Windows: Restrict the Service IOCTLS to the service process
[openafs.git] / src / WINNT / afsrdr / kernel / fs / AFSCommSupport.cpp
index 9e46949..210c7a2 100644 (file)
@@ -438,6 +438,8 @@ AFSProcessControlRequest( IN PIRP Irp)
 
                 pIrpSp->FileObject->FsContext = (void *)((ULONG_PTR)pIrpSp->FileObject->FsContext | AFS_CONTROL_INSTANCE);
 
+                AFSRegisterService();
+
                 break;
             }
 
@@ -446,6 +448,14 @@ AFSProcessControlRequest( IN PIRP Irp)
 
                 AFSRedirectorInitInfo *pRedirInitInfo = (AFSRedirectorInitInfo *)Irp->AssociatedIrp.SystemBuffer;
 
+                if ( !AFSIsService())
+                {
+
+                    ntStatus = STATUS_ACCESS_DENIED;
+
+                    break;
+                }
+
                 //
                 // Extract off the passed in information which contains the
                 // cache file parameters
@@ -485,6 +495,14 @@ AFSProcessControlRequest( IN PIRP Irp)
             case IOCTL_AFS_PROCESS_IRP_REQUEST:
             {
 
+                if ( !AFSIsService())
+                {
+
+                    ntStatus = STATUS_ACCESS_DENIED;
+
+                    break;
+                }
+
                 ntStatus = AFSProcessIrpRequest( Irp);
 
                 break;
@@ -493,6 +511,14 @@ AFSProcessControlRequest( IN PIRP Irp)
             case IOCTL_AFS_PROCESS_IRP_RESULT:
             {
 
+                if ( !AFSIsService())
+                {
+
+                    ntStatus = STATUS_ACCESS_DENIED;
+
+                    break;
+                }
+
                 ntStatus = AFSProcessIrpResult( Irp);
 
                 break;
@@ -503,6 +529,14 @@ AFSProcessControlRequest( IN PIRP Irp)
 
                 AFSSysNameNotificationCB *pSysNameInfo = (AFSSysNameNotificationCB *)Irp->AssociatedIrp.SystemBuffer;
 
+                if ( !AFSIsService())
+                {
+
+                    ntStatus = STATUS_ACCESS_DENIED;
+
+                    break;
+                }
+
                 if( pSysNameInfo == NULL ||
                     pIrpSp->Parameters.DeviceIoControl.InputBufferLength < sizeof( AFSSysNameNotificationCB))
                 {
@@ -634,6 +668,14 @@ AFSProcessControlRequest( IN PIRP Irp)
             case IOCTL_AFS_SHUTDOWN:
             {
 
+                if ( !AFSIsService())
+                {
+
+                    ntStatus = STATUS_ACCESS_DENIED;
+
+                    break;
+                }
+
                 ntStatus = AFSShutdownRedirector();
 
                 break;
@@ -642,7 +684,6 @@ AFSProcessControlRequest( IN PIRP Irp)
             case IOCTL_AFS_AUTHGROUP_CREATE_AND_SET:
             {
 
-
                 AFSAuthGroupRequestCB *pAuthGroupRequestCB = (AFSAuthGroupRequestCB *)Irp->AssociatedIrp.SystemBuffer;
 
                 if( pAuthGroupRequestCB == NULL ||
@@ -1050,6 +1091,7 @@ AFSCleanupIrpPool()
         //
 
         AFSReleaseResource( &pCommSrvc->ResultPoolLock);
+
     }
 
     return;