1277 lines
39 KiB
C
1277 lines
39 KiB
C
/*++
|
||
|
||
Copyright (c) 1989 Microsoft Corporation
|
||
|
||
Module Name:
|
||
|
||
lpcconn.c
|
||
|
||
Abstract:
|
||
|
||
Local Inter-Process Communication (LPC) connection system services.
|
||
|
||
Author:
|
||
|
||
Steve Wood (stevewo) 15-May-1989
|
||
|
||
Revision History:
|
||
|
||
--*/
|
||
|
||
#include "lpcp.h"
|
||
|
||
//
|
||
// Local procedure prototypes
|
||
//
|
||
|
||
PVOID
|
||
LpcpFreeConMsg(
|
||
IN PLPCP_MESSAGE *Msg,
|
||
PLPCP_CONNECTION_MESSAGE *ConnectMsg,
|
||
IN PETHREAD CurrentThread
|
||
);
|
||
|
||
#ifdef ALLOC_PRAGMA
|
||
#pragma alloc_text(PAGE,NtConnectPort)
|
||
#pragma alloc_text(PAGE,NtSecureConnectPort)
|
||
#pragma alloc_text(PAGE,LpcpFreeConMsg)
|
||
#endif
|
||
|
||
|
||
NTSYSAPI
|
||
NTSTATUS
|
||
NTAPI
|
||
NtConnectPort (
|
||
OUT PHANDLE PortHandle,
|
||
IN PUNICODE_STRING PortName,
|
||
IN PSECURITY_QUALITY_OF_SERVICE SecurityQos,
|
||
IN OUT PPORT_VIEW ClientView OPTIONAL,
|
||
IN OUT PREMOTE_PORT_VIEW ServerView OPTIONAL,
|
||
OUT PULONG MaxMessageLength OPTIONAL,
|
||
IN OUT PVOID ConnectionInformation OPTIONAL,
|
||
IN OUT PULONG ConnectionInformationLength OPTIONAL
|
||
)
|
||
|
||
/*++
|
||
|
||
Routine Description:
|
||
|
||
See NtSecureConnectPort
|
||
|
||
Arguments:
|
||
|
||
See NtSecureConnectPort
|
||
|
||
Return Value:
|
||
|
||
NTSTATUS - An appropriate status value
|
||
|
||
--*/
|
||
|
||
{
|
||
return NtSecureConnectPort( PortHandle,
|
||
PortName,
|
||
SecurityQos,
|
||
ClientView,
|
||
NULL,
|
||
ServerView,
|
||
MaxMessageLength,
|
||
ConnectionInformation,
|
||
ConnectionInformationLength );
|
||
}
|
||
|
||
|
||
NTSTATUS
|
||
NtSecureConnectPort (
|
||
OUT PHANDLE PortHandle,
|
||
IN PUNICODE_STRING PortName,
|
||
IN PSECURITY_QUALITY_OF_SERVICE SecurityQos,
|
||
IN OUT PPORT_VIEW ClientView OPTIONAL,
|
||
IN PSID RequiredServerSid,
|
||
IN OUT PREMOTE_PORT_VIEW ServerView OPTIONAL,
|
||
OUT PULONG MaxMessageLength OPTIONAL,
|
||
IN OUT PVOID ConnectionInformation OPTIONAL,
|
||
IN OUT PULONG ConnectionInformationLength OPTIONAL
|
||
)
|
||
|
||
/*++
|
||
|
||
Routine Description:
|
||
|
||
A client process can connect to a server process by name using the
|
||
NtConnectPort service.
|
||
|
||
The PortName parameter specifies the name of the server port to
|
||
connect to. It must correspond to an object name specified on a
|
||
call to NtCreatePort. The service sends a connection request to the
|
||
server thread that is listening for them with the NtListenPort
|
||
service. The client thread then blocks until a server thread
|
||
receives the connection request and responds with a call to the
|
||
NtCompleteConnectPort service. The server thread receives the ID of
|
||
the client thread, along with any information passed via the
|
||
ConnectionInformation parameter. The server thread then decides to
|
||
either accept or reject the connection request.
|
||
|
||
The server communicates the acceptance or rejection with the
|
||
NtCompleteConnectPort service. The server can pass back data to the
|
||
client about the acceptance or rejection via the
|
||
ConnectionInformation data block.
|
||
|
||
If the server accepts the connection request, then the client
|
||
receives a communication port object in the location pointed to by
|
||
the PortHandle parameter. This object handle has no name associated
|
||
with it and is private to the client process (i.e. it cannot be
|
||
inherited by a child process). The client uses the handle to send
|
||
and receive messages to/from the server process using the
|
||
NtRequestWaitReplyPort service.
|
||
|
||
If the ClientView parameter was specified, then the section handle
|
||
is examined. If it is a valid section handle, then the portion of
|
||
the section described by the SectionOffset and ViewSize fields will
|
||
be mapped into both the client and server process' address spaces.
|
||
The address in client address space will be returned in the ViewBase
|
||
field. The address in the server address space will be returned in
|
||
the ViewRemoteBase field. The actual offset and size used to map
|
||
the section will be returned in the SectionOffset and ViewSize
|
||
fields.
|
||
|
||
If the server rejects the connection request, then no communication
|
||
port object handle is returned, and the return status indicates an
|
||
error occurred. The server may optionally return information in the
|
||
ConnectionInformation data block giving the reason the connection
|
||
requests was rejected.
|
||
|
||
If the PortName does not exist, or the client process does not have
|
||
sufficient access rights then the returned status will indicate that
|
||
the port was not found.
|
||
|
||
Arguments:
|
||
|
||
PortHandle - A pointer to a variable that will receive the client
|
||
communication port object handle value.
|
||
|
||
PortName - A pointer to a port name string. The form of the name
|
||
is [\name...\name]\port_name.
|
||
|
||
SecurityQos - A pointer to security quality of service information
|
||
to be applied to the server on the client's behalf.
|
||
|
||
ClientView - An optional pointer to a structure that specifies the
|
||
section that all client threads will use to send messages to the
|
||
server.
|
||
|
||
ClientView Structure
|
||
|
||
ULONG Length - Specifies the size of this data structure in
|
||
bytes.
|
||
|
||
HANDLE SectionHandle - Specifies an open handle to a section
|
||
object.
|
||
|
||
ULONG SectionOffset - Specifies a field that will receive the
|
||
actual offset, in bytes, from the start of the section. The
|
||
initial value of this parameter specifies the byte offset
|
||
within the section that the client's view is based. The
|
||
value is rounded down to the next host page size boundary.
|
||
|
||
ULONG ViewSize - Specifies a field that will receive the
|
||
actual size, in bytes, of the view. If the value of this
|
||
parameter is zero, then the client's view of the section
|
||
will be mapped starting at the specified section offset and
|
||
continuing to the end of the section. Otherwise, the
|
||
initial value of this parameter specifies the size, in
|
||
bytes, of the client's view and is rounded up to the next
|
||
host page size boundary.
|
||
|
||
PVOID ViewBase - Specifies a field that will receive the base
|
||
address of the section in the client's address space.
|
||
|
||
PVOID ViewRemoteBase - Specifies a field that will receive
|
||
the base address of the client's section in the server's
|
||
address space. Used to generate pointers that are
|
||
meaningful to the server.
|
||
|
||
RequiredServerSid - Optionally specifies the SID that we expect the
|
||
server side of the port to possess. If not specified then we'll
|
||
connect to any server SID.
|
||
|
||
ServerView - An optional pointer to a structure that will receive
|
||
information about the server process' view in the client's
|
||
address space. The client process can use this information
|
||
to validate pointers it receives from the server process.
|
||
|
||
ServerView Structure
|
||
|
||
ULONG Length - Specifies the size of this data structure in
|
||
bytes.
|
||
|
||
PVOID ViewBase - Specifies a field that will receive the base
|
||
address of the server's section in the client's address
|
||
space.
|
||
|
||
ULONG ViewSize - Specifies a field that will receive the
|
||
size, in bytes, of the server's view in the client's address
|
||
space. If this field is zero, then server has no view in
|
||
the client's address space.
|
||
|
||
MaxMessageLength - An optional pointer to a variable that will
|
||
receive maximum length of messages that can be sent to the
|
||
server. The value of this parameter will not exceed
|
||
MAX_PORTMSG_LENGTH bytes.
|
||
|
||
ConnectionInformation - An optional pointer to uninterpreted data.
|
||
This data is intended for clients to pass package, version and
|
||
protocol identification information to the server to allow the
|
||
server to determine if it can satisify the client before
|
||
accepting the connection. Upon return to the client, the
|
||
ConnectionInformation data block contains any information passed
|
||
back from the server by its call to the NtCompleteConnectPort
|
||
service. The output data overwrites the input data.
|
||
|
||
ConnectionInformationLength - Pointer to the length of the
|
||
ConnectionInformation data block. The output value is the
|
||
length of the data stored in the ConnectionInformation data
|
||
block by the server's call to the NtCompleteConnectPort
|
||
service. This parameter is OPTIONAL only if the
|
||
ConnectionInformation parameter is null, otherwise it is
|
||
required.
|
||
|
||
Return Value:
|
||
|
||
NTSTATUS - An appropriate status value.
|
||
|
||
--*/
|
||
|
||
{
|
||
PLPCP_PORT_OBJECT ConnectionPort;
|
||
PLPCP_PORT_OBJECT ClientPort;
|
||
HANDLE Handle;
|
||
KPROCESSOR_MODE PreviousMode;
|
||
NTSTATUS Status;
|
||
ULONG ConnectionInfoLength;
|
||
PVOID SectionToMap;
|
||
PLPCP_MESSAGE Msg;
|
||
PLPCP_CONNECTION_MESSAGE ConnectMsg;
|
||
PEPROCESS CurrentProcess;
|
||
PETHREAD CurrentThread = PsGetCurrentThread();
|
||
LARGE_INTEGER SectionOffset;
|
||
PORT_VIEW CapturedClientView;
|
||
SECURITY_QUALITY_OF_SERVICE CapturedQos;
|
||
PSID CapturedRequiredServerSid;
|
||
|
||
PAGED_CODE();
|
||
|
||
//
|
||
// Get previous processor mode and probe input and output arguments if
|
||
// necessary.
|
||
//
|
||
|
||
PreviousMode = KeGetPreviousMode();
|
||
ConnectionInfoLength = 0;
|
||
|
||
if (PreviousMode != KernelMode) {
|
||
|
||
try {
|
||
|
||
ProbeForWriteHandle( PortHandle );
|
||
|
||
if (ARGUMENT_PRESENT( ClientView )) {
|
||
|
||
CapturedClientView = ProbeAndReadStructure( ClientView, PORT_VIEW );
|
||
|
||
if (CapturedClientView.Length != sizeof( *ClientView )) {
|
||
|
||
return( STATUS_INVALID_PARAMETER );
|
||
}
|
||
|
||
ProbeForWriteSmallStructure( ClientView,
|
||
sizeof( *ClientView ),
|
||
sizeof( ULONG ));
|
||
}
|
||
|
||
if (ARGUMENT_PRESENT( ServerView )) {
|
||
|
||
if (ProbeAndReadUlong( &ServerView->Length ) != sizeof( *ServerView )) {
|
||
|
||
return( STATUS_INVALID_PARAMETER );
|
||
}
|
||
|
||
ProbeForWriteSmallStructure( ServerView,
|
||
sizeof( *ServerView ),
|
||
sizeof( ULONG ));
|
||
}
|
||
|
||
if (ARGUMENT_PRESENT( MaxMessageLength )) {
|
||
|
||
ProbeForWriteUlong( MaxMessageLength );
|
||
}
|
||
|
||
if (ARGUMENT_PRESENT( ConnectionInformationLength )) {
|
||
|
||
ConnectionInfoLength = ProbeAndReadUlong( ConnectionInformationLength );
|
||
ProbeForWriteUlong( ConnectionInformationLength );
|
||
}
|
||
|
||
if (ARGUMENT_PRESENT( ConnectionInformation )) {
|
||
|
||
ProbeForWrite( ConnectionInformation,
|
||
ConnectionInfoLength,
|
||
sizeof( UCHAR ));
|
||
}
|
||
|
||
CapturedQos = ProbeAndReadStructure( SecurityQos, SECURITY_QUALITY_OF_SERVICE );
|
||
|
||
CapturedRequiredServerSid = RequiredServerSid;
|
||
|
||
if (ARGUMENT_PRESENT( RequiredServerSid )) {
|
||
|
||
Status = SeCaptureSid( RequiredServerSid,
|
||
PreviousMode,
|
||
NULL,
|
||
0,
|
||
PagedPool,
|
||
TRUE,
|
||
&CapturedRequiredServerSid );
|
||
|
||
if (!NT_SUCCESS(Status)) {
|
||
|
||
return Status;
|
||
}
|
||
}
|
||
|
||
} except( EXCEPTION_EXECUTE_HANDLER ) {
|
||
|
||
return( GetExceptionCode() );
|
||
}
|
||
|
||
//
|
||
// Otherwise this is a kernel mode operation
|
||
//
|
||
|
||
} else {
|
||
|
||
if (ARGUMENT_PRESENT( ClientView )) {
|
||
|
||
if (ClientView->Length != sizeof( *ClientView )) {
|
||
|
||
return( STATUS_INVALID_PARAMETER );
|
||
}
|
||
|
||
CapturedClientView = *ClientView;
|
||
}
|
||
|
||
if (ARGUMENT_PRESENT( ServerView )) {
|
||
|
||
if (ServerView->Length != sizeof( *ServerView )) {
|
||
|
||
return( STATUS_INVALID_PARAMETER );
|
||
}
|
||
}
|
||
|
||
if (ARGUMENT_PRESENT( ConnectionInformationLength )) {
|
||
|
||
ConnectionInfoLength = *ConnectionInformationLength;
|
||
}
|
||
|
||
CapturedQos = *SecurityQos;
|
||
CapturedRequiredServerSid = RequiredServerSid;
|
||
}
|
||
|
||
//
|
||
// Reference the connection port object by name. Return status if
|
||
// unsuccessful.
|
||
//
|
||
|
||
Status = ObReferenceObjectByName( PortName,
|
||
0,
|
||
NULL,
|
||
PORT_CONNECT,
|
||
LpcPortObjectType,
|
||
PreviousMode,
|
||
NULL,
|
||
(PVOID *)&ConnectionPort );
|
||
|
||
//
|
||
// If the port type object didn't work then try for a waitable port type
|
||
// object
|
||
//
|
||
|
||
if ( Status == STATUS_OBJECT_TYPE_MISMATCH ) {
|
||
|
||
Status = ObReferenceObjectByName( PortName,
|
||
0,
|
||
NULL,
|
||
PORT_CONNECT,
|
||
LpcWaitablePortObjectType,
|
||
PreviousMode,
|
||
NULL,
|
||
(PVOID *)&ConnectionPort );
|
||
}
|
||
|
||
//
|
||
// We can't locate the name so release the sid if we captured one and
|
||
// return error status back to our caller
|
||
//
|
||
|
||
if (!NT_SUCCESS( Status )) {
|
||
|
||
if (CapturedRequiredServerSid != RequiredServerSid) {
|
||
|
||
SeReleaseSid( CapturedRequiredServerSid, PreviousMode, TRUE);
|
||
}
|
||
|
||
return Status;
|
||
}
|
||
|
||
LpcpTrace(("Connecting to port %wZ\n", PortName ));
|
||
|
||
//
|
||
// Error if user didn't give us a server communication port
|
||
//
|
||
|
||
if ((ConnectionPort->Flags & PORT_TYPE) != SERVER_CONNECTION_PORT) {
|
||
|
||
ObDereferenceObject( ConnectionPort );
|
||
|
||
if (CapturedRequiredServerSid != RequiredServerSid) {
|
||
|
||
SeReleaseSid( CapturedRequiredServerSid, PreviousMode, TRUE);
|
||
}
|
||
|
||
return STATUS_INVALID_PORT_HANDLE;
|
||
}
|
||
|
||
//
|
||
// If this is NtSecureConnectPort, validated the required SID against
|
||
// the SID of the server process. Fail if not equal.
|
||
//
|
||
|
||
if (ARGUMENT_PRESENT( RequiredServerSid )) {
|
||
|
||
PTOKEN_USER TokenInfo;
|
||
|
||
if (ConnectionPort->ServerProcess != NULL) {
|
||
|
||
PACCESS_TOKEN Token ;
|
||
|
||
Token = PsReferencePrimaryToken( ConnectionPort->ServerProcess );
|
||
|
||
|
||
Status = SeQueryInformationToken( Token,
|
||
TokenUser,
|
||
&TokenInfo );
|
||
|
||
PsDereferencePrimaryTokenEx( ConnectionPort->ServerProcess, Token );
|
||
|
||
if (NT_SUCCESS( Status )) {
|
||
|
||
if (!RtlEqualSid( CapturedRequiredServerSid, TokenInfo->User.Sid )) {
|
||
|
||
Status = STATUS_SERVER_SID_MISMATCH;
|
||
}
|
||
|
||
ExFreePool( TokenInfo );
|
||
}
|
||
|
||
} else {
|
||
|
||
Status = STATUS_SERVER_SID_MISMATCH;
|
||
}
|
||
|
||
//
|
||
// We are all done with the required server sid if specified so
|
||
// now release one if we had to capture it
|
||
//
|
||
|
||
if (CapturedRequiredServerSid != RequiredServerSid) {
|
||
|
||
SeReleaseSid( CapturedRequiredServerSid, PreviousMode, TRUE);
|
||
}
|
||
|
||
//
|
||
// If the se information token query didn't work then return the
|
||
// error to our caller
|
||
//
|
||
|
||
if (!NT_SUCCESS( Status )) {
|
||
|
||
ObDereferenceObject( ConnectionPort );
|
||
|
||
return Status;
|
||
}
|
||
}
|
||
|
||
//
|
||
// Allocate and initialize a client communication port object. Give
|
||
// the port a request message queue for lost reply datagrams. If
|
||
// unable to initialize the port, then deference the port object which
|
||
// will cause it to be deleted and return the system service status.
|
||
//
|
||
|
||
Status = ObCreateObject( PreviousMode,
|
||
LpcPortObjectType,
|
||
NULL,
|
||
PreviousMode,
|
||
NULL,
|
||
FIELD_OFFSET( LPCP_PORT_OBJECT, WaitEvent ),
|
||
0,
|
||
0,
|
||
(PVOID *)&ClientPort );
|
||
|
||
if (!NT_SUCCESS( Status )) {
|
||
|
||
ObDereferenceObject( ConnectionPort );
|
||
|
||
return Status;
|
||
}
|
||
|
||
//
|
||
// Note, that from here on, none of the error paths dereference the
|
||
// connection port pointer, just the newly created client port pointer.
|
||
// The port delete routine will get called when the client port is
|
||
// deleted and it will dereference the connection port pointer stored
|
||
// in the client port object.
|
||
//
|
||
|
||
//
|
||
// Initialize the client port object to zeros and then fill in the
|
||
// fields.
|
||
//
|
||
|
||
RtlZeroMemory( ClientPort, FIELD_OFFSET( LPCP_PORT_OBJECT, WaitEvent ));
|
||
|
||
ClientPort->Flags = CLIENT_COMMUNICATION_PORT;
|
||
ClientPort->ConnectionPort = ConnectionPort;
|
||
ClientPort->MaxMessageLength = ConnectionPort->MaxMessageLength;
|
||
ClientPort->SecurityQos = CapturedQos;
|
||
|
||
InitializeListHead( &ClientPort->LpcReplyChainHead );
|
||
InitializeListHead( &ClientPort->LpcDataInfoChainHead );
|
||
|
||
//
|
||
// Set the security tracking mode, and initialize the client security
|
||
// context if it is static tracking.
|
||
//
|
||
|
||
if (CapturedQos.ContextTrackingMode == SECURITY_DYNAMIC_TRACKING) {
|
||
|
||
ClientPort->Flags |= PORT_DYNAMIC_SECURITY;
|
||
|
||
} else {
|
||
|
||
Status = SeCreateClientSecurity( CurrentThread,
|
||
&CapturedQos,
|
||
FALSE,
|
||
&ClientPort->StaticSecurity );
|
||
|
||
if (!NT_SUCCESS( Status )) {
|
||
|
||
ObDereferenceObject( ClientPort );
|
||
|
||
return Status;
|
||
}
|
||
}
|
||
|
||
//
|
||
// Client communication ports get a request message queue for lost
|
||
// replies.
|
||
//
|
||
|
||
Status = LpcpInitializePortQueue( ClientPort );
|
||
|
||
if (!NT_SUCCESS( Status )) {
|
||
|
||
ObDereferenceObject( ClientPort );
|
||
|
||
return Status;
|
||
}
|
||
|
||
//
|
||
// If client has allocated a port memory section, then map a view of
|
||
// that section into the client's address space. Also reference the
|
||
// section object so we can pass a pointer to the section object in
|
||
// connection request message. If the server accepts the connection,
|
||
// then it will map a corresponding view of the section in the server's
|
||
// address space, using the referenced pointer passed in the connection
|
||
// request message.
|
||
//
|
||
|
||
if (ARGUMENT_PRESENT( ClientView )) {
|
||
|
||
Status = ObReferenceObjectByHandle( CapturedClientView.SectionHandle,
|
||
SECTION_MAP_READ |
|
||
SECTION_MAP_WRITE,
|
||
MmSectionObjectType,
|
||
PreviousMode,
|
||
(PVOID *)&SectionToMap,
|
||
NULL );
|
||
|
||
if (!NT_SUCCESS( Status )) {
|
||
|
||
ObDereferenceObject( ClientPort );
|
||
|
||
return Status;
|
||
}
|
||
|
||
SectionOffset.LowPart = CapturedClientView.SectionOffset,
|
||
SectionOffset.HighPart = 0;
|
||
|
||
CurrentProcess = PsGetCurrentProcess();
|
||
|
||
//
|
||
// Now map a view of the section using the reference we just captured
|
||
// and not the section handle itself, because the handle may have changed
|
||
//
|
||
|
||
Status = MmMapViewOfSection( SectionToMap,
|
||
CurrentProcess,
|
||
&ClientPort->ClientSectionBase,
|
||
0,
|
||
0,
|
||
&SectionOffset,
|
||
&CapturedClientView.ViewSize,
|
||
ViewUnmap,
|
||
0,
|
||
PAGE_READWRITE );
|
||
|
||
CapturedClientView.SectionOffset = SectionOffset.LowPart;
|
||
|
||
if (!NT_SUCCESS( Status )) {
|
||
|
||
ObDereferenceObject( SectionToMap );
|
||
ObDereferenceObject( ClientPort );
|
||
|
||
return Status;
|
||
}
|
||
|
||
CapturedClientView.ViewBase = ClientPort->ClientSectionBase;
|
||
|
||
//
|
||
// We'll add an extra-reference to the current process, when we have
|
||
// a section mapped in that process.
|
||
//
|
||
|
||
ClientPort->MappingProcess = CurrentProcess;
|
||
|
||
ObReferenceObject( ClientPort->MappingProcess );
|
||
|
||
} else {
|
||
|
||
SectionToMap = NULL;
|
||
}
|
||
|
||
//
|
||
// Adjust the size of the connection info length that the client supplied
|
||
// to be the no longer than one the connection port will accept
|
||
//
|
||
|
||
if (ConnectionInfoLength > ConnectionPort->MaxConnectionInfoLength) {
|
||
|
||
ConnectionInfoLength = ConnectionPort->MaxConnectionInfoLength;
|
||
}
|
||
|
||
//
|
||
// At this point the client port is all setup and now we have to
|
||
// allocate a request connection message for the server and send it off
|
||
//
|
||
// Allocate a connection request message. It holds the LPCP message,
|
||
// the LPCP connection message, and the user supplied connection
|
||
// information
|
||
//
|
||
|
||
Msg = LpcpAllocateFromPortZone( sizeof( *Msg ) +
|
||
sizeof( *ConnectMsg ) +
|
||
ConnectionInfoLength );
|
||
|
||
//
|
||
// If we didn't get memory for the message then tell our caller we failed
|
||
//
|
||
|
||
if (Msg == NULL) {
|
||
|
||
if (SectionToMap != NULL) {
|
||
|
||
ObDereferenceObject( SectionToMap );
|
||
}
|
||
|
||
ObDereferenceObject( ClientPort );
|
||
|
||
return STATUS_NO_MEMORY;
|
||
}
|
||
|
||
//
|
||
// Msg points to the LPCP message, followed by ConnectMsg which points to
|
||
// the LPCP connection message, followed by client specified information.
|
||
// We'll now fill it all in.
|
||
//
|
||
|
||
ConnectMsg = (PLPCP_CONNECTION_MESSAGE)(Msg + 1);
|
||
|
||
//
|
||
// This thread originated the message
|
||
//
|
||
|
||
Msg->Request.ClientId = CurrentThread->Cid;
|
||
|
||
//
|
||
// If we have a client view then copy over the client view information
|
||
// otherwise we'll zero out all of the view information
|
||
//
|
||
|
||
if (ARGUMENT_PRESENT( ClientView )) {
|
||
|
||
Msg->Request.ClientViewSize = CapturedClientView.ViewSize;
|
||
|
||
RtlCopyMemory( &ConnectMsg->ClientView,
|
||
&CapturedClientView,
|
||
sizeof( CapturedClientView ));
|
||
|
||
RtlZeroMemory( &ConnectMsg->ServerView, sizeof( ConnectMsg->ServerView ));
|
||
|
||
} else {
|
||
|
||
Msg->Request.ClientViewSize = 0;
|
||
RtlZeroMemory( ConnectMsg, sizeof( *ConnectMsg ));
|
||
}
|
||
|
||
ConnectMsg->ClientPort = NULL; // Set below
|
||
ConnectMsg->SectionToMap = SectionToMap;
|
||
|
||
//
|
||
// The data length is everything after the port message within the lpcp
|
||
// message. In other words the connection message and the user supplied
|
||
// information
|
||
//
|
||
|
||
Msg->Request.u1.s1.DataLength = (CSHORT)(sizeof( *ConnectMsg ) +
|
||
ConnectionInfoLength);
|
||
|
||
//
|
||
// The total length add on the LPCP message
|
||
//
|
||
|
||
Msg->Request.u1.s1.TotalLength = (CSHORT)(sizeof( *Msg ) +
|
||
Msg->Request.u1.s1.DataLength);
|
||
|
||
//
|
||
// This will be a connection request message
|
||
//
|
||
|
||
Msg->Request.u2.s2.Type = LPC_CONNECTION_REQUEST;
|
||
|
||
//
|
||
// If the caller supplied some connection information then copy
|
||
// that into place right now
|
||
//
|
||
|
||
if (ARGUMENT_PRESENT( ConnectionInformation )) {
|
||
|
||
try {
|
||
|
||
RtlCopyMemory( ConnectMsg + 1,
|
||
ConnectionInformation,
|
||
ConnectionInfoLength );
|
||
|
||
} except( EXCEPTION_EXECUTE_HANDLER ) {
|
||
|
||
//
|
||
// If we fail then cleanup after ourselves and return the
|
||
// error to our caller
|
||
//
|
||
|
||
LpcpFreeToPortZone( Msg, 0 );
|
||
|
||
if (SectionToMap != NULL) {
|
||
|
||
ObDereferenceObject( SectionToMap );
|
||
}
|
||
|
||
ObDereferenceObject( ClientPort );
|
||
|
||
return GetExceptionCode();
|
||
}
|
||
}
|
||
|
||
//
|
||
// The message is mostly ready to go now put it on the servers queue.
|
||
//
|
||
// Acquire the mutex that guards the LpcReplyMessage field of the
|
||
// thread. Also acquire the semaphore that guards the connection
|
||
// request message queue. Stamp the connection request message with
|
||
// a serial number, insert the message at the tail of the connection
|
||
// request message queue and remember the address of the message in
|
||
// the LpcReplyMessage field for the current thread.
|
||
//
|
||
|
||
Status = STATUS_SUCCESS;
|
||
|
||
LpcpAcquireLpcpLockByThread(CurrentThread);
|
||
|
||
//
|
||
// See if the port name has been deleted from under us. If so, then
|
||
// don't queue the message and don't wait for a reply
|
||
//
|
||
|
||
if (ConnectionPort->Flags & PORT_NAME_DELETED) {
|
||
|
||
Status = STATUS_OBJECT_NAME_NOT_FOUND;
|
||
|
||
} else {
|
||
|
||
LpcpTrace(( "Send Connect Msg %lx to Port %wZ (%lx)\n", Msg, PortName, ConnectionPort ));
|
||
|
||
//
|
||
// Stamp the request message with a serial number, insert the message
|
||
// at the tail of the request message queue
|
||
//
|
||
|
||
Msg->RepliedToThread = NULL;
|
||
Msg->Request.MessageId = LpcpGenerateMessageId();
|
||
|
||
CurrentThread->LpcReplyMessageId = Msg->Request.MessageId;
|
||
|
||
InsertTailList( &ConnectionPort->MsgQueue.ReceiveHead, &Msg->Entry );
|
||
|
||
InsertTailList( &ConnectionPort->LpcReplyChainHead, &CurrentThread->LpcReplyChain );
|
||
|
||
CurrentThread->LpcReplyMessage = Msg;
|
||
|
||
//
|
||
// Reference the port we are passing in the connect msg so if we die
|
||
// it will still be valid for the server in NtAcceptConnectPort. The
|
||
// reference will be released when the message is freed.
|
||
//
|
||
|
||
ObReferenceObject( ClientPort );
|
||
|
||
ConnectMsg->ClientPort = ClientPort;
|
||
|
||
KeEnterCriticalRegionThread (&CurrentThread->Tcb);
|
||
}
|
||
|
||
//
|
||
// Add an extra-reference to the connection port to prevent going away
|
||
// if the server closes the handle. The reference we already have is not enough
|
||
// because closing the connection port will delete the connection message from
|
||
// the queue, which will delete the client port, which will dereference the
|
||
// connection port. Therefore right after releasing the lock the connection
|
||
// port might be invalid in the absence of this extra reference.
|
||
//
|
||
|
||
ObReferenceObject( ConnectionPort );
|
||
|
||
LpcpReleaseLpcpLock();
|
||
|
||
//
|
||
// At this point the client's communication port is all set up and the
|
||
// connection request message is in the server's queue. So now we have
|
||
// to single the server and wait for a reply
|
||
//
|
||
|
||
if (NT_SUCCESS( Status )) {
|
||
|
||
//
|
||
// If this is a waitable port then set the event that they might be
|
||
// waiting on
|
||
//
|
||
|
||
if ( ConnectionPort->Flags & PORT_WAITABLE ) {
|
||
|
||
KeSetEvent( &ConnectionPort->WaitEvent, 1, FALSE );
|
||
}
|
||
|
||
//
|
||
// Increment the connection request message queue semaphore by one for
|
||
// the newly inserted connection request message. Release the spin
|
||
// locks, while remaining at the dispatcher IRQL. Then wait for the
|
||
// reply to this connection request by waiting on the LpcReplySemaphore
|
||
// for the current thread.
|
||
//
|
||
|
||
KeReleaseSemaphore( ConnectionPort->MsgQueue.Semaphore,
|
||
1,
|
||
1,
|
||
FALSE );
|
||
KeLeaveCriticalRegionThread (&CurrentThread->Tcb);
|
||
|
||
Status = KeWaitForSingleObject( &CurrentThread->LpcReplySemaphore,
|
||
Executive,
|
||
PreviousMode,
|
||
FALSE,
|
||
NULL );
|
||
|
||
}
|
||
|
||
if (Status == STATUS_USER_APC) {
|
||
|
||
//
|
||
// if the semaphore is signaled, then clear it
|
||
//
|
||
|
||
if (KeReadStateSemaphore( &CurrentThread->LpcReplySemaphore )) {
|
||
|
||
KeWaitForSingleObject( &CurrentThread->LpcReplySemaphore,
|
||
WrExecutive,
|
||
KernelMode,
|
||
FALSE,
|
||
NULL );
|
||
|
||
Status = STATUS_SUCCESS;
|
||
}
|
||
}
|
||
|
||
//
|
||
// A connection request is accepted if the ConnectedPort of the client's
|
||
// communication port has been filled in.
|
||
//
|
||
|
||
if (Status == STATUS_SUCCESS) {
|
||
|
||
SectionToMap = LpcpFreeConMsg( &Msg, &ConnectMsg, CurrentThread );
|
||
|
||
//
|
||
// Check that we got a reply message
|
||
//
|
||
|
||
if (Msg != NULL) {
|
||
|
||
//
|
||
// Copy any connection information back to the caller, but first
|
||
// calculate the new connection data length for the reply and
|
||
// don't let it grow beyond what we probed originally
|
||
//
|
||
|
||
if ((Msg->Request.u1.s1.DataLength - sizeof( *ConnectMsg )) < ConnectionInfoLength) {
|
||
|
||
ConnectionInfoLength = Msg->Request.u1.s1.DataLength - sizeof( *ConnectMsg );
|
||
}
|
||
|
||
if (ARGUMENT_PRESENT( ConnectionInformation )) {
|
||
|
||
try {
|
||
|
||
if (ARGUMENT_PRESENT( ConnectionInformationLength )) {
|
||
|
||
*ConnectionInformationLength = ConnectionInfoLength;
|
||
}
|
||
|
||
RtlCopyMemory( ConnectionInformation,
|
||
ConnectMsg + 1,
|
||
ConnectionInfoLength );
|
||
|
||
} except( EXCEPTION_EXECUTE_HANDLER ) {
|
||
|
||
Status = GetExceptionCode();
|
||
}
|
||
}
|
||
|
||
//
|
||
// Insert client communication port object in specified object
|
||
// table. Set port handle value if successful. If not
|
||
// successful, then the port will have been dereferenced, which
|
||
// will cause it to be freed, after our delete procedure is
|
||
// called. The delete procedure will undo the work done to
|
||
// initialize the port.
|
||
//
|
||
|
||
if (ClientPort->ConnectedPort != NULL) {
|
||
|
||
ULONG CapturedMaxMessageLength;
|
||
|
||
//
|
||
// Before we do the object insert we need to get the max
|
||
// message length because right after the call the object
|
||
// could be dereferenced and gone away
|
||
//
|
||
|
||
CapturedMaxMessageLength = ConnectionPort->MaxMessageLength;
|
||
|
||
//
|
||
// Now create a handle for the new client port object.
|
||
//
|
||
|
||
Status = ObInsertObject( ClientPort,
|
||
NULL,
|
||
PORT_ALL_ACCESS,
|
||
0,
|
||
(PVOID *)NULL,
|
||
&Handle );
|
||
|
||
if (NT_SUCCESS( Status )) {
|
||
|
||
//
|
||
// This is the only successful path through this routine.
|
||
// Set the output variables, later we'll free the msg
|
||
// back to the port zone and return to our caller
|
||
//
|
||
|
||
try {
|
||
|
||
*PortHandle = Handle;
|
||
|
||
if (ARGUMENT_PRESENT( MaxMessageLength )) {
|
||
|
||
*MaxMessageLength = CapturedMaxMessageLength;
|
||
}
|
||
|
||
if (ARGUMENT_PRESENT( ClientView )) {
|
||
|
||
RtlCopyMemory( ClientView,
|
||
&ConnectMsg->ClientView,
|
||
sizeof( *ClientView ));
|
||
}
|
||
|
||
if (ARGUMENT_PRESENT( ServerView )) {
|
||
|
||
RtlCopyMemory( ServerView,
|
||
&ConnectMsg->ServerView,
|
||
sizeof( *ServerView ));
|
||
}
|
||
|
||
} except( EXCEPTION_EXECUTE_HANDLER ) {
|
||
|
||
Status = GetExceptionCode();
|
||
NtClose( Handle );
|
||
}
|
||
}
|
||
|
||
} else {
|
||
|
||
//
|
||
// Otherwise we did not get a connect port from the server so
|
||
// the connection was refused
|
||
//
|
||
|
||
LpcpTrace(( "Connection request refused.\n" ));
|
||
|
||
if ( SectionToMap != NULL ) {
|
||
|
||
ObDereferenceObject( SectionToMap );
|
||
}
|
||
|
||
//
|
||
// Synchronize with the deletion path for the port object
|
||
// If the server accepted the connection and immediately
|
||
// closed the server handle, the ConnectionPort field will be NULL.
|
||
// If the server closed the connection port as well, the captured
|
||
// value for the connection port will be invalid.
|
||
//
|
||
|
||
LpcpAcquireLpcpLockByThread(CurrentThread);
|
||
|
||
if ((ClientPort->ConnectionPort == NULL)
|
||
||
|
||
(ConnectionPort->Flags & PORT_NAME_DELETED)) {
|
||
|
||
Status = STATUS_OBJECT_NAME_NOT_FOUND;
|
||
|
||
} else {
|
||
|
||
Status = STATUS_PORT_CONNECTION_REFUSED;
|
||
}
|
||
|
||
LpcpReleaseLpcpLock();
|
||
|
||
ObDereferenceObject( ClientPort );
|
||
}
|
||
|
||
//
|
||
// Free the reply message back to the port zone
|
||
//
|
||
|
||
LpcpFreeToPortZone( Msg, 0 );
|
||
|
||
} else {
|
||
|
||
//
|
||
// We did not get a reply message so the connection must have
|
||
// been refused
|
||
//
|
||
|
||
if (SectionToMap != NULL) {
|
||
|
||
ObDereferenceObject( SectionToMap );
|
||
}
|
||
|
||
ObDereferenceObject( ClientPort );
|
||
|
||
Status = STATUS_PORT_CONNECTION_REFUSED;
|
||
}
|
||
|
||
} else {
|
||
|
||
//
|
||
// Our wait was not successful
|
||
//
|
||
|
||
//
|
||
// Remove the connection request message from the received
|
||
// queue and free the message back to the connection
|
||
// port's zone.
|
||
//
|
||
|
||
SectionToMap = LpcpFreeConMsg( &Msg, &ConnectMsg, CurrentThread );
|
||
|
||
//
|
||
// The wait was not successful, but in the meantime the server could
|
||
// replied, so it signaled the lpc semaphore. We have to clear the
|
||
// semaphore state right now.
|
||
//
|
||
|
||
if (KeReadStateSemaphore( &CurrentThread->LpcReplySemaphore )) {
|
||
|
||
KeWaitForSingleObject( &CurrentThread->LpcReplySemaphore,
|
||
WrExecutive,
|
||
KernelMode,
|
||
FALSE,
|
||
NULL );
|
||
}
|
||
|
||
if (Msg != NULL) {
|
||
|
||
LpcpFreeToPortZone( Msg, 0 );
|
||
}
|
||
|
||
//
|
||
// If a client section was specified, then dereference the section
|
||
// object.
|
||
//
|
||
|
||
if ( SectionToMap != NULL ) {
|
||
|
||
ObDereferenceObject( SectionToMap );
|
||
}
|
||
|
||
//
|
||
// If the connection was rejected or the wait failed, then
|
||
// dereference the client port object, which will cause it to
|
||
// be deleted.
|
||
//
|
||
|
||
ObDereferenceObject( ClientPort );
|
||
}
|
||
|
||
//
|
||
// Remove the extra reference we added to the connection port
|
||
//
|
||
|
||
ObDereferenceObject( ConnectionPort );
|
||
|
||
//
|
||
// And return to our caller
|
||
//
|
||
|
||
return Status;
|
||
}
|
||
|
||
|
||
//
|
||
// Local support routine
|
||
//
|
||
|
||
PVOID
|
||
LpcpFreeConMsg (
|
||
IN PLPCP_MESSAGE *Msg,
|
||
PLPCP_CONNECTION_MESSAGE *ConnectMsg,
|
||
IN PETHREAD CurrentThread
|
||
)
|
||
|
||
/*++
|
||
|
||
Routine Description:
|
||
|
||
This routine returns a connection reply message for the specified thread
|
||
|
||
Arguments:
|
||
|
||
Msg - Receives a pointer to the LPCP message if there is a reply
|
||
|
||
ConnectMsg - Receives a pointer to the LPCP connection message if there
|
||
is a reply
|
||
|
||
CurrentThread - Specifies the thread we're to be examining
|
||
|
||
Return Value:
|
||
|
||
PVOID - Returns a pointer to the section to map in the connection message
|
||
|
||
--*/
|
||
|
||
{
|
||
PVOID SectionToMap;
|
||
PLPCP_MESSAGE LpcMessage;
|
||
|
||
//
|
||
// Acquire the LPC mutex, remove the connection request message
|
||
// from the received queue and free the message back to the connection
|
||
// port's zone.
|
||
//
|
||
|
||
LpcpAcquireLpcpLock();
|
||
|
||
//
|
||
// Remove the thread from the reply rundown list in case we did not wakeup due to
|
||
// a reply
|
||
//
|
||
|
||
if (!IsListEmpty( &CurrentThread->LpcReplyChain )) {
|
||
|
||
RemoveEntryList( &CurrentThread->LpcReplyChain );
|
||
|
||
InitializeListHead( &CurrentThread->LpcReplyChain );
|
||
}
|
||
|
||
//
|
||
// Check if the thread has an LPC reply message waiting to be handled
|
||
//
|
||
|
||
LpcMessage = LpcpGetThreadMessage(CurrentThread);
|
||
|
||
if (LpcMessage != NULL) {
|
||
|
||
//
|
||
// Take the message off the threads list
|
||
//
|
||
|
||
*Msg = LpcMessage;
|
||
|
||
if (!IsListEmpty( &LpcMessage->Entry )) {
|
||
|
||
RemoveEntryList( &LpcMessage->Entry );
|
||
InitializeListHead( &LpcMessage->Entry );
|
||
}
|
||
|
||
CurrentThread->LpcReplyMessage = NULL;
|
||
|
||
CurrentThread->LpcReplyMessageId = 0;
|
||
|
||
//
|
||
// Set the connection message pointer, and copy over the section
|
||
// to map location before zeroing it out
|
||
//
|
||
|
||
*ConnectMsg = (PLPCP_CONNECTION_MESSAGE)(LpcMessage + 1);
|
||
|
||
SectionToMap = (*ConnectMsg)->SectionToMap;
|
||
(*ConnectMsg)->SectionToMap = NULL;
|
||
|
||
} else {
|
||
|
||
//
|
||
// Otherwise there is no LPC message to be handle so we'll return
|
||
// null's to our caller
|
||
//
|
||
|
||
*Msg = NULL;
|
||
SectionToMap = NULL;
|
||
}
|
||
|
||
//
|
||
// Release the global lock and return to our caller
|
||
//
|
||
|
||
LpcpReleaseLpcpLock();
|
||
|
||
return SectionToMap;
|
||
}
|