archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
6 Commits
1 Branch
0 Tags
2.0 GiB
Branch: master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
windows-xp/Source/XPSP1/NT/base/fs/rdr2/bowser/bowtdi.c

4190 lines
112 KiB
Raw Permalink Normal View History

Add source files
4 years ago
  1. /*++
  3. Copyright (c) 1990 Microsoft Corporation
  5. Module Name:
  7. bowtdi.c
  9. Abstract:
  11. This module implements all of the routines that interface with the TDI
  12. transport for NT
  14. Author:
  16. Larry Osterman (LarryO) 21-Jun-1990
  18. Revision History:
  20. 21-Jun-1990 LarryO
  22. Created
  24. --*/
  27. #include "precomp.h"
  28. #include <isnkrnl.h>
  29. #include <smbipx.h>
  30. #include <nbtioctl.h>
  31. #pragma hdrstop
  33. typedef struct _ENUM_TRANSPORTS_CONTEXT {
  34. PVOID OutputBuffer;
  35. PVOID OutputBufferEnd;
  36. PVOID LastOutputBuffer; // Points to the last entry in the list.
  37. ULONG OutputBufferSize;
  38. ULONG EntriesRead;
  39. ULONG TotalEntries;
  40. ULONG TotalBytesNeeded;
  41. ULONG_PTR OutputBufferDisplacement;
  42. } ENUM_TRANSPORTS_CONTEXT, *PENUM_TRANSPORTS_CONTEXT;
  44. NTSTATUS
  45. EnumerateTransportsWorker(
  46. IN PTRANSPORT Transport,
  47. IN OUT PVOID Ctx
  48. );
  50. VOID
  51. BowserFreeBrowserServerList (
  52. IN PWSTR *BrowserServerList,
  53. IN ULONG BrowserServerListLength
  54. );
  56. ERESOURCE
  57. BowserTransportDatabaseResource = {0};
  59. //
  60. // Code for tracking missing frees.
  61. //
  63. #define BR_ONE_D_STACK_SIZE 5
  64. typedef struct _BrOneD {
  65. ULONG NameAdded;
  66. ULONG NameFreed;
  67. ULONG NameAddFailed;
  68. ULONG NameFreeFailed;
  69. ULONG NameAddStack[BR_ONE_D_STACK_SIZE];
  70. ULONG NameFreeStack[BR_ONE_D_STACK_SIZE];
  71. } BR_ONE_D;
  72. BR_ONE_D BrOneD;
  74. //
  75. //
  76. // Forward definitions of local routines.
  77. //
  81. NTSTATUS
  82. BowserpTdiSetEventHandler (
  83. IN PDEVICE_OBJECT DeviceObject,
  84. IN PFILE_OBJECT FileObject,
  85. IN ULONG EventType,
  86. IN PVOID EventHandler,
  87. IN PVOID TransportName
  88. );
  91. NTSTATUS
  92. BowserDetermineProviderInformation(
  93. IN PUNICODE_STRING TransportName,
  94. OUT PTDI_PROVIDER_INFO ProviderInfo,
  95. OUT PULONG IpSubnetNumber
  96. );
  98. NTSTATUS
  99. UnbindTransportWorker(
  100. IN PTRANSPORT Transport,
  101. IN OUT PVOID Ctx
  102. );
  104. NTSTATUS
  105. BowserpTdiRemoveAddresses(
  106. IN PTRANSPORT Transport
  107. );
  109. VOID
  110. BowserDeleteTransport(
  111. IN PTRANSPORT Transport
  112. );
  114. VOID
  115. BowserpFreeTransport(
  116. IN PTRANSPORT Transport
  117. );
  121. NTSTATUS
  122. BowserSubmitTdiRequest (
  123. IN PFILE_OBJECT FileObject,
  124. IN PIRP Irp
  125. );
  128. NTSTATUS
  129. BowserCompleteTdiRequest (
  130. IN PDEVICE_OBJECT DeviceObject,
  131. IN PIRP Irp,
  132. IN PVOID Context
  133. );
  135. NTSTATUS
  136. CompleteSendDatagram (
  137. IN PDEVICE_OBJECT DeviceObject,
  138. IN PIRP Irp,
  139. IN PVOID Ctx
  140. );
  142. NTSTATUS
  143. BowserEnableIpxDatagramSocket(
  144. IN PTRANSPORT Transport
  145. );
  147. NTSTATUS
  148. BowserOpenNetbiosAddress(
  149. IN PPAGED_TRANSPORT_NAME PagedTransportName,
  150. IN PTRANSPORT Transport,
  151. IN PBOWSER_NAME Name
  152. );
  154. VOID
  155. BowserCloseNetbiosAddress(
  156. IN PTRANSPORT_NAME TransportName
  157. );
  159. VOID
  160. BowserCloseAllNetbiosAddresses(
  161. IN PTRANSPORT Transport
  162. );
  164. NTSTATUS
  165. BowserSendDatagram (
  166. IN PTRANSPORT Transport,
  167. IN PVOID RecipientAddress,
  168. IN DGRECEIVER_NAME_TYPE NameType,
  169. IN PVOID Buffer,
  170. IN ULONG BufferLength,
  171. IN BOOLEAN WaitForCompletion,
  172. IN PSTRING DestinationAddress OPTIONAL,
  173. IN BOOLEAN IsHostAnnouncment
  174. );
  176. NTSTATUS
  177. OpenIpxSocket (
  178. OUT PHANDLE Handle,
  179. OUT PFILE_OBJECT *FileObject,
  180. OUT PDEVICE_OBJECT *DeviceObject,
  181. IN PUNICODE_STRING DeviceName,
  182. IN USHORT Socket
  183. );
  185. NTSTATUS
  186. BowserIssueTdiAction (
  187. IN PDEVICE_OBJECT DeviceObject,
  188. IN PFILE_OBJECT FileObject,
  189. IN PVOID Action,
  190. IN ULONG ActionSize
  191. );
  193. NTSTATUS
  194. GetNetworkAddress (
  195. IN PTRANSPORT_NAME TransportName
  196. );
  198. #ifdef ALLOC_PRAGMA
  199. #pragma alloc_text(PAGE, BowserTdiAllocateTransport)
  200. #pragma alloc_text(PAGE, BowserUnbindFromAllTransports)
  201. #pragma alloc_text(PAGE, UnbindTransportWorker)
  202. #pragma alloc_text(PAGE, BowserFreeTransportByName)
  203. #pragma alloc_text(PAGE, BowserTransportFlags)
  204. #pragma alloc_text(PAGE, BowserEnumerateTransports)
  205. #pragma alloc_text(PAGE, EnumerateTransportsWorker)
  206. #pragma alloc_text(PAGE, BowserDereferenceTransport)
  207. #pragma alloc_text(PAGE, BowserCreateTransportName)
  208. #pragma alloc_text(PAGE, BowserpTdiRemoveAddresses)
  209. #pragma alloc_text(PAGE, BowserFindTransportName)
  210. #pragma alloc_text(PAGE, BowserFreeTransportName)
  211. #pragma alloc_text(PAGE, BowserDeleteTransport)
  212. #pragma alloc_text(PAGE, BowserpFreeTransport)
  213. #pragma alloc_text(PAGE, BowserpTdiSetEventHandler)
  214. #pragma alloc_text(PAGE, BowserBuildTransportAddress)
  215. #pragma alloc_text(PAGE, BowserUpdateProviderInformation)
  216. #pragma alloc_text(PAGE, BowserDetermineProviderInformation)
  217. #pragma alloc_text(PAGE, BowserFindTransport)
  218. #pragma alloc_text(PAGE, BowserForEachTransport)
  219. #pragma alloc_text(PAGE, BowserForEachTransportName)
  220. #pragma alloc_text(PAGE, BowserDeleteTransportNameByName)
  221. #pragma alloc_text(PAGE, BowserSubmitTdiRequest)
  222. #pragma alloc_text(PAGE, BowserSendDatagram)
  223. #pragma alloc_text(PAGE, BowserSendSecondClassMailslot)
  224. #pragma alloc_text(PAGE, BowserSendRequestAnnouncement)
  225. #pragma alloc_text(INIT, BowserpInitializeTdi)
  226. #pragma alloc_text(PAGE, BowserpUninitializeTdi)
  227. #pragma alloc_text(PAGE, BowserDereferenceTransportName)
  228. #pragma alloc_text(PAGE, BowserEnableIpxDatagramSocket)
  229. #pragma alloc_text(PAGE, BowserOpenNetbiosAddress)
  230. #pragma alloc_text(PAGE, BowserCloseNetbiosAddress)
  231. #pragma alloc_text(PAGE, BowserCloseAllNetbiosAddresses)
  232. #pragma alloc_text(PAGE, OpenIpxSocket)
  233. #pragma alloc_text(PAGE, BowserIssueTdiAction)
  235. #pragma alloc_text(PAGE4BROW, BowserCompleteTdiRequest)
  236. #pragma alloc_text(PAGE4BROW, CompleteSendDatagram)
  237. #endif
  239. //
  240. // Flag to indicate that a network isn't an IP network
  241. //
  242. #define BOWSER_NON_IP_SUBNET 0xFFFFFFFF
  245. NTSTATUS
  246. BowserTdiAllocateTransport (
  247. PUNICODE_STRING TransportName,
  248. PUNICODE_STRING EmulatedDomainName,
  249. PUNICODE_STRING EmulatedComputerName
  250. )
  252. /*++
  254. Routine Description:
  256. This routine will allocate a transport descriptor and bind the bowser
  257. to the transport.
  259. Arguments:
  261. TransportName - Supplies the name of the transport provider
  263. EmulatedDomainName - Supplies the name of the domain being emulated
  265. EmulatedComputerName - Supplies the name of the computer in the emulated domain.
  268. Return Value:
  270. NTSTATUS - Status of operation.
  272. --*/
  274. {
  275. NTSTATUS Status;
  276. PTRANSPORT NewTransport;
  277. BOOLEAN ResourceAcquired = FALSE;
  279. PAGED_CODE();
  281. // DbgBreakPoint();
  283. dlog(DPRT_TDI, ("%wZ: %wZ: BowserTdiAllocateTransport\n", EmulatedDomainName, TransportName));
  285. ExAcquireResourceExclusiveLite(&BowserTransportDatabaseResource, TRUE);
  286. ResourceAcquired = TRUE;
  289. NewTransport = BowserFindTransport(TransportName, EmulatedDomainName );
  290. dprintf(DPRT_REF, ("Called Find transport %lx from BowserTdiAllocateTransport.\n", NewTransport));
  292. if (NewTransport == NULL) {
  293. PLIST_ENTRY NameEntry;
  294. PPAGED_TRANSPORT PagedTransport = NULL;
  295. PCHAR Where;
  296. ULONG PagedTransportSize;
  298. //
  299. // Allocate and initialize the constant parts of the transport structure.
  300. //
  302. NewTransport = ALLOCATE_POOL(NonPagedPool, sizeof(TRANSPORT), POOL_TRANSPORT);
  304. if (NewTransport == NULL) {
  305. Status = STATUS_INSUFFICIENT_RESOURCES;
  307. goto ReturnStatus;
  308. }
  310. RtlZeroMemory( NewTransport, sizeof(TRANSPORT) );
  312. NewTransport->Signature = STRUCTURE_SIGNATURE_TRANSPORT;
  313. NewTransport->Size = sizeof(TRANSPORT);
  315. //
  316. // One reference for the rest of this procedure.
  317. //
  318. // We increment it later when we insert it in the global list.
  319. //
  320. NewTransport->ReferenceCount = 1;
  323. ExInitializeResourceLite(&NewTransport->BrowserServerListResource);
  325. KeInitializeEvent(&NewTransport->GetBackupListComplete, NotificationEvent, TRUE);
  327. ExInitializeResourceLite(&NewTransport->Lock);
  329. BowserInitializeIrpQueue(&NewTransport->BecomeBackupQueue);
  331. BowserInitializeIrpQueue(&NewTransport->BecomeMasterQueue);
  333. BowserInitializeIrpQueue(&NewTransport->FindMasterQueue);
  335. BowserInitializeIrpQueue(&NewTransport->WaitForMasterAnnounceQueue);
  337. BowserInitializeIrpQueue(&NewTransport->WaitForNewMasterNameQueue);
  339. BowserInitializeIrpQueue(&NewTransport->ChangeRoleQueue);
  341. BowserInitializeTimer(&NewTransport->ElectionTimer);
  343. BowserInitializeTimer(&NewTransport->FindMasterTimer);
  345. INITIALIZE_ANNOUNCE_DATABASE(NewTransport);
  349. //
  350. // Allocate and initialize the constant parts of the paged transport structure.
  351. //
  353. PagedTransportSize =sizeof(PAGED_TRANSPORT) +
  354. max(sizeof(TA_IPX_ADDRESS), sizeof(TA_NETBIOS_ADDRESS)) +
  355. sizeof(WCHAR) + // alignment
  356. (LM20_CNLEN+1)*sizeof(WCHAR) +
  357. TransportName->Length + sizeof(WCHAR);
  360. PagedTransport = NewTransport->PagedTransport =
  361. ALLOCATE_POOL(PagedPool, PagedTransportSize, POOL_PAGED_TRANSPORT);
  363. if (PagedTransport == NULL) {
  364. Status = STATUS_INSUFFICIENT_RESOURCES;
  366. goto ReturnStatus;
  367. }
  369. RtlZeroMemory( PagedTransport, PagedTransportSize );
  371. PagedTransport->NonPagedTransport = NewTransport;
  374. PagedTransport->Signature = STRUCTURE_SIGNATURE_PAGED_TRANSPORT;
  375. PagedTransport->Size = sizeof(PAGED_TRANSPORT);
  377. InitializeListHead(&PagedTransport->GlobalNext);
  378. InitializeListHead(&PagedTransport->NameChain);
  380. PagedTransport->Role = None;
  382. PagedTransport->IpSubnetNumber = BOWSER_NON_IP_SUBNET;
  384. PagedTransport->DisabledTransport = TRUE;
  385. PagedTransport->PointToPoint = FALSE;
  388. RtlInitializeGenericTable(&PagedTransport->AnnouncementTable,
  389. BowserCompareAnnouncement,
  390. BowserAllocateAnnouncement,
  391. BowserFreeAnnouncement,
  392. NULL);
  394. RtlInitializeGenericTable(&PagedTransport->DomainTable,
  395. BowserCompareAnnouncement,
  396. BowserAllocateAnnouncement,
  397. BowserFreeAnnouncement,
  398. NULL);
  400. InitializeListHead(&PagedTransport->BackupBrowserList);
  402. PagedTransport->NumberOfBackupServerListEntries = 0;
  405. // Put the MasterBrowserAddress at the end of the allocated buffer
  406. Where = (PCHAR)(PagedTransport+1);
  407. PagedTransport->MasterBrowserAddress.Buffer = Where;
  408. PagedTransport->MasterBrowserAddress.MaximumLength = max(sizeof(TA_IPX_ADDRESS),
  409. sizeof(TA_NETBIOS_ADDRESS));
  410. Where += PagedTransport->MasterBrowserAddress.MaximumLength;
  413. // Put the MasterName at the end of the allocated buffer
  414. Where = ROUND_UP_POINTER( Where, ALIGN_WCHAR );
  415. PagedTransport->MasterName.Buffer = (LPWSTR) Where;
  416. PagedTransport->MasterName.MaximumLength = (LM20_CNLEN+1)*sizeof(WCHAR);
  417. Where += PagedTransport->MasterName.MaximumLength;
  420. // Put the TransportName at the end of the allocated buffer
  421. PagedTransport->TransportName.Buffer = (LPWSTR) Where;
  422. PagedTransport->TransportName.MaximumLength = TransportName->Length + sizeof(WCHAR);
  423. RtlCopyUnicodeString(&PagedTransport->TransportName, TransportName);
  424. Where += PagedTransport->TransportName.MaximumLength;
  427. //
  428. // Make this transport a part of a domain.
  429. //
  431. NewTransport->DomainInfo = BowserCreateDomain( EmulatedDomainName, EmulatedComputerName );
  433. if ( NewTransport->DomainInfo == NULL ) {
  434. Status = STATUS_INSUFFICIENT_RESOURCES;
  435. goto ReturnStatus;
  436. }
  438. //
  439. // Get info from the provider
  440. // (e.g., RAS, Wannish, DatagramSize)
  442. Status= BowserUpdateProviderInformation( PagedTransport );
  444. if (!NT_SUCCESS(Status)) {
  445. goto ReturnStatus;
  446. }
  448. PagedTransport->Flags = 0;
  451. //
  452. // We ignore any and all errors that occur when we open the IPX socket.
  453. //
  456. //
  457. // Open the IPX mailslot socket.
  458. //
  460. Status = OpenIpxSocket(
  461. &PagedTransport->IpxSocketHandle,
  462. &NewTransport->IpxSocketFileObject,
  463. &NewTransport->IpxSocketDeviceObject,
  464. &PagedTransport->TransportName,
  465. SMB_IPX_MAILSLOT_SOCKET
  466. );
  468. if ( NT_SUCCESS(Status) ) {
  469. PagedTransport->Flags |= DIRECT_HOST_IPX;
  470. // We'll use type 20 packets to increase the reach of broadcasts
  471. // so don't treat this as a wannish protocol.
  472. PagedTransport->Wannish = FALSE;
  473. }
  475. //
  476. // Create the names for this transport.
  477. // (Only if the caller asked us to)
  478. //
  479. // Being in the global list constitutes a reference.
  480. //
  482. InsertTailList(&BowserTransportHead, &PagedTransport->GlobalNext);
  483. BowserReferenceTransport( NewTransport );
  485. //
  486. // The names are added asynchronously in other threads that require this
  487. // resource.
  488. //
  489. if ( ResourceAcquired ) {
  490. ExReleaseResourceLite(&BowserTransportDatabaseResource);
  491. ResourceAcquired = FALSE;
  492. }
  494. Status = BowserAddDefaultNames( NewTransport, NULL );
  496. if ( !NT_SUCCESS(Status) ) {
  497. goto ReturnStatus;
  498. }
  501. //
  502. // Start receiving broadcasts on IPX now that the names exist.
  503. //
  505. if ( PagedTransport->Flags & DIRECT_HOST_IPX ) {
  506. //
  507. // Acquire the lock while referencing IpxSocket*
  508. ExAcquireResourceExclusiveLite(&BowserTransportDatabaseResource, TRUE);
  509. ResourceAcquired = TRUE;
  510. BowserEnableIpxDatagramSocket(NewTransport);
  511. }
  513. //
  514. // Notify services that this transport is now bound
  515. //
  517. BowserSendPnp( NlPnpTransportBind,
  518. NULL, // All hosted domains
  519. &PagedTransport->TransportName,
  520. BowserTransportFlags(PagedTransport) );
  522. }
  524. Status = STATUS_SUCCESS;
  526. ReturnStatus:
  528. if ( ResourceAcquired ) {
  529. ExReleaseResourceLite(&BowserTransportDatabaseResource);
  530. }
  532. if (!NT_SUCCESS(Status)) {
  534. //
  535. // Delete the transport.
  536. //
  538. if ( NewTransport != NULL ) {
  539. // Remove the global reference if in global list
  540. BowserDeleteTransport (NewTransport);
  541. }
  543. }
  545. // Remove the local reference
  546. if ( NewTransport != NULL ) {
  547. BowserDereferenceTransport( NewTransport );
  548. }
  550. return Status;
  551. }
  553. NTSTATUS
  554. BowserUnbindFromAllTransports(
  555. VOID
  556. )
  557. {
  558. NTSTATUS Status;
  560. PAGED_CODE();
  561. Status = BowserForEachTransport(UnbindTransportWorker, NULL);
  563. #if DBG
  564. if (NT_SUCCESS(Status)) {
  565. ASSERT (IsListEmpty(&BowserTransportHead));
  566. }
  567. #endif
  568. return Status;
  569. }
  572. NTSTATUS
  573. UnbindTransportWorker(
  574. IN PTRANSPORT Transport,
  575. IN OUT PVOID Ctx
  576. )
  577. /*++
  579. Routine Description:
  581. This routine is the worker routine for BowserUnbindFromAllTransports.
  583. Arguments:
  585. None.
  587. Return Value:
  589. None.
  591. --*/
  592. {
  593. PAGED_CODE();
  595. //
  596. // Dereference the reference caused by the transport bind.
  597. //
  599. BowserDeleteTransport(Transport);
  601. //
  602. // Return success. We're done.
  603. //
  605. return(STATUS_SUCCESS);
  607. UNREFERENCED_PARAMETER(Ctx);
  608. }
  613. NTSTATUS
  614. BowserFreeTransportByName (
  615. IN PUNICODE_STRING TransportName,
  616. IN PUNICODE_STRING EmulatedDomainName
  617. )
  619. /*++
  621. Routine Description:
  623. This routine will deallocate an allocated transport
  625. Arguments:
  627. TransportName - Supplies a pointer to the name of the transport to free
  629. EmulatedDomainName - Name of the emulated domain whose transport is to be freed
  631. Return Value:
  633. None.
  635. --*/
  636. {
  637. PTRANSPORT Transport;
  639. PAGED_CODE();
  640. dlog(DPRT_TDI, ("%wZ: %wZ: BowserFreeTransportByName: Remove transport\n", EmulatedDomainName, TransportName));
  642. Transport = BowserFindTransport(TransportName, EmulatedDomainName );
  643. dprintf(DPRT_REF, ("Called Find transport %lx from BowserFreeTransportByName.\n", Transport));
  645. if (Transport == NULL) {
  647. return STATUS_OBJECT_NAME_NOT_FOUND;
  648. }
  650. //
  651. // Remove the reference from the binding.
  652. //
  654. BowserDeleteTransport(Transport);
  656. //
  657. // Remove the reference from the FindTransport.
  658. //
  660. BowserDereferenceTransport(Transport);
  662. return STATUS_SUCCESS;
  663. }
  666. NTSTATUS
  667. BowserEnumerateTransports (
  668. OUT PVOID OutputBuffer,
  669. OUT ULONG OutputBufferLength,
  670. IN OUT PULONG EntriesRead,
  671. IN OUT PULONG TotalEntries,
  672. IN OUT PULONG TotalBytesNeeded,
  673. IN ULONG_PTR OutputBufferDisplacement)
  674. /*++
  676. Routine Description:
  678. This routine will enumerate the servers in the bowsers current announcement
  679. table.
  681. Arguments:
  683. IN ULONG ServerTypeMask - Mask of servers to return.
  684. IN PUNICODE_STRING DomainName OPTIONAL - Domain to filter (all if not specified)
  685. OUT PVOID OutputBuffer - Buffer to fill with server info.
  686. IN ULONG OutputBufferSize - Filled in with size of buffer.
  687. OUT PULONG EntriesRead - Filled in with the # of entries returned.
  688. OUT PULONG TotalEntries - Filled in with the total # of entries.
  689. OUT PULONG TotalBytesNeeded - Filled in with the # of bytes needed.
  691. Return Value:
  693. None.
  695. --*/
  697. {
  698. PVOID OutputBufferEnd;
  699. NTSTATUS Status;
  700. ENUM_TRANSPORTS_CONTEXT Context;
  701. PDOMAIN_INFO DomainInfo = NULL;
  702. PAGED_CODE();
  704. OutputBufferEnd = (PCHAR)OutputBuffer+OutputBufferLength;
  706. Context.EntriesRead = 0;
  707. Context.TotalEntries = 0;
  708. Context.TotalBytesNeeded = 0;
  710. try {
  711. Context.OutputBufferSize = OutputBufferLength;
  712. Context.OutputBuffer = OutputBuffer;
  713. Context.OutputBufferDisplacement = OutputBufferDisplacement;
  714. Context.OutputBufferEnd = OutputBufferEnd;
  715. Context.LastOutputBuffer = OutputBuffer;
  717. dlog(DPRT_FSCTL, ("Enumerate Transports: Buffer: %lx, BufferSize: %lx, BufferEnd: %lx\n",
  718. OutputBuffer, OutputBufferLength, OutputBufferEnd));
  720. try {
  721. //
  722. // Find the primary domain.
  723. //
  724. // This call is intended to return the actual transport names and not the
  725. // network structure which are duplicated for each emulated domain.
  726. //
  728. DomainInfo = BowserFindDomain( NULL );
  729. // Failure case handled below
  731. //
  732. // Enumerate the transports.
  733. //
  734. if ( DomainInfo != NULL ) {
  735. Status = BowserForEachTransportInDomain( DomainInfo, EnumerateTransportsWorker, &Context);
  736. }
  738. *EntriesRead = Context.EntriesRead;
  739. *TotalEntries = Context.TotalEntries;
  740. *TotalBytesNeeded = Context.TotalBytesNeeded;
  742. if (*EntriesRead != 0) {
  743. ((PLMDR_TRANSPORT_LIST )Context.LastOutputBuffer)->NextEntryOffset = 0;
  744. }
  746. dlog(DPRT_FSCTL, ("TotalEntries: %lx EntriesRead: %lx, TotalBytesNeeded: %lx\n", *TotalEntries, *EntriesRead, *TotalBytesNeeded));
  748. if (*EntriesRead == *TotalEntries) {
  749. try_return(Status = STATUS_SUCCESS);
  750. } else {
  751. try_return(Status = STATUS_MORE_ENTRIES);
  752. }
  753. try_exit:NOTHING;
  754. } finally {
  755. if ( DomainInfo != NULL ) {
  756. BowserDereferenceDomain( DomainInfo );
  757. }
  758. }
  759. }
  760. except ( BR_EXCEPTION ) {
  761. Status = GetExceptionCode();
  762. }
  764. return Status;
  766. }
  768. ULONG
  769. BowserTransportFlags(
  770. IN PPAGED_TRANSPORT PagedTransport
  771. )
  772. /*++
  774. Routine Description:
  776. Return the user mode transport flags for this transport.
  778. Arguments:
  780. PageTransport - Transport to return the flags for.
  782. Return Value:
  785. The appropriate of the following flags:
  786. LMDR_TRANSPORT_WANNISH
  787. LMDR_TRANSPORT_RAS
  788. LMDR_TRANSPORT_IPX
  790. --*/
  791. {
  792. ULONG TransportFlags = 0;
  793. PAGED_CODE();
  795. if (PagedTransport->Wannish) {
  796. TransportFlags |= LMDR_TRANSPORT_WANNISH;
  797. }
  799. if (PagedTransport->IsPrimaryDomainController) {
  800. TransportFlags |= LMDR_TRANSPORT_PDC;
  801. }
  803. if (PagedTransport->PointToPoint) {
  804. TransportFlags |= LMDR_TRANSPORT_RAS;
  805. }
  807. if (PagedTransport->Flags & DIRECT_HOST_IPX) {
  808. TransportFlags |= LMDR_TRANSPORT_IPX;
  809. }
  811. return TransportFlags;
  812. }
  815. NTSTATUS
  816. EnumerateTransportsWorker(
  817. IN PTRANSPORT Transport,
  818. IN OUT PVOID Ctx
  819. )
  820. /*++
  822. Routine Description:
  824. This routine is the worker routine for BowserEnumerateTransports.
  826. It is called for each of the serviced transports in the bowser and
  827. returns the size needed to enumerate the servers received on each transport.
  829. Arguments:
  831. None.
  833. Return Value:
  836. None.
  838. --*/
  839. {
  840. PENUM_TRANSPORTS_CONTEXT Context = Ctx;
  841. PPAGED_TRANSPORT PagedTransport = Transport->PagedTransport;
  842. ULONG SizeNeeded = sizeof(LMDR_TRANSPORT_LIST);
  844. PAGED_CODE();
  846. SizeNeeded += PagedTransport->TransportName.Length+sizeof(WCHAR);
  847. SizeNeeded = ROUND_UP_COUNT(SizeNeeded,ALIGN_DWORD);
  849. Context->TotalEntries += 1;
  851. if ((ULONG_PTR)Context->OutputBufferEnd - (ULONG_PTR)Context->OutputBuffer > SizeNeeded) {
  852. PLMDR_TRANSPORT_LIST TransportEntry = (PLMDR_TRANSPORT_LIST)Context->OutputBuffer;
  854. Context->LastOutputBuffer = Context->OutputBuffer;
  856. Context->EntriesRead += 1;
  858. RtlCopyMemory(TransportEntry->TransportName, PagedTransport->TransportName.Buffer, PagedTransport->TransportName.Length+sizeof(WCHAR));
  860. //
  861. // Null terminate the transport name.
  862. //
  864. TransportEntry->TransportName[PagedTransport->TransportName.Length/sizeof(WCHAR)] = '\0';
  866. TransportEntry->TransportNameLength = PagedTransport->TransportName.Length;
  868. TransportEntry->Flags |= BowserTransportFlags( PagedTransport );
  870. TransportEntry->NextEntryOffset = SizeNeeded;
  871. (PUCHAR)(Context->OutputBuffer) += SizeNeeded;
  872. }
  874. Context->TotalBytesNeeded += SizeNeeded;
  875. return(STATUS_SUCCESS);
  877. }
  879. VOID
  880. BowserReferenceTransport(
  881. IN PTRANSPORT Transport
  882. )
  883. {
  885. InterlockedIncrement(&Transport->ReferenceCount);
  886. dprintf(DPRT_REF, ("Reference transport %lx. Count now %lx\n", Transport, Transport->ReferenceCount));
  888. }
  890. VOID
  891. BowserDereferenceTransport(
  892. IN PTRANSPORT Transport
  893. )
  894. {
  895. LONG Result;
  896. PAGED_CODE();
  898. ExAcquireResourceExclusiveLite(&BowserTransportDatabaseResource, TRUE);
  901. if (Transport->ReferenceCount == 0) {
  902. InternalError(("Transport Reference Count mismatch\n"));
  903. }
  905. Result = InterlockedDecrement(&Transport->ReferenceCount);
  908. dlog(DPRT_REF, ("Dereference transport %lx. Count now %lx\n", Transport, Transport->ReferenceCount));
  910. if (Result == 0) {
  911. //
  912. // And free up the transport itself.
  913. //
  915. BowserpFreeTransport(Transport);
  916. }
  918. ExReleaseResourceLite(&BowserTransportDatabaseResource);
  920. }
  924. NTSTATUS
  925. BowserCreateTransportName (
  926. IN PTRANSPORT Transport,
  927. IN PBOWSER_NAME Name
  928. )
  930. /*++
  932. Routine Description:
  934. This routine creates a transport address object.
  936. Arguments:
  938. IN PTRANSPORT Transport - Supplies a transport structure describing the
  939. transport address object to be created.
  942. Return Value:
  944. NTSTATUS - Status of resulting operation.
  946. --*/
  948. {
  949. NTSTATUS Status = STATUS_SUCCESS;
  950. PTRANSPORT_NAME TransportName = NULL;
  951. PPAGED_TRANSPORT_NAME PagedTransportName = NULL;
  952. PPAGED_TRANSPORT PagedTransport = Transport->PagedTransport;
  953. BOOLEAN ResourceAcquired = FALSE;
  955. PAGED_CODE();
  956. ASSERT(Transport->Signature == STRUCTURE_SIGNATURE_TRANSPORT);
  958. dlog(DPRT_TDI,
  959. ("%s: %ws: BowserCreateTransportName. Name %wZ (%ld)\n",
  960. Transport->DomainInfo->DomOemDomainName,
  961. PagedTransport->TransportName.Buffer,
  962. &Name->Name,
  963. Name->NameType ));
  965. //
  966. // Link the transport_name structure into the transport list.
  967. //
  969. ExAcquireResourceExclusiveLite(&BowserTransportDatabaseResource, TRUE);
  971. ResourceAcquired = TRUE;
  973. TransportName = BowserFindTransportName(Transport, Name);
  975. if (TransportName != NULL) {
  977. ExReleaseResourceLite(&BowserTransportDatabaseResource);
  979. return(STATUS_SUCCESS);
  980. }
  982. #ifdef notdef
  983. //
  984. // Simply don't allocate certain names if the transport is disabled
  985. //
  987. if ( PagedTransport->DisabledTransport ) {
  988. if ( Name->NameType == PrimaryDomainBrowser ) {
  989. ExReleaseResourceLite(&BowserTransportDatabaseResource);
  990. return STATUS_SUCCESS;
  991. }
  992. }
  993. #endif // notdef
  995. // s.b. assertion that we're attached to the system process
  996. // ASSERT (IoGetCurrentProcess() == BowserFspProcess);
  998. //
  999. // Allocate a structure to refer to this name on the transport
  1000. //
  1002. TransportName = ALLOCATE_POOL(NonPagedPool, sizeof(TRANSPORT_NAME) +
  1003. max(sizeof(TA_NETBIOS_ADDRESS),
  1004. sizeof(TA_IPX_ADDRESS)), POOL_TRANSPORTNAME);
  1006. if (TransportName == NULL) {
  1007. Status = STATUS_INSUFFICIENT_RESOURCES;
  1009. goto error_cleanup;
  1010. }
  1012. TransportName->PagedTransportName = PagedTransportName =
  1013. ALLOCATE_POOL(PagedPool,
  1014. sizeof(PAGED_TRANSPORT_NAME),
  1015. POOL_PAGED_TRANSPORTNAME);
  1017. if (PagedTransportName == NULL) {
  1018. FREE_POOL( TransportName );
  1019. TransportName = NULL;
  1020. Status = STATUS_INSUFFICIENT_RESOURCES;
  1022. goto error_cleanup;
  1023. }
  1025. TransportName->Signature = STRUCTURE_SIGNATURE_TRANSPORTNAME;
  1027. TransportName->Size = sizeof(TRANSPORT_NAME);
  1029. TransportName->PagedTransportName = PagedTransportName;
  1031. // This TransportName is considered to be referenced by the transport via
  1032. // Transport->PagedTransport->NameChain. The Name->NameChain isn't
  1033. // considered to be a reference.
  1034. //
  1035. // The second reference is a local reference for the lifetime of this routine.
  1036. //
  1037. TransportName->ReferenceCount = 2;
  1039. PagedTransportName->NonPagedTransportName = TransportName;
  1041. PagedTransportName->Signature = STRUCTURE_SIGNATURE_PAGED_TRANSPORTNAME;
  1043. PagedTransportName->Size = sizeof(PAGED_TRANSPORT_NAME);
  1045. PagedTransportName->Name = Name;
  1047. BowserReferenceName(Name);
  1049. TransportName->Transport = Transport;
  1051. // Don't reference the Transport. When the transport is unbound, we'll
  1052. // make sure all the transport names are removed first.
  1053. // BowserReferenceTransport(Transport);
  1055. PagedTransportName->Handle = NULL;
  1057. TransportName->FileObject = NULL;
  1059. TransportName->DeviceObject = NULL;
  1061. InsertHeadList(&Transport->PagedTransport->NameChain, &PagedTransportName->TransportNext);
  1063. InsertHeadList(&Name->NameChain, &PagedTransportName->NameNext);
  1065. //
  1066. // If this is an OTHERDOMAIN, we want to process host announcements for
  1067. // the domain, if it isn't, we want to wait until we become a master.
  1068. //
  1070. if (Name->NameType == OtherDomain) {
  1072. BowserReferenceDiscardableCode( BowserDiscardableCodeSection );
  1074. DISCARDABLE_CODE( BowserDiscardableCodeSection );
  1076. TransportName->ProcessHostAnnouncements = TRUE;
  1077. } else {
  1078. TransportName->ProcessHostAnnouncements = FALSE;
  1079. }
  1081. //
  1082. // If this name is one of our special names, we want to remember it in
  1083. // the transport block.
  1084. //
  1086. switch (Name->NameType) {
  1087. case ComputerName:
  1088. Transport->ComputerName = TransportName;
  1089. break;
  1091. case PrimaryDomain:
  1092. //
  1093. // During domain rename we can temporarily have two primary names assigned.
  1094. // keep track of both names.
  1095. //
  1096. if ( Transport->PrimaryDomain != NULL ) {
  1097. ASSERT( Transport->AltPrimaryDomain == NULL );
  1098. Transport->AltPrimaryDomain = Transport->PrimaryDomain;
  1099. }
  1100. Transport->PrimaryDomain = TransportName;
  1101. break;
  1104. case MasterBrowser:
  1105. Transport->MasterBrowser = TransportName;
  1106. break;
  1108. case BrowserElection:
  1109. Transport->BrowserElection = TransportName;
  1110. break;
  1112. case PrimaryDomainBrowser:
  1113. PagedTransport->IsPrimaryDomainController = TRUE;
  1115. //
  1116. // Notify services we are now a PDC.
  1117. //
  1119. BowserSendPnp(
  1120. NlPnpNewRole,
  1121. &Transport->DomainInfo->DomUnicodeDomainName,
  1122. &Transport->PagedTransport->TransportName,
  1123. BowserTransportFlags(Transport->PagedTransport) );
  1125. break;
  1126. }
  1128. TransportName->TransportAddress.Buffer = (PCHAR)(TransportName+1);
  1129. TransportName->TransportAddress.MaximumLength = max(sizeof(TA_NETBIOS_ADDRESS),
  1130. sizeof(TA_IPX_ADDRESS));
  1132. //
  1133. // Figure out what this name is, so we can match against it when
  1134. // a datagram is received.
  1135. //
  1137. Status = BowserBuildTransportAddress(&TransportName->TransportAddress, &Name->Name, Name->NameType, Transport);
  1139. if (!NT_SUCCESS(Status)) {
  1140. goto error_cleanup;
  1141. }
  1143. TransportName->NameType = (CHAR)Name->NameType;
  1145. #if DBG
  1146. if (Name->NameType == MasterBrowser) {
  1147. //
  1148. // make sure that we never become a master without locking the discardable code.
  1149. //
  1151. DISCARDABLE_CODE( BowserDiscardableCodeSection );
  1152. }
  1153. #endif
  1155. ExReleaseResourceLite(&BowserTransportDatabaseResource);
  1157. ResourceAcquired = FALSE;
  1159. //
  1160. // On non direct host IPX transports, we need to add the name now.
  1161. //
  1163. if (!FlagOn(Transport->PagedTransport->Flags, DIRECT_HOST_IPX)) {
  1164. Status = BowserOpenNetbiosAddress(PagedTransportName, Transport, Name);
  1166. if (!NT_SUCCESS(Status)) {
  1167. goto error_cleanup;
  1168. }
  1169. }
  1171. error_cleanup:
  1172. if ( !NT_SUCCESS(Status) ) {
  1173. dlog(DPRT_TDI,
  1174. ("%s: %ws: BowserCreateTransportName fail. Name %wZ (%ld) Status:%lx\n",
  1175. Transport->DomainInfo->DomOemDomainName,
  1176. PagedTransport->TransportName.Buffer,
  1177. &Name->Name,
  1178. Name->NameType,
  1179. Status ));
  1181. //
  1182. // Remove Transport->PagedTransport->NameChain reference
  1183. // (Unless another routine already has done that behind our back)
  1184. //
  1185. if (TransportName != NULL) {
  1186. if ( PagedTransportName->TransportNext.Flink != NULL ) {
  1187. BowserDereferenceTransportName(TransportName);
  1188. }
  1189. }
  1190. }
  1192. // Remove the local reference
  1193. if (TransportName != NULL) {
  1194. BowserDereferenceTransportName(TransportName);
  1195. }
  1197. if (ResourceAcquired) {
  1198. ExReleaseResourceLite(&BowserTransportDatabaseResource);
  1199. }
  1203. return Status;
  1204. }
  1206. NTSTATUS
  1207. BowserOpenNetbiosAddress(
  1208. IN PPAGED_TRANSPORT_NAME PagedTransportName,
  1209. IN PTRANSPORT Transport,
  1210. IN PBOWSER_NAME Name
  1211. )
  1212. {
  1213. NTSTATUS Status;
  1214. PFILE_FULL_EA_INFORMATION EABuffer = NULL;
  1215. PTRANSPORT_NAME TransportName = PagedTransportName->NonPagedTransportName;
  1216. OBJECT_ATTRIBUTES AddressAttributes;
  1217. IO_STATUS_BLOCK IoStatusBlock;
  1218. HANDLE Handle = NULL;
  1219. PFILE_OBJECT FileObject = NULL;
  1220. PDEVICE_OBJECT DeviceObject;
  1222. PAGED_CODE( );
  1224. try {
  1225. //
  1226. // Now create the address object for this name.
  1227. //
  1229. EABuffer = ALLOCATE_POOL(PagedPool,
  1230. sizeof(FILE_FULL_EA_INFORMATION)-1 +
  1231. TDI_TRANSPORT_ADDRESS_LENGTH + 1 +
  1232. max(sizeof(TA_NETBIOS_EX_ADDRESS), sizeof(TA_NETBIOS_ADDRESS)),
  1233. POOL_EABUFFER);
  1236. if (EABuffer == NULL) {
  1237. try_return(Status = STATUS_INSUFFICIENT_RESOURCES)
  1239. }
  1241. EABuffer->NextEntryOffset = 0;
  1242. EABuffer->Flags = 0;
  1243. EABuffer->EaNameLength = TDI_TRANSPORT_ADDRESS_LENGTH;
  1245. RtlCopyMemory(EABuffer->EaName, TdiTransportAddress, EABuffer->EaNameLength+1);
  1247. EABuffer->EaValueLength = sizeof(TA_NETBIOS_ADDRESS);
  1249. ASSERT (TransportName->TransportAddress.Length == sizeof(TA_NETBIOS_ADDRESS));
  1250. RtlCopyMemory( &EABuffer->EaName[TDI_TRANSPORT_ADDRESS_LENGTH+1],
  1251. TransportName->TransportAddress.Buffer,
  1252. EABuffer->EaValueLength );
  1254. dlog(DPRT_TDI,
  1255. ("%s: %ws: Create endpoint of %wZ (%ld) @(%lx)\n",
  1256. Transport->DomainInfo->DomOemDomainName,
  1257. Transport->PagedTransport->TransportName.Buffer,
  1258. &PagedTransportName->Name->Name,
  1259. PagedTransportName->Name->NameType,
  1260. TransportName));
  1262. InitializeObjectAttributes (&AddressAttributes,
  1263. &Transport->PagedTransport->TransportName, // Name
  1264. OBJ_CASE_INSENSITIVE,// Attributes
  1265. NULL, // RootDirectory
  1266. NULL); // SecurityDescriptor
  1268. Status = IoCreateFile( &Handle, // Handle
  1269. GENERIC_READ | GENERIC_WRITE | SYNCHRONIZE,
  1270. &AddressAttributes, // Object Attributes
  1271. &IoStatusBlock, // Final I/O status block
  1272. NULL, // Allocation Size
  1273. FILE_ATTRIBUTE_NORMAL, // Normal attributes
  1274. FILE_SHARE_READ,// Sharing attributes
  1275. FILE_OPEN_IF, // Create disposition
  1276. 0, // CreateOptions
  1277. EABuffer, // EA Buffer
  1278. FIELD_OFFSET(FILE_FULL_EA_INFORMATION, EaName) +
  1279. TDI_TRANSPORT_ADDRESS_LENGTH + 1 +
  1280. sizeof(TA_NETBIOS_ADDRESS), // EA length
  1281. CreateFileTypeNone,
  1282. NULL,
  1283. IO_NO_PARAMETER_CHECKING | // All of the buffers are kernel buffers
  1284. IO_CHECK_CREATE_PARAMETERS);// But double check parameter consistancy
  1286. FREE_POOL(EABuffer);
  1288. EABuffer = NULL;
  1290. if (!NT_SUCCESS(Status)) {
  1292. try_return(Status);
  1294. }
  1296. if (!NT_SUCCESS(Status = IoStatusBlock.Status)) {
  1298. try_return(Status);
  1300. }
  1302. //
  1303. // Obtain a referenced pointer to the file object.
  1304. //
  1305. Status = ObReferenceObjectByHandle (
  1306. Handle,
  1307. 0,
  1308. *IoFileObjectType,
  1309. KernelMode,
  1310. (PVOID *)&FileObject,
  1311. NULL
  1312. );
  1314. if (!NT_SUCCESS(Status)) {
  1315. try_return(Status);
  1316. }
  1320. //
  1321. // Get another reference that lasts for the life of the TransportName
  1322. //
  1323. ObReferenceObject( FileObject );
  1325. //
  1326. // Get the address of the device object for the endpoint.
  1327. //
  1328. DeviceObject = IoGetRelatedDeviceObject( FileObject );
  1330. //
  1331. // Note: due to bug 140751 we'll first set nbt's handler
  1332. // to get it going & only then we would asign the handles
  1333. // to the global structure. This is in order to prevent
  1334. // execution of BowserCloseNetbiosAddress before setting
  1335. // this handler. Otherwise, we can end up using closed
  1336. // handles.
  1337. //
  1339. //
  1340. // Enable receiving datagrams on this device.
  1341. //
  1342. Status = BowserpTdiSetEventHandler( DeviceObject,
  1343. FileObject,
  1344. TDI_EVENT_RECEIVE_DATAGRAM,
  1345. (PVOID) BowserTdiReceiveDatagramHandler,
  1346. TransportName);
  1348. if (!NT_SUCCESS(Status)) {
  1349. try_return(Status);
  1350. }
  1352. //
  1353. // Tell Netbt to tell us the IP Address of the client.
  1354. //
  1356. if ( Transport->PagedTransport->Wannish ) {
  1357. IO_STATUS_BLOCK IoStatusBlock;
  1359. Status = ZwDeviceIoControlFile(
  1360. Handle,
  1361. NULL,
  1362. NULL,
  1363. NULL,
  1364. &IoStatusBlock,
  1365. IOCTL_NETBT_ENABLE_EXTENDED_ADDR,
  1366. NULL,
  1367. 0,
  1368. NULL,
  1369. 0 );
  1371. if ( !NT_SUCCESS(Status) ) {
  1372. dlog(DPRT_TDI, ("%lx: Can't request extended status from netbt\n", TransportName));
  1373. try_return(Status);
  1374. }
  1376. ASSERT(Status != STATUS_PENDING);
  1377. }
  1379. //
  1380. // Save the handles
  1381. //
  1382. ExAcquireResourceExclusiveLite(&BowserTransportDatabaseResource, TRUE);
  1384. TransportName->FileObject = FileObject;
  1385. TransportName->DeviceObject = DeviceObject;
  1386. PagedTransportName->Handle = Handle;
  1387. Handle = NULL;
  1389. ExReleaseResourceLite(&BowserTransportDatabaseResource);
  1392. dlog(DPRT_TDI, ("BowserCreateTransportName Succeeded. Name: %lx, Handle: %lx\n", TransportName, PagedTransportName->Handle));
  1393. try_exit:NOTHING;
  1394. } finally {
  1395. if (EABuffer != NULL) {
  1396. FREE_POOL(EABuffer);
  1397. }
  1399. if ( FileObject != NULL ) {
  1400. ObDereferenceObject( FileObject );
  1401. }
  1403. if ( Handle != NULL ) {
  1404. (VOID) ZwClose( Handle );
  1405. }
  1407. if (!NT_SUCCESS(Status)) {
  1409. //
  1410. // Count Number of failed adds of 1D name.
  1411. //
  1413. if ( TransportName->NameType == MasterBrowser ) {
  1414. if (BrOneD.NameAddFailed < BR_ONE_D_STACK_SIZE ) {
  1415. BrOneD.NameAddStack[BrOneD.NameAddFailed] = Status;
  1416. }
  1417. BrOneD.NameAddFailed ++;
  1418. }
  1420. BowserCloseNetbiosAddress( TransportName );
  1421. } else {
  1423. //
  1424. // Count Number of adds of 1D name.
  1425. //
  1427. if ( TransportName->NameType == MasterBrowser ) {
  1428. BrOneD.NameAdded ++;
  1429. }
  1430. }
  1431. }
  1433. return Status;
  1434. }
  1436. VOID
  1437. BowserCloseNetbiosAddress(
  1438. IN PTRANSPORT_NAME TransportName
  1439. )
  1441. /*++
  1443. Routine Description:
  1445. Closes the Netbios Address for a transport name.
  1447. Arguments:
  1449. TransportName - Transport Name whose Netbios address is to be closed.
  1452. Return Value:
  1454. None.
  1456. --*/
  1458. {
  1459. NTSTATUS Status;
  1460. // PTRANSPORT Transport = TransportName->Transport;
  1461. PPAGED_TRANSPORT_NAME PagedTransportName = TransportName->PagedTransportName;
  1462. KAPC_STATE ApcState;
  1464. PAGED_CODE();
  1466. ExAcquireResourceExclusiveLite(&BowserTransportDatabaseResource, TRUE);
  1468. if (PagedTransportName) {
  1470. if ( PagedTransportName->Handle != NULL ) {
  1471. BOOLEAN ProcessAttached = FALSE;
  1473. if (IoGetCurrentProcess() != BowserFspProcess) {
  1474. KeStackAttachProcess(BowserFspProcess, &ApcState );
  1476. ProcessAttached = TRUE;
  1477. }
  1479. Status = ZwClose( PagedTransportName->Handle );
  1481. if (ProcessAttached) {
  1482. KeUnstackDetachProcess( &ApcState );
  1483. }
  1485. if (!NT_SUCCESS(Status)) {
  1486. dlog(DPRT_TDI, ("BowserCloseNetbiosAddress: Free name %lx failed: %X, %lx Handle: %lx\n", TransportName, Status, PagedTransportName->Handle));
  1488. //
  1489. // Count Number of failed frees of 1D name.
  1490. //
  1492. if ( TransportName->NameType == MasterBrowser ) {
  1493. if (BrOneD.NameFreeFailed < BR_ONE_D_STACK_SIZE ) {
  1494. BrOneD.NameFreeStack[BrOneD.NameFreeFailed] = Status;
  1495. }
  1496. BrOneD.NameFreeFailed ++;
  1497. }
  1498. } else {
  1500. //
  1501. // Count Number of frees of 1D name.
  1502. //
  1504. if ( TransportName->NameType == MasterBrowser ) {
  1505. BrOneD.NameFreed ++;
  1506. }
  1507. }
  1509. PagedTransportName->Handle = NULL;
  1510. }
  1511. }
  1513. //
  1514. // Dereference the FileObject ONLY after the handle is closed.
  1515. // The indication routine references FileObject with no synchronization.
  1516. // By closing the handle first, I know the TDI driver is out of the
  1517. // indication routine before I dereference the FileObject.
  1518. //
  1519. if ( TransportName->FileObject != NULL ) {
  1520. ObDereferenceObject( TransportName->FileObject );
  1521. TransportName->FileObject = NULL;
  1522. }
  1524. ExReleaseResourceLite(&BowserTransportDatabaseResource);
  1525. }
  1530. VOID
  1531. BowserCloseAllNetbiosAddresses(
  1532. IN PTRANSPORT Transport
  1533. )
  1534. /*++
  1536. Routine Description:
  1538. This routine closes all the Netbios address this transport has open
  1539. to the TDI driver.
  1541. Arguments:
  1543. Transport - The transport whose Netbios addresses are to be closed.
  1545. Return Value:
  1547. NTSTATUS - Status of resulting operation.
  1549. --*/
  1551. {
  1552. PLIST_ENTRY NameEntry;
  1553. PLIST_ENTRY NextEntry;
  1555. PAGED_CODE();
  1556. dlog(DPRT_TDI,
  1557. ("%s: %ws: BowserCloseAllNetbiosAddresses: Close addresses for transport %lx\n",
  1558. Transport->DomainInfo->DomOemDomainName,
  1559. Transport->PagedTransport->TransportName.Buffer,
  1560. Transport));
  1562. ExAcquireResourceExclusiveLite(&BowserTransportDatabaseResource, TRUE);
  1564. for (NameEntry = Transport->PagedTransport->NameChain.Flink;
  1565. NameEntry != &Transport->PagedTransport->NameChain;
  1566. NameEntry = NextEntry) {
  1568. PPAGED_TRANSPORT_NAME PagedTransportName = CONTAINING_RECORD(NameEntry, PAGED_TRANSPORT_NAME, TransportNext);
  1569. PTRANSPORT_NAME TransportName = PagedTransportName->NonPagedTransportName;
  1571. NextEntry = NameEntry->Flink;
  1573. BowserCloseNetbiosAddress(TransportName);
  1575. }
  1577. ExReleaseResourceLite(&BowserTransportDatabaseResource);
  1579. return;
  1580. }
  1582. NTSTATUS
  1583. BowserEnableIpxDatagramSocket(
  1584. IN PTRANSPORT Transport
  1585. )
  1586. {
  1587. NTSTATUS status;
  1588. NWLINK_ACTION action;
  1590. PAGED_CODE( );
  1592. //
  1593. // Put the endpoint in broadcast reception mode.
  1594. //
  1596. action.Header.TransportId = 'XPIM'; // "MIPX"
  1597. action.Header.ActionCode = 0;
  1598. action.Header.Reserved = 0;
  1599. action.OptionType = TRUE;
  1600. action.BufferLength = sizeof(action.Option);
  1601. action.Option = MIPX_RCVBCAST;
  1603. status = BowserIssueTdiAction(
  1604. Transport->IpxSocketDeviceObject,
  1605. Transport->IpxSocketFileObject,
  1606. (PCHAR)&action,
  1607. sizeof(action)
  1608. );
  1610. if ( !NT_SUCCESS(status) ) {
  1611. goto cleanup;
  1612. }
  1614. //
  1615. // Set the default packet type to 20 to force all browser packets
  1616. // through routers.
  1617. //
  1619. action.Header.TransportId = 'XPIM'; // "MIPX"
  1620. action.Header.ActionCode = 0;
  1621. action.Header.Reserved = 0;
  1622. action.OptionType = TRUE;
  1623. action.BufferLength = sizeof(action.Option);
  1624. action.Option = MIPX_SETSENDPTYPE;
  1625. action.Data[0] = IPX_BROADCAST_PACKET;
  1627. status = BowserIssueTdiAction(
  1628. Transport->IpxSocketDeviceObject,
  1629. Transport->IpxSocketFileObject,
  1630. (PCHAR)&action,
  1631. sizeof(action)
  1632. );
  1634. if ( !NT_SUCCESS(status) ) {
  1635. goto cleanup;
  1636. }
  1638. //
  1639. // Register the browser Receive Datagram event handler.
  1640. //
  1642. status = BowserpTdiSetEventHandler(
  1643. Transport->IpxSocketDeviceObject,
  1644. Transport->IpxSocketFileObject,
  1645. TDI_EVENT_RECEIVE_DATAGRAM,
  1646. BowserIpxDatagramHandler,
  1647. Transport
  1648. );
  1650. if ( !NT_SUCCESS(status) ) {
  1651. // INTERNAL_ERROR(
  1652. // ERROR_LEVEL_EXPECTED,
  1653. // "OpenNonNetbiosAddress: set receive datagram event handler failed: %X",
  1654. // status,
  1655. // NULL
  1656. // );
  1657. // SrvLogServiceFailure( SRV_SVC_NT_IOCTL_FILE, status );
  1658. goto cleanup;
  1659. }
  1662. return STATUS_SUCCESS;
  1664. //
  1665. // Out-of-line error cleanup.
  1666. //
  1668. cleanup:
  1670. //
  1671. // Something failed. Clean up as appropriate.
  1672. //
  1674. if ( Transport->IpxSocketFileObject != NULL ) {
  1675. ObDereferenceObject( Transport->IpxSocketFileObject );
  1676. Transport->IpxSocketFileObject = NULL;
  1677. }
  1678. if ( Transport->PagedTransport->IpxSocketHandle != NULL ) {
  1679. ZwClose( Transport->PagedTransport->IpxSocketHandle );
  1680. Transport->PagedTransport->IpxSocketHandle = NULL;
  1681. }
  1683. return status;
  1684. }
  1686. NTSTATUS
  1687. OpenIpxSocket (
  1688. OUT PHANDLE Handle,
  1689. OUT PFILE_OBJECT *FileObject,
  1690. OUT PDEVICE_OBJECT *DeviceObject,
  1691. IN PUNICODE_STRING DeviceName,
  1692. IN USHORT Socket
  1693. )
  1694. {
  1695. NTSTATUS status;
  1696. ULONG length;
  1697. PFILE_FULL_EA_INFORMATION ea;
  1698. TA_IPX_ADDRESS ipxAddress;
  1699. OBJECT_ATTRIBUTES objectAttributes;
  1700. IO_STATUS_BLOCK iosb;
  1702. CHAR buffer[sizeof(FILE_FULL_EA_INFORMATION) +
  1703. TDI_TRANSPORT_ADDRESS_LENGTH + 1 +
  1704. sizeof(TA_IPX_ADDRESS)];
  1706. PAGED_CODE( );
  1708. //
  1709. // Build the IPX socket address.
  1710. //
  1712. length = FIELD_OFFSET( FILE_FULL_EA_INFORMATION, EaName[0] ) +
  1713. TDI_TRANSPORT_ADDRESS_LENGTH + 1 +
  1714. sizeof(TA_IPX_ADDRESS);
  1715. ea = (PFILE_FULL_EA_INFORMATION)buffer;
  1717. ea->NextEntryOffset = 0;
  1718. ea->Flags = 0;
  1719. ea->EaNameLength = TDI_TRANSPORT_ADDRESS_LENGTH;
  1720. ea->EaValueLength = sizeof (TA_IPX_ADDRESS);
  1722. RtlCopyMemory( ea->EaName, TdiTransportAddress, ea->EaNameLength + 1 );
  1724. //
  1725. // Create a copy of the NETBIOS address descriptor in a local
  1726. // first, in order to avoid alignment problems.
  1727. //
  1729. ipxAddress.TAAddressCount = 1;
  1730. ipxAddress.Address[0].AddressType = TDI_ADDRESS_TYPE_IPX;
  1731. ipxAddress.Address[0].AddressLength = sizeof (TDI_ADDRESS_IPX);
  1732. ipxAddress.Address[0].Address[0].NetworkAddress = 0;
  1733. RtlZeroMemory(ipxAddress.Address[0].Address[0].NodeAddress, sizeof(ipxAddress.Address[0].Address[0].NodeAddress));
  1734. ipxAddress.Address[0].Address[0].Socket = Socket;
  1736. RtlCopyMemory(
  1737. &ea->EaName[ea->EaNameLength + 1],
  1738. &ipxAddress,
  1739. sizeof(TA_IPX_ADDRESS)
  1740. );
  1742. InitializeObjectAttributes( &objectAttributes, DeviceName, OBJ_CASE_INSENSITIVE, NULL, NULL );
  1744. status = IoCreateFile (
  1745. Handle,
  1746. FILE_READ_ATTRIBUTES | FILE_WRITE_ATTRIBUTES, // desired access
  1747. &objectAttributes, // object attributes
  1748. &iosb, // returned status information
  1749. NULL, // block size (unused)
  1750. 0, // file attributes
  1751. FILE_SHARE_READ | FILE_SHARE_WRITE, // share access
  1752. FILE_CREATE, // create disposition
  1753. 0, // create options
  1754. buffer, // EA buffer
  1755. length, // EA length
  1756. CreateFileTypeNone,
  1757. NULL,
  1758. IO_NO_PARAMETER_CHECKING | // All of the buffers are kernel buffers
  1759. IO_CHECK_CREATE_PARAMETERS);// But double check parameter consistancy
  1761. if ( !NT_SUCCESS(status) ) {
  1762. // KdPrint(( "Status of opening ipx socket %x on %wZ is %x\n",
  1763. // Socket, DeviceName, status ));
  1764. return status;
  1765. }
  1767. // KdPrint(( "IPX socket %x opened!\n", Socket ));
  1769. status = ObReferenceObjectByHandle (
  1770. *Handle,
  1771. 0,
  1772. *IoFileObjectType,
  1773. KernelMode,
  1774. (PVOID *)FileObject,
  1775. NULL
  1776. );
  1777. if (!NT_SUCCESS(status)) {
  1778. ZwClose(*Handle);
  1779. *Handle = NULL;
  1780. *DeviceObject = NULL;
  1781. }
  1782. else {
  1783. *DeviceObject = IoGetRelatedDeviceObject(*FileObject);
  1784. }
  1786. return status;
  1788. } // OpenIpxSocket
  1791. VOID
  1792. BowserReferenceTransportName(
  1793. IN PTRANSPORT_NAME TransportName
  1794. )
  1795. {
  1796. InterlockedIncrement(&TransportName->ReferenceCount);
  1797. }
  1799. NTSTATUS
  1800. BowserDereferenceTransportName(
  1801. IN PTRANSPORT_NAME TransportName
  1802. )
  1803. {
  1804. NTSTATUS Status;
  1805. LONG Result;
  1806. PAGED_CODE();
  1808. ExAcquireResourceExclusiveLite(&BowserTransportDatabaseResource, TRUE);
  1811. if (TransportName->ReferenceCount == 0) {
  1812. InternalError(("Transport Name Reference Count mismatch\n"));
  1813. }
  1815. Result = InterlockedDecrement(&TransportName->ReferenceCount);
  1817. if (Result == 0) {
  1818. Status = BowserFreeTransportName(TransportName);
  1819. } else {
  1820. Status = STATUS_SUCCESS;
  1821. }
  1823. ExReleaseResourceLite(&BowserTransportDatabaseResource);
  1825. return Status;
  1826. }
  1831. NTSTATUS
  1832. BowserpTdiRemoveAddresses(
  1833. IN PTRANSPORT Transport
  1834. )
  1835. /*++
  1837. Routine Description:
  1839. This routine removes all the transport names associated with a transport
  1841. Arguments:
  1843. IN PTRANSPORT Transport - Supplies a transport structure describing the
  1844. transport address object to be created.
  1846. Return Value:
  1848. NTSTATUS - Status of resulting operation.
  1850. --*/
  1852. {
  1853. NTSTATUS Status;
  1854. PLIST_ENTRY NameEntry;
  1855. PLIST_ENTRY NextEntry;
  1857. PAGED_CODE();
  1858. dlog(DPRT_TDI,
  1859. ("%s: %ws: BowserpTdiRemoveAddresses: Remove addresses for transport %lx\n",
  1860. Transport->DomainInfo->DomOemDomainName,
  1861. Transport->PagedTransport->TransportName.Buffer,
  1862. Transport));
  1864. ExAcquireResourceExclusiveLite(&BowserTransportDatabaseResource, TRUE);
  1866. for (NameEntry = Transport->PagedTransport->NameChain.Flink;
  1867. NameEntry != &Transport->PagedTransport->NameChain;
  1868. NameEntry = NextEntry) {
  1870. PPAGED_TRANSPORT_NAME PagedTransportName = CONTAINING_RECORD(NameEntry, PAGED_TRANSPORT_NAME, TransportNext);
  1871. PTRANSPORT_NAME TransportName = PagedTransportName->NonPagedTransportName;
  1872. NextEntry = NameEntry->Flink;
  1874. //
  1875. // Remove the TransportName from the list of transport names for
  1876. // this transport.
  1877. //
  1878. ASSERT(PagedTransportName->TransportNext.Flink != NULL);
  1879. RemoveEntryList(&PagedTransportName->TransportNext);
  1880. PagedTransportName->TransportNext.Flink = NULL;
  1881. PagedTransportName->TransportNext.Blink = NULL;
  1884. //
  1885. // Since we delinked it, we need to dereference it.
  1886. //
  1887. Status = BowserDereferenceTransportName(TransportName);
  1889. if (!NT_SUCCESS(Status)) {
  1890. ExReleaseResourceLite(&BowserTransportDatabaseResource);
  1891. return(Status);
  1892. }
  1894. }
  1896. ExReleaseResourceLite(&BowserTransportDatabaseResource);
  1898. return STATUS_SUCCESS;
  1899. }
  1901. PTRANSPORT_NAME
  1902. BowserFindTransportName(
  1903. IN PTRANSPORT Transport,
  1904. IN PBOWSER_NAME Name
  1905. )
  1906. /*++
  1908. Routine Description:
  1910. This routine looks up a given browser name to find its associated
  1911. transport address.
  1913. Arguments:
  1915. IN PTRANSPORT Transport - Supplies a transport structure describing the
  1916. transport address object to be created.
  1918. IN PBOWSER_NAME Name - Supplies the name to look up.
  1920. Return Value:
  1922. The transport address found, or null.
  1924. --*/
  1926. {
  1927. PLIST_ENTRY NameEntry;
  1928. PTRANSPORT_NAME RetValue = NULL;
  1929. PAGED_CODE();
  1931. ExAcquireResourceExclusiveLite(&BowserTransportDatabaseResource, TRUE);
  1933. try {
  1934. for (NameEntry = Transport->PagedTransport->NameChain.Flink;
  1935. NameEntry != &Transport->PagedTransport->NameChain;
  1936. NameEntry = NameEntry->Flink) {
  1938. PPAGED_TRANSPORT_NAME PagedTransportName = CONTAINING_RECORD(NameEntry, PAGED_TRANSPORT_NAME, TransportNext);
  1939. PTRANSPORT_NAME TransportName = PagedTransportName->NonPagedTransportName;
  1941. if (PagedTransportName->Name == Name) {
  1943. try_return(RetValue = TransportName);
  1944. }
  1946. try_exit:NOTHING;
  1947. }
  1948. } finally {
  1949. ExReleaseResourceLite(&BowserTransportDatabaseResource);
  1950. }
  1952. return RetValue;
  1953. }
  1955. NTSTATUS
  1956. BowserFreeTransportName(
  1957. IN PTRANSPORT_NAME TransportName
  1958. )
  1959. {
  1960. PTRANSPORT Transport = TransportName->Transport;
  1961. PBOWSER_NAME Name = NULL;
  1962. PPAGED_TRANSPORT_NAME PagedTransportName = TransportName->PagedTransportName;
  1964. PAGED_CODE();
  1965. dlog(DPRT_TDI,
  1966. ("%s: %ws: BowserFreeTransportName: Free name %lx\n",
  1967. Transport->DomainInfo->DomOemDomainName,
  1968. Transport->PagedTransport->TransportName.Buffer,
  1969. TransportName));
  1971. ExAcquireResourceExclusiveLite(&BowserTransportDatabaseResource, TRUE);
  1973. //
  1974. // Close the handle to the TDI driver.
  1975. //
  1976. BowserCloseNetbiosAddress( TransportName );
  1978. //
  1979. // If we received a message which re-referenced this transport name,
  1980. // just return now. We'll be back when the reference count gets
  1981. // re-dereferenced to zero.
  1982. //
  1984. if ( TransportName->ReferenceCount != 0 ) {
  1985. ExReleaseResourceLite(&BowserTransportDatabaseResource);
  1986. return STATUS_SUCCESS;
  1987. }
  1989. ASSERT (TransportName->ReferenceCount == 0);
  1993. if (PagedTransportName) {
  1996. //
  1997. // If this transport name has not yet been delinked,
  1998. // delink it.
  1999. //
  2001. if ( PagedTransportName->TransportNext.Flink != NULL ) {
  2002. // This should only happen on a failed transport name creation.
  2003. RemoveEntryList(&PagedTransportName->TransportNext);
  2004. PagedTransportName->TransportNext.Flink = NULL;
  2005. PagedTransportName->TransportNext.Blink = NULL;
  2006. }
  2007. RemoveEntryList(&PagedTransportName->NameNext);
  2010. //
  2011. // We're removing an OtherDomain - we can remove the reference to
  2012. // the discardable code section that was applied when the name was
  2013. // created.
  2014. //
  2016. if (PagedTransportName->Name->NameType == OtherDomain) {
  2017. BowserDereferenceDiscardableCode( BowserDiscardableCodeSection );
  2018. }
  2020. Name = PagedTransportName->Name;
  2022. FREE_POOL(PagedTransportName);
  2023. }
  2025. if (Name != NULL) {
  2026. switch ( Name->NameType ) {
  2027. case ComputerName:
  2028. Transport->ComputerName = NULL;
  2029. break;
  2031. case PrimaryDomain:
  2032. if ( Transport->PrimaryDomain == TransportName ) {
  2033. Transport->PrimaryDomain = Transport->AltPrimaryDomain;
  2034. Transport->AltPrimaryDomain = NULL;
  2035. }
  2036. if ( Transport->AltPrimaryDomain == TransportName ) {
  2037. Transport->AltPrimaryDomain = NULL;
  2038. }
  2039. break;
  2041. case MasterBrowser:
  2042. Transport->MasterBrowser = NULL;
  2043. break;
  2045. case BrowserElection:
  2046. Transport->BrowserElection = NULL;
  2047. break;
  2049. case PrimaryDomainBrowser:
  2050. Transport->PagedTransport->IsPrimaryDomainController = FALSE;
  2052. //
  2053. // Notify services we are no longer a PDC
  2054. //
  2056. BowserSendPnp(
  2057. NlPnpNewRole,
  2058. &Transport->DomainInfo->DomUnicodeDomainName,
  2059. &Transport->PagedTransport->TransportName,
  2060. BowserTransportFlags(Transport->PagedTransport) );
  2062. break;
  2063. }
  2065. BowserDereferenceName(Name);
  2067. }
  2069. FREE_POOL(TransportName);
  2071. ExReleaseResourceLite(&BowserTransportDatabaseResource);
  2073. dlog(DPRT_TDI,
  2074. ("%s: %ws: BowserFreeTransportName: Free name %lx completed\n",
  2075. Transport->DomainInfo->DomOemDomainName,
  2076. Transport->PagedTransport->TransportName.Buffer,
  2077. TransportName));
  2079. return(STATUS_SUCCESS);
  2080. }
  2082. VOID
  2083. BowserDeleteTransport(
  2084. IN PTRANSPORT Transport
  2085. )
  2086. /*++
  2088. Routine Description:
  2090. Delete a transport.
  2092. The caller should have a single reference to the transport. The actual
  2093. transport structure will be deleted when that reference goes away.
  2094. This routine will decrement the global reference made in
  2095. BowserTdiAllocateTransport
  2097. Arguments:
  2099. IN Transport - Supplies a transport structure to be deleted.
  2101. Return Value:
  2103. None.
  2105. --*/
  2107. {
  2108. LARGE_INTEGER Interval;
  2109. PPAGED_TRANSPORT PagedTransport;
  2110. PAGED_CODE();
  2112. //
  2113. // Do cleanup of the PagedTransport structure
  2114. //
  2116. PagedTransport = Transport->PagedTransport;
  2117. if ( PagedTransport != NULL ) {
  2119. //
  2120. // Notify services that this transport is now unbound
  2121. //
  2123. BowserSendPnp(
  2124. NlPnpTransportUnbind,
  2125. NULL, // All hosted domains
  2126. &PagedTransport->TransportName,
  2127. BowserTransportFlags(PagedTransport) );
  2130. //
  2131. // Prevent BowserFindTransport from adding any new references to the transport
  2132. //
  2134. ExAcquireResourceExclusiveLite(&BowserTransportDatabaseResource, TRUE);
  2136. if (!PagedTransport->DeletedTransport ) {
  2138. //
  2139. // Don't actually delink the entry since routines like
  2140. // BowserForEachTransport expect a reference to this transport
  2141. // to be enough to keep the GlobalNext list intact.
  2142. //
  2143. PagedTransport->DeletedTransport = TRUE;
  2145. //
  2146. // Remove the global reference to the transport.
  2147. //
  2148. // Avoid removing the global reference if we aren't in the global list.
  2149. //
  2151. if ( !IsListEmpty( &PagedTransport->GlobalNext) ) {
  2152. BowserDereferenceTransport( Transport );
  2153. }
  2154. }
  2156. //
  2157. // Close all handles to the TDI driver so we won't get any indications after
  2158. // we start cleaning up the Transport structure in BowserpFreeTransport.
  2159. //
  2161. BowserCloseAllNetbiosAddresses( Transport );
  2163. if ( PagedTransport->IpxSocketHandle != NULL) {
  2165. NTSTATUS LocalStatus;
  2166. BOOLEAN ProcessAttached = FALSE;
  2167. KAPC_STATE ApcState;
  2169. if (IoGetCurrentProcess() != BowserFspProcess) {
  2170. KeStackAttachProcess(BowserFspProcess, &ApcState );
  2172. ProcessAttached = TRUE;
  2173. }
  2175. LocalStatus = ZwClose(PagedTransport->IpxSocketHandle);
  2176. ASSERT(NT_SUCCESS(LocalStatus));
  2178. if (ProcessAttached) {
  2179. KeUnstackDetachProcess( &ApcState );
  2180. }
  2182. PagedTransport->IpxSocketHandle = NULL;
  2184. if ( Transport->IpxSocketFileObject != NULL ) {
  2185. ObDereferenceObject( Transport->IpxSocketFileObject );
  2186. Transport->IpxSocketFileObject = NULL;
  2187. }
  2188. Transport->IpxSocketDeviceObject = NULL;
  2189. }
  2190. ExReleaseResourceLite(&BowserTransportDatabaseResource);
  2191. }
  2193. //
  2194. // Uninitialize the timers to ensure we aren't in a timer routine while
  2195. // we are cleaning up.
  2196. //
  2198. BowserUninitializeTimer(&Transport->ElectionTimer);
  2200. BowserUninitializeTimer(&Transport->FindMasterTimer);
  2203. //
  2204. // Delete any mailslot messages queued to the netlogon service.
  2205. //
  2207. BowserNetlogonDeleteTransportFromMessageQueue ( Transport );
  2209. //
  2210. // Loop until this transport has the last reference to each of the transport
  2211. // names. Above, we prevented any new references. Here we ensure that
  2212. // all of the existing references go away.
  2213. //
  2214. // If there is an existing reference to the transport name, the holder
  2215. // of that reference can feel free to add a reference to
  2216. // TRANSPORT_NAME->Transport.
  2217. //
  2220. if ( PagedTransport != NULL ) {
  2222. PLIST_ENTRY NameEntry;
  2223. PLIST_ENTRY NextEntry;
  2225. ExAcquireResourceExclusiveLite(&BowserTransportDatabaseResource, TRUE);
  2227. for (NameEntry = Transport->PagedTransport->NameChain.Flink;
  2228. NameEntry &&
  2229. (NameEntry != &Transport->PagedTransport->NameChain);
  2230. NameEntry = NextEntry) {
  2232. PPAGED_TRANSPORT_NAME PagedTransportName = CONTAINING_RECORD(NameEntry, PAGED_TRANSPORT_NAME, TransportNext);
  2233. PTRANSPORT_NAME TransportName = PagedTransportName->NonPagedTransportName;
  2235. NextEntry = NameEntry->Flink;
  2237. if ( TransportName->ReferenceCount != 1 ) {
  2238. ExReleaseResourceLite(&BowserTransportDatabaseResource);
  2239. Interval.QuadPart = -1000*1000; // .1 second
  2240. KeDelayExecutionThread( KernelMode, FALSE, &Interval );
  2241. ExAcquireResourceExclusiveLite(&BowserTransportDatabaseResource, TRUE);
  2242. NextEntry = Transport->PagedTransport->NameChain.Flink;
  2243. }
  2245. }
  2247. ExReleaseResourceLite(&BowserTransportDatabaseResource);
  2248. }
  2251. //
  2252. // Loop until our caller has the last outstanding reference.
  2253. // This loop is the only thing preventing the driver from unloading while there
  2254. // are still references outstanding.
  2255. //
  2257. while ( Transport->ReferenceCount != 1) {
  2258. Interval.QuadPart = -1000*1000; // .01 second
  2259. KeDelayExecutionThread( KernelMode, FALSE, &Interval );
  2260. }
  2262. }
  2266. VOID
  2267. BowserpFreeTransport(
  2268. IN PTRANSPORT Transport
  2269. )
  2270. {
  2271. PAGED_CODE();
  2272. ExAcquireResourceExclusiveLite(&BowserTransportDatabaseResource, TRUE);
  2274. //
  2275. // Free the Paged transport, if necessary.
  2276. //
  2278. if (Transport->PagedTransport != NULL) {
  2279. PPAGED_TRANSPORT PagedTransport = Transport->PagedTransport;
  2281. //
  2282. // Remove the entry from the global list if it is in it.
  2283. //
  2284. if ( !IsListEmpty( &PagedTransport->GlobalNext ) ) {
  2285. ASSERT( PagedTransport->DeletedTransport );
  2286. RemoveEntryList(&PagedTransport->GlobalNext);
  2287. }
  2289. //
  2290. // Remove the Adresses.
  2291. //
  2292. // Do this in a separate step from the Close in BowserDeleteTransport
  2293. // above to ensure the PrimaryDomain and ComputerName fields don't
  2294. // get cleared until all possible references are removed.
  2295. //
  2297. if (!IsListEmpty( &PagedTransport->NameChain)) {
  2298. BowserpTdiRemoveAddresses(Transport);
  2299. }
  2301. BowserDeleteGenericTable(&PagedTransport->AnnouncementTable);
  2303. BowserDeleteGenericTable(&PagedTransport->DomainTable);
  2305. if (PagedTransport->BrowserServerListBuffer != NULL) {
  2307. BowserFreeBrowserServerList(
  2308. PagedTransport->BrowserServerListBuffer,
  2309. PagedTransport->BrowserServerListLength
  2310. );
  2311. }
  2313. FREE_POOL(PagedTransport);
  2314. }
  2316. if ( Transport->DomainInfo != NULL ) {
  2317. BowserDereferenceDomain( Transport->DomainInfo );
  2318. }
  2321. ExDeleteResourceLite(&Transport->BrowserServerListResource);
  2323. UNINITIALIZE_ANNOUNCE_DATABASE(Transport);
  2325. ExDeleteResourceLite(&Transport->Lock);
  2327. BowserUninitializeIrpQueue(&Transport->BecomeBackupQueue);
  2329. BowserUninitializeIrpQueue(&Transport->BecomeMasterQueue);
  2331. BowserUninitializeIrpQueue(&Transport->FindMasterQueue);
  2333. BowserUninitializeIrpQueue(&Transport->WaitForMasterAnnounceQueue);
  2335. BowserUninitializeIrpQueue(&Transport->ChangeRoleQueue);
  2336. BowserUninitializeIrpQueue(&Transport->WaitForNewMasterNameQueue );
  2338. FREE_POOL(Transport);
  2340. ExReleaseResourceLite(&BowserTransportDatabaseResource);
  2341. }
  2345. NTSTATUS
  2346. BowserpTdiSetEventHandler (
  2347. IN PDEVICE_OBJECT DeviceObject,
  2348. IN PFILE_OBJECT FileObject,
  2349. IN ULONG EventType,
  2350. IN PVOID EventHandler,
  2351. IN PVOID Context
  2352. )
  2354. /*++
  2356. Routine Description:
  2358. This routine registers an event handler with a TDI transport provider.
  2360. Arguments:
  2362. IN PDEVICE_OBJECT DeviceObject - Supplies the device object of the transport provider.
  2363. IN PFILE_OBJECT FileObject - Supplies the address object's file object.
  2364. IN ULONG EventType, - Supplies the type of event.
  2365. IN PVOID EventHandler - Supplies the event handler.
  2367. Return Value:
  2369. NTSTATUS - Final status of the set event operation
  2371. --*/
  2373. {
  2374. NTSTATUS Status;
  2375. PIRP Irp;
  2377. PAGED_CODE();
  2378. Irp = IoAllocateIrp(DeviceObject->StackSize, FALSE);
  2380. if (Irp == NULL) {
  2381. return(STATUS_INSUFFICIENT_RESOURCES);
  2382. }
  2384. TdiBuildSetEventHandler(Irp, DeviceObject, FileObject,
  2385. NULL, NULL,
  2386. EventType, EventHandler, Context);
  2388. Status = BowserSubmitTdiRequest(FileObject, Irp);
  2390. IoFreeIrp(Irp);
  2392. return Status;
  2393. }
  2395. NTSTATUS
  2396. BowserIssueTdiAction (
  2397. IN PDEVICE_OBJECT DeviceObject,
  2398. IN PFILE_OBJECT FileObject,
  2399. IN PVOID Action,
  2400. IN ULONG ActionSize
  2401. )
  2403. /*++
  2405. Routine Description:
  2407. This routine registers an event handler with a TDI transport provider.
  2409. Arguments:
  2411. IN PDEVICE_OBJECT DeviceObject - Supplies the device object of the transport provider.
  2412. IN PFILE_OBJECT FileObject - Supplies the address object's file object.
  2413. IN ULONG EventType, - Supplies the type of event.
  2414. IN PVOID EventHandler - Supplies the event handler.
  2416. Return Value:
  2418. NTSTATUS - Final status of the set event operation
  2420. --*/
  2422. {
  2423. NTSTATUS status;
  2424. PIRP irp;
  2425. // PIO_STACK_LOCATION irpSp;
  2426. PMDL mdl;
  2429. PAGED_CODE();
  2431. irp = IoAllocateIrp(DeviceObject->StackSize, FALSE);
  2433. if (irp == NULL) {
  2434. return STATUS_INSUFFICIENT_RESOURCES;
  2435. }
  2437. //
  2438. // Allocate and build an MDL that we'll use to describe the output
  2439. // buffer for the request.
  2440. //
  2442. mdl = IoAllocateMdl( Action, ActionSize, FALSE, FALSE, NULL );
  2444. if ( mdl == NULL ) {
  2445. IoFreeIrp( irp );
  2446. return STATUS_INSUFFICIENT_RESOURCES;
  2447. }
  2449. MmBuildMdlForNonPagedPool( mdl );
  2451. TdiBuildAction(
  2452. irp,
  2453. DeviceObject,
  2454. FileObject,
  2455. NULL,
  2456. NULL,
  2457. mdl
  2458. );
  2460. irp->AssociatedIrp.SystemBuffer = Action;
  2462. if (irp == NULL) {
  2463. return(STATUS_INSUFFICIENT_RESOURCES);
  2464. }
  2466. status = BowserSubmitTdiRequest(FileObject, irp);
  2468. IoFreeIrp(irp);
  2470. IoFreeMdl(mdl);
  2472. return status;
  2473. }
  2476. NTSTATUS
  2477. BowserBuildTransportAddress (
  2478. IN OUT PANSI_STRING Address,
  2479. IN PUNICODE_STRING Name,
  2480. IN DGRECEIVER_NAME_TYPE NameType,
  2481. IN PTRANSPORT Transport
  2482. )
  2483. /*++
  2485. Routine Description:
  2487. This routine takes a computer name (PUNICODE_STRING) and converts it into an
  2488. acceptable form for passing in as transport address.
  2490. Arguments:
  2492. OUT PTA_NETBIOS_ADDRESS RemoteAddress, - Supplies the structure to fill in
  2493. IN PUNICODE_STRING Name - Supplies the name to put into the transport
  2495. Please note that it is CRITICAL that the TA_NETBIOS_ADDRESS pointed to by
  2496. RemoteAddress be of sufficient size to hold the full network name.
  2498. Return Value:
  2500. None.
  2502. --*/
  2504. {
  2505. NTSTATUS Status;
  2506. OEM_STRING NetBiosName;
  2507. PTRANSPORT_ADDRESS RemoteAddress = (PTRANSPORT_ADDRESS)Address->Buffer;
  2508. PTDI_ADDRESS_NETBIOS NetbiosAddress = (PTDI_ADDRESS_NETBIOS)&RemoteAddress->Address[0].Address[0];
  2510. PAGED_CODE();
  2513. //
  2514. // Ensure there is room for this address.
  2515. //
  2516. if ( Address->MaximumLength < sizeof(TA_NETBIOS_ADDRESS) ) {
  2517. return STATUS_BUFFER_TOO_SMALL;
  2518. }
  2520. RemoteAddress->TAAddressCount = 1;
  2521. RemoteAddress->Address[0].AddressType = TDI_ADDRESS_TYPE_NETBIOS;
  2522. RemoteAddress->Address[0].AddressLength = TDI_ADDRESS_LENGTH_NETBIOS;
  2523. Address->Length = sizeof(TA_NETBIOS_ADDRESS);
  2525. NetBiosName.Length = 0;
  2526. NetBiosName.MaximumLength = NETBIOS_NAME_LEN;
  2527. NetBiosName.Buffer = NetbiosAddress->NetbiosName;
  2529. //
  2530. // Domain announcements are to a constant Netbios name address.
  2531. //
  2532. switch (NameType) {
  2533. case DomainAnnouncement:
  2534. ASSERT (strlen(DOMAIN_ANNOUNCEMENT_NAME) == NETBIOS_NAME_LEN);
  2535. RtlCopyMemory(NetBiosName.Buffer, DOMAIN_ANNOUNCEMENT_NAME, strlen(DOMAIN_ANNOUNCEMENT_NAME));
  2537. NetbiosAddress->NetbiosNameType = TDI_ADDRESS_NETBIOS_TYPE_GROUP;
  2538. break;
  2541. //
  2542. // All other names are upper case, OEM, and trailing blank filled.
  2543. //
  2544. default:
  2546. if (RtlUnicodeStringToOemSize(Name) > NETBIOS_NAME_LEN) {
  2547. return STATUS_BAD_NETWORK_PATH;
  2548. }
  2550. Status = RtlUpcaseUnicodeStringToOemString(&NetBiosName, Name, FALSE);
  2552. if (!NT_SUCCESS(Status)) {
  2553. return Status;
  2554. }
  2556. RtlCopyMemory(&NetBiosName.Buffer[NetBiosName.Length], " ",
  2557. NETBIOS_NAME_LEN-NetBiosName.Length);
  2559. switch (NameType) {
  2561. case ComputerName:
  2562. case AlternateComputerName:
  2563. NetbiosAddress->NetbiosName[NETBIOS_NAME_LEN-1] = WORKSTATION_SIGNATURE;
  2564. NetbiosAddress->NetbiosNameType = TDI_ADDRESS_NETBIOS_TYPE_UNIQUE;
  2565. break;
  2567. case DomainName:
  2568. NetbiosAddress->NetbiosName[NETBIOS_NAME_LEN-1] = DOMAIN_CONTROLLER_SIGNATURE;
  2569. NetbiosAddress->NetbiosNameType = TDI_ADDRESS_NETBIOS_TYPE_GROUP;
  2570. break;
  2572. case BrowserServer:
  2573. NetbiosAddress->NetbiosName[NETBIOS_NAME_LEN-1] = SERVER_SIGNATURE;
  2574. NetbiosAddress->NetbiosNameType = TDI_ADDRESS_NETBIOS_TYPE_UNIQUE;
  2575. break;
  2577. case MasterBrowser:
  2578. if (Transport->PagedTransport->Flags & DIRECT_HOST_IPX) {
  2579. NetbiosAddress->NetbiosName[NETBIOS_NAME_LEN-1] = WORKSTATION_SIGNATURE;
  2580. } else {
  2581. NetbiosAddress->NetbiosName[NETBIOS_NAME_LEN-1] = MASTER_BROWSER_SIGNATURE;
  2582. }
  2583. NetbiosAddress->NetbiosNameType = TDI_ADDRESS_NETBIOS_TYPE_UNIQUE;
  2584. break;
  2586. case PrimaryDomain:
  2587. case OtherDomain:
  2588. NetbiosAddress->NetbiosName[NETBIOS_NAME_LEN-1] = PRIMARY_DOMAIN_SIGNATURE;
  2589. NetbiosAddress->NetbiosNameType = TDI_ADDRESS_NETBIOS_TYPE_GROUP;
  2590. break;
  2592. case PrimaryDomainBrowser:
  2593. NetbiosAddress->NetbiosName[NETBIOS_NAME_LEN-1] = PRIMARY_CONTROLLER_SIGNATURE;
  2594. NetbiosAddress->NetbiosNameType = TDI_ADDRESS_NETBIOS_TYPE_UNIQUE;
  2595. break;
  2597. case BrowserElection:
  2598. if (Transport->PagedTransport->Flags & DIRECT_HOST_IPX) {
  2599. NetbiosAddress->NetbiosName[NETBIOS_NAME_LEN-1] = WORKSTATION_SIGNATURE;
  2600. } else {
  2601. NetbiosAddress->NetbiosName[NETBIOS_NAME_LEN-1] = BROWSER_ELECTION_SIGNATURE;
  2602. }
  2603. NetbiosAddress->NetbiosNameType = TDI_ADDRESS_NETBIOS_TYPE_GROUP;
  2604. break;
  2607. }
  2609. break;
  2610. }
  2612. return STATUS_SUCCESS;
  2613. }
  2615. NTSTATUS
  2616. BowserUpdateProviderInformation(
  2617. IN OUT PPAGED_TRANSPORT PagedTransport
  2618. )
  2619. /*++
  2621. Routine Description:
  2623. This routine updates status bits in the PagedTransport based on querying
  2624. the TDI driver.
  2626. Most importantly, the transport will be disabled if the provider is RAS or
  2627. doesn't yet have an IP address.
  2629. A goal of this routine is to handle the case where there are multiple IP
  2630. net cards on the same subnet. In that case, we want only one such net
  2631. card enabled for each emulated domain.
  2633. Arguments:
  2635. PagedTransport - Transport to update
  2637. Return Value:
  2639. Status of operation.
  2641. --*/
  2642. {
  2643. NTSTATUS Status;
  2644. TDI_PROVIDER_INFO ProviderInfo;
  2645. ULONG OldIpSubnetNumber;
  2646. BOOLEAN DisableThisTransport = FALSE;
  2648. PLIST_ENTRY TransportEntry;
  2649. PPAGED_TRANSPORT CurrentPagedTransport;
  2651. PAGED_CODE();
  2653. ExAcquireResourceExclusiveLite(&BowserTransportDatabaseResource, TRUE);
  2655. //
  2656. // Find out about the transport.
  2657. //
  2659. OldIpSubnetNumber = PagedTransport->IpSubnetNumber;
  2661. Status = BowserDetermineProviderInformation(
  2662. &PagedTransport->TransportName,
  2663. &ProviderInfo,
  2664. &PagedTransport->IpSubnetNumber );
  2666. if (!NT_SUCCESS(Status)) {
  2667. goto ReturnStatus;
  2668. }
  2670. //
  2671. // We can only talk to transports that support a max datagram size.
  2672. //
  2674. if (ProviderInfo.MaxDatagramSize == 0) {
  2675. Status = STATUS_BAD_REMOTE_ADAPTER;
  2676. goto ReturnStatus;
  2677. }
  2679. PagedTransport->NonPagedTransport->DatagramSize = ProviderInfo.MaxDatagramSize;
  2682. //
  2683. // Remember various attributes of the provider
  2684. // (Never disable the PointToPoint bit. NetBt forgets it when the
  2685. // RAS phone is hung up.)
  2687. PagedTransport->Wannish = (BOOLEAN)((ProviderInfo.ServiceFlags & TDI_SERVICE_ROUTE_DIRECTED) != 0);
  2688. if (ProviderInfo.ServiceFlags & TDI_SERVICE_POINT_TO_POINT) {
  2689. PagedTransport->PointToPoint = TRUE;
  2690. }
  2693. //
  2694. // If this is a RAS transport or the IP Address is not yet known,
  2695. // disable browsing on the transport.
  2696. //
  2698. if ( PagedTransport->PointToPoint ||
  2699. PagedTransport->IpSubnetNumber == 0 ) {
  2700. DisableThisTransport = TRUE;
  2701. }
  2704. //
  2705. // If this isn't an IP transport, we're done.
  2706. //
  2708. if ( PagedTransport->IpSubnetNumber == BOWSER_NON_IP_SUBNET ) {
  2709. goto ReturnStatus;
  2710. }
  2712. //
  2713. // In the loop below, we use OldIpSubnetNumber to determine if another
  2714. // transport should be enabled on that subnet. If that will NEVER be
  2715. // appropriate, flag OldIpSubnetNumber now.
  2716. //
  2718. if ( OldIpSubnetNumber == 0 ||
  2719. PagedTransport->DisabledTransport ||
  2720. PagedTransport->IpSubnetNumber == OldIpSubnetNumber ) {
  2721. OldIpSubnetNumber = BOWSER_NON_IP_SUBNET;
  2722. }
  2725. //
  2726. // Loop through the transports enabling/disabling them as indicated by
  2727. // the comments below.
  2728. //
  2730. for (TransportEntry = BowserTransportHead.Flink ;
  2731. TransportEntry != &BowserTransportHead ;
  2732. TransportEntry = CurrentPagedTransport->GlobalNext.Flink ) {
  2734. CurrentPagedTransport = CONTAINING_RECORD(TransportEntry, PAGED_TRANSPORT, GlobalNext);
  2736. //
  2737. // Ignore deleted transports.
  2738. //
  2739. if ( CurrentPagedTransport->DeletedTransport ) {
  2740. continue;
  2741. }
  2743. //
  2744. // If this transport isn't an IP transport,
  2745. // or this transport is a RAS transport,
  2746. // or this transport is the transport passed in,
  2747. // skip it and go on to the next one.
  2748. //
  2749. if ( CurrentPagedTransport->IpSubnetNumber == BOWSER_NON_IP_SUBNET ||
  2750. CurrentPagedTransport->PointToPoint ||
  2751. CurrentPagedTransport == PagedTransport ) {
  2752. continue;
  2753. }
  2755. //
  2756. // Special case this transport if it's currently disabled
  2757. //
  2759. if ( CurrentPagedTransport->DisabledTransport ) {
  2761. //
  2762. // If this transport is disabled and the transport passed in
  2763. // used to be the enabled transport for the subnet,
  2764. // enable the transport
  2765. //
  2767. if ( CurrentPagedTransport->IpSubnetNumber == OldIpSubnetNumber ) {
  2768. CurrentPagedTransport->DisabledTransport = FALSE;
  2769. }
  2771. //
  2772. // In any case,
  2773. // that's all we need to do for a disabled transport.
  2774. //
  2776. continue;
  2777. }
  2780. //
  2781. // If this transport is an enabled transport for the subnet of the one
  2782. // passed in,
  2783. // And this transport is for the same emulated domain as the one
  2784. // passed in,
  2785. // then disable the one passed in.
  2786. //
  2788. if ( CurrentPagedTransport->IpSubnetNumber ==
  2789. PagedTransport->IpSubnetNumber &&
  2790. CurrentPagedTransport->NonPagedTransport->DomainInfo == PagedTransport->NonPagedTransport->DomainInfo ) {
  2791. DisableThisTransport = TRUE;
  2792. }
  2795. }
  2799. //
  2800. // Cleanup
  2801. //
  2802. ReturnStatus:
  2804. //
  2805. // If we're disabling a previously enabled transport,
  2806. // ensure we're not the master browser.
  2807. //
  2808. if ( DisableThisTransport && !PagedTransport->DisabledTransport ) {
  2809. PagedTransport->DisabledTransport = DisableThisTransport;
  2810. BowserLoseElection( PagedTransport->NonPagedTransport );
  2811. } else {
  2812. PagedTransport->DisabledTransport = DisableThisTransport;
  2813. }
  2815. ExReleaseResourceLite(&BowserTransportDatabaseResource);
  2816. return Status;
  2817. }
  2819. NTSTATUS
  2820. BowserDetermineProviderInformation(
  2821. IN PUNICODE_STRING TransportName,
  2822. OUT PTDI_PROVIDER_INFO ProviderInfo,
  2823. OUT PULONG IpSubnetNumber
  2824. )
  2825. /*++
  2827. Routine Description:
  2829. This routine will determine provider information about a transport.
  2831. Arguments:
  2833. TransportName - Supplies the name of the transport provider
  2835. ProviderInfo - Returns information about the provider
  2837. IpSubnetNumber - returns the Ip Subnet Number of this transport.
  2838. BOWSER_NON_IP_SUBNET - If this isn't an IP transport
  2839. 0 - If the IP address isn't yet set
  2840. Otherwise - the IP address anded with the subnet mask
  2842. Return Value:
  2844. Status of operation.
  2846. --*/
  2847. {
  2848. HANDLE TransportHandle = NULL;
  2849. PFILE_OBJECT TransportObject = NULL;
  2850. OBJECT_ATTRIBUTES ObjAttributes;
  2851. IO_STATUS_BLOCK IoStatusBlock;
  2852. PIRP Irp;
  2853. PDEVICE_OBJECT DeviceObject;
  2854. PMDL Mdl = NULL;
  2855. NTSTATUS Status = STATUS_SUCCESS;
  2857. PAGED_CODE();
  2858. InitializeObjectAttributes (&ObjAttributes,
  2859. TransportName, // Name
  2860. OBJ_CASE_INSENSITIVE, // Attributes
  2861. NULL, // RootDirectory
  2862. NULL); // SecurityDescriptor
  2865. Status = IoCreateFile(&TransportHandle, // Handle
  2866. GENERIC_READ | GENERIC_WRITE | SYNCHRONIZE,
  2867. &ObjAttributes, // Object Attributes
  2868. &IoStatusBlock, // Final I/O status block
  2869. NULL, // Allocation Size
  2870. FILE_ATTRIBUTE_NORMAL, // Normal attributes
  2871. FILE_SHARE_READ, // Sharing attributes
  2872. FILE_OPEN_IF, // Create disposition
  2873. 0, // CreateOptions
  2874. NULL, // EA Buffer
  2875. 0, // EA Buffer Length
  2876. CreateFileTypeNone,
  2877. NULL,
  2878. IO_NO_PARAMETER_CHECKING | // All of the buffers are kernel buffers
  2879. IO_CHECK_CREATE_PARAMETERS);// But double check parameter consistancy
  2882. if (!NT_SUCCESS(Status)) {
  2884. goto ReturnStatus;
  2885. }
  2887. Status = ObReferenceObjectByHandle (
  2888. TransportHandle,
  2889. 0,
  2890. *IoFileObjectType,
  2891. KernelMode,
  2892. (PVOID *)&TransportObject,
  2893. NULL
  2894. );
  2895. if (!NT_SUCCESS(Status)) {
  2896. goto ReturnStatus;
  2897. }
  2899. DeviceObject = IoGetRelatedDeviceObject(TransportObject);
  2901. Irp = IoAllocateIrp(DeviceObject->StackSize, FALSE);
  2903. if (Irp == NULL) {
  2904. Status = STATUS_INSUFFICIENT_RESOURCES;
  2905. goto ReturnStatus;
  2906. }
  2908. //
  2909. // Allocate an MDL to hold the provider info.
  2910. //
  2912. Mdl = IoAllocateMdl(ProviderInfo, sizeof(TDI_PROVIDER_INFO),
  2913. FALSE,
  2914. FALSE,
  2915. NULL);
  2918. if (Mdl == NULL) {
  2919. IoFreeIrp(Irp);
  2920. Status = STATUS_INSUFFICIENT_RESOURCES;
  2921. goto ReturnStatus;
  2922. }
  2924. MmBuildMdlForNonPagedPool(Mdl);
  2926. TdiBuildQueryInformation(Irp, DeviceObject, TransportObject,
  2927. NULL, NULL,
  2928. TDI_QUERY_PROVIDER_INFORMATION, Mdl);
  2930. Status = BowserSubmitTdiRequest(TransportObject, Irp);
  2932. IoFreeIrp(Irp);
  2934. //
  2935. // Get the IP address for this Transport.
  2936. //
  2938. if ( (ProviderInfo->ServiceFlags & TDI_SERVICE_ROUTE_DIRECTED) == 0) {
  2939. *IpSubnetNumber = BOWSER_NON_IP_SUBNET;
  2940. } else {
  2941. NTSTATUS TempStatus;
  2942. IO_STATUS_BLOCK IoStatusBlock;
  2943. ULONG IpAddressBuffer[2]; // IpAddress followed by subnet mask
  2945. TempStatus = ZwDeviceIoControlFile(
  2946. TransportHandle,
  2947. NULL,
  2948. NULL,
  2949. NULL,
  2950. &IoStatusBlock,
  2951. IOCTL_NETBT_GET_IP_SUBNET,
  2952. NULL,
  2953. 0,
  2954. &IpAddressBuffer,
  2955. sizeof(IpAddressBuffer) );
  2957. if ( !NT_SUCCESS(TempStatus) ) {
  2958. *IpSubnetNumber = BOWSER_NON_IP_SUBNET;
  2959. } else {
  2960. ASSERT(TempStatus != STATUS_PENDING);
  2961. *IpSubnetNumber = IpAddressBuffer[0] & IpAddressBuffer[1];
  2962. }
  2963. }
  2966. ReturnStatus:
  2967. if (Mdl != NULL) {
  2968. IoFreeMdl(Mdl);
  2969. }
  2971. if (TransportObject != NULL) {
  2972. ObDereferenceObject(TransportObject);
  2973. }
  2976. if (TransportHandle != NULL) {
  2977. ZwClose(TransportHandle);
  2978. }
  2980. return(Status);
  2981. }
  2986. PTRANSPORT
  2987. BowserFindTransport (
  2988. IN PUNICODE_STRING TransportName,
  2989. IN PUNICODE_STRING EmulatedDomainName OPTIONAL
  2990. )
  2992. /*++
  2994. Routine Description:
  2996. This routine will locate a transport in the bowsers transport list.
  2998. Arguments:
  3000. TransportName - Supplies the name of the transport provider
  3002. EmulatedDomainName - Specifies the emulated domain whose transport is to be found.
  3005. Return Value:
  3007. PTRANSPORT - NULL if no transport was found, TRUE if transport was found.
  3009. --*/
  3010. {
  3011. PLIST_ENTRY TransportEntry;
  3012. PTRANSPORT Transport = NULL;
  3013. PPAGED_TRANSPORT PagedTransport = NULL;
  3014. PDOMAIN_INFO DomainInfo = NULL;
  3016. PAGED_CODE();
  3018. ExAcquireResourceExclusiveLite(&BowserTransportDatabaseResource, TRUE);
  3020. try {
  3022. //
  3023. // Find the requested domain.
  3024. //
  3026. DomainInfo = BowserFindDomain( EmulatedDomainName );
  3028. if ( DomainInfo != NULL ) {
  3029. for (TransportEntry = BowserTransportHead.Flink ;
  3030. TransportEntry != &BowserTransportHead ;
  3031. TransportEntry = TransportEntry->Flink) {
  3033. PagedTransport = CONTAINING_RECORD(TransportEntry, PAGED_TRANSPORT, GlobalNext);
  3035. //
  3036. // Ignore deleted transports.
  3037. //
  3038. if ( PagedTransport->DeletedTransport ) {
  3039. continue;
  3040. }
  3042. if ( PagedTransport->NonPagedTransport->DomainInfo == DomainInfo &&
  3043. RtlEqualUnicodeString(TransportName,
  3044. &PagedTransport->TransportName, TRUE)) {
  3046. Transport = PagedTransport->NonPagedTransport;
  3048. dprintf(DPRT_REF, ("Call Reference transport %lx from BowserFindTransport.\n", Transport));
  3049. BowserReferenceTransport( Transport );
  3051. try_return(Transport);
  3052. }
  3053. }
  3054. }
  3057. try_return(Transport = NULL);
  3059. try_exit:NOTHING;
  3060. } finally {
  3061. if ( DomainInfo != NULL ) {
  3062. BowserDereferenceDomain( DomainInfo );
  3063. }
  3064. ExReleaseResourceLite (&BowserTransportDatabaseResource);
  3065. }
  3067. return Transport;
  3069. }
  3071. NTSTATUS
  3072. BowserForEachTransportInDomain (
  3073. IN PDOMAIN_INFO DomainInfo,
  3074. IN PTRANSPORT_ENUM_ROUTINE Routine,
  3075. IN OUT PVOID Context
  3076. )
  3077. /*++
  3079. Routine Description:
  3081. This routine will enumerate the transports and call back the enum
  3082. routine provided with each transport.
  3084. Arguments:
  3086. DomainInfo - Only call 'Routine' for transport in this domain.
  3088. Routine - Routine to call for each transport
  3090. Context - Parameter to pass to 'Routine'
  3092. Return Value:
  3094. NTSTATUS - Final status of request.
  3096. --*/
  3097. {
  3098. PLIST_ENTRY TransportEntry, NextEntry;
  3099. PTRANSPORT Transport = NULL;
  3100. PPAGED_TRANSPORT PagedTransport = NULL;
  3101. NTSTATUS Status = STATUS_SUCCESS;
  3103. PAGED_CODE();
  3105. ExAcquireResourceExclusiveLite(&BowserTransportDatabaseResource, TRUE);
  3107. for (TransportEntry = BowserTransportHead.Flink ;
  3108. TransportEntry != &BowserTransportHead ;
  3109. TransportEntry = NextEntry) {
  3111. PagedTransport = CONTAINING_RECORD(TransportEntry, PAGED_TRANSPORT, GlobalNext);
  3112. Transport = PagedTransport->NonPagedTransport;
  3114. //
  3115. // Ignore deleted transports.
  3116. //
  3117. if ( PagedTransport->DeletedTransport ) {
  3118. NextEntry = PagedTransport->GlobalNext.Flink;
  3119. continue;
  3120. }
  3122. //
  3123. // If transport isn't in the specified domain,
  3124. // ignore it.
  3125. //
  3127. if ( Transport->DomainInfo != DomainInfo ) {
  3128. NextEntry = PagedTransport->GlobalNext.Flink;
  3129. continue;
  3130. }
  3133. dprintf(DPRT_REF, ("Call Reference transport %lx from BowserForEachTransportInDomain.\n", Transport));
  3134. BowserReferenceTransport(Transport);
  3136. ExReleaseResourceLite(&BowserTransportDatabaseResource);
  3138. Status = (Routine)(Transport, Context);
  3140. if (!NT_SUCCESS(Status)) {
  3141. BowserDereferenceTransport(Transport);
  3143. return Status;
  3144. }
  3146. ExAcquireResourceExclusiveLite(&BowserTransportDatabaseResource, TRUE);
  3148. NextEntry = PagedTransport->GlobalNext.Flink;
  3150. BowserDereferenceTransport(Transport);
  3152. }
  3154. ExReleaseResourceLite(&BowserTransportDatabaseResource);
  3156. return Status;
  3157. }
  3159. NTSTATUS
  3160. BowserForEachTransport (
  3161. IN PTRANSPORT_ENUM_ROUTINE Routine,
  3162. IN OUT PVOID Context
  3163. )
  3164. /*++
  3166. Routine Description:
  3168. This routine will enumerate the transports and call back the enum
  3169. routine provided with each transport.
  3171. Arguments:
  3174. Routine - Routine to call for each transport
  3176. Context - Parameter to pass to 'Routine'
  3178. Return Value:
  3180. NTSTATUS - Final status of request.
  3182. --*/
  3183. {
  3184. PLIST_ENTRY TransportEntry, NextEntry;
  3185. PTRANSPORT Transport = NULL;
  3186. PPAGED_TRANSPORT PagedTransport = NULL;
  3187. NTSTATUS Status = STATUS_SUCCESS;
  3189. PAGED_CODE();
  3191. ExAcquireResourceExclusiveLite(&BowserTransportDatabaseResource, TRUE);
  3193. for (TransportEntry = BowserTransportHead.Flink ;
  3194. TransportEntry != &BowserTransportHead ;
  3195. TransportEntry = NextEntry) {
  3197. PagedTransport = CONTAINING_RECORD(TransportEntry, PAGED_TRANSPORT, GlobalNext);
  3199. //
  3200. // Ignore deleted transports.
  3201. //
  3202. if ( PagedTransport->DeletedTransport ) {
  3203. NextEntry = PagedTransport->GlobalNext.Flink;
  3204. continue;
  3205. }
  3207. Transport = PagedTransport->NonPagedTransport;
  3209. dprintf(DPRT_REF, ("Call Reference transport %lx from BowserForEachTransport.\n", Transport));
  3210. BowserReferenceTransport(Transport);
  3212. ExReleaseResourceLite(&BowserTransportDatabaseResource);
  3214. Status = (Routine)(Transport, Context);
  3216. if (!NT_SUCCESS(Status)) {
  3217. BowserDereferenceTransport(Transport);
  3219. return Status;
  3220. }
  3222. ExAcquireResourceExclusiveLite(&BowserTransportDatabaseResource, TRUE);
  3224. NextEntry = PagedTransport->GlobalNext.Flink;
  3226. BowserDereferenceTransport(Transport);
  3228. }
  3230. ExReleaseResourceLite(&BowserTransportDatabaseResource);
  3232. return Status;
  3233. }
  3235. NTSTATUS
  3236. BowserForEachTransportName(
  3237. IN PTRANSPORT Transport,
  3238. IN PTRANSPORT_NAME_ENUM_ROUTINE Routine,
  3239. IN OUT PVOID Context
  3240. )
  3241. /*++
  3243. Routine Description:
  3245. This routine will enumerate the names associated with a transport
  3246. and call back the enum routine provided with each transport name.
  3248. Arguments:
  3251. Return Value:
  3253. NTSTATUS - Final status of request.
  3255. --*/
  3256. {
  3257. PLIST_ENTRY TransportEntry, NextEntry;
  3258. PTRANSPORT_NAME TransportName = NULL;
  3259. PPAGED_TRANSPORT_NAME PagedTransportName = NULL;
  3260. NTSTATUS Status = STATUS_SUCCESS;
  3262. PAGED_CODE();
  3264. ExAcquireResourceExclusiveLite(&BowserTransportDatabaseResource, TRUE);
  3266. try {
  3268. for (TransportEntry = Transport->PagedTransport->NameChain.Flink ;
  3269. TransportEntry &&
  3270. (TransportEntry != &Transport->PagedTransport->NameChain) ;
  3271. TransportEntry = NextEntry) {
  3273. PagedTransportName = CONTAINING_RECORD(TransportEntry, PAGED_TRANSPORT_NAME, TransportNext);
  3275. TransportName = PagedTransportName->NonPagedTransportName;
  3276. BowserReferenceTransportName( TransportName );
  3277. ExReleaseResourceLite(&BowserTransportDatabaseResource);
  3279. Status = (Routine)(TransportName, Context);
  3281. if (!NT_SUCCESS(Status)) {
  3282. ExAcquireResourceExclusiveLite(&BowserTransportDatabaseResource, TRUE);
  3283. BowserDereferenceTransportName( TransportName );
  3284. try_return(Status);
  3285. }
  3287. ExAcquireResourceExclusiveLite(&BowserTransportDatabaseResource, TRUE);
  3288. NextEntry = PagedTransportName->TransportNext.Flink;
  3289. BowserDereferenceTransportName( TransportName );
  3290. }
  3292. try_exit:NOTHING;
  3293. } finally {
  3294. ExReleaseResourceLite(&BowserTransportDatabaseResource);
  3295. }
  3297. return Status;
  3298. }
  3300. NTSTATUS
  3301. BowserDeleteTransportNameByName(
  3302. IN PTRANSPORT Transport,
  3303. IN PUNICODE_STRING Name OPTIONAL,
  3304. IN DGRECEIVER_NAME_TYPE NameType
  3305. )
  3306. /*++
  3308. Routine Description:
  3310. This routine deletes a transport name associated with a specific network.
  3312. Arguments:
  3314. Transport - Specifies the transport on which to delete the name.
  3316. Name - Specifies the transport name to delete.
  3317. If not specified, all names of the specified name type are deleted.
  3319. NameType - Specifies the name type of the name.
  3321. Return Value:
  3323. NTSTATUS - Final status of request.
  3325. --*/
  3327. {
  3328. PLIST_ENTRY TransportEntry, NextEntry;
  3329. PTRANSPORT_NAME TransportName = NULL;
  3330. PPAGED_TRANSPORT_NAME PagedTransportName = NULL;
  3331. NTSTATUS Status = STATUS_SUCCESS;
  3333. PAGED_CODE();
  3334. ExAcquireResourceExclusiveLite(&BowserTransportDatabaseResource, TRUE);
  3336. try {
  3337. for (TransportEntry = Transport->PagedTransport->NameChain.Flink ;
  3338. TransportEntry != &Transport->PagedTransport->NameChain ;
  3339. TransportEntry = NextEntry) {
  3341. PagedTransportName = CONTAINING_RECORD(TransportEntry, PAGED_TRANSPORT_NAME, TransportNext);
  3343. TransportName = PagedTransportName->NonPagedTransportName;
  3345. ASSERT (TransportName->NameType == PagedTransportName->Name->NameType);
  3347. if ((TransportName->NameType == NameType) &&
  3348. (Name == NULL ||
  3349. Name->Length == 0 ||
  3350. RtlEqualUnicodeString(&PagedTransportName->Name->Name, Name, TRUE))) {
  3351. NextEntry = TransportEntry->Flink;
  3354. //
  3355. // Remove the TransportName from the list of transport names for
  3356. // this transport.
  3357. //
  3358. ASSERT( PagedTransportName->TransportNext.Flink != NULL);
  3359. RemoveEntryList(&PagedTransportName->TransportNext);
  3360. PagedTransportName->TransportNext.Flink = NULL;
  3361. PagedTransportName->TransportNext.Blink = NULL;
  3364. //
  3365. // Since we delinked it, we need to dereference it.
  3366. //
  3367. Status = BowserDereferenceTransportName(TransportName);
  3369. if (!NT_SUCCESS(Status)) {
  3370. try_return(Status);
  3371. }
  3373. } else {
  3374. NextEntry = PagedTransportName->TransportNext.Flink;
  3375. }
  3377. }
  3378. try_exit:NOTHING;
  3379. } finally {
  3380. ExReleaseResourceLite(&BowserTransportDatabaseResource);
  3381. }
  3383. return Status;
  3384. }
  3388. NTSTATUS
  3389. BowserSubmitTdiRequest (
  3390. IN PFILE_OBJECT FileObject,
  3391. IN PIRP Irp
  3392. )
  3394. /*++
  3396. Routine Description:
  3398. This routine submits a request to TDI and waits for it to complete.
  3400. Arguments:
  3402. IN PFILE_OBJECT FileObject - Connection or Address handle for TDI request
  3403. IN PIRP Irp - TDI request to submit.
  3405. Return Value:
  3407. NTSTATUS - Final status of request.
  3409. --*/
  3411. {
  3412. KEVENT Event;
  3413. NTSTATUS Status;
  3415. PAGED_CODE();
  3417. BowserReferenceDiscardableCode( BowserDiscardableCodeSection );
  3419. KeInitializeEvent (&Event, NotificationEvent, FALSE);
  3421. IoSetCompletionRoutine(Irp, BowserCompleteTdiRequest, &Event, TRUE, TRUE, TRUE);
  3423. //
  3424. // Submit the disconnect request
  3425. //
  3427. Status = IoCallDriver(IoGetRelatedDeviceObject(FileObject), Irp);
  3429. //
  3430. // If it failed immediately, return now, otherwise wait.
  3431. //
  3433. if (!NT_SUCCESS(Status)) {
  3434. dlog(DPRT_TDI, ("BowserSubmitTdiRequest: submit request. Status = %X", Status));
  3435. BowserDereferenceDiscardableCode( BowserDiscardableCodeSection );
  3436. return Status;
  3437. }
  3439. if (Status == STATUS_PENDING) {
  3441. dlog(DPRT_TDI, ("TDI request issued, waiting..."));
  3443. Status = KeWaitForSingleObject(&Event, // Object to wait on.
  3444. Executive, // Reason for waiting
  3445. KernelMode, // Processor mode
  3446. FALSE, // Alertable
  3447. NULL); // Timeout
  3449. if (!NT_SUCCESS(Status)) {
  3450. dlog(DPRT_TDI, ("Could not wait for operation to complete"));
  3451. KeBugCheck( 666 );
  3452. }
  3454. Status = Irp->IoStatus.Status;
  3455. }
  3457. BowserDereferenceDiscardableCode( BowserDiscardableCodeSection );
  3459. dlog(DPRT_TDI, ("TDI request complete\n"));
  3461. return(Status);
  3462. }
  3465. NTSTATUS
  3466. BowserCompleteTdiRequest (
  3467. IN PDEVICE_OBJECT DeviceObject,
  3468. IN PIRP Irp,
  3469. IN PVOID Context
  3470. )
  3472. /*++
  3474. Routine Description:
  3476. Completion routine for SubmitTdiRequest operation.
  3478. Arguments:
  3480. IN PDEVICE_OBJECT DeviceObject, - Supplies a pointer to the device object
  3481. IN PIRP Irp, - Supplies the IRP submitted
  3482. IN PVOID Context - Supplies a pointer to the kernel event to release
  3484. Return Value:
  3486. NTSTATUS - Status of KeSetEvent
  3489. We return STATUS_MORE_PROCESSING_REQUIRED to prevent the IRP completion
  3490. code from processing this puppy any more.
  3492. --*/
  3494. {
  3495. DISCARDABLE_CODE( BowserDiscardableCodeSection );
  3496. dprintf(DPRT_TDI, ("CompleteTdiRequest: %lx\n", Context));
  3498. //
  3499. // Set the event to the Signalled state with 0 priority increment and
  3500. // indicate that we will not be blocking soon.
  3501. //
  3503. KeSetEvent((PKEVENT )Context, 0, FALSE);
  3505. return STATUS_MORE_PROCESSING_REQUIRED;
  3507. // Quiet the compiler.
  3509. if (Irp || DeviceObject){};
  3510. }
  3512. typedef struct _SEND_DATAGRAM_CONTEXT {
  3513. PTDI_CONNECTION_INFORMATION ConnectionInformation;
  3514. PVOID Header;
  3515. BOOLEAN WaitForCompletion;
  3516. KEVENT Event;
  3517. } SEND_DATAGRAM_CONTEXT, *PSEND_DATAGRAM_CONTEXT;
  3520. NTSTATUS
  3521. BowserSendDatagram (
  3522. IN PTRANSPORT Transport,
  3523. IN PUNICODE_STRING Domain OPTIONAL,
  3524. IN DGRECEIVER_NAME_TYPE NameType,
  3525. IN PVOID Buffer,
  3526. IN ULONG BufferLength,
  3527. IN BOOLEAN WaitForCompletion,
  3528. IN PSTRING DestinationAddress OPTIONAL,
  3529. IN BOOLEAN IsHostAnnouncement
  3530. )
  3532. /*++
  3534. Routine Description:
  3536. This routine sends a datagram to the specified domain.
  3538. Arguments:
  3540. Domain - the name of the domain to send to.
  3541. Please note that the DOMAIN is padded with spaces and
  3542. terminated with the appropriate signature byte (00 or 07).
  3544. Buffer - the message to send.
  3546. BufferLength - the length of the buffer,
  3548. IsHostAnnouncement - True if the datagram is a host announcement
  3550. Return Value:
  3552. NTSTATUS - results of operation.
  3554. --*/
  3556. {
  3557. NTSTATUS Status = STATUS_SUCCESS;
  3558. ULONG connectionInformationSize;
  3559. PIRP irp = NULL;
  3560. PMDL mdlAddress = NULL;
  3561. PSEND_DATAGRAM_CONTEXT context = NULL;
  3562. PPAGED_TRANSPORT PagedTransport = Transport->PagedTransport;
  3563. // PTRANSPORT_NAME TComputerName;
  3564. ANSI_STRING AnsiString;
  3565. UCHAR IpxPacketType;
  3566. PFILE_OBJECT FileObject = NULL;
  3567. PDEVICE_OBJECT DeviceObject;
  3568. PVOID pBuffToFree = Buffer;
  3570. PAGED_CODE();
  3572. //
  3573. // Ensure the computername has been registered for this transport
  3574. //
  3575. if ( Transport->ComputerName == NULL ) {
  3576. Status = STATUS_BAD_NETWORK_PATH;
  3577. goto Cleanup;
  3578. }
  3580. //
  3581. // Ensure the Device and File object are known.
  3582. //
  3584. ExAcquireResourceExclusiveLite(&BowserTransportDatabaseResource, TRUE);
  3585. if (!FlagOn(Transport->PagedTransport->Flags, DIRECT_HOST_IPX)) {
  3586. DeviceObject = Transport->ComputerName->DeviceObject;
  3587. FileObject = Transport->ComputerName->FileObject;
  3588. } else {
  3589. DeviceObject = Transport->IpxSocketDeviceObject;
  3590. FileObject = Transport->IpxSocketFileObject;
  3591. }
  3593. if ( DeviceObject == NULL || FileObject == NULL ) {
  3594. ExReleaseResourceLite(&BowserTransportDatabaseResource);
  3595. Status = STATUS_BAD_NETWORK_PATH;
  3596. goto Cleanup;
  3597. }
  3599. if ( FileObject != NULL ) {
  3600. ObReferenceObject( FileObject );
  3601. }
  3602. ExReleaseResourceLite(&BowserTransportDatabaseResource);
  3605. //
  3606. // Allocate a context describing this datagram send.
  3607. //
  3609. context = ALLOCATE_POOL(NonPagedPool, sizeof(SEND_DATAGRAM_CONTEXT), POOL_SENDDATAGRAM);
  3611. if ( context == NULL) {
  3612. Status = STATUS_NO_MEMORY;
  3613. goto Cleanup;
  3614. }
  3615. context->Header = NULL;
  3616. context->ConnectionInformation = NULL;
  3618. connectionInformationSize = sizeof(TDI_CONNECTION_INFORMATION) +
  3619. max(sizeof(TA_NETBIOS_EX_ADDRESS),
  3620. sizeof(TA_IPX_ADDRESS));
  3622. if (Domain == NULL) {
  3623. Domain = &Transport->DomainInfo->DomUnicodeDomainName;
  3624. }
  3626. if (FlagOn(Transport->PagedTransport->Flags, DIRECT_HOST_IPX)) {
  3627. PSMB_IPX_NAME_PACKET NamePacket;
  3628. OEM_STRING NetBiosName;
  3630. context->Header = ALLOCATE_POOL(NonPagedPool, BufferLength + sizeof(SMB_IPX_NAME_PACKET), POOL_SENDDATAGRAM);
  3632. if ( context->Header == NULL ) {
  3633. Status = STATUS_INSUFFICIENT_RESOURCES;
  3634. goto Cleanup;
  3635. }
  3637. NamePacket = context->Header;
  3639. RtlZeroMemory(NamePacket->Route, sizeof(NamePacket->Route));
  3641. NamePacket->Operation = SMB_IPX_MAILSLOT_SEND;
  3643. switch (NameType) {
  3644. case BrowserElection:
  3645. if ( IsHostAnnouncement ) {
  3646. NamePacket->NameType = SMB_IPX_NAME_TYPE_BROWSER;
  3647. } else {
  3648. NamePacket->NameType = SMB_IPX_NAME_TYPE_WORKKGROUP;
  3649. }
  3650. break;
  3651. case ComputerName:
  3652. case AlternateComputerName:
  3653. NamePacket->NameType = SMB_IPX_NAME_TYPE_MACHINE;
  3654. break;
  3655. case MasterBrowser:
  3656. NamePacket->NameType = SMB_IPX_NAME_TYPE_WORKKGROUP;
  3657. break;
  3658. //
  3659. // Don't send on name types that direct host IPX can't handle.
  3660. //
  3661. // Domain(1B): Direct host IPX datagram receivers aren't particular
  3662. // about the 16th byte of the netbios name. Therefore, all of them
  3663. // accept a Domain<1B> datagram. However, such sends are destined
  3664. // only to the PDC.
  3665. //
  3666. // Domain(1C): Domain(1C) is registered only by NT DCs. However,
  3667. // NT DCs don't completely support direct host IPX. But they do
  3668. // completely support NwLnkNb.
  3669. //
  3670. // We silently ingore these errors allowing the caller to duplicate
  3671. // the send on NwLnkNb.
  3673. case PrimaryDomainBrowser:
  3674. case DomainName:
  3676. Status = STATUS_SUCCESS;
  3677. goto Cleanup;
  3679. //
  3680. // Fail on sends to non-sensical name types.
  3681. //
  3682. // DomainAnnouncements aren't sent separately.
  3683. //
  3685. default:
  3686. // Silently ignore the
  3687. Status = STATUS_INVALID_DEVICE_REQUEST;
  3688. goto Cleanup;
  3689. }
  3691. NamePacket->MessageId = 0;
  3693. NetBiosName.Length = 0;
  3694. NetBiosName.MaximumLength = SMB_IPX_NAME_LENGTH;
  3695. NetBiosName.Buffer = NamePacket->Name;
  3697. Status = RtlUpcaseUnicodeStringToOemString(&NetBiosName, Domain, FALSE);
  3699. if (!NT_SUCCESS(Status)) {
  3700. goto Cleanup;
  3701. }
  3703. RtlCopyMemory(&NetBiosName.Buffer[NetBiosName.Length], " ",
  3704. SMB_IPX_NAME_LENGTH-NetBiosName.Length);
  3706. NamePacket->Name[SMB_IPX_NAME_LENGTH-1] = WORKSTATION_SIGNATURE;
  3708. RtlCopyMemory(NamePacket->SourceName, ((PTA_NETBIOS_ADDRESS)(Transport->ComputerName->TransportAddress.Buffer))->Address[0].Address->NetbiosName, SMB_IPX_NAME_LENGTH);
  3710. RtlCopyMemory((NamePacket+1), Buffer, BufferLength);
  3712. // Replace Buffer w/ IPX modified one.
  3713. // - ensure cleanup will free input Buffer.
  3714. ASSERT(Buffer == pBuffToFree);
  3715. FREE_POOL(Buffer);
  3716. pBuffToFree = NULL; // cleanup will free context->Header
  3717. Buffer = context->Header;
  3719. BufferLength += sizeof(SMB_IPX_NAME_PACKET);
  3721. } else {
  3722. // ensure consistency
  3723. ASSERT(Buffer == pBuffToFree);
  3724. context->Header = Buffer;
  3725. pBuffToFree = NULL; // don't cleanup for async case.
  3726. }
  3728. context->ConnectionInformation = ALLOCATE_POOL(NonPagedPool,
  3729. connectionInformationSize, POOL_CONNECTINFO
  3730. );
  3732. if ( context->ConnectionInformation == NULL ) {
  3733. Status = STATUS_INSUFFICIENT_RESOURCES;
  3734. goto Cleanup;
  3735. }
  3737. context->ConnectionInformation->UserDataLength = 0;
  3738. context->ConnectionInformation->UserData = NULL;
  3739. context->ConnectionInformation->OptionsLength = 0;
  3740. context->ConnectionInformation->Options = NULL;
  3742. AnsiString.Buffer = (PCHAR)(context->ConnectionInformation + 1);
  3743. AnsiString.MaximumLength = (USHORT)(connectionInformationSize - sizeof(TDI_CONNECTION_INFORMATION));
  3745. context->ConnectionInformation->RemoteAddress = AnsiString.Buffer;
  3747. context->WaitForCompletion = WaitForCompletion;
  3749. // ComputerName = Transport->ComputerName;
  3751. if (!ARGUMENT_PRESENT(DestinationAddress)) {
  3753. //
  3754. // If this is for our primary domain, and the request is destined
  3755. // for the master browser name, then stick in the address of our
  3756. // master browser if we know it.
  3757. //
  3759. if ((RtlCompareMemory(Domain->Buffer, ((PTA_NETBIOS_ADDRESS)(Transport->ComputerName->TransportAddress.Buffer))->Address[0].Address->NetbiosName, SMB_IPX_NAME_LENGTH) == SMB_IPX_NAME_LENGTH) &&
  3760. ( NameType == MasterBrowser ) &&
  3761. (Transport->PagedTransport->MasterBrowserAddress.Length != 0) ) {
  3763. //
  3764. // This is for our domain. If it's for our master browser
  3765. // and we know who that is, we're done - copy over the master's address
  3766. // and send it.
  3767. //
  3769. ASSERT (Transport->PagedTransport->MasterBrowserAddress.Length == sizeof(TA_IPX_ADDRESS));
  3771. RtlCopyMemory(context->ConnectionInformation->RemoteAddress,
  3772. Transport->PagedTransport->MasterBrowserAddress.Buffer,
  3773. Transport->PagedTransport->MasterBrowserAddress.Length);
  3775. //
  3776. // This is a directed packet, don't broadcast it.
  3777. //
  3778. IpxPacketType = IPX_DIRECTED_PACKET;
  3779. context->ConnectionInformation->OptionsLength = sizeof(IpxPacketType);
  3780. context->ConnectionInformation->Options = &IpxPacketType;
  3782. } else if (FlagOn(Transport->PagedTransport->Flags, DIRECT_HOST_IPX)) {
  3784. PTA_IPX_ADDRESS IpxAddress = (PTA_IPX_ADDRESS)AnsiString.Buffer;
  3786. IpxAddress->TAAddressCount = 1;
  3787. IpxAddress->Address[0].AddressType = TDI_ADDRESS_TYPE_IPX;
  3788. IpxAddress->Address[0].AddressLength = TDI_ADDRESS_LENGTH_IPX;
  3790. IpxAddress->Address[0].Address[0].NetworkAddress = 0;
  3791. IpxAddress->Address[0].Address[0].NodeAddress[0] = 0xff;
  3792. IpxAddress->Address[0].Address[0].NodeAddress[1] = 0xff;
  3793. IpxAddress->Address[0].Address[0].NodeAddress[2] = 0xff;
  3794. IpxAddress->Address[0].Address[0].NodeAddress[3] = 0xff;
  3795. IpxAddress->Address[0].Address[0].NodeAddress[4] = 0xff;
  3796. IpxAddress->Address[0].Address[0].NodeAddress[5] = 0xff;
  3797. IpxAddress->Address[0].Address[0].Socket = SMB_IPX_MAILSLOT_SOCKET;
  3799. } else {
  3801. Status = BowserBuildTransportAddress(&AnsiString,
  3802. Domain,
  3803. NameType,
  3804. Transport);
  3806. if (!NT_SUCCESS(Status)) {
  3807. goto Cleanup;
  3808. }
  3810. context->ConnectionInformation->RemoteAddressLength = AnsiString.Length;
  3811. }
  3813. } else {
  3815. //
  3816. // This is already correctly formatted, so just put it on the wire.
  3817. //
  3819. RtlCopyMemory(context->ConnectionInformation->RemoteAddress, DestinationAddress->Buffer, DestinationAddress->Length);
  3820. context->ConnectionInformation->RemoteAddressLength = DestinationAddress->Length;
  3822. //
  3823. // This is a directed packet, don't broadcast it.
  3824. //
  3825. IpxPacketType = IPX_DIRECTED_PACKET;
  3826. context->ConnectionInformation->OptionsLength = sizeof(IpxPacketType);
  3827. context->ConnectionInformation->Options = &IpxPacketType;
  3829. }
  3831. irp = IoAllocateIrp( DeviceObject->StackSize, TRUE);
  3833. if (irp == NULL) {
  3834. Status = STATUS_INSUFFICIENT_RESOURCES;
  3835. goto Cleanup;
  3836. }
  3838. mdlAddress = IoAllocateMdl(Buffer, BufferLength, FALSE, FALSE, NULL);
  3840. if (mdlAddress == NULL) {
  3841. IoFreeIrp(irp);
  3842. Status = STATUS_INSUFFICIENT_RESOURCES;
  3843. goto Cleanup;
  3844. }
  3846. KeInitializeEvent(&context->Event, NotificationEvent, FALSE);
  3848. MmBuildMdlForNonPagedPool(mdlAddress);
  3850. BowserReferenceDiscardableCode( BowserDiscardableCodeSection );
  3852. ASSERT (KeGetCurrentIrql() == 0);
  3854. TdiBuildSendDatagram( irp,
  3855. DeviceObject,
  3856. FileObject,
  3857. CompleteSendDatagram,
  3858. context,
  3859. mdlAddress,
  3860. BufferLength,
  3861. context->ConnectionInformation);
  3864. Status = IoCallDriver(DeviceObject, irp);
  3866. ASSERT (KeGetCurrentIrql() == 0);
  3868. if (WaitForCompletion) {
  3870. ASSERT (KeGetCurrentIrql() == 0);
  3871. if (Status == STATUS_PENDING) {
  3872. Status = KeWaitForSingleObject(&context->Event,
  3873. Executive,
  3874. KernelMode,
  3875. FALSE,
  3876. NULL);
  3878. }
  3880. IoFreeMdl(irp->MdlAddress);
  3882. //
  3883. // Retrieve the status from the IRP.
  3884. //
  3886. Status = irp->IoStatus.Status;
  3888. IoFreeIrp(irp);
  3890. } else {
  3891. //
  3892. // Let completion routine free the context
  3893. //
  3894. context = NULL;
  3895. }
  3897. ASSERT (KeGetCurrentIrql() == 0);
  3899. BowserDereferenceDiscardableCode( BowserDiscardableCodeSection );
  3901. //
  3902. // Free locally used resources
  3903. //
  3904. Cleanup:
  3906. if ( context != NULL ) {
  3907. if ( context->Header != NULL &&
  3908. context->Header != pBuffToFree ) {
  3909. FREE_POOL( context->Header );
  3910. }
  3911. if (context->ConnectionInformation != NULL ) {
  3912. FREE_POOL(context->ConnectionInformation);
  3913. }
  3914. FREE_POOL(context);
  3915. }
  3917. if (pBuffToFree) {
  3918. FREE_POOL( pBuffToFree );
  3919. }
  3921. if ( FileObject != NULL ) {
  3922. ObDereferenceObject( FileObject );
  3923. }
  3924. return Status;
  3926. } // BowserSendDatagram
  3928. NTSTATUS
  3929. CompleteSendDatagram (
  3930. IN PDEVICE_OBJECT DeviceObject,
  3931. IN PIRP Irp,
  3932. IN PVOID Ctx
  3933. )
  3935. /*++
  3937. Routine Description:
  3939. Completion routine for SubmitTdiRequest operation.
  3941. Arguments:
  3943. IN PDEVICE_OBJECT DeviceObject, - Supplies a pointer to the device object
  3944. IN PIRP Irp, - Supplies the IRP submitted
  3945. IN PVOID Context - Supplies a pointer to the kernel event to release
  3947. Return Value:
  3949. NTSTATUS - Status of KeSetEvent
  3952. We return STATUS_MORE_PROCESSING_REQUIRED to prevent the IRP completion
  3953. code from processing this puppy any more.
  3955. --*/
  3957. {
  3958. PSEND_DATAGRAM_CONTEXT Context = Ctx;
  3960. DISCARDABLE_CODE( BowserDiscardableCodeSection );
  3962. dprintf(DPRT_TDI, ("CompleteTdiRequest: %lx\n", Context));
  3964. if (Context->WaitForCompletion) {
  3966. //
  3967. // Set the event to the Signalled state with 0 priority increment and
  3968. // indicate that we will not be blocking soon.
  3969. //
  3971. KeSetEvent(&Context->Event, 0, FALSE);
  3973. } else {
  3974. FREE_POOL(Context->ConnectionInformation);
  3976. FREE_POOL(Context->Header);
  3978. FREE_POOL(Context);
  3980. IoFreeMdl(Irp->MdlAddress);
  3982. IoFreeIrp(Irp);
  3984. }
  3985. return STATUS_MORE_PROCESSING_REQUIRED;
  3987. UNREFERENCED_PARAMETER(DeviceObject);
  3988. }
  3993. NTSTATUS
  3994. BowserSendSecondClassMailslot (
  3995. IN PTRANSPORT Transport,
  3996. IN PUNICODE_STRING Domain OPTIONAL,
  3997. IN DGRECEIVER_NAME_TYPE NameType,
  3998. IN PVOID Message,
  3999. IN ULONG MessageLength,
  4000. IN BOOLEAN WaitForCompletion,
  4001. IN PCHAR mailslotNameData,
  4002. IN PSTRING DestinationAddress OPTIONAL
  4003. )
  4004. {
  4005. ULONG dataSize;
  4006. ULONG transactionDataSize;
  4007. ULONG smbSize;
  4008. PSMB_HEADER header;
  4009. PSMB_TRANSACT_MAILSLOT parameters;
  4010. PSZ mailslotName;
  4011. ULONG mailslotNameLength;
  4012. PSZ domainInData;
  4013. PVOID message;
  4014. NTSTATUS status;
  4016. PAGED_CODE();
  4017. //
  4018. // Determine the sizes of various fields that will go in the SMB
  4019. // and the total size of the SMB.
  4020. //
  4022. mailslotNameLength = strlen( mailslotNameData );
  4024. transactionDataSize = MessageLength;
  4025. dataSize = mailslotNameLength + 1 + transactionDataSize;
  4026. smbSize = sizeof(SMB_HEADER) + sizeof(SMB_TRANSACT_MAILSLOT) - 1 + dataSize;
  4028. header = ALLOCATE_POOL( NonPagedPool, smbSize, POOL_MAILSLOT_HEADER );
  4029. if ( header == NULL ) {
  4030. return STATUS_INSUFFICIENT_RESOURCES;
  4031. }
  4033. //
  4034. // Fill in the header. Most of the fields don't matter and are
  4035. // zeroed.
  4036. //
  4038. RtlZeroMemory( header, smbSize );
  4040. header->Protocol[0] = 0xFF;
  4041. header->Protocol[1] = 'S';
  4042. header->Protocol[2] = 'M';
  4043. header->Protocol[3] = 'B';
  4044. header->Command = SMB_COM_TRANSACTION;
  4046. //
  4047. // Get the pointer to the params and fill them in.
  4048. //
  4050. parameters = (PSMB_TRANSACT_MAILSLOT)( header + 1 );
  4051. mailslotName = (PSZ)( parameters + 1 ) - 1;
  4052. domainInData = mailslotName + mailslotNameLength + 1;
  4053. message = domainInData;
  4055. parameters->WordCount = 0x11;
  4056. SmbPutUshort( &parameters->TotalDataCount, (USHORT)transactionDataSize );
  4057. SmbPutUlong( &parameters->Timeout, 0x3E8 ); // !!! fix
  4058. SmbPutUshort( &parameters->DataCount, (USHORT)transactionDataSize );
  4059. SmbPutUshort(
  4060. &parameters->DataOffset,
  4061. (USHORT)( (ULONG_PTR)message - (ULONG_PTR)header )
  4062. );
  4063. parameters->SetupWordCount = 3;
  4064. SmbPutUshort( &parameters->Opcode, MS_WRITE_OPCODE );
  4065. SmbPutUshort( &parameters->Priority, 1);
  4066. SmbPutUshort( &parameters->Class, 2 );
  4067. SmbPutUshort( &parameters->ByteCount, (USHORT)dataSize );
  4069. RtlCopyMemory( mailslotName, mailslotNameData, mailslotNameLength + 1 );
  4070. RtlCopyMemory( message, Message, MessageLength );
  4072. //
  4073. // Send the actual mailslot message.
  4074. //
  4076. status = BowserSendDatagram( Transport,
  4077. Domain,
  4078. NameType,
  4079. header,
  4080. smbSize,
  4081. WaitForCompletion,
  4082. DestinationAddress,
  4083. (BOOLEAN)(((PHOST_ANNOUNCE_PACKET)Message)->AnnounceType == LocalMasterAnnouncement) );
  4085. return status;
  4087. } // BowserSendSecondClassMailslot
  4090. NTSTATUS
  4091. BowserSendRequestAnnouncement(
  4092. IN PUNICODE_STRING DestinationName,
  4093. IN DGRECEIVER_NAME_TYPE NameType,
  4094. IN PTRANSPORT Transport
  4095. )
  4096. {
  4097. REQUEST_ANNOUNCE_PACKET AnnounceRequest;
  4098. ULONG AnnouncementRequestLength;
  4099. NTSTATUS Status;
  4101. PAGED_CODE();
  4102. //
  4103. // If we don't
  4104. AnnounceRequest.Type = AnnouncementRequest;
  4106. AnnounceRequest.RequestAnnouncement.Flags = 0;
  4108. strcpy( AnnounceRequest.RequestAnnouncement.Reply,
  4109. Transport->DomainInfo->DomOemComputerName.Buffer );
  4111. AnnouncementRequestLength = FIELD_OFFSET(REQUEST_ANNOUNCE_PACKET, RequestAnnouncement.Reply) +
  4112. Transport->DomainInfo->DomOemComputerName.Length + 1;
  4114. Status = BowserSendSecondClassMailslot(Transport,
  4115. DestinationName,
  4116. NameType,
  4117. &AnnounceRequest,
  4118. AnnouncementRequestLength,
  4119. TRUE,
  4120. MAILSLOT_BROWSER_NAME,
  4121. NULL);
  4123. return Status;
  4124. }
  4126. VOID
  4127. BowserpInitializeTdi (
  4128. VOID
  4129. )
  4131. /*++
  4133. Routine Description:
  4135. This routine initializes the global variables used in the transport
  4136. package.
  4138. Arguments:
  4140. None.
  4142. Return Value:
  4144. None.
  4146. --*/
  4148. {
  4149. //
  4150. // Initialize the Transport list chain
  4151. //
  4153. InitializeListHead(&BowserTransportHead);
  4155. ExInitializeResourceLite(&BowserTransportDatabaseResource);
  4157. KeInitializeSpinLock(&BowserTransportMasterNameSpinLock);
  4159. BowserInitializeDomains();
  4160. }
  4162. VOID
  4163. BowserpUninitializeTdi (
  4164. VOID
  4165. )
  4167. /*++
  4169. Routine Description:
  4171. This routine initializes the global variables used in the transport
  4172. package.
  4174. Arguments:
  4176. None.
  4178. Return Value:
  4180. None.
  4182. --*/
  4184. {
  4185. PAGED_CODE();
  4186. ASSERT (IsListEmpty(&BowserTransportHead));
  4188. ExDeleteResourceLite(&BowserTransportDatabaseResource);
  4190. }