adding SID to upcall
This commit is contained in:
Casey Bodley
parent
27d764710e
commit
86c16a7197
4 changed files with 32 additions and 5 deletions
|
|
@ -39,7 +39,7 @@
|
||||||
|
|
||||||
#define NFS41_MAX_COMPONENT_SIZE 64
|
#define NFS41_MAX_COMPONENT_SIZE 64
|
||||||
|
|
||||||
#define UPCALL_BUF_SIZE 1024
|
#define UPCALL_BUF_SIZE 1024 + SECURITY_MAX_SID_SIZE
|
||||||
|
|
||||||
/* MaximumComponentNameLength reported for FileFsAttributeInformation */
|
/* MaximumComponentNameLength reported for FileFsAttributeInformation */
|
||||||
#define NFS41_MAX_COMPONENT_LEN 64
|
#define NFS41_MAX_COMPONENT_LEN 64
|
||||||
|
|
|
||||||
|
|
@ -123,8 +123,11 @@ int upcall_parse(
|
||||||
if (status) goto out;
|
if (status) goto out;
|
||||||
status = safe_read(&buffer, &length, &upcall->opcode, sizeof(uint32_t));
|
status = safe_read(&buffer, &length, &upcall->opcode, sizeof(uint32_t));
|
||||||
if (status) goto out;
|
if (status) goto out;
|
||||||
|
status = get_name(&buffer, &length, upcall->sid);
|
||||||
|
if (status) goto out;
|
||||||
|
|
||||||
dprintf(2, "xid=%d opcode=%s\n", upcall->xid, opcode2string(upcall->opcode));
|
dprintf(2, "xid=%d opcode=%s SID=%s\n", upcall->xid,
|
||||||
|
opcode2string(upcall->opcode), upcall->sid);
|
||||||
|
|
||||||
if (upcall->opcode >= g_upcall_op_table_size) {
|
if (upcall->opcode >= g_upcall_op_table_size) {
|
||||||
status = ERROR_NOT_SUPPORTED;
|
status = ERROR_NOT_SUPPORTED;
|
||||||
|
|
|
||||||
|
|
@ -165,6 +165,7 @@ typedef struct __nfs41_upcall {
|
||||||
uint32_t status;
|
uint32_t status;
|
||||||
uint32_t last_error;
|
uint32_t last_error;
|
||||||
upcall_args args;
|
upcall_args args;
|
||||||
|
char sid[SECURITY_MAX_SID_SIZE];
|
||||||
} nfs41_upcall;
|
} nfs41_upcall;
|
||||||
|
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -115,6 +115,7 @@ typedef struct _updowncall_entry {
|
||||||
KEVENT cond;
|
KEVENT cond;
|
||||||
DWORD errno;
|
DWORD errno;
|
||||||
BOOLEAN async_op;
|
BOOLEAN async_op;
|
||||||
|
UNICODE_STRING sid;
|
||||||
union {
|
union {
|
||||||
struct {
|
struct {
|
||||||
PUNICODE_STRING srv_name;
|
PUNICODE_STRING srv_name;
|
||||||
|
|
@ -413,7 +414,8 @@ NTSTATUS marshal_nfs41_header(nfs41_updowncall_entry *entry,
|
||||||
ULONG header_len = 0;
|
ULONG header_len = 0;
|
||||||
unsigned char *tmp = buf;
|
unsigned char *tmp = buf;
|
||||||
|
|
||||||
header_len = sizeof(entry->xid) + sizeof(entry->opcode);
|
header_len = sizeof(entry->xid) + sizeof(entry->opcode) + entry->sid.Length +
|
||||||
|
sizeof(entry->sid.Length);
|
||||||
if (header_len > buf_len) {
|
if (header_len > buf_len) {
|
||||||
status = STATUS_INSUFFICIENT_RESOURCES;
|
status = STATUS_INSUFFICIENT_RESOURCES;
|
||||||
goto out;
|
goto out;
|
||||||
|
|
@ -423,8 +425,13 @@ NTSTATUS marshal_nfs41_header(nfs41_updowncall_entry *entry,
|
||||||
RtlCopyMemory(tmp, &entry->xid, sizeof(entry->xid));
|
RtlCopyMemory(tmp, &entry->xid, sizeof(entry->xid));
|
||||||
tmp += sizeof(xid);
|
tmp += sizeof(xid);
|
||||||
RtlCopyMemory(tmp, &entry->opcode, sizeof(entry->opcode));
|
RtlCopyMemory(tmp, &entry->opcode, sizeof(entry->opcode));
|
||||||
|
tmp += sizeof(entry->opcode);
|
||||||
DbgP("[upcall] entry=%p xid=%d opcode=%d\n", entry, entry->xid, entry->opcode);
|
RtlCopyMemory(tmp, &entry->sid.Length, sizeof(entry->sid.Length));
|
||||||
|
tmp += sizeof(entry->sid.Length);
|
||||||
|
RtlCopyMemory(tmp, entry->sid.Buffer, entry->sid.Length);
|
||||||
|
DbgP("[upcall] entry=%p xid=%d opcode=%d SID=%wZ\n", entry, entry->xid,
|
||||||
|
entry->opcode, entry->sid);
|
||||||
|
RtlFreeUnicodeString(&entry->sid);
|
||||||
out:
|
out:
|
||||||
return status;
|
return status;
|
||||||
}
|
}
|
||||||
|
|
@ -1094,12 +1101,16 @@ handle_upcall(
|
||||||
|
|
||||||
return status;
|
return status;
|
||||||
}
|
}
|
||||||
|
|
||||||
NTSTATUS nfs41_UpcallCreate(
|
NTSTATUS nfs41_UpcallCreate(
|
||||||
IN DWORD opcode,
|
IN DWORD opcode,
|
||||||
OUT nfs41_updowncall_entry **entry_out)
|
OUT nfs41_updowncall_entry **entry_out)
|
||||||
{
|
{
|
||||||
NTSTATUS status = STATUS_SUCCESS;
|
NTSTATUS status = STATUS_SUCCESS;
|
||||||
nfs41_updowncall_entry *entry;
|
nfs41_updowncall_entry *entry;
|
||||||
|
PACCESS_TOKEN token = NULL;
|
||||||
|
PTOKEN_USER user = NULL;
|
||||||
|
SECURITY_SUBJECT_CONTEXT sec_ctx;
|
||||||
|
|
||||||
entry = RxAllocatePoolWithTag(NonPagedPool, sizeof(nfs41_updowncall_entry),
|
entry = RxAllocatePoolWithTag(NonPagedPool, sizeof(nfs41_updowncall_entry),
|
||||||
NFS41_MM_POOLTAG);
|
NFS41_MM_POOLTAG);
|
||||||
|
|
@ -1115,6 +1126,18 @@ NTSTATUS nfs41_UpcallCreate(
|
||||||
/*XXX KeInitializeEvent will bugcheck under verifier if allocated from PagedPool? */
|
/*XXX KeInitializeEvent will bugcheck under verifier if allocated from PagedPool? */
|
||||||
KeInitializeEvent(&entry->cond, SynchronizationEvent, FALSE);
|
KeInitializeEvent(&entry->cond, SynchronizationEvent, FALSE);
|
||||||
ExInitializeFastMutex(&entry->lock);
|
ExInitializeFastMutex(&entry->lock);
|
||||||
|
|
||||||
|
SeCaptureSubjectContext(&sec_ctx);
|
||||||
|
token = SeQuerySubjectContextToken(&sec_ctx);
|
||||||
|
status = SeQueryInformationToken(token, TokenUser, &user);
|
||||||
|
if (status == STATUS_SUCCESS) {
|
||||||
|
status = RtlConvertSidToUnicodeString(&entry->sid, user->User.Sid, 1);
|
||||||
|
DbgP("[upcall] SID = %wZ", &entry->sid);
|
||||||
|
ExFreePool(user);
|
||||||
|
} else
|
||||||
|
DbgP("SeQueryInformationToken failed %d\n", status);
|
||||||
|
SeReleaseSubjectContext(&sec_ctx);
|
||||||
|
|
||||||
*entry_out = entry;
|
*entry_out = entry;
|
||||||
out:
|
out:
|
||||||
return status;
|
return status;
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue