archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
8 Commits
1 Branch
0 Tags
2.0 GiB
Tree: 744f0b4006
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '744f0b4006'
${ noResults }
windows-xp/Source/XPSP1/NT/base/fs/efs/create.c

1257 lines
38 KiB
Raw Normal View History

Add source files
4 years ago
  1. /*++
  3. Copyright (c) 1996 Microsoft Corporation
  5. Module Name:
  7. create.c
  9. Abstract:
  11. This module will handle the IRP_MJ_CREATE (and all associated support
  12. routines) requests.
  14. Author:
  16. Robert Gu (robertg) 29-Oct-1996
  17. Environment:
  19. Kernel Mode Only
  21. Revision History:
  23. --*/
  25. #include "efs.h"
  26. #include "efsrtl.h"
  27. #include "efsext.h"
  30. #ifdef ALLOC_PRAGMA
  31. //
  32. // cannot make this code paged because of calls to
  33. // virtual memory functions.
  34. //
  35. //#pragma alloc_text(PAGE, EFSFilePostCreate)
  36. //#pragma alloc_text(PAGE, EFSPostCreate)
  37. //
  38. #endif
  41. NTSTATUS
  42. EFSFilePostCreate(
  43. IN PDEVICE_OBJECT VolDo,
  44. IN PIRP Irp,
  45. IN PFILE_OBJECT FileObject,
  46. IN NTSTATUS Status,
  47. IN OUT PVOID *PCreateContext
  48. )
  49. {
  50. PEFS_CONTEXT pEfsContext;
  51. KIRQL savedIrql;
  52. NTSTATUS EfsStatus = STATUS_SUCCESS;
  55. PAGED_CODE();
  57. if (!PCreateContext) {
  58. return Status;
  59. }
  61. pEfsContext = *PCreateContext;
  63. if (( NT_SUCCESS( Status ) && (Status != STATUS_PENDING) && (Status != STATUS_REPARSE))
  64. && pEfsContext){
  66. if ( NO_FURTHER_PROCESSING != pEfsContext->Status ){
  68. PIO_STACK_LOCATION irpSp;
  70. irpSp = IoGetCurrentIrpStackLocation( Irp );
  73. #if DBG
  74. if ( (EFSTRACEALL | EFSTRACELIGHT ) & EFSDebug ){
  76. DbgPrint( " EFSFILTER: Begin post create. \n" );
  78. }
  79. #endif
  81. if ((pEfsContext->EfsStreamData) &&
  82. (EFS_STREAM_TRANSITION == ((PEFS_STREAM)(pEfsContext->EfsStreamData))->Status)) {
  84. PSID SystemSid;
  85. SID_IDENTIFIER_AUTHORITY IdentifierAuthority = SECURITY_NT_AUTHORITY;
  87. //
  88. // $EFS indicates transition state.
  89. // Only the system can open it
  90. //
  92. SystemSid = ExAllocatePoolWithTag(
  93. PagedPool,
  94. RtlLengthRequiredSid(1),
  95. 'msfE'
  96. );
  98. if ( SystemSid ){
  100. EfsStatus = RtlInitializeSid( SystemSid, &IdentifierAuthority, (UCHAR) 1 );
  102. if ( NT_SUCCESS(EfsStatus) ){
  104. PACCESS_TOKEN accessToken = NULL;
  105. PTOKEN_USER UserId = NULL;
  107. *(RtlSubAuthoritySid(SystemSid, 0 )) = SECURITY_LOCAL_SYSTEM_RID;
  109. //
  110. // We got the system SID. Now try to get the caller's SID.
  111. //
  113. accessToken = irpSp->Parameters.Create.SecurityContext->AccessState->SubjectSecurityContext.ClientToken;
  114. if(!accessToken) {
  115. accessToken = irpSp->Parameters.Create.SecurityContext->AccessState->SubjectSecurityContext.PrimaryToken;
  116. }
  117. if ( accessToken ){
  119. //
  120. // Get User ID
  121. //
  123. EfsStatus = SeQueryInformationToken(
  124. accessToken,
  125. TokenUser,
  126. &UserId
  127. );
  129. if ( NT_SUCCESS(EfsStatus) ){
  131. //
  132. // Got the user SID
  133. //
  135. if ( !RtlEqualSid ( SystemSid, UserId->User.Sid) ) {
  137. EfsStatus = STATUS_ACCESS_DENIED;
  139. }
  140. }
  142. ExFreePool( UserId );
  144. } else {
  145. //
  146. // Cannot get the user token
  147. //
  149. EfsStatus = STATUS_ACCESS_DENIED;
  151. }
  153. }
  155. ExFreePool( SystemSid );
  157. } else {
  159. EfsStatus = STATUS_INSUFFICIENT_RESOURCES;
  161. }
  163. } else {
  164. //
  165. // $EFS in normal status
  166. // Set Key Blob and/or write $EFS
  167. //
  168. // Legacy problem, The fourth parameter of EfsPostCreate (OpenType)
  169. // was used to indicate a recovery open. The design was changed. Now
  170. // this parameter is not used. It is not worth to take out the parameter
  171. // now. This will need to change several modules, EFS.SYS, KSECDD.SYS
  172. // SEcur32.lib and LSASRV.DLL. We might just leave it as reserved for future use.
  173. // To speed up a little bit, pass in 0.
  174. //
  176. EfsStatus = EFSPostCreate(
  177. VolDo,
  178. Irp,
  179. pEfsContext,
  180. 0
  181. );
  183. }
  184. }
  186. }
  188. if (pEfsContext){
  190. //
  191. // Release memory if necessary
  192. //
  194. *PCreateContext = NULL;
  195. if ( pEfsContext->EfsStreamData ) {
  197. ExFreePool(pEfsContext->EfsStreamData);
  198. pEfsContext->EfsStreamData = NULL;
  200. }
  202. ExFreeToNPagedLookasideList(&(EfsData.EfsContextPool), pEfsContext );
  203. }
  205. if (!NT_SUCCESS(EfsStatus)) {
  206. return EfsStatus;
  207. }
  209. return Status; // If EFS operation succeeded, just return the original status code.
  211. }
  215. NTSTATUS
  216. EFSPostCreate(
  217. IN PDEVICE_OBJECT DeviceObject,
  218. IN PIRP Irp,
  219. IN PEFS_CONTEXT EfsContext,
  220. IN ULONG OpenType
  221. )
  223. /*++
  225. Routine Description:
  227. This function calls the EFS server to get FEK, $EFS, set Key Blob and or write $EFS.
  229. We could not use user's space to talk to LSA so we need to attach to LSA to allocate
  231. memory in LSA space. We could cause APC dead lock if we call LSA while attached to LSA.
  233. We need to detach before calling LSA and reattach to get data back from LSA.
  235. Arguments:
  237. DeviceObject - Pointer to the target device object.
  239. Irp - Pointer to the I/O Request Packet that represents the operation.
  241. EfsContext - A context block associated with the file object.
  243. OpenType - File create(open) option
  245. IrpContext - NTFS internal data
  247. FileHdl - NTFS internal data
  249. AttributeHandle - NTFS internal data
  252. --*/
  253. {
  254. PEFS_KEY fek = NULL;
  255. PEFS_DATA_STREAM_HEADER efsStream = NULL;
  256. PVOID currentEfsStream = NULL;
  257. NTSTATUS status = STATUS_SUCCESS;
  258. PIO_STACK_LOCATION irpSp = IoGetCurrentIrpStackLocation( Irp );
  259. PVOID bufferBase = NULL;
  260. ULONG currentEfsStreamLength = 0;
  261. ULONG bufferLength;
  262. SIZE_T regionSize = 0;
  263. PACCESS_TOKEN accessToken = NULL;
  264. PTOKEN_USER UserId = NULL;
  265. GUID *EfsId = NULL;
  266. HANDLE CrntProcess = NULL;
  267. BOOLEAN ProcessAttached = FALSE;
  268. BOOLEAN ProcessNeedAttach = FALSE;
  269. SECURITY_IMPERSONATION_LEVEL ImpersonationLevel = SecurityImpersonation;
  270. KAPC_STATE ApcState;
  271. /*
  272. PIO_SECURITY_CONTEXT sContext;
  273. sContext = irpSp->Parameters.Create.SecurityContext;
  274. DbgPrint( "\n PostCreate: Desired Access %x\n", sContext->DesiredAccess );
  275. DbgPrint( "\n PostCreate: Orginal Desired Access %x\n", sContext->AccessState->OriginalDesiredAccess );
  276. DbgPrint( "\n PostCreate: PrevGrant Access %x\n", sContext->AccessState->PreviouslyGrantedAccess );
  277. DbgPrint( "\n PostCreate: Remaining Desired Access %x\n", sContext->AccessState->RemainingDesiredAccess );
  278. */
  279. //
  280. // Check if we can use the cache to verify the open
  281. //
  283. if ( !(EfsContext->Status & NO_OPEN_CACHE_CHECK) ){
  285. if ( irpSp->Parameters.Create.SecurityContext->AccessState->SubjectSecurityContext.ClientToken ){
  286. accessToken = irpSp->Parameters.Create.SecurityContext->AccessState->SubjectSecurityContext.ClientToken;
  287. ImpersonationLevel = irpSp->Parameters.Create.SecurityContext->AccessState->SubjectSecurityContext.ImpersonationLevel;
  288. } else {
  289. accessToken = irpSp->Parameters.Create.SecurityContext->AccessState->SubjectSecurityContext.PrimaryToken;
  290. }
  292. if ( accessToken ){
  294. //
  295. // Get User ID
  296. //
  298. status = SeQueryInformationToken(
  299. accessToken,
  300. TokenUser,
  301. &UserId
  302. );
  304. if ( NT_SUCCESS(status) ){
  306. if ( EfsFindInCache(
  307. &((( PEFS_DATA_STREAM_HEADER ) EfsContext->EfsStreamData)->EfsId),
  308. UserId
  309. )) {
  311. ExFreePool( UserId );
  312. #if DBG
  313. if ( (EFSTRACEALL ) & EFSDebug ){
  314. DbgPrint( " EFS:Open with cache. \n" );
  315. }
  316. #endif
  317. return ( STATUS_SUCCESS );
  318. }
  319. }
  321. //
  322. // UserId will be freed later
  323. //
  325. }
  327. //
  328. // Check cache failure should not block the normal operations
  329. //
  331. status = STATUS_SUCCESS;
  332. }
  334. //
  335. // Clear the cache bit
  336. //
  338. EfsContext->Status &= ~NO_OPEN_CACHE_CHECK;
  340. //
  341. // Check if it is ACCESS_ATTRIBUTE ONLY
  342. //
  344. if ( !( irpSp->Parameters.Create.SecurityContext->AccessState->PreviouslyGrantedAccess &
  345. ( FILE_APPEND_DATA | FILE_READ_DATA | FILE_WRITE_DATA | FILE_EXECUTE )) &&
  346. ( EfsContext->Status & TURN_ON_ENCRYPTION_BIT ) &&
  347. ( !(EfsContext->Status & (NEW_FILE_EFS_REQUIRED | NEW_DIR_EFS_REQUIRED)))){
  349. //
  350. // A new stream is to be created without data access required. We might not
  351. // have the keys to decrypt the $EFS. We just need to turn on the bit here.
  352. // Changed the real action required.
  353. // Free the memory not required by this action.
  354. //
  355. #if DBG
  356. if ( (EFSTRACEALL ) & EFSDebug ){
  357. DbgPrint( " EFS:Open accessing attr only. \n" );
  358. }
  359. #endif
  361. if (EfsContext->EfsStreamData){
  362. ExFreePool(EfsContext->EfsStreamData);
  363. EfsContext->EfsStreamData = NULL;
  364. }
  365. EfsContext->Status = TURN_ON_ENCRYPTION_BIT | TURN_ON_BIT_ONLY ;
  367. } else if ( !(EfsContext->Status & TURN_ON_BIT_ONLY) ) {
  369. if (accessToken == NULL){
  370. if ( irpSp->Parameters.Create.SecurityContext->AccessState->SubjectSecurityContext.ClientToken ){
  371. accessToken = irpSp->Parameters.Create.SecurityContext->AccessState->SubjectSecurityContext.ClientToken;
  372. ImpersonationLevel = irpSp->Parameters.Create.SecurityContext->AccessState->SubjectSecurityContext.ImpersonationLevel;
  373. } else {
  374. accessToken = irpSp->Parameters.Create.SecurityContext->AccessState->SubjectSecurityContext.PrimaryToken;
  375. }
  377. //
  378. // Get User ID
  379. //
  381. status = SeQueryInformationToken(
  382. accessToken,
  383. TokenUser,
  384. &UserId
  385. );
  387. if (!NT_SUCCESS(status)) {
  389. //
  390. // Do not refresh the cache
  391. //
  393. UserId = NULL;
  394. status = STATUS_SUCCESS;
  395. }
  397. }
  399. //
  400. // Allocate virtual memory.
  401. // Move the $EFS to virtual memory, LPC requires this.
  402. //
  404. if ( PsGetCurrentProcess() != EfsData.LsaProcess ){
  406. ProcessNeedAttach = TRUE;
  408. status = ObReferenceObjectByPointer(
  409. EfsData.LsaProcess,
  410. 0,
  411. NULL,
  412. KernelMode);
  414. if ( NT_SUCCESS(status) ) {
  415. KeStackAttachProcess (
  416. EfsData.LsaProcess,
  417. &ApcState
  418. );
  419. ProcessAttached = TRUE;
  420. }
  422. }
  424. CrntProcess = NtCurrentProcess();
  426. if ( NT_SUCCESS(status) ) {
  427. if (EfsContext->EfsStreamData){
  428. regionSize = currentEfsStreamLength = * (ULONG*)(EfsContext->EfsStreamData);
  430. status = ZwAllocateVirtualMemory(
  431. CrntProcess,
  432. (PVOID *) &currentEfsStream,
  433. 0,
  434. &regionSize,
  435. MEM_COMMIT,
  436. PAGE_READWRITE
  437. );
  438. }
  439. }
  440. }
  442. if ( NT_SUCCESS(status) ){
  444. BOOLEAN OldCopyOnOpen;
  445. BOOLEAN OldEffectiveOnly;
  446. SECURITY_IMPERSONATION_LEVEL OldImpersonationLevel;
  447. PACCESS_TOKEN OldClientToken;
  450. OldClientToken = PsReferenceImpersonationToken(
  451. PsGetCurrentThread(),
  452. &OldCopyOnOpen,
  453. &OldEffectiveOnly,
  454. &OldImpersonationLevel
  455. );
  457. if ( EfsContext->Status != (TURN_ON_ENCRYPTION_BIT | TURN_ON_BIT_ONLY) &&
  458. ( NULL != currentEfsStream) ){
  460. RtlCopyMemory(
  461. currentEfsStream,
  462. EfsContext->EfsStreamData,
  463. currentEfsStreamLength
  464. );
  466. //
  467. // Free the memory first to increase chance of getting new memory
  468. //
  470. ExFreePool(EfsContext->EfsStreamData);
  471. EfsContext->EfsStreamData = NULL;
  472. }
  474. //
  475. // Detach process before calling user mode
  476. //
  478. if (ProcessAttached){
  479. KeUnstackDetachProcess(&ApcState);
  480. ProcessAttached = FALSE;
  481. }
  483. switch ( EfsContext->Status & ACTION_REQUIRED){
  484. case VERIFY_USER_REQUIRED:
  486. PsImpersonateClient(
  487. PsGetCurrentThread(),
  488. accessToken,
  489. TRUE,
  490. TRUE,
  491. ImpersonationLevel
  492. );
  494. //
  495. // Call service to verify the user
  496. //
  498. status = EfsDecryptFek(
  499. &fek,
  500. (PEFS_DATA_STREAM_HEADER) currentEfsStream,
  501. currentEfsStreamLength,
  502. OpenType,
  503. &efsStream,
  504. &bufferBase,
  505. &bufferLength
  506. );
  508. if ( OldClientToken ) {
  509. PsImpersonateClient(
  510. PsGetCurrentThread(),
  511. OldClientToken,
  512. OldCopyOnOpen,
  513. OldEffectiveOnly,
  514. OldImpersonationLevel
  515. );
  516. PsDereferenceImpersonationToken(OldClientToken);
  517. } else {
  518. PsRevertToSelf( );
  519. }
  521. break;
  523. case NEW_FILE_EFS_REQUIRED:
  524. //
  525. // Call service to get new FEK, $EFS
  526. //
  528. if (EfsContext->Flags & SYSTEM_IS_READONLY) {
  529. ASSERT(FALSE);
  530. status = STATUS_MEDIA_WRITE_PROTECTED;
  531. if ( OldClientToken ) {
  532. PsDereferenceImpersonationToken(OldClientToken);
  533. }
  534. break;
  535. }
  537. PsImpersonateClient(
  538. PsGetCurrentThread(),
  539. accessToken,
  540. TRUE,
  541. TRUE,
  542. ImpersonationLevel
  543. );
  545. status = EfsGenerateKey(
  546. &fek,
  547. &efsStream,
  548. (PEFS_DATA_STREAM_HEADER) currentEfsStream,
  549. currentEfsStreamLength,
  550. &bufferBase,
  551. &bufferLength
  552. );
  554. if ( OldClientToken ) {
  555. PsImpersonateClient(
  556. PsGetCurrentThread(),
  557. OldClientToken,
  558. OldCopyOnOpen,
  559. OldEffectiveOnly,
  560. OldImpersonationLevel
  561. );
  562. PsDereferenceImpersonationToken(OldClientToken);
  563. } else {
  564. PsRevertToSelf( );
  565. }
  566. break;
  568. case NEW_DIR_EFS_REQUIRED:
  569. //
  570. // Call service to get new $EFS
  571. //
  573. if (EfsContext->Flags & SYSTEM_IS_READONLY) {
  574. ASSERT(FALSE);
  575. status = STATUS_MEDIA_WRITE_PROTECTED;
  576. if ( OldClientToken ) {
  577. PsDereferenceImpersonationToken(OldClientToken);
  578. }
  579. break;
  580. }
  582. PsImpersonateClient(
  583. PsGetCurrentThread(),
  584. accessToken,
  585. TRUE,
  586. TRUE,
  587. ImpersonationLevel
  588. );
  590. status = GenerateDirEfs(
  591. (PEFS_DATA_STREAM_HEADER) currentEfsStream,
  592. currentEfsStreamLength,
  593. &efsStream,
  594. &bufferBase,
  595. &bufferLength
  596. );
  598. if ( OldClientToken ) {
  599. PsImpersonateClient(
  600. PsGetCurrentThread(),
  601. OldClientToken,
  602. OldCopyOnOpen,
  603. OldEffectiveOnly,
  604. OldImpersonationLevel
  605. );
  606. PsDereferenceImpersonationToken(OldClientToken);
  607. } else {
  608. PsRevertToSelf( );
  609. }
  610. break;
  612. case TURN_ON_BIT_ONLY:
  613. //
  614. // Fall through intended
  615. //
  617. default:
  619. if ( OldClientToken ) {
  620. PsDereferenceImpersonationToken(OldClientToken);
  621. }
  623. break;
  624. }
  627. if ( ProcessNeedAttach ){
  629. KeStackAttachProcess (
  630. EfsData.LsaProcess,
  631. &ApcState
  632. );
  633. ProcessAttached = TRUE;
  635. }
  637. if (fek && (fek->Algorithm == CALG_3DES) && !EfsData.FipsFunctionTable.Fips3Des3Key ) {
  639. //
  640. // User requested 3des but fips is not available, quit.
  641. //
  644. if (bufferBase){
  646. SIZE_T bufferSize;
  648. bufferSize = bufferLength;
  649. ZwFreeVirtualMemory(
  650. CrntProcess,
  651. &bufferBase,
  652. &bufferSize,
  653. MEM_RELEASE
  654. );
  656. }
  657. status = STATUS_ACCESS_DENIED;
  658. }
  660. if ( NT_SUCCESS(status) ){
  662. KEVENT event;
  663. IO_STATUS_BLOCK ioStatus;
  664. PIRP fsCtlIrp;
  665. PIO_STACK_LOCATION fsCtlIrpSp;
  666. ULONG inputDataLength;
  667. ULONG actionType;
  668. ULONG usingCurrentEfs;
  669. ULONG FsCode;
  670. PULONG pUlong;
  672. //
  673. // We got our FEK, $EFS. Set it with a FSCTL
  674. // Prepare the input data buffer first
  675. //
  677. switch ( EfsContext->Status & ACTION_REQUIRED ){
  678. case VERIFY_USER_REQUIRED:
  680. EfsId = ExAllocatePoolWithTag(
  681. PagedPool,
  682. sizeof (GUID),
  683. 'msfE'
  684. );
  686. if ( EfsId ){
  687. RtlCopyMemory(
  688. EfsId,
  689. &(((PEFS_DATA_STREAM_HEADER) currentEfsStream)->EfsId),
  690. sizeof( GUID ) );
  691. }
  693. //
  694. // Free memory first
  695. //
  696. ZwFreeVirtualMemory(
  697. CrntProcess,
  698. &currentEfsStream,
  699. &regionSize,
  700. MEM_RELEASE
  701. );
  703. //
  704. // Prepare input data buffer
  705. //
  707. inputDataLength = EFS_FSCTL_HEADER_LENGTH + 2 * EFS_KEY_SIZE( fek );
  709. actionType = SET_EFS_KEYBLOB;
  711. if ( efsStream && !(EfsContext->Flags & SYSTEM_IS_READONLY)){
  712. //
  713. // $EFS updated
  714. //
  716. inputDataLength += *(ULONG *)efsStream;
  717. actionType |= WRITE_EFS_ATTRIBUTE;
  718. }
  720. currentEfsStream = ExAllocatePoolWithTag(
  721. PagedPool,
  722. inputDataLength,
  723. 'msfE'
  724. );
  726. //
  727. // Deal with out of memory here
  728. //
  729. if ( NULL == currentEfsStream ){
  731. //
  732. // Out of memory
  733. //
  735. status = STATUS_INSUFFICIENT_RESOURCES;
  736. break;
  738. }
  740. pUlong = (ULONG *) currentEfsStream;
  741. *pUlong = ((PFSCTL_INPUT)currentEfsStream)->CipherSubCode
  742. = actionType;
  744. ((PFSCTL_INPUT)currentEfsStream)->EfsFsCode = EFS_SET_ATTRIBUTE;
  746. RtlCopyMemory(
  747. ((PUCHAR) currentEfsStream) + EFS_FSCTL_HEADER_LENGTH,
  748. fek,
  749. EFS_KEY_SIZE( fek )
  750. );
  752. RtlCopyMemory(
  753. ((PUCHAR) currentEfsStream) + EFS_FSCTL_HEADER_LENGTH
  754. + EFS_KEY_SIZE( fek ),
  755. fek,
  756. EFS_KEY_SIZE( fek )
  757. );
  759. if ( efsStream && !(EfsContext->Flags & SYSTEM_IS_READONLY)){
  761. RtlCopyMemory(
  762. ((PUCHAR) currentEfsStream) + EFS_FSCTL_HEADER_LENGTH
  763. + 2 * EFS_KEY_SIZE( fek ),
  764. efsStream,
  765. *(ULONG *)efsStream
  766. );
  768. }
  770. //
  771. // Encrypt our Input data
  772. //
  773. EfsEncryptKeyFsData(
  774. currentEfsStream,
  775. inputDataLength,
  776. sizeof(ULONG),
  777. EFS_FSCTL_HEADER_LENGTH + EFS_KEY_SIZE( fek ),
  778. EFS_KEY_SIZE( fek )
  779. );
  781. break;
  782. case NEW_FILE_EFS_REQUIRED:
  784. EfsId = ExAllocatePoolWithTag(
  785. PagedPool,
  786. sizeof (GUID),
  787. 'msfE'
  788. );
  790. if ( EfsId ){
  791. RtlCopyMemory(
  792. EfsId,
  793. &(efsStream->EfsId),
  794. sizeof( GUID ) );
  795. }
  797. //
  798. // Free memory first
  799. //
  801. if ( currentEfsStream ){
  802. ZwFreeVirtualMemory(
  803. CrntProcess,
  804. &currentEfsStream,
  805. &regionSize,
  806. MEM_RELEASE
  807. );
  808. }
  810. //
  811. // Prepare input data buffer
  812. //
  814. inputDataLength = EFS_FSCTL_HEADER_LENGTH
  815. + 2 * EFS_KEY_SIZE( fek )
  816. + *(ULONG *)efsStream;
  818. currentEfsStream = ExAllocatePoolWithTag(
  819. PagedPool,
  820. inputDataLength,
  821. 'msfE'
  822. );
  824. //
  825. // Deal with out of memory here
  826. //
  827. if ( NULL == currentEfsStream ){
  829. status = STATUS_INSUFFICIENT_RESOURCES;
  830. break;
  832. }
  834. pUlong = (ULONG *) currentEfsStream;
  835. *pUlong = ((PFSCTL_INPUT)currentEfsStream)->CipherSubCode
  836. = WRITE_EFS_ATTRIBUTE | SET_EFS_KEYBLOB;
  838. ((PFSCTL_INPUT)currentEfsStream)->EfsFsCode = EFS_SET_ATTRIBUTE;
  840. RtlCopyMemory(
  841. ((PUCHAR) currentEfsStream) + EFS_FSCTL_HEADER_LENGTH,
  842. fek,
  843. EFS_KEY_SIZE( fek )
  844. );
  846. RtlCopyMemory(
  847. ((PUCHAR) currentEfsStream) + EFS_FSCTL_HEADER_LENGTH
  848. + EFS_KEY_SIZE( fek ),
  849. fek,
  850. EFS_KEY_SIZE( fek )
  851. );
  853. RtlCopyMemory(
  854. ((PUCHAR) currentEfsStream) + EFS_FSCTL_HEADER_LENGTH
  855. + 2 * EFS_KEY_SIZE( fek ) ,
  856. efsStream,
  857. *(ULONG *)efsStream
  858. );
  860. //
  861. // Encrypt our Input data
  862. //
  863. EfsEncryptKeyFsData(
  864. currentEfsStream,
  865. inputDataLength,
  866. sizeof(ULONG),
  867. EFS_FSCTL_HEADER_LENGTH + EFS_KEY_SIZE( fek ),
  868. EFS_KEY_SIZE( fek )
  869. );
  871. break;
  872. case NEW_DIR_EFS_REQUIRED:
  873. //
  874. // Prepare input data buffer
  875. //
  877. inputDataLength = EFS_FSCTL_HEADER_LENGTH
  878. + 2 * ( sizeof( EFS_KEY ) + DES_KEYSIZE );
  880. if ( NULL == efsStream ){
  882. //
  883. // New directory will inherit the parent $EFS
  884. //
  886. usingCurrentEfs = TRUE;
  887. inputDataLength += currentEfsStreamLength;
  888. efsStream = currentEfsStream;
  890. } else {
  892. //
  893. // New $EFS generated. Not in ver 1.0
  894. //
  896. usingCurrentEfs = FALSE;
  897. inputDataLength += *(ULONG *)efsStream;
  899. //
  900. // Free memory first
  901. //
  903. if (currentEfsStream){
  904. ZwFreeVirtualMemory(
  905. CrntProcess,
  906. &currentEfsStream,
  907. &regionSize,
  908. MEM_RELEASE
  909. );
  910. }
  912. }
  914. currentEfsStream = ExAllocatePoolWithTag(
  915. PagedPool,
  916. inputDataLength,
  917. 'msfE'
  918. );
  920. //
  921. // Deal with out of memory here
  922. //
  923. if ( NULL == currentEfsStream ){
  925. status = STATUS_INSUFFICIENT_RESOURCES;
  926. break;
  928. }
  930. pUlong = (ULONG *) currentEfsStream;
  931. *pUlong = ((PFSCTL_INPUT)currentEfsStream)->CipherSubCode
  932. = WRITE_EFS_ATTRIBUTE;
  934. ((PFSCTL_INPUT)currentEfsStream)->EfsFsCode = EFS_SET_ATTRIBUTE;
  936. //
  937. // Make up an false FEK with session key
  938. //
  940. ((PEFS_KEY)&(((PFSCTL_INPUT)currentEfsStream)->EfsFsData[0]))->KeyLength
  941. = DES_KEYSIZE;
  943. ((PEFS_KEY)&(((PFSCTL_INPUT)currentEfsStream)->EfsFsData[0]))->Algorithm
  944. = CALG_DES;
  946. RtlCopyMemory(
  947. ((PUCHAR) currentEfsStream) + EFS_FSCTL_HEADER_LENGTH + sizeof ( EFS_KEY ),
  948. &(EfsData.SessionKey),
  949. DES_KEYSIZE
  950. );
  952. RtlCopyMemory(
  953. ((PUCHAR) currentEfsStream) + EFS_FSCTL_HEADER_LENGTH
  954. + DES_KEYSIZE + sizeof ( EFS_KEY ) ,
  955. ((PUCHAR) currentEfsStream) + EFS_FSCTL_HEADER_LENGTH,
  956. DES_KEYSIZE + sizeof ( EFS_KEY )
  957. );
  959. RtlCopyMemory(
  960. ((PUCHAR) currentEfsStream) + EFS_FSCTL_HEADER_LENGTH
  961. + 2 * ( sizeof ( EFS_KEY ) + DES_KEYSIZE) ,
  962. efsStream,
  963. *(ULONG *)efsStream
  964. );
  966. if ( usingCurrentEfs && efsStream ) {
  968. //
  969. // Free memory
  970. //
  972. ZwFreeVirtualMemory(
  973. CrntProcess,
  974. &efsStream,
  975. &regionSize,
  976. MEM_RELEASE
  977. );
  979. }
  981. //
  982. // Encrypt our Input data
  983. //
  984. EfsEncryptKeyFsData(
  985. currentEfsStream,
  986. inputDataLength,
  987. sizeof(ULONG),
  988. EFS_FSCTL_HEADER_LENGTH + DES_KEYSIZE + sizeof ( EFS_KEY ),
  989. DES_KEYSIZE + sizeof ( EFS_KEY )
  990. );
  992. break;
  994. case TURN_ON_BIT_ONLY:
  996. //
  997. // Prepare input data buffer
  998. //
  1000. inputDataLength = EFS_FSCTL_HEADER_LENGTH
  1001. + 2 * ( sizeof( EFS_KEY ) + DES_KEYSIZE );
  1003. currentEfsStream = ExAllocatePoolWithTag(
  1004. PagedPool,
  1005. inputDataLength,
  1006. 'msfE'
  1007. );
  1009. //
  1010. // Deal with out of memory here
  1011. //
  1012. if ( NULL == currentEfsStream ){
  1014. status = STATUS_INSUFFICIENT_RESOURCES;
  1015. break;
  1017. }
  1019. ((PFSCTL_INPUT)currentEfsStream)->CipherSubCode = 0;
  1020. ((PFSCTL_INPUT)currentEfsStream)->EfsFsCode = EFS_SET_ATTRIBUTE;
  1022. //
  1023. // Make up an false FEK with session key
  1024. //
  1026. ((PEFS_KEY)&(((PFSCTL_INPUT)currentEfsStream)->EfsFsData[0]))->KeyLength
  1027. = DES_KEYSIZE;
  1029. ((PEFS_KEY)&(((PFSCTL_INPUT)currentEfsStream)->EfsFsData[0]))->Algorithm
  1030. = CALG_DES;
  1032. RtlCopyMemory(
  1033. ((PUCHAR) currentEfsStream) + EFS_FSCTL_HEADER_LENGTH + sizeof ( EFS_KEY ),
  1034. &(EfsData.SessionKey),
  1035. DES_KEYSIZE
  1036. );
  1038. RtlCopyMemory(
  1039. ((PUCHAR) currentEfsStream) + EFS_FSCTL_HEADER_LENGTH
  1040. + DES_KEYSIZE + sizeof ( EFS_KEY ) ,
  1041. ((PUCHAR) currentEfsStream) + EFS_FSCTL_HEADER_LENGTH,
  1042. DES_KEYSIZE + sizeof ( EFS_KEY )
  1043. );
  1045. //
  1046. // Encrypt our Input data
  1047. //
  1048. EfsEncryptKeyFsData(
  1049. currentEfsStream,
  1050. inputDataLength,
  1051. sizeof(ULONG),
  1052. EFS_FSCTL_HEADER_LENGTH + DES_KEYSIZE + sizeof ( EFS_KEY ),
  1053. DES_KEYSIZE + sizeof ( EFS_KEY )
  1054. );
  1056. default:
  1057. break;
  1058. }
  1060. //
  1061. // Free the memory from the EFS server
  1062. //
  1064. if (bufferBase){
  1066. SIZE_T bufferSize;
  1068. bufferSize = bufferLength;
  1069. ZwFreeVirtualMemory(
  1070. CrntProcess,
  1071. &bufferBase,
  1072. &bufferSize,
  1073. MEM_RELEASE
  1074. );
  1076. }
  1078. if (ProcessAttached){
  1079. KeUnstackDetachProcess(&ApcState);
  1080. ObDereferenceObject(EfsData.LsaProcess);
  1081. ProcessAttached = FALSE;
  1082. }
  1084. if ( NT_SUCCESS(status) ){
  1087. //
  1088. // Prepare a FSCTL IRP
  1089. //
  1090. KeInitializeEvent( &event, SynchronizationEvent, FALSE);
  1092. if ( EfsContext->Status & TURN_ON_ENCRYPTION_BIT ) {
  1093. FsCode = FSCTL_SET_ENCRYPTION;
  1094. *(ULONG *) currentEfsStream = EFS_ENCRYPT_STREAM;
  1095. } else {
  1096. FsCode = FSCTL_ENCRYPTION_FSCTL_IO;
  1097. }
  1099. fsCtlIrp = IoBuildDeviceIoControlRequest( FsCode,
  1100. DeviceObject,
  1101. currentEfsStream,
  1102. inputDataLength,
  1103. NULL,
  1104. 0,
  1105. FALSE,
  1106. &event,
  1107. &ioStatus
  1108. );
  1109. if ( fsCtlIrp ) {
  1111. fsCtlIrpSp = IoGetNextIrpStackLocation( fsCtlIrp );
  1112. fsCtlIrpSp->MajorFunction = IRP_MJ_FILE_SYSTEM_CONTROL;
  1113. fsCtlIrpSp->MinorFunction = IRP_MN_USER_FS_REQUEST;
  1114. fsCtlIrpSp->FileObject = irpSp->FileObject;
  1116. status = IoCallDriver( DeviceObject, fsCtlIrp);
  1117. if (status == STATUS_PENDING) {
  1119. status = KeWaitForSingleObject( &event,
  1120. Executive,
  1121. KernelMode,
  1122. FALSE,
  1123. (PLARGE_INTEGER) NULL );
  1124. status = ioStatus.Status;
  1125. }
  1127. if ( !NT_SUCCESS(status) ){
  1128. //
  1129. // Write EFS and set Key Blob failed. Failed the create
  1130. //
  1132. status = STATUS_ACCESS_DENIED;
  1134. } else {
  1136. //
  1137. // Refresh the cache
  1138. //
  1140. if ( EfsId ){
  1141. if ( !accessToken ){
  1143. if ( irpSp->Parameters.Create.SecurityContext->AccessState->SubjectSecurityContext.ClientToken ){
  1144. accessToken = irpSp->Parameters.Create.SecurityContext->AccessState->SubjectSecurityContext.ClientToken;
  1145. } else {
  1146. accessToken = irpSp->Parameters.Create.SecurityContext->AccessState->SubjectSecurityContext.PrimaryToken;
  1147. }
  1149. if ( accessToken ){
  1151. //
  1152. // Get User ID
  1153. //
  1155. status = SeQueryInformationToken(
  1156. accessToken,
  1157. TokenUser,
  1158. &UserId
  1159. );
  1160. }
  1161. }
  1163. if (UserId && NT_SUCCESS(status)){
  1165. status = EfsRefreshCache(
  1166. EfsId,
  1167. UserId
  1168. );
  1170. if (NT_SUCCESS(status)){
  1172. //
  1173. // Cache set successfully.
  1174. // UserId should not be deleted in this routine.
  1175. //
  1177. UserId = NULL;
  1178. }
  1179. }
  1181. //
  1182. // Cache should not affect the normal operations
  1183. //
  1185. status = STATUS_SUCCESS;
  1186. }
  1187. }
  1188. } else {
  1189. //
  1190. // Failed allocate IRP
  1191. //
  1193. status = STATUS_INSUFFICIENT_RESOURCES;
  1195. }
  1197. ExFreePool( currentEfsStream );
  1199. } else {
  1201. //
  1202. // Failed allocating memory for currentEfsStream
  1203. // Use the status returned.
  1204. //
  1206. }
  1207. } else {
  1208. //
  1209. // Failed on calling EFS server.
  1210. // Because of the down level support, we cannot return the new error status code.
  1211. //
  1213. status = STATUS_ACCESS_DENIED;
  1215. ZwFreeVirtualMemory(
  1216. CrntProcess,
  1217. &currentEfsStream,
  1218. &regionSize,
  1219. MEM_RELEASE
  1220. );
  1222. if (ProcessAttached){
  1223. KeUnstackDetachProcess(&ApcState);
  1224. ObDereferenceObject(EfsData.LsaProcess);
  1225. ProcessAttached = FALSE;
  1226. }
  1228. }
  1230. } else {
  1231. //
  1232. // Allocate virtual memory failed. Use the status returned.
  1233. //
  1235. if (ProcessAttached){
  1236. KeUnstackDetachProcess(&ApcState);
  1237. ObDereferenceObject(EfsData.LsaProcess);
  1238. ProcessAttached = FALSE;
  1239. }
  1241. }
  1243. if ( UserId ){
  1245. ExFreePool( UserId );
  1247. }
  1249. if ( EfsId ){
  1251. ExFreePool( EfsId );
  1253. }
  1255. return status;
  1257. }