From 86c16a7197882adaae9158658c3305ae298bbcbd Mon Sep 17 00:00:00 2001 From: Casey Bodley Date: Tue, 12 Oct 2010 09:55:32 -0400 Subject: [PATCH] adding SID to upcall --- daemon/nfs41_const.h | 2 +- daemon/upcall.c | 5 ++++- daemon/upcall.h | 1 + sys/nfs41_driver.c | 29 ++++++++++++++++++++++++++--- 4 files changed, 32 insertions(+), 5 deletions(-) diff --git a/daemon/nfs41_const.h b/daemon/nfs41_const.h index 27bb361..d90046d 100644 --- a/daemon/nfs41_const.h +++ b/daemon/nfs41_const.h @@ -39,7 +39,7 @@ #define NFS41_MAX_COMPONENT_SIZE 64 -#define UPCALL_BUF_SIZE 1024 +#define UPCALL_BUF_SIZE 1024 + SECURITY_MAX_SID_SIZE /* MaximumComponentNameLength reported for FileFsAttributeInformation */ #define NFS41_MAX_COMPONENT_LEN 64 diff --git a/daemon/upcall.c b/daemon/upcall.c index f05413d..25ce3b0 100644 --- a/daemon/upcall.c +++ b/daemon/upcall.c @@ -123,8 +123,11 @@ int upcall_parse( if (status) goto out; status = safe_read(&buffer, &length, &upcall->opcode, sizeof(uint32_t)); if (status) goto out; + status = get_name(&buffer, &length, upcall->sid); + if (status) goto out; - dprintf(2, "xid=%d opcode=%s\n", upcall->xid, opcode2string(upcall->opcode)); + dprintf(2, "xid=%d opcode=%s SID=%s\n", upcall->xid, + opcode2string(upcall->opcode), upcall->sid); if (upcall->opcode >= g_upcall_op_table_size) { status = ERROR_NOT_SUPPORTED; diff --git a/daemon/upcall.h b/daemon/upcall.h index 45fb941..7f5b657 100644 --- a/daemon/upcall.h +++ b/daemon/upcall.h @@ -165,6 +165,7 @@ typedef struct __nfs41_upcall { uint32_t status; uint32_t last_error; upcall_args args; + char sid[SECURITY_MAX_SID_SIZE]; } nfs41_upcall; diff --git a/sys/nfs41_driver.c b/sys/nfs41_driver.c index e6fd25e..bbbdd59 100644 --- a/sys/nfs41_driver.c +++ b/sys/nfs41_driver.c @@ -115,6 +115,7 @@ typedef struct _updowncall_entry { KEVENT cond; DWORD errno; BOOLEAN async_op; + UNICODE_STRING sid; union { struct { PUNICODE_STRING srv_name; @@ -413,7 +414,8 @@ NTSTATUS marshal_nfs41_header(nfs41_updowncall_entry *entry, ULONG header_len = 0; unsigned char *tmp = buf; - header_len = sizeof(entry->xid) + sizeof(entry->opcode); + header_len = sizeof(entry->xid) + sizeof(entry->opcode) + entry->sid.Length + + sizeof(entry->sid.Length); if (header_len > buf_len) { status = STATUS_INSUFFICIENT_RESOURCES; goto out; @@ -423,8 +425,13 @@ NTSTATUS marshal_nfs41_header(nfs41_updowncall_entry *entry, RtlCopyMemory(tmp, &entry->xid, sizeof(entry->xid)); tmp += sizeof(xid); RtlCopyMemory(tmp, &entry->opcode, sizeof(entry->opcode)); - - DbgP("[upcall] entry=%p xid=%d opcode=%d\n", entry, entry->xid, entry->opcode); + tmp += sizeof(entry->opcode); + RtlCopyMemory(tmp, &entry->sid.Length, sizeof(entry->sid.Length)); + tmp += sizeof(entry->sid.Length); + RtlCopyMemory(tmp, entry->sid.Buffer, entry->sid.Length); + DbgP("[upcall] entry=%p xid=%d opcode=%d SID=%wZ\n", entry, entry->xid, + entry->opcode, entry->sid); + RtlFreeUnicodeString(&entry->sid); out: return status; } @@ -1094,12 +1101,16 @@ handle_upcall( return status; } + NTSTATUS nfs41_UpcallCreate( IN DWORD opcode, OUT nfs41_updowncall_entry **entry_out) { NTSTATUS status = STATUS_SUCCESS; nfs41_updowncall_entry *entry; + PACCESS_TOKEN token = NULL; + PTOKEN_USER user = NULL; + SECURITY_SUBJECT_CONTEXT sec_ctx; entry = RxAllocatePoolWithTag(NonPagedPool, sizeof(nfs41_updowncall_entry), NFS41_MM_POOLTAG); @@ -1115,6 +1126,18 @@ NTSTATUS nfs41_UpcallCreate( /*XXX KeInitializeEvent will bugcheck under verifier if allocated from PagedPool? */ KeInitializeEvent(&entry->cond, SynchronizationEvent, FALSE); ExInitializeFastMutex(&entry->lock); + + SeCaptureSubjectContext(&sec_ctx); + token = SeQuerySubjectContextToken(&sec_ctx); + status = SeQueryInformationToken(token, TokenUser, &user); + if (status == STATUS_SUCCESS) { + status = RtlConvertSidToUnicodeString(&entry->sid, user->User.Sid, 1); + DbgP("[upcall] SID = %wZ", &entry->sid); + ExFreePool(user); + } else + DbgP("SeQueryInformationToken failed %d\n", status); + SeReleaseSubjectContext(&sec_ctx); + *entry_out = entry; out: return status;