archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
1.5 GiB
Tree: 5c6fe3db62
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '5c6fe3db62'
${ noResults }
windows-server-2003/base/ntsetup/textmode/cmdcons/util.c

687 lines
17 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. /*++
  3. Copyright (c) 1998 Microsoft Corporation
  5. Module Name:
  7. util.c
  9. Abstract:
  11. This module implements all utility functions.
  13. Author:
  15. Wesley Witt (wesw) 21-Oct-1998
  17. Revision History:
  19. --*/
  21. #include "cmdcons.h"
  22. #pragma hdrstop
  25. #include "remboot.h"
  27. HANDLE NetUseHandles[26] = { NULL };
  28. BOOLEAN RdrIsInKernelMode = FALSE;
  30. RC_ALLOWED_DIRECTORY AllowedDirs[] = {
  31. { FALSE, L"$WIN_NT$.~BT" },
  32. { FALSE, L"$WIN_NT$.~LS" },
  33. { FALSE, L"CMDCONS" },
  34. { TRUE, L"SYSTEM VOLUME INFORMATION" }
  35. };
  37. BOOLEAN
  38. RcIsPathNameAllowed(
  39. IN LPCWSTR FullPath,
  40. IN BOOLEAN RemovableMediaOk,
  41. IN BOOLEAN Mkdir
  42. )
  44. /*++
  46. Routine Description:
  48. This routine verifies that the specified path name is
  49. allowed based on the security context that the console
  50. user is logged into.
  52. Arguments:
  54. FullPath - specifies the full path to be verified.
  56. Return Value:
  58. FALSE if failure, indicating the path is not allowed.
  59. TRUE otherwise.
  61. --*/
  63. {
  64. WCHAR TempBuf[MAX_PATH*2];
  65. UNICODE_STRING UnicodeString;
  66. OBJECT_ATTRIBUTES Obja;
  67. HANDLE Handle;
  68. IO_STATUS_BLOCK IoStatusBlock;
  69. NTSTATUS Status;
  70. BOOL isDirectory = TRUE;
  71. BOOLEAN OnRemovableMedia;
  73. //
  74. // should we bypass security?
  75. //
  77. if (AllowAllPaths) {
  78. return TRUE;
  79. }
  81. //
  82. // some special processing for dos paths
  83. // we must make sure that only the root and %systemdir% are allowed.
  84. //
  86. if (FullPath[1] == L':' && FullPath[2] == L'\\' && FullPath[3] == 0) {
  87. //
  88. // root directory is ok.
  89. //
  90. return TRUE;
  91. }
  93. SpStringToUpper((PWSTR)FullPath);
  95. if (!RcGetNTFileName((PWSTR)FullPath,TempBuf))
  96. return FALSE;
  98. INIT_OBJA(&Obja,&UnicodeString,TempBuf);
  100. Status = ZwOpenFile(
  101. &Handle,
  102. FILE_READ_ATTRIBUTES,
  103. &Obja,
  104. &IoStatusBlock,
  105. FILE_SHARE_READ | FILE_SHARE_WRITE,
  106. FILE_DIRECTORY_FILE
  107. );
  108. if( !NT_SUCCESS(Status) ) {
  109. isDirectory = FALSE;
  111. } else {
  112. ZwClose( Handle );
  113. }
  115. if (isDirectory == FALSE && wcsrchr( FullPath, L'\\' ) == ( &FullPath[2] )) {
  116. //
  117. // if the cannonicalized path has only one slash the user is trying to do something
  118. // to the files in the root, which we allow.
  119. //
  120. // however we do not allow users to mess with directories at the root
  121. //
  122. if (Mkdir) {
  123. return FALSE;
  124. } else {
  125. return TRUE;
  126. }
  127. }
  129. ASSERT(SelectedInstall != NULL);
  131. if(SelectedInstall != NULL) {
  132. //
  133. // Get the length of the first element in the path
  134. //
  135. size_t i;
  136. LPCWSTR RelPath = FullPath + 3;
  137. WCHAR SelectedInstallDrive = RcToUpper(SelectedInstall->DriveLetter);
  139. //
  140. // See if path begins with the install path
  141. //
  142. if(FullPath[0] == SelectedInstallDrive && RcPathBeginsWith(RelPath, SelectedInstall->Path)) {
  143. return TRUE;
  144. }
  146. //
  147. // See if the path begins with an allowed dir
  148. //
  149. for(i = 0; i < sizeof(AllowedDirs) / sizeof(AllowedDirs[0]); ++i) {
  150. if((!AllowedDirs[i].MustBeOnInstallDrive || FullPath[0] == SelectedInstallDrive) &&
  151. RcPathBeginsWith(FullPath + 3, AllowedDirs[i].Directory)) {
  152. return TRUE;
  153. }
  154. }
  155. }
  157. Status = RcIsFileOnRemovableMedia(TempBuf, &OnRemovableMedia);
  159. if (NT_SUCCESS(Status) && OnRemovableMedia) {
  160. if (RemovableMediaOk) {
  161. return TRUE;
  162. }
  163. }
  165. if (RcIsNetworkDrive(TempBuf) == STATUS_SUCCESS) {
  166. //
  167. // Context that was used for connection will do appropriate security checking.
  168. //
  169. return TRUE;
  170. }
  172. return FALSE;
  173. }
  176. BOOLEAN
  177. RcDoesPathHaveWildCards(
  178. IN LPCWSTR FullPath
  179. )
  181. /*++
  183. Routine Description:
  185. This routine verifies that the specified path name is
  186. allowed based on the security context that the console
  187. user is logged into.
  189. Arguments:
  191. FullPath - specifies the full path to be verified.
  193. Return Value:
  195. FALSE if failure, indicating the path is not allowed.
  196. TRUE otherwise.
  198. --*/
  200. {
  201. if (wcsrchr( FullPath, L'*' )) {
  202. return TRUE;
  203. }
  205. if (wcsrchr( FullPath, L'?' )) {
  206. return TRUE;
  207. }
  209. return FALSE;
  210. }
  212. NTSTATUS
  213. RcIsNetworkDrive(
  214. IN PWSTR FileName
  215. )
  217. /*++
  219. Routine Description:
  221. This routine returns if the FileName given is a network path.
  223. Arguments:
  225. FileName - specifies the full path to be checked.
  227. Return Value:
  229. Any other than STATUS_SUCCESS if failure, indicating the path is not on the network,
  230. STATUS_SUCCESS otherwise.
  232. --*/
  234. {
  235. NTSTATUS Status;
  236. FILE_FS_DEVICE_INFORMATION DeviceInfo;
  237. PWSTR BaseNtName;
  239. if (wcsncmp(FileName, L"\\DosDevice", wcslen(L"\\DosDevice")) == 0) {
  240. Status = GetDriveLetterLinkTarget( FileName, &BaseNtName );
  242. if (!NT_SUCCESS(Status)) {
  243. return Status;
  244. }
  245. } else {
  246. BaseNtName = FileName;
  247. }
  249. Status = pRcGetDeviceInfo( BaseNtName, &DeviceInfo );
  250. if(NT_SUCCESS(Status)) {
  251. if (DeviceInfo.DeviceType != FILE_DEVICE_NETWORK_FILE_SYSTEM) {
  252. Status = STATUS_NO_MEDIA;
  253. }
  254. }
  256. return Status;
  257. }
  260. NTSTATUS
  261. RcDoNetUse(
  262. PWSTR Share,
  263. PWSTR User,
  264. PWSTR Password,
  265. PWSTR Drive
  266. )
  268. /*++
  270. Routine Description:
  272. This routine attempts to make a connection using the redirector to the remote server.
  274. Arguments:
  276. Share - A string of the form "\\server\share"
  278. User - A string of the form "domain\user"
  280. Password - A string containing the password information.
  282. Drive - Filled in with a string of the form "X", where X is the drive letter the share
  283. has been mapped to.
  285. Return Value:
  287. STATUS_SUCCESS if successful, indicating Drive contains the mapped drive letter,
  288. otherwise the appropriate error code.
  290. --*/
  292. {
  293. NTSTATUS Status;
  294. PWSTR NtDeviceName;
  295. ULONG ShareLength;
  296. WCHAR DriveLetter;
  297. WCHAR temporaryBuffer[128];
  298. PWCHAR Temp, Temp2;
  299. HANDLE Handle;
  300. ULONG EaBufferLength;
  301. PWSTR UserName;
  302. PWSTR DomainName;
  303. PVOID EaBuffer;
  304. UNICODE_STRING UnicodeString;
  305. UNICODE_STRING UnicodeString2;
  306. OBJECT_ATTRIBUTES ObjectAttributes;
  307. IO_STATUS_BLOCK IoStatusBlock;
  308. PFILE_FULL_EA_INFORMATION FullEaInfo;
  310. //
  311. // Switch the redirector to kernel-mode security if it is not.
  312. //
  313. if (!RdrIsInKernelMode) {
  314. Status = PutRdrInKernelMode();
  316. if (!NT_SUCCESS(Status)) {
  317. return Status;
  318. }
  320. RdrIsInKernelMode = TRUE;
  321. }
  323. //
  324. // Search for an open drive letter, starting at D: and working up.
  325. //
  326. wcscpy(temporaryBuffer, L"\\DosDevices\\D:");
  327. Temp = wcsstr(temporaryBuffer, L"D:");
  329. for (DriveLetter = L'D'; (Temp && (DriveLetter <= L'Z')); DriveLetter++) {
  330. *Temp = DriveLetter;
  332. Status = GetDriveLetterLinkTarget( temporaryBuffer, &Temp2 );
  334. if (!NT_SUCCESS(Status)) {
  335. break;
  336. }
  337. }
  339. if (DriveLetter > L'Z') {
  340. return STATUS_OBJECT_NAME_INVALID;
  341. }
  343. //
  344. // Build the NT device name.
  345. //
  346. ShareLength = wcslen(Share);
  347. NtDeviceName = SpMemAlloc(ShareLength * sizeof(WCHAR) + sizeof(L"\\Device\\LanmanRedirector\\;X:0"));
  348. if (NtDeviceName == NULL) {
  349. return STATUS_NO_MEMORY;
  350. }
  351. wcscpy(NtDeviceName, L"\\Device\\LanmanRedirector\\;");
  352. temporaryBuffer[0] = DriveLetter;
  353. temporaryBuffer[1] = UNICODE_NULL;
  354. wcscat(NtDeviceName, temporaryBuffer);
  355. wcscat(NtDeviceName, L":0");
  356. wcscat(NtDeviceName, Share + 1);
  358. //
  359. // Chop the username and domainname into individual values.
  360. //
  361. wcscpy(temporaryBuffer, User);
  362. DomainName = temporaryBuffer;
  363. UserName = wcsstr(temporaryBuffer, L"\\");
  365. if (UserName == NULL) {
  366. SpMemFree(NtDeviceName);
  367. return STATUS_OBJECT_NAME_INVALID;
  368. }
  369. *UserName = UNICODE_NULL;
  370. UserName++;
  372. //
  373. // Create buffer with user credentials
  374. //
  376. EaBufferLength = FIELD_OFFSET(FILE_FULL_EA_INFORMATION, EaName[0]);
  377. EaBufferLength += sizeof(EA_NAME_DOMAIN);
  378. EaBufferLength += (wcslen(DomainName) * sizeof(WCHAR));
  379. if (EaBufferLength & (sizeof(ULONG) - 1)) {
  380. //
  381. // Long align the next entry
  382. //
  383. EaBufferLength += (sizeof(ULONG) - (EaBufferLength & (sizeof(ULONG) - 1)));
  384. }
  386. EaBufferLength += FIELD_OFFSET(FILE_FULL_EA_INFORMATION, EaName[0]);
  387. EaBufferLength += sizeof(EA_NAME_USERNAME);
  388. EaBufferLength += (wcslen(UserName) * sizeof(WCHAR));
  389. if (EaBufferLength & (sizeof(ULONG) - 1)) {
  390. //
  391. // Long align the next entry
  392. //
  393. EaBufferLength += (sizeof(ULONG) - (EaBufferLength & (sizeof(ULONG) - 1)));
  394. }
  396. EaBufferLength += FIELD_OFFSET(FILE_FULL_EA_INFORMATION, EaName[0]);
  397. EaBufferLength += sizeof(EA_NAME_PASSWORD);
  398. EaBufferLength += (wcslen(Password) * sizeof(WCHAR));
  400. EaBuffer = SpMemAlloc(EaBufferLength);
  401. if (EaBuffer == NULL) {
  402. SpMemFree(NtDeviceName);
  403. return STATUS_NO_MEMORY;
  404. }
  406. FullEaInfo = (PFILE_FULL_EA_INFORMATION)EaBuffer;
  408. FullEaInfo->Flags = 0;
  409. FullEaInfo->EaNameLength = sizeof(EA_NAME_DOMAIN) - 1;
  410. FullEaInfo->EaValueLength = (wcslen(DomainName)) * sizeof(WCHAR);
  411. strcpy(&(FullEaInfo->EaName[0]), EA_NAME_DOMAIN);
  412. memcpy(&(FullEaInfo->EaName[FullEaInfo->EaNameLength + 1]), DomainName, FullEaInfo->EaValueLength);
  413. FullEaInfo->NextEntryOffset = FIELD_OFFSET(FILE_FULL_EA_INFORMATION, EaName[0]) +
  414. FullEaInfo->EaNameLength + 1 +
  415. FullEaInfo->EaValueLength;
  416. if (FullEaInfo->NextEntryOffset & (sizeof(ULONG) - 1)) {
  417. FullEaInfo->NextEntryOffset += (sizeof(ULONG) -
  418. (FullEaInfo->NextEntryOffset &
  419. (sizeof(ULONG) - 1)));
  420. }
  423. FullEaInfo = (PFILE_FULL_EA_INFORMATION)(((char *)FullEaInfo) + FullEaInfo->NextEntryOffset);
  425. FullEaInfo->Flags = 0;
  426. FullEaInfo->EaNameLength = sizeof(EA_NAME_USERNAME) - 1;
  427. FullEaInfo->EaValueLength = (wcslen(UserName)) * sizeof(WCHAR);
  428. strcpy(&(FullEaInfo->EaName[0]), EA_NAME_USERNAME);
  429. memcpy(&(FullEaInfo->EaName[FullEaInfo->EaNameLength + 1]), UserName, FullEaInfo->EaValueLength);
  430. FullEaInfo->NextEntryOffset = FIELD_OFFSET(FILE_FULL_EA_INFORMATION, EaName[0]) +
  431. FullEaInfo->EaNameLength + 1 +
  432. FullEaInfo->EaValueLength;
  433. if (FullEaInfo->NextEntryOffset & (sizeof(ULONG) - 1)) {
  434. FullEaInfo->NextEntryOffset += (sizeof(ULONG) -
  435. (FullEaInfo->NextEntryOffset &
  436. (sizeof(ULONG) - 1)));
  437. }
  440. FullEaInfo = (PFILE_FULL_EA_INFORMATION)(((char *)FullEaInfo) + FullEaInfo->NextEntryOffset);
  442. FullEaInfo->Flags = 0;
  443. FullEaInfo->EaNameLength = sizeof(EA_NAME_PASSWORD) - 1;
  444. FullEaInfo->EaValueLength = (wcslen(Password)) * sizeof(WCHAR);
  445. strcpy(&(FullEaInfo->EaName[0]), EA_NAME_PASSWORD);
  446. memcpy(&(FullEaInfo->EaName[FullEaInfo->EaNameLength + 1]), Password, FullEaInfo->EaValueLength);
  447. FullEaInfo->NextEntryOffset = 0;
  449. //
  450. // Now make the connection
  451. //
  452. RtlInitUnicodeString(&UnicodeString, NtDeviceName);
  453. InitializeObjectAttributes(&ObjectAttributes,
  454. &UnicodeString,
  455. OBJ_CASE_INSENSITIVE,
  456. NULL,
  457. NULL
  458. );
  460. Status = ZwCreateFile(&Handle,
  461. SYNCHRONIZE,
  462. &ObjectAttributes,
  463. &IoStatusBlock,
  464. NULL,
  465. FILE_ATTRIBUTE_NORMAL,
  466. FILE_SHARE_READ,
  467. FILE_OPEN_IF,
  468. (FILE_CREATE_TREE_CONNECTION | FILE_SYNCHRONOUS_IO_NONALERT),
  469. EaBuffer,
  470. EaBufferLength
  471. );
  473. if (NT_SUCCESS(Status) && NT_SUCCESS(IoStatusBlock.Status)) {
  474. //
  475. // Save off the handle so we can close it later if need be
  476. //
  477. NetUseHandles[DriveLetter - L'A'] = Handle;
  478. Drive[0] = DriveLetter;
  479. Drive[1] = L':';
  480. Drive[2] = UNICODE_NULL;
  482. //
  483. // Now create a symbolic link from the dos drive letter to the redirector
  484. //
  485. wcscpy(temporaryBuffer, L"\\DosDevices\\");
  486. wcscat(temporaryBuffer, Drive);
  487. RtlInitUnicodeString(&UnicodeString2, temporaryBuffer);
  489. Status = IoCreateSymbolicLink(&UnicodeString2, &UnicodeString);
  490. if (!NT_SUCCESS(Status)) {
  491. ZwClose(Handle);
  492. NetUseHandles[DriveLetter - L'A'] = NULL;
  493. } else {
  494. RcAddDrive(DriveLetter);
  495. }
  497. }
  499. SpMemFree(NtDeviceName);
  500. return Status;
  501. }
  504. NTSTATUS
  505. RcNetUnuse(
  506. PWSTR Drive
  507. )
  509. /*++
  511. Routine Description:
  513. This routine closes a network connection.
  515. Arguments:
  517. Drive - A string of the form "X:", where X is the drive letter returned by a previous call to
  518. NetDoNetUse().
  520. Return Value:
  522. STATUS_SUCCESS if successful, indicating the drive letter has been unmapped,
  523. otherwise the appropriate error code.
  525. --*/
  527. {
  528. NTSTATUS Status;
  529. WCHAR DriveLetter;
  530. WCHAR temporaryBuffer[128];
  531. UNICODE_STRING UnicodeString;
  533. DriveLetter = *Drive;
  534. if ((DriveLetter >= L'a') && (DriveLetter <= L'z')) {
  535. DriveLetter = L'A' + (DriveLetter - L'a');
  536. }
  538. if ((DriveLetter < L'A') | (DriveLetter > L'Z')) {
  539. return STATUS_OBJECT_NAME_INVALID;
  540. }
  542. if (NetUseHandles[DriveLetter - L'A'] == NULL) {
  543. return STATUS_OBJECT_NAME_INVALID;
  544. }
  546. if (RcGetCurrentDriveLetter() == DriveLetter) {
  547. return STATUS_CONNECTION_IN_USE;
  548. }
  550. wcscpy(temporaryBuffer, L"\\DosDevices\\");
  551. wcscat(temporaryBuffer, Drive);
  552. RtlInitUnicodeString(&UnicodeString, temporaryBuffer);
  554. Status = IoDeleteSymbolicLink(&UnicodeString);
  556. if (NT_SUCCESS(Status)) {
  557. ZwClose(NetUseHandles[DriveLetter - L'A']);
  558. NetUseHandles[DriveLetter - L'A'] = NULL;
  559. RcRemoveDrive(DriveLetter);
  560. }
  562. return Status;
  563. }
  567. NTSTATUS
  568. PutRdrInKernelMode(
  569. VOID
  570. )
  572. /*++
  574. Routine Description:
  576. This routine IOCTLs down to the rdr to force it to use kernel-mode security.
  578. Arguments:
  580. None.
  582. Return Value:
  584. STATUS_SUCCESS if successful, otherwise the appropriate error code.
  586. --*/
  588. {
  589. OBJECT_ATTRIBUTES ObjectAttributes;
  590. UNICODE_STRING UnicodeString;
  591. IO_STATUS_BLOCK IoStatusBlock;
  592. NTSTATUS Status;
  593. HANDLE Handle;
  595. RtlInitUnicodeString(&UnicodeString, DD_NFS_DEVICE_NAME_U);
  597. InitializeObjectAttributes(
  598. &ObjectAttributes,
  599. &UnicodeString,
  600. OBJ_CASE_INSENSITIVE,
  601. NULL,
  602. NULL
  603. );
  605. Status = ZwCreateFile(
  606. &Handle,
  607. GENERIC_READ | GENERIC_WRITE,
  608. &ObjectAttributes,
  609. &IoStatusBlock,
  610. NULL,
  611. 0,
  612. FILE_SHARE_READ | FILE_SHARE_WRITE | FILE_SHARE_DELETE,
  613. FILE_OPEN,
  614. FILE_SYNCHRONOUS_IO_NONALERT,
  615. NULL,
  616. 0
  617. );
  619. if (!NT_SUCCESS(Status)) {
  620. KdPrint(("SPCMDCON: Unable to open redirector. %x\n", Status));
  621. return Status;
  622. }
  624. Status = ZwDeviceIoControlFile(Handle,
  625. NULL,
  626. NULL,
  627. NULL,
  628. &IoStatusBlock,
  629. IOCTL_LMMR_USEKERNELSEC,
  630. NULL,
  631. 0,
  632. NULL,
  633. 0
  634. );
  636. if (NT_SUCCESS(Status)) {
  637. Status = IoStatusBlock.Status;
  638. }
  640. ZwClose(Handle);
  642. return Status;
  643. }
  645. BOOLEAN
  646. RcIsArc(
  647. VOID
  648. )
  650. /*++
  652. Routine Description:
  654. Run time check to determine if this is an Arc system. We attempt to read an
  655. Arc variable using the Hal. This will fail for Bios based systems.
  657. Arguments:
  659. None
  661. Return Value:
  663. True = This is an Arc system.
  665. --*/
  667. {
  668. #ifdef _X86_
  669. ARC_STATUS ArcStatus = EBADF;
  670. //
  671. // Get the env var into the temp buffer.
  672. //
  673. UCHAR wbuff[130];
  674. //
  675. // Get the env var into the temp buffer.
  676. //
  677. ArcStatus = HalGetEnvironmentVariable(
  678. "OsLoader",
  679. sizeof(wbuff),
  680. wbuff
  681. );
  683. return((ArcStatus == ESUCCESS) ? TRUE: FALSE);
  684. #else
  685. return TRUE;
  686. #endif
  687. }