file.c File Reference

#include <ntoskrnl.h>
#include <debug.h>

Include dependency graph for file.c:

Go to the source code of this file.

Macros
#define	NDEBUG

Functions
VOID NTAPI	IopCheckBackupRestorePrivilege (IN PACCESS_STATE AccessState, IN OUT PULONG CreateOptions, IN KPROCESSOR_MODE PreviousMode, IN ULONG Disposition)
NTSTATUS NTAPI	IopCheckDeviceAndDriver (IN POPEN_PACKET OpenPacket, IN PDEVICE_OBJECT DeviceObject)
VOID NTAPI	IopDoNameTransmogrify (IN PIRP Irp, IN PFILE_OBJECT FileObject, IN PREPARSE_DATA_BUFFER DataBuffer)
NTSTATUS	IopCheckTopDeviceHint (IN OUT PDEVICE_OBJECT *DeviceObject, IN POPEN_PACKET OpenPacket, BOOLEAN DirectOpen)
NTSTATUS NTAPI	IopParseDevice (IN PVOID ParseObject, IN PVOID ObjectType, IN OUT PACCESS_STATE AccessState, IN KPROCESSOR_MODE AccessMode, IN ULONG Attributes, IN OUT PUNICODE_STRING CompleteName, IN OUT PUNICODE_STRING RemainingName, IN OUT PVOID Context, IN PSECURITY_QUALITY_OF_SERVICE SecurityQos OPTIONAL, OUT PVOID *Object)
NTSTATUS NTAPI	IopParseFile (IN PVOID ParseObject, IN PVOID ObjectType, IN OUT PACCESS_STATE AccessState, IN KPROCESSOR_MODE AccessMode, IN ULONG Attributes, IN OUT PUNICODE_STRING CompleteName, IN OUT PUNICODE_STRING RemainingName, IN OUT PVOID Context OPTIONAL, IN PSECURITY_QUALITY_OF_SERVICE SecurityQos OPTIONAL, OUT PVOID *Object)
VOID NTAPI	IopDeleteFile (IN PVOID ObjectBody)
PDEVICE_OBJECT NTAPI	IopGetDeviceAttachmentBase (IN PDEVICE_OBJECT DeviceObject)
PDEVICE_OBJECT NTAPI	IopGetDevicePDO (IN PDEVICE_OBJECT DeviceObject)
NTSTATUS NTAPI	IopSetDeviceSecurityDescriptor (IN PDEVICE_OBJECT DeviceObject, IN PSECURITY_INFORMATION SecurityInformation, IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN POOL_TYPE PoolType, IN PGENERIC_MAPPING GenericMapping)
NTSTATUS NTAPI	IopSetDeviceSecurityDescriptors (IN PDEVICE_OBJECT UpperDeviceObject, IN PDEVICE_OBJECT PhysicalDeviceObject, IN PSECURITY_INFORMATION SecurityInformation, IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN POOL_TYPE PoolType, IN PGENERIC_MAPPING GenericMapping)
NTSTATUS NTAPI	IopGetSetSecurityObject (IN PVOID ObjectBody, IN SECURITY_OPERATION_CODE OperationCode, IN PSECURITY_INFORMATION SecurityInformation, IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN OUT PULONG BufferLength, IN OUT PSECURITY_DESCRIPTOR *OldSecurityDescriptor, IN POOL_TYPE PoolType, IN OUT PGENERIC_MAPPING GenericMapping)
NTSTATUS NTAPI	IopQueryName (IN PVOID ObjectBody, IN BOOLEAN HasName, OUT POBJECT_NAME_INFORMATION ObjectNameInfo, IN ULONG Length, OUT PULONG ReturnLength, IN KPROCESSOR_MODE PreviousMode)
NTSTATUS NTAPI	IopQueryNameInternal (IN PVOID ObjectBody, IN BOOLEAN HasName, IN BOOLEAN QueryDosName, OUT POBJECT_NAME_INFORMATION ObjectNameInfo, IN ULONG Length, OUT PULONG ReturnLength, IN KPROCESSOR_MODE PreviousMode)
VOID NTAPI	IopCloseFile (IN PEPROCESS Process OPTIONAL, IN PVOID ObjectBody, IN ACCESS_MASK GrantedAccess, IN ULONG HandleCount, IN ULONG SystemHandleCount)
NTSTATUS NTAPI	IopQueryAttributesFile (IN POBJECT_ATTRIBUTES ObjectAttributes, IN FILE_INFORMATION_CLASS FileInformationClass, IN ULONG FileInformationSize, OUT PVOID FileInformation)
NTSTATUS NTAPI	IopAcquireFileObjectLock (_In_ PFILE_OBJECT FileObject, _In_ KPROCESSOR_MODE WaitMode, _In_ BOOLEAN Alertable, _Out_ PBOOLEAN LockFailed)
PVOID NTAPI	IoGetFileObjectFilterContext (IN PFILE_OBJECT FileObject)
NTSTATUS NTAPI	IoChangeFileObjectFilterContext (IN PFILE_OBJECT FileObject, IN PVOID FilterContext, IN BOOLEAN Define)
NTSTATUS NTAPI	IopCreateFile (OUT PHANDLE FileHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes, OUT PIO_STATUS_BLOCK IoStatusBlock, IN PLARGE_INTEGER AllocationSize OPTIONAL, IN ULONG FileAttributes, IN ULONG ShareAccess, IN ULONG Disposition, IN ULONG CreateOptions, IN PVOID EaBuffer OPTIONAL, IN ULONG EaLength, IN CREATE_FILE_TYPE CreateFileType, IN PVOID ExtraCreateParameters OPTIONAL, IN ULONG Options, IN ULONG Flags, IN PDEVICE_OBJECT DeviceObject OPTIONAL)
NTSTATUS NTAPI	IoCheckQuerySetFileInformation (IN FILE_INFORMATION_CLASS FileInformationClass, IN ULONG Length, IN BOOLEAN SetOperation)
NTSTATUS NTAPI	IoCheckQuotaBufferValidity (IN PFILE_QUOTA_INFORMATION QuotaBuffer, IN ULONG QuotaLength, OUT PULONG ErrorOffset)
NTSTATUS NTAPI	IoCreateFile (OUT PHANDLE FileHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes, OUT PIO_STATUS_BLOCK IoStatusBlock, IN PLARGE_INTEGER AllocationSize OPTIONAL, IN ULONG FileAttributes, IN ULONG ShareAccess, IN ULONG Disposition, IN ULONG CreateOptions, IN PVOID EaBuffer OPTIONAL, IN ULONG EaLength, IN CREATE_FILE_TYPE CreateFileType, IN PVOID ExtraCreateParameters OPTIONAL, IN ULONG Options)
NTSTATUS NTAPI	IoCreateFileSpecifyDeviceObjectHint (OUT PHANDLE FileHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes, OUT PIO_STATUS_BLOCK IoStatusBlock, IN PLARGE_INTEGER AllocationSize OPTIONAL, IN ULONG FileAttributes, IN ULONG ShareAccess, IN ULONG Disposition, IN ULONG CreateOptions, IN PVOID EaBuffer OPTIONAL, IN ULONG EaLength, IN CREATE_FILE_TYPE CreateFileType, IN PVOID ExtraCreateParameters OPTIONAL, IN ULONG Options, IN PVOID DeviceObject)
PFILE_OBJECT NTAPI	IoCreateStreamFileObjectEx (IN PFILE_OBJECT FileObject OPTIONAL, IN PDEVICE_OBJECT DeviceObject OPTIONAL, OUT PHANDLE FileObjectHandle OPTIONAL)
PFILE_OBJECT NTAPI	IoCreateStreamFileObject (IN PFILE_OBJECT FileObject, IN PDEVICE_OBJECT DeviceObject)
PFILE_OBJECT NTAPI	IoCreateStreamFileObjectLite (IN PFILE_OBJECT FileObject OPTIONAL, IN PDEVICE_OBJECT DeviceObject OPTIONAL)
PGENERIC_MAPPING NTAPI	IoGetFileObjectGenericMapping (VOID)
BOOLEAN NTAPI	IoIsFileOriginRemote (IN PFILE_OBJECT FileObject)
BOOLEAN NTAPI	IoFastQueryNetworkAttributes (IN POBJECT_ATTRIBUTES ObjectAttributes, IN ACCESS_MASK DesiredAccess, IN ULONG OpenOptions, OUT PIO_STATUS_BLOCK IoStatus, OUT PFILE_NETWORK_OPEN_INFORMATION Buffer)
VOID NTAPI	IoUpdateShareAccess (IN PFILE_OBJECT FileObject, OUT PSHARE_ACCESS ShareAccess)
NTSTATUS NTAPI	IoCheckShareAccess (IN ACCESS_MASK DesiredAccess, IN ULONG DesiredShareAccess, IN PFILE_OBJECT FileObject, IN PSHARE_ACCESS ShareAccess, IN BOOLEAN Update)
VOID NTAPI	IoRemoveShareAccess (IN PFILE_OBJECT FileObject, IN PSHARE_ACCESS ShareAccess)
VOID NTAPI	IoSetShareAccess (IN ACCESS_MASK DesiredAccess, IN ULONG DesiredShareAccess, IN PFILE_OBJECT FileObject, OUT PSHARE_ACCESS ShareAccess)
VOID NTAPI	IoCancelFileOpen (IN PDEVICE_OBJECT DeviceObject, IN PFILE_OBJECT FileObject)
NTSTATUS NTAPI	IoQueryFileDosDeviceName (IN PFILE_OBJECT FileObject, OUT POBJECT_NAME_INFORMATION *ObjectNameInformation)
NTSTATUS NTAPI	IoSetFileOrigin (IN PFILE_OBJECT FileObject, IN BOOLEAN Remote)
NTSTATUS NTAPI	NtCreateFile (PHANDLE FileHandle, ACCESS_MASK DesiredAccess, POBJECT_ATTRIBUTES ObjectAttributes, PIO_STATUS_BLOCK IoStatusBlock, PLARGE_INTEGER AllocateSize, ULONG FileAttributes, ULONG ShareAccess, ULONG CreateDisposition, ULONG CreateOptions, PVOID EaBuffer, ULONG EaLength)
NTSTATUS NTAPI	NtCreateMailslotFile (OUT PHANDLE FileHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes, OUT PIO_STATUS_BLOCK IoStatusBlock, IN ULONG CreateOptions, IN ULONG MailslotQuota, IN ULONG MaxMessageSize, IN PLARGE_INTEGER TimeOut)
NTSTATUS NTAPI	NtCreateNamedPipeFile (OUT PHANDLE FileHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes, OUT PIO_STATUS_BLOCK IoStatusBlock, IN ULONG ShareAccess, IN ULONG CreateDisposition, IN ULONG CreateOptions, IN ULONG NamedPipeType, IN ULONG ReadMode, IN ULONG CompletionMode, IN ULONG MaximumInstances, IN ULONG InboundQuota, IN ULONG OutboundQuota, IN PLARGE_INTEGER DefaultTimeout)
NTSTATUS NTAPI	NtFlushWriteBuffer (VOID)
NTSTATUS NTAPI	NtOpenFile (OUT PHANDLE FileHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes, OUT PIO_STATUS_BLOCK IoStatusBlock, IN ULONG ShareAccess, IN ULONG OpenOptions)
NTSTATUS NTAPI	NtQueryAttributesFile (IN POBJECT_ATTRIBUTES ObjectAttributes, OUT PFILE_BASIC_INFORMATION FileInformation)
NTSTATUS NTAPI	NtQueryFullAttributesFile (IN POBJECT_ATTRIBUTES ObjectAttributes, OUT PFILE_NETWORK_OPEN_INFORMATION FileInformation)
NtCancelIoFile
Cancel all pending I/O operations in the current thread for specified file object. Parameters FileHandle Handle to file object to cancel requests for. No specific access rights are needed. IoStatusBlock Pointer to status block which is filled with final completition status on successful return. Returns Status. @implemented
NTSTATUS NTAPI	NtCancelIoFile (IN HANDLE FileHandle, OUT PIO_STATUS_BLOCK IoStatusBlock)
NTSTATUS NTAPI	NtDeleteFile (IN POBJECT_ATTRIBUTES ObjectAttributes)

Variables
ERESOURCE	IopSecurityResource

Macro Definition Documentation

NDEBUG

#define NDEBUG

Definition at line 16 of file file.c.

Function Documentation

IoCancelFileOpen()

VOID NTAPI IoCancelFileOpen	(	IN PDEVICE_OBJECT	DeviceObject,
		IN PFILE_OBJECT	FileObject
	)

Definition at line 3596 of file file.c.

{
    PIRP Irp;
    KEVENT Event;
    KIRQL OldIrql;
    NTSTATUS Status;
    PIO_STACK_LOCATION Stack;

    /* Check if handles were already created for the
     * open file. If so, that's over.
     */
    if (FileObject->Flags & FO_HANDLE_CREATED)
        KeBugCheckEx(INVALID_CANCEL_OF_FILE_OPEN,
                     (ULONG_PTR)FileObject,
                     (ULONG_PTR)DeviceObject, 0, 0);

    /* Reset the events */
    KeInitializeEvent(&Event, SynchronizationEvent, FALSE);
    KeClearEvent(&FileObject->Event);

    /* Allocate the IRP we'll use */
    Irp = IopAllocateIrpMustSucceed(DeviceObject->StackSize);
    /* Properly set it */
    Irp->Tail.Overlay.Thread = PsGetCurrentThread();
    Irp->UserEvent = &Event;
    Irp->UserIosb = &Irp->IoStatus;
    Irp->Overlay.AsynchronousParameters.UserApcRoutine = NULL;
    Irp->Tail.Overlay.OriginalFileObject = FileObject;
    Irp->RequestorMode = KernelMode;
    Irp->Flags = IRP_CLOSE_OPERATION | IRP_SYNCHRONOUS_API;

    Stack = IoGetNextIrpStackLocation(Irp);
    Stack->MajorFunction = IRP_MJ_CLEANUP;
    Stack->FileObject = FileObject;

    /* Put on top of IRPs list of the thread */
    IopQueueIrpToThread(Irp);

    /* Call the driver */
    Status = IoCallDriver(DeviceObject, Irp);
    if (Status == STATUS_PENDING)
    {
        KeWaitForSingleObject(&Event, UserRequest,
                              KernelMode, FALSE, NULL);
    }

    /* Remove from IRPs list */
    KeRaiseIrql(APC_LEVEL, &OldIrql);
    IopUnQueueIrpFromThread(Irp);
    KeLowerIrql(OldIrql);

    /* Free the IRP */
    IoFreeIrp(Irp);

    /* Clear the event */
    KeClearEvent(&FileObject->Event);
    /* And finally, mark the open operation as canceled */
    FileObject->Flags |= FO_FILE_OPEN_CANCELLED;
}

IoChangeFileObjectFilterContext()

NTSTATUS NTAPI IoChangeFileObjectFilterContext	(	IN PFILE_OBJECT	FileObject,
		IN PVOID	FilterContext,
		IN BOOLEAN	Define
	)

Definition at line 2510 of file file.c.

{
    ULONG_PTR Success;
    PFILE_OBJECT_EXTENSION FileObjectExtension;

    if (!BooleanFlagOn(FileObject->Flags, FO_FILE_OBJECT_HAS_EXTENSION))
    {
        return STATUS_INVALID_PARAMETER;
    }

    FileObjectExtension = FileObject->FileObjectExtension;
    if (Define)
    {
        /* If define, just set the new value if not value is set
         * Success will only contain old value. It is valid if it is NULL
         */
        Success = (ULONG_PTR)InterlockedCompareExchangePointer(&FileObjectExtension->FilterContext, FilterContext, NULL);
    }
    else
    {
        /* If not define, we want to reset filter context.
         * We will remove value (provided by the caller) and set NULL instead.
         * This will only success if caller provides correct previous value.
         * To catch whether it worked, we substract previous value to expect value:
         * If it matches (and thus, we reset), Success will contain 0
         * Otherwise, it will contain a non-zero value.
         */
        Success = (ULONG_PTR)InterlockedCompareExchangePointer(&FileObjectExtension->FilterContext, NULL, FilterContext) - (ULONG_PTR)FilterContext;
    }

    /* If success isn't 0, it means we failed somewhere (set or unset) */
    if (Success != 0)
    {
        return STATUS_ALREADY_COMMITTED;
    }

    return STATUS_SUCCESS;
}

Referenced by FsRtlInsertPerFileObjectContext(), and FsRtlPTeardownPerFileObjectContexts().

IoCheckQuerySetFileInformation()

NTSTATUS NTAPI IoCheckQuerySetFileInformation	(	IN FILE_INFORMATION_CLASS	FileInformationClass,
		IN ULONG	Length,
		IN BOOLEAN	SetOperation
	)

Definition at line 2983 of file file.c.

{
    UNIMPLEMENTED;
    return STATUS_NOT_IMPLEMENTED;
}

IoCheckQuotaBufferValidity()

NTSTATUS NTAPI IoCheckQuotaBufferValidity	(	IN PFILE_QUOTA_INFORMATION	QuotaBuffer,
		IN ULONG	QuotaLength,
		OUT PULONG	ErrorOffset
	)

Definition at line 2996 of file file.c.

{
    UNIMPLEMENTED;
    return STATUS_NOT_IMPLEMENTED;
}

IoCheckShareAccess()

NTSTATUS NTAPI IoCheckShareAccess	(	IN ACCESS_MASK	DesiredAccess,
		IN ULONG	DesiredShareAccess,
		IN PFILE_OBJECT	FileObject,
		IN PSHARE_ACCESS	ShareAccess,
		IN BOOLEAN	Update
	)

Definition at line 3389 of file file.c.

{
    BOOLEAN ReadAccess;
    BOOLEAN WriteAccess;
    BOOLEAN DeleteAccess;
    BOOLEAN SharedRead;
    BOOLEAN SharedWrite;
    BOOLEAN SharedDelete;
    PAGED_CODE();

    /* Get access masks */
    ReadAccess = (DesiredAccess & (FILE_READ_DATA | FILE_EXECUTE)) != 0;
    WriteAccess = (DesiredAccess & (FILE_WRITE_DATA | FILE_APPEND_DATA)) != 0;
    DeleteAccess = (DesiredAccess & DELETE) != 0;

    /* Set them in the file object */
    FileObject->ReadAccess = ReadAccess;
    FileObject->WriteAccess = WriteAccess;
    FileObject->DeleteAccess = DeleteAccess;

    /* Check if the file has an extension */
    if (FileObject->Flags & FO_FILE_OBJECT_HAS_EXTENSION)
    {
        /* Check if caller specified to ignore access checks */
        //if (FileObject->FoExtFlags & IO_IGNORE_SHARE_ACCESS_CHECK)
        {
            /* Don't check share access */
            return STATUS_SUCCESS;
        }
    }

    /* Check if we have any access */
    if ((ReadAccess) || (WriteAccess) || (DeleteAccess))
    {
        /* Get shared access masks */
        SharedRead = (DesiredShareAccess & FILE_SHARE_READ) != 0;
        SharedWrite = (DesiredShareAccess & FILE_SHARE_WRITE) != 0;
        SharedDelete = (DesiredShareAccess & FILE_SHARE_DELETE) != 0;

        /* Check if the shared access is violated */
        if ((ReadAccess &&
             (ShareAccess->SharedRead < ShareAccess->OpenCount)) ||
            (WriteAccess &&
             (ShareAccess->SharedWrite < ShareAccess->OpenCount)) ||
            (DeleteAccess &&
             (ShareAccess->SharedDelete < ShareAccess->OpenCount)) ||
            ((ShareAccess->Readers != 0) && !SharedRead) ||
            ((ShareAccess->Writers != 0) && !SharedWrite) ||
            ((ShareAccess->Deleters != 0) && !SharedDelete))
        {
            /* Sharing violation, fail */
            return STATUS_SHARING_VIOLATION;
        }

        /* Set them */
        FileObject->SharedRead = SharedRead;
        FileObject->SharedWrite = SharedWrite;
        FileObject->SharedDelete = SharedDelete;

        /* It's not, check if caller wants us to update it */
        if (Update)
        {
            /* Increase open count */
            ShareAccess->OpenCount++;

            /* Update shared access */
            ShareAccess->Readers += ReadAccess;
            ShareAccess->Writers += WriteAccess;
            ShareAccess->Deleters += DeleteAccess;
            ShareAccess->SharedRead += SharedRead;
            ShareAccess->SharedWrite += SharedWrite;
            ShareAccess->SharedDelete += SharedDelete;
        }
    }

    /* Validation successful */
    return STATUS_SUCCESS;
}

Referenced by Ext2CreateFile(), Ext2CreateVolume(), FatCheckShareAccess(), open_file2(), OpenMupFileSystem(), RawCreate(), UDFCheckAccessRights(), and VfatCreateFile().

IoCreateFile()

NTSTATUS NTAPI IoCreateFile	(	OUT PHANDLE	FileHandle,
		IN ACCESS_MASK	DesiredAccess,
		IN POBJECT_ATTRIBUTES	ObjectAttributes,
		OUT PIO_STATUS_BLOCK	IoStatusBlock,
		IN PLARGE_INTEGER AllocationSize	OPTIONAL,
		IN ULONG	FileAttributes,
		IN ULONG	ShareAccess,
		IN ULONG	Disposition,
		IN ULONG	CreateOptions,
		IN PVOID EaBuffer	OPTIONAL,
		IN ULONG	EaLength,
		IN CREATE_FILE_TYPE	CreateFileType,
		IN PVOID ExtraCreateParameters	OPTIONAL,
		IN ULONG	Options
	)

Definition at line 3009 of file file.c.

{
    PAGED_CODE();

    return IopCreateFile(FileHandle,
                         DesiredAccess,
                         ObjectAttributes,
                         IoStatusBlock,
                         AllocationSize,
                         FileAttributes,
                         ShareAccess,
                         Disposition,
                         CreateOptions,
                         EaBuffer,
                         EaLength,
                         CreateFileType,
                         ExtraCreateParameters,
                         Options,
                         0,
                         NULL);
}

Referenced by BroadcastOpen(), CreateRemoteDatabaseWorker(), FsRtlTest_OpenTestDirectory(), FsRtlTest_OpenTestFile(), IopOpenLinkOrRenameTarget(), KernelModeTest(), KspCreateObjectType(), NpCreatePipeEx(), NpOpenPipeEx(), NpWaitPipe(), NtCreateFile(), NtCreateMailslotFile(), NtCreateNamedPipeFile(), NtCreatePagingFile(), NtOpenFile(), OpenRemoteDatabase(), TestIoCreateFile(), TestSymlinks(), UserModeTest(), VfatSetRenameInformation(), and WdmAudOpenSysAudioDevice().

IoCreateFileSpecifyDeviceObjectHint()

NTSTATUS NTAPI IoCreateFileSpecifyDeviceObjectHint	(	OUT PHANDLE	FileHandle,
		IN ACCESS_MASK	DesiredAccess,
		IN POBJECT_ATTRIBUTES	ObjectAttributes,
		OUT PIO_STATUS_BLOCK	IoStatusBlock,
		IN PLARGE_INTEGER AllocationSize	OPTIONAL,
		IN ULONG	FileAttributes,
		IN ULONG	ShareAccess,
		IN ULONG	Disposition,
		IN ULONG	CreateOptions,
		IN PVOID EaBuffer	OPTIONAL,
		IN ULONG	EaLength,
		IN CREATE_FILE_TYPE	CreateFileType,
		IN PVOID ExtraCreateParameters	OPTIONAL,
		IN ULONG	Options,
		IN PVOID	DeviceObject
	)

Definition at line 3049 of file file.c.

{
    ULONG Flags = 0;

    PAGED_CODE();

    /* Check if we were passed a device to send the create request to*/
    if (DeviceObject)
    {
        /* We'll tag this request into a file object extension */
        Flags = (IOP_CREATE_FILE_OBJECT_EXTENSION | IOP_USE_TOP_LEVEL_DEVICE_HINT);
    }

    return IopCreateFile(FileHandle,
                         DesiredAccess,
                         ObjectAttributes,
                         IoStatusBlock,
                         AllocationSize,
                         FileAttributes,
                         ShareAccess,
                         Disposition,
                         CreateOptions,
                         EaBuffer,
                         EaLength,
                         CreateFileType,
                         ExtraCreateParameters,
                         Options | IO_NO_PARAMETER_CHECKING,
                         Flags,
                         DeviceObject);
}

Referenced by IopOpenLinkOrRenameTarget().

IoCreateStreamFileObject()

PFILE_OBJECT NTAPI IoCreateStreamFileObject	(	IN PFILE_OBJECT	FileObject,
		IN PDEVICE_OBJECT	DeviceObject
	)

Definition at line 3186 of file file.c.

{
    /* Call the newer function */
    return IoCreateStreamFileObjectEx(FileObject, DeviceObject, NULL);
}

Referenced by _Requires_lock_held_(), Ext2InitializeVcb(), FatOpenEaFile(), mount_vol(), NtfsFCBInitializeCache(), NtfsMountVolume(), PerformTest(), vfatFCBInitializeCacheFromVolume(), and VfatMount().

IoCreateStreamFileObjectEx()

PFILE_OBJECT NTAPI IoCreateStreamFileObjectEx	(	IN PFILE_OBJECT FileObject	OPTIONAL,
		IN PDEVICE_OBJECT DeviceObject	OPTIONAL,
		OUT PHANDLE FileObjectHandle	OPTIONAL
	)

Definition at line 3099 of file file.c.

{
    PFILE_OBJECT CreatedFileObject;
    NTSTATUS Status;
    HANDLE FileHandle;
    OBJECT_ATTRIBUTES ObjectAttributes;
    PAGED_CODE();
    IOTRACE(IO_FILE_DEBUG, "FileObject: %p\n", FileObject);

    /* Choose Device Object */
    if (FileObject) DeviceObject = FileObject->DeviceObject;

    /* Reference the device object and initialize attributes */
    InterlockedIncrement(&DeviceObject->ReferenceCount);
    InitializeObjectAttributes(&ObjectAttributes, NULL, 0, NULL, NULL);

    /* Create the File Object */
    Status = ObCreateObject(KernelMode,
                            IoFileObjectType,
                            &ObjectAttributes,
                            KernelMode,
                            NULL,
                            sizeof(FILE_OBJECT),
                            sizeof(FILE_OBJECT),
                            0,
                            (PVOID*)&CreatedFileObject);
    if (!NT_SUCCESS(Status))
    {
        /* Fail */
        IopDereferenceDeviceObject(DeviceObject, FALSE);
        ExRaiseStatus(Status);
    }

    /* Set File Object Data */
    RtlZeroMemory(CreatedFileObject, sizeof(FILE_OBJECT));
    CreatedFileObject->DeviceObject = DeviceObject;
    CreatedFileObject->Type = IO_TYPE_FILE;
    CreatedFileObject->Size = sizeof(FILE_OBJECT);
    CreatedFileObject->Flags = FO_STREAM_FILE;

    /* Initialize the wait event */
    KeInitializeEvent(&CreatedFileObject->Event, SynchronizationEvent, FALSE);

    /* Insert it to create a handle for it */
    Status = ObInsertObject(CreatedFileObject,
                            NULL,
                            FILE_READ_DATA,
                            1,
                            (PVOID*)&CreatedFileObject,
                            &FileHandle);
    if (!NT_SUCCESS(Status)) ExRaiseStatus(Status);

    /* Set the handle created flag */
    CreatedFileObject->Flags |= FO_HANDLE_CREATED;
    ASSERT(CreatedFileObject->Type == IO_TYPE_FILE);

    /* Check if we have a VPB */
    if (DeviceObject->Vpb)
    {
        /* Reference it */
         InterlockedIncrement((PLONG)&DeviceObject->Vpb->ReferenceCount);
    }

    /* Check if the caller wants the handle */
    if (FileObjectHandle)
    {
        /* Return it */
        *FileObjectHandle = FileHandle;
        ObDereferenceObject(CreatedFileObject);
    }
    else
    {
        /* Otherwise, close it */
        ObCloseHandle(FileHandle, KernelMode);
    }

    /* Return the file object */
    return CreatedFileObject;
}

Referenced by IoCreateStreamFileObject().

IoCreateStreamFileObjectLite()

PFILE_OBJECT NTAPI IoCreateStreamFileObjectLite	(	IN PFILE_OBJECT FileObject	OPTIONAL,
		IN PDEVICE_OBJECT DeviceObject	OPTIONAL
	)

Definition at line 3198 of file file.c.

{
    PFILE_OBJECT CreatedFileObject;
    NTSTATUS Status;
    OBJECT_ATTRIBUTES ObjectAttributes;
    PAGED_CODE();
    IOTRACE(IO_FILE_DEBUG, "FileObject: %p\n", FileObject);

    /* Choose Device Object */
    if (FileObject) DeviceObject = FileObject->DeviceObject;

    /* Reference the device object and initialize attributes */
    InterlockedIncrement(&DeviceObject->ReferenceCount);
    InitializeObjectAttributes(&ObjectAttributes, NULL, 0, NULL, NULL);

    /* Create the File Object */
    Status = ObCreateObject(KernelMode,
                            IoFileObjectType,
                            &ObjectAttributes,
                            KernelMode,
                            NULL,
                            sizeof(FILE_OBJECT),
                            sizeof(FILE_OBJECT),
                            0,
                            (PVOID*)&CreatedFileObject);
    if (!NT_SUCCESS(Status))
    {
        /* Fail */
        IopDereferenceDeviceObject(DeviceObject, FALSE);
        ExRaiseStatus(Status);
    }

    /* Set File Object Data */
    RtlZeroMemory(CreatedFileObject, sizeof(FILE_OBJECT));
    CreatedFileObject->DeviceObject = DeviceObject;
    CreatedFileObject->Type = IO_TYPE_FILE;
    CreatedFileObject->Size = sizeof(FILE_OBJECT);
    CreatedFileObject->Flags = FO_STREAM_FILE;

    /* Initialize the wait event */
    KeInitializeEvent(&CreatedFileObject->Event, SynchronizationEvent, FALSE);

    /* Destroy create information */
    ObFreeObjectCreateInfoBuffer(OBJECT_TO_OBJECT_HEADER(CreatedFileObject)->
                                 ObjectCreateInfo);
    OBJECT_TO_OBJECT_HEADER(CreatedFileObject)->ObjectCreateInfo = NULL;

    /* Set the handle created flag */
    CreatedFileObject->Flags |= FO_HANDLE_CREATED;
    ASSERT(CreatedFileObject->Type == IO_TYPE_FILE);

    /* Check if we have a VPB */
    if (DeviceObject->Vpb)
    {
        /* Reference it */
         InterlockedIncrement((PLONG)&DeviceObject->Vpb->ReferenceCount);
    }

    /* Return the file object */
    return CreatedFileObject;
}

Referenced by CdCreateInternalStream(), and RawMountVolume().

IoFastQueryNetworkAttributes()

BOOLEAN NTAPI IoFastQueryNetworkAttributes	(	IN POBJECT_ATTRIBUTES	ObjectAttributes,
		IN ACCESS_MASK	DesiredAccess,
		IN ULONG	OpenOptions,
		OUT PIO_STATUS_BLOCK	IoStatus,
		OUT PFILE_NETWORK_OPEN_INFORMATION	Buffer
	)

Definition at line 3288 of file file.c.

{
    NTSTATUS Status;
    DUMMY_FILE_OBJECT LocalFileObject;
    HANDLE Handle;
    OPEN_PACKET OpenPacket;
    PAGED_CODE();
    IOTRACE(IO_FILE_DEBUG, "FileName: %wZ\n", ObjectAttributes->ObjectName);

    /* Setup the Open Packet */
    RtlZeroMemory(&OpenPacket, sizeof(OPEN_PACKET));
    OpenPacket.Type = IO_TYPE_OPEN_PACKET;
    OpenPacket.Size = sizeof(OPEN_PACKET);
    OpenPacket.CreateOptions = OpenOptions | FILE_OPEN_REPARSE_POINT;
    OpenPacket.ShareAccess = FILE_SHARE_READ | FILE_SHARE_WRITE | FILE_SHARE_DELETE;
    OpenPacket.Options = IO_FORCE_ACCESS_CHECK;
    OpenPacket.Disposition = FILE_OPEN;
    OpenPacket.NetworkInformation = Buffer;
    OpenPacket.QueryOnly = TRUE;
    OpenPacket.FullAttributes = TRUE;
    OpenPacket.LocalFileObject = &LocalFileObject;

    /*
     * Attempt opening the file. This will call the I/O Parse Routine for
     * the File Object (IopParseDevice) which will use the dummy file obejct
     * send the IRP to its device object. Note that we have two statuses
     * to worry about: the Object Manager's status (in Status) and the I/O
     * status, which is in the Open Packet's Final Status, and determined
     * by the Parse Check member.
     */
    Status = ObOpenObjectByName(ObjectAttributes,
                                NULL,
                                KernelMode,
                                NULL,
                                DesiredAccess,
                                &OpenPacket,
                                &Handle);
    if (OpenPacket.ParseCheck == FALSE)
    {
        /* Parse failed */
        IoStatus->Status = Status;
    }
    else
    {
        /* Use the Io status */
        IoStatus->Status = OpenPacket.FinalStatus;
        IoStatus->Information = OpenPacket.Information;
    }

    /* Return success */
    return TRUE;
}

IoGetFileObjectFilterContext()

PVOID NTAPI IoGetFileObjectFilterContext

(

IN PFILE_OBJECT

FileObject

)

Definition at line 2495 of file file.c.

{
    if (BooleanFlagOn(FileObject->Flags, FO_FILE_OBJECT_HAS_EXTENSION))
    {
        PFILE_OBJECT_EXTENSION FileObjectExtension;

        FileObjectExtension = FileObject->FileObjectExtension;
        return FileObjectExtension->FilterContext;
    }

    return NULL;
}

Referenced by FsRtlInsertPerFileObjectContext(), FsRtlLookupPerFileObjectContext(), FsRtlPTeardownPerFileObjectContexts(), and FsRtlRemovePerFileObjectContext().

IoGetFileObjectGenericMapping()

PGENERIC_MAPPING NTAPI IoGetFileObjectGenericMapping

(

VOID

)

Definition at line 3266 of file file.c.

{
    /* Return the mapping */
    return &IopFileMapping;
}

Referenced by create_directory_fcb(), create_stream(), create_subvol(), FatExplicitDeviceAccessGranted(), fcb_get_new_sd(), fcb_get_sd(), file_create(), KsCreateDefaultSecurity(), KsDispatchSetSecurity(), mknod(), NpCommonSetSecurityInfo(), NpCreateClientEnd(), NpCreateExistingNamedPipe(), NpCreateNewNamedPipe(), open_file2(), set_file_security(), set_link_information(), set_rename_information(), UDFCheckAccessRights(), and UDFSetAccessRights().

IoIsFileOriginRemote()

BOOLEAN NTAPI IoIsFileOriginRemote

(

IN PFILE_OBJECT

FileObject

)

Definition at line 3277 of file file.c.

{
    /* Return the flag status */
    return FileObject->Flags & FO_REMOTE_ORIGIN ? TRUE : FALSE;
}

Referenced by CcCanIWrite().

IopAcquireFileObjectLock()

NTSTATUS NTAPI IopAcquireFileObjectLock	(	_In_ PFILE_OBJECT	FileObject,
		_In_ KPROCESSOR_MODE	WaitMode,
		_In_ BOOLEAN	Alertable,
		_Out_ PBOOLEAN	LockFailed
	)

Definition at line 2449 of file file.c.

{
    NTSTATUS Status;

    PAGED_CODE();

    InterlockedIncrement((PLONG)&FileObject->Waiters);

    Status = STATUS_SUCCESS;
    do
    {
        if (!InterlockedExchange((PLONG)&FileObject->Busy, TRUE))
        {
            break;
        }
        Status = KeWaitForSingleObject(&FileObject->Lock,
                                       Executive,
                                       WaitMode,
                                       Alertable,
                                       NULL);
    } while (Status == STATUS_SUCCESS);

    InterlockedDecrement((PLONG)&FileObject->Waiters);
    if (Status == STATUS_SUCCESS)
    {
        ObReferenceObject(FileObject);
        *LockFailed = FALSE;
    }
    else
    {
        if (!FileObject->Busy && FileObject->Waiters)
        {
            KeSetEvent(&FileObject->Lock, IO_NO_INCREMENT, FALSE);
        }
        *LockFailed = TRUE;
    }

    return Status;
}

Referenced by IopLockFileObject().

IopCheckBackupRestorePrivilege()

VOID NTAPI IopCheckBackupRestorePrivilege	(	IN PACCESS_STATE	AccessState,
		IN OUT PULONG	CreateOptions,
		IN KPROCESSOR_MODE	PreviousMode,
		IN ULONG	Disposition
	)

Definition at line 25 of file file.c.

{
    ACCESS_MASK DesiredAccess, ReadAccess, WriteAccess;
    PRIVILEGE_SET Privileges;
    BOOLEAN AccessGranted, HaveBackupPriv = FALSE, CheckRestore = FALSE;
    PAGED_CODE();

    /* Don't do anything if privileges were checked already */
    if (AccessState->Flags & SE_BACKUP_PRIVILEGES_CHECKED) return;

    /* Check if the file was actually opened for backup purposes */
    if (*CreateOptions & FILE_OPEN_FOR_BACKUP_INTENT)
    {
        /* Set the check flag since were doing it now */
        AccessState->Flags |= SE_BACKUP_PRIVILEGES_CHECKED;

        /* Set the access masks required */
        ReadAccess = READ_CONTROL |
                     ACCESS_SYSTEM_SECURITY |
                     FILE_GENERIC_READ |
                     FILE_TRAVERSE;
        WriteAccess = WRITE_DAC |
                      WRITE_OWNER |
                      ACCESS_SYSTEM_SECURITY |
                      FILE_GENERIC_WRITE |
                      FILE_ADD_FILE |
                      FILE_ADD_SUBDIRECTORY |
                      DELETE;
        DesiredAccess = AccessState->RemainingDesiredAccess;

        /* Check if desired access was the maximum */
        if (DesiredAccess & MAXIMUM_ALLOWED)
        {
            /* Then add all the access masks required */
            DesiredAccess |= (ReadAccess | WriteAccess);
        }

        /* Check if the file already exists */
        if (Disposition & FILE_OPEN)
        {
            /* Check if desired access has the read mask */
            if (ReadAccess & DesiredAccess)
            {
                /* Setup the privilege check lookup */
                Privileges.PrivilegeCount = 1;
                Privileges.Control = PRIVILEGE_SET_ALL_NECESSARY;
                Privileges.Privilege[0].Luid = SeBackupPrivilege;
                Privileges.Privilege[0].Attributes = 0;
                AccessGranted = SePrivilegeCheck(&Privileges,
                                                 &AccessState->
                                                 SubjectSecurityContext,
                                                 PreviousMode);
                if (AccessGranted)
                {
                    /* Remember that backup was allowed */
                    HaveBackupPriv = TRUE;

                    /* Append the privileges and update the access state */
                    SeAppendPrivileges(AccessState, &Privileges);
                    AccessState->PreviouslyGrantedAccess |= (DesiredAccess & ReadAccess);
                    AccessState->RemainingDesiredAccess &= ~ReadAccess;
                    DesiredAccess &= ~ReadAccess;

                    /* Set backup privilege for the token */
                    AccessState->Flags |= TOKEN_HAS_BACKUP_PRIVILEGE;
                }
            }
        }
        else
        {
            /* Caller is creating the file, check restore privileges later */
            CheckRestore = TRUE;
        }

        /* Check if caller wants write access or if it's creating a file */
        if ((WriteAccess & DesiredAccess) || (CheckRestore))
        {
            /* Setup the privilege lookup and do it */
            Privileges.PrivilegeCount = 1;
            Privileges.Control = PRIVILEGE_SET_ALL_NECESSARY;
            Privileges.Privilege[0].Luid = SeRestorePrivilege;
            Privileges.Privilege[0].Attributes = 0;
            AccessGranted = SePrivilegeCheck(&Privileges,
                                             &AccessState->SubjectSecurityContext,
                                             PreviousMode);
            if (AccessGranted)
            {
                /* Remember that privilege was given */
                HaveBackupPriv = TRUE;

                /* Append the privileges and update the access state */
                SeAppendPrivileges(AccessState, &Privileges);
                AccessState->PreviouslyGrantedAccess |= (DesiredAccess & WriteAccess);
                AccessState->RemainingDesiredAccess &= ~WriteAccess;

                /* Set restore privilege for the token */
                AccessState->Flags |= TOKEN_HAS_RESTORE_PRIVILEGE;
            }
        }

        /* If we don't have the privilege, remove the option */
        if (!HaveBackupPriv) *CreateOptions &= ~FILE_OPEN_FOR_BACKUP_INTENT;
    }
}

Referenced by IopParseDevice().

IopCheckDeviceAndDriver()

NTSTATUS NTAPI IopCheckDeviceAndDriver	(	IN POPEN_PACKET	OpenPacket,
		IN PDEVICE_OBJECT	DeviceObject
	)

Definition at line 135 of file file.c.

{
    /* Make sure the object is valid */
    if ((IoGetDevObjExtension(DeviceObject)->ExtensionFlags &
        (DOE_UNLOAD_PENDING |
         DOE_DELETE_PENDING |
         DOE_REMOVE_PENDING |
         DOE_REMOVE_PROCESSED)) ||
        (DeviceObject->Flags & DO_DEVICE_INITIALIZING))
    {
        /* It's unloading or initializing, so fail */
        DPRINT1("You are seeing this because the following ROS driver: %wZ\n"
                " sucks. Please fix it's AddDevice Routine\n",
                &DeviceObject->DriverObject->DriverName);
        return STATUS_NO_SUCH_DEVICE;
    }
    else if ((DeviceObject->Flags & DO_EXCLUSIVE) &&
             (DeviceObject->ReferenceCount) &&
             !(OpenPacket->RelatedFileObject) &&
             !(OpenPacket->Options & IO_ATTACH_DEVICE))
    {
        return STATUS_ACCESS_DENIED;
    }

    else
    {
        /* Increase reference count */
        InterlockedIncrement(&DeviceObject->ReferenceCount);
        return STATUS_SUCCESS;
    }
}

Referenced by IopParseDevice().

IopCheckTopDeviceHint()

NTSTATUS IopCheckTopDeviceHint	(	IN OUT PDEVICE_OBJECT *	DeviceObject,
		IN POPEN_PACKET	OpenPacket,
		BOOLEAN	DirectOpen
	)

Definition at line 275 of file file.c.

{
    PDEVICE_OBJECT LocalDevice;
    DEVICE_TYPE DeviceType;

    LocalDevice = *DeviceObject;

    /* Direct open is not allowed */
    if (DirectOpen)
    {
        return STATUS_INVALID_PARAMETER;
    }

    /* Validate we have a file system device */
    DeviceType = LocalDevice->DeviceType;
    if (DeviceType != FILE_DEVICE_DISK_FILE_SYSTEM &&
        DeviceType != FILE_DEVICE_CD_ROM_FILE_SYSTEM &&
        DeviceType != FILE_DEVICE_TAPE_FILE_SYSTEM &&
        DeviceType != FILE_DEVICE_NETWORK_FILE_SYSTEM &&
        DeviceType != FILE_DEVICE_DFS_FILE_SYSTEM)
    {
        return STATUS_INVALID_PARAMETER;
    }

    /* Verify the hint and if it's OK, return it */
    if (IopVerifyDeviceObjectOnStack(LocalDevice, OpenPacket->TopDeviceObjectHint))
    {
        *DeviceObject = OpenPacket->TopDeviceObjectHint;
        return STATUS_SUCCESS;
    }

    /* Failure case here */
    /* If we thought was had come through a mount point,
     * actually update we didn't and return the error
     */
    if (OpenPacket->TraversedMountPoint)
    {
        OpenPacket->TraversedMountPoint = FALSE;
        return STATUS_MOUNT_POINT_NOT_RESOLVED;
    }

    /* Otherwise, just return the fact the hint is invalid */
    return STATUS_INVALID_DEVICE_OBJECT_PARAMETER;
}

Referenced by IopParseDevice().

IopCloseFile()

VOID NTAPI IopCloseFile	(	IN PEPROCESS Process	OPTIONAL,
		IN PVOID	ObjectBody,
		IN ACCESS_MASK	GrantedAccess,
		IN ULONG	HandleCount,
		IN ULONG	SystemHandleCount
	)

Definition at line 2177 of file file.c.

{
    PFILE_OBJECT FileObject = (PFILE_OBJECT)ObjectBody;
    KEVENT Event;
    PIRP Irp;
    PIO_STACK_LOCATION StackPtr;
    NTSTATUS Status;
    PDEVICE_OBJECT DeviceObject;
    KIRQL OldIrql;
    IO_STATUS_BLOCK IoStatusBlock;
    IOTRACE(IO_FILE_DEBUG, "ObjectBody: %p\n", ObjectBody);

    /* If this isn't the last handle for the current process, quit */
    if (HandleCount != 1) return;

    /* Check if the file is locked and has more then one handle opened */
    if ((FileObject->LockOperation) && (SystemHandleCount != 1))
    {
        /* Check if this is a direct open or not */
        if (BooleanFlagOn(FileObject->Flags, FO_DIRECT_DEVICE_OPEN))
        {
            /* Get the attached device */
            DeviceObject = IoGetAttachedDevice(FileObject->DeviceObject);
        }
        else
        {
            /* Get the FO's device */
            DeviceObject = IoGetRelatedDeviceObject(FileObject);
        }

        /* Check if this is a sync FO and lock it */
        if (BooleanFlagOn(FileObject->Flags, FO_SYNCHRONOUS_IO))
        {
            (VOID)IopLockFileObject(FileObject, KernelMode);
        }

        /* Go the FastIO path if possible, otherwise fall back to IRP */
        if (DeviceObject->DriverObject->FastIoDispatch == NULL ||
            DeviceObject->DriverObject->FastIoDispatch->FastIoUnlockAll == NULL ||
            !DeviceObject->DriverObject->FastIoDispatch->FastIoUnlockAll(FileObject, PsGetCurrentProcess(), &IoStatusBlock, DeviceObject))
        {
            /* Clear and set up Events */
            KeClearEvent(&FileObject->Event);
            KeInitializeEvent(&Event, SynchronizationEvent, FALSE);

            /* Allocate an IRP */
            Irp = IopAllocateIrpMustSucceed(DeviceObject->StackSize);

            /* Set it up */
            Irp->UserEvent = &Event;
            Irp->UserIosb = &Irp->IoStatus;
            Irp->Tail.Overlay.Thread = PsGetCurrentThread();
            Irp->Tail.Overlay.OriginalFileObject = FileObject;
            Irp->RequestorMode = KernelMode;
            Irp->Flags = IRP_SYNCHRONOUS_API;
            Irp->Overlay.AsynchronousParameters.UserApcRoutine = NULL;
            ObReferenceObject(FileObject);

            /* Set up Stack Pointer Data */
            StackPtr = IoGetNextIrpStackLocation(Irp);
            StackPtr->MajorFunction = IRP_MJ_LOCK_CONTROL;
            StackPtr->MinorFunction = IRP_MN_UNLOCK_ALL;
            StackPtr->FileObject = FileObject;

            /* Queue the IRP */
            IopQueueIrpToThread(Irp);

            /* Call the FS Driver */
            Status = IoCallDriver(DeviceObject, Irp);
            if (Status == STATUS_PENDING)
            {
                /* Wait for completion */
                KeWaitForSingleObject(&Event, UserRequest, KernelMode, FALSE, NULL);
            }

            /* IO will unqueue & free for us */
        }

        /* Release the lock if we were holding it */
        if (BooleanFlagOn(FileObject->Flags, FO_SYNCHRONOUS_IO))
        {
            IopUnlockFileObject(FileObject);
        }
    }

    /* Make sure this is the last handle */
    if (SystemHandleCount != 1) return;

    /* Check if this is a direct open or not */
    if (FileObject->Flags & FO_DIRECT_DEVICE_OPEN)
    {
        /* Get the attached device */
        DeviceObject = IoGetAttachedDevice(FileObject->DeviceObject);
    }
    else
    {
        /* Get the FO's device */
        DeviceObject = IoGetRelatedDeviceObject(FileObject);
    }

    /* Set the handle created flag */
    FileObject->Flags |= FO_HANDLE_CREATED;

    /* Check if this is a sync FO and lock it */
    if (Process != NULL &&
        BooleanFlagOn(FileObject->Flags, FO_SYNCHRONOUS_IO))
    {
        (VOID)IopLockFileObject(FileObject, KernelMode);
    }

    /* Clear and set up Events */
    KeClearEvent(&FileObject->Event);
    KeInitializeEvent(&Event, SynchronizationEvent, FALSE);

    /* Allocate an IRP */
    Irp = IopAllocateIrpMustSucceed(DeviceObject->StackSize);

    /* Set it up */
    Irp->UserEvent = &Event;
    Irp->UserIosb = &Irp->IoStatus;
    Irp->Tail.Overlay.Thread = PsGetCurrentThread();
    Irp->Tail.Overlay.OriginalFileObject = FileObject;
    Irp->Overlay.AsynchronousParameters.UserApcRoutine = NULL;
    Irp->Flags = IRP_CLOSE_OPERATION | IRP_SYNCHRONOUS_API;

    /* Set up Stack Pointer Data */
    StackPtr = IoGetNextIrpStackLocation(Irp);
    StackPtr->MajorFunction = IRP_MJ_CLEANUP;
    StackPtr->FileObject = FileObject;

    /* Queue the IRP */
    IopQueueIrpToThread(Irp);

    /* Update operation counts */
    IopUpdateOperationCount(IopOtherTransfer);

    /* Call the FS Driver */
    Status = IoCallDriver(DeviceObject, Irp);
    if (Status == STATUS_PENDING)
    {
        /* Wait for completion */
        KeWaitForSingleObject(&Event, UserRequest, KernelMode, FALSE, NULL);
    }

    /* Unqueue the IRP */
    KeRaiseIrql(APC_LEVEL, &OldIrql);
    IopUnQueueIrpFromThread(Irp);
    KeLowerIrql(OldIrql);

    /* Free the IRP */
    IoFreeIrp(Irp);

    /* Release the lock if we were holding it */
    if (Process != NULL &&
        BooleanFlagOn(FileObject->Flags, FO_SYNCHRONOUS_IO))
    {
        IopUnlockFileObject(FileObject);
    }
}

Referenced by IopCreateObjectTypes(), and IopDeleteFile().

IopCreateFile()

NTSTATUS NTAPI IopCreateFile	(	OUT PHANDLE	FileHandle,
		IN ACCESS_MASK	DesiredAccess,
		IN POBJECT_ATTRIBUTES	ObjectAttributes,
		OUT PIO_STATUS_BLOCK	IoStatusBlock,
		IN PLARGE_INTEGER AllocationSize	OPTIONAL,
		IN ULONG	FileAttributes,
		IN ULONG	ShareAccess,
		IN ULONG	Disposition,
		IN ULONG	CreateOptions,
		IN PVOID EaBuffer	OPTIONAL,
		IN ULONG	EaLength,
		IN CREATE_FILE_TYPE	CreateFileType,
		IN PVOID ExtraCreateParameters	OPTIONAL,
		IN ULONG	Options,
		IN ULONG	Flags,
		IN PDEVICE_OBJECT DeviceObject	OPTIONAL
	)

Definition at line 2553 of file file.c.

{
    KPROCESSOR_MODE AccessMode;
    HANDLE LocalHandle = 0;
    LARGE_INTEGER SafeAllocationSize;
    NTSTATUS Status = STATUS_SUCCESS;
    PNAMED_PIPE_CREATE_PARAMETERS NamedPipeCreateParameters;
    POPEN_PACKET OpenPacket;
    ULONG EaErrorOffset;
    PAGED_CODE();

    IOTRACE(IO_FILE_DEBUG, "FileName: %wZ\n", ObjectAttributes->ObjectName);


    /* Check if we have no parameter checking to do */
    if (Options & IO_NO_PARAMETER_CHECKING)
    {
        /* Then force kernel-mode access to avoid checks */
        AccessMode = KernelMode;
    }
    else
    {
        /* Otherwise, use the actual mode */
        AccessMode = ExGetPreviousMode();
    }

    /* Check if we need to do parameter checking */
    if ((AccessMode != KernelMode) || (Options & IO_CHECK_CREATE_PARAMETERS))
    {
        /* Validate parameters */
        if (FileAttributes & ~FILE_ATTRIBUTE_VALID_FLAGS)
        {
            DPRINT1("File Create 'FileAttributes' Parameter contains invalid flags!\n");
            return STATUS_INVALID_PARAMETER;
        }

        if (ShareAccess & ~FILE_SHARE_VALID_FLAGS)
        {
            DPRINT1("File Create 'ShareAccess' Parameter contains invalid flags!\n");
            return STATUS_INVALID_PARAMETER;
        }

        if (Disposition > FILE_MAXIMUM_DISPOSITION)
        {
            DPRINT1("File Create 'Disposition' Parameter is out of range!\n");
            return STATUS_INVALID_PARAMETER;
        }

        if (CreateOptions & ~FILE_VALID_OPTION_FLAGS)
        {
            DPRINT1("File Create 'CreateOptions' parameter contains invalid flags!\n");
            return STATUS_INVALID_PARAMETER;
        }

        if ((CreateOptions & (FILE_SYNCHRONOUS_IO_ALERT | FILE_SYNCHRONOUS_IO_NONALERT)) &&
            (!(DesiredAccess & SYNCHRONIZE)))
        {
            DPRINT1("File Create 'CreateOptions' parameter FILE_SYNCHRONOUS_IO_* requested, but 'DesiredAccess' does not have SYNCHRONIZE!\n");
            return STATUS_INVALID_PARAMETER;
        }

        if ((CreateOptions & FILE_DELETE_ON_CLOSE) && (!(DesiredAccess & DELETE)))
        {
            DPRINT1("File Create 'CreateOptions' parameter FILE_DELETE_ON_CLOSE requested, but 'DesiredAccess' does not have DELETE!\n");
            return STATUS_INVALID_PARAMETER;
        }

        if ((CreateOptions & (FILE_SYNCHRONOUS_IO_NONALERT | FILE_SYNCHRONOUS_IO_ALERT)) ==
            (FILE_SYNCHRONOUS_IO_NONALERT | FILE_SYNCHRONOUS_IO_ALERT))
        {
            DPRINT1("File Create 'FileAttributes' parameter both FILE_SYNCHRONOUS_IO_NONALERT and FILE_SYNCHRONOUS_IO_ALERT specified!\n");
            return STATUS_INVALID_PARAMETER;
        }

        if ((CreateOptions & FILE_DIRECTORY_FILE) && !(CreateOptions & FILE_NON_DIRECTORY_FILE) &&
            (CreateOptions & ~(FILE_DIRECTORY_FILE |
                               FILE_SYNCHRONOUS_IO_ALERT |
                               FILE_SYNCHRONOUS_IO_NONALERT |
                               FILE_WRITE_THROUGH |
                               FILE_COMPLETE_IF_OPLOCKED |
                               FILE_OPEN_FOR_BACKUP_INTENT |
                               FILE_DELETE_ON_CLOSE |
                               FILE_OPEN_FOR_FREE_SPACE_QUERY |
                               FILE_OPEN_BY_FILE_ID |
                               FILE_NO_COMPRESSION |
                               FILE_OPEN_REPARSE_POINT)))
        {
            DPRINT1("File Create 'CreateOptions' Parameter has flags incompatible with FILE_DIRECTORY_FILE!\n");
            return STATUS_INVALID_PARAMETER;
        }

        if ((CreateOptions & FILE_DIRECTORY_FILE) && !(CreateOptions & FILE_NON_DIRECTORY_FILE) &&
            (Disposition != FILE_CREATE) && (Disposition != FILE_OPEN) && (Disposition != FILE_OPEN_IF))
        {
            DPRINT1("File Create 'CreateOptions' Parameter FILE_DIRECTORY_FILE requested, but 'Disposition' is not FILE_CREATE/FILE_OPEN/FILE_OPEN_IF!\n");
            return STATUS_INVALID_PARAMETER;
        }

        if ((CreateOptions & FILE_COMPLETE_IF_OPLOCKED) && (CreateOptions & FILE_RESERVE_OPFILTER))
        {
            DPRINT1("File Create 'CreateOptions' Parameter both FILE_COMPLETE_IF_OPLOCKED and FILE_RESERVE_OPFILTER specified!\n");
            return STATUS_INVALID_PARAMETER;
        }

        if ((CreateOptions & FILE_NO_INTERMEDIATE_BUFFERING) && (DesiredAccess & FILE_APPEND_DATA))
        {
            DPRINT1("File Create 'CreateOptions' parameter FILE_NO_INTERMEDIATE_BUFFERING requested, but 'DesiredAccess' FILE_APPEND_DATA requires it!\n");
            return STATUS_INVALID_PARAMETER;
        }

        /* Now check if this is a named pipe */
        if (CreateFileType == CreateFileTypeNamedPipe)
        {
            /* Make sure we have extra parameters */
            if (!ExtraCreateParameters)
            {
                DPRINT1("Invalid parameter: ExtraCreateParameters == 0!\n");
                return STATUS_INVALID_PARAMETER;
            }

            /* Get the parameters and validate them */
            NamedPipeCreateParameters = ExtraCreateParameters;
            if ((NamedPipeCreateParameters->NamedPipeType > FILE_PIPE_MESSAGE_TYPE) ||
                (NamedPipeCreateParameters->ReadMode > FILE_PIPE_MESSAGE_MODE) ||
                (NamedPipeCreateParameters->CompletionMode > FILE_PIPE_COMPLETE_OPERATION) ||
                (ShareAccess & FILE_SHARE_DELETE) ||
                ((Disposition < FILE_OPEN) || (Disposition > FILE_OPEN_IF)) ||
                (CreateOptions & ~FILE_VALID_PIPE_OPTION_FLAGS))
            {
                /* Invalid named pipe create */
                DPRINT1("Invalid named pipe create\n");
                return STATUS_INVALID_PARAMETER;
            }
        }
        else if (CreateFileType == CreateFileTypeMailslot)
        {
            /* Make sure we have extra parameters */
            if (!ExtraCreateParameters)
            {
                DPRINT1("Invalid parameter: ExtraCreateParameters == 0!\n");
                return STATUS_INVALID_PARAMETER;
            }

            /* Get the parameters and validate them */
            if ((ShareAccess & FILE_SHARE_DELETE) ||
                !(ShareAccess & ~FILE_SHARE_WRITE) ||
                (Disposition != FILE_CREATE) ||
                (CreateOptions & ~FILE_VALID_MAILSLOT_OPTION_FLAGS))
            {
                /* Invalid mailslot create */
                DPRINT1("Invalid mailslot create\n");
                return STATUS_INVALID_PARAMETER;
            }
        }
    }

    /* Allocate the open packet */
    OpenPacket = ExAllocatePoolWithTag(NonPagedPool, sizeof(*OpenPacket), 'pOoI');
    if (!OpenPacket) return STATUS_INSUFFICIENT_RESOURCES;
    RtlZeroMemory(OpenPacket, sizeof(*OpenPacket));

    /* Check if the call came from user mode */
    if (AccessMode != KernelMode)
    {
        _SEH2_TRY
        {
            /* Probe the output parameters */
            ProbeForWriteHandle(FileHandle);
            ProbeForWriteIoStatusBlock(IoStatusBlock);

            /* Probe the allocation size if one was passed in */
            if (AllocationSize)
            {
                SafeAllocationSize = ProbeForReadLargeInteger(AllocationSize);
            }
            else
            {
                SafeAllocationSize.QuadPart = 0;
            }

            /* Make sure it's valid */
            if (SafeAllocationSize.QuadPart < 0)
            {
                RtlRaiseStatus(STATUS_INVALID_PARAMETER);
            }

            /* Check if EA was passed in */
            if ((EaBuffer) && (EaLength))
            {
                /* Probe it */
                ProbeForRead(EaBuffer, EaLength, sizeof(ULONG));

                /* And marshall it */
                OpenPacket->EaBuffer = ExAllocatePoolWithTag(NonPagedPool,
                                                             EaLength,
                                                             TAG_EA);
                OpenPacket->EaLength = EaLength;
                RtlCopyMemory(OpenPacket->EaBuffer, EaBuffer, EaLength);

                /* Validate the buffer */
                Status = IoCheckEaBufferValidity(OpenPacket->EaBuffer,
                                                 EaLength,
                                                 &EaErrorOffset);
                if (!NT_SUCCESS(Status))
                {
                    /* Undo everything if it's invalid */
                    DPRINT1("Invalid EA buffer\n");
                    IoStatusBlock->Status = Status;
                    IoStatusBlock->Information = EaErrorOffset;
                    RtlRaiseStatus(Status);
                }
            }
        }
        _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
        {
            /* Return the exception code */
            if (OpenPacket->EaBuffer != NULL) ExFreePool(OpenPacket->EaBuffer);
            ExFreePool(OpenPacket);
            _SEH2_YIELD(return _SEH2_GetExceptionCode());
        }
        _SEH2_END;
    }
    else
    {
        /* Check if this is a device attach */
        if (CreateOptions & IO_ATTACH_DEVICE_API)
        {
            /* Set the flag properly */
            Options |= IO_ATTACH_DEVICE;
            CreateOptions &= ~IO_ATTACH_DEVICE_API;
        }

        /* Check if we have allocation size */
        if (AllocationSize)
        {
            /* Capture it */
            SafeAllocationSize = *AllocationSize;
        }
        else
        {
            /* Otherwise, no size */
            SafeAllocationSize.QuadPart = 0;
        }

        /* Check if we have an EA packet */
        if ((EaBuffer) && (EaLength))
        {
            /* Allocate the kernel copy */
            OpenPacket->EaBuffer = ExAllocatePoolWithTag(NonPagedPool,
                                                         EaLength,
                                                         TAG_EA);
            if (!OpenPacket->EaBuffer)
            {
                ExFreePool(OpenPacket);
                DPRINT1("Failed to allocate open packet EA buffer\n");
                return STATUS_INSUFFICIENT_RESOURCES;
            }

            /* Copy the data */
            OpenPacket->EaLength = EaLength;
            RtlCopyMemory(OpenPacket->EaBuffer, EaBuffer, EaLength);

            /* Validate the buffer */
            Status = IoCheckEaBufferValidity(OpenPacket->EaBuffer,
                                             EaLength,
                                             &EaErrorOffset);
            if (!NT_SUCCESS(Status))
            {
                /* Undo everything if it's invalid */
                DPRINT1("Invalid EA buffer\n");
                ExFreePool(OpenPacket->EaBuffer);
                IoStatusBlock->Status = Status;
                IoStatusBlock->Information = EaErrorOffset;
                ExFreePool(OpenPacket);
                return Status;
            }
        }
    }

    /* Setup the Open Packet */
    OpenPacket->Type = IO_TYPE_OPEN_PACKET;
    OpenPacket->Size = sizeof(*OpenPacket);
    OpenPacket->AllocationSize = SafeAllocationSize;
    OpenPacket->CreateOptions = CreateOptions;
    OpenPacket->FileAttributes = (USHORT)FileAttributes;
    OpenPacket->ShareAccess = (USHORT)ShareAccess;
    OpenPacket->Options = Options;
    OpenPacket->Disposition = Disposition;
    OpenPacket->CreateFileType = CreateFileType;
    OpenPacket->ExtraCreateParameters = ExtraCreateParameters;
    OpenPacket->InternalFlags = Flags;
    OpenPacket->TopDeviceObjectHint = DeviceObject;

    /* Update the operation count */
    IopUpdateOperationCount(IopOtherTransfer);

    /*
     * Attempt opening the file. This will call the I/O Parse Routine for
     * the File Object (IopParseDevice) which will create the object and
     * send the IRP to its device object. Note that we have two statuses
     * to worry about: the Object Manager's status (in Status) and the I/O
     * status, which is in the Open Packet's Final Status, and determined
     * by the Parse Check member.
     */
    Status = ObOpenObjectByName(ObjectAttributes,
                                NULL,
                                AccessMode,
                                NULL,
                                DesiredAccess,
                                OpenPacket,
                                &LocalHandle);

    /* Free the EA Buffer */
    if (OpenPacket->EaBuffer) ExFreePool(OpenPacket->EaBuffer);

    /* Now check for Ob or Io failure */
    if (!(NT_SUCCESS(Status)) || (OpenPacket->ParseCheck == FALSE))
    {
        /* Check if Ob thinks well went well */
        if (NT_SUCCESS(Status))
        {
            /*
             * Tell it otherwise. Because we didn't use an ObjectType,
             * it incorrectly returned us a handle to God knows what.
             */
            ZwClose(LocalHandle);
            Status = STATUS_OBJECT_TYPE_MISMATCH;
        }

        /* Now check the Io status */
        if (!NT_SUCCESS(OpenPacket->FinalStatus))
        {
            /* Use this status instead of Ob's */
            Status = OpenPacket->FinalStatus;

            /* Check if it was only a warning */
            if (NT_WARNING(Status))
            {
                /* Protect write with SEH */
                _SEH2_TRY
                {
                    /* In this case, we copy the I/O Status back */
                    IoStatusBlock->Information = OpenPacket->Information;
                    IoStatusBlock->Status = OpenPacket->FinalStatus;
                }
                _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
                {
                    /* Get exception code */
                    Status = _SEH2_GetExceptionCode();
                }
                _SEH2_END;
            }
        }
        else if ((OpenPacket->FileObject) && (OpenPacket->ParseCheck == FALSE))
        {
            /*
             * This can happen in the very bizarre case where the parse routine
             * actually executed more then once (due to a reparse) and ended
             * up failing after already having created the File Object.
             */
            if (OpenPacket->FileObject->FileName.Length)
            {
                /* It had a name, free it */
                ExFreePoolWithTag(OpenPacket->FileObject->FileName.Buffer, TAG_IO_NAME);
            }

            /* Clear the device object to invalidate the FO, and dereference */
            OpenPacket->FileObject->DeviceObject = NULL;
            ObDereferenceObject(OpenPacket->FileObject);
        }
    }
    else
    {
        /* We reached success and have a valid file handle */
        OpenPacket->FileObject->Flags |= FO_HANDLE_CREATED;
        ASSERT(OpenPacket->FileObject->Type == IO_TYPE_FILE);

        /* Enter SEH for write back */
        _SEH2_TRY
        {
            /* Write back the handle and I/O Status */
            *FileHandle = LocalHandle;
            IoStatusBlock->Information = OpenPacket->Information;
            IoStatusBlock->Status = OpenPacket->FinalStatus;

            /* Get the Io status */
            Status = OpenPacket->FinalStatus;
        }
        _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
        {
            /* Get the exception status */
            Status = _SEH2_GetExceptionCode();
        }
        _SEH2_END;
    }

    /* Check if we were 100% successful */
    if ((OpenPacket->ParseCheck != FALSE) && (OpenPacket->FileObject))
    {
        /* Dereference the File Object */
        ObDereferenceObject(OpenPacket->FileObject);
    }

    /* Return status */
    ExFreePool(OpenPacket);
    return Status;
}

Referenced by IoCreateFile(), and IoCreateFileSpecifyDeviceObjectHint().

IopDeleteFile()

VOID NTAPI IopDeleteFile

(

IN PVOID

ObjectBody

)

Definition at line 1354 of file file.c.

{
    PFILE_OBJECT FileObject = (PFILE_OBJECT)ObjectBody;
    PIRP Irp;
    PIO_STACK_LOCATION StackPtr;
    NTSTATUS Status;
    KEVENT Event;
    PDEVICE_OBJECT DeviceObject;
    BOOLEAN DereferenceDone = FALSE;
    PVPB Vpb;
    KIRQL OldIrql;
    IOTRACE(IO_FILE_DEBUG, "ObjectBody: %p\n", ObjectBody);

    /* Check if the file has a device object */
    if (FileObject->DeviceObject)
    {
        /* Check if this is a direct open or not */
        if (FileObject->Flags & FO_DIRECT_DEVICE_OPEN)
        {
            /* Get the attached device */
            DeviceObject = IoGetAttachedDevice(FileObject->DeviceObject);
        }
        else
        {
            /* Use the file object's device object */
            DeviceObject = IoGetRelatedDeviceObject(FileObject);
        }

        /* Sanity check */
        ASSERT(!(FileObject->Flags & FO_SYNCHRONOUS_IO) ||
               (InterlockedExchange((PLONG)&FileObject->Busy, TRUE) == FALSE));

        /* Check if the handle wasn't created yet */
        if (!(FileObject->Flags & FO_HANDLE_CREATED))
        {
            /* Send the cleanup IRP */
            IopCloseFile(NULL, ObjectBody, 0, 1, 1);
        }

        /* Clear and set up Events */
        KeClearEvent(&FileObject->Event);
        KeInitializeEvent(&Event, SynchronizationEvent, FALSE);

        /* Allocate an IRP */
        Irp = IopAllocateIrpMustSucceed(DeviceObject->StackSize);

        /* Set it up */
        Irp->UserEvent = &Event;
        Irp->UserIosb = &Irp->IoStatus;
        Irp->Tail.Overlay.Thread = PsGetCurrentThread();
        Irp->Tail.Overlay.OriginalFileObject = FileObject;
        Irp->Flags = IRP_CLOSE_OPERATION | IRP_SYNCHRONOUS_API;

        /* Set up Stack Pointer Data */
        StackPtr = IoGetNextIrpStackLocation(Irp);
        StackPtr->MajorFunction = IRP_MJ_CLOSE;
        StackPtr->FileObject = FileObject;

        /* Queue the IRP */
        IopQueueIrpToThread(Irp);

        /* Get the VPB and check if this isn't a direct open */
        Vpb = FileObject->Vpb;
        if ((Vpb) && !(FileObject->Flags & FO_DIRECT_DEVICE_OPEN))
        {
            /* Dereference the VPB before the close */
            InterlockedDecrement((PLONG)&Vpb->ReferenceCount);
        }

        /* Check if the FS will never disappear by itself */
        if (FileObject->DeviceObject->Flags & DO_NEVER_LAST_DEVICE)
        {
            /* Dereference it */
            InterlockedDecrement(&FileObject->DeviceObject->ReferenceCount);
            DereferenceDone = TRUE;
        }

        /* Call the FS Driver */
        Status = IoCallDriver(DeviceObject, Irp);
        if (Status == STATUS_PENDING)
        {
            /* Wait for completion */
            KeWaitForSingleObject(&Event, Executive, KernelMode, FALSE, NULL);
        }

        /* De-queue the IRP */
        KeRaiseIrql(APC_LEVEL, &OldIrql);
        IopUnQueueIrpFromThread(Irp);
        KeLowerIrql(OldIrql);

        /* Free the IRP */
        IoFreeIrp(Irp);

        /* Clear the file name */
        if (FileObject->FileName.Buffer)
        {
            /*
             * Don't use TAG_IO_NAME since the FileObject's FileName
             * may have been re-allocated using a different tag
             * by a filesystem.
             */
            ExFreePoolWithTag(FileObject->FileName.Buffer, 0);
            FileObject->FileName.Buffer = NULL;
        }

        /* Check if the FO had a completion port */
        if (FileObject->CompletionContext)
        {
            /* Free it */
            ObDereferenceObject(FileObject->CompletionContext->Port);
            ExFreePool(FileObject->CompletionContext);
        }

        /* Check if the FO had extension */
        if (FileObject->Flags & FO_FILE_OBJECT_HAS_EXTENSION)
        {
            /* Release filter context structure if any */
            FsRtlPTeardownPerFileObjectContexts(FileObject);
        }

        /* Check if dereference has been done yet */
        if (!DereferenceDone)
        {
            /* Dereference device object */
            IopDereferenceDeviceObject(FileObject->DeviceObject, FALSE);
        }
    }
}

Referenced by IopCreateObjectTypes(), and IopParseDevice().

IopDoNameTransmogrify()

VOID NTAPI IopDoNameTransmogrify	(	IN PIRP	Irp,
		IN PFILE_OBJECT	FileObject,
		IN PREPARSE_DATA_BUFFER	DataBuffer
	)

Definition at line 170 of file file.c.

{
    PWSTR Buffer;
    USHORT Length;
    USHORT RequiredLength;
    PWSTR NewBuffer;

    PAGED_CODE();

    ASSERT(Irp->IoStatus.Status == STATUS_REPARSE);
    ASSERT(Irp->IoStatus.Information == IO_REPARSE_TAG_MOUNT_POINT);
    ASSERT(Irp->Tail.Overlay.AuxiliaryBuffer != NULL);
    ASSERT(DataBuffer != NULL);
    ASSERT(DataBuffer->ReparseTag == IO_REPARSE_TAG_MOUNT_POINT);
    ASSERT(DataBuffer->ReparseDataLength < MAXIMUM_REPARSE_DATA_BUFFER_SIZE);
    ASSERT(DataBuffer->Reserved < MAXIMUM_REPARSE_DATA_BUFFER_SIZE);

    /* First of all, validate data */
    if (DataBuffer->ReparseDataLength < REPARSE_DATA_BUFFER_HEADER_SIZE ||
        (DataBuffer->SymbolicLinkReparseBuffer.PrintNameLength +
         DataBuffer->SymbolicLinkReparseBuffer.SubstituteNameLength +
         FIELD_OFFSET(REPARSE_DATA_BUFFER, MountPointReparseBuffer.PathBuffer[0])) > MAXIMUM_REPARSE_DATA_BUFFER_SIZE)
    {
        Irp->IoStatus.Status = STATUS_IO_REPARSE_DATA_INVALID;
    }

    /* Everything went right */
    if (NT_SUCCESS(Irp->IoStatus.Status))
    {
        /* Compute buffer & length */
        Buffer = (PWSTR)((ULONG_PTR)DataBuffer->MountPointReparseBuffer.PathBuffer +
                                    DataBuffer->MountPointReparseBuffer.SubstituteNameOffset);
        Length = DataBuffer->MountPointReparseBuffer.SubstituteNameLength;

        /* Check we don't overflow */
        if (((ULONG)MAXUSHORT - DataBuffer->Reserved) <= (Length + sizeof(UNICODE_NULL)))
        {
            Irp->IoStatus.Status = STATUS_IO_REPARSE_DATA_INVALID;
        }
        else
        {
            /* Compute how much memory we'll need */
            RequiredLength = DataBuffer->Reserved + Length + sizeof(UNICODE_NULL);

            /* Check if FileObject can already hold what we need */
            if (FileObject->FileName.MaximumLength >= RequiredLength)
            {
                NewBuffer = FileObject->FileName.Buffer;
            }
            else
            {
                /* Allocate otherwise */
                NewBuffer = ExAllocatePoolWithTag(PagedPool, RequiredLength, TAG_IO_NAME);
                if (NewBuffer == NULL)
                {
                    Irp->IoStatus.Status = STATUS_INSUFFICIENT_RESOURCES;
                }
            }
        }
    }

    /* Everything went right */
    if (NT_SUCCESS(Irp->IoStatus.Status))
    {
        /* Copy the reserved data */
        if (DataBuffer->Reserved)
        {
            RtlMoveMemory((PWSTR)((ULONG_PTR)NewBuffer + Length),
                          (PWSTR)((ULONG_PTR)FileObject->FileName.Buffer + FileObject->FileName.Length - DataBuffer->Reserved),
                          DataBuffer->Reserved);
        }

        /* Then the buffer */
        if (Length)
        {
            RtlCopyMemory(NewBuffer, Buffer, Length);
        }

        /* And finally replace buffer if new one was allocated */
        FileObject->FileName.Length = RequiredLength - sizeof(UNICODE_NULL);
        if (NewBuffer != FileObject->FileName.Buffer)
        {
            if (FileObject->FileName.Buffer)
            {
                /*
                 * Don't use TAG_IO_NAME since the FileObject's FileName
                 * may have been re-allocated using a different tag
                 * by a filesystem.
                 */
                ExFreePoolWithTag(FileObject->FileName.Buffer, 0);
            }

            FileObject->FileName.Buffer = NewBuffer;
            FileObject->FileName.MaximumLength = RequiredLength;
            FileObject->FileName.Buffer[RequiredLength / sizeof(WCHAR) - 1] = UNICODE_NULL;
        }
    }

    /* We don't need them anymore - it was allocated by the driver */
    ExFreePool(DataBuffer);
}

Referenced by IopCompleteRequest(), and IopParseDevice().

IopGetDeviceAttachmentBase()

PDEVICE_OBJECT NTAPI IopGetDeviceAttachmentBase

(

IN PDEVICE_OBJECT

DeviceObject

)

Definition at line 1485 of file file.c.

{
    PDEVICE_OBJECT PDO = DeviceObject;

    /* Go down the stack to attempt to get the PDO */
    for (; ((PEXTENDED_DEVOBJ_EXTENSION)PDO->DeviceObjectExtension)->AttachedTo != NULL;
           PDO = ((PEXTENDED_DEVOBJ_EXTENSION)PDO->DeviceObjectExtension)->AttachedTo);

    return PDO;
}

Referenced by IopGetDevicePDO(), and IopVerifyDriverObjectOnStack().

IopGetDevicePDO()

PDEVICE_OBJECT NTAPI IopGetDevicePDO

(

IN PDEVICE_OBJECT

DeviceObject

)

Definition at line 1498 of file file.c.

{
    KIRQL OldIrql;
    PDEVICE_OBJECT PDO;

    ASSERT(DeviceObject != NULL);

    OldIrql = KeAcquireQueuedSpinLock(LockQueueIoDatabaseLock);
    /* Get the base DO */
    PDO = IopGetDeviceAttachmentBase(DeviceObject);
    /* Check whether that's really a PDO and if so, keep it */
    if ((PDO->Flags & DO_BUS_ENUMERATED_DEVICE) != DO_BUS_ENUMERATED_DEVICE)
    {
        PDO = NULL;
    }
    else
    {
        ObReferenceObject(PDO);
    }
    KeReleaseQueuedSpinLock(LockQueueIoDatabaseLock, OldIrql);

    return PDO;
}

Referenced by IopGetSetSecurityObject().

IopGetSetSecurityObject()

NTSTATUS NTAPI IopGetSetSecurityObject	(	IN PVOID	ObjectBody,
		IN SECURITY_OPERATION_CODE	OperationCode,
		IN PSECURITY_INFORMATION	SecurityInformation,
		IN PSECURITY_DESCRIPTOR	SecurityDescriptor,
		IN OUT PULONG	BufferLength,
		IN OUT PSECURITY_DESCRIPTOR *	OldSecurityDescriptor,
		IN POOL_TYPE	PoolType,
		IN OUT PGENERIC_MAPPING	GenericMapping
	)

Definition at line 1653 of file file.c.

{
    IO_STATUS_BLOCK IoStatusBlock;
    PIO_STACK_LOCATION StackPtr;
    PFILE_OBJECT FileObject;
    PDEVICE_OBJECT DeviceObject;
    PIRP Irp;
    BOOLEAN LocalEvent = FALSE;
    KEVENT Event;
    NTSTATUS Status = STATUS_SUCCESS;
    PAGED_CODE();
    IOTRACE(IO_FILE_DEBUG, "ObjectBody: %p\n", ObjectBody);

    /* Check if this is a device or file */
    if (((PFILE_OBJECT)ObjectBody)->Type == IO_TYPE_DEVICE)
    {
        /* It's a device */
        DeviceObject = (PDEVICE_OBJECT)ObjectBody;
        FileObject = NULL;
    }
    else
    {
        /* It's a file */
        FileObject = (PFILE_OBJECT)ObjectBody;

        /* Check if this is a direct open */
        if (FileObject->Flags & FO_DIRECT_DEVICE_OPEN)
        {
            /* Get the Device Object */
            DeviceObject = IoGetAttachedDevice(FileObject->DeviceObject);
        }
        else
        {
            /* Otherwise, use the direct device*/
            DeviceObject = FileObject->DeviceObject;
        }
    }

    /* Check if the request was for a device object */
    if (!(FileObject) ||
        (!(FileObject->FileName.Length) && !(FileObject->RelatedFileObject)) ||
        (FileObject->Flags & FO_DIRECT_DEVICE_OPEN))
    {
        /* Check what kind of request this was */
        if (OperationCode == QuerySecurityDescriptor)
        {
            return SeQuerySecurityDescriptorInfo(SecurityInformation,
                                                 SecurityDescriptor,
                                                 BufferLength,
                                                 &DeviceObject->SecurityDescriptor);
        }
        else if (OperationCode == DeleteSecurityDescriptor)
        {
            /* Simply return success */
            return STATUS_SUCCESS;
        }
        else if (OperationCode == AssignSecurityDescriptor)
        {
            Status = STATUS_SUCCESS;

            /* Make absolutely sure this is a device object */
            if (!(FileObject) || !(FileObject->Flags & FO_STREAM_FILE))
            {
                PSECURITY_DESCRIPTOR CachedSecurityDescriptor;

                /* Add the security descriptor in cache */
                Status = ObLogSecurityDescriptor(SecurityDescriptor, &CachedSecurityDescriptor, 1);
                if (NT_SUCCESS(Status))
                {
                    KeEnterCriticalRegion();
                    ExAcquireResourceExclusiveLite(&IopSecurityResource, TRUE);

                    /* Assign the Security Descriptor */
                    DeviceObject->SecurityDescriptor = CachedSecurityDescriptor;

                    ExReleaseResourceLite(&IopSecurityResource);
                    KeLeaveCriticalRegion();
                }
            }

            /* Return status */
            return Status;
        }
        else if (OperationCode == SetSecurityDescriptor)
        {
            /* Get the Physical Device Object if any */
            PDEVICE_OBJECT PDO = IopGetDevicePDO(DeviceObject);

            if (PDO != NULL)
            {
                /* Apply the new SD to any DO in the path from PDO to current DO */
                Status = IopSetDeviceSecurityDescriptors(DeviceObject, PDO,
                                                         SecurityInformation,
                                                         SecurityDescriptor,
                                                         PoolType, GenericMapping);
                ObDereferenceObject(PDO);
            }
            else
            {
                /* Otherwise, just set for ourselves */
                Status = IopSetDeviceSecurityDescriptor(DeviceObject,
                                                        SecurityInformation,
                                                        SecurityDescriptor,
                                                        PoolType, GenericMapping);
            }

            return STATUS_SUCCESS;
        }

        /* Shouldn't happen */
        return STATUS_SUCCESS;
    }
    else if (OperationCode == DeleteSecurityDescriptor)
    {
        /* Same as for devices, do nothing */
        return STATUS_SUCCESS;
    }

    /* At this point, we know we're a file. Reference it */
    ObReferenceObject(FileObject);

    /* Check if we should use Sync IO or not */
    if (FileObject->Flags & FO_SYNCHRONOUS_IO)
    {
        /* Lock the file object */
        Status = IopLockFileObject(FileObject, ExGetPreviousMode());
        if (Status != STATUS_SUCCESS)
        {
            ObDereferenceObject(FileObject);
            return Status;
        }
    }
    else
    {
        /* Use local event */
        KeInitializeEvent(&Event, SynchronizationEvent, FALSE);
        LocalEvent = TRUE;
    }

    /* Clear the File Object event */
    KeClearEvent(&FileObject->Event);

    /* Get the device object */
    DeviceObject = IoGetRelatedDeviceObject(FileObject);

    /* Allocate the IRP */
    Irp = IoAllocateIrp(DeviceObject->StackSize, FALSE);
    if (!Irp) return IopCleanupFailedIrp(FileObject, NULL, NULL);

    /* Set the IRP */
    Irp->Tail.Overlay.OriginalFileObject = FileObject;
    Irp->Tail.Overlay.Thread = PsGetCurrentThread();
    Irp->RequestorMode = ExGetPreviousMode();
    Irp->UserIosb = &IoStatusBlock;
    Irp->UserEvent = (LocalEvent) ? &Event : NULL;
    Irp->Flags = (LocalEvent) ? IRP_SYNCHRONOUS_API : 0;
    Irp->Overlay.AsynchronousParameters.UserApcRoutine = NULL;

    /* Set Stack Parameters */
    StackPtr = IoGetNextIrpStackLocation(Irp);
    StackPtr->FileObject = FileObject;

    /* Check if this is a query or set */
    if (OperationCode == QuerySecurityDescriptor)
    {
        /* Set the major function and parameters */
        StackPtr->MajorFunction = IRP_MJ_QUERY_SECURITY;
        StackPtr->Parameters.QuerySecurity.SecurityInformation =
            *SecurityInformation;
        StackPtr->Parameters.QuerySecurity.Length = *BufferLength;
        Irp->UserBuffer = SecurityDescriptor;
    }
    else
    {
        /* Set the major function and parameters for a set */
        StackPtr->MajorFunction = IRP_MJ_SET_SECURITY;
        StackPtr->Parameters.SetSecurity.SecurityInformation =
            *SecurityInformation;
        StackPtr->Parameters.SetSecurity.SecurityDescriptor =
            SecurityDescriptor;
    }

    /* Queue the IRP */
    IopQueueIrpToThread(Irp);

    /* Update operation counts */
    IopUpdateOperationCount(IopOtherTransfer);

    /* Call the Driver */
    Status = IoCallDriver(DeviceObject, Irp);

    /* Check if this was async I/O */
    if (LocalEvent)
    {
        /* Check if the IRP is pending completion */
        if (Status == STATUS_PENDING)
        {
            /* Wait on the local event */
            KeWaitForSingleObject(&Event,
                                  Executive,
                                  KernelMode,
                                  FALSE,
                                  NULL);
            Status = IoStatusBlock.Status;
        }
    }
    else
    {
        /* Check if the IRP is pending completion */
        if (Status == STATUS_PENDING)
        {
            /* Wait on the file object */
            KeWaitForSingleObject(&FileObject->Event,
                                  Executive,
                                  KernelMode,
                                  FALSE,
                                  NULL);
            Status = FileObject->FinalStatus;
        }

        /* Release the lock */
        IopUnlockFileObject(FileObject);
    }

    /* This Driver doesn't implement Security, so try to give it a default */
    if (Status == STATUS_INVALID_DEVICE_REQUEST)
    {
        /* Was this a query? */
        if (OperationCode == QuerySecurityDescriptor)
        {
            /* Set a World Security Descriptor */
            Status = SeSetWorldSecurityDescriptor(*SecurityInformation,
                                                  SecurityDescriptor,
                                                  BufferLength);
        }
        else
        {
            /* It wasn't a query, so just fake success */
            Status = STATUS_SUCCESS;
        }
    }
    else if (OperationCode == QuerySecurityDescriptor)
    {
        /* Callers usually expect the normalized form */
        if (Status == STATUS_BUFFER_OVERFLOW) Status = STATUS_BUFFER_TOO_SMALL;

        _SEH2_TRY
        {
            /* Return length */
            *BufferLength = (ULONG)IoStatusBlock.Information;
        }
        _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
        {
            /* Get the exception code */
            Status = _SEH2_GetExceptionCode();
        }
        _SEH2_END;
    }

    /* Return Status */
    return Status;
}

IopParseDevice()

NTSTATUS NTAPI IopParseDevice	(	IN PVOID	ParseObject,
		IN PVOID	ObjectType,
		IN OUT PACCESS_STATE	AccessState,
		IN KPROCESSOR_MODE	AccessMode,
		IN ULONG	Attributes,
		IN OUT PUNICODE_STRING	CompleteName,
		IN OUT PUNICODE_STRING	RemainingName,
		IN OUT PVOID	Context,
		IN PSECURITY_QUALITY_OF_SERVICE SecurityQos	OPTIONAL,
		OUT PVOID *	Object
	)

Definition at line 324 of file file.c.

{
    POPEN_PACKET OpenPacket = (POPEN_PACKET)Context;
    PDEVICE_OBJECT OriginalDeviceObject = (PDEVICE_OBJECT)ParseObject;
    PDEVICE_OBJECT DeviceObject, OwnerDevice;
    NTSTATUS Status;
    PFILE_OBJECT FileObject;
    PVPB Vpb = NULL;
    PIRP Irp;
    PIO_STACK_LOCATION StackLoc;
    IO_SECURITY_CONTEXT SecurityContext;
    IO_STATUS_BLOCK IoStatusBlock;
    BOOLEAN DirectOpen = FALSE, OpenCancelled, UseDummyFile;
    OBJECT_ATTRIBUTES ObjectAttributes;
    KIRQL OldIrql;
    PDUMMY_FILE_OBJECT LocalFileObject;
    PFILE_BASIC_INFORMATION FileBasicInfo;
    ULONG ReturnLength;
    KPROCESSOR_MODE CheckMode;
    BOOLEAN VolumeOpen = FALSE;
    ACCESS_MASK DesiredAccess, GrantedAccess;
    BOOLEAN AccessGranted, LockHeld = FALSE;
    PPRIVILEGE_SET Privileges = NULL;
    UNICODE_STRING FileString;
    USHORT Attempt;
    IOTRACE(IO_FILE_DEBUG, "ParseObject: %p. RemainingName: %wZ\n",
            ParseObject, RemainingName);

    for (Attempt = 0; Attempt < IOP_MAX_REPARSE_TRAVERSAL; ++Attempt)
    {
        /* Assume failure */
        *Object = NULL;

        /* Validate the open packet */
        if (!IopValidateOpenPacket(OpenPacket)) return STATUS_OBJECT_TYPE_MISMATCH;

        /* Valide reparse point in case we traversed a mountpoint */
        if (OpenPacket->TraversedMountPoint)
        {
            /* This is a reparse point we understand */
            ASSERT(OpenPacket->Information == IO_REPARSE_TAG_MOUNT_POINT);

            /* Make sure we're dealing with correct DO */
            if (OriginalDeviceObject->DeviceType != FILE_DEVICE_DISK &&
                OriginalDeviceObject->DeviceType != FILE_DEVICE_CD_ROM &&
                OriginalDeviceObject->DeviceType != FILE_DEVICE_VIRTUAL_DISK &&
                OriginalDeviceObject->DeviceType != FILE_DEVICE_TAPE)
            {
                OpenPacket->FinalStatus = STATUS_IO_REPARSE_DATA_INVALID;
                return STATUS_IO_REPARSE_DATA_INVALID;
            }
        }

        /* Check if we have a related file object */
        if (OpenPacket->RelatedFileObject)
        {
            /* Use the related file object's device object */
            OriginalDeviceObject = OpenPacket->RelatedFileObject->DeviceObject;
        }

        /* Validate device status */
        Status = IopCheckDeviceAndDriver(OpenPacket, OriginalDeviceObject);
        if (!NT_SUCCESS(Status))
        {
            /* We failed, return status */
            OpenPacket->FinalStatus = Status;
            return Status;
        }

        /* Map the generic mask and set the new mapping in the access state */
        RtlMapGenericMask(&AccessState->RemainingDesiredAccess,
                          &IoFileObjectType->TypeInfo.GenericMapping);
        RtlMapGenericMask(&AccessState->OriginalDesiredAccess,
                          &IoFileObjectType->TypeInfo.GenericMapping);
        SeSetAccessStateGenericMapping(AccessState,
                                       &IoFileObjectType->TypeInfo.GenericMapping);
        DesiredAccess = AccessState->RemainingDesiredAccess;

        /* Check what kind of access checks to do */
        if ((AccessMode != KernelMode) ||
            (OpenPacket->Options & IO_FORCE_ACCESS_CHECK))
        {
            /* Call is from user-mode or kernel is forcing checks */
            CheckMode = UserMode;
        }
        else
        {
            /* Call is from the kernel */
            CheckMode = KernelMode;
        }

        /* Check privilege for backup or restore operation */
        IopCheckBackupRestorePrivilege(AccessState,
                                       &OpenPacket->CreateOptions,
                                       CheckMode,
                                       OpenPacket->Disposition);

        /* Check if we are re-parsing */
        if (((OpenPacket->Override) && !(RemainingName->Length)) ||
            (AccessState->Flags & SE_BACKUP_PRIVILEGES_CHECKED))
        {
            /* Get granted access from the last call */
            DesiredAccess |= AccessState->PreviouslyGrantedAccess;
        }

        /* Check if this is a volume open */
        if ((OpenPacket->RelatedFileObject) &&
            (OpenPacket->RelatedFileObject->Flags & FO_VOLUME_OPEN) &&
            !(RemainingName->Length))
        {
            /* It is */
            VolumeOpen = TRUE;
        }

        /* Now check if we need access checks */
        if (((AccessMode != KernelMode) ||
             (OpenPacket->Options & IO_FORCE_ACCESS_CHECK)) &&
            (!(OpenPacket->RelatedFileObject) || (VolumeOpen)) &&
            !(OpenPacket->Override))
        {
            KeEnterCriticalRegion();
            ExAcquireResourceSharedLite(&IopSecurityResource, TRUE);

            /* Check if a device object is being parsed  */
            if (!RemainingName->Length)
            {
                /* Lock the subject context */
                SeLockSubjectContext(&AccessState->SubjectSecurityContext);
                LockHeld = TRUE;

                /* Do access check */
                AccessGranted = SeAccessCheck(OriginalDeviceObject->
                                              SecurityDescriptor,
                                              &AccessState->SubjectSecurityContext,
                                              LockHeld,
                                              DesiredAccess,
                                              0,
                                              &Privileges,
                                              &IoFileObjectType->
                                              TypeInfo.GenericMapping,
                                              UserMode,
                                              &GrantedAccess,
                                              &Status);
                if (Privileges)
                {
                    /* Append and free the privileges */
                    SeAppendPrivileges(AccessState, Privileges);
                    SeFreePrivileges(Privileges);
                }

                /* Check if we got access */
                if (AccessGranted)
                {
                    /* Update access state */
                    AccessState->PreviouslyGrantedAccess |= GrantedAccess;
                    AccessState->RemainingDesiredAccess &= ~(GrantedAccess |
                                                             MAXIMUM_ALLOWED);
                    OpenPacket->Override= TRUE;
                }

                FileString.Length = 8;
                FileString.MaximumLength = 8;
                FileString.Buffer = L"File";

                /* Do Audit/Alarm for open operation */
                SeOpenObjectAuditAlarm(&FileString,
                                       OriginalDeviceObject,
                                       CompleteName,
                                       OriginalDeviceObject->SecurityDescriptor,
                                       AccessState,
                                       FALSE,
                                       AccessGranted,
                                       UserMode,
                                       &AccessState->GenerateOnClose);
            }
            else
            {
                /* Check if we need to do traverse validation */
                if (!(AccessState->Flags & TOKEN_HAS_TRAVERSE_PRIVILEGE) ||
                    ((OriginalDeviceObject->DeviceType == FILE_DEVICE_DISK) ||
                     (OriginalDeviceObject->DeviceType == FILE_DEVICE_CD_ROM)))
                {
                    /* Check if this is a restricted token */
                    if (!(AccessState->Flags & TOKEN_IS_RESTRICTED))
                    {
                        /* Do the FAST traverse check */
                        AccessGranted = SeFastTraverseCheck(OriginalDeviceObject->SecurityDescriptor,
                                                            AccessState,
                                                            FILE_TRAVERSE,
                                                            UserMode);
                    }
                    else
                    {
                        /* Fail */
                        AccessGranted = FALSE;
                    }

                    /* Check if we failed to get access */
                    if (!AccessGranted)
                    {
                        /* Lock the subject context */
                        SeLockSubjectContext(&AccessState->SubjectSecurityContext);
                        LockHeld = TRUE;

                        /* Do access check */
                        AccessGranted = SeAccessCheck(OriginalDeviceObject->
                                                      SecurityDescriptor,
                                                      &AccessState->SubjectSecurityContext,
                                                      LockHeld,
                                                      FILE_TRAVERSE,
                                                      0,
                                                      &Privileges,
                                                      &IoFileObjectType->
                                                      TypeInfo.GenericMapping,
                                                      UserMode,
                                                      &GrantedAccess,
                                                      &Status);
                        if (Privileges)
                        {
                            /* Append and free the privileges */
                            SeAppendPrivileges(AccessState, Privileges);
                            SeFreePrivileges(Privileges);
                        }
                    }

                    /* FIXME: Do Audit/Alarm for traverse check */
                }
                else
                {
                    /* Access automatically granted */
                    AccessGranted = TRUE;
                }
            }

            ExReleaseResourceLite(&IopSecurityResource);
            KeLeaveCriticalRegion();

            /* Check if we hold the lock */
            if (LockHeld)
            {
                /* Release it */
                SeUnlockSubjectContext(&AccessState->SubjectSecurityContext);
            }

            /* Check if access failed */
            if (!AccessGranted)
            {
                /* Dereference the device and fail */
                DPRINT1("Traverse access failed!\n");
                IopDereferenceDeviceObject(OriginalDeviceObject, FALSE);
                return STATUS_ACCESS_DENIED;
            }
        }

        /* Check if we can simply use a dummy file */
        UseDummyFile = ((OpenPacket->QueryOnly) || (OpenPacket->DeleteOnly));

        /* Check if this is a direct open */
        if (!(RemainingName->Length) &&
            !(OpenPacket->RelatedFileObject) &&
            ((DesiredAccess & ~(SYNCHRONIZE |
                                FILE_READ_ATTRIBUTES |
                                READ_CONTROL |
                                ACCESS_SYSTEM_SECURITY |
                                WRITE_OWNER |
                                WRITE_DAC)) == 0) &&
            !(UseDummyFile))
        {
            /* Remember this for later */
            DirectOpen = TRUE;
        }

        /* Check if we have a related FO that wasn't a direct open */
        if ((OpenPacket->RelatedFileObject) &&
            !(OpenPacket->RelatedFileObject->Flags & FO_DIRECT_DEVICE_OPEN))
        {
            /* The device object is the one we were given */
            DeviceObject = ParseObject;

            /* Check if the related FO had a VPB */
            if (OpenPacket->RelatedFileObject->Vpb)
            {
                /* Yes, remember it */
                Vpb = OpenPacket->RelatedFileObject->Vpb;

                /* Reference it */
                InterlockedIncrement((PLONG)&Vpb->ReferenceCount);

                /* Check if we were given a specific top level device to use */
                if (OpenPacket->InternalFlags & IOP_USE_TOP_LEVEL_DEVICE_HINT)
                {
                    DeviceObject = Vpb->DeviceObject;
                }
            }
        }
        else
        {
            /* Check if it has a VPB */
            if ((OriginalDeviceObject->Vpb) && !(DirectOpen))
            {
                /* Check if the VPB is mounted, and mount it */
                Vpb = IopCheckVpbMounted(OpenPacket,
                                         OriginalDeviceObject,
                                         RemainingName,
                                         &Status);
                if (!Vpb) return Status;

                /* Get the VPB's device object */
                DeviceObject = Vpb->DeviceObject;
            }
            else
            {
                /* The device object is the one we were given */
                DeviceObject = OriginalDeviceObject;
            }

            /* If we weren't given a specific top level device, look for an attached device */
            if (!(OpenPacket->InternalFlags & IOP_USE_TOP_LEVEL_DEVICE_HINT) &&
                DeviceObject->AttachedDevice)
            {
                /* Get the attached device */
                DeviceObject = IoGetAttachedDevice(DeviceObject);
            }
        }

        /* If we have a top level device hint, verify it */
        if (OpenPacket->InternalFlags & IOP_USE_TOP_LEVEL_DEVICE_HINT)
        {
            Status = IopCheckTopDeviceHint(&DeviceObject, OpenPacket, DirectOpen);
            if (!NT_SUCCESS(Status))
            {
                IopDereferenceDeviceObject(OriginalDeviceObject, FALSE);
                if (Vpb) IopDereferenceVpbAndFree(Vpb);
                return Status;
            }
        }

        /* If we traversed a mount point, reset the information */
        if (OpenPacket->TraversedMountPoint)
        {
            OpenPacket->TraversedMountPoint = FALSE;
        }

        /* Check if this is a secure FSD */
        if ((DeviceObject->Characteristics & FILE_DEVICE_SECURE_OPEN) &&
            ((OpenPacket->RelatedFileObject) || (RemainingName->Length)) &&
            (!VolumeOpen))
        {
            Privileges = NULL;
            GrantedAccess = 0;

            KeEnterCriticalRegion();
            ExAcquireResourceSharedLite(&IopSecurityResource, TRUE);

            /* Lock the subject context */
            SeLockSubjectContext(&AccessState->SubjectSecurityContext);

            /* Do access check */
            AccessGranted = SeAccessCheck(OriginalDeviceObject->SecurityDescriptor,
                                          &AccessState->SubjectSecurityContext,
                                          TRUE,
                                          DesiredAccess,
                                          0,
                                          &Privileges,
                                          &IoFileObjectType->TypeInfo.GenericMapping,
                                          UserMode,
                                          &GrantedAccess,
                                          &Status);
            if (Privileges != NULL)
            {
                /* Append and free the privileges */
                SeAppendPrivileges(AccessState, Privileges);
                SeFreePrivileges(Privileges);
            }

            /* Check if we got access */
            if (GrantedAccess)
            {
                AccessState->PreviouslyGrantedAccess |= GrantedAccess;
                AccessState->RemainingDesiredAccess &= ~(GrantedAccess | MAXIMUM_ALLOWED);
            }

            FileString.Length = 8;
            FileString.MaximumLength = 8;
            FileString.Buffer = L"File";

            /* Do Audit/Alarm for open operation
             * NOTA: we audit target device object
             */
            SeOpenObjectAuditAlarm(&FileString,
                                   DeviceObject,
                                   CompleteName,
                                   OriginalDeviceObject->SecurityDescriptor,
                                   AccessState,
                                   FALSE,
                                   AccessGranted,
                                   UserMode,
                                   &AccessState->GenerateOnClose);

            SeUnlockSubjectContext(&AccessState->SubjectSecurityContext);

            ExReleaseResourceLite(&IopSecurityResource);
            KeLeaveCriticalRegion();

            /* Check if access failed */
            if (!AccessGranted)
            {
                /* Dereference the device and fail */
                IopDereferenceDeviceObject(OriginalDeviceObject, FALSE);
                if (Vpb) IopDereferenceVpbAndFree(Vpb);
                return STATUS_ACCESS_DENIED;
            }
        }

        /* Allocate the IRP */
        Irp = IoAllocateIrp(DeviceObject->StackSize, TRUE);
        if (!Irp)
        {
            /* Dereference the device and VPB, then fail */
            IopDereferenceDeviceObject(OriginalDeviceObject, FALSE);
            if (Vpb) IopDereferenceVpbAndFree(Vpb);
            return STATUS_INSUFFICIENT_RESOURCES;
        }

        /* Now set the IRP data */
        Irp->RequestorMode = AccessMode;
        Irp->Flags = IRP_CREATE_OPERATION | IRP_SYNCHRONOUS_API | IRP_DEFER_IO_COMPLETION;
        Irp->Tail.Overlay.Thread = PsGetCurrentThread();
        Irp->UserIosb = &IoStatusBlock;
        Irp->MdlAddress = NULL;
        Irp->PendingReturned = FALSE;
        Irp->UserEvent = NULL;
        Irp->Cancel = FALSE;
        Irp->CancelRoutine = NULL;
        Irp->Tail.Overlay.AuxiliaryBuffer = NULL;

        /* Setup the security context */
        SecurityContext.SecurityQos = SecurityQos;
        SecurityContext.AccessState = AccessState;
        SecurityContext.DesiredAccess = AccessState->RemainingDesiredAccess;
        SecurityContext.FullCreateOptions = OpenPacket->CreateOptions;

        /* Get the I/O Stack location */
        StackLoc = IoGetNextIrpStackLocation(Irp);
        StackLoc->Control = 0;

        /* Check what kind of file this is */
        switch (OpenPacket->CreateFileType)
        {
            /* Normal file */
            case CreateFileTypeNone:

                /* Set the major function and EA Length */
                StackLoc->MajorFunction = IRP_MJ_CREATE;
                StackLoc->Parameters.Create.EaLength = OpenPacket->EaLength;

                /* Set the flags */
                StackLoc->Flags = (UCHAR)OpenPacket->Options;
                StackLoc->Flags |= !(Attributes & OBJ_CASE_INSENSITIVE) ? SL_CASE_SENSITIVE: 0;
                break;

            /* Named pipe */
            case CreateFileTypeNamedPipe:

                /* Set the named pipe MJ and set the parameters */
                StackLoc->MajorFunction = IRP_MJ_CREATE_NAMED_PIPE;
                StackLoc->Parameters.CreatePipe.Parameters = OpenPacket->ExtraCreateParameters;
                break;

            /* Mailslot */
            case CreateFileTypeMailslot:

                /* Set the mailslot MJ and set the parameters */
                StackLoc->MajorFunction = IRP_MJ_CREATE_MAILSLOT;
                StackLoc->Parameters.CreateMailslot.Parameters = OpenPacket->ExtraCreateParameters;
                break;
        }

        /* Set the common data */
        Irp->Overlay.AllocationSize = OpenPacket->AllocationSize;
        Irp->AssociatedIrp.SystemBuffer = OpenPacket->EaBuffer;
        StackLoc->Parameters.Create.Options = (OpenPacket->Disposition << 24) |
                                              (OpenPacket->CreateOptions &
                                               0xFFFFFF);
        StackLoc->Parameters.Create.FileAttributes = OpenPacket->FileAttributes;
        StackLoc->Parameters.Create.ShareAccess = OpenPacket->ShareAccess;
        StackLoc->Parameters.Create.SecurityContext = &SecurityContext;

        /* Check if we really need to create an object */
        if (!UseDummyFile)
        {
            ULONG ObjectSize = sizeof(FILE_OBJECT);

            /* Tag on space for a file object extension */
            if (OpenPacket->InternalFlags & IOP_CREATE_FILE_OBJECT_EXTENSION)
                ObjectSize += sizeof(FILE_OBJECT_EXTENSION);

            /* Create the actual file object */
            InitializeObjectAttributes(&ObjectAttributes,
                                       NULL,
                                       Attributes,
                                       NULL,
                                       NULL);
            Status = ObCreateObject(KernelMode,
                                    IoFileObjectType,
                                    &ObjectAttributes,
                                    AccessMode,
                                    NULL,
                                    ObjectSize,
                                    0,
                                    0,
                                    (PVOID*)&FileObject);
            if (!NT_SUCCESS(Status))
            {
                /* Create failed, free the IRP */
                IoFreeIrp(Irp);

                /* Dereference the device and VPB */
                IopDereferenceDeviceObject(OriginalDeviceObject, FALSE);
                if (Vpb) IopDereferenceVpbAndFree(Vpb);

                /* We failed, return status */
                OpenPacket->FinalStatus = Status;
                return Status;
            }

            /* Clear the file object */
            RtlZeroMemory(FileObject, sizeof(FILE_OBJECT));

            /* Check if this is Synch I/O */
            if (OpenPacket->CreateOptions &
                (FILE_SYNCHRONOUS_IO_ALERT | FILE_SYNCHRONOUS_IO_NONALERT))
            {
                /* Set the synch flag */
                FileObject->Flags |= FO_SYNCHRONOUS_IO;

                /* Check if it's also alertable */
                if (OpenPacket->CreateOptions & FILE_SYNCHRONOUS_IO_ALERT)
                {
                    /* It is, set the alertable flag */
                    FileObject->Flags |= FO_ALERTABLE_IO;
                }
            }

            /* Check if this is synch I/O */
            if (FileObject->Flags & FO_SYNCHRONOUS_IO)
            {
                /* Initialize the event */
                KeInitializeEvent(&FileObject->Lock, SynchronizationEvent, FALSE);
            }

            /* Check if the caller requested no intermediate buffering */
            if (OpenPacket->CreateOptions & FILE_NO_INTERMEDIATE_BUFFERING)
            {
                /* Set the correct flag for the FSD to read */
                FileObject->Flags |= FO_NO_INTERMEDIATE_BUFFERING;
            }

            /* Check if the caller requested write through support */
            if (OpenPacket->CreateOptions & FILE_WRITE_THROUGH)
            {
                /* Set the correct flag for the FSD to read */
                FileObject->Flags |= FO_WRITE_THROUGH;
            }

            /* Check if the caller says the file will be only read sequentially */
            if (OpenPacket->CreateOptions & FILE_SEQUENTIAL_ONLY)
            {
                /* Set the correct flag for the FSD to read */
                FileObject->Flags |= FO_SEQUENTIAL_ONLY;
            }

            /* Check if the caller believes the file will be only read randomly */
            if (OpenPacket->CreateOptions & FILE_RANDOM_ACCESS)
            {
                /* Set the correct flag for the FSD to read */
                FileObject->Flags |= FO_RANDOM_ACCESS;
            }

            /* Check if we were asked to setup a file object extension */
            if (OpenPacket->InternalFlags & IOP_CREATE_FILE_OBJECT_EXTENSION)
            {
                PFILE_OBJECT_EXTENSION FileObjectExtension;

                /* Make sure the file object knows it has an extension */
                FileObject->Flags |= FO_FILE_OBJECT_HAS_EXTENSION;

                FileObjectExtension = (PFILE_OBJECT_EXTENSION)(FileObject + 1);
                FileObject->FileObjectExtension = FileObjectExtension;

                /* Add the top level device which we'll send the request to */
                if (OpenPacket->InternalFlags & IOP_USE_TOP_LEVEL_DEVICE_HINT)
                {
                    FileObjectExtension->TopDeviceObjectHint = DeviceObject;
                }
            }
        }
        else
        {
            /* Use the dummy object instead */
            LocalFileObject = OpenPacket->LocalFileObject;
            RtlZeroMemory(LocalFileObject, sizeof(DUMMY_FILE_OBJECT));

            /* Set it up */
            FileObject = (PFILE_OBJECT)&LocalFileObject->ObjectHeader.Body;
            LocalFileObject->ObjectHeader.Type = IoFileObjectType;
            LocalFileObject->ObjectHeader.PointerCount = 1;
        }

        /* Setup the file header */
        FileObject->Type = IO_TYPE_FILE;
        FileObject->Size = sizeof(FILE_OBJECT);
        FileObject->RelatedFileObject = OpenPacket->RelatedFileObject;
        FileObject->DeviceObject = OriginalDeviceObject;

        /* Check if this is a direct device open */
        if (DirectOpen) FileObject->Flags |= FO_DIRECT_DEVICE_OPEN;

        /* Check if the caller wants case sensitivity */
        if (!(Attributes & OBJ_CASE_INSENSITIVE))
        {
            /* Tell the driver about it */
            FileObject->Flags |= FO_OPENED_CASE_SENSITIVE;
        }

        /* Now set the file object */
        Irp->Tail.Overlay.OriginalFileObject = FileObject;
        StackLoc->FileObject = FileObject;

        /* Check if the file object has a name */
        if (RemainingName->Length)
        {
            /* Setup the unicode string */
            FileObject->FileName.MaximumLength = RemainingName->Length + sizeof(WCHAR);
            FileObject->FileName.Buffer = ExAllocatePoolWithTag(PagedPool,
                                                                FileObject->FileName.MaximumLength,
                                                                TAG_IO_NAME);
            if (!FileObject->FileName.Buffer)
            {
                /* Failed to allocate the name, free the IRP */
                IoFreeIrp(Irp);

                /* Dereference the device object and VPB */
                IopDereferenceDeviceObject(OriginalDeviceObject, FALSE);
                if (Vpb) IopDereferenceVpbAndFree(Vpb);

                /* Clear the FO and dereference it */
                FileObject->DeviceObject = NULL;
                if (!UseDummyFile) ObDereferenceObject(FileObject);

                /* Fail */
                return STATUS_INSUFFICIENT_RESOURCES;
            }
        }

        /* Copy the name */
        RtlCopyUnicodeString(&FileObject->FileName, RemainingName);

        /* Initialize the File Object event and set the FO */
        KeInitializeEvent(&FileObject->Event, NotificationEvent, FALSE);
        OpenPacket->FileObject = FileObject;

        /* Queue the IRP and call the driver */
        IopQueueIrpToThread(Irp);
        Status = IoCallDriver(DeviceObject, Irp);
        if (Status == STATUS_PENDING)
        {
            /* Wait for the driver to complete the create */
            KeWaitForSingleObject(&FileObject->Event,
                                  Executive,
                                  KernelMode,
                                  FALSE,
                                  NULL);

            /* Get the new status */
            Status = IoStatusBlock.Status;
        }
        else
        {
            /* We'll have to complete it ourselves */
            ASSERT(!Irp->PendingReturned);
            ASSERT(!Irp->MdlAddress);

            /* Handle name change if required */
            if (Status == STATUS_REPARSE)
            {
                /* Check this is a mount point */
                if (Irp->IoStatus.Information == IO_REPARSE_TAG_MOUNT_POINT)
                {
                    PREPARSE_DATA_BUFFER ReparseData;

                    /* Reparse point attributes were passed by the driver in the auxiliary buffer */
                    ASSERT(Irp->Tail.Overlay.AuxiliaryBuffer != NULL);
                    ReparseData = (PREPARSE_DATA_BUFFER)Irp->Tail.Overlay.AuxiliaryBuffer;

                    ASSERT(ReparseData->ReparseTag == IO_REPARSE_TAG_MOUNT_POINT);
                    ASSERT(ReparseData->ReparseDataLength < MAXIMUM_REPARSE_DATA_BUFFER_SIZE);
                    ASSERT(ReparseData->Reserved < MAXIMUM_REPARSE_DATA_BUFFER_SIZE);

                    IopDoNameTransmogrify(Irp, FileObject, ReparseData);
                }
            }

            /* Completion happens at APC_LEVEL */
            KeRaiseIrql(APC_LEVEL, &OldIrql);

            /* Get the new I/O Status block ourselves */
            IoStatusBlock = Irp->IoStatus;
            Status = IoStatusBlock.Status;

            /* Manually signal the even, we can't have any waiters */
            FileObject->Event.Header.SignalState = 1;

            /* Now that we've signaled the events, de-associate the IRP */
            IopUnQueueIrpFromThread(Irp);

            /* Check if the IRP had an input buffer */
            if ((Irp->Flags & IRP_BUFFERED_IO) &&
                (Irp->Flags & IRP_DEALLOCATE_BUFFER))
            {
                /* Free it. A driver might've tacked one on */
                ExFreePool(Irp->AssociatedIrp.SystemBuffer);
            }

            /* Free the IRP and bring the IRQL back down */
            IoFreeIrp(Irp);
            KeLowerIrql(OldIrql);
        }

        /* Copy the I/O Status */
        OpenPacket->Information = IoStatusBlock.Information;

        /* The driver failed to create the file */
        if (!NT_SUCCESS(Status))
        {
            /* Check if we have a name and if so, free it */
            if (FileObject->FileName.Length)
            {
                /*
                 * Don't use TAG_IO_NAME since the FileObject's FileName
                 * may have been re-allocated using a different tag
                 * by a filesystem.
                 */
                ExFreePoolWithTag(FileObject->FileName.Buffer, 0);
                FileObject->FileName.Buffer = NULL;
                FileObject->FileName.Length = 0;
            }

            /* Clear its device object */
            FileObject->DeviceObject = NULL;

            /* Save this now because the FO might go away */
            OpenCancelled = FileObject->Flags & FO_FILE_OPEN_CANCELLED ?
                            TRUE : FALSE;

            /* Clear the file object in the open packet */
            OpenPacket->FileObject = NULL;

            /* Dereference the file object */
            if (!UseDummyFile) ObDereferenceObject(FileObject);

            /* Dereference the device object */
            IopDereferenceDeviceObject(OriginalDeviceObject, FALSE);

            /* Unless the driver cancelled the open, dereference the VPB */
            if (!(OpenCancelled) && (Vpb)) IopDereferenceVpbAndFree(Vpb);

            /* Set the status and return */
            OpenPacket->FinalStatus = Status;
            return Status;
        }
        else if (Status == STATUS_REPARSE)
        {
            if (OpenPacket->Information == IO_REPARSE ||
                OpenPacket->Information == IO_REPARSE_TAG_MOUNT_POINT)
            {
                /* Update CompleteName with reparse info which got updated in IopDoNameTransmogrify() */
                if (CompleteName->MaximumLength < FileObject->FileName.Length)
                {
                    PWSTR NewCompleteName;

                    /* Allocate a new buffer for the string */
                    NewCompleteName = ExAllocatePoolWithTag(PagedPool, FileObject->FileName.Length, TAG_IO_NAME);
                    if (NewCompleteName == NULL)
                    {
                        OpenPacket->FinalStatus = STATUS_INSUFFICIENT_RESOURCES;
                        return STATUS_INSUFFICIENT_RESOURCES;
                    }

                    /* Release the old one */
                    if (CompleteName->Buffer != NULL)
                    {
                        /*
                         * Don't use TAG_IO_NAME since the FileObject's FileName
                         * may have been re-allocated using a different tag
                         * by a filesystem.
                         */
                        ExFreePoolWithTag(CompleteName->Buffer, 0);
                    }

                    /* And setup the new one */
                    CompleteName->Buffer = NewCompleteName;
                    CompleteName->MaximumLength = FileObject->FileName.Length;
                }

                /* Copy our new complete name */
                RtlCopyUnicodeString(CompleteName, &FileObject->FileName);

                if (OpenPacket->Information == IO_REPARSE_TAG_MOUNT_POINT)
                {
                    OpenPacket->RelatedFileObject = NULL;
                }
            }

            /* Check if we have a name and if so, free it */
            if (FileObject->FileName.Length)
            {
                /*
                 * Don't use TAG_IO_NAME since the FileObject's FileName
                 * may have been re-allocated using a different tag
                 * by a filesystem.
                 */
                ExFreePoolWithTag(FileObject->FileName.Buffer, 0);
                FileObject->FileName.Buffer = NULL;
                FileObject->FileName.Length = 0;
            }

            /* Clear its device object */
            FileObject->DeviceObject = NULL;

            /* Clear the file object in the open packet */
            OpenPacket->FileObject = NULL;

            /* Dereference the file object */
            if (!UseDummyFile) ObDereferenceObject(FileObject);

            /* Dereference the device object */
            IopDereferenceDeviceObject(OriginalDeviceObject, FALSE);

            /* Unless the driver cancelled the open, dereference the VPB */
            if (Vpb != NULL) IopDereferenceVpbAndFree(Vpb);

            if (OpenPacket->Information != IO_REMOUNT)
            {
                OpenPacket->RelatedFileObject = NULL;

                /* Inform we traversed a mount point for later attempt */
                if (OpenPacket->Information == IO_REPARSE_TAG_MOUNT_POINT)
                {
                    OpenPacket->TraversedMountPoint = 1;
                }

                /* In case we override checks, but got this on volume open, fail hard */
                if (OpenPacket->Override)
                {
                    KeBugCheckEx(DRIVER_RETURNED_STATUS_REPARSE_FOR_VOLUME_OPEN,
                                 (ULONG_PTR)OriginalDeviceObject,
                                 (ULONG_PTR)DeviceObject,
                                 (ULONG_PTR)CompleteName,
                                 OpenPacket->Information);
                }

                /* Return to IO/OB so that information can be upgraded */
                return STATUS_REPARSE;
            }

            /* Loop again and reattempt an opening */
            continue;
        }

        break;
    }

    if (Attempt == IOP_MAX_REPARSE_TRAVERSAL)
        return STATUS_UNSUCCESSFUL;

    /* Get the owner of the File Object */
    OwnerDevice = IoGetRelatedDeviceObject(FileObject);

    /*
     * It's possible that the device to whom we sent the IRP to
     * isn't actually the device that ended opening the file object
     * internally.
     */
    if (OwnerDevice != DeviceObject)
    {
        /* We have to de-reference the VPB we had associated */
        if (Vpb) IopDereferenceVpbAndFree(Vpb);

        /* And re-associate with the actual one */
        Vpb = FileObject->Vpb;
        if (Vpb) InterlockedIncrement((PLONG)&Vpb->ReferenceCount);
    }

    /* Make sure we are not using a dummy */
    if (!UseDummyFile)
    {
        /* Check if this was a volume open */
        if ((!(FileObject->RelatedFileObject) ||
              (FileObject->RelatedFileObject->Flags & FO_VOLUME_OPEN)) &&
            !(FileObject->FileName.Length))
        {
            /* All signs point to it, but make sure it was actually an FSD */
            if ((OwnerDevice->DeviceType == FILE_DEVICE_DISK_FILE_SYSTEM) ||
                (OwnerDevice->DeviceType == FILE_DEVICE_CD_ROM_FILE_SYSTEM) ||
                (OwnerDevice->DeviceType == FILE_DEVICE_TAPE_FILE_SYSTEM) ||
                (OwnerDevice->DeviceType == FILE_DEVICE_FILE_SYSTEM))
            {
                /* The owner device is an FSD, so this is a volume open for real */
                FileObject->Flags |= FO_VOLUME_OPEN;
            }
        }

        /* Reference the object and set the parse check */
        ObReferenceObject(FileObject);
        *Object = FileObject;
        OpenPacket->FinalStatus = IoStatusBlock.Status;
        OpenPacket->ParseCheck = TRUE;
        return OpenPacket->FinalStatus;
    }
    else
    {
        /* Check if this was a query */
        if (OpenPacket->QueryOnly)
        {
            /* Check if the caller wants basic info only */
            if (!OpenPacket->FullAttributes)
            {
                /* Allocate the buffer */
                FileBasicInfo = ExAllocatePoolWithTag(NonPagedPool,
                                                      sizeof(*FileBasicInfo),
                                                      TAG_IO);
                if (FileBasicInfo)
                {
                    /* Do the query */
                    Status = IoQueryFileInformation(FileObject,
                                                    FileBasicInformation,
                                                    sizeof(*FileBasicInfo),
                                                    FileBasicInfo,
                                                    &ReturnLength);
                    if (NT_SUCCESS(Status))
                    {
                        /* Copy the data */
                        RtlCopyMemory(OpenPacket->BasicInformation,
                                      FileBasicInfo,
                                      ReturnLength);
                    }

                    /* Free our buffer */
                    ExFreePoolWithTag(FileBasicInfo, TAG_IO);
                }
                else
                {
                    /* Fail */
                    Status = S