|
|
/*
Copyright (c) 2000-2001 Microsoft Corporation
Module Name:
extattr.cpp
Abstract:
Get's additional file attributes beyond what you get with FindFirstFile/FindNextFile.
Author:
Stefan R. Steiner [ssteiner] 02-27-2000
Revision History:
--*/
#include "stdafx.h"
#include <ntioapi.h>
#include <aclapi.h>
#include <sddl.h>
#include "direntrs.h"
#include "extattr.h"
#include "hardlink.h"
#define READ_BUF_SIZE ( 1024 * 1024 )
#define FSD_SHARE_MODE ( FILE_SHARE_READ | FILE_SHARE_WRITE | FILE_SHARE_DELETE )
#define FSD_MS_HSM_REPARSE_TAG 0xC0000004
static VOIDeaGetSecurityInfo( IN CDumpParameters *pcParams, IN const CBsString &cwsFileName, OUT SFileExtendedInfo *psExtendedInfo );
static VOIDeaGetFileInformationByHandle( IN CDumpParameters *pcParams, IN const CBsString &cwsFileName, IN OUT SDirectoryEntry *psDirEntry, OUT SFileExtendedInfo *psExtendedInfo );
static VOIDeaGetAlternateStreamInfo( IN CDumpParameters *pcParams, IN const CBsString &cwsFileName, OUT SFileExtendedInfo *psExtendedInfo );
static VOIDeaGetReparsePointInfo( IN CDumpParameters *pcParams, IN const CBsString &cwsFileName, IN OUT ULONGLONG *pullBytesChecksummed, IN OUT SDirectoryEntry *psDirEntry, OUT SFileExtendedInfo *psExtendedInfo );
static BOOLeaChecksumRawEncryptedData( IN CDumpParameters *pcParams, IN const CBsString& cwsFileName, IN OUT SFileExtendedInfo *psExtendedInfo );
static BOOLeaChecksumStream( IN const CBsString& cwsStreamPath, IN OUT ULONGLONG *pullBytesChecksummed, IN OUT DWORD *pdwRunningCheckSum );
static DWORDeaChecksumBlock( IN DWORD dwRunningChecksum, IN LPBYTE pBuffer, IN DWORD dwBufSize );
static VOIDeaConvertUserSidToString ( IN CDumpParameters *pcParams, IN PSID pSid, OUT CBsString *pcwsSid );
static VOIDeaConvertGroupSidToString ( IN CDumpParameters *pcParams, IN PSID pSid, OUT CBsString *pcwsSid );
static VOIDeaConvertSidToString ( IN CDumpParameters *pcParams, IN PSID pSid, OUT CBsString *pcwsSid );
static DWORDeaChecksumHSMReparsePoint( IN CDumpParameters *pcParams, IN PREPARSE_DATA_BUFFER pReparseData, IN DWORD dwTotalSize // Size of reparse point data
);
static VOIDeaGetObjectIdInfo( IN CDumpParameters *pcParams, IN const CBsString &cwsFileName, IN OUT ULONGLONG *pullBytesChecksummed, IN OUT SDirectoryEntry *psDirEntry, IN OUT SFileExtendedInfo *psExtendedInfo );
/*++
Routine Description:
Performs all of the checksums, and retrieves the security info for one file.
Arguments:
Return Value:
--*/VOIDGetExtendedFileInfo( IN CDumpParameters *pcParams, IN CFsdVolumeState *pcFsdVolState, IN const CBsString& cwsDirPath, IN BOOL bSingleEntryOutput, IN OUT SDirectoryEntry *psDirEntry, OUT SFileExtendedInfo *psExtendedInfo ){ CBsString cwsFullPath( cwsDirPath );
//
// If we are dumping an individual file's data, cwsDirPath has the complete
// path to the file, otherwise glue the filename from the find data structure
// to the path.
//
if ( !bSingleEntryOutput ) { cwsFullPath += psDirEntry->GetFileName(); }
//
// Get the information that retrieved from GetFileInformationByHandle
//
::eaGetFileInformationByHandle( pcParams, cwsFullPath, psDirEntry, psExtendedInfo );
if ( psExtendedInfo->lNumberOfLinks > 1 && pcParams->m_eFsDumpType != eFsDumpFile ) { if ( pcFsdVolState->IsHardLinkInList( psExtendedInfo->ullFileIndex, cwsDirPath, psDirEntry->GetFileName(), &psDirEntry->m_sFindData, psExtendedInfo ) ) { //
// Found the link in the list, return with the previous link's information, except
// zero out the number of bytes checksummed so that total counts remain accurate.
//
psExtendedInfo->ullTotalBytesChecksummed = 0; psExtendedInfo->ullTotalBytesNamedDataStream = 0; return; } }
//
// Get the security information.
//
::eaGetSecurityInfo( pcParams, cwsFullPath, psExtendedInfo );
eaGetObjectIdInfo( pcParams, cwsFullPath, &psExtendedInfo->ullTotalBytesChecksummed, psDirEntry, psExtendedInfo );
//
// Get the reparse point information if necessary
//
if ( psDirEntry->m_sFindData.dwFileAttributes & FILE_ATTRIBUTE_REPARSE_POINT ) ::eaGetReparsePointInfo( pcParams, cwsFullPath, &psExtendedInfo->ullTotalBytesChecksummed, psDirEntry, psExtendedInfo );
//
// Get the raw encryption data checksum if necessary
//
if ( !pcParams->m_bNoChecksums && psDirEntry->m_sFindData.dwFileAttributes & FILE_ATTRIBUTE_ENCRYPTED && !( psDirEntry->m_sFindData.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY ) ) ::eaChecksumRawEncryptedData( pcParams, cwsFullPath, psExtendedInfo );
//
// Checksum the unnamed datastream if this is not a directory
//
if ( !pcParams->m_bNoChecksums && !( psDirEntry->m_sFindData.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY ) ) { DWORD dwChecksum = 0; ULONGLONG ullFileSize = ( ( ULONGLONG )( psDirEntry->m_sFindData.nFileSizeHigh ) << 32 ) + psDirEntry->m_sFindData.nFileSizeLow;
if ( ullFileSize == 0 ) { //
// In this case the default value for checksum of -------- is correct.
//
} else if ( psDirEntry->m_sFindData.dwFileAttributes & FILE_ATTRIBUTE_OFFLINE && pcParams->m_bDontChecksumHighLatencyData ) { psExtendedInfo->cwsUnnamedStreamChecksum = L"HighLtcy"; } else if ( ::eaChecksumStream( cwsFullPath, &psExtendedInfo->ullTotalBytesChecksummed, &dwChecksum ) ) { psExtendedInfo->cwsUnnamedStreamChecksum.Format( pcParams->m_pwszULongHexFmt, dwChecksum ); } else { psExtendedInfo->cwsUnnamedStreamChecksum.Format( L"<%6d>", ::GetLastError() ); } }
//
// Get info on and checksum the named data streams
//
::eaGetAlternateStreamInfo( pcParams, cwsFullPath, psExtendedInfo );
//
// If this file is multiply linked, add it to the hard-link file list
//
if ( psExtendedInfo->lNumberOfLinks > 1 && pcParams->m_eFsDumpType != eFsDumpFile ) { pcFsdVolState->AddHardLinkToList( psExtendedInfo->ullFileIndex, cwsDirPath, psDirEntry->GetFileName(), &psDirEntry->m_sFindData, psExtendedInfo ); }}
/*++
Routine Description:
Gets the security information for a file
Arguments:
Return Value:
--*/static VOIDeaGetSecurityInfo( IN CDumpParameters *pcParams, IN const CBsString &cwsFileName, OUT SFileExtendedInfo *psExtendedInfo ){ //
// Now get the security information
//
PACL psDacl = NULL, psSacl = NULL; PSID pOwnerSid = NULL, pGroupSid = NULL; DWORD dwRet; DWORD dwSaclErrorRetCode = ERROR_SUCCESS;
PSECURITY_DESCRIPTOR pDesc = NULL;
try { dwRet = ::GetNamedSecurityInfoW( ( LPWSTR )cwsFileName.c_str(), // strange API, should ask for const
SE_FILE_OBJECT, DACL_SECURITY_INFORMATION | SACL_SECURITY_INFORMATION | OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION, &pOwnerSid, &pGroupSid, &psDacl, &psSacl, &pDesc );
//
// If it didn't work, try again without the Sacl information
//
if ( dwRet != ERROR_SUCCESS ) { dwSaclErrorRetCode = dwRet; psSacl = NULL; dwRet = ::GetNamedSecurityInfoW( ( LPWSTR )cwsFileName.c_str(), // strange API, should ask for const
SE_FILE_OBJECT, DACL_SECURITY_INFORMATION | OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION, &pOwnerSid, &pGroupSid, &psDacl, NULL, &pDesc ); }
#if 0
//
// Test code to find security API problem
//
pDesc = ::LocalAlloc( LMEM_FIXED, 4096 ); DWORD dwLengthNeeded; dwRet = ERROR_SUCCESS;
if ( !::GetFileSecurityW( cwsFileName,// DACL_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION | OWNER_SECURITY_INFORMATION,
DACL_SECURITY_INFORMATION, // | GROUP_SECURITY_INFORMATION | OWNER_SECURITY_INFORMATION,
pDesc, 4096, &dwLengthNeeded ) ) dwRet = ::GetLastError();if ( dwRet == ERROR_SUCCESS ) wprintf( L"Got security descripter for '%s'\n", cwsFileName.c_str() );else wprintf( L"Error getting descripter for '%s', dwRet: %d\n", cwsFileName.c_str(), dwRet );#endif
if ( dwRet == ERROR_SUCCESS ) { if ( pDesc && pcParams->m_bEnableSDCtrlWordDump ) { SECURITY_DESCRIPTOR_CONTROL sdc; DWORD dwDescRevision; if ( ::GetSecurityDescriptorControl( pDesc, &sdc, &dwDescRevision ) ) psExtendedInfo->wSecurityDescriptorControl = ( WORD )( sdc & ~SE_SELF_RELATIVE ); else psExtendedInfo->wSecurityDescriptorControl = -1; } else psExtendedInfo->wSecurityDescriptorControl = -1;
if ( psDacl ) { psExtendedInfo->lNumDACEs = 0; psExtendedInfo->wDACLSize = 0; //
// Checksum the DACL data if necessary.
// n.b. We only take into account ACEs that are inherited.
//
if ( psDacl->AclSize > 0 ) { DWORD dwChecksum = 0; //
// The first ACE is right after the ACL header
//
PACE_HEADER pAceHeader = ( PACE_HEADER )( psDacl + 1 ); for ( USHORT aceNum = 0; aceNum < psDacl->AceCount; ++aceNum ) { //
// Skip if an inherited ACE
//
if ( !( pAceHeader->AceFlags & INHERITED_ACE ) ) { dwChecksum += ::eaChecksumBlock( dwChecksum, ( LPBYTE )pAceHeader, pAceHeader->AceSize ); ++psExtendedInfo->lNumDACEs; psExtendedInfo->wDACLSize += pAceHeader->AceSize; if ( pcParams->m_bPrintDebugInfo ) wprintf( L"\t%d: f: %04x, t: %04x, s: %u\n", aceNum, pAceHeader->AceFlags, pAceHeader->AceType, pAceHeader->AceSize ); } pAceHeader = ( PACE_HEADER )( ( ( LPBYTE )pAceHeader ) + pAceHeader->AceSize ); } if ( psExtendedInfo->wDACLSize > 0 ) { psExtendedInfo->cwsDACLChecksum.Format( pcParams->m_pwszULongHexFmt, dwChecksum ); psExtendedInfo->ullTotalBytesChecksummed += psExtendedInfo->wDACLSize; } } } else psExtendedInfo->lNumDACEs = 0; // probably FAT or CDROM fs
if ( psSacl ) { psExtendedInfo->lNumSACEs = 0; psExtendedInfo->wSACLSize = 0;
//
// Checksum the SACL data if necessary
// n.b. We only take into account ACEs that are inherited.
//
if ( psSacl->AclSize > 0 ) { DWORD dwChecksum = 0; //
// The first ACE is right after the ACL header
//
PACE_HEADER pAceHeader = ( PACE_HEADER )( psSacl + 1 ); for ( USHORT aceNum = 0; aceNum < psSacl->AceCount; ++aceNum ) { //
// Skip if an inherited ACE
//
if ( !( pAceHeader->AceFlags & INHERITED_ACE ) ) { dwChecksum += ::eaChecksumBlock( dwChecksum, ( LPBYTE )pAceHeader, pAceHeader->AceSize ); ++psExtendedInfo->lNumSACEs; psExtendedInfo->wSACLSize += pAceHeader->AceSize; if ( pcParams->m_bPrintDebugInfo ) wprintf( L"\ts%d: f: %04x, t: %04x, s: %u\n", aceNum, ( DWORD)( pAceHeader->AceFlags ), pAceHeader->AceType, (DWORD)( pAceHeader->AceSize ) ); } pAceHeader = ( PACE_HEADER )( ( ( LPBYTE )pAceHeader ) + pAceHeader->AceSize ); } if ( psExtendedInfo->wSACLSize > 0 ) { psExtendedInfo->cwsSACLChecksum.Format( pcParams->m_pwszULongHexFmt, dwChecksum ); psExtendedInfo->ullTotalBytesChecksummed += psExtendedInfo->wSACLSize; } } } else if ( dwSaclErrorRetCode != ERROR_SUCCESS ) { psExtendedInfo->lNumSACEs = -1; psExtendedInfo->wSACLSize = -1; psExtendedInfo->cwsSACLChecksum.Format( L"<%6d>", dwSaclErrorRetCode ); } else psExtendedInfo->lNumSACEs = 0; // none
eaConvertUserSidToString( pcParams, pOwnerSid, &psExtendedInfo->cwsOwnerSid ); eaConvertGroupSidToString( pcParams, pGroupSid, &psExtendedInfo->cwsGroupSid );
::LocalFree( pDesc ); } else { //
// Error getting security information
//
psExtendedInfo->lNumDACEs = -1; psExtendedInfo->lNumSACEs = -1; psExtendedInfo->wDACLSize = -1; psExtendedInfo->wSACLSize = -1; psExtendedInfo->cwsDACLChecksum.Format( L"<%6d>", dwRet ); psExtendedInfo->cwsSACLChecksum.Format( L"<%6d>", dwRet ); psExtendedInfo->cwsOwnerSid.Format( L"<%6d>", dwRet ); psExtendedInfo->cwsGroupSid.Format( L"<%6d>", dwRet ); } } catch( ... ) { psExtendedInfo->lNumDACEs = -1; psExtendedInfo->lNumSACEs = -1; psExtendedInfo->wDACLSize = -1; psExtendedInfo->wSACLSize = -1; psExtendedInfo->cwsOwnerSid.Format( L"<%6d>", ::GetLastError() ); psExtendedInfo->cwsGroupSid.Format( L"<%6d>", ::GetLastError() ); }}
static VOIDeaGetFileInformationByHandle( IN CDumpParameters *pcParams, IN const CBsString &cwsFileName, IN OUT SDirectoryEntry *psDirEntry, OUT SFileExtendedInfo *psExtendedInfo ){ HANDLE hFile;
//
// Note that while we do have to open the file, not even read access is needed
//
hFile = ::CreateFileW( cwsFileName, 0, FSD_SHARE_MODE, NULL, OPEN_EXISTING, FILE_FLAG_BACKUP_SEMANTICS, NULL ); if ( hFile == INVALID_HANDLE_VALUE ) { psExtendedInfo->lNumberOfLinks = -1; return; }
//
// Now get the additional attributes
//
BY_HANDLE_FILE_INFORMATION sFileInfo; if ( ::GetFileInformationByHandle( hFile, &sFileInfo ) ) { psExtendedInfo->lNumberOfLinks = ( LONG )sFileInfo.nNumberOfLinks; psExtendedInfo->ullFileIndex = ( ( ULONGLONG )sFileInfo.nFileIndexHigh << 32 ) + sFileInfo.nFileIndexLow; if ( psExtendedInfo->lNumberOfLinks > 1 || psDirEntry->m_sFindData.ftLastWriteTime.dwLowDateTime == 0 ) { //
// Expect that the FindFirst/NextFile dir entry is stale or non-existant. Use information
// from this call.
//
psDirEntry->m_sFindData.dwFileAttributes = sFileInfo.dwFileAttributes; psDirEntry->m_sFindData.ftCreationTime = sFileInfo.ftCreationTime; psDirEntry->m_sFindData.ftLastAccessTime = sFileInfo.ftLastAccessTime; psDirEntry->m_sFindData.ftLastWriteTime = sFileInfo.ftLastWriteTime; psDirEntry->m_sFindData.nFileSizeHigh = sFileInfo.nFileSizeHigh; psDirEntry->m_sFindData.nFileSizeLow = sFileInfo.nFileSizeLow; } } else psExtendedInfo->lNumberOfLinks = -1;
::CloseHandle( hFile );}
static VOIDeaGetAlternateStreamInfo( IN CDumpParameters *pcParams, IN const CBsString &cwsFileName, OUT SFileExtendedInfo *psExtendedInfo ){ NTSTATUS Status; HANDLE hFile;
//
// Note that while we do have to open the file, not even read access is needed
//
hFile = CreateFileW( cwsFileName, FILE_GENERIC_READ, // | ACCESS_SYSTEM_SECURITY,
FSD_SHARE_MODE, NULL, OPEN_EXISTING, FILE_FLAG_BACKUP_SEMANTICS, NULL ); if ( hFile == INVALID_HANDLE_VALUE ) { psExtendedInfo->lNumNamedDataStreams = -1; psExtendedInfo->lNumPropertyStreams = -1; psExtendedInfo->cwsNamedDataStreamChecksum.Format( L"<%6d>", ::GetLastError() ); return; }
//
// Loop until we read the file information
//
LPBYTE pBuffer = NULL; ULONG ulBuffSize = 1024; IO_STATUS_BLOCK iosb; static const WCHAR * const pwszDefaultStreamName = L"::$DATA"; static const ULONG ulDefaultStreamNameLength = 7;
while ( TRUE ) { pBuffer = new BYTE[ ulBuffSize ]; if ( pBuffer == NULL ) throw E_OUTOFMEMORY;
Status = ::NtQueryInformationFile( hFile, &iosb, pBuffer, ulBuffSize, FileStreamInformation ); //
// If we succeeded in getting data, when have the data so party on and get out of
// the loop
//
if ( NT_SUCCESS( Status ) && iosb.Information != 0 ) { break; }
//
// If the error isn't overflow, get out
//
if ( Status != STATUS_BUFFER_OVERFLOW && Status != STATUS_BUFFER_TOO_SMALL ) { //
// NOTE: If status is successful, we didn't get any data but it's not
// an error. Happens a lot with directories since they don't have a default
// unnamed stream.
//
if ( !NT_SUCCESS( Status ) ) { //
// Another kind of error
// BUGBUG: if not NTFS, C000000D occurs. Should not try this on
// a non-NTFS volume
//psExtendedInfo->lNumNamedDataStreams = -1;
//psExtendedInfo->dwNamedDataStreamChecksum = ::GetLastError();
//psExtendedInfo->bNamedDataStreamHadError = TRUE;
} delete [] pBuffer; ::CloseHandle( hFile ); return; }
//
// Increase the size of the buffer
//
ulBuffSize <<= 1; // double it each try
delete [] pBuffer; pBuffer = NULL; }
//
// If we are here, we have a valid FileStreamInformation buffer
//
::CloseHandle( hFile );
PFILE_STREAM_INFORMATION pFSI; pFSI = ( PFILE_STREAM_INFORMATION ) pBuffer;
BOOL bHadError = FALSE; DWORD dwChecksum = 0;
//
// Now loop through the named streams.
//
while ( TRUE ) { if ( pFSI->StreamNameLength != sizeof( WCHAR ) * ulDefaultStreamNameLength || wcsncmp( pFSI->StreamName, pwszDefaultStreamName, ulDefaultStreamNameLength ) != 0 ) { LPWSTR pwszDataStr;
pwszDataStr = ::wcsstr( pFSI->StreamName, L":$DATA" ); if ( pwszDataStr != NULL ) { pwszDataStr[0] = L'\0'; // Strip off the :$DATA off of name
++psExtendedInfo->lNumNamedDataStreams;// wprintf( L" %8I64u '%-*.*s' : %d\n", pFSI->StreamSize, pFSI->StreamNameLength / 2,
// pFSI->StreamNameLength / 2, pFSI->StreamName, pFSI->StreamNameLength );
psExtendedInfo->ullTotalBytesNamedDataStream += ( ULONGLONG )pFSI->StreamSize.QuadPart;
if ( !pcParams->m_bNoChecksums && !bHadError ) { //
// Put into the checksum the name of the stream
//
dwChecksum = ::eaChecksumBlock( dwChecksum, ( LPBYTE )pFSI->StreamName, ::wcslen( pFSI->StreamName ) * sizeof WCHAR ); //
// Now checksum the data in the stream
//
if ( ::eaChecksumStream( cwsFileName + pFSI->StreamName, &psExtendedInfo->ullTotalBytesChecksummed, &dwChecksum ) ) { psExtendedInfo->cwsNamedDataStreamChecksum.Format( pcParams->m_pwszULongHexFmt, dwChecksum ); } else { psExtendedInfo->cwsNamedDataStreamChecksum.Format( L"<%6d>", ::GetLastError() ); bHadError = TRUE; } } } else { //
// Not an named data stream, probably a property stream
// BUGBUG: need to verify that this is a property stream
//
++psExtendedInfo->lNumPropertyStreams; } }
if ( pFSI->NextEntryOffset == 0 ) break; pFSI = ( PFILE_STREAM_INFORMATION )( pFSI->NextEntryOffset + ( PBYTE ) pFSI ); }
if ( !bHadError && !pcParams->m_bNoChecksums && psExtendedInfo->lNumNamedDataStreams > 0 ) { psExtendedInfo->cwsNamedDataStreamChecksum.Format( pcParams->m_pwszULongHexFmt, dwChecksum ); }
if ( pBuffer != NULL ) delete [] pBuffer;
}
static VOIDeaGetReparsePointInfo( IN CDumpParameters *pcParams, IN const CBsString &cwsFileName, IN OUT ULONGLONG *pullBytesChecksummed, IN OUT SDirectoryEntry *psDirEntry, IN OUT SFileExtendedInfo *psExtendedInfo ){ HANDLE hFile = INVALID_HANDLE_VALUE; BOOL bRet = TRUE; LPBYTE pReadBuffer = NULL; DWORD dwChecksum = 0;
try { //
// Now get the reparse point data buffer
//
pReadBuffer = ( LPBYTE )::VirtualAlloc( NULL, MAXIMUM_REPARSE_DATA_BUFFER_SIZE, MEM_COMMIT, PAGE_READWRITE ); if ( pReadBuffer == NULL ) { bRet = FALSE; goto EXIT; }
//
// Open the file in order to read reparse point data
//
hFile = ::CreateFileW( cwsFileName, GENERIC_READ, FSD_SHARE_MODE, NULL, OPEN_EXISTING, FILE_FLAG_OPEN_REPARSE_POINT | FILE_FLAG_BACKUP_SEMANTICS, NULL ); if ( hFile == INVALID_HANDLE_VALUE ) { bRet = FALSE; goto EXIT; }
//
// Now get the reparse point data
//
DWORD dwBytesReturned; if ( !::DeviceIoControl( hFile, FSCTL_GET_REPARSE_POINT, NULL, // lpInBuffer; must be NULL
0, // nInBufferSize; must be zero
( LPVOID )pReadBuffer, // pointer to output buffer
MAXIMUM_REPARSE_DATA_BUFFER_SIZE, // size of output buffer
&dwBytesReturned, // receives number of bytes returned
NULL // pointer to OVERLAPPED structure
) ) { bRet = FALSE; goto EXIT; }
PREPARSE_DATA_BUFFER pReparseData; pReparseData = ( PREPARSE_DATA_BUFFER )pReadBuffer ; psExtendedInfo->ulReparsePointTag = pReparseData->ReparseTag; psExtendedInfo->wReparsePointDataSize = ( WORD )dwBytesReturned;
if ( !pcParams->m_bNoSpecialReparsePointProcessing && psExtendedInfo->ulReparsePointTag == FSD_MS_HSM_REPARSE_TAG ) { //
// To make sure that dumps don't get many miscompares we
// need to tweak the attributes. Raid #153050
//
if ( pcParams->m_bDontChecksumHighLatencyData ) { //
// Need to always make this file look like it is offline.
// In this case, we need to always enable the FILE_ATTRIBUTE_OFFLINE
// flag.
//
psDirEntry->m_sFindData.dwFileAttributes |= FILE_ATTRIBUTE_OFFLINE; } else { //
// Need to always make this file look like it is cached.
// In this case, we need to always disable the FILE_ATTRIBUTE_OFFLINE
// flag.
//
psDirEntry->m_sFindData.dwFileAttributes &= ~FILE_ATTRIBUTE_OFFLINE; }
//
// Call a special HSM checksum function which filters out certain
// dynamic fields before checksumming the data.
//
dwChecksum = eaChecksumHSMReparsePoint( pcParams, pReparseData, dwBytesReturned ); } else { //
// Now checksum all of the reparse point data
//
dwChecksum = ::eaChecksumBlock( 0, pReadBuffer, dwBytesReturned ); }
psExtendedInfo->cwsReparsePointDataChecksum.Format( pcParams->m_pwszULongHexFmt, dwChecksum );
*pullBytesChecksummed += dwBytesReturned; } catch( ... ) { bRet = FALSE; }EXIT:
if ( pReadBuffer != NULL ) ::VirtualFree( pReadBuffer, 0, MEM_RELEASE );
if ( hFile != INVALID_HANDLE_VALUE ) ::CloseHandle( hFile );
if ( bRet == FALSE ) psExtendedInfo->cwsReparsePointDataChecksum.Format( L"<%6d>", ::GetLastError() );}
static BOOLeaChecksumStream( IN const CBsString& cwsStreamPath, IN OUT ULONGLONG *pullBytesChecksummed, IN OUT DWORD *pdwRunningCheckSum ){ LPBYTE pReadBuffer; BOOL bRet = TRUE;
pReadBuffer = ( LPBYTE )::VirtualAlloc( NULL, READ_BUF_SIZE, MEM_COMMIT, PAGE_READWRITE ); if ( pReadBuffer == NULL ) return FALSE;
//
// Open file with NO_BUFFERING.
//
HANDLE hFile = INVALID_HANDLE_VALUE; try { hFile = ::CreateFileW( cwsStreamPath, GENERIC_READ, FSD_SHARE_MODE, NULL, OPEN_EXISTING, FILE_FLAG_NO_BUFFERING | FILE_FLAG_BACKUP_SEMANTICS | FILE_FLAG_OPEN_NO_RECALL | FILE_FLAG_SEQUENTIAL_SCAN, NULL ); if ( hFile == INVALID_HANDLE_VALUE ) { bRet = FALSE; goto EXIT; }
DWORD dwBytesRead; while ( ::ReadFile( hFile, pReadBuffer, READ_BUF_SIZE, &dwBytesRead, NULL ) ) { if ( dwBytesRead == 0 ) break; *pdwRunningCheckSum = ::eaChecksumBlock( *pdwRunningCheckSum, pReadBuffer, dwBytesRead ); *pullBytesChecksummed += dwBytesRead; } if ( ::GetLastError() != ERROR_SUCCESS ) bRet = FALSE; } catch( ... ) { bRet = FALSE; }
EXIT: if ( hFile != INVALID_HANDLE_VALUE ) ::CloseHandle( hFile );
::VirtualFree( pReadBuffer, 0, MEM_RELEASE );
return bRet;}
//
// This class maintains the encryption context
//
class CFsdEncryptionContext{public: CFsdEncryptionContext() : m_hDoneEvent( NULL ), m_dwChecksum( 0 ), m_ullBytesRead( 0 ) { m_hDoneEvent = ::CreateEventW( NULL, TRUE, FALSE, NULL ); if ( m_hDoneEvent == NULL ) throw ::GetLastError(); }
~CFsdEncryptionContext() { if ( m_hDoneEvent != NULL ) ::CloseHandle( m_hDoneEvent ); }
DWORD WaitForDoneEvent() { DWORD dwRet;
dwRet = ::WaitForSingleObject( m_hDoneEvent, INFINITE ); if ( dwRet == WAIT_OBJECT_0 ) return ERROR_SUCCESS; else if ( dwRet == WAIT_TIMEOUT ) return ERROR_TIMEOUT; return ::GetLastError(); }
VOID FireDoneEvent() { ::SetEvent( m_hDoneEvent ); }
DWORD GetChecksum() { return m_dwChecksum; }
ULONGLONG GetBytesRead() { return m_ullBytesRead; }
static DWORD WINAPI ExportCallback( IN PBYTE pbData, IN PVOID pvCallbackContext, IN ULONG ulLength ) { CFsdEncryptionContext *pcThis = static_cast< CFsdEncryptionContext * >( pvCallbackContext ); pcThis->m_dwChecksum = ::eaChecksumBlock( pcThis->m_dwChecksum, pbData, ulLength ); pcThis->m_ullBytesRead += ulLength; return ERROR_SUCCESS; }
private: HANDLE m_hDoneEvent; DWORD m_dwChecksum; ULONGLONG m_ullBytesRead;};
static BOOLeaChecksumRawEncryptedData( IN CDumpParameters *pcParams, IN const CBsString& cwsFileName, IN OUT SFileExtendedInfo *psExtendedInfo ){ PVOID pvContext = NULL; DWORD dwRet = ERROR_SUCCESS; CFsdEncryptionContext cEncryptionContext;
try { //
// Open this puppy up
//
dwRet = ::OpenEncryptedFileRawW( cwsFileName, 0, &pvContext ); if ( dwRet == ERROR_SUCCESS ) { //wprintf( L"**** Opened encrypted file '%s'\n", cwsFileName.c_str() );
dwRet = ::ReadEncryptedFileRaw( CFsdEncryptionContext::ExportCallback, &cEncryptionContext, pvContext ); if ( dwRet == ERROR_SUCCESS ) { //wprintf( L"**** Called read on encrypted file, bytes read: %u, checksum: %u\n",
// cEncryptionContext.GetBytesRead(), cEncryptionContext.GetChecksum() );
psExtendedInfo->cwsEncryptedRawDataChecksum.Format( pcParams->m_pwszULongHexFmt, cEncryptionContext.GetChecksum() ); psExtendedInfo->ullTotalBytesChecksummed += cEncryptionContext.GetBytesRead(); } } } catch( ... ) { dwRet = ERROR_EXCEPTION_IN_SERVICE; // ???
}
if ( pvContext != NULL ) ::CloseEncryptedFileRaw( pvContext );
if ( dwRet != ERROR_SUCCESS ) psExtendedInfo->cwsEncryptedRawDataChecksum.Format( L"<%6d>", dwRet );
return dwRet == ERROR_SUCCESS;}
/*++
Routine Description:
Checksums a block of data. The block needs to be DWORD aligned for performance and correctness since this function assumes it can zero out up to 3 bytes beyond the end of the buffer. Also, only the last buffer in a series of buffers can have unaligned data at the end of the buffer.
Arguments:
dwRunningChecksum - The previous checksum from a previous call. Should be zero if this is the first block to checksum in a series of blocks.
pBuffer - Pointer to the buffer to checksum.
dwBufSize - This should always be a multiple of a DWORD, except for the last block in a series.
Return Value:
The checksum.
--*/static DWORDeaChecksumBlock( IN DWORD dwRunningChecksum, IN LPBYTE pBuffer, IN DWORD dwBufSize ){ //
// Need to zero out any additional bytes not aligned.
//
DWORD dwBytesToZero; DWORD dwBufSizeInDWords;
dwBytesToZero = dwBufSize % sizeof( DWORD ); dwBufSizeInDWords = ( dwBufSize + ( sizeof( DWORD ) - 1 ) ) / sizeof( DWORD ); // int div
while ( dwBytesToZero-- ) pBuffer[ dwBufSize + dwBytesToZero ] = 0;
LPDWORD pdwBuf = ( LPDWORD )pBuffer;
// BUGBUG: Need better checksum
for ( DWORD dwIdx = 0; dwIdx < dwBufSizeInDWords; ++dwIdx ) dwRunningChecksum += ( dwRunningChecksum << 1 ) | pdwBuf[ dwIdx ];
return dwRunningChecksum;}
/*++
Routine Description:
Converts a user SID to a string. Has a simple one element cache to speed up conversions. This is especially useful when the user wants the symbolic DOMAIN\ACCOUNT strings.
Arguments:
Return Value:
NONE
--*/static VOIDeaConvertUserSidToString ( IN CDumpParameters *pcParams, IN PSID pSid, OUT CBsString *pcwsSid ){ static CBsString cwsCachedSidString; static PSID pCachedSid = NULL;
//
// Is the cached SID the same as the passed in one. If so,
// return the cached sid string.
//
if ( pCachedSid != NULL && ::EqualSid( pSid, pCachedSid ) ) { *pcwsSid = cwsCachedSidString; return; }
//
// Convert the SID into a string
//
::eaConvertSidToString( pcParams, pSid, pcwsSid );
//
// Now cache the sid
//
cwsCachedSidString = *pcwsSid; if ( pCachedSid != NULL ) free( pCachedSid ); size_t cSidLength = ( size_t )::GetLengthSid( pSid ); pCachedSid = ( PSID )malloc( cSidLength ); if ( pCachedSid == NULL ) // prefix #171666
{ pcParams->ErrPrint( L"eaConvertUserSidToString - Can't allocate memory, out of memory" ); throw E_OUTOFMEMORY; } ::CopySid( ( DWORD )cSidLength, pCachedSid, pSid );}
/*++
Routine Description:
Converts a group SID to a string. Has a simple one element cache to speed up conversions. This is especially useful when the user wants the symbolic DOMAIN\ACCOUNT strings.
Arguments:
Return Value:
NONE
--*/static VOIDeaConvertGroupSidToString ( IN CDumpParameters *pcParams, IN PSID pSid, OUT CBsString *pcwsSid ){ static CBsString cwsCachedSidString; static PSID pCachedSid = NULL;
//
// Is the cached SID the same as the passed in one. If so,
// return the cached sid string.
//
if ( pCachedSid != NULL && ::EqualSid( pSid, pCachedSid ) ) { *pcwsSid = cwsCachedSidString; return; }
//
// Convert the SID into a string
//
::eaConvertSidToString( pcParams, pSid, pcwsSid );
//
// Now cache the sid
//
cwsCachedSidString = *pcwsSid; if ( pCachedSid != NULL ) free( pCachedSid ); size_t cSidLength = ( size_t )::GetLengthSid( pSid ); pCachedSid = ( PSID )malloc( cSidLength ); if ( pCachedSid == NULL ) // prefix #171665
{ pcParams->ErrPrint( L"eaConvertGroupSidToString - Can't allocate memory, out of memory" ); throw E_OUTOFMEMORY; } ::CopySid( ( DWORD )cSidLength, pCachedSid, pSid );}
/*++
Routine Description:
Converts a SID to a string.
Arguments:
Return Value:
NONE
--*/static VOIDeaConvertSidToString ( IN CDumpParameters *pcParams, IN PSID pSid, OUT CBsString *pcwsSid ){ if ( pcParams->m_bShowSymbolicSIDNames ) { CBsString cwsAccountName; CBsString cwsDomainName; SID_NAME_USE eSidNameUse; DWORD dwAccountNameSize = 1024; DWORD dwDomainNameSize = 1024;
if ( ::LookupAccountSidW( NULL, pSid, cwsAccountName.GetBufferSetLength( dwAccountNameSize ), &dwAccountNameSize, cwsDomainName.GetBufferSetLength( dwDomainNameSize ), &dwDomainNameSize, &eSidNameUse ) ) { cwsAccountName.ReleaseBuffer(); cwsDomainName.ReleaseBuffer(); *pcwsSid = L"'"; *pcwsSid += cwsDomainName; *pcwsSid += L"\\"; *pcwsSid += cwsAccountName; *pcwsSid += L"'"; return; } } LPWSTR pwszSid;
if ( ::ConvertSidToStringSid( pSid, &pwszSid ) ) { *pcwsSid = pwszSid; ::LocalFree( pwszSid ); } else { pcwsSid->Format( L"<%6d>", ::GetLastError() ); }}
///////////////////////////////////////////////////////////////////////////
//
// FROM: base\fs\hsm\inc\rpdata.h
//
//////////////////////////////////////////////////////////////////////////
#define RP_RESV_SIZE 52
//
// Placeholder data - all versions unioned together
//
typedef struct _RP_PRIVATE_DATA { CHAR reserved[RP_RESV_SIZE]; // Must be 0
ULONG bitFlags; // bitflags indicating status of the segment
LARGE_INTEGER migrationTime; // When migration occurred
GUID hsmId; GUID bagId; LARGE_INTEGER fileStart; LARGE_INTEGER fileSize; LARGE_INTEGER dataStart; LARGE_INTEGER dataSize; LARGE_INTEGER fileVersionId; LARGE_INTEGER verificationData; ULONG verificationType; ULONG recallCount; LARGE_INTEGER recallTime; LARGE_INTEGER dataStreamStart; LARGE_INTEGER dataStreamSize; ULONG dataStream; ULONG dataStreamCRCType; LARGE_INTEGER dataStreamCRC;} RP_PRIVATE_DATA, *PRP_PRIVATE_DATA;
typedef struct _RP_DATA { GUID vendorId; // Unique HSM vendor ID -- This is first to match REPARSE_GUID_DATA_BUFFER
ULONG qualifier; // Used to checksum the data
ULONG version; // Version of the structure
ULONG globalBitFlags; // bitflags indicating status of the file
ULONG numPrivateData; // number of private data entries
GUID fileIdentifier; // Unique file ID
RP_PRIVATE_DATA data; // Vendor specific data
} RP_DATA, *PRP_DATA;
//
// This function specifically zero's out certain HSM reparse point
// fields before computing the checksum. The fields which are
// zero'ed out are dynamic values and can cause miscompares.
//
static DWORDeaChecksumHSMReparsePoint( IN CDumpParameters *pcParams, IN PREPARSE_DATA_BUFFER pReparseData, IN DWORD dwTotalSize // Size of reparse point data
){ if ( dwTotalSize >= 8 && pReparseData->ReparseDataLength >= sizeof RP_DATA ) { //
// If structure is not at least as large as the HSM RP_DATA structure,
// then it doesn't appear to be a valid HSM RP_DATA structure.
//
PRP_DATA pRpData = ( PRP_DATA ) pReparseData->GenericReparseBuffer.DataBuffer;
//
// Zero out the proper fields
//
pRpData->qualifier = 0; pRpData->globalBitFlags = 0; pRpData->data.bitFlags = 0; pRpData->data.recallCount = 0; pRpData->data.recallTime.LowPart = 0; pRpData->data.recallTime.HighPart = 0; } else { pcParams->ErrPrint( L"Warning, HSM reparse point not valid, size: %u\n", dwTotalSize ); }
return ::eaChecksumBlock( 0, ( LPBYTE )pReparseData, dwTotalSize );}
static VOIDeaGetObjectIdInfo( IN CDumpParameters *pcParams, IN const CBsString &cwsFileName, IN OUT ULONGLONG *pullBytesChecksummed, IN OUT SDirectoryEntry *psDirEntry, IN OUT SFileExtendedInfo *psExtendedInfo ){ HANDLE hFile = INVALID_HANDLE_VALUE; BOOL bRet = TRUE; DWORD dwChecksum = 0;
try { //
// Open the file in order to read the object id
//
hFile = ::CreateFileW( cwsFileName, GENERIC_READ, FSD_SHARE_MODE, NULL, OPEN_EXISTING, FILE_FLAG_BACKUP_SEMANTICS, NULL ); if ( hFile == INVALID_HANDLE_VALUE ) { bRet = FALSE; goto EXIT; }
FILE_OBJECTID_BUFFER sObjIdBuffer; DWORD dwBytesReturned;
//
// Now get the object id info
//
if ( !::DeviceIoControl( hFile, FSCTL_GET_OBJECT_ID, NULL, // lpInBuffer; must be NULL
0, // nInBufferSize; must be zero
( LPVOID )&sObjIdBuffer, // pointer to output buffer
sizeof FILE_OBJECTID_BUFFER,// size of output buffer
&dwBytesReturned, // receives number of bytes returned
NULL // pointer to OVERLAPPED structure
) ) { bRet = FALSE; goto EXIT; }
//
// Load up the object id
//
LPWSTR pwszObjIdGuid;
// Check for RPC_S_OK added for Prefix bug #192596
if ( ::UuidToStringW( (GUID *)sObjIdBuffer.ObjectId, ( unsigned short ** )&pwszObjIdGuid ) == RPC_S_OK ) { psExtendedInfo->cwsObjectId = pwszObjIdGuid; ::RpcStringFreeW( ( unsigned short ** )&pwszObjIdGuid ); }
//
// Now checksum all of the extended object id data if necessary
//
if ( pcParams->m_bEnableObjectIdExtendedDataChecksums ) { dwChecksum = ::eaChecksumBlock( 0, sObjIdBuffer.ExtendedInfo, sizeof( sObjIdBuffer.ExtendedInfo ) ); psExtendedInfo->cwsObjectIdExtendedDataChecksum.Format( pcParams->m_pwszULongHexFmt, dwChecksum );
*pullBytesChecksummed += sizeof( sObjIdBuffer.ExtendedInfo ); } } catch( ... ) { bRet = FALSE; }EXIT:
if ( hFile != INVALID_HANDLE_VALUE ) ::CloseHandle( hFile );
// if ( bRet == FALSE )
// psExtendedInfo->cwsReparsePointDataChecksum.Format( L"<%6d>", ::GetLastError() );
}
|
