|
|
/*++
Copyright (c) 1989 Microsoft Corporation
Module Name:
smblock.c
Abstract:
This module contains routines for processing the following SMBs:
Lock Byte Range Unlock Byte Range Locking and X
The SMB commands "Lock and Read" and "Write and Unlock" are processed in smbrdwrt.c.
Author:
Chuck Lenzmeier (chuckl) 26-Apr-1990
Revision History:
29-Aug-1991 mannyw
--*/
#include "precomp.h"
#include "smblock.tmh"
#pragma hdrstop
#if SRVDBG_PERF
UCHAR LockBypass = 0;BOOLEAN LockWaitForever = 0;ULONG LockBypassConst = 0x10000000;ULONG LockBypassMirror = 0x01000000;#endif
//
// Forward declarations
//
BOOLEANCancelLockRequest ( IN PWORK_CONTEXT WorkContext, IN USHORT TargetFid, IN USHORT TargetPid, IN LARGE_INTEGER TargetOffset, IN LARGE_INTEGER TargetLength );
VOIDDoLockingAndX ( IN OUT PWORK_CONTEXT WorkContext, IN BOOLEAN SkipFastPath );
STATICBOOLEANProcessOplockBreakResponse( IN PWORK_CONTEXT WorkContext, IN PRFCB Rfcb, IN PREQ_LOCKING_ANDX Request );
STATICVOID SRVFASTCALLRestartLockByteRange ( IN OUT PWORK_CONTEXT WorkContext );
STATICVOID SRVFASTCALLRestartLockingAndX ( IN OUT PWORK_CONTEXT WorkContext );
VOIDTimeoutLockRequest ( IN PKDPC Dpc, IN PVOID DeferredContext, IN PVOID SystemArgument1, IN PVOID SystemArgument2 );
#ifdef ALLOC_PRAGMA
#pragma alloc_text( PAGE, SrvSmbLockByteRange )
#pragma alloc_text( PAGE, RestartLockByteRange )
#pragma alloc_text( PAGE, ProcessOplockBreakResponse )
#pragma alloc_text( PAGE, SrvSmbUnlockByteRange )
#pragma alloc_text( PAGE, SrvSmbLockingAndX )
#pragma alloc_text( PAGE, DoLockingAndX )
#pragma alloc_text( PAGE, RestartLockingAndX )
#pragma alloc_text( PAGE, SrvAcknowledgeOplockBreak )
#pragma alloc_text( PAGE8FIL, CancelLockRequest )
#pragma alloc_text( PAGE8FIL, TimeoutLockRequest )
#endif
�SMB_PROCESSOR_RETURN_TYPESrvSmbLockByteRange ( SMB_PROCESSOR_PARAMETERS )
/*++
Routine Description:
Processes the Lock Byte Range SMB.
Arguments:
SMB_PROCESSOR_PARAMETERS - See smbtypes.h for a description of the parameters to SMB processor routines.
Return Value:
SMB_PROCESSOR_RETURN_TYPE - See smbtypes.h
--*/
{ PREQ_LOCK_BYTE_RANGE request;
NTSTATUS status = STATUS_SUCCESS; SMB_STATUS SmbStatus = SmbStatusInProgress; USHORT fid; LARGE_INTEGER length; LARGE_INTEGER offset; ULONG key; BOOLEAN failImmediately;
PRFCB rfcb; PLFCB lfcb; PSRV_TIMER timer;
PAGED_CODE( ); if (WorkContext->PreviousSMB == EVENT_TYPE_SMB_LAST_EVENT) WorkContext->PreviousSMB = EVENT_TYPE_SMB_LOCK_BYTE_RANGE; SrvWmiStartContext(WorkContext);
request = (PREQ_LOCK_BYTE_RANGE)WorkContext->RequestParameters;
//
// Verify the FID. If verified, the RFCB block is referenced
// and its addresses is stored in the WorkContext block, and the
// RFCB address is returned.
//
fid = SmbGetUshort( &request->Fid );
rfcb = SrvVerifyFid( WorkContext, fid, TRUE, SrvRestartSmbReceived, // serialize with raw write
&status );
if ( rfcb == SRV_INVALID_RFCB_POINTER ) {
if ( !NT_SUCCESS( status ) ) {
//
// Invalid file ID or write behind error. Reject the request.
//
IF_DEBUG(ERRORS) { KdPrint(( "SrvSmbLockByteRange: Status %X on FID: 0x%lx\n", status, fid )); }
SrvSetSmbError( WorkContext, status ); SmbStatus = SmbStatusSendResponse; goto Cleanup; }
//
// The work item has been queued because a raw write is in
// progress.
//
SmbStatus = SmbStatusInProgress; goto Cleanup; }
//
// If the session has expired, return that info
//
if( rfcb->Lfcb->Session->IsSessionExpired ) { SrvSetSmbError( WorkContext, SESSION_EXPIRED_STATUS_CODE ); status = SESSION_EXPIRED_STATUS_CODE; SmbStatus = SmbStatusSendResponse; goto Cleanup; }
//
// Verify that the client has lock access to the file via the
// specified handle.
//
if ( rfcb->LockAccessGranted && rfcb->ExclusiveLockGranted ) {
//
// Get the offset and length of the range being locked. Combine
// the FID with the caller's PID to form the local lock key.
//
// *** The FID must be included in the key in order to account
// for the folding of multiple remote compatibility mode
// opens into a single local open.
//
offset.QuadPart = SmbGetUlong( &request->Offset ); length.QuadPart = SmbGetUlong( &request->Count );
key = rfcb->ShiftedFid | SmbGetAlignedUshort( &WorkContext->RequestHeader->Pid );
IF_SMB_DEBUG(LOCK1) { KdPrint(( "Lock request; FID 0x%lx, count %ld, offset %ld\n", fid, length.LowPart, offset.LowPart )); }
rfcb = WorkContext->Rfcb; lfcb = rfcb->Lfcb;
IF_SMB_DEBUG(LOCK2) { KdPrint(( "SrvSmbLockByteRange: Locking in file 0x%p: (%ld,%ld), key 0x%lx\n", lfcb->FileObject, offset.LowPart, length.LowPart, key )); }
//
// Try the turbo lock path first. If the client is retrying the
// lock that just failed, or if the lock is above the
// always-wait limit we want FailImmediately to be FALSE, so
// that the fast path fails if there's a conflict.
//
failImmediately = (BOOLEAN)( (offset.QuadPart != rfcb->PagedRfcb->LastFailingLockOffset.QuadPart) && (offset.QuadPart < SrvLockViolationOffset) );
if ( lfcb->FastIoLock != NULL ) {
INCREMENT_DEBUG_STAT2( SrvDbgStatistics.FastLocksAttempted );
if ( lfcb->FastIoLock( lfcb->FileObject, &offset, &length, IoGetCurrentProcess(), key, failImmediately, TRUE, &WorkContext->Irp->IoStatus, lfcb->DeviceObject ) ) {
//
// The turbo path worked. Call the restart routine
// directly.
//
WorkContext->Parameters.Lock.Timer = NULL; RestartLockByteRange( WorkContext ); SmbStatus = SmbStatusInProgress; goto Cleanup; }
INCREMENT_DEBUG_STAT2( SrvDbgStatistics.FastLocksFailed );
}
//
// The turbo path failed (or didn't exist). Start the lock request,
// reusing the receive IRP. If the client is retrying the lock that
// just failed, start a timer for the request.
//
timer = NULL; if ( !failImmediately ) { timer = SrvAllocateTimer( ); if ( timer == NULL ) { failImmediately = TRUE; } }
SrvBuildLockRequest( WorkContext->Irp, // input IRP address
lfcb->FileObject, // target file object address
WorkContext, // context
offset, // byte offset
length, // range length
key, // lock key
failImmediately, TRUE // exclusive lock?
);
WorkContext->FsdRestartRoutine = SrvQueueWorkToFspAtDpcLevel; WorkContext->FspRestartRoutine = RestartLockByteRange;
//
// Start the timer, if necessary.
//
WorkContext->Parameters.Lock.Timer = timer; if ( timer != NULL ) { SrvSetTimer( timer, &SrvLockViolationDelayRelative, TimeoutLockRequest, WorkContext ); }
//
// Pass the request to the file system.
//
(VOID)IoCallDriver( lfcb->DeviceObject, WorkContext->Irp );
//
// The lock request has been started.
//
IF_DEBUG(TRACE2) KdPrint(( "SrvSmbLockByteRange complete\n" )); SmbStatus = SmbStatusInProgress; } else {
SrvStatistics.GrantedAccessErrors++;
IF_DEBUG(ERRORS) { KdPrint(( "SrvSmbLockByteRange: Lock access not granted.\n")); }
SrvSetSmbError( WorkContext, STATUS_ACCESS_DENIED ); status = STATUS_ACCESS_DENIED; SmbStatus = SmbStatusSendResponse; }
Cleanup: SrvWmiEndContext(WorkContext); return SmbStatus;} // SrvSmbLockByteRange
�SMB_PROCESSOR_RETURN_TYPESrvSmbLockingAndX ( SMB_PROCESSOR_PARAMETERS )
/*++
Routine Description:
Processes the Locking and X SMB. This SMB is used to unlock zero or more ranges, then lock zero or more ranges.
Arguments:
SMB_PROCESSOR_PARAMETERS - See smbtypes.h for a description of the parameters to SMB processor routines.
Return Value:
SMB_PROCESSOR_RETURN_TYPE - See smbtypes.h
--*/
{ PREQ_LOCKING_ANDX request; PRESP_LOCKING_ANDX response;
PNTLOCKING_ANDX_RANGE largeRange; PLOCKING_ANDX_RANGE smallRange;
NTSTATUS status = STATUS_SUCCESS; SMB_STATUS SmbStatus = SmbStatusInProgress; USHORT fid; USHORT pid; ULONG unlockCount; ULONG lockCount; ULONG maxPossible;
LARGE_INTEGER length; LARGE_INTEGER offset; ULONG key; ULONG lockTimeout; BOOLEAN oplockBreakResponse = FALSE; BOOLEAN largeFileLock; BOOLEAN exclusiveLock;
UCHAR nextCommand; USHORT reqAndXOffset;
PRFCB rfcb; PLFCB lfcb; PPAGED_RFCB pagedRfcb;
PREQ_CLOSE closeRequest;
PAGED_CODE( ); if (WorkContext->PreviousSMB == EVENT_TYPE_SMB_LAST_EVENT) WorkContext->PreviousSMB = EVENT_TYPE_SMB_LOCKING_AND_X; SrvWmiStartContext(WorkContext);
request = (PREQ_LOCKING_ANDX)WorkContext->RequestParameters; response = (PRESP_LOCKING_ANDX)WorkContext->ResponseParameters;
//
// Get the FID, which is combined with the PIDs in the various
// lock/unlock ranges to form the local lock key.
//
// *** The FID must be included in the key in order to account for
// the folding of multiple remote compatibility mode opens into
// a single local open.
//
fid = SmbGetUshort( &request->Fid );
IF_SMB_DEBUG(LOCK1) { unlockCount = SmbGetUshort( &request->NumberOfUnlocks ); lockCount = SmbGetUshort( &request->NumberOfLocks ); KdPrint(( "Locking and X request; FID 0x%lx, Unlocks: %ld, " "Locks: %ld\n", fid, unlockCount, lockCount )); }
//
// Verify the FID. If verified, the RFCB block is referenced
// and its addresses is stored in the WorkContext block, and the
// RFCB address is returned.
//
rfcb = SrvVerifyFid( WorkContext, fid, TRUE, SrvRestartSmbReceived, // serialize with raw write
&status );
if ( rfcb == SRV_INVALID_RFCB_POINTER ) {
if ( !NT_SUCCESS( status ) ) {
//
// Invalid file ID or write behind error. Reject the request.
//
IF_DEBUG(ERRORS) { KdPrint(( "SrvSmbLockingAndX: Status %X on FID: 0x%lx\n", status, fid )); }
SrvSetSmbError( WorkContext, status ); SmbStatus = SmbStatusSendResponse; goto Cleanup; }
//
// The work item has been queued because a raw write is in
// progress.
//
SmbStatus = SmbStatusInProgress; goto Cleanup; }
pagedRfcb = rfcb->PagedRfcb; lfcb = rfcb->Lfcb;
//
// If the session has expired, return that info
//
if( lfcb->Session->IsSessionExpired ) { SrvSetSmbError( WorkContext, SESSION_EXPIRED_STATUS_CODE ); status = SESSION_EXPIRED_STATUS_CODE; SmbStatus = SmbStatusSendResponse; goto Cleanup; }
start_lockingAndX:
//
// Loop through the unlock ranges.
//
largeFileLock = (BOOLEAN)( (request->LockType & LOCKING_ANDX_LARGE_FILES) != 0 );
//
// Ensure the SMB is big enough to hold all of the requests
//
unlockCount = SmbGetUshort( &request->NumberOfUnlocks ); lockCount = SmbGetUshort( &request->NumberOfLocks );
//
// Find out how many entries could possibly be in this smb
//
maxPossible = (ULONG)(((PCHAR)WorkContext->RequestBuffer->Buffer + WorkContext->RequestBuffer->DataLength) - (PCHAR)request->Buffer);
if( largeFileLock ) { maxPossible /= sizeof( NTLOCKING_ANDX_RANGE ); largeRange = (PNTLOCKING_ANDX_RANGE)request->Buffer; } else { maxPossible /= sizeof( LOCKING_ANDX_RANGE ); smallRange = (PLOCKING_ANDX_RANGE)request->Buffer; }
//
// If the request holds more than could possibly be in this SMB, return
// and error
//
if( unlockCount + lockCount > maxPossible ) { //
// They don't all fit!
//
IF_DEBUG( ERRORS ) { KdPrint(( "SrvSmbLockingAndX: unlockCount %u, lockCount %u, maxPossible %u\n", unlockCount, lockCount, maxPossible )); }
SrvSetSmbError( WorkContext, STATUS_INVALID_SMB ); status = STATUS_INVALID_SMB; SmbStatus = SmbStatusSendResponse; goto Cleanup; }
//
// If an Unlock is being requested, verify that the client has
// unlock access to the file via the specified handle.
//
if ( unlockCount != 0 ) { if ( rfcb->UnlockAccessGranted ) {
IO_STATUS_BLOCK iosb;
do {
//
// Form the key for this lock. Get the offset and length of the
// range.
//
ParseLockData( largeFileLock, smallRange, largeRange, &pid, &offset, &length );
key = rfcb->ShiftedFid | pid;
IF_SMB_DEBUG(LOCK2) { KdPrint(( "SrvSmbLockingAndX: Unlocking in file 0x%p: ", lfcb->FileObject )); KdPrint(( "(%lx%08lx, %lx%08lx), ", offset.HighPart, offset.LowPart, length.HighPart, length.LowPart )); KdPrint(( "key 0x%lx\n", key )); }
//
// Issue the Unlock request.
//
// *** Note that we do the Unlock synchronously. Unlock is a
// quick operation, so there's no point in doing it
// asynchronously. In order to do this, we have to let
// normal I/O completion happen (so the event is set), which
// means that we have to allocate a new IRP (I/O completion
// likes to deallocate an IRP). This is a little wasteful,
// since we've got a perfectly good IRP hanging around.
// However, we do try to use the turbo path first, so in
// most cases we won't actually issue an I/O request.
//
//
// Try the turbo unlock path first.
//
#if SRVDBG_PERF
iosb.Status = STATUS_SUCCESS; if ( (LockBypass == 3) || ((LockBypass == 2) && (offset.LowPart >= LockBypassMirror)) || ((LockBypass == 1) && (offset.LowPart >= LockBypassConst)) ||#else
if (#endif
((lfcb->FastIoUnlockSingle != NULL) && lfcb->FastIoUnlockSingle( lfcb->FileObject, &offset, &length, IoGetCurrentProcess(), key, &iosb, lfcb->DeviceObject )) ) {
INCREMENT_DEBUG_STAT2( SrvDbgStatistics.FastUnlocksAttempted ); status = iosb.Status;
} else {
if ( lfcb->FastIoUnlockSingle != NULL ) {
INCREMENT_DEBUG_STAT2( SrvDbgStatistics.FastUnlocksAttempted ); INCREMENT_DEBUG_STAT2( SrvDbgStatistics.FastUnlocksFailed ); }
status = SrvIssueUnlockSingleRequest( lfcb->FileObject, // target file object
&lfcb->DeviceObject, // target device object
offset, // byte offset
length, // range length
key // lock key
); }
//
// If the unlock request failed, set an error status in the
// response header and jump out.
//
if ( !NT_SUCCESS(status) ) {
IF_DEBUG(SMB_ERRORS) { KdPrint(( "SrvSmbLockingAndX: Unlock failed: %X\n", status )); } SrvSetSmbError( WorkContext, status );
IF_DEBUG(TRACE2) KdPrint(( "SrvSmbLockingAndX complete\n" )); SmbStatus = SmbStatusSendResponse; goto Cleanup; }
//
// Update the count of locks on the RFCB.
//
InterlockedDecrement( &rfcb->NumberOfLocks );
//
// Update both range pointers, only one is meaningful - the
// other pointer is never referenced.
//
++smallRange; ++largeRange;
} while ( --unlockCount > 0 );
} else {
IF_DEBUG(ERRORS) { KdPrint(( "SrvSmbLockByteRange: Unlock access not granted.\n")); } SrvStatistics.GrantedAccessErrors++; SrvSetSmbError( WorkContext, STATUS_ACCESS_DENIED ); status = STATUS_ACCESS_DENIED; SmbStatus = SmbStatusSendResponse; goto Cleanup; } }
//
// We've now unlocked all of the specified ranges. We did the
// unlocks synchronously, but we're not willing to do that with the
// lock requests, which can take an indefinite amount of time.
// Instead, we start the first lock request here and allow the
// restart routine to handle the remaining lock ranges.
//
if ( lockCount != 0 ) {
//
// Does the client want an exclusive lock or a shared lock?
//
exclusiveLock = (BOOLEAN)( (request->LockType & LOCKING_ANDX_SHARED_LOCK) == 0 );
if ( rfcb->LockAccessGranted && (!exclusiveLock || rfcb->ExclusiveLockGranted) ) {
if ( !(request->LockType & LOCKING_ANDX_CANCEL_LOCK ) && !(request->LockType & LOCKING_ANDX_CHANGE_LOCKTYPE) ) {
BOOLEAN failImmediately;
//
// Get the lock timeout. We will change this later if
// it's 0 but we want to wait anyway.
//
lockTimeout = SmbGetUlong( &request->Timeout );
//
// Indicate that no timer has been associated with this
// request.
//
WorkContext->Parameters.Lock.Timer = NULL;
//
// There is at least one lock request. Set up context
// information. We use the NumberOfUnlocks field of the
// request to count how many of the lock requests we've
// performed. This field also tells us how many unlocks
// we have to do if one of the lock attempts fails. We
// use the LockRange field of WorkContext->Parameters to
// point to the current lock range in the request.
//
// Short circuit if only one lock request.
//
if ( lockCount == 1 ) {
//
// Form the key for the lock. Get the offset and length
// of the range.
//
ParseLockData( largeFileLock, smallRange, largeRange, &pid, &offset, &length );
key = rfcb->ShiftedFid | pid;
IF_SMB_DEBUG(LOCK2) { KdPrint(( "SrvSmbLockingAndX: Locking in file 0x%p: ", lfcb->FileObject )); KdPrint(( "(%lx%08lx, %lx%08lx), ", offset.HighPart, offset.LowPart, length.HighPart, length.LowPart )); KdPrint(( "key 0x%lx\n", key )); }
//
// Try the turbo lock path first. Set FailImmediately
// based on whether we plan to wait for the lock to
// become available. If the client wants to wait,
// or if the client doesn't want to wait but a)
// previously tried to get this lock and failed or
// b) this lock is above our lock delay limit (in
// which cases WE want to wait), then we set
// FailImmedately to FALSE. This will cause the
// fast path to fail if the range is not available,
// and we will build an IRP to try again.
//
failImmediately = ((lockTimeout == 0) && (offset.QuadPart != pagedRfcb->LastFailingLockOffset.QuadPart) && (offset.QuadPart < SrvLockViolationOffset) );#if SRVDBG_PERF
if ( LockWaitForever ) failImmediately = FALSE;#endif
#if SRVDBG_PERF
WorkContext->Irp->IoStatus.Status = STATUS_SUCCESS; if ( (LockBypass == 3) || ((LockBypass == 2) && (offset.LowPart >= LockBypassMirror)) || ((LockBypass == 1) && (offset.LowPart >= LockBypassConst)) ||#else
if (#endif
((lfcb->FastIoLock != NULL) && lfcb->FastIoLock( lfcb->FileObject, &offset, &length, IoGetCurrentProcess(), key, failImmediately, exclusiveLock, &WorkContext->Irp->IoStatus, lfcb->DeviceObject )) ) {
INCREMENT_DEBUG_STAT2( SrvDbgStatistics.FastLocksAttempted );
if ( NT_SUCCESS(WorkContext->Irp->IoStatus.Status) ) {
//
// The lock request succeeded. Update the count
// of locks on the RFCB.
//
InterlockedIncrement( &rfcb->NumberOfLocks );
goto try_next_andx;
} else {
//
// The lock request failed.
//
SmbPutUshort( &request->NumberOfUnlocks, 0 ); WorkContext->Parameters.Lock.LockRange = largeFileLock ? (PVOID)largeRange : (PVOID)smallRange; RestartLockingAndX( WorkContext ); SmbStatus = SmbStatusInProgress; goto Cleanup; } }
//
// The turbo path failed, or didn't exist.
//
if ( lfcb->FastIoLock != NULL ) { INCREMENT_DEBUG_STAT2( SrvDbgStatistics.FastLocksAttempted ); INCREMENT_DEBUG_STAT2( SrvDbgStatistics.FastLocksFailed ); }
}
//
// Either there is more than one lock request in the SMB,
// or the fast path failed (which means that we want to
// try again, with a timeout).
//
SmbPutUshort( &request->NumberOfUnlocks, 0 ); WorkContext->Parameters.Lock.LockRange = largeFileLock ? (PVOID)largeRange : (PVOID)smallRange;
DoLockingAndX( WorkContext, (BOOLEAN)(lockCount == 1) // skip fast path?
);
SmbStatus = SmbStatusInProgress; goto Cleanup; } else if ( request->LockType & LOCKING_ANDX_CANCEL_LOCK ) {
//
// This is a Cancel request. Try to cancel the first lock
// range. We ignore any subsequent ranges that may be
// present.
//
// !!! Is this right?
//
// Get the pid, offset, and length of the lock request
//
ParseLockData( largeFileLock, smallRange, largeRange, &pid, &offset, &length );
WorkContext->Parameters.Lock.LockRange = largeFileLock ? (PVOID)largeRange : (PVOID)smallRange;
IF_SMB_DEBUG(LOCK2) { KdPrint(( "SrvSmbLockingAndX: Locking in file 0x%p: ", lfcb->FileObject )); KdPrint(( "(%lx%08lx, %lx%08lx), ", offset.HighPart, offset.LowPart, length.HighPart, length.LowPart )); }
if ( CancelLockRequest( WorkContext, fid, pid, offset, length ) ) { SrvSetSmbError( WorkContext, STATUS_SUCCESS ); status = STATUS_SUCCESS; } else { SrvSetSmbError( WorkContext, STATUS_OS2_CANCEL_VIOLATION ); status = STATUS_OS2_CANCEL_VIOLATION; }
SmbStatus = SmbStatusSendResponse; goto Cleanup; } else if ( request->LockType & LOCKING_ANDX_CHANGE_LOCKTYPE ) {
//
// This is a request from a Cruiser client for us to atomically
// change a lock type from exclusive to shared or vice versa.
// Since we cannot do this atomically, and would risk losing
// the lock entirely if we tried this as a two step operation,
// reject the request.
//
SrvSetSmbError( WorkContext, STATUS_OS2_ATOMIC_LOCKS_NOT_SUPPORTED );
status = STATUS_OS2_ATOMIC_LOCKS_NOT_SUPPORTED; SmbStatus = SmbStatusSendResponse; goto Cleanup; }
} else {
//
// We can't do locks.
//
IF_DEBUG(ERRORS) { KdPrint(( "SrvSmbLockByteRange: Lock access not granted.\n")); } SrvStatistics.GrantedAccessErrors++; SrvSetSmbError( WorkContext, STATUS_ACCESS_DENIED ); status = STATUS_ACCESS_DENIED; SmbStatus = SmbStatusSendResponse; goto Cleanup; } }
try_next_andx:
//
// Check for the Oplock Release flag.
//
nextCommand = request->AndXCommand; if ( (request->LockType & LOCKING_ANDX_OPLOCK_RELEASE) != 0 ) {
oplockBreakResponse = ProcessOplockBreakResponse( WorkContext, rfcb, request );
//
// We have (synchronously) completed processing this SMB. If this
// was an oplock break response, with no lock request, and no And X
// command, do not send a reply.
//
if( lockCount == 0 && nextCommand == SMB_COM_NO_ANDX_COMMAND ) { if( oplockBreakResponse || unlockCount == 0 ) { SmbStatus = SmbStatusNoResponse; goto Cleanup; } } }
//
//
// Set up the response, then check for an AndX command.
//
reqAndXOffset = SmbGetUshort( &request->AndXOffset );
response->AndXCommand = nextCommand; response->AndXReserved = 0; SmbPutUshort( &response->AndXOffset, GET_ANDX_OFFSET( WorkContext->ResponseHeader, WorkContext->ResponseParameters, RESP_LOCKING_ANDX, 0 ) );
response->WordCount = 2; SmbPutUshort( &response->ByteCount, 0 );
WorkContext->ResponseParameters = (PCHAR)WorkContext->ResponseHeader + SmbGetUshort( &response->AndXOffset );
//
// Test for legal followon command.
//
if ( nextCommand == SMB_COM_NO_ANDX_COMMAND ) {
IF_DEBUG(TRACE2) KdPrint(( "SrvSmbLockingAndX complete.\n" )); SmbStatus = SmbStatusSendResponse; goto Cleanup; }
//
// Make sure the AndX command is still within the received SMB
//
if( (PCHAR)WorkContext->RequestHeader + reqAndXOffset >= END_OF_REQUEST_SMB( WorkContext ) ) {
IF_DEBUG(SMB_ERRORS) { KdPrint(( "SrvSmbLockingAndX: Illegal followon offset: %u\n", reqAndXOffset )); }
SrvLogInvalidSmb( WorkContext );
//
// Return an error indicating that the followon command was bad.
//
SrvSetSmbError( WorkContext, STATUS_INVALID_SMB ); status = STATUS_INVALID_SMB; SmbStatus = SmbStatusSendResponse; goto Cleanup; }
if ( nextCommand == SMB_COM_LOCKING_ANDX ) {
UCHAR wordCount; PSMB_USHORT byteCount; ULONG availableSpaceForSmb;
WorkContext->NextCommand = nextCommand;
WorkContext->RequestParameters = (PCHAR)WorkContext->RequestHeader + reqAndXOffset;
//
// Validate the next locking and x chain
//
//
// Get the WordCount and ByteCount values to make sure that there
// was enough information sent to satisfy the specifications.
//
wordCount = *((PUCHAR)WorkContext->RequestParameters); byteCount = (PSMB_USHORT)( (PCHAR)WorkContext->RequestParameters + sizeof(UCHAR) + (8 * sizeof(USHORT)) ); availableSpaceForSmb = (ULONG)(WorkContext->RequestBuffer->DataLength - ( (PCHAR)WorkContext->ResponseParameters - (PCHAR)WorkContext->RequestBuffer->Buffer ));
if ( (wordCount == 8) && ((PCHAR)byteCount <= (PCHAR)WorkContext->RequestBuffer->Buffer + WorkContext->RequestBuffer->DataLength - sizeof(USHORT)) && (8*sizeof(USHORT) + sizeof(UCHAR) + sizeof(USHORT) + SmbGetUshort( byteCount ) <= availableSpaceForSmb) ) {
//
// Update the request/response pointers
//
request = (PREQ_LOCKING_ANDX)WorkContext->RequestParameters; response = (PRESP_LOCKING_ANDX)WorkContext->ResponseParameters; goto start_lockingAndX;
} else {
//
// Let the regular check fail this.
//
SmbStatus = SmbStatusMoreCommands; goto Cleanup; } }
switch ( nextCommand ) {
case SMB_COM_READ: case SMB_COM_READ_ANDX: case SMB_COM_WRITE: case SMB_COM_WRITE_ANDX: case SMB_COM_FLUSH:
break;
case SMB_COM_CLOSE:
//
// Call SrvRestartChainedClose to get the file time set and the
// file closed.
//
closeRequest = (PREQ_CLOSE)((PUCHAR)WorkContext->RequestHeader + reqAndXOffset);
//
// Make sure we stay within the SMB buffer
//
if( (PCHAR)closeRequest + FIELD_OFFSET(REQ_CLOSE,ByteCount) <= END_OF_REQUEST_SMB( WorkContext ) ) {
WorkContext->Parameters.LastWriteTime = closeRequest->LastWriteTimeInSeconds;
SrvRestartChainedClose( WorkContext );
SmbStatus = SmbStatusInProgress; goto Cleanup; }
/* Falls Through! */
default: // Illegal followon command
IF_DEBUG(SMB_ERRORS) { KdPrint(( "SrvSmbLockingAndX: Illegal followon command: 0x%lx\n", nextCommand )); }
SrvLogInvalidSmb( WorkContext );
//
// Return an error indicating that the followon command was bad.
//
SrvSetSmbError( WorkContext, STATUS_INVALID_SMB ); status = STATUS_INVALID_SMB; SmbStatus = SmbStatusSendResponse; goto Cleanup; }
//
// If there is an AndX command, set up to process it. Otherwise,
// indicate completion to the caller.
//
WorkContext->NextCommand = nextCommand; WorkContext->RequestParameters = (PCHAR)WorkContext->RequestHeader + reqAndXOffset;
SmbStatus = SmbStatusMoreCommands;
Cleanup: SrvWmiEndContext(WorkContext); return SmbStatus;} // SrvSmbLockingAndX
�SMB_PROCESSOR_RETURN_TYPESrvSmbUnlockByteRange ( SMB_PROCESSOR_PARAMETERS )
/*++
Routine Description:
Processes the Unlock SMB.
Arguments:
SMB_PROCESSOR_PARAMETERS - See smbtypes.h for a description of the parameters to SMB processor routines.
Return Value:
SMB_PROCESSOR_RETURN_TYPE - See smbtypes.h
--*/
{ PREQ_UNLOCK_BYTE_RANGE request; PRESP_UNLOCK_BYTE_RANGE response;
NTSTATUS status = STATUS_SUCCESS; SMB_STATUS SmbStatus = SmbStatusInProgress; USHORT fid; LARGE_INTEGER length; LARGE_INTEGER offset; ULONG key;
PRFCB rfcb; PLFCB lfcb;
PAGED_CODE( ); if (WorkContext->PreviousSMB == EVENT_TYPE_SMB_LAST_EVENT) WorkContext->PreviousSMB = EVENT_TYPE_SMB_UNLOCK_BYTE_RANGE; SrvWmiStartContext(WorkContext);
request = (PREQ_UNLOCK_BYTE_RANGE)WorkContext->RequestParameters; response = (PRESP_UNLOCK_BYTE_RANGE)WorkContext->ResponseParameters;
//
// Get the offset and length of the range being locked. Combine the
// FID with the caller's PID to form the local lock key.
//
// *** The FID must be included in the key in order to account for
// the folding of multiple remote compatibility mode opens into
// a single local open.
//
offset.QuadPart = SmbGetUlong( &request->Offset ); length.QuadPart = SmbGetUlong( &request->Count ); fid = SmbGetUshort( &request->Fid );
IF_SMB_DEBUG(LOCK1) { KdPrint(( "Unlock request; FID 0x%lx, count %ld, offset %ld\n", fid, length.LowPart, offset.LowPart )); }
//
// Verify the FID. If verified, the RFCB block is referenced
// and its addresses is stored in the WorkContext block, and the
// RFCB address is returned.
//
rfcb = SrvVerifyFid( WorkContext, fid, TRUE, SrvRestartSmbReceived, // serialize with raw write
&status );
if ( rfcb == SRV_INVALID_RFCB_POINTER ) {
if ( !NT_SUCCESS( status ) ) {
//
// Invalid file ID or write behind error. Reject the request.
//
IF_DEBUG(ERRORS) { KdPrint(( "SrvSmbUnlockByteRange: Status %X on FID: 0x%lx\n", status, fid )); }
SrvSetSmbError( WorkContext, status ); SmbStatus = SmbStatusSendResponse; goto Cleanup; }
//
// The work item has been queued because a raw write is in
// progress.
//
SmbStatus = SmbStatusInProgress; goto Cleanup; }
lfcb = rfcb->Lfcb;
//
// Verify that the client has unlock access to the file via the
// specified handle.
//
if ( !rfcb->UnlockAccessGranted) {
SrvStatistics.GrantedAccessErrors++;
IF_DEBUG(ERRORS) { KdPrint(( "SrvSmbLockByteRange: Unlock access not granted.\n")); }
SrvSetSmbError( WorkContext, STATUS_ACCESS_DENIED ); status = STATUS_ACCESS_DENIED; SmbStatus = SmbStatusSendResponse; goto Cleanup; }
//
// Issue the Unlock request.
//
// *** Note that we do the Unlock synchronously. Unlock is a quick
// operation, so there's no point in doing it asynchronously.
// In order to do this, we have to let normal I/O completion
// happen (so the event is set), which means that we have to
// allocate a new IRP (I/O completion likes to deallocate an
// IRP). This is a little wasteful, since we've got a perfectly
// good IRP hanging around. However, we do try to use the turbo
// path first, so in most cases we won't actually issue an I/O
// request.
//
key = rfcb->ShiftedFid | SmbGetAlignedUshort( &WorkContext->RequestHeader->Pid );
IF_SMB_DEBUG(LOCK2) { KdPrint(( "SrvSmbUnlockByteRange: Unlocking in file 0x%p: ", lfcb->FileObject )); KdPrint(( "(%lx%08lx,%lx%08lx), ", offset.HighPart, offset.LowPart, length.HighPart, length.LowPart )); KdPrint(( "key 0x%lx\n", key )); }
status = SrvIssueUnlockRequest( lfcb->FileObject, // target file object
&lfcb->DeviceObject, // target device object
IRP_MN_UNLOCK_SINGLE, // unlock operation
offset, // byte offset
length, // range length
key // lock key
);
//
// If the unlock request failed, set an error status in the response
// header; otherwise, build a normal response message.
//
if ( !NT_SUCCESS(status) ) {
IF_DEBUG(ERRORS) { KdPrint(( "SrvSmbUnlockByteRange: Unlock failed: %X\n", status )); } SrvSetSmbError( WorkContext, status );
} else {
response->WordCount = 0; SmbPutUshort( &response->ByteCount, 0 );
InterlockedDecrement( &rfcb->NumberOfLocks );
WorkContext->ResponseParameters = NEXT_LOCATION( response, RESP_UNLOCK_BYTE_RANGE, 0 );
}
//
// Processing of the SMB is complete.
//
SmbStatus = SmbStatusSendResponse; IF_DEBUG(TRACE2) KdPrint(( "SrvSmbUnlockByteRange complete\n" ));
Cleanup: SrvWmiEndContext(WorkContext); return SmbStatus;
} // SrvSmbUnlockByteRange
�BOOLEANCancelLockRequest ( IN PWORK_CONTEXT WorkContext, IN USHORT TargetFid, IN USHORT TargetPid, IN LARGE_INTEGER TargetOffset, IN LARGE_INTEGER TargetLength )
/*++
Routine Description:
This function searches for a lock request in progress. If the request is found, the request IRP is cancelled.
Arguments:
WorkContext - A pointer to the work information for this request.
TargetFid - The server supplied FID of the file for the original lock request
TargetPid - The server supplied PID of the file for the original lock request
TargetOffset - The offset in the file of the original lock request
TargetLength - The length of the byte range of the original lock request
Return Value:
TRUE - The lock request was cancelled. FALSE - The lock request could not be cancelled.
--*/
{ BOOLEAN match; USHORT targetTid, targetUid; PWORK_CONTEXT workContext; PCONNECTION connection; PSMB_HEADER header; PREQ_LOCKING_ANDX request; BOOLEAN success;
PNTLOCKING_ANDX_RANGE largeRange; PLOCKING_ANDX_RANGE smallRange; BOOLEAN largeFileLock; USHORT pid; LARGE_INTEGER offset; LARGE_INTEGER length;
KIRQL oldIrql;
PLIST_ENTRY listHead; PLIST_ENTRY listEntry;
UNLOCKABLE_CODE( 8FIL );
match = FALSE; targetTid = WorkContext->RequestHeader->Tid; targetUid = WorkContext->RequestHeader->Uid;
connection = WorkContext->Connection;
ACQUIRE_SPIN_LOCK( connection->EndpointSpinLock, &oldIrql );
//
// Scan the list of SMBs in progress looking for a locking and X SMB
// that exactly matches the one we are trying to cancel.
//
listHead = &WorkContext->Connection->InProgressWorkItemList; listEntry = listHead; while ( listEntry->Flink != listHead ) {
listEntry = listEntry->Flink;
workContext = CONTAINING_RECORD( listEntry, WORK_CONTEXT, InProgressListEntry );
header = workContext->RequestHeader; request = (PREQ_LOCKING_ANDX) workContext->RequestParameters;
//
// Some workitems in the inprogressworkitemlist are added
// during a receive indication and the requestheader field
// has not been set yet. We can probably set it at that time
// but this seems to be the safest fix.
//
if ( header != NULL && request != NULL ) {
smallRange = WorkContext->Parameters.Lock.LockRange; largeRange = WorkContext->Parameters.Lock.LockRange;
largeFileLock = (BOOLEAN)( (request->LockType & LOCKING_ANDX_LARGE_FILES) != 0 );
ParseLockData( largeFileLock, smallRange, largeRange, &pid, &offset, &length );
ACQUIRE_DPC_SPIN_LOCK( &workContext->SpinLock ); if ( (workContext->BlockHeader.ReferenceCount != 0) && (workContext->ProcessingCount != 0) && header->Command == SMB_COM_LOCKING_ANDX && request->Fid == TargetFid && SmbGetAlignedUshort( &header->Tid ) == targetTid && SmbGetAlignedUshort( &header->Uid ) == targetUid && pid == TargetPid && offset.QuadPart == TargetOffset.QuadPart && length.QuadPart == TargetLength.QuadPart ) {
match = TRUE; break; } RELEASE_DPC_SPIN_LOCK( &workContext->SpinLock );
} }
if ( match ) {
//
// Reference the work item, so that it cannot get used to process
// a new SMB while we are trying to cancel the old one.
//
SrvReferenceWorkItem( workContext ); RELEASE_DPC_SPIN_LOCK( &workContext->SpinLock ); RELEASE_SPIN_LOCK( connection->EndpointSpinLock, oldIrql );
success = IoCancelIrp( workContext->Irp ); SrvDereferenceWorkItem( workContext );
} else {
RELEASE_SPIN_LOCK( connection->EndpointSpinLock, oldIrql );
success = FALSE; }
return success;
} // CancelLockRequest
�VOIDDoLockingAndX ( IN OUT PWORK_CONTEXT WorkContext, IN BOOLEAN SkipFastPath )
/*++
Routine Description:
Processes the LockingAndX SMB, using the fast lock path. As long as the fast lock path works, we continue to loop through the locks specified in the LockingAndX request. As soon as the fast path fails, however, we jump into the slow IRP-based path.
Arguments:
WorkContext - Supplies a pointer to the work context block describing server-specific context for the request.
SkipFastPath - Indicates whether this routine should try the fast lock path before submitting an IRP.
Return Value:
None.
--*/
{ PREQ_LOCKING_ANDX request;
PLOCKING_ANDX_RANGE smallRange; PNTLOCKING_ANDX_RANGE largeRange;
PRFCB rfcb; PLFCB lfcb; USHORT pid; CLONG lockCount; CLONG count;
LARGE_INTEGER length; LARGE_INTEGER offset; ULONG key; BOOLEAN largeFileLock;
BOOLEAN failImmediately; BOOLEAN exclusiveLock;
ULONG lockTimeout; PSRV_TIMER timer;
PAGED_CODE( );
//
// Get the request parameter pointer.
//
request = (PREQ_LOCKING_ANDX)WorkContext->RequestParameters;
//
// Get the file pointer, the count of locks requested, the count of
// locks already performed, and a pointer to the current lock range.
//
rfcb = WorkContext->Rfcb; lfcb = rfcb->Lfcb;
lockCount = SmbGetUshort( &request->NumberOfLocks ); count = SmbGetUshort( &request->NumberOfUnlocks );
largeFileLock = (BOOLEAN)( (request->LockType & LOCKING_ANDX_LARGE_FILES) != 0 );
//
// Only one of the two pointers below is actually ever referenced.
//
smallRange = WorkContext->Parameters.Lock.LockRange; largeRange = WorkContext->Parameters.Lock.LockRange;
//
// Does the client want an exclusive lock or a shared lock?
//
exclusiveLock = (BOOLEAN)( (request->LockType & LOCKING_ANDX_SHARED_LOCK) == 0 );
//
// Loop through the lock requests. We exit this loop when either
// we have processed all of the lock ranges or the fast lock path
// fails.
//
ASSERT ( count < lockCount );
while ( TRUE ) {
//
// Form the key for the lock. Get the offset and length
// of the range.
//
ParseLockData( largeFileLock, smallRange, largeRange, &pid, &offset, &length );
key = rfcb->ShiftedFid | pid;
IF_SMB_DEBUG(LOCK2) { KdPrint(( "DoLockingAndX: Locking in file 0x%p: ", lfcb->FileObject )); KdPrint(( "(%lx%08lx, %lx%08lx), ", offset.HighPart, offset.LowPart, length.HighPart, length.LowPart )); KdPrint(( "key 0x%lx\n", key )); }
lockTimeout = SmbGetUlong( &request->Timeout ); if ( (lockTimeout < SrvLockViolationDelay) && ((offset.QuadPart == rfcb->PagedRfcb->LastFailingLockOffset.QuadPart) || (offset.QuadPart >= SrvLockViolationOffset)) ) { lockTimeout = SrvLockViolationDelay; }#if SRVDBG_PERF
if ( LockWaitForever ) { lockTimeout = (ULONG)-1; }#endif
failImmediately = (BOOLEAN)(lockTimeout == 0);
if ( SkipFastPath ) {
SkipFastPath = FALSE;
} else {
//
// Try the turbo lock path first.
//
#if SRVDBG_PERF
WorkContext->Irp->IoStatus.Status = STATUS_SUCCESS; if ( (LockBypass == 3) || ((LockBypass == 2) && (offset.LowPart >= LockBypassMirror)) || ((LockBypass == 1) && (offset.LowPart >= LockBypassConst)) ||#else
if (#endif
((lfcb->FastIoLock != NULL) && lfcb->FastIoLock( lfcb->FileObject, &offset, &length, IoGetCurrentProcess(), key, failImmediately, exclusiveLock, &WorkContext->Irp->IoStatus, lfcb->DeviceObject )) ) {
//
// The turbo path worked. If the lock was not obtained,
// drop into the restart routine to return the error.
// Otherwise, update pointers and counters and continue.
//
INCREMENT_DEBUG_STAT2( SrvDbgStatistics.FastLocksAttempted ); if ( !NT_SUCCESS(WorkContext->Irp->IoStatus.Status) ) { RestartLockingAndX( WorkContext ); return; }
//
// Increment the count of locks on the file.
//
InterlockedIncrement( &rfcb->NumberOfLocks );
//
// If this isn't the last lock, update context
// information. If it is, RestartLockingAndX will do
// this.
//
count++; // another lock obtained
if ( count < lockCount ) {
SmbPutUshort( &request->NumberOfUnlocks, (USHORT)count );
if (largeFileLock) { largeRange++; // point to next lock range
WorkContext->Parameters.Lock.LockRange = (PVOID)largeRange; } else { smallRange++; // point to next lock range
WorkContext->Parameters.Lock.LockRange = (PVOID)smallRange; }
} else {
//
// The fast lock path successfully locked all of the
// requested ranges. Call RestartLockingAndX
// directly to complete processing of the SMB.
//
WorkContext->Irp->IoStatus.Status = STATUS_SUCCESS; RestartLockingAndX( WorkContext ); return;
}
continue;
} else {
//
// The turbo path failed, or didn't exist.
//
if ( lfcb->FastIoLock ) { INCREMENT_DEBUG_STAT2( SrvDbgStatistics.FastLocksAttempted ); INCREMENT_DEBUG_STAT2( SrvDbgStatistics.FastLocksFailed ); }
}
}
//
// The turbo path failed, or was bypassed, or didn't exist.
// Start the lock request, reusing the receive IRP.
//
// If we plan to wait for the range to be available, but not
// indefinitely, we'll need a timer structure.
//
timer = NULL; if ( !failImmediately ) { ASSERT( lockTimeout != 0 ); if ( lockTimeout != (ULONG)-1 ) { timer = SrvAllocateTimer( ); if ( timer == NULL ) { failImmediately = TRUE; } } }
SrvBuildLockRequest( WorkContext->Irp, // input IRP address
lfcb->FileObject, // target file object address
WorkContext, // context
offset, // byte offset
length, // range length
key, // lock key
failImmediately, exclusiveLock );
WorkContext->FsdRestartRoutine = SrvQueueWorkToFspAtDpcLevel; WorkContext->FspRestartRoutine = RestartLockingAndX;
//
// Start the timer, if necessary.
//
if ( timer != NULL ) { LARGE_INTEGER TimeOut;
ASSERT( lockTimeout != 0 ); ASSERT( !failImmediately ); WorkContext->Parameters.Lock.Timer = timer; TimeOut.QuadPart = Int32x32To64( lockTimeout, -1*10*1000);
SrvSetTimer( timer, &TimeOut, TimeoutLockRequest, WorkContext ); }
//
// Pass the request to the file system.
//
(VOID)IoCallDriver( lfcb->DeviceObject, WorkContext->Irp );
//
// The lock request has been started.
//
IF_DEBUG(TRACE2) KdPrint(( "DoLockingAndX complete\n" )); return;
} // while ( TRUE )
// can't get here
} // DoLockingAndX
�BOOLEANProcessOplockBreakResponse( IN PWORK_CONTEXT WorkContext, IN PRFCB Rfcb, IN PREQ_LOCKING_ANDX Request )
/*++
Routine Description:
This function searches for a lock request in progress. If the request is found, the request IRP is cancelled.
Arguments:
WorkContext - A pointer to the work information for this request. Rfcb - A pointer to the rfcb containing the file and oplock information. Request - The request lockingandx smb.
Return Value:
TRUE - Valid oplock break response FALSE - otherwise.
--*/
{ PAGED_CODE( );
ACQUIRE_LOCK( &SrvOplockBreakListLock );
if ( Rfcb->OnOplockBreaksInProgressList ) {
Rfcb->NewOplockLevel = NO_OPLOCK_BREAK_IN_PROGRESS;
//
// Remove the Rfcb from the Oplock breaks in progress list, and
// release the Rfcb reference.
//
SrvRemoveEntryList( &SrvOplockBreaksInProgressList, &Rfcb->ListEntry ); Rfcb->OnOplockBreaksInProgressList = FALSE;#if DBG
Rfcb->ListEntry.Flink = Rfcb->ListEntry.Blink = NULL;#endif
RELEASE_LOCK( &SrvOplockBreakListLock );
//
// Update the session lock sequence number.
//
WorkContext->Connection->LatestOplockBreakResponse = WorkContext->Timestamp;
SrvAcknowledgeOplockBreak( Rfcb, Request->OplockLevel ); SrvDereferenceRfcb( Rfcb );
ExInterlockedAddUlong( &WorkContext->Connection->OplockBreaksInProgress, (ULONG)-1, WorkContext->Connection->EndpointSpinLock );
return(TRUE);
} else {
RELEASE_LOCK( &SrvOplockBreakListLock );
}
return(FALSE);
} // ProcessOplockBreakResponse
�VOID SRVFASTCALLRestartLockByteRange ( IN OUT PWORK_CONTEXT WorkContext )
/*++
Routine Description:
Processes file lock completion for a Lock SMB.
Arguments:
WorkContext - Supplies a pointer to the work context block describing server-specific context for the request.
Return Value:
None.
--*/
{ PREQ_LOCK_BYTE_RANGE request; PRESP_LOCK_BYTE_RANGE response;
LARGE_INTEGER offset; NTSTATUS status = STATUS_SUCCESS; PSRV_TIMER timer; BOOLEAN iAmBlockingThread = (WorkContext->UsingBlockingThread != 0);
PAGED_CODE( ); if (iAmBlockingThread) { if (WorkContext->PreviousSMB == EVENT_TYPE_SMB_LAST_EVENT) WorkContext->PreviousSMB = EVENT_TYPE_SMB_LOCK_BYTE_RANGE; SrvWmiStartContext(WorkContext); }
IF_DEBUG(WORKER1) KdPrint(( " - RestartLockByteRange\n" ));
//
// If this request was being timed, cancel the timer.
//
timer = WorkContext->Parameters.Lock.Timer; if ( timer != NULL ) { SrvCancelTimer( timer ); SrvFreeTimer( timer ); }
//
// Get the request and response parameter pointers.
//
response = (PRESP_LOCK_BYTE_RANGE)WorkContext->ResponseParameters;
status = WorkContext->Irp->IoStatus.Status;
if ( NT_SUCCESS(status) ) {
response->WordCount = 0; SmbPutUshort( &response->ByteCount, 0 );
InterlockedIncrement( &WorkContext->Rfcb->NumberOfLocks );
WorkContext->ResponseParameters = NEXT_LOCATION( response, RESP_LOCK_BYTE_RANGE, 0 );
//
// Processing of the SMB is complete. Call SrvEndSmbProcessing
// to send the response.
//
SrvEndSmbProcessing( WorkContext, SmbStatusSendResponse );
} else {
INCREMENT_DEBUG_STAT2( SrvDbgStatistics.LockViolations );
//
// Store the failing lock offset.
//
request = (PREQ_LOCK_BYTE_RANGE)WorkContext->RequestParameters; offset.QuadPart = SmbGetUlong( &request->Offset );
WorkContext->Rfcb->PagedRfcb->LastFailingLockOffset = offset;
//
// Send error message back
//
if ( status == STATUS_CANCELLED ) { status = STATUS_FILE_LOCK_CONFLICT; } SrvSetSmbError( WorkContext, status );
//
// Processing of the SMB is complete. Call SrvEndSmbProcessing
// to send the response.
//
SrvEndSmbProcessing( WorkContext, SmbStatusSendResponse );
}
IF_DEBUG(TRACE2) KdPrint(( "RestartLockByteRange complete\n" )); if (iAmBlockingThread) { SrvWmiEndContext(WorkContext); } return;
} // RestartLockByteRange
�VOID SRVFASTCALLRestartLockingAndX ( IN OUT PWORK_CONTEXT WorkContext )
/*++
Routine Description:
Processes file lock completion for a Locking and X SMB. If more lock requests are present in the SMB, it starts the next one. If not, it formats a response and starts the next command in the chain, if any.
Arguments:
WorkContext - Supplies a pointer to the work context block describing server-specific context for the request.
Return Value:
None.
--*/
{ PREQ_LOCKING_ANDX request; PRESP_LOCKING_ANDX response; PLOCKING_ANDX_RANGE smallRange; PNTLOCKING_ANDX_RANGE largeRange;
NTSTATUS status = STATUS_SUCCESS; USHORT pid; CLONG lockCount; CLONG count;
LARGE_INTEGER length; LARGE_INTEGER offset; ULONG key; BOOLEAN largeFileLock;
UCHAR nextCommand; USHORT reqAndXOffset;
PRFCB rfcb; PLFCB lfcb; PPAGED_RFCB pagedRfcb; PSRV_TIMER timer;
PREQ_CLOSE closeRequest; BOOLEAN iAmBlockingThread = (WorkContext->PreviousSMB == EVENT_TYPE_SMB_LOCKING_AND_X);
PAGED_CODE( ); if (iAmBlockingThread) { if (WorkContext->PreviousSMB == EVENT_TYPE_SMB_LAST_EVENT) WorkContext->PreviousSMB = EVENT_TYPE_SMB_LOCKING_AND_X; SrvWmiStartContext(WorkContext); }
IF_DEBUG(WORKER1) KdPrint(( " - RestartLockingAndX\n" ));
//
// If this request was being timed, cancel the timer.
//
timer = WorkContext->Parameters.Lock.Timer; if ( timer != NULL ) { SrvCancelTimer( timer ); SrvFreeTimer( timer ); WorkContext->Parameters.Lock.Timer = NULL; }
//
// Get the request and response parameter pointers.
//
request = (PREQ_LOCKING_ANDX)WorkContext->RequestParameters; response = (PRESP_LOCKING_ANDX)WorkContext->ResponseParameters;
//
// Get the file pointer, the count of locks requested, the count of
// locks already performed, and a pointer to the current lock range.
//
rfcb = WorkContext->Rfcb; pagedRfcb = rfcb->PagedRfcb; lfcb = rfcb->Lfcb;
lockCount = SmbGetUshort( &request->NumberOfLocks ); count = SmbGetUshort( &request->NumberOfUnlocks );
largeFileLock = (BOOLEAN)( (request->LockType & LOCKING_ANDX_LARGE_FILES) != 0 );
//
// Only one of the two pointers below is actually ever referenced.
//
smallRange = WorkContext->Parameters.Lock.LockRange; largeRange = WorkContext->Parameters.Lock.LockRange;
//
// If the lock request failed, set an error status in the response
// header and release any previously obtained locks.
//
status = WorkContext->Irp->IoStatus.Status;
if ( !NT_SUCCESS(status) ) {
INCREMENT_DEBUG_STAT2( SrvDbgStatistics.LockViolations );
IF_DEBUG(ERRORS) { KdPrint(( "RestartLockingAndX: lock failed: %X\n", status )); } if ( status == STATUS_CANCELLED ) { status = STATUS_FILE_LOCK_CONFLICT; } SrvSetSmbError( WorkContext, status );
ParseLockData( largeFileLock, smallRange, largeRange, &pid, &offset, &length );
//
// Store the failing lock offset.
//
pagedRfcb->LastFailingLockOffset = offset;
//
// Release any previously obtained locks, in reverse order.
//
for ( smallRange--, largeRange--; count > 0; count--, smallRange--, largeRange-- ) {
//
// Form the key for this lock. Get the offset and length of
// the range.
//
ParseLockData( largeFileLock, smallRange, largeRange, &pid, &offset, &length );
key = rfcb->ShiftedFid | pid;
IF_SMB_DEBUG(LOCK2) { KdPrint(( "RestartLockingAndX: Unlocking in file 0x%p: ", lfcb->FileObject )); KdPrint(( "(%lx%08lx,%lx%08lx), ", offset.HighPart, offset.LowPart, length.HighPart, length.LowPart )); KdPrint(( "key 0x%lx\n", key )); }
//
// Issue the Unlock request.
//
status = SrvIssueUnlockRequest( lfcb->FileObject, // target file object
&lfcb->DeviceObject, // target device object
IRP_MN_UNLOCK_SINGLE, // unlock operation
offset, // byte offset
length, // range length
key // lock key
);
if ( NT_SUCCESS(status) ) { InterlockedDecrement( &rfcb->NumberOfLocks ); } else { IF_DEBUG(ERRORS) { KdPrint(( "RestartLockingAndX: Unlock failed: %X\n", status )); } }
} // for ( range--; count > 0; count--, range-- )
//
// Processing of the SMB is complete. Call SrvEndSmbProcessing
// to send the response.
//
SrvEndSmbProcessing( WorkContext, SmbStatusSendResponse ); IF_DEBUG(TRACE2) KdPrint(( "RestartLockingAndX complete\n" )); goto Cleanup; }
//
// The lock request succeeded. Update the count of locks on the
// RFCB and start the next one, if any.
//
InterlockedIncrement( &rfcb->NumberOfLocks );
count++; // another lock obtained
smallRange++, largeRange++; // point to next lock range
if ( count < lockCount ) {
//
// There is at least one more lock request. Save the updated
// context information.
//
SmbPutUshort( &request->NumberOfUnlocks, (USHORT)count );
if (largeFileLock) { WorkContext->Parameters.Lock.LockRange = (PVOID)largeRange; } else { WorkContext->Parameters.Lock.LockRange = (PVOID)smallRange; }
//
// Call the lock request processor. (Note that DoLockingAndX
// can call this routine (RestartLockingAndX) recursively, but
// only with !NT_SUCCESS(status), so we won't get back here and
// won't get stuck.
//
// Form the key for the lock. Get the offset and length of the
// range.
//
DoLockingAndX( WorkContext, FALSE ); IF_DEBUG(TRACE2) KdPrint(( "RestartLockingAndX complete\n" )); goto Cleanup; }
//
// There are no more lock requests in the SMB. Check for the Oplock
// Release flag.
//
if ( (request->LockType & LOCKING_ANDX_OPLOCK_RELEASE) != 0 ) {
(VOID)ProcessOplockBreakResponse( WorkContext, rfcb, request); }
//
// We have (asynchronously) completed processing this SMB. Set up
// the response, then check for an AndX command.
//
nextCommand = request->AndXCommand;
reqAndXOffset = SmbGetUshort( &request->AndXOffset );
response->AndXCommand = nextCommand; response->AndXReserved = 0; SmbPutUshort( &response->AndXOffset, GET_ANDX_OFFSET( WorkContext->ResponseHeader, WorkContext->ResponseParameters, RESP_LOCKING_ANDX, 0 ) );
response->WordCount = 2; SmbPutUshort( &response->ByteCount, 0 );
WorkContext->ResponseParameters = (PCHAR)WorkContext->ResponseHeader + SmbGetUshort( &response->AndXOffset );
//
// If there is an AndX command, set up to process it. Otherwise,
// indicate completion to the caller.
//
if ( nextCommand == SMB_COM_NO_ANDX_COMMAND ) {
//
// Processing of the SMB is complete. Call SrvEndSmbProcessing
// to send the response.
//
// Build the response parameters.
//
PRESP_CLOSE closeResponse = WorkContext->ResponseParameters;
closeResponse->WordCount = 0; SmbPutUshort( &closeResponse->ByteCount, 0 );
WorkContext->ResponseParameters = NEXT_LOCATION( closeResponse, RESP_CLOSE, 0 );
SrvEndSmbProcessing( WorkContext, SmbStatusSendResponse ); IF_DEBUG(TRACE2) KdPrint(( "RestartLockingAndX complete\n" )); goto Cleanup; }
//
// Make sure the AndX command is still within the received SMB
//
if( (PCHAR)WorkContext->RequestHeader + reqAndXOffset >= END_OF_REQUEST_SMB( WorkContext ) ) {
IF_DEBUG(SMB_ERRORS) { KdPrint(( "RestartLockingAndX: Illegal followon offset: %u\n", reqAndXOffset )); }
SrvLogInvalidSmb( WorkContext );
//
// Return an error indicating that the followon command was bad.
//
SrvSetSmbError( WorkContext, STATUS_INVALID_SMB ); status = STATUS_INVALID_SMB; SrvEndSmbProcessing( WorkContext, SmbStatusSendResponse ); goto Cleanup; }
//
// Test for legal followon command.
//
switch ( nextCommand ) {
case SMB_COM_READ: case SMB_COM_READ_ANDX: case SMB_COM_WRITE: case SMB_COM_WRITE_ANDX: case SMB_COM_LOCKING_ANDX: case SMB_COM_FLUSH:
break;
case SMB_COM_CLOSE:
//
// Call SrvRestartChainedClose to get the file time set and the
// file closed.
//
closeRequest = (PREQ_CLOSE)((PUCHAR)WorkContext->RequestHeader + reqAndXOffset);
if( (PCHAR)closeRequest + FIELD_OFFSET(REQ_CLOSE,ByteCount) <= END_OF_REQUEST_SMB( WorkContext ) ) {
WorkContext->Parameters.LastWriteTime = closeRequest->LastWriteTimeInSeconds;
SrvRestartChainedClose( WorkContext ); goto Cleanup; }
default: // Illegal followon command
IF_DEBUG(SMB_ERRORS) { KdPrint(( "RestartLockingAndX: Illegal followon command: 0x%lx\n", nextCommand )); }
SrvLogInvalidSmb( WorkContext );
//
// Return an error indicating that the followon command was bad.
//
SrvSetSmbError( WorkContext, STATUS_INVALID_SMB ); status = STATUS_INVALID_SMB; SrvEndSmbProcessing( WorkContext, SmbStatusSendResponse ); IF_DEBUG(TRACE2) KdPrint(( "RestartLockingAndX complete\n" )); goto Cleanup; }
WorkContext->NextCommand = nextCommand;
WorkContext->RequestParameters = (PCHAR)WorkContext->RequestHeader + reqAndXOffset;
SrvProcessSmb( WorkContext ); IF_DEBUG(TRACE2) KdPrint(( "RestartLockingAndX complete\n" ));
Cleanup: if (iAmBlockingThread) { SrvWmiEndContext(WorkContext); } return;} // RestartLockingAndX
�VOIDSrvAcknowledgeOplockBreak ( IN PRFCB Rfcb, IN UCHAR NewOplockLevel )
/*++
Routine Description:
This function is called when a client has sent an oplock break acknowledgement. It acknowledges the oplock break locally.
Arguments:
Rfcb - A pointer to the RFCB for the file on which the oplock is being released.
NewOplockLevel - The oplock level to break to.
Return Value:
None.
--*/
{ PPAGED_RFCB pagedRfcb = Rfcb->PagedRfcb;
PAGED_CODE( );
IF_DEBUG( OPLOCK ) { KdPrint(( "SrvAcknowledgeOplockBreak: received oplock break response\n" )); }
//
// Reference the RFCB to account for the IRP we about to submit.
// If the RFCB is closing, do not bother to acknowledge the oplock.
//
if ( !SrvCheckAndReferenceRfcb( Rfcb ) ) { return; }
if ( Rfcb->OplockState == OplockStateNone ) { KdPrint(("SrvAcknowledgeOplockBreak: ACKed break for RFCB %p, but no break sent\n", Rfcb)); SrvDereferenceRfcb( Rfcb ); return; }
if ( NewOplockLevel == OPLOCK_BROKEN_TO_II ) { Rfcb->OplockState = OplockStateOwnLevelII; } else { Rfcb->OplockState = OplockStateNone; }
//
// Set this event to NULL to indicate the completion routine should clean
// up the irp.
//
Rfcb->RetryOplockRequest = NULL;
//
// Generate and issue the oplock break IRP. This will attempt to
// break the oplock to level 2.
//
// *** If the client understands level II oplocks, do a regular
// acknowledge. If not, do a special acknowledge that does
// not allow the oplock to change to level II. This prevents
// the situation where the oplock package thinks there's a
// level II oplock, but the client(s) don't. In that situation,
// fast I/O (esp. reads) is disabled unnecessarily.
//
SrvBuildIoControlRequest( Rfcb->Irp, Rfcb->Lfcb->FileObject, Rfcb, IRP_MJ_FILE_SYSTEM_CONTROL, (CLIENT_CAPABLE_OF( LEVEL_II_OPLOCKS, Rfcb->Connection ) ? FSCTL_OPLOCK_BREAK_ACKNOWLEDGE : FSCTL_OPLOCK_BREAK_ACK_NO_2), NULL, // Main buffer
0, // Input buffer length
NULL, // Auxiliary buffer
0, // Output buffer length
NULL, // MDL
SrvFsdOplockCompletionRoutine );
(VOID)IoCallDriver( Rfcb->Lfcb->DeviceObject, Rfcb->Irp );
} // SrvAcknowledgeOplockBreak
�VOIDTimeoutLockRequest ( IN PKDPC Dpc, IN PVOID DeferredContext, IN PVOID SystemArgument1, IN PVOID SystemArgument2 ){ PSRV_TIMER timer;
//
// A lock request has been waiting too long. Cancel it.
//
IoCancelIrp( ((PWORK_CONTEXT)DeferredContext)->Irp );
//
// Set the event indicating that the timer routine is done.
//
timer = CONTAINING_RECORD( Dpc, SRV_TIMER, Dpc ); KeSetEvent( &timer->Event, 0, FALSE );
return;}
|
