* Gunnar Dalsnes
* Eric Kohl
* Filip Navara (navaraf@reactos.org)
+ * Pierre Schweitzer
*/
/* INCLUDES *****************************************************************/
{
/* Update access state */
AccessState->PreviouslyGrantedAccess |= GrantedAccess;
- AccessState->RemainingDesiredAccess &= ~(GrantedAccess &
+ AccessState->RemainingDesiredAccess &= ~(GrantedAccess |
MAXIMUM_ALLOWED);
OpenPacket->Override= TRUE;
}
((OpenPacket->RelatedFileObject) || (RemainingName->Length)) &&
(!VolumeOpen))
{
- DPRINT("Fix Secure FSD support!!!\n");
+ Privileges = NULL;
+ GrantedAccess = 0;
+
+ KeEnterCriticalRegion();
+ ExAcquireResourceSharedLite(&IopSecurityResource, TRUE);
+
+ /* Lock the subject context */
+ SeLockSubjectContext(&AccessState->SubjectSecurityContext);
+
+ /* Do access check */
+ AccessGranted = SeAccessCheck(OriginalDeviceObject->SecurityDescriptor,
+ &AccessState->SubjectSecurityContext,
+ TRUE,
+ DesiredAccess,
+ 0,
+ &Privileges,
+ &IoFileObjectType->TypeInfo.GenericMapping,
+ UserMode,
+ &GrantedAccess,
+ &Status);
+ if (Privileges != NULL)
+ {
+ /* Append and free the privileges */
+ SeAppendPrivileges(AccessState, Privileges);
+ SeFreePrivileges(Privileges);
+ }
+
+ /* Check if we got access */
+ if (GrantedAccess)
+ {
+ AccessState->PreviouslyGrantedAccess |= GrantedAccess;
+ AccessState->RemainingDesiredAccess &= ~(GrantedAccess | MAXIMUM_ALLOWED);
+ }
+
+ FileString.Length = 8;
+ FileString.MaximumLength = 8;
+ FileString.Buffer = L"File";
+
+ /* Do Audit/Alarm for open operation
+ * NOTA: we audit target device object
+ */
+ SeOpenObjectAuditAlarm(&FileString,
+ DeviceObject,
+ CompleteName,
+ OriginalDeviceObject->SecurityDescriptor,
+ AccessState,
+ FALSE,
+ AccessGranted,
+ UserMode,
+ &AccessState->GenerateOnClose);
+
+ SeUnlockSubjectContext(&AccessState->SubjectSecurityContext);
+
+ ExReleaseResourceLite(&IopSecurityResource);
+ KeLeaveCriticalRegion();
+
+ /* Check if access failed */
+ if (!AccessGranted)
+ {
+ /* Dereference the device and fail */
+ IopDereferenceDeviceObject(OriginalDeviceObject, FALSE);
+ if (Vpb) IopDereferenceVpbAndFree(Vpb);
+ return STATUS_ACCESS_DENIED;
+ }
}
/* Allocate the IRP */
FileObject->Flags |= FO_HANDLE_CREATED;
/* Check if this is a sync FO and lock it */
- if (FileObject->Flags & FO_SYNCHRONOUS_IO) IopLockFileObject(FileObject);
+ if (Process != NULL &&
+ BooleanFlagOn(FileObject->Flags, FO_SYNCHRONOUS_IO))
+ {
+ IopLockFileObject(FileObject);
+ }
/* Clear and set up Events */
KeClearEvent(&FileObject->Event);
IoFreeIrp(Irp);
/* Release the lock if we were holding it */
- if (FileObject->Flags & FO_SYNCHRONOUS_IO) IopUnlockFileObject(FileObject);
+ if (Process != NULL &&
+ BooleanFlagOn(FileObject->Flags, FO_SYNCHRONOUS_IO))
+ {
+ IopUnlockFileObject(FileObject);
+ }
}
NTSTATUS