Windows: CreateProcessNotify verify changes

PsSetCreateProcessNotifyRoutineEx will fail with STATUS_ACCESS_DENIED
if the driver does not have the IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
bit set in the image header.

Do not include the ParentProcessId in the AFSProceSSDestroy
parameter list.  It isn't available to use and isn't used for
anything in any case.

Assign AFSProcessCB blocks to processes that were created before
AFSRedirector registered the CreateProcessNotify callback and
access the file system.

Change-Id: I4b78cd94949cfdea6b36f601a851c0e2f53a7dbf
Reviewed-on: http://gerrit.openafs.org/6967
Reviewed-by: Jeffrey Altman <jaltman@secure-endpoints.com>
Tested-by: Jeffrey Altman <jaltman@secure-endpoints.com>

diff --git a/src/WINNT/afsrdr/kernel/fs/AFSInit.cpp b/src/WINNT/afsrdr/kernel/fs/AFSInit.cpp
index bbc662a170e634e750f74227dabd6a6393a52fe2..5ad3ba09856fec872cc9b746b6e808e90078881e 100644 (file)
--- a/src/WINNT/afsrdr/kernel/fs/AFSInit.cpp
+++ b/src/WINNT/afsrdr/kernel/fs/AFSInit.cpp
@@ -453,7 +453,12 @@ DriverEntry( PDRIVER_OBJECT DriverObject,
         AFSInitServerStrings();
 
         //
-        // Register the call back for process creation and tear down
+        // Register the call back for process creation and tear down.
+        // On Vista SP1 and above, PsSetCreateProcessNotifyRoutineEx
+        // will be used.  This function returns STATUS_ACCESS_DENIED
+        // if there is a signing error.  In that case, the AFSProcessNotifyEx
+        // routine has not been registered and we can fallback to the
+        // Windows 2000 interface and AFSProcessNotify.
         //
 
         RtlInitUnicodeString( &uniPsSetCreateProcessNotifyRoutineEx,
@@ -461,19 +466,24 @@ DriverEntry( PDRIVER_OBJECT DriverObject,
 
         pPsSetCreateProcessNotifyRoutineEx = (PsSetCreateProcessNotifyRoutineEx_t)MmGetSystemRoutineAddress(&uniPsSetCreateProcessNotifyRoutineEx);
 
+        ntStatus = STATUS_ACCESS_DENIED;
+
         if ( pPsSetCreateProcessNotifyRoutineEx)
         {
 
-            pPsSetCreateProcessNotifyRoutineEx( AFSProcessNotifyEx,
-                                                FALSE);
+            ntStatus = pPsSetCreateProcessNotifyRoutineEx( AFSProcessNotifyEx,
+                                                           FALSE);
         }
-        else
+
+        if ( ntStatus == STATUS_ACCESS_DENIED)
         {
 
-            PsSetCreateProcessNotifyRoutine( AFSProcessNotify,
-                                             FALSE);
+            ntStatus = PsSetCreateProcessNotifyRoutine( AFSProcessNotify,
+                                                        FALSE);
         }
 
+        ntStatus = STATUS_SUCCESS;
+
 try_exit:
 
         if( !NT_SUCCESS( ntStatus))

diff --git a/src/WINNT/afsrdr/kernel/fs/AFSProcessSupport.cpp b/src/WINNT/afsrdr/kernel/fs/AFSProcessSupport.cpp
index 20740c9c8229348069662ec186a210ab84a13529..7e09dc4f5b7d6fd9662b26a79bc01a116960496d 100644 (file)
--- a/src/WINNT/afsrdr/kernel/fs/AFSProcessSupport.cpp
+++ b/src/WINNT/afsrdr/kernel/fs/AFSProcessSupport.cpp
@@ -60,8 +60,7 @@ AFSProcessNotify( IN HANDLE  ParentId,
     else
     {
 
-        AFSProcessDestroy( ParentId,
-                           ProcessId);
+        AFSProcessDestroy( ProcessId);
     }
 
     return;
@@ -84,8 +83,7 @@ AFSProcessNotifyEx( IN OUT PEPROCESS Process,
     else
     {
 
-        AFSProcessDestroy( CreateInfo->ParentProcessId,
-                           ProcessId);
+        AFSProcessDestroy( ProcessId);
     }
 }
 
@@ -143,8 +141,7 @@ AFSProcessCreate( IN HANDLE ParentId,
 }
 
 void
-AFSProcessDestroy( IN HANDLE ParentId,
-                   IN HANDLE ProcessId)
+AFSProcessDestroy( IN HANDLE ProcessId)
 {
 
     NTSTATUS ntStatus = STATUS_SUCCESS;
@@ -276,9 +273,19 @@ AFSValidateProcessEntry( IN HANDLE ProcessId)
                       ullProcessID);
 
         ntStatus = AFSLocateHashEntry( pDeviceExt->Specific.Control.ProcessTree.TreeHead,
-                                       (ULONGLONG)ullProcessID,
+                                       ullProcessID,
                                        (AFSBTreeEntry **)&pProcessCB);
 
+        if( !NT_SUCCESS( ntStatus) ||
+            pProcessCB == NULL)
+        {
+
+            AFSProcessCreate( 0,
+                              ProcessId,
+                              0,
+                              0);
+        }
+
         if( !NT_SUCCESS( ntStatus) ||
             pProcessCB == NULL)
         {
@@ -289,8 +296,8 @@ AFSValidateProcessEntry( IN HANDLE ProcessId)
                           __FUNCTION__,
                           ullProcessID);
 
-            ASSERT( FALSE);
             AFSReleaseResource( pDeviceExt->Specific.Control.ProcessTree.TreeLock);
+
             try_return( ntStatus = STATUS_UNSUCCESSFUL);
         }
 

diff --git a/src/WINNT/afsrdr/kernel/fs/Include/AFSCommon.h b/src/WINNT/afsrdr/kernel/fs/Include/AFSCommon.h
index 15f1befe72ba4639f56c1f2c8b0519a3e708f79e..75300b54b657fcfea54363cd6c9119c25c8e21c1 100644 (file)
--- a/src/WINNT/afsrdr/kernel/fs/Include/AFSCommon.h
+++ b/src/WINNT/afsrdr/kernel/fs/Include/AFSCommon.h
@@ -808,8 +808,7 @@ AFSProcessCreate( IN HANDLE ParentId,
                   IN HANDLE CreatingThreadId);
 
 void
-AFSProcessDestroy( IN HANDLE ParentId,
-                   IN HANDLE ProcessId);
+AFSProcessDestroy( IN HANDLE ProcessId);
 
 GUID *
 AFSValidateProcessEntry( IN HANDLE ProcessId);

diff --git a/src/WINNT/afsrdr/kernel/fs/sources b/src/WINNT/afsrdr/kernel/fs/sources
index 7a612392ab58d3ceacff351f3d32bc56172fe9cf..45720a88b0aeead4f19eab1db692bc6cb9fe344f 100644 (file)
--- a/src/WINNT/afsrdr/kernel/fs/sources
+++ b/src/WINNT/afsrdr/kernel/fs/sources
@@ -6,6 +6,8 @@ TARGETTYPE=DRIVER
 DRIVERTYPE=FS
 USE_MAPSYM=1
 
+LINKER_FLAGS=/INTEGRITYCHECK
+
 INCLUDES=Include;..\..\Common;
 
 TARGETLIBS=$(DDK_LIB_PATH)\ntstrsafe.lib \