Windows: Restrict the Service IOCTLS to the service process

When the service starts the system we save it's PID and when we see a
IOCTL_AFS_INITIALIZE_REDIRECTOR_DEVICE,
IOCTL_AFS_PROCESS_IRP_REQUEST, IOCTL_AFS_PROCESS_IRP_RESULT,
IOCTL_AFS_SYSNAME_NOTIFICATION or IOCTL_AFS_SYSNAME_NOTIFICATION
ioctl we check that the calling process has that PID.

Change-Id: Ie66676bba4b4e4d858979babe9c0af4c53ea0143
Reviewed-on: http://gerrit.openafs.org/8844
Reviewed-by: Rod Widdowson <rdw@steadingsoftware.com>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>

diff --git a/src/WINNT/afsrdr/kernel/fs/AFSCleanup.cpp b/src/WINNT/afsrdr/kernel/fs/AFSCleanup.cpp
index 0ea29c4..8ead4b5 100644 (file)
--- a/src/WINNT/afsrdr/kernel/fs/AFSCleanup.cpp
+++ b/src/WINNT/afsrdr/kernel/fs/AFSCleanup.cpp
@@ -76,6 +76,12 @@ AFSCleanup( IN PDEVICE_OBJECT DeviceObject,
                 //
 
                 AFSCleanupIrpPool();
+
+                //
+                // And reset the Service PID
+                //
+                AFSDeregisterService();
+
             }
 
             if( FlagOn( (ULONG_PTR)pIrpSp->FileObject->FsContext, AFS_REDIRECTOR_INSTANCE))

diff --git a/src/WINNT/afsrdr/kernel/fs/AFSCommSupport.cpp b/src/WINNT/afsrdr/kernel/fs/AFSCommSupport.cpp
index 9e46949..210c7a2 100644 (file)
--- a/src/WINNT/afsrdr/kernel/fs/AFSCommSupport.cpp
+++ b/src/WINNT/afsrdr/kernel/fs/AFSCommSupport.cpp
@@ -438,6 +438,8 @@ AFSProcessControlRequest( IN PIRP Irp)
 
                 pIrpSp->FileObject->FsContext = (void *)((ULONG_PTR)pIrpSp->FileObject->FsContext | AFS_CONTROL_INSTANCE);
 
+                AFSRegisterService();
+
                 break;
             }
 
@@ -446,6 +448,14 @@ AFSProcessControlRequest( IN PIRP Irp)
 
                 AFSRedirectorInitInfo *pRedirInitInfo = (AFSRedirectorInitInfo *)Irp->AssociatedIrp.SystemBuffer;
 
+                if ( !AFSIsService())
+                {
+
+                    ntStatus = STATUS_ACCESS_DENIED;
+
+                    break;
+                }
+
                 //
                 // Extract off the passed in information which contains the
                 // cache file parameters
@@ -485,6 +495,14 @@ AFSProcessControlRequest( IN PIRP Irp)
             case IOCTL_AFS_PROCESS_IRP_REQUEST:
             {
 
+                if ( !AFSIsService())
+                {
+
+                    ntStatus = STATUS_ACCESS_DENIED;
+
+                    break;
+                }
+
                 ntStatus = AFSProcessIrpRequest( Irp);
 
                 break;
@@ -493,6 +511,14 @@ AFSProcessControlRequest( IN PIRP Irp)
             case IOCTL_AFS_PROCESS_IRP_RESULT:
             {
 
+                if ( !AFSIsService())
+                {
+
+                    ntStatus = STATUS_ACCESS_DENIED;
+
+                    break;
+                }
+
                 ntStatus = AFSProcessIrpResult( Irp);
 
                 break;
@@ -503,6 +529,14 @@ AFSProcessControlRequest( IN PIRP Irp)
 
                 AFSSysNameNotificationCB *pSysNameInfo = (AFSSysNameNotificationCB *)Irp->AssociatedIrp.SystemBuffer;
 
+                if ( !AFSIsService())
+                {
+
+                    ntStatus = STATUS_ACCESS_DENIED;
+
+                    break;
+                }
+
                 if( pSysNameInfo == NULL ||
                     pIrpSp->Parameters.DeviceIoControl.InputBufferLength < sizeof( AFSSysNameNotificationCB))
                 {
@@ -634,6 +668,14 @@ AFSProcessControlRequest( IN PIRP Irp)
             case IOCTL_AFS_SHUTDOWN:
             {
 
+                if ( !AFSIsService())
+                {
+
+                    ntStatus = STATUS_ACCESS_DENIED;
+
+                    break;
+                }
+
                 ntStatus = AFSShutdownRedirector();
 
                 break;
@@ -642,7 +684,6 @@ AFSProcessControlRequest( IN PIRP Irp)
             case IOCTL_AFS_AUTHGROUP_CREATE_AND_SET:
             {
 
-
                 AFSAuthGroupRequestCB *pAuthGroupRequestCB = (AFSAuthGroupRequestCB *)Irp->AssociatedIrp.SystemBuffer;
 
                 if( pAuthGroupRequestCB == NULL ||
@@ -1050,6 +1091,7 @@ AFSCleanupIrpPool()
         //
 
         AFSReleaseResource( &pCommSrvc->ResultPoolLock);
+
     }
 
     return;

diff --git a/src/WINNT/afsrdr/kernel/fs/AFSProcessSupport.cpp b/src/WINNT/afsrdr/kernel/fs/AFSProcessSupport.cpp
index a815724..b8b5797 100644 (file)
--- a/src/WINNT/afsrdr/kernel/fs/AFSProcessSupport.cpp
+++ b/src/WINNT/afsrdr/kernel/fs/AFSProcessSupport.cpp
@@ -38,6 +38,8 @@
 
 #include "AFSCommon.h"
 
+static HANDLE AFSServicePid = NULL;
+
 void
 AFSProcessNotify( IN HANDLE  ParentId,
                   IN HANDLE  ProcessId,
@@ -966,3 +968,21 @@ AFSIsUser( IN PSID Sid)
     SeReleaseSubjectContext( &subjectContext);
     return retVal;
 }
+
+VOID
+AFSRegisterService( void)
+{
+    AFSServicePid = PsGetCurrentProcessId();
+}
+
+VOID
+AFSDeregisterService( void)
+{
+    AFSServicePid = NULL;
+}
+
+BOOLEAN
+AFSIsService( void)
+{
+    return PsGetCurrentProcessId() == AFSServicePid;
+}

diff --git a/src/WINNT/afsrdr/kernel/fs/Include/AFSCommon.h b/src/WINNT/afsrdr/kernel/fs/Include/AFSCommon.h
index 5ccb7e1..4673732 100644 (file)
--- a/src/WINNT/afsrdr/kernel/fs/Include/AFSCommon.h
+++ b/src/WINNT/afsrdr/kernel/fs/Include/AFSCommon.h
@@ -832,6 +832,15 @@ AFSInitializeThreadCB( IN AFSProcessCB *ProcessCB,
 BOOLEAN
 AFSIsUser( IN PSID Sid);
 
+VOID
+AFSRegisterService( void);
+
+VOID
+AFSDeregisterService( void);
+
+BOOLEAN
+AFSIsService( void);
+
 };
 
 #endif /* _AFS_COMMON_H */