archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
4.9 GiB
Tree: 5c6fe3db62
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '5c6fe3db62'
${ noResults }
windows-server-2003/base/wdmlib/wdmsec/io/iodevobj.c

469 lines
14 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. /*++
  3. Copyright (c) Microsoft Corporation. All rights reserved.
  5. Module Name:
  7. IoDevObj.c
  9. Abstract:
  11. This module contains functions for managing device objects.
  13. Author:
  15. Adrian J. Oney - April 21, 2002
  17. Revision History:
  19. --*/
  21. #include "WlDef.h"
  22. #include "IopDevObj.h"
  23. #pragma hdrstop
  25. #ifdef ALLOC_PRAGMA
  26. #pragma alloc_text(PAGE, IoDevObjCreateDeviceSecure)
  27. #pragma alloc_text(PAGE, IopDevObjAdjustNewDeviceParameters)
  28. #pragma alloc_text(PAGE, IopDevObjApplyPostCreationSettings)
  29. #endif
  32. NTSTATUS
  33. IoDevObjCreateDeviceSecure(
  34. IN PDRIVER_OBJECT DriverObject,
  35. IN ULONG DeviceExtensionSize,
  36. IN PUNICODE_STRING DeviceName OPTIONAL,
  37. IN DEVICE_TYPE DeviceType,
  38. IN ULONG DeviceCharacteristics,
  39. IN BOOLEAN Exclusive,
  40. IN PCUNICODE_STRING DefaultSDDLString,
  41. IN LPCGUID DeviceClassGuid OPTIONAL,
  42. OUT PDEVICE_OBJECT *DeviceObject
  43. )
  44. /*++
  46. Routine Description:
  48. This routine creates a securable named device object. The security settings
  49. for the device object are retrieved from the registry or constructed using
  50. the passed in defaults if registry overrides are not available.
  52. It should be used
  53. 1. To secure legacy device objects
  54. 2. To secure raw PnP PDOs
  56. It should not be used to create FDOs, non-raw PDOs, or any unnamed objects.
  57. For those operations, IoCreateDevice should be used.
  59. Arguments:
  61. DriverObject - A pointer to the driver object for this device.
  63. DeviceExtensionSize - Size, in bytes, of extension to device object;
  64. i.e., the size of the driver-specific data for this device object.
  66. DeviceName - Optional name that should be associated with this device.
  67. If the DeviceCharacteristics has the FILE_AUTOGENERATED_DEVICE_NAME
  68. flag set, this parameter is ignored.
  70. DeviceType - The type of device that the device object should represent.
  71. Possibly overriden by registry.
  73. DeviceCharacteristics - The characteristics for the device. Additional
  74. flags may be supplied by the registry.
  76. Exclusive - Indicates that the device object should be created with using
  77. the exclusive object attribute. Possibly overriden by registry.
  79. NOTE: This flag should not be used for WDM drivers. Since only the
  80. PDO is named, it is the only device object in a devnode attachment
  81. stack that is openable. However, since this device object is created
  82. by the underlying bus driver (which has no knowledge about what type
  83. of device this is), there is no way to know whether this flag should
  84. be set. Therefore, this parameter should always be FALSE for WDM
  85. drivers. Drivers attached to the PDO (e.g., the function driver) must
  86. enforce any exclusivity rules.
  88. DefaultSDDLString - In the absense of registry settings, this string
  89. specifies the security to supply for the device object.
  91. Only the subset of the SDDL format is currently supported. The format
  92. is:
  93. D:P(ACE)(ACE)(ACE), where (ACE) is (AceType;;Access;;;SID)
  95. Where:
  97. AceType - Only Allow ("A") is supported.
  98. Access - Rights specified in either hex format (0xnnnnnnnn), or via the
  99. SDDL Generic/Standard abbreviations
  100. SID - Abbreviated security ID
  101. (WD, BA, SY, IU, RC, AU, NU, AN, BG, BU, LS, NS)
  102. The S-w-x-y-z form for SIDs is not supported
  104. The unimplemented ace fields are:
  106. AceFlags - Describes features such as inheritance for sub-objects
  107. (ie files) and containers (ie keys/folders). An example SDDL
  108. AceFlag string would be ("OICI"). While control over
  109. inheritance is crucial for registry keys and files, it's
  110. irrelevant for device objects. As such, this function supports
  111. no ACE flags.
  113. ObjectGuid - Used for describing rights that transcent the 32bit
  114. mask supplied by the OS. Typically used for Active Directory
  115. objects.
  117. InheritObjectGuid - - Used for describing rights that transcent the
  118. 32bit mask supplied by the OS. Typically used for Active
  119. Directory objects.
  121. Example -
  122. "D:P(A;;GA;;;SY)" which is Allow System to have Generic All access.
  124. DeviceClassGuid - Supplies a device install class GUID. This class is
  125. looked up in the registry to see if any potential overrides exist.
  126. For legacy device objects, the caller may need to invent an appropriate
  127. class GUID (see IoCreateDeviceSecure documention on how to properly
  128. install a full class).
  130. Note that if no registry override exists, the registry will
  131. automatically be updated to *reflect* the default SDDL string.
  132. Therefore it is a very bad idea to use the same device class GUID with
  133. different DefaultSDDLString values (objects needing different default
  134. security should have different classes, or be secured via INFs where
  135. possible).
  137. DeviceObject - Pointer to the device object pointer this routine will
  138. return.
  140. Return Value:
  142. NTSTATUS.
  144. --*/
  145. {
  146. PSECURITY_DESCRIPTOR securityDescriptor;
  147. STACK_CREATION_SETTINGS stackSettings, updateSettings;
  148. PDEVICE_OBJECT newDeviceObject;
  149. UNICODE_STRING classKeyName;
  150. DEVICE_TYPE finalDeviceType;
  151. ULONG finalCharacteristics;
  152. BOOLEAN finalExclusivity;
  153. ULONG disposition;
  154. NTSTATUS status;
  156. PAGED_CODE();
  158. //
  159. // Preinit for failure
  160. //
  161. *DeviceObject = NULL;
  162. newDeviceObject = NULL;
  164. //
  165. // The device object is securable only if it has a name. Therefore, we fail
  166. // the create call if the device doesn't have a name.
  167. //
  168. if (!(ARGUMENT_PRESENT(DeviceName) ||
  169. (DeviceCharacteristics & FILE_AUTOGENERATED_DEVICE_NAME))) {
  171. return STATUS_INVALID_PARAMETER;
  172. }
  174. if (ARGUMENT_PRESENT(DeviceClassGuid)) {
  176. //
  177. // Try to find the appropriate security descriptor for the device. First
  178. // look for an override in the registry using the class GUID. We will
  179. // create a section in the registry if one doesn't exist as well. This is
  180. // a clue to the system administrator that there is something to lock down
  181. // in the system.
  182. //
  183. status = PpRegStateReadCreateClassCreationSettings(
  184. DeviceClassGuid,
  185. DriverObject,
  186. &stackSettings
  187. );
  189. if (!NT_SUCCESS(status)) {
  191. return status;
  192. }
  194. } else {
  196. PpRegStateInitEmptyCreationSettings(&stackSettings);
  197. }
  199. //
  200. // If a registry setting wasn't specified, parse the default SDDL string.
  201. //
  202. if (!(stackSettings.Flags & DSIFLAG_SECURITY_DESCRIPTOR)) {
  204. //
  205. // Parse the SDDL string into a security descriptor, and mark it
  206. // "default" as well. SE_DACL_DEFAULT means the DACL came from a
  207. // "default" mechanism, typically implying parental inheritance or
  208. // object default security. In our case, the "default source" is the
  209. // library as opposed to the user or an INF.
  210. //
  211. status = SeSddlSecurityDescriptorFromSDDL(
  212. DefaultSDDLString,
  213. TRUE,
  214. &securityDescriptor
  215. );
  217. if (!NT_SUCCESS(status)) {
  219. goto Exit;
  220. }
  222. PpRegStateLoadSecurityDescriptor(
  223. securityDescriptor,
  224. &stackSettings
  225. );
  227. if (ARGUMENT_PRESENT(DeviceClassGuid)) {
  229. //
  230. // Update the registry with the default SDDL string so that the
  231. // admin knows what settings are being used for this class. Note
  232. // that we don't free updateSettings, as the security descriptor
  233. // is also used by stackSettings.
  234. //
  235. PpRegStateInitEmptyCreationSettings(&updateSettings);
  237. PpRegStateLoadSecurityDescriptor(
  238. securityDescriptor,
  239. &updateSettings
  240. );
  242. status = PpRegStateUpdateStackCreationSettings(
  243. DeviceClassGuid,
  244. &updateSettings
  245. );
  247. if (!NT_SUCCESS(status)) {
  249. goto Exit;
  250. }
  251. }
  252. }
  254. //
  255. // Fill out the default values
  256. //
  257. finalDeviceType = DeviceType;
  258. finalCharacteristics = DeviceCharacteristics;
  259. finalExclusivity = Exclusive;
  261. //
  262. // Adjust the parameters based on the registry overrides
  263. //
  264. IopDevObjAdjustNewDeviceParameters(
  265. &stackSettings,
  266. &finalDeviceType,
  267. &finalCharacteristics,
  268. &finalExclusivity
  269. );
  271. //
  272. // Create the device object. The newly created object should have the
  273. // DO_DEVICE_INITIALIZING flag on it, meaning it cannot be opened. We
  274. // therefore still have an opportunity to apply security.
  275. //
  276. status = IoCreateDevice(
  277. DriverObject,
  278. DeviceExtensionSize,
  279. DeviceName,
  280. finalDeviceType,
  281. finalCharacteristics,
  282. finalExclusivity,
  283. &newDeviceObject
  284. );
  286. if (!NT_SUCCESS(status)) {
  288. goto Exit;
  289. }
  291. ASSERT(newDeviceObject->Flags & DO_DEVICE_INITIALIZING);
  293. status = IopDevObjApplyPostCreationSettings(
  294. newDeviceObject,
  295. &stackSettings
  296. );
  298. if (!NT_SUCCESS(status)) {
  300. IoDeleteDevice(newDeviceObject);
  301. goto Exit;
  302. }
  304. *DeviceObject = newDeviceObject;
  306. Exit:
  308. //
  309. // Clean up the security descriptor as appropriate.
  310. //
  311. PpRegStateFreeStackCreationSettings(&stackSettings);
  313. return status;
  314. }
  317. VOID
  318. IopDevObjAdjustNewDeviceParameters(
  319. IN PSTACK_CREATION_SETTINGS StackCreationSettings,
  320. IN OUT PDEVICE_TYPE DeviceType,
  321. IN OUT PULONG DeviceCharacteristics,
  322. IN OUT PBOOLEAN Exclusive
  323. )
  324. /*++
  326. Routine Description:
  328. This routine adjusts a newly created device object to reflect the passed
  329. in stack creation settings.
  331. Arguments:
  333. StackCreationSettings - Information reflecting the settings to apply.
  335. DeviceType - On input, the device type specified by the caller. This field
  336. is updated to reflect any changes specified in the registry.
  338. DeviceCharacteristics - On input, the characteristics specified by the
  339. caller. This field is updated to reflect any changes specified in the
  340. registry.
  342. Exclusive - On input, the exclusivity specified by the caller. This field
  343. is updated to reflect any changes specified in the registry.
  345. Return Value:
  347. None.
  349. --*/
  350. {
  351. PAGED_CODE();
  353. if (StackCreationSettings->Flags & DSIFLAG_DEVICE_TYPE) {
  355. *DeviceType = StackCreationSettings->DeviceType;
  356. }
  358. if (StackCreationSettings->Flags & DSIFLAG_CHARACTERISTICS) {
  360. *DeviceCharacteristics = StackCreationSettings->Characteristics;
  361. }
  363. if (StackCreationSettings->Flags & DSIFLAG_EXCLUSIVE) {
  365. *Exclusive = (BOOLEAN) StackCreationSettings->Exclusivity;
  366. }
  367. }
  370. NTSTATUS
  371. IopDevObjApplyPostCreationSettings(
  372. IN PDEVICE_OBJECT DeviceObject,
  373. IN PSTACK_CREATION_SETTINGS StackCreationSettings
  374. )
  375. /*++
  377. Routine Description:
  379. This routine adjusts a newly created device object to reflect the passed
  380. in stack creation settings.
  382. Arguments:
  384. DeviceObject - Device object who's settings to adjust.
  386. StackCreationSettings - Information reflecting the settings to apply.
  388. Return Value:
  390. NTSTATUS.
  392. --*/
  393. {
  394. SECURITY_INFORMATION securityInformation;
  395. ACCESS_MASK desiredAccess;
  396. BOOLEAN fromDefaultSource;
  397. NTSTATUS status;
  398. HANDLE handle;
  400. PAGED_CODE();
  402. if (!(StackCreationSettings->Flags & DSIFLAG_SECURITY_DESCRIPTOR)) {
  404. return STATUS_SUCCESS;
  405. }
  407. //
  408. // Get the corresponding securityInformation from the descriptor.
  409. //
  410. status = SeUtilSecurityInfoFromSecurityDescriptor(
  411. StackCreationSettings->SecurityDescriptor,
  412. &fromDefaultSource,
  413. &securityInformation
  414. );
  416. if (!NT_SUCCESS(status)) {
  418. return status;
  419. }
  421. #ifdef _KERNELIMPLEMENTATION_
  423. status = ObSetSecurityObjectByPointer(
  424. DeviceObject,
  425. securityInformation,
  426. StackCreationSettings->SecurityDescriptor
  427. );
  429. #else
  431. //
  432. // Since ObSetSecurityObjectByPointer isn't available on Win2K, we have to
  433. // use a rather sneaky trick. The device technically isn't openable yet.
  434. // However, ObOpenObjectByPointer doesn't bother doing any parse stuff.
  435. // Therefore, we can get a quick handle to the object, set the security
  436. // descriptor, and then dump the handle without the driver being any wiser.
  437. //
  438. SeSetSecurityAccessMask(securityInformation, &desiredAccess);
  440. status = ObOpenObjectByPointer(
  441. DeviceObject,
  442. OBJ_KERNEL_HANDLE,
  443. NULL,
  444. desiredAccess,
  445. *IoDeviceObjectType,
  446. KernelMode,
  447. &handle
  448. );
  450. if (!NT_SUCCESS(status)) {
  452. return status;
  453. }
  455. status = ZwSetSecurityObject(
  456. handle,
  457. securityInformation,
  458. StackCreationSettings->SecurityDescriptor
  459. );
  461. ZwClose(handle);
  463. #endif // _KERNELIMPLEMENTATION_
  465. return status;
  466. }