d2/d80/secursup_8c_source.html

/*

 * PROJECT:     ReactOS Named Pipe FileSystem

 * LICENSE:     BSD - See COPYING.ARM in the top level directory

 * FILE:        drivers/filesystems/npfs/secursup.c

 * PURPOSE:     Pipes Security Support

 * PROGRAMMERS: ReactOS Portable Systems Group

 */


/* INCLUDES *******************************************************************/


#include "npfs.h"


// File ID number for NPFS bugchecking support

#define NPFS_BUGCHECK_FILE_ID   (NPFS_BUGCHECK_SECURSUP)


/* FUNCTIONS ******************************************************************/


NTSTATUS

NTAPI

NpImpersonateClientContext(IN PNP_CCB Ccb)

{

    NTSTATUS Status;

    PSECURITY_CLIENT_CONTEXT ClientContext;

    PAGED_CODE();


    ClientContext = Ccb->ClientContext;

    if (ClientContext)

    {

        Status = SeImpersonateClientEx(ClientContext, NULL);

    }

    else

    {

        Status = STATUS_CANNOT_IMPERSONATE;

    }

    return Status;

}


VOID

NTAPI

NpFreeClientSecurityContext(IN PSECURITY_CLIENT_CONTEXT ClientContext)

{

    TOKEN_TYPE TokenType;

    PVOID ClientToken;


    if (!ClientContext) return;


    TokenType = SeTokenType(ClientContext->ClientToken);

    ClientToken = ClientContext->ClientToken;

    if ((TokenType == TokenPrimary) || (ClientToken))

    {

        ObDereferenceObject(ClientToken);

    }

    ExFreePool(ClientContext);

}


VOID

NTAPI

NpCopyClientContext(IN PNP_CCB Ccb,

                    IN PNP_DATA_QUEUE_ENTRY DataQueueEntry)

{

    PAGED_CODE();


    if (!DataQueueEntry->ClientSecurityContext) return;


    NpFreeClientSecurityContext(Ccb->ClientContext);

    Ccb->ClientContext = DataQueueEntry->ClientSecurityContext;

    DataQueueEntry->ClientSecurityContext = NULL;

}


VOID

NTAPI

NpUninitializeSecurity(IN PNP_CCB Ccb)

{

    PAGED_CODE();


    NpFreeClientSecurityContext(Ccb->ClientContext);

    Ccb->ClientContext = NULL;

}


NTSTATUS

NTAPI

NpInitializeSecurity(IN PNP_CCB Ccb,

                     IN PSECURITY_QUALITY_OF_SERVICE SecurityQos,

                     IN PETHREAD Thread)

{

    PSECURITY_CLIENT_CONTEXT ClientContext;

    NTSTATUS Status;

    PAGED_CODE();


    if (SecurityQos)

    {

        Ccb->ClientQos = *SecurityQos;

    }

    else

    {

        Ccb->ClientQos.Length = sizeof(Ccb->ClientQos);

        Ccb->ClientQos.ImpersonationLevel = SecurityImpersonation;

        Ccb->ClientQos.ContextTrackingMode = SECURITY_DYNAMIC_TRACKING;

        Ccb->ClientQos.EffectiveOnly = TRUE;

    }


    NpUninitializeSecurity(Ccb);


    if (Ccb->ClientQos.ContextTrackingMode == SECURITY_DYNAMIC_TRACKING)

    {

        Status = STATUS_SUCCESS;

        Ccb->ClientContext = NULL;

        return Status;

    }


    ClientContext = ExAllocatePoolWithQuotaTag(PagedPool | POOL_QUOTA_FAIL_INSTEAD_OF_RAISE,

                                               sizeof(*ClientContext),

                                               NPFS_CLIENT_SEC_CTX_TAG);

    Ccb->ClientContext = ClientContext;

    if (!ClientContext) return STATUS_INSUFFICIENT_RESOURCES;


    Status = SeCreateClientSecurity(Thread, &Ccb->ClientQos, 0, ClientContext);

    if (!NT_SUCCESS(Status))

    {

        ExFreePool(Ccb->ClientContext);

        Ccb->ClientContext = NULL;

    }


    return Status;

}


NTSTATUS

NTAPI

NpGetClientSecurityContext(IN ULONG NamedPipeEnd,

                           IN PNP_CCB Ccb,

                           IN PETHREAD Thread,

                           IN PSECURITY_CLIENT_CONTEXT *Context)

{

    PSECURITY_CLIENT_CONTEXT NewContext;

    NTSTATUS Status;

    PAGED_CODE();


    if (NamedPipeEnd == FILE_PIPE_SERVER_END || Ccb->ClientQos.ContextTrackingMode != SECURITY_DYNAMIC_TRACKING)

    {

        NewContext = NULL;

        Status = STATUS_SUCCESS;

    }

    else

    {

        NewContext = ExAllocatePoolWithQuotaTag(PagedPool | POOL_QUOTA_FAIL_INSTEAD_OF_RAISE,

                                                sizeof(*NewContext),

                                                NPFS_CLIENT_SEC_CTX_TAG);

        if (!NewContext) return STATUS_INSUFFICIENT_RESOURCES;


        Status = SeCreateClientSecurity(Thread, &Ccb->ClientQos, 0, NewContext);

        if (!NT_SUCCESS(Status))

        {

            ExFreePool(NewContext);

            NewContext = NULL;

        }

    }

    *Context = NewContext;

    return Status;

}


/* EOF */

PAGED_CODE
#define PAGED_CODE()
Definition: Bus_PDO_EvalMethod.c:87

TOKEN_TYPE
TOKEN_TYPE
Definition: asmpp.cpp:29

NTSTATUS
LONG NTSTATUS
Definition: precomp.h:26

Ccb
_Inout_ PFILE_OBJECT _In_ TYPE_OF_OPEN PFCB _In_opt_ PCCB Ccb
Definition: cdprocs.h:592

NULL
#define NULL
Definition: types.h:112

TRUE
#define TRUE
Definition: types.h:120

NT_SUCCESS
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:33

NPFS_CLIENT_SEC_CTX_TAG
#define NPFS_CLIENT_SEC_CTX_TAG
Definition: npfs.h:62

ExFreePool
#define ExFreePool(addr)
Definition: env_spec_w32.h:352

PagedPool
#define PagedPool
Definition: env_spec_w32.h:308

NewContext
_In_ FLT_SET_CONTEXT_OPERATION _In_ PFLT_CONTEXT NewContext
Definition: fltkernel.h:1468

Thread
_In_opt_ PFILE_OBJECT _In_opt_ PETHREAD Thread
Definition: fltkernel.h:2653

Status
Status
Definition: gdiplustypes.h:25

void
Definition: nsiface.idl:2307

SecurityImpersonation
@ SecurityImpersonation
Definition: lsa.idl:57

TokenPrimary
@ TokenPrimary
Definition: imports.h:273

SeTokenType
NTKERNELAPI TOKEN_TYPE NTAPI SeTokenType(IN PACCESS_TOKEN Token)

SeCreateClientSecurity
NTKERNELAPI NTSTATUS NTAPI SeCreateClientSecurity(IN PETHREAD Thread, IN PSECURITY_QUALITY_OF_SERVICE QualityOfService, IN BOOLEAN RemoteClient, OUT PSECURITY_CLIENT_CONTEXT ClientContext)

npfs.h

FILE_PIPE_SERVER_END
#define FILE_PIPE_SERVER_END
Definition: iotypes.h:85

TokenType
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN _In_ TOKEN_TYPE TokenType
Definition: sefuncs.h:411

ClientContext
_In_ PVOID ClientContext
Definition: netioddk.h:55

SeImpersonateClientEx
NTSTATUS NTAPI SeImpersonateClientEx(_In_ PSECURITY_CLIENT_CONTEXT ClientContext, _In_opt_ PETHREAD ServerThread)
Extended function that impersonates a client.
Definition: client.c:276

STATUS_CANNOT_IMPERSONATE
#define STATUS_CANNOT_IMPERSONATE
Definition: ntstatus.h:505

NpInitializeSecurity
NTSTATUS NTAPI NpInitializeSecurity(IN PNP_CCB Ccb, IN PSECURITY_QUALITY_OF_SERVICE SecurityQos, IN PETHREAD Thread)
Definition: secursup.c:82

NpCopyClientContext
VOID NTAPI NpCopyClientContext(IN PNP_CCB Ccb, IN PNP_DATA_QUEUE_ENTRY DataQueueEntry)
Definition: secursup.c:58

NpGetClientSecurityContext
NTSTATUS NTAPI NpGetClientSecurityContext(IN ULONG NamedPipeEnd, IN PNP_CCB Ccb, IN PETHREAD Thread, IN PSECURITY_CLIENT_CONTEXT *Context)
Definition: secursup.c:129

NpUninitializeSecurity
VOID NTAPI NpUninitializeSecurity(IN PNP_CCB Ccb)
Definition: secursup.c:72

NpFreeClientSecurityContext
VOID NTAPI NpFreeClientSecurityContext(IN PSECURITY_CLIENT_CONTEXT ClientContext)
Definition: secursup.c:40

NpImpersonateClientContext
NTSTATUS NTAPI NpImpersonateClientContext(IN PNP_CCB Ccb)
Definition: secursup.c:20

STATUS_SUCCESS
#define STATUS_SUCCESS
Definition: shellext.h:65

Context
Definition: compobj.c:4795

_ETHREAD
Definition: pstypes.h:1103

_NP_CCB
Definition: npfs.h:259

_NP_DATA_QUEUE_ENTRY
Definition: npfs.h:149

_SECURITY_CLIENT_CONTEXT
Definition: imports.h:289

_SECURITY_QUALITY_OF_SERVICE
Definition: lsa.idl:63

NTAPI
#define NTAPI
Definition: typedefs.h:36

IN
#define IN
Definition: typedefs.h:39

ULONG
uint32_t ULONG
Definition: typedefs.h:59

STATUS_INSUFFICIENT_RESOURCES
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158

ExAllocatePoolWithQuotaTag
#define ExAllocatePoolWithQuotaTag(a, b, c)
Definition: exfuncs.h:530

POOL_QUOTA_FAIL_INSTEAD_OF_RAISE
#define POOL_QUOTA_FAIL_INSTEAD_OF_RAISE

ObDereferenceObject
#define ObDereferenceObject
Definition: obfuncs.h:203

SECURITY_DYNAMIC_TRACKING
#define SECURITY_DYNAMIC_TRACKING
Definition: setypes.h:103