d2/d80/secursup_8c_source.html

 /*
  * PROJECT:     ReactOS Named Pipe FileSystem
  * LICENSE:     BSD - See COPYING.ARM in the top level directory
  * FILE:        drivers/filesystems/npfs/secursup.c
  * PURPOSE:     Pipes Security Support
  * PROGRAMMERS: ReactOS Portable Systems Group
  */

 /* INCLUDES *******************************************************************/

 #include "npfs.h"

 // File ID number for NPFS bugchecking support
 #define NPFS_BUGCHECK_FILE_ID   (NPFS_BUGCHECK_SECURSUP)

 /* FUNCTIONS ******************************************************************/

 NTSTATUS
 NTAPI
 NpImpersonateClientContext(IN PNP_CCB Ccb)
 {
     NTSTATUS Status;
     PSECURITY_CLIENT_CONTEXT ClientContext;
     PAGED_CODE();

     ClientContext = Ccb->ClientContext;
     if (ClientContext)
     {
         Status = SeImpersonateClientEx(ClientContext, NULL);
     }
     else
     {
         Status = STATUS_CANNOT_IMPERSONATE;
     }
     return Status;
 }

 VOID
 NTAPI
 NpFreeClientSecurityContext(IN PSECURITY_CLIENT_CONTEXT ClientContext)
 {
     TOKEN_TYPE TokenType;
     PVOID ClientToken;

     if (!ClientContext) return;

     TokenType = SeTokenType(ClientContext->ClientToken);
     ClientToken = ClientContext->ClientToken;
     if ((TokenType == TokenPrimary) || (ClientToken))
     {
         ObDereferenceObject(ClientToken);
     }
     ExFreePool(ClientContext);
 }

 VOID
 NTAPI
 NpCopyClientContext(IN PNP_CCB Ccb,
                     IN PNP_DATA_QUEUE_ENTRY DataQueueEntry)
 {
     PAGED_CODE();

     if (!DataQueueEntry->ClientSecurityContext) return;

     NpFreeClientSecurityContext(Ccb->ClientContext);
     Ccb->ClientContext = DataQueueEntry->ClientSecurityContext;
     DataQueueEntry->ClientSecurityContext = NULL;
 }

 VOID
 NTAPI
 NpUninitializeSecurity(IN PNP_CCB Ccb)
 {
     PAGED_CODE();

     NpFreeClientSecurityContext(Ccb->ClientContext);
     Ccb->ClientContext = NULL;
 }

 NTSTATUS
 NTAPI
 NpInitializeSecurity(IN PNP_CCB Ccb,
                      IN PSECURITY_QUALITY_OF_SERVICE SecurityQos,
                      IN PETHREAD Thread)
 {
     PSECURITY_CLIENT_CONTEXT ClientContext;
     NTSTATUS Status;
     PAGED_CODE();

     if (SecurityQos)
     {
         Ccb->ClientQos = *SecurityQos;
     }
     else
     {
         Ccb->ClientQos.Length = sizeof(Ccb->ClientQos);
         Ccb->ClientQos.ImpersonationLevel = SecurityImpersonation;
         Ccb->ClientQos.ContextTrackingMode = SECURITY_DYNAMIC_TRACKING;
         Ccb->ClientQos.EffectiveOnly = TRUE;
     }

     NpUninitializeSecurity(Ccb);

     if (Ccb->ClientQos.ContextTrackingMode == SECURITY_DYNAMIC_TRACKING)
     {
         Status = STATUS_SUCCESS;
         Ccb->ClientContext = NULL;
         return Status;
     }

     ClientContext = ExAllocatePoolWithQuotaTag(PagedPool | POOL_QUOTA_FAIL_INSTEAD_OF_RAISE,
                                                sizeof(*ClientContext),
                                                NPFS_CLIENT_SEC_CTX_TAG);
     Ccb->ClientContext = ClientContext;
     if (!ClientContext) return STATUS_INSUFFICIENT_RESOURCES;

     Status = SeCreateClientSecurity(Thread, &Ccb->ClientQos, 0, ClientContext);
     if (!NT_SUCCESS(Status))
     {
         ExFreePool(Ccb->ClientContext);
         Ccb->ClientContext = NULL;
     }

     return Status;
 }

 NTSTATUS
 NTAPI
 NpGetClientSecurityContext(IN ULONG NamedPipeEnd,
                            IN PNP_CCB Ccb,
                            IN PETHREAD Thread,
                            IN PSECURITY_CLIENT_CONTEXT *Context)
 {
     PSECURITY_CLIENT_CONTEXT NewContext;
     NTSTATUS Status;
     PAGED_CODE();

     if (NamedPipeEnd == FILE_PIPE_SERVER_END || Ccb->ClientQos.ContextTrackingMode != SECURITY_DYNAMIC_TRACKING)
     {
         NewContext = NULL;
         Status = STATUS_SUCCESS;
     }
     else
     {
         NewContext = ExAllocatePoolWithQuotaTag(PagedPool | POOL_QUOTA_FAIL_INSTEAD_OF_RAISE,
                                                 sizeof(*NewContext),
                                                 NPFS_CLIENT_SEC_CTX_TAG);
         if (!NewContext) return STATUS_INSUFFICIENT_RESOURCES;

         Status = SeCreateClientSecurity(Thread, &Ccb->ClientQos, 0, NewContext);
         if (!NT_SUCCESS(Status))
         {
             ExFreePool(NewContext);
             NewContext = NULL;
         }
     }
     *Context = NewContext;
     return Status;
 }

 /* EOF */
Context
Definition: compobj.c:4794

IN
#define IN
Definition: typedefs.h:39

SecurityImpersonation
Definition: lsa.idl:57

STATUS_INSUFFICIENT_RESOURCES
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158

ExAllocatePoolWithQuotaTag
PVOID NTAPI ExAllocatePoolWithQuotaTag(IN POOL_TYPE PoolType, IN SIZE_T NumberOfBytes, IN ULONG Tag)
Definition: expool.c:2931

TRUE
#define TRUE
Definition: types.h:120

NTSTATUS
LONG NTSTATUS
Definition: precomp.h:26

NPFS_CLIENT_SEC_CTX_TAG
#define NPFS_CLIENT_SEC_CTX_TAG
Definition: npfs.h:62

ObDereferenceObject
VOID NTAPI ObDereferenceObject(IN PVOID Object)
Definition: obref.c:375

TokenPrimary
Definition: imports.h:273

_NP_CCB
Definition: npfs.h:258

NTAPI
NTSTATUS(* NTAPI)(IN PFILE_FULL_EA_INFORMATION EaBuffer, IN ULONG EaLength, OUT PULONG ErrorOffset)
Definition: IoEaTest.cpp:117

_SECURITY_CLIENT_CONTEXT
Definition: imports.h:289

NULL
smooth NULL
Definition: ftsmooth.c:416

NpCopyClientContext
VOID NTAPI NpCopyClientContext(IN PNP_CCB Ccb, IN PNP_DATA_QUEUE_ENTRY DataQueueEntry)
Definition: secursup.c:58

_ETHREAD
Definition: pstypes.h:1043

SeCreateClientSecurity
NTKERNELAPI NTSTATUS NTAPI SeCreateClientSecurity(IN PETHREAD Thread, IN PSECURITY_QUALITY_OF_SERVICE QualityOfService, IN BOOLEAN RemoteClient, OUT PSECURITY_CLIENT_CONTEXT ClientContext)
Definition: access.c:506

SeTokenType
NTKERNELAPI TOKEN_TYPE NTAPI SeTokenType(IN PACCESS_TOKEN Token)
Definition: token.c:1780

NT_SUCCESS
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32

ClientContext
_In_ PVOID ClientContext
Definition: netioddk.h:55

Thread
_In_opt_ PFILE_OBJECT _In_opt_ PETHREAD Thread
Definition: fltkernel.h:2653

_SECURITY_QUALITY_OF_SERVICE
Definition: lsa.idl:63

FILE_PIPE_SERVER_END
#define FILE_PIPE_SERVER_END
Definition: iotypes.h:85

NpImpersonateClientContext
NTSTATUS NTAPI NpImpersonateClientContext(IN PNP_CCB Ccb)
Definition: secursup.c:20

SECURITY_DYNAMIC_TRACKING
#define SECURITY_DYNAMIC_TRACKING
Definition: setypes.h:103

Status
Status
Definition: gdiplustypes.h:24

_NP_DATA_QUEUE_ENTRY
Definition: npfs.h:148

Ccb
_Inout_ PFILE_OBJECT _In_ TYPE_OF_OPEN PFCB _In_opt_ PCCB Ccb
Definition: cdprocs.h:588

TOKEN_TYPE
enum _TOKEN_TYPE TOKEN_TYPE

SeImpersonateClientEx
NTSTATUS NTAPI SeImpersonateClientEx(IN PSECURITY_CLIENT_CONTEXT ClientContext, IN PETHREAD ServerThread OPTIONAL)
Definition: access.c:589

PagedPool
Definition: ketypes.h:867

NpFreeClientSecurityContext
VOID NTAPI NpFreeClientSecurityContext(IN PSECURITY_CLIENT_CONTEXT ClientContext)
Definition: secursup.c:40

npfs.h

NewContext
_In_ FLT_SET_CONTEXT_OPERATION _In_ PFLT_CONTEXT NewContext
Definition: fltkernel.h:1468

NpInitializeSecurity
NTSTATUS NTAPI NpInitializeSecurity(IN PNP_CCB Ccb, IN PSECURITY_QUALITY_OF_SERVICE SecurityQos, IN PETHREAD Thread)
Definition: secursup.c:82

ULONG
unsigned int ULONG
Definition: retypes.h:1

POOL_QUOTA_FAIL_INSTEAD_OF_RAISE
#define POOL_QUOTA_FAIL_INSTEAD_OF_RAISE

STATUS_CANNOT_IMPERSONATE
#define STATUS_CANNOT_IMPERSONATE
Definition: ntstatus.h:505

void
Definition: nsiface.idl:2306

STATUS_SUCCESS
return STATUS_SUCCESS
Definition: btrfs.c:3014

ExFreePool
#define ExFreePool(addr)
Definition: env_spec_w32.h:352

NpUninitializeSecurity
VOID NTAPI NpUninitializeSecurity(IN PNP_CCB Ccb)
Definition: secursup.c:72

NpGetClientSecurityContext
NTSTATUS NTAPI NpGetClientSecurityContext(IN ULONG NamedPipeEnd, IN PNP_CCB Ccb, IN PETHREAD Thread, IN PSECURITY_CLIENT_CONTEXT *Context)
Definition: secursup.c:129

TokenType
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN _In_ TOKEN_TYPE TokenType
Definition: sefuncs.h:417

PAGED_CODE
#define PAGED_CODE()
Definition: Bus_PDO_QueryResourceRequirements.c:89