evin/ms-nfs41-client
3
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

changing getacl downcall

Browse source 
instead of passing sids for the owner and group, create a security
descriptor and pass that back. this way we can add all the security
information that was queried in the daemon and pass a fully formed
security descriptor back to the kernel.

notice: irp_mj_query_security provides a pointer to the buffer that
suppose to hold the security descriptor. that memory is valid only
in the context of the process doing the security irp. we can't use
this pointer in then upcall entry and try to write the security
descriptor directly there as we process the downcall. that leads
to kernel oops.

thus we have to first allocate memory to hold the security descriptor
then copy bytes passed to us from the daemon. then do another copy
with the context of the security irp.
This commit is contained in:
Olga Kornievskaia 2011-04-08 20:19:59 -04:00 committed by unknown
parent c00085bfb4
commit 80b3d11609
3 changed files with 119 additions and 152 deletions
Download patch file Download diff file Expand all files Collapse all files

2
daemon/upcall.h
View file

@ -164,6 +164,8 @@ typedef struct __getacl_upcall_args {
DWORD osid_len;
PSID gsid;
DWORD gsid_len;
PSECURITY_DESCRIPTOR sec_desc;
DWORD sec_desc_len;
} getacl_upcall_args;
typedef struct __setacl_upcall_args {