2 * PROJECT: ReactOS Kernel
3 * LICENSE: GPL - See COPYING in the top level directory
4 * FILE: ntoskrnl/io/iomgr/file.c
5 * PURPOSE: Functions that deal with managing the FILE_OBJECT itself.
6 * PROGRAMMERS: Alex Ionescu (alex.ionescu@reactos.org)
9 * Filip Navara (navaraf@reactos.org)
13 /* INCLUDES *****************************************************************/
19 extern ERESOURCE IopSecurityResource
;
21 /* PRIVATE FUNCTIONS *********************************************************/
25 IopCheckBackupRestorePrivilege(IN PACCESS_STATE AccessState
,
26 IN OUT PULONG CreateOptions
,
27 IN KPROCESSOR_MODE PreviousMode
,
30 ACCESS_MASK DesiredAccess
, ReadAccess
, WriteAccess
;
31 PRIVILEGE_SET Privileges
;
32 BOOLEAN AccessGranted
, HaveBackupPriv
= FALSE
, CheckRestore
= FALSE
;
35 /* Don't do anything if privileges were checked already */
36 if (AccessState
->Flags
& SE_BACKUP_PRIVILEGES_CHECKED
) return;
38 /* Check if the file was actually opened for backup purposes */
39 if (*CreateOptions
& FILE_OPEN_FOR_BACKUP_INTENT
)
41 /* Set the check flag since were doing it now */
42 AccessState
->Flags
|= SE_BACKUP_PRIVILEGES_CHECKED
;
44 /* Set the access masks required */
45 ReadAccess
= READ_CONTROL
|
46 ACCESS_SYSTEM_SECURITY
|
49 WriteAccess
= WRITE_DAC
|
51 ACCESS_SYSTEM_SECURITY
|
54 FILE_ADD_SUBDIRECTORY
|
56 DesiredAccess
= AccessState
->RemainingDesiredAccess
;
58 /* Check if desired access was the maximum */
59 if (DesiredAccess
& MAXIMUM_ALLOWED
)
61 /* Then add all the access masks required */
62 DesiredAccess
|= (ReadAccess
| WriteAccess
);
65 /* Check if the file already exists */
66 if (Disposition
& FILE_OPEN
)
68 /* Check if desired access has the read mask */
69 if (ReadAccess
& DesiredAccess
)
71 /* Setup the privilege check lookup */
72 Privileges
.PrivilegeCount
= 1;
73 Privileges
.Control
= PRIVILEGE_SET_ALL_NECESSARY
;
74 Privileges
.Privilege
[0].Luid
= SeBackupPrivilege
;
75 Privileges
.Privilege
[0].Attributes
= 0;
76 AccessGranted
= SePrivilegeCheck(&Privileges
,
78 SubjectSecurityContext
,
82 /* Remember that backup was allowed */
83 HaveBackupPriv
= TRUE
;
85 /* Append the privileges and update the access state */
86 SeAppendPrivileges(AccessState
, &Privileges
);
87 AccessState
->PreviouslyGrantedAccess
|= (DesiredAccess
& ReadAccess
);
88 AccessState
->RemainingDesiredAccess
&= ~ReadAccess
;
89 DesiredAccess
&= ~ReadAccess
;
91 /* Set backup privilege for the token */
92 AccessState
->Flags
|= TOKEN_HAS_BACKUP_PRIVILEGE
;
98 /* Caller is creating the file, check restore privileges later */
102 /* Check if caller wants write access or if it's creating a file */
103 if ((WriteAccess
& DesiredAccess
) || (CheckRestore
))
105 /* Setup the privilege lookup and do it */
106 Privileges
.PrivilegeCount
= 1;
107 Privileges
.Control
= PRIVILEGE_SET_ALL_NECESSARY
;
108 Privileges
.Privilege
[0].Luid
= SeRestorePrivilege
;
109 Privileges
.Privilege
[0].Attributes
= 0;
110 AccessGranted
= SePrivilegeCheck(&Privileges
,
111 &AccessState
->SubjectSecurityContext
,
115 /* Remember that privilege was given */
116 HaveBackupPriv
= TRUE
;
118 /* Append the privileges and update the access state */
119 SeAppendPrivileges(AccessState
, &Privileges
);
120 AccessState
->PreviouslyGrantedAccess
|= (DesiredAccess
& WriteAccess
);
121 AccessState
->RemainingDesiredAccess
&= ~WriteAccess
;
123 /* Set restore privilege for the token */
124 AccessState
->Flags
|= TOKEN_HAS_RESTORE_PRIVILEGE
;
128 /* If we don't have the privilege, remove the option */
129 if (!HaveBackupPriv
) *CreateOptions
&= ~FILE_OPEN_FOR_BACKUP_INTENT
;
135 IopCheckDeviceAndDriver(IN POPEN_PACKET OpenPacket
,
136 IN PDEVICE_OBJECT DeviceObject
)
138 /* Make sure the object is valid */
139 if ((IoGetDevObjExtension(DeviceObject
)->ExtensionFlags
&
140 (DOE_UNLOAD_PENDING
|
143 DOE_REMOVE_PROCESSED
)) ||
144 (DeviceObject
->Flags
& DO_DEVICE_INITIALIZING
))
146 /* It's unloading or initializing, so fail */
147 DPRINT1("You are seeing this because the following ROS driver: %wZ\n"
148 " sucks. Please fix it's AddDevice Routine\n",
149 &DeviceObject
->DriverObject
->DriverName
);
150 return STATUS_NO_SUCH_DEVICE
;
152 else if ((DeviceObject
->Flags
& DO_EXCLUSIVE
) &&
153 (DeviceObject
->ReferenceCount
) &&
154 !(OpenPacket
->RelatedFileObject
) &&
155 !(OpenPacket
->Options
& IO_ATTACH_DEVICE
))
157 return STATUS_ACCESS_DENIED
;
162 /* Increase reference count */
163 InterlockedIncrement(&DeviceObject
->ReferenceCount
);
164 return STATUS_SUCCESS
;
170 IopDoNameTransmogrify(IN PIRP Irp
,
171 IN PFILE_OBJECT FileObject
,
172 IN PREPARSE_DATA_BUFFER DataBuffer
)
176 USHORT RequiredLength
;
181 ASSERT(Irp
->IoStatus
.Status
== STATUS_REPARSE
);
182 ASSERT(Irp
->IoStatus
.Information
== IO_REPARSE_TAG_MOUNT_POINT
);
183 ASSERT(Irp
->Tail
.Overlay
.AuxiliaryBuffer
!= NULL
);
184 ASSERT(DataBuffer
!= NULL
);
185 ASSERT(DataBuffer
->ReparseTag
== IO_REPARSE_TAG_MOUNT_POINT
);
186 ASSERT(DataBuffer
->ReparseDataLength
< MAXIMUM_REPARSE_DATA_BUFFER_SIZE
);
187 ASSERT(DataBuffer
->Reserved
< MAXIMUM_REPARSE_DATA_BUFFER_SIZE
);
189 /* First of all, validate data */
190 if (DataBuffer
->ReparseDataLength
< REPARSE_DATA_BUFFER_HEADER_SIZE
||
191 (DataBuffer
->SymbolicLinkReparseBuffer
.PrintNameLength
+
192 DataBuffer
->SymbolicLinkReparseBuffer
.SubstituteNameLength
+
193 FIELD_OFFSET(REPARSE_DATA_BUFFER
, MountPointReparseBuffer
.PathBuffer
[0])) > MAXIMUM_REPARSE_DATA_BUFFER_SIZE
)
195 Irp
->IoStatus
.Status
= STATUS_IO_REPARSE_DATA_INVALID
;
198 /* Everything went right */
199 if (NT_SUCCESS(Irp
->IoStatus
.Status
))
201 /* Compute buffer & length */
202 Buffer
= (PWSTR
)((ULONG_PTR
)DataBuffer
->MountPointReparseBuffer
.PathBuffer
+
203 DataBuffer
->MountPointReparseBuffer
.SubstituteNameOffset
);
204 Length
= DataBuffer
->MountPointReparseBuffer
.SubstituteNameLength
;
206 /* Check we don't overflow */
207 if (((ULONG
)MAXUSHORT
- DataBuffer
->Reserved
) <= (Length
+ sizeof(UNICODE_NULL
)))
209 Irp
->IoStatus
.Status
= STATUS_IO_REPARSE_DATA_INVALID
;
213 /* Compute how much memory we'll need */
214 RequiredLength
= DataBuffer
->Reserved
+ Length
+ sizeof(UNICODE_NULL
);
216 /* Check if FileObject can already hold what we need */
217 if (FileObject
->FileName
.MaximumLength
>= RequiredLength
)
219 NewBuffer
= FileObject
->FileName
.Buffer
;
223 /* Allocate otherwise */
224 NewBuffer
= ExAllocatePoolWithTag(PagedPool
, RequiredLength
, TAG_IO_NAME
);
225 if (NewBuffer
== NULL
)
227 Irp
->IoStatus
.Status
= STATUS_INSUFFICIENT_RESOURCES
;
233 /* Everything went right */
234 if (NT_SUCCESS(Irp
->IoStatus
.Status
))
236 /* Copy the reserved data */
237 if (DataBuffer
->Reserved
)
239 RtlMoveMemory((PWSTR
)((ULONG_PTR
)NewBuffer
+ Length
),
240 (PWSTR
)((ULONG_PTR
)FileObject
->FileName
.Buffer
+ FileObject
->FileName
.Length
- DataBuffer
->Reserved
),
241 DataBuffer
->Reserved
);
244 /* Then the buffer */
247 RtlCopyMemory(NewBuffer
, Buffer
, Length
);
250 /* And finally replace buffer if new one was allocated */
251 FileObject
->FileName
.Length
= RequiredLength
- sizeof(UNICODE_NULL
);
252 if (NewBuffer
!= FileObject
->FileName
.Buffer
)
254 if (FileObject
->FileName
.Buffer
)
256 ExFreePoolWithTag(FileObject
->FileName
.Buffer
, TAG_IO_NAME
);
259 FileObject
->FileName
.Buffer
= NewBuffer
;
260 FileObject
->FileName
.MaximumLength
= RequiredLength
;
261 FileObject
->FileName
.Buffer
[RequiredLength
/ sizeof(WCHAR
) - 1] = UNICODE_NULL
;
265 /* We don't need them anymore - it was allocated by the driver */
266 ExFreePool(DataBuffer
);
270 IopCheckTopDeviceHint(IN OUT PDEVICE_OBJECT
* DeviceObject
,
271 IN POPEN_PACKET OpenPacket
,
274 PDEVICE_OBJECT LocalDevice
;
275 DEVICE_TYPE DeviceType
;
277 LocalDevice
= *DeviceObject
;
279 /* Direct open is not allowed */
282 return STATUS_INVALID_PARAMETER
;
285 /* Validate we have a file system device */
286 DeviceType
= LocalDevice
->DeviceType
;
287 if (DeviceType
!= FILE_DEVICE_DISK_FILE_SYSTEM
&&
288 DeviceType
!= FILE_DEVICE_CD_ROM_FILE_SYSTEM
&&
289 DeviceType
!= FILE_DEVICE_TAPE_FILE_SYSTEM
&&
290 DeviceType
!= FILE_DEVICE_NETWORK_FILE_SYSTEM
&&
291 DeviceType
!= FILE_DEVICE_DFS_FILE_SYSTEM
)
293 return STATUS_INVALID_PARAMETER
;
296 /* Verify the hint and if it's OK, return it */
297 if (IopVerifyDeviceObjectOnStack(LocalDevice
, OpenPacket
->TopDeviceObjectHint
))
299 *DeviceObject
= OpenPacket
->TopDeviceObjectHint
;
300 return STATUS_SUCCESS
;
303 /* Failure case here */
304 /* If we thought was had come through a mount point,
305 * actually update we didn't and return the error
307 if (OpenPacket
->TraversedMountPoint
)
309 OpenPacket
->TraversedMountPoint
= FALSE
;
310 return STATUS_MOUNT_POINT_NOT_RESOLVED
;
313 /* Otherwise, just return the fact the hint is invalid */
314 return STATUS_INVALID_DEVICE_OBJECT_PARAMETER
;
319 IopParseDevice(IN PVOID ParseObject
,
321 IN OUT PACCESS_STATE AccessState
,
322 IN KPROCESSOR_MODE AccessMode
,
324 IN OUT PUNICODE_STRING CompleteName
,
325 IN OUT PUNICODE_STRING RemainingName
,
326 IN OUT PVOID Context
,
327 IN PSECURITY_QUALITY_OF_SERVICE SecurityQos OPTIONAL
,
330 POPEN_PACKET OpenPacket
= (POPEN_PACKET
)Context
;
331 PDEVICE_OBJECT OriginalDeviceObject
= (PDEVICE_OBJECT
)ParseObject
;
332 PDEVICE_OBJECT DeviceObject
, OwnerDevice
;
334 PFILE_OBJECT FileObject
;
337 PIO_STACK_LOCATION StackLoc
;
338 IO_SECURITY_CONTEXT SecurityContext
;
339 IO_STATUS_BLOCK IoStatusBlock
;
340 BOOLEAN DirectOpen
= FALSE
, OpenCancelled
, UseDummyFile
;
341 OBJECT_ATTRIBUTES ObjectAttributes
;
343 PDUMMY_FILE_OBJECT LocalFileObject
;
344 PFILE_BASIC_INFORMATION FileBasicInfo
;
346 KPROCESSOR_MODE CheckMode
;
347 BOOLEAN VolumeOpen
= FALSE
;
348 ACCESS_MASK DesiredAccess
, GrantedAccess
;
349 BOOLEAN AccessGranted
, LockHeld
= FALSE
;
350 PPRIVILEGE_SET Privileges
= NULL
;
351 UNICODE_STRING FileString
;
353 IOTRACE(IO_FILE_DEBUG
, "ParseObject: %p. RemainingName: %wZ\n",
354 ParseObject
, RemainingName
);
356 for (Attempt
= 0; Attempt
< IOP_MAX_REPARSE_TRAVERSAL
; ++Attempt
)
361 /* Validate the open packet */
362 if (!IopValidateOpenPacket(OpenPacket
)) return STATUS_OBJECT_TYPE_MISMATCH
;
364 /* Valide reparse point in case we traversed a mountpoint */
365 if (OpenPacket
->TraversedMountPoint
)
367 /* This is a reparse point we understand */
368 ASSERT(OpenPacket
->Information
== IO_REPARSE_TAG_MOUNT_POINT
);
370 /* Make sure we're dealing with correct DO */
371 if (OriginalDeviceObject
->DeviceType
!= FILE_DEVICE_DISK
&&
372 OriginalDeviceObject
->DeviceType
!= FILE_DEVICE_CD_ROM
&&
373 OriginalDeviceObject
->DeviceType
!= FILE_DEVICE_VIRTUAL_DISK
&&
374 OriginalDeviceObject
->DeviceType
!= FILE_DEVICE_TAPE
)
376 OpenPacket
->FinalStatus
= STATUS_IO_REPARSE_DATA_INVALID
;
377 return STATUS_IO_REPARSE_DATA_INVALID
;
381 /* Check if we have a related file object */
382 if (OpenPacket
->RelatedFileObject
)
384 /* Use the related file object's device object */
385 OriginalDeviceObject
= OpenPacket
->RelatedFileObject
->DeviceObject
;
388 /* Validate device status */
389 Status
= IopCheckDeviceAndDriver(OpenPacket
, OriginalDeviceObject
);
390 if (!NT_SUCCESS(Status
))
392 /* We failed, return status */
393 OpenPacket
->FinalStatus
= Status
;
397 /* Map the generic mask and set the new mapping in the access state */
398 RtlMapGenericMask(&AccessState
->RemainingDesiredAccess
,
399 &IoFileObjectType
->TypeInfo
.GenericMapping
);
400 RtlMapGenericMask(&AccessState
->OriginalDesiredAccess
,
401 &IoFileObjectType
->TypeInfo
.GenericMapping
);
402 SeSetAccessStateGenericMapping(AccessState
,
403 &IoFileObjectType
->TypeInfo
.GenericMapping
);
404 DesiredAccess
= AccessState
->RemainingDesiredAccess
;
406 /* Check what kind of access checks to do */
407 if ((AccessMode
!= KernelMode
) ||
408 (OpenPacket
->Options
& IO_FORCE_ACCESS_CHECK
))
410 /* Call is from user-mode or kernel is forcing checks */
411 CheckMode
= UserMode
;
415 /* Call is from the kernel */
416 CheckMode
= KernelMode
;
419 /* Check privilege for backup or restore operation */
420 IopCheckBackupRestorePrivilege(AccessState
,
421 &OpenPacket
->CreateOptions
,
423 OpenPacket
->Disposition
);
425 /* Check if we are re-parsing */
426 if (((OpenPacket
->Override
) && !(RemainingName
->Length
)) ||
427 (AccessState
->Flags
& SE_BACKUP_PRIVILEGES_CHECKED
))
429 /* Get granted access from the last call */
430 DesiredAccess
|= AccessState
->PreviouslyGrantedAccess
;
433 /* Check if this is a volume open */
434 if ((OpenPacket
->RelatedFileObject
) &&
435 (OpenPacket
->RelatedFileObject
->Flags
& FO_VOLUME_OPEN
) &&
436 !(RemainingName
->Length
))
442 /* Now check if we need access checks */
443 if (((AccessMode
!= KernelMode
) ||
444 (OpenPacket
->Options
& IO_FORCE_ACCESS_CHECK
)) &&
445 (!(OpenPacket
->RelatedFileObject
) || (VolumeOpen
)) &&
446 !(OpenPacket
->Override
))
448 KeEnterCriticalRegion();
449 ExAcquireResourceSharedLite(&IopSecurityResource
, TRUE
);
451 /* Check if a device object is being parsed */
452 if (!RemainingName
->Length
)
454 /* Lock the subject context */
455 SeLockSubjectContext(&AccessState
->SubjectSecurityContext
);
458 /* Do access check */
459 AccessGranted
= SeAccessCheck(OriginalDeviceObject
->
461 &AccessState
->SubjectSecurityContext
,
467 TypeInfo
.GenericMapping
,
473 /* Append and free the privileges */
474 SeAppendPrivileges(AccessState
, Privileges
);
475 SeFreePrivileges(Privileges
);
478 /* Check if we got access */
481 /* Update access state */
482 AccessState
->PreviouslyGrantedAccess
|= GrantedAccess
;
483 AccessState
->RemainingDesiredAccess
&= ~(GrantedAccess
|
485 OpenPacket
->Override
= TRUE
;
488 FileString
.Length
= 8;
489 FileString
.MaximumLength
= 8;
490 FileString
.Buffer
= L
"File";
492 /* Do Audit/Alarm for open operation */
493 SeOpenObjectAuditAlarm(&FileString
,
494 OriginalDeviceObject
,
496 OriginalDeviceObject
->SecurityDescriptor
,
501 &AccessState
->GenerateOnClose
);
505 /* Check if we need to do traverse validation */
506 if (!(AccessState
->Flags
& TOKEN_HAS_TRAVERSE_PRIVILEGE
) ||
507 ((OriginalDeviceObject
->DeviceType
== FILE_DEVICE_DISK
) ||
508 (OriginalDeviceObject
->DeviceType
== FILE_DEVICE_CD_ROM
)))
510 /* Check if this is a restricted token */
511 if (!(AccessState
->Flags
& TOKEN_IS_RESTRICTED
))
513 /* Do the FAST traverse check */
514 AccessGranted
= SeFastTraverseCheck(OriginalDeviceObject
->SecurityDescriptor
,
522 AccessGranted
= FALSE
;
525 /* Check if we failed to get access */
528 /* Lock the subject context */
529 SeLockSubjectContext(&AccessState
->SubjectSecurityContext
);
532 /* Do access check */
533 AccessGranted
= SeAccessCheck(OriginalDeviceObject
->
535 &AccessState
->SubjectSecurityContext
,
541 TypeInfo
.GenericMapping
,
547 /* Append and free the privileges */
548 SeAppendPrivileges(AccessState
, Privileges
);
549 SeFreePrivileges(Privileges
);
553 /* FIXME: Do Audit/Alarm for traverse check */
557 /* Access automatically granted */
558 AccessGranted
= TRUE
;
562 ExReleaseResourceLite(&IopSecurityResource
);
563 KeLeaveCriticalRegion();
565 /* Check if we hold the lock */
569 SeUnlockSubjectContext(&AccessState
->SubjectSecurityContext
);
572 /* Check if access failed */
575 /* Dereference the device and fail */
576 DPRINT1("Traverse access failed!\n");
577 IopDereferenceDeviceObject(OriginalDeviceObject
, FALSE
);
578 return STATUS_ACCESS_DENIED
;
582 /* Check if we can simply use a dummy file */
583 UseDummyFile
= ((OpenPacket
->QueryOnly
) || (OpenPacket
->DeleteOnly
));
585 /* Check if this is a direct open */
586 if (!(RemainingName
->Length
) &&
587 !(OpenPacket
->RelatedFileObject
) &&
588 ((DesiredAccess
& ~(SYNCHRONIZE
|
589 FILE_READ_ATTRIBUTES
|
591 ACCESS_SYSTEM_SECURITY
|
596 /* Remember this for later */
600 /* Check if we have a related FO that wasn't a direct open */
601 if ((OpenPacket
->RelatedFileObject
) &&
602 !(OpenPacket
->RelatedFileObject
->Flags
& FO_DIRECT_DEVICE_OPEN
))
604 /* The device object is the one we were given */
605 DeviceObject
= ParseObject
;
607 /* Check if the related FO had a VPB */
608 if (OpenPacket
->RelatedFileObject
->Vpb
)
610 /* Yes, remember it */
611 Vpb
= OpenPacket
->RelatedFileObject
->Vpb
;
614 InterlockedIncrement((PLONG
)&Vpb
->ReferenceCount
);
616 /* Check if we were given a specific top level device to use */
617 if (OpenPacket
->InternalFlags
& IOP_USE_TOP_LEVEL_DEVICE_HINT
)
619 DeviceObject
= Vpb
->DeviceObject
;
625 /* Check if it has a VPB */
626 if ((OriginalDeviceObject
->Vpb
) && !(DirectOpen
))
628 /* Check if the VPB is mounted, and mount it */
629 Vpb
= IopCheckVpbMounted(OpenPacket
,
630 OriginalDeviceObject
,
633 if (!Vpb
) return Status
;
635 /* Get the VPB's device object */
636 DeviceObject
= Vpb
->DeviceObject
;
640 /* The device object is the one we were given */
641 DeviceObject
= OriginalDeviceObject
;
644 /* If we weren't given a specific top level device, look for an attached device */
645 if (!(OpenPacket
->InternalFlags
& IOP_USE_TOP_LEVEL_DEVICE_HINT
) &&
646 DeviceObject
->AttachedDevice
)
648 /* Get the attached device */
649 DeviceObject
= IoGetAttachedDevice(DeviceObject
);
653 /* If we have a top level device hint, verify it */
654 if (OpenPacket
->InternalFlags
& IOP_USE_TOP_LEVEL_DEVICE_HINT
)
656 Status
= IopCheckTopDeviceHint(&DeviceObject
, OpenPacket
, DirectOpen
);
657 if (!NT_SUCCESS(Status
))
659 IopDereferenceDeviceObject(OriginalDeviceObject
, FALSE
);
660 if (Vpb
) IopDereferenceVpbAndFree(Vpb
);
665 /* If we traversed a mount point, reset the information */
666 if (OpenPacket
->TraversedMountPoint
)
668 OpenPacket
->TraversedMountPoint
= FALSE
;
671 /* Check if this is a secure FSD */
672 if ((DeviceObject
->Characteristics
& FILE_DEVICE_SECURE_OPEN
) &&
673 ((OpenPacket
->RelatedFileObject
) || (RemainingName
->Length
)) &&
679 KeEnterCriticalRegion();
680 ExAcquireResourceSharedLite(&IopSecurityResource
, TRUE
);
682 /* Lock the subject context */
683 SeLockSubjectContext(&AccessState
->SubjectSecurityContext
);
685 /* Do access check */
686 AccessGranted
= SeAccessCheck(OriginalDeviceObject
->SecurityDescriptor
,
687 &AccessState
->SubjectSecurityContext
,
692 &IoFileObjectType
->TypeInfo
.GenericMapping
,
696 if (Privileges
!= NULL
)
698 /* Append and free the privileges */
699 SeAppendPrivileges(AccessState
, Privileges
);
700 SeFreePrivileges(Privileges
);
703 /* Check if we got access */
706 AccessState
->PreviouslyGrantedAccess
|= GrantedAccess
;
707 AccessState
->RemainingDesiredAccess
&= ~(GrantedAccess
| MAXIMUM_ALLOWED
);
710 FileString
.Length
= 8;
711 FileString
.MaximumLength
= 8;
712 FileString
.Buffer
= L
"File";
714 /* Do Audit/Alarm for open operation
715 * NOTA: we audit target device object
717 SeOpenObjectAuditAlarm(&FileString
,
720 OriginalDeviceObject
->SecurityDescriptor
,
725 &AccessState
->GenerateOnClose
);
727 SeUnlockSubjectContext(&AccessState
->SubjectSecurityContext
);
729 ExReleaseResourceLite(&IopSecurityResource
);
730 KeLeaveCriticalRegion();
732 /* Check if access failed */
735 /* Dereference the device and fail */
736 IopDereferenceDeviceObject(OriginalDeviceObject
, FALSE
);
737 if (Vpb
) IopDereferenceVpbAndFree(Vpb
);
738 return STATUS_ACCESS_DENIED
;
742 /* Allocate the IRP */
743 Irp
= IoAllocateIrp(DeviceObject
->StackSize
, TRUE
);
746 /* Dereference the device and VPB, then fail */
747 IopDereferenceDeviceObject(OriginalDeviceObject
, FALSE
);
748 if (Vpb
) IopDereferenceVpbAndFree(Vpb
);
749 return STATUS_INSUFFICIENT_RESOURCES
;
752 /* Now set the IRP data */
753 Irp
->RequestorMode
= AccessMode
;
754 Irp
->Flags
= IRP_CREATE_OPERATION
| IRP_SYNCHRONOUS_API
| IRP_DEFER_IO_COMPLETION
;
755 Irp
->Tail
.Overlay
.Thread
= PsGetCurrentThread();
756 Irp
->UserIosb
= &IoStatusBlock
;
757 Irp
->MdlAddress
= NULL
;
758 Irp
->PendingReturned
= FALSE
;
759 Irp
->UserEvent
= NULL
;
761 Irp
->CancelRoutine
= NULL
;
762 Irp
->Tail
.Overlay
.AuxiliaryBuffer
= NULL
;
764 /* Setup the security context */
765 SecurityContext
.SecurityQos
= SecurityQos
;
766 SecurityContext
.AccessState
= AccessState
;
767 SecurityContext
.DesiredAccess
= AccessState
->RemainingDesiredAccess
;
768 SecurityContext
.FullCreateOptions
= OpenPacket
->CreateOptions
;
770 /* Get the I/O Stack location */
771 StackLoc
= IoGetNextIrpStackLocation(Irp
);
772 StackLoc
->Control
= 0;
774 /* Check what kind of file this is */
775 switch (OpenPacket
->CreateFileType
)
778 case CreateFileTypeNone
:
780 /* Set the major function and EA Length */
781 StackLoc
->MajorFunction
= IRP_MJ_CREATE
;
782 StackLoc
->Parameters
.Create
.EaLength
= OpenPacket
->EaLength
;
785 StackLoc
->Flags
= (UCHAR
)OpenPacket
->Options
;
786 StackLoc
->Flags
|= !(Attributes
& OBJ_CASE_INSENSITIVE
) ? SL_CASE_SENSITIVE
: 0;
790 case CreateFileTypeNamedPipe
:
792 /* Set the named pipe MJ and set the parameters */
793 StackLoc
->MajorFunction
= IRP_MJ_CREATE_NAMED_PIPE
;
794 StackLoc
->Parameters
.CreatePipe
.Parameters
= OpenPacket
->ExtraCreateParameters
;
798 case CreateFileTypeMailslot
:
800 /* Set the mailslot MJ and set the parameters */
801 StackLoc
->MajorFunction
= IRP_MJ_CREATE_MAILSLOT
;
802 StackLoc
->Parameters
.CreateMailslot
.Parameters
= OpenPacket
->ExtraCreateParameters
;
806 /* Set the common data */
807 Irp
->Overlay
.AllocationSize
= OpenPacket
->AllocationSize
;
808 Irp
->AssociatedIrp
.SystemBuffer
= OpenPacket
->EaBuffer
;
809 StackLoc
->Parameters
.Create
.Options
= (OpenPacket
->Disposition
<< 24) |
810 (OpenPacket
->CreateOptions
&
812 StackLoc
->Parameters
.Create
.FileAttributes
= OpenPacket
->FileAttributes
;
813 StackLoc
->Parameters
.Create
.ShareAccess
= OpenPacket
->ShareAccess
;
814 StackLoc
->Parameters
.Create
.SecurityContext
= &SecurityContext
;
816 /* Check if we really need to create an object */
819 ULONG ObjectSize
= sizeof(FILE_OBJECT
);
821 /* Tag on space for a file object extension */
822 if (OpenPacket
->InternalFlags
& IOP_CREATE_FILE_OBJECT_EXTENSION
)
823 ObjectSize
+= sizeof(FILE_OBJECT_EXTENSION
);
825 /* Create the actual file object */
826 InitializeObjectAttributes(&ObjectAttributes
,
831 Status
= ObCreateObject(KernelMode
,
839 (PVOID
*)&FileObject
);
840 if (!NT_SUCCESS(Status
))
842 /* Create failed, free the IRP */
845 /* Dereference the device and VPB */
846 IopDereferenceDeviceObject(OriginalDeviceObject
, FALSE
);
847 if (Vpb
) IopDereferenceVpbAndFree(Vpb
);
849 /* We failed, return status */
850 OpenPacket
->FinalStatus
= Status
;
854 /* Clear the file object */
855 RtlZeroMemory(FileObject
, sizeof(FILE_OBJECT
));
857 /* Check if this is Synch I/O */
858 if (OpenPacket
->CreateOptions
&
859 (FILE_SYNCHRONOUS_IO_ALERT
| FILE_SYNCHRONOUS_IO_NONALERT
))
861 /* Set the synch flag */
862 FileObject
->Flags
|= FO_SYNCHRONOUS_IO
;
864 /* Check if it's also alertable */
865 if (OpenPacket
->CreateOptions
& FILE_SYNCHRONOUS_IO_ALERT
)
867 /* It is, set the alertable flag */
868 FileObject
->Flags
|= FO_ALERTABLE_IO
;
872 /* Check if this is synch I/O */
873 if (FileObject
->Flags
& FO_SYNCHRONOUS_IO
)
875 /* Initialize the event */
876 KeInitializeEvent(&FileObject
->Lock
, SynchronizationEvent
, FALSE
);
879 /* Check if the caller requested no intermediate buffering */
880 if (OpenPacket
->CreateOptions
& FILE_NO_INTERMEDIATE_BUFFERING
)
882 /* Set the correct flag for the FSD to read */
883 FileObject
->Flags
|= FO_NO_INTERMEDIATE_BUFFERING
;
886 /* Check if the caller requested write through support */
887 if (OpenPacket
->CreateOptions
& FILE_WRITE_THROUGH
)
889 /* Set the correct flag for the FSD to read */
890 FileObject
->Flags
|= FO_WRITE_THROUGH
;
893 /* Check if the caller says the file will be only read sequentially */
894 if (OpenPacket
->CreateOptions
& FILE_SEQUENTIAL_ONLY
)
896 /* Set the correct flag for the FSD to read */
897 FileObject
->Flags
|= FO_SEQUENTIAL_ONLY
;
900 /* Check if the caller believes the file will be only read randomly */
901 if (OpenPacket
->CreateOptions
& FILE_RANDOM_ACCESS
)
903 /* Set the correct flag for the FSD to read */
904 FileObject
->Flags
|= FO_RANDOM_ACCESS
;
907 /* Check if we were asked to setup a file object extension */
908 if (OpenPacket
->InternalFlags
& IOP_CREATE_FILE_OBJECT_EXTENSION
)
910 PFILE_OBJECT_EXTENSION FileObjectExtension
;
912 /* Make sure the file object knows it has an extension */
913 FileObject
->Flags
|= FO_FILE_OBJECT_HAS_EXTENSION
;
915 FileObjectExtension
= (PFILE_OBJECT_EXTENSION
)(FileObject
+ 1);
916 FileObject
->FileObjectExtension
= FileObjectExtension
;
918 /* Add the top level device which we'll send the request to */
919 if (OpenPacket
->InternalFlags
& IOP_USE_TOP_LEVEL_DEVICE_HINT
)
921 FileObjectExtension
->TopDeviceObjectHint
= DeviceObject
;
927 /* Use the dummy object instead */
928 LocalFileObject
= OpenPacket
->LocalFileObject
;
929 RtlZeroMemory(LocalFileObject
, sizeof(DUMMY_FILE_OBJECT
));
932 FileObject
= (PFILE_OBJECT
)&LocalFileObject
->ObjectHeader
.Body
;
933 LocalFileObject
->ObjectHeader
.Type
= IoFileObjectType
;
934 LocalFileObject
->ObjectHeader
.PointerCount
= 1;
937 /* Setup the file header */
938 FileObject
->Type
= IO_TYPE_FILE
;
939 FileObject
->Size
= sizeof(FILE_OBJECT
);
940 FileObject
->RelatedFileObject
= OpenPacket
->RelatedFileObject
;
941 FileObject
->DeviceObject
= OriginalDeviceObject
;
943 /* Check if this is a direct device open */
944 if (DirectOpen
) FileObject
->Flags
|= FO_DIRECT_DEVICE_OPEN
;
946 /* Check if the caller wants case sensitivity */
947 if (!(Attributes
& OBJ_CASE_INSENSITIVE
))
949 /* Tell the driver about it */
950 FileObject
->Flags
|= FO_OPENED_CASE_SENSITIVE
;
953 /* Now set the file object */
954 Irp
->Tail
.Overlay
.OriginalFileObject
= FileObject
;
955 StackLoc
->FileObject
= FileObject
;
957 /* Check if the file object has a name */
958 if (RemainingName
->Length
)
960 /* Setup the unicode string */
961 FileObject
->FileName
.MaximumLength
= RemainingName
->Length
+ sizeof(WCHAR
);
962 FileObject
->FileName
.Buffer
= ExAllocatePoolWithTag(PagedPool
,
963 FileObject
->FileName
.MaximumLength
,
965 if (!FileObject
->FileName
.Buffer
)
967 /* Failed to allocate the name, free the IRP */
970 /* Dereference the device object and VPB */
971 IopDereferenceDeviceObject(OriginalDeviceObject
, FALSE
);
972 if (Vpb
) IopDereferenceVpbAndFree(Vpb
);
974 /* Clear the FO and dereference it */
975 FileObject
->DeviceObject
= NULL
;
976 if (!UseDummyFile
) ObDereferenceObject(FileObject
);
979 return STATUS_INSUFFICIENT_RESOURCES
;
984 RtlCopyUnicodeString(&FileObject
->FileName
, RemainingName
);
986 /* Initialize the File Object event and set the FO */
987 KeInitializeEvent(&FileObject
->Event
, NotificationEvent
, FALSE
);
988 OpenPacket
->FileObject
= FileObject
;
990 /* Queue the IRP and call the driver */
991 IopQueueIrpToThread(Irp
);
992 Status
= IoCallDriver(DeviceObject
, Irp
);
993 if (Status
== STATUS_PENDING
)
995 /* Wait for the driver to complete the create */
996 KeWaitForSingleObject(&FileObject
->Event
,
1002 /* Get the new status */
1003 Status
= IoStatusBlock
.Status
;
1007 /* We'll have to complete it ourselves */
1008 ASSERT(!Irp
->PendingReturned
);
1009 ASSERT(!Irp
->MdlAddress
);
1011 /* Handle name change if required */
1012 if (Status
== STATUS_REPARSE
)
1014 /* Check this is a mount point */
1015 if (Irp
->IoStatus
.Information
== IO_REPARSE_TAG_MOUNT_POINT
)
1017 PREPARSE_DATA_BUFFER ReparseData
;
1019 /* Reparse point attributes were passed by the driver in the auxiliary buffer */
1020 ASSERT(Irp
->Tail
.Overlay
.AuxiliaryBuffer
!= NULL
);
1021 ReparseData
= (PREPARSE_DATA_BUFFER
)Irp
->Tail
.Overlay
.AuxiliaryBuffer
;
1023 ASSERT(ReparseData
->ReparseTag
== IO_REPARSE_TAG_MOUNT_POINT
);
1024 ASSERT(ReparseData
->ReparseDataLength
< MAXIMUM_REPARSE_DATA_BUFFER_SIZE
);
1025 ASSERT(ReparseData
->Reserved
< MAXIMUM_REPARSE_DATA_BUFFER_SIZE
);
1027 IopDoNameTransmogrify(Irp
, FileObject
, ReparseData
);
1031 /* Completion happens at APC_LEVEL */
1032 KeRaiseIrql(APC_LEVEL
, &OldIrql
);
1034 /* Get the new I/O Status block ourselves */
1035 IoStatusBlock
= Irp
->IoStatus
;
1036 Status
= IoStatusBlock
.Status
;
1038 /* Manually signal the even, we can't have any waiters */
1039 FileObject
->Event
.Header
.SignalState
= 1;
1041 /* Now that we've signaled the events, de-associate the IRP */
1042 IopUnQueueIrpFromThread(Irp
);
1044 /* Check if the IRP had an input buffer */
1045 if ((Irp
->Flags
& IRP_BUFFERED_IO
) &&
1046 (Irp
->Flags
& IRP_DEALLOCATE_BUFFER
))
1048 /* Free it. A driver might've tacked one on */
1049 ExFreePool(Irp
->AssociatedIrp
.SystemBuffer
);
1052 /* Free the IRP and bring the IRQL back down */
1054 KeLowerIrql(OldIrql
);
1057 /* Copy the I/O Status */
1058 OpenPacket
->Information
= IoStatusBlock
.Information
;
1060 /* The driver failed to create the file */
1061 if (!NT_SUCCESS(Status
))
1063 /* Check if we have a name */
1064 if (FileObject
->FileName
.Length
)
1067 ExFreePoolWithTag(FileObject
->FileName
.Buffer
, TAG_IO_NAME
);
1068 FileObject
->FileName
.Length
= 0;
1071 /* Clear its device object */
1072 FileObject
->DeviceObject
= NULL
;
1074 /* Save this now because the FO might go away */
1075 OpenCancelled
= FileObject
->Flags
& FO_FILE_OPEN_CANCELLED
?
1078 /* Clear the file object in the open packet */
1079 OpenPacket
->FileObject
= NULL
;
1081 /* Dereference the file object */
1082 if (!UseDummyFile
) ObDereferenceObject(FileObject
);
1084 /* Dereference the device object */
1085 IopDereferenceDeviceObject(OriginalDeviceObject
, FALSE
);
1087 /* Unless the driver cancelled the open, dereference the VPB */
1088 if (!(OpenCancelled
) && (Vpb
)) IopDereferenceVpbAndFree(Vpb
);
1090 /* Set the status and return */
1091 OpenPacket
->FinalStatus
= Status
;
1094 else if (Status
== STATUS_REPARSE
)
1096 if (OpenPacket
->Information
== IO_REPARSE
||
1097 OpenPacket
->Information
== IO_REPARSE_TAG_MOUNT_POINT
)
1099 /* Update CompleteName with reparse info which got updated in IopDoNameTransmogrify() */
1100 if (CompleteName
->MaximumLength
< FileObject
->FileName
.Length
)
1102 PWSTR NewCompleteName
;
1104 /* Allocate a new buffer for the string */
1105 NewCompleteName
= ExAllocatePoolWithTag(PagedPool
, FileObject
->FileName
.Length
, TAG_IO_NAME
);
1106 if (NewCompleteName
== NULL
)
1108 OpenPacket
->FinalStatus
= STATUS_INSUFFICIENT_RESOURCES
;
1109 return STATUS_INSUFFICIENT_RESOURCES
;
1112 /* Release the old one */
1113 if (CompleteName
->Buffer
!= NULL
)
1115 ExFreePoolWithTag(CompleteName
->Buffer
, 0);
1118 /* And setup the new one */
1119 CompleteName
->Buffer
= NewCompleteName
;
1120 CompleteName
->MaximumLength
= FileObject
->FileName
.Length
;
1123 /* Copy our new complete name */
1124 RtlCopyUnicodeString(CompleteName
, &FileObject
->FileName
);
1126 if (OpenPacket
->Information
== IO_REPARSE_TAG_MOUNT_POINT
)
1128 OpenPacket
->RelatedFileObject
= NULL
;
1132 /* Check if we have a name */
1133 if (FileObject
->FileName
.Length
)
1136 ExFreePoolWithTag(FileObject
->FileName
.Buffer
, 0);
1137 FileObject
->FileName
.Length
= 0;
1140 /* Clear its device object */
1141 FileObject
->DeviceObject
= NULL
;
1143 /* Clear the file object in the open packet */
1144 OpenPacket
->FileObject
= NULL
;
1146 /* Dereference the file object */
1147 if (!UseDummyFile
) ObDereferenceObject(FileObject
);
1149 /* Dereference the device object */
1150 IopDereferenceDeviceObject(OriginalDeviceObject
, FALSE
);
1152 /* Unless the driver cancelled the open, dereference the VPB */
1153 if (Vpb
!= NULL
) IopDereferenceVpbAndFree(Vpb
);
1155 if (OpenPacket
->Information
!= IO_REMOUNT
)
1157 OpenPacket
->RelatedFileObject
= NULL
;
1159 /* Inform we traversed a mount point for later attempt */
1160 if (OpenPacket
->Information
== IO_REPARSE_TAG_MOUNT_POINT
)
1162 OpenPacket
->TraversedMountPoint
= 1;
1165 /* In case we override checks, but got this on volume open, fail hard */
1166 if (OpenPacket
->Override
)
1168 KeBugCheckEx(DRIVER_RETURNED_STATUS_REPARSE_FOR_VOLUME_OPEN
,
1169 (ULONG_PTR
)OriginalDeviceObject
,
1170 (ULONG_PTR
)DeviceObject
,
1171 (ULONG_PTR
)CompleteName
,
1172 OpenPacket
->Information
);
1175 /* Return to IO/OB so that information can be upgraded */
1176 return STATUS_REPARSE
;
1179 /* Loop again and reattempt an opening */
1186 if (Attempt
== IOP_MAX_REPARSE_TRAVERSAL
)
1187 return STATUS_UNSUCCESSFUL
;
1189 /* Get the owner of the File Object */
1190 OwnerDevice
= IoGetRelatedDeviceObject(FileObject
);
1193 * It's possible that the device to whom we sent the IRP to
1194 * isn't actually the device that ended opening the file object
1197 if (OwnerDevice
!= DeviceObject
)
1199 /* We have to de-reference the VPB we had associated */
1200 if (Vpb
) IopDereferenceVpbAndFree(Vpb
);
1202 /* And re-associate with the actual one */
1203 Vpb
= FileObject
->Vpb
;
1204 if (Vpb
) InterlockedIncrement((PLONG
)&Vpb
->ReferenceCount
);
1207 /* Make sure we are not using a dummy */
1210 /* Check if this was a volume open */
1211 if ((!(FileObject
->RelatedFileObject
) ||
1212 (FileObject
->RelatedFileObject
->Flags
& FO_VOLUME_OPEN
)) &&
1213 !(FileObject
->FileName
.Length
))
1215 /* All signs point to it, but make sure it was actually an FSD */
1216 if ((OwnerDevice
->DeviceType
== FILE_DEVICE_DISK_FILE_SYSTEM
) ||
1217 (OwnerDevice
->DeviceType
== FILE_DEVICE_CD_ROM_FILE_SYSTEM
) ||
1218 (OwnerDevice
->DeviceType
== FILE_DEVICE_TAPE_FILE_SYSTEM
) ||
1219 (OwnerDevice
->DeviceType
== FILE_DEVICE_FILE_SYSTEM
))
1221 /* The owner device is an FSD, so this is a volume open for real */
1222 FileObject
->Flags
|= FO_VOLUME_OPEN
;
1226 /* Reference the object and set the parse check */
1227 ObReferenceObject(FileObject
);
1228 *Object
= FileObject
;
1229 OpenPacket
->FinalStatus
= IoStatusBlock
.Status
;
1230 OpenPacket
->ParseCheck
= TRUE
;
1231 return OpenPacket
->FinalStatus
;
1235 /* Check if this was a query */
1236 if (OpenPacket
->QueryOnly
)
1238 /* Check if the caller wants basic info only */
1239 if (!OpenPacket
->FullAttributes
)
1241 /* Allocate the buffer */
1242 FileBasicInfo
= ExAllocatePoolWithTag(NonPagedPool
,
1243 sizeof(*FileBasicInfo
),
1248 Status
= IoQueryFileInformation(FileObject
,
1249 FileBasicInformation
,
1250 sizeof(*FileBasicInfo
),
1253 if (NT_SUCCESS(Status
))
1256 RtlCopyMemory(OpenPacket
->BasicInformation
,
1261 /* Free our buffer */
1262 ExFreePoolWithTag(FileBasicInfo
, TAG_IO
);
1267 Status
= STATUS_INSUFFICIENT_RESOURCES
;
1272 /* This is a full query */
1273 Status
= IoQueryFileInformation(
1275 FileNetworkOpenInformation
,
1276 sizeof(FILE_NETWORK_OPEN_INFORMATION
),
1277 OpenPacket
->NetworkInformation
,
1279 if (!NT_SUCCESS(Status
)) ASSERT(Status
!= STATUS_NOT_IMPLEMENTED
);
1283 /* Delete the file object */
1284 IopDeleteFile(FileObject
);
1286 /* Clear out the file */
1287 OpenPacket
->FileObject
= NULL
;
1289 /* Set and return status */
1290 OpenPacket
->FinalStatus
= Status
;
1291 OpenPacket
->ParseCheck
= TRUE
;
1298 IopParseFile(IN PVOID ParseObject
,
1299 IN PVOID ObjectType
,
1300 IN OUT PACCESS_STATE AccessState
,
1301 IN KPROCESSOR_MODE AccessMode
,
1302 IN ULONG Attributes
,
1303 IN OUT PUNICODE_STRING CompleteName
,
1304 IN OUT PUNICODE_STRING RemainingName
,
1305 IN OUT PVOID Context OPTIONAL
,
1306 IN PSECURITY_QUALITY_OF_SERVICE SecurityQos OPTIONAL
,
1310 POPEN_PACKET OpenPacket
= (POPEN_PACKET
)Context
;
1312 /* Validate the open packet */
1313 if (!IopValidateOpenPacket(OpenPacket
)) return STATUS_OBJECT_TYPE_MISMATCH
;
1315 /* Get the device object */
1316 DeviceObject
= IoGetRelatedDeviceObject(ParseObject
);
1317 OpenPacket
->RelatedFileObject
= ParseObject
;
1319 /* Call the main routine */
1320 return IopParseDevice(DeviceObject
,
1334 IopDeleteFile(IN PVOID ObjectBody
)
1336 PFILE_OBJECT FileObject
= (PFILE_OBJECT
)ObjectBody
;
1338 PIO_STACK_LOCATION StackPtr
;
1341 PDEVICE_OBJECT DeviceObject
;
1342 BOOLEAN DereferenceDone
= FALSE
;
1345 IOTRACE(IO_FILE_DEBUG
, "ObjectBody: %p\n", ObjectBody
);
1347 /* Check if the file has a device object */
1348 if (FileObject
->DeviceObject
)
1350 /* Check if this is a direct open or not */
1351 if (FileObject
->Flags
& FO_DIRECT_DEVICE_OPEN
)
1353 /* Get the attached device */
1354 DeviceObject
= IoGetAttachedDevice(FileObject
->DeviceObject
);
1358 /* Use the file object's device object */
1359 DeviceObject
= IoGetRelatedDeviceObject(FileObject
);
1363 ASSERT(!(FileObject
->Flags
& FO_SYNCHRONOUS_IO
) ||
1364 (InterlockedExchange((PLONG
)&FileObject
->Busy
, TRUE
) == FALSE
));
1366 /* Check if the handle wasn't created yet */
1367 if (!(FileObject
->Flags
& FO_HANDLE_CREATED
))
1369 /* Send the cleanup IRP */
1370 IopCloseFile(NULL
, ObjectBody
, 0, 1, 1);
1373 /* Clear and set up Events */
1374 KeClearEvent(&FileObject
->Event
);
1375 KeInitializeEvent(&Event
, SynchronizationEvent
, FALSE
);
1377 /* Allocate an IRP */
1378 Irp
= IopAllocateIrpMustSucceed(DeviceObject
->StackSize
);
1381 Irp
->UserEvent
= &Event
;
1382 Irp
->UserIosb
= &Irp
->IoStatus
;
1383 Irp
->Tail
.Overlay
.Thread
= PsGetCurrentThread();
1384 Irp
->Tail
.Overlay
.OriginalFileObject
= FileObject
;
1385 Irp
->Flags
= IRP_CLOSE_OPERATION
| IRP_SYNCHRONOUS_API
;
1387 /* Set up Stack Pointer Data */
1388 StackPtr
= IoGetNextIrpStackLocation(Irp
);
1389 StackPtr
->MajorFunction
= IRP_MJ_CLOSE
;
1390 StackPtr
->FileObject
= FileObject
;
1393 IopQueueIrpToThread(Irp
);
1395 /* Get the VPB and check if this isn't a direct open */
1396 Vpb
= FileObject
->Vpb
;
1397 if ((Vpb
) && !(FileObject
->Flags
& FO_DIRECT_DEVICE_OPEN
))
1399 /* Dereference the VPB before the close */
1400 InterlockedDecrement((PLONG
)&Vpb
->ReferenceCount
);
1403 /* Check if the FS will never disappear by itself */
1404 if (FileObject
->DeviceObject
->Flags
& DO_NEVER_LAST_DEVICE
)
1406 /* Dereference it */
1407 InterlockedDecrement(&FileObject
->DeviceObject
->ReferenceCount
);
1408 DereferenceDone
= TRUE
;
1411 /* Call the FS Driver */
1412 Status
= IoCallDriver(DeviceObject
, Irp
);
1413 if (Status
== STATUS_PENDING
)
1415 /* Wait for completion */
1416 KeWaitForSingleObject(&Event
, Executive
, KernelMode
, FALSE
, NULL
);
1419 /* De-queue the IRP */
1420 KeRaiseIrql(APC_LEVEL
, &OldIrql
);
1421 IopUnQueueIrpFromThread(Irp
);
1422 KeLowerIrql(OldIrql
);
1427 /* Clear the file name */
1428 if (FileObject
->FileName
.Buffer
)
1430 ExFreePoolWithTag(FileObject
->FileName
.Buffer
, TAG_IO_NAME
);
1431 FileObject
->FileName
.Buffer
= NULL
;
1434 /* Check if the FO had a completion port */
1435 if (FileObject
->CompletionContext
)
1438 ObDereferenceObject(FileObject
->CompletionContext
->Port
);
1439 ExFreePool(FileObject
->CompletionContext
);
1442 /* Check if the FO had extension */
1443 if (FileObject
->Flags
& FO_FILE_OBJECT_HAS_EXTENSION
)
1445 /* Release filter context structure if any */
1446 FsRtlPTeardownPerFileObjectContexts(FileObject
);
1449 /* Check if dereference has been done yet */
1450 if (!DereferenceDone
)
1452 /* Dereference device object */
1453 IopDereferenceDeviceObject(FileObject
->DeviceObject
, FALSE
);
1460 IopGetDeviceAttachmentBase(IN PDEVICE_OBJECT DeviceObject
)
1462 PDEVICE_OBJECT PDO
= DeviceObject
;
1464 /* Go down the stack to attempt to get the PDO */
1465 for (; ((PEXTENDED_DEVOBJ_EXTENSION
)PDO
->DeviceObjectExtension
)->AttachedTo
!= NULL
;
1466 PDO
= ((PEXTENDED_DEVOBJ_EXTENSION
)PDO
->DeviceObjectExtension
)->AttachedTo
);
1473 IopGetDevicePDO(IN PDEVICE_OBJECT DeviceObject
)
1478 ASSERT(DeviceObject
!= NULL
);
1480 OldIrql
= KeAcquireQueuedSpinLock(LockQueueIoDatabaseLock
);
1481 /* Get the base DO */
1482 PDO
= IopGetDeviceAttachmentBase(DeviceObject
);
1483 /* Check whether that's really a PDO and if so, keep it */
1484 if ((PDO
->Flags
& DO_BUS_ENUMERATED_DEVICE
) != DO_BUS_ENUMERATED_DEVICE
)
1490 ObReferenceObject(PDO
);
1492 KeReleaseQueuedSpinLock(LockQueueIoDatabaseLock
, OldIrql
);
1499 IopSetDeviceSecurityDescriptor(IN PDEVICE_OBJECT DeviceObject
,
1500 IN PSECURITY_INFORMATION SecurityInformation
,
1501 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
1502 IN POOL_TYPE PoolType
,
1503 IN PGENERIC_MAPPING GenericMapping
)
1506 PSECURITY_DESCRIPTOR OldSecurityDescriptor
, CachedSecurityDescriptor
, NewSecurityDescriptor
;
1510 /* Keep attempting till we find our old SD or fail */
1513 KeEnterCriticalRegion();
1514 ExAcquireResourceSharedLite(&IopSecurityResource
, TRUE
);
1516 /* Get our old SD and reference it */
1517 OldSecurityDescriptor
= DeviceObject
->SecurityDescriptor
;
1518 if (OldSecurityDescriptor
!= NULL
)
1520 ObReferenceSecurityDescriptor(OldSecurityDescriptor
, 1);
1523 ExReleaseResourceLite(&IopSecurityResource
);
1524 KeLeaveCriticalRegion();
1526 /* Set the SD information */
1527 NewSecurityDescriptor
= OldSecurityDescriptor
;
1528 Status
= SeSetSecurityDescriptorInfo(NULL
, SecurityInformation
,
1529 SecurityDescriptor
, &NewSecurityDescriptor
,
1530 PoolType
, GenericMapping
);
1532 if (!NT_SUCCESS(Status
))
1534 if (OldSecurityDescriptor
!= NULL
)
1536 ObDereferenceSecurityDescriptor(OldSecurityDescriptor
, 1);
1542 /* Add the new DS to the internal cache */
1543 Status
= ObLogSecurityDescriptor(NewSecurityDescriptor
,
1544 &CachedSecurityDescriptor
, 1);
1545 ExFreePool(NewSecurityDescriptor
);
1546 if (!NT_SUCCESS(Status
))
1548 ObDereferenceSecurityDescriptor(OldSecurityDescriptor
, 1);
1552 KeEnterCriticalRegion();
1553 ExAcquireResourceExclusiveLite(&IopSecurityResource
, TRUE
);
1554 /* Check if someone changed it in our back */
1555 if (DeviceObject
->SecurityDescriptor
== OldSecurityDescriptor
)
1557 /* We're clear, do the swap */
1558 DeviceObject
->SecurityDescriptor
= CachedSecurityDescriptor
;
1559 ExReleaseResourceLite(&IopSecurityResource
);
1560 KeLeaveCriticalRegion();
1562 /* And dereference old SD (twice - us + not in use) */
1563 ObDereferenceSecurityDescriptor(OldSecurityDescriptor
, 2);
1567 ExReleaseResourceLite(&IopSecurityResource
);
1568 KeLeaveCriticalRegion();
1570 /* If so, try again */
1571 ObDereferenceSecurityDescriptor(OldSecurityDescriptor
, 1);
1572 ObDereferenceSecurityDescriptor(CachedSecurityDescriptor
, 1);
1580 IopSetDeviceSecurityDescriptors(IN PDEVICE_OBJECT UpperDeviceObject
,
1581 IN PDEVICE_OBJECT PhysicalDeviceObject
,
1582 IN PSECURITY_INFORMATION SecurityInformation
,
1583 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
1584 IN POOL_TYPE PoolType
,
1585 IN PGENERIC_MAPPING GenericMapping
)
1587 PDEVICE_OBJECT CurrentDO
= PhysicalDeviceObject
, NextDevice
;
1588 NTSTATUS Status
= STATUS_SUCCESS
, TmpStatus
;
1592 ASSERT(PhysicalDeviceObject
!= NULL
);
1594 /* We always reference the DO we're working on */
1595 ObReferenceObject(CurrentDO
);
1597 /* Go up from PDO to latest DO */
1600 /* Attempt to set the new SD on it */
1601 TmpStatus
= IopSetDeviceSecurityDescriptor(CurrentDO
, SecurityInformation
,
1602 SecurityDescriptor
, PoolType
,
1604 /* Was our last one? Remember that status then */
1605 if (CurrentDO
== UpperDeviceObject
)
1610 /* Try to move to the next DO (and thus, reference it) */
1611 NextDevice
= CurrentDO
->AttachedDevice
;
1614 ObReferenceObject(NextDevice
);
1617 /* Dereference current DO and move to the next one */
1618 ObDereferenceObject(CurrentDO
);
1619 CurrentDO
= NextDevice
;
1621 while (CurrentDO
!= NULL
);
1628 IopGetSetSecurityObject(IN PVOID ObjectBody
,
1629 IN SECURITY_OPERATION_CODE OperationCode
,
1630 IN PSECURITY_INFORMATION SecurityInformation
,
1631 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
1632 IN OUT PULONG BufferLength
,
1633 IN OUT PSECURITY_DESCRIPTOR
*OldSecurityDescriptor
,
1634 IN POOL_TYPE PoolType
,
1635 IN OUT PGENERIC_MAPPING GenericMapping
)
1637 IO_STATUS_BLOCK IoStatusBlock
;
1638 PIO_STACK_LOCATION StackPtr
;
1639 PFILE_OBJECT FileObject
;
1640 PDEVICE_OBJECT DeviceObject
;
1642 BOOLEAN LocalEvent
= FALSE
;
1644 NTSTATUS Status
= STATUS_SUCCESS
;
1646 IOTRACE(IO_FILE_DEBUG
, "ObjectBody: %p\n", ObjectBody
);
1648 /* Check if this is a device or file */
1649 if (((PFILE_OBJECT
)ObjectBody
)->Type
== IO_TYPE_DEVICE
)
1652 DeviceObject
= (PDEVICE_OBJECT
)ObjectBody
;
1658 FileObject
= (PFILE_OBJECT
)ObjectBody
;
1660 /* Check if this is a direct open */
1661 if (FileObject
->Flags
& FO_DIRECT_DEVICE_OPEN
)
1663 /* Get the Device Object */
1664 DeviceObject
= IoGetAttachedDevice(FileObject
->DeviceObject
);
1668 /* Otherwise, use the direct device*/
1669 DeviceObject
= FileObject
->DeviceObject
;
1673 /* Check if the request was for a device object */
1674 if (!(FileObject
) ||
1675 (!(FileObject
->FileName
.Length
) && !(FileObject
->RelatedFileObject
)) ||
1676 (FileObject
->Flags
& FO_DIRECT_DEVICE_OPEN
))
1678 /* Check what kind of request this was */
1679 if (OperationCode
== QuerySecurityDescriptor
)
1681 return SeQuerySecurityDescriptorInfo(SecurityInformation
,
1684 &DeviceObject
->SecurityDescriptor
);
1686 else if (OperationCode
== DeleteSecurityDescriptor
)
1688 /* Simply return success */
1689 return STATUS_SUCCESS
;
1691 else if (OperationCode
== AssignSecurityDescriptor
)
1693 Status
= STATUS_SUCCESS
;
1695 /* Make absolutely sure this is a device object */
1696 if (!(FileObject
) || !(FileObject
->Flags
& FO_STREAM_FILE
))
1698 PSECURITY_DESCRIPTOR CachedSecurityDescriptor
;
1700 /* Add the security descriptor in cache */
1701 Status
= ObLogSecurityDescriptor(SecurityDescriptor
, &CachedSecurityDescriptor
, 1);
1702 if (NT_SUCCESS(Status
))
1704 KeEnterCriticalRegion();
1705 ExAcquireResourceExclusiveLite(&IopSecurityResource
, TRUE
);
1707 /* Assign the Security Descriptor */
1708 DeviceObject
->SecurityDescriptor
= CachedSecurityDescriptor
;
1710 ExReleaseResourceLite(&IopSecurityResource
);
1711 KeLeaveCriticalRegion();
1718 else if (OperationCode
== SetSecurityDescriptor
)
1720 /* Get the Physical Device Object if any */
1721 PDEVICE_OBJECT PDO
= IopGetDevicePDO(DeviceObject
);
1725 /* Apply the new SD to any DO in the path from PDO to current DO */
1726 Status
= IopSetDeviceSecurityDescriptors(DeviceObject
, PDO
,
1727 SecurityInformation
,
1729 PoolType
, GenericMapping
);
1730 ObDereferenceObject(PDO
);
1734 /* Otherwise, just set for ourselves */
1735 Status
= IopSetDeviceSecurityDescriptor(DeviceObject
,
1736 SecurityInformation
,
1738 PoolType
, GenericMapping
);
1741 return STATUS_SUCCESS
;
1744 /* Shouldn't happen */
1745 return STATUS_SUCCESS
;
1747 else if (OperationCode
== DeleteSecurityDescriptor
)
1749 /* Same as for devices, do nothing */
1750 return STATUS_SUCCESS
;
1753 /* At this point, we know we're a file. Reference it */
1754 ObReferenceObject(FileObject
);
1756 /* Check if we should use Sync IO or not */
1757 if (FileObject
->Flags
& FO_SYNCHRONOUS_IO
)
1759 /* Lock the file object */
1760 Status
= IopLockFileObject(FileObject
, ExGetPreviousMode());
1761 if (Status
!= STATUS_SUCCESS
)
1763 ObDereferenceObject(FileObject
);
1769 /* Use local event */
1770 KeInitializeEvent(&Event
, SynchronizationEvent
, FALSE
);
1774 /* Clear the File Object event */
1775 KeClearEvent(&FileObject
->Event
);
1777 /* Get the device object */
1778 DeviceObject
= IoGetRelatedDeviceObject(FileObject
);
1780 /* Allocate the IRP */
1781 Irp
= IoAllocateIrp(DeviceObject
->StackSize
, FALSE
);
1782 if (!Irp
) return IopCleanupFailedIrp(FileObject
, NULL
, NULL
);
1785 Irp
->Tail
.Overlay
.OriginalFileObject
= FileObject
;
1786 Irp
->Tail
.Overlay
.Thread
= PsGetCurrentThread();
1787 Irp
->RequestorMode
= ExGetPreviousMode();
1788 Irp
->UserIosb
= &IoStatusBlock
;
1789 Irp
->UserEvent
= (LocalEvent
) ? &Event
: NULL
;
1790 Irp
->Flags
= (LocalEvent
) ? IRP_SYNCHRONOUS_API
: 0;
1791 Irp
->Overlay
.AsynchronousParameters
.UserApcRoutine
= NULL
;
1793 /* Set Stack Parameters */
1794 StackPtr
= IoGetNextIrpStackLocation(Irp
);
1795 StackPtr
->FileObject
= FileObject
;
1797 /* Check if this is a query or set */
1798 if (OperationCode
== QuerySecurityDescriptor
)
1800 /* Set the major function and parameters */
1801 StackPtr
->MajorFunction
= IRP_MJ_QUERY_SECURITY
;
1802 StackPtr
->Parameters
.QuerySecurity
.SecurityInformation
=
1803 *SecurityInformation
;
1804 StackPtr
->Parameters
.QuerySecurity
.Length
= *BufferLength
;
1805 Irp
->UserBuffer
= SecurityDescriptor
;
1809 /* Set the major function and parameters for a set */
1810 StackPtr
->MajorFunction
= IRP_MJ_SET_SECURITY
;
1811 StackPtr
->Parameters
.SetSecurity
.SecurityInformation
=
1812 *SecurityInformation
;
1813 StackPtr
->Parameters
.SetSecurity
.SecurityDescriptor
=
1818 IopQueueIrpToThread(Irp
);
1820 /* Update operation counts */
1821 IopUpdateOperationCount(IopOtherTransfer
);
1823 /* Call the Driver */
1824 Status
= IoCallDriver(DeviceObject
, Irp
);
1826 /* Check if this was async I/O */
1829 /* Check if the IRP is pending completion */
1830 if (Status
== STATUS_PENDING
)
1832 /* Wait on the local event */
1833 KeWaitForSingleObject(&Event
,
1838 Status
= IoStatusBlock
.Status
;
1843 /* Check if the IRP is pending completion */
1844 if (Status
== STATUS_PENDING
)
1846 /* Wait on the file object */
1847 KeWaitForSingleObject(&FileObject
->Event
,
1852 Status
= FileObject
->FinalStatus
;
1855 /* Release the lock */
1856 IopUnlockFileObject(FileObject
);
1859 /* This Driver doesn't implement Security, so try to give it a default */
1860 if (Status
== STATUS_INVALID_DEVICE_REQUEST
)
1862 /* Was this a query? */
1863 if (OperationCode
== QuerySecurityDescriptor
)
1865 /* Set a World Security Descriptor */
1866 Status
= SeSetWorldSecurityDescriptor(*SecurityInformation
,
1872 /* It wasn't a query, so just fake success */
1873 Status
= STATUS_SUCCESS
;
1876 else if (OperationCode
== QuerySecurityDescriptor
)
1878 /* Callers usually expect the normalized form */
1879 if (Status
== STATUS_BUFFER_OVERFLOW
) Status
= STATUS_BUFFER_TOO_SMALL
;
1884 *BufferLength
= (ULONG
)IoStatusBlock
.Information
;
1886 _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER
)
1888 /* Get the exception code */
1889 Status
= _SEH2_GetExceptionCode();
1900 IopQueryName(IN PVOID ObjectBody
,
1902 OUT POBJECT_NAME_INFORMATION ObjectNameInfo
,
1904 OUT PULONG ReturnLength
,
1905 IN KPROCESSOR_MODE PreviousMode
)
1907 return IopQueryNameInternal(ObjectBody
,
1918 IopQueryNameInternal(IN PVOID ObjectBody
,
1920 IN BOOLEAN QueryDosName
,
1921 OUT POBJECT_NAME_INFORMATION ObjectNameInfo
,
1923 OUT PULONG ReturnLength
,
1924 IN KPROCESSOR_MODE PreviousMode
)
1926 POBJECT_NAME_INFORMATION LocalInfo
;
1927 PFILE_NAME_INFORMATION LocalFileInfo
;
1928 PFILE_OBJECT FileObject
= (PFILE_OBJECT
)ObjectBody
;
1929 ULONG LocalReturnLength
, FileLength
;
1930 BOOLEAN LengthMismatch
= FALSE
;
1933 PDEVICE_OBJECT DeviceObject
;
1936 IOTRACE(IO_FILE_DEBUG
, "ObjectBody: %p\n", ObjectBody
);
1938 /* Validate length */
1939 if (Length
< sizeof(OBJECT_NAME_INFORMATION
))
1941 /* Wrong length, fail */
1942 *ReturnLength
= sizeof(OBJECT_NAME_INFORMATION
);
1943 return STATUS_INFO_LENGTH_MISMATCH
;
1946 /* Allocate Buffer */
1947 LocalInfo
= ExAllocatePoolWithTag(PagedPool
, Length
, TAG_IO
);
1948 if (!LocalInfo
) return STATUS_INSUFFICIENT_RESOURCES
;
1950 /* Query DOS name if the caller asked to */
1954 DeviceObject
= FileObject
->DeviceObject
;
1956 /* In case of a network file system, don't call mountmgr */
1957 if (DeviceObject
->DeviceType
== FILE_DEVICE_NETWORK_FILE_SYSTEM
)
1959 /* We'll store separator and terminator */
1960 LocalReturnLength
= sizeof(OBJECT_NAME_INFORMATION
) + 2 * sizeof(WCHAR
);
1961 if (Length
< LocalReturnLength
)
1963 Status
= STATUS_BUFFER_OVERFLOW
;
1967 LocalInfo
->Name
.Length
= sizeof(WCHAR
);
1968 LocalInfo
->Name
.MaximumLength
= sizeof(WCHAR
);
1969 LocalInfo
->Name
.Buffer
= (PVOID
)((ULONG_PTR
)LocalInfo
+ sizeof(OBJECT_NAME_INFORMATION
));
1970 LocalInfo
->Name
.Buffer
[0] = OBJ_NAME_PATH_SEPARATOR
;
1971 Status
= STATUS_SUCCESS
;
1974 /* Otherwise, call mountmgr to get DOS name */
1977 Status
= IoVolumeDeviceToDosName(DeviceObject
, &LocalInfo
->Name
);
1978 LocalReturnLength
= LocalInfo
->Name
.Length
+ sizeof(OBJECT_NAME_INFORMATION
) + sizeof(WCHAR
);
1982 /* Fall back if querying DOS name failed or if caller never wanted it ;-) */
1983 if (!QueryDosName
|| !NT_SUCCESS(Status
))
1985 /* Query the name */
1986 Status
= ObQueryNameString(FileObject
->DeviceObject
,
1989 &LocalReturnLength
);
1996 if (!NT_SUCCESS(Status
) && (Status
!= STATUS_INFO_LENGTH_MISMATCH
))
1998 /* Free the buffer and fail */
1999 ExFreePoolWithTag(LocalInfo
, TAG_IO
);
2003 /* Get buffer pointer */
2004 p
= (PWCHAR
)(ObjectNameInfo
+ 1);
2008 /* Copy the information */
2009 if (QueryDosName
&& NoObCall
)
2011 ASSERT(PreviousMode
== KernelMode
);
2013 /* Copy structure first */
2014 RtlCopyMemory(ObjectNameInfo
,
2016 (Length
>= LocalReturnLength
? sizeof(OBJECT_NAME_INFORMATION
) : Length
));
2018 RtlCopyMemory(p
, LocalInfo
->Name
.Buffer
,
2019 (Length
>= LocalReturnLength
? LocalInfo
->Name
.Length
: Length
- sizeof(OBJECT_NAME_INFORMATION
)));
2021 if (FileObject
->DeviceObject
->DeviceType
!= FILE_DEVICE_NETWORK_FILE_SYSTEM
)
2023 ExFreePool(LocalInfo
->Name
.Buffer
);
2028 RtlCopyMemory(ObjectNameInfo
,
2030 (LocalReturnLength
> Length
) ?
2031 Length
: LocalReturnLength
);
2034 /* Set buffer pointer */
2035 ObjectNameInfo
->Name
.Buffer
= p
;
2037 /* Advance in buffer */
2038 p
+= (LocalInfo
->Name
.Length
/ sizeof(WCHAR
));
2040 /* Check if this already filled our buffer */
2041 if (LocalReturnLength
> Length
)
2043 /* Set the length mismatch to true, so that we can return
2044 * the proper buffer size to the caller later
2046 LengthMismatch
= TRUE
;
2048 /* Save the initial buffer length value */
2049 *ReturnLength
= LocalReturnLength
;
2052 /* Now get the file name buffer and check the length needed */
2053 LocalFileInfo
= (PFILE_NAME_INFORMATION
)LocalInfo
;
2054 FileLength
= Length
-
2056 FIELD_OFFSET(FILE_NAME_INFORMATION
, FileName
);
2058 /* Query the File name */
2059 if (PreviousMode
== KernelMode
&&
2060 BooleanFlagOn(FileObject
->Flags
, FO_SYNCHRONOUS_IO
))
2062 Status
= IopGetFileInformation(FileObject
,
2063 LengthMismatch
? Length
: FileLength
,
2064 FileNameInformation
,
2066 &LocalReturnLength
);
2070 Status
= IoQueryFileInformation(FileObject
,
2071 FileNameInformation
,
2072 LengthMismatch
? Length
: FileLength
,
2074 &LocalReturnLength
);
2076 if (NT_ERROR(Status
))
2078 /* Allow status that would mean it's not implemented in the storage stack */
2079 if (Status
!= STATUS_INVALID_PARAMETER
&& Status
!= STATUS_INVALID_DEVICE_REQUEST
&&
2080 Status
!= STATUS_NOT_IMPLEMENTED
&& Status
!= STATUS_INVALID_INFO_CLASS
)
2085 /* In such case, zero output */
2086 LocalReturnLength
= FIELD_OFFSET(FILE_NAME_INFORMATION
, FileName
);
2087 LocalFileInfo
->FileNameLength
= 0;
2088 LocalFileInfo
->FileName
[0] = OBJ_NAME_PATH_SEPARATOR
;
2092 /* We'll at least return the name length */
2093 if (LocalReturnLength
< FIELD_OFFSET(FILE_NAME_INFORMATION
, FileName
))
2095 LocalReturnLength
= FIELD_OFFSET(FILE_NAME_INFORMATION
, FileName
);
2099 /* If the provided buffer is too small, return the required size */
2102 /* Add the required length */
2103 *ReturnLength
+= LocalFileInfo
->FileNameLength
;
2105 /* Free the allocated buffer and return failure */
2106 Status
= STATUS_BUFFER_OVERFLOW
;
2110 /* Now calculate the new lengths left */
2111 FileLength
= LocalReturnLength
-
2112 FIELD_OFFSET(FILE_NAME_INFORMATION
, FileName
);
2113 LocalReturnLength
= (ULONG
)((ULONG_PTR
)p
-
2114 (ULONG_PTR
)ObjectNameInfo
+
2115 LocalFileInfo
->FileNameLength
);
2117 /* Don't copy the name if it's not valid */
2118 if (LocalFileInfo
->FileName
[0] != OBJ_NAME_PATH_SEPARATOR
)
2120 /* Free the allocated buffer and return failure */
2121 Status
= STATUS_OBJECT_PATH_INVALID
;
2125 /* Write the Name and null-terminate it */
2126 RtlCopyMemory(p
, LocalFileInfo
->FileName
, FileLength
);
2127 p
+= (FileLength
/ sizeof(WCHAR
));
2129 LocalReturnLength
+= sizeof(UNICODE_NULL
);
2131 /* Return the length needed */
2132 *ReturnLength
= LocalReturnLength
;
2134 /* Setup the length and maximum length */
2135 FileLength
= (ULONG
)((ULONG_PTR
)p
- (ULONG_PTR
)ObjectNameInfo
);
2136 ObjectNameInfo
->Name
.Length
= (USHORT
)FileLength
-
2137 sizeof(OBJECT_NAME_INFORMATION
);
2138 ObjectNameInfo
->Name
.MaximumLength
= (USHORT
)ObjectNameInfo
->Name
.Length
+
2139 sizeof(UNICODE_NULL
);
2143 /* Free buffer and return */
2144 ExFreePoolWithTag(LocalInfo
, TAG_IO
);
2152 IopCloseFile(IN PEPROCESS Process OPTIONAL
,
2153 IN PVOID ObjectBody
,
2154 IN ACCESS_MASK GrantedAccess
,
2155 IN ULONG HandleCount
,
2156 IN ULONG SystemHandleCount
)
2158 PFILE_OBJECT FileObject
= (PFILE_OBJECT
)ObjectBody
;
2161 PIO_STACK_LOCATION StackPtr
;
2163 PDEVICE_OBJECT DeviceObject
;
2165 IO_STATUS_BLOCK IoStatusBlock
;
2166 IOTRACE(IO_FILE_DEBUG
, "ObjectBody: %p\n", ObjectBody
);
2168 /* If this isn't the last handle for the current process, quit */
2169 if (HandleCount
!= 1) return;
2171 /* Check if the file is locked and has more then one handle opened */
2172 if ((FileObject
->LockOperation
) && (SystemHandleCount
!= 1))
2174 /* Check if this is a direct open or not */
2175 if (BooleanFlagOn(FileObject
->Flags
, FO_DIRECT_DEVICE_OPEN
))
2177 /* Get the attached device */
2178 DeviceObject
= IoGetAttachedDevice(FileObject
->DeviceObject
);
2182 /* Get the FO's device */
2183 DeviceObject
= IoGetRelatedDeviceObject(FileObject
);
2186 /* Check if this is a sync FO and lock it */
2187 if (BooleanFlagOn(FileObject
->Flags
, FO_SYNCHRONOUS_IO
))
2189 (VOID
)IopLockFileObject(FileObject
, KernelMode
);
2192 /* Go the FastIO path if possible, otherwise fall back to IRP */
2193 if (DeviceObject
->DriverObject
->FastIoDispatch
== NULL
||
2194 DeviceObject
->DriverObject
->FastIoDispatch
->FastIoUnlockAll
== NULL
||
2195 !DeviceObject
->DriverObject
->FastIoDispatch
->FastIoUnlockAll(FileObject
, PsGetCurrentProcess(), &IoStatusBlock
, DeviceObject
))
2197 /* Clear and set up Events */
2198 KeClearEvent(&FileObject
->Event
);
2199 KeInitializeEvent(&Event
, SynchronizationEvent
, FALSE
);
2201 /* Allocate an IRP */
2202 Irp
= IopAllocateIrpMustSucceed(DeviceObject
->StackSize
);
2205 Irp
->UserEvent
= &Event
;
2206 Irp
->UserIosb
= &Irp
->IoStatus
;
2207 Irp
->Tail
.Overlay
.Thread
= PsGetCurrentThread();
2208 Irp
->Tail
.Overlay
.OriginalFileObject
= FileObject
;
2209 Irp
->RequestorMode
= KernelMode
;
2210 Irp
->Flags
= IRP_SYNCHRONOUS_API
;
2211 Irp
->Overlay
.AsynchronousParameters
.UserApcRoutine
= NULL
;
2212 ObReferenceObject(FileObject
);
2214 /* Set up Stack Pointer Data */
2215 StackPtr
= IoGetNextIrpStackLocation(Irp
);
2216 StackPtr
->MajorFunction
= IRP_MJ_LOCK_CONTROL
;
2217 StackPtr
->MinorFunction
= IRP_MN_UNLOCK_ALL
;
2218 StackPtr
->FileObject
= FileObject
;
2221 IopQueueIrpToThread(Irp
);
2223 /* Call the FS Driver */
2224 Status
= IoCallDriver(DeviceObject
, Irp
);
2225 if (Status
== STATUS_PENDING
)
2227 /* Wait for completion */
2228 KeWaitForSingleObject(&Event
, UserRequest
, KernelMode
, FALSE
, NULL
);
2231 /* IO will unqueue & free for us */
2234 /* Release the lock if we were holding it */
2235 if (BooleanFlagOn(FileObject
->Flags
, FO_SYNCHRONOUS_IO
))
2237 IopUnlockFileObject(FileObject
);
2241 /* Make sure this is the last handle */
2242 if (SystemHandleCount
!= 1) return;
2244 /* Check if this is a direct open or not */
2245 if (FileObject
->Flags
& FO_DIRECT_DEVICE_OPEN
)
2247 /* Get the attached device */
2248 DeviceObject
= IoGetAttachedDevice(FileObject
->DeviceObject
);
2252 /* Get the FO's device */
2253 DeviceObject
= IoGetRelatedDeviceObject(FileObject
);
2256 /* Set the handle created flag */
2257 FileObject
->Flags
|= FO_HANDLE_CREATED
;
2259 /* Check if this is a sync FO and lock it */
2260 if (Process
!= NULL
&&
2261 BooleanFlagOn(FileObject
->Flags
, FO_SYNCHRONOUS_IO
))
2263 (VOID
)IopLockFileObject(FileObject
, KernelMode
);
2266 /* Clear and set up Events */
2267 KeClearEvent(&FileObject
->Event
);
2268 KeInitializeEvent(&Event
, SynchronizationEvent
, FALSE
);
2270 /* Allocate an IRP */
2271 Irp
= IopAllocateIrpMustSucceed(DeviceObject
->StackSize
);
2274 Irp
->UserEvent
= &Event
;
2275 Irp
->UserIosb
= &Irp
->IoStatus
;
2276 Irp
->Tail
.Overlay
.Thread
= PsGetCurrentThread();
2277 Irp
->Tail
.Overlay
.OriginalFileObject
= FileObject
;
2278 Irp
->Overlay
.AsynchronousParameters
.UserApcRoutine
= NULL
;
2279 Irp
->Flags
= IRP_CLOSE_OPERATION
| IRP_SYNCHRONOUS_API
;
2281 /* Set up Stack Pointer Data */
2282 StackPtr
= IoGetNextIrpStackLocation(Irp
);
2283 StackPtr
->MajorFunction
= IRP_MJ_CLEANUP
;
2284 StackPtr
->FileObject
= FileObject
;
2287 IopQueueIrpToThread(Irp
);
2289 /* Update operation counts */
2290 IopUpdateOperationCount(IopOtherTransfer
);
2292 /* Call the FS Driver */
2293 Status
= IoCallDriver(DeviceObject
, Irp
);
2294 if (Status
== STATUS_PENDING
)
2296 /* Wait for completion */
2297 KeWaitForSingleObject(&Event
, UserRequest
, KernelMode
, FALSE
, NULL
);
2300 /* Unqueue the IRP */
2301 KeRaiseIrql(APC_LEVEL
, &OldIrql
);
2302 IopUnQueueIrpFromThread(Irp
);
2303 KeLowerIrql(OldIrql
);
2308 /* Release the lock if we were holding it */
2309 if (Process
!= NULL
&&
2310 BooleanFlagOn(FileObject
->Flags
, FO_SYNCHRONOUS_IO
))
2312 IopUnlockFileObject(FileObject
);
2318 IopQueryAttributesFile(IN POBJECT_ATTRIBUTES ObjectAttributes
,
2319 IN FILE_INFORMATION_CLASS FileInformationClass
,
2320 IN ULONG FileInformationSize
,
2321 OUT PVOID FileInformation
)
2324 KPROCESSOR_MODE AccessMode
= ExGetPreviousMode();
2325 DUMMY_FILE_OBJECT LocalFileObject
;
2326 FILE_NETWORK_OPEN_INFORMATION NetworkOpenInfo
;
2328 OPEN_PACKET OpenPacket
;
2331 IOTRACE(IO_FILE_DEBUG
, "Class: %lx\n", FileInformationClass
);
2333 /* Check if the caller was user mode */
2334 if (AccessMode
!= KernelMode
)
2336 /* Protect probe in SEH */
2339 /* Probe the buffer */
2340 ProbeForWrite(FileInformation
, FileInformationSize
, sizeof(ULONG
));
2342 _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER
)
2344 /* Return the exception code */
2345 _SEH2_YIELD(return _SEH2_GetExceptionCode());
2350 /* Check if this is a basic or full request */
2351 IsBasic
= (FileInformationSize
== sizeof(FILE_BASIC_INFORMATION
));
2353 /* Setup the Open Packet */
2354 RtlZeroMemory(&OpenPacket
, sizeof(OPEN_PACKET
));
2355 OpenPacket
.Type
= IO_TYPE_OPEN_PACKET
;
2356 OpenPacket
.Size
= sizeof(OPEN_PACKET
);
2357 OpenPacket
.CreateOptions
= FILE_OPEN_REPARSE_POINT
;
2358 OpenPacket
.ShareAccess
= FILE_SHARE_READ
| FILE_SHARE_WRITE
| FILE_SHARE_DELETE
;
2359 OpenPacket
.Disposition
= FILE_OPEN
;
2360 OpenPacket
.BasicInformation
= IsBasic
? FileInformation
: NULL
;
2361 OpenPacket
.NetworkInformation
= IsBasic
? &NetworkOpenInfo
:
2362 (AccessMode
!= KernelMode
) ?
2363 &NetworkOpenInfo
: FileInformation
;
2364 OpenPacket
.QueryOnly
= TRUE
;
2365 OpenPacket
.FullAttributes
= IsBasic
? FALSE
: TRUE
;
2366 OpenPacket
.LocalFileObject
= &LocalFileObject
;
2368 /* Update the operation count */
2369 IopUpdateOperationCount(IopOtherTransfer
);
2372 * Attempt opening the file. This will call the I/O Parse Routine for
2373 * the File Object (IopParseDevice) which will use the dummy file obejct
2374 * send the IRP to its device object. Note that we have two statuses
2375 * to worry about: the Object Manager's status (in Status) and the I/O
2376 * status, which is in the Open Packet's Final Status, and determined
2377 * by the Parse Check member.
2379 Status
= ObOpenObjectByName(ObjectAttributes
,
2383 FILE_READ_ATTRIBUTES
,
2386 if (OpenPacket
.ParseCheck
== FALSE
)
2389 DPRINT("IopQueryAttributesFile failed for '%wZ' with 0x%lx\n",
2390 ObjectAttributes
->ObjectName
, Status
);
2395 /* Use the Io status */
2396 Status
= OpenPacket
.FinalStatus
;
2399 /* Check if we were succesful and this was user mode and a full query */
2400 if ((NT_SUCCESS(Status
)) && (AccessMode
!= KernelMode
) && !(IsBasic
))
2402 /* Enter SEH for copy */
2405 /* Copy the buffer back */
2406 RtlCopyMemory(FileInformation
,
2408 FileInformationSize
);
2410 _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER
)
2412 /* Get exception code */
2413 Status
= _SEH2_GetExceptionCode();
2424 IopAcquireFileObjectLock(
2425 _In_ PFILE_OBJECT FileObject
,
2426 _In_ KPROCESSOR_MODE WaitMode
,
2427 _In_ BOOLEAN Alertable
,
2428 _Out_ PBOOLEAN LockFailed
)
2434 InterlockedIncrement((PLONG
)&FileObject
->Waiters
);
2436 Status
= STATUS_SUCCESS
;
2439 if (!InterlockedExchange((PLONG
)&FileObject
->Busy
, TRUE
))
2443 Status
= KeWaitForSingleObject(&FileObject
->Lock
,
2448 } while (Status
== STATUS_SUCCESS
);
2450 InterlockedDecrement((PLONG
)&FileObject
->Waiters
);
2451 if (Status
== STATUS_SUCCESS
)
2453 ObReferenceObject(FileObject
);
2454 *LockFailed
= FALSE
;
2458 if (!FileObject
->Busy
&& FileObject
->Waiters
)
2460 KeSetEvent(&FileObject
->Lock
, IO_NO_INCREMENT
, FALSE
);
2470 IoGetFileObjectFilterContext(IN PFILE_OBJECT FileObject
)
2472 if (BooleanFlagOn(FileObject
->Flags
, FO_FILE_OBJECT_HAS_EXTENSION
))
2474 PFILE_OBJECT_EXTENSION FileObjectExtension
;
2476 FileObjectExtension
= FileObject
->FileObjectExtension
;
2477 return FileObjectExtension
->FilterContext
;
2485 IoChangeFileObjectFilterContext(IN PFILE_OBJECT FileObject
,
2486 IN PVOID FilterContext
,
2490 PFILE_OBJECT_EXTENSION FileObjectExtension
;
2492 if (!BooleanFlagOn(FileObject
->Flags
, FO_FILE_OBJECT_HAS_EXTENSION
))
2494 return STATUS_INVALID_PARAMETER
;
2497 FileObjectExtension
= FileObject
->FileObjectExtension
;
2500 /* If define, just set the new value if not value is set
2501 * Success will only contain old value. It is valid if it is NULL
2503 Success
= (ULONG_PTR
)InterlockedCompareExchangePointer(&FileObjectExtension
->FilterContext
, FilterContext
, NULL
);
2507 /* If not define, we want to reset filter context.
2508 * We will remove value (provided by the caller) and set NULL instead.
2509 * This will only success if caller provides correct previous value.
2510 * To catch whether it worked, we substract previous value to expect value:
2511 * If it matches (and thus, we reset), Success will contain 0
2512 * Otherwise, it will contain a non-zero value.
2514 Success
= (ULONG_PTR
)InterlockedCompareExchangePointer(&FileObjectExtension
->FilterContext
, NULL
, FilterContext
) - (ULONG_PTR
)FilterContext
;
2517 /* If success isn't 0, it means we failed somewhere (set or unset) */
2520 return STATUS_ALREADY_COMMITTED
;
2523 return STATUS_SUCCESS
;
2528 IopCreateFile(OUT PHANDLE FileHandle
,
2529 IN ACCESS_MASK DesiredAccess
,
2530 IN POBJECT_ATTRIBUTES ObjectAttributes
,
2531 OUT PIO_STATUS_BLOCK IoStatusBlock
,
2532 IN PLARGE_INTEGER AllocationSize OPTIONAL
,
2533 IN ULONG FileAttributes
,
2534 IN ULONG ShareAccess
,
2535 IN ULONG Disposition
,
2536 IN ULONG CreateOptions
,
2537 IN PVOID EaBuffer OPTIONAL
,
2539 IN CREATE_FILE_TYPE CreateFileType
,
2540 IN PVOID ExtraCreateParameters OPTIONAL
,
2543 IN PDEVICE_OBJECT DeviceObject OPTIONAL
)
2545 KPROCESSOR_MODE AccessMode
;
2546 HANDLE LocalHandle
= 0;
2547 LARGE_INTEGER SafeAllocationSize
;
2548 NTSTATUS Status
= STATUS_SUCCESS
;
2549 PNAMED_PIPE_CREATE_PARAMETERS NamedPipeCreateParameters
;
2550 POPEN_PACKET OpenPacket
;
2551 ULONG EaErrorOffset
;
2554 IOTRACE(IO_FILE_DEBUG
, "FileName: %wZ\n", ObjectAttributes
->ObjectName
);
2557 /* Check if we have no parameter checking to do */
2558 if (Options
& IO_NO_PARAMETER_CHECKING
)
2560 /* Then force kernel-mode access to avoid checks */
2561 AccessMode
= KernelMode
;
2565 /* Otherwise, use the actual mode */
2566 AccessMode
= ExGetPreviousMode();
2569 /* Check if we need to do parameter checking */
2570 if ((AccessMode
!= KernelMode
) || (Options
& IO_CHECK_CREATE_PARAMETERS
))
2572 /* Validate parameters */
2573 if (FileAttributes
& ~FILE_ATTRIBUTE_VALID_FLAGS
)
2575 DPRINT1("File Create 'FileAttributes' Parameter contains invalid flags!\n");
2576 return STATUS_INVALID_PARAMETER
;
2579 if (ShareAccess
& ~FILE_SHARE_VALID_FLAGS
)
2581 DPRINT1("File Create 'ShareAccess' Parameter contains invalid flags!\n");
2582 return STATUS_INVALID_PARAMETER
;
2585 if (Disposition
> FILE_MAXIMUM_DISPOSITION
)
2587 DPRINT1("File Create 'Disposition' Parameter is out of range!\n");
2588 return STATUS_INVALID_PARAMETER
;
2591 if (CreateOptions
& ~FILE_VALID_OPTION_FLAGS
)
2593 DPRINT1("File Create 'CreateOptions' parameter contains invalid flags!\n");
2594 return STATUS_INVALID_PARAMETER
;
2597 if ((CreateOptions
& (FILE_SYNCHRONOUS_IO_ALERT
| FILE_SYNCHRONOUS_IO_NONALERT
)) &&
2598 (!(DesiredAccess
& SYNCHRONIZE
)))
2600 DPRINT1("File Create 'CreateOptions' parameter FILE_SYNCHRONOUS_IO_* requested, but 'DesiredAccess' does not have SYNCHRONIZE!\n");
2601 return STATUS_INVALID_PARAMETER
;
2604 if ((CreateOptions
& FILE_DELETE_ON_CLOSE
) && (!(DesiredAccess
& DELETE
)))
2606 DPRINT1("File Create 'CreateOptions' parameter FILE_DELETE_ON_CLOSE requested, but 'DesiredAccess' does not have DELETE!\n");
2607 return STATUS_INVALID_PARAMETER
;
2610 if ((CreateOptions
& (FILE_SYNCHRONOUS_IO_NONALERT
| FILE_SYNCHRONOUS_IO_ALERT
)) ==
2611 (FILE_SYNCHRONOUS_IO_NONALERT
| FILE_SYNCHRONOUS_IO_ALERT
))
2613 DPRINT1("File Create 'FileAttributes' parameter both FILE_SYNCHRONOUS_IO_NONALERT and FILE_SYNCHRONOUS_IO_ALERT specified!\n");
2614 return STATUS_INVALID_PARAMETER
;
2617 if ((CreateOptions
& FILE_DIRECTORY_FILE
) && !(CreateOptions
& FILE_NON_DIRECTORY_FILE
) &&
2618 (CreateOptions
& ~(FILE_DIRECTORY_FILE
|
2619 FILE_SYNCHRONOUS_IO_ALERT
|
2620 FILE_SYNCHRONOUS_IO_NONALERT
|
2621 FILE_WRITE_THROUGH
|
2622 FILE_COMPLETE_IF_OPLOCKED
|
2623 FILE_OPEN_FOR_BACKUP_INTENT
|
2624 FILE_DELETE_ON_CLOSE
|
2625 FILE_OPEN_FOR_FREE_SPACE_QUERY
|
2626 FILE_OPEN_BY_FILE_ID
|
2627 FILE_NO_COMPRESSION
|
2628 FILE_OPEN_REPARSE_POINT
)))
2630 DPRINT1("File Create 'CreateOptions' Parameter has flags incompatible with FILE_DIRECTORY_FILE!\n");
2631 return STATUS_INVALID_PARAMETER
;
2634 if ((CreateOptions
& FILE_DIRECTORY_FILE
) && !(CreateOptions
& FILE_NON_DIRECTORY_FILE
) &&
2635 (Disposition
!= FILE_CREATE
) && (Disposition
!= FILE_OPEN
) && (Disposition
!= FILE_OPEN_IF
))
2637 DPRINT1("File Create 'CreateOptions' Parameter FILE_DIRECTORY_FILE requested, but 'Disposition' is not FILE_CREATE/FILE_OPEN/FILE_OPEN_IF!\n");
2638 return STATUS_INVALID_PARAMETER
;
2641 if ((CreateOptions
& FILE_COMPLETE_IF_OPLOCKED
) && (CreateOptions
& FILE_RESERVE_OPFILTER
))
2643 DPRINT1("File Create 'CreateOptions' Parameter both FILE_COMPLETE_IF_OPLOCKED and FILE_RESERVE_OPFILTER specified!\n");
2644 return STATUS_INVALID_PARAMETER
;
2647 if ((CreateOptions
& FILE_NO_INTERMEDIATE_BUFFERING
) && (DesiredAccess
& FILE_APPEND_DATA
))
2649 DPRINT1("File Create 'CreateOptions' parameter FILE_NO_INTERMEDIATE_BUFFERING requested, but 'DesiredAccess' FILE_APPEND_DATA requires it!\n");
2650 return STATUS_INVALID_PARAMETER
;
2653 /* Now check if this is a named pipe */
2654 if (CreateFileType
== CreateFileTypeNamedPipe
)
2656 /* Make sure we have extra parameters */
2657 if (!ExtraCreateParameters
)
2659 DPRINT1("Invalid parameter: ExtraCreateParameters == 0!\n");
2660 return STATUS_INVALID_PARAMETER
;
2663 /* Get the parameters and validate them */
2664 NamedPipeCreateParameters
= ExtraCreateParameters
;
2665 if ((NamedPipeCreateParameters
->NamedPipeType
> FILE_PIPE_MESSAGE_TYPE
) ||
2666 (NamedPipeCreateParameters
->ReadMode
> FILE_PIPE_MESSAGE_MODE
) ||
2667 (NamedPipeCreateParameters
->CompletionMode
> FILE_PIPE_COMPLETE_OPERATION
) ||
2668 (ShareAccess
& FILE_SHARE_DELETE
) ||
2669 ((Disposition
< FILE_OPEN
) || (Disposition
> FILE_OPEN_IF
)) ||
2670 (CreateOptions
& ~FILE_VALID_PIPE_OPTION_FLAGS
))
2672 /* Invalid named pipe create */
2673 DPRINT1("Invalid named pipe create\n");
2674 return STATUS_INVALID_PARAMETER
;
2677 else if (CreateFileType
== CreateFileTypeMailslot
)
2679 /* Make sure we have extra parameters */
2680 if (!ExtraCreateParameters
)
2682 DPRINT1("Invalid parameter: ExtraCreateParameters == 0!\n");
2683 return STATUS_INVALID_PARAMETER
;
2686 /* Get the parameters and validate them */
2687 if ((ShareAccess
& FILE_SHARE_DELETE
) ||
2688 !(ShareAccess
& ~FILE_SHARE_WRITE
) ||
2689 (Disposition
!= FILE_CREATE
) ||
2690 (CreateOptions
& ~FILE_VALID_MAILSLOT_OPTION_FLAGS
))
2692 /* Invalid mailslot create */
2693 DPRINT1("Invalid mailslot create\n");
2694 return STATUS_INVALID_PARAMETER
;
2699 /* Allocate the open packet */
2700 OpenPacket
= ExAllocatePoolWithTag(NonPagedPool
, sizeof(*OpenPacket
), 'pOoI');
2701 if (!OpenPacket
) return STATUS_INSUFFICIENT_RESOURCES
;
2702 RtlZeroMemory(OpenPacket
, sizeof(*OpenPacket
));
2704 /* Check if the call came from user mode */
2705 if (AccessMode
!= KernelMode
)
2709 /* Probe the output parameters */
2710 ProbeForWriteHandle(FileHandle
);
2711 ProbeForWriteIoStatusBlock(IoStatusBlock
);
2713 /* Probe the allocation size if one was passed in */
2716 SafeAllocationSize
= ProbeForReadLargeInteger(AllocationSize
);
2720 SafeAllocationSize
.QuadPart
= 0;
2723 /* Make sure it's valid */
2724 if (SafeAllocationSize
.QuadPart
< 0)
2726 RtlRaiseStatus(STATUS_INVALID_PARAMETER
);
2729 /* Check if EA was passed in */
2730 if ((EaBuffer
) && (EaLength
))
2733 ProbeForRead(EaBuffer
, EaLength
, sizeof(ULONG
));
2735 /* And marshall it */
2736 OpenPacket
->EaBuffer
= ExAllocatePoolWithTag(NonPagedPool
,
2739 OpenPacket
->EaLength
= EaLength
;
2740 RtlCopyMemory(OpenPacket
->EaBuffer
, EaBuffer
, EaLength
);
2742 /* Validate the buffer */
2743 Status
= IoCheckEaBufferValidity(OpenPacket
->EaBuffer
,
2746 if (!NT_SUCCESS(Status
))
2748 /* Undo everything if it's invalid */
2749 DPRINT1("Invalid EA buffer\n");
2750 IoStatusBlock
->Status
= Status
;
2751 IoStatusBlock
->Information
= EaErrorOffset
;
2752 RtlRaiseStatus(Status
);
2756 _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER
)
2758 /* Return the exception code */
2759 if (OpenPacket
->EaBuffer
!= NULL
) ExFreePool(OpenPacket
->EaBuffer
);
2760 ExFreePool(OpenPacket
);
2761 _SEH2_YIELD(return _SEH2_GetExceptionCode());
2767 /* Check if this is a device attach */
2768 if (CreateOptions
& IO_ATTACH_DEVICE_API
)
2770 /* Set the flag properly */
2771 Options
|= IO_ATTACH_DEVICE
;
2772 CreateOptions
&= ~IO_ATTACH_DEVICE_API
;
2775 /* Check if we have allocation size */
2779 SafeAllocationSize
= *AllocationSize
;
2783 /* Otherwise, no size */
2784 SafeAllocationSize
.QuadPart
= 0;
2787 /* Check if we have an EA packet */
2788 if ((EaBuffer
) && (EaLength
))
2790 /* Allocate the kernel copy */
2791 OpenPacket
->EaBuffer
= ExAllocatePoolWithTag(NonPagedPool
,
2794 if (!OpenPacket
->EaBuffer
)
2796 ExFreePool(OpenPacket
);
2797 DPRINT1("Failed to allocate open packet EA buffer\n");
2798 return STATUS_INSUFFICIENT_RESOURCES
;
2802 OpenPacket
->EaLength
= EaLength
;
2803 RtlCopyMemory(OpenPacket
->EaBuffer
, EaBuffer
, EaLength
);
2805 /* Validate the buffer */
2806 Status
= IoCheckEaBufferValidity(OpenPacket
->EaBuffer
,
2809 if (!NT_SUCCESS(Status
))
2811 /* Undo everything if it's invalid */
2812 DPRINT1("Invalid EA buffer\n");
2813 ExFreePool(OpenPacket
->EaBuffer
);
2814 IoStatusBlock
->Status
= Status
;
2815 IoStatusBlock
->Information
= EaErrorOffset
;
2816 ExFreePool(OpenPacket
);
2822 /* Setup the Open Packet */
2823 OpenPacket
->Type
= IO_TYPE_OPEN_PACKET
;
2824 OpenPacket
->Size
= sizeof(*OpenPacket
);
2825 OpenPacket
->AllocationSize
= SafeAllocationSize
;
2826 OpenPacket
->CreateOptions
= CreateOptions
;
2827 OpenPacket
->FileAttributes
= (USHORT
)FileAttributes
;
2828 OpenPacket
->ShareAccess
= (USHORT
)ShareAccess
;
2829 OpenPacket
->Options
= Options
;
2830 OpenPacket
->Disposition
= Disposition
;
2831 OpenPacket
->CreateFileType
= CreateFileType
;
2832 OpenPacket
->ExtraCreateParameters
= ExtraCreateParameters
;
2833 OpenPacket
->InternalFlags
= Flags
;
2834 OpenPacket
->TopDeviceObjectHint
= DeviceObject
;
2836 /* Update the operation count */
2837 IopUpdateOperationCount(IopOtherTransfer
);
2840 * Attempt opening the file. This will call the I/O Parse Routine for
2841 * the File Object (IopParseDevice) which will create the object and
2842 * send the IRP to its device object. Note that we have two statuses
2843 * to worry about: the Object Manager's status (in Status) and the I/O
2844 * status, which is in the Open Packet's Final Status, and determined
2845 * by the Parse Check member.
2847 Status
= ObOpenObjectByName(ObjectAttributes
,
2855 /* Free the EA Buffer */
2856 if (OpenPacket
->EaBuffer
) ExFreePool(OpenPacket
->EaBuffer
);
2858 /* Now check for Ob or Io failure */
2859 if (!(NT_SUCCESS(Status
)) || (OpenPacket
->ParseCheck
== FALSE
))
2861 /* Check if Ob thinks well went well */
2862 if (NT_SUCCESS(Status
))
2865 * Tell it otherwise. Because we didn't use an ObjectType,
2866 * it incorrectly returned us a handle to God knows what.
2868 ZwClose(LocalHandle
);
2869 Status
= STATUS_OBJECT_TYPE_MISMATCH
;
2872 /* Now check the Io status */
2873 if (!NT_SUCCESS(OpenPacket
->FinalStatus
))
2875 /* Use this status instead of Ob's */
2876 Status
= OpenPacket
->FinalStatus
;
2878 /* Check if it was only a warning */
2879 if (NT_WARNING(Status
))
2881 /* Protect write with SEH */
2884 /* In this case, we copy the I/O Status back */
2885 IoStatusBlock
->Information
= OpenPacket
->Information
;
2886 IoStatusBlock
->Status
= OpenPacket
->FinalStatus
;
2888 _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER
)
2890 /* Get exception code */
2891 Status
= _SEH2_GetExceptionCode();
2896 else if ((OpenPacket
->FileObject
) && (OpenPacket
->ParseCheck
== FALSE
))
2899 * This can happen in the very bizarre case where the parse routine
2900 * actually executed more then once (due to a reparse) and ended
2901 * up failing after already having created the File Object.
2903 if (OpenPacket
->FileObject
->FileName
.Length
)
2905 /* It had a name, free it */
2906 ExFreePoolWithTag(OpenPacket
->FileObject
->FileName
.Buffer
, TAG_IO_NAME
);
2909 /* Clear the device object to invalidate the FO, and dereference */
2910 OpenPacket
->FileObject
->DeviceObject
= NULL
;
2911 ObDereferenceObject(OpenPacket
->FileObject
);
2916 /* We reached success and have a valid file handle */
2917 OpenPacket
->FileObject
->Flags
|= FO_HANDLE_CREATED
;
2918 ASSERT(OpenPacket
->FileObject
->Type
== IO_TYPE_FILE
);
2920 /* Enter SEH for write back */
2923 /* Write back the handle and I/O Status */
2924 *FileHandle
= LocalHandle
;
2925 IoStatusBlock
->Information
= OpenPacket
->Information
;
2926 IoStatusBlock
->Status
= OpenPacket
->FinalStatus
;
2928 /* Get the Io status */
2929 Status
= OpenPacket
->FinalStatus
;
2931 _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER
)
2933 /* Get the exception status */
2934 Status
= _SEH2_GetExceptionCode();
2939 /* Check if we were 100% successful */
2940 if ((OpenPacket
->ParseCheck
!= FALSE
) && (OpenPacket
->FileObject
))
2942 /* Dereference the File Object */
2943 ObDereferenceObject(OpenPacket
->FileObject
);
2947 ExFreePool(OpenPacket
);
2951 /* FUNCTIONS *****************************************************************/
2958 IoCheckQuerySetFileInformation(IN FILE_INFORMATION_CLASS FileInformationClass
,
2960 IN BOOLEAN SetOperation
)
2963 return STATUS_NOT_IMPLEMENTED
;
2971 IoCheckQuotaBufferValidity(IN PFILE_QUOTA_INFORMATION QuotaBuffer
,
2972 IN ULONG QuotaLength
,
2973 OUT PULONG ErrorOffset
)
2976 return STATUS_NOT_IMPLEMENTED
;
2984 IoCreateFile(OUT PHANDLE FileHandle
,
2985 IN ACCESS_MASK DesiredAccess
,
2986 IN POBJECT_ATTRIBUTES ObjectAttributes
,
2987 OUT PIO_STATUS_BLOCK IoStatusBlock
,
2988 IN PLARGE_INTEGER AllocationSize OPTIONAL
,
2989 IN ULONG FileAttributes
,
2990 IN ULONG ShareAccess
,
2991 IN ULONG Disposition
,
2992 IN ULONG CreateOptions
,
2993 IN PVOID EaBuffer OPTIONAL
,
2995 IN CREATE_FILE_TYPE CreateFileType
,
2996 IN PVOID ExtraCreateParameters OPTIONAL
,
3001 return IopCreateFile(FileHandle
,
3013 ExtraCreateParameters
,
3024 IoCreateFileSpecifyDeviceObjectHint(OUT PHANDLE FileHandle
,
3025 IN ACCESS_MASK DesiredAccess
,
3026 IN POBJECT_ATTRIBUTES ObjectAttributes
,
3027 OUT PIO_STATUS_BLOCK IoStatusBlock
,
3028 IN PLARGE_INTEGER AllocationSize OPTIONAL
,
3029 IN ULONG FileAttributes
,
3030 IN ULONG ShareAccess
,
3031 IN ULONG Disposition
,
3032 IN ULONG CreateOptions
,
3033 IN PVOID EaBuffer OPTIONAL
,
3035 IN CREATE_FILE_TYPE CreateFileType
,
3036 IN PVOID ExtraCreateParameters OPTIONAL
,
3038 IN PVOID DeviceObject
)
3044 /* Check if we were passed a device to send the create request to*/
3047 /* We'll tag this request into a file object extension */
3048 Flags
= (IOP_CREATE_FILE_OBJECT_EXTENSION
| IOP_USE_TOP_LEVEL_DEVICE_HINT
);
3051 return IopCreateFile(FileHandle
,
3063 ExtraCreateParameters
,
3064 Options
| IO_NO_PARAMETER_CHECKING
,
3074 IoCreateStreamFileObjectEx(IN PFILE_OBJECT FileObject OPTIONAL
,
3075 IN PDEVICE_OBJECT DeviceObject OPTIONAL
,
3076 OUT PHANDLE FileObjectHandle OPTIONAL
)
3078 PFILE_OBJECT CreatedFileObject
;
3081 OBJECT_ATTRIBUTES ObjectAttributes
;
3083 IOTRACE(IO_FILE_DEBUG
, "FileObject: %p\n", FileObject
);
3085 /* Choose Device Object */
3086 if (FileObject
) DeviceObject
= FileObject
->DeviceObject
;
3088 /* Reference the device object and initialize attributes */
3089 InterlockedIncrement(&DeviceObject
->ReferenceCount
);
3090 InitializeObjectAttributes(&ObjectAttributes
, NULL
, 0, NULL
, NULL
);
3092 /* Create the File Object */
3093 Status
= ObCreateObject(KernelMode
,
3098 sizeof(FILE_OBJECT
),
3099 sizeof(FILE_OBJECT
),
3101 (PVOID
*)&CreatedFileObject
);
3102 if (!NT_SUCCESS(Status
))
3105 IopDereferenceDeviceObject(DeviceObject
, FALSE
);
3106 ExRaiseStatus(Status
);
3109 /* Set File Object Data */
3110 RtlZeroMemory(CreatedFileObject
, sizeof(FILE_OBJECT
));
3111 CreatedFileObject
->DeviceObject
= DeviceObject
;
3112 CreatedFileObject
->Type
= IO_TYPE_FILE
;
3113 CreatedFileObject
->Size
= sizeof(FILE_OBJECT
);
3114 CreatedFileObject
->Flags
= FO_STREAM_FILE
;
3116 /* Initialize the wait event */
3117 KeInitializeEvent(&CreatedFileObject
->Event
, SynchronizationEvent
, FALSE
);
3119 /* Insert it to create a handle for it */
3120 Status
= ObInsertObject(CreatedFileObject
,
3124 (PVOID
*)&CreatedFileObject
,
3126 if (!NT_SUCCESS(Status
)) ExRaiseStatus(Status
);
3128 /* Set the handle created flag */
3129 CreatedFileObject
->Flags
|= FO_HANDLE_CREATED
;
3130 ASSERT(CreatedFileObject
->Type
== IO_TYPE_FILE
);
3132 /* Check if we have a VPB */
3133 if (DeviceObject
->Vpb
)
3136 InterlockedIncrement((PLONG
)&DeviceObject
->Vpb
->ReferenceCount
);
3139 /* Check if the caller wants the handle */
3140 if (FileObjectHandle
)
3143 *FileObjectHandle
= FileHandle
;
3144 ObDereferenceObject(CreatedFileObject
);
3148 /* Otherwise, close it */
3149 ObCloseHandle(FileHandle
, KernelMode
);
3152 /* Return the file object */
3153 return CreatedFileObject
;
3161 IoCreateStreamFileObject(IN PFILE_OBJECT FileObject
,
3162 IN PDEVICE_OBJECT DeviceObject
)
3164 /* Call the newer function */
3165 return IoCreateStreamFileObjectEx(FileObject
, DeviceObject
, NULL
);
3173 IoCreateStreamFileObjectLite(IN PFILE_OBJECT FileObject OPTIONAL
,
3174 IN PDEVICE_OBJECT DeviceObject OPTIONAL
)
3176 PFILE_OBJECT CreatedFileObject
;
3178 OBJECT_ATTRIBUTES ObjectAttributes
;
3180 IOTRACE(IO_FILE_DEBUG
, "FileObject: %p\n", FileObject
);
3182 /* Choose Device Object */
3183 if (FileObject
) DeviceObject
= FileObject
->DeviceObject
;
3185 /* Reference the device object and initialize attributes */
3186 InterlockedIncrement(&DeviceObject
->ReferenceCount
);
3187 InitializeObjectAttributes(&ObjectAttributes
, NULL
, 0, NULL
, NULL
);
3189 /* Create the File Object */
3190 Status
= ObCreateObject(KernelMode
,
3195 sizeof(FILE_OBJECT
),
3196 sizeof(FILE_OBJECT
),
3198 (PVOID
*)&CreatedFileObject
);
3199 if (!NT_SUCCESS(Status
))
3202 IopDereferenceDeviceObject(DeviceObject
, FALSE
);
3203 ExRaiseStatus(Status
);
3206 /* Set File Object Data */
3207 RtlZeroMemory(CreatedFileObject
, sizeof(FILE_OBJECT
));
3208 CreatedFileObject
->DeviceObject
= DeviceObject
;
3209 CreatedFileObject
->Type
= IO_TYPE_FILE
;
3210 CreatedFileObject
->Size
= sizeof(FILE_OBJECT
);
3211 CreatedFileObject
->Flags
= FO_STREAM_FILE
;
3213 /* Initialize the wait event */
3214 KeInitializeEvent(&CreatedFileObject
->Event
, SynchronizationEvent
, FALSE
);
3216 /* Destroy create information */
3217 ObFreeObjectCreateInfoBuffer(OBJECT_TO_OBJECT_HEADER(CreatedFileObject
)->
3219 OBJECT_TO_OBJECT_HEADER(CreatedFileObject
)->ObjectCreateInfo
= NULL
;
3221 /* Set the handle created flag */
3222 CreatedFileObject
->Flags
|= FO_HANDLE_CREATED
;
3223 ASSERT(CreatedFileObject
->Type
== IO_TYPE_FILE
);
3225 /* Check if we have a VPB */
3226 if (DeviceObject
->Vpb
)
3229 InterlockedIncrement((PLONG
)&DeviceObject
->Vpb
->ReferenceCount
);
3232 /* Return the file object */
3233 return CreatedFileObject
;
3241 IoGetFileObjectGenericMapping(VOID
)
3243 /* Return the mapping */
3244 return &IopFileMapping
;
3252 IoIsFileOriginRemote(IN PFILE_OBJECT FileObject
)
3254 /* Return the flag status */
3255 return FileObject
->Flags
& FO_REMOTE_ORIGIN
? TRUE
: FALSE
;
3263 IoFastQueryNetworkAttributes(IN POBJECT_ATTRIBUTES ObjectAttributes
,
3264 IN ACCESS_MASK DesiredAccess
,
3265 IN ULONG OpenOptions
,
3266 OUT PIO_STATUS_BLOCK IoStatus
,
3267 OUT PFILE_NETWORK_OPEN_INFORMATION Buffer
)
3270 DUMMY_FILE_OBJECT LocalFileObject
;
3272 OPEN_PACKET OpenPacket
;
3274 IOTRACE(IO_FILE_DEBUG
, "FileName: %wZ\n", ObjectAttributes
->ObjectName
);
3276 /* Setup the Open Packet */
3277 RtlZeroMemory(&OpenPacket
, sizeof(OPEN_PACKET
));
3278 OpenPacket
.Type
= IO_TYPE_OPEN_PACKET
;
3279 OpenPacket
.Size
= sizeof(OPEN_PACKET
);
3280 OpenPacket
.CreateOptions
= OpenOptions
| FILE_OPEN_REPARSE_POINT
;
3281 OpenPacket
.ShareAccess
= FILE_SHARE_READ
| FILE_SHARE_WRITE
| FILE_SHARE_DELETE
;
3282 OpenPacket
.Options
= IO_FORCE_ACCESS_CHECK
;
3283 OpenPacket
.Disposition
= FILE_OPEN
;
3284 OpenPacket
.NetworkInformation
= Buffer
;
3285 OpenPacket
.QueryOnly
= TRUE
;
3286 OpenPacket
.FullAttributes
= TRUE
;
3287 OpenPacket
.LocalFileObject
= &LocalFileObject
;
3290 * Attempt opening the file. This will call the I/O Parse Routine for
3291 * the File Object (IopParseDevice) which will use the dummy file obejct
3292 * send the IRP to its device object. Note that we have two statuses
3293 * to worry about: the Object Manager's status (in Status) and the I/O
3294 * status, which is in the Open Packet's Final Status, and determined
3295 * by the Parse Check member.
3297 Status
= ObOpenObjectByName(ObjectAttributes
,
3304 if (OpenPacket
.ParseCheck
== FALSE
)
3307 IoStatus
->Status
= Status
;
3311 /* Use the Io status */
3312 IoStatus
->Status
= OpenPacket
.FinalStatus
;
3313 IoStatus
->Information
= OpenPacket
.Information
;
3316 /* Return success */
3325 IoUpdateShareAccess(IN PFILE_OBJECT FileObject
,
3326 OUT PSHARE_ACCESS ShareAccess
)
3330 /* Check if the file has an extension */
3331 if (FileObject
->Flags
& FO_FILE_OBJECT_HAS_EXTENSION
)
3333 /* Check if caller specified to ignore access checks */
3334 //if (FileObject->FoExtFlags & IO_IGNORE_SHARE_ACCESS_CHECK)
3336 /* Don't update share access */
3341 /* Otherwise, check if there's any access present */
3342 if ((FileObject
->ReadAccess
) ||
3343 (FileObject
->WriteAccess
) ||
3344 (FileObject
->DeleteAccess
))
3346 /* Increase the open count */
3347 ShareAccess
->OpenCount
++;
3349 /* Add new share access */
3350 ShareAccess
->Readers
+= FileObject
->ReadAccess
;
3351 ShareAccess
->Writers
+= FileObject
->WriteAccess
;
3352 ShareAccess
->Deleters
+= FileObject
->DeleteAccess
;
3353 ShareAccess
->SharedRead
+= FileObject
->SharedRead
;
3354 ShareAccess
->SharedWrite
+= FileObject
->SharedWrite
;
3355 ShareAccess
->SharedDelete
+= FileObject
->SharedDelete
;
3364 IoCheckShareAccess(IN ACCESS_MASK DesiredAccess
,
3365 IN ULONG DesiredShareAccess
,
3366 IN PFILE_OBJECT FileObject
,
3367 IN PSHARE_ACCESS ShareAccess
,
3371 BOOLEAN WriteAccess
;
3372 BOOLEAN DeleteAccess
;
3374 BOOLEAN SharedWrite
;
3375 BOOLEAN SharedDelete
;
3378 /* Get access masks */
3379 ReadAccess
= (DesiredAccess
& (FILE_READ_DATA
| FILE_EXECUTE
)) != 0;
3380 WriteAccess
= (DesiredAccess
& (FILE_WRITE_DATA
| FILE_APPEND_DATA
)) != 0;
3381 DeleteAccess
= (DesiredAccess
& DELETE
) != 0;
3383 /* Set them in the file object */
3384 FileObject
->ReadAccess
= ReadAccess
;
3385 FileObject
->WriteAccess
= WriteAccess
;
3386 FileObject
->DeleteAccess
= DeleteAccess
;
3388 /* Check if the file has an extension */
3389 if (FileObject
->Flags
& FO_FILE_OBJECT_HAS_EXTENSION
)
3391 /* Check if caller specified to ignore access checks */
3392 //if (FileObject->FoExtFlags & IO_IGNORE_SHARE_ACCESS_CHECK)
3394 /* Don't check share access */
3395 return STATUS_SUCCESS
;
3399 /* Check if we have any access */
3400 if ((ReadAccess
) || (WriteAccess
) || (DeleteAccess
))
3402 /* Get shared access masks */
3403 SharedRead
= (DesiredShareAccess
& FILE_SHARE_READ
) != 0;
3404 SharedWrite
= (DesiredShareAccess
& FILE_SHARE_WRITE
) != 0;
3405 SharedDelete
= (DesiredShareAccess
& FILE_SHARE_DELETE
) != 0;
3408 FileObject
->SharedRead
= SharedRead
;
3409 FileObject
->SharedWrite
= SharedWrite
;
3410 FileObject
->SharedDelete
= SharedDelete
;
3412 /* Check if the shared access is violated */
3414 (ShareAccess
->SharedRead
< ShareAccess
->OpenCount
)) ||
3416 (ShareAccess
->SharedWrite
< ShareAccess
->OpenCount
)) ||
3418 (ShareAccess
->SharedDelete
< ShareAccess
->OpenCount
)) ||
3419 ((ShareAccess
->Readers
!= 0) && !SharedRead
) ||
3420 ((ShareAccess
->Writers
!= 0) && !SharedWrite
) ||
3421 ((ShareAccess
->Deleters
!= 0) && !SharedDelete
))
3423 /* Sharing violation, fail */
3424 return STATUS_SHARING_VIOLATION
;
3427 /* It's not, check if caller wants us to update it */
3430 /* Increase open count */
3431 ShareAccess
->OpenCount
++;
3433 /* Update shared access */
3434 ShareAccess
->Readers
+= ReadAccess
;
3435 ShareAccess
->Writers
+= WriteAccess
;
3436 ShareAccess
->Deleters
+= DeleteAccess
;
3437 ShareAccess
->SharedRead
+= SharedRead
;
3438 ShareAccess
->SharedWrite
+= SharedWrite
;
3439 ShareAccess
->SharedDelete
+= SharedDelete
;
3443 /* Validation successful */
3444 return STATUS_SUCCESS
;
3452 IoRemoveShareAccess(IN PFILE_OBJECT FileObject
,
3453 IN PSHARE_ACCESS ShareAccess
)
3457 /* Check if the file has an extension */
3458 if (FileObject
->Flags
& FO_FILE_OBJECT_HAS_EXTENSION
)
3460 /* Check if caller specified to ignore access checks */
3461 //if (FileObject->FoExtFlags & IO_IGNORE_SHARE_ACCESS_CHECK)
3463 /* Don't update share access */
3468 /* Otherwise, check if there's any access present */
3469 if ((FileObject
->ReadAccess
) ||
3470 (FileObject
->WriteAccess
) ||
3471 (FileObject
->DeleteAccess
))
3473 /* Decrement the open count */
3474 ShareAccess
->OpenCount
--;
3476 /* Remove share access */
3477 ShareAccess
->Readers
-= FileObject
->ReadAccess
;
3478 ShareAccess
->Writers
-= FileObject
->WriteAccess
;
3479 ShareAccess
->Deleters
-= FileObject
->DeleteAccess
;
3480 ShareAccess
->SharedRead
-= FileObject
->SharedRead
;
3481 ShareAccess
->SharedWrite
-= FileObject
->SharedWrite
;
3482 ShareAccess
->SharedDelete
-= FileObject
->SharedDelete
;
3491 IoSetShareAccess(IN ACCESS_MASK DesiredAccess
,
3492 IN ULONG DesiredShareAccess
,
3493 IN PFILE_OBJECT FileObject
,
3494 OUT PSHARE_ACCESS ShareAccess
)
3497 BOOLEAN WriteAccess
;
3498 BOOLEAN DeleteAccess
;
3500 BOOLEAN SharedWrite
;
3501 BOOLEAN SharedDelete
;
3502 BOOLEAN Update
= TRUE
;
3505 ReadAccess
= (DesiredAccess
& (FILE_READ_DATA
| FILE_EXECUTE
)) != 0;
3506 WriteAccess
= (DesiredAccess
& (FILE_WRITE_DATA
| FILE_APPEND_DATA
)) != 0;
3507 DeleteAccess
= (DesiredAccess
& DELETE
) != 0;
3509 /* Check if the file has an extension */
3510 if (FileObject
->Flags
& FO_FILE_OBJECT_HAS_EXTENSION
)
3512 /* Check if caller specified to ignore access checks */
3513 //if (FileObject->FoExtFlags & IO_IGNORE_SHARE_ACCESS_CHECK)
3515 /* Don't update share access */
3520 /* Update basic access */
3521 FileObject
->ReadAccess
= ReadAccess
;
3522 FileObject
->WriteAccess
= WriteAccess
;
3523 FileObject
->DeleteAccess
= DeleteAccess
;
3525 /* Check if we have no access as all */
3526 if (!(ReadAccess
) && !(WriteAccess
) && !(DeleteAccess
))
3528 /* Check if we need to update the structure */
3529 if (!Update
) return;
3531 /* Otherwise, clear data */
3532 ShareAccess
->OpenCount
= 0;
3533 ShareAccess
->Readers
= 0;
3534 ShareAccess
->Writers
= 0;
3535 ShareAccess
->Deleters
= 0;
3536 ShareAccess
->SharedRead
= 0;
3537 ShareAccess
->SharedWrite
= 0;
3538 ShareAccess
->SharedDelete
= 0;
3542 /* Calculate shared access */
3543 SharedRead
= (DesiredShareAccess
& FILE_SHARE_READ
) != 0;
3544 SharedWrite
= (DesiredShareAccess
& FILE_SHARE_WRITE
) != 0;
3545 SharedDelete
= (DesiredShareAccess
& FILE_SHARE_DELETE
) != 0;
3547 /* Set it in the FO */
3548 FileObject
->SharedRead
= SharedRead
;
3549 FileObject
->SharedWrite
= SharedWrite
;
3550 FileObject
->SharedDelete
= SharedDelete
;
3552 /* Check if we need to update the structure */
3553 if (!Update
) return;
3555 /* Otherwise, set data */
3556 ShareAccess
->OpenCount
= 1;
3557 ShareAccess
->Readers
= ReadAccess
;
3558 ShareAccess
->Writers
= WriteAccess
;
3559 ShareAccess
->Deleters
= DeleteAccess
;
3560 ShareAccess
->SharedRead
= SharedRead
;
3561 ShareAccess
->SharedWrite
= SharedWrite
;
3562 ShareAccess
->SharedDelete
= SharedDelete
;
3571 IoCancelFileOpen(IN PDEVICE_OBJECT DeviceObject
,
3572 IN PFILE_OBJECT FileObject
)
3578 PIO_STACK_LOCATION Stack
;
3580 /* Check if handles were already created for the
3581 * open file. If so, that's over.
3583 if (FileObject
->Flags
& FO_HANDLE_CREATED
)
3584 KeBugCheckEx(INVALID_CANCEL_OF_FILE_OPEN
,
3585 (ULONG_PTR
)FileObject
,
3586 (ULONG_PTR
)DeviceObject
, 0, 0);
3588 /* Reset the events */
3589 KeInitializeEvent(&Event
, SynchronizationEvent
, FALSE
);
3590 KeClearEvent(&FileObject
->Event
);
3592 /* Allocate the IRP we'll use */
3593 Irp
= IopAllocateIrpMustSucceed(DeviceObject
->StackSize
);
3594 /* Properly set it */
3595 Irp
->Tail
.Overlay
.Thread
= PsGetCurrentThread();
3596 Irp
->UserEvent
= &Event
;
3597 Irp
->UserIosb
= &Irp
->IoStatus
;
3598 Irp
->Overlay
.AsynchronousParameters
.UserApcRoutine
= NULL
;
3599 Irp
->Tail
.Overlay
.OriginalFileObject
= FileObject
;
3600 Irp
->RequestorMode
= KernelMode
;
3601 Irp
->Flags
= IRP_CLOSE_OPERATION
| IRP_SYNCHRONOUS_API
;
3603 Stack
= IoGetNextIrpStackLocation(Irp
);
3604 Stack
->MajorFunction
= IRP_MJ_CLEANUP
;
3605 Stack
->FileObject
= FileObject
;
3607 /* Put on top of IRPs list of the thread */
3608 IopQueueIrpToThread(Irp
);
3610 /* Call the driver */
3611 Status
= IoCallDriver(DeviceObject
, Irp
);
3612 if (Status
== STATUS_PENDING
)
3614 KeWaitForSingleObject(&Event
, UserRequest
,
3615 KernelMode
, FALSE
, NULL
);
3618 /* Remove from IRPs list */
3619 KeRaiseIrql(APC_LEVEL
, &OldIrql
);
3620 IopUnQueueIrpFromThread(Irp
);
3621 KeLowerIrql(OldIrql
);
3626 /* Clear the event */
3627 KeClearEvent(&FileObject
->Event
);
3628 /* And finally, mark the open operation as canceled */
3629 FileObject
->Flags
|= FO_FILE_OPEN_CANCELLED
;
3637 IoQueryFileDosDeviceName(IN PFILE_OBJECT FileObject
,
3638 OUT POBJECT_NAME_INFORMATION
*ObjectNameInformation
)
3641 ULONG Length
, ReturnLength
;
3642 POBJECT_NAME_INFORMATION LocalInfo
;
3644 /* Start with a buffer length of 200 */
3647 * We'll loop until query works.
3648 * We will use returned length for next loop
3649 * iteration, trying to have a big enough buffer.
3651 for (Length
= 200; ; Length
= ReturnLength
)
3653 /* Allocate our work buffer */
3654 LocalInfo
= ExAllocatePoolWithTag(PagedPool
, Length
, 'nDoI');
3655 if (LocalInfo
== NULL
)
3657 return STATUS_INSUFFICIENT_RESOURCES
;
3660 /* Query the DOS name */
3661 Status
= IopQueryNameInternal(FileObject
,
3668 /* If it succeed, nothing more to do */
3669 if (Status
== STATUS_SUCCESS
)
3674 /* Otherwise, prepare for re-allocation */
3675 ExFreePoolWithTag(LocalInfo
, 'nDoI');
3678 * If we failed because of something else
3679 * than memory, simply stop and fail here
3681 if (Status
!= STATUS_BUFFER_OVERFLOW
)
3687 /* Success case here: return our buffer */
3688 *ObjectNameInformation
= LocalInfo
;
3689 return STATUS_SUCCESS
;
3697 IoSetFileOrigin(IN PFILE_OBJECT FileObject
,
3700 NTSTATUS Status
= STATUS_SUCCESS
;
3703 /* Get the flag status */
3704 FlagSet
= FileObject
->Flags
& FO_REMOTE_ORIGIN
? TRUE
: FALSE
;
3706 /* Don't set the flag if it was set already, and don't remove it if it wasn't set */
3707 if (Remote
&& !FlagSet
)
3710 FileObject
->Flags
|= FO_REMOTE_ORIGIN
;
3712 else if (!Remote
&& FlagSet
)
3714 /* Remove the flag */
3715 FileObject
->Flags
&= ~FO_REMOTE_ORIGIN
;
3720 Status
= STATUS_INVALID_PARAMETER_MIX
;
3732 NtCreateFile(PHANDLE FileHandle
,
3733 ACCESS_MASK DesiredAccess
,
3734 POBJECT_ATTRIBUTES ObjectAttributes
,
3735 PIO_STATUS_BLOCK IoStatusBlock
,
3736 PLARGE_INTEGER AllocateSize
,
3737 ULONG FileAttributes
,
3739 ULONG CreateDisposition
,
3740 ULONG CreateOptions
,
3744 /* Call the I/O Function */
3745 return IoCreateFile(FileHandle
,
3763 NtCreateMailslotFile(OUT PHANDLE FileHandle
,
3764 IN ACCESS_MASK DesiredAccess
,
3765 IN POBJECT_ATTRIBUTES ObjectAttributes
,
3766 OUT PIO_STATUS_BLOCK IoStatusBlock
,
3767 IN ULONG CreateOptions
,
3768 IN ULONG MailslotQuota
,
3769 IN ULONG MaxMessageSize
,
3770 IN PLARGE_INTEGER TimeOut
)
3772 MAILSLOT_CREATE_PARAMETERS Buffer
;
3775 /* Check for Timeout */
3778 /* check if the call came from user mode */
3779 if (KeGetPreviousMode() != KernelMode
)
3781 /* Enter SEH for Probe */
3784 /* Probe the timeout */
3785 Buffer
.ReadTimeout
= ProbeForReadLargeInteger(TimeOut
);
3787 _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER
)
3789 /* Return the exception code */
3790 _SEH2_YIELD(return _SEH2_GetExceptionCode());
3796 /* Otherwise, capture directly */
3797 Buffer
.ReadTimeout
= *TimeOut
;
3800 /* Set the correct setting */
3801 Buffer
.TimeoutSpecified
= TRUE
;
3805 /* Tell the FSD we don't have a timeout */
3806 Buffer
.TimeoutSpecified
= FALSE
;
3810 Buffer
.MailslotQuota
= MailslotQuota
;
3811 Buffer
.MaximumMessageSize
= MaxMessageSize
;
3814 return IoCreateFile(FileHandle
,
3820 FILE_SHARE_READ
| FILE_SHARE_WRITE
,
3825 CreateFileTypeMailslot
,
3832 NtCreateNamedPipeFile(OUT PHANDLE FileHandle
,
3833 IN ACCESS_MASK DesiredAccess
,
3834 IN POBJECT_ATTRIBUTES ObjectAttributes
,
3835 OUT PIO_STATUS_BLOCK IoStatusBlock
,
3836 IN ULONG ShareAccess
,
3837 IN ULONG CreateDisposition
,
3838 IN ULONG CreateOptions
,
3839 IN ULONG NamedPipeType
,
3841 IN ULONG CompletionMode
,
3842 IN ULONG MaximumInstances
,
3843 IN ULONG InboundQuota
,
3844 IN ULONG OutboundQuota
,
3845 IN PLARGE_INTEGER DefaultTimeout
)
3847 NAMED_PIPE_CREATE_PARAMETERS Buffer
;
3850 /* Check for Timeout */
3853 /* check if the call came from user mode */
3854 if (KeGetPreviousMode() != KernelMode
)
3856 /* Enter SEH for Probe */
3859 /* Probe the timeout */
3860 Buffer
.DefaultTimeout
=
3861 ProbeForReadLargeInteger(DefaultTimeout
);
3863 _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER
)
3865 /* Return the exception code */
3866 _SEH2_YIELD(return _SEH2_GetExceptionCode());
3872 /* Otherwise, capture directly */
3873 Buffer
.DefaultTimeout
= *DefaultTimeout
;
3876 /* Set the correct setting */
3877 Buffer
.TimeoutSpecified
= TRUE
;
3881 /* Tell the FSD we don't have a timeout */
3882 Buffer
.TimeoutSpecified
= FALSE
;
3886 Buffer
.NamedPipeType
= NamedPipeType
;
3887 Buffer
.ReadMode
= ReadMode
;
3888 Buffer
.CompletionMode
= CompletionMode
;
3889 Buffer
.MaximumInstances
= MaximumInstances
;
3890 Buffer
.InboundQuota
= InboundQuota
;
3891 Buffer
.OutboundQuota
= OutboundQuota
;
3894 return IoCreateFile(FileHandle
,
3905 CreateFileTypeNamedPipe
,
3912 NtFlushWriteBuffer(VOID
)
3916 /* Call the kernel */
3917 KeFlushWriteBuffer();
3918 return STATUS_SUCCESS
;
3926 NtOpenFile(OUT PHANDLE FileHandle
,
3927 IN ACCESS_MASK DesiredAccess
,
3928 IN POBJECT_ATTRIBUTES ObjectAttributes
,
3929 OUT PIO_STATUS_BLOCK IoStatusBlock
,
3930 IN ULONG ShareAccess
,
3931 IN ULONG OpenOptions
)
3933 /* Call the I/O Function */
3934 return IoCreateFile(FileHandle
,
3952 NtQueryAttributesFile(IN POBJECT_ATTRIBUTES ObjectAttributes
,
3953 OUT PFILE_BASIC_INFORMATION FileInformation
)
3955 /* Call the internal helper API */
3956 return IopQueryAttributesFile(ObjectAttributes
,
3957 FileBasicInformation
,
3958 sizeof(FILE_BASIC_INFORMATION
),
3964 NtQueryFullAttributesFile(IN POBJECT_ATTRIBUTES ObjectAttributes
,
3965 OUT PFILE_NETWORK_OPEN_INFORMATION FileInformation
)
3967 /* Call the internal helper API */
3968 return IopQueryAttributesFile(ObjectAttributes
,
3969 FileNetworkOpenInformation
,
3970 sizeof(FILE_NETWORK_OPEN_INFORMATION
),
3975 * @name NtCancelIoFile
3977 * Cancel all pending I/O operations in the current thread for specified
3981 * Handle to file object to cancel requests for. No specific
3982 * access rights are needed.
3983 * @param IoStatusBlock
3984 * Pointer to status block which is filled with final completition
3985 * status on successful return.
3993 NtCancelIoFile(IN HANDLE FileHandle
,
3994 OUT PIO_STATUS_BLOCK IoStatusBlock
)
3996 PFILE_OBJECT FileObject
;
4000 BOOLEAN OurIrpsInList
= FALSE
;
4001 LARGE_INTEGER Interval
;
4002 KPROCESSOR_MODE PreviousMode
= KeGetPreviousMode();
4004 PLIST_ENTRY ListHead
, NextEntry
;
4006 IOTRACE(IO_API_DEBUG
, "FileHandle: %p\n", FileHandle
);
4008 /* Check the previous mode */
4009 if (PreviousMode
!= KernelMode
)
4011 /* Enter SEH for probing */
4014 /* Probe the I/O Status Block */
4015 ProbeForWriteIoStatusBlock(IoStatusBlock
);
4017 _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER
)
4019 /* Return the exception code */
4020 _SEH2_YIELD(return _SEH2_GetExceptionCode());
4025 /* Reference the file object */
4026 Status
= ObReferenceObjectByHandle(FileHandle
,
4030 (PVOID
*)&FileObject
,
4032 if (!NT_SUCCESS(Status
)) return Status
;
4034 /* IRP cancellations are synchronized at APC_LEVEL. */
4035 KeRaiseIrql(APC_LEVEL
, &OldIrql
);
4037 /* Get the current thread */
4038 Thread
= PsGetCurrentThread();
4040 /* Update the operation counts */
4041 IopUpdateOperationCount(IopOtherTransfer
);
4044 ListHead
= &Thread
->IrpList
;
4045 NextEntry
= ListHead
->Flink
;
4046 while (ListHead
!= NextEntry
)
4048 /* Get the IRP and check if the File Object matches */
4049 Irp
= CONTAINING_RECORD(NextEntry
, IRP
, ThreadListEntry
);
4050 if (Irp
->Tail
.Overlay
.OriginalFileObject
== FileObject
)
4052 /* Cancel this IRP and keep looping */
4054 OurIrpsInList
= TRUE
;
4057 /* Go to the next entry */
4058 NextEntry
= NextEntry
->Flink
;
4061 /* Lower the IRQL */
4062 KeLowerIrql(OldIrql
);
4064 /* Check if we had found an IRP */
4067 /* Setup a 10ms wait */
4068 Interval
.QuadPart
= -100000;
4071 while (OurIrpsInList
)
4074 KeDelayExecutionThread(KernelMode
, FALSE
, &Interval
);
4075 OurIrpsInList
= FALSE
;
4078 KeRaiseIrql(APC_LEVEL
, &OldIrql
);
4080 /* Now loop the list again */
4081 NextEntry
= ListHead
->Flink
;
4082 while (NextEntry
!= ListHead
)
4084 /* Get the IRP and check if the File Object matches */
4085 Irp
= CONTAINING_RECORD(NextEntry
, IRP
, ThreadListEntry
);
4086 if (Irp
->Tail
.Overlay
.OriginalFileObject
== FileObject
)
4089 OurIrpsInList
= TRUE
;
4093 /* Go to the next entry */
4094 NextEntry
= NextEntry
->Flink
;
4097 /* Lower the IRQL */
4098 KeLowerIrql(OldIrql
);
4102 /* Enter SEH for writing back the I/O Status */
4106 IoStatusBlock
->Status
= STATUS_SUCCESS
;
4107 IoStatusBlock
->Information
= 0;
4109 _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER
)
4111 /* Ignore exception */
4115 /* Dereference the file object and return success */
4116 ObDereferenceObject(FileObject
);
4117 return STATUS_SUCCESS
;
4125 NtDeleteFile(IN POBJECT_ATTRIBUTES ObjectAttributes
)
4128 DUMMY_FILE_OBJECT LocalFileObject
;
4130 KPROCESSOR_MODE AccessMode
= KeGetPreviousMode();
4131 OPEN_PACKET OpenPacket
;
4133 IOTRACE(IO_API_DEBUG
, "FileMame: %wZ\n", ObjectAttributes
->ObjectName
);
4135 /* Setup the Open Packet */
4136 RtlZeroMemory(&OpenPacket
, sizeof(OPEN_PACKET
));
4137 OpenPacket
.Type
= IO_TYPE_OPEN_PACKET
;
4138 OpenPacket
.Size
= sizeof(OPEN_PACKET
);
4139 OpenPacket
.CreateOptions
= FILE_DELETE_ON_CLOSE
;
4140 OpenPacket
.ShareAccess
= FILE_SHARE_READ
|
4143 OpenPacket
.Disposition
= FILE_OPEN
;
4144 OpenPacket
.DeleteOnly
= TRUE
;
4145 OpenPacket
.LocalFileObject
= &LocalFileObject
;
4147 /* Update the operation counts */
4148 IopUpdateOperationCount(IopOtherTransfer
);
4151 * Attempt opening the file. This will call the I/O Parse Routine for
4152 * the File Object (IopParseDevice) which will use the dummy file obejct
4153 * send the IRP to its device object. Note that we have two statuses
4154 * to worry about: the Object Manager's status (in Status) and the I/O
4155 * status, which is in the Open Packet's Final Status, and determined
4156 * by the Parse Check member.
4158 Status
= ObOpenObjectByName(ObjectAttributes
,
4165 if (OpenPacket
.ParseCheck
== FALSE
) return Status
;
4167 /* Retrn the Io status */
4168 return OpenPacket
.FinalStatus
;