From 967c5dbef3340ee0c870b1fb1f91c24fb6443358 Mon Sep 17 00:00:00 2001
From: Jeffrey Altman <jaltman@your-file-system.com>
Date: Sun, 28 Jun 2015 13:18:01 -0400
Subject: [PATCH] Windows: Always fetch auth id in kernel

When processing network provider requests in afsredirlib.sys always
obtain the auth id using the SYSTEM worker thread.   Do not trust
the values provided by userland.

Change-Id: I9786b0c836cf967074035a7595c38c8700cb7589
Reviewed-on: http://gerrit.openafs.org/11910
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
---
 .../kernel/lib/AFSNetworkProviderSupport.cpp       | 150 +++++++++------------
 1 file changed, 65 insertions(+), 85 deletions(-)

diff --git a/src/WINNT/afsrdr/kernel/lib/AFSNetworkProviderSupport.cpp b/src/WINNT/afsrdr/kernel/lib/AFSNetworkProviderSupport.cpp
index 8921d29..0561627 100644
--- a/src/WINNT/afsrdr/kernel/lib/AFSNetworkProviderSupport.cpp
+++ b/src/WINNT/afsrdr/kernel/lib/AFSNetworkProviderSupport.cpp
@@ -58,27 +58,23 @@ AFSAddConnection( IN AFSNetworkProviderConnectionCB *ConnectCB,
                       &pRDRDevExt->Specific.RDR.ProviderListLock,
                       PsGetCurrentThread()));
 
-        if( ConnectCB->AuthenticationId.QuadPart == 0)
-        {
-
-	    ntStatus = AFSGetAuthenticationId(&ConnectCB->AuthenticationId);
+	ntStatus = AFSGetAuthenticationId(&ConnectCB->AuthenticationId);
 
-	    if ( !NT_SUCCESS( ntStatus))
-	    {
+	if ( !NT_SUCCESS( ntStatus))
+	{
 
-		AFSDbgTrace(( AFS_SUBSYSTEM_NETWORK_PROVIDER,
-			      AFS_TRACE_LEVEL_ERROR,
-			      "AFSAddConnection Unable to retrieve authentication id %08lX\n",
-			      ntStatus));
+	    AFSDbgTrace(( AFS_SUBSYSTEM_NETWORK_PROVIDER,
+			  AFS_TRACE_LEVEL_ERROR,
+			  "AFSAddConnection Unable to retrieve authentication id %08lX\n",
+			  ntStatus));
 
-		return ntStatus;
-	    }
+	    return ntStatus;
+	}
 
-            AFSDbgTrace(( AFS_SUBSYSTEM_NETWORK_PROVIDER,
-                          AFS_TRACE_LEVEL_VERBOSE,
-                          "AFSAddConnection Retrieved authentication id %I64X\n",
-                          ConnectCB->AuthenticationId.QuadPart));
-        }
+	AFSDbgTrace(( AFS_SUBSYSTEM_NETWORK_PROVIDER,
+		      AFS_TRACE_LEVEL_VERBOSE,
+		      "AFSAddConnection Retrieved authentication id %I64X\n",
+		      ConnectCB->AuthenticationId.QuadPart));
 
         AFSAcquireExcl( &pRDRDevExt->Specific.RDR.ProviderListLock,
                         TRUE);
@@ -434,27 +430,23 @@ AFSCancelConnection( IN AFSNetworkProviderConnectionCB *ConnectCB,
                       &pRDRDevExt->Specific.RDR.ProviderListLock,
                       PsGetCurrentThread()));
 
-        if( ConnectCB->AuthenticationId.QuadPart == 0)
-        {
-
-	    ntStatus = AFSGetAuthenticationId(&ConnectCB->AuthenticationId);
+	ntStatus = AFSGetAuthenticationId(&ConnectCB->AuthenticationId);
 
-	    if ( !NT_SUCCESS( ntStatus))
-	    {
+	if ( !NT_SUCCESS( ntStatus))
+	{
 
-		AFSDbgTrace(( AFS_SUBSYSTEM_NETWORK_PROVIDER,
-			      AFS_TRACE_LEVEL_ERROR,
-			      "AFSCancelConnection Unable to retrieve authentication id %08lX\n",
-			      ntStatus));
+	    AFSDbgTrace(( AFS_SUBSYSTEM_NETWORK_PROVIDER,
+			  AFS_TRACE_LEVEL_ERROR,
+			  "AFSCancelConnection Unable to retrieve authentication id %08lX\n",
+			  ntStatus));
 
-		return ntStatus;
-	    }
+	    return ntStatus;
+	}
 
-            AFSDbgTrace(( AFS_SUBSYSTEM_NETWORK_PROVIDER,
-                          AFS_TRACE_LEVEL_VERBOSE,
-                          "AFSCancelConnection Retrieved authentication id %I64X\n",
-                          ConnectCB->AuthenticationId.QuadPart));
-        }
+	AFSDbgTrace(( AFS_SUBSYSTEM_NETWORK_PROVIDER,
+		      AFS_TRACE_LEVEL_VERBOSE,
+		      "AFSCancelConnection Retrieved authentication id %I64X\n",
+		      ConnectCB->AuthenticationId.QuadPart));
 
         AFSAcquireExcl( &pRDRDevExt->Specific.RDR.ProviderListLock,
                         TRUE);
@@ -570,28 +562,24 @@ AFSGetConnection( IN AFSNetworkProviderConnectionCB *ConnectCB,
     __Enter
     {
 
-	if( ConnectCB->AuthenticationId.QuadPart == 0)
-	{
-
-	    ntStatus = AFSGetAuthenticationId(&ConnectCB->AuthenticationId);
-
-	    if ( !NT_SUCCESS( ntStatus))
-	    {
+	ntStatus = AFSGetAuthenticationId(&ConnectCB->AuthenticationId);
 
-		AFSDbgTrace(( AFS_SUBSYSTEM_NETWORK_PROVIDER,
-			      AFS_TRACE_LEVEL_ERROR,
-			      "AFSGetConnection Unable to retrieve authentication id %08lX\n",
-			      ntStatus));
-
-		return ntStatus;
-	    }
+	if ( !NT_SUCCESS( ntStatus))
+	{
 
 	    AFSDbgTrace(( AFS_SUBSYSTEM_NETWORK_PROVIDER,
-			  AFS_TRACE_LEVEL_VERBOSE,
-			  "AFSGetConnection Retrieved authentication id %I64X\n",
-			  ConnectCB->AuthenticationId.QuadPart));
+			  AFS_TRACE_LEVEL_ERROR,
+			  "AFSGetConnection Unable to retrieve authentication id %08lX\n",
+			  ntStatus));
+
+	    return ntStatus;
 	}
 
+	AFSDbgTrace(( AFS_SUBSYSTEM_NETWORK_PROVIDER,
+		      AFS_TRACE_LEVEL_VERBOSE,
+		      "AFSGetConnection Retrieved authentication id %I64X\n",
+		      ConnectCB->AuthenticationId.QuadPart));
+
         if( ConnectCB->LocalName != L'\0')
         {
 
@@ -721,27 +709,23 @@ AFSListConnections( IN OUT AFSNetworkProviderConnectionCB *ConnectCB,
 
         ulType = ConnectCB->Type;
 
-        if( ConnectCB->AuthenticationId.QuadPart == 0)
-        {
+	ntStatus = AFSGetAuthenticationId(&ConnectCB->AuthenticationId);
 
-	    ntStatus = AFSGetAuthenticationId(&ConnectCB->AuthenticationId);
+	if ( !NT_SUCCESS( ntStatus))
+	{
 
-	    if ( !NT_SUCCESS( ntStatus))
-	    {
+	    AFSDbgTrace(( AFS_SUBSYSTEM_NETWORK_PROVIDER,
+			  AFS_TRACE_LEVEL_ERROR,
+			  "AFSListConnection Unable to retrieve authentication id %08lX\n",
+			  ntStatus));
 
-		AFSDbgTrace(( AFS_SUBSYSTEM_NETWORK_PROVIDER,
-			      AFS_TRACE_LEVEL_ERROR,
-			      "AFSListConnection Unable to retrieve authentication id %08lX\n",
-			      ntStatus));
+	    return ntStatus;
+	}
 
-		return ntStatus;
-	    }
-
-            AFSDbgTrace(( AFS_SUBSYSTEM_NETWORK_PROVIDER,
-                          AFS_TRACE_LEVEL_VERBOSE,
-                          "AFSListConnections Retrieved authentication id %I64X\n",
-                          ConnectCB->AuthenticationId.QuadPart));
-        }
+	AFSDbgTrace(( AFS_SUBSYSTEM_NETWORK_PROVIDER,
+		      AFS_TRACE_LEVEL_VERBOSE,
+		      "AFSListConnections Retrieved authentication id %I64X\n",
+		      ConnectCB->AuthenticationId.QuadPart));
 
         liAuthenticationID.QuadPart = ConnectCB->AuthenticationId.QuadPart;
 
@@ -1509,28 +1493,24 @@ AFSGetConnectionInfo( IN AFSNetworkProviderConnectionCB *ConnectCB,
         uniRemoteName.MaximumLength = uniRemoteName.Length + sizeof( WCHAR);
         uniRemoteName.Buffer = (WCHAR *)ConnectCB->RemoteName;
 
-	if( ConnectCB->AuthenticationId.QuadPart == 0)
-	{
-
-	    ntStatus = AFSGetAuthenticationId(&ConnectCB->AuthenticationId);
-
-	    if ( !NT_SUCCESS( ntStatus))
-	    {
+	ntStatus = AFSGetAuthenticationId(&ConnectCB->AuthenticationId);
 
-		AFSDbgTrace(( AFS_SUBSYSTEM_NETWORK_PROVIDER,
-			      AFS_TRACE_LEVEL_ERROR,
-			      "AFSGetConnectionInfo Unable to retrieve authentication id %08lX\n",
-			      ntStatus));
-
-		return ntStatus;
-	    }
+	if ( !NT_SUCCESS( ntStatus))
+	{
 
 	    AFSDbgTrace(( AFS_SUBSYSTEM_NETWORK_PROVIDER,
-			  AFS_TRACE_LEVEL_VERBOSE,
-			  "AFSGetConnectionInfo Retrieved authentication id %I64X\n",
-			  ConnectCB->AuthenticationId.QuadPart));
+			  AFS_TRACE_LEVEL_ERROR,
+			  "AFSGetConnectionInfo Unable to retrieve authentication id %08lX\n",
+			  ntStatus));
+
+	    return ntStatus;
 	}
 
+	AFSDbgTrace(( AFS_SUBSYSTEM_NETWORK_PROVIDER,
+		      AFS_TRACE_LEVEL_VERBOSE,
+		      "AFSGetConnectionInfo Retrieved authentication id %I64X\n",
+		      ConnectCB->AuthenticationId.QuadPart));
+
         if( ConnectCB->LocalName != L'\0')
         {
 
-- 
1.9.4