Public/winfsp
1
0
Fork 0
mirror of https://github.com/winfsp/winfsp.git synced 2025-06-14 15:52:47 -05:00
Code Issues Packages Projects Releases Wiki Activity

dll: FspAccessCheckEx: test access checks without traverse privilege

Browse Source
This commit is contained in:
Bill Zissimopoulos
2016-10-19 11:54:22 -07:00
parent cb17b7e2e0
commit f642ea57be
9 changed files with 71 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
tst/winfsp-tests/dirctl-test.c
View File

@ -479,12 +479,14 @@ void dirnotify_test(void)
GetCurrentDirectoryW(MAX_PATH - 4, DirBuf + 4);
dirnotify_dotest(-1, DirBuf, 0, 0);
}
if (WinFspDiskTests)
if (WinFspDiskTests && !OptNoTraverseToken
/* WinFsp does not support change notifications without traverse privilege*/)
{
dirnotify_dotest(MemfsDisk, 0, 0, 0);
dirnotify_dotest(MemfsDisk, 0, 1000, 0);
}
if (WinFspNetTests)
if (WinFspNetTests && !OptNoTraverseToken
/* WinFsp does not support change notifications without traverse privilege*/)
{
dirnotify_dotest(MemfsNet, L"\\\\memfs\\share", 0, 0);
dirnotify_dotest(MemfsNet, L"\\\\memfs\\share", 1000, 0);

2
tst/winfsp-tests/mount-test.c
View File

@ -208,7 +208,7 @@ void mount_volume_transact_dotest(PWSTR DeviceName, PWSTR Prefix)
ASSERT(0 == Request->Req.Create.Ea.Offset);
ASSERT(0 == Request->Req.Create.Ea.Size);
ASSERT(Request->Req.Create.UserMode);
ASSERT(Request->Req.Create.HasTraversePrivilege);
ASSERT(!OptNoTraverseToken == Request->Req.Create.HasTraversePrivilege);
ASSERT(!Request->Req.Create.OpenTargetDirectory);
ASSERT(!Request->Req.Create.CaseSensitive);
ASSERT(0 == Request->FileName.Offset);

6
tst/winfsp-tests/stream-tests.c
View File

@ -2102,12 +2102,14 @@ void stream_dirnotify_test(void)
GetCurrentDirectoryW(MAX_PATH - 4, DirBuf + 4);
stream_dirnotify_dotest(-1, DirBuf, 0, 0);
}
if (WinFspDiskTests)
if (WinFspDiskTests && !OptNoTraverseToken
/* WinFsp does not support change notifications without traverse privilege*/)
{
stream_dirnotify_dotest(MemfsDisk, 0, 0, 0);
stream_dirnotify_dotest(MemfsDisk, 0, 1000, 0);
}
if (WinFspNetTests)
if (WinFspNetTests && !OptNoTraverseToken
/* WinFsp does not support change notifications without traverse privilege*/)
{
stream_dirnotify_dotest(MemfsNet, L"\\\\memfs\\share", 0, 0);
stream_dirnotify_dotest(MemfsNet, L"\\\\memfs\\share", 1000, 0);

4
tst/winfsp-tests/timeout-test.c
View File

@ -104,7 +104,7 @@ void timeout_pending_dotest(PWSTR DeviceName, PWSTR Prefix)
ASSERT(0 == Request->Req.Create.Ea.Offset);
ASSERT(0 == Request->Req.Create.Ea.Size);
ASSERT(Request->Req.Create.UserMode);
ASSERT(Request->Req.Create.HasTraversePrivilege);
ASSERT(!OptNoTraverseToken == Request->Req.Create.HasTraversePrivilege);
ASSERT(!Request->Req.Create.OpenTargetDirectory);
ASSERT(!Request->Req.Create.CaseSensitive);
ASSERT(0 == Request->FileName.Offset);
@ -214,7 +214,7 @@ void timeout_transact_dotest(PWSTR DeviceName, PWSTR Prefix)
ASSERT(0 == Request->Req.Create.Ea.Offset);
ASSERT(0 == Request->Req.Create.Ea.Size);
ASSERT(Request->Req.Create.UserMode);
ASSERT(Request->Req.Create.HasTraversePrivilege);
ASSERT(!OptNoTraverseToken == Request->Req.Create.HasTraversePrivilege);
ASSERT(!Request->Req.Create.OpenTargetDirectory);
ASSERT(!Request->Req.Create.CaseSensitive);
}

33
tst/winfsp-tests/winfsp-tests.c
View File

@ -10,6 +10,8 @@ int WinFspNetTests = 1;
BOOLEAN OptCaseInsensitive = FALSE;
BOOLEAN OptCaseRandomize = FALSE;
WCHAR OptMountPointBuf[MAX_PATH], *OptMountPoint;
HANDLE OptNoTraverseToken = 0;
LUID OptNoTraverseLuid;
int mywcscmp(PWSTR a, int alen, PWSTR b, int blen)
{
@ -63,6 +65,7 @@ HANDLE HookCreateFileW(
L"\\\\memfs\\share";
static const TogglePercent = 25;
WCHAR FileNameBuf[1024];
TOKEN_PRIVILEGES Privileges;
PWSTR P, EndP;
size_t L1, L2;
@ -119,6 +122,15 @@ HANDLE HookCreateFileW(
abort();
}
if (OptNoTraverseToken)
{
Privileges.PrivilegeCount = 1;
Privileges.Privileges[0].Attributes = 0;
Privileges.Privileges[0].Luid = OptNoTraverseLuid;
if (!AdjustTokenPrivileges(OptNoTraverseToken, FALSE, &Privileges, 0, 0, 0))
abort();
}
HANDLE h = CreateFileW(
FileNameBuf,
dwDesiredAccess,
@ -127,9 +139,18 @@ HANDLE HookCreateFileW(
dwCreationDisposition,
dwFlagsAndAttributes,
hTemplateFile);
DWORD LastError = GetLastError();
if (OptNoTraverseToken)
{
Privileges.PrivilegeCount = 1;
Privileges.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
Privileges.Privileges[0].Luid = OptNoTraverseLuid;
if (!AdjustTokenPrivileges(OptNoTraverseToken, FALSE, &Privileges, 0, 0, 0))
abort();
}
#if 0
DWORD LastError = GetLastError();
FspDebugLog("CreateFileW(\"%S\", %#lx, %#lx, %p, %#lx, %#lx, %p) = %p[%#lx]\n",
FileNameBuf,
dwDesiredAccess,
@ -139,9 +160,9 @@ HANDLE HookCreateFileW(
dwFlagsAndAttributes,
hTemplateFile,
h, INVALID_HANDLE_VALUE != h ? 0 : LastError);
SetLastError(LastError);
#endif
SetLastError(LastError);
return h;
}
@ -200,6 +221,14 @@ int main(int argc, char *argv[])
WinFspNetTests = 0;
}
}
else if (0 == strcmp("--no-traverse", a))
{
if (LookupPrivilegeValue(0, SE_CHANGE_NOTIFY_NAME, &OptNoTraverseLuid) &&
OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES, &OptNoTraverseToken))
{
rmarg(argv, argc, argi);
}
}
}
}

2
tst/winfsp-tests/winfsp-tests.h
View File

@ -24,5 +24,7 @@ extern int WinFspNetTests;
extern BOOLEAN OptCaseInsensitive;
extern BOOLEAN OptCaseRandomize;
extern WCHAR OptMountPointBuf[], *OptMountPoint;
extern HANDLE OptNoTraverseToken;
extern LUID OptNoTraverseLuid;
extern int memfs_running;