From: Alistair Leslie-Hughes leslie_alistair@hotmail.com
Signed-off-by: Alistair Leslie-Hughes leslie_alistair@hotmail.com --- dlls/fltmgr.sys/Makefile.in | 1 + dlls/fltmgr.sys/fltmgr.sys.spec | 4 +- dlls/fltmgr.sys/main.c | 75 ++++++++++++++++++++++++++++++++- include/ddk/fltkernel.h | 3 +- 4 files changed, 79 insertions(+), 4 deletions(-)
diff --git a/dlls/fltmgr.sys/Makefile.in b/dlls/fltmgr.sys/Makefile.in index ba106a43831..bb1f34b4896 100644 --- a/dlls/fltmgr.sys/Makefile.in +++ b/dlls/fltmgr.sys/Makefile.in @@ -1,5 +1,6 @@ MODULE = fltmgr.sys EXTRADLLFLAGS = -Wl,--subsystem,native +IMPORTS = ntoskrnl
C_SRCS = \ main.c diff --git a/dlls/fltmgr.sys/fltmgr.sys.spec b/dlls/fltmgr.sys/fltmgr.sys.spec index 39ce6798178..8943b9f85cf 100644 --- a/dlls/fltmgr.sys/fltmgr.sys.spec +++ b/dlls/fltmgr.sys/fltmgr.sys.spec @@ -10,7 +10,7 @@ @ stub FltAllocatePoolAlignedWithTag @ stub FltAttachVolume @ stub FltAttachVolumeAtAltitude -@ stub FltBuildDefaultSecurityDescriptor +@ stdcall FltBuildDefaultSecurityDescriptor(ptr long) @ stub FltCancelFileOpen @ stub FltCancelIo @ stub FltCbdqDisable @@ -60,7 +60,7 @@ @ stub FltFreeFileLock @ stub FltFreeGenericWorkItem @ stub FltFreePoolAlignedWithTag -@ stub FltFreeSecurityDescriptor +@ stdcall FltFreeSecurityDescriptor(ptr) @ stub FltFsControlFile @ stub FltGetBottomInstance @ stub FltGetContexts diff --git a/dlls/fltmgr.sys/main.c b/dlls/fltmgr.sys/main.c index e1016a4989c..68f242ab8e8 100644 --- a/dlls/fltmgr.sys/main.c +++ b/dlls/fltmgr.sys/main.c @@ -23,7 +23,6 @@ #include "ntstatus.h" #define WIN32_NO_STATUS #include "windef.h" -#include "winbase.h" #include "winternl.h" #include "ddk/fltkernel.h"
@@ -93,3 +92,77 @@ void* WINAPI FltGetRoutineAddress(LPCSTR name)
return func; } + +NTSTATUS WINAPI FltBuildDefaultSecurityDescriptor(PSECURITY_DESCRIPTOR *descriptor, ACCESS_MASK access) +{ + PACL dacl; + NTSTATUS ret = STATUS_INSUFFICIENT_RESOURCES; + DWORD sid_len; + SID *sid; + SID *sid_system = NULL; + PSECURITY_DESCRIPTOR sec_desc = NULL; + SID_IDENTIFIER_AUTHORITY auth = { SECURITY_NULL_SID_AUTHORITY }; + + *descriptor = NULL; + + sid_len = RtlLengthRequiredSid(2); + sid = ExAllocatePool(PagedPool, sid_len); + if (!sid) + goto done; + RtlInitializeSid(sid, &auth, 2); + sid->SubAuthority[1] = DOMAIN_GROUP_RID_ADMINS; + sid->SubAuthority[0] = SECURITY_BUILTIN_DOMAIN_RID; + + sid_len = RtlLengthRequiredSid(1); + sid_system = ExAllocatePool(PagedPool, sid_len); + if (!sid_system) + goto done; + RtlInitializeSid(sid_system, &auth, 1); + sid_system->SubAuthority[0] = SECURITY_LOCAL_SYSTEM_RID; + + sid_len = SECURITY_DESCRIPTOR_MIN_LENGTH + sizeof(ACL) + + sizeof(ACCESS_ALLOWED_ACE) + RtlLengthSid(sid) + + sizeof(ACCESS_ALLOWED_ACE) + RtlLengthSid(sid_system); + + sec_desc = ExAllocatePool(PagedPool, sid_len); + if (!sec_desc) + { + ret = STATUS_NO_MEMORY; + goto done; + } + + ret = RtlCreateSecurityDescriptor(sec_desc, SECURITY_DESCRIPTOR_REVISION); + if (ret != STATUS_SUCCESS) + goto done; + + dacl = (PACL)((char*)sec_desc + SECURITY_DESCRIPTOR_MIN_LENGTH); + ret = RtlCreateAcl(dacl, sid_len - SECURITY_DESCRIPTOR_MIN_LENGTH, ACL_REVISION); + if (ret != STATUS_SUCCESS) + goto done; + + ret = RtlAddAccessAllowedAce(dacl, ACL_REVISION, access, sid); + if (ret != STATUS_SUCCESS) + goto done; + + ret = RtlAddAccessAllowedAce(dacl, ACL_REVISION, access, sid_system); + if (ret != STATUS_SUCCESS) + goto done; + + ret = RtlSetDaclSecurityDescriptor(sec_desc, 1, dacl, 0); + if (ret == STATUS_SUCCESS) + *descriptor = sec_desc; + +done: + if (ret != STATUS_SUCCESS) + ExFreePool(sec_desc); + + ExFreePool(sid); + ExFreePool(sid_system); + + return ret; +} + +void WINAPI FltFreeSecurityDescriptor(PSECURITY_DESCRIPTOR descriptor) +{ + RtlFreeHeap(GetProcessHeap(), 0, descriptor); +} \ No newline at end of file diff --git a/include/ddk/fltkernel.h b/include/ddk/fltkernel.h index 8ebebfa2e81..9ece0990810 100644 --- a/include/ddk/fltkernel.h +++ b/include/ddk/fltkernel.h @@ -653,7 +653,8 @@ typedef struct _FLT_REGISTRATION PFLT_SECTION_CONFLICT_NOTIFICATION_CALLBACK SectionNotificationCallback; } FLT_REGISTRATION, *PFLT_REGISTRATION;
- +NTSTATUS WINAPI FltBuildDefaultSecurityDescriptor(PSECURITY_DESCRIPTOR *, ACCESS_MASK); +void WINAPI FltFreeSecurityDescriptor(PSECURITY_DESCRIPTOR); void* WINAPI FltGetRoutineAddress(LPCSTR name); NTSTATUS WINAPI FltRegisterFilter(PDRIVER_OBJECT, const FLT_REGISTRATION *, PFLT_FILTER *); NTSTATUS WINAPI FltStartFiltering(PFLT_FILTER);