Public/winfsp
1
0
Fork 0
mirror of https://github.com/winfsp/winfsp.git synced 2025-10-30 19:48:38 -05:00
Code Activity

sys,dll: pass NULL security descriptor to user-mode file system during Create

Browse Source
This commit is contained in:
Bill Zissimopoulos
2016-10-03 21:02:43 -07:00
parent 1f0f2fe094
commit e58ac1fbde
3 changed files with 11 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
inc/winfsp/fsctl.h
View File

@@ -218,6 +218,7 @@ typedef struct
UINT32 HasTraversePrivilege:1; /* requestor has TOKEN_HAS_TRAVERSE_PRIVILEGE */
UINT32 OpenTargetDirectory:1; /* open target dir and report FILE_{EXISTS,DOES_NOT_EXIST} */
UINT32 CaseSensitive:1; /* FileName comparisons should be case-sensitive */
UINT32 NamedStream:1; /* request targets named stream; FileName has colon */
} Create;
struct
{

8
src/dll/security.c
View File

@@ -358,6 +358,10 @@ FSP_API NTSTATUS FspCreateSecurityDescriptor(FSP_FILE_SYSTEM *FileSystem,
if (FspFsctlTransactCreateKind != Request->Kind)
return STATUS_INVALID_PARAMETER;
/* stream support: return NULL security descriptor when creating named stream */
if (Request->Req.Create.NamedStream)
return STATUS_SUCCESS;
if (!CreatePrivateObjectSecurity(
ParentDescriptor,
0 != Request->Req.Create.SecurityDescriptor.Offset ?
@@ -438,6 +442,10 @@ FSP_API NTSTATUS FspSetSecurityDescriptor(FSP_FILE_SYSTEM *FileSystem,
FSP_API VOID FspDeleteSecurityDescriptor(PSECURITY_DESCRIPTOR SecurityDescriptor,
NTSTATUS (*CreateFunc)())
{
/* stream support: allow NULL security descriptors */
if (0 == SecurityDescriptor)
return;
if ((NTSTATUS (*)())FspAccessCheckEx == CreateFunc ||
(NTSTATUS (*)())FspPosixMapPermissionsToSecurityDescriptor == CreateFunc)
MemFree(SecurityDescriptor);

3
src/sys/create.c
View File

@@ -358,7 +358,7 @@ static NTSTATUS FspFsvolCreateNoLock(
SetFlag(FileAttributes, FILE_ATTRIBUTE_DIRECTORY);
/* if we have a non-empty stream part, open the main file */
if (0 != StreamPart.Buffer)
if (0 != StreamPart.Length)
{
/* named streams can never be directories (even when attached to directories) */
if (FlagOn(CreateOptions, FILE_DIRECTORY_FILE))
@@ -449,6 +449,7 @@ static NTSTATUS FspFsvolCreateNoLock(
Request->Req.Create.HasTraversePrivilege = HasTraversePrivilege;
Request->Req.Create.OpenTargetDirectory = BooleanFlagOn(Flags, SL_OPEN_TARGET_DIRECTORY);
Request->Req.Create.CaseSensitive = CaseSensitiveRequested;
Request->Req.Create.NamedStream = 0 != StreamPart.Length;
/* copy the security descriptor (if any) into the request */
if (0 != SecurityDescriptorSize)