20 #define UDF_BUG_CHECK_ID UDF_FILE_SECURITY 22 #ifdef UDF_ENABLE_SECURITY 85 Irp->IoStatus.Status = RC;
86 Irp->IoStatus.Information = 0;
140 UDFPrint((
"UDFCommonGetSecurity\n"));
208 Irp->IoStatus.Status = RC;
221 #ifndef UDF_READ_ONLY_BUILD 263 Irp->IoStatus.Status = RC;
264 Irp->IoStatus.Information = 0;
317 UDFPrint((
"UDFCommonSetSecurity\n"));
334 if(!
Fcb->
Vcb->WriteSecurity)
362 UDFConvertToSelfRelative(&(
NtReqFcb->SecurityDesc));
403 Irp->IoStatus.Status = RC;
404 Irp->IoStatus.Information = 0;
416 #endif //UDF_READ_ONLY_BUILD 417 #endif //UDF_ENABLE_SECURITY 426 #ifdef UDF_ENABLE_SECURITY 431 ULONG NumberBytesRead;
445 UDFPrint((
" No Security on blank volume\n"));
471 SDirInfo,&AclInfo,
NULL);
487 FALSE, (
PCHAR)(*SecurityDesc), &NumberBytesRead);
511 (*SecurityDesc) =
NULL;
520 #endif //UDF_ENABLE_SECURITY 524 #ifdef UDF_ENABLE_SECURITY 526 UDFConvertToSelfRelative(
535 UDFPrint((
" UDFConvertToSelfRelative\n"));
554 *SecurityDesc = NewSD;
574 if(!(*ParentSecurityDesc)) {
575 *SecurityDesc =
NULL;
592 *SecurityDesc =
NULL;
623 UDFBuildFullControlAcl(
632 UDFPrint((
" UDFBuildFullControlAcl\n"));
634 RC = UDFBuildEmptyAcl(
Vcb, SecurityDesc);
696 RC = UDFConvertToSelfRelative(SecurityDesc);
703 #endif // UDF_ENABLE_SECURITY 714 #ifdef UDF_ENABLE_SECURITY 724 NtReqFcb->SecurityDesc =
Fcb->FileInfo->ParentFile->Dloc->CommonFcb->SecurityDesc;
729 if(
Vcb->RootDirFCB &&
730 Vcb->RootDirFCB->FileInfo &&
731 Vcb->RootDirFCB->FileInfo->Dloc &&
732 Vcb->RootDirFCB->FileInfo->Dloc->CommonFcb) {
733 RC = UDFInheritAcl(
Vcb, &(
Vcb->RootDirFCB->FileInfo->Dloc->CommonFcb->SecurityDesc), &ExplicitSecurity);
743 if(!
Fcb->FileInfo->ParentFile) {
744 RC = UDFBuildFullControlAcl(
Vcb, &ExplicitSecurity);
746 RC = UDFInheritAcl(
Vcb, &(
Fcb->FileInfo->ParentFile->Dloc->CommonFcb->SecurityDesc), &ExplicitSecurity);
755 NtReqFcb->SecurityDesc = ExplicitSecurity;
766 #endif //UDF_ENABLE_SECURITY 777 #ifdef UDF_ENABLE_SECURITY 789 SeDeassignSecurity(&(
NtReqFcb->SecurityDesc));
791 #endif //UDF_ENABLE_SECURITY 802 #ifdef UDF_ENABLE_SECURITY 808 ULONG NumberBytesRead;
812 #if !defined(UDF_READ_ONLY_BUILD) 814 if(!
Vcb->WriteSecurity ||
822 #if !defined(UDF_READ_ONLY_BUILD) 859 SDirInfo,&AclInfo,
NULL);
872 if(!(*SecurityDesc)) {
880 FALSE, (
PCHAR)(*SecurityDesc), &NumberBytesRead);
908 #endif //UDF_ENABLE_SECURITY 922 return (
Fcb->NTRequiredFCB->SecurityDesc);
938 #ifdef UDF_ENABLE_SECURITY 943 #endif //UDF_ENABLE_SECURITY 948 #ifdef UDF_READ_ONLY_BUILD 950 #endif //UDF_READ_ONLY_BUILD 958 AdPrint((
"force R/O on dirty\n"));
962 #ifdef UDF_READ_ONLY_BUILD 964 #endif //UDF_READ_ONLY_BUILD 989 #ifdef UDF_ENABLE_SECURITY 1001 Ccb ?
Ccb->PreviouslyGrantedAccess : 0,
1005 Ccb ? &(
Ccb->PreviouslyGrantedAccess) : &LocalAccessMask,
1009 if(!SecurityCheck) {
1012 #endif //UDF_ENABLE_SECURITY 1018 #ifdef UDF_ENABLE_SECURITY 1020 #endif //UDF_ENABLE_SECURITY 1027 &(
Fcb->NTRequiredFCB->FCBShareAccess),
TRUE);
1028 #ifndef UDF_ENABLE_SECURITY 1032 #endif //UDF_ENABLE_SECURITY 1035 #ifndef UDF_ENABLE_SECURITY 1038 #endif //UDF_ENABLE_SECURITY 1058 #ifndef UDF_ENABLE_SECURITY 1064 #else //UDF_ENABLE_SECURITY 1078 if(SecDesc && !AutoInherit) {
1081 RC = SeAssignSecurity(
1082 Fcb->FileInfo->ParentFile->Dloc->CommonFcb->SecurityDesc,
1085 &(
Fcb->NTRequiredFCB->SecurityDesc),
1091 UDFConvertToSelfRelative(&(
Fcb->NTRequiredFCB->SecurityDesc));
1105 #endif //UDF_ENABLE_SECURITY
PGENERIC_MAPPING NTAPI IoGetFileObjectGenericMapping(VOID)
#define UDFAcquireResourceExclusive(Resource, CanWait)
#define UDF_VCB_FLAGS_MEDIA_READ_ONLY
#define UDF_VCB_IC_WRITE_IN_RO_DIR
VOID UDFReleaseIrpContext(PtrUDFIrpContext PtrIrpContext)
PtrUDFIrpContext UDFAllocateIrpContext(PIRP Irp, PDEVICE_OBJECT PtrTargetDeviceObject)
struct _SECURITY_DESCRIPTOR * PSECURITY_DESCRIPTOR
NTSYSAPI BOOLEAN NTAPI RtlValidSecurityDescriptor(IN PSECURITY_DESCRIPTOR SecurityDescriptor)
_Must_inspect_result_ _In_ WDFDEVICE _In_ DEVICE_REGISTRY_PROPERTY _In_ ULONG BufferLength
_Inout_ PLIST_ENTRY _In_ PVOID _In_ PSTRING _In_ BOOLEAN _In_ BOOLEAN _In_ ULONG _In_ PFLT_CALLBACK_DATA _In_opt_ PCHECK_FOR_TRAVERSE_ACCESS _In_opt_ PSECURITY_SUBJECT_CONTEXT SubjectContext
_Must_inspect_result_ _In_ WDFDEVICE _In_ ULONG _In_ ACCESS_MASK DesiredAccess
#define GetExceptionInformation()
NTKERNELAPI NTSTATUS NTAPI SeSetSecurityDescriptorInfo(_In_opt_ PVOID Object, _In_ PSECURITY_INFORMATION SecurityInformation, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _Inout_ PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor, _In_ POOL_TYPE PoolType, _In_ PGENERIC_MAPPING GenericMapping)
struct _UDFContextControlBlock * PtrUDFCCB
#define STATUS_INSUFFICIENT_RESOURCES
#define FsRtlEnterFileSystem
NTSYSAPI NTSTATUS NTAPI RtlSetGroupSecurityDescriptor(IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor, IN PSID Group, IN BOOLEAN GroupDefaulted)
#define ACCESS_SYSTEM_SECURITY
#define FsRtlExitFileSystem
NTSTATUS UDFCheckAccessRights(PFILE_OBJECT FileObject, PACCESS_STATE AccessState, PtrUDFFCB Fcb, PtrUDFCCB Ccb, ACCESS_MASK DesiredAccess, USHORT ShareAccess)
VOID UDFLogEvent(NTSTATUS UDFEventLogId, NTSTATUS RC)
NTSTATUS UDFWriteSecurity(IN PVCB Vcb, IN PtrUDFFCB Fcb, IN PSECURITY_DESCRIPTOR *SecurityDesc)
#define STATUS_INVALID_PARAMETER
NTSTATUS UDFCommonSetSecurity(PtrUDFIrpContext PtrIrpContext, PIRP Irp)
#define UDFReleaseResource(Resource)
PSECURITY_DESCRIPTOR UDFLookUpAcl(IN PVCB Vcb, PFILE_OBJECT FileObject, IN PtrUDFFCB Fcb)
NTSTATUS UDFSetSecurity(PDEVICE_OBJECT DeviceObject, PIRP Irp)
NTSYSAPI NTSTATUS WINAPI RtlSetOwnerSecurityDescriptor(PSECURITY_DESCRIPTOR, PSID, BOOLEAN)
int64 UDFGetFileSize(IN PUDF_FILE_INFO FileInfo)
#define GROUP_SECURITY_INFORMATION
NTSYSAPI NTSTATUS NTAPI RtlCreateSecurityDescriptor(_Out_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ ULONG Revision)
VOID NTAPI IoSetShareAccess(IN ACCESS_MASK DesiredAccess, IN ULONG DesiredShareAccess, IN PFILE_OBJECT FileObject, OUT PSHARE_ACCESS ShareAccess)
OSSTATUS UDFCreateStreamDir__(IN PVCB Vcb, IN PUDF_FILE_INFO FileInfo, OUT PUDF_FILE_INFO *_SDirInfo)
NTSYSAPI NTSTATUS WINAPI RtlAddAccessAllowedAce(PACL, DWORD, DWORD, PSID)
NTSYSAPI NTSTATUS WINAPI RtlSetDaclSecurityDescriptor(PSECURITY_DESCRIPTOR, BOOLEAN, PACL, BOOLEAN)
NTSYSAPI ULONG WINAPI RtlLengthSecurityDescriptor(PSECURITY_DESCRIPTOR)
#define UDF_IRP_CONTEXT_CAN_BLOCK
_In_ PIO_STACK_LOCATION _Inout_ PFILE_OBJECT _Inout_ PVCB _Outptr_result_maybenull_ PDCB _In_ PDCB _In_ PDIRENT _In_ ULONG _In_ ULONG _In_ PUNICODE_STRING _In_ PACCESS_MASK _In_ USHORT ShareAccess
#define STATUS_BUFFER_TOO_SMALL
NTSYSAPI NTSTATUS NTAPI RtlCreateAcl(PACL Acl, ULONG AclSize, ULONG AclRevision)
#define UDF_VCB_FLAGS_RAW_DISK
#define SECURITY_DESCRIPTOR_REVISION
#define UDF_VCB_IC_DIRTY_RO
#define UDF_VCB_FLAGS_VOLUME_READ_ONLY
_In_ PDEVICE_OBJECT DeviceObject
return STATUS_NOT_IMPLEMENTED
NTSTATUS UDFAssignAcl(IN PVCB Vcb, IN PFILE_OBJECT FileObject, IN PtrUDFFCB Fcb, IN PtrUDFNTRequiredFCB NtReqFcb)
#define FILE_DELETE_CHILD
#define IO_DISK_INCREMENT
DWORD SECURITY_INFORMATION
#define UDFIsADirectory(FileInfo)
#define FILE_ACTION_MODIFIED
#define STATUS_INVALID_USER_BUFFER
#define IoCompleteRequest
NTSTATUS UDFReadSecurity(IN PVCB Vcb, IN PtrUDFFCB Fcb, IN PSECURITY_DESCRIPTOR *SecurityDesc)
_Must_inspect_result_ _In_ PFILE_OBJECT _In_ SECURITY_INFORMATION SecurityInformation
OSSTATUS UDFFlushFile__(IN PVCB Vcb, IN PUDF_FILE_INFO FileInfo, IN ULONG FlushFlags)
VOID UDFDeassignAcl(IN PtrUDFNTRequiredFCB NtReqFcb, IN BOOLEAN AutoInherited)
__inline VOID UDFNotifyFullReportChange(PVCB V, PUDF_FILE_INFO FI, ULONG E, ULONG A)
_In_ WDFREQUEST _In_ WDFFILEOBJECT FileObject
OSSTATUS UDFOpenStreamDir__(IN PVCB Vcb, IN PUDF_FILE_INFO FileInfo, OUT PUDF_FILE_INFO *_SDirInfo)
NTSTATUS UDFExceptionHandler(PtrUDFIrpContext PtrIrpContext, PIRP Irp)
#define UDFIsAStreamDir(FI)
uint32 UDFCleanUpFile__(IN PVCB Vcb, IN PUDF_FILE_INFO FileInfo)
OSSTATUS UDFCreateFile__(IN PVCB Vcb, IN BOOLEAN IgnoreCase, IN PUNICODE_STRING _fn, IN uint32 ExtAttrSz, IN uint32 ImpUseLen, IN BOOLEAN Extended, IN BOOLEAN CreateNew, IN OUT PUDF_FILE_INFO DirInfo, OUT PUDF_FILE_INFO *_FileInfo)
NTSTATUS UDFGetSecurity(PDEVICE_OBJECT DeviceObject, PIRP Irp)
#define UDF_CCB_VOLUME_OPEN
#define NT_SUCCESS(StatCode)
#define EXCEPTION_EXECUTE_HANDLER
VOID NTAPI SeCaptureSubjectContext(_Out_ PSECURITY_SUBJECT_CONTEXT SubjectContext)
Captures the security subject context of the calling thread and calling process.
NTSTATUS UDFSetAccessRights(PFILE_OBJECT FileObject, PACCESS_STATE AccessState, PtrUDFFCB Fcb, PtrUDFCCB Ccb, ACCESS_MASK DesiredAccess, USHORT ShareAccess)
#define UDF_FCB_DIRECTORY
#define SACL_SECURITY_INFORMATION
OSSTATUS UDFOpenFile__(IN PVCB Vcb, IN BOOLEAN IgnoreCase, IN BOOLEAN NotDeleted, IN PUNICODE_STRING fn, IN PUDF_FILE_INFO DirInfo, OUT PUDF_FILE_INFO *_FileInfo, IN uint_di *IndexToOpen)
#define STATUS_ACCESS_DENIED
#define FULL_SECURITY_INFORMATION
#define STATUS_NO_SECURITY_ON_OBJECT
BOOLEAN __fastcall UDFIsIrpTopLevel(PIRP Irp)
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE AccessState
VOID NTAPI IoSetTopLevelIrp(IN PIRP Irp)
OSSTATUS UDFWriteFile__(IN PVCB Vcb, IN PUDF_FILE_INFO FileInfo, IN int64 Offset, IN SIZE_T Length, IN BOOLEAN Direct, IN int8 *Buffer, OUT PSIZE_T WrittenBytes)
long UDFExceptionFilter(PtrUDFIrpContext PtrIrpContext, PEXCEPTION_POINTERS PtrExceptionPointers)
struct _FCB::@708::@711 Fcb
#define FILE_ADD_SUBDIRECTORY
_Inout_ PFILE_OBJECT _In_ TYPE_OF_OPEN PFCB _In_opt_ PCCB Ccb
OSSTATUS UDFCloseFile__(IN PVCB Vcb, IN PUDF_FILE_INFO FileInfo)
BOOLEAN NTAPI SeAccessCheck(_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext, _In_ BOOLEAN SubjectContextLocked, _In_ ACCESS_MASK DesiredAccess, _In_ ACCESS_MASK PreviouslyGrantedAccess, _Out_ PPRIVILEGE_SET *Privileges, _In_ PGENERIC_MAPPING GenericMapping, _In_ KPROCESSOR_MODE AccessMode, _Out_ PACCESS_MASK GrantedAccess, _Out_ PNTSTATUS AccessStatus)
Determines whether security access rights can be given to an object depending on the security descrip...
__inline OSSTATUS UDFReadFile__(IN PVCB Vcb, IN PUDF_FILE_INFO FileInfo, IN int64 Offset, IN SIZE_T Length, IN BOOLEAN Direct, OUT int8 *Buffer, OUT PSIZE_T ReadBytes)
NTSTATUS NTAPI IoCheckShareAccess(IN ACCESS_MASK DesiredAccess, IN ULONG DesiredShareAccess, IN PFILE_OBJECT FileObject, IN PSHARE_ACCESS ShareAccess, IN BOOLEAN Update)
PVOID UDFGetCallersBuffer(PtrUDFIrpContext PtrIrpContext, PIRP Irp)
__drv_aliasesMem FORCEINLINE PIO_STACK_LOCATION IoGetCurrentIrpStackLocation(_In_ PIRP Irp)
#define UDF_ERROR_INTERNAL_ERROR
NTSTATUS UDFPostRequest(IN PtrUDFIrpContext PtrIrpContext, IN PIRP Irp)
#define AbnormalTermination()
#define STATUS_OBJECT_NAME_NOT_FOUND
_In_ PIO_STACK_LOCATION IrpSp
#define UDF_CHECK_PAGING_IO_RESOURCE(NTReqFCB)
#define FILE_NOTIFY_CHANGE_SECURITY
#define UDF_FCB_READ_ONLY
OSSTATUS UDFUnlinkFile__(IN PVCB Vcb, IN PUDF_FILE_INFO FileInfo, IN BOOLEAN FreeSpace)
#define OWNER_SECURITY_INFORMATION
VOID NTAPI SeReleaseSubjectContext(_In_ PSECURITY_SUBJECT_CONTEXT SubjectContext)
Releases both the primary and client tokens of a security subject context.
BOOLEAN NTAPI SeSinglePrivilegeCheck(_In_ LUID PrivilegeValue, _In_ KPROCESSOR_MODE PreviousMode)
Checks if a single privilege is present in the context of the calling thread.
#define INTEGRITY_TYPE_OPEN
#define RtlZeroMemory(Destination, Length)
NTKERNELAPI NTSTATUS NTAPI SeQuerySecurityDescriptorInfo(_In_ PSECURITY_INFORMATION SecurityInformation, _Out_writes_bytes_(*Length) PSECURITY_DESCRIPTOR SecurityDescriptor, _Inout_ PULONG Length, _Inout_ PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor)
#define _SEH2_EXCEPT(...)
struct _UDFFileControlBlock * Fcb
struct _NAMED_PIPE_CREATE_PARAMETERS * Parameters
NTSTATUS UDFCommonGetSecurity(PtrUDFIrpContext PtrIrpContext, PIRP Irp)
VOID NTAPI IoUpdateShareAccess(IN PFILE_OBJECT FileObject, OUT PSHARE_ACCESS ShareAccess)
#define DACL_SECURITY_INFORMATION
#define UDF_NTREQ_FCB_SD_MODIFIED