restrfil.c File Reference

#include <nt.h>
#include <ntdef.h>
#include <ntrtl.h>
#include <nturtl.h>
#include <windef.h>
#include <winbase.h>

Go to the source code of this file.

Defines
#define	GetSiteSidFromToken   xxxGetSiteSidFromToken
#define	GetMangledSiteSid   xxxGetMangledSiteSid
#define	IsTokenRestricted   xxxIsTokenRestricted
#define	CALL_CREATE(object)
#define	CALL_OPEN(object)
Enumerations
enum	{ eUnRestricted = 0, eRestricted, eUnknownRestricted }
Functions
void	Base32Encode (LPVOID pvData, UINT cbData, LPWSTR pchData)
HRESULT	GetMangledSiteSid (PSID pSid, ULONG cchMangledSite, LPWSTR *ppwszMangledSite)
PSID	GetSiteSidFromToken (IN HANDLE TokenHandle)
BOOL	IsTokenRestricted (IN HANDLE TokenHandle)
BOOL	IsInterestingPath (OBJECT_ATTRIBUTES *NormalFile, OBJECT_ATTRIBUTES *RestrictedFile)
NTSTATUS	CopyRestrictedFile (OBJECT_ATTRIBUTES *SourceAttributes, OBJECT_ATTRIBUTES *DestinationAttributes)
NTSTATUS	CreateDirectories (OBJECT_ATTRIBUTES *Attributes)
BOOL	FileExists (OBJECT_ATTRIBUTES *Attributes)
NTSTATUS	CopyStream (HANDLE SourceFile, HANDLE DestinationFile, FILE_STREAM_INFORMATION *StreamInfo, BYTE *Buffer, ULONG BufferSize)
NTSTATUS	InitializeRestrictedStuff ()
NTSTATUS	NtUnRestrictedCreateFile (OUT PHANDLE FileHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes, OUT PIO_STATUS_BLOCK IoStatusBlock, IN PLARGE_INTEGER AllocationSize OPTIONAL, IN ULONG FileAttributes, IN ULONG ShareAccess, IN ULONG CreateDisposition, IN ULONG CreateOptions, IN PVOID EaBuffer OPTIONAL, IN ULONG EaLength)
NTSTATUS	NtUnRestrictedOpenFile (OUT PHANDLE FileHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes, OUT PIO_STATUS_BLOCK IoStatusBlock, IN ULONG ShareAccess, IN ULONG OpenOptions)
NTSTATUS	NtUnRestrictedDeleteFile (IN POBJECT_ATTRIBUTES ObjectAttributes)
NTSTATUS	NtUnRestrictedQueryAttributesFile (IN POBJECT_ATTRIBUTES ObjectAttributes, OUT PFILE_BASIC_INFORMATION FileInformation)
NTSTATUS	NtUnRestrictedSetInformationFile (IN HANDLE FileHandle, OUT PIO_STATUS_BLOCK IoStatusBlock, IN PVOID FileInformation, IN ULONG Length, IN FILE_INFORMATION_CLASS FileInformationClass)
void	CheckRestricted ()
__inline BOOL	IsRestricted ()
NTSTATUS	NtCreateFile (OUT PHANDLE FileHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes, OUT PIO_STATUS_BLOCK IoStatusBlock, IN PLARGE_INTEGER AllocationSize OPTIONAL, IN ULONG FileAttributes, IN ULONG ShareAccess, IN ULONG CreateDisposition, IN ULONG CreateOptions, IN PVOID EaBuffer OPTIONAL, IN ULONG EaLength)
NTSTATUS	ZwCreateFile (OUT PHANDLE FileHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes, OUT PIO_STATUS_BLOCK IoStatusBlock, IN PLARGE_INTEGER AllocationSize OPTIONAL, IN ULONG FileAttributes, IN ULONG ShareAccess, IN ULONG CreateDisposition, IN ULONG CreateOptions, IN PVOID EaBuffer OPTIONAL, IN ULONG EaLength)
NTSTATUS	NtOpenFile (OUT PHANDLE FileHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes, OUT PIO_STATUS_BLOCK IoStatusBlock, IN ULONG ShareAccess, IN ULONG OpenOptions)
NTSTATUS	ZwOpenFile (OUT PHANDLE FileHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes, OUT PIO_STATUS_BLOCK IoStatusBlock, IN ULONG ShareAccess, IN ULONG OpenOptions)
NTSTATUS	NtDeleteFile (IN POBJECT_ATTRIBUTES ObjectAttributes)
NTSTATUS	ZwDeleteFile (IN POBJECT_ATTRIBUTES ObjectAttributes)
NTSTATUS	NtQueryAttributesFile (IN POBJECT_ATTRIBUTES ObjectAttributes, OUT PFILE_BASIC_INFORMATION FileInformation)
NTSTATUS	ZwQueryAttributesFile (IN POBJECT_ATTRIBUTES ObjectAttributes, OUT PFILE_BASIC_INFORMATION FileInformation)
NTSTATUS	NtSetInformationFile (IN HANDLE FileHandle, OUT PIO_STATUS_BLOCK IoStatusBlock, IN PVOID FileInformation, IN ULONG Length, IN FILE_INFORMATION_CLASS FileInformationClass)
NTSTATUS	ZwSetInformationFile (IN HANDLE FileHandle, OUT PIO_STATUS_BLOCK IoStatusBlock, IN PVOID FileInformation, IN ULONG Length, IN FILE_INFORMATION_CLASS FileInformationClass)
BOOL	IsInterestingPath (IN POBJECT_ATTRIBUTES NormalFile, IN OUT POBJECT_ATTRIBUTES RestrictedFile)
Variables
enum { ... }	Restricted
UNICODE_STRING	SystemPath1 = {0, 0, 0}
UNICODE_STRING	SystemPath2 = {0, 0, 0}
UNICODE_STRING	SystemPath3 = {0, 0, 0}
UNICODE_STRING	SiteDirectory = {0, 0, 0}

---

Define Documentation

#define CALL_CREATE (  object   )

Value: NtUnRestrictedCreateFile( \ FileHandle, \ DesiredAccess, \ object, \ IoStatusBlock, \ AllocationSize, \ FileAttributes, \ ShareAccess, \ CreateDisposition, \ CreateOptions, \ EaBuffer, \ EaLength) Referenced by NtCreateFile().

#define CALL_OPEN (  object   )

Value: NtUnRestrictedOpenFile( \ FileHandle, \ DesiredAccess, \ object, \ IoStatusBlock, \ ShareAccess, \ OpenOptions) Referenced by NtOpenFile().

#define GetMangledSiteSid   xxxGetMangledSiteSid

Definition at line 38 of file restrfil.c. Referenced by InitializeRestrictedStuff().

#define GetSiteSidFromToken   xxxGetSiteSidFromToken

Definition at line 37 of file restrfil.c. Referenced by InitializeRestrictedStuff().

#define IsTokenRestricted   xxxIsTokenRestricted

Definition at line 39 of file restrfil.c. Referenced by CheckRestricted().

---

Enumeration Type Documentation

anonymous enum

Enumeration values: eUnRestricted  eRestricted  eUnknownRestricted  Definition at line 113 of file restrfil.c. { eUnRestricted = 0, eRestricted, eUnknownRestricted }

---

Function Documentation

void Base32Encode (  LPVOID  pvData, UINT  cbData, LPWSTR  pchData )

Definition at line 1953 of file restrfil.c. References BYTE, and L. Referenced by GetMangledSiteSid(). { static const WCHAR alphabet[32] = { L'a', L'b', L'c', L'd', L'e', L'f', L'g', L'h', L'i', L'j', L'k', L'l', L'm', L'n', L'o', L'p', L'q', L'r', L's', L't', L'u', L'v', L'w', L'x', L'y', L'z', L'0', L'1', L'2', L'3', L'4', L'5' }; int shift = 0; // The # of unprocessed bits in accum ULONG accum = 0; // The unprocessed bits ULONG value; BYTE *pData = (BYTE *) pvData; // For each byte... while (cbData) { // Move the byte into the low bits of the accumulator accum = (accum << 8) | *pData++; shift += 8; --cbData; // Lop off the high 5 or 10 bits and write them out while ( shift >= 5 ) { shift -= 5; value = (accum >> shift) & 0x1Fl; *pchData++ = alphabet[value]; } } // If there are any remaining bits, push out one more char padded with 0's if (shift) { value = (accum << (5 - shift)) & 0x1Fl; *pchData++ = alphabet[value]; } *pchData = L'\0'; }

void CheckRestricted (   )

Definition at line 129 of file restrfil.c. References Buffer, BYTE, DWORD, eRestricted, eUnRestricted, InitializeRestrictedStuff(), IsTokenRestricted, L, NT_SUCCESS, NtClose(), NtOpenKey(), NtOpenProcessToken(), NtQueryValueKey(), NTSTATUS(), NULL, Restricted, RtlInitUnicodeString(), and Status. Referenced by IsRestricted(). 00132 : 00133 00134 Determine if this is a restricted process and thus should have filesystem 00135 redirection active. 00136 00137 Arguments: 00138 00139 None 00140 00141 Return Value: 00142 00143 void 00144 00145 --*/ 00146 { 00147 NTSTATUS Status; 00148 HANDLE hToken; 00149 UNICODE_STRING SandboxKeyName; 00150 HANDLE SandboxKey; 00151 OBJECT_ATTRIBUTES Attributes; 00152 BYTE Buffer[256]; 00153 ULONG Length; 00154 00155 KEY_VALUE_PARTIAL_INFORMATION *ValueInfo = (KEY_VALUE_PARTIAL_INFORMATION *) Buffer; 00156 00157 // 00158 // Assume unrestricted unless we have reason to believe otherwise 00159 // 00160 00161 Restricted = eUnRestricted; 00162 00163 // 00164 // HACKHACK: Temporarily allow redirection to be forced off by setting 00165 // HKLM\Software\Sandbox!FileSystemRedir = (REG_DWORD) 0 00166 // 00167 00168 RtlInitUnicodeString(&SandboxKeyName, L"\\Registry\\Machine\\Software\\Sandbox"); 00169 00170 InitializeObjectAttributes( 00171 &Attributes, 00172 &SandboxKeyName, 00173 OBJ_CASE_INSENSITIVE, 00174 NULL, 00175 NULL); 00176 00177 Status = NtOpenKey(&SandboxKey, KEY_READ, &Attributes); 00178 00179 if (!NT_SUCCESS(Status) && STATUS_OBJECT_NAME_NOT_FOUND != Status) 00180 return; 00181 00182 if (NT_SUCCESS(Status)) 00183 { 00184 RtlInitUnicodeString(&SandboxKeyName, L"FileSystemRedir"); 00185 00186 Status = NtQueryValueKey( 00187 SandboxKey, 00188 &SandboxKeyName, 00189 KeyValuePartialInformation, 00190 ValueInfo, 00191 sizeof(Buffer), 00192 &Length); 00193 00194 NtClose(SandboxKey); 00195 00196 if (!NT_SUCCESS(Status) && STATUS_OBJECT_NAME_NOT_FOUND != Status) 00197 return; 00198 00199 if (NT_SUCCESS(Status) && 0 == * (DWORD *) (&ValueInfo->Data)) 00200 return; 00201 } 00202 00203 Status = NtOpenProcessToken(NtCurrentProcess(), TOKEN_READ, &hToken); 00204 00205 if (NT_SUCCESS(Status)) 00206 { 00207 if (IsTokenRestricted(hToken)) 00208 { 00209 Status = InitializeRestrictedStuff(); 00210 00211 if (NT_SUCCESS(Status)) 00212 Restricted = eRestricted; 00213 } 00214 00215 NtClose(hToken); 00216 } 00217 }

NTSTATUS CopyRestrictedFile (  OBJECT_ATTRIBUTES *  SourceAttributes, OBJECT_ATTRIBUTES *  DestinationAttributes )

Definition at line 1596 of file restrfil.c. References ASSERT, Buffer, BufferSize, BYTE, CopyStream(), CreateDirectories(), NT_SUCCESS, NtClose(), NtQueryInformationFile(), NtSetInformationFile(), NTSTATUS(), NtUnRestrictedCreateFile(), NtUnRestrictedDeleteFile(), NtUnRestrictedOpenFile(), NtUnRestrictedQueryAttributesFile(), NULL, RtlAllocateHeap, RtlFreeHeap, and Status. Referenced by NtCreateFile(), and NtOpenFile(). : Copy a file. Substreams in the file are copied and a best effort is made to preserve the file attributes - although the copy does not fail if the attributes can't be preserved. Acl's and extended attributes such as object id's are not copied. If the any of the parent directories of the destination don't exist they are created. Arguments: SourceAttributes - The source file DestinationAttributues - The destination file Return Value: STATUS_SUCCESS if all goes well The copy fails if the destination already exists or the source is read-only --*/ { NTSTATUS Status; HANDLE SourceFile = NULL; HANDLE DestinationFile = NULL; IO_STATUS_BLOCK SourceIoStatus; IO_STATUS_BLOCK DestinationIoStatus; ULONG StreamInfoSize = 4096; BYTE *Buffer = NULL; ULONG BufferSize = 8192; FILE_BASIC_INFORMATION BasicInfo; FILE_STANDARD_INFORMATION StandardInfo; FILE_STREAM_INFORMATION *StreamInfo = NULL; FILE_STREAM_INFORMATION *Stream; // // Check the attributes on the source. If it's set to // read-only don't try to copy it // Status = NtUnRestrictedQueryAttributesFile(SourceAttributes, &BasicInfo); if (!NT_SUCCESS(Status)) return Status; else if (BasicInfo.FileAttributes & FILE_ATTRIBUTE_READONLY) return STATUS_ACCESS_DENIED; // // Try to open the source file // Status = NtUnRestrictedOpenFile( &SourceFile, GENERIC_READ | SYNCHRONIZE, SourceAttributes, &SourceIoStatus, FILE_SHARE_READ, FILE_SEQUENTIAL_ONLY | FILE_SYNCHRONOUS_IO_NONALERT); if (!NT_SUCCESS(Status)) return Status; // // Get the size of the source. If this fails don't worry about it. // Status = NtQueryInformationFile( SourceFile, &SourceIoStatus, &StandardInfo, sizeof(StandardInfo), FileStandardInformation); if (!NT_SUCCESS(Status)) StandardInfo.AllocationSize.QuadPart = 0; // // Get the file stream information. There's no way to tell how big a // buffer we'll need to just keep doubling it. // do { StreamInfo = RtlAllocateHeap(RtlProcessHeap(), 0, StreamInfoSize); if (NULL == StreamInfo) { Status = STATUS_NO_MEMORY; goto ErrorOut; } Status = NtQueryInformationFile( SourceFile, &SourceIoStatus, StreamInfo, StreamInfoSize, FileStreamInformation); StreamInfoSize *= 2; } while (STATUS_BUFFER_OVERFLOW == Status || STATUS_BUFFER_TOO_SMALL == Status); // // Allocate a buffer to do the copying // do { Buffer = RtlAllocateHeap(RtlProcessHeap(), 0, BufferSize); if (NULL == Buffer) BufferSize /= 2; } while (NULL == Buffer && BufferSize > 15); if (NULL == Buffer) goto ErrorOut; // // Try to create the destination file // Status = NtUnRestrictedCreateFile( &DestinationFile, GENERIC_WRITE | SYNCHRONIZE, DestinationAttributes, &DestinationIoStatus, &StandardInfo.AllocationSize, BasicInfo.FileAttributes, 0, FILE_CREATE, FILE_SEQUENTIAL_ONLY | FILE_SYNCHRONOUS_IO_NONALERT, NULL, 0); // // If creating the file failed because the path doesn't exist, // create the path and try again // if (STATUS_OBJECT_PATH_NOT_FOUND == Status) { Status = CreateDirectories(DestinationAttributes); if (NT_SUCCESS(Status)) { Status = NtUnRestrictedCreateFile( &DestinationFile, GENERIC_WRITE | SYNCHRONIZE, DestinationAttributes, &DestinationIoStatus, &StandardInfo.AllocationSize, BasicInfo.FileAttributes, 0, FILE_CREATE, FILE_SEQUENTIAL_ONLY |FILE_SYNCHRONOUS_IO_NONALERT, NULL, 0); } } if (!NT_SUCCESS(Status)) goto ErrorOut; // // Set the file times. It's ok to fail // NtSetInformationFile( DestinationFile, &DestinationIoStatus, &BasicInfo, sizeof(BasicInfo), FileBasicInformation); // // Copy each stream in the file // Stream = StreamInfo; do { Status = CopyStream( SourceFile, DestinationFile, Stream, Buffer, BufferSize); if (0 == Stream->NextEntryOffset) break; Stream = (FILE_STREAM_INFORMATION *) (((BYTE *) Stream) + Stream->NextEntryOffset); } while (NT_SUCCESS(Status)); ErrorOut: if (NULL != Buffer) RtlFreeHeap(RtlProcessHeap(), 0, Buffer); if (NULL != StreamInfo) RtlFreeHeap(RtlProcessHeap(), 0, StreamInfo); if (NULL != SourceFile) NtClose(SourceFile); if (NULL != DestinationFile) { NtClose(DestinationFile); if (!NT_SUCCESS(Status)) { NTSTATUS DeleteStatus; DeleteStatus = NtUnRestrictedDeleteFile(DestinationAttributes); ASSERT(NT_SUCCESS(DeleteStatus)); } } return Status; }

NTSTATUS CopyStream (  HANDLE  SourceFile, HANDLE  DestinationFile, FILE_STREAM_INFORMATION *  StreamInfo, BYTE *  Buffer, ULONG  BufferSize )

Definition at line 1451 of file restrfil.c. References Buffer, BufferSize, L, NT_SUCCESS, NtClose(), NtReadFile(), NTSTATUS(), NtUnRestrictedCreateFile(), NtUnRestrictedOpenFile(), NtWriteFile(), NULL, Status, and USHORT. Referenced by CopyRestrictedFile(). : Copy a stream from one file to another Arguments: SourceFile - The source file DestinationFile - The destination file StreamInfo - Information about the stream to copy Buffer - The buffer to use for copying BufferSize - The size of Buffer Return Value: STATUS_SUCCESS if all goes well --*/ { NTSTATUS Status; UNICODE_STRING StreamName; OBJECT_ATTRIBUTES SourceAttributes; OBJECT_ATTRIBUTES DestinationAttributes; HANDLE SourceStream; HANDLE DestinationStream; IO_STATUS_BLOCK SourceIoStatus; IO_STATUS_BLOCK DestinationIoStatus; StreamName.MaximumLength = (USHORT) StreamInfo->StreamNameLength; StreamName.Length = (USHORT) StreamInfo->StreamNameLength; StreamName.Buffer = StreamInfo->StreamName; // // Data stream names are of the form ":<name>:$DATA" so if the second // char in the name is a colon then this is the default stream and we // don't need to open/create it // if (L':' == StreamInfo->StreamName[1]) { SourceStream = SourceFile; DestinationStream = DestinationFile; } else { InitializeObjectAttributes( &SourceAttributes, &StreamName, OBJ_CASE_INSENSITIVE, SourceFile, NULL); InitializeObjectAttributes( &DestinationAttributes, &StreamName, OBJ_CASE_INSENSITIVE, DestinationFile, NULL); Status = NtUnRestrictedOpenFile( &SourceStream, GENERIC_READ | SYNCHRONIZE, &SourceAttributes, &SourceIoStatus, FILE_SHARE_READ, FILE_SEQUENTIAL_ONLY | FILE_SYNCHRONOUS_IO_NONALERT); if (!NT_SUCCESS(Status)) return Status; Status = NtUnRestrictedCreateFile( &DestinationStream, GENERIC_WRITE | SYNCHRONIZE, &DestinationAttributes, &DestinationIoStatus, &StreamInfo->StreamAllocationSize, FILE_ATTRIBUTE_NORMAL, 0, FILE_CREATE, FILE_SEQUENTIAL_ONLY | FILE_SYNCHRONOUS_IO_NONALERT, NULL, 0); if (!NT_SUCCESS(Status)) { NtClose(SourceStream); return Status; } } // // Copy the stream // do { Status = NtReadFile( SourceStream, NULL, NULL, NULL, &SourceIoStatus, Buffer, BufferSize, 0, NULL); if (STATUS_END_OF_FILE == Status) { Status = STATUS_SUCCESS; break; } else if (NT_SUCCESS(Status)) { Status = NtWriteFile( DestinationStream, NULL, NULL, NULL, &DestinationIoStatus, Buffer, SourceIoStatus.Information, 0, NULL); } } while (NT_SUCCESS(Status) && SourceIoStatus.Information == BufferSize); if (SourceStream != SourceFile) { NtClose(SourceStream); NtClose(DestinationStream); } return Status; }

NTSTATUS CreateDirectories (  OBJECT_ATTRIBUTES *  Attributes  )

Definition at line 1311 of file restrfil.c. References ASSERT, L, NT_SUCCESS, NtClose(), NTSTATUS(), NtUnRestrictedCreateFile(), NULL, SiteDirectory, and Status. Referenced by CopyRestrictedFile(), and NtCreateFile(). : Given the path pointed to by Attributes, make sure all the directories above the last element in the path exist. Parameters: Attributes - The path Return Value: STATUS_SUCCESS if all goes well --*/ { NTSTATUS Status; UNICODE_STRING SubDirectory; OBJECT_ATTRIBUTES DirectoryAttributes; HANDLE NewDirectory = NULL; WCHAR *NextDirectory; WCHAR *EndOfString; IO_STATUS_BLOCK IoStatus; ASSERT(NULL == Attributes->RootDirectory); InitializeObjectAttributes( &DirectoryAttributes, &SubDirectory, OBJ_CASE_INSENSITIVE, NULL, NULL); // // Keep track of the end of the path and trim off any trailing '\'s // ASSERT(Attributes->ObjectName->Length >= 2); EndOfString = Attributes->ObjectName->Buffer + Attributes->ObjectName->Length / sizeof(WCHAR); if (L'\\' == EndOfString[-1]) --EndOfString; // // Keep of a private version of the path so we can muck with it // SubDirectory.Buffer = Attributes->ObjectName->Buffer; NextDirectory = SubDirectory.Buffer; NextDirectory += SiteDirectory.Length / sizeof(WCHAR); // // For each element in the path, try to create a directory using the full // path up to that element. // // Notes: CreateFile for "\??" returns STATUS_OBJECT_TYPE_MISMATCH // CreateFile for "\??\D:" returns STATUS_INVALID_PARAMETER // do { // Find the end of the next element do { ++NextDirectory; } while (NextDirectory < EndOfString && L'\\' != *NextDirectory); if ( !(NextDirectory < EndOfString) ) break; // Adjust SubDirectory to include it SubDirectory.Length = (NextDirectory - SubDirectory.Buffer); SubDirectory.Length *= sizeof(WCHAR); SubDirectory.MaximumLength = SubDirectory.Length; // Create it Status = NtUnRestrictedCreateFile( &NewDirectory, GENERIC_READ | SYNCHRONIZE, &DirectoryAttributes, &IoStatus, NULL, FILE_ATTRIBUTE_NORMAL, FILE_SHARE_READ | FILE_SHARE_WRITE, FILE_OPEN_IF, FILE_DIRECTORY_FILE | FILE_SYNCHRONOUS_IO_NONALERT, NULL, 0); if (NT_SUCCESS(Status)) NtClose(NewDirectory); NewDirectory = NULL; } while ((NT_SUCCESS(Status) || STATUS_OBJECT_TYPE_MISMATCH == Status || STATUS_INVALID_PARAMETER == Status) && NextDirectory < EndOfString); return Status; }

BOOL FileExists (  OBJECT_ATTRIBUTES *  Attributes  )

Definition at line 1423 of file restrfil.c. References BOOL, NtQueryAttributesFile(), NTSTATUS(), and Status. Referenced by NtCreateFile(). : Determine if the given file/directory exists Arguments: Attributes - The file/directory to check Return Value: TRUE if it exists --*/ { NTSTATUS Status; FILE_BASIC_INFORMATION FileInfo; Status = NtQueryAttributesFile(Attributes, &FileInfo); return (STATUS_SUCCESS == Status); }

HRESULT GetMangledSiteSid (  PSID  pSid, ULONG  cchMangledSite, LPWSTR *  ppwszMangledSite )

Definition at line 1915 of file restrfil.c. References ASSERT, Base32Encode(), DWORD, RtlSubAuthorityCountSid(), and RtlSubAuthoritySid(). { if (cchMangledSite < MAX_MANGLED_SITE) { /* *ppwszMangledSite = (WCHAR *) LocalAlloc( 0, MAX_MANGLED_SITE * sizeof(WCHAR));*/ // if (NULL == *ppwszMangledSite) return E_OUTOFMEMORY; } // The value of MAX_MANGLED_SITE assumes 4 dwords ASSERT(4 == *RtlSubAuthorityCountSid(pSid)); Base32Encode( RtlSubAuthoritySid(pSid, 0), *RtlSubAuthorityCountSid(pSid) * sizeof(DWORD), *ppwszMangledSite); // The output string should always be MAX_MANGLED_SITE - 1 chars long ASSERT(MAX_MANGLED_SITE - 1 == wcslen(*ppwszMangledSite)); return S_OK; }

PSID GetSiteSidFromToken (  IN HANDLE  TokenHandle  )

Definition at line 1844 of file restrfil.c. References NT_SUCCESS, NtQueryInformationToken(), NTSTATUS(), NULL, RtlAllocateHeap, RtlCopySid(), RtlFreeHeap, RtlLengthSid(), Status, and UINT. { PTOKEN_GROUPS RestrictedSids = NULL; ULONG ReturnLength; NTSTATUS Status; PSID psSiteSid = NULL; Status = NtQueryInformationToken( TokenHandle, TokenRestrictedSids, NULL, 0, &ReturnLength ); if (Status != STATUS_BUFFER_TOO_SMALL) { //BaseSetLastNTError(Status); return NULL; } RestrictedSids = (PTOKEN_GROUPS) RtlAllocateHeap(RtlProcessHeap(), 0, ReturnLength); if (RestrictedSids == NULL) { // SetLastError(ERROR_OUTOFMEMORY); return NULL; } Status = NtQueryInformationToken( TokenHandle, TokenRestrictedSids, RestrictedSids, ReturnLength, &ReturnLength ); if (NT_SUCCESS(Status)) { UINT i; SID_IDENTIFIER_AUTHORITY InternetSiteAuthority = SECURITY_INTERNETSITE_AUTHORITY; for (i = 0; i < RestrictedSids->GroupCount; i++) { if (RtlCompareMemory((PVOID) &((SID *) RestrictedSids->Groups[i].Sid)->IdentifierAuthority, (PVOID) &InternetSiteAuthority, sizeof(SID_IDENTIFIER_AUTHORITY)) == sizeof(SID_IDENTIFIER_AUTHORITY)) { psSiteSid = RtlAllocateHeap(RtlProcessHeap(), 0, RtlLengthSid((RestrictedSids->Groups[i]).Sid)); if (psSiteSid == NULL) { // SetLastError(ERROR_OUTOFMEMORY); } else { RtlCopySid(RtlLengthSid((RestrictedSids->Groups[i]).Sid), psSiteSid, (RestrictedSids->Groups[i]).Sid); } break; } } } else { //BaseSetLastNTError(Status); } RtlFreeHeap(RtlProcessHeap(), 0, RestrictedSids); return psSiteSid; }

NTSTATUS InitializeRestrictedStuff (   )

Definition at line 879 of file restrfil.c. References BOOL, Buffer, BufferSize, FALSE, GetMangledSiteSid, GetSiteSidFromToken, Initialized, L, NT_SUCCESS, NtClose(), NtOpenKey(), NtOpenProcessToken(), NtQueryObject(), NtQueryValueKey(), NTSTATUS(), NtUnRestrictedOpenFile(), NULL, RtlAllocateHeap, RtlAppendUnicodeToString(), RtlCreateUnicodeString(), RtlExpandEnvironmentStrings_U(), RtlFormatCurrentUserKeyPath(), RtlFreeHeap, RtlFreeSid(), RtlFreeUnicodeString(), RtlInitUnicodeString(), SiteDirectory, Status, SystemPath1, SystemPath2, SystemPath3, and USHORT. Referenced by CheckRestricted(). : Determine if this process needs to have file mapping turned on and if so figure out the paths to the system drive and shadow area Arguments: None Return Value: STATUS_SUCCESS if file mapping support was initialized. --*/ { OBJECT_ATTRIBUTES Attributes; UNICODE_STRING Path; UNICODE_STRING ProfileDirectory; HKEY ProfileKey; HKEY UserProfileKey; WCHAR Buffer[sizeof(KEY_VALUE_PARTIAL_INFORMATION)+128/sizeof(WCHAR)]; ULONG BufferSize = sizeof(KEY_VALUE_PARTIAL_INFORMATION)+128; IO_STATUS_BLOCK IoStatus; NTSTATUS Status; HANDLE SystemRoot; UNICODE_STRING *TempString; HANDLE hToken; PSID SiteSid; WCHAR MangledSiteBuffer[MAX_MANGLED_SITE]; LPWSTR MangledSite = MangledSiteBuffer; static BOOL Initialized = FALSE; KEY_VALUE_PARTIAL_INFORMATION *KeyInfo; if (Initialized) return STATUS_SUCCESS; // // Figure out the path to \Device<systemvolume>. We need to open a // handle to SystemRoot and then query the name of that handle. // Path.MaximumLength = sizeof(Buffer); Path.Length = 0; Path.Buffer = Buffer; RtlAppendUnicodeToString(&Path, L"\\??\\"); RtlAppendUnicodeToString(&Path, USER_SHARED_DATA->NtSystemRoot); InitializeObjectAttributes( &Attributes, &Path, OBJ_CASE_INSENSITIVE, NULL, NULL); Status = NtUnRestrictedOpenFile( &SystemRoot, GENERIC_READ | SYNCHRONIZE, &Attributes, &IoStatus, FILE_SHARE_READ | FILE_SHARE_WRITE, FILE_DIRECTORY_FILE | FILE_SYNCHRONOUS_IO_NONALERT); if (!NT_SUCCESS(Status)) return Status; Status = NtQueryObject( SystemRoot, ObjectNameInformation, Buffer, sizeof(Buffer), NULL); NtClose(SystemRoot); if (!NT_SUCCESS(Status)) return Status; // The path is the name of the SystemRoot handle minus the length of // NtSystemRoot minus the drive letter TempString = & ((OBJECT_NAME_INFORMATION *) Buffer)->Name; TempString->Length -= sizeof(WCHAR) * (wcslen(USER_SHARED_DATA->NtSystemRoot) - sizeof("d")); TempString->Buffer[TempString->Length / sizeof(WCHAR)] = L'\0'; Status = RtlCreateUnicodeString( &SystemPath1, TempString->Buffer); if (!NT_SUCCESS(Status)) return Status; //DbgPrint("SystemPath1 = %wZ\n", &SystemPath1); // Figure out the path to \??<systemdrive> Path.Length = 0; Path.Buffer = Buffer; RtlAppendUnicodeToString(&Path, L"\\??\\"); RtlAppendUnicodeToString(&Path, USER_SHARED_DATA->NtSystemRoot); Path.Buffer[sizeof("\\??\\d")] = L'\0'; Status = RtlCreateUnicodeString(&SystemPath2, Path.Buffer); if (!NT_SUCCESS(Status)) return Status; //DbgPrint("SystemPath2 = %wZ\n", &SystemPath2); // Figure out the path to \DosDevices<systemdrive> Path.Length = 0; Path.Buffer = Buffer; RtlAppendUnicodeToString(&Path, L"\\DosDevices\\"); RtlAppendUnicodeToString(&Path, USER_SHARED_DATA->NtSystemRoot); Path.Buffer[sizeof("\\DosDevices\\d")] = L'\0'; Status = RtlCreateUnicodeString(&SystemPath3, Path.Buffer); if (!NT_SUCCESS(Status)) return Status; //DbgPrint("SystemPath3 = %wZ\n", &SystemPath3); // // Figure out where the site directory is // // This code is temporary. Eventually the shadow directory will be stored // in the job object // // First open the list of profile locations RtlInitUnicodeString(&Path, L"\\Registry\\Machine\\Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList"); InitializeObjectAttributes( &Attributes, &Path, OBJ_CASE_INSENSITIVE, NULL, NULL); Status = NtOpenKey(&ProfileKey, KEY_READ, &Attributes); if (!NT_SUCCESS(Status)) return Status; // Next get a stringized version of the user's SID Status = RtlFormatCurrentUserKeyPath(&Path); if (!NT_SUCCESS(Status)) { NtClose(ProfileKey); return Status; } Path.Buffer += sizeof("\\Registry\\User"); Path.Length -= sizeof(L"\\Registry\\User"); // And open the profile for the current user Attributes.RootDirectory = ProfileKey; Status = NtOpenKey(&UserProfileKey, KEY_READ, &Attributes); NtClose(ProfileKey); Path.Buffer -= sizeof("\\Registry\\User"); Path.Length += sizeof(L"\\Registry\\User"); RtlFreeUnicodeString(&Path); if (!NT_SUCCESS(Status)) return Status; // Allocate a buffer and get the info RtlInitUnicodeString(&Path, L"ProfileImagePath"); do { ULONG ResultLength; KeyInfo = RtlAllocateHeap(RtlProcessHeap(), 0, BufferSize); if (NULL == KeyInfo) { NtClose(UserProfileKey); Status = STATUS_NO_MEMORY; break; } Status = NtQueryValueKey( UserProfileKey, &Path, KeyValuePartialInformation, KeyInfo, BufferSize, &ResultLength); if (!NT_SUCCESS(Status)) { BufferSize *= 2; RtlFreeHeap(RtlProcessHeap(), 0, KeyInfo); } } while ( STATUS_BUFFER_OVERFLOW == Status || STATUS_BUFFER_TOO_SMALL == Status); NtClose(UserProfileKey); if (!NT_SUCCESS(Status)) return Status; // Create the path to the site directory Path.Length = 0; Path.MaximumLength = sizeof(Buffer); Path.Buffer = Buffer; ProfileDirectory.Length = (USHORT) KeyInfo->DataLength; ProfileDirectory.MaximumLength = (USHORT) KeyInfo->DataLength; ProfileDirectory.Buffer = (WCHAR *) KeyInfo->Data; Status = RtlExpandEnvironmentStrings_U(NULL, &ProfileDirectory, &Path, NULL); if (!NT_SUCCESS(Status)) return Status; // RtlExpandEnvironmentStrings_U includes the null terminator in the length Path.Length -= sizeof(L'\0'); // Remove the drive letter from the path Path.Length -= 2 * sizeof(WCHAR); MoveMemory(Path.Buffer, Path.Buffer + 2, Path.Length); // // Figure out the site directory name // Status = NtOpenProcessToken(NtCurrentProcess(), TOKEN_READ, &hToken); if (!NT_SUCCESS(Status)) return Status; SiteSid = GetSiteSidFromToken(hToken); NtClose(hToken); if (NULL == SiteSid) return STATUS_UNSUCCESSFUL; Status = GetMangledSiteSid(SiteSid, MAX_MANGLED_SITE, &MangledSite); RtlFreeSid(SiteSid); if (!NT_SUCCESS(Status)) return Status; RtlAppendUnicodeToString(&Path, L"\\"); RtlAppendUnicodeToString(&Path, MangledSite); Path.Buffer[Path.Length / sizeof(WCHAR)] = L'\0'; Status = RtlCreateUnicodeString(&SiteDirectory, Path.Buffer); //DbgPrint("Site Directory = %wZ\n", &SiteDirectory); Initialized = NT_SUCCESS(Status); return Status; }

BOOL IsInterestingPath (  IN POBJECT_ATTRIBUTES  NormalFile, IN OUT POBJECT_ATTRIBUTES  RestrictedFile )

Definition at line 1163 of file restrfil.c. References BOOL, Buffer, BYTE, FALSE, L, NT_SUCCESS, NtQueryObject(), NTSTATUS(), NULL, RtlAllocateHeap, RtlAppendUnicodeStringToString(), RtlAppendUnicodeToString(), RtlCopyUnicodeString(), RtlPrefixUnicodeString(), SiteDirectory, Status, SystemPath1, SystemPath2, SystemPath3, and TRUE. Referenced by NtCreateFile(), NtDeleteFile(), NtOpenFile(), NtQueryAttributesFile(), and NtSetInformationFile(). : Determine if this path pointed to by NormalFile can be mapped and if so point RestrictedFile at the mapped version Arguments: NormalFile - The file to be tested RestrictedFile - The resultant restricted file Return Value: STATUS_SUCCESS if RestrictedFile was setup --*/ { BYTE Buffer[1024]; OBJECT_NAME_INFORMATION *NameInfo = (OBJECT_NAME_INFORMATION *) Buffer; NTSTATUS Status; BOOLEAN CaseInSensitive; UNICODE_STRING *SystemPath = NULL; UNICODE_STRING *RestrictedName; // // Expand out the root directory of a relative path, if applicable // if (NULL != NormalFile->RootDirectory) { WCHAR LastChar; // Get the name corresponding to the root handle Status = NtQueryObject( NormalFile->RootDirectory, ObjectNameInformation, NameInfo, sizeof(Buffer), NULL); if (!NT_SUCCESS(Status)) return FALSE; // Make sure there's a backslash on the end LastChar = NameInfo->Name.Buffer[ (NameInfo->Name.Length-1)*sizeof(WCHAR)]; if (L'\\' != LastChar) { Status = RtlAppendUnicodeToString(&NameInfo->Name, L"\\"); if (!NT_SUCCESS(Status)) return FALSE; } } else { NameInfo->Name.Length = 0; NameInfo->Name.Buffer = (WCHAR *) (((BYTE *) NameInfo) + sizeof(*NameInfo)); } // // Concatenate the file/directory to it's root to get a full path // NameInfo->Name.MaximumLength = sizeof(Buffer) - sizeof(*NameInfo) - NameInfo->Name.Length; Status = RtlAppendUnicodeStringToString( &NameInfo->Name, NormalFile->ObjectName); if (!NT_SUCCESS(Status)) return FALSE; // // Check to see if the path should be mapped // CaseInSensitive = (BOOLEAN) ((OBJ_CASE_INSENSITIVE & NormalFile->Attributes) != 0); if (RtlPrefixUnicodeString(&SystemPath1, &NameInfo->Name, CaseInSensitive)) SystemPath = &SystemPath1; else if (RtlPrefixUnicodeString(&SystemPath2, &NameInfo->Name, CaseInSensitive)) SystemPath = &SystemPath2; else if (RtlPrefixUnicodeString(&SystemPath3, &NameInfo->Name, CaseInSensitive)) SystemPath = &SystemPath3; if (NULL == SystemPath) return FALSE; // // This path is on the system drive, reject it if it's pointing at the // mapped area already // NameInfo->Name.Length -= SystemPath->Length; NameInfo->Name.Buffer += SystemPath->Length / sizeof(WCHAR); if (RtlPrefixUnicodeString(&SiteDirectory,&NameInfo->Name,CaseInSensitive)) return FALSE; NameInfo->Name.Length += SystemPath->Length; NameInfo->Name.Buffer -= SystemPath->Length / sizeof(WCHAR); // // This path should be mapped // RestrictedName = RestrictedFile->ObjectName; RestrictedName->MaximumLength = SystemPath1.Length + SiteDirectory.Length + NameInfo->Name.Length; RestrictedName->Buffer = RtlAllocateHeap( RtlProcessHeap(), 0, RestrictedName->MaximumLength); if (NULL == RestrictedName->Buffer) return FALSE; NameInfo->Name.Buffer[NameInfo->Name.Length] = L'\0'; RestrictedFile->RootDirectory = NULL; RestrictedName->Length = 0; RtlCopyUnicodeString(RestrictedName, &SystemPath1); RtlAppendUnicodeStringToString(RestrictedName, &SiteDirectory); RtlAppendUnicodeToString( RestrictedName, NameInfo->Name.Buffer + SystemPath->Length / sizeof(WCHAR)); return TRUE; }

BOOL IsInterestingPath (  OBJECT_ATTRIBUTES *  NormalFile, OBJECT_ATTRIBUTES *  RestrictedFile )

__inline BOOL IsRestricted (   )

Definition at line 223 of file restrfil.c. References CheckRestricted(), eRestricted, eUnknownRestricted, eUnRestricted, FALSE, and Restricted. Referenced by NtCreateFile(), NtDeleteFile(), NtOpenFile(), NtQueryAttributesFile(), NtSetInformationFile(), xxxCallHook2(), and xxxProcessNotifyWinEvent(). : Determine if this is a restricted process and thus should have filesystem redirection active. Arguments: None Return Value: TRUE if this is a restricted process, otherwise FALSE --*/ { if (eUnRestricted == Restricted) return FALSE; if (eUnknownRestricted == Restricted) CheckRestricted(); return (eRestricted == Restricted); }

BOOL IsTokenRestricted (  IN HANDLE  TokenHandle  )

Definition at line 2001 of file restrfil.c. References BOOL, FALSE, NT_SUCCESS, NtQueryInformationToken(), NTSTATUS(), NULL, RtlAllocateHeap, RtlFreeHeap, Status, and TRUE. { PTOKEN_GROUPS RestrictedSids = NULL; ULONG ReturnLength; NTSTATUS Status; BOOL Result = FALSE; Status = NtQueryInformationToken( TokenHandle, TokenRestrictedSids, NULL, 0, &ReturnLength ); if (Status != STATUS_BUFFER_TOO_SMALL) { // BaseSetLastNTError(Status); return(FALSE); } RestrictedSids = (PTOKEN_GROUPS) RtlAllocateHeap(RtlProcessHeap(), 0, ReturnLength); if (RestrictedSids == NULL) { // SetLastError(ERROR_OUTOFMEMORY); return(FALSE); } Status = NtQueryInformationToken( TokenHandle, TokenRestrictedSids, RestrictedSids, ReturnLength, &ReturnLength ); if (NT_SUCCESS(Status)) { if (RestrictedSids->GroupCount != 0) { Result = TRUE; } } else { // BaseSetLastNTError(Status); } RtlFreeHeap(RtlProcessHeap(), 0, RestrictedSids); return(Result); }

NTSTATUS NtCreateFile (  OUT PHANDLE  FileHandle, IN ACCESS_MASK  DesiredAccess, IN POBJECT_ATTRIBUTES  ObjectAttributes, OUT PIO_STATUS_BLOCK  IoStatusBlock, IN PLARGE_INTEGER AllocationSize  OPTIONAL, IN ULONG  FileAttributes, IN ULONG  ShareAccess, IN ULONG  CreateDisposition, IN ULONG  CreateOptions, IN PVOID EaBuffer  OPTIONAL, IN ULONG  EaLength )

Definition at line 253 of file restrfil.c. References CALL_CREATE, CopyRestrictedFile(), CreateDirectories(), FileExists(), IsInterestingPath(), IsRestricted(), NT_SUCCESS, NTSTATUS(), ObjectAttributes, RtlFreeHeap, and Status. 00268 : 00269 00270 Entry point for the restricted version of NtCreateFile 00271 00272 Arguments: 00273 00274 FileHandle - A pointer to a variable to receive the handle to the open file. 00275 00276 DesiredAccess - Supplies the types of access that the caller would like to 00277 the file. 00278 00279 ObjectAttributes - Supplies the attributes to be used for file object (name, 00280 SECURITY_DESCRIPTOR, etc.) 00281 00282 IoStatusBlock - Specifies the address of the caller's I/O status block. 00283 00284 AllocationSize - Initial size that should be allocated to the file. This 00285 parameter only has an affect if the file is created. Further, if 00286 not specified, then it is taken to mean zero. 00287 00288 FileAttributes - Specifies the attributes that should be set on the file, 00289 if it is created. 00290 00291 ShareAccess - Supplies the types of share access that the caller would like 00292 to the file. 00293 00294 CreateDisposition - Supplies the method for handling the create/open. 00295 00296 CreateOptions - Caller options for how to perform the create/open. 00297 00298 EaBuffer - Optionally specifies a set of EAs to be applied to the file if 00299 it is created. 00300 00301 EaLength - Supplies the length of the EaBuffer. 00302 00303 Return Value: 00304 00305 The function value is the final status of the create/open operation. 00306 00307 --*/ 00308 { 00309 #define CALL_CREATE(object) \ 00310 NtUnRestrictedCreateFile( \ 00311 FileHandle, \ 00312 DesiredAccess, \ 00313 object, \ 00314 IoStatusBlock, \ 00315 AllocationSize, \ 00316 FileAttributes, \ 00317 ShareAccess, \ 00318 CreateDisposition, \ 00319 CreateOptions, \ 00320 EaBuffer, \ 00321 EaLength) 00322 /*\ 00323 ((st = \ 00324 ) ? st \ 00325 : ((Restricted == eRestricted) ? DbgPrint("%s %wZ\n", (object==NormalFile)?"UnMapped":" Mapped",object->ObjectName) : 0), st) 00326 */ 00327 00328 NTSTATUS Status; 00329 OBJECT_ATTRIBUTES *OriginalAttributes; 00330 OBJECT_ATTRIBUTES *NormalFile; 00331 OBJECT_ATTRIBUTES RestrictedFileAttributes; 00332 OBJECT_ATTRIBUTES *RestrictedFile = &RestrictedFileAttributes; 00333 UNICODE_STRING RestrictedObjectName; 00334 00335 FILE_BASIC_INFORMATION BasicInfo; 00336 00337 //NTSTATUS st; 00338 00339 if (!IsRestricted()) 00340 return CALL_CREATE(ObjectAttributes); 00341 00342 // 00343 // Check to see if this file is mappable. If not don't try 00344 // 00345 00346 NormalFile = ObjectAttributes; 00347 00348 CopyMemory(RestrictedFile, NormalFile, sizeof(OBJECT_ATTRIBUTES)); 00349 RestrictedFile->ObjectName = &RestrictedObjectName; 00350 00351 if (!IsInterestingPath(NormalFile, RestrictedFile)) 00352 return CALL_CREATE(NormalFile); 00353 00354 // 00355 // The file/directory is mappable 00356 // 00357 00358 // 00359 // If this is a directory, try to access the normal one first, then the 00360 // shadowed one 00361 // 00362 if (CreateOptions & FILE_DIRECTORY_FILE) 00363 { 00364 Status = CALL_CREATE(NormalFile); 00365 00366 if (!NT_SUCCESS(Status)) 00367 { 00368 Status = CALL_CREATE(RestrictedFile); 00369 } 00370 } 00371 00372 // 00373 // If this is a file which which already has a shadowed version, try the 00374 // operation only on that version 00375 // 00376 else if (FileExists(RestrictedFile)) 00377 { 00378 Status = CALL_CREATE(RestrictedFile); 00379 } 00380 00381 // 00382 // This is a file operation and no shadowed version of the file exists, 00383 // try the operation in the unshadowed area 00384 // 00385 else 00386 { 00387 Status = CALL_CREATE(NormalFile); 00388 00389 if (STATUS_ACCESS_DENIED == Status) 00390 { 00391 Status = CreateDirectories(RestrictedFile); 00392 00393 if (NT_SUCCESS(Status)) 00394 { 00395 Status = CopyRestrictedFile(NormalFile, RestrictedFile); 00396 00397 if (NT_SUCCESS(Status) 00398 || STATUS_OBJECT_NAME_NOT_FOUND == Status) 00399 { 00400 Status = CALL_CREATE(RestrictedFile); 00401 } 00402 } 00403 } 00404 } 00405 00406 00407 /* 00408 if (!NT_SUCCESS(Status)) 00409 DbgPrint(" Failed %wZ\n", NormalFile->ObjectName); 00410 */ 00411 RtlFreeHeap(RtlProcessHeap(), 0, RestrictedObjectName.Buffer); 00412 00413 return Status; 00414 00415 #undef CALL_CREATE 00416 } NTSTATUS

NTSTATUS NtDeleteFile (  IN POBJECT_ATTRIBUTES  ObjectAttributes  )

Definition at line 602 of file restrfil.c. References IsInterestingPath(), IsRestricted(), NT_SUCCESS, NTSTATUS(), NtUnRestrictedDeleteFile(), ObjectAttributes, RtlFreeHeap, and Status. 00605 : 00606 00607 Attempt to delete the shadowed version of the given file. If that fails 00608 attempt to delete the real version of the file 00609 00610 Arguments: 00611 00612 ObjectAttributes - Supplies the attributes to be used for file object (name, 00613 SECURITY_DESCRIPTOR, etc.) 00614 00615 Return Value: 00616 00617 The status returned is the final completion status of the operation. 00618 00619 --*/ 00620 { 00621 NTSTATUS Status; 00622 OBJECT_ATTRIBUTES *NormalFile; 00623 OBJECT_ATTRIBUTES RestrictedFileAttributes; 00624 OBJECT_ATTRIBUTES *RestrictedFile = &RestrictedFileAttributes; 00625 UNICODE_STRING RestrictedObjectName; 00626 00627 if (!IsRestricted()) 00628 return NtUnRestrictedDeleteFile(ObjectAttributes); 00629 00630 // 00631 // Check to see if this file is mappable. Map it if it is 00632 // 00633 00634 NormalFile = ObjectAttributes; 00635 00636 CopyMemory(RestrictedFile, NormalFile, sizeof(OBJECT_ATTRIBUTES)); 00637 RestrictedFile->ObjectName = &RestrictedObjectName; 00638 00639 if (IsInterestingPath(NormalFile, RestrictedFile)) 00640 { 00641 Status = NtUnRestrictedDeleteFile(RestrictedFile); 00642 00643 RtlFreeHeap(RtlProcessHeap(), 0, RestrictedObjectName.Buffer); 00644 00645 if (NT_SUCCESS(Status) || STATUS_ACCESS_DENIED == Status) 00646 return Status; 00647 } 00648 00649 // 00650 // The file is not mappable or deleting the mapped version failed. 00651 // 00652 00653 return NtUnRestrictedDeleteFile(NormalFile); 00654 } NTSTATUS ZwDeleteFile(IN POBJECT_ATTRIBUTES ObjectAttributes)

NTSTATUS NtOpenFile (  OUT PHANDLE  FileHandle, IN ACCESS_MASK  DesiredAccess, IN POBJECT_ATTRIBUTES  ObjectAttributes, OUT PIO_STATUS_BLOCK  IoStatusBlock, IN ULONG  ShareAccess, IN ULONG  OpenOptions )

Definition at line 449 of file restrfil.c. References CALL_OPEN, CopyRestrictedFile(), IsInterestingPath(), IsRestricted(), NT_SUCCESS, NTSTATUS(), ObjectAttributes, RtlFreeHeap, and Status. 00459 : 00460 00461 Entry point for the restricted version of NtOpenFile 00462 00463 Arguments: 00464 00465 FileHandle - A pointer to a variable to receive the handle to the open file. 00466 00467 DesiredAccess - Supplies the types of access that the caller would like to 00468 the file. 00469 00470 ObjectAttributes - Supplies the attributes to be used for file object (name, 00471 SECURITY_DESCRIPTOR, etc.) 00472 00473 IoStatusBlock - Specifies the address of the caller's I/O status block. 00474 00475 ShareAccess - Supplies the types of share access that the caller would like 00476 to the file. 00477 00478 OpenOptions - Caller options for how to perform the open. 00479 00480 Return Value: 00481 00482 The function value is the final completion status of the open/create 00483 operation. 00484 00485 --*/ 00486 { 00487 #define CALL_OPEN(object) \ 00488 NtUnRestrictedOpenFile( \ 00489 FileHandle, \ 00490 DesiredAccess, \ 00491 object, \ 00492 IoStatusBlock, \ 00493 ShareAccess, \ 00494 OpenOptions) 00495 /*\ 00496 ((st = \ 00497 ) ? st \ 00498 : ((Restricted == eRestricted) ? DbgPrint("%s %wZ\n", (object==NormalFile)?"UnMapped":" Mapped",object->ObjectName) : 0), st) 00499 */ 00500 00501 NTSTATUS Status; 00502 OBJECT_ATTRIBUTES *OriginalAttributes; 00503 OBJECT_ATTRIBUTES *NormalFile; 00504 OBJECT_ATTRIBUTES RestrictedFileAttributes; 00505 OBJECT_ATTRIBUTES *RestrictedFile = &RestrictedFileAttributes; 00506 UNICODE_STRING RestrictedObjectName; 00507 00508 FILE_BASIC_INFORMATION BasicInfo; 00509 00510 //NTSTATUS st; 00511 00512 if (!IsRestricted()) 00513 return CALL_OPEN(ObjectAttributes); 00514 00515 // 00516 // Check to see if this file is mappable. If not don't try 00517 // 00518 00519 NormalFile = ObjectAttributes; 00520 00521 CopyMemory(RestrictedFile, NormalFile, sizeof(OBJECT_ATTRIBUTES)); 00522 RestrictedFile->ObjectName = &RestrictedObjectName; 00523 00524 if (!IsInterestingPath(NormalFile, RestrictedFile)) 00525 return CALL_OPEN(NormalFile); 00526 00527 // 00528 // The file/directory is mappable 00529 // 00530 00531 if (OpenOptions & FILE_DIRECTORY_FILE) 00532 { 00533 // 00534 // This is a directory, attempt to access the given one, if that fails 00535 // try to access the shadowed version 00536 // 00537 00538 Status = CALL_OPEN(NormalFile); 00539 00540 if (!NT_SUCCESS(Status)) 00541 { 00542 Status = CALL_OPEN(RestrictedFile); 00543 } 00544 } 00545 else 00546 { 00547 // 00548 // This is a file (not a directory). Attempt to open the shadowed 00549 // version. If that fails, attempt to open the real version. If that 00550 // fails with access denied, then try to copy the file to the shadow 00551 // area and try to open it there again. 00552 // 00553 00554 Status = CALL_OPEN(RestrictedFile); 00555 00556 if (!NT_SUCCESS(Status)) 00557 { 00558 Status = CALL_OPEN(NormalFile); 00559 00560 if (!NT_SUCCESS(Status)) 00561 { 00562 Status = CopyRestrictedFile(NormalFile, RestrictedFile); 00563 00564 if (NT_SUCCESS(Status)) 00565 { 00566 Status = CALL_OPEN(RestrictedFile); 00567 } 00568 } 00569 } 00570 } 00571 /* 00572 if (!NT_SUCCESS(Status)) 00573 DbgPrint(" Failed %wZ\n", NormalFile->ObjectName); 00574 */ 00575 RtlFreeHeap(RtlProcessHeap(), 0, RestrictedObjectName.Buffer); 00576 00577 return Status; 00578 00579 #undef CALL_OPEN 00580 } NTSTATUS

NTSTATUS NtQueryAttributesFile (  IN POBJECT_ATTRIBUTES  ObjectAttributes, OUT PFILE_BASIC_INFORMATION  FileInformation )

Definition at line 663 of file restrfil.c. References IsInterestingPath(), IsRestricted(), NT_SUCCESS, NTSTATUS(), NtUnRestrictedQueryAttributesFile(), ObjectAttributes, RtlFreeHeap, and Status. 00669 : 00670 00671 Attempt to query the shadowed version of the given file. If that fails 00672 attempt to query the real version of the file 00673 00674 Arguments: 00675 00676 ObjectAttributes - Supplies the attributes to be used for file object (name, 00677 SECURITY_DESCRIPTOR, etc.) 00678 00679 FileInformation - Supplies an output buffer to receive the returned file 00680 attributes information. 00681 00682 Return Value: 00683 00684 The status returned is the final completion status of the operation. 00685 00686 --*/ 00687 { 00688 NTSTATUS Status; 00689 OBJECT_ATTRIBUTES *NormalFile; 00690 OBJECT_ATTRIBUTES RestrictedFileAttributes; 00691 OBJECT_ATTRIBUTES *RestrictedFile = &RestrictedFileAttributes; 00692 UNICODE_STRING RestrictedObjectName; 00693 00694 if (!IsRestricted()) 00695 return NtUnRestrictedQueryAttributesFile( 00696 ObjectAttributes, 00697 FileInformation); 00698 00699 // 00700 // Check to see if this file is mappable. Map it if it is 00701 // 00702 00703 NormalFile = ObjectAttributes; 00704 00705 CopyMemory(RestrictedFile, NormalFile, sizeof(OBJECT_ATTRIBUTES)); 00706 RestrictedFile->ObjectName = &RestrictedObjectName; 00707 00708 if (IsInterestingPath(NormalFile, RestrictedFile)) 00709 { 00710 Status = NtUnRestrictedQueryAttributesFile( 00711 RestrictedFile, 00712 FileInformation); 00713 00714 RtlFreeHeap(RtlProcessHeap(), 0, RestrictedObjectName.Buffer); 00715 00716 if (NT_SUCCESS(Status) || STATUS_ACCESS_DENIED == Status) 00717 return Status; 00718 } 00719 00720 // 00721 // The file is not mappable or accessing the mapped version failed. 00722 // 00723 00724 return NtUnRestrictedQueryAttributesFile( 00725 NormalFile, 00726 FileInformation); 00727 } NTSTATUS

NTSTATUS NtSetInformationFile (  IN HANDLE  FileHandle, OUT PIO_STATUS_BLOCK  IoStatusBlock, IN PVOID  FileInformation, IN ULONG  Length, IN FILE_INFORMATION_CLASS  FileInformationClass )

Definition at line 740 of file restrfil.c. References IsInterestingPath(), IsRestricted(), NT_SUCCESS, NTSTATUS(), NtUnRestrictedSetInformationFile(), NULL, RtlAllocateHeap, RtlFreeHeap, Status, and USHORT. Referenced by SepClientOpenPipe(). 00749 : 00750 00751 Hook NtSetInformationFile to catch renames/moves of files by restricted 00752 processes. 00753 00754 Arguments: 00755 00756 FileHandle - Supplies a handle to the file whose information should be 00757 changed. 00758 00759 IoStatusBlock - Address of the caller's I/O status block. 00760 00761 FileInformation - Supplies a buffer containing the information which should 00762 be changed on the file. 00763 00764 Length - Supplies the length, in bytes, of the FileInformation buffer. 00765 00766 FileInformationClass - Specifies the type of information which should be 00767 changed about the file. 00768 00769 Return Value: 00770 00771 The status returned is the final completion status of the operation. 00772 00773 --*/ 00774 { 00775 NTSTATUS Status; 00776 OBJECT_ATTRIBUTES NormalFileAttributes; 00777 OBJECT_ATTRIBUTES *NormalFile = &NormalFileAttributes; 00778 UNICODE_STRING NormalFileName; 00779 OBJECT_ATTRIBUTES RestrictedFileAttributes; 00780 OBJECT_ATTRIBUTES *RestrictedFile = &RestrictedFileAttributes; 00781 UNICODE_STRING RestrictedObjectName; 00782 00783 FILE_RENAME_INFORMATION *RenameInfo; 00784 00785 // 00786 // Try the original operation first 00787 // 00788 00789 Status = NtUnRestrictedSetInformationFile( 00790 FileHandle, 00791 IoStatusBlock, 00792 FileInformation, 00793 Length, 00794 FileInformationClass); 00795 00796 if (NT_SUCCESS(Status) 00797 || !IsRestricted() 00798 || FileRenameInformation != FileInformationClass) 00799 { 00800 return Status; 00801 } 00802 00803 // 00804 // Check to see if this file is mappable. Map it if it is 00805 // 00806 00807 RenameInfo = (FILE_RENAME_INFORMATION *) FileInformation; 00808 00809 NormalFileName.MaximumLength = (USHORT) RenameInfo->FileNameLength; 00810 NormalFileName.Length = (USHORT) RenameInfo->FileNameLength; 00811 NormalFileName.Buffer = RenameInfo->FileName; 00812 00813 InitializeObjectAttributes( 00814 NormalFile, 00815 &NormalFileName, 00816 OBJ_CASE_INSENSITIVE, 00817 RenameInfo->RootDirectory, 00818 NULL); 00819 00820 CopyMemory(RestrictedFile, NormalFile, sizeof(OBJECT_ATTRIBUTES)); 00821 RestrictedFile->ObjectName = &RestrictedObjectName; 00822 00823 if (IsInterestingPath(NormalFile, RestrictedFile)) 00824 { 00825 FILE_RENAME_INFORMATION *NewRenameInfo; 00826 NTSTATUS Status2; 00827 00828 NewRenameInfo = RtlAllocateHeap( 00829 RtlProcessHeap(), 00830 0, 00831 sizeof(*RenameInfo) + RestrictedObjectName.Length); 00832 00833 if (NULL != RenameInfo) 00834 { 00835 NewRenameInfo->ReplaceIfExists = RenameInfo->ReplaceIfExists; 00836 NewRenameInfo->RootDirectory = NULL; 00837 NewRenameInfo->FileNameLength = RestrictedObjectName.Length; 00838 CopyMemory( 00839 NewRenameInfo->FileName, 00840 RestrictedObjectName.Buffer, 00841 RestrictedObjectName.Length); 00842 00843 Status2 = NtUnRestrictedSetInformationFile( 00844 FileHandle, 00845 IoStatusBlock, 00846 NewRenameInfo, 00847 sizeof(*RenameInfo) + RestrictedObjectName.Length, 00848 FileInformationClass); 00849 00850 Status = NT_SUCCESS(Status2) ? Status2 : Status; 00851 00852 RtlFreeHeap(RtlProcessHeap(), 0, NewRenameInfo); 00853 } 00854 00855 RtlFreeHeap(RtlProcessHeap(), 0, RestrictedObjectName.Buffer); 00856 } 00857 00858 return Status; 00859 } NTSTATUS

NTSTATUS NtUnRestrictedCreateFile (  OUT PHANDLE  FileHandle, IN ACCESS_MASK  DesiredAccess, IN POBJECT_ATTRIBUTES  ObjectAttributes, OUT PIO_STATUS_BLOCK  IoStatusBlock, IN PLARGE_INTEGER AllocationSize  OPTIONAL, IN ULONG  FileAttributes, IN ULONG  ShareAccess, IN ULONG  CreateDisposition, IN ULONG  CreateOptions, IN PVOID EaBuffer  OPTIONAL, IN ULONG  EaLength )

Referenced by CopyRestrictedFile(), CopyStream(), and CreateDirectories().

NTSTATUS NtUnRestrictedDeleteFile (  IN POBJECT_ATTRIBUTES  ObjectAttributes  )

Referenced by CopyRestrictedFile(), and NtDeleteFile().

NTSTATUS NtUnRestrictedOpenFile (  OUT PHANDLE  FileHandle, IN ACCESS_MASK  DesiredAccess, IN POBJECT_ATTRIBUTES  ObjectAttributes, OUT PIO_STATUS_BLOCK  IoStatusBlock, IN ULONG  ShareAccess, IN ULONG  OpenOptions )

Referenced by CopyRestrictedFile(), CopyStream(), and InitializeRestrictedStuff().

NTSTATUS NtUnRestrictedQueryAttributesFile (  IN POBJECT_ATTRIBUTES  ObjectAttributes, OUT PFILE_BASIC_INFORMATION  FileInformation )

Referenced by CopyRestrictedFile(), and NtQueryAttributesFile().

NTSTATUS NtUnRestrictedSetInformationFile (  IN HANDLE  FileHandle, OUT PIO_STATUS_BLOCK  IoStatusBlock, IN PVOID  FileInformation, IN ULONG  Length, IN FILE_INFORMATION_CLASS  FileInformationClass )

Referenced by NtSetInformationFile().

NTSTATUS ZwCreateFile (  OUT PHANDLE  FileHandle, IN ACCESS_MASK  DesiredAccess, IN POBJECT_ATTRIBUTES  ObjectAttributes, OUT PIO_STATUS_BLOCK  IoStatusBlock, IN PLARGE_INTEGER AllocationSize  OPTIONAL, IN ULONG  FileAttributes, IN ULONG  ShareAccess, IN ULONG  CreateDisposition, IN ULONG  CreateOptions, IN PVOID EaBuffer  OPTIONAL, IN ULONG  EaLength )

Definition at line 418 of file restrfil.c. References FileAttributes, NtCreateFile(), and ObjectAttributes. Referenced by CmpOpenFileWithExtremePrejudice(), CmpOpenHiveFiles(), FsRecCreateAndRegisterDO(), FsRtlpOpenDev(), IoepGetErrCaseDB(), IopBootLogToFile(), OpenDevice(), and UserBeep(). { return NtCreateFile( FileHandle, DesiredAccess, ObjectAttributes, IoStatusBlock, AllocationSize, FileAttributes, ShareAccess, CreateDisposition, CreateOptions, EaBuffer, EaLength); }

NTSTATUS ZwDeleteFile (  IN POBJECT_ATTRIBUTES  ObjectAttributes  )

Definition at line 655 of file restrfil.c. References NtDeleteFile(), NTSTATUS(), and ObjectAttributes. { return NtDeleteFile(ObjectAttributes); }

NTSTATUS ZwOpenFile (  OUT PHANDLE  FileHandle, IN ACCESS_MASK  DesiredAccess, IN POBJECT_ATTRIBUTES  ObjectAttributes, OUT PIO_STATUS_BLOCK  IoStatusBlock, IN ULONG  ShareAccess, IN ULONG  OpenOptions )

Definition at line 582 of file restrfil.c. References NtOpenFile(), and ObjectAttributes. Referenced by CmpOpenFileWithExtremePrejudice(), DbgkCreateThread(), DbgkpSectionHandleToFileHandle(), GetNextReparseVolumePath(), IoAttachDevice(), IoGetDeviceObjectPointer(), IopApplySystemPartitionProt(), IopGetDumpStack(), IopMarkBootPartition(), MiLoadSystemImage(), OpenDeviceReparseIndex(), PsLocateSystemDll(), QueryDeviceNameForPath(), RtlpOpenImageFile(), and xHalIoAssignDriveLetters(). { return NtOpenFile( FileHandle, DesiredAccess, ObjectAttributes, IoStatusBlock, ShareAccess, OpenOptions); }

NTSTATUS ZwQueryAttributesFile (  IN POBJECT_ATTRIBUTES  ObjectAttributes, OUT PFILE_BASIC_INFORMATION  FileInformation )

Definition at line 729 of file restrfil.c. References NtQueryAttributesFile(), and ObjectAttributes. Referenced by CmpOpenFileWithExtremePrejudice(). { return NtQueryAttributesFile(ObjectAttributes, FileInformation); }

NTSTATUS ZwSetInformationFile (  IN HANDLE  FileHandle, OUT PIO_STATUS_BLOCK  IoStatusBlock, IN PVOID  FileInformation, IN ULONG  Length, IN FILE_INFORMATION_CLASS  FileInformationClass )

Definition at line 861 of file restrfil.c. References NtSetInformationFile(). Referenced by CmpDoFileSetSize(), CmpOpenFileWithExtremePrejudice(), CmpWorker(), and NtCreatePagingFile(). { return NtSetInformationFile( FileHandle, IoStatusBlock, FileInformation, Length, FileInformationClass); }

---

Variable Documentation

enum { ... } Restricted

Referenced by CheckRestricted(), IsRestricted(), SepMaximumAccessCheck(), SepNormalAccessCheck(), and SepSidInTokenEx().

UNICODE_STRING SiteDirectory = {0, 0, 0}

Definition at line 124 of file restrfil.c. Referenced by CreateDirectories(), InitializeRestrictedStuff(), and IsInterestingPath().

UNICODE_STRING SystemPath1 = {0, 0, 0}

Definition at line 121 of file restrfil.c. Referenced by InitializeRestrictedStuff(), and IsInterestingPath().

UNICODE_STRING SystemPath2 = {0, 0, 0}

Definition at line 122 of file restrfil.c. Referenced by InitializeRestrictedStuff(), and IsInterestingPath().

UNICODE_STRING SystemPath3 = {0, 0, 0}

Definition at line 123 of file restrfil.c. Referenced by InitializeRestrictedStuff(), and IsInterestingPath().

---