archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2 Commits
1 Branch
0 Tags
1.5 GiB
Tree: 7b07a90fc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '7b07a90fc1'
${ noResults }
windows-server-2003/net/netbt/smb/sys/init.c

535 lines
15 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. /*++
  3. Copyright (c) 1989-2001 Microsoft Corporation
  5. Module Name:
  7. init.c
  9. Abstract:
  11. Initialization
  13. Author:
  15. Jiandong Ruan
  17. Revision History:
  19. --*/
  21. #include "precomp.h"
  22. #include "init.tmh"
  24. #ifdef ALLOC_PRAGMA
  25. #pragma alloc_text(INIT, SmbInitRegistry)
  26. #pragma alloc_text(PAGE, SmbShutdownRegistry)
  27. #pragma alloc_text(PAGE, SmbInitTdi)
  28. #pragma alloc_text(PAGE, SmbShutdownTdi)
  29. #pragma alloc_text(INIT, SmbCreateSmbDevice)
  30. #pragma alloc_text(PAGE, SmbDestroySmbDevice)
  31. #endif
  33. NTSTATUS
  34. SmbInitRegistry(
  35. IN PUNICODE_STRING RegistryPath
  36. )
  37. {
  38. OBJECT_ATTRIBUTES ObAttr;
  39. NTSTATUS status;
  40. HANDLE hKey = NULL;
  41. UNICODE_STRING uncParams;
  42. ULONG Disposition;
  44. PAGED_CODE();
  46. InitializeObjectAttributes (
  47. &ObAttr,
  48. RegistryPath,
  49. OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE,
  50. NULL,
  51. NULL
  52. );
  53. status = ZwOpenKey (
  54. &hKey,
  55. KEY_READ | KEY_WRITE,
  56. &ObAttr
  57. );
  58. BAIL_OUT_ON_ERROR(status);
  60. RtlInitUnicodeString(&uncParams, L"Parameters");
  61. InitializeObjectAttributes (
  62. &ObAttr,
  63. &uncParams,
  64. OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE,
  65. hKey,
  66. NULL
  67. );
  68. status = ZwCreateKey(
  69. &SmbCfg.ParametersKey,
  70. KEY_READ | KEY_WRITE,
  71. &ObAttr,
  72. 0,
  73. NULL,
  74. 0,
  75. &Disposition
  76. );
  77. BAIL_OUT_ON_ERROR(status);
  79. RtlInitUnicodeString(&uncParams, L"Linkage");
  80. InitializeObjectAttributes (
  81. &ObAttr,
  82. &uncParams,
  83. OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE,
  84. hKey,
  85. NULL
  86. );
  87. status = ZwCreateKey(
  88. &SmbCfg.LinkageKey,
  89. KEY_READ | KEY_WRITE,
  90. &ObAttr,
  91. 0,
  92. NULL,
  93. 0,
  94. &Disposition
  95. );
  96. BAIL_OUT_ON_ERROR(status);
  97. ZwClose(hKey);
  98. hKey = NULL;
  99. return status;
  101. cleanup:
  102. if (SmbCfg.LinkageKey) {
  103. ZwClose(SmbCfg.LinkageKey);
  104. SmbCfg.LinkageKey = NULL;
  105. }
  106. if (SmbCfg.ParametersKey) {
  107. ZwClose(SmbCfg.ParametersKey);
  108. SmbCfg.ParametersKey = NULL;
  109. }
  110. if (hKey) {
  111. ZwClose(hKey);
  112. }
  113. SmbTrace(SMB_TRACE_ERRORS, ("returns %!status!", status));
  114. return status;
  115. }
  117. VOID
  118. SmbShutdownRegistry(
  119. VOID
  120. )
  121. {
  122. PAGED_CODE();
  124. if (SmbCfg.ParametersKey) {
  125. ZwClose(SmbCfg.ParametersKey);
  126. SmbCfg.ParametersKey = NULL;
  127. }
  128. if (SmbCfg.LinkageKey) {
  129. ZwClose(SmbCfg.LinkageKey);
  130. SmbCfg.LinkageKey = NULL;
  131. }
  132. }
  134. #ifdef STANDALONE_SMB
  135. NTSTATUS
  136. SmbInitTdi(
  137. VOID
  138. )
  139. {
  140. UNICODE_STRING ucSmbClientName;
  141. UNICODE_STRING ucSmbProviderName;
  142. TDI_CLIENT_INTERFACE_INFO TdiClientInterface;
  143. NTSTATUS status;
  145. PAGED_CODE();
  147. RtlInitUnicodeString(&ucSmbProviderName, WC_SMB_TDI_PROVIDER_NAME);
  148. status = TdiRegisterProvider (&ucSmbProviderName, &SmbCfg.TdiProviderHandle);
  149. if (NT_SUCCESS (status)) {
  150. //
  151. // Register our Handlers with TDI
  152. //
  153. RtlInitUnicodeString(&ucSmbClientName, WC_SMB_TDI_CLIENT_NAME);
  154. RtlZeroMemory(&TdiClientInterface, sizeof(TdiClientInterface));
  156. TdiClientInterface.MajorTdiVersion = MAJOR_TDI_VERSION;
  157. TdiClientInterface.MinorTdiVersion = MINOR_TDI_VERSION;
  158. TdiClientInterface.ClientName = &ucSmbClientName;
  159. TdiClientInterface.AddAddressHandlerV2 = SmbAddressArrival;
  160. TdiClientInterface.DelAddressHandlerV2 = SmbAddressDeletion;
  161. TdiClientInterface.BindingHandler = SmbBindHandler;
  162. TdiClientInterface.PnPPowerHandler = NULL;
  164. status = TdiRegisterPnPHandlers (&TdiClientInterface, sizeof(TdiClientInterface), &SmbCfg.TdiClientHandle);
  165. if (!NT_SUCCESS (status)) {
  166. TdiDeregisterProvider (SmbCfg.TdiProviderHandle);
  167. SmbCfg.TdiProviderHandle = NULL;
  168. }
  169. }
  171. return status;
  172. }
  174. VOID
  175. SmbShutdownTdi(
  176. VOID
  177. )
  178. {
  179. NTSTATUS status;
  181. PAGED_CODE();
  183. if (SmbCfg.TdiClientHandle) {
  184. status = TdiDeregisterPnPHandlers(SmbCfg.TdiClientHandle);
  185. SmbCfg.TdiClientHandle = NULL;
  186. }
  187. if (SmbCfg.TdiProviderHandle) {
  188. status = TdiDeregisterProvider(SmbCfg.TdiProviderHandle);
  189. SmbCfg.TdiProviderHandle = NULL;
  190. }
  191. }
  192. #else
  193. VOID
  194. SmbSetTdiHandles(
  195. HANDLE ProviderHandle,
  196. HANDLE ClientHandle
  197. )
  198. {
  199. SmbCfg.TdiClientHandle = ClientHandle;
  200. SmbCfg.TdiProviderHandle = ProviderHandle;
  201. }
  202. #endif
  204. NTSTATUS
  205. SmbBuildDeviceAcl(
  206. OUT PACL * DeviceAcl
  207. )
  208. /*++
  210. Routine Description:
  212. (Lifted from SMB - SmbBuildDeviceAcl)
  213. This routine builds an ACL which gives Administrators, LocalService and NetworkService
  214. principals full access. All other principals have no access.
  216. Arguments:
  218. DeviceAcl - Output pointer to the new ACL.
  220. Return Value:
  222. STATUS_SUCCESS or an appropriate error code.
  224. --*/
  225. {
  226. PGENERIC_MAPPING GenericMapping;
  227. PSID AdminsSid, ServiceSid, NetworkSid;
  228. ULONG AclLength;
  229. NTSTATUS Status;
  230. ACCESS_MASK AccessMask = GENERIC_ALL;
  231. PACL NewAcl;
  233. //
  234. // Enable access to all the globally defined SIDs
  235. //
  237. GenericMapping = IoGetFileObjectGenericMapping();
  239. RtlMapGenericMask(&AccessMask, GenericMapping);
  241. AdminsSid = SeExports->SeAliasAdminsSid;
  242. ServiceSid = SeExports->SeLocalServiceSid;
  243. NetworkSid = SeExports->SeNetworkServiceSid;
  245. AclLength = sizeof(ACL) +
  246. 3 * sizeof(ACCESS_ALLOWED_ACE) +
  247. RtlLengthSid(AdminsSid) +
  248. RtlLengthSid(ServiceSid) +
  249. RtlLengthSid(NetworkSid) -
  250. 3 * sizeof(ULONG);
  252. NewAcl = ExAllocatePoolWithTag(PagedPool, AclLength, 'ABMS');
  254. if (NewAcl == NULL) {
  255. return (STATUS_INSUFFICIENT_RESOURCES);
  256. }
  257. Status = RtlCreateAcl(NewAcl, AclLength, ACL_REVISION);
  259. if (!NT_SUCCESS(Status)) {
  260. ExFreePool(NewAcl);
  261. return (Status);
  262. }
  263. Status = RtlAddAccessAllowedAce(
  264. NewAcl,
  265. ACL_REVISION2,
  266. AccessMask,
  267. AdminsSid
  268. );
  270. ASSERT(NT_SUCCESS(Status));
  271. if (!NT_SUCCESS(Status)) {
  272. ExFreePool(NewAcl);
  273. return (Status);
  274. }
  276. Status = RtlAddAccessAllowedAce(
  277. NewAcl,
  278. ACL_REVISION2,
  279. AccessMask,
  280. ServiceSid
  281. );
  283. ASSERT(NT_SUCCESS(Status));
  284. if (!NT_SUCCESS(Status)) {
  285. ExFreePool(NewAcl);
  286. return (Status);
  287. }
  289. Status = RtlAddAccessAllowedAce(
  290. NewAcl,
  291. ACL_REVISION2,
  292. AccessMask,
  293. NetworkSid
  294. );
  296. ASSERT(NT_SUCCESS(Status));
  297. if (!NT_SUCCESS(Status)) {
  298. ExFreePool(NewAcl);
  299. return (Status);
  300. }
  302. *DeviceAcl = NewAcl;
  304. return (STATUS_SUCCESS);
  305. }
  307. NTSTATUS
  308. SmbCreateAdminSecurityDescriptor(PDEVICE_OBJECT dev)
  309. /*++
  311. Routine Description:
  313. (Lifted from NETBT - SmbCreateAdminSecurityDescriptor)
  314. This routine creates a security descriptor which gives access
  315. only to Administrtors and LocalService. This descriptor is used
  316. to access check raw endpoint opens and exclisive access to transport
  317. addresses.
  319. Arguments:
  321. None.
  323. Return Value:
  325. STATUS_SUCCESS or an appropriate error code.
  327. --*/
  329. {
  330. PACL rawAcl = NULL;
  331. NTSTATUS status;
  332. CHAR buffer[SECURITY_DESCRIPTOR_MIN_LENGTH];
  333. PSECURITY_DESCRIPTOR localSecurityDescriptor = (PSECURITY_DESCRIPTOR) buffer;
  334. SECURITY_INFORMATION securityInformation = DACL_SECURITY_INFORMATION;
  336. //
  337. // Build a local security descriptor with an ACL giving only
  338. // administrators and service access.
  339. //
  340. status = SmbBuildDeviceAcl(&rawAcl);
  342. if (!NT_SUCCESS(status)) {
  343. SmbPrint(SMB_TRACE_PNP, ("SMB: Unable to create Raw ACL, error: 0x%08lx\n", status));
  344. return (status);
  345. }
  347. (VOID) RtlCreateSecurityDescriptor(
  348. localSecurityDescriptor,
  349. SECURITY_DESCRIPTOR_REVISION
  350. );
  352. (VOID) RtlSetDaclSecurityDescriptor(
  353. localSecurityDescriptor,
  354. TRUE,
  355. rawAcl,
  356. FALSE
  357. );
  359. //
  360. // Now apply the local descriptor to the raw descriptor.
  361. //
  362. status = SeSetSecurityDescriptorInfo(
  363. NULL,
  364. &securityInformation,
  365. localSecurityDescriptor,
  366. &dev->SecurityDescriptor,
  367. PagedPool,
  368. IoGetFileObjectGenericMapping()
  369. );
  371. if (!NT_SUCCESS(status)) {
  372. SmbPrint(SMB_TRACE_PNP, ("SMB: SeSetSecurity failed: 0x%08lx\n", status));
  373. }
  375. ExFreePool(rawAcl);
  376. return (status);
  377. }
  380. NTSTATUS
  381. SmbCreateSmbDevice(
  382. PSMB_DEVICE *ppDevice,
  383. USHORT Port,
  384. UCHAR EndpointName[NETBIOS_NAME_SIZE]
  385. )
  386. {
  387. PSMB_DEVICE DeviceObject;
  388. NTSTATUS status;
  389. UNICODE_STRING ExportName, ucName;
  391. DeviceObject = NULL;
  392. *ppDevice = NULL;
  394. RtlInitUnicodeString(&ExportName, DD_SMB6_EXPORT_NAME);
  395. status = IoCreateDevice(
  396. SmbCfg.DriverObject,
  397. sizeof(SMB_DEVICE) - sizeof(DEVICE_OBJECT),
  398. &ExportName,
  399. FILE_DEVICE_NETWORK,
  400. FILE_DEVICE_SECURE_OPEN,
  401. FALSE,
  402. (PDEVICE_OBJECT*)&DeviceObject
  403. );
  404. BAIL_OUT_ON_ERROR(status);
  406. DeviceObject->Tag = TAG_SMB6_DEVICE;
  407. KeInitializeSpinLock(&DeviceObject->Lock);
  408. InitializeListHead(&DeviceObject->UnassociatedConnectionList);
  409. InitializeListHead(&DeviceObject->ClientList);
  410. InitializeListHead(&DeviceObject->PendingDeleteConnectionList);
  411. InitializeListHead(&DeviceObject->PendingDeleteClientList);
  413. DeviceObject->ClientBinding = NULL;
  414. DeviceObject->ServerBinding = NULL;
  416. //
  417. // initialization for FIN attack protection
  418. //
  419. DeviceObject->FinAttackProtectionMode = FALSE;
  420. DeviceObject->LeaveFAPM = SmbReadLong (SmbCfg.ParametersKey, SMB_REG_LEAVE_FAPM, 50, 5);
  421. DeviceObject->EnterFAPM = SmbReadLong (SmbCfg.ParametersKey, SMB_REG_ENTER_FAPM,
  422. 400, DeviceObject->LeaveFAPM + 50);
  423. ASSERT(DeviceObject->EnterFAPM > DeviceObject->LeaveFAPM);
  424. if (DeviceObject->LeaveFAPM >= DeviceObject->EnterFAPM) {
  425. DeviceObject->EnterFAPM = 2 * DeviceObject->LeaveFAPM;
  426. }
  427. if (DeviceObject->LeaveFAPM >= DeviceObject->EnterFAPM) {
  428. //
  429. // This means overflow above
  430. //
  431. DeviceObject->LeaveFAPM = 50;
  432. DeviceObject->EnterFAPM = 400;
  433. }
  435. //
  436. // initialization for synch attack protection
  437. //
  438. DeviceObject->MaxBackLog = SmbReadLong(SmbCfg.ParametersKey, L"MaxBackLog", 1000, 100);
  440. InitializeListHead(&DeviceObject->DelayedDisconnectList);
  442. InitializeListHead(&DeviceObject->DelayedDisconnectList);
  443. InitializeListHead(&DeviceObject->PendingDisconnectList);
  444. DeviceObject->PendingDisconnectListNumber = 0;
  445. KeInitializeEvent(&DeviceObject->PendingDisconnectListEmptyEvent,
  446. NotificationEvent, TRUE);
  447. DeviceObject->DisconnectWorkerRunning = FALSE;
  449. DeviceObject->ConnectionPoolWorkerQueued = FALSE;
  451. DeviceObject->SmbServer = NULL;
  452. RtlCopyMemory(DeviceObject->EndpointName, EndpointName, NETBIOS_NAME_SIZE);
  453. ASSERT(DeviceObject->EndpointName[NETBIOS_NAME_SIZE-1] == 0x20);
  455. DeviceObject->Port = Port;
  456. SmbCfg.Tcp4Available = FALSE;
  457. SmbCfg.Tcp6Available = FALSE;
  459. SmbCreateAdminSecurityDescriptor(&DeviceObject->DeviceObject);
  461. *ppDevice = DeviceObject;
  462. return status;
  464. cleanup:
  465. if (DeviceObject) {
  466. if (SmbCfg.Tcp4Available) {
  467. SmbShutdownTCP(&DeviceObject->Tcp4);
  468. SmbCfg.Tcp4Available = FALSE;
  469. }
  470. if (SmbCfg.Tcp6Available) {
  471. SmbShutdownTCP(&DeviceObject->Tcp6);
  472. SmbCfg.Tcp6Available = FALSE;
  473. }
  474. IoDeleteDevice((PDEVICE_OBJECT)DeviceObject);
  475. }
  476. return status;
  477. }
  479. NTSTATUS
  480. SmbDestroySmbDevice(
  481. PSMB_DEVICE pDevice
  482. )
  483. {
  484. NTSTATUS status = STATUS_SUCCESS;
  486. PAGED_CODE();
  488. ASSERT(SmbCfg.Unloading);
  490. if (NULL == pDevice) {
  491. return STATUS_SUCCESS;
  492. }
  494. SmbTdiDeregister(pDevice);
  496. status = KeWaitForSingleObject(
  497. &pDevice->PendingDisconnectListEmptyEvent,
  498. Executive,
  499. KernelMode,
  500. FALSE,
  501. NULL
  502. );
  503. ASSERT(status == STATUS_WAIT_0);
  505. ASSERT(IsListEmpty(&pDevice->DelayedDisconnectList));
  506. ASSERT(IsListEmpty(&pDevice->PendingDisconnectList) && pDevice->PendingDisconnectListNumber == 0);
  507. ASSERT(IsListEmpty(&pDevice->PendingDeleteConnectionList));
  508. ASSERT(IsListEmpty(&pDevice->PendingDeleteClientList));
  510. if (SmbCfg.Tcp4Available) {
  511. status = SmbShutdownTCP(&pDevice->Tcp4);
  512. ASSERT(status == STATUS_SUCCESS);
  513. SmbCfg.Tcp4Available = FALSE;
  514. }
  515. if (SmbCfg.Tcp6Available) {
  516. status = SmbShutdownTCP(&pDevice->Tcp6);
  517. ASSERT(status == STATUS_SUCCESS);
  518. SmbCfg.Tcp6Available = FALSE;
  519. }
  520. ASSERT(status == STATUS_SUCCESS);
  522. SmbShutdownPnP();
  524. if (pDevice->ClientBinding) {
  525. ExFreePool(pDevice->ClientBinding);
  526. pDevice->ClientBinding = NULL;
  527. }
  528. if (pDevice->ServerBinding) {
  529. ExFreePool(pDevice->ServerBinding);
  530. pDevice->ServerBinding = NULL;
  531. }
  532. IoDeleteDevice((PDEVICE_OBJECT)pDevice);
  533. return STATUS_SUCCESS;
  534. }