Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

798 lines
21 KiB

/*++
Copyright (c) 1995 Microsoft Corporation
Module Name:
FragEx.c
Abstract:
This module implements the fragment exchanger routine for
netware directory services access.
Author:
Cory West [CoryWest] 23-Feb-1995
Revision History:
--*/
#include <stdarg.h>
#include "Procs.h"
#define Dbg (DEBUG_TRACE_EXCHANGE)
#pragma alloc_text( PAGE, FragExWithWait )
#pragma alloc_text( PAGE, FormatBuf )
#pragma alloc_text( PAGE, FormatBufS )
NTSTATUS
_cdecl
FragExWithWait(
IN PIRP_CONTEXT pIrpContext,
IN DWORD NdsVerb,
IN PLOCKED_BUFFER pReplyBuffer,
IN BYTE *NdsRequestStr,
...
)
/*
Routine Description:
Exchanges an NDS request in fragments and collects the fragments
of the response. The buffer passed in much be locked down for
the transport.
Routine Arguments:
pIrpContext - A pointer to the context information for this IRP.
NdsVerb - The verb for that indicates the request.
pReplyBuffer - The locked down reply buffer.
NdsReqestStr - The format string for the arguments to this NDS request.
Arguments - The arguments that satisfy the NDS format string.
Return Value:
NTSTATUS - Status of the exchange, but not the result code in the packet.
*/
{
NTSTATUS Status;
BYTE *NdsRequestBuf;
DWORD NdsRequestLen;
BYTE *NdsRequestFrag, *NdsReplyFrag;
DWORD NdsRequestBytesLeft, NdsReplyBytesLeft, NdsReplyLen;
va_list Arguments;
PMDL pMdlSendData = NULL,
pTxMdlFrag = NULL,
pRxMdlFrag = NULL;
PMDL pOrigMdl;
DWORD OrigRxMdlSize;
DWORD MaxFragSize, SendFragSize;
DWORD ReplyFragSize, ReplyFragHandle;
DWORD NdsFraggerHandle = DUMMY_ITER_HANDLE;
// Remove later
ULONG IterationsThroughLoop = 0;
PAGED_CODE();
DebugTrace( 0 , Dbg, "Entering FragExWithWait...\n", 0 );
//
// Allocate conversation buffer for the request.
//
NdsRequestBuf = ALLOCATE_POOL( PagedPool, ( NDS_BUFFER_SIZE * 2 ) );
if ( !NdsRequestBuf ) {
DebugTrace( 0, Dbg, "No memory for request buffer...\n", 0 );
return STATUS_INSUFFICIENT_RESOURCES;
}
//
// Build the request in our local buffer. Reserve the first
// five DWORDs for the NDS request header.
//
if ( NdsRequestStr != NULL ) {
va_start( Arguments, NdsRequestStr );
NdsRequestFrag = (BYTE *) NdsRequestBuf + sizeof( NDS_REQUEST_HEADER );
NdsRequestLen = FormatBuf( NdsRequestFrag,
( NDS_BUFFER_SIZE * 2 ) - sizeof( NDS_REQUEST_HEADER ),
NdsRequestStr,
Arguments );
if ( !NdsRequestLen ) {
Status = STATUS_UNSUCCESSFUL;
goto ExitWithCleanup;
}
va_end( Arguments );
} else {
NdsRequestLen = 0;
}
//
// Pack in the NDS preamble now that we know the length.
//
// The second DWORD in the preamble is the size of the NDS
// request which includes the three DWORDs immediately
// following the size in the preamble.
//
MaxFragSize = pIrpContext->pNpScb->BufferSize -
( sizeof( NCP_REQUEST_WITH_SUB ) +
sizeof( NDS_REPLY_HEADER ) );
FormatBufS( NdsRequestBuf,
5 * sizeof( DWORD ),
"DDDDD",
MaxFragSize, // max fragment size
NdsRequestLen + ( 3 * sizeof( DWORD ) ), // request size
0, // fragment flags
NdsVerb, // nds verb
pReplyBuffer->dwRecvLen ); // reply buffer size
NdsRequestLen += sizeof( NDS_REQUEST_HEADER );
//
// Map the entire request to the SendData mdl and lock it down.
// we'll build partials into this data chunk as we proceed.
//
pMdlSendData = ALLOCATE_MDL( NdsRequestBuf,
NdsRequestLen,
FALSE,
FALSE,
NULL );
if ( !pMdlSendData ) {
DebugTrace( 0, Dbg, "Failed to allocate the request mdl...\n", 0 );
Status = STATUS_INSUFFICIENT_RESOURCES;
goto ExitWithCleanup;
}
try {
MmProbeAndLockPages( pMdlSendData, KernelMode, IoReadAccess );
} except ( EXCEPTION_EXECUTE_HANDLER ) {
DebugTrace( 0, Dbg, "Failed to lock request data in FragExWithWait!\n", 0 );
Status = GetExceptionCode();
goto ExitWithCleanup;
}
//
// Allocate space for send and receive partial mdls.
//
pTxMdlFrag = ALLOCATE_MDL( NdsRequestBuf,
NdsRequestLen,
FALSE,
FALSE,
NULL );
if ( !pTxMdlFrag ) {
DebugTrace( 0, Dbg, "Failed to allocate a tx mdl for this fragment...\n", 0 );
Status = STATUS_INSUFFICIENT_RESOURCES;
goto ExitWithCleanup;
}
pRxMdlFrag = ALLOCATE_MDL( pReplyBuffer->pRecvBufferVa,
pReplyBuffer->dwRecvLen,
FALSE,
FALSE,
NULL );
if ( !pRxMdlFrag ) {
DebugTrace( 0, Dbg, "Failed to allocate an rx mdl for this fragment...\n", 0 );
Status = STATUS_INSUFFICIENT_RESOURCES;
goto ExitWithCleanup;
}
//
// Store the original RxMdl parameters and temporarily shorten it to hold
// only the response header.
//
pOrigMdl = pIrpContext->RxMdl->Next;
OrigRxMdlSize = MmGetMdlByteCount( pIrpContext->RxMdl );
pIrpContext->RxMdl->ByteCount = 16;
//
// The request is formatted, so set our internal pointers
// and start the exchange loop.
//
NdsReplyFrag = pReplyBuffer->pRecvBufferVa;
NdsReplyBytesLeft = pReplyBuffer->dwRecvLen;
NdsReplyLen = 0;
NdsRequestFrag = NdsRequestBuf;
NdsRequestBytesLeft = NdsRequestLen;
while ( TRUE ) {
IterationsThroughLoop++;
//
// If there's more data to send in the request, set up the next MDL frag.
//
if ( NdsRequestBytesLeft ) {
if ( MaxFragSize < NdsRequestBytesLeft )
SendFragSize = MaxFragSize;
else
SendFragSize = NdsRequestBytesLeft;
IoBuildPartialMdl( pMdlSendData,
pTxMdlFrag,
NdsRequestFrag,
SendFragSize );
}
//
// Set up the response partial mdl with the buffer space that we have
// left. If we are here and there's no space left in the user's buffer,
// we're sort of hosed...
//
if ( !NdsReplyBytesLeft ) {
DebugTrace( 0, Dbg, "No room for fragment reply.\n", 0 );
Status = STATUS_BUFFER_OVERFLOW;
goto ExitWithCleanup;
}
ASSERT( NdsReplyBytesLeft <= MmGetMdlByteCount( pRxMdlFrag ) );
IoBuildPartialMdl( pReplyBuffer->pRecvMdl,
pRxMdlFrag,
NdsReplyFrag,
NdsReplyBytesLeft );
pIrpContext->RxMdl->Next = pRxMdlFrag;
pRxMdlFrag->Next = NULL;
//
// Do this transaction.
//
SetFlag( pIrpContext->Flags, IRP_FLAG_RECONNECTABLE );
if ( NdsRequestBytesLeft ) {
Status = ExchangeWithWait( pIrpContext,
SynchronousResponseCallback,
"NDf",
NDS_REQUEST, // NDS Function 104
NDS_ACTION, // NDS Subfunction 2
NdsFraggerHandle, // frag handle from the last response
pTxMdlFrag ); // NDS MDL Fragment
NdsRequestBytesLeft -= SendFragSize;
NdsRequestFrag = (LPBYTE) NdsRequestFrag + SendFragSize;
MmPrepareMdlForReuse( pTxMdlFrag );
//
// We may reuse this irp context, so we have to clear the
// TxMdl chain (Exchange doesn't do it for us).
//
pIrpContext->TxMdl->Next = NULL;
} else {
//
// There were no more request bytes to send, so we must have be allowed
// to continue to request another response fragment. NdsFraggerHandle
// contains the fragger handle from the last response.
//
Status = ExchangeWithWait( pIrpContext,
SynchronousResponseCallback,
"ND", // We only care about the frag handle
NDS_REQUEST, // NDS Function 104
NDS_ACTION, // NDS Subfunction 2
NdsFraggerHandle ); // the frag handle from last response
}
ClearFlag( pIrpContext->Flags, IRP_FLAG_RECONNECTABLE );
//
// Success? Get the frag size and frag handle and see.
//
if ((!NT_SUCCESS( Status )) || (pIrpContext->ResponseLength == 0)) {
DebugTrace( 0, Dbg, "Failed to exchange the fragment.\n", 0 );
goto ExitWithCleanup;
}
Status = ParseResponse( pIrpContext,
pIrpContext->rsp, // mapped into first rxmdl
MIN(16, pIrpContext->ResponseLength),
"NDD",
&ReplyFragSize,
&ReplyFragHandle );
if ( !NT_SUCCESS( Status ) ) {
goto ExitWithCleanup;
}
//
// We got that fragment and it's already in our buffer. We have to adjust
// the index pointers, reset the MDLs, and continue on. Remember, we don't
// have to include space for the fragger handle since we've already got it.
//
ReplyFragSize -= sizeof( DWORD );
if (ReplyFragSize > NdsReplyBytesLeft) {
NdsReplyBytesLeft = 0;
} else {
NdsReplyBytesLeft -= ReplyFragSize;
}
NdsReplyFrag = (LPBYTE) NdsReplyFrag + ReplyFragSize;
NdsReplyLen += ReplyFragSize;
MmPrepareMdlForReuse( pRxMdlFrag );
//
// Inspect the fraghandle.
//
if ( ReplyFragHandle == DUMMY_ITER_HANDLE ) {
// We are done!
//
// Invariant: There is a valid NDS response in the NdsReply
// and Status is NT_SUCCESS.
pReplyBuffer->dwBytesWritten = NdsReplyLen;
goto ExitWithCleanup;
} else {
// There's more coming! Remember the fragger handle and continue.
NdsFraggerHandle = ReplyFragHandle;
}
}
DebugTrace( 0, Dbg, "Invalid state in FragExWithWait()\n", 0 );
ExitWithCleanup:
//
// Unlock the request buffer and free its mdl.
//
if ( pMdlSendData ) {
MmUnlockPages( pMdlSendData );
FREE_MDL( pMdlSendData );
}
//
// Free the partial mdls.
//
if ( pRxMdlFrag )
FREE_MDL( pRxMdlFrag );
if ( pTxMdlFrag )
FREE_MDL( pTxMdlFrag );
//
// Free the request buffer.
//
FREE_POOL( NdsRequestBuf );
//
// Restore the original Irp->RxMdl parameters.
//
pIrpContext->RxMdl->Next = pOrigMdl;
pIrpContext->RxMdl->ByteCount = OrigRxMdlSize;
return Status;
}
int
_cdecl
FormatBuf(
char *buf,
int bufLen,
const char *format,
va_list args
)
/*
Routine Description:
Formats a buffer according to supplied the format string.
FormatString - Supplies an ANSI string which describes how to
convert from the input arguments into NCP request fields, and
from the NCP response fields into the output arguments.
Field types, request/response:
'b' byte ( byte / byte* )
'w' hi-lo word ( word / word* )
'd' hi-lo dword ( dword / dword* )
'W' lo-hi word ( word / word*)
'D' lo-hi dword ( dword / dword*)
'-' zero/skip byte ( void )
'=' zero/skip word ( void )
._. zero/skip string ( word )
'p' pstring ( char* )
'c' cstring ( char* )
'C' cstring followed skip word ( char*, word )
'V' sized NDS value ( byte *, dword / byte **, dword *)
'S' p unicode string copy as NDS_STRING (UNICODE_STRING *)
's' cstring copy as NDS_STRING (char* / char *, word)
'r' raw bytes ( byte*, word )
'u' p unicode string ( UNICODE_STRING * )
'U' p uppercase string( UNICODE_STRING * )
Routine Arguments:
char *buf - destination buffer.
int buflen - length of the destination buffer.
char *format - format string.
args - args to the format string.
Implementation Notes:
This comes almost verbatim from the Win95 source code. It duplicates
work in FormatRequest(). Eventually, FormatRequest() should be split
into two distinct routines: FormatBuffer() and MakeRequest().
*/
{
ULONG ix;
NTSTATUS status;
const char *z = format;
PAGED_CODE();
//
// Convert the input arguments into request packet.
//
ix = 0;
while ( *z )
{
switch ( *z )
{
case '=':
buf[ix++] = 0;
case '-':
buf[ix++] = 0;
break;
case '_':
{
WORD l = va_arg ( args, WORD );
if (ix + (ULONG)l > (ULONG)bufLen)
{
#ifdef NWDBG
DbgPrintf( "FormatBuf case '_' request buffer too small.\n" );
#endif
goto ErrorExit;
}
while ( l-- )
buf[ix++] = 0;
break;
}
case 'b':
buf[ix++] = va_arg ( args, BYTE );
break;
case 'w':
{
WORD w = va_arg ( args, WORD );
buf[ix++] = (BYTE) (w >> 8);
buf[ix++] = (BYTE) (w >> 0);
break;
}
case 'd':
{
DWORD d = va_arg ( args, DWORD );
buf[ix++] = (BYTE) (d >> 24);
buf[ix++] = (BYTE) (d >> 16);
buf[ix++] = (BYTE) (d >> 8);
buf[ix++] = (BYTE) (d >> 0);
break;
}
case 'W':
{
WORD w = va_arg(args, WORD);
(* (WORD *)&buf[ix]) = w;
ix += 2;
break;
}
case 'D':
{
DWORD d = va_arg (args, DWORD);
(* (DWORD *)&buf[ix]) = d;
ix += 4;
break;
}
case 'c':
{
char* c = va_arg ( args, char* );
WORD l = (WORD)strlen( c );
if (ix + (ULONG)l > (ULONG)bufLen)
{
#ifdef NWDBG
DbgPrintf( "FormatBuf case 'c' request buffer too small.\n" );
#endif
goto ErrorExit;
}
RtlCopyMemory( &buf[ix], c, l+1 );
ix += l + 1;
break;
}
case 'C':
{
char* c = va_arg ( args, char* );
WORD l = va_arg ( args, WORD );
WORD len = strlen( c ) + 1;
if (ix + (ULONG)l > (ULONG)bufLen)
{
#ifdef NWDBG
DbgPrintf( "FormatBuf 'C' request buffer too small.\n" );
#endif
goto ErrorExit;
}
RtlCopyMemory( &buf[ix], c, len > l? l : len);
ix += l;
buf[ix-1] = 0;
break;
}
case 'p':
{
char* c = va_arg ( args, char* );
BYTE l = (BYTE)strlen( c );
if (ix + (ULONG)l +1 > (ULONG)bufLen)
{
#ifdef NWDBG
DbgPrintf( "FormatBuf case 'p' request buffer too small.\n" );
#endif
goto ErrorExit;
}
buf[ix++] = l;
RtlCopyMemory( &buf[ix], c, l );
ix += l;
break;
}
case 'u':
{
PUNICODE_STRING pUString = va_arg ( args, PUNICODE_STRING );
OEM_STRING OemString;
ULONG Length;
//
// Calculate required string length, excluding trailing NUL.
//
Length = RtlUnicodeStringToOemSize( pUString ) - 1;
ASSERT( Length < 0x100 );
if ( ix + Length > (ULONG)bufLen ) {
#ifdef NWDBG
DbgPrint( "FormatBuf case 'u' request buffer too small.\n" );
#endif
goto ErrorExit;
}
buf[ix++] = (UCHAR)Length;
OemString.Buffer = &buf[ix];
OemString.MaximumLength = (USHORT)Length + 1;
status = RtlUnicodeStringToOemString( &OemString, pUString, FALSE );
ASSERT( NT_SUCCESS( status ));
ix += (USHORT)Length;
break;
}
case 'S':
{
PUNICODE_STRING pUString = va_arg (args, PUNICODE_STRING);
ULONG Length, rLength;
Length = pUString->Length;
if (ix + Length + sizeof(Length) + sizeof( WCHAR ) > (ULONG)bufLen) {
DebugTrace( 0, Dbg, "FormatBuf: case 'S' request buffer too small.\n", 0 );
goto ErrorExit;
}
//
// The VLM client uses the rounded up length and it seems to
// make a difference! Also, don't forget that NDS strings have
// to be NULL terminated.
//
rLength = ROUNDUP4(Length + sizeof( WCHAR ));
*((DWORD *)&buf[ix]) = rLength;
ix += 4;
RtlCopyMemory(&buf[ix], pUString->Buffer, Length);
ix += Length;
rLength -= Length;
RtlFillMemory( &buf[ix], rLength, '\0' );
ix += rLength;
break;
}
case 's':
{
PUNICODE_STRING pUString = va_arg (args, PUNICODE_STRING);
ULONG Length, rLength;
Length = pUString->Length;
if (ix + Length + sizeof(Length) + sizeof( WCHAR ) > (ULONG)bufLen) {
DebugTrace( 0, Dbg, "FormatBuf: case 's' request buffer too small.\n", 0 );
goto ErrorExit;
}
//
// Don't use the padded size here, only the NDS null terminator.
//
rLength = Length + sizeof( WCHAR );
*((DWORD *)&buf[ix]) = rLength;
ix += 4;
RtlCopyMemory(&buf[ix], pUString->Buffer, Length);
ix += Length;
rLength -= Length;
RtlFillMemory( &buf[ix], rLength, '\0' );
ix += rLength;
break;
}
case 'V':
{
// too similar to 'S' - should be combined
BYTE* b = va_arg ( args, BYTE* );
DWORD l = va_arg ( args, DWORD );
if ( ix + l + sizeof(DWORD) > (ULONG)
bufLen )
{
#ifdef NWDBG
DbgPrint( "FormatBuf case 'V' request buffer too small.\n" );
#endif
goto ErrorExit;
}
*((DWORD *)&buf[ix]) = l;
ix += sizeof(DWORD);
RtlCopyMemory( &buf[ix], b, l );
l = ROUNDUP4(l);
ix += l;
break;
}
case 'r':
{
BYTE* b = va_arg ( args, BYTE* );
WORD l = va_arg ( args, WORD );
if ( ix + l > (ULONG)bufLen )
{
#ifdef NWDBG
DbgPrint( "FormatBuf case 'r' request buffer too small.\n" );
#endif
goto ErrorExit;
}
RtlCopyMemory( &buf[ix], b, l );
ix += l;
break;
}
default:
#ifdef NWDBG
DbgPrint( "FormatBuf invalid request field, %x.\n", *z );
#endif
;
}
if ( ix > (ULONG)bufLen )
{
#ifdef NWDBG
DbgPrint( "FormatBuf: too much request data.\n" );
#endif
goto ErrorExit;
}
z++;
}
return(ix);
ErrorExit:
return 0;
}
int
_cdecl
FormatBufS(
char *buf,
int bufLen,
const char *format,
...
)
/*++
args from the stack
--*/
{
va_list args;
int len;
PAGED_CODE();
va_start(args, format);
len = FormatBuf(buf, bufLen, format, args);
va_end( args );
return len;
}