Windows: CreateProcessNotify verify changes
authorJeffrey Altman <jaltman@your-file-system.com>
Tue, 27 Mar 2012 00:49:03 +0000 (20:49 -0400)
committerJeffrey Altman <jaltman@secure-endpoints.com>
Tue, 27 Mar 2012 18:39:52 +0000 (11:39 -0700)
PsSetCreateProcessNotifyRoutineEx will fail with STATUS_ACCESS_DENIED
if the driver does not have the IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
bit set in the image header.

Do not include the ParentProcessId in the AFSProceSSDestroy
parameter list.  It isn't available to use and isn't used for
anything in any case.

Assign AFSProcessCB blocks to processes that were created before
AFSRedirector registered the CreateProcessNotify callback and
access the file system.

Change-Id: I4b78cd94949cfdea6b36f601a851c0e2f53a7dbf
Reviewed-on: http://gerrit.openafs.org/6967
Reviewed-by: Jeffrey Altman <jaltman@secure-endpoints.com>
Tested-by: Jeffrey Altman <jaltman@secure-endpoints.com>

src/WINNT/afsrdr/kernel/fs/AFSInit.cpp
src/WINNT/afsrdr/kernel/fs/AFSProcessSupport.cpp
src/WINNT/afsrdr/kernel/fs/Include/AFSCommon.h
src/WINNT/afsrdr/kernel/fs/sources

index bbc662a..5ad3ba0 100644 (file)
@@ -453,7 +453,12 @@ DriverEntry( PDRIVER_OBJECT DriverObject,
         AFSInitServerStrings();
 
         //
-        // Register the call back for process creation and tear down
+        // Register the call back for process creation and tear down.
+        // On Vista SP1 and above, PsSetCreateProcessNotifyRoutineEx
+        // will be used.  This function returns STATUS_ACCESS_DENIED
+        // if there is a signing error.  In that case, the AFSProcessNotifyEx
+        // routine has not been registered and we can fallback to the
+        // Windows 2000 interface and AFSProcessNotify.
         //
 
         RtlInitUnicodeString( &uniPsSetCreateProcessNotifyRoutineEx,
@@ -461,19 +466,24 @@ DriverEntry( PDRIVER_OBJECT DriverObject,
 
         pPsSetCreateProcessNotifyRoutineEx = (PsSetCreateProcessNotifyRoutineEx_t)MmGetSystemRoutineAddress(&uniPsSetCreateProcessNotifyRoutineEx);
 
+        ntStatus = STATUS_ACCESS_DENIED;
+
         if ( pPsSetCreateProcessNotifyRoutineEx)
         {
 
-            pPsSetCreateProcessNotifyRoutineEx( AFSProcessNotifyEx,
-                                                FALSE);
+            ntStatus = pPsSetCreateProcessNotifyRoutineEx( AFSProcessNotifyEx,
+                                                           FALSE);
         }
-        else
+
+        if ( ntStatus == STATUS_ACCESS_DENIED)
         {
 
-            PsSetCreateProcessNotifyRoutine( AFSProcessNotify,
-                                             FALSE);
+            ntStatus = PsSetCreateProcessNotifyRoutine( AFSProcessNotify,
+                                                        FALSE);
         }
 
+        ntStatus = STATUS_SUCCESS;
+
 try_exit:
 
         if( !NT_SUCCESS( ntStatus))
index 20740c9..7e09dc4 100644 (file)
@@ -60,8 +60,7 @@ AFSProcessNotify( IN HANDLE  ParentId,
     else
     {
 
-        AFSProcessDestroy( ParentId,
-                           ProcessId);
+        AFSProcessDestroy( ProcessId);
     }
 
     return;
@@ -84,8 +83,7 @@ AFSProcessNotifyEx( IN OUT PEPROCESS Process,
     else
     {
 
-        AFSProcessDestroy( CreateInfo->ParentProcessId,
-                           ProcessId);
+        AFSProcessDestroy( ProcessId);
     }
 }
 
@@ -143,8 +141,7 @@ AFSProcessCreate( IN HANDLE ParentId,
 }
 
 void
-AFSProcessDestroy( IN HANDLE ParentId,
-                   IN HANDLE ProcessId)
+AFSProcessDestroy( IN HANDLE ProcessId)
 {
 
     NTSTATUS ntStatus = STATUS_SUCCESS;
@@ -276,21 +273,31 @@ AFSValidateProcessEntry( IN HANDLE ProcessId)
                       ullProcessID);
 
         ntStatus = AFSLocateHashEntry( pDeviceExt->Specific.Control.ProcessTree.TreeHead,
-                                       (ULONGLONG)ullProcessID,
+                                       ullProcessID,
                                        (AFSBTreeEntry **)&pProcessCB);
 
         if( !NT_SUCCESS( ntStatus) ||
             pProcessCB == NULL)
         {
 
+            AFSProcessCreate( 0,
+                              ProcessId,
+                              0,
+                              0);
+        }
+
+        if( !NT_SUCCESS( ntStatus) ||
+            pProcessCB == NULL)
+        {
+
             AFSDbgLogMsg( AFS_SUBSYSTEM_AUTHGROUP_PROCESSING,
                           AFS_TRACE_LEVEL_ERROR,
                           "%s Failed to locate process entry for ProcessID %I64X\n",
                           __FUNCTION__,
                           ullProcessID);
 
-            ASSERT( FALSE);
             AFSReleaseResource( pDeviceExt->Specific.Control.ProcessTree.TreeLock);
+
             try_return( ntStatus = STATUS_UNSUCCESSFUL);
         }
 
index 15f1bef..75300b5 100644 (file)
@@ -808,8 +808,7 @@ AFSProcessCreate( IN HANDLE ParentId,
                   IN HANDLE CreatingThreadId);
 
 void
-AFSProcessDestroy( IN HANDLE ParentId,
-                   IN HANDLE ProcessId);
+AFSProcessDestroy( IN HANDLE ProcessId);
 
 GUID *
 AFSValidateProcessEntry( IN HANDLE ProcessId);
index 7a61239..45720a8 100644 (file)
@@ -6,6 +6,8 @@ TARGETTYPE=DRIVER
 DRIVERTYPE=FS
 USE_MAPSYM=1
 
+LINKER_FLAGS=/INTEGRITYCHECK
+
 INCLUDES=Include;..\..\Common;
 
 TARGETLIBS=$(DDK_LIB_PATH)\ntstrsafe.lib \