From eb07db1d295d8225281cf7c8cacd50acbd360a70 Mon Sep 17 00:00:00 2001 From: Bill Zissimopoulos Date: Thu, 3 Dec 2015 18:40:02 -0800 Subject: [PATCH] sys: IRP_MJ_CREATE --- inc/winfsp/fsctl.h | 25 ++++++++++++------------- src/sys/create.c | 11 ++++++----- src/sys/iop.c | 10 +++++++--- 3 files changed, 25 insertions(+), 21 deletions(-) diff --git a/inc/winfsp/fsctl.h b/inc/winfsp/fsctl.h index e14bac8a..355577d6 100644 --- a/inc/winfsp/fsctl.h +++ b/inc/winfsp/fsctl.h @@ -38,11 +38,10 @@ extern const __declspec(selectany) GUID FspFsvrtDeviceClassGuid = #define FSP_FSCTL_TRANSACT_BUFFER_SIZE (16 * 1024) #define FSP_FSCTL_VOLUME_PARAMS_SIZE \ - FSP_FSCTL_ALIGN_UP(sizeof(FSP_FSCTL_VOLUME_PARAMS), FSP_FSCTL_DEFAULT_ALIGNMENT) -#define FSP_FSCTL_TRANSACT_REQ_SIZEMAX \ - FSP_FSCTL_ALIGN_UP(sizeof(FSP_FSCTL_TRANSACT_REQ) + 1024 * sizeof(WCHAR), FSP_FSCTL_DEFAULT_ALIGNMENT) -#define FSP_FSCTL_TRANSACT_RSP_SIZEMAX \ - FSP_FSCTL_ALIGN_UP(sizeof(FSP_FSCTL_TRANSACT_RSP) + 1024 * sizeof(WCHAR), FSP_FSCTL_DEFAULT_ALIGNMENT) + FSP_FSCTL_ALIGN_UP(sizeof(FSP_FSCTL_VOLUME_PARAMS),\ + FSP_FSCTL_DEFAULT_ALIGNMENT) +#define FSP_FSCTL_TRANSACT_REQ_SIZEMAX (4 * 1024) +#define FSP_FSCTL_TRANSACT_RSP_SIZEMAX (4 * 1024) /* marshalling */ #pragma warning(push) @@ -92,18 +91,17 @@ typedef struct UINT32 CreateDisposition; /* FILE_{SUPERSEDE,CREATE,OPEN,OPEN_IF,OVERWRITE,OVERWRITE_IF} */ UINT32 CreateOptions; /* FILE_{DIRECTORY_FILE,NON_DIRECTORY_FILE,etc.} */ UINT32 FileAttributes; /* FILE_ATTRIBUTE_{NORMAL,DIRECTORY,etc.} */ + UINT16 SecurityDescriptor; /* security descriptor for new files (offset within Buffer) */ + UINT16 SecurityDescriptorSize; /* security descriptor size */ UINT64 AllocationSize; /* initial allocation size */ - UINT64 SecurityDescriptor; /* (PSECURITY_DESCRIPTOR); security to apply to new files */ - UINT64 EaBuffer; /* (PVOID); reserved; not currently implemented */ - UINT32 EaLength; /* (PVOID); reserved; not currently implemented */ UINT64 AccessToken; /* (HANDLE); request access token; sent if NoAccessCheck is 0 */ UINT32 DesiredAccess; /* FILE_{READ_DATA,WRITE_DATA,etc.} */ UINT32 ShareAccess; /* FILE_SHARE_{READ,WRITE,DELETE} */ + UINT16 Ea; /* reserved; not currently implemented */ + UINT16 EaSize; /* reserved; not currently implemented */ UINT32 UserMode:1; /* request originated in user mode */ - UINT32 HasTraversePrivilege:1; - /* requestor has TOKEN_HAS_TRAVERSE_PRIVILEGE */ - UINT32 OpenTargetDirectory:1; - /* open target directory and report FILE_{EXISTS,DOES_NOT_EXIST} */ + UINT32 HasTraversePrivilege:1; /* requestor has TOKEN_HAS_TRAVERSE_PRIVILEGE */ + UINT32 OpenTargetDirectory:1; /* open target dir and report FILE_{EXISTS,DOES_NOT_EXIST} */ UINT32 CaseSensitive:1; /* filename comparisons should be case-sensitive */ } Create; struct @@ -117,7 +115,7 @@ typedef struct UINT64 UserContext2; } Close; } Req; - FSP_FSCTL_DECLSPEC_ALIGN WCHAR FileName[]; + FSP_FSCTL_DECLSPEC_ALIGN UINT8 Buffer[]; } FSP_FSCTL_TRANSACT_REQ; typedef struct { @@ -138,6 +136,7 @@ typedef struct UINT64 UserContext2; /* user context attached to a kernel file object */ } Create; } Rsp; + FSP_FSCTL_DECLSPEC_ALIGN UINT8 Buffer[]; } FSP_FSCTL_TRANSACT_RSP; #pragma warning(pop) static inline FSP_FSCTL_TRANSACT_REQ *FspFsctlTransactProduceRequest( diff --git a/src/sys/create.c b/src/sys/create.c index aa884490..3f93a71a 100644 --- a/src/sys/create.c +++ b/src/sys/create.c @@ -60,6 +60,7 @@ static NTSTATUS FspFsvolCreate( KPROCESSOR_MODE RequestorMode = FlagOn(Flags, SL_FORCE_ACCESS_CHECK) ? UserMode : Irp->RequestorMode; PACCESS_STATE AccessState = IrpSp->Parameters.Create.SecurityContext->AccessState; ACCESS_MASK DesiredAccess = IrpSp->Parameters.Create.SecurityContext->DesiredAccess; + //PSECURITY_DESCRIPTOR SecurityDescriptor = AccessState->SecurityDescriptor; USHORT ShareAccess = IrpSp->Parameters.Create.ShareAccess; ULONG CreateDisposition = (IrpSp->Parameters.Create.Options >> 24) & 0xff; ULONG CreateOptions = IrpSp->Parameters.Create.Options & 0xffffff; @@ -178,18 +179,18 @@ static NTSTATUS FspFsvolCreate( Request->Req.Create.CreateDisposition = CreateDisposition; Request->Req.Create.CreateOptions = CreateOptions; Request->Req.Create.FileAttributes = FileAttributes; - Request->Req.Create.AllocationSize = AllocationSize.QuadPart; Request->Req.Create.SecurityDescriptor = 0; - Request->Req.Create.EaBuffer = 0; - Request->Req.Create.EaLength = 0; + Request->Req.Create.SecurityDescriptorSize = 0; + Request->Req.Create.AllocationSize = AllocationSize.QuadPart; Request->Req.Create.AccessToken = 0; Request->Req.Create.DesiredAccess = DesiredAccess; Request->Req.Create.ShareAccess = ShareAccess; - Request->Req.Create.DesiredAccess = DesiredAccess; + Request->Req.Create.Ea = 0; + Request->Req.Create.EaSize = 0; Request->Req.Create.UserMode = UserMode == RequestorMode; Request->Req.Create.HasTraversePrivilege = HasTraversePrivilege; - Request->Req.Create.CaseSensitive = BooleanFlagOn(Flags, SL_CASE_SENSITIVE); Request->Req.Create.OpenTargetDirectory = BooleanFlagOn(Flags, SL_OPEN_TARGET_DIRECTORY); + Request->Req.Create.CaseSensitive = BooleanFlagOn(Flags, SL_CASE_SENSITIVE); /* * Post the IRP to our Ioq; we do this here instead of at FSP_LEAVE_MJ time, diff --git a/src/sys/iop.c b/src/sys/iop.c index 4e498795..011e26c2 100644 --- a/src/sys/iop.c +++ b/src/sys/iop.c @@ -25,18 +25,22 @@ NTSTATUS FspIopCreateRequest( if (0 != FileName) ExtraSize += FileName->Length + sizeof(WCHAR); + if (FSP_FSCTL_TRANSACT_REQ_SIZEMAX < sizeof *Request + ExtraSize) + return STATUS_INVALID_PARAMETER; + FSP_FSCTL_TRANSACT_REQ *Request = ExAllocatePoolWithTag(PagedPool, sizeof *Request + ExtraSize, FSP_TAG); if (0 == Request) return STATUS_INSUFFICIENT_RESOURCES; - RtlZeroMemory(Request, sizeof *Request + ExtraSize); + RtlZeroMemory(Request, sizeof *Request); Request->Size = (UINT16)(sizeof *Request + ExtraSize); Request->Hint = (UINT_PTR)Irp; if (0 != FileName) { - RtlCopyMemory(Request->FileName, FileName->Buffer, FileName->Length); - Request->FileName[FileName->Length / 2] = L'\0'; + RtlCopyMemory(Request->Buffer, FileName->Buffer, FileName->Length); + Request->Buffer[FileName->Length] = '\0'; + Request->Buffer[FileName->Length + 1] = '\0'; } Irp->Tail.Overlay.DriverContext[0] = Request;