archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
4.9 GiB
Tree: 5c6fe3db62
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '5c6fe3db62'
${ noResults }
windows-server-2003/net/netbt/smb/sys/connect.c

1253 lines
38 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. /*++
  3. Copyright (c) 1989-2001 Microsoft Corporation
  5. Module Name:
  7. connect.c
  9. Abstract:
  11. Implement the session setup/shutdown (TDI_CONNECT and TDI_DISCONNECT)
  13. Author:
  15. Jiandong Ruan
  17. Revision History:
  19. --*/
  20. #include "precomp.h"
  21. #include "connect.tmh"
  23. NTSTATUS
  24. FindTdiAddress(
  25. PVOID TdiAddress,
  26. ULONG TdiAddressLength,
  27. USHORT AddressType,
  28. PVOID *AddressFound,
  29. PULONG AddressLength
  30. );
  32. void
  33. SmbGetHostCompletion(
  34. PSMB_GETHOST_CONTEXT Context
  35. );
  37. VOID
  38. SmbStartTcpSession (
  39. PSMB_CONNECT_CONTEXT pSmbConnectContext
  40. );
  42. void
  43. SmbStartTcpSessionCompletion(
  44. PSMB_CONNECT_CONTEXT Context
  45. );
  47. NTSTATUS
  48. SmbQueueStartTcpSession (
  49. IN PSMB_CONNECT_CONTEXT pSmbConnectContext
  50. );
  52. NTSTATUS
  53. SmbCheckConnect(
  54. PSMB_CONNECT ConnectObject
  55. )
  56. /*++
  58. Routine Description:
  60. This function checks if a connection object is in a valid state
  61. for making a connection.
  63. Arguments:
  65. Return Value:
  67. --*/
  68. {
  69. ASSERT(KeGetCurrentIrql() >= DISPATCH_LEVEL);
  71. if (IsDisAssociated(ConnectObject)) {
  72. ASSERT(0);
  73. return STATUS_INVALID_HANDLE;
  74. }
  76. if (IsBusy(ConnectObject)) {
  77. return STATUS_DEVICE_BUSY;
  78. }
  80. if (!IsDisconnected(ConnectObject)) {
  81. return STATUS_INVALID_DEVICE_REQUEST;
  82. }
  84. //
  85. // Don't allow SRV to make outbound connection
  86. //
  87. if (ConnectObject->ClientObject == ConnectObject->Device->SmbServer) {
  88. ASSERT(0);
  89. return STATUS_INVALID_DEVICE_REQUEST;
  90. }
  92. if (ConnectObject->TcpContext) {
  93. ASSERT(0);
  94. return STATUS_INVALID_DEVICE_REQUEST;
  95. }
  96. return STATUS_SUCCESS;
  97. }
  99. NTSTATUS
  100. SmbConnect(
  101. PSMB_DEVICE Device,
  102. PIRP Irp
  103. )
  104. /*++
  106. Routine Description:
  108. TDI_CONNECT
  110. Note:
  111. Starting from Whistler, RDR always send us a TDI_NETBIOS_UNICODE_EX address. Support for
  112. other address type is postponed. TDI_NETBIOS_UNICODE_EX is a superset of TDI_NETBIOS and
  113. TDI_NETBIOS_EX.
  115. Arguments:
  117. Return Value:
  119. Note:
  120. Since it is inconvinient to clean up TCP connection (it requires PASSIVE_LEVEL),
  121. we don't cleanup it. We still keep the TCP connection even though we got an error.
  122. The cleanup of TCP connections will be postponed until the client call TDI_DISCONNECT,
  123. TDI_DISASSOCIATE_ADDRESS or close the connection.
  125. --*/
  126. {
  127. DWORD Size = 0;
  128. PSMB_GETHOST_CONTEXT Context = NULL;
  129. PIO_STACK_LOCATION IrpSp = NULL;
  130. KIRQL Irql;
  131. PSMB_CONNECT ConnectObject = NULL;
  132. NTSTATUS status;
  133. ULONG AddressLength;
  134. PTDI_REQUEST_KERNEL pRequestKernel = NULL;
  135. UNICODE_STRING RemoteName;
  136. PTDI_ADDRESS_NETBIOS_UNICODE_EX pUnicodeAddress = NULL;
  138. PAGED_CODE();
  140. IrpSp = IoGetCurrentIrpStackLocation(Irp);
  141. ConnectObject = SmbVerifyAndReferenceConnect(IrpSp->FileObject, SMB_REF_CONNECT);
  142. if (NULL == ConnectObject) {
  143. ASSERT(0);
  144. return STATUS_INVALID_HANDLE;
  145. }
  146. pRequestKernel = (PTDI_REQUEST_KERNEL)&IrpSp->Parameters;
  148. SmbTrace (SMB_TRACE_CONNECT, ("TDI_CONNECT: pIrp %p ConnectOb %p", Irp, ConnectObject));
  149. SmbPrint (SMB_TRACE_CONNECT, ("TDI_CONNECT: %p\n", ConnectObject));
  151. //
  152. // Mark ConnectObject pending
  153. //
  154. SMB_ACQUIRE_SPINLOCK(ConnectObject, Irql);
  155. status = SmbCheckConnect(ConnectObject);
  156. if (STATUS_SUCCESS != status) {
  157. SMB_RELEASE_SPINLOCK(ConnectObject, Irql);
  158. SmbTrace (SMB_TRACE_CONNECT, ("TDI_CONNECT: %p %!status!", ConnectObject, status));
  160. ASSERT(status != STATUS_PENDING);
  161. SmbDereferenceConnect(ConnectObject, SMB_REF_CONNECT);
  162. return status;
  163. }
  165. IoMarkIrpPending(Irp);
  167. SmbReuseConnectObject(ConnectObject);
  168. ConnectObject->State = SMB_CONNECTING;
  169. ConnectObject->PendingIRPs[SMB_PENDING_CONNECT] = Irp;
  170. ConnectObject->Originator = TRUE;
  172. SMB_RELEASE_SPINLOCK(ConnectObject, Irql);
  174. //
  175. // Get remote name
  176. //
  177. status = FindTdiAddress(
  178. pRequestKernel->RequestConnectionInformation->RemoteAddress,
  179. pRequestKernel->RequestConnectionInformation->RemoteAddressLength,
  180. TDI_ADDRESS_TYPE_NETBIOS_UNICODE_EX,
  181. &pUnicodeAddress,
  182. &AddressLength
  183. );
  184. if (status != STATUS_SUCCESS || AddressLength < sizeof(TDI_ADDRESS_NETBIOS_UNICODE_EX)) {
  185. status = STATUS_INVALID_ADDRESS_COMPONENT;
  186. SmbTrace (SMB_TRACE_CONNECT, ("TDI_CONNECT: %p %!status!", ConnectObject, status));
  187. goto cleanup;
  188. }
  190. //
  191. // We support only NBT_READWRITE buffer type
  192. //
  193. if (pUnicodeAddress->NameBufferType != NBT_READWRITE) {
  194. status = STATUS_INVALID_ADDRESS_COMPONENT;
  195. SmbTrace (SMB_TRACE_CONNECT, ("TDI_CONNECT: %p %!status!", ConnectObject, status));
  196. goto cleanup;
  197. }
  198. if (pUnicodeAddress->RemoteName.Buffer != pUnicodeAddress->RemoteNameBuffer) {
  199. status = STATUS_INVALID_ADDRESS_COMPONENT;
  200. SmbTrace (SMB_TRACE_CONNECT, ("TDI_CONNECT: %p %!status!", ConnectObject, status));
  201. goto cleanup;
  202. }
  203. if (pUnicodeAddress->RemoteName.MaximumLength < sizeof(WCHAR)) {
  204. ASSERT(0);
  205. status = STATUS_INVALID_ADDRESS_COMPONENT;
  206. SmbTrace (SMB_TRACE_CONNECT, ("TDI_CONNECT: %p %!status!", ConnectObject, status));
  207. goto cleanup;
  208. }
  209. if (AddressLength < pUnicodeAddress->RemoteName.MaximumLength + sizeof(TDI_ADDRESS_NETBIOS_UNICODE_EX) - 2) {
  210. ASSERT(0);
  211. status = STATUS_INVALID_ADDRESS_COMPONENT;
  212. SmbTrace (SMB_TRACE_CONNECT, ("TDI_CONNECT: %p %!status!", ConnectObject, status));
  213. goto cleanup;
  214. }
  216. //
  217. // Do DNS name resolution
  218. //
  219. Size = ALIGN(sizeof(SMB_GETHOST_CONTEXT)) + DNS_NAME_BUFFER_LENGTH * sizeof(WCHAR);
  220. Context = (PSMB_GETHOST_CONTEXT)ExAllocatePoolWithTag(
  221. NonPagedPool,
  222. Size,
  223. 'hBMS'
  224. );
  225. if (NULL == Context) {
  226. status = STATUS_NO_MEMORY;
  227. SmbTrace (SMB_TRACE_CONNECT, ("TDI_CONNECT: %p %!status!", ConnectObject, status));
  228. goto cleanup;
  229. }
  231. SmbInitAsyncContext(
  232. (PSMB_ASYNC_CONTEXT)Context,
  233. (PSMB_TDI_COMPLETION)SmbGetHostCompletion,
  234. ConnectObject,
  235. SmbCfg.DnsTimeout
  236. );
  238. Context->pUnicodeAddress = pUnicodeAddress;
  239. Context->FQDN.Buffer = (WCHAR*)(((PUCHAR)Context) + ALIGN(sizeof(SMB_GETHOST_CONTEXT)));
  240. Context->FQDN.Length = 0;
  241. Context->FQDN.MaximumLength = DNS_NAME_BUFFER_LENGTH * sizeof(WCHAR);
  242. RemoteName = pUnicodeAddress->RemoteName;
  244. SmbTrace (SMB_TRACE_CONNECT, ("%p: Resolving %Z", ConnectObject, &RemoteName));
  245. SmbPrint (SMB_TRACE_CONNECT, ("%p: Resolving %Z\n", ConnectObject, &RemoteName));
  246. SmbAsyncGetHostByName(&RemoteName, Context);
  247. return STATUS_PENDING;
  249. cleanup:
  250. ASSERT (NULL == Context);
  251. SmbSessionCompleteRequest(
  252. ConnectObject,
  253. STATUS_BAD_NETWORK_PATH,
  254. 0
  255. );
  256. return STATUS_PENDING;
  257. }
  259. BOOL
  260. IsSmbBoundToOutgoingInterface4(
  261. ULONG DestIp
  262. )
  263. {
  264. NTSTATUS status;
  265. ULONG Metric, OutgoingIfIndex;
  266. KIRQL Irql;
  267. PIP4FASTQUERY FastQuery = NULL;
  268. PLIST_ENTRY entry = NULL;
  269. PSMB_TCP_DEVICE pIf = NULL;
  270. BOOL found = FALSE;
  272. FastQuery = SmbCfg.SmbDeviceObject->Tcp4.FastQuery;
  273. if (NULL == FastQuery) {
  274. return TRUE;
  275. }
  277. if (INVALID_INTERFACE_INDEX == SmbCfg.SmbDeviceObject->Tcp4.LoopbackInterfaceIndex) {
  278. status = ((PIP4FASTQUERY)(FastQuery))(ntohl(INADDR_LOOPBACK), &OutgoingIfIndex, &Metric);
  279. if (status == STATUS_SUCCESS) {
  280. SmbCfg.SmbDeviceObject->Tcp4.LoopbackInterfaceIndex = OutgoingIfIndex;
  281. SmbPrint(SMB_TRACE_TCP, ("Loopback Interface Index = %d\n", OutgoingIfIndex));
  282. SmbTrace(SMB_TRACE_TCP, ("Loopback Interface Index = %d", OutgoingIfIndex));
  283. } else {
  284. SmbPrint(SMB_TRACE_TCP, ("Query loopback Interface Index returns 0x%08lx\n", status));
  285. SmbTrace(SMB_TRACE_TCP, ("Query loopback Interface Index returns %!status!", status));
  286. SmbCfg.SmbDeviceObject->Tcp4.LoopbackInterfaceIndex = INVALID_INTERFACE_INDEX;
  287. }
  288. }
  290. status = (FastQuery)(DestIp, &OutgoingIfIndex, &Metric);
  291. if (STATUS_SUCCESS != status || OutgoingIfIndex == INVALID_INTERFACE_INDEX) {
  292. //
  293. // TCP cannot find a route, return TRUE anyway
  294. //
  295. return TRUE;
  296. }
  298. if (OutgoingIfIndex == SmbCfg.SmbDeviceObject->Tcp4.LoopbackInterfaceIndex) {
  299. //
  300. // This is a local address
  301. //
  302. return TRUE;
  303. }
  305. //
  306. // This is a remote address
  307. //
  308. found = FALSE;
  309. SMB_ACQUIRE_SPINLOCK(&SmbCfg, Irql);
  310. entry = SmbCfg.IPDeviceList.Flink;
  311. while(entry != &SmbCfg.IPDeviceList) {
  312. pIf = CONTAINING_RECORD(entry, SMB_TCP_DEVICE, Linkage);
  313. entry = entry->Flink;
  315. if (pIf->InterfaceIndex != OutgoingIfIndex) {
  316. continue;
  317. }
  318. if (pIf->PrimaryIpAddress.sin_family == SMB_AF_INET && pIf->PrimaryIpAddress.ip4.sin4_addr) {
  319. found = pIf->EnableOutbound;
  320. break;
  321. }
  322. }
  323. SMB_RELEASE_SPINLOCK(&SmbCfg, Irql);
  324. return found;
  325. }
  327. VOID
  328. SmbCompleteConnectAttempts (
  329. PSMB_CONNECT_CONTEXT pSmbConnectContext
  330. )
  331. /*++
  333. Routine Description:
  335. Complete the connect attempts
  337. Arguments:
  339. Return Value:
  341. --*/
  342. {
  343. PSMB_GETHOST_CONTEXT pSmbGetHostContext = pSmbConnectContext->pSmbGetHostContext;
  344. PSMB_CONNECT ConnectObject = (PSMB_CONNECT)pSmbGetHostContext->ClientContext;
  345. NTSTATUS status = pSmbConnectContext->status;
  347. //
  348. // Set the proper status
  349. //
  350. if (pSmbConnectContext->usCurrentIP >= pSmbGetHostContext->ipaddr_num &&
  351. STATUS_INSUFFICIENT_RESOURCES != status) {
  352. status = STATUS_BAD_NETWORK_PATH;
  353. }
  355. SmbSessionCompleteRequest(ConnectObject, status, 0);
  357. ExFreePool(pSmbGetHostContext);
  358. ExFreePool(pSmbConnectContext);
  359. }
  362. VOID
  363. SmbDelayedStartTcpSession (
  364. IN PDEVICE_OBJECT pDeviceObject,
  365. IN PVOID pContext
  366. )
  367. {
  368. PSMB_CONNECT_CONTEXT pSmbConnectContext = pContext;
  370. PAGED_CODE();
  372. IoFreeWorkItem (pSmbConnectContext->pIoWorkItem);
  373. pSmbConnectContext->pIoWorkItem = NULL;
  375. SmbStartTcpSession (pSmbConnectContext);
  376. }
  379. void
  380. SmbStartTcpSessionCompletion(
  381. PSMB_CONNECT_CONTEXT pSmbConnectContext
  382. )
  383. /*++
  385. Routine Description:
  387. This routine will be called after TCP level session setup is finished.
  389. Arguments:
  391. Return Value:
  393. --*/
  394. {
  395. PSMB_GETHOST_CONTEXT pSmbGetHostContext = pSmbConnectContext->pSmbGetHostContext;
  396. PSMB_CONNECT ConnectObject = (PSMB_CONNECT)pSmbConnectContext->ClientContext;
  397. KIRQL Irql = 0;
  398. PSMB_TCP_CONTEXT pTcpContext = NULL;
  399. NTSTATUS status = STATUS_SUCCESS;
  401. SmbTrace (SMB_TRACE_CONNECT, ("TcpSession Complete: %p %!status!", ConnectObject, pSmbConnectContext->status));
  402. SmbPrint (SMB_TRACE_CONNECT, ("TcpSession Complete: %p %08lx\n", ConnectObject, pSmbConnectContext->status));
  404. switch (pSmbConnectContext->status) {
  405. case STATUS_SUCCESS:
  406. case STATUS_INSUFFICIENT_RESOURCES:
  407. case STATUS_CANCELLED:
  408. goto done;
  409. }
  411. //
  412. // Advance to the next IP address
  413. //
  414. pSmbConnectContext->usCurrentIP++;
  415. if (pSmbConnectContext->usCurrentIP >= pSmbGetHostContext->ipaddr_num) {
  416. goto done;
  417. }
  419. SMB_ACQUIRE_SPINLOCK(ConnectObject, Irql);
  420. pTcpContext = ConnectObject->TcpContext;
  421. ConnectObject->TcpContext = NULL;
  422. SMB_RELEASE_SPINLOCK(ConnectObject, Irql);
  423. SmbDelayedDestroyTcpContext (pTcpContext);
  425. status = SmbQueueStartTcpSession(pSmbConnectContext);
  427. if (STATUS_SUCCESS != status) {
  428. pSmbConnectContext->status = status;
  429. goto done;
  430. }
  431. return;
  433. done:
  434. SmbCompleteConnectAttempts (pSmbConnectContext);
  435. }
  437. NTSTATUS
  438. SmbQueueStartTcpSession (
  439. IN PSMB_CONNECT_CONTEXT pSmbConnectContext
  440. )
  441. {
  442. PIO_WORKITEM pIoWorkItem = NULL;
  443. NTSTATUS status = STATUS_SUCCESS;
  445. pIoWorkItem = IoAllocateWorkItem ((PDEVICE_OBJECT)SmbCfg.SmbDeviceObject);
  446. if (NULL == pIoWorkItem) {
  447. status = STATUS_INSUFFICIENT_RESOURCES;
  448. goto done;
  449. }
  451. pSmbConnectContext->pIoWorkItem = pIoWorkItem;
  452. IoQueueWorkItem (
  453. pIoWorkItem,
  454. SmbDelayedStartTcpSession,
  455. DelayedWorkQueue,
  456. pSmbConnectContext
  457. );
  459. done:
  461. return status;
  462. }
  465. VOID
  466. SmbStartTcpSession (
  467. PSMB_CONNECT_CONTEXT pSmbConnectContext
  468. )
  469. {
  470. PSMB_GETHOST_CONTEXT pSmbGetHostContext = pSmbConnectContext->pSmbGetHostContext;
  471. PSMB_CONNECT ConnectObject = (PSMB_CONNECT)pSmbGetHostContext->ClientContext;
  472. NTSTATUS status = STATUS_SUCCESS;
  473. PSMB_TCP_CONTEXT TcpContext = NULL;
  474. USHORT Port;
  475. PSMB_IP_ADDRESS pSmbIpAddress = NULL;
  476. BOOLEAN bTryAllocateResource = FALSE;
  477. KIRQL Irql = 0;
  479. ASSERT (KeGetCurrentIrql() == PASSIVE_LEVEL);
  481. ASSERT (ConnectObject->TcpContext == NULL);
  483. for (
  484. TcpContext = NULL, bTryAllocateResource = FALSE;
  485. pSmbConnectContext->usCurrentIP < pSmbGetHostContext->ipaddr_num;
  486. pSmbConnectContext->usCurrentIP++
  487. ) {
  489. pSmbIpAddress = &pSmbGetHostContext->ipaddr[pSmbConnectContext->usCurrentIP];
  490. switch (pSmbIpAddress->sin_family) {
  491. case SMB_AF_INET:
  492. if (SmbCfg.Tcp4Available &&
  493. IsSmbBoundToOutgoingInterface4(pSmbIpAddress->ip4.sin4_addr)) {
  495. TcpContext = SmbAllocateOutbound(&ConnectObject->Device->Tcp4);
  496. Port = ConnectObject->Device->Tcp4.Port;
  497. ConnectObject->FastSend = ConnectObject->Device->Tcp4.FastSend;
  498. bTryAllocateResource = TRUE;
  500. SmbTrace (SMB_TRACE_CONNECT, ("%p: try %d-th IP address: %!ipaddr!",
  501. ConnectObject,
  502. pSmbConnectContext->usCurrentIP + 1,
  503. pSmbIpAddress->ip4.sin4_addr));
  504. SmbPrint (SMB_TRACE_CONNECT, ("%p: try %d-th IP address: IPv4\n",
  505. ConnectObject,
  506. pSmbConnectContext->usCurrentIP + 1));
  507. } else {
  508. SmbTrace (SMB_TRACE_CONNECT, ("%p: skip %d-th IP address: %!ipaddr!",
  509. ConnectObject,
  510. pSmbConnectContext->usCurrentIP + 1,
  511. pSmbIpAddress->ip4.sin4_addr));
  512. SmbPrint (SMB_TRACE_CONNECT, ("%p: skip %d-th IP address: IPv4\n",
  513. ConnectObject,
  514. pSmbConnectContext->usCurrentIP + 1));
  516. }
  517. break;
  519. case SMB_AF_INET6:
  520. if (SmbCfg.Tcp6Available &&
  521. (SmbCfg.bIPv6EnableOutboundGlobal ||
  522. SMB_IS_ADDRESS_ALLOWED(pSmbIpAddress->ip6.sin6_addr_bytes))) {
  524. TcpContext = SmbAllocateOutbound(&ConnectObject->Device->Tcp6);
  525. Port = ConnectObject->Device->Tcp6.Port;
  526. ConnectObject->FastSend = ConnectObject->Device->Tcp6.FastSend;
  527. bTryAllocateResource = TRUE;
  529. SmbTrace (SMB_TRACE_CONNECT, ("%p: try %d-th IP address: %!IPV6ADDR!",
  530. ConnectObject,
  531. pSmbConnectContext->usCurrentIP + 1,
  532. (PVOID)pSmbIpAddress->ip6.sin6_addr
  533. ));
  535. } else {
  536. SmbTrace (SMB_TRACE_CONNECT, ("%p: skip %d-th IP address: %!IPV6ADDR!",
  537. ConnectObject,
  538. pSmbConnectContext->usCurrentIP + 1,
  539. (PVOID)pSmbIpAddress->ip6.sin6_addr
  540. ));
  541. }
  542. break;
  544. default:
  545. ASSERT (0);
  546. break;
  547. }
  549. if (NULL != TcpContext) {
  550. break;
  551. }
  552. }
  554. if (NULL == TcpContext) {
  555. status = (bTryAllocateResource)? STATUS_INSUFFICIENT_RESOURCES: STATUS_BAD_NETWORK_PATH;
  556. goto cleanup;
  557. }
  559. ASSERT (pSmbConnectContext->usCurrentIP < pSmbGetHostContext->ipaddr_num);
  561. SMB_ACQUIRE_SPINLOCK(ConnectObject, Irql);
  562. ConnectObject->TcpContext = TcpContext;
  563. ConnectObject->StateRcvHandler = WaitingHeader;
  564. ConnectObject->HeaderBytesRcved = 0;
  565. TcpContext->Connect.pLastUprCnt = TcpContext->Connect.UpperConnect = ConnectObject;
  566. SMB_RELEASE_SPINLOCK(ConnectObject, Irql);
  568. //
  569. // TBD: SmbAsyncConnect should honor the timeout
  570. //
  571. SmbInitAsyncContext(
  572. (PSMB_ASYNC_CONTEXT)pSmbConnectContext,
  573. (PSMB_TDI_COMPLETION)SmbStartTcpSessionCompletion,
  574. ConnectObject,
  575. 5000 // 5 seconds timeout. It is not honored by SmbAysncConnect
  576. );
  577. ConnectObject->RemoteIpAddress = pSmbIpAddress[0];
  579. pSmbConnectContext->TcpConnect = TcpContext->Connect;
  580. SmbAsyncConnect(
  581. pSmbIpAddress,
  582. Port,
  583. pSmbConnectContext
  584. );
  586. return;
  588. cleanup:
  589. ASSERT (pSmbConnectContext->usCurrentIP >= pSmbGetHostContext->ipaddr_num);
  590. ASSERT (status != STATUS_SUCCESS);
  592. pSmbConnectContext->status = status;
  593. SmbCompleteConnectAttempts (pSmbConnectContext);
  594. }
  596. void
  597. SmbGetHostCompletion(
  598. PSMB_GETHOST_CONTEXT Context
  599. )
  600. /*++
  602. Routine Description:
  604. This routine will be called after we get a result for dns name resolution
  606. Arguments:
  608. Return Value:
  610. --*/
  611. {
  612. PSMB_CONNECT ConnectObject = (PSMB_CONNECT)Context->ClientContext;
  613. NTSTATUS status = Context->status;
  614. PSMB_CONNECT_CONTEXT pSmbConnectContext = NULL;
  616. ASSERT(NULL != ConnectObject);
  617. SmbTrace (SMB_TRACE_CONNECT, ("%p: name resolution completed with %!status!", ConnectObject, status));
  618. SmbPrint (SMB_TRACE_CONNECT, ("%p: name resolution completed with %08lx\n", ConnectObject, status));
  619. if (STATUS_SUCCESS != status) {
  620. if (status != STATUS_CANCELLED) {
  621. status = STATUS_BAD_NETWORK_PATH;
  622. }
  623. goto cleanup;
  624. }
  626. pSmbConnectContext = (PSMB_CONNECT_CONTEXT)ExAllocatePoolWithTag(
  627. NonPagedPool,
  628. sizeof(SMB_CONNECT_CONTEXT),
  629. 'sBMS'
  630. );
  631. if (NULL == pSmbConnectContext) {
  632. status = STATUS_INSUFFICIENT_RESOURCES;
  633. goto cleanup;
  634. }
  636. RtlZeroMemory (pSmbConnectContext, sizeof(SMB_CONNECT_CONTEXT));
  637. pSmbConnectContext->ClientContext = ConnectObject;
  638. pSmbConnectContext->usCurrentIP = 0;
  639. pSmbConnectContext->pSmbGetHostContext = Context;
  640. pSmbConnectContext->pIoWorkItem = NULL;
  642. SmbTrace (SMB_TRACE_CONNECT, ("%p: find %d IP address", ConnectObject, Context->ipaddr_num));
  643. SmbPrint (SMB_TRACE_CONNECT, ("%p: find %d IP address\n", ConnectObject, Context->ipaddr_num));
  644. status = SmbQueueStartTcpSession(pSmbConnectContext);
  645. if (STATUS_SUCCESS != status) {
  646. goto cleanup;
  647. }
  648. return;
  650. cleanup:
  651. if (NULL != Context) {
  652. ExFreePool(Context);
  653. }
  654. if (NULL != pSmbConnectContext) {
  655. ExFreePool(pSmbConnectContext);
  656. }
  657. SmbSessionCompleteRequest(ConnectObject, status, 0);
  658. }
  661. NTSTATUS
  662. DisconnDone(
  663. IN PDEVICE_OBJECT DeviceObject,
  664. IN PIRP Irp,
  665. IN PSMB_TCP_CONTEXT TcpContext
  666. )
  667. {
  668. KIRQL Irql;
  669. PSMB_DEVICE SmbDevice;
  671. SmbDevice = SmbCfg.SmbDeviceObject;
  673. ASSERT(TcpContext->DisconnectIrp == Irp);
  674. SMB_ACQUIRE_SPINLOCK(SmbDevice, Irql);
  675. ASSERT(EntryIsInList(&SmbDevice->PendingDisconnectList, &TcpContext->Linkage));
  676. RemoveEntryList(&TcpContext->Linkage);
  677. InitializeListHead(&TcpContext->Linkage);
  678. SmbDevice->PendingDisconnectListNumber--;
  679. ASSERT(SmbDevice->PendingDisconnectListNumber >= 0);
  680. TcpContext->DisconnectIrp = NULL;
  681. if (IsListEmpty(&SmbDevice->PendingDisconnectList)) {
  682. KeSetEvent(&SmbDevice->PendingDisconnectListEmptyEvent, 0, FALSE);
  683. ASSERT(SmbDevice->PendingDisconnectListNumber == 0);
  684. }
  685. SMB_RELEASE_SPINLOCK(SmbDevice, Irql);
  687. if (Irp->IoStatus.Status == STATUS_SUCCESS) {
  688. SmbFreeTcpContext(TcpContext);
  689. } else {
  690. SmbDelayedDestroyTcpContext(TcpContext);
  691. }
  693. SmbFreeIrp(Irp);
  694. return STATUS_MORE_PROCESSING_REQUIRED;
  695. }
  697. NTSTATUS
  698. SmbAsynchTcpDisconnect(
  699. PSMB_TCP_CONTEXT TcpContext,
  700. ULONG Flags
  701. )
  702. {
  703. PIRP Irp;
  704. PFILE_OBJECT FileObject;
  705. PDEVICE_OBJECT DeviceObject;
  706. NTSTATUS status;
  708. FileObject = TcpContext->Connect.ConnectObject;
  709. if (NULL == FileObject) {
  710. ASSERT (0);
  711. SmbTrace(SMB_TRACE_TCP, ("NULL FileObject !!!!"));
  712. return STATUS_INVALID_PARAMETER;
  713. }
  715. DeviceObject = IoGetRelatedDeviceObject(FileObject);
  716. Irp = SmbAllocIrp(DeviceObject->StackSize);
  717. if (NULL == Irp) {
  718. SmbTrace(SMB_TRACE_TCP, ("no free IRP !!!!"));
  719. return STATUS_INSUFFICIENT_RESOURCES;
  720. }
  722. TcpContext->DisconnectIrp = Irp;
  723. TdiBuildDisconnect(
  724. Irp,
  725. DeviceObject,
  726. FileObject,
  727. (PIO_COMPLETION_ROUTINE)DisconnDone,
  728. TcpContext,
  729. NULL,
  730. Flags,
  731. NULL,
  732. NULL
  733. );
  735. status = IoCallDriver(DeviceObject, Irp);
  737. SmbTrace (SMB_TRACE_CONNECT, ("return %!status!", status));
  738. return STATUS_PENDING;
  739. }
  741. VOID
  742. SmbDelayedDisconnectTcp(
  743. IN PSMB_DEVICE DeviceObject,
  744. IN PIO_WORKITEM WorkItem
  745. )
  746. {
  747. KIRQL Irql;
  748. PLIST_ENTRY entry;
  749. NTSTATUS status;
  750. ULONG DisconnectFlag;
  752. PSMB_TCP_CONTEXT TcpContext;
  754. PAGED_CODE();
  756. ASSERT (DeviceObject->DisconnectWorkerRunning == TRUE);
  758. while(1) {
  759. SMB_ACQUIRE_SPINLOCK(DeviceObject, Irql);
  760. if (IsListEmpty(&DeviceObject->DelayedDisconnectList)) {
  761. SMB_RELEASE_SPINLOCK(DeviceObject, Irql);
  762. DeviceObject->DisconnectWorkerRunning = FALSE;
  763. break;
  764. }
  765. entry = RemoveHeadList(&DeviceObject->DelayedDisconnectList);
  766. InsertTailList(&DeviceObject->PendingDisconnectList, entry);
  767. DeviceObject->PendingDisconnectListNumber++;
  768. SMB_RELEASE_SPINLOCK(DeviceObject, Irql);
  770. TcpContext = CONTAINING_RECORD(entry, SMB_TCP_CONTEXT, Linkage);
  772. //
  773. // FIN attacking detection and protection
  774. // The idea is couting the disconnect request pending in TCP.
  775. // If we found extraodinary high number of disconnect request pending
  776. // in TCP, use abort instead of graceful disconnect for the remaining
  777. // disconnect request.
  778. //
  779. ASSERT(DeviceObject->EnterFAPM > DeviceObject->LeaveFAPM);
  780. ASSERT(DeviceObject->LeaveFAPM > 0);
  781. if (DeviceObject->PendingDisconnectListNumber >= DeviceObject->EnterFAPM) {
  782. DeviceObject->FinAttackProtectionMode = TRUE;
  783. }
  784. if (DeviceObject->PendingDisconnectListNumber <= DeviceObject->LeaveFAPM) {
  785. DeviceObject->FinAttackProtectionMode = FALSE;
  786. }
  787. if (DeviceObject->FinAttackProtectionMode) {
  788. DisconnectFlag = TDI_DISCONNECT_ABORT;
  789. } else {
  790. DisconnectFlag = TDI_DISCONNECT_RELEASE;
  791. }
  792. status = SmbAsynchTcpDisconnect(TcpContext, DisconnectFlag);
  793. if (status == STATUS_PENDING) {
  794. continue;
  795. }
  797. //
  798. // Should be out of resources. Put it back to the DelayedDisconnectList and
  799. // wait for the next round. (Resource may be available at that time)
  800. //
  801. ASSERT(status == STATUS_INSUFFICIENT_RESOURCES);
  802. SMB_ACQUIRE_SPINLOCK(DeviceObject, Irql);
  803. RemoveEntryList(entry);
  804. InsertTailList(&DeviceObject->DelayedDisconnectList, entry);
  805. SMB_RELEASE_SPINLOCK(DeviceObject, Irql);
  806. }
  807. IoFreeWorkItem(WorkItem);
  809. SMB_ACQUIRE_SPINLOCK(DeviceObject, Irql);
  810. if (IsListEmpty(&DeviceObject->PendingDisconnectList)) {
  811. KeSetEvent(&DeviceObject->PendingDisconnectListEmptyEvent, 0, FALSE);
  812. ASSERT(DeviceObject->PendingDisconnectListNumber == 0);
  813. } else {
  814. KeResetEvent(&DeviceObject->PendingDisconnectListEmptyEvent);
  815. }
  816. SMB_RELEASE_SPINLOCK(DeviceObject, Irql);
  817. }
  819. NTSTATUS
  820. SmbQueueDisconnectWorkItem(
  821. IN PSMB_DEVICE DeviceObject,
  822. IN PSMB_TCP_CONTEXT TcpContext
  823. )
  824. {
  825. PIO_WORKITEM WorkItem;
  827. //
  828. // The DeviceObject's spinlock should be held
  829. //
  830. ASSERT (KeGetCurrentIrql() == DISPATCH_LEVEL);
  832. InsertTailList(&DeviceObject->DelayedDisconnectList, &TcpContext->Linkage);
  834. //
  835. // Be nice to others!!! Don't start too many worker threads
  836. //
  837. if (!DeviceObject->DisconnectWorkerRunning) {
  839. //
  840. // This is not a critical error.
  841. // Since we have queued the Tcp endpoint in our list, we can
  842. // handle the termporarily out of resource.
  843. // If the resource is temporarily unavailable, we can fire another
  844. // work item the next time this routine is called. The only downside
  845. // is that the disconnecting could be delayed for longer time.
  846. //
  847. WorkItem = IoAllocateWorkItem(&DeviceObject->DeviceObject);
  848. if (NULL == WorkItem) {
  849. return STATUS_INSUFFICIENT_RESOURCES;
  850. }
  852. DeviceObject->DisconnectWorkerRunning = TRUE;
  853. IoQueueWorkItem(
  854. WorkItem,
  855. (PIO_WORKITEM_ROUTINE)SmbDelayedDisconnectTcp,
  856. DelayedWorkQueue,
  857. WorkItem
  858. );
  859. }
  860. return STATUS_SUCCESS;
  861. }
  863. VOID
  864. SmbDisconnectCleanup(
  865. IN PSMB_DEVICE DeviceObject,
  866. IN PSMB_CLIENT_ELEMENT ClientObject,
  867. IN PSMB_CONNECT ConnectObject,
  868. IN PSMB_TCP_CONTEXT TcpContext,
  869. IN DWORD dwFlag,
  870. IN BOOL bWait
  871. )
  872. /*++
  874. Routine Description:
  876. Cleanup the connection object.
  878. Arguments:
  880. Return Value:
  882. --*/
  883. {
  884. PIRP PendingIrp = NULL;
  885. LIST_ENTRY PendingIrpList = { NULL };
  886. KIRQL Irql = 0;
  887. NTSTATUS status = STATUS_SUCCESS;
  889. ASSERT(ConnectObject->TcpContext == NULL);
  890. ASSERT(ClientObject != NULL);
  892. //
  893. // Grab the global lock to synchronize with TdiAcceptCompletion
  894. //
  895. SMB_ACQUIRE_SPINLOCK(DeviceObject, Irql);
  896. SMB_ACQUIRE_SPINLOCK_DPC(ClientObject);
  897. SMB_ACQUIRE_SPINLOCK_DPC(ConnectObject);
  899. KeRemoveQueueDpc(&ConnectObject->SmbHeaderDpc);
  900. ConnectObject->State = SMB_IDLE;
  901. ConnectObject->DpcRequestQueued = FALSE;
  903. //
  904. // If the TDI_ACCEPT is still pending, remove it now.
  905. // TBD: wait for the completion of TDI accept
  906. //
  907. if (ConnectObject->PendingIRPs[SMB_PENDING_ACCEPT]) {
  909. ConnectObject->PendingIRPs[SMB_PENDING_ACCEPT] = NULL;
  910. ASSERT (EntryIsInList(&ClientObject->PendingAcceptConnection, &ConnectObject->Linkage));
  912. //
  913. // This has to be non NULL so that we can set TcpContext->Connect.UpperConenct to NULL
  914. // below and synchronize with TdiAcceptCompletion
  915. //
  916. ASSERT (TcpContext);
  917. ASSERT (ClientObject->PendingAcceptNumber > 0);
  918. ASSERT (ClientObject == SmbCfg.SmbDeviceObject->SmbServer);
  919. ASSERT (!ConnectObject->Originator);
  921. ClientObject->PendingAcceptNumber--;
  922. SmbDereferenceConnect(ConnectObject, SMB_REF_CONNECT);
  924. } else {
  925. ASSERT (!EntryIsInList(&ClientObject->PendingAcceptConnection, &ConnectObject->Linkage));
  926. }
  928. RemoveEntryList(&ConnectObject->Linkage);
  929. InsertTailList(&ClientObject->AssociatedConnection, &ConnectObject->Linkage);
  931. if (NULL != TcpContext) {
  932. TcpContext->Connect.UpperConnect = NULL;
  933. if (!bWait) {
  934. if (TcpContext->Address.AddressHandle == NULL) {
  935. SmbQueueDisconnectWorkItem (ConnectObject->Device, TcpContext);
  936. } else {
  937. //
  938. // For outbound request, we got to destroy it because
  939. // TCP doesn't support reusing.
  940. //
  941. SmbDelayedDestroyTcpContext(TcpContext);
  942. }
  943. TcpContext = NULL;
  944. }
  945. }
  947. //
  948. // Move all the pending Irps to another linked list
  949. // REVIEW: what to do with the PendingIRPs[SMB_PENDING_RECEIVE]?
  950. //
  951. InitializeListHead (&PendingIrpList);
  952. if (NULL != ConnectObject->ClientIrp && !ConnectObject->PendingIRPs[SMB_PENDING_RECEIVE]) {
  953. InsertTailList (&PendingIrpList, &ConnectObject->ClientIrp->Tail.Overlay.ListEntry);
  954. ConnectObject->ClientIrp = NULL;
  955. }
  957. while (!IsListEmpty(&ConnectObject->RcvList)) {
  958. PLIST_ENTRY entry;
  960. entry = RemoveHeadList(&ConnectObject->RcvList);
  961. PendingIrp = CONTAINING_RECORD(entry, IRP, Tail.Overlay.ListEntry);
  962. InsertTailList (&PendingIrpList, &PendingIrp->Tail.Overlay.ListEntry);
  963. }
  964. InitializeListHead (&ConnectObject->RcvList);
  966. SMB_RELEASE_SPINLOCK_DPC(ConnectObject);
  967. SMB_RELEASE_SPINLOCK_DPC(ClientObject);
  968. SMB_RELEASE_SPINLOCK(DeviceObject, Irql);
  970. //
  971. // We have disassociate all the pending IRPs from the ConnectObject.
  972. // The ConnectObject can be reused from now on. Now we complete all
  973. // the pending IRPs.
  974. //
  975. while (!IsListEmpty(&PendingIrpList)) {
  976. PLIST_ENTRY entry;
  978. entry = RemoveHeadList(&PendingIrpList);
  979. PendingIrp = CONTAINING_RECORD(entry, IRP, Tail.Overlay.ListEntry);
  981. IoAcquireCancelSpinLock(&Irql);
  982. IoSetCancelRoutine(PendingIrp, NULL);
  983. IoReleaseCancelSpinLock(Irql);
  985. PendingIrp->IoStatus.Status = STATUS_CONNECTION_RESET;
  986. PendingIrp->IoStatus.Information = 0;
  988. IoCompleteRequest(PendingIrp, IO_NETWORK_INCREMENT);
  989. }
  991. //
  992. // Handling the synchronous disconnect case
  993. //
  994. if (NULL != TcpContext) {
  995. ASSERT (bWait);
  997. ASSERT (dwFlag == TDI_DISCONNECT_RELEASE || dwFlag == TDI_DISCONNECT_ABORT);
  999. //
  1000. // Issue synchronous disconnection
  1001. //
  1002. status = SmbTcpDisconnect(
  1003. TcpContext,
  1004. 1000, // 1 second time out
  1005. dwFlag
  1006. );
  1007. if (STATUS_SUCCESS != status || TcpContext->Address.AddressHandle != NULL) {
  1008. SmbDelayedDestroyTcpContext(TcpContext);
  1009. } else {
  1010. SmbFreeTcpContext(TcpContext);
  1011. }
  1012. }
  1013. }
  1015. NTSTATUS
  1016. SmbDoDisconnect(
  1017. PSMB_CONNECT ConnectObject
  1018. )
  1019. {
  1020. PSMB_TCP_CONTEXT TcpContext = NULL;
  1021. PSMB_CLIENT_ELEMENT ClientObject = NULL;
  1022. KIRQL Irql;
  1023. NTSTATUS status;
  1025. PAGED_CODE();
  1027. SMB_ACQUIRE_SPINLOCK(&SmbCfg, Irql);
  1028. SMB_ACQUIRE_SPINLOCK_DPC(ConnectObject);
  1030. TcpContext = ConnectObject->TcpContext;
  1031. ClientObject = ConnectObject->ClientObject;
  1032. ConnectObject->TcpContext = NULL;
  1033. ConnectObject->State = SMB_IDLE;
  1035. SMB_RELEASE_SPINLOCK_DPC(ConnectObject);
  1036. SMB_RELEASE_SPINLOCK(&SmbCfg, Irql);
  1038. SmbPrint(SMB_TRACE_CALL, ("DoDisconnect: Connect %p\n", ConnectObject));
  1039. SaveDisconnectOriginator(ConnectObject, SMB_DISCONNECT_FROM_CLIENT);
  1041. if (NULL != TcpContext) {
  1042. ASSERT (NULL != ClientObject);
  1044. //
  1045. // Wait for the tcp-layer disconnect completion since
  1046. // the disconnection is generated by our clients.
  1047. //
  1048. SmbDisconnectCleanup(ConnectObject->Device, ClientObject,
  1049. ConnectObject, TcpContext, TDI_DISCONNECT_RELEASE, TRUE);
  1051. ASSERT(ConnectObject->State == SMB_IDLE);
  1052. }
  1054. return STATUS_SUCCESS;
  1055. }
  1057. NTSTATUS
  1058. SmbDisconnect(
  1059. PSMB_DEVICE Device,
  1060. PIRP Irp
  1061. )
  1062. /*++
  1064. Routine Description:
  1066. TDI_DISCONNECT
  1067. To be implement.
  1069. Arguments:
  1071. Return Value:
  1073. --*/
  1074. {
  1075. PIO_STACK_LOCATION IrpSp = NULL;
  1076. PSMB_CONNECT ConnectObject = NULL;
  1078. PAGED_CODE();
  1080. IrpSp = IoGetCurrentIrpStackLocation(Irp);
  1081. ConnectObject = SmbVerifyAndReferenceConnect(IrpSp->FileObject, SMB_REF_DISCONNECT);
  1082. if (NULL == ConnectObject) {
  1083. ASSERT(0);
  1084. return STATUS_INVALID_HANDLE;
  1085. }
  1087. SmbTrace (SMB_TRACE_CONNECT, ("TDI_DISCONNECT: pIrp %p ConnOb %p", Irp, ConnectObject));
  1089. SmbDoDisconnect(ConnectObject);
  1091. SmbDereferenceConnect(ConnectObject, SMB_REF_DISCONNECT);
  1092. return STATUS_SUCCESS;
  1093. }
  1095. void
  1096. SmbSessionCompleteRequest(
  1097. PSMB_CONNECT ConnectObject,
  1098. NTSTATUS status,
  1099. DWORD information
  1100. )
  1101. /*++
  1103. Routine Description:
  1105. Complete a pending session request and cleanup the connection
  1107. Note: we don't cleanup the Tcp level connection here since we could be
  1108. called at DISPATCH_LEVEL. Instead, we leave tcp connections alive.
  1109. the cleanup will be done when the client actually disassociate or
  1110. close the connection.
  1112. We can reuse the tcp connection if the client reattempt to make
  1113. another connection.
  1115. Arguments:
  1117. --*/
  1118. {
  1119. PIRP Irp = NULL;
  1120. KIRQL Irql;
  1121. PIO_STACK_LOCATION IrpSp = NULL;
  1122. PSMB_CLIENT_ELEMENT ClientObject = NULL;
  1123. PSMB_TCP_CONTEXT TcpContext = NULL;
  1125. SmbTrace (SMB_TRACE_CONNECT, ("complete TDI_CONNECT: %p %!status!", ConnectObject, status));
  1126. SmbPrint (SMB_TRACE_CONNECT, ("complete TDI_CONNECT: %p %08lx\n", ConnectObject, status));
  1128. ClientObject = ConnectObject->ClientObject;
  1129. ASSERT(NULL != ClientObject);
  1130. if (NULL == ClientObject && status == STATUS_SUCCESS) {
  1131. status = STATUS_INTERNAL_ERROR;
  1132. }
  1134. SMB_ACQUIRE_SPINLOCK(&SmbCfg, Irql);
  1135. if (ClientObject) {
  1136. SMB_ACQUIRE_SPINLOCK_DPC(ClientObject);
  1137. }
  1138. SMB_ACQUIRE_SPINLOCK_DPC(ConnectObject);
  1139. Irp = ConnectObject->PendingIRPs[SMB_PENDING_CONNECT];
  1140. ConnectObject->PendingIRPs[SMB_PENDING_CONNECT] = NULL;
  1141. if (status == STATUS_SUCCESS) {
  1142. ConnectObject->State = SMB_CONNECTED;
  1143. RemoveEntryList(&ConnectObject->Linkage);
  1144. InsertTailList(&ClientObject->ActiveConnection, &ConnectObject->Linkage);
  1145. TcpContext = NULL;
  1146. } else {
  1147. ConnectObject->State = SMB_IDLE;
  1148. TcpContext = ConnectObject->TcpContext;
  1149. ConnectObject->TcpContext = NULL;
  1150. if (TcpContext) {
  1151. TcpContext->Connect.UpperConnect = NULL;
  1152. }
  1153. }
  1154. SMB_RELEASE_SPINLOCK_DPC(ConnectObject);
  1155. if (ClientObject) {
  1156. SMB_RELEASE_SPINLOCK_DPC(ClientObject);
  1157. }
  1158. SMB_RELEASE_SPINLOCK(&SmbCfg, Irql);
  1160. if (STATUS_CONNECTION_ACTIVE == status) {
  1161. //
  1162. // RDR could bugcheck if returning STATUS_CONNECTION_ACTIVE
  1163. //
  1164. ASSERT(0);
  1165. status = STATUS_BAD_NETWORK_PATH;
  1166. }
  1168. //
  1169. // Don't call SmbFreeOutbound() because the Tcp endpoint could be
  1170. // in some inconsistent state which prohibit from being reused.
  1171. // Simply destroy it!!!
  1172. //
  1173. SmbDelayedDestroyTcpContext(TcpContext);
  1175. ASSERT (STATUS_PENDING != status);
  1177. IoAcquireCancelSpinLock(&Irql);
  1178. IoSetCancelRoutine(Irp, NULL);
  1179. IoReleaseCancelSpinLock(Irql);
  1181. IrpSp = IoGetCurrentIrpStackLocation(Irp);
  1183. Irp->IoStatus.Status = status;
  1184. Irp->IoStatus.Information = information;
  1186. SmbDereferenceConnect(ConnectObject, SMB_REF_CONNECT);
  1187. IoCompleteRequest(Irp, IO_NETWORK_INCREMENT);
  1189. SmbTrace (SMB_TRACE_CONNECT, ("complete TDI_CONNECT: pIrp %p ConnOb %p %!status!",
  1190. Irp, ConnectObject, status));
  1191. }
  1193. NTSTATUS
  1194. FindTdiAddress(
  1195. PVOID TdiAddress,
  1196. ULONG TdiAddressLength,
  1197. USHORT AddressType,
  1198. PVOID *AddressFound,
  1199. PULONG AddressLength
  1200. )
  1201. /*++
  1203. Routine Description:
  1205. This routine search for a particular type of TDI address in a big compound address.
  1207. Arguments:
  1209. Return Value:
  1211. STATUS_SUCCESS if we find one
  1212. Otherwise fail
  1214. --*/
  1215. {
  1216. #define TA_ADDRESS_HEADER_SIZE (FIELD_OFFSET(TA_ADDRESS,Address))
  1217. int i;
  1218. DWORD RemainingBufferLength;
  1219. PTA_ADDRESS pAddress = NULL;
  1220. TRANSPORT_ADDRESS UNALIGNED *pTransportAddr = NULL;
  1222. PAGED_CODE();
  1224. pTransportAddr = (PTRANSPORT_ADDRESS)TdiAddress;
  1225. if (TdiAddressLength < sizeof(pTransportAddr->TAAddressCount)) {
  1226. return STATUS_UNSUCCESSFUL;
  1227. }
  1228. RemainingBufferLength = TdiAddressLength - sizeof(pTransportAddr->TAAddressCount);
  1229. pAddress = (PTA_ADDRESS)pTransportAddr->Address;
  1231. for (i = 0; i < pTransportAddr->TAAddressCount; i++) {
  1232. //
  1233. // First, make sure we can safely access pAddress->AddressLength
  1234. //
  1235. if (RemainingBufferLength < TA_ADDRESS_HEADER_SIZE) {
  1236. return STATUS_INVALID_ADDRESS_COMPONENT;
  1237. }
  1238. RemainingBufferLength -= TA_ADDRESS_HEADER_SIZE;
  1239. if (RemainingBufferLength < pAddress->AddressLength) {
  1240. return STATUS_INVALID_ADDRESS_COMPONENT;
  1241. }
  1243. if (AddressType == pAddress->AddressType) {
  1244. *AddressFound = pAddress->Address;
  1245. *AddressLength = pAddress->AddressLength;
  1246. return STATUS_SUCCESS;
  1247. }
  1249. RemainingBufferLength -= pAddress->AddressLength;
  1250. pAddress = (PTA_ADDRESS)(((PUCHAR)pAddress) + pAddress->AddressLength + TA_ADDRESS_HEADER_SIZE);
  1251. }
  1252. return STATUS_UNSUCCESSFUL;
  1253. }