Windows: Only allow the local system account to speak to the redirector
authorRod Widdowson <rdw@steadingsoftware.com>
Fri, 28 Dec 2012 14:40:40 +0000 (14:40 +0000)
committerJeffrey Altman <jaltman@your-file-system.com>
Mon, 7 Jan 2013 15:23:49 +0000 (07:23 -0800)
When we get the IOCTL_AFS_INITIALIZE_CONTROL_DEVICE IOCTL we check to
see whether the calling process is the LOCAL_SYSTEM_SID (the one that
services run at if they are not running as a specified SID).  If we
are not then the initialize fails ACCESS_DENIED.

If the debug build ONLY, setting the AFS_DBG_DISABLE_SYSTEM_SID_CHECK
bit in OpenAFSDebugFlags circumvents this check, allowing interactive
debugging.

Existing code stops two processes (or even handles) from trying to
initialize the system.

Change-Id: I2ef8ca3a0df908acba38b435178d0509e96d6114
Reviewed-on: http://gerrit.openafs.org/8842
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Tested-by: Jeffrey Altman <jaltman@your-file-system.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>

src/WINNT/afsrdr/common/AFSRedirCommonDefines.h
src/WINNT/afsrdr/kernel/fs/AFSCommSupport.cpp
src/WINNT/afsrdr/kernel/fs/AFSProcessSupport.cpp
src/WINNT/afsrdr/kernel/fs/Include/AFSCommon.h

index 3493c09..4652016 100644 (file)
 // Debug information
 //
 
-#define AFS_DBG_FLAG_BREAK_ON_ENTRY     0x00000001   // Only enabled in checked build
-#define AFS_DBG_TRACE_TO_DEBUGGER       0x00000002
-#define AFS_DBG_FLAG_ENABLE_FORCE_CRASH 0x00000004   // Only enabled in checked build
-#define AFS_DBG_BUGCHECK_EXCEPTION      0x00000008
-#define AFS_DBG_CLEAN_SHUTDOWN          0x00000010
-#define AFS_DBG_REQUIRE_CLEAN_SHUTDOWN  0x00000020
+#define AFS_DBG_FLAG_BREAK_ON_ENTRY      0x00000001   // Only enabled in checked build
+#define AFS_DBG_TRACE_TO_DEBUGGER        0x00000002
+#define AFS_DBG_FLAG_ENABLE_FORCE_CRASH  0x00000004   // Only enabled in checked build
+#define AFS_DBG_BUGCHECK_EXCEPTION       0x00000008
+#define AFS_DBG_CLEAN_SHUTDOWN           0x00000010
+#define AFS_DBG_REQUIRE_CLEAN_SHUTDOWN   0x00000020
+#define AFS_DBG_DISABLE_SYSTEM_SID_CHECK 0x00000040
 
 //
 // Pool state
index c9f8528..9e46949 100644 (file)
@@ -407,11 +407,19 @@ AFSProcessControlRequest( IN PIRP Irp)
 
             case IOCTL_AFS_INITIALIZE_CONTROL_DEVICE:
             {
+                if ( !AFSIsUser( SeExports->SeLocalSystemSid)
+#if DBG
+                    && !BooleanFlagOn( AFSDebugFlags, AFS_DBG_DISABLE_SYSTEM_SID_CHECK)
+#endif
+                    )
+                {
 
+                    ntStatus = STATUS_ACCESS_DENIED;
+                    break;
+                }
                 //
                 // Go intialize the pool
                 //
-
                 ntStatus = AFSInitIrpPool();
 
                 if( !NT_SUCCESS( ntStatus))
index 22cf280..a815724 100644 (file)
@@ -941,3 +941,28 @@ try_exit:
 
     return pThreadCB;
 }
+
+BOOLEAN
+AFSIsUser( IN PSID Sid)
+{
+    SECURITY_SUBJECT_CONTEXT subjectContext;
+    PTOKEN_USER user;
+    PACCESS_TOKEN token;
+    BOOLEAN retVal = FALSE;
+
+    SeCaptureSubjectContext( &subjectContext);
+    SeLockSubjectContext( &subjectContext);
+
+    token = SeQuerySubjectContextToken( &subjectContext);
+
+    if (NT_SUCCESS (SeQueryInformationToken( token, TokenUser, (PVOID*) &user)))
+    {
+
+        retVal = RtlEqualSid( user->User.Sid, Sid);
+
+        ExFreePool( user );
+    }
+    SeUnlockSubjectContext( &subjectContext);
+    SeReleaseSubjectContext( &subjectContext);
+    return retVal;
+}
index 9af1fa7..5ccb7e1 100644 (file)
@@ -829,6 +829,9 @@ AFSThreadCB *
 AFSInitializeThreadCB( IN AFSProcessCB *ProcessCB,
                        IN ULONGLONG ThreadId);
 
+BOOLEAN
+AFSIsUser( IN PSID Sid);
+
 };
 
 #endif /* _AFS_COMMON_H */