20#define UDF_BUG_CHECK_ID UDF_FILE_SECURITY
22#ifdef UDF_ENABLE_SECURITY
85 Irp->IoStatus.Status = RC;
86 Irp->IoStatus.Information = 0;
140 UDFPrint((
"UDFCommonGetSecurity\n"));
208 Irp->IoStatus.Status = RC;
221#ifndef UDF_READ_ONLY_BUILD
263 Irp->IoStatus.Status = RC;
264 Irp->IoStatus.Information = 0;
317 UDFPrint((
"UDFCommonSetSecurity\n"));
334 if(!
Fcb->
Vcb->WriteSecurity)
362 UDFConvertToSelfRelative(&(
NtReqFcb->SecurityDesc));
403 Irp->IoStatus.Status = RC;
404 Irp->IoStatus.Information = 0;
426#ifdef UDF_ENABLE_SECURITY
431 ULONG NumberBytesRead;
445 UDFPrint((
" No Security on blank volume\n"));
471 SDirInfo,&AclInfo,
NULL);
487 FALSE, (
PCHAR)(*SecurityDesc), &NumberBytesRead);
511 (*SecurityDesc) =
NULL;
524#ifdef UDF_ENABLE_SECURITY
526UDFConvertToSelfRelative(
535 UDFPrint((
" UDFConvertToSelfRelative\n"));
554 *SecurityDesc = NewSD;
574 if(!(*ParentSecurityDesc)) {
575 *SecurityDesc =
NULL;
592 *SecurityDesc =
NULL;
623UDFBuildFullControlAcl(
632 UDFPrint((
" UDFBuildFullControlAcl\n"));
634 RC = UDFBuildEmptyAcl(
Vcb, SecurityDesc);
696 RC = UDFConvertToSelfRelative(SecurityDesc);
714#ifdef UDF_ENABLE_SECURITY
724 NtReqFcb->SecurityDesc =
Fcb->FileInfo->ParentFile->Dloc->CommonFcb->SecurityDesc;
729 if(
Vcb->RootDirFCB &&
730 Vcb->RootDirFCB->FileInfo &&
731 Vcb->RootDirFCB->FileInfo->Dloc &&
732 Vcb->RootDirFCB->FileInfo->Dloc->CommonFcb) {
733 RC = UDFInheritAcl(
Vcb, &(
Vcb->RootDirFCB->FileInfo->Dloc->CommonFcb->SecurityDesc), &ExplicitSecurity);
743 if(!
Fcb->FileInfo->ParentFile) {
744 RC = UDFBuildFullControlAcl(
Vcb, &ExplicitSecurity);
746 RC = UDFInheritAcl(
Vcb, &(
Fcb->FileInfo->ParentFile->Dloc->CommonFcb->SecurityDesc), &ExplicitSecurity);
755 NtReqFcb->SecurityDesc = ExplicitSecurity;
777#ifdef UDF_ENABLE_SECURITY
789 SeDeassignSecurity(&(
NtReqFcb->SecurityDesc));
802#ifdef UDF_ENABLE_SECURITY
808 ULONG NumberBytesRead;
812#if !defined(UDF_READ_ONLY_BUILD)
814 if(!
Vcb->WriteSecurity ||
822#if !defined(UDF_READ_ONLY_BUILD)
859 SDirInfo,&AclInfo,
NULL);
872 if(!(*SecurityDesc)) {
880 FALSE, (
PCHAR)(*SecurityDesc), &NumberBytesRead);
884 Fcb->NTRequiredFCB->NtReqFCBFlags &= ~UDF_NTREQ_FCB_SD_MODIFIED;
922 return (
Fcb->NTRequiredFCB->SecurityDesc);
938#ifdef UDF_ENABLE_SECURITY
948#ifdef UDF_READ_ONLY_BUILD
958 AdPrint((
"force R/O on dirty\n"));
962#ifdef UDF_READ_ONLY_BUILD
989#ifdef UDF_ENABLE_SECURITY
1001 Ccb ?
Ccb->PreviouslyGrantedAccess : 0,
1005 Ccb ? &(
Ccb->PreviouslyGrantedAccess) : &LocalAccessMask,
1009 if(!SecurityCheck) {
1018#ifdef UDF_ENABLE_SECURITY
1027 &(
Fcb->NTRequiredFCB->FCBShareAccess),
TRUE);
1028#ifndef UDF_ENABLE_SECURITY
1035#ifndef UDF_ENABLE_SECURITY
1058#ifndef UDF_ENABLE_SECURITY
1078 if(SecDesc && !AutoInherit) {
1081 RC = SeAssignSecurity(
1082 Fcb->FileInfo->ParentFile->Dloc->CommonFcb->SecurityDesc,
1085 &(
Fcb->NTRequiredFCB->SecurityDesc),
1091 UDFConvertToSelfRelative(&(
Fcb->NTRequiredFCB->SecurityDesc));
static PIO_STACK_LOCATION IoGetCurrentIrpStackLocation(PIRP Irp)
BOOLEAN NTAPI SeAccessCheck(_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext, _In_ BOOLEAN SubjectContextLocked, _In_ ACCESS_MASK DesiredAccess, _In_ ACCESS_MASK PreviouslyGrantedAccess, _Out_ PPRIVILEGE_SET *Privileges, _In_ PGENERIC_MAPPING GenericMapping, _In_ KPROCESSOR_MODE AccessMode, _Out_ PACCESS_MASK GrantedAccess, _Out_ PNTSTATUS AccessStatus)
Determines whether security access rights can be given to an object depending on the security descrip...
_Inout_ PFILE_OBJECT _In_ TYPE_OF_OPEN PFCB _In_opt_ PCCB Ccb
#define STATUS_NOT_IMPLEMENTED
#define NT_SUCCESS(StatCode)
_In_ PIO_STACK_LOCATION IrpSp
_In_ PIO_STACK_LOCATION _Inout_ PFILE_OBJECT _Inout_ PVCB _Outptr_result_maybenull_ PDCB _In_ PDCB _In_ PDIRENT _In_ ULONG _In_ ULONG _In_ PUNICODE_STRING _In_ PACCESS_MASK _In_ USHORT ShareAccess
NTSTATUS UDFExceptionHandler(PtrUDFIrpContext PtrIrpContext, PIRP Irp)
BOOLEAN __fastcall UDFIsIrpTopLevel(PIRP Irp)
VOID UDFLogEvent(NTSTATUS UDFEventLogId, NTSTATUS RC)
NTSTATUS UDFPostRequest(IN PtrUDFIrpContext PtrIrpContext, IN PIRP Irp)
PtrUDFIrpContext UDFAllocateIrpContext(PIRP Irp, PDEVICE_OBJECT PtrTargetDeviceObject)
VOID UDFReleaseIrpContext(PtrUDFIrpContext PtrIrpContext)
long UDFExceptionFilter(PtrUDFIrpContext PtrIrpContext, PEXCEPTION_POINTERS PtrExceptionPointers)
#define INTEGRITY_TYPE_OPEN
__inline VOID UDFNotifyFullReportChange(PVCB V, PUDF_FILE_INFO FI, ULONG E, ULONG A)
#define UDFReleaseResource(Resource)
#define UDFAcquireResourceExclusive(Resource, CanWait)
#define UDF_ERROR_INTERNAL_ERROR
_Must_inspect_result_ _In_ PFILE_OBJECT _In_ SECURITY_INFORMATION SecurityInformation
_Inout_ PLIST_ENTRY _In_ PVOID _In_ PSTRING _In_ BOOLEAN _In_ BOOLEAN _In_ ULONG _In_ PFLT_CALLBACK_DATA _In_opt_ PCHECK_FOR_TRAVERSE_ACCESS _In_opt_ PSECURITY_SUBJECT_CONTEXT SubjectContext
#define FsRtlEnterFileSystem
#define FsRtlExitFileSystem
NTSYSAPI ULONG WINAPI RtlLengthSecurityDescriptor(PSECURITY_DESCRIPTOR)
NTSYSAPI NTSTATUS WINAPI RtlAddAccessAllowedAce(PACL, DWORD, DWORD, PSID)
NTSYSAPI NTSTATUS WINAPI RtlSetOwnerSecurityDescriptor(PSECURITY_DESCRIPTOR, PSID, BOOLEAN)
NTSYSAPI NTSTATUS WINAPI RtlSetDaclSecurityDescriptor(PSECURITY_DESCRIPTOR, BOOLEAN, PACL, BOOLEAN)
#define EXCEPTION_EXECUTE_HANDLER
#define GetExceptionInformation
#define AbnormalTermination
DWORD SECURITY_INFORMATION
struct _SECURITY_DESCRIPTOR * PSECURITY_DESCRIPTOR
NTSYSAPI NTSTATUS NTAPI RtlCreateAcl(PACL Acl, ULONG AclSize, ULONG AclRevision)
NTSYSAPI NTSTATUS NTAPI RtlCreateSecurityDescriptor(_Out_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ ULONG Revision)
NTSYSAPI BOOLEAN NTAPI RtlValidSecurityDescriptor(IN PSECURITY_DESCRIPTOR SecurityDescriptor)
#define ACCESS_SYSTEM_SECURITY
#define FILE_DELETE_CHILD
#define FILE_ADD_SUBDIRECTORY
NTSYSAPI NTSTATUS NTAPI RtlSetGroupSecurityDescriptor(IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor, IN PSID Group, IN BOOLEAN GroupDefaulted)
#define FULL_SECURITY_INFORMATION
VOID NTAPI IoSetShareAccess(IN ACCESS_MASK DesiredAccess, IN ULONG DesiredShareAccess, IN PFILE_OBJECT FileObject, OUT PSHARE_ACCESS ShareAccess)
NTSTATUS NTAPI IoCheckShareAccess(IN ACCESS_MASK DesiredAccess, IN ULONG DesiredShareAccess, IN PFILE_OBJECT FileObject, IN PSHARE_ACCESS ShareAccess, IN BOOLEAN Update)
PGENERIC_MAPPING NTAPI IoGetFileObjectGenericMapping(VOID)
VOID NTAPI IoUpdateShareAccess(IN PFILE_OBJECT FileObject, OUT PSHARE_ACCESS ShareAccess)
#define IoCompleteRequest
VOID NTAPI IoSetTopLevelIrp(IN PIRP Irp)
BOOLEAN NTAPI SeSinglePrivilegeCheck(_In_ LUID PrivilegeValue, _In_ KPROCESSOR_MODE PreviousMode)
Checks if a single privilege is present in the context of the calling thread.
#define STATUS_NO_SECURITY_ON_OBJECT
PVOID UDFGetCallersBuffer(PtrUDFIrpContext PtrIrpContext, PIRP Irp)
NTSTATUS UDFSetSecurity(PDEVICE_OBJECT DeviceObject, PIRP Irp)
NTSTATUS UDFGetSecurity(PDEVICE_OBJECT DeviceObject, PIRP Irp)
NTSTATUS UDFCommonSetSecurity(PtrUDFIrpContext PtrIrpContext, PIRP Irp)
NTSTATUS UDFCommonGetSecurity(PtrUDFIrpContext PtrIrpContext, PIRP Irp)
#define _SEH2_EXCEPT(...)
VOID UDFDeassignAcl(IN PtrUDFNTRequiredFCB NtReqFcb, IN BOOLEAN AutoInherited)
NTSTATUS UDFReadSecurity(IN PVCB Vcb, IN PtrUDFFCB Fcb, IN PSECURITY_DESCRIPTOR *SecurityDesc)
NTSTATUS UDFWriteSecurity(IN PVCB Vcb, IN PtrUDFFCB Fcb, IN PSECURITY_DESCRIPTOR *SecurityDesc)
NTSTATUS UDFSetAccessRights(PFILE_OBJECT FileObject, PACCESS_STATE AccessState, PtrUDFFCB Fcb, PtrUDFCCB Ccb, ACCESS_MASK DesiredAccess, USHORT ShareAccess)
NTSTATUS UDFCheckAccessRights(PFILE_OBJECT FileObject, PACCESS_STATE AccessState, PtrUDFFCB Fcb, PtrUDFCCB Ccb, ACCESS_MASK DesiredAccess, USHORT ShareAccess)
PSECURITY_DESCRIPTOR UDFLookUpAcl(IN PVCB Vcb, PFILE_OBJECT FileObject, IN PtrUDFFCB Fcb)
NTSTATUS UDFAssignAcl(IN PVCB Vcb, IN PFILE_OBJECT FileObject, IN PtrUDFFCB Fcb, IN PtrUDFNTRequiredFCB NtReqFcb)
#define STATUS_BUFFER_TOO_SMALL
#define UDF_FCB_READ_ONLY
#define UDF_IRP_CONTEXT_CAN_BLOCK
#define UDF_CCB_VOLUME_OPEN
#define UDF_NTREQ_FCB_SD_MODIFIED
struct _UDFContextControlBlock * PtrUDFCCB
#define UDF_FCB_DIRECTORY
struct _FCB::@734::@737 Fcb
struct _IO_STACK_LOCATION::@3983::@4002 SetSecurity
struct _IO_STACK_LOCATION::@3983::@4001 QuerySecurity
union _IO_STACK_LOCATION::@1584 Parameters
struct _UDFFileControlBlock * Fcb
VOID NTAPI SeReleaseSubjectContext(_In_ PSECURITY_SUBJECT_CONTEXT SubjectContext)
Releases both the primary and client tokens of a security subject context.
VOID NTAPI SeCaptureSubjectContext(_Out_ PSECURITY_SUBJECT_CONTEXT SubjectContext)
Captures the security subject context of the calling thread and calling process.
#define RtlZeroMemory(Destination, Length)
#define UDF_VCB_IC_DIRTY_RO
#define UDF_VCB_FLAGS_VOLUME_READ_ONLY
#define UDF_VCB_FLAGS_RAW_DISK
#define UDF_VCB_FLAGS_MEDIA_READ_ONLY
#define UDF_VCB_IC_WRITE_IN_RO_DIR
OSSTATUS UDFWriteFile__(IN PVCB Vcb, IN PUDF_FILE_INFO FileInfo, IN int64 Offset, IN SIZE_T Length, IN BOOLEAN Direct, IN int8 *Buffer, OUT PSIZE_T WrittenBytes)
int64 UDFGetFileSize(IN PUDF_FILE_INFO FileInfo)
OSSTATUS UDFCloseFile__(IN PVCB Vcb, IN PUDF_FILE_INFO FileInfo)
OSSTATUS UDFFlushFile__(IN PVCB Vcb, IN PUDF_FILE_INFO FileInfo, IN ULONG FlushFlags)
uint32 UDFCleanUpFile__(IN PVCB Vcb, IN PUDF_FILE_INFO FileInfo)
OSSTATUS UDFUnlinkFile__(IN PVCB Vcb, IN PUDF_FILE_INFO FileInfo, IN BOOLEAN FreeSpace)
OSSTATUS UDFOpenStreamDir__(IN PVCB Vcb, IN PUDF_FILE_INFO FileInfo, OUT PUDF_FILE_INFO *_SDirInfo)
OSSTATUS UDFCreateFile__(IN PVCB Vcb, IN BOOLEAN IgnoreCase, IN PUNICODE_STRING _fn, IN uint32 ExtAttrSz, IN uint32 ImpUseLen, IN BOOLEAN Extended, IN BOOLEAN CreateNew, IN OUT PUDF_FILE_INFO DirInfo, OUT PUDF_FILE_INFO *_FileInfo)
OSSTATUS UDFCreateStreamDir__(IN PVCB Vcb, IN PUDF_FILE_INFO FileInfo, OUT PUDF_FILE_INFO *_SDirInfo)
OSSTATUS UDFOpenFile__(IN PVCB Vcb, IN BOOLEAN IgnoreCase, IN BOOLEAN NotDeleted, IN PUNICODE_STRING fn, IN PUDF_FILE_INFO DirInfo, OUT PUDF_FILE_INFO *_FileInfo, IN uint_di *IndexToOpen)
#define UDFIsAStreamDir(FI)
#define UDFIsADirectory(FileInfo)
__inline OSSTATUS UDFReadFile__(IN PVCB Vcb, IN PUDF_FILE_INFO FileInfo, IN int64 Offset, IN SIZE_T Length, IN BOOLEAN Direct, OUT int8 *Buffer, OUT PSIZE_T ReadBytes)
#define STATUS_ACCESS_DENIED
#define STATUS_INVALID_PARAMETER
#define STATUS_INVALID_USER_BUFFER
#define STATUS_INSUFFICIENT_RESOURCES
#define STATUS_OBJECT_NAME_NOT_FOUND
#define UDF_CHECK_PAGING_IO_RESOURCE(NTReqFCB)
_In_ PDEVICE_OBJECT DeviceObject
_Must_inspect_result_ _In_ WDFDEVICE _In_ ULONG _In_ ACCESS_MASK DesiredAccess
_In_ WDFREQUEST _In_ WDFFILEOBJECT FileObject
_Must_inspect_result_ _In_ WDFDEVICE _In_ DEVICE_REGISTRY_PROPERTY _In_ ULONG BufferLength
#define FILE_ACTION_MODIFIED
#define FILE_NOTIFY_CHANGE_SECURITY
#define IO_DISK_INCREMENT
NTKERNELAPI NTSTATUS NTAPI SeSetSecurityDescriptorInfo(_In_opt_ PVOID Object, _In_ PSECURITY_INFORMATION SecurityInformation, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _Inout_ PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor, _In_ POOL_TYPE PoolType, _In_ PGENERIC_MAPPING GenericMapping)
NTKERNELAPI NTSTATUS NTAPI SeQuerySecurityDescriptorInfo(_In_ PSECURITY_INFORMATION SecurityInformation, _Out_writes_bytes_(*Length) PSECURITY_DESCRIPTOR SecurityDescriptor, _Inout_ PULONG Length, _Inout_ PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor)
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE AccessState
#define DACL_SECURITY_INFORMATION
#define OWNER_SECURITY_INFORMATION
#define SECURITY_DESCRIPTOR_REVISION
#define GROUP_SECURITY_INFORMATION
#define SACL_SECURITY_INFORMATION