ReactOS  0.4.15-dev-4874-g57c84dd
secursup.c
Go to the documentation of this file.
1 /*
2  * PROJECT: ReactOS Named Pipe FileSystem
3  * LICENSE: BSD - See COPYING.ARM in the top level directory
4  * FILE: drivers/filesystems/npfs/secursup.c
5  * PURPOSE: Pipes Security Support
6  * PROGRAMMERS: ReactOS Portable Systems Group
7  */
8 
9 /* INCLUDES *******************************************************************/
10 
11 #include "npfs.h"
12 
13 // File ID number for NPFS bugchecking support
14 #define NPFS_BUGCHECK_FILE_ID (NPFS_BUGCHECK_SECURSUP)
15 
16 /* FUNCTIONS ******************************************************************/
17 
18 NTSTATUS
19 NTAPI
20 NpImpersonateClientContext(IN PNP_CCB Ccb)
21 {
22  NTSTATUS Status;
23  PSECURITY_CLIENT_CONTEXT ClientContext;
24  PAGED_CODE();
25 
26  ClientContext = Ccb->ClientContext;
27  if (ClientContext)
28  {
29  Status = SeImpersonateClientEx(ClientContext, NULL);
30  }
31  else
32  {
33  Status = STATUS_CANNOT_IMPERSONATE;
34  }
35  return Status;
36 }
37 
38 VOID
39 NTAPI
40 NpFreeClientSecurityContext(IN PSECURITY_CLIENT_CONTEXT ClientContext)
41 {
42  TOKEN_TYPE TokenType;
43  PVOID ClientToken;
44 
45  if (!ClientContext) return;
46 
47  TokenType = SeTokenType(ClientContext->ClientToken);
48  ClientToken = ClientContext->ClientToken;
49  if ((TokenType == TokenPrimary) || (ClientToken))
50  {
51  ObDereferenceObject(ClientToken);
52  }
53  ExFreePool(ClientContext);
54 }
55 
56 VOID
57 NTAPI
58 NpCopyClientContext(IN PNP_CCB Ccb,
59  IN PNP_DATA_QUEUE_ENTRY DataQueueEntry)
60 {
61  PAGED_CODE();
62 
63  if (!DataQueueEntry->ClientSecurityContext) return;
64 
65  NpFreeClientSecurityContext(Ccb->ClientContext);
66  Ccb->ClientContext = DataQueueEntry->ClientSecurityContext;
67  DataQueueEntry->ClientSecurityContext = NULL;
68 }
69 
70 VOID
71 NTAPI
72 NpUninitializeSecurity(IN PNP_CCB Ccb)
73 {
74  PAGED_CODE();
75 
76  NpFreeClientSecurityContext(Ccb->ClientContext);
77  Ccb->ClientContext = NULL;
78 }
79 
80 NTSTATUS
81 NTAPI
82 NpInitializeSecurity(IN PNP_CCB Ccb,
83  IN PSECURITY_QUALITY_OF_SERVICE SecurityQos,
84  IN PETHREAD Thread)
85 {
86  PSECURITY_CLIENT_CONTEXT ClientContext;
87  NTSTATUS Status;
88  PAGED_CODE();
89 
90  if (SecurityQos)
91  {
92  Ccb->ClientQos = *SecurityQos;
93  }
94  else
95  {
96  Ccb->ClientQos.Length = sizeof(Ccb->ClientQos);
97  Ccb->ClientQos.ImpersonationLevel = SecurityImpersonation;
98  Ccb->ClientQos.ContextTrackingMode = SECURITY_DYNAMIC_TRACKING;
99  Ccb->ClientQos.EffectiveOnly = TRUE;
100  }
101 
102  NpUninitializeSecurity(Ccb);
103 
104  if (Ccb->ClientQos.ContextTrackingMode == SECURITY_DYNAMIC_TRACKING)
105  {
106  Status = STATUS_SUCCESS;
107  Ccb->ClientContext = NULL;
108  return Status;
109  }
110 
111  ClientContext = ExAllocatePoolWithQuotaTag(PagedPool | POOL_QUOTA_FAIL_INSTEAD_OF_RAISE,
112  sizeof(*ClientContext),
113  NPFS_CLIENT_SEC_CTX_TAG);
114  Ccb->ClientContext = ClientContext;
115  if (!ClientContext) return STATUS_INSUFFICIENT_RESOURCES;
116 
117  Status = SeCreateClientSecurity(Thread, &Ccb->ClientQos, 0, ClientContext);
118  if (!NT_SUCCESS(Status))
119  {
120  ExFreePool(Ccb->ClientContext);
121  Ccb->ClientContext = NULL;
122  }
123 
124  return Status;
125 }
126 
127 NTSTATUS
128 NTAPI
129 NpGetClientSecurityContext(IN ULONG NamedPipeEnd,
130  IN PNP_CCB Ccb,
131  IN PETHREAD Thread,
132  IN PSECURITY_CLIENT_CONTEXT *Context)
133 {
134  PSECURITY_CLIENT_CONTEXT NewContext;
135  NTSTATUS Status;
136  PAGED_CODE();
137 
138  if (NamedPipeEnd == FILE_PIPE_SERVER_END || Ccb->ClientQos.ContextTrackingMode != SECURITY_DYNAMIC_TRACKING)
139  {
140  NewContext = NULL;
141  Status = STATUS_SUCCESS;
142  }
143  else
144  {
145  NewContext = ExAllocatePoolWithQuotaTag(PagedPool | POOL_QUOTA_FAIL_INSTEAD_OF_RAISE,
146  sizeof(*NewContext),
147  NPFS_CLIENT_SEC_CTX_TAG);
148  if (!NewContext) return STATUS_INSUFFICIENT_RESOURCES;
149 
150  Status = SeCreateClientSecurity(Thread, &Ccb->ClientQos, 0, NewContext);
151  if (!NT_SUCCESS(Status))
152  {
153  ExFreePool(NewContext);
154  NewContext = NULL;
155  }
156  }
157  *Context = NewContext;
158  return Status;
159 }
160 
161 /* EOF */
IN
#define IN
Definition: typedefs.h:39
STATUS_INSUFFICIENT_RESOURCES
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
ExAllocatePoolWithQuotaTag
PVOID NTAPI ExAllocatePoolWithQuotaTag(IN POOL_TYPE PoolType, IN SIZE_T NumberOfBytes, IN ULONG Tag)
Definition: expool.c:2984
TRUE
#define TRUE
Definition: types.h:120
NTSTATUS
LONG NTSTATUS
Definition: precomp.h:26
NPFS_CLIENT_SEC_CTX_TAG
#define NPFS_CLIENT_SEC_CTX_TAG
Definition: npfs.h:62
SeImpersonateClientEx
NTSTATUS NTAPI SeImpersonateClientEx(_In_ PSECURITY_CLIENT_CONTEXT ClientContext, _In_opt_ PETHREAD ServerThread)
Extended function that impersonates a client.
Definition: client.c:276
_NP_CCB
Definition: npfs.h:258
NTAPI
NTSTATUS(* NTAPI)(IN PFILE_FULL_EA_INFORMATION EaBuffer, IN ULONG EaLength, OUT PULONG ErrorOffset)
Definition: IoEaTest.cpp:117
_SECURITY_CLIENT_CONTEXT
Definition: imports.h:289
NpCopyClientContext
VOID NTAPI NpCopyClientContext(IN PNP_CCB Ccb, IN PNP_DATA_QUEUE_ENTRY DataQueueEntry)
Definition: secursup.c:58
_ETHREAD
Definition: pstypes.h:1101
SeCreateClientSecurity
NTKERNELAPI NTSTATUS NTAPI SeCreateClientSecurity(IN PETHREAD Thread, IN PSECURITY_QUALITY_OF_SERVICE QualityOfService, IN BOOLEAN RemoteClient, OUT PSECURITY_CLIENT_CONTEXT ClientContext)
SeTokenType
NTKERNELAPI TOKEN_TYPE NTAPI SeTokenType(IN PACCESS_TOKEN Token)
Status
Status
Definition: gdiplustypes.h:24
NT_SUCCESS
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
ClientContext
_In_ PVOID ClientContext
Definition: netioddk.h:55
ObDereferenceObject
#define ObDereferenceObject
Definition: obfuncs.h:203
Thread
_In_opt_ PFILE_OBJECT _In_opt_ PETHREAD Thread
Definition: fltkernel.h:2652
_SECURITY_QUALITY_OF_SERVICE
Definition: lsa.idl:63
FILE_PIPE_SERVER_END
#define FILE_PIPE_SERVER_END
Definition: iotypes.h:85
NpImpersonateClientContext
NTSTATUS NTAPI NpImpersonateClientContext(IN PNP_CCB Ccb)
Definition: secursup.c:20
SECURITY_DYNAMIC_TRACKING
#define SECURITY_DYNAMIC_TRACKING
Definition: setypes.h:103
_NP_DATA_QUEUE_ENTRY
Definition: npfs.h:148
Ccb
_Inout_ PFILE_OBJECT _In_ TYPE_OF_OPEN PFCB _In_opt_ PCCB Ccb
Definition: cdprocs.h:588
TOKEN_TYPE
enum _TOKEN_TYPE TOKEN_TYPE
NpFreeClientSecurityContext
VOID NTAPI NpFreeClientSecurityContext(IN PSECURITY_CLIENT_CONTEXT ClientContext)
Definition: secursup.c:40
NULL
#define NULL
Definition: types.h:112
NewContext
_In_ FLT_SET_CONTEXT_OPERATION _In_ PFLT_CONTEXT NewContext
Definition: fltkernel.h:1467
NpInitializeSecurity
NTSTATUS NTAPI NpInitializeSecurity(IN PNP_CCB Ccb, IN PSECURITY_QUALITY_OF_SERVICE SecurityQos, IN PETHREAD Thread)
Definition: secursup.c:82
ULONG
unsigned int ULONG
Definition: retypes.h:1
POOL_QUOTA_FAIL_INSTEAD_OF_RAISE
#define POOL_QUOTA_FAIL_INSTEAD_OF_RAISE
STATUS_CANNOT_IMPERSONATE
#define STATUS_CANNOT_IMPERSONATE
Definition: ntstatus.h:505
STATUS_SUCCESS
#define STATUS_SUCCESS
Definition: shellext.h:65
ExFreePool
#define ExFreePool(addr)
Definition: env_spec_w32.h:352
NpUninitializeSecurity
VOID NTAPI NpUninitializeSecurity(IN PNP_CCB Ccb)
Definition: secursup.c:72
NpGetClientSecurityContext
NTSTATUS NTAPI NpGetClientSecurityContext(IN ULONG NamedPipeEnd, IN PNP_CCB Ccb, IN PETHREAD Thread, IN PSECURITY_CLIENT_CONTEXT *Context)
Definition: secursup.c:129
TokenType
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN _In_ TOKEN_TYPE TokenType
Definition: sefuncs.h:401
PAGED_CODE
#define PAGED_CODE()
Definition: Bus_PDO_QueryResourceRequirements.c:89