dll: fsctl: security descriptor malarkey

2025-04-23 17:03:12 -05:00 · 2015-12-01 15:34:18 -08:00 · 2015-12-01 15:34:18 -08:00 · 4f790f7b58
commit 4f790f7b58
parent 8201c4972b
1 changed files with 36 additions and 59 deletions
--- a/src/dll/fsctl.c
+++ b/src/dll/fsctl.c
@ -11,6 +11,13 @@
 #define GLOBALROOT                      L"\\\\?\\GLOBALROOT"
 static inline PVOID Malloc(SIZE_T Size)
 {
    PVOID P = malloc(Size);
    if (0 != P)
        SetLastError(ERROR_NO_SYSTEM_RESOURCES);
    return P;
 }
 static inline VOID GlobalDevicePath(PWCHAR DevicePathBuf, SIZE_T DevicePathSize, PWSTR DevicePath)
 {
    StringCbPrintfW(DevicePathBuf, DevicePathSize,
@ -21,15 +28,14 @@ static NTSTATUS CreateSelfRelativeSecurityDescriptor(PSECURITY_DESCRIPTOR Securi
    PSECURITY_DESCRIPTOR *PSelfRelativeSecurityDescriptor, PDWORD PSelfRelativeSecurityDescriptorSize)
 {
    NTSTATUS Result;
    BOOLEAN Success;
    PSECURITY_DESCRIPTOR SelfRelativeSecurityDescriptor = 0;
    DWORD SelfRelativeSecurityDescriptorSize;
    SECURITY_DESCRIPTOR SecurityDescriptorStruct;
-    PTOKEN_OWNER Owner = 0;
+    PTOKEN_USER User = 0;
-    PTOKEN_PRIMARY_GROUP PrimaryGroup = 0;
+    PACL Acl = 0;
-    PTOKEN_DEFAULT_DACL DefaultDacl = 0;
+    DWORD UserSize = 0;
-    DWORD OwnerSize = 0;
+    DWORD AclSize = 0;
    DWORD PrimaryGroupSize = 0;
    DWORD DefaultDaclSize = 0;
    HANDLE Token = 0;
    *PSelfRelativeSecurityDescriptor = 0;
@ -37,41 +43,20 @@ static NTSTATUS CreateSelfRelativeSecurityDescriptor(PSECURITY_DESCRIPTOR Securi
    if (0 == SecurityDescriptor)
    {
-        if (!OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, &Token))
+        Success =
-        {
+            OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, &Token) &&
-            Result = FspNtStatusFromWin32(GetLastError());
+            (GetTokenInformation(Token, TokenUser, 0, 0, &UserSize) ||
-            goto exit;
+                ERROR_INSUFFICIENT_BUFFER == GetLastError()) &&
-        }
+            (User = Malloc(UserSize)) &&
-        if ((!GetTokenInformation(Token, TokenOwner, 0, 0, &OwnerSize) &&
+            GetTokenInformation(Token, TokenUser, User, UserSize, &UserSize) &&
-                ERROR_INSUFFICIENT_BUFFER != GetLastError()) ||
+            (AclSize = sizeof(ACL) + sizeof(ACCESS_ALLOWED_ACE) + GetLengthSid(User->User.Sid) - sizeof(DWORD)) &&
-            (!GetTokenInformation(Token, TokenPrimaryGroup, 0, 0, &PrimaryGroupSize) &&
+            (Acl = Malloc(AclSize)) &&
-                ERROR_INSUFFICIENT_BUFFER != GetLastError()) ||
+            InitializeAcl(Acl, AclSize, ACL_REVISION) &&
-            (!GetTokenInformation(Token, TokenDefaultDacl, 0, 0, &DefaultDaclSize) &&
+            AddAccessAllowedAce(Acl, ACL_REVISION, GENERIC_ALL, User->User.Sid) &&
-                ERROR_INSUFFICIENT_BUFFER != GetLastError()))
+            InitializeSecurityDescriptor(&SecurityDescriptorStruct, SECURITY_DESCRIPTOR_REVISION) &&
-        {
+            SetSecurityDescriptorDacl(&SecurityDescriptorStruct, TRUE, Acl, FALSE) &&
-            Result = FspNtStatusFromWin32(GetLastError());
+            SetSecurityDescriptorControl(&SecurityDescriptorStruct, SE_DACL_PROTECTED, SE_DACL_PROTECTED);
-            goto exit;
+        if (!Success)
        }
        Owner = malloc(OwnerSize);
        PrimaryGroup = malloc(PrimaryGroupSize);
        DefaultDacl = malloc(DefaultDaclSize);
        if (0 == Owner || 0 == PrimaryGroup || 0 == DefaultDacl)
        {
            Result = STATUS_INSUFFICIENT_RESOURCES;
            goto exit;
        }
        if (!GetTokenInformation(Token, TokenOwner, Owner, OwnerSize, &OwnerSize) ||
            !GetTokenInformation(Token, TokenPrimaryGroup, PrimaryGroup, PrimaryGroupSize, &PrimaryGroupSize) ||
            !GetTokenInformation(Token, TokenDefaultDacl, DefaultDacl, DefaultDaclSize, &DefaultDaclSize))
        {
            Result = FspNtStatusFromWin32(GetLastError());
            goto exit;
        }
        if (!InitializeSecurityDescriptor(&SecurityDescriptorStruct, SECURITY_DESCRIPTOR_REVISION) ||
            !SetSecurityDescriptorOwner(&SecurityDescriptorStruct, Owner->Owner, FALSE) ||
            !SetSecurityDescriptorGroup(&SecurityDescriptorStruct, PrimaryGroup->PrimaryGroup, FALSE) ||
            !SetSecurityDescriptorDacl(&SecurityDescriptorStruct, TRUE, DefaultDacl->DefaultDacl, FALSE) ||
            !SetSecurityDescriptorControl(&SecurityDescriptorStruct, SE_DACL_PROTECTED, SE_DACL_PROTECTED))
        {
            Result = FspNtStatusFromWin32(GetLastError());
            goto exit;
@ -80,19 +65,12 @@ static NTSTATUS CreateSelfRelativeSecurityDescriptor(PSECURITY_DESCRIPTOR Securi
    }
    SelfRelativeSecurityDescriptorSize = 0;
-    if (!MakeSelfRelativeSD(SecurityDescriptor, 0, &SelfRelativeSecurityDescriptorSize) &&
+    Success =
-        ERROR_INSUFFICIENT_BUFFER != GetLastError())
+        (MakeSelfRelativeSD(SecurityDescriptor, 0, &SelfRelativeSecurityDescriptorSize) ||
-    {
+            ERROR_INSUFFICIENT_BUFFER == GetLastError()) &&
-        Result = FspNtStatusFromWin32(GetLastError());
+        (SelfRelativeSecurityDescriptor = Malloc(SelfRelativeSecurityDescriptorSize)) &&
-        goto exit;
+        (MakeSelfRelativeSD(SecurityDescriptor, SelfRelativeSecurityDescriptor, &SelfRelativeSecurityDescriptorSize));
-    }
+    if (!Success)
    SelfRelativeSecurityDescriptor = malloc(SelfRelativeSecurityDescriptorSize);
    if (0 == SelfRelativeSecurityDescriptor)
    {
        Result = STATUS_INSUFFICIENT_RESOURCES;
        goto exit;
    }
    if (!MakeSelfRelativeSD(SecurityDescriptor, SelfRelativeSecurityDescriptor, &SelfRelativeSecurityDescriptorSize))
    {
        Result = FspNtStatusFromWin32(GetLastError());
        goto exit;
@ -106,9 +84,8 @@ exit:
    if (0 != Token)
        CloseHandle(Token);
-    free(DefaultDacl);
+    free(Acl);
-    free(PrimaryGroup);
+    free(User);
    free(Owner);
    if (STATUS_SUCCESS != Result)
        free(SelfRelativeSecurityDescriptor);
@ -136,10 +113,10 @@ FSP_API NTSTATUS FspFsctlCreateVolume(PWSTR DevicePath,
    if (!NT_SUCCESS(Result))
        goto exit;
-    ParamsBuf = malloc(FSP_FSCTL_VOLUME_PARAMS_SIZE + SelfRelativeSecurityDescriptorSize);
+    ParamsBuf = Malloc(FSP_FSCTL_VOLUME_PARAMS_SIZE + SelfRelativeSecurityDescriptorSize);
    if (0 == ParamsBuf)
    {
-        Result = STATUS_INSUFFICIENT_RESOURCES;
+        Result = FspNtStatusFromWin32(GetLastError());
        goto exit;
    }
    memset(ParamsBuf, 0, FSP_FSCTL_VOLUME_PARAMS_SIZE);