From: Jeffrey Altman <jaltman@your-file-system.com>
Date: Tue, 27 Mar 2012 00:49:03 +0000 (-0400)
Subject: Windows: CreateProcessNotify verify changes
X-Git-Tag: upstream/1.8.0_pre1^2~2674
X-Git-Url: https://git.michaelhowe.org/gitweb/?a=commitdiff_plain;h=5b4e0e3c2eb161eabbb7a9ea8486315040e9705a;p=packages%2Fo%2Fopenafs.git

Windows: CreateProcessNotify verify changes

PsSetCreateProcessNotifyRoutineEx will fail with STATUS_ACCESS_DENIED
if the driver does not have the IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
bit set in the image header.

Do not include the ParentProcessId in the AFSProceSSDestroy
parameter list.  It isn't available to use and isn't used for
anything in any case.

Assign AFSProcessCB blocks to processes that were created before
AFSRedirector registered the CreateProcessNotify callback and
access the file system.

Change-Id: I4b78cd94949cfdea6b36f601a851c0e2f53a7dbf
Reviewed-on: http://gerrit.openafs.org/6967
Reviewed-by: Jeffrey Altman <jaltman@secure-endpoints.com>
Tested-by: Jeffrey Altman <jaltman@secure-endpoints.com>
---

diff --git a/src/WINNT/afsrdr/kernel/fs/AFSInit.cpp b/src/WINNT/afsrdr/kernel/fs/AFSInit.cpp
index bbc662a17..5ad3ba098 100644
--- a/src/WINNT/afsrdr/kernel/fs/AFSInit.cpp
+++ b/src/WINNT/afsrdr/kernel/fs/AFSInit.cpp
@@ -453,7 +453,12 @@ DriverEntry( PDRIVER_OBJECT DriverObject,
         AFSInitServerStrings();
 
         //
-        // Register the call back for process creation and tear down
+        // Register the call back for process creation and tear down.
+        // On Vista SP1 and above, PsSetCreateProcessNotifyRoutineEx
+        // will be used.  This function returns STATUS_ACCESS_DENIED
+        // if there is a signing error.  In that case, the AFSProcessNotifyEx
+        // routine has not been registered and we can fallback to the
+        // Windows 2000 interface and AFSProcessNotify.
         //
 
         RtlInitUnicodeString( &uniPsSetCreateProcessNotifyRoutineEx,
@@ -461,19 +466,24 @@ DriverEntry( PDRIVER_OBJECT DriverObject,
 
         pPsSetCreateProcessNotifyRoutineEx = (PsSetCreateProcessNotifyRoutineEx_t)MmGetSystemRoutineAddress(&uniPsSetCreateProcessNotifyRoutineEx);
 
+        ntStatus = STATUS_ACCESS_DENIED;
+
         if ( pPsSetCreateProcessNotifyRoutineEx)
         {
 
-            pPsSetCreateProcessNotifyRoutineEx( AFSProcessNotifyEx,
-                                                FALSE);
+            ntStatus = pPsSetCreateProcessNotifyRoutineEx( AFSProcessNotifyEx,
+                                                           FALSE);
         }
-        else
+
+        if ( ntStatus == STATUS_ACCESS_DENIED)
         {
 
-            PsSetCreateProcessNotifyRoutine( AFSProcessNotify,
-                                             FALSE);
+            ntStatus = PsSetCreateProcessNotifyRoutine( AFSProcessNotify,
+                                                        FALSE);
         }
 
+        ntStatus = STATUS_SUCCESS;
+
 try_exit:
 
         if( !NT_SUCCESS( ntStatus))
diff --git a/src/WINNT/afsrdr/kernel/fs/AFSProcessSupport.cpp b/src/WINNT/afsrdr/kernel/fs/AFSProcessSupport.cpp
index 20740c9c8..7e09dc4f5 100644
--- a/src/WINNT/afsrdr/kernel/fs/AFSProcessSupport.cpp
+++ b/src/WINNT/afsrdr/kernel/fs/AFSProcessSupport.cpp
@@ -60,8 +60,7 @@ AFSProcessNotify( IN HANDLE  ParentId,
     else
     {
 
-        AFSProcessDestroy( ParentId,
-                           ProcessId);
+        AFSProcessDestroy( ProcessId);
     }
 
     return;
@@ -84,8 +83,7 @@ AFSProcessNotifyEx( IN OUT PEPROCESS Process,
     else
     {
 
-        AFSProcessDestroy( CreateInfo->ParentProcessId,
-                           ProcessId);
+        AFSProcessDestroy( ProcessId);
     }
 }
 
@@ -143,8 +141,7 @@ AFSProcessCreate( IN HANDLE ParentId,
 }
 
 void
-AFSProcessDestroy( IN HANDLE ParentId,
-                   IN HANDLE ProcessId)
+AFSProcessDestroy( IN HANDLE ProcessId)
 {
 
     NTSTATUS ntStatus = STATUS_SUCCESS;
@@ -276,9 +273,19 @@ AFSValidateProcessEntry( IN HANDLE ProcessId)
                       ullProcessID);
 
         ntStatus = AFSLocateHashEntry( pDeviceExt->Specific.Control.ProcessTree.TreeHead,
-                                       (ULONGLONG)ullProcessID,
+                                       ullProcessID,
                                        (AFSBTreeEntry **)&pProcessCB);
 
+        if( !NT_SUCCESS( ntStatus) ||
+            pProcessCB == NULL)
+        {
+
+            AFSProcessCreate( 0,
+                              ProcessId,
+                              0,
+                              0);
+        }
+
         if( !NT_SUCCESS( ntStatus) ||
             pProcessCB == NULL)
         {
@@ -289,8 +296,8 @@ AFSValidateProcessEntry( IN HANDLE ProcessId)
                           __FUNCTION__,
                           ullProcessID);
 
-            ASSERT( FALSE);
             AFSReleaseResource( pDeviceExt->Specific.Control.ProcessTree.TreeLock);
+
             try_return( ntStatus = STATUS_UNSUCCESSFUL);
         }
 
diff --git a/src/WINNT/afsrdr/kernel/fs/Include/AFSCommon.h b/src/WINNT/afsrdr/kernel/fs/Include/AFSCommon.h
index 15f1befe7..75300b54b 100644
--- a/src/WINNT/afsrdr/kernel/fs/Include/AFSCommon.h
+++ b/src/WINNT/afsrdr/kernel/fs/Include/AFSCommon.h
@@ -808,8 +808,7 @@ AFSProcessCreate( IN HANDLE ParentId,
                   IN HANDLE CreatingThreadId);
 
 void
-AFSProcessDestroy( IN HANDLE ParentId,
-                   IN HANDLE ProcessId);
+AFSProcessDestroy( IN HANDLE ProcessId);
 
 GUID *
 AFSValidateProcessEntry( IN HANDLE ProcessId);
diff --git a/src/WINNT/afsrdr/kernel/fs/sources b/src/WINNT/afsrdr/kernel/fs/sources
index 7a612392a..45720a88b 100644
--- a/src/WINNT/afsrdr/kernel/fs/sources
+++ b/src/WINNT/afsrdr/kernel/fs/sources
@@ -6,6 +6,8 @@ TARGETTYPE=DRIVER
 DRIVERTYPE=FS
 USE_MAPSYM=1
 
+LINKER_FLAGS=/INTEGRITYCHECK
+
 INCLUDES=Include;..\..\Common;
 
 TARGETLIBS=$(DDK_LIB_PATH)\ntstrsafe.lib \