Public/winfsp
1
0
Fork 0
mirror of https://github.com/winfsp/winfsp.git synced 2025-04-24 17:32:29 -05:00
Code Issues Packages Projects Releases Wiki Activity

sys: IRP_MJ_CREATE

Browse Source
This commit is contained in:
Bill Zissimopoulos 2015-12-03 21:25:18 -08:00
parent b8d4cde102
commit 8c3f912e05
2 changed files with 20 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
inc/winfsp/fsctl.h
View File

@ -75,7 +75,7 @@ typedef struct
UINT32 SerialNumber;
UINT32 EaSupported:1; /* supports extended attributes (unimplemented; set to 0) */
UINT32 FileNameRequired:1; /* FileName required for all operations (not just Create) */
UINT32 NoAccessCheck:1; /* if set the user-mode flie system performs access checks */
UINT32 NoSystemAccessCheck:1; /* if set the user-mode flie system performs access checks */
} FSP_FSCTL_VOLUME_PARAMS;
typedef struct
{

19
src/sys/create.c
View File

@ -63,6 +63,7 @@ static NTSTATUS FspFsvolCreate(
PSECURITY_DESCRIPTOR SecurityDescriptor = AccessState->SecurityDescriptor;
ULONG SecurityDescriptorSize = 0;
LARGE_INTEGER AllocationSize = Irp->Overlay.AllocationSize;
HANDLE AccessToken;
ACCESS_MASK DesiredAccess = IrpSp->Parameters.Create.SecurityContext->DesiredAccess;
USHORT ShareAccess = IrpSp->Parameters.Create.ShareAccess;
PFILE_FULL_EA_INFORMATION EaBuffer = Irp->AssociatedIrp.SystemBuffer;
@ -215,6 +216,8 @@ static NTSTATUS FspFsvolCreate(
Request->Req.Create.HasTraversePrivilege = HasTraversePrivilege;
Request->Req.Create.OpenTargetDirectory = BooleanFlagOn(Flags, SL_OPEN_TARGET_DIRECTORY);
Request->Req.Create.CaseSensitive = BooleanFlagOn(Flags, SL_CASE_SENSITIVE);
/* copy the security descriptor into the request */
if (IsAbsoluteSecurityDescriptor)
{
Result = RtlAbsoluteToSelfRelativeSD(SecurityDescriptor, 0, &SecurityDescriptorSize);
@ -230,6 +233,22 @@ static NTSTATUS FspFsvolCreate(
RtlCopyMemory(Request->Buffer + Request->Req.Create.SecurityDescriptor,
SecurityDescriptor, SecurityDescriptorSize);
/* if the user-mode file system is doing access checks, send it the access token */
if (FsvrtDeviceExtension->VolumeParams.NoSystemAccessCheck)
{
Result = ObOpenObjectByPointer(
SeQuerySubjectContextToken(&AccessState->SubjectSecurityContext),
OBJ_KERNEL_HANDLE, 0, TOKEN_QUERY, 0, KernelMode, &AccessToken);
if (!NT_SUCCESS(Result))
{
FspFileContextDelete(FsContext);
return Result;
}
/* send the kernel handle and change it into a process handle at prepare time */
Request->Req.Create.AccessToken = (UINT_PTR)AccessToken;
}
/*
* Post the IRP to our Ioq; we do this here instead of at FSP_LEAVE_MJ time,
* so that we can FspFileContextDelete() on failure.