Public/winfsp
1
0
Fork 0
mirror of https://github.com/winfsp/winfsp.git synced 2025-04-22 16:33:02 -05:00
Code Issues Packages Projects Releases Wiki Activity

sys: IRP_MJ_CREATE

Browse Source
This commit is contained in:
Bill Zissimopoulos 2015-12-05 01:13:23 -08:00
parent 9888d24854
commit a0e90dc6fb
1 changed files with 32 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
src/sys/create.c
View File

@ -362,8 +362,39 @@ VOID FspFsvolCreateComplete(
FspFsvrtDeviceExtension(FsvolDeviceExtension->FsvrtDeviceObject);
/* are we doing access checks? */
if (FsvrtDeviceExtension->VolumeParams.NoSystemAccessCheck)
if (FsvrtDeviceExtension->VolumeParams.NoSystemAccessCheck &&
0 != Response->Rsp.Create.SecurityDescriptorSize)
{
PSECURITY_DESCRIPTOR SecurityDescriptor =
(PVOID)(Response->Buffer + Response->Rsp.Create.SecurityDescriptor);
if ((PUINT8)SecurityDescriptor + Response->Rsp.Create.SecurityDescriptorSize >
(PUINT8)Response + Response->Size ||
!FspValidRelativeSecurityDescriptor(
SecurityDescriptor, Response->Rsp.Create.SecurityDescriptorSize, 0))
{
FspFsvolCreateClose(Irp, Response);
FSP_RETURN(Result = STATUS_ACCESS_DENIED);
}
ULONG Flags = IrpSp->Flags;
KPROCESSOR_MODE RequestorMode =
FlagOn(Flags, SL_FORCE_ACCESS_CHECK) ? UserMode : Irp->RequestorMode;
PACCESS_STATE AccessState = IrpSp->Parameters.Create.SecurityContext->AccessState;
ACCESS_MASK GrantedAccess;
if (!SeAccessCheck(SecurityDescriptor,
&AccessState->SubjectSecurityContext,
FALSE,
AccessState->OriginalDesiredAccess,
AccessState->PreviouslyGrantedAccess,
0,
IoGetFileObjectGenericMapping(),
RequestorMode,
&GrantedAccess,
&Result))
{
FspFsvolCreateClose(Irp, Response);
FSP_RETURN();
}
}
/* record the user-mode file system contexts */