/*++ Copyright (c) 1989 Microsoft Corporation Module Name: smbtree.c Abstract: This module contains routines for dealing with tree connects and disconnects: Tree Connect Tree Connect And X Tree Disconnect Author: David Treadwell (davidtr) 15-Nov-1989 Revision History: --*/ #include "precomp.h" #include "smbtree.tmh" #pragma hdrstop #ifdef ALLOC_PRAGMA #pragma alloc_text( PAGE, SrvSmbTreeConnect ) #pragma alloc_text( PAGE, SrvSmbTreeConnectAndX ) #pragma alloc_text( PAGE, SrvSmbTreeDisconnect ) #endif SMB_PROCESSOR_RETURN_TYPE SrvSmbTreeConnect ( SMB_PROCESSOR_PARAMETERS ) /*++ Routine Description: Processes a tree connect SMB. Arguments: SMB_PROCESSOR_PARAMETERS - See smbprocs.h for a description of the parameters to SMB processor routines. Return Value: SMB_PROCESSOR_RETURN_TYPE - See smbprocs.h --*/ { PREQ_TREE_CONNECT request; PRESP_TREE_CONNECT response; PSESSION session; PSECURITY_CONTEXT SecurityContext; PCONNECTION connection; PPAGED_CONNECTION pagedConnection; PTABLE_HEADER tableHeader; PTABLE_ENTRY entry; SHORT tidIndex; PSHARE share; PTREE_CONNECT treeConnect; PSZ password, service; USHORT len; NTSTATUS status = STATUS_SUCCESS; NTSTATUS TableStatus; SMB_STATUS SmbStatus = SmbStatusInProgress; BOOLEAN didLogon = FALSE; SHORT uidIndex; SMB_DIALECT smbDialect; PUNICODE_STRING clientMachineNameString; ACCESS_MASK desiredAccess; ACCESS_MASK grantedAccess; SECURITY_SUBJECT_CONTEXT subjectContext; UNICODE_STRING domain = { 0, 0, StrNull }; PAGED_CODE( ); if (WorkContext->PreviousSMB == EVENT_TYPE_SMB_LAST_EVENT) WorkContext->PreviousSMB = EVENT_TYPE_SMB_TREE_CONNECT; SrvWmiStartContext(WorkContext); IF_SMB_DEBUG(TREE1) { KdPrint(( "Tree connect request header at 0x%p, response header at 0x%p\n", WorkContext->RequestHeader, WorkContext->ResponseHeader )); KdPrint(( "Tree connect request parameters at 0x%p, response parameters at 0x%p\n", WorkContext->RequestParameters, WorkContext->ResponseParameters )); } // // Set up parameters. // request = (PREQ_TREE_CONNECT)(WorkContext->RequestParameters); response = (PRESP_TREE_CONNECT)(WorkContext->ResponseParameters); connection = WorkContext->Connection; pagedConnection = connection->PagedConnection; smbDialect = connection->SmbDialect; // If we are requiring extended security signatures, than we can't let this through if( SrvRequireExtendedSignatures ) { SrvSetSmbError( WorkContext, STATUS_LOGIN_WKSTA_RESTRICTION ); status = STATUS_LOGIN_WKSTA_RESTRICTION; SmbStatus = SmbStatusSendResponse; goto Cleanup; } // // If this client has not yet done a session setup and this his first // tree connection then we must first do a logon. (i.e. SessionSetup) // len = SrvGetStringLength( (PSZ)request->Buffer, END_OF_REQUEST_SMB( WorkContext ), FALSE, // not unicode FALSE // do not include null terminator ); if( len == (USHORT)-1 ) { SrvSetSmbError( WorkContext, STATUS_INVALID_SMB ); status = STATUS_INVALID_SMB; SmbStatus = SmbStatusSendResponse; goto Cleanup; } password = (PSZ)request->Buffer + 2 + len; len = SrvGetStringLength( password, END_OF_REQUEST_SMB( WorkContext ), FALSE, // not unicode FALSE // do not include null terminator ); if( len == (USHORT)-1 ) { SrvSetSmbError( WorkContext, STATUS_INVALID_SMB ); status = STATUS_INVALID_SMB; SmbStatus = SmbStatusSendResponse; goto Cleanup; } service = password + (len + 1) + 1; // // Allocate a tree connect block. We do this early on the // assumption that the request will usually succeed. This also // reduces the amount of time that we hold the lock. // SrvAllocateTreeConnect( &treeConnect, NULL ); if ( treeConnect == NULL ) { // // Unable to allocate tree connect. Return an error to the // client. // SrvSetSmbError( WorkContext, STATUS_INSUFF_SERVER_RESOURCES ); status = STATUS_INSUFF_SERVER_RESOURCES; SmbStatus = SmbStatusSendResponse; goto Cleanup; } ASSERT( SrvSessionList.Lock == &SrvOrderedListLock ); ACQUIRE_LOCK( &connection->Lock ); if ( connection->CurrentNumberOfSessions != 0 ) { RELEASE_LOCK( &connection->Lock ); session = SrvVerifyUid ( WorkContext, SmbGetAlignedUshort( &WorkContext->RequestHeader->Uid ) ); if ( session == NULL ) { // // This should only happen if the client has already // established a session, as in tree connecting with a bad // UID. // SrvFreeTreeConnect( treeConnect ); SrvSetSmbError( WorkContext, STATUS_SMB_BAD_UID ); status = STATUS_SMB_BAD_UID; SmbStatus = SmbStatusSendResponse; goto Cleanup; } else if( session->IsSessionExpired ) { SrvFreeTreeConnect( treeConnect ); status = SESSION_EXPIRED_STATUS_CODE; SrvSetSmbError( WorkContext, status ); SmbStatus = SmbStatusSendResponse; goto Cleanup; } } else if ( (smbDialect <= SmbDialectLanMan10) || (smbDialect == SmbDialectIllegal) ) { // // An LM 1.0 or newer client has tried to do a tree connect // without first doing session setup. We call this a protocol // violation. // // Also catch clients that are trying to connect without // negotiating a valid protocol. // RELEASE_LOCK( &connection->Lock ); IF_DEBUG(SMB_ERRORS) { if ( smbDialect == SmbDialectIllegal ) { KdPrint(("SrvSmbTreeConnect: Client %z is using an illegal " "dialect.\n", (PCSTRING)&connection->OemClientMachineNameString ));; } else { KdPrint(( "Client speaking dialect %ld sent tree connect without session setup.\n", connection->SmbDialect )); } } SrvFreeTreeConnect( treeConnect ); SrvSetSmbError( WorkContext, STATUS_INVALID_SMB ); status = STATUS_INVALID_SMB; SmbStatus = SmbStatusSendResponse; goto Cleanup; } else { UNICODE_STRING machineName; PENDPOINT endpoint; BOOLEAN seqNumbers; RELEASE_LOCK( &connection->Lock ); // // Convert the client name to unicode // clientMachineNameString = &connection->ClientMachineNameString; if ( clientMachineNameString->Length == 0 ) { UNICODE_STRING clientMachineName; clientMachineName.Buffer = connection->ClientMachineName; clientMachineName.MaximumLength = (USHORT)(COMPUTER_NAME_LENGTH+1)*sizeof(WCHAR); (VOID)RtlOemStringToUnicodeString( &clientMachineName, &connection->OemClientMachineNameString, FALSE ); // // Add the double backslashes to the length // clientMachineNameString->Length = (USHORT)(clientMachineName.Length + 2*sizeof(WCHAR)); } // // Form a string describing the computer name without the // leading backslashes. // machineName.Buffer = clientMachineNameString->Buffer + 2; machineName.Length = clientMachineNameString->Length - 2 * sizeof(WCHAR); machineName.MaximumLength = clientMachineNameString->MaximumLength - 2 * sizeof(WCHAR); SecurityContext = SrvAllocateSecurityContext(); if( SecurityContext == NULL ) { SrvFreeTreeConnect( treeConnect ); SrvSetSmbError( WorkContext, STATUS_INSUFF_SERVER_RESOURCES ); status = STATUS_INSUFF_SERVER_RESOURCES; SmbStatus = SmbStatusSendResponse; goto Cleanup; } // // Allocate a session block. // SrvAllocateSession( &session, &machineName, &domain ); if ( session == NULL ) { // // Unable to allocate a Session block. Return an error // status. // SrvDereferenceSecurityContext( SecurityContext ); SrvFreeTreeConnect( treeConnect ); SrvSetSmbError( WorkContext, STATUS_INSUFF_SERVER_RESOURCES ); status = STATUS_INSUFF_SERVER_RESOURCES; SmbStatus = SmbStatusSendResponse; goto Cleanup; } // // Assume that down-level clients that are getting logged on // here will always use canonicalized (uppercase) paths. This // will result in case insensitivity for all operations. // session->UsingUppercasePaths = TRUE; // // The only way for a client to tell us the buffer size or the // max count of pending requests he wants to use is the Session // Setup SMB. If he didn't send one, then we get to // unilaterally determine the buffer size and multiplex count // used by both of us. // endpoint = connection->Endpoint; if ( endpoint->IsConnectionless ) { ULONG adapterNumber; // // Our session max buffer size is the smaller of the // server receive buffer size and the ipx transport // indicated max packet size. // adapterNumber = WorkContext->ClientAddress->DatagramOptions.LocalTarget.NicId; session->MaxBufferSize = (USHORT) GetIpxMaxBufferSize( endpoint, adapterNumber, SrvReceiveBufferLength ); } else { session->MaxBufferSize = (USHORT)SrvReceiveBufferLength; } session->MaxMpxCount = SrvMaxMpxCount; if ( session->MaxMpxCount < 2 ) { connection->OplocksAlwaysDisabled = TRUE; } if( SrvSmbSecuritySignaturesRequired == TRUE && WorkContext->Connection->Endpoint->IsConnectionless == FALSE ) { seqNumbers = TRUE; } else { seqNumbers = FALSE; } // // Try to find legitimate name/password combination. // status = SrvValidateUser( &SecurityContext->UserHandle, session, connection, &machineName, password, strlen( password ) + 1, NULL, // CaseSensitivePassword 0, // CaseSensitivePasswordLength seqNumbers, NULL // action ); // // If a bad name/password combination was sent, return an error. // if ( !NT_SUCCESS(status) ) { SrvFreeSession( session ); SrvFreeTreeConnect ( treeConnect ); IF_DEBUG(ERRORS) { KdPrint(( "SrvSmbTreeConnect: Bad user/password combination.\n" )); } SrvStatistics.LogonErrors++; SrvSetSmbError( WorkContext, status ); SmbStatus = SmbStatusSendResponse; goto Cleanup; } IF_SMB_DEBUG(ADMIN1) { KdPrint(( "Validated user: %ws\n", connection->ClientMachineName )); } // // Making a new session visible is a multiple-step operation. It // must be inserted in the global ordered tree connect list and the // containing connection's session table, and the connection must be // referenced. We need to make these operations appear atomic, so // that the session cannot be accessed elsewhere before we're done // setting it up. In order to do this, we hold all necessary locks // the entire time we're doing the operations. The first operation // is protected by the global ordered list lock // (SrvOrderedListLock), while the other operations are protected by // the per-connection lock. We take out the ordered list lock // first, then the connection lock. This ordering is required by // lock levels (see lock.h). // // // Ready to try to find a UID for the session. Check to see if // the connection is being closed, and if so, terminate this // operation. // ASSERT( SrvSessionList.Lock == &SrvOrderedListLock ); ACQUIRE_LOCK( SrvSessionList.Lock ); ACQUIRE_LOCK( &connection->Lock ); // Set the Security Context now that we have the lock acquired SrvReplaceSessionSecurityContext( session, SecurityContext, WorkContext ); if ( GET_BLOCK_STATE(connection) != BlockStateActive ) { RELEASE_LOCK( &connection->Lock ); RELEASE_LOCK( SrvSessionList.Lock ); IF_DEBUG(ERRORS) { KdPrint(( "SrvSmbTreeConnect: Connection closing\n" )); } SrvFreeSession( session ); SrvFreeTreeConnect( treeConnect ); SrvSetSmbError( WorkContext, STATUS_INVALID_PARAMETER ); status = STATUS_INVALID_PARAMETER; SmbStatus = SmbStatusSendResponse; goto Cleanup; } // // Because the client is speaking the "core" dialect, it will // not send a valid UID in future SMBs, so it can only have one // session. We define that session to live in UID slot 0. We // know that the client has no sessions yet, so slot 0 must be // free. // tableHeader = &pagedConnection->SessionTable; ASSERT( tableHeader->Table[0].Owner == NULL ); uidIndex = 0; // // Remove the UID slot from the free list and set its owner and // sequence number. Create a UID for the session. Increment // count of sessions. // entry = &tableHeader->Table[uidIndex]; tableHeader->FirstFreeEntry = entry->NextFreeEntry; DEBUG entry->NextFreeEntry = -2; if ( tableHeader->LastFreeEntry == uidIndex ) { tableHeader->LastFreeEntry = -1; } entry->Owner = session; INCREMENT_UID_SEQUENCE( entry->SequenceNumber ); if ( uidIndex == 0 && entry->SequenceNumber == 0 ) { INCREMENT_UID_SEQUENCE( entry->SequenceNumber ); } session->Uid = MAKE_UID( uidIndex, entry->SequenceNumber ); connection->CurrentNumberOfSessions++; IF_SMB_DEBUG(ADMIN1) { KdPrint(( "Found UID. Index = 0x%lx, sequence = 0x%lx\n", (ULONG)UID_INDEX( session->Uid ), (ULONG)UID_SEQUENCE( session->Uid ) )); } // // Insert the session on the global session list. // SrvInsertEntryOrderedList( &SrvSessionList, session ); // // Reference the connection block to account for the new // session. // SrvReferenceConnection( connection ); session->Connection = connection; RELEASE_LOCK( &connection->Lock ); RELEASE_LOCK( SrvSessionList.Lock ); // // Session successfully created. Remember its address in the // work context block. // // *** Note that the reference count on the session block is // initially set to 2, to allow for the active status on the // block and the pointer that we're maintaining. In other // words, this is a referenced pointer, and the pointer must // be dereferenced when processing of this SMB is complete. // WorkContext->Session = session; didLogon = TRUE; } // // Try to match pathname against available shared resources. Note // that if SrvVerifyShare finds a matching share, it references it // and stores its address in WorkContext->Share. // share = SrvVerifyShare( WorkContext, (PSZ)request->Buffer + 1, service, SMB_IS_UNICODE( WorkContext ), session->IsNullSession, &status, NULL ); // // If no match was found, return an error. // if ( share == NULL ) { if ( didLogon ) { SrvCloseSession( session ); } SrvFreeTreeConnect( treeConnect ); IF_DEBUG(ERRORS) { KdPrint(( "SrvSmbTreeConnect: SrvVerifyShare failed for %s. Status = %x\n", request->Buffer+1, status )); } SrvSetSmbError( WorkContext, status ); SmbStatus = SmbStatusSendResponse; goto Cleanup; } // // Impersonate the user so that we can capture his security context. // This is necessary in order to determine whether the user can // connect to the share. // status = IMPERSONATE( WorkContext ); if( !NT_SUCCESS( status ) ) { SrvSetSmbError( WorkContext, status ); if ( didLogon ) { SrvCloseSession( session ); } SrvFreeTreeConnect( treeConnect ); SmbStatus = SmbStatusSendResponse; goto Cleanup; } SeCaptureSubjectContext( &subjectContext ); // // Set up the desired access on the share, based on whether the // server is paused. If the server is paused, admin privilege is // required to connect to any share; if the server is not paused, // admin privilege is required only for admin shares (C$, etc.). // if ( SrvPaused ) { desiredAccess = SRVSVC_PAUSED_SHARE_CONNECT; } else { desiredAccess = SRVSVC_SHARE_CONNECT; } // // Check whether the user has access to this share. // if ( !SeAccessCheck( share->SecurityDescriptor, &subjectContext, FALSE, desiredAccess, 0L, NULL, &SrvShareConnectMapping, UserMode, &grantedAccess, &status ) ) { IF_SMB_DEBUG(TREE2) { KdPrint(( "SrvSmbTreeConnect: SeAccessCheck failed: %X\n", status )); } // // Release the subject context and revert to the server's security // context. // SeReleaseSubjectContext( &subjectContext ); REVERT( ); if ( SrvPaused ) { SrvSetSmbError( WorkContext, STATUS_SHARING_PAUSED ); status = STATUS_SHARING_PAUSED; } else { SrvSetSmbError( WorkContext, status ); } if ( didLogon ) { SrvCloseSession( session ); } SrvFreeTreeConnect( treeConnect ); SmbStatus = SmbStatusSendResponse; goto Cleanup; } ASSERT( grantedAccess == desiredAccess ); // // Release the subject context and revert to the server's security // context. // SeReleaseSubjectContext( &subjectContext ); REVERT( ); // // Let the license server know // if( share->ShareType != ShareTypePipe ) { status = SrvXsLSOperation( session, XACTSRV_MESSAGE_LSREQUEST ); if( !NT_SUCCESS( status ) ) { if ( didLogon ) { SrvCloseSession( session ); } SrvFreeTreeConnect( treeConnect ); IF_DEBUG(ERRORS) { KdPrint(( "SrvSmbTreeConnect: License server returned %X\n", status )); } SrvSetSmbError( WorkContext, status ); SmbStatus = SmbStatusSendResponse; goto Cleanup; } } // // Making a new tree connect visible is a three-step operation. It // must be inserted in the containing share's tree connect list, the // global ordered tree connect list, and the containing connection's // tree connect table. We need to make these operations appear // atomic, so that the tree connect cannot be accessed elsewhere // before we're done setting it up. In order to do this, we hold // all necessary locks the entire time we're doing the three // operations. The first and second operations are protected by the // global share lock (SrvShareLock), while the third operation is // protected by the per-connection lock. We take out the share lock // first, then the connection lock. This ordering is required by // lock levels (see lock.h). // // Another problem here is that the checking of the share state, the // inserting of the tree connect on the share's list, and the // referencing of the share all need to be atomic. (The same holds // for the connection actions.) Normally this would not be a // problem, because we could just hold the share lock while doing // all three actions. However, in this case we also need to hold // the connection lock, and we can't call SrvReferenceShare while // doing that. To get around this problem, we reference the share // _before_ taking out the locks, and dereference after releasing // the locks if we decide not to insert the tree connect. // status = SrvReferenceShareForTreeConnect( share ); // // SrvReferenceShareForTreeConnect will fail if it cannot open the // share root directory for some reason. If this happens, // fail the tree connect attempt. // if ( !NT_SUCCESS(status) ) { if ( didLogon ) { SrvCloseSession( session ); } SrvFreeTreeConnect( treeConnect ); IF_DEBUG(ERRORS) { KdPrint(( "SrvSmbTreeConnect: open of share root failed:%X\n", status )); } SrvSetSmbError( WorkContext, status ); SmbStatus = SmbStatusSendResponse; goto Cleanup; } ACQUIRE_LOCK( &SrvShareLock ); ASSERT( SrvTreeConnectList.Lock == &SrvShareLock ); ACQUIRE_LOCK( &connection->Lock ); // // We first check all conditions to make sure that we can actually // insert this tree connect block. // // Make sure that the share isn't closing, and that there aren't // already too many uses on this share. // if ( GET_BLOCK_STATE(share) != BlockStateActive ) { // // The share is closing. Reject the request. // IF_DEBUG(ERRORS) { KdPrint(( "SrvSmbTreeConnect: Share %wZ (0x%p) is closing\n", &share->ShareName, share )); } status = STATUS_INVALID_PARAMETER; goto cant_insert; } if ( share->CurrentUses > share->MaxUses ) { // // The share is full. Reject the request. // IF_DEBUG(ERRORS) { KdPrint(( "SrvSmbTreeConnect: No more uses available for share %wZ (0x%p), max = %ld\n", &share->ShareName, share, share->MaxUses )); } status = STATUS_REQUEST_NOT_ACCEPTED; goto cant_insert; } // // Make sure that the connection isn't closing. // if ( GET_BLOCK_STATE(connection) != BlockStateActive ) { IF_DEBUG(SMB_ERRORS) { KdPrint(( "SrvSmbTreeConnect: Connection closing\n" )); } SrvSetSmbError( WorkContext, STATUS_INVALID_PARAMETER ); status = STATUS_INVALID_PARAMETER; goto cant_insert; } // // Find a TID that can be used for this tree connect. // tableHeader = &pagedConnection->TreeConnectTable; if ( tableHeader->FirstFreeEntry == -1 && SrvGrowTable( tableHeader, SrvInitialTreeTableSize, SrvMaxTreeTableSize, &TableStatus ) == FALSE ) { // // No free entries in the tree table. Reject the request. // IF_DEBUG(ERRORS) { KdPrint(( "SrvSmbTreeConnect: No more TIDs available.\n" )); } status = TableStatus; if( TableStatus == STATUS_INSUFF_SERVER_RESOURCES ) { SrvLogTableFullError( SRV_TABLE_TREE_CONNECT ); } goto cant_insert; } tidIndex = tableHeader->FirstFreeEntry; // // All conditions have been satisfied. We can now do the things // necessary to make the tree connect visible. // // Increment the count of uses for the share. Link the tree connect // into the list of active tree connects for the share. Save the // share address in the tree connect. Note that we referenced the // share earlier, before taking out the connection lock. // SrvInsertTailList( &share->TreeConnectList, &treeConnect->ShareListEntry ); treeConnect->Share = share; // // Remove the TID slot from the free list and set its owner and // sequence number. Create a TID for the tree connect. // entry = &tableHeader->Table[tidIndex]; tableHeader->FirstFreeEntry = entry->NextFreeEntry; DEBUG entry->NextFreeEntry = -2; if ( tableHeader->LastFreeEntry == tidIndex ) { tableHeader->LastFreeEntry = -1; } entry->Owner = treeConnect; INCREMENT_TID_SEQUENCE( entry->SequenceNumber ); if ( tidIndex == 0 && entry->SequenceNumber == 0 ) { INCREMENT_TID_SEQUENCE( entry->SequenceNumber ); } treeConnect->Tid = MAKE_TID( tidIndex, entry->SequenceNumber ); IF_SMB_DEBUG(TREE1) { KdPrint(( "Found TID. Index = 0x%lx, sequence = 0x%lx\n", TID_INDEX( treeConnect->Tid ), TID_SEQUENCE( treeConnect->Tid ) )); } // // Reference the connection to account for the active tree connect. // SrvReferenceConnection( connection ); treeConnect->Connection = connection; if( session ) { SrvReferenceSession( session ); treeConnect->Session = session; } // // Link the tree connect into the global list of tree connects. // SrvInsertEntryOrderedList( &SrvTreeConnectList, treeConnect ); // // If this session is the one controlling the extended security signatures, // see if we need to hash the session key // if( session->SessionKeyState == SrvSessionKeyAuthenticating ) { // Downlevel machines that use a simple TREE_CONNECT (instead of TREE_CONNECT_ANDX) // don't understand extended signatures, so we can make the session key availible. // Note that if the REQUIRE_EXTENDED_SIGNATURES policy is active, that check occurred // above. session->SessionKeyState = SrvSessionKeyAvailible; } // // Release the locks used to make this operation appear atomic. // RELEASE_LOCK( &connection->Lock ); RELEASE_LOCK( &SrvShareLock ); // // Get the qos information for this connection // SrvUpdateVcQualityOfService ( connection, NULL ); // // Tree connect successfully created. Because the tree connect was // created with an initial reference count of 2, dereference it now. // // *** Don't bother to save the tree connect address in the work // context block, because we're going to forget our pointers // soon anyway (we're done with the request). TreeConnectAndX // has to remember these things, though. // SrvDereferenceTreeConnect( treeConnect ); // // Set up response SMB. // SmbPutAlignedUshort( &WorkContext->ResponseHeader->Tid, treeConnect->Tid ); response->WordCount = 2; SmbPutUshort( &response->MaxBufferSize, (USHORT)session->MaxBufferSize ); SmbPutUshort( &response->Tid, treeConnect->Tid ); SmbPutUshort( &response->ByteCount, 0 ); WorkContext->ResponseParameters = NEXT_LOCATION( response, RESP_TREE_CONNECT, 0 ); IF_DEBUG(TRACE2) KdPrint(( "SrvSmbTreeConnect complete.\n" )); SmbStatus = SmbStatusSendResponse; goto Cleanup; cant_insert: // // We get here if for some reason we decide that we can't insert // the tree connect. On entry, status contains the reason code. // The connection lock and the share lock are held. // RELEASE_LOCK( &connection->Lock ); RELEASE_LOCK( &SrvShareLock ); if ( didLogon ) { SrvCloseSession( session ); } SrvDereferenceShareForTreeConnect( share ); SrvFreeTreeConnect( treeConnect ); SrvSetSmbError( WorkContext, status ); SmbStatus = SmbStatusSendResponse; Cleanup: SrvWmiEndContext(WorkContext); return SmbStatus; } // SrvSmbTreeConnect SMB_PROCESSOR_RETURN_TYPE SrvSmbTreeConnectAndX ( SMB_PROCESSOR_PARAMETERS ) /*++ Routine Description: Processes a tree connect and X SMB. Arguments: SMB_PROCESSOR_PARAMETERS - See smbprocs.h for a description of the parameters to SMB processor routines. Return Value: SMB_PROCESSOR_RETURN_TYPE - See smbprocs.h --*/ { PREQ_TREE_CONNECT_ANDX request; PRESP_TREE_CONNECT_ANDX response; PRESP_EXTENDED_TREE_CONNECT_ANDX responseExtended; PRESP_21_TREE_CONNECT_ANDX response21; NTSTATUS status = STATUS_SUCCESS; NTSTATUS TableStatus; SMB_STATUS SmbStatus = SmbStatusInProgress; PCONNECTION connection; PPAGED_CONNECTION pagedConnection; PTABLE_HEADER tableHeader; PTABLE_ENTRY entry; SHORT tidIndex; PSHARE share; PTREE_CONNECT treeConnect; PVOID shareName; PUCHAR shareType; USHORT shareNameLength; USHORT reqAndXOffset; UCHAR nextCommand; PSZ shareString; USHORT shareStringLength; USHORT RequestFlags; USHORT byteCount; USHORT maxByteCount; PUCHAR smbBuffer; PSESSION session; SECURITY_SUBJECT_CONTEXT subjectContext; ACCESS_MASK desiredAccess; ACCESS_MASK grantedAccess; BOOLEAN isUnicode; UNICODE_STRING serverName; BOOLEAN remapPipeNames = FALSE; BOOLEAN KeyHashed = FALSE; PAGED_CODE( ); if (WorkContext->PreviousSMB == EVENT_TYPE_SMB_LAST_EVENT) WorkContext->PreviousSMB = EVENT_TYPE_SMB_TREE_CONNECT_AND_X; SrvWmiStartContext(WorkContext); IF_SMB_DEBUG(TREE1) { KdPrint(( "Tree connect and X request header at 0x%p, response header at 0x%p\n", WorkContext->RequestHeader, WorkContext->ResponseHeader )); KdPrint(( "Tree connect and X request parameters at 0x%p, response parameters at 0x%p\n", WorkContext->RequestParameters, WorkContext->ResponseParameters )); } // // Set up parameters. // request = (PREQ_TREE_CONNECT_ANDX)(WorkContext->RequestParameters); response = (PRESP_TREE_CONNECT_ANDX)(WorkContext->ResponseParameters); responseExtended = (PRESP_EXTENDED_TREE_CONNECT_ANDX)(WorkContext->ResponseParameters); response21 = (PRESP_21_TREE_CONNECT_ANDX)(WorkContext->ResponseParameters); // // If bit 0 of Flags is set, disconnect tree in header TID. We must // get the appropriate tree connect pointer. SrvVerifyTid does this // for us, referencing the tree connect and storing the pointer in // the work context block. We have to dereference the block and // erase the pointer after calling SrvCloseTreeConnect. // if ( (SmbGetUshort( &request->Flags ) & 1) != 0 ) { if ( SrvVerifyTid( WorkContext, SmbGetAlignedUshort( &WorkContext->RequestHeader->Tid ) ) == NULL ) { IF_DEBUG(ERRORS) { KdPrint(( "SrvSmbTreeConnectAndX: Invalid TID to disconnect: 0x%lx\n", SmbGetAlignedUshort( &WorkContext->RequestHeader->Tid ) )); } // // Just ignore an invalid TID--this is what the LM 2.0 // server does. // } else { SrvCloseTreeConnect( WorkContext->TreeConnect ); SrvDereferenceTreeConnect( WorkContext->TreeConnect ); WorkContext->TreeConnect = NULL; } } // // Validate the UID in the header and get a session pointer. We need // the user's token to check whether they can access this share. // session = SrvVerifyUid( WorkContext, SmbGetAlignedUshort( &WorkContext->RequestHeader->Uid ) ); // // If we couldn't find a valid session fail the tree connect. // if ( session == NULL ) { IF_DEBUG(ERRORS) { KdPrint(( "SrvSmbTreeConnectAndX: rejecting tree connect for " "session %p due to server paused.\n", session )); } SrvSetSmbError( WorkContext, STATUS_SMB_BAD_UID ); status = STATUS_SMB_BAD_UID; SmbStatus = SmbStatusSendResponse; goto Cleanup; } else if( session->IsSessionExpired ) { status = SESSION_EXPIRED_STATUS_CODE; SrvSetSmbError( WorkContext, status ); SmbStatus = SmbStatusSendResponse; goto Cleanup; } // // Try to match pathname against available shared resources. Note // that if SrvVerifyShare finds a matching share, it references it // and stores its address in WorkContext->Share. // shareName = (PSZ)request->Buffer + SmbGetUshort( &request->PasswordLength ); connection = WorkContext->Connection; pagedConnection = connection->PagedConnection; isUnicode = SMB_IS_UNICODE( WorkContext ); if ( isUnicode ) { shareName = ALIGN_SMB_WSTR( shareName ); } shareNameLength = SrvGetStringLength( shareName, END_OF_REQUEST_SMB( WorkContext ), SMB_IS_UNICODE( WorkContext ), TRUE // include null terminator ); // // if share name is bogus, return an error. // if ( shareNameLength == (USHORT)-1 ) { IF_DEBUG(ERRORS) { KdPrint(( "SrvSmbTreeConnectAndX: pathname is bogus.\n")); } SrvSetSmbError( WorkContext, STATUS_BAD_NETWORK_NAME ); status = STATUS_BAD_NETWORK_NAME; SmbStatus = SmbStatusSendResponse; goto Cleanup; } shareType = (PCHAR)shareName + shareNameLength; share = SrvVerifyShare( WorkContext, shareName, shareType, isUnicode, session->IsNullSession, &status, &serverName ); // // If no match was found, return an error. // if ( share == NULL ) { IF_DEBUG(ERRORS) { KdPrint(( "SrvSmbTreeConnectAndX: pathname does not match " "any shares: %s\n", shareName )); } SrvSetSmbError( WorkContext, status ); SmbStatus = SmbStatusSendResponse; goto Cleanup; } // // If the the client is connecting with a netbiosless transport and the name of the // server which the client was requesting doesn't match any of our servernames, then // the client has accidentally connected to the wrong server. Let the client know. // if( !SrvDisableStrictNameChecking && serverName.Buffer != NULL && connection->Endpoint->IsNoNetBios && SrvIsDottedQuadAddress( &serverName ) == FALSE && SrvFindNamedEndpoint( &serverName, NULL ) == FALSE && SrvIsLocalHost( &serverName ) == FALSE ) { BOOL bBadName = TRUE; // Last check, make sure its not the domain DNS name (which may differ from the NETBIOS DNS name) ACQUIRE_LOCK_SHARED( &SrvEndpointLock ); // We only check up to the first ., so ntdev.microsoft.com would match SrvDnsDomainName "NTDEV" // Strip off the excess info for the check, then put it back if( SrvDnsDomainName ) { if( SrvDnsDomainName->Length <= serverName.Length ) { USHORT oldLength = serverName.Length; serverName.Length = SrvDnsDomainName->Length; if( RtlEqualUnicodeString( &serverName, SrvDnsDomainName, TRUE ) ) { bBadName = FALSE; } serverName.Length = oldLength; } } RELEASE_LOCK( &SrvEndpointLock ); // // The client has connected to this server in error--turn the client back! // if( bBadName ) { SrvSetSmbError( WorkContext, STATUS_DUPLICATE_NAME ); status = STATUS_DUPLICATE_NAME; SmbStatus = SmbStatusSendResponse; goto Cleanup; } } // // Impersonate the user so that we can capture his security context. // This is necessary in order to determine whether the user can // connect to the share. // status = IMPERSONATE( WorkContext ); if( !NT_SUCCESS( status ) ) { SrvSetSmbError( WorkContext, status ); SmbStatus = SmbStatusSendResponse; goto Cleanup; } SeCaptureSubjectContext( &subjectContext ); // // Set up the desired access on the share, based on whether the // server is paused. If the server is paused, admin privilege is // required to connect to any share; if the server is not paused, // admin privilege is required only for admin shares (C$, etc.). // if ( SrvPaused ) { desiredAccess = SRVSVC_PAUSED_SHARE_CONNECT; } else { desiredAccess = SRVSVC_SHARE_CONNECT; } // // Check whether the user has access to this share. // if ( !SeAccessCheck( share->SecurityDescriptor, &subjectContext, FALSE, desiredAccess, 0L, NULL, &SrvShareConnectMapping, UserMode, &grantedAccess, &status ) ) { IF_SMB_DEBUG(TREE2) { KdPrint(( "SrvSmbTreeConnectAndX: SeAccessCheck failed: %X\n", status )); } // // Release the subject context and revert to the server's security // context. // SeReleaseSubjectContext( &subjectContext ); REVERT( ); if ( SrvPaused ) { SrvSetSmbError( WorkContext, STATUS_SHARING_PAUSED ); status = STATUS_SHARING_PAUSED; } else { SrvSetSmbError( WorkContext, status ); } SmbStatus = SmbStatusSendResponse; goto Cleanup; } ASSERT( grantedAccess == desiredAccess ); // // Release the subject context and revert to the server's security // context. // SeReleaseSubjectContext( &subjectContext ); REVERT( ); // // See if the license server wants to let this person in on the NTAS // if( share->ShareType != ShareTypePipe ) { status = SrvXsLSOperation( session, XACTSRV_MESSAGE_LSREQUEST ); if( !NT_SUCCESS( status ) ) { IF_DEBUG(ERRORS) { KdPrint(( "SrvSmbTreeConnectAndX: License server returned %X\n", status )); } SrvSetSmbError( WorkContext, status ); SmbStatus = SmbStatusSendResponse; goto Cleanup; } } else if( serverName.Buffer != NULL ) { // // This is the IPC$ share. See if we're supposed to remap pipe names // SrvFindNamedEndpoint( &serverName, &remapPipeNames ); } // // Allocate a tree connect block. // SrvAllocateTreeConnect( &treeConnect, serverName.Buffer ? &serverName : NULL ); if ( treeConnect == NULL ) { // // Unable to allocate tree connect. Return an error to the // client. // SrvSetSmbError( WorkContext, STATUS_INSUFF_SERVER_RESOURCES ); status = STATUS_INSUFF_SERVER_RESOURCES; SmbStatus = SmbStatusSendResponse; goto Cleanup; } treeConnect->RemapPipeNames = remapPipeNames; // // Making a new tree connect visible is a three-step operation. It // must be inserted in the containing share's tree connect list, the // global ordered tree connect list, and the containing connection's // tree connect table. We need to make these operations appear // atomic, so that the tree connect cannot be accessed elsewhere // before we're done setting it up. In order to do this, we hold // all necessary locks the entire time we're doing the three // operations. The first and second operations are protected by the // global share lock (SrvShareLock), while the third operation is // protected by the per-connection lock. We take out the share lock // first, then the connection lock. This ordering is required by // lock levels (see lock.h). // // Another problem here is that the checking of the share state, the // inserting of the tree connect on the share's list, and the // referencing of the share all need to be atomic. (The same holds // for the connection actions.) Normally this would not be a // problem, because we could just hold the share lock while doing // all three actions. However, in this case we also need to hold // the connection lock, and we can't call SrvReferenceShare while // doing that. To get around this problem, we reference the share // _before_ taking out the locks, and dereference after releasing // the locks if we decide not to insert the tree connect. // status = SrvReferenceShareForTreeConnect( share ); // // SrvReferenceShareForTreeConnect will fail if it cannot open the // share root directory for some reason. If this happens, // fail the tree connect attempt. // if ( !NT_SUCCESS(status) ) { SrvFreeTreeConnect( treeConnect ); IF_DEBUG(ERRORS) { KdPrint(( "SrvSmbTreeConnectAndX: open of share root failed:%X\n", status )); } SrvSetSmbError( WorkContext, status ); SmbStatus = SmbStatusSendResponse; goto Cleanup; } ACQUIRE_LOCK( &SrvShareLock ); ASSERT( SrvTreeConnectList.Lock == &SrvShareLock ); ACQUIRE_LOCK( &connection->Lock ); if( SrvRequireExtendedSignatures ) { // If we are requiring extended signatures, and the client has not // asked for them on this request or any previous request, deny // this request. if( session->SessionKeyState == SrvSessionKeyAuthenticating ) { if ( !(request->Flags & TREE_CONNECT_ANDX_EXTENDED_SIGNATURES) ) { status = STATUS_LOGIN_WKSTA_RESTRICTION; goto cant_insert; } } } // If they sent this uplevel flag on a downlevel request, than someone must // of been tricking us during negotiate. Fail. if( (request->Flags & TREE_CONNECT_ANDX_EXTENDED_SIGNATURES) && (connection->SmbDialect > SmbDialectDosLanMan21) ) { status = STATUS_DOWNGRADE_DETECTED; goto cant_insert; } // // We first check all conditions to make sure that we can actually // insert this tree connect block. // // Make sure that the share isn't closing, and that there aren't // already too many uses on this share. // if ( GET_BLOCK_STATE(share) != BlockStateActive ) { // // The share is closing. Reject the request. // IF_DEBUG(ERRORS) { KdPrint(( "SrvSmbTreeConnectAndX: Share %wZ (0x%p) is closing\n", &share->ShareName, share )); } status = STATUS_INVALID_PARAMETER; goto cant_insert; } if ( share->CurrentUses > share->MaxUses ) { // // The share is full. Reject the request. // IF_DEBUG(ERRORS) { KdPrint(( "SrvSmbTreeConnectAndX: No more uses available for share %wZ (0x%p), max = %ld\n", &share->ShareName, share, share->MaxUses )); } status = STATUS_REQUEST_NOT_ACCEPTED; goto cant_insert; } // // Make sure that the connection isn't closing, and that there's // room in its tree connect table. // if ( GET_BLOCK_STATE(connection) != BlockStateActive ) { IF_DEBUG(SMB_ERRORS) { KdPrint(( "SrvSmbTreeConnectAndX: Connection closing\n" )); } SrvSetSmbError( WorkContext, STATUS_INVALID_PARAMETER ); status = STATUS_INVALID_PARAMETER; goto cant_insert; } // // Find a TID that can be used for this tree connect. // tableHeader = &pagedConnection->TreeConnectTable; if ( tableHeader->FirstFreeEntry == -1 && SrvGrowTable( tableHeader, SrvInitialTreeTableSize, SrvMaxTreeTableSize, &TableStatus ) == FALSE ) { // // No free entries in the tree table. Reject the request. // IF_DEBUG(ERRORS) { KdPrint(( "SrvSmbTreeConnect: No more TIDs available.\n" )); } if( TableStatus == STATUS_INSUFF_SERVER_RESOURCES ) { SrvLogTableFullError( SRV_TABLE_TREE_CONNECT ); } status = TableStatus; goto cant_insert; } tidIndex = tableHeader->FirstFreeEntry; // // All conditions have been satisfied. We can now do the things // necessary to make the tree connect visible. // // Link the tree connect into the list of active tree connects for // the share. Save the share address in the tree connect. Note // that we referenced the share earlier, before taking out the // connection lock. // SrvInsertTailList( &share->TreeConnectList, &treeConnect->ShareListEntry ); treeConnect->Share = share; // // Remove the TID slot from the free list and set its owner and // sequence number. Create a TID for the tree connect. // entry = &tableHeader->Table[tidIndex]; tableHeader->FirstFreeEntry = entry->NextFreeEntry; DEBUG entry->NextFreeEntry = -2; if ( tableHeader->LastFreeEntry == tidIndex ) { tableHeader->LastFreeEntry = -1; } entry->Owner = treeConnect; INCREMENT_TID_SEQUENCE( entry->SequenceNumber ); if ( tidIndex == 0 && entry->SequenceNumber == 0 ) { INCREMENT_TID_SEQUENCE( entry->SequenceNumber ); } treeConnect->Tid = MAKE_TID( tidIndex, entry->SequenceNumber ); IF_SMB_DEBUG(TREE1) { KdPrint(( "Found TID. Index = 0x%lx, sequence = 0x%lx\n", TID_INDEX( treeConnect->Tid ), TID_SEQUENCE( treeConnect->Tid ) )); } // // Reference the connection to account for the active tree connect. // SrvReferenceConnection( connection ); treeConnect->Connection = connection; if( session ) { SrvReferenceSession( session ); treeConnect->Session = session; } // // Link the tree connect into the global list of tree connects. // SrvInsertEntryOrderedList( &SrvTreeConnectList, treeConnect ); // // If this session is the one controlling the extended security signatures, // see if we need to hash the session key // if( session->SessionKeyState == SrvSessionKeyAuthenticating ) { if (request->Flags & TREE_CONNECT_ANDX_EXTENDED_SIGNATURES) { // Hash the session key SrvHashUserSessionKey( session->NtUserSessionKey ); KeyHashed = TRUE; } // This machine has either upgraded to hashed session key, or does not want to // Move to availible session->SessionKeyState = SrvSessionKeyAvailible; } // // Release the locks used to make this operation appear atomic. // RELEASE_LOCK( &connection->Lock ); RELEASE_LOCK( &SrvShareLock ); // // Get the qos information for this connection // SrvUpdateVcQualityOfService ( connection, NULL ); // // Tree connect successfully created. Save the tree connect block // address in the work context block. Note that the reference count // on the new block was incremented on creation to account for our // reference to the block. // WorkContext->TreeConnect = treeConnect; // // Set up response SMB, making sure to save request fields first in // case the response overwrites the request. // reqAndXOffset = SmbGetUshort( &request->AndXOffset ); nextCommand = request->AndXCommand; RequestFlags = SmbGetUshort(&request->Flags); SmbPutAlignedUshort( &WorkContext->RequestHeader->Tid, treeConnect->Tid ); SmbPutAlignedUshort( &WorkContext->ResponseHeader->Tid, treeConnect->Tid ); response->AndXCommand = nextCommand; response->AndXReserved = 0; if ( connection->SmbDialect > SmbDialectDosLanMan21) { response->WordCount = 2; smbBuffer = (PUCHAR)response->Buffer; } else { if (RequestFlags & TREE_CONNECT_ANDX_EXTENDED_RESPONSE) { responseExtended->WordCount = 7; smbBuffer = (PUCHAR)responseExtended->Buffer; } else { response21->WordCount = 3; smbBuffer = (PUCHAR)response21->Buffer; } // Fields common to 21 and extended response. response21->OptionalSupport = SMB_SUPPORT_SEARCH_BITS; if (share->IsDfs) { response21->OptionalSupport |= SMB_SHARE_IS_IN_DFS; } if (KeyHashed) { response21->OptionalSupport |= SMB_EXTENDED_SIGNATURES; } switch( share->CSCState ) { case CSC_CACHE_MANUAL_REINT: response21->OptionalSupport |= SMB_CSC_CACHE_MANUAL_REINT; break; case CSC_CACHE_AUTO_REINT: response21->OptionalSupport |= SMB_CSC_CACHE_AUTO_REINT; break; case CSC_CACHE_VDO: response21->OptionalSupport |= SMB_CSC_CACHE_VDO; break; case CSC_CACHE_NONE: response21->OptionalSupport |= SMB_CSC_NO_CACHING; break; } if( SrvNoAliasingOnFilesystem || (share->ShareProperties & SHI1005_FLAGS_ALLOW_NAMESPACE_CACHING) ) { response21->OptionalSupport |= SMB_UNIQUE_FILE_NAME; } } // Calculate the size of the response buffer maxByteCount = (USHORT)(END_OF_RESPONSE_BUFFER(WorkContext) - smbBuffer + 1); // // Append the service name string to the SMB. The service name // is always sent in ANSI. // shareString = StrShareTypeNames[share->ShareType]; shareStringLength = (USHORT)( strlen( shareString ) + 1 ); if( shareStringLength > maxByteCount ) { SrvSetSmbError( WorkContext, STATUS_INVALID_SMB ); status = STATUS_INVALID_SMB; SmbStatus = SmbStatusSendResponse; goto Cleanup; } RtlCopyMemory ( smbBuffer, shareString, shareStringLength ); byteCount = shareStringLength; smbBuffer += shareStringLength; if ( connection->SmbDialect <= SmbDialectDosLanMan21 ) { // // Append the file system name to the response. // If the file system name is unavailable, supply the nul string // as the name. // if ( isUnicode ) { if ( ((ULONG_PTR)smbBuffer & 1) != 0 ) { smbBuffer++; byteCount++; } if ( share->Type.FileSystem.Name.Buffer != NULL ) { if( byteCount + share->Type.FileSystem.Name.Length > maxByteCount ) { SrvSetSmbError( WorkContext, STATUS_INVALID_SMB ); status = STATUS_INVALID_SMB; SmbStatus = SmbStatusSendResponse; goto Cleanup; } RtlCopyMemory( smbBuffer, share->Type.FileSystem.Name.Buffer, share->Type.FileSystem.Name.Length ); byteCount += share->Type.FileSystem.Name.Length; } else { *(PWCH)smbBuffer = UNICODE_NULL; byteCount += sizeof( UNICODE_NULL ); } } else { if ( share->Type.FileSystem.Name.Buffer != NULL ) { if( byteCount + share->Type.FileSystem.OemName.Length > maxByteCount ) { SrvSetSmbError( WorkContext, STATUS_INVALID_SMB ); status = STATUS_INVALID_SMB; SmbStatus = SmbStatusSendResponse; goto Cleanup; } RtlCopyMemory( smbBuffer, share->Type.FileSystem.OemName.Buffer, share->Type.FileSystem.OemName.Length ); byteCount += share->Type.FileSystem.OemName.Length; } else { *(PUCHAR)smbBuffer = '\0'; byteCount += 1; } } if (RequestFlags & TREE_CONNECT_ANDX_EXTENDED_RESPONSE) { PRESP_EXTENDED_TREE_CONNECT_ANDX ExtendedResponse; ExtendedResponse = (PRESP_EXTENDED_TREE_CONNECT_ANDX)response; SmbPutUshort( &ExtendedResponse->ByteCount, byteCount ); SrvUpdateMaximalShareAccessRightsInResponse( WorkContext, &ExtendedResponse->MaximalShareAccessRights, &ExtendedResponse->GuestMaximalShareAccessRights); SmbPutUshort( &ExtendedResponse->AndXOffset, GET_ANDX_OFFSET( WorkContext->ResponseHeader, WorkContext->ResponseParameters, RESP_EXTENDED_TREE_CONNECT_ANDX, byteCount ) ); } else { SmbPutUshort( &response21->ByteCount, byteCount ); SmbPutUshort( &response->AndXOffset, GET_ANDX_OFFSET( WorkContext->ResponseHeader, WorkContext->ResponseParameters, RESP_21_TREE_CONNECT_ANDX, byteCount ) ); } } else { // if Smb dialect == LAN Man 2.1 SmbPutUshort( &response->ByteCount, byteCount ); SmbPutUshort( &response->AndXOffset, GET_ANDX_OFFSET( WorkContext->ResponseHeader, WorkContext->ResponseParameters, RESP_TREE_CONNECT_ANDX, byteCount ) ); } WorkContext->ResponseParameters = (PUCHAR)WorkContext->ResponseHeader + SmbGetUshort( &response->AndXOffset ); // // Test for legal followon command. // switch ( nextCommand ) { case SMB_COM_NO_ANDX_COMMAND: break; case SMB_COM_OPEN: case SMB_COM_OPEN_ANDX: case SMB_COM_CREATE: case SMB_COM_CREATE_NEW: case SMB_COM_CREATE_DIRECTORY: case SMB_COM_DELETE: case SMB_COM_DELETE_DIRECTORY: case SMB_COM_SEARCH: case SMB_COM_FIND: case SMB_COM_FIND_UNIQUE: case SMB_COM_COPY: case SMB_COM_RENAME: case SMB_COM_NT_RENAME: case SMB_COM_CHECK_DIRECTORY: case SMB_COM_QUERY_INFORMATION: case SMB_COM_SET_INFORMATION: case SMB_COM_QUERY_INFORMATION_SRV: case SMB_COM_OPEN_PRINT_FILE: case SMB_COM_GET_PRINT_QUEUE: case SMB_COM_TRANSACTION: // // Make sure the AndX command is still within the received SMB // if( (PCHAR)WorkContext->RequestHeader + reqAndXOffset <= END_OF_REQUEST_SMB( WorkContext ) ) { break; } /* Falls Through */ default: // Illegal followon command IF_DEBUG(SMB_ERRORS) { KdPrint(( "SrvSmbTreeConnectAndX: Illegal followon command: 0x%c\n", nextCommand )); } SrvLogInvalidSmb( WorkContext ); SrvSetSmbError( WorkContext, STATUS_INVALID_SMB ); status = STATUS_INVALID_SMB; SmbStatus = SmbStatusSendResponse; goto Cleanup; } // // If there is an AndX command, set up to process it. Otherwise, // indicate completion to the caller. // if ( nextCommand != SMB_COM_NO_ANDX_COMMAND ) { // *** Watch out for overwriting request with response. WorkContext->NextCommand = nextCommand; WorkContext->RequestParameters = (PUCHAR)WorkContext->RequestHeader + reqAndXOffset; SmbStatus = SmbStatusMoreCommands; goto Cleanup; } IF_DEBUG(TRACE2) KdPrint(( "SrvSmbTreeConnectAndX complete.\n" )); SmbStatus = SmbStatusSendResponse; goto Cleanup; cant_insert: // // We get here if for some reason we decide that we can't insert // the tree connect. On entry, status contains the reason code. // The connection lock and the share lock are held. // RELEASE_LOCK( &connection->Lock ); RELEASE_LOCK( &SrvShareLock ); SrvDereferenceShareForTreeConnect( share ); SrvFreeTreeConnect( treeConnect ); SrvSetSmbError( WorkContext, status ); SmbStatus = SmbStatusSendResponse; Cleanup: SrvWmiEndContext(WorkContext); return SmbStatus; } // SrvSmbTreeConnectAndX SMB_PROCESSOR_RETURN_TYPE SrvSmbTreeDisconnect ( SMB_PROCESSOR_PARAMETERS ) /*++ Routine Description: Processes a tree disconnect SMB. Arguments: SMB_PROCESSOR_PARAMETERS - See smbprocs.h for a description of the parameters to SMB processor routines. Return Value: SMB_PROCESSOR_RETURN_TYPE - See smbprocs.h --*/ { PREQ_TREE_DISCONNECT request; PRESP_TREE_DISCONNECT response; PTREE_CONNECT treeConnect; NTSTATUS status = STATUS_SUCCESS; SMB_STATUS SmbStatus = SmbStatusInProgress; PAGED_CODE( ); if (WorkContext->PreviousSMB == EVENT_TYPE_SMB_LAST_EVENT) WorkContext->PreviousSMB = EVENT_TYPE_SMB_TREE_DISCONNECT; SrvWmiStartContext(WorkContext); IF_SMB_DEBUG(TREE1) { KdPrint(( "Tree disconnect request header at 0x%p, response header at 0x%p\n", WorkContext->RequestHeader, WorkContext->ResponseHeader )); KdPrint(( "Tree disconnect request parameters at 0x%p, response parameters at 0x%p\n", WorkContext->RequestParameters, WorkContext->ResponseParameters )); } // // Set up parameters. // request = (PREQ_TREE_DISCONNECT)(WorkContext->RequestParameters); response = (PRESP_TREE_DISCONNECT)(WorkContext->ResponseParameters); // // Find tree connect corresponding to given TID if a tree connect // pointer has not already been put in the WorkContext block by an // AndX command. // treeConnect = SrvVerifyTid( WorkContext, SmbGetAlignedUshort( &WorkContext->RequestHeader->Tid ) ); if ( treeConnect == NULL ) { IF_DEBUG(SMB_ERRORS) { KdPrint(( "SrvSmbTreeDisconnect: Invalid TID: 0x%lx\n", SmbGetAlignedUshort( &WorkContext->RequestHeader->Tid ) )); } SrvSetSmbError( WorkContext, STATUS_SMB_BAD_TID ); status = STATUS_SMB_BAD_UID; SmbStatus = SmbStatusSendResponse; goto Cleanup; } // // Do the actual tree disconnect. // SrvCloseTreeConnect( WorkContext->TreeConnect ); // // Build the response SMB. // response->WordCount = 0; SmbPutUshort( &response->ByteCount, 0 ); WorkContext->ResponseParameters = NEXT_LOCATION( response, RESP_TREE_DISCONNECT, 0 ); SmbStatus = SmbStatusSendResponse; IF_DEBUG(TRACE2) KdPrint(( "SrvSmbTreeDisconnect complete.\n" )); Cleanup: SrvWmiEndContext(WorkContext); return SmbStatus; } // SrvSmbTreeDisconnect