From 7898b2eaa365b72cfb00186b165cff13d2990b40 Mon Sep 17 00:00:00 2001
From: Pierre Schweitzer <pierre@reactos.org>
Date: Sat, 1 Jun 2019 14:40:24 +0200
Subject: [PATCH] [NTOSKRNL] Disable LUID mapping until it's properly
 implemented

---
 boot/bootdata/hivesys.inf      |  1 +
 ntoskrnl/config/cmdata.c       |  2 +-
 ntoskrnl/include/internal/ob.h |  1 +
 ntoskrnl/ob/obname.c           | 10 ++++++++++
 4 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/boot/bootdata/hivesys.inf b/boot/bootdata/hivesys.inf
index 0f2fc9369eb..d1e1f7d4d59 100644
--- a/boot/bootdata/hivesys.inf
+++ b/boot/bootdata/hivesys.inf
@@ -1445,6 +1445,7 @@ HKLM,"SYSTEM\CurrentControlSet\Control\Session Manager","ObjectDirectories",0x00
  "\Windows", \
  "\RPC Control"
 HKLM,"SYSTEM\CurrentControlSet\Control\Session Manager","ProtectionMode", 0x00010003, 0x00000001
+HKLM,"SYSTEM\CurrentControlSet\Control\Session Manager","LUIDDeviceMapsDisabled", 0x00010003, 0x00000001
 
 ; DOS devices
 HKLM,"SYSTEM\CurrentControlSet\Control\Session Manager\DOS Devices","AUX",0x00000002,"\DosDevices\COM1"
diff --git a/ntoskrnl/config/cmdata.c b/ntoskrnl/config/cmdata.c
index 816dfd28c91..7a2c6af6c55 100644
--- a/ntoskrnl/config/cmdata.c
+++ b/ntoskrnl/config/cmdata.c
@@ -157,7 +157,7 @@ INIT_SECTION CM_SYSTEM_CONTROL_VECTOR CmControlVector[] =
     {
         L"Session Manager",
         L"LUIDDeviceMapsDisabled",
-        &DummyData,
+        &ObpLUIDDeviceMapsDisabled,
         NULL,
         NULL
     },
diff --git a/ntoskrnl/include/internal/ob.h b/ntoskrnl/include/internal/ob.h
index b2d7037d9dc..ddbfeb42d92 100644
--- a/ntoskrnl/include/internal/ob.h
+++ b/ntoskrnl/include/internal/ob.h
@@ -620,6 +620,7 @@ extern WCHAR ObpUnsecureGlobalNamesBuffer[128];
 extern ULONG ObpUnsecureGlobalNamesLength;
 extern ULONG ObpObjectSecurityMode;
 extern ULONG ObpProtectionMode;
+extern ULONG ObpLUIDDeviceMapsDisabled;
 
 //
 // Inlined Functions
diff --git a/ntoskrnl/ob/obname.c b/ntoskrnl/ob/obname.c
index d76ed10a919..f05a06805d0 100644
--- a/ntoskrnl/ob/obname.c
+++ b/ntoskrnl/ob/obname.c
@@ -32,6 +32,9 @@ UNICODE_STRING ObpDosDevicesShortName =
 WCHAR ObpUnsecureGlobalNamesBuffer[128] = {0};
 ULONG ObpUnsecureGlobalNamesLength = sizeof(ObpUnsecureGlobalNamesBuffer);
 
+ULONG ObpLUIDDeviceMapsDisabled;
+ULONG ObpLUIDDeviceMapsEnabled;
+
 /* PRIVATE FUNCTIONS *********************************************************/
 
 INIT_FUNCTION
@@ -182,6 +185,13 @@ ObpCreateDosDevicesDirectory(VOID)
     SECURITY_DESCRIPTOR DosDevicesSD;
     NTSTATUS Status;
 
+    /*
+     * Enable LUID mappings only if not explicitely disabled
+     * and if protection mode is set
+     */
+    if (ObpProtectionMode == 0 || ObpLUIDDeviceMapsDisabled != 0)
+        ObpLUIDDeviceMapsEnabled = 0;
+
     /* Create a custom security descriptor for the global DosDevices directory */
     Status = ObpGetDosDevicesProtection(&DosDevicesSD);
     if (!NT_SUCCESS(Status))
-- 
2.17.1