#include <ntoskrnl.h>#include <debug.h>
Include dependency graph for obname.c:
Go to the source code of this file.
Macros | |
| #define | NDEBUG |
Functions | |
| NTSTATUS NTAPI | ObpGetDosDevicesProtection (OUT PSECURITY_DESCRIPTOR SecurityDescriptor) |
| VOID NTAPI | ObpFreeDosDevicesProtection (OUT PSECURITY_DESCRIPTOR SecurityDescriptor) |
| NTSTATUS NTAPI | ObpCreateDosDevicesDirectory (VOID) |
| VOID NTAPI | ObpDeleteNameCheck (IN PVOID Object) |
| BOOLEAN NTAPI | ObpIsUnsecureName (IN PUNICODE_STRING ObjectName, IN BOOLEAN CaseInSensitive) |
| NTSTATUS NTAPI | ObpLookupObjectName (IN HANDLE RootHandle OPTIONAL, IN OUT PUNICODE_STRING ObjectName, IN ULONG Attributes, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, IN OUT PVOID ParseContext, IN PSECURITY_QUALITY_OF_SERVICE SecurityQos OPTIONAL, IN PVOID InsertObject OPTIONAL, IN OUT PACCESS_STATE AccessState, OUT POBP_LOOKUP_CONTEXT LookupContext, OUT PVOID *FoundObject) |
| NTSTATUS NTAPI | ObQueryNameString (IN PVOID Object, OUT POBJECT_NAME_INFORMATION ObjectNameInfo, IN ULONG Length, OUT PULONG ReturnLength) |
Variables | |
| ULONG | ObpCaseInsensitive = TRUE |
| POBJECT_DIRECTORY | ObpRootDirectoryObject |
| POBJECT_DIRECTORY | ObpTypeDirectoryObject |
| ALIGNEDNAME | ObpDosDevicesShortNamePrefix = {{L'\\',L'?',L'?',L'\\'}} |
| ALIGNEDNAME | ObpDosDevicesShortNameRoot = {{L'\\',L'?',L'?',L'\0'}} |
| UNICODE_STRING | ObpDosDevicesShortName |
| WCHAR | ObpUnsecureGlobalNamesBuffer [128] = {0} |
| ULONG | ObpUnsecureGlobalNamesLength = sizeof(ObpUnsecureGlobalNamesBuffer) |
Macro Definition Documentation
◆ NDEBUG
Function Documentation
◆ ObpCreateDosDevicesDirectory()
Definition at line 177 of file obname.c.
178{
182 SECURITY_DESCRIPTOR DosDevicesSD;
184
185 /*
186 * Enable LUID mappings only if not explicitely disabled
187 * and if protection mode is set
188 */
190 ObpLUIDDeviceMapsEnabled = 0;
191 else
192 ObpLUIDDeviceMapsEnabled = 1;
193
194 /* Create a custom security descriptor for the global DosDevices directory */
198
199 /* Create the global DosDevices directory \?? */
202 &RootName,
203 OBJ_PERMANENT,
204 NULL,
205 &DosDevicesSD);
207 DIRECTORY_ALL_ACCESS,
208 &ObjectAttributes);
210 goto done;
211
212 /* Create the system device map */
215 goto done;
216
217 /*
218 * Initialize the \??\GLOBALROOT symbolic link
219 * pointing to the root directory \ .
220 */
224 &LinkName,
225 OBJ_PERMANENT,
226 Handle,
227 &DosDevicesSD);
230 &ObjectAttributes,
231 &TargetName);
233
234 /*
235 * Initialize the \??\Global symbolic link pointing to the global
236 * DosDevices directory \?? . It is used to access the global \??
237 * by user-mode components which, by default, use a per-session
238 * DosDevices directory.
239 */
242 &LinkName,
243 OBJ_PERMANENT,
244 Handle,
245 &DosDevicesSD);
248 &ObjectAttributes,
249 &RootName);
251
252 /* Close the directory handle */
255 goto done;
256
257 /*
258 * Initialize the \DosDevices symbolic link pointing to the global
259 * DosDevices directory \?? , for backward compatibility with
260 * Windows NT-2000 systems.
261 */
265 &LinkName,
266 OBJ_PERMANENT,
267 NULL,
268 &DosDevicesSD);
271 &ObjectAttributes,
272 &RootName);
274
275done:
276 ObpFreeDosDevicesProtection(&DosDevicesSD);
277
278 /* Return status */
280}
Definition: nsiface.idl:2307
NTSYSAPI VOID NTAPI RtlInitUnicodeString(PUNICODE_STRING DestinationString, PCWSTR SourceString)
NTSTATUS NTAPI ObSetDeviceMap(IN PEPROCESS Process, IN HANDLE DirectoryHandle)
Definition: devicemap.c:24
NTSTATUS NTAPI NtCreateDirectoryObject(OUT PHANDLE DirectoryHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes)
Definition: obdir.c:765
NTSTATUS NTAPI NtCreateSymbolicLinkObject(OUT PHANDLE LinkHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes, IN PUNICODE_STRING LinkTarget)
Definition: oblink.c:676
NTSTATUS NTAPI ObpGetDosDevicesProtection(OUT PSECURITY_DESCRIPTOR SecurityDescriptor)
Definition: obname.c:40
VOID NTAPI ObpFreeDosDevicesProtection(OUT PSECURITY_DESCRIPTOR SecurityDescriptor)
Definition: obname.c:161
Definition: umtypes.h:184
Definition: ms-dtyp.idl:301
Definition: env_spec_w32.h:368
Referenced by ObInitSystem().
◆ ObpDeleteNameCheck()
Definition at line 301 of file obname.c.
302{
303 POBJECT_HEADER ObjectHeader;
305 POBJECT_HEADER_NAME_INFO ObjectNameInfo;
308
309 /* Get object structures */
311 ObjectNameInfo = ObpReferenceNameInfo(ObjectHeader);
313
314 /*
315 * Check if the handle count is 0, if the object is named,
316 * and if the object isn't a permanent object.
317 */
319 (ObjectNameInfo) &&
321 (ObjectNameInfo->Directory) &&
323 {
324 /* Setup a lookup context and lock it */
327
328 /* Do the lookup */
330 &ObjectNameInfo->Name,
331 0,
332 FALSE,
333 &Context);
335 {
336 /* Lock the object */
337 ObpAcquireObjectLock(ObjectHeader);
338
339 /* Make sure we can still delete the object */
342 {
343 /* First delete it from the directory */
345
346 /* Check if this is a symbolic link */
348 {
349 /* Remove internal name */
351 }
352
353 /* Check if the kernel exclusive flag is set */
354 ObjectNameInfo = OBJECT_HEADER_TO_NAME_INFO(ObjectHeader);
355 if ((ObjectNameInfo) &&
357 {
358 /* Remove protection flag */
360 -OB_FLAG_KERNEL_EXCLUSIVE);
361 }
362
363 /* Get the directory */
365 }
366
367 /* Release the lock */
368 ObpReleaseObjectLock(ObjectHeader);
369 }
370
371 /* Cleanup after lookup */
373
374 /* Remove another query reference since we added one on top */
375 ObpDereferenceNameInfo(ObjectNameInfo);
376
377 /* Check if we were inserted in a directory */
379 {
380 /* We were, so first remove the extra reference we had added */
381 ObpDereferenceNameInfo(ObjectNameInfo);
382
383 /* Now dereference the object as well */
385 }
386 }
387 else
388 {
389 /* Remove the reference we added */
390 ObpDereferenceNameInfo(ObjectNameInfo);
391 }
392}
PVOID NTAPI ObpLookupEntryDirectory(IN POBJECT_DIRECTORY Directory, IN PUNICODE_STRING Name, IN ULONG Attributes, IN BOOLEAN SearchShadow, IN POBP_LOOKUP_CONTEXT Context)
Definition: obdir.c:158
BOOLEAN NTAPI ObpDeleteEntryDirectory(IN POBP_LOOKUP_CONTEXT Context)
VOID NTAPI ObpDeleteSymbolicLinkName(IN POBJECT_SYMBOLIC_LINK SymbolicLink)
Definition: oblink.c:326
FORCEINLINE VOID ObpAcquireLookupContextLock(IN POBP_LOOKUP_CONTEXT Context, IN POBJECT_DIRECTORY Directory)
Locks an object directory lookup context for performing lookup operations (insertions/deletions) in a...
Definition: ob_x.h:281
FORCEINLINE VOID ObpAcquireObjectLock(IN POBJECT_HEADER ObjectHeader)
Definition: ob_x.h:48
FORCEINLINE VOID ObpInitializeLookupContext(IN POBP_LOOKUP_CONTEXT Context)
Initializes a new object directory lookup context. Used for lookup operations (insertions/deletions) ...
Definition: ob_x.h:258
FORCEINLINE VOID ObpReleaseObjectLock(IN POBJECT_HEADER ObjectHeader)
Definition: ob_x.h:84
FORCEINLINE VOID ObpDereferenceNameInfo(IN POBJECT_HEADER_NAME_INFO HeaderNameInfo)
Definition: ob_x.h:143
FORCEINLINE VOID ObpReleaseLookupContext(IN POBP_LOOKUP_CONTEXT Context)
Releases an initialized object directory lookup context. Unlocks it if necessary, and dereferences th...
Definition: ob_x.h:323
FORCEINLINE POBJECT_HEADER_NAME_INFO ObpReferenceNameInfo(IN POBJECT_HEADER ObjectHeader)
Definition: ob_x.h:102
Definition: compobj.c:4795
Definition: obtypes.h:431
Definition: obtypes.h:486
Definition: obtypes.h:380
Definition: obtypes.h:511
Referenced by ObInsertObject(), ObpDecrementHandleCount(), and ObpSetPermanentObject().
◆ ObpFreeDosDevicesProtection()
| VOID NTAPI ObpFreeDosDevicesProtection | ( | OUT PSECURITY_DESCRIPTOR | SecurityDescriptor | ) |
Definition at line 161 of file obname.c.
162{
166
172}
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL Dacl
Definition: rtlfuncs.h:1625
NTSYSAPI NTSTATUS NTAPI RtlGetDaclSecurityDescriptor(_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _Out_ PBOOLEAN DaclPresent, _Out_ PACL *Dacl, _Out_ PBOOLEAN DaclDefaulted)
Definition: ms-dtyp.idl:293
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:191
Referenced by ObpCreateDosDevicesDirectory().
◆ ObpGetDosDevicesProtection()
| NTSTATUS NTAPI ObpGetDosDevicesProtection | ( | OUT PSECURITY_DESCRIPTOR | SecurityDescriptor | ) |
Definition at line 40 of file obname.c.
41{
43 ULONG AclSize;
45
46 /* Initialize the SD */
49
51 {
59
60 /* Allocate the ACL */
63 {
65 }
66
67 /* Initialize the DACL */
70
71 /* Add the ACEs */
73 ACL_REVISION,
75 SeWorldSid);
77
79 ACL_REVISION,
80 GENERIC_ALL,
81 SeLocalSystemSid);
83
85 ACL_REVISION,
87 GENERIC_EXECUTE,
88 SeWorldSid);
90
92 ACL_REVISION,
94 GENERIC_ALL,
95 SeAliasAdminsSid);
97
99 ACL_REVISION,
101 GENERIC_ALL,
102 SeLocalSystemSid);
104
106 ACL_REVISION,
108 GENERIC_ALL,
109 SeCreatorOwnerSid);
111 }
112 else
113 {
118
119 /* Allocate the ACL */
122 {
124 }
125
126 /* Initialize the DACL */
129
130 /* Add the ACEs */
132 ACL_REVISION,
134 SeWorldSid);
136
138 ACL_REVISION,
139 GENERIC_ALL,
140 SeLocalSystemSid);
142
144 ACL_REVISION,
146 GENERIC_ALL,
147 SeWorldSid);
149 }
150
151 /* Attach the DACL to the SD */
154
156}
NTSYSAPI NTSTATUS WINAPI RtlAddAccessAllowedAceEx(PACL, DWORD, DWORD, DWORD, PSID)
NTSYSAPI NTSTATUS WINAPI RtlAddAccessAllowedAce(PACL, DWORD, DWORD, PSID)
NTSYSAPI NTSTATUS WINAPI RtlSetDaclSecurityDescriptor(PSECURITY_DESCRIPTOR, BOOLEAN, PACL, BOOLEAN)
struct _ACL ACL
NTSYSAPI NTSTATUS NTAPI RtlCreateAcl(PACL Acl, ULONG AclSize, ULONG AclRevision)
NTSYSAPI NTSTATUS NTAPI RtlCreateSecurityDescriptor(_Out_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ ULONG Revision)
struct _ACE ACE
Definition: rtltypes.h:987
Referenced by ObpCreateDosDevicesDirectory().
◆ ObpIsUnsecureName()
Definition at line 396 of file obname.c.
398{
399 BOOLEAN Unsecure;
400 PWSTR UnsecureBuffer;
401 UNICODE_STRING UnsecureName;
402
403 /* No unsecure names known, quit */
405 {
407 }
408
409 /* By default, we have a secure name */
410 Unsecure = FALSE;
411 /* We will browse the whole string */
412 UnsecureBuffer = &ObpUnsecureGlobalNamesBuffer[0];
414 {
415 /* Initialize the unicode string */
416 RtlInitUnicodeString(&UnsecureName, UnsecureBuffer);
417 /* We're at the end of the multisz string! */
419 {
420 break;
421 }
422
423 /*
424 * Does the unsecure name prefix the object name?
425 * If so, that's an unsecure name, and return so
426 */
428 {
429 Unsecure = TRUE;
430 break;
431 }
432
433 /*
434 * Move to the next string. As a reminder, ObpUnsecureGlobalNamesBuffer is
435 * a multisz, so we move the string next to the current UNICODE_NULL char
436 */
437 UnsecureBuffer = (PWSTR)((ULONG_PTR)UnsecureBuffer + UnsecureName.Length + sizeof(UNICODE_NULL));
438 }
439
440 /* Return our findings */
441 return Unsecure;
442}
NTSYSAPI BOOLEAN NTAPI RtlPrefixUnicodeString(IN PUNICODE_STRING String1, IN PUNICODE_STRING String2, IN BOOLEAN CaseInSensitive)
#define UNICODE_NULL
_In_ PVOID _Out_opt_ PULONG_PTR _Outptr_opt_ PCUNICODE_STRING * ObjectName
Definition: cmfuncs.h:64
Referenced by ObpLookupObjectName().
◆ ObpLookupObjectName()
| NTSTATUS NTAPI ObpLookupObjectName | ( | IN HANDLE RootHandle | OPTIONAL, |
| IN OUT PUNICODE_STRING | ObjectName, | ||
| IN ULONG | Attributes, | ||
| IN POBJECT_TYPE | ObjectType, | ||
| IN KPROCESSOR_MODE | AccessMode, | ||
| IN OUT PVOID | ParseContext, | ||
| IN PSECURITY_QUALITY_OF_SERVICE SecurityQos | OPTIONAL, | ||
| IN PVOID InsertObject | OPTIONAL, | ||
| IN OUT PACCESS_STATE | AccessState, | ||
| OUT POBP_LOOKUP_CONTEXT | LookupContext, | ||
| OUT PVOID * | FoundObject | ||
| ) |
Definition at line 446 of file obname.c.
457{
459 POBJECT_HEADER ObjectHeader;
464 KIRQL CalloutIrql;
465 OB_PARSE_METHOD ParseRoutine;
467 KPROCESSOR_MODE AccessCheckMode;
469 POBJECT_HEADER_NAME_INFO ObjectNameInfo;
470 ULONG MaxReparse = 30;
472 UNICODE_STRING LocalName;
473 PAGED_CODE();
475 "%s - Finding Object: %wZ. Expecting: %p\n",
476 __FUNCTION__,
477 ObjectName,
478 InsertObject);
479
480 /* Initialize starting state */
481 ObpInitializeLookupContext(LookupContext);
482 *FoundObject = NULL;
485
486 /* Check if case-insensitivity is checked */
488 {
489 /* Check if the object type requests this */
491 {
492 /* Add the flag to disable case sensitivity */
494 }
495 }
496
497 /* Check if this is a access checks are being forced */
500
501 /* Check if we got a Root Directory */
502 if (RootHandle)
503 {
504 /* We did. Reference it */
506 0,
507 NULL,
508 AccessMode,
510 NULL);
512
513 /* Get the header */
515
516 /* The name cannot start with a separator, unless this is a file */
520 {
521 /* The syntax is bad, so fail this request */
524 }
525
526 /* Don't parse a Directory */
528 {
529 /* Make sure the Object Type has a parse routine */
531 if (!ParseRoutine)
532 {
533 /* We can't parse a name if we don't have a parse routine */
536 }
537
538 /* Set default parse count */
539 MaxReparse = 30;
540
541 /* Now parse */
543 {
544 /* Start with the full name */
546
547 /* Call the Parse Procedure */
548 ObpCalloutStart(&CalloutIrql);
550 ObjectType,
551 AccessState,
552 AccessCheckMode,
553 Attributes,
554 ObjectName,
555 &RemainingName,
556 ParseContext,
557 SecurityQos,
558 &Object);
560
561 /* Check for success or failure, so not reparse */
564 {
565 /* Check for failure */
567 {
568 /* Parse routine might not have cleared this, do it */
570 }
572 {
573 /* Modify status to reflect failure inside Ob */
575 }
576
577 /* We're done, return the status and object */
578 *FoundObject = Object;
581 }
583 (!ObjectName->Buffer) ||
585 {
586 /* Reparsed to the root directory, so start over */
589
590 /* Don't use this anymore, since we're starting at root */
591 RootHandle = NULL;
592 goto ParseFromRoot;
593 }
594 else if (--MaxReparse)
595 {
596 /* Try reparsing again */
597 continue;
598 }
599 else
600 {
601 /* Reparsed too many times */
603
604 /* Return the object and normalized status */
605 *FoundObject = Object;
608 }
609 }
610 }
612 {
613 /* Just return the Root Directory if we didn't get a name */
615 0,
616 ObjectType,
617 AccessMode);
619
620 /* Remove the first reference we added and return the object */
622 *FoundObject = Object;
624 }
625
626 LocalName = *ObjectName;
627 }
628 else
629 {
630 /* We did not get a Root Directory, so use the root */
632
633 /* It must start with a path separator */
635 !(ObjectName->Buffer) ||
637 {
638 /* This name is invalid, so fail */
640 }
641
642 /* Check if the name is only the path separator */
644 {
645 /* So the caller only wants the root directory; do we have one? */
647 {
648 /* This must be the first time we're creating it... right? */
649 if (InsertObject)
650 {
651 /* Yes, so return it to ObInsert so that it can create it */
653 0,
654 ObjectType,
655 AccessMode);
658 }
659 else
660 {
661 /* This should never really happen */
664 }
665 }
666 else
667 {
668 /* We do have the root directory, so just return it */
670 0,
671 ObjectType,
672 AccessMode);
675 }
676 }
677 else
678 {
679ParseFromRoot:
680 LocalName = *ObjectName;
681
682 /* Deference the device map if we already have one */
684 {
685 ObfDereferenceDeviceMap(DeviceMap);
686 DeviceMap = NULL;
687 }
688
689 /* Check if this is a possible DOS name */
691 {
692 /*
693 * This could be one. Does it match the prefix?
694 * Note that as an optimization, the match is done as 64-bit
695 * compare since the prefix is "\??\" which is exactly 8 bytes.
696 *
697 * In the second branch, we test for "\??" which is also valid.
698 * This time, we use a 32-bit compare followed by a Unicode
699 * character compare (16-bit), since the sum is 6 bytes.
700 */
704 {
705 DeviceMap = ObpReferenceDeviceMap();
706 /* We have a local mapping, drop the ?? prefix */
708 {
712
713 /* We'll browse that local directory */
715 }
716 }
723 {
724 DeviceMap = ObpReferenceDeviceMap();
725
726 /* Caller is looking for the directory itself */
728 {
730 0,
731 ObjectType,
732 AccessMode);
734 {
735 *FoundObject = DeviceMap->DosDevicesDirectory;
736 }
737
738 ObfDereferenceDeviceMap(DeviceMap);
740 }
741 }
742 }
743 }
744 }
745
746 /* Check if we were reparsing a symbolic link */
747 if (!SymLink)
748 {
749 /* Allow reparse */
750 Reparse = TRUE;
751 MaxReparse = 30;
752 }
753
754 /* Reparse */
755 while (Reparse && MaxReparse)
756 {
757 /* Get the name */
758 RemainingName = LocalName;
759
760 /* Disable reparsing again */
761 Reparse = FALSE;
762
763 /* Start parse loop */
765 {
766 /* Clear object */
768
769 /* Check if the name starts with a path separator */
772 {
773 /* Skip the path separator */
774 RemainingName.Buffer++;
776 }
777
778 /* Find the next Part Name */
779 ComponentName = RemainingName;
781 {
782 /* Break if we found the \ ending */
784
785 /* Move on */
786 RemainingName.Buffer++;
788 }
789
790 /* Get its size and make sure it's valid */
793 {
794 /* Invalid size, fail */
796 break;
797 }
798
799 /* Check if we're in the root */
801
802 /* Check if this is a user-mode call that needs to traverse */
805 {
806 /* We shouldn't have referenced a directory yet */
808
809 /* Reference the directory */
811 ReferencedDirectory = Directory;
812
813 /* Check if we have a parent directory */
815 {
816 /* Check for traverse access */
818 DIRECTORY_TRAVERSE,
819 AccessState,
820 FALSE,
821 AccessCheckMode,
822 &Status))
823 {
824 /* We don't have it, fail */
825 break;
826 }
827 }
828 }
829
830 /* Check if we don't have a remaining name yet */
832 {
833 /* Check if we don't have a referenced directory yet */
834 if (!ReferencedDirectory)
835 {
836 /* Reference it */
838 ReferencedDirectory = Directory;
839 }
840
841 /* Check if we are inserting an object */
842 if (InsertObject)
843 {
844 /* Lock the lookup context */
846 }
847 }
848
849 /* Do the lookup */
851 &ComponentName,
852 Attributes,
854 LookupContext);
856 {
857 /* We didn't find it... do we still have a path? */
859 {
860 /* Then tell the caller the path wasn't found */
862 break;
863 }
864 else if (!InsertObject)
865 {
866 /* Otherwise, we have a path, but the name isn't valid */
868 break;
869 }
870
871 /* Check create access for the object */
876 AccessState,
877 &ComponentName,
878 FALSE,
879 AccessCheckMode,
880 &Status))
881 {
882 /* We don't have create access, fail */
883 break;
884 }
885
886 /* Get the object header */
887 ObjectHeader = OBJECT_TO_OBJECT_HEADER(InsertObject);
888
889 /*
890 * Deny object creation if:
891 * That's a section object or a symbolic link
892 * Which isn't in the same section that root directory
893 * That doesn't have the SeCreateGlobalPrivilege
894 * And that is not a known unsecure name
895 */
897 {
900 {
904 {
906 break;
907 }
908 }
909 }
910
911 /* Create Object Name */
913 ComponentName.Length,
914 OB_NAME_TAG);
917 LookupContext,
918 ObjectHeader)))
919 {
920 /* Either couldn't allocate the name, or insert failed */
922
923 /* Fail due to memory reasons */
925 break;
926 }
927
928 /* Reference newly to be inserted object */
929 ObReferenceObject(InsertObject);
930
931 /* Get the name information */
932 ObjectNameInfo = OBJECT_HEADER_TO_NAME_INFO(ObjectHeader);
933
934 /* Reference the directory */
936
937 /* Copy the Name */
939 ComponentName.Buffer,
940 ComponentName.Length);
941
942 /* Check if we had an old name */
944 {
945 /* Free it */
947 }
948
949 /* Write new one */
953
954 /* Return Status and the Expected Object */
956 Object = InsertObject;
957
958 /* Get out of here */
959 break;
960 }
961
962ReparseObject:
963 /* We found it, so now get its header */
965
966 /*
967 * Check for a parse Procedure, but don't bother to parse for an insert
968 * unless it's a Symbolic Link, in which case we MUST parse
969 */
971 if ((ParseRoutine) &&
972 (!(InsertObject) || (ParseRoutine == ObpParseSymbolicLink)))
973 {
974 /* Use the Root Directory next time */
976
977 /* Increment the pointer count */
979
980 /* Cleanup from the first lookup */
981 ObpReleaseLookupContext(LookupContext);
982
983 /* Check if we have a referenced directory */
984 if (ReferencedDirectory)
985 {
986 /* We do, dereference it */
987 ObDereferenceObject(ReferencedDirectory);
988 ReferencedDirectory = NULL;
989 }
990
991 /* Check if we have a referenced parent directory */
992 if (ReferencedParentDirectory)
993 {
994 /* We do, dereference it */
995 ObDereferenceObject(ReferencedParentDirectory);
996 ReferencedParentDirectory = NULL;
997 }
998
999 /* Call the Parse Procedure */
1000 ObpCalloutStart(&CalloutIrql);
1002 ObjectType,
1003 AccessState,
1004 AccessCheckMode,
1005 Attributes,
1006 ObjectName,
1007 &RemainingName,
1008 ParseContext,
1009 SecurityQos,
1010 &Object);
1012
1013 /* Remove our extra reference */
1015
1016 /* Check if we have to reparse */
1019 {
1020 /* Reparse again */
1021 Reparse = TRUE;
1022 --MaxReparse;
1023 if (MaxReparse == 0)
1024 {
1026 break;
1027 }
1028
1029 /* Start over from root if we got sent back there */
1032 {
1033 /* Check if we got a root directory */
1034 if (RootHandle)
1035 {
1036 /* Stop using it, because we have a new directory now */
1038 RootHandle = NULL;
1039 }
1040
1041 /* Start at Root */
1044
1045 /* Check for reparse status */
1047 {
1048 /* Don't reparse again */
1049 Reparse = FALSE;
1050
1051 /* Did we actually get an object to which to reparse? */
1053 {
1054 /* We didn't, so set a failure status */
1056 }
1057 else
1058 {
1059 /* We did, so we're free to parse the new object */
1060 goto ReparseObject;
1061 }
1062 }
1063 else
1064 {
1065 /* This is a symbolic link */
1066 SymLink = TRUE;
1067 goto ParseFromRoot;
1068 }
1069 }
1071 {
1072 /* We got STATUS_REPARSE but are at the Root Directory */
1075 Reparse = FALSE;
1076 }
1077 }
1079 {
1080 /* Total failure */
1082 }
1084 {
1085 /* We didn't reparse but we didn't find the Object Either */
1087 }
1088
1089 /* Break out of the loop */
1090 break;
1091 }
1092 else
1093 {
1094 /* No parse routine...do we still have a remaining name? */
1096 {
1097 /* Are we creating an object? */
1098 if (!InsertObject)
1099 {
1100 /* Check if this is a user-mode call that needs to traverse */
1103 {
1104 /* Check if we can get it */
1106 DIRECTORY_TRAVERSE,
1107 AccessState,
1108 FALSE,
1109 AccessCheckMode,
1110 &Status))
1111 {
1112 /* We don't have access, fail */
1114 break;
1115 }
1116 }
1117
1118 /* Reference the Object */
1120 0,
1121 ObjectType,
1122 AccessMode);
1124 }
1125
1126 /* And get out of the reparse loop */
1127 break;
1128 }
1129 else
1130 {
1131 /* We still have a name; check if this is a directory object */
1133 {
1134 /* Check if we have a referenced parent directory */
1135 if (ReferencedParentDirectory)
1136 {
1137 /* Dereference it */
1138 ObDereferenceObject(ReferencedParentDirectory);
1139 }
1140
1141 /* Restart the lookup from this directory */
1142 ReferencedParentDirectory = ReferencedDirectory;
1145 ReferencedDirectory = NULL;
1146 }
1147 else
1148 {
1149 /* We still have a name, but no parse routine for it */
1152 break;
1153 }
1154 }
1155 }
1156 }
1157 }
1158
1159 /* Check if we failed */
1161 {
1162 /* Cleanup after lookup */
1163 ObpReleaseLookupContext(LookupContext);
1164 }
1165
1166 /* Check if we have a device map and dereference it if so */
1168
1169 /* Check if we have a referenced directory and dereference it if so */
1171
1172 /* Check if we have a referenced parent directory */
1173 if (ReferencedParentDirectory)
1174 {
1175 /* We do, dereference it */
1176 ObDereferenceObject(ReferencedParentDirectory);
1177 }
1178
1179 /* Set the found object and check if we got one */
1180 *FoundObject = Object;
1182 {
1183 /* Nothing was found. Did we reparse or get success? */
1185 {
1186 /* Set correct failure */
1188 }
1189 }
1190
1191 /* Check if we had a root directory */
1193
1194 /* Return status to caller */
1196 "%s - Found Object: %p. Expected: %p\n",
1197 __FUNCTION__,
1198 *FoundObject,
1199 InsertObject);
1201}
NTSTATUS(NTAPI * OB_PARSE_METHOD)(_In_ PVOID ParseObject, _In_ PVOID ObjectType, _Inout_ PACCESS_STATE AccessState, _In_ KPROCESSOR_MODE AccessMode, _In_ ULONG Attributes, _Inout_ PUNICODE_STRING CompleteName, _Inout_ PUNICODE_STRING RemainingName, _Inout_opt_ PVOID Context, _In_opt_ PSECURITY_QUALITY_OF_SERVICE SecurityQos, _Out_ PVOID *Object)
Definition: obtypes.h:215
ULONG NTAPI PsGetCurrentProcessSessionId(VOID)
Definition: process.c:1133
BOOLEAN NTAPI SeSinglePrivilegeCheck(_In_ LUID PrivilegeValue, _In_ KPROCESSOR_MODE PreviousMode)
Checks if a single privilege is present in the context of the calling thread.
Definition: priv.c:744
BOOLEAN NTAPI ObpCheckTraverseAccess(IN PVOID Object, IN ACCESS_MASK TraverseAccess, IN PACCESS_STATE AccessState OPTIONAL, IN BOOLEAN LockHeld, IN KPROCESSOR_MODE AccessMode, OUT PNTSTATUS AccessStatus)
Definition: obsecure.c:267
BOOLEAN NTAPI ObpInsertEntryDirectory(IN POBJECT_DIRECTORY Parent, IN POBP_LOOKUP_CONTEXT Context, IN POBJECT_HEADER ObjectHeader)
Definition: obdir.c:45
BOOLEAN NTAPI ObCheckCreateObjectAccess(IN PVOID Object, IN ACCESS_MASK CreateAccess, IN PACCESS_STATE AccessState, IN PUNICODE_STRING ComponentName, IN BOOLEAN LockHeld, IN KPROCESSOR_MODE AccessMode, OUT PNTSTATUS AccessStatus)
Definition: obsecure.c:203
NTSTATUS NTAPI ObpParseSymbolicLink(IN PVOID ParsedObject, IN PVOID ObjectType, IN OUT PACCESS_STATE AccessState, IN KPROCESSOR_MODE AccessMode, IN ULONG Attributes, IN OUT PUNICODE_STRING FullPath, IN OUT PUNICODE_STRING RemainingName, IN OUT PVOID Context OPTIONAL, IN PSECURITY_QUALITY_OF_SERVICE SecurityQos OPTIONAL, OUT PVOID *NextObject)
Definition: oblink.c:431
VOID FASTCALL ObfDereferenceDeviceMap(IN PDEVICE_MAP DeviceMap)
Definition: devicemap.c:477
FORCEINLINE VOID ObpCalloutEnd(IN KIRQL CalloutIrql, IN PCHAR Procedure, IN POBJECT_TYPE ObjectType, IN PVOID Object)
Definition: ob_x.h:505
BOOLEAN NTAPI ObpIsUnsecureName(IN PUNICODE_STRING ObjectName, IN BOOLEAN CaseInSensitive)
Definition: obname.c:396
NTSTATUS NTAPI ObReferenceObjectByHandle(IN HANDLE Handle, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, OUT PVOID *Object, OUT POBJECT_HANDLE_INFORMATION HandleInformation OPTIONAL)
Definition: obref.c:494
NTSTATUS NTAPI ObReferenceObjectByPointer(IN PVOID Object, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode)
Definition: obref.c:381
Definition: obtypes.h:524
Definition: obtypes.h:408
_Must_inspect_result_ _In_ WDFDMAENABLER _In_ _In_opt_ PWDF_OBJECT_ATTRIBUTES Attributes
Definition: wdfcommonbuffer.h:97
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE AccessState
Definition: sefuncs.h:417
Referenced by ObInsertObject(), ObOpenObjectByName(), and ObReferenceObjectByName().
◆ ObQueryNameString()
| NTSTATUS NTAPI ObQueryNameString | ( | IN PVOID | Object, |
| OUT POBJECT_NAME_INFORMATION | ObjectNameInfo, | ||
| IN ULONG | Length, | ||
| OUT PULONG | ReturnLength | ||
| ) |
Definition at line 1207 of file obname.c.
1211{
1212 POBJECT_HEADER_NAME_INFO LocalInfo;
1213 POBJECT_HEADER ObjectHeader;
1215 ULONG NameSize;
1217 BOOLEAN ObjectIsNamed;
1219
1220 /* Get the Kernel Meta-Structures */
1222 LocalInfo = OBJECT_HEADER_TO_NAME_INFO(ObjectHeader);
1223
1224 /* Check if a Query Name Procedure is available */
1226 {
1227 /* Call the procedure inside SEH */
1229
1230 _SEH2_TRY
1231 {
1233 ObjectIsNamed,
1234 ObjectNameInfo,
1235 Length,
1236 ReturnLength,
1237 KernelMode);
1238 }
1240 {
1241 /* Return the exception code */
1243 }
1244 _SEH2_END;
1245
1247 }
1248
1249 /* Check if the object doesn't even have a name */
1251 {
1253
1254 _SEH2_TRY
1255 {
1256 /* We're returning the name structure */
1258
1259 /* Check if we were given enough space */
1261 {
1263 }
1264 else
1265 {
1266 /* Return an empty buffer */
1267 RtlInitEmptyUnicodeString(&ObjectNameInfo->Name, NULL, 0);
1268 }
1269 }
1271 {
1272 /* Return the exception code */
1274 }
1275 _SEH2_END;
1276
1278 }
1279
1280 /*
1281 * Find the size needed for the name. We won't do
1282 * this during the Name Creation loop because we want
1283 * to let the caller know that the buffer isn't big
1284 * enough right at the beginning, not work our way through
1285 * and find out at the end
1286 */
1287 _SEH2_TRY
1288 {
1290 {
1291 /* Size of the '\' string */
1293 }
1294 else
1295 {
1296 /* Get the Object Directory and add name of Object */
1299
1300 /* Loop inside the directory to get the top-most one (meaning root) */
1302 {
1303 /* Get the Name Information */
1304 LocalInfo = OBJECT_HEADER_TO_NAME_INFO(
1306
1307 /* Add the size of the Directory Name */
1309 {
1310 /* Size of the '\' string + Directory Name */
1313
1314 /* Move to next parent Directory */
1316 }
1317 else
1318 {
1319 /* Directory with no name. We append "...\" */
1321 break;
1322 }
1323 }
1324 }
1325
1326 /* Finally, add the name of the structure and the null char */
1327 *ReturnLength = NameSize +
1330
1331 /* Check if we were given enough space */
1333
1334 /*
1335 * Now we will actually create the name. We work backwards because
1336 * it's easier to start off from the Name we have and walk up the
1337 * parent directories. We use the same logic as Name Length calculation.
1338 */
1339 LocalInfo = OBJECT_HEADER_TO_NAME_INFO(ObjectHeader);
1342
1343 /* Check if the object is actually the Root directory */
1345 {
1346 /* This is already the Root Directory, return "\\" */
1348 ObjectNameInfo->Name.Length = (USHORT)NameSize;
1349 ObjectNameInfo->Name.MaximumLength = (USHORT)(NameSize +
1351 ObjectNameInfo->Name.Buffer = ObjectName;
1353 }
1354 else
1355 {
1356 /* Start by adding the Object's Name */
1362
1363 /* Now parse the Parent directories until we reach the top */
1366 {
1367 /* Get the name information */
1368 LocalInfo = OBJECT_HEADER_TO_NAME_INFO(
1370
1371 /* Add the "\" */
1373
1374 /* Add the Parent Directory's Name */
1376 {
1377 /* Add the name */
1383
1384 /* Move to next parent */
1386 }
1387 else
1388 {
1389 /* Directory without a name, we add "..." */
1394 break;
1395 }
1396 }
1397
1398 /* Add Root Directory Name */
1400 ObjectNameInfo->Name.Length = (USHORT)NameSize;
1401 ObjectNameInfo->Name.MaximumLength =
1403 ObjectNameInfo->Name.Buffer = ObjectName;
1404 }
1405 }
1407 {
1408 /* Return the exception code */
1410 }
1411 _SEH2_END;
1412
1413 /* Return success */
1415}
_In_ PVOID _In_ ULONG _Out_ PVOID _In_ ULONG _Inout_ PULONG ReturnLength
Definition: KdSystemDebugControl.c:34
while(CdLookupNextInitialFileDirent(IrpContext, Fcb, FileContext))
struct _OBJECT_NAME_INFORMATION OBJECT_NAME_INFORMATION
OB_QUERYNAME_METHOD QueryNameProcedure
Definition: obtypes.h:372
Referenced by FltpGetObjectName(), IoGetDeviceProperty(), IopLogWorker(), IopQueryNameInternal(), IoRegisterDeviceInterface(), MmGetFileNameForFileObject(), MountMgrVolumeMountPointChanged(), NtQueryObject(), PopFlushVolumeWorker(), and SeInitializeProcessAuditName().
Variable Documentation
◆ ObpCaseInsensitive
Definition at line 18 of file obname.c.
Referenced by ObpLookupObjectName().
◆ ObpDosDevicesShortName
| UNICODE_STRING ObpDosDevicesShortName |
Initial value:
Definition at line 25 of file obname.c.
Referenced by ObpLookupObjectName(), and ObpProcessDosDeviceSymbolicLink().
◆ ObpDosDevicesShortNamePrefix
| ALIGNEDNAME ObpDosDevicesShortNamePrefix = {{L'\\',L'?',L'?',L'\\'}} |
Definition at line 23 of file obname.c.
Referenced by ObpLookupObjectName(), and ObpProcessDosDeviceSymbolicLink().
◆ ObpDosDevicesShortNameRoot
| ALIGNEDNAME ObpDosDevicesShortNameRoot = {{L'\\',L'?',L'?',L'\0'}} |
Definition at line 24 of file obname.c.
Referenced by ObpCreateDosDevicesDirectory(), and ObpLookupObjectName().
◆ ObpRootDirectoryObject
| POBJECT_DIRECTORY ObpRootDirectoryObject |
Definition at line 19 of file obname.c.
Referenced by ObInitSystem(), ObpLookupObjectName(), ObpProcessDosDeviceSymbolicLink(), and ObQueryNameString().
◆ ObpTypeDirectoryObject
| POBJECT_DIRECTORY ObpTypeDirectoryObject |
Definition at line 20 of file obname.c.
Referenced by ObCreateObjectType(), and ObInitSystem().
◆ ObpUnsecureGlobalNamesBuffer
| WCHAR ObpUnsecureGlobalNamesBuffer[128] = {0} |
Definition at line 32 of file obname.c.
Referenced by ObpIsUnsecureName().
◆ ObpUnsecureGlobalNamesLength
| ULONG ObpUnsecureGlobalNamesLength = sizeof(ObpUnsecureGlobalNamesBuffer) |
