Merge branch 'feature/#38-implementDokanIOSecurityContext' into develop

closes #38
dokan-dev · May 20, 2020 · e03ca4d · e03ca4d
2 parents 6c5f9c7 + 359e82b
commit e03ca4d
Show file tree

Hide file tree

Showing 8 changed files with 170 additions and 6 deletions.
diff --git a/src/main/java/dev/dokan/dokan_java/AbstractDokanFileSystem.java b/src/main/java/dev/dokan/dokan_java/AbstractDokanFileSystem.java
@@ -54,7 +54,7 @@ private void init(DokanOperations dokanOperations) {
 
         if (usesKernelFlagsAndCodes) {
             if (isImplemented("zwCreateFile")) {
-                dokanOperations.setZwCreateFile(this::zwCreateFile);
+                dokanOperations.setZwCreateFile((rawPath, securityContext, rawDesiredAccess, rawFileAttributes, rawShareAccess, rawCreateDisposition, rawCreateOptions, dokanFileInfo) -> zwCreateFile(rawPath, securityContext, rawDesiredAccess, rawFileAttributes, rawShareAccess, rawCreateDisposition, rawCreateOptions, dokanFileInfo));
             }
             if (isImplemented("cleanup")) {
                 dokanOperations.setCleanup(this::cleanup);

diff --git a/src/main/java/dev/dokan/dokan_java/DokanFileSystem.java b/src/main/java/dev/dokan/dokan_java/DokanFileSystem.java
@@ -6,6 +6,7 @@
 import dev.dokan.dokan_java.constants.microsoft.NtStatuses;
 import dev.dokan.dokan_java.structure.ByHandleFileInformation;
 import dev.dokan.dokan_java.structure.DokanFileInfo;
+import dev.dokan.dokan_java.structure.DokanIOSecurityContext;
 import dev.dokan.dokan_java.structure.DokanOptions;
 import com.sun.jna.Pointer;
 import com.sun.jna.WString;
@@ -51,7 +52,7 @@ public interface DokanFileSystem extends Mountable {
      */
     int zwCreateFile(
             WString rawPath,
-            WinBase.SECURITY_ATTRIBUTES securityContext,
+            DokanIOSecurityContext securityContext,
             int rawDesiredAccess,
             int rawFileAttributes,
             int rawShareAccess,

diff --git a/src/main/java/dev/dokan/dokan_java/DokanFileSystemStub.java b/src/main/java/dev/dokan/dokan_java/DokanFileSystemStub.java
@@ -7,6 +7,8 @@
 import com.sun.jna.platform.win32.WinBase;
 import com.sun.jna.ptr.IntByReference;
 import com.sun.jna.ptr.LongByReference;
+import dev.dokan.dokan_java.structure.DokanIOSecurityContext;
+
 
 public class DokanFileSystemStub extends AbstractDokanFileSystem {
 
@@ -29,7 +31,7 @@ public DokanFileSystemStub(FileSystemInformation fileSystemInformation, boolean
      */
     @Override
     @NotImplemented
-    public int zwCreateFile(WString rawPath, WinBase.SECURITY_ATTRIBUTES securityContext, int rawDesiredAccess, int rawFileAttributes, int rawShareAccess, int rawCreateDisposition, int rawCreateOptions, DokanFileInfo dokanFileInfo) {
+    public int zwCreateFile(WString rawPath, DokanIOSecurityContext securityContext, int rawDesiredAccess, int rawFileAttributes, int rawShareAccess, int rawCreateDisposition, int rawCreateOptions, DokanFileInfo dokanFileInfo) {
         return 0;
     }
 

diff --git a/src/main/java/dev/dokan/dokan_java/DokanOperations.java b/src/main/java/dev/dokan/dokan_java/DokanOperations.java
@@ -8,12 +8,12 @@
 import dev.dokan.dokan_java.constants.microsoft.FileSystemFlag;
 import dev.dokan.dokan_java.structure.ByHandleFileInformation;
 import dev.dokan.dokan_java.structure.DokanFileInfo;
+import dev.dokan.dokan_java.structure.DokanIOSecurityContext;
 import dev.dokan.dokan_java.structure.DokanOptions;
 import com.sun.jna.Callback;
 import com.sun.jna.Pointer;
 import com.sun.jna.Structure;
 import com.sun.jna.WString;
-import com.sun.jna.platform.win32.WinBase;
 import com.sun.jna.platform.win32.WinBase.FILETIME;
 import com.sun.jna.platform.win32.WinBase.WIN32_FIND_DATA;
 import com.sun.jna.ptr.IntByReference;
@@ -119,7 +119,7 @@ interface ZwCreateFile extends Callback {
          */
         long callback(
                 WString rawPath,
-                WinBase.SECURITY_ATTRIBUTES securityContext,
+                DokanIOSecurityContext securityContext,
                 int rawDesiredAccess,
                 int rawFileAttributes,
                 int rawShareAccess,

diff --git a/src/main/java/dev/dokan/dokan_java/examples/DirListingFileSystem.java b/src/main/java/dev/dokan/dokan_java/examples/DirListingFileSystem.java
@@ -17,6 +17,7 @@
 import dev.dokan.dokan_java.constants.microsoft.Win32ErrorCodes;
 import dev.dokan.dokan_java.structure.ByHandleFileInformation;
 import dev.dokan.dokan_java.structure.DokanFileInfo;
+import dev.dokan.dokan_java.structure.DokanIOSecurityContext;
 import dev.dokan.dokan_java.structure.EnumIntegerSet;
 
 import java.io.IOException;
@@ -51,7 +52,7 @@ public DirListingFileSystem(Path root, FileSystemInformation fileSystemInformati
     }
 
     @Override
-    public int zwCreateFile(WString rawPath, WinBase.SECURITY_ATTRIBUTES securityContext, int rawDesiredAccess, int rawFileAttributes, int rawShareAccess, int rawCreateDisposition, int rawCreateOptions, DokanFileInfo dokanFileInfo) {
+    public int zwCreateFile(WString rawPath, DokanIOSecurityContext securityContext, int rawDesiredAccess, int rawFileAttributes, int rawShareAccess, int rawCreateDisposition, int rawCreateOptions, DokanFileInfo dokanFileInfo) {
         Path p = getrootedPath(rawPath);
 
         //the files must exist and we are read only here

diff --git a/src/main/java/dev/dokan/dokan_java/structure/DokanAccessState.java b/src/main/java/dev/dokan/dokan_java/structure/DokanAccessState.java
@@ -0,0 +1,100 @@
+package dev.dokan.dokan_java.structure;
+
+
+import com.sun.jna.Pointer;
+import com.sun.jna.Structure;
+
+import java.util.Arrays;
+import java.util.List;
+
+
+/**
+ * This is a Dokan specific implementation of the ACCESS_STATE structure of the windows kernel.
+ *
+ * @see <a href="https://docs.microsoft.com/de-de/windows-hardware/drivers/ddi/wdm/ns-wdm-_access_state">Microsoft Documentation</a>
+ * @see <a href="https://github.com/dokan-dev/dokany/blob/master/sys/public.h>Definition in {@code public.h}</a> of the Dokany project.
+ */
+public class DokanAccessState extends Structure {
+
+	/**
+	 * A boolean value that specifies whether security was evaluated as part of the access check.
+	 * This member is currently unused by drivers.
+	 */
+	public boolean SecurityEvaluated;
+
+	/**
+	 * A Boolean value that specifies whether the access should generate an audit.
+	 * This member is currently unused by drivers.
+	 */
+	public boolean GenerateAudit;
+
+	/**
+	 * A Boolean value that specifies whether an audit should be generated when the handle being created is closed.
+	 * This member is currently unused by drivers.
+	 */
+	public boolean GenerateOnClose;
+
+	/**
+	 * A Boolean value that specifies whether a privilege usage should be audited.
+	 * This member is currently unused by drivers.
+	 */
+	public boolean AuditPrivileges;
+
+	/**
+	 * A 32-bit value that contains bit-field flags for the access.
+	 * A driver can check for the traverse access flag (TOKEN_HAS_TRAVERSE_PRIVILEGE).
+	 * For more information about how to check for traverse access, see <a href="https://docs.microsoft.com/windows-hardware/drivers/ifs/checking-for-traverse-privilege-on-irp-mj-create">Check for Traverse Privilege on IRP_MJ_CREATE</a>.
+	 * A driver can also check for the TOKEN_IS_RESTRICTED flag.
+	 * These flags are defined in Ntifs.h.
+	 */
+	public int Flags;
+
+	/**
+	 * An ACCESS_MASK type that describes the access rights that have not yet been granted to the caller.
+	 * A driver uses this member to determine if the Windows security system can grant access.
+	 * If access can be granted, the driver updates the PreviouslyGrantedAccess and RemainingDesiredAccess members accordingly.
+	 */
+	public int RemainingDesiredAccess;
+
+	/**
+	 * An ACCESS_MASK type that specifies the information about access that has already been granted to the caller of one of the <a href="https://docs.microsoft.com/previous-versions/windows/hardware/drivers/ff563711(v=vs.85)">Security Reference Monitor Routines</a>
+	 * The Windows security system grants certain rights based on the privileges of the caller, such as traverse right (the ability to traverse through a directory as part of opening a subdirectory or file).
+	 */
+	public int PreviouslyGrantedAccess;
+
+	/**
+	 * An ACCESS_MASK type that contains the original access rights that were requested by the caller.
+	 */
+	public int OriginalDesiredAccess;
+
+	/**
+	 * A pointer to a SECURITY_DESCRIPTOR structure that contains security information for the object that this access relates to.
+	 */
+	public Pointer SecurityDescriptor;
+	//public WinNT.SECURITY_DESCRIPTOR_RELATIVE.ByReference SecurityDescriptor; //Does not work
+
+	/**
+	 * A UNICODE_STRING structure that contains the object name string for the access. This member is used for auditing.
+	 */
+	public UnicodeString ObjectName;
+
+	/**
+	 * A UNICODE_STRING structure that contains the object type name string for the access. This member is used for auditing.
+	 */
+	public UnicodeString ObjectType;
+
+	@Override
+	protected List<String> getFieldOrder() {
+		return Arrays.asList(new String[]{"SecurityEvaluated",
+				"GenerateAudit",
+				"GenerateOnClose",
+				"AuditPrivileges",
+				"Flags",
+				"RemainingDesiredAccess",
+				"PreviouslyGrantedAccess",
+				"OriginalDesiredAccess",
+				"SecurityDescriptor",
+				"ObjectName",
+				"ObjectType"});
+	}
+}
diff --git a/src/main/java/dev/dokan/dokan_java/structure/DokanIOSecurityContext.java b/src/main/java/dev/dokan/dokan_java/structure/DokanIOSecurityContext.java
@@ -0,0 +1,28 @@
+package dev.dokan.dokan_java.structure;
+
+
+import com.sun.jna.Structure;
+import com.sun.jna.WString;
+
+
+/**
+ * The DokanIOSecurityContext contains the Dokan specific security context of the Windows kernel create request.
+ * It is a parameter in the {@link dev.dokan.dokan_java.DokanFileSystem#zwCreateFile(WString, DokanIOSecurityContext, int, int, int, int, int, DokanFileInfo)} function.
+ *
+ * @see <a href="https://docs.microsoft.com/en-us/windows-hardware/drivers/ddi/wdm/ns-wdm-_io_security_context?redirectedfrom=MSDN">Microsoft documentation</a> of the original structure
+ * @see <a href="https://github.com/dokan-dev/dokany/blob/master/sys/public.h>Definition in {@code public.h}</a> of the Dokany project.
+ */
+@Structure.FieldOrder({"AccessState", "DesiredAccess"})
+public class DokanIOSecurityContext extends Structure implements Structure.ByReference {
+
+	/**
+	 * Dokan ACCESS_STATE structure that contains the object's subject context, granted access types, and remaining desired access types.
+	 */
+	public DokanAccessState AccessState;
+
+	/**
+	 * An ACCESS_MASK value that expresses the access rights that are requested in the IRP_MJ_CREATE request.
+	 */
+	public int DesiredAccess;
+
+}
diff --git a/src/main/java/dev/dokan/dokan_java/structure/UnicodeString.java b/src/main/java/dev/dokan/dokan_java/structure/UnicodeString.java
@@ -0,0 +1,32 @@
+package dev.dokan.dokan_java.structure;
+
+
+import com.sun.jna.Pointer;
+import com.sun.jna.Structure;
+
+
+/**
+ * Supplemental class used to define Unicode Strings.
+ * <p>
+ * This class is needed to fully implement {@link DokanAccessState}.
+ * It is defined in <a href="https://github.com/dokan-dev/dokany/blob/master/dokan/fileinfo.h">fileinfo.h</a> in the dokan module of the Dokany project.
+ */
+@Structure.FieldOrder({"Length", "MaximumLength", "Buffer"})
+public class UnicodeString extends Structure {
+
+	/**
+	 * The length, in bytes, of the string stored in {@link UnicodeString#Buffer}.
+	 */
+	public short Length;
+
+	/**
+	 * The length, in bytes, of {@link UnicodeString#Buffer}.
+	 */
+	public short MaximumLength;
+
+	/**
+	 * Pointer to a buffer used to contain a string of wide characters.
+	 */
+	public Pointer Buffer;
+
+}