Added fltmgr.sys-FltBuildDefaultSecurityDescriptor patchset

2025-09-12 18:50:20 -07:00 · 2021-09-17 12:45:16 +10:00
parent afb9dcf2a5
commit 7b01b9eb20
5 changed files with 349 additions and 35 deletions
--- a/patches/fltmgr.sys-FltBuildDefaultSecurityDescriptor/0001-fltmgr.sys-Implement-FltBuildDefaultSecurityDescript.patch
+++ b/patches/fltmgr.sys-FltBuildDefaultSecurityDescriptor/0001-fltmgr.sys-Implement-FltBuildDefaultSecurityDescript.patch
@@ -0,0 +1,143 @@
+From a1676237114c4c827e45e9adde3a190bc62b88d0 Mon Sep 17 00:00:00 2001
+From: Alistair Leslie-Hughes <leslie_alistair@hotmail.com>
+Date: Sun, 29 Aug 2021 13:26:53 +1000
+Subject: [PATCH 1/3] fltmgr.sys: Implement FltBuildDefaultSecurityDescriptor
+
+Signed-off-by: Alistair Leslie-Hughes <leslie_alistair@hotmail.com>
+---
+ dlls/fltmgr.sys/Makefile.in     |  1 +
+ dlls/fltmgr.sys/fltmgr.sys.spec |  4 +-
+ dlls/fltmgr.sys/main.c          | 71 +++++++++++++++++++++++++++++++++
+ include/ddk/fltkernel.h         |  3 +-
+ 4 files changed, 76 insertions(+), 3 deletions(-)
+
+diff --git a/dlls/fltmgr.sys/Makefile.in b/dlls/fltmgr.sys/Makefile.in
+index cbe124c2480..706f87b183b 100644
+--- a/dlls/fltmgr.sys/Makefile.in
+++ b/dlls/fltmgr.sys/Makefile.in
+@@ -1,5 +1,6 @@
+ MODULE    = fltmgr.sys
+ EXTRADLLFLAGS = -mno-cygwin -Wl,--subsystem,native
+IMPORTS = ntoskrnl
+ 
+ C_SRCS = \
+ 	main.c
+diff --git a/dlls/fltmgr.sys/fltmgr.sys.spec b/dlls/fltmgr.sys/fltmgr.sys.spec
+index 39ce6798178..8943b9f85cf 100644
+--- a/dlls/fltmgr.sys/fltmgr.sys.spec
+++ b/dlls/fltmgr.sys/fltmgr.sys.spec
+@@ -10,7 +10,7 @@
+ @ stub FltAllocatePoolAlignedWithTag
+ @ stub FltAttachVolume
+ @ stub FltAttachVolumeAtAltitude
+-@ stub FltBuildDefaultSecurityDescriptor
+@ stdcall FltBuildDefaultSecurityDescriptor(ptr long)
+ @ stub FltCancelFileOpen
+ @ stub FltCancelIo
+ @ stub FltCbdqDisable
+@@ -60,7 +60,7 @@
+ @ stub FltFreeFileLock
+ @ stub FltFreeGenericWorkItem
+ @ stub FltFreePoolAlignedWithTag
+-@ stub FltFreeSecurityDescriptor
+@ stdcall FltFreeSecurityDescriptor(ptr)
+ @ stub FltFsControlFile
+ @ stub FltGetBottomInstance
+ @ stub FltGetContexts
+diff --git a/dlls/fltmgr.sys/main.c b/dlls/fltmgr.sys/main.c
+index e1016a4989c..ea9685b4308 100644
+--- a/dlls/fltmgr.sys/main.c
+++ b/dlls/fltmgr.sys/main.c
+@@ -93,3 +93,74 @@ void* WINAPI FltGetRoutineAddress(LPCSTR name)
+ 
+     return func;
+ }
+
+NTSTATUS WINAPI FltBuildDefaultSecurityDescriptor(PSECURITY_DESCRIPTOR *descriptor, ACCESS_MASK access)
+{
+    PACL dacl;
+    NTSTATUS ret = STATUS_INSUFFICIENT_RESOURCES;
+    ULONG sid_len;
+    PSID sid;
+    PSID sid_system;
+    PSECURITY_DESCRIPTOR sec_desc = NULL;
+    SID_IDENTIFIER_AUTHORITY auth = { SECURITY_NULL_SID_AUTHORITY };
+
+    *descriptor = NULL;
+
+    ret = RtlAllocateAndInitializeSid(&auth, 2, SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_GROUP_RID_ADMINS,
+                                         0, 0, 0, 0, 0, 0, &sid);
+    if (ret != STATUS_SUCCESS)
+        goto done;
+
+    ret = RtlAllocateAndInitializeSid(&auth, 1, SECURITY_LOCAL_SYSTEM_RID, 0, 0, 0, 0, 0, 0, 0, &sid_system);
+    if (ret != STATUS_SUCCESS)
+        goto done;
+
+    sid_len = SECURITY_DESCRIPTOR_MIN_LENGTH + sizeof(ACL) +
+            sizeof(ACCESS_ALLOWED_ACE) + RtlLengthSid(sid) +
+            sizeof(ACCESS_ALLOWED_ACE) + RtlLengthSid(sid_system);
+
+    sec_desc = RtlAllocateHeap(GetProcessHeap(), HEAP_ZERO_MEMORY, sid_len);
+    if (!sec_desc)
+    {
+        ret = STATUS_NO_MEMORY;
+        goto done;
+    }
+
+    ret = RtlCreateSecurityDescriptor(sec_desc, SECURITY_DESCRIPTOR_REVISION);
+    if (ret != STATUS_SUCCESS)
+        goto done;
+
+    dacl = (PACL)((char*)sec_desc + SECURITY_DESCRIPTOR_MIN_LENGTH);
+    ret = RtlCreateAcl(dacl, sid_len - SECURITY_DESCRIPTOR_MIN_LENGTH, ACL_REVISION);
+    if (ret != STATUS_SUCCESS)
+        goto done;
+
+    ret = RtlAddAccessAllowedAce(dacl, ACL_REVISION, access, sid);
+    if (ret != STATUS_SUCCESS)
+        goto done;
+
+    ret = RtlAddAccessAllowedAce(dacl, ACL_REVISION, access, sid_system);
+    if (ret != STATUS_SUCCESS)
+        goto done;
+
+    ret = RtlSetDaclSecurityDescriptor(sec_desc, 1, dacl, 0);
+    if (ret == STATUS_SUCCESS)
+        *descriptor = sec_desc;
+
+done:
+    if (ret != STATUS_SUCCESS && sec_desc != NULL)
+        RtlFreeHeap(GetProcessHeap(), 0, sec_desc);
+
+    if (sid != NULL)
+        RtlFreeHeap(GetProcessHeap(), 0, sid);
+
+    if (sid_system != NULL)
+        RtlFreeHeap(GetProcessHeap(), 0, sid_system);
+
+    return ret;
+}
+
+void WINAPI FltFreeSecurityDescriptor(PSECURITY_DESCRIPTOR descriptor)
+{
+    RtlFreeHeap(GetProcessHeap(), 0, descriptor);
+}
+\ No newline at end of file
+diff --git a/include/ddk/fltkernel.h b/include/ddk/fltkernel.h
+index 8ebebfa2e81..9ece0990810 100644
+--- a/include/ddk/fltkernel.h
+++ b/include/ddk/fltkernel.h
+@@ -653,7 +653,8 @@ typedef struct _FLT_REGISTRATION
+     PFLT_SECTION_CONFLICT_NOTIFICATION_CALLBACK SectionNotificationCallback;
+ } FLT_REGISTRATION, *PFLT_REGISTRATION;
+ 
+-
+NTSTATUS WINAPI FltBuildDefaultSecurityDescriptor(PSECURITY_DESCRIPTOR *, ACCESS_MASK);
+void     WINAPI FltFreeSecurityDescriptor(PSECURITY_DESCRIPTOR);
+ void*    WINAPI FltGetRoutineAddress(LPCSTR name);
+ NTSTATUS WINAPI FltRegisterFilter(PDRIVER_OBJECT, const FLT_REGISTRATION *, PFLT_FILTER *);
+ NTSTATUS WINAPI FltStartFiltering(PFLT_FILTER);
+-- 
+2.33.0
+
--- a/patches/fltmgr.sys-FltBuildDefaultSecurityDescriptor/0002-fltmgr.sys-Create-import-library.patch
+++ b/patches/fltmgr.sys-FltBuildDefaultSecurityDescriptor/0002-fltmgr.sys-Create-import-library.patch
@@ -0,0 +1,23 @@
+From 4610af3e3e4e0715ad00de5e16b812f5bf9445be Mon Sep 17 00:00:00 2001
+From: Alistair Leslie-Hughes <leslie_alistair@hotmail.com>
+Date: Mon, 30 Aug 2021 15:15:35 +1000
+Subject: [PATCH 2/3] fltmgr.sys: Create import library
+
+Signed-off-by: Alistair Leslie-Hughes <leslie_alistair@hotmail.com>
+---
+ dlls/fltmgr.sys/Makefile.in | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/dlls/fltmgr.sys/Makefile.in b/dlls/fltmgr.sys/Makefile.in
+index 706f87b183b..764a1602678 100644
+--- a/dlls/fltmgr.sys/Makefile.in
+++ b/dlls/fltmgr.sys/Makefile.in
+@@ -1,4 +1,5 @@
+ MODULE    = fltmgr.sys
+IMPORTLIB = fltmgr
+ EXTRADLLFLAGS = -mno-cygwin -Wl,--subsystem,native
+ IMPORTS = ntoskrnl
+ 
+-- 
+2.33.0
+
--- a/patches/fltmgr.sys-FltBuildDefaultSecurityDescriptor/0003-ntoskrnl.exe-Add-FltBuildDefaultSecurityDescriptor-t.patch
+++ b/patches/fltmgr.sys-FltBuildDefaultSecurityDescriptor/0003-ntoskrnl.exe-Add-FltBuildDefaultSecurityDescriptor-t.patch
@@ -0,0 +1,117 @@
+From 1dc7cd6e5621505199c8ff8ad8f4e67845c478e3 Mon Sep 17 00:00:00 2001
+From: Alistair Leslie-Hughes <leslie_alistair@hotmail.com>
+Date: Mon, 30 Aug 2021 15:16:06 +1000
+Subject: [PATCH] ntoskrnl.exe: Add FltBuildDefaultSecurityDescriptor test
+
+Signed-off-by: Alistair Leslie-Hughes <leslie_alistair@hotmail.com>
+---
+ dlls/ntoskrnl.exe/tests/Makefile.in |  2 +-
+ dlls/ntoskrnl.exe/tests/driver.c    | 65 +++++++++++++++++++++++++++++
+ 2 files changed, 66 insertions(+), 1 deletion(-)
+
+diff --git a/dlls/ntoskrnl.exe/tests/Makefile.in b/dlls/ntoskrnl.exe/tests/Makefile.in
+index ab1db85adbb..9c89e44e70a 100644
+--- a/dlls/ntoskrnl.exe/tests/Makefile.in
+++ b/dlls/ntoskrnl.exe/tests/Makefile.in
+@@ -1,7 +1,7 @@
+ TESTDLL   = ntoskrnl.exe
+ IMPORTS   = advapi32 crypt32 newdev setupapi user32 wintrust ws2_32 hid
+ 
+-driver_IMPORTS = winecrt0 ntoskrnl hal
+driver_IMPORTS = winecrt0 ntoskrnl hal fltmgr
+ driver_EXTRADLLFLAGS = -nodefaultlibs -nostartfiles -Wl,--subsystem,native
+ driver2_IMPORTS = winecrt0 ntoskrnl hal
+ driver2_EXTRADLLFLAGS = -nodefaultlibs -nostartfiles -Wl,--subsystem,native
+diff --git a/dlls/ntoskrnl.exe/tests/driver.c b/dlls/ntoskrnl.exe/tests/driver.c
+index deccc04bc2b..90f5b0ec965 100644
+--- a/dlls/ntoskrnl.exe/tests/driver.c
+++ b/dlls/ntoskrnl.exe/tests/driver.c
+@@ -32,6 +32,7 @@
+ #include "ddk/ntddk.h"
+ #include "ddk/ntifs.h"
+ #include "ddk/wdm.h"
+#include "ddk/fltkernel.h"
+ 
+ #include "driver.h"
+ 
+@@ -2338,6 +2339,69 @@ static void test_default_modules(void)
+     ok(dxgmms1, "Failed to find dxgmms1.sys\n");
+ }
+ 
+static void test_default_security(void)
+{
+    PSECURITY_DESCRIPTOR sd = NULL;
+    NTSTATUS status;
+    PSID group = NULL, owner = NULL;
+    BOOLEAN isdefault, present;
+    PACL acl = NULL;
+    PACCESS_ALLOWED_ACE ace;
+    SID_IDENTIFIER_AUTHORITY auth = { SECURITY_NULL_SID_AUTHORITY };
+    PSID sid1, sid2;
+
+    status = FltBuildDefaultSecurityDescriptor(&sd, STANDARD_RIGHTS_ALL);
+    ok(status == STATUS_SUCCESS, "got %#x\n", status);
+    ok(sd != NULL, "Failed to return descriptor\n");
+
+    status = RtlGetGroupSecurityDescriptor(sd, &group, &isdefault);
+    ok(status == STATUS_SUCCESS, "got %#x\n", status);
+    ok(group == NULL, "group isn't NULL\n");
+
+    status = RtlGetOwnerSecurityDescriptor(sd, &owner, &isdefault);
+    ok(status == STATUS_SUCCESS, "got %#x\n", status);
+    ok(owner == NULL, "owner isn't NULL\n");
+
+    status = RtlGetDaclSecurityDescriptor(sd, &present, &acl, &isdefault);
+    ok(status == STATUS_SUCCESS, "got %#x\n", status);
+    ok(acl != NULL, "acl is NULL\n");
+    ok(acl->AceCount == 2, "got %d\n", acl->AceCount);
+
+    sid1 = RtlAllocateHeap(GetProcessHeap(), HEAP_ZERO_MEMORY, RtlLengthRequiredSid(2));
+    RtlInitializeSid(sid1, &auth, 2);
+    *RtlSubAuthoritySid(sid1, 0)  = SECURITY_BUILTIN_DOMAIN_RID;
+    *RtlSubAuthoritySid(sid1, 1) = DOMAIN_GROUP_RID_ADMINS;
+
+    sid2 = RtlAllocateHeap(GetProcessHeap(), HEAP_ZERO_MEMORY, RtlLengthRequiredSid(1));
+    RtlInitializeSid(sid2, &auth, 1);
+    *RtlSubAuthoritySid(sid2, 0)  = SECURITY_LOCAL_SYSTEM_RID;
+
+    /* SECURITY_BUILTIN_DOMAIN_RID */
+    status = RtlGetAce(acl, 0, (void**)&ace);
+    ok(status == STATUS_SUCCESS, "got %#x\n", status);
+
+    ok(ace->Header.AceType == ACCESS_ALLOWED_ACE_TYPE, "got %#x\n", ace->Header.AceType);
+    ok(ace->Header.AceFlags == 0, "got %#x\n", ace->Header.AceFlags);
+    ok(ace->Mask == STANDARD_RIGHTS_ALL, "got %#x\n", ace->Mask);
+
+    ok(RtlEqualSid(sid1, (PSID)&ace->SidStart), "SID not equal\n");
+
+    /* SECURITY_LOCAL_SYSTEM_RID */
+    status = RtlGetAce(acl, 1, (void**)&ace);
+    ok(status == STATUS_SUCCESS, "got %#x\n", status);
+
+    ok(ace->Header.AceType == ACCESS_ALLOWED_ACE_TYPE, "got %#x\n", ace->Header.AceType);
+    ok(ace->Header.AceFlags == 0, "got %#x\n", ace->Header.AceFlags);
+    ok(ace->Mask == STANDARD_RIGHTS_ALL, "got %#x\n", ace->Mask);
+
+    ok(RtlEqualSid(sid2, (PSID)&ace->SidStart), "SID not equal\n");
+
+    RtlFreeHeap(GetProcessHeap(), 0, sid1);
+    RtlFreeHeap(GetProcessHeap(), 0, sid2);
+
+    FltFreeSecurityDescriptor(sd);
+}
+
+ static NTSTATUS main_test(DEVICE_OBJECT *device, IRP *irp, IO_STACK_LOCATION *stack)
+ {
+     void *buffer = irp->AssociatedIrp.SystemBuffer;
+@@ -2382,6 +2446,7 @@ static NTSTATUS main_test(DEVICE_OBJECT *device, IRP *irp, IO_STACK_LOCATION *st
+     test_dpc();
+     test_process_memory(test_input);
+     test_permanence();
+    test_default_security();
+ 
+     IoMarkIrpPending(irp);
+     IoQueueWorkItem(work_item, main_test_task, DelayedWorkQueue, irp);
+-- 
+2.33.0
+
--- a/patches/fltmgr.sys-FltBuildDefaultSecurityDescriptor/definition
+++ b/patches/fltmgr.sys-FltBuildDefaultSecurityDescriptor/definition
@@ -0,0 +1,2 @@
+Fixes: [49089] fltmgr.sys: Implement FltBuildDefaultSecurityDescriptor
+Depends: winedevice-Default_Drivers