From 3e4cfdd14312e67c81ebfcecf11cf96ffd02a7fb Mon Sep 17 00:00:00 2001 From: Bill Zissimopoulos Date: Fri, 4 Dec 2015 11:17:56 -0800 Subject: [PATCH] sys: FspFsvolCreatePrepare --- src/sys/create.c | 75 +++++++++++++++++++++++++++++++++--------------- src/sys/driver.c | 4 +-- src/sys/driver.h | 10 +++++-- src/sys/iop.c | 14 +++++++++ 4 files changed, 76 insertions(+), 27 deletions(-) diff --git a/src/sys/create.c b/src/sys/create.c index fcbf2d47..b257cc0c 100644 --- a/src/sys/create.c +++ b/src/sys/create.c @@ -12,17 +12,17 @@ static NTSTATUS FspFsvrtCreate( PDEVICE_OBJECT DeviceObject, PIRP Irp, PIO_STACK_LOCATION IrpSp); static NTSTATUS FspFsvolCreate( PDEVICE_OBJECT DeviceObject, PIRP Irp, PIO_STACK_LOCATION IrpSp); +FSP_IOPREP_DISPATCH FspFsvolCreatePrepare; +FSP_IOCMPL_DISPATCH FspFsvolCreateComplete; FSP_DRIVER_DISPATCH FspCreate; -FSP_IOPREP_DISPATCH FspCreatePrepare; -FSP_IOCMPL_DISPATCH FspCreateComplete; #ifdef ALLOC_PRAGMA #pragma alloc_text(PAGE, FspFsctlCreate) #pragma alloc_text(PAGE, FspFsvrtCreate) #pragma alloc_text(PAGE, FspFsvolCreate) +#pragma alloc_text(PAGE, FspFsvolCreatePrepare) +#pragma alloc_text(PAGE, FspFsvolCreateComplete) #pragma alloc_text(PAGE, FspCreate) -#pragma alloc_text(PAGE, FspCreatePrepare) -#pragma alloc_text(PAGE, FspCreateComplete) #endif static NTSTATUS FspFsctlCreate( @@ -277,7 +277,7 @@ static NTSTATUS FspFsvolCreate( { Result = ObOpenObjectByPointer( SeQuerySubjectContextToken(&AccessState->SubjectSecurityContext), - OBJ_KERNEL_HANDLE, 0, TOKEN_QUERY, 0, KernelMode, &AccessToken); + OBJ_KERNEL_HANDLE, 0, 0, *SeTokenObjectType, KernelMode, &AccessToken); if (!NT_SUCCESS(Result)) { FspFileContextDelete(FsContext); @@ -285,6 +285,7 @@ static NTSTATUS FspFsvolCreate( } /* send the kernel handle and change it into a process handle at prepare time */ + Irp->Tail.Overlay.DriverContext[1] = AccessToken; Request->Req.Create.AccessToken = (UINT_PTR)AccessToken; } @@ -311,6 +312,52 @@ static NTSTATUS FspFsvolCreate( return STATUS_PENDING; } +NTSTATUS FspFsvolCreatePrepare( + PIRP Irp, FSP_FSCTL_TRANSACT_REQ *Request) +{ + FSP_ENTER_IOP(PAGED_CODE()); + + HANDLE KernelModeAccessToken = (HANDLE)Request->Req.Create.AccessToken; + HANDLE UserModeAccessToken; + PACCESS_TOKEN AccessToken; + + if (0 == KernelModeAccessToken) + FSP_RETURN(Result = STATUS_SUCCESS); + + FSP_FSVOL_DEVICE_EXTENSION *FsvolDeviceExtension = FspFsvolDeviceExtension(IrpSp->DeviceObject); + ASSERT(FspFsvolDeviceExtensionKind == FsvolDeviceExtension->Base.Kind); + + Request->Req.Create.AccessToken = 0; + Irp->Tail.Overlay.DriverContext[1] = 0; + + Result = ObReferenceObjectByHandle(KernelModeAccessToken, + 0, *SeTokenObjectType, KernelMode, &AccessToken, 0); + ObCloseHandle(KernelModeAccessToken, KernelMode); + if (!NT_SUCCESS(Result)) + FSP_RETURN(); + + Result = ObOpenObjectByPointer(AccessToken, + 0, 0, TOKEN_QUERY, *SeTokenObjectType, UserMode, &UserModeAccessToken); + ObDereferenceObject(AccessToken); + if (!NT_SUCCESS(Result)) + FSP_RETURN(); + + Irp->Tail.Overlay.DriverContext[1] = UserModeAccessToken; + Request->Req.Create.AccessToken = (UINT_PTR)UserModeAccessToken; + + FSP_LEAVE_IOP(); +} + +VOID FspFsvolCreateComplete( + PIRP Irp, const FSP_FSCTL_TRANSACT_RSP *Response) +{ + FSP_ENTER_IOC(PAGED_CODE()); + + FSP_LEAVE_IOC( + "FileObject=%p[%p:\"%wZ\"]", + IrpSp->FileObject, IrpSp->FileObject->RelatedFileObject, IrpSp->FileObject->FileName); +} + NTSTATUS FspCreate( PDEVICE_OBJECT DeviceObject, PIRP Irp) { @@ -348,21 +395,3 @@ NTSTATUS FspCreate( Irp->Overlay.AllocationSize.HighPart, Irp->Overlay.AllocationSize.LowPart, Irp->AssociatedIrp.SystemBuffer, IrpSp->Parameters.Create.EaLength); } - -NTSTATUS FspCreatePrepare( - PIRP Irp, FSP_FSCTL_TRANSACT_REQ *Request) -{ - PAGED_CODE(); - - return STATUS_SUCCESS; -} - -VOID FspCreateComplete( - PIRP Irp, const FSP_FSCTL_TRANSACT_RSP *Response) -{ - FSP_ENTER_IOC(PAGED_CODE()); - - FSP_LEAVE_IOC( - "FileObject=%p[%p:\"%wZ\"]", - IrpSp->FileObject, IrpSp->FileObject->RelatedFileObject, IrpSp->FileObject->FileName); -} diff --git a/src/sys/driver.c b/src/sys/driver.c index 17785baa..ece30358 100644 --- a/src/sys/driver.c +++ b/src/sys/driver.c @@ -63,10 +63,10 @@ NTSTATUS DriverEntry( DriverObject->MajorFunction[IRP_MJ_SET_SECURITY] = FspSetSecurity; /* setup the I/O preparation functions */ - FspIopPrepareFunction[IRP_MJ_CREATE] = FspCreatePrepare; + FspIopPrepareFunction[IRP_MJ_CREATE] = FspFsvolCreatePrepare; /* setup the I/O completion functions */ - FspIopCompleteFunction[IRP_MJ_CREATE] = FspCreateComplete; + FspIopCompleteFunction[IRP_MJ_CREATE] = FspFsvolCreateComplete; FspIopCompleteFunction[IRP_MJ_CLOSE] = FspCloseComplete; FspIopCompleteFunction[IRP_MJ_READ] = FspReadComplete; FspIopCompleteFunction[IRP_MJ_WRITE] = FspWriteComplete; diff --git a/src/sys/driver.h b/src/sys/driver.h index 3d8c6c0d..77f38dfa 100644 --- a/src/sys/driver.h +++ b/src/sys/driver.h @@ -127,6 +127,12 @@ FspIopCompleteRequestEx(Irp, Result, fsp_device_release);\ ); \ return Result +#define FSP_ENTER_IOP(...) \ + NTSTATUS Result = STATUS_SUCCESS; \ + PIO_STACK_LOCATION IrpSp = IoGetCurrentIrpStackLocation(Irp); (VOID)IrpSp;\ + FSP_ENTER_NOCRIT_(__VA_ARGS__) +#define FSP_LEAVE_IOP() \ + FSP_LEAVE_NOCRIT_(); return Result #define FSP_ENTER_IOC(...) \ NTSTATUS Result = STATUS_SUCCESS; \ PIO_STACK_LOCATION IrpSp = IoGetCurrentIrpStackLocation(Irp); (VOID)IrpSp;\ @@ -203,10 +209,10 @@ _IRQL_requires_max_(APC_LEVEL) _IRQL_requires_same_ typedef VOID FSP_IOCMPL_DISPATCH( _Inout_ PIRP Irp, _In_ const FSP_FSCTL_TRANSACT_RSP *Response); -FSP_IOPREP_DISPATCH FspCreatePrepare; +FSP_IOPREP_DISPATCH FspFsvolCreatePrepare; FSP_IOCMPL_DISPATCH FspCleanupComplete; FSP_IOCMPL_DISPATCH FspCloseComplete; -FSP_IOCMPL_DISPATCH FspCreateComplete; +FSP_IOCMPL_DISPATCH FspFsvolCreateComplete; FSP_IOCMPL_DISPATCH FspDeviceControlComplete; FSP_IOCMPL_DISPATCH FspDirectoryControlComplete; FSP_IOCMPL_DISPATCH FspFileSystemControlComplete; diff --git a/src/sys/iop.c b/src/sys/iop.c index 3010962a..124ffa96 100644 --- a/src/sys/iop.c +++ b/src/sys/iop.c @@ -65,6 +65,20 @@ VOID FspIopCompleteRequestEx(PIRP Irp, NTSTATUS Result, BOOLEAN DeviceRelease) Irp->Tail.Overlay.DriverContext[0] = 0; } + if (0 != Irp->Tail.Overlay.DriverContext[1]) + { +#if DBG + NTSTATUS Result0; + Result0 = ObCloseHandle(Irp->Tail.Overlay.DriverContext[1], KernelMode); + if (!NT_SUCCESS(Result0)) + DEBUGLOG("ObCloseHandle() = %s", NtStatusSym(Result0)); +#else + ObCloseHandle(Irp->Tail.Overlay.DriverContext[1], KernelMode); +#endif + + Irp->Tail.Overlay.DriverContext[1] = 0; + } + PDEVICE_OBJECT DeviceObject = IoGetCurrentIrpStackLocation(Irp)->DeviceObject; if (!NT_SUCCESS(Result))