ReactOS  0.4.13-dev-39-g8b6696f
security.c File Reference
#include "btrfs_drv.h"
Include dependency graph for security.c:

Go to the source code of this file.

Classes

struct  sid_header
 
struct  dacl
 

Macros

#define SEF_DACL_AUTO_INHERIT   0x01
 
#define SEF_SACL_AUTO_INHERIT   0x02
 

Functions

void add_user_mapping (WCHAR *sidstring, ULONG sidstringlength, UINT32 uid)
 
void add_group_mapping (WCHAR *sidstring, ULONG sidstringlength, UINT32 gid)
 
NTSTATUS uid_to_sid (UINT32 uid, PSID *sid)
 
UINT32 sid_to_uid (PSID sid)
 
static void gid_to_sid (UINT32 gid, PSID *sid)
 
static ACLload_default_acl ()
 
static void get_top_level_sd (fcb *fcb)
 
void fcb_get_sd (fcb *fcb, struct _fcb *parent, BOOL look_for_xattr, PIRP Irp)
 
static NTSTATUS get_file_security (PFILE_OBJECT FileObject, SECURITY_DESCRIPTOR *relsd, ULONG *buflen, SECURITY_INFORMATION flags)
 
 _Dispatch_type_ (IRP_MJ_QUERY_SECURITY)
 
static NTSTATUS set_file_security (device_extension *Vcb, PFILE_OBJECT FileObject, SECURITY_DESCRIPTOR *sd, PSECURITY_INFORMATION flags, PIRP Irp)
 
 _Dispatch_type_ (IRP_MJ_SET_SECURITY)
 
static BOOL search_for_gid (fcb *fcb, PSID sid)
 
void find_gid (struct _fcb *fcb, struct _fcb *parfcb, PSECURITY_SUBJECT_CONTEXT subjcont)
 
NTSTATUS fcb_get_new_sd (fcb *fcb, file_ref *parfileref, ACCESS_STATE *as)
 

Variables

static sid_header sid_BA = { 1, 2, SECURITY_NT_AUTHORITY, {32, 544}}
 
static sid_header sid_SY = { 1, 1, SECURITY_NT_AUTHORITY, {18}}
 
static sid_header sid_BU = { 1, 2, SECURITY_NT_AUTHORITY, {32, 545}}
 
static sid_header sid_AU = { 1, 1, SECURITY_NT_AUTHORITY, {11}}
 
static dacl def_dacls []
 
LIST_ENTRY uid_map_list
 
LIST_ENTRY gid_map_list
 
ERESOURCE mapping_lock
 

Macro Definition Documentation

◆ SEF_DACL_AUTO_INHERIT

#define SEF_DACL_AUTO_INHERIT   0x01

Definition at line 20 of file security.c.

◆ SEF_SACL_AUTO_INHERIT

#define SEF_SACL_AUTO_INHERIT   0x02

Definition at line 21 of file security.c.

Function Documentation

◆ _Dispatch_type_() [1/2]

_Dispatch_type_ ( IRP_MJ_QUERY_SECURITY  )

Definition at line 579 of file security.c.

581  {
586  ULONG buflen;
587  BOOL top_level;
589  ccb* ccb = FileObject ? FileObject->FsContext2 : NULL;
590 
592 
593  TRACE("query security\n");
594 
595  top_level = is_top_level(Irp);
596 
597  if (Vcb && Vcb->type == VCB_TYPE_VOLUME) {
599  goto end;
600  } else if (!Vcb || Vcb->type != VCB_TYPE_FS) {
602  goto end;
603  }
604 
605  if (!ccb) {
606  ERR("no ccb\n");
608  goto end;
609  }
610 
611  if (Irp->RequestorMode == UserMode && !(ccb->access & READ_CONTROL)) {
612  WARN("insufficient permissions\n");
614  goto end;
615  }
616 
618 
619  Irp->IoStatus.Information = 0;
620 
621  if (IrpSp->Parameters.QuerySecurity.SecurityInformation & OWNER_SECURITY_INFORMATION)
622  TRACE("OWNER_SECURITY_INFORMATION\n");
623 
624  if (IrpSp->Parameters.QuerySecurity.SecurityInformation & GROUP_SECURITY_INFORMATION)
625  TRACE("GROUP_SECURITY_INFORMATION\n");
626 
627  if (IrpSp->Parameters.QuerySecurity.SecurityInformation & DACL_SECURITY_INFORMATION)
628  TRACE("DACL_SECURITY_INFORMATION\n");
629 
630  if (IrpSp->Parameters.QuerySecurity.SecurityInformation & SACL_SECURITY_INFORMATION)
631  TRACE("SACL_SECURITY_INFORMATION\n");
632 
633  TRACE("length = %u\n", IrpSp->Parameters.QuerySecurity.Length);
634 
636  TRACE("sd = %p\n", sd);
637 
638  if (Irp->MdlAddress && !sd) {
639  ERR("MmGetSystemAddressForMdlSafe returned NULL\n");
641  goto end;
642  }
643 
644  buflen = IrpSp->Parameters.QuerySecurity.Length;
645 
646  Status = get_file_security(IrpSp->FileObject, sd, &buflen, IrpSp->Parameters.QuerySecurity.SecurityInformation);
647 
648  if (NT_SUCCESS(Status))
649  Irp->IoStatus.Information = IrpSp->Parameters.QuerySecurity.Length;
650  else if (Status == STATUS_BUFFER_TOO_SMALL) {
651  Irp->IoStatus.Information = buflen;
653  } else
654  Irp->IoStatus.Information = 0;
655 
656 end:
657  TRACE("Irp->IoStatus.Information = %u\n", Irp->IoStatus.Information);
658 
659  Irp->IoStatus.Status = Status;
660 
662 
663  if (top_level)
665 
666  TRACE("returning %08x\n", Status);
667 
669 
670  return Status;
671 }
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
#define FsRtlEnterFileSystem
#define FsRtlExitFileSystem
NTSTATUS vol_query_security(IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp)
Definition: volume.c:850
_In_ PIRP Irp
Definition: csq.h:116
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135
#define WARN(fmt,...)
Definition: debug.h:111
LONG NTSTATUS
Definition: precomp.h:26
#define VCB_TYPE_FS
Definition: btrfs_drv.h:627
#define GROUP_SECURITY_INFORMATION
Definition: setypes.h:124
GLuint GLuint end
Definition: gl.h:1545
ACCESS_MASK access
Definition: btrfs_drv.h:357
#define STATUS_BUFFER_TOO_SMALL
Definition: shellext.h:64
unsigned int BOOL
Definition: ntddk_ex.h:94
PVOID DeviceExtension
Definition: env_spec_w32.h:418
smooth NULL
Definition: ftsmooth.c:416
#define IoCompleteRequest
Definition: irp.c:1240
_Inout_ PFILE_OBJECT FileObject
Definition: cdprocs.h:593
#define TRACE(s)
Definition: solgame.cpp:4
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
#define VCB_TYPE_VOLUME
Definition: btrfs_drv.h:629
#define Vcb
Definition: cdprocs.h:1425
static __inline void * map_user_buffer(PIRP Irp, ULONG priority)
Definition: btrfs_drv.h:956
#define SACL_SECURITY_INFORMATION
Definition: setypes.h:126
#define STATUS_ACCESS_DENIED
Definition: udferr_usr.h:145
* PFILE_OBJECT
Definition: iotypes.h:1954
#define READ_CONTROL
Definition: nt_native.h:58
static const WCHAR sd[]
Definition: suminfo.c:287
VOID NTAPI IoSetTopLevelIrp(IN PIRP Irp)
Definition: irp.c:2000
Status
Definition: gdiplustypes.h:24
#define ERR(fmt,...)
Definition: debug.h:109
IN PDEVICE_OBJECT DeviceObject
Definition: fatprocs.h:1560
__drv_aliasesMem FORCEINLINE PIO_STACK_LOCATION IoGetCurrentIrpStackLocation(_In_ PIRP Irp)
Definition: iofuncs.h:2745
PFILE_OBJECT FileObject
Definition: iotypes.h:2812
#define STATUS_BUFFER_OVERFLOW
Definition: shellext.h:61
_In_ PIO_STACK_LOCATION IrpSp
Definition: create.c:4157
#define OWNER_SECURITY_INFORMATION
Definition: setypes.h:123
BOOL is_top_level(_In_ PIRP Irp)
Definition: btrfs.c:256
unsigned int ULONG
Definition: retypes.h:1
#define IO_NO_INCREMENT
Definition: iotypes.h:565
static NTSTATUS get_file_security(PFILE_OBJECT FileObject, SECURITY_DESCRIPTOR *relsd, ULONG *buflen, SECURITY_INFORMATION flags)
Definition: security.c:553
struct _NAMED_PIPE_CREATE_PARAMETERS * Parameters
Definition: iotypes.h:2771
return STATUS_SUCCESS
Definition: btrfs.c:2725
#define DACL_SECURITY_INFORMATION
Definition: setypes.h:125

◆ _Dispatch_type_() [2/2]

_Dispatch_type_ ( IRP_MJ_SET_SECURITY  )

Definition at line 744 of file security.c.

746  {
750  ccb* ccb = FileObject ? FileObject->FsContext2 : NULL;
752  ULONG access_req = 0;
753  BOOL top_level;
754 
756 
757  TRACE("set security\n");
758 
759  top_level = is_top_level(Irp);
760 
761  if (Vcb && Vcb->type == VCB_TYPE_VOLUME) {
763  goto end;
764  } else if (!Vcb || Vcb->type != VCB_TYPE_FS) {
766  goto end;
767  }
768 
769  if (!ccb) {
770  ERR("no ccb\n");
772  goto end;
773  }
774 
776 
777  Irp->IoStatus.Information = 0;
778 
779  if (IrpSp->Parameters.SetSecurity.SecurityInformation & OWNER_SECURITY_INFORMATION) {
780  TRACE("OWNER_SECURITY_INFORMATION\n");
781  access_req |= WRITE_OWNER;
782  }
783 
784  if (IrpSp->Parameters.SetSecurity.SecurityInformation & GROUP_SECURITY_INFORMATION) {
785  TRACE("GROUP_SECURITY_INFORMATION\n");
786  access_req |= WRITE_OWNER;
787  }
788 
789  if (IrpSp->Parameters.SetSecurity.SecurityInformation & DACL_SECURITY_INFORMATION) {
790  TRACE("DACL_SECURITY_INFORMATION\n");
791  access_req |= WRITE_DAC;
792  }
793 
794  if (IrpSp->Parameters.SetSecurity.SecurityInformation & SACL_SECURITY_INFORMATION) {
795  TRACE("SACL_SECURITY_INFORMATION\n");
796  access_req |= ACCESS_SYSTEM_SECURITY;
797  }
798 
799  if (Irp->RequestorMode == UserMode && (ccb->access & access_req) != access_req) {
801  WARN("insufficient privileges\n");
802  goto end;
803  }
804 
805  Status = set_file_security(DeviceObject->DeviceExtension, FileObject, IrpSp->Parameters.SetSecurity.SecurityDescriptor,
806  &IrpSp->Parameters.SetSecurity.SecurityInformation, Irp);
807 
808 end:
809  Irp->IoStatus.Status = Status;
810 
812 
813  TRACE("returning %08x\n", Status);
814 
815  if (top_level)
817 
819 
820  return Status;
821 }
#define FsRtlEnterFileSystem
#define ACCESS_SYSTEM_SECURITY
Definition: nt_native.h:77
#define FsRtlExitFileSystem
NTSTATUS vol_set_security(IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp)
Definition: volume.c:856
_In_ PIRP Irp
Definition: csq.h:116
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135
#define WARN(fmt,...)
Definition: debug.h:111
LONG NTSTATUS
Definition: precomp.h:26
#define VCB_TYPE_FS
Definition: btrfs_drv.h:627
#define GROUP_SECURITY_INFORMATION
Definition: setypes.h:124
GLuint GLuint end
Definition: gl.h:1545
ACCESS_MASK access
Definition: btrfs_drv.h:357
#define WRITE_OWNER
Definition: nt_native.h:60
unsigned int BOOL
Definition: ntddk_ex.h:94
static NTSTATUS set_file_security(device_extension *Vcb, PFILE_OBJECT FileObject, SECURITY_DESCRIPTOR *sd, PSECURITY_INFORMATION flags, PIRP Irp)
Definition: security.c:673
PVOID DeviceExtension
Definition: env_spec_w32.h:418
smooth NULL
Definition: ftsmooth.c:416
#define IoCompleteRequest
Definition: irp.c:1240
_Inout_ PFILE_OBJECT FileObject
Definition: cdprocs.h:593
#define TRACE(s)
Definition: solgame.cpp:4
#define VCB_TYPE_VOLUME
Definition: btrfs_drv.h:629
#define Vcb
Definition: cdprocs.h:1425
#define SACL_SECURITY_INFORMATION
Definition: setypes.h:126
#define WRITE_DAC
Definition: nt_native.h:59
#define STATUS_ACCESS_DENIED
Definition: udferr_usr.h:145
* PFILE_OBJECT
Definition: iotypes.h:1954
VOID NTAPI IoSetTopLevelIrp(IN PIRP Irp)
Definition: irp.c:2000
Status
Definition: gdiplustypes.h:24
#define ERR(fmt,...)
Definition: debug.h:109
IN PDEVICE_OBJECT DeviceObject
Definition: fatprocs.h:1560
__drv_aliasesMem FORCEINLINE PIO_STACK_LOCATION IoGetCurrentIrpStackLocation(_In_ PIRP Irp)
Definition: iofuncs.h:2745
PFILE_OBJECT FileObject
Definition: iotypes.h:2812
_In_ PIO_STACK_LOCATION IrpSp
Definition: create.c:4157
#define OWNER_SECURITY_INFORMATION
Definition: setypes.h:123
BOOL is_top_level(_In_ PIRP Irp)
Definition: btrfs.c:256
unsigned int ULONG
Definition: retypes.h:1
#define IO_NO_INCREMENT
Definition: iotypes.h:565
struct _NAMED_PIPE_CREATE_PARAMETERS * Parameters
Definition: iotypes.h:2771
return STATUS_SUCCESS
Definition: btrfs.c:2725
#define DACL_SECURITY_INFORMATION
Definition: setypes.h:125

◆ add_group_mapping()

void add_group_mapping ( WCHAR sidstring,
ULONG  sidstringlength,
UINT32  gid 
)

Definition at line 145 of file security.c.

145  {
146  unsigned int i, np;
147  UINT8 numdashes;
148  UINT64 val;
149  ULONG sidsize;
150  sid_header* sid;
151  gid_map* gm;
152 
153  if (sidstringlength < 4 || sidstring[0] != 'S' || sidstring[1] != '-' || sidstring[2] != '1' || sidstring[3] != '-') {
154  ERR("invalid SID\n");
155  return;
156  }
157 
158  sidstring = &sidstring[4];
159  sidstringlength -= 4;
160 
161  numdashes = 0;
162  for (i = 0; i < sidstringlength; i++) {
163  if (sidstring[i] == '-') {
164  numdashes++;
165  sidstring[i] = 0;
166  }
167  }
168 
169  sidsize = 8 + (numdashes * 4);
171  if (!sid) {
172  ERR("out of memory\n");
173  return;
174  }
175 
176  sid->revision = 0x01;
177  sid->elements = numdashes;
178 
179  np = 0;
180  while (sidstringlength > 0) {
181  val = 0;
182  i = 0;
183  while (sidstring[i] != '-' && i < sidstringlength) {
184  if (sidstring[i] >= '0' && sidstring[i] <= '9') {
185  val *= 10;
186  val += sidstring[i] - '0';
187  } else
188  break;
189 
190  i++;
191  }
192 
193  i++;
194  TRACE("val = %u, i = %u, ssl = %u\n", (UINT32)val, i, sidstringlength);
195 
196  if (np == 0) {
197  sid->auth[0] = (UINT8)((val & 0xff0000000000) >> 40);
198  sid->auth[1] = (UINT8)((val & 0xff00000000) >> 32);
199  sid->auth[2] = (UINT8)((val & 0xff000000) >> 24);
200  sid->auth[3] = (UINT8)((val & 0xff0000) >> 16);
201  sid->auth[4] = (UINT8)((val & 0xff00) >> 8);
202  sid->auth[5] = val & 0xff;
203  } else
204  sid->nums[np-1] = (UINT32)val;
205 
206  np++;
207 
208  if (sidstringlength > i) {
209  sidstringlength -= i;
210 
211  sidstring = &sidstring[i];
212  } else
213  break;
214  }
215 
217  if (!gm) {
218  ERR("out of memory\n");
219  ExFreePool(sid);
220  return;
221  }
222 
223  gm->sid = sid;
224  gm->gid = gid;
225 
227 }
FT_UInt sid
Definition: cffcmap.c:139
#define InsertTailList(ListHead, Entry)
PSID sid
Definition: btrfs_drv.h:862
#define ALLOC_TAG
Definition: btrfs_drv.h:86
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
unsigned int UINT32
GLuint GLfloat * val
Definition: glext.h:7180
#define TRACE(s)
Definition: solgame.cpp:4
UINT32 gid
Definition: btrfs_drv.h:863
#define ExAllocatePoolWithTag(hernya, size, tag)
Definition: env_spec_w32.h:350
LIST_ENTRY listentry
Definition: btrfs_drv.h:861
#define ERR(fmt,...)
Definition: debug.h:109
LIST_ENTRY gid_map_list
Definition: btrfs.c:66
unsigned int ULONG
Definition: retypes.h:1
unsigned long long UINT64
unsigned char UINT8
#define ExFreePool(addr)
Definition: env_spec_w32.h:352

Referenced by read_group_mappings().

◆ add_user_mapping()

void add_user_mapping ( WCHAR sidstring,
ULONG  sidstringlength,
UINT32  uid 
)

Definition at line 56 of file security.c.

56  {
57  unsigned int i, np;
58  UINT8 numdashes;
59  UINT64 val;
60  ULONG sidsize;
61  sid_header* sid;
62  uid_map* um;
63 
64  if (sidstringlength < 4 ||
65  sidstring[0] != 'S' ||
66  sidstring[1] != '-' ||
67  sidstring[2] != '1' ||
68  sidstring[3] != '-') {
69  ERR("invalid SID\n");
70  return;
71  }
72 
73  sidstring = &sidstring[4];
74  sidstringlength -= 4;
75 
76  numdashes = 0;
77  for (i = 0; i < sidstringlength; i++) {
78  if (sidstring[i] == '-') {
79  numdashes++;
80  sidstring[i] = 0;
81  }
82  }
83 
84  sidsize = 8 + (numdashes * 4);
86  if (!sid) {
87  ERR("out of memory\n");
88  return;
89  }
90 
91  sid->revision = 0x01;
92  sid->elements = numdashes;
93 
94  np = 0;
95  while (sidstringlength > 0) {
96  val = 0;
97  i = 0;
98  while (sidstring[i] != '-' && i < sidstringlength) {
99  if (sidstring[i] >= '0' && sidstring[i] <= '9') {
100  val *= 10;
101  val += sidstring[i] - '0';
102  } else
103  break;
104 
105  i++;
106  }
107 
108  i++;
109  TRACE("val = %u, i = %u, ssl = %u\n", (UINT32)val, i, sidstringlength);
110 
111  if (np == 0) {
112  sid->auth[0] = (UINT8)((val & 0xff0000000000) >> 40);
113  sid->auth[1] = (UINT8)((val & 0xff00000000) >> 32);
114  sid->auth[2] = (UINT8)((val & 0xff000000) >> 24);
115  sid->auth[3] = (UINT8)((val & 0xff0000) >> 16);
116  sid->auth[4] = (UINT8)((val & 0xff00) >> 8);
117  sid->auth[5] = val & 0xff;
118  } else {
119  sid->nums[np-1] = (UINT32)val;
120  }
121 
122  np++;
123 
124  if (sidstringlength > i) {
125  sidstringlength -= i;
126 
127  sidstring = &sidstring[i];
128  } else
129  break;
130  }
131 
133  if (!um) {
134  ERR("out of memory\n");
135  ExFreePool(sid);
136  return;
137  }
138 
139  um->sid = sid;
140  um->uid = uid;
141 
143 }
UINT32 uid
Definition: btrfs_drv.h:857
FT_UInt sid
Definition: cffcmap.c:139
#define InsertTailList(ListHead, Entry)
#define ALLOC_TAG
Definition: btrfs_drv.h:86
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
PSID sid
Definition: btrfs_drv.h:856
LIST_ENTRY uid_map_list
Definition: btrfs.c:66
unsigned int UINT32
GLuint GLfloat * val
Definition: glext.h:7180
#define TRACE(s)
Definition: solgame.cpp:4
#define ExAllocatePoolWithTag(hernya, size, tag)
Definition: env_spec_w32.h:350
#define ERR(fmt,...)
Definition: debug.h:109
LIST_ENTRY listentry
Definition: btrfs_drv.h:855
unsigned int ULONG
Definition: retypes.h:1
unsigned long long UINT64
unsigned char UINT8
#define ExFreePool(addr)
Definition: env_spec_w32.h:352

Referenced by read_mappings().

◆ fcb_get_new_sd()

NTSTATUS fcb_get_new_sd ( fcb fcb,
file_ref parfileref,
ACCESS_STATE as 
)

Definition at line 905 of file security.c.

905  {
907  PSID owner;
908  BOOLEAN defaulted;
909 
910  Status = SeAssignSecurityEx(parfileref ? parfileref->fcb->sd : NULL, as->SecurityDescriptor, (void**)&fcb->sd, NULL, fcb->type == BTRFS_TYPE_DIRECTORY,
912 
913  if (!NT_SUCCESS(Status)) {
914  ERR("SeAssignSecurityEx returned %08x\n", Status);
915  return Status;
916  }
917 
918  Status = RtlGetOwnerSecurityDescriptor(fcb->sd, &owner, &defaulted);
919  if (!NT_SUCCESS(Status)) {
920  ERR("RtlGetOwnerSecurityDescriptor returned %08x\n", Status);
922  } else {
923  fcb->inode_item.st_uid = sid_to_uid(owner);
924  }
925 
926  find_gid(fcb, parfileref ? parfileref->fcb : NULL, &as->SubjectSecurityContext);
927 
928  return STATUS_SUCCESS;
929 }
PGENERIC_MAPPING NTAPI IoGetFileObjectGenericMapping(VOID)
Definition: file.c:3266
NTKERNELAPI NTSTATUS NTAPI SeAssignSecurityEx(_In_opt_ PSECURITY_DESCRIPTOR ParentDescriptor, _In_opt_ PSECURITY_DESCRIPTOR ExplicitDescriptor, _Out_ PSECURITY_DESCRIPTOR *NewDescriptor, _In_opt_ GUID *ObjectType, _In_ BOOLEAN IsDirectoryObject, _In_ ULONG AutoInheritFlags, _In_ PSECURITY_SUBJECT_CONTEXT SubjectContext, _In_ PGENERIC_MAPPING GenericMapping, _In_ POOL_TYPE PoolType)
PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: setypes.h:207
UINT32 st_uid
Definition: btrfs.h:271
LONG NTSTATUS
Definition: precomp.h:26
SECURITY_DESCRIPTOR * sd
Definition: btrfs_drv.h:265
#define BTRFS_TYPE_DIRECTORY
Definition: shellext.h:81
unsigned char BOOLEAN
smooth NULL
Definition: ftsmooth.c:416
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
SECURITY_SUBJECT_CONTEXT SubjectSecurityContext
Definition: setypes.h:206
fcb * fcb
Definition: btrfs_drv.h:316
INODE_ITEM inode_item
Definition: btrfs_drv.h:264
Status
Definition: gdiplustypes.h:24
#define ERR(fmt,...)
Definition: debug.h:109
UINT32 sid_to_uid(PSID sid)
Definition: security.c:310
NTSYSAPI NTSTATUS NTAPI RtlGetOwnerSecurityDescriptor(IN PSECURITY_DESCRIPTOR SecurityDescriptor, OUT PSID *Owner, OUT PBOOLEAN OwnerDefaulted)
Definition: sd.c:257
UINT8 type
Definition: btrfs_drv.h:263
#define SEF_SACL_AUTO_INHERIT
Definition: security.c:21
return STATUS_SUCCESS
Definition: btrfs.c:2725
void find_gid(struct _fcb *fcb, struct _fcb *parfcb, PSECURITY_SUBJECT_CONTEXT subjcont)
Definition: security.c:841
#define UID_NOBODY
Definition: btrfs_drv.h:89

Referenced by file_create2().

◆ fcb_get_sd()

void fcb_get_sd ( fcb fcb,
struct _fcb parent,
BOOL  look_for_xattr,
PIRP  Irp 
)

Definition at line 511 of file security.c.

511  {
513  PSID usersid = NULL, groupsid = NULL;
514  SECURITY_SUBJECT_CONTEXT subjcont;
515  ULONG buflen;
516 
517  if (look_for_xattr && get_xattr(fcb->Vcb, fcb->subvol, fcb->inode, EA_NTACL, EA_NTACL_HASH, (UINT8**)&fcb->sd, (UINT16*)&buflen, Irp))
518  return;
519 
520  if (!parent) {
522  return;
523  }
524 
525  SeCaptureSubjectContext(&subjcont);
526 
529  if (!NT_SUCCESS(Status)) {
530  ERR("SeAssignSecurityEx returned %08x\n", Status);
531  }
532 
533  Status = uid_to_sid(fcb->inode_item.st_uid, &usersid);
534  if (!NT_SUCCESS(Status)) {
535  ERR("uid_to_sid returned %08x\n", Status);
536  return;
537  }
538 
540 
541  gid_to_sid(fcb->inode_item.st_gid, &groupsid);
542  if (!groupsid) {
543  ERR("out of memory\n");
544  return;
545  }
546 
548 
549  ExFreePool(usersid);
550  ExFreePool(groupsid);
551 }
PGENERIC_MAPPING NTAPI IoGetFileObjectGenericMapping(VOID)
Definition: file.c:3266
VOID NTAPI SeCaptureSubjectContext(OUT PSECURITY_SUBJECT_CONTEXT SubjectContext)
Definition: access.c:301
NTKERNELAPI NTSTATUS NTAPI SeAssignSecurityEx(_In_opt_ PSECURITY_DESCRIPTOR ParentDescriptor, _In_opt_ PSECURITY_DESCRIPTOR ExplicitDescriptor, _Out_ PSECURITY_DESCRIPTOR *NewDescriptor, _In_opt_ GUID *ObjectType, _In_ BOOLEAN IsDirectoryObject, _In_ ULONG AutoInheritFlags, _In_ PSECURITY_SUBJECT_CONTEXT SubjectContext, _In_ PGENERIC_MAPPING GenericMapping, _In_ POOL_TYPE PoolType)
NTSYSAPI NTSTATUS NTAPI RtlSetGroupSecurityDescriptor(IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor, IN PSID Group, IN BOOLEAN GroupDefaulted)
Definition: sd.c:410
_In_ PIRP Irp
Definition: csq.h:116
UINT32 st_gid
Definition: btrfs.h:272
UINT64 inode
Definition: btrfs_drv.h:262
UINT32 st_uid
Definition: btrfs.h:271
LONG NTSTATUS
Definition: precomp.h:26
#define EA_NTACL_HASH
Definition: btrfs_drv.h:93
SECURITY_DESCRIPTOR * sd
Definition: btrfs_drv.h:265
static void get_top_level_sd(fcb *fcb)
Definition: security.c:415
#define BTRFS_TYPE_DIRECTORY
Definition: shellext.h:81
smooth NULL
Definition: ftsmooth.c:416
const string EA_NTACL
Definition: recv.cpp:37
NTSTATUS uid_to_sid(UINT32 uid, PSID *sid)
Definition: security.c:229
r parent
Definition: btrfs.c:2659
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
static void gid_to_sid(UINT32 gid, PSID *sid)
Definition: security.c:341
#define SEF_DACL_AUTO_INHERIT
Definition: security.c:20
NTSYSAPI NTSTATUS WINAPI RtlSetOwnerSecurityDescriptor(PSECURITY_DESCRIPTOR, PSID, BOOLEAN)
INODE_ITEM inode_item
Definition: btrfs_drv.h:264
Status
Definition: gdiplustypes.h:24
#define ERR(fmt,...)
Definition: debug.h:109
unsigned short UINT16
struct _root * subvol
Definition: btrfs_drv.h:261
UINT8 type
Definition: btrfs_drv.h:263
unsigned int ULONG
Definition: retypes.h:1
unsigned char UINT8
struct _device_extension * Vcb
Definition: btrfs_drv.h:260
#define ExFreePool(addr)
Definition: env_spec_w32.h:352

Referenced by fsctl_set_xattr(), and mount_vol().

◆ find_gid()

void find_gid ( struct _fcb fcb,
struct _fcb parfcb,
PSECURITY_SUBJECT_CONTEXT  subjcont 
)

Definition at line 841 of file security.c.

841  {
843  TOKEN_OWNER* to;
844  TOKEN_PRIMARY_GROUP* tpg;
845  TOKEN_GROUPS* tg;
846 
847  if (parfcb && parfcb->inode_item.st_mode & S_ISGID) {
849  return;
850  }
851 
853 
854  if (!subjcont || !subjcont->PrimaryToken || IsListEmpty(&gid_map_list)) {
856  return;
857  }
858 
859  Status = SeQueryInformationToken(subjcont->PrimaryToken, TokenOwner, (void**)&to);
860  if (!NT_SUCCESS(Status))
861  ERR("SeQueryInformationToken returned %08x\n", Status);
862  else {
863  if (search_for_gid(fcb, to->Owner)) {
865  ExFreePool(to);
866  return;
867  }
868 
869  ExFreePool(to);
870  }
871 
872  Status = SeQueryInformationToken(subjcont->PrimaryToken, TokenPrimaryGroup, (void**)&tpg);
873  if (!NT_SUCCESS(Status))
874  ERR("SeQueryInformationToken returned %08x\n", Status);
875  else {
876  if (search_for_gid(fcb, tpg->PrimaryGroup)) {
878  ExFreePool(tpg);
879  return;
880  }
881 
882  ExFreePool(tpg);
883  }
884 
885  Status = SeQueryInformationToken(subjcont->PrimaryToken, TokenGroups, (void**)&tg);
886  if (!NT_SUCCESS(Status))
887  ERR("SeQueryInformationToken returned %08x\n", Status);
888  else {
889  ULONG i;
890 
891  for (i = 0; i < tg->GroupCount; i++) {
892  if (search_for_gid(fcb, tg->Groups[i].Sid)) {
894  ExFreePool(tg);
895  return;
896  }
897  }
898 
899  ExFreePool(tg);
900  }
901 
903 }
#define TRUE
Definition: types.h:120
#define S_ISGID
Definition: propsheet.h:69
UINT32 st_gid
Definition: btrfs.h:272
LONG NTSTATUS
Definition: precomp.h:26
_Must_inspect_result_ FORCEINLINE BOOLEAN IsListEmpty(_In_ const LIST_ENTRY *ListHead)
Definition: rtlfuncs.h:57
UINT32 st_mode
Definition: btrfs.h:273
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
PSID Owner
Definition: setypes.h:974
ERESOURCE mapping_lock
Definition: btrfs.c:93
PACCESS_TOKEN PrimaryToken
Definition: setypes.h:192
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
VOID FASTCALL ExReleaseResourceLite(IN PERESOURCE Resource)
Definition: resource.c:1817
INODE_ITEM inode_item
Definition: btrfs_drv.h:264
Status
Definition: gdiplustypes.h:24
#define ERR(fmt,...)
Definition: debug.h:109
NTSTATUS NTAPI SeQueryInformationToken(IN PACCESS_TOKEN AccessToken, IN TOKEN_INFORMATION_CLASS TokenInformationClass, OUT PVOID *TokenInformation)
Definition: token.c:1309
LIST_ENTRY gid_map_list
Definition: btrfs.c:66
SID_AND_ATTRIBUTES Groups[ANYSIZE_ARRAY]
Definition: setypes.h:964
BOOLEAN NTAPI ExAcquireResourceSharedLite(IN PERESOURCE Resource, IN BOOLEAN Wait)
Definition: resource.c:885
$ULONG GroupCount
Definition: setypes.h:960
unsigned int ULONG
Definition: retypes.h:1
#define ExFreePool(addr)
Definition: env_spec_w32.h:352
static BOOL search_for_gid(fcb *fcb, PSID sid)
Definition: security.c:823

Referenced by create_directory_fcb(), create_subvol(), fcb_get_new_sd(), and mknod().

◆ get_file_security()

static NTSTATUS get_file_security ( PFILE_OBJECT  FileObject,
SECURITY_DESCRIPTOR relsd,
ULONG buflen,
SECURITY_INFORMATION  flags 
)
static

Definition at line 553 of file security.c.

553  {
555  fcb* fcb = FileObject->FsContext;
556  ccb* ccb = FileObject->FsContext2;
557  file_ref* fileref = ccb ? ccb->fileref : NULL;
558 
559  if (fcb->ads) {
560  if (fileref && fileref->parent)
561  fcb = fileref->parent->fcb;
562  else {
563  ERR("could not get parent fcb for stream\n");
564  return STATUS_INTERNAL_ERROR;
565  }
566  }
567 
568  // Why (void**)? Is this a bug in mingw?
569  Status = SeQuerySecurityDescriptorInfo(&flags, relsd, buflen, (void**)&fcb->sd);
570 
572  TRACE("SeQuerySecurityDescriptorInfo returned %08x\n", Status);
573  else if (!NT_SUCCESS(Status))
574  ERR("SeQuerySecurityDescriptorInfo returned %08x\n", Status);
575 
576  return Status;
577 }
struct _file_ref * parent
Definition: btrfs_drv.h:326
LONG NTSTATUS
Definition: precomp.h:26
#define STATUS_BUFFER_TOO_SMALL
Definition: shellext.h:64
#define STATUS_INTERNAL_ERROR
Definition: ntstatus.h:451
SECURITY_DESCRIPTOR * sd
Definition: btrfs_drv.h:265
smooth NULL
Definition: ftsmooth.c:416
_Inout_ PFILE_OBJECT FileObject
Definition: cdprocs.h:593
#define TRACE(s)
Definition: solgame.cpp:4
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
GLbitfield flags
Definition: glext.h:7161
BOOL ads
Definition: btrfs_drv.h:299
Status
Definition: gdiplustypes.h:24
#define ERR(fmt,...)
Definition: debug.h:109
NTKERNELAPI NTSTATUS NTAPI SeQuerySecurityDescriptorInfo(_In_ PSECURITY_INFORMATION SecurityInformation, _Out_writes_bytes_(*Length) PSECURITY_DESCRIPTOR SecurityDescriptor, _Inout_ PULONG Length, _Inout_ PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor)
file_ref * fileref
Definition: btrfs_drv.h:358

Referenced by _Dispatch_type_().

◆ get_top_level_sd()

static void get_top_level_sd ( fcb fcb)
static

Definition at line 415 of file security.c.

415  {
418  ULONG buflen;
419  ACL* acl = NULL;
420  PSID usersid = NULL, groupsid = NULL;
421 
423 
424  if (!NT_SUCCESS(Status)) {
425  ERR("RtlCreateSecurityDescriptor returned %08x\n", Status);
426  goto end;
427  }
428 
429  Status = uid_to_sid(fcb->inode_item.st_uid, &usersid);
430  if (!NT_SUCCESS(Status)) {
431  ERR("uid_to_sid returned %08x\n", Status);
432  goto end;
433  }
434 
436 
437  if (!NT_SUCCESS(Status)) {
438  ERR("RtlSetOwnerSecurityDescriptor returned %08x\n", Status);
439  goto end;
440  }
441 
442  gid_to_sid(fcb->inode_item.st_gid, &groupsid);
443  if (!groupsid) {
444  ERR("out of memory\n");
446  goto end;
447  }
448 
450 
451  if (!NT_SUCCESS(Status)) {
452  ERR("RtlSetGroupSecurityDescriptor returned %08x\n", Status);
453  goto end;
454  }
455 
456  acl = load_default_acl();
457 
458  if (!acl) {
459  ERR("out of memory\n");
460  goto end;
461  }
462 
464 
465  if (!NT_SUCCESS(Status)) {
466  ERR("RtlSetDaclSecurityDescriptor returned %08x\n", Status);
467  goto end;
468  }
469 
470  // FIXME - SACL_SECURITY_INFORMATION
471 
472  buflen = 0;
473 
474  // get sd size
477  ERR("RtlAbsoluteToSelfRelativeSD 1 returned %08x\n", Status);
478  goto end;
479  }
480 
481  if (buflen == 0 || Status == STATUS_SUCCESS) {
482  TRACE("RtlAbsoluteToSelfRelativeSD said SD is zero-length\n");
483  goto end;
484  }
485 
487  if (!fcb->sd) {
488  ERR("out of memory\n");
490  goto end;
491  }
492 
493  Status = RtlAbsoluteToSelfRelativeSD(&sd, fcb->sd, &buflen);
494 
495  if (!NT_SUCCESS(Status)) {
496  ERR("RtlAbsoluteToSelfRelativeSD 2 returned %08x\n", Status);
497  goto end;
498  }
499 
500 end:
501  if (acl)
502  ExFreePool(acl);
503 
504  if (usersid)
505  ExFreePool(usersid);
506 
507  if (groupsid)
508  ExFreePool(groupsid);
509 }
#define TRUE
Definition: types.h:120
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
NTSYSAPI NTSTATUS NTAPI RtlSetGroupSecurityDescriptor(IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor, IN PSID Group, IN BOOLEAN GroupDefaulted)
Definition: sd.c:410
UINT32 st_gid
Definition: btrfs.h:272
UINT32 st_uid
Definition: btrfs.h:271
LONG NTSTATUS
Definition: precomp.h:26
GLuint GLuint end
Definition: gl.h:1545
NTSYSAPI NTSTATUS NTAPI RtlCreateSecurityDescriptor(_Out_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ ULONG Revision)
#define STATUS_BUFFER_TOO_SMALL
Definition: shellext.h:64
#define SECURITY_DESCRIPTOR_REVISION
Definition: setypes.h:58
#define ALLOC_TAG
Definition: btrfs_drv.h:86
SECURITY_DESCRIPTOR * sd
Definition: btrfs_drv.h:265
NTSYSAPI NTSTATUS NTAPI RtlAbsoluteToSelfRelativeSD(IN PSECURITY_DESCRIPTOR AbsoluteSecurityDescriptor, IN OUT PSECURITY_DESCRIPTOR SelfRelativeSecurityDescriptor, IN PULONG BufferLength)
Definition: sd.c:626
smooth NULL
Definition: ftsmooth.c:416
NTSYSAPI NTSTATUS WINAPI RtlSetDaclSecurityDescriptor(PSECURITY_DESCRIPTOR, BOOLEAN, PACL, BOOLEAN)
#define TRACE(s)
Definition: solgame.cpp:4
NTSTATUS uid_to_sid(UINT32 uid, PSID *sid)
Definition: security.c:229
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
static ACL * load_default_acl()
Definition: security.c:372
static void gid_to_sid(UINT32 gid, PSID *sid)
Definition: security.c:341
#define ExAllocatePoolWithTag(hernya, size, tag)
Definition: env_spec_w32.h:350
static const WCHAR sd[]
Definition: suminfo.c:287
NTSYSAPI NTSTATUS WINAPI RtlSetOwnerSecurityDescriptor(PSECURITY_DESCRIPTOR, PSID, BOOLEAN)
INODE_ITEM inode_item
Definition: btrfs_drv.h:264
Status
Definition: gdiplustypes.h:24
#define ERR(fmt,...)
Definition: debug.h:109
unsigned int ULONG
Definition: retypes.h:1
return STATUS_SUCCESS
Definition: btrfs.c:2725
#define ExFreePool(addr)
Definition: env_spec_w32.h:352

Referenced by fcb_get_sd().

◆ gid_to_sid()

static void gid_to_sid ( UINT32  gid,
PSID sid 
)
static

Definition at line 341 of file security.c.

341  {
342  sid_header* sh;
343  UCHAR els;
344 
345  // FIXME - do this properly?
346 
347  // fallback to S-1-22-2-X, Samba's SID scheme
348  els = 2;
349  sh = ExAllocatePoolWithTag(PagedPool, sizeof(sid_header) + ((els - 1) * sizeof(UINT32)), ALLOC_TAG);
350  if (!sh) {
351  ERR("out of memory\n");
352  *sid = NULL;
353  return;
354  }
355 
356  sh->revision = 1;
357  sh->elements = els;
358 
359  sh->auth[0] = 0;
360  sh->auth[1] = 0;
361  sh->auth[2] = 0;
362  sh->auth[3] = 0;
363  sh->auth[4] = 0;
364  sh->auth[5] = 22;
365 
366  sh->nums[0] = 2;
367  sh->nums[1] = gid;
368 
369  *sid = sh;
370 }
FT_UInt sid
Definition: cffcmap.c:139
#define ALLOC_TAG
Definition: btrfs_drv.h:86
unsigned int UINT32
smooth NULL
Definition: ftsmooth.c:416
#define ExAllocatePoolWithTag(hernya, size, tag)
Definition: env_spec_w32.h:350
unsigned char UCHAR
Definition: xmlstorage.h:181
short sh
Definition: format.c:272
#define ERR(fmt,...)
Definition: debug.h:109

Referenced by fcb_get_sd(), and get_top_level_sd().

◆ load_default_acl()

static ACL* load_default_acl ( )
static

Definition at line 372 of file security.c.

372  {
373  UINT16 size, i;
374  ACL* acl;
375  ACCESS_ALLOWED_ACE* aaa;
376 
377  size = sizeof(ACL);
378  i = 0;
379  while (def_dacls[i].sid) {
380  size += sizeof(ACCESS_ALLOWED_ACE);
381  size += 8 + (def_dacls[i].sid->elements * sizeof(UINT32)) - sizeof(ULONG);
382  i++;
383  }
384 
386  if (!acl) {
387  ERR("out of memory\n");
388  return NULL;
389  }
390 
391  acl->AclRevision = ACL_REVISION;
392  acl->Sbz1 = 0;
393  acl->AclSize = size;
394  acl->AceCount = i;
395  acl->Sbz2 = 0;
396 
397  aaa = (ACCESS_ALLOWED_ACE*)&acl[1];
398  i = 0;
399  while (def_dacls[i].sid) {
401  aaa->Header.AceFlags = def_dacls[i].flags;
402  aaa->Header.AceSize = sizeof(ACCESS_ALLOWED_ACE) - sizeof(ULONG) + 8 + (def_dacls[i].sid->elements * sizeof(UINT32));
403  aaa->Mask = def_dacls[i].mask;
404 
405  RtlCopyMemory(&aaa->SidStart, def_dacls[i].sid, 8 + (def_dacls[i].sid->elements * sizeof(UINT32)));
406 
407  aaa = (ACCESS_ALLOWED_ACE*)((UINT8*)aaa + aaa->Header.AceSize);
408 
409  i++;
410  }
411 
412  return acl;
413 }
ACCESS_MASK mask
Definition: security.c:37
sid_header * sid
Definition: security.c:38
UCHAR AceFlags
Definition: ms-dtyp.idl:211
NTSYSAPI VOID NTAPI RtlCopyMemory(VOID UNALIGNED *Destination, CONST VOID UNALIGNED *Source, ULONG Length)
static ULONG
Definition: security.c:118
USHORT AclSize
Definition: ms-dtyp.idl:296
static dacl def_dacls[]
Definition: security.c:41
FT_UInt sid
Definition: cffcmap.c:139
struct _ACCESS_ALLOWED_ACE ACCESS_ALLOWED_ACE
ACE_HEADER Header
Definition: ms-dtyp.idl:216
USHORT AceCount
Definition: ms-dtyp.idl:297
#define ALLOC_TAG
Definition: btrfs_drv.h:86
USHORT AceSize
Definition: ms-dtyp.idl:212
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
unsigned int UINT32
struct _ACL ACL
smooth NULL
Definition: ftsmooth.c:416
UCHAR elements
Definition: security.c:25
GLsizeiptr size
Definition: glext.h:5919
#define ACCESS_ALLOWED_ACE_TYPE
Definition: setypes.h:685
#define ExAllocatePoolWithTag(hernya, size, tag)
Definition: env_spec_w32.h:350
UCHAR AceType
Definition: ms-dtyp.idl:210
USHORT Sbz2
Definition: ms-dtyp.idl:298
UCHAR Sbz1
Definition: ms-dtyp.idl:295
#define ERR(fmt,...)
Definition: debug.h:109
UCHAR AclRevision
Definition: ms-dtyp.idl:294
ACCESS_MASK Mask
Definition: ms-dtyp.idl:217
unsigned short UINT16
#define ACL_REVISION
Definition: setypes.h:39
unsigned int ULONG
Definition: retypes.h:1
unsigned char UINT8
UCHAR flags
Definition: security.c:36

Referenced by get_top_level_sd().

◆ search_for_gid()

static BOOL search_for_gid ( fcb fcb,
PSID  sid 
)
static

Definition at line 823 of file security.c.

823  {
824  LIST_ENTRY* le;
825 
826  le = gid_map_list.Flink;
827  while (le != &gid_map_list) {
828  gid_map* gm = CONTAINING_RECORD(le, gid_map, listentry);
829 
830  if (RtlEqualSid(sid, gm->sid)) {
831  fcb->inode_item.st_gid = gm->gid;
832  return TRUE;
833  }
834 
835  le = le->Flink;
836  }
837 
838  return FALSE;
839 }
#define TRUE
Definition: types.h:120
UINT32 st_gid
Definition: btrfs.h:272
FT_UInt sid
Definition: cffcmap.c:139
PSID sid
Definition: btrfs_drv.h:862
PFLT_MESSAGE_WAITER_QUEUE CONTAINING_RECORD(Csq, DEVICE_EXTENSION, IrpQueue)) -> WaiterQ.mLock) _IRQL_raises_(DISPATCH_LEVEL) VOID NTAPI FltpAcquireMessageWaiterLock(_In_ PIO_CSQ Csq, _Out_ PKIRQL Irql)
Definition: Messaging.c:560
struct _LIST_ENTRY * Flink
Definition: typedefs.h:119
UINT32 gid
Definition: btrfs_drv.h:863
Definition: typedefs.h:117
INODE_ITEM inode_item
Definition: btrfs_drv.h:264
LIST_ENTRY gid_map_list
Definition: btrfs.c:66
NTSYSAPI BOOLEAN NTAPI RtlEqualSid(_In_ PSID Sid1, _In_ PSID Sid2)

Referenced by find_gid().

◆ set_file_security()

static NTSTATUS set_file_security ( device_extension Vcb,
PFILE_OBJECT  FileObject,
SECURITY_DESCRIPTOR sd,
PSECURITY_INFORMATION  flags,
PIRP  Irp 
)
static

Definition at line 673 of file security.c.

673  {
675  fcb* fcb = FileObject->FsContext;
676  ccb* ccb = FileObject->FsContext2;
677  file_ref* fileref = ccb ? ccb->fileref : NULL;
678  SECURITY_DESCRIPTOR* oldsd;
680  BTRFS_TIME now;
681 
682  TRACE("(%p, %p, %p, %x)\n", Vcb, FileObject, sd, *flags);
683 
684  if (Vcb->readonly)
686 
687  if (fcb->ads) {
688  if (fileref && fileref->parent)
689  fcb = fileref->parent->fcb;
690  else {
691  ERR("could not find parent fcb for stream\n");
692  return STATUS_INTERNAL_ERROR;
693  }
694  }
695 
696  if (!fcb || !ccb)
698 
700 
701  if (is_subvol_readonly(fcb->subvol, Irp)) {
703  goto end;
704  }
705 
706  oldsd = fcb->sd;
707 
709 
710  if (!NT_SUCCESS(Status)) {
711  ERR("SeSetSecurityDescriptorInfo returned %08x\n", Status);
712  goto end;
713  }
714 
715  ExFreePool(oldsd);
716 
719 
720  fcb->inode_item.transid = Vcb->superblock.generation;
721 
724 
726 
727  fcb->sd_dirty = TRUE;
728  fcb->sd_deleted = FALSE;
730 
731  fcb->subvol->root_item.ctransid = Vcb->superblock.generation;
732  fcb->subvol->root_item.ctime = now;
733 
735 
737 
738 end:
739  ExReleaseResourceLite(fcb->Header.Resource);
740 
741  return Status;
742 }
#define KeQuerySystemTime(t)
Definition: env_spec_w32.h:570
PGENERIC_MAPPING NTAPI IoGetFileObjectGenericMapping(VOID)
Definition: file.c:3266
struct _file_ref * parent
Definition: btrfs_drv.h:326
#define TRUE
Definition: types.h:120
NTKERNELAPI NTSTATUS NTAPI SeSetSecurityDescriptorInfo(_In_opt_ PVOID Object, _In_ PSECURITY_INFORMATION SecurityInformation, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _Inout_ PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor, _In_ POOL_TYPE PoolType, _In_ PGENERIC_MAPPING GenericMapping)
BOOL sd_dirty
Definition: btrfs_drv.h:290
_In_ PIRP Irp
Definition: csq.h:116
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135
LONG NTSTATUS
Definition: precomp.h:26
GLuint GLuint end
Definition: gl.h:1545
__u16 time
Definition: mkdosfs.c:366
BTRFS_TIME st_ctime
Definition: btrfs.h:279
BOOLEAN NTAPI ExAcquireResourceExclusiveLite(IN PERESOURCE Resource, IN BOOLEAN Wait)
Definition: resource.c:770
#define STATUS_INTERNAL_ERROR
Definition: ntstatus.h:451
SECURITY_DESCRIPTOR * sd
Definition: btrfs_drv.h:265
time_t now
Definition: finger.c:65
#define FILE_ACTION_MODIFIED
smooth NULL
Definition: ftsmooth.c:416
void mark_fcb_dirty(_In_ fcb *fcb)
Definition: btrfs.c:1464
#define STATUS_MEDIA_WRITE_PROTECTED
Definition: udferr_usr.h:161
_Inout_ PFILE_OBJECT FileObject
Definition: cdprocs.h:593
FSRTL_ADVANCED_FCB_HEADER Header
Definition: btrfs_drv.h:256
#define TRACE(s)
Definition: solgame.cpp:4
static __inline BOOL is_subvol_readonly(root *r, PIRP Irp)
Definition: btrfs_drv.h:1012
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
#define Vcb
Definition: cdprocs.h:1425
#define STATUS_ACCESS_DENIED
Definition: udferr_usr.h:145
VOID FASTCALL ExReleaseResourceLite(IN PERESOURCE Resource)
Definition: resource.c:1817
GLbitfield flags
Definition: glext.h:7161
BOOL inode_item_changed
Definition: btrfs_drv.h:279
BOOL ads
Definition: btrfs_drv.h:299
static const WCHAR sd[]
Definition: suminfo.c:287
INODE_ITEM inode_item
Definition: btrfs_drv.h:264
Status
Definition: gdiplustypes.h:24
#define ERR(fmt,...)
Definition: debug.h:109
UINT64 transid
Definition: btrfs.h:266
#define FILE_NOTIFY_CHANGE_SECURITY
struct _root * subvol
Definition: btrfs_drv.h:261
static __inline void win_time_to_unix(LARGE_INTEGER t, BTRFS_TIME *out)
Definition: btrfs_drv.h:968
void send_notification_fcb(_In_ file_ref *fileref, _In_ ULONG filter_match, _In_ ULONG action, _In_opt_ PUNICODE_STRING stream)
Definition: btrfs.c:1383
BOOL sd_deleted
Definition: btrfs_drv.h:290
file_ref * fileref
Definition: btrfs_drv.h:358
BOOL user_set_change_time
Definition: btrfs_drv.h:365
#define ExFreePool(addr)
Definition: env_spec_w32.h:352
UINT64 sequence
Definition: btrfs.h:276

Referenced by _Dispatch_type_().

◆ sid_to_uid()

UINT32 sid_to_uid ( PSID  sid)

Definition at line 310 of file security.c.

310  {
311  LIST_ENTRY* le;
312  sid_header* sh = sid;
313 
315 
316  le = uid_map_list.Flink;
317  while (le != &uid_map_list) {
318  uid_map* um = CONTAINING_RECORD(le, uid_map, listentry);
319 
320  if (RtlEqualSid(sid, um->sid)) {
322  return um->uid;
323  }
324 
325  le = le->Flink;
326  }
327 
329 
330  if (RtlEqualSid(sid, &sid_SY))
331  return 0; // root
332 
333  // Samba's SID scheme: S-1-22-1-X
334  if (sh->revision == 1 && sh->elements == 2 && sh->auth[0] == 0 && sh->auth[1] == 0 && sh->auth[2] == 0 && sh->auth[3] == 0 &&
335  sh->auth[4] == 0 && sh->auth[5] == 22 && sh->nums[0] == 1)
336  return sh->nums[1];
337 
338  return UID_NOBODY;
339 }
#define TRUE
Definition: types.h:120
UINT32 uid
Definition: btrfs_drv.h:857
FT_UInt sid
Definition: cffcmap.c:139
PSID sid
Definition: btrfs_drv.h:856
LIST_ENTRY uid_map_list
Definition: btrfs.c:66
static sid_header sid_SY
Definition: security.c:31
PFLT_MESSAGE_WAITER_QUEUE CONTAINING_RECORD(Csq, DEVICE_EXTENSION, IrpQueue)) -> WaiterQ.mLock) _IRQL_raises_(DISPATCH_LEVEL) VOID NTAPI FltpAcquireMessageWaiterLock(_In_ PIO_CSQ Csq, _Out_ PKIRQL Irql)
Definition: Messaging.c:560
ERESOURCE mapping_lock
Definition: btrfs.c:93
struct _LIST_ENTRY * Flink
Definition: typedefs.h:119
VOID FASTCALL ExReleaseResourceLite(IN PERESOURCE Resource)
Definition: resource.c:1817
Definition: typedefs.h:117
short sh
Definition: format.c:272
BOOLEAN NTAPI ExAcquireResourceSharedLite(IN PERESOURCE Resource, IN BOOLEAN Wait)
Definition: resource.c:885
#define UID_NOBODY
Definition: btrfs_drv.h:89
NTSYSAPI BOOLEAN NTAPI RtlEqualSid(_In_ PSID Sid1, _In_ PSID Sid2)

Referenced by create_directory_fcb(), create_subvol(), fcb_get_new_sd(), and mknod().

◆ uid_to_sid()

NTSTATUS uid_to_sid ( UINT32  uid,
PSID sid 
)

Definition at line 229 of file security.c.

229  {
230  LIST_ENTRY* le;
231  sid_header* sh;
232  UCHAR els;
233 
235 
236  le = uid_map_list.Flink;
237  while (le != &uid_map_list) {
238  uid_map* um = CONTAINING_RECORD(le, uid_map, listentry);
239 
240  if (um->uid == uid) {
242  if (!*sid) {
243  ERR("out of memory\n");
246  }
247 
248  RtlCopyMemory(*sid, um->sid, RtlLengthSid(um->sid));
250  return STATUS_SUCCESS;
251  }
252 
253  le = le->Flink;
254  }
255 
257 
258  if (uid == 0) { // root
259  // FIXME - find actual Administrator account, rather than SYSTEM (S-1-5-18)
260  // (of form S-1-5-21-...-500)
261 
262  els = 1;
263 
264  sh = ExAllocatePoolWithTag(PagedPool, sizeof(sid_header) + ((els - 1) * sizeof(UINT32)), ALLOC_TAG);
265  if (!sh) {
266  ERR("out of memory\n");
267  *sid = NULL;
269  }
270 
271  sh->revision = 1;
272  sh->elements = els;
273 
274  sh->auth[0] = 0;
275  sh->auth[1] = 0;
276  sh->auth[2] = 0;
277  sh->auth[3] = 0;
278  sh->auth[4] = 0;
279  sh->auth[5] = 5;
280 
281  sh->nums[0] = 18;
282  } else {
283  // fallback to S-1-22-1-X, Samba's SID scheme
285  if (!sh) {
286  ERR("out of memory\n");
287  *sid = NULL;
289  }
290 
291  sh->revision = 1;
292  sh->elements = 2;
293 
294  sh->auth[0] = 0;
295  sh->auth[1] = 0;
296  sh->auth[2] = 0;
297  sh->auth[3] = 0;
298  sh->auth[4] = 0;
299  sh->auth[5] = 22;
300 
301  sh->nums[0] = 1;
302  sh->nums[1] = uid;
303  }
304 
305  *sid = sh;
306 
307  return STATUS_SUCCESS;
308 }
#define TRUE
Definition: types.h:120
NTSYSAPI VOID NTAPI RtlCopyMemory(VOID UNALIGNED *Destination, CONST VOID UNALIGNED *Source, ULONG Length)
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
UINT32 uid
Definition: btrfs_drv.h:857
FT_UInt sid
Definition: cffcmap.c:139
#define ALLOC_TAG
Definition: btrfs_drv.h:86
PSID sid
Definition: btrfs_drv.h:856
LIST_ENTRY uid_map_list
Definition: btrfs.c:66
unsigned int UINT32
smooth NULL
Definition: ftsmooth.c:416
NTSYSAPI ULONG NTAPI RtlLengthSid(IN PSID Sid)
Definition: sid.c:150
PFLT_MESSAGE_WAITER_QUEUE CONTAINING_RECORD(Csq, DEVICE_EXTENSION, IrpQueue)) -> WaiterQ.mLock) _IRQL_raises_(DISPATCH_LEVEL) VOID NTAPI FltpAcquireMessageWaiterLock(_In_ PIO_CSQ Csq, _Out_ PKIRQL Irql)
Definition: Messaging.c:560
ERESOURCE mapping_lock
Definition: btrfs.c:93
struct _LIST_ENTRY * Flink
Definition: typedefs.h:119
VOID FASTCALL ExReleaseResourceLite(IN PERESOURCE Resource)
Definition: resource.c:1817
#define ExAllocatePoolWithTag(hernya, size, tag)
Definition: env_spec_w32.h:350
unsigned char UCHAR
Definition: xmlstorage.h:181
Definition: typedefs.h:117
short sh
Definition: format.c:272
#define ERR(fmt,...)
Definition: debug.h:109
BOOLEAN NTAPI ExAcquireResourceSharedLite(IN PERESOURCE Resource, IN BOOLEAN Wait)
Definition: resource.c:885
return STATUS_SUCCESS
Definition: btrfs.c:2725

Referenced by fcb_get_sd(), and get_top_level_sd().

Variable Documentation

◆ def_dacls

dacl def_dacls[]
static
Initial value:
= {
{ 0, 0, NULL }
}
#define FILE_GENERIC_READ
Definition: nt_native.h:653
#define FILE_ALL_ACCESS
Definition: nt_native.h:651
static sid_header sid_AU
Definition: security.c:33
static sid_header sid_SY
Definition: security.c:31
static sid_header sid_BA
Definition: security.c:30
smooth NULL
Definition: ftsmooth.c:416
#define FILE_GENERIC_EXECUTE
Definition: nt_native.h:668
#define CONTAINER_INHERIT_ACE
Definition: setypes.h:715
#define FILE_GENERIC_WRITE
Definition: nt_native.h:660
static sid_header sid_BU
Definition: security.c:32
#define INHERIT_ONLY_ACE
Definition: setypes.h:717
#define OBJECT_INHERIT_ACE
Definition: setypes.h:714
#define DELETE
Definition: nt_native.h:57

Definition at line 41 of file security.c.

Referenced by load_default_acl().

◆ gid_map_list

LIST_ENTRY gid_map_list

Definition at line 66 of file btrfs.c.

Referenced by _Function_class_(), add_group_mapping(), find_gid(), and search_for_gid().

◆ mapping_lock

ERESOURCE mapping_lock

Definition at line 93 of file btrfs.c.

Referenced by _Function_class_(), find_gid(), sid_to_uid(), and uid_to_sid().

◆ sid_AU

sid_header sid_AU = { 1, 1, SECURITY_NT_AUTHORITY, {11}}
static

Definition at line 33 of file security.c.

◆ sid_BA

sid_header sid_BA = { 1, 2, SECURITY_NT_AUTHORITY, {32, 544}}
static

Definition at line 30 of file security.c.

◆ sid_BU

sid_header sid_BU = { 1, 2, SECURITY_NT_AUTHORITY, {32, 545}}
static

Definition at line 32 of file security.c.

◆ sid_SY

sid_header sid_SY = { 1, 1, SECURITY_NT_AUTHORITY, {18}}
static

Definition at line 31 of file security.c.

Referenced by sid_to_uid().

◆ uid_map_list

LIST_ENTRY uid_map_list

Definition at line 66 of file btrfs.c.

Referenced by _Function_class_(), add_user_mapping(), sid_to_uid(), and uid_to_sid().