"\Windows", \
"\RPC Control"
HKLM,"SYSTEM\CurrentControlSet\Control\Session Manager","ProtectionMode", 0x00010003, 0x00000001
+HKLM,"SYSTEM\CurrentControlSet\Control\Session Manager","LUIDDeviceMapsDisabled", 0x00010003, 0x00000001
; DOS devices
HKLM,"SYSTEM\CurrentControlSet\Control\Session Manager\DOS Devices","AUX",0x00000002,"\DosDevices\COM1"
{
L"Session Manager",
L"LUIDDeviceMapsDisabled",
- &DummyData,
+ &ObpLUIDDeviceMapsDisabled,
NULL,
NULL
},
extern ULONG ObpUnsecureGlobalNamesLength;
extern ULONG ObpObjectSecurityMode;
extern ULONG ObpProtectionMode;
+extern ULONG ObpLUIDDeviceMapsDisabled;
//
// Inlined Functions
WCHAR ObpUnsecureGlobalNamesBuffer[128] = {0};
ULONG ObpUnsecureGlobalNamesLength = sizeof(ObpUnsecureGlobalNamesBuffer);
+ULONG ObpLUIDDeviceMapsDisabled;
+ULONG ObpLUIDDeviceMapsEnabled;
+
/* PRIVATE FUNCTIONS *********************************************************/
INIT_FUNCTION
SECURITY_DESCRIPTOR DosDevicesSD;
NTSTATUS Status;
+ /*
+ * Enable LUID mappings only if not explicitely disabled
+ * and if protection mode is set
+ */
+ if (ObpProtectionMode == 0 || ObpLUIDDeviceMapsDisabled != 0)
+ ObpLUIDDeviceMapsEnabled = 0;
+
/* Create a custom security descriptor for the global DosDevices directory */
Status = ObpGetDosDevicesProtection(&DosDevicesSD);
if (!NT_SUCCESS(Status))