diff --git a/src/sys/driver.h b/src/sys/driver.h index 5179bfca..d6027dc5 100644 --- a/src/sys/driver.h +++ b/src/sys/driver.h @@ -192,6 +192,8 @@ FAST_IO_RELEASE_FOR_CCFLUSH FspReleaseForCcFlush; /* misc */ NTSTATUS CreateGuid(GUID *Guid); +NTSTATUS SecuritySubjectContextAccessCheck( + PSECURITY_DESCRIPTOR SecurityDescriptor, ACCESS_MASK DesiredAccess, KPROCESSOR_MODE AccessMode); /* debug */ #if DBG diff --git a/src/sys/fsctl.c b/src/sys/fsctl.c index 5a46c72c..3ce74a1d 100644 --- a/src/sys/fsctl.c +++ b/src/sys/fsctl.c @@ -8,8 +8,6 @@ static NTSTATUS FspFsctlCreateVolume( PDEVICE_OBJECT DeviceObject, PIRP Irp, PIO_STACK_LOCATION IrpSp); -static NTSTATUS FspFsvrtAccessCheck( - PSECURITY_DESCRIPTOR SecurityDescriptor, ACCESS_MASK DesiredAccess, KPROCESSOR_MODE AccessMode); static NTSTATUS FspFsvrtDeleteVolume( PDEVICE_OBJECT DeviceObject, PIRP Irp, PIO_STACK_LOCATION IrpSp); static NTSTATUS FspFsvrtTransact( @@ -24,7 +22,6 @@ DRIVER_DISPATCH FspFileSystemControl; #ifdef ALLOC_PRAGMA #pragma alloc_text(PAGE, FspFsctlCreateVolume) -#pragma alloc_text(PAGE, FspFsvrtAccessCheck) #pragma alloc_text(PAGE, FspFsvrtDeleteVolume) #pragma alloc_text(PAGE, FspFsvrtTransact) #pragma alloc_text(PAGE, FspFsctlFileSystemControl) @@ -92,30 +89,12 @@ static NTSTATUS FspFsctlCreateVolume( return Result; } -static NTSTATUS FspFsvrtAccessCheck( - PSECURITY_DESCRIPTOR SecurityDescriptor, ACCESS_MASK DesiredAccess, KPROCESSOR_MODE AccessMode) -{ - NTSTATUS Result = STATUS_ACCESS_DENIED; - SECURITY_SUBJECT_CONTEXT SecuritySubjectContext; - ACCESS_MASK GrantedAccess; - - SeCaptureSubjectContext(&SecuritySubjectContext); - if (SeAccessCheck(SecurityDescriptor, - &SecuritySubjectContext, FALSE, - DesiredAccess, 0, 0, IoGetFileObjectGenericMapping(), AccessMode, - &GrantedAccess, &Result)) - Result = STATUS_SUCCESS; - SeReleaseSubjectContext(&SecuritySubjectContext); - - return Result; -} - static NTSTATUS FspFsvrtDeleteVolume( PDEVICE_OBJECT DeviceObject, PIRP Irp, PIO_STACK_LOCATION IrpSp) { NTSTATUS Result; - Result = FspFsvrtAccessCheck( + Result = SecuritySubjectContextAccessCheck( FspFsvrtDeviceExtension(DeviceObject)->SecurityDescriptorBuf, FILE_WRITE_DATA, Irp->RequestorMode); if (!NT_SUCCESS(Result)) @@ -129,7 +108,7 @@ static NTSTATUS FspFsvrtTransact( { NTSTATUS Result; - Result = FspFsvrtAccessCheck( + Result = SecuritySubjectContextAccessCheck( FspFsvrtDeviceExtension(DeviceObject)->SecurityDescriptorBuf, FILE_WRITE_DATA, Irp->RequestorMode); if (!NT_SUCCESS(Result)) diff --git a/src/sys/misc.c b/src/sys/misc.c index 14a71d91..a46d813f 100644 --- a/src/sys/misc.c +++ b/src/sys/misc.c @@ -7,18 +7,45 @@ #include NTSTATUS CreateGuid(GUID *Guid); +NTSTATUS SecuritySubjectContextAccessCheck( + PSECURITY_DESCRIPTOR SecurityDescriptor, ACCESS_MASK DesiredAccess, KPROCESSOR_MODE AccessMode); #ifdef ALLOC_PRAGMA #pragma alloc_text(PAGE, CreateGuid) +#pragma alloc_text(PAGE, SecuritySubjectContextAccessCheck) #endif NTSTATUS CreateGuid(GUID *Guid) { + PAGED_CODE(); + NTSTATUS Result; + int Retries = 3; do { Result = ExUuidCreate(Guid); } while (!NT_SUCCESS(Result) && 0 < --Retries); + + return Result; +} + +NTSTATUS SecuritySubjectContextAccessCheck( + PSECURITY_DESCRIPTOR SecurityDescriptor, ACCESS_MASK DesiredAccess, KPROCESSOR_MODE AccessMode) +{ + PAGED_CODE(); + + NTSTATUS Result = STATUS_ACCESS_DENIED; + SECURITY_SUBJECT_CONTEXT SecuritySubjectContext; + ACCESS_MASK GrantedAccess; + + SeCaptureSubjectContext(&SecuritySubjectContext); + if (SeAccessCheck(SecurityDescriptor, + &SecuritySubjectContext, FALSE, + DesiredAccess, 0, 0, IoGetFileObjectGenericMapping(), AccessMode, + &GrantedAccess, &Result)) + Result = STATUS_SUCCESS; + SeReleaseSubjectContext(&SecuritySubjectContext); + return Result; }