archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
4.9 GiB
Tree: 5c6fe3db62
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '5c6fe3db62'
${ noResults }
windows-server-2003/base/fs/rdr2/rdbss/smb.mrx/stuffer.c

1028 lines
42 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. /*++
  3. Copyright (c) 1989 Microsoft Corporation
  5. Module Name:
  7. Stuffer.c
  9. Abstract:
  11. This module implements the SMBstuffer formating primitives. the following controlstring
  12. characters are defined for the stuffer: (** means nyi...**d means downlevel part not implemented)
  14. 0 placeholder for the wct
  15. 1 pad to word boundary
  16. X placeholderfor&X
  17. W,w format a word from the next parameter
  18. D,d format the next parameter as a Dword
  19. Y,y format the next parameter as a byte
  20. L,l the next parameter is a PLARGE_INTEGER; format it in
  21. M,m format a zero byte
  22. ** 2 the next parameter points to a tagged dialect ASCIZI string to be copied in
  23. ** 3 the next parameter points to a tagged devicename ASCIIZ string
  24. 4 the next parameter is either 04-tagged ASCIIZ or UNICODEZ as determined by flags2
  25. > the next parameters is ASCIIZ or UNICODEZ as determined by flags2; it is to be appended
  26. to the previous 04-tagged item by backing up over the previous null.
  27. A,a the next parameter is an ASCIIZ string
  28. U,u the next parameter is a UNICODEZ string
  29. V,v the next parameter is a UNICODEnoZ string
  30. z the next parameter is a PUNICODE_STRING to be stringed as ASCIZI
  31. or UNICODEZ as determined by flags2
  32. N,n the next parameter is a PNET_ROOT whose name is to be stringed as ASCIIZ
  33. or UNICODEZ as determined by flags2
  34. R,r the next 2 parameters are a PBYTE* and a size; reserve the region and store the pointer
  35. Q,q the current position is the data offset WORD...remember it
  36. 5 the current position is the start of the data; fill in the data pointer
  37. P,p the current position is the parameter offset WORD...remember it
  38. 6 the current position is the start of the parameters; fill in the param pointer
  39. B,b the current position is the Bcc WORD...remember it; also, fill in wct
  40. s the next parameter has the alignment information....pad accordingly
  41. S pad to DWORD
  42. c the next 2 parameters are count/addr...copy in the data.
  43. ! End of this protocol; fill in the bcc field
  44. ? next parameter is BOOLEAN_ULONG; 0=>immediate return
  45. . NOOP
  47. For controls with a upper/lowercase pair, the uppercase version indicates that a position tag
  48. is supplied in the checked version.
  50. Author:
  52. Joe Linn 3-3-95
  54. Revision History:
  57. --*/
  59. #include "precomp.h"
  60. #pragma hdrstop
  61. #include <stdio.h>
  62. #include <stdarg.h>
  64. #ifdef ALLOC_PRAGMA
  65. #pragma alloc_text(PAGE, SmbStuffWrapRtlAssert)
  66. #pragma alloc_text(PAGE, SmbMrxInitializeStufferFacilities)
  67. #pragma alloc_text(PAGE, SmbMrxFinalizeStufferFacilities)
  68. #pragma alloc_text(PAGE, MRxSmbSetInitialSMB)
  69. #pragma alloc_text(PAGE, MRxSmbStartSMBCommand)
  70. #pragma alloc_text(PAGE, MrxSMBWillThisFit)
  71. #pragma alloc_text(PAGE, MRxSmbStuffSMB)
  72. #pragma alloc_text(PAGE, MRxSmbStuffAppendRawData)
  73. #pragma alloc_text(PAGE, MRxSmbStuffAppendSmbData)
  74. #pragma alloc_text(PAGE, MRxSmbStuffSetByteCount)
  75. #endif
  77. //
  78. // The local debug trace level
  79. //
  81. #define Dbg (DEBUG_TRACE_ALWAYS)
  84. #define MRXSMB_INITIAL_WCT (0xcc)
  85. #define MRXSMB_INITIAL_BCC (0xface)
  86. #define MRXSMB_INITIAL_DATAOFFSET (0xd0ff)
  87. #define MRXSMB_INITIAL_PARAMOFFSET (0xb0ff)
  88. #define MRXSMB_INITIAL_ANDX (0xdede00ff)
  90. #if 0
  91. //this is old...........
  92. #if DBG
  94. // a little presto-changeo to get assert messages in user mode
  95. // the key is that MRxSmbRxImports->pRxNetNameTable will not be NULL...
  96. // it will point to the netnametable. this
  97. // seems like a small enough price to pay on the way to an rtl assert!
  99. VOID
  100. SmbStuffWrapRtlAssert(
  101. IN PVOID FailedAssertion,
  102. IN PVOID FileName,
  103. IN ULONG LineNumber,
  104. IN PCHAR Message
  105. )
  107. {
  108. char STARS[] = "**************************************";
  110. PAGED_CODE();
  112. if (MRxSmbRxImports->pRxNetNameTable == NULL){
  113. // do our own thing
  114. RxDbgTrace(0,Dbg,("%s\n%s\n",STARS,STARS));
  115. RxDbgTrace (0,Dbg,("Failed Assertion %s\n",FailedAssertion));
  116. RxDbgTrace(0,Dbg,("%s at line %lu\n",FileName,LineNumber));
  117. if (Message) {
  118. RxDbgTrace (0,Dbg,("%s\n",Message));
  119. }
  120. RxDbgTrace(0,Dbg,("%s\n%s\n",STARS,STARS));
  121. } else RtlAssert(FailedAssertion,FileName,LineNumber,Message);
  122. }
  124. #ifdef RtlAssert
  125. #undef RtlAssert
  126. #endif //ifdef RtlAssert
  127. #define RtlAssert SmbStuffWrapRtlAssert
  129. #endif
  130. #endif //if 0
  133. NTSTATUS
  134. SmbMrxInitializeStufferFacilities(
  135. void
  136. )
  137. /*++
  138. Routine Description:
  140. This routine initializes things for the SMB minirdr. we will allocate enough stuff
  141. to get us going. right now....we do nothing.
  143. Arguments:
  145. Return Value:
  147. RXSTATUS - The return status for the operation
  149. --*/
  150. {
  151. PAGED_CODE();
  153. return(RX_MAP_STATUS(SUCCESS));
  154. }
  156. NTSTATUS
  157. SmbMrxFinalizeStufferFacilities(
  158. void
  159. )
  160. /*++
  161. Routine Description:
  163. This routine finalizes things for the SMB minirdr. we give back everything that
  164. we have allocated. right now....we do nothing.
  166. Arguments:
  168. Return Value:
  170. RXSTATUS - The return status for the operation
  172. --*/
  173. {
  174. PAGED_CODE();
  176. return(RX_MAP_STATUS(SUCCESS));
  177. }
  178. #if DBG
  179. #define BUILD_HEADER_ROUTINE BuildHeaderRoutine
  180. typedef
  181. NTSTATUS
  182. (NTAPI *PMRXSMB_BUILD_HEADER_ROUTINE) (
  183. PSMB_EXCHANGE pExchange,
  184. PVOID pBuffer,
  185. ULONG BufferLength,
  186. PULONG pBufferConsumed,
  187. PUCHAR pLastCommandInHeader,
  188. PUCHAR *pNextCommandPtr
  189. );
  190. #else
  191. #define BUILD_HEADER_ROUTINE SmbCeBuildSmbHeader
  192. #endif
  194. NTSTATUS
  195. MRxSmbSetInitialSMB (
  196. IN OUT PSMBSTUFFER_BUFFER_STATE StufferState
  197. STUFFERTRACE_CONTROLPOINT_ARGS
  198. )
  199. {
  200. NTSTATUS Status;
  201. PNT_SMB_HEADER NtSmbHeader;
  202. ULONG BufferConsumed;
  203. PBYTE ScanPosition;
  204. PUCHAR pCommand;
  206. #if DBG
  207. PMRXSMB_BUILD_HEADER_ROUTINE BUILD_HEADER_ROUTINE = SmbCeBuildSmbHeader;
  208. #endif //if DBG
  210. PAGED_CODE();
  212. ASSERT ( StufferState != NULL ); //CODE.IMPROVEMENT shouldn't we have a nodetype??
  213. ASSERT ( sizeof(NT_SMB_HEADER) == sizeof(SMB_HEADER) );
  214. //RxDbgTrace(0, Dbg, ("MrxSMBSetInitialSMB base=%08lx,limit=%08lx\n",
  215. // StufferState->BufferBase,StufferState->BufferLimit));
  216. ASSERT ( (StufferState->BufferLimit - StufferState->BufferBase) > sizeof(SMB_HEADER));
  217. NtSmbHeader = (PNT_SMB_HEADER)(StufferState->BufferBase);
  218. RtlZeroMemory(NtSmbHeader,sizeof(NT_SMB_HEADER));
  220. //this stuff is reinitialized
  221. StufferState->DataMdl = NULL; //note that this is not finalized or anything
  222. StufferState->DataSize = 0;
  223. StufferState->CurrentWct = NULL;
  224. StufferState->PreviousCommand = SMB_COM_NO_ANDX_COMMAND;
  225. StufferState->CurrentCommand = SMB_COM_NO_ANDX_COMMAND;
  226. StufferState->FlagsCopy = 0;
  227. StufferState->Flags2Copy = 0;
  228. StufferState->CurrentPosition = ((PBYTE)NtSmbHeader);
  230. RxDbgTraceDoit(
  231. StufferState->ControlPoint = ControlPoint;
  232. StufferState->PrintCLoop = FALSE;
  233. StufferState->PrintFLoop = FALSE;
  234. while (EnablePrints) {
  235. ULONG c = EnablePrints & 0xff;
  236. EnablePrints >>= 8;
  237. if (c=='C') StufferState->PrintCLoop = TRUE;
  238. if (c=='F') StufferState->PrintFLoop = TRUE;
  239. if (c=='X') BUILD_HEADER_ROUTINE = MRxSmbBuildSmbHeaderTestSurrogate;
  240. }
  241. )
  243. Status = BUILD_HEADER_ROUTINE(
  244. StufferState->Exchange,
  245. NtSmbHeader,
  246. (ULONG)(StufferState->BufferLimit - StufferState->BufferBase),
  247. &BufferConsumed,
  248. &StufferState->PreviousCommand,
  249. &pCommand);
  251. if (Status!=RX_MAP_STATUS(SUCCESS)) {
  252. RxDbgTrace(0, Dbg, ("MrxSMBSetInitialSMB buildhdr failure st=%08lx\n",Status));
  253. RxLog(("BuildHdr failed %lx %lx",StufferState->Exchange,Status));
  254. SmbLog(LOG,
  255. MRxSmbSetInitialSMB,
  256. LOGPTR(StufferState->Exchange)
  257. LOGULONG(Status));
  258. return Status;
  259. }
  261. //copy the flags
  262. StufferState->FlagsCopy = NtSmbHeader->Flags;
  263. StufferState->Flags2Copy = SmbGetAlignedUshort(&NtSmbHeader->Flags2);
  264. if (StufferState->Exchange->Type == ORDINARY_EXCHANGE) {
  265. PSMB_PSE_ORDINARY_EXCHANGE OrdinaryExchange = (PSMB_PSE_ORDINARY_EXCHANGE)StufferState->Exchange;
  266. if (BooleanFlagOn(OrdinaryExchange->Flags,SMBPSE_OE_FLAG_TURNON_DFS_FLAG)) {
  267. StufferState->Flags2Copy |= SMB_FLAGS2_DFS;
  268. SmbPutUshort(&NtSmbHeader->Flags2,(USHORT)StufferState->Flags2Copy);
  269. }
  270. }
  272. StufferState->CurrentPosition += BufferConsumed;
  274. if (BufferConsumed > sizeof(SMB_HEADER)) {
  275. if (pCommand != NULL) {
  276. *pCommand = SMB_COM_NO_ANDX_COMMAND;
  277. }
  279. StufferState->CurrentWct = StufferState->CurrentPosition;
  280. }
  282. return Status;
  283. }
  285. #define RETURN_A_START_PROBLEM(xxyy) {\
  286. RxDbgTrace(0,Dbg,("MRxSmbStartSMBCommand gotta problem= %lu\n",xxyy)); \
  287. StufferState->SpecificProblem = xxyy; \
  288. return(RX_MAP_STATUS(INVALID_PARAMETER)); \
  289. }
  290. NTSTATUS
  291. MRxSmbStartSMBCommand (
  292. IN OUT PSMBSTUFFER_BUFFER_STATE StufferState,
  293. IN INITIAL_SMBBUG_DISPOSITION InitialSMBDisposition,
  294. IN UCHAR Command, //joejoe this next four params could come from a table...2offset and you're smaller
  295. IN ULONG MaximumBufferUsed,
  296. IN ULONG MaximumSize,
  297. IN ULONG InitialAlignment,
  298. IN ULONG MaximumResponseHeader,
  299. IN UCHAR Flags,
  300. IN UCHAR FlagsMask,
  301. IN USHORT Flags2,
  302. IN USHORT Flags2Mask
  303. STUFFERTRACE_CONTROLPOINT_ARGS
  304. )
  305. /*++
  307. Routine Description:
  309. The routine checks to see if the condition is stable. If not, it
  310. goes into a wait loop alternately getting the resource and then
  311. waiting on the event.
  314. Arguments:
  315. joejoe review this
  316. StufferState - the header buffer being used
  317. InitialSMBDisposition tells when/if to reinit the stuffer state
  318. Command - the smb command being set up
  319. MaximumBufferUsed - the amount of the header buffer that will be used (as opposed to the data)
  320. this has to be conjured up in advance. if you're not willing to do this, then
  321. just push out the current smb. this value should include any data pads!
  322. MaximumSize - the size of the data. this is to keep from overrunning the srv's smbbuf
  323. InitialAlignment - a compound argument (i.e. you get it from a constant) the top half
  324. tells the alignment unit and the bottom gives the spacing within
  325. MaximumResponseHeader - how much of the srv's response buffer this will use up
  326. Flags - the required flags settings
  327. FlagsMask - which bits of the flags are important
  328. Flags2 - the required flags2 settings
  329. Flags2Mask - which flags2 bits are important
  331. Return Value:
  333. none.
  335. --*/
  336. {
  337. UCHAR NewFlags;
  338. USHORT NewFlags2;
  339. PBYTE *CurrentPosition = &(StufferState->CurrentPosition);
  340. PNT_SMB_HEADER NtSmbHeader = (PNT_SMB_HEADER)(StufferState->BufferBase);
  341. ULONG AlignmentUnit = InitialAlignment >> 16;
  342. ULONG StufferStateRequirement = MaximumBufferUsed + AlignmentUnit;
  343. #if DBG
  344. PBYTE OriginalPosition = *CurrentPosition;
  345. #endif
  347. PAGED_CODE();
  349. if (StufferState->DataSize) {
  350. StufferState->SpecificProblem = xSMBbufSTATUS_CANT_COMPOUND;
  351. return(RX_MAP_STATUS(INVALID_PARAMETER));
  352. }
  354. if ((InitialSMBDisposition==SetInitialSMB_yyUnconditionally)
  355. || ((InitialSMBDisposition==SetInitialSMB_ForReuse)&&(StufferState->Started))) {
  356. MRxSmbSetInitialSMB( StufferState STUFFERTRACE_NOPREFIX(ControlPoint,EnablePrints) );
  357. }
  359. StufferState->Started = TRUE;
  361. //joejoe temporary hack
  362. switch (StufferState->CurrentCommand) {
  363. case SMB_COM_LOCKING_ANDX:
  364. case SMB_COM_OPEN_ANDX:
  365. case SMB_COM_READ_ANDX:
  366. case SMB_COM_WRITE_ANDX:
  367. case SMB_COM_SESSION_SETUP_ANDX:
  368. //case SMB_COM_LOGOFF_ANDX:
  369. case SMB_COM_TREE_CONNECT_ANDX:
  370. case SMB_COM_NT_CREATE_ANDX:
  371. case SMB_COM_NO_ANDX_COMMAND:
  372. break;
  373. default:
  374. StufferState->SpecificProblem = xSMBbufSTATUS_CANT_COMPOUND;
  375. return(RX_MAP_STATUS(INVALID_PARAMETER));
  376. }
  378. if (*CurrentPosition+StufferStateRequirement >= StufferState->BufferLimit ) {
  379. StufferState->SpecificProblem = xSMBbufSTATUS_CANT_COMPOUND;
  380. return(RX_MAP_STATUS(INVALID_PARAMETER));
  381. }
  383. if (StufferState->RxContext) {
  384. PRX_CONTEXT RxContext = StufferState->RxContext;
  385. PMRX_SRV_CALL SrvCall;
  386. ULONG CurrentOffset;
  387. if (RxContext->MajorFunction != IRP_MJ_CREATE) {
  388. SrvCall = RxContext->pFcb->pNetRoot->pSrvCall; //joejoe cache it?
  389. } else {
  390. SrvCall = RxContext->Create.pSrvCall;
  391. }
  392. ASSERT(SrvCall);
  393. CurrentOffset = (ULONG)(*CurrentPosition - StufferState->BufferBase);
  394. if (CurrentOffset+StufferStateRequirement+MaximumSize
  395. > GetServerMaximumBufferSize(SrvCall) ) {
  396. StufferState->SpecificProblem = xSMBbufSTATUS_SERVER_OVERRUN;
  397. return(RX_MAP_STATUS(INVALID_PARAMETER));
  398. }
  399. }
  401. NewFlags = Flags | (UCHAR)(StufferState->FlagsCopy);
  402. NewFlags2 = Flags2 | (USHORT)(StufferState->Flags2Copy);
  403. if ( ((NewFlags&FlagsMask)!=Flags) ||
  404. ((NewFlags2&Flags2Mask)!=Flags2) ) {
  405. StufferState->SpecificProblem = xSMBbufSTATUS_FLAGS_CONFLICT;
  406. return(RX_MAP_STATUS(INVALID_PARAMETER));
  407. }
  408. StufferState->FlagsCopy = NtSmbHeader->Flags = NewFlags;
  409. StufferState->Flags2Copy = NewFlags2;
  410. SmbPutAlignedUshort(&NtSmbHeader->Flags2, NewFlags2);
  412. if (!StufferState->CurrentWct) {
  413. NtSmbHeader->Command = Command;
  414. } else {
  415. PGENERIC_ANDX GenericAndX = (PGENERIC_ANDX)StufferState->CurrentWct;
  416. if (AlignmentUnit) {
  417. ULONG AlignmentMask = (AlignmentUnit-1);
  418. ULONG AlignmentResidue = InitialAlignment&AlignmentMask;
  419. RxDbgTrace(0, Dbg, ("Aligning start of smb cp&m,m,r=%08lx %08lx %08lx\n",
  420. ((ULONG)(ULONG_PTR)(*CurrentPosition))&AlignmentMask,
  421. AlignmentMask, AlignmentResidue)
  422. );
  423. for (;(((ULONG_PTR)(*CurrentPosition))&AlignmentMask)!=AlignmentResidue;) {
  424. **CurrentPosition = ',';
  425. *CurrentPosition += 1;
  426. }
  427. }
  428. GenericAndX->AndXCommand = Command;
  429. GenericAndX->AndXReserved = 0;
  430. SmbPutUshort (&GenericAndX->AndXOffset,
  431. (USHORT)(*CurrentPosition - StufferState->BufferBase));
  432. }
  433. StufferState->CurrentWct = *CurrentPosition;
  434. StufferState->CurrentCommand = Command;
  435. StufferState->CurrentDataOffset = 0;
  436. return RX_MAP_STATUS(SUCCESS);
  437. }
  439. BOOLEAN
  440. MrxSMBWillThisFit(
  441. IN PSMBSTUFFER_BUFFER_STATE StufferState,
  442. IN ULONG AlignmentUnit,
  443. IN ULONG DataSize
  444. )
  445. {
  446. //joejoe actually some stuff will fit that this says no...........
  447. return(StufferState->CurrentPosition+AlignmentUnit+DataSize<StufferState->BufferLimit);
  448. }
  450. #if RDBSSTRACE
  451. #define StufferFLoopTrace(Z) { if (StufferState->PrintFLoop) {RxDbgTraceLV__norx(0,StufferState->ControlPoint,900,Z);}}
  452. #define StufferCLoopTrace(Z) { if (StufferState->PrintCLoop) {RxDbgTraceLV__norx(0,StufferState->ControlPoint,800,Z);}}
  453. #else // DBG
  454. #define StufferFLoopTrace(Z)
  455. #define StufferCLoopTrace(Z)
  456. #endif // DBG
  458. NTSTATUS
  459. MRxSmbStuffSMB (
  460. IN OUT PSMBSTUFFER_BUFFER_STATE StufferState,
  461. ...
  462. )
  463. {
  464. va_list AP;
  465. PBYTE BufferBase = (StufferState->BufferBase);
  466. PBYTE *CurrentPosition = &(StufferState->CurrentPosition);
  467. PBYTE *CurrentWct = &(StufferState->CurrentWct);
  468. PBYTE *CurrentBcc = &(StufferState->CurrentBcc);
  469. PBYTE *CurrentDataOffset = &(StufferState->CurrentDataOffset);
  470. PBYTE *CurrentParamOffset = &(StufferState->CurrentParamOffset);
  471. SMB_STUFFER_CONTROLS CurrentStufferControl = STUFFER_CTL_NORMAL;
  472. PSMB_HEADER SmbHeader = (PSMB_HEADER)BufferBase;
  473. PSZ CurrentFormatString = NULL;
  474. ULONG arg;
  475. UCHAR WordCount;
  476. USHORT ByteCount;
  477. //joejoe change this to zero later.....apparently some servers croak on nonzero pad
  478. #define PADBYTE ((UCHAR)0xee)
  479. PBYTE CopyPtr; ULONG CopyCount,EarlyReturn;
  480. PBYTE *RegionPtr;
  481. PUNICODE_STRING Zstring;
  482. PSZ Astring;
  483. PNET_ROOT NetRoot;
  484. PLARGE_INTEGER LargeInteger;
  485. PBYTE PreviousPosition;
  486. #if DBG
  487. ULONG offset, required_WCT;
  488. ULONG CurrentOffset_tmp;
  489. #endif
  491. PAGED_CODE();
  493. va_start(AP,StufferState);
  494. for (;;) {
  495. switch (CurrentStufferControl) {
  496. case STUFFER_CTL_SKIP:
  497. case STUFFER_CTL_NORMAL:
  498. CurrentFormatString = va_arg(AP,PSZ);
  499. StufferCLoopTrace(("StufferAC = %s\n",CurrentFormatString));
  500. ASSERT (CurrentFormatString);
  501. for (;*CurrentFormatString;CurrentFormatString++) {
  502. char CurrentFormatChar = *CurrentFormatString;
  503. #if DBG
  504. { char msgbuf[80];
  505. switch (CurrentFormatChar) {
  506. case 'W': case 'w':
  507. case 'D': case 'd':
  508. case 'Y': case 'y':
  509. case 'M': case 'm':
  510. case 'L': case 'l':
  511. case 'c': case '4': case '>':
  512. case '!':
  513. //this guys are skipable
  514. break;
  515. default:
  516. if (CurrentStufferControl != STUFFER_CTL_SKIP) break;
  517. DbgPrint("Bad skip char '%c'\n",*CurrentFormatString);
  518. //DbgBreakPoint();
  519. }}
  520. //these are the ones that we do the offset check for
  521. { char msgbuf[80];
  522. #ifndef WIN9X
  523. RxSprintf(msgbuf,"control char '%c'\n",*CurrentFormatString);
  524. #endif
  525. switch (CurrentFormatChar) {
  526. case 'W': case 'D': case 'Y': case 'M': case 'B':
  527. case 'Q': case 'A': case 'U': case 'V':
  528. case 'N':
  529. case 'L':
  530. case 'R':
  531. case 'P':
  532. offset = va_arg(AP,ULONG);
  533. required_WCT = offset>>16;
  534. offset = offset & 0xffff;
  535. CurrentOffset_tmp = (ULONG)(*CurrentPosition-*CurrentWct);
  536. if (offset && (offset != CurrentOffset_tmp)){
  537. DbgPrint("Bad offset %d; should be %d\n",offset,CurrentOffset_tmp);
  538. //DbgBreakPoint();
  539. }
  540. break;
  541. default:
  542. break;
  543. }}
  544. #endif
  545. switch (CurrentFormatChar) {
  546. case '0':
  547. if (*CurrentPosition >= StufferState->BufferLimit - sizeof(UCHAR)) {
  548. return(STATUS_BUFFER_OVERFLOW);
  549. }
  551. StufferFLoopTrace((" StufferFloop '0'\n",0));
  552. //just do the wct field...
  553. **CurrentPosition = (UCHAR)MRXSMB_INITIAL_WCT;
  554. *CurrentPosition+=1;
  555. break;
  556. case 'X':
  557. if (*CurrentPosition >= StufferState->BufferLimit - sizeof(ULONG)) {
  558. return(STATUS_BUFFER_OVERFLOW);
  559. }
  561. StufferFLoopTrace((" StufferFloop 'X'\n",0));
  562. //do the wct field and the &x
  563. **CurrentPosition = (UCHAR)MRXSMB_INITIAL_WCT;
  564. *CurrentPosition+=1;
  565. SmbPutUlong (*CurrentPosition, (ULONG)MRXSMB_INITIAL_ANDX);
  566. *CurrentPosition+=sizeof(ULONG);
  567. break;
  568. case 'W':
  569. case 'w':
  570. arg = va_arg(AP,ULONG);
  571. if (CurrentStufferControl == STUFFER_CTL_SKIP) break;
  573. if (*CurrentPosition >= StufferState->BufferLimit - sizeof(USHORT)) {
  574. return(STATUS_BUFFER_OVERFLOW);
  575. }
  577. StufferFLoopTrace((" StufferFloop 'w' arg=%lu\n",arg));
  578. SmbPutUshort (*CurrentPosition, (USHORT)arg);
  579. *CurrentPosition+=sizeof(USHORT);
  580. break;
  581. case 'Y':
  582. case 'y':
  583. arg = va_arg(AP,UCHAR);
  584. if (CurrentStufferControl == STUFFER_CTL_SKIP) break;
  586. if (*CurrentPosition >= StufferState->BufferLimit - sizeof(UCHAR)) {
  587. return(STATUS_BUFFER_OVERFLOW);
  588. }
  590. StufferFLoopTrace((" StufferFloop 'y' arg=%lu\n",arg));
  591. **CurrentPosition = (UCHAR)arg;
  592. *CurrentPosition+=sizeof(UCHAR);
  593. break;
  594. case 'M':
  595. case 'm':
  596. if (CurrentStufferControl == STUFFER_CTL_SKIP) break;
  598. if (*CurrentPosition >= StufferState->BufferLimit - sizeof(UCHAR)) {
  599. return(STATUS_BUFFER_OVERFLOW);
  600. }
  602. StufferFLoopTrace((" StufferFloop 'm'\n",0));
  603. **CurrentPosition = 0;
  604. *CurrentPosition+=sizeof(UCHAR);
  605. break;
  606. case 'D':
  607. case 'd':
  608. arg = va_arg(AP,ULONG);
  609. if (CurrentStufferControl == STUFFER_CTL_SKIP) break;
  611. if (*CurrentPosition >= StufferState->BufferLimit - sizeof(ULONG)) {
  612. return(STATUS_BUFFER_OVERFLOW);
  613. }
  615. StufferFLoopTrace((" StufferFloop 'd' arg=%lu\n",arg));
  616. SmbPutUlong (*CurrentPosition, arg);
  617. *CurrentPosition+=sizeof(ULONG);
  618. break;
  619. case 'L':
  620. case 'l':
  621. LargeInteger = va_arg(AP,PLARGE_INTEGER);
  622. if (CurrentStufferControl == STUFFER_CTL_SKIP) break;
  624. if (*CurrentPosition >= StufferState->BufferLimit - 2*sizeof(ULONG)) {
  625. return(STATUS_BUFFER_OVERFLOW);
  626. }
  628. StufferFLoopTrace((" StufferFloop 'l' arg=%0lx %0lx\n",
  629. LargeInteger->HighPart, LargeInteger->LowPart));
  630. SmbPutUlong (*CurrentPosition, LargeInteger->LowPart);
  631. SmbPutUlong (*CurrentPosition, LargeInteger->HighPart);
  632. *CurrentPosition+=2*sizeof(ULONG);
  633. break;
  634. case 'B':
  635. case 'b':
  636. if (*CurrentPosition >= StufferState->BufferLimit - sizeof(USHORT)) {
  637. return(STATUS_BUFFER_OVERFLOW);
  638. }
  640. ASSERT (**CurrentWct == MRXSMB_INITIAL_WCT);
  641. WordCount = (UCHAR)((*CurrentPosition-*CurrentWct)>>1); //the one gets shifted off
  642. StufferFLoopTrace((" StufferFloop 'b' Wct=%lu\n",WordCount));
  643. DbgDoit( ASSERT(!required_WCT || (WordCount == (required_WCT&0x7fff))); )
  644. **CurrentWct = (UCHAR)WordCount;
  645. SmbPutUshort (*CurrentPosition, (USHORT)MRXSMB_INITIAL_BCC);
  646. *CurrentBcc = *CurrentPosition;
  647. *CurrentPosition+=sizeof(USHORT);
  648. break;
  649. case 'Q':
  650. case 'q':
  651. if (*CurrentPosition >= StufferState->BufferLimit - sizeof(USHORT)) {
  652. return(STATUS_BUFFER_OVERFLOW);
  653. }
  655. StufferFLoopTrace((" StufferFloop 'q' \n",0));
  656. SmbPutUshort (*CurrentPosition, (USHORT)MRXSMB_INITIAL_DATAOFFSET);
  657. *CurrentDataOffset = *CurrentPosition;
  658. *CurrentPosition+=sizeof(USHORT);
  659. break;
  660. case '5':
  661. //fill in the data offset
  662. ASSERT (SmbGetUshort (*CurrentDataOffset) == MRXSMB_INITIAL_DATAOFFSET);
  663. ByteCount = (USHORT)(*CurrentPosition-BufferBase);
  664. StufferFLoopTrace((" StufferFloop '5' offset=%lu\n",ByteCount));
  665. SmbPutUshort (*CurrentDataOffset, (USHORT)ByteCount);
  666. break;
  667. case 'P':
  668. case 'p':
  669. if (*CurrentPosition >= StufferState->BufferLimit - sizeof(USHORT)) {
  670. return(STATUS_BUFFER_OVERFLOW);
  671. }
  673. StufferFLoopTrace((" StufferFloop 'p' \n",0));
  674. SmbPutUshort (*CurrentPosition, (USHORT)MRXSMB_INITIAL_PARAMOFFSET);
  675. *CurrentParamOffset = *CurrentPosition;
  676. *CurrentPosition+=sizeof(USHORT);
  677. break;
  678. case '6':
  679. //fill in the data offset
  680. ASSERT (SmbGetUshort (*CurrentParamOffset) == MRXSMB_INITIAL_PARAMOFFSET);
  681. ByteCount = (USHORT)(*CurrentPosition-BufferBase);
  682. StufferFLoopTrace((" StufferFloop '6' offset=%lu\n",ByteCount));
  683. SmbPutUshort (*CurrentParamOffset, (USHORT)ByteCount);
  684. break;
  685. case 'S':
  686. // pad to ULONG; we loop behind instead of adding so we can clear
  687. // out behind ourselves; apparently, some server croak on nonzero padding
  688. StufferFLoopTrace((" StufferFloop 'S' \n",0));
  689. PreviousPosition = *CurrentPosition;
  690. *CurrentPosition = (PBYTE)QuadAlignPtr(*CurrentPosition);
  692. if (*CurrentPosition >= StufferState->BufferLimit) {
  693. return(STATUS_BUFFER_OVERFLOW);
  694. }
  696. for (;PreviousPosition!=*CurrentPosition;) {
  697. //StufferFLoopTrace((" StufferFloop 'S' prev,curr=%08lx %08lx\n",PreviousPosition,*CurrentPosition));
  698. *PreviousPosition++ = PADBYTE;
  699. }
  700. break;
  701. case 's':
  702. // pad to arg; we loop behind instead of adding so we can clear
  703. // out behind ourselves; apparently, some server croak on nonzero padding
  704. arg = va_arg(AP,ULONG);
  705. StufferFLoopTrace((" StufferFloop 's' arg=\n",arg));
  706. PreviousPosition = *CurrentPosition;
  707. *CurrentPosition += arg-1;
  708. *CurrentPosition = (PBYTE)( ((ULONG_PTR)(*CurrentPosition)) & ~((LONG)(arg-1)) );
  710. if (*CurrentPosition >= StufferState->BufferLimit) {
  711. return(STATUS_BUFFER_OVERFLOW);
  712. }
  714. for (;PreviousPosition!=*CurrentPosition;) {
  715. //StufferFLoopTrace((" StufferFloop 'S' prev,curr=%08lx %08lx\n",PreviousPosition,*CurrentPosition));
  716. *PreviousPosition++ = PADBYTE;
  717. }
  718. break;
  719. case '1':
  720. // pad to USHORT; we loop behind instead of adding so we can clear
  721. // out behind ourselves; apparently, some server croak on nonzero padding
  722. StufferFLoopTrace((" StufferFloop '1' Curr=%08lx \n",*CurrentPosition));
  723. PreviousPosition = *CurrentPosition;
  724. *CurrentPosition += sizeof(USHORT)-1;
  725. StufferFLoopTrace((" Curr=%08lx \n",*CurrentPosition));
  726. *CurrentPosition = (PBYTE)( ((ULONG_PTR)(*CurrentPosition)) & ~((LONG)(sizeof(USHORT)-1)) );
  727. StufferFLoopTrace((" Curr=%08lx \n",*CurrentPosition));
  729. if (*CurrentPosition >= StufferState->BufferLimit) {
  730. return(STATUS_BUFFER_OVERFLOW);
  731. }
  733. for (;PreviousPosition!=*CurrentPosition;) {
  734. StufferFLoopTrace((" StufferFloop '1' prev,curr=%08lx %08lx\n",PreviousPosition,*CurrentPosition));
  735. *PreviousPosition++ = PADBYTE;
  736. }
  737. break;
  738. case 'c':
  739. // copy in the bytes....used a lot in transact
  740. CopyCount = va_arg(AP,ULONG);
  741. CopyPtr = va_arg(AP,PBYTE);
  742. if (CurrentStufferControl == STUFFER_CTL_SKIP) break;
  743. StufferFLoopTrace((" StufferFloop 'c' copycount = %lu\n", CopyCount));
  744. PreviousPosition = *CurrentPosition;
  745. *CurrentPosition += CopyCount;
  747. if (*CurrentPosition >= StufferState->BufferLimit) {
  748. return(STATUS_BUFFER_OVERFLOW);
  749. }
  751. for (;PreviousPosition!=*CurrentPosition;) {
  752. //StufferFLoopTrace((" StufferFloop 'S' prev,curr=%08lx %08lx\n",PreviousPosition,*CurrentPosition));
  753. *PreviousPosition++ = *CopyPtr++;
  754. }
  755. break;
  756. case 'R':
  757. case 'r':
  758. // copy in the bytes....used a lot in transact
  759. RegionPtr = va_arg(AP,PBYTE*);
  760. CopyCount = va_arg(AP,ULONG);
  761. StufferFLoopTrace((" StufferFloop 'r' regionsize = %lu\n", CopyCount));
  762. *RegionPtr = *CurrentPosition;
  763. *CurrentPosition += CopyCount;
  765. if (*CurrentPosition >= StufferState->BufferLimit) {
  766. return(STATUS_BUFFER_OVERFLOW);
  767. }
  769. IF_DEBUG {
  770. PreviousPosition = *RegionPtr;
  771. for (;PreviousPosition!=*CurrentPosition;) {
  772. //StufferFLoopTrace((" StufferFloop 'S' prev,curr=%08lx %08lx\n",PreviousPosition,*CurrentPosition));
  773. *PreviousPosition++ = '-';
  774. }
  775. }
  776. break;
  777. case 'A':
  778. case 'a':
  779. //copy byte from an asciiz including the trailing NULL
  780. Astring = va_arg(AP,PSZ);
  781. StufferFLoopTrace((" StufferFloop 'a' stringing = %s\n", Astring));
  782. CopyCount = strlen(Astring)+1;
  783. //if (((ULONG)(*CurrentPosition))&1) {
  784. // StufferFLoopTrace((" StufferFloop 'a' aligning\n", 0));
  785. // *CurrentPosition+=1;
  786. //}
  787. PreviousPosition = *CurrentPosition;
  788. *CurrentPosition += CopyCount;
  789. if (*CurrentPosition >= StufferState->BufferLimit) {
  790. StufferFLoopTrace((" StufferFloop 'a' bufferoverrun\n", 0));
  791. ASSERT(!"BufferOverrun");
  792. return(RX_MAP_STATUS(BUFFER_OVERFLOW));
  793. }
  794. RtlCopyMemory(PreviousPosition,Astring,CopyCount);
  795. break;
  796. case 'z':
  797. case '4':
  798. case '>':
  799. Zstring = va_arg(AP,PUNICODE_STRING);
  800. StufferFLoopTrace((" StufferFloop '4/z/>' stringing = %wZ, cp=\n", Zstring,*CurrentPosition ));
  801. if (CurrentStufferControl == STUFFER_CTL_SKIP) break;
  802. if (CurrentFormatChar=='4') {
  803. if (*CurrentPosition >= StufferState->BufferLimit - 1) {
  804. return(STATUS_BUFFER_OVERFLOW);
  805. }
  807. //first lay down a x'04' and then copy either a asciiz or a unicodez depending on the flags setting
  808. **CurrentPosition = (UCHAR)4; //ascii marker
  809. *CurrentPosition+=1;
  810. } else if (CurrentFormatChar=='>'){
  811. //back up over the previous NULL
  812. //
  813. *CurrentPosition-=(FlagOn(SmbHeader->Flags2,SMB_FLAGS2_UNICODE)?sizeof(WCHAR):sizeof(char));
  814. StufferFLoopTrace((" StufferFloop '4/z/>' afterroolback, cp=\n", *CurrentPosition ));
  815. }
  816. if (FlagOn(SmbHeader->Flags2,SMB_FLAGS2_UNICODE)){
  818. if (((ULONG_PTR)(*CurrentPosition))&1) {
  819. StufferFLoopTrace((" StufferFloop '4/z/>' aligning\n", 0));
  820. *CurrentPosition+=1;
  821. }
  822. PreviousPosition = *CurrentPosition;
  823. *CurrentPosition += (Zstring->Length + sizeof(WCHAR));
  824. if (*CurrentPosition >= StufferState->BufferLimit) {
  825. StufferFLoopTrace((" StufferFloop '4/z/>' bufferoverrun\n", 0));
  826. ASSERT(!"BufferOverrun");
  827. return(RX_MAP_STATUS(BUFFER_OVERFLOW));
  828. }
  829. RtlCopyMemory(PreviousPosition,Zstring->Buffer,Zstring->Length);
  830. *(((PWCHAR)(*CurrentPosition))-1) = 0;
  832. } else {
  834. NTSTATUS Status;
  835. OEM_STRING OemString;
  837. OemString.Length =
  838. OemString.MaximumLength =
  839. (USHORT)( StufferState->BufferLimit - *CurrentPosition - sizeof(CHAR));
  840. OemString.Buffer = *CurrentPosition;
  842. if (FlagOn(SmbHeader->Flags,SMB_FLAGS_CASE_INSENSITIVE) &&
  843. !FlagOn(SmbHeader->Flags2,SMB_FLAGS2_KNOWS_LONG_NAMES)) {
  844. Status = RtlUpcaseUnicodeStringToOemString(
  845. &OemString,
  846. Zstring,
  847. FALSE);
  848. } else {
  849. Status = RtlUnicodeStringToOemString(
  850. &OemString,
  851. Zstring,
  852. FALSE);
  853. }
  855. if (!NT_SUCCESS(Status)) {
  856. StufferFLoopTrace((" StufferFloop '4/z/>' bufferoverrun(ascii)\n", 0));
  857. ASSERT(!"BufferOverrun");
  858. return(RX_MAP_STATUS(BUFFER_OVERFLOW));
  859. }
  861. *CurrentPosition += OemString.Length + 1;
  862. *(*CurrentPosition-1) = 0;
  864. }
  865. break;
  866. case 'U':
  867. case 'u':
  868. //copy bytes from an UNICODE string including a trailing NULL
  869. Zstring = va_arg(AP,PUNICODE_STRING);
  870. StufferFLoopTrace((" StufferFloop 'u' stringing = %wZ\n", Zstring));
  871. if (((ULONG_PTR)(*CurrentPosition))&1) {
  872. StufferFLoopTrace((" StufferFloop 'u' aligning\n", 0));
  873. *CurrentPosition+=1;
  874. }
  875. PreviousPosition = *CurrentPosition;
  876. *CurrentPosition += (Zstring->Length + sizeof(WCHAR));
  877. if (*CurrentPosition >= StufferState->BufferLimit) {
  878. StufferFLoopTrace((" StufferFloop 'u' bufferoverrun\n", 0));
  879. return(RX_MAP_STATUS(BUFFER_OVERFLOW));
  880. }
  881. RtlCopyMemory(PreviousPosition,Zstring->Buffer,Zstring->Length);
  882. *(((PWCHAR)(*CurrentPosition))-1) = 0;
  883. break;
  884. case 'V':
  885. case 'v':
  886. //copy bytes from an UNICODE string no trailing NUL
  887. Zstring = va_arg(AP,PUNICODE_STRING);
  888. StufferFLoopTrace((" StufferFloop 'v' stringing = %wZ\n", Zstring));
  889. if (((ULONG_PTR)(*CurrentPosition))&1) {
  890. StufferFLoopTrace((" StufferFloop 'v' aligning\n", 0));
  891. *CurrentPosition+=1;
  892. }
  893. PreviousPosition = *CurrentPosition;
  894. *CurrentPosition += Zstring->Length;
  895. if (*CurrentPosition >= StufferState->BufferLimit) {
  896. StufferFLoopTrace((" StufferFloop 'v' bufferoverrun\n", 0));
  897. ASSERT(!"BufferOverrun");
  898. return(RX_MAP_STATUS(BUFFER_OVERFLOW));
  899. }
  900. RtlCopyMemory(PreviousPosition,Zstring->Buffer,Zstring->Length);
  901. break;
  902. case 'N':
  903. case 'n':
  904. //copy bytes from a NetRoot name....w null
  905. //joejoe we need to do the # thing here
  906. NetRoot = va_arg(AP,PNET_ROOT);
  907. ASSERT(NodeType(NetRoot)==RDBSS_NTC_NETROOT);
  908. Zstring = &NetRoot->PrefixEntry.Prefix;
  909. StufferFLoopTrace((" StufferFloop 'n' stringing = %wZ\n", Zstring));
  910. if (StufferState->Flags2Copy&SMB_FLAGS2_UNICODE) {
  911. if (((ULONG_PTR)(*CurrentPosition))&1) {
  912. StufferFLoopTrace((" StufferFloop 'n' aligning\n", 0));
  913. *CurrentPosition+=1;
  914. }
  915. PreviousPosition = *CurrentPosition;
  916. *CurrentPosition += (Zstring->Length + 2 * sizeof(WCHAR)); //extra \ plus a nul
  917. if (*CurrentPosition >= StufferState->BufferLimit) {
  918. StufferFLoopTrace((" StufferFloop 'n' bufferoverrun\n", 0));
  919. ASSERT(!"BufferOverrun");
  920. return(RX_MAP_STATUS(BUFFER_OVERFLOW));
  921. }
  922. *((PWCHAR)PreviousPosition) = '\\';
  923. RtlCopyMemory(PreviousPosition+sizeof(WCHAR),Zstring->Buffer,Zstring->Length);
  924. *(((PWCHAR)(*CurrentPosition))-1) = 0;
  925. }
  926. break;
  927. case '?':
  928. //early out....used in transact to do the setup
  929. EarlyReturn = va_arg(AP,ULONG);
  930. StufferFLoopTrace((" StufferFloop '?' out if 0==%08lx\n",EarlyReturn));
  931. if (EarlyReturn==0) return RX_MAP_STATUS(SUCCESS);
  932. break;
  933. case '.':
  934. //noop...used to reenter without a real formatting string
  935. StufferFLoopTrace((" StufferFloop '.'\n",0));
  936. break;
  937. case '!':
  938. if (CurrentStufferControl == STUFFER_CTL_SKIP) break;
  939. ASSERT (SmbGetUshort (*CurrentBcc) == MRXSMB_INITIAL_BCC);
  940. ByteCount = (USHORT)(*CurrentPosition-*CurrentBcc-sizeof(USHORT));
  941. StufferFLoopTrace((" StufferFloop '!' arg=%lu\n",ByteCount));
  942. SmbPutUshort (*CurrentBcc, (USHORT)ByteCount);
  943. return RX_MAP_STATUS(SUCCESS);
  944. default:
  945. StufferFLoopTrace((" StufferFloop '%c' BADBADBAD\n",*CurrentFormatString));
  946. ASSERT(!"Illegal Controlstring character\n");
  947. } //switch
  948. }//for
  949. break;
  950. case 0:
  951. return RX_MAP_STATUS(SUCCESS);
  952. default:
  953. StufferCLoopTrace((" StufferCloop %u BADBADBAD\n",CurrentStufferControl));
  954. ASSERT(!"IllegalStufferControl\n");
  955. }//switch
  957. CurrentStufferControl = va_arg(AP,SMB_STUFFER_CONTROLS);
  958. StufferCLoopTrace((" StufferCloop NewStufferControl=%u \n",CurrentStufferControl));
  960. } //for
  962. return RX_MAP_STATUS(SUCCESS);
  963. }
  965. VOID
  966. MRxSmbStuffAppendRawData(
  967. IN OUT PSMBSTUFFER_BUFFER_STATE StufferState,
  968. IN PMDL Mdl
  969. )
  970. {
  971. PMDL pMdl;
  973. PAGED_CODE();
  975. ASSERT(!StufferState->DataMdl);
  976. pMdl = StufferState->DataMdl = Mdl;
  977. StufferState->DataSize = 0;
  979. while (pMdl != NULL) {
  980. StufferState->DataSize += pMdl->ByteCount;
  981. pMdl = pMdl->Next;
  982. }
  984. return;
  985. }
  987. VOID
  988. MRxSmbStuffAppendSmbData(
  989. IN OUT PSMBSTUFFER_BUFFER_STATE StufferState,
  990. IN PMDL Mdl
  991. )
  992. {
  993. ULONG Offset;
  995. PAGED_CODE();
  997. ASSERT(!StufferState->DataMdl);
  998. StufferState->DataMdl = Mdl;
  999. StufferState->DataSize = Mdl->ByteCount;
  1000. //now reach back into the buffer and set the SMB data offset; if it is already set...just get out
  1001. if (SmbGetUshort (StufferState->CurrentDataOffset) == MRXSMB_INITIAL_DATAOFFSET){
  1002. Offset = (ULONG)(StufferState->CurrentPosition - StufferState->BufferBase);
  1003. RxDbgTrace(0, Dbg,("MRxSmbStuffAppendSmbData offset=%lu\n",Offset));
  1004. SmbPutUshort (StufferState->CurrentDataOffset, (USHORT)Offset);
  1005. }
  1006. return;
  1007. }
  1009. VOID
  1010. MRxSmbStuffSetByteCount(
  1011. IN OUT PSMBSTUFFER_BUFFER_STATE StufferState
  1012. )
  1013. {
  1014. ULONG ByteCount;
  1016. PAGED_CODE();
  1018. ASSERT (SmbGetUshort (StufferState->CurrentBcc) == MRXSMB_INITIAL_BCC);
  1019. ByteCount = (ULONG)(StufferState->CurrentPosition
  1020. - StufferState->CurrentBcc
  1021. - sizeof(USHORT)
  1022. + StufferState->DataSize);
  1023. RxDbgTrace(0, Dbg,("MRxSmbStuffSetByteCount ByteCount=%lu\n",ByteCount));
  1024. SmbPutUshort (StufferState->CurrentBcc, (USHORT)ByteCount);
  1025. return;
  1026. }