20#define SEF_DACL_AUTO_INHERIT 0x01
21#define SEF_SACL_AUTO_INHERIT 0x02
64 if (sidstringlength < 4 ||
65 sidstring[0] !=
'S' ||
66 sidstring[1] !=
'-' ||
67 sidstring[2] !=
'1' ||
68 sidstring[3] !=
'-') {
73 sidstring = &sidstring[4];
77 for (
i = 0;
i < sidstringlength;
i++) {
78 if (sidstring[
i] ==
'-') {
84 sidsize = 8 + (numdashes * 4);
87 ERR(
"out of memory\n");
92 sid->elements = numdashes;
95 while (sidstringlength > 0) {
98 while (sidstring[
i] !=
'-' &&
i < sidstringlength) {
99 if (sidstring[
i] >=
'0' && sidstring[
i] <=
'9') {
101 val += sidstring[
i] -
'0';
117 sid->auth[5] =
val & 0xff;
124 if (sidstringlength >
i) {
125 sidstringlength -=
i;
127 sidstring = &sidstring[
i];
134 ERR(
"out of memory\n");
153 if (sidstringlength < 4 || sidstring[0] !=
'S' || sidstring[1] !=
'-' || sidstring[2] !=
'1' || sidstring[3] !=
'-') {
154 ERR(
"invalid SID\n");
158 sidstring = &sidstring[4];
159 sidstringlength -= 4;
162 for (
i = 0;
i < sidstringlength;
i++) {
163 if (sidstring[
i] ==
'-') {
169 sidsize = 8 + (numdashes * 4);
172 ERR(
"out of memory\n");
176 sid->revision = 0x01;
177 sid->elements = numdashes;
180 while (sidstringlength > 0) {
183 while (
i < sidstringlength && sidstring[
i] !=
'-') {
184 if (sidstring[
i] >=
'0' && sidstring[
i] <=
'9') {
186 val += sidstring[
i] -
'0';
202 sid->auth[5] =
val & 0xff;
208 if (sidstringlength >
i) {
209 sidstringlength -=
i;
211 sidstring = &sidstring[
i];
218 ERR(
"out of memory\n");
240 if (um->
uid == uid) {
243 ERR(
"out of memory\n");
266 ERR(
"out of memory\n");
286 ERR(
"out of memory\n");
334 if (
sh->revision == 1 &&
sh->elements == 2 &&
sh->auth[0] == 0 &&
sh->auth[1] == 0 &&
sh->auth[2] == 0 &&
sh->auth[3] == 0 &&
335 sh->auth[4] == 0 &&
sh->auth[5] == 22 &&
sh->nums[0] == 1)
351 ERR(
"out of memory\n");
387 ERR(
"out of memory\n");
425 ERR(
"RtlCreateSecurityDescriptor returned %08lx\n",
Status);
431 ERR(
"uid_to_sid returned %08lx\n",
Status);
438 ERR(
"RtlSetOwnerSecurityDescriptor returned %08lx\n",
Status);
444 ERR(
"out of memory\n");
451 ERR(
"RtlSetGroupSecurityDescriptor returned %08lx\n",
Status);
458 ERR(
"out of memory\n");
465 ERR(
"RtlSetDaclSecurityDescriptor returned %08lx\n",
Status);
476 ERR(
"RtlAbsoluteToSelfRelativeSD 1 returned %08lx\n",
Status);
481 TRACE(
"RtlAbsoluteToSelfRelativeSD said SD is zero-length\n");
487 ERR(
"out of memory\n");
494 ERR(
"RtlAbsoluteToSelfRelativeSD 2 returned %08lx\n",
Status);
520 ULONG abssdlen = 0, dacllen = 0, sacllen = 0, ownerlen = 0, grouplen = 0;
536 ERR(
"SeAssignSecurityEx returned %08lx\n",
Status);
543 ERR(
"RtlSelfRelativeToAbsoluteSD returned %08lx\n",
Status);
547 if (abssdlen + dacllen + sacllen + ownerlen + grouplen == 0) {
548 ERR(
"RtlSelfRelativeToAbsoluteSD returned zero lengths\n");
554 ERR(
"out of memory\n");
560 sacl = (
PACL)(
buf + abssdlen + dacllen);
561 owner = (
PSID)(
buf + abssdlen + dacllen + sacllen);
562 group = (
PSID)(
buf + abssdlen + dacllen + sacllen + ownerlen);
567 ERR(
"RtlSelfRelativeToAbsoluteSD returned %08lx\n",
Status);
574 ERR(
"uid_to_sid returned %08lx\n",
Status);
583 ERR(
"out of memory\n");
595 ERR(
"RtlAbsoluteToSelfRelativeSD returned %08lx\n",
Status);
603 ERR(
"RtlAbsoluteToSelfRelativeSD returned a buffer size of 0\n");
612 ERR(
"out of memory\n");
621 ERR(
"RtlAbsoluteToSelfRelativeSD returned %08lx\n",
Status);
643 if (fileref && fileref->
parent)
646 ERR(
"could not get parent fcb for stream\n");
655 TRACE(
"SeQuerySecurityDescriptorInfo returned %08lx\n",
Status);
657 ERR(
"SeQuerySecurityDescriptorInfo returned %08lx\n",
Status);
676 TRACE(
"query security\n");
695 WARN(
"insufficient permissions\n");
702 Irp->IoStatus.Information = 0;
705 TRACE(
"OWNER_SECURITY_INFORMATION\n");
708 TRACE(
"GROUP_SECURITY_INFORMATION\n");
711 TRACE(
"DACL_SECURITY_INFORMATION\n");
714 TRACE(
"SACL_SECURITY_INFORMATION\n");
721 if (
Irp->MdlAddress && !
sd) {
722 ERR(
"MmGetSystemAddressForMdlSafe returned NULL\n");
734 Irp->IoStatus.Information = buflen;
737 Irp->IoStatus.Information = 0;
740 TRACE(
"Irp->IoStatus.Information = %Iu\n",
Irp->IoStatus.Information);
771 if (fileref && fileref->
parent)
774 ERR(
"could not find parent fcb for stream\n");
794 ERR(
"SeSetSecurityDescriptorInfo returned %08lx\n",
Status);
814 fcb->
subvol->root_item.ctransid =
Vcb->superblock.generation;
835 ULONG access_req = 0;
840 TRACE(
"set security\n");
860 Irp->IoStatus.Information = 0;
863 TRACE(
"OWNER_SECURITY_INFORMATION\n");
868 TRACE(
"GROUP_SECURITY_INFORMATION\n");
873 TRACE(
"DACL_SECURITY_INFORMATION\n");
878 TRACE(
"SACL_SECURITY_INFORMATION\n");
884 WARN(
"insufficient privileges\n");
944 ERR(
"SeQueryInformationToken returned %08lx\n",
Status);
957 ERR(
"SeQueryInformationToken returned %08lx\n",
Status);
970 ERR(
"SeQueryInformationToken returned %08lx\n",
Status);
997 ERR(
"SeAssignSecurityEx returned %08lx\n",
Status);
1003 ERR(
"RtlGetOwnerSecurityDescriptor returned %08lx\n",
Status);
static PIO_STACK_LOCATION IoGetCurrentIrpStackLocation(PIRP Irp)
unsigned short int uint16_t
#define _Dispatch_type_(a)
static __inline void win_time_to_unix(LARGE_INTEGER t, BTRFS_TIME *out)
static __inline void * map_user_buffer(PIRP Irp, ULONG priority)
static __inline bool is_subvol_readonly(root *r, PIRP Irp)
#define NT_SUCCESS(StatCode)
void mark_fcb_dirty(_In_ fcb *fcb)
bool is_top_level(_In_ PIRP Irp)
void queue_notification_fcb(_In_ file_ref *fileref, _In_ ULONG filter_match, _In_ ULONG action, _In_opt_ PUNICODE_STRING stream)
static bool search_for_gid(fcb *fcb, PSID sid)
void add_user_mapping(WCHAR *sidstring, ULONG sidstringlength, uint32_t uid)
void add_group_mapping(WCHAR *sidstring, ULONG sidstringlength, uint32_t gid)
uint32_t sid_to_uid(PSID sid)
NTSTATUS uid_to_sid(uint32_t uid, PSID *sid)
void fcb_get_sd(fcb *fcb, struct _fcb *parent, bool look_for_xattr, PIRP Irp)
#define SEF_DACL_AUTO_INHERIT
static void get_top_level_sd(fcb *fcb)
void find_gid(struct _fcb *fcb, struct _fcb *parfcb, PSECURITY_SUBJECT_CONTEXT subjcont)
static NTSTATUS get_file_security(PFILE_OBJECT FileObject, SECURITY_DESCRIPTOR *relsd, ULONG *buflen, SECURITY_INFORMATION flags)
static ACL * load_default_acl()
#define SEF_SACL_AUTO_INHERIT
static void gid_to_sid(uint32_t gid, PSID *sid)
NTSTATUS fcb_get_new_sd(fcb *fcb, file_ref *parfileref, ACCESS_STATE *as)
static NTSTATUS set_file_security(device_extension *Vcb, PFILE_OBJECT FileObject, SECURITY_DESCRIPTOR *sd, PSECURITY_INFORMATION flags, PIRP Irp)
_In_ PIO_STACK_LOCATION IrpSp
#define InsertTailList(ListHead, Entry)
#define ExAllocatePoolWithTag(hernya, size, tag)
#define IsListEmpty(ListHead)
#define KeQuerySystemTime(t)
#define ExAcquireResourceExclusiveLite(res, wait)
#define ExAcquireResourceSharedLite(res, wait)
#define FsRtlEnterFileSystem
#define FsRtlExitFileSystem
GLenum GLuint GLenum GLsizei const GLchar * buf
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
NTSYSAPI NTSTATUS WINAPI RtlSetOwnerSecurityDescriptor(PSECURITY_DESCRIPTOR, PSID, BOOLEAN)
NTSYSAPI NTSTATUS WINAPI RtlSelfRelativeToAbsoluteSD(PSECURITY_DESCRIPTOR, PSECURITY_DESCRIPTOR, PDWORD, PACL, PDWORD, PACL, PDWORD, PSID, PDWORD, PSID, PDWORD)
NTSYSAPI NTSTATUS WINAPI RtlSetDaclSecurityDescriptor(PSECURITY_DESCRIPTOR, BOOLEAN, PACL, BOOLEAN)
DWORD SECURITY_INFORMATION
struct _SECURITY_DESCRIPTOR * PSECURITY_DESCRIPTOR
struct _ACCESS_ALLOWED_ACE ACCESS_ALLOWED_ACE
DWORD * PSECURITY_INFORMATION
NTSYSAPI ULONG NTAPI RtlLengthSid(IN PSID Sid)
NTSYSAPI NTSTATUS NTAPI RtlCreateSecurityDescriptor(_Out_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ ULONG Revision)
NTSYSAPI BOOLEAN NTAPI RtlEqualSid(_In_ PSID Sid1, _In_ PSID Sid2)
DRIVER_DISPATCH(nfs41_FsdDispatch)
#define _Function_class_(n)
#define FILE_GENERIC_EXECUTE
#define ACCESS_SYSTEM_SECURITY
#define FILE_GENERIC_READ
#define FILE_GENERIC_WRITE
NTSYSAPI NTSTATUS NTAPI RtlSetGroupSecurityDescriptor(IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor, IN PSID Group, IN BOOLEAN GroupDefaulted)
NTSYSAPI NTSTATUS NTAPI RtlGetOwnerSecurityDescriptor(IN PSECURITY_DESCRIPTOR SecurityDescriptor, OUT PSID *Owner, OUT PBOOLEAN OwnerDefaulted)
NTSYSAPI NTSTATUS NTAPI RtlAbsoluteToSelfRelativeSD(IN PSECURITY_DESCRIPTOR AbsoluteSecurityDescriptor, IN OUT PSECURITY_DESCRIPTOR SelfRelativeSecurityDescriptor, IN PULONG BufferLength)
VOID FASTCALL ExReleaseResourceLite(IN PERESOURCE Resource)
PGENERIC_MAPPING NTAPI IoGetFileObjectGenericMapping(VOID)
#define IoCompleteRequest
VOID NTAPI IoSetTopLevelIrp(IN PIRP Irp)
#define STATUS_INTERNAL_ERROR
#define BTRFS_TYPE_DIRECTORY
#define STATUS_BUFFER_TOO_SMALL
#define STATUS_BUFFER_OVERFLOW
PSECURITY_DESCRIPTOR SecurityDescriptor
SECURITY_SUBJECT_CONTEXT SubjectSecurityContext
struct _IO_STACK_LOCATION::@3983::@4002 SetSecurity
struct _IO_STACK_LOCATION::@3983::@4001 QuerySecurity
union _IO_STACK_LOCATION::@1584 Parameters
struct _LIST_ENTRY * Flink
PACCESS_TOKEN PrimaryToken
SID_AND_ATTRIBUTES Groups[ANYSIZE_ARRAY]
bool user_set_change_time
struct _device_extension * Vcb
FSRTL_ADVANCED_FCB_HEADER Header
struct _file_ref * parent
VOID NTAPI SeCaptureSubjectContext(_Out_ PSECURITY_SUBJECT_CONTEXT SubjectContext)
Captures the security subject context of the calling thread and calling process.
NTSTATUS NTAPI SeQueryInformationToken(_In_ PACCESS_TOKEN AccessToken, _In_ TOKEN_INFORMATION_CLASS TokenInformationClass, _Outptr_result_buffer_(_Inexpressible_(token-dependent)) PVOID *TokenInformation)
Queries information details about the given token to the call. The difference between NtQueryInformat...
#define RtlCopyMemory(Destination, Source, Length)
#define CONTAINING_RECORD(address, type, field)
#define STATUS_INVALID_DEVICE_REQUEST
#define STATUS_MEDIA_WRITE_PROTECTED
#define STATUS_ACCESS_DENIED
#define STATUS_INVALID_PARAMETER
#define STATUS_INSUFFICIENT_RESOURCES
_In_ PDEVICE_OBJECT DeviceObject
_In_ WDFREQUEST _In_ WDFFILEOBJECT FileObject
#define FILE_ACTION_MODIFIED
#define FILE_NOTIFY_CHANGE_SECURITY
#define IRP_MJ_QUERY_SECURITY
#define IRP_MJ_SET_SECURITY
NTKERNELAPI NTSTATUS NTAPI SeAssignSecurityEx(_In_opt_ PSECURITY_DESCRIPTOR ParentDescriptor, _In_opt_ PSECURITY_DESCRIPTOR ExplicitDescriptor, _Out_ PSECURITY_DESCRIPTOR *NewDescriptor, _In_opt_ GUID *ObjectType, _In_ BOOLEAN IsDirectoryObject, _In_ ULONG AutoInheritFlags, _In_ PSECURITY_SUBJECT_CONTEXT SubjectContext, _In_ PGENERIC_MAPPING GenericMapping, _In_ POOL_TYPE PoolType)
NTKERNELAPI NTSTATUS NTAPI SeSetSecurityDescriptorInfo(_In_opt_ PVOID Object, _In_ PSECURITY_INFORMATION SecurityInformation, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _Inout_ PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor, _In_ POOL_TYPE PoolType, _In_ PGENERIC_MAPPING GenericMapping)
NTKERNELAPI NTSTATUS NTAPI SeQuerySecurityDescriptorInfo(_In_ PSECURITY_INFORMATION SecurityInformation, _Out_writes_bytes_(*Length) PSECURITY_DESCRIPTOR SecurityDescriptor, _Inout_ PULONG Length, _Inout_ PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor)
#define CONTAINER_INHERIT_ACE
#define DACL_SECURITY_INFORMATION
#define ACCESS_ALLOWED_ACE_TYPE
#define OWNER_SECURITY_INFORMATION
#define SECURITY_NT_AUTHORITY
#define OBJECT_INHERIT_ACE
#define SECURITY_DESCRIPTOR_REVISION
#define GROUP_SECURITY_INFORMATION
#define SACL_SECURITY_INFORMATION