archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
3 Commits
1 Branch
0 Tags
1.5 GiB
 
 
 
 
 
 
Tree: 827363a95b
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '827363a95b'
${ noResults }
windows-server-2003/com/rpc/runtime/mtrt/lpcclnt.cxx

6612 lines
193 KiB
Raw Blame History

/*++
Copyright (C) Microsoft Corporation, 1992 - 1999
Module Name:
lpcclnt.cxx
Abstract:
Implementation of the RPC on LPC protocol engine for the client.
Revision History:
Mazhar Mohammed: Code fork from spcclnt.cxx, 08/02/95
Tony Chan: Added Singled Security Model, 12/15/95
Mazhar Mohammed Merged WMSG and LRPC into a single protocol 05-06-96
Mazhar Mohammed Added Pipes Support
Mazhar Mohammed Added support for Async RPC 08-14-96
Kamen Moutafov (KamenM) Jan-2000 Support for multiple transfer syntaxes
Kamen Moutafov (KamenM) Dec 99 - Feb 2000 Support for cell debugging stuff
Kamen Moutafov (KamenM) Mar-2000 Support for extended error info
--*/
#include <precomp.hxx>
#include <limits.h>
#include <rpcqos.h>
#include <queue.hxx>
#include <lpcpack.hxx>
#include <hndlsvr.hxx>
#include <lpcsvr.hxx>
#include <ProtBind.hxx>
#include <lpcclnt.hxx>
#include <epmap.h>
#include <sidcache.hxx>
#include <CharConv.hxx>
// These need to be the same because client and server will be receiving lpc
// reply messages into LRPC_MESSAGE structures and they must have sufficient space.
C_ASSERT(sizeof(LRPC_MESSAGE) == PORT_MAXIMUM_MESSAGE_LENGTH);
// This is a sanity check to make sure as we modify the format of the
// bind message we leave enough space for the old security contexts.
C_ASSERT(MAX_LRPC_CONTEXTS >= 8);
const SECURITY_IMPERSONATION_LEVEL RpcToNtImp[] =
{
// RPC_C_IMP_LEVEL_DEFAULT
SecurityImpersonation,
// RPC_C_IMP_LEVEL_ANONYMOUS
SecurityAnonymous,
// RPC_C_IMP_LEVEL_IDENTIFY
SecurityIdentification,
//RPC_C_IMP_LEVEL_IMPERSONATE
SecurityImpersonation,
//RPC_C_IMP_LEVEL_DELEGATE
SecurityDelegation
};
const unsigned long NtToRpcImp[] =
{
//SecurityAnonymous,
RPC_C_IMP_LEVEL_ANONYMOUS,
//SecurityIdentification,
RPC_C_IMP_LEVEL_IDENTIFY,
// SecurityImpersonation,
RPC_C_IMP_LEVEL_IMPERSONATE,
//SecurityDelegation
RPC_C_IMP_LEVEL_DELEGATE
};
SECURITY_IMPERSONATION_LEVEL
MapRpcToNtImp (
IN unsigned long ImpersonationType
)
{
if (ImpersonationType <= RPC_C_IMP_LEVEL_DELEGATE)
{
return RpcToNtImp[ImpersonationType];
}
ASSERT(0) ;
return SecurityImpersonation ;
}
unsigned long
MapNtToRpcImp (
IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
)
{
if (ImpersonationLevel <= SecurityDelegation)
{
return NtToRpcImp[ImpersonationLevel];
}
ASSERT(0);
return RPC_C_IMP_LEVEL_IMPERSONATE;
}
RPC_STATUS
InitializeLrpcIfNecessary(
) ;
RPC_STATUS
InitializeAsyncLrpcIfNecessary (
)
/*++
Routine Description:
We need to perform the required initialization for Async RPC to
work. If we currently don't have a listening thread. We need to
add a note in the docs that if the app ever plans to start a
listening thread on the client (ie: become a server),
it should do it before it makes the first Async RPC call. This is
not a requirement, it is just an effeciency consideration.
Return Value:
RPC_S_OK - Function succeeded
RPC_S_OUT_OF_MEMORY - we ran out of memory
--*/
{
RPC_STATUS Status;
Status = InitializeLrpcIfNecessary();
if (Status != RPC_S_OK)
{
#if DBG
PrintToDebugger("LRPC: InitializeLrpcIfNecessary failed: %x\n", Status) ;
#endif
return RPC_S_OUT_OF_MEMORY ;
}
return GlobalLrpcServer->InitializeAsync();
}
LRPC_BINDING_HANDLE::LRPC_BINDING_HANDLE (
OUT RPC_STATUS * Status
) : BINDING_HANDLE (Status),
BindingReferenceCount(1)
/*++
Routine Description:
We just allocate an LRPC_BINDING_HANDLE and initialize things so that
we can use it later.
Arguments:
Status - Returns the result of initializing the binding mutex.
--*/
{
BindingMutex.SetSpinCount(4000);
ObjectType = LRPC_BINDING_HANDLE_TYPE;
CurrentAssociation = 0;
DceBinding = 0;
AuthInfoInitialized = 0;
StaticTokenHandle = 0;
EffectiveOnly = TRUE;
}
LRPC_BINDING_HANDLE::~LRPC_BINDING_HANDLE (
)
/*++
--*/
{
LRPC_CASSOCIATION *Association;
DictionaryCursor cursor;
if (SecAssociation.Size() != 0)
{
SecAssociation.Reset(cursor);
while ((Association = SecAssociation.Next(cursor)) != 0)
{
if (Association != 0)
{
// take away from the bindinghandle dictionary
RemoveAssociation(Association);
// take away from the global dict
Association->RemoveBindingHandleReference();
}
}
}
delete DceBinding;
if (StaticTokenHandle)
{
CloseHandle(StaticTokenHandle);
}
}
RPC_STATUS
LRPC_BINDING_HANDLE::NegotiateTransferSyntax (
IN OUT PRPC_MESSAGE Message
)
/*++
Routine Description:
Arguments:
Message - Supplies the length of the buffer required, and returns the
new buffer.
Return Value:
--*/
{
LRPC_CCALL * CCall;
RPC_STATUS Status;
int RetryCount = 0;
static long nInitialized = -1 ;
LRPC_CASSOCIATION *Association ;
DictionaryCursor cursor;
for (;;)
{
for (;;)
{
Status = AllocateCCall(&CCall, (RPC_CLIENT_INTERFACE *)
Message->RpcInterfaceInformation,
Message);
if (Status != RPC_S_SERVER_UNAVAILABLE)
{
break;
}
if (!fDynamicEndpoint)
{
break;
}
// If we reach here, it means that we are iterating through the
// list of endpoints obtained from the endpoint mapper.
BindingMutex.Request() ;
if (BindingReferenceCount.GetInteger() == 1)
{
if (SecAssociation.Size() != 0)
{
DceBinding = CurrentAssociation->DuplicateDceBinding();
if(DceBinding == 0)
{
BindingMutex.Clear() ;
return(RPC_S_OUT_OF_MEMORY);
}
CurrentAssociation = 0;
DceBinding->MaybeMakePartiallyBound(
(PRPC_CLIENT_INTERFACE)Message->RpcInterfaceInformation,
InqPointerAtObjectUuid());
if ( *InquireEpLookupHandle() != 0 )
{
EpFreeLookupHandle(*InquireEpLookupHandle());
*InquireEpLookupHandle() = 0;
}
// remove references
SecAssociation.Reset(cursor);
while((Association = SecAssociation.Next(cursor)) != 0)
{
if (Association != 0)
{
// in the AssociationDict all DceBinding should be the same
// may be we can take out this line. or remove ref
// on the first Association
RemoveAssociation(Association);
Association->RemoveReference();
}
}
}
}
BindingMutex.Clear() ;
RetryCount ++;
if (RetryCount > 2)
{
break;
}
RpcpPurgeEEInfo();
}
if (Status == RPC_S_OK)
{
break;
}
if (InqComTimeout() != RPC_C_BINDING_INFINITE_TIMEOUT)
{
return(Status);
}
if ((Status != RPC_S_SERVER_UNAVAILABLE)
&& (Status != RPC_S_SERVER_TOO_BUSY))
{
return(Status);
}
}
Message->TransferSyntax = CCall->Binding->GetTransferSyntaxId();
Message->Handle = CCall;
return RPC_S_OK;
}
RPC_STATUS
LRPC_BINDING_HANDLE::GetBuffer (
IN OUT PRPC_MESSAGE Message,
IN UUID *ObjectUuid
)
/*++
Routine Description:
Arguments:
Message - Supplies the length of the buffer required, and returns the
new buffer.
Return Value:
--*/
{
ASSERT(!"We should never be here - the binding handle cannot allocate a buffer");
return RPC_S_INTERNAL_ERROR;
}
RPC_STATUS
LRPC_BINDING_HANDLE::BindingCopy (
OUT BINDING_HANDLE * * DestinationBinding,
IN unsigned int MaintainContext
)
/*++
Routine Description:
We will make a copy of this binding handle in one of two ways, depending
on whether on not this binding handle has an association.
Arguments:
DestinationBinding - Returns a copy of this binding handle.
MaintainContext - Supplies a flag that indicates whether or not context
is being maintained over this binding handle. A non-zero value
indicates that context is being maintained.
Return Value:
RPC_S_OK - This binding handle has been successfully copied.
RPC_S_OUT_OF_MEMORY - Insufficient memory is available to make a copy
of this binding handle.
--*/
{
RPC_STATUS Status = RPC_S_OK;
LRPC_BINDING_HANDLE * NewBindingHandle;
CLIENT_AUTH_INFO * AuthInfo;
LRPC_CASSOCIATION *SecAssoc;
DictionaryCursor cursor;
int Key;
UNUSED(MaintainContext);
NewBindingHandle = new LRPC_BINDING_HANDLE(&Status);
if (NewBindingHandle == 0)
{
return(RPC_S_OUT_OF_MEMORY);
}
if (Status != RPC_S_OK)
{
delete NewBindingHandle;
return(Status);
}
BindingMutex.Request();
Status = NewBindingHandle->BINDING_HANDLE::BaseClone(this);
if (Status != RPC_S_OK)
{
delete NewBindingHandle;
BindingMutex.Clear();
return(Status);
}
NewBindingHandle->fDynamicEndpoint = fDynamicEndpoint;
if ((AuthInfo = InquireAuthInformation()) != 0)
{
Status = NewBindingHandle->SetAuthInformation(
AuthInfo->ServerPrincipalName,
AuthInfo->AuthenticationLevel,
AuthInfo->AuthenticationService,
NULL,
AuthInfo->AuthorizationService,
0,
AuthInfo->ImpersonationType,
AuthInfo->IdentityTracking,
AuthInfo->Capabilities,
FALSE, // bAcquireNewCredentials
AuthInfo->AdditionalTransportCredentialsType,
AuthInfo->AdditionalCredentials,
AuthInfo->ServerSid
);
if (Status != RPC_S_OK)
{
ASSERT (Status == RPC_S_OUT_OF_MEMORY);
delete NewBindingHandle;
BindingMutex.Clear();
return(RPC_S_OUT_OF_MEMORY);
}
}
if (SecAssociation.Size() == 0)
{
NewBindingHandle->DceBinding = DceBinding->DuplicateDceBinding();
if (NewBindingHandle->DceBinding == 0)
{
BindingMutex.Clear() ;
delete NewBindingHandle;
return(RPC_S_OUT_OF_MEMORY);
}
}
else
{
// copy all sec associations
SecAssociation.Reset(cursor);
while((SecAssoc = SecAssociation.Next(cursor)) != 0)
{
Key = NewBindingHandle->AddAssociation(SecAssoc);
if (Key == -1)
{
BindingMutex.Clear() ;
delete NewBindingHandle;
return (RPC_S_OUT_OF_MEMORY);
}
SecAssoc->DuplicateAssociation();
}
// since the CurrentAssociation is in the SecAssociation dictionary,
// it should have already been copied. Just assign it
NewBindingHandle->CurrentAssociation = CurrentAssociation;
}
BindingMutex.Clear();
*DestinationBinding = (BINDING_HANDLE *) NewBindingHandle;
return(RPC_S_OK);
}
RPC_STATUS
LRPC_BINDING_HANDLE::BindingFree (
)
/*++
Routine Description:
When the application is done with a binding handle, this routine will
get called.
Return Value:
RPC_S_OK - This operation always succeeds.
--*/
{
int LocalRefCount;
LocalRefCount = BindingReferenceCount.Decrement();
if (LocalRefCount == 0)
{
delete this;
}
return(RPC_S_OK);
}
RPC_STATUS
LRPC_BINDING_HANDLE::PrepareBindingHandle (
IN TRANS_INFO * TransportInformation,
IN DCE_BINDING * DceBinding
)
/*++
Routine Description:
This method will be called just before a new binding handle is returned
to the user. We just stack the binding information so that we can use
it later when the first remote procedure call is made. At that time,
we will actually bind to the interface.
Arguments:
TransportInformation - Unused.
DceBinding - Supplies the binding information for this binding handle.
--*/
{
SECURITY_QUALITY_OF_SERVICE SecurityQualityOfService;
RPC_STATUS Status;
UNUSED(TransportInformation);
if (DceBinding->InqNetworkOptions() != 0 &&
DceBinding->InqNetworkOptions()[0] != 0)
{
Status = I_RpcParseSecurity(DceBinding->InqNetworkOptions(),
&SecurityQualityOfService);
if (Status != RPC_S_OK)
{
ASSERT(Status == RPC_S_INVALID_NETWORK_OPTIONS);
return(Status);
}
Status = SetAuthInformation(NULL,
RPC_C_AUTHN_LEVEL_PKT_PRIVACY,
RPC_C_AUTHN_WINNT,
NULL,
NULL,
0,
MapNtToRpcImp(SecurityQualityOfService.ImpersonationLevel),
SecurityQualityOfService.ContextTrackingMode,
RPC_C_QOS_CAPABILITIES_DEFAULT,
TRUE);
if (Status != RPC_S_OK)
{
return Status;
}
EffectiveOnly = SecurityQualityOfService.EffectiveOnly;
}
this->DceBinding = DceBinding;
fDynamicEndpoint = DceBinding->IsNullEndpoint();
return RPC_S_OK;
}
RPC_STATUS
LRPC_BINDING_HANDLE::ToStringBinding (
OUT RPC_CHAR * * StringBinding
)
/*++
Routine Description:
We need to convert the binding handle into a string binding. If the
handle is unbound, use the DceBinding directly, otherwise, get it from
the association.
Arguments:
StringBinding - Returns the string representation of the binding
handle.
Return Value:
RPC_S_OK - The binding handle has successfully been converted into a
string binding.
RPC_S_OUT_OF_MEMORY - Insufficient memory is available to allocate the
string.
--*/
{
if (CurrentAssociation == 0)
{
*StringBinding = DceBinding->StringBindingCompose(
InqPointerAtObjectUuid());
}
else
{
*StringBinding = CurrentAssociation->StringBindingCompose(
InqPointerAtObjectUuid());
}
if (*StringBinding == 0)
{
return(RPC_S_OUT_OF_MEMORY);
}
return(RPC_S_OK);
}
RPC_STATUS
LRPC_BINDING_HANDLE::ResolveBinding (
IN RPC_CLIENT_INTERFACE * RpcClientInterface
)
/*++
Routine Description:
We need to try and resolve the endpoint for this binding handle
if necessary (the binding handle is partially-bound). If there is
isn't a association allocated, call the binding management routines
to do it.
Arguments:
RpcClientInterface - Supplies interface information to be used
in resolving the endpoint.
Return Value:
RPC_S_OK - This binding handle is a full resolved binding handle.
RPC_S_NO_ENDPOINT_FOUND - The endpoint can not be resolved.
RPC_S_OUT_OF_MEMORY - Insufficient memory is available to resolve
the endpoint.
EPT_S_NOT_REGISTERED - There are no more endpoints to be found
for the specified combination of interface, network address,
and lookup handle.
EPT_S_CANT_PERFORM_OP - The operation failed due to misc. error e.g.
unable to bind to the EpMapper.
--*/
{
RPC_STATUS Status;
if (CurrentAssociation == 0)
{
BindingMutex.Request();
Status = DceBinding->ResolveEndpointIfNecessary(
RpcClientInterface,
InqPointerAtObjectUuid(),
InquireEpLookupHandle(),
FALSE,
InqComTimeout(),
INFINITE, // CallTimeout
NULL // AuthInfo
);
BindingMutex.Clear();
return(Status);
}
return(RPC_S_OK);
}
RPC_STATUS
LRPC_BINDING_HANDLE::BindingReset (
)
/*++
Routine Description:
This routine will set the endpoint of this binding handle to zero,
if possible. The binding handle will become partially bound as a
result. If a remote procedure call has been made on this binding
handle, it will fail as well.
Return Value:
RPC_S_OK - The binding handle has successfully been made partially
bound.
RPC_S_WRONG_KIND_OF_BINDING - The binding handle currently has remote
procedure calls active.
--*/
{
LRPC_CASSOCIATION *Association ;
DictionaryCursor cursor;
BindingMutex.Request() ;
if (CurrentAssociation != 0)
{
if (BindingReferenceCount.GetInteger() != 1)
{
BindingMutex.Clear() ;
return(RPC_S_WRONG_KIND_OF_BINDING);
}
DceBinding = CurrentAssociation->DuplicateDceBinding();
if(DceBinding == 0)
{
BindingMutex.Clear() ;
return(RPC_S_OUT_OF_MEMORY);
}
CurrentAssociation = 0;
SecAssociation.Reset(cursor);
while((Association = SecAssociation.Next(cursor)) != 0)
{
RemoveAssociation(Association);
Association->RemoveBindingHandleReference();
}
}
fDynamicEndpoint = TRUE;
DceBinding->MakePartiallyBound();
if (*InquireEpLookupHandle() != 0)
{
EpFreeLookupHandle(*InquireEpLookupHandle());
*InquireEpLookupHandle() = 0;
}
BindingMutex.Clear() ;
return(RPC_S_OK);
}
void
LRPC_BINDING_HANDLE::FreeCCall (
IN LRPC_CCALL * CCall
)
/*++
Routine Description:
This routine will get called to notify this binding handle that a remote
procedure call on this binding handle has completed.
Arguments:
CCall - Supplies the remote procedure call which has completed.
--*/
{
int LocalRefCount;
CCall->InqAssociation()->FreeCCall(CCall);
// do not touch the association beyond this. It could be freed.
LocalRefCount = BindingReferenceCount.Decrement();
if (LocalRefCount == 0)
{
delete this;
}
}
RPC_STATUS
LRPC_BINDING_HANDLE::AllocateCCall (
OUT LRPC_CCALL ** CCall,
IN PRPC_CLIENT_INTERFACE RpcInterfaceInformation,
IN OUT PRPC_MESSAGE Message
)
/*++
Routine Description:
This method will allocate an LRPC_CCALL which has been bound to the
interface specified by the interface information. First, we have got
to see if we have an association for this binding. If not, we need
to find or create one. Before we can find or create an association,
we need to resolve the endpoint if necessary. Next we need to see
if there is already an LRPC_CCALL allocated for this interface and
thread. Otherwise, we need to ask the association to allocate a
LRPC_CCALL for us.
Arguments:
CCall - Returns the allocated LRPC_CCALL which has been bound to
the interface specified by the rpc interface information.
RpcInterfaceInformation - Supplies information describing the
interface to which we wish to bind.
Return Value:
--*/
{
RPC_STATUS Status;
BOOL Boolean;
BOOL FoundSameAuthInfo = FALSE;
LRPC_CASSOCIATION * Association;
LRPC_CASSOCIATION *MyAssociation = NULL;
DictionaryCursor cursor;
int LocalRefCount;
BOOL Supported;
BindingMutex.Request();
if (AuthInfoInitialized == 0)
{
Status = SetAuthInformation(NULL,
RPC_C_AUTHN_LEVEL_PKT_PRIVACY,
RPC_C_AUTHN_WINNT,
NULL,
NULL,
0,
RPC_C_IMP_LEVEL_IMPERSONATE,
RPC_C_QOS_IDENTITY_DYNAMIC,
RPC_C_QOS_CAPABILITIES_DEFAULT,
TRUE);
if (Status != RPC_S_OK)
{
BindingMutex.Clear();
return Status;
}
}
// First we need to check if there is already a call active for this
// thread and interface. To make the common case quicker, we will check
// to see if there are any calls in the dictionary first.
if (RecursiveCalls.Size() != 0)
{
RecursiveCalls.Reset(cursor);
while ((*CCall = RecursiveCalls.Next(cursor)) != 0)
{
if ((*CCall)->IsThisMyActiveCall(
GetThreadIdentifier(),
RpcInterfaceInformation) != 0)
{
BindingMutex.Clear();
return(RPC_S_OK);
}
}
}
// To start off, see if the binding handle points to an association
// yet. If not, we have got to get one.
if (CurrentAssociation == 0)
{
// Before we even bother to find or create an association, lets
// check to make sure that we are on the same machine as the server.
ASSERT(DceBinding->InqNetworkAddress() != 0);
if (DceBinding->InqNetworkAddress()[0] != 0)
{
if (RpcpStringCompareInt(DceBinding->InqNetworkAddress(),
gLocalComputerName) != 0)
{
BindingMutex.Clear();
RpcpErrorAddRecord(EEInfoGCRuntime,
RPC_S_SERVER_UNAVAILABLE,
EEInfoDLLRPC_BINDING_HANDLE__AllocateCCall10,
DceBinding->InqNetworkAddress(),
gLocalComputerName);
return(RPC_S_SERVER_UNAVAILABLE);
}
}
if (DceBinding->IsNullEndpoint())
{
LrpcMutexRequest();
MyAssociation = FindOrCreateLrpcAssociation(
DceBinding,
InquireAuthInformation(),
RpcInterfaceInformation);
LrpcMutexClear();
// don't do anything in the both success and failure
// case. In failure case we'll try full endpoint resolution
// In success case, we leave FoundSameAuthInfo to be FALSE,
// and the code below will figure out we have something
// in MyAssociation and will do the housekeeping tasks
// associated with finding an association
ASSERT(DceBinding);
}
if (!MyAssociation)
{
Status = DceBinding->ResolveEndpointIfNecessary(
RpcInterfaceInformation,
InqPointerAtObjectUuid(),
InquireEpLookupHandle(),
FALSE,
InqComTimeout(),
INFINITE, // CallTimeout
&ClientAuthInfo // AuthInfo
);
if (Status != RPC_S_OK)
{
BindingMutex.Clear();
RpcpErrorAddRecord(EEInfoGCRuntime,
Status,
EEInfoDLLRPC_BINDING_HANDLE__AllocateCCall20,
RpcInterfaceInformation->InterfaceId.SyntaxGUID.Data1);
return(Status);
}
}
}
else
{
Status = CurrentAssociation->IsSupportedAuthInfo(InquireAuthInformation(),
&Supported);
if (Status != RPC_S_OK)
{
BindingMutex.Clear();
return(Status);
}
if (Supported)
{
MyAssociation = CurrentAssociation ;
FoundSameAuthInfo = TRUE;
}
else
{
SecAssociation.Reset(cursor);
while ((Association = SecAssociation.Next(cursor)) != 0)
{
Status = Association->IsSupportedAuthInfo(InquireAuthInformation(),
&Supported);
if (Status != RPC_S_OK)
{
BindingMutex.Clear();
return(Status);
}
if(Supported)
{
MyAssociation = Association ;
FoundSameAuthInfo = TRUE;
break;
}
}
}
}
if (FoundSameAuthInfo == FALSE)
{
// we have some association in the dictionary, check for security level
if (DceBinding == 0)
{
SecAssociation.Reset(cursor);
Association = SecAssociation.Next(cursor);
// it will get deleted when Assoc goes
DceBinding = Association->DuplicateDceBinding();
if(DceBinding == 0)
{
BindingMutex.Clear() ;
return(RPC_S_OUT_OF_MEMORY);
}
}
// if we still haven't found the association
// (may do so during the interface based search for
// an endpoint).
if (!MyAssociation)
{
LrpcMutexRequest();
MyAssociation = FindOrCreateLrpcAssociation(
DceBinding,
InquireAuthInformation(),
NULL);
LrpcMutexClear();
}
if (CurrentAssociation == 0)
{
CurrentAssociation = MyAssociation ;
}
if (MyAssociation == 0)
{
BindingMutex.Clear();
return(RPC_S_OUT_OF_MEMORY);
}
// The association now owns the DceBinding.
DceBinding = 0;
if((AddAssociation(MyAssociation)) == -1)
{
delete MyAssociation;
if (CurrentAssociation == MyAssociation)
{
CurrentAssociation = 0;
}
BindingMutex.Clear();
return (RPC_S_OUT_OF_MEMORY);
}
}
BindingReferenceCount.Increment();
BindingMutex.Clear();
ASSERT(MyAssociation) ;
Status = MyAssociation->AllocateCCall(
this,
CCall,
Message,
RpcInterfaceInformation);
if (Status != RPC_S_OK)
{
LocalRefCount = BindingReferenceCount.Decrement();
ASSERT(LocalRefCount != 0);
}
return(Status);
}
RPC_STATUS
LRPC_BINDING_HANDLE::SetAuthInformation (
IN RPC_CHAR * ServerPrincipalName, OPTIONAL
IN unsigned long AuthenticationLevel,
IN unsigned long AuthenticationService,
IN RPC_AUTH_IDENTITY_HANDLE AuthIdentity, OPTIONAL
IN unsigned long AuthorizationService,
IN SECURITY_CREDENTIALS * Credentials,
IN unsigned long ImpersonationType,
IN unsigned long IdentityTracking,
IN unsigned long Capabilities,
IN BOOL bAcquireNewCredentials,
IN ULONG AdditionalTransportCredentialsType, OPTIONAL
IN void *AdditionalCredentials, OPTIONAL
IN PSID Sid OPTIONAL
)
/*++
Routine Description:
We set the authentication and authorization information in this binding
handle.
Arguments:
ServerPrincipalName - Optionally supplies the server principal name.
AuthenticationLevel - Supplies the authentication level to use.
AuthenticationService - Supplies the authentication service to use.
AuthIdentity - Optionally supplies the security context to use.
AuthorizationService - Supplies the authorization service to use.
AdditionalTransportCredentialsType - the type of additional credentials
supplied in AdditionalCredentials. Not supported for LRPC.
AdditionalCredentials - pointer to additional credentials if any. Not supported
for LRPC.
Sid - the SID to mutually authenticate to
Return Value:
RPC_S_OK - The supplied authentication and authorization information has
been set in the binding handle.
RPC_S_OUT_OF_MEMORY - Insufficient memory is available to complete the
operation.
RPC_S_UNKNOWN_AUTHN_SERVICE - The specified authentication service is
not supported.
RPC_S_UNKNOWN_AUTHN_LEVEL - The specified authentication level is
not supported.
RPC_S_INVALID_AUTH_IDENTITY - The specified security context (supplied
by the auth identity argument) is invalid.
RPC_S_UNKNOWN_AUTHZ_SERVICE - The specified authorization service is
not supported.
--*/
{
RPC_CHAR * NewString ;
RPC_STATUS Status;
HANDLE hToken;
unsigned long MappedAuthenticationLevel;
PSID ServerSid = NULL;
ULONG SidLength;
BOOL Result;
BOOL fCachedSid = TRUE;
if ((AdditionalTransportCredentialsType != 0) || (AdditionalCredentials != NULL))
return RPC_S_CANNOT_SUPPORT;
if (AuthenticationLevel == RPC_C_AUTHN_LEVEL_DEFAULT)
{
AuthenticationLevel = RPC_C_AUTHN_LEVEL_CONNECT;
}
MappedAuthenticationLevel = MapAuthenticationLevel(AuthenticationLevel);
if (AuthenticationLevel > RPC_C_AUTHN_LEVEL_PKT_PRIVACY)
{
return(RPC_S_UNKNOWN_AUTHN_LEVEL);
}
ClientAuthInfo.AuthenticationLevel = MappedAuthenticationLevel;
ClientAuthInfo.AuthenticationService = AuthenticationService;
ClientAuthInfo.AuthIdentity = AuthIdentity;
ClientAuthInfo.AuthorizationService = AuthorizationService;
ClientAuthInfo.IdentityTracking = IdentityTracking;
if (MappedAuthenticationLevel == RPC_C_AUTHN_LEVEL_NONE)
{
ClientAuthInfo.ImpersonationType = RPC_C_IMP_LEVEL_ANONYMOUS;
}
else
{
ClientAuthInfo.ImpersonationType = ImpersonationType;
}
if (AuthenticationService == RPC_C_AUTHN_NONE)
{
AuthInfoInitialized = 0;
return (RPC_S_OK);
}
if(AuthenticationService != RPC_C_AUTHN_WINNT)
{
return(RPC_S_UNKNOWN_AUTHN_SERVICE) ;
}
// For LRPC, MA implies local MA hint.
if (Capabilities & RPC_C_QOS_CAPABILITIES_MUTUAL_AUTH)
{
Capabilities |= RPC_C_QOS_CAPABILITIES_LOCAL_MA_HINT;
// if the SPN is not translated to a SID, we must do that now
if (!ARGUMENT_PRESENT(Sid))
{
Status = RpcpLookupAccountName (ServerPrincipalName,
&fCachedSid,
&ServerSid);
if (Status != RPC_S_OK)
return Status;
Sid = ServerSid;
// fall through to SID processing code below
}
}
ClientAuthInfo.Capabilities = Capabilities;
if (ARGUMENT_PRESENT(Sid))
{
// duplicate if not already allocated
if (ServerSid == NULL)
{
ServerSid = DuplicateSID (Sid);
if (ServerSid == NULL)
return(RPC_S_OUT_OF_MEMORY);
}
BindingMutex.Request();
if ( ClientAuthInfo.ServerSid != 0 )
{
delete ClientAuthInfo.ServerSid;
}
ClientAuthInfo.ServerSid = ServerSid;
BindingMutex.Clear();
}
if (ARGUMENT_PRESENT(ServerPrincipalName) && (*ServerPrincipalName))
{
NewString = DuplicateString(ServerPrincipalName);
if ( NewString == 0 )
{
return(RPC_S_OUT_OF_MEMORY);
}
BindingMutex.Request();
if ( ClientAuthInfo.ServerPrincipalName != 0 )
{
delete ClientAuthInfo.ServerPrincipalName;
}
ClientAuthInfo.ServerPrincipalName = NewString;
BindingMutex.Clear();
}
else
{
BindingMutex.Request();
if ( ClientAuthInfo.ServerPrincipalName != 0 )
{
delete ClientAuthInfo.ServerPrincipalName;
}
ClientAuthInfo.ServerPrincipalName = NULL;
BindingMutex.Clear();
}
if (IdentityTracking == RPC_C_QOS_IDENTITY_STATIC)
{
if (StaticTokenHandle)
{
CloseHandle(StaticTokenHandle);
}
if (OpenThreadToken (GetCurrentThread(),
TOKEN_IMPERSONATE | TOKEN_QUERY,
TRUE,
&StaticTokenHandle) == FALSE)
{
StaticTokenHandle = 0;
}
Status = ReAcquireCredentialsIfNecessary();
if (Status != RPC_S_OK)
{
return Status;
}
}
AuthInfoInitialized = 1;
return(RPC_S_OK);
}
unsigned long
LRPC_BINDING_HANDLE::MapAuthenticationLevel (
IN unsigned long AuthenticationLevel
)
/*++
Routine Description:
The connection oriented protocol module supports all authentication
levels except for RPC_C_AUTHN_LEVEL_CALL. We just need to map it
to RPC_C_AUTHN_LEVEL_PKT.
--*/
{
UNUSED(this);
if (AuthenticationLevel >= RPC_C_AUTHN_LEVEL_CONNECT)
{
return(RPC_C_AUTHN_LEVEL_PKT_PRIVACY);
}
return(AuthenticationLevel);
}
inline int
LRPC_BINDING_HANDLE::AddAssociation (
IN LRPC_CASSOCIATION * Association
)
/*++
Routine Description:
This supplied remote procedure call needs to be put into the dictionary
of association
--*/
{
int err;
BindingMutex.Request() ;
err = SecAssociation.Insert(Association) ;
BindingMutex.Clear() ;
return(err);
}
inline void
LRPC_BINDING_HANDLE::RemoveAssociation (
IN LRPC_CASSOCIATION * Association
)
/*++
Routine Description:
Remove Association from BindingHandle, can keep a Key for Association because
1 association may be added to many BINDINGHANDLE::SecAssociationDict, 1 key per
Association won't do the job. Therefore, we delete Association this way.
Remember, there will be 5 Association in the SecAssoc the most, 1 per SecurityLevel
--*/
{
BindingMutex.Request() ;
SecAssociation.DeleteItemByBruteForce(Association);
BindingMutex.Clear() ;
}
RPC_STATUS
LRPC_BINDING_HANDLE::SetTransportOption( IN unsigned long option,
IN ULONG_PTR optionValue )
{
if (option == RPC_C_OPT_DONT_LINGER)
{
if (CurrentAssociation == NULL)
return RPC_S_WRONG_KIND_OF_BINDING;
if (CurrentAssociation->GetDontLingerState())
return RPC_S_OK;
CurrentAssociation->SetDontLingerState((BOOL)optionValue);
return RPC_S_OK;
}
else
{
return BINDING_HANDLE::SetTransportOption(option, optionValue);
}
}
RPC_STATUS
LRPC_BINDING_HANDLE::InqTransportOption( IN unsigned long option,
OUT ULONG_PTR * pOptionValue )
{
if (option == RPC_C_OPT_DONT_LINGER)
{
if (CurrentAssociation == NULL)
return RPC_S_WRONG_KIND_OF_BINDING;
*pOptionValue = CurrentAssociation->GetDontLingerState();
return RPC_S_OK;
}
else
{
return BINDING_HANDLE::InqTransportOption(option, pOptionValue);
}
}
MTSyntaxBinding *CreateLrpcBinding(
IN RPC_SYNTAX_IDENTIFIER *InterfaceId,
IN TRANSFER_SYNTAX_STUB_INFO *TransferSyntaxInfo,
IN int CapabilitiesBitmap
)
{
return new LRPC_BINDING(InterfaceId,
TransferSyntaxInfo,
CapabilitiesBitmap);
}
// protected by the LrpcMutex
LRPC_CASSOCIATION_DICT * LrpcAssociationDict = 0;
long LrpcLingeredAssociations = 0;
unsigned long LrpcDestroyedAssociations = 0;
ULARGE_INTEGER LastDestroyedAssociationsBatchTimestamp;
LRPC_CASSOCIATION::LRPC_CASSOCIATION (
IN DCE_BINDING * DceBinding,
IN CLIENT_AUTH_INFO *pClientAuthInfo,
IN USHORT MySequenceNumber,
OUT RPC_STATUS * Status
) : AssociationMutex(Status, 4000),
AssocAuthInfo(pClientAuthInfo, Status)
/*++
Routine Description:
This association will be initialized, so that it is ready to be
placed into the dictionary of associations.
Arguments:
DceBinding - Supplies the DCE_BINDING which will name this association.
Status - Returns the result of creating the association mutex.
--*/
{
ObjectType = LRPC_CASSOCIATION_TYPE;
this->DceBinding = DceBinding;
LpcClientPort = 0;
LpcReceivePort = 0;
BackConnectionCreated = 0;
CallIdCounter = 1;
SequenceNumber = MySequenceNumber;
Linger.fAssociationLingered = FALSE;
DeletedContextCount = 0;
BindingHandleReferenceCount = 1;
RefCount.SetInteger(2);
CachedCCall = NULL;
DontLinger = FALSE;
LastSecContextTrimmingTimestamp = 0;
// Generate the bind back cookie.
// The cookie will be used to verify that bind back
// originates from a legitimate server.
GenerateRandomNumber((unsigned char *)BindBackCookie, BIND_BACK_COOKIE_SIZE);
if (*Status == RPC_S_OK)
{
CachedCCall = new LRPC_CCALL(Status);
if (*Status == RPC_S_OK)
{
if (CachedCCall == 0)
{
*Status = RPC_S_OUT_OF_MEMORY ;
return;
}
CachedCCall->SetAssociation(this);
CachedCCallFlag = 1;
}
}
}
LRPC_CASSOCIATION::~LRPC_CASSOCIATION (
)
{
LRPC_BINDING * Binding;
LRPC_CCALL * CCall ;
LRPC_CCONTEXT *SecurityContext;
DictionaryCursor cursor;
if (DceBinding != 0)
{
delete DceBinding;
}
Bindings.Reset(cursor);
while ((Binding = Bindings.RemoveNext(cursor)) != 0)
{
Binding->RemoveReference();
}
SecurityContextDict.Reset(cursor);
while (SecurityContext = SecurityContextDict.RemoveNext(cursor))
{
delete SecurityContext;
}
// delete all CCalls
ActiveCCalls.Reset(cursor) ;
while ((CCall = ActiveCCalls.Next(cursor, TRUE)) != 0)
{
delete CCall ;
}
if (CachedCCallFlag != 0)
{
delete CachedCCall;
}
FreeCCalls.Reset(cursor);
while ((CCall = FreeCCalls.Next(cursor)) != 0)
{
delete CCall;
}
CloseLpcClientPort();
}
RPC_STATUS
LRPC_CASSOCIATION::CreateBackConnection (
IN LRPC_BINDING_HANDLE *BindingHandle
)
/*++
Routine Description:
Ask the server to create a back connection to us. Used in
conjuction with Async RPC.
Return Value:
RPC_S_OK - Function succeeded
RPC_S_OUT_OF_MEMORY - we ran out of memory
--*/
{
#if defined(BUILD_WOW6432)
char LrpcMessageBuffer[sizeof(LRPC_BIND_BACK_MESSAGE) + 8];
char LrpcReplyBuffer[sizeof(LRPC_MESSAGE) + 8];
LRPC_BIND_BACK_MESSAGE *LrpcMessagePtr = (LRPC_BIND_BACK_MESSAGE *) AlignPtr8(LrpcMessageBuffer);
LRPC_MESSAGE *LrpcReplyPtr = (LRPC_MESSAGE *)AlignPtr8(LrpcReplyBuffer);
#else
LRPC_BIND_BACK_MESSAGE LrpcMessageBuffer;
LRPC_MESSAGE LrpcReplyBuffer;
LRPC_BIND_BACK_MESSAGE *LrpcMessagePtr = &LrpcMessageBuffer;
LRPC_MESSAGE *LrpcReplyPtr = &LrpcReplyBuffer;
#endif
NTSTATUS NtStatus ;
RPC_STATUS Status = RPC_S_OK;
if (BackConnectionCreated == 0)
{
Status = AssociationMutex.RequestSafe() ;
if (Status)
return Status;
if (BackConnectionCreated)
{
AssociationMutex.Clear() ;
return RPC_S_OK ;
}
if (LpcClientPort == 0)
{
Status = OpenLpcPort(BindingHandle, TRUE) ;
if (Status != RPC_S_OK)
{
AssociationMutex.Clear() ;
RpcpErrorAddRecord(EEInfoGCRuntime,
Status,
EEInfoDLLRPC_CASSOCIATION__CreateBackConnection10,
InqEndpoint());
return Status ;
}
}
else
{
// zero out the message to prevent data leak
RpcpMemorySet(LrpcMessagePtr, 0, sizeof(*LrpcMessagePtr));
LrpcGetEndpoint((RPC_CHAR *) LrpcMessagePtr->szPortName) ;
LrpcMessagePtr->LpcHeader.u1.s1.DataLength =
sizeof(LRPC_BIND_BACK_MESSAGE) - sizeof(PORT_MESSAGE);
LrpcMessagePtr->LpcHeader.u1.s1.TotalLength =
sizeof(LRPC_BIND_BACK_MESSAGE);
LrpcMessagePtr->LpcHeader.u2.ZeroInit = 0;
LrpcMessagePtr->MessageType = LRPC_MSG_BIND_BACK;
// Make sure we can't be impersonated on the transport level.
// A legitimate Lrpc server will never do this on a bind back.
LrpcMessagePtr->LpcHeader.u2.s2.Type |= LPC_NO_IMPERSONATE;
DWORD Key;
LPC_KEY *LpcKey = (LPC_KEY *) &Key;
LpcKey->SeqNumber = SequenceNumber;
LpcKey->AssocKey = (unsigned short) AssociationDictKey;
LrpcMessagePtr->AssocKey = Key;
// Initialize a cookie to be sent in the message.
RpcpMemoryCopy(LrpcMessagePtr->Cookie, BindBackCookie, BIND_BACK_COOKIE_SIZE);
NtStatus = NtRequestWaitReplyPort(LpcClientPort,
(PORT_MESSAGE *) LrpcMessagePtr,
(PORT_MESSAGE *) LrpcReplyPtr) ;
if (NT_ERROR(NtStatus))
{
AssociationMutex.Clear() ;
if (NtStatus == STATUS_NO_MEMORY)
{
Status = RPC_S_OUT_OF_MEMORY;
}
else if (NtStatus == STATUS_INSUFFICIENT_RESOURCES)
{
Status = RPC_S_OUT_OF_RESOURCES;
}
else
{
VALIDATE(NtStatus)
{
STATUS_INVALID_PORT_HANDLE,
STATUS_INVALID_HANDLE,
STATUS_PORT_DISCONNECTED,
STATUS_LPC_REPLY_LOST
} END_VALIDATE;
Status = RPC_S_SERVER_UNAVAILABLE;
}
RpcpErrorAddRecord(EEInfoGCLPC,
Status,
EEInfoDLLRPC_CASSOCIATION__CreateBackConnection20,
NtStatus);
return (Status);
}
ASSERT(LrpcReplyPtr->Ack.MessageType == LRPC_MSG_ACK) ;
if (LrpcReplyPtr->Ack.RpcStatus != RPC_S_OK)
{
AssociationMutex.Clear() ;
RpcpErrorAddRecord(EEInfoGCRuntime,
LrpcReplyPtr->Ack.RpcStatus,
EEInfoDLLRPC_CASSOCIATION__CreateBackConnection30);
return LrpcReplyPtr->Ack.RpcStatus;
}
}
BackConnectionCreated = 1 ;
AssociationMutex.Clear() ;
}
return Status ;
}
void
LRPC_CASSOCIATION::RemoveBindingHandleReference (
void
)
{
BOOL fWillLinger = FALSE;
LRPC_CASSOCIATION *CurrentAssociation;
LRPC_CASSOCIATION *OldestAssociation = NULL;
DWORD OldestAssociationTimestamp;
DictionaryCursor cursor;
BOOL fEnableGarbageCollection = FALSE;
LrpcMutexRequest();
LogEvent(SU_CASSOC, EV_DEC, this, 0, BindingHandleReferenceCount, 1, 1);
BindingHandleReferenceCount --;
if (BindingHandleReferenceCount == 0)
{
if (LpcClientPort && IsGarbageCollectionAvailable() && (!DontLinger))
{
fWillLinger = PrepareForLoopbackTicklingIfNecessary();
if (fWillLinger)
{
if (LrpcLingeredAssociations >= MaxLrpcLingeredAssociations)
{
OldestAssociationTimestamp = ~(DWORD)0;
// need to walk the dictionary and clean up the oldest item
LrpcAssociationDict->Reset(cursor);
while ((CurrentAssociation = LrpcAssociationDict->Next(cursor)) != 0)
{
if (CurrentAssociation->Linger.fAssociationLingered)
{
// yes, if the tick count wraps around, we may make a
// suboptimal decision and destroy a newer lingering
// association. That's ok - it will be a slight perf hit once
// every ~47 days - it won't be a bug
if (OldestAssociationTimestamp > CurrentAssociation->Linger.Timestamp)
{
OldestAssociation = CurrentAssociation;
}
}
}
// there must be an oldest association here
ASSERT(OldestAssociation);
LrpcAssociationDict->Delete(OldestAssociation->AssociationDictKey);
OldestAssociation->AssociationDictKey = -1;
// no need to update LrpcLingeredAssociations - we removed one,
// but we add one, so the balance is the same
}
else
{
LrpcLingeredAssociations ++;
ASSERT(LrpcLingeredAssociations <= MaxLrpcLingeredAssociations);
}
Linger.Timestamp = GetTickCount() + gThreadTimeout;
Linger.fAssociationLingered = TRUE;
}
}
if (!fWillLinger)
{
LrpcDestroyedAssociations ++;
fEnableGarbageCollection = CheckIfGCShouldBeTurnedOn(
LrpcDestroyedAssociations,
NumberOfLrpcDestroyedAssociationsToSample,
DestroyedLrpcAssociationBatchThreshold,
&LastDestroyedAssociationsBatchTimestamp
);
Delete();
}
}
LrpcMutexClear();
if (fEnableGarbageCollection)
{
// ignore the return value - we'll make a best effort to
// create the thread, but if there's no memory, that's
// still ok as the garbage collection thread only
// provides better perf in this case
(void) CreateGarbageCollectionThread();
}
if (OldestAssociation)
{
#if defined (RPC_GC_AUDIT)
int Diff;
Diff = (int)(GetTickCount() - OldestAssociation->Linger.Timestamp);
DbgPrintEx(77, DPFLTR_WARNING_LEVEL, "%d (0x%X) LRPC association sync gc'ed %d ms after expire\n",
GetCurrentProcessId(), GetCurrentProcessId(), Diff);
#endif
OldestAssociation->Delete();
}
if (fWillLinger)
{
fWillLinger = GarbageCollectionNeeded(TRUE, gThreadTimeout);
if (fWillLinger == FALSE)
{
// uh-oh - we couldn't register for garbage collection - probably
// extremely low on memory. If nobody has picked us up in the meantime,
// delete this association. Otherwise, let it go - somebody is using
// it and we don't need to worry about gc'ing it. We also need to guard
// against the gc thread trying to do Delete on this also. If it does
// so, it will set the AssociationDictKey to -1 before it releases
// the mutex - therefore we can check for this. A gc thread cannot
// completely kill the object as we will hold one reference on it
LrpcMutexRequest();
if (AssociationDictKey != -1)
{
LrpcLingeredAssociations --;
ASSERT(LrpcLingeredAssociations >= 0);
if (Linger.fAssociationLingered)
Delete();
}
LrpcMutexClear();
}
#if defined (RPC_GC_AUDIT)
else
{
DbgPrintEx(77, DPFLTR_WARNING_LEVEL, "%d (0x%X) LRPC association lingered %X\n",
GetCurrentProcessId(), GetCurrentProcessId(), this);
}
#endif
}
// removing the reference should be the last thing to do. Otherwise we're racing
// with a gc thread which may kill the this pointer underneath us
REFERENCED_OBJECT::RemoveReference();
}
void LRPC_CASSOCIATION::Delete(void)
{
int MyCount;
if (SetDeletedFlag())
{
if (AssociationDictKey != -1)
{
LrpcMutexRequest();
LrpcAssociationDict->Delete(AssociationDictKey);
LrpcMutexClear();
}
REFERENCED_OBJECT::RemoveReference();
}
}
BOOL
LRPC_CASSOCIATION::DoesBindingForInterfaceExist (
IN PRPC_CLIENT_INTERFACE RpcInterfaceInformation
)
/*++
Routine Description:
Checks if an association supports a binding for this interface.
Arguments:
RpcInterfaceInformation - Supplies the interface information for
which we are looking for an osf binding object.
Return Value:
FALSE if it doesn't. Non-zero if it does.
--*/
{
LRPC_BINDING *Binding;
DictionaryCursor cursor;
BOOL fRetVal = FALSE;
BOOL fMutexTaken;
fMutexTaken = AssociationMutex.TryRequest();
if (!fMutexTaken)
return FALSE;
Bindings.Reset(cursor);
while ((Binding = Bindings.Next(cursor)) != 0)
{
// if we have a binding on the same interface,
// return TRUE
if (RpcpMemoryCompare(Binding->GetInterfaceId(),
&RpcInterfaceInformation->InterfaceId,
sizeof(RPC_SYNTAX_IDENTIFIER)) == 0)
{
fRetVal = TRUE;
break;
}
}
AssociationMutex.Clear();
return fRetVal;
}
RPC_STATUS
LRPC_CASSOCIATION::AllocateCCall (
IN LRPC_BINDING_HANDLE *BindingHandle,
OUT LRPC_CCALL ** CCall,
IN OUT PRPC_MESSAGE Message,
IN PRPC_CLIENT_INTERFACE RpcInterfaceInformation
)
/*++
Routine Description:
This method will allocate an LRPC_CCALL which has been bound to the
interface specified by the interface information. This means that
first we need to find the presentation context corresponding to the
requested interface.
Arguments:
CCall - Returns the allocated LRPC_CCALL which has been bound to
the interface specified by the rpc interface information.
RpcInterfaceInformation - Supplies information describing the
interface to which we wish to bind.
Return Value:
--*/
{
LRPC_BINDING *SelectedBinding;
int RetryCount;
RPC_STATUS Status;
LRPC_CCONTEXT *SecurityContext;
BOOL fAlterSecurityContextNeeded = FALSE;
BOOL fAlterContextNeeded = FALSE;
LRPC_CCONTEXT *CurrentSecurityContext = NULL;
BOOL fUpdateCredentials = FALSE;
LUID CurrentModifiedId;
DictionaryCursor cursor;
LRPC_BINDING *BindingsForThisInterface[MaximumNumberOfTransferSyntaxes];
int NumberOfBindingsAvailable;
BOOL BindingCreated[MaximumNumberOfTransferSyntaxes];
int i;
int PreferredTransferSyntax;
int MatchingTransferSyntax;
BOOL IsBackConnectionNeeded = IsNonsyncMessage(Message);
RPC_STATUS CaptureStatus;
LRPC_BINDING *CurrentBinding;
BOOL fAssociationAborted = FALSE;
ULONG EffectiveIdentityTracking;
if (IsBackConnectionNeeded)
{
CLIENT_AUTH_INFO * AuthInfo;
AuthInfo = BindingHandle->InquireAuthInformation();
ASSERT(AuthInfo);
if (AuthInfo->IdentityTracking == RPC_C_QOS_IDENTITY_DYNAMIC)
{
CaptureStatus = CaptureModifiedId(&CurrentModifiedId);
fUpdateCredentials = TRUE;
}
}
Status = AssociationMutex.RequestSafe();
if (Status)
return Status;
if (fUpdateCredentials)
{
BindingHandle->UpdateCredentials((CaptureStatus != RPC_S_OK), &CurrentModifiedId);
}
RetryCount = 0;
EffectiveIdentityTracking = BindingHandle->GetIdentityTracking();
do
{
//
// We need to look at two things here. Presentation context
// and security context (in the async dynamic case only). If both match
// then we can allocate the call. Otherwise, we need to first bind
// in order to negotiate the interface/presentation context.
//
if (IsBackConnectionNeeded
|| EffectiveIdentityTracking == RPC_C_QOS_IDENTITY_STATIC)
{
SecurityContextDict.Reset(cursor);
while (SecurityContext = SecurityContextDict.Next(cursor))
{
if (BindingHandle->CompareCredentials(SecurityContext))
{
CurrentSecurityContext = SecurityContext;
CurrentSecurityContext->AddReference();
CurrentSecurityContext->UpdateTimestamp();
break;
}
}
if (SecurityContext == 0)
{
fAlterSecurityContextNeeded = TRUE;
}
}
Status = MTSyntaxBinding::FindOrCreateBinding(RpcInterfaceInformation,
Message,
&Bindings,
CreateLrpcBinding,
NULL, // CheckBinding
NULL, // CallbackContext
&NumberOfBindingsAvailable,
(MTSyntaxBinding **)BindingsForThisInterface,
BindingCreated
);
if (Status != RPC_S_OK)
{
goto Cleanup;
}
PreferredTransferSyntax = -1;
MatchingTransferSyntax = -1;
for (i = 0; i < NumberOfBindingsAvailable; i ++)
{
// do we support the preferred server
if (BindingsForThisInterface[i]->IsTransferSyntaxServerPreferred())
{
PreferredTransferSyntax = i;
break;
}
else if ((BindingCreated[i] == FALSE) && (MatchingTransferSyntax < 0))
{
MatchingTransferSyntax = i;
}
}
// is there a syntax preferred by the server
if (PreferredTransferSyntax >= 0)
{
// do we already support it (i.e. the binding was not created)
if (BindingCreated[PreferredTransferSyntax] == FALSE)
{
// then we're all set - just use it
fAlterContextNeeded = FALSE;
SelectedBinding = BindingsForThisInterface[PreferredTransferSyntax];
}
else
{
// we don't support it - negotiate it. We know this
// will succeed, because the server preferences
// are set. This should be hit in the auto-retry case only
fAlterContextNeeded = TRUE;
ASSERT(_NOT_COVERED_);
}
}
else
{
// no preferred syntax - any will do. Check if we found anything supported
if (MatchingTransferSyntax >= 0)
{
SelectedBinding = BindingsForThisInterface[MatchingTransferSyntax];
fAlterContextNeeded = FALSE;
}
else
{
fAlterContextNeeded = TRUE;
}
}
if (fAlterContextNeeded == FALSE)
{
if (IsBackConnectionNeeded)
{
Status = InitializeAsyncLrpcIfNecessary() ;
if (Status == RPC_S_OK)
{
Status = CreateBackConnection(BindingHandle);
}
if (Status != RPC_S_OK)
{
goto Cleanup;
}
}
}
if (fAlterContextNeeded || fAlterSecurityContextNeeded)
{
Status = ActuallyDoBinding(
BindingHandle,
IsBackConnectionNeeded,
fAlterContextNeeded,
fAlterSecurityContextNeeded,
BindingHandle->ClientAuthInfo.DefaultLogonId,
NumberOfBindingsAvailable,
BindingsForThisInterface,
&SelectedBinding,
&CurrentSecurityContext);
if (Status != RPC_S_SERVER_UNAVAILABLE)
{
fAssociationAborted = FALSE;
break;
}
// The server appears to have gone away, close the port and retry.
RetryCount++;
SelectedBinding = 0;
// both the creation in ActuallyDoBinding and the
// retrieval from the cache will add a refcount -
// remove it
if (CurrentSecurityContext)
{
CurrentSecurityContext->RemoveReference();
CurrentSecurityContext = NULL;
}
fAlterContextNeeded = TRUE;
if (IsBackConnectionNeeded
|| EffectiveIdentityTracking == RPC_C_QOS_IDENTITY_STATIC)
{
fAlterSecurityContextNeeded = TRUE;
}
AbortAssociation();
if (RetryCount < 3)
{
RpcpPurgeEEInfo();
}
fAssociationAborted = TRUE;
}
else
{
Status = RPC_S_OK;
break;
}
} while(RetryCount < 3);
if (Status == RPC_S_OK)
{
ASSERT(SelectedBinding != 0);
Status = ActuallyAllocateCCall(
CCall,
SelectedBinding,
IsBackConnectionNeeded,
BindingHandle,
CurrentSecurityContext);
}
else
{
// if the association was aborted, the bindings were already removed from the
// dictionary - don't do it again
if (fAssociationAborted == FALSE)
{
// the binding failed - remove the created bindings from the dictionary
for (i = 0; i < NumberOfBindingsAvailable; i ++)
{
if (BindingCreated[i])
{
CurrentBinding = Bindings.Delete(BindingsForThisInterface[i]->GetPresentationContext());
ASSERT(CurrentBinding == BindingsForThisInterface[i]);
delete CurrentBinding;
}
}
}
}
Cleanup:
if (CurrentSecurityContext)
{
if (Status == RPC_S_OK)
{
(*CCall)->SetCurrentSecurityContext(CurrentSecurityContext);
}
else
{
// remove the added reference
CurrentSecurityContext->RemoveReference();
}
}
AssociationMutex.Clear();
return(Status);
}
RPC_STATUS
LRPC_CASSOCIATION::ActuallyAllocateCCall (
OUT LRPC_CCALL ** CCall,
IN LRPC_BINDING * Binding,
IN BOOL IsBackConnectionNeeded,
IN LRPC_BINDING_HANDLE * BindingHandle,
IN LRPC_CCONTEXT *SecurityContext
)
/*++
Routine Description:
We need to allocate a LRPC_CCALL object for the call. We also need
to initialize it so that it specified the correct bound interface.
Arguments:
CCall - Returns the allocated LRPC_CCALL which has been bound to
the interface specified by the rpc interface information.
Binding - Supplies a representation of the interface to which the
remote procedure call is supposed to be directed.
Return Value:
RPC_S_OK - An LRPC_CCALL has been allocated and is ready to be used
to make a remote procedure call.
RPC_S_OUT_OF_MEMORY - Insufficient memory is available to allocate
the LRPC_CALL object.
Notes:
The global mutex will be held when this routine is called.
--*/
{
RPC_STATUS Status = RPC_S_OK ;
DictionaryCursor cursor;
LRPC_CCALL *LocalCall;
THREAD *ThisThread;
if (CachedCCallFlag != 0)
{
LocalCall = CachedCCall ;
CachedCCallFlag = 0;
}
else
{
ThisThread = RpcpGetThreadPointer();
ASSERT(ThisThread);
if (ThisThread->GetCachedLrpcCall())
{
LocalCall = ThisThread->GetCachedLrpcCall();
ThisThread->SetCachedLrpcCall(NULL);
LocalCall->SetAssociation(this);
}
else
{
FreeCCalls.Reset(cursor) ;
while ((LocalCall = FreeCCalls.Next(cursor)) != 0)
{
FreeCCalls.Delete(LocalCall->FreeCallKey) ;
break;
}
}
if (LocalCall == 0)
{
LocalCall = new LRPC_CCALL(&Status);
if (LocalCall == 0)
{
return(RPC_S_OUT_OF_MEMORY);
}
if (Status != RPC_S_OK)
{
delete LocalCall ;
return Status ;
}
LocalCall->SetAssociation(this);
}
}
Status = LocalCall->ActivateCall(BindingHandle,
Binding,
IsBackConnectionNeeded,
SecurityContext);
if (Status != RPC_S_OK)
{
goto Cleanup;
}
if (IsBackConnectionNeeded)
{
if (ActiveCCalls.Insert(ULongToPtr(CallIdCounter), LocalCall) == -1)
{
Status = RPC_S_OUT_OF_MEMORY;
// remove the reference we added to this
// binding
Binding->RemoveReference();
goto Cleanup;
}
LocalCall->CallId = CallIdCounter++;
LogEvent(SU_CCALL, EV_START, LocalCall, this, LocalCall->CallId, 1, 0);
}
AddReference();
*CCall = LocalCall;
return(RPC_S_OK);
Cleanup:
if (LocalCall == CachedCCall)
{
CachedCCallFlag = 1;
}
else
{
delete LocalCall ;
}
return (Status) ;
}
void
LRPC_CASSOCIATION::PrepareBindPacket(LRPC_MESSAGE *LrpcMessage)
{
int MessageSize;
int NumContexts = 0;
LRPC_CCONTEXT *CContext;
LRPC_CCONTEXT *DeletedContext;
DictionaryCursor cursor;
DWORD OldestUnusedAge = 0;
LRPC_CCONTEXT *OldestUnusedCContext = NULL;
DWORD CurrentTime = GetTickCount();
// Expire old and unused contexts.
// If we have some space left for expiring additional contexts and
// the cache is at the max size, we will trim the oldest remaining context.
// This is done to make sure that when the cache is at the max, even if
// none of the contexts are old, we will still expire at least one context for
// each new one we establish.
SecurityContextDict.Reset(cursor);
// Proceed while the packet has space left for expiring more contexts.
while (NumContexts < MAX_LRPC_CONTEXTS)
{
// Pick the next unused context.
CContext = SecurityContextDict.Next(cursor);
if (CContext
&& CContext->IsUnused())
{
// If the security context is old, we expire it.
if (CContext->IsSecurityContextOld())
{
LrpcMessage->Bind.OldSecurityContexts.SecurityContextId[NumContexts]
= CContext->SecurityContextId;
DeletedContext = SecurityContextDict.Delete(CContext->ContextKey);
ASSERT(DeletedContext == CContext);
NumContexts++;
delete CContext;
}
// Otherwise, we check if we should force expiration of the oldest context.
else if (SecurityContextDict.Size() > LRPC_CCONTEXT_CACHE_SIZE_THRESHOLD)
{
// Compute the age of the current context taking into account tick count wrapping.
// Note that since both values are unsigned, we will get a large positive Age if CurrentTime < CContext->GetTimestamp().
DWORD Age = CurrentTime - CContext->GetTimestamp();
// If we have the oldest context, remember it.
if (Age > OldestUnusedAge)
{
OldestUnusedAge = Age;
OldestUnusedCContext = CContext;
}
}
}
else
{
break;
}
}
// If there is space left to expire more contexts and we were able to find the oldest unused context, delete it.
if (NumContexts < MAX_LRPC_CONTEXTS
&& OldestUnusedCContext != NULL)
{
LrpcMessage->Bind.OldSecurityContexts.SecurityContextId[NumContexts] = OldestUnusedCContext->SecurityContextId;
DeletedContext = SecurityContextDict.Delete(OldestUnusedCContext->ContextKey);
ASSERT(DeletedContext == OldestUnusedCContext);
NumContexts++;
delete OldestUnusedCContext;
}
UpdateLastSecContextTrimmingTimestamp();
MessageSize = FIELD_OFFSET(LRPC_BIND_MESSAGE, OldSecurityContexts) +
FIELD_OFFSET(OLD_SECURITY_CONTEXTS, SecurityContextId) +
NumContexts*sizeof(DWORD);
LrpcMessage->Bind.OldSecurityContexts.NumContexts = NumContexts;
LrpcMessage->LpcHeader.u1.s1.DataLength = (CSHORT) (MessageSize - sizeof(PORT_MESSAGE));
LrpcMessage->LpcHeader.u1.s1.TotalLength = (CSHORT) MessageSize;
}
RPC_STATUS
LRPC_CASSOCIATION::ActuallyDoBinding (
IN LRPC_BINDING_HANDLE *BindingHandle,
IN BOOL IsBackConnectionNeeded,
IN BOOL fAlterContextNeeded,
IN BOOL fAlterSecurityContextNeeded,
IN BOOL fDefaultLogonId,
IN int NumberOfBindings,
LRPC_BINDING *BindingsForThisInterface[],
OUT LRPC_BINDING ** Binding,
OUT LRPC_CCONTEXT **pSecurityContext
)
/*++
Routine Description:
Arguments:
RpcInterfaceInformation - Supplies information describing the interface
to which we wish to bind.
Binding - Returns an object representing the binding to the interface
described by the first argument.
Return Value:
--*/
{
NTSTATUS NtStatus;
NTSTATUS MyNtStatus;
RPC_STATUS Status = RPC_S_OK;
int DictKey ;
HANDLE ImpersonationToken = 0;
BOOL fTokenAltered = 0;
int i;
LRPC_BIND_EXCHANGE *BindExchange;
int BindingForNDR20PresentationContext;
int BindingForNDR64PresentationContext;
int BindingForNDRTestPresentationContext;
int ChosenBindingIndex;
LRPC_BINDING *SelectedBinding;
LRPC_MESSAGE *LrpcMessage;
ULONG EffectiveIdentityTracking;
//
// To start with, see if we have an LPC port; if we dont, open one
// up.
//
//
// The AssociationMutex is held when this function is called
//
AssociationMutex.VerifyOwned();
if (IsBackConnectionNeeded)
{
Status = InitializeAsyncLrpcIfNecessary() ;
if (Status == RPC_S_OK)
{
Status = CreateBackConnection(BindingHandle) ;
}
if (Status != RPC_S_OK)
{
RpcpErrorAddRecord(EEInfoGCRuntime,
Status,
EEInfoDLLRPC_CASSOCIATION__ActuallyDoBinding10,
InqEndpoint());
return Status ;
}
}
else
{
if (LpcClientPort == 0)
{
//
// we now need to bind explicitly
//
Status = OpenLpcPort(BindingHandle, FALSE);
ASSERT(fAlterContextNeeded == TRUE);
if (Status != RPC_S_OK)
{
RpcpErrorAddRecord(EEInfoGCRuntime,
Status,
EEInfoDLLRPC_CASSOCIATION__ActuallyDoBinding20,
InqEndpoint());
return Status ;
}
}
}
LrpcMessage = (LRPC_MESSAGE *)AlignOnNaturalBoundary(
_alloca(sizeof(LRPC_MESSAGE) + RPCRT_NATURAL_BOUNDARY_ALIGNMENT_MAX_SHIFT));
SanitizeLpcHeader (&LrpcMessage->LpcHeader);
if (CacheNeedsTrimming())
{
PrepareBindPacket(LrpcMessage);
}
else
{
LrpcMessage->LpcHeader.u1.s1.DataLength = FIELD_OFFSET(LRPC_BIND_MESSAGE, OldSecurityContexts)
+ sizeof(LrpcMessage->Bind.OldSecurityContexts.NumContexts)
- sizeof(PORT_MESSAGE);
LrpcMessage->LpcHeader.u1.s1.TotalLength = FIELD_OFFSET(LRPC_BIND_MESSAGE, OldSecurityContexts)
+ sizeof(LrpcMessage->Bind.OldSecurityContexts.NumContexts);
LrpcMessage->Bind.OldSecurityContexts.NumContexts = 0;
}
BindExchange = &LrpcMessage->Bind.BindExchange;
// Zero out uninitialized data.
BindExchange->ConnectType = 0;
BindExchange->AssocKey = 0;
BindExchange->RpcStatus = 0;
BindExchange->SecurityContextId = 0;
RpcpMemorySet(BindExchange->Cookie, 0, BIND_BACK_COOKIE_SIZE);
RpcpMemorySet(&BindExchange->szPortName, 0, sizeof(BindExchange->szPortName));
// Otherwise, just go ahead and send the bind request message to the
// server, and then wait for the bind response.
LrpcMessage->LpcHeader.u2.ZeroInit = 0;
LrpcMessage->Bind.MessageType = LRPC_MSG_BIND;
LrpcMessage->Bind.Pad[0] = 0;
LrpcMessage->Bind.Pad[1] = 0;
LrpcMessage->Bind.Pad[2] = 0;
if (fAlterContextNeeded)
{
SelectedBinding = *Binding = NULL;
ASSERT(NumberOfBindings > 0);
// all bindings have the same interface ID. Therefore, it is
// safe to use the first
RpcpMemoryCopy(&BindExchange->InterfaceId,
BindingsForThisInterface[0]->GetInterfaceId(),
sizeof(RPC_SYNTAX_IDENTIFIER));
BindExchange->Flags = NEW_PRESENTATION_CONTEXT_FLAG;
BindExchange->TransferSyntaxSet = 0;
BindingForNDR20PresentationContext = BindingForNDR64PresentationContext = -1;
ASSERT (NumberOfBindings <= MaximumNumberOfTransferSyntaxes);
for (i = 0; i < NumberOfBindings; i ++)
{
if (RpcpMemoryCompare(BindingsForThisInterface[i]->GetTransferSyntaxId(),
NDR20TransferSyntax, sizeof(RPC_SYNTAX_IDENTIFIER)) == 0)
{
BindExchange->TransferSyntaxSet |= TS_NDR20_FLAG;
BindExchange->PresentationContext[0]
= BindingsForThisInterface[i]->GetOnTheWirePresentationContext();
BindingForNDR20PresentationContext = i;
}
else if (RpcpMemoryCompare(BindingsForThisInterface[i]->GetTransferSyntaxId(),
NDR64TransferSyntax, sizeof(RPC_SYNTAX_IDENTIFIER)) == 0)
{
BindExchange->TransferSyntaxSet |= TS_NDR64_FLAG;
BindExchange->PresentationContext[1]
= BindingsForThisInterface[i]->GetOnTheWirePresentationContext();
BindingForNDR64PresentationContext = i;
}
else if (RpcpMemoryCompare(BindingsForThisInterface[i]->GetTransferSyntaxId(),
NDRTestTransferSyntax, sizeof(RPC_SYNTAX_IDENTIFIER)) == 0)
{
BindExchange->TransferSyntaxSet |= TS_NDRTEST_FLAG;
BindExchange->PresentationContext[2]
= BindingsForThisInterface[i]->GetOnTheWirePresentationContext();
BindingForNDRTestPresentationContext = i;
}
else
{
ASSERT(!"Unknown transfer syntax\n");
Status = RPC_S_UNSUPPORTED_TRANS_SYN;
goto Cleanup;
}
}
}
else
{
RpcpMemorySet(&BindExchange->InterfaceId,
0,
sizeof(RPC_SYNTAX_IDENTIFIER));
BindExchange->Flags = 0;
BindExchange->TransferSyntaxSet = 0;
BindExchange->PresentationContext[0] = 0;
BindExchange->PresentationContext[1] = 0;
BindExchange->PresentationContext[2] = 0;
ASSERT(*Binding != NULL);
SelectedBinding = *Binding;
}
if (fAlterSecurityContextNeeded)
{
BindExchange->Flags |= NEW_SECURITY_CONTEXT_FLAG;
if (fDefaultLogonId)
BindExchange->Flags |= DEFAULT_LOGONID_FLAG;
EffectiveIdentityTracking = BindingHandle->GetIdentityTracking();
if (EffectiveIdentityTracking == RPC_C_QOS_IDENTITY_STATIC)
{
if (OpenThreadToken (GetCurrentThread(),
TOKEN_IMPERSONATE | TOKEN_QUERY,
TRUE,
&ImpersonationToken) == FALSE)
{
ImpersonationToken = 0;
}
MyNtStatus = NtSetInformationThread(NtCurrentThread(),
ThreadImpersonationToken,
&(BindingHandle->StaticTokenHandle),
sizeof(HANDLE));
#if DBG
if (!NT_SUCCESS(MyNtStatus))
{
PrintToDebugger("RPC : NtSetInformationThread : %lx\n", MyNtStatus);
}
#endif // DBG
fTokenAltered = 1;
}
}
// We will allow the server to impersonate us on this call.
// This is fine since for static identity tracking this is when the server
// obtains the client's token.
NtStatus = NtRequestWaitReplyPort(LpcClientPort,
(PORT_MESSAGE *) LrpcMessage,
(PORT_MESSAGE *) LrpcMessage) ;
if (fTokenAltered)
{
MyNtStatus = NtSetInformationThread(NtCurrentThread(),
ThreadImpersonationToken,
&ImpersonationToken,
sizeof(HANDLE));
#if DBG
if (!NT_SUCCESS(MyNtStatus))
{
PrintToDebugger("RPC : NtSetInformationThread : %lx\n", MyNtStatus);
}
#endif // DBG
if (ImpersonationToken)
{
CloseHandle(ImpersonationToken);
}
}
if (NT_SUCCESS(NtStatus))
{
ASSERT(LrpcMessage->Bind.MessageType == LRPC_BIND_ACK);
if (BindExchange->RpcStatus == RPC_S_OK)
{
if (fAlterSecurityContextNeeded &&
(IsBackConnectionNeeded
|| EffectiveIdentityTracking == RPC_C_QOS_IDENTITY_STATIC))
{
//
// The security context ID should never be -1 for success bind_ack.
// Note that this is the case only if we are setting up a new security context.
// If BindExchange->Flags is not set with NEW_SECURITY_CONTEXT_FLAG, then we
// may get back a -1 SecurityContextId, but we will not create a security context.
//
if (BindExchange->SecurityContextId == -1)
{
CORRUPTION_ASSERT(BindExchange->SecurityContextId != -1);
Status = RPC_S_PROTOCOL_ERROR;
goto Cleanup;
}
*pSecurityContext = new LRPC_CCONTEXT(
BindingHandle->InquireAuthInformation(),
BindExchange->SecurityContextId,
this);
if (*pSecurityContext == 0)
{
Status = RPC_S_OUT_OF_MEMORY;
goto Cleanup;
}
if ((DictKey = SecurityContextDict.Insert(*pSecurityContext)) == -1)
{
delete *pSecurityContext;
*pSecurityContext = NULL;
Status = RPC_S_OUT_OF_MEMORY;
goto Cleanup;
}
(*pSecurityContext)->AddReference();
(*pSecurityContext)->ContextKey = DictKey;
}
if (fAlterContextNeeded)
{
ChosenBindingIndex = -1;
// which presentation context did the server pick?
if (BindExchange->TransferSyntaxSet & TS_NDR20_FLAG)
{
ASSERT(BindingForNDR20PresentationContext != -1);
// the server should choose only one transfer syntax
ASSERT((BindExchange->TransferSyntaxSet & ~TS_NDR20_FLAG) == 0);
ChosenBindingIndex = BindingForNDR20PresentationContext;
}
else if (BindExchange->TransferSyntaxSet & TS_NDR64_FLAG)
{
ASSERT(BindingForNDR64PresentationContext != -1);
// the server should choose only one transfer syntax
ASSERT((BindExchange->TransferSyntaxSet & ~TS_NDR64_FLAG) == 0);
ChosenBindingIndex = BindingForNDR64PresentationContext;
}
else if (BindExchange->TransferSyntaxSet & TS_NDRTEST_FLAG)
{
ASSERT(BindingForNDRTestPresentationContext != -1);
// the server should choose only one transfer syntax
ASSERT((BindExchange->TransferSyntaxSet & ~TS_NDRTEST_FLAG) == 0);
ChosenBindingIndex = BindingForNDRTestPresentationContext;
}
else
{
ASSERT(!"Server supplied invalid response");
}
if (ChosenBindingIndex < 0)
{
ASSERT(_NOT_COVERED_);
BindExchange->RpcStatus = RPC_S_UNSUPPORTED_TRANS_SYN;
}
else
{
// if we offered the server a choice of bindings and it
// exercised this choice, record its preferences
if (NumberOfBindings > 1)
{
BindingsForThisInterface[ChosenBindingIndex]->
TransferSyntaxIsServerPreferred();
for (i = 0; i < NumberOfBindings; i ++)
{
if (ChosenBindingIndex != i)
{
BindingsForThisInterface[i]->TransferSyntaxIsNotServerPreferred();
}
}
}
SelectedBinding = BindingsForThisInterface[ChosenBindingIndex];
}
}
}
else
{
if (BindExchange->Flags & EXTENDED_ERROR_INFO_PRESENT)
{
ExtendedErrorInfo *EEInfo;
// In the [out] bind direction the eeinfo is contained in the
// Bind.BindExchangeReturn structure.
// Bind.BindExchange is used for passing the port name in the
// [in] direction and does not have enough space.
ASSERT(IsBufferAligned(LrpcMessage->Bind.BindExchangeReturn.Buffer));
Status = UnpickleEEInfo(LrpcMessage->Bind.BindExchangeReturn.Buffer,
LrpcMessage->LpcHeader.u1.s1.DataLength
- BIND_NAK_PICKLE_BUFFER_OFFSET
+ sizeof(PORT_MESSAGE),
&EEInfo);
if (Status == RPC_S_OK)
{
RpcpSetEEInfo(EEInfo);
}
RpcpErrorAddRecord(EEInfoGCRuntime,
BindExchange->RpcStatus,
EEInfoDLLRPC_CASSOCIATION__ActuallyDoBinding30);
}
}
Status = BindExchange->RpcStatus;
ASSERT (Status != RPC_S_SERVER_UNAVAILABLE
&& Status != RPC_S_ACCESS_DENIED) ;
}
else
{
Status = RPC_S_SERVER_UNAVAILABLE;
RpcpErrorAddRecord(EEInfoGCLPC,
Status,
EEInfoDLLRPC_CASSOCIATION__ActuallyDoBinding40,
NtStatus);
}
Cleanup:
*Binding = SelectedBinding;
return (Status);
}
void
LRPC_CASSOCIATION::ProcessResponse (
IN LRPC_MESSAGE *LrpcResponse,
IN BOOL AssocMutexHeld,
IN OUT LRPC_MESSAGE **LrpcReplyMessage
)
/*++
Routine Description:
Process a response on the back connection.
Two types of responses can show up on the back connection:
1. Responses from async calls.
Arguments:
LrpcResponse - Reply message.
AssocMutexHeld - used to indicate that we are calling this function
while holding the AssociationMutex.
Return Value:
RPC_S_OK - Function succeeded
RPC_S_OUT_OF_MEMORY - we ran out of memory
--*/
{
LRPC_CCALL *CCall ;
RPC_MESSAGE RpcMessage ;
THREAD *ThisThread;
LRPC_CCALL *ExistingCCall;
ULONG OriginalCallId;
ThisThread = RpcpGetThreadPointer();
ASSERT(ThisThread);
ASSERT(ThisThread->GetDestroyedWithOutstandingLocksFlag() == 0);
OriginalCallId = LrpcResponse->Rpc.RpcHeader.CallId;
if (!AssocMutexHeld){
AssociationMutex.Request();
}
CCall = ActiveCCalls.Find(ULongToPtr(OriginalCallId)) ;
if (CCall == 0)
{
AssociationMutex.Clear() ;
if (LrpcResponse->Rpc.RpcHeader.Flags & LRPC_BUFFER_SERVER)
{
// There may be a server thread stuck waiting for the reply
// in which case we should treat this as a synchronous call
// and make sure the message is not dropped.
// We do this only if the buffer is server. If it is not,
// we don't do that, because the LPC response we received
// was datagram, and we can't send a response to a datagram.
// Note that this is not necessary either, since the response
// is from a server, and we don't have any use on the server
// for a fault to a response (it just gets dropped). If the
// buffer is server, we still need to do it to free
// the thread, because it is doing NtRequestWaitReplyPort,
// and this is blocking.
SetFaultPacket(LrpcResponse,
RPC_S_CALL_FAILED_DNE,
LrpcResponse->Rpc.RpcHeader.Flags | LRPC_SYNC_CLIENT,
NULL);
*LrpcReplyMessage = LrpcResponse;
}
return ;
}
CCall->LockCallFromResponse();
AssociationMutex.Clear() ;
CCall->ProcessResponse(LrpcResponse);
// if this call was destroyed with outstanding locks, don't
// touch it - just clear the flag
if (ThisThread->GetDestroyedWithOutstandingLocksFlag())
{
ThisThread->ClearDestroyedWithOutstandingLocksFlag();
}
else
{
AssociationMutex.Request() ;
// check if somebody has freed the call. If yes, don't do anything - the counter
// would have been reset
ExistingCCall = ActiveCCalls.Find(ULongToPtr(OriginalCallId));
if (ExistingCCall
&& (ExistingCCall == CCall))
{
CCall->UnlockCallFromResponse();
}
AssociationMutex.Clear() ;
}
}
RPC_STATUS
LRPC_CASSOCIATION::OpenLpcPort (
IN LRPC_BINDING_HANDLE *BindingHandle,
IN BOOL fBindBack
)
/*++
Routine Description:
Arguments:
RpcInterfaceInformation - Supplies information describing the interface
to which we wish to bind.
Binding - Returns an object representing the binding to the interface
described by the first argument.
Return Value:
RPC_S_OUT_OF_MEMORY - Insufficient memory is available to complete the
operation.
Notes:
The global mutex will be held when this routine is called.
--*/
{
NTSTATUS NtStatus;
UNICODE_STRING UnicodeString;
RPC_CHAR * LpcPortName;
SECURITY_QUALITY_OF_SERVICE SecurityQualityOfService;
RPC_STATUS Status;
LRPC_BIND_EXCHANGE BindExchange;
unsigned long BindExchangeLength = sizeof(LRPC_BIND_EXCHANGE);
PSID SidToUse;
int RetryCount;
BOOL fCachedSid = TRUE;
//
// Look at the network options and initialize the security quality
// of service appropriately.
//
SecurityQualityOfService.EffectiveOnly = (unsigned char) BindingHandle->EffectiveOnly;
SecurityQualityOfService.ContextTrackingMode =
SECURITY_DYNAMIC_TRACKING;
SecurityQualityOfService.ImpersonationLevel =
MapRpcToNtImp(AssocAuthInfo.ImpersonationType) ;
SecurityQualityOfService.Length = sizeof(SECURITY_QUALITY_OF_SERVICE);
//
// Allocate and initialize the port name. We need to stick the
// LRPC_DIRECTORY_NAME on the front of the endpoint. This is for
// security reasons (so that anyone can create LRPC endpoints).
//
LpcPortName = new RPC_CHAR[
RpcpStringLength(DceBinding->InqEndpoint())
+ RpcpStringLength(LRPC_DIRECTORY_NAME) + 1];
if (LpcPortName == 0)
{
return(RPC_S_OUT_OF_MEMORY);
}
RpcpMemoryCopy(LpcPortName, LRPC_DIRECTORY_NAME,
RpcpStringLength(LRPC_DIRECTORY_NAME) * sizeof(RPC_CHAR));
RpcpMemoryCopy(LpcPortName + RpcpStringLength(LRPC_DIRECTORY_NAME),
DceBinding->InqEndpoint(),
(RpcpStringLength(DceBinding->InqEndpoint()) + 1)
* sizeof(RPC_CHAR));
RtlInitUnicodeString(&UnicodeString, LpcPortName);
// zero out buffer to prevent data leak
RpcpMemorySet (&BindExchange, 0, sizeof(BindExchange));
DWORD Key;
LPC_KEY *LpcKey = (LPC_KEY *) &Key;
LpcKey->SeqNumber = SequenceNumber;
LpcKey->AssocKey = (unsigned short) AssociationDictKey;
BindExchange.ConnectType = LRPC_CONNECT_REQUEST ;
BindExchange.AssocKey = Key;
if (fBindBack)
{
BindExchange.Flags = BIND_BACK_FLAG;
// Initialize a cookie to be sent in the message.
RpcpMemoryCopy(BindExchange.Cookie, BindBackCookie, BIND_BACK_COOKIE_SIZE);
// LRPC_BIND_EXCHANGE::szPortName can be at most PORT_NAME_LEN chars.
// The global lrpc server's port name can be initialized either in
// LRPC_SERVER::InitializeAsync or in LRPC_ADDRESS::ActuallySetupAddress.
// In the former case, it is just "MSAsyncRPC_DECIMALPID" and in the latter,
// we check to make sure the name does not overflow.
LrpcGetEndpoint((RPC_CHAR *) BindExchange.szPortName) ;
}
else
{
BindExchange.Flags = 0;
}
if ((AssocAuthInfo.Capabilities & RPC_C_QOS_CAPABILITIES_MUTUAL_AUTH)
&& AssocAuthInfo.ServerPrincipalName)
{
PSID pSID;
// if we don't have a SID, we'll have to convert the name to a SID.
if (AssocAuthInfo.ServerSid == NULL)
{
Status = RpcpLookupAccountName (AssocAuthInfo.ServerPrincipalName,
&fCachedSid,
&pSID
);
if (Status != RPC_S_OK)
{
delete [] LpcPortName;
return Status;
}
}
else
{
ASSERT(IsValidSid(AssocAuthInfo.ServerSid));
pSID = AssocAuthInfo.ServerSid;
}
RetryCount = 0;
do
{
Status = NormalizeAccountSid(pSID, &SidToUse, &RetryCount);
if (Status != RPC_S_OK)
{
if (AssocAuthInfo.ServerSid == NULL)
{
delete [] pSID;
}
delete [] LpcPortName;
return Status;
}
NtStatus = NtSecureConnectPort (
&LpcClientPort,
&UnicodeString,
&SecurityQualityOfService,
NULL,
SidToUse,
NULL,
NULL,
&BindExchange,
&BindExchangeLength);
// we may attempt retry only if we got the server sid
// wrong.
if (NtStatus != STATUS_SERVER_SID_MISMATCH)
break;
}
while (RetryCount != 0);
if (AssocAuthInfo.ServerSid == NULL)
{
delete [] pSID;
}
}
else
{
NtStatus = NtConnectPort(
&LpcClientPort,
&UnicodeString,
&SecurityQualityOfService,
NULL,
NULL,
NULL,
&BindExchange,
&BindExchangeLength);
}
delete [] LpcPortName;
if (NT_SUCCESS(NtStatus))
{
ASSERT(BindExchangeLength == sizeof(LRPC_BIND_EXCHANGE));
return(BindExchange.RpcStatus);
}
if (NtStatus == STATUS_PORT_CONNECTION_REFUSED)
{
if (BindExchange.Flags & SERVER_BIND_EXCH_RESP)
{
RpcpErrorAddRecord(EEInfoGCRuntime,
BindExchange.RpcStatus,
EEInfoDLLRPC_CASSOCIATION__OpenLpcPort20,
NtStatus);
return(BindExchange.RpcStatus);
}
// if the SERVER_BIND_EXCH_RESP flag is not set, the rejection
// comes from LPC. The only case where this can happen is if
// the server is not available.
RpcpErrorAddRecord(EEInfoGCRuntime,
RPC_S_SERVER_UNAVAILABLE,
EEInfoDLLRPC_CASSOCIATION__OpenLpcPort30,
NtStatus);
return(RPC_S_SERVER_UNAVAILABLE);
}
if (NtStatus == STATUS_NO_MEMORY)
{
Status = RPC_S_OUT_OF_MEMORY;
}
else if ((NtStatus == STATUS_INSUFFICIENT_RESOURCES)
|| (NtStatus == STATUS_QUOTA_EXCEEDED))
{
Status = RPC_S_OUT_OF_RESOURCES;
}
else if (NtStatus == STATUS_OBJECT_PATH_INVALID)
{
Status = RPC_S_INVALID_ENDPOINT_FORMAT;
}
else if (NtStatus == STATUS_ACCESS_DENIED
|| NtStatus == STATUS_SERVER_SID_MISMATCH
|| NtStatus == STATUS_BAD_IMPERSONATION_LEVEL)
{
// Invalidate our cache entry for this SPN
(void) RemoveFromSIDCache(AssocAuthInfo.ServerPrincipalName);
Status = RPC_S_ACCESS_DENIED;
}
else
{
#if DBG
if (NtStatus != STATUS_OBJECT_NAME_NOT_FOUND)
{
PrintToDebugger("LRPC: NtConnectPort : %lx\n", NtStatus);
}
#endif // DBG
ASSERT(NtStatus == STATUS_OBJECT_NAME_NOT_FOUND);
Status = RPC_S_SERVER_UNAVAILABLE;
}
RpcpErrorAddRecord(EEInfoGCRuntime,
Status,
EEInfoDLLRPC_CASSOCIATION__OpenLpcPort40,
NtStatus);
return Status;
}
void
LRPC_CASSOCIATION::FreeCCall (
IN LRPC_CCALL * CCall
)
/*++
Routine Description:
This routine will get called to notify this association that a remote
procedure call on this association has completed.
Arguments:
CCall - Supplies the remote procedure call which has completed.
--*/
{
LRPC_CCALL *DeletedCall;
BOOL fMutexTaken = FALSE;
ExtendedErrorInfo *LocalEEInfo;
LRPC_MESSAGE *LocalLrpcMessage;
THREAD *ThisThread;
BOOL fCacheToThread;
BOOL fOutstandingLocks = FALSE;
BOOL fUnlocked;
void *Buffer;
unsigned int BufferLength ;
if (CCall->CallId != (ULONG) -1)
{
// Try to take both resources, but if fail on the second, release
// the first and retry. There is a potential deadlock here, since
// another thread may have the call locked while holding the AssociationMutex,
// release the mutex, and try to take it again. This may happen in
// ProcessResponse()
while (TRUE)
{
AssociationMutex.Request();
fMutexTaken = TRUE;
LogEvent(SU_CCALL, EV_STOP, CCall, this, CCall->CallId, 1, 0);
if (CCall->AsyncStatus == RPC_S_CALL_CANCELLED)
{
// if the call was cancelled, there is a race condition
// where the server may still be sending us a response
// make sure we wait for any response already in the pipeline
// to go through
fOutstandingLocks = CCall->TryWaitForCallToBecomeUnlocked(&fUnlocked);
if (fUnlocked)
break;
else
{
AssociationMutex.Clear();
fMutexTaken = FALSE;
Sleep(10);
}
}
else
{
// this is not a cancel. It is possible that a response
// is still being processed. We zero out the counter now,
// and we will remove the element from the dictionary and
// reset its CallId (we're still inside the mutex). When
// the thread that processes the response is about to
// decrease the refcount, it will check whether the call is
// in the dictionary and whether it has the same call id.
// If yes, it won't touch the call.
CCall->ResponseLockCount.SetInteger(0);
break;
}
}
DeletedCall = ActiveCCalls.Delete(ULongToPtr(CCall->CallId));
ASSERT((DeletedCall == 0) || (CCall == DeletedCall));
CCall->CallId = (ULONG) -1;
}
LogEvent(SU_CCALL, EV_REMOVED, CCall, this, 0, 1, 2);
LogEvent(SU_CCALL, EV_REMOVED, CCall, this, 0, 1, 6);
if (CCall->BufferQueue.Size() != 0)
{
if (!fMutexTaken)
{
AssociationMutex.Request();
fMutexTaken = TRUE;
}
while ((Buffer = CCall->BufferQueue.TakeOffQueue(&BufferLength)) != 0)
{
CCall->ActuallyFreeBuffer(Buffer);
}
}
if (fMutexTaken)
{
LocalEEInfo = CCall->EEInfo;
CCall->EEInfo = NULL;
}
else
{
LocalEEInfo =
(ExtendedErrorInfo *)InterlockedExchangePointer((PVOID *)(&CCall->EEInfo), NULL);
}
if (LocalEEInfo != NULL)
{
FreeEEInfoChain(LocalEEInfo);
}
CCall->Binding->RemoveReference();
CCall->Binding = NULL;
if (CCall == CachedCCall)
{
CachedCCallFlag = 1 ;
}
else
{
if (fMutexTaken)
{
LocalLrpcMessage = CCall->LrpcMessage;
CCall->LrpcMessage = 0;
}
else
{
LocalLrpcMessage =
(LRPC_MESSAGE *)InterlockedExchangePointer((PVOID *)(&CCall->LrpcMessage), 0);
}
FreeMessage(LocalLrpcMessage);
ThisThread = RpcpGetThreadPointer();
ASSERT(ThisThread);
if (gfServerPlatform && (ThisThread->GetCachedLrpcCall() == NULL))
{
CCall->FreeCallKey = -1;
// set the association to NULL to toast anybody who tries to touch it
CCall->Association = NULL;
ThisThread->SetCachedLrpcCall(CCall);
}
else if (FreeCCalls.Size() < 64)
{
if (!fMutexTaken)
{
AssociationMutex.Request();
fMutexTaken = TRUE;
}
if ((CCall->FreeCallKey = FreeCCalls.Insert(CCall)) == -1)
{
delete CCall;
}
}
else
{
CCall->FreeCallKey = -1;
delete CCall;
}
}
if (fMutexTaken)
{
AssociationMutex.Clear();
}
if (fOutstandingLocks)
{
ThisThread = RpcpGetThreadPointer();
ASSERT(ThisThread);
ThisThread->SetDestroyedWithOutstandingLocksFlag();
}
RemoveReference();
}
LRPC_CASSOCIATION *
FindOrCreateLrpcAssociation (
IN DCE_BINDING * DceBinding,
IN CLIENT_AUTH_INFO *pClientAuthInfo,
IN RPC_CLIENT_INTERFACE *InterfaceInfo
)
/*++
Routine Description:
This routine finds an existing association supporting the requested
DCE binding, or creates a new association which supports the
requested DCE binding. Ownership of the passed DceBinding passes
to this routine.
Arguments:
DceBinding - Supplies binding information; if an association is
returned the ownership of the DceBinding is passed
to the association.
pClientAuthInfo - pointer to the client auth info from the binding handle.
We compare the client auth info of each association against the client
auth info of the binding handle to determine if there is a match.
InterfaceInfo - pointer to the interface we are about to make a call on
while we try to find the association. If present, it also indicates
we are trying to do shortcut endpoint resolution. If not present,
we have already resolved the endpoint.
Return Value:
An association which supports the requested binding will be returned.
Otherwise, zero will be returned, indicating insufficient memory.
--*/
{
LRPC_CASSOCIATION * Association;
RPC_STATUS Status = RPC_S_OK;
static USHORT SequenceNumber = 1;
DictionaryCursor cursor;
BOOL fOnlyEndpointDiffers;
int Result;
BOOL Supported;
// First, we check for an existing association.
LrpcAssociationDict->Reset(cursor);
while ((Association = LrpcAssociationDict->Next(cursor)) != 0)
{
#if defined (RPC_GC_AUDIT)
DbgPrintEx(77, DPFLTR_WARNING_LEVEL, "%d (0x%X) Comparing association to: %S, %S, %S\n",
GetCurrentProcessId(), GetCurrentProcessId(), Association->DceBinding->InqRpcProtocolSequence(),
Association->DceBinding->InqNetworkAddress(), Association->DceBinding->InqEndpoint());
#endif
Status = Association->IsSupportedAuthInfo(pClientAuthInfo, &Supported);
if (Status != RPC_S_OK)
{
return NULL;
}
// if we are doing shortcut endpoint resolution, but the association
// did not mutually authenticate the server with the endpoint mapper
// (endpoint mapper name space partitioning), and the binding
// handle wants to mutually authenticate the server with the endpoint
// mapper, we cannot do shortcut endpoint resolution - we must allow
// the endpoint resolution.
if (Supported
&& InterfaceInfo
&& (pClientAuthInfo->Capabilities & RPC_C_QOS_CAPABILITIES_LOCAL_MA_HINT)
&& !(Association->GetAuthInfoCapabilities() & RPC_C_QOS_CAPABILITIES_LOCAL_MA_HINT)
)
{
return NULL;
}
Result = Association->CompareWithDceBinding(DceBinding, &fOnlyEndpointDiffers);
if ((Supported)
&&
(!Result
||
(
fOnlyEndpointDiffers
&& InterfaceInfo
&& DceBinding->IsNullEndpoint()
&& Association->DoesBindingForInterfaceExist(InterfaceInfo)
)
)
)
{
Association->AddBindingHandleReference();
if (Association->Linger.fAssociationLingered == TRUE)
{
#if defined (RPC_GC_AUDIT)
DbgPrintEx(77, DPFLTR_WARNING_LEVEL, "%d (0x%X) LRPC lingering association resurrected %X %S %S %S\n",
GetCurrentProcessId(), GetCurrentProcessId(), Association,
Association->DceBinding->InqRpcProtocolSequence(),
Association->DceBinding->InqNetworkAddress(),
Association->DceBinding->InqEndpoint());
#endif
LrpcLingeredAssociations --;
ASSERT(LrpcLingeredAssociations >= 0);
Association->Linger.fAssociationLingered = FALSE;
}
if ((pClientAuthInfo->Capabilities & RPC_C_QOS_CAPABILITIES_LOCAL_MA_HINT)
&& !(Association->GetAuthInfoCapabilities() & RPC_C_QOS_CAPABILITIES_LOCAL_MA_HINT))
{
Association->AddLocalMAToCapabilities();
}
delete DceBinding;
return(Association);
}
}
// if asked to do short endpoint resolution, don't create new association
if (InterfaceInfo)
return NULL;
#if defined (RPC_GC_AUDIT)
DbgPrintEx(77, DPFLTR_WARNING_LEVEL, "%d (0x%X) Creating association to: %S, %S, %S\n",
GetCurrentProcessId(), GetCurrentProcessId(), DceBinding->InqRpcProtocolSequence(),
DceBinding->InqNetworkAddress(), DceBinding->InqEndpoint());
#endif
SequenceNumber = (SequenceNumber+1) % (0x7FFF);
Association = new LRPC_CASSOCIATION(DceBinding,
pClientAuthInfo,
SequenceNumber,
&Status);
if ((Association != 0) && (Status == RPC_S_OK))
{
Association->AssociationDictKey = LrpcAssociationDict->Insert(Association);
if (Association->AssociationDictKey == -1)
{
Association->DceBinding = 0;
delete Association;
return(0);
}
return(Association);
}
else
{
if (Association != 0)
{
Association->DceBinding = 0;
delete Association;
}
return(0);
}
ASSERT(0);
return(0);
}
void
ShutdownLrpcClient (
)
/*++
Routine Description:
This routine will get called when the process which is using this dll
exits. We will go through and notify any servers that we are going
away.
--*/
{
LRPC_CASSOCIATION * Association;
DictionaryCursor cursor;
if (LrpcAssociationDict != 0)
{
LrpcAssociationDict->Reset(cursor);
while ((Association = LrpcAssociationDict->Next(cursor)) != 0)
{
Association->RemoveReference() ;
}
}
}
void
LRPC_CASSOCIATION::AbortAssociation (
IN BOOL ServerAborted
)
/*++
Routine Description:
This association needs to be aborted because a the server side of the
lpc port has been closed.
--*/
{
LRPC_BINDING * Binding;
LRPC_CCALL *CCall ;
LRPC_CCONTEXT *SecurityContext;
DictionaryCursor cursor;
AssociationMutex.Request();
LogEvent(SU_CASSOC, EV_ABORT, this, 0, ServerAborted, 1, 0);
CloseLpcClientPort();
Bindings.Reset(cursor);
while ((Binding = Bindings.RemoveNext(cursor)) != 0)
{
// RemoveReference will destroy the binding if its
// ref count reaches 0
Binding->RemoveReference();
}
SecurityContextDict.Reset(cursor);
while (SecurityContext = SecurityContextDict.RemoveNext(cursor))
{
SecurityContext->Destroy();
}
int waitIterations = 8;
if (ServerAborted)
{
ActiveCCalls.Reset(cursor);
while ((CCall = ActiveCCalls.Next(cursor, TRUE)) != 0)
{
CCall->ServerAborted(&waitIterations);
}
}
// nuke the free calls as well, because when we abort the association
// some information in them will be stale
FreeCCalls.Reset(cursor);
while ((CCall = FreeCCalls.Next(cursor)) != 0)
{
delete CCall;
}
AssociationMutex.Clear();
}
void
LRPC_CASSOCIATION::CloseLpcClientPort (
)
/*++
Routine Description:
The LpcClientPort will be closed (and a close message sent to the server).
--*/
{
NTSTATUS NtStatus;
HANDLE LpcPortLocal;
if (LpcClientPort != 0)
{
// Another thread might be trying to do a send or a send/receive on this port
// while the association is being aborted. We need to make sure the send on
// the port can't come after the port has been closed.
// To accomplish this, we set the port to NULL and close a local copy. The clients
// may still send on a NULL port, via a small race, but the probability
// can be reduced by checking for a NULL handle and we will just get an error from LPC.
// Also, the port sits on the stack for a little bit while we call the
// LPC routines, so the race is still there, but its minimal.
LpcPortLocal = LpcClientPort;
LpcClientPort = 0;
NtStatus = NtClose(LpcPortLocal);
#if DBG
if (!NT_SUCCESS(NtStatus))
{
PrintToDebugger("RPC : NtClose : %lx\n", NtStatus);
}
#endif // DBG
if (LpcReceivePort)
{
// Similarly to the above case, set the port to NULL and close a local copy.
LpcPortLocal = LpcReceivePort;
LpcReceivePort = 0;
NtStatus = NtClose(LpcPortLocal) ;
#if DBG
if (!NT_SUCCESS(NtStatus))
{
PrintToDebugger("RPC : NtClose : %lx\n", NtStatus);
}
#endif
ASSERT(NT_SUCCESS(NtStatus));
}
BackConnectionCreated = 0;
}
}
RPC_STATUS
LRPC_CASSOCIATION::IsSupportedAuthInfo(
IN CLIENT_AUTH_INFO * ClientAuthInfo,
OUT BOOL *Supported
)
/*++
Routine Description:
Check if this association supports the needed auth info.
Arguments:
ClientAuthInfo - description
Supported - on output, contains non-zero if the association supports
this auth info, and 0 otherwise. Undefined on failure
Return Value:
RPC_S_OK or RPC_S_* error
--*/
{
PSID Sid;
RPC_STATUS RpcStatus;
*Supported = FALSE;
if (!ClientAuthInfo)
{
if (AssocAuthInfo.ImpersonationType == RPC_C_IMP_LEVEL_IMPERSONATE)
{
*Supported = TRUE;
return RPC_S_OK;
}
return RPC_S_OK;
}
if ((ClientAuthInfo->AuthenticationLevel == RPC_C_AUTHN_LEVEL_NONE
&& AssocAuthInfo.AuthenticationLevel != RPC_C_AUTHN_LEVEL_NONE)
|| (AssocAuthInfo.AuthenticationLevel == RPC_C_AUTHN_LEVEL_NONE
&& ClientAuthInfo->AuthenticationLevel != RPC_C_AUTHN_LEVEL_NONE))
{
return RPC_S_OK;
}
ASSERT(ClientAuthInfo->AuthenticationService == RPC_C_AUTHN_WINNT);
if (ClientAuthInfo->AuthorizationService
!= AssocAuthInfo.AuthorizationService)
{
return RPC_S_OK;
}
#if 0
if (ClientAuthInfo->IdentityTracking != AssocAuthInfo.IdentityTracking)
{
return RPC_S_OK;
}
#endif
if (ClientAuthInfo->ImpersonationType != AssocAuthInfo.ImpersonationType)
{
return RPC_S_OK;
}
if (ClientAuthInfo->Capabilities & RPC_C_QOS_CAPABILITIES_MUTUAL_AUTH)
{
// if the SPN and SID are equal, this is supported
return AssocAuthInfo.CompareSPNAndSID (ClientAuthInfo, Supported);
}
*Supported = TRUE;
return RPC_S_OK;
}
LRPC_CCALL::LRPC_CCALL (
IN OUT RPC_STATUS *Status
) : CallMutex(Status),
SyncEvent(Status, 0),
ResponseLockCount(0)
/*++
--*/
{
ObjectType = LRPC_CCALL_TYPE;
CurrentBindingHandle = 0;
Association = 0;
CallAbortedFlag = 0;
LrpcMessage = 0;
CachedLrpcMessage = 0;
FreeCallKey = -1;
CallId = (ULONG) -1;
EEInfo = NULL;
}
LRPC_CCALL::~LRPC_CCALL (
)
/*++
--*/
{
if (LrpcMessage)
{
FreeMessage(LrpcMessage) ;
}
if (CachedLrpcMessage)
{
FreeMessage(CachedLrpcMessage) ;
}
if (CallId != (ULONG) -1)
{
// the association mutex is currently held
Association->ActiveCCalls.Delete(ULongToPtr(CallId));
}
if (FreeCallKey != -1)
{
Association->FreeCCalls.Delete(FreeCallKey) ;
}
}
RPC_STATUS
LRPC_CCALL::NegotiateTransferSyntax (
IN OUT PRPC_MESSAGE Message
)
{
// just return the transfer syntax already negotiated in the binding
Message->TransferSyntax = Binding->GetTransferSyntaxId();
return RPC_S_OK;
}
RPC_STATUS
LRPC_CCALL::GetBuffer (
IN OUT PRPC_MESSAGE Message,
IN UUID *ObjectUuid
)
/*++
Routine Description:
We will allocate a buffer which will be used to either send a request
or receive a response.
ObjectUuid - Ignored
Arguments:
Message - Supplies the length of the buffer that is needed. The buffer
will be returned.
Return Value:
RPC_S_OK - A buffer has been successfully allocated. It will be of at
least the required length.
RPC_S_OUT_OF_MEMORY - Insufficient memory is available to allocate that
large a buffer.
--*/
{
RPC_STATUS Status;
SetObjectUuid(ObjectUuid);
if (LrpcMessage == 0)
{
LrpcMessage = AllocateMessage();
if (LrpcMessage == 0)
{
Status = RPC_S_OUT_OF_MEMORY;
goto Cleanup;
}
}
if (PARTIAL(Message))
{
CurrentBufferLength = (Message->BufferLength < MINIMUM_PARTIAL_BUFFLEN)
? MINIMUM_PARTIAL_BUFFLEN:Message->BufferLength ;
Message->Buffer = RpcpFarAllocate(CurrentBufferLength);
if (Message->Buffer == 0)
{
CurrentBufferLength = 0 ;
Status = RPC_S_OUT_OF_MEMORY;
goto Cleanup;
}
}
else if (Message->BufferLength <= MAXIMUM_MESSAGE_BUFFER)
{
CurrentBufferLength = MAXIMUM_MESSAGE_BUFFER ;
// Uncomment to check for 16 byte alignment on 64 bit
// ASSERT(IsBufferAligned(LrpcMessage->Rpc.Buffer));
Message->Buffer = LrpcMessage->Rpc.Buffer;
LrpcMessage->Rpc.RpcHeader.Flags = LRPC_BUFFER_IMMEDIATE;
LrpcMessage->LpcHeader.u2.ZeroInit = 0;
LrpcMessage->LpcHeader.u1.s1.DataLength = (USHORT)
(Align4(Message->BufferLength) + sizeof(LRPC_RPC_HEADER));
return(RPC_S_OK);
}
else
{
CurrentBufferLength = Message->BufferLength ;
Message->Buffer = RpcpFarAllocate(Message->BufferLength);
if (Message->Buffer == 0)
{
Status = RPC_S_OUT_OF_MEMORY;
goto Cleanup;
}
}
LrpcMessage->Rpc.RpcHeader.Flags = LRPC_BUFFER_REQUEST;
LrpcMessage->Rpc.Request.CountDataEntries = 1;
LrpcMessage->Rpc.Request.DataEntries[0].Base = PtrToMsgPtr(Message->Buffer);
LrpcMessage->Rpc.Request.DataEntries[0].Size = Message->BufferLength;
LrpcMessage->LpcHeader.CallbackId = 0;
LrpcMessage->LpcHeader.u2.ZeroInit = 0;
LrpcMessage->LpcHeader.u2.s2.DataInfoOffset = sizeof(PORT_MESSAGE)
+ sizeof(LRPC_RPC_HEADER);
LrpcMessage->LpcHeader.u1.s1.DataLength = sizeof(LRPC_RPC_HEADER)
+ sizeof(PORT_DATA_INFORMATION);
Status = RPC_S_OK;
Cleanup:
if (Status != RPC_S_OK)
{
AbortCCall();
ASSERT(Status == RPC_S_OUT_OF_MEMORY);
}
return(Status);
}
RPC_STATUS
LpcError (
IN NTSTATUS NtStatus,
IN BOOL fDNE
)
{
if (NtStatus == STATUS_NO_MEMORY)
{
return(RPC_S_OUT_OF_MEMORY);
}
if (NtStatus == STATUS_INSUFFICIENT_RESOURCES)
{
return(RPC_S_OUT_OF_RESOURCES);
}
VALIDATE(NtStatus)
{
STATUS_INVALID_PORT_HANDLE,
STATUS_INVALID_HANDLE,
STATUS_PORT_DISCONNECTED,
STATUS_LPC_REPLY_LOST
} END_VALIDATE;
if ((NtStatus != STATUS_LPC_REPLY_LOST) && fDNE)
{
return (RPC_S_CALL_FAILED_DNE) ;
}
return (RPC_S_CALL_FAILED);
}
RPC_STATUS
LRPC_CCALL::AsyncSend (
IN OUT PRPC_MESSAGE Message
)
/*++
Routine Description:
Send an async request. This request can be either partial or complete.
Arguments:
Message - contains the request.
Return Value:
RPC_S_OK - Function succeeded
RPC_S_OUT_OF_MEMORY - we ran out of memory
--*/
{
RPC_STATUS Status ;
NTSTATUS NtStatus ;
BOOL fRetVal ;
BOOL Shutup ;
ULONG_PTR fNonCausal;
ULONG AsyncStateFlags;
// If it is a small request, we send it here, otherwise, we
// use the helper function.
ASSERT(pAsync) ;
Status = CurrentBindingHandle->InqTransportOption(
RPC_C_OPT_BINDING_NONCAUSAL,
&fNonCausal);
ASSERT(Status == RPC_S_OK);
if (fNonCausal == 0)
{
LrpcMessage->Rpc.RpcHeader.Flags |= LRPC_CAUSAL;
}
if (LrpcMessage->Rpc.RpcHeader.Flags & LRPC_BUFFER_IMMEDIATE)
{
LrpcMessage->LpcHeader.u1.s1.TotalLength = sizeof(PORT_MESSAGE)
+ LrpcMessage->LpcHeader.u1.s1.DataLength;
LrpcMessage->Rpc.RpcHeader.MessageType = LRPC_MSG_REQUEST;
LrpcMessage->Rpc.RpcHeader.Pad = 0;
LrpcMessage->Rpc.RpcHeader.ProcedureNumber = (unsigned short) Message->ProcNum;
LrpcMessage->Rpc.RpcHeader.PresentContext = GetOnTheWirePresentationContext();
if (CurrentSecurityContext)
{
LrpcMessage->Rpc.RpcHeader.SecurityContextId = CurrentSecurityContext->SecurityContextId;
}
else
{
LrpcMessage->Rpc.RpcHeader.SecurityContextId = -1;
}
ASSERT(CallId != (ULONG) -1);
LrpcMessage->Rpc.RpcHeader.CallId = CallId ;
if (UuidSpecified)
{
RpcpMemoryCopy(&(LrpcMessage->Rpc.RpcHeader.ObjectUuid),
&ObjectUuid, sizeof(UUID));
LrpcMessage->Rpc.RpcHeader.Flags |= LRPC_OBJECT_UUID;
}
else
{
// zero out the guid to prevent data leak
RpcpMemorySet(&(LrpcMessage->Rpc.RpcHeader.ObjectUuid),
0, sizeof(UUID));
}
// Make sure the port has not been closed due to an association abort.
if (Association->LpcClientPort)
{
NtStatus = NtRequestPort(Association->LpcClientPort,
(PORT_MESSAGE *) LrpcMessage) ;
}
else
{
NtStatus = STATUS_INVALID_PORT_HANDLE;
}
if (NT_ERROR(NtStatus))
{
FreeCCall() ;
return LpcError(NtStatus, TRUE) ;
}
Status = RPC_S_OK;
}
else
{
AsyncStateFlags = pAsync->Flags;
// Take the call mutex if this is an async pipe call, we can assume that
// it is async since we are in AsyncSend, we must check if its pipe.
// We need to take the mutex to avoid a race between setting fSendMoreExpected in AsyncSend and
// checking it in the thread pool when servicing a LRPC_SERVER_SEND_MORE (ProcessResponse). Without this
// we could end up not getting a notification for this send
if (PARTIAL(Message))
CallMutex.Request();
Status = SendRequest(Message, &Shutup) ;
if ((AsyncStateFlags & RPC_C_NOTIFY_ON_SEND_COMPLETE)
&& (Status == RPC_S_OK || Status == RPC_S_SEND_INCOMPLETE))
{
if (Shutup)
{
fSendMoreExpected = TRUE;
}
else
{
fSendMoreExpected = FALSE;
if (!IssueNotification(RpcSendComplete))
{
Status = RPC_S_OUT_OF_MEMORY ;
}
}
}
if (PARTIAL(Message))
CallMutex.Clear();
}
if (Status == RPC_S_OK)
{
CallMutex.Request();
if (AsyncStatus == RPC_S_CALL_FAILED)
{
LogEvent(SU_CCALL, EV_ABORT, this, (PVOID) 44, 44, 1, 0);
Status = RPC_S_CALL_FAILED;
CallMutex.Clear();
FreeCCall();
}
else
{
fSendComplete = 1;
CallMutex.Clear();
}
}
return(Status);
}
RPC_STATUS
LRPC_CCALL::AsyncReceive (
IN OUT PRPC_MESSAGE Message,
IN unsigned int Size
)
/*++
Routine Description:
Arguments:
Message - Contains the request. On return, it will contain the received buffer
and its length.
Size - Requested size.
Return Value:
RPC_S_OK - Function succeeded
RPC_S_OUT_OF_MEMORY - we ran out of memory
--*/
{
RPC_STATUS Status;
int Extra = IsExtraMessage(Message);
Message->DataRepresentation = 0x00 | 0x10 | 0x0000;
if (!Extra && Message->Buffer)
{
ActuallyFreeBuffer((char *)Message->Buffer);
Message->Buffer = 0;
Message->BufferLength = 0;
}
CallMutex.Request();
if (BufferComplete)
{
Status = GetCoalescedBuffer(Message, Extra);
}
else
{
if (PARTIAL(Message))
{
if (RcvBufferLength < Size)
{
if (NOTIFY(Message))
{
NeededLength = Size ;
}
Status = RPC_S_ASYNC_CALL_PENDING;
}
else
{
Status = GetCoalescedBuffer(Message, Extra);
}
}
else
{
Status = AsyncStatus;
ASSERT(Status != RPC_S_OK);
}
}
CallMutex.Clear();
if (Status == RPC_S_OK
|| Status == RPC_S_ASYNC_CALL_PENDING)
{
return Status;
}
FreeCCall();
return Status;
}
RPC_STATUS
LRPC_CCALL::CancelAsyncCall (
IN BOOL fAbort
)
/*++
Function Name:CancelAsyncCall
Parameters:
fAbort - TRUE: the cancel is abortive, ie, the call completes immediately
FALSE: a cancel PDU is sent to the server, the call doesn't complete
until the server returns
Description:
Returns:
RPC_S_OK: The call was successfully cancelled
others - an error occured during the cancellation process
--*/
{
#if defined(BUILD_WOW6432)
char LrpcCancelMessageBuffer[sizeof(LRPC_CANCEL_MESSAGE) + 8];
LRPC_CANCEL_MESSAGE *LrpcCancelMessagePtr = (LRPC_CANCEL_MESSAGE *)AlignPtr8(LrpcCancelMessageBuffer);
#else
LRPC_CANCEL_MESSAGE LrpcCancelMessageBuffer;
LRPC_CANCEL_MESSAGE *LrpcCancelMessagePtr = &LrpcCancelMessageBuffer;
#endif
NTSTATUS NtStatus;
LogEvent(SU_CCALL, EV_ABORT, this, 0, fAbort, 1, 1);
//
// Notify the server that the call has been cancelled
//
LrpcCancelMessagePtr->LpcHeader.u1.s1.DataLength = sizeof(LRPC_CANCEL_MESSAGE)
- sizeof(PORT_MESSAGE);
LrpcCancelMessagePtr->LpcHeader.u1.s1.TotalLength = sizeof(LRPC_CANCEL_MESSAGE);
LrpcCancelMessagePtr->LpcHeader.u2.ZeroInit = 0;
SanitizeLpcHeader (&LrpcCancelMessagePtr->LpcHeader);
ASSERT(CallId != (ULONG) -1);
// zero out everything b/n MessageType and CallId
RPCP_ZERO_OUT_STRUCT_RANGE(LRPC_RPC_HEADER,
&LrpcCancelMessagePtr->RpcHeader,
Pad,
CallId
);
LrpcCancelMessagePtr->RpcHeader.CallId = CallId;
LrpcCancelMessagePtr->RpcHeader.MessageType = LRPC_MSG_CANCEL;
// Make sure the port has not been closed due to an association abort.
if (Association->LpcClientPort)
{
NtStatus = NtRequestPort(Association->LpcClientPort,
(PORT_MESSAGE *) LrpcCancelMessagePtr) ;
}
else
{
NtStatus = STATUS_INVALID_PORT_HANDLE;
}
// sending the notification to the server is a best effort. We ignore the
// result
if (fAbort)
{
//
// If the cancel was abortive, complete the call right away.
//
//
// We indicate completion. When the app calls RpcAsyncCompleteCall
// we will destroy the call. That is fine, even if the server
// hasn't replied yet, because if the server sends a reply to
// a call or an association that is not there, the client code
// is protected, and will simply free the packet.
//
CallFailed(RPC_S_CALL_CANCELLED);
}
return RPC_S_OK;
}
void
LRPC_CCALL::ProcessResponse(
IN LRPC_MESSAGE *LrpcResponse
)
/*++
Routine Description:
A buffer has just arrived, process it. If some other buffer is already
processing buffers, simply queue it and go away. Otherwise, does
the processing ourselves.
Arguments:
Message - Details on the arrived message
--*/
{
RPC_MESSAGE Message ;
RPC_STATUS Status ;
BOOL fRetVal = 0;
BOOL fFault2;
RPC_STATUS FaultStatus;
THREAD *ThisThread;
ExtendedErrorInfo *EEInfo;
DelayedPipeAckData AckData;
//
// So that abort will not issue a notification
//
fSendComplete = 0;
switch (LrpcResponse->Rpc.RpcHeader.MessageType)
{
case LRPC_MSG_FAULT:
if (LrpcResponse->Fault.RpcHeader.Flags & LRPC_EEINFO_PRESENT)
{
ThisThread = RpcpGetThreadPointer();
ASSERT(ThisThread);
ASSERT(ThisThread->GetEEInfo() == NULL);
if (LrpcResponse->Fault.LpcHeader.u1.s1.TotalLength >
(sizeof(LRPC_FAULT_MESSAGE) - sizeof(LrpcResponse->Fault.Buffer)))
{
Status = UnpickleEEInfo(LrpcResponse->Fault.Buffer,
LrpcResponse->Fault.LpcHeader.u1.s1.TotalLength
- sizeof(LRPC_FAULT_MESSAGE)
+ sizeof(LrpcResponse->Fault.Buffer),
&EEInfo);
if (Status == RPC_S_OK)
{
this->EEInfo = EEInfo;
}
}
}
if (pAsync == 0)
{
AsyncStatus = LrpcResponse->Fault.RpcStatus ;
SyncEvent.Raise();
}
else
{
CallFailed(LrpcResponse->Fault.RpcStatus);
}
FreeMessage(LrpcResponse);
return ;
case LRPC_CLIENT_SEND_MORE:
if (pAsync
&& (pAsync->Flags & RPC_C_NOTIFY_ON_SEND_COMPLETE))
{
// Take the call mutex if this is an async pipe call, we can assume that
// it is async since we are in AsyncSend, we must check if its pipe.
// We need to take the mutex to avoid a race between setting fSendMoreExpected in AsyncSend and
// checking it in the thread pool when servicing a LRPC_SERVER_SEND_MORE (ProcessResponse). Without this
// we could end up not getting a notification for this send
CallMutex.Request();
if (fSendMoreExpected)
{
CallMutex.Clear();
if (!IssueNotification(RpcSendComplete))
{
CallFailed(RPC_S_OUT_OF_MEMORY);
}
}
else
{
CallMutex.Clear();
CORRUPTION_ASSERT(0);
CallFailed(RPC_S_PROTOCOL_ERROR);
}
}
FreeMessage(LrpcResponse);
return;
}
ASSERT((LrpcResponse->Rpc.RpcHeader.MessageType == LRPC_MSG_FAULT2)
|| (LrpcResponse->Rpc.RpcHeader.MessageType == LRPC_MSG_RESPONSE));
if (LrpcResponse->Rpc.RpcHeader.MessageType == LRPC_MSG_FAULT2)
{
fFault2 = TRUE;
FaultStatus = LrpcResponse->Fault2.RpcStatus;
}
else
fFault2 = FALSE;
Message.RpcFlags = 0;
AckData.DelayedAckPipeNeeded = FALSE;
Status = LrpcMessageToRpcMessage(LrpcResponse,
&Message,
Association->LpcReceivePort,
TRUE, // IsReplyFromBackConnection
&AckData
) ;
if (fFault2 && (Status == RPC_S_OK))
{
ThisThread = RpcpGetThreadPointer();
ASSERT(ThisThread);
ASSERT(ThisThread->GetEEInfo() == NULL);
Status = UnpickleEEInfo((unsigned char *)Message.Buffer,
Message.BufferLength,
&EEInfo);
if (Status == RPC_S_OK)
{
this->EEInfo = EEInfo;
}
// else
// fall through the error case below, which will
// handle the failure properly
}
if ((Status != RPC_S_OK) || fFault2)
{
// remember to send delayed ack if any
if (AckData.DelayedAckPipeNeeded)
{
(void) SendPipeAck(Association->LpcReceivePort,
LrpcResponse,
AckData.CurrentStatus);
if ((Status != RPC_S_OK) && (Message.Buffer))
{
RpcpFarFree(Message.Buffer);
}
FreeMessage(LrpcResponse) ;
}
if (fFault2)
{
AsyncStatus = FaultStatus;
Status = FaultStatus;
}
else
AsyncStatus = Status ;
if (pAsync == 0)
{
SyncEvent.Raise();
}
else
{
CallFailed(Status);
}
return;
}
CallMutex.Request() ;
// we have taken the mutex - now we can send the ack
// The reason we need to wait for the mutex to be
// taken before we send the delayed ack for pipes is
// that once we send an ack, the server will send more
// data and these can race with this thread. To be
// safe, we need to take the mutex.
if (AckData.DelayedAckPipeNeeded)
{
Status = SendPipeAck(Association->LpcReceivePort,
LrpcResponse,
AckData.CurrentStatus);
FreeMessage(LrpcResponse) ;
if (Status != RPC_S_OK)
{
CallMutex.Clear();
if (Message.Buffer)
{
RpcpFarFree(Message.Buffer);
}
AsyncStatus = Status ;
if (pAsync == 0)
{
SyncEvent.Raise();
}
else
{
CallFailed(Status);
}
return;
}
}
if (COMPLETE(&Message))
{
BufferComplete = 1;
}
RcvBufferLength += Message.BufferLength ;
if (Message.BufferLength)
{
if (BufferQueue.PutOnQueue(Message.Buffer,
Message.BufferLength))
{
Status = RPC_S_OUT_OF_MEMORY ;
#if DBG
PrintToDebugger("RPC: PutOnQueue failed\n") ;
#endif
if (pAsync)
{
CallMutex.Clear();
CallFailed(Status);
return;
}
else
{
AsyncStatus = Status;
}
}
}
if (pAsync == 0)
{
CallMutex.Clear() ;
SyncEvent.Raise();
return;
}
if (BufferComplete)
{
AsyncStatus = RPC_S_OK;
CallMutex.Clear() ;
IssueNotification();
}
else
{
if (NeededLength > 0 && RcvBufferLength >= NeededLength)
{
CallMutex.Clear() ;
IssueNotification(RpcReceiveComplete);
}
else
{
CallMutex.Clear() ;
}
}
}
RPC_STATUS
LRPC_CCALL::GetCoalescedBuffer (
IN PRPC_MESSAGE Message,
IN BOOL BufferValid
)
/*++
Routine Description:
Remove buffers from the queue and coalesce them into a single buffer.
Arguments:
Message - on return this will contain the coalesced buffer, Message->BufferLength
gives us the length of the coalesced buffer.
BufferValid - Tells us if Message->Buffer is valid on entry.
Return Value:
RPC_S_OK - Function succeeded
RPC_S_OUT_OF_MEMORY - we ran out of memory
--*/
{
void *NewBuffer, *Buffer ;
char *Current ;
unsigned int bufferlength ;
unsigned int TotalLength ;
LRPC_SENDMORE_MESSAGE SendMore ;
NTSTATUS NtStatus ;
CallMutex.Request() ;
if (RcvBufferLength == 0)
{
if (BufferComplete)
{
Message->RpcFlags |= RPC_BUFFER_COMPLETE ;
}
if (BufferValid == 0)
{
Message->Buffer = 0;
Message->BufferLength = 0;
}
CallMutex.Clear();
return RPC_S_OK;
}
BOOL fFillNewBuffer;
if (BufferValid)
{
TotalLength = RcvBufferLength + Message->BufferLength ;
NewBuffer = RpcpFarAllocate(TotalLength) ;
if (NewBuffer == 0)
{
CallMutex.Clear() ;
return RPC_S_OUT_OF_MEMORY;
}
RpcpMemoryCopy(NewBuffer, Message->Buffer, Message->BufferLength) ;
Current = (char *) NewBuffer + Message->BufferLength ;
fFillNewBuffer = 1;
}
else
{
TotalLength = RcvBufferLength ;
if (BufferQueue.Size() == 1)
{
Buffer = BufferQueue.TakeOffQueue(&bufferlength);
ASSERT(Buffer);
NewBuffer = Buffer;
ASSERT(TotalLength == bufferlength);
fFillNewBuffer = 0;
}
else
{
NewBuffer = RpcpFarAllocate(TotalLength) ;
if (NewBuffer == 0)
{
CallMutex.Clear() ;
return RPC_S_OUT_OF_MEMORY;
}
Current = (char *) NewBuffer;
fFillNewBuffer = 1;
}
}
if (fFillNewBuffer)
{
while ((Buffer = BufferQueue.TakeOffQueue(&bufferlength)) != 0)
{
RpcpMemoryCopy(Current, Buffer, bufferlength) ;
Current += bufferlength ;
ActuallyFreeBuffer(Buffer);
}
}
if (Message->Buffer)
{
ActuallyFreeBuffer(Message->Buffer);
}
Message->Buffer = NewBuffer ;
Message->BufferLength = TotalLength ;
RcvBufferLength = 0;
if (BufferComplete)
{
Message->RpcFlags |= RPC_BUFFER_COMPLETE ;
}
else
{
if (Choked)
{
CallMutex.Clear() ;
//
// send a message to the server
// to start sending data again
//
SendMore.LpcHeader.u1.s1.DataLength =
sizeof(SendMore) - sizeof(PORT_MESSAGE);
SendMore.LpcHeader.u1.s1.TotalLength = sizeof(SendMore);
SendMore.LpcHeader.u2.ZeroInit = 0;
SendMore.LpcHeader.CallbackId = 0;
SendMore.LpcHeader.MessageId = 0;
SanitizeLpcHeader (&SendMore.LpcHeader);
// zero out everything b/n MessageType and CallId
RPCP_ZERO_OUT_STRUCT_RANGE(LRPC_RPC_HEADER,
&SendMore.RpcHeader,
Pad,
CallId
);
SendMore.RpcHeader.MessageType = LRPC_SERVER_SEND_MORE;
SendMore.RpcHeader.CallId = CallId ;
ASSERT(CallId != (ULONG) -1);
// Make sure the port has not been closed due to an association abort.
if (Association->LpcClientPort)
{
NtStatus = NtRequestPort(Association->LpcClientPort,
(PORT_MESSAGE *) &SendMore) ;
}
else
{
NtStatus = STATUS_INVALID_PORT_HANDLE;
}
if (!NT_SUCCESS(NtStatus))
{
return RPC_S_CALL_FAILED ;
}
return RPC_S_OK;
}
}
CallMutex.Clear() ;
return RPC_S_OK ;
}
void
LRPC_CCALL::ServerAborted (
IN OUT int *waitIterations
)
/*++
Routine Description:
The server has died, we need the call needs to reflect that, and
cleanup if possible.
--*/
{
if (pAsync)
{
int i;
for (;*waitIterations && AsyncStatus == RPC_S_ASYNC_CALL_PENDING; (*waitIterations)--)
{
Sleep(500);
}
LogEvent(SU_CCALL, EV_ABORT, this, (PVOID) 22, 22, 1, 0);
CallMutex.Request();
if (AsyncStatus == RPC_S_ASYNC_CALL_PENDING)
{
if (fSendComplete == 0)
{
AsyncStatus = RPC_S_CALL_FAILED;
CallMutex.Clear();
}
else
{
CallMutex.Clear();
CallFailed(RPC_S_CALL_FAILED);
}
}
else
{
CallMutex.Clear();
}
}
}
RPC_STATUS
LRPC_CCALL::SendReceive (
IN OUT PRPC_MESSAGE Message
)
/*++
Routine Description:
Arguments:
Message - Supplies the request and returns the response of a remote
procedure call.
Return Value:
RPC_S_OK - The remote procedure call completed successful.
RPC_S_OUT_OF_MEMORY - Insufficient memory is available to perform the
remote procedure call.
RPC_S_OUT_OF_RESOURCES - Insufficient resources are available to complete
the remote procedure call.
--*/
{
NTSTATUS NtStatus;
RPC_STATUS ExceptionCode, Status;
void * OriginalMessageBuffer;
LRPC_MESSAGE *SavedLrpcMessage = 0;
LRPC_MESSAGE *TmpLrpcMessage = 0;
int ActiveCallSetupFlag = 0;
void * TempBuffer;
ExtendedErrorInfo *EEInfo;
DebugClientCallInfo *ClientCallInfo;
DebugCallTargetInfo *CallTargetInfo;
CellTag ClientCallInfoCellTag;
CellTag CallTargetInfoCellTag;
THREAD *ThisThread = RpcpGetThreadPointer();
BOOL fDebugInfoSet = FALSE;
if (CallAbortedFlag != 0)
{
//
// Don't know if it is safe to free the buffer here
//
return(RPC_S_CALL_FAILED_DNE);
}
ASSERT(ThisThread);
// if either client side debugging is enabled or we are
// calling on a thread that has a scall dispatched
if ((IsClientSideDebugInfoEnabled() || ((ThisThread->Context) && IsServerSideDebugInfoEnabled())) && (RecursionCount == 0))
{
CStackAnsi AnsiString;
RPC_CHAR *Endpoint;
int EndpointLength;
if (!IsClientSideDebugInfoEnabled())
{
Status = SetDebugClientCallInformation(&ClientCallInfo, &ClientCallInfoCellTag,
&CallTargetInfo, &CallTargetInfoCellTag, Message, ThisThread->DebugCell,
ThisThread->DebugCellTag);
}
else
{
Status = SetDebugClientCallInformation(&ClientCallInfo, &ClientCallInfoCellTag,
&CallTargetInfo, &CallTargetInfoCellTag, Message, NULL, NULL);
}
if (Status != RPC_S_OK)
{
TempBuffer = NULL;
goto Cleanup;
}
ClientCallInfo->CallID = CallId;
Endpoint = Association->InqEndpoint();
EndpointLength = RpcpStringLength(Endpoint) + 1;
*(AnsiString.GetPAnsiString()) = (char *)_alloca(EndpointLength);
Status = AnsiString.Attach(Endpoint, EndpointLength, EndpointLength * 2);
// effectively ignore failure in the conversion
if (Status == RPC_S_OK)
{
strncpy(ClientCallInfo->Endpoint, AnsiString, sizeof(ClientCallInfo->Endpoint));
}
CallTargetInfo->ProtocolSequence = LRPC_TOWER_ID;
CallTargetInfo->TargetServer[0] = 0;
fDebugInfoSet = TRUE;
}
// NDR_DREP_ASCII | NDR_DREP_LITTLE_ENDIAN | NDR_DREP_IEEE
Message->DataRepresentation = 0x00 | 0x10 | 0x0000;
if (CallStack == 0)
{
if (UuidSpecified)
{
RpcpMemoryCopy(&(LrpcMessage->Rpc.RpcHeader.ObjectUuid),
&ObjectUuid, sizeof(UUID));
LrpcMessage->Rpc.RpcHeader.Flags |= LRPC_OBJECT_UUID;
}
}
else
{
LrpcMessage->LpcHeader.u2.s2.Type = LPC_REQUEST;
LrpcMessage->LpcHeader.ClientId = ClientIdToMsgClientId(ClientId);
LrpcMessage->LpcHeader.MessageId = MessageId;
LrpcMessage->LpcHeader.CallbackId = CallbackId;
}
LrpcMessage->LpcHeader.u1.s1.TotalLength = sizeof(PORT_MESSAGE)
+ LrpcMessage->LpcHeader.u1.s1.DataLength;
LrpcMessage->Rpc.RpcHeader.MessageType = LRPC_MSG_REQUEST;
LrpcMessage->Rpc.RpcHeader.ProcedureNumber = (unsigned short) Message->ProcNum;
LrpcMessage->Rpc.RpcHeader.PresentContext = GetOnTheWirePresentationContext();
if (CurrentSecurityContext)
{
LrpcMessage->Rpc.RpcHeader.SecurityContextId = CurrentSecurityContext->SecurityContextId;
// Make sure we can't be impersonated on the transport level if
// static identity tracking is being used. We may be under different
// identity now then we were during the bind. The server is supposed
// to capture the token during bind and use it later under
// static idenitity tracking.
ASSERT(CurrentBindingHandle != NULL);
if (CurrentBindingHandle->GetIdentityTracking() == RPC_C_QOS_IDENTITY_STATIC)
{
LrpcMessage->LpcHeader.u2.s2.Type |= LPC_NO_IMPERSONATE;
}
}
else
{
LrpcMessage->Rpc.RpcHeader.SecurityContextId = -1;
}
TempBuffer = Message->Buffer;
LrpcMessage->Rpc.RpcHeader.Flags |= LRPC_SYNC_CLIENT | LRPC_NON_PIPE;
LrpcMessage->Rpc.RpcHeader.Pad = 0;
// Make sure the port has not been closed due to an association abort.
if (Association->LpcClientPort)
{
NtStatus = NtRequestWaitReplyPort(Association->LpcClientPort,
(PORT_MESSAGE *) LrpcMessage,
(PORT_MESSAGE *) LrpcMessage);
}
else
{
NtStatus = STATUS_INVALID_PORT_HANDLE;
}
if (NT_ERROR(NtStatus))
{
if (NtStatus == STATUS_NO_MEMORY)
{
Status = RPC_S_OUT_OF_MEMORY;
goto Cleanup;
}
if (NtStatus == STATUS_INSUFFICIENT_RESOURCES)
{
Status = RPC_S_OUT_OF_RESOURCES;
goto Cleanup;
}
VALIDATE(NtStatus)
{
STATUS_INVALID_PORT_HANDLE,
STATUS_INVALID_HANDLE,
STATUS_PORT_DISCONNECTED,
STATUS_LPC_REPLY_LOST
} END_VALIDATE;
Association->AbortAssociation();
if ((CallStack == 0)
&& (NtStatus != STATUS_LPC_REPLY_LOST))
{
//
// It's possible that the server stopped and has now restarted.
// We'll try re-binding and only fail if the new call fails.
//
// We can only retry if we are SURE that the server did not
// execute the request.
if (RecursionCount > 3)
{
// Prevent an infinite loop when GetBuffer returns ok but
// the SendReceive always fails.
Status = RPC_S_CALL_FAILED_DNE;
}
else
{
Status = AutoRetryCall(Message,
TRUE // fFromSendReceive
);
}
}
else
{
// In a callback and/or couldn't retry.
Status = RPC_S_CALL_FAILED;
}
Cleanup:
if (fDebugInfoSet)
{
FreeCell(CallTargetInfo, &CallTargetInfoCellTag);
FreeCell(ClientCallInfo, &ClientCallInfoCellTag);
}
ActuallyFreeBuffer(TempBuffer);
AbortCCall();
return Status;
}
// The message was sent and we got a reply okay.
ActuallyFreeBuffer(Message->Buffer);
for (;;)
{
if (LrpcMessage->Rpc.RpcHeader.MessageType == LRPC_MSG_FAULT)
{
if (LrpcMessage->Fault.RpcHeader.Flags & LRPC_EEINFO_PRESENT)
{
Status = UnpickleEEInfo(LrpcMessage->Fault.Buffer,
LrpcMessage->Fault.LpcHeader.u1.s1.TotalLength
- sizeof(LRPC_FAULT_MESSAGE)
+ sizeof(LrpcMessage->Fault.Buffer),
&EEInfo);
if (Status == RPC_S_OK)
{
RpcpSetEEInfoForThread(ThisThread, EEInfo);
}
// else we just fall through and return an error code -
// this is best effort, so it's Ok
}
Status = LrpcMessage->Fault.RpcStatus;
break;
}
if ((LrpcMessage->Rpc.RpcHeader.MessageType == LRPC_MSG_RESPONSE)
|| (LrpcMessage->Rpc.RpcHeader.MessageType == LRPC_MSG_FAULT2))
{
BOOL fFault2;
RPC_STATUS FaultStatus;
// remember if the message was fault2
if (LrpcMessage->Rpc.RpcHeader.MessageType == LRPC_MSG_FAULT2)
{
fFault2 = TRUE;
FaultStatus = LrpcMessage->Fault2.RpcStatus;
}
else
fFault2 = FALSE;
Status = LrpcMessageToRpcMessage(LrpcMessage,
Message,
Association->LpcClientPort,
FALSE, // IsReplyFromBackConnection
NULL // StatusIfDelayedAck
);
if (fFault2)
{
if (Status == RPC_S_OK)
{
Status = UnpickleEEInfo((unsigned char *)Message->Buffer,
Message->BufferLength,
&EEInfo);
if (Status == RPC_S_OK)
{
RpcpSetEEInfoForThread(ThisThread, EEInfo);
}
// else
// fall through to restoring the original status
}
// the status of the retrieval of
// the extended error info is irrelevant - we
// need to restore the original fault code
Status = FaultStatus;
}
break;
}
ASSERT(LrpcMessage->Rpc.RpcHeader.MessageType
== LRPC_MSG_CALLBACK);
CallStack += 1;
Status = RPC_S_OK;
if ((CallStack == 1)
&& (ActiveCallSetupFlag == 0))
{
ClientId = MsgClientIdToClientId(LrpcMessage->LpcHeader.ClientId);
MessageId = LrpcMessage->LpcHeader.MessageId;
CallbackId = LrpcMessage->LpcHeader.CallbackId;
RecursiveCallsKey = CurrentBindingHandle->AddRecursiveCall(this);
if (RecursiveCallsKey == -1)
{
Status = RPC_S_OUT_OF_MEMORY;
}
else
{
ActiveCallSetupFlag = 1;
}
}
if (SavedLrpcMessage == 0)
{
// First callback, we may need to allocated a new LRPC_MESSAGE.
if (CachedLrpcMessage == 0)
{
CachedLrpcMessage = AllocateMessage() ;
}
if (CachedLrpcMessage == 0)
Status = RPC_S_OUT_OF_MEMORY;
}
if (Status == RPC_S_OK)
{
Status = LrpcMessageToRpcMessage(LrpcMessage,
Message,
Association->LpcClientPort,
FALSE, // IsReplyFromBackConnection
NULL // StatusIfDelayedAck
);
}
if (Status != RPC_S_OK)
{
ActuallyFreeBuffer(Message->Buffer);
LrpcMessage->Fault.RpcHeader.MessageType = LRPC_MSG_FAULT;
LrpcMessage->Fault.RpcStatus = LrpcMapRpcStatus(Status);
LrpcMessage->LpcHeader.u1.s1.DataLength =
sizeof(LRPC_FAULT_MESSAGE) - sizeof(PORT_MESSAGE);
LrpcMessage->LpcHeader.u1.s1.TotalLength =
sizeof(LRPC_FAULT_MESSAGE);
LrpcMessage->LpcHeader.ClientId = ClientIdToMsgClientId(ClientId);
LrpcMessage->LpcHeader.MessageId = MessageId;
LrpcMessage->LpcHeader.CallbackId = CallbackId;
// Make sure the port has not been closed due to an association abort.
if (Association->LpcClientPort)
{
NtStatus = NtReplyWaitReplyPort(Association->LpcClientPort,
(PORT_MESSAGE *) LrpcMessage);
}
else
{
NtStatus = STATUS_INVALID_PORT_HANDLE;
}
}
else
{
PRPC_DISPATCH_TABLE DispatchTableToUse;
OriginalMessageBuffer = Message->Buffer;
Message->TransferSyntax = Binding->GetTransferSyntaxId();
Message->ProcNum = LrpcMessage->Rpc.RpcHeader.ProcedureNumber;
if (SavedLrpcMessage == 0)
{
// First callback
ASSERT(CachedLrpcMessage != 0);
SavedLrpcMessage = LrpcMessage;
LrpcMessage = CachedLrpcMessage;
CachedLrpcMessage = 0;
}
else
{
// >First callback, LrpcMessage and SavedLrpcMessages swap roles
TmpLrpcMessage = SavedLrpcMessage;
SavedLrpcMessage = LrpcMessage;
LrpcMessage = TmpLrpcMessage;
}
// Check to make sure this procnum can actually receive callbacks and
// a valid callback is specified.
// On error - ignore the PDU.
PRPC_DISPATCH_TABLE DispatchTableCallback = Binding->GetDispatchTable();
if (DispatchTableCallback &&
Message->ProcNum < DispatchTableCallback->DispatchTableCount &&
DispatchTableCallback->DispatchTable[Message->ProcNum] != NULL)
{
Status = DispatchCallback(DispatchTableCallback,
Message,
&ExceptionCode);
}
else
{
CORRUPTION_ASSERT(0);
Status = RPC_S_PROTOCOL_ERROR;
}
if (OriginalMessageBuffer != SavedLrpcMessage->Rpc.Buffer)
{
ActuallyFreeBuffer(OriginalMessageBuffer);
}
if (Status != RPC_S_OK)
{
VALIDATE(Status)
{
RPC_P_EXCEPTION_OCCURED,
RPC_S_PROCNUM_OUT_OF_RANGE
} END_VALIDATE;
if (Status == RPC_P_EXCEPTION_OCCURED)
{
Status = LrpcMapRpcStatus(ExceptionCode);
}
LrpcMessage->Fault.RpcStatus = Status;
LrpcMessage->LpcHeader.u1.s1.DataLength =
sizeof(LRPC_FAULT_MESSAGE) - sizeof(PORT_MESSAGE);
LrpcMessage->LpcHeader.u1.s1.TotalLength =
sizeof(LRPC_FAULT_MESSAGE);
LrpcMessage->Fault.RpcHeader.MessageType = LRPC_MSG_FAULT;
}
else
{
LrpcMessage->Rpc.RpcHeader.MessageType =
LRPC_MSG_RESPONSE;
if (LrpcMessage->Rpc.RpcHeader.Flags & LRPC_BUFFER_REQUEST)
{
Status = MakeServerCopyResponse();
if (Status != RPC_S_OK)
{
break;
}
}
}
LrpcMessage->LpcHeader.ClientId = ClientIdToMsgClientId(ClientId);
LrpcMessage->LpcHeader.MessageId = MessageId;
LrpcMessage->LpcHeader.CallbackId = CallbackId;
LrpcMessage->LpcHeader.u1.s1.TotalLength =
LrpcMessage->LpcHeader.u1.s1.DataLength + sizeof(PORT_MESSAGE);
// Make sure the port has not been closed due to an association abort.
if (Association->LpcClientPort)
{
NtStatus = NtReplyWaitReplyPort(Association->LpcClientPort,
(PORT_MESSAGE *) LrpcMessage);
}
else
{
NtStatus = STATUS_INVALID_PORT_HANDLE;
}
RpcpPurgeEEInfo();
}
CallStack -= 1;
if (NT_ERROR(NtStatus))
{
if (NtStatus == STATUS_NO_MEMORY)
{
Status = RPC_S_OUT_OF_MEMORY;
}
else if (NtStatus == STATUS_INSUFFICIENT_RESOURCES)
{
Status = RPC_S_OUT_OF_RESOURCES;
}
else
{
Association->AbortAssociation();
VALIDATE(NtStatus)
{
STATUS_INVALID_PORT_HANDLE,
STATUS_INVALID_HANDLE,
STATUS_PORT_DISCONNECTED,
STATUS_LPC_REPLY_LOST
} END_VALIDATE;
Status = RPC_S_CALL_FAILED;
}
break;
}
}
if (SavedLrpcMessage != 0)
{
if (CachedLrpcMessage != 0)
{
FreeMessage(CachedLrpcMessage) ;
}
CachedLrpcMessage = SavedLrpcMessage;
}
if (ActiveCallSetupFlag != 0)
{
CurrentBindingHandle->RemoveRecursiveCall(RecursiveCallsKey);
}
if (Status != RPC_S_OK)
{
if (CallStack == 0)
{
FreeCCall();
}
}
if (fDebugInfoSet)
{
FreeCell(CallTargetInfo, &CallTargetInfoCellTag);
FreeCell(ClientCallInfo, &ClientCallInfoCellTag);
}
return(Status);
}
RPC_STATUS
LRPC_CCALL::SendRequest (
IN OUT PRPC_MESSAGE Message,
OUT BOOL *Shutup
)
/*++
Routine Description:
Helper function used for sending async requests or pipe requests
Arguments:
Message - request message
Return Value:
RPC_S_OK - Function succeeded
RPC_S_OUT_OF_MEMORY - we ran out of memory
RPC_S_SEND_INCOMPLETE - we were unable to send the complete request.
--*/
{
NTSTATUS NtStatus;
RPC_STATUS ExceptionCode, Status;
void * OriginalMessageBuffer;
LRPC_MESSAGE *TmpLrpcMessage = 0;
void * TempBuffer;
LRPC_MESSAGE *LrpcReplyMessage ;
int RemainingLength = 0;
ASSERT((LrpcMessage->Rpc.RpcHeader.Flags
& LRPC_BUFFER_IMMEDIATE) == 0) ;
*Shutup = 0;
if (CallAbortedFlag != 0)
{
return(RPC_S_CALL_FAILED_DNE);
}
if (CallStack > 0)
{
return (RPC_S_CALL_FAILED);
}
if (PARTIAL(Message))
{
if (Message->BufferLength < MINIMUM_PARTIAL_BUFFLEN)
{
return (RPC_S_SEND_INCOMPLETE);
}
LrpcMessage->Rpc.RpcHeader.Flags |= LRPC_BUFFER_PARTIAL ;
if (NOT_MULTIPLE_OF_EIGHT(Message->BufferLength))
{
RemainingLength = Message->BufferLength & LOW_BITS ;
Message->BufferLength &= ~LOW_BITS ;
}
}
// NDR_DREP_ASCII | NDR_DREP_LITTLE_ENDIAN | NDR_DREP_IEEE
Message->DataRepresentation = 0x00 | 0x10 | 0x0000;
ASSERT(CallId != (ULONG) -1);
LrpcMessage->Rpc.RpcHeader.CallId = CallId ;
if (FirstFrag)
{
LrpcMessage->Rpc.RpcHeader.MessageType = LRPC_MSG_REQUEST;
}
else
{
LrpcMessage->Rpc.RpcHeader.MessageType = LRPC_PARTIAL_REQUEST;
}
LrpcMessage->LpcHeader.u1.s1.TotalLength =
sizeof(PORT_MESSAGE) + LrpcMessage->LpcHeader.u1.s1.DataLength;
LrpcMessage->Rpc.Request.DataEntries[0].Size = Message->BufferLength;
LrpcMessage->Rpc.RpcHeader.ProcedureNumber = (unsigned short) Message->ProcNum;
LrpcMessage->Rpc.RpcHeader.PresentContext = GetOnTheWirePresentationContext();
LrpcMessage->Rpc.RpcHeader.Pad = 0;
if (CurrentSecurityContext)
{
LrpcMessage->Rpc.RpcHeader.SecurityContextId = CurrentSecurityContext->SecurityContextId;
}
else
{
LrpcMessage->Rpc.RpcHeader.SecurityContextId = -1;
}
if (UuidSpecified)
{
ASSERT(CallStack == 0) ;
RpcpMemoryCopy(&(LrpcMessage->Rpc.RpcHeader.ObjectUuid),
&ObjectUuid, sizeof(UUID));
LrpcMessage->Rpc.RpcHeader.Flags |= LRPC_OBJECT_UUID;
}
else
{
// zero out uninitialized data
RpcpMemorySet(&(LrpcMessage->Rpc.RpcHeader.ObjectUuid),
0, sizeof(UUID));
}
// Make sure we can't be impersonated on the transport level if
// static identity tracking is being used.
ASSERT(CurrentBindingHandle != NULL);
if (CurrentBindingHandle->GetIdentityTracking() == RPC_C_QOS_IDENTITY_STATIC)
{
LrpcMessage->LpcHeader.u2.s2.Type |= LPC_NO_IMPERSONATE;
}
if (Association->LpcClientPort)
{
NtStatus = NtRequestWaitReplyPort(Association->LpcClientPort,
(PORT_MESSAGE *) LrpcMessage,
(PORT_MESSAGE *) LrpcMessage);
}
else
{
NtStatus = STATUS_INVALID_PORT_HANDLE;
}
if (NT_ERROR(NtStatus))
{
TempBuffer = Message->Buffer;
if (NtStatus == STATUS_NO_MEMORY)
{
Status = RPC_S_OUT_OF_MEMORY;
goto Cleanup;
}
if (NtStatus == STATUS_INSUFFICIENT_RESOURCES)
{
Status = RPC_S_OUT_OF_RESOURCES;
goto Cleanup;
}
VALIDATE(NtStatus)
{
STATUS_INVALID_PORT_HANDLE,
STATUS_INVALID_HANDLE,
STATUS_PORT_DISCONNECTED,
STATUS_LPC_REPLY_LOST
} END_VALIDATE;
if (pAsync)
{
ASSERT(RecursionCount == 0);
if (NtStatus != STATUS_LPC_REPLY_LOST)
{
Status = RPC_S_CALL_FAILED_DNE;
}
else
{
Status = RPC_S_CALL_FAILED;
}
goto Cleanup;
}
Association->AbortAssociation();
if ((NtStatus != STATUS_LPC_REPLY_LOST) && FirstFrag)
{
ASSERT(CallStack == 0) ;
//
// It's possible that the server stopped and has now restarted.
// We'll try re-binding and only fail if the new call fails.
//
// We can only retry if we are SURE that the server did not
// execute the request.
if (RecursionCount > 3)
{
// Prevent an infinite loop when GetBuffer returns ok but
// the SendReceive always fails.
Status = RPC_S_CALL_FAILED_DNE;
}
else
{
Status = AutoRetryCall(Message,
FALSE // fFromSendReceive
);
}
}
else
{
// In a callback and/or couldn't retry.
Status = RPC_S_CALL_FAILED;
}
Cleanup:
ActuallyFreeBuffer(TempBuffer);
AbortCCall();
return Status;
}
else
{
FirstFrag = 0;
}
if (LrpcMessage->Rpc.RpcHeader.MessageType == LRPC_MSG_ACK)
{
*Shutup = LrpcMessage->Ack.Shutup ;
if (PARTIAL(Message))
{
if (LrpcMessage->Ack.RpcStatus == RPC_S_OK)
{
if (RemainingLength)
{
RpcpMemoryMove(Message->Buffer,
(char *) Message->Buffer + Message->BufferLength,
RemainingLength) ;
Message->BufferLength = RemainingLength ;
return (RPC_S_SEND_INCOMPLETE) ;
}
return RPC_S_OK;
}
}
ActuallyFreeBuffer(Message->Buffer);
Message->Buffer = 0;
return LrpcMessage->Ack.RpcStatus ;
}
ActuallyFreeBuffer(Message->Buffer);
Message->Buffer = 0;
if (LrpcMessage->Rpc.RpcHeader.MessageType == LRPC_MSG_RESPONSE)
{
ASSERT(!PARTIAL(Message)) ;
CurrentBufferLength = 0;
Status = LrpcMessageToRpcMessage(LrpcMessage,
Message,
Association->LpcClientPort,
FALSE, // IsReplyFromBackConnection
NULL // StatusIfDelayedAck
);
if (Status == RPC_S_OK
&& COMPLETE(Message))
{
BufferComplete = 1;
}
Message->RpcFlags = 0;
// we have no out pipes
ASSERT(Status != RPC_S_OK || BufferComplete) ;
}
else if (LrpcMessage->Rpc.RpcHeader.MessageType == LRPC_MSG_FAULT)
{
CurrentBufferLength = 0;
Status = LrpcMessage->Fault.RpcStatus;
}
else
{
// The server should only return messages of types: LRPC_MSG_ACK,
// LRPC_MSG_RESPONSE, and LRPC_MSG_FAULT. All of these have been handled in
// the above clauses.
ASSERT(0 && "Invalid message type");
Status = RPC_S_CALL_FAILED;
}
if (Status != RPC_S_OK)
{
ASSERT(CallStack == 0) ;
FreeCCall();
}
return Status ;
}
RPC_STATUS
LRPC_CCALL::AutoRetryCall (
IN OUT PRPC_MESSAGE Message,
BOOL fFromSendReceive
)
{
RPC_STATUS Status;
void *OldBuffer;
UUID *UuidToUse;
LRPC_CCALL *NewCall;
// any failure after this is unrelated
RpcpPurgeEEInfo();
OldBuffer = Message->Buffer;
Message->Handle = (RPC_BINDING_HANDLE) CurrentBindingHandle;
if (UuidSpecified)
{
UuidToUse = &ObjectUuid;
}
else
{
UuidToUse = 0;
}
Status = CurrentBindingHandle->NegotiateTransferSyntax(Message);
if (Status != RPC_S_OK)
goto CleanupAndReturn;
NewCall = ((LRPC_CCALL *)(Message->Handle));
Status = NewCall->GetBuffer(Message, UuidToUse);
if (Status != RPC_S_OK)
goto CleanupAndReturn;
ASSERT(Message->Buffer != OldBuffer);
RpcpMemoryCopy(Message->Buffer, OldBuffer,
Message->BufferLength);
// This CCALL should be freed,
// a new one was allocated in NegotiateTransferSyntax and is now being used.
ASSERT(NewCall != this);
NewCall->SetRecursionCount(RecursionCount + 1);
if (fFromSendReceive)
Status = NewCall->SendReceive(Message);
else
Status = NewCall->Send(Message);
// the caller has remembered the old buffer and call object,
// and will clean them up regardless of what we return - our
// job is simply to allocate a new call and buffer, and stick
// them in the Message
CleanupAndReturn:
if (Status == RPC_S_SERVER_UNAVAILABLE)
{
// Since we're retrying, if the server has gone missing,
// it just means that the call failed.
Status = RPC_S_CALL_FAILED_DNE;
}
return(Status);
}
RPC_STATUS
LRPC_CCALL::Send (
IN OUT PRPC_MESSAGE Message
)
/*++
Routine Description:
This rountine is used by pipes to send partila data...
Arguments:
Message - Supplies the request and returns the response of a remote
procedure call.
Return Value:
RPC_S_OK - The remote procedure call completed successful.
RPC_S_OUT_OF_MEMORY - Insufficient memory is available to perform the
remote procedure call.
RPC_S_OUT_OF_RESOURCES - Insufficient resources are available to complete
the remote procedure call.
--*/
{
RPC_STATUS Status ;
BOOL Shutup ;
Status = SendRequest(Message, &Shutup) ;
return(Status);
}
RPC_STATUS
LRPC_CCALL::Receive (
IN PRPC_MESSAGE Message,
IN unsigned int Size
)
/*++
Routine Description:
description
Arguments:
arg1 - description
Return Value:
RPC_S_OK - Function succeeded
RPC_S_OUT_OF_MEMORY - we ran out of memory
--*/
{
int size = 0 ;
int BufferLength ;
int RequestedLength ;
RPC_STATUS Status ;
int ActualBufferLength = 0;
int Extra = IsExtraMessage(Message) ;
if (BufferComplete
&& RcvBufferLength == 0)
{
Message->RpcFlags |= RPC_BUFFER_COMPLETE ;
return (RPC_S_OK) ;
}
// If you get here, it means that you have out pipe data.
//
// allocate a buffer big enough to hold the out data:
// if you have a partial receive, you can allocate the buffer up
// front and start receive data.
//
if (PARTIAL(Message))
{
if (Extra)
{
ActualBufferLength = Message->BufferLength ;
BufferLength = Message->BufferLength+Size ;
}
else
{
BufferLength = Size ;
}
}
else
{
if (Extra)
{
ActualBufferLength = Message->BufferLength ;
BufferLength = Message->BufferLength + MINIMUM_PARTIAL_BUFFLEN ;
}
else
{
BufferLength = MINIMUM_PARTIAL_BUFFLEN ;
}
}
Status = GetBufferDo(Message, BufferLength, Extra) ;
if (Status != RPC_S_OK)
{
FreeCCall();
return Status ;
}
RequestedLength = Message->BufferLength - ActualBufferLength;
while (!BufferComplete
&& (!PARTIAL(Message) || (RcvBufferLength < Size)))
{
if (SyncEvent.Wait() == WAIT_FAILED)
{
return RPC_S_CALL_FAILED;
}
}
return GetCoalescedBuffer(Message, Extra);
}
void
LRPC_CCALL::FreeBuffer (
IN PRPC_MESSAGE Message
)
/*++
Routine Description:
We will free the supplied buffer.
Arguments:
Message - Supplies the buffer to be freed.
--*/
{
ActuallyFreeBuffer(Message->Buffer);
if (CallStack == 0)
{
FreeCCall();
}
}
void
LRPC_CCALL::FreePipeBuffer (
IN PRPC_MESSAGE Message
)
/*++
Routine Description:
description
Arguments:
arg1 - description
Return Value:
RPC_S_OK - Function succeeded
RPC_S_OUT_OF_MEMORY - we ran out of memory
--*/
{
RpcpFarFree(Message->Buffer) ;
}
RPC_STATUS
LRPC_CCALL::GetBufferDo (
IN OUT PRPC_MESSAGE Message,
IN unsigned long NewSize,
IN int fDataValid
)
/*++
Routine Description:
description
Arguments:
arg1 - description
Return Value:
RPC_S_OK - Function succeeded
RPC_S_OUT_OF_MEMORY - we ran out of memory
--*/
{
void *NewBuffer ;
int SizeToAlloc ;
if (NewSize < CurrentBufferLength)
{
Message->BufferLength = NewSize ;
}
else
{
SizeToAlloc = (NewSize < MINIMUM_PARTIAL_BUFFLEN) ?
MINIMUM_PARTIAL_BUFFLEN:NewSize ;
NewBuffer = RpcpFarAllocate(SizeToAlloc) ;
if (NewBuffer == 0)
{
RpcpFarFree(Message->Buffer) ;
CurrentBufferLength = 0;
Message->BufferLength = 0;
return RPC_S_OUT_OF_MEMORY ;
}
if (fDataValid && Message->BufferLength > 0)
{
RpcpMemoryCopy(NewBuffer,
Message->Buffer,
Message->BufferLength) ;
}
RpcpFarFree(Message->Buffer) ;
Message->Buffer = NewBuffer ;
Message->BufferLength = NewSize ;
CurrentBufferLength = SizeToAlloc ;
}
return RPC_S_OK ;
}
RPC_STATUS
LRPC_CCALL::ReallocPipeBuffer (
IN PRPC_MESSAGE Message,
IN unsigned int NewSize
)
/*++
Routine Description:
description
Arguments:
arg1 - description
Return Value:
RPC_S_OK - Function succeeded
RPC_S_OUT_OF_MEMORY - we ran out of memory
--*/
{
unsigned int SizeToAlloc ;
void *TempBuffer ;
if (LrpcMessage == 0)
{
LrpcMessage = AllocateMessage();
if (LrpcMessage == 0)
{
return(RPC_S_OUT_OF_MEMORY);
}
}
if (GetBufferDo(Message, NewSize, 1) != RPC_S_OK)
return RPC_S_OUT_OF_MEMORY ;
Message->BufferLength = NewSize ;
LrpcMessage->Rpc.RpcHeader.Flags = LRPC_BUFFER_REQUEST;
LrpcMessage->Rpc.Request.CountDataEntries = 1;
LrpcMessage->Rpc.Request.DataEntries[0].Base = PtrToMsgPtr(Message->Buffer);
LrpcMessage->Rpc.Request.DataEntries[0].Size = Message->BufferLength;
LrpcMessage->LpcHeader.CallbackId = 0;
LrpcMessage->LpcHeader.u2.ZeroInit = 0;
LrpcMessage->LpcHeader.u2.s2.DataInfoOffset = sizeof(PORT_MESSAGE)
+ sizeof(LRPC_RPC_HEADER);
LrpcMessage->LpcHeader.u1.s1.DataLength = sizeof(LRPC_RPC_HEADER)
+ sizeof(PORT_DATA_INFORMATION);
return (RPC_S_OK) ;
}
void
LRPC_CCALL::AbortCCall (
)
/*++
Routine Description:
This client call has failed, so we need to abort it. We may called
while nested in one or more callbacks.
--*/
{
LRPC_BINDING_HANDLE * BindingHandle;
CallAbortedFlag = 1;
if (CallStack == 0)
{
ASSERT(CurrentBindingHandle != 0);
BindingHandle = CurrentBindingHandle;
CurrentBindingHandle = 0;
BindingHandle->FreeCCall(this);
}
}
inline RPC_STATUS
LRPC_CCALL::LrpcMessageToRpcMessage (
IN LRPC_MESSAGE *LrpcResponse,
OUT RPC_MESSAGE *Message,
IN HANDLE LpcPort,
IN BOOL IsReplyFromBackConnection OPTIONAL,
OUT DelayedPipeAckData *AckData OPTIONAL
)
/*++
Routine Description:
We will convert from an LRPC_MESSAGE representation of a buffer (and
its length) to an RPC_MESSAGE representation.
Arguments:
LrpcResponse - the response we received from the server
RpcMessage - Returns the RPC_MESSAGE representation.
LpcPort - the association port on which we send data to the server
IsReplyFromBackConnection - non-zero if the reply is from back connection
AckData - if non-NULL, and the received data are pipe data, an
acknowledgement to a pipe response will be delayed, the current
status will be placed here, and it will be indicated the ack was
delayed. Also, if non-NULL, the caller must set
AckData->DelayedAckPipeNeeded to FALSE.
If NULL, any acknowledgement will be sent immediately.
--*/
{
NTSTATUS NtStatus;
SIZE_T NumberOfBytesRead;
#if defined(BUILD_WOW6432)
char CopyMessageBuffer[sizeof(LRPC_COPY_MESSAGE) + 8];
LRPC_COPY_MESSAGE *CopyMessagePtr = (LRPC_COPY_MESSAGE *) AlignPtr8(CopyMessageBuffer);
#else
LRPC_COPY_MESSAGE CopyMessageBuffer;
LRPC_COPY_MESSAGE *CopyMessagePtr = &CopyMessageBuffer;
#endif
RPC_STATUS Status = RPC_S_OK;
RPC_STATUS Status2;
BOOL fPartialResponse;
if (ARGUMENT_PRESENT(AckData))
{
ASSERT(AckData->DelayedAckPipeNeeded == FALSE);
}
if(LrpcResponse->Rpc.RpcHeader.Flags & LRPC_BUFFER_IMMEDIATE)
{
if (LrpcResponse->LpcHeader.u1.s1.DataLength < sizeof(LRPC_RPC_HEADER))
{
ASSERT(LrpcResponse->LpcHeader.u1.s1.DataLength >= sizeof(LRPC_RPC_HEADER));
return RPC_S_PROTOCOL_ERROR;
}
Message->Buffer = LrpcResponse->Rpc.Buffer;
Message->BufferLength =
(unsigned int) LrpcResponse->LpcHeader.u1.s1.DataLength
- sizeof(LRPC_RPC_HEADER);
if ((LrpcResponse->Rpc.RpcHeader.Flags & LRPC_BUFFER_PARTIAL) == 0)
{
Message->RpcFlags |= RPC_BUFFER_COMPLETE ;
}
if (IsReplyFromBackConnection)
{
LpcReplyMessage = LrpcResponse ;
}
}
else if (LrpcResponse->Rpc.RpcHeader.Flags & LRPC_BUFFER_SERVER)
{
if (IsReplyFromBackConnection == 0)
{
UINT BufferLength;
LPC_PVOID ServerBuffer;
ASSERT(LrpcMessage == LrpcResponse);
BufferLength = LrpcResponse->Rpc.Server.Length;
ServerBuffer = LrpcResponse->Rpc.Server.Buffer;
Message->BufferLength = BufferLength;
Message->RpcFlags |= RPC_BUFFER_COMPLETE ;
CopyMessagePtr->LpcHeader.u2.ZeroInit = 0;
SanitizeLpcHeader (&CopyMessagePtr->LpcHeader);
CopyMessagePtr->Server.Buffer = ServerBuffer;
CopyMessagePtr->Server.Length = BufferLength;
if (BufferLength >= 0x80000000)
{
ASSERT(BufferLength < 0x80000000);
Message->Buffer = 0;
CopyMessagePtr->RpcStatus = RPC_S_PROTOCOL_ERROR;
}
else {
Message->Buffer = RpcpFarAllocate(BufferLength) ;
if (Message->Buffer == 0)
{
CopyMessagePtr->RpcStatus = RPC_S_OUT_OF_MEMORY;
}
else
{
CopyMessagePtr->RpcStatus = RPC_S_OK;
CopyMessagePtr->Request.CountDataEntries = 1;
CopyMessagePtr->Request.DataEntries[0].Base = PtrToMsgPtr(Message->Buffer);
CopyMessagePtr->Request.DataEntries[0].Size = Message->BufferLength ;
CopyMessagePtr->LpcHeader.u2.s2.DataInfoOffset =
sizeof(PORT_MESSAGE) + sizeof(LRPC_RPC_HEADER);
}
}
CopyMessagePtr->LpcHeader.CallbackId = 0;
CopyMessagePtr->RpcHeader.Flags = LRPC_SYNC_CLIENT ;
CopyMessagePtr->LpcHeader.u1.s1.DataLength =
sizeof(LRPC_COPY_MESSAGE) - sizeof(PORT_MESSAGE);
CopyMessagePtr->LpcHeader.u1.s1.TotalLength =
sizeof(LRPC_COPY_MESSAGE);
CopyMessagePtr->RpcHeader.MessageType = LRPC_MSG_COPY;
CopyMessagePtr->RpcHeader.Pad = 0;
// zero out unused fields
RPCP_ZERO_OUT_STRUCT_TAIL (LRPC_RPC_HEADER, &CopyMessagePtr->RpcHeader, ProcedureNumber);
CopyMessagePtr->RpcHeader.PresentContext = 0;
CopyMessagePtr->IsPartial = 0 ;
// Make sure we can't be impersonated on the transport level if
// static identity tracking is being used.
ASSERT(CurrentBindingHandle != NULL);
if (CurrentBindingHandle->GetIdentityTracking() == RPC_C_QOS_IDENTITY_STATIC)
{
CopyMessagePtr->LpcHeader.u2.s2.Type |= LPC_NO_IMPERSONATE;
}
if (Association->LpcClientPort)
{
NtStatus = NtRequestWaitReplyPort(Association->LpcClientPort,
(PORT_MESSAGE *) CopyMessagePtr,
(PORT_MESSAGE *) CopyMessagePtr);
}
else
{
NtStatus = STATUS_INVALID_PORT_HANDLE;
}
if ((NT_ERROR(NtStatus))
|| (CopyMessagePtr->RpcStatus != RPC_S_OK))
{
RpcpFarFree(Message->Buffer);
return(RPC_S_OUT_OF_MEMORY);
}
}
else
{
fPartialResponse = FALSE;
if (LrpcResponse->Rpc.RpcHeader.Flags & LRPC_BUFFER_PARTIAL)
{
fPartialResponse = TRUE;
CallMutex.Request() ;
if ((RcvBufferLength >= LRPC_THRESHOLD_SIZE))
{
Choked = 1;
}
CallMutex.Clear() ;
}
else
{
Message->RpcFlags |= RPC_BUFFER_COMPLETE ;
}
Message->BufferLength = (unsigned int)
LrpcResponse->Rpc.Request.DataEntries[0].Size ;
Message->Buffer = RpcpFarAllocate(
Message->BufferLength);
if (Message->Buffer != NULL)
{
NtStatus = NtReadRequestData(LpcPort,
(PORT_MESSAGE*) LrpcResponse,
0,
Message->Buffer,
Message->BufferLength,
&NumberOfBytesRead) ;
if (NT_ERROR(NtStatus))
{
#if DBG
PrintToDebugger("LRPC: NtReadRequestData failed: %x\n", NtStatus) ;
#endif
Status = RPC_S_OUT_OF_MEMORY;
}
else
{
ASSERT(Message->BufferLength == NumberOfBytesRead);
}
}
else
{
Status = RPC_S_OUT_OF_MEMORY;
}
if (ARGUMENT_PRESENT(AckData) && fPartialResponse && (Status == RPC_S_OK))
{
// if pipe and delayed ack was asked for, and
// moreover the operation didn't fail
// just store the relevant data in the caller
// supplied data structure
AckData->DelayedAckPipeNeeded = TRUE;
AckData->CurrentStatus = Status;
}
else
{
Status2 = SendPipeAck(LpcPort,
LrpcResponse,
Status);
FreeMessage(LrpcResponse) ;
// if either operation failed, fail the whole function
// if both operations failed, the first one is considered
// the original failure and the error code from it is
// preserved
if ((Status == RPC_S_OK) && (Status2 != RPC_S_OK))
Status = Status2;
}
if ((Status != RPC_S_OK) && (Message->Buffer))
{
RpcpFarFree(Message->Buffer);
}
}
}
else
{
CORRUPTION_ASSERT((LrpcResponse->Rpc.RpcHeader.Flags & LRPC_BUFFER_IMMEDIATE)
|| (LrpcResponse->Rpc.RpcHeader.Flags & LRPC_BUFFER_SERVER));
return (RPC_S_PROTOCOL_ERROR);
}
return(Status);
}
RPC_STATUS
LRPC_CCALL::SendPipeAck (
IN HANDLE LpcPort,
IN LRPC_MESSAGE *LrpcResponse,
IN RPC_STATUS CurrentStatus
)
/*++
Routine Description:
Sends an acknowledgement to the server.
Arguments:
LpcPort - the port to send the ack to.
LrpcResponse - the response that we received from the server
CurrentStatus - the status up to the moment. It will
be sent to the server.
Return Value:
The result of the operation. RPC_S_OK for success
or RPC_S_* for error.
--*/
{
unsigned char MessageType;
RPC_STATUS RpcStatus = RPC_S_OK;
NTSTATUS NtStatus;
MessageType = LrpcResponse->Rpc.RpcHeader.MessageType ;
LrpcResponse->Ack.MessageType = LRPC_MSG_ACK ;
LrpcResponse->Ack.Shutup = (short) Choked ;
LrpcResponse->Ack.RpcStatus = CurrentStatus;
LrpcResponse->LpcHeader.u1.s1.DataLength = sizeof(LRPC_ACK_MESSAGE)
- sizeof(PORT_MESSAGE) ;
LrpcResponse->LpcHeader.u1.s1.TotalLength =
sizeof(LRPC_ACK_MESSAGE) ;
// setup the reply message
NtStatus = NtReplyPort(LpcPort,
(PORT_MESSAGE *) LrpcResponse) ;
LrpcResponse->Rpc.RpcHeader.MessageType = MessageType ;
if (NT_ERROR(NtStatus))
{
#if DBG
PrintToDebugger("LRPC: NtReplyPort failed: %x\n", NtStatus) ;
#endif
RpcStatus = RPC_S_OUT_OF_MEMORY;
}
return RpcStatus;
}
BOOL
LRPC_CCALL::TryWaitForCallToBecomeUnlocked (
BOOL *fUnlocked
)
/*++
Routine Description:
Checks if a call is unlocked. If the lock count
becomes 0, or if the lock count becomes 1 and this thread
is the last one with a lock, the call is considered unlocked.
In this case *fUnlocked is set to TRUE. Otherwise it is set to FALSE.
Return Value:
If fUnlocked == TRUE:
TRUE - the call has 1 outstanding lock count and the
LastProcessResponseTID is our TID. This means that we're
called from ProcessResponse (indirectly - through COM as
they complete the call on the thread that issues the
notification). If we return TRUE, we have already taken
the lock down and the caller should not remove any locks
FALSE - the call has no outstanding locks
If fUnlocked == FALSE
Undefined
--*/
{
ULONG CurrentThreadId = GetCurrentThreadId();
if (ResponseLockCount.GetInteger() == 0)
{
*fUnlocked = TRUE;
return FALSE;
}
else if ((ResponseLockCount.GetInteger() == 1)
&& (LastProcessResponseTID == CurrentThreadId))
{
// If our caller has an outstanding lock and we free the call
// with the lock held, zero out the count on their behalf.
// In our caller we will notify the ultimate caller so that it
// doesn't double take away the lock.
ResponseLockCount.SetInteger(0);
// the only outstanding lock is by us in our caller - process
// response. Indicate to the caller that only our lock is
// active and it has been taken down.
*fUnlocked = TRUE;
return TRUE;
}
*fUnlocked = FALSE;
// The return value is meaningless. Arbitrarily, return FALSE.
return FALSE;
}
void
LRPC_CCALL::FreeCCall (
)
/*++
Routine Description:
We are done with this client call. We need to notify the binding
handle we are done.
--*/
{
LRPC_BINDING_HANDLE * BindingHandle;
THREAD *Thread;
ASSERT(CurrentBindingHandle != 0);
BindingHandle = CurrentBindingHandle;
CurrentBindingHandle = 0;
if (CurrentSecurityContext)
{
CurrentSecurityContext->RemoveReference();
CurrentSecurityContext = 0;
}
// if async, and there is EEInfo,
// transfer the EEInfo from the call to
// the thread
if (EEInfo)
{
Thread = RpcpGetThreadPointer();
RpcpPurgeEEInfoFromThreadIfNecessary(Thread);
Thread->SetEEInfo(EEInfo);
EEInfo = NULL;
}
BindingHandle->FreeCCall(this);
}
void
LRPC_CCALL::ActuallyFreeBuffer (
IN void * Buffer
)
/*++
Routine Description:
Actually free a message buffer.
Arguments:
Buffer - Supplies the message buffer to be freed.
--*/
{
if (LpcReplyMessage && (Buffer == LpcReplyMessage->Rpc.Buffer))
{
FreeMessage(LpcReplyMessage) ;
LpcReplyMessage = 0;
}
else
{
if ((Buffer != LrpcMessage->Rpc.Buffer)
&& ((CachedLrpcMessage == 0)
|| (Buffer != CachedLrpcMessage->Rpc.Buffer)))
{
RpcpFarFree(Buffer);
}
}
}
RPC_STATUS
LRPC_CCALL::MakeServerCopyResponse (
)
/*++
Routine Description:
NtReadRequestData only works if the client has made a request. The client
wants to send a large buffer back as a response. We need to make a request
to the server so that it will copy the data.
Return Value:
RPC_S_OK - The server successfully copied the data.
RPC_S_OUT_OF_MEMORY - Insufficient memory is available to complete the
operation.
--*/
{
#if defined(BUILD_WOW6432)
char PushMessageBuffer[sizeof(LRPC_PUSH_MESSAGE) + 8];
LRPC_PUSH_MESSAGE *PushMessagePtr = (LRPC_PUSH_MESSAGE *) AlignPtr8(PushMessageBuffer);
#else
LRPC_PUSH_MESSAGE PushMessageBuffer;
LRPC_PUSH_MESSAGE *PushMessagePtr = &PushMessageBuffer;
#endif
NTSTATUS NtStatus;
SanitizeLpcHeader (&PushMessagePtr->LpcHeader);
PushMessagePtr->LpcHeader.u1.s1.TotalLength =
sizeof(LRPC_PUSH_MESSAGE);
PushMessagePtr->LpcHeader.u1.s1.DataLength =
sizeof(LRPC_PUSH_MESSAGE) - sizeof(PORT_MESSAGE);
PushMessagePtr->LpcHeader.ClientId = ClientIdToMsgClientId(ClientId);
PushMessagePtr->LpcHeader.MessageId = MessageId;
PushMessagePtr->LpcHeader.CallbackId = CallbackId ;
PushMessagePtr->LpcHeader.u2.s2.Type = LPC_REQUEST;
PushMessagePtr->RpcHeader.MessageType = LRPC_MSG_PUSH;
// initialize unused fields. Zero out from the pad in RpcHeader to
// the end of the containing LRPC_PUSH_MESSAGE
RPCP_ZERO_OUT_STRUCT_TAIL (LRPC_PUSH_MESSAGE, PushMessagePtr, RpcHeader.Pad);
PushMessagePtr->Response.CountDataEntries = 1;
PushMessagePtr->Response.DataEntries[0] =
LrpcMessage->Rpc.Request.DataEntries[0];
PushMessagePtr->LpcHeader.u2.s2.DataInfoOffset = sizeof(PORT_MESSAGE)
+ sizeof(LRPC_RPC_HEADER);
// Make sure we can't be impersonated on the transport level.
// A legitimate Lrpc server will never do this.
PushMessagePtr->LpcHeader.u2.s2.Type |= LPC_NO_IMPERSONATE;
if (Association->LpcClientPort)
{
NtStatus = NtRequestWaitReplyPort(Association->LpcClientPort,
(PORT_MESSAGE *) PushMessagePtr,
(PORT_MESSAGE *) PushMessagePtr);
}
else
{
NtStatus = STATUS_INVALID_PORT_HANDLE;
}
if (NT_ERROR(NtStatus))
{
// Assume that when the client tries to send the response it will
// fail as well, so just claim that everything worked.
#if DBG
if ((NtStatus != STATUS_NO_MEMORY)
&& (NtStatus != STATUS_INSUFFICIENT_RESOURCES))
{
PrintToDebugger("RPC : NtRequestWaitReplyPort : %lx\n", NtStatus);
ASSERT(0);
}
#endif // DBG
return(RPC_S_OK);
}
VALIDATE(PushMessagePtr->RpcStatus)
{
RPC_S_OK,
RPC_S_OUT_OF_MEMORY
} END_VALIDATE;
return(PushMessagePtr->RpcStatus);
}
BINDING_HANDLE *
LrpcCreateBindingHandle (
)
/*++
Routine Description:
We just need to create a new LRPC_BINDING_HANDLE. This routine is a
proxy for the new constructor to isolate the other modules.
--*/
{
LRPC_BINDING_HANDLE * BindingHandle;
RPC_STATUS Status = RPC_S_OK;
Status = InitializeLrpcIfNecessary() ;
if (Status != RPC_S_OK)
{
return 0 ;
}
BindingHandle = new LRPC_BINDING_HANDLE(&Status);
if (Status != RPC_S_OK)
{
delete BindingHandle;
return(0);
}
return(BindingHandle);
}
void
LRPC_CASSOCIATION::LrpcDeleteLingeringAssociations (
void
)
/*++
Routine Description:
Will attempt to clean up lingering LRPC associations.
Return Value:
--*/
{
BOOL fMutexTaken;
LRPC_CASSOCIATION *CurrentAssociation;
LRPC_CASSOCIATION *NextAssociation;
LRPC_CASSOCIATION *FirstAssociation;
DictionaryCursor cursor;
DWORD CurrentTickCount;
int Diff;
// if there are no lrpc associations, return
if (!GlobalLrpcServer)
return;
fMutexTaken = LrpcMutexTryRequest();
if (!fMutexTaken)
{
// we couldn't cleanup anything - restore the flag
if (!GarbageCollectionRequested)
GarbageCollectionRequested = TRUE;
return;
}
FirstAssociation = NULL;
CurrentTickCount = GetTickCount();
// need to walk the dictionary and clean up all associations with
// expired timeouts
LrpcAssociationDict->Reset(cursor);
while ((CurrentAssociation = LrpcAssociationDict->Next(cursor)) != 0)
{
if (CurrentAssociation->Linger.fAssociationLingered)
{
// this will work even for wrapped tick count
Diff = (int)(CurrentTickCount - CurrentAssociation->Linger.Timestamp);
if (Diff > 0)
{
#if defined (RPC_GC_AUDIT)
DbgPrintEx(77, DPFLTR_WARNING_LEVEL, "%d (0x%X) LRPC association gc'ed %d ms after expire\n",
GetCurrentProcessId(), GetCurrentProcessId(), Diff);
#endif
// enlink the expired associations to a list - we'll clean it up
// later
CurrentAssociation->NextAssociation = FirstAssociation;
FirstAssociation = CurrentAssociation;
LrpcAssociationDict->Delete(CurrentAssociation->AssociationDictKey);
// indicate to the other threads (needed once we release the mutex)
// that this association is being cleaned up and they cannot call
// Delete on it
CurrentAssociation->AssociationDictKey = -1;
LrpcLingeredAssociations --;
}
else
{
// this item hasn't expired yet - update the first gc time, and
// raise the GarbageCollectionRequested flag if necessary
if ((int)(CurrentAssociation->Linger.Timestamp - NextOneTimeCleanup) < 0)
{
// there is a race between this thread and threads calling
// GarbageCollectionNeeded. Those threads may overwrite the
// value we're about to write, which can result in delayed
// garbage collection for this value - that's ok.
NextOneTimeCleanup = CurrentAssociation->Linger.Timestamp;
}
if (!GarbageCollectionRequested)
GarbageCollectionRequested = TRUE;
}
}
}
LrpcMutexClear();
// destroy the associations at our leasure
CurrentAssociation = FirstAssociation;
while (CurrentAssociation != NULL)
{
NextAssociation = CurrentAssociation->NextAssociation;
CurrentAssociation->Delete();
CurrentAssociation = NextAssociation;
}
}
int
InitializeRpcProtocolLrpc (
)
/*++
Routine Description:
For each process, this routine will be called once. All initialization
will be done here.
Return Value:
Zero will be returned if initialization completes successfully,
otherwise, non-zero will be returned.
--*/
{
if (LrpcAssociationDict == 0)
{
LrpcAssociationDict = new LRPC_CASSOCIATION_DICT;
if (LrpcAssociationDict == 0)
{
return(1);
}
}
return(0);
}
RPC_STATUS
LrpcMapRpcStatus (
IN RPC_STATUS Status
)
/*++
Routine Description:
Some NTSTATUS codes need to be mapped into RPC_STATUS codes before being
returned as a fault code. We take care of doing that mapping in this
routine.
--*/
{
switch (Status)
{
case STATUS_INTEGER_DIVIDE_BY_ZERO :
return(RPC_S_ZERO_DIVIDE);
case STATUS_ACCESS_VIOLATION :
case STATUS_ILLEGAL_INSTRUCTION :
return(RPC_S_ADDRESS_ERROR);
case STATUS_FLOAT_DIVIDE_BY_ZERO :
return(RPC_S_FP_DIV_ZERO);
case STATUS_FLOAT_UNDERFLOW :
return(RPC_S_FP_UNDERFLOW);
case STATUS_FLOAT_OVERFLOW :
return(RPC_S_FP_OVERFLOW);
}
return(Status);
}