test: seinit.c File Reference

Define Documentation

#define SEP_INITIAL_KEY_COUNT 15

Definition at line 31 of file seinit.c.

#define SEP_INITIAL_LEVEL_COUNT 6L

Definition at line 32 of file seinit.c.

Function Documentation

BOOLEAN SeInitSystem

(

VOID

)

Definition at line 41 of file seinit.c.

References InitializationPhase, KeBugCheck(), PAGED_CODE, SepInitializationPhase0(), and SepInitializationPhase1().

00045                    :
00046 
00047     Perform security related system initialization functions.
00048 
00049 Arguments:
00050 
00051     None.
00052 
00053 Return Value:
00054 
00055     TRUE - Initialization succeeded.
00056 
00057     FALSE - Initialization failed.
00058 
00059 --*/
00060 
00061 {
00062     PAGED_CODE();
00063 
00064     switch ( InitializationPhase ) {
00065 
00066     case 0 :
00067         return SepInitializationPhase0();
00068     case 1 :
00069         return SepInitializationPhase1();
00070     default:
00071         KeBugCheck(UNEXPECTED_INITIALIZATION_CALL);
00072     }
00073     return 0; // Bash compiler warning
00074 }

BOOLEAN SepInitializationPhase0

(

VOID

)

Definition at line 78 of file seinit.c.

References ExLuidInitialization(), FALSE, NULL, PAGED_CODE, PsGetCurrentProcess, PsGetCurrentThread, SeMakeSystemToken(), SepInitializeWorkList(), SepRmInitPhase0(), SepTokenInitialization(), and SepVariableInitialization().

Referenced by SeInitSystem().

00082                    :
00083 
00084     Perform phase 0 security initialization.
00085 
00086     This includes:
00087 
00088         - Initialize LUID allocation
00089         - Initialize security global variables
00090         - initialize the token object.
00091         - Initialize the necessary security components of the boot thread/process
00092 
00093 
00094 Arguments:
00095 
00096     None.
00097 
00098 Return Value:
00099 
00100     TRUE - Initialization was successful.
00101 
00102     FALSE - Initialization Failed.
00103 
00104 --*/
00105 
00106 {
00107 
00108     PAGED_CODE();
00109 
00110     //
00111     //  LUID allocation services are needed by security prior to phase 0
00112     //  Executive initialization.  So, LUID initialization is performed
00113     //  here
00114     //
00115 
00116     if (ExLuidInitialization() == FALSE) {
00117         KdPrint(("Security: Locally Unique ID initialization failed.\n"));
00118         return FALSE;
00119     }
00120 
00121     //
00122     // Initialize security global variables
00123     //
00124 
00125     if (!SepVariableInitialization()) {
00126         KdPrint(("Security: Global variable initialization failed.\n"));
00127         return FALSE;
00128     }
00129 
00130     //
00131     // Perform Phase 0 Reference Monitor Initialization.
00132     //
00133 
00134     if (!SepRmInitPhase0()) {
00135         KdPrint(("Security: Ref Mon state initialization failed.\n"));
00136         return FALSE;
00137     }
00138 
00139     //
00140     // Initialize the token object type.
00141     //
00142 
00143     if (!SepTokenInitialization()) {
00144         KdPrint(("Security: Token object initialization failed.\n"));
00145         return FALSE;
00146     }
00147 
00148 //    //
00149 //    // Initialize auditing structures
00150 //    //
00151 //
00152 //    if (!SepAdtInitializePhase0()) {
00153 //        KdPrint(("Security: Auditing initialization failed.\n"));
00154 //        return FALSE;
00155 //    }
00156 //
00157     //
00158     // Initialize SpinLock and list for the LSA worker thread
00159     //
00160 
00161     //
00162     // Initialize the work queue spinlock, list head, and semaphore
00163     // for each of the work queues.
00164     //
00165 
00166     if (!SepInitializeWorkList()) {
00167         KdPrint(("Security: Unable to initialize work queue\n"));
00168         return FALSE;
00169     }
00170 
00171     //
00172     // Initialize the security fields of the boot thread.
00173     //
00174 
00175     PsGetCurrentProcess()->Token = SeMakeSystemToken();
00176     PsGetCurrentThread()->ImpersonationInfo = NULL;
00177     PsGetCurrentThread()->ActiveImpersonationInfo = FALSE;
00178 
00179     return ( PsGetCurrentProcess()->Token != NULL );
00180 }

BOOLEAN SepInitializationPhase1

(

VOID

)

Definition at line 184 of file seinit.c.

References ASSERT, ASSERTMSG, Dacl, ExAllocatePool, ExFreePool(), FALSE, Name, NonPagedPool, NT_SUCCESS, NtClose(), NtCreateDirectoryObject(), NtCreateEvent(), NTSTATUS(), NULL, ObjectAttributes, PAGED_CODE, RtlAddAccessAllowedAce(), RtlAnsiStringToUnicodeString(), RtlCreateAcl(), RtlCreateSecurityDescriptor(), RtlFreeUnicodeString(), RtlInitString(), RtlSetDaclSecurityDescriptor(), SeAliasAdminsSid, SeAnonymousLogonToken, SeLocalSystemSid, SeMakeAnonymousLogonToken(), SepAdtInitializePhase1(), SepDevelopmentTest(), SePublicDefaultSd, SeWorldSid, Status, and TRUE.

Referenced by SeInitSystem().

00188                    :
00189 
00190     Perform phase 1 security initialization.
00191 
00192     This includes:
00193 
00194         - Create an object directory for security related objects.
00195           (\Security).
00196 
00197         - Create an event to be signalled after the LSA has initialized.
00198           (\Security\LSA_Initialized)
00199 
00200 
00201 
00202 
00203 Arguments:
00204 
00205     None.
00206 
00207 Return Value:
00208 
00209     TRUE - Initialization was successful.
00210 
00211     FALSE - Initialization Failed.
00212 
00213 --*/
00214 
00215 {
00216 
00217     NTSTATUS Status;
00218     STRING Name;
00219     UNICODE_STRING UnicodeName;
00220     OBJECT_ATTRIBUTES ObjectAttributes;
00221     HANDLE SecurityRoot, TemporaryHandle;
00222     PSECURITY_DESCRIPTOR SD ;
00223     UCHAR SDBuffer[ SECURITY_DESCRIPTOR_MIN_LENGTH ];
00224     PACL Dacl ;
00225 
00226     PAGED_CODE();
00227 
00228     SeAnonymousLogonToken = SeMakeAnonymousLogonToken();
00229     ASSERT(SeAnonymousLogonToken != NULL);
00230 
00231     //
00232     // Create the security object directory.
00233     //
00234 
00235     RtlInitString( &Name, "\\Security" );
00236     Status = RtlAnsiStringToUnicodeString(
00237                  &UnicodeName,
00238                  &Name,
00239                  TRUE );  ASSERT( NT_SUCCESS(Status) );
00240 
00241     //
00242     // Build up the security descriptor
00243     //
00244 
00245     SD = (PSECURITY_DESCRIPTOR) SDBuffer ;
00246 
00247     RtlCreateSecurityDescriptor( SD,
00248                                  SECURITY_DESCRIPTOR_REVISION );
00249 
00250     Dacl = ExAllocatePool(
00251                 NonPagedPool,
00252                 256 );
00253 
00254     if ( !Dacl )
00255     {
00256         return FALSE ;
00257     }
00258 
00259     RtlCreateAcl( Dacl, 256, ACL_REVISION );
00260 
00261     RtlAddAccessAllowedAce( Dacl,
00262                             ACL_REVISION,
00263                             DIRECTORY_ALL_ACCESS,
00264                             SeLocalSystemSid );
00265 
00266     RtlAddAccessAllowedAce( Dacl,
00267                             ACL_REVISION,
00268                             DIRECTORY_QUERY | DIRECTORY_TRAVERSE |
00269                                 READ_CONTROL,
00270                             SeAliasAdminsSid );
00271 
00272     RtlAddAccessAllowedAce( Dacl,
00273                             ACL_REVISION,
00274                             DIRECTORY_TRAVERSE,
00275                             SeWorldSid );
00276 
00277     RtlSetDaclSecurityDescriptor(
00278                             SD,
00279                             TRUE,
00280                             Dacl,
00281                             FALSE );
00282 
00283     InitializeObjectAttributes(
00284         &ObjectAttributes,
00285         &UnicodeName,
00286         (OBJ_PERMANENT | OBJ_CASE_INSENSITIVE),
00287         NULL,
00288         SD
00289         );
00290 
00291     Status = NtCreateDirectoryObject(
00292                  &SecurityRoot,
00293                  DIRECTORY_ALL_ACCESS,
00294                  &ObjectAttributes
00295                  );
00296     RtlFreeUnicodeString( &UnicodeName );
00297     ASSERTMSG("Security root object directory creation failed.",NT_SUCCESS(Status));
00298 
00299     ExFreePool( Dacl );
00300 
00301     //
00302     // Create an event in the security directory
00303     //
00304 
00305     RtlInitString( &Name, "LSA_AUTHENTICATION_INITIALIZED" );
00306     Status = RtlAnsiStringToUnicodeString(
00307                  &UnicodeName,
00308                  &Name,
00309                  TRUE );  ASSERT( NT_SUCCESS(Status) );
00310     InitializeObjectAttributes(
00311         &ObjectAttributes,
00312         &UnicodeName,
00313         (OBJ_PERMANENT | OBJ_CASE_INSENSITIVE),
00314         SecurityRoot,
00315         SePublicDefaultSd
00316         );
00317 
00318     Status = NtCreateEvent(
00319                  &TemporaryHandle,
00320                  GENERIC_WRITE,
00321                  &ObjectAttributes,
00322                  NotificationEvent,
00323                  FALSE
00324                  );
00325     RtlFreeUnicodeString( &UnicodeName );
00326     ASSERTMSG("LSA Initialization Event Creation Failed.",NT_SUCCESS(Status));
00327 
00328     Status = NtClose( SecurityRoot );
00329     ASSERTMSG("Security object directory handle closure Failed.",NT_SUCCESS(Status));
00330     Status = NtClose( TemporaryHandle );
00331     ASSERTMSG("LSA Initialization Event handle closure Failed.",NT_SUCCESS(Status));
00332 
00333     //
00334     // Initialize auditing structures
00335     //
00336 
00337     if (!SepAdtInitializePhase1()) {
00338         KdPrint(("Security: Auditing initialization failed.\n"));
00339         return FALSE;
00340     }
00341 
00342 
00343 #ifndef SETEST
00344 
00345     return TRUE;
00346 
00347 #else
00348 
00349     return SepDevelopmentTest();
00350 
00351 #endif  //SETEST
00352 
00353 }
}

Generated on Sat May 15 19:45:34 2004 for test by

1.3.7

seinit.c File Reference

Defines

Functions

Define Documentation

Function Documentation


Defines
#define	SEP_INITIAL_KEY_COUNT 15
#define	SEP_INITIAL_LEVEL_COUNT 6L
Functions
BOOLEAN	SeInitSystem (VOID)
BOOLEAN	SepInitializationPhase0 (VOID)
BOOLEAN	SepInitializationPhase1 (VOID)