mirror of
https://github.com/winfsp/winfsp.git
synced 2025-10-29 19:18:39 -05:00
tst: ntptfs: ACCESS_SYSTEM_SECURITY
This commit is contained in:
Bill Zissimopoulos
@@ -200,7 +200,7 @@ static NTSTATUS SvcStart(FSP_SERVICE *Service, ULONG argc, PWSTR *argv)
|
|||||||
FspDebugLogSetHandle(DebugLogHandle);
|
FspDebugLogSetHandle(DebugLogHandle);
|
||||||
}
|
}
|
||||||
|
|
||||||
EnablePrivileges(SE_BACKUP_NAME, SE_RESTORE_NAME, SE_CREATE_SYMBOLIC_LINK_NAME, 0);
|
EnablePrivileges(SE_SECURITY_NAME, SE_BACKUP_NAME, SE_RESTORE_NAME, SE_CREATE_SYMBOLIC_LINK_NAME, 0);
|
||||||
|
|
||||||
Result = PtfsCreate(
|
Result = PtfsCreate(
|
||||||
RootPath,
|
RootPath,
|
||||||
|
|||||||
@@ -92,7 +92,8 @@ static NTSTATUS GetSecurityByName(FSP_FILE_SYSTEM *FileSystem,
|
|||||||
|
|
||||||
Result = LfsOpenFile(
|
Result = LfsOpenFile(
|
||||||
&Handle,
|
&Handle,
|
||||||
READ_CONTROL,
|
READ_CONTROL |
|
||||||
|
(Ptfs->HasSecurityPrivilege ? ACCESS_SYSTEM_SECURITY : 0),
|
||||||
Ptfs->RootHandle,
|
Ptfs->RootHandle,
|
||||||
FileName,
|
FileName,
|
||||||
FILE_OPEN_FOR_BACKUP_INTENT | FILE_OPEN_REPARSE_POINT);
|
FILE_OPEN_FOR_BACKUP_INTENT | FILE_OPEN_REPARSE_POINT);
|
||||||
@@ -121,7 +122,8 @@ static NTSTATUS GetSecurityByName(FSP_FILE_SYSTEM *FileSystem,
|
|||||||
{
|
{
|
||||||
Result = NtQuerySecurityObject(
|
Result = NtQuerySecurityObject(
|
||||||
Handle,
|
Handle,
|
||||||
OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION | DACL_SECURITY_INFORMATION,
|
OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION | DACL_SECURITY_INFORMATION |
|
||||||
|
(Ptfs->HasSecurityPrivilege ? SACL_SECURITY_INFORMATION : 0),
|
||||||
SecurityDescriptor,
|
SecurityDescriptor,
|
||||||
(ULONG)*PSecurityDescriptorSize,
|
(ULONG)*PSecurityDescriptorSize,
|
||||||
&SecurityDescriptorSizeNeeded);
|
&SecurityDescriptorSizeNeeded);
|
||||||
@@ -160,7 +162,8 @@ static NTSTATUS CreateEx(FSP_FILE_SYSTEM *FileSystem,
|
|||||||
|
|
||||||
Result = LfsCreateFile(
|
Result = LfsCreateFile(
|
||||||
&Handle,
|
&Handle,
|
||||||
MaximumAccess,
|
MaximumAccess |
|
||||||
|
(Ptfs->HasSecurityPrivilege ? ACCESS_SYSTEM_SECURITY : 0),
|
||||||
Ptfs->RootHandle,
|
Ptfs->RootHandle,
|
||||||
FileName,
|
FileName,
|
||||||
SecurityDescriptor,
|
SecurityDescriptor,
|
||||||
@@ -176,7 +179,8 @@ static NTSTATUS CreateEx(FSP_FILE_SYSTEM *FileSystem,
|
|||||||
case STATUS_INVALID_PARAMETER:
|
case STATUS_INVALID_PARAMETER:
|
||||||
Result = LfsCreateFile(
|
Result = LfsCreateFile(
|
||||||
&Handle,
|
&Handle,
|
||||||
GrantedAccess,
|
GrantedAccess |
|
||||||
|
(Ptfs->HasSecurityPrivilege ? ACCESS_SYSTEM_SECURITY : 0),
|
||||||
Ptfs->RootHandle,
|
Ptfs->RootHandle,
|
||||||
FileName,
|
FileName,
|
||||||
SecurityDescriptor,
|
SecurityDescriptor,
|
||||||
@@ -255,7 +259,8 @@ static NTSTATUS Open(FSP_FILE_SYSTEM *FileSystem,
|
|||||||
|
|
||||||
Result = LfsOpenFile(
|
Result = LfsOpenFile(
|
||||||
&Handle,
|
&Handle,
|
||||||
MaximumAccess,
|
MaximumAccess |
|
||||||
|
(Ptfs->HasSecurityPrivilege ? ACCESS_SYSTEM_SECURITY : 0),
|
||||||
Ptfs->RootHandle,
|
Ptfs->RootHandle,
|
||||||
FileName,
|
FileName,
|
||||||
FILE_OPEN_FOR_BACKUP_INTENT | FILE_OPEN_REPARSE_POINT | CreateOptions);
|
FILE_OPEN_FOR_BACKUP_INTENT | FILE_OPEN_REPARSE_POINT | CreateOptions);
|
||||||
@@ -268,7 +273,8 @@ static NTSTATUS Open(FSP_FILE_SYSTEM *FileSystem,
|
|||||||
case STATUS_INVALID_PARAMETER:
|
case STATUS_INVALID_PARAMETER:
|
||||||
Result = LfsOpenFile(
|
Result = LfsOpenFile(
|
||||||
&Handle,
|
&Handle,
|
||||||
GrantedAccess,
|
GrantedAccess |
|
||||||
|
(Ptfs->HasSecurityPrivilege ? ACCESS_SYSTEM_SECURITY : 0),
|
||||||
Ptfs->RootHandle,
|
Ptfs->RootHandle,
|
||||||
FileName,
|
FileName,
|
||||||
FILE_OPEN_FOR_BACKUP_INTENT | FILE_OPEN_REPARSE_POINT | CreateOptions);
|
FILE_OPEN_FOR_BACKUP_INTENT | FILE_OPEN_REPARSE_POINT | CreateOptions);
|
||||||
@@ -687,13 +693,15 @@ static NTSTATUS GetSecurity(FSP_FILE_SYSTEM *FileSystem,
|
|||||||
PVOID FileContext,
|
PVOID FileContext,
|
||||||
PSECURITY_DESCRIPTOR SecurityDescriptor, SIZE_T *PSecurityDescriptorSize)
|
PSECURITY_DESCRIPTOR SecurityDescriptor, SIZE_T *PSecurityDescriptorSize)
|
||||||
{
|
{
|
||||||
|
PTFS *Ptfs = FileSystemContext;
|
||||||
HANDLE Handle = FileContextHandle;
|
HANDLE Handle = FileContextHandle;
|
||||||
ULONG SecurityDescriptorSizeNeeded;
|
ULONG SecurityDescriptorSizeNeeded;
|
||||||
NTSTATUS Result;
|
NTSTATUS Result;
|
||||||
|
|
||||||
Result = NtQuerySecurityObject(
|
Result = NtQuerySecurityObject(
|
||||||
Handle,
|
Handle,
|
||||||
OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION | DACL_SECURITY_INFORMATION,
|
OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION | DACL_SECURITY_INFORMATION |
|
||||||
|
(Ptfs->HasSecurityPrivilege ? SACL_SECURITY_INFORMATION : 0),
|
||||||
SecurityDescriptor,
|
SecurityDescriptor,
|
||||||
(ULONG)*PSecurityDescriptorSize,
|
(ULONG)*PSecurityDescriptorSize,
|
||||||
&SecurityDescriptorSizeNeeded);
|
&SecurityDescriptorSizeNeeded);
|
||||||
@@ -1121,6 +1129,9 @@ NTSTATUS PtfsCreate(
|
|||||||
{
|
{
|
||||||
PTFS *Ptfs = 0;
|
PTFS *Ptfs = 0;
|
||||||
FSP_FILE_SYSTEM *FileSystem = 0;
|
FSP_FILE_SYSTEM *FileSystem = 0;
|
||||||
|
BOOL HasSecurityPrivilege = FALSE;
|
||||||
|
PRIVILEGE_SET PrivilegeSet;
|
||||||
|
HANDLE ProcessToken;
|
||||||
HANDLE RootHandle = INVALID_HANDLE_VALUE;
|
HANDLE RootHandle = INVALID_HANDLE_VALUE;
|
||||||
IO_STATUS_BLOCK Iosb;
|
IO_STATUS_BLOCK Iosb;
|
||||||
union
|
union
|
||||||
@@ -1135,6 +1146,16 @@ NTSTATUS PtfsCreate(
|
|||||||
|
|
||||||
*PPtfs = 0;
|
*PPtfs = 0;
|
||||||
|
|
||||||
|
if (LookupPrivilegeValueW(0, SE_SECURITY_NAME, &PrivilegeSet.Privilege[0].Luid) &&
|
||||||
|
OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, &ProcessToken))
|
||||||
|
{
|
||||||
|
PrivilegeSet.PrivilegeCount = 1;
|
||||||
|
PrivilegeSet.Control = PRIVILEGE_SET_ALL_NECESSARY;
|
||||||
|
PrivilegeSet.Privilege[0].Attributes = 0;
|
||||||
|
PrivilegeCheck(ProcessToken, &PrivilegeSet, &HasSecurityPrivilege);
|
||||||
|
CloseHandle(ProcessToken);
|
||||||
|
}
|
||||||
|
|
||||||
RootHandle = CreateFileW(
|
RootHandle = CreateFileW(
|
||||||
RootPath,
|
RootPath,
|
||||||
FILE_READ_ATTRIBUTES,
|
FILE_READ_ATTRIBUTES,
|
||||||
@@ -1234,6 +1255,7 @@ NTSTATUS PtfsCreate(
|
|||||||
memset(Ptfs, 0, sizeof *Ptfs);
|
memset(Ptfs, 0, sizeof *Ptfs);
|
||||||
|
|
||||||
Ptfs->FileSystem = FileSystem;
|
Ptfs->FileSystem = FileSystem;
|
||||||
|
Ptfs->HasSecurityPrivilege = HasSecurityPrivilege;
|
||||||
Ptfs->RootHandle = RootHandle;
|
Ptfs->RootHandle = RootHandle;
|
||||||
Ptfs->RootPrefixLength = FileAllInfo.NameInformation.FileNameLength;
|
Ptfs->RootPrefixLength = FileAllInfo.NameInformation.FileNameLength;
|
||||||
Ptfs->FsAttributeMask = FsAttributeMask;
|
Ptfs->FsAttributeMask = FsAttributeMask;
|
||||||
|
|||||||
@@ -55,6 +55,7 @@ enum
|
|||||||
typedef struct
|
typedef struct
|
||||||
{
|
{
|
||||||
FSP_FILE_SYSTEM *FileSystem;
|
FSP_FILE_SYSTEM *FileSystem;
|
||||||
|
BOOLEAN HasSecurityPrivilege;
|
||||||
HANDLE RootHandle;
|
HANDLE RootHandle;
|
||||||
ULONG RootPrefixLength;
|
ULONG RootPrefixLength;
|
||||||
ULONG FsAttributeMask;
|
ULONG FsAttributeMask;
|
||||||
|
|||||||
Reference in New Issue
Block a user