sys,dll: properly implement stream create check

2025-06-15 08:12:45 -05:00 · 2016-10-10 17:29:16 -07:00
parent 4dc1828e1f
commit 4084448bd5
5 changed files with 90 additions and 20 deletions
--- a/src/dll/fsop.c
+++ b/src/dll/fsop.c
@ -140,24 +140,57 @@ NTSTATUS FspFileSystemCreateCheck(FSP_FILE_SYSTEM *FileSystem,
    UINT32 GrantedAccess;

    /*
-     * CreateCheck consists of checking the parent directory for the
-     * FILE_ADD_SUBDIRECTORY or FILE_ADD_FILE rights (depending on whether
-     * we are creating a file or directory).
+     * CreateCheck does different checks depending on whether we are
+     * creating a new file/directory or a new stream.
     *
-     * If the access check succeeds and MAXIMUM_ALLOWED has been requested
-     * then we go ahead and grant all access to the creator.
+     * -   CreateCheck for a new file consists of checking the parent directory
+     *     for the FILE_ADD_SUBDIRECTORY or FILE_ADD_FILE rights (depending on
+     *     whether we are creating a file or directory).
+     *
+     *     If the access check succeeds and MAXIMUM_ALLOWED has been requested
+     *     then we go ahead and grant all access to the creator.
+     *
+     * -   CreateCheck for a new stream consists of checking the main file for
+     *     FILE_WRITE_DATA access, unless FILE_DELETE_ON_CLOSE is requested in
+     *     which case we also check for DELETE access.
+     *
+     *     If the access check succeeds and MAXIMUM_ALLOWED was not requested
+     *     then we reset the DELETE and FILE_WRITE_DATA accesses based on whether
+     *     they were actually requested in DesiredAccess.
     */

-    Result = FspAccessCheckEx(FileSystem, Request, TRUE, AllowTraverseCheck,
-        (Request->Req.Create.CreateOptions & FILE_DIRECTORY_FILE) ?
-            FILE_ADD_SUBDIRECTORY : FILE_ADD_FILE,
-        &GrantedAccess, PSecurityDescriptor);
-    if (STATUS_REPARSE == Result)
-        Result = FspFileSystemCallResolveReparsePoints(FileSystem, Request, Response, GrantedAccess);
-    else if (NT_SUCCESS(Result))
+    if (!Request->Req.Create.NamedStream)
    {
-        *PGrantedAccess = (MAXIMUM_ALLOWED & Request->Req.Create.DesiredAccess) ?
-            FspGetFileGenericMapping()->GenericAll : Request->Req.Create.DesiredAccess;
+        Result = FspAccessCheckEx(FileSystem, Request, TRUE, AllowTraverseCheck,
+            (Request->Req.Create.CreateOptions & FILE_DIRECTORY_FILE) ?
+                FILE_ADD_SUBDIRECTORY : FILE_ADD_FILE,
+            &GrantedAccess, PSecurityDescriptor);
+        if (STATUS_REPARSE == Result)
+            Result = FspFileSystemCallResolveReparsePoints(FileSystem, Request, Response, GrantedAccess);
+        else if (NT_SUCCESS(Result))
+        {
+            *PGrantedAccess = (MAXIMUM_ALLOWED & Request->Req.Create.DesiredAccess) ?
+                FspGetFileGenericMapping()->GenericAll : Request->Req.Create.DesiredAccess;
+        }
+    }
+    else
+    {
+        *PSecurityDescriptor = 0;
+
+        Result = FspAccessCheckEx(FileSystem, Request, TRUE, AllowTraverseCheck,
+            Request->Req.Create.DesiredAccess |
+                FILE_WRITE_DATA |
+                ((Request->Req.Create.CreateOptions & FILE_DELETE_ON_CLOSE) ? DELETE : 0),
+            &GrantedAccess, 0);
+        if (STATUS_REPARSE == Result)
+            Result = FspFileSystemCallResolveReparsePoints(FileSystem, Request, Response, GrantedAccess);
+        else if (NT_SUCCESS(Result))
+        {
+            *PGrantedAccess = GrantedAccess;
+            if (0 == (Request->Req.Create.DesiredAccess & MAXIMUM_ALLOWED))
+                *PGrantedAccess &= ~(DELETE | FILE_WRITE_DATA) |
+                    (Request->Req.Create.DesiredAccess & (DELETE | FILE_WRITE_DATA));
+        }
    }

    return Result;
--- a/src/dll/security.c
+++ b/src/dll/security.c
@ -63,10 +63,21 @@ static inline ULONG FspPathSuffixIndex(PWSTR FileName)

 FSP_API NTSTATUS FspAccessCheckEx(FSP_FILE_SYSTEM *FileSystem,
    FSP_FSCTL_TRANSACT_REQ *Request,
-    BOOLEAN CheckParentDirectory, BOOLEAN AllowTraverseCheck,
+    BOOLEAN CheckParentOrMain, BOOLEAN AllowTraverseCheck,
    UINT32 DesiredAccess, PUINT32 PGrantedAccess,
    PSECURITY_DESCRIPTOR *PSecurityDescriptor)
 {
+    BOOLEAN CheckParentDirectory, CheckMainFile;
+
+    CheckParentDirectory = CheckMainFile = FALSE;
+    if (CheckParentOrMain)
+    {
+        if (!Request->Req.Create.NamedStream)
+            CheckParentDirectory = TRUE;
+        else
+            CheckMainFile = TRUE;
+    }
+
    *PGrantedAccess = 0;
    if (0 != PSecurityDescriptor)
        *PSecurityDescriptor = 0;
@ -100,6 +111,11 @@ FSP_API NTSTATUS FspAccessCheckEx(FSP_FILE_SYSTEM *FileSystem,

    if (CheckParentDirectory)
        FspPathSuffix((PWSTR)Request->Buffer, &FileName, &Suffix, Root);
+    else if (CheckMainFile)
+    {
+        ((PWSTR)Request->Buffer)[Request->Req.Create.NamedStream / sizeof(WCHAR)] = L'\0';
+        FileName = (PWSTR)Request->Buffer;
+    }
    else
        FileName = (PWSTR)Request->Buffer;

@ -269,6 +285,20 @@ FSP_API NTSTATUS FspAccessCheckEx(FSP_FILE_SYSTEM *FileSystem,
            goto exit;
        }
    }
+    else if (CheckMainFile)
+    {
+        /*
+         * We check to see if this is a reparse point and FILE_OPEN_REPARSE_POINT
+         * was not specified, in which case we return STATUS_REPARSE.
+         */
+        if (0 != (FileAttributes & FILE_ATTRIBUTE_REPARSE_POINT) &&
+            0 == (Request->Req.Create.CreateOptions & FILE_OPEN_REPARSE_POINT))
+        {
+            FileAttributes = FspPathSuffixIndex(FileName);
+            Result = STATUS_REPARSE;
+            goto exit;
+        }
+    }
    else
    {
        /*
@ -344,6 +374,8 @@ exit:
        if (STATUS_OBJECT_NAME_NOT_FOUND == Result)
            Result = STATUS_OBJECT_PATH_NOT_FOUND;
    }
+    else if (CheckMainFile)
+        ((PWSTR)Request->Buffer)[Request->Req.Create.NamedStream / sizeof(WCHAR)] = L':';

    return Result;
 }