING,
230 "AFSProcessDestroy Process %08lX not found in ProcessTree Status %08lX %08lX\n",
233 PsGetCurrentThread()));
236 AFSReleaseResource( pDeviceExt->Specific.Control.ProcessTree.TreeLock);
243 // AFSValidateProcessEntry verifies the consistency of the current process
244 // entry which includes assigning an authentication group ACE if one is not
245 // present. A reference to the active authentication group GUID is returned.
249 AFSValidateProcessEntry( IN HANDLE ProcessId,
250 IN BOOLEAN bProcessTreeLocked)
253 GUID *pAuthGroup = NULL;
254 NTSTATUS ntStatus = STATUS_SUCCESS;
255 AFSProcessCB *pProcessCB = NULL, *pParentProcessCB = NULL;
256 AFSDeviceExt *pDeviceExt = (AFSDeviceExt *)AFSDeviceObject->DeviceExtension;
257 ULONGLONG ullProcessID = (ULONGLONG)ProcessId;
258 UNICODE_STRING uniSIDString;
260 AFSSIDEntryCB *pSIDEntryCB = NULL;
261 ULONG ulSessionId = 0;
262 ULONGLONG ullTableHash = 0;
263 AFSThreadCB *pParentThreadCB = NULL;
264 UNICODE_STRING uniGUID;
265 BOOLEAN bImpersonation = FALSE;
270 uniSIDString.Length = 0;
271 uniSIDString.MaximumLength = 0;
272 uniSIDString.Buffer = NULL;
274 if ( !bProcessTreeLocked)
277 AFSDbgTrace(( AFS_SUBSYSTEM_LOCK_PROCESSING,
278 AFS_TRACE_LEVEL_VERBOSE,
279 "AFSValidateProcessEntry Acquiring Control ProcessTree.TreeLock lock %p SHARED %08lX\n",
280 pDeviceExt->Specific.Control.ProcessTree.TreeLock,
281 PsGetCurrentThread()));
283 AFSAcquireShared( pDeviceExt->Specific.Control.ProcessTree.TreeLock,
287 AFSDbgTrace(( AFS_SUBSYSTEM_AUTHGROUP_PROCESSING,
288 AFS_TRACE_LEVEL_VERBOSE,
289 "%s Entry for ProcessID %I64X\n",
293 ntStatus = AFSLocateHashEntry( pDeviceExt->Specific.Control.ProcessTree.TreeHead,
295 (AFSBTreeEntry **)&pProcessCB);
297 if( !NT_SUCCESS( ntStatus) ||
301 if ( !bProcessTreeLocked)
304 AFSReleaseResource( pDeviceExt->Specific.Control.ProcessTree.TreeLock);
306 AFSAcquireExcl( pDeviceExt->Specific.Control.ProcessTree.TreeLock,
310 ntStatus = AFSLocateHashEntry( pDeviceExt->Specific.Control.ProcessTree.TreeHead,
312 (AFSBTreeEntry **)&pProcessCB);
314 if( !NT_SUCCESS( ntStatus) ||
324 if( !NT_SUCCESS( ntStatus) ||
328 AFSDbgTrace(( AFS_SUBSYSTEM_AUTHGROUP_PROCESSING,
329 AFS_TRACE_LEVEL_ERROR,
330 "%s Failed to locate process entry for ProcessID %I64X\n",
334 try_return( ntStatus = STATUS_UNSUCCESSFUL);
337 if ( !bProcessTreeLocked)
340 AFSConvertToShared( pDeviceExt->Specific.Control.ProcessTree.TreeLock);
345 // Locate and lock the ParentProcessCB if we have one
348 if( pProcessCB->ParentProcessId != 0)
351 AFSDbgTrace(( AFS_SUBSYSTEM_AUTHGROUP_PROCESSING,
352 AFS_TRACE_LEVEL_VERBOSE,
353 "%s Locating process entry for Parent ProcessID %I64X\n",
355 pProcessCB->ParentProcessId));
357 ntStatus = AFSLocateHashEntry( pDeviceExt->Specific.Control.ProcessTree.TreeHead,
358 (ULONGLONG)pProcessCB->ParentProcessId,
359 (AFSBTreeEntry **)&pParentProcessCB);
361 if( NT_SUCCESS( ntStatus) &&
362 pParentProcessCB != NULL)
364 AFSAcquireExcl( &pParentProcessCB->Lock,
367 AFSDbgTrace(( AFS_SUBSYSTEM_AUTHGROUP_PROCESSING,
368 AFS_TRACE_LEVEL_VERBOSE,
369 "%s Located process entry for Parent ProcessID %I64X\n",
371 pProcessCB->ParentProcessId));
377 AFSDbgTrace(( AFS_SUBSYSTEM_AUTHGROUP_PROCESSING,
378 AFS_TRACE_LEVEL_VERBOSE,
379 "%s No parent ID for ProcessID %I64X\n",
384 AFSAcquireExcl( &pProcessCB->Lock,
390 // Mark the process as 64-bit if it is.
393 if( !IoIs32bitProcess( NULL))
396 SetFlag( pProcessCB->Flags, AFS_PROCESS_FLAG_IS_64BIT);
401 ClearFlag( pProcessCB->Flags, AFS_PROCESS_FLAG_IS_64BIT);
406 // Locate the SID for the caller
409 ntStatus = AFSGetCallerSID( &uniSIDString, &bImpersonation);
411 if( !NT_SUCCESS( ntStatus))
414 AFSDbgTrace(( AFS_SUBSYSTEM_AUTHGROUP_PROCESSING,
415 AFS_TRACE_LEVEL_ERROR,
416 "%s Failed to locate callers SID for ProcessID %I64X\n",
420 try_return( ntStatus);
423 ulSessionId = AFSGetSessionId( (HANDLE)ullProcessID, &bImpersonation);
425 if( ulSessionId == (ULONG)-1)
428 AFSDbgTrace(( AFS_SUBSYSTEM_AUTHGROUP_PROCESSING,
429 AFS_TRACE_LEVEL_ERROR,
430 "%s Failed to retrieve session ID for ProcessID %I64X\n",
434 try_return( ntStatus = STATUS_INSUFFICIENT_RESOURCES);
437 AFSDbgTrace(( AFS_SUBSYSTEM_AUTHGROUP_PROCESSING,
438 AFS_TRACE_LEVEL_VERBOSE,
439 "%s Retrieved callers SID %wZ for ProcessID %I64X Session %08lX\n",
446 // If there is an Auth Group for the current process,
447 // our job is finished.
450 if ( bImpersonation == FALSE)
452 pAuthGroup = pProcessCB->ActiveAuthGroup;
454 if( pAuthGroup != NULL &&
455 !AFSIsNoPAGAuthGroup( pAuthGroup))
458 uniGUID.Buffer = NULL;
460 RtlStringFromGUID( *pAuthGroup,
463 AFSDbgTrace(( AFS_SUBSYSTEM_AUTHGROUP_PROCESSING,
464 AFS_TRACE_LEVEL_VERBOSE,
465 "%s Located valid AuthGroup GUID %wZ for SID %wZ ProcessID %I64X Session %08lX\n",
472 if( uniGUID.Buffer != NULL)
474 RtlFreeUnicodeString( &uniGUID);
477 try_return( ntStatus = STATUS_SUCCESS);
481 // The current process does not yet have an Auth Group. Try to inherit
482 // one from the parent process thread that created this process.
485 if( pParentProcessCB != NULL)
488 for ( pParentThreadCB = pParentProcessCB->ThreadList;
489 pParentThreadCB != NULL;
490 pParentThreadCB = pParentThreadCB->Next)
493 if( pParentThreadCB->ThreadId == pProcessCB->CreatingThreadId)
500 // If the creating thread was found and it has a thread specific
501 // Auth Group, use that even if it is the No PAG
504 if( pParentThreadCB != NULL &&
505 pParentThreadCB->ActiveAuthGroup != NULL &&
506 !AFSIsNoPAGAuthGroup( pParentThreadCB->ActiveAuthGroup))
508 pProcessCB->ActiveAuthGroup = pParentThreadCB->ActiveAuthGroup;
510 uniGUID.Buffer = NULL;
512 RtlStringFromGUID( *(pProcessCB->ActiveAuthGroup),
515 AFSDbgTrace(( AFS_SUBSYSTEM_AUTHGROUP_PROCESSING,
516 AFS_TRACE_LEVEL_VERBOSE,
517 "%s PID %I64X Session %08lX inherited Active AuthGroup %wZ from thread %I64X\n",
522 pParentThreadCB->ThreadId));
524 if( uniGUID.Buffer != NULL)
526 RtlFreeUnicodeString( &uniGUID);
531 // If the parent thread was not found or does not have an auth group
534 else if( pParentProcessCB->ActiveAuthGroup != NULL &&
535 !AFSIsNoPAGAuthGroup( pParentProcessCB->ActiveAuthGroup))
537 pProcessCB->ActiveAuthGroup = pParentProcessCB->ActiveAuthGroup;
539 uniGUID.Buffer = NULL;
541 RtlStringFromGUID( *(pProcessCB->ActiveAuthGroup),
544 AFSDbgTrace(( AFS_SUBSYSTEM_AUTHGROUP_PROCESSING,
545 AFS_TRACE_LEVEL_VERBOSE,
546 "%s PID %I64X Session %08lX inherited Active AuthGroup %wZ from parent PID %I64X\n",
551 pParentProcessCB->TreeEntry.HashIndex));
553 if( uniGUID.Buffer != NULL)
555 RtlFreeUnicodeString( &uniGUID);
560 // If an Auth Group was inherited, set it to be the active group
563 if( pProcessCB->ActiveAuthGroup != NULL &&
564 !AFSIsNoPAGAuthGroup( pParentProcessCB->ActiveAuthGroup))
566 pAuthGroup = pProcessCB->ActiveAuthGroup;
568 uniGUID.Buffer = NULL;
570 RtlStringFromGUID( *(pProcessCB->ActiveAuthGroup),
573 AFSDbgTrace(( AFS_SUBSYSTEM_AUTHGROUP_PROCESSING,
574 AFS_TRACE_LEVEL_VERBOSE,
575 "%s Returning(1) Active AuthGroup %wZ for SID %wZ PID %I64X Session %08lX\n",
582 if( uniGUID.Buffer != NULL)
584 RtlFreeUnicodeString( &uniGUID);
587 try_return( ntStatus);
593 // If no Auth Group was inherited, assign one based upon the Session and SID
596 ntStatus = RtlHashUnicodeString( &uniSIDString,
598 HASH_STRING_ALGORITHM_DEFAULT,
601 if( !NT_SUCCESS( ntStatus))
604 AFSDbgTrace(( AFS_SUBSYSTEM_AUTHGROUP_PROCESSING,
605 AFS_TRACE_LEVEL_ERROR,
606 "%s Failed to hash SID %wZ for PID %I64X Session %08lX Status %08lX\n",
613 try_return( ntStatus);
616 ullTableHash = ( ((ULONGLONG)ulSessionId << 32) | ulSIDHash);
618 AFSAcquireShared( pDeviceExt->Specific.Control.AuthGroupTree.TreeLock,
621 ntStatus = AFSLocateHashEntry( pDeviceExt->Specific.Control.AuthGroupTree.TreeHead,
622 (ULONGLONG)ullTableHash,
623 (AFSBTreeEntry **)&pSIDEntryCB);
625 if( !NT_SUCCESS( ntStatus) ||
629 AFSReleaseResource( pDeviceExt->Specific.Control.AuthGroupTree.TreeLock);
631 AFSAcquireExcl( pDeviceExt->Specific.Control.AuthGroupTree.TreeLock,
634 ntStatus = AFSLocateHashEntry( pDeviceExt->Specific.Control.AuthGroupTree.TreeHead,
635 (ULONGLONG)ullTableHash,
636 (AFSBTreeEntry **)&pSIDEntryCB);
638 if( !NT_SUCCESS( ntStatus) ||
642 pSIDEntryCB = (AFSSIDEntryCB *)AFSExAllocatePoolWithTag( NonPagedPool,
643 sizeof( AFSSIDEntryCB),
644 AFS_AG_ENTRY_CB_TAG);
646 if( pSIDEntryCB == NULL)
649 AFSReleaseResource( pDeviceExt->Specific.Control.AuthGroupTree.TreeLock);
651 try_return( ntStatus = STATUS_INSUFFICIENT_RESOURCES);
654 RtlZeroMemory( pSIDEntryCB,
655 sizeof( AFSSIDEntryCB));
657 pSIDEntryCB->TreeEntry.HashIndex = (ULONGLONG)ullTableHash;
659 while( ExUuidCreate( &pSIDEntryCB->AuthGroup) == STATUS_RETRY);
661 uniGUID.Buffer = NULL;
663 RtlStringFromGUID( pSIDEntryCB->AuthGroup,
666 AFSDbgTrace(( AFS_SUBSYSTEM_AUTHGROUP_PROCESSING,
667 AFS_TRACE_LEVEL_VERBOSE,
668 "%s SID %wZ PID %I64X Session %08lX generated NEW AG %wZ\n",
675 if( uniGUID.Buffer != NULL)
677 RtlFreeUnicodeString( &uniGUID);
680 if( pDeviceExt->Specific.Control.AuthGroupTree.TreeHead == NULL)
682 pDeviceExt->Specific.Control.AuthGroupTree.TreeHead = (AFSBTreeEntry *)pSIDEntryCB;
686 AFSInsertHashEntry( pDeviceExt->Specific.Control.AuthGroupTree.TreeHead,
687 &pSIDEntryCB->TreeEntry);
691 AFSConvertToShared( pDeviceExt->Specific.Control.AuthGroupTree.TreeLock);
695 AFSReleaseResource( pDeviceExt->Specific.Control.AuthGroupTree.TreeLock);
698 // Store the auth group into the process cb
701 pProcessCB->ActiveAuthGroup = &pSIDEntryCB->AuthGroup;
703 uniGUID.Buffer = NULL;
705 RtlStringFromGUID( pSIDEntryCB->AuthGroup,
708 AFSDbgTrace(( AFS_SUBSYSTEM_AUTHGROUP_PROCESSING,
709 AFS_TRACE_LEVEL_VERBOSE,
710 "%s SID %wZ PID %I64X Session %08lX assigned AG %wZ\n",
717 if( uniGUID.Buffer != NULL)
719 RtlFreeUnicodeString( &uniGUID);
723 // Set the AFS_PROCESS_LOCAL_SYSTEM_AUTH flag if the process SID
727 if( AFSIsLocalSystemSID( &uniSIDString))
729 SetFlag( pProcessCB->Flags, AFS_PROCESS_LOCAL_SYSTEM_AUTH);
731 AFSDbgTrace(( AFS_SUBSYSTEM_AUTHGROUP_PROCESSING,
732 AFS_TRACE_LEVEL_VERBOSE,
733 "%s Setting PID %I64X Session %08lX with LOCAL SYSTEM AUTHORITY\n",
740 // Return the auth group
743 pAuthGroup = pProcessCB->ActiveAuthGroup;
745 uniGUID.Buffer = NULL;
747 RtlStringFromGUID( *(pProcessCB->ActiveAuthGroup),
750 AFSDbgTrace(( AFS_SUBSYSTEM_AUTHGROUP_PROCESSING,
751 AFS_TRACE_LEVEL_VERBOSE,
752 "%s Returning(2) Active AuthGroup %wZ for SID %wZ PID %I64X Session %08lX\n",
759 if( uniGUID.Buffer != NULL)
761 RtlFreeUnicodeString( &uniGUID);
766 if( pProcessCB != NULL)
769 if( bImpersonation == FALSE &&
770 !BooleanFlagOn( pProcessCB->Flags, AFS_PROCESS_FLAG_ACE_SET) &&
771 NT_SUCCESS( ntStatus))
773 ntStatus = AFSProcessSetProcessDacl( pProcessCB);
775 if( !NT_SUCCESS( ntStatus))
781 SetFlag( pProcessCB->Flags, AFS_PROCESS_FLAG_ACE_SET);
785 AFSReleaseResource( &pProcessCB->Lock);
788 if( pParentProcessCB != NULL)
790 AFSReleaseResource( &pParentProcessCB->Lock);
793 if( uniSIDString.Length > 0)
795 RtlFreeUnicodeString( &uniSIDString);
798 if ( !bProcessTreeLocked)
801 AFSReleaseResource( pDeviceExt->Specific.Control.ProcessTree.TreeLock);
809 AFSIs64BitProcess( IN ULONGLONG ProcessId)
812 NTSTATUS ntStatus = STATUS_SUCCESS;
813 BOOLEAN bIs64Bit = FALSE;
814 AFSProcessCB *pProcessCB = NULL;
815 AFSDeviceExt *pDeviceExt = (AFSDeviceExt *)AFSDeviceObject->DeviceExtension;
820 AFSDbgTrace(( AFS_SUBSYSTEM_LOCK_PROCESSING,
821 AFS_TRACE_LEVEL_VERBOSE,
822 "AFSIs64BitProcess Acquiring Control ProcessTree.TreeLock lock %p SHARED %08lX\n",
823 pDeviceExt->Specific.Control.ProcessTree.TreeLock,
824 PsGetCurrentThread()));
826 AFSAcquireShared( pDeviceExt->Specific.Control.ProcessTree.TreeLock,
829 ntStatus = AFSLocateHashEntry( pDeviceExt->Specific.Control.ProcessTree.TreeHead,
830 (ULONGLONG)ProcessId,
831 (AFSBTreeEntry **)&pProcessCB);
833 if( pProcessCB != NULL)
835 bIs64Bit = BooleanFlagOn( pProcessCB->Flags, AFS_PROCESS_FLAG_IS_64BIT);
838 AFSReleaseResource( pDeviceExt->Specific.Control.ProcessTree.TreeLock);
845 AFSInitializeProcessCB( IN ULONGLONG ParentProcessId,
846 IN ULONGLONG ProcessId)
849 AFSProcessCB *pProcessCB = NULL;
850 AFSDeviceExt *pDeviceExt = (AFSDeviceExt *)AFSDeviceObject->DeviceExtension;
855 pProcessCB = (AFSProcessCB *)AFSExAllocatePoolWithTag( NonPagedPool,
856 sizeof( AFSProcessCB),
859 if( pProcessCB == NULL)
861 try_return( pProcessCB);
864 RtlZeroMemory( pProcessCB,
865 sizeof( AFSProcessCB));
867 pProcessCB->TreeEntry.HashIndex = (ULONGLONG)ProcessId;
869 pProcessCB->ParentProcessId = (ULONGLONG)ParentProcessId;
871 if( pDeviceExt->Specific.Control.ProcessTree.TreeHead == NULL)
873 pDeviceExt->Specific.Control.ProcessTree.TreeHead = (AFSBTreeEntry *)pProcessCB;
877 AFSInsertHashEntry( pDeviceExt->Specific.Control.ProcessTree.TreeHead,
878 &pProcessCB->TreeEntry);
881 ExInitializeResourceLite( &pProcessCB->Lock);
883 pProcessCB->ActiveAuthGroup = &AFSNoPAGAuthGroup;
894 AFSInitializeThreadCB( IN AFSProcessCB *ProcessCB,
895 IN ULONGLONG ThreadId)
898 AFSThreadCB *pThreadCB = NULL, *pCurrentThreadCB = NULL;
903 pThreadCB = (AFSThreadCB *)AFSExAllocatePoolWithTag( NonPagedPool,
904 sizeof( AFSThreadCB),
907 if( pThreadCB == NULL)
909 try_return( pThreadCB);
912 RtlZeroMemory( pThreadCB,
913 sizeof( AFSThreadCB));
915 pThreadCB->ThreadId = ThreadId;
917 if( ProcessCB->ThreadList == NULL)
919 ProcessCB->ThreadList = pThreadCB;
924 pCurrentThreadCB = ProcessCB->ThreadList;
926 while( pCurrentThreadCB != NULL)
929 if( pCurrentThreadCB->Next == NULL)
931 pCurrentThreadCB->Next = pThreadCB;
935 pCurrentThreadCB = pCurrentThreadCB->Next;
948 AFSIsUser( IN PSID Sid)
950 SECURITY_SUBJECT_CONTEXT subjectContext;
953 BOOLEAN retVal = FALSE;
955 SeCaptureSubjectContext( &subjectContext);
956 SeLockSubjectContext( &subjectContext);
958 token = SeQuerySubjectContextToken( &subjectContext);
960 if (NT_SUCCESS (SeQueryInformationToken( token, TokenUser, (PVOID*) &user)))
963 retVal = RtlEqualSid( user->User.Sid, Sid);
967 SeUnlockSubjectContext( &subjectContext);
968 SeReleaseSubjectContext( &subjectContext);
973 AFSIsInGroup(PSID Sid)
975 SECURITY_SUBJECT_CONTEXT subjectContext;
976 PTOKEN_GROUPS groups;
978 BOOLEAN retVal = FALSE;
980 SeCaptureSubjectContext( &subjectContext );
981 SeLockSubjectContext( &subjectContext );
983 token = SeQuerySubjectContextToken( &subjectContext );
985 if (NT_SUCCESS(SeQueryInformationToken(token, TokenGroups, (PVOID*) &groups)))
988 for (i = 0; !retVal && i < groups->GroupCount; i++)
990 retVal = RtlEqualSid(Sid, groups->Groups[i].Sid);
993 ExFreePool( groups );
995 SeUnlockSubjectContext( &subjectContext );
996 SeReleaseSubjectContext( &subjectContext );
1001 AFSRegisterService( void)
1003 AFSServicePid = PsGetCurrentProcessId();
1007 AFSDeregisterService( void)
1009 AFSServicePid = NULL;
1015 return PsGetCurrentProcessId() == AFSServicePid;