From 037d88201d4312d6a4c1936124f76ed48af83f6d Mon Sep 17 00:00:00 2001 From: Trevor Thompson Date: Sat, 27 May 2017 19:32:43 +0000 Subject: [PATCH] [NTFS] - Disable write support by default. Enable it via the registry. [BOOTDATA] - Add a commented-out section to hivesys.inf which can add the required key to enable NTFS write support. svn path=/branches/GSoC_2016/NTFS/; revision=74685 --- boot/bootdata/hivesys.inf | 2 ++ drivers/filesystems/ntfs/create.c | 16 +++++++++++- drivers/filesystems/ntfs/dispatch.c | 20 +++++++++++++-- drivers/filesystems/ntfs/ntfs.c | 40 ++++++++++++++++++++++++++++- drivers/filesystems/ntfs/ntfs.h | 1 + 5 files changed, 75 insertions(+), 4 deletions(-) diff --git a/boot/bootdata/hivesys.inf b/boot/bootdata/hivesys.inf index b0ece8594ab..2fdb5e30972 100644 --- a/boot/bootdata/hivesys.inf +++ b/boot/bootdata/hivesys.inf @@ -1605,6 +1605,8 @@ HKLM,"SYSTEM\CurrentControlSet\Services\Ntfs","Group",0x00000000,"File System" HKLM,"SYSTEM\CurrentControlSet\Services\Ntfs","ImagePath",0x00020000,"system32\drivers\ntfs.sys" HKLM,"SYSTEM\CurrentControlSet\Services\Ntfs","Start",0x00010001,0x00000003 HKLM,"SYSTEM\CurrentControlSet\Services\Ntfs","Type",0x00010001,0x00000002 +; un-comment the line below to enable EXPERIMENTAL write-support on NTFS volumes: +;HKLM,"SYSTEM\CurrentControlSet\Services\Ntfs","MyDataDoesNotMatterSoEnableExperimentalWriteSupportForEveryNTFSVolume",0x00010001,0x00000001 ; Null device driver HKLM,"SYSTEM\CurrentControlSet\Services\Null","ErrorControl",0x00010001,0x00000000 diff --git a/drivers/filesystems/ntfs/create.c b/drivers/filesystems/ntfs/create.c index 30312d61043..6513827c627 100644 --- a/drivers/filesystems/ntfs/create.c +++ b/drivers/filesystems/ntfs/create.c @@ -486,6 +486,13 @@ NtfsCreateFile(PDEVICE_OBJECT DeviceObject, LARGE_INTEGER Zero; Zero.QuadPart = 0; + if (!NtfsGlobalData->EnableWriteSupport) + { + DPRINT1("NTFS write-support is EXPERIMENTAL and is disabled by default!\n"); + NtfsCloseFile(DeviceExt, FileObject); + return STATUS_ACCESS_DENIED; + } + // TODO: check for appropriate access ExAcquireResourceExclusiveLite(&(Fcb->MainResource), TRUE); @@ -545,7 +552,14 @@ NtfsCreateFile(PDEVICE_OBJECT DeviceObject, RequestedDisposition == FILE_OPEN_IF || RequestedDisposition == FILE_OVERWRITE_IF || RequestedDisposition == FILE_SUPERSEDE) - { + { + if (!NtfsGlobalData->EnableWriteSupport) + { + DPRINT1("NTFS write-support is EXPERIMENTAL and is disabled by default!\n"); + NtfsCloseFile(DeviceExt, FileObject); + return STATUS_ACCESS_DENIED; + } + // Create the file record on disk Status = NtfsCreateFileRecord(DeviceExt, FileObject); diff --git a/drivers/filesystems/ntfs/dispatch.c b/drivers/filesystems/ntfs/dispatch.c index bb67de73aac..53d79303ed1 100644 --- a/drivers/filesystems/ntfs/dispatch.c +++ b/drivers/filesystems/ntfs/dispatch.c @@ -82,7 +82,15 @@ NtfsDispatch(PNTFS_IRP_CONTEXT IrpContext) break; case IRP_MJ_SET_INFORMATION: - Status = NtfsSetInformation(IrpContext); + if (!NtfsGlobalData->EnableWriteSupport) + { + DPRINT1("NTFS write-support is EXPERIMENTAL and is disabled by default!\n"); + Status = STATUS_ACCESS_DENIED; + } + else + { + Status = NtfsSetInformation(IrpContext); + } break; case IRP_MJ_DIRECTORY_CONTROL: @@ -98,7 +106,15 @@ NtfsDispatch(PNTFS_IRP_CONTEXT IrpContext) break; case IRP_MJ_WRITE: - Status = NtfsWrite(IrpContext); + if (!NtfsGlobalData->EnableWriteSupport) + { + DPRINT1("NTFS write-support is EXPERIMENTAL and is disabled by default!\n"); + Status = STATUS_ACCESS_DENIED; + } + else + { + Status = NtfsWrite(IrpContext); + } break; case IRP_MJ_CLOSE: diff --git a/drivers/filesystems/ntfs/ntfs.c b/drivers/filesystems/ntfs/ntfs.c index de36a653284..c9bbc490bda 100644 --- a/drivers/filesystems/ntfs/ntfs.c +++ b/drivers/filesystems/ntfs/ntfs.c @@ -58,6 +58,8 @@ DriverEntry(PDRIVER_OBJECT DriverObject, UNICODE_STRING DeviceName = RTL_CONSTANT_STRING(DEVICE_NAME); NTSTATUS Status; PDEVICE_OBJECT DeviceObject; + OBJECT_ATTRIBUTES Attributes; + HANDLE DriverKey = NULL; TRACE_(NTFS, "DriverEntry(%p, '%wZ')\n", DriverObject, RegistryPath); @@ -84,6 +86,42 @@ DriverEntry(PDRIVER_OBJECT DriverObject, ExInitializeResourceLite(&NtfsGlobalData->Resource); + NtfsGlobalData->EnableWriteSupport = FALSE; + + // Read registry to determine if write support should be enabled + InitializeObjectAttributes(&Attributes, + RegistryPath, + OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE, + NULL, + NULL); + + Status = ZwOpenKey(&DriverKey, KEY_READ, &Attributes); + if (NT_SUCCESS(Status)) + { + UNICODE_STRING ValueName; + UCHAR Buffer[sizeof(KEY_VALUE_PARTIAL_INFORMATION) + sizeof(ULONG)]; + PKEY_VALUE_PARTIAL_INFORMATION Value = (PKEY_VALUE_PARTIAL_INFORMATION)Buffer; + ULONG ValueLength = sizeof(Buffer); + ULONG ResultLength; + + RtlInitUnicodeString(&ValueName, L"MyDataDoesNotMatterSoEnableExperimentalWriteSupportForEveryNTFSVolume"); + + Status = ZwQueryValueKey(DriverKey, + &ValueName, + KeyValuePartialInformation, + Value, + ValueLength, + &ResultLength); + + if (NT_SUCCESS(Status) && Value->Data[0] == TRUE) + { + DPRINT1("\tEnabling write support on ALL NTFS volumes!\n"); + NtfsGlobalData->EnableWriteSupport = TRUE; + } + + ZwClose(DriverKey); + } + /* Keep trace of Driver Object */ NtfsGlobalData->DriverObject = DriverObject; @@ -118,7 +156,7 @@ DriverEntry(PDRIVER_OBJECT DriverObject, IoRegisterFileSystem(NtfsGlobalData->DeviceObject); ObReferenceObject(NtfsGlobalData->DeviceObject); - return Status; + return STATUS_SUCCESS; } diff --git a/drivers/filesystems/ntfs/ntfs.h b/drivers/filesystems/ntfs/ntfs.h index 68259177eec..2177f1db0e3 100644 --- a/drivers/filesystems/ntfs/ntfs.h +++ b/drivers/filesystems/ntfs/ntfs.h @@ -151,6 +151,7 @@ typedef struct FAST_IO_DISPATCH FastIoDispatch; NPAGED_LOOKASIDE_LIST IrpContextLookasideList; NPAGED_LOOKASIDE_LIST FcbLookasideList; + BOOLEAN EnableWriteSupport; } NTFS_GLOBAL_DATA, *PNTFS_GLOBAL_DATA; -- 2.17.1