From 290bc0d4c95bf2953236b1206052342a38a3076f Mon Sep 17 00:00:00 2001
From: Bill Zissimopoulos <billziss@navimatics.com>
Date: Fri, 21 Jan 2022 23:54:36 +0000
Subject: [PATCH] tst: ntptfs: ACCESS_SYSTEM_SECURITY

---
 tst/ntptfs/ptfs-main.c |  2 +-
 tst/ntptfs/ptfs.c      | 36 +++++++++++++++++++++++++++++-------
 tst/ntptfs/ptfs.h      |  1 +
 3 files changed, 31 insertions(+), 8 deletions(-)

diff --git a/tst/ntptfs/ptfs-main.c b/tst/ntptfs/ptfs-main.c
index 132819a4..7186727b 100644
--- a/tst/ntptfs/ptfs-main.c
+++ b/tst/ntptfs/ptfs-main.c
@@ -200,7 +200,7 @@ static NTSTATUS SvcStart(FSP_SERVICE *Service, ULONG argc, PWSTR *argv)
         FspDebugLogSetHandle(DebugLogHandle);
     }
 
-    EnablePrivileges(SE_BACKUP_NAME, SE_RESTORE_NAME, SE_CREATE_SYMBOLIC_LINK_NAME, 0);
+    EnablePrivileges(SE_SECURITY_NAME, SE_BACKUP_NAME, SE_RESTORE_NAME, SE_CREATE_SYMBOLIC_LINK_NAME, 0);
 
     Result = PtfsCreate(
         RootPath,
diff --git a/tst/ntptfs/ptfs.c b/tst/ntptfs/ptfs.c
index 309773a3..f2578f5b 100644
--- a/tst/ntptfs/ptfs.c
+++ b/tst/ntptfs/ptfs.c
@@ -92,7 +92,8 @@ static NTSTATUS GetSecurityByName(FSP_FILE_SYSTEM *FileSystem,
 
     Result = LfsOpenFile(
         &Handle,
-        READ_CONTROL,
+        READ_CONTROL |
+            (Ptfs->HasSecurityPrivilege ? ACCESS_SYSTEM_SECURITY : 0),
         Ptfs->RootHandle,
         FileName,
         FILE_OPEN_FOR_BACKUP_INTENT | FILE_OPEN_REPARSE_POINT);
@@ -121,7 +122,8 @@ static NTSTATUS GetSecurityByName(FSP_FILE_SYSTEM *FileSystem,
     {
         Result = NtQuerySecurityObject(
             Handle,
-            OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION | DACL_SECURITY_INFORMATION,
+            OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION | DACL_SECURITY_INFORMATION |
+                (Ptfs->HasSecurityPrivilege ? SACL_SECURITY_INFORMATION : 0),
             SecurityDescriptor,
             (ULONG)*PSecurityDescriptorSize,
             &SecurityDescriptorSizeNeeded);
@@ -160,7 +162,8 @@ static NTSTATUS CreateEx(FSP_FILE_SYSTEM *FileSystem,
 
     Result = LfsCreateFile(
         &Handle,
-        MaximumAccess,
+        MaximumAccess |
+            (Ptfs->HasSecurityPrivilege ? ACCESS_SYSTEM_SECURITY : 0),
         Ptfs->RootHandle,
         FileName,
         SecurityDescriptor,
@@ -176,7 +179,8 @@ static NTSTATUS CreateEx(FSP_FILE_SYSTEM *FileSystem,
         case STATUS_INVALID_PARAMETER:
             Result = LfsCreateFile(
                 &Handle,
-                GrantedAccess,
+                GrantedAccess |
+                    (Ptfs->HasSecurityPrivilege ? ACCESS_SYSTEM_SECURITY : 0),
                 Ptfs->RootHandle,
                 FileName,
                 SecurityDescriptor,
@@ -255,7 +259,8 @@ static NTSTATUS Open(FSP_FILE_SYSTEM *FileSystem,
 
     Result = LfsOpenFile(
         &Handle,
-        MaximumAccess,
+        MaximumAccess |
+            (Ptfs->HasSecurityPrivilege ? ACCESS_SYSTEM_SECURITY : 0),
         Ptfs->RootHandle,
         FileName,
         FILE_OPEN_FOR_BACKUP_INTENT | FILE_OPEN_REPARSE_POINT | CreateOptions);
@@ -268,7 +273,8 @@ static NTSTATUS Open(FSP_FILE_SYSTEM *FileSystem,
         case STATUS_INVALID_PARAMETER:
             Result = LfsOpenFile(
                 &Handle,
-                GrantedAccess,
+                GrantedAccess |
+                    (Ptfs->HasSecurityPrivilege ? ACCESS_SYSTEM_SECURITY : 0),
                 Ptfs->RootHandle,
                 FileName,
                 FILE_OPEN_FOR_BACKUP_INTENT | FILE_OPEN_REPARSE_POINT | CreateOptions);
@@ -687,13 +693,15 @@ static NTSTATUS GetSecurity(FSP_FILE_SYSTEM *FileSystem,
     PVOID FileContext,
     PSECURITY_DESCRIPTOR SecurityDescriptor, SIZE_T *PSecurityDescriptorSize)
 {
+    PTFS *Ptfs = FileSystemContext;
     HANDLE Handle = FileContextHandle;
     ULONG SecurityDescriptorSizeNeeded;
     NTSTATUS Result;
 
     Result = NtQuerySecurityObject(
         Handle,
-        OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION | DACL_SECURITY_INFORMATION,
+        OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION | DACL_SECURITY_INFORMATION |
+            (Ptfs->HasSecurityPrivilege ? SACL_SECURITY_INFORMATION : 0),
         SecurityDescriptor,
         (ULONG)*PSecurityDescriptorSize,
         &SecurityDescriptorSizeNeeded);
@@ -1121,6 +1129,9 @@ NTSTATUS PtfsCreate(
 {
     PTFS *Ptfs = 0;
     FSP_FILE_SYSTEM *FileSystem = 0;
+    BOOL HasSecurityPrivilege = FALSE;
+    PRIVILEGE_SET PrivilegeSet;
+    HANDLE ProcessToken;
     HANDLE RootHandle = INVALID_HANDLE_VALUE;
     IO_STATUS_BLOCK Iosb;
     union
@@ -1135,6 +1146,16 @@ NTSTATUS PtfsCreate(
 
     *PPtfs = 0;
 
+    if (LookupPrivilegeValueW(0, SE_SECURITY_NAME, &PrivilegeSet.Privilege[0].Luid) &&
+        OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, &ProcessToken))
+    {
+        PrivilegeSet.PrivilegeCount = 1;
+        PrivilegeSet.Control = PRIVILEGE_SET_ALL_NECESSARY;
+        PrivilegeSet.Privilege[0].Attributes = 0;
+        PrivilegeCheck(ProcessToken, &PrivilegeSet, &HasSecurityPrivilege);
+        CloseHandle(ProcessToken);
+    }
+
     RootHandle = CreateFileW(
         RootPath,
         FILE_READ_ATTRIBUTES,
@@ -1234,6 +1255,7 @@ NTSTATUS PtfsCreate(
     memset(Ptfs, 0, sizeof *Ptfs);
 
     Ptfs->FileSystem = FileSystem;
+    Ptfs->HasSecurityPrivilege = HasSecurityPrivilege;
     Ptfs->RootHandle = RootHandle;
     Ptfs->RootPrefixLength = FileAllInfo.NameInformation.FileNameLength;
     Ptfs->FsAttributeMask = FsAttributeMask;
diff --git a/tst/ntptfs/ptfs.h b/tst/ntptfs/ptfs.h
index 84232d7b..933a0b5d 100644
--- a/tst/ntptfs/ptfs.h
+++ b/tst/ntptfs/ptfs.h
@@ -55,6 +55,7 @@ enum
 typedef struct
 {
     FSP_FILE_SYSTEM *FileSystem;
+    BOOLEAN HasSecurityPrivilege;
     HANDLE RootHandle;
     ULONG RootPrefixLength;
     ULONG FsAttributeMask;