From cd9eae5e7a4bb63dcd77922aad95774097231f47 Mon Sep 17 00:00:00 2001 From: Eric Kohl Date: Sun, 10 Oct 2004 14:01:50 +0000 Subject: [PATCH] NtDeviceIoControlFile() and NtFsControlFile(): Check granted access rights against access rights from IoControlCode. svn path=/trunk/; revision=11256 --- reactos/ntoskrnl/io/fs.c | 197 +++++++++++++++++------------------ reactos/ntoskrnl/io/ioctrl.c | 5 +- 2 files changed, 101 insertions(+), 101 deletions(-) diff --git a/reactos/ntoskrnl/io/fs.c b/reactos/ntoskrnl/io/fs.c index f70e66f8421..0d701c6d859 100644 --- a/reactos/ntoskrnl/io/fs.c +++ b/reactos/ntoskrnl/io/fs.c @@ -68,107 +68,106 @@ IoCancelFileOpen( NTSTATUS STDCALL NtFsControlFile ( IN HANDLE DeviceHandle, - IN HANDLE EventHandle OPTIONAL, - IN PIO_APC_ROUTINE ApcRoutine OPTIONAL, - IN PVOID ApcContext OPTIONAL, - OUT PIO_STATUS_BLOCK IoStatusBlock, + IN HANDLE EventHandle OPTIONAL, + IN PIO_APC_ROUTINE ApcRoutine OPTIONAL, + IN PVOID ApcContext OPTIONAL, + OUT PIO_STATUS_BLOCK IoStatusBlock, IN ULONG IoControlCode, - IN PVOID InputBuffer, + IN PVOID InputBuffer, IN ULONG InputBufferSize, OUT PVOID OutputBuffer, IN ULONG OutputBufferSize ) { - NTSTATUS Status; - PFILE_OBJECT FileObject; - PDEVICE_OBJECT DeviceObject; - PIRP Irp; - PEXTENDED_IO_STACK_LOCATION StackPtr; - PKEVENT ptrEvent; - KPROCESSOR_MODE PreviousMode; - - DPRINT("NtFsControlFile(DeviceHandle %x EventHandle %x ApcRoutine %x " - "ApcContext %x IoStatusBlock %x IoControlCode %x " - "InputBuffer %x InputBufferSize %x OutputBuffer %x " - "OutputBufferSize %x)\n", - DeviceHandle,EventHandle,ApcRoutine,ApcContext,IoStatusBlock, - IoControlCode,InputBuffer,InputBufferSize,OutputBuffer, - OutputBufferSize); - - PreviousMode = ExGetPreviousMode(); - - Status = ObReferenceObjectByHandle(DeviceHandle, - FILE_READ_DATA | FILE_WRITE_DATA, - NULL, - PreviousMode, - (PVOID *) &FileObject, - NULL); - - if (!NT_SUCCESS(Status)) - { - return(Status); - } - - if (EventHandle != NULL) - { - Status = ObReferenceObjectByHandle (EventHandle, - SYNCHRONIZE, - ExEventObjectType, - PreviousMode, - (PVOID*)&ptrEvent, - NULL); - if (!NT_SUCCESS(Status)) - { - ObDereferenceObject(FileObject); - return Status; - } - } - else - { - KeResetEvent (&FileObject->Event); - ptrEvent = &FileObject->Event; - } - - - DeviceObject = FileObject->DeviceObject; - - Irp = IoBuildDeviceIoControlRequest(IoControlCode, - DeviceObject, - InputBuffer, - InputBufferSize, - OutputBuffer, - OutputBufferSize, - FALSE, - ptrEvent, - IoStatusBlock); - - /* Trigger FileObject/Event dereferencing */ - Irp->Tail.Overlay.OriginalFileObject = FileObject; - - Irp->RequestorMode = PreviousMode; - Irp->Overlay.AsynchronousParameters.UserApcRoutine = ApcRoutine; - Irp->Overlay.AsynchronousParameters.UserApcContext = ApcContext; - - StackPtr = (PEXTENDED_IO_STACK_LOCATION) IoGetNextIrpStackLocation(Irp); - StackPtr->FileObject = FileObject; - StackPtr->DeviceObject = DeviceObject; - StackPtr->Parameters.FileSystemControl.InputBufferLength = InputBufferSize; - StackPtr->Parameters.FileSystemControl.OutputBufferLength = - OutputBufferSize; - StackPtr->MajorFunction = IRP_MJ_FILE_SYSTEM_CONTROL; - - Status = IoCallDriver(DeviceObject,Irp); - if (Status == STATUS_PENDING && (FileObject->Flags & FO_SYNCHRONOUS_IO)) - { - KeWaitForSingleObject(ptrEvent, - Executive, - PreviousMode, - FileObject->Flags & FO_ALERTABLE_IO, - NULL); - Status = IoStatusBlock->Status; - } - - return(Status); + NTSTATUS Status; + PFILE_OBJECT FileObject; + PDEVICE_OBJECT DeviceObject; + PIRP Irp; + PEXTENDED_IO_STACK_LOCATION StackPtr; + PKEVENT ptrEvent; + KPROCESSOR_MODE PreviousMode; + + DPRINT("NtFsControlFile(DeviceHandle %x EventHandle %x ApcRoutine %x " + "ApcContext %x IoStatusBlock %x IoControlCode %x " + "InputBuffer %x InputBufferSize %x OutputBuffer %x " + "OutputBufferSize %x)\n", + DeviceHandle,EventHandle,ApcRoutine,ApcContext,IoStatusBlock, + IoControlCode,InputBuffer,InputBufferSize,OutputBuffer, + OutputBufferSize); + + PreviousMode = ExGetPreviousMode(); + + /* Check granted access against the access rights from IoContolCode */ + Status = ObReferenceObjectByHandle(DeviceHandle, + (IoControlCode >> 14) & 0x3, + NULL, + PreviousMode, + (PVOID *) &FileObject, + NULL); + if (!NT_SUCCESS(Status)) + { + return Status; + } + + if (EventHandle != NULL) + { + Status = ObReferenceObjectByHandle(EventHandle, + SYNCHRONIZE, + ExEventObjectType, + PreviousMode, + (PVOID*)&ptrEvent, + NULL); + if (!NT_SUCCESS(Status)) + { + ObDereferenceObject(FileObject); + return Status; + } + } + else + { + KeResetEvent(&FileObject->Event); + ptrEvent = &FileObject->Event; + } + + DeviceObject = FileObject->DeviceObject; + + Irp = IoBuildDeviceIoControlRequest(IoControlCode, + DeviceObject, + InputBuffer, + InputBufferSize, + OutputBuffer, + OutputBufferSize, + FALSE, + ptrEvent, + IoStatusBlock); + + /* Trigger FileObject/Event dereferencing */ + Irp->Tail.Overlay.OriginalFileObject = FileObject; + + Irp->RequestorMode = PreviousMode; + Irp->Overlay.AsynchronousParameters.UserApcRoutine = ApcRoutine; + Irp->Overlay.AsynchronousParameters.UserApcContext = ApcContext; + + StackPtr = (PEXTENDED_IO_STACK_LOCATION) IoGetNextIrpStackLocation(Irp); + StackPtr->FileObject = FileObject; + StackPtr->DeviceObject = DeviceObject; + StackPtr->Parameters.FileSystemControl.InputBufferLength = InputBufferSize; + StackPtr->Parameters.FileSystemControl.OutputBufferLength = + OutputBufferSize; + StackPtr->MajorFunction = IRP_MJ_FILE_SYSTEM_CONTROL; + + Status = IoCallDriver(DeviceObject,Irp); + if (Status == STATUS_PENDING && (FileObject->Flags & FO_SYNCHRONOUS_IO)) + { + KeWaitForSingleObject(ptrEvent, + Executive, + PreviousMode, + FileObject->Flags & FO_ALERTABLE_IO, + NULL); + Status = IoStatusBlock->Status; + } + + return Status; } @@ -394,7 +393,7 @@ IoMountVolume(IN PDEVICE_OBJECT DeviceObject, else { Status = IopMountFileSystem(current->DeviceObject, - DeviceObject); + DeviceObject); } switch (Status) { @@ -404,10 +403,10 @@ IoMountVolume(IN PDEVICE_OBJECT DeviceObject, Status = IopLoadFileSystem(DevObject); if (!NT_SUCCESS(Status)) { - KeLeaveCriticalRegion(); + KeLeaveCriticalRegion(); return(Status); } - ExAcquireResourceSharedLite(&FileSystemListLock,TRUE); + ExAcquireResourceSharedLite(&FileSystemListLock,TRUE); current_entry = FileSystemListHead.Flink; continue; @@ -415,7 +414,7 @@ IoMountVolume(IN PDEVICE_OBJECT DeviceObject, DeviceObject->Vpb->Flags = DeviceObject->Vpb->Flags | VPB_MOUNTED; ExReleaseResourceLite(&FileSystemListLock); - KeLeaveCriticalRegion(); + KeLeaveCriticalRegion(); return(STATUS_SUCCESS); case STATUS_UNRECOGNIZED_VOLUME: diff --git a/reactos/ntoskrnl/io/ioctrl.c b/reactos/ntoskrnl/io/ioctrl.c index 42f42350060..75a0954149e 100644 --- a/reactos/ntoskrnl/io/ioctrl.c +++ b/reactos/ntoskrnl/io/ioctrl.c @@ -1,4 +1,4 @@ -/* $Id: ioctrl.c,v 1.24 2004/08/15 16:39:03 chorns Exp $ +/* $Id: ioctrl.c,v 1.25 2004/10/10 14:01:50 ekohl Exp $ * * COPYRIGHT: See COPYING in the top level directory * PROJECT: ReactOS kernel @@ -57,8 +57,9 @@ NtDeviceIoControlFile (IN HANDLE DeviceHandle, PreviousMode = ExGetPreviousMode(); + /* Check granted access against the access rights from IoContolCode */ Status = ObReferenceObjectByHandle (DeviceHandle, - FILE_READ_DATA | FILE_WRITE_DATA, + (IoControlCode >> 14) & 0x3, IoFileObjectType, PreviousMode, (PVOID *) &FileObject, -- 2.17.1