From cada7823402555d8ea836bcf64766e5f20117097 Mon Sep 17 00:00:00 2001 From: Bill Zissimopoulos Date: Mon, 4 Jan 2016 00:10:04 -0800 Subject: [PATCH] dll: WIP --- inc/winfsp/winfsp.h | 10 +++++----- src/dll/access.c | 19 ++++++++++++++++--- src/dll/create.c | 24 ++++++++---------------- 3 files changed, 29 insertions(+), 24 deletions(-) diff --git a/inc/winfsp/winfsp.h b/inc/winfsp/winfsp.h index 5ce0ce97..a7895f91 100644 --- a/inc/winfsp/winfsp.h +++ b/inc/winfsp/winfsp.h @@ -45,8 +45,8 @@ typedef NTSTATUS FSP_FILE_SYSTEM_OPERATION(FSP_FILE_SYSTEM *, FSP_FSCTL_TRANSACT typedef struct _FSP_FILE_SYSTEM_INTERFACE { NTSTATUS (*AccessCheck)(FSP_FILE_SYSTEM *FileSystem, - FSP_FSCTL_TRANSACT_REQ *Request, BOOLEAN AllowTraverseCheck, DWORD DesiredAccess, - PDWORD PGrantedAccess); + FSP_FSCTL_TRANSACT_REQ *Request, BOOLEAN CheckParentDirectory, BOOLEAN AllowTraverseCheck, + DWORD DesiredAccess, PDWORD PGrantedAccess); NTSTATUS (*GetSecurity)(FSP_FILE_SYSTEM *FileSystem, PWSTR FileName, PDWORD PFileAttributes, PSECURITY_DESCRIPTOR SecurityDescriptor, SIZE_T *PSecurityDescriptorSize); @@ -56,7 +56,7 @@ typedef struct _FSP_FILE_SYSTEM_INTERFACE FSP_FSCTL_TRANSACT_REQ *Request, FSP_FILE_NODE **PFileNode); NTSTATUS (*FileOverwrite)(FSP_FILE_SYSTEM *FileSystem, FSP_FSCTL_TRANSACT_REQ *Request, BOOLEAN Supersede, FSP_FILE_NODE **PFileNode); - NTSTATUS (*FileOpenTargetDirectory)(FSP_FILE_SYSTEM *FileSystem, + NTSTATUS (*FileOpenParentDirectory)(FSP_FILE_SYSTEM *FileSystem, FSP_FSCTL_TRANSACT_REQ *Request, FSP_FILE_NODE **PFileNode, PBOOLEAN PFileExists); NTSTATUS (*FileClose)(FSP_FILE_SYSTEM *FileSystem, FSP_FSCTL_TRANSACT_REQ *Request, FSP_FILE_NODE *FileNode); @@ -154,8 +154,8 @@ FSP_API NTSTATUS FspFileSystemOpCreateSendSuccessResponse(FSP_FILE_SYSTEM *FileS */ FSP_API PGENERIC_MAPPING FspGetFileGenericMapping(VOID); FSP_API NTSTATUS FspAccessCheck(FSP_FILE_SYSTEM *FileSystem, - FSP_FSCTL_TRANSACT_REQ *Request, BOOLEAN AllowTraverseCheck, DWORD DesiredAccess, - PDWORD PGrantedAccess); + FSP_FSCTL_TRANSACT_REQ *Request, BOOLEAN CheckParentDirectory, BOOLEAN AllowTraverseCheck, + DWORD DesiredAccess, PDWORD PGrantedAccess); FSP_API NTSTATUS FspShareCheck(FSP_FILE_SYSTEM *FileSystem, DWORD GrantedAccess, DWORD ShareAccess, FSP_FILE_NODE *FileNode); diff --git a/src/dll/access.c b/src/dll/access.c index e86f6c64..0a566d6f 100644 --- a/src/dll/access.c +++ b/src/dll/access.c @@ -38,12 +38,12 @@ static NTSTATUS FspGetSecurity(FSP_FILE_SYSTEM *FileSystem, } FSP_API NTSTATUS FspAccessCheck(FSP_FILE_SYSTEM *FileSystem, - FSP_FSCTL_TRANSACT_REQ *Request, BOOLEAN AllowTraverseCheck, DWORD DesiredAccess, - PDWORD PGrantedAccess) + FSP_FSCTL_TRANSACT_REQ *Request, BOOLEAN CheckParentDirectory, BOOLEAN AllowTraverseCheck, + DWORD DesiredAccess, PDWORD PGrantedAccess) { if (0 != FileSystem->Interface->AccessCheck) return FileSystem->Interface->AccessCheck(FileSystem, - Request, AllowTraverseCheck, DesiredAccess, PGrantedAccess); + Request, CheckParentDirectory, AllowTraverseCheck, DesiredAccess, PGrantedAccess); if (0 == FileSystem->Interface->GetSecurity) { @@ -52,6 +52,7 @@ FSP_API NTSTATUS FspAccessCheck(FSP_FILE_SYSTEM *FileSystem, } NTSTATUS Result; + PWSTR Parent, Suffix; DWORD FileAttributes; PSECURITY_DESCRIPTOR SecurityDescriptor = 0; SIZE_T SecurityDescriptorSize; @@ -60,6 +61,9 @@ FSP_API NTSTATUS FspAccessCheck(FSP_FILE_SYSTEM *FileSystem, *PGrantedAccess = 0; + if (CheckParentDirectory) + FspPathSuffix((PWSTR)Request->Buffer, &Parent, &Suffix); + SecurityDescriptorSize = 1024; SecurityDescriptor = MemAlloc(SecurityDescriptorSize); if (0 == SecurityDescriptor) @@ -111,6 +115,12 @@ FSP_API NTSTATUS FspAccessCheck(FSP_FILE_SYSTEM *FileSystem, if (!NT_SUCCESS(Result)) goto exit; + if (CheckParentDirectory) + { + if (0 == (FileAttributes && FILE_ATTRIBUTE_DIRECTORY)) + return STATUS_NOT_A_DIRECTORY; + } + if (0 != (FileAttributes && FILE_ATTRIBUTE_READONLY)) { if (DesiredAccess & @@ -135,6 +145,9 @@ FSP_API NTSTATUS FspAccessCheck(FSP_FILE_SYSTEM *FileSystem, exit: MemFree(SecurityDescriptor); + if (CheckParentDirectory) + FspPathCombine((PWSTR)Request->Buffer, Suffix); + return Result; } diff --git a/src/dll/create.c b/src/dll/create.c index 997c5b3e..7bb960c6 100644 --- a/src/dll/create.c +++ b/src/dll/create.c @@ -21,15 +21,11 @@ NTSTATUS FspCreateCheck(FSP_FILE_SYSTEM *FileSystem, PDWORD PGrantedAccess) { NTSTATUS Result; - PWSTR Path, Suffix; - FspPathSuffix((PWSTR)Request->Buffer, &Path, &Suffix); - Result = FspAccessCheck(FileSystem, Request, TRUE, + Result = FspAccessCheck(FileSystem, Request, TRUE, AllowTraverseCheck, (Request->Req.Create.CreateOptions & FILE_DIRECTORY_FILE) ? FILE_ADD_SUBDIRECTORY : FILE_ADD_FILE, PGrantedAccess); - FspPathCombine((PWSTR)Request->Buffer, Suffix); - if (NT_SUCCESS(Result)) *PGrantedAccess = (MAXIMUM_ALLOWED & Request->Req.Create.DesiredAccess) ? FILE_ALL_ACCESS : Request->Req.Create.DesiredAccess; @@ -71,7 +67,7 @@ static NTSTATUS FspFileSystemOpCreate_FileOpen(FSP_FILE_SYSTEM *FileSystem, DWORD GrantedAccess; FSP_FILE_NODE *FileNode; - Result = FspAccessCheck(FileSystem, Request, TRUE, + Result = FspAccessCheck(FileSystem, Request, FALSE, TRUE, Request->Req.Create.DesiredAccess, &GrantedAccess); if (!NT_SUCCESS(Result)) return FspFileSystemSendResponseWithStatus(FileSystem, Request, Result); @@ -100,7 +96,7 @@ static NTSTATUS FspFileSystemOpCreate_FileOpenIf(FSP_FILE_SYSTEM *FileSystem, FSP_FILE_NODE *FileNode; BOOLEAN Create = FALSE; - Result = FspAccessCheck(FileSystem, Request, TRUE, + Result = FspAccessCheck(FileSystem, Request, FALSE, TRUE, Request->Req.Create.DesiredAccess, &GrantedAccess); if (!NT_SUCCESS(Result)) { @@ -159,7 +155,7 @@ static NTSTATUS FspFileSystemOpCreate_FileOverwrite(FSP_FILE_SYSTEM *FileSystem, DWORD GrantedAccess; FSP_FILE_NODE *FileNode; - Result = FspAccessCheck(FileSystem, Request, TRUE, + Result = FspAccessCheck(FileSystem, Request, FALSE, TRUE, Request->Req.Create.DesiredAccess | (Supersede ? DELETE : FILE_WRITE_DATA), &GrantedAccess); if (!NT_SUCCESS(Result)) @@ -197,7 +193,7 @@ static NTSTATUS FspFileSystemOpCreate_FileOverwriteIf(FSP_FILE_SYSTEM *FileSyste FSP_FILE_NODE *FileNode; BOOLEAN Create = FALSE; - Result = FspAccessCheck(FileSystem, Request, TRUE, + Result = FspAccessCheck(FileSystem, Request, FALSE, TRUE, Request->Req.Create.DesiredAccess | FILE_WRITE_DATA, &GrantedAccess); if (!NT_SUCCESS(Result)) @@ -259,17 +255,13 @@ static NTSTATUS FspFileSystemOpCreate_FileOpenTargetDirectory(FSP_FILE_SYSTEM *F DWORD GrantedAccess; FSP_FILE_NODE *FileNode; BOOLEAN FileExists; - PWSTR Path, Suffix; - FspPathSuffix((PWSTR)Request->Buffer, &Path, &Suffix); - Result = FspAccessCheck(FileSystem, Request, TRUE, + Result = FspAccessCheck(FileSystem, Request, TRUE, TRUE, Request->Req.Create.DesiredAccess, &GrantedAccess); - FspPathCombine((PWSTR)Request->Buffer, Suffix); - if (!NT_SUCCESS(Result)) return FspFileSystemSendResponseWithStatus(FileSystem, Request, Result); - Result = FileSystem->Interface->FileOpenTargetDirectory(FileSystem, Request, + Result = FileSystem->Interface->FileOpenParentDirectory(FileSystem, Request, &FileNode, &FileExists); if (!NT_SUCCESS(Result)) return FspFileSystemSendResponseWithStatus(FileSystem, Request, Result); @@ -292,7 +284,7 @@ FSP_API NTSTATUS FspFileSystemOpCreate(FSP_FILE_SYSTEM *FileSystem, if (0 == FileSystem->Interface->FileCreate || 0 == FileSystem->Interface->FileOpen || 0 == FileSystem->Interface->FileOverwrite || - 0 == FileSystem->Interface->FileOpenTargetDirectory) + 0 == FileSystem->Interface->FileOpenParentDirectory) return FspFileSystemSendResponseWithStatus(FileSystem, Request, STATUS_INVALID_DEVICE_REQUEST); if (Request->Req.Create.OpenTargetDirectory)