2013-09-11 23:19:20 +00:00
|
|
|
/*
|
|
|
|
* PROJECT: ReactOS Named Pipe FileSystem
|
|
|
|
* LICENSE: BSD - See COPYING.ARM in the top level directory
|
|
|
|
* FILE: drivers/filesystems/npfs/secursup.c
|
|
|
|
* PURPOSE: Pipes Security Support
|
|
|
|
* PROGRAMMERS: ReactOS Portable Systems Group
|
|
|
|
*/
|
|
|
|
|
|
|
|
/* INCLUDES *******************************************************************/
|
|
|
|
|
2013-09-07 15:32:29 +00:00
|
|
|
#include "npfs.h"
|
|
|
|
|
2013-09-12 00:05:54 +00:00
|
|
|
// File ID number for NPFS bugchecking support
|
|
|
|
#define NPFS_BUGCHECK_FILE_ID (NPFS_BUGCHECK_SECURSUP)
|
|
|
|
|
2013-09-11 23:19:20 +00:00
|
|
|
/* FUNCTIONS ******************************************************************/
|
|
|
|
|
2013-09-12 23:55:56 +00:00
|
|
|
NTSTATUS
|
|
|
|
NTAPI
|
|
|
|
NpImpersonateClientContext(IN PNP_CCB Ccb)
|
|
|
|
{
|
|
|
|
NTSTATUS Status;
|
|
|
|
PSECURITY_CLIENT_CONTEXT ClientContext;
|
|
|
|
PAGED_CODE();
|
|
|
|
|
|
|
|
ClientContext = Ccb->ClientContext;
|
|
|
|
if (ClientContext)
|
|
|
|
{
|
|
|
|
Status = SeImpersonateClientEx(ClientContext, NULL);
|
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
|
|
|
Status = STATUS_CANNOT_IMPERSONATE;
|
|
|
|
}
|
|
|
|
return Status;
|
|
|
|
}
|
|
|
|
|
2013-09-07 15:32:29 +00:00
|
|
|
VOID
|
|
|
|
NTAPI
|
2013-09-09 01:16:06 +00:00
|
|
|
NpFreeClientSecurityContext(IN PSECURITY_CLIENT_CONTEXT ClientContext)
|
2013-09-07 15:32:29 +00:00
|
|
|
{
|
|
|
|
TOKEN_TYPE TokenType;
|
2013-09-09 01:16:06 +00:00
|
|
|
PVOID ClientToken;
|
2013-09-07 15:32:29 +00:00
|
|
|
|
|
|
|
if (!ClientContext) return;
|
|
|
|
|
|
|
|
TokenType = SeTokenType(ClientContext->ClientToken);
|
2013-09-09 01:16:06 +00:00
|
|
|
ClientToken = ClientContext->ClientToken;
|
2013-09-07 15:32:29 +00:00
|
|
|
if ((TokenType == TokenPrimary) || (ClientToken))
|
|
|
|
{
|
2013-09-13 12:46:32 +00:00
|
|
|
ObDereferenceObject(ClientToken);
|
2013-09-07 15:32:29 +00:00
|
|
|
}
|
2013-09-09 01:16:06 +00:00
|
|
|
ExFreePool(ClientContext);
|
|
|
|
}
|
|
|
|
|
|
|
|
VOID
|
|
|
|
NTAPI
|
|
|
|
NpCopyClientContext(IN PNP_CCB Ccb,
|
|
|
|
IN PNP_DATA_QUEUE_ENTRY DataQueueEntry)
|
|
|
|
{
|
|
|
|
PAGED_CODE();
|
|
|
|
|
|
|
|
if (!DataQueueEntry->ClientSecurityContext) return;
|
|
|
|
|
|
|
|
NpFreeClientSecurityContext(Ccb->ClientContext);
|
|
|
|
Ccb->ClientContext = DataQueueEntry->ClientSecurityContext;
|
|
|
|
DataQueueEntry->ClientSecurityContext = NULL;
|
|
|
|
}
|
|
|
|
|
|
|
|
VOID
|
|
|
|
NTAPI
|
|
|
|
NpUninitializeSecurity(IN PNP_CCB Ccb)
|
|
|
|
{
|
|
|
|
PAGED_CODE();
|
|
|
|
|
|
|
|
NpFreeClientSecurityContext(Ccb->ClientContext);
|
|
|
|
Ccb->ClientContext = NULL;
|
2013-09-07 15:32:29 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
NTSTATUS
|
|
|
|
NTAPI
|
|
|
|
NpInitializeSecurity(IN PNP_CCB Ccb,
|
|
|
|
IN PSECURITY_QUALITY_OF_SERVICE SecurityQos,
|
|
|
|
IN PETHREAD Thread)
|
|
|
|
{
|
|
|
|
PSECURITY_CLIENT_CONTEXT ClientContext;
|
|
|
|
NTSTATUS Status;
|
|
|
|
PAGED_CODE();
|
|
|
|
|
|
|
|
if (SecurityQos)
|
|
|
|
{
|
|
|
|
Ccb->ClientQos = *SecurityQos;
|
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
For our 60000th commit, I bring you a complete rewrite of the Named Pipe File System. It is not yet "active", but I consider this to now be largely code complete and worthy of the prize (and I didn't want to delay other commiters any further). Once the code is reviewed, fixed, tested, and commented, it will replace our old and aging NPFS. This driver is cross-compatible with Windows Server 2003. It is expected to fix winetest incompatiblities, speed up performance, and reduce bizare RPC/SCM issues. This commit is dedicated to my best friend Rachel, who has not only always been there for me, but was also the motivating factor behind my return to my passion -- ReactOS :)
[NPFS-NEW]: Implement QueryVolume, QuerySecurity, SetSecurity. Everything but Directory Query, Fast I/O, and a few rare FSCTLs is implemented now. The former two will come in an upcoming commit.
[NPFS-NEW]: Major cleanup in the way some member variables were being addressed. Reference them as array members based on the correct FILE_PIPE defines from now on. Also fix a lot of formatting issues. Fix a bunch of bugs that were found. Use FILE_PIPE_SERVER_END and FILE_PIPE_CLIENT_END intead of a BOOLEAN. Use TRUE/FALSE/STATUS_SUCCESS/NULL/etc when needed intead of 0/1. The code formatting can/should still be improved, but this was a big help.
svn path=/trunk/; revision=60000
2013-09-10 08:36:25 +00:00
|
|
|
Ccb->ClientQos.Length = sizeof(Ccb->ClientQos);
|
|
|
|
Ccb->ClientQos.ImpersonationLevel = SecurityImpersonation;
|
|
|
|
Ccb->ClientQos.ContextTrackingMode = SECURITY_DYNAMIC_TRACKING;
|
|
|
|
Ccb->ClientQos.EffectiveOnly = TRUE;
|
2013-09-07 15:32:29 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
NpUninitializeSecurity(Ccb);
|
|
|
|
|
For our 60000th commit, I bring you a complete rewrite of the Named Pipe File System. It is not yet "active", but I consider this to now be largely code complete and worthy of the prize (and I didn't want to delay other commiters any further). Once the code is reviewed, fixed, tested, and commented, it will replace our old and aging NPFS. This driver is cross-compatible with Windows Server 2003. It is expected to fix winetest incompatiblities, speed up performance, and reduce bizare RPC/SCM issues. This commit is dedicated to my best friend Rachel, who has not only always been there for me, but was also the motivating factor behind my return to my passion -- ReactOS :)
[NPFS-NEW]: Implement QueryVolume, QuerySecurity, SetSecurity. Everything but Directory Query, Fast I/O, and a few rare FSCTLs is implemented now. The former two will come in an upcoming commit.
[NPFS-NEW]: Major cleanup in the way some member variables were being addressed. Reference them as array members based on the correct FILE_PIPE defines from now on. Also fix a lot of formatting issues. Fix a bunch of bugs that were found. Use FILE_PIPE_SERVER_END and FILE_PIPE_CLIENT_END intead of a BOOLEAN. Use TRUE/FALSE/STATUS_SUCCESS/NULL/etc when needed intead of 0/1. The code formatting can/should still be improved, but this was a big help.
svn path=/trunk/; revision=60000
2013-09-10 08:36:25 +00:00
|
|
|
if (Ccb->ClientQos.ContextTrackingMode == SECURITY_DYNAMIC_TRACKING)
|
2013-09-07 15:32:29 +00:00
|
|
|
{
|
For our 60000th commit, I bring you a complete rewrite of the Named Pipe File System. It is not yet "active", but I consider this to now be largely code complete and worthy of the prize (and I didn't want to delay other commiters any further). Once the code is reviewed, fixed, tested, and commented, it will replace our old and aging NPFS. This driver is cross-compatible with Windows Server 2003. It is expected to fix winetest incompatiblities, speed up performance, and reduce bizare RPC/SCM issues. This commit is dedicated to my best friend Rachel, who has not only always been there for me, but was also the motivating factor behind my return to my passion -- ReactOS :)
[NPFS-NEW]: Implement QueryVolume, QuerySecurity, SetSecurity. Everything but Directory Query, Fast I/O, and a few rare FSCTLs is implemented now. The former two will come in an upcoming commit.
[NPFS-NEW]: Major cleanup in the way some member variables were being addressed. Reference them as array members based on the correct FILE_PIPE defines from now on. Also fix a lot of formatting issues. Fix a bunch of bugs that were found. Use FILE_PIPE_SERVER_END and FILE_PIPE_CLIENT_END intead of a BOOLEAN. Use TRUE/FALSE/STATUS_SUCCESS/NULL/etc when needed intead of 0/1. The code formatting can/should still be improved, but this was a big help.
svn path=/trunk/; revision=60000
2013-09-10 08:36:25 +00:00
|
|
|
Status = STATUS_SUCCESS;
|
|
|
|
Ccb->ClientContext = NULL;
|
2013-09-07 15:32:29 +00:00
|
|
|
return Status;
|
|
|
|
}
|
|
|
|
|
2014-10-20 08:08:50 +00:00
|
|
|
ClientContext = ExAllocatePoolWithQuotaTag(PagedPool | POOL_QUOTA_FAIL_INSTEAD_OF_RAISE,
|
|
|
|
sizeof(*ClientContext),
|
|
|
|
NPFS_CLIENT_SEC_CTX_TAG);
|
2013-09-07 15:32:29 +00:00
|
|
|
Ccb->ClientContext = ClientContext;
|
|
|
|
if (!ClientContext) return STATUS_INSUFFICIENT_RESOURCES;
|
|
|
|
|
|
|
|
Status = SeCreateClientSecurity(Thread, &Ccb->ClientQos, 0, ClientContext);
|
2014-10-20 08:08:50 +00:00
|
|
|
if (!NT_SUCCESS(Status))
|
|
|
|
{
|
|
|
|
ExFreePool(Ccb->ClientContext);
|
|
|
|
Ccb->ClientContext = NULL;
|
|
|
|
}
|
For our 60000th commit, I bring you a complete rewrite of the Named Pipe File System. It is not yet "active", but I consider this to now be largely code complete and worthy of the prize (and I didn't want to delay other commiters any further). Once the code is reviewed, fixed, tested, and commented, it will replace our old and aging NPFS. This driver is cross-compatible with Windows Server 2003. It is expected to fix winetest incompatiblities, speed up performance, and reduce bizare RPC/SCM issues. This commit is dedicated to my best friend Rachel, who has not only always been there for me, but was also the motivating factor behind my return to my passion -- ReactOS :)
[NPFS-NEW]: Implement QueryVolume, QuerySecurity, SetSecurity. Everything but Directory Query, Fast I/O, and a few rare FSCTLs is implemented now. The former two will come in an upcoming commit.
[NPFS-NEW]: Major cleanup in the way some member variables were being addressed. Reference them as array members based on the correct FILE_PIPE defines from now on. Also fix a lot of formatting issues. Fix a bunch of bugs that were found. Use FILE_PIPE_SERVER_END and FILE_PIPE_CLIENT_END intead of a BOOLEAN. Use TRUE/FALSE/STATUS_SUCCESS/NULL/etc when needed intead of 0/1. The code formatting can/should still be improved, but this was a big help.
svn path=/trunk/; revision=60000
2013-09-10 08:36:25 +00:00
|
|
|
|
2013-09-07 15:32:29 +00:00
|
|
|
return Status;
|
|
|
|
}
|
2013-09-09 01:16:06 +00:00
|
|
|
|
|
|
|
NTSTATUS
|
|
|
|
NTAPI
|
For our 60000th commit, I bring you a complete rewrite of the Named Pipe File System. It is not yet "active", but I consider this to now be largely code complete and worthy of the prize (and I didn't want to delay other commiters any further). Once the code is reviewed, fixed, tested, and commented, it will replace our old and aging NPFS. This driver is cross-compatible with Windows Server 2003. It is expected to fix winetest incompatiblities, speed up performance, and reduce bizare RPC/SCM issues. This commit is dedicated to my best friend Rachel, who has not only always been there for me, but was also the motivating factor behind my return to my passion -- ReactOS :)
[NPFS-NEW]: Implement QueryVolume, QuerySecurity, SetSecurity. Everything but Directory Query, Fast I/O, and a few rare FSCTLs is implemented now. The former two will come in an upcoming commit.
[NPFS-NEW]: Major cleanup in the way some member variables were being addressed. Reference them as array members based on the correct FILE_PIPE defines from now on. Also fix a lot of formatting issues. Fix a bunch of bugs that were found. Use FILE_PIPE_SERVER_END and FILE_PIPE_CLIENT_END intead of a BOOLEAN. Use TRUE/FALSE/STATUS_SUCCESS/NULL/etc when needed intead of 0/1. The code formatting can/should still be improved, but this was a big help.
svn path=/trunk/; revision=60000
2013-09-10 08:36:25 +00:00
|
|
|
NpGetClientSecurityContext(IN ULONG NamedPipeEnd,
|
2013-09-09 01:16:06 +00:00
|
|
|
IN PNP_CCB Ccb,
|
|
|
|
IN PETHREAD Thread,
|
|
|
|
IN PSECURITY_CLIENT_CONTEXT *Context)
|
|
|
|
{
|
|
|
|
PSECURITY_CLIENT_CONTEXT NewContext;
|
|
|
|
NTSTATUS Status;
|
|
|
|
PAGED_CODE();
|
|
|
|
|
For our 60000th commit, I bring you a complete rewrite of the Named Pipe File System. It is not yet "active", but I consider this to now be largely code complete and worthy of the prize (and I didn't want to delay other commiters any further). Once the code is reviewed, fixed, tested, and commented, it will replace our old and aging NPFS. This driver is cross-compatible with Windows Server 2003. It is expected to fix winetest incompatiblities, speed up performance, and reduce bizare RPC/SCM issues. This commit is dedicated to my best friend Rachel, who has not only always been there for me, but was also the motivating factor behind my return to my passion -- ReactOS :)
[NPFS-NEW]: Implement QueryVolume, QuerySecurity, SetSecurity. Everything but Directory Query, Fast I/O, and a few rare FSCTLs is implemented now. The former two will come in an upcoming commit.
[NPFS-NEW]: Major cleanup in the way some member variables were being addressed. Reference them as array members based on the correct FILE_PIPE defines from now on. Also fix a lot of formatting issues. Fix a bunch of bugs that were found. Use FILE_PIPE_SERVER_END and FILE_PIPE_CLIENT_END intead of a BOOLEAN. Use TRUE/FALSE/STATUS_SUCCESS/NULL/etc when needed intead of 0/1. The code formatting can/should still be improved, but this was a big help.
svn path=/trunk/; revision=60000
2013-09-10 08:36:25 +00:00
|
|
|
if (NamedPipeEnd == FILE_PIPE_SERVER_END || Ccb->ClientQos.ContextTrackingMode != SECURITY_DYNAMIC_TRACKING)
|
2013-09-09 01:16:06 +00:00
|
|
|
{
|
|
|
|
NewContext = NULL;
|
|
|
|
Status = STATUS_SUCCESS;
|
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
2013-09-16 17:37:47 +00:00
|
|
|
NewContext = ExAllocatePoolWithQuotaTag(PagedPool | POOL_QUOTA_FAIL_INSTEAD_OF_RAISE,
|
|
|
|
sizeof(*NewContext),
|
|
|
|
NPFS_CLIENT_SEC_CTX_TAG);
|
For our 60000th commit, I bring you a complete rewrite of the Named Pipe File System. It is not yet "active", but I consider this to now be largely code complete and worthy of the prize (and I didn't want to delay other commiters any further). Once the code is reviewed, fixed, tested, and commented, it will replace our old and aging NPFS. This driver is cross-compatible with Windows Server 2003. It is expected to fix winetest incompatiblities, speed up performance, and reduce bizare RPC/SCM issues. This commit is dedicated to my best friend Rachel, who has not only always been there for me, but was also the motivating factor behind my return to my passion -- ReactOS :)
[NPFS-NEW]: Implement QueryVolume, QuerySecurity, SetSecurity. Everything but Directory Query, Fast I/O, and a few rare FSCTLs is implemented now. The former two will come in an upcoming commit.
[NPFS-NEW]: Major cleanup in the way some member variables were being addressed. Reference them as array members based on the correct FILE_PIPE defines from now on. Also fix a lot of formatting issues. Fix a bunch of bugs that were found. Use FILE_PIPE_SERVER_END and FILE_PIPE_CLIENT_END intead of a BOOLEAN. Use TRUE/FALSE/STATUS_SUCCESS/NULL/etc when needed intead of 0/1. The code formatting can/should still be improved, but this was a big help.
svn path=/trunk/; revision=60000
2013-09-10 08:36:25 +00:00
|
|
|
if (!NewContext) return STATUS_INSUFFICIENT_RESOURCES;
|
2013-09-09 01:16:06 +00:00
|
|
|
|
|
|
|
Status = SeCreateClientSecurity(Thread, &Ccb->ClientQos, 0, NewContext);
|
|
|
|
if (!NT_SUCCESS(Status))
|
|
|
|
{
|
|
|
|
ExFreePool(NewContext);
|
|
|
|
NewContext = NULL;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
*Context = NewContext;
|
|
|
|
return Status;
|
|
|
|
}
|
For our 60000th commit, I bring you a complete rewrite of the Named Pipe File System. It is not yet "active", but I consider this to now be largely code complete and worthy of the prize (and I didn't want to delay other commiters any further). Once the code is reviewed, fixed, tested, and commented, it will replace our old and aging NPFS. This driver is cross-compatible with Windows Server 2003. It is expected to fix winetest incompatiblities, speed up performance, and reduce bizare RPC/SCM issues. This commit is dedicated to my best friend Rachel, who has not only always been there for me, but was also the motivating factor behind my return to my passion -- ReactOS :)
[NPFS-NEW]: Implement QueryVolume, QuerySecurity, SetSecurity. Everything but Directory Query, Fast I/O, and a few rare FSCTLs is implemented now. The former two will come in an upcoming commit.
[NPFS-NEW]: Major cleanup in the way some member variables were being addressed. Reference them as array members based on the correct FILE_PIPE defines from now on. Also fix a lot of formatting issues. Fix a bunch of bugs that were found. Use FILE_PIPE_SERVER_END and FILE_PIPE_CLIENT_END intead of a BOOLEAN. Use TRUE/FALSE/STATUS_SUCCESS/NULL/etc when needed intead of 0/1. The code formatting can/should still be improved, but this was a big help.
svn path=/trunk/; revision=60000
2013-09-10 08:36:25 +00:00
|
|
|
|
2013-09-11 23:19:20 +00:00
|
|
|
/* EOF */
|