mount |DuplicateTokenEx()| experiment
Posted by Anonymous on Wed 24th Apr 2024 14:34
raw | new post

diff --git a/daemon/daemon_debug.c b/daemon/daemon_debug.c
index b35bfee..54fb411 100644
--- a/daemon/daemon_debug.c
+++ b/daemon/daemon_debug.c
@@ -90,14 +90,32 @@ void logprintf(LPCSTR format, ...)
     SYSTEMTIME stime;
     char username[UNLEN+1];
     char groupname[GNLEN+1];
+    HANDLE tok;
+    const char *tok_src;
+    bool free_tok = false;

     GetLocalTime(&stime);
-    if (!get_token_user_name(GetCurrentThreadEffectiveToken(),
-        username)) {
+
+    if (OpenThreadToken(GetCurrentThread(), TOKEN_QUERY, FALSE, &tok)) {
+        tok_src = "impersonated_user";
+        free_tok = true;
+    }
+    else {
+        int lasterr = GetLastError();
+        if (lasterr == ERROR_CANT_OPEN_ANONYMOUS) {
+            tok_src = "anon_user";
+        }
+        else {
+            tok_src = "proc_user";
+        }
+
+        tok = GetCurrentProcessToken();
+    }
+
+    if (!get_token_user_name(tok, username)) {
         (void)strcpy(username, "<unknown>");
     }
-    if (!get_token_primarygroup_name(GetCurrentThreadEffectiveToken(),
-        groupname)) {
+    if (!get_token_primarygroup_name(tok, groupname)) {
         (void)strcpy(groupname, "<unknown>");
     }

@@ -105,15 +123,20 @@ void logprintf(LPCSTR format, ...)
     va_start(args, format);
     (void)fprintf(dlog_file,
         "# LOG: ts=%04d-%02d-%02d_%02d:%02d:%02d:%04d"
-        " thr=%04x user='%s'/'%s' msg=",
+        " thr=%04x %s='%s'/'%s' msg=",
         (int)stime.wYear, (int)stime.wMonth, (int)stime.wDay,
         (int)stime.wHour, (int)stime.wMinute, (int)stime.wSecond,
         (int)stime.wMilliseconds,
         (int)GetCurrentThreadId(),
+        tok_src,
         username, groupname);
     (void)vfprintf(dlog_file, format, args);
     (void)fflush(dlog_file);
     va_end(args);
+
+    if (free_tok) {
+        (void)CloseHandle(tok);
+    }
 }

 void eprintf(LPCSTR format, ...)
diff --git a/dll/nfs41_np.c b/dll/nfs41_np.c
index dfd7b88..1070c8f 100644
--- a/dll/nfs41_np.c
+++ b/dll/nfs41_np.c
@@ -24,10 +24,18 @@
 #error Code requires ISO C17
 #endif

+#if 0
+#define NP_PRINT_TOKEN_USER 1
+#endif
+
 #include <windows.h>
 #include <npapi.h>
 #include <devioctl.h>
 #include <strsafe.h>
+#ifdef NP_PRINT_TOKEN_USER
+#include <stdbool.h>
+#include <Lmcons.h>
+#endif /* NP_PRINT_TOKEN_USER */

 #include "nfs41_build_features.h"
 #include "nfs41_driver.h"
@@ -44,13 +52,120 @@
 #define TRACE_TAG   L"[NFS41_NP] "
 #define WNNC_DRIVER(major, minor) ((major * 0x00010000) + (minor))

+#ifdef NP_PRINT_TOKEN_USER
+/*
+ * Performance hack:
+ * GETTOKINFO_EXTRA_BUFFER - extra space for more data
+ * |GetTokenInformation()| for |TOKEN_USER| and |TOKEN_PRIMARY_GROUP|
+ * always fails in Win10 with |ERROR_INSUFFICIENT_BUFFER| if you
+ * just pass the |sizeof(TOKEN_*)| value. Instead of calling
+ * |GetTokenInformation()| with |NULL| arg to obtain the size to
+ * allocate we just provide 512 bytes of extra space after the
+ * |TOKEN_*| size, and pray it is enough
+ */
+#define GETTOKINFO_EXTRA_BUFFER (512)
+
+static
+bool get_token_user_name(HANDLE tok, char *out_buffer)
+{
+    DWORD tokdatalen;
+    PTOKEN_USER ptuser;
+    PSID pusid;
+    DWORD namesize = UNLEN+1;
+    char domainbuffer[UNLEN+1];
+    DWORD domainbuffer_size = sizeof(domainbuffer);
+    SID_NAME_USE name_use;
+
+    tokdatalen = sizeof(TOKEN_USER)+GETTOKINFO_EXTRA_BUFFER;
+    ptuser = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, sizeof(tokdatalen));
+    if (!GetTokenInformation(tok, TokenUser, ptuser,
+        tokdatalen, &tokdatalen)) {
+        return false;
+    }
+
+    pusid = ptuser->User.Sid;
+
+    if (!LookupAccountSidA(NULL, pusid, out_buffer, &namesize,
+        domainbuffer, &domainbuffer_size, &name_use)) {
+        return false;
+    }
+
+    return true;
+}
+
+static
+bool get_token_primarygroup_name(HANDLE tok, char *out_buffer)
+{
+    DWORD tokdatalen;
+    PTOKEN_PRIMARY_GROUP ptpgroup;
+    PSID pgsid;
+    DWORD namesize = GNLEN+1;
+    char domainbuffer[UNLEN+1];
+    DWORD domainbuffer_size = sizeof(domainbuffer);
+    SID_NAME_USE name_use;
+
+    tokdatalen = sizeof(TOKEN_PRIMARY_GROUP)+GETTOKINFO_EXTRA_BUFFER;
+    ptpgroup = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, sizeof(tokdatalen));
+    if (!GetTokenInformation(tok, TokenPrimaryGroup, ptpgroup,
+        tokdatalen, &tokdatalen)) {
+        return false;
+    }
+
+    pgsid = ptpgroup->PrimaryGroup;
+
+    if (!LookupAccountSidA(NULL, pgsid, out_buffer, &namesize,
+        domainbuffer, &domainbuffer_size, &name_use)) {
+        return false;
+    }
+
+    return true;
+}
+#endif /* NP_PRINT_TOKEN_USER */
+

 ULONG _cdecl NFS41DbgPrint(__in LPTSTR fmt, ...)
 {
     ULONG rc = 0;
-#define SZBUFFER_SIZE 1024
+#define SZBUFFER_SIZE 512
     wchar_t szbuffer[SZBUFFER_SIZE+1];
     wchar_t *szbp = szbuffer;
+#ifdef NP_PRINT_TOKEN_USER
+    char username[UNLEN+1];
+    char groupname[GNLEN+1];
+    HANDLE tok;
+    const char *tok_src;
+    bool free_tok = false;
+
+    if (OpenThreadToken(GetCurrentThread(), TOKEN_QUERY, FALSE, &tok)) {
+        tok_src = "impersonated_user";
+        free_tok = true;
+    }
+    else {
+        int lasterr = GetLastError();
+        if (lasterr == ERROR_CANT_OPEN_ANONYMOUS) {
+            tok_src = "anon_user";
+        }
+        else {
+            tok_src = "proc_user";
+        }
+
+        tok = GetCurrentProcessToken();
+    }
+
+#pragma warning( push )
+    /*
+     * Disable "'strcpy': This function or variable may be unsafe",
+     * in this context it is safe to use
+     */
+#pragma warning (disable : 4996)
+    if (!get_token_user_name(tok, username)) {
+        (void)strcpy(username, "<unknown>");
+    }
+    if (!get_token_primarygroup_name(tok, groupname)) {
+        (void)strcpy(groupname, "<unknown>");
+    }
+#pragma warning( pop )
+#endif /* NP_PRINT_TOKEN_USER */

     va_list marker;
     va_start(marker, fmt);
@@ -61,7 +176,12 @@ ULONG _cdecl NFS41DbgPrint(__in LPTSTR fmt, ...)
      * in this context it is safe to use
      */
 #pragma warning (disable : 4996)
+#ifdef NP_PRINT_TOKEN_USER
+    (void)swprintf(szbp, SZBUFFER_SIZE, L"%s%S='%S'/'%S': ",
+        TRACE_TAG, tok_src, username, groupname);
+#else
     (void)wcscpy(szbp, TRACE_TAG);
+#endif
 #pragma warning( pop )
     szbp += wcslen(szbp);

@@ -72,6 +192,12 @@ ULONG _cdecl NFS41DbgPrint(__in LPTSTR fmt, ...)

     va_end(marker);

+#ifdef NP_PRINT_TOKEN_USER
+    if (free_tok) {
+        (void)CloseHandle(tok);
+    }
+#endif /* NP_PRINT_TOKEN_USER */
+
     return rc;
 }

diff --git a/mount/mount.c b/mount/mount.c
index d480d05..16efe44 100644
--- a/mount/mount.c
+++ b/mount/mount.c
@@ -612,6 +612,44 @@ static DWORD DoMount(
     TCHAR szRemoteName[NFS41_SYS_MAX_PATH_LEN];
     DWORD dwLength;

+#if 1
+    HANDLE process_handle;
+    HANDLE proc_tok;
+    HANDLE thr_tok;
+
+    process_handle = OpenProcess(PROCESS_ALL_ACCESS, FALSE, GetCurrentProcessId());
+    if (process_handle == NULL) {
+        (void)_tprintf(TEXT("OpenProcess() failed, status=%d\n"),
+            GetLastError());
+        exit(1);
+    }
+    if (!OpenProcessToken(process_handle, TOKEN_IMPERSONATE|TOKEN_DUPLICATE, &proc_tok)) {
+        (void)_tprintf(TEXT("OpenProcessToken() failed, status=%d\n"),
+            GetLastError());
+        exit(1);
+    }
+
+    if (!DuplicateTokenEx(proc_tok,
+        MAXIMUM_ALLOWED/*TOKEN_DUPLICATE|TOKEN_IMPERSONATE*/,
+        NULL,
+        SecurityDelegation,
+        TokenImpersonation,
+        &thr_tok)) {
+        (void)_tprintf(TEXT("DuplicateTokenEx() failed, status=%d\n"),
+            GetLastError());
+        exit(1);
+    }
+
+    if (!SetThreadToken(NULL, thr_tok)) {
+        (void)_tprintf(TEXT("SetThreadToken() failed, status=%d\n"),
+            GetLastError());
+        exit(1);
+    }
+#endif
+
+    (void)_tprintf(TEXT("MARK\n"));
+//    exit(2);
+
     *szRemoteName = TEXT('\0');
     result = ParseRemoteName(pRemoteName, pOptions, szParsedRemoteName, szRemoteName, NFS41_SYS_MAX_PATH_LEN);
     if (result)