3651 lines
98 KiB
C
3651 lines
98 KiB
C
/*++
|
|
|
|
Copyright (c) 1998-1999 Microsoft Corporation
|
|
|
|
Module Name:
|
|
|
|
dispatch.c
|
|
|
|
Abstract:
|
|
|
|
this is the major function code dispatch filter layer.
|
|
|
|
Author:
|
|
|
|
Paul McDaniel (paulmcd) 23-Jan-2000
|
|
|
|
Revision History:
|
|
|
|
--*/
|
|
|
|
|
|
|
|
#include "precomp.h"
|
|
|
|
//
|
|
// Private constants.
|
|
//
|
|
|
|
#if DBG
|
|
|
|
PWSTR IrpMjCodes[] =
|
|
{
|
|
L"IRP_MJ_CREATE",
|
|
L"IRP_MJ_CREATE_NAMED_PIPE",
|
|
L"IRP_MJ_CLOSE",
|
|
L"IRP_MJ_READ",
|
|
L"IRP_MJ_WRITE",
|
|
L"IRP_MJ_QUERY_INFORMATION",
|
|
L"IRP_MJ_SET_INFORMATION",
|
|
L"IRP_MJ_QUERY_EA",
|
|
L"IRP_MJ_SET_EA",
|
|
L"IRP_MJ_FLUSH_BUFFERS",
|
|
L"IRP_MJ_QUERY_VOLUME_INFORMATION",
|
|
L"IRP_MJ_SET_VOLUME_INFORMATION",
|
|
L"IRP_MJ_DIRECTORY_CONTROL",
|
|
L"IRP_MJ_FILE_SYSTEM_CONTROL",
|
|
L"IRP_MJ_DEVICE_CONTROL",
|
|
L"IRP_MJ_INTERNAL_DEVICE_CONTROL",
|
|
L"IRP_MJ_SHUTDOWN",
|
|
L"IRP_MJ_LOCK_CONTROL",
|
|
L"IRP_MJ_CLEANUP",
|
|
L"IRP_MJ_CREATE_MAILSLOT",
|
|
L"IRP_MJ_QUERY_SECURITY",
|
|
L"IRP_MJ_SET_SECURITY",
|
|
L"IRP_MJ_POWER",
|
|
L"IRP_MJ_SYSTEM_CONTROL",
|
|
L"IRP_MJ_DEVICE_CHANGE",
|
|
L"IRP_MJ_QUERY_QUOTA",
|
|
L"IRP_MJ_SET_QUOTA",
|
|
L"IRP_MJ_PNP",
|
|
L"IRP_MJ_MAXIMUM_FUNCTION",
|
|
};
|
|
|
|
#endif // DBG
|
|
|
|
//
|
|
// Private types.
|
|
//
|
|
|
|
//
|
|
// Private prototypes.
|
|
//
|
|
|
|
NTSTATUS
|
|
SrCreateRestorePointIoctl (
|
|
IN PIRP pIrp,
|
|
IN PIO_STACK_LOCATION IrpSp
|
|
);
|
|
|
|
NTSTATUS
|
|
SrGetNextSeqNumIoctl (
|
|
IN PIRP pIrp,
|
|
IN PIO_STACK_LOCATION IrpSp
|
|
);
|
|
|
|
NTSTATUS
|
|
SrReloadConfigurationIoctl (
|
|
IN PIRP pIrp,
|
|
IN PIO_STACK_LOCATION IrpSp
|
|
);
|
|
|
|
NTSTATUS
|
|
SrSwitchAllLogsIoctl (
|
|
IN PIRP pIrp,
|
|
IN PIO_STACK_LOCATION IrpSp
|
|
);
|
|
|
|
NTSTATUS
|
|
SrDisableVolumeIoctl (
|
|
IN PIRP pIrp,
|
|
IN PIO_STACK_LOCATION IrpSp
|
|
);
|
|
|
|
NTSTATUS
|
|
SrStartMonitoringIoctl (
|
|
IN PIRP pIrp,
|
|
IN PIO_STACK_LOCATION IrpSp
|
|
);
|
|
|
|
NTSTATUS
|
|
SrStopMonitoringIoctl (
|
|
IN PIRP pIrp,
|
|
IN PIO_STACK_LOCATION IrpSp
|
|
);
|
|
|
|
NTSTATUS
|
|
SrDismountCompletion(
|
|
IN PDEVICE_OBJECT DeviceObject,
|
|
IN PIRP Irp,
|
|
IN PVOID Context
|
|
);
|
|
|
|
|
|
//
|
|
// linker commands
|
|
//
|
|
|
|
#ifdef ALLOC_PRAGMA
|
|
|
|
#pragma alloc_text( PAGE, SrMajorFunction )
|
|
#pragma alloc_text( PAGE, SrCleanup )
|
|
#pragma alloc_text( PAGE, SrCreate )
|
|
#pragma alloc_text( PAGE, SrSetInformation )
|
|
#pragma alloc_text( PAGE, SrSetHardLink )
|
|
#pragma alloc_text( PAGE, SrSetSecurity )
|
|
#pragma alloc_text( PAGE, SrCreateRestorePointIoctl )
|
|
#pragma alloc_text( PAGE, SrFsControl )
|
|
#pragma alloc_text( PAGE, SrFsControlReparsePoint )
|
|
#pragma alloc_text( PAGE, SrFsControlMount )
|
|
#pragma alloc_text( PAGE, SrFsControlLockOrDismount)
|
|
#pragma alloc_text( PAGE, SrFsControlWriteRawEncrypted )
|
|
#pragma alloc_text( PAGE, SrFsControlSetSparse )
|
|
#pragma alloc_text( PAGE, SrPnp )
|
|
#pragma alloc_text( PAGE, SrGetNextSeqNumIoctl )
|
|
#pragma alloc_text( PAGE, SrReloadConfigurationIoctl )
|
|
#pragma alloc_text( PAGE, SrSwitchAllLogsIoctl )
|
|
#pragma alloc_text( PAGE, SrDisableVolumeIoctl )
|
|
#pragma alloc_text( PAGE, SrStartMonitoringIoctl )
|
|
#pragma alloc_text( PAGE, SrStopMonitoringIoctl )
|
|
#pragma alloc_text( PAGE, SrShutdown )
|
|
|
|
#endif // ALLOC_PRAGMA
|
|
|
|
#if 0
|
|
NOT PAGEABLE -- SrPassThrough
|
|
NOT PAGEABLE -- SrWrite
|
|
#endif // 0
|
|
|
|
|
|
//
|
|
// Private globals.
|
|
//
|
|
|
|
//
|
|
// Lookup table to verify incoming IOCTL codes.
|
|
//
|
|
|
|
typedef
|
|
NTSTATUS
|
|
(NTAPI * PFN_IOCTL_HANDLER)(
|
|
IN PIRP pIrp,
|
|
IN PIO_STACK_LOCATION IrpSp
|
|
);
|
|
|
|
typedef struct _SR_IOCTL_TABLE
|
|
{
|
|
ULONG IoControlCode;
|
|
PFN_IOCTL_HANDLER Handler;
|
|
} SR_IOCTL_TABLE, *PSR_IOCTL_TABLE;
|
|
|
|
SR_IOCTL_TABLE SrIoctlTable[] =
|
|
{
|
|
{ IOCTL_SR_CREATE_RESTORE_POINT, &SrCreateRestorePointIoctl },
|
|
{ IOCTL_SR_RELOAD_CONFIG, &SrReloadConfigurationIoctl },
|
|
{ IOCTL_SR_START_MONITORING, &SrStartMonitoringIoctl },
|
|
{ IOCTL_SR_STOP_MONITORING, &SrStopMonitoringIoctl },
|
|
{ IOCTL_SR_WAIT_FOR_NOTIFICATION, &SrWaitForNotificationIoctl },
|
|
{ IOCTL_SR_SWITCH_LOG, &SrSwitchAllLogsIoctl },
|
|
{ IOCTL_SR_DISABLE_VOLUME, &SrDisableVolumeIoctl },
|
|
{ IOCTL_SR_GET_NEXT_SEQUENCE_NUM, &SrGetNextSeqNumIoctl }
|
|
};
|
|
|
|
C_ASSERT( SR_NUM_IOCTLS == DIMENSION(SrIoctlTable) );
|
|
|
|
//
|
|
// Public globals.
|
|
//
|
|
|
|
//
|
|
// Public functions.
|
|
//
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/***************************************************************************++
|
|
|
|
Routine Description:
|
|
|
|
Does any pre or post work for the IRP then passes it through to the
|
|
lower layer driver.
|
|
|
|
NOTE: This routine is NOT pageable
|
|
|
|
Arguments:
|
|
|
|
|
|
Return Value:
|
|
|
|
NTSTATUS - Status code.
|
|
|
|
--***************************************************************************/
|
|
NTSTATUS
|
|
SrPassThrough(
|
|
IN PDEVICE_OBJECT DeviceObject,
|
|
IN PIRP pIrp
|
|
)
|
|
{
|
|
PSR_DEVICE_EXTENSION pExtension;
|
|
|
|
//
|
|
// this is NonPaged code!
|
|
//
|
|
|
|
ASSERT(KeGetCurrentIrql() <= APC_LEVEL);
|
|
ASSERT(IS_VALID_DEVICE_OBJECT(DeviceObject));
|
|
ASSERT(IS_VALID_IRP(pIrp));
|
|
|
|
//
|
|
// Is this a function for our Control Device Object?
|
|
//
|
|
|
|
if (DeviceObject == _globals.pControlDevice)
|
|
{
|
|
return SrMajorFunction(DeviceObject, pIrp);
|
|
}
|
|
|
|
//
|
|
// else it is a device we've attached to , grab our extension
|
|
//
|
|
|
|
ASSERT(IS_SR_DEVICE_OBJECT(DeviceObject));
|
|
pExtension = DeviceObject->DeviceExtension;
|
|
|
|
//
|
|
// Now call the appropriate file system driver with the request.
|
|
//
|
|
|
|
IoSkipCurrentIrpStackLocation(pIrp);
|
|
return IoCallDriver(pExtension->pTargetDevice, pIrp);
|
|
} // SrPassThrough
|
|
|
|
|
|
|
|
/***************************************************************************++
|
|
|
|
Routine Description:
|
|
|
|
Handles IRPs for the actual device control object vs. the sub-level
|
|
fsd we are attached to .
|
|
|
|
Arguments:
|
|
|
|
|
|
Return Value:
|
|
|
|
NTSTATUS - Status code.
|
|
|
|
--***************************************************************************/
|
|
NTSTATUS
|
|
SrMajorFunction(
|
|
IN PDEVICE_OBJECT pDeviceObject,
|
|
IN PIRP pIrp
|
|
)
|
|
{
|
|
NTSTATUS Status;
|
|
PIO_STACK_LOCATION pIrpSp;
|
|
PSR_CONTROL_OBJECT pControlObject;
|
|
ULONG Code;
|
|
ULONG FunctionCode;
|
|
PFILE_FULL_EA_INFORMATION pEaBuffer;
|
|
PSR_OPEN_PACKET pOpenPacket;
|
|
|
|
UNREFERENCED_PARAMETER( pDeviceObject );
|
|
|
|
ASSERT(IS_VALID_DEVICE_OBJECT(pDeviceObject));
|
|
ASSERT(IS_VALID_IRP(pIrp));
|
|
ASSERT(pDeviceObject == _globals.pControlDevice);
|
|
|
|
//
|
|
// < dispatch!
|
|
//
|
|
|
|
PAGED_CODE();
|
|
|
|
SrTrace(FUNC_ENTRY, (
|
|
"SR!SrMajorFunction(Function=%ls)\n",
|
|
IrpMjCodes[IoGetCurrentIrpStackLocation(pIrp)->MajorFunction]
|
|
));
|
|
|
|
Status = STATUS_SUCCESS;
|
|
|
|
pIrpSp = IoGetCurrentIrpStackLocation(pIrp);
|
|
|
|
switch (pIrpSp->MajorFunction)
|
|
{
|
|
|
|
//
|
|
// IRP_MJ_CREATE is called to create a new HANDLE on
|
|
// SR_CONTROL_DEVICE_NAME
|
|
//
|
|
|
|
case IRP_MJ_CREATE:
|
|
|
|
//
|
|
// Find and validate the open packet.
|
|
//
|
|
|
|
pEaBuffer = (PFILE_FULL_EA_INFORMATION)
|
|
(pIrp->AssociatedIrp.SystemBuffer);
|
|
|
|
if (pEaBuffer == NULL ||
|
|
pEaBuffer->EaValueLength != sizeof(*pOpenPacket) ||
|
|
pEaBuffer->EaNameLength != SR_OPEN_PACKET_NAME_LENGTH ||
|
|
strcmp( pEaBuffer->EaName, SR_OPEN_PACKET_NAME ) )
|
|
{
|
|
|
|
Status = STATUS_REVISION_MISMATCH;
|
|
goto CompleteTheIrp;
|
|
}
|
|
|
|
pOpenPacket =
|
|
(PSR_OPEN_PACKET)( pEaBuffer->EaName + pEaBuffer->EaNameLength + 1 );
|
|
|
|
ASSERT( (((ULONG_PTR)pOpenPacket) & 7) == 0 );
|
|
|
|
//
|
|
// For now, we'll fail if the incoming version doesn't EXACTLY match
|
|
// the expected version. In future, we may need to be a bit more
|
|
// flexible to allow down-level clients.
|
|
//
|
|
|
|
if (pOpenPacket->MajorVersion != SR_INTERFACE_VERSION_MAJOR ||
|
|
pOpenPacket->MinorVersion != SR_INTERFACE_VERSION_MINOR)
|
|
{
|
|
|
|
Status = STATUS_REVISION_MISMATCH;
|
|
goto CompleteTheIrp;
|
|
}
|
|
|
|
if (_globals.pControlObject != NULL)
|
|
{
|
|
Status = STATUS_DEVICE_ALREADY_ATTACHED;
|
|
goto CompleteTheIrp;
|
|
}
|
|
|
|
try {
|
|
//
|
|
// grab the lock
|
|
//
|
|
|
|
SrAcquireGlobalLockExclusive();
|
|
|
|
//
|
|
// Double check to make sure that the ControlObject hasn't
|
|
// been created while we were waiting to get the lock.
|
|
//
|
|
|
|
if (_globals.pControlObject != NULL)
|
|
{
|
|
|
|
Status = STATUS_DEVICE_ALREADY_ATTACHED;
|
|
leave;
|
|
}
|
|
|
|
//
|
|
// Create a new OBJECT
|
|
//
|
|
|
|
Status = SrCreateControlObject(&pControlObject, 0);
|
|
if (!NT_SUCCESS(Status))
|
|
{
|
|
leave;
|
|
}
|
|
|
|
ASSERT(IS_VALID_CONTROL_OBJECT(pControlObject));
|
|
|
|
//
|
|
// store the object in the file
|
|
//
|
|
|
|
pIrpSp->FileObject->FsContext = pControlObject;
|
|
pIrpSp->FileObject->FsContext2 = SR_CONTROL_OBJECT_CONTEXT;
|
|
|
|
//
|
|
// and keep a global copy
|
|
//
|
|
|
|
_globals.pControlObject = pControlObject;
|
|
|
|
} finally {
|
|
|
|
SrReleaseGlobalLock();
|
|
|
|
}
|
|
|
|
if (!NT_SUCCESS( Status )) {
|
|
goto CompleteTheIrp;
|
|
}
|
|
|
|
break;
|
|
|
|
//
|
|
// IRP_MJ_CLOSE is called when all references are gone.
|
|
// Note: this operation can not be failed. It must succeed.
|
|
//
|
|
|
|
case IRP_MJ_CLOSE:
|
|
|
|
pControlObject = pIrpSp->FileObject->FsContext;
|
|
ASSERT(_globals.pControlObject == pControlObject);
|
|
ASSERT(IS_VALID_CONTROL_OBJECT(pControlObject));
|
|
ASSERT(pIrpSp->FileObject->FsContext2 == SR_CONTROL_OBJECT_CONTEXT);
|
|
|
|
try {
|
|
|
|
SrAcquireGlobalLockExclusive();
|
|
|
|
//
|
|
// delete the control object
|
|
//
|
|
|
|
Status = SrDeleteControlObject(pControlObject);
|
|
if (!NT_SUCCESS(Status))
|
|
{
|
|
leave;
|
|
}
|
|
|
|
pIrpSp->FileObject->FsContext2 = NULL;
|
|
pIrpSp->FileObject->FsContext = NULL;
|
|
|
|
//
|
|
// clear out the global
|
|
//
|
|
|
|
_globals.pControlObject = NULL;
|
|
|
|
} finally {
|
|
|
|
SrReleaseGlobalLock();
|
|
}
|
|
|
|
break;
|
|
|
|
//
|
|
// IRP_MJ_DEVICE_CONTROL is how most user-mode api's drop into here
|
|
//
|
|
|
|
case IRP_MJ_DEVICE_CONTROL:
|
|
|
|
//
|
|
// Extract the IOCTL control code and process the request.
|
|
//
|
|
|
|
Code = pIrpSp->Parameters.DeviceIoControl.IoControlCode;
|
|
FunctionCode = IoGetFunctionCodeFromCtlCode(Code);
|
|
|
|
if (FunctionCode < SR_NUM_IOCTLS &&
|
|
SrIoctlTable[FunctionCode].IoControlCode == Code)
|
|
{
|
|
#if DBG
|
|
KIRQL oldIrql = KeGetCurrentIrql();
|
|
#endif // DBG
|
|
|
|
Status = (SrIoctlTable[FunctionCode].Handler)( pIrp, pIrpSp );
|
|
ASSERT( KeGetCurrentIrql() == oldIrql );
|
|
|
|
if (!NT_SUCCESS(Status)) {
|
|
|
|
goto CompleteTheIrp;
|
|
}
|
|
|
|
}
|
|
else
|
|
{
|
|
//
|
|
// If we made it this far, then the ioctl is invalid.
|
|
//
|
|
|
|
Status = STATUS_INVALID_DEVICE_REQUEST;
|
|
goto CompleteTheIrp;
|
|
}
|
|
|
|
break;
|
|
|
|
//
|
|
// IRP_MJ_CLEANUP is called when all handles are closed
|
|
// Note: this operation can not be failed. It must succeed.
|
|
//
|
|
|
|
case IRP_MJ_CLEANUP:
|
|
|
|
pControlObject = pIrpSp->FileObject->FsContext;
|
|
ASSERT(_globals.pControlObject == pControlObject);
|
|
ASSERT(IS_VALID_CONTROL_OBJECT(pControlObject));
|
|
ASSERT(pIrpSp->FileObject->FsContext2 == SR_CONTROL_OBJECT_CONTEXT);
|
|
|
|
try {
|
|
|
|
SrAcquireGlobalLockExclusive();
|
|
|
|
//
|
|
// cancel all IO on this object
|
|
//
|
|
|
|
Status = SrCancelControlIo(pControlObject);
|
|
CHECK_STATUS(Status);
|
|
|
|
} finally {
|
|
|
|
SrReleaseGlobalLock();
|
|
}
|
|
|
|
break;
|
|
|
|
default:
|
|
|
|
//
|
|
// unsupported!
|
|
//
|
|
|
|
Status = STATUS_INVALID_DEVICE_REQUEST;
|
|
break;
|
|
|
|
}
|
|
|
|
//
|
|
// Complete the request if we are DONE.
|
|
//
|
|
|
|
CompleteTheIrp:
|
|
if (Status != STATUS_PENDING)
|
|
{
|
|
pIrp->IoStatus.Status = Status;
|
|
IoCompleteRequest(pIrp, IO_NO_INCREMENT);
|
|
NULLPTR(pIrp);
|
|
}
|
|
|
|
ASSERT(Status != SR_STATUS_VOLUME_DISABLED);
|
|
|
|
#if DBG
|
|
if (Status == STATUS_INVALID_DEVICE_REQUEST ||
|
|
Status == STATUS_DEVICE_ALREADY_ATTACHED ||
|
|
Status == STATUS_REVISION_MISMATCH)
|
|
{
|
|
//
|
|
// don't DbgBreak on this, test tools pass garbage in normally
|
|
// to test this code path out.
|
|
//
|
|
|
|
return Status;
|
|
}
|
|
#endif
|
|
|
|
RETURN(Status);
|
|
} // SrMajorFunction
|
|
|
|
|
|
/***************************************************************************++
|
|
|
|
Routine Description:
|
|
|
|
Arguments:
|
|
|
|
Handle WRITE Irps.
|
|
NOTE: This routine is NOT pageable.
|
|
|
|
Return Value:
|
|
|
|
NTSTATUS - Status code.
|
|
|
|
--***************************************************************************/
|
|
NTSTATUS
|
|
SrWrite(
|
|
IN PDEVICE_OBJECT DeviceObject,
|
|
IN PIRP pIrp
|
|
)
|
|
{
|
|
PSR_DEVICE_EXTENSION pExtension;
|
|
PIO_STACK_LOCATION pIrpSp;
|
|
PSR_STREAM_CONTEXT pFileContext;
|
|
NTSTATUS eventStatus;
|
|
|
|
//
|
|
// This cannot be paged because it is called from
|
|
// the paging path.
|
|
//
|
|
|
|
ASSERT(IS_VALID_DEVICE_OBJECT(DeviceObject));
|
|
ASSERT(IS_VALID_IRP(pIrp));
|
|
|
|
//
|
|
// Is this a function for our control device object (vs an attachee)?
|
|
//
|
|
|
|
if (DeviceObject == _globals.pControlDevice)
|
|
{
|
|
return SrMajorFunction(DeviceObject, pIrp);
|
|
}
|
|
|
|
//
|
|
// else it is a device we've attached to , grab our extension
|
|
//
|
|
|
|
ASSERT(IS_SR_DEVICE_OBJECT(DeviceObject));
|
|
pExtension = DeviceObject->DeviceExtension;
|
|
|
|
//
|
|
// See if logging is enabled and we don't care about this type of IO
|
|
// to the file systems' control device objects.
|
|
//
|
|
|
|
if (!SR_LOGGING_ENABLED(pExtension) ||
|
|
SR_IS_FS_CONTROL_DEVICE(pExtension))
|
|
{
|
|
goto CompleteTheIrp;
|
|
}
|
|
|
|
//
|
|
// ignore all paging i/o for now. we catch all write's prior to
|
|
// the cache manager even seeing them.
|
|
//
|
|
|
|
pIrpSp = IoGetCurrentIrpStackLocation(pIrp);
|
|
|
|
if (FlagOn(pIrp->Flags, IRP_PAGING_IO))
|
|
{
|
|
goto CompleteTheIrp;
|
|
}
|
|
|
|
//
|
|
// Ignore files with no name
|
|
//
|
|
|
|
if (FILE_OBJECT_IS_NOT_POTENTIALLY_INTERESTING( pIrpSp->FileObject ) ||
|
|
FILE_OBJECT_DOES_NOT_HAVE_VPB( pIrpSp->FileObject ))
|
|
{
|
|
goto CompleteTheIrp;
|
|
}
|
|
|
|
//
|
|
// Get the context now so we can determine if this is a
|
|
// directory or not
|
|
//
|
|
|
|
eventStatus = SrGetContext( pExtension,
|
|
pIrpSp->FileObject,
|
|
SrEventStreamChange,
|
|
&pFileContext );
|
|
|
|
if (!NT_SUCCESS( eventStatus ))
|
|
{
|
|
goto CompleteTheIrp;
|
|
}
|
|
|
|
//
|
|
// If this is a directory don't bother logging because the
|
|
// operation will fail.
|
|
//
|
|
|
|
if (FlagOn(pFileContext->Flags,CTXFL_IsInteresting) && !FlagOn(pFileContext->Flags,CTXFL_IsDirectory))
|
|
{
|
|
SrHandleEvent( pExtension,
|
|
SrEventStreamChange,
|
|
pIrpSp->FileObject,
|
|
pFileContext,
|
|
NULL,
|
|
NULL );
|
|
}
|
|
|
|
//
|
|
// Release the context
|
|
//
|
|
|
|
SrReleaseContext( pFileContext );
|
|
|
|
//
|
|
// call the AttachedTo driver
|
|
//
|
|
|
|
CompleteTheIrp:
|
|
IoSkipCurrentIrpStackLocation(pIrp);
|
|
return IoCallDriver(pExtension->pTargetDevice, pIrp);
|
|
} // SrWrite
|
|
|
|
|
|
/***************************************************************************++
|
|
|
|
Routine Description:
|
|
|
|
Handle Cleanup IRPs
|
|
|
|
Arguments:
|
|
|
|
|
|
Return Value:
|
|
|
|
NTSTATUS - Status code.
|
|
|
|
--***************************************************************************/
|
|
NTSTATUS
|
|
SrCleanup(
|
|
IN PDEVICE_OBJECT DeviceObject,
|
|
IN PIRP pIrp
|
|
)
|
|
{
|
|
PSR_DEVICE_EXTENSION pExtension;
|
|
PIO_STACK_LOCATION pIrpSp;
|
|
|
|
//
|
|
// < dispatch!
|
|
//
|
|
|
|
PAGED_CODE();
|
|
|
|
ASSERT(IS_VALID_DEVICE_OBJECT(DeviceObject));
|
|
ASSERT(IS_VALID_IRP(pIrp));
|
|
|
|
//
|
|
// Is this a function for our control device object (vs an attachee)?
|
|
//
|
|
|
|
if (DeviceObject == _globals.pControlDevice)
|
|
{
|
|
return SrMajorFunction(DeviceObject, pIrp);
|
|
}
|
|
|
|
//
|
|
// else it is a device we've attached to, grab our extension
|
|
//
|
|
|
|
ASSERT(IS_SR_DEVICE_OBJECT(DeviceObject));
|
|
pExtension = DeviceObject->DeviceExtension;
|
|
|
|
//
|
|
// See if logging is enabled and we don't care about this type of IO
|
|
// to the file systems' control device objects.
|
|
//
|
|
|
|
if (!SR_LOGGING_ENABLED(pExtension) ||
|
|
SR_IS_FS_CONTROL_DEVICE(pExtension))
|
|
{
|
|
goto CompleteTheIrp;
|
|
}
|
|
|
|
pIrpSp = IoGetCurrentIrpStackLocation(pIrp);
|
|
|
|
//
|
|
// does this file have a name? skip unnamed files
|
|
//
|
|
|
|
if (FILE_OBJECT_IS_NOT_POTENTIALLY_INTERESTING( pIrpSp->FileObject ) ||
|
|
FILE_OBJECT_DOES_NOT_HAVE_VPB( pIrpSp->FileObject ))
|
|
{
|
|
goto CompleteTheIrp;
|
|
}
|
|
|
|
//
|
|
// is this file about to be deleted ? we do this here as file's can
|
|
// be marked for deletion throughout their lifetime via
|
|
// IRP_MJ_SET_INFORMATION .
|
|
//
|
|
|
|
//
|
|
// for delete we only clean the FCB, not the CCB delete_on_close.
|
|
// this was handled in SrCreate.
|
|
//
|
|
|
|
if (pIrpSp->FileObject->DeletePending)
|
|
{
|
|
NTSTATUS eventStatus;
|
|
PSR_STREAM_CONTEXT pFileContext;
|
|
|
|
//
|
|
// Get the context now so we can determine if this is a directory or not
|
|
//
|
|
|
|
eventStatus = SrGetContext( pExtension,
|
|
pIrpSp->FileObject,
|
|
SrEventFileDelete,
|
|
&pFileContext );
|
|
|
|
if (!NT_SUCCESS( eventStatus ))
|
|
{
|
|
goto CompleteTheIrp;
|
|
}
|
|
|
|
//
|
|
// If interesting, log it
|
|
//
|
|
|
|
if (FlagOn(pFileContext->Flags,CTXFL_IsInteresting))
|
|
{
|
|
SrHandleEvent( pExtension,
|
|
FlagOn(pFileContext->Flags,CTXFL_IsDirectory) ?
|
|
SrEventDirectoryDelete :
|
|
SrEventFileDelete,
|
|
pIrpSp->FileObject,
|
|
pFileContext,
|
|
NULL,
|
|
NULL);
|
|
}
|
|
|
|
//
|
|
// Release the context
|
|
//
|
|
|
|
SrReleaseContext( pFileContext );
|
|
}
|
|
|
|
//
|
|
// call on to the next filter
|
|
//
|
|
|
|
CompleteTheIrp:
|
|
IoSkipCurrentIrpStackLocation(pIrp);
|
|
return IoCallDriver(pExtension->pTargetDevice, pIrp);
|
|
} // SrCleanup
|
|
|
|
|
|
/***************************************************************************++
|
|
|
|
Routine Description:
|
|
|
|
Handle Create IRPS
|
|
|
|
Arguments:
|
|
|
|
|
|
Return Value:
|
|
|
|
NTSTATUS - Status code.
|
|
|
|
--***************************************************************************/
|
|
NTSTATUS
|
|
SrCreate(
|
|
IN PDEVICE_OBJECT DeviceObject,
|
|
IN PIRP pIrp
|
|
)
|
|
{
|
|
PSR_DEVICE_EXTENSION pExtension;
|
|
PIO_STACK_LOCATION pIrpSp;
|
|
NTSTATUS eventStatus;
|
|
NTSTATUS IrpStatus;
|
|
ULONG CreateDisposition;
|
|
ULONG CreateOptions;
|
|
USHORT FileAttributes;
|
|
SR_OVERWRITE_INFO OverwriteInfo;
|
|
KEVENT waitEvent;
|
|
PFILE_OBJECT pFileObject;
|
|
PSR_STREAM_CONTEXT pFileContext = NULL;
|
|
BOOLEAN willCreateUnnamedStream = TRUE;
|
|
|
|
|
|
PAGED_CODE();
|
|
|
|
ASSERT(IS_VALID_DEVICE_OBJECT(DeviceObject));
|
|
ASSERT(IS_VALID_IRP(pIrp));
|
|
|
|
//
|
|
// Is this a function for our control device object (vs an attachee)?
|
|
//
|
|
|
|
if (DeviceObject == _globals.pControlDevice)
|
|
{
|
|
return SrMajorFunction(DeviceObject, pIrp);
|
|
}
|
|
|
|
//
|
|
// else it is a device we've attached to, grab our extension
|
|
//
|
|
|
|
ASSERT(IS_SR_DEVICE_OBJECT(DeviceObject));
|
|
pExtension = DeviceObject->DeviceExtension;
|
|
|
|
//
|
|
// See if logging is enabled and we don't care about this type of IO
|
|
// to the file systems' control device objects.
|
|
//
|
|
|
|
if (!SR_LOGGING_ENABLED(pExtension) ||
|
|
SR_IS_FS_CONTROL_DEVICE(pExtension))
|
|
{
|
|
goto CompleteTheIrpAndReturn;
|
|
}
|
|
|
|
//
|
|
// Finish Initialization
|
|
//
|
|
|
|
pIrpSp = IoGetCurrentIrpStackLocation(pIrp);
|
|
pFileObject = pIrpSp->FileObject;
|
|
|
|
//
|
|
// does this file have a name? skip unnamed files. Also skip paging
|
|
// files. (NULL Vpb is normal - the file is not open yet)
|
|
//
|
|
|
|
if (FILE_OBJECT_IS_NOT_POTENTIALLY_INTERESTING( pFileObject ) ||
|
|
FlagOn(pIrpSp->Flags,SL_OPEN_PAGING_FILE))
|
|
{
|
|
goto CompleteTheIrpAndReturn;
|
|
}
|
|
|
|
//
|
|
// Finish initialization and save some information
|
|
//
|
|
|
|
RtlZeroMemory( &OverwriteInfo, sizeof(OverwriteInfo) );
|
|
OverwriteInfo.Signature = SR_OVERWRITE_INFO_TAG;
|
|
|
|
CreateOptions = pIrpSp->Parameters.Create.Options & FILE_VALID_OPTION_FLAGS;
|
|
CreateDisposition = pIrpSp->Parameters.Create.Options >> 24;
|
|
FileAttributes = pIrpSp->Parameters.Create.FileAttributes;
|
|
|
|
//
|
|
// Handle OVERWRITE and SUPERSEEDE cases.
|
|
//
|
|
|
|
if ((CreateDisposition == FILE_OVERWRITE) ||
|
|
(CreateDisposition == FILE_OVERWRITE_IF) ||
|
|
(CreateDisposition == FILE_SUPERSEDE))
|
|
{
|
|
SR_EVENT_TYPE event;
|
|
//
|
|
// The file may be changed by this open so save a copy before going
|
|
// down to the filesystem.
|
|
//
|
|
// First get the context to determine if this is interesting. Since
|
|
// this is in the PRE-Create stage we can not tell if this file
|
|
// has a context or not (the FsContext field is not initialized yet).
|
|
// We will always create a context. Then in the Post-Create section
|
|
// we will see if a context was already defined. If not we will add
|
|
// this context to the system. If so then we will free this
|
|
// context.
|
|
//
|
|
// Note: If a user opens a directory with any of these
|
|
// CreateDisposition flags set, we will go down this path, treating
|
|
// the directory name like a file. If the directory name is
|
|
// interesting, we will try to back it up and at that point we will
|
|
// realize that it is a directory and bail.
|
|
//
|
|
|
|
event = SrEventStreamOverwrite|SrEventIsNotDirectory|SrEventInPreCreate;
|
|
if (FlagOn( CreateOptions, FILE_OPEN_BY_FILE_ID ))
|
|
{
|
|
event |= SrEventOpenById;
|
|
}
|
|
|
|
eventStatus = SrCreateContext( pExtension,
|
|
pFileObject,
|
|
event,
|
|
FileAttributes,
|
|
&pFileContext );
|
|
|
|
if (!NT_SUCCESS_NO_DBGBREAK(eventStatus))
|
|
{
|
|
goto CompleteTheIrpAndReturn;
|
|
}
|
|
|
|
SrTrace( CONTEXT_LOG, ("Sr!SrCreate: Created (%p) Event=%06x Fl=%03x Use=%d \"%.*S\"\n",
|
|
pFileContext,
|
|
SrEventStreamOverwrite|SrEventIsNotDirectory,
|
|
pFileContext->Flags,
|
|
pFileContext->UseCount,
|
|
(pFileContext->FileName.Length+
|
|
pFileContext->StreamNameLength)/
|
|
sizeof(WCHAR),
|
|
pFileContext->FileName.Buffer) );
|
|
|
|
//
|
|
// If the file is interesting then handle it
|
|
//
|
|
|
|
if (FlagOn(pFileContext->Flags,CTXFL_IsInteresting))
|
|
{
|
|
OverwriteInfo.pIrp = pIrp;
|
|
|
|
eventStatus = SrHandleEvent( pExtension,
|
|
SrEventStreamOverwrite,
|
|
pFileObject,
|
|
pFileContext,
|
|
&OverwriteInfo,
|
|
NULL );
|
|
|
|
OverwriteInfo.pIrp = NULL;
|
|
|
|
if (!NT_SUCCESS(eventStatus))
|
|
{
|
|
//
|
|
// This context has never been linked into a list so nobody
|
|
// else can be refrencing it. Release it (which will delete
|
|
// it since the use count is at 1.
|
|
//
|
|
|
|
ASSERT(pFileContext != NULL);
|
|
ASSERT(pFileContext->UseCount == 1);
|
|
|
|
SrReleaseContext( pFileContext );
|
|
pFileContext = NULL;
|
|
|
|
goto CompleteTheIrpAndReturn;
|
|
}
|
|
}
|
|
}
|
|
|
|
//
|
|
// As long as the file is not marked delete on close, if the file is simply
|
|
// opened, we can do not need to set a completion routine. Otherwise,
|
|
// we need a completion routine so that we can see the result of the
|
|
// create before we do any logging work.
|
|
//
|
|
|
|
if (!FlagOn( CreateOptions, FILE_DELETE_ON_CLOSE ) &&
|
|
CreateDisposition == FILE_OPEN)
|
|
{
|
|
goto CompleteTheIrpAndReturn;
|
|
}
|
|
|
|
//
|
|
// If this is a CREATE operation that could result in the creation of
|
|
// a named data stream on a file (FILE_OPEN and FILE_OVERWRITE will never
|
|
// create a new file), we need to see if the non-named data
|
|
// stream of this file already exists. If the file already exists,
|
|
// then so does the non-named data stream.
|
|
//
|
|
|
|
if (((CreateDisposition == FILE_CREATE) ||
|
|
(CreateDisposition == FILE_OPEN_IF) ||
|
|
(CreateDisposition == FILE_SUPERSEDE) ||
|
|
(CreateDisposition == FILE_OVERWRITE_IF)) &&
|
|
SrFileNameContainsStream( pExtension, pFileObject, pFileContext ))
|
|
{
|
|
if (SrFileAlreadyExists( pExtension, pFileObject, pFileContext ))
|
|
{
|
|
willCreateUnnamedStream = FALSE;
|
|
}
|
|
}
|
|
|
|
//
|
|
// It is an operation we may care about, go to the completion routine
|
|
// to handle what happened.
|
|
//
|
|
|
|
KeInitializeEvent( &waitEvent, SynchronizationEvent, FALSE );
|
|
|
|
IoCopyCurrentIrpStackLocationToNext(pIrp);
|
|
IoSetCompletionRoutine( pIrp,
|
|
SrStopProcessingCompletion,
|
|
&waitEvent,
|
|
TRUE,
|
|
TRUE,
|
|
TRUE );
|
|
|
|
|
|
IrpStatus = IoCallDriver(pExtension->pTargetDevice, pIrp);
|
|
|
|
//
|
|
// Wait for the completion routine to be called
|
|
//
|
|
|
|
if (STATUS_PENDING == IrpStatus)
|
|
{
|
|
NTSTATUS localStatus = KeWaitForSingleObject(&waitEvent, Executive, KernelMode, FALSE, NULL);
|
|
ASSERT(STATUS_SUCCESS == localStatus);
|
|
}
|
|
|
|
//=======================================================================
|
|
//
|
|
// The create operation is completed and we have re-syncronized back
|
|
// to the dispatch routine from the completion routine. Handle
|
|
// post-create operations.
|
|
//
|
|
//=======================================================================
|
|
|
|
//
|
|
// Load status of the operation. We need to remember this status in
|
|
// IrpStatus so that we can return it from this dispatch routine. Status
|
|
// we get the status of our event handling routines as we do our post-
|
|
// CREATE operation work.
|
|
//
|
|
|
|
IrpStatus = pIrp->IoStatus.Status;
|
|
|
|
//
|
|
// Handle the File Overwrite/Supersede cases
|
|
//
|
|
|
|
if ((CreateDisposition == FILE_OVERWRITE) ||
|
|
(CreateDisposition == FILE_OVERWRITE_IF) ||
|
|
(CreateDisposition == FILE_SUPERSEDE))
|
|
{
|
|
ASSERT(pFileContext != NULL);
|
|
ASSERT(pFileContext->UseCount == 1);
|
|
|
|
//
|
|
// See if it was successful (do not change this to NU_SUCCESS macro
|
|
// because STATUS_REPARSE is a success code)
|
|
//
|
|
|
|
if (STATUS_SUCCESS == IrpStatus)
|
|
{
|
|
//
|
|
// Now that the create is completed (and we have context state in
|
|
// the file object) insert this context into the context hash
|
|
// table. This routine will look to see if a context structure
|
|
// already exists for this file. If so, it will free this
|
|
// structure and return the one that already existed. It will
|
|
// properly ref count the context
|
|
//
|
|
|
|
ASSERT(pFileContext != NULL);
|
|
ASSERT(pFileContext->UseCount == 1);
|
|
|
|
//
|
|
// Check to see if we need to be concerned that this name was
|
|
// tunneled. If this context is temporary and we are not going
|
|
// to need to use this context to log any operations, there is
|
|
// not need to go through this extra work.
|
|
//
|
|
|
|
if (!FlagOn( pFileContext->Flags, CTXFL_Temporary ) ||
|
|
(FILE_CREATED == pIrp->IoStatus.Information))
|
|
{
|
|
//
|
|
// We are in a case where name tunneling could affect the
|
|
// correctness of the name we log.
|
|
//
|
|
|
|
eventStatus = SrCheckForNameTunneling( pExtension,
|
|
&pFileContext );
|
|
|
|
if (!NT_SUCCESS( eventStatus ))
|
|
{
|
|
goto AfterCompletionCleanup;
|
|
}
|
|
}
|
|
|
|
SrLinkContext( pExtension,
|
|
pFileObject,
|
|
&pFileContext );
|
|
|
|
SrTrace( CONTEXT_LOG, ("Sr!SrCreate: Link (%p) Event=%06x Fl=%03x Use=%d \"%.*S\"\n",
|
|
pFileContext,
|
|
SrEventStreamOverwrite|SrEventIsNotDirectory,
|
|
pFileContext->Flags,
|
|
pFileContext->UseCount,
|
|
(pFileContext->FileName.Length+
|
|
pFileContext->StreamNameLength)/
|
|
sizeof(WCHAR),
|
|
pFileContext->FileName.Buffer));
|
|
//
|
|
// Handle if the file was actually created
|
|
//
|
|
|
|
if (FILE_CREATED == pIrp->IoStatus.Information)
|
|
{
|
|
//
|
|
// If the file is interesting, log it
|
|
//
|
|
|
|
if (FlagOn(pFileContext->Flags,CTXFL_IsInteresting))
|
|
{
|
|
SrHandleEvent( pExtension,
|
|
((willCreateUnnamedStream) ?
|
|
SrEventFileCreate :
|
|
SrEventStreamCreate),
|
|
pFileObject,
|
|
pFileContext,
|
|
NULL,
|
|
NULL);
|
|
}
|
|
}
|
|
|
|
//
|
|
// make sure it didn't succeed when we thought it would fail
|
|
//
|
|
|
|
else if (!OverwriteInfo.RenamedFile &&
|
|
!OverwriteInfo.CopiedFile &&
|
|
OverwriteInfo.IgnoredFile )
|
|
{
|
|
//
|
|
// ouch, the caller's create worked, but we didn't think
|
|
// it would. this is a bad bug. nothing we can do now, as
|
|
// the file is gone.
|
|
//
|
|
|
|
ASSERT(!"sr!SrCreate(post complete): overwrite succeeded with NO BACKUP");
|
|
|
|
//
|
|
// trigger the failure notification to the service
|
|
//
|
|
|
|
SrNotifyVolumeError( pExtension,
|
|
&pFileContext->FileName,
|
|
STATUS_FILE_INVALID,
|
|
SrEventStreamOverwrite );
|
|
}
|
|
}
|
|
else
|
|
{
|
|
//
|
|
// handle it failing when we thought it would succeed
|
|
//
|
|
|
|
if (OverwriteInfo.RenamedFile)
|
|
{
|
|
//
|
|
// the call failed (or returned some weird info code)
|
|
// but we renamed the file! we need to fix it.
|
|
//
|
|
|
|
eventStatus = SrHandleOverwriteFailure( pExtension,
|
|
&pFileContext->FileName,
|
|
OverwriteInfo.CreateFileAttributes,
|
|
OverwriteInfo.pRenameInformation );
|
|
|
|
ASSERTMSG("sr!SrCreate(post complete): failed to correct a failed overwrite!\n", NT_SUCCESS(eventStatus));
|
|
}
|
|
|
|
//
|
|
// The create failed, the releaseContext below will free
|
|
// the structure since we didn't link it into any lists
|
|
//
|
|
}
|
|
}
|
|
|
|
//
|
|
// If it did not work, return now. Don't bother getting a context
|
|
//
|
|
|
|
else if ((STATUS_REPARSE == IrpStatus) ||
|
|
!NT_SUCCESS_NO_DBGBREAK(IrpStatus))
|
|
{
|
|
ASSERT(pFileContext == NULL);
|
|
}
|
|
|
|
//
|
|
// is this open for DELETE_ON_CLOSE? if so, handle the delete now,
|
|
// we won't have any other chance until MJ_CLEANUP, and it's hard
|
|
// to manipulate the object during cleanup. we do not perform any
|
|
// optimization on deletes in this manner. kernel32!deletefile does
|
|
// not use FILE_DELETE_ON_CLOSE so this should be rare if ever seen.
|
|
//
|
|
|
|
else if (FlagOn(CreateOptions, FILE_DELETE_ON_CLOSE))
|
|
{
|
|
//
|
|
// Get the context so we can see if this is a directory or not
|
|
//
|
|
|
|
ASSERT(pFileContext == NULL);
|
|
|
|
eventStatus = SrGetContext( pExtension,
|
|
pFileObject,
|
|
SrEventFileDelete,
|
|
&pFileContext );
|
|
|
|
if (!NT_SUCCESS(eventStatus))
|
|
{
|
|
goto AfterCompletionCleanup;
|
|
}
|
|
|
|
//
|
|
// Log the operation. If this is a file, we want to make sure that
|
|
// we don't try to rename the file into the store since it will be
|
|
// deleted when it is closed. On a directory delete, we don't have
|
|
// this problem since we only log an entry for a directory delete
|
|
// and don't need to actually backup anything.
|
|
//
|
|
|
|
SrHandleEvent( pExtension,
|
|
(FlagOn(pFileContext->Flags,CTXFL_IsDirectory) ?
|
|
SrEventDirectoryDelete :
|
|
(SrEventFileDelete | SrEventNoOptimization)) ,
|
|
pFileObject,
|
|
pFileContext,
|
|
NULL,
|
|
NULL );
|
|
}
|
|
|
|
//
|
|
// was a brand new file just created?
|
|
//
|
|
|
|
else if ((CreateDisposition == FILE_CREATE) ||
|
|
(pIrp->IoStatus.Information == FILE_CREATED))
|
|
{
|
|
ASSERT(pFileContext == NULL);
|
|
|
|
//
|
|
// LOG the create
|
|
//
|
|
|
|
SrHandleEvent( pExtension,
|
|
(FlagOn( CreateOptions, FILE_DIRECTORY_FILE ) ?
|
|
SrEventDirectoryCreate|SrEventIsDirectory :
|
|
(willCreateUnnamedStream ?
|
|
SrEventFileCreate|SrEventIsNotDirectory :
|
|
SrEventStreamCreate|SrEventIsNotDirectory)),
|
|
pFileObject,
|
|
NULL,
|
|
NULL,
|
|
NULL );
|
|
}
|
|
|
|
//
|
|
// This is for doing any cleanup that occured after we synced with
|
|
// the completion routine
|
|
//
|
|
|
|
AfterCompletionCleanup:
|
|
|
|
if (OverwriteInfo.pRenameInformation != NULL)
|
|
{
|
|
SR_FREE_POOL( OverwriteInfo.pRenameInformation,
|
|
SR_RENAME_BUFFER_TAG );
|
|
|
|
NULLPTR(OverwriteInfo.pRenameInformation);
|
|
}
|
|
|
|
if (NULL != pFileContext)
|
|
{
|
|
SrReleaseContext( pFileContext );
|
|
NULLPTR(pFileContext);
|
|
}
|
|
|
|
//
|
|
// Complete the request and return status
|
|
//
|
|
|
|
IoCompleteRequest( pIrp, IO_NO_INCREMENT );
|
|
return IrpStatus;
|
|
|
|
//
|
|
// We come here if we got an error before the completion routine. This
|
|
// means we don't need to wait for the completion routine.
|
|
//
|
|
|
|
CompleteTheIrpAndReturn:
|
|
IoSkipCurrentIrpStackLocation(pIrp);
|
|
return IoCallDriver(pExtension->pTargetDevice, pIrp);
|
|
} // SrCreate
|
|
|
|
|
|
/***************************************************************************++
|
|
|
|
Routine Description:
|
|
|
|
Handle SetSecurit IRPS
|
|
|
|
Arguments:
|
|
|
|
|
|
Return Value:
|
|
|
|
NTSTATUS - Status code.
|
|
|
|
--***************************************************************************/
|
|
NTSTATUS
|
|
SrSetSecurity(
|
|
IN PDEVICE_OBJECT DeviceObject,
|
|
IN PIRP pIrp
|
|
)
|
|
{
|
|
PSR_DEVICE_EXTENSION pExtension;
|
|
PIO_STACK_LOCATION pIrpSp;
|
|
|
|
//
|
|
// < dispatch!
|
|
//
|
|
|
|
PAGED_CODE();
|
|
|
|
ASSERT(IS_VALID_DEVICE_OBJECT(DeviceObject));
|
|
ASSERT(IS_VALID_IRP(pIrp));
|
|
|
|
//
|
|
// Is this a function for our device (vs an attachee) .
|
|
//
|
|
|
|
if (DeviceObject == _globals.pControlDevice)
|
|
{
|
|
return SrMajorFunction(DeviceObject, pIrp);
|
|
}
|
|
|
|
//
|
|
// else it is a device we've attached to, grab our extension
|
|
//
|
|
|
|
ASSERT(IS_SR_DEVICE_OBJECT(DeviceObject));
|
|
pExtension = DeviceObject->DeviceExtension;
|
|
|
|
//
|
|
// See if logging is enabled and we don't care about this type of IO
|
|
// to the file systems' control device objects.
|
|
//
|
|
|
|
if (!SR_LOGGING_ENABLED(pExtension)||
|
|
SR_IS_FS_CONTROL_DEVICE(pExtension))
|
|
{
|
|
goto CompleteTheIrp;
|
|
}
|
|
|
|
//
|
|
// does this file have a name? skip unnamed files
|
|
//
|
|
|
|
pIrpSp = IoGetCurrentIrpStackLocation(pIrp);
|
|
|
|
if (FILE_OBJECT_IS_NOT_POTENTIALLY_INTERESTING( pIrpSp->FileObject ) ||
|
|
FILE_OBJECT_DOES_NOT_HAVE_VPB( pIrpSp->FileObject ))
|
|
{
|
|
goto CompleteTheIrp;
|
|
}
|
|
|
|
//
|
|
// log the change
|
|
//
|
|
|
|
SrHandleEvent( pExtension,
|
|
SrEventAclChange,
|
|
pIrpSp->FileObject,
|
|
NULL,
|
|
NULL,
|
|
NULL);
|
|
|
|
//
|
|
// call the AttachedTo driver
|
|
//
|
|
|
|
CompleteTheIrp:
|
|
IoSkipCurrentIrpStackLocation(pIrp);
|
|
return IoCallDriver(pExtension->pTargetDevice, pIrp);
|
|
} // SrSetSecurity
|
|
|
|
|
|
/***************************************************************************++
|
|
|
|
Routine Description:
|
|
|
|
handles IRP_MJ_FILE_SYSTEM_CONTROL. the main thing we watch for here
|
|
are set reparse points to monitor volume mounts.
|
|
|
|
Arguments:
|
|
|
|
DeviceObject - the device object being processed
|
|
|
|
pIrp - the irp
|
|
|
|
Return Value:
|
|
|
|
NTSTATUS - Status code.
|
|
|
|
--***************************************************************************/
|
|
NTSTATUS
|
|
SrFsControl(
|
|
IN PDEVICE_OBJECT pDeviceObject,
|
|
IN PIRP pIrp
|
|
)
|
|
{
|
|
PSR_DEVICE_EXTENSION pExtension = NULL;
|
|
PIO_STACK_LOCATION pIrpSp;
|
|
NTSTATUS Status = STATUS_SUCCESS;
|
|
ULONG FsControlCode;
|
|
PIO_COMPLETION_ROUTINE pCompletionRoutine = NULL;
|
|
|
|
PAGED_CODE();
|
|
|
|
ASSERT(KeGetCurrentIrql() <= APC_LEVEL);
|
|
ASSERT(IS_VALID_DEVICE_OBJECT(pDeviceObject));
|
|
ASSERT(IS_VALID_IRP(pIrp));
|
|
|
|
//
|
|
// Is this a function for our control device object (vs an attachee)?
|
|
//
|
|
|
|
if (pDeviceObject == _globals.pControlDevice)
|
|
{
|
|
return SrMajorFunction(pDeviceObject, pIrp);
|
|
}
|
|
|
|
//
|
|
// else it is a device we've attached to , grab our extension
|
|
//
|
|
|
|
ASSERT(IS_SR_DEVICE_OBJECT(pDeviceObject));
|
|
pExtension = pDeviceObject->DeviceExtension;
|
|
|
|
//
|
|
// Begin by determining the minor function code for this file
|
|
// system control function.
|
|
//
|
|
|
|
pIrpSp = IoGetCurrentIrpStackLocation(pIrp);
|
|
|
|
if ( pIrpSp->MinorFunction == IRP_MN_MOUNT_VOLUME )
|
|
{
|
|
|
|
if (SR_IS_SUPPORTED_REAL_DEVICE(pIrpSp->Parameters.MountVolume.Vpb->RealDevice)) {
|
|
|
|
//
|
|
// We mount devices even if we are disabled right now so that the
|
|
// filter can be enabled later and already be attached to each
|
|
// device at the appropriate location in the stack.
|
|
//
|
|
|
|
return SrFsControlMount( pDeviceObject, pExtension, pIrp );
|
|
|
|
} else {
|
|
|
|
//
|
|
// We don't care about this type of device so jump down to where
|
|
// we take SR out of the stack and pass the IO through.
|
|
//
|
|
|
|
goto SrFsControl_Skip;
|
|
}
|
|
}
|
|
else if (pIrpSp->MinorFunction == IRP_MN_USER_FS_REQUEST)
|
|
{
|
|
//
|
|
// See if logging is enabled and we don't care about this type of IO
|
|
// to the file systems' control device objects.
|
|
//
|
|
|
|
if (!SR_LOGGING_ENABLED(pExtension) ||
|
|
SR_IS_FS_CONTROL_DEVICE(pExtension))
|
|
{
|
|
goto SrFsControl_Skip;
|
|
}
|
|
|
|
FsControlCode = pIrpSp->Parameters.FileSystemControl.FsControlCode;
|
|
|
|
switch (FsControlCode) {
|
|
case FSCTL_SET_REPARSE_POINT:
|
|
case FSCTL_DELETE_REPARSE_POINT:
|
|
|
|
//
|
|
// In this case, we need to do work after the IO has completed
|
|
// and we have synchronized back to this thread, so
|
|
// SrFsControlReparsePoint contains the call to IoCallDriver and
|
|
// we just want to return the status of this routine.
|
|
//
|
|
|
|
return SrFsControlReparsePoint(pExtension, pIrp);
|
|
|
|
case FSCTL_LOCK_VOLUME:
|
|
|
|
SrTrace( NOTIFY, ("sr!SrFsControl:FSCTL_LOCK_VOLUME(%wZ)\n",
|
|
pExtension->pNtVolumeName ));
|
|
|
|
SrFsControlLockOrDismount(pExtension, pIrp);
|
|
|
|
//
|
|
// Jump down to where take SR out of the stack and pass this
|
|
// IO through.
|
|
//
|
|
|
|
goto SrFsControl_Skip;
|
|
|
|
case FSCTL_DISMOUNT_VOLUME:
|
|
|
|
SrTrace( NOTIFY, ("sr!SrFsControl:FSCTL_DISMOUNT_VOLUME(%wZ)\n",
|
|
pExtension->pNtVolumeName ));
|
|
|
|
//
|
|
// First, disable the log while we shutdown the log context
|
|
// and wait for the filesystem to handle the dismount. If
|
|
// the dismount fails, we will reenable the volume.
|
|
//
|
|
|
|
pExtension->Disabled = TRUE;
|
|
|
|
//
|
|
// Stop the logging on the volume.
|
|
//
|
|
|
|
SrFsControlLockOrDismount(pExtension, pIrp);
|
|
|
|
//
|
|
// We need to see the completion of this operation so we
|
|
// can see the final status. If we see that the dismount has
|
|
// failed, we need to reenable the volume.
|
|
//
|
|
|
|
pCompletionRoutine = SrDismountCompletion;
|
|
|
|
goto SrFsControl_SetCompletion;
|
|
|
|
case FSCTL_WRITE_RAW_ENCRYPTED:
|
|
|
|
SrFsControlWriteRawEncrypted(pExtension, pIrp);
|
|
|
|
//
|
|
// Jump down to where take SR out of the stack and pass this
|
|
// IO through.
|
|
//
|
|
|
|
goto SrFsControl_Skip;
|
|
|
|
case FSCTL_SET_SPARSE:
|
|
|
|
SrFsControlSetSparse( pExtension, pIrp );
|
|
|
|
//
|
|
// Jump down to where take SR out of the stack and pass this
|
|
// IO through.
|
|
//
|
|
|
|
goto SrFsControl_Skip;
|
|
|
|
default:
|
|
|
|
//
|
|
// For all other FSCTL just skip the current IRP stack location.
|
|
//
|
|
|
|
//
|
|
// Jump down to where take SR out of the stack and pass this
|
|
// IO through.
|
|
//
|
|
|
|
goto SrFsControl_Skip;
|
|
|
|
} // switch (FsControlCode)
|
|
|
|
} // else if (pIrpSp->MinorFunction == IRP_MN_USER_FS_REQUEST)
|
|
else
|
|
{
|
|
//
|
|
// We don't care about any other operations so simply get out of
|
|
// the stack.
|
|
//
|
|
|
|
goto SrFsControl_Skip;
|
|
}
|
|
|
|
SrFsControl_SetCompletion:
|
|
|
|
ASSERT( pCompletionRoutine != NULL );
|
|
|
|
IoCopyCurrentIrpStackLocationToNext(pIrp);
|
|
|
|
IoSetCompletionRoutine( pIrp,
|
|
pCompletionRoutine,
|
|
NULL, // CompletionContext
|
|
TRUE,
|
|
TRUE,
|
|
TRUE );
|
|
|
|
return IoCallDriver( pExtension->pTargetDevice, pIrp );
|
|
|
|
SrFsControl_Skip:
|
|
|
|
ASSERT( pCompletionRoutine == NULL );
|
|
|
|
IoSkipCurrentIrpStackLocation( pIrp );
|
|
return IoCallDriver( pExtension->pTargetDevice, pIrp );
|
|
} // SrFsControl
|
|
|
|
|
|
/***************************************************************************++
|
|
|
|
Routine Description:
|
|
|
|
|
|
Arguments:
|
|
|
|
|
|
Return Value:
|
|
|
|
NTSTATUS - Status code.
|
|
|
|
--***************************************************************************/
|
|
NTSTATUS
|
|
SrFsControlReparsePoint (
|
|
IN PSR_DEVICE_EXTENSION pExtension,
|
|
IN PIRP pIrp
|
|
)
|
|
{
|
|
PREPARSE_DATA_BUFFER pReparseHeader;
|
|
PUNICODE_STRING pMountVolume = NULL;
|
|
PFILE_OBJECT pFileObject = NULL;
|
|
ULONG TotalLength;
|
|
PIO_STACK_LOCATION pIrpSp;
|
|
KEVENT EventToWaitOn;
|
|
NTSTATUS IrpStatus;
|
|
NTSTATUS eventStatus;
|
|
ULONG FsControlCode;
|
|
PSR_STREAM_CONTEXT pFileContext = NULL;
|
|
BOOLEAN isFile = FALSE;
|
|
#if DBG
|
|
|
|
//
|
|
// This is to verify that the original request gets the same error
|
|
// we got when querying the reparse point.
|
|
//
|
|
|
|
BOOLEAN ExpectError = FALSE;
|
|
NTSTATUS ExpectedErrorCode = STATUS_SUCCESS;
|
|
#endif
|
|
|
|
PAGED_CODE();
|
|
|
|
pIrpSp = IoGetCurrentIrpStackLocation( pIrp );
|
|
FsControlCode = pIrpSp->Parameters.FileSystemControl.FsControlCode;
|
|
|
|
//
|
|
// See if it has a name
|
|
//
|
|
|
|
if (FILE_OBJECT_IS_NOT_POTENTIALLY_INTERESTING( pIrpSp->FileObject ) ||
|
|
FILE_OBJECT_DOES_NOT_HAVE_VPB( pIrpSp->FileObject ))
|
|
{
|
|
goto SrFsControlReparsePoint_SkipFilter;
|
|
}
|
|
|
|
//
|
|
// Get the context now so we can determine if this is a directory or not
|
|
//
|
|
|
|
eventStatus = SrGetContext( pExtension,
|
|
pIrpSp->FileObject,
|
|
SrEventInvalid,
|
|
&pFileContext );
|
|
|
|
if (!NT_SUCCESS( eventStatus ))
|
|
{
|
|
goto SrFsControlReparsePoint_SkipFilter;
|
|
}
|
|
|
|
//
|
|
// If it is not a directory, return
|
|
//
|
|
|
|
if (!FlagOn(pFileContext->Flags,CTXFL_IsDirectory))
|
|
{
|
|
isFile = TRUE;
|
|
goto SrFsControlReparsePoint_SkipFilter;
|
|
}
|
|
|
|
//
|
|
// is there enough space for the header?
|
|
//
|
|
|
|
pReparseHeader = pIrp->AssociatedIrp.SystemBuffer;
|
|
|
|
if (pReparseHeader == NULL ||
|
|
pIrpSp->Parameters.DeviceIoControl.InputBufferLength <
|
|
REPARSE_DATA_BUFFER_HEADER_SIZE)
|
|
{
|
|
goto SrFsControlReparsePoint_SkipFilter;
|
|
}
|
|
|
|
//
|
|
// is this a mount point?
|
|
//
|
|
|
|
if (pReparseHeader->ReparseTag != IO_REPARSE_TAG_MOUNT_POINT)
|
|
{
|
|
goto SrFsControlReparsePoint_SkipFilter;
|
|
}
|
|
|
|
//
|
|
// keep a copy for post processing
|
|
//
|
|
|
|
pFileObject = pIrpSp->FileObject;
|
|
ObReferenceObject(pFileObject);
|
|
|
|
//
|
|
// now let's see what we have to do
|
|
//
|
|
|
|
if (FsControlCode == FSCTL_SET_REPARSE_POINT)
|
|
{
|
|
|
|
//
|
|
// If there is no data this is invalid
|
|
//
|
|
|
|
if (pReparseHeader->ReparseDataLength <= 0)
|
|
{
|
|
goto SrFsControlReparsePoint_SkipFilter;
|
|
}
|
|
|
|
//
|
|
// is there enough space for the header + data?
|
|
// (according to him - not trusted)
|
|
//
|
|
//
|
|
|
|
if (pIrpSp->Parameters.DeviceIoControl.InputBufferLength <
|
|
pReparseHeader->ReparseDataLength + ((ULONG)REPARSE_DATA_BUFFER_HEADER_SIZE))
|
|
{
|
|
goto SrFsControlReparsePoint_SkipFilter;
|
|
}
|
|
|
|
//
|
|
// did he lie about the length of the string?
|
|
//
|
|
|
|
TotalLength = DIFF( (((PUCHAR)pReparseHeader->MountPointReparseBuffer.PathBuffer)
|
|
+ pReparseHeader->MountPointReparseBuffer.SubstituteNameLength)
|
|
- ((PUCHAR)pReparseHeader) );
|
|
|
|
if (TotalLength >
|
|
pIrpSp->Parameters.DeviceIoControl.InputBufferLength)
|
|
{
|
|
goto SrFsControlReparsePoint_SkipFilter;
|
|
}
|
|
|
|
//
|
|
// grab the volume name
|
|
//
|
|
|
|
eventStatus = SrAllocateFileNameBuffer( pReparseHeader->MountPointReparseBuffer.SubstituteNameLength,
|
|
&pMountVolume );
|
|
|
|
if (!NT_SUCCESS(eventStatus))
|
|
{
|
|
goto SrFsControlReparsePoint_VolumeError;
|
|
}
|
|
|
|
RtlCopyMemory( pMountVolume->Buffer,
|
|
pReparseHeader->MountPointReparseBuffer.PathBuffer,
|
|
pReparseHeader->MountPointReparseBuffer.SubstituteNameLength );
|
|
|
|
pMountVolume->Length = pReparseHeader->MountPointReparseBuffer.SubstituteNameLength;
|
|
}
|
|
else
|
|
{
|
|
ASSERT(FsControlCode == FSCTL_DELETE_REPARSE_POINT);
|
|
|
|
//
|
|
// it's a delete, get the old mount location for logging
|
|
//
|
|
|
|
eventStatus = SrGetMountVolume( pFileObject,
|
|
&pMountVolume );
|
|
|
|
if (eventStatus == STATUS_INSUFFICIENT_RESOURCES)
|
|
{
|
|
//
|
|
// Must notify service of volume error and shut down
|
|
// before passing the IO through.
|
|
//
|
|
|
|
goto SrFsControlReparsePoint_VolumeError;
|
|
}
|
|
|
|
#if DBG
|
|
if (!NT_SUCCESS_NO_DBGBREAK( eventStatus ))
|
|
{
|
|
ExpectError = TRUE;
|
|
ExpectedErrorCode = eventStatus;
|
|
goto SrFsControlReparsePoint_SkipFilter;
|
|
}
|
|
#else
|
|
if (!NT_SUCCESS( eventStatus ))
|
|
{
|
|
goto SrFsControlReparsePoint_SkipFilter;
|
|
}
|
|
#endif
|
|
}
|
|
|
|
//
|
|
// If we get to this point, this is a reparse point we care about
|
|
// so set a completion routine so that we can see the result of this
|
|
// operation.
|
|
//
|
|
|
|
KeInitializeEvent( &EventToWaitOn, NotificationEvent, FALSE );
|
|
|
|
IoCopyCurrentIrpStackLocationToNext( pIrp );
|
|
IoSetCompletionRoutine( pIrp,
|
|
SrStopProcessingCompletion,
|
|
&EventToWaitOn,
|
|
TRUE,
|
|
TRUE,
|
|
TRUE );
|
|
|
|
IrpStatus = IoCallDriver( pExtension->pTargetDevice, pIrp );
|
|
|
|
if (STATUS_PENDING == IrpStatus )
|
|
{
|
|
NTSTATUS localStatus = KeWaitForSingleObject( &EventToWaitOn,
|
|
Executive,
|
|
KernelMode,
|
|
FALSE,
|
|
NULL );
|
|
ASSERT(STATUS_SUCCESS == localStatus);
|
|
}
|
|
|
|
//
|
|
// The Irp is still good since we have returned
|
|
// STATUS_MORE_PROCESSING_REQUIRED from the completion
|
|
// routine.
|
|
//
|
|
|
|
//
|
|
// If the status in the IRP was STATUS_PENDING,
|
|
// we want to change the status to STATUS_SUCCESS
|
|
// since we have just performed the necessary synchronization
|
|
// with the orginating thread.
|
|
//
|
|
|
|
if (pIrp->IoStatus.Status == STATUS_PENDING)
|
|
{
|
|
ASSERT(!"I want to see if this ever happens");
|
|
pIrp->IoStatus.Status = STATUS_SUCCESS;
|
|
}
|
|
|
|
IrpStatus = pIrp->IoStatus.Status;
|
|
|
|
//
|
|
// We are done with the Irp, so complete the Irp.
|
|
//
|
|
|
|
IoCompleteRequest( pIrp, IO_NO_INCREMENT );
|
|
|
|
//
|
|
// Now these pointers are no longer valid.
|
|
//
|
|
|
|
NULLPTR(pIrp);
|
|
NULLPTR(pIrpSp);
|
|
|
|
//
|
|
// Check to make sure the operation successfully
|
|
// completed.
|
|
//
|
|
|
|
if (!NT_SUCCESS_NO_DBGBREAK(IrpStatus))
|
|
{
|
|
goto SrFsControlReparsePoint_Exit;
|
|
}
|
|
|
|
//
|
|
// The reparse point change occurred successfully, so
|
|
// log the reparse point change.
|
|
//
|
|
|
|
ASSERT(pFileObject != NULL);
|
|
ASSERT(pFileContext != NULL);
|
|
ASSERT(FlagOn(pFileContext->Flags,CTXFL_IsDirectory));
|
|
ASSERT(FsControlCode == FSCTL_DELETE_REPARSE_POINT ||
|
|
FsControlCode == FSCTL_SET_REPARSE_POINT);
|
|
|
|
SrHandleEvent( pExtension,
|
|
((FSCTL_SET_REPARSE_POINT == FsControlCode) ?
|
|
SrEventMountCreate :
|
|
SrEventMountDelete),
|
|
pFileObject,
|
|
pFileContext,
|
|
NULL,
|
|
pMountVolume );
|
|
|
|
goto SrFsControlReparsePoint_Exit;
|
|
|
|
SrFsControlReparsePoint_VolumeError:
|
|
|
|
//
|
|
// We've gotten a volume error sometime before we passed the IRP
|
|
// along to the base file system. Do the right thing to shut down
|
|
// the volume logging.
|
|
//
|
|
|
|
SrNotifyVolumeError( pExtension,
|
|
NULL,
|
|
eventStatus,
|
|
SrNotificationVolumeError );
|
|
//
|
|
// We will now fall through to skip our filter as we pass the IO
|
|
// down to the remaining filters and file system.
|
|
//
|
|
|
|
SrFsControlReparsePoint_SkipFilter:
|
|
|
|
//
|
|
// If this was a file, we need to clear out our context on this file
|
|
// since we don't want to monitor files with Reparse Points. On the
|
|
// next access to this file, we will requery this information.
|
|
//
|
|
|
|
if (isFile)
|
|
{
|
|
ASSERT( pFileContext != NULL );
|
|
SrDeleteContext( pExtension, pFileContext );
|
|
}
|
|
|
|
//
|
|
// We don't need a completion routine, call to next driver
|
|
//
|
|
|
|
IoSkipCurrentIrpStackLocation( pIrp );
|
|
IrpStatus = IoCallDriver( pExtension->pTargetDevice, pIrp );
|
|
|
|
NULLPTR(pIrp);
|
|
NULLPTR(pIrpSp);
|
|
|
|
ASSERT(!ExpectError || ((ExpectedErrorCode == IrpStatus) ||
|
|
(STATUS_PENDING == IrpStatus )));
|
|
|
|
//
|
|
// Cleanup state
|
|
//
|
|
|
|
SrFsControlReparsePoint_Exit:
|
|
|
|
if (NULL != pMountVolume)
|
|
{
|
|
SrFreeFileNameBuffer( pMountVolume );
|
|
NULLPTR(pMountVolume);
|
|
}
|
|
|
|
if (NULL != pFileObject)
|
|
{
|
|
ObDereferenceObject( pFileObject );
|
|
NULLPTR(pFileObject);
|
|
}
|
|
|
|
if (NULL != pFileContext)
|
|
{
|
|
SrReleaseContext( pFileContext );
|
|
NULLPTR(pFileContext);
|
|
}
|
|
|
|
return IrpStatus;
|
|
}
|
|
|
|
/***************************************************************************++
|
|
|
|
Routine Description:
|
|
|
|
|
|
Arguments:
|
|
|
|
|
|
Return Value:
|
|
|
|
NTSTATUS - Status code.
|
|
|
|
--***************************************************************************/
|
|
NTSTATUS
|
|
SrFsControlMount (
|
|
IN PDEVICE_OBJECT pDeviceObject,
|
|
IN PSR_DEVICE_EXTENSION pExtension,
|
|
IN PIRP pIrp
|
|
)
|
|
{
|
|
PIO_STACK_LOCATION pIrpSp;
|
|
PDEVICE_OBJECT pNewDeviceObject = NULL;
|
|
KEVENT EventToWaitOn;
|
|
PVPB pVpb = NULL;
|
|
PDEVICE_OBJECT pRealDevice;
|
|
NTSTATUS Status;
|
|
BOOLEAN ReleaseLock = FALSE;
|
|
|
|
PAGED_CODE();
|
|
|
|
ASSERT( SR_IS_FS_CONTROL_DEVICE(pExtension) );
|
|
|
|
//
|
|
// create our device we are going to attach to this new volume
|
|
//
|
|
|
|
pIrpSp = IoGetCurrentIrpStackLocation( pIrp );
|
|
pRealDevice = pIrpSp->Parameters.MountVolume.Vpb->RealDevice;
|
|
|
|
Status = SrCreateAttachmentDevice( pRealDevice,
|
|
pDeviceObject,
|
|
&pNewDeviceObject );
|
|
|
|
if (!NT_SUCCESS( Status ))
|
|
{
|
|
IoSkipCurrentIrpStackLocation( pIrp );
|
|
return IoCallDriver( pExtension->pTargetDevice, pIrp );
|
|
}
|
|
|
|
//
|
|
// If we get here, we need to set our completion routine then
|
|
// wait for it to signal us before we continue with the post processing
|
|
// of the mount.
|
|
//
|
|
|
|
KeInitializeEvent( &EventToWaitOn, NotificationEvent, FALSE );
|
|
|
|
IoCopyCurrentIrpStackLocationToNext(pIrp);
|
|
|
|
IoSetCompletionRoutine( pIrp,
|
|
SrStopProcessingCompletion,
|
|
&EventToWaitOn, // CompletionContext
|
|
TRUE,
|
|
TRUE,
|
|
TRUE );
|
|
|
|
pIrpSp->Parameters.MountVolume.DeviceObject =
|
|
pIrpSp->Parameters.MountVolume.Vpb->RealDevice;
|
|
|
|
|
|
Status = IoCallDriver( pExtension->pTargetDevice, pIrp );
|
|
|
|
if (STATUS_PENDING == Status)
|
|
{
|
|
NTSTATUS localStatus = KeWaitForSingleObject( &EventToWaitOn,
|
|
Executive,
|
|
KernelMode,
|
|
FALSE,
|
|
NULL );
|
|
ASSERT( NT_SUCCESS( localStatus ) );
|
|
}
|
|
|
|
//
|
|
// skip out if the mount failed
|
|
//
|
|
|
|
if (!NT_SUCCESS_NO_DBGBREAK(pIrp->IoStatus.Status))
|
|
{
|
|
goto SrFsControlMount_Error;
|
|
}
|
|
|
|
//
|
|
// Note that the VPB must be picked up from the real device object
|
|
// so that we can see the DeviceObject that the file system created
|
|
// to represent this newly mounted volume.
|
|
//
|
|
|
|
pVpb = pRealDevice->Vpb;
|
|
ASSERT(pVpb != NULL);
|
|
|
|
//
|
|
// SrFsControl made sure that we support this volume type
|
|
//
|
|
|
|
ASSERT(SR_IS_SUPPORTED_VOLUME(pVpb));
|
|
|
|
//
|
|
// Are we already attached to this device? We need to hold the
|
|
// AttachToVolumeLock while we do this to ensure that we don't hit
|
|
// a race condition with once of the other paths that can cause us to
|
|
// attach to a volume.
|
|
//
|
|
|
|
SrAcquireAttachToVolumeLock();
|
|
ReleaseLock = TRUE;
|
|
|
|
if (NT_SUCCESS( pIrp->IoStatus.Status ) &&
|
|
(SrGetFilterDevice(pVpb->DeviceObject) == NULL))
|
|
{
|
|
//
|
|
// now attach to the new volume
|
|
//
|
|
|
|
Status = SrAttachToDevice( pVpb->RealDevice,
|
|
pVpb->DeviceObject,
|
|
pNewDeviceObject,
|
|
NULL );
|
|
|
|
if (NT_SUCCESS(Status))
|
|
{
|
|
goto SrFsControlMount_Exit;
|
|
}
|
|
}
|
|
|
|
SrFsControlMount_Error:
|
|
|
|
ASSERT( pNewDeviceObject != NULL );
|
|
SrDeleteAttachmentDevice( pNewDeviceObject );
|
|
|
|
SrFsControlMount_Exit:
|
|
|
|
if (ReleaseLock)
|
|
{
|
|
SrReleaseAttachToVolumeLock();
|
|
}
|
|
|
|
Status = pIrp->IoStatus.Status;
|
|
IoCompleteRequest( pIrp, IO_NO_INCREMENT );
|
|
|
|
return Status;
|
|
}
|
|
|
|
/***************************************************************************++
|
|
|
|
Routine Description:
|
|
|
|
|
|
Arguments:
|
|
|
|
|
|
Return Value:
|
|
|
|
NTSTATUS - Status code.
|
|
|
|
--***************************************************************************/
|
|
NTSTATUS
|
|
SrFsControlLockOrDismount (
|
|
IN PSR_DEVICE_EXTENSION pExtension,
|
|
IN PIRP pIrp
|
|
)
|
|
{
|
|
NTSTATUS Status = STATUS_SUCCESS;
|
|
|
|
UNREFERENCED_PARAMETER( pIrp );
|
|
PAGED_CODE();
|
|
|
|
try {
|
|
//
|
|
// close our log file handle on this volume , it's being
|
|
// locked. it's ok if the lock attempt fails, we will open
|
|
// our handle again automatically since DriveChecked is also
|
|
// being cleared.
|
|
//
|
|
|
|
SrAcquireActivityLockExclusive( pExtension);
|
|
|
|
if (pExtension->pLogContext != NULL)
|
|
{
|
|
Status = SrLogStop( pExtension, TRUE );
|
|
CHECK_STATUS( Status );
|
|
}
|
|
|
|
} finally {
|
|
|
|
SrReleaseActivityLock(pExtension);
|
|
}
|
|
|
|
return Status;
|
|
}
|
|
|
|
|
|
/***************************************************************************++
|
|
|
|
Routine Description:
|
|
|
|
|
|
Arguments:
|
|
|
|
|
|
Return Value:
|
|
|
|
NTSTATUS - Status code.
|
|
|
|
--***************************************************************************/
|
|
VOID
|
|
SrFsControlWriteRawEncrypted (
|
|
IN PSR_DEVICE_EXTENSION pExtension,
|
|
IN PIRP pIrp
|
|
)
|
|
{
|
|
PIO_STACK_LOCATION pIrpSp;
|
|
NTSTATUS Status;
|
|
PSR_STREAM_CONTEXT pFileContext = NULL;
|
|
|
|
PAGED_CODE();
|
|
|
|
pIrpSp = IoGetCurrentIrpStackLocation( pIrp );
|
|
|
|
if (FILE_OBJECT_IS_NOT_POTENTIALLY_INTERESTING( pIrpSp->FileObject ) ||
|
|
FILE_OBJECT_DOES_NOT_HAVE_VPB( pIrpSp->FileObject )) {
|
|
|
|
return;
|
|
}
|
|
|
|
//
|
|
// Look up the context for this file object so that we can figure out
|
|
// if this is a file or a directory. If this is a directory, the
|
|
// file system will fail the operation, so there is no need to try to
|
|
// back it up.
|
|
//
|
|
|
|
Status = SrGetContext( pExtension,
|
|
pIrpSp->FileObject,
|
|
SrEventStreamChange,
|
|
&pFileContext );
|
|
|
|
if (!NT_SUCCESS( Status ))
|
|
{
|
|
|
|
//
|
|
// We hit some error trying to get the context. If this should
|
|
// generate a volume error, it has already been taken care of inside
|
|
// SrGetContext. Otherwise, this just means that the actual operation
|
|
// will fail, so there is no work for us to do here.
|
|
//
|
|
|
|
return;
|
|
}
|
|
|
|
ASSERT( NULL != pFileContext );
|
|
|
|
//
|
|
// Make sure that we have an interesting file. This operation
|
|
// is invalid on directories.
|
|
//
|
|
|
|
if (FlagOn( pFileContext->Flags, CTXFL_IsInteresting )&&
|
|
!FlagOn( pFileContext->Flags, CTXFL_IsDirectory ))
|
|
{
|
|
SrHandleEvent( pExtension,
|
|
SrEventStreamChange,
|
|
pIrpSp->FileObject,
|
|
pFileContext,
|
|
NULL,
|
|
NULL );
|
|
}
|
|
|
|
//
|
|
// We are all done with this context, so now release it.
|
|
//
|
|
|
|
ASSERT( NULL != pFileContext );
|
|
|
|
SrReleaseContext( pFileContext );
|
|
NULLPTR(pFileContext);
|
|
|
|
return;
|
|
}
|
|
|
|
/***************************************************************************++
|
|
|
|
Routine Description:
|
|
|
|
When a file is set to sparse, we need to clear out our context for this
|
|
file. On the next interesting operation for this file, we will regenerate
|
|
a correct context.
|
|
|
|
This work is done since SR doesn't want to monitor files that are SPARSE.
|
|
|
|
Arguments:
|
|
|
|
|
|
Return Value:
|
|
|
|
None.
|
|
|
|
--***************************************************************************/
|
|
VOID
|
|
SrFsControlSetSparse (
|
|
IN PSR_DEVICE_EXTENSION pExtension,
|
|
IN PIRP pIrp
|
|
)
|
|
{
|
|
PIO_STACK_LOCATION irpSp;
|
|
PFILE_OBJECT pFileObject;
|
|
PSR_STREAM_CONTEXT pFileContext = NULL;
|
|
|
|
PAGED_CODE();
|
|
|
|
irpSp = IoGetCurrentIrpStackLocation( pIrp );
|
|
pFileObject = irpSp->FileObject;
|
|
|
|
pFileContext = SrFindExistingContext( pExtension, pFileObject );
|
|
|
|
if (pFileContext != NULL)
|
|
{
|
|
SrDeleteContext( pExtension, pFileContext );
|
|
SrReleaseContext( pFileContext );
|
|
}
|
|
|
|
return;
|
|
}
|
|
|
|
/***************************************************************************++
|
|
|
|
Routine Description:
|
|
|
|
handles IRP_MJ_PNP. SR needs to close its handle to the log when it sees
|
|
that the volume is going away and reopen it when the drive reappears.
|
|
|
|
Arguments:
|
|
|
|
DeviceObject - the device object being processed
|
|
|
|
pIrp - the irp
|
|
|
|
Return Value:
|
|
|
|
NTSTATUS - Status code.
|
|
|
|
--***************************************************************************/
|
|
NTSTATUS
|
|
SrPnp (
|
|
IN PDEVICE_OBJECT DeviceObject,
|
|
IN PIRP Irp
|
|
)
|
|
{
|
|
PSR_DEVICE_EXTENSION pExtension;
|
|
PIO_STACK_LOCATION irpSp;
|
|
|
|
PAGED_CODE();
|
|
|
|
ASSERT(IS_VALID_DEVICE_OBJECT(DeviceObject));
|
|
ASSERT(IS_VALID_IRP(Irp));
|
|
|
|
//
|
|
// Get this driver out of the driver stack and get to the next driver as
|
|
// quickly as possible.
|
|
//
|
|
|
|
//
|
|
// Is this a function for our device (vs an attachee) .
|
|
//
|
|
|
|
if (DeviceObject == _globals.pControlDevice)
|
|
{
|
|
return SrMajorFunction(DeviceObject, Irp);
|
|
}
|
|
|
|
//
|
|
// else it is a device we've attached to, grab our extension
|
|
//
|
|
|
|
ASSERT( IS_SR_DEVICE_OBJECT( DeviceObject ) );
|
|
pExtension = DeviceObject->DeviceExtension;
|
|
|
|
irpSp = IoGetCurrentIrpStackLocation( Irp );
|
|
|
|
switch ( irpSp->MinorFunction ) {
|
|
|
|
case IRP_MN_QUERY_REMOVE_DEVICE:
|
|
|
|
SrTrace( PNP, ( "SR!SrPnp: QUERY_REMOVE_DEVICE [%wZ]\n",
|
|
pExtension->pNtVolumeName ) );
|
|
|
|
//
|
|
// If this is a SURPRISE_REMOVAL, the device has already gone away
|
|
// and we are not going to see any more operations to this volume, but
|
|
// the OS won't call us to detach and delete our device object until
|
|
// all the handles that are outstanding on this volume are closed. Do
|
|
// our part by closing down the handle to our log.
|
|
//
|
|
|
|
try {
|
|
|
|
SrAcquireActivityLockExclusive( pExtension );
|
|
|
|
pExtension->Disabled = TRUE;
|
|
|
|
if (pExtension->pLogContext != NULL)
|
|
{
|
|
SrLogStop( pExtension, TRUE );
|
|
}
|
|
|
|
} finally {
|
|
|
|
SrReleaseActivityLock( pExtension );
|
|
}
|
|
|
|
break;
|
|
|
|
case IRP_MN_SURPRISE_REMOVAL:
|
|
|
|
SrTrace( PNP, ( "SR!SrPnp: SURPRISE_REMOVAL [%wZ]\n",
|
|
pExtension->pNtVolumeName ) );
|
|
|
|
//
|
|
// If this is a SURPRISE_REMOVAL, the device has already gone away
|
|
// and we are not going to see any more operations to this volume, but
|
|
// the OS won't call us to detach and delete our device object until
|
|
// all the handles that are outstanding on this volume are closed. Do
|
|
// our part by closing down the handle to our log.
|
|
//
|
|
|
|
try {
|
|
|
|
SrAcquireActivityLockExclusive( pExtension );
|
|
|
|
pExtension->Disabled = TRUE;
|
|
|
|
if (pExtension->pLogContext != NULL)
|
|
{
|
|
SrLogStop( pExtension, TRUE );
|
|
}
|
|
|
|
} finally {
|
|
|
|
SrReleaseActivityLock( pExtension );
|
|
}
|
|
|
|
break;
|
|
|
|
case IRP_MN_CANCEL_REMOVE_DEVICE:
|
|
|
|
SrTrace( PNP, ( "SR!SrPnp: CANCEL_REMOVE_DEVICE [%wZ]\n",
|
|
pExtension->pNtVolumeName ) );
|
|
//
|
|
// The removal is not going to happen, so reenable the device and
|
|
// the log will be restarted on the next interesting operation.
|
|
//
|
|
|
|
if (pExtension->Disabled) {
|
|
|
|
try {
|
|
|
|
SrAcquireActivityLockExclusive( pExtension );
|
|
pExtension->Disabled = FALSE;
|
|
|
|
} finally {
|
|
|
|
SrReleaseActivityLock( pExtension );
|
|
}
|
|
}
|
|
|
|
break;
|
|
|
|
default:
|
|
|
|
//
|
|
// All PNP minor codes we don't care about, so just pass
|
|
// the IO through.
|
|
//
|
|
|
|
break;
|
|
}
|
|
|
|
//
|
|
// If we have gotten here, we don't need to wait to see the result of this
|
|
// operation, so just call the appropriate file system driver with
|
|
// the request.
|
|
//
|
|
|
|
IoSkipCurrentIrpStackLocation( Irp );
|
|
return IoCallDriver( pExtension->pTargetDevice, Irp );
|
|
}
|
|
|
|
/***************************************************************************++
|
|
|
|
Routine Description:
|
|
|
|
this does the actual work for creating a new restore point.
|
|
|
|
this is called by the user mode SrCreateRestorePoint .
|
|
|
|
this IOCTL is METHOD_BUFFERED !
|
|
|
|
Arguments:
|
|
|
|
pIrp - the irp
|
|
|
|
pIrpSp - the irp stack
|
|
|
|
Return Value:
|
|
|
|
NTSTATUS - Status code.
|
|
|
|
--***************************************************************************/
|
|
NTSTATUS
|
|
SrCreateRestorePointIoctl(
|
|
IN PIRP pIrp,
|
|
IN PIO_STACK_LOCATION pIrpSp
|
|
)
|
|
{
|
|
NTSTATUS Status;
|
|
PUNICODE_STRING pVolumeName = NULL;
|
|
PLIST_ENTRY pListEntry;
|
|
PSR_DEVICE_EXTENSION pExtension;
|
|
BOOLEAN releaseActivityLocks = TRUE;
|
|
PSR_DEVICE_EXTENSION pSystemVolumeExtension = NULL;
|
|
|
|
PAGED_CODE();
|
|
|
|
ASSERT(IS_VALID_IRP(pIrp));
|
|
|
|
SrTrace( IOCTL, ("SR!SrCreateRestorePointIoctl -- ENTER\n") );
|
|
|
|
try {
|
|
|
|
//
|
|
// Grab the device extension list lock since we are
|
|
// going to have to pause all the volume activity.
|
|
//
|
|
|
|
SrAcquireDeviceExtensionListLockShared();
|
|
|
|
//
|
|
// We've got the device extension lock, so now try to pause
|
|
// activity on all the volumes.
|
|
//
|
|
|
|
Status = SrPauseVolumeActivity();
|
|
|
|
if (!NT_SUCCESS( Status )) {
|
|
|
|
releaseActivityLocks = FALSE;
|
|
leave;
|
|
}
|
|
|
|
try {
|
|
|
|
SrAcquireGlobalLockExclusive();
|
|
|
|
//
|
|
// make sure we've loaded the config file
|
|
//
|
|
|
|
if (!_globals.FileConfigLoaded)
|
|
{
|
|
|
|
Status = SrReadConfigFile();
|
|
if (!NT_SUCCESS(Status))
|
|
leave;
|
|
|
|
_globals.FileConfigLoaded = TRUE;
|
|
}
|
|
} finally {
|
|
|
|
SrReleaseGlobalLock();
|
|
}
|
|
|
|
if (!NT_SUCCESS( Status )) {
|
|
leave;
|
|
}
|
|
|
|
//
|
|
// Clear the volumes' DriveChecked flag so that we check the volumes
|
|
// again. this will create the restore point directories.
|
|
//
|
|
// also stop logging on all volumes. new log files will be created in
|
|
// the restore locations.
|
|
//
|
|
// We need to do this before we increment the current restore point
|
|
// counter.
|
|
//
|
|
|
|
for (pListEntry = _globals.DeviceExtensionListHead.Flink;
|
|
pListEntry != &_globals.DeviceExtensionListHead;
|
|
pListEntry = pListEntry->Flink)
|
|
{
|
|
pExtension = CONTAINING_RECORD( pListEntry,
|
|
SR_DEVICE_EXTENSION,
|
|
ListEntry );
|
|
|
|
ASSERT(IS_VALID_SR_DEVICE_EXTENSION(pExtension));
|
|
|
|
//
|
|
// We only have to do work if this is a volume device object,
|
|
// not if this is a device object that is attached to a file
|
|
// system's control device object.
|
|
//
|
|
|
|
if (FlagOn( pExtension->FsType, SrFsControlDeviceObject ))
|
|
{
|
|
continue;
|
|
}
|
|
|
|
//
|
|
// stop logging for this volume
|
|
//
|
|
|
|
if (pExtension->pLogContext != NULL)
|
|
{
|
|
Status = SrLogStop( pExtension, FALSE );
|
|
CHECK_STATUS( Status );
|
|
}
|
|
|
|
//
|
|
// make sure to enable all of the volumes again. If the user
|
|
// has disabled the volume, this is tracked in the blob info.
|
|
//
|
|
|
|
pExtension->Disabled = FALSE;
|
|
|
|
//
|
|
// make sure the drive is checked again for the new restore point
|
|
//
|
|
|
|
pExtension->DriveChecked = FALSE;
|
|
|
|
//
|
|
// reset the byte count, it's a new restore point
|
|
//
|
|
|
|
pExtension->BytesWritten = 0;
|
|
|
|
//
|
|
// clear out the backup history so that we start backing
|
|
// up files again
|
|
//
|
|
|
|
Status = SrResetBackupHistory(pExtension, NULL, 0, SrEventInvalid);
|
|
|
|
if (!NT_SUCCESS(Status))
|
|
leave;
|
|
}
|
|
|
|
try {
|
|
|
|
SrAcquireGlobalLockExclusive();
|
|
|
|
//
|
|
// bump up the restore point number
|
|
//
|
|
|
|
_globals.FileConfig.CurrentRestoreNumber += 1;
|
|
|
|
SrTrace( INIT, ("sr!SrCreateRestorePointIoctl: RestorePoint=%d\n",
|
|
_globals.FileConfig.CurrentRestoreNumber ));
|
|
|
|
//
|
|
// save out the config file
|
|
//
|
|
|
|
Status = SrWriteConfigFile();
|
|
if (!NT_SUCCESS(Status))
|
|
leave;
|
|
} finally {
|
|
|
|
SrReleaseGlobalLock();
|
|
}
|
|
|
|
if (!NT_SUCCESS( Status )) {
|
|
leave;
|
|
}
|
|
|
|
//
|
|
// allocate space for a filename
|
|
//
|
|
|
|
Status = SrAllocateFileNameBuffer(SR_MAX_FILENAME_LENGTH, &pVolumeName);
|
|
if (!NT_SUCCESS(Status))
|
|
leave;
|
|
|
|
//
|
|
// get the location of the system volume
|
|
//
|
|
|
|
Status = SrGetSystemVolume( pVolumeName,
|
|
&pSystemVolumeExtension,
|
|
SR_FILENAME_BUFFER_LENGTH );
|
|
|
|
//
|
|
// This should only happen if there was some problem with SR attaching
|
|
// in the mount path. This check was added to make SR more robust to
|
|
// busted filters above us. If other filters cause us to get mounted,
|
|
// we won't have an extension to return here. While those filters are
|
|
// broken, we don't want to AV.
|
|
//
|
|
|
|
if (pSystemVolumeExtension == NULL)
|
|
{
|
|
Status = STATUS_UNSUCCESSFUL;
|
|
leave;
|
|
}
|
|
|
|
if (!NT_SUCCESS(Status))
|
|
leave;
|
|
|
|
ASSERT( IS_VALID_SR_DEVICE_EXTENSION( pSystemVolumeExtension ) );
|
|
|
|
//
|
|
// create the restore point dir on the system volume
|
|
//
|
|
|
|
Status = SrCreateRestoreLocation( pSystemVolumeExtension );
|
|
if (!NT_SUCCESS(Status))
|
|
leave;
|
|
|
|
//
|
|
// return the restore point number
|
|
//
|
|
|
|
if (pIrpSp->Parameters.DeviceIoControl.OutputBufferLength >=
|
|
sizeof(ULONG))
|
|
{
|
|
|
|
RtlCopyMemory( pIrp->AssociatedIrp.SystemBuffer,
|
|
&_globals.FileConfig.CurrentRestoreNumber,
|
|
sizeof(ULONG) );
|
|
|
|
pIrp->IoStatus.Information = sizeof(ULONG);
|
|
}
|
|
|
|
//
|
|
// all done
|
|
//
|
|
|
|
} finally {
|
|
|
|
Status = FinallyUnwind(SrCreateRestorePointIoctl, Status);
|
|
|
|
if (releaseActivityLocks) {
|
|
|
|
SrResumeVolumeActivity ();
|
|
}
|
|
|
|
SrReleaseDeviceExtensionListLock();
|
|
|
|
if (pVolumeName != NULL)
|
|
{
|
|
SrFreeFileNameBuffer(pVolumeName);
|
|
pVolumeName = NULL;
|
|
}
|
|
}
|
|
|
|
SrTrace( IOCTL, ("SR!SrCreateRestorePointIoctl -- EXIT -- status 0x%08lx\n",
|
|
Status));
|
|
|
|
//
|
|
// At this point if Status != PENDING, the ioctl wrapper will
|
|
// complete pIrp
|
|
//
|
|
|
|
RETURN(Status);
|
|
|
|
} // SrCreateRestorePointIoctl
|
|
|
|
/***************************************************************************++
|
|
|
|
Routine Description:
|
|
|
|
this does the actual work for getting the next seq number from the filter
|
|
|
|
this is called by the user mode SrGetNextSequenceNum .
|
|
|
|
this IOCTL is METHOD_BUFFERED !
|
|
|
|
Arguments:
|
|
|
|
pIrp - the irp
|
|
|
|
pIrpSp - the irp stack
|
|
|
|
Return Value:
|
|
|
|
NTSTATUS - Status code.
|
|
|
|
--***************************************************************************/
|
|
NTSTATUS
|
|
SrGetNextSeqNumIoctl(
|
|
IN PIRP pIrp,
|
|
IN PIO_STACK_LOCATION pIrpSp
|
|
)
|
|
{
|
|
NTSTATUS Status;
|
|
|
|
PAGED_CODE();
|
|
|
|
ASSERT(IS_VALID_IRP(pIrp));
|
|
|
|
SrTrace( IOCTL, ("SR!SrGetNextSeqNumIoctl -- ENTER\n") );
|
|
|
|
try
|
|
{
|
|
INT64 SeqNum = 0;
|
|
|
|
//
|
|
// grab the global lock
|
|
//
|
|
|
|
SrAcquireGlobalLockExclusive();
|
|
|
|
//
|
|
// make sure we've loaded the config file
|
|
//
|
|
|
|
if (!_globals.FileConfigLoaded)
|
|
{
|
|
|
|
Status = SrReadConfigFile();
|
|
if (!NT_SUCCESS(Status))
|
|
leave;
|
|
|
|
_globals.FileConfigLoaded = TRUE;
|
|
}
|
|
|
|
//
|
|
// Get the next sequence number
|
|
//
|
|
|
|
Status = SrGetNextSeqNumber(&SeqNum);
|
|
|
|
if (NT_SUCCESS(Status))
|
|
{
|
|
//
|
|
// return the restore point number
|
|
//
|
|
|
|
if (pIrpSp->Parameters.DeviceIoControl.OutputBufferLength >=
|
|
sizeof(INT64))
|
|
{
|
|
|
|
RtlCopyMemory( pIrp->AssociatedIrp.SystemBuffer,
|
|
&SeqNum,
|
|
sizeof(INT64) );
|
|
|
|
pIrp->IoStatus.Information = sizeof(INT64);
|
|
}
|
|
}
|
|
}
|
|
finally
|
|
{
|
|
Status = FinallyUnwind(SrGetNextSeqNumIoctl, Status);
|
|
|
|
SrReleaseGlobalLock();
|
|
}
|
|
|
|
SrTrace( IOCTL, ("SR!SrGetNextSeqNumIoctl -- EXIT -- status 0x%08lx\n",
|
|
Status) );
|
|
|
|
//
|
|
// At this point if Status != PENDING, the ioctl wrapper will
|
|
// complete pIrp
|
|
//
|
|
|
|
RETURN(Status);
|
|
|
|
} // SrGetNextSeqNumIoctl
|
|
|
|
NTSTATUS
|
|
SrReloadConfigurationIoctl(
|
|
IN PIRP pIrp,
|
|
IN PIO_STACK_LOCATION IrpSp
|
|
)
|
|
{
|
|
NTSTATUS Status = STATUS_UNSUCCESSFUL;
|
|
PUNICODE_STRING pFileName = NULL;
|
|
ULONG CharCount;
|
|
PLIST_ENTRY pListEntry;
|
|
PSR_DEVICE_EXTENSION pExtension;
|
|
BOOLEAN releaseDeviceExtensionListLock = FALSE;
|
|
PSR_DEVICE_EXTENSION pSystemVolumeExtension = NULL;
|
|
|
|
UNREFERENCED_PARAMETER( pIrp );
|
|
UNREFERENCED_PARAMETER( IrpSp );
|
|
|
|
PAGED_CODE();
|
|
|
|
SrTrace( IOCTL, ("SR!SrReloadConfigurationIoctl -- ENTER\n") );
|
|
|
|
try {
|
|
|
|
//
|
|
// allocate space for a filename
|
|
//
|
|
|
|
Status = SrAllocateFileNameBuffer(SR_MAX_FILENAME_LENGTH, &pFileName);
|
|
if (!NT_SUCCESS(Status))
|
|
leave;
|
|
|
|
//
|
|
// get the location of the system volume
|
|
//
|
|
|
|
Status = SrGetSystemVolume( pFileName,
|
|
&pSystemVolumeExtension,
|
|
SR_FILENAME_BUFFER_LENGTH );
|
|
|
|
//
|
|
// This should only happen if there was some problem with SR attaching
|
|
// in the mount path. This check was added to make SR more robust to
|
|
// busted filters above us. If other filters cause us to get mounted,
|
|
// we won't have an extension to return here. While those filters are
|
|
// broken, we don't want to AV.
|
|
//
|
|
|
|
if (pSystemVolumeExtension == NULL)
|
|
{
|
|
Status = STATUS_UNSUCCESSFUL;
|
|
leave;
|
|
}
|
|
|
|
if (!NT_SUCCESS(Status))
|
|
leave;
|
|
|
|
ASSERT( IS_VALID_SR_DEVICE_EXTENSION( pSystemVolumeExtension ) );
|
|
|
|
//
|
|
// load the file list config data
|
|
//
|
|
|
|
CharCount = swprintf( &pFileName->Buffer[pFileName->Length/sizeof(WCHAR)],
|
|
RESTORE_FILELIST_LOCATION,
|
|
_globals.MachineGuid );
|
|
|
|
pFileName->Length += (USHORT)CharCount * sizeof(WCHAR);
|
|
|
|
Status = SrReloadLookupBlob( pFileName,
|
|
pSystemVolumeExtension->pTargetDevice,
|
|
&_globals.BlobInfo );
|
|
if (!NT_SUCCESS(Status))
|
|
{
|
|
leave;
|
|
}
|
|
|
|
//
|
|
// flush our volume configuration, it needs to be reconfigured as to
|
|
// which drives are enabled or not
|
|
//
|
|
|
|
//
|
|
// loop over all volumes reseting their disabled config
|
|
//
|
|
|
|
SrAcquireDeviceExtensionListLockShared();
|
|
releaseDeviceExtensionListLock = TRUE;
|
|
|
|
for (pListEntry = _globals.DeviceExtensionListHead.Flink;
|
|
pListEntry != &_globals.DeviceExtensionListHead;
|
|
pListEntry = pListEntry->Flink)
|
|
{
|
|
pExtension = CONTAINING_RECORD( pListEntry,
|
|
SR_DEVICE_EXTENSION,
|
|
ListEntry );
|
|
|
|
ASSERT(IS_VALID_SR_DEVICE_EXTENSION(pExtension));
|
|
|
|
try {
|
|
|
|
SrAcquireActivityLockExclusive( pExtension );
|
|
pExtension->Disabled = FALSE;
|
|
|
|
} finally {
|
|
|
|
SrReleaseActivityLock( pExtension );
|
|
}
|
|
}
|
|
|
|
|
|
} finally {
|
|
|
|
//
|
|
// check for unhandled exceptions
|
|
//
|
|
|
|
Status = FinallyUnwind(SrReloadConfigurationIoctl, Status);
|
|
|
|
if (releaseDeviceExtensionListLock) {
|
|
SrReleaseDeviceExtensionListLock();
|
|
}
|
|
|
|
if (pFileName != NULL)
|
|
{
|
|
SrFreeFileNameBuffer(pFileName);
|
|
pFileName = NULL;
|
|
}
|
|
}
|
|
|
|
SrTrace( IOCTL, ("SR!SrReloadConfigurationIoctl -- EXIT -- status 0x%08lx\n",
|
|
Status));
|
|
RETURN(Status);
|
|
|
|
} // SrReloadConfigurationIoctl
|
|
|
|
NTSTATUS
|
|
SrSwitchAllLogsIoctl(
|
|
IN PIRP pIrp,
|
|
IN PIO_STACK_LOCATION IrpSp
|
|
)
|
|
{
|
|
NTSTATUS Status;
|
|
PAGED_CODE();
|
|
|
|
UNREFERENCED_PARAMETER( pIrp );
|
|
UNREFERENCED_PARAMETER( IrpSp );
|
|
|
|
SrTrace( IOCTL, ("SR!SrSwitchAllLogsIoctl -- ENTER\n") );
|
|
|
|
Status = SrLoggerSwitchLogs(_globals.pLogger);
|
|
|
|
SrTrace( IOCTL, ("SR!SrSwitchAllLogsIoctl -- EXIT -- status 0x%08lx\n",
|
|
Status));
|
|
|
|
RETURN(Status);
|
|
|
|
} // SrSwitchAllLogsIoctl
|
|
|
|
NTSTATUS
|
|
SrDisableVolumeIoctl(
|
|
IN PIRP pIrp,
|
|
IN PIO_STACK_LOCATION pIrpSp
|
|
)
|
|
{
|
|
NTSTATUS Status;
|
|
PSR_DEVICE_EXTENSION pExtension;
|
|
UNICODE_STRING VolumeName;
|
|
|
|
PAGED_CODE();
|
|
|
|
ASSERT(IS_VALID_IRP(pIrp));
|
|
|
|
SrTrace( IOCTL, ("SR!SrDisableVolumeIoctl -- ENTER\n") );
|
|
|
|
if (pIrp->AssociatedIrp.SystemBuffer == NULL ||
|
|
pIrpSp->Parameters.DeviceIoControl.InputBufferLength <= sizeof(WCHAR) ||
|
|
pIrpSp->Parameters.DeviceIoControl.InputBufferLength > SR_MAX_FILENAME_LENGTH)
|
|
{
|
|
RETURN ( STATUS_INVALID_DEVICE_REQUEST );
|
|
}
|
|
|
|
//
|
|
// get the volume name out
|
|
//
|
|
|
|
VolumeName.Buffer = pIrp->AssociatedIrp.SystemBuffer;
|
|
VolumeName.Length = (USHORT)(pIrpSp->Parameters.DeviceIoControl.InputBufferLength - sizeof(WCHAR));
|
|
VolumeName.MaximumLength = VolumeName.Length;
|
|
|
|
//
|
|
// attach to it. it will check for a previous attachement and do the
|
|
// right thing .
|
|
//
|
|
|
|
Status = SrAttachToVolumeByName(&VolumeName, &pExtension);
|
|
if (!NT_SUCCESS(Status)) {
|
|
|
|
RETURN( Status );
|
|
}
|
|
|
|
ASSERT(IS_VALID_SR_DEVICE_EXTENSION(pExtension));
|
|
|
|
try {
|
|
|
|
SrAcquireActivityLockExclusive( pExtension );
|
|
|
|
//
|
|
// now turn it off
|
|
//
|
|
|
|
pExtension->Disabled = TRUE;
|
|
|
|
//
|
|
// stop logging on the volume
|
|
//
|
|
|
|
if (pExtension->pLogContext != NULL)
|
|
{
|
|
SrLogStop( pExtension, TRUE );
|
|
}
|
|
else
|
|
{
|
|
ASSERT(!pExtension->DriveChecked);
|
|
}
|
|
|
|
//
|
|
// Reset the backup history since the information stored there
|
|
// is no longer valid.
|
|
//
|
|
|
|
Status = SrResetBackupHistory(pExtension, NULL, 0, SrEventInvalid);
|
|
|
|
} finally {
|
|
|
|
//
|
|
// check for unhandled exceptions
|
|
//
|
|
|
|
Status = FinallyUnwind(SrDisableVolumeIoctl, Status);
|
|
|
|
SrReleaseActivityLock( pExtension );
|
|
|
|
//
|
|
// At this point if Status != PENDING, the ioctl wrapper will
|
|
// complete pIrp
|
|
//
|
|
}
|
|
|
|
SrTrace( IOCTL, ("SR!SrDisableVolumeIoctl -- EXIT -- status 0x%08lx\n",
|
|
Status));
|
|
|
|
RETURN(Status);
|
|
} // SrDisableVolumeIoctl
|
|
|
|
|
|
|
|
NTSTATUS
|
|
SrStartMonitoringIoctl(
|
|
IN PIRP pIrp,
|
|
IN PIO_STACK_LOCATION IrpSp
|
|
)
|
|
{
|
|
NTSTATUS Status = STATUS_SUCCESS;
|
|
|
|
UNREFERENCED_PARAMETER( pIrp );
|
|
UNREFERENCED_PARAMETER( IrpSp );
|
|
|
|
PAGED_CODE();
|
|
|
|
SrTrace( IOCTL, ("SR!SrStartMonitoringIoctl -- ENTER\n") );
|
|
|
|
ASSERT(IS_VALID_IRP(pIrp));
|
|
|
|
//
|
|
// no locks better be held, the registry hits the disk with it's own
|
|
// locks held so we deadlock .
|
|
//
|
|
|
|
ASSERT(!IS_GLOBAL_LOCK_ACQUIRED());
|
|
|
|
//
|
|
// reload the registry information, on firstrun, we would have
|
|
// no valid machine guid until we are started manually by the service
|
|
//
|
|
|
|
Status = SrReadRegistry(_globals.pRegistryLocation, FALSE);
|
|
if (!NT_SUCCESS(Status))
|
|
{
|
|
goto SrStartMonitoringIoctl_Exit;
|
|
}
|
|
|
|
//
|
|
// Before we enable, we should clear our all old notifications.
|
|
//
|
|
|
|
SrClearOutstandingNotifications();
|
|
|
|
//
|
|
// now turn us on
|
|
//
|
|
|
|
_globals.Disabled = FALSE;
|
|
|
|
SrStartMonitoringIoctl_Exit:
|
|
|
|
SrTrace( IOCTL, ("SR!SrStartMonitoringIoctl -- EXIT -- status 0x%08lx\n",
|
|
Status));
|
|
|
|
RETURN(Status);
|
|
|
|
} // SrStartMonitoringIoctl
|
|
|
|
NTSTATUS
|
|
SrStopMonitoringIoctl(
|
|
IN PIRP pIrp,
|
|
IN PIO_STACK_LOCATION IrpSp
|
|
)
|
|
{
|
|
NTSTATUS Status;
|
|
PLIST_ENTRY pListEntry;
|
|
PSR_DEVICE_EXTENSION pExtension;
|
|
|
|
UNREFERENCED_PARAMETER( pIrp );
|
|
UNREFERENCED_PARAMETER( IrpSp );
|
|
|
|
PAGED_CODE();
|
|
|
|
SrTrace( IOCTL, ("SR!SrStopMonitoringIoctl -- ENTER\n") );
|
|
|
|
ASSERT(IS_VALID_IRP(pIrp));
|
|
|
|
try {
|
|
|
|
//
|
|
// Disable the driver before we start shutting down each volume
|
|
// so that a volume isn't reenabled while we are shutting down
|
|
// other volumes.
|
|
//
|
|
|
|
_globals.Disabled = TRUE;
|
|
|
|
//
|
|
// Stop logging on all volumes
|
|
//
|
|
|
|
SrAcquireDeviceExtensionListLockShared();
|
|
|
|
for (pListEntry = _globals.DeviceExtensionListHead.Flink;
|
|
pListEntry != &_globals.DeviceExtensionListHead;
|
|
pListEntry = pListEntry->Flink)
|
|
{
|
|
pExtension = CONTAINING_RECORD( pListEntry,
|
|
SR_DEVICE_EXTENSION,
|
|
ListEntry );
|
|
|
|
ASSERT(IS_VALID_SR_DEVICE_EXTENSION(pExtension));
|
|
|
|
//
|
|
// We only have to do work if this is a volume device object,
|
|
// not if this is a device object that is attached to a file
|
|
// system's control device object.
|
|
//
|
|
|
|
if (FlagOn( pExtension->FsType, SrFsControlDeviceObject ))
|
|
{
|
|
continue;
|
|
}
|
|
|
|
try {
|
|
|
|
//
|
|
// Take a reference on the DeviceObject associated with this
|
|
// extension to ensure that the DeviceObject won't get detached
|
|
// until we return from SrLogStop. SrLogStop could have the
|
|
// last open handle on this volume, so during shutdown, closing
|
|
// this handle could cause the base file system to initiate
|
|
// the tearing down of the filter stack. If this happens,
|
|
// without this extra reference, we will call SrFastIoDetach
|
|
// before we return from SrLogStop. This will cause the
|
|
// machine to deadlock on the device extension list lock (we
|
|
// currently have the device extension list lock shared and
|
|
// SrFastIoDetach needs to acquire it exclusive).
|
|
//
|
|
|
|
ObReferenceObject( pExtension->pDeviceObject );
|
|
|
|
SrAcquireActivityLockExclusive( pExtension );
|
|
|
|
pExtension->Disabled = FALSE;
|
|
|
|
if (pExtension->pLogContext != NULL)
|
|
{
|
|
Status = SrLogStop( pExtension, TRUE );
|
|
CHECK_STATUS( Status );
|
|
}
|
|
} finally {
|
|
|
|
SrReleaseActivityLock( pExtension );
|
|
ObDereferenceObject( pExtension->pDeviceObject );
|
|
}
|
|
}
|
|
|
|
//
|
|
// check logger status
|
|
//
|
|
|
|
ASSERT( _globals.pLogger->ActiveContexts == 0 );
|
|
|
|
//
|
|
// Unload the blob config -- SrFreeLookupBlock acquires the appropriate
|
|
// locks.
|
|
//
|
|
|
|
Status = SrFreeLookupBlob(&_globals.BlobInfo);
|
|
if (!NT_SUCCESS(Status))
|
|
leave;
|
|
|
|
ASSERT(!_globals.BlobInfoLoaded);
|
|
|
|
Status = STATUS_SUCCESS;
|
|
|
|
} finally {
|
|
|
|
Status = FinallyUnwind(SrStopMonitoringIoctl, Status);
|
|
|
|
SrReleaseDeviceExtensionListLock();
|
|
}
|
|
|
|
SrTrace( IOCTL, ("SR!SrStopMonitoringIoctl -- EXIT -- status 0x%08lx\n",
|
|
Status));
|
|
|
|
RETURN(Status);
|
|
|
|
} // SrStopMonitoringIoctl
|
|
|
|
/***************************************************************************++
|
|
|
|
Routine Description:
|
|
|
|
This is a generic completion routine that signals the event passed in
|
|
then returns STATUS_MORE_PROCESSING_REQUIRED so that the dispatch routine
|
|
that it is synchronizing with can still access the Irp. The dispatch
|
|
routine is responsible for restarting the completion processing.
|
|
|
|
Arguments:
|
|
|
|
DeviceObject - Pointer to this driver's device object.
|
|
|
|
Irp - Pointer to the IRP that was just completed.
|
|
|
|
EventToSignal - Pointer to the event to signal.
|
|
|
|
Return Value:
|
|
|
|
The return value is always STATUS_MORE_PROCESSING_REQUIRED.
|
|
|
|
--***************************************************************************/
|
|
NTSTATUS
|
|
SrDismountCompletion (
|
|
IN PDEVICE_OBJECT DeviceObject,
|
|
IN PIRP Irp,
|
|
IN PVOID Context
|
|
)
|
|
{
|
|
PSR_DEVICE_EXTENSION pExtension;
|
|
|
|
UNREFERENCED_PARAMETER( Context );
|
|
|
|
ASSERT(IS_SR_DEVICE_OBJECT( DeviceObject ));
|
|
pExtension = DeviceObject->DeviceExtension;
|
|
|
|
if (!NT_SUCCESS_NO_DBGBREAK(Irp->IoStatus.Status)) {
|
|
|
|
//
|
|
// The volume failed to dismount, so we want to enable this
|
|
// extension so that the log will get reinitialized on the
|
|
// first interesting operation.
|
|
//
|
|
|
|
pExtension->Disabled = FALSE;
|
|
}
|
|
|
|
//
|
|
// Propogate the pending flag as needed.
|
|
//
|
|
|
|
if (Irp->PendingReturned) {
|
|
|
|
IoMarkIrpPending( Irp );
|
|
}
|
|
|
|
return STATUS_SUCCESS;
|
|
} // SrStopProcessingCompletion
|
|
|
|
/***************************************************************************++
|
|
|
|
Routine Description:
|
|
|
|
This is a generic completion routine that signals the event passed in
|
|
then returns STATUS_MORE_PROCESSING_REQUIRED so that the dispatch routine
|
|
that it is synchronizing with can still access the Irp. The dispatch
|
|
routine is responsible for restarting the completion processing.
|
|
|
|
Arguments:
|
|
|
|
DeviceObject - Pointer to this driver's device object.
|
|
|
|
Irp - Pointer to the IRP that was just completed.
|
|
|
|
EventToSignal - Pointer to the event to signal.
|
|
|
|
Return Value:
|
|
|
|
The return value is always STATUS_MORE_PROCESSING_REQUIRED.
|
|
|
|
--***************************************************************************/
|
|
NTSTATUS
|
|
SrStopProcessingCompletion (
|
|
IN PDEVICE_OBJECT DeviceObject,
|
|
IN PIRP Irp,
|
|
IN PKEVENT EventToSignal
|
|
)
|
|
{
|
|
UNREFERENCED_PARAMETER( Irp );
|
|
UNREFERENCED_PARAMETER( DeviceObject );
|
|
|
|
ASSERT( IS_SR_DEVICE_OBJECT( DeviceObject ) );
|
|
ASSERT(NULL != EventToSignal);
|
|
|
|
KeSetEvent( EventToSignal, IO_NO_INCREMENT, FALSE );
|
|
|
|
//
|
|
// We don't propagate the pending flag here since
|
|
// we are doing the synchronization with the originating
|
|
// thread.
|
|
//
|
|
|
|
//
|
|
// By return STATUS_MORE_PROCESSING_REQUIRED, we stop all further
|
|
// processing of the IRP by the IO Manager. This means that the IRP
|
|
// will still be good when the thread waiting on the above event.
|
|
// The waiting thread needs the IRP to check and update the
|
|
// Irp->IoStatus.Status as appropriate.
|
|
//
|
|
|
|
return STATUS_MORE_PROCESSING_REQUIRED;
|
|
} // SrStopProcessingCompletion
|
|
/***************************************************************************++
|
|
|
|
Routine Description:
|
|
|
|
shutdown is happening. flushes our config file to the disk.
|
|
|
|
Arguments:
|
|
|
|
|
|
Return Value:
|
|
|
|
NTSTATUS - Status code.
|
|
|
|
--***************************************************************************/
|
|
NTSTATUS
|
|
SrShutdown(
|
|
IN PDEVICE_OBJECT DeviceObject,
|
|
IN PIRP pIrp
|
|
)
|
|
{
|
|
PSR_DEVICE_EXTENSION pExtension = NULL;
|
|
|
|
//
|
|
// < dispatch!
|
|
//
|
|
|
|
PAGED_CODE();
|
|
|
|
ASSERT( IS_VALID_DEVICE_OBJECT( DeviceObject ) );
|
|
ASSERT( IS_VALID_IRP( pIrp ) );
|
|
|
|
ASSERT( IS_SR_DEVICE_OBJECT( DeviceObject ) );
|
|
pExtension = DeviceObject->DeviceExtension;
|
|
|
|
SrTrace(INIT, ( "SR!SrShutdown:%p,%wZ [%wZ]\n",
|
|
DeviceObject,
|
|
&pExtension->pTargetDevice->DriverObject->DriverName,
|
|
pExtension->pNtVolumeName ));
|
|
|
|
//
|
|
// Get this driver out of the driver stack and get to the next driver as
|
|
// quickly as possible.
|
|
//
|
|
|
|
//
|
|
// Is this a function for our device (vs an attachee) .
|
|
//
|
|
|
|
if (DeviceObject == _globals.pControlDevice)
|
|
{
|
|
return SrMajorFunction(DeviceObject, pIrp);
|
|
}
|
|
|
|
//
|
|
// We get SHUTDOWN irp directed at each file system control device
|
|
// object that we are attached to when the system is shutting down.
|
|
//
|
|
// At this time, we need to loop through the SR device objects and
|
|
// find all the SR device objects associated with volumes that are running
|
|
// this file system. We use the FsType field in the device extension
|
|
// to figure this out.
|
|
//
|
|
// We need to shutdown the log for all volumes that use this file system
|
|
// because after this operation gets to the file system, all volumes
|
|
// using this file system will no longer be able to satify write operations
|
|
// from us.
|
|
//
|
|
|
|
ASSERT(SR_IS_FS_CONTROL_DEVICE(pExtension));
|
|
|
|
//
|
|
// SR's extensions that are attached to control device objects should
|
|
// never get disabled.
|
|
//
|
|
|
|
ASSERT( !pExtension->Disabled );
|
|
|
|
try {
|
|
|
|
PLIST_ENTRY pListEntry;
|
|
SR_FILESYSTEM_TYPE interestingFsType;
|
|
PSR_DEVICE_EXTENSION pCurrentExtension;
|
|
|
|
interestingFsType = pExtension->FsType;
|
|
ClearFlag( interestingFsType, SrFsControlDeviceObject );
|
|
|
|
SrAcquireDeviceExtensionListLockShared();
|
|
|
|
for (pListEntry = _globals.DeviceExtensionListHead.Flink;
|
|
pListEntry != &(_globals.DeviceExtensionListHead);
|
|
pListEntry = pListEntry->Flink ) {
|
|
|
|
pCurrentExtension = CONTAINING_RECORD( pListEntry,
|
|
SR_DEVICE_EXTENSION,
|
|
ListEntry );
|
|
|
|
if (pCurrentExtension->FsType == interestingFsType) {
|
|
|
|
try {
|
|
|
|
SrAcquireActivityLockExclusive( pCurrentExtension );
|
|
|
|
//
|
|
// Disable this drive so that we do not log any more
|
|
// activity on it.
|
|
//
|
|
|
|
pCurrentExtension->Disabled = TRUE;
|
|
|
|
//
|
|
// Now cleanup the log on this volume so that the log
|
|
// we get flushed to the disk before the file system
|
|
// shuts down.
|
|
//
|
|
|
|
if (pCurrentExtension->pLogContext != NULL)
|
|
{
|
|
SrLogStop( pCurrentExtension, TRUE );
|
|
}
|
|
} finally {
|
|
|
|
SrReleaseActivityLock( pCurrentExtension );
|
|
}
|
|
}
|
|
}
|
|
|
|
} finally {
|
|
|
|
SrReleaseDeviceExtensionListLock();
|
|
}
|
|
|
|
//
|
|
// time to update our configuration file ?
|
|
//
|
|
|
|
try {
|
|
|
|
SrAcquireGlobalLockExclusive();
|
|
|
|
if (_globals.FileConfigLoaded)
|
|
{
|
|
//
|
|
// write our the real next file number (not the +1000)
|
|
//
|
|
|
|
_globals.FileConfig.FileSeqNumber = _globals.LastSeqNumber;
|
|
_globals.FileConfig.FileNameNumber = _globals.LastFileNameNumber;
|
|
|
|
SrWriteConfigFile();
|
|
|
|
//
|
|
// only need to do this once
|
|
//
|
|
|
|
_globals.FileConfigLoaded = FALSE;
|
|
}
|
|
} finally {
|
|
|
|
SrReleaseGlobalLock();
|
|
}
|
|
|
|
//
|
|
// Now pass this operation to the next device in the stack. We don't
|
|
// need a completion routine, so just skip our current stack location.
|
|
//
|
|
|
|
IoSkipCurrentIrpStackLocation(pIrp);
|
|
return IoCallDriver(pExtension->pTargetDevice, pIrp);
|
|
} // SrShutdown
|