Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

2044 lines
52 KiB

  1. /*++
  2. Copyright (c) 1991-92 Microsoft Corporation
  3. Module Name:
  4. XsSubs.c
  5. Abstract:
  6. This module contains various subroutines for XACTSRV.
  7. Author:
  8. David Treadwell (davidtr) 07-Jan-1991
  9. Revision History:
  10. 05-Oct-1992 JohnRo
  11. RAID 3556: DosPrintQGetInfo(from downlevel) level 3, rc=124. (4&5 too.)
  12. (Fixed XsFillAuxEnumBuffer.)
  13. --*/
  14. #include "XactSrvP.h"
  15. #include <WinBase.h> // GetCurrentProcessId prototype
  16. #include <align.h>
  17. VOID
  18. SmbCapturePtr(
  19. LPBYTE PointerDestination,
  20. LPBYTE PointerSource
  21. );
  22. DWORD
  23. XsBytesForConvertedStructure (
  24. IN LPBYTE InStructure,
  25. IN LPDESC InStructureDesc,
  26. IN LPDESC OutStructureDesc,
  27. IN RAP_CONVERSION_MODE Mode,
  28. IN BOOL MeaninglessInputPointers
  29. )
  30. /*++
  31. Routine Description:
  32. This routine determines the number of bytes that would be required
  33. to hold the input structure when converted to the structure
  34. described by OutStructureDesc.
  35. Arguments:
  36. InStructure - a pointer to the actual input structure.
  37. InStructureDesc - a pointer to an ASCIIZ describing the format of the
  38. input structure.
  39. OutStructureDesc - a pointer to an ASCIIZ describing the format of the
  40. output structure.
  41. Mode - indicates mode of conversion (native to RAP or vice versa).
  42. Return Value:
  43. DWORD - The number of bytes required to hold the converted structure.
  44. --*/
  45. {
  46. NET_API_STATUS status;
  47. DWORD bytesRequired = 0;
  48. //
  49. // Use RapConvertSingleEntry to get the size that the input structure
  50. // will take when converted to the format specified in the output
  51. // structure description. That routine should not actually write
  52. // anything--it should simply appear that there is no room to
  53. // write more data into, just as if an Enum buffer is full.
  54. //
  55. //
  56. // Should handle errors from RapConvertSingleEntry.
  57. // But the way this is used, existing code probably
  58. // won't break if we just ignore them.
  59. //
  60. status = RapConvertSingleEntry(
  61. InStructure,
  62. InStructureDesc,
  63. MeaninglessInputPointers,
  64. NULL,
  65. NULL,
  66. OutStructureDesc,
  67. FALSE,
  68. NULL,
  69. &bytesRequired,
  70. Response,
  71. Mode
  72. );
  73. //
  74. // For native structures, we should make sure the buffer is an even amount,
  75. // to allow an even boundary for strings, as in Unicode.
  76. //
  77. if ( Mode == RapToNative ) {
  78. bytesRequired = ROUND_UP_COUNT( bytesRequired, ALIGN_DWORD );
  79. }
  80. return bytesRequired;
  81. } // XsBytesForConvertedStructure
  82. LPVOID
  83. XsCaptureParameters (
  84. IN LPTRANSACTION Transaction,
  85. OUT LPDESC *AuxDescriptor
  86. )
  87. /*++
  88. Routine Description:
  89. This routine captures all input parameters from the transaction block
  90. and puts them into a consistent structure that API handlers can access.
  91. It allocates memory to hold this structure. This memory should be
  92. freed by XsSetParameters after the API handler has done its work.
  93. Arguments:
  94. Transaction - a pointer to the transaction block describing the
  95. request.
  96. AuxDescriptor - a pointer to a LPDESC which will hold a pointer to
  97. the auxiliary descriptor string if there is one, or NULL if there
  98. is not.
  99. Return Value:
  100. LPVOID - a pointer to a buffer containing the captured parameters.
  101. --*/
  102. {
  103. LPDESC descriptorString;
  104. LPDESC descriptor;
  105. LPBYTE inParams;
  106. DWORD outParamsLength;
  107. LPBYTE outParams;
  108. LPBYTE outParamsPtr;
  109. WORD rcvBufferLength;
  110. //
  111. // The first two bytes of the parameter section are the API number,
  112. // then comes the descriptor string.
  113. //
  114. descriptorString = Transaction->InParameters + 2;
  115. //
  116. // Find the actual parameter data in the input.
  117. //
  118. inParams = XsFindParameters( Transaction );
  119. //
  120. // Find out how much space to allocate to hold the parameters.
  121. //
  122. outParamsLength = RapStructureSize( descriptorString, Response, FALSE );
  123. //
  124. // Allocate space to hold the output parameters.
  125. // In addition when the request fails the current APIs set the buflen field
  126. // In order to account for this additional buffer space is allocated. Since
  127. // this field is not located at the same offset we need to compute the
  128. // additional space reqd. to be the maximum of all the offsets. Currently
  129. // the 16 byte offset seems to suffice. When modifying apiparam.h ensure
  130. // that this is the case.
  131. //
  132. outParams = NetpMemoryAllocate( sizeof(XS_PARAMETER_HEADER)
  133. + outParamsLength +
  134. sizeof(DWORD) * 4);
  135. if ( outParams == NULL ) {
  136. IF_DEBUG(ERRORS) {
  137. NetpKdPrint(( "XsCaptureParameters: unable to allocate %ld bytes\n",
  138. outParamsLength ));
  139. }
  140. return NULL;
  141. }
  142. //
  143. // Zero out the parameters and set outParamsPtr to the start of the
  144. // actual parameters.
  145. //
  146. RtlZeroMemory( outParams, sizeof(XS_PARAMETER_HEADER) + outParamsLength );
  147. outParamsPtr = outParams + sizeof(XS_PARAMETER_HEADER);
  148. //
  149. // For each character in the descriptor string, fill in the output
  150. // parameters as appropriate.
  151. //
  152. for ( descriptor = descriptorString; *descriptor != '\0'; ) {
  153. switch ( *descriptor++ ) {
  154. case REM_ASCIZ:
  155. //
  156. // The parameter is a pointer to a string. The actual string
  157. // is in the parameter data, so put a pointer to it in the
  158. // output structure.
  159. //
  160. // String parameters just get passed as is. It
  161. // is up to the API handler to convert the actual data.
  162. //
  163. //
  164. // !!! Parameter string descriptors may not have maximum length
  165. // counts.
  166. //
  167. if( isdigit( *descriptor ) ) {
  168. NetpMemoryFree( outParams );
  169. return NULL;
  170. }
  171. SmbCapturePtr( outParamsPtr, inParams );
  172. //
  173. // Update pointers -- move inParams past end of string.
  174. //
  175. inParams += ( strlen( inParams ) + 1 );
  176. outParamsPtr += sizeof(LPSTR);
  177. break;
  178. case REM_BYTE_PTR:
  179. case REM_FILL_BYTES:
  180. //
  181. // The parameter is a pointer to a byte or array of bytes.
  182. //
  183. SmbCapturePtr( outParamsPtr, inParams );
  184. inParams += sizeof(BYTE) * RapDescArrayLength( descriptor );
  185. outParamsPtr += sizeof(LPBYTE);
  186. break;
  187. case REM_DWORD:
  188. //
  189. // The parameter is a dword or array of dwords.
  190. //
  191. // !!! This assumes that an array of words will never be passed
  192. // as a parameter.
  193. if( isdigit( *descriptor ) ) {
  194. NetpMemoryFree( outParams );
  195. return NULL;
  196. }
  197. //
  198. // Copy over the double word and update pointers.
  199. //
  200. SmbPutUlong(
  201. (LPDWORD)outParamsPtr,
  202. SmbGetUlong( (LPDWORD)inParams )
  203. );
  204. inParams += sizeof(DWORD);
  205. outParamsPtr += sizeof(DWORD);
  206. break;
  207. case REM_ENTRIES_READ:
  208. case REM_RCV_WORD_PTR:
  209. //
  210. // Count of entries read (e) or receive word pointer (h).
  211. // This is an output parameter, so just zero it and
  212. // increment the output parameter pointer.
  213. //
  214. SmbPutUshort( (LPWORD)outParamsPtr, 0 );
  215. outParamsPtr += sizeof(WORD);
  216. break;
  217. case REM_RCV_DWORD_PTR:
  218. //
  219. // Count of receive dword pointer (i).
  220. // This is an output parameter, so just zero it and
  221. // increment the output parameter pointer.
  222. //
  223. SmbPutUlong( (LPDWORD)outParamsPtr, 0 );
  224. outParamsPtr += sizeof(DWORD);
  225. break;
  226. case REM_NULL_PTR:
  227. //
  228. // Null pointer. Set output parameter to NULL, and increment
  229. // pointers.
  230. //
  231. SmbCapturePtr( outParamsPtr, NULL );
  232. outParamsPtr += sizeof(LPSTR);
  233. break;
  234. case REM_RCV_BUF_LEN:
  235. //
  236. // The length of the receive buffer (r).
  237. //
  238. rcvBufferLength = SmbGetUshort( (LPWORD)inParams );
  239. //
  240. // If the indicated buffer length is greater than the max
  241. // data count on the transaction, somebody messed up. Set
  242. // the length to MaxDataCount.
  243. //
  244. if ( rcvBufferLength > (WORD)Transaction->MaxDataCount ) {
  245. IF_DEBUG(ERRORS) {
  246. NetpKdPrint(( "XsCaptureParameters: OutBufLen %lx greater than MaxDataCount %lx.\n",
  247. rcvBufferLength, Transaction->MaxDataCount ));
  248. }
  249. rcvBufferLength = (WORD)Transaction->MaxDataCount;
  250. }
  251. //
  252. // Put the max output data length in the output parameters.
  253. //
  254. SmbPutUshort( (LPWORD)outParamsPtr, rcvBufferLength );
  255. //
  256. // Fill in the receive buffer with zeroes for security.
  257. //
  258. RtlZeroMemory( Transaction->OutData, (DWORD)rcvBufferLength );
  259. inParams += sizeof(WORD);
  260. outParamsPtr += sizeof(WORD);
  261. break;
  262. case REM_RCV_BUF_PTR:
  263. //
  264. // A pointer to a receive data buffer. There is nothing in
  265. // the transaction corresponding to this, but set a longword
  266. // in the output parameters to point to the data output
  267. // section of the transaction.
  268. //
  269. SmbCapturePtr(
  270. outParamsPtr,
  271. Transaction->OutData
  272. );
  273. outParamsPtr += sizeof(LPBYTE);
  274. break;
  275. case REM_RCV_BYTE_PTR:
  276. //
  277. // Return bytes, so just increment output parameter pointer.
  278. //
  279. outParamsPtr += sizeof(BYTE) * RapDescArrayLength( descriptor );
  280. break;
  281. case REM_SEND_BUF_LEN:
  282. //
  283. // The size of an input data buffer. Put the size of the
  284. // received data in the output structure.
  285. //
  286. SmbPutUshort(
  287. (LPWORD)outParamsPtr,
  288. (WORD)Transaction->DataCount
  289. );
  290. outParamsPtr += sizeof(WORD);
  291. break;
  292. case REM_SEND_BUF_PTR:
  293. //
  294. // A pointer to a send data buffer. There is nothing in the
  295. // transaction corresponding to this, but set a longword in
  296. // the output parameters to point to the data input section
  297. // of the transaction.
  298. //
  299. SmbCapturePtr( outParamsPtr, Transaction->InData );
  300. outParamsPtr += sizeof(LPBYTE);
  301. break;
  302. case REM_WORD:
  303. case REM_PARMNUM:
  304. //
  305. // The parameter is a word.
  306. //
  307. // !!! This assumes that an array of words will never be passed
  308. // as a parameter.
  309. if( isdigit( *descriptor ) ) {
  310. NetpMemoryFree( outParams );
  311. return NULL;
  312. }
  313. //
  314. // Copy over the word and update pointers.
  315. //
  316. SmbPutUshort(
  317. (LPWORD)outParamsPtr,
  318. SmbGetUshort( (LPWORD)inParams )
  319. );
  320. inParams += sizeof(WORD);
  321. outParamsPtr += sizeof(WORD);
  322. break;
  323. default:
  324. IF_DEBUG(ERRORS) {
  325. NetpKdPrint(( "XsCaptureParameters: unsupported character at %lx: "
  326. "%c\n", descriptor - 1, *( descriptor - 1 ) ));
  327. NetpBreakPoint( );
  328. }
  329. }
  330. }
  331. //
  332. // Examine the data descriptor string to see if an auxiliary descriptor
  333. // string exists. If it does, the string starts right after the end
  334. // of the parameters.
  335. //
  336. *AuxDescriptor = XsAuxiliaryDescriptor( ++descriptor, inParams );
  337. return outParams;
  338. } // XsCaptureParameters
  339. BOOL
  340. XsCheckBufferSize (
  341. IN WORD BufferLength,
  342. IN LPDESC Descriptor,
  343. IN BOOL NativeFormat
  344. )
  345. /*++
  346. Routine Description:
  347. This routine determines if there is enough room in the buffer for the
  348. fixed component of at least one entry of the described structure.
  349. Arguments:
  350. BufferLength - the length of the buffer to test.
  351. Descriptor - the format of the structure in the buffer.
  352. NativeFormat - TRUE iff the buffer is in native (as opposed to RAP) format.
  353. Return Value:
  354. BOOL - True if there is enough room, false if there isn't.
  355. --*/
  356. {
  357. if ( (DWORD)BufferLength
  358. >= RapStructureSize( Descriptor, Response, NativeFormat )) {
  359. return TRUE;
  360. } else {
  361. return FALSE;
  362. }
  363. } // XsCheckBufferSize
  364. BOOL
  365. XsCheckSmbDescriptor(
  366. IN LPDESC SmbDescriptor,
  367. IN LPDESC ActualDescriptor
  368. )
  369. /*++
  370. Routine Description:
  371. This routine checks whether a descriptor passed in the SMB matches
  372. the actual descriptor expected, taking into account that the actual
  373. descriptor may have ignore fields which have no corresponding field in
  374. the SMB descriptor, and that the SMB descriptor may have null pointer
  375. fields instead of normal pointer fields. However, array-type fields
  376. have to be of the same length in both descriptors.
  377. Arguments:
  378. SmbDescriptor - the descriptor to be validated.
  379. ActualDescriptor - the descriptor expected. Does not have to be an
  380. exact match - see the description above.
  381. Return Value:
  382. BOOL - TRUE if the descriptor is valid,
  383. FALSE otherwise.
  384. --*/
  385. {
  386. DESC_CHAR smbField;
  387. DESC_CHAR expField;
  388. DWORD smbFieldSize;
  389. DWORD expFieldSize;
  390. while (( smbField = *SmbDescriptor++ ) != '\0' ) {
  391. smbFieldSize = RapDescArrayLength( SmbDescriptor );
  392. //
  393. // Skip over ignore fields.
  394. //
  395. while ( *ActualDescriptor == REM_IGNORE ) {
  396. ActualDescriptor++;
  397. }
  398. //
  399. // There should be a corresponding field expected.
  400. //
  401. if (( expField = *ActualDescriptor++ ) == '\0' ) {
  402. return FALSE;
  403. }
  404. expFieldSize = RapDescArrayLength( ActualDescriptor );
  405. //
  406. // If both are actual data fields, they must be the same type and of
  407. // same length.
  408. //
  409. if (( !RapIsPointer( expField ) || smbField != REM_NULL_PTR ) &&
  410. ( smbField != expField || smbFieldSize != expFieldSize )) {
  411. return FALSE;
  412. }
  413. //
  414. // SMB provides a null pointer field, we are expecting any pointer.
  415. // This is OK, as long as there is no input array length.
  416. //
  417. if ( smbField == REM_NULL_PTR &&
  418. ( !RapIsPointer( expField ) || smbFieldSize != 1 )) {
  419. return FALSE;
  420. }
  421. }
  422. return TRUE;
  423. } // XsCheckSmbDescriptor
  424. NET_API_STATUS
  425. XsConvertSetInfoBuffer(
  426. IN LPBYTE InBuffer,
  427. IN WORD BufferLength,
  428. IN WORD ParmNum,
  429. IN BOOL ConvertStrings,
  430. IN BOOL MeaninglessInputPointers,
  431. IN LPDESC InStructureDesc,
  432. IN LPDESC OutStructureDesc,
  433. IN LPDESC InSetInfoDesc,
  434. IN LPDESC OutSetInfoDesc,
  435. OUT LPBYTE * OutBuffer,
  436. OUT LPDWORD OutBufferLength OPTIONAL
  437. )
  438. /*++
  439. Routine Description:
  440. This routine converts data for a SetInfo call based on the parameter
  441. number (ParmNum) value. The ParmNum indicates the field in the whole
  442. structure which has to be changed, and may be 0.
  443. Arguments:
  444. InBuffer - a pointer to the input buffer in 16-bit format.
  445. BufferLength - the length of the input buffer.
  446. ParmNum - the parameter number.
  447. ConvertStrings - a boolean indicating whether string parameter data
  448. should be converted to a pointer form. If TRUE, the return data
  449. buffer will have a pointer to another place in the buffer where
  450. the string will be. If FALSE, the data buffer will have only the
  451. physical string.
  452. InStructureDesc - the exact descriptor of the input buffer.
  453. OutStructureDesc - the descriptor of the 32-bit output data, as found
  454. in RemDef.h.
  455. InSetInfoDesc - the setinfo-specific descriptor of the input structure
  456. format, as found in RemDef.h.
  457. OutSetInfoDesc - the setinfo-specific descriptor of the output structure
  458. format, as found in RemDef.h.
  459. OutBuffer - a pointer to an LPBYTE which will get a pointer to the
  460. resulting output buffer.
  461. OutBufferLength - an optional pointer to a DWORD which will get the
  462. length of the resulting output buffer.
  463. Return Value:
  464. NET_API_STATUS - NERR_Success if conversion was successful; otherwise
  465. the appropriate status to return to the user. The only exception is
  466. ERROR_NOT_SUPPORTED, which indicates that the particular parameter
  467. number is valid, but not on NT.
  468. --*/
  469. {
  470. LPDESC fieldDesc = NULL;
  471. DWORD stringLength;
  472. LPDESC subDesc = NULL;
  473. LPDESC subDesc2 = NULL;
  474. DWORD bufferSize;
  475. LPBYTE stringLocation;
  476. DWORD bytesRequired = 0;
  477. LPDESC OutDescCopy = OutStructureDesc;
  478. NET_API_STATUS status = NERR_Success;
  479. //
  480. // The buffer length should be greater than 0.
  481. //
  482. if ( BufferLength == 0 ) {
  483. return NERR_BufTooSmall;
  484. }
  485. if ( ParmNum != PARMNUM_ALL ) {
  486. //
  487. // Check 16-bit parameter to see if it could be changed in OS/2.
  488. //
  489. fieldDesc = RapParmNumDescriptor( InSetInfoDesc, (DWORD)ParmNum,
  490. Both, FALSE );
  491. if ( fieldDesc == NULL ) {
  492. return NERR_NoRoom;
  493. }
  494. if ( fieldDesc[0] == REM_UNSUPPORTED_FIELD ) {
  495. status = ERROR_INVALID_PARAMETER;
  496. goto cleanup;
  497. } else {
  498. InStructureDesc = RapParmNumDescriptor( InStructureDesc,
  499. (DWORD)ParmNum, Both, FALSE );
  500. }
  501. NetpMemoryFree( fieldDesc );
  502. //
  503. // Check 32-bit parameter to see if it is valid in NT.
  504. //
  505. fieldDesc = RapParmNumDescriptor( OutSetInfoDesc, (DWORD)ParmNum,
  506. Both, TRUE );
  507. if ( fieldDesc == NULL ) {
  508. return NERR_NoRoom;
  509. }
  510. if ( fieldDesc[0] == REM_IGNORE ) {
  511. status = ERROR_NOT_SUPPORTED;
  512. goto cleanup;
  513. } else {
  514. OutStructureDesc = RapParmNumDescriptor( OutStructureDesc,
  515. (DWORD)ParmNum, Both, TRUE );
  516. }
  517. //
  518. // Filter out strings that are too long for LM2.x.
  519. //
  520. if ( InStructureDesc[0] == REM_ASCIZ
  521. || InStructureDesc[0] == REM_ASCIZ_TRUNCATABLE ) {
  522. subDesc = InStructureDesc + 1;
  523. stringLength = RapDescStringLength( subDesc );
  524. subDesc = NULL;
  525. if ( stringLength && strlen( InBuffer ) >= stringLength ) {
  526. switch( InStructureDesc[0] ) {
  527. case REM_ASCIZ:
  528. status = ERROR_INVALID_PARAMETER;
  529. goto cleanup;
  530. case REM_ASCIZ_TRUNCATABLE:
  531. InBuffer[stringLength - 1] = '\0';
  532. }
  533. }
  534. }
  535. //
  536. // If a descriptor is a string pointer, the data is the actual
  537. // string, rather than a pointer. Find the length of the string,
  538. // and create a descriptor.
  539. //
  540. // Assuming all these arrays are string data, we
  541. // use available macros to generate an array big
  542. // enough to hold the converted string.
  543. if ( InStructureDesc[0] == REM_ASCIZ
  544. || InStructureDesc[0] == REM_ASCIZ_TRUNCATABLE ) {
  545. if (( subDesc = NetpMemoryAllocate( MAX_DESC_SUBSTRING + 1 ))
  546. == NULL ) {
  547. status = NERR_NoRoom;
  548. goto cleanup;
  549. }
  550. stringLength = strlen( InBuffer ) + 1;
  551. subDesc[0] = REM_BYTE;
  552. _ltoa( stringLength, &subDesc[1], 10 );
  553. InStructureDesc = subDesc;
  554. }
  555. //
  556. // If output descriptor is a string pointer, and we are asked to keep
  557. // strings inline, make the target data an array of bytes. We find out
  558. // the length required by "walking" the input descriptor, and then
  559. // allocate memory to hold a similar descriptor.
  560. //
  561. // Assuming all these arrays are string data, we
  562. // use available macros to generate an array big
  563. // enough to hold the converted string. Because of the way
  564. // RAP works, if the destination string is Unicode, the destination
  565. // array will be exactly twice as long, and RAP will automatically
  566. // do the Unicode conversion.
  567. //
  568. if (( OutStructureDesc[0] == REM_ASCIZ
  569. || OutStructureDesc[0] == REM_ASCIZ_TRUNCATABLE )
  570. && !ConvertStrings ) {
  571. OutDescCopy = OutStructureDesc;
  572. subDesc2 = InStructureDesc + 1;
  573. stringLength = RapDescArrayLength( subDesc2 );
  574. if (( subDesc2 = NetpMemoryAllocate( MAX_DESC_SUBSTRING + 1 ))
  575. == NULL ) {
  576. status = NERR_NoRoom;
  577. goto cleanup;
  578. }
  579. subDesc2[0] = REM_BYTE;
  580. _ltoa( STRING_SPACE_REQD( stringLength ), &subDesc2[1], 10 ) ;
  581. OutStructureDesc = subDesc2;
  582. }
  583. }
  584. if ( !XsCheckBufferSize( BufferLength, InStructureDesc, FALSE )) {
  585. status = NERR_BufTooSmall;
  586. goto cleanup;
  587. }
  588. //
  589. // Find out how big a 32-bit data buffer we need.
  590. //
  591. bufferSize = XsBytesForConvertedStructure(
  592. InBuffer,
  593. InStructureDesc,
  594. OutStructureDesc,
  595. RapToNative,
  596. MeaninglessInputPointers
  597. );
  598. //
  599. // Allocate enough memory to hold the converted native buffer.
  600. //
  601. *OutBuffer = NetpMemoryAllocate( bufferSize );
  602. if ( *OutBuffer == NULL ) {
  603. status = NERR_NoRoom;
  604. goto cleanup;
  605. }
  606. //
  607. // Convert 16-bit data into 32-bit data and store it in the native
  608. // buffer.
  609. //
  610. stringLocation = *OutBuffer + bufferSize;
  611. bytesRequired = 0;
  612. status = RapConvertSingleEntry(
  613. InBuffer,
  614. InStructureDesc,
  615. MeaninglessInputPointers,
  616. *OutBuffer,
  617. *OutBuffer,
  618. OutStructureDesc,
  619. FALSE,
  620. &stringLocation,
  621. &bytesRequired,
  622. Response,
  623. RapToNative
  624. );
  625. if ( status != NERR_Success ) {
  626. IF_DEBUG(ERRORS) {
  627. NetpKdPrint(( "XsConvertSetInfoBuffer: RapConvertSingleEntry "
  628. "failed %X\n", status ));
  629. }
  630. status = NERR_InternalError;
  631. goto cleanup;
  632. }
  633. cleanup:
  634. //
  635. // Free buffers.
  636. //
  637. NetpMemoryFree( subDesc );
  638. NetpMemoryFree( subDesc2 );
  639. NetpMemoryFree( fieldDesc );
  640. if ( OutBufferLength != NULL ) {
  641. *OutBufferLength = bytesRequired;
  642. }
  643. return status;
  644. } // XsConvertSetInfoBuffer
  645. NET_API_STATUS
  646. XsDefaultEnumVerifyFunction (
  647. NET_API_STATUS ConvertStatus,
  648. PBYTE ConvertedEntry,
  649. PBYTE BaseAddress
  650. )
  651. /*++
  652. Routine Description:
  653. This is the default routine called by XsFillEnumBuffer to determine
  654. whether each converted entry should be retained or discarded. This
  655. routine directs XsFillEnumBuffer to discard any entry which
  656. RapConvertSingleEntry encountered an error trying to convert.
  657. Parameters:
  658. ConvertStatus - the status which RapConvertSingleEntry encountered
  659. trying to convert this entry.
  660. ConvertedEntry - a pointer to the buffer containing the converted entry.
  661. BaseAddress - A pointer to the base used to calculate offsets.
  662. Return Value:
  663. NET_API_STATUS - NERR_Success if the entry should be retained,
  664. or an error code if the entry should be discarded.
  665. --*/
  666. {
  667. UNREFERENCED_PARAMETER(ConvertedEntry);
  668. UNREFERENCED_PARAMETER(BaseAddress);
  669. return ConvertStatus;
  670. }
  671. VOID
  672. XsFillAuxEnumBuffer (
  673. IN LPBYTE InBuffer,
  674. IN DWORD NumberOfEntries,
  675. IN LPDESC InStructureDesc,
  676. IN LPDESC InAuxStructureDesc,
  677. IN OUT LPBYTE OutBuffer,
  678. IN LPBYTE OutBufferStart,
  679. IN DWORD OutBufferLength,
  680. IN LPDESC OutStructureDesc,
  681. IN LPDESC OutAuxStructureDesc,
  682. IN PXACTSRV_ENUM_VERIFY_FUNCTION VerifyFunction OPTIONAL,
  683. OUT LPDWORD BytesRequired,
  684. OUT LPDWORD EntriesFilled,
  685. OUT LPDWORD InvalidEntries OPTIONAL
  686. )
  687. /*++
  688. Routine Description:
  689. This routine copies all Enum structures which have auxiliary data
  690. from 32-bit format to 16-bit format. As many complete entries as
  691. possible are copied, then possibly some incomplete entries.
  692. All pointer fields are converted to offsets so that this buffer
  693. may be returned directly to the requesting client.
  694. Enum buffers with auxiliary data have one or more auxiliary
  695. structures, with possible variable data, after each entry.
  696. Arguments:
  697. InBuffer - a pointer to the input information in 32-bit format.
  698. NumberOfEntries - the count of fixed structures in the input buffer.
  699. InStructureDesc - description of the input fixed structure.
  700. InAuxStructureDesc - description of the input auxiliary structure.
  701. OutBuffer - a pointer to where to write the 16-bit buffer.
  702. OutBufferStart - a pointer to the actual start of the 16-bit buffer.
  703. Used to calculate offsets for all pointers in structures.
  704. OutBufferLength - length of the output buffer.
  705. OutStructureDesc - description of the output fixed structure.
  706. OutAuxStructureDesc - description of the output fixed structure.
  707. VerifyFunction - a pointer to a function which is be called after
  708. each enum record is converted in order to determine whether
  709. the record should be retained or discarded. The function
  710. is passed the return code from RapConvertSingleEntry and
  711. a pointer to the converted entry. It must return NERR_SUCCESS
  712. if the entry is to be retained, or any error code if the entry
  713. is to be discarded. If no function is supplied, a default function
  714. is used, which discards an entry only if RapConvertSingleEntry
  715. returned an error trying to convert it.
  716. BytesRequired - a pointer to a DWORD to receive the total number of
  717. bytes that would be required to hold the entire output buffer.
  718. EntriesFilled - a pointer to a DWORD to receive the total number of
  719. entries that could be put in the buffer given.
  720. InvalidEntries - an optional pointer to a DWORD to receive the total
  721. number of entries discarded by the verify function. If NULL, this
  722. value will be not be available to the caller.
  723. Return Value:
  724. None.
  725. --*/
  726. {
  727. NET_API_STATUS status;
  728. DWORD currentEntry;
  729. LPBYTE currentInEntryPtr;
  730. LPBYTE currentOutEntryPtr;
  731. LPBYTE outputStringLocation;
  732. LPBYTE oldStringLocation;
  733. DWORD inputStructureSize;
  734. DWORD inputAuxStructureSize;
  735. DWORD outputStructureSize;
  736. DWORD outputAuxStructureSize;
  737. DWORD inputAuxCount;
  738. DWORD currentAux;
  739. DWORD outputAuxOffset;
  740. DWORD newBytesRequired;
  741. DWORD auxBytesRequired;
  742. DWORD remainingSize;
  743. DWORD invalidEntries = 0;
  744. //
  745. // In degenerate case, just call FillEnumBuffer.
  746. //
  747. if ( InAuxStructureDesc == NULL || OutAuxStructureDesc == NULL ) {
  748. XsFillEnumBuffer (
  749. InBuffer,
  750. NumberOfEntries,
  751. InStructureDesc,
  752. OutBuffer,
  753. OutBufferStart,
  754. OutBufferLength,
  755. OutStructureDesc,
  756. VerifyFunction,
  757. BytesRequired,
  758. EntriesFilled,
  759. InvalidEntries
  760. );
  761. return;
  762. }
  763. if ( VerifyFunction == NULL ) {
  764. VerifyFunction = &XsDefaultEnumVerifyFunction;
  765. }
  766. //
  767. // Set up sizes of input and output structures.
  768. //
  769. inputStructureSize = RapStructureSize( InStructureDesc, Response, TRUE );
  770. inputAuxStructureSize
  771. = RapStructureSize( InAuxStructureDesc, Response, TRUE );
  772. outputStructureSize = RapStructureSize( OutStructureDesc, Response, FALSE );
  773. outputAuxStructureSize
  774. = RapStructureSize( OutAuxStructureDesc, Response, FALSE );
  775. outputAuxOffset = RapAuxDataCountOffset( InStructureDesc, Response, TRUE );
  776. outputStringLocation = (LPBYTE)OutBuffer + OutBufferLength;
  777. *BytesRequired = 0;
  778. //
  779. // Check if one fixed entry will fit.
  780. //
  781. if ( inputStructureSize > OutBufferLength ) {
  782. *EntriesFilled = 0;
  783. goto cleanup;
  784. }
  785. //
  786. // Loop through the entries, converting along the way.
  787. //
  788. currentInEntryPtr = InBuffer;
  789. currentOutEntryPtr = OutBuffer;
  790. *EntriesFilled = 0;
  791. for ( currentEntry = 0; currentEntry < NumberOfEntries; currentEntry++ ) {
  792. //
  793. // If there wasn't enough room for the conversion, we can quit now.
  794. //
  795. if ( currentOutEntryPtr + outputStructureSize > outputStringLocation ) {
  796. break;
  797. }
  798. newBytesRequired = *BytesRequired;
  799. oldStringLocation = outputStringLocation;
  800. //
  801. // Get the auxiliary number count.
  802. //
  803. inputAuxCount = RapAuxDataCount(
  804. currentInEntryPtr,
  805. InStructureDesc,
  806. Response,
  807. TRUE
  808. );
  809. NetpAssert( inputAuxCount != NO_AUX_DATA );
  810. //
  811. // Convert the fixed entry.
  812. //
  813. status = RapConvertSingleEntry(
  814. currentInEntryPtr,
  815. InStructureDesc,
  816. FALSE,
  817. OutBufferStart,
  818. currentOutEntryPtr,
  819. OutStructureDesc,
  820. TRUE,
  821. &outputStringLocation,
  822. &newBytesRequired,
  823. Response,
  824. NativeToRap
  825. );
  826. //
  827. // Check if the entry is valid. If it is not, fix up pointers,
  828. // and start with the next entry in the list.
  829. // If there are more than 65536 auxiliary structures (which
  830. // probably never happens anyway), this entry is automatically
  831. // invalid.
  832. //
  833. status = (*VerifyFunction)(
  834. status,
  835. currentOutEntryPtr,
  836. OutBufferStart
  837. );
  838. if ( status != NERR_Success || inputAuxCount > 0xFFFF ) {
  839. invalidEntries++;
  840. currentInEntryPtr += inputStructureSize
  841. + inputAuxCount * inputAuxStructureSize;
  842. outputStringLocation = oldStringLocation;
  843. continue;
  844. }
  845. //
  846. // Prepare pointers for converting the auxiliary structures.
  847. //
  848. currentInEntryPtr += inputStructureSize;
  849. currentOutEntryPtr += outputStructureSize;
  850. //
  851. // Try to add the auxiliary structures.
  852. //
  853. for ( currentAux = 0; currentAux < inputAuxCount; currentAux++ ) {
  854. remainingSize = (DWORD)(outputStringLocation - currentOutEntryPtr);
  855. auxBytesRequired = 0;
  856. status = RapConvertSingleEntry(
  857. currentInEntryPtr,
  858. InAuxStructureDesc,
  859. FALSE,
  860. OutBufferStart,
  861. currentOutEntryPtr,
  862. OutAuxStructureDesc,
  863. TRUE,
  864. &outputStringLocation,
  865. &auxBytesRequired,
  866. Response,
  867. NativeToRap
  868. );
  869. //
  870. // Did this aux. entry fit? If all the aux. entries do not fit,
  871. // we are going to play it safe and say the main entry did not
  872. // fit.
  873. //
  874. if ( status != NERR_Success || auxBytesRequired > remainingSize ) {
  875. goto cleanup;
  876. }
  877. currentInEntryPtr += inputAuxStructureSize;
  878. currentOutEntryPtr += outputAuxStructureSize;
  879. newBytesRequired += auxBytesRequired;
  880. }
  881. *BytesRequired = newBytesRequired;
  882. *EntriesFilled += 1;
  883. }
  884. cleanup:
  885. if ( InvalidEntries != NULL ) {
  886. *InvalidEntries = invalidEntries;
  887. }
  888. return;
  889. } // XsFillAuxEnumBuffer
  890. VOID
  891. XsFillEnumBuffer (
  892. IN LPBYTE InBuffer,
  893. IN DWORD NumberOfEntries,
  894. IN LPDESC InStructureDesc,
  895. IN OUT LPBYTE OutBuffer,
  896. IN LPBYTE OutBufferStart,
  897. IN DWORD OutBufferLength,
  898. IN LPDESC OutStructureDesc,
  899. IN PXACTSRV_ENUM_VERIFY_FUNCTION VerifyFunction OPTIONAL,
  900. OUT LPDWORD BytesRequired,
  901. OUT LPDWORD EntriesFilled,
  902. OUT LPDWORD InvalidEntries OPTIONAL
  903. )
  904. /*++
  905. Routine Description:
  906. This routine copies all Enum structures from 32-bit format to
  907. 16-bit format. As many complete entries as possible are copied,
  908. then possibly some incomplete entries. All pointer fields
  909. are converted to offsets so that this buffer may be returned
  910. directly to the requesting client.
  911. Arguments:
  912. InBuffer - a pointer to the input information in 32-bit format.
  913. NumberOfEntries - the count of fixed structures in the input buffer.
  914. InStructureDesc - description of the input fixed structure.
  915. OutBuffer - a pointer to where to write the 16-bit buffer.
  916. OutBufferStart - a pointer to the actual start of the 16-bit buffer.
  917. Used to calculate offsets for all pointers in structures.
  918. OutBufferLength - length of the output buffer.
  919. OutStructureDesc - description of the output fixed structure.
  920. VerifyFunction - a pointer to a function which is be called after
  921. each enum record is converted in order to determine whether
  922. the record should be retained or discarded. The function
  923. is passed the return code from RapConvertSingleEntry and
  924. a pointer to the converted entry. It must return NERR_SUCCESS
  925. if the entry is to be retained, or any error code if the entry
  926. is to be discarded. If no function is supplied, a default function
  927. is used, which discards an entry only if RapConvertSingleEntry
  928. returned an error trying to convert it.
  929. BytesRequired - a pointer to a DWORD to receive the total number of
  930. bytes that would be required to hold the entire output buffer.
  931. EntriesFilled - a pointer to a DWORD to receive the total number of
  932. entries that could be put in the buffer given.
  933. InvalidEntries - an optional pointer to a DWORD to receive the total
  934. number of entries discarded by the verify function. If NULL, this
  935. value will be not be available to the caller.
  936. Return Value:
  937. None.
  938. --*/
  939. {
  940. NET_API_STATUS status;
  941. DWORD currentEntry;
  942. LPBYTE currentInEntryPtr;
  943. LPBYTE currentOutEntryPtr;
  944. LPBYTE outputStringLocation;
  945. LPBYTE oldStringLocation;
  946. DWORD inputStructureSize;
  947. DWORD outputStructureSize;
  948. DWORD newBytesRequired;
  949. DWORD invalidEntries = 0;
  950. if ( VerifyFunction == NULL ) {
  951. VerifyFunction = &XsDefaultEnumVerifyFunction;
  952. }
  953. //
  954. // Set up sizes of input and output structures.
  955. //
  956. inputStructureSize = RapStructureSize( InStructureDesc, Response, TRUE );
  957. outputStructureSize = RapStructureSize( OutStructureDesc, Response, FALSE );
  958. outputStringLocation = (LPBYTE)OutBuffer + OutBufferLength;
  959. *BytesRequired = 0;
  960. //
  961. // Check if one fixed entry will fit.
  962. //
  963. if ( inputStructureSize > OutBufferLength ) {
  964. *EntriesFilled = 0;
  965. goto cleanup;
  966. }
  967. //
  968. // Loop through the entries, converting along the way.
  969. //
  970. currentInEntryPtr = InBuffer;
  971. currentOutEntryPtr = OutBuffer;
  972. *EntriesFilled = 0;
  973. for ( currentEntry = 0; currentEntry < NumberOfEntries; currentEntry++ ) {
  974. //
  975. // If there wasn't enough room for the conversion, we can quit now.
  976. //
  977. if ( currentOutEntryPtr + outputStructureSize > outputStringLocation ) {
  978. break;
  979. }
  980. newBytesRequired = *BytesRequired;
  981. oldStringLocation = outputStringLocation;
  982. status = RapConvertSingleEntry(
  983. currentInEntryPtr,
  984. InStructureDesc,
  985. FALSE,
  986. OutBufferStart,
  987. currentOutEntryPtr,
  988. OutStructureDesc,
  989. TRUE,
  990. &outputStringLocation,
  991. &newBytesRequired,
  992. Response,
  993. NativeToRap
  994. );
  995. //
  996. // If the conversion was successful, increment the buffer pointers,
  997. // the count of bytes required, and the number of converted entries.
  998. //
  999. status = (*VerifyFunction)(
  1000. status,
  1001. currentOutEntryPtr,
  1002. OutBufferStart
  1003. );
  1004. if ( status == NERR_Success ) {
  1005. currentInEntryPtr += inputStructureSize;
  1006. currentOutEntryPtr += outputStructureSize;
  1007. *BytesRequired = newBytesRequired;
  1008. *EntriesFilled += 1;
  1009. } else {
  1010. invalidEntries++;
  1011. currentInEntryPtr += inputStructureSize;
  1012. outputStringLocation = oldStringLocation;
  1013. }
  1014. }
  1015. cleanup:
  1016. if ( InvalidEntries != NULL ) {
  1017. *InvalidEntries = invalidEntries;
  1018. }
  1019. return;
  1020. } // XsFillEnumBuffer
  1021. LPBYTE
  1022. XsFindParameters (
  1023. IN LPTRANSACTION Transaction
  1024. )
  1025. /*++
  1026. Routine Description:
  1027. This routine finds the start of the parameters section in the
  1028. transaction block of a remote down-level API request.
  1029. Arguments:
  1030. Transaction - a pointer to a transaction block containing information
  1031. about the API to process.
  1032. Return Value:
  1033. None.
  1034. --*/
  1035. {
  1036. LPBYTE s;
  1037. //
  1038. // Skip over the API number and parameters description string.
  1039. //
  1040. for ( s = Transaction->InParameters + 2; *s != '\0'; s++ );
  1041. //
  1042. // Skip over the zero terminator and the data description string.
  1043. //
  1044. for ( s++; *s != '\0'; s++ );
  1045. //
  1046. // Return a pointer to the location after the zero terminator.
  1047. //
  1048. return s + 1;
  1049. } // XsFindParameters
  1050. WORD
  1051. XsPackReturnData (
  1052. IN LPVOID Buffer,
  1053. IN WORD BufferLength,
  1054. IN LPDESC Descriptor,
  1055. IN DWORD EntriesRead
  1056. )
  1057. /*++
  1058. Routine Description:
  1059. This routine, called by get info and enum API handlers, packs the
  1060. output data so that no unused data is returned to the client. This
  1061. is necessary because buffers are filled with variable-length data
  1062. starting at the end, thereby leaving potentially large gaps of
  1063. unused space between the end of fixed structures and the beginning
  1064. of variable-length data.
  1065. Arguments:
  1066. Buffer - a pointer to the buffer to pack.
  1067. BufferLength - the length of this buffer.
  1068. Descriptor - a pointer to a string which describes the fixed structures
  1069. in the buffer.
  1070. EntriesRead - the count of fixed structures in the buffer.
  1071. Return Value:
  1072. WORD - the "converter word" which informs the client how much
  1073. to adjust pointers in the fixed structures so that they are
  1074. meaningful.
  1075. --*/
  1076. {
  1077. DWORD structureSize;
  1078. LPBYTE lastFixedStructure;
  1079. LPBYTE endOfFixedStructures;
  1080. DWORD lastPointerOffset;
  1081. DWORD beginningOfVariableData;
  1082. //
  1083. // If there is no data, return immediately.
  1084. //
  1085. if ( EntriesRead == 0 ) {
  1086. return 0;
  1087. }
  1088. //
  1089. // Find the size of a single fixed-length structure.
  1090. //
  1091. structureSize = RapStructureSize( Descriptor, Response, FALSE );
  1092. //
  1093. // Use this and the number of entries to find the location of the
  1094. // last fixed structure and where the fixed structures end.
  1095. //
  1096. endOfFixedStructures = (LPBYTE)Buffer + EntriesRead * structureSize;
  1097. lastFixedStructure = endOfFixedStructures - structureSize;
  1098. //
  1099. // Find the offset into the fixed structure of the last pointer
  1100. // to variable data. The value stored at this offset in the last
  1101. // structure is the offset to the first variable data.
  1102. //
  1103. lastPointerOffset = RapLastPointerOffset( Descriptor, Response, FALSE );
  1104. //
  1105. // If there are no pointers, there is obviously no data to pack.
  1106. //
  1107. if ( lastPointerOffset == NO_POINTER_IN_STRUCTURE ) {
  1108. return 0;
  1109. }
  1110. beginningOfVariableData =
  1111. SmbGetUlong( (LPDWORD)(lastFixedStructure + lastPointerOffset) );
  1112. //
  1113. // If this offset is NULL, then the data overflowed, hence the buffer
  1114. // is nearly full. Don't do any packing.
  1115. //
  1116. // Also, if the gap is less than MAXIMUM_ALLOWABLE_DATA_GAP then it
  1117. // isn't worth doing the packing because of the time involved in
  1118. // the data copy.
  1119. //
  1120. if ( beginningOfVariableData == (DWORD)0 ||
  1121. (DWORD_PTR)Buffer + beginningOfVariableData -
  1122. (DWORD_PTR)endOfFixedStructures <= MAXIMUM_ALLOWABLE_DATA_GAP ) {
  1123. return 0;
  1124. }
  1125. //
  1126. // Move the variable data up to follow the fixed structures.
  1127. //
  1128. RtlMoveMemory(
  1129. endOfFixedStructures,
  1130. (LPBYTE)Buffer + beginningOfVariableData,
  1131. BufferLength - beginningOfVariableData
  1132. );
  1133. //
  1134. // Return the distance we moved the variable data.
  1135. //
  1136. return (WORD)( (DWORD_PTR)Buffer + beginningOfVariableData -
  1137. (DWORD_PTR)endOfFixedStructures );
  1138. } // XsPackReturnData
  1139. VOID
  1140. XsSetDataCount(
  1141. IN OUT LPWORD DataCount,
  1142. IN LPDESC Descriptor,
  1143. IN WORD Converter,
  1144. IN DWORD EntriesRead,
  1145. IN WORD ReturnStatus
  1146. )
  1147. /*++
  1148. Routine Description:
  1149. This routine calculates the return data count based on a number
  1150. of characteristics of the return data. This routine will examine
  1151. the buffer size, the number of entries placed in the buffer,
  1152. whether the data was packed, and what the return code was to
  1153. determine the return data size. The following assumptions are made
  1154. about the data: only calls with ReturnCode = NERR_Success or
  1155. ERROR_MORE_DATA return any data to the client; and if there is
  1156. no pointer in the fixed entries, then there is no variable data.
  1157. Handlers which cannot assure these two assumptions must determine
  1158. the data count manually.
  1159. Arguments:
  1160. DataCount - a pointer to a short word indicating the maximum
  1161. return data count (usually the BufLen parameter). On return,
  1162. this word will hold the actual return data count.
  1163. Descriptor - a string describing the structure of the fixed
  1164. entries in the buffer.
  1165. Converter - The adjustment value for pointers in data. A non-zero
  1166. value indicates data in the buffer is packed.
  1167. EntriesRead - Number of entries placed in the buffer. Used to
  1168. determine data count for buffers with no variable data.
  1169. ReturnStatus - Return status of the API call, as it will be returned
  1170. to the client (in other words, converted to a WORD).
  1171. Return Value:
  1172. None.
  1173. --*/
  1174. {
  1175. if (( ReturnStatus != NERR_Success )
  1176. && ( ReturnStatus != ERROR_MORE_DATA)) {
  1177. //
  1178. // If the return status is not NERR_Success or ERROR_MORE_DATA, then
  1179. // the return data count is 0.
  1180. SmbPutUshort( DataCount, 0 );
  1181. return;
  1182. }
  1183. if ( RapLastPointerOffset( Descriptor, Response, FALSE )
  1184. == NO_POINTER_IN_STRUCTURE ) {
  1185. //
  1186. // If there is no variable data, the return data count is the size
  1187. // of the fixed structures.
  1188. SmbPutUshort( DataCount,
  1189. (WORD)(RapStructureSize( Descriptor, Response, FALSE )
  1190. * EntriesRead ));
  1191. return;
  1192. }
  1193. SmbPutUshort( DataCount, SmbGetUshort( DataCount ) - Converter );
  1194. return;
  1195. } // XsSetDataCount
  1196. VOID
  1197. XsSetParameters (
  1198. IN LPTRANSACTION Transaction,
  1199. IN LPXS_PARAMETER_HEADER Header,
  1200. IN LPVOID Parameters
  1201. )
  1202. /*++
  1203. Routine Description:
  1204. This routine takes parameters from the structure allocated by
  1205. XsCaptureParameters and uses the descriptor string to place them in
  1206. the correct format in the transaction block. It also frees the
  1207. buffer holding the parameter structure.
  1208. Arguments:
  1209. Transaction - a pointer to the transaction block describing the
  1210. request.
  1211. Header - a pointer to the parameter header, which contains information
  1212. from the API handler such as the converter word and return status.
  1213. Parameters - a pointer to the parameter structure.
  1214. Return Value:
  1215. None.
  1216. --*/
  1217. {
  1218. LPBYTE inParams = Parameters;
  1219. LPBYTE outParams = Transaction->OutParameters;
  1220. LPDESC descriptorString;
  1221. LPDESC descriptor;
  1222. LPBYTE outParamsMax = outParams + Transaction->MaxParameterCount;
  1223. //
  1224. // The first two bytes of the parameter section are the API number,
  1225. // then comes the descriptor string.
  1226. //
  1227. descriptorString = Transaction->InParameters + 2;
  1228. //
  1229. // Set up the first part of the output parameters from the parameter
  1230. // header.
  1231. //
  1232. if( outParams + sizeof(WORD) > outParamsMax ) goto insuff_buffer;
  1233. SmbPutUshort( (LPWORD)outParams, Header->Status );
  1234. outParams += sizeof(WORD);
  1235. if( outParams + sizeof(WORD) > outParamsMax ) goto insuff_buffer;
  1236. SmbPutUshort( (LPWORD)outParams, Header->Converter );
  1237. outParams += sizeof(WORD);
  1238. //
  1239. // Initially set the size of the return data to 0. If there is a
  1240. // receive buffer for this call, the API handler has changed the
  1241. // buffer length parameter to the count of data returned, which
  1242. // will be transferred to the DataCount variable later.
  1243. //
  1244. Transaction->DataCount = 0;
  1245. //
  1246. // Walk through the descriptor string, converting from the total
  1247. // parameter set to the smaller set passed back to the client. In
  1248. // general, only information the client does not already know is
  1249. // passed back as parameters.
  1250. //
  1251. for ( descriptor = descriptorString; *descriptor != '\0'; ) {
  1252. switch ( *descriptor++ ) {
  1253. case REM_ASCIZ:
  1254. case REM_NULL_PTR:
  1255. //
  1256. // !!! Parameter string descriptors may not have maximum length
  1257. // counts.
  1258. //
  1259. NetpAssert( !isdigit( *descriptor ));
  1260. //
  1261. // The parameter is a pointer to a string, which is
  1262. // not returned to the client.
  1263. //
  1264. inParams += sizeof(LPSTR);
  1265. break;
  1266. case REM_BYTE_PTR:
  1267. case REM_FILL_BYTES:
  1268. //
  1269. // Array of bytes, doesn't get sent back.
  1270. //
  1271. //
  1272. // Skip over any numeric characters in descriptor.
  1273. //
  1274. RapAsciiToDecimal( &descriptor );
  1275. inParams += sizeof(LPBYTE);
  1276. break;
  1277. case REM_DWORD:
  1278. //
  1279. // The parameter is a input word not returned to the client.
  1280. //
  1281. // !!! This assumes that an array of dwords will never be passed
  1282. // as a parameter.
  1283. NetpAssert( !isdigit( *descriptor ));
  1284. inParams += sizeof(DWORD);
  1285. break;
  1286. case REM_ENTRIES_READ:
  1287. case REM_RCV_WORD_PTR:
  1288. //
  1289. // Count of entries read (e) or receive word pointer (h).
  1290. // This is an output parameter, so copy over the word.
  1291. //
  1292. if( outParams + sizeof(WORD) > outParamsMax ) goto insuff_buffer;
  1293. SmbPutUshort(
  1294. (LPWORD)outParams,
  1295. SmbGetUshort( (LPWORD)inParams )
  1296. );
  1297. inParams += sizeof(WORD);
  1298. outParams += sizeof(WORD);
  1299. break;
  1300. case REM_RCV_DWORD_PTR:
  1301. //
  1302. // Count of receive dword pointer (h).
  1303. // This is an output parameter, so copy over the word.
  1304. //
  1305. if( outParams + sizeof(DWORD) > outParamsMax ) goto insuff_buffer;
  1306. SmbPutUlong(
  1307. (LPDWORD)outParams,
  1308. SmbGetUlong( (LPDWORD)inParams )
  1309. );
  1310. inParams += sizeof(DWORD);
  1311. outParams += sizeof(DWORD);
  1312. break;
  1313. case REM_RCV_BUF_LEN:
  1314. //
  1315. // The length of the receive buffer (r). The parameter is not
  1316. // returned to the client, but it is used to set the return
  1317. // data count.
  1318. //
  1319. Transaction->DataCount = (DWORD)SmbGetUshort( (LPWORD)inParams );
  1320. inParams += sizeof(WORD);
  1321. break;
  1322. case REM_RCV_BUF_PTR:
  1323. case REM_SEND_BUF_PTR:
  1324. //
  1325. // A pointer to a data buffer. This is not returned to the
  1326. // client.
  1327. //
  1328. inParams += sizeof(LPBYTE);
  1329. break;
  1330. case REM_RCV_BYTE_PTR: {
  1331. //
  1332. // The parameter indicates return bytes.
  1333. //
  1334. DWORD arraySize;
  1335. arraySize = sizeof(BYTE) * RapDescArrayLength( descriptor );
  1336. if( outParams + arraySize > outParamsMax ) goto insuff_buffer;
  1337. RtlCopyMemory( outParams, inParams, arraySize );
  1338. outParams += arraySize;
  1339. inParams += arraySize;
  1340. break;
  1341. }
  1342. case REM_SEND_BUF_LEN:
  1343. case REM_WORD:
  1344. case REM_PARMNUM:
  1345. //
  1346. // The parameter is a input word not returned to the client.
  1347. //
  1348. // !!! This assumes that an array of words will never be passed
  1349. // as a parameter.
  1350. NetpAssert( !isdigit( *descriptor ));
  1351. inParams += sizeof(WORD);
  1352. break;
  1353. default:
  1354. IF_DEBUG(ERRORS) {
  1355. NetpKdPrint(( "XsSetParameters: unsupported character at %lx: %c\n",
  1356. descriptor - 1, *( descriptor - 1 )));
  1357. NetpBreakPoint( );
  1358. }
  1359. }
  1360. }
  1361. //
  1362. // Indicate the number of response parameter bytes.
  1363. //
  1364. Transaction->ParameterCount =
  1365. (DWORD)((DWORD_PTR)outParams - (DWORD_PTR)(Transaction->OutParameters) );
  1366. //
  1367. // Free the parameter buffer allocated by XsCaptureParameters.
  1368. //
  1369. NetpMemoryFree( Header );
  1370. return;
  1371. insuff_buffer:
  1372. Header->Status = NERR_BufTooSmall;
  1373. return;
  1374. } // XsSetParameters
  1375. NET_API_STATUS
  1376. XsValidateShareName(
  1377. IN LPSTR ShareName
  1378. )
  1379. /*++
  1380. Routine Description:
  1381. This routine determines whether the supplied string is a valid share
  1382. name of the format \\computer\share, with both computer name and
  1383. share name no longer than permitted by LanMan 2.0. It does not
  1384. attempt to determine whether the share actually exists.
  1385. Arguments:
  1386. ShareName - The share name to be validated (an ASCII string)
  1387. Return Value:
  1388. NET_API_STATUS - NERR_Success if the share name is valid,
  1389. ERROR_INVALID_PARAMETER otherwise.
  1390. --*/
  1391. {
  1392. DWORD componentLength;
  1393. NET_API_STATUS status = NERR_Success;
  1394. if ( ShareName == NULL ) { // NULL is OK
  1395. return NERR_Success;
  1396. }
  1397. componentLength = 0;
  1398. while ( *ShareName == '\\' ) {
  1399. componentLength++;
  1400. ShareName++;
  1401. }
  1402. if ( componentLength != 2 ) {
  1403. status = ERROR_INVALID_PARAMETER;
  1404. goto cleanup;
  1405. }
  1406. componentLength = 0;
  1407. while (( *ShareName != '\\' ) && ( *ShareName != '\0' )) {
  1408. componentLength++;
  1409. ShareName++;
  1410. }
  1411. if (( *ShareName == '\0' ) ||
  1412. ( componentLength < 1 ) || ( componentLength > MAX_PATH )) {
  1413. status = ERROR_INVALID_PARAMETER;
  1414. goto cleanup;
  1415. }
  1416. componentLength = 0;
  1417. while ( *ShareName == '\\' ) {
  1418. componentLength++;
  1419. ShareName++;
  1420. }
  1421. if ( componentLength != 1 ) {
  1422. status = ERROR_INVALID_PARAMETER;
  1423. goto cleanup;
  1424. }
  1425. componentLength = 0;
  1426. while (( *ShareName != '\\' ) && ( *ShareName != '\0' )) {
  1427. componentLength++;
  1428. ShareName++;
  1429. }
  1430. if (( *ShareName == '\\' ) ||
  1431. ( componentLength < 1 ) || ( componentLength > MAX_PATH )) {
  1432. status = ERROR_INVALID_PARAMETER;
  1433. goto cleanup;
  1434. }
  1435. cleanup:
  1436. return status;
  1437. }
  1438. VOID
  1439. SmbCapturePtr(
  1440. LPBYTE PointerDestination,
  1441. LPBYTE PointerValue
  1442. )
  1443. /*++
  1444. Routine Description:
  1445. This routine captures a pointer from the supplied buffer and places it
  1446. into the destination buffer.
  1447. Arguments:
  1448. PointerDestination - A pointer to the pointer value destination.
  1449. PointerSource - A pointer to the pointer value source.
  1450. Return Value:
  1451. None.
  1452. --*/
  1453. {
  1454. XsSmbPutPointer( PointerDestination, PointerValue );
  1455. }