Public/winfsp
1
0
Fork 0
mirror of https://github.com/winfsp/winfsp.git synced 2025-06-14 15:52:47 -05:00
Code Issues Packages Projects Releases Wiki Activity

sys: create: open UserMode AccessToken handle in FspFsvolCreatePrepare and close it properly in FspFsvolCreateRequestFini

Browse Source
This commit is contained in:
Bill Zissimopoulos
2016-01-02 16:16:00 -08:00
parent 2f10c07ab2
commit d2828b3e8c
6 changed files with 104 additions and 40 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
src/dll/access.c
View File

@ -19,12 +19,6 @@ FSP_API PGENERIC_MAPPING FspGetFileGenericMapping(VOID)
return &FspFileGenericMapping;
}
FSP_API NTSTATUS FspOpenAccessToken(FSP_FILE_SYSTEM *FileSystem,
FSP_FSCTL_TRANSACT_REQ *Request, PHANDLE PAccessToken)
{
return FspFsctlOpenAccessToken(FileSystem->VolumeHandle, Request->Hint, PAccessToken);
}
static NTSTATUS FspGetFileSecurityDescriptor(FSP_FILE_SYSTEM *FileSystem,
PWSTR FileName, PSECURITY_DESCRIPTOR *PSecurityDescriptor, SIZE_T *PSecurityDescriptorSize)
{
@ -45,7 +39,8 @@ static NTSTATUS FspGetFileSecurityDescriptor(FSP_FILE_SYSTEM *FileSystem,
}
FSP_API NTSTATUS FspAccessCheck(FSP_FILE_SYSTEM *FileSystem,
FSP_FSCTL_TRANSACT_REQ *Request, DWORD DesiredAccess, PDWORD PGrantedAccess)
FSP_FSCTL_TRANSACT_REQ *Request, BOOLEAN AllowTraverseCheck, DWORD DesiredAccess,
PDWORD PGrantedAccess)
{
if (0 != FileSystem->AccessCheck)
return FileSystem->AccessCheck(FileSystem, Request, DesiredAccess, PGrantedAccess);
@ -57,7 +52,6 @@ FSP_API NTSTATUS FspAccessCheck(FSP_FILE_SYSTEM *FileSystem,
}
NTSTATUS Result;
HANDLE AccessToken = 0;
PSECURITY_DESCRIPTOR SecurityDescriptor = 0;
SIZE_T SecurityDescriptorSize;
DWORD PrivilegeSetLength;
@ -65,10 +59,6 @@ FSP_API NTSTATUS FspAccessCheck(FSP_FILE_SYSTEM *FileSystem,
*PGrantedAccess = 0;
Result = FspOpenAccessToken(FileSystem, Request, &AccessToken);
if (!NT_SUCCESS(Result))
goto exit;
SecurityDescriptorSize = 1024;
SecurityDescriptor = MemAlloc(SecurityDescriptorSize);
if (0 == SecurityDescriptor)
@ -77,7 +67,7 @@ FSP_API NTSTATUS FspAccessCheck(FSP_FILE_SYSTEM *FileSystem,
goto exit;
}
if (!Request->Req.Create.HasTraversePrivilege)
if (AllowTraverseCheck && !Request->Req.Create.HasTraversePrivilege)
{
PWSTR Path = (PWSTR)Request->Buffer, Prefix;
DWORD TraverseAccess;
@ -100,7 +90,7 @@ FSP_API NTSTATUS FspAccessCheck(FSP_FILE_SYSTEM *FileSystem,
if (!NT_SUCCESS(Result))
goto exit;
if (AccessCheck(SecurityDescriptor, AccessToken, FILE_TRAVERSE,
if (AccessCheck(SecurityDescriptor, (HANDLE)Request->Req.Create.AccessToken, FILE_TRAVERSE,
&FspFileGenericMapping, 0, &PrivilegeSetLength, &TraverseAccess, &AccessStatus))
Result = AccessStatus ? STATUS_SUCCESS : STATUS_ACCESS_DENIED;
else
@ -116,18 +106,14 @@ FSP_API NTSTATUS FspAccessCheck(FSP_FILE_SYSTEM *FileSystem,
if (!NT_SUCCESS(Result))
goto exit;
if (AccessCheck(SecurityDescriptor, AccessToken, DesiredAccess,
if (AccessCheck(SecurityDescriptor, (HANDLE)Request->Req.Create.AccessToken, DesiredAccess,
&FspFileGenericMapping, 0, &PrivilegeSetLength, PGrantedAccess, &AccessStatus))
Result = AccessStatus ? STATUS_SUCCESS : STATUS_ACCESS_DENIED;
else
Result = FspNtStatusFromWin32(GetLastError());
exit:
MemFree(SecurityDescriptor);
if (0 != AccessToken)
CloseHandle(AccessToken);
return Result;
}

8
src/dll/fsctl.c
View File

@ -109,11 +109,3 @@ FSP_API NTSTATUS FspFsctlTransact(HANDLE VolumeHandle,
exit:
return Result;
}
FSP_API NTSTATUS FspFsctlOpenAccessToken(HANDLE VolumeHandle,
UINT64 Hint, PHANDLE PAccessToken)
{
*PAccessToken = 0;
return STATUS_NOT_IMPLEMENTED;
}

35
src/sys/create.c
View File

@ -34,6 +34,7 @@ enum
{
RequestFsContext = 0,
RequestAccessToken,
RequestProcess,
};
static NTSTATUS FspFsctlCreate(
@ -256,6 +257,7 @@ static NTSTATUS FspFsvolCreate(
FSP_FSCTL_DEFAULT_ALIGN_UP(Request->FileName.Size);
Request->Req.Create.SecurityDescriptor.Size = (UINT16)SecurityDescriptorSize;
Request->Req.Create.AllocationSize = AllocationSize.QuadPart;
Request->Req.Create.AccessToken = 0;
Request->Req.Create.DesiredAccess = DesiredAccess;
Request->Req.Create.ShareAccess = ShareAccess;
Request->Req.Create.Ea.Offset = 0;
@ -289,11 +291,11 @@ NTSTATUS FspFsvolCreatePrepare(
{
PAGED_CODE();
#if 0
NTSTATUS Result;
PIO_STACK_LOCATION IrpSp = IoGetCurrentIrpStackLocation(Irp);
PACCESS_STATE AccessState = IrpSp->Parameters.Create.SecurityContext->AccessState;
HANDLE UserModeAccessToken;
PEPROCESS Process;
/* get a user-mode handle to the access token */
Result = ObOpenObjectByPointer(SeQuerySubjectContextToken(&AccessState->SubjectSecurityContext),
@ -301,10 +303,14 @@ NTSTATUS FspFsvolCreatePrepare(
if (!NT_SUCCESS(Result))
return Result;
/* get a pointer to the current process so that we can close the access token later */
Process = PsGetCurrentProcess();
ObReferenceObject(Process);
/* send the user-mode handle to the user-mode file system */
FspIopRequestContext(Request, RequestAccessToken) = UserModeAccessToken;
FspIopRequestContext(Request, RequestProcess) = Process;
Request->Req.Create.AccessToken = (UINT_PTR)UserModeAccessToken;
#endif
return STATUS_SUCCESS;
}
@ -428,21 +434,38 @@ static VOID FspFsvolCreateRequestFini(PVOID Context[3])
PAGED_CODE();
if (0 != Context[RequestFsContext])
{
FspFileContextRelease(Context[RequestFsContext]);
Context[RequestFsContext] = 0;
}
#if 0
if (0 != Context[RequestAccessToken])
{
PEPROCESS Process = Context[RequestProcess];
KAPC_STATE ApcState;
BOOLEAN Attach;
ASSERT(0 != Process);
Attach = Process != PsGetCurrentProcess();
if (Attach)
KeStackAttachProcess(Process, &ApcState);
#if DBG
NTSTATUS Result0;
Result0 = ObCloseHandle(Context[RequestAccessToken], KernelMode);
Result0 = ObCloseHandle(Context[RequestAccessToken], UserMode);
if (!NT_SUCCESS(Result0))
DEBUGLOG("ObCloseHandle() = %s", NtStatusSym(Result0));
#else
ObCloseHandle(Context[RequestAccessToken], KernelMode);
ObCloseHandle(Context[RequestAccessToken], UserMode);
#endif
if (Attach)
KeUnstackDetachProcess(&ApcState);
ObDereferenceObject(Process);
Context[RequestAccessToken] = 0;
Context[RequestProcess] = 0;
}
#endif
}
NTSTATUS FspCreate(