https://git.reactos.org/?p=reactos.git;a=commitdiff;h=506cee3219f08ee9d7db8…
commit 506cee3219f08ee9d7db85ba013088106c0ff062
Author: George Bișoc <george.bisoc(a)reactos.org>
AuthorDate: Thu Jun 17 18:11:14 2021 +0200
Commit: George Bișoc <george.bisoc(a)reactos.org>
CommitDate: Thu Jul 15 19:31:46 2021 +0200
[NTOS:SE] Implement logon session termination notification
Note to SELF and EVERYONE: the commit implements the initial logon session termination notification implementation, the SeMarkLogonSessionForTerminationNotification function, but as it currently stands there are several other tasks to be addressed in the future in order for the logon termination notification to be fully completed. The tasks as of which are.
1. Our SepRmDereferenceLogonSession is not fully implemented, as it doesn't inform the LSA and filesystems of logon deletion notification
2. Implement two worker routines that are actually in charge of such tasks of informing LSA and FSDs
3. Perform logon deletion
4. Do further investigations and check whatever that is left to address, if any
---
ntoskrnl/se/srm.c | 60 +++++++++++++++++++++++++++++++++++++++++++----
sdk/include/xdk/setypes.h | 4 ++++
2 files changed, 59 insertions(+), 5 deletions(-)
diff --git a/ntoskrnl/se/srm.c b/ntoskrnl/se/srm.c
index 70b7c19470a..fab71aa41d9 100644
--- a/ntoskrnl/se/srm.c
+++ b/ntoskrnl/se/srm.c
@@ -814,6 +814,8 @@ SepRmDereferenceLogonSession(
SepCleanupLUIDDeviceMapDirectory(LogonLuid);
ObfDereferenceDeviceMap(DeviceMap);
}
+
+ /* FIXME: Alert LSA and filesystems that a logon is about to be deleted */
}
return STATUS_SUCCESS;
@@ -1226,16 +1228,64 @@ SeGetLogonIdDeviceMap(
return Status;
}
-/*
- * @unimplemented
+/**
+ * @brief
+ * Marks a logon session for future termination, given its logon ID. This triggers
+ * a callout (the registered callback) when the logon is no longer used by anyone,
+ * that is, no token is still referencing the speciffied logon session.
+ *
+ * @param[in] LogonId
+ * The ID of the logon session.
+ *
+ * @return
+ * STATUS_SUCCESS if the logon session is marked for termination notification successfully,
+ * STATUS_NOT_FOUND if the logon session couldn't be found otherwise.
*/
NTSTATUS
NTAPI
SeMarkLogonSessionForTerminationNotification(
- IN PLUID LogonId)
+ _In_ PLUID LogonId)
{
- UNIMPLEMENTED;
- return STATUS_NOT_IMPLEMENTED;
+ PSEP_LOGON_SESSION_REFERENCES SessionToMark;
+ PAGED_CODE();
+
+ DPRINT("SeMarkLogonSessionForTerminationNotification(%08lx:%08lx)\n",
+ LogonId->HighPart, LogonId->LowPart);
+
+ /* Acquire the database lock */
+ KeAcquireGuardedMutex(&SepRmDbLock);
+
+ /* Loop over the existing logon sessions */
+ for (SessionToMark = SepLogonSessions;
+ SessionToMark != NULL;
+ SessionToMark = SessionToMark->Next)
+ {
+ /* Does the logon with the given ID exist? */
+ if (RtlEqualLuid(&SessionToMark->LogonId, LogonId))
+ {
+ /* We found it */
+ break;
+ }
+ }
+
+ /*
+ * We've exhausted all the remaining logon sessions and
+ * couldn't find one with the provided ID.
+ */
+ if (SessionToMark == NULL)
+ {
+ DPRINT1("SeMarkLogonSessionForTerminationNotification(): Logon session couldn't be found!\n");
+ KeReleaseGuardedMutex(&SepRmDbLock);
+ return STATUS_NOT_FOUND;
+ }
+
+ /* Mark the logon session for termination */
+ SessionToMark->Flags |= SEP_LOGON_SESSION_TERMINATION_NOTIFY;
+ DPRINT("SeMarkLogonSessionForTerminationNotification(): Logon session marked for termination with success!\n");
+
+ /* Release the database lock */
+ KeReleaseGuardedMutex(&SepRmDbLock);
+ return STATUS_SUCCESS;
}
diff --git a/sdk/include/xdk/setypes.h b/sdk/include/xdk/setypes.h
index 699e71bd7de..c71488ed6a5 100644
--- a/sdk/include/xdk/setypes.h
+++ b/sdk/include/xdk/setypes.h
@@ -675,6 +675,10 @@ typedef struct _SID_AND_ATTRIBUTES_HASH {
#define NETWORKSERVICE_LUID {0x3e4, 0x0}
#define IUSER_LUID {0x3e3, 0x0}
+/* Logon session reference flags */
+
+#define SEP_LOGON_SESSION_TERMINATION_NOTIFY 0x0001
+
typedef struct _ACE_HEADER {
$UCHAR AceType;
$UCHAR AceFlags;