10 Dec
2017
10 Dec
'17
11:49 a.m.
https://git.reactos.org/?p=reactos.git;a=commitdiff;h=037d88201d4312d6a4c19…
commit 037d88201d4312d6a4c1936124f76ed48af83f6d
Author: Trevor Thompson <tmt256(a)email.vccs.edu>
AuthorDate: Sat May 27 19:32:43 2017 +0000
[NTFS] - Disable write support by default. Enable it via the registry.
[BOOTDATA] - Add a commented-out section to hivesys.inf which can add the required key
to enable NTFS write support.
svn path=/branches/GSoC_2016/NTFS/; revision=74685
---
boot/bootdata/hivesys.inf | 2 ++
drivers/filesystems/ntfs/create.c | 16 ++++++++++++++-
drivers/filesystems/ntfs/dispatch.c | 20 +++++++++++++++++--
drivers/filesystems/ntfs/ntfs.c | 40 ++++++++++++++++++++++++++++++++++++-
drivers/filesystems/ntfs/ntfs.h | 1 +
5 files changed, 75 insertions(+), 4 deletions(-)
diff --git a/boot/bootdata/hivesys.inf b/boot/bootdata/hivesys.inf
index b0ece8594a..2fdb5e3097 100644
--- a/boot/bootdata/hivesys.inf
+++ b/boot/bootdata/hivesys.inf
@@ -1605,6 +1605,8 @@
HKLM,"SYSTEM\CurrentControlSet\Services\Ntfs","Group",0x00000000,"File
System"
HKLM,"SYSTEM\CurrentControlSet\Services\Ntfs","ImagePath",0x00020000,"system32\drivers\ntfs.sys"
HKLM,"SYSTEM\CurrentControlSet\Services\Ntfs","Start",0x00010001,0x00000003
HKLM,"SYSTEM\CurrentControlSet\Services\Ntfs","Type",0x00010001,0x00000002
+; un-comment the line below to enable EXPERIMENTAL write-support on NTFS volumes:
+;HKLM,"SYSTEM\CurrentControlSet\Services\Ntfs","MyDataDoesNotMatterSoEnableExperimentalWriteSupportForEveryNTFSVolume",0x00010001,0x00000001
; Null device driver
HKLM,"SYSTEM\CurrentControlSet\Services\Null","ErrorControl",0x00010001,0x00000000
diff --git a/drivers/filesystems/ntfs/create.c b/drivers/filesystems/ntfs/create.c
index 30312d6104..6513827c62 100644
--- a/drivers/filesystems/ntfs/create.c
+++ b/drivers/filesystems/ntfs/create.c
@@ -486,6 +486,13 @@ NtfsCreateFile(PDEVICE_OBJECT DeviceObject,
LARGE_INTEGER Zero;
Zero.QuadPart = 0;
+ if (!NtfsGlobalData->EnableWriteSupport)
+ {
+ DPRINT1("NTFS write-support is EXPERIMENTAL and is disabled by
default!\n");
+ NtfsCloseFile(DeviceExt, FileObject);
+ return STATUS_ACCESS_DENIED;
+ }
+
// TODO: check for appropriate access
ExAcquireResourceExclusiveLite(&(Fcb->MainResource), TRUE);
@@ -545,7 +552,14 @@ NtfsCreateFile(PDEVICE_OBJECT DeviceObject,
RequestedDisposition == FILE_OPEN_IF ||
RequestedDisposition == FILE_OVERWRITE_IF ||
RequestedDisposition == FILE_SUPERSEDE)
- {
+ {
+ if (!NtfsGlobalData->EnableWriteSupport)
+ {
+ DPRINT1("NTFS write-support is EXPERIMENTAL and is disabled by
default!\n");
+ NtfsCloseFile(DeviceExt, FileObject);
+ return STATUS_ACCESS_DENIED;
+ }
+
// Create the file record on disk
Status = NtfsCreateFileRecord(DeviceExt, FileObject);
diff --git a/drivers/filesystems/ntfs/dispatch.c b/drivers/filesystems/ntfs/dispatch.c
index bb67de73aa..53d79303ed 100644
--- a/drivers/filesystems/ntfs/dispatch.c
+++ b/drivers/filesystems/ntfs/dispatch.c
@@ -82,7 +82,15 @@ NtfsDispatch(PNTFS_IRP_CONTEXT IrpContext)
break;
case IRP_MJ_SET_INFORMATION:
- Status = NtfsSetInformation(IrpContext);
+ if (!NtfsGlobalData->EnableWriteSupport)
+ {
+ DPRINT1("NTFS write-support is EXPERIMENTAL and is disabled by
default!\n");
+ Status = STATUS_ACCESS_DENIED;
+ }
+ else
+ {
+ Status = NtfsSetInformation(IrpContext);
+ }
break;
case IRP_MJ_DIRECTORY_CONTROL:
@@ -98,7 +106,15 @@ NtfsDispatch(PNTFS_IRP_CONTEXT IrpContext)
break;
case IRP_MJ_WRITE:
- Status = NtfsWrite(IrpContext);
+ if (!NtfsGlobalData->EnableWriteSupport)
+ {
+ DPRINT1("NTFS write-support is EXPERIMENTAL and is disabled by
default!\n");
+ Status = STATUS_ACCESS_DENIED;
+ }
+ else
+ {
+ Status = NtfsWrite(IrpContext);
+ }
break;
case IRP_MJ_CLOSE:
diff --git a/drivers/filesystems/ntfs/ntfs.c b/drivers/filesystems/ntfs/ntfs.c
index de36a65328..c9bbc490bd 100644
--- a/drivers/filesystems/ntfs/ntfs.c
+++ b/drivers/filesystems/ntfs/ntfs.c
@@ -58,6 +58,8 @@ DriverEntry(PDRIVER_OBJECT DriverObject,
UNICODE_STRING DeviceName = RTL_CONSTANT_STRING(DEVICE_NAME);
NTSTATUS Status;
PDEVICE_OBJECT DeviceObject;
+ OBJECT_ATTRIBUTES Attributes;
+ HANDLE DriverKey = NULL;
TRACE_(NTFS, "DriverEntry(%p, '%wZ')\n", DriverObject,
RegistryPath);
@@ -84,6 +86,42 @@ DriverEntry(PDRIVER_OBJECT DriverObject,
ExInitializeResourceLite(&NtfsGlobalData->Resource);
+ NtfsGlobalData->EnableWriteSupport = FALSE;
+
+ // Read registry to determine if write support should be enabled
+ InitializeObjectAttributes(&Attributes,
+ RegistryPath,
+ OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE,
+ NULL,
+ NULL);
+
+ Status = ZwOpenKey(&DriverKey, KEY_READ, &Attributes);
+ if (NT_SUCCESS(Status))
+ {
+ UNICODE_STRING ValueName;
+ UCHAR Buffer[sizeof(KEY_VALUE_PARTIAL_INFORMATION) + sizeof(ULONG)];
+ PKEY_VALUE_PARTIAL_INFORMATION Value = (PKEY_VALUE_PARTIAL_INFORMATION)Buffer;
+ ULONG ValueLength = sizeof(Buffer);
+ ULONG ResultLength;
+
+ RtlInitUnicodeString(&ValueName,
L"MyDataDoesNotMatterSoEnableExperimentalWriteSupportForEveryNTFSVolume");
+
+ Status = ZwQueryValueKey(DriverKey,
+ &ValueName,
+ KeyValuePartialInformation,
+ Value,
+ ValueLength,
+ &ResultLength);
+
+ if (NT_SUCCESS(Status) && Value->Data[0] == TRUE)
+ {
+ DPRINT1("\tEnabling write support on ALL NTFS volumes!\n");
+ NtfsGlobalData->EnableWriteSupport = TRUE;
+ }
+
+ ZwClose(DriverKey);
+ }
+
/* Keep trace of Driver Object */
NtfsGlobalData->DriverObject = DriverObject;
@@ -118,7 +156,7 @@ DriverEntry(PDRIVER_OBJECT DriverObject,
IoRegisterFileSystem(NtfsGlobalData->DeviceObject);
ObReferenceObject(NtfsGlobalData->DeviceObject);
- return Status;
+ return STATUS_SUCCESS;
}
diff --git a/drivers/filesystems/ntfs/ntfs.h b/drivers/filesystems/ntfs/ntfs.h
index 68259177ee..2177f1db0e 100644
--- a/drivers/filesystems/ntfs/ntfs.h
+++ b/drivers/filesystems/ntfs/ntfs.h
@@ -151,6 +151,7 @@ typedef struct
FAST_IO_DISPATCH FastIoDispatch;
NPAGED_LOOKASIDE_LIST IrpContextLookasideList;
NPAGED_LOOKASIDE_LIST FcbLookasideList;
+ BOOLEAN EnableWriteSupport;
} NTFS_GLOBAL_DATA, *PNTFS_GLOBAL_DATA;