Public/winfsp
1
0
Fork 0
mirror of https://github.com/winfsp/winfsp.git synced 2025-06-14 15:52:47 -05:00
Code Issues Packages Projects Releases Wiki Activity

sys: create: open UserMode AccessToken handle in FspFsvolCreatePrepare and close it properly in FspFsvolCreateRequestFini

Browse Source
This commit is contained in:
Bill Zissimopoulos
2016-01-02 16:16:00 -08:00
parent 2f10c07ab2
commit d2828b3e8c
6 changed files with 104 additions and 40 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
src/dll/access.c
View File

@ -19,12 +19,6 @@ FSP_API PGENERIC_MAPPING FspGetFileGenericMapping(VOID)
return &FspFileGenericMapping;
}
FSP_API NTSTATUS FspOpenAccessToken(FSP_FILE_SYSTEM *FileSystem,
FSP_FSCTL_TRANSACT_REQ *Request, PHANDLE PAccessToken)
{
return FspFsctlOpenAccessToken(FileSystem->VolumeHandle, Request->Hint, PAccessToken);
}
static NTSTATUS FspGetFileSecurityDescriptor(FSP_FILE_SYSTEM *FileSystem,
PWSTR FileName, PSECURITY_DESCRIPTOR *PSecurityDescriptor, SIZE_T *PSecurityDescriptorSize)
{
@ -45,7 +39,8 @@ static NTSTATUS FspGetFileSecurityDescriptor(FSP_FILE_SYSTEM *FileSystem,
}
FSP_API NTSTATUS FspAccessCheck(FSP_FILE_SYSTEM *FileSystem,
FSP_FSCTL_TRANSACT_REQ *Request, DWORD DesiredAccess, PDWORD PGrantedAccess)
FSP_FSCTL_TRANSACT_REQ *Request, BOOLEAN AllowTraverseCheck, DWORD DesiredAccess,
PDWORD PGrantedAccess)
{
if (0 != FileSystem->AccessCheck)
return FileSystem->AccessCheck(FileSystem, Request, DesiredAccess, PGrantedAccess);
@ -57,7 +52,6 @@ FSP_API NTSTATUS FspAccessCheck(FSP_FILE_SYSTEM *FileSystem,
}
NTSTATUS Result;
HANDLE AccessToken = 0;
PSECURITY_DESCRIPTOR SecurityDescriptor = 0;
SIZE_T SecurityDescriptorSize;
DWORD PrivilegeSetLength;
@ -65,10 +59,6 @@ FSP_API NTSTATUS FspAccessCheck(FSP_FILE_SYSTEM *FileSystem,
*PGrantedAccess = 0;
Result = FspOpenAccessToken(FileSystem, Request, &AccessToken);
if (!NT_SUCCESS(Result))
goto exit;
SecurityDescriptorSize = 1024;
SecurityDescriptor = MemAlloc(SecurityDescriptorSize);
if (0 == SecurityDescriptor)
@ -77,7 +67,7 @@ FSP_API NTSTATUS FspAccessCheck(FSP_FILE_SYSTEM *FileSystem,
goto exit;
}
if (!Request->Req.Create.HasTraversePrivilege)
if (AllowTraverseCheck && !Request->Req.Create.HasTraversePrivilege)
{
PWSTR Path = (PWSTR)Request->Buffer, Prefix;
DWORD TraverseAccess;
@ -100,7 +90,7 @@ FSP_API NTSTATUS FspAccessCheck(FSP_FILE_SYSTEM *FileSystem,
if (!NT_SUCCESS(Result))
goto exit;
if (AccessCheck(SecurityDescriptor, AccessToken, FILE_TRAVERSE,
if (AccessCheck(SecurityDescriptor, (HANDLE)Request->Req.Create.AccessToken, FILE_TRAVERSE,
&FspFileGenericMapping, 0, &PrivilegeSetLength, &TraverseAccess, &AccessStatus))
Result = AccessStatus ? STATUS_SUCCESS : STATUS_ACCESS_DENIED;
else
@ -116,18 +106,14 @@ FSP_API NTSTATUS FspAccessCheck(FSP_FILE_SYSTEM *FileSystem,
if (!NT_SUCCESS(Result))
goto exit;
if (AccessCheck(SecurityDescriptor, AccessToken, DesiredAccess,
if (AccessCheck(SecurityDescriptor, (HANDLE)Request->Req.Create.AccessToken, DesiredAccess,
&FspFileGenericMapping, 0, &PrivilegeSetLength, PGrantedAccess, &AccessStatus))
Result = AccessStatus ? STATUS_SUCCESS : STATUS_ACCESS_DENIED;
else
Result = FspNtStatusFromWin32(GetLastError());
exit:
MemFree(SecurityDescriptor);
if (0 != AccessToken)
CloseHandle(AccessToken);
return Result;
}

8
src/dll/fsctl.c
View File

@ -109,11 +109,3 @@ FSP_API NTSTATUS FspFsctlTransact(HANDLE VolumeHandle,
exit:
return Result;
}
FSP_API NTSTATUS FspFsctlOpenAccessToken(HANDLE VolumeHandle,
UINT64 Hint, PHANDLE PAccessToken)
{
*PAccessToken = 0;
return STATUS_NOT_IMPLEMENTED;
}