Public/winfsp
1
0
Fork 0
mirror of https://github.com/winfsp/winfsp.git synced 2025-04-23 00:43:00 -05:00
Code Issues Packages Projects Releases Wiki Activity

dll: WIP

Browse Source
This commit is contained in:
Bill Zissimopoulos 2016-01-03 20:39:16 -08:00
parent c1f317c348
commit 7146fe8b47
2 changed files with 24 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
inc/winfsp/winfsp.h
View File

@ -46,14 +46,9 @@ typedef struct _FSP_FILE_SYSTEM_INTERFACE
{ {
NTSTATUS (*AccessCheck)(FSP_FILE_SYSTEM *FileSystem, NTSTATUS (*AccessCheck)(FSP_FILE_SYSTEM *FileSystem,
FSP_FSCTL_TRANSACT_REQ *Request, DWORD DesiredAccess, PDWORD PGrantedAccess); FSP_FSCTL_TRANSACT_REQ *Request, DWORD DesiredAccess, PDWORD PGrantedAccess);
NTSTATUS (*GetAttributes)(FSP_FILE_SYSTEM *FileSystem,
PWSTR FileName, PDWORD PAttributes);
NTSTATUS (*SetAttributes)(FSP_FILE_SYSTEM *FileSystem,
PWSTR FileName, DWORD Attributes);
NTSTATUS (*GetSecurity)(FSP_FILE_SYSTEM *FileSystem, NTSTATUS (*GetSecurity)(FSP_FILE_SYSTEM *FileSystem,
PWSTR FileName, PSECURITY_DESCRIPTOR SecurityDescriptor, SIZE_T *PSecurityDescriptorSize); PWSTR FileName, PDWORD PFileAttributes,
NTSTATUS (*SetSecurity)(FSP_FILE_SYSTEM *FileSystem, PSECURITY_DESCRIPTOR SecurityDescriptor, SIZE_T *PSecurityDescriptorSize);
PWSTR FileName, PSECURITY_DESCRIPTOR SecurityDescriptor, SIZE_T SecurityDescriptorSize);
NTSTATUS (*FileCreate)(FSP_FILE_SYSTEM *FileSystem, NTSTATUS (*FileCreate)(FSP_FILE_SYSTEM *FileSystem,
FSP_FSCTL_TRANSACT_REQ *Request, FSP_FILE_NODE **PFileNode); FSP_FSCTL_TRANSACT_REQ *Request, FSP_FILE_NODE **PFileNode);
NTSTATUS (*FileOpen)(FSP_FILE_SYSTEM *FileSystem, NTSTATUS (*FileOpen)(FSP_FILE_SYSTEM *FileSystem,

27
src/dll/access.c
View File

@ -19,13 +19,14 @@ FSP_API PGENERIC_MAPPING FspGetFileGenericMapping(VOID)
return &FspFileGenericMapping; return &FspFileGenericMapping;
} }
static NTSTATUS FspGetFileSecurityDescriptor(FSP_FILE_SYSTEM *FileSystem, static NTSTATUS FspGetSecurity(FSP_FILE_SYSTEM *FileSystem,
PWSTR FileName, PSECURITY_DESCRIPTOR *PSecurityDescriptor, SIZE_T *PSecurityDescriptorSize) PWSTR FileName, PDWORD PFileAttributes,
PSECURITY_DESCRIPTOR *PSecurityDescriptor, SIZE_T *PSecurityDescriptorSize)
{ {
for (;;) for (;;)
{ {
NTSTATUS Result = FileSystem->Interface->GetSecurity(FileSystem, NTSTATUS Result = FileSystem->Interface->GetSecurity(FileSystem,
FileName, *PSecurityDescriptor, PSecurityDescriptorSize); FileName, PFileAttributes, *PSecurityDescriptor, PSecurityDescriptorSize);
if (STATUS_BUFFER_OVERFLOW != Result) if (STATUS_BUFFER_OVERFLOW != Result)
return Result; return Result;
@ -50,6 +51,7 @@ FSP_API NTSTATUS FspAccessCheck(FSP_FILE_SYSTEM *FileSystem,
} }
NTSTATUS Result; NTSTATUS Result;
DWORD FileAttributes;
PSECURITY_DESCRIPTOR SecurityDescriptor = 0; PSECURITY_DESCRIPTOR SecurityDescriptor = 0;
SIZE_T SecurityDescriptorSize; SIZE_T SecurityDescriptorSize;
DWORD PrivilegeSetLength; DWORD PrivilegeSetLength;
@ -80,7 +82,7 @@ FSP_API NTSTATUS FspAccessCheck(FSP_FILE_SYSTEM *FileSystem,
} }
Prefix = L'\0' == Prefix[0] ? L"\\" : (PWSTR)Request->Buffer; Prefix = L'\0' == Prefix[0] ? L"\\" : (PWSTR)Request->Buffer;
Result = FspGetFileSecurityDescriptor(FileSystem, Prefix, Result = FspGetSecurity(FileSystem, Prefix, &FileAttributes,
&SecurityDescriptor, &SecurityDescriptorSize); &SecurityDescriptor, &SecurityDescriptorSize);
FspPathCombine((PWSTR)Request->Buffer, Path); FspPathCombine((PWSTR)Request->Buffer, Path);
@ -103,11 +105,26 @@ FSP_API NTSTATUS FspAccessCheck(FSP_FILE_SYSTEM *FileSystem,
} }
} }
Result = FspGetFileSecurityDescriptor(FileSystem, (PWSTR)Request->Buffer, Result = FspGetSecurity(FileSystem, (PWSTR)Request->Buffer, &FileAttributes,
&SecurityDescriptor, &SecurityDescriptorSize); &SecurityDescriptor, &SecurityDescriptorSize);
if (!NT_SUCCESS(Result)) if (!NT_SUCCESS(Result))
goto exit; goto exit;
if (0 != (FileAttributes && FILE_ATTRIBUTE_READONLY))
{
if (DesiredAccess &
(FILE_WRITE_DATA | FILE_APPEND_DATA | FILE_ADD_SUBDIRECTORY | FILE_DELETE_CHILD))
{
Result = STATUS_ACCESS_DENIED;
goto exit;
}
if (Request->Req.Create.CreateOptions & FILE_DELETE_ON_CLOSE)
{
Result = STATUS_CANNOT_DELETE;
goto exit;
}
}
if (AccessCheck(SecurityDescriptor, (HANDLE)Request->Req.Create.AccessToken, DesiredAccess, if (AccessCheck(SecurityDescriptor, (HANDLE)Request->Req.Create.AccessToken, DesiredAccess,
&FspFileGenericMapping, 0, &PrivilegeSetLength, PGrantedAccess, &AccessStatus)) &FspFileGenericMapping, 0, &PrivilegeSetLength, PGrantedAccess, &AccessStatus))
Result = AccessStatus ? STATUS_SUCCESS : STATUS_ACCESS_DENIED; Result = AccessStatus ? STATUS_SUCCESS : STATUS_ACCESS_DENIED;