Public/winfsp
1
0
Fork 0
mirror of https://github.com/winfsp/winfsp.git synced 2025-10-30 19:48:38 -05:00
Code Activity

sys: IRP_MJ_CREATE

Browse Source
This commit is contained in:
Bill Zissimopoulos
2015-12-03 21:46:26 -08:00
parent 8c3f912e05
commit 6bfb23e77d
1 changed files with 232 additions and 187 deletions
Download Patch File Download Diff File Expand all files Collapse all files

419
src/sys/create.c
View File

@@ -50,215 +50,260 @@ static NTSTATUS FspFsvolCreate(
NTSTATUS Result;
FSP_FSVOL_DEVICE_EXTENSION *FsvolDeviceExtension = FspFsvolDeviceExtension(DeviceObject);
FSP_FSVRT_DEVICE_EXTENSION *FsvrtDeviceExtension =
FspFsvrtDeviceExtension(FsvolDeviceExtension->FsvrtDeviceObject);
PDEVICE_OBJECT FsvrtDeviceObject = FsvolDeviceExtension->FsvrtDeviceObject;
PFILE_OBJECT FileObject = IrpSp->FileObject;
PFILE_OBJECT RelatedFileObject = FileObject->RelatedFileObject;
UNICODE_STRING FileName = FileObject->FileName;
PACCESS_STATE AccessState = IrpSp->Parameters.Create.SecurityContext->AccessState;
ULONG CreateDisposition = (IrpSp->Parameters.Create.Options >> 24) & 0xff;
ULONG CreateOptions = IrpSp->Parameters.Create.Options & 0xffffff;
USHORT FileAttributes = IrpSp->Parameters.Create.FileAttributes;
PSECURITY_DESCRIPTOR SecurityDescriptor = AccessState->SecurityDescriptor;
ULONG SecurityDescriptorSize = 0;
LARGE_INTEGER AllocationSize = Irp->Overlay.AllocationSize;
HANDLE AccessToken;
ACCESS_MASK DesiredAccess = IrpSp->Parameters.Create.SecurityContext->DesiredAccess;
USHORT ShareAccess = IrpSp->Parameters.Create.ShareAccess;
PFILE_FULL_EA_INFORMATION EaBuffer = Irp->AssociatedIrp.SystemBuffer;
//ULONG EaLength = IrpSp->Parameters.Create.EaLength;
ULONG Flags = IrpSp->Flags;
KPROCESSOR_MODE RequestorMode = FlagOn(Flags, SL_FORCE_ACCESS_CHECK) ? UserMode : Irp->RequestorMode;
BOOLEAN HasTraversePrivilege = BooleanFlagOn(AccessState->Flags, TOKEN_HAS_TRAVERSE_PRIVILEGE);
BOOLEAN IsAbsoluteSecurityDescriptor = FALSE;
BOOLEAN IsSelfRelativeSecurityDescriptor = FALSE;
BOOLEAN HasTrailingBackslash = FALSE;
FSP_FILE_CONTEXT *FsContext = 0;
FSP_FSCTL_TRANSACT_REQ *Request;
/* cannot open the volume object */
if (0 == RelatedFileObject && 0 == FileName.Length)
return STATUS_ACCESS_DENIED; /* need error code like POSIX EPERM (STATUS_NOT_SUPPORTED?) */
/* cannot open a paging file */
if (FlagOn(Flags, SL_OPEN_PAGING_FILE))
return STATUS_ACCESS_DENIED;
/* cannot open files by fileid */
if (FlagOn(CreateOptions, FILE_OPEN_BY_FILE_ID))
return STATUS_NOT_IMPLEMENTED;
/* do we support EA? */
if (0 != EaBuffer && !FsvrtDeviceExtension->VolumeParams.EaSupported)
return STATUS_EAS_NOT_SUPPORTED;
/* check security descriptor validity */
if (0 != SecurityDescriptor)
if (!FspDeviceRetain(FsvrtDeviceObject))
return STATUS_CANCELLED;
try
{
IsAbsoluteSecurityDescriptor = RtlValidSecurityDescriptor(SecurityDescriptor);
if (IsAbsoluteSecurityDescriptor)
FSP_FSVRT_DEVICE_EXTENSION *FsvrtDeviceExtension =
FspFsvrtDeviceExtension(FsvrtDeviceObject);
PFILE_OBJECT FileObject = IrpSp->FileObject;
PFILE_OBJECT RelatedFileObject = FileObject->RelatedFileObject;
UNICODE_STRING FileName = FileObject->FileName;
PACCESS_STATE AccessState = IrpSp->Parameters.Create.SecurityContext->AccessState;
ULONG CreateDisposition = (IrpSp->Parameters.Create.Options >> 24) & 0xff;
ULONG CreateOptions = IrpSp->Parameters.Create.Options & 0xffffff;
USHORT FileAttributes = IrpSp->Parameters.Create.FileAttributes;
PSECURITY_DESCRIPTOR SecurityDescriptor = AccessState->SecurityDescriptor;
ULONG SecurityDescriptorSize = 0;
LARGE_INTEGER AllocationSize = Irp->Overlay.AllocationSize;
HANDLE AccessToken;
ACCESS_MASK DesiredAccess = IrpSp->Parameters.Create.SecurityContext->DesiredAccess;
USHORT ShareAccess = IrpSp->Parameters.Create.ShareAccess;
PFILE_FULL_EA_INFORMATION EaBuffer = Irp->AssociatedIrp.SystemBuffer;
//ULONG EaLength = IrpSp->Parameters.Create.EaLength;
ULONG Flags = IrpSp->Flags;
KPROCESSOR_MODE RequestorMode =
FlagOn(Flags, SL_FORCE_ACCESS_CHECK) ? UserMode : Irp->RequestorMode;
BOOLEAN HasTraversePrivilege =
BooleanFlagOn(AccessState->Flags, TOKEN_HAS_TRAVERSE_PRIVILEGE);
BOOLEAN IsAbsoluteSecurityDescriptor = FALSE;
BOOLEAN IsSelfRelativeSecurityDescriptor = FALSE;
BOOLEAN HasTrailingBackslash = FALSE;
FSP_FILE_CONTEXT *FsContext = 0;
FSP_FSCTL_TRANSACT_REQ *Request;
/* cannot open the volume object */
if (0 == RelatedFileObject && 0 == FileName.Length)
{
Result = RtlAbsoluteToSelfRelativeSD(SecurityDescriptor, 0, &SecurityDescriptorSize);
if (STATUS_BUFFER_TOO_SMALL != Result)
return STATUS_INVALID_PARAMETER;
Result = STATUS_ACCESS_DENIED; /* need error code like POSIX EPERM (STATUS_NOT_SUPPORTED?) */
goto exit;
}
/* cannot open a paging file */
if (FlagOn(Flags, SL_OPEN_PAGING_FILE))
{
Result = STATUS_ACCESS_DENIED;
goto exit;
}
/* cannot open files by fileid */
if (FlagOn(CreateOptions, FILE_OPEN_BY_FILE_ID))
{
Result = STATUS_NOT_IMPLEMENTED;
goto exit;
}
/* do we support EA? */
if (0 != EaBuffer && !FsvrtDeviceExtension->VolumeParams.EaSupported)
{
Result = STATUS_EAS_NOT_SUPPORTED;
goto exit;
}
/* check security descriptor validity */
if (0 != SecurityDescriptor)
{
IsAbsoluteSecurityDescriptor = RtlValidSecurityDescriptor(SecurityDescriptor);
if (IsAbsoluteSecurityDescriptor)
{
Result = RtlAbsoluteToSelfRelativeSD(SecurityDescriptor, 0, &SecurityDescriptorSize);
if (STATUS_BUFFER_TOO_SMALL != Result)
{
Result = STATUS_INVALID_PARAMETER;
goto exit;
}
}
else
{
SecurityDescriptorSize = RtlLengthSecurityDescriptor(SecurityDescriptor);
IsSelfRelativeSecurityDescriptor = RtlValidRelativeSecurityDescriptor(
SecurityDescriptor, SecurityDescriptorSize, 0);
if (!IsSelfRelativeSecurityDescriptor)
{
Result = STATUS_INVALID_PARAMETER;
goto exit;
}
}
}
/* according to fastfat, filenames that begin with two backslashes are ok */
if (sizeof(WCHAR) * 2 <= FileName.Length &&
L'\\' == FileName.Buffer[1] && L'\\' == FileName.Buffer[0])
{
FileName.Length -= sizeof(WCHAR);
FileName.MaximumLength -= sizeof(WCHAR);
FileName.Buffer++;
if (sizeof(WCHAR) * 2 <= FileName.Length &&
L'\\' == FileName.Buffer[1] && L'\\' == FileName.Buffer[0])
{
Result = STATUS_OBJECT_NAME_INVALID;
goto exit;
}
}
/* check for trailing backslash */
if (sizeof(WCHAR) * 2/* not empty or root */ <= FileName.Length &&
L'\\' == FileName.Buffer[FileName.Length / 2 - 1])
{
FileName.Length -= sizeof(WCHAR);
HasTrailingBackslash = TRUE;
if (sizeof(WCHAR) * 2 <= FileName.Length && L'\\' == FileName.Buffer[FileName.Length / 2 - 1])
{
Result = STATUS_OBJECT_NAME_INVALID;
goto exit;
}
}
/* is this a relative or absolute open? */
if (0 != RelatedFileObject)
{
/* must be a relative path */
if (sizeof(WCHAR) <= FileName.Length && L'\\' == FileName.Buffer[0])
{
Result = STATUS_OBJECT_NAME_INVALID;
goto exit;
}
FSP_FILE_CONTEXT *RelatedFsContext = RelatedFileObject->FsContext;
ASSERT(0 != RelatedFsContext);
/*
* There is no need to lock our accesses of RelatedFileObject->FsContext->FileName,
* because RelatedFileObject->FsContext->Filename is read-only (after creation) and
* because RelatedFileObject->FsContext is guaranteed to exist while RelatedFileObject
* exists.
*/
BOOLEAN AppendBackslash =
sizeof(WCHAR) * 2/* not empty or root */ <= RelatedFsContext->FileName.Length &&
sizeof(WCHAR) <= FileName.Length && L':' != FileName.Buffer[0];
Result = FspFileContextCreate(
RelatedFsContext->FileName.Length + AppendBackslash * sizeof(WCHAR) + FileName.Length,
&FsContext);
if (!NT_SUCCESS(Result))
goto exit;
Result = RtlAppendUnicodeStringToString(&FsContext->FileName, &RelatedFsContext->FileName);
ASSERT(NT_SUCCESS(Result));
if (AppendBackslash)
{
Result = RtlAppendUnicodeToString(&FsContext->FileName, L"\\");
ASSERT(NT_SUCCESS(Result));
}
}
else
{
SecurityDescriptorSize = RtlLengthSecurityDescriptor(SecurityDescriptor);
IsSelfRelativeSecurityDescriptor = RtlValidRelativeSecurityDescriptor(
SecurityDescriptor, SecurityDescriptorSize, 0);
if (!IsSelfRelativeSecurityDescriptor)
return STATUS_INVALID_PARAMETER;
/* must be an absolute path */
if (sizeof(WCHAR) <= FileName.Length && L'\\' != FileName.Buffer[0])
{
Result = STATUS_OBJECT_NAME_INVALID;
goto exit;
}
Result = FspFileContextCreate(
FileName.Length,
&FsContext);
if (!NT_SUCCESS(Result))
goto exit;
}
}
/* according to fastfat, filenames that begin with two backslashes are ok */
if (sizeof(WCHAR) * 2 <= FileName.Length &&
L'\\' == FileName.Buffer[1] && L'\\' == FileName.Buffer[0])
{
FileName.Length -= sizeof(WCHAR);
FileName.MaximumLength -= sizeof(WCHAR);
FileName.Buffer++;
if (sizeof(WCHAR) * 2 <= FileName.Length &&
L'\\' == FileName.Buffer[1] && L'\\' == FileName.Buffer[0])
return STATUS_OBJECT_NAME_INVALID;
}
/* check for trailing backslash */
if (sizeof(WCHAR) * 2/* not empty or root */ <= FileName.Length &&
L'\\' == FileName.Buffer[FileName.Length / 2 - 1])
{
FileName.Length -= sizeof(WCHAR);
HasTrailingBackslash = TRUE;
if (sizeof(WCHAR) * 2 <= FileName.Length && L'\\' == FileName.Buffer[FileName.Length / 2 - 1])
return STATUS_OBJECT_NAME_INVALID;
}
/* is this a relative or absolute open? */
if (0 != RelatedFileObject)
{
/* must be a relative path */
if (sizeof(WCHAR) <= FileName.Length && L'\\' == FileName.Buffer[0])
return STATUS_OBJECT_NAME_INVALID;
FSP_FILE_CONTEXT *RelatedFsContext = RelatedFileObject->FsContext;
ASSERT(0 != RelatedFsContext);
Result = RtlAppendUnicodeStringToString(&FsContext->FileName, &FileName);
ASSERT(NT_SUCCESS(Result));
/*
* There is no need to lock our accesses of RelatedFileObject->FsContext->FileName,
* because RelatedFileObject->FsContext->Filename is read-only (after creation) and
* because RelatedFileObject->FsContext is guaranteed to exist while RelatedFileObject
* exists.
* From this point forward we MUST remember to delete the FsContext on error.
*/
BOOLEAN AppendBackslash =
sizeof(WCHAR) * 2/* not empty or root */ <= RelatedFsContext->FileName.Length &&
sizeof(WCHAR) <= FileName.Length && L':' != FileName.Buffer[0];
Result = FspFileContextCreate(
RelatedFsContext->FileName.Length + AppendBackslash * sizeof(WCHAR) + FileName.Length,
&FsContext);
if (!NT_SUCCESS(Result))
return Result;
Result = RtlAppendUnicodeStringToString(&FsContext->FileName, &RelatedFsContext->FileName);
ASSERT(NT_SUCCESS(Result));
if (AppendBackslash)
{
Result = RtlAppendUnicodeToString(&FsContext->FileName, L"\\");
ASSERT(NT_SUCCESS(Result));
}
}
else
{
/* must be an absolute path */
if (sizeof(WCHAR) <= FileName.Length && L'\\' != FileName.Buffer[0])
return STATUS_OBJECT_NAME_INVALID;
Result = FspFileContextCreate(
FileName.Length,
&FsContext);
if (!NT_SUCCESS(Result))
return Result;
}
Result = RtlAppendUnicodeStringToString(&FsContext->FileName, &FileName);
ASSERT(NT_SUCCESS(Result));
/*
* From this point forward we MUST remember to delete the FsContext on error.
*/
/* create the user-mode file system request */
Result = FspIopCreateRequest(Irp, &FsContext->FileName, SecurityDescriptorSize, &Request);
if (!NT_SUCCESS(Result))
{
FspFileContextDelete(FsContext);
return Result;
}
/* populate the Create request */
Request->Kind = FspFsctlTransactCreateKind;
Request->Req.Create.CreateDisposition = CreateDisposition;
Request->Req.Create.CreateOptions = CreateOptions;
Request->Req.Create.FileAttributes = FileAttributes;
Request->Req.Create.SecurityDescriptor = 0 == SecurityDescriptor ? 0 :
FSP_FSCTL_DEFAULT_ALIGN_UP(FsContext->FileName.Length + sizeof(WCHAR));
Request->Req.Create.SecurityDescriptorSize = (UINT16)SecurityDescriptorSize;
Request->Req.Create.AllocationSize = AllocationSize.QuadPart;
Request->Req.Create.AccessToken = 0;
Request->Req.Create.DesiredAccess = DesiredAccess;
Request->Req.Create.ShareAccess = ShareAccess;
Request->Req.Create.Ea = 0;
Request->Req.Create.EaSize = 0;
Request->Req.Create.UserMode = UserMode == RequestorMode;
Request->Req.Create.HasTraversePrivilege = HasTraversePrivilege;
Request->Req.Create.OpenTargetDirectory = BooleanFlagOn(Flags, SL_OPEN_TARGET_DIRECTORY);
Request->Req.Create.CaseSensitive = BooleanFlagOn(Flags, SL_CASE_SENSITIVE);
/* copy the security descriptor into the request */
if (IsAbsoluteSecurityDescriptor)
{
Result = RtlAbsoluteToSelfRelativeSD(SecurityDescriptor, 0, &SecurityDescriptorSize);
/* create the user-mode file system request */
Result = FspIopCreateRequest(Irp, &FsContext->FileName, SecurityDescriptorSize, &Request);
if (!NT_SUCCESS(Result))
{
FspFileContextDelete(FsContext);
if (STATUS_BAD_DESCRIPTOR_FORMAT == Result || STATUS_BUFFER_TOO_SMALL == Result)
return STATUS_INVALID_PARAMETER; /* should not happen */
return Result;
goto exit;
}
}
else
RtlCopyMemory(Request->Buffer + Request->Req.Create.SecurityDescriptor,
SecurityDescriptor, SecurityDescriptorSize);
/* if the user-mode file system is doing access checks, send it the access token */
if (FsvrtDeviceExtension->VolumeParams.NoSystemAccessCheck)
{
Result = ObOpenObjectByPointer(
SeQuerySubjectContextToken(&AccessState->SubjectSecurityContext),
OBJ_KERNEL_HANDLE, 0, TOKEN_QUERY, 0, KernelMode, &AccessToken);
if (!NT_SUCCESS(Result))
/* populate the Create request */
Request->Kind = FspFsctlTransactCreateKind;
Request->Req.Create.CreateDisposition = CreateDisposition;
Request->Req.Create.CreateOptions = CreateOptions;
Request->Req.Create.FileAttributes = FileAttributes;
Request->Req.Create.SecurityDescriptor = 0 == SecurityDescriptor ? 0 :
FSP_FSCTL_DEFAULT_ALIGN_UP(FsContext->FileName.Length + sizeof(WCHAR));
Request->Req.Create.SecurityDescriptorSize = (UINT16)SecurityDescriptorSize;
Request->Req.Create.AllocationSize = AllocationSize.QuadPart;
Request->Req.Create.AccessToken = 0;
Request->Req.Create.DesiredAccess = DesiredAccess;
Request->Req.Create.ShareAccess = ShareAccess;
Request->Req.Create.Ea = 0;
Request->Req.Create.EaSize = 0;
Request->Req.Create.UserMode = UserMode == RequestorMode;
Request->Req.Create.HasTraversePrivilege = HasTraversePrivilege;
Request->Req.Create.OpenTargetDirectory = BooleanFlagOn(Flags, SL_OPEN_TARGET_DIRECTORY);
Request->Req.Create.CaseSensitive = BooleanFlagOn(Flags, SL_CASE_SENSITIVE);
/* copy the security descriptor into the request */
if (IsAbsoluteSecurityDescriptor)
{
FspFileContextDelete(FsContext);
return Result;
Result = RtlAbsoluteToSelfRelativeSD(SecurityDescriptor, 0, &SecurityDescriptorSize);
if (!NT_SUCCESS(Result))
{
FspFileContextDelete(FsContext);
if (STATUS_BAD_DESCRIPTOR_FORMAT == Result || STATUS_BUFFER_TOO_SMALL == Result)
return STATUS_INVALID_PARAMETER; /* should not happen */
goto exit;
}
}
else
RtlCopyMemory(Request->Buffer + Request->Req.Create.SecurityDescriptor,
SecurityDescriptor, SecurityDescriptorSize);
/* if the user-mode file system is doing access checks, send it the access token */
if (FsvrtDeviceExtension->VolumeParams.NoSystemAccessCheck)
{
Result = ObOpenObjectByPointer(
SeQuerySubjectContextToken(&AccessState->SubjectSecurityContext),
OBJ_KERNEL_HANDLE, 0, TOKEN_QUERY, 0, KernelMode, &AccessToken);
if (!NT_SUCCESS(Result))
{
FspFileContextDelete(FsContext);
goto exit;
}
/* send the kernel handle and change it into a process handle at prepare time */
Request->Req.Create.AccessToken = (UINT_PTR)AccessToken;
}
/* send the kernel handle and change it into a process handle at prepare time */
Request->Req.Create.AccessToken = (UINT_PTR)AccessToken;
}
/*
* Post the IRP to our Ioq; we do this here instead of at FSP_LEAVE_MJ time,
* so that we can FspFileContextDelete() on failure.
*/
if (!FspIoqPostIrp(&FsvrtDeviceExtension->Ioq, Irp))
{
/* this can only happen if the Ioq was stopped */
ASSERT(FspIoqStopped(&FsvrtDeviceExtension->Ioq));
FspFileContextDelete(FsContext);
Result = STATUS_CANCELLED;
goto exit;
}
/*
* Post the IRP to our Ioq; we do this here instead of at FSP_LEAVE_MJ time,
* so that we can FspFileContextDelete() on failure.
*/
if (!FspIoqPostIrp(&FsvrtDeviceExtension->Ioq, Irp))
exit:;
}
finally
{
/* this can only happen if the Ioq was stopped */
ASSERT(FspIoqStopped(&FsvrtDeviceExtension->Ioq));
FspFileContextDelete(FsContext);
return STATUS_CANCELLED;
FspDeviceRelease(FsvrtDeviceObject);
}
return STATUS_PENDING;