Public/winfsp
1
0
Fork 0
mirror of https://github.com/winfsp/winfsp.git synced 2025-07-03 17:32:57 -05:00
Code Issues Packages Projects Releases Wiki Activity

dll: FspAccessCheckEx: if the desired access includes DELETE or FILE_READ_ATTRIBUTES and access was denied, check with the parent

Browse Source
This commit is contained in:
Bill Zissimopoulos
2016-05-24 15:37:16 -07:00
parent aa75d412ac
commit 214b43398f
4 changed files with 93 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
src/dll/fsop.c
View File

@ -25,6 +25,15 @@ NTSTATUS FspFileSystemCreateCheck(FSP_FILE_SYSTEM *FileSystem,
{
NTSTATUS Result;
/*
* CreateCheck consists of checking the parent directory for the
* FILE_ADD_SUBDIRECTORY or FILE_ADD_FILE rights (depending on whether
* we are creating a file or directory).
*
* If the access check succeeds and MAXIMUM_ALLOWED has been requested
* then we go ahead and grant all access to the creator.
*/
Result = FspAccessCheckEx(FileSystem, Request, TRUE, AllowTraverseCheck,
(Request->Req.Create.CreateOptions & FILE_DIRECTORY_FILE) ?
FILE_ADD_SUBDIRECTORY : FILE_ADD_FILE,
@ -45,6 +54,16 @@ NTSTATUS FspFileSystemOpenCheck(FSP_FILE_SYSTEM *FileSystem,
{
NTSTATUS Result;
/*
* OpenCheck consists of checking the file for the desired access,
* unless FILE_DELETE_ON_CLOSE is requested in which case we also
* check for DELETE access.
*
* If the access check succeeds and MAXIMUM_ALLOWED was not requested
* then we reset the DELETE access based on whether it was actually
* requested in DesiredAccess.
*/
Result = FspAccessCheck(FileSystem, Request, FALSE, AllowTraverseCheck,
Request->Req.Create.DesiredAccess |
((Request->Req.Create.CreateOptions & FILE_DELETE_ON_CLOSE) ? DELETE : 0),
@ -66,6 +85,17 @@ NTSTATUS FspFileSystemOverwriteCheck(FSP_FILE_SYSTEM *FileSystem,
NTSTATUS Result;
BOOLEAN Supersede = FILE_SUPERSEDE == ((Request->Req.Create.CreateOptions >> 24) & 0xff);
/*
* OverwriteCheck consists of checking the file for the desired access,
* unless FILE_DELETE_ON_CLOSE is requested in which case we also
* check for DELETE access. Furthermore we grant DELETE or FILE_WRITE_DATA
* access based on whether this is a Supersede or Overwrite operation.
*
* If the access check succeeds and MAXIMUM_ALLOWED was not requested
* then we reset the DELETE and FILE_WRITE_DATA accesses based on whether
* they were actually requested in DesiredAccess.
*/
Result = FspAccessCheck(FileSystem, Request, FALSE, AllowTraverseCheck,
Request->Req.Create.DesiredAccess |
(Supersede ? DELETE : FILE_WRITE_DATA) |