ReactOS  0.4.14-dev-317-g96040ec
secursup.cpp File Reference
#include "udffs.h"
Include dependency graph for secursup.cpp:

Go to the source code of this file.

Macros

#define UDF_BUG_CHECK_ID   UDF_FILE_SECURITY
 

Functions

NTSTATUS UDFReadSecurity (IN PVCB Vcb, IN PtrUDFFCB Fcb, IN PSECURITY_DESCRIPTOR *SecurityDesc)
 
NTSTATUS UDFAssignAcl (IN PVCB Vcb, IN PFILE_OBJECT FileObject, IN PtrUDFFCB Fcb, IN PtrUDFNTRequiredFCB NtReqFcb)
 
VOID UDFDeassignAcl (IN PtrUDFNTRequiredFCB NtReqFcb, IN BOOLEAN AutoInherited)
 
NTSTATUS UDFWriteSecurity (IN PVCB Vcb, IN PtrUDFFCB Fcb, IN PSECURITY_DESCRIPTOR *SecurityDesc)
 
PSECURITY_DESCRIPTOR UDFLookUpAcl (IN PVCB Vcb, PFILE_OBJECT FileObject, IN PtrUDFFCB Fcb)
 
NTSTATUS UDFCheckAccessRights (PFILE_OBJECT FileObject, PACCESS_STATE AccessState, PtrUDFFCB Fcb, PtrUDFCCB Ccb, ACCESS_MASK DesiredAccess, USHORT ShareAccess)
 
NTSTATUS UDFSetAccessRights (PFILE_OBJECT FileObject, PACCESS_STATE AccessState, PtrUDFFCB Fcb, PtrUDFCCB Ccb, ACCESS_MASK DesiredAccess, USHORT ShareAccess)
 

Macro Definition Documentation

◆ UDF_BUG_CHECK_ID

#define UDF_BUG_CHECK_ID   UDF_FILE_SECURITY

Definition at line 20 of file secursup.cpp.

Function Documentation

◆ UDFAssignAcl()

NTSTATUS UDFAssignAcl ( IN PVCB  Vcb,
IN PFILE_OBJECT  FileObject,
IN PtrUDFFCB  Fcb,
IN PtrUDFNTRequiredFCB  NtReqFcb 
)

Definition at line 706 of file secursup.cpp.

712 {
714 #ifdef UDF_ENABLE_SECURITY
715 // SECURITY_INFORMATION SecurityInformation;
716 
717 // UDFPrint((" UDFAssignAcl\n"));
718  if(!NtReqFcb->SecurityDesc) {
719 
720  PSECURITY_DESCRIPTOR ExplicitSecurity = NULL;
721 
722  if(UDFIsAStreamDir(Fcb->FileInfo) || UDFIsAStream(Fcb->FileInfo)) {
723  // Stream/SDir security
724  NtReqFcb->SecurityDesc = Fcb->FileInfo->ParentFile->Dloc->CommonFcb->SecurityDesc;
725  return STATUS_SUCCESS;
726  } else
727  if(!Fcb->FileInfo) {
728  // Volume security
729  if(Vcb->RootDirFCB &&
730  Vcb->RootDirFCB->FileInfo &&
731  Vcb->RootDirFCB->FileInfo->Dloc &&
732  Vcb->RootDirFCB->FileInfo->Dloc->CommonFcb) {
733  RC = UDFInheritAcl(Vcb, &(Vcb->RootDirFCB->FileInfo->Dloc->CommonFcb->SecurityDesc), &ExplicitSecurity);
734  } else {
735  NtReqFcb->SecurityDesc = NULL;
737  }
738  return RC;
739  }
740 
741  RC = UDFReadSecurity(Vcb, Fcb, &ExplicitSecurity);
742  if(RC == STATUS_NO_SECURITY_ON_OBJECT) {
743  if(!Fcb->FileInfo->ParentFile) {
744  RC = UDFBuildFullControlAcl(Vcb, &ExplicitSecurity);
745  } else {
746  RC = UDFInheritAcl(Vcb, &(Fcb->FileInfo->ParentFile->Dloc->CommonFcb->SecurityDesc), &ExplicitSecurity);
747  }
748 /* if(NT_SUCCESS(RC)) {
749  NtReqFcb->NtReqFCBFlags |= UDF_NTREQ_FCB_SD_MODIFIED;
750  }*/
751  }
752  if(NT_SUCCESS(RC)) {
753 
754 // SecurityInformation = FULL_SECURITY_INFORMATION;
755  NtReqFcb->SecurityDesc = ExplicitSecurity;
756 
757 /* RC = SeSetSecurityDescriptorInfo(FileObject,
758  &SecurityInformation,
759  ExplicitSecurity,
760  &(NtReqFcb->SecurityDesc),
761  NonPagedPool,
762  IoGetFileObjectGenericMapping() );*/
763 
764  }
765  }
766 #endif //UDF_ENABLE_SECURITY
767  return RC;
768 } // end UDFAssignAcl()
LONG NTSTATUS
Definition: precomp.h:26
smooth NULL
Definition: ftsmooth.c:416
NTSTATUS UDFReadSecurity(IN PVCB Vcb, IN PtrUDFFCB Fcb, IN PSECURITY_DESCRIPTOR *SecurityDesc)
Definition: secursup.cpp:420
#define UDFIsAStreamDir(FI)
Definition: udf_info.h:998
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
#define Vcb
Definition: cdprocs.h:1425
#define STATUS_NO_SECURITY_ON_OBJECT
Definition: ntstatus.h:437
#define NtReqFcb
_In_ PFCB Fcb
Definition: cdprocs.h:151
return STATUS_SUCCESS
Definition: btrfs.c:2938
#define UDFIsAStream(FI)
Definition: udf_info.h:1002

Referenced by UDFCompleteMount(), and UDFLookUpAcl().

◆ UDFCheckAccessRights()

NTSTATUS UDFCheckAccessRights ( PFILE_OBJECT  FileObject,
PACCESS_STATE  AccessState,
PtrUDFFCB  Fcb,
PtrUDFCCB  Ccb,
ACCESS_MASK  DesiredAccess,
USHORT  ShareAccess 
)

Definition at line 927 of file secursup.cpp.

935 {
936  NTSTATUS RC;
937  BOOLEAN ROCheck = FALSE;
938 #ifdef UDF_ENABLE_SECURITY
939  BOOLEAN SecurityCheck;
940  PSECURITY_DESCRIPTOR SecDesc;
942  ACCESS_MASK LocalAccessMask;
943 #endif //UDF_ENABLE_SECURITY
944 
945  // Check attr compatibility
946  ASSERT(Fcb);
947  ASSERT(Fcb->Vcb);
948 #ifdef UDF_READ_ONLY_BUILD
949  goto treat_as_ro;
950 #endif //UDF_READ_ONLY_BUILD
951 
952  if(Fcb->FCBFlags & UDF_FCB_READ_ONLY) {
953  ROCheck = TRUE;
954  } else
955  if((Fcb->Vcb->origIntegrityType == INTEGRITY_TYPE_OPEN) &&
956  Ccb && !(Ccb->CCBFlags & UDF_CCB_VOLUME_OPEN) &&
957  (Fcb->Vcb->CompatFlags & UDF_VCB_IC_DIRTY_RO)) {
958  AdPrint(("force R/O on dirty\n"));
959  ROCheck = TRUE;
960  }
961  if(ROCheck) {
962 #ifdef UDF_READ_ONLY_BUILD
963 treat_as_ro:
964 #endif //UDF_READ_ONLY_BUILD
965  ACCESS_MASK DesiredAccessMask = 0;
966 
967  if(Fcb->Vcb->CompatFlags & UDF_VCB_IC_WRITE_IN_RO_DIR) {
968  if(Fcb->FCBFlags & UDF_FCB_DIRECTORY) {
969  DesiredAccessMask = (FILE_WRITE_EA |
970  DELETE);
971  } else {
972  DesiredAccessMask = (FILE_WRITE_DATA |
974  FILE_WRITE_EA |
975  DELETE);
976  }
977  } else {
978  DesiredAccessMask = (FILE_WRITE_DATA |
980  FILE_WRITE_EA |
983  FILE_ADD_FILE |
984  DELETE);
985  }
986  if(DesiredAccess & DesiredAccessMask)
987  return STATUS_ACCESS_DENIED;
988  }
989 #ifdef UDF_ENABLE_SECURITY
990  // Check Security
991  // NOTE: we should not perform security check if an empty DesiredAccess
992  // was specified. AFAIU, SeAccessCheck() will return FALSE in this case.
993  SecDesc = UDFLookUpAcl(Fcb->Vcb, FileObject, Fcb);
994  if(SecDesc && DesiredAccess) {
996  SecurityCheck =
997  SeAccessCheck(SecDesc,
999  FALSE,
1000  DesiredAccess,
1001  Ccb ? Ccb->PreviouslyGrantedAccess : 0,
1002  NULL,
1004  UserMode,
1005  Ccb ? &(Ccb->PreviouslyGrantedAccess) : &LocalAccessMask,
1006  &RC);
1008 
1009  if(!SecurityCheck) {
1010  return RC;
1011  } else
1012 #endif //UDF_ENABLE_SECURITY
1015  return STATUS_ACCESS_DENIED;
1016  Ccb->PreviouslyGrantedAccess |= ACCESS_SYSTEM_SECURITY;
1017  }
1018 #ifdef UDF_ENABLE_SECURITY
1019  }
1020 #endif //UDF_ENABLE_SECURITY
1021  if(FileObject) {
1022  if (Fcb->OpenHandleCount) {
1023  // The FCB is currently in use by some thread.
1024  // We must check whether the requested access/share access
1025  // conflicts with the existing open operations.
1027  &(Fcb->NTRequiredFCB->FCBShareAccess), TRUE);
1028 #ifndef UDF_ENABLE_SECURITY
1029  if(Ccb)
1030  Ccb->PreviouslyGrantedAccess |= DesiredAccess;
1031  IoUpdateShareAccess(FileObject, &(Fcb->NTRequiredFCB->FCBShareAccess));
1032 #endif //UDF_ENABLE_SECURITY
1033  } else {
1034  IoSetShareAccess(DesiredAccess, ShareAccess, FileObject, &(Fcb->NTRequiredFCB->FCBShareAccess));
1035 #ifndef UDF_ENABLE_SECURITY
1036  if(Ccb)
1037  Ccb->PreviouslyGrantedAccess = DesiredAccess;
1038 #endif //UDF_ENABLE_SECURITY
1039  RC = STATUS_SUCCESS;
1040  }
1041  } else {
1042  // we get here if given file was opened for internal purposes
1043  RC = STATUS_SUCCESS;
1044  }
1045  return RC;
1046 } // end UDFCheckAccessRights()
PGENERIC_MAPPING NTAPI IoGetFileObjectGenericMapping(VOID)
Definition: file.c:3266
#define UDF_VCB_IC_WRITE_IN_RO_DIR
Definition: udf_common.h:499
VOID NTAPI SeCaptureSubjectContext(OUT PSECURITY_SUBJECT_CONTEXT SubjectContext)
Definition: access.c:301
BOOLEAN NTAPI SeAccessCheck(IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext, IN BOOLEAN SubjectContextLocked, IN ACCESS_MASK DesiredAccess, IN ACCESS_MASK PreviouslyGrantedAccess, OUT PPRIVILEGE_SET *Privileges, IN PGENERIC_MAPPING GenericMapping, IN KPROCESSOR_MODE AccessMode, OUT PACCESS_MASK GrantedAccess, OUT PNTSTATUS AccessStatus)
Definition: accesschk.c:340
#define FILE_WRITE_EA
Definition: nt_native.h:640
_Inout_ PLIST_ENTRY _In_ PVOID _In_ PSTRING _In_ BOOLEAN _In_ BOOLEAN _In_ ULONG _In_ PFLT_CALLBACK_DATA _In_opt_ PCHECK_FOR_TRAVERSE_ACCESS _In_opt_ PSECURITY_SUBJECT_CONTEXT SubjectContext
Definition: fltkernel.h:2239
VOID NTAPI SeReleaseSubjectContext(IN PSECURITY_SUBJECT_CONTEXT SubjectContext)
Definition: access.c:360
#define TRUE
Definition: types.h:120
#define AdPrint(_x_)
Definition: env_spec_w32.h:292
#define ACCESS_SYSTEM_SECURITY
Definition: nt_native.h:77
LONG NTSTATUS
Definition: precomp.h:26
PSECURITY_DESCRIPTOR UDFLookUpAcl(IN PVCB Vcb, PFILE_OBJECT FileObject, IN PtrUDFFCB Fcb)
Definition: secursup.cpp:915
BOOLEAN NTAPI SeSinglePrivilegeCheck(IN LUID PrivilegeValue, IN KPROCESSOR_MODE PreviousMode)
Definition: priv.c:524
VOID NTAPI IoSetShareAccess(IN ACCESS_MASK DesiredAccess, IN ULONG DesiredShareAccess, IN PFILE_OBJECT FileObject, OUT PSHARE_ACCESS ShareAccess)
Definition: file.c:3516
#define FILE_APPEND_DATA
Definition: nt_native.h:634
_In_ PIO_STACK_LOCATION _Inout_ PFILE_OBJECT _Inout_ PVCB _Outptr_result_maybenull_ PDCB _In_ PDCB _In_ PDIRENT _In_ ULONG _In_ ULONG _In_ PUNICODE_STRING _In_ PACCESS_MASK _In_ USHORT ShareAccess
Definition: create.c:4157
LUID SeSecurityPrivilege
Definition: setypes.h:1147
#define UDF_VCB_IC_DIRTY_RO
Definition: udf_common.h:516
#define FILE_DELETE_CHILD
Definition: nt_native.h:645
#define FILE_ADD_FILE
Definition: nt_native.h:632
PSE_EXPORTS SeExports
Definition: semgr.c:18
unsigned char BOOLEAN
smooth NULL
Definition: ftsmooth.c:416
_Inout_ PFILE_OBJECT FileObject
Definition: cdprocs.h:593
#define FILE_WRITE_DATA
Definition: nt_native.h:631
ULONG OpenHandleCount
Definition: ntfs.h:533
#define UDF_CCB_VOLUME_OPEN
Definition: struct.h:166
#define UDF_FCB_DIRECTORY
Definition: struct.h:303
#define STATUS_ACCESS_DENIED
Definition: udferr_usr.h:145
ASSERT((InvokeOnSuccess||InvokeOnError||InvokeOnCancel) ?(CompletionRoutine !=NULL) :TRUE)
#define FILE_ADD_SUBDIRECTORY
Definition: nt_native.h:635
_Inout_ PFILE_OBJECT _In_ TYPE_OF_OPEN PFCB _In_opt_ PCCB Ccb
Definition: cdprocs.h:593
NTSTATUS NTAPI IoCheckShareAccess(IN ACCESS_MASK DesiredAccess, IN ULONG DesiredShareAccess, IN PFILE_OBJECT FileObject, IN PSHARE_ACCESS ShareAccess, IN BOOLEAN Update)
Definition: file.c:3389
_In_ PIO_STACK_LOCATION _Inout_ PFILE_OBJECT _Inout_ PVCB _Outptr_result_maybenull_ PDCB _In_ PDCB _In_ PDIRENT _In_ ULONG _In_ ULONG _In_ PUNICODE_STRING _In_ PACCESS_MASK DesiredAccess
Definition: create.c:4157
#define UDF_FCB_READ_ONLY
Definition: struct.h:312
#define INTEGRITY_TYPE_OPEN
Definition: ecma_167.h:357
PVCB Vcb
Definition: cdstruc.h:939
_In_ PFCB Fcb
Definition: cdprocs.h:151
return STATUS_SUCCESS
Definition: btrfs.c:2938
VOID NTAPI IoUpdateShareAccess(IN PFILE_OBJECT FileObject, OUT PSHARE_ACCESS ShareAccess)
Definition: file.c:3350
ULONG ACCESS_MASK
Definition: nt_native.h:40
#define DELETE
Definition: nt_native.h:57

Referenced by UDFCommonCreate(), UDFDoesOSAllowFileToBeTargetForRename__(), UDFSetAccessRights(), and UDFSetDispositionInformation().

◆ UDFDeassignAcl()

VOID UDFDeassignAcl ( IN PtrUDFNTRequiredFCB  NtReqFcb,
IN BOOLEAN  AutoInherited 
)

Definition at line 772 of file secursup.cpp.

776 {
777 #ifdef UDF_ENABLE_SECURITY
778 // NTSTATUS RC = STATUS_SUCCESS;
779 
780 // UDFPrint((" UDFDeassignAcl\n"));
781  if(!NtReqFcb->SecurityDesc)
782  return;
783 
784  if(AutoInherited) {
785  NtReqFcb->SecurityDesc = NULL;
786  return;
787  }
788 
789  SeDeassignSecurity(&(NtReqFcb->SecurityDesc));
790  NtReqFcb->SecurityDesc = NULL; // HA BCRK CLU4
791 #endif //UDF_ENABLE_SECURITY
792  return;
793 } // end UDFDeassignAcl()
smooth NULL
Definition: ftsmooth.c:416
#define NtReqFcb

Referenced by UDFCleanUpFcbChain(), and UDFSetAccessRights().

◆ UDFLookUpAcl()

PSECURITY_DESCRIPTOR UDFLookUpAcl ( IN PVCB  Vcb,
PFILE_OBJECT  FileObject,
IN PtrUDFFCB  Fcb 
)

Definition at line 915 of file secursup.cpp.

920 {
921  UDFAssignAcl(Vcb, FileObject, Fcb, Fcb->NTRequiredFCB);
922  return (Fcb->NTRequiredFCB->SecurityDesc);
923 } // end UDFLookUpAcl()
NTSTATUS UDFAssignAcl(IN PVCB Vcb, IN PFILE_OBJECT FileObject, IN PtrUDFFCB Fcb, IN PtrUDFNTRequiredFCB NtReqFcb)
Definition: secursup.cpp:706
_Inout_ PFILE_OBJECT FileObject
Definition: cdprocs.h:593
#define Vcb
Definition: cdprocs.h:1425
_In_ PFCB Fcb
Definition: cdprocs.h:151

Referenced by UDFCheckAccessRights(), and UDFSetAccessRights().

◆ UDFReadSecurity()

NTSTATUS UDFReadSecurity ( IN PVCB  Vcb,
IN PtrUDFFCB  Fcb,
IN PSECURITY_DESCRIPTOR SecurityDesc 
)

Definition at line 420 of file secursup.cpp.

425 {
426 #ifdef UDF_ENABLE_SECURITY
428  PUDF_FILE_INFO SDirInfo = NULL;
429  PUDF_FILE_INFO AclInfo = NULL;
430  NTSTATUS RC;
431  ULONG NumberBytesRead;
432  PERESOURCE Res1 = NULL;
433 
434  UDFPrint(("UDFReadSecurity\n"));
435 
436  _SEH2_TRY {
437 
438  FileInfo = Fcb->FileInfo;
439  ASSERT(FileInfo);
440  if(!FileInfo) {
441  UDFPrint((" Volume Security\n"));
443  }
444  if(Vcb->VCBFlags & UDF_VCB_FLAGS_RAW_DISK) {
445  UDFPrint((" No Security on blank volume\n"));
447  }
448 
449  // Open Stream Directory
450  RC = UDFOpenStreamDir__(Vcb, FileInfo, &SDirInfo);
451 
452  if(RC == STATUS_NOT_FOUND)
454  if(!NT_SUCCESS(RC)) {
455  if(UDFCleanUpFile__(Vcb, SDirInfo)) {
456  if(SDirInfo) MyFreePool__(SDirInfo);
457  }
458  SDirInfo = NULL;
459  try_return(RC);
460  }
461  // Acquire SDir exclusively if Fcb present
462  if(SDirInfo->Fcb) {
463  BrutePoint();
464  UDF_CHECK_PAGING_IO_RESOURCE(SDirInfo->Fcb->NTRequiredFCB);
465  UDFAcquireResourceExclusive(Res1 = &(SDirInfo->Fcb->NTRequiredFCB->MainResource),TRUE);
466  }
467 
468  // Open Acl Stream
469  RC = UDFOpenFile__(Vcb,
471  SDirInfo,&AclInfo,NULL);
474  if(!NT_SUCCESS(RC)) {
475  if(UDFCleanUpFile__(Vcb, AclInfo)) {
476  if(AclInfo) MyFreePool__(AclInfo);
477  }
478  AclInfo = NULL;
479  try_return(RC);
480  }
481 
482  NumberBytesRead = (ULONG)UDFGetFileSize(AclInfo);
483  (*SecurityDesc) = DbgAllocatePool(NonPagedPool, NumberBytesRead);
484  if(!(*SecurityDesc))
486  RC = UDFReadFile__(Vcb, AclInfo, 0, NumberBytesRead,
487  FALSE, (PCHAR)(*SecurityDesc), &NumberBytesRead);
488  if(!NT_SUCCESS(RC))
489  try_return(RC);
490 
491  RC = RtlValidSecurityDescriptor(*SecurityDesc);
492 
493 try_exit: NOTHING;
494 
495  } _SEH2_FINALLY {
496 
497  if(AclInfo) {
498  UDFCloseFile__(Vcb, AclInfo);
499  if(UDFCleanUpFile__(Vcb, AclInfo))
500  MyFreePool__(AclInfo);
501  }
502 
503  if(SDirInfo) {
504  UDFCloseFile__(Vcb, SDirInfo);
505  if(UDFCleanUpFile__(Vcb, SDirInfo))
506  MyFreePool__(SDirInfo);
507  }
508 
509  if(!NT_SUCCESS(RC) && (*SecurityDesc)) {
510  DbgFreePool(*SecurityDesc);
511  (*SecurityDesc) = NULL;
512  }
513  if(Res1)
514  UDFReleaseResource(Res1);
515  }
516 
517  return RC;
518 #else
520 #endif //UDF_ENABLE_SECURITY
521 
522 } // end UDFReadSecurity()
#define UDFAcquireResourceExclusive(Resource, CanWait)
Definition: env_spec_w32.h:656
signed char * PCHAR
Definition: retypes.h:7
#define DbgAllocatePool
Definition: env_spec_w32.h:332
NTSYSAPI BOOLEAN NTAPI RtlValidSecurityDescriptor(IN PSECURITY_DESCRIPTOR SecurityDescriptor)
Definition: sd.c:1055
#define UDFPrint(Args)
Definition: udffs.h:225
#define TRUE
Definition: types.h:120
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
UNICODE_STRING AclName
Definition: udf_common.h:618
#define UDFReleaseResource(Resource)
Definition: env_spec_w32.h:661
LONG NTSTATUS
Definition: precomp.h:26
int64 UDFGetFileSize(IN PUDF_FILE_INFO FileInfo)
Definition: udf_info.cpp:1236
_SEH2_TRY
Definition: create.c:4250
#define UDF_VCB_FLAGS_RAW_DISK
Definition: udf_common.h:476
ERESOURCE * PERESOURCE
Definition: env_spec_w32.h:595
smooth NULL
Definition: ftsmooth.c:416
OSSTATUS UDFOpenStreamDir__(IN PVCB Vcb, IN PUDF_FILE_INFO FileInfo, OUT PUDF_FILE_INFO *_SDirInfo)
Definition: udf_info.cpp:4965
#define DbgFreePool
Definition: env_spec_w32.h:334
uint32 UDFCleanUpFile__(IN PVCB Vcb, IN PUDF_FILE_INFO FileInfo)
Definition: udf_info.cpp:2276
#define STATUS_NOT_FOUND
Definition: shellext.h:72
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
#define try_return(S)
Definition: cdprocs.h:2189
#define Vcb
Definition: cdprocs.h:1425
#define MyFreePool__(addr)
Definition: mem_tools.h:152
#define BrutePoint()
Definition: env_spec_w32.h:504
OSSTATUS UDFOpenFile__(IN PVCB Vcb, IN BOOLEAN IgnoreCase, IN BOOLEAN NotDeleted, IN PUNICODE_STRING fn, IN PUDF_FILE_INFO DirInfo, OUT PUDF_FILE_INFO *_FileInfo, IN uint_di *IndexToOpen)
Definition: udf_info.cpp:2004
#define STATUS_NO_SECURITY_ON_OBJECT
Definition: ntstatus.h:437
ASSERT((InvokeOnSuccess||InvokeOnError||InvokeOnCancel) ?(CompletionRoutine !=NULL) :TRUE)
UDFData UDFGlobalData
Definition: udfinit.cpp:25
#define NOTHING
Definition: env_spec_w32.h:461
OSSTATUS UDFCloseFile__(IN PVCB Vcb, IN PUDF_FILE_INFO FileInfo)
Definition: udf_info.cpp:2994
__inline OSSTATUS UDFReadFile__(IN PVCB Vcb, IN PUDF_FILE_INFO FileInfo, IN int64 Offset, IN SIZE_T Length, IN BOOLEAN Direct, OUT int8 *Buffer, OUT PSIZE_T ReadBytes)
Definition: udf_info.h:666
#define STATUS_OBJECT_NAME_NOT_FOUND
Definition: udferr_usr.h:149
#define UDF_CHECK_PAGING_IO_RESOURCE(NTReqFCB)
Definition: udffs.h:262
_SEH2_FINALLY
Definition: create.c:4395
unsigned int ULONG
Definition: retypes.h:1
struct _UDFFileControlBlock * Fcb
Definition: udf_rel.h:362
_In_ PFCB Fcb
Definition: cdprocs.h:151

Referenced by UDFAssignAcl().

◆ UDFSetAccessRights()

NTSTATUS UDFSetAccessRights ( PFILE_OBJECT  FileObject,
PACCESS_STATE  AccessState,
PtrUDFFCB  Fcb,
PtrUDFCCB  Ccb,
ACCESS_MASK  DesiredAccess,
USHORT  ShareAccess 
)

Definition at line 1049 of file secursup.cpp.

1057 {
1058 #ifndef UDF_ENABLE_SECURITY
1059  ASSERT(Ccb);
1060  ASSERT(Fcb->FileInfo);
1061 
1063 
1064 #else //UDF_ENABLE_SECURITY
1065 
1066  NTSTATUS RC;
1067  // Set Security on Object
1068  PSECURITY_DESCRIPTOR SecDesc;
1070  BOOLEAN AutoInherit;
1071 
1072  ASSERT(Ccb);
1073  ASSERT(Fcb->FileInfo);
1074 
1075  SecDesc = UDFLookUpAcl(Fcb->Vcb, FileObject, Fcb);
1076  AutoInherit = UDFIsAStreamDir(Fcb->FileInfo) || UDFIsAStream(Fcb->FileInfo);
1077 
1078  if(SecDesc && !AutoInherit) {
1079  // Get caller's User/Primary Group info
1081  RC = SeAssignSecurity(
1082  Fcb->FileInfo->ParentFile->Dloc->CommonFcb->SecurityDesc,
1083 // NULL,
1084  AccessState->SecurityDescriptor,
1085  &(Fcb->NTRequiredFCB->SecurityDesc),
1086  UDFIsADirectory(Fcb->FileInfo),
1087  &SubjectContext,
1089  NonPagedPool);
1091  UDFConvertToSelfRelative(&(Fcb->NTRequiredFCB->SecurityDesc));
1092 
1093  if(!NT_SUCCESS(RC)) {
1094 Clean_Up_SD:
1095  UDFDeassignAcl(Fcb->NTRequiredFCB, AutoInherit);
1096  return RC;
1097  }
1098  }
1099 
1101  if(!NT_SUCCESS(RC))
1102  goto Clean_Up_SD;
1103  return RC;
1104 
1105 #endif //UDF_ENABLE_SECURITY
1106 
1107 } // end UDFSetAccessRights()
PGENERIC_MAPPING NTAPI IoGetFileObjectGenericMapping(VOID)
Definition: file.c:3266
VOID NTAPI SeCaptureSubjectContext(OUT PSECURITY_SUBJECT_CONTEXT SubjectContext)
Definition: access.c:301
_Inout_ PLIST_ENTRY _In_ PVOID _In_ PSTRING _In_ BOOLEAN _In_ BOOLEAN _In_ ULONG _In_ PFLT_CALLBACK_DATA _In_opt_ PCHECK_FOR_TRAVERSE_ACCESS _In_opt_ PSECURITY_SUBJECT_CONTEXT SubjectContext
Definition: fltkernel.h:2239
VOID NTAPI SeReleaseSubjectContext(IN PSECURITY_SUBJECT_CONTEXT SubjectContext)
Definition: access.c:360
NTSTATUS UDFCheckAccessRights(PFILE_OBJECT FileObject, PACCESS_STATE AccessState, PtrUDFFCB Fcb, PtrUDFCCB Ccb, ACCESS_MASK DesiredAccess, USHORT ShareAccess)
Definition: secursup.cpp:927
LONG NTSTATUS
Definition: precomp.h:26
PSECURITY_DESCRIPTOR UDFLookUpAcl(IN PVCB Vcb, PFILE_OBJECT FileObject, IN PtrUDFFCB Fcb)
Definition: secursup.cpp:915
_In_ PIO_STACK_LOCATION _Inout_ PFILE_OBJECT _Inout_ PVCB _Outptr_result_maybenull_ PDCB _In_ PDCB _In_ PDIRENT _In_ ULONG _In_ ULONG _In_ PUNICODE_STRING _In_ PACCESS_MASK _In_ USHORT ShareAccess
Definition: create.c:4157
#define UDFIsADirectory(FileInfo)
Definition: udf_info.h:792
unsigned char BOOLEAN
_Inout_ PFILE_OBJECT FileObject
Definition: cdprocs.h:593
VOID UDFDeassignAcl(IN PtrUDFNTRequiredFCB NtReqFcb, IN BOOLEAN AutoInherited)
Definition: secursup.cpp:772
#define UDFIsAStreamDir(FI)
Definition: udf_info.h:998
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
ASSERT((InvokeOnSuccess||InvokeOnError||InvokeOnCancel) ?(CompletionRoutine !=NULL) :TRUE)
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE AccessState
Definition: sefuncs.h:414
_Inout_ PFILE_OBJECT _In_ TYPE_OF_OPEN PFCB _In_opt_ PCCB Ccb
Definition: cdprocs.h:593
_In_ PIO_STACK_LOCATION _Inout_ PFILE_OBJECT _Inout_ PVCB _Outptr_result_maybenull_ PDCB _In_ PDCB _In_ PDIRENT _In_ ULONG _In_ ULONG _In_ PUNICODE_STRING _In_ PACCESS_MASK DesiredAccess
Definition: create.c:4157
PVCB Vcb
Definition: cdstruc.h:939
_In_ PFCB Fcb
Definition: cdprocs.h:151
#define UDFIsAStream(FI)
Definition: udf_info.h:1002

Referenced by UDFCommonCreate().

◆ UDFWriteSecurity()

NTSTATUS UDFWriteSecurity ( IN PVCB  Vcb,
IN PtrUDFFCB  Fcb,
IN PSECURITY_DESCRIPTOR SecurityDesc 
)

Definition at line 796 of file secursup.cpp.

801 {
802 #ifdef UDF_ENABLE_SECURITY
804  PUDF_FILE_INFO SDirInfo = NULL;
805  PUDF_FILE_INFO AclInfo = NULL;
806  PERESOURCE Res1 = NULL;
807  NTSTATUS RC;
808  ULONG NumberBytesRead;
809 
810 // UDFPrint(("UDFWriteSecurity\n"));
811 
812 #if !defined(UDF_READ_ONLY_BUILD)
813 
814  if(!Vcb->WriteSecurity ||
815  (Vcb->VCBFlags & (UDF_VCB_FLAGS_VOLUME_READ_ONLY |
817 
818 #endif
819 
820  return STATUS_SUCCESS;
821 
822 #if !defined(UDF_READ_ONLY_BUILD)
823 
824  _SEH2_TRY {
825 
826  FileInfo = Fcb->FileInfo;
827  ASSERT(FileInfo);
828  if(!FileInfo) {
829  UDFPrint((" Volume Security\n"));
831  }
832 
833  if(!(Fcb->NTRequiredFCB->NtReqFCBFlags & UDF_NTREQ_FCB_SD_MODIFIED))
835 
836  // Open Stream Directory
837  RC = UDFOpenStreamDir__(Vcb, FileInfo, &SDirInfo);
838 
839  if(RC == STATUS_NOT_FOUND) {
840  RC = UDFCreateStreamDir__(Vcb, FileInfo, &SDirInfo);
841  }
842  if(!NT_SUCCESS(RC)) {
843  if(UDFCleanUpFile__(Vcb, SDirInfo)) {
844  if(SDirInfo) MyFreePool__(SDirInfo);
845  }
846  SDirInfo = NULL;
847  try_return(RC);
848  }
849  // Acquire SDir exclusively if Fcb present
850  if(SDirInfo->Fcb) {
851  BrutePoint();
852  UDF_CHECK_PAGING_IO_RESOURCE(SDirInfo->Fcb->NTRequiredFCB);
853  UDFAcquireResourceExclusive(Res1 = &(SDirInfo->Fcb->NTRequiredFCB->MainResource),TRUE);
854  }
855 
856  // Open Acl Stream
857  RC = UDFOpenFile__(Vcb,
859  SDirInfo,&AclInfo,NULL);
860  if(RC == STATUS_OBJECT_NAME_NOT_FOUND) {
862  0, 0, FALSE, FALSE, SDirInfo, &AclInfo);
863  }
864  if(!NT_SUCCESS(RC)) {
865  if(UDFCleanUpFile__(Vcb, AclInfo)) {
866  if(AclInfo) MyFreePool__(AclInfo);
867  }
868  AclInfo = NULL;
869  try_return(RC);
870  }
871 
872  if(!(*SecurityDesc)) {
873  UDFFlushFile__(Vcb, AclInfo);
874  RC = UDFUnlinkFile__(Vcb, AclInfo, TRUE);
875  try_return(RC);
876  }
877  NumberBytesRead = RtlLengthSecurityDescriptor(*SecurityDesc);
878 
879  RC = UDFWriteFile__(Vcb, AclInfo, 0, NumberBytesRead,
880  FALSE, (PCHAR)(*SecurityDesc), &NumberBytesRead);
881  if(!NT_SUCCESS(RC))
882  try_return(RC);
883 
884  Fcb->NTRequiredFCB->NtReqFCBFlags &= ~UDF_NTREQ_FCB_SD_MODIFIED;
885 
886 try_exit: NOTHING;
887 
888  } _SEH2_FINALLY {
889 
890  if(AclInfo) {
891  UDFCloseFile__(Vcb, AclInfo);
892  if(UDFCleanUpFile__(Vcb, AclInfo))
893  MyFreePool__(AclInfo);
894  }
895 
896  if(SDirInfo) {
897  UDFCloseFile__(Vcb, SDirInfo);
898  if(UDFCleanUpFile__(Vcb, SDirInfo))
899  MyFreePool__(SDirInfo);
900  }
901  if(Res1)
902  UDFReleaseResource(Res1);
903  }
904 
905  return RC;
906 
907 #endif
908 #endif //UDF_ENABLE_SECURITY
909 
910  return STATUS_SUCCESS;
911 
912 } // end UDFWriteSecurity()
#define UDFAcquireResourceExclusive(Resource, CanWait)
Definition: env_spec_w32.h:656
signed char * PCHAR
Definition: retypes.h:7
#define UDF_VCB_FLAGS_MEDIA_READ_ONLY
Definition: udf_common.h:481
#define UDFPrint(Args)
Definition: udffs.h:225
#define TRUE
Definition: types.h:120
UNICODE_STRING AclName
Definition: udf_common.h:618
#define UDFReleaseResource(Resource)
Definition: env_spec_w32.h:661
LONG NTSTATUS
Definition: precomp.h:26
OSSTATUS UDFCreateStreamDir__(IN PVCB Vcb, IN PUDF_FILE_INFO FileInfo, OUT PUDF_FILE_INFO *_SDirInfo)
Definition: udf_info.cpp:4888
_SEH2_TRY
Definition: create.c:4250
#define UDF_VCB_FLAGS_VOLUME_READ_ONLY
Definition: udf_common.h:463
ERESOURCE * PERESOURCE
Definition: env_spec_w32.h:595
smooth NULL
Definition: ftsmooth.c:416
OSSTATUS UDFFlushFile__(IN PVCB Vcb, IN PUDF_FILE_INFO FileInfo, IN ULONG FlushFlags)
Definition: udf_info.cpp:4119
OSSTATUS UDFOpenStreamDir__(IN PVCB Vcb, IN PUDF_FILE_INFO FileInfo, OUT PUDF_FILE_INFO *_SDirInfo)
Definition: udf_info.cpp:4965
uint32 UDFCleanUpFile__(IN PVCB Vcb, IN PUDF_FILE_INFO FileInfo)
Definition: udf_info.cpp:2276
OSSTATUS UDFCreateFile__(IN PVCB Vcb, IN BOOLEAN IgnoreCase, IN PUNICODE_STRING _fn, IN uint32 ExtAttrSz, IN uint32 ImpUseLen, IN BOOLEAN Extended, IN BOOLEAN CreateNew, IN OUT PUDF_FILE_INFO DirInfo, OUT PUDF_FILE_INFO *_FileInfo)
Definition: udf_info.cpp:2577
#define STATUS_NOT_FOUND
Definition: shellext.h:72
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
#define try_return(S)
Definition: cdprocs.h:2189
#define Vcb
Definition: cdprocs.h:1425
#define MyFreePool__(addr)
Definition: mem_tools.h:152
#define BrutePoint()
Definition: env_spec_w32.h:504
OSSTATUS UDFOpenFile__(IN PVCB Vcb, IN BOOLEAN IgnoreCase, IN BOOLEAN NotDeleted, IN PUNICODE_STRING fn, IN PUDF_FILE_INFO DirInfo, OUT PUDF_FILE_INFO *_FileInfo, IN uint_di *IndexToOpen)
Definition: udf_info.cpp:2004
ASSERT((InvokeOnSuccess||InvokeOnError||InvokeOnCancel) ?(CompletionRoutine !=NULL) :TRUE)
UDFData UDFGlobalData
Definition: udfinit.cpp:25
OSSTATUS UDFWriteFile__(IN PVCB Vcb, IN PUDF_FILE_INFO FileInfo, IN int64 Offset, IN SIZE_T Length, IN BOOLEAN Direct, IN int8 *Buffer, OUT PSIZE_T WrittenBytes)
Definition: udf_info.cpp:1605
#define NOTHING
Definition: env_spec_w32.h:461
OSSTATUS UDFCloseFile__(IN PVCB Vcb, IN PUDF_FILE_INFO FileInfo)
Definition: udf_info.cpp:2994
#define STATUS_OBJECT_NAME_NOT_FOUND
Definition: udferr_usr.h:149
#define UDF_CHECK_PAGING_IO_RESOURCE(NTReqFCB)
Definition: udffs.h:262
_SEH2_FINALLY
Definition: create.c:4395
OSSTATUS UDFUnlinkFile__(IN PVCB Vcb, IN PUDF_FILE_INFO FileInfo, IN BOOLEAN FreeSpace)
Definition: udf_info.cpp:1766
NTSYSAPI ULONG WINAPI RtlLengthSecurityDescriptor(PSECURITY_DESCRIPTOR)
unsigned int ULONG
Definition: retypes.h:1
struct _UDFFileControlBlock * Fcb
Definition: udf_rel.h:362
_In_ PFCB Fcb
Definition: cdprocs.h:151
return STATUS_SUCCESS
Definition: btrfs.c:2938
#define UDF_NTREQ_FCB_SD_MODIFIED
Definition: struct.h:233

Referenced by UDFCloseFileInfoChain(), UDFFlushADirectory(), and UDFFlushAFile().