dubey/WindowsXP
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
WindowsXP/ds/security/base/lsa/server/cfiles/safemode.c
Tanishq Dubey cb60ae51e5
Initial Commit
2025-04-27 07:49:33 -04:00

338 lines
8.1 KiB
C
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

/*++
Copyright (c) 1997 Microsoft Corporation
Module Name:
safemode.c
Abstract:
Module to determine what boot mode the system was boot into.
Author:
Colin Brace (ColinBr) May 27, 1997.
Environment:
User mode
Revision History:
--*/
#include <lsapch2.h>
#include <safeboot.h>
#include "safemode.h"
//
// Variables global to just this module. They are kept non-static
// for debugging ease.
//
BOOLEAN fLsapSafeMode;
//
// Forward prototypes
//
BOOLEAN
LsapGetRegistryProductType(
PNT_PRODUCT_TYPE NtProductType
);
BOOLEAN
LsapBaseNtSetupIsRunning(
VOID
);
//
// Function definitions
//
NTSTATUS
LsapCheckBootMode(
VOID
)
/*++
Routine Description:
This routine determine if the environment variable SAFEBOOT_OPTION is
set and if the product type is domain controller. If so, LsaISafeMode
will return TRUE; otherwise it will return FALSE.
Note that during kernel initialization, the kernel detects the safemode
boot option and if the product type is LanmanNT will set
SharedUserData->ProductType to ServerNT, so that RtlNtGetProductType()
will return ServerNT for this boot session.
Arguments:
None.
Return Values:
STATUS_SUCCESS on completion;
Otherwise error from system services - this is fatal to the boot session.
--*/
{
NTSTATUS NtStatus = STATUS_SUCCESS;
NT_PRODUCT_TYPE CurrentProductType;
NT_PRODUCT_TYPE OriginalProductType;
WCHAR SafeBootEnvVar[sizeof(SAFEBOOT_DSREPAIR_STR_W)];
BOOLEAN fSafeModeBootOptionPresent = FALSE;
RtlZeroMemory(SafeBootEnvVar, sizeof(SafeBootEnvVar));
//
// If we are running during base nt setup, there is no point doing any
// further investigation
//
if (LsapBaseNtSetupIsRunning()) {
fLsapSafeMode = FALSE;
return STATUS_SUCCESS;
}
//
// Does environment variable exist
//
RtlZeroMemory( SafeBootEnvVar, sizeof( SafeBootEnvVar ) );
if ( GetEnvironmentVariableW(L"SAFEBOOT_OPTION", SafeBootEnvVar, sizeof(SafeBootEnvVar)/sizeof(SafeBootEnvVar[0]) ) )
{
if ( !wcscmp( SafeBootEnvVar, SAFEBOOT_DSREPAIR_STR_W ) )
{
fSafeModeBootOptionPresent = TRUE;
OutputDebugStringA("LSASS: found ds repair option\n");
}
}
//
// Get the product type as determined by RtlGetNtProductType
//
if (!RtlGetNtProductType(&CurrentProductType)) {
OutputDebugStringA("LSASS: RtlGetNtProductType failed\n");
return STATUS_UNSUCCESSFUL;
}
//
// See what the original product type is
//
if (!LsapGetRegistryProductType(&OriginalProductType)) {
OutputDebugStringA("LSASS: RtlGetNtProductType failed\n");
return STATUS_UNSUCCESSFUL;
}
//
// Now for some analysis
//
if (fSafeModeBootOptionPresent
&& (OriginalProductType == NtProductLanManNt)) {
// We are entering safe mode boot
ASSERT(CurrentProductType == NtProductServer);
fLsapSafeMode = TRUE;
OutputDebugStringA("LSASS: Booting into Ds Repair Mode\n");
} else {
// This is a normal boot
fLsapSafeMode = FALSE;
}
return(NtStatus);
}
BOOLEAN
LsaISafeMode(
VOID
)
/*++
Routine Description:
This function is meant be called from in process servers of lsass.exe to
determine if the current boot session is a "safe mode" boot session.
Arguments:
None.
Return Values:
TRUE : the system is in safe mode
FALSE : the system is in safe mode
--*/
{
DebugLog((DEB_TRACE_LSA, "LsaISafeMode entered\n"));
return fLsapSafeMode;
}
BOOLEAN
LsapGetRegistryProductType(
PNT_PRODUCT_TYPE NtProductType
)
/*++
Routine Description:
This routine retrieves the product type as stored in the registry.
Note that when the safemode option is set and the product type at
kernel initialization is LanmanNT then then SharedUserData->ProductType
is set the ServerNT, which is what RtlGetNtProductType returns.
Arguments:
None.
Return Values:
--*/
{
NTSTATUS Status;
OBJECT_ATTRIBUTES ObjectAttributes;
HANDLE KeyHandle;
PKEY_VALUE_FULL_INFORMATION KeyValueInformation;
ULONG KeyValueInfoLength;
ULONG ResultLength;
UNICODE_STRING KeyPath;
UNICODE_STRING ValueName;
UNICODE_STRING Value;
UNICODE_STRING WinNtValue;
UNICODE_STRING LanmanNtValue;
UNICODE_STRING ServerNtValue;
BOOLEAN Result;
//
// Prepare default value for failure case
//
*NtProductType = NtProductWinNt;
Result = FALSE;
RtlInitUnicodeString( &KeyPath, L"\\Registry\\Machine\\System\\CurrentControlSet\\Control\\ProductOptions" );
RtlInitUnicodeString( &ValueName, L"ProductType" );
InitializeObjectAttributes( &ObjectAttributes,
&KeyPath,
OBJ_CASE_INSENSITIVE,
NULL,
NULL
);
Status = NtOpenKey( &KeyHandle,
MAXIMUM_ALLOWED,
&ObjectAttributes
);
KeyValueInformation = NULL;
if (NT_SUCCESS( Status )) {
KeyValueInfoLength = 256;
KeyValueInformation = RtlAllocateHeap( RtlProcessHeap(), 0,
KeyValueInfoLength
);
if (KeyValueInformation == NULL) {
Status = STATUS_NO_MEMORY;
} else {
Status = NtQueryValueKey( KeyHandle,
&ValueName,
KeyValueFullInformation,
KeyValueInformation,
KeyValueInfoLength,
&ResultLength
);
}
} else {
KeyHandle = NULL;
}
if (NT_SUCCESS( Status ) && KeyValueInformation->Type == REG_SZ) {
//
// Decide which product we are installed as
//
Value.Buffer = (PWSTR)((PCHAR)KeyValueInformation + KeyValueInformation->DataOffset);
Value.Length = (USHORT)(KeyValueInformation->DataLength - sizeof( UNICODE_NULL ));
Value.MaximumLength = (USHORT)(KeyValueInformation->DataLength);
RtlInitUnicodeString(&WinNtValue, L"WinNt");
RtlInitUnicodeString(&LanmanNtValue, L"LanmanNt");
RtlInitUnicodeString(&ServerNtValue, L"ServerNt");
if (RtlEqualUnicodeString(&Value, &WinNtValue, TRUE)) {
*NtProductType = NtProductWinNt;
Result = TRUE;
} else if (RtlEqualUnicodeString(&Value, &LanmanNtValue, TRUE)) {
*NtProductType = NtProductLanManNt;
Result = TRUE;
} else if (RtlEqualUnicodeString(&Value, &ServerNtValue, TRUE)) {
*NtProductType = NtProductServer;
Result = TRUE;
} else {
#if DBG
DbgPrint("RtlGetNtProductType: Product type unrecognised <%wZ>\n", &Value);
#endif // DBG
}
} else {
#if DBG
DbgPrint("RtlGetNtProductType: %wZ\\%wZ not found or invalid type\n", &KeyPath, &ValueName );
#endif // DBG
}
//
// Clean up our resources.
//
if (KeyValueInformation != NULL) {
RtlFreeHeap( RtlProcessHeap(), 0, KeyValueInformation );
}
if (KeyHandle != NULL) {
NtClose( KeyHandle );
}
//
// Return result.
//
return(Result);
}
BOOLEAN
LsapBaseNtSetupIsRunning(
VOID
)
/*++
Routine Description:
This function returns TRUE if the boot context is base nt setup
Arguments:
None.
Return Values:
TRUE is it can be determined that base nt setup is running
FALSE otherwise
--*/
{
BOOLEAN fUpgrade;
return SamIIsSetupInProgress(&fUpgrade);
}
Reference in New Issue View Git Blame Copy Permalink