static
VOID
SrvNotifyStateFree(
PSRV_CHANGE_NOTIFY_STATE_SMB_V1 pNotifyState
)
{
if (pNotifyState->pAcb && pNotifyState->pAcb->AsyncCancelContext)
{
IoDereferenceAsyncCancelContext(
&pNotifyState->pAcb->AsyncCancelContext);
}
if (pNotifyState->pConnection)
{
SrvConnectionRelease(pNotifyState->pConnection);
}
if (pNotifyState->pBuffer)
{
SrvFreeMemory(pNotifyState->pBuffer);
}
if (pNotifyState->pMutex)
{
pthread_mutex_destroy(&pNotifyState->mutex);
}
SrvFreeMemory(pNotifyState);
}
static
VOID
SrvFinderFreeSearchSpace(
IN PSRV_SEARCH_SPACE pSearchSpace
)
{
if (pSearchSpace->pMutex)
{
pthread_mutex_destroy(&pSearchSpace->mutex);
}
if (pSearchSpace->hFile)
{
IoCloseFile(pSearchSpace->hFile);
}
if (pSearchSpace->pFileInfo)
{
SrvFreeMemory(pSearchSpace->pFileInfo);
}
if (pSearchSpace->pwszSearchPattern)
{
LwIoFreeMemory(pSearchSpace->pwszSearchPattern);
}
SrvFreeMemory(pSearchSpace);
}
static
VOID
SrvFreeGetInfoState_SMB_V2(
PSRV_GET_INFO_STATE_SMB_V2 pGetInfoState
)
{
if (pGetInfoState->pAcb && pGetInfoState->pAcb->AsyncCancelContext)
{
IoDereferenceAsyncCancelContext(
&pGetInfoState->pAcb->AsyncCancelContext);
}
if (pGetInfoState->pData2)
{
SrvFreeMemory(pGetInfoState->pData2);
}
if (pGetInfoState->pFile)
{
SrvFile2Release(pGetInfoState->pFile);
}
if (pGetInfoState->pMutex)
{
pthread_mutex_destroy(&pGetInfoState->mutex);
}
SrvFreeMemory(pGetInfoState);
}
static
VOID
SrvFreeRenameState(
PSRV_RENAME_STATE_SMB_V1 pRenameState
)
{
if (pRenameState->pAcb && pRenameState->pAcb->AsyncCancelContext)
{
IoDereferenceAsyncCancelContext(
&pRenameState->pAcb->AsyncCancelContext);
}
if (pRenameState->pDirEcpList)
{
IoRtlEcpListFree(&pRenameState->pDirEcpList);
}
if (pRenameState->pFileEcpList)
{
IoRtlEcpListFree(&pRenameState->pFileEcpList);
}
// TODO: Free the following if set
// pSecurityDescriptor;
// pSecurityQOS;
if (pRenameState->oldName.FileName)
{
SrvFreeMemory(pRenameState->oldName.FileName);
}
if (pRenameState->dirPath.FileName)
{
SrvFreeMemory(pRenameState->dirPath.FileName);
}
if (pRenameState->hDir)
{
IoCloseFile(pRenameState->hDir);
}
if (pRenameState->hFile)
{
IoCloseFile(pRenameState->hFile);
}
if (pRenameState->pData)
{
SrvFreeMemory(pRenameState->pData);
}
if (pRenameState->pMutex)
{
pthread_mutex_destroy(&pRenameState->mutex);
}
SrvFreeMemory(pRenameState);
}
static
VOID
SrvFreeOpenState(
PSRV_OPEN_STATE_SMB_V1 pOpenState
)
{
if (pOpenState->pAcb && pOpenState->pAcb->AsyncCancelContext)
{
IoDereferenceAsyncCancelContext(
&pOpenState->pAcb->AsyncCancelContext);
}
if (pOpenState->pEcpList)
{
IoRtlEcpListFree(&pOpenState->pEcpList);
}
// TODO: Free the following if set
// pSecurityDescriptor;
// pSecurityQOS;
if (pOpenState->pFilename)
{
SRV_FREE_UNICODE_STRING(&pOpenState->pFilename->Name);
SrvFreeMemory(pOpenState->pFilename);
}
if (pOpenState->hFile)
{
IoCloseFile(pOpenState->hFile);
}
if (pOpenState->pFile)
{
SrvFileResetOplockState(pOpenState->pFile);
SrvFileRundown(pOpenState->pFile);
SrvFileRelease(pOpenState->pFile);
}
if (pOpenState->pTree)
{
SrvTreeRelease(pOpenState->pTree);
}
if (pOpenState->pMutex)
{
pthread_mutex_destroy(&pOpenState->mutex);
}
SrvFreeMemory(pOpenState);
}
static
VOID
SrvElementsConfigFreeContents(
PSRV_ELEMENTS_CONFIG pConfig
)
{
LWIO_CONFIG_TABLE configTable[] = SRV_ELEMENTS_CONFIG_TABLE_INITIALIZER;
ULONG ulNumConfig = sizeof(configTable) / sizeof(LWIO_CONFIG_TABLE);
ULONG ulEntry = 0;
for (ulEntry = 0; ulEntry < ulNumConfig; ulEntry++)
{
if (configTable[ulEntry].Type == LwIoTypeString)
{
PSTR pszString = configTable[ulEntry].pValue;
if (pszString != NULL)
{
SrvFreeMemory(pszString);
}
}
if (configTable[ulEntry].Type == LwIoTypeMultiString)
{
PSTR **pppszStrings = configTable[ulEntry].pValue;
if (*pppszStrings != NULL)
{
LwIoMultiStringFree(pppszStrings);
}
}
}
}
NTSTATUS
SrvBuildFilePath(
IN PWSTR pwszPrefix,
IN PWSTR pwszSuffix,
OUT PUNICODE_STRING pFilename
)
{
NTSTATUS ntStatus = STATUS_SUCCESS;
PWSTR pwszFilename = NULL;
UNICODE_STRING filename = { 0 };
ntStatus = SrvBuildFilePathString(pwszPrefix, pwszSuffix, &pwszFilename);
BAIL_ON_NT_STATUS(ntStatus);
ntStatus = SrvInitializeUnicodeString(pwszFilename, &filename);
BAIL_ON_NT_STATUS(ntStatus);
pwszFilename = NULL;
cleanup:
if (pwszFilename)
{
SrvFreeMemory(pwszFilename);
}
*pFilename = filename;
return ntStatus;
error:
SRV_FREE_UNICODE_STRING(&filename);
goto cleanup;
}
static
VOID
SrvSession2Free(
PLWIO_SRV_SESSION_2 pSession
)
{
LWIO_LOG_DEBUG("Freeing session [object:0x%x][uid:%u]",
pSession,
pSession->ullUid);
if (pSession->pMutex)
{
pthread_rwlock_destroy(&pSession->mutex);
pSession->pMutex = NULL;
}
if (pSession->pTreeCollection)
{
LwRtlRBTreeFree(pSession->pTreeCollection);
}
if (pSession->hFinderRepository)
{
SrvFinderCloseRepository(pSession->hFinderRepository);
}
SRV_SAFE_FREE_MEMORY(pSession->pwszClientPrincipalName);
if (pSession->pIoSecurityContext) {
IoSecurityDereferenceSecurityContext(&pSession->pIoSecurityContext);
}
SrvFreeMemory(pSession);
}
static
VOID
SrvFreeCheckdirState(
PSRV_CHECKDIR_STATE_SMB_V1 pCheckdirState
)
{
if (pCheckdirState->pAcb && pCheckdirState->pAcb->AsyncCancelContext)
{
IoDereferenceAsyncCancelContext(
&pCheckdirState->pAcb->AsyncCancelContext);
}
if (pCheckdirState->pEcpList)
{
IoRtlEcpListFree(&pCheckdirState->pEcpList);
}
// TODO: Free the following if set
// pSecurityDescriptor;
// pSecurityQOS;
SRV_FREE_UNICODE_STRING(&pCheckdirState->fileName.Name);
if (pCheckdirState->hFile)
{
IoCloseFile(pCheckdirState->hFile);
}
if (pCheckdirState->pMutex)
{
pthread_mutex_destroy(&pCheckdirState->mutex);
}
SrvFreeMemory(pCheckdirState);
}
static
VOID
SrvShareDbFreeContext(
PSRV_SHARE_DB_CONTEXT pDbContext
)
{
if (pDbContext->pInsertStmt)
{
sqlite3_finalize(pDbContext->pInsertStmt);
}
if (pDbContext->pEnumStmt)
{
sqlite3_finalize(pDbContext->pEnumStmt);
}
if (pDbContext->pDeleteStmt)
{
sqlite3_finalize(pDbContext->pDeleteStmt);
}
if (pDbContext->pCountStmt)
{
sqlite3_finalize(pDbContext->pCountStmt);
}
if (pDbContext->pFindStmt)
{
sqlite3_finalize(pDbContext->pFindStmt);
}
if (pDbContext->pDbHandle)
{
sqlite3_close(pDbContext->pDbHandle);
}
SrvFreeMemory(pDbContext);
}
NTSTATUS
SrvElementsShutdown(
VOID
)
{
NTSTATUS ntStatus = STATUS_SUCCESS;
ntStatus = SrvTimerIndicateStop(&gSrvElements.timer);
BAIL_ON_NT_STATUS(ntStatus);
SrvTimerFreeContents(&gSrvElements.timer);
if (gSrvElements.pHintsBuffer != NULL)
{
SrvFreeMemory(gSrvElements.pHintsBuffer);
gSrvElements.pHintsBuffer = NULL;
gSrvElements.ulHintsLength = 0;
}
if (gSrvElements.pStatsLock)
{
pthread_rwlock_destroy(&gSrvElements.statsLock);
gSrvElements.pStatsLock = NULL;
}
SrvElementsResourcesShutdown();
error:
return ntStatus;
}
static
VOID
SrvTimerFree(
IN PSRV_TIMER_REQUEST pTimerRequest
)
{
SrvFreeMemory(pTimerRequest);
}
static
VOID
SrvFreeExecContext(
IN PSRV_EXEC_CONTEXT pContext
)
{
SrvMpxTrackerRemoveExecContext(pContext);
if (pContext->pProtocolContext)
{
pContext->pfnFreeContext(pContext->pProtocolContext);
}
if (pContext->pSmbRequest)
{
SMBPacketRelease(
pContext->pConnection->hPacketAllocator,
pContext->pSmbRequest);
}
if (pContext->pSmbResponse)
{
SMBPacketRelease(
pContext->pConnection->hPacketAllocator,
pContext->pSmbResponse);
}
if (pContext->pInterimResponse)
{
SMBPacketRelease(
pContext->pConnection->hPacketAllocator,
pContext->pInterimResponse);
}
if (pContext->pConnection)
{
SrvConnectionRelease(pContext->pConnection);
}
if (pContext->pStatInfo)
{
SrvStatisticsRelease(pContext->pStatInfo);
}
if (pContext->pLogContext)
{
SrvLogContextFree(pContext->pLogContext);
}
if (pContext->pExecMutex)
{
pthread_mutex_destroy(&pContext->execMutex);
}
SrvFreeMemory(pContext);
}
static
VOID
SrvShareFreeStringArray(
PWSTR* ppwszValues,
ULONG ulNumValues
)
{
ULONG iValue = 0;
for (; iValue < ulNumValues; iValue++)
{
if (ppwszValues[iValue])
{
SrvFreeMemory(ppwszValues[iValue]);
}
}
SrvFreeMemory(ppwszValues);
}
NTSTATUS
SrvShareDbEndEnum(
IN HANDLE hRepository,
IN HANDLE hResume
)
{
PSRV_SHARE_DB_ENUM_CONTEXT pResume = (PSRV_SHARE_DB_ENUM_CONTEXT)hResume;
SrvFreeMemory(pResume);
return STATUS_SUCCESS;
}
static
VOID
SrvFreeNotifyRequestState_SMB_V2(
PSRV_NOTIFY_REQUEST_STATE_SMB_V2 pNotifyRequestState
)
{
if (pNotifyRequestState->pFile)
{
SrvFile2Release(pNotifyRequestState->pFile);
}
SrvFreeMemory(pNotifyRequestState);
}
static
VOID
SrvTree2Free(
PLWIO_SRV_TREE_2 pTree
)
{
LWIO_LOG_DEBUG("Freeing tree [object:0x%x][tid:%u]",
pTree,
pTree->ulTid);
// Cannot be in the parent since parent would have a reference.
LWIO_ASSERT(!SrvTree2IsInParent_inlock(pTree));
if (pTree->pMutex)
{
pthread_rwlock_destroy(&pTree->mutex);
pTree->pMutex = NULL;
}
if (pTree->pFileCollection)
{
LwRtlRBTreeFree(pTree->pFileCollection);
}
if (pTree->hFile)
{
IoCloseFile(pTree->hFile);
}
if (pTree->pShareInfo)
{
SrvShareReleaseInfo(pTree->pShareInfo);
}
if (pTree->resource.ulResourceId)
{
PSRV_RESOURCE pResource = NULL;
SrvElementsUnregisterResource(pTree->resource.ulResourceId,
&pResource);
pTree->resource.ulResourceId = 0;
}
// Release parent at the end
if (pTree->pSession)
{
SrvSession2Release(pTree->pSession);
}
SrvFreeMemory(pTree);
}
NTSTATUS
SrvElementsShutdown(
VOID
)
{
NTSTATUS ntStatus = STATUS_SUCCESS;
ntStatus = SrvTimerIndicateStop(&gSrvElements.timer);
BAIL_ON_NT_STATUS(ntStatus);
SrvTimerFreeContents(&gSrvElements.timer);
if (gSrvElements.pHintsBuffer != NULL)
{
SrvFreeMemory(gSrvElements.pHintsBuffer);
gSrvElements.pHintsBuffer = NULL;
gSrvElements.ulHintsLength = 0;
}
if (gSrvElements.pStatsLock)
{
pthread_rwlock_destroy(&gSrvElements.statsLock);
gSrvElements.pStatsLock = NULL;
}
SrvElementsResourcesShutdown();
SrvElementsConfigShutdown();
if (gSrvElements.pMutex)
{
pthread_mutex_destroy(&gSrvElements.mutex);
gSrvElements.pMutex = NULL;
}
if (gSrvElements.pAsyncCloseFileTracker)
{
SrvAsyncCloseFileTrackerWaitPending(gSrvElements.pAsyncCloseFileTracker);
SrvAsyncCloseFileTrackerFree(gSrvElements.pAsyncCloseFileTracker);
gSrvElements.pAsyncCloseFileTracker = NULL;
}
error:
return ntStatus;
}
NTSTATUS
SrvSocketStringToAddressA(
PCSTR pszAddress,
struct sockaddr** ppSocketAddress,
SOCKLEN_TYPE* pAddressLength
)
{
NTSTATUS ntStatus = STATUS_SUCCESS;
struct addrinfo* pAddrInfo = NULL;
struct sockaddr* pSocketAddress = NULL;
ntStatus = SrvSocketGetAddrInfoA(pszAddress, &pAddrInfo);
BAIL_ON_NT_STATUS(ntStatus);
ntStatus = SrvAllocateMemory(
pAddrInfo->ai_addrlen,
OUT_PPVOID(&pSocketAddress));
BAIL_ON_NT_STATUS(ntStatus);
memcpy(pSocketAddress, pAddrInfo->ai_addr, pAddrInfo->ai_addrlen);
*ppSocketAddress = pSocketAddress;
*pAddressLength = pAddrInfo->ai_addrlen;
cleanup:
if (pAddrInfo)
{
freeaddrinfo(pAddrInfo);
}
return ntStatus;
error:
if (pSocketAddress)
{
SrvFreeMemory(pSocketAddress);
}
*ppSocketAddress = NULL;
*pAddressLength = 0;
goto cleanup;
}
static
VOID
SrvAsyncStateFree(
PLWIO_ASYNC_STATE pAsyncState
)
{
if (pAsyncState->hAsyncState && pAsyncState->pfnFreeAsyncState)
{
pAsyncState->pfnFreeAsyncState(pAsyncState->hAsyncState);
}
if (pAsyncState->pMutex)
{
pthread_rwlock_destroy(&pAsyncState->mutex);
}
SrvFreeMemory(pAsyncState);
}
static
VOID
SrvFinderFreeRepository(
IN PSRV_FINDER_REPOSITORY pFinderRepository
)
{
if (pFinderRepository->pSearchSpaceCollection)
{
LwRtlRBTreeFree(pFinderRepository->pSearchSpaceCollection);
}
if (pFinderRepository->pMutex)
{
pthread_mutex_destroy(&pFinderRepository->mutex);
}
SrvFreeMemory(pFinderRepository);
}
VOID
SrvShareFreeSecurity(
IN PSRV_SHARE_INFO pShareInfo
)
{
if (pShareInfo->pSecDesc)
{
SrvFreeMemory(pShareInfo->pSecDesc);
pShareInfo->pSecDesc = NULL;
pShareInfo->ulSecDescLen = 0;
}
if (pShareInfo->pAbsSecDesc)
{
SrvShareFreeAbsoluteSecurityDescriptor(&pShareInfo->pAbsSecDesc);
pShareInfo->pAbsSecDesc = NULL;
}
}
static
VOID
SrvTreeFree(
PLWIO_SRV_TREE pTree
)
{
LWIO_LOG_DEBUG("Freeing tree [object:0x%x][tid:%u]",
pTree,
pTree->tid);
if (pTree->pMutex)
{
pthread_rwlock_destroy(&pTree->mutex);
pTree->pMutex = NULL;
}
if (pTree->pFileCollection)
{
LwRtlRBTreeFree(pTree->pFileCollection);
}
if (pTree->pAsyncStateCollection)
{
LwRtlRBTreeFree(pTree->pAsyncStateCollection);
}
if (pTree->hFile)
{
IoCloseFile(pTree->hFile);
}
if (pTree->pShareInfo)
{
SrvShareReleaseInfo(pTree->pShareInfo);
}
SrvFreeMemory(pTree);
}
static
VOID
SrvFreeFlushState_SMB_V2(
PSRV_FLUSH_STATE_SMB_V2 pFlushState
)
{
if (pFlushState->pAcb && pFlushState->pAcb->AsyncCancelContext)
{
IoDereferenceAsyncCancelContext(
&pFlushState->pAcb->AsyncCancelContext);
}
if (pFlushState->pFile)
{
SrvFile2Release(pFlushState->pFile);
}
if (pFlushState->pMutex)
{
pthread_mutex_destroy(&pFlushState->mutex);
}
SrvFreeMemory(pFlushState);
}
static
NTSTATUS
SrvShareDbWriteToShareInfo(
IN sqlite3_stmt* pSqlStatement,
OUT PSRV_SHARE_INFO** pppShareInfoList,
IN OUT PULONG pulNumSharesFound
)
{
NTSTATUS ntStatus = 0;
PSRV_SHARE_INFO* ppShareInfoList = NULL;
PSRV_SHARE_INFO pShareInfo = NULL;
PWSTR pwszStringVal = NULL;
ULONG ulIntVal = 0;
ULONG ulNumSharesAllocated = 0;
ULONG ulNumSharesAvailable = 0;
ULONG iShare = 0;
while ((ntStatus = sqlite3_step(pSqlStatement)) == SQLITE_ROW)
{
ULONG iCol = 0;
if (!ulNumSharesAvailable)
{
PSRV_SHARE_INFO* ppShareInfoListNew = NULL;
ULONG ulNumSharesNew = 5;
ULONG ulNumSharesAllocatedNew = ulNumSharesAllocated + ulNumSharesNew;
ntStatus = SrvAllocateMemory(
sizeof(PSRV_SHARE_INFO) * ulNumSharesAllocatedNew,
(PVOID*)&ppShareInfoListNew);
BAIL_ON_NT_STATUS(ntStatus);
if (ppShareInfoList)
{
memcpy((PBYTE)ppShareInfoListNew,
(PBYTE)ppShareInfoList,
sizeof(PSRV_SHARE_INFO) * ulNumSharesAllocated);
SrvFreeMemory(ppShareInfoList);
}
ppShareInfoList = ppShareInfoListNew;
ulNumSharesAllocated = ulNumSharesAllocatedNew;
ulNumSharesAvailable = ulNumSharesNew;
}
ntStatus = SrvAllocateMemory(
sizeof(SRV_SHARE_INFO),
(PVOID*)&pShareInfo);
BAIL_ON_NT_STATUS(ntStatus);
pShareInfo->refcount = 1;
pthread_rwlock_init(&pShareInfo->mutex, NULL);
pShareInfo->pMutex = &pShareInfo->mutex;
for (; iCol < 5; iCol++)
{
const unsigned char* pszStringVal = NULL;
ULONG ulNumBytes = sqlite3_column_bytes(pSqlStatement, iCol);
switch(iCol)
{
case 0: /* ShareName */
if (ulNumBytes)
{
pszStringVal = sqlite3_column_text(pSqlStatement, iCol);
ntStatus = SrvMbsToWc16s(
(PCSTR)pszStringVal,
&pShareInfo->pwszName);
BAIL_ON_NT_STATUS(ntStatus);
}
break;
case 1: /* PathName */
if (ulNumBytes)
{
pszStringVal = sqlite3_column_text(pSqlStatement, iCol);
ntStatus = SrvMbsToWc16s(
(PCSTR)pszStringVal,
&pShareInfo->pwszPath);
BAIL_ON_NT_STATUS(ntStatus);
}
break;
case 2: /* Comment */
if (ulNumBytes)
{
pszStringVal = sqlite3_column_text(pSqlStatement, iCol);
ntStatus = SrvMbsToWc16s(
(PCSTR)pszStringVal,
&pShareInfo->pwszComment);
}
else
{
/* Deal with empty comments */
ntStatus = SrvMbsToWc16s(
"",
&pShareInfo->pwszComment);
}
BAIL_ON_NT_STATUS(ntStatus);
break;
case 3: /* Security Descriptor */
if (ulNumBytes)
{
PCVOID pBlob = sqlite3_column_blob(pSqlStatement, iCol);
ntStatus = SrvAllocateMemory(
ulNumBytes,
(PVOID*)&pShareInfo->pSecDesc);
BAIL_ON_NT_STATUS(ntStatus);
memcpy(pShareInfo->pSecDesc, pBlob, ulNumBytes);
pShareInfo->ulSecDescLen = ulNumBytes;
}
break;
case 4: /* service */
if (ulNumBytes)
{
pszStringVal = sqlite3_column_text(pSqlStatement, iCol);
}
ntStatus = SrvMbsToWc16s(
(PCSTR)pszStringVal,
&pwszStringVal);
BAIL_ON_NT_STATUS(ntStatus);
ntStatus = SrvShareMapServiceStringToId(
pwszStringVal,
&pShareInfo->service);
BAIL_ON_NT_STATUS(ntStatus);
break;
case 5: /* flags */
if (ulNumBytes)
{
ulIntVal = sqlite3_column_int(pSqlStatement, iCol);
}
pShareInfo->ulFlags = ulIntVal;
break;
}
}
*(ppShareInfoList + iShare++) = pShareInfo;
pShareInfo = NULL;
ulNumSharesAvailable--;
}
if (ntStatus == SQLITE_DONE)
{
ntStatus = STATUS_SUCCESS;
}
BAIL_ON_LWIO_SRV_SQLITE_ERROR_STMT(ntStatus, pSqlStatement);
*pppShareInfoList = ppShareInfoList;
*pulNumSharesFound = iShare;
cleanup:
SRV_SAFE_FREE_MEMORY(pwszStringVal);
if (pShareInfo)
{
SrvShareReleaseInfo(pShareInfo);
}
return ntStatus;
error:
*pppShareInfoList = NULL;
*pulNumSharesFound = 0;
if (ppShareInfoList)
{
SrvShareFreeInfoList(ppShareInfoList, iShare);
}
goto cleanup;
}
static
NTSTATUS
SrvBuildNotifyResponse_SMB_V2(
PSRV_EXEC_CONTEXT pExecContext,
PSRV_NOTIFY_STATE_SMB_V2 pNotifyState
)
{
NTSTATUS ntStatus = STATUS_SUCCESS;
PSRV_PROTOCOL_EXEC_CONTEXT pCtxProtocol = pExecContext->pProtocolContext;
PSRV_EXEC_CONTEXT_SMB_V2 pCtxSmb2 = pCtxProtocol->pSmb2Context;
ULONG iMsg = pCtxSmb2->iMsg;
PSRV_MESSAGE_SMB_V2 pSmbRequest = &pCtxSmb2->pRequests[iMsg];
PSRV_MESSAGE_SMB_V2 pSmbResponse = &pCtxSmb2->pResponses[iMsg];
PSMB2_NOTIFY_RESPONSE_HEADER pNotifyResponseHeader = NULL; // do not free
PBYTE pData = NULL;
ULONG ulDataLength = 0;
PBYTE pOutBuffer = pSmbResponse->pBuffer;
ULONG ulBytesAvailable = pSmbResponse->ulBytesAvailable;
ULONG ulDataOffset = 0;
ULONG ulOffset = 0;
ULONG ulBytesUsed = 0;
ULONG ulTotalBytesUsed = 0;
ntStatus = SrvCreditorAdjustCredits(
pExecContext->pConnection->pCreditor,
pSmbRequest->pHeader->ullCommandSequence,
pNotifyState->ullAsyncId,
pSmbRequest->pHeader->usCredits,
&pExecContext->usCreditsGranted);
BAIL_ON_NT_STATUS(ntStatus);
ntStatus = SMB2MarshalHeader(
pOutBuffer,
ulOffset,
ulBytesAvailable,
COM2_NOTIFY,
pSmbRequest->pHeader->usEpoch,
pExecContext->usCreditsGranted,
pSmbRequest->pHeader->ulPid,
pSmbRequest->pHeader->ullCommandSequence,
pCtxSmb2->pTree->ulTid,
pCtxSmb2->pSession->ullUid,
pNotifyState->ullAsyncId,
pSmbRequest->pHeader->error,
TRUE,
LwIsSetFlag(
pSmbRequest->pHeader->ulFlags,
SMB2_FLAGS_RELATED_OPERATION),
&pSmbResponse->pHeader,
&pSmbResponse->ulHeaderSize);
BAIL_ON_NT_STATUS(ntStatus);
pOutBuffer += pSmbResponse->ulHeaderSize;
ulOffset += pSmbResponse->ulHeaderSize;
ulBytesAvailable -= pSmbResponse->ulHeaderSize;
ulTotalBytesUsed += pSmbResponse->ulHeaderSize;
if ((pNotifyState->ioStatusBlock.Status == STATUS_SUCCESS) &&
pNotifyState->ulBytesUsed > 0)
{
ntStatus = SrvMarshalNotifyResponse_SMB_V2(
pNotifyState->pBuffer,
pNotifyState->ulBytesUsed,
&pData,
&ulDataLength);
BAIL_ON_NT_STATUS(ntStatus);
}
ntStatus = SMB2MarshalNotifyResponse(
pOutBuffer,
ulOffset,
ulBytesAvailable,
pData,
ulDataLength,
&ulDataOffset,
&pNotifyResponseHeader,
&ulBytesUsed);
BAIL_ON_NT_STATUS(ntStatus);
// pOutBuffer += ulBytesUsed;
// ulOffset += ulBytesUsed;
// ulBytesAvailable -= ulBytesUsed;
ulTotalBytesUsed += ulBytesUsed;
pSmbResponse->ulMessageSize = ulTotalBytesUsed;
cleanup:
if (pData)
{
SrvFreeMemory(pData);
}
return ntStatus;
error:
if (ulTotalBytesUsed)
{
pSmbResponse->pHeader = NULL;
pSmbResponse->ulHeaderSize = 0;
memset(pSmbResponse->pBuffer, 0, ulTotalBytesUsed);
}
pSmbResponse->ulMessageSize = 0;
goto cleanup;
}
static
NTSTATUS
SrvMarshalNotifyResponse_SMB_V2(
PBYTE pNotifyResponse,
ULONG ulNotifyResponseLength,
PBYTE* ppBuffer,
PULONG pulBufferLength
)
{
NTSTATUS ntStatus = STATUS_SUCCESS;
PBYTE pBuffer = NULL;
ULONG ulBufferLength = 0;
ULONG ulOffset = 0;
ULONG ulNumRecords = 0;
ULONG iRecord = 0;
ULONG ulBytesAvailable = ulNotifyResponseLength;
PBYTE pDataCursor = NULL;
PFILE_NOTIFY_INFORMATION pNotifyCursor = NULL;
PFILE_NOTIFY_INFORMATION pPrevHeader = NULL;
PFILE_NOTIFY_INFORMATION pCurHeader = NULL;
pNotifyCursor = (PFILE_NOTIFY_INFORMATION)pNotifyResponse;
while (pNotifyCursor && (ulBufferLength < ulBytesAvailable))
{
ulBufferLength += offsetof(FILE_NOTIFY_INFORMATION, FileName);
if (!pNotifyCursor->FileNameLength)
{
ulBufferLength += sizeof(wchar16_t);
}
else
{
ulBufferLength += pNotifyCursor->FileNameLength;
}
ulNumRecords++;
if (pNotifyCursor->NextEntryOffset)
{
if (ulBufferLength % 4)
{
USHORT usAlignment = (4 - (ulBufferLength % 4));
ulBufferLength += usAlignment;
}
pNotifyCursor =
(PFILE_NOTIFY_INFORMATION)(((PBYTE)pNotifyCursor) +
pNotifyCursor->NextEntryOffset);
}
else
{
pNotifyCursor = NULL;
}
}
if (ulBufferLength)
{
ntStatus = SrvAllocateMemory(ulBufferLength, (PVOID*)&pBuffer);
BAIL_ON_NT_STATUS(ntStatus);
}
pNotifyCursor = (PFILE_NOTIFY_INFORMATION)pNotifyResponse;
pDataCursor = pBuffer;
for (; iRecord < ulNumRecords; iRecord++)
{
pPrevHeader = pCurHeader;
pCurHeader = (PFILE_NOTIFY_INFORMATION)pDataCursor;
/* Update next entry offset for previous entry. */
if (pPrevHeader != NULL)
{
pPrevHeader->NextEntryOffset = ulOffset;
}
ulOffset = 0;
pCurHeader->NextEntryOffset = 0;
pCurHeader->Action = pNotifyCursor->Action;
pCurHeader->FileNameLength = pNotifyCursor->FileNameLength;
pDataCursor += offsetof(FILE_NOTIFY_INFORMATION, FileName);
ulOffset += offsetof(FILE_NOTIFY_INFORMATION, FileName);
if (pNotifyCursor->FileNameLength)
{
memcpy( pDataCursor,
(PBYTE)pNotifyCursor->FileName,
pNotifyCursor->FileNameLength);
pDataCursor += pNotifyCursor->FileNameLength;
ulOffset += pNotifyCursor->FileNameLength;
}
else
{
pDataCursor += sizeof(wchar16_t);
ulOffset += sizeof(wchar16_t);
}
if (pNotifyCursor->NextEntryOffset != 0)
{
if (ulOffset % 4)
{
USHORT usAlign = 4 - (ulOffset % 4);
pDataCursor += usAlign;
ulOffset += usAlign;
}
}
pNotifyCursor =
(PFILE_NOTIFY_INFORMATION)(((PBYTE)pNotifyCursor) +
pNotifyCursor->NextEntryOffset);
}
*ppBuffer = pBuffer;
*pulBufferLength = ulBufferLength;
cleanup:
return ntStatus;
error:
*ppBuffer = NULL;
*pulBufferLength = 0;
if (pBuffer)
{
SrvFreeMemory(pBuffer);
}
goto cleanup;
}
NTSTATUS
SrvGetShareName(
IN PCSTR pszHostname,
IN PCSTR pszDomain,
IN PWSTR pwszPath,
OUT PWSTR* ppwszSharename
)
{
NTSTATUS ntStatus = 0;
PWSTR pwszSharename = NULL;
PSTR pszPath = NULL;
PSTR pszShareName = NULL;
PSTR pszCursor = NULL;
ntStatus = SrvWc16sToMbs(pwszPath, &pszPath);
BAIL_ON_NT_STATUS(ntStatus);
pszCursor = pszPath;
/* Skip a leading pair of backslashes */
if ((strlen(pszCursor) > 2) &&
(*pszCursor == '\\') &&
(*(pszCursor+1) == '\\'))
{
pszCursor += 2;
}
pszShareName = strchr(pszCursor, '\\');
if (pszShareName == NULL)
{
pszShareName = pszCursor;
}
else
{
pszShareName++;
}
if (*pszShareName == '\0')
{
ntStatus = STATUS_BAD_NETWORK_PATH;
BAIL_ON_NT_STATUS(ntStatus);
}
ntStatus = SrvMbsToWc16s(pszShareName, &pwszSharename);
BAIL_ON_NT_STATUS(ntStatus);
*ppwszSharename = pwszSharename;
cleanup:
if (pszPath)
{
SrvFreeMemory(pszPath);
}
return ntStatus;
error:
*ppwszSharename = NULL;
goto cleanup;
}
NTSTATUS
SrvShareSetDefaultSecurity(
PSRV_SHARE_INFO pShareInfo
)
{
NTSTATUS ntStatus = STATUS_SUCCESS;
PSECURITY_DESCRIPTOR_RELATIVE pRelSecDesc = NULL;
ULONG ulRelSecDescLen = 0;
PSECURITY_DESCRIPTOR_ABSOLUTE pAbsSecDesc = NULL;
DWORD dwAceCount = 0;
PSID pOwnerSid = NULL;
PSID pGroupSid = NULL;
PACL pDacl = NULL;
DWORD dwSizeDacl = 0;
union
{
SID sid;
BYTE buffer[SID_MAX_SIZE];
} administratorsSid;
union
{
SID sid;
BYTE buffer[SID_MAX_SIZE];
} powerUsersSid;
union
{
SID sid;
BYTE buffer[SID_MAX_SIZE];
} everyoneSid;
ULONG ulAdministratorsSidSize = sizeof(administratorsSid.buffer);
ULONG ulPowerUsersSidSize = sizeof(powerUsersSid.buffer);
ULONG ulEveryoneSidSize = sizeof(everyoneSid.buffer);
ACCESS_MASK worldAccessMask = 0;
/* Clear out any existing SecDesc's. This is not a normal
use case, but be paranoid */
if (pShareInfo->ulSecDescLen)
{
SrvShareFreeSecurity(pShareInfo);
}
/* Build the new Absolute Security Descriptor */
ntStatus = RTL_ALLOCATE(
&pAbsSecDesc,
VOID,
SECURITY_DESCRIPTOR_ABSOLUTE_MIN_SIZE);
BAIL_ON_NT_STATUS(ntStatus);
ntStatus = RtlCreateSecurityDescriptorAbsolute(
pAbsSecDesc,
SECURITY_DESCRIPTOR_REVISION);
BAIL_ON_NT_STATUS(ntStatus);
/* Create some SIDs */
ntStatus = RtlCreateWellKnownSid(
WinBuiltinAdministratorsSid,
NULL,
(PSID)administratorsSid.buffer,
&ulAdministratorsSidSize);
BAIL_ON_NT_STATUS(ntStatus);
ntStatus = RtlCreateWellKnownSid(
WinBuiltinPowerUsersSid,
NULL,
(PSID)powerUsersSid.buffer,
&ulPowerUsersSidSize);
BAIL_ON_NT_STATUS(ntStatus);
ntStatus = RtlCreateWellKnownSid(
WinWorldSid,
NULL,
(PSID)everyoneSid.buffer,
&ulEveryoneSidSize);
BAIL_ON_NT_STATUS(ntStatus);
/* Owner: Administrators */
ntStatus = RtlDuplicateSid(&pOwnerSid, &administratorsSid.sid);
BAIL_ON_NT_STATUS(ntStatus);
ntStatus = RtlSetOwnerSecurityDescriptor(
pAbsSecDesc,
pOwnerSid,
FALSE);
BAIL_ON_NT_STATUS(ntStatus);
/* Group: Power Users */
ntStatus = RtlDuplicateSid(&pGroupSid, &powerUsersSid.sid);
BAIL_ON_NT_STATUS(ntStatus);
ntStatus = RtlSetGroupSecurityDescriptor(
pAbsSecDesc,
pGroupSid,
FALSE);
BAIL_ON_NT_STATUS(ntStatus);
/* DACL:
Administrators - (Full Control)
Everyone - (Read) for disk shares, (Read/Write) to IPC shares */
dwAceCount = 2;
dwSizeDacl = ACL_HEADER_SIZE +
dwAceCount * sizeof(ACCESS_ALLOWED_ACE) +
RtlLengthSid(&administratorsSid.sid) +
RtlLengthSid(&everyoneSid.sid) -
dwAceCount * sizeof(ULONG);
ntStatus= RTL_ALLOCATE(&pDacl, VOID, dwSizeDacl);
BAIL_ON_NT_STATUS(ntStatus);
ntStatus = RtlCreateAcl(pDacl, dwSizeDacl, ACL_REVISION);
BAIL_ON_NT_STATUS(ntStatus);
ntStatus = RtlAddAccessAllowedAceEx(
pDacl,
ACL_REVISION,
0,
FILE_ALL_ACCESS,
&administratorsSid.sid);
BAIL_ON_NT_STATUS(ntStatus);
worldAccessMask = FILE_GENERIC_READ | FILE_GENERIC_EXECUTE;
if (pShareInfo->service == SHARE_SERVICE_NAMED_PIPE)
{
worldAccessMask |= FILE_GENERIC_WRITE;
}
ntStatus = RtlAddAccessAllowedAceEx(
pDacl,
ACL_REVISION,
0,
worldAccessMask,
&everyoneSid.sid);
BAIL_ON_NT_STATUS(ntStatus);
ntStatus = RtlSetDaclSecurityDescriptor(
pAbsSecDesc,
TRUE,
pDacl,
FALSE);
BAIL_ON_NT_STATUS(ntStatus);
/* Create the SelfRelative SD and assign them to the Share */
ntStatus = RtlAbsoluteToSelfRelativeSD(
pAbsSecDesc,
NULL,
&ulRelSecDescLen);
if (ntStatus == STATUS_BUFFER_TOO_SMALL)
{
ntStatus = SrvAllocateMemory(ulRelSecDescLen, (PVOID*)&pRelSecDesc);
BAIL_ON_NT_STATUS(ntStatus);
ntStatus = RtlAbsoluteToSelfRelativeSD(
pAbsSecDesc,
pRelSecDesc,
&ulRelSecDescLen);
}
BAIL_ON_NT_STATUS(ntStatus);
pShareInfo->pSecDesc = pRelSecDesc;
pShareInfo->ulSecDescLen = ulRelSecDescLen;
pShareInfo->pAbsSecDesc = pAbsSecDesc;
ntStatus = STATUS_SUCCESS;
cleanup:
return ntStatus;
error:
RTL_FREE(&pAbsSecDesc);
RTL_FREE(&pOwnerSid);
RTL_FREE(&pGroupSid);
RTL_FREE(&pDacl);
if (pRelSecDesc)
{
SrvFreeMemory(pRelSecDesc);
}
goto cleanup;
}
NTSTATUS
SrvShareSetSecurity(
IN PSRV_SHARE_INFO pShareInfo,
IN PSECURITY_DESCRIPTOR_RELATIVE pIncRelSecDesc,
IN ULONG ulIncRelSecDescLen
)
{
NTSTATUS ntStatus = STATUS_SUCCESS;
PSECURITY_DESCRIPTOR_ABSOLUTE pIncAbsSecDesc = NULL;
PSECURITY_DESCRIPTOR_ABSOLUTE pFinalAbsSecDesc = NULL;
PSECURITY_DESCRIPTOR_RELATIVE pFinalRelSecDesc = NULL;
ULONG ulFinalRelSecDescLen = 0;
SECURITY_INFORMATION secInfo = 0;
PSID pOwner = NULL;
PSID pGroup = NULL;
PACL pDacl = NULL;
PACL pSacl = NULL;
BOOLEAN bDefaulted = FALSE;
BOOLEAN bPresent = FALSE;
GENERIC_MAPPING GenericMap = {
.GenericRead = FILE_GENERIC_READ,
.GenericWrite = FILE_GENERIC_WRITE,
.GenericExecute = FILE_GENERIC_EXECUTE,
.GenericAll = FILE_ALL_ACCESS };
/* Sanity checks */
if ((pIncRelSecDesc == NULL) || (ulIncRelSecDescLen == 0))
{
ntStatus = STATUS_INVALID_PARAMETER;
BAIL_ON_NT_STATUS(ntStatus);
}
if (pShareInfo->ulSecDescLen == 0)
{
ntStatus = SrvShareSetDefaultSecurity(pShareInfo);
BAIL_ON_NT_STATUS(ntStatus);
}
/* Make the Absolute version of thr incoming SD and
get the SecurityInformation */
ntStatus = SrvShareCreateAbsoluteSecDescFromRel(
&pIncAbsSecDesc,
pIncRelSecDesc) ;
BAIL_ON_NT_STATUS(ntStatus);
/* Don't bail on these. We'll be checking the pointer */
ntStatus = RtlGetOwnerSecurityDescriptor(
pIncAbsSecDesc,
&pOwner,
&bDefaulted);
secInfo |= pOwner ? OWNER_SECURITY_INFORMATION : 0;
ntStatus = RtlGetGroupSecurityDescriptor(
pIncAbsSecDesc,
&pGroup,
&bDefaulted);
secInfo |= pGroup ? GROUP_SECURITY_INFORMATION : 0;
ntStatus = RtlGetDaclSecurityDescriptor(
pIncAbsSecDesc,
&bPresent,
&pDacl,
&bDefaulted);
secInfo |= pDacl ? DACL_SECURITY_INFORMATION : 0;
ntStatus = RtlGetSaclSecurityDescriptor(
pIncAbsSecDesc,
&bPresent,
&pSacl,
&bDefaulted);
secInfo |= pSacl ? SACL_SECURITY_INFORMATION : 0;
/* Assume the new length is not longer than the combined length
of both the current and incoming relative SecDesc buffers */
ulFinalRelSecDescLen = ulIncRelSecDescLen + pShareInfo->ulSecDescLen;
ntStatus = SrvAllocateMemory(
ulFinalRelSecDescLen,
(PVOID*)&pFinalRelSecDesc);
BAIL_ON_NT_STATUS(ntStatus);
ntStatus = RtlSetSecurityDescriptorInfo(
secInfo,
pIncRelSecDesc,
pShareInfo->pSecDesc,
pFinalRelSecDesc,
&ulFinalRelSecDescLen,
&GenericMap);
BAIL_ON_NT_STATUS(ntStatus);
ntStatus = SrvShareCreateAbsoluteSecDescFromRel(
&pFinalAbsSecDesc,
pFinalRelSecDesc) ;
BAIL_ON_NT_STATUS(ntStatus);
/* Free the old SecDesc and save the new one */
SrvShareFreeSecurity(pShareInfo);
pShareInfo->pSecDesc = pFinalRelSecDesc;
pShareInfo->ulSecDescLen = ulFinalRelSecDescLen;
pShareInfo->pAbsSecDesc = pFinalAbsSecDesc;
ntStatus = STATUS_SUCCESS;
cleanup:
if (pIncAbsSecDesc)
{
SrvShareFreeAbsoluteSecurityDescriptor(&pIncAbsSecDesc);
}
return ntStatus;
error:
if (pFinalRelSecDesc)
{
SrvFreeMemory(pFinalRelSecDesc);
}
if (pFinalAbsSecDesc)
{
SrvShareFreeAbsoluteSecurityDescriptor(&pFinalAbsSecDesc);
}
goto cleanup;
}
