xref: /reactos/drivers/filesystems/mup/mup.c (revision b12ab486)
1 /*
2  *  ReactOS kernel
3  *  Copyright (C) 2002 ReactOS Team
4  *
5  *  This program is free software; you can redistribute it and/or modify
6  *  it under the terms of the GNU General Public License as published by
7  *  the Free Software Foundation; either version 2 of the License, or
8  *  (at your option) any later version.
9  *
10  *  This program is distributed in the hope that it will be useful,
11  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
12  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
13  *  GNU General Public License for more details.
14  *
15  *  You should have received a copy of the GNU General Public License along
16  *  with this program; if not, write to the Free Software Foundation, Inc.,
17  *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
18  */
19 /*
20  * COPYRIGHT:        See COPYING in the top level directory
21  * PROJECT:          ReactOS kernel
22  * FILE:             drivers/filesystems/mup/mup.c
23  * PURPOSE:          Multi UNC Provider
24  * PROGRAMMER:       Eric Kohl
25  *                   Pierre Schweitzer (pierre@reactos.org)
26  */
27 
28 /* INCLUDES *****************************************************************/
29 
30 #include "mup.h"
31 
32 #define NDEBUG
33 #include <debug.h>
34 
35 ERESOURCE MupGlobalLock;
36 ERESOURCE MupPrefixTableLock;
37 ERESOURCE MupCcbListLock;
38 ERESOURCE MupVcbLock;
39 LIST_ENTRY MupProviderList;
40 LIST_ENTRY MupPrefixList;
41 LIST_ENTRY MupMasterQueryList;
42 UNICODE_PREFIX_TABLE MupPrefixTable;
43 LARGE_INTEGER MupKnownPrefixTimeout;
44 ULONG MupProviderCount;
45 BOOLEAN MupOrderInitialized;
46 BOOLEAN MupEnableDfs;
47 PDEVICE_OBJECT mupDeviceObject;
48 NTSTATUS MupOrderedErrorList[] = { STATUS_UNSUCCESSFUL,
49                                    STATUS_INVALID_PARAMETER,
50                                    STATUS_REDIRECTOR_NOT_STARTED,
51                                    STATUS_BAD_NETWORK_NAME,
52                                    STATUS_BAD_NETWORK_PATH, 0 };
53 
54 /* FUNCTIONS ****************************************************************/
55 
56 CODE_SEG("INIT")
57 VOID
MupInitializeData(VOID)58 MupInitializeData(VOID)
59 {
60     ExInitializeResourceLite(&MupGlobalLock);
61     ExInitializeResourceLite(&MupPrefixTableLock);
62     ExInitializeResourceLite(&MupCcbListLock);
63     ExInitializeResourceLite(&MupVcbLock);
64     MupProviderCount = 0;
65     InitializeListHead(&MupProviderList);
66     InitializeListHead(&MupPrefixList);
67     InitializeListHead(&MupMasterQueryList);
68     RtlInitializeUnicodePrefix(&MupPrefixTable);
69     MupKnownPrefixTimeout.QuadPart = 9000000000LL;
70     MupOrderInitialized = FALSE;
71 }
72 
73 VOID
MupUninitializeData()74 MupUninitializeData()
75 {
76   ExDeleteResourceLite(&MupGlobalLock);
77   ExDeleteResourceLite(&MupPrefixTableLock);
78   ExDeleteResourceLite(&MupCcbListLock);
79   ExDeleteResourceLite(&MupVcbLock);
80 }
81 
82 CODE_SEG("INIT")
83 VOID
MupInitializeVcb(PMUP_VCB Vcb)84 MupInitializeVcb(PMUP_VCB Vcb)
85 {
86     RtlZeroMemory(Vcb, sizeof(MUP_VCB));
87     Vcb->NodeType = NODE_TYPE_VCB;
88     Vcb->NodeStatus = NODE_STATUS_HEALTHY;
89     Vcb->NodeReferences = 1;
90     Vcb->NodeSize = sizeof(MUP_VCB);
91 }
92 
93 BOOLEAN
MuppIsDfsEnabled(VOID)94 MuppIsDfsEnabled(VOID)
95 {
96     HANDLE Key;
97     ULONG Length;
98     NTSTATUS Status;
99     UNICODE_STRING KeyName;
100     OBJECT_ATTRIBUTES ObjectAttributes;
101     struct
102     {
103         KEY_VALUE_PARTIAL_INFORMATION KeyInfo;
104         ULONG KeyValue;
105     } KeyQueryOutput;
106 
107     /* You recognize FsRtlpIsDfsEnabled()! Congratz :-) */
108     KeyName.Buffer = L"\\Registry\\Machine\\System\\CurrentControlSet\\Services\\Mup";
109     KeyName.Length = sizeof(L"\\Registry\\Machine\\System\\CurrentControlSet\\Services\\Mup") - sizeof(UNICODE_NULL);
110     KeyName.MaximumLength = sizeof(L"\\Registry\\Machine\\System\\CurrentControlSet\\Services\\Mup");
111 
112     /* Simply query registry to know whether we have to disable DFS.
113      * Unless explicitly stated in registry, we will try to enable DFS.
114      */
115     InitializeObjectAttributes(&ObjectAttributes,
116                                &KeyName,
117                                OBJ_CASE_INSENSITIVE,
118                                NULL,
119                                NULL);
120 
121     Status = ZwOpenKey(&Key, KEY_READ, &ObjectAttributes);
122     if (!NT_SUCCESS(Status))
123     {
124         return TRUE;
125     }
126 
127     KeyName.Buffer = L"DisableDfs";
128     KeyName.Length = sizeof(L"DisableDfs") - sizeof(UNICODE_NULL);
129     KeyName.MaximumLength = sizeof(L"DisableDfs");
130 
131     Status = ZwQueryValueKey(Key, &KeyName, KeyValuePartialInformation, &KeyQueryOutput, sizeof(KeyQueryOutput), &Length);
132     ZwClose(Key);
133     if (!NT_SUCCESS(Status) || KeyQueryOutput.KeyInfo.Type != REG_DWORD)
134     {
135         return TRUE;
136     }
137 
138     return ((ULONG_PTR)KeyQueryOutput.KeyInfo.Data != 1);
139 }
140 
141 VOID
MupCalculateTimeout(PLARGE_INTEGER EntryTime)142 MupCalculateTimeout(PLARGE_INTEGER EntryTime)
143 {
144     LARGE_INTEGER CurrentTime;
145 
146     /* Just get now + our allowed timeout */
147     KeQuerySystemTime(&CurrentTime);
148     EntryTime->QuadPart = CurrentTime.QuadPart + MupKnownPrefixTimeout.QuadPart;
149 }
150 
151 PMUP_CCB
MupCreateCcb(VOID)152 MupCreateCcb(VOID)
153 {
154     PMUP_CCB Ccb;
155 
156     Ccb = ExAllocatePoolWithTag(PagedPool, sizeof(MUP_CCB), TAG_MUP);
157     if (Ccb == NULL)
158     {
159         return NULL;
160     }
161 
162     Ccb->NodeStatus = NODE_STATUS_HEALTHY;
163     Ccb->NodeReferences = 1;
164     Ccb->NodeType = NODE_TYPE_CCB;
165     Ccb->NodeSize = sizeof(MUP_CCB);
166 
167     return Ccb;
168 }
169 
170 PMUP_FCB
MupCreateFcb(VOID)171 MupCreateFcb(VOID)
172 {
173     PMUP_FCB Fcb;
174 
175     Fcb = ExAllocatePoolWithTag(PagedPool, sizeof(MUP_FCB), TAG_MUP);
176     if (Fcb == NULL)
177     {
178         return NULL;
179     }
180 
181     Fcb->NodeStatus = NODE_STATUS_HEALTHY;
182     Fcb->NodeReferences = 1;
183     Fcb->NodeType = NODE_TYPE_FCB;
184     Fcb->NodeSize = sizeof(MUP_FCB);
185     InitializeListHead(&Fcb->CcbList);
186 
187     return Fcb;
188 }
189 
190 PMUP_MIC
MupAllocateMasterIoContext(VOID)191 MupAllocateMasterIoContext(VOID)
192 {
193     PMUP_MIC MasterIoContext;
194 
195     MasterIoContext = ExAllocatePoolWithTag(NonPagedPool, sizeof(MUP_MIC), TAG_MUP);
196     if (MasterIoContext == NULL)
197     {
198         return NULL;
199     }
200 
201     MasterIoContext->NodeStatus = NODE_STATUS_HEALTHY;
202     MasterIoContext->NodeReferences = 1;
203     MasterIoContext->NodeType = NODE_TYPE_MIC;
204     MasterIoContext->NodeSize = sizeof(MUP_MIC);
205 
206     return MasterIoContext;
207 }
208 
209 PMUP_UNC
MupAllocateUncProvider(ULONG RedirectorDeviceNameLength)210 MupAllocateUncProvider(ULONG RedirectorDeviceNameLength)
211 {
212     PMUP_UNC UncProvider;
213 
214     UncProvider = ExAllocatePoolWithTag(PagedPool, sizeof(MUP_UNC) + RedirectorDeviceNameLength, TAG_MUP);
215     if (UncProvider == NULL)
216     {
217         return NULL;
218     }
219 
220     UncProvider->NodeReferences = 0;
221     UncProvider->NodeType = NODE_TYPE_UNC;
222     UncProvider->NodeStatus = NODE_STATUS_HEALTHY;
223     UncProvider->NodeSize = sizeof(MUP_UNC) + RedirectorDeviceNameLength;
224     UncProvider->Registered = FALSE;
225 
226     return UncProvider;
227 }
228 
229 PMUP_PFX
MupAllocatePrefixEntry(ULONG PrefixLength)230 MupAllocatePrefixEntry(ULONG PrefixLength)
231 {
232     PMUP_PFX Prefix;
233     ULONG PrefixSize;
234 
235     PrefixSize = sizeof(MUP_PFX) + PrefixLength;
236     Prefix = ExAllocatePoolWithTag(PagedPool, PrefixSize, TAG_MUP);
237     if (Prefix == NULL)
238     {
239         return NULL;
240     }
241 
242     RtlZeroMemory(Prefix, PrefixSize);
243     Prefix->NodeType = NODE_TYPE_PFX;
244     Prefix->NodeStatus = NODE_STATUS_HEALTHY;
245     Prefix->NodeReferences = 1;
246     Prefix->NodeSize = PrefixSize;
247 
248     /* If we got a prefix, initialize the string */
249     if (PrefixLength != 0)
250     {
251         Prefix->AcceptedPrefix.Buffer = (PVOID)((ULONG_PTR)Prefix + sizeof(MUP_PFX));
252         Prefix->AcceptedPrefix.Length = PrefixLength;
253         Prefix->AcceptedPrefix.MaximumLength = PrefixLength;
254     }
255     /* Otherwise, mark the fact that the allocation will be external */
256     else
257     {
258         Prefix->ExternalAlloc = TRUE;
259     }
260 
261     Prefix->KeepExtraRef = FALSE;
262     /* Already init timeout to have one */
263     MupCalculateTimeout(&Prefix->ValidityTimeout);
264 
265     return Prefix;
266 }
267 
268 PMUP_MQC
MupAllocateMasterQueryContext(VOID)269 MupAllocateMasterQueryContext(VOID)
270 {
271     PMUP_MQC MasterQueryContext;
272 
273     MasterQueryContext = ExAllocatePoolWithTag(NonPagedPool, sizeof(MUP_MQC), TAG_MUP);
274     if (MasterQueryContext == NULL)
275     {
276         return NULL;
277     }
278 
279     MasterQueryContext->NodeStatus = NODE_STATUS_HEALTHY;
280     MasterQueryContext->NodeReferences = 1;
281     MasterQueryContext->NodeType = NODE_TYPE_MQC;
282     MasterQueryContext->NodeSize = sizeof(MUP_MQC);
283     InitializeListHead(&MasterQueryContext->QueryPathList);
284     InitializeListHead(&MasterQueryContext->MQCListEntry);
285     ExInitializeResourceLite(&MasterQueryContext->QueryPathListLock);
286 
287     return MasterQueryContext;
288 }
289 
290 ULONG
MupDecodeFileObject(PFILE_OBJECT FileObject,PMUP_FCB * pFcb,PMUP_CCB * pCcb)291 MupDecodeFileObject(PFILE_OBJECT FileObject, PMUP_FCB * pFcb, PMUP_CCB * pCcb)
292 {
293     ULONG Type;
294     PMUP_FCB Fcb;
295 
296     ExAcquireResourceExclusiveLite(&MupGlobalLock, TRUE);
297     *pFcb = FileObject->FsContext;
298     *pCcb = FileObject->FsContext2;
299     Fcb = *pFcb;
300 
301     if (Fcb == NULL)
302     {
303         ExReleaseResourceLite(&MupGlobalLock);
304         return 0;
305     }
306 
307     Type = Fcb->NodeType;
308     if ((Type != NODE_TYPE_VCB && Type != NODE_TYPE_FCB) || (Fcb->NodeStatus != NODE_STATUS_HEALTHY && Fcb->NodeStatus != NODE_STATUS_CLEANUP))
309     {
310         *pFcb = 0;
311         ExReleaseResourceLite(&MupGlobalLock);
312         return 0;
313     }
314 
315     ++Fcb->NodeReferences;
316     ExReleaseResourceLite(&MupGlobalLock);
317 
318     return Type;
319 }
320 
321 VOID
MupFreeNode(PVOID Node)322 MupFreeNode(PVOID Node)
323 {
324     ExFreePoolWithTag(Node, TAG_MUP);
325 }
326 
327 VOID
MupDereferenceFcb(PMUP_FCB Fcb)328 MupDereferenceFcb(PMUP_FCB Fcb)
329 {
330     /* Just dereference and delete if no references left */
331     if (InterlockedDecrement(&Fcb->NodeReferences) == 0)
332     {
333         MupFreeNode(Fcb);
334     }
335 }
336 
337 VOID
MupDereferenceCcb(PMUP_CCB Ccb)338 MupDereferenceCcb(PMUP_CCB Ccb)
339 {
340     /* Just dereference and delete (and clean) if no references left */
341     if (InterlockedDecrement(&Ccb->NodeReferences) == 0)
342     {
343         ExAcquireResourceExclusiveLite(&MupCcbListLock, TRUE);
344         RemoveEntryList(&Ccb->CcbListEntry);
345         ExReleaseResourceLite(&MupCcbListLock);
346         ObDereferenceObject(Ccb->FileObject);
347         MupDereferenceFcb(Ccb->Fcb);
348         MupFreeNode(Ccb);
349     }
350 }
351 
352 VOID
MupDereferenceVcb(PMUP_VCB Vcb)353 MupDereferenceVcb(PMUP_VCB Vcb)
354 {
355     /* We cannot reach the point where no references are left */
356     if (InterlockedDecrement(&Vcb->NodeReferences) == 0)
357     {
358         KeBugCheckEx(FILE_SYSTEM, 3, 0, 0, 0);
359     }
360 }
361 
362 NTSTATUS
MupDereferenceMasterIoContext(PMUP_MIC MasterIoContext,PNTSTATUS NewStatus)363 MupDereferenceMasterIoContext(PMUP_MIC MasterIoContext,
364                               PNTSTATUS NewStatus)
365 {
366     PIRP Irp;
367     NTSTATUS Status;
368     PIO_STACK_LOCATION Stack;
369 
370     Status = STATUS_SUCCESS;
371 
372     if (NewStatus != NULL)
373     {
374         /* Save last status, depending on whether it failed or not */
375         if (!NT_SUCCESS(*NewStatus))
376         {
377             MasterIoContext->LastFailed = *NewStatus;
378         }
379         else
380         {
381             MasterIoContext->LastSuccess = STATUS_SUCCESS;
382         }
383     }
384 
385     if (InterlockedDecrement(&MasterIoContext->NodeReferences) != 0)
386     {
387         return STATUS_PENDING;
388     }
389 
390     Irp = MasterIoContext->Irp;
391     Stack = IoGetCurrentIrpStackLocation(Irp);
392     if (Stack->MajorFunction == IRP_MJ_WRITE)
393     {
394         Irp->IoStatus.Information = Stack->Parameters.Write.Length;
395     }
396     else
397     {
398         Irp->IoStatus.Information = 0;
399     }
400 
401     /* In case we never had any success (init is a failure), get the last failed status */
402     if (!NT_SUCCESS(MasterIoContext->LastSuccess))
403     {
404         Status = MasterIoContext->LastFailed;
405     }
406 
407     Irp->IoStatus.Status = Status;
408     IoCompleteRequest(Irp, IO_DISK_INCREMENT);
409     MupDereferenceFcb(MasterIoContext->Fcb);
410     MupFreeNode(MasterIoContext);
411 
412     return Status;
413 }
414 
415 VOID
MupDereferenceUncProvider(PMUP_UNC UncProvider)416 MupDereferenceUncProvider(PMUP_UNC UncProvider)
417 {
418     InterlockedExchangeAdd(&UncProvider->NodeReferences, -1);
419 }
420 
421 VOID
MupDereferenceKnownPrefix(PMUP_PFX Prefix)422 MupDereferenceKnownPrefix(PMUP_PFX Prefix)
423 {
424     /* Just dereference and delete (and clean) if no references left */
425     if (InterlockedDecrement(&Prefix->NodeReferences) == 0)
426     {
427         if (Prefix->InTable)
428         {
429             RtlRemoveUnicodePrefix(&MupPrefixTable, &Prefix->PrefixTableEntry);
430             RemoveEntryList(&Prefix->PrefixListEntry);
431         }
432 
433         if (Prefix->ExternalAlloc && Prefix->AcceptedPrefix.Buffer != NULL)
434         {
435             ExFreePoolWithTag(Prefix->AcceptedPrefix.Buffer, TAG_MUP);
436         }
437 
438         if (Prefix->UncProvider)
439         {
440             MupDereferenceUncProvider(Prefix->UncProvider);
441         }
442 
443         MupFreeNode(Prefix);
444     }
445 }
446 
447 VOID
MupRemoveKnownPrefixEntry(PMUP_PFX Prefix)448 MupRemoveKnownPrefixEntry(PMUP_PFX Prefix)
449 {
450     RtlRemoveUnicodePrefix(&MupPrefixTable, &Prefix->PrefixTableEntry);
451     RemoveEntryList(&Prefix->PrefixListEntry);
452     Prefix->InTable = FALSE;
453     MupDereferenceKnownPrefix(Prefix);
454 }
455 
456 VOID
MupInvalidatePrefixTable(VOID)457 MupInvalidatePrefixTable(VOID)
458 {
459     PMUP_PFX Prefix;
460     PLIST_ENTRY Entry;
461 
462     /* Browse the prefix table */
463     ExAcquireResourceExclusiveLite(&MupPrefixTableLock, TRUE);
464     for (Entry = MupPrefixList.Flink;
465          Entry != &MupPrefixList;
466          Entry = Entry->Flink)
467     {
468         Prefix = CONTAINING_RECORD(Entry, MUP_PFX, PrefixListEntry);
469 
470         /* And remove any entry in it */
471         if (Prefix->InTable)
472         {
473             MupRemoveKnownPrefixEntry(Prefix);
474         }
475     }
476     ExReleaseResourceLite(&MupPrefixTableLock);
477 }
478 
479 VOID
MupCleanupVcb(PDEVICE_OBJECT DeviceObject,PIRP Irp,PMUP_VCB Vcb)480 MupCleanupVcb(PDEVICE_OBJECT DeviceObject,
481               PIRP Irp,
482               PMUP_VCB Vcb)
483 {
484     ExAcquireResourceExclusiveLite(&MupVcbLock, TRUE);
485 
486     /* Check we're not doing anything wrong first */
487     if (Vcb->NodeStatus != NODE_STATUS_HEALTHY || Vcb->NodeType != NODE_TYPE_VCB)
488     {
489         ExRaiseStatus(STATUS_INVALID_HANDLE);
490     }
491 
492     /* Remove share access */
493     IoRemoveShareAccess(IoGetCurrentIrpStackLocation(Irp)->FileObject, &Vcb->ShareAccess);
494 
495     ExReleaseResourceLite(&MupVcbLock);
496 }
497 
498 VOID
MupCleanupFcb(PDEVICE_OBJECT DeviceObject,PIRP Irp,PMUP_FCB Fcb)499 MupCleanupFcb(PDEVICE_OBJECT DeviceObject,
500               PIRP Irp,
501               PMUP_FCB Fcb)
502 {
503     PLIST_ENTRY Entry;
504     PMUP_CCB Ccb;
505 
506     ExAcquireResourceExclusiveLite(&MupGlobalLock, TRUE);
507     /* Check we're not doing anything wrong first */
508     if (Fcb->NodeStatus != NODE_STATUS_HEALTHY || Fcb->NodeType != NODE_TYPE_FCB)
509     {
510         ExRaiseStatus(STATUS_INVALID_HANDLE);
511     }
512     Fcb->NodeStatus = NODE_STATUS_CLEANUP;
513     ExReleaseResourceLite(&MupGlobalLock);
514 
515     /* Dereference any CCB associated with the FCB */
516     ExAcquireResourceExclusiveLite(&MupCcbListLock, TRUE);
517     for (Entry = Fcb->CcbList.Flink;
518          Entry != &Fcb->CcbList;
519          Entry = Entry->Flink)
520     {
521         Ccb = CONTAINING_RECORD(Entry, MUP_CCB, CcbListEntry);
522         ExReleaseResourceLite(&MupCcbListLock);
523         MupDereferenceCcb(Ccb);
524         ExAcquireResourceExclusiveLite(&MupCcbListLock, TRUE);
525     }
526     ExReleaseResourceLite(&MupCcbListLock);
527 }
528 
529 NTSTATUS
CommonForwardedIoCompletionRoutine(PDEVICE_OBJECT DeviceObject,PIRP Irp,PFORWARDED_IO_CONTEXT FwdCtxt)530 CommonForwardedIoCompletionRoutine(PDEVICE_OBJECT DeviceObject,
531                                    PIRP Irp,
532                                    PFORWARDED_IO_CONTEXT FwdCtxt)
533 {
534     NTSTATUS Status;
535 
536     Status = Irp->IoStatus.Status;
537 
538     /* Just free everything we had allocated */
539     if (Irp->MdlAddress != NULL)
540     {
541         MmUnlockPages(Irp->MdlAddress);
542         IoFreeMdl(Irp->MdlAddress);
543     }
544 
545     if (Irp->Flags & IRP_DEALLOCATE_BUFFER)
546     {
547         ExFreePoolWithTag(Irp->AssociatedIrp.SystemBuffer, TAG_MUP);
548     }
549 
550     IoFreeIrp(Irp);
551 
552     /* Dereference the master context
553      * The upper IRP will be completed once all the lower IRPs are done
554      * (and thus, references count reaches 0)
555      */
556     MupDereferenceCcb(FwdCtxt->Ccb);
557     MupDereferenceMasterIoContext(FwdCtxt->MasterIoContext, &Status);
558     ExFreePoolWithTag(FwdCtxt, TAG_MUP);
559 
560     return STATUS_MORE_PROCESSING_REQUIRED;
561 }
562 
563 VOID
564 NTAPI
DeferredForwardedIoCompletionRoutine(PVOID Context)565 DeferredForwardedIoCompletionRoutine(PVOID Context)
566 {
567     PFORWARDED_IO_CONTEXT FwdCtxt = (PFORWARDED_IO_CONTEXT)Context;
568 
569     CommonForwardedIoCompletionRoutine(FwdCtxt->DeviceObject, FwdCtxt->Irp, Context);
570 }
571 
572 NTSTATUS
573 NTAPI
ForwardedIoCompletionRoutine(PDEVICE_OBJECT DeviceObject,PIRP Irp,PVOID Context)574 ForwardedIoCompletionRoutine(PDEVICE_OBJECT DeviceObject,
575                              PIRP Irp,
576                              PVOID Context)
577 {
578     PFORWARDED_IO_CONTEXT FwdCtxt;
579 
580     /* If we're at DISPATCH_LEVEL, we cannot complete, defer completion */
581     if (KeGetCurrentIrql() < DISPATCH_LEVEL)
582     {
583         CommonForwardedIoCompletionRoutine(DeviceObject, Irp, Context);
584     }
585     else
586     {
587         FwdCtxt = (PFORWARDED_IO_CONTEXT)Context;
588 
589         ExInitializeWorkItem(&FwdCtxt->WorkQueueItem, DeferredForwardedIoCompletionRoutine, Context);
590         ExQueueWorkItem(&FwdCtxt->WorkQueueItem, CriticalWorkQueue);
591     }
592 
593     return STATUS_MORE_PROCESSING_REQUIRED;
594 }
595 
596 NTSTATUS
BuildAndSubmitIrp(PIRP Irp,PMUP_CCB Ccb,PMUP_MIC MasterIoContext)597 BuildAndSubmitIrp(PIRP Irp,
598                   PMUP_CCB Ccb,
599                   PMUP_MIC MasterIoContext)
600 {
601     PMDL Mdl;
602     PIRP LowerIrp;
603     NTSTATUS Status;
604     PIO_STACK_LOCATION Stack;
605     PDEVICE_OBJECT DeviceObject;
606     PFORWARDED_IO_CONTEXT FwdCtxt;
607 
608     Status = STATUS_SUCCESS;
609     LowerIrp = NULL;
610     Mdl = NULL;
611 
612     /* Allocate a context for the completion routine */
613     FwdCtxt = ExAllocatePoolWithTag(NonPagedPool, sizeof(FORWARDED_IO_CONTEXT), TAG_MUP);
614     if (FwdCtxt == NULL)
615     {
616         Status = STATUS_INSUFFICIENT_RESOURCES;
617         goto Cleanup;
618     }
619 
620     /* Init it */
621     FwdCtxt->DeviceObject = NULL;
622     FwdCtxt->Irp = NULL;
623 
624     /* Allocate the IRP */
625     DeviceObject = IoGetRelatedDeviceObject(Ccb->FileObject);
626     LowerIrp = IoAllocateIrp(DeviceObject->StackSize, TRUE);
627     if (LowerIrp == NULL)
628     {
629         Status = STATUS_INSUFFICIENT_RESOURCES;
630         goto Cleanup;
631     }
632 
633     /* Initialize it */
634     LowerIrp->Tail.Overlay.OriginalFileObject = Ccb->FileObject;
635     LowerIrp->Tail.Overlay.Thread = Irp->Tail.Overlay.Thread;
636     LowerIrp->RequestorMode = KernelMode;
637 
638     /* Copy the stack of the request we received to the IRP we'll pass below */
639     Stack = IoGetNextIrpStackLocation(LowerIrp);
640     RtlMoveMemory(Stack, IoGetCurrentIrpStackLocation(Irp), sizeof(IO_STACK_LOCATION));
641     Stack->FileObject = Ccb->FileObject;
642     /* Setup flags according to the FO */
643     if (Ccb->FileObject->Flags & FO_WRITE_THROUGH)
644     {
645         Stack->Flags = SL_WRITE_THROUGH;
646     }
647 
648     _SEH2_TRY
649     {
650         /* Does the device requires we do buffered IOs? */
651         if (DeviceObject->Flags & DO_BUFFERED_IO)
652         {
653             LowerIrp->AssociatedIrp.SystemBuffer = NULL;
654 
655             if (Stack->Parameters.Write.Length == 0)
656             {
657                 LowerIrp->Flags = IRP_BUFFERED_IO;
658             }
659             /* If we have data to pass */
660             else
661             {
662                 /* If it's coming from usermode, probe first */
663                 if (Irp->RequestorMode == UserMode)
664                 {
665                     ProbeForRead(Irp->UserBuffer, Stack->Parameters.Write.Length, sizeof(UCHAR));
666                 }
667 
668                 /* Allocate the buffer */
669                 LowerIrp->AssociatedIrp.SystemBuffer = ExAllocatePoolWithQuotaTag(PagedPoolCacheAligned,
670                                                                                   Stack->Parameters.Write.Length,
671                                                                                   TAG_MUP);
672                 if (LowerIrp->AssociatedIrp.SystemBuffer == NULL)
673                 {
674                     ExRaiseStatus(STATUS_INSUFFICIENT_RESOURCES);
675                 }
676 
677                 /* And copy input (remember, we've to free!) */
678                 RtlMoveMemory(LowerIrp->AssociatedIrp.SystemBuffer, Irp->UserBuffer, Stack->Parameters.Write.Length);
679                 LowerIrp->Flags = IRP_BUFFERED_IO | IRP_DEALLOCATE_BUFFER;
680             }
681         }
682         else
683         {
684             if (!(DeviceObject->Flags & DO_DIRECT_IO))
685             {
686                 LowerIrp->UserBuffer = Irp->UserBuffer;
687             }
688             else
689             {
690                 /* For direct IOs, allocate an MDL and pass it */
691                 if (Stack->Parameters.Write.Length != 0)
692                 {
693                     Mdl = IoAllocateMdl(Irp->UserBuffer, Stack->Parameters.Write.Length, FALSE, TRUE, LowerIrp);
694                     if (Mdl == NULL)
695                     {
696                         ExRaiseStatus(STATUS_INSUFFICIENT_RESOURCES);
697                     }
698 
699                     MmProbeAndLockPages(Mdl, Irp->RequestorMode, IoReadAccess);
700                 }
701             }
702         }
703 
704         /* Fix flags in the IRP */
705         if (Ccb->FileObject->Flags & FO_NO_INTERMEDIATE_BUFFERING)
706         {
707             LowerIrp->Flags |= IRP_WRITE_OPERATION | IRP_NOCACHE;
708         }
709         else
710         {
711             LowerIrp->Flags |= IRP_WRITE_OPERATION;
712         }
713 
714         FwdCtxt->Ccb = Ccb;
715         FwdCtxt->MasterIoContext = MasterIoContext;
716 
717         ExAcquireResourceExclusiveLite(&MupGlobalLock, TRUE);
718         ++MasterIoContext->NodeReferences;
719         ExReleaseResourceLite(&MupGlobalLock);
720 
721         /* Set out completion routine */
722         IoSetCompletionRoutine(LowerIrp, ForwardedIoCompletionRoutine, FwdCtxt, TRUE, TRUE, TRUE);
723         /* And call the device with our brand new IRP */
724         Status = IoCallDriver(Ccb->DeviceObject, LowerIrp);
725     }
726     _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
727     {
728         Status = _SEH2_GetExceptionCode();
729     }
730     _SEH2_END;
731 
732 Cleanup:
733     if (!NT_SUCCESS(Status))
734     {
735         if (FwdCtxt != NULL)
736         {
737             ExFreePoolWithTag(FwdCtxt, TAG_MUP);
738         }
739 
740         if (LowerIrp != NULL)
741         {
742             if (LowerIrp->AssociatedIrp.SystemBuffer == NULL)
743             {
744                 ExFreePoolWithTag(LowerIrp->AssociatedIrp.SystemBuffer, TAG_MUP);
745             }
746 
747             IoFreeIrp(LowerIrp);
748         }
749 
750         if (Mdl != NULL)
751         {
752             IoFreeMdl(Mdl);
753         }
754     }
755 
756     return Status;
757 }
758 
759 NTSTATUS
760 NTAPI
MupForwardIoRequest(PDEVICE_OBJECT DeviceObject,PIRP Irp)761 MupForwardIoRequest(PDEVICE_OBJECT DeviceObject,
762                     PIRP Irp)
763 {
764     PMUP_FCB Fcb;
765     PMUP_CCB Ccb;
766     NTSTATUS Status;
767     PLIST_ENTRY Entry;
768     PMUP_CCB FcbListCcb;
769     BOOLEAN CcbLockAcquired;
770     PMUP_MIC MasterIoContext;
771     PIO_STACK_LOCATION Stack;
772 
773     /* If DFS is enabled, check if that's for DFS and is so relay */
774     if (MupEnableDfs && DeviceObject->DeviceType == FILE_DEVICE_DFS)
775     {
776         return DfsVolumePassThrough(DeviceObject, Irp);
777     }
778 
779     Stack = IoGetCurrentIrpStackLocation(Irp);
780 
781     FsRtlEnterFileSystem();
782 
783     /* Write request is only possible for a mailslot, we need a FCB */
784     MupDecodeFileObject(Stack->FileObject, &Fcb, &Ccb);
785     if (Fcb == NULL || Fcb->NodeType != NODE_TYPE_FCB)
786     {
787         FsRtlExitFileSystem();
788         Status = STATUS_INVALID_DEVICE_REQUEST;
789         goto Complete;
790     }
791 
792     /* Allocate a context */
793     MasterIoContext = MupAllocateMasterIoContext();
794     if (MasterIoContext == NULL)
795     {
796         FsRtlExitFileSystem();
797         Status = STATUS_INSUFFICIENT_RESOURCES;
798         goto Complete;
799     }
800 
801     /* Mark the IRP pending and init the context */
802     IoMarkIrpPending(Irp);
803     MasterIoContext->Irp = Irp;
804     /* Init with a failure to catch if we ever succeed */
805     MasterIoContext->LastSuccess = STATUS_UNSUCCESSFUL;
806     /* Init with the worth failure possible */
807     MasterIoContext->LastFailed = STATUS_BAD_NETWORK_PATH;
808     MasterIoContext->Fcb = Fcb;
809 
810     _SEH2_TRY
811     {
812         ExAcquireResourceExclusiveLite(&MupCcbListLock, TRUE);
813         CcbLockAcquired = TRUE;
814 
815         /* For all the CCB (ie, the mailslots) we have */
816         for (Entry = Fcb->CcbList.Flink;
817              Entry != &Fcb->CcbList;
818              Entry = Entry->Flink)
819         {
820             FcbListCcb = CONTAINING_RECORD(Entry, MUP_CCB, CcbListEntry);
821             ExReleaseResourceLite(&MupCcbListLock);
822             CcbLockAcquired = FALSE;
823 
824             ExAcquireResourceExclusiveLite(&MupGlobalLock, TRUE);
825             ++FcbListCcb->NodeReferences;
826             ExReleaseResourceLite(&MupGlobalLock);
827 
828             /* Forward the write request */
829             BuildAndSubmitIrp(Irp, FcbListCcb, MasterIoContext);
830             ExAcquireResourceExclusiveLite(&MupCcbListLock, TRUE);
831             CcbLockAcquired = TRUE;
832         }
833 
834         ExReleaseResourceLite(&MupCcbListLock);
835         CcbLockAcquired = FALSE;
836     }
837     _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
838     {
839         if (CcbLockAcquired)
840         {
841             ExReleaseResourceLite(&MupCcbListLock);
842         }
843     }
844     _SEH2_END;
845 
846     /* And done */
847     MupDereferenceMasterIoContext(MasterIoContext, NULL);
848     FsRtlExitFileSystem();
849 
850     return STATUS_PENDING;
851 
852 Complete:
853     /* Failure case */
854     Irp->IoStatus.Status = Status;
855     IoCompleteRequest(Irp, IO_DISK_INCREMENT);
856     return Status;
857 }
858 
859 PMUP_UNC
AddUnregisteredProvider(PCWSTR DeviceName,ULONG ProviderOrder)860 AddUnregisteredProvider(PCWSTR DeviceName,
861                         ULONG ProviderOrder)
862 {
863     PMUP_UNC UncProvider;
864     ULONG StrLen, NameLen;
865 
866     /* Just allocate the node */
867     NameLen = wcslen(DeviceName);
868     StrLen = NameLen * sizeof(WCHAR);
869     UncProvider = MupAllocateUncProvider(StrLen);
870     if (UncProvider == NULL)
871     {
872         return NULL;
873     }
874 
875     /* And init it */
876     UncProvider->DeviceName.MaximumLength = StrLen;
877     UncProvider->DeviceName.Length = StrLen;
878     UncProvider->DeviceName.Buffer = (PWSTR)((ULONG_PTR)UncProvider + sizeof(MUP_UNC));
879     UncProvider->ProviderOrder = ProviderOrder;
880     RtlMoveMemory(UncProvider->DeviceName.Buffer, DeviceName, StrLen);
881 
882     /* And add it to the global list
883      * We're using tail here so that when called from registry init,
884      * the providers with highest priority will be in the head of
885      * the list
886      */
887     ExAcquireResourceExclusiveLite(&MupGlobalLock, TRUE);
888     InsertTailList(&MupProviderList, &UncProvider->ProviderListEntry);
889     ExReleaseResourceLite(&MupGlobalLock);
890 
891     return UncProvider;
892 }
893 
894 VOID
InitializeProvider(PCWSTR ProviderName,ULONG ProviderOrder)895 InitializeProvider(PCWSTR ProviderName,
896                    ULONG ProviderOrder)
897 {
898     NTSTATUS Status;
899     HANDLE KeyHandle;
900     UNICODE_STRING Key, Value;
901     PKEY_VALUE_FULL_INFORMATION Info;
902     OBJECT_ATTRIBUTES ObjectAttributes;
903     ULONG NameLen, StrLen, ResultLength;
904 
905     /* Get the information about the provider from registry */
906     NameLen = wcslen(ProviderName);
907     StrLen = NameLen * sizeof(WCHAR) + sizeof(L"\\Registry\\Machine\\System\\CurrentControlSet\\Services\\") + sizeof(L"\\NetworkProvider");
908     Key.Buffer = ExAllocatePoolWithTag(PagedPool, StrLen, TAG_MUP);
909     if (Key.Buffer == NULL)
910     {
911         return;
912     }
913 
914     RtlMoveMemory(Key.Buffer, L"\\Registry\\Machine\\System\\CurrentControlSet\\Services\\", sizeof(L"\\Registry\\Machine\\System\\CurrentControlSet\\Services\\"));
915     Key.MaximumLength = StrLen;
916     Key.Length = sizeof(L"\\Registry\\Machine\\System\\CurrentControlSet\\Services\\") - sizeof(UNICODE_NULL);
917     RtlAppendUnicodeToString(&Key, ProviderName);
918     RtlAppendUnicodeToString(&Key, L"\\NetworkProvider");
919 
920     InitializeObjectAttributes(&ObjectAttributes,
921                                &Key,
922                                OBJ_KERNEL_HANDLE | OBJ_CASE_INSENSITIVE,
923                                NULL,
924                                NULL);
925     Status = ZwOpenKey(&KeyHandle, KEY_QUERY_VALUE, &ObjectAttributes);
926     ExFreePoolWithTag(Key.Buffer, TAG_MUP);
927     if (!NT_SUCCESS(Status))
928     {
929         return;
930     }
931 
932     RtlInitUnicodeString(&Value, L"DeviceName");
933     Status = ZwQueryValueKey(KeyHandle, &Value, KeyValueFullInformation, NULL, 0, &ResultLength);
934     if (Status == STATUS_BUFFER_TOO_SMALL)
935     {
936         Info = ExAllocatePoolWithTag(PagedPool, ResultLength + sizeof(UNICODE_NULL), TAG_MUP);
937         if (Info == NULL)
938         {
939             ZwClose(KeyHandle);
940             return;
941         }
942 
943         Status = ZwQueryValueKey(KeyHandle, &Value, KeyValueFullInformation, Info, ResultLength, &ResultLength);
944     }
945     else
946     {
947         Info = NULL;
948     }
949 
950     ZwClose(KeyHandle);
951 
952     /* And create the provider
953      * It will remain unregistered until FsRTL receives a registration request and forwards
954      * it to MUP
955      */
956     if (NT_SUCCESS(Status))
957     {
958         ASSERT(Info != NULL);
959         AddUnregisteredProvider((PWSTR)((ULONG_PTR)Info + Info->DataOffset), ProviderOrder);
960     }
961 
962     if (Info != NULL)
963     {
964         ExFreePoolWithTag(Info, TAG_MUP);
965     }
966 }
967 
968 VOID
MupGetProviderInformation(VOID)969 MupGetProviderInformation(VOID)
970 {
971     BOOLEAN End;
972     NTSTATUS Status;
973     HANDLE KeyHandle;
974     PWSTR Providers, Coma;
975     PKEY_VALUE_FULL_INFORMATION Info;
976     ULONG ResultLength, ProviderCount;
977     OBJECT_ATTRIBUTES ObjectAttributes;
978     UNICODE_STRING NetworkProvider, ProviderOrder;
979 
980     /* Open the registry to get the order of the providers */
981     RtlInitUnicodeString(&NetworkProvider, L"\\Registry\\Machine\\System\\CurrentControlSet\\Control\\NetworkProvider\\Order");
982     InitializeObjectAttributes(&ObjectAttributes,
983                                &NetworkProvider,
984                                OBJ_KERNEL_HANDLE | OBJ_CASE_INSENSITIVE,
985                                NULL,
986                                NULL);
987     Status = ZwOpenKey(&KeyHandle, KEY_QUERY_VALUE, &ObjectAttributes);
988     if (!NT_SUCCESS(Status))
989     {
990         return;
991     }
992 
993     RtlInitUnicodeString(&ProviderOrder, L"ProviderOrder");
994     Status = ZwQueryValueKey(KeyHandle, &ProviderOrder, KeyValueFullInformation, NULL, 0, &ResultLength);
995     if (Status == STATUS_BUFFER_TOO_SMALL)
996     {
997         Info = ExAllocatePoolWithTag(PagedPool, ResultLength + sizeof(UNICODE_NULL), TAG_MUP);
998         if (Info == NULL)
999         {
1000             ZwClose(KeyHandle);
1001             return;
1002         }
1003 
1004         Status = ZwQueryValueKey(KeyHandle, &ProviderOrder, KeyValueFullInformation, Info, ResultLength, &ResultLength);
1005     }
1006     else
1007     {
1008         Info = NULL;
1009     }
1010 
1011     ZwClose(KeyHandle);
1012 
1013     if (NT_SUCCESS(Status))
1014     {
1015         ASSERT(Info != NULL);
1016 
1017         Providers = (PWSTR)((ULONG_PTR)Info + Info->DataOffset);
1018         End = FALSE;
1019         ProviderCount = 0;
1020 
1021         /* For all the providers we got (coma-separated list), just create a provider node with the right order
1022          * The order is just the order of the list
1023          * First has highest priority (0) and then, get lower and lower priority
1024          * The highest number is the lowest priority
1025          */
1026         do
1027         {
1028             Coma = wcschr(Providers, L',');
1029             if (Coma != NULL)
1030             {
1031                 *Coma = UNICODE_NULL;
1032             }
1033             else
1034             {
1035                 End = TRUE;
1036             }
1037 
1038             InitializeProvider(Providers, ProviderCount);
1039             ++ProviderCount;
1040 
1041             Providers = Coma + 1;
1042         } while (!End);
1043     }
1044 
1045     if (Info != NULL)
1046     {
1047         ExFreePoolWithTag(Info, TAG_MUP);
1048     }
1049 }
1050 
1051 PMUP_UNC
MupCheckForUnregisteredProvider(PUNICODE_STRING RedirectorDeviceName)1052 MupCheckForUnregisteredProvider(PUNICODE_STRING RedirectorDeviceName)
1053 {
1054     PLIST_ENTRY Entry;
1055     PMUP_UNC UncProvider;
1056 
1057     /* Browse the list of all the providers nodes we have */
1058     ExAcquireResourceExclusiveLite(&MupGlobalLock, TRUE);
1059     for (Entry = MupProviderList.Flink; Entry != &MupProviderList; Entry = Entry->Flink)
1060     {
1061         UncProvider = CONTAINING_RECORD(Entry, MUP_UNC, ProviderListEntry);
1062 
1063         /* If one matches the device and is not registered, that's ours! */
1064         if (!UncProvider->Registered && RtlEqualUnicodeString(RedirectorDeviceName, &UncProvider->DeviceName, TRUE))
1065         {
1066             UncProvider->NodeStatus = NODE_STATUS_HEALTHY;
1067             break;
1068         }
1069     }
1070 
1071     if (Entry == &MupProviderList)
1072     {
1073         UncProvider = NULL;
1074     }
1075     ExReleaseResourceLite(&MupGlobalLock);
1076 
1077     return UncProvider;
1078 }
1079 
1080 NTSTATUS
RegisterUncProvider(PDEVICE_OBJECT DeviceObject,PIRP Irp)1081 RegisterUncProvider(PDEVICE_OBJECT DeviceObject,
1082                     PIRP Irp)
1083 
1084 {
1085     BOOLEAN New;
1086     PMUP_FCB Fcb;
1087     PMUP_CCB Ccb;
1088     NTSTATUS Status;
1089     PLIST_ENTRY Entry;
1090     PIO_STACK_LOCATION Stack;
1091     IO_STATUS_BLOCK IoStatusBlock;
1092     PMUP_UNC UncProvider, ListEntry;
1093     OBJECT_ATTRIBUTES ObjectAttributes;
1094     UNICODE_STRING RedirectorDeviceName;
1095     OBJECT_HANDLE_INFORMATION HandleInfo;
1096     PMUP_PROVIDER_REGISTRATION_INFO RegInfo;
1097 
1098     DPRINT1("RegisterUncProvider(%p, %p)\n", DeviceObject, Irp);
1099     New = FALSE;
1100 
1101     /* Check whether providers order was already initialized */
1102     ExAcquireResourceExclusiveLite(&MupGlobalLock, TRUE);
1103     if (MupOrderInitialized)
1104     {
1105         ExReleaseResourceLite(&MupGlobalLock);
1106     }
1107     else
1108     {
1109         /* They weren't, so do it */
1110         MupOrderInitialized = TRUE;
1111         ExReleaseResourceLite(&MupGlobalLock);
1112         MupGetProviderInformation();
1113     }
1114 
1115     Stack = IoGetCurrentIrpStackLocation(Irp);
1116 
1117     /* This can only happen with a volume open */
1118     if (MupDecodeFileObject(Stack->FileObject, &Fcb, &Ccb) != NODE_TYPE_VCB)
1119     {
1120         Irp->IoStatus.Status = STATUS_INVALID_HANDLE;
1121         IoCompleteRequest(Irp, IO_DISK_INCREMENT);
1122 
1123         return STATUS_INVALID_HANDLE;
1124     }
1125 
1126     /* Get the registration information */
1127     RegInfo = (PMUP_PROVIDER_REGISTRATION_INFO)Irp->AssociatedIrp.SystemBuffer;
1128     _SEH2_TRY
1129     {
1130         RedirectorDeviceName.Length = RegInfo->RedirectorDeviceNameLength;
1131         RedirectorDeviceName.MaximumLength = RedirectorDeviceName.Length;
1132         RedirectorDeviceName.Buffer = (PWSTR)((ULONG_PTR)RegInfo + RegInfo->RedirectorDeviceNameOffset);
1133 
1134         /* Have we got already a node for it? (Like from previous init) */
1135         UncProvider = MupCheckForUnregisteredProvider(&RedirectorDeviceName);
1136         if (UncProvider == NULL)
1137         {
1138             /* If we don't, allocate a new one */
1139             New = TRUE;
1140             UncProvider = MupAllocateUncProvider(RegInfo->RedirectorDeviceNameLength);
1141             if (UncProvider == NULL)
1142             {
1143                 Status = STATUS_INVALID_USER_BUFFER;
1144                 _SEH2_LEAVE;
1145             }
1146 
1147             /* Set it up */
1148             UncProvider->DeviceName.Length = RedirectorDeviceName.Length;
1149             UncProvider->DeviceName.MaximumLength = RedirectorDeviceName.MaximumLength;
1150             UncProvider->DeviceName.Buffer = (PWSTR)((ULONG_PTR)UncProvider + sizeof(MUP_UNC));
1151 
1152             /* As it wasn't in registry for order, give the lowest priority possible */
1153             UncProvider->ProviderOrder = MAXLONG;
1154             RtlMoveMemory(UncProvider->DeviceName.Buffer, (PWSTR)((ULONG_PTR)RegInfo + RegInfo->RedirectorDeviceNameOffset), RegInfo->RedirectorDeviceNameLength);
1155         }
1156 
1157         /* Continue registration */
1158         UncProvider->MailslotsSupported = RegInfo->MailslotsSupported;
1159         ++UncProvider->NodeReferences;
1160 
1161         /* Open a handle to the device */
1162         InitializeObjectAttributes(&ObjectAttributes,
1163                                    &UncProvider->DeviceName,
1164                                    OBJ_CASE_INSENSITIVE,
1165                                    NULL,
1166                                    NULL);
1167         Status = NtOpenFile(&UncProvider->DeviceHandle,
1168                             FILE_TRAVERSE,
1169                             &ObjectAttributes,
1170                             &IoStatusBlock,
1171                             FILE_SHARE_READ | FILE_SHARE_WRITE,
1172                             FILE_DIRECTORY_FILE);
1173         if (NT_SUCCESS(Status))
1174         {
1175             Status = IoStatusBlock.Status;
1176         }
1177 
1178         /* And return the provider (as CCB) */
1179         if (NT_SUCCESS(Status))
1180         {
1181             Stack->FileObject->FsContext2 = UncProvider;
1182             Status = ObReferenceObjectByHandle(UncProvider->DeviceHandle, 0, NULL, KernelMode, (PVOID *)&UncProvider->FileObject, &HandleInfo);
1183             if (!NT_SUCCESS(Status))
1184             {
1185                 NtClose(UncProvider->DeviceHandle);
1186             }
1187         }
1188 
1189         if (!NT_SUCCESS(Status))
1190         {
1191             MupDereferenceUncProvider(UncProvider);
1192         }
1193         else
1194         {
1195             UncProvider->DeviceObject = IoGetRelatedDeviceObject(UncProvider->FileObject);
1196 
1197             /* Now, insert the provider in our global list
1198              * They are sorted by order
1199              */
1200             ExAcquireResourceExclusiveLite(&MupGlobalLock, TRUE);
1201             ++MupProviderCount;
1202             if (New)
1203             {
1204                 for (Entry = MupProviderList.Flink; Entry != &MupProviderList; Entry = Entry->Flink)
1205                 {
1206                     ListEntry = CONTAINING_RECORD(Entry, MUP_UNC, ProviderListEntry);
1207 
1208                     if (UncProvider->ProviderOrder < ListEntry->ProviderOrder)
1209                     {
1210                         break;
1211                     }
1212                 }
1213 
1214                 InsertTailList(Entry, &UncProvider->ProviderListEntry);
1215             }
1216             UncProvider->Registered = TRUE;
1217             ExReleaseResourceLite(&MupGlobalLock);
1218             Status = STATUS_SUCCESS;
1219 
1220             DPRINT1("UNC provider %wZ registered\n", &UncProvider->DeviceName);
1221         }
1222     }
1223     _SEH2_FINALLY
1224     {
1225         if (_SEH2_AbnormalTermination())
1226         {
1227             Status = STATUS_INVALID_USER_BUFFER;
1228         }
1229 
1230         MupDereferenceVcb((PMUP_VCB)Fcb);
1231 
1232         Irp->IoStatus.Status = Status;
1233         IoCompleteRequest(Irp, IO_DISK_INCREMENT);
1234     }
1235     _SEH2_END;
1236 
1237     return Status;
1238 }
1239 
1240 NTSTATUS
1241 NTAPI
MupFsControl(PDEVICE_OBJECT DeviceObject,PIRP Irp)1242 MupFsControl(PDEVICE_OBJECT DeviceObject,
1243              PIRP Irp)
1244 {
1245     NTSTATUS Status;
1246     PIO_STACK_LOCATION Stack;
1247 
1248     Stack = IoGetCurrentIrpStackLocation(Irp);
1249 
1250     _SEH2_TRY
1251     {
1252         /* MUP only understands a single FSCTL code: registering UNC provider */
1253         if (Stack->Parameters.FileSystemControl.FsControlCode == FSCTL_MUP_REGISTER_PROVIDER)
1254         {
1255             /* It obviously has to come from a driver/kernelmode thread */
1256             if (Irp->RequestorMode == UserMode)
1257             {
1258                 Status = STATUS_ACCESS_DENIED;
1259 
1260                 Irp->IoStatus.Status = Status;
1261                 IoCompleteRequest(Irp, IO_DISK_INCREMENT);
1262 
1263                 _SEH2_LEAVE;
1264             }
1265 
1266             Status = RegisterUncProvider(DeviceObject, Irp);
1267         }
1268         else
1269         {
1270             /* If that's an unknown FSCTL code, maybe it's for DFS, pass it */
1271             if (!MupEnableDfs)
1272             {
1273                 Status = STATUS_INVALID_PARAMETER;
1274 
1275                 Irp->IoStatus.Status = Status;
1276                 IoCompleteRequest(Irp, IO_DISK_INCREMENT);
1277 
1278                 _SEH2_LEAVE;
1279             }
1280 
1281             Status = DfsFsdFileSystemControl(DeviceObject, Irp);
1282         }
1283     }
1284     _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
1285     {
1286         Status = _SEH2_GetExceptionCode();
1287     }
1288     _SEH2_END;
1289 
1290     return Status;
1291 }
1292 
1293 VOID
MupSetFileObject(PFILE_OBJECT FileObject,PMUP_FCB Fcb,PMUP_CCB Ccb)1294 MupSetFileObject(PFILE_OBJECT FileObject,
1295                  PMUP_FCB Fcb,
1296                  PMUP_CCB Ccb)
1297 {
1298     FileObject->FsContext = Fcb;
1299     FileObject->FsContext2 = Ccb;
1300 }
1301 
1302 NTSTATUS
MupRerouteOpen(PFILE_OBJECT FileObject,PMUP_UNC UncProvider)1303 MupRerouteOpen(PFILE_OBJECT FileObject,
1304                PMUP_UNC UncProvider)
1305 {
1306     PWSTR FullPath;
1307     ULONG TotalLength;
1308 
1309     DPRINT("Rerouting %wZ with %wZ\n", &FileObject->FileName, &UncProvider->DeviceName);
1310 
1311     /* Get the full path name (device name first, and requested file name appended) */
1312     TotalLength = UncProvider->DeviceName.Length + FileObject->FileName.Length;
1313     if (TotalLength > MAXUSHORT)
1314     {
1315         return STATUS_NAME_TOO_LONG;
1316     }
1317 
1318     /* Allocate a buffer big enough */
1319     FullPath = ExAllocatePoolWithTag(PagedPool, TotalLength, TAG_MUP);
1320     if (FullPath == NULL)
1321     {
1322         return STATUS_INSUFFICIENT_RESOURCES;
1323     }
1324 
1325     /* Create the full path */
1326     RtlMoveMemory(FullPath, UncProvider->DeviceName.Buffer, UncProvider->DeviceName.Length);
1327     RtlMoveMemory((PWSTR)((ULONG_PTR)FullPath + UncProvider->DeviceName.Length), FileObject->FileName.Buffer, FileObject->FileName.Length);
1328 
1329     /* And redo the path in the file object */
1330     ExFreePoolWithTag(FileObject->FileName.Buffer, 0);
1331     FileObject->FileName.Buffer = FullPath;
1332     FileObject->FileName.MaximumLength = TotalLength;
1333     FileObject->FileName.Length = FileObject->FileName.MaximumLength;
1334 
1335     /* Ob, please reparse to open the correct file at the right place, thanks! :-) */
1336     return STATUS_REPARSE;
1337 }
1338 
1339 NTSTATUS
BroadcastOpen(PIRP Irp)1340 BroadcastOpen(PIRP Irp)
1341 {
1342     PMUP_FCB Fcb;
1343     HANDLE Handle;
1344     PLIST_ENTRY Entry;
1345     PMUP_CCB Ccb = NULL;
1346     PMUP_UNC UncProvider;
1347     UNICODE_STRING FullPath;
1348     PFILE_OBJECT FileObject;
1349     PIO_STACK_LOCATION Stack;
1350     NTSTATUS Status, LastFailed;
1351     ULONG TotalLength, LastOrder;
1352     IO_STATUS_BLOCK IoStatusBlock;
1353     OBJECT_ATTRIBUTES ObjectAttributes;
1354     OBJECT_HANDLE_INFORMATION HandleInfo;
1355     BOOLEAN Locked, Referenced, CcbInitialized;
1356 
1357     Fcb = MupCreateFcb();
1358     if (Fcb == NULL)
1359     {
1360         return STATUS_INSUFFICIENT_RESOURCES;
1361     }
1362 
1363     Stack = IoGetCurrentIrpStackLocation(Irp);
1364     FileObject = Stack->FileObject;
1365     Locked = FALSE;
1366     Referenced = FALSE;
1367     CcbInitialized = FALSE;
1368     LastFailed = STATUS_NO_SUCH_FILE;
1369     LastOrder = (ULONG)-1;
1370 
1371     _SEH2_TRY
1372     {
1373         ExAcquireResourceExclusiveLite(&MupGlobalLock, TRUE);
1374         Locked = TRUE;
1375 
1376         /* Associate our FCB with the FO */
1377         MupSetFileObject(FileObject, Fcb, NULL);
1378         Fcb->FileObject = FileObject;
1379 
1380         /* Now, broadcast the open to any UNC provider that supports mailslots */
1381         for (Entry = MupProviderList.Flink; Entry != &MupProviderList; Entry = Entry->Flink)
1382         {
1383             UncProvider = CONTAINING_RECORD(Entry, MUP_UNC, ProviderListEntry);
1384             ++UncProvider->NodeReferences;
1385             Referenced = TRUE;
1386 
1387             ExReleaseResourceLite(&MupGlobalLock);
1388             Locked = FALSE;
1389 
1390             TotalLength = UncProvider->DeviceName.Length + FileObject->FileName.Length;
1391             if (UncProvider->MailslotsSupported && TotalLength <= MAXUSHORT)
1392             {
1393                 /* Provide the correct name for the mailslot (ie, happened the device name of the provider) */
1394                 FullPath.Buffer = ExAllocatePoolWithTag(PagedPool, TotalLength, TAG_MUP);
1395                 if (FullPath.Buffer == NULL)
1396                 {
1397                     ExRaiseStatus(STATUS_INSUFFICIENT_RESOURCES);
1398                 }
1399 
1400                 FullPath.Length = TotalLength;
1401                 FullPath.MaximumLength = TotalLength;
1402                 RtlMoveMemory(FullPath.Buffer, UncProvider->DeviceName.Buffer, UncProvider->DeviceName.Length);
1403                 RtlMoveMemory((PWSTR)((ULONG_PTR)FullPath.Buffer + UncProvider->DeviceName.Length),
1404                               FileObject->FileName.Buffer,
1405                               FileObject->FileName.Length);
1406 
1407                 /* And just forward the creation request */
1408                 InitializeObjectAttributes(&ObjectAttributes,
1409                                            &FullPath,
1410                                            OBJ_KERNEL_HANDLE | OBJ_CASE_INSENSITIVE,
1411                                            NULL,
1412                                            NULL);
1413                 Status = IoCreateFile(&Handle,
1414                                       Stack->Parameters.Create.SecurityContext->DesiredAccess & FILE_SIMPLE_RIGHTS_MASK,
1415                                       &ObjectAttributes,
1416                                       &IoStatusBlock,
1417                                       NULL,
1418                                       Stack->Parameters.Create.FileAttributes & FILE_ATTRIBUTE_VALID_FLAGS,
1419                                       Stack->Parameters.Create.ShareAccess & FILE_SHARE_VALID_FLAGS,
1420                                       FILE_OPEN,
1421                                       Stack->Parameters.Create.Options & FILE_VALID_SET_FLAGS,
1422                                       NULL,
1423                                       0,
1424                                       CreateFileTypeNone,
1425                                       NULL,
1426                                       IO_NO_PARAMETER_CHECKING);
1427 
1428                 ExFreePoolWithTag(FullPath.Buffer, TAG_MUP);
1429 
1430                 /* If opening succeed */
1431                 if (NT_SUCCESS(Status))
1432                 {
1433                     Status = IoStatusBlock.Status;
1434 
1435                     /* Create a CCB */
1436                     Ccb = MupCreateCcb();
1437                     if (Ccb == NULL)
1438                     {
1439                         Status = STATUS_INSUFFICIENT_RESOURCES;
1440                     }
1441 
1442                     /* And associated a FO to it */
1443                     if (NT_SUCCESS(Status))
1444                     {
1445                         Status = ObReferenceObjectByHandle(Handle, 0, 0, 0, (PVOID *)&Ccb->FileObject, &HandleInfo);
1446                         ZwClose(Handle);
1447                     }
1448                 }
1449 
1450                 /* If we failed, remember the last failed status of the higher priority provider */
1451                 if (!NT_SUCCESS(Status))
1452                 {
1453                     if (UncProvider->ProviderOrder <= LastOrder)
1454                     {
1455                         LastOrder = UncProvider->ProviderOrder;
1456                         LastFailed = Status;
1457                     }
1458                 }
1459                 /* Otherwise, properly attach our CCB to the mailslot */
1460                 else
1461                 {
1462                     Ccb->DeviceObject = IoGetRelatedDeviceObject(Ccb->FileObject);
1463                     Ccb->Fcb = Fcb;
1464 
1465                     ExAcquireResourceExclusiveLite(&MupGlobalLock, TRUE);
1466                     Locked = TRUE;
1467                     ++Fcb->NodeReferences;
1468                     ExReleaseResourceLite(&MupGlobalLock);
1469                     Locked = FALSE;
1470                     CcbInitialized = TRUE;
1471 
1472                     InsertTailList(&Fcb->CcbList, &Ccb->CcbListEntry);
1473                 }
1474             }
1475 
1476             ExAcquireResourceExclusiveLite(&MupGlobalLock, TRUE);
1477             Locked = TRUE;
1478             MupDereferenceUncProvider(UncProvider);
1479             Referenced = FALSE;
1480         }
1481 
1482         ExReleaseResourceLite(&MupGlobalLock);
1483         Locked = FALSE;
1484     }
1485     _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
1486     {
1487         Status = _SEH2_GetExceptionCode();
1488     }
1489     _SEH2_END;
1490 
1491     /* If we at least opened one mailslot, return success */
1492     Status = (CcbInitialized ? STATUS_SUCCESS : LastFailed);
1493 
1494     if (Referenced)
1495     {
1496         MupDereferenceUncProvider(UncProvider);
1497     }
1498 
1499     if (Locked)
1500     {
1501         ExReleaseResourceLite(&MupGlobalLock);
1502     }
1503 
1504     /* In case of failure, don't leak CCB */
1505     if (!NT_SUCCESS(Status) && Ccb != NULL)
1506     {
1507         MupFreeNode(Ccb);
1508     }
1509 
1510     return Status;
1511 }
1512 
1513 PIRP
MupBuildIoControlRequest(PFILE_OBJECT FileObject,PVOID Context,ULONG MajorFunction,ULONG IoctlCode,PVOID InputBuffer,ULONG InputBufferSize,PVOID OutputBuffer,ULONG OutputBufferSize,PIO_COMPLETION_ROUTINE CompletionRoutine)1514 MupBuildIoControlRequest(PFILE_OBJECT FileObject,
1515                          PVOID Context,
1516                          ULONG MajorFunction,
1517                          ULONG IoctlCode,
1518                          PVOID InputBuffer,
1519                          ULONG InputBufferSize,
1520                          PVOID OutputBuffer,
1521                          ULONG OutputBufferSize,
1522                          PIO_COMPLETION_ROUTINE CompletionRoutine)
1523 {
1524     PIRP Irp;
1525     PIO_STACK_LOCATION Stack;
1526     PDEVICE_OBJECT DeviceObject;
1527 
1528     if (InputBuffer == NULL)
1529     {
1530         return NULL;
1531     }
1532 
1533     /* Get the device object */
1534     DeviceObject = IoGetRelatedDeviceObject(FileObject);
1535     /* Allocate the IRP (with one more location for us */
1536     Irp = IoAllocateIrp(DeviceObject->StackSize + 1, FALSE);
1537     if (Irp == NULL)
1538     {
1539         return NULL;
1540     }
1541 
1542     /* Skip our location */
1543     IoSetNextIrpStackLocation(Irp);
1544     /* Setup the IRP */
1545     Irp->Tail.Overlay.OriginalFileObject = FileObject;
1546     Irp->Tail.Overlay.Thread = PsGetCurrentThread();
1547     IoSetCompletionRoutine(Irp, CompletionRoutine, Context, TRUE, TRUE, TRUE);
1548 
1549     /* Setup the stack */
1550     Stack = IoGetNextIrpStackLocation(Irp);
1551     Stack->MajorFunction = MajorFunction;
1552     Stack->Parameters.DeviceIoControl.OutputBufferLength = OutputBufferSize;
1553     Stack->Parameters.DeviceIoControl.InputBufferLength = InputBufferSize;
1554     Stack->Parameters.DeviceIoControl.IoControlCode = IoctlCode;
1555     Stack->MinorFunction = 0;
1556     Stack->FileObject = FileObject;
1557     Stack->DeviceObject = DeviceObject;
1558 
1559     switch (IO_METHOD_FROM_CTL_CODE(IoctlCode))
1560     {
1561         case METHOD_BUFFERED:
1562             /* If it's buffered, just pass the buffers we got */
1563             Irp->MdlAddress = NULL;
1564             Irp->AssociatedIrp.SystemBuffer = InputBuffer;
1565             Irp->UserBuffer = OutputBuffer;
1566             Irp->Flags = IRP_BUFFERED_IO;
1567 
1568             if (OutputBuffer != NULL)
1569             {
1570                 Irp->Flags |= IRP_INPUT_OPERATION;
1571             }
1572             break;
1573 
1574         case METHOD_IN_DIRECT:
1575         case METHOD_OUT_DIRECT:
1576             /* Otherwise, allocate an MDL */
1577             if (IoAllocateMdl(InputBuffer, InputBufferSize, FALSE, FALSE, Irp) == NULL)
1578             {
1579                 IoFreeIrp(Irp);
1580                 return NULL;
1581             }
1582 
1583             Irp->AssociatedIrp.SystemBuffer = InputBuffer;
1584             Irp->Flags = IRP_BUFFERED_IO;
1585             MmProbeAndLockPages(Irp->MdlAddress, KernelMode, IoReadAccess);
1586             break;
1587 
1588         case METHOD_NEITHER:
1589             /* Or pass the buffers */
1590             Irp->UserBuffer = OutputBuffer;
1591             Irp->MdlAddress = NULL;
1592             Irp->AssociatedIrp.SystemBuffer = NULL;
1593             Stack->Parameters.DeviceIoControl.Type3InputBuffer = InputBuffer;
1594             break;
1595     }
1596 
1597     return Irp;
1598 }
1599 
1600 VOID
MupFreeMasterQueryContext(PMUP_MQC MasterQueryContext)1601 MupFreeMasterQueryContext(PMUP_MQC MasterQueryContext)
1602 {
1603     ExDeleteResourceLite(&MasterQueryContext->QueryPathListLock);
1604     ExFreePoolWithTag(MasterQueryContext, TAG_MUP);
1605 }
1606 
1607 NTSTATUS
MupDereferenceMasterQueryContext(PMUP_MQC MasterQueryContext)1608 MupDereferenceMasterQueryContext(PMUP_MQC MasterQueryContext)
1609 {
1610     LONG References;
1611     NTSTATUS Status;
1612     BOOLEAN KeepExtraRef;
1613 
1614     ExAcquireResourceExclusiveLite(&MupGlobalLock, TRUE);
1615     --MasterQueryContext->NodeReferences;
1616     References = MasterQueryContext->NodeReferences;
1617     ExReleaseResourceLite(&MupGlobalLock);
1618 
1619     if (References != 0)
1620     {
1621         DPRINT("Still having refs (%ld)\n", References);
1622         return STATUS_PENDING;
1623     }
1624 
1625     /* We HAVE an IRP to complete. It cannot be NULL
1626      * Please, help preserving kittens, don't provide NULL IRPs.
1627      */
1628     if (MasterQueryContext->Irp == NULL)
1629     {
1630         KeBugCheck(FILE_SYSTEM);
1631     }
1632 
1633     ExAcquireResourceExclusiveLite(&MupGlobalLock, TRUE);
1634     RemoveEntryList(&MasterQueryContext->MQCListEntry);
1635     ExReleaseResourceLite(&MupGlobalLock);
1636 
1637     ExAcquireResourceExclusiveLite(&MupPrefixTableLock, TRUE);
1638     KeepExtraRef = MasterQueryContext->Prefix->KeepExtraRef;
1639     MupDereferenceKnownPrefix(MasterQueryContext->Prefix);
1640 
1641     /* We found a provider? */
1642     if (MasterQueryContext->LatestProvider != NULL)
1643     {
1644         /* With a successful status? */
1645         if (MasterQueryContext->LatestStatus == STATUS_SUCCESS)
1646         {
1647             /* Then, it's time to reroute, someone accepted to handle the file creation request! */
1648             if (!KeepExtraRef)
1649             {
1650                 MupDereferenceKnownPrefix(MasterQueryContext->Prefix);
1651             }
1652 
1653             ExReleaseResourceLite(&MupPrefixTableLock);
1654             /* Reroute & complete :-) */
1655             Status = MupRerouteOpen(MasterQueryContext->FileObject, MasterQueryContext->LatestProvider);
1656             goto Complete;
1657         }
1658         else
1659         {
1660             MupDereferenceUncProvider(MasterQueryContext->LatestProvider);
1661         }
1662     }
1663 
1664     MupDereferenceKnownPrefix(MasterQueryContext->Prefix);
1665     ExReleaseResourceLite(&MupPrefixTableLock);
1666 
1667     /* Return the highest failed status we had */
1668     Status = MasterQueryContext->LatestStatus;
1669 
1670 Complete:
1671     /* In finally, complete the IRP for real! */
1672     MasterQueryContext->Irp->IoStatus.Status = Status;
1673     IoCompleteRequest(MasterQueryContext->Irp, IO_DISK_INCREMENT);
1674 
1675     MasterQueryContext->Irp = NULL;
1676     MupFreeMasterQueryContext(MasterQueryContext);
1677 
1678     return Status;
1679 }
1680 
1681 NTSTATUS
1682 NTAPI
QueryPathCompletionRoutine(PDEVICE_OBJECT DeviceObject,PIRP Irp,PVOID Context)1683 QueryPathCompletionRoutine(PDEVICE_OBJECT DeviceObject,
1684                            PIRP Irp,
1685                            PVOID Context)
1686 {
1687     PMUP_PFX Prefix;
1688     ULONG LatestPos, Pos;
1689     PWSTR AcceptedPrefix;
1690     PMUP_MQC MasterQueryContext;
1691     NTSTATUS Status, TableStatus;
1692     PQUERY_PATH_CONTEXT QueryContext;
1693     PQUERY_PATH_RESPONSE QueryResponse;
1694 
1695     /* Get all the data from our query to the provider */
1696     QueryContext = (PQUERY_PATH_CONTEXT)Context;
1697     QueryResponse = (PQUERY_PATH_RESPONSE)QueryContext->QueryPathRequest;
1698     MasterQueryContext = QueryContext->MasterQueryContext;
1699     Status = Irp->IoStatus.Status;
1700 
1701     DPRINT("Reply from %wZ: %u (Status: %lx)\n", &QueryContext->UncProvider->DeviceName, QueryResponse->LengthAccepted, Status);
1702 
1703     ExAcquireResourceExclusiveLite(&MasterQueryContext->QueryPathListLock, TRUE);
1704     RemoveEntryList(&QueryContext->QueryPathListEntry);
1705 
1706     /* If the driver returned a success, and an acceptance length */
1707     if (NT_SUCCESS(Status) && QueryResponse->LengthAccepted > 0)
1708     {
1709         Prefix = MasterQueryContext->Prefix;
1710 
1711         /* Check if we already found a provider from a previous iteration */
1712         if (MasterQueryContext->LatestProvider != NULL)
1713         {
1714            /* If the current provider has a lower priority (ie, a greater order), then, bailout and keep previous one */
1715             if (QueryContext->UncProvider->ProviderOrder >= MasterQueryContext->LatestProvider->ProviderOrder)
1716             {
1717                 MupDereferenceUncProvider(QueryContext->UncProvider);
1718                 goto Cleanup;
1719             }
1720 
1721             /* Otherwise, if the prefix was in the prefix table, just drop it:
1722              * we have a provider which supersedes the accepted prefix, so leave
1723              * room for the new prefix/provider
1724              */
1725             ExAcquireResourceExclusiveLite(&MupPrefixTableLock, TRUE);
1726             if (Prefix->InTable)
1727             {
1728                 RtlRemoveUnicodePrefix(&MupPrefixTable, &Prefix->PrefixTableEntry);
1729                 RemoveEntryList(&Prefix->PrefixListEntry);
1730                 Prefix->InTable = FALSE;
1731             }
1732             ExReleaseResourceLite(&MupPrefixTableLock);
1733 
1734             Prefix->KeepExtraRef = FALSE;
1735 
1736             /* Release data associated with the current prefix, if any
1737              * We'll renew them with the new accepted prefix
1738              */
1739             if (Prefix->AcceptedPrefix.Length != 0 && Prefix->AcceptedPrefix.Buffer != NULL)
1740             {
1741                 ExFreePoolWithTag(Prefix->AcceptedPrefix.Buffer, TAG_MUP);
1742                 Prefix->AcceptedPrefix.MaximumLength = 0;
1743                 Prefix->AcceptedPrefix.Length = 0;
1744                 Prefix->AcceptedPrefix.Buffer = NULL;
1745                 Prefix->ExternalAlloc = FALSE;
1746             }
1747 
1748             /* If there was also a provider, drop it, the new one
1749              * is different
1750              */
1751             if (Prefix->UncProvider != NULL)
1752             {
1753                 MupDereferenceUncProvider(Prefix->UncProvider);
1754                 Prefix->UncProvider = NULL;
1755             }
1756         }
1757 
1758         /* Now, set our information about the provider that accepted the prefix */
1759         MasterQueryContext->LatestProvider = QueryContext->UncProvider;
1760         MasterQueryContext->LatestStatus = Status;
1761 
1762         if (MasterQueryContext->FileObject->FsContext2 != (PVOID)DFS_DOWNLEVEL_OPEN_CONTEXT)
1763         {
1764             /* Allocate a buffer for the prefix */
1765             AcceptedPrefix = ExAllocatePoolWithTag(PagedPool, QueryResponse->LengthAccepted, TAG_MUP);
1766             if (AcceptedPrefix == NULL)
1767             {
1768                 Prefix->InTable = FALSE;
1769             }
1770             else
1771             {
1772                 /* Set it up to the accepted length */
1773                 RtlMoveMemory(AcceptedPrefix, MasterQueryContext->FileObject->FileName.Buffer, QueryResponse->LengthAccepted);
1774                 Prefix->UncProvider = MasterQueryContext->LatestProvider;
1775                 Prefix->AcceptedPrefix.Buffer = AcceptedPrefix;
1776                 Prefix->AcceptedPrefix.Length = QueryResponse->LengthAccepted;
1777                 Prefix->AcceptedPrefix.MaximumLength = QueryResponse->LengthAccepted;
1778                 Prefix->ExternalAlloc = TRUE;
1779 
1780                 /* Insert the accepted prefix in the table of known prefixes */
1781                 DPRINT("%wZ accepted %wZ\n", &Prefix->UncProvider->DeviceName, &Prefix->AcceptedPrefix);
1782                 ExAcquireResourceExclusiveLite(&MupPrefixTableLock, TRUE);
1783                 if (RtlInsertUnicodePrefix(&MupPrefixTable, &Prefix->AcceptedPrefix, &Prefix->PrefixTableEntry))
1784                 {
1785                     InsertHeadList(&MupPrefixList, &Prefix->PrefixListEntry);
1786                     Prefix->InTable = TRUE;
1787                     Prefix->KeepExtraRef = TRUE;
1788                 }
1789                 else
1790                 {
1791                     Prefix->InTable = FALSE;
1792                 }
1793                 ExReleaseResourceLite(&MupPrefixTableLock);
1794             }
1795         }
1796     }
1797     else
1798     {
1799         MupDereferenceUncProvider(QueryContext->UncProvider);
1800 
1801         /* We failed and didn't find any provider over the latest iterations */
1802         if (MasterQueryContext->LatestProvider == NULL)
1803         {
1804             /* If we had a success though (broken provider?) set our failed status */
1805             if (NT_SUCCESS(MasterQueryContext->LatestStatus))
1806             {
1807                 MasterQueryContext->LatestStatus = Status;
1808             }
1809             else
1810             {
1811                 TableStatus = MupOrderedErrorList[0];
1812                 LatestPos = 0;
1813 
1814                 /* Otherwise, time to compare statuses, between the latest failed
1815                  * and the current failure.
1816                  * We have an order table of failed status: the deeper you go in the
1817                  * table, the more the error is critical.
1818                  * Our goal is to return the most critical status that was returned by
1819                  * any of the providers
1820                  */
1821 
1822                 /* Look for latest status position */
1823                 while (TableStatus != 0 && TableStatus != MasterQueryContext->LatestStatus)
1824                 {
1825                     ++LatestPos;
1826                     TableStatus = MupOrderedErrorList[LatestPos];
1827                 }
1828 
1829                 /* If at pos 0, the new status is likely more critical */
1830                 if (LatestPos == 0)
1831                 {
1832                     MasterQueryContext->LatestStatus = Status;
1833                 }
1834                 else
1835                 {
1836                     /* Otherwise, find position of the new status in the table */
1837                     Pos = 0;
1838                     do
1839                     {
1840                         if (Status == MupOrderedErrorList[Pos])
1841                         {
1842                             break;
1843                         }
1844 
1845                         ++Pos;
1846                     }
1847                     while (Pos < LatestPos);
1848 
1849                     /* If it has a higher position (more critical), return it */
1850                     if (Pos >= LatestPos)
1851                     {
1852                         MasterQueryContext->LatestStatus = Status;
1853                     }
1854                 }
1855             }
1856         }
1857     }
1858 
1859 Cleanup:
1860     ExFreePoolWithTag(QueryResponse, TAG_MUP);
1861     ExFreePoolWithTag(QueryContext, TAG_MUP);
1862     IoFreeIrp(Irp);
1863 
1864     ExReleaseResourceLite(&MasterQueryContext->QueryPathListLock);
1865     MupDereferenceMasterQueryContext(MasterQueryContext);
1866 
1867     return STATUS_MORE_PROCESSING_REQUIRED;
1868 }
1869 
1870 NTSTATUS
CreateRedirectedFile(PIRP Irp,PFILE_OBJECT FileObject,PIO_SECURITY_CONTEXT SecurityContext)1871 CreateRedirectedFile(PIRP Irp,
1872                      PFILE_OBJECT FileObject,
1873                      PIO_SECURITY_CONTEXT SecurityContext)
1874 {
1875     LONG Len;
1876     WCHAR Cur;
1877     PWSTR Name;
1878     PIRP QueryIrp;
1879     NTSTATUS Status;
1880     PMUP_PFX Prefix;
1881     PLIST_ENTRY Entry;
1882     PMUP_UNC UncProvider;
1883     PIO_STACK_LOCATION Stack;
1884     LARGE_INTEGER CurrentTime;
1885     PMUP_MQC MasterQueryContext;
1886     PQUERY_PATH_CONTEXT QueryContext;
1887     PQUERY_PATH_REQUEST QueryPathRequest;
1888     PUNICODE_PREFIX_TABLE_ENTRY TableEntry;
1889     BOOLEAN Locked, Referenced, BreakOnFirst;
1890 
1891     /* We cannot open a file without a name */
1892     if (FileObject->FileName.Length == 0)
1893     {
1894         Irp->IoStatus.Status = STATUS_INVALID_DEVICE_REQUEST;
1895         IoCompleteRequest(Irp, IO_DISK_INCREMENT);
1896 
1897         return STATUS_INVALID_DEVICE_REQUEST;
1898     }
1899 
1900     DPRINT("Request for opening: %wZ\n", &FileObject->FileName);
1901 
1902     Referenced = FALSE;
1903     BreakOnFirst = TRUE;
1904     Status = STATUS_BAD_NETWORK_PATH;
1905 
1906     ExAcquireResourceExclusiveLite(&MupPrefixTableLock, TRUE);
1907     /* First, try to see if that's a prefix we already know */
1908     TableEntry = RtlFindUnicodePrefix(&MupPrefixTable, &FileObject->FileName, 1);
1909     if (TableEntry != NULL)
1910     {
1911         Prefix = CONTAINING_RECORD(TableEntry, MUP_PFX, PrefixTableEntry);
1912 
1913         DPRINT("Matching prefix found: %wZ\n", &Prefix->AcceptedPrefix);
1914 
1915         /* If so, check whether the prefix is still valid */
1916         KeQuerySystemTime(&CurrentTime);
1917         if (Prefix->ValidityTimeout.QuadPart < CurrentTime.QuadPart)
1918         {
1919             /* It is: so, update its validity period and reroute file opening */
1920             MupCalculateTimeout(&Prefix->ValidityTimeout);
1921             Status = MupRerouteOpen(FileObject, Prefix->UncProvider);
1922             ExReleaseResourceLite(&MupPrefixTableLock);
1923 
1924             if (Status == STATUS_REPARSE)
1925             {
1926                 Irp->IoStatus.Information = FILE_SUPERSEDED;
1927             }
1928 
1929             Irp->IoStatus.Status = Status;
1930             IoCompleteRequest(Irp, IO_DISK_INCREMENT);
1931 
1932             return Status;
1933         }
1934 
1935         /* When here, we found a matching prefix, but expired, remove it from the table
1936          * We'll redo a full search
1937          */
1938         if (Prefix->InTable)
1939         {
1940             MupRemoveKnownPrefixEntry(Prefix);
1941         }
1942     }
1943     ExReleaseResourceLite(&MupPrefixTableLock);
1944 
1945     Stack = IoGetCurrentIrpStackLocation(Irp);
1946     /* First of all, start looking for a mailslot */
1947     if (FileObject->FileName.Buffer[0] == L'\\' && Stack->MajorFunction != IRP_MJ_CREATE)
1948     {
1949         Name = &FileObject->FileName.Buffer[1];
1950         Len = FileObject->FileName.Length;
1951 
1952         /* Skip the remote destination name */
1953         do
1954         {
1955             Len -= sizeof(WCHAR);
1956             if (Len <= 0)
1957             {
1958                 break;
1959             }
1960 
1961             Cur = *Name;
1962             ++Name;
1963         } while (Cur != L'\\');
1964         Len -= sizeof(WCHAR);
1965 
1966         /* If we still have room for "Mailslot" to fit */
1967         if (Len >= (sizeof(L"Mailslot") - sizeof(UNICODE_NULL)))
1968         {
1969             /* Get the len in terms of chars count */
1970             Len /= sizeof(WCHAR);
1971             if (Len > ((sizeof(L"Mailslot") - sizeof(UNICODE_NULL)) / sizeof(WCHAR)))
1972             {
1973                 Len = (sizeof(L"Mailslot") - sizeof(UNICODE_NULL)) / sizeof(WCHAR);
1974             }
1975 
1976             /* It's indeed a mailslot opening! */
1977             if (_wcsnicmp(Name, L"Mailslot", Len) == 0)
1978             {
1979                 /* Broadcast open */
1980                 Status = BroadcastOpen(Irp);
1981                 if (Status == STATUS_REPARSE)
1982                 {
1983                     Irp->IoStatus.Information = FILE_SUPERSEDED;
1984                 }
1985 
1986                 Irp->IoStatus.Status = Status;
1987                 IoCompleteRequest(Irp, IO_DISK_INCREMENT);
1988 
1989                 return Status;
1990             }
1991         }
1992     }
1993 
1994     /* Ok, at that point, that's a regular MUP opening (if no DFS) */
1995     if (!MupEnableDfs || FileObject->FsContext2 == (PVOID)DFS_DOWNLEVEL_OPEN_CONTEXT)
1996     {
1997         /* We won't complete immediately */
1998         IoMarkIrpPending(Irp);
1999 
2000         /* Allocate a new prefix for our search */
2001         Prefix = MupAllocatePrefixEntry(0);
2002         if (Prefix == NULL)
2003         {
2004             Irp->IoStatus.Status = STATUS_INSUFFICIENT_RESOURCES;
2005             IoCompleteRequest(Irp, IO_DISK_INCREMENT);
2006 
2007             return STATUS_PENDING;
2008         }
2009 
2010         /* Allocate a context for our search */
2011         MasterQueryContext = MupAllocateMasterQueryContext();
2012         if (MasterQueryContext == NULL)
2013         {
2014             MupFreeNode(Prefix);
2015 
2016             Irp->IoStatus.Status = STATUS_INSUFFICIENT_RESOURCES;
2017             IoCompleteRequest(Irp, IO_DISK_INCREMENT);
2018 
2019             return STATUS_PENDING;
2020         }
2021 
2022         MasterQueryContext->Irp = Irp;
2023         MasterQueryContext->FileObject = FileObject;
2024         MasterQueryContext->LatestProvider = NULL;
2025         MasterQueryContext->Prefix = Prefix;
2026         MasterQueryContext->LatestStatus = STATUS_BAD_NETWORK_PATH;
2027         ExAcquireResourceExclusiveLite(&MupGlobalLock, TRUE);
2028         InsertTailList(&MupMasterQueryList, &MasterQueryContext->MQCListEntry);
2029         ++Prefix->NodeReferences;
2030         ExReleaseResourceLite(&MupGlobalLock);
2031 
2032         _SEH2_TRY
2033         {
2034             ExAcquireResourceExclusiveLite(&MupGlobalLock, TRUE);
2035             Locked = TRUE;
2036 
2037             /* Now, we will browse all the providers we know, to ask for their accepted prefix regarding the path */
2038             for (Entry = MupProviderList.Flink; Entry != &MupProviderList; Entry = Entry->Flink)
2039             {
2040                 UncProvider = CONTAINING_RECORD(Entry, MUP_UNC, ProviderListEntry);
2041 
2042                 ++UncProvider->NodeReferences;
2043                 Referenced = TRUE;
2044 
2045                 ExReleaseResourceLite(&MupGlobalLock);
2046                 Locked = FALSE;
2047 
2048                 /* We will obviously only query registered providers */
2049                 if (UncProvider->Registered)
2050                 {
2051                     /* We will issue an IOCTL_REDIR_QUERY_PATH, so allocate input buffer */
2052                     QueryPathRequest = ExAllocatePoolWithTag(PagedPool, FileObject->FileName.Length + sizeof(QUERY_PATH_REQUEST), TAG_MUP);
2053                     if (QueryPathRequest == NULL)
2054                     {
2055                         ExRaiseStatus(STATUS_INSUFFICIENT_RESOURCES);
2056                     }
2057 
2058                     /* Allocate a context for IRP completion routine
2059                      * In case a prefix matches the path, the reroute will happen
2060                      * in the completion routine, when we have return from the provider
2061                      */
2062                     QueryContext = ExAllocatePoolWithTag(PagedPool, sizeof(QUERY_PATH_CONTEXT), TAG_MUP);
2063                     if (QueryContext == NULL)
2064                     {
2065                         ExFreePoolWithTag(QueryPathRequest, TAG_MUP);
2066                         ExRaiseStatus(STATUS_INSUFFICIENT_RESOURCES);
2067                     }
2068 
2069                     InitializeListHead(&QueryContext->QueryPathListEntry);
2070                     QueryContext->MasterQueryContext = MasterQueryContext;
2071                     QueryContext->QueryPathRequest = QueryPathRequest;
2072                     QueryPathRequest->PathNameLength = FileObject->FileName.Length;
2073                     QueryPathRequest->SecurityContext = SecurityContext;
2074                     RtlMoveMemory(QueryPathRequest->FilePathName, FileObject->FileName.Buffer, FileObject->FileName.Length);
2075 
2076                     /* Build our IRP for the query */
2077                     QueryIrp = MupBuildIoControlRequest(UncProvider->FileObject,
2078                                                         QueryContext,
2079                                                         IRP_MJ_DEVICE_CONTROL,
2080                                                         IOCTL_REDIR_QUERY_PATH,
2081                                                         QueryPathRequest,
2082                                                         FileObject->FileName.Length + sizeof(QUERY_PATH_REQUEST),
2083                                                         QueryPathRequest,
2084                                                         sizeof(QUERY_PATH_RESPONSE),
2085                                                         QueryPathCompletionRoutine);
2086                     if (QueryIrp == NULL)
2087                     {
2088                         ExFreePoolWithTag(QueryContext, TAG_MUP);
2089                         ExFreePoolWithTag(QueryPathRequest, TAG_MUP);
2090                         ExRaiseStatus(STATUS_INSUFFICIENT_RESOURCES);
2091                     }
2092 
2093                     QueryIrp->RequestorMode = KernelMode;
2094                     QueryContext->UncProvider = UncProvider;
2095                     QueryContext->Irp = QueryIrp;
2096 
2097                     ExAcquireResourceExclusiveLite(&MupGlobalLock, TRUE);
2098                     ++UncProvider->NodeReferences;
2099                     ++MasterQueryContext->NodeReferences;
2100                     ExReleaseResourceLite(&MupGlobalLock);
2101 
2102                     ExAcquireResourceExclusiveLite(&MasterQueryContext->QueryPathListLock, TRUE);
2103                     InsertTailList(&MasterQueryContext->QueryPathList, &QueryContext->QueryPathListEntry);
2104                     ExReleaseResourceLite(&MasterQueryContext->QueryPathListLock);
2105 
2106                     /* Query the provider !*/
2107                     DPRINT("Requesting UNC provider: %wZ\n", &UncProvider->DeviceName);
2108                     DPRINT("Calling: %wZ\n", &UncProvider->DeviceObject->DriverObject->DriverName);
2109                     Status = IoCallDriver(UncProvider->DeviceObject, QueryIrp);
2110                 }
2111 
2112                 ExAcquireResourceExclusiveLite(&MupGlobalLock, TRUE);
2113                 Locked = TRUE;
2114 
2115                 /* We're done with that provider */
2116                 MupDereferenceUncProvider(UncProvider);
2117                 Referenced = FALSE;
2118 
2119                 /* If query went fine on the first request, just break and leave */
2120                 if (BreakOnFirst && Status == STATUS_SUCCESS)
2121                 {
2122                     break;
2123                 }
2124 
2125                 BreakOnFirst = FALSE;
2126             }
2127         }
2128         _SEH2_FINALLY
2129         {
2130             if (_SEH2_AbnormalTermination())
2131             {
2132                 MasterQueryContext->LatestStatus = STATUS_INSUFFICIENT_RESOURCES;
2133             }
2134 
2135             if (Referenced)
2136             {
2137                 MupDereferenceUncProvider(UncProvider);
2138             }
2139 
2140             if (Locked)
2141             {
2142                 ExReleaseResourceLite(&MupGlobalLock);
2143             }
2144 
2145             MupDereferenceMasterQueryContext(MasterQueryContext);
2146 
2147             Status = STATUS_PENDING;
2148         }
2149         _SEH2_END;
2150     }
2151     else
2152     {
2153         UNIMPLEMENTED;
2154         Status = STATUS_NOT_IMPLEMENTED;
2155     }
2156 
2157     return Status;
2158 }
2159 
2160 NTSTATUS
OpenMupFileSystem(PMUP_VCB Vcb,PFILE_OBJECT FileObject,ACCESS_MASK DesiredAccess,USHORT ShareAccess)2161 OpenMupFileSystem(PMUP_VCB Vcb,
2162                   PFILE_OBJECT FileObject,
2163                   ACCESS_MASK DesiredAccess,
2164                   USHORT ShareAccess)
2165 {
2166     NTSTATUS Status;
2167 
2168     DPRINT1("Opening MUP\n");
2169 
2170     ExAcquireResourceExclusiveLite(&MupVcbLock, TRUE);
2171     _SEH2_TRY
2172     {
2173         /* Update share access, increase reference count, and associated VCB to the FO, that's it! */
2174         Status = IoCheckShareAccess(DesiredAccess, ShareAccess, FileObject, &Vcb->ShareAccess, TRUE);
2175         if (NT_SUCCESS(Status))
2176         {
2177             ++Vcb->NodeReferences;
2178             MupSetFileObject(FileObject, (PMUP_FCB)Vcb, NULL);
2179             Status = STATUS_SUCCESS;
2180         }
2181     }
2182     _SEH2_FINALLY
2183     {
2184         ExReleaseResourceLite(&MupVcbLock);
2185     }
2186     _SEH2_END;
2187 
2188     return Status;
2189 }
2190 
2191 NTSTATUS
2192 NTAPI
MupCreate(PDEVICE_OBJECT DeviceObject,PIRP Irp)2193 MupCreate(PDEVICE_OBJECT DeviceObject,
2194           PIRP Irp)
2195 {
2196     NTSTATUS Status;
2197     PIO_STACK_LOCATION Stack;
2198     PFILE_OBJECT FileObject, RelatedFileObject;
2199 
2200     FsRtlEnterFileSystem();
2201 
2202     _SEH2_TRY
2203     {
2204         /* If DFS is enabled, check if that's for DFS and is so relay */
2205         if (MupEnableDfs && (DeviceObject->DeviceType == FILE_DEVICE_DFS || DeviceObject->DeviceType == FILE_DEVICE_DFS_FILE_SYSTEM))
2206         {
2207             Status = DfsFsdCreate(DeviceObject, Irp);
2208         }
2209         else
2210         {
2211             Stack = IoGetCurrentIrpStackLocation(Irp);
2212             FileObject = Stack->FileObject;
2213             RelatedFileObject = FileObject->RelatedFileObject;
2214 
2215             /* If we have a file name or if the associated FCB of the related FO isn't the VCB, then, it's a regular opening */
2216             if (FileObject->FileName.Length != 0 || (RelatedFileObject != NULL && ((PMUP_FCB)(RelatedFileObject->FsContext))->NodeType != NODE_TYPE_VCB))
2217             {
2218                 Status = CreateRedirectedFile(Irp, FileObject, Stack->Parameters.Create.SecurityContext);
2219             }
2220             /* Otherwise, it's just a volume open */
2221             else
2222             {
2223                 Status = OpenMupFileSystem(DeviceObject->DeviceExtension,
2224                                            FileObject,
2225                                            Stack->Parameters.Create.SecurityContext->DesiredAccess,
2226                                            Stack->Parameters.Create.ShareAccess);
2227 
2228                 Irp->IoStatus.Information = FILE_OPENED;
2229                 Irp->IoStatus.Status = Status;
2230                 IoCompleteRequest(Irp, IO_DISK_INCREMENT);
2231             }
2232         }
2233     }
2234     _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
2235     {
2236         Status = _SEH2_GetExceptionCode();
2237 
2238         Irp->IoStatus.Status = Status;
2239         IoCompleteRequest(Irp, IO_DISK_INCREMENT);
2240     }
2241     _SEH2_END;
2242 
2243     FsRtlExitFileSystem();
2244 
2245     return Status;
2246 }
2247 
2248 VOID
MupCloseUncProvider(PMUP_UNC UncProvider)2249 MupCloseUncProvider(PMUP_UNC UncProvider)
2250 {
2251     ExAcquireResourceExclusiveLite(&MupGlobalLock, TRUE);
2252 
2253     /* If the node was still valid, reregister the UNC provider */
2254     if (UncProvider->NodeStatus == NODE_STATUS_HEALTHY)
2255     {
2256         UncProvider->NodeStatus = NODE_STATUS_CLEANUP;
2257         UncProvider->Registered = FALSE;
2258         ExReleaseResourceLite(&MupGlobalLock);
2259 
2260         if (UncProvider->FileObject != NULL)
2261         {
2262             ZwClose(UncProvider->DeviceHandle);
2263             ObDereferenceObject(UncProvider->FileObject);
2264         }
2265     }
2266     else
2267     {
2268         ExReleaseResourceLite(&MupGlobalLock);
2269     }
2270 }
2271 
2272 NTSTATUS
2273 NTAPI
MupCleanup(PDEVICE_OBJECT DeviceObject,PIRP Irp)2274 MupCleanup(PDEVICE_OBJECT DeviceObject,
2275            PIRP Irp)
2276 {
2277     ULONG Type;
2278     PMUP_FCB Fcb;
2279     PMUP_CCB Ccb;
2280     NTSTATUS Status;
2281     PIO_STACK_LOCATION Stack;
2282 
2283     /* If DFS is enabled, check if that's for DFS and is so relay */
2284     if (MupEnableDfs)
2285     {
2286         if (DeviceObject->DeviceType == FILE_DEVICE_DFS || DeviceObject->DeviceType == FILE_DEVICE_DFS_FILE_SYSTEM)
2287         {
2288             return DfsFsdCleanup(DeviceObject, Irp);
2289         }
2290     }
2291 
2292     FsRtlEnterFileSystem();
2293 
2294     _SEH2_TRY
2295     {
2296         Stack = IoGetCurrentIrpStackLocation(Irp);
2297         Type = MupDecodeFileObject(Stack->FileObject, &Fcb, &Ccb);
2298         switch (Type)
2299         {
2300             case NODE_TYPE_VCB:
2301                 /* If we got a VCB, clean it up */
2302                 MupCleanupVcb(DeviceObject, Irp, (PMUP_VCB)Fcb);
2303 
2304                 Irp->IoStatus.Status = STATUS_SUCCESS;
2305                 IoCompleteRequest(Irp, IO_DISK_INCREMENT);
2306 
2307                 MupDereferenceVcb((PMUP_VCB)Fcb);
2308 
2309                 /* If Ccb is not null, then, it's a UNC provider node */
2310                 if (Ccb)
2311                 {
2312                     /* Close it, and dereference */
2313                     MupCloseUncProvider((PMUP_UNC)Ccb);
2314                     MupDereferenceUncProvider((PMUP_UNC)Ccb);
2315                     ExAcquireResourceExclusiveLite(&MupGlobalLock, TRUE);
2316                     --MupProviderCount;
2317                     ExReleaseResourceLite(&MupGlobalLock);
2318                 }
2319 
2320                 Status = STATUS_SUCCESS;
2321                 break;
2322 
2323             case NODE_TYPE_FCB:
2324                 /* If the node wasn't already cleaned, do it */
2325                 if (Fcb->NodeStatus == NODE_STATUS_HEALTHY)
2326                 {
2327                     MupCleanupFcb(DeviceObject, Irp, Fcb);
2328                     Status = STATUS_SUCCESS;
2329                 }
2330                 else
2331                 {
2332                     Status = STATUS_INVALID_HANDLE;
2333                 }
2334 
2335                 Irp->IoStatus.Status = STATUS_SUCCESS;
2336                 IoCompleteRequest(Irp, IO_DISK_INCREMENT);
2337 
2338                 MupDereferenceFcb(Fcb);
2339                 break;
2340 
2341             default:
2342                 Status = STATUS_INVALID_HANDLE;
2343 
2344                 Irp->IoStatus.Status = Status;
2345                 IoCompleteRequest(Irp, IO_DISK_INCREMENT);
2346 
2347                 break;
2348         }
2349     }
2350     _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
2351     {
2352         Status = _SEH2_GetExceptionCode();
2353     }
2354     _SEH2_END;
2355 
2356     FsRtlExitFileSystem();
2357 
2358     return Status;
2359 }
2360 
2361 NTSTATUS
MupCloseVcb(PDEVICE_OBJECT DeviceObject,PIRP Irp,PMUP_VCB Vcb,PFILE_OBJECT FileObject)2362 MupCloseVcb(PDEVICE_OBJECT DeviceObject,
2363             PIRP Irp,
2364             PMUP_VCB Vcb,
2365             PFILE_OBJECT FileObject)
2366 {
2367     ExAcquireResourceExclusiveLite(&MupGlobalLock, TRUE);
2368 
2369     /* Remove FCB, UNC from FO */
2370     MupSetFileObject(FileObject, NULL, NULL);
2371     MupDereferenceVcb(Vcb);
2372 
2373     ExReleaseResourceLite(&MupGlobalLock);
2374 
2375     return STATUS_SUCCESS;
2376 }
2377 
2378 NTSTATUS
MupCloseFcb(PDEVICE_OBJECT DeviceObject,PIRP Irp,PMUP_FCB Fcb,PFILE_OBJECT FileObject)2379 MupCloseFcb(PDEVICE_OBJECT DeviceObject,
2380             PIRP Irp,
2381             PMUP_FCB Fcb,
2382             PFILE_OBJECT FileObject)
2383 {
2384     ExAcquireResourceExclusiveLite(&MupGlobalLock, TRUE);
2385 
2386     /* Remove FCB, CCB from FO */
2387     MupSetFileObject(FileObject, NULL, NULL);
2388     MupDereferenceFcb(Fcb);
2389 
2390     ExReleaseResourceLite(&MupGlobalLock);
2391 
2392     return STATUS_SUCCESS;
2393 }
2394 
2395 NTSTATUS
2396 NTAPI
MupClose(PDEVICE_OBJECT DeviceObject,PIRP Irp)2397 MupClose(PDEVICE_OBJECT DeviceObject,
2398          PIRP Irp)
2399 {
2400     PMUP_FCB Fcb;
2401     PMUP_CCB Ccb;
2402     NTSTATUS Status;
2403     PIO_STACK_LOCATION Stack;
2404 
2405     /* If DFS is enabled, check if that's for DFS and is so relay */
2406     if (MupEnableDfs)
2407     {
2408         if (DeviceObject->DeviceType == FILE_DEVICE_DFS || DeviceObject->DeviceType == FILE_DEVICE_DFS_FILE_SYSTEM)
2409         {
2410             return DfsFsdClose(DeviceObject, Irp);
2411         }
2412     }
2413 
2414     FsRtlEnterFileSystem();
2415 
2416     _SEH2_TRY
2417     {
2418         /* Get our internal structures from FO */
2419         Stack = IoGetCurrentIrpStackLocation(Irp);
2420         MupDecodeFileObject(Stack->FileObject, &Fcb, &Ccb);
2421         if (Fcb == NULL)
2422         {
2423             Status = STATUS_INVALID_HANDLE;
2424 
2425             Irp->IoStatus.Status = Status;
2426             IoCompleteRequest(Irp, IO_DISK_INCREMENT);
2427 
2428             _SEH2_LEAVE;
2429         }
2430 
2431         /* If we got the VCB, that's a volume close */
2432         if (Fcb->NodeType == NODE_TYPE_VCB)
2433         {
2434             Status = MupCloseVcb(DeviceObject, Irp, (PMUP_VCB)Fcb, Stack->FileObject);
2435         }
2436         /* Otherwise close the FCB */
2437         else if (Fcb->NodeType == NODE_TYPE_FCB)
2438         {
2439             MupDereferenceFcb(Fcb);
2440             Status = MupCloseFcb(DeviceObject, Irp, Fcb, Stack->FileObject);
2441         }
2442         else
2443         {
2444             Status = STATUS_INVALID_HANDLE;
2445 
2446             Irp->IoStatus.Status = Status;
2447             IoCompleteRequest(Irp, IO_DISK_INCREMENT);
2448 
2449             _SEH2_LEAVE;
2450         }
2451 
2452         Irp->IoStatus.Status = STATUS_SUCCESS;
2453         IoCompleteRequest(Irp, IO_DISK_INCREMENT);
2454     }
2455     _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
2456     {
2457         Status = _SEH2_GetExceptionCode();
2458     }
2459     _SEH2_END;
2460 
2461     FsRtlExitFileSystem();
2462 
2463     return Status;
2464 }
2465 
2466 VOID
2467 NTAPI
MupUnload(PDRIVER_OBJECT DriverObject)2468 MupUnload(PDRIVER_OBJECT DriverObject)
2469 {
2470     IoDeleteDevice(mupDeviceObject);
2471 
2472     if (MupEnableDfs)
2473     {
2474         DfsUnload(DriverObject);
2475     }
2476 
2477     MupUninitializeData();
2478 }
2479 
2480 /*
2481  * FUNCTION: Called by the system to initialize the driver
2482  * ARGUMENTS:
2483  *           DriverObject = object describing this driver
2484  *           RegistryPath = path to our configuration entries
2485  * RETURNS: Success or failure
2486  */
2487 CODE_SEG("INIT")
2488 NTSTATUS
2489 NTAPI
DriverEntry(PDRIVER_OBJECT DriverObject,PUNICODE_STRING RegistryPath)2490 DriverEntry(PDRIVER_OBJECT DriverObject,
2491             PUNICODE_STRING RegistryPath)
2492 {
2493     NTSTATUS Status;
2494     UNICODE_STRING MupString;
2495     PDEVICE_OBJECT DeviceObject;
2496 
2497     /* Only initialize global state of the driver
2498      * Other inits will happen when required
2499      */
2500     MupInitializeData();
2501 
2502     /* Check if DFS is disabled */
2503     MupEnableDfs = MuppIsDfsEnabled();
2504     /* If it's not disabled but when cannot init, disable it */
2505     if (MupEnableDfs && !NT_SUCCESS(DfsDriverEntry(DriverObject, RegistryPath)))
2506     {
2507         MupEnableDfs = FALSE;
2508     }
2509 
2510     /* Create the MUP device */
2511     RtlInitUnicodeString(&MupString, L"\\Device\\Mup");
2512     Status = IoCreateDevice(DriverObject, sizeof(MUP_VCB), &MupString, FILE_DEVICE_MULTI_UNC_PROVIDER, 0, FALSE, &DeviceObject);
2513     if (!NT_SUCCESS(Status))
2514     {
2515         if (MupEnableDfs)
2516         {
2517             DfsUnload(DriverObject);
2518         }
2519 
2520         MupUninitializeData();
2521 
2522         return Status;
2523     }
2524 
2525     /* Set our MJ */
2526     DriverObject->DriverUnload = MupUnload;
2527     DriverObject->MajorFunction[IRP_MJ_CREATE] = MupCreate;
2528     DriverObject->MajorFunction[IRP_MJ_CREATE_NAMED_PIPE] = MupCreate;
2529     DriverObject->MajorFunction[IRP_MJ_CREATE_MAILSLOT] = MupCreate;
2530     DriverObject->MajorFunction[IRP_MJ_WRITE] = MupForwardIoRequest;
2531     DriverObject->MajorFunction[IRP_MJ_FILE_SYSTEM_CONTROL] = MupFsControl;
2532     DriverObject->MajorFunction[IRP_MJ_CLEANUP] = MupCleanup;
2533     DriverObject->MajorFunction[IRP_MJ_CLOSE] = MupClose;
2534 
2535     /* And finish init */
2536     mupDeviceObject = DeviceObject;
2537     MupInitializeVcb(DeviceObject->DeviceExtension);
2538 
2539     return STATUS_SUCCESS;
2540 }
2541