Public/winfsp
1
0
Fork 0
mirror of https://github.com/winfsp/winfsp.git synced 2025-06-14 15:52:47 -05:00
Code Issues Packages Projects Releases Wiki Activity

sys: IoCreateDeviceSecure: tighten down who can open the device

Browse Source
This commit is contained in:
Bill Zissimopoulos
2015-11-21 16:37:46 -08:00
parent d6d98384f2
commit 7dda01ef48
5 changed files with 33 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/sys/driver.c
View File

@ -22,16 +22,20 @@ DriverEntry(
FSP_ENTER();
/* create the file system control device objects */
UNICODE_STRING DeviceSddl;
UNICODE_STRING DeviceName;
RtlInitUnicodeString(&DeviceSddl, L"" DRIVER_SDDL);
RtlInitUnicodeString(&DeviceName, L"\\Device\\" FSP_FSCTL_DISK_DEVICE_NAME);
Result = IoCreateDevice(DriverObject,
Result = IoCreateDeviceSecure(DriverObject,
sizeof(FSP_FSCTL_DEVICE_EXTENSION), &DeviceName, FILE_DEVICE_DISK_FILE_SYSTEM, 0, FALSE,
&DeviceSddl, &FspDeviceClassGuid,
&FspFsctlDiskDeviceObject);
if (!NT_SUCCESS(Result))
FSP_RETURN();
RtlInitUnicodeString(&DeviceName, L"\\Device\\" FSP_FSCTL_NET_DEVICE_NAME);
Result = IoCreateDevice(DriverObject,
Result = IoCreateDeviceSecure(DriverObject,
sizeof(FSP_FSCTL_DEVICE_EXTENSION), &DeviceName, FILE_DEVICE_NETWORK_FILE_SYSTEM, 0, FALSE,
&DeviceSddl, &FspDeviceClassGuid,
&FspFsctlNetDeviceObject);
if (!NT_SUCCESS(Result))
FSP_RETURN(IoDeleteDevice(FspFsctlDiskDeviceObject));

5
src/sys/driver.h
View File

@ -8,9 +8,12 @@
#define WINFSP_SYS_DRIVER_H_INCLUDED
#include <ntifs.h>
#include <fsctl.h>
#include <wdmsec.h>
#include <winfsp/fsctl.h>
#define DRIVER_NAME "WinFsp"
#define DRIVER_SDDL "D:P(A;;GA;;;SY)(A;;GA;;;BA)"
/* system and builtin administrators have full access */
/* DEBUGLOG */
#if DBG