sys,dll: pass NULL security descriptor to user-mode file system during Create

2025-04-22 08:23:05 -05:00 · 2016-10-03 21:02:43 -07:00 · 2016-10-03 21:02:43 -07:00 · e58ac1fbde
commit e58ac1fbde
parent 1f0f2fe094
3 changed files with 11 additions and 1 deletions
--- a/inc/winfsp/fsctl.h
+++ b/inc/winfsp/fsctl.h
@ -218,6 +218,7 @@ typedef struct
            UINT32 HasTraversePrivilege:1;  /* requestor has TOKEN_HAS_TRAVERSE_PRIVILEGE */
            UINT32 OpenTargetDirectory:1;   /* open target dir and report FILE_{EXISTS,DOES_NOT_EXIST} */
            UINT32 CaseSensitive:1;         /* FileName comparisons should be case-sensitive */
+            UINT32 NamedStream:1;           /* request targets named stream; FileName has colon */
        } Create;
        struct
        {
--- a/src/dll/security.c
+++ b/src/dll/security.c
@ -358,6 +358,10 @@ FSP_API NTSTATUS FspCreateSecurityDescriptor(FSP_FILE_SYSTEM *FileSystem,
    if (FspFsctlTransactCreateKind != Request->Kind)
        return STATUS_INVALID_PARAMETER;

+    /* stream support: return NULL security descriptor when creating named stream */
+    if (Request->Req.Create.NamedStream)
+        return STATUS_SUCCESS;
+
    if (!CreatePrivateObjectSecurity(
        ParentDescriptor,
        0 != Request->Req.Create.SecurityDescriptor.Offset ?
@ -438,6 +442,10 @@ FSP_API NTSTATUS FspSetSecurityDescriptor(FSP_FILE_SYSTEM *FileSystem,
 FSP_API VOID FspDeleteSecurityDescriptor(PSECURITY_DESCRIPTOR SecurityDescriptor,
    NTSTATUS (*CreateFunc)())
 {
+    /* stream support: allow NULL security descriptors */
+    if (0 == SecurityDescriptor)
+        return;
+
    if ((NTSTATUS (*)())FspAccessCheckEx == CreateFunc ||
        (NTSTATUS (*)())FspPosixMapPermissionsToSecurityDescriptor == CreateFunc)
        MemFree(SecurityDescriptor);
--- a/src/sys/create.c
+++ b/src/sys/create.c
@ -358,7 +358,7 @@ static NTSTATUS FspFsvolCreateNoLock(
        SetFlag(FileAttributes, FILE_ATTRIBUTE_DIRECTORY);

    /* if we have a non-empty stream part, open the main file */
-    if (0 != StreamPart.Buffer)
+    if (0 != StreamPart.Length)
    {
        /* named streams can never be directories (even when attached to directories) */
        if (FlagOn(CreateOptions, FILE_DIRECTORY_FILE))
@ -449,6 +449,7 @@ static NTSTATUS FspFsvolCreateNoLock(
    Request->Req.Create.HasTraversePrivilege = HasTraversePrivilege;
    Request->Req.Create.OpenTargetDirectory = BooleanFlagOn(Flags, SL_OPEN_TARGET_DIRECTORY);
    Request->Req.Create.CaseSensitive = CaseSensitiveRequested;
+    Request->Req.Create.NamedStream = 0 != StreamPart.Length;

    /* copy the security descriptor (if any) into the request */
    if (0 != SecurityDescriptorSize)