da/de6/secursup_8cpp_source.html

 // Copyright (C) Alexander Telyatnikov, Ivan Keliukh, Yegor Anchishkin, SKIF Software, 1999-2013. Kiev, Ukraine
 // All rights reserved
 // This file was released under the GPLv2 on June 2015.
 /*************************************************************************
 *
 * File: SecurSup.cpp
 *
 * Module: UDF File System Driver (Kernel mode execution only)
 *
 * Description:
 *   Contains code to handle the "Get/Set Security" dispatch entry points.
 *
 *************************************************************************/

 #include            "udffs.h"

 // define the file specific bug-check id
 #define         UDF_BUG_CHECK_ID                UDF_FILE_SECURITY

 #ifdef UDF_ENABLE_SECURITY

 NTSTATUS UDFConvertToSelfRelative(
     IN OUT PSECURITY_DESCRIPTOR* SecurityDesc);

 /*UCHAR FullControlSD[] = {
 0x01, 0x00, 0x04, 0x80, 0x4c, 0x00, 0x00, 0x00,
 0x58, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 0x14, 0x00, 0x00, 0x00, 0x02, 0x00, 0x38, 0x00,
 0x02, 0x00, 0x00, 0x00, 0x00, 0x09, 0x18, 0x00,
 0x00, 0x00, 0x00, 0x10, 0x01, 0x01, 0x00, 0x00,
 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00,
 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x18, 0x00,
 0xff, 0x01, 0x1f, 0x00, 0x01, 0x01, 0x00, 0x00,
 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00,
 0x00, 0x00, 0x00, 0x00, 0x01, 0x01, 0x00, 0x00,
 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00,
 0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
 0x00, 0x00, 0x00, 0x00
 };*/

 /*************************************************************************
 *
 * Function: UDFGetSecurity()
 *
 * Description:
 *
 * Expected Interrupt Level (for execution) :
 *
 *  IRQL_PASSIVE_LEVEL
 *
 * Return Value: Irrelevant.
 *
 *************************************************************************/
 NTSTATUS
 UDFGetSecurity(
     IN PDEVICE_OBJECT DeviceObject,       // the logical volume device object
     IN PIRP           Irp)                // I/O Request Packet
 {
     NTSTATUS            RC = STATUS_SUCCESS;
     PtrUDFIrpContext    PtrIrpContext = NULL;
     BOOLEAN             AreWeTopLevel = FALSE;

     UDFPrint(("UDFGetSecurity\n"));
 //    BrutePoint();

     FsRtlEnterFileSystem();
     ASSERT(DeviceObject);
     ASSERT(Irp);

     // set the top level context
     AreWeTopLevel = UDFIsIrpTopLevel(Irp);
     ASSERT(!UDFIsFSDevObj(DeviceObject));
     //  Call the common Lock Control routine, with blocking allowed if
     //  synchronous
     _SEH2_TRY {

         // get an IRP context structure and issue the request
         PtrIrpContext = UDFAllocateIrpContext(Irp, DeviceObject);
         if(PtrIrpContext) {
             RC = UDFCommonGetSecurity(PtrIrpContext, Irp);
         } else {
             RC = STATUS_INSUFFICIENT_RESOURCES;
             Irp->IoStatus.Status = RC;
             Irp->IoStatus.Information = 0;
             // complete the IRP
             IoCompleteRequest(Irp, IO_DISK_INCREMENT);
         }

     } __except (UDFExceptionFilter(PtrIrpContext, GetExceptionInformation())) {

         RC = UDFExceptionHandler(PtrIrpContext, Irp);

         UDFLogEvent(UDF_ERROR_INTERNAL_ERROR, RC);
     }

     if (AreWeTopLevel) {
         IoSetTopLevelIrp(NULL);
     }

     FsRtlExitFileSystem();

     return(RC);
 } // end UDFGetSecurity()


 /*************************************************************************
 *
 * Function: UDFCommonGetSecurity()
 *
 * Description:
 *  This is the common routine for getting Security (ACL) called
 *  by both the fsd and fsp threads
 *
 * Expected Interrupt Level (for execution) :
 *
 *  IRQL_PASSIVE_LEVEL
 *
 * Return Value: Irrelevant
 *
 *************************************************************************/
 NTSTATUS
 UDFCommonGetSecurity(
     IN PtrUDFIrpContext PtrIrpContext,
     IN PIRP             Irp)
 {
     NTSTATUS            RC = STATUS_SUCCESS;
     PIO_STACK_LOCATION  IrpSp = NULL;
     BOOLEAN             PostRequest = FALSE;
     BOOLEAN             CanWait = FALSE;
     PtrUDFNTRequiredFCB NtReqFcb = NULL;
     BOOLEAN             AcquiredFCB = FALSE;
     PFILE_OBJECT        FileObject = NULL;
     PtrUDFFCB           Fcb = NULL;
     PtrUDFCCB           Ccb = NULL;
     PVOID               PtrSystemBuffer = NULL;
     ULONG               BufferLength = 0;

     UDFPrint(("UDFCommonGetSecurity\n"));

     _SEH2_TRY {

         // First, get a pointer to the current I/O stack location.
         IrpSp = IoGetCurrentIrpStackLocation(Irp);
         ASSERT(IrpSp);

         FileObject = IrpSp->FileObject;
         ASSERT(FileObject);

         // Get the FCB and CCB pointers.
         Ccb = (PtrUDFCCB)(FileObject->FsContext2);
         ASSERT(Ccb);
         Fcb = Ccb->Fcb;
         ASSERT(Fcb);

 /*        if(!Fcb->Vcb->ReadSecurity)
             try_return(RC = STATUS_NOT_IMPLEMENTED);*/

         NtReqFcb = Fcb->NTRequiredFCB;
         CanWait = ((PtrIrpContext->IrpContextFlags & UDF_IRP_CONTEXT_CAN_BLOCK) ? TRUE : FALSE);

         // Acquire the FCB resource shared
         UDF_CHECK_PAGING_IO_RESOURCE(NtReqFcb);
         if (!UDFAcquireResourceExclusive(&(NtReqFcb->MainResource), CanWait)) {
 //        if (!UDFAcquireResourceShared(&(NtReqFcb->MainResource), CanWait)) {
             PostRequest = TRUE;
             try_return(RC = STATUS_PENDING);
         }
         AcquiredFCB = TRUE;

         PtrSystemBuffer = UDFGetCallersBuffer(PtrIrpContext, Irp);
         if(!PtrSystemBuffer)
             try_return(RC = STATUS_INVALID_USER_BUFFER);
         BufferLength = IrpSp->Parameters.QuerySecurity.Length;

         if(!NtReqFcb->SecurityDesc) {
             RC = UDFAssignAcl(Fcb->Vcb, FileObject, Fcb, NtReqFcb);
             if(!NT_SUCCESS(RC))
                 try_return(RC);
         }

         _SEH2_TRY {
             RC = SeQuerySecurityDescriptorInfo(&(IrpSp->Parameters.QuerySecurity.SecurityInformation),
                                           (PSECURITY_DESCRIPTOR)PtrSystemBuffer,
                                           &BufferLength,
                                           &(NtReqFcb->SecurityDesc) );
         } _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER) {
             RC = STATUS_BUFFER_TOO_SMALL;
         }

 try_exit: NOTHING;

     } _SEH2_FINALLY {

         // Release the FCB resources if acquired.
         if (AcquiredFCB) {
             UDF_CHECK_PAGING_IO_RESOURCE(NtReqFcb);
             UDFReleaseResource(&(NtReqFcb->MainResource));
             AcquiredFCB = FALSE;
         }

         if (PostRequest) {
             // Perform appropriate post related processing here
             RC = UDFPostRequest(PtrIrpContext, Irp);
         } else
         if(!AbnormalTermination()) {
             Irp->IoStatus.Status = RC;
             Irp->IoStatus.Information = BufferLength;
             // Free up the Irp Context
             UDFReleaseIrpContext(PtrIrpContext);
             // complete the IRP
             IoCompleteRequest(Irp, IO_DISK_INCREMENT);
         }

     } // end of "__finally" processing

     return(RC);
 }

 #ifndef UDF_READ_ONLY_BUILD
 /*************************************************************************
 *
 * Function: UDFSetSecurity()
 *
 * Description:
 *
 * Expected Interrupt Level (for execution) :
 *
 *  IRQL_PASSIVE_LEVEL
 *
 * Return Value: Irrelevant.
 *
 *************************************************************************/
 NTSTATUS
 UDFSetSecurity(
     IN PDEVICE_OBJECT DeviceObject,       // the logical volume device object
     IN PIRP           Irp)                // I/O Request Packet
 {
     NTSTATUS            RC = STATUS_SUCCESS;
     PtrUDFIrpContext    PtrIrpContext = NULL;
     BOOLEAN             AreWeTopLevel = FALSE;

     UDFPrint(("UDFSetSecurity\n"));
 //    BrutePoint();

     FsRtlEnterFileSystem();
     ASSERT(DeviceObject);
     ASSERT(Irp);

     // set the top level context
     AreWeTopLevel = UDFIsIrpTopLevel(Irp);
     //  Call the common Lock Control routine, with blocking allowed if
     //  synchronous
     _SEH2_TRY {

         // get an IRP context structure and issue the request
         PtrIrpContext = UDFAllocateIrpContext(Irp, DeviceObject);
         if(PtrIrpContext) {
             RC = UDFCommonSetSecurity(PtrIrpContext, Irp);
         } else {
             RC = STATUS_INSUFFICIENT_RESOURCES;
             Irp->IoStatus.Status = RC;
             Irp->IoStatus.Information = 0;
             // complete the IRP
             IoCompleteRequest(Irp, IO_DISK_INCREMENT);
         }

     } __except (UDFExceptionFilter(PtrIrpContext, GetExceptionInformation())) {

         RC = UDFExceptionHandler(PtrIrpContext, Irp);

         UDFLogEvent(UDF_ERROR_INTERNAL_ERROR, RC);
     }

     if (AreWeTopLevel) {
         IoSetTopLevelIrp(NULL);
     }

     FsRtlExitFileSystem();

     return(RC);
 } // end UDFSetSecurity()


 /*************************************************************************
 *
 * Function: UDFCommonSetSecurity()
 *
 * Description:
 *  This is the common routine for getting Security (ACL) called
 *  by both the fsd and fsp threads
 *
 * Expected Interrupt Level (for execution) :
 *
 *  IRQL_PASSIVE_LEVEL
 *
 * Return Value: Irrelevant
 *
 *************************************************************************/
 NTSTATUS
 UDFCommonSetSecurity(
     IN PtrUDFIrpContext PtrIrpContext,
     IN PIRP             Irp)
 {
     NTSTATUS            RC = STATUS_SUCCESS;
     PIO_STACK_LOCATION  IrpSp = NULL;
     BOOLEAN             PostRequest = FALSE;
     BOOLEAN             CanWait = FALSE;
     PtrUDFNTRequiredFCB NtReqFcb = NULL;
     BOOLEAN             AcquiredFCB = FALSE;
     PFILE_OBJECT        FileObject = NULL;
     PtrUDFFCB           Fcb = NULL;
     PtrUDFCCB           Ccb = NULL;
     ACCESS_MASK         DesiredAccess = 0;

     UDFPrint(("UDFCommonSetSecurity\n"));

     _SEH2_TRY {

         // First, get a pointer to the current I/O stack location.
         IrpSp = IoGetCurrentIrpStackLocation(Irp);
         ASSERT(IrpSp);

         FileObject = IrpSp->FileObject;
         ASSERT(FileObject);

         // Get the FCB and CCB pointers.
         Ccb = (PtrUDFCCB)(FileObject->FsContext2);
         ASSERT(Ccb);
         Fcb = Ccb->Fcb;
         ASSERT(Fcb);

         if(!Fcb->Vcb->WriteSecurity)
             try_return(RC = STATUS_NOT_IMPLEMENTED);

         NtReqFcb = Fcb->NTRequiredFCB;
         CanWait = ((PtrIrpContext->IrpContextFlags & UDF_IRP_CONTEXT_CAN_BLOCK) ? TRUE : FALSE);

         // Acquire the FCB resource exclusive
         UDF_CHECK_PAGING_IO_RESOURCE(NtReqFcb);
         if (!UDFAcquireResourceExclusive(&(NtReqFcb->MainResource), CanWait)) {
             PostRequest = TRUE;
             try_return(RC = STATUS_PENDING);
         }
         AcquiredFCB = TRUE;

 //OWNER_SECURITY_INFORMATION
         if(IrpSp->Parameters.SetSecurity.SecurityInformation & OWNER_SECURITY_INFORMATION)
             DesiredAccess |= WRITE_OWNER;
 //GROUP_SECURITY_INFORMATION
         if(IrpSp->Parameters.SetSecurity.SecurityInformation & GROUP_SECURITY_INFORMATION)
             DesiredAccess |= WRITE_OWNER;
 //DACL_SECURITY_INFORMATION
         if(IrpSp->Parameters.SetSecurity.SecurityInformation & DACL_SECURITY_INFORMATION)
             DesiredAccess |= WRITE_DAC;
 //SACL_SECURITY_INFORMATION
         if(IrpSp->Parameters.SetSecurity.SecurityInformation & SACL_SECURITY_INFORMATION)
             DesiredAccess |= ACCESS_SYSTEM_SECURITY;

         _SEH2_TRY {
             UDFConvertToSelfRelative(&(NtReqFcb->SecurityDesc));

             KdDump(NtReqFcb->SecurityDesc, RtlLengthSecurityDescriptor(NtReqFcb->SecurityDesc));
             UDFPrint(("\n"));

             RC = SeSetSecurityDescriptorInfo(/*FileObject*/ NULL,
                                           &(IrpSp->Parameters.SetSecurity.SecurityInformation),
                                           IrpSp->Parameters.SetSecurity.SecurityDescriptor,
                                           &(NtReqFcb->SecurityDesc),
                                           NonPagedPool,
                                           IoGetFileObjectGenericMapping() );

             KdDump(NtReqFcb->SecurityDesc, RtlLengthSecurityDescriptor(NtReqFcb->SecurityDesc));

         } _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER) {
             RC = STATUS_INVALID_PARAMETER;
         }
         if(NT_SUCCESS(RC)) {
             NtReqFcb->NtReqFCBFlags |= UDF_NTREQ_FCB_SD_MODIFIED;

             UDFNotifyFullReportChange( Fcb->Vcb, Fcb->FileInfo,
                                        FILE_NOTIFY_CHANGE_SECURITY,
                                        FILE_ACTION_MODIFIED);
         }

 try_exit: NOTHING;

     } _SEH2_FINALLY {

         // Release the FCB resources if acquired.
         if (AcquiredFCB) {
             UDF_CHECK_PAGING_IO_RESOURCE(NtReqFcb);
             UDFReleaseResource(&(NtReqFcb->MainResource));
             AcquiredFCB = FALSE;
         }

         if (PostRequest) {
             // Perform appropriate post related processing here
             RC = UDFPostRequest(PtrIrpContext, Irp);
         } else
         if(!AbnormalTermination()) {
             Irp->IoStatus.Status = RC;
             Irp->IoStatus.Information = 0;
             // Free up the Irp Context
             UDFReleaseIrpContext(PtrIrpContext);
             // complete the IRP
             IoCompleteRequest(Irp, IO_DISK_INCREMENT);
         }

     } // end of "__finally" processing

     return(RC);
 } // ens UDFCommonSetSecurity()

 #endif //UDF_READ_ONLY_BUILD
 #endif //UDF_ENABLE_SECURITY

 NTSTATUS
 UDFReadSecurity(
     IN PVCB Vcb,
     IN PtrUDFFCB Fcb,
     IN PSECURITY_DESCRIPTOR* SecurityDesc
     )
 {
 #ifdef UDF_ENABLE_SECURITY
     PUDF_FILE_INFO FileInfo = NULL;
     PUDF_FILE_INFO SDirInfo = NULL;
     PUDF_FILE_INFO AclInfo = NULL;
     NTSTATUS RC;
     ULONG NumberBytesRead;
     PERESOURCE Res1 = NULL;

     UDFPrint(("UDFReadSecurity\n"));

     _SEH2_TRY {

         FileInfo = Fcb->FileInfo;
         ASSERT(FileInfo);
         if(!FileInfo) {
             UDFPrint(("  Volume Security\n"));
             try_return(RC = STATUS_NO_SECURITY_ON_OBJECT);
         }
         if(Vcb->VCBFlags & UDF_VCB_FLAGS_RAW_DISK) {
             UDFPrint(("  No Security on blank volume\n"));
             try_return(RC = STATUS_NO_SECURITY_ON_OBJECT);
         }

         // Open Stream Directory
         RC = UDFOpenStreamDir__(Vcb, FileInfo, &SDirInfo);

         if(RC == STATUS_NOT_FOUND)
             try_return(RC = STATUS_NO_SECURITY_ON_OBJECT);
         if(!NT_SUCCESS(RC)) {
             if(UDFCleanUpFile__(Vcb, SDirInfo)) {
                 if(SDirInfo) MyFreePool__(SDirInfo);
             }
             SDirInfo = NULL;
             try_return(RC);
         }
         // Acquire SDir exclusively if Fcb present
         if(SDirInfo->Fcb) {
             BrutePoint();
             UDF_CHECK_PAGING_IO_RESOURCE(SDirInfo->Fcb->NTRequiredFCB);
             UDFAcquireResourceExclusive(Res1 = &(SDirInfo->Fcb->NTRequiredFCB->MainResource),TRUE);
         }

         // Open Acl Stream
         RC = UDFOpenFile__(Vcb,
                            FALSE,TRUE,&(UDFGlobalData.AclName),
                            SDirInfo,&AclInfo,NULL);
         if(RC == STATUS_OBJECT_NAME_NOT_FOUND)
             try_return(RC = STATUS_NO_SECURITY_ON_OBJECT);
         if(!NT_SUCCESS(RC)) {
             if(UDFCleanUpFile__(Vcb, AclInfo)) {
                 if(AclInfo) MyFreePool__(AclInfo);
             }
             AclInfo = NULL;
             try_return(RC);
         }

         NumberBytesRead = (ULONG)UDFGetFileSize(AclInfo);
         (*SecurityDesc) = DbgAllocatePool(NonPagedPool, NumberBytesRead);
         if(!(*SecurityDesc))
             try_return(RC = STATUS_INSUFFICIENT_RESOURCES);
         RC = UDFReadFile__(Vcb, AclInfo, 0, NumberBytesRead,
                        FALSE, (PCHAR)(*SecurityDesc), &NumberBytesRead);
         if(!NT_SUCCESS(RC))
             try_return(RC);

         RC = RtlValidSecurityDescriptor(*SecurityDesc);

 try_exit: NOTHING;

     } _SEH2_FINALLY {

         if(AclInfo) {
             UDFCloseFile__(Vcb, AclInfo);
             if(UDFCleanUpFile__(Vcb, AclInfo))
                 MyFreePool__(AclInfo);
         }

         if(SDirInfo) {
             UDFCloseFile__(Vcb, SDirInfo);
             if(UDFCleanUpFile__(Vcb, SDirInfo))
                 MyFreePool__(SDirInfo);
         }

         if(!NT_SUCCESS(RC) && (*SecurityDesc)) {
             DbgFreePool(*SecurityDesc);
             (*SecurityDesc) = NULL;
         }
         if(Res1)
             UDFReleaseResource(Res1);
     }

     return RC;
 #else
     return STATUS_NO_SECURITY_ON_OBJECT;
 #endif //UDF_ENABLE_SECURITY

 } // end UDFReadSecurity()

 #ifdef UDF_ENABLE_SECURITY
 NTSTATUS
 UDFConvertToSelfRelative(
     IN OUT PSECURITY_DESCRIPTOR* SecurityDesc
     )
 {
     NTSTATUS RC;
     SECURITY_INFORMATION SecurityInformation;
     PSECURITY_DESCRIPTOR NewSD;
     ULONG Len;

     UDFPrint(("  UDFConvertToSelfRelative\n"));

     if(!(*SecurityDesc))
         return STATUS_NO_SECURITY_ON_OBJECT;

     SecurityInformation = FULL_SECURITY_INFORMATION;
     Len = RtlLengthSecurityDescriptor(*SecurityDesc);
     ASSERT(Len <= 1024);
     NewSD = (PSECURITY_DESCRIPTOR)DbgAllocatePool(NonPagedPool, Len);
     if(!NewSD)
         return STATUS_INSUFFICIENT_RESOURCES;
     _SEH2_TRY {
         RC = SeQuerySecurityDescriptorInfo(&SecurityInformation, NewSD, &Len, SecurityDesc);
     } _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER) {
         RC = STATUS_INSUFFICIENT_RESOURCES;
     }

     if(NT_SUCCESS(RC)) {
         DbgFreePool(*SecurityDesc);
         *SecurityDesc = NewSD;
     } else {
         DbgFreePool(NewSD);
     }
     return RC;
 } // end UDFConvertToSelfRelative()

 NTSTATUS
 UDFInheritAcl(
     IN PVCB Vcb,
     IN PSECURITY_DESCRIPTOR* ParentSecurityDesc,
     IN OUT PSECURITY_DESCRIPTOR* SecurityDesc
     )
 {
     NTSTATUS RC;
     SECURITY_INFORMATION SecurityInformation;
     ULONG Len;

     UDFPrint(("  UDFInheritAcl\n"));

     if(!(*ParentSecurityDesc)) {
         *SecurityDesc = NULL;
         return STATUS_SUCCESS;
     }

     SecurityInformation = FULL_SECURITY_INFORMATION;
     Len = RtlLengthSecurityDescriptor(*ParentSecurityDesc);
     *SecurityDesc = (PSECURITY_DESCRIPTOR)DbgAllocatePool(NonPagedPool, Len);
     if(!(*SecurityDesc))
         return STATUS_INSUFFICIENT_RESOURCES;
     _SEH2_TRY {
         RC = SeQuerySecurityDescriptorInfo(&SecurityInformation, *SecurityDesc, &Len, ParentSecurityDesc);
     } _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER) {
         RC = STATUS_INSUFFICIENT_RESOURCES;
     }

     if(!NT_SUCCESS(RC)) {
         DbgFreePool(*SecurityDesc);
         *SecurityDesc = NULL;
     }
     return RC;
 } // end UDFInheritAcl()

 NTSTATUS
 UDFBuildEmptyAcl(
     IN PVCB Vcb,
     IN PSECURITY_DESCRIPTOR* SecurityDesc
     )
 {
     NTSTATUS RC;
     ULONG Len = 2 * (sizeof(ACL) + sizeof(ACCESS_ALLOWED_ACE) + sizeof(ULONG)*4 /*RtlLengthSid(SeExports->SeWorldSid)*/);

     UDFPrint(("  UDFBuildEmptyAcl\n"));
     // Create Security Descriptor
     (*SecurityDesc) = (PSECURITY_DESCRIPTOR)DbgAllocatePool(NonPagedPool,
            sizeof(SECURITY_DESCRIPTOR) + Len);
     if(!(*SecurityDesc))
         return STATUS_INSUFFICIENT_RESOURCES;

     RC = RtlCreateSecurityDescriptor(*SecurityDesc, SECURITY_DESCRIPTOR_REVISION);

     if(!NT_SUCCESS(RC)) {
         DbgFreePool(*SecurityDesc);
         *((PULONG)SecurityDesc) = NULL;
     }
     return RC;
 } // end UDFBuildEmptyAcl()

 NTSTATUS
 UDFBuildFullControlAcl(
     IN PVCB Vcb,
     IN PSECURITY_DESCRIPTOR* SecurityDesc
     )
 {
     NTSTATUS RC;
     PACL Acl;
     ULONG Len = sizeof(ACL) + 2*(sizeof(ACCESS_ALLOWED_ACE) + sizeof(ULONG)*4 /*- sizeof(ULONG)*/ /*+ RtlLengthSid(SeExports->SeWorldSid)*/);

     UDFPrint(("  UDFBuildFullControlAcl\n"));
     // Create Security Descriptor
     RC = UDFBuildEmptyAcl(Vcb, SecurityDesc);
     if(!NT_SUCCESS(RC))
         return RC;

     // Set Owner
     RC = RtlSetOwnerSecurityDescriptor(*SecurityDesc, SeExports->SeWorldSid, FALSE);
     if(!NT_SUCCESS(RC)) {
         DbgFreePool(*SecurityDesc);
         *((PULONG)SecurityDesc) = NULL;
         return RC;
     }

     // Set Group
     RC = RtlSetGroupSecurityDescriptor(*SecurityDesc, SeExports->SeWorldSid, FALSE);
     if(!NT_SUCCESS(RC)) {
         DbgFreePool(*SecurityDesc);
         *((PULONG)SecurityDesc) = NULL;
         return RC;
     }

     // Create empty Acl
     Acl = (PACL)DbgAllocatePool(NonPagedPool, Len);
     if(!Acl) {
         DbgFreePool(*SecurityDesc);
         *((PULONG)SecurityDesc) = NULL;
         return RC;
     }
     RtlZeroMemory(Acl, Len);

     RC = RtlCreateAcl(Acl, Len, ACL_REVISION);
     if(!NT_SUCCESS(RC)) {
         DbgFreePool(Acl);
         DbgFreePool(*SecurityDesc);
         *((PULONG)SecurityDesc) = NULL;
         return RC;
     }

     // Add (All)(All) access for Everyone
 /*    RC = RtlAddAccessAllowedAce(Acl, ACL_REVISION,
                                 GENERIC_ALL,
                                 SeExports->SeWorldSid);*/

     RC = RtlAddAccessAllowedAce(Acl, ACL_REVISION,
                                 FILE_ALL_ACCESS,
                                 SeExports->SeWorldSid);

     if(!NT_SUCCESS(RC)) {
         DbgFreePool(Acl);
         DbgFreePool(*SecurityDesc);
         *((PULONG)SecurityDesc) = NULL;
         return RC;
     }

     // Add Acl to Security Descriptor
     RC = RtlSetDaclSecurityDescriptor(*SecurityDesc, TRUE, Acl, FALSE);
     if(!NT_SUCCESS(RC)) {
         DbgFreePool(Acl);
         DbgFreePool(*SecurityDesc);
         *((PULONG)SecurityDesc) = NULL;
         return RC;
     }

     RC = UDFConvertToSelfRelative(SecurityDesc);

     DbgFreePool(Acl);

     return RC;
 } // end UDFBuildFullControlAcl()

 #endif // UDF_ENABLE_SECURITY

 NTSTATUS
 UDFAssignAcl(
     IN PVCB Vcb,
     IN PFILE_OBJECT FileObject, // OPTIONAL
     IN PtrUDFFCB Fcb,
     IN PtrUDFNTRequiredFCB NtReqFcb
     )
 {
     NTSTATUS RC = STATUS_SUCCESS;
 #ifdef UDF_ENABLE_SECURITY
 //    SECURITY_INFORMATION SecurityInformation;

 //    UDFPrint(("  UDFAssignAcl\n"));
     if(!NtReqFcb->SecurityDesc) {

         PSECURITY_DESCRIPTOR ExplicitSecurity = NULL;

         if(UDFIsAStreamDir(Fcb->FileInfo) || UDFIsAStream(Fcb->FileInfo)) {
             // Stream/SDir security
             NtReqFcb->SecurityDesc = Fcb->FileInfo->ParentFile->Dloc->CommonFcb->SecurityDesc;
             return STATUS_SUCCESS;
         } else
         if(!Fcb->FileInfo) {
             // Volume security
             if(Vcb->RootDirFCB &&
                Vcb->RootDirFCB->FileInfo &&
                Vcb->RootDirFCB->FileInfo->Dloc &&
                Vcb->RootDirFCB->FileInfo->Dloc->CommonFcb) {
                 RC = UDFInheritAcl(Vcb, &(Vcb->RootDirFCB->FileInfo->Dloc->CommonFcb->SecurityDesc), &ExplicitSecurity);
             } else {
                 NtReqFcb->SecurityDesc = NULL;
                 RC = STATUS_NO_SECURITY_ON_OBJECT;
             }
             return RC;
         }

         RC = UDFReadSecurity(Vcb, Fcb, &ExplicitSecurity);
         if(RC == STATUS_NO_SECURITY_ON_OBJECT) {
             if(!Fcb->FileInfo->ParentFile) {
                 RC = UDFBuildFullControlAcl(Vcb, &ExplicitSecurity);
             } else {
                 RC = UDFInheritAcl(Vcb, &(Fcb->FileInfo->ParentFile->Dloc->CommonFcb->SecurityDesc), &ExplicitSecurity);
             }
 /*            if(NT_SUCCESS(RC)) {
                 NtReqFcb->NtReqFCBFlags |= UDF_NTREQ_FCB_SD_MODIFIED;
             }*/
         }
         if(NT_SUCCESS(RC)) {

 //            SecurityInformation = FULL_SECURITY_INFORMATION;
             NtReqFcb->SecurityDesc = ExplicitSecurity;

 /*            RC = SeSetSecurityDescriptorInfo(FileObject,
                                           &SecurityInformation,
                                           ExplicitSecurity,
                                           &(NtReqFcb->SecurityDesc),
                                           NonPagedPool,
                                           IoGetFileObjectGenericMapping() );*/

         }
     }
 #endif //UDF_ENABLE_SECURITY
     return RC;
 } // end UDFAssignAcl()


 VOID
 UDFDeassignAcl(
     IN PtrUDFNTRequiredFCB NtReqFcb,
     IN BOOLEAN AutoInherited
     )
 {
 #ifdef UDF_ENABLE_SECURITY
 //    NTSTATUS RC = STATUS_SUCCESS;

 //    UDFPrint(("  UDFDeassignAcl\n"));
     if(!NtReqFcb->SecurityDesc)
         return;

     if(AutoInherited) {
         NtReqFcb->SecurityDesc = NULL;
         return;
     }

     SeDeassignSecurity(&(NtReqFcb->SecurityDesc));
     NtReqFcb->SecurityDesc = NULL; // HA BCRK CLU4
 #endif //UDF_ENABLE_SECURITY
     return;
 } // end UDFDeassignAcl()

 NTSTATUS
 UDFWriteSecurity(
     IN PVCB Vcb,
     IN PtrUDFFCB Fcb,
     IN PSECURITY_DESCRIPTOR* SecurityDesc
     )
 {
 #ifdef UDF_ENABLE_SECURITY
     PUDF_FILE_INFO FileInfo = NULL;
     PUDF_FILE_INFO SDirInfo = NULL;
     PUDF_FILE_INFO AclInfo = NULL;
     PERESOURCE Res1 = NULL;
     NTSTATUS RC;
     ULONG NumberBytesRead;

 //    UDFPrint(("UDFWriteSecurity\n"));

 #if !defined(UDF_READ_ONLY_BUILD)

     if(!Vcb->WriteSecurity ||
        (Vcb->VCBFlags & (UDF_VCB_FLAGS_VOLUME_READ_ONLY |
                          UDF_VCB_FLAGS_MEDIA_READ_ONLY)))

 #endif

         return STATUS_SUCCESS;

 #if !defined(UDF_READ_ONLY_BUILD)

     _SEH2_TRY {

         FileInfo = Fcb->FileInfo;
         ASSERT(FileInfo);
         if(!FileInfo) {
             UDFPrint(("  Volume Security\n"));
             try_return(RC = STATUS_SUCCESS);
         }

         if(!(Fcb->NTRequiredFCB->NtReqFCBFlags & UDF_NTREQ_FCB_SD_MODIFIED))
             try_return(RC = STATUS_SUCCESS);

         // Open Stream Directory
         RC = UDFOpenStreamDir__(Vcb, FileInfo, &SDirInfo);

         if(RC == STATUS_NOT_FOUND) {
             RC = UDFCreateStreamDir__(Vcb, FileInfo, &SDirInfo);
         }
         if(!NT_SUCCESS(RC)) {
             if(UDFCleanUpFile__(Vcb, SDirInfo)) {
                 if(SDirInfo) MyFreePool__(SDirInfo);
             }
             SDirInfo = NULL;
             try_return(RC);
         }
         // Acquire SDir exclusively if Fcb present
         if(SDirInfo->Fcb) {
             BrutePoint();
             UDF_CHECK_PAGING_IO_RESOURCE(SDirInfo->Fcb->NTRequiredFCB);
             UDFAcquireResourceExclusive(Res1 = &(SDirInfo->Fcb->NTRequiredFCB->MainResource),TRUE);
         }

         // Open Acl Stream
         RC = UDFOpenFile__(Vcb,
                            FALSE,TRUE,&(UDFGlobalData.AclName),
                            SDirInfo,&AclInfo,NULL);
         if(RC == STATUS_OBJECT_NAME_NOT_FOUND) {
             RC = UDFCreateFile__(Vcb, FALSE, &(UDFGlobalData.AclName),
                                0, 0, FALSE, FALSE, SDirInfo, &AclInfo);
         }
         if(!NT_SUCCESS(RC)) {
             if(UDFCleanUpFile__(Vcb, AclInfo)) {
                 if(AclInfo) MyFreePool__(AclInfo);
             }
             AclInfo = NULL;
             try_return(RC);
         }

         if(!(*SecurityDesc)) {
             UDFFlushFile__(Vcb, AclInfo);
             RC = UDFUnlinkFile__(Vcb, AclInfo, TRUE);
             try_return(RC);
         }
         NumberBytesRead = RtlLengthSecurityDescriptor(*SecurityDesc);

         RC = UDFWriteFile__(Vcb, AclInfo, 0, NumberBytesRead,
                        FALSE, (PCHAR)(*SecurityDesc), &NumberBytesRead);
         if(!NT_SUCCESS(RC))
             try_return(RC);

         Fcb->NTRequiredFCB->NtReqFCBFlags &= ~UDF_NTREQ_FCB_SD_MODIFIED;

 try_exit: NOTHING;

     } _SEH2_FINALLY {

         if(AclInfo) {
             UDFCloseFile__(Vcb, AclInfo);
             if(UDFCleanUpFile__(Vcb, AclInfo))
                 MyFreePool__(AclInfo);
         }

         if(SDirInfo) {
             UDFCloseFile__(Vcb, SDirInfo);
             if(UDFCleanUpFile__(Vcb, SDirInfo))
                 MyFreePool__(SDirInfo);
         }
         if(Res1)
             UDFReleaseResource(Res1);
     }

     return RC;

 #endif
 #endif //UDF_ENABLE_SECURITY

     return STATUS_SUCCESS;

 } // end UDFWriteSecurity()

 PSECURITY_DESCRIPTOR
 UDFLookUpAcl(
     IN PVCB      Vcb,
     PFILE_OBJECT FileObject, // OPTIONAL
     IN PtrUDFFCB Fcb
     )
 {
     UDFAssignAcl(Vcb, FileObject, Fcb, Fcb->NTRequiredFCB);
     return (Fcb->NTRequiredFCB->SecurityDesc);
 } // end UDFLookUpAcl()


 NTSTATUS
 UDFCheckAccessRights(
     PFILE_OBJECT FileObject, // OPTIONAL
     PACCESS_STATE AccessState,
     PtrUDFFCB    Fcb,
     PtrUDFCCB    Ccb,        // OPTIONAL
     ACCESS_MASK  DesiredAccess,
     USHORT       ShareAccess
     )
 {
     NTSTATUS RC;
     BOOLEAN ROCheck = FALSE;
 #ifdef UDF_ENABLE_SECURITY
     BOOLEAN SecurityCheck;
     PSECURITY_DESCRIPTOR SecDesc;
     SECURITY_SUBJECT_CONTEXT SubjectContext;
     ACCESS_MASK LocalAccessMask;
 #endif //UDF_ENABLE_SECURITY

     // Check attr compatibility
     ASSERT(Fcb);
     ASSERT(Fcb->Vcb);
 #ifdef UDF_READ_ONLY_BUILD
     goto treat_as_ro;
 #endif //UDF_READ_ONLY_BUILD

     if(Fcb->FCBFlags & UDF_FCB_READ_ONLY) {
         ROCheck = TRUE;
     } else
     if((Fcb->Vcb->origIntegrityType == INTEGRITY_TYPE_OPEN) &&
         Ccb && !(Ccb->CCBFlags & UDF_CCB_VOLUME_OPEN) &&
        (Fcb->Vcb->CompatFlags & UDF_VCB_IC_DIRTY_RO)) {
         AdPrint(("force R/O on dirty\n"));
         ROCheck = TRUE;
     }
     if(ROCheck) {
 #ifdef UDF_READ_ONLY_BUILD
 treat_as_ro:
 #endif //UDF_READ_ONLY_BUILD
         ACCESS_MASK  DesiredAccessMask = 0;

         if(Fcb->Vcb->CompatFlags & UDF_VCB_IC_WRITE_IN_RO_DIR) {
             if(Fcb->FCBFlags & UDF_FCB_DIRECTORY) {
                 DesiredAccessMask = (FILE_WRITE_EA |
                                      DELETE);
             } else {
                 DesiredAccessMask = (FILE_WRITE_DATA |
                                      FILE_APPEND_DATA |
                                      FILE_WRITE_EA |
                                      DELETE);
             }
         } else {
                 DesiredAccessMask = (FILE_WRITE_DATA |
                                      FILE_APPEND_DATA |
                                      FILE_WRITE_EA |
                                      FILE_DELETE_CHILD |
                                      FILE_ADD_SUBDIRECTORY |
                                      FILE_ADD_FILE |
                                      DELETE);
         }
         if(DesiredAccess & DesiredAccessMask)
             return STATUS_ACCESS_DENIED;
     }
 #ifdef UDF_ENABLE_SECURITY
     // Check Security
     // NOTE: we should not perform security check if an empty DesiredAccess
     // was specified. AFAIU, SeAccessCheck() will return FALSE in this case.
     SecDesc = UDFLookUpAcl(Fcb->Vcb, FileObject, Fcb);
     if(SecDesc && DesiredAccess) {
         SeCaptureSubjectContext(&SubjectContext);
         SecurityCheck =
             SeAccessCheck(SecDesc,
                           &SubjectContext,
                           FALSE,
                           DesiredAccess,
                           Ccb ? Ccb->PreviouslyGrantedAccess : 0,
                           NULL,
                           IoGetFileObjectGenericMapping(),
                           UserMode,
                           Ccb ? &(Ccb->PreviouslyGrantedAccess) : &LocalAccessMask,
                           &RC);
         SeReleaseSubjectContext(&SubjectContext);

         if(!SecurityCheck) {
             return RC;
         } else
 #endif //UDF_ENABLE_SECURITY
         if(DesiredAccess & ACCESS_SYSTEM_SECURITY) {
             if (!SeSinglePrivilegeCheck(SeExports->SeSecurityPrivilege, UserMode))
                 return STATUS_ACCESS_DENIED;
             Ccb->PreviouslyGrantedAccess |= ACCESS_SYSTEM_SECURITY;
         }
 #ifdef UDF_ENABLE_SECURITY
     }
 #endif //UDF_ENABLE_SECURITY
     if(FileObject) {
         if (Fcb->OpenHandleCount) {
             // The FCB is currently in use by some thread.
             // We must check whether the requested access/share access
             // conflicts with the existing open operations.
             RC = IoCheckShareAccess(DesiredAccess, ShareAccess, FileObject,
                                             &(Fcb->NTRequiredFCB->FCBShareAccess), TRUE);
 #ifndef UDF_ENABLE_SECURITY
             if(Ccb)
                 Ccb->PreviouslyGrantedAccess |= DesiredAccess;
             IoUpdateShareAccess(FileObject, &(Fcb->NTRequiredFCB->FCBShareAccess));
 #endif //UDF_ENABLE_SECURITY
         } else {
             IoSetShareAccess(DesiredAccess, ShareAccess, FileObject, &(Fcb->NTRequiredFCB->FCBShareAccess));
 #ifndef UDF_ENABLE_SECURITY
             if(Ccb)
                 Ccb->PreviouslyGrantedAccess = DesiredAccess;
 #endif //UDF_ENABLE_SECURITY
             RC = STATUS_SUCCESS;
         }
     } else {
         // we get here if given file was opened for internal purposes
         RC = STATUS_SUCCESS;
     }
     return RC;
 } // end UDFCheckAccessRights()

 NTSTATUS
 UDFSetAccessRights(
     PFILE_OBJECT FileObject,
     PACCESS_STATE AccessState,
     PtrUDFFCB    Fcb,
     PtrUDFCCB    Ccb,
     ACCESS_MASK  DesiredAccess,
     USHORT       ShareAccess
     )
 {
 #ifndef UDF_ENABLE_SECURITY
     ASSERT(Ccb);
     ASSERT(Fcb->FileInfo);

     return UDFCheckAccessRights(FileObject, AccessState, Fcb, Ccb, DesiredAccess, ShareAccess);

 #else //UDF_ENABLE_SECURITY

     NTSTATUS RC;
     // Set Security on Object
     PSECURITY_DESCRIPTOR SecDesc;
     SECURITY_SUBJECT_CONTEXT SubjectContext;
     BOOLEAN AutoInherit;

     ASSERT(Ccb);
     ASSERT(Fcb->FileInfo);

     SecDesc = UDFLookUpAcl(Fcb->Vcb, FileObject, Fcb);
     AutoInherit = UDFIsAStreamDir(Fcb->FileInfo) || UDFIsAStream(Fcb->FileInfo);

     if(SecDesc && !AutoInherit) {
         // Get caller's User/Primary Group info
         SeCaptureSubjectContext(&SubjectContext);
         RC = SeAssignSecurity(
                          Fcb->FileInfo->ParentFile->Dloc->CommonFcb->SecurityDesc,
 //                         NULL,
                          AccessState->SecurityDescriptor,
                          &(Fcb->NTRequiredFCB->SecurityDesc),
                          UDFIsADirectory(Fcb->FileInfo),
                          &SubjectContext,
                          IoGetFileObjectGenericMapping(),
                          NonPagedPool);
         SeReleaseSubjectContext(&SubjectContext);
         UDFConvertToSelfRelative(&(Fcb->NTRequiredFCB->SecurityDesc));

         if(!NT_SUCCESS(RC)) {
 Clean_Up_SD:
             UDFDeassignAcl(Fcb->NTRequiredFCB, AutoInherit);
             return RC;
         }
     }

     RC = UDFCheckAccessRights(FileObject, AccessState, Fcb, Ccb, DesiredAccess, ShareAccess);
     if(!NT_SUCCESS(RC))
         goto Clean_Up_SD;
     return RC;

 #endif //UDF_ENABLE_SECURITY

 } // end UDFSetAccessRights()

_SECURITY_DESCRIPTOR
Definition: ms-dtyp.idl:301

IoGetFileObjectGenericMapping
PGENERIC_MAPPING NTAPI IoGetFileObjectGenericMapping(VOID)
Definition: file.c:3266

_UDFFileControlBlock
Definition: struct.h:251

UDFAcquireResourceExclusive
#define UDFAcquireResourceExclusive(Resource, CanWait)
Definition: env_spec_w32.h:656

PCHAR
signed char * PCHAR
Definition: retypes.h:7

DbgAllocatePool
#define DbgAllocatePool
Definition: env_spec_w32.h:332

UDF_VCB_FLAGS_MEDIA_READ_ONLY
#define UDF_VCB_FLAGS_MEDIA_READ_ONLY
Definition: udf_common.h:481

UDF_VCB_IC_WRITE_IN_RO_DIR
#define UDF_VCB_IC_WRITE_IN_RO_DIR
Definition: udf_common.h:499

UDFReleaseIrpContext
VOID UDFReleaseIrpContext(PtrUDFIrpContext PtrIrpContext)
Definition: misc.cpp:1086

UDFAllocateIrpContext
PtrUDFIrpContext UDFAllocateIrpContext(PIRP Irp, PDEVICE_OBJECT PtrTargetDeviceObject)
Definition: misc.cpp:985

SeCaptureSubjectContext
VOID NTAPI SeCaptureSubjectContext(OUT PSECURITY_SUBJECT_CONTEXT SubjectContext)
Definition: access.c:301

PSECURITY_DESCRIPTOR
struct _SECURITY_DESCRIPTOR * PSECURITY_DESCRIPTOR
Definition: security.c:97

SeAccessCheck
BOOLEAN NTAPI SeAccessCheck(IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext, IN BOOLEAN SubjectContextLocked, IN ACCESS_MASK DesiredAccess, IN ACCESS_MASK PreviouslyGrantedAccess, OUT PPRIVILEGE_SET *Privileges, IN PGENERIC_MAPPING GenericMapping, IN KPROCESSOR_MODE AccessMode, OUT PACCESS_MASK GrantedAccess, OUT PNTSTATUS AccessStatus)
Definition: accesschk.c:340

RtlValidSecurityDescriptor
NTSYSAPI BOOLEAN NTAPI RtlValidSecurityDescriptor(IN PSECURITY_DESCRIPTOR SecurityDescriptor)
Definition: sd.c:1055

FILE_WRITE_EA
#define FILE_WRITE_EA
Definition: nt_native.h:640

IN
#define IN
Definition: typedefs.h:39

BufferLength
_Must_inspect_result_ _In_ WDFDEVICE _In_ DEVICE_REGISTRY_PROPERTY _In_ ULONG BufferLength
Definition: wdfdevice.h:3767

SubjectContext
_Inout_ PLIST_ENTRY _In_ PVOID _In_ PSTRING _In_ BOOLEAN _In_ BOOLEAN _In_ ULONG _In_ PFLT_CALLBACK_DATA _In_opt_ PCHECK_FOR_TRAVERSE_ACCESS _In_opt_ PSECURITY_SUBJECT_CONTEXT SubjectContext
Definition: fltkernel.h:2239

DesiredAccess
_Must_inspect_result_ _In_ WDFDEVICE _In_ ULONG _In_ ACCESS_MASK DesiredAccess
Definition: wdfdevice.h:2654

SeReleaseSubjectContext
VOID NTAPI SeReleaseSubjectContext(IN PSECURITY_SUBJECT_CONTEXT SubjectContext)
Definition: access.c:360

GetExceptionInformation
#define GetExceptionInformation()
Definition: seh.h:26

UDFPrint
#define UDFPrint(Args)
Definition: udffs.h:225

SeSetSecurityDescriptorInfo
NTKERNELAPI NTSTATUS NTAPI SeSetSecurityDescriptorInfo(_In_opt_ PVOID Object, _In_ PSECURITY_INFORMATION SecurityInformation, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _Inout_ PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor, _In_ POOL_TYPE PoolType, _In_ PGENERIC_MAPPING GenericMapping)

PtrUDFCCB
struct _UDFContextControlBlock * PtrUDFCCB

NonPagedPool
Definition: ketypes.h:866

STATUS_INSUFFICIENT_RESOURCES
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158

FsRtlEnterFileSystem
#define FsRtlEnterFileSystem

RtlSetGroupSecurityDescriptor
NTSYSAPI NTSTATUS NTAPI RtlSetGroupSecurityDescriptor(IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor, IN PSID Group, IN BOOLEAN GroupDefaulted)
Definition: sd.c:410

AdPrint
#define AdPrint(_x_)
Definition: env_spec_w32.h:292

FILE_ALL_ACCESS
#define FILE_ALL_ACCESS
Definition: nt_native.h:651

ACCESS_SYSTEM_SECURITY
#define ACCESS_SYSTEM_SECURITY
Definition: nt_native.h:77

_UDFData::AclName
UNICODE_STRING AclName
Definition: udf_common.h:618

KdDump
#define KdDump(a, b)
Definition: env_spec_w32.h:312

FsRtlExitFileSystem
#define FsRtlExitFileSystem

UDFCheckAccessRights
NTSTATUS UDFCheckAccessRights(PFILE_OBJECT FileObject, PACCESS_STATE AccessState, PtrUDFFCB Fcb, PtrUDFCCB Ccb, ACCESS_MASK DesiredAccess, USHORT ShareAccess)
Definition: secursup.cpp:927

_ACCESS_ALLOWED_ACE
Definition: ms-dtyp.idl:215

UDFLogEvent
VOID UDFLogEvent(NTSTATUS UDFEventLogId, NTSTATUS RC)
Definition: misc.cpp:575

UDFWriteSecurity
NTSTATUS UDFWriteSecurity(IN PVCB Vcb, IN PtrUDFFCB Fcb, IN PSECURITY_DESCRIPTOR *SecurityDesc)
Definition: secursup.cpp:796

TRUE
#define TRUE
Definition: types.h:120

STATUS_INVALID_PARAMETER
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135

_ACL
Definition: ms-dtyp.idl:293

UDFCommonSetSecurity
NTSTATUS UDFCommonSetSecurity(PtrUDFIrpContext PtrIrpContext, PIRP Irp)

UDFReleaseResource
#define UDFReleaseResource(Resource)
Definition: env_spec_w32.h:661

NTSTATUS
LONG NTSTATUS
Definition: precomp.h:26

_UDF_FILE_INFO
Definition: udf_rel.h:346

UDFLookUpAcl
PSECURITY_DESCRIPTOR UDFLookUpAcl(IN PVCB Vcb, PFILE_OBJECT FileObject, IN PtrUDFFCB Fcb)
Definition: secursup.cpp:915

_IO_STACK_LOCATION
Definition: iotypes.h:3110

_VCB
Definition: cdstruc.h:498

UDFSetSecurity
NTSTATUS UDFSetSecurity(PDEVICE_OBJECT DeviceObject, PIRP Irp)

SeSinglePrivilegeCheck
BOOLEAN NTAPI SeSinglePrivilegeCheck(IN LUID PrivilegeValue, IN KPROCESSOR_MODE PreviousMode)
Definition: priv.c:520

RtlSetOwnerSecurityDescriptor
NTSYSAPI NTSTATUS WINAPI RtlSetOwnerSecurityDescriptor(PSECURITY_DESCRIPTOR, PSID, BOOLEAN)

UDFGetFileSize
int64 UDFGetFileSize(IN PUDF_FILE_INFO FileInfo)
Definition: udf_info.cpp:1236

GROUP_SECURITY_INFORMATION
#define GROUP_SECURITY_INFORMATION
Definition: setypes.h:124

RtlCreateSecurityDescriptor
NTSYSAPI NTSTATUS NTAPI RtlCreateSecurityDescriptor(_Out_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ ULONG Revision)

IoSetShareAccess
VOID NTAPI IoSetShareAccess(IN ACCESS_MASK DesiredAccess, IN ULONG DesiredShareAccess, IN PFILE_OBJECT FileObject, OUT PSHARE_ACCESS ShareAccess)
Definition: file.c:3516

UDFCreateStreamDir__
OSSTATUS UDFCreateStreamDir__(IN PVCB Vcb, IN PUDF_FILE_INFO FileInfo, OUT PUDF_FILE_INFO *_SDirInfo)
Definition: udf_info.cpp:4888

WRITE_OWNER
#define WRITE_OWNER
Definition: nt_native.h:60

RtlAddAccessAllowedAce
NTSYSAPI NTSTATUS WINAPI RtlAddAccessAllowedAce(PACL, DWORD, DWORD, PSID)

FILE_APPEND_DATA
#define FILE_APPEND_DATA
Definition: nt_native.h:634

RtlSetDaclSecurityDescriptor
NTSYSAPI NTSTATUS WINAPI RtlSetDaclSecurityDescriptor(PSECURITY_DESCRIPTOR, BOOLEAN, PACL, BOOLEAN)

RtlLengthSecurityDescriptor
NTSYSAPI ULONG WINAPI RtlLengthSecurityDescriptor(PSECURITY_DESCRIPTOR)

UDF_IRP_CONTEXT_CAN_BLOCK
#define UDF_IRP_CONTEXT_CAN_BLOCK
Definition: struct.h:385

ShareAccess
_In_ PIO_STACK_LOCATION _Inout_ PFILE_OBJECT _Inout_ PVCB _Outptr_result_maybenull_ PDCB _In_ PDCB _In_ PDIRENT _In_ ULONG _In_ ULONG _In_ PUNICODE_STRING _In_ PACCESS_MASK _In_ USHORT ShareAccess
Definition: create.c:4137

STATUS_BUFFER_TOO_SMALL
#define STATUS_BUFFER_TOO_SMALL
Definition: shellext.h:69

_SEH2_TRY
_SEH2_TRY
Definition: create.c:4226

_SE_EXPORTS::SeSecurityPrivilege
LUID SeSecurityPrivilege
Definition: setypes.h:1147

RtlCreateAcl
NTSYSAPI NTSTATUS NTAPI RtlCreateAcl(PACL Acl, ULONG AclSize, ULONG AclRevision)

UDF_VCB_FLAGS_RAW_DISK
#define UDF_VCB_FLAGS_RAW_DISK
Definition: udf_common.h:476

SECURITY_DESCRIPTOR_REVISION
#define SECURITY_DESCRIPTOR_REVISION
Definition: setypes.h:58

UDF_VCB_IC_DIRTY_RO
#define UDF_VCB_IC_DIRTY_RO
Definition: udf_common.h:516

UDF_VCB_FLAGS_VOLUME_READ_ONLY
#define UDF_VCB_FLAGS_VOLUME_READ_ONLY
Definition: udf_common.h:463

DeviceObject
_In_ PDEVICE_OBJECT DeviceObject
Definition: wdfdevice.h:2055

STATUS_NOT_IMPLEMENTED
return STATUS_NOT_IMPLEMENTED
Definition: fxdriverapium.cpp:241

UDFAssignAcl
NTSTATUS UDFAssignAcl(IN PVCB Vcb, IN PFILE_OBJECT FileObject, IN PtrUDFFCB Fcb, IN PtrUDFNTRequiredFCB NtReqFcb)
Definition: secursup.cpp:706

PERESOURCE
ERESOURCE * PERESOURCE
Definition: env_spec_w32.h:595

FILE_DELETE_CHILD
#define FILE_DELETE_CHILD
Definition: nt_native.h:645

IO_DISK_INCREMENT
#define IO_DISK_INCREMENT
Definition: iotypes.h:600

FILE_ADD_FILE
#define FILE_ADD_FILE
Definition: nt_native.h:632

FALSE
#define FALSE
Definition: types.h:117

SeExports
PSE_EXPORTS SeExports
Definition: semgr.c:20

Irp
_In_ PIRP Irp
Definition: csq.h:116

_UDFIrpContext
Definition: struct.h:362

SECURITY_INFORMATION
DWORD SECURITY_INFORMATION
Definition: ms-dtyp.idl:311

UDFIsADirectory
#define UDFIsADirectory(FileInfo)
Definition: udf_info.h:792

FILE_ACTION_MODIFIED
#define FILE_ACTION_MODIFIED

STATUS_INVALID_USER_BUFFER
#define STATUS_INVALID_USER_BUFFER
Definition: udferr_usr.h:166

BOOLEAN
unsigned char BOOLEAN
Definition: ProcessorBind.h:185

ACL
struct _ACL ACL

IoCompleteRequest
#define IoCompleteRequest
Definition: irp.c:1240

UDFReadSecurity
NTSTATUS UDFReadSecurity(IN PVCB Vcb, IN PtrUDFFCB Fcb, IN PSECURITY_DESCRIPTOR *SecurityDesc)
Definition: secursup.cpp:420

SecurityInformation
_Must_inspect_result_ _In_ PFILE_OBJECT _In_ SECURITY_INFORMATION SecurityInformation
Definition: fltkernel.h:1339

UDFFlushFile__
OSSTATUS UDFFlushFile__(IN PVCB Vcb, IN PUDF_FILE_INFO FileInfo, IN ULONG FlushFlags)
Definition: udf_info.cpp:4119

_DEVICE_OBJECT
Definition: env_spec_w32.h:413

FILE_WRITE_DATA
#define FILE_WRITE_DATA
Definition: nt_native.h:631

UDFDeassignAcl
VOID UDFDeassignAcl(IN PtrUDFNTRequiredFCB NtReqFcb, IN BOOLEAN AutoInherited)
Definition: secursup.cpp:772

UDFNotifyFullReportChange
__inline VOID UDFNotifyFullReportChange(PVCB V, PUDF_FILE_INFO FI, ULONG E, ULONG A)
Definition: env_spec.h:99

FileObject
_In_ WDFREQUEST _In_ WDFFILEOBJECT FileObject
Definition: wdfdevice.h:547

UDFOpenStreamDir__
OSSTATUS UDFOpenStreamDir__(IN PVCB Vcb, IN PUDF_FILE_INFO FileInfo, OUT PUDF_FILE_INFO *_SDirInfo)
Definition: udf_info.cpp:4965

UDFExceptionHandler
NTSTATUS UDFExceptionHandler(PtrUDFIrpContext PtrIrpContext, PIRP Irp)
Definition: misc.cpp:358

UDFIsAStreamDir
#define UDFIsAStreamDir(FI)
Definition: udf_info.h:998

DbgFreePool
#define DbgFreePool
Definition: env_spec_w32.h:334

PACL
struct _ACL * PACL
Definition: security.c:104

UDFCleanUpFile__
uint32 UDFCleanUpFile__(IN PVCB Vcb, IN PUDF_FILE_INFO FileInfo)
Definition: udf_info.cpp:2276

UDFCreateFile__
OSSTATUS UDFCreateFile__(IN PVCB Vcb, IN BOOLEAN IgnoreCase, IN PUNICODE_STRING _fn, IN uint32 ExtAttrSz, IN uint32 ImpUseLen, IN BOOLEAN Extended, IN BOOLEAN CreateNew, IN OUT PUDF_FILE_INFO DirInfo, OUT PUDF_FILE_INFO *_FileInfo)
Definition: udf_info.cpp:2577

_FCB::OpenHandleCount
ULONG OpenHandleCount
Definition: ntfs.h:533

UDFGetSecurity
NTSTATUS UDFGetSecurity(PDEVICE_OBJECT DeviceObject, PIRP Irp)

STATUS_NOT_FOUND
#define STATUS_NOT_FOUND
Definition: shellext.h:72

UDF_CCB_VOLUME_OPEN
#define UDF_CCB_VOLUME_OPEN
Definition: struct.h:166

_ACCESS_STATE
Definition: setypes.h:196

ASSERT
#define ASSERT(a)
Definition: mode.c:44

UserMode
Definition: ketypes.h:12

NT_SUCCESS
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32

STATUS_PENDING
#define STATUS_PENDING
Definition: ntstatus.h:82

try_return
#define try_return(S)
Definition: cdprocs.h:2179

EXCEPTION_EXECUTE_HANDLER
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:85

UDFSetAccessRights
NTSTATUS UDFSetAccessRights(PFILE_OBJECT FileObject, PACCESS_STATE AccessState, PtrUDFFCB Fcb, PtrUDFCCB Ccb, ACCESS_MASK DesiredAccess, USHORT ShareAccess)
Definition: secursup.cpp:1049

Vcb
#define Vcb
Definition: cdprocs.h:1415

MyFreePool__
#define MyFreePool__(addr)
Definition: mem_tools.h:152

UDF_FCB_DIRECTORY
#define UDF_FCB_DIRECTORY
Definition: struct.h:303

BrutePoint
#define BrutePoint()
Definition: env_spec_w32.h:504

SACL_SECURITY_INFORMATION
#define SACL_SECURITY_INFORMATION
Definition: setypes.h:126

UDFOpenFile__
OSSTATUS UDFOpenFile__(IN PVCB Vcb, IN BOOLEAN IgnoreCase, IN BOOLEAN NotDeleted, IN PUNICODE_STRING fn, IN PUDF_FILE_INFO DirInfo, OUT PUDF_FILE_INFO *_FileInfo, IN uint_di *IndexToOpen)
Definition: udf_info.cpp:2004

WRITE_DAC
#define WRITE_DAC
Definition: nt_native.h:59

Len
#define Len
Definition: deflate.h:82

STATUS_ACCESS_DENIED
#define STATUS_ACCESS_DENIED
Definition: udferr_usr.h:145

FULL_SECURITY_INFORMATION
#define FULL_SECURITY_INFORMATION
Definition: ntifs_ex.h:118

STATUS_NO_SECURITY_ON_OBJECT
#define STATUS_NO_SECURITY_ON_OBJECT
Definition: ntstatus.h:451

PFILE_OBJECT
* PFILE_OBJECT
Definition: iotypes.h:1998

UDFIsIrpTopLevel
BOOLEAN __fastcall UDFIsIrpTopLevel(PIRP Irp)
Definition: misc.cpp:228

AccessState
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE AccessState
Definition: sefuncs.h:414

NtReqFcb
#define NtReqFcb

IoSetTopLevelIrp
VOID NTAPI IoSetTopLevelIrp(IN PIRP Irp)
Definition: irp.c:2000

UDFGlobalData
UDFData UDFGlobalData
Definition: udfinit.cpp:25

UDFWriteFile__
OSSTATUS UDFWriteFile__(IN PVCB Vcb, IN PUDF_FILE_INFO FileInfo, IN int64 Offset, IN SIZE_T Length, IN BOOLEAN Direct, IN int8 *Buffer, OUT PSIZE_T WrittenBytes)
Definition: udf_info.cpp:1605

_UDFNTRequiredFCB
Definition: struct.h:202

UDFExceptionFilter
long UDFExceptionFilter(PtrUDFIrpContext PtrIrpContext, PEXCEPTION_POINTERS PtrExceptionPointers)
Definition: misc.cpp:265

_UDFContextControlBlock
Definition: struct.h:108

FILE_ADD_SUBDIRECTORY
#define FILE_ADD_SUBDIRECTORY
Definition: nt_native.h:635

Ccb
_Inout_ PFILE_OBJECT _In_ TYPE_OF_OPEN PFCB _In_opt_ PCCB Ccb
Definition: cdprocs.h:588

NOTHING
#define NOTHING
Definition: env_spec_w32.h:461

UDFCloseFile__
OSSTATUS UDFCloseFile__(IN PVCB Vcb, IN PUDF_FILE_INFO FileInfo)
Definition: udf_info.cpp:2994

_IRP
Definition: Bus_PDO_QueryResourceRequirements.c:92

UDFReadFile__
__inline OSSTATUS UDFReadFile__(IN PVCB Vcb, IN PUDF_FILE_INFO FileInfo, IN int64 Offset, IN SIZE_T Length, IN BOOLEAN Direct, OUT int8 *Buffer, OUT PSIZE_T ReadBytes)
Definition: udf_info.h:666

IoCheckShareAccess
NTSTATUS NTAPI IoCheckShareAccess(IN ACCESS_MASK DesiredAccess, IN ULONG DesiredShareAccess, IN PFILE_OBJECT FileObject, IN PSHARE_ACCESS ShareAccess, IN BOOLEAN Update)
Definition: file.c:3389

UDFGetCallersBuffer
PVOID UDFGetCallersBuffer(PtrUDFIrpContext PtrIrpContext, PIRP Irp)
Definition: read.cpp:871

IoGetCurrentIrpStackLocation
__drv_aliasesMem FORCEINLINE PIO_STACK_LOCATION IoGetCurrentIrpStackLocation(_In_ PIRP Irp)
Definition: iofuncs.h:2793

UDF_ERROR_INTERNAL_ERROR
#define UDF_ERROR_INTERNAL_ERROR
Definition: errmsg.h:71

UDFPostRequest
NTSTATUS UDFPostRequest(IN PtrUDFIrpContext PtrIrpContext, IN PIRP Irp)
Definition: misc.cpp:1128

_IO_STACK_LOCATION::FileObject
PFILE_OBJECT FileObject
Definition: iotypes.h:3169

AbnormalTermination
#define AbnormalTermination()
Definition: seh.h:28

STATUS_OBJECT_NAME_NOT_FOUND
#define STATUS_OBJECT_NAME_NOT_FOUND
Definition: udferr_usr.h:149

USHORT
unsigned short USHORT
Definition: pedump.c:61

IrpSp
_In_ PIO_STACK_LOCATION IrpSp
Definition: create.c:4137

UDF_CHECK_PAGING_IO_RESOURCE
#define UDF_CHECK_PAGING_IO_RESOURCE(NTReqFCB)
Definition: udffs.h:262

FILE_NOTIFY_CHANGE_SECURITY
#define FILE_NOTIFY_CHANGE_SECURITY

UDF_FCB_READ_ONLY
#define UDF_FCB_READ_ONLY
Definition: struct.h:312

_SEH2_FINALLY
_SEH2_FINALLY
Definition: create.c:4371

UDFUnlinkFile__
OSSTATUS UDFUnlinkFile__(IN PVCB Vcb, IN PUDF_FILE_INFO FileInfo, IN BOOLEAN FreeSpace)
Definition: udf_info.cpp:1766

OWNER_SECURITY_INFORMATION
#define OWNER_SECURITY_INFORMATION
Definition: setypes.h:123

PULONG
unsigned int * PULONG
Definition: retypes.h:1

NULL
#define NULL
Definition: types.h:112

_SECURITY_SUBJECT_CONTEXT
Definition: setypes.h:189

ACL_REVISION
#define ACL_REVISION
Definition: setypes.h:39

OUT
#define OUT
Definition: typedefs.h:40

INTEGRITY_TYPE_OPEN
#define INTEGRITY_TYPE_OPEN
Definition: ecma_167.h:357

ULONG
unsigned int ULONG
Definition: retypes.h:1

RtlZeroMemory
#define RtlZeroMemory(Destination, Length)
Definition: typedefs.h:262

_FCB::Vcb
PVCB Vcb
Definition: cdstruc.h:933

SeQuerySecurityDescriptorInfo
NTKERNELAPI NTSTATUS NTAPI SeQuerySecurityDescriptorInfo(_In_ PSECURITY_INFORMATION SecurityInformation, _Out_writes_bytes_(*Length) PSECURITY_DESCRIPTOR SecurityDescriptor, _Inout_ PULONG Length, _Inout_ PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor)

udffs.h

_SE_EXPORTS::SeWorldSid
PSID SeWorldSid
Definition: setypes.h:1165

_SEH2_EXCEPT
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:40

STATUS_SUCCESS
#define STATUS_SUCCESS
Definition: shellext.h:65

_UDF_FILE_INFO::Fcb
struct _UDFFileControlBlock * Fcb
Definition: udf_rel.h:362

void
Definition: nsiface.idl:2306

_IO_STACK_LOCATION::Parameters
struct _NAMED_PIPE_CREATE_PARAMETERS * Parameters
Definition: iotypes.h:3128

Fcb
_In_ PFCB Fcb
Definition: cdprocs.h:159

UDFIsAStream
#define UDFIsAStream(FI)
Definition: udf_info.h:1002

UDFCommonGetSecurity
NTSTATUS UDFCommonGetSecurity(PtrUDFIrpContext PtrIrpContext, PIRP Irp)

IoUpdateShareAccess
VOID NTAPI IoUpdateShareAccess(IN PFILE_OBJECT FileObject, OUT PSHARE_ACCESS ShareAccess)
Definition: file.c:3350

FileInfo
Definition: DriveVolume.h:52

ACCESS_MASK
ULONG ACCESS_MASK
Definition: nt_native.h:40

DACL_SECURITY_INFORMATION
#define DACL_SECURITY_INFORMATION
Definition: setypes.h:125

UDF_NTREQ_FCB_SD_MODIFIED
#define UDF_NTREQ_FCB_SD_MODIFIED
Definition: struct.h:233

_FCB::Fcb
struct _FCB::@704::@707 Fcb

DELETE
#define DELETE
Definition: nt_native.h:57