Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

4166 lines
115 KiB

  1. /*++
  2. Copyright (c) 1990 Microsoft Corporation
  3. Module Name:
  4. bowtdi.c
  5. Abstract:
  6. This module implements all of the routines that interface with the TDI
  7. transport for NT
  8. Author:
  9. Larry Osterman (LarryO) 21-Jun-1990
  10. Revision History:
  11. 21-Jun-1990 LarryO
  12. Created
  13. --*/
  14. #include "precomp.h"
  15. #include <isnkrnl.h>
  16. #include <smbipx.h>
  17. #include <nbtioctl.h>
  18. #pragma hdrstop
  19. typedef struct _ENUM_TRANSPORTS_CONTEXT {
  20. PVOID OutputBuffer;
  21. PVOID OutputBufferEnd;
  22. PVOID LastOutputBuffer; // Points to the last entry in the list.
  23. ULONG OutputBufferSize;
  24. ULONG EntriesRead;
  25. ULONG TotalEntries;
  26. ULONG TotalBytesNeeded;
  27. ULONG_PTR OutputBufferDisplacement;
  28. } ENUM_TRANSPORTS_CONTEXT, *PENUM_TRANSPORTS_CONTEXT;
  29. NTSTATUS
  30. EnumerateTransportsWorker(
  31. IN PTRANSPORT Transport,
  32. IN OUT PVOID Ctx
  33. );
  34. VOID
  35. BowserFreeBrowserServerList (
  36. IN PWSTR *BrowserServerList,
  37. IN ULONG BrowserServerListLength
  38. );
  39. ERESOURCE
  40. BowserTransportDatabaseResource = {0};
  41. //
  42. // Code for tracking missing frees.
  43. //
  44. #define BR_ONE_D_STACK_SIZE 5
  45. typedef struct _BrOneD {
  46. ULONG NameAdded;
  47. ULONG NameFreed;
  48. ULONG NameAddFailed;
  49. ULONG NameFreeFailed;
  50. ULONG NameAddStack[BR_ONE_D_STACK_SIZE];
  51. ULONG NameFreeStack[BR_ONE_D_STACK_SIZE];
  52. } BR_ONE_D;
  53. BR_ONE_D BrOneD;
  54. //
  55. //
  56. // Forward definitions of local routines.
  57. //
  58. NTSTATUS
  59. BowserpTdiSetEventHandler (
  60. IN PDEVICE_OBJECT DeviceObject,
  61. IN PFILE_OBJECT FileObject,
  62. IN ULONG EventType,
  63. IN PVOID EventHandler,
  64. IN PVOID TransportName
  65. );
  66. NTSTATUS
  67. BowserDetermineProviderInformation(
  68. IN PUNICODE_STRING TransportName,
  69. OUT PTDI_PROVIDER_INFO ProviderInfo,
  70. OUT PULONG IpSubnetNumber
  71. );
  72. NTSTATUS
  73. UnbindTransportWorker(
  74. IN PTRANSPORT Transport,
  75. IN OUT PVOID Ctx
  76. );
  77. NTSTATUS
  78. BowserpTdiRemoveAddresses(
  79. IN PTRANSPORT Transport
  80. );
  81. VOID
  82. BowserDeleteTransport(
  83. IN PTRANSPORT Transport
  84. );
  85. VOID
  86. BowserpFreeTransport(
  87. IN PTRANSPORT Transport
  88. );
  89. NTSTATUS
  90. BowserSubmitTdiRequest (
  91. IN PFILE_OBJECT FileObject,
  92. IN PIRP Irp
  93. );
  94. NTSTATUS
  95. BowserCompleteTdiRequest (
  96. IN PDEVICE_OBJECT DeviceObject,
  97. IN PIRP Irp,
  98. IN PVOID Context
  99. );
  100. NTSTATUS
  101. CompleteSendDatagram (
  102. IN PDEVICE_OBJECT DeviceObject,
  103. IN PIRP Irp,
  104. IN PVOID Ctx
  105. );
  106. NTSTATUS
  107. BowserEnableIpxDatagramSocket(
  108. IN PTRANSPORT Transport
  109. );
  110. NTSTATUS
  111. BowserOpenNetbiosAddress(
  112. IN PPAGED_TRANSPORT_NAME PagedTransportName,
  113. IN PTRANSPORT Transport,
  114. IN PBOWSER_NAME Name
  115. );
  116. VOID
  117. BowserCloseNetbiosAddress(
  118. IN PTRANSPORT_NAME TransportName
  119. );
  120. VOID
  121. BowserCloseAllNetbiosAddresses(
  122. IN PTRANSPORT Transport
  123. );
  124. NTSTATUS
  125. BowserSendDatagram (
  126. IN PTRANSPORT Transport,
  127. IN PVOID RecipientAddress,
  128. IN DGRECEIVER_NAME_TYPE NameType,
  129. IN PVOID Buffer,
  130. IN ULONG BufferLength,
  131. IN BOOLEAN WaitForCompletion,
  132. IN PSTRING DestinationAddress OPTIONAL,
  133. IN BOOLEAN IsHostAnnouncment
  134. );
  135. NTSTATUS
  136. OpenIpxSocket (
  137. OUT PHANDLE Handle,
  138. OUT PFILE_OBJECT *FileObject,
  139. OUT PDEVICE_OBJECT *DeviceObject,
  140. IN PUNICODE_STRING DeviceName,
  141. IN USHORT Socket
  142. );
  143. NTSTATUS
  144. BowserIssueTdiAction (
  145. IN PDEVICE_OBJECT DeviceObject,
  146. IN PFILE_OBJECT FileObject,
  147. IN PVOID Action,
  148. IN ULONG ActionSize
  149. );
  150. NTSTATUS
  151. GetNetworkAddress (
  152. IN PTRANSPORT_NAME TransportName
  153. );
  154. #ifdef ALLOC_PRAGMA
  155. #pragma alloc_text(PAGE, BowserTdiAllocateTransport)
  156. #pragma alloc_text(PAGE, BowserUnbindFromAllTransports)
  157. #pragma alloc_text(PAGE, UnbindTransportWorker)
  158. #pragma alloc_text(PAGE, BowserFreeTransportByName)
  159. #pragma alloc_text(PAGE, BowserTransportFlags)
  160. #pragma alloc_text(PAGE, BowserEnumerateTransports)
  161. #pragma alloc_text(PAGE, EnumerateTransportsWorker)
  162. #pragma alloc_text(PAGE, BowserDereferenceTransport)
  163. #pragma alloc_text(PAGE, BowserpTdiRemoveAddresses)
  164. #pragma alloc_text(PAGE, BowserFindTransportName)
  165. #pragma alloc_text(PAGE, BowserFreeTransportName)
  166. #pragma alloc_text(PAGE, BowserDeleteTransport)
  167. #pragma alloc_text(PAGE, BowserpFreeTransport)
  168. #pragma alloc_text(PAGE, BowserpTdiSetEventHandler)
  169. #pragma alloc_text(PAGE, BowserBuildTransportAddress)
  170. #pragma alloc_text(PAGE, BowserUpdateProviderInformation)
  171. #pragma alloc_text(PAGE, BowserDetermineProviderInformation)
  172. #pragma alloc_text(PAGE, BowserFindTransport)
  173. #pragma alloc_text(PAGE, BowserForEachTransport)
  174. #pragma alloc_text(PAGE, BowserForEachTransportName)
  175. #pragma alloc_text(PAGE, BowserDeleteTransportNameByName)
  176. #pragma alloc_text(PAGE, BowserSubmitTdiRequest)
  177. #pragma alloc_text(PAGE, BowserSendDatagram)
  178. #pragma alloc_text(PAGE, BowserSendSecondClassMailslot)
  179. #pragma alloc_text(PAGE, BowserSendRequestAnnouncement)
  180. #pragma alloc_text(INIT, BowserpInitializeTdi)
  181. #pragma alloc_text(PAGE, BowserpUninitializeTdi)
  182. #pragma alloc_text(PAGE, BowserDereferenceTransportName)
  183. #pragma alloc_text(PAGE, BowserEnableIpxDatagramSocket)
  184. #pragma alloc_text(PAGE, BowserOpenNetbiosAddress)
  185. #pragma alloc_text(PAGE, BowserCloseNetbiosAddress)
  186. #pragma alloc_text(PAGE, BowserCloseAllNetbiosAddresses)
  187. #pragma alloc_text(PAGE, OpenIpxSocket)
  188. #pragma alloc_text(PAGE, BowserIssueTdiAction)
  189. #pragma alloc_text(PAGE4BROW, BowserCompleteTdiRequest)
  190. //#pragma alloc_text(PAGE4BROW, CompleteSendDatagram)
  191. #endif
  192. //
  193. // Flag to indicate that a network isn't an IP network
  194. //
  195. #define BOWSER_NON_IP_SUBNET 0xFFFFFFFF
  196. NTSTATUS
  197. BowserTdiAllocateTransport (
  198. PUNICODE_STRING TransportName,
  199. PUNICODE_STRING EmulatedDomainName,
  200. PUNICODE_STRING EmulatedComputerName
  201. )
  202. /*++
  203. Routine Description:
  204. This routine will allocate a transport descriptor and bind the bowser
  205. to the transport.
  206. Arguments:
  207. TransportName - Supplies the name of the transport provider
  208. EmulatedDomainName - Supplies the name of the domain being emulated
  209. EmulatedComputerName - Supplies the name of the computer in the emulated domain.
  210. Return Value:
  211. NTSTATUS - Status of operation.
  212. --*/
  213. {
  214. NTSTATUS Status;
  215. PTRANSPORT NewTransport;
  216. BOOLEAN ResourceAcquired = FALSE;
  217. PAGED_CODE();
  218. // DbgBreakPoint();
  219. dlog(DPRT_TDI, ("%wZ: %wZ: BowserTdiAllocateTransport\n", EmulatedDomainName, TransportName));
  220. ExAcquireResourceExclusiveLite(&BowserTransportDatabaseResource, TRUE);
  221. ResourceAcquired = TRUE;
  222. NewTransport = BowserFindTransport(TransportName, EmulatedDomainName );
  223. dprintf(DPRT_REF, ("Called Find transport %lx from BowserTdiAllocateTransport.\n", NewTransport));
  224. if (NewTransport == NULL) {
  225. PLIST_ENTRY NameEntry;
  226. PPAGED_TRANSPORT PagedTransport = NULL;
  227. PCHAR Where;
  228. ULONG PagedTransportSize;
  229. //
  230. // Allocate and initialize the constant parts of the transport structure.
  231. //
  232. NewTransport = ALLOCATE_POOL(NonPagedPool, sizeof(TRANSPORT), POOL_TRANSPORT);
  233. if (NewTransport == NULL) {
  234. Status = STATUS_INSUFFICIENT_RESOURCES;
  235. goto ReturnStatus;
  236. }
  237. RtlZeroMemory( NewTransport, sizeof(TRANSPORT) );
  238. NewTransport->Signature = STRUCTURE_SIGNATURE_TRANSPORT;
  239. NewTransport->Size = sizeof(TRANSPORT);
  240. //
  241. // One reference for the rest of this procedure.
  242. //
  243. // We increment it later when we insert it in the global list.
  244. //
  245. NewTransport->ReferenceCount = 1;
  246. ExInitializeResourceLite(&NewTransport->BrowserServerListResource);
  247. KeInitializeEvent(&NewTransport->GetBackupListComplete, NotificationEvent, TRUE);
  248. ExInitializeResourceLite(&NewTransport->Lock);
  249. BowserInitializeIrpQueue(&NewTransport->BecomeBackupQueue);
  250. BowserInitializeIrpQueue(&NewTransport->BecomeMasterQueue);
  251. BowserInitializeIrpQueue(&NewTransport->FindMasterQueue);
  252. BowserInitializeIrpQueue(&NewTransport->WaitForMasterAnnounceQueue);
  253. BowserInitializeIrpQueue(&NewTransport->WaitForNewMasterNameQueue);
  254. BowserInitializeIrpQueue(&NewTransport->ChangeRoleQueue);
  255. BowserInitializeTimer(&NewTransport->ElectionTimer);
  256. BowserInitializeTimer(&NewTransport->FindMasterTimer);
  257. INITIALIZE_ANNOUNCE_DATABASE(NewTransport);
  258. //
  259. // Allocate and initialize the constant parts of the paged transport structure.
  260. //
  261. PagedTransportSize =sizeof(PAGED_TRANSPORT) +
  262. max(sizeof(TA_IPX_ADDRESS), sizeof(TA_NETBIOS_ADDRESS)) +
  263. sizeof(WCHAR) + // alignment
  264. (LM20_CNLEN+1)*sizeof(WCHAR) +
  265. TransportName->Length + sizeof(WCHAR);
  266. PagedTransport = NewTransport->PagedTransport =
  267. ALLOCATE_POOL(PagedPool, PagedTransportSize, POOL_PAGED_TRANSPORT);
  268. if (PagedTransport == NULL) {
  269. Status = STATUS_INSUFFICIENT_RESOURCES;
  270. goto ReturnStatus;
  271. }
  272. RtlZeroMemory( PagedTransport, PagedTransportSize );
  273. PagedTransport->NonPagedTransport = NewTransport;
  274. PagedTransport->Signature = STRUCTURE_SIGNATURE_PAGED_TRANSPORT;
  275. PagedTransport->Size = sizeof(PAGED_TRANSPORT);
  276. InitializeListHead(&PagedTransport->GlobalNext);
  277. InitializeListHead(&PagedTransport->NameChain);
  278. PagedTransport->Role = None;
  279. PagedTransport->IpSubnetNumber = BOWSER_NON_IP_SUBNET;
  280. PagedTransport->DisabledTransport = TRUE;
  281. PagedTransport->PointToPoint = FALSE;
  282. RtlInitializeGenericTable(&PagedTransport->AnnouncementTable,
  283. BowserCompareAnnouncement,
  284. BowserAllocateAnnouncement,
  285. BowserFreeAnnouncement,
  286. NULL);
  287. RtlInitializeGenericTable(&PagedTransport->DomainTable,
  288. BowserCompareAnnouncement,
  289. BowserAllocateAnnouncement,
  290. BowserFreeAnnouncement,
  291. NULL);
  292. InitializeListHead(&PagedTransport->BackupBrowserList);
  293. PagedTransport->NumberOfBackupServerListEntries = 0;
  294. // Put the MasterBrowserAddress at the end of the allocated buffer
  295. Where = (PCHAR)(PagedTransport+1);
  296. PagedTransport->MasterBrowserAddress.Buffer = Where;
  297. PagedTransport->MasterBrowserAddress.MaximumLength = max(sizeof(TA_IPX_ADDRESS),
  298. sizeof(TA_NETBIOS_ADDRESS));
  299. Where += PagedTransport->MasterBrowserAddress.MaximumLength;
  300. // Put the MasterName at the end of the allocated buffer
  301. Where = ROUND_UP_POINTER( Where, ALIGN_WCHAR );
  302. PagedTransport->MasterName.Buffer = (LPWSTR) Where;
  303. PagedTransport->MasterName.MaximumLength = (LM20_CNLEN+1)*sizeof(WCHAR);
  304. Where += PagedTransport->MasterName.MaximumLength;
  305. // Put the TransportName at the end of the allocated buffer
  306. PagedTransport->TransportName.Buffer = (LPWSTR) Where;
  307. PagedTransport->TransportName.MaximumLength = TransportName->Length + sizeof(WCHAR);
  308. RtlCopyUnicodeString(&PagedTransport->TransportName, TransportName);
  309. Where += PagedTransport->TransportName.MaximumLength;
  310. //
  311. // Make this transport a part of a domain.
  312. //
  313. NewTransport->DomainInfo = BowserCreateDomain( EmulatedDomainName, EmulatedComputerName );
  314. if ( NewTransport->DomainInfo == NULL ) {
  315. Status = STATUS_INSUFFICIENT_RESOURCES;
  316. goto ReturnStatus;
  317. }
  318. //
  319. // Get info from the provider
  320. // (e.g., RAS, Wannish, DatagramSize)
  321. Status= BowserUpdateProviderInformation( PagedTransport );
  322. if (!NT_SUCCESS(Status)) {
  323. goto ReturnStatus;
  324. }
  325. PagedTransport->Flags = 0;
  326. //
  327. // We ignore any and all errors that occur when we open the IPX socket.
  328. //
  329. //
  330. // Open the IPX mailslot socket.
  331. //
  332. Status = OpenIpxSocket(
  333. &PagedTransport->IpxSocketHandle,
  334. &NewTransport->IpxSocketFileObject,
  335. &NewTransport->IpxSocketDeviceObject,
  336. &PagedTransport->TransportName,
  337. SMB_IPX_MAILSLOT_SOCKET
  338. );
  339. if ( NT_SUCCESS(Status) ) {
  340. PagedTransport->Flags |= DIRECT_HOST_IPX;
  341. // We'll use type 20 packets to increase the reach of broadcasts
  342. // so don't treat this as a wannish protocol.
  343. PagedTransport->Wannish = FALSE;
  344. }
  345. //
  346. // Create the names for this transport.
  347. // (Only if the caller asked us to)
  348. //
  349. // Being in the global list constitutes a reference.
  350. //
  351. InsertTailList(&BowserTransportHead, &PagedTransport->GlobalNext);
  352. BowserReferenceTransport( NewTransport );
  353. //
  354. // The names are added asynchronously in other threads that require this
  355. // resource.
  356. //
  357. if ( ResourceAcquired ) {
  358. ExReleaseResourceLite(&BowserTransportDatabaseResource);
  359. ResourceAcquired = FALSE;
  360. }
  361. Status = BowserAddDefaultNames( NewTransport, NULL );
  362. if ( !NT_SUCCESS(Status) ) {
  363. goto ReturnStatus;
  364. }
  365. //
  366. // Start receiving broadcasts on IPX now that the names exist.
  367. //
  368. if ( PagedTransport->Flags & DIRECT_HOST_IPX ) {
  369. //
  370. // Acquire the lock while referencing IpxSocket*
  371. ExAcquireResourceExclusiveLite(&BowserTransportDatabaseResource, TRUE);
  372. ResourceAcquired = TRUE;
  373. BowserEnableIpxDatagramSocket(NewTransport);
  374. }
  375. //
  376. // Notify services that this transport is now bound
  377. //
  378. BowserSendPnp( NlPnpTransportBind,
  379. NULL, // All hosted domains
  380. &PagedTransport->TransportName,
  381. BowserTransportFlags(PagedTransport) );
  382. }
  383. Status = STATUS_SUCCESS;
  384. ReturnStatus:
  385. if ( ResourceAcquired ) {
  386. ExReleaseResourceLite(&BowserTransportDatabaseResource);
  387. }
  388. if (!NT_SUCCESS(Status)) {
  389. //
  390. // Delete the transport.
  391. //
  392. if ( NewTransport != NULL ) {
  393. // Remove the global reference if in global list
  394. BowserDeleteTransport (NewTransport);
  395. }
  396. }
  397. // Remove the local reference
  398. if ( NewTransport != NULL ) {
  399. BowserDereferenceTransport( NewTransport );
  400. }
  401. return Status;
  402. }
  403. NTSTATUS
  404. BowserUnbindFromAllTransports(
  405. VOID
  406. )
  407. {
  408. NTSTATUS Status;
  409. PAGED_CODE();
  410. Status = BowserForEachTransport(UnbindTransportWorker, NULL);
  411. #if DBG
  412. if (NT_SUCCESS(Status)) {
  413. ASSERT (IsListEmpty(&BowserTransportHead));
  414. }
  415. #endif
  416. return Status;
  417. }
  418. NTSTATUS
  419. UnbindTransportWorker(
  420. IN PTRANSPORT Transport,
  421. IN OUT PVOID Ctx
  422. )
  423. /*++
  424. Routine Description:
  425. This routine is the worker routine for BowserUnbindFromAllTransports.
  426. Arguments:
  427. None.
  428. Return Value:
  429. None.
  430. --*/
  431. {
  432. PAGED_CODE();
  433. //
  434. // Dereference the reference caused by the transport bind.
  435. //
  436. BowserDeleteTransport(Transport);
  437. //
  438. // Return success. We're done.
  439. //
  440. return(STATUS_SUCCESS);
  441. UNREFERENCED_PARAMETER(Ctx);
  442. }
  443. NTSTATUS
  444. BowserFreeTransportByName (
  445. IN PUNICODE_STRING TransportName,
  446. IN PUNICODE_STRING EmulatedDomainName
  447. )
  448. /*++
  449. Routine Description:
  450. This routine will deallocate an allocated transport
  451. Arguments:
  452. TransportName - Supplies a pointer to the name of the transport to free
  453. EmulatedDomainName - Name of the emulated domain whose transport is to be freed
  454. Return Value:
  455. None.
  456. --*/
  457. {
  458. PTRANSPORT Transport;
  459. PAGED_CODE();
  460. dlog(DPRT_TDI, ("%wZ: %wZ: BowserFreeTransportByName: Remove transport\n", EmulatedDomainName, TransportName));
  461. Transport = BowserFindTransport(TransportName, EmulatedDomainName );
  462. dprintf(DPRT_REF, ("Called Find transport %lx from BowserFreeTransportByName.\n", Transport));
  463. if (Transport == NULL) {
  464. return STATUS_OBJECT_NAME_NOT_FOUND;
  465. }
  466. //
  467. // Remove the reference from the binding.
  468. //
  469. BowserDeleteTransport(Transport);
  470. //
  471. // Remove the reference from the FindTransport.
  472. //
  473. BowserDereferenceTransport(Transport);
  474. return STATUS_SUCCESS;
  475. }
  476. NTSTATUS
  477. BowserEnumerateTransports (
  478. OUT PVOID OutputBuffer,
  479. OUT ULONG OutputBufferLength,
  480. IN OUT PULONG EntriesRead,
  481. IN OUT PULONG TotalEntries,
  482. IN OUT PULONG TotalBytesNeeded,
  483. IN ULONG_PTR OutputBufferDisplacement)
  484. /*++
  485. Routine Description:
  486. This routine will enumerate the servers in the bowsers current announcement
  487. table.
  488. Arguments:
  489. IN ULONG ServerTypeMask - Mask of servers to return.
  490. IN PUNICODE_STRING DomainName OPTIONAL - Domain to filter (all if not specified)
  491. OUT PVOID OutputBuffer - Buffer to fill with server info.
  492. IN ULONG OutputBufferSize - Filled in with size of buffer.
  493. OUT PULONG EntriesRead - Filled in with the # of entries returned.
  494. OUT PULONG TotalEntries - Filled in with the total # of entries.
  495. OUT PULONG TotalBytesNeeded - Filled in with the # of bytes needed.
  496. Return Value:
  497. None.
  498. --*/
  499. {
  500. PVOID OutputBufferEnd;
  501. NTSTATUS Status;
  502. ENUM_TRANSPORTS_CONTEXT Context;
  503. PDOMAIN_INFO DomainInfo = NULL;
  504. PAGED_CODE();
  505. OutputBufferEnd = (PCHAR)OutputBuffer+OutputBufferLength;
  506. Context.EntriesRead = 0;
  507. Context.TotalEntries = 0;
  508. Context.TotalBytesNeeded = 0;
  509. try {
  510. Context.OutputBufferSize = OutputBufferLength;
  511. Context.OutputBuffer = OutputBuffer;
  512. Context.OutputBufferDisplacement = OutputBufferDisplacement;
  513. Context.OutputBufferEnd = OutputBufferEnd;
  514. Context.LastOutputBuffer = OutputBuffer;
  515. dlog(DPRT_FSCTL, ("Enumerate Transports: Buffer: %lx, BufferSize: %lx, BufferEnd: %lx\n",
  516. OutputBuffer, OutputBufferLength, OutputBufferEnd));
  517. try {
  518. //
  519. // Find the primary domain.
  520. //
  521. // This call is intended to return the actual transport names and not the
  522. // network structure which are duplicated for each emulated domain.
  523. //
  524. DomainInfo = BowserFindDomain( NULL );
  525. // Failure case handled below
  526. //
  527. // Enumerate the transports.
  528. //
  529. if ( DomainInfo != NULL ) {
  530. Status = BowserForEachTransportInDomain( DomainInfo, EnumerateTransportsWorker, &Context);
  531. }
  532. *EntriesRead = Context.EntriesRead;
  533. *TotalEntries = Context.TotalEntries;
  534. *TotalBytesNeeded = Context.TotalBytesNeeded;
  535. if (*EntriesRead != 0) {
  536. ((PLMDR_TRANSPORT_LIST )Context.LastOutputBuffer)->NextEntryOffset = 0;
  537. }
  538. dlog(DPRT_FSCTL, ("TotalEntries: %lx EntriesRead: %lx, TotalBytesNeeded: %lx\n", *TotalEntries, *EntriesRead, *TotalBytesNeeded));
  539. if (*EntriesRead == *TotalEntries) {
  540. try_return(Status = STATUS_SUCCESS);
  541. } else {
  542. try_return(Status = STATUS_MORE_ENTRIES);
  543. }
  544. try_exit:NOTHING;
  545. } finally {
  546. if ( DomainInfo != NULL ) {
  547. BowserDereferenceDomain( DomainInfo );
  548. }
  549. }
  550. }
  551. except ( BR_EXCEPTION ) {
  552. Status = GetExceptionCode();
  553. }
  554. return Status;
  555. }
  556. ULONG
  557. BowserTransportFlags(
  558. IN PPAGED_TRANSPORT PagedTransport
  559. )
  560. /*++
  561. Routine Description:
  562. Return the user mode transport flags for this transport.
  563. Arguments:
  564. PageTransport - Transport to return the flags for.
  565. Return Value:
  566. The appropriate of the following flags:
  567. LMDR_TRANSPORT_WANNISH
  568. LMDR_TRANSPORT_RAS
  569. LMDR_TRANSPORT_IPX
  570. --*/
  571. {
  572. ULONG TransportFlags = 0;
  573. PAGED_CODE();
  574. if (PagedTransport->Wannish) {
  575. TransportFlags |= LMDR_TRANSPORT_WANNISH;
  576. }
  577. if (PagedTransport->IsPrimaryDomainController) {
  578. TransportFlags |= LMDR_TRANSPORT_PDC;
  579. }
  580. if (PagedTransport->PointToPoint) {
  581. TransportFlags |= LMDR_TRANSPORT_RAS;
  582. }
  583. if (PagedTransport->Flags & DIRECT_HOST_IPX) {
  584. TransportFlags |= LMDR_TRANSPORT_IPX;
  585. }
  586. return TransportFlags;
  587. }
  588. NTSTATUS
  589. EnumerateTransportsWorker(
  590. IN PTRANSPORT Transport,
  591. IN OUT PVOID Ctx
  592. )
  593. /*++
  594. Routine Description:
  595. This routine is the worker routine for BowserEnumerateTransports.
  596. It is called for each of the serviced transports in the bowser and
  597. returns the size needed to enumerate the servers received on each transport.
  598. Arguments:
  599. None.
  600. Return Value:
  601. None.
  602. --*/
  603. {
  604. PENUM_TRANSPORTS_CONTEXT Context = Ctx;
  605. PPAGED_TRANSPORT PagedTransport = Transport->PagedTransport;
  606. ULONG SizeNeeded = sizeof(LMDR_TRANSPORT_LIST);
  607. PAGED_CODE();
  608. SizeNeeded += PagedTransport->TransportName.Length+sizeof(WCHAR);
  609. SizeNeeded = ROUND_UP_COUNT(SizeNeeded,ALIGN_DWORD);
  610. Context->TotalEntries += 1;
  611. if ((ULONG_PTR)Context->OutputBufferEnd - (ULONG_PTR)Context->OutputBuffer > SizeNeeded) {
  612. PLMDR_TRANSPORT_LIST TransportEntry = (PLMDR_TRANSPORT_LIST)Context->OutputBuffer;
  613. Context->LastOutputBuffer = Context->OutputBuffer;
  614. Context->EntriesRead += 1;
  615. RtlCopyMemory(TransportEntry->TransportName, PagedTransport->TransportName.Buffer, PagedTransport->TransportName.Length+sizeof(WCHAR));
  616. //
  617. // Null terminate the transport name.
  618. //
  619. TransportEntry->TransportName[PagedTransport->TransportName.Length/sizeof(WCHAR)] = '\0';
  620. TransportEntry->TransportNameLength = PagedTransport->TransportName.Length;
  621. TransportEntry->Flags |= BowserTransportFlags( PagedTransport );
  622. TransportEntry->NextEntryOffset = SizeNeeded;
  623. (PUCHAR)(Context->OutputBuffer) += SizeNeeded;
  624. }
  625. Context->TotalBytesNeeded += SizeNeeded;
  626. return(STATUS_SUCCESS);
  627. }
  628. VOID
  629. BowserReferenceTransport(
  630. IN PTRANSPORT Transport
  631. )
  632. {
  633. InterlockedIncrement(&Transport->ReferenceCount);
  634. dprintf(DPRT_REF, ("Reference transport %lx. Count now %lx\n", Transport, Transport->ReferenceCount));
  635. }
  636. VOID
  637. BowserDereferenceTransport(
  638. IN PTRANSPORT Transport
  639. )
  640. {
  641. LONG Result;
  642. PAGED_CODE();
  643. ExAcquireResourceExclusiveLite(&BowserTransportDatabaseResource, TRUE);
  644. if (Transport->ReferenceCount == 0) {
  645. InternalError(("Transport Reference Count mismatch\n"));
  646. }
  647. Result = InterlockedDecrement(&Transport->ReferenceCount);
  648. dlog(DPRT_REF, ("Dereference transport %lx. Count now %lx\n", Transport, Transport->ReferenceCount));
  649. if (Result == 0) {
  650. //
  651. // And free up the transport itself.
  652. //
  653. BowserpFreeTransport(Transport);
  654. }
  655. ExReleaseResourceLite(&BowserTransportDatabaseResource);
  656. }
  657. NTSTATUS
  658. BowserCreateTransportName (
  659. IN PTRANSPORT Transport,
  660. IN PBOWSER_NAME Name
  661. )
  662. /*++
  663. Routine Description:
  664. This routine creates a transport address object.
  665. Arguments:
  666. IN PTRANSPORT Transport - Supplies a transport structure describing the
  667. transport address object to be created.
  668. Return Value:
  669. NTSTATUS - Status of resulting operation.
  670. --*/
  671. {
  672. NTSTATUS Status = STATUS_SUCCESS;
  673. PTRANSPORT_NAME TransportName = NULL;
  674. PPAGED_TRANSPORT_NAME PagedTransportName = NULL;
  675. PPAGED_TRANSPORT PagedTransport = Transport->PagedTransport;
  676. BOOLEAN ResourceAcquired = FALSE;
  677. PAGED_CODE();
  678. ASSERT(Transport->Signature == STRUCTURE_SIGNATURE_TRANSPORT);
  679. dlog(DPRT_TDI,
  680. ("%s: %ws: BowserCreateTransportName. Name %wZ (%ld)\n",
  681. Transport->DomainInfo->DomOemDomainName,
  682. PagedTransport->TransportName.Buffer,
  683. &Name->Name,
  684. Name->NameType ));
  685. //
  686. // Link the transport_name structure into the transport list.
  687. //
  688. ExAcquireResourceExclusiveLite(&BowserTransportDatabaseResource, TRUE);
  689. ResourceAcquired = TRUE;
  690. TransportName = BowserFindTransportName(Transport, Name);
  691. if (TransportName != NULL) {
  692. ExReleaseResourceLite(&BowserTransportDatabaseResource);
  693. return(STATUS_SUCCESS);
  694. }
  695. #ifdef notdef
  696. //
  697. // Simply don't allocate certain names if the transport is disabled
  698. //
  699. if ( PagedTransport->DisabledTransport ) {
  700. if ( Name->NameType == PrimaryDomainBrowser ) {
  701. ExReleaseResourceLite(&BowserTransportDatabaseResource);
  702. return STATUS_SUCCESS;
  703. }
  704. }
  705. #endif // notdef
  706. // s.b. assertion that we're attached to the system process
  707. // ASSERT (IoGetCurrentProcess() == BowserFspProcess);
  708. //
  709. // Allocate a structure to refer to this name on the transport
  710. //
  711. TransportName = ALLOCATE_POOL(NonPagedPool, sizeof(TRANSPORT_NAME) +
  712. max(sizeof(TA_NETBIOS_ADDRESS),
  713. sizeof(TA_IPX_ADDRESS)), POOL_TRANSPORTNAME);
  714. if (TransportName == NULL) {
  715. Status = STATUS_INSUFFICIENT_RESOURCES;
  716. goto error_cleanup;
  717. }
  718. TransportName->PagedTransportName = PagedTransportName =
  719. ALLOCATE_POOL(PagedPool,
  720. sizeof(PAGED_TRANSPORT_NAME),
  721. POOL_PAGED_TRANSPORTNAME);
  722. if (PagedTransportName == NULL) {
  723. FREE_POOL( TransportName );
  724. TransportName = NULL;
  725. Status = STATUS_INSUFFICIENT_RESOURCES;
  726. goto error_cleanup;
  727. }
  728. TransportName->Signature = STRUCTURE_SIGNATURE_TRANSPORTNAME;
  729. TransportName->Size = sizeof(TRANSPORT_NAME);
  730. TransportName->PagedTransportName = PagedTransportName;
  731. // This TransportName is considered to be referenced by the transport via
  732. // Transport->PagedTransport->NameChain. The Name->NameChain isn't
  733. // considered to be a reference.
  734. //
  735. // The second reference is a local reference for the lifetime of this routine.
  736. //
  737. TransportName->ReferenceCount = 2;
  738. PagedTransportName->NonPagedTransportName = TransportName;
  739. PagedTransportName->Signature = STRUCTURE_SIGNATURE_PAGED_TRANSPORTNAME;
  740. PagedTransportName->Size = sizeof(PAGED_TRANSPORT_NAME);
  741. PagedTransportName->Name = Name;
  742. BowserReferenceName(Name);
  743. TransportName->Transport = Transport;
  744. // Don't reference the Transport. When the transport is unbound, we'll
  745. // make sure all the transport names are removed first.
  746. // BowserReferenceTransport(Transport);
  747. PagedTransportName->Handle = NULL;
  748. TransportName->FileObject = NULL;
  749. TransportName->DeviceObject = NULL;
  750. InsertHeadList(&Transport->PagedTransport->NameChain, &PagedTransportName->TransportNext);
  751. InsertHeadList(&Name->NameChain, &PagedTransportName->NameNext);
  752. //
  753. // If this is an OTHERDOMAIN, we want to process host announcements for
  754. // the domain, if it isn't, we want to wait until we become a master.
  755. //
  756. if (Name->NameType == OtherDomain) {
  757. TransportName->ProcessHostAnnouncements = TRUE;
  758. } else {
  759. TransportName->ProcessHostAnnouncements = FALSE;
  760. }
  761. //
  762. // If this name is one of our special names, we want to remember it in
  763. // the transport block.
  764. //
  765. switch (Name->NameType) {
  766. case ComputerName:
  767. Transport->ComputerName = TransportName;
  768. break;
  769. case PrimaryDomain:
  770. //
  771. // During domain rename we can temporarily have two primary names assigned.
  772. // keep track of both names.
  773. //
  774. if ( Transport->PrimaryDomain != NULL ) {
  775. // ASSERT( Transport->AltPrimaryDomain == NULL );
  776. Transport->AltPrimaryDomain = Transport->PrimaryDomain;
  777. }
  778. Transport->PrimaryDomain = TransportName;
  779. break;
  780. case MasterBrowser:
  781. Transport->MasterBrowser = TransportName;
  782. break;
  783. case BrowserElection:
  784. Transport->BrowserElection = TransportName;
  785. break;
  786. case PrimaryDomainBrowser:
  787. PagedTransport->IsPrimaryDomainController = TRUE;
  788. //
  789. // Notify services we are now a PDC.
  790. //
  791. BowserSendPnp(
  792. NlPnpNewRole,
  793. &Transport->DomainInfo->DomUnicodeDomainName,
  794. &Transport->PagedTransport->TransportName,
  795. BowserTransportFlags(Transport->PagedTransport) );
  796. break;
  797. }
  798. TransportName->TransportAddress.Buffer = (PCHAR)(TransportName+1);
  799. TransportName->TransportAddress.MaximumLength = max(sizeof(TA_NETBIOS_ADDRESS),
  800. sizeof(TA_IPX_ADDRESS));
  801. //
  802. // Figure out what this name is, so we can match against it when
  803. // a datagram is received.
  804. //
  805. Status = BowserBuildTransportAddress(&TransportName->TransportAddress, &Name->Name, Name->NameType, Transport);
  806. if (!NT_SUCCESS(Status)) {
  807. goto error_cleanup;
  808. }
  809. TransportName->NameType = (CHAR)Name->NameType;
  810. ExReleaseResourceLite(&BowserTransportDatabaseResource);
  811. ResourceAcquired = FALSE;
  812. //
  813. // On non direct host IPX transports, we need to add the name now.
  814. //
  815. if (!FlagOn(Transport->PagedTransport->Flags, DIRECT_HOST_IPX)) {
  816. Status = BowserOpenNetbiosAddress(PagedTransportName, Transport, Name);
  817. if (!NT_SUCCESS(Status)) {
  818. goto error_cleanup;
  819. }
  820. }
  821. error_cleanup:
  822. if ( !NT_SUCCESS(Status) ) {
  823. dlog(DPRT_TDI,
  824. ("%s: %ws: BowserCreateTransportName fail. Name %wZ (%ld) Status:%lx\n",
  825. Transport->DomainInfo->DomOemDomainName,
  826. PagedTransport->TransportName.Buffer,
  827. &Name->Name,
  828. Name->NameType,
  829. Status ));
  830. //
  831. // Remove Transport->PagedTransport->NameChain reference
  832. // (Unless another routine already has done that behind our back)
  833. //
  834. if (TransportName != NULL) {
  835. if ( PagedTransportName->TransportNext.Flink != NULL ) {
  836. BowserDereferenceTransportName(TransportName);
  837. }
  838. }
  839. }
  840. // Remove the local reference
  841. if (TransportName != NULL) {
  842. BowserDereferenceTransportName(TransportName);
  843. }
  844. if (ResourceAcquired) {
  845. ExReleaseResourceLite(&BowserTransportDatabaseResource);
  846. }
  847. return Status;
  848. }
  849. NTSTATUS
  850. BowserOpenNetbiosAddress(
  851. IN PPAGED_TRANSPORT_NAME PagedTransportName,
  852. IN PTRANSPORT Transport,
  853. IN PBOWSER_NAME Name
  854. )
  855. {
  856. NTSTATUS Status;
  857. PFILE_FULL_EA_INFORMATION EABuffer = NULL;
  858. PTRANSPORT_NAME TransportName = PagedTransportName->NonPagedTransportName;
  859. OBJECT_ATTRIBUTES AddressAttributes;
  860. IO_STATUS_BLOCK IoStatusBlock;
  861. HANDLE Handle = NULL;
  862. PFILE_OBJECT FileObject = NULL;
  863. PDEVICE_OBJECT DeviceObject;
  864. PAGED_CODE( );
  865. try {
  866. //
  867. // Now create the address object for this name.
  868. //
  869. EABuffer = ALLOCATE_POOL(PagedPool,
  870. sizeof(FILE_FULL_EA_INFORMATION)-1 +
  871. TDI_TRANSPORT_ADDRESS_LENGTH + 1 +
  872. max(sizeof(TA_NETBIOS_EX_ADDRESS), sizeof(TA_NETBIOS_ADDRESS)),
  873. POOL_EABUFFER);
  874. if (EABuffer == NULL) {
  875. try_return(Status = STATUS_INSUFFICIENT_RESOURCES)
  876. }
  877. EABuffer->NextEntryOffset = 0;
  878. EABuffer->Flags = 0;
  879. EABuffer->EaNameLength = TDI_TRANSPORT_ADDRESS_LENGTH;
  880. RtlCopyMemory(EABuffer->EaName, TdiTransportAddress, EABuffer->EaNameLength+1);
  881. EABuffer->EaValueLength = sizeof(TA_NETBIOS_ADDRESS);
  882. ASSERT (TransportName->TransportAddress.Length == sizeof(TA_NETBIOS_ADDRESS));
  883. RtlCopyMemory( &EABuffer->EaName[TDI_TRANSPORT_ADDRESS_LENGTH+1],
  884. TransportName->TransportAddress.Buffer,
  885. EABuffer->EaValueLength );
  886. dlog(DPRT_TDI,
  887. ("%s: %ws: Create endpoint of %wZ (%ld) @(%lx)\n",
  888. Transport->DomainInfo->DomOemDomainName,
  889. Transport->PagedTransport->TransportName.Buffer,
  890. &PagedTransportName->Name->Name,
  891. PagedTransportName->Name->NameType,
  892. TransportName));
  893. InitializeObjectAttributes (&AddressAttributes,
  894. &Transport->PagedTransport->TransportName, // Name
  895. OBJ_CASE_INSENSITIVE,// Attributes
  896. NULL, // RootDirectory
  897. NULL); // SecurityDescriptor
  898. Status = IoCreateFile( &Handle, // Handle
  899. GENERIC_READ | GENERIC_WRITE | SYNCHRONIZE,
  900. &AddressAttributes, // Object Attributes
  901. &IoStatusBlock, // Final I/O status block
  902. NULL, // Allocation Size
  903. FILE_ATTRIBUTE_NORMAL, // Normal attributes
  904. FILE_SHARE_READ,// Sharing attributes
  905. FILE_OPEN_IF, // Create disposition
  906. 0, // CreateOptions
  907. EABuffer, // EA Buffer
  908. FIELD_OFFSET(FILE_FULL_EA_INFORMATION, EaName) +
  909. TDI_TRANSPORT_ADDRESS_LENGTH + 1 +
  910. sizeof(TA_NETBIOS_ADDRESS), // EA length
  911. CreateFileTypeNone,
  912. NULL,
  913. IO_NO_PARAMETER_CHECKING | // All of the buffers are kernel buffers
  914. IO_CHECK_CREATE_PARAMETERS);// But double check parameter consistancy
  915. FREE_POOL(EABuffer);
  916. EABuffer = NULL;
  917. if (!NT_SUCCESS(Status)) {
  918. try_return(Status);
  919. }
  920. if (!NT_SUCCESS(Status = IoStatusBlock.Status)) {
  921. try_return(Status);
  922. }
  923. //
  924. // Obtain a referenced pointer to the file object.
  925. //
  926. Status = ObReferenceObjectByHandle (
  927. Handle,
  928. 0,
  929. *IoFileObjectType,
  930. KernelMode,
  931. (PVOID *)&FileObject,
  932. NULL
  933. );
  934. if (!NT_SUCCESS(Status)) {
  935. try_return(Status);
  936. }
  937. //
  938. // Get another reference that lasts for the life of the TransportName
  939. //
  940. ObReferenceObject( FileObject );
  941. //
  942. // Get the address of the device object for the endpoint.
  943. //
  944. DeviceObject = IoGetRelatedDeviceObject( FileObject );
  945. //
  946. // Note: due to bug 140751 we'll first set nbt's handler
  947. // to get it going & only then we would asign the handles
  948. // to the global structure. This is in order to prevent
  949. // execution of BowserCloseNetbiosAddress before setting
  950. // this handler. Otherwise, we can end up using closed
  951. // handles.
  952. //
  953. //
  954. // Enable receiving datagrams on this device.
  955. //
  956. Status = BowserpTdiSetEventHandler( DeviceObject,
  957. FileObject,
  958. TDI_EVENT_RECEIVE_DATAGRAM,
  959. (PVOID) BowserTdiReceiveDatagramHandler,
  960. TransportName);
  961. if (!NT_SUCCESS(Status)) {
  962. try_return(Status);
  963. }
  964. //
  965. // Tell Netbt to tell us the IP Address of the client.
  966. //
  967. if ( Transport->PagedTransport->Wannish ) {
  968. IO_STATUS_BLOCK IoStatusBlock;
  969. Status = ZwDeviceIoControlFile(
  970. Handle,
  971. NULL,
  972. NULL,
  973. NULL,
  974. &IoStatusBlock,
  975. IOCTL_NETBT_ENABLE_EXTENDED_ADDR,
  976. NULL,
  977. 0,
  978. NULL,
  979. 0 );
  980. if ( !NT_SUCCESS(Status) ) {
  981. dlog(DPRT_TDI, ("%lx: Can't request extended status from netbt\n", TransportName));
  982. try_return(Status);
  983. }
  984. ASSERT(Status != STATUS_PENDING);
  985. }
  986. //
  987. // Save the handles
  988. //
  989. ExAcquireResourceExclusiveLite(&BowserTransportDatabaseResource, TRUE);
  990. TransportName->FileObject = FileObject;
  991. TransportName->DeviceObject = DeviceObject;
  992. PagedTransportName->Handle = Handle;
  993. Handle = NULL;
  994. ExReleaseResourceLite(&BowserTransportDatabaseResource);
  995. dlog(DPRT_TDI, ("BowserCreateTransportName Succeeded. Name: %lx, Handle: %lx\n", TransportName, PagedTransportName->Handle));
  996. try_exit:NOTHING;
  997. } finally {
  998. if (EABuffer != NULL) {
  999. FREE_POOL(EABuffer);
  1000. }
  1001. if ( FileObject != NULL ) {
  1002. ObDereferenceObject( FileObject );
  1003. }
  1004. if ( Handle != NULL ) {
  1005. (VOID) ZwClose( Handle );
  1006. }
  1007. if (!NT_SUCCESS(Status)) {
  1008. //
  1009. // Count Number of failed adds of 1D name.
  1010. //
  1011. if ( TransportName->NameType == MasterBrowser ) {
  1012. if (BrOneD.NameAddFailed < BR_ONE_D_STACK_SIZE ) {
  1013. BrOneD.NameAddStack[BrOneD.NameAddFailed] = Status;
  1014. }
  1015. BrOneD.NameAddFailed ++;
  1016. }
  1017. BowserCloseNetbiosAddress( TransportName );
  1018. } else {
  1019. //
  1020. // Count Number of adds of 1D name.
  1021. //
  1022. if ( TransportName->NameType == MasterBrowser ) {
  1023. BrOneD.NameAdded ++;
  1024. }
  1025. }
  1026. }
  1027. return Status;
  1028. }
  1029. VOID
  1030. BowserCloseNetbiosAddress(
  1031. IN PTRANSPORT_NAME TransportName
  1032. )
  1033. /*++
  1034. Routine Description:
  1035. Closes the Netbios Address for a transport name.
  1036. Arguments:
  1037. TransportName - Transport Name whose Netbios address is to be closed.
  1038. Return Value:
  1039. None.
  1040. --*/
  1041. {
  1042. NTSTATUS Status;
  1043. // PTRANSPORT Transport = TransportName->Transport;
  1044. PPAGED_TRANSPORT_NAME PagedTransportName = TransportName->PagedTransportName;
  1045. KAPC_STATE ApcState;
  1046. PAGED_CODE();
  1047. ExAcquireResourceExclusiveLite(&BowserTransportDatabaseResource, TRUE);
  1048. if (PagedTransportName) {
  1049. if ( PagedTransportName->Handle != NULL ) {
  1050. BOOLEAN ProcessAttached = FALSE;
  1051. if (IoGetCurrentProcess() != BowserFspProcess) {
  1052. KeStackAttachProcess(BowserFspProcess, &ApcState );
  1053. ProcessAttached = TRUE;
  1054. }
  1055. Status = ZwClose( PagedTransportName->Handle );
  1056. if (ProcessAttached) {
  1057. KeUnstackDetachProcess( &ApcState );
  1058. }
  1059. if (!NT_SUCCESS(Status)) {
  1060. dlog(DPRT_TDI, ("BowserCloseNetbiosAddress: Free name %lx failed: %X, %lx Handle: %lx\n", TransportName, Status, PagedTransportName->Handle));
  1061. //
  1062. // Count Number of failed frees of 1D name.
  1063. //
  1064. if ( TransportName->NameType == MasterBrowser ) {
  1065. if (BrOneD.NameFreeFailed < BR_ONE_D_STACK_SIZE ) {
  1066. BrOneD.NameFreeStack[BrOneD.NameFreeFailed] = Status;
  1067. }
  1068. BrOneD.NameFreeFailed ++;
  1069. }
  1070. } else {
  1071. //
  1072. // Count Number of frees of 1D name.
  1073. //
  1074. if ( TransportName->NameType == MasterBrowser ) {
  1075. BrOneD.NameFreed ++;
  1076. }
  1077. }
  1078. PagedTransportName->Handle = NULL;
  1079. }
  1080. }
  1081. //
  1082. // Dereference the FileObject ONLY after the handle is closed.
  1083. // The indication routine references FileObject with no synchronization.
  1084. // By closing the handle first, I know the TDI driver is out of the
  1085. // indication routine before I dereference the FileObject.
  1086. //
  1087. if ( TransportName->FileObject != NULL ) {
  1088. ObDereferenceObject( TransportName->FileObject );
  1089. TransportName->FileObject = NULL;
  1090. }
  1091. ExReleaseResourceLite(&BowserTransportDatabaseResource);
  1092. }
  1093. VOID
  1094. BowserCloseAllNetbiosAddresses(
  1095. IN PTRANSPORT Transport
  1096. )
  1097. /*++
  1098. Routine Description:
  1099. This routine closes all the Netbios address this transport has open
  1100. to the TDI driver.
  1101. Arguments:
  1102. Transport - The transport whose Netbios addresses are to be closed.
  1103. Return Value:
  1104. NTSTATUS - Status of resulting operation.
  1105. --*/
  1106. {
  1107. PLIST_ENTRY NameEntry;
  1108. PLIST_ENTRY NextEntry;
  1109. PAGED_CODE();
  1110. dlog(DPRT_TDI,
  1111. ("%s: %ws: BowserCloseAllNetbiosAddresses: Close addresses for transport %lx\n",
  1112. Transport->DomainInfo->DomOemDomainName,
  1113. Transport->PagedTransport->TransportName.Buffer,
  1114. Transport));
  1115. ExAcquireResourceExclusiveLite(&BowserTransportDatabaseResource, TRUE);
  1116. for (NameEntry = Transport->PagedTransport->NameChain.Flink;
  1117. NameEntry != &Transport->PagedTransport->NameChain;
  1118. NameEntry = NextEntry) {
  1119. PPAGED_TRANSPORT_NAME PagedTransportName = CONTAINING_RECORD(NameEntry, PAGED_TRANSPORT_NAME, TransportNext);
  1120. PTRANSPORT_NAME TransportName = PagedTransportName->NonPagedTransportName;
  1121. NextEntry = NameEntry->Flink;
  1122. BowserCloseNetbiosAddress(TransportName);
  1123. }
  1124. ExReleaseResourceLite(&BowserTransportDatabaseResource);
  1125. return;
  1126. }
  1127. NTSTATUS
  1128. BowserEnableIpxDatagramSocket(
  1129. IN PTRANSPORT Transport
  1130. )
  1131. {
  1132. NTSTATUS status;
  1133. NWLINK_ACTION action;
  1134. PAGED_CODE( );
  1135. //
  1136. // Put the endpoint in broadcast reception mode.
  1137. //
  1138. action.Header.TransportId = 'XPIM'; // "MIPX"
  1139. action.Header.ActionCode = 0;
  1140. action.Header.Reserved = 0;
  1141. action.OptionType = TRUE;
  1142. action.BufferLength = sizeof(action.Option);
  1143. action.Option = MIPX_RCVBCAST;
  1144. status = BowserIssueTdiAction(
  1145. Transport->IpxSocketDeviceObject,
  1146. Transport->IpxSocketFileObject,
  1147. (PCHAR)&action,
  1148. sizeof(action)
  1149. );
  1150. if ( !NT_SUCCESS(status) ) {
  1151. goto cleanup;
  1152. }
  1153. //
  1154. // Set the default packet type to 20 to force all browser packets
  1155. // through routers.
  1156. //
  1157. action.Header.TransportId = 'XPIM'; // "MIPX"
  1158. action.Header.ActionCode = 0;
  1159. action.Header.Reserved = 0;
  1160. action.OptionType = TRUE;
  1161. action.BufferLength = sizeof(action.Option);
  1162. action.Option = MIPX_SETSENDPTYPE;
  1163. action.Data[0] = IPX_BROADCAST_PACKET;
  1164. status = BowserIssueTdiAction(
  1165. Transport->IpxSocketDeviceObject,
  1166. Transport->IpxSocketFileObject,
  1167. (PCHAR)&action,
  1168. sizeof(action)
  1169. );
  1170. if ( !NT_SUCCESS(status) ) {
  1171. goto cleanup;
  1172. }
  1173. //
  1174. // Register the browser Receive Datagram event handler.
  1175. //
  1176. status = BowserpTdiSetEventHandler(
  1177. Transport->IpxSocketDeviceObject,
  1178. Transport->IpxSocketFileObject,
  1179. TDI_EVENT_RECEIVE_DATAGRAM,
  1180. BowserIpxDatagramHandler,
  1181. Transport
  1182. );
  1183. if ( !NT_SUCCESS(status) ) {
  1184. // INTERNAL_ERROR(
  1185. // ERROR_LEVEL_EXPECTED,
  1186. // "OpenNonNetbiosAddress: set receive datagram event handler failed: %X",
  1187. // status,
  1188. // NULL
  1189. // );
  1190. // SrvLogServiceFailure( SRV_SVC_NT_IOCTL_FILE, status );
  1191. goto cleanup;
  1192. }
  1193. return STATUS_SUCCESS;
  1194. //
  1195. // Out-of-line error cleanup.
  1196. //
  1197. cleanup:
  1198. //
  1199. // Something failed. Clean up as appropriate.
  1200. //
  1201. if ( Transport->IpxSocketFileObject != NULL ) {
  1202. ObDereferenceObject( Transport->IpxSocketFileObject );
  1203. Transport->IpxSocketFileObject = NULL;
  1204. }
  1205. if ( Transport->PagedTransport->IpxSocketHandle != NULL ) {
  1206. ZwClose( Transport->PagedTransport->IpxSocketHandle );
  1207. Transport->PagedTransport->IpxSocketHandle = NULL;
  1208. }
  1209. return status;
  1210. }
  1211. NTSTATUS
  1212. OpenIpxSocket (
  1213. OUT PHANDLE Handle,
  1214. OUT PFILE_OBJECT *FileObject,
  1215. OUT PDEVICE_OBJECT *DeviceObject,
  1216. IN PUNICODE_STRING DeviceName,
  1217. IN USHORT Socket
  1218. )
  1219. {
  1220. NTSTATUS status;
  1221. ULONG length;
  1222. PFILE_FULL_EA_INFORMATION ea;
  1223. TA_IPX_ADDRESS ipxAddress;
  1224. OBJECT_ATTRIBUTES objectAttributes;
  1225. IO_STATUS_BLOCK iosb;
  1226. CHAR buffer[sizeof(FILE_FULL_EA_INFORMATION) +
  1227. TDI_TRANSPORT_ADDRESS_LENGTH + 1 +
  1228. sizeof(TA_IPX_ADDRESS)];
  1229. PAGED_CODE( );
  1230. //
  1231. // Build the IPX socket address.
  1232. //
  1233. length = FIELD_OFFSET( FILE_FULL_EA_INFORMATION, EaName[0] ) +
  1234. TDI_TRANSPORT_ADDRESS_LENGTH + 1 +
  1235. sizeof(TA_IPX_ADDRESS);
  1236. ea = (PFILE_FULL_EA_INFORMATION)buffer;
  1237. ea->NextEntryOffset = 0;
  1238. ea->Flags = 0;
  1239. ea->EaNameLength = TDI_TRANSPORT_ADDRESS_LENGTH;
  1240. ea->EaValueLength = sizeof (TA_IPX_ADDRESS);
  1241. RtlCopyMemory( ea->EaName, TdiTransportAddress, ea->EaNameLength + 1 );
  1242. //
  1243. // Create a copy of the NETBIOS address descriptor in a local
  1244. // first, in order to avoid alignment problems.
  1245. //
  1246. ipxAddress.TAAddressCount = 1;
  1247. ipxAddress.Address[0].AddressType = TDI_ADDRESS_TYPE_IPX;
  1248. ipxAddress.Address[0].AddressLength = sizeof (TDI_ADDRESS_IPX);
  1249. ipxAddress.Address[0].Address[0].NetworkAddress = 0;
  1250. RtlZeroMemory(ipxAddress.Address[0].Address[0].NodeAddress, sizeof(ipxAddress.Address[0].Address[0].NodeAddress));
  1251. ipxAddress.Address[0].Address[0].Socket = Socket;
  1252. RtlCopyMemory(
  1253. &ea->EaName[ea->EaNameLength + 1],
  1254. &ipxAddress,
  1255. sizeof(TA_IPX_ADDRESS)
  1256. );
  1257. InitializeObjectAttributes( &objectAttributes, DeviceName, OBJ_CASE_INSENSITIVE, NULL, NULL );
  1258. status = IoCreateFile (
  1259. Handle,
  1260. FILE_READ_ATTRIBUTES | FILE_WRITE_ATTRIBUTES, // desired access
  1261. &objectAttributes, // object attributes
  1262. &iosb, // returned status information
  1263. NULL, // block size (unused)
  1264. 0, // file attributes
  1265. FILE_SHARE_READ | FILE_SHARE_WRITE, // share access
  1266. FILE_CREATE, // create disposition
  1267. 0, // create options
  1268. buffer, // EA buffer
  1269. length, // EA length
  1270. CreateFileTypeNone,
  1271. NULL,
  1272. IO_NO_PARAMETER_CHECKING | // All of the buffers are kernel buffers
  1273. IO_CHECK_CREATE_PARAMETERS);// But double check parameter consistancy
  1274. if ( !NT_SUCCESS(status) ) {
  1275. // KdPrint(( "Status of opening ipx socket %x on %wZ is %x\n",
  1276. // Socket, DeviceName, status ));
  1277. return status;
  1278. }
  1279. // KdPrint(( "IPX socket %x opened!\n", Socket ));
  1280. status = ObReferenceObjectByHandle (
  1281. *Handle,
  1282. 0,
  1283. *IoFileObjectType,
  1284. KernelMode,
  1285. (PVOID *)FileObject,
  1286. NULL
  1287. );
  1288. if (!NT_SUCCESS(status)) {
  1289. ZwClose(*Handle);
  1290. *Handle = NULL;
  1291. *DeviceObject = NULL;
  1292. }
  1293. else {
  1294. *DeviceObject = IoGetRelatedDeviceObject(*FileObject);
  1295. }
  1296. return status;
  1297. } // OpenIpxSocket
  1298. VOID
  1299. BowserReferenceTransportName(
  1300. IN PTRANSPORT_NAME TransportName
  1301. )
  1302. {
  1303. InterlockedIncrement(&TransportName->ReferenceCount);
  1304. }
  1305. NTSTATUS
  1306. BowserDereferenceTransportName(
  1307. IN PTRANSPORT_NAME TransportName
  1308. )
  1309. {
  1310. NTSTATUS Status;
  1311. LONG Result;
  1312. PAGED_CODE();
  1313. ExAcquireResourceExclusiveLite(&BowserTransportDatabaseResource, TRUE);
  1314. if (TransportName->ReferenceCount == 0) {
  1315. InternalError(("Transport Name Reference Count mismatch\n"));
  1316. }
  1317. Result = InterlockedDecrement(&TransportName->ReferenceCount);
  1318. if (Result == 0) {
  1319. Status = BowserFreeTransportName(TransportName);
  1320. } else {
  1321. Status = STATUS_SUCCESS;
  1322. }
  1323. ExReleaseResourceLite(&BowserTransportDatabaseResource);
  1324. return Status;
  1325. }
  1326. NTSTATUS
  1327. BowserpTdiRemoveAddresses(
  1328. IN PTRANSPORT Transport
  1329. )
  1330. /*++
  1331. Routine Description:
  1332. This routine removes all the transport names associated with a transport
  1333. Arguments:
  1334. IN PTRANSPORT Transport - Supplies a transport structure describing the
  1335. transport address object to be created.
  1336. Return Value:
  1337. NTSTATUS - Status of resulting operation.
  1338. --*/
  1339. {
  1340. NTSTATUS Status;
  1341. PLIST_ENTRY NameEntry;
  1342. PLIST_ENTRY NextEntry;
  1343. PAGED_CODE();
  1344. dlog(DPRT_TDI,
  1345. ("%s: %ws: BowserpTdiRemoveAddresses: Remove addresses for transport %lx\n",
  1346. Transport->DomainInfo->DomOemDomainName,
  1347. Transport->PagedTransport->TransportName.Buffer,
  1348. Transport));
  1349. ExAcquireResourceExclusiveLite(&BowserTransportDatabaseResource, TRUE);
  1350. for (NameEntry = Transport->PagedTransport->NameChain.Flink;
  1351. NameEntry != &Transport->PagedTransport->NameChain;
  1352. NameEntry = NextEntry) {
  1353. PPAGED_TRANSPORT_NAME PagedTransportName = CONTAINING_RECORD(NameEntry, PAGED_TRANSPORT_NAME, TransportNext);
  1354. PTRANSPORT_NAME TransportName = PagedTransportName->NonPagedTransportName;
  1355. NextEntry = NameEntry->Flink;
  1356. //
  1357. // Remove the TransportName from the list of transport names for
  1358. // this transport.
  1359. //
  1360. ASSERT(PagedTransportName->TransportNext.Flink != NULL);
  1361. RemoveEntryList(&PagedTransportName->TransportNext);
  1362. PagedTransportName->TransportNext.Flink = NULL;
  1363. PagedTransportName->TransportNext.Blink = NULL;
  1364. //
  1365. // Since we delinked it, we need to dereference it.
  1366. //
  1367. Status = BowserDereferenceTransportName(TransportName);
  1368. if (!NT_SUCCESS(Status)) {
  1369. ExReleaseResourceLite(&BowserTransportDatabaseResource);
  1370. return(Status);
  1371. }
  1372. }
  1373. ExReleaseResourceLite(&BowserTransportDatabaseResource);
  1374. return STATUS_SUCCESS;
  1375. }
  1376. PTRANSPORT_NAME
  1377. BowserFindTransportName(
  1378. IN PTRANSPORT Transport,
  1379. IN PBOWSER_NAME Name
  1380. )
  1381. /*++
  1382. Routine Description:
  1383. This routine looks up a given browser name to find its associated
  1384. transport address.
  1385. Arguments:
  1386. IN PTRANSPORT Transport - Supplies a transport structure describing the
  1387. transport address object to be created.
  1388. IN PBOWSER_NAME Name - Supplies the name to look up.
  1389. Return Value:
  1390. The transport address found, or null.
  1391. --*/
  1392. {
  1393. PLIST_ENTRY NameEntry;
  1394. PTRANSPORT_NAME RetValue = NULL;
  1395. PAGED_CODE();
  1396. ExAcquireResourceExclusiveLite(&BowserTransportDatabaseResource, TRUE);
  1397. try {
  1398. for (NameEntry = Transport->PagedTransport->NameChain.Flink;
  1399. NameEntry != &Transport->PagedTransport->NameChain;
  1400. NameEntry = NameEntry->Flink) {
  1401. PPAGED_TRANSPORT_NAME PagedTransportName = CONTAINING_RECORD(NameEntry, PAGED_TRANSPORT_NAME, TransportNext);
  1402. PTRANSPORT_NAME TransportName = PagedTransportName->NonPagedTransportName;
  1403. if (PagedTransportName->Name == Name) {
  1404. try_return(RetValue = TransportName);
  1405. }
  1406. try_exit:NOTHING;
  1407. }
  1408. } finally {
  1409. ExReleaseResourceLite(&BowserTransportDatabaseResource);
  1410. }
  1411. return RetValue;
  1412. }
  1413. NTSTATUS
  1414. BowserFreeTransportName(
  1415. IN PTRANSPORT_NAME TransportName
  1416. )
  1417. {
  1418. PTRANSPORT Transport = TransportName->Transport;
  1419. PBOWSER_NAME Name = NULL;
  1420. PPAGED_TRANSPORT_NAME PagedTransportName = TransportName->PagedTransportName;
  1421. PAGED_CODE();
  1422. dlog(DPRT_TDI,
  1423. ("%s: %ws: BowserFreeTransportName: Free name %lx\n",
  1424. Transport->DomainInfo->DomOemDomainName,
  1425. Transport->PagedTransport->TransportName.Buffer,
  1426. TransportName));
  1427. ExAcquireResourceExclusiveLite(&BowserTransportDatabaseResource, TRUE);
  1428. //
  1429. // Close the handle to the TDI driver.
  1430. //
  1431. BowserCloseNetbiosAddress( TransportName );
  1432. //
  1433. // If we received a message which re-referenced this transport name,
  1434. // just return now. We'll be back when the reference count gets
  1435. // re-dereferenced to zero.
  1436. //
  1437. if ( TransportName->ReferenceCount != 0 ) {
  1438. ExReleaseResourceLite(&BowserTransportDatabaseResource);
  1439. return STATUS_SUCCESS;
  1440. }
  1441. ASSERT (TransportName->ReferenceCount == 0);
  1442. if (PagedTransportName) {
  1443. //
  1444. // If this transport name has not yet been delinked,
  1445. // delink it.
  1446. //
  1447. if ( PagedTransportName->TransportNext.Flink != NULL ) {
  1448. // This should only happen on a failed transport name creation.
  1449. RemoveEntryList(&PagedTransportName->TransportNext);
  1450. PagedTransportName->TransportNext.Flink = NULL;
  1451. PagedTransportName->TransportNext.Blink = NULL;
  1452. }
  1453. RemoveEntryList(&PagedTransportName->NameNext);
  1454. Name = PagedTransportName->Name;
  1455. FREE_POOL(PagedTransportName);
  1456. }
  1457. if (Name != NULL) {
  1458. switch ( Name->NameType ) {
  1459. case ComputerName:
  1460. Transport->ComputerName = NULL;
  1461. break;
  1462. case PrimaryDomain:
  1463. if ( Transport->PrimaryDomain == TransportName ) {
  1464. Transport->PrimaryDomain = Transport->AltPrimaryDomain;
  1465. Transport->AltPrimaryDomain = NULL;
  1466. }
  1467. if ( Transport->AltPrimaryDomain == TransportName ) {
  1468. Transport->AltPrimaryDomain = NULL;
  1469. }
  1470. break;
  1471. case MasterBrowser:
  1472. Transport->MasterBrowser = NULL;
  1473. break;
  1474. case BrowserElection:
  1475. Transport->BrowserElection = NULL;
  1476. break;
  1477. case PrimaryDomainBrowser:
  1478. Transport->PagedTransport->IsPrimaryDomainController = FALSE;
  1479. //
  1480. // Notify services we are no longer a PDC
  1481. //
  1482. BowserSendPnp(
  1483. NlPnpNewRole,
  1484. &Transport->DomainInfo->DomUnicodeDomainName,
  1485. &Transport->PagedTransport->TransportName,
  1486. BowserTransportFlags(Transport->PagedTransport) );
  1487. break;
  1488. }
  1489. BowserDereferenceName(Name);
  1490. }
  1491. FREE_POOL(TransportName);
  1492. ExReleaseResourceLite(&BowserTransportDatabaseResource);
  1493. dlog(DPRT_TDI,
  1494. ("%s: %ws: BowserFreeTransportName: Free name %lx completed\n",
  1495. Transport->DomainInfo->DomOemDomainName,
  1496. Transport->PagedTransport->TransportName.Buffer,
  1497. TransportName));
  1498. return(STATUS_SUCCESS);
  1499. }
  1500. VOID
  1501. BowserDeleteTransport(
  1502. IN PTRANSPORT Transport
  1503. )
  1504. /*++
  1505. Routine Description:
  1506. Delete a transport.
  1507. The caller should have a single reference to the transport. The actual
  1508. transport structure will be deleted when that reference goes away.
  1509. This routine will decrement the global reference made in
  1510. BowserTdiAllocateTransport
  1511. Arguments:
  1512. IN Transport - Supplies a transport structure to be deleted.
  1513. Return Value:
  1514. None.
  1515. --*/
  1516. {
  1517. LARGE_INTEGER Interval;
  1518. PPAGED_TRANSPORT PagedTransport;
  1519. PAGED_CODE();
  1520. //
  1521. // Do cleanup of the PagedTransport structure
  1522. //
  1523. PagedTransport = Transport->PagedTransport;
  1524. if ( PagedTransport != NULL ) {
  1525. //
  1526. // Notify services that this transport is now unbound
  1527. //
  1528. BowserSendPnp(
  1529. NlPnpTransportUnbind,
  1530. NULL, // All hosted domains
  1531. &PagedTransport->TransportName,
  1532. BowserTransportFlags(PagedTransport) );
  1533. //
  1534. // Prevent BowserFindTransport from adding any new references to the transport
  1535. //
  1536. ExAcquireResourceExclusiveLite(&BowserTransportDatabaseResource, TRUE);
  1537. if (!PagedTransport->DeletedTransport ) {
  1538. //
  1539. // Don't actually delink the entry since routines like
  1540. // BowserForEachTransport expect a reference to this transport
  1541. // to be enough to keep the GlobalNext list intact.
  1542. //
  1543. PagedTransport->DeletedTransport = TRUE;
  1544. //
  1545. // Remove the global reference to the transport.
  1546. //
  1547. // Avoid removing the global reference if we aren't in the global list.
  1548. //
  1549. if ( !IsListEmpty( &PagedTransport->GlobalNext) ) {
  1550. BowserDereferenceTransport( Transport );
  1551. }
  1552. }
  1553. //
  1554. // Close all handles to the TDI driver so we won't get any indications after
  1555. // we start cleaning up the Transport structure in BowserpFreeTransport.
  1556. //
  1557. BowserCloseAllNetbiosAddresses( Transport );
  1558. if ( PagedTransport->IpxSocketHandle != NULL) {
  1559. NTSTATUS LocalStatus;
  1560. BOOLEAN ProcessAttached = FALSE;
  1561. KAPC_STATE ApcState;
  1562. if (IoGetCurrentProcess() != BowserFspProcess) {
  1563. KeStackAttachProcess(BowserFspProcess, &ApcState );
  1564. ProcessAttached = TRUE;
  1565. }
  1566. LocalStatus = ZwClose(PagedTransport->IpxSocketHandle);
  1567. ASSERT(NT_SUCCESS(LocalStatus));
  1568. if (ProcessAttached) {
  1569. KeUnstackDetachProcess( &ApcState );
  1570. }
  1571. PagedTransport->IpxSocketHandle = NULL;
  1572. if ( Transport->IpxSocketFileObject != NULL ) {
  1573. ObDereferenceObject( Transport->IpxSocketFileObject );
  1574. Transport->IpxSocketFileObject = NULL;
  1575. }
  1576. Transport->IpxSocketDeviceObject = NULL;
  1577. }
  1578. ExReleaseResourceLite(&BowserTransportDatabaseResource);
  1579. }
  1580. //
  1581. // Uninitialize the timers to ensure we aren't in a timer routine while
  1582. // we are cleaning up.
  1583. //
  1584. BowserUninitializeTimer(&Transport->ElectionTimer);
  1585. BowserUninitializeTimer(&Transport->FindMasterTimer);
  1586. //
  1587. // Delete any mailslot messages queued to the netlogon service.
  1588. //
  1589. BowserNetlogonDeleteTransportFromMessageQueue ( Transport );
  1590. //
  1591. // Loop until this transport has the last reference to each of the transport
  1592. // names. Above, we prevented any new references. Here we ensure that
  1593. // all of the existing references go away.
  1594. //
  1595. // If there is an existing reference to the transport name, the holder
  1596. // of that reference can feel free to add a reference to
  1597. // TRANSPORT_NAME->Transport.
  1598. //
  1599. if ( PagedTransport != NULL ) {
  1600. PLIST_ENTRY NameEntry;
  1601. PLIST_ENTRY NextEntry;
  1602. ExAcquireResourceExclusiveLite(&BowserTransportDatabaseResource, TRUE);
  1603. for (NameEntry = Transport->PagedTransport->NameChain.Flink;
  1604. NameEntry &&
  1605. (NameEntry != &Transport->PagedTransport->NameChain);
  1606. NameEntry = NextEntry) {
  1607. PPAGED_TRANSPORT_NAME PagedTransportName = CONTAINING_RECORD(NameEntry, PAGED_TRANSPORT_NAME, TransportNext);
  1608. PTRANSPORT_NAME TransportName = PagedTransportName->NonPagedTransportName;
  1609. NextEntry = NameEntry->Flink;
  1610. if ( TransportName->ReferenceCount != 1 ) {
  1611. ExReleaseResourceLite(&BowserTransportDatabaseResource);
  1612. Interval.QuadPart = -1000*1000; // .1 second
  1613. KeDelayExecutionThread( KernelMode, FALSE, &Interval );
  1614. ExAcquireResourceExclusiveLite(&BowserTransportDatabaseResource, TRUE);
  1615. NextEntry = Transport->PagedTransport->NameChain.Flink;
  1616. }
  1617. }
  1618. ExReleaseResourceLite(&BowserTransportDatabaseResource);
  1619. }
  1620. //
  1621. // Loop until our caller has the last outstanding reference.
  1622. // This loop is the only thing preventing the driver from unloading while there
  1623. // are still references outstanding.
  1624. //
  1625. while ( Transport->ReferenceCount != 1) {
  1626. Interval.QuadPart = -1000*1000; // .01 second
  1627. KeDelayExecutionThread( KernelMode, FALSE, &Interval );
  1628. }
  1629. }
  1630. VOID
  1631. BowserpFreeTransport(
  1632. IN PTRANSPORT Transport
  1633. )
  1634. {
  1635. PAGED_CODE();
  1636. ExAcquireResourceExclusiveLite(&BowserTransportDatabaseResource, TRUE);
  1637. //
  1638. // Free the Paged transport, if necessary.
  1639. //
  1640. if (Transport->PagedTransport != NULL) {
  1641. PPAGED_TRANSPORT PagedTransport = Transport->PagedTransport;
  1642. //
  1643. // Remove the entry from the global list if it is in it.
  1644. //
  1645. if ( !IsListEmpty( &PagedTransport->GlobalNext ) ) {
  1646. ASSERT( PagedTransport->DeletedTransport );
  1647. RemoveEntryList(&PagedTransport->GlobalNext);
  1648. }
  1649. //
  1650. // Remove the Adresses.
  1651. //
  1652. // Do this in a separate step from the Close in BowserDeleteTransport
  1653. // above to ensure the PrimaryDomain and ComputerName fields don't
  1654. // get cleared until all possible references are removed.
  1655. //
  1656. if (!IsListEmpty( &PagedTransport->NameChain)) {
  1657. BowserpTdiRemoveAddresses(Transport);
  1658. }
  1659. BowserDeleteGenericTable(&PagedTransport->AnnouncementTable);
  1660. BowserDeleteGenericTable(&PagedTransport->DomainTable);
  1661. if (PagedTransport->BrowserServerListBuffer != NULL) {
  1662. BowserFreeBrowserServerList(
  1663. PagedTransport->BrowserServerListBuffer,
  1664. PagedTransport->BrowserServerListLength
  1665. );
  1666. }
  1667. FREE_POOL(PagedTransport);
  1668. }
  1669. if ( Transport->DomainInfo != NULL ) {
  1670. BowserDereferenceDomain( Transport->DomainInfo );
  1671. }
  1672. ExDeleteResourceLite(&Transport->BrowserServerListResource);
  1673. UNINITIALIZE_ANNOUNCE_DATABASE(Transport);
  1674. ExDeleteResourceLite(&Transport->Lock);
  1675. BowserUninitializeIrpQueue(&Transport->BecomeBackupQueue);
  1676. BowserUninitializeIrpQueue(&Transport->BecomeMasterQueue);
  1677. BowserUninitializeIrpQueue(&Transport->FindMasterQueue);
  1678. BowserUninitializeIrpQueue(&Transport->WaitForMasterAnnounceQueue);
  1679. BowserUninitializeIrpQueue(&Transport->ChangeRoleQueue);
  1680. BowserUninitializeIrpQueue(&Transport->WaitForNewMasterNameQueue );
  1681. FREE_POOL(Transport);
  1682. ExReleaseResourceLite(&BowserTransportDatabaseResource);
  1683. }
  1684. NTSTATUS
  1685. BowserpTdiSetEventHandler (
  1686. IN PDEVICE_OBJECT DeviceObject,
  1687. IN PFILE_OBJECT FileObject,
  1688. IN ULONG EventType,
  1689. IN PVOID EventHandler,
  1690. IN PVOID Context
  1691. )
  1692. /*++
  1693. Routine Description:
  1694. This routine registers an event handler with a TDI transport provider.
  1695. Arguments:
  1696. IN PDEVICE_OBJECT DeviceObject - Supplies the device object of the transport provider.
  1697. IN PFILE_OBJECT FileObject - Supplies the address object's file object.
  1698. IN ULONG EventType, - Supplies the type of event.
  1699. IN PVOID EventHandler - Supplies the event handler.
  1700. Return Value:
  1701. NTSTATUS - Final status of the set event operation
  1702. --*/
  1703. {
  1704. NTSTATUS Status;
  1705. PIRP Irp;
  1706. PAGED_CODE();
  1707. Irp = IoAllocateIrp(DeviceObject->StackSize, FALSE);
  1708. if (Irp == NULL) {
  1709. return(STATUS_INSUFFICIENT_RESOURCES);
  1710. }
  1711. TdiBuildSetEventHandler(Irp, DeviceObject, FileObject,
  1712. NULL, NULL,
  1713. EventType, EventHandler, Context);
  1714. Status = BowserSubmitTdiRequest(FileObject, Irp);
  1715. IoFreeIrp(Irp);
  1716. return Status;
  1717. }
  1718. NTSTATUS
  1719. BowserIssueTdiAction (
  1720. IN PDEVICE_OBJECT DeviceObject,
  1721. IN PFILE_OBJECT FileObject,
  1722. IN PVOID Action,
  1723. IN ULONG ActionSize
  1724. )
  1725. /*++
  1726. Routine Description:
  1727. This routine registers an event handler with a TDI transport provider.
  1728. Arguments:
  1729. IN PDEVICE_OBJECT DeviceObject - Supplies the device object of the transport provider.
  1730. IN PFILE_OBJECT FileObject - Supplies the address object's file object.
  1731. IN ULONG EventType, - Supplies the type of event.
  1732. IN PVOID EventHandler - Supplies the event handler.
  1733. Return Value:
  1734. NTSTATUS - Final status of the set event operation
  1735. --*/
  1736. {
  1737. NTSTATUS status;
  1738. PIRP irp;
  1739. // PIO_STACK_LOCATION irpSp;
  1740. PMDL mdl;
  1741. PAGED_CODE();
  1742. irp = IoAllocateIrp(DeviceObject->StackSize, FALSE);
  1743. if (irp == NULL) {
  1744. return STATUS_INSUFFICIENT_RESOURCES;
  1745. }
  1746. //
  1747. // Allocate and build an MDL that we'll use to describe the output
  1748. // buffer for the request.
  1749. //
  1750. mdl = IoAllocateMdl( Action, ActionSize, FALSE, FALSE, NULL );
  1751. if ( mdl == NULL ) {
  1752. IoFreeIrp( irp );
  1753. return STATUS_INSUFFICIENT_RESOURCES;
  1754. }
  1755. MmBuildMdlForNonPagedPool( mdl );
  1756. TdiBuildAction(
  1757. irp,
  1758. DeviceObject,
  1759. FileObject,
  1760. NULL,
  1761. NULL,
  1762. mdl
  1763. );
  1764. irp->AssociatedIrp.SystemBuffer = Action;
  1765. if (irp == NULL) {
  1766. return(STATUS_INSUFFICIENT_RESOURCES);
  1767. }
  1768. status = BowserSubmitTdiRequest(FileObject, irp);
  1769. IoFreeIrp(irp);
  1770. IoFreeMdl(mdl);
  1771. return status;
  1772. }
  1773. NTSTATUS
  1774. BowserBuildTransportAddress (
  1775. IN OUT PANSI_STRING Address,
  1776. IN PUNICODE_STRING Name,
  1777. IN DGRECEIVER_NAME_TYPE NameType,
  1778. IN PTRANSPORT Transport
  1779. )
  1780. /*++
  1781. Routine Description:
  1782. This routine takes a computer name (PUNICODE_STRING) and converts it into an
  1783. acceptable form for passing in as transport address.
  1784. Arguments:
  1785. OUT PTA_NETBIOS_ADDRESS RemoteAddress, - Supplies the structure to fill in
  1786. IN PUNICODE_STRING Name - Supplies the name to put into the transport
  1787. Please note that it is CRITICAL that the TA_NETBIOS_ADDRESS pointed to by
  1788. RemoteAddress be of sufficient size to hold the full network name.
  1789. Return Value:
  1790. None.
  1791. --*/
  1792. {
  1793. NTSTATUS Status;
  1794. OEM_STRING NetBiosName;
  1795. PTRANSPORT_ADDRESS RemoteAddress = (PTRANSPORT_ADDRESS)Address->Buffer;
  1796. PTDI_ADDRESS_NETBIOS NetbiosAddress = (PTDI_ADDRESS_NETBIOS)&RemoteAddress->Address[0].Address[0];
  1797. PAGED_CODE();
  1798. //
  1799. // Ensure there is room for this address.
  1800. //
  1801. if ( Address->MaximumLength < sizeof(TA_NETBIOS_ADDRESS) ) {
  1802. return STATUS_BUFFER_TOO_SMALL;
  1803. }
  1804. RemoteAddress->TAAddressCount = 1;
  1805. RemoteAddress->Address[0].AddressType = TDI_ADDRESS_TYPE_NETBIOS;
  1806. RemoteAddress->Address[0].AddressLength = TDI_ADDRESS_LENGTH_NETBIOS;
  1807. Address->Length = sizeof(TA_NETBIOS_ADDRESS);
  1808. NetBiosName.Length = 0;
  1809. NetBiosName.MaximumLength = NETBIOS_NAME_LEN;
  1810. NetBiosName.Buffer = NetbiosAddress->NetbiosName;
  1811. //
  1812. // Domain announcements are to a constant Netbios name address.
  1813. //
  1814. switch (NameType) {
  1815. case DomainAnnouncement:
  1816. ASSERT (strlen(DOMAIN_ANNOUNCEMENT_NAME) == NETBIOS_NAME_LEN);
  1817. RtlCopyMemory(NetBiosName.Buffer, DOMAIN_ANNOUNCEMENT_NAME, strlen(DOMAIN_ANNOUNCEMENT_NAME));
  1818. NetbiosAddress->NetbiosNameType = TDI_ADDRESS_NETBIOS_TYPE_GROUP;
  1819. break;
  1820. //
  1821. // All other names are upper case, OEM, and trailing blank filled.
  1822. //
  1823. default:
  1824. if (RtlUnicodeStringToOemSize(Name) > NETBIOS_NAME_LEN) {
  1825. return STATUS_BAD_NETWORK_PATH;
  1826. }
  1827. Status = RtlUpcaseUnicodeStringToOemString(&NetBiosName, Name, FALSE);
  1828. if (!NT_SUCCESS(Status)) {
  1829. return Status;
  1830. }
  1831. RtlCopyMemory(&NetBiosName.Buffer[NetBiosName.Length], " ",
  1832. NETBIOS_NAME_LEN-NetBiosName.Length);
  1833. switch (NameType) {
  1834. case ComputerName:
  1835. case AlternateComputerName:
  1836. NetbiosAddress->NetbiosName[NETBIOS_NAME_LEN-1] = WORKSTATION_SIGNATURE;
  1837. NetbiosAddress->NetbiosNameType = TDI_ADDRESS_NETBIOS_TYPE_UNIQUE;
  1838. break;
  1839. case DomainName:
  1840. NetbiosAddress->NetbiosName[NETBIOS_NAME_LEN-1] = DOMAIN_CONTROLLER_SIGNATURE;
  1841. NetbiosAddress->NetbiosNameType = TDI_ADDRESS_NETBIOS_TYPE_GROUP;
  1842. break;
  1843. case BrowserServer:
  1844. NetbiosAddress->NetbiosName[NETBIOS_NAME_LEN-1] = SERVER_SIGNATURE;
  1845. NetbiosAddress->NetbiosNameType = TDI_ADDRESS_NETBIOS_TYPE_UNIQUE;
  1846. break;
  1847. case MasterBrowser:
  1848. if (Transport->PagedTransport->Flags & DIRECT_HOST_IPX) {
  1849. NetbiosAddress->NetbiosName[NETBIOS_NAME_LEN-1] = WORKSTATION_SIGNATURE;
  1850. } else {
  1851. NetbiosAddress->NetbiosName[NETBIOS_NAME_LEN-1] = MASTER_BROWSER_SIGNATURE;
  1852. }
  1853. NetbiosAddress->NetbiosNameType = TDI_ADDRESS_NETBIOS_TYPE_UNIQUE;
  1854. break;
  1855. case PrimaryDomain:
  1856. case OtherDomain:
  1857. NetbiosAddress->NetbiosName[NETBIOS_NAME_LEN-1] = PRIMARY_DOMAIN_SIGNATURE;
  1858. NetbiosAddress->NetbiosNameType = TDI_ADDRESS_NETBIOS_TYPE_GROUP;
  1859. break;
  1860. case PrimaryDomainBrowser:
  1861. NetbiosAddress->NetbiosName[NETBIOS_NAME_LEN-1] = PRIMARY_CONTROLLER_SIGNATURE;
  1862. NetbiosAddress->NetbiosNameType = TDI_ADDRESS_NETBIOS_TYPE_UNIQUE;
  1863. break;
  1864. case BrowserElection:
  1865. if (Transport->PagedTransport->Flags & DIRECT_HOST_IPX) {
  1866. NetbiosAddress->NetbiosName[NETBIOS_NAME_LEN-1] = WORKSTATION_SIGNATURE;
  1867. } else {
  1868. NetbiosAddress->NetbiosName[NETBIOS_NAME_LEN-1] = BROWSER_ELECTION_SIGNATURE;
  1869. }
  1870. NetbiosAddress->NetbiosNameType = TDI_ADDRESS_NETBIOS_TYPE_GROUP;
  1871. break;
  1872. }
  1873. break;
  1874. }
  1875. return STATUS_SUCCESS;
  1876. }
  1877. NTSTATUS
  1878. BowserUpdateProviderInformation(
  1879. IN OUT PPAGED_TRANSPORT PagedTransport
  1880. )
  1881. /*++
  1882. Routine Description:
  1883. This routine updates status bits in the PagedTransport based on querying
  1884. the TDI driver.
  1885. Most importantly, the transport will be disabled if the provider is RAS or
  1886. doesn't yet have an IP address.
  1887. A goal of this routine is to handle the case where there are multiple IP
  1888. net cards on the same subnet. In that case, we want only one such net
  1889. card enabled for each emulated domain.
  1890. Arguments:
  1891. PagedTransport - Transport to update
  1892. Return Value:
  1893. Status of operation.
  1894. --*/
  1895. {
  1896. NTSTATUS Status;
  1897. TDI_PROVIDER_INFO ProviderInfo;
  1898. ULONG OldIpSubnetNumber;
  1899. BOOLEAN DisableThisTransport = FALSE;
  1900. PLIST_ENTRY TransportEntry;
  1901. PPAGED_TRANSPORT CurrentPagedTransport;
  1902. PAGED_CODE();
  1903. ExAcquireResourceExclusiveLite(&BowserTransportDatabaseResource, TRUE);
  1904. //
  1905. // Find out about the transport.
  1906. //
  1907. OldIpSubnetNumber = PagedTransport->IpSubnetNumber;
  1908. Status = BowserDetermineProviderInformation(
  1909. &PagedTransport->TransportName,
  1910. &ProviderInfo,
  1911. &PagedTransport->IpSubnetNumber );
  1912. if (!NT_SUCCESS(Status)) {
  1913. goto ReturnStatus;
  1914. }
  1915. //
  1916. // We can only talk to transports that support a max datagram size.
  1917. //
  1918. if (ProviderInfo.MaxDatagramSize == 0) {
  1919. Status = STATUS_BAD_REMOTE_ADAPTER;
  1920. goto ReturnStatus;
  1921. }
  1922. PagedTransport->NonPagedTransport->DatagramSize = ProviderInfo.MaxDatagramSize;
  1923. //
  1924. // Remember various attributes of the provider
  1925. // (Never disable the PointToPoint bit. NetBt forgets it when the
  1926. // RAS phone is hung up.)
  1927. PagedTransport->Wannish = (BOOLEAN)((ProviderInfo.ServiceFlags & TDI_SERVICE_ROUTE_DIRECTED) != 0);
  1928. if (ProviderInfo.ServiceFlags & TDI_SERVICE_POINT_TO_POINT) {
  1929. PagedTransport->PointToPoint = TRUE;
  1930. }
  1931. //
  1932. // If this is a RAS transport or the IP Address is not yet known,
  1933. // disable browsing on the transport.
  1934. //
  1935. if ( PagedTransport->PointToPoint ||
  1936. PagedTransport->IpSubnetNumber == 0 ) {
  1937. DisableThisTransport = TRUE;
  1938. }
  1939. //
  1940. // If this isn't an IP transport, we're done.
  1941. //
  1942. if ( PagedTransport->IpSubnetNumber == BOWSER_NON_IP_SUBNET ) {
  1943. goto ReturnStatus;
  1944. }
  1945. //
  1946. // In the loop below, we use OldIpSubnetNumber to determine if another
  1947. // transport should be enabled on that subnet. If that will NEVER be
  1948. // appropriate, flag OldIpSubnetNumber now.
  1949. //
  1950. if ( OldIpSubnetNumber == 0 ||
  1951. PagedTransport->DisabledTransport ||
  1952. PagedTransport->IpSubnetNumber == OldIpSubnetNumber ) {
  1953. OldIpSubnetNumber = BOWSER_NON_IP_SUBNET;
  1954. }
  1955. //
  1956. // Loop through the transports enabling/disabling them as indicated by
  1957. // the comments below.
  1958. //
  1959. for (TransportEntry = BowserTransportHead.Flink ;
  1960. TransportEntry != &BowserTransportHead ;
  1961. TransportEntry = CurrentPagedTransport->GlobalNext.Flink ) {
  1962. CurrentPagedTransport = CONTAINING_RECORD(TransportEntry, PAGED_TRANSPORT, GlobalNext);
  1963. //
  1964. // Ignore deleted transports.
  1965. //
  1966. if ( CurrentPagedTransport->DeletedTransport ) {
  1967. continue;
  1968. }
  1969. //
  1970. // If this transport isn't an IP transport,
  1971. // or this transport is a RAS transport,
  1972. // or this transport is the transport passed in,
  1973. // skip it and go on to the next one.
  1974. //
  1975. if ( CurrentPagedTransport->IpSubnetNumber == BOWSER_NON_IP_SUBNET ||
  1976. CurrentPagedTransport->PointToPoint ||
  1977. CurrentPagedTransport == PagedTransport ) {
  1978. continue;
  1979. }
  1980. //
  1981. // Special case this transport if it's currently disabled
  1982. //
  1983. if ( CurrentPagedTransport->DisabledTransport ) {
  1984. //
  1985. // If this transport is disabled and the transport passed in
  1986. // used to be the enabled transport for the subnet,
  1987. // enable the transport
  1988. //
  1989. if ( CurrentPagedTransport->IpSubnetNumber == OldIpSubnetNumber ) {
  1990. CurrentPagedTransport->DisabledTransport = FALSE;
  1991. }
  1992. //
  1993. // In any case,
  1994. // that's all we need to do for a disabled transport.
  1995. //
  1996. continue;
  1997. }
  1998. //
  1999. // If this transport is an enabled transport for the subnet of the one
  2000. // passed in,
  2001. // And this transport is for the same emulated domain as the one
  2002. // passed in,
  2003. // then disable the one passed in.
  2004. //
  2005. if ( CurrentPagedTransport->IpSubnetNumber ==
  2006. PagedTransport->IpSubnetNumber &&
  2007. CurrentPagedTransport->NonPagedTransport->DomainInfo == PagedTransport->NonPagedTransport->DomainInfo ) {
  2008. DisableThisTransport = TRUE;
  2009. }
  2010. }
  2011. //
  2012. // Cleanup
  2013. //
  2014. ReturnStatus:
  2015. //
  2016. // If we're disabling a previously enabled transport,
  2017. // ensure we're not the master browser.
  2018. //
  2019. if ( DisableThisTransport && !PagedTransport->DisabledTransport ) {
  2020. PagedTransport->DisabledTransport = DisableThisTransport;
  2021. BowserLoseElection( PagedTransport->NonPagedTransport );
  2022. } else {
  2023. PagedTransport->DisabledTransport = DisableThisTransport;
  2024. }
  2025. ExReleaseResourceLite(&BowserTransportDatabaseResource);
  2026. return Status;
  2027. }
  2028. NTSTATUS
  2029. BowserDetermineProviderInformation(
  2030. IN PUNICODE_STRING TransportName,
  2031. OUT PTDI_PROVIDER_INFO ProviderInfo,
  2032. OUT PULONG IpSubnetNumber
  2033. )
  2034. /*++
  2035. Routine Description:
  2036. This routine will determine provider information about a transport.
  2037. Arguments:
  2038. TransportName - Supplies the name of the transport provider
  2039. ProviderInfo - Returns information about the provider
  2040. IpSubnetNumber - returns the Ip Subnet Number of this transport.
  2041. BOWSER_NON_IP_SUBNET - If this isn't an IP transport
  2042. 0 - If the IP address isn't yet set
  2043. Otherwise - the IP address anded with the subnet mask
  2044. Return Value:
  2045. Status of operation.
  2046. --*/
  2047. {
  2048. HANDLE TransportHandle = NULL;
  2049. PFILE_OBJECT TransportObject = NULL;
  2050. OBJECT_ATTRIBUTES ObjAttributes;
  2051. IO_STATUS_BLOCK IoStatusBlock;
  2052. PIRP Irp;
  2053. PDEVICE_OBJECT DeviceObject;
  2054. PMDL Mdl = NULL;
  2055. NTSTATUS Status = STATUS_SUCCESS;
  2056. PAGED_CODE();
  2057. InitializeObjectAttributes (&ObjAttributes,
  2058. TransportName, // Name
  2059. OBJ_CASE_INSENSITIVE, // Attributes
  2060. NULL, // RootDirectory
  2061. NULL); // SecurityDescriptor
  2062. Status = IoCreateFile(&TransportHandle, // Handle
  2063. GENERIC_READ | GENERIC_WRITE | SYNCHRONIZE,
  2064. &ObjAttributes, // Object Attributes
  2065. &IoStatusBlock, // Final I/O status block
  2066. NULL, // Allocation Size
  2067. FILE_ATTRIBUTE_NORMAL, // Normal attributes
  2068. FILE_SHARE_READ, // Sharing attributes
  2069. FILE_OPEN_IF, // Create disposition
  2070. 0, // CreateOptions
  2071. NULL, // EA Buffer
  2072. 0, // EA Buffer Length
  2073. CreateFileTypeNone,
  2074. NULL,
  2075. IO_NO_PARAMETER_CHECKING | // All of the buffers are kernel buffers
  2076. IO_CHECK_CREATE_PARAMETERS);// But double check parameter consistancy
  2077. if (!NT_SUCCESS(Status)) {
  2078. goto ReturnStatus;
  2079. }
  2080. Status = ObReferenceObjectByHandle (
  2081. TransportHandle,
  2082. 0,
  2083. *IoFileObjectType,
  2084. KernelMode,
  2085. (PVOID *)&TransportObject,
  2086. NULL
  2087. );
  2088. if (!NT_SUCCESS(Status)) {
  2089. goto ReturnStatus;
  2090. }
  2091. DeviceObject = IoGetRelatedDeviceObject(TransportObject);
  2092. Irp = IoAllocateIrp(DeviceObject->StackSize, FALSE);
  2093. if (Irp == NULL) {
  2094. Status = STATUS_INSUFFICIENT_RESOURCES;
  2095. goto ReturnStatus;
  2096. }
  2097. //
  2098. // Allocate an MDL to hold the provider info.
  2099. //
  2100. Mdl = IoAllocateMdl(ProviderInfo, sizeof(TDI_PROVIDER_INFO),
  2101. FALSE,
  2102. FALSE,
  2103. NULL);
  2104. if (Mdl == NULL) {
  2105. IoFreeIrp(Irp);
  2106. Status = STATUS_INSUFFICIENT_RESOURCES;
  2107. goto ReturnStatus;
  2108. }
  2109. MmBuildMdlForNonPagedPool(Mdl);
  2110. TdiBuildQueryInformation(Irp, DeviceObject, TransportObject,
  2111. NULL, NULL,
  2112. TDI_QUERY_PROVIDER_INFORMATION, Mdl);
  2113. Status = BowserSubmitTdiRequest(TransportObject, Irp);
  2114. IoFreeIrp(Irp);
  2115. //
  2116. // Get the IP address for this Transport.
  2117. //
  2118. if ( (ProviderInfo->ServiceFlags & TDI_SERVICE_ROUTE_DIRECTED) == 0) {
  2119. *IpSubnetNumber = BOWSER_NON_IP_SUBNET;
  2120. } else {
  2121. NTSTATUS TempStatus;
  2122. IO_STATUS_BLOCK IoStatusBlock;
  2123. ULONG IpAddressBuffer[2]; // IpAddress followed by subnet mask
  2124. TempStatus = ZwDeviceIoControlFile(
  2125. TransportHandle,
  2126. NULL,
  2127. NULL,
  2128. NULL,
  2129. &IoStatusBlock,
  2130. IOCTL_NETBT_GET_IP_SUBNET,
  2131. NULL,
  2132. 0,
  2133. &IpAddressBuffer,
  2134. sizeof(IpAddressBuffer) );
  2135. if ( !NT_SUCCESS(TempStatus) ) {
  2136. *IpSubnetNumber = BOWSER_NON_IP_SUBNET;
  2137. } else {
  2138. ASSERT(TempStatus != STATUS_PENDING);
  2139. *IpSubnetNumber = IpAddressBuffer[0] & IpAddressBuffer[1];
  2140. }
  2141. }
  2142. ReturnStatus:
  2143. if (Mdl != NULL) {
  2144. IoFreeMdl(Mdl);
  2145. }
  2146. if (TransportObject != NULL) {
  2147. ObDereferenceObject(TransportObject);
  2148. }
  2149. if (TransportHandle != NULL) {
  2150. ZwClose(TransportHandle);
  2151. }
  2152. return(Status);
  2153. }
  2154. PTRANSPORT
  2155. BowserFindTransport (
  2156. IN PUNICODE_STRING TransportName,
  2157. IN PUNICODE_STRING EmulatedDomainName OPTIONAL
  2158. )
  2159. /*++
  2160. Routine Description:
  2161. This routine will locate a transport in the bowsers transport list.
  2162. Arguments:
  2163. TransportName - Supplies the name of the transport provider
  2164. EmulatedDomainName - Specifies the emulated domain whose transport is to be found.
  2165. Return Value:
  2166. PTRANSPORT - NULL if no transport was found, TRUE if transport was found.
  2167. --*/
  2168. {
  2169. PLIST_ENTRY TransportEntry;
  2170. PTRANSPORT Transport = NULL;
  2171. PPAGED_TRANSPORT PagedTransport = NULL;
  2172. PDOMAIN_INFO DomainInfo = NULL;
  2173. PAGED_CODE();
  2174. ExAcquireResourceExclusiveLite(&BowserTransportDatabaseResource, TRUE);
  2175. try {
  2176. //
  2177. // If the passed transport name is not a valid unicode string, return NULL
  2178. //
  2179. if ( !BowserValidUnicodeString(TransportName) ) {
  2180. try_return( NULL);
  2181. }
  2182. //
  2183. // Find the requested domain.
  2184. //
  2185. DomainInfo = BowserFindDomain( EmulatedDomainName );
  2186. if ( DomainInfo != NULL ) {
  2187. for (TransportEntry = BowserTransportHead.Flink ;
  2188. TransportEntry != &BowserTransportHead ;
  2189. TransportEntry = TransportEntry->Flink) {
  2190. PagedTransport = CONTAINING_RECORD(TransportEntry, PAGED_TRANSPORT, GlobalNext);
  2191. //
  2192. // Ignore deleted transports.
  2193. //
  2194. if ( PagedTransport->DeletedTransport ) {
  2195. continue;
  2196. }
  2197. if ( PagedTransport->NonPagedTransport->DomainInfo == DomainInfo &&
  2198. RtlEqualUnicodeString(TransportName,
  2199. &PagedTransport->TransportName, TRUE)) {
  2200. Transport = PagedTransport->NonPagedTransport;
  2201. dprintf(DPRT_REF, ("Call Reference transport %lx from BowserFindTransport.\n", Transport));
  2202. BowserReferenceTransport( Transport );
  2203. try_return(Transport);
  2204. }
  2205. }
  2206. }
  2207. try_return(Transport = NULL);
  2208. try_exit:NOTHING;
  2209. } finally {
  2210. if ( DomainInfo != NULL ) {
  2211. BowserDereferenceDomain( DomainInfo );
  2212. }
  2213. ExReleaseResourceLite (&BowserTransportDatabaseResource);
  2214. }
  2215. return Transport;
  2216. }
  2217. NTSTATUS
  2218. BowserForEachTransportInDomain (
  2219. IN PDOMAIN_INFO DomainInfo,
  2220. IN PTRANSPORT_ENUM_ROUTINE Routine,
  2221. IN OUT PVOID Context
  2222. )
  2223. /*++
  2224. Routine Description:
  2225. This routine will enumerate the transports and call back the enum
  2226. routine provided with each transport.
  2227. Arguments:
  2228. DomainInfo - Only call 'Routine' for transport in this domain.
  2229. Routine - Routine to call for each transport
  2230. Context - Parameter to pass to 'Routine'
  2231. Return Value:
  2232. NTSTATUS - Final status of request.
  2233. --*/
  2234. {
  2235. PLIST_ENTRY TransportEntry, NextEntry;
  2236. PTRANSPORT Transport = NULL;
  2237. PPAGED_TRANSPORT PagedTransport = NULL;
  2238. NTSTATUS Status = STATUS_SUCCESS;
  2239. PAGED_CODE();
  2240. ExAcquireResourceExclusiveLite(&BowserTransportDatabaseResource, TRUE);
  2241. for (TransportEntry = BowserTransportHead.Flink ;
  2242. TransportEntry != &BowserTransportHead ;
  2243. TransportEntry = NextEntry) {
  2244. PagedTransport = CONTAINING_RECORD(TransportEntry, PAGED_TRANSPORT, GlobalNext);
  2245. Transport = PagedTransport->NonPagedTransport;
  2246. //
  2247. // Ignore deleted transports.
  2248. //
  2249. if ( PagedTransport->DeletedTransport ) {
  2250. NextEntry = PagedTransport->GlobalNext.Flink;
  2251. continue;
  2252. }
  2253. //
  2254. // If transport isn't in the specified domain,
  2255. // ignore it.
  2256. //
  2257. if ( Transport->DomainInfo != DomainInfo ) {
  2258. NextEntry = PagedTransport->GlobalNext.Flink;
  2259. continue;
  2260. }
  2261. dprintf(DPRT_REF, ("Call Reference transport %lx from BowserForEachTransportInDomain.\n", Transport));
  2262. BowserReferenceTransport(Transport);
  2263. ExReleaseResourceLite(&BowserTransportDatabaseResource);
  2264. Status = (Routine)(Transport, Context);
  2265. if (!NT_SUCCESS(Status)) {
  2266. BowserDereferenceTransport(Transport);
  2267. return Status;
  2268. }
  2269. ExAcquireResourceExclusiveLite(&BowserTransportDatabaseResource, TRUE);
  2270. NextEntry = PagedTransport->GlobalNext.Flink;
  2271. BowserDereferenceTransport(Transport);
  2272. }
  2273. ExReleaseResourceLite(&BowserTransportDatabaseResource);
  2274. return Status;
  2275. }
  2276. NTSTATUS
  2277. BowserForEachTransport (
  2278. IN PTRANSPORT_ENUM_ROUTINE Routine,
  2279. IN OUT PVOID Context
  2280. )
  2281. /*++
  2282. Routine Description:
  2283. This routine will enumerate the transports and call back the enum
  2284. routine provided with each transport.
  2285. Arguments:
  2286. Routine - Routine to call for each transport
  2287. Context - Parameter to pass to 'Routine'
  2288. Return Value:
  2289. NTSTATUS - Final status of request.
  2290. --*/
  2291. {
  2292. PLIST_ENTRY TransportEntry, NextEntry;
  2293. PTRANSPORT Transport = NULL;
  2294. PPAGED_TRANSPORT PagedTransport = NULL;
  2295. NTSTATUS Status = STATUS_SUCCESS;
  2296. PAGED_CODE();
  2297. ExAcquireResourceExclusiveLite(&BowserTransportDatabaseResource, TRUE);
  2298. for (TransportEntry = BowserTransportHead.Flink ;
  2299. TransportEntry != &BowserTransportHead ;
  2300. TransportEntry = NextEntry) {
  2301. PagedTransport = CONTAINING_RECORD(TransportEntry, PAGED_TRANSPORT, GlobalNext);
  2302. //
  2303. // Ignore deleted transports.
  2304. //
  2305. if ( PagedTransport->DeletedTransport ) {
  2306. NextEntry = PagedTransport->GlobalNext.Flink;
  2307. continue;
  2308. }
  2309. Transport = PagedTransport->NonPagedTransport;
  2310. dprintf(DPRT_REF, ("Call Reference transport %lx from BowserForEachTransport.\n", Transport));
  2311. BowserReferenceTransport(Transport);
  2312. ExReleaseResourceLite(&BowserTransportDatabaseResource);
  2313. Status = (Routine)(Transport, Context);
  2314. if (!NT_SUCCESS(Status)) {
  2315. BowserDereferenceTransport(Transport);
  2316. return Status;
  2317. }
  2318. ExAcquireResourceExclusiveLite(&BowserTransportDatabaseResource, TRUE);
  2319. NextEntry = PagedTransport->GlobalNext.Flink;
  2320. BowserDereferenceTransport(Transport);
  2321. }
  2322. ExReleaseResourceLite(&BowserTransportDatabaseResource);
  2323. return Status;
  2324. }
  2325. NTSTATUS
  2326. BowserForEachTransportName(
  2327. IN PTRANSPORT Transport,
  2328. IN PTRANSPORT_NAME_ENUM_ROUTINE Routine,
  2329. IN OUT PVOID Context
  2330. )
  2331. /*++
  2332. Routine Description:
  2333. This routine will enumerate the names associated with a transport
  2334. and call back the enum routine provided with each transport name.
  2335. Arguments:
  2336. Return Value:
  2337. NTSTATUS - Final status of request.
  2338. --*/
  2339. {
  2340. PLIST_ENTRY TransportEntry, NextEntry;
  2341. PTRANSPORT_NAME TransportName = NULL;
  2342. PPAGED_TRANSPORT_NAME PagedTransportName = NULL;
  2343. NTSTATUS Status = STATUS_SUCCESS;
  2344. PAGED_CODE();
  2345. ExAcquireResourceExclusiveLite(&BowserTransportDatabaseResource, TRUE);
  2346. try {
  2347. for (TransportEntry = Transport->PagedTransport->NameChain.Flink ;
  2348. TransportEntry &&
  2349. (TransportEntry != &Transport->PagedTransport->NameChain) ;
  2350. TransportEntry = NextEntry) {
  2351. PagedTransportName = CONTAINING_RECORD(TransportEntry, PAGED_TRANSPORT_NAME, TransportNext);
  2352. TransportName = PagedTransportName->NonPagedTransportName;
  2353. BowserReferenceTransportName( TransportName );
  2354. ExReleaseResourceLite(&BowserTransportDatabaseResource);
  2355. Status = (Routine)(TransportName, Context);
  2356. if (!NT_SUCCESS(Status)) {
  2357. ExAcquireResourceExclusiveLite(&BowserTransportDatabaseResource, TRUE);
  2358. BowserDereferenceTransportName( TransportName );
  2359. try_return(Status);
  2360. }
  2361. ExAcquireResourceExclusiveLite(&BowserTransportDatabaseResource, TRUE);
  2362. NextEntry = PagedTransportName->TransportNext.Flink;
  2363. BowserDereferenceTransportName( TransportName );
  2364. }
  2365. try_exit:NOTHING;
  2366. } finally {
  2367. ExReleaseResourceLite(&BowserTransportDatabaseResource);
  2368. }
  2369. return Status;
  2370. }
  2371. NTSTATUS
  2372. BowserDeleteTransportNameByName(
  2373. IN PTRANSPORT Transport,
  2374. IN PUNICODE_STRING Name OPTIONAL,
  2375. IN DGRECEIVER_NAME_TYPE NameType
  2376. )
  2377. /*++
  2378. Routine Description:
  2379. This routine deletes a transport name associated with a specific network.
  2380. Arguments:
  2381. Transport - Specifies the transport on which to delete the name.
  2382. Name - Specifies the transport name to delete.
  2383. If not specified, all names of the specified name type are deleted.
  2384. NameType - Specifies the name type of the name.
  2385. Return Value:
  2386. NTSTATUS - Final status of request.
  2387. --*/
  2388. {
  2389. PLIST_ENTRY TransportEntry, NextEntry;
  2390. PTRANSPORT_NAME TransportName = NULL;
  2391. PPAGED_TRANSPORT_NAME PagedTransportName = NULL;
  2392. NTSTATUS Status = STATUS_SUCCESS;
  2393. PAGED_CODE();
  2394. ExAcquireResourceExclusiveLite(&BowserTransportDatabaseResource, TRUE);
  2395. try {
  2396. for (TransportEntry = Transport->PagedTransport->NameChain.Flink ;
  2397. TransportEntry != &Transport->PagedTransport->NameChain ;
  2398. TransportEntry = NextEntry) {
  2399. PagedTransportName = CONTAINING_RECORD(TransportEntry, PAGED_TRANSPORT_NAME, TransportNext);
  2400. TransportName = PagedTransportName->NonPagedTransportName;
  2401. ASSERT (TransportName->NameType == PagedTransportName->Name->NameType);
  2402. if ((TransportName->NameType == NameType) &&
  2403. (Name == NULL ||
  2404. Name->Length == 0 ||
  2405. RtlEqualUnicodeString(&PagedTransportName->Name->Name, Name, TRUE))) {
  2406. NextEntry = TransportEntry->Flink;
  2407. //
  2408. // Remove the TransportName from the list of transport names for
  2409. // this transport.
  2410. //
  2411. ASSERT( PagedTransportName->TransportNext.Flink != NULL);
  2412. RemoveEntryList(&PagedTransportName->TransportNext);
  2413. PagedTransportName->TransportNext.Flink = NULL;
  2414. PagedTransportName->TransportNext.Blink = NULL;
  2415. //
  2416. // Since we delinked it, we need to dereference it.
  2417. //
  2418. Status = BowserDereferenceTransportName(TransportName);
  2419. if (!NT_SUCCESS(Status)) {
  2420. try_return(Status);
  2421. }
  2422. } else {
  2423. NextEntry = PagedTransportName->TransportNext.Flink;
  2424. }
  2425. }
  2426. try_exit:NOTHING;
  2427. } finally {
  2428. ExReleaseResourceLite(&BowserTransportDatabaseResource);
  2429. }
  2430. return Status;
  2431. }
  2432. NTSTATUS
  2433. BowserSubmitTdiRequest (
  2434. IN PFILE_OBJECT FileObject,
  2435. IN PIRP Irp
  2436. )
  2437. /*++
  2438. Routine Description:
  2439. This routine submits a request to TDI and waits for it to complete.
  2440. Arguments:
  2441. IN PFILE_OBJECT FileObject - Connection or Address handle for TDI request
  2442. IN PIRP Irp - TDI request to submit.
  2443. Return Value:
  2444. NTSTATUS - Final status of request.
  2445. --*/
  2446. {
  2447. KEVENT Event;
  2448. NTSTATUS Status;
  2449. PAGED_CODE();
  2450. BowserReferenceDiscardableCode( BowserDiscardableCodeSection );
  2451. KeInitializeEvent (&Event, NotificationEvent, FALSE);
  2452. IoSetCompletionRoutine(Irp, BowserCompleteTdiRequest, &Event, TRUE, TRUE, TRUE);
  2453. //
  2454. // Submit the disconnect request
  2455. //
  2456. Status = IoCallDriver(IoGetRelatedDeviceObject(FileObject), Irp);
  2457. //
  2458. // If it failed immediately, return now, otherwise wait.
  2459. //
  2460. if (!NT_SUCCESS(Status)) {
  2461. dlog(DPRT_TDI, ("BowserSubmitTdiRequest: submit request. Status = %X", Status));
  2462. BowserDereferenceDiscardableCode( BowserDiscardableCodeSection );
  2463. return Status;
  2464. }
  2465. if (Status == STATUS_PENDING) {
  2466. dlog(DPRT_TDI, ("TDI request issued, waiting..."));
  2467. Status = KeWaitForSingleObject(&Event, // Object to wait on.
  2468. Executive, // Reason for waiting
  2469. KernelMode, // Processor mode
  2470. FALSE, // Alertable
  2471. NULL); // Timeout
  2472. if (!NT_SUCCESS(Status)) {
  2473. dlog(DPRT_TDI, ("Could not wait for operation to complete"));
  2474. KeBugCheck( 666 );
  2475. }
  2476. Status = Irp->IoStatus.Status;
  2477. }
  2478. BowserDereferenceDiscardableCode( BowserDiscardableCodeSection );
  2479. dlog(DPRT_TDI, ("TDI request complete\n"));
  2480. return(Status);
  2481. }
  2482. NTSTATUS
  2483. BowserCompleteTdiRequest (
  2484. IN PDEVICE_OBJECT DeviceObject,
  2485. IN PIRP Irp,
  2486. IN PVOID Context
  2487. )
  2488. /*++
  2489. Routine Description:
  2490. Completion routine for SubmitTdiRequest operation.
  2491. Arguments:
  2492. IN PDEVICE_OBJECT DeviceObject, - Supplies a pointer to the device object
  2493. IN PIRP Irp, - Supplies the IRP submitted
  2494. IN PVOID Context - Supplies a pointer to the kernel event to release
  2495. Return Value:
  2496. NTSTATUS - Status of KeSetEvent
  2497. We return STATUS_MORE_PROCESSING_REQUIRED to prevent the IRP completion
  2498. code from processing this puppy any more.
  2499. --*/
  2500. {
  2501. DISCARDABLE_CODE( BowserDiscardableCodeSection );
  2502. dprintf(DPRT_TDI, ("CompleteTdiRequest: %lx\n", Context));
  2503. //
  2504. // Set the event to the Signalled state with 0 priority increment and
  2505. // indicate that we will not be blocking soon.
  2506. //
  2507. KeSetEvent((PKEVENT )Context, 0, FALSE);
  2508. return STATUS_MORE_PROCESSING_REQUIRED;
  2509. // Quiet the compiler.
  2510. if (Irp || DeviceObject){};
  2511. }
  2512. typedef struct _SEND_DATAGRAM_CONTEXT {
  2513. PTDI_CONNECTION_INFORMATION ConnectionInformation;
  2514. PVOID Header;
  2515. BOOLEAN WaitForCompletion;
  2516. KEVENT Event;
  2517. } SEND_DATAGRAM_CONTEXT, *PSEND_DATAGRAM_CONTEXT;
  2518. NTSTATUS
  2519. BowserSendDatagram (
  2520. IN PTRANSPORT Transport,
  2521. IN PUNICODE_STRING Domain OPTIONAL,
  2522. IN DGRECEIVER_NAME_TYPE NameType,
  2523. IN PVOID Buffer,
  2524. IN ULONG BufferLength,
  2525. IN BOOLEAN WaitForCompletion,
  2526. IN PSTRING DestinationAddress OPTIONAL,
  2527. IN BOOLEAN IsHostAnnouncement
  2528. )
  2529. /*++
  2530. Routine Description:
  2531. This routine sends a datagram to the specified domain.
  2532. Arguments:
  2533. Domain - the name of the domain to send to.
  2534. Please note that the DOMAIN is padded with spaces and
  2535. terminated with the appropriate signature byte (00 or 07).
  2536. Buffer - the message to send.
  2537. BufferLength - the length of the buffer,
  2538. IsHostAnnouncement - True if the datagram is a host announcement
  2539. Return Value:
  2540. NTSTATUS - results of operation.
  2541. --*/
  2542. {
  2543. NTSTATUS Status = STATUS_SUCCESS;
  2544. ULONG connectionInformationSize;
  2545. PIRP irp = NULL;
  2546. PMDL mdlAddress = NULL;
  2547. PSEND_DATAGRAM_CONTEXT context = NULL;
  2548. PPAGED_TRANSPORT PagedTransport = Transport->PagedTransport;
  2549. // PTRANSPORT_NAME TComputerName;
  2550. ANSI_STRING AnsiString;
  2551. UCHAR IpxPacketType;
  2552. PFILE_OBJECT FileObject = NULL;
  2553. PDEVICE_OBJECT DeviceObject;
  2554. PVOID pBuffToFree = Buffer;
  2555. PAGED_CODE();
  2556. ExAcquireResourceExclusiveLite(&BowserTransportDatabaseResource, TRUE);
  2557. //
  2558. // Ensure the computername has been registered for this transport
  2559. //
  2560. if ( Transport->ComputerName == NULL ) {
  2561. ExReleaseResourceLite(&BowserTransportDatabaseResource);
  2562. Status = STATUS_BAD_NETWORK_PATH;
  2563. goto Cleanup;
  2564. }
  2565. //
  2566. // Ensure the Device and File object are known.
  2567. //
  2568. if (!FlagOn(Transport->PagedTransport->Flags, DIRECT_HOST_IPX)) {
  2569. DeviceObject = Transport->ComputerName->DeviceObject;
  2570. FileObject = Transport->ComputerName->FileObject;
  2571. } else {
  2572. DeviceObject = Transport->IpxSocketDeviceObject;
  2573. FileObject = Transport->IpxSocketFileObject;
  2574. }
  2575. if ( DeviceObject == NULL || FileObject == NULL ) {
  2576. ExReleaseResourceLite(&BowserTransportDatabaseResource);
  2577. Status = STATUS_BAD_NETWORK_PATH;
  2578. goto Cleanup;
  2579. }
  2580. if ( FileObject != NULL ) {
  2581. ObReferenceObject( FileObject );
  2582. }
  2583. ExReleaseResourceLite(&BowserTransportDatabaseResource);
  2584. //
  2585. // Allocate a context describing this datagram send.
  2586. //
  2587. context = ALLOCATE_POOL(NonPagedPool, sizeof(SEND_DATAGRAM_CONTEXT), POOL_SENDDATAGRAM);
  2588. if ( context == NULL) {
  2589. Status = STATUS_NO_MEMORY;
  2590. goto Cleanup;
  2591. }
  2592. context->Header = NULL;
  2593. context->ConnectionInformation = NULL;
  2594. connectionInformationSize = sizeof(TDI_CONNECTION_INFORMATION) +
  2595. max(sizeof(TA_NETBIOS_EX_ADDRESS),
  2596. sizeof(TA_IPX_ADDRESS));
  2597. if (Domain == NULL) {
  2598. Domain = &Transport->DomainInfo->DomUnicodeDomainName;
  2599. }
  2600. if (FlagOn(Transport->PagedTransport->Flags, DIRECT_HOST_IPX)) {
  2601. PSMB_IPX_NAME_PACKET NamePacket;
  2602. OEM_STRING NetBiosName;
  2603. context->Header = ALLOCATE_POOL(NonPagedPool, BufferLength + sizeof(SMB_IPX_NAME_PACKET), POOL_SENDDATAGRAM);
  2604. if ( context->Header == NULL ) {
  2605. Status = STATUS_INSUFFICIENT_RESOURCES;
  2606. goto Cleanup;
  2607. }
  2608. NamePacket = context->Header;
  2609. RtlZeroMemory(NamePacket->Route, sizeof(NamePacket->Route));
  2610. NamePacket->Operation = SMB_IPX_MAILSLOT_SEND;
  2611. switch (NameType) {
  2612. case BrowserElection:
  2613. if ( IsHostAnnouncement ) {
  2614. NamePacket->NameType = SMB_IPX_NAME_TYPE_BROWSER;
  2615. } else {
  2616. NamePacket->NameType = SMB_IPX_NAME_TYPE_WORKKGROUP;
  2617. }
  2618. break;
  2619. case ComputerName:
  2620. case AlternateComputerName:
  2621. NamePacket->NameType = SMB_IPX_NAME_TYPE_MACHINE;
  2622. break;
  2623. case MasterBrowser:
  2624. NamePacket->NameType = SMB_IPX_NAME_TYPE_WORKKGROUP;
  2625. break;
  2626. //
  2627. // Don't send on name types that direct host IPX can't handle.
  2628. //
  2629. // Domain(1B): Direct host IPX datagram receivers aren't particular
  2630. // about the 16th byte of the netbios name. Therefore, all of them
  2631. // accept a Domain<1B> datagram. However, such sends are destined
  2632. // only to the PDC.
  2633. //
  2634. // Domain(1C): Domain(1C) is registered only by NT DCs. However,
  2635. // NT DCs don't completely support direct host IPX. But they do
  2636. // completely support NwLnkNb.
  2637. //
  2638. // We silently ingore these errors allowing the caller to duplicate
  2639. // the send on NwLnkNb.
  2640. case PrimaryDomainBrowser:
  2641. case DomainName:
  2642. Status = STATUS_SUCCESS;
  2643. goto Cleanup;
  2644. //
  2645. // Fail on sends to non-sensical name types.
  2646. //
  2647. // DomainAnnouncements aren't sent separately.
  2648. //
  2649. default:
  2650. // Silently ignore the
  2651. Status = STATUS_INVALID_DEVICE_REQUEST;
  2652. goto Cleanup;
  2653. }
  2654. NamePacket->MessageId = 0;
  2655. NetBiosName.Length = 0;
  2656. NetBiosName.MaximumLength = SMB_IPX_NAME_LENGTH;
  2657. NetBiosName.Buffer = NamePacket->Name;
  2658. Status = RtlUpcaseUnicodeStringToOemString(&NetBiosName, Domain, FALSE);
  2659. if (!NT_SUCCESS(Status)) {
  2660. goto Cleanup;
  2661. }
  2662. RtlCopyMemory(&NetBiosName.Buffer[NetBiosName.Length], " ",
  2663. SMB_IPX_NAME_LENGTH-NetBiosName.Length);
  2664. NamePacket->Name[SMB_IPX_NAME_LENGTH-1] = WORKSTATION_SIGNATURE;
  2665. RtlCopyMemory(NamePacket->SourceName, ((PTA_NETBIOS_ADDRESS)(Transport->ComputerName->TransportAddress.Buffer))->Address[0].Address->NetbiosName, SMB_IPX_NAME_LENGTH);
  2666. RtlCopyMemory((NamePacket+1), Buffer, BufferLength);
  2667. // Replace Buffer w/ IPX modified one.
  2668. // - ensure cleanup will free input Buffer.
  2669. ASSERT(Buffer == pBuffToFree);
  2670. FREE_POOL(Buffer);
  2671. pBuffToFree = NULL; // cleanup will free context->Header
  2672. Buffer = context->Header;
  2673. BufferLength += sizeof(SMB_IPX_NAME_PACKET);
  2674. } else {
  2675. // ensure consistency
  2676. ASSERT(Buffer == pBuffToFree);
  2677. context->Header = Buffer;
  2678. pBuffToFree = NULL; // don't cleanup for async case.
  2679. }
  2680. context->ConnectionInformation = ALLOCATE_POOL(NonPagedPool,
  2681. connectionInformationSize, POOL_CONNECTINFO
  2682. );
  2683. if ( context->ConnectionInformation == NULL ) {
  2684. Status = STATUS_INSUFFICIENT_RESOURCES;
  2685. goto Cleanup;
  2686. }
  2687. context->ConnectionInformation->UserDataLength = 0;
  2688. context->ConnectionInformation->UserData = NULL;
  2689. context->ConnectionInformation->OptionsLength = 0;
  2690. context->ConnectionInformation->Options = NULL;
  2691. AnsiString.Buffer = (PCHAR)(context->ConnectionInformation + 1);
  2692. AnsiString.MaximumLength = (USHORT)(connectionInformationSize - sizeof(TDI_CONNECTION_INFORMATION));
  2693. context->ConnectionInformation->RemoteAddress = AnsiString.Buffer;
  2694. context->WaitForCompletion = WaitForCompletion;
  2695. // ComputerName = Transport->ComputerName;
  2696. if (!ARGUMENT_PRESENT(DestinationAddress)) {
  2697. //
  2698. // If this is for our primary domain, and the request is destined
  2699. // for the master browser name, then stick in the address of our
  2700. // master browser if we know it.
  2701. //
  2702. if ((RtlCompareMemory(Domain->Buffer, ((PTA_NETBIOS_ADDRESS)(Transport->ComputerName->TransportAddress.Buffer))->Address[0].Address->NetbiosName, SMB_IPX_NAME_LENGTH) == SMB_IPX_NAME_LENGTH) &&
  2703. ( NameType == MasterBrowser ) &&
  2704. (Transport->PagedTransport->MasterBrowserAddress.Length != 0) ) {
  2705. //
  2706. // This is for our domain. If it's for our master browser
  2707. // and we know who that is, we're done - copy over the master's address
  2708. // and send it.
  2709. //
  2710. ASSERT (Transport->PagedTransport->MasterBrowserAddress.Length == sizeof(TA_IPX_ADDRESS));
  2711. RtlCopyMemory(context->ConnectionInformation->RemoteAddress,
  2712. Transport->PagedTransport->MasterBrowserAddress.Buffer,
  2713. Transport->PagedTransport->MasterBrowserAddress.Length);
  2714. //
  2715. // This is a directed packet, don't broadcast it.
  2716. //
  2717. IpxPacketType = IPX_DIRECTED_PACKET;
  2718. context->ConnectionInformation->OptionsLength = sizeof(IpxPacketType);
  2719. context->ConnectionInformation->Options = &IpxPacketType;
  2720. } else if (FlagOn(Transport->PagedTransport->Flags, DIRECT_HOST_IPX)) {
  2721. PTA_IPX_ADDRESS IpxAddress = (PTA_IPX_ADDRESS)AnsiString.Buffer;
  2722. IpxAddress->TAAddressCount = 1;
  2723. IpxAddress->Address[0].AddressType = TDI_ADDRESS_TYPE_IPX;
  2724. IpxAddress->Address[0].AddressLength = TDI_ADDRESS_LENGTH_IPX;
  2725. IpxAddress->Address[0].Address[0].NetworkAddress = 0;
  2726. IpxAddress->Address[0].Address[0].NodeAddress[0] = 0xff;
  2727. IpxAddress->Address[0].Address[0].NodeAddress[1] = 0xff;
  2728. IpxAddress->Address[0].Address[0].NodeAddress[2] = 0xff;
  2729. IpxAddress->Address[0].Address[0].NodeAddress[3] = 0xff;
  2730. IpxAddress->Address[0].Address[0].NodeAddress[4] = 0xff;
  2731. IpxAddress->Address[0].Address[0].NodeAddress[5] = 0xff;
  2732. IpxAddress->Address[0].Address[0].Socket = SMB_IPX_MAILSLOT_SOCKET;
  2733. } else {
  2734. Status = BowserBuildTransportAddress(&AnsiString,
  2735. Domain,
  2736. NameType,
  2737. Transport);
  2738. if (!NT_SUCCESS(Status)) {
  2739. goto Cleanup;
  2740. }
  2741. context->ConnectionInformation->RemoteAddressLength = AnsiString.Length;
  2742. }
  2743. } else {
  2744. //
  2745. // This is already correctly formatted, so just put it on the wire.
  2746. //
  2747. RtlCopyMemory(context->ConnectionInformation->RemoteAddress, DestinationAddress->Buffer, DestinationAddress->Length);
  2748. context->ConnectionInformation->RemoteAddressLength = DestinationAddress->Length;
  2749. //
  2750. // This is a directed packet, don't broadcast it.
  2751. //
  2752. IpxPacketType = IPX_DIRECTED_PACKET;
  2753. context->ConnectionInformation->OptionsLength = sizeof(IpxPacketType);
  2754. context->ConnectionInformation->Options = &IpxPacketType;
  2755. }
  2756. irp = IoAllocateIrp( DeviceObject->StackSize, TRUE);
  2757. if (irp == NULL) {
  2758. Status = STATUS_INSUFFICIENT_RESOURCES;
  2759. goto Cleanup;
  2760. }
  2761. mdlAddress = IoAllocateMdl(Buffer, BufferLength, FALSE, FALSE, NULL);
  2762. if (mdlAddress == NULL) {
  2763. IoFreeIrp(irp);
  2764. Status = STATUS_INSUFFICIENT_RESOURCES;
  2765. goto Cleanup;
  2766. }
  2767. KeInitializeEvent(&context->Event, NotificationEvent, FALSE);
  2768. MmBuildMdlForNonPagedPool(mdlAddress);
  2769. ASSERT (KeGetCurrentIrql() == 0);
  2770. TdiBuildSendDatagram( irp,
  2771. DeviceObject,
  2772. FileObject,
  2773. CompleteSendDatagram,
  2774. context,
  2775. mdlAddress,
  2776. BufferLength,
  2777. context->ConnectionInformation);
  2778. Status = IoCallDriver(DeviceObject, irp);
  2779. ASSERT (KeGetCurrentIrql() == 0);
  2780. if (WaitForCompletion) {
  2781. ASSERT (KeGetCurrentIrql() == 0);
  2782. if (Status == STATUS_PENDING) {
  2783. Status = KeWaitForSingleObject(&context->Event,
  2784. Executive,
  2785. KernelMode,
  2786. FALSE,
  2787. NULL);
  2788. }
  2789. IoFreeMdl(irp->MdlAddress);
  2790. //
  2791. // Retrieve the status from the IRP.
  2792. //
  2793. Status = irp->IoStatus.Status;
  2794. IoFreeIrp(irp);
  2795. } else {
  2796. //
  2797. // Let completion routine free the context
  2798. //
  2799. context = NULL;
  2800. }
  2801. ASSERT (KeGetCurrentIrql() == 0);
  2802. //
  2803. // Free locally used resources
  2804. //
  2805. Cleanup:
  2806. if ( context != NULL ) {
  2807. if ( context->Header != NULL &&
  2808. context->Header != pBuffToFree ) {
  2809. FREE_POOL( context->Header );
  2810. }
  2811. if (context->ConnectionInformation != NULL ) {
  2812. FREE_POOL(context->ConnectionInformation);
  2813. }
  2814. FREE_POOL(context);
  2815. }
  2816. if (pBuffToFree) {
  2817. FREE_POOL( pBuffToFree );
  2818. }
  2819. if ( FileObject != NULL ) {
  2820. ObDereferenceObject( FileObject );
  2821. }
  2822. return Status;
  2823. } // BowserSendDatagram
  2824. NTSTATUS
  2825. CompleteSendDatagram (
  2826. IN PDEVICE_OBJECT DeviceObject,
  2827. IN PIRP Irp,
  2828. IN PVOID Ctx
  2829. )
  2830. /*++
  2831. Routine Description:
  2832. Completion routine for SubmitTdiRequest operation.
  2833. Arguments:
  2834. IN PDEVICE_OBJECT DeviceObject, - Supplies a pointer to the device object
  2835. IN PIRP Irp, - Supplies the IRP submitted
  2836. IN PVOID Context - Supplies a pointer to the kernel event to release
  2837. Return Value:
  2838. NTSTATUS - Status of KeSetEvent
  2839. We return STATUS_MORE_PROCESSING_REQUIRED to prevent the IRP completion
  2840. code from processing this puppy any more.
  2841. --*/
  2842. {
  2843. PSEND_DATAGRAM_CONTEXT Context = Ctx;
  2844. dprintf(DPRT_TDI, ("CompleteTdiRequest: %lx\n", Context));
  2845. if (Context->WaitForCompletion) {
  2846. //
  2847. // Set the event to the Signalled state with 0 priority increment and
  2848. // indicate that we will not be blocking soon.
  2849. //
  2850. KeSetEvent(&Context->Event, 0, FALSE);
  2851. } else {
  2852. FREE_POOL(Context->ConnectionInformation);
  2853. FREE_POOL(Context->Header);
  2854. FREE_POOL(Context);
  2855. IoFreeMdl(Irp->MdlAddress);
  2856. IoFreeIrp(Irp);
  2857. }
  2858. return STATUS_MORE_PROCESSING_REQUIRED;
  2859. UNREFERENCED_PARAMETER(DeviceObject);
  2860. }
  2861. NTSTATUS
  2862. BowserSendSecondClassMailslot (
  2863. IN PTRANSPORT Transport,
  2864. IN PUNICODE_STRING Domain OPTIONAL,
  2865. IN DGRECEIVER_NAME_TYPE NameType,
  2866. IN PVOID Message,
  2867. IN ULONG MessageLength,
  2868. IN BOOLEAN WaitForCompletion,
  2869. IN PCHAR mailslotNameData,
  2870. IN PSTRING DestinationAddress OPTIONAL
  2871. )
  2872. {
  2873. ULONG dataSize;
  2874. ULONG transactionDataSize;
  2875. ULONG smbSize;
  2876. PSMB_HEADER header;
  2877. PSMB_TRANSACT_MAILSLOT parameters;
  2878. PSZ mailslotName;
  2879. ULONG mailslotNameLength;
  2880. PSZ domainInData;
  2881. PVOID message;
  2882. NTSTATUS status;
  2883. PAGED_CODE();
  2884. //
  2885. // Determine the sizes of various fields that will go in the SMB
  2886. // and the total size of the SMB.
  2887. //
  2888. mailslotNameLength = strlen( mailslotNameData );
  2889. transactionDataSize = MessageLength;
  2890. dataSize = mailslotNameLength + 1 + transactionDataSize;
  2891. smbSize = sizeof(SMB_HEADER) + sizeof(SMB_TRANSACT_MAILSLOT) - 1 + dataSize;
  2892. header = ALLOCATE_POOL( NonPagedPool, smbSize, POOL_MAILSLOT_HEADER );
  2893. if ( header == NULL ) {
  2894. return STATUS_INSUFFICIENT_RESOURCES;
  2895. }
  2896. //
  2897. // Fill in the header. Most of the fields don't matter and are
  2898. // zeroed.
  2899. //
  2900. RtlZeroMemory( header, smbSize );
  2901. header->Protocol[0] = 0xFF;
  2902. header->Protocol[1] = 'S';
  2903. header->Protocol[2] = 'M';
  2904. header->Protocol[3] = 'B';
  2905. header->Command = SMB_COM_TRANSACTION;
  2906. //
  2907. // Get the pointer to the params and fill them in.
  2908. //
  2909. parameters = (PSMB_TRANSACT_MAILSLOT)( header + 1 );
  2910. mailslotName = (PSZ)( parameters + 1 ) - 1;
  2911. domainInData = mailslotName + mailslotNameLength + 1;
  2912. message = domainInData;
  2913. parameters->WordCount = 0x11;
  2914. SmbPutUshort( &parameters->TotalDataCount, (USHORT)transactionDataSize );
  2915. SmbPutUlong( &parameters->Timeout, 0x3E8 ); // !!! fix
  2916. SmbPutUshort( &parameters->DataCount, (USHORT)transactionDataSize );
  2917. SmbPutUshort(
  2918. &parameters->DataOffset,
  2919. (USHORT)( (ULONG_PTR)message - (ULONG_PTR)header )
  2920. );
  2921. parameters->SetupWordCount = 3;
  2922. SmbPutUshort( &parameters->Opcode, MS_WRITE_OPCODE );
  2923. SmbPutUshort( &parameters->Priority, 1);
  2924. SmbPutUshort( &parameters->Class, 2 );
  2925. SmbPutUshort( &parameters->ByteCount, (USHORT)dataSize );
  2926. RtlCopyMemory( mailslotName, mailslotNameData, mailslotNameLength + 1 );
  2927. RtlCopyMemory( message, Message, MessageLength );
  2928. //
  2929. // Send the actual mailslot message.
  2930. //
  2931. status = BowserSendDatagram( Transport,
  2932. Domain,
  2933. NameType,
  2934. header,
  2935. smbSize,
  2936. WaitForCompletion,
  2937. DestinationAddress,
  2938. (BOOLEAN)(((PHOST_ANNOUNCE_PACKET)Message)->AnnounceType == LocalMasterAnnouncement) );
  2939. return status;
  2940. } // BowserSendSecondClassMailslot
  2941. NTSTATUS
  2942. BowserSendRequestAnnouncement(
  2943. IN PUNICODE_STRING DestinationName,
  2944. IN DGRECEIVER_NAME_TYPE NameType,
  2945. IN PTRANSPORT Transport
  2946. )
  2947. {
  2948. REQUEST_ANNOUNCE_PACKET AnnounceRequest;
  2949. ULONG AnnouncementRequestLength;
  2950. NTSTATUS Status;
  2951. PAGED_CODE();
  2952. //
  2953. // If we don't
  2954. AnnounceRequest.Type = AnnouncementRequest;
  2955. AnnounceRequest.RequestAnnouncement.Flags = 0;
  2956. strcpy( AnnounceRequest.RequestAnnouncement.Reply,
  2957. Transport->DomainInfo->DomOemComputerName.Buffer );
  2958. AnnouncementRequestLength = FIELD_OFFSET(REQUEST_ANNOUNCE_PACKET, RequestAnnouncement.Reply) +
  2959. Transport->DomainInfo->DomOemComputerName.Length + 1;
  2960. Status = BowserSendSecondClassMailslot(Transport,
  2961. DestinationName,
  2962. NameType,
  2963. &AnnounceRequest,
  2964. AnnouncementRequestLength,
  2965. TRUE,
  2966. MAILSLOT_BROWSER_NAME,
  2967. NULL);
  2968. return Status;
  2969. }
  2970. VOID
  2971. BowserpInitializeTdi (
  2972. VOID
  2973. )
  2974. /*++
  2975. Routine Description:
  2976. This routine initializes the global variables used in the transport
  2977. package.
  2978. Arguments:
  2979. None.
  2980. Return Value:
  2981. None.
  2982. --*/
  2983. {
  2984. //
  2985. // Initialize the Transport list chain
  2986. //
  2987. InitializeListHead(&BowserTransportHead);
  2988. ExInitializeResourceLite(&BowserTransportDatabaseResource);
  2989. KeInitializeSpinLock(&BowserTransportMasterNameSpinLock);
  2990. BowserInitializeDomains();
  2991. }
  2992. VOID
  2993. BowserpUninitializeTdi (
  2994. VOID
  2995. )
  2996. /*++
  2997. Routine Description:
  2998. This routine initializes the global variables used in the transport
  2999. package.
  3000. Arguments:
  3001. None.
  3002. Return Value:
  3003. None.
  3004. --*/
  3005. {
  3006. PAGED_CODE();
  3007. ASSERT (IsListEmpty(&BowserTransportHead));
  3008. ExDeleteResourceLite(&BowserTransportDatabaseResource);
  3009. }