Public/winfsp
1
0
Fork 0
mirror of https://github.com/winfsp/winfsp.git synced 2025-04-22 16:33:02 -05:00
Code Issues Packages Projects Releases Wiki Activity

sys: FspFsvolCreatePrepare: send impersonation token to user-mode

Browse Source
This commit is contained in:
Bill Zissimopoulos 2016-01-15 15:04:49 -08:00
parent c933e81b5f
commit 73ca6b30dc
1 changed files with 24 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
src/sys/create.c
View File

@ -323,7 +323,9 @@ NTSTATUS FspFsvolCreatePrepare(
NTSTATUS Result; NTSTATUS Result;
BOOLEAN Success; BOOLEAN Success;
PIO_STACK_LOCATION IrpSp = IoGetCurrentIrpStackLocation(Irp); PIO_STACK_LOCATION IrpSp = IoGetCurrentIrpStackLocation(Irp);
PACCESS_STATE AccessState; PSECURITY_SUBJECT_CONTEXT SecuritySubjectContext;
SECURITY_QUALITY_OF_SERVICE SecurityQualityOfService;
SECURITY_CLIENT_CONTEXT SecurityClientContext;
HANDLE UserModeAccessToken; HANDLE UserModeAccessToken;
PEPROCESS Process; PEPROCESS Process;
FSP_FILE_CONTEXT *FsContext; FSP_FILE_CONTEXT *FsContext;
@ -331,15 +333,31 @@ NTSTATUS FspFsvolCreatePrepare(
if (FspFsctlTransactCreateKind == Request->Kind) if (FspFsctlTransactCreateKind == Request->Kind)
{ {
AccessState = IrpSp->Parameters.Create.SecurityContext->AccessState; SecuritySubjectContext = &IrpSp->Parameters.Create.SecurityContext->
AccessState->SubjectSecurityContext;
/* get a user-mode handle to the access token */ /* duplicate the subject context access token into an impersonation token */
Result = ObOpenObjectByPointer(SeQuerySubjectContextToken(&AccessState->SubjectSecurityContext), SecurityQualityOfService.Length = sizeof SecurityQualityOfService;
0, 0, TOKEN_QUERY, *SeTokenObjectType, UserMode, &UserModeAccessToken); SecurityQualityOfService.ImpersonationLevel = SecurityIdentification;
SecurityQualityOfService.ContextTrackingMode = SECURITY_STATIC_TRACKING;
SecurityQualityOfService.EffectiveOnly = FALSE;
SeLockSubjectContext(SecuritySubjectContext);
Result = SeCreateClientSecurityFromSubjectContext(SecuritySubjectContext,
&SecurityQualityOfService, FALSE, &SecurityClientContext);
SeUnlockSubjectContext(SecuritySubjectContext);
if (!NT_SUCCESS(Result)) if (!NT_SUCCESS(Result))
return Result; return Result;
/* get a pointer to the current process so that we can close the access token later */ ASSERT(TokenImpersonation == SeTokenType(SecurityClientContext.ClientToken));
/* get a user-mode handle to the impersonation token */
Result = ObOpenObjectByPointer(SecurityClientContext.ClientToken,
0, 0, TOKEN_QUERY, *SeTokenObjectType, UserMode, &UserModeAccessToken);
SeDeleteClientSecurity(&SecurityClientContext);
if (!NT_SUCCESS(Result))
return Result;
/* get a pointer to the current process so that we can close the impersonation token later */
Process = PsGetCurrentProcess(); Process = PsGetCurrentProcess();
ObReferenceObject(Process); ObReferenceObject(Process);