git://git.openafs.org / openafs.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch (from parent 1: d351643)
Windows: Always fetch auth id in kernel
authorJeffrey Altman <jaltman@your-file-system.com>
Sun, 28 Jun 2015 17:18:01 +0000 (13:18 -0400)
committerJeffrey Altman <jaltman@your-file-system.com>
Thu, 24 Sep 2015 04:19:25 +0000 (00:19 -0400)
When processing network provider requests in afsredirlib.sys always
obtain the auth id using the SYSTEM worker thread.   Do not trust
the values provided by userland.

Change-Id: I9786b0c836cf967074035a7595c38c8700cb7589
Reviewed-on: http://gerrit.openafs.org/11910
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>

src/WINNT/afsrdr/kernel/lib/AFSNetworkProviderSupport.cpp patch | blob | history

diff --git a/src/WINNT/afsrdr/kernel/lib/AFSNetworkProviderSupport.cpp b/src/WINNT/afsrdr/kernel/lib/AFSNetworkProviderSupport.cpp
index 8921d29..0561627 100644 (file)
--- a/src/WINNT/afsrdr/kernel/lib/AFSNetworkProviderSupport.cpp
+++ b/src/WINNT/afsrdr/kernel/lib/AFSNetworkProviderSupport.cpp
@@ -58,27 +58,23 @@ AFSAddConnection( IN AFSNetworkProviderConnectionCB *ConnectCB,
                       &pRDRDevExt->Specific.RDR.ProviderListLock,
                       PsGetCurrentThread()));
 
-        if( ConnectCB->AuthenticationId.QuadPart == 0)
-        {
-
-           ntStatus = AFSGetAuthenticationId(&ConnectCB->AuthenticationId);
+       ntStatus = AFSGetAuthenticationId(&ConnectCB->AuthenticationId);
 
-           if ( !NT_SUCCESS( ntStatus))
-           {
+       if ( !NT_SUCCESS( ntStatus))
+       {
 
-               AFSDbgTrace(( AFS_SUBSYSTEM_NETWORK_PROVIDER,
-                             AFS_TRACE_LEVEL_ERROR,
-                             "AFSAddConnection Unable to retrieve authentication id %08lX\n",
-                             ntStatus));
+           AFSDbgTrace(( AFS_SUBSYSTEM_NETWORK_PROVIDER,
+                         AFS_TRACE_LEVEL_ERROR,
+                         "AFSAddConnection Unable to retrieve authentication id %08lX\n",
+                         ntStatus));
 
-               return ntStatus;
-           }
+           return ntStatus;
+       }
 
-            AFSDbgTrace(( AFS_SUBSYSTEM_NETWORK_PROVIDER,
-                          AFS_TRACE_LEVEL_VERBOSE,
-                          "AFSAddConnection Retrieved authentication id %I64X\n",
-                          ConnectCB->AuthenticationId.QuadPart));
-        }
+       AFSDbgTrace(( AFS_SUBSYSTEM_NETWORK_PROVIDER,
+                     AFS_TRACE_LEVEL_VERBOSE,
+                     "AFSAddConnection Retrieved authentication id %I64X\n",
+                     ConnectCB->AuthenticationId.QuadPart));
 
         AFSAcquireExcl( &pRDRDevExt->Specific.RDR.ProviderListLock,
                         TRUE);
@@ -434,27 +430,23 @@ AFSCancelConnection( IN AFSNetworkProviderConnectionCB *ConnectCB,
                       &pRDRDevExt->Specific.RDR.ProviderListLock,
                       PsGetCurrentThread()));
 
-        if( ConnectCB->AuthenticationId.QuadPart == 0)
-        {
-
-           ntStatus = AFSGetAuthenticationId(&ConnectCB->AuthenticationId);
+       ntStatus = AFSGetAuthenticationId(&ConnectCB->AuthenticationId);
 
-           if ( !NT_SUCCESS( ntStatus))
-           {
+       if ( !NT_SUCCESS( ntStatus))
+       {
 
-               AFSDbgTrace(( AFS_SUBSYSTEM_NETWORK_PROVIDER,
-                             AFS_TRACE_LEVEL_ERROR,
-                             "AFSCancelConnection Unable to retrieve authentication id %08lX\n",
-                             ntStatus));
+           AFSDbgTrace(( AFS_SUBSYSTEM_NETWORK_PROVIDER,
+                         AFS_TRACE_LEVEL_ERROR,
+                         "AFSCancelConnection Unable to retrieve authentication id %08lX\n",
+                         ntStatus));
 
-               return ntStatus;
-           }
+           return ntStatus;
+       }
 
-            AFSDbgTrace(( AFS_SUBSYSTEM_NETWORK_PROVIDER,
-                          AFS_TRACE_LEVEL_VERBOSE,
-                          "AFSCancelConnection Retrieved authentication id %I64X\n",
-                          ConnectCB->AuthenticationId.QuadPart));
-        }
+       AFSDbgTrace(( AFS_SUBSYSTEM_NETWORK_PROVIDER,
+                     AFS_TRACE_LEVEL_VERBOSE,
+                     "AFSCancelConnection Retrieved authentication id %I64X\n",
+                     ConnectCB->AuthenticationId.QuadPart));
 
         AFSAcquireExcl( &pRDRDevExt->Specific.RDR.ProviderListLock,
                         TRUE);
@@ -570,28 +562,24 @@ AFSGetConnection( IN AFSNetworkProviderConnectionCB *ConnectCB,
     __Enter
     {
 
-       if( ConnectCB->AuthenticationId.QuadPart == 0)
-       {
-
-           ntStatus = AFSGetAuthenticationId(&ConnectCB->AuthenticationId);
-
-           if ( !NT_SUCCESS( ntStatus))
-           {
+       ntStatus = AFSGetAuthenticationId(&ConnectCB->AuthenticationId);
 
-               AFSDbgTrace(( AFS_SUBSYSTEM_NETWORK_PROVIDER,
-                             AFS_TRACE_LEVEL_ERROR,
-                             "AFSGetConnection Unable to retrieve authentication id %08lX\n",
-                             ntStatus));
-
-               return ntStatus;
-           }
+       if ( !NT_SUCCESS( ntStatus))
+       {
 
            AFSDbgTrace(( AFS_SUBSYSTEM_NETWORK_PROVIDER,
-                         AFS_TRACE_LEVEL_VERBOSE,
-                         "AFSGetConnection Retrieved authentication id %I64X\n",
-                         ConnectCB->AuthenticationId.QuadPart));
+                         AFS_TRACE_LEVEL_ERROR,
+                         "AFSGetConnection Unable to retrieve authentication id %08lX\n",
+                         ntStatus));
+
+           return ntStatus;
        }
 
+       AFSDbgTrace(( AFS_SUBSYSTEM_NETWORK_PROVIDER,
+                     AFS_TRACE_LEVEL_VERBOSE,
+                     "AFSGetConnection Retrieved authentication id %I64X\n",
+                     ConnectCB->AuthenticationId.QuadPart));
+
         if( ConnectCB->LocalName != L'\0')
         {
 
@@ -721,27 +709,23 @@ AFSListConnections( IN OUT AFSNetworkProviderConnectionCB *ConnectCB,
 
         ulType = ConnectCB->Type;
 
-        if( ConnectCB->AuthenticationId.QuadPart == 0)
-        {
+       ntStatus = AFSGetAuthenticationId(&ConnectCB->AuthenticationId);
 
-           ntStatus = AFSGetAuthenticationId(&ConnectCB->AuthenticationId);
+       if ( !NT_SUCCESS( ntStatus))
+       {
 
-           if ( !NT_SUCCESS( ntStatus))
-           {
+           AFSDbgTrace(( AFS_SUBSYSTEM_NETWORK_PROVIDER,
+                         AFS_TRACE_LEVEL_ERROR,
+                         "AFSListConnection Unable to retrieve authentication id %08lX\n",
+                         ntStatus));
 
-               AFSDbgTrace(( AFS_SUBSYSTEM_NETWORK_PROVIDER,
-                             AFS_TRACE_LEVEL_ERROR,
-                             "AFSListConnection Unable to retrieve authentication id %08lX\n",
-                             ntStatus));
+           return ntStatus;
+       }
 
-               return ntStatus;
-           }
-
-            AFSDbgTrace(( AFS_SUBSYSTEM_NETWORK_PROVIDER,
-                          AFS_TRACE_LEVEL_VERBOSE,
-                          "AFSListConnections Retrieved authentication id %I64X\n",
-                          ConnectCB->AuthenticationId.QuadPart));
-        }
+       AFSDbgTrace(( AFS_SUBSYSTEM_NETWORK_PROVIDER,
+                     AFS_TRACE_LEVEL_VERBOSE,
+                     "AFSListConnections Retrieved authentication id %I64X\n",
+                     ConnectCB->AuthenticationId.QuadPart));
 
         liAuthenticationID.QuadPart = ConnectCB->AuthenticationId.QuadPart;
 
@@ -1509,28 +1493,24 @@ AFSGetConnectionInfo( IN AFSNetworkProviderConnectionCB *ConnectCB,
         uniRemoteName.MaximumLength = uniRemoteName.Length + sizeof( WCHAR);
         uniRemoteName.Buffer = (WCHAR *)ConnectCB->RemoteName;
 
-       if( ConnectCB->AuthenticationId.QuadPart == 0)
-       {
-
-           ntStatus = AFSGetAuthenticationId(&ConnectCB->AuthenticationId);
-
-           if ( !NT_SUCCESS( ntStatus))
-           {
+       ntStatus = AFSGetAuthenticationId(&ConnectCB->AuthenticationId);
 
-               AFSDbgTrace(( AFS_SUBSYSTEM_NETWORK_PROVIDER,
-                             AFS_TRACE_LEVEL_ERROR,
-                             "AFSGetConnectionInfo Unable to retrieve authentication id %08lX\n",
-                             ntStatus));
-
-               return ntStatus;
-           }
+       if ( !NT_SUCCESS( ntStatus))
+       {
 
            AFSDbgTrace(( AFS_SUBSYSTEM_NETWORK_PROVIDER,
-                         AFS_TRACE_LEVEL_VERBOSE,
-                         "AFSGetConnectionInfo Retrieved authentication id %I64X\n",
-                         ConnectCB->AuthenticationId.QuadPart));
+                         AFS_TRACE_LEVEL_ERROR,
+                         "AFSGetConnectionInfo Unable to retrieve authentication id %08lX\n",
+                         ntStatus));
+
+           return ntStatus;
        }
 
+       AFSDbgTrace(( AFS_SUBSYSTEM_NETWORK_PROVIDER,
+                     AFS_TRACE_LEVEL_VERBOSE,
+                     "AFSGetConnectionInfo Retrieved authentication id %I64X\n",
+                     ConnectCB->AuthenticationId.QuadPart));
+
         if( ConnectCB->LocalName != L'\0')
         {
 
OpenAFS Master Repository