fxrequestapium.cpp File Reference

#include "coreprivshared.hpp"
#include "FxRequestApiUm.tmh"

Include dependency graph for fxrequestapium.cpp:

Go to the source code of this file.

Functions
_Must_inspect_result_	_IRQL_requires_max_ (PASSIVE_LEVEL) WDFAPI NTSTATUS WDFEXPORT(WdfRequestImpersonate)(_In_ PWDF_DRIVER_GLOBALS DriverGlobals
	Queries information details about a security descriptor.
	FxObjectHandleGetPtrAndGlobals (GetFxDriverGlobals(DriverGlobals), Request, FX_TYPE_REQUEST,(PVOID *)&pRequest, &pFxDriverGlobals)
	if (VALID_IMPERSONATION_LEVEL(ImpersonationLevel)==FALSE)
	if (EvtRequestImpersonate==NULL)
	if (!NT_SUCCESS(status))
return irp	GetRequestorProcessId ()
	return (pRequest->GetFxIrp() ->GetIoIrp() ->IsDriverCreated() ? TRUE :FALSE)
pRequest	GetFxIrp () -> GetIoIrp() ->SetUserModeDriverInitiatedIo(IsUserModeDriverInitiated)
	return (pRequest->GetFxIrp() ->GetIoIrp() ->GetUserModeDriverInitiatedIo() ? TRUE :FALSE)
	FxPointerNotNull (pFxDriverGlobals, ActivityId)
	if (pRequest->GetFxIrp() ->GetIoIrp() ->IsActivityIdSet()==FALSE)
return()	WDF_DEVICE_IO_TYPE (pRequest->GetFxIrp() ->GetIoIrp() ->GetTransferMode())

Variables
_Must_inspect_result_ _In_ WDFREQUEST	Request
_Must_inspect_result_ _In_ WDFREQUEST _In_ SECURITY_IMPERSONATION_LEVEL	ImpersonationLevel
_Must_inspect_result_ _In_ WDFREQUEST _In_ SECURITY_IMPERSONATION_LEVEL _In_ PFN_WDF_REQUEST_IMPERSONATE	EvtRequestImpersonate
_Must_inspect_result_ _In_ WDFREQUEST _In_ SECURITY_IMPERSONATION_LEVEL _In_ PFN_WDF_REQUEST_IMPERSONATE _In_opt_ PVOID	Context
NTSTATUS	status
FxRequest *	pRequest
MdIrp	irp
_In_ WDFREQUEST _In_ BOOLEAN	IsUserModeDriverInitiated
_In_ WDFREQUEST _In_ LPGUID	ActivityId

Function Documentation

_IRQL_requires_max_()

_Must_inspect_result_ _IRQL_requires_max_

(

PASSIVE_LEVEL

)

Queries information details about a security descriptor.

Computes the quota size of a security descriptor.

Assigns a security descriptor for a new object.

An extended function that assigns a security descriptor for a new object.

Frees a security descriptor.

An extended function that sets new information data to a security descriptor.

Modifies some information data about a security descriptor.

Parameters

[in]	SecurityInformation	Security information details to be queried from a security descriptor.
[out]	SecurityDescriptor	The returned security descriptor with security information data.
[in,out]	Length	The returned length of a security descriptor.
[in,out]	ObjectsSecurityDescriptor	The returned object security descriptor.

Returns

Returns STATUS_SUCCESS if the operations have been completed successfully and that the specific information about the security descriptor has been queried. STATUS_BUFFER_TOO_SMALL is returned if the buffer size is too small to contain the queried info about the security descriptor.

Parameters

[in]	Object	If specified, the function will use this arbitrary object that points to an object security descriptor.
[in]	SecurityInformation	Security information details to be set.
[in]	SecurityDescriptor	A security descriptor where its info is to be changed.
[in,out]	ObjectsSecurityDescriptor	The returned pointer to security descriptor objects.
[in]	PoolType	Pool type for the new security descriptor to allocate.
[in]	GenericMapping	The generic mapping of access rights masks.

Returns

See SeSetSecurityDescriptorInfoEx.

Parameters

[in]	Object	If specified, the function will use this arbitrary object that points to an object security descriptor.
[in]	SecurityInformation	Security information details to be set.
[in]	SecurityDescriptor	A security descriptor where its info is to be changed.
[in,out]	ObjectsSecurityDescriptor	The returned pointer to security descriptor objects.
[in]	AutoInheritFlags	Flags bitmask inheritation, influencing how the security descriptor can be inherited and if it can be in the first place.
[in]	PoolType	Pool type for the new security descriptor to allocate.
[in]	GenericMapping	The generic mapping of access rights masks.

Returns

Returns STATUS_SUCCESS if the operations have been completed without problems and that new info has been set to the security descriptor. STATUS_NO_SECURITY_ON_OBJECT is returned if the object does not have a security descriptor. STATUS_INSUFFICIENT_RESOURCES is returned if memory pool allocation for the new security descriptor with new info set has failed.

Parameters

[in]

SecurityDescriptor

A security descriptor to be freed from memory.

Returns

Returns STATUS_SUCCESS.

Parameters

[in]	_ParentDescriptor	A security descriptor of the parent object that is being created.
[in]	_ExplicitDescriptor	An explicit security descriptor that is applied to a new object.
[out]	NewDescriptor	The new allocated security descriptor.
[in]	ObjectType	The type of the new object.
[in]	IsDirectoryObject	Set this to TRUE if the newly created object is a directory object, otherwise set this to FALSE.
[in]	AutoInheritFlags	Automatic inheritance flags that influence how access control entries within ACLs from security descriptors are inherited.
[in]	SubjectContext	Security subject context of the new object.
[in]	GenericMapping	Generic mapping of access mask rights.
[in]	PoolType	This parameter is unused.

Returns

Returns STATUS_SUCCESS if the operations have been completed successfully and that the security descriptor has been assigned to the new object. STATUS_NO_TOKEN is returned if the caller hasn't supplied a valid argument to a security subject context. STATUS_INVALID_OWNER is returned if the caller hasn't supplied a parent descriptor that belongs to the main user (owner). STATUS_INVALID_PRIMARY_GROUP is returned by the same reason as with the previous NTSTATUS code. The two NTSTATUS codes are returned if the calling thread stated that the owner and/or group is defaulted to the parent descriptor (SEF_DEFAULT_OWNER_FROM_PARENT and/or SEF_DEFAULT_GROUP_FROM_PARENT respectively). STATUS_INSUFFICIENT_RESOURCES is returned if memory pool allocation for the descriptor buffer has failed. A failure NTSTATUS is returned otherwise.

Parameters

[in]	ParentDescriptor	A security descriptor of the parent object that is being created.
[in]	ExplicitDescriptor	An explicit security descriptor that is applied to a new object.
[out]	NewDescriptor	The new allocated security descriptor.
[in]	IsDirectoryObject	Set this to TRUE if the newly created object is a directory object, otherwise set this to FALSE.
[in]	SubjectContext	Security subject context of the new object.
[in]	GenericMapping	Generic mapping of access mask rights.
[in]	PoolType	This parameter is unused.

Returns

See SeAssignSecurityEx.

Parameters

[in]	SecurityDescriptor	A security descriptor.
[out]	QuotaInfoSize	The returned quota size of the given security descriptor to the caller. The function may return 0 to this parameter if the descriptor doesn't have a group or a discretionary access control list (DACL) even.

Returns

Returns STATUS_SUCCESS if the quota size of a security descriptor has been computed successfully. STATUS_UNKNOWN_REVISION is returned if the security descriptor has an invalid revision.

Definition at line 923 of file Messaging.c.

{
    PFLT_SERVER_PORT_OBJECT PortObject;
    NTSTATUS Status;
 
    /* The caller must allow at least one connection */
    if (MaxConnections == 0)
    {
        return STATUS_INVALID_PARAMETER;
    }
 
    /* The request must be for a kernel handle */
    if (!(ObjectAttributes->Attributes & OBJ_KERNEL_HANDLE))
    {
        return STATUS_INVALID_PARAMETER;
    }
 
    /*
     * Get rundown protection on the target to stop the owner
     * from unloading whilst this port object is open. It gets
     * removed in the FltpServerPortClose callback
     */
    Status = FltObjectReference(Filter);
    if (!NT_SUCCESS(Status))
    {
        return Status;
    }
 
    /* Create the server port object for this filter */
    Status = ObCreateObject(KernelMode,
                            ServerPortObjectType,
                            ObjectAttributes,
                            KernelMode,
                            NULL,
                            sizeof(FLT_SERVER_PORT_OBJECT),
                            0,
                            0,
                            (PVOID *)&PortObject);
    if (NT_SUCCESS(Status))
    {
        /* Zero out the struct */
        RtlZeroMemory(PortObject, sizeof(FLT_SERVER_PORT_OBJECT));
 
        /* Increment the ref count on the target filter */
        FltpObjectPointerReference((PFLT_OBJECT)Filter);
 
        /* Setup the filter port object */
        PortObject->Filter = Filter;
        PortObject->ConnectNotify = ConnectNotifyCallback;
        PortObject->DisconnectNotify = DisconnectNotifyCallback;
        PortObject->MessageNotify = MessageNotifyCallback;
        PortObject->Cookie = ServerPortCookie;
        PortObject->MaxConnections = MaxConnections;
 
        /* Insert the object */
        Status = ObInsertObject(PortObject,
                                NULL,
                                STANDARD_RIGHTS_ALL | FILE_READ_DATA,
                                0,
                                NULL,
                                (PHANDLE)ServerPort);
        if (NT_SUCCESS(Status))
        {
            /* Lock the connection list */
            ExAcquireFastMutex(&Filter->ConnectionList.mLock);
 
            /* Add the new port object to the connection list and increment the count */
            InsertTailList(&Filter->ConnectionList.mList, &PortObject->FilterLink);
            Filter->ConnectionList.mCount++;
 
            /* Unlock the connection list*/
            ExReleaseFastMutex(&Filter->ConnectionList.mLock);
        }
    }
 
    if (!NT_SUCCESS(Status))
    {
        /* Allow the filter to be cleaned up */
        FltObjectDereference(Filter);
    }
 
    return Status;
}

FxObjectHandleGetPtrAndGlobals()

FxObjectHandleGetPtrAndGlobals	(	GetFxDriverGlobals(DriverGlobals)	,
		Request	,
		FX_TYPE_REQUEST	,
		(PVOID *)&	pRequest,
		&	pFxDriverGlobals
	)

FxPointerNotNull()

FxPointerNotNull	(	pFxDriverGlobals	,
		ActivityId
	)

GetFxIrp()

pRequest GetFxIrp

(

)

-> GetIoIrp() ->SetUserModeDriverInitiatedIo(IsUserModeDriverInitiated)

Referenced by FX_VF_METHOD().

GetRequestorProcessId()

return irp GetRequestorProcessId

(

)

if() [1/4]

if

(

!

NT_SUCCESSstatus

)

Definition at line 164 of file fxrequestapium.cpp.

                             {
        DoTraceLevelMessage(pFxDriverGlobals, TRACE_LEVEL_ERROR, TRACINGREQUEST,
                            "WDFREQUEST is already completed 0x%p, %!STATUS!",
                            Request, status);
        FxVerifierDbgBreakPoint(pFxDriverGlobals);
        return 0;
    }

if() [2/4]

if

(

EvtRequestImpersonate

= = NULL

)

Definition at line 93 of file fxrequestapium.cpp.

                                       {
        status = STATUS_INVALID_PARAMETER;
        DoTraceLevelMessage(pFxDriverGlobals, TRACE_LEVEL_ERROR, TRACINGREQUEST,
                            "EvtRequestImpersonate must not be NULL, %!STATUS!",
                            status);
        FxVerifierDbgBreakPoint(pFxDriverGlobals);
        return status;
    }

if() [3/4]

if

(

pRequest->

GetFxIrp) ->GetIoIrp() ->IsActivityIdSet( = = FALSE

)

Definition at line 393 of file fxrequestapium.cpp.

                                                                      {
        status = STATUS_INVALID_DEVICE_REQUEST;
        DoTraceLevelMessage(pFxDriverGlobals, TRACE_LEVEL_ERROR, TRACINGREQUEST,
                            "WDFREQUEST 0x%p Activity ID is not set for the "
                            "request, %!STATUS!", Request, status);
        return status;
    }

if() [4/4]

if

(

VALID_IMPERSONATION_LEVEL(ImpersonationLevel)

= = FALSE

)

Definition at line 84 of file fxrequestapium.cpp.

                                                                {
        status = STATUS_INVALID_PARAMETER;
        DoTraceLevelMessage(pFxDriverGlobals, TRACE_LEVEL_ERROR, TRACINGREQUEST,
                            "ImpersonationLevel is not a valid level, %!STATUS!",
                            status);
        FxVerifierDbgBreakPoint(pFxDriverGlobals);
        return status;
    }

return() [1/2]

return

(

pRequest->GetFxIrp() ->GetIoIrp() ->GetUserModeDriverInitiatedIo() ? TRUE :FALSE

)

return() [2/2]

return

(

pRequest->GetFxIrp() ->GetIoIrp() ->IsDriverCreated() ? TRUE :FALSE

)

WDF_DEVICE_IO_TYPE()

return() WDF_DEVICE_IO_TYPE

(

pRequest->

GetFxIrp) ->GetIoIrp() ->GetTransferMode(

)

Variable Documentation

ActivityId

* ActivityId

Initial value:

{
    PFX_DRIVER_GLOBALS pFxDriverGlobals

Definition at line 315 of file fxrequestapium.cpp.

Context

_Must_inspect_result_ _In_ WDFREQUEST _In_ SECURITY_IMPERSONATION_LEVEL _In_ PFN_WDF_REQUEST_IMPERSONATE _In_opt_ PVOID Context

Initial value:

{
    PFX_DRIVER_GLOBALS pFxDriverGlobals

Definition at line 43 of file fxrequestapium.cpp.

EvtRequestImpersonate

_Must_inspect_result_ _In_ WDFREQUEST _In_ SECURITY_IMPERSONATION_LEVEL _In_ PFN_WDF_REQUEST_IMPERSONATE EvtRequestImpersonate

Definition at line 41 of file fxrequestapium.cpp.

Referenced by FxRequest::Impersonate().

ImpersonationLevel

_Must_inspect_result_ _In_ WDFREQUEST _In_ SECURITY_IMPERSONATION_LEVEL ImpersonationLevel

Definition at line 39 of file fxrequestapium.cpp.

irp

MdIrp irp

Definition at line 146 of file fxrequestapium.cpp.

IsUserModeDriverInitiated

_In_ WDFREQUEST _In_ BOOLEAN IsUserModeDriverInitiated

Initial value:

{
    PFX_DRIVER_GLOBALS pFxDriverGlobals

Definition at line 226 of file fxrequestapium.cpp.

pRequest

FxRequest* pRequest

Definition at line 73 of file fxrequestapium.cpp.

Request

_In_ WDFREQUEST Request

Initial value:

{
    PFX_DRIVER_GLOBALS pFxDriverGlobals

Definition at line 37 of file fxrequestapium.cpp.

status

status

Initial value:

= pRequest->Impersonate(ImpersonationLevel,
                                   EvtRequestImpersonate,
                                   Context)

Definition at line 72 of file fxrequestapium.cpp.

Referenced by if().