reactos/drivers/filesystems/npfs/secursup.c

162 lines
4.2 KiB
C
Raw Normal View History

/*
* PROJECT: ReactOS Named Pipe FileSystem
* LICENSE: BSD - See COPYING.ARM in the top level directory
* FILE: drivers/filesystems/npfs/secursup.c
* PURPOSE: Pipes Security Support
* PROGRAMMERS: ReactOS Portable Systems Group
*/
/* INCLUDES *******************************************************************/
#include "npfs.h"
// File ID number for NPFS bugchecking support
#define NPFS_BUGCHECK_FILE_ID (NPFS_BUGCHECK_SECURSUP)
/* FUNCTIONS ******************************************************************/
NTSTATUS
NTAPI
NpImpersonateClientContext(IN PNP_CCB Ccb)
{
NTSTATUS Status;
PSECURITY_CLIENT_CONTEXT ClientContext;
PAGED_CODE();
ClientContext = Ccb->ClientContext;
if (ClientContext)
{
Status = SeImpersonateClientEx(ClientContext, NULL);
}
else
{
Status = STATUS_CANNOT_IMPERSONATE;
}
return Status;
}
VOID
NTAPI
NpFreeClientSecurityContext(IN PSECURITY_CLIENT_CONTEXT ClientContext)
{
TOKEN_TYPE TokenType;
PVOID ClientToken;
if (!ClientContext) return;
TokenType = SeTokenType(ClientContext->ClientToken);
ClientToken = ClientContext->ClientToken;
if ((TokenType == TokenPrimary) || (ClientToken))
{
ObDereferenceObject(ClientToken);
}
ExFreePool(ClientContext);
}
VOID
NTAPI
NpCopyClientContext(IN PNP_CCB Ccb,
IN PNP_DATA_QUEUE_ENTRY DataQueueEntry)
{
PAGED_CODE();
if (!DataQueueEntry->ClientSecurityContext) return;
NpFreeClientSecurityContext(Ccb->ClientContext);
Ccb->ClientContext = DataQueueEntry->ClientSecurityContext;
DataQueueEntry->ClientSecurityContext = NULL;
}
VOID
NTAPI
NpUninitializeSecurity(IN PNP_CCB Ccb)
{
PAGED_CODE();
NpFreeClientSecurityContext(Ccb->ClientContext);
Ccb->ClientContext = NULL;
}
NTSTATUS
NTAPI
NpInitializeSecurity(IN PNP_CCB Ccb,
IN PSECURITY_QUALITY_OF_SERVICE SecurityQos,
IN PETHREAD Thread)
{
PSECURITY_CLIENT_CONTEXT ClientContext;
NTSTATUS Status;
PAGED_CODE();
if (SecurityQos)
{
Ccb->ClientQos = *SecurityQos;
}
else
{
Ccb->ClientQos.Length = sizeof(Ccb->ClientQos);
Ccb->ClientQos.ImpersonationLevel = SecurityImpersonation;
Ccb->ClientQos.ContextTrackingMode = SECURITY_DYNAMIC_TRACKING;
Ccb->ClientQos.EffectiveOnly = TRUE;
}
NpUninitializeSecurity(Ccb);
if (Ccb->ClientQos.ContextTrackingMode == SECURITY_DYNAMIC_TRACKING)
{
Status = STATUS_SUCCESS;
Ccb->ClientContext = NULL;
return Status;
}
ClientContext = ExAllocatePoolWithQuotaTag(PagedPool | POOL_QUOTA_FAIL_INSTEAD_OF_RAISE,
sizeof(*ClientContext),
NPFS_CLIENT_SEC_CTX_TAG);
Ccb->ClientContext = ClientContext;
if (!ClientContext) return STATUS_INSUFFICIENT_RESOURCES;
Status = SeCreateClientSecurity(Thread, &Ccb->ClientQos, 0, ClientContext);
if (!NT_SUCCESS(Status))
{
ExFreePool(Ccb->ClientContext);
Ccb->ClientContext = NULL;
}
return Status;
}
NTSTATUS
NTAPI
NpGetClientSecurityContext(IN ULONG NamedPipeEnd,
IN PNP_CCB Ccb,
IN PETHREAD Thread,
IN PSECURITY_CLIENT_CONTEXT *Context)
{
PSECURITY_CLIENT_CONTEXT NewContext;
NTSTATUS Status;
PAGED_CODE();
if (NamedPipeEnd == FILE_PIPE_SERVER_END || Ccb->ClientQos.ContextTrackingMode != SECURITY_DYNAMIC_TRACKING)
{
NewContext = NULL;
Status = STATUS_SUCCESS;
}
else
{
NewContext = ExAllocatePoolWithQuotaTag(PagedPool | POOL_QUOTA_FAIL_INSTEAD_OF_RAISE,
sizeof(*NewContext),
NPFS_CLIENT_SEC_CTX_TAG);
if (!NewContext) return STATUS_INSUFFICIENT_RESOURCES;
Status = SeCreateClientSecurity(Thread, &Ccb->ClientQos, 0, NewContext);
if (!NT_SUCCESS(Status))
{
ExFreePool(NewContext);
NewContext = NULL;
}
}
*Context = NewContext;
return Status;
}
/* EOF */