NTSTATUS
NTAPI
NpCommonQuerySecurityInfo(IN PDEVICE_OBJECT DeviceObject,
IN PIRP Irp)
{
NODE_TYPE_CODE NodeTypeCode;
PIO_STACK_LOCATION IoStack;
NTSTATUS Status;
PNP_FCB Fcb;
PNP_CCB Ccb;
ULONG NamedPipeEnd;
PAGED_CODE();
IoStack = IoGetCurrentIrpStackLocation(Irp);
NodeTypeCode = NpDecodeFileObject(IoStack->FileObject,
(PVOID*)&Fcb,
&Ccb,
&NamedPipeEnd);
if (!NodeTypeCode) return STATUS_PIPE_DISCONNECTED;
if (NodeTypeCode != NPFS_NTC_CCB) return STATUS_INVALID_PARAMETER;
Status = SeQuerySecurityDescriptorInfo(&IoStack->Parameters.QuerySecurity.SecurityInformation,
Irp->UserBuffer,
&IoStack->Parameters.QuerySecurity.Length,
&Fcb->SecurityDescriptor);
if (Status == STATUS_BUFFER_TOO_SMALL)
{
Irp->IoStatus.Information = IoStack->Parameters.QuerySecurity.Length;
Status = STATUS_BUFFER_OVERFLOW;
}
return Status;
}
NTSTATUS
NTAPI
ObQuerySecurityDescriptorInfo(IN PVOID Object,
IN PSECURITY_INFORMATION SecurityInformation,
OUT PSECURITY_DESCRIPTOR SecurityDescriptor,
IN OUT PULONG Length,
IN PSECURITY_DESCRIPTOR *OutputSecurityDescriptor)
{
POBJECT_HEADER ObjectHeader;
NTSTATUS Status;
PSECURITY_DESCRIPTOR ObjectSd;
PAGED_CODE();
/* Get the object header */
ObjectHeader = OBJECT_TO_OBJECT_HEADER(Object);
/* Get the SD */
ObjectSd = ObpReferenceSecurityDescriptor(ObjectHeader);
/* Query the information */
Status = SeQuerySecurityDescriptorInfo(SecurityInformation,
SecurityDescriptor,
Length,
&ObjectSd);
/* Check if we have an object SD and dereference it, if so */
if (ObjectSd) ObDereferenceSecurityDescriptor(ObjectSd, 1);
/* Return status */
return Status;
}
NTSTATUS
NdNtfsSecondaryCommonSetSecurityInfo (
IN PIRP_CONTEXT IrpContext,
IN PIRP Irp
)
{
NTSTATUS status;
PVOLUME_DEVICE_OBJECT volDo = CONTAINING_RECORD( IrpContext->Vcb, VOLUME_DEVICE_OBJECT, Vcb );
BOOLEAN secondarySessionResourceAcquired = FALSE;
PIO_STACK_LOCATION irpSp = IoGetCurrentIrpStackLocation(Irp);
PFILE_OBJECT fileObject = irpSp->FileObject;
TYPE_OF_OPEN typeOfOpen;
PVCB vcb;
PFCB fcb;
PSCB scb;
PCCB ccb;
PSECONDARY_REQUEST secondaryRequest = NULL;
PNDFS_REQUEST_HEADER ndfsRequestHeader;
PNDFS_WINXP_REQUEST_HEADER ndfsWinxpRequestHeader;
PNDFS_WINXP_REPLY_HEADER ndfsWinxpReplytHeader;
_U8 *ndfsWinxpRequestData;
LARGE_INTEGER timeOut;
struct SetSecurity setSecurity;
PVOID inputBuffer = NULL;
ULONG inputBufferLength = 0;
ULONG securityLength = 0;
ASSERT( KeGetCurrentIrql() < DISPATCH_LEVEL );
if(volDo->Secondary == NULL) {
status = Irp->IoStatus.Status = STATUS_IO_DEVICE_ERROR;
Irp->IoStatus.Information = 0;
return status;
}
try {
secondarySessionResourceAcquired
= SecondaryAcquireResourceExclusiveLite( IrpContext,
&volDo->Secondary->SessionResource,
BooleanFlagOn(IrpContext->State, IRP_CONTEXT_STATE_WAIT) );
if (FlagOn(volDo->Secondary->Thread.Flags, SECONDARY_THREAD_FLAG_REMOTE_DISCONNECTED) ) {
PrintIrp( Dbg2, "SECONDARY_THREAD_FLAG_REMOTE_DISCONNECTED", NULL, IrpContext->OriginatingIrp );
NtfsRaiseStatus( IrpContext, STATUS_CANT_WAIT, NULL, NULL );
}
typeOfOpen = NtfsDecodeFileObject( IrpContext, fileObject, &vcb, &fcb, &scb, &ccb, TRUE );
if(FlagOn(ccb->NdNtfsFlags, ND_NTFS_CCB_FLAG_UNOPENED)) {
ASSERT( FlagOn(ccb->NdNtfsFlags, ND_NTFS_CCB_FLAG_CORRUPTED) );
try_return( status = STATUS_FILE_CORRUPT_ERROR );
}
setSecurity.SecurityDescriptor = irpSp->Parameters.SetSecurity.SecurityDescriptor;
setSecurity.SecurityInformation = irpSp->Parameters.SetSecurity.SecurityInformation;
status = SeQuerySecurityDescriptorInfo( &setSecurity.SecurityInformation,
NULL,
&securityLength,
&setSecurity.SecurityDescriptor );
DebugTrace( 0, Dbg, ("NdNtfsSecondaryCommonSetSecurityInfo: The length of the security desc:%lu\n",securityLength) );
if( (!securityLength && status == STATUS_BUFFER_TOO_SMALL ) ||
(securityLength && status != STATUS_BUFFER_TOO_SMALL ))
{
ASSERT(NDASNTFS_UNEXPECTED);
NtfsRaiseStatus( IrpContext, status, NULL, NULL );
}
inputBufferLength = securityLength;
secondaryRequest = ALLOC_WINXP_SECONDARY_REQUEST( volDo->Secondary,
IRP_MJ_SET_SECURITY,
inputBufferLength );
if(secondaryRequest == NULL) {
status = Irp->IoStatus.Status = STATUS_INSUFFICIENT_RESOURCES;
Irp->IoStatus.Information = 0;
try_return( status );
}
ndfsRequestHeader = &secondaryRequest->NdfsRequestHeader;
INITIALIZE_NDFS_REQUEST_HEADER( ndfsRequestHeader,
NDFS_COMMAND_EXECUTE,
volDo->Secondary,
IRP_MJ_SET_SECURITY,
inputBufferLength );
ndfsWinxpRequestHeader = (PNDFS_WINXP_REQUEST_HEADER)(ndfsRequestHeader+1);
ASSERT( ndfsWinxpRequestHeader == (PNDFS_WINXP_REQUEST_HEADER)secondaryRequest->NdfsRequestData );
INITIALIZE_NDFS_WINXP_REQUEST_HEADER( ndfsWinxpRequestHeader, Irp, irpSp, ccb->PrimaryFileHandle );
ndfsWinxpRequestHeader->SetSecurity.Length = inputBufferLength;
ndfsWinxpRequestHeader->SetSecurity.SecurityInformation = setSecurity.SecurityInformation;
ndfsWinxpRequestData = (_U8 *)(ndfsWinxpRequestHeader+1);
status = SeQuerySecurityDescriptorInfo( &setSecurity.SecurityInformation,
(PSECURITY_DESCRIPTOR)ndfsWinxpRequestData,
&securityLength,
&setSecurity.SecurityDescriptor );
if(status != STATUS_SUCCESS) {
ASSERT(NDASNTFS_UNEXPECTED);
DereferenceSecondaryRequest( secondaryRequest );
secondaryRequest = NULL;
try_return( status );
}
secondaryRequest->RequestType = SECONDARY_REQ_SEND_MESSAGE;
QueueingSecondaryRequest( volDo->Secondary, secondaryRequest );
timeOut.QuadPart = -NDNTFS_TIME_OUT;
status = KeWaitForSingleObject( &secondaryRequest->CompleteEvent, Executive, KernelMode, FALSE, &timeOut );
if(status != STATUS_SUCCESS) {
secondaryRequest = NULL;
try_return( status = STATUS_IO_DEVICE_ERROR );
}
KeClearEvent( &secondaryRequest->CompleteEvent );
if (secondaryRequest->ExecuteStatus != STATUS_SUCCESS) {
if (IrpContext->OriginatingIrp)
PrintIrp( Dbg2, "secondaryRequest->ExecuteStatus != STATUS_SUCCESS", NULL, IrpContext->OriginatingIrp );
DebugTrace( 0, Dbg2, ("secondaryRequest->ExecuteStatus != STATUS_SUCCESS file = %s, line = %d\n", __FILE__, __LINE__) );
NtfsRaiseStatus( IrpContext, STATUS_CANT_WAIT, NULL, NULL );
}
ndfsWinxpReplytHeader = (PNDFS_WINXP_REPLY_HEADER)secondaryRequest->NdfsReplyData;
status = Irp->IoStatus.Status = ndfsWinxpReplytHeader->Status;
Irp->IoStatus.Information = ndfsWinxpReplytHeader->Information;
try_exit: NOTHING;
} finally {
if( secondarySessionResourceAcquired == TRUE ) {
SecondaryReleaseResourceLite( IrpContext, &volDo->Secondary->SessionResource );
}
if(secondaryRequest)
DereferenceSecondaryRequest( secondaryRequest );
}
return status;
}
NTSTATUS
IopGetSetSecurityObject(
IN PVOID Object,
IN SECURITY_OPERATION_CODE OperationCode,
IN PSECURITY_INFORMATION SecurityInformation,
IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor,
IN OUT PULONG CapturedLength,
IN OUT PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor,
IN POOL_TYPE PoolType,
IN PGENERIC_MAPPING GenericMapping
)
/*++
Routine Description:
This routine is invoked to either query or set the security descriptor
for a file, directory, volume, or device. It implements these functions
by either performing an in-line check if the file is a device or a
volume, or an I/O Request Packet (IRP) is generated and given to the
driver to perform the operation.
Arguments:
Object - Pointer to the file or device object representing the open object.
SecurityInformation - Information about what is being done to or obtained
from the object's security descriptor.
SecurityDescriptor - Supplies the base security descriptor and returns
the final security descriptor. Note that if this buffer is coming
from user space, it has already been probed by the object manager
to length "CapturedLength", otherwise it points to kernel space and
should not be probed. It must, however, be referenced in a try
clause.
CapturedLength - For a query operation this specifies the size, in
bytes, of the output security descriptor buffer and on return
contains the number of bytes needed to store the complete security
descriptor. If the length needed is greater than the length
supplied the operation will fail. This parameter is ignored for
the set and delete operations. It is expected to point into
system space, ie, it need not be probed and it will not change.
ObjectsSecurityDescriptor - Supplies and returns the object's security
descriptor.
PoolType - Specifies from which type of pool memory is to be allocated.
GenericMapping - Supplies the generic mapping for the object type.
Return Value:
The final status of the operation is returned as the function value.
--*/
{
NTSTATUS status;
PFILE_OBJECT fileObject;
PDEVICE_OBJECT deviceObject;
PDEVICE_OBJECT devicePDO = NULL;
BOOLEAN synchronousIo;
UNREFERENCED_PARAMETER( ObjectsSecurityDescriptor );
UNREFERENCED_PARAMETER( PoolType );
PAGED_CODE();
//
// Begin by determining whether the security operation is to be performed
// in this routine or by the driver. This is based upon whether the
// object represents a device object, or it represents a file object
// to a device, or a file on the device. If the open is a direct device
// open then use the device object.
//
if (((PDEVICE_OBJECT) (Object))->Type == IO_TYPE_DEVICE) {
deviceObject = (PDEVICE_OBJECT) Object;
fileObject = (PFILE_OBJECT) NULL;
} else {
fileObject = (PFILE_OBJECT) Object;
if (fileObject->Flags & FO_DIRECT_DEVICE_OPEN) {
deviceObject = IoGetAttachedDevice( fileObject->DeviceObject );
}
else {
deviceObject = fileObject->DeviceObject;
}
}
if (!fileObject ||
(!fileObject->FileName.Length && !fileObject->RelatedFileObject) ||
(fileObject->Flags & FO_DIRECT_DEVICE_OPEN)) {
//
// This security operation is for the device itself, either through
// a file object, or directly to the device object. For the latter
// case, assignment operations are also possible. Also note that
// this may be a stream file object, which do not have security.
// The security for a stream file is actually represented by the
// security descriptor on the file itself, or the volume, or the
// device.
//
if (OperationCode == AssignSecurityDescriptor) {
//
// Simply assign the security descriptor to the device object,
// if this is a device object.
//
if (fileObject == NULL || !(fileObject->Flags & FO_STREAM_FILE)) {
KeEnterCriticalRegion();
ExAcquireResourceExclusive( &IopSecurityResource, TRUE );
deviceObject->SecurityDescriptor = SecurityDescriptor;
ExReleaseResource( &IopSecurityResource );
KeLeaveCriticalRegion();
}
status = STATUS_SUCCESS;
} else if (OperationCode == SetSecurityDescriptor) {
//
// This is a set operation. The SecurityInformation parameter
// determines what part of the SecurityDescriptor is going to
// be applied to the ObjectsSecurityDescriptor.
//
//
// if this deviceObject is attached to a PDO then we want
// to modify the security on the PDO and apply it up the
// device chain
//
if (fileObject == NULL || !(fileObject->Flags & FO_DIRECT_DEVICE_OPEN)) {
//
// see if there is a PDO for this object, and obtain it
//
devicePDO = IopGetDevicePDO(deviceObject);
} else {
devicePDO = NULL;
}
if (devicePDO) {
//
// set PDO and all attached device objects
//
status = IopSetDeviceSecurityDescriptors(devicePDO,SecurityInformation,SecurityDescriptor,PoolType,GenericMapping,TRUE);
ObDereferenceObject( devicePDO );
} else {
//
// set this device object only
//
status = IopSetDeviceSecurityDescriptors(deviceObject,SecurityInformation,SecurityDescriptor,PoolType,GenericMapping,FALSE);
}
} else if (OperationCode == QuerySecurityDescriptor) {
//
// This is a get operation. The SecurityInformation parameter
// determines what part of the SecurityDescriptor is going to
// be returned from the ObjectsSecurityDescriptor.
//
KeEnterCriticalRegion();
ExAcquireResourceShared( &IopSecurityResource, TRUE );
status = SeQuerySecurityDescriptorInfo( SecurityInformation,
SecurityDescriptor,
CapturedLength,
&deviceObject->SecurityDescriptor );
ExReleaseResource( &IopSecurityResource );
KeLeaveCriticalRegion();
} else {
//
// This is a delete operation. Simply indicate that everything
// worked just fine.
//
status = STATUS_SUCCESS;
}
} else if (OperationCode == DeleteSecurityDescriptor) {
//
// This is a delete operation for the security descriptor on a file
// object. This function will be performed by the file system once
// the FCB itself is deleted. Simply indicate that the operation
// was successful.
//
status = STATUS_SUCCESS;
} else {
PIRP irp;
IO_STATUS_BLOCK localIoStatus;
KEVENT event;
PIO_STACK_LOCATION irpSp;
KPROCESSOR_MODE requestorMode;
//
// This file object does not refer to the device itself. Rather, it
// refers to either a file or a directory on the device. This means
// that the request must be passed to the file system for processing.
// Note that the only requests that are passed through in this manner
// are SET or QUERY security operations. DELETE operations have
// already been taken care of above since the file system which just
// drop the storage on the floor when it really needs to, and ASSIGN
// operations are irrelevant to file systems since they never
// generate one because they never assign the security descriptor
// to the object in the first place, they just assign it to the FCB.
//
requestorMode = KeGetPreviousMode();
//
// Begin by referencing the object by pointer. Note that the object
// handle has already been checked for the appropriate access by the
// object system caller. This reference must be performed because
// standard I/O completion will dereference the object.
//
ObReferenceObject( fileObject );
//
// Make a special check here to determine whether this is a synchronous
// I/O operation. If it is, then wait here until the file is owned by
// the current thread. If this is not a (serialized) synchronous I/O
// operation, then initialize the local event.
//
if (fileObject->Flags & FO_SYNCHRONOUS_IO) {
BOOLEAN interrupted;
if (!IopAcquireFastLock( fileObject )) {
status = IopAcquireFileObjectLock( fileObject,
requestorMode,
(BOOLEAN) ((fileObject->Flags & FO_ALERTABLE_IO) != 0),
&interrupted );
if (interrupted) {
ObDereferenceObject( fileObject );
return status;
}
}
synchronousIo = TRUE;
} else {
KeInitializeEvent( &event, SynchronizationEvent, FALSE );
synchronousIo = FALSE;
}
//
// Set the file object to the Not-Signaled state.
//
KeClearEvent( &fileObject->Event );
//
// Get the address of the target device object.
//
deviceObject = IoGetRelatedDeviceObject( fileObject );
//
// Allocate and initialize the I/O Request Packet (IRP) for this
// operation. The allocation is performed with an exception handler
// in case the caller does not have enough quota to allocate the packet.
irp = IoAllocateIrp( deviceObject->StackSize, TRUE );
if (!irp) {
//
// An IRP could not be allocated. Cleanup and return an
// appropriate error status code.
//
IopAllocateIrpCleanup( fileObject, (PKEVENT) NULL );
return STATUS_INSUFFICIENT_RESOURCES;
}
irp->Tail.Overlay.OriginalFileObject = fileObject;
irp->Tail.Overlay.Thread = PsGetCurrentThread();
irp->RequestorMode = requestorMode;
//
// Fill in the service independent parameters in the IRP.
//
if (fileObject->Flags & FO_SYNCHRONOUS_IO) {
irp->UserEvent = (PKEVENT) NULL;
} else {
irp->UserEvent = &event;
irp->Flags = IRP_SYNCHRONOUS_API;
}
irp->UserIosb = &localIoStatus;
irp->Overlay.AsynchronousParameters.UserApcRoutine = (PIO_APC_ROUTINE) NULL;
//
// Get a pointer to the stack location for the first driver. This will
// be used to pass the original function codes and parameters.
//
irpSp = IoGetNextIrpStackLocation( irp );
//
// Now determine whether this is a set or a query operation.
//
if (OperationCode == QuerySecurityDescriptor) {
//
// This is a query operation. Fill in the appropriate fields in
// the stack location for the packet, as well as the fixed part
// of the packet. Note that each of these parameters has been
// captured as well, so there is no need to perform any probing.
// The only exception is the UserBuffer memory may change, but
// that is the file system's responsibility to check. Note that
// it has already been probed, so the pointer is at least not
// in an address space that the caller should not be accessing
// because of mode.
//
irpSp->MajorFunction = IRP_MJ_QUERY_SECURITY;
irpSp->Parameters.QuerySecurity.SecurityInformation = *SecurityInformation;
irpSp->Parameters.QuerySecurity.Length = *CapturedLength;
irp->UserBuffer = SecurityDescriptor;
} else {
//
// This is a set operation. Fill in the appropriate fields in
// the stack location for the packet. Note that access to the
// SecurityInformation parameter is safe, as the parameter was
// captured by the caller. Likewise, the SecurityDescriptor
// refers to a captured copy of the descriptor.
//
irpSp->MajorFunction = IRP_MJ_SET_SECURITY;
irpSp->Parameters.SetSecurity.SecurityInformation = *SecurityInformation;
irpSp->Parameters.SetSecurity.SecurityDescriptor = SecurityDescriptor;
}
irpSp->FileObject = fileObject;
//
// Insert the packet at the head of the IRP list for the thread.
//
IopQueueThreadIrp( irp );
//
// Update the operation count statistic for the current process for
// operations other than read and write.
//
IopUpdateOtherOperationCount();
//
// Everything has been properly set up, so simply invoke the driver.
//
status = IoCallDriver( deviceObject, irp );
//
// If this operation was a synchronous I/O operation, check the return
// status to determine whether or not to wait on the file object. If
// the file object is to be waited on, wait for the operation to be
// completed and obtain the final status from the file object itself.
//
if (synchronousIo) {
if (status == STATUS_PENDING) {
(VOID) KeWaitForSingleObject( &fileObject->Event,
Executive,
KernelMode,
FALSE,
(PLARGE_INTEGER) NULL );
status = fileObject->FinalStatus;
}
IopReleaseFileObjectLock( fileObject );
} else {
//
// This is a normal synchronous I/O operation, as opposed to a
// serialized synchronous I/O operation. For this case, wait
// for the local event and return the final status information
// back to the caller.
//
if (status == STATUS_PENDING) {
(VOID) KeWaitForSingleObject( &event,
Executive,
KernelMode,
FALSE,
(PLARGE_INTEGER) NULL );
status = localIoStatus.Status;
}
}
//
// If this operation was just attempted on a file system or a device
// driver of some kind that does not implement security, then return
// a normal null security descriptor.
//
if (status == STATUS_INVALID_DEVICE_REQUEST) {
//
// The file system does not implement a security policy. Determine
// what type of operation this was and implement the correct
// semantics for the file system.
//
if (OperationCode == QuerySecurityDescriptor) {
//
// The operation is a query. If the caller's buffer is too
// small, then indicate that this is the case and let him know
// what size buffer is required. Otherwise, attempt to return
// a null security descriptor.
//
try {
status = SeAssignWorldSecurityDescriptor(
SecurityDescriptor,
CapturedLength,
SecurityInformation
);
} except( EXCEPTION_EXECUTE_HANDLER ) {
//
// An exception was incurred while attempting to
// access the caller's buffer. Clean everything
// up and return an appropriate status code.
//
status = GetExceptionCode();
}
} else {
//
// This was an operation other than a query. Simply indicate
// that the operation was successful.
//
status = STATUS_SUCCESS;
}
} else if (OperationCode == QuerySecurityDescriptor) {
