ReactOS  0.4.15-dev-344-g6808e40
secursup.cpp
Go to the documentation of this file.
1 // Copyright (C) Alexander Telyatnikov, Ivan Keliukh, Yegor Anchishkin, SKIF Software, 1999-2013. Kiev, Ukraine
3 // All rights reserved
4 // This file was released under the GPLv2 on June 2015.
6 /*************************************************************************
7 *
8 * File: SecurSup.cpp
9 *
10 * Module: UDF File System Driver (Kernel mode execution only)
11 *
12 * Description:
13 * Contains code to handle the "Get/Set Security" dispatch entry points.
14 *
15 *************************************************************************/
16 
17 #include "udffs.h"
18 
19 // define the file specific bug-check id
20 #define UDF_BUG_CHECK_ID UDF_FILE_SECURITY
21 
22 #ifdef UDF_ENABLE_SECURITY
23 
24 NTSTATUS UDFConvertToSelfRelative(
25  IN OUT PSECURITY_DESCRIPTOR* SecurityDesc);
26 
27 /*UCHAR FullControlSD[] = {
28 0x01, 0x00, 0x04, 0x80, 0x4c, 0x00, 0x00, 0x00,
29 0x58, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
30 0x14, 0x00, 0x00, 0x00, 0x02, 0x00, 0x38, 0x00,
31 0x02, 0x00, 0x00, 0x00, 0x00, 0x09, 0x18, 0x00,
32 0x00, 0x00, 0x00, 0x10, 0x01, 0x01, 0x00, 0x00,
33 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00,
34 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x18, 0x00,
35 0xff, 0x01, 0x1f, 0x00, 0x01, 0x01, 0x00, 0x00,
36 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00,
37 0x00, 0x00, 0x00, 0x00, 0x01, 0x01, 0x00, 0x00,
38 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00,
39 0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
40 0x00, 0x00, 0x00, 0x00
41 };*/
42 
43 /*************************************************************************
44 *
45 * Function: UDFGetSecurity()
46 *
47 * Description:
48 *
49 * Expected Interrupt Level (for execution) :
50 *
51 * IRQL_PASSIVE_LEVEL
52 *
53 * Return Value: Irrelevant.
54 *
55 *************************************************************************/
56 NTSTATUS
57 UDFGetSecurity(
58  IN PDEVICE_OBJECT DeviceObject, // the logical volume device object
59  IN PIRP Irp) // I/O Request Packet
60 {
61  NTSTATUS RC = STATUS_SUCCESS;
62  PtrUDFIrpContext PtrIrpContext = NULL;
63  BOOLEAN AreWeTopLevel = FALSE;
64 
65  UDFPrint(("UDFGetSecurity\n"));
66 // BrutePoint();
67 
68  FsRtlEnterFileSystem();
69  ASSERT(DeviceObject);
70  ASSERT(Irp);
71 
72  // set the top level context
73  AreWeTopLevel = UDFIsIrpTopLevel(Irp);
74  ASSERT(!UDFIsFSDevObj(DeviceObject));
75  // Call the common Lock Control routine, with blocking allowed if
76  // synchronous
77  _SEH2_TRY {
78 
79  // get an IRP context structure and issue the request
80  PtrIrpContext = UDFAllocateIrpContext(Irp, DeviceObject);
81  if(PtrIrpContext) {
82  RC = UDFCommonGetSecurity(PtrIrpContext, Irp);
83  } else {
84  RC = STATUS_INSUFFICIENT_RESOURCES;
85  Irp->IoStatus.Status = RC;
86  Irp->IoStatus.Information = 0;
87  // complete the IRP
88  IoCompleteRequest(Irp, IO_DISK_INCREMENT);
89  }
90 
91  } __except (UDFExceptionFilter(PtrIrpContext, GetExceptionInformation())) {
92 
93  RC = UDFExceptionHandler(PtrIrpContext, Irp);
94 
95  UDFLogEvent(UDF_ERROR_INTERNAL_ERROR, RC);
96  }
97 
98  if (AreWeTopLevel) {
99  IoSetTopLevelIrp(NULL);
100  }
101 
102  FsRtlExitFileSystem();
103 
104  return(RC);
105 } // end UDFGetSecurity()
106 
107 
108 /*************************************************************************
109 *
110 * Function: UDFCommonGetSecurity()
111 *
112 * Description:
113 * This is the common routine for getting Security (ACL) called
114 * by both the fsd and fsp threads
115 *
116 * Expected Interrupt Level (for execution) :
117 *
118 * IRQL_PASSIVE_LEVEL
119 *
120 * Return Value: Irrelevant
121 *
122 *************************************************************************/
123 NTSTATUS
124 UDFCommonGetSecurity(
125  IN PtrUDFIrpContext PtrIrpContext,
126  IN PIRP Irp)
127 {
128  NTSTATUS RC = STATUS_SUCCESS;
129  PIO_STACK_LOCATION IrpSp = NULL;
130  BOOLEAN PostRequest = FALSE;
131  BOOLEAN CanWait = FALSE;
132  PtrUDFNTRequiredFCB NtReqFcb = NULL;
133  BOOLEAN AcquiredFCB = FALSE;
134  PFILE_OBJECT FileObject = NULL;
135  PtrUDFFCB Fcb = NULL;
136  PtrUDFCCB Ccb = NULL;
137  PVOID PtrSystemBuffer = NULL;
138  ULONG BufferLength = 0;
139 
140  UDFPrint(("UDFCommonGetSecurity\n"));
141 
142  _SEH2_TRY {
143 
144  // First, get a pointer to the current I/O stack location.
145  IrpSp = IoGetCurrentIrpStackLocation(Irp);
146  ASSERT(IrpSp);
147 
148  FileObject = IrpSp->FileObject;
149  ASSERT(FileObject);
150 
151  // Get the FCB and CCB pointers.
152  Ccb = (PtrUDFCCB)(FileObject->FsContext2);
153  ASSERT(Ccb);
154  Fcb = Ccb->Fcb;
155  ASSERT(Fcb);
156 
157 /* if(!Fcb->Vcb->ReadSecurity)
158  try_return(RC = STATUS_NOT_IMPLEMENTED);*/
159 
160  NtReqFcb = Fcb->NTRequiredFCB;
161  CanWait = ((PtrIrpContext->IrpContextFlags & UDF_IRP_CONTEXT_CAN_BLOCK) ? TRUE : FALSE);
162 
163  // Acquire the FCB resource shared
164  UDF_CHECK_PAGING_IO_RESOURCE(NtReqFcb);
165  if (!UDFAcquireResourceExclusive(&(NtReqFcb->MainResource), CanWait)) {
166 // if (!UDFAcquireResourceShared(&(NtReqFcb->MainResource), CanWait)) {
167  PostRequest = TRUE;
168  try_return(RC = STATUS_PENDING);
169  }
170  AcquiredFCB = TRUE;
171 
172  PtrSystemBuffer = UDFGetCallersBuffer(PtrIrpContext, Irp);
173  if(!PtrSystemBuffer)
174  try_return(RC = STATUS_INVALID_USER_BUFFER);
175  BufferLength = IrpSp->Parameters.QuerySecurity.Length;
176 
177  if(!NtReqFcb->SecurityDesc) {
178  RC = UDFAssignAcl(Fcb->Vcb, FileObject, Fcb, NtReqFcb);
179  if(!NT_SUCCESS(RC))
180  try_return(RC);
181  }
182 
183  _SEH2_TRY {
184  RC = SeQuerySecurityDescriptorInfo(&(IrpSp->Parameters.QuerySecurity.SecurityInformation),
185  (PSECURITY_DESCRIPTOR)PtrSystemBuffer,
186  &BufferLength,
187  &(NtReqFcb->SecurityDesc) );
188  } _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER) {
189  RC = STATUS_BUFFER_TOO_SMALL;
190  }
191 
192 try_exit: NOTHING;
193 
194  } _SEH2_FINALLY {
195 
196  // Release the FCB resources if acquired.
197  if (AcquiredFCB) {
198  UDF_CHECK_PAGING_IO_RESOURCE(NtReqFcb);
199  UDFReleaseResource(&(NtReqFcb->MainResource));
200  AcquiredFCB = FALSE;
201  }
202 
203  if (PostRequest) {
204  // Perform appropriate post related processing here
205  RC = UDFPostRequest(PtrIrpContext, Irp);
206  } else
207  if(!AbnormalTermination()) {
208  Irp->IoStatus.Status = RC;
209  Irp->IoStatus.Information = BufferLength;
210  // Free up the Irp Context
211  UDFReleaseIrpContext(PtrIrpContext);
212  // complete the IRP
213  IoCompleteRequest(Irp, IO_DISK_INCREMENT);
214  }
215 
216  } // end of "__finally" processing
217 
218  return(RC);
219 }
220 
221 #ifndef UDF_READ_ONLY_BUILD
222 /*************************************************************************
223 *
224 * Function: UDFSetSecurity()
225 *
226 * Description:
227 *
228 * Expected Interrupt Level (for execution) :
229 *
230 * IRQL_PASSIVE_LEVEL
231 *
232 * Return Value: Irrelevant.
233 *
234 *************************************************************************/
235 NTSTATUS
236 UDFSetSecurity(
237  IN PDEVICE_OBJECT DeviceObject, // the logical volume device object
238  IN PIRP Irp) // I/O Request Packet
239 {
240  NTSTATUS RC = STATUS_SUCCESS;
241  PtrUDFIrpContext PtrIrpContext = NULL;
242  BOOLEAN AreWeTopLevel = FALSE;
243 
244  UDFPrint(("UDFSetSecurity\n"));
245 // BrutePoint();
246 
247  FsRtlEnterFileSystem();
248  ASSERT(DeviceObject);
249  ASSERT(Irp);
250 
251  // set the top level context
252  AreWeTopLevel = UDFIsIrpTopLevel(Irp);
253  // Call the common Lock Control routine, with blocking allowed if
254  // synchronous
255  _SEH2_TRY {
256 
257  // get an IRP context structure and issue the request
258  PtrIrpContext = UDFAllocateIrpContext(Irp, DeviceObject);
259  if(PtrIrpContext) {
260  RC = UDFCommonSetSecurity(PtrIrpContext, Irp);
261  } else {
262  RC = STATUS_INSUFFICIENT_RESOURCES;
263  Irp->IoStatus.Status = RC;
264  Irp->IoStatus.Information = 0;
265  // complete the IRP
266  IoCompleteRequest(Irp, IO_DISK_INCREMENT);
267  }
268 
269  } __except (UDFExceptionFilter(PtrIrpContext, GetExceptionInformation())) {
270 
271  RC = UDFExceptionHandler(PtrIrpContext, Irp);
272 
273  UDFLogEvent(UDF_ERROR_INTERNAL_ERROR, RC);
274  }
275 
276  if (AreWeTopLevel) {
277  IoSetTopLevelIrp(NULL);
278  }
279 
280  FsRtlExitFileSystem();
281 
282  return(RC);
283 } // end UDFSetSecurity()
284 
285 
286 /*************************************************************************
287 *
288 * Function: UDFCommonSetSecurity()
289 *
290 * Description:
291 * This is the common routine for getting Security (ACL) called
292 * by both the fsd and fsp threads
293 *
294 * Expected Interrupt Level (for execution) :
295 *
296 * IRQL_PASSIVE_LEVEL
297 *
298 * Return Value: Irrelevant
299 *
300 *************************************************************************/
301 NTSTATUS
302 UDFCommonSetSecurity(
303  IN PtrUDFIrpContext PtrIrpContext,
304  IN PIRP Irp)
305 {
306  NTSTATUS RC = STATUS_SUCCESS;
307  PIO_STACK_LOCATION IrpSp = NULL;
308  BOOLEAN PostRequest = FALSE;
309  BOOLEAN CanWait = FALSE;
310  PtrUDFNTRequiredFCB NtReqFcb = NULL;
311  BOOLEAN AcquiredFCB = FALSE;
312  PFILE_OBJECT FileObject = NULL;
313  PtrUDFFCB Fcb = NULL;
314  PtrUDFCCB Ccb = NULL;
315  ACCESS_MASK DesiredAccess = 0;
316 
317  UDFPrint(("UDFCommonSetSecurity\n"));
318 
319  _SEH2_TRY {
320 
321  // First, get a pointer to the current I/O stack location.
322  IrpSp = IoGetCurrentIrpStackLocation(Irp);
323  ASSERT(IrpSp);
324 
325  FileObject = IrpSp->FileObject;
326  ASSERT(FileObject);
327 
328  // Get the FCB and CCB pointers.
329  Ccb = (PtrUDFCCB)(FileObject->FsContext2);
330  ASSERT(Ccb);
331  Fcb = Ccb->Fcb;
332  ASSERT(Fcb);
333 
334  if(!Fcb->Vcb->WriteSecurity)
335  try_return(RC = STATUS_NOT_IMPLEMENTED);
336 
337  NtReqFcb = Fcb->NTRequiredFCB;
338  CanWait = ((PtrIrpContext->IrpContextFlags & UDF_IRP_CONTEXT_CAN_BLOCK) ? TRUE : FALSE);
339 
340  // Acquire the FCB resource exclusive
341  UDF_CHECK_PAGING_IO_RESOURCE(NtReqFcb);
342  if (!UDFAcquireResourceExclusive(&(NtReqFcb->MainResource), CanWait)) {
343  PostRequest = TRUE;
344  try_return(RC = STATUS_PENDING);
345  }
346  AcquiredFCB = TRUE;
347 
348 //OWNER_SECURITY_INFORMATION
349  if(IrpSp->Parameters.SetSecurity.SecurityInformation & OWNER_SECURITY_INFORMATION)
350  DesiredAccess |= WRITE_OWNER;
351 //GROUP_SECURITY_INFORMATION
352  if(IrpSp->Parameters.SetSecurity.SecurityInformation & GROUP_SECURITY_INFORMATION)
353  DesiredAccess |= WRITE_OWNER;
354 //DACL_SECURITY_INFORMATION
355  if(IrpSp->Parameters.SetSecurity.SecurityInformation & DACL_SECURITY_INFORMATION)
356  DesiredAccess |= WRITE_DAC;
357 //SACL_SECURITY_INFORMATION
358  if(IrpSp->Parameters.SetSecurity.SecurityInformation & SACL_SECURITY_INFORMATION)
359  DesiredAccess |= ACCESS_SYSTEM_SECURITY;
360 
361  _SEH2_TRY {
362  UDFConvertToSelfRelative(&(NtReqFcb->SecurityDesc));
363 
364  KdDump(NtReqFcb->SecurityDesc, RtlLengthSecurityDescriptor(NtReqFcb->SecurityDesc));
365  UDFPrint(("\n"));
366 
367  RC = SeSetSecurityDescriptorInfo(/*FileObject*/ NULL,
368  &(IrpSp->Parameters.SetSecurity.SecurityInformation),
369  IrpSp->Parameters.SetSecurity.SecurityDescriptor,
370  &(NtReqFcb->SecurityDesc),
371  NonPagedPool,
372  IoGetFileObjectGenericMapping() );
373 
374  KdDump(NtReqFcb->SecurityDesc, RtlLengthSecurityDescriptor(NtReqFcb->SecurityDesc));
375 
376  } _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER) {
377  RC = STATUS_INVALID_PARAMETER;
378  }
379  if(NT_SUCCESS(RC)) {
380  NtReqFcb->NtReqFCBFlags |= UDF_NTREQ_FCB_SD_MODIFIED;
381 
382  UDFNotifyFullReportChange( Fcb->Vcb, Fcb->FileInfo,
383  FILE_NOTIFY_CHANGE_SECURITY,
384  FILE_ACTION_MODIFIED);
385  }
386 
387 try_exit: NOTHING;
388 
389  } _SEH2_FINALLY {
390 
391  // Release the FCB resources if acquired.
392  if (AcquiredFCB) {
393  UDF_CHECK_PAGING_IO_RESOURCE(NtReqFcb);
394  UDFReleaseResource(&(NtReqFcb->MainResource));
395  AcquiredFCB = FALSE;
396  }
397 
398  if (PostRequest) {
399  // Perform appropriate post related processing here
400  RC = UDFPostRequest(PtrIrpContext, Irp);
401  } else
402  if(!AbnormalTermination()) {
403  Irp->IoStatus.Status = RC;
404  Irp->IoStatus.Information = 0;
405  // Free up the Irp Context
406  UDFReleaseIrpContext(PtrIrpContext);
407  // complete the IRP
408  IoCompleteRequest(Irp, IO_DISK_INCREMENT);
409  }
410 
411  } // end of "__finally" processing
412 
413  return(RC);
414 } // ens UDFCommonSetSecurity()
415 
416 #endif //UDF_READ_ONLY_BUILD
417 #endif //UDF_ENABLE_SECURITY
418 
419 NTSTATUS
420 UDFReadSecurity(
421  IN PVCB Vcb,
422  IN PtrUDFFCB Fcb,
423  IN PSECURITY_DESCRIPTOR* SecurityDesc
424  )
425 {
426 #ifdef UDF_ENABLE_SECURITY
427  PUDF_FILE_INFO FileInfo = NULL;
428  PUDF_FILE_INFO SDirInfo = NULL;
429  PUDF_FILE_INFO AclInfo = NULL;
430  NTSTATUS RC;
431  ULONG NumberBytesRead;
432  PERESOURCE Res1 = NULL;
433 
434  UDFPrint(("UDFReadSecurity\n"));
435 
436  _SEH2_TRY {
437 
438  FileInfo = Fcb->FileInfo;
439  ASSERT(FileInfo);
440  if(!FileInfo) {
441  UDFPrint((" Volume Security\n"));
442  try_return(RC = STATUS_NO_SECURITY_ON_OBJECT);
443  }
444  if(Vcb->VCBFlags & UDF_VCB_FLAGS_RAW_DISK) {
445  UDFPrint((" No Security on blank volume\n"));
446  try_return(RC = STATUS_NO_SECURITY_ON_OBJECT);
447  }
448 
449  // Open Stream Directory
450  RC = UDFOpenStreamDir__(Vcb, FileInfo, &SDirInfo);
451 
452  if(RC == STATUS_NOT_FOUND)
453  try_return(RC = STATUS_NO_SECURITY_ON_OBJECT);
454  if(!NT_SUCCESS(RC)) {
455  if(UDFCleanUpFile__(Vcb, SDirInfo)) {
456  if(SDirInfo) MyFreePool__(SDirInfo);
457  }
458  SDirInfo = NULL;
459  try_return(RC);
460  }
461  // Acquire SDir exclusively if Fcb present
462  if(SDirInfo->Fcb) {
463  BrutePoint();
464  UDF_CHECK_PAGING_IO_RESOURCE(SDirInfo->Fcb->NTRequiredFCB);
465  UDFAcquireResourceExclusive(Res1 = &(SDirInfo->Fcb->NTRequiredFCB->MainResource),TRUE);
466  }
467 
468  // Open Acl Stream
469  RC = UDFOpenFile__(Vcb,
470  FALSE,TRUE,&(UDFGlobalData.AclName),
471  SDirInfo,&AclInfo,NULL);
472  if(RC == STATUS_OBJECT_NAME_NOT_FOUND)
473  try_return(RC = STATUS_NO_SECURITY_ON_OBJECT);
474  if(!NT_SUCCESS(RC)) {
475  if(UDFCleanUpFile__(Vcb, AclInfo)) {
476  if(AclInfo) MyFreePool__(AclInfo);
477  }
478  AclInfo = NULL;
479  try_return(RC);
480  }
481 
482  NumberBytesRead = (ULONG)UDFGetFileSize(AclInfo);
483  (*SecurityDesc) = DbgAllocatePool(NonPagedPool, NumberBytesRead);
484  if(!(*SecurityDesc))
485  try_return(RC = STATUS_INSUFFICIENT_RESOURCES);
486  RC = UDFReadFile__(Vcb, AclInfo, 0, NumberBytesRead,
487  FALSE, (PCHAR)(*SecurityDesc), &NumberBytesRead);
488  if(!NT_SUCCESS(RC))
489  try_return(RC);
490 
491  RC = RtlValidSecurityDescriptor(*SecurityDesc);
492 
493 try_exit: NOTHING;
494 
495  } _SEH2_FINALLY {
496 
497  if(AclInfo) {
498  UDFCloseFile__(Vcb, AclInfo);
499  if(UDFCleanUpFile__(Vcb, AclInfo))
500  MyFreePool__(AclInfo);
501  }
502 
503  if(SDirInfo) {
504  UDFCloseFile__(Vcb, SDirInfo);
505  if(UDFCleanUpFile__(Vcb, SDirInfo))
506  MyFreePool__(SDirInfo);
507  }
508 
509  if(!NT_SUCCESS(RC) && (*SecurityDesc)) {
510  DbgFreePool(*SecurityDesc);
511  (*SecurityDesc) = NULL;
512  }
513  if(Res1)
514  UDFReleaseResource(Res1);
515  }
516 
517  return RC;
518 #else
519  return STATUS_NO_SECURITY_ON_OBJECT;
520 #endif //UDF_ENABLE_SECURITY
521 
522 } // end UDFReadSecurity()
523 
524 #ifdef UDF_ENABLE_SECURITY
525 NTSTATUS
526 UDFConvertToSelfRelative(
527  IN OUT PSECURITY_DESCRIPTOR* SecurityDesc
528  )
529 {
530  NTSTATUS RC;
531  SECURITY_INFORMATION SecurityInformation;
532  PSECURITY_DESCRIPTOR NewSD;
533  ULONG Len;
534 
535  UDFPrint((" UDFConvertToSelfRelative\n"));
536 
537  if(!(*SecurityDesc))
538  return STATUS_NO_SECURITY_ON_OBJECT;
539 
540  SecurityInformation = FULL_SECURITY_INFORMATION;
541  Len = RtlLengthSecurityDescriptor(*SecurityDesc);
542  ASSERT(Len <= 1024);
543  NewSD = (PSECURITY_DESCRIPTOR)DbgAllocatePool(NonPagedPool, Len);
544  if(!NewSD)
545  return STATUS_INSUFFICIENT_RESOURCES;
546  _SEH2_TRY {
547  RC = SeQuerySecurityDescriptorInfo(&SecurityInformation, NewSD, &Len, SecurityDesc);
548  } _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER) {
549  RC = STATUS_INSUFFICIENT_RESOURCES;
550  }
551 
552  if(NT_SUCCESS(RC)) {
553  DbgFreePool(*SecurityDesc);
554  *SecurityDesc = NewSD;
555  } else {
556  DbgFreePool(NewSD);
557  }
558  return RC;
559 } // end UDFConvertToSelfRelative()
560 
561 NTSTATUS
562 UDFInheritAcl(
563  IN PVCB Vcb,
564  IN PSECURITY_DESCRIPTOR* ParentSecurityDesc,
565  IN OUT PSECURITY_DESCRIPTOR* SecurityDesc
566  )
567 {
568  NTSTATUS RC;
569  SECURITY_INFORMATION SecurityInformation;
570  ULONG Len;
571 
572  UDFPrint((" UDFInheritAcl\n"));
573 
574  if(!(*ParentSecurityDesc)) {
575  *SecurityDesc = NULL;
576  return STATUS_SUCCESS;
577  }
578 
579  SecurityInformation = FULL_SECURITY_INFORMATION;
580  Len = RtlLengthSecurityDescriptor(*ParentSecurityDesc);
581  *SecurityDesc = (PSECURITY_DESCRIPTOR)DbgAllocatePool(NonPagedPool, Len);
582  if(!(*SecurityDesc))
583  return STATUS_INSUFFICIENT_RESOURCES;
584  _SEH2_TRY {
585  RC = SeQuerySecurityDescriptorInfo(&SecurityInformation, *SecurityDesc, &Len, ParentSecurityDesc);
586  } _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER) {
587  RC = STATUS_INSUFFICIENT_RESOURCES;
588  }
589 
590  if(!NT_SUCCESS(RC)) {
591  DbgFreePool(*SecurityDesc);
592  *SecurityDesc = NULL;
593  }
594  return RC;
595 } // end UDFInheritAcl()
596 
597 NTSTATUS
598 UDFBuildEmptyAcl(
599  IN PVCB Vcb,
600  IN PSECURITY_DESCRIPTOR* SecurityDesc
601  )
602 {
603  NTSTATUS RC;
604  ULONG Len = 2 * (sizeof(ACL) + sizeof(ACCESS_ALLOWED_ACE) + sizeof(ULONG)*4 /*RtlLengthSid(SeExports->SeWorldSid)*/);
605 
606  UDFPrint((" UDFBuildEmptyAcl\n"));
607  // Create Security Descriptor
608  (*SecurityDesc) = (PSECURITY_DESCRIPTOR)DbgAllocatePool(NonPagedPool,
609  sizeof(SECURITY_DESCRIPTOR) + Len);
610  if(!(*SecurityDesc))
611  return STATUS_INSUFFICIENT_RESOURCES;
612 
613  RC = RtlCreateSecurityDescriptor(*SecurityDesc, SECURITY_DESCRIPTOR_REVISION);
614 
615  if(!NT_SUCCESS(RC)) {
616  DbgFreePool(*SecurityDesc);
617  *((PULONG)SecurityDesc) = NULL;
618  }
619  return RC;
620 } // end UDFBuildEmptyAcl()
621 
622 NTSTATUS
623 UDFBuildFullControlAcl(
624  IN PVCB Vcb,
625  IN PSECURITY_DESCRIPTOR* SecurityDesc
626  )
627 {
628  NTSTATUS RC;
629  PACL Acl;
630  ULONG Len = sizeof(ACL) + 2*(sizeof(ACCESS_ALLOWED_ACE) + sizeof(ULONG)*4 /*- sizeof(ULONG)*/ /*+ RtlLengthSid(SeExports->SeWorldSid)*/);
631 
632  UDFPrint((" UDFBuildFullControlAcl\n"));
633  // Create Security Descriptor
634  RC = UDFBuildEmptyAcl(Vcb, SecurityDesc);
635  if(!NT_SUCCESS(RC))
636  return RC;
637 
638  // Set Owner
639  RC = RtlSetOwnerSecurityDescriptor(*SecurityDesc, SeExports->SeWorldSid, FALSE);
640  if(!NT_SUCCESS(RC)) {
641  DbgFreePool(*SecurityDesc);
642  *((PULONG)SecurityDesc) = NULL;
643  return RC;
644  }
645 
646  // Set Group
647  RC = RtlSetGroupSecurityDescriptor(*SecurityDesc, SeExports->SeWorldSid, FALSE);
648  if(!NT_SUCCESS(RC)) {
649  DbgFreePool(*SecurityDesc);
650  *((PULONG)SecurityDesc) = NULL;
651  return RC;
652  }
653 
654  // Create empty Acl
655  Acl = (PACL)DbgAllocatePool(NonPagedPool, Len);
656  if(!Acl) {
657  DbgFreePool(*SecurityDesc);
658  *((PULONG)SecurityDesc) = NULL;
659  return RC;
660  }
661  RtlZeroMemory(Acl, Len);
662 
663  RC = RtlCreateAcl(Acl, Len, ACL_REVISION);
664  if(!NT_SUCCESS(RC)) {
665  DbgFreePool(Acl);
666  DbgFreePool(*SecurityDesc);
667  *((PULONG)SecurityDesc) = NULL;
668  return RC;
669  }
670 
671  // Add (All)(All) access for Everyone
672 /* RC = RtlAddAccessAllowedAce(Acl, ACL_REVISION,
673  GENERIC_ALL,
674  SeExports->SeWorldSid);*/
675 
676  RC = RtlAddAccessAllowedAce(Acl, ACL_REVISION,
677  FILE_ALL_ACCESS,
678  SeExports->SeWorldSid);
679 
680  if(!NT_SUCCESS(RC)) {
681  DbgFreePool(Acl);
682  DbgFreePool(*SecurityDesc);
683  *((PULONG)SecurityDesc) = NULL;
684  return RC;
685  }
686 
687  // Add Acl to Security Descriptor
688  RC = RtlSetDaclSecurityDescriptor(*SecurityDesc, TRUE, Acl, FALSE);
689  if(!NT_SUCCESS(RC)) {
690  DbgFreePool(Acl);
691  DbgFreePool(*SecurityDesc);
692  *((PULONG)SecurityDesc) = NULL;
693  return RC;
694  }
695 
696  RC = UDFConvertToSelfRelative(SecurityDesc);
697 
698  DbgFreePool(Acl);
699 
700  return RC;
701 } // end UDFBuildFullControlAcl()
702 
703 #endif // UDF_ENABLE_SECURITY
704 
705 NTSTATUS
706 UDFAssignAcl(
707  IN PVCB Vcb,
708  IN PFILE_OBJECT FileObject, // OPTIONAL
709  IN PtrUDFFCB Fcb,
710  IN PtrUDFNTRequiredFCB NtReqFcb
711  )
712 {
713  NTSTATUS RC = STATUS_SUCCESS;
714 #ifdef UDF_ENABLE_SECURITY
715 // SECURITY_INFORMATION SecurityInformation;
716 
717 // UDFPrint((" UDFAssignAcl\n"));
718  if(!NtReqFcb->SecurityDesc) {
719 
720  PSECURITY_DESCRIPTOR ExplicitSecurity = NULL;
721 
722  if(UDFIsAStreamDir(Fcb->FileInfo) || UDFIsAStream(Fcb->FileInfo)) {
723  // Stream/SDir security
724  NtReqFcb->SecurityDesc = Fcb->FileInfo->ParentFile->Dloc->CommonFcb->SecurityDesc;
725  return STATUS_SUCCESS;
726  } else
727  if(!Fcb->FileInfo) {
728  // Volume security
729  if(Vcb->RootDirFCB &&
730  Vcb->RootDirFCB->FileInfo &&
731  Vcb->RootDirFCB->FileInfo->Dloc &&
732  Vcb->RootDirFCB->FileInfo->Dloc->CommonFcb) {
733  RC = UDFInheritAcl(Vcb, &(Vcb->RootDirFCB->FileInfo->Dloc->CommonFcb->SecurityDesc), &ExplicitSecurity);
734  } else {
735  NtReqFcb->SecurityDesc = NULL;
736  RC = STATUS_NO_SECURITY_ON_OBJECT;
737  }
738  return RC;
739  }
740 
741  RC = UDFReadSecurity(Vcb, Fcb, &ExplicitSecurity);
742  if(RC == STATUS_NO_SECURITY_ON_OBJECT) {
743  if(!Fcb->FileInfo->ParentFile) {
744  RC = UDFBuildFullControlAcl(Vcb, &ExplicitSecurity);
745  } else {
746  RC = UDFInheritAcl(Vcb, &(Fcb->FileInfo->ParentFile->Dloc->CommonFcb->SecurityDesc), &ExplicitSecurity);
747  }
748 /* if(NT_SUCCESS(RC)) {
749  NtReqFcb->NtReqFCBFlags |= UDF_NTREQ_FCB_SD_MODIFIED;
750  }*/
751  }
752  if(NT_SUCCESS(RC)) {
753 
754 // SecurityInformation = FULL_SECURITY_INFORMATION;
755  NtReqFcb->SecurityDesc = ExplicitSecurity;
756 
757 /* RC = SeSetSecurityDescriptorInfo(FileObject,
758  &SecurityInformation,
759  ExplicitSecurity,
760  &(NtReqFcb->SecurityDesc),
761  NonPagedPool,
762  IoGetFileObjectGenericMapping() );*/
763 
764  }
765  }
766 #endif //UDF_ENABLE_SECURITY
767  return RC;
768 } // end UDFAssignAcl()
769 
770 
771 VOID
772 UDFDeassignAcl(
773  IN PtrUDFNTRequiredFCB NtReqFcb,
774  IN BOOLEAN AutoInherited
775  )
776 {
777 #ifdef UDF_ENABLE_SECURITY
778 // NTSTATUS RC = STATUS_SUCCESS;
779 
780 // UDFPrint((" UDFDeassignAcl\n"));
781  if(!NtReqFcb->SecurityDesc)
782  return;
783 
784  if(AutoInherited) {
785  NtReqFcb->SecurityDesc = NULL;
786  return;
787  }
788 
789  SeDeassignSecurity(&(NtReqFcb->SecurityDesc));
790  NtReqFcb->SecurityDesc = NULL; // HA BCRK CLU4
791 #endif //UDF_ENABLE_SECURITY
792  return;
793 } // end UDFDeassignAcl()
794 
795 NTSTATUS
796 UDFWriteSecurity(
797  IN PVCB Vcb,
798  IN PtrUDFFCB Fcb,
799  IN PSECURITY_DESCRIPTOR* SecurityDesc
800  )
801 {
802 #ifdef UDF_ENABLE_SECURITY
803  PUDF_FILE_INFO FileInfo = NULL;
804  PUDF_FILE_INFO SDirInfo = NULL;
805  PUDF_FILE_INFO AclInfo = NULL;
806  PERESOURCE Res1 = NULL;
807  NTSTATUS RC;
808  ULONG NumberBytesRead;
809 
810 // UDFPrint(("UDFWriteSecurity\n"));
811 
812 #if !defined(UDF_READ_ONLY_BUILD)
813 
814  if(!Vcb->WriteSecurity ||
815  (Vcb->VCBFlags & (UDF_VCB_FLAGS_VOLUME_READ_ONLY |
816  UDF_VCB_FLAGS_MEDIA_READ_ONLY)))
817 
818 #endif
819 
820  return STATUS_SUCCESS;
821 
822 #if !defined(UDF_READ_ONLY_BUILD)
823 
824  _SEH2_TRY {
825 
826  FileInfo = Fcb->FileInfo;
827  ASSERT(FileInfo);
828  if(!FileInfo) {
829  UDFPrint((" Volume Security\n"));
830  try_return(RC = STATUS_SUCCESS);
831  }
832 
833  if(!(Fcb->NTRequiredFCB->NtReqFCBFlags & UDF_NTREQ_FCB_SD_MODIFIED))
834  try_return(RC = STATUS_SUCCESS);
835 
836  // Open Stream Directory
837  RC = UDFOpenStreamDir__(Vcb, FileInfo, &SDirInfo);
838 
839  if(RC == STATUS_NOT_FOUND) {
840  RC = UDFCreateStreamDir__(Vcb, FileInfo, &SDirInfo);
841  }
842  if(!NT_SUCCESS(RC)) {
843  if(UDFCleanUpFile__(Vcb, SDirInfo)) {
844  if(SDirInfo) MyFreePool__(SDirInfo);
845  }
846  SDirInfo = NULL;
847  try_return(RC);
848  }
849  // Acquire SDir exclusively if Fcb present
850  if(SDirInfo->Fcb) {
851  BrutePoint();
852  UDF_CHECK_PAGING_IO_RESOURCE(SDirInfo->Fcb->NTRequiredFCB);
853  UDFAcquireResourceExclusive(Res1 = &(SDirInfo->Fcb->NTRequiredFCB->MainResource),TRUE);
854  }
855 
856  // Open Acl Stream
857  RC = UDFOpenFile__(Vcb,
858  FALSE,TRUE,&(UDFGlobalData.AclName),
859  SDirInfo,&AclInfo,NULL);
860  if(RC == STATUS_OBJECT_NAME_NOT_FOUND) {
861  RC = UDFCreateFile__(Vcb, FALSE, &(UDFGlobalData.AclName),
862  0, 0, FALSE, FALSE, SDirInfo, &AclInfo);
863  }
864  if(!NT_SUCCESS(RC)) {
865  if(UDFCleanUpFile__(Vcb, AclInfo)) {
866  if(AclInfo) MyFreePool__(AclInfo);
867  }
868  AclInfo = NULL;
869  try_return(RC);
870  }
871 
872  if(!(*SecurityDesc)) {
873  UDFFlushFile__(Vcb, AclInfo);
874  RC = UDFUnlinkFile__(Vcb, AclInfo, TRUE);
875  try_return(RC);
876  }
877  NumberBytesRead = RtlLengthSecurityDescriptor(*SecurityDesc);
878 
879  RC = UDFWriteFile__(Vcb, AclInfo, 0, NumberBytesRead,
880  FALSE, (PCHAR)(*SecurityDesc), &NumberBytesRead);
881  if(!NT_SUCCESS(RC))
882  try_return(RC);
883 
884  Fcb->NTRequiredFCB->NtReqFCBFlags &= ~UDF_NTREQ_FCB_SD_MODIFIED;
885 
886 try_exit: NOTHING;
887 
888  } _SEH2_FINALLY {
889 
890  if(AclInfo) {
891  UDFCloseFile__(Vcb, AclInfo);
892  if(UDFCleanUpFile__(Vcb, AclInfo))
893  MyFreePool__(AclInfo);
894  }
895 
896  if(SDirInfo) {
897  UDFCloseFile__(Vcb, SDirInfo);
898  if(UDFCleanUpFile__(Vcb, SDirInfo))
899  MyFreePool__(SDirInfo);
900  }
901  if(Res1)
902  UDFReleaseResource(Res1);
903  }
904 
905  return RC;
906 
907 #endif
908 #endif //UDF_ENABLE_SECURITY
909 
910  return STATUS_SUCCESS;
911 
912 } // end UDFWriteSecurity()
913 
914 PSECURITY_DESCRIPTOR
915 UDFLookUpAcl(
916  IN PVCB Vcb,
917  PFILE_OBJECT FileObject, // OPTIONAL
918  IN PtrUDFFCB Fcb
919  )
920 {
921  UDFAssignAcl(Vcb, FileObject, Fcb, Fcb->NTRequiredFCB);
922  return (Fcb->NTRequiredFCB->SecurityDesc);
923 } // end UDFLookUpAcl()
924 
925 
926 NTSTATUS
927 UDFCheckAccessRights(
928  PFILE_OBJECT FileObject, // OPTIONAL
929  PACCESS_STATE AccessState,
930  PtrUDFFCB Fcb,
931  PtrUDFCCB Ccb, // OPTIONAL
932  ACCESS_MASK DesiredAccess,
933  USHORT ShareAccess
934  )
935 {
936  NTSTATUS RC;
937  BOOLEAN ROCheck = FALSE;
938 #ifdef UDF_ENABLE_SECURITY
939  BOOLEAN SecurityCheck;
940  PSECURITY_DESCRIPTOR SecDesc;
941  SECURITY_SUBJECT_CONTEXT SubjectContext;
942  ACCESS_MASK LocalAccessMask;
943 #endif //UDF_ENABLE_SECURITY
944 
945  // Check attr compatibility
946  ASSERT(Fcb);
947  ASSERT(Fcb->Vcb);
948 #ifdef UDF_READ_ONLY_BUILD
949  goto treat_as_ro;
950 #endif //UDF_READ_ONLY_BUILD
951 
952  if(Fcb->FCBFlags & UDF_FCB_READ_ONLY) {
953  ROCheck = TRUE;
954  } else
955  if((Fcb->Vcb->origIntegrityType == INTEGRITY_TYPE_OPEN) &&
956  Ccb && !(Ccb->CCBFlags & UDF_CCB_VOLUME_OPEN) &&
957  (Fcb->Vcb->CompatFlags & UDF_VCB_IC_DIRTY_RO)) {
958  AdPrint(("force R/O on dirty\n"));
959  ROCheck = TRUE;
960  }
961  if(ROCheck) {
962 #ifdef UDF_READ_ONLY_BUILD
963 treat_as_ro:
964 #endif //UDF_READ_ONLY_BUILD
965  ACCESS_MASK DesiredAccessMask = 0;
966 
967  if(Fcb->Vcb->CompatFlags & UDF_VCB_IC_WRITE_IN_RO_DIR) {
968  if(Fcb->FCBFlags & UDF_FCB_DIRECTORY) {
969  DesiredAccessMask = (FILE_WRITE_EA |
970  DELETE);
971  } else {
972  DesiredAccessMask = (FILE_WRITE_DATA |
973  FILE_APPEND_DATA |
974  FILE_WRITE_EA |
975  DELETE);
976  }
977  } else {
978  DesiredAccessMask = (FILE_WRITE_DATA |
979  FILE_APPEND_DATA |
980  FILE_WRITE_EA |
981  FILE_DELETE_CHILD |
982  FILE_ADD_SUBDIRECTORY |
983  FILE_ADD_FILE |
984  DELETE);
985  }
986  if(DesiredAccess & DesiredAccessMask)
987  return STATUS_ACCESS_DENIED;
988  }
989 #ifdef UDF_ENABLE_SECURITY
990  // Check Security
991  // NOTE: we should not perform security check if an empty DesiredAccess
992  // was specified. AFAIU, SeAccessCheck() will return FALSE in this case.
993  SecDesc = UDFLookUpAcl(Fcb->Vcb, FileObject, Fcb);
994  if(SecDesc && DesiredAccess) {
995  SeCaptureSubjectContext(&SubjectContext);
996  SecurityCheck =
997  SeAccessCheck(SecDesc,
998  &SubjectContext,
999  FALSE,
1000  DesiredAccess,
1001  Ccb ? Ccb->PreviouslyGrantedAccess : 0,
1002  NULL,
1003  IoGetFileObjectGenericMapping(),
1004  UserMode,
1005  Ccb ? &(Ccb->PreviouslyGrantedAccess) : &LocalAccessMask,
1006  &RC);
1007  SeReleaseSubjectContext(&SubjectContext);
1008 
1009  if(!SecurityCheck) {
1010  return RC;
1011  } else
1012 #endif //UDF_ENABLE_SECURITY
1013  if(DesiredAccess & ACCESS_SYSTEM_SECURITY) {
1014  if (!SeSinglePrivilegeCheck(SeExports->SeSecurityPrivilege, UserMode))
1015  return STATUS_ACCESS_DENIED;
1016  Ccb->PreviouslyGrantedAccess |= ACCESS_SYSTEM_SECURITY;
1017  }
1018 #ifdef UDF_ENABLE_SECURITY
1019  }
1020 #endif //UDF_ENABLE_SECURITY
1021  if(FileObject) {
1022  if (Fcb->OpenHandleCount) {
1023  // The FCB is currently in use by some thread.
1024  // We must check whether the requested access/share access
1025  // conflicts with the existing open operations.
1026  RC = IoCheckShareAccess(DesiredAccess, ShareAccess, FileObject,
1027  &(Fcb->NTRequiredFCB->FCBShareAccess), TRUE);
1028 #ifndef UDF_ENABLE_SECURITY
1029  if(Ccb)
1030  Ccb->PreviouslyGrantedAccess |= DesiredAccess;
1031  IoUpdateShareAccess(FileObject, &(Fcb->NTRequiredFCB->FCBShareAccess));
1032 #endif //UDF_ENABLE_SECURITY
1033  } else {
1034  IoSetShareAccess(DesiredAccess, ShareAccess, FileObject, &(Fcb->NTRequiredFCB->FCBShareAccess));
1035 #ifndef UDF_ENABLE_SECURITY
1036  if(Ccb)
1037  Ccb->PreviouslyGrantedAccess = DesiredAccess;
1038 #endif //UDF_ENABLE_SECURITY
1039  RC = STATUS_SUCCESS;
1040  }
1041  } else {
1042  // we get here if given file was opened for internal purposes
1043  RC = STATUS_SUCCESS;
1044  }
1045  return RC;
1046 } // end UDFCheckAccessRights()
1047 
1048 NTSTATUS
1049 UDFSetAccessRights(
1050  PFILE_OBJECT FileObject,
1051  PACCESS_STATE AccessState,
1052  PtrUDFFCB Fcb,
1053  PtrUDFCCB Ccb,
1054  ACCESS_MASK DesiredAccess,
1055  USHORT ShareAccess
1056  )
1057 {
1058 #ifndef UDF_ENABLE_SECURITY
1059  ASSERT(Ccb);
1060  ASSERT(Fcb->FileInfo);
1061 
1062  return UDFCheckAccessRights(FileObject, AccessState, Fcb, Ccb, DesiredAccess, ShareAccess);
1063 
1064 #else //UDF_ENABLE_SECURITY
1065 
1066  NTSTATUS RC;
1067  // Set Security on Object
1068  PSECURITY_DESCRIPTOR SecDesc;
1069  SECURITY_SUBJECT_CONTEXT SubjectContext;
1070  BOOLEAN AutoInherit;
1071 
1072  ASSERT(Ccb);
1073  ASSERT(Fcb->FileInfo);
1074 
1075  SecDesc = UDFLookUpAcl(Fcb->Vcb, FileObject, Fcb);
1076  AutoInherit = UDFIsAStreamDir(Fcb->FileInfo) || UDFIsAStream(Fcb->FileInfo);
1077 
1078  if(SecDesc && !AutoInherit) {
1079  // Get caller's User/Primary Group info
1080  SeCaptureSubjectContext(&SubjectContext);
1081  RC = SeAssignSecurity(
1082  Fcb->FileInfo->ParentFile->Dloc->CommonFcb->SecurityDesc,
1083 // NULL,
1084  AccessState->SecurityDescriptor,
1085  &(Fcb->NTRequiredFCB->SecurityDesc),
1086  UDFIsADirectory(Fcb->FileInfo),
1087  &SubjectContext,
1088  IoGetFileObjectGenericMapping(),
1089  NonPagedPool);
1090  SeReleaseSubjectContext(&SubjectContext);
1091  UDFConvertToSelfRelative(&(Fcb->NTRequiredFCB->SecurityDesc));
1092 
1093  if(!NT_SUCCESS(RC)) {
1094 Clean_Up_SD:
1095  UDFDeassignAcl(Fcb->NTRequiredFCB, AutoInherit);
1096  return RC;
1097  }
1098  }
1099 
1100  RC = UDFCheckAccessRights(FileObject, AccessState, Fcb, Ccb, DesiredAccess, ShareAccess);
1101  if(!NT_SUCCESS(RC))
1102  goto Clean_Up_SD;
1103  return RC;
1104 
1105 #endif //UDF_ENABLE_SECURITY
1106 
1107 } // end UDFSetAccessRights()
1108 
_SECURITY_DESCRIPTOR
Definition: ms-dtyp.idl:301
IoGetFileObjectGenericMapping
PGENERIC_MAPPING NTAPI IoGetFileObjectGenericMapping(VOID)
Definition: file.c:3266
_UDFFileControlBlock
Definition: struct.h:251
UDFAcquireResourceExclusive
#define UDFAcquireResourceExclusive(Resource, CanWait)
Definition: env_spec_w32.h:656
PCHAR
signed char * PCHAR
Definition: retypes.h:7
DbgAllocatePool
#define DbgAllocatePool
Definition: env_spec_w32.h:332
UDF_VCB_FLAGS_MEDIA_READ_ONLY
#define UDF_VCB_FLAGS_MEDIA_READ_ONLY
Definition: udf_common.h:481
UDF_VCB_IC_WRITE_IN_RO_DIR
#define UDF_VCB_IC_WRITE_IN_RO_DIR
Definition: udf_common.h:499
UDFReleaseIrpContext
VOID UDFReleaseIrpContext(PtrUDFIrpContext PtrIrpContext)
Definition: misc.cpp:1086
UDFAllocateIrpContext
PtrUDFIrpContext UDFAllocateIrpContext(PIRP Irp, PDEVICE_OBJECT PtrTargetDeviceObject)
Definition: misc.cpp:985
SeCaptureSubjectContext
VOID NTAPI SeCaptureSubjectContext(OUT PSECURITY_SUBJECT_CONTEXT SubjectContext)
Definition: access.c:301
PSECURITY_DESCRIPTOR
struct _SECURITY_DESCRIPTOR * PSECURITY_DESCRIPTOR
Definition: security.c:97
SeAccessCheck
BOOLEAN NTAPI SeAccessCheck(IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext, IN BOOLEAN SubjectContextLocked, IN ACCESS_MASK DesiredAccess, IN ACCESS_MASK PreviouslyGrantedAccess, OUT PPRIVILEGE_SET *Privileges, IN PGENERIC_MAPPING GenericMapping, IN KPROCESSOR_MODE AccessMode, OUT PACCESS_MASK GrantedAccess, OUT PNTSTATUS AccessStatus)
Definition: accesschk.c:340
RtlValidSecurityDescriptor
NTSYSAPI BOOLEAN NTAPI RtlValidSecurityDescriptor(IN PSECURITY_DESCRIPTOR SecurityDescriptor)
Definition: sd.c:1055
FILE_WRITE_EA
#define FILE_WRITE_EA
Definition: nt_native.h:640
IN
#define IN
Definition: typedefs.h:39
SubjectContext
_Inout_ PLIST_ENTRY _In_ PVOID _In_ PSTRING _In_ BOOLEAN _In_ BOOLEAN _In_ ULONG _In_ PFLT_CALLBACK_DATA _In_opt_ PCHECK_FOR_TRAVERSE_ACCESS _In_opt_ PSECURITY_SUBJECT_CONTEXT SubjectContext
Definition: fltkernel.h:2239
SeReleaseSubjectContext
VOID NTAPI SeReleaseSubjectContext(IN PSECURITY_SUBJECT_CONTEXT SubjectContext)
Definition: access.c:360
UDFPrint
#define UDFPrint(Args)
Definition: udffs.h:225
TRUE
#define TRUE
Definition: types.h:120
SeSetSecurityDescriptorInfo
NTKERNELAPI NTSTATUS NTAPI SeSetSecurityDescriptorInfo(_In_opt_ PVOID Object, _In_ PSECURITY_INFORMATION SecurityInformation, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _Inout_ PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor, _In_ POOL_TYPE PoolType, _In_ PGENERIC_MAPPING GenericMapping)
PtrUDFCCB
struct _UDFContextControlBlock * PtrUDFCCB
STATUS_INSUFFICIENT_RESOURCES
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
FsRtlEnterFileSystem
#define FsRtlEnterFileSystem
RtlSetGroupSecurityDescriptor
NTSYSAPI NTSTATUS NTAPI RtlSetGroupSecurityDescriptor(IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor, IN PSID Group, IN BOOLEAN GroupDefaulted)
Definition: sd.c:410
AdPrint
#define AdPrint(_x_)
Definition: env_spec_w32.h:292
AbnormalTermination
#define AbnormalTermination()
Definition: exception.h:77
FILE_ALL_ACCESS
#define FILE_ALL_ACCESS
Definition: nt_native.h:651
ACCESS_SYSTEM_SECURITY
#define ACCESS_SYSTEM_SECURITY
Definition: nt_native.h:77
_UDFData::AclName
UNICODE_STRING AclName
Definition: udf_common.h:618
KdDump
#define KdDump(a, b)
Definition: env_spec_w32.h:312
FsRtlExitFileSystem
#define FsRtlExitFileSystem
UDFCheckAccessRights
NTSTATUS UDFCheckAccessRights(PFILE_OBJECT FileObject, PACCESS_STATE AccessState, PtrUDFFCB Fcb, PtrUDFCCB Ccb, ACCESS_MASK DesiredAccess, USHORT ShareAccess)
Definition: secursup.cpp:927
STATUS_NOT_IMPLEMENTED
#define STATUS_NOT_IMPLEMENTED
Definition: ntstatus.h:225
_ACCESS_ALLOWED_ACE
Definition: ms-dtyp.idl:215
UDFLogEvent
VOID UDFLogEvent(NTSTATUS UDFEventLogId, NTSTATUS RC)
Definition: misc.cpp:575
UDFWriteSecurity
NTSTATUS UDFWriteSecurity(IN PVCB Vcb, IN PtrUDFFCB Fcb, IN PSECURITY_DESCRIPTOR *SecurityDesc)
Definition: secursup.cpp:796
Irp
_In_ PIRP Irp
Definition: csq.h:116
STATUS_INVALID_PARAMETER
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135
_ACL
Definition: ms-dtyp.idl:293
UDFCommonSetSecurity
NTSTATUS UDFCommonSetSecurity(PtrUDFIrpContext PtrIrpContext, PIRP Irp)
UDFReleaseResource
#define UDFReleaseResource(Resource)
Definition: env_spec_w32.h:661
NTSTATUS
LONG NTSTATUS
Definition: precomp.h:26
_UDF_FILE_INFO
Definition: udf_rel.h:346
UDFLookUpAcl
PSECURITY_DESCRIPTOR UDFLookUpAcl(IN PVCB Vcb, PFILE_OBJECT FileObject, IN PtrUDFFCB Fcb)
Definition: secursup.cpp:915
_IO_STACK_LOCATION
Definition: iotypes.h:2754
_VCB
Definition: cdstruc.h:504
UDFSetSecurity
NTSTATUS UDFSetSecurity(PDEVICE_OBJECT DeviceObject, PIRP Irp)
SeSinglePrivilegeCheck
BOOLEAN NTAPI SeSinglePrivilegeCheck(IN LUID PrivilegeValue, IN KPROCESSOR_MODE PreviousMode)
Definition: priv.c:524
RtlSetOwnerSecurityDescriptor
NTSYSAPI NTSTATUS WINAPI RtlSetOwnerSecurityDescriptor(PSECURITY_DESCRIPTOR, PSID, BOOLEAN)
UDFGetFileSize
int64 UDFGetFileSize(IN PUDF_FILE_INFO FileInfo)
Definition: udf_info.cpp:1236
GROUP_SECURITY_INFORMATION
#define GROUP_SECURITY_INFORMATION
Definition: setypes.h:124
RtlCreateSecurityDescriptor
NTSYSAPI NTSTATUS NTAPI RtlCreateSecurityDescriptor(_Out_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ ULONG Revision)
IoSetShareAccess
VOID NTAPI IoSetShareAccess(IN ACCESS_MASK DesiredAccess, IN ULONG DesiredShareAccess, IN PFILE_OBJECT FileObject, OUT PSHARE_ACCESS ShareAccess)
Definition: file.c:3516
UDFCreateStreamDir__
OSSTATUS UDFCreateStreamDir__(IN PVCB Vcb, IN PUDF_FILE_INFO FileInfo, OUT PUDF_FILE_INFO *_SDirInfo)
Definition: udf_info.cpp:4888
WRITE_OWNER
#define WRITE_OWNER
Definition: nt_native.h:60
RtlAddAccessAllowedAce
NTSYSAPI NTSTATUS WINAPI RtlAddAccessAllowedAce(PACL, DWORD, DWORD, PSID)
FILE_APPEND_DATA
#define FILE_APPEND_DATA
Definition: nt_native.h:634
RtlSetDaclSecurityDescriptor
NTSYSAPI NTSTATUS WINAPI RtlSetDaclSecurityDescriptor(PSECURITY_DESCRIPTOR, BOOLEAN, PACL, BOOLEAN)
RtlLengthSecurityDescriptor
NTSYSAPI ULONG WINAPI RtlLengthSecurityDescriptor(PSECURITY_DESCRIPTOR)
UDF_IRP_CONTEXT_CAN_BLOCK
#define UDF_IRP_CONTEXT_CAN_BLOCK
Definition: struct.h:385
_FCB::Fcb
struct _FCB::@711::@714 Fcb
ShareAccess
_In_ PIO_STACK_LOCATION _Inout_ PFILE_OBJECT _Inout_ PVCB _Outptr_result_maybenull_ PDCB _In_ PDCB _In_ PDIRENT _In_ ULONG _In_ ULONG _In_ PUNICODE_STRING _In_ PACCESS_MASK _In_ USHORT ShareAccess
Definition: create.c:4157
STATUS_BUFFER_TOO_SMALL
#define STATUS_BUFFER_TOO_SMALL
Definition: shellext.h:69
_SEH2_TRY
_SEH2_TRY
Definition: create.c:4250
_SE_EXPORTS::SeSecurityPrivilege
LUID SeSecurityPrivilege
Definition: setypes.h:1147
RtlCreateAcl
NTSYSAPI NTSTATUS NTAPI RtlCreateAcl(PACL Acl, ULONG AclSize, ULONG AclRevision)
UDF_VCB_FLAGS_RAW_DISK
#define UDF_VCB_FLAGS_RAW_DISK
Definition: udf_common.h:476
SECURITY_DESCRIPTOR_REVISION
#define SECURITY_DESCRIPTOR_REVISION
Definition: setypes.h:58
UDF_VCB_IC_DIRTY_RO
#define UDF_VCB_IC_DIRTY_RO
Definition: udf_common.h:516
UDF_VCB_FLAGS_VOLUME_READ_ONLY
#define UDF_VCB_FLAGS_VOLUME_READ_ONLY
Definition: udf_common.h:463
UDFAssignAcl
NTSTATUS UDFAssignAcl(IN PVCB Vcb, IN PFILE_OBJECT FileObject, IN PtrUDFFCB Fcb, IN PtrUDFNTRequiredFCB NtReqFcb)
Definition: secursup.cpp:706
PERESOURCE
ERESOURCE * PERESOURCE
Definition: env_spec_w32.h:595
FILE_DELETE_CHILD
#define FILE_DELETE_CHILD
Definition: nt_native.h:645
IO_DISK_INCREMENT
#define IO_DISK_INCREMENT
Definition: iotypes.h:568
FILE_ADD_FILE
#define FILE_ADD_FILE
Definition: nt_native.h:632
SeExports
PSE_EXPORTS SeExports
Definition: semgr.c:18
_UDFIrpContext
Definition: struct.h:362
SECURITY_INFORMATION
DWORD SECURITY_INFORMATION
Definition: ms-dtyp.idl:311
BufferLength
_In_ ULONG BufferLength
Definition: usbdlib.h:225
UDFIsADirectory
#define UDFIsADirectory(FileInfo)
Definition: udf_info.h:792
FILE_ACTION_MODIFIED
#define FILE_ACTION_MODIFIED
STATUS_INVALID_USER_BUFFER
#define STATUS_INVALID_USER_BUFFER
Definition: udferr_usr.h:166
EXCEPTION_EXECUTE_HANDLER
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:85
BOOLEAN
unsigned char BOOLEAN
Definition: ProcessorBind.h:185
ACL
struct _ACL ACL
NULL
smooth NULL
Definition: ftsmooth.c:416
IoCompleteRequest
#define IoCompleteRequest
Definition: irp.c:1240
UDFReadSecurity
NTSTATUS UDFReadSecurity(IN PVCB Vcb, IN PtrUDFFCB Fcb, IN PSECURITY_DESCRIPTOR *SecurityDesc)
Definition: secursup.cpp:420
SecurityInformation
_Must_inspect_result_ _In_ PFILE_OBJECT _In_ SECURITY_INFORMATION SecurityInformation
Definition: fltkernel.h:1339
UDFFlushFile__
OSSTATUS UDFFlushFile__(IN PVCB Vcb, IN PUDF_FILE_INFO FileInfo, IN ULONG FlushFlags)
Definition: udf_info.cpp:4119
_DEVICE_OBJECT
Definition: env_spec_w32.h:413
FileObject
_Inout_ PFILE_OBJECT FileObject
Definition: cdprocs.h:593
FILE_WRITE_DATA
#define FILE_WRITE_DATA
Definition: nt_native.h:631
UDFDeassignAcl
VOID UDFDeassignAcl(IN PtrUDFNTRequiredFCB NtReqFcb, IN BOOLEAN AutoInherited)
Definition: secursup.cpp:772
UDFNotifyFullReportChange
__inline VOID UDFNotifyFullReportChange(PVCB V, PUDF_FILE_INFO FI, ULONG E, ULONG A)
Definition: env_spec.h:99
UDFOpenStreamDir__
OSSTATUS UDFOpenStreamDir__(IN PVCB Vcb, IN PUDF_FILE_INFO FileInfo, OUT PUDF_FILE_INFO *_SDirInfo)
Definition: udf_info.cpp:4965
UDFExceptionHandler
NTSTATUS UDFExceptionHandler(PtrUDFIrpContext PtrIrpContext, PIRP Irp)
Definition: misc.cpp:358
UDFIsAStreamDir
#define UDFIsAStreamDir(FI)
Definition: udf_info.h:998
DbgFreePool
#define DbgFreePool
Definition: env_spec_w32.h:334
PACL
struct _ACL * PACL
Definition: security.c:104
UDFCleanUpFile__
uint32 UDFCleanUpFile__(IN PVCB Vcb, IN PUDF_FILE_INFO FileInfo)
Definition: udf_info.cpp:2276
UDFCreateFile__
OSSTATUS UDFCreateFile__(IN PVCB Vcb, IN BOOLEAN IgnoreCase, IN PUNICODE_STRING _fn, IN uint32 ExtAttrSz, IN uint32 ImpUseLen, IN BOOLEAN Extended, IN BOOLEAN CreateNew, IN OUT PUDF_FILE_INFO DirInfo, OUT PUDF_FILE_INFO *_FileInfo)
Definition: udf_info.cpp:2577
_FCB::OpenHandleCount
ULONG OpenHandleCount
Definition: ntfs.h:533
UDFGetSecurity
NTSTATUS UDFGetSecurity(PDEVICE_OBJECT DeviceObject, PIRP Irp)
STATUS_NOT_FOUND
#define STATUS_NOT_FOUND
Definition: shellext.h:72
UDF_CCB_VOLUME_OPEN
#define UDF_CCB_VOLUME_OPEN
Definition: struct.h:166
_ACCESS_STATE
Definition: setypes.h:196
NT_SUCCESS
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
STATUS_PENDING
#define STATUS_PENDING
Definition: ntstatus.h:82
GetExceptionInformation
#define GetExceptionInformation()
Definition: exception.h:73
try_return
#define try_return(S)
Definition: cdprocs.h:2189
UDFSetAccessRights
NTSTATUS UDFSetAccessRights(PFILE_OBJECT FileObject, PACCESS_STATE AccessState, PtrUDFFCB Fcb, PtrUDFCCB Ccb, ACCESS_MASK DesiredAccess, USHORT ShareAccess)
Definition: secursup.cpp:1049
Vcb
#define Vcb
Definition: cdprocs.h:1425
MyFreePool__
#define MyFreePool__(addr)
Definition: mem_tools.h:152
UDF_FCB_DIRECTORY
#define UDF_FCB_DIRECTORY
Definition: struct.h:303
BrutePoint
#define BrutePoint()
Definition: env_spec_w32.h:504
SACL_SECURITY_INFORMATION
#define SACL_SECURITY_INFORMATION
Definition: setypes.h:126
UDFOpenFile__
OSSTATUS UDFOpenFile__(IN PVCB Vcb, IN BOOLEAN IgnoreCase, IN BOOLEAN NotDeleted, IN PUNICODE_STRING fn, IN PUDF_FILE_INFO DirInfo, OUT PUDF_FILE_INFO *_FileInfo, IN uint_di *IndexToOpen)
Definition: udf_info.cpp:2004
WRITE_DAC
#define WRITE_DAC
Definition: nt_native.h:59
Len
#define Len
Definition: deflate.h:82
STATUS_ACCESS_DENIED
#define STATUS_ACCESS_DENIED
Definition: udferr_usr.h:145
FULL_SECURITY_INFORMATION
#define FULL_SECURITY_INFORMATION
Definition: ntifs_ex.h:118
STATUS_NO_SECURITY_ON_OBJECT
#define STATUS_NO_SECURITY_ON_OBJECT
Definition: ntstatus.h:437
PFILE_OBJECT
* PFILE_OBJECT
Definition: iotypes.h:1955
UDFIsIrpTopLevel
BOOLEAN __fastcall UDFIsIrpTopLevel(PIRP Irp)
Definition: misc.cpp:228
ASSERT
ASSERT((InvokeOnSuccess||InvokeOnError||InvokeOnCancel) ?(CompletionRoutine !=NULL) :TRUE)
AccessState
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE AccessState
Definition: sefuncs.h:414
NtReqFcb
#define NtReqFcb
IoSetTopLevelIrp
VOID NTAPI IoSetTopLevelIrp(IN PIRP Irp)
Definition: irp.c:2000
UDFGlobalData
UDFData UDFGlobalData
Definition: udfinit.cpp:25
UDFWriteFile__
OSSTATUS UDFWriteFile__(IN PVCB Vcb, IN PUDF_FILE_INFO FileInfo, IN int64 Offset, IN SIZE_T Length, IN BOOLEAN Direct, IN int8 *Buffer, OUT PSIZE_T WrittenBytes)
Definition: udf_info.cpp:1605
_UDFNTRequiredFCB
Definition: struct.h:202
UDFExceptionFilter
long UDFExceptionFilter(PtrUDFIrpContext PtrIrpContext, PEXCEPTION_POINTERS PtrExceptionPointers)
Definition: misc.cpp:265
_UDFContextControlBlock
Definition: struct.h:108
FILE_ADD_SUBDIRECTORY
#define FILE_ADD_SUBDIRECTORY
Definition: nt_native.h:635
Ccb
_Inout_ PFILE_OBJECT _In_ TYPE_OF_OPEN PFCB _In_opt_ PCCB Ccb
Definition: cdprocs.h:593
NOTHING
#define NOTHING
Definition: env_spec_w32.h:461
UDFCloseFile__
OSSTATUS UDFCloseFile__(IN PVCB Vcb, IN PUDF_FILE_INFO FileInfo)
Definition: udf_info.cpp:2994
_IRP
Definition: Bus_PDO_QueryResourceRequirements.c:92
UDFReadFile__
__inline OSSTATUS UDFReadFile__(IN PVCB Vcb, IN PUDF_FILE_INFO FileInfo, IN int64 Offset, IN SIZE_T Length, IN BOOLEAN Direct, OUT int8 *Buffer, OUT PSIZE_T ReadBytes)
Definition: udf_info.h:666
IoCheckShareAccess
NTSTATUS NTAPI IoCheckShareAccess(IN ACCESS_MASK DesiredAccess, IN ULONG DesiredShareAccess, IN PFILE_OBJECT FileObject, IN PSHARE_ACCESS ShareAccess, IN BOOLEAN Update)
Definition: file.c:3389
DeviceObject
IN PDEVICE_OBJECT DeviceObject
Definition: fatprocs.h:1560
UDFGetCallersBuffer
PVOID UDFGetCallersBuffer(PtrUDFIrpContext PtrIrpContext, PIRP Irp)
Definition: read.cpp:871
IoGetCurrentIrpStackLocation
__drv_aliasesMem FORCEINLINE PIO_STACK_LOCATION IoGetCurrentIrpStackLocation(_In_ PIRP Irp)
Definition: iofuncs.h:2745
UDF_ERROR_INTERNAL_ERROR
#define UDF_ERROR_INTERNAL_ERROR
Definition: errmsg.h:71
UDFPostRequest
NTSTATUS UDFPostRequest(IN PtrUDFIrpContext PtrIrpContext, IN PIRP Irp)
Definition: misc.cpp:1128
_IO_STACK_LOCATION::FileObject
PFILE_OBJECT FileObject
Definition: iotypes.h:2813
STATUS_OBJECT_NAME_NOT_FOUND
#define STATUS_OBJECT_NAME_NOT_FOUND
Definition: udferr_usr.h:149
USHORT
unsigned short USHORT
Definition: pedump.c:61
IrpSp
_In_ PIO_STACK_LOCATION IrpSp
Definition: create.c:4157
UDF_CHECK_PAGING_IO_RESOURCE
#define UDF_CHECK_PAGING_IO_RESOURCE(NTReqFCB)
Definition: udffs.h:262
DesiredAccess
_In_ PIO_STACK_LOCATION _Inout_ PFILE_OBJECT _Inout_ PVCB _Outptr_result_maybenull_ PDCB _In_ PDCB _In_ PDIRENT _In_ ULONG _In_ ULONG _In_ PUNICODE_STRING _In_ PACCESS_MASK DesiredAccess
Definition: create.c:4157
FILE_NOTIFY_CHANGE_SECURITY
#define FILE_NOTIFY_CHANGE_SECURITY
UDF_FCB_READ_ONLY
#define UDF_FCB_READ_ONLY
Definition: struct.h:312
_SEH2_FINALLY
_SEH2_FINALLY
Definition: create.c:4395
UDFUnlinkFile__
OSSTATUS UDFUnlinkFile__(IN PVCB Vcb, IN PUDF_FILE_INFO FileInfo, IN BOOLEAN FreeSpace)
Definition: udf_info.cpp:1766
OWNER_SECURITY_INFORMATION
#define OWNER_SECURITY_INFORMATION
Definition: setypes.h:123
PULONG
unsigned int * PULONG
Definition: retypes.h:1
_SECURITY_SUBJECT_CONTEXT
Definition: setypes.h:189
ACL_REVISION
#define ACL_REVISION
Definition: setypes.h:39
OUT
#define OUT
Definition: typedefs.h:40
INTEGRITY_TYPE_OPEN
#define INTEGRITY_TYPE_OPEN
Definition: ecma_167.h:357
ULONG
unsigned int ULONG
Definition: retypes.h:1
RtlZeroMemory
#define RtlZeroMemory(Destination, Length)
Definition: typedefs.h:261
_FCB::Vcb
PVCB Vcb
Definition: cdstruc.h:939
SeQuerySecurityDescriptorInfo
NTKERNELAPI NTSTATUS NTAPI SeQuerySecurityDescriptorInfo(_In_ PSECURITY_INFORMATION SecurityInformation, _Out_writes_bytes_(*Length) PSECURITY_DESCRIPTOR SecurityDescriptor, _Inout_ PULONG Length, _Inout_ PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor)
_SE_EXPORTS::SeWorldSid
PSID SeWorldSid
Definition: setypes.h:1165
_SEH2_EXCEPT
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:6
_UDF_FILE_INFO::Fcb
struct _UDFFileControlBlock * Fcb
Definition: udf_rel.h:362
_IO_STACK_LOCATION::Parameters
struct _NAMED_PIPE_CREATE_PARAMETERS * Parameters
Definition: iotypes.h:2772
Fcb
_In_ PFCB Fcb
Definition: cdprocs.h:151
STATUS_SUCCESS
return STATUS_SUCCESS
Definition: btrfs.c:3014
UDFIsAStream
#define UDFIsAStream(FI)
Definition: udf_info.h:1002
UDFCommonGetSecurity
NTSTATUS UDFCommonGetSecurity(PtrUDFIrpContext PtrIrpContext, PIRP Irp)
IoUpdateShareAccess
VOID NTAPI IoUpdateShareAccess(IN PFILE_OBJECT FileObject, OUT PSHARE_ACCESS ShareAccess)
Definition: file.c:3350
ACCESS_MASK
ULONG ACCESS_MASK
Definition: nt_native.h:40
DACL_SECURITY_INFORMATION
#define DACL_SECURITY_INFORMATION
Definition: setypes.h:125
UDF_NTREQ_FCB_SD_MODIFIED
#define UDF_NTREQ_FCB_SD_MODIFIED
Definition: struct.h:233
DELETE
#define DELETE
Definition: nt_native.h:57