Public/winfsp
1
0
Fork 0
mirror of https://github.com/winfsp/winfsp.git synced 2025-04-21 16:02:59 -05:00
Code Issues Packages Projects Releases Wiki Activity

sys: FspFsvolCreate, FspFsvolSetSecurity: absolute security descriptors

Browse Source 
Some third party filters send us security descriptors in absolute rather
than self-relative format. Handle this case by converting them to self-
relative format ourselves.
This commit is contained in:
Bill Zissimopoulos 2024-10-10 12:32:50 +01:00
parent 2da97d48f5
commit 4fdec4d37f
2 changed files with 34 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
src/sys/create.c
View File

@ -298,6 +298,8 @@ static NTSTATUS FspFsvolCreateNoLock(
ULONG CreateOptions = IrpSp->Parameters.Create.Options;
USHORT FileAttributes = IrpSp->Parameters.Create.FileAttributes;
PSECURITY_DESCRIPTOR SecurityDescriptor = AccessState->SecurityDescriptor;
BOOLEAN SecurityDescriptorRelative = 0 != SecurityDescriptor &&
BooleanFlagOn(((SECURITY_DESCRIPTOR *)SecurityDescriptor)->Control, SE_SELF_RELATIVE);
ULONG SecurityDescriptorSize = 0;
UINT64 AllocationSize = Irp->Overlay.AllocationSize.QuadPart;
UINT64 AllocationUnit;
@ -406,7 +408,10 @@ static NTSTATUS FspFsvolCreateNoLock(
if (!RtlValidSecurityDescriptor(SecurityDescriptor))
return STATUS_INVALID_PARAMETER;
#endif
SecurityDescriptorSize = RtlLengthSecurityDescriptor(SecurityDescriptor);
if (SecurityDescriptorRelative)
SecurityDescriptorSize = RtlLengthSecurityDescriptor(SecurityDescriptor);
else
RtlAbsoluteToSelfRelativeSD(SecurityDescriptor, 0, &SecurityDescriptorSize);
}
/* align allocation size */
@ -702,8 +707,18 @@ static NTSTATUS FspFsvolCreateNoLock(
/* copy the security descriptor (if any) into the request */
if (0 != SecurityDescriptorSize)
RtlCopyMemory(Request->Buffer + Request->Req.Create.SecurityDescriptor.Offset,
SecurityDescriptor, SecurityDescriptorSize);
{
if (SecurityDescriptorRelative)
RtlCopyMemory(
Request->Buffer + Request->Req.Create.SecurityDescriptor.Offset,
SecurityDescriptor,
SecurityDescriptorSize);
else
RtlAbsoluteToSelfRelativeSD(
SecurityDescriptor,
(PSECURITY_DESCRIPTOR)(Request->Buffer + Request->Req.Create.SecurityDescriptor.Offset),
&SecurityDescriptorSize);
}
/* copy the extra buffer (if any) into the request */
if (0 != ExtraBuffer)

18
src/sys/security.c
View File

@ -207,6 +207,8 @@ static NTSTATUS FspFsvolSetSecurity(
FSP_FILE_DESC *FileDesc = FileObject->FsContext2;
SECURITY_INFORMATION SecurityInformation = IrpSp->Parameters.SetSecurity.SecurityInformation;
PSECURITY_DESCRIPTOR SecurityDescriptor = IrpSp->Parameters.SetSecurity.SecurityDescriptor;
BOOLEAN SecurityDescriptorRelative =
BooleanFlagOn(((SECURITY_DESCRIPTOR *)SecurityDescriptor)->Control, SE_SELF_RELATIVE);
ULONG SecurityDescriptorSize = 0;
ASSERT(FileNode == FileDesc->FileNode);
@ -216,7 +218,10 @@ static NTSTATUS FspFsvolSetSecurity(
if (0 == SecurityDescriptor || !RtlValidSecurityDescriptor(SecurityDescriptor))
return STATUS_INVALID_PARAMETER;
#endif
SecurityDescriptorSize = RtlLengthSecurityDescriptor(SecurityDescriptor);
if (SecurityDescriptorRelative)
SecurityDescriptorSize = RtlLengthSecurityDescriptor(SecurityDescriptor);
else
RtlAbsoluteToSelfRelativeSD(SecurityDescriptor, 0, &SecurityDescriptorSize);
FspFileNodeAcquireExclusive(FileNode, Full);
@ -236,7 +241,16 @@ static NTSTATUS FspFsvolSetSecurity(
Request->Req.SetSecurity.SecurityInformation = SecurityInformation;
Request->Req.SetSecurity.SecurityDescriptor.Offset = 0;
Request->Req.SetSecurity.SecurityDescriptor.Size = (UINT16)SecurityDescriptorSize;
RtlCopyMemory(Request->Buffer, SecurityDescriptor, SecurityDescriptorSize);
if (SecurityDescriptorRelative)
RtlCopyMemory(
Request->Buffer,
SecurityDescriptor,
SecurityDescriptorSize);
else
RtlAbsoluteToSelfRelativeSD(
SecurityDescriptor,
(PSECURITY_DESCRIPTOR)Request->Buffer,
&SecurityDescriptorSize);
FspFileNodeSetOwner(FileNode, Full, Request);
FspIopRequestContext(Request, RequestFileNode) = FileNode;