ReactOS 0.4.15-dev-7093-g01a8288
secursup.cpp
Go to the documentation of this file.
1
2// Copyright (C) Alexander Telyatnikov, Ivan Keliukh, Yegor Anchishkin, SKIF Software, 1999-2013. Kiev, Ukraine
3// All rights reserved
4// This file was released under the GPLv2 on June 2015.
6/*************************************************************************
7*
8* File: SecurSup.cpp
9*
10* Module: UDF File System Driver (Kernel mode execution only)
11*
12* Description:
13* Contains code to handle the "Get/Set Security" dispatch entry points.
14*
15*************************************************************************/
16
17#include "udffs.h"
18
19// define the file specific bug-check id
20#define UDF_BUG_CHECK_ID UDF_FILE_SECURITY
21
22#ifdef UDF_ENABLE_SECURITY
23
24NTSTATUS UDFConvertToSelfRelative(
25 IN OUT PSECURITY_DESCRIPTOR* SecurityDesc);
26
27/*UCHAR FullControlSD[] = {
280x01, 0x00, 0x04, 0x80, 0x4c, 0x00, 0x00, 0x00,
290x58, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
300x14, 0x00, 0x00, 0x00, 0x02, 0x00, 0x38, 0x00,
310x02, 0x00, 0x00, 0x00, 0x00, 0x09, 0x18, 0x00,
320x00, 0x00, 0x00, 0x10, 0x01, 0x01, 0x00, 0x00,
330x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00,
340x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x18, 0x00,
350xff, 0x01, 0x1f, 0x00, 0x01, 0x01, 0x00, 0x00,
360x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00,
370x00, 0x00, 0x00, 0x00, 0x01, 0x01, 0x00, 0x00,
380x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00,
390x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
400x00, 0x00, 0x00, 0x00
41};*/
42
43/*************************************************************************
44*
45* Function: UDFGetSecurity()
46*
47* Description:
48*
49* Expected Interrupt Level (for execution) :
50*
51* IRQL_PASSIVE_LEVEL
52*
53* Return Value: Irrelevant.
54*
55*************************************************************************/
56NTSTATUS
57UDFGetSecurity(
58 IN PDEVICE_OBJECT DeviceObject, // the logical volume device object
59 IN PIRP Irp) // I/O Request Packet
60{
61 NTSTATUS RC = STATUS_SUCCESS;
62 PtrUDFIrpContext PtrIrpContext = NULL;
63 BOOLEAN AreWeTopLevel = FALSE;
64
65 UDFPrint(("UDFGetSecurity\n"));
66// BrutePoint();
67
68 FsRtlEnterFileSystem();
69 ASSERT(DeviceObject);
70 ASSERT(Irp);
71
72 // set the top level context
73 AreWeTopLevel = UDFIsIrpTopLevel(Irp);
74 ASSERT(!UDFIsFSDevObj(DeviceObject));
75 // Call the common Lock Control routine, with blocking allowed if
76 // synchronous
77 _SEH2_TRY {
78
79 // get an IRP context structure and issue the request
80 PtrIrpContext = UDFAllocateIrpContext(Irp, DeviceObject);
81 if(PtrIrpContext) {
82 RC = UDFCommonGetSecurity(PtrIrpContext, Irp);
83 } else {
84 RC = STATUS_INSUFFICIENT_RESOURCES;
85 Irp->IoStatus.Status = RC;
86 Irp->IoStatus.Information = 0;
87 // complete the IRP
88 IoCompleteRequest(Irp, IO_DISK_INCREMENT);
89 }
90
91 } __except (UDFExceptionFilter(PtrIrpContext, GetExceptionInformation())) {
92
93 RC = UDFExceptionHandler(PtrIrpContext, Irp);
94
95 UDFLogEvent(UDF_ERROR_INTERNAL_ERROR, RC);
96 }
97
98 if (AreWeTopLevel) {
99 IoSetTopLevelIrp(NULL);
100 }
101
102 FsRtlExitFileSystem();
103
104 return(RC);
105} // end UDFGetSecurity()
106
107
108/*************************************************************************
109*
110* Function: UDFCommonGetSecurity()
111*
112* Description:
113* This is the common routine for getting Security (ACL) called
114* by both the fsd and fsp threads
115*
116* Expected Interrupt Level (for execution) :
117*
118* IRQL_PASSIVE_LEVEL
119*
120* Return Value: Irrelevant
121*
122*************************************************************************/
123NTSTATUS
124UDFCommonGetSecurity(
125 IN PtrUDFIrpContext PtrIrpContext,
126 IN PIRP Irp)
127{
128 NTSTATUS RC = STATUS_SUCCESS;
129 PIO_STACK_LOCATION IrpSp = NULL;
130 BOOLEAN PostRequest = FALSE;
131 BOOLEAN CanWait = FALSE;
132 PtrUDFNTRequiredFCB NtReqFcb = NULL;
133 BOOLEAN AcquiredFCB = FALSE;
134 PFILE_OBJECT FileObject = NULL;
135 PtrUDFFCB Fcb = NULL;
136 PtrUDFCCB Ccb = NULL;
137 PVOID PtrSystemBuffer = NULL;
138 ULONG BufferLength = 0;
139
140 UDFPrint(("UDFCommonGetSecurity\n"));
141
142 _SEH2_TRY {
143
144 // First, get a pointer to the current I/O stack location.
145 IrpSp = IoGetCurrentIrpStackLocation(Irp);
146 ASSERT(IrpSp);
147
148 FileObject = IrpSp->FileObject;
149 ASSERT(FileObject);
150
151 // Get the FCB and CCB pointers.
152 Ccb = (PtrUDFCCB)(FileObject->FsContext2);
153 ASSERT(Ccb);
154 Fcb = Ccb->Fcb;
155 ASSERT(Fcb);
156
157/* if(!Fcb->Vcb->ReadSecurity)
158 try_return(RC = STATUS_NOT_IMPLEMENTED);*/
159
160 NtReqFcb = Fcb->NTRequiredFCB;
161 CanWait = ((PtrIrpContext->IrpContextFlags & UDF_IRP_CONTEXT_CAN_BLOCK) ? TRUE : FALSE);
162
163 // Acquire the FCB resource shared
164 UDF_CHECK_PAGING_IO_RESOURCE(NtReqFcb);
165 if (!UDFAcquireResourceExclusive(&(NtReqFcb->MainResource), CanWait)) {
166// if (!UDFAcquireResourceShared(&(NtReqFcb->MainResource), CanWait)) {
167 PostRequest = TRUE;
168 try_return(RC = STATUS_PENDING);
169 }
170 AcquiredFCB = TRUE;
171
172 PtrSystemBuffer = UDFGetCallersBuffer(PtrIrpContext, Irp);
173 if(!PtrSystemBuffer)
174 try_return(RC = STATUS_INVALID_USER_BUFFER);
175 BufferLength = IrpSp->Parameters.QuerySecurity.Length;
176
177 if(!NtReqFcb->SecurityDesc) {
178 RC = UDFAssignAcl(Fcb->Vcb, FileObject, Fcb, NtReqFcb);
179 if(!NT_SUCCESS(RC))
180 try_return(RC);
181 }
182
183 _SEH2_TRY {
184 RC = SeQuerySecurityDescriptorInfo(&(IrpSp->Parameters.QuerySecurity.SecurityInformation),
185 (PSECURITY_DESCRIPTOR)PtrSystemBuffer,
186 &BufferLength,
187 &(NtReqFcb->SecurityDesc) );
188 } _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER) {
189 RC = STATUS_BUFFER_TOO_SMALL;
190 }
191
192try_exit: NOTHING;
193
194 } _SEH2_FINALLY {
195
196 // Release the FCB resources if acquired.
197 if (AcquiredFCB) {
198 UDF_CHECK_PAGING_IO_RESOURCE(NtReqFcb);
199 UDFReleaseResource(&(NtReqFcb->MainResource));
200 AcquiredFCB = FALSE;
201 }
202
203 if (PostRequest) {
204 // Perform appropriate post related processing here
205 RC = UDFPostRequest(PtrIrpContext, Irp);
206 } else
207 if(!AbnormalTermination()) {
208 Irp->IoStatus.Status = RC;
209 Irp->IoStatus.Information = BufferLength;
210 // Free up the Irp Context
211 UDFReleaseIrpContext(PtrIrpContext);
212 // complete the IRP
213 IoCompleteRequest(Irp, IO_DISK_INCREMENT);
214 }
215
216 } // end of "__finally" processing
217
218 return(RC);
219}
220
221#ifndef UDF_READ_ONLY_BUILD
222/*************************************************************************
223*
224* Function: UDFSetSecurity()
225*
226* Description:
227*
228* Expected Interrupt Level (for execution) :
229*
230* IRQL_PASSIVE_LEVEL
231*
232* Return Value: Irrelevant.
233*
234*************************************************************************/
235NTSTATUS
236UDFSetSecurity(
237 IN PDEVICE_OBJECT DeviceObject, // the logical volume device object
238 IN PIRP Irp) // I/O Request Packet
239{
240 NTSTATUS RC = STATUS_SUCCESS;
241 PtrUDFIrpContext PtrIrpContext = NULL;
242 BOOLEAN AreWeTopLevel = FALSE;
243
244 UDFPrint(("UDFSetSecurity\n"));
245// BrutePoint();
246
247 FsRtlEnterFileSystem();
248 ASSERT(DeviceObject);
249 ASSERT(Irp);
250
251 // set the top level context
252 AreWeTopLevel = UDFIsIrpTopLevel(Irp);
253 // Call the common Lock Control routine, with blocking allowed if
254 // synchronous
255 _SEH2_TRY {
256
257 // get an IRP context structure and issue the request
258 PtrIrpContext = UDFAllocateIrpContext(Irp, DeviceObject);
259 if(PtrIrpContext) {
260 RC = UDFCommonSetSecurity(PtrIrpContext, Irp);
261 } else {
262 RC = STATUS_INSUFFICIENT_RESOURCES;
263 Irp->IoStatus.Status = RC;
264 Irp->IoStatus.Information = 0;
265 // complete the IRP
266 IoCompleteRequest(Irp, IO_DISK_INCREMENT);
267 }
268
269 } __except (UDFExceptionFilter(PtrIrpContext, GetExceptionInformation())) {
270
271 RC = UDFExceptionHandler(PtrIrpContext, Irp);
272
273 UDFLogEvent(UDF_ERROR_INTERNAL_ERROR, RC);
274 }
275
276 if (AreWeTopLevel) {
277 IoSetTopLevelIrp(NULL);
278 }
279
280 FsRtlExitFileSystem();
281
282 return(RC);
283} // end UDFSetSecurity()
284
285
286/*************************************************************************
287*
288* Function: UDFCommonSetSecurity()
289*
290* Description:
291* This is the common routine for getting Security (ACL) called
292* by both the fsd and fsp threads
293*
294* Expected Interrupt Level (for execution) :
295*
296* IRQL_PASSIVE_LEVEL
297*
298* Return Value: Irrelevant
299*
300*************************************************************************/
301NTSTATUS
302UDFCommonSetSecurity(
303 IN PtrUDFIrpContext PtrIrpContext,
304 IN PIRP Irp)
305{
306 NTSTATUS RC = STATUS_SUCCESS;
307 PIO_STACK_LOCATION IrpSp = NULL;
308 BOOLEAN PostRequest = FALSE;
309 BOOLEAN CanWait = FALSE;
310 PtrUDFNTRequiredFCB NtReqFcb = NULL;
311 BOOLEAN AcquiredFCB = FALSE;
312 PFILE_OBJECT FileObject = NULL;
313 PtrUDFFCB Fcb = NULL;
314 PtrUDFCCB Ccb = NULL;
315 ACCESS_MASK DesiredAccess = 0;
316
317 UDFPrint(("UDFCommonSetSecurity\n"));
318
319 _SEH2_TRY {
320
321 // First, get a pointer to the current I/O stack location.
322 IrpSp = IoGetCurrentIrpStackLocation(Irp);
323 ASSERT(IrpSp);
324
325 FileObject = IrpSp->FileObject;
326 ASSERT(FileObject);
327
328 // Get the FCB and CCB pointers.
329 Ccb = (PtrUDFCCB)(FileObject->FsContext2);
330 ASSERT(Ccb);
331 Fcb = Ccb->Fcb;
332 ASSERT(Fcb);
333
334 if(!Fcb->Vcb->WriteSecurity)
335 try_return(RC = STATUS_NOT_IMPLEMENTED);
336
337 NtReqFcb = Fcb->NTRequiredFCB;
338 CanWait = ((PtrIrpContext->IrpContextFlags & UDF_IRP_CONTEXT_CAN_BLOCK) ? TRUE : FALSE);
339
340 // Acquire the FCB resource exclusive
341 UDF_CHECK_PAGING_IO_RESOURCE(NtReqFcb);
342 if (!UDFAcquireResourceExclusive(&(NtReqFcb->MainResource), CanWait)) {
343 PostRequest = TRUE;
344 try_return(RC = STATUS_PENDING);
345 }
346 AcquiredFCB = TRUE;
347
348//OWNER_SECURITY_INFORMATION
349 if(IrpSp->Parameters.SetSecurity.SecurityInformation & OWNER_SECURITY_INFORMATION)
350 DesiredAccess |= WRITE_OWNER;
351//GROUP_SECURITY_INFORMATION
352 if(IrpSp->Parameters.SetSecurity.SecurityInformation & GROUP_SECURITY_INFORMATION)
353 DesiredAccess |= WRITE_OWNER;
354//DACL_SECURITY_INFORMATION
355 if(IrpSp->Parameters.SetSecurity.SecurityInformation & DACL_SECURITY_INFORMATION)
356 DesiredAccess |= WRITE_DAC;
357//SACL_SECURITY_INFORMATION
358 if(IrpSp->Parameters.SetSecurity.SecurityInformation & SACL_SECURITY_INFORMATION)
359 DesiredAccess |= ACCESS_SYSTEM_SECURITY;
360
361 _SEH2_TRY {
362 UDFConvertToSelfRelative(&(NtReqFcb->SecurityDesc));
363
364 KdDump(NtReqFcb->SecurityDesc, RtlLengthSecurityDescriptor(NtReqFcb->SecurityDesc));
365 UDFPrint(("\n"));
366
367 RC = SeSetSecurityDescriptorInfo(/*FileObject*/ NULL,
368 &(IrpSp->Parameters.SetSecurity.SecurityInformation),
369 IrpSp->Parameters.SetSecurity.SecurityDescriptor,
370 &(NtReqFcb->SecurityDesc),
371 NonPagedPool,
372 IoGetFileObjectGenericMapping() );
373
374 KdDump(NtReqFcb->SecurityDesc, RtlLengthSecurityDescriptor(NtReqFcb->SecurityDesc));
375
376 } _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER) {
377 RC = STATUS_INVALID_PARAMETER;
378 }
379 if(NT_SUCCESS(RC)) {
380 NtReqFcb->NtReqFCBFlags |= UDF_NTREQ_FCB_SD_MODIFIED;
381
382 UDFNotifyFullReportChange( Fcb->Vcb, Fcb->FileInfo,
383 FILE_NOTIFY_CHANGE_SECURITY,
384 FILE_ACTION_MODIFIED);
385 }
386
387try_exit: NOTHING;
388
389 } _SEH2_FINALLY {
390
391 // Release the FCB resources if acquired.
392 if (AcquiredFCB) {
393 UDF_CHECK_PAGING_IO_RESOURCE(NtReqFcb);
394 UDFReleaseResource(&(NtReqFcb->MainResource));
395 AcquiredFCB = FALSE;
396 }
397
398 if (PostRequest) {
399 // Perform appropriate post related processing here
400 RC = UDFPostRequest(PtrIrpContext, Irp);
401 } else
402 if(!AbnormalTermination()) {
403 Irp->IoStatus.Status = RC;
404 Irp->IoStatus.Information = 0;
405 // Free up the Irp Context
406 UDFReleaseIrpContext(PtrIrpContext);
407 // complete the IRP
408 IoCompleteRequest(Irp, IO_DISK_INCREMENT);
409 }
410
411 } // end of "__finally" processing
412
413 return(RC);
414} // ens UDFCommonSetSecurity()
415
416#endif //UDF_READ_ONLY_BUILD
417#endif //UDF_ENABLE_SECURITY
418
419NTSTATUS
420UDFReadSecurity(
421 IN PVCB Vcb,
422 IN PtrUDFFCB Fcb,
423 IN PSECURITY_DESCRIPTOR* SecurityDesc
424 )
425{
426#ifdef UDF_ENABLE_SECURITY
427 PUDF_FILE_INFO FileInfo = NULL;
428 PUDF_FILE_INFO SDirInfo = NULL;
429 PUDF_FILE_INFO AclInfo = NULL;
430 NTSTATUS RC;
431 ULONG NumberBytesRead;
432 PERESOURCE Res1 = NULL;
433
434 UDFPrint(("UDFReadSecurity\n"));
435
436 _SEH2_TRY {
437
438 FileInfo = Fcb->FileInfo;
439 ASSERT(FileInfo);
440 if(!FileInfo) {
441 UDFPrint((" Volume Security\n"));
442 try_return(RC = STATUS_NO_SECURITY_ON_OBJECT);
443 }
444 if(Vcb->VCBFlags & UDF_VCB_FLAGS_RAW_DISK) {
445 UDFPrint((" No Security on blank volume\n"));
446 try_return(RC = STATUS_NO_SECURITY_ON_OBJECT);
447 }
448
449 // Open Stream Directory
450 RC = UDFOpenStreamDir__(Vcb, FileInfo, &SDirInfo);
451
452 if(RC == STATUS_NOT_FOUND)
453 try_return(RC = STATUS_NO_SECURITY_ON_OBJECT);
454 if(!NT_SUCCESS(RC)) {
455 if(UDFCleanUpFile__(Vcb, SDirInfo)) {
456 if(SDirInfo) MyFreePool__(SDirInfo);
457 }
458 SDirInfo = NULL;
459 try_return(RC);
460 }
461 // Acquire SDir exclusively if Fcb present
462 if(SDirInfo->Fcb) {
463 BrutePoint();
464 UDF_CHECK_PAGING_IO_RESOURCE(SDirInfo->Fcb->NTRequiredFCB);
465 UDFAcquireResourceExclusive(Res1 = &(SDirInfo->Fcb->NTRequiredFCB->MainResource),TRUE);
466 }
467
468 // Open Acl Stream
469 RC = UDFOpenFile__(Vcb,
470 FALSE,TRUE,&(UDFGlobalData.AclName),
471 SDirInfo,&AclInfo,NULL);
472 if(RC == STATUS_OBJECT_NAME_NOT_FOUND)
473 try_return(RC = STATUS_NO_SECURITY_ON_OBJECT);
474 if(!NT_SUCCESS(RC)) {
475 if(UDFCleanUpFile__(Vcb, AclInfo)) {
476 if(AclInfo) MyFreePool__(AclInfo);
477 }
478 AclInfo = NULL;
479 try_return(RC);
480 }
481
482 NumberBytesRead = (ULONG)UDFGetFileSize(AclInfo);
483 (*SecurityDesc) = DbgAllocatePool(NonPagedPool, NumberBytesRead);
484 if(!(*SecurityDesc))
485 try_return(RC = STATUS_INSUFFICIENT_RESOURCES);
486 RC = UDFReadFile__(Vcb, AclInfo, 0, NumberBytesRead,
487 FALSE, (PCHAR)(*SecurityDesc), &NumberBytesRead);
488 if(!NT_SUCCESS(RC))
489 try_return(RC);
490
491 RC = RtlValidSecurityDescriptor(*SecurityDesc);
492
493try_exit: NOTHING;
494
495 } _SEH2_FINALLY {
496
497 if(AclInfo) {
498 UDFCloseFile__(Vcb, AclInfo);
499 if(UDFCleanUpFile__(Vcb, AclInfo))
500 MyFreePool__(AclInfo);
501 }
502
503 if(SDirInfo) {
504 UDFCloseFile__(Vcb, SDirInfo);
505 if(UDFCleanUpFile__(Vcb, SDirInfo))
506 MyFreePool__(SDirInfo);
507 }
508
509 if(!NT_SUCCESS(RC) && (*SecurityDesc)) {
510 DbgFreePool(*SecurityDesc);
511 (*SecurityDesc) = NULL;
512 }
513 if(Res1)
514 UDFReleaseResource(Res1);
515 }
516
517 return RC;
518#else
519 return STATUS_NO_SECURITY_ON_OBJECT;
520#endif //UDF_ENABLE_SECURITY
521
522} // end UDFReadSecurity()
523
524#ifdef UDF_ENABLE_SECURITY
525NTSTATUS
526UDFConvertToSelfRelative(
527 IN OUT PSECURITY_DESCRIPTOR* SecurityDesc
528 )
529{
530 NTSTATUS RC;
531 SECURITY_INFORMATION SecurityInformation;
532 PSECURITY_DESCRIPTOR NewSD;
533 ULONG Len;
534
535 UDFPrint((" UDFConvertToSelfRelative\n"));
536
537 if(!(*SecurityDesc))
538 return STATUS_NO_SECURITY_ON_OBJECT;
539
540 SecurityInformation = FULL_SECURITY_INFORMATION;
541 Len = RtlLengthSecurityDescriptor(*SecurityDesc);
542 ASSERT(Len <= 1024);
543 NewSD = (PSECURITY_DESCRIPTOR)DbgAllocatePool(NonPagedPool, Len);
544 if(!NewSD)
545 return STATUS_INSUFFICIENT_RESOURCES;
546 _SEH2_TRY {
547 RC = SeQuerySecurityDescriptorInfo(&SecurityInformation, NewSD, &Len, SecurityDesc);
548 } _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER) {
549 RC = STATUS_INSUFFICIENT_RESOURCES;
550 }
551
552 if(NT_SUCCESS(RC)) {
553 DbgFreePool(*SecurityDesc);
554 *SecurityDesc = NewSD;
555 } else {
556 DbgFreePool(NewSD);
557 }
558 return RC;
559} // end UDFConvertToSelfRelative()
560
561NTSTATUS
562UDFInheritAcl(
563 IN PVCB Vcb,
564 IN PSECURITY_DESCRIPTOR* ParentSecurityDesc,
565 IN OUT PSECURITY_DESCRIPTOR* SecurityDesc
566 )
567{
568 NTSTATUS RC;
569 SECURITY_INFORMATION SecurityInformation;
570 ULONG Len;
571
572 UDFPrint((" UDFInheritAcl\n"));
573
574 if(!(*ParentSecurityDesc)) {
575 *SecurityDesc = NULL;
576 return STATUS_SUCCESS;
577 }
578
579 SecurityInformation = FULL_SECURITY_INFORMATION;
580 Len = RtlLengthSecurityDescriptor(*ParentSecurityDesc);
581 *SecurityDesc = (PSECURITY_DESCRIPTOR)DbgAllocatePool(NonPagedPool, Len);
582 if(!(*SecurityDesc))
583 return STATUS_INSUFFICIENT_RESOURCES;
584 _SEH2_TRY {
585 RC = SeQuerySecurityDescriptorInfo(&SecurityInformation, *SecurityDesc, &Len, ParentSecurityDesc);
586 } _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER) {
587 RC = STATUS_INSUFFICIENT_RESOURCES;
588 }
589
590 if(!NT_SUCCESS(RC)) {
591 DbgFreePool(*SecurityDesc);
592 *SecurityDesc = NULL;
593 }
594 return RC;
595} // end UDFInheritAcl()
596
597NTSTATUS
598UDFBuildEmptyAcl(
599 IN PVCB Vcb,
600 IN PSECURITY_DESCRIPTOR* SecurityDesc
601 )
602{
603 NTSTATUS RC;
604 ULONG Len = 2 * (sizeof(ACL) + sizeof(ACCESS_ALLOWED_ACE) + sizeof(ULONG)*4 /*RtlLengthSid(SeExports->SeWorldSid)*/);
605
606 UDFPrint((" UDFBuildEmptyAcl\n"));
607 // Create Security Descriptor
608 (*SecurityDesc) = (PSECURITY_DESCRIPTOR)DbgAllocatePool(NonPagedPool,
609 sizeof(SECURITY_DESCRIPTOR) + Len);
610 if(!(*SecurityDesc))
611 return STATUS_INSUFFICIENT_RESOURCES;
612
613 RC = RtlCreateSecurityDescriptor(*SecurityDesc, SECURITY_DESCRIPTOR_REVISION);
614
615 if(!NT_SUCCESS(RC)) {
616 DbgFreePool(*SecurityDesc);
617 *((PULONG)SecurityDesc) = NULL;
618 }
619 return RC;
620} // end UDFBuildEmptyAcl()
621
622NTSTATUS
623UDFBuildFullControlAcl(
624 IN PVCB Vcb,
625 IN PSECURITY_DESCRIPTOR* SecurityDesc
626 )
627{
628 NTSTATUS RC;
629 PACL Acl;
630 ULONG Len = sizeof(ACL) + 2*(sizeof(ACCESS_ALLOWED_ACE) + sizeof(ULONG)*4 /*- sizeof(ULONG)*/ /*+ RtlLengthSid(SeExports->SeWorldSid)*/);
631
632 UDFPrint((" UDFBuildFullControlAcl\n"));
633 // Create Security Descriptor
634 RC = UDFBuildEmptyAcl(Vcb, SecurityDesc);
635 if(!NT_SUCCESS(RC))
636 return RC;
637
638 // Set Owner
639 RC = RtlSetOwnerSecurityDescriptor(*SecurityDesc, SeExports->SeWorldSid, FALSE);
640 if(!NT_SUCCESS(RC)) {
641 DbgFreePool(*SecurityDesc);
642 *((PULONG)SecurityDesc) = NULL;
643 return RC;
644 }
645
646 // Set Group
647 RC = RtlSetGroupSecurityDescriptor(*SecurityDesc, SeExports->SeWorldSid, FALSE);
648 if(!NT_SUCCESS(RC)) {
649 DbgFreePool(*SecurityDesc);
650 *((PULONG)SecurityDesc) = NULL;
651 return RC;
652 }
653
654 // Create empty Acl
655 Acl = (PACL)DbgAllocatePool(NonPagedPool, Len);
656 if(!Acl) {
657 DbgFreePool(*SecurityDesc);
658 *((PULONG)SecurityDesc) = NULL;
659 return RC;
660 }
661 RtlZeroMemory(Acl, Len);
662
663 RC = RtlCreateAcl(Acl, Len, ACL_REVISION);
664 if(!NT_SUCCESS(RC)) {
665 DbgFreePool(Acl);
666 DbgFreePool(*SecurityDesc);
667 *((PULONG)SecurityDesc) = NULL;
668 return RC;
669 }
670
671 // Add (All)(All) access for Everyone
672/* RC = RtlAddAccessAllowedAce(Acl, ACL_REVISION,
673 GENERIC_ALL,
674 SeExports->SeWorldSid);*/
675
676 RC = RtlAddAccessAllowedAce(Acl, ACL_REVISION,
677 FILE_ALL_ACCESS,
678 SeExports->SeWorldSid);
679
680 if(!NT_SUCCESS(RC)) {
681 DbgFreePool(Acl);
682 DbgFreePool(*SecurityDesc);
683 *((PULONG)SecurityDesc) = NULL;
684 return RC;
685 }
686
687 // Add Acl to Security Descriptor
688 RC = RtlSetDaclSecurityDescriptor(*SecurityDesc, TRUE, Acl, FALSE);
689 if(!NT_SUCCESS(RC)) {
690 DbgFreePool(Acl);
691 DbgFreePool(*SecurityDesc);
692 *((PULONG)SecurityDesc) = NULL;
693 return RC;
694 }
695
696 RC = UDFConvertToSelfRelative(SecurityDesc);
697
698 DbgFreePool(Acl);
699
700 return RC;
701} // end UDFBuildFullControlAcl()
702
703#endif // UDF_ENABLE_SECURITY
704
705NTSTATUS
706UDFAssignAcl(
707 IN PVCB Vcb,
708 IN PFILE_OBJECT FileObject, // OPTIONAL
709 IN PtrUDFFCB Fcb,
710 IN PtrUDFNTRequiredFCB NtReqFcb
711 )
712{
713 NTSTATUS RC = STATUS_SUCCESS;
714#ifdef UDF_ENABLE_SECURITY
715// SECURITY_INFORMATION SecurityInformation;
716
717// UDFPrint((" UDFAssignAcl\n"));
718 if(!NtReqFcb->SecurityDesc) {
719
720 PSECURITY_DESCRIPTOR ExplicitSecurity = NULL;
721
722 if(UDFIsAStreamDir(Fcb->FileInfo) || UDFIsAStream(Fcb->FileInfo)) {
723 // Stream/SDir security
724 NtReqFcb->SecurityDesc = Fcb->FileInfo->ParentFile->Dloc->CommonFcb->SecurityDesc;
725 return STATUS_SUCCESS;
726 } else
727 if(!Fcb->FileInfo) {
728 // Volume security
729 if(Vcb->RootDirFCB &&
730 Vcb->RootDirFCB->FileInfo &&
731 Vcb->RootDirFCB->FileInfo->Dloc &&
732 Vcb->RootDirFCB->FileInfo->Dloc->CommonFcb) {
733 RC = UDFInheritAcl(Vcb, &(Vcb->RootDirFCB->FileInfo->Dloc->CommonFcb->SecurityDesc), &ExplicitSecurity);
734 } else {
735 NtReqFcb->SecurityDesc = NULL;
736 RC = STATUS_NO_SECURITY_ON_OBJECT;
737 }
738 return RC;
739 }
740
741 RC = UDFReadSecurity(Vcb, Fcb, &ExplicitSecurity);
742 if(RC == STATUS_NO_SECURITY_ON_OBJECT) {
743 if(!Fcb->FileInfo->ParentFile) {
744 RC = UDFBuildFullControlAcl(Vcb, &ExplicitSecurity);
745 } else {
746 RC = UDFInheritAcl(Vcb, &(Fcb->FileInfo->ParentFile->Dloc->CommonFcb->SecurityDesc), &ExplicitSecurity);
747 }
748/* if(NT_SUCCESS(RC)) {
749 NtReqFcb->NtReqFCBFlags |= UDF_NTREQ_FCB_SD_MODIFIED;
750 }*/
751 }
752 if(NT_SUCCESS(RC)) {
753
754// SecurityInformation = FULL_SECURITY_INFORMATION;
755 NtReqFcb->SecurityDesc = ExplicitSecurity;
756
757/* RC = SeSetSecurityDescriptorInfo(FileObject,
758 &SecurityInformation,
759 ExplicitSecurity,
760 &(NtReqFcb->SecurityDesc),
761 NonPagedPool,
762 IoGetFileObjectGenericMapping() );*/
763
764 }
765 }
766#endif //UDF_ENABLE_SECURITY
767 return RC;
768} // end UDFAssignAcl()
769
770
771VOID
772UDFDeassignAcl(
773 IN PtrUDFNTRequiredFCB NtReqFcb,
774 IN BOOLEAN AutoInherited
775 )
776{
777#ifdef UDF_ENABLE_SECURITY
778// NTSTATUS RC = STATUS_SUCCESS;
779
780// UDFPrint((" UDFDeassignAcl\n"));
781 if(!NtReqFcb->SecurityDesc)
782 return;
783
784 if(AutoInherited) {
785 NtReqFcb->SecurityDesc = NULL;
786 return;
787 }
788
789 SeDeassignSecurity(&(NtReqFcb->SecurityDesc));
790 NtReqFcb->SecurityDesc = NULL; // HA BCRK CLU4
791#endif //UDF_ENABLE_SECURITY
792 return;
793} // end UDFDeassignAcl()
794
795NTSTATUS
796UDFWriteSecurity(
797 IN PVCB Vcb,
798 IN PtrUDFFCB Fcb,
799 IN PSECURITY_DESCRIPTOR* SecurityDesc
800 )
801{
802#ifdef UDF_ENABLE_SECURITY
803 PUDF_FILE_INFO FileInfo = NULL;
804 PUDF_FILE_INFO SDirInfo = NULL;
805 PUDF_FILE_INFO AclInfo = NULL;
806 PERESOURCE Res1 = NULL;
807 NTSTATUS RC;
808 ULONG NumberBytesRead;
809
810// UDFPrint(("UDFWriteSecurity\n"));
811
812#if !defined(UDF_READ_ONLY_BUILD)
813
814 if(!Vcb->WriteSecurity ||
815 (Vcb->VCBFlags & (UDF_VCB_FLAGS_VOLUME_READ_ONLY |
816 UDF_VCB_FLAGS_MEDIA_READ_ONLY)))
817
818#endif
819
820 return STATUS_SUCCESS;
821
822#if !defined(UDF_READ_ONLY_BUILD)
823
824 _SEH2_TRY {
825
826 FileInfo = Fcb->FileInfo;
827 ASSERT(FileInfo);
828 if(!FileInfo) {
829 UDFPrint((" Volume Security\n"));
830 try_return(RC = STATUS_SUCCESS);
831 }
832
833 if(!(Fcb->NTRequiredFCB->NtReqFCBFlags & UDF_NTREQ_FCB_SD_MODIFIED))
834 try_return(RC = STATUS_SUCCESS);
835
836 // Open Stream Directory
837 RC = UDFOpenStreamDir__(Vcb, FileInfo, &SDirInfo);
838
839 if(RC == STATUS_NOT_FOUND) {
840 RC = UDFCreateStreamDir__(Vcb, FileInfo, &SDirInfo);
841 }
842 if(!NT_SUCCESS(RC)) {
843 if(UDFCleanUpFile__(Vcb, SDirInfo)) {
844 if(SDirInfo) MyFreePool__(SDirInfo);
845 }
846 SDirInfo = NULL;
847 try_return(RC);
848 }
849 // Acquire SDir exclusively if Fcb present
850 if(SDirInfo->Fcb) {
851 BrutePoint();
852 UDF_CHECK_PAGING_IO_RESOURCE(SDirInfo->Fcb->NTRequiredFCB);
853 UDFAcquireResourceExclusive(Res1 = &(SDirInfo->Fcb->NTRequiredFCB->MainResource),TRUE);
854 }
855
856 // Open Acl Stream
857 RC = UDFOpenFile__(Vcb,
858 FALSE,TRUE,&(UDFGlobalData.AclName),
859 SDirInfo,&AclInfo,NULL);
860 if(RC == STATUS_OBJECT_NAME_NOT_FOUND) {
861 RC = UDFCreateFile__(Vcb, FALSE, &(UDFGlobalData.AclName),
862 0, 0, FALSE, FALSE, SDirInfo, &AclInfo);
863 }
864 if(!NT_SUCCESS(RC)) {
865 if(UDFCleanUpFile__(Vcb, AclInfo)) {
866 if(AclInfo) MyFreePool__(AclInfo);
867 }
868 AclInfo = NULL;
869 try_return(RC);
870 }
871
872 if(!(*SecurityDesc)) {
873 UDFFlushFile__(Vcb, AclInfo);
874 RC = UDFUnlinkFile__(Vcb, AclInfo, TRUE);
875 try_return(RC);
876 }
877 NumberBytesRead = RtlLengthSecurityDescriptor(*SecurityDesc);
878
879 RC = UDFWriteFile__(Vcb, AclInfo, 0, NumberBytesRead,
880 FALSE, (PCHAR)(*SecurityDesc), &NumberBytesRead);
881 if(!NT_SUCCESS(RC))
882 try_return(RC);
883
884 Fcb->NTRequiredFCB->NtReqFCBFlags &= ~UDF_NTREQ_FCB_SD_MODIFIED;
885
886try_exit: NOTHING;
887
888 } _SEH2_FINALLY {
889
890 if(AclInfo) {
891 UDFCloseFile__(Vcb, AclInfo);
892 if(UDFCleanUpFile__(Vcb, AclInfo))
893 MyFreePool__(AclInfo);
894 }
895
896 if(SDirInfo) {
897 UDFCloseFile__(Vcb, SDirInfo);
898 if(UDFCleanUpFile__(Vcb, SDirInfo))
899 MyFreePool__(SDirInfo);
900 }
901 if(Res1)
902 UDFReleaseResource(Res1);
903 }
904
905 return RC;
906
907#endif
908#endif //UDF_ENABLE_SECURITY
909
910 return STATUS_SUCCESS;
911
912} // end UDFWriteSecurity()
913
914PSECURITY_DESCRIPTOR
915UDFLookUpAcl(
916 IN PVCB Vcb,
917 PFILE_OBJECT FileObject, // OPTIONAL
918 IN PtrUDFFCB Fcb
919 )
920{
921 UDFAssignAcl(Vcb, FileObject, Fcb, Fcb->NTRequiredFCB);
922 return (Fcb->NTRequiredFCB->SecurityDesc);
923} // end UDFLookUpAcl()
924
925
926NTSTATUS
927UDFCheckAccessRights(
928 PFILE_OBJECT FileObject, // OPTIONAL
929 PACCESS_STATE AccessState,
930 PtrUDFFCB Fcb,
931 PtrUDFCCB Ccb, // OPTIONAL
932 ACCESS_MASK DesiredAccess,
933 USHORT ShareAccess
934 )
935{
936 NTSTATUS RC;
937 BOOLEAN ROCheck = FALSE;
938#ifdef UDF_ENABLE_SECURITY
939 BOOLEAN SecurityCheck;
940 PSECURITY_DESCRIPTOR SecDesc;
941 SECURITY_SUBJECT_CONTEXT SubjectContext;
942 ACCESS_MASK LocalAccessMask;
943#endif //UDF_ENABLE_SECURITY
944
945 // Check attr compatibility
946 ASSERT(Fcb);
947 ASSERT(Fcb->Vcb);
948#ifdef UDF_READ_ONLY_BUILD
949 goto treat_as_ro;
950#endif //UDF_READ_ONLY_BUILD
951
952 if(Fcb->FCBFlags & UDF_FCB_READ_ONLY) {
953 ROCheck = TRUE;
954 } else
955 if((Fcb->Vcb->origIntegrityType == INTEGRITY_TYPE_OPEN) &&
956 Ccb && !(Ccb->CCBFlags & UDF_CCB_VOLUME_OPEN) &&
957 (Fcb->Vcb->CompatFlags & UDF_VCB_IC_DIRTY_RO)) {
958 AdPrint(("force R/O on dirty\n"));
959 ROCheck = TRUE;
960 }
961 if(ROCheck) {
962#ifdef UDF_READ_ONLY_BUILD
963treat_as_ro:
964#endif //UDF_READ_ONLY_BUILD
965 ACCESS_MASK DesiredAccessMask = 0;
966
967 if(Fcb->Vcb->CompatFlags & UDF_VCB_IC_WRITE_IN_RO_DIR) {
968 if(Fcb->FCBFlags & UDF_FCB_DIRECTORY) {
969 DesiredAccessMask = (FILE_WRITE_EA |
970 DELETE);
971 } else {
972 DesiredAccessMask = (FILE_WRITE_DATA |
973 FILE_APPEND_DATA |
974 FILE_WRITE_EA |
975 DELETE);
976 }
977 } else {
978 DesiredAccessMask = (FILE_WRITE_DATA |
979 FILE_APPEND_DATA |
980 FILE_WRITE_EA |
981 FILE_DELETE_CHILD |
982 FILE_ADD_SUBDIRECTORY |
983 FILE_ADD_FILE |
984 DELETE);
985 }
986 if(DesiredAccess & DesiredAccessMask)
987 return STATUS_ACCESS_DENIED;
988 }
989#ifdef UDF_ENABLE_SECURITY
990 // Check Security
991 // NOTE: we should not perform security check if an empty DesiredAccess
992 // was specified. AFAIU, SeAccessCheck() will return FALSE in this case.
993 SecDesc = UDFLookUpAcl(Fcb->Vcb, FileObject, Fcb);
994 if(SecDesc && DesiredAccess) {
995 SeCaptureSubjectContext(&SubjectContext);
996 SecurityCheck =
997 SeAccessCheck(SecDesc,
998 &SubjectContext,
999 FALSE,
1000 DesiredAccess,
1001 Ccb ? Ccb->PreviouslyGrantedAccess : 0,
1002 NULL,
1003 IoGetFileObjectGenericMapping(),
1004 UserMode,
1005 Ccb ? &(Ccb->PreviouslyGrantedAccess) : &LocalAccessMask,
1006 &RC);
1007 SeReleaseSubjectContext(&SubjectContext);
1008
1009 if(!SecurityCheck) {
1010 return RC;
1011 } else
1012#endif //UDF_ENABLE_SECURITY
1013 if(DesiredAccess & ACCESS_SYSTEM_SECURITY) {
1014 if (!SeSinglePrivilegeCheck(SeExports->SeSecurityPrivilege, UserMode))
1015 return STATUS_ACCESS_DENIED;
1016 Ccb->PreviouslyGrantedAccess |= ACCESS_SYSTEM_SECURITY;
1017 }
1018#ifdef UDF_ENABLE_SECURITY
1019 }
1020#endif //UDF_ENABLE_SECURITY
1021 if(FileObject) {
1022 if (Fcb->OpenHandleCount) {
1023 // The FCB is currently in use by some thread.
1024 // We must check whether the requested access/share access
1025 // conflicts with the existing open operations.
1026 RC = IoCheckShareAccess(DesiredAccess, ShareAccess, FileObject,
1027 &(Fcb->NTRequiredFCB->FCBShareAccess), TRUE);
1028#ifndef UDF_ENABLE_SECURITY
1029 if(Ccb)
1030 Ccb->PreviouslyGrantedAccess |= DesiredAccess;
1031 IoUpdateShareAccess(FileObject, &(Fcb->NTRequiredFCB->FCBShareAccess));
1032#endif //UDF_ENABLE_SECURITY
1033 } else {
1034 IoSetShareAccess(DesiredAccess, ShareAccess, FileObject, &(Fcb->NTRequiredFCB->FCBShareAccess));
1035#ifndef UDF_ENABLE_SECURITY
1036 if(Ccb)
1037 Ccb->PreviouslyGrantedAccess = DesiredAccess;
1038#endif //UDF_ENABLE_SECURITY
1039 RC = STATUS_SUCCESS;
1040 }
1041 } else {
1042 // we get here if given file was opened for internal purposes
1043 RC = STATUS_SUCCESS;
1044 }
1045 return RC;
1046} // end UDFCheckAccessRights()
1047
1048NTSTATUS
1049UDFSetAccessRights(
1050 PFILE_OBJECT FileObject,
1051 PACCESS_STATE AccessState,
1052 PtrUDFFCB Fcb,
1053 PtrUDFCCB Ccb,
1054 ACCESS_MASK DesiredAccess,
1055 USHORT ShareAccess
1056 )
1057{
1058#ifndef UDF_ENABLE_SECURITY
1059 ASSERT(Ccb);
1060 ASSERT(Fcb->FileInfo);
1061
1062 return UDFCheckAccessRights(FileObject, AccessState, Fcb, Ccb, DesiredAccess, ShareAccess);
1063
1064#else //UDF_ENABLE_SECURITY
1065
1066 NTSTATUS RC;
1067 // Set Security on Object
1068 PSECURITY_DESCRIPTOR SecDesc;
1069 SECURITY_SUBJECT_CONTEXT SubjectContext;
1070 BOOLEAN AutoInherit;
1071
1072 ASSERT(Ccb);
1073 ASSERT(Fcb->FileInfo);
1074
1075 SecDesc = UDFLookUpAcl(Fcb->Vcb, FileObject, Fcb);
1076 AutoInherit = UDFIsAStreamDir(Fcb->FileInfo) || UDFIsAStream(Fcb->FileInfo);
1077
1078 if(SecDesc && !AutoInherit) {
1079 // Get caller's User/Primary Group info
1080 SeCaptureSubjectContext(&SubjectContext);
1081 RC = SeAssignSecurity(
1082 Fcb->FileInfo->ParentFile->Dloc->CommonFcb->SecurityDesc,
1083// NULL,
1084 AccessState->SecurityDescriptor,
1085 &(Fcb->NTRequiredFCB->SecurityDesc),
1086 UDFIsADirectory(Fcb->FileInfo),
1087 &SubjectContext,
1088 IoGetFileObjectGenericMapping(),
1089 NonPagedPool);
1090 SeReleaseSubjectContext(&SubjectContext);
1091 UDFConvertToSelfRelative(&(Fcb->NTRequiredFCB->SecurityDesc));
1092
1093 if(!NT_SUCCESS(RC)) {
1094Clean_Up_SD:
1095 UDFDeassignAcl(Fcb->NTRequiredFCB, AutoInherit);
1096 return RC;
1097 }
1098 }
1099
1100 RC = UDFCheckAccessRights(FileObject, AccessState, Fcb, Ccb, DesiredAccess, ShareAccess);
1101 if(!NT_SUCCESS(RC))
1102 goto Clean_Up_SD;
1103 return RC;
1104
1105#endif //UDF_ENABLE_SECURITY
1106
1107} // end UDFSetAccessRights()
1108
BOOLEAN
unsigned char BOOLEAN
Definition: ProcessorBind.h:185
SeAccessCheck
BOOLEAN NTAPI SeAccessCheck(_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext, _In_ BOOLEAN SubjectContextLocked, _In_ ACCESS_MASK DesiredAccess, _In_ ACCESS_MASK PreviouslyGrantedAccess, _Out_ PPRIVILEGE_SET *Privileges, _In_ PGENERIC_MAPPING GenericMapping, _In_ KPROCESSOR_MODE AccessMode, _Out_ PACCESS_MASK GrantedAccess, _Out_ PNTSTATUS AccessStatus)
Determines whether security access rights can be given to an object depending on the security descrip...
Definition: accesschk.c:1994
NTSTATUS
LONG NTSTATUS
Definition: precomp.h:26
Fcb
_In_ PFCB Fcb
Definition: cdprocs.h:159
Ccb
_Inout_ PFILE_OBJECT _In_ TYPE_OF_OPEN PFCB _In_opt_ PCCB Ccb
Definition: cdprocs.h:592
try_return
#define try_return(S)
Definition: cdprocs.h:2179
Irp
_In_ PIRP Irp
Definition: csq.h:116
Len
#define Len
Definition: deflate.h:82
NULL
#define NULL
Definition: types.h:112
TRUE
#define TRUE
Definition: types.h:120
FALSE
#define FALSE
Definition: types.h:117
NT_SUCCESS
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
IrpSp
_In_ PIO_STACK_LOCATION IrpSp
Definition: create.c:4137
ShareAccess
_In_ PIO_STACK_LOCATION _Inout_ PFILE_OBJECT _Inout_ PVCB _Outptr_result_maybenull_ PDCB _In_ PDCB _In_ PDIRENT _In_ ULONG _In_ ULONG _In_ PUNICODE_STRING _In_ PACCESS_MASK _In_ USHORT ShareAccess
Definition: create.c:4147
UDFExceptionHandler
NTSTATUS UDFExceptionHandler(PtrUDFIrpContext PtrIrpContext, PIRP Irp)
Definition: misc.cpp:358
UDFIsIrpTopLevel
BOOLEAN __fastcall UDFIsIrpTopLevel(PIRP Irp)
Definition: misc.cpp:228
UDFLogEvent
VOID UDFLogEvent(NTSTATUS UDFEventLogId, NTSTATUS RC)
Definition: misc.cpp:575
UDFPostRequest
NTSTATUS UDFPostRequest(IN PtrUDFIrpContext PtrIrpContext, IN PIRP Irp)
Definition: misc.cpp:1128
UDFAllocateIrpContext
PtrUDFIrpContext UDFAllocateIrpContext(PIRP Irp, PDEVICE_OBJECT PtrTargetDeviceObject)
Definition: misc.cpp:985
UDFReleaseIrpContext
VOID UDFReleaseIrpContext(PtrUDFIrpContext PtrIrpContext)
Definition: misc.cpp:1086
UDFExceptionFilter
long UDFExceptionFilter(PtrUDFIrpContext PtrIrpContext, PEXCEPTION_POINTERS PtrExceptionPointers)
Definition: misc.cpp:265
INTEGRITY_TYPE_OPEN
#define INTEGRITY_TYPE_OPEN
Definition: ecma_167.h:357
UDFNotifyFullReportChange
__inline VOID UDFNotifyFullReportChange(PVCB V, PUDF_FILE_INFO FI, ULONG E, ULONG A)
Definition: env_spec.h:99
UDFReleaseResource
#define UDFReleaseResource(Resource)
Definition: env_spec_w32.h:661
KdDump
#define KdDump(a, b)
Definition: env_spec_w32.h:312
UDFAcquireResourceExclusive
#define UDFAcquireResourceExclusive(Resource, CanWait)
Definition: env_spec_w32.h:656
DbgFreePool
#define DbgFreePool
Definition: env_spec_w32.h:334
DbgAllocatePool
#define DbgAllocatePool
Definition: env_spec_w32.h:332
PERESOURCE
ERESOURCE * PERESOURCE
Definition: env_spec_w32.h:595
NonPagedPool
#define NonPagedPool
Definition: env_spec_w32.h:307
BrutePoint
#define BrutePoint()
Definition: env_spec_w32.h:504
AdPrint
#define AdPrint(_x_)
Definition: env_spec_w32.h:292
UDF_ERROR_INTERNAL_ERROR
#define UDF_ERROR_INTERNAL_ERROR
Definition: errmsg.h:71
NtReqFcb
#define NtReqFcb
_SEH2_FINALLY
#define _SEH2_FINALLY
Definition: filesup.c:21
_SEH2_TRY
#define _SEH2_TRY
Definition: filesup.c:19
SecurityInformation
_Must_inspect_result_ _In_ PFILE_OBJECT _In_ SECURITY_INFORMATION SecurityInformation
Definition: fltkernel.h:1340
SubjectContext
_Inout_ PLIST_ENTRY _In_ PVOID _In_ PSTRING _In_ BOOLEAN _In_ BOOLEAN _In_ ULONG _In_ PFLT_CALLBACK_DATA _In_opt_ PCHECK_FOR_TRAVERSE_ACCESS _In_opt_ PSECURITY_SUBJECT_CONTEXT SubjectContext
Definition: fltkernel.h:2246
FsRtlEnterFileSystem
#define FsRtlEnterFileSystem
FsRtlExitFileSystem
#define FsRtlExitFileSystem
EXCEPTION_EXECUTE_HANDLER
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:85
RtlLengthSecurityDescriptor
NTSYSAPI ULONG WINAPI RtlLengthSecurityDescriptor(PSECURITY_DESCRIPTOR)
RtlAddAccessAllowedAce
NTSYSAPI NTSTATUS WINAPI RtlAddAccessAllowedAce(PACL, DWORD, DWORD, PSID)
RtlSetOwnerSecurityDescriptor
NTSYSAPI NTSTATUS WINAPI RtlSetOwnerSecurityDescriptor(PSECURITY_DESCRIPTOR, PSID, BOOLEAN)
RtlSetDaclSecurityDescriptor
NTSYSAPI NTSTATUS WINAPI RtlSetDaclSecurityDescriptor(PSECURITY_DESCRIPTOR, BOOLEAN, PACL, BOOLEAN)
NOTHING
#define NOTHING
Definition: input_list.c:10
MyFreePool__
#define MyFreePool__(addr)
Definition: mem_tools.h:152
ASSERT
#define ASSERT(a)
Definition: mode.c:44
SECURITY_INFORMATION
DWORD SECURITY_INFORMATION
Definition: ms-dtyp.idl:311
PSECURITY_DESCRIPTOR
struct _SECURITY_DESCRIPTOR * PSECURITY_DESCRIPTOR
Definition: security.c:98
ACL
struct _ACL ACL
PACL
struct _ACL * PACL
Definition: security.c:105
UserMode
#define UserMode
Definition: asm.h:35
RtlCreateAcl
NTSYSAPI NTSTATUS NTAPI RtlCreateAcl(PACL Acl, ULONG AclSize, ULONG AclRevision)
RtlCreateSecurityDescriptor
NTSYSAPI NTSTATUS NTAPI RtlCreateSecurityDescriptor(_Out_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ ULONG Revision)
RtlValidSecurityDescriptor
NTSYSAPI BOOLEAN NTAPI RtlValidSecurityDescriptor(IN PSECURITY_DESCRIPTOR SecurityDescriptor)
Definition: sd.c:1054
FILE_WRITE_DATA
#define FILE_WRITE_DATA
Definition: nt_native.h:631
WRITE_DAC
#define WRITE_DAC
Definition: nt_native.h:59
ACCESS_MASK
ULONG ACCESS_MASK
Definition: nt_native.h:40
ACCESS_SYSTEM_SECURITY
#define ACCESS_SYSTEM_SECURITY
Definition: nt_native.h:77
FILE_DELETE_CHILD
#define FILE_DELETE_CHILD
Definition: nt_native.h:645
FILE_APPEND_DATA
#define FILE_APPEND_DATA
Definition: nt_native.h:634
DELETE
#define DELETE
Definition: nt_native.h:57
FILE_ALL_ACCESS
#define FILE_ALL_ACCESS
Definition: nt_native.h:651
WRITE_OWNER
#define WRITE_OWNER
Definition: nt_native.h:60
FILE_ADD_SUBDIRECTORY
#define FILE_ADD_SUBDIRECTORY
Definition: nt_native.h:635
FILE_ADD_FILE
#define FILE_ADD_FILE
Definition: nt_native.h:632
FILE_WRITE_EA
#define FILE_WRITE_EA
Definition: nt_native.h:640
RtlSetGroupSecurityDescriptor
NTSYSAPI NTSTATUS NTAPI RtlSetGroupSecurityDescriptor(IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor, IN PSID Group, IN BOOLEAN GroupDefaulted)
Definition: sd.c:410
FULL_SECURITY_INFORMATION
#define FULL_SECURITY_INFORMATION
Definition: ntifs_ex.h:118
IoSetShareAccess
VOID NTAPI IoSetShareAccess(IN ACCESS_MASK DesiredAccess, IN ULONG DesiredShareAccess, IN PFILE_OBJECT FileObject, OUT PSHARE_ACCESS ShareAccess)
Definition: file.c:3517
IoCheckShareAccess
NTSTATUS NTAPI IoCheckShareAccess(IN ACCESS_MASK DesiredAccess, IN ULONG DesiredShareAccess, IN PFILE_OBJECT FileObject, IN PSHARE_ACCESS ShareAccess, IN BOOLEAN Update)
Definition: file.c:3390
IoGetFileObjectGenericMapping
PGENERIC_MAPPING NTAPI IoGetFileObjectGenericMapping(VOID)
Definition: file.c:3267
IoUpdateShareAccess
VOID NTAPI IoUpdateShareAccess(IN PFILE_OBJECT FileObject, OUT PSHARE_ACCESS ShareAccess)
Definition: file.c:3351
IoCompleteRequest
#define IoCompleteRequest
Definition: irp.c:1240
IoSetTopLevelIrp
VOID NTAPI IoSetTopLevelIrp(IN PIRP Irp)
Definition: irp.c:2000
SeSinglePrivilegeCheck
BOOLEAN NTAPI SeSinglePrivilegeCheck(_In_ LUID PrivilegeValue, _In_ KPROCESSOR_MODE PreviousMode)
Checks if a single privilege is present in the context of the calling thread.
Definition: priv.c:744
STATUS_PENDING
#define STATUS_PENDING
Definition: ntstatus.h:82
STATUS_NOT_IMPLEMENTED
#define STATUS_NOT_IMPLEMENTED
Definition: ntstatus.h:239
STATUS_NO_SECURITY_ON_OBJECT
#define STATUS_NO_SECURITY_ON_OBJECT
Definition: ntstatus.h:451
USHORT
unsigned short USHORT
Definition: pedump.c:61
Vcb
#define Vcb
Definition: cdprocs.h:1415
UDFGetCallersBuffer
PVOID UDFGetCallersBuffer(PtrUDFIrpContext PtrIrpContext, PIRP Irp)
Definition: read.cpp:871
UDFSetSecurity
NTSTATUS UDFSetSecurity(PDEVICE_OBJECT DeviceObject, PIRP Irp)
UDFGetSecurity
NTSTATUS UDFGetSecurity(PDEVICE_OBJECT DeviceObject, PIRP Irp)
UDFCommonSetSecurity
NTSTATUS UDFCommonSetSecurity(PtrUDFIrpContext PtrIrpContext, PIRP Irp)
UDFCommonGetSecurity
NTSTATUS UDFCommonGetSecurity(PtrUDFIrpContext PtrIrpContext, PIRP Irp)
_SEH2_EXCEPT
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:34
UDFDeassignAcl
VOID UDFDeassignAcl(IN PtrUDFNTRequiredFCB NtReqFcb, IN BOOLEAN AutoInherited)
Definition: secursup.cpp:772
UDFReadSecurity
NTSTATUS UDFReadSecurity(IN PVCB Vcb, IN PtrUDFFCB Fcb, IN PSECURITY_DESCRIPTOR *SecurityDesc)
Definition: secursup.cpp:420
UDFWriteSecurity
NTSTATUS UDFWriteSecurity(IN PVCB Vcb, IN PtrUDFFCB Fcb, IN PSECURITY_DESCRIPTOR *SecurityDesc)
Definition: secursup.cpp:796
UDFSetAccessRights
NTSTATUS UDFSetAccessRights(PFILE_OBJECT FileObject, PACCESS_STATE AccessState, PtrUDFFCB Fcb, PtrUDFCCB Ccb, ACCESS_MASK DesiredAccess, USHORT ShareAccess)
Definition: secursup.cpp:1049
UDFCheckAccessRights
NTSTATUS UDFCheckAccessRights(PFILE_OBJECT FileObject, PACCESS_STATE AccessState, PtrUDFFCB Fcb, PtrUDFCCB Ccb, ACCESS_MASK DesiredAccess, USHORT ShareAccess)
Definition: secursup.cpp:927
UDFLookUpAcl
PSECURITY_DESCRIPTOR UDFLookUpAcl(IN PVCB Vcb, PFILE_OBJECT FileObject, IN PtrUDFFCB Fcb)
Definition: secursup.cpp:915
UDFAssignAcl
NTSTATUS UDFAssignAcl(IN PVCB Vcb, IN PFILE_OBJECT FileObject, IN PtrUDFFCB Fcb, IN PtrUDFNTRequiredFCB NtReqFcb)
Definition: secursup.cpp:706
AbnormalTermination
#define AbnormalTermination()
Definition: seh.h:28
GetExceptionInformation
#define GetExceptionInformation()
Definition: seh.h:26
SeExports
PSE_EXPORTS SeExports
Definition: semgr.c:21
STATUS_SUCCESS
#define STATUS_SUCCESS
Definition: shellext.h:65
STATUS_NOT_FOUND
#define STATUS_NOT_FOUND
Definition: shellext.h:72
STATUS_BUFFER_TOO_SMALL
#define STATUS_BUFFER_TOO_SMALL
Definition: shellext.h:69
UDF_FCB_READ_ONLY
#define UDF_FCB_READ_ONLY
Definition: struct.h:312
UDF_IRP_CONTEXT_CAN_BLOCK
#define UDF_IRP_CONTEXT_CAN_BLOCK
Definition: struct.h:385
UDF_CCB_VOLUME_OPEN
#define UDF_CCB_VOLUME_OPEN
Definition: struct.h:166
UDF_NTREQ_FCB_SD_MODIFIED
#define UDF_NTREQ_FCB_SD_MODIFIED
Definition: struct.h:233
PtrUDFCCB
struct _UDFContextControlBlock * PtrUDFCCB
UDF_FCB_DIRECTORY
#define UDF_FCB_DIRECTORY
Definition: struct.h:303
_ACCESS_ALLOWED_ACE
Definition: ms-dtyp.idl:215
_ACCESS_STATE
Definition: setypes.h:224
_ACL
Definition: ms-dtyp.idl:293
_DEVICE_OBJECT
Definition: env_spec_w32.h:413
_FCB::Vcb
PVCB Vcb
Definition: cdstruc.h:933
_FCB::OpenHandleCount
ULONG OpenHandleCount
Definition: ntfs.h:537
_FCB::Fcb
struct _FCB::@708::@711 Fcb
_IO_STACK_LOCATION
Definition: iotypes.h:3110
_IO_STACK_LOCATION::FileObject
PFILE_OBJECT FileObject
Definition: iotypes.h:3169
_IO_STACK_LOCATION::Parameters
struct _NAMED_PIPE_CREATE_PARAMETERS * Parameters
Definition: iotypes.h:3128
_IRP
Definition: Bus_PDO_QueryResourceRequirements.c:93
_SECURITY_DESCRIPTOR
Definition: ms-dtyp.idl:301
_SECURITY_SUBJECT_CONTEXT
Definition: setypes.h:217
_SE_EXPORTS::SeSecurityPrivilege
LUID SeSecurityPrivilege
Definition: setypes.h:1201
_SE_EXPORTS::SeWorldSid
PSID SeWorldSid
Definition: setypes.h:1219
_UDFContextControlBlock
Definition: struct.h:108
_UDFData::AclName
UNICODE_STRING AclName
Definition: udf_common.h:618
_UDFFileControlBlock
Definition: struct.h:251
_UDFIrpContext
Definition: struct.h:362
_UDFNTRequiredFCB
Definition: struct.h:202
_UDF_FILE_INFO
Definition: udf_rel.h:346
_UDF_FILE_INFO::Fcb
struct _UDFFileControlBlock * Fcb
Definition: udf_rel.h:362
_VCB
Definition: cdstruc.h:498
SeReleaseSubjectContext
VOID NTAPI SeReleaseSubjectContext(_In_ PSECURITY_SUBJECT_CONTEXT SubjectContext)
Releases both the primary and client tokens of a security subject context.
Definition: subject.c:171
SeCaptureSubjectContext
VOID NTAPI SeCaptureSubjectContext(_Out_ PSECURITY_SUBJECT_CONTEXT SubjectContext)
Captures the security subject context of the calling thread and calling process.
Definition: subject.c:85
PULONG
uint32_t * PULONG
Definition: typedefs.h:59
RtlZeroMemory
#define RtlZeroMemory(Destination, Length)
Definition: typedefs.h:262
IN
#define IN
Definition: typedefs.h:39
ULONG
uint32_t ULONG
Definition: typedefs.h:59
OUT
#define OUT
Definition: typedefs.h:40
PCHAR
char * PCHAR
Definition: typedefs.h:51
UDF_VCB_IC_DIRTY_RO
#define UDF_VCB_IC_DIRTY_RO
Definition: udf_common.h:516
UDF_VCB_FLAGS_VOLUME_READ_ONLY
#define UDF_VCB_FLAGS_VOLUME_READ_ONLY
Definition: udf_common.h:463
UDF_VCB_FLAGS_RAW_DISK
#define UDF_VCB_FLAGS_RAW_DISK
Definition: udf_common.h:476
UDF_VCB_FLAGS_MEDIA_READ_ONLY
#define UDF_VCB_FLAGS_MEDIA_READ_ONLY
Definition: udf_common.h:481
UDF_VCB_IC_WRITE_IN_RO_DIR
#define UDF_VCB_IC_WRITE_IN_RO_DIR
Definition: udf_common.h:499
UDFWriteFile__
OSSTATUS UDFWriteFile__(IN PVCB Vcb, IN PUDF_FILE_INFO FileInfo, IN int64 Offset, IN SIZE_T Length, IN BOOLEAN Direct, IN int8 *Buffer, OUT PSIZE_T WrittenBytes)
Definition: udf_info.cpp:1605
UDFGetFileSize
int64 UDFGetFileSize(IN PUDF_FILE_INFO FileInfo)
Definition: udf_info.cpp:1236
UDFCloseFile__
OSSTATUS UDFCloseFile__(IN PVCB Vcb, IN PUDF_FILE_INFO FileInfo)
Definition: udf_info.cpp:2994
UDFFlushFile__
OSSTATUS UDFFlushFile__(IN PVCB Vcb, IN PUDF_FILE_INFO FileInfo, IN ULONG FlushFlags)
Definition: udf_info.cpp:4119
UDFCleanUpFile__
uint32 UDFCleanUpFile__(IN PVCB Vcb, IN PUDF_FILE_INFO FileInfo)
Definition: udf_info.cpp:2276
UDFUnlinkFile__
OSSTATUS UDFUnlinkFile__(IN PVCB Vcb, IN PUDF_FILE_INFO FileInfo, IN BOOLEAN FreeSpace)
Definition: udf_info.cpp:1766
UDFOpenStreamDir__
OSSTATUS UDFOpenStreamDir__(IN PVCB Vcb, IN PUDF_FILE_INFO FileInfo, OUT PUDF_FILE_INFO *_SDirInfo)
Definition: udf_info.cpp:4965
UDFCreateFile__
OSSTATUS UDFCreateFile__(IN PVCB Vcb, IN BOOLEAN IgnoreCase, IN PUNICODE_STRING _fn, IN uint32 ExtAttrSz, IN uint32 ImpUseLen, IN BOOLEAN Extended, IN BOOLEAN CreateNew, IN OUT PUDF_FILE_INFO DirInfo, OUT PUDF_FILE_INFO *_FileInfo)
Definition: udf_info.cpp:2577
UDFCreateStreamDir__
OSSTATUS UDFCreateStreamDir__(IN PVCB Vcb, IN PUDF_FILE_INFO FileInfo, OUT PUDF_FILE_INFO *_SDirInfo)
Definition: udf_info.cpp:4888
UDFOpenFile__
OSSTATUS UDFOpenFile__(IN PVCB Vcb, IN BOOLEAN IgnoreCase, IN BOOLEAN NotDeleted, IN PUNICODE_STRING fn, IN PUDF_FILE_INFO DirInfo, OUT PUDF_FILE_INFO *_FileInfo, IN uint_di *IndexToOpen)
Definition: udf_info.cpp:2004
UDFIsAStreamDir
#define UDFIsAStreamDir(FI)
Definition: udf_info.h:998
UDFIsADirectory
#define UDFIsADirectory(FileInfo)
Definition: udf_info.h:792
UDFReadFile__
__inline OSSTATUS UDFReadFile__(IN PVCB Vcb, IN PUDF_FILE_INFO FileInfo, IN int64 Offset, IN SIZE_T Length, IN BOOLEAN Direct, OUT int8 *Buffer, OUT PSIZE_T ReadBytes)
Definition: udf_info.h:666
UDFIsAStream
#define UDFIsAStream(FI)
Definition: udf_info.h:1002
STATUS_ACCESS_DENIED
#define STATUS_ACCESS_DENIED
Definition: udferr_usr.h:145
STATUS_INVALID_PARAMETER
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135
STATUS_INVALID_USER_BUFFER
#define STATUS_INVALID_USER_BUFFER
Definition: udferr_usr.h:166
STATUS_INSUFFICIENT_RESOURCES
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
STATUS_OBJECT_NAME_NOT_FOUND
#define STATUS_OBJECT_NAME_NOT_FOUND
Definition: udferr_usr.h:149
UDFGlobalData
UDFData UDFGlobalData
Definition: udfinit.cpp:25
UDF_CHECK_PAGING_IO_RESOURCE
#define UDF_CHECK_PAGING_IO_RESOURCE(NTReqFCB)
Definition: udffs.h:262
UDFPrint
#define UDFPrint(Args)
Definition: udffs.h:225
DeviceObject
_In_ PDEVICE_OBJECT DeviceObject
Definition: wdfdevice.h:2055
DesiredAccess
_Must_inspect_result_ _In_ WDFDEVICE _In_ ULONG _In_ ACCESS_MASK DesiredAccess
Definition: wdfdevice.h:2658
FileObject
_In_ WDFREQUEST _In_ WDFFILEOBJECT FileObject
Definition: wdfdevice.h:550
BufferLength
_Must_inspect_result_ _In_ WDFDEVICE _In_ DEVICE_REGISTRY_PROPERTY _In_ ULONG BufferLength
Definition: wdfdevice.h:3771
IoGetCurrentIrpStackLocation
__drv_aliasesMem FORCEINLINE PIO_STACK_LOCATION IoGetCurrentIrpStackLocation(_In_ PIRP Irp)
Definition: iofuncs.h:2793
FILE_ACTION_MODIFIED
#define FILE_ACTION_MODIFIED
FILE_NOTIFY_CHANGE_SECURITY
#define FILE_NOTIFY_CHANGE_SECURITY
PFILE_OBJECT
* PFILE_OBJECT
Definition: iotypes.h:1998
IO_DISK_INCREMENT
#define IO_DISK_INCREMENT
Definition: iotypes.h:600
SeSetSecurityDescriptorInfo
NTKERNELAPI NTSTATUS NTAPI SeSetSecurityDescriptorInfo(_In_opt_ PVOID Object, _In_ PSECURITY_INFORMATION SecurityInformation, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _Inout_ PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor, _In_ POOL_TYPE PoolType, _In_ PGENERIC_MAPPING GenericMapping)
SeQuerySecurityDescriptorInfo
NTKERNELAPI NTSTATUS NTAPI SeQuerySecurityDescriptorInfo(_In_ PSECURITY_INFORMATION SecurityInformation, _Out_writes_bytes_(*Length) PSECURITY_DESCRIPTOR SecurityDescriptor, _Inout_ PULONG Length, _Inout_ PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor)
AccessState
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE AccessState
Definition: sefuncs.h:417
DACL_SECURITY_INFORMATION
#define DACL_SECURITY_INFORMATION
Definition: setypes.h:125
OWNER_SECURITY_INFORMATION
#define OWNER_SECURITY_INFORMATION
Definition: setypes.h:123
SECURITY_DESCRIPTOR_REVISION
#define SECURITY_DESCRIPTOR_REVISION
Definition: setypes.h:58
GROUP_SECURITY_INFORMATION
#define GROUP_SECURITY_INFORMATION
Definition: setypes.h:124
ACL_REVISION
#define ACL_REVISION
Definition: setypes.h:39
SACL_SECURITY_INFORMATION
#define SACL_SECURITY_INFORMATION
Definition: setypes.h:126