ReactOS 0.4.16-dev-297-gc569aee
secursup.cpp File Reference
#include "udffs.h"
Include dependency graph for secursup.cpp:

Go to the source code of this file.

Macros

#define UDF_BUG_CHECK_ID   UDF_FILE_SECURITY
 

Functions

NTSTATUS UDFReadSecurity (IN PVCB Vcb, IN PtrUDFFCB Fcb, IN PSECURITY_DESCRIPTOR *SecurityDesc)
 
NTSTATUS UDFAssignAcl (IN PVCB Vcb, IN PFILE_OBJECT FileObject, IN PtrUDFFCB Fcb, IN PtrUDFNTRequiredFCB NtReqFcb)
 
VOID UDFDeassignAcl (IN PtrUDFNTRequiredFCB NtReqFcb, IN BOOLEAN AutoInherited)
 
NTSTATUS UDFWriteSecurity (IN PVCB Vcb, IN PtrUDFFCB Fcb, IN PSECURITY_DESCRIPTOR *SecurityDesc)
 
PSECURITY_DESCRIPTOR UDFLookUpAcl (IN PVCB Vcb, PFILE_OBJECT FileObject, IN PtrUDFFCB Fcb)
 
NTSTATUS UDFCheckAccessRights (PFILE_OBJECT FileObject, PACCESS_STATE AccessState, PtrUDFFCB Fcb, PtrUDFCCB Ccb, ACCESS_MASK DesiredAccess, USHORT ShareAccess)
 
NTSTATUS UDFSetAccessRights (PFILE_OBJECT FileObject, PACCESS_STATE AccessState, PtrUDFFCB Fcb, PtrUDFCCB Ccb, ACCESS_MASK DesiredAccess, USHORT ShareAccess)
 

Macro Definition Documentation

◆ UDF_BUG_CHECK_ID

#define UDF_BUG_CHECK_ID   UDF_FILE_SECURITY

Definition at line 20 of file secursup.cpp.

Function Documentation

◆ UDFAssignAcl()

NTSTATUS UDFAssignAcl ( IN PVCB  Vcb,
IN PFILE_OBJECT  FileObject,
IN PtrUDFFCB  Fcb,
IN PtrUDFNTRequiredFCB  NtReqFcb 
)

Definition at line 706 of file secursup.cpp.

712{
714#ifdef UDF_ENABLE_SECURITY
715// SECURITY_INFORMATION SecurityInformation;
716
717// UDFPrint((" UDFAssignAcl\n"));
718 if(!NtReqFcb->SecurityDesc) {
719
720 PSECURITY_DESCRIPTOR ExplicitSecurity = NULL;
721
722 if(UDFIsAStreamDir(Fcb->FileInfo) || UDFIsAStream(Fcb->FileInfo)) {
723 // Stream/SDir security
724 NtReqFcb->SecurityDesc = Fcb->FileInfo->ParentFile->Dloc->CommonFcb->SecurityDesc;
725 return STATUS_SUCCESS;
726 } else
727 if(!Fcb->FileInfo) {
728 // Volume security
729 if(Vcb->RootDirFCB &&
730 Vcb->RootDirFCB->FileInfo &&
731 Vcb->RootDirFCB->FileInfo->Dloc &&
732 Vcb->RootDirFCB->FileInfo->Dloc->CommonFcb) {
733 RC = UDFInheritAcl(Vcb, &(Vcb->RootDirFCB->FileInfo->Dloc->CommonFcb->SecurityDesc), &ExplicitSecurity);
734 } else {
735 NtReqFcb->SecurityDesc = NULL;
737 }
738 return RC;
739 }
740
741 RC = UDFReadSecurity(Vcb, Fcb, &ExplicitSecurity);
743 if(!Fcb->FileInfo->ParentFile) {
744 RC = UDFBuildFullControlAcl(Vcb, &ExplicitSecurity);
745 } else {
746 RC = UDFInheritAcl(Vcb, &(Fcb->FileInfo->ParentFile->Dloc->CommonFcb->SecurityDesc), &ExplicitSecurity);
747 }
748/* if(NT_SUCCESS(RC)) {
749 NtReqFcb->NtReqFCBFlags |= UDF_NTREQ_FCB_SD_MODIFIED;
750 }*/
751 }
752 if(NT_SUCCESS(RC)) {
753
754// SecurityInformation = FULL_SECURITY_INFORMATION;
755 NtReqFcb->SecurityDesc = ExplicitSecurity;
756
757/* RC = SeSetSecurityDescriptorInfo(FileObject,
758 &SecurityInformation,
759 ExplicitSecurity,
760 &(NtReqFcb->SecurityDesc),
761 NonPagedPool,
762 IoGetFileObjectGenericMapping() );*/
763
764 }
765 }
766#endif //UDF_ENABLE_SECURITY
767 return RC;
768} // end UDFAssignAcl()
LONG NTSTATUS
Definition: precomp.h:26
_In_ PFCB Fcb
Definition: cdprocs.h:159
#define NULL
Definition: types.h:112
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:33
#define NtReqFcb
#define STATUS_NO_SECURITY_ON_OBJECT
Definition: ntstatus.h:451
#define Vcb
Definition: cdprocs.h:1415
NTSTATUS UDFReadSecurity(IN PVCB Vcb, IN PtrUDFFCB Fcb, IN PSECURITY_DESCRIPTOR *SecurityDesc)
Definition: secursup.cpp:420
#define STATUS_SUCCESS
Definition: shellext.h:65
#define UDFIsAStreamDir(FI)
Definition: udf_info.h:998
#define UDFIsAStream(FI)
Definition: udf_info.h:1002

Referenced by UDFCompleteMount(), and UDFLookUpAcl().

◆ UDFCheckAccessRights()

NTSTATUS UDFCheckAccessRights ( PFILE_OBJECT  FileObject,
PACCESS_STATE  AccessState,
PtrUDFFCB  Fcb,
PtrUDFCCB  Ccb,
ACCESS_MASK  DesiredAccess,
USHORT  ShareAccess 
)

Definition at line 927 of file secursup.cpp.

935{
936 NTSTATUS RC;
937 BOOLEAN ROCheck = FALSE;
938#ifdef UDF_ENABLE_SECURITY
939 BOOLEAN SecurityCheck;
940 PSECURITY_DESCRIPTOR SecDesc;
942 ACCESS_MASK LocalAccessMask;
943#endif //UDF_ENABLE_SECURITY
944
945 // Check attr compatibility
946 ASSERT(Fcb);
947 ASSERT(Fcb->Vcb);
948#ifdef UDF_READ_ONLY_BUILD
949 goto treat_as_ro;
950#endif //UDF_READ_ONLY_BUILD
951
952 if(Fcb->FCBFlags & UDF_FCB_READ_ONLY) {
953 ROCheck = TRUE;
954 } else
955 if((Fcb->Vcb->origIntegrityType == INTEGRITY_TYPE_OPEN) &&
956 Ccb && !(Ccb->CCBFlags & UDF_CCB_VOLUME_OPEN) &&
957 (Fcb->Vcb->CompatFlags & UDF_VCB_IC_DIRTY_RO)) {
958 AdPrint(("force R/O on dirty\n"));
959 ROCheck = TRUE;
960 }
961 if(ROCheck) {
962#ifdef UDF_READ_ONLY_BUILD
963treat_as_ro:
964#endif //UDF_READ_ONLY_BUILD
965 ACCESS_MASK DesiredAccessMask = 0;
966
967 if(Fcb->Vcb->CompatFlags & UDF_VCB_IC_WRITE_IN_RO_DIR) {
968 if(Fcb->FCBFlags & UDF_FCB_DIRECTORY) {
969 DesiredAccessMask = (FILE_WRITE_EA |
970 DELETE);
971 } else {
972 DesiredAccessMask = (FILE_WRITE_DATA |
975 DELETE);
976 }
977 } else {
978 DesiredAccessMask = (FILE_WRITE_DATA |
984 DELETE);
985 }
986 if(DesiredAccess & DesiredAccessMask)
988 }
989#ifdef UDF_ENABLE_SECURITY
990 // Check Security
991 // NOTE: we should not perform security check if an empty DesiredAccess
992 // was specified. AFAIU, SeAccessCheck() will return FALSE in this case.
993 SecDesc = UDFLookUpAcl(Fcb->Vcb, FileObject, Fcb);
994 if(SecDesc && DesiredAccess) {
996 SecurityCheck =
997 SeAccessCheck(SecDesc,
999 FALSE,
1001 Ccb ? Ccb->PreviouslyGrantedAccess : 0,
1002 NULL,
1004 UserMode,
1005 Ccb ? &(Ccb->PreviouslyGrantedAccess) : &LocalAccessMask,
1006 &RC);
1008
1009 if(!SecurityCheck) {
1010 return RC;
1011 } else
1012#endif //UDF_ENABLE_SECURITY
1015 return STATUS_ACCESS_DENIED;
1016 Ccb->PreviouslyGrantedAccess |= ACCESS_SYSTEM_SECURITY;
1017 }
1018#ifdef UDF_ENABLE_SECURITY
1019 }
1020#endif //UDF_ENABLE_SECURITY
1021 if(FileObject) {
1022 if (Fcb->OpenHandleCount) {
1023 // The FCB is currently in use by some thread.
1024 // We must check whether the requested access/share access
1025 // conflicts with the existing open operations.
1027 &(Fcb->NTRequiredFCB->FCBShareAccess), TRUE);
1028#ifndef UDF_ENABLE_SECURITY
1029 if(Ccb)
1030 Ccb->PreviouslyGrantedAccess |= DesiredAccess;
1031 IoUpdateShareAccess(FileObject, &(Fcb->NTRequiredFCB->FCBShareAccess));
1032#endif //UDF_ENABLE_SECURITY
1033 } else {
1034 IoSetShareAccess(DesiredAccess, ShareAccess, FileObject, &(Fcb->NTRequiredFCB->FCBShareAccess));
1035#ifndef UDF_ENABLE_SECURITY
1036 if(Ccb)
1037 Ccb->PreviouslyGrantedAccess = DesiredAccess;
1038#endif //UDF_ENABLE_SECURITY
1039 RC = STATUS_SUCCESS;
1040 }
1041 } else {
1042 // we get here if given file was opened for internal purposes
1043 RC = STATUS_SUCCESS;
1044 }
1045 return RC;
1046} // end UDFCheckAccessRights()
unsigned char BOOLEAN
BOOLEAN NTAPI SeAccessCheck(_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext, _In_ BOOLEAN SubjectContextLocked, _In_ ACCESS_MASK DesiredAccess, _In_ ACCESS_MASK PreviouslyGrantedAccess, _Out_ PPRIVILEGE_SET *Privileges, _In_ PGENERIC_MAPPING GenericMapping, _In_ KPROCESSOR_MODE AccessMode, _Out_ PACCESS_MASK GrantedAccess, _Out_ PNTSTATUS AccessStatus)
Determines whether security access rights can be given to an object depending on the security descrip...
Definition: accesschk.c:1994
_Inout_ PFILE_OBJECT _In_ TYPE_OF_OPEN PFCB _In_opt_ PCCB Ccb
Definition: cdprocs.h:592
#define TRUE
Definition: types.h:120
#define FALSE
Definition: types.h:117
_In_ PIO_STACK_LOCATION _Inout_ PFILE_OBJECT _Inout_ PVCB _Outptr_result_maybenull_ PDCB _In_ PDCB _In_ PDIRENT _In_ ULONG _In_ ULONG _In_ PUNICODE_STRING _In_ PACCESS_MASK _In_ USHORT ShareAccess
Definition: create.c:4147
#define INTEGRITY_TYPE_OPEN
Definition: ecma_167.h:357
#define AdPrint(_x_)
Definition: env_spec_w32.h:292
_Inout_ PLIST_ENTRY _In_ PVOID _In_ PSTRING _In_ BOOLEAN _In_ BOOLEAN _In_ ULONG _In_ PFLT_CALLBACK_DATA _In_opt_ PCHECK_FOR_TRAVERSE_ACCESS _In_opt_ PSECURITY_SUBJECT_CONTEXT SubjectContext
Definition: fltkernel.h:2246
#define ASSERT(a)
Definition: mode.c:44
#define UserMode
Definition: asm.h:35
#define FILE_WRITE_DATA
Definition: nt_native.h:631
ULONG ACCESS_MASK
Definition: nt_native.h:40
#define ACCESS_SYSTEM_SECURITY
Definition: nt_native.h:77
#define FILE_DELETE_CHILD
Definition: nt_native.h:645
#define FILE_APPEND_DATA
Definition: nt_native.h:634
#define DELETE
Definition: nt_native.h:57
#define FILE_ADD_SUBDIRECTORY
Definition: nt_native.h:635
#define FILE_ADD_FILE
Definition: nt_native.h:632
#define FILE_WRITE_EA
Definition: nt_native.h:640
VOID NTAPI IoSetShareAccess(IN ACCESS_MASK DesiredAccess, IN ULONG DesiredShareAccess, IN PFILE_OBJECT FileObject, OUT PSHARE_ACCESS ShareAccess)
Definition: file.c:3517
NTSTATUS NTAPI IoCheckShareAccess(IN ACCESS_MASK DesiredAccess, IN ULONG DesiredShareAccess, IN PFILE_OBJECT FileObject, IN PSHARE_ACCESS ShareAccess, IN BOOLEAN Update)
Definition: file.c:3390
PGENERIC_MAPPING NTAPI IoGetFileObjectGenericMapping(VOID)
Definition: file.c:3267
VOID NTAPI IoUpdateShareAccess(IN PFILE_OBJECT FileObject, OUT PSHARE_ACCESS ShareAccess)
Definition: file.c:3351
BOOLEAN NTAPI SeSinglePrivilegeCheck(_In_ LUID PrivilegeValue, _In_ KPROCESSOR_MODE PreviousMode)
Checks if a single privilege is present in the context of the calling thread.
Definition: priv.c:744
PSECURITY_DESCRIPTOR UDFLookUpAcl(IN PVCB Vcb, PFILE_OBJECT FileObject, IN PtrUDFFCB Fcb)
Definition: secursup.cpp:915
PSE_EXPORTS SeExports
Definition: semgr.c:21
#define UDF_FCB_READ_ONLY
Definition: struct.h:312
#define UDF_CCB_VOLUME_OPEN
Definition: struct.h:166
#define UDF_FCB_DIRECTORY
Definition: struct.h:303
PVCB Vcb
Definition: cdstruc.h:933
ULONG OpenHandleCount
Definition: ntfs.h:537
LUID SeSecurityPrivilege
Definition: setypes.h:1201
VOID NTAPI SeReleaseSubjectContext(_In_ PSECURITY_SUBJECT_CONTEXT SubjectContext)
Releases both the primary and client tokens of a security subject context.
Definition: subject.c:171
VOID NTAPI SeCaptureSubjectContext(_Out_ PSECURITY_SUBJECT_CONTEXT SubjectContext)
Captures the security subject context of the calling thread and calling process.
Definition: subject.c:85
#define UDF_VCB_IC_DIRTY_RO
Definition: udf_common.h:516
#define UDF_VCB_IC_WRITE_IN_RO_DIR
Definition: udf_common.h:499
#define STATUS_ACCESS_DENIED
Definition: udferr_usr.h:145
_Must_inspect_result_ _In_ WDFDEVICE _In_ ULONG _In_ ACCESS_MASK DesiredAccess
Definition: wdfdevice.h:2658
_In_ WDFREQUEST _In_ WDFFILEOBJECT FileObject
Definition: wdfdevice.h:550

Referenced by UDFCommonCreate(), UDFDoesOSAllowFileToBeTargetForRename__(), UDFSetAccessRights(), and UDFSetDispositionInformation().

◆ UDFDeassignAcl()

VOID UDFDeassignAcl ( IN PtrUDFNTRequiredFCB  NtReqFcb,
IN BOOLEAN  AutoInherited 
)

Definition at line 772 of file secursup.cpp.

776{
777#ifdef UDF_ENABLE_SECURITY
778// NTSTATUS RC = STATUS_SUCCESS;
779
780// UDFPrint((" UDFDeassignAcl\n"));
781 if(!NtReqFcb->SecurityDesc)
782 return;
783
784 if(AutoInherited) {
785 NtReqFcb->SecurityDesc = NULL;
786 return;
787 }
788
789 SeDeassignSecurity(&(NtReqFcb->SecurityDesc));
790 NtReqFcb->SecurityDesc = NULL; // HA BCRK CLU4
791#endif //UDF_ENABLE_SECURITY
792 return;
793} // end UDFDeassignAcl()

Referenced by UDFCleanUpFcbChain(), and UDFSetAccessRights().

◆ UDFLookUpAcl()

PSECURITY_DESCRIPTOR UDFLookUpAcl ( IN PVCB  Vcb,
PFILE_OBJECT  FileObject,
IN PtrUDFFCB  Fcb 
)

Definition at line 915 of file secursup.cpp.

920{
921 UDFAssignAcl(Vcb, FileObject, Fcb, Fcb->NTRequiredFCB);
922 return (Fcb->NTRequiredFCB->SecurityDesc);
923} // end UDFLookUpAcl()
NTSTATUS UDFAssignAcl(IN PVCB Vcb, IN PFILE_OBJECT FileObject, IN PtrUDFFCB Fcb, IN PtrUDFNTRequiredFCB NtReqFcb)
Definition: secursup.cpp:706

Referenced by UDFCheckAccessRights(), and UDFSetAccessRights().

◆ UDFReadSecurity()

NTSTATUS UDFReadSecurity ( IN PVCB  Vcb,
IN PtrUDFFCB  Fcb,
IN PSECURITY_DESCRIPTOR SecurityDesc 
)

Definition at line 420 of file secursup.cpp.

425{
426#ifdef UDF_ENABLE_SECURITY
428 PUDF_FILE_INFO SDirInfo = NULL;
429 PUDF_FILE_INFO AclInfo = NULL;
430 NTSTATUS RC;
431 ULONG NumberBytesRead;
432 PERESOURCE Res1 = NULL;
433
434 UDFPrint(("UDFReadSecurity\n"));
435
436 _SEH2_TRY {
437
438 FileInfo = Fcb->FileInfo;
440 if(!FileInfo) {
441 UDFPrint((" Volume Security\n"));
443 }
444 if(Vcb->VCBFlags & UDF_VCB_FLAGS_RAW_DISK) {
445 UDFPrint((" No Security on blank volume\n"));
447 }
448
449 // Open Stream Directory
450 RC = UDFOpenStreamDir__(Vcb, FileInfo, &SDirInfo);
451
452 if(RC == STATUS_NOT_FOUND)
454 if(!NT_SUCCESS(RC)) {
455 if(UDFCleanUpFile__(Vcb, SDirInfo)) {
456 if(SDirInfo) MyFreePool__(SDirInfo);
457 }
458 SDirInfo = NULL;
459 try_return(RC);
460 }
461 // Acquire SDir exclusively if Fcb present
462 if(SDirInfo->Fcb) {
463 BrutePoint();
464 UDF_CHECK_PAGING_IO_RESOURCE(SDirInfo->Fcb->NTRequiredFCB);
465 UDFAcquireResourceExclusive(Res1 = &(SDirInfo->Fcb->NTRequiredFCB->MainResource),TRUE);
466 }
467
468 // Open Acl Stream
469 RC = UDFOpenFile__(Vcb,
471 SDirInfo,&AclInfo,NULL);
474 if(!NT_SUCCESS(RC)) {
475 if(UDFCleanUpFile__(Vcb, AclInfo)) {
476 if(AclInfo) MyFreePool__(AclInfo);
477 }
478 AclInfo = NULL;
479 try_return(RC);
480 }
481
482 NumberBytesRead = (ULONG)UDFGetFileSize(AclInfo);
483 (*SecurityDesc) = DbgAllocatePool(NonPagedPool, NumberBytesRead);
484 if(!(*SecurityDesc))
486 RC = UDFReadFile__(Vcb, AclInfo, 0, NumberBytesRead,
487 FALSE, (PCHAR)(*SecurityDesc), &NumberBytesRead);
488 if(!NT_SUCCESS(RC))
489 try_return(RC);
490
491 RC = RtlValidSecurityDescriptor(*SecurityDesc);
492
493try_exit: NOTHING;
494
495 } _SEH2_FINALLY {
496
497 if(AclInfo) {
498 UDFCloseFile__(Vcb, AclInfo);
499 if(UDFCleanUpFile__(Vcb, AclInfo))
500 MyFreePool__(AclInfo);
501 }
502
503 if(SDirInfo) {
504 UDFCloseFile__(Vcb, SDirInfo);
505 if(UDFCleanUpFile__(Vcb, SDirInfo))
506 MyFreePool__(SDirInfo);
507 }
508
509 if(!NT_SUCCESS(RC) && (*SecurityDesc)) {
510 DbgFreePool(*SecurityDesc);
511 (*SecurityDesc) = NULL;
512 }
513 if(Res1)
514 UDFReleaseResource(Res1);
515 }
516
517 return RC;
518#else
520#endif //UDF_ENABLE_SECURITY
521
522} // end UDFReadSecurity()
#define try_return(S)
Definition: cdprocs.h:2179
#define UDFReleaseResource(Resource)
Definition: env_spec_w32.h:661
#define UDFAcquireResourceExclusive(Resource, CanWait)
Definition: env_spec_w32.h:656
#define DbgFreePool
Definition: env_spec_w32.h:334
#define DbgAllocatePool
Definition: env_spec_w32.h:332
ERESOURCE * PERESOURCE
Definition: env_spec_w32.h:595
#define NonPagedPool
Definition: env_spec_w32.h:307
#define BrutePoint()
Definition: env_spec_w32.h:504
#define NOTHING
Definition: input_list.c:10
#define MyFreePool__(addr)
Definition: mem_tools.h:152
NTSYSAPI BOOLEAN NTAPI RtlValidSecurityDescriptor(IN PSECURITY_DESCRIPTOR SecurityDescriptor)
Definition: sd.c:1054
#define _SEH2_FINALLY
Definition: pseh2_64.h:114
#define _SEH2_TRY
Definition: pseh2_64.h:55
#define STATUS_NOT_FOUND
Definition: shellext.h:72
UNICODE_STRING AclName
Definition: udf_common.h:618
struct _UDFFileControlBlock * Fcb
Definition: udf_rel.h:362
uint32_t ULONG
Definition: typedefs.h:59
char * PCHAR
Definition: typedefs.h:51
#define UDF_VCB_FLAGS_RAW_DISK
Definition: udf_common.h:476
int64 UDFGetFileSize(IN PUDF_FILE_INFO FileInfo)
Definition: udf_info.cpp:1236
OSSTATUS UDFCloseFile__(IN PVCB Vcb, IN PUDF_FILE_INFO FileInfo)
Definition: udf_info.cpp:2994
uint32 UDFCleanUpFile__(IN PVCB Vcb, IN PUDF_FILE_INFO FileInfo)
Definition: udf_info.cpp:2276
OSSTATUS UDFOpenStreamDir__(IN PVCB Vcb, IN PUDF_FILE_INFO FileInfo, OUT PUDF_FILE_INFO *_SDirInfo)
Definition: udf_info.cpp:4965
OSSTATUS UDFOpenFile__(IN PVCB Vcb, IN BOOLEAN IgnoreCase, IN BOOLEAN NotDeleted, IN PUNICODE_STRING fn, IN PUDF_FILE_INFO DirInfo, OUT PUDF_FILE_INFO *_FileInfo, IN uint_di *IndexToOpen)
Definition: udf_info.cpp:2004
__inline OSSTATUS UDFReadFile__(IN PVCB Vcb, IN PUDF_FILE_INFO FileInfo, IN int64 Offset, IN SIZE_T Length, IN BOOLEAN Direct, OUT int8 *Buffer, OUT PSIZE_T ReadBytes)
Definition: udf_info.h:666
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
#define STATUS_OBJECT_NAME_NOT_FOUND
Definition: udferr_usr.h:149
UDFData UDFGlobalData
Definition: udfinit.cpp:25
#define UDF_CHECK_PAGING_IO_RESOURCE(NTReqFCB)
Definition: udffs.h:260
#define UDFPrint(Args)
Definition: udffs.h:223

Referenced by UDFAssignAcl().

◆ UDFSetAccessRights()

NTSTATUS UDFSetAccessRights ( PFILE_OBJECT  FileObject,
PACCESS_STATE  AccessState,
PtrUDFFCB  Fcb,
PtrUDFCCB  Ccb,
ACCESS_MASK  DesiredAccess,
USHORT  ShareAccess 
)

Definition at line 1049 of file secursup.cpp.

1057{
1058#ifndef UDF_ENABLE_SECURITY
1059 ASSERT(Ccb);
1060 ASSERT(Fcb->FileInfo);
1061
1063
1064#else //UDF_ENABLE_SECURITY
1065
1066 NTSTATUS RC;
1067 // Set Security on Object
1068 PSECURITY_DESCRIPTOR SecDesc;
1070 BOOLEAN AutoInherit;
1071
1072 ASSERT(Ccb);
1073 ASSERT(Fcb->FileInfo);
1074
1075 SecDesc = UDFLookUpAcl(Fcb->Vcb, FileObject, Fcb);
1076 AutoInherit = UDFIsAStreamDir(Fcb->FileInfo) || UDFIsAStream(Fcb->FileInfo);
1077
1078 if(SecDesc && !AutoInherit) {
1079 // Get caller's User/Primary Group info
1081 RC = SeAssignSecurity(
1082 Fcb->FileInfo->ParentFile->Dloc->CommonFcb->SecurityDesc,
1083// NULL,
1084 AccessState->SecurityDescriptor,
1085 &(Fcb->NTRequiredFCB->SecurityDesc),
1086 UDFIsADirectory(Fcb->FileInfo),
1089 NonPagedPool);
1091 UDFConvertToSelfRelative(&(Fcb->NTRequiredFCB->SecurityDesc));
1092
1093 if(!NT_SUCCESS(RC)) {
1094Clean_Up_SD:
1095 UDFDeassignAcl(Fcb->NTRequiredFCB, AutoInherit);
1096 return RC;
1097 }
1098 }
1099
1101 if(!NT_SUCCESS(RC))
1102 goto Clean_Up_SD;
1103 return RC;
1104
1105#endif //UDF_ENABLE_SECURITY
1106
1107} // end UDFSetAccessRights()
VOID UDFDeassignAcl(IN PtrUDFNTRequiredFCB NtReqFcb, IN BOOLEAN AutoInherited)
Definition: secursup.cpp:772
NTSTATUS UDFCheckAccessRights(PFILE_OBJECT FileObject, PACCESS_STATE AccessState, PtrUDFFCB Fcb, PtrUDFCCB Ccb, ACCESS_MASK DesiredAccess, USHORT ShareAccess)
Definition: secursup.cpp:927
#define UDFIsADirectory(FileInfo)
Definition: udf_info.h:792
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE AccessState
Definition: sefuncs.h:417

Referenced by UDFCommonCreate().

◆ UDFWriteSecurity()

NTSTATUS UDFWriteSecurity ( IN PVCB  Vcb,
IN PtrUDFFCB  Fcb,
IN PSECURITY_DESCRIPTOR SecurityDesc 
)

Definition at line 796 of file secursup.cpp.

801{
802#ifdef UDF_ENABLE_SECURITY
804 PUDF_FILE_INFO SDirInfo = NULL;
805 PUDF_FILE_INFO AclInfo = NULL;
806 PERESOURCE Res1 = NULL;
807 NTSTATUS RC;
808 ULONG NumberBytesRead;
809
810// UDFPrint(("UDFWriteSecurity\n"));
811
812#if !defined(UDF_READ_ONLY_BUILD)
813
814 if(!Vcb->WriteSecurity ||
815 (Vcb->VCBFlags & (UDF_VCB_FLAGS_VOLUME_READ_ONLY |
817
818#endif
819
820 return STATUS_SUCCESS;
821
822#if !defined(UDF_READ_ONLY_BUILD)
823
824 _SEH2_TRY {
825
826 FileInfo = Fcb->FileInfo;
828 if(!FileInfo) {
829 UDFPrint((" Volume Security\n"));
831 }
832
833 if(!(Fcb->NTRequiredFCB->NtReqFCBFlags & UDF_NTREQ_FCB_SD_MODIFIED))
835
836 // Open Stream Directory
837 RC = UDFOpenStreamDir__(Vcb, FileInfo, &SDirInfo);
838
839 if(RC == STATUS_NOT_FOUND) {
840 RC = UDFCreateStreamDir__(Vcb, FileInfo, &SDirInfo);
841 }
842 if(!NT_SUCCESS(RC)) {
843 if(UDFCleanUpFile__(Vcb, SDirInfo)) {
844 if(SDirInfo) MyFreePool__(SDirInfo);
845 }
846 SDirInfo = NULL;
847 try_return(RC);
848 }
849 // Acquire SDir exclusively if Fcb present
850 if(SDirInfo->Fcb) {
851 BrutePoint();
852 UDF_CHECK_PAGING_IO_RESOURCE(SDirInfo->Fcb->NTRequiredFCB);
853 UDFAcquireResourceExclusive(Res1 = &(SDirInfo->Fcb->NTRequiredFCB->MainResource),TRUE);
854 }
855
856 // Open Acl Stream
857 RC = UDFOpenFile__(Vcb,
859 SDirInfo,&AclInfo,NULL);
862 0, 0, FALSE, FALSE, SDirInfo, &AclInfo);
863 }
864 if(!NT_SUCCESS(RC)) {
865 if(UDFCleanUpFile__(Vcb, AclInfo)) {
866 if(AclInfo) MyFreePool__(AclInfo);
867 }
868 AclInfo = NULL;
869 try_return(RC);
870 }
871
872 if(!(*SecurityDesc)) {
873 UDFFlushFile__(Vcb, AclInfo);
874 RC = UDFUnlinkFile__(Vcb, AclInfo, TRUE);
875 try_return(RC);
876 }
877 NumberBytesRead = RtlLengthSecurityDescriptor(*SecurityDesc);
878
879 RC = UDFWriteFile__(Vcb, AclInfo, 0, NumberBytesRead,
880 FALSE, (PCHAR)(*SecurityDesc), &NumberBytesRead);
881 if(!NT_SUCCESS(RC))
882 try_return(RC);
883
884 Fcb->NTRequiredFCB->NtReqFCBFlags &= ~UDF_NTREQ_FCB_SD_MODIFIED;
885
886try_exit: NOTHING;
887
888 } _SEH2_FINALLY {
889
890 if(AclInfo) {
891 UDFCloseFile__(Vcb, AclInfo);
892 if(UDFCleanUpFile__(Vcb, AclInfo))
893 MyFreePool__(AclInfo);
894 }
895
896 if(SDirInfo) {
897 UDFCloseFile__(Vcb, SDirInfo);
898 if(UDFCleanUpFile__(Vcb, SDirInfo))
899 MyFreePool__(SDirInfo);
900 }
901 if(Res1)
902 UDFReleaseResource(Res1);
903 }
904
905 return RC;
906
907#endif
908#endif //UDF_ENABLE_SECURITY
909
910 return STATUS_SUCCESS;
911
912} // end UDFWriteSecurity()
NTSYSAPI ULONG WINAPI RtlLengthSecurityDescriptor(PSECURITY_DESCRIPTOR)
#define UDF_NTREQ_FCB_SD_MODIFIED
Definition: struct.h:233
#define UDF_VCB_FLAGS_VOLUME_READ_ONLY
Definition: udf_common.h:463
#define UDF_VCB_FLAGS_MEDIA_READ_ONLY
Definition: udf_common.h:481
OSSTATUS UDFWriteFile__(IN PVCB Vcb, IN PUDF_FILE_INFO FileInfo, IN int64 Offset, IN SIZE_T Length, IN BOOLEAN Direct, IN int8 *Buffer, OUT PSIZE_T WrittenBytes)
Definition: udf_info.cpp:1605
OSSTATUS UDFFlushFile__(IN PVCB Vcb, IN PUDF_FILE_INFO FileInfo, IN ULONG FlushFlags)
Definition: udf_info.cpp:4119
OSSTATUS UDFUnlinkFile__(IN PVCB Vcb, IN PUDF_FILE_INFO FileInfo, IN BOOLEAN FreeSpace)
Definition: udf_info.cpp:1766
OSSTATUS UDFCreateFile__(IN PVCB Vcb, IN BOOLEAN IgnoreCase, IN PUNICODE_STRING _fn, IN uint32 ExtAttrSz, IN uint32 ImpUseLen, IN BOOLEAN Extended, IN BOOLEAN CreateNew, IN OUT PUDF_FILE_INFO DirInfo, OUT PUDF_FILE_INFO *_FileInfo)
Definition: udf_info.cpp:2577
OSSTATUS UDFCreateStreamDir__(IN PVCB Vcb, IN PUDF_FILE_INFO FileInfo, OUT PUDF_FILE_INFO *_SDirInfo)
Definition: udf_info.cpp:4888

Referenced by UDFCloseFileInfoChain(), UDFFlushADirectory(), and UDFFlushAFile().