From e58ac1fbdec8608841a2a993a9135433039cc248 Mon Sep 17 00:00:00 2001
From: Bill Zissimopoulos <billziss@navimatics.com>
Date: Mon, 3 Oct 2016 21:02:43 -0700
Subject: [PATCH] sys,dll: pass NULL security descriptor to user-mode file
 system during Create

---
 inc/winfsp/fsctl.h | 1 +
 src/dll/security.c | 8 ++++++++
 src/sys/create.c   | 3 ++-
 3 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/inc/winfsp/fsctl.h b/inc/winfsp/fsctl.h
index 99d4e179..d45957c5 100644
--- a/inc/winfsp/fsctl.h
+++ b/inc/winfsp/fsctl.h
@@ -218,6 +218,7 @@ typedef struct
             UINT32 HasTraversePrivilege:1;  /* requestor has TOKEN_HAS_TRAVERSE_PRIVILEGE */
             UINT32 OpenTargetDirectory:1;   /* open target dir and report FILE_{EXISTS,DOES_NOT_EXIST} */
             UINT32 CaseSensitive:1;         /* FileName comparisons should be case-sensitive */
+            UINT32 NamedStream:1;           /* request targets named stream; FileName has colon */
         } Create;
         struct
         {
diff --git a/src/dll/security.c b/src/dll/security.c
index faaa3175..7d100533 100644
--- a/src/dll/security.c
+++ b/src/dll/security.c
@@ -358,6 +358,10 @@ FSP_API NTSTATUS FspCreateSecurityDescriptor(FSP_FILE_SYSTEM *FileSystem,
     if (FspFsctlTransactCreateKind != Request->Kind)
         return STATUS_INVALID_PARAMETER;
 
+    /* stream support: return NULL security descriptor when creating named stream */
+    if (Request->Req.Create.NamedStream)
+        return STATUS_SUCCESS;
+
     if (!CreatePrivateObjectSecurity(
         ParentDescriptor,
         0 != Request->Req.Create.SecurityDescriptor.Offset ?
@@ -438,6 +442,10 @@ FSP_API NTSTATUS FspSetSecurityDescriptor(FSP_FILE_SYSTEM *FileSystem,
 FSP_API VOID FspDeleteSecurityDescriptor(PSECURITY_DESCRIPTOR SecurityDescriptor,
     NTSTATUS (*CreateFunc)())
 {
+    /* stream support: allow NULL security descriptors */
+    if (0 == SecurityDescriptor)
+        return;
+
     if ((NTSTATUS (*)())FspAccessCheckEx == CreateFunc ||
         (NTSTATUS (*)())FspPosixMapPermissionsToSecurityDescriptor == CreateFunc)
         MemFree(SecurityDescriptor);
diff --git a/src/sys/create.c b/src/sys/create.c
index d679dd92..f9baa4d4 100644
--- a/src/sys/create.c
+++ b/src/sys/create.c
@@ -358,7 +358,7 @@ static NTSTATUS FspFsvolCreateNoLock(
         SetFlag(FileAttributes, FILE_ATTRIBUTE_DIRECTORY);
 
     /* if we have a non-empty stream part, open the main file */
-    if (0 != StreamPart.Buffer)
+    if (0 != StreamPart.Length)
     {
         /* named streams can never be directories (even when attached to directories) */
         if (FlagOn(CreateOptions, FILE_DIRECTORY_FILE))
@@ -449,6 +449,7 @@ static NTSTATUS FspFsvolCreateNoLock(
     Request->Req.Create.HasTraversePrivilege = HasTraversePrivilege;
     Request->Req.Create.OpenTargetDirectory = BooleanFlagOn(Flags, SL_OPEN_TARGET_DIRECTORY);
     Request->Req.Create.CaseSensitive = CaseSensitiveRequested;
+    Request->Req.Create.NamedStream = 0 != StreamPart.Length;
 
     /* copy the security descriptor (if any) into the request */
     if (0 != SecurityDescriptorSize)