From: Jeffrey Altman <jaltman@your-file-system.com>
Date: Sat, 15 Mar 2014 16:44:09 +0000 (-0400)
Subject: Windows: XP do not mark rdr devices as secure
X-Git-Tag: upstream/1.8.0_pre1^2~772
X-Git-Url: https://git.michaelhowe.org/gitweb/?a=commitdiff_plain;h=faa5195fcfe1e202665462d273c00b900bf5ac17;p=packages%2Fo%2Fopenafs.git

Windows: XP do not mark rdr devices as secure

Commit 9174531dca75f1f2d235ed806f784422792c3ab2 introduced the use
of device characteristics (secure and remote) to the IoCreateDevice()
and IoCreateDeviceSecure() calls for the AFSRedirector device objects.

After this change end users began to report problems on 32-bit Windows
XP SP3 when the initial access to the AFS redirector was performed by
a Limited Access Account.

This patchset conditionalizes the specification of the secure device
characteristic when registering the redirector with MUP on 32-bit
Windows XP.

Change-Id: I0fb9671b8a05a841f2356d100e7031c961a7c482
Reviewed-on: http://gerrit.openafs.org/10906
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
Tested-by: Jeffrey Altman <jaltman@your-file-system.com>
---

diff --git a/src/WINNT/afsrdr/kernel/fs/AFSInit.cpp b/src/WINNT/afsrdr/kernel/fs/AFSInit.cpp
index a2631f319..c06d47269 100644
--- a/src/WINNT/afsrdr/kernel/fs/AFSInit.cpp
+++ b/src/WINNT/afsrdr/kernel/fs/AFSInit.cpp
@@ -260,7 +260,7 @@ DriverEntry( PDRIVER_OBJECT DriverObject,
                                          sizeof( AFSDeviceExt),
                                          &uniDeviceName,
                                          FILE_DEVICE_NETWORK_FILE_SYSTEM,
-                                         FILE_DEVICE_SECURE_OPEN | FILE_REMOTE_DEVICE,
+					 FILE_DEVICE_SECURE_OPEN | FILE_REMOTE_DEVICE,
                                          FALSE,
                                          &SDDL_DEVOBJ_SYS_ALL_ADM_RWX_WORLD_RWX_RES_RWX,
                                          (LPCGUID)&GUID_SD_AFS_REDIRECTOR_CONTROL_OBJECT,
diff --git a/src/WINNT/afsrdr/kernel/fs/AFSRDRSupport.cpp b/src/WINNT/afsrdr/kernel/fs/AFSRDRSupport.cpp
index af9112302..79598dab1 100644
--- a/src/WINNT/afsrdr/kernel/fs/AFSRDRSupport.cpp
+++ b/src/WINNT/afsrdr/kernel/fs/AFSRDRSupport.cpp
@@ -48,10 +48,19 @@ AFSInitRDRDevice()
     AFSDeviceExt  *pDeviceExt = NULL;
     UNICODE_STRING uniFsRtlRegisterUncProviderEx;
     FsRtlRegisterUncProviderEx_t pFsRtlRegisterUncProviderEx = NULL;
+    RTL_OSVERSIONINFOW sysVersion;
+    ULONG ulDeviceCharacteristics = FILE_REMOTE_DEVICE;
 
     __Enter
     {
 
+	RtlZeroMemory( &sysVersion,
+		       sizeof( RTL_OSVERSIONINFOW));
+
+	sysVersion.dwOSVersionInfoSize = sizeof( RTL_OSVERSIONINFOW);
+
+	RtlGetVersion( &sysVersion);
+
         RtlInitUnicodeString( &uniDeviceName,
                               AFS_RDR_DEVICE_NAME);
 
@@ -60,11 +69,24 @@ AFSInitRDRDevice()
 
         pFsRtlRegisterUncProviderEx = (FsRtlRegisterUncProviderEx_t)MmGetSystemRoutineAddress(&uniFsRtlRegisterUncProviderEx);
 
+	//
+	// On 32-bit Windows XP, do not set FILE_DEVICE_SECURE_OPEN
+	// flag as it interferes with initial access to \\afs from
+	// limited user accounts.
+	//
+
+	if(!(sysVersion.dwMajorVersion == 5 &&
+	     sysVersion.dwMinorVersion == 1))
+	{
+
+	    ulDeviceCharacteristics |= FILE_DEVICE_SECURE_OPEN;
+	}
+
         ntStatus = IoCreateDevice( AFSDriverObject,
                                    sizeof( AFSDeviceExt),
                                    pFsRtlRegisterUncProviderEx ? NULL : &uniDeviceName,
                                    FILE_DEVICE_NETWORK_FILE_SYSTEM,
-                                   FILE_DEVICE_SECURE_OPEN | FILE_REMOTE_DEVICE,
+				   ulDeviceCharacteristics,
                                    FALSE,
                                    &AFSRDRDeviceObject);