[ros-diffs] [tthompson] 74685: [NTFS] - Disable write support by default. Enable it via the registry. [BOOTDATA] - Add a commented-out section to hivesys.inf which can add the required key to enable NTFS write...

Author: tthompson Date: Sat May 27 19:32:43 2017 New Revision: 74685 URL: http://svn.reactos.org/svn/reactos?rev=74685&view=rev Log: [NTFS] - Disable write support by default. Enable it via the registry. [BOOTDATA] - Add a commented-out section to hivesys.inf which can add the required key to enable NTFS write support. Modified: branches/GSoC_2016/NTFS/boot/bootdata/hivesys.inf branches/GSoC_2016/NTFS/drivers/filesystems/ntfs/create.c branches/GSoC_2016/NTFS/drivers/filesystems/ntfs/dispatch.c branches/GSoC_2016/NTFS/drivers/filesystems/ntfs/ntfs.c branches/GSoC_2016/NTFS/drivers/filesystems/ntfs/ntfs.h Modified: branches/GSoC_2016/NTFS/boot/bootdata/hivesys.inf URL: http://svn.reactos.org/svn/reactos/branches/GSoC_2016/NTFS/boot/bootdata/hi… ============================================================================== --- branches/GSoC_2016/NTFS/boot/bootdata/hivesys.inf [iso-8859-1] (original) +++ branches/GSoC_2016/NTFS/boot/bootdata/hivesys.inf [iso-8859-1] Sat May 27 19:32:43 2017 @@ -1536,6 +1536,8 @@ HKLM,"SYSTEM\CurrentControlSet\Services\Ntfs","ImagePath",0x00020000,"system32\drivers\ntfs.sys" HKLM,"SYSTEM\CurrentControlSet\Services\Ntfs","Start",0x00010001,0x00000003 HKLM,"SYSTEM\CurrentControlSet\Services\Ntfs","Type",0x00010001,0x00000002 +; un-comment the line below to enable EXPERIMENTAL write-support on NTFS volumes: +;HKLM,"SYSTEM\CurrentControlSet\Services\Ntfs","MyDataDoesNotMatterSoEnableExperimentalWriteSupportForEveryNTFSVolume",0x00010001,0x00000001 ; Null device driver HKLM,"SYSTEM\CurrentControlSet\Services\Null","ErrorControl",0x00010001,0x00000000 Modified: branches/GSoC_2016/NTFS/drivers/filesystems/ntfs/create.c URL: http://svn.reactos.org/svn/reactos/branches/GSoC_2016/NTFS/drivers/filesyst… ============================================================================== --- branches/GSoC_2016/NTFS/drivers/filesystems/ntfs/create.c [iso-8859-1] (original) +++ branches/GSoC_2016/NTFS/drivers/filesystems/ntfs/create.c [iso-8859-1] Sat May 27 19:32:43 2017 @@ -486,6 +486,13 @@ LARGE_INTEGER Zero; Zero.QuadPart = 0; + if (!NtfsGlobalData->EnableWriteSupport) + { + DPRINT1("NTFS write-support is EXPERIMENTAL and is disabled by default!\n"); + NtfsCloseFile(DeviceExt, FileObject); + return STATUS_ACCESS_DENIED; + } + // TODO: check for appropriate access ExAcquireResourceExclusiveLite(&(Fcb->MainResource), TRUE); @@ -545,7 +552,14 @@ RequestedDisposition == FILE_OPEN_IF || RequestedDisposition == FILE_OVERWRITE_IF || RequestedDisposition == FILE_SUPERSEDE) - { + { + if (!NtfsGlobalData->EnableWriteSupport) + { + DPRINT1("NTFS write-support is EXPERIMENTAL and is disabled by default!\n"); + NtfsCloseFile(DeviceExt, FileObject); + return STATUS_ACCESS_DENIED; + } + // Create the file record on disk Status = NtfsCreateFileRecord(DeviceExt, FileObject); Modified: branches/GSoC_2016/NTFS/drivers/filesystems/ntfs/dispatch.c URL: http://svn.reactos.org/svn/reactos/branches/GSoC_2016/NTFS/drivers/filesyst… ============================================================================== --- branches/GSoC_2016/NTFS/drivers/filesystems/ntfs/dispatch.c [iso-8859-1] (original) +++ branches/GSoC_2016/NTFS/drivers/filesystems/ntfs/dispatch.c [iso-8859-1] Sat May 27 19:32:43 2017 @@ -82,7 +82,15 @@ break; case IRP_MJ_SET_INFORMATION: - Status = NtfsSetInformation(IrpContext); + if (!NtfsGlobalData->EnableWriteSupport) + { + DPRINT1("NTFS write-support is EXPERIMENTAL and is disabled by default!\n"); + Status = STATUS_ACCESS_DENIED; + } + else + { + Status = NtfsSetInformation(IrpContext); + } break; case IRP_MJ_DIRECTORY_CONTROL: @@ -98,7 +106,15 @@ break; case IRP_MJ_WRITE: - Status = NtfsWrite(IrpContext); + if (!NtfsGlobalData->EnableWriteSupport) + { + DPRINT1("NTFS write-support is EXPERIMENTAL and is disabled by default!\n"); + Status = STATUS_ACCESS_DENIED; + } + else + { + Status = NtfsWrite(IrpContext); + } break; case IRP_MJ_CLOSE: Modified: branches/GSoC_2016/NTFS/drivers/filesystems/ntfs/ntfs.c URL: http://svn.reactos.org/svn/reactos/branches/GSoC_2016/NTFS/drivers/filesyst… ============================================================================== --- branches/GSoC_2016/NTFS/drivers/filesystems/ntfs/ntfs.c [iso-8859-1] (original) +++ branches/GSoC_2016/NTFS/drivers/filesystems/ntfs/ntfs.c [iso-8859-1] Sat May 27 19:32:43 2017 @@ -58,6 +58,8 @@ UNICODE_STRING DeviceName = RTL_CONSTANT_STRING(DEVICE_NAME); NTSTATUS Status; PDEVICE_OBJECT DeviceObject; + OBJECT_ATTRIBUTES Attributes; + HANDLE DriverKey = NULL; TRACE_(NTFS, "DriverEntry(%p, '%wZ')\n", DriverObject, RegistryPath); @@ -83,6 +85,42 @@ NtfsGlobalData->Identifier.Size = sizeof(NTFS_GLOBAL_DATA); ExInitializeResourceLite(&NtfsGlobalData->Resource); + + NtfsGlobalData->EnableWriteSupport = FALSE; + + // Read registry to determine if write support should be enabled + InitializeObjectAttributes(&Attributes, + RegistryPath, + OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE, + NULL, + NULL); + + Status = ZwOpenKey(&DriverKey, KEY_READ, &Attributes); + if (NT_SUCCESS(Status)) + { + UNICODE_STRING ValueName; + UCHAR Buffer[sizeof(KEY_VALUE_PARTIAL_INFORMATION) + sizeof(ULONG)]; + PKEY_VALUE_PARTIAL_INFORMATION Value = (PKEY_VALUE_PARTIAL_INFORMATION)Buffer; + ULONG ValueLength = sizeof(Buffer); + ULONG ResultLength; + + RtlInitUnicodeString(&ValueName, L"MyDataDoesNotMatterSoEnableExperimentalWriteSupportForEveryNTFSVolume"); + + Status = ZwQueryValueKey(DriverKey, + &ValueName, + KeyValuePartialInformation, + Value, + ValueLength, + &ResultLength); + + if (NT_SUCCESS(Status) && Value->Data[0] == TRUE) + { + DPRINT1("\tEnabling write support on ALL NTFS volumes!\n"); + NtfsGlobalData->EnableWriteSupport = TRUE; + } + + ZwClose(DriverKey); + } /* Keep trace of Driver Object */ NtfsGlobalData->DriverObject = DriverObject; @@ -118,7 +156,7 @@ IoRegisterFileSystem(NtfsGlobalData->DeviceObject); ObReferenceObject(NtfsGlobalData->DeviceObject); - return Status; + return STATUS_SUCCESS; } Modified: branches/GSoC_2016/NTFS/drivers/filesystems/ntfs/ntfs.h URL: http://svn.reactos.org/svn/reactos/branches/GSoC_2016/NTFS/drivers/filesyst… ============================================================================== --- branches/GSoC_2016/NTFS/drivers/filesystems/ntfs/ntfs.h [iso-8859-1] (original) +++ branches/GSoC_2016/NTFS/drivers/filesystems/ntfs/ntfs.h [iso-8859-1] Sat May 27 19:32:43 2017 @@ -151,6 +151,7 @@ FAST_IO_DISPATCH FastIoDispatch; NPAGED_LOOKASIDE_LIST IrpContextLookasideList; NPAGED_LOOKASIDE_LIST FcbLookasideList; + BOOLEAN EnableWriteSupport; } NTFS_GLOBAL_DATA, *PNTFS_GLOBAL_DATA;