2 * Copyright (c) 2008, 2009, 2010, 2011 Kernel Drivers, LLC.
3 * Copyright (c) 2009, 2010, 2011 Your File System, Inc.
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
10 * - Redistributions of source code must retain the above copyright notice,
11 * this list of conditions and the following disclaimer.
12 * - Redistributions in binary form must reproduce the above copyright
14 * this list of conditions and the following disclaimer in the
16 * and/or other materials provided with the distribution.
17 * - Neither the names of Kernel Drivers, LLC and Your File System, Inc.
18 * nor the names of their contributors may be used to endorse or promote
19 * products derived from this software without specific prior written
20 * permission from Kernel Drivers, LLC and Your File System, Inc.
22 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
23 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
24 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
25 * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER
26 * OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
27 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
28 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
29 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
30 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
31 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
32 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36 // File: AFSProcessSupport.cpp
39 #include "AFSCommon.h"
42 AFSProcessNotify( IN HANDLE ParentId,
48 // If this is a create notification then update our tree, otherwise remove the
55 AFSProcessCreate( ParentId,
57 PsGetCurrentProcessId(),
58 PsGetCurrentThreadId());
63 AFSProcessDestroy( ProcessId);
70 AFSProcessNotifyEx( IN OUT PEPROCESS Process,
72 IN OUT PPS_CREATE_NOTIFY_INFO CreateInfo)
78 AFSProcessCreate( CreateInfo->ParentProcessId,
80 CreateInfo->CreatingThreadId.UniqueProcess,
81 CreateInfo->CreatingThreadId.UniqueThread);
86 AFSProcessDestroy( ProcessId);
92 AFSProcessCreate( IN HANDLE ParentId,
94 IN HANDLE CreatingProcessId,
95 IN HANDLE CreatingThreadId)
97 NTSTATUS ntStatus = STATUS_SUCCESS;
98 AFSDeviceExt *pDeviceExt = (AFSDeviceExt *)AFSDeviceObject->DeviceExtension;
99 AFSProcessCB *pProcessCB = NULL;
104 AFSDbgLogMsg( AFS_SUBSYSTEM_LOCK_PROCESSING,
105 AFS_TRACE_LEVEL_VERBOSE,
106 "AFSProcessCreate Acquiring Control ProcessTree.TreeLock lock %08lX EXCL %08lX\n",
107 pDeviceExt->Specific.Control.ProcessTree.TreeLock,
108 PsGetCurrentThread());
110 AFSAcquireExcl( pDeviceExt->Specific.Control.ProcessTree.TreeLock,
113 AFSDbgLogMsg( AFS_SUBSYSTEM_PROCESS_PROCESSING,
114 AFS_TRACE_LEVEL_VERBOSE,
115 "AFSProcessCreate Parent %08lX Process %08lX %08lX\n",
118 PsGetCurrentThread());
120 pProcessCB = AFSInitializeProcessCB( (ULONGLONG)ParentId,
121 (ULONGLONG)ProcessId);
123 if( pProcessCB != NULL)
126 pProcessCB->CreatingProcessId = (ULONGLONG)CreatingProcessId;
128 pProcessCB->CreatingThreadId = (ULONGLONG)CreatingThreadId;
132 // Now assign the AuthGroup ACE
135 AFSValidateProcessEntry( ProcessId);
137 AFSReleaseResource( pDeviceExt->Specific.Control.ProcessTree.TreeLock);
144 AFSProcessDestroy( IN HANDLE ProcessId)
147 NTSTATUS ntStatus = STATUS_SUCCESS;
148 AFSDeviceExt *pDeviceExt = (AFSDeviceExt *)AFSDeviceObject->DeviceExtension;
149 AFSProcessCB *pProcessCB = NULL, *pParentProcessCB = NULL;
150 AFSProcessAuthGroupCB *pProcessAuthGroup = NULL, *pLastAuthGroup = NULL;
151 AFSThreadCB *pThreadCB = NULL, *pNextThreadCB = NULL;
156 AFSDbgLogMsg( AFS_SUBSYSTEM_LOCK_PROCESSING,
157 AFS_TRACE_LEVEL_VERBOSE,
158 "AFSProcessDestroy Acquiring Control ProcessTree.TreeLock lock %08lX EXCL %08lX\n",
159 pDeviceExt->Specific.Control.ProcessTree.TreeLock,
160 PsGetCurrentThreadId());
162 AFSAcquireExcl( pDeviceExt->Specific.Control.ProcessTree.TreeLock,
165 // It's a remove so pull the entry
168 AFSDbgLogMsg( AFS_SUBSYSTEM_PROCESS_PROCESSING,
169 AFS_TRACE_LEVEL_VERBOSE,
170 "AFSProcessDestroy Process %08lX %08lX\n",
172 PsGetCurrentThread());
174 ntStatus = AFSLocateHashEntry( pDeviceExt->Specific.Control.ProcessTree.TreeHead,
175 (ULONGLONG)ProcessId,
176 (AFSBTreeEntry **)&pProcessCB);
178 if( NT_SUCCESS( ntStatus) &&
182 AFSRemoveHashEntry( &pDeviceExt->Specific.Control.ProcessTree.TreeHead,
183 (AFSBTreeEntry *)pProcessCB);
185 pProcessAuthGroup = pProcessCB->AuthGroupList;
187 while( pProcessAuthGroup != NULL)
190 pLastAuthGroup = pProcessAuthGroup->Next;
192 ExFreePool( pProcessAuthGroup);
194 pProcessAuthGroup = pLastAuthGroup;
197 pThreadCB = pProcessCB->ThreadList;
199 while( pThreadCB != NULL)
202 pNextThreadCB = pThreadCB->Next;
204 ExFreePool( pThreadCB);
206 pThreadCB = pNextThreadCB;
209 ExDeleteResourceLite( &pProcessCB->Lock);
211 ExFreePool( pProcessCB);
215 AFSDbgLogMsg( AFS_SUBSYSTEM_PROCESS_PROCESSING,
216 AFS_TRACE_LEVEL_WARNING,
217 "AFSProcessDestroy Process %08lX not found in ProcessTree Status %08lX %08lX\n",
220 PsGetCurrentThread());
223 AFSReleaseResource( pDeviceExt->Specific.Control.ProcessTree.TreeLock);
230 // AFSValidateProcessEntry verifies the consistency of the current process
231 // entry which includes assigning an authentication group ACE if one is not
232 // present. A reference to the active authentication group GUID is returned.
236 AFSValidateProcessEntry( IN HANDLE ProcessId)
239 GUID *pAuthGroup = NULL;
240 NTSTATUS ntStatus = STATUS_SUCCESS;
241 AFSProcessCB *pProcessCB = NULL, *pParentProcessCB = NULL;
242 AFSDeviceExt *pDeviceExt = (AFSDeviceExt *)AFSDeviceObject->DeviceExtension;
243 ULONGLONG ullProcessID = (ULONGLONG)ProcessId;
244 UNICODE_STRING uniSIDString;
246 AFSSIDEntryCB *pSIDEntryCB = NULL;
247 ULONG ulSessionId = 0;
248 ULONGLONG ullTableHash = 0;
249 AFSThreadCB *pParentThreadCB = NULL;
250 UNICODE_STRING uniGUID;
251 BOOLEAN bImpersonation = FALSE;
256 AFSDbgLogMsg( AFS_SUBSYSTEM_LOCK_PROCESSING,
257 AFS_TRACE_LEVEL_VERBOSE,
258 "AFSValidateProcessEntry Acquiring Control ProcessTree.TreeLock lock %08lX SHARED %08lX\n",
259 pDeviceExt->Specific.Control.ProcessTree.TreeLock,
260 PsGetCurrentThread());
262 uniSIDString.Length = 0;
263 uniSIDString.MaximumLength = 0;
264 uniSIDString.Buffer = NULL;
266 AFSAcquireShared( pDeviceExt->Specific.Control.ProcessTree.TreeLock,
269 AFSDbgLogMsg( AFS_SUBSYSTEM_AUTHGROUP_PROCESSING,
270 AFS_TRACE_LEVEL_VERBOSE,
271 "%s Entry for ProcessID %I64X\n",
275 ntStatus = AFSLocateHashEntry( pDeviceExt->Specific.Control.ProcessTree.TreeHead,
277 (AFSBTreeEntry **)&pProcessCB);
279 if( !NT_SUCCESS( ntStatus) ||
289 if( !NT_SUCCESS( ntStatus) ||
293 AFSDbgLogMsg( AFS_SUBSYSTEM_AUTHGROUP_PROCESSING,
294 AFS_TRACE_LEVEL_ERROR,
295 "%s Failed to locate process entry for ProcessID %I64X\n",
299 AFSReleaseResource( pDeviceExt->Specific.Control.ProcessTree.TreeLock);
301 try_return( ntStatus = STATUS_UNSUCCESSFUL);
305 // Locate and lock the ParentProcessCB if we have one
308 if( pProcessCB->ParentProcessId != 0)
311 AFSDbgLogMsg( AFS_SUBSYSTEM_AUTHGROUP_PROCESSING,
312 AFS_TRACE_LEVEL_VERBOSE,
313 "%s Locating process entry for Parent ProcessID %I64X\n",
315 pProcessCB->ParentProcessId);
317 ntStatus = AFSLocateHashEntry( pDeviceExt->Specific.Control.ProcessTree.TreeHead,
318 (ULONGLONG)pProcessCB->ParentProcessId,
319 (AFSBTreeEntry **)&pParentProcessCB);
321 if( NT_SUCCESS( ntStatus) &&
322 pParentProcessCB != NULL)
324 AFSAcquireExcl( &pParentProcessCB->Lock,
327 AFSDbgLogMsg( AFS_SUBSYSTEM_AUTHGROUP_PROCESSING,
328 AFS_TRACE_LEVEL_VERBOSE,
329 "%s Located process entry for Parent ProcessID %I64X\n",
331 pProcessCB->ParentProcessId);
337 AFSDbgLogMsg( AFS_SUBSYSTEM_AUTHGROUP_PROCESSING,
338 AFS_TRACE_LEVEL_VERBOSE,
339 "%s No parent ID for ProcessID %I64X\n",
344 AFSAcquireExcl( &pProcessCB->Lock,
347 AFSReleaseResource( pDeviceExt->Specific.Control.ProcessTree.TreeLock);
350 // Locate the SID for the caller
353 ntStatus = AFSGetCallerSID( &uniSIDString, &bImpersonation);
355 if( !NT_SUCCESS( ntStatus))
358 AFSDbgLogMsg( AFS_SUBSYSTEM_AUTHGROUP_PROCESSING,
359 AFS_TRACE_LEVEL_ERROR,
360 "%s Failed to locate callers SID for ProcessID %I64X\n",
364 try_return( ntStatus);
367 ulSessionId = AFSGetSessionId( (HANDLE)ullProcessID, &bImpersonation);
369 if( ulSessionId == (ULONG)-1)
372 AFSDbgLogMsg( AFS_SUBSYSTEM_AUTHGROUP_PROCESSING,
373 AFS_TRACE_LEVEL_ERROR,
374 "%s Failed to retrieve session ID for ProcessID %I64X\n",
378 try_return( ntStatus = STATUS_INSUFFICIENT_RESOURCES);
381 AFSDbgLogMsg( AFS_SUBSYSTEM_AUTHGROUP_PROCESSING,
382 AFS_TRACE_LEVEL_VERBOSE,
383 "%s Retrieved callers SID %wZ for ProcessID %I64X Session %08lX\n",
390 // If there is an Auth Group for the current process,
391 // our job is finished.
394 if ( bImpersonation == FALSE)
396 pAuthGroup = pProcessCB->ActiveAuthGroup;
398 if( pAuthGroup != NULL &&
399 !AFSIsNoPAGAuthGroup( pAuthGroup))
402 uniGUID.Buffer = NULL;
404 RtlStringFromGUID( *pAuthGroup,
407 AFSDbgLogMsg( AFS_SUBSYSTEM_AUTHGROUP_PROCESSING,
408 AFS_TRACE_LEVEL_VERBOSE,
409 "%s Located valid AuthGroup GUID %wZ for SID %wZ ProcessID %I64X Session %08lX\n",
416 if( uniGUID.Buffer != NULL)
418 RtlFreeUnicodeString( &uniGUID);
421 try_return( ntStatus = STATUS_SUCCESS);
425 // The current process does not yet have an Auth Group. Try to inherit
426 // one from the parent process thread that created this process.
429 if( pParentProcessCB != NULL)
432 for ( pParentThreadCB = pParentProcessCB->ThreadList;
433 pParentThreadCB != NULL;
434 pParentThreadCB = pParentThreadCB->Next)
437 if( pParentThreadCB->ThreadId == pProcessCB->CreatingThreadId)
444 // If the creating thread was found and it has a thread specific
445 // Auth Group, use that even if it is the No PAG
448 if( pParentThreadCB != NULL &&
449 pParentThreadCB->ActiveAuthGroup != NULL &&
450 !AFSIsNoPAGAuthGroup( pParentThreadCB->ActiveAuthGroup))
452 pProcessCB->ActiveAuthGroup = pParentThreadCB->ActiveAuthGroup;
454 uniGUID.Buffer = NULL;
456 RtlStringFromGUID( *(pProcessCB->ActiveAuthGroup),
459 AFSDbgLogMsg( AFS_SUBSYSTEM_AUTHGROUP_PROCESSING,
460 AFS_TRACE_LEVEL_VERBOSE,
461 "%s PID %08lX Session %08lX inherited Active AuthGroup %wZ from thread %I64X\n",
466 pParentThreadCB->ThreadId);
468 if( uniGUID.Buffer != NULL)
470 RtlFreeUnicodeString( &uniGUID);
475 // If the parent thread was not found or does not have an auth group
478 else if( pParentProcessCB->ActiveAuthGroup != NULL &&
479 !AFSIsNoPAGAuthGroup( pParentProcessCB->ActiveAuthGroup))
481 pProcessCB->ActiveAuthGroup = pParentProcessCB->ActiveAuthGroup;
483 uniGUID.Buffer = NULL;
485 RtlStringFromGUID( *(pProcessCB->ActiveAuthGroup),
488 AFSDbgLogMsg( AFS_SUBSYSTEM_AUTHGROUP_PROCESSING,
489 AFS_TRACE_LEVEL_VERBOSE,
490 "%s PID %08lX Session %08lX inherited Active AuthGroup %wZ from parent PID %I64X\n",
495 pParentProcessCB->TreeEntry.HashIndex);
497 if( uniGUID.Buffer != NULL)
499 RtlFreeUnicodeString( &uniGUID);
504 // If an Auth Group was inherited, set it to be the active group
507 if( pProcessCB->ActiveAuthGroup != NULL &&
508 !AFSIsNoPAGAuthGroup( pParentProcessCB->ActiveAuthGroup))
510 pAuthGroup = pProcessCB->ActiveAuthGroup;
512 uniGUID.Buffer = NULL;
514 RtlStringFromGUID( *(pProcessCB->ActiveAuthGroup),
517 AFSDbgLogMsg( AFS_SUBSYSTEM_AUTHGROUP_PROCESSING,
518 AFS_TRACE_LEVEL_VERBOSE,
519 "%s Returning(1) Active AuthGroup %wZ for SID %wZ PID %I64X Session %08lX\n",
526 if( uniGUID.Buffer != NULL)
528 RtlFreeUnicodeString( &uniGUID);
531 try_return( ntStatus);
537 // If no Auth Group was inherited, assign one based upon the Session and SID
540 ntStatus = RtlHashUnicodeString( &uniSIDString,
542 HASH_STRING_ALGORITHM_DEFAULT,
545 if( !NT_SUCCESS( ntStatus))
548 AFSDbgLogMsg( AFS_SUBSYSTEM_AUTHGROUP_PROCESSING,
549 AFS_TRACE_LEVEL_ERROR,
550 "%s Failed to hash SID %wZ for PID %I64X Session %08lX Status %08lX\n",
557 try_return( ntStatus);
560 ullTableHash = ( ((ULONGLONG)ulSessionId << 32) | ulSIDHash);
562 AFSAcquireShared( pDeviceExt->Specific.Control.AuthGroupTree.TreeLock,
565 ntStatus = AFSLocateHashEntry( pDeviceExt->Specific.Control.AuthGroupTree.TreeHead,
566 (ULONGLONG)ullTableHash,
567 (AFSBTreeEntry **)&pSIDEntryCB);
569 if( !NT_SUCCESS( ntStatus) ||
573 AFSReleaseResource( pDeviceExt->Specific.Control.AuthGroupTree.TreeLock);
575 AFSAcquireExcl( pDeviceExt->Specific.Control.AuthGroupTree.TreeLock,
578 ntStatus = AFSLocateHashEntry( pDeviceExt->Specific.Control.AuthGroupTree.TreeHead,
579 (ULONGLONG)ullTableHash,
580 (AFSBTreeEntry **)&pSIDEntryCB);
582 if( !NT_SUCCESS( ntStatus) ||
586 pSIDEntryCB = (AFSSIDEntryCB *)AFSExAllocatePoolWithTag( NonPagedPool,
587 sizeof( AFSSIDEntryCB),
588 AFS_AG_ENTRY_CB_TAG);
590 if( pSIDEntryCB == NULL)
593 AFSReleaseResource( pDeviceExt->Specific.Control.AuthGroupTree.TreeLock);
595 try_return( ntStatus = STATUS_INSUFFICIENT_RESOURCES);
598 RtlZeroMemory( pSIDEntryCB,
599 sizeof( AFSSIDEntryCB));
601 pSIDEntryCB->TreeEntry.HashIndex = (ULONGLONG)ullTableHash;
603 while( ExUuidCreate( &pSIDEntryCB->AuthGroup) == STATUS_RETRY);
605 uniGUID.Buffer = NULL;
607 RtlStringFromGUID( pSIDEntryCB->AuthGroup,
610 AFSDbgLogMsg( AFS_SUBSYSTEM_AUTHGROUP_PROCESSING,
611 AFS_TRACE_LEVEL_VERBOSE,
612 "%s SID %wZ PID %I64X Session %08lX generated NEW AG %wZ\n",
619 if( uniGUID.Buffer != NULL)
621 RtlFreeUnicodeString( &uniGUID);
624 if( pDeviceExt->Specific.Control.AuthGroupTree.TreeHead == NULL)
626 pDeviceExt->Specific.Control.AuthGroupTree.TreeHead = (AFSBTreeEntry *)pSIDEntryCB;
630 AFSInsertHashEntry( pDeviceExt->Specific.Control.AuthGroupTree.TreeHead,
631 &pSIDEntryCB->TreeEntry);
635 AFSConvertToShared( pDeviceExt->Specific.Control.AuthGroupTree.TreeLock);
639 AFSReleaseResource( pDeviceExt->Specific.Control.AuthGroupTree.TreeLock);
642 // Store the auth group into the process cb
645 pProcessCB->ActiveAuthGroup = &pSIDEntryCB->AuthGroup;
647 uniGUID.Buffer = NULL;
649 RtlStringFromGUID( pSIDEntryCB->AuthGroup,
652 AFSDbgLogMsg( AFS_SUBSYSTEM_AUTHGROUP_PROCESSING,
653 AFS_TRACE_LEVEL_VERBOSE,
654 "%s SID %wZ PID %I64X Session %08lX assigned AG %wZ\n",
661 if( uniGUID.Buffer != NULL)
663 RtlFreeUnicodeString( &uniGUID);
667 // Set the AFS_PROCESS_LOCAL_SYSTEM_AUTH flag if the process SID
671 if( AFSIsLocalSystemSID( &uniSIDString))
673 SetFlag( pProcessCB->Flags, AFS_PROCESS_LOCAL_SYSTEM_AUTH);
675 AFSDbgLogMsg( AFS_SUBSYSTEM_AUTHGROUP_PROCESSING,
676 AFS_TRACE_LEVEL_VERBOSE,
677 "%s Setting PID %I64X Session %08lX with LOCAL SYSTEM AUTHORITY\n",
684 // Return the auth group
687 pAuthGroup = pProcessCB->ActiveAuthGroup;
689 uniGUID.Buffer = NULL;
691 RtlStringFromGUID( *(pProcessCB->ActiveAuthGroup),
694 AFSDbgLogMsg( AFS_SUBSYSTEM_AUTHGROUP_PROCESSING,
695 AFS_TRACE_LEVEL_VERBOSE,
696 "%s Returning(2) Active AuthGroup %wZ for SID %wZ PID %I64X Session %08lX\n",
703 if( uniGUID.Buffer != NULL)
705 RtlFreeUnicodeString( &uniGUID);
710 if( pProcessCB != NULL)
713 if( bImpersonation == FALSE &&
714 !BooleanFlagOn( pProcessCB->Flags, AFS_PROCESS_FLAG_ACE_SET) &&
715 NT_SUCCESS( ntStatus))
717 ntStatus = AFSProcessSetProcessDacl( pProcessCB);
719 if( !NT_SUCCESS( ntStatus))
725 SetFlag( pProcessCB->Flags, AFS_PROCESS_FLAG_ACE_SET);
729 AFSReleaseResource( &pProcessCB->Lock);
732 if( pParentProcessCB != NULL)
734 AFSReleaseResource( &pParentProcessCB->Lock);
737 if( uniSIDString.Length > 0)
739 RtlFreeUnicodeString( &uniSIDString);
747 AFSIs64BitProcess( IN ULONGLONG ProcessId)
750 NTSTATUS ntStatus = STATUS_SUCCESS;
751 BOOLEAN bIs64Bit = FALSE;
752 AFSProcessCB *pProcessCB = NULL;
753 AFSDeviceExt *pDeviceExt = (AFSDeviceExt *)AFSDeviceObject->DeviceExtension;
758 AFSDbgLogMsg( AFS_SUBSYSTEM_LOCK_PROCESSING,
759 AFS_TRACE_LEVEL_VERBOSE,
760 "AFSIs64BitProcess Acquiring Control ProcessTree.TreeLock lock %08lX SHARED %08lX\n",
761 pDeviceExt->Specific.Control.ProcessTree.TreeLock,
762 PsGetCurrentThread());
764 AFSAcquireShared( pDeviceExt->Specific.Control.ProcessTree.TreeLock,
767 ntStatus = AFSLocateHashEntry( pDeviceExt->Specific.Control.ProcessTree.TreeHead,
768 (ULONGLONG)ProcessId,
769 (AFSBTreeEntry **)&pProcessCB);
771 if( pProcessCB != NULL)
773 bIs64Bit = BooleanFlagOn( pProcessCB->Flags, AFS_PROCESS_FLAG_IS_64BIT);
776 AFSReleaseResource( pDeviceExt->Specific.Control.ProcessTree.TreeLock);
783 AFSInitializeProcessCB( IN ULONGLONG ParentProcessId,
784 IN ULONGLONG ProcessId)
787 AFSProcessCB *pProcessCB = NULL;
788 AFSDeviceExt *pDeviceExt = (AFSDeviceExt *)AFSDeviceObject->DeviceExtension;
793 pProcessCB = (AFSProcessCB *)AFSExAllocatePoolWithTag( NonPagedPool,
794 sizeof( AFSProcessCB),
797 if( pProcessCB == NULL)
799 try_return( pProcessCB);
802 RtlZeroMemory( pProcessCB,
803 sizeof( AFSProcessCB));
805 pProcessCB->TreeEntry.HashIndex = (ULONGLONG)ProcessId;
807 pProcessCB->ParentProcessId = (ULONGLONG)ParentProcessId;
811 if( !IoIs32bitProcess( NULL))
813 SetFlag( pProcessCB->Flags, AFS_PROCESS_FLAG_IS_64BIT);
818 if( pDeviceExt->Specific.Control.ProcessTree.TreeHead == NULL)
820 pDeviceExt->Specific.Control.ProcessTree.TreeHead = (AFSBTreeEntry *)pProcessCB;
824 AFSInsertHashEntry( pDeviceExt->Specific.Control.ProcessTree.TreeHead,
825 &pProcessCB->TreeEntry);
828 ExInitializeResourceLite( &pProcessCB->Lock);
830 pProcessCB->ActiveAuthGroup = &AFSNoPAGAuthGroup;
841 AFSInitializeThreadCB( IN AFSProcessCB *ProcessCB,
842 IN ULONGLONG ThreadId)
845 AFSThreadCB *pThreadCB = NULL, *pCurrentThreadCB = NULL;
850 pThreadCB = (AFSThreadCB *)AFSExAllocatePoolWithTag( NonPagedPool,
851 sizeof( AFSThreadCB),
854 if( pThreadCB == NULL)
856 try_return( pThreadCB);
859 RtlZeroMemory( pThreadCB,
860 sizeof( AFSThreadCB));
862 pThreadCB->ThreadId = ThreadId;
864 if( ProcessCB->ThreadList == NULL)
866 ProcessCB->ThreadList = pThreadCB;
871 pCurrentThreadCB = ProcessCB->ThreadList;
873 while( pCurrentThreadCB != NULL)
876 if( pCurrentThreadCB->Next == NULL)
878 pCurrentThreadCB->Next = pThreadCB;
882 pCurrentThreadCB = pCurrentThreadCB->Next;