* globals.cc (ro_u_refs): New R/O unicode string.
* mount.cc (fs_info::update): Recognize ReFS. * mount.h (enum fs_info_type): Add refs. (class fs_info): Add refs flag and accessor methods. * ntdll.h (RtlAddAccessAllowedAceEx): Declare. (RtlAddAccessDeniedAceEx): Declare. * path.h (path_conv::fs_is_refs): Define. * sec_helper.cc (_recycler_sd): New function to create security descriptors suitable for the recycler bin starting with Vista. * security.cc (add_access_allowed_ace): Use RtlAddAccessAllowedAceEx and drop code to set AceFlags explicitely. (add_access_denied_ace): Use RtlAddAccessDeniedAceEx and drop code to set AceFlags explicitely. * security.h (_recycler_sd): Declare. (recycler_sd): Define. * syscalls.cc (desktop_ini): Change formatting. (desktop_ini_ext): Define third line of recycler desktop.ini file since Vista, (try_to_bin): Handle ReFS just like NTFS. Write Vista and later Recycler in all uppercase, just like shell32 does when recreating it. Fix comments to include ReFS. Don't implicitely reuse object attributes from earlier NtOpenFile call, rather recreate it for safety. Use recycler_sd call when creating security descriptor for Recycler dirs and files on Vista and later. Write third line of desktop.ini when on Vista and later.
This commit is contained in:
parent
6a713dabad
commit
115d74b99e
@ -1,3 +1,31 @@
|
||||
2012-06-03 Corinna Vinschen <corinna@vinschen.de>
|
||||
|
||||
* globals.cc (ro_u_refs): New R/O unicode string.
|
||||
* mount.cc (fs_info::update): Recognize ReFS.
|
||||
* mount.h (enum fs_info_type): Add refs.
|
||||
(class fs_info): Add refs flag and accessor methods.
|
||||
* ntdll.h (RtlAddAccessAllowedAceEx): Declare.
|
||||
(RtlAddAccessDeniedAceEx): Declare.
|
||||
* path.h (path_conv::fs_is_refs): Define.
|
||||
* sec_helper.cc (_recycler_sd): New function to create security
|
||||
descriptors suitable for the recycler bin starting with Vista.
|
||||
* security.cc (add_access_allowed_ace): Use RtlAddAccessAllowedAceEx
|
||||
and drop code to set AceFlags explicitely.
|
||||
(add_access_denied_ace): Use RtlAddAccessDeniedAceEx and drop code to
|
||||
set AceFlags explicitely.
|
||||
* security.h (_recycler_sd): Declare.
|
||||
(recycler_sd): Define.
|
||||
* syscalls.cc (desktop_ini): Change formatting.
|
||||
(desktop_ini_ext): Define third line of recycler desktop.ini file
|
||||
since Vista,
|
||||
(try_to_bin): Handle ReFS just like NTFS. Write Vista and later
|
||||
Recycler in all uppercase, just like shell32 does when recreating it.
|
||||
Fix comments to include ReFS. Don't implicitely reuse object
|
||||
attributes from earlier NtOpenFile call, rather recreate it for safety.
|
||||
Use recycler_sd call when creating security descriptor for Recycler
|
||||
dirs and files on Vista and later. Write third line of desktop.ini
|
||||
when on Vista and later.
|
||||
|
||||
2012-06-03 Christopher Faylor <me.cygwin2012@cgf.cx>
|
||||
|
||||
* winbase.h: Add missing copyright date.
|
||||
|
@ -107,6 +107,7 @@ UNICODE_STRING _RDATA ro_u_fat = _ROU (L"FAT");
|
||||
UNICODE_STRING _RDATA ro_u_mvfs = _ROU (L"MVFS");
|
||||
UNICODE_STRING _RDATA ro_u_nfs = _ROU (L"NFS");
|
||||
UNICODE_STRING _RDATA ro_u_ntfs = _ROU (L"NTFS");
|
||||
UNICODE_STRING _RDATA ro_u_refs = _ROU (L"ReFS");
|
||||
UNICODE_STRING _RDATA ro_u_sunwnfs = _ROU (L"SUNWNFS");
|
||||
UNICODE_STRING _RDATA ro_u_udf = _ROU (L"UDF");
|
||||
UNICODE_STRING _RDATA ro_u_unixfs = _ROU (L"UNIXFS");
|
||||
|
@ -402,6 +402,7 @@ fs_info::update (PUNICODE_STRING upath, HANDLE in_vol)
|
||||
if (!got_fs ()
|
||||
&& !is_ntfs (RtlEqualUnicodeString (&fsname, &ro_u_ntfs, FALSE))
|
||||
&& !is_fat (RtlEqualUnicodePathPrefix (&fsname, &ro_u_fat, TRUE))
|
||||
&& !is_refs (RtlEqualUnicodeString (&fsname, &ro_u_refs, FALSE))
|
||||
&& !is_csc_cache (RtlEqualUnicodeString (&fsname, &ro_u_csc, FALSE))
|
||||
&& is_cdrom (ffdi.DeviceType == FILE_DEVICE_CD_ROM))
|
||||
is_udf (RtlEqualUnicodeString (&fsname, &ro_u_udf, FALSE));
|
||||
|
@ -29,6 +29,7 @@ enum fs_info_type
|
||||
none = 0,
|
||||
fat,
|
||||
ntfs,
|
||||
refs,
|
||||
samba,
|
||||
nfs,
|
||||
netapp,
|
||||
@ -98,6 +99,7 @@ class fs_info
|
||||
IMPLEMENT_STATUS_FLAG (bool, has_dos_filenames_only)
|
||||
IMPLEMENT_FS_FLAG (fat)
|
||||
IMPLEMENT_FS_FLAG (ntfs)
|
||||
IMPLEMENT_FS_FLAG (refs)
|
||||
IMPLEMENT_FS_FLAG (samba)
|
||||
IMPLEMENT_FS_FLAG (nfs)
|
||||
IMPLEMENT_FS_FLAG (netapp)
|
||||
|
@ -1252,7 +1252,11 @@ extern "C"
|
||||
PSECURITY_DESCRIPTOR, PULONG);
|
||||
VOID NTAPI RtlAcquirePebLock ();
|
||||
NTSTATUS NTAPI RtlAddAccessAllowedAce (PACL, ULONG, ACCESS_MASK, PSID);
|
||||
NTSTATUS NTAPI RtlAddAccessAllowedAceEx (PACL, ULONG, ULONG, ACCESS_MASK,
|
||||
PSID);
|
||||
NTSTATUS NTAPI RtlAddAccessDeniedAce (PACL, ULONG, ACCESS_MASK, PSID);
|
||||
NTSTATUS NTAPI RtlAddAccessDeniedAceEx (PACL, ULONG, ULONG, ACCESS_MASK,
|
||||
PSID);
|
||||
NTSTATUS NTAPI RtlAddAce (PACL, ULONG, ULONG, PVOID, ULONG);
|
||||
PVOID NTAPI RtlAllocateHeap (PVOID, ULONG, SIZE_T);
|
||||
NTSTATUS NTAPI RtlAppendUnicodeToString (PUNICODE_STRING, PCWSTR);
|
||||
|
@ -347,6 +347,7 @@ class path_conv
|
||||
bool fs_got_fs () const { return fs.got_fs (); }
|
||||
bool fs_is_fat () const {return fs.is_fat ();}
|
||||
bool fs_is_ntfs () const {return fs.is_ntfs ();}
|
||||
bool fs_is_refs () const {return fs.is_refs ();}
|
||||
bool fs_is_samba () const {return fs.is_samba ();}
|
||||
bool fs_is_nfs () const {return fs.is_nfs ();}
|
||||
bool fs_is_netapp () const {return fs.is_netapp ();}
|
||||
|
@ -1,7 +1,7 @@
|
||||
/* sec_helper.cc: NT security helper functions
|
||||
|
||||
Copyright 2000, 2001, 2002, 2003, 2004, 2006, 2007, 2008, 2009,
|
||||
2010, 2011 Red Hat, Inc.
|
||||
2010, 2011, 2012 Red Hat, Inc.
|
||||
|
||||
Written by Corinna Vinschen <corinna@vinschen.de>
|
||||
|
||||
@ -578,6 +578,64 @@ __sec_user (PVOID sa_buf, PSID sid1, PSID sid2, DWORD access2, BOOL inherit)
|
||||
return psa;
|
||||
}
|
||||
|
||||
/* Helper function to create a file security descriptor which allows
|
||||
full access to admins, system, and the sid given as parameter. See
|
||||
try_to_bin for how it's used. */
|
||||
|
||||
PSECURITY_DESCRIPTOR
|
||||
_recycler_sd (void *buf, bool users, bool dir)
|
||||
{
|
||||
NTSTATUS status;
|
||||
PSECURITY_DESCRIPTOR psd = (PSECURITY_DESCRIPTOR) buf;
|
||||
|
||||
if (!psd)
|
||||
return NULL;
|
||||
RtlCreateSecurityDescriptor (psd, SECURITY_DESCRIPTOR_REVISION);
|
||||
PACL dacl = (PACL) (psd + 1);
|
||||
/* Pre-Vista, the per-user recycler dir has a rather too complicated
|
||||
ACL by default, which has distinct ACEs for inheritable and non-inheritable
|
||||
permissions. However, this ACL is practically equivalent to the ACL
|
||||
created since Vista. Therefore we simplify our job here and create the
|
||||
pre-Vista permissions the same way as on Vista and later. */
|
||||
RtlCreateAcl (dacl, MAX_DACL_LEN (3), ACL_REVISION);
|
||||
RtlAddAccessAllowedAceEx (dacl, ACL_REVISION,
|
||||
dir ? CONTAINER_INHERIT_ACE | OBJECT_INHERIT_ACE
|
||||
: NO_INHERITANCE,
|
||||
FILE_ALL_ACCESS, well_known_admins_sid);
|
||||
RtlAddAccessAllowedAceEx (dacl, ACL_REVISION,
|
||||
dir ? CONTAINER_INHERIT_ACE | OBJECT_INHERIT_ACE
|
||||
: NO_INHERITANCE,
|
||||
FILE_ALL_ACCESS, well_known_system_sid);
|
||||
if (users)
|
||||
RtlAddAccessAllowedAceEx (dacl, ACL_REVISION, NO_PROPAGATE_INHERIT_ACE,
|
||||
FILE_GENERIC_READ | FILE_GENERIC_EXECUTE
|
||||
| FILE_APPEND_DATA | FILE_WRITE_ATTRIBUTES,
|
||||
well_known_users_sid);
|
||||
else
|
||||
RtlAddAccessAllowedAceEx (dacl, ACL_REVISION,
|
||||
dir ? CONTAINER_INHERIT_ACE
|
||||
| OBJECT_INHERIT_ACE
|
||||
: NO_INHERITANCE,
|
||||
FILE_ALL_ACCESS, cygheap->user.sid ());
|
||||
LPVOID ace;
|
||||
status = RtlFirstFreeAce (dacl, &ace);
|
||||
if (!NT_SUCCESS (status))
|
||||
{
|
||||
debug_printf ("RtlFirstFreeAce: %p", status);
|
||||
return NULL;
|
||||
}
|
||||
dacl->AclSize = (char *) ace - (char *) dacl;
|
||||
RtlSetDaclSecurityDescriptor (psd, TRUE, dacl, FALSE);
|
||||
/* If the directory DACL is not marked as protected, shell32 thinks
|
||||
the recycle dir is corrupted. As soon as Explorer accesses the
|
||||
Recycler, the user will get a GUI dialog "The Recycle Bin on X:\
|
||||
is corrupted. Do you want to empty the Recycle Bin for this drive?"
|
||||
Of course we want to avoid that. */
|
||||
if (dir)
|
||||
psd->Control |= SE_DACL_PROTECTED;
|
||||
return psd;
|
||||
}
|
||||
|
||||
/* Helper function to create an event security descriptor which only allows
|
||||
specific access to everyone. Only the creating process has all access
|
||||
rights. */
|
||||
|
@ -1,7 +1,7 @@
|
||||
/* security.cc: NT file access control functions
|
||||
|
||||
Copyright 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005,
|
||||
2006, 2007, 2008, 2009, 2010, 2011 Red Hat, Inc.
|
||||
2006, 2007, 2008, 2009, 2010, 2011, 2012 Red Hat, Inc.
|
||||
|
||||
Originaly written by Gunther Ebert, gunther.ebert@ixos-leipzig.de
|
||||
Completely rewritten by Corinna Vinschen <corinna@vinschen.de>
|
||||
@ -469,15 +469,13 @@ bool
|
||||
add_access_allowed_ace (PACL acl, int offset, DWORD attributes,
|
||||
PSID sid, size_t &len_add, DWORD inherit)
|
||||
{
|
||||
NTSTATUS status = RtlAddAccessAllowedAce (acl, ACL_REVISION, attributes, sid);
|
||||
NTSTATUS status = RtlAddAccessAllowedAceEx (acl, ACL_REVISION, inherit,
|
||||
attributes, sid);
|
||||
if (!NT_SUCCESS (status))
|
||||
{
|
||||
__seterrno_from_nt_status (status);
|
||||
return false;
|
||||
}
|
||||
ACCESS_ALLOWED_ACE *ace;
|
||||
if (inherit && NT_SUCCESS (RtlGetAce (acl, offset, (PVOID *) &ace)))
|
||||
ace->Header.AceFlags |= inherit;
|
||||
len_add += sizeof (ACCESS_ALLOWED_ACE) - sizeof (DWORD) + RtlLengthSid (sid);
|
||||
return true;
|
||||
}
|
||||
@ -486,15 +484,13 @@ bool
|
||||
add_access_denied_ace (PACL acl, int offset, DWORD attributes,
|
||||
PSID sid, size_t &len_add, DWORD inherit)
|
||||
{
|
||||
NTSTATUS status = RtlAddAccessDeniedAce (acl, ACL_REVISION, attributes, sid);
|
||||
NTSTATUS status = RtlAddAccessDeniedAceEx (acl, ACL_REVISION, inherit,
|
||||
attributes, sid);
|
||||
if (!NT_SUCCESS (status))
|
||||
{
|
||||
__seterrno_from_nt_status (status);
|
||||
return false;
|
||||
}
|
||||
ACCESS_DENIED_ACE *ace;
|
||||
if (inherit && NT_SUCCESS (RtlGetAce (acl, offset, (PVOID *) &ace)))
|
||||
ace->Header.AceFlags |= inherit;
|
||||
len_add += sizeof (ACCESS_DENIED_ACE) - sizeof (DWORD) + RtlLengthSid (sid);
|
||||
return true;
|
||||
}
|
||||
|
@ -476,6 +476,13 @@ extern SECURITY_ATTRIBUTES sec_none, sec_none_nih, sec_all, sec_all_nih;
|
||||
extern SECURITY_ATTRIBUTES *__stdcall __sec_user (PVOID, PSID, PSID,
|
||||
DWORD, BOOL)
|
||||
__attribute__ ((regparm (3)));
|
||||
|
||||
extern PSECURITY_DESCRIPTOR _recycler_sd (void *buf, bool users, bool dir);
|
||||
#define recycler_sd(users,dir) \
|
||||
(_recycler_sd (alloca (sizeof (SECURITY_DESCRIPTOR) + MAX_DACL_LEN (3)), \
|
||||
(users), \
|
||||
(dir)))
|
||||
|
||||
extern PSECURITY_DESCRIPTOR _everyone_sd (void *buf, ACCESS_MASK access);
|
||||
#define everyone_sd(access) (_everyone_sd (alloca (SD_MIN_SIZE), (access)))
|
||||
|
||||
|
@ -200,7 +200,12 @@ stop_transaction (NTSTATUS status, HANDLE old_trans, HANDLE trans)
|
||||
}
|
||||
|
||||
static char desktop_ini[] =
|
||||
"[.ShellClassInfo]\r\nCLSID={645FF040-5081-101B-9F08-00AA002F954E}\r\n";
|
||||
"[.ShellClassInfo]\r\n"
|
||||
"CLSID={645FF040-5081-101B-9F08-00AA002F954E}\r\n";
|
||||
|
||||
static char desktop_ini_ext[] =
|
||||
"LocalizedResourceName=@%SystemRoot%\\system32\\shell32.dll,-8964\r\n";
|
||||
|
||||
static BYTE info2[] =
|
||||
{
|
||||
0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
@ -229,6 +234,7 @@ try_to_bin (path_conv &pc, HANDLE &fh, ACCESS_MASK access)
|
||||
PFILE_INTERNAL_INFORMATION pfii;
|
||||
PFILE_RENAME_INFORMATION pfri;
|
||||
FILE_DISPOSITION_INFORMATION disp = { TRUE };
|
||||
bool fs_has_per_user_recycler = pc.fs_is_ntfs () || pc.fs_is_refs ();
|
||||
|
||||
tmp_pathbuf tp;
|
||||
PBYTE infobuf = (PBYTE) tp.w_get ();
|
||||
@ -253,8 +259,8 @@ try_to_bin (path_conv &pc, HANDLE &fh, ACCESS_MASK access)
|
||||
RtlInitEmptyUnicodeString (&recycler, recyclerbuf, sizeof recyclerbuf);
|
||||
if (!pc.isremote ())
|
||||
{
|
||||
if (wincap.has_recycle_dot_bin ()) /* NTFS and FAT since Vista */
|
||||
RtlAppendUnicodeToString (&recycler, L"\\$Recycle.Bin\\");
|
||||
if (wincap.has_recycle_dot_bin ()) /* NTFS and FAT since Vista, ReFS */
|
||||
RtlAppendUnicodeToString (&recycler, L"\\$RECYCLE.BIN\\");
|
||||
else if (pc.fs_is_ntfs ()) /* NTFS up to 2K3 */
|
||||
RtlAppendUnicodeToString (&recycler, L"\\RECYCLER\\");
|
||||
else if (pc.fs_is_fat ()) /* FAT up to 2K3 */
|
||||
@ -291,10 +297,10 @@ try_to_bin (path_conv &pc, HANDLE &fh, ACCESS_MASK access)
|
||||
recycler.Length -= sizeof (WCHAR);
|
||||
/* Store length of recycler base dir, if it's necessary to create it. */
|
||||
recycler_base_len = recycler.Length;
|
||||
/* On NTFS the recycler dir contains user specific subdirs, which are the
|
||||
actual recycle bins per user. The name if this dir is the string
|
||||
representation of the user SID. */
|
||||
if (pc.fs_is_ntfs ())
|
||||
/* On NTFS or ReFS the recycler dir contains user specific subdirs, which
|
||||
are the actual recycle bins per user. The name if this dir is the
|
||||
string representation of the user SID. */
|
||||
if (fs_has_per_user_recycler)
|
||||
{
|
||||
UNICODE_STRING sid;
|
||||
WCHAR sidbuf[128];
|
||||
@ -344,6 +350,8 @@ try_to_bin (path_conv &pc, HANDLE &fh, ACCESS_MASK access)
|
||||
/* Ok, so the recycler and/or the recycler/SID directory don't exist.
|
||||
First reopen root dir with permission to create subdirs. */
|
||||
NtClose (rootdir);
|
||||
InitializeObjectAttributes (&attr, &root, OBJ_CASE_INSENSITIVE,
|
||||
NULL, NULL);
|
||||
status = NtOpenFile (&rootdir, FILE_ADD_SUBDIRECTORY, &attr, &io,
|
||||
FILE_SHARE_VALID_FLAGS, FILE_OPEN_FOR_BACKUP_INTENT);
|
||||
if (!NT_SUCCESS (status))
|
||||
@ -354,14 +362,17 @@ try_to_bin (path_conv &pc, HANDLE &fh, ACCESS_MASK access)
|
||||
}
|
||||
/* Then check if recycler exists by opening and potentially creating it.
|
||||
Yes, we can really do that. Typically the recycle bin is created
|
||||
by the first user actually using the bin. The permissions are the
|
||||
default permissions propagated from the root directory. */
|
||||
by the first user actually using the bin. Pre-Vista, the permissions
|
||||
are the default permissions propagated from the root directory.
|
||||
Since Vista the top-level recycle dir has explicit permissions. */
|
||||
InitializeObjectAttributes (&attr, &recycler, OBJ_CASE_INSENSITIVE,
|
||||
rootdir, NULL);
|
||||
rootdir,
|
||||
wincap.has_recycle_dot_bin ()
|
||||
? recycler_sd (true, true) : NULL);
|
||||
recycler.Length = recycler_base_len;
|
||||
status = NtCreateFile (&recyclerdir,
|
||||
READ_CONTROL
|
||||
| (pc.fs_is_ntfs () ? 0 : FILE_ADD_FILE),
|
||||
| (fs_has_per_user_recycler ? 0 : FILE_ADD_FILE),
|
||||
&attr, &io, NULL,
|
||||
FILE_ATTRIBUTE_DIRECTORY
|
||||
| FILE_ATTRIBUTE_SYSTEM
|
||||
@ -376,10 +387,12 @@ try_to_bin (path_conv &pc, HANDLE &fh, ACCESS_MASK access)
|
||||
}
|
||||
/* Next, if necessary, check if the recycler/SID dir exists and
|
||||
create it if not. */
|
||||
if (pc.fs_is_ntfs ())
|
||||
if (fs_has_per_user_recycler)
|
||||
{
|
||||
NtClose (recyclerdir);
|
||||
recycler.Length = recycler_user_len;
|
||||
InitializeObjectAttributes (&attr, &recycler, OBJ_CASE_INSENSITIVE,
|
||||
rootdir, recycler_sd (false, true));
|
||||
status = NtCreateFile (&recyclerdir, READ_CONTROL | FILE_ADD_FILE,
|
||||
&attr, &io, NULL, FILE_ATTRIBUTE_DIRECTORY
|
||||
| FILE_ATTRIBUTE_SYSTEM
|
||||
@ -400,7 +413,7 @@ try_to_bin (path_conv &pc, HANDLE &fh, ACCESS_MASK access)
|
||||
{
|
||||
RtlInitUnicodeString (&fname, L"desktop.ini");
|
||||
InitializeObjectAttributes (&attr, &fname, OBJ_CASE_INSENSITIVE,
|
||||
recyclerdir, NULL);
|
||||
recyclerdir, recycler_sd (false, false));
|
||||
status = NtCreateFile (&tmp_fh, FILE_GENERIC_WRITE, &attr, &io, NULL,
|
||||
FILE_ATTRIBUTE_SYSTEM | FILE_ATTRIBUTE_HIDDEN,
|
||||
FILE_SHARE_VALID_FLAGS, FILE_CREATE,
|
||||
@ -416,6 +429,15 @@ try_to_bin (path_conv &pc, HANDLE &fh, ACCESS_MASK access)
|
||||
if (!NT_SUCCESS (status))
|
||||
debug_printf ("NtWriteFile (%S) failed, status = %p",
|
||||
&fname, status);
|
||||
else if (wincap.has_recycle_dot_bin ())
|
||||
{
|
||||
status = NtWriteFile (tmp_fh, NULL, NULL, NULL, &io,
|
||||
desktop_ini_ext,
|
||||
sizeof desktop_ini_ext - 1, NULL, NULL);
|
||||
if (!NT_SUCCESS (status))
|
||||
debug_printf ("NtWriteFile (%S) failed, status = %p",
|
||||
&fname, status);
|
||||
}
|
||||
NtClose (tmp_fh);
|
||||
}
|
||||
if (!wincap.has_recycle_dot_bin ()) /* No INFO2 file since Vista */
|
||||
|
Loading…
Reference in New Issue
Block a user