archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
3 Commits
1 Branch
0 Tags
1.5 GiB
Tree: 827363a95b
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '827363a95b'
${ noResults }
windows-server-2003/termsrv/drivers/termdd/virtual.c

309 lines
12 KiB
Raw Normal View History

commiting as it is
4 years ago
  2. /*************************************************************************
  3. *
  4. * virtual.c
  5. *
  6. * This module contains routines for managing ICA virtual channels.
  7. *
  8. * Copyright 1998, Microsoft.
  9. *
  10. *
  11. *************************************************************************/
  13. /*
  14. * Includes
  15. */
  16. #include <precomp.h>
  17. #pragma hdrstop
  19. NTSTATUS
  20. _IcaCallStack(
  21. IN PICA_STACK pStack,
  22. IN ULONG ProcIndex,
  23. IN OUT PVOID pParms
  24. );
  26. NTSTATUS
  27. IcaFlushChannel (
  28. IN PICA_CHANNEL pChannel,
  29. IN PIRP Irp,
  30. IN PIO_STACK_LOCATION IrpSp
  31. );
  34. NTSTATUS
  35. IcaDeviceControlVirtual(
  36. IN PICA_CHANNEL pChannel,
  37. IN PIRP Irp,
  38. IN PIO_STACK_LOCATION IrpSp
  39. )
  43. /*++
  45. Routine Description:
  47. This is the device control routine for the ICA Virtual channel.
  49. Arguments:
  51. pChannel -- pointer to ICA_CHANNEL object
  53. Irp - Pointer to I/O request packet
  55. IrpSp - pointer to the stack location to use for this request.
  57. Return Value:
  59. NTSTATUS -- Indicates whether the request was successfully queued.
  61. --*/
  63. {
  64. ULONG code;
  65. SD_IOCTL SdIoctl;
  66. NTSTATUS Status;
  67. PICA_STACK pStack;
  68. PVOID pTempBuffer = NULL;
  69. PVOID pInputBuffer = NULL;
  70. PVOID pUserBuffer = NULL;
  71. BOOLEAN bStackIsReferenced = FALSE;
  72. ULONG i;
  74. // these are the set of ioctls that can be expected on non system created VCs.
  75. ULONG PublicIoctls[] =
  76. {
  77. IOCTL_ICA_VIRTUAL_LOAD_FILTER,
  78. IOCTL_ICA_VIRTUAL_UNLOAD_FILTER,
  79. IOCTL_ICA_VIRTUAL_ENABLE_FILTER,
  80. IOCTL_ICA_VIRTUAL_DISABLE_FILTER,
  81. IOCTL_ICA_VIRTUAL_BOUND,
  82. IOCTL_ICA_VIRTUAL_CANCEL_INPUT,
  83. IOCTL_ICA_VIRTUAL_CANCEL_OUTPUT
  84. };
  86. try{
  87. /*
  88. * Extract the IOCTL control code and process the request.
  89. */
  90. code = IrpSp->Parameters.DeviceIoControl.IoControlCode;
  92. TRACECHANNEL(( pChannel, TC_ICADD, TT_API1, "ICADD: IcaDeviceControlVirtual, fc %d, ref %u (enter)\n",
  93. (code & 0x3fff) >> 2, pChannel->RefCount ));
  95. if (!IrpSp->FileObject->FsContext2)
  96. {
  97. /*
  98. * if the object was not created by system. dont let it sent IOCTLS on VCs.
  99. * except for the public ioctls.
  100. */
  102. for ( i=0; i < sizeof(PublicIoctls) / sizeof(PublicIoctls[0]); i++)
  103. {
  104. if (code == PublicIoctls[i])
  105. break;
  106. }
  108. if (i == sizeof(PublicIoctls) / sizeof(PublicIoctls[0]))
  109. {
  110. TRACECHANNEL(( pChannel, TC_ICADD, TT_ERROR, "ICADD: IcaDeviceControlVirtual, denying IOCTL(0x%x) on non-system VC. \n" , code));
  111. return STATUS_ACCESS_DENIED;
  112. }
  113. }
  115. /*
  116. * Process ioctl request
  117. */
  118. switch ( code ) {
  120. case IOCTL_ICA_VIRTUAL_LOAD_FILTER :
  121. case IOCTL_ICA_VIRTUAL_UNLOAD_FILTER :
  122. case IOCTL_ICA_VIRTUAL_ENABLE_FILTER :
  123. case IOCTL_ICA_VIRTUAL_DISABLE_FILTER :
  124. Status = STATUS_INVALID_DEVICE_REQUEST;
  125. break;
  128. case IOCTL_ICA_VIRTUAL_BOUND :
  129. Status = (pChannel->VirtualClass == UNBOUND_CHANNEL) ?
  130. STATUS_INVALID_DEVICE_REQUEST : STATUS_SUCCESS;
  131. break;
  134. case IOCTL_ICA_VIRTUAL_QUERY_MODULE_DATA :
  135. IcaLockConnection( pChannel->pConnect );
  136. if ( IsListEmpty( &pChannel->pConnect->StackHead ) ) {
  137. IcaUnlockConnection( pChannel->pConnect );
  138. return( STATUS_INVALID_DEVICE_REQUEST );
  139. }
  140. pStack = CONTAINING_RECORD( pChannel->pConnect->StackHead.Flink,
  141. ICA_STACK, StackEntry );
  143. if( (pStack->StackClass != Stack_Console) &&
  144. (pStack->StackClass != Stack_Primary) ) {
  145. IcaUnlockConnection( pChannel->pConnect );
  146. return( STATUS_INVALID_DEVICE_REQUEST );
  147. }
  149. IcaReferenceStack( pStack );
  150. bStackIsReferenced = TRUE;
  151. IcaUnlockConnection( pChannel->pConnect );
  153. if ( pChannel->VirtualClass == UNBOUND_CHANNEL ) {
  154. IcaDereferenceStack( pStack );
  155. bStackIsReferenced = FALSE;
  156. TRACECHANNEL(( pChannel, TC_ICADD, TT_ERROR, "ICADD: IcaDeviceControlVirtual, channel not bound\n" ));
  157. return( STATUS_INVALID_DEVICE_REQUEST );
  158. }
  160. TRACECHANNEL(( pChannel, TC_ICADD, TT_ERROR, "ICADD: IOCTL_ICA_VIRTUAL_QUERY_MODULE_DATA begin\n" ));
  161. TRACECHANNEL(( pChannel, TC_ICADD, TT_ERROR, "ICADD: IcaDeviceControlVirtual, pStack 0x%x\n", pStack ));
  163. if ( Irp->RequestorMode != KernelMode && IrpSp->Parameters.DeviceIoControl.OutputBufferLength != 0) {
  164. ProbeForWrite( Irp->UserBuffer,
  165. IrpSp->Parameters.DeviceIoControl.OutputBufferLength,
  166. sizeof(BYTE) );
  167. }
  170. Status = CaptureUsermodeBuffer ( Irp,
  171. IrpSp,
  172. NULL,
  173. 0,
  174. &pUserBuffer,
  175. IrpSp->Parameters.DeviceIoControl.OutputBufferLength,
  176. FALSE,
  177. &pTempBuffer);
  178. if (Status != STATUS_SUCCESS) {
  179. break;
  180. }
  182. SdIoctl.IoControlCode = code;
  183. SdIoctl.InputBuffer = &pChannel->VirtualClass;
  184. SdIoctl.InputBufferLength = sizeof(pChannel->VirtualClass);
  185. SdIoctl.OutputBuffer = pUserBuffer;
  186. SdIoctl.OutputBufferLength = IrpSp->Parameters.DeviceIoControl.OutputBufferLength;
  187. Status = _IcaCallStack( pStack, SD$IOCTL, &SdIoctl );
  189. if (gCapture && (Status == STATUS_SUCCESS) && (IrpSp->Parameters.DeviceIoControl.OutputBufferLength != 0)) {
  190. RtlCopyMemory( Irp->UserBuffer,
  191. pUserBuffer,
  192. IrpSp->Parameters.DeviceIoControl.OutputBufferLength );
  193. }
  194. Irp->IoStatus.Information = SdIoctl.BytesReturned;
  196. TRACECHANNEL(( pChannel, TC_ICADD, TT_ERROR, "ICADD: IcaDeviceControlVirtual, Status 0x%x\n", Status ));
  197. TRACECHANNEL(( pChannel, TC_ICADD, TT_ERROR, "ICADD: IOCTL_ICA_VIRTUAL_QUERY_MODULE_DATA end\n" ));
  199. IcaDereferenceStack( pStack );
  200. bStackIsReferenced = FALSE;
  201. break;
  203. case IOCTL_ICA_VIRTUAL_CANCEL_INPUT :
  205. Status = IcaFlushChannel( pChannel, Irp, IrpSp );
  206. if ( !NT_SUCCESS(Status) )
  207. break;
  209. /* fall through */
  211. default :
  214. /*
  215. * Make sure virtual channel is bound to a virtual channel number
  216. */
  217. if ( pChannel->VirtualClass == UNBOUND_CHANNEL ) {
  218. TRACECHANNEL(( pChannel, TC_ICADD, TT_ERROR, "ICADD: IcaDeviceControlVirtual, channel not bound\n" ));
  219. return( STATUS_INVALID_DEVICE_REQUEST );
  220. }
  222. /*
  223. * Save virtual class in first 4 bytes of the input buffer
  224. * - this is used by the wd
  225. */
  227. if ( Irp->RequestorMode != KernelMode && IrpSp->Parameters.DeviceIoControl.OutputBufferLength != 0) {
  228. ProbeForWrite( Irp->UserBuffer,
  229. IrpSp->Parameters.DeviceIoControl.OutputBufferLength,
  230. sizeof(BYTE) );
  231. }
  233. if ( Irp->RequestorMode != KernelMode && IrpSp->Parameters.DeviceIoControl.InputBufferLength != 0) {
  235. ProbeForRead( IrpSp->Parameters.DeviceIoControl.Type3InputBuffer,
  236. IrpSp->Parameters.DeviceIoControl.InputBufferLength,
  237. sizeof(BYTE) );
  238. }
  240. if ( IrpSp->Parameters.DeviceIoControl.InputBufferLength < sizeof(VIRTUALCHANNELCLASS) ) {
  241. SdIoctl.InputBuffer = &pChannel->VirtualClass;
  242. SdIoctl.InputBufferLength = sizeof(pChannel->VirtualClass);
  243. Status = CaptureUsermodeBuffer ( Irp,
  244. IrpSp,
  245. NULL,
  246. 0,
  247. &pUserBuffer,
  248. IrpSp->Parameters.DeviceIoControl.OutputBufferLength,
  249. FALSE,
  250. &pTempBuffer);
  251. if (Status != STATUS_SUCCESS) {
  252. break;
  253. }
  256. } else {
  258. Status = CaptureUsermodeBuffer ( Irp,
  259. IrpSp,
  260. &pInputBuffer,
  261. IrpSp->Parameters.DeviceIoControl.InputBufferLength,
  262. &pUserBuffer,
  263. IrpSp->Parameters.DeviceIoControl.OutputBufferLength,
  264. FALSE,
  265. &pTempBuffer);
  266. if (Status != STATUS_SUCCESS) {
  267. break;
  268. }
  269. SdIoctl.InputBuffer = pInputBuffer;
  270. SdIoctl.InputBufferLength = IrpSp->Parameters.DeviceIoControl.InputBufferLength;
  272. RtlCopyMemory( SdIoctl.InputBuffer, &pChannel->VirtualClass, sizeof(pChannel->VirtualClass) );
  273. }
  275. /*
  276. * Send request to WD
  277. */
  278. SdIoctl.IoControlCode = code;
  279. SdIoctl.OutputBuffer = pUserBuffer;
  280. SdIoctl.OutputBufferLength = IrpSp->Parameters.DeviceIoControl.OutputBufferLength;
  281. Status = IcaCallDriver( pChannel, SD$IOCTL, &SdIoctl );
  282. if (gCapture && (Status == STATUS_SUCCESS) && (IrpSp->Parameters.DeviceIoControl.OutputBufferLength != 0)) {
  283. RtlCopyMemory( Irp->UserBuffer,
  284. pUserBuffer,
  285. IrpSp->Parameters.DeviceIoControl.OutputBufferLength );
  286. }
  288. Irp->IoStatus.Information = SdIoctl.BytesReturned;
  289. break;
  290. }
  292. TRACECHANNEL(( pChannel, TC_ICADD, TT_API1, "ICADD: IcaDeviceControlVirtual, fc %d, ref %u, 0x%x\n",
  293. (code & 0x3fff) >> 2, pChannel->RefCount, Status ));
  295. } except(EXCEPTION_EXECUTE_HANDLER){
  296. Status = GetExceptionCode();
  297. if (bStackIsReferenced) {
  298. IcaDereferenceStack( pStack );
  299. }
  301. }
  303. if (pTempBuffer!= NULL) {
  304. ExFreePool(pTempBuffer);
  305. }
  306. return( Status );
  307. }