vbsf.c@ 63087

Last change on this file since 63087 was 63087, checked in by vboxsync, 8 years ago
VBoxSF: no need to supress C4005 anymore.
Property svn:eol-style set to `native` Property svn:keywords set to `Author Date Id Revision`
File size: 56.5 KB

Line
1	/* $Id: vbsf.c 63087 2016-08-06 14:50:21Z vboxsync $ */
2	/** @file
3	* VirtualBox Windows Guest Shared Folders - File System Driver initialization and generic routines
4	*/
5
6	/*
7	* Copyright (C) 2012-2016 Oracle Corporation
8	*
9	* This file is part of VirtualBox Open Source Edition (OSE), as
10	* available from http://www.virtualbox.org. This file is free software;
11	* you can redistribute it and/or modify it under the terms of the GNU
12	* General Public License (GPL) as published by the Free Software
13	* Foundation, in version 2 as it comes in the "COPYING" file of the
14	* VirtualBox OSE distribution. VirtualBox OSE is distributed in the
15	* hope that it will be useful, but WITHOUT ANY WARRANTY of any kind.
16	*/
17
18	#include "vbsf.h"
19
20
21	/*
22	* The current state of the driver.
23	*/
24	typedef enum _MRX_VBOX_STATE_
25	{
26	MRX_VBOX_STARTABLE,
27	MRX_VBOX_START_IN_PROGRESS,
28	MRX_VBOX_STARTED
29	} MRX_VBOX_STATE, *PMRX_VBOX_STATE;
30
31	static MRX_VBOX_STATE VBoxMRxState = MRX_VBOX_STARTABLE;
32
33	/*
34	* The VBoxSF dispatch table.
35	*/
36	static struct _MINIRDR_DISPATCH VBoxMRxDispatch;
37
38	/*
39	* The VBoxSF device object.
40	*/
41	PRDBSS_DEVICE_OBJECT VBoxMRxDeviceObject;
42
43	static NTSTATUS VBoxMRxFsdDispatch(IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp)
44	{
45	NTSTATUS Status;
46	#ifdef LOG_ENABLED
47	PIO_STACK_LOCATION IrpSp = IoGetCurrentIrpStackLocation(Irp);
48	Log(("VBOXSF: MRxFsdDispatch: major %d, minor %d: %s\n",
49	IrpSp->MajorFunction, IrpSp->MinorFunction, MajorFunctionString(IrpSp->MajorFunction, IrpSp->MinorFunction)));
50	#endif
51
52	if (DeviceObject != (PDEVICE_OBJECT)VBoxMRxDeviceObject)
53	{
54	Irp->IoStatus.Status = STATUS_INVALID_DEVICE_REQUEST;
55	Irp->IoStatus.Information = 0;
56	IoCompleteRequest(Irp, IO_NO_INCREMENT);
57
58	Log(("VBOXSF: MRxFsdDispatch: Invalid device request detected %p %p\n",
59	DeviceObject, (PDEVICE_OBJECT)VBoxMRxDeviceObject));
60
61	return STATUS_INVALID_DEVICE_REQUEST;
62	}
63
64	Status = RxFsdDispatch((PRDBSS_DEVICE_OBJECT)VBoxMRxDeviceObject, Irp);
65	Log(("VBOXSF: MRxFsdDispatch: Returned 0x%X\n", Status));
66	return Status;
67	}
68
69	static void VBoxMRxUnload(IN PDRIVER_OBJECT DriverObject)
70	{
71	NTSTATUS Status;
72	UNICODE_STRING UserModeDeviceName;
73
74	Log(("VBOXSF: MRxUnload\n"));
75
76	if (VBoxMRxDeviceObject)
77	{
78	PMRX_VBOX_DEVICE_EXTENSION pDeviceExtension;
79	pDeviceExtension = (PMRX_VBOX_DEVICE_EXTENSION)((PBYTE)VBoxMRxDeviceObject + sizeof(RDBSS_DEVICE_OBJECT));
80	VbglR0SfDisconnect(&pDeviceExtension->hgcmClient);
81	}
82
83	VbglR0SfTerm();
84
85	if (VBoxMRxDeviceObject)
86	{
87	PRX_CONTEXT RxContext;
88	RxContext = RxCreateRxContext(NULL, VBoxMRxDeviceObject, RX_CONTEXT_FLAG_IN_FSP);
89
90	if (RxContext != NULL)
91	{
92	Status = RxStopMinirdr(RxContext, &RxContext->PostRequest);
93
94	if (Status == STATUS_SUCCESS)
95	{
96	MRX_VBOX_STATE State;
97
98	State = (MRX_VBOX_STATE)InterlockedCompareExchange((LONG *)&VBoxMRxState, MRX_VBOX_STARTABLE, MRX_VBOX_STARTED);
99
100	if (State != MRX_VBOX_STARTABLE)
101	Status = STATUS_REDIRECTOR_STARTED;
102	}
103
104	RxDereferenceAndDeleteRxContext(RxContext);
105	}
106	else
107	Status = STATUS_INSUFFICIENT_RESOURCES;
108
109	RxUnregisterMinirdr(VBoxMRxDeviceObject);
110	}
111
112	RtlInitUnicodeString(&UserModeDeviceName, DD_MRX_VBOX_USERMODE_SHADOW_DEV_NAME_U);
113	Status = IoDeleteSymbolicLink(&UserModeDeviceName);
114	if (Status != STATUS_SUCCESS)
115	Log(("VBOXSF: MRxUnload: IoDeleteSymbolicLink Status 0x%08X\n", Status));
116
117	RxUnload(DriverObject);
118
119	Log(("VBOXSF: MRxUnload: VBoxSF.sys driver object %p unloaded\n", DriverObject));
120	}
121
122	static void vbsfInitMRxDispatch(void)
123	{
124	Log(("VBOXSF: vbsfInitMRxDispatch: Called.\n"));
125
126	ZeroAndInitializeNodeType(&VBoxMRxDispatch, RDBSS_NTC_MINIRDR_DISPATCH, sizeof(MINIRDR_DISPATCH));
127
128	VBoxMRxDispatch.MRxFlags = (RDBSS_MANAGE_NET_ROOT_EXTENSION \| RDBSS_MANAGE_FOBX_EXTENSION);
129
130	VBoxMRxDispatch.MRxSrvCallSize = 0;
131	VBoxMRxDispatch.MRxNetRootSize = sizeof(MRX_VBOX_NETROOT_EXTENSION);
132	VBoxMRxDispatch.MRxVNetRootSize = 0;
133	VBoxMRxDispatch.MRxFcbSize = 0;
134	VBoxMRxDispatch.MRxSrvOpenSize = 0;
135	VBoxMRxDispatch.MRxFobxSize = sizeof(MRX_VBOX_FOBX);
136
137	VBoxMRxDispatch.MRxStart = VBoxMRxStart;
138	VBoxMRxDispatch.MRxStop = VBoxMRxStop;
139
140	VBoxMRxDispatch.MRxCreate = VBoxMRxCreate;
141	VBoxMRxDispatch.MRxCollapseOpen = VBoxMRxCollapseOpen;
142	VBoxMRxDispatch.MRxShouldTryToCollapseThisOpen = VBoxMRxShouldTryToCollapseThisOpen;
143	VBoxMRxDispatch.MRxFlush = VBoxMRxFlush;
144	VBoxMRxDispatch.MRxTruncate = VBoxMRxTruncate;
145	VBoxMRxDispatch.MRxCleanupFobx = VBoxMRxCleanupFobx;
146	VBoxMRxDispatch.MRxCloseSrvOpen = VBoxMRxCloseSrvOpen;
147	VBoxMRxDispatch.MRxDeallocateForFcb = VBoxMRxDeallocateForFcb;
148	VBoxMRxDispatch.MRxDeallocateForFobx = VBoxMRxDeallocateForFobx;
149	VBoxMRxDispatch.MRxForceClosed = VBoxMRxForceClosed;
150
151	VBoxMRxDispatch.MRxQueryDirectory = VBoxMRxQueryDirectory;
152	VBoxMRxDispatch.MRxQueryFileInfo = VBoxMRxQueryFileInfo;
153	VBoxMRxDispatch.MRxSetFileInfo = VBoxMRxSetFileInfo;
154	VBoxMRxDispatch.MRxSetFileInfoAtCleanup = VBoxMRxSetFileInfoAtCleanup;
155	VBoxMRxDispatch.MRxQueryEaInfo = VBoxMRxQueryEaInfo;
156	VBoxMRxDispatch.MRxSetEaInfo = VBoxMRxSetEaInfo;
157	VBoxMRxDispatch.MRxQuerySdInfo = VBoxMRxQuerySdInfo;
158	VBoxMRxDispatch.MRxSetSdInfo = VBoxMRxSetSdInfo;
159	VBoxMRxDispatch.MRxQueryVolumeInfo = VBoxMRxQueryVolumeInfo;
160
161	VBoxMRxDispatch.MRxComputeNewBufferingState = VBoxMRxComputeNewBufferingState;
162
163	VBoxMRxDispatch.MRxLowIOSubmit[LOWIO_OP_READ] = VBoxMRxRead;
164	VBoxMRxDispatch.MRxLowIOSubmit[LOWIO_OP_WRITE] = VBoxMRxWrite;
165	VBoxMRxDispatch.MRxLowIOSubmit[LOWIO_OP_SHAREDLOCK] = VBoxMRxLocks;
166	VBoxMRxDispatch.MRxLowIOSubmit[LOWIO_OP_EXCLUSIVELOCK] = VBoxMRxLocks;
167	VBoxMRxDispatch.MRxLowIOSubmit[LOWIO_OP_UNLOCK] = VBoxMRxLocks;
168	VBoxMRxDispatch.MRxLowIOSubmit[LOWIO_OP_UNLOCK_MULTIPLE] = VBoxMRxLocks;
169	VBoxMRxDispatch.MRxLowIOSubmit[LOWIO_OP_FSCTL] = VBoxMRxFsCtl;
170	VBoxMRxDispatch.MRxLowIOSubmit[LOWIO_OP_IOCTL] = VBoxMRxIoCtl;
171	VBoxMRxDispatch.MRxLowIOSubmit[LOWIO_OP_NOTIFY_CHANGE_DIRECTORY] = VBoxMRxNotifyChangeDirectory;
172
173	VBoxMRxDispatch.MRxExtendForCache = VBoxMRxExtendStub;
174	VBoxMRxDispatch.MRxExtendForNonCache = VBoxMRxExtendStub;
175	VBoxMRxDispatch.MRxCompleteBufferingStateChangeRequest = VBoxMRxCompleteBufferingStateChangeRequest;
176
177	VBoxMRxDispatch.MRxCreateVNetRoot = VBoxMRxCreateVNetRoot;
178	VBoxMRxDispatch.MRxFinalizeVNetRoot = VBoxMRxFinalizeVNetRoot;
179	VBoxMRxDispatch.MRxFinalizeNetRoot = VBoxMRxFinalizeNetRoot;
180	VBoxMRxDispatch.MRxUpdateNetRootState = VBoxMRxUpdateNetRootState;
181	VBoxMRxDispatch.MRxExtractNetRootName = VBoxMRxExtractNetRootName;
182
183	VBoxMRxDispatch.MRxCreateSrvCall = VBoxMRxCreateSrvCall;
184	VBoxMRxDispatch.MRxSrvCallWinnerNotify = VBoxMRxSrvCallWinnerNotify;
185	VBoxMRxDispatch.MRxFinalizeSrvCall = VBoxMRxFinalizeSrvCall;
186
187	VBoxMRxDispatch.MRxDevFcbXXXControlFile = VBoxMRxDevFcbXXXControlFile;
188
189	Log(("VBOXSF: vbsfInitMRxDispatch: Success.\n"));
190	return;
191	}
192
193	static BOOL vboxIsPrefixOK (const WCHAR *FilePathName, ULONG PathNameLength)
194	{
195	BOOL PrefixOK;
196
197	/* The FilePathName here looks like: \vboxsrv\... */
198	if (PathNameLength >= 8 * sizeof (WCHAR)) /* Number of bytes in '\vboxsrv' unicode string. */
199	{
200	PrefixOK = (FilePathName[0] == L'\\');
201	PrefixOK &= (FilePathName[1] == L'V') \|\| (FilePathName[1] == L'v');
202	PrefixOK &= (FilePathName[2] == L'B') \|\| (FilePathName[2] == L'b');
203	PrefixOK &= (FilePathName[3] == L'O') \|\| (FilePathName[3] == L'o');
204	PrefixOK &= (FilePathName[4] == L'X') \|\| (FilePathName[4] == L'x');
205	PrefixOK &= (FilePathName[5] == L'S') \|\| (FilePathName[5] == L's');
206	/* Both vboxsvr & vboxsrv are now accepted */
207	if ((FilePathName[6] == L'V') \|\| (FilePathName[6] == L'v'))
208	{
209	PrefixOK &= (FilePathName[6] == L'V') \|\| (FilePathName[6] == L'v');
210	PrefixOK &= (FilePathName[7] == L'R') \|\| (FilePathName[7] == L'r');
211	}
212	else
213	{
214	PrefixOK &= (FilePathName[6] == L'R') \|\| (FilePathName[6] == L'r');
215	PrefixOK &= (FilePathName[7] == L'V') \|\| (FilePathName[7] == L'v');
216	}
217	if (PathNameLength > 8 * sizeof (WCHAR))
218	{
219	/* There is something after '\vboxsrv'. */
220	PrefixOK &= (FilePathName[8] == L'\\') \|\| (FilePathName[8] == 0);
221	}
222	}
223	else
224	PrefixOK = FALSE;
225
226	return PrefixOK;
227	}
228
229	static NTSTATUS VBoxMRXDeviceControl(PDEVICE_OBJECT pDevObj, PIRP pIrp)
230	{
231	NTSTATUS Status = STATUS_SUCCESS;
232
233	QUERY_PATH_REQUEST *pReq = NULL;
234	QUERY_PATH_REQUEST_EX *pReqEx = NULL;
235	QUERY_PATH_RESPONSE *pResp = NULL;
236
237	BOOL PrefixOK = FALSE;
238
239	PIO_STACK_LOCATION pStack = IoGetCurrentIrpStackLocation(pIrp);
240
241	/* Make a local copy, it will be needed after the Irp completion. */
242	ULONG IoControlCode = pStack->Parameters.DeviceIoControl.IoControlCode;
243
244	PMRX_VBOX_DEVICE_EXTENSION pDeviceExtension = (PMRX_VBOX_DEVICE_EXTENSION)((PBYTE)pDevObj + sizeof(RDBSS_DEVICE_OBJECT));
245
246	Log(("VBOXSF: MRXDeviceControl: pDevObj %p, pDeviceExtension %p, code %x\n",
247	pDevObj, pDevObj->DeviceExtension, IoControlCode));
248
249	switch (IoControlCode)
250	{
251	case IOCTL_REDIR_QUERY_PATH_EX: /* Vista */
252	case IOCTL_REDIR_QUERY_PATH: /* XP and earlier */
253	{
254	/* This IOCTL is intercepted for 2 reasons:
255	* 1) Claim the vboxsvr and vboxsrv prefixes. All name-based operations for them
256	* will be routed to the VBox provider automatically without any prefix resolution
257	* since the prefix is already in the prefix cache.
258	* 2) Reject other prefixes immediately to speed up the UNC path resolution a bit,
259	* because RDBSS will not be involved then.
260	*/
261
262	const WCHAR *FilePathName = NULL;
263	ULONG PathNameLength = 0;
264
265	if (pIrp->RequestorMode != KernelMode)
266	{
267	/* MSDN: Network redirectors should only honor kernel-mode senders of this IOCTL, by verifying
268	* that RequestorMode member of the IRP structure is KernelMode.
269	*/
270	Log(("VBOXSF: MRxDeviceControl: IOCTL_REDIR_QUERY_PATH(_EX): not kernel mode!!!\n",
271	pStack->Parameters.DeviceIoControl.InputBufferLength));
272	/* Continue to RDBSS. */
273	break;
274	}
275
276	if (IoControlCode == IOCTL_REDIR_QUERY_PATH)
277	{
278	Log(("VBOXSF: MRxDeviceControl: IOCTL_REDIR_QUERY_PATH: Called (pid %x).\n", IoGetCurrentProcess()));
279
280	if (pStack->Parameters.DeviceIoControl.InputBufferLength < sizeof(QUERY_PATH_REQUEST))
281	{
282	Log(("VBOXSF: MRxDeviceControl: IOCTL_REDIR_QUERY_PATH: short input buffer %d.\n",
283	pStack->Parameters.DeviceIoControl.InputBufferLength));
284	/* Continue to RDBSS. */
285	break;
286	}
287
288	pReq = (QUERY_PATH_REQUEST *)pStack->Parameters.DeviceIoControl.Type3InputBuffer;
289
290	Log(("VBOXSF: MRxDeviceControl: PathNameLength = %d.\n", pReq->PathNameLength));
291	Log(("VBOXSF: MRxDeviceControl: SecurityContext = %p.\n", pReq->SecurityContext));
292	Log(("VBOXSF: MRxDeviceControl: FilePathName = %.*ls.\n", pReq->PathNameLength / sizeof (WCHAR), pReq->FilePathName));
293
294	FilePathName = pReq->FilePathName;
295	PathNameLength = pReq->PathNameLength;
296	}
297	else
298	{
299	Log(("VBOXSF: MRxDeviceControl: IOCTL_REDIR_QUERY_PATH_EX: Called.\n"));
300
301	if (pStack->Parameters.DeviceIoControl.InputBufferLength < sizeof(QUERY_PATH_REQUEST_EX))
302	{
303	Log(("VBOXSF: MRxDeviceControl: IOCTL_REDIR_QUERY_PATH_EX: short input buffer %d.\n",
304	pStack->Parameters.DeviceIoControl.InputBufferLength));
305	/* Continue to RDBSS. */
306	break;
307	}
308
309	pReqEx = (QUERY_PATH_REQUEST_EX *)pStack->Parameters.DeviceIoControl.Type3InputBuffer;
310
311	Log(("VBOXSF: MRxDeviceControl: pSecurityContext = %p.\n", pReqEx->pSecurityContext));
312	Log(("VBOXSF: MRxDeviceControl: EaLength = %d.\n", pReqEx->EaLength));
313	Log(("VBOXSF: MRxDeviceControl: pEaBuffer = %p.\n", pReqEx->pEaBuffer));
314	Log(("VBOXSF: MRxDeviceControl: PathNameLength = %d.\n", pReqEx->PathName.Length));
315	Log(("VBOXSF: MRxDeviceControl: FilePathName = %.*ls.\n", pReqEx->PathName.Length / sizeof (WCHAR), pReqEx->PathName.Buffer));
316
317	FilePathName = pReqEx->PathName.Buffer;
318	PathNameLength = pReqEx->PathName.Length;
319	}
320
321	pResp = (QUERY_PATH_RESPONSE *)pIrp->UserBuffer;
322
323	PrefixOK = vboxIsPrefixOK (FilePathName, PathNameLength);
324	Log(("VBOXSF: MRxDeviceControl PrefixOK %d\n", PrefixOK));
325
326	if (!PrefixOK)
327	{
328	/* Immediately fail the IOCTL with STATUS_BAD_NETWORK_NAME as recommended by MSDN.
329	* No need to involve RDBSS.
330	*/
331	Status = STATUS_BAD_NETWORK_NAME;
332
333	pIrp->IoStatus.Status = Status;
334	pIrp->IoStatus.Information = 0;
335
336	IoCompleteRequest(pIrp, IO_NO_INCREMENT);
337
338	Log(("VBOXSF: MRxDeviceControl: returned STATUS_BAD_NETWORK_NAME\n"));
339	return Status;
340	}
341
342	Log(("VBOXSF: MRxDeviceControl pResp %p verifying the path.\n", pResp));
343	if (pResp)
344	{
345	/* Always claim entire \vboxsrv prefix. The LengthAccepted initially is equal to entire path.
346	* Here it is assigned to the length of \vboxsrv prefix.
347	*/
348	pResp->LengthAccepted = 8 * sizeof (WCHAR);
349
350	Status = STATUS_SUCCESS;
351
352	pIrp->IoStatus.Status = Status;
353	pIrp->IoStatus.Information = 0;
354
355	IoCompleteRequest(pIrp, IO_NO_INCREMENT);
356
357	Log(("VBOXSF: MRxDeviceControl: claiming the path.\n"));
358	return Status;
359	}
360
361	/* No pResp pointer, should not happen. Just a precaution. */
362	Status = STATUS_INVALID_PARAMETER;
363
364	pIrp->IoStatus.Status = Status;
365	pIrp->IoStatus.Information = 0;
366
367	IoCompleteRequest(pIrp, IO_NO_INCREMENT);
368
369	Log(("VBOXSF: MRxDeviceControl: returned STATUS_INVALID_PARAMETER\n"));
370	return Status;
371	}
372
373	default:
374	break;
375	}
376
377	/* Pass the IOCTL to RDBSS. */
378	if (pDeviceExtension && pDeviceExtension->pfnRDBSSDeviceControl)
379	{
380	Log(("VBOXSF: MRxDeviceControl calling RDBSS %p\n", pDeviceExtension->pfnRDBSSDeviceControl));
381	Status = pDeviceExtension->pfnRDBSSDeviceControl (pDevObj, pIrp);
382	Log(("VBOXSF: MRxDeviceControl RDBSS status 0x%08X\n", Status));
383	}
384	else
385	{
386	/* No RDBSS, should not happen. Just a precaution. */
387	Status = STATUS_NOT_IMPLEMENTED;
388
389	pIrp->IoStatus.Status = Status;
390	pIrp->IoStatus.Information = 0;
391
392	IoCompleteRequest(pIrp, IO_NO_INCREMENT);
393
394	Log(("VBOXSF: MRxDeviceControl: returned STATUS_NOT_IMPLEMENTED\n"));
395	}
396
397	return Status;
398	}
399
400	NTSTATUS DriverEntry(IN PDRIVER_OBJECT DriverObject,
401	IN PUNICODE_STRING RegistryPath)
402	{
403	NTSTATUS Status;
404	UNICODE_STRING VBoxMRxName;
405	UNICODE_STRING UserModeDeviceName;
406	PMRX_VBOX_DEVICE_EXTENSION pDeviceExtension = NULL;
407	ULONG i;
408	int vboxRC;
409	VBGLSFCLIENT hgcmClient;
410
411	Log(("VBOXSF: DriverEntry: Driver object %p\n", DriverObject));
412
413	if (!DriverObject)
414	{
415	Log(("VBOXSF: DriverEntry: driver object is NULL.\n"));
416	return STATUS_UNSUCCESSFUL;
417	}
418
419	/* Initialize VBox subsystem. */
420	vboxRC = VbglR0SfInit();
421	if (RT_FAILURE(vboxRC))
422	{
423	Log(("VBOXSF: DriverEntry: ERROR while initializing VBox subsystem (%Rrc)!\n", vboxRC));
424	return STATUS_UNSUCCESSFUL;
425	}
426
427	/* Connect the HGCM client */
428	RT_ZERO(hgcmClient);
429	vboxRC = VbglR0SfConnect(&hgcmClient);
430	if (RT_FAILURE(vboxRC))
431	{
432	Log(("VBOXSF: DriverEntry: ERROR while connecting to host (%Rrc)!\n",
433	vboxRC));
434	VbglR0SfTerm();
435	return STATUS_UNSUCCESSFUL;
436	}
437
438	/* Init the driver object. */
439	DriverObject->DriverUnload = VBoxMRxUnload;
440	for (i = 0; i < IRP_MJ_MAXIMUM_FUNCTION; i++)
441	{
442	DriverObject->MajorFunction[i] = (PDRIVER_DISPATCH)VBoxMRxFsdDispatch;
443	}
444
445	/* Forward to RDBSS. */
446	Status = RxDriverEntry(DriverObject, RegistryPath);
447	if (Status != STATUS_SUCCESS)
448	{
449	Log(("VBOXSF: DriverEntry: RxDriverEntry failed: 0x%08X\n", Status));
450	goto failure;
451	}
452
453	__try
454	{
455	Log(("VBOXSF: DriverEntry: RxRegisterMinirdr: calling VBoxMRxDeviceObject %p\n",
456	VBoxMRxDeviceObject));
457
458	RtlInitUnicodeString(&VBoxMRxName, DD_MRX_VBOX_FS_DEVICE_NAME_U);
459
460	/* Don use RX_REGISTERMINI_FLAG_DONT_PROVIDE_UNCS or else
461	* UNC mappings don't work (including Windows explorer browsing).
462	*/
463	Status = RxRegisterMinirdr(&VBoxMRxDeviceObject,
464	DriverObject,
465	&VBoxMRxDispatch,
466	RX_REGISTERMINI_FLAG_DONT_PROVIDE_MAILSLOTS,
467	&VBoxMRxName,
468	sizeof(MRX_VBOX_DEVICE_EXTENSION),
469	FILE_DEVICE_NETWORK_FILE_SYSTEM,
470	FILE_REMOTE_DEVICE);
471
472	Log(("VBOXSF: DriverEntry: RxRegisterMinirdr: returned 0x%08X VBoxMRxDeviceObject %p\n",
473	Status, VBoxMRxDeviceObject));
474
475	if (Status!=STATUS_SUCCESS)
476	{
477	Log(("VBOXSF: DriverEntry: RxRegisterMinirdr failed: 0x%08X\n", Status ));
478	try_return((void)Status);
479	}
480
481	/* Init the device extension.
482	* NOTE: the device extension actually points to fields
483	* in the RDBSS_DEVICE_OBJECT. Our space is past the end
484	* of this struct!!
485	*/
486	pDeviceExtension = (PMRX_VBOX_DEVICE_EXTENSION)((PBYTE)VBoxMRxDeviceObject + sizeof(RDBSS_DEVICE_OBJECT));
487
488	pDeviceExtension->pDeviceObject = VBoxMRxDeviceObject;
489
490	for (i = 0; i < RT_ELEMENTS(pDeviceExtension->cLocalConnections); i++)
491	{
492	pDeviceExtension->cLocalConnections[i] = FALSE;
493	}
494
495	/* Mutex for synchronizining our connection list */
496	ExInitializeFastMutex(&pDeviceExtension->mtxLocalCon);
497
498	/* The device object has been created. Need to setup a symbolic
499	* link so that the device may be accessed from a Win32 user mode
500	* application.
501	*/
502
503	RtlInitUnicodeString(&UserModeDeviceName, DD_MRX_VBOX_USERMODE_SHADOW_DEV_NAME_U);
504	Log(("VBOXSF: DriverEntry: Calling IoCreateSymbolicLink\n"));
505	Status = IoCreateSymbolicLink(&UserModeDeviceName, &VBoxMRxName);
506	if (Status != STATUS_SUCCESS)
507	{
508	Log(("VBOXSF: DriverEntry: IoCreateSymbolicLink: 0x%08X\n",
509	Status));
510	try_return((void)Status);
511	}
512	Log(("VBOXSF: DriverEntry: Symbolic link created.\n"));
513
514	/*
515	* Build the dispatch tables for the minirdr
516	*/
517	vbsfInitMRxDispatch();
518
519	try_exit:
520	;
521	}
522	__finally
523	{
524	;
525	}
526
527	if (Status != STATUS_SUCCESS)
528	{
529	Log(("VBOXSF: DriverEntry: VBoxSF.sys failed to start with Status = 0x%08X\n",
530	Status));
531	goto failure;
532	}
533
534	AssertPtr(pDeviceExtension);
535	pDeviceExtension->hgcmClient = hgcmClient;
536
537	/* The redirector driver must intercept the IOCTL to avoid VBOXSVR name resolution
538	* by other redirectors. These additional name resolutions cause long delays.
539	*/
540	Log(("VBOXSF: DriverEntry: VBoxMRxDeviceObject = %p, rdbss %p, devext %p\n",
541	VBoxMRxDeviceObject, DriverObject->MajorFunction[IRP_MJ_DEVICE_CONTROL], pDeviceExtension));
542	pDeviceExtension->pfnRDBSSDeviceControl = DriverObject->MajorFunction[IRP_MJ_DEVICE_CONTROL];
543	DriverObject->MajorFunction[IRP_MJ_DEVICE_CONTROL] = VBoxMRXDeviceControl;
544
545	/* @todo start the redirector here RxStartMiniRdr. */
546
547	Log(("VBOXSF: DriverEntry: Init successful!\n"));
548	return STATUS_SUCCESS;
549
550	failure:
551
552	Log(("VBOXSF: DriverEntry: Failure! Status = 0x%08X\n", Status));
553
554	VbglR0SfDisconnect(&hgcmClient);
555	VbglR0SfTerm();
556
557	if (VBoxMRxDeviceObject)
558	{
559	RxUnregisterMinirdr(VBoxMRxDeviceObject);
560	VBoxMRxDeviceObject = NULL;
561	}
562
563	return Status;
564	}
565
566	NTSTATUS VBoxMRxStart(PRX_CONTEXT RxContext, IN OUT PRDBSS_DEVICE_OBJECT RxDeviceObject)
567	{
568	NTSTATUS Status;
569	MRX_VBOX_STATE CurrentState;
570	RT_NOREF(RxContext, RxDeviceObject);
571
572	Log(("VBOXSF: MRxStart\n"));
573
574	CurrentState = (MRX_VBOX_STATE)InterlockedCompareExchange((PLONG)&VBoxMRxState, MRX_VBOX_STARTED, MRX_VBOX_START_IN_PROGRESS);
575
576	if (CurrentState == MRX_VBOX_START_IN_PROGRESS)
577	{
578	Log(("VBOXSF: MRxStart: Start in progress -> started\n"));
579	Status = STATUS_SUCCESS;
580	}
581	else if (VBoxMRxState == MRX_VBOX_STARTED)
582	{
583	Log(("VBOXSF: MRxStart: Already started\n"));
584	Status = STATUS_REDIRECTOR_STARTED;
585	}
586	else
587	{
588	Log(("VBOXSF: MRxStart: Bad state! VBoxMRxState = %d\n", VBoxMRxState));
589	Status = STATUS_UNSUCCESSFUL;
590	}
591
592	return Status;
593	}
594
595	NTSTATUS VBoxMRxStop(PRX_CONTEXT RxContext, IN OUT PRDBSS_DEVICE_OBJECT RxDeviceObject)
596	{
597	RT_NOREF(RxContext, RxDeviceObject);
598	Log(("VBOXSF: MRxStop\n"));
599	return STATUS_SUCCESS;
600	}
601
602	NTSTATUS VBoxMRxIoCtl(IN OUT PRX_CONTEXT RxContext)
603	{
604	RT_NOREF(RxContext);
605	Log(("VBOXSF: MRxIoCtl: IoControlCode = 0x%08X\n", RxContext->LowIoContext.ParamsFor.FsCtl.FsControlCode));
606	return STATUS_INVALID_DEVICE_REQUEST;
607	}
608
609	NTSYSAPI NTSTATUS NTAPI ZwSetSecurityObject(IN HANDLE Handle,
610	IN SECURITY_INFORMATION SecurityInformation,
611	IN PSECURITY_DESCRIPTOR SecurityDescriptor);
612
613	NTSTATUS VBoxMRxDevFcbXXXControlFile(IN OUT PRX_CONTEXT RxContext)
614	{
615	NTSTATUS Status = STATUS_SUCCESS;
616	RxCaptureFobx;
617	PMRX_VBOX_DEVICE_EXTENSION pDeviceExtension = VBoxMRxGetDeviceExtension(RxContext);
618	PLOWIO_CONTEXT LowIoContext = &RxContext->LowIoContext;
619
620	Log(("VBOXSF: MRxDevFcbXXXControlFile: MajorFunction = 0x%02X\n",
621	RxContext->MajorFunction));
622
623	switch (RxContext->MajorFunction)
624	{
625	case IRP_MJ_FILE_SYSTEM_CONTROL:
626	{
627	Log(("VBOXSF: MRxDevFcbXXXControlFile: IRP_MN_USER_FS_REQUEST: 0x%08X\n",
628	LowIoContext->ParamsFor.FsCtl.MinorFunction));
629	Status = STATUS_INVALID_DEVICE_REQUEST;
630	break;
631	}
632
633	case IRP_MJ_DEVICE_CONTROL:
634	{
635	Log(("VBOXSF: MRxDevFcbXXXControlFile: IRP_MJ_DEVICE_CONTROL: InputBuffer %p/%d, OutputBuffer %p/%d\n",
636	LowIoContext->ParamsFor.IoCtl.pInputBuffer,
637	LowIoContext->ParamsFor.IoCtl.InputBufferLength,
638	LowIoContext->ParamsFor.IoCtl.pOutputBuffer,
639	LowIoContext->ParamsFor.IoCtl.OutputBufferLength));
640
641	switch (LowIoContext->ParamsFor.IoCtl.IoControlCode)
642	{
643	case IOCTL_MRX_VBOX_ADDCONN:
644	{
645	Log(("VBOXSF: MRxDevFcbXXXControlFile: IOCTL_MRX_VBOX_ADDCONN\n"));
646	Status = vbsfCreateConnection(RxContext, &RxContext->PostRequest);
647	break;
648	}
649
650	case IOCTL_MRX_VBOX_DELCONN:
651	{
652	Log(("VBOXSF: MRxDevFcbXXXControlFile: IOCTL_MRX_VBOX_DELCONN\n"));
653	Status = vbsfDeleteConnection(RxContext, &RxContext->PostRequest);
654	break;
655	}
656
657	case IOCTL_MRX_VBOX_GETLIST:
658	{
659	ULONG cbOut = LowIoContext->ParamsFor.IoCtl.OutputBufferLength;
660	uint8_t pu8Out = (uint8_t )LowIoContext->ParamsFor.IoCtl.pOutputBuffer;
661
662	BOOLEAN fLocked = FALSE;
663
664	Log(("VBOXSF: MRxDevFcbXXXControlFile: IOCTL_MRX_VBOX_GETLIST\n"));
665
666	RxContext->InformationToReturn = 0;
667
668	if ( !pDeviceExtension
669	\|\| cbOut < _MRX_MAX_DRIVE_LETTERS)
670	{
671	Status = STATUS_INVALID_PARAMETER;
672	break;
673	}
674
675	Log(("VBOXSF: MRxDevFcbXXXControlFile: IOCTL_MRX_VBOX_GETLIST: Copying local connections\n"));
676
677	fLocked = ExTryToAcquireFastMutex(&pDeviceExtension->mtxLocalCon);
678
679	__try
680	{
681	RtlCopyMemory(pu8Out, pDeviceExtension->cLocalConnections, _MRX_MAX_DRIVE_LETTERS);
682	RxContext->InformationToReturn = _MRX_MAX_DRIVE_LETTERS;
683	}
684	__except(EXCEPTION_EXECUTE_HANDLER)
685	{
686	Status = STATUS_INVALID_PARAMETER;
687	}
688
689	if (fLocked)
690	{
691	ExReleaseFastMutex(&pDeviceExtension->mtxLocalCon);
692	fLocked = FALSE;
693	}
694
695	break;
696	}
697
698	/*
699	* Returns the root IDs of shared folder mappings.
700	*/
701	case IOCTL_MRX_VBOX_GETGLOBALLIST:
702	{
703	ULONG cbOut = LowIoContext->ParamsFor.IoCtl.OutputBufferLength;
704	uint8_t pu8Out = (uint8_t )LowIoContext->ParamsFor.IoCtl.pOutputBuffer;
705
706	int vboxRC;
707	SHFLMAPPING mappings[_MRX_MAX_DRIVE_LETTERS];
708	uint32_t cMappings = RT_ELEMENTS(mappings);
709
710	Log(("VBOXSF: MRxDevFcbXXXControlFile: IOCTL_MRX_VBOX_GETGLOBALLIST\n"));
711
712	RxContext->InformationToReturn = 0;
713
714	if ( !pDeviceExtension
715	\|\| cbOut < _MRX_MAX_DRIVE_LETTERS)
716	{
717	Status = STATUS_INVALID_PARAMETER;
718	break;
719	}
720
721	vboxRC = VbglR0SfQueryMappings(&pDeviceExtension->hgcmClient, mappings, &cMappings);
722	if (vboxRC == VINF_SUCCESS)
723	{
724	__try
725	{
726	uint32_t i;
727
728	RtlZeroMemory(pu8Out, _MRX_MAX_DRIVE_LETTERS);
729
730	for (i = 0; i < RT_MIN(cMappings, cbOut); i++)
731	{
732	pu8Out[i] = mappings[i].root;
733	pu8Out[i] \|= 0x80; /* mark active / /* @todo fix properly */
734	}
735
736	RxContext->InformationToReturn = _MRX_MAX_DRIVE_LETTERS;
737	}
738	__except(EXCEPTION_EXECUTE_HANDLER)
739	{
740	Status = STATUS_INVALID_PARAMETER;
741	}
742	}
743	else
744	{
745	Status = VBoxErrorToNTStatus(vboxRC);
746	Log(("VBOXSF: MRxDevFcbXXXControlFile: IOCTL_MRX_VBOX_GETGLOBALLIST failed: 0x%08X\n",
747	Status));
748	}
749
750	break;
751	}
752
753	/*
754	* Translates a local connection name (e.g. drive "S:") to the
755	* corresponding remote name (e.g. \\vboxsrv\share).
756	*/
757	case IOCTL_MRX_VBOX_GETCONN:
758	{
759	ULONG cbConnectName = LowIoContext->ParamsFor.IoCtl.InputBufferLength;
760	PWCHAR pwcConnectName = (PWCHAR)LowIoContext->ParamsFor.IoCtl.pInputBuffer;
761	ULONG cbRemoteName = LowIoContext->ParamsFor.IoCtl.OutputBufferLength;
762	PWCHAR pwcRemoteName = (PWCHAR)LowIoContext->ParamsFor.IoCtl.pOutputBuffer;
763
764	BOOLEAN fMutexAcquired = FALSE;
765
766	Log(("VBOXSF: MRxDevFcbXXXControlFile: IOCTL_MRX_VBOX_GETCONN\n"));
767
768	RxContext->InformationToReturn = 0;
769
770	if ( !pDeviceExtension
771	\|\| cbConnectName < sizeof(WCHAR))
772	{
773	Status = STATUS_INVALID_PARAMETER;
774	break;
775	}
776
777	Log(("VBOXSF: MRxDevFcbXXXControlFile: IOCTL_MRX_VBOX_GETCONN: Looking up connection name and connections\n"));
778
779	__try
780	{
781	uint32_t idx = *pwcConnectName - L'A';
782
783	Log(("VBOXSF: MRxDevFcbXXXControlFile: IOCTL_MRX_VBOX_GETCONN: ConnectName = %.*ls, Len = %d, Index = %d\n",
784	cbConnectName / sizeof(WCHAR), pwcConnectName, cbConnectName, idx));
785
786	if (idx < RTL_NUMBER_OF(pDeviceExtension->wszLocalConnectionName))
787	{
788	ExAcquireFastMutex(&pDeviceExtension->mtxLocalCon);
789	fMutexAcquired = TRUE;
790
791	if (pDeviceExtension->wszLocalConnectionName[idx])
792	{
793	ULONG cbLocalConnectionName = pDeviceExtension->wszLocalConnectionName[idx]->Length;
794
795	Log(("VBOXSF: MRxDevFcbXXXControlFile: IOCTL_MRX_VBOX_GETCONN: LocalConnectionName = %.*ls\n",
796	cbLocalConnectionName / sizeof(WCHAR), pDeviceExtension->wszLocalConnectionName[idx]->Buffer));
797
798	if ((pDeviceExtension->cLocalConnections[idx]) && (cbLocalConnectionName <= cbRemoteName))
799	{
800	RtlZeroMemory(pwcRemoteName, cbRemoteName);
801	RtlCopyMemory(pwcRemoteName,
802	pDeviceExtension->wszLocalConnectionName[idx]->Buffer,
803	cbLocalConnectionName);
804
805	Log(("VBOXSF: MRxDevFcbXXXControlFile: IOCTL_MRX_VBOX_GETCONN: Remote name = %.*ls, Len = %d\n",
806	cbLocalConnectionName / sizeof(WCHAR), pwcRemoteName, cbLocalConnectionName));
807	}
808	else
809	{
810	Status = STATUS_BUFFER_TOO_SMALL;
811	}
812
813	RxContext->InformationToReturn = cbLocalConnectionName;
814	}
815	else
816	{
817	Log(("VBOXSF: MRxDevFcbXXXControlFile: IOCTL_MRX_VBOX_GETCONN: LocalConnectionName is NULL!\n"));
818	Status = STATUS_BAD_NETWORK_NAME;
819	}
820	}
821	else
822	{
823	Log(("VBOXSF: MRxDevFcbXXXControlFile: IOCTL_MRX_VBOX_GETCONN: Index is invalid!\n"));
824	Status = STATUS_INVALID_PARAMETER;
825	}
826	}
827	__except(EXCEPTION_EXECUTE_HANDLER)
828	{
829	Status = STATUS_INVALID_PARAMETER;
830	}
831
832	if (fMutexAcquired)
833	{
834	ExReleaseFastMutex(&pDeviceExtension->mtxLocalCon);
835	fMutexAcquired = FALSE;
836	}
837
838	break;
839	}
840
841	case IOCTL_MRX_VBOX_GETGLOBALCONN:
842	{
843	ULONG cbConnectId = LowIoContext->ParamsFor.IoCtl.InputBufferLength;
844	uint8_t pu8ConnectId = (uint8_t )LowIoContext->ParamsFor.IoCtl.pInputBuffer;
845	ULONG cbRemoteName = LowIoContext->ParamsFor.IoCtl.OutputBufferLength;
846	PWCHAR pwcRemoteName = (PWCHAR)LowIoContext->ParamsFor.IoCtl.pOutputBuffer;
847
848	int vboxRC;
849	PSHFLSTRING pString;
850
851	Log(("VBOXSF: MRxDevFcbXXXControlFile: IOCTL_MRX_VBOX_GETGLOBALCONN\n"));
852
853	RxContext->InformationToReturn = 0;
854
855	if ( !pDeviceExtension
856	\|\| cbConnectId < sizeof(uint8_t))
857	{
858	Status = STATUS_INVALID_PARAMETER;
859	break;
860	}
861
862	/* Allocate empty string where the host can store cbRemoteName bytes. */
863	Status = vbsfShflStringFromUnicodeAlloc(&pString, NULL, (uint16_t)cbRemoteName);
864	if (Status != STATUS_SUCCESS)
865	break;
866
867	__try
868	{
869	Log(("VBOXSF: MRxDevFcbXXXControlFile: IOCTL_MRX_VBOX_GETGLOBALCONN: Connection ID = %d\n",
870	*pu8ConnectId));
871
872	vboxRC = VbglR0SfQueryMapName(&pDeviceExtension->hgcmClient,
873	(pu8ConnectId) & ~0x80 /* @todo fix properly */,
874	pString, ShflStringSizeOfBuffer(pString));
875	if ( vboxRC == VINF_SUCCESS
876	&& pString->u16Length < cbRemoteName)
877	{
878	RtlCopyMemory(pwcRemoteName, pString->String.ucs2, pString->u16Length);
879	Log(("VBOXSF: MRxDevFcbXXXControlFile: IOCTL_MRX_VBOX_GETGLOBALCONN: Returned name = %.*ls, Len = %d\n",
880	pString->u16Length / sizeof(WCHAR), pwcRemoteName, pString->u16Length));
881	RxContext->InformationToReturn = pString->u16Length;
882	}
883	else
884	{
885	Status = STATUS_BAD_NETWORK_NAME;
886	}
887	}
888	__except(EXCEPTION_EXECUTE_HANDLER)
889	{
890	Status = STATUS_INVALID_PARAMETER;
891	}
892
893	vbsfFreeNonPagedMem(pString);
894
895	break;
896	}
897
898	case IOCTL_MRX_VBOX_START:
899	{
900	Log(("VBOXSF: MRxDevFcbXXXControlFile: IOCTL_MRX_VBOX_START: capFobx %p\n",
901	capFobx));
902
903	Log(("VBOXSF: MRxDevFcbXXXControlFile: IOCTL_MRX_VBOX_START: process: current 0x%X, RDBSS 0x%X\n",
904	IoGetCurrentProcess(), RxGetRDBSSProcess()));
905
906	switch (VBoxMRxState)
907	{
908	case MRX_VBOX_STARTABLE:
909
910	Log(("VBOXSF: MRxDevFcbXXXControlFile: MRX_VBOX_STARTABLE\n"));
911
912	if (capFobx)
913	{
914	Status = STATUS_INVALID_DEVICE_REQUEST;
915	break;;
916	}
917
918	InterlockedCompareExchange((PLONG)&VBoxMRxState, MRX_VBOX_START_IN_PROGRESS, MRX_VBOX_STARTABLE);
919
920	case MRX_VBOX_START_IN_PROGRESS:
921	Status = RxStartMinirdr(RxContext, &RxContext->PostRequest);
922
923	Log(("VBOXSF: MRxDevFcbXXXControlFile: MRX_VBOX_START_IN_PROGRESS RxStartMiniRdr Status 0x%08X, post %d\n",
924	Status, RxContext->PostRequest));
925
926	if (Status == STATUS_REDIRECTOR_STARTED)
927	{
928	Status = STATUS_SUCCESS;
929	break;
930	}
931
932	if ( Status == STATUS_PENDING
933	&& RxContext->PostRequest == TRUE)
934	{
935	/* Will be restarted in RDBSS process. */
936	Status = STATUS_MORE_PROCESSING_REQUIRED;
937	break;
938	}
939
940	/* Allow restricted users to use shared folders; works only in XP and Vista. (@@todo hack) */
941	if (Status == STATUS_SUCCESS)
942	{
943	SECURITY_DESCRIPTOR SecurityDescriptor;
944	OBJECT_ATTRIBUTES InitializedAttributes;
945	HANDLE hDevice;
946	IO_STATUS_BLOCK IoStatusBlock;
947	UNICODE_STRING UserModeDeviceName;
948
949	RtlInitUnicodeString(&UserModeDeviceName, DD_MRX_VBOX_USERMODE_SHADOW_DEV_NAME_U);
950
951	/* Create empty security descriptor */
952	RtlZeroMemory (&SecurityDescriptor, sizeof (SecurityDescriptor));
953	Status = RtlCreateSecurityDescriptor(&SecurityDescriptor, SECURITY_DESCRIPTOR_REVISION);
954	if (Status != STATUS_SUCCESS)
955	{
956	Log(("VBOXSF: MRxDevFcbXXXControlFile: IOCTL_MRX_VBOX_START: MRX_VBOX_START_IN_PROGRESS: RtlCreateSecurityDescriptor failed with 0x%08X!\n",
957	Status));
958	return Status;
959	}
960
961	RtlZeroMemory (&InitializedAttributes, sizeof (InitializedAttributes));
962	InitializeObjectAttributes(&InitializedAttributes, &UserModeDeviceName, OBJ_KERNEL_HANDLE, 0, 0);
963
964	/* Open our symbolic link device name */
965	Status = ZwOpenFile(&hDevice, WRITE_DAC, &InitializedAttributes, &IoStatusBlock, 0, 0);
966	if (Status != STATUS_SUCCESS)
967	{
968	Log(("VBOXSF: MRxDevFcbXXXControlFile: IOCTL_MRX_VBOX_START: MRX_VBOX_START_IN_PROGRESS: ZwOpenFile %ls failed with 0x%08X!\n",
969	DD_MRX_VBOX_USERMODE_SHADOW_DEV_NAME_U, Status));
970	return Status;
971	}
972
973	/* Override the discretionary access control list (DACL) settings */
974	Status = ZwSetSecurityObject(hDevice, DACL_SECURITY_INFORMATION, &SecurityDescriptor);
975	if (Status != STATUS_SUCCESS)
976	{
977	Log(("VBOXSF: MRxDevFcbXXXControlFile: IOCTL_MRX_VBOX_START: MRX_VBOX_START_IN_PROGRESS: ZwSetSecurityObject failed with 0x%08X!\n",
978	Status));
979	return Status;
980	}
981
982	Status = ZwClose(hDevice);
983	if (Status != STATUS_SUCCESS)
984	{
985	Log(("VBOXSF: MRxDevFcbXXXControlFile: IOCTL_MRX_VBOX_START: MRX_VBOX_START_IN_PROGRESS: ZwClose failed with 0x%08X\n",
986	Status));
987	return Status;
988	}
989	}
990	break;
991
992	case MRX_VBOX_STARTED:
993	Log(("VBOXSF: MRxDevFcbXXXControlFile: IOCTL_MRX_VBOX_START: MRX_VBOX_STARTED: Already started\n"));
994	Status = STATUS_SUCCESS;
995	break;
996
997	default:
998	Log(("VBOXSF: MRxDevFcbXXXControlFile: IOCTL_MRX_VBOX_START: Invalid state (%d)!\n",
999	VBoxMRxState));
1000	Status = STATUS_INVALID_PARAMETER;
1001	break;
1002	}
1003
1004	Log(("VBOXSF: MRxDevFcbXXXControlFile: IOCTL_MRX_VBOX_START: Returned 0x%08X\n",
1005	Status));
1006	break;
1007	}
1008
1009	case IOCTL_MRX_VBOX_STOP:
1010	{
1011	MRX_VBOX_STATE CurrentState;
1012
1013	Log(("VBOXSF: MRxDevFcbXXXControlFile: IOCTL_MRX_VBOX_STOP: capFobx %p\n",
1014	capFobx));
1015
1016	if (capFobx)
1017	{
1018	Status = STATUS_INVALID_DEVICE_REQUEST;
1019	break;
1020	}
1021
1022	if (RxContext->RxDeviceObject->NumberOfActiveFcbs > 0)
1023	{
1024	Log(("VBOXSF: MRxDevFcbXXXControlFile: IOCTL_MRX_VBOX_STOP: Open handles = %d\n",
1025	RxContext->RxDeviceObject->NumberOfActiveFcbs));
1026	Status = STATUS_REDIRECTOR_HAS_OPEN_HANDLES;
1027	break;
1028	}
1029
1030	CurrentState = (MRX_VBOX_STATE)InterlockedCompareExchange((PLONG) & VBoxMRxState, MRX_VBOX_STARTABLE, MRX_VBOX_STARTED);
1031
1032	Status = RxStopMinirdr(RxContext, &RxContext->PostRequest);
1033	Log(("VBOXSF: MRxDevFcbXXXControlFile: IOCTL_MRX_VBOX_STOP: Returned 0x%08X\n",
1034	Status));
1035
1036	if (Status == STATUS_PENDING && RxContext->PostRequest == TRUE)
1037	Status = STATUS_MORE_PROCESSING_REQUIRED;
1038	break;
1039	}
1040
1041	default:
1042	Status = STATUS_INVALID_DEVICE_REQUEST;
1043	break;
1044	}
1045	break;
1046	}
1047
1048	case IRP_MJ_INTERNAL_DEVICE_CONTROL:
1049	{
1050	Status = STATUS_INVALID_DEVICE_REQUEST;
1051	break;
1052	}
1053
1054	default:
1055	Log(("VBOXSF: MRxDevFcbXXXControlFile: unimplemented major function 0x%02X\n",
1056	RxContext->MajorFunction));
1057	Status = STATUS_INVALID_DEVICE_REQUEST;
1058	break;
1059	}
1060
1061	Log(("VBOXSF: MRxDevFcbXXXControlFile: Status = 0x%08X, Info = 0x%08X\n",
1062	Status, RxContext->InformationToReturn));
1063
1064	return Status;
1065	}
1066
1067	static NTSTATUS vbsfVerifyConnectionName(PUNICODE_STRING ConnectionName)
1068	{
1069	/* Check that the connection name is valid:
1070	* "\Device\VBoxMiniRdr\;X:\vboxsvr\sf"
1071	*/
1072	NTSTATUS Status = STATUS_BAD_NETWORK_NAME;
1073
1074	ULONG i;
1075	PWCHAR pwc;
1076	PWCHAR pwc1;
1077
1078	static PWCHAR spwszPrefix = L"\\Device\\VBoxMiniRdr\\;";
1079
1080	/* Unicode chars in the string. */
1081	ULONG cConnectionName = ConnectionName->Length / sizeof(WCHAR);
1082	ULONG cRemainingName;
1083
1084	/* Check that the name starts with correct prefix. */
1085	pwc1 = &spwszPrefix[0];
1086	pwc = ConnectionName->Buffer;
1087	for (i = 0; i < cConnectionName; i++, pwc1++, pwc++)
1088	{
1089	if (pwc1 == 0 \|\| pwc == 0 \|\| pwc1 != pwc)
1090	break;
1091	}
1092
1093	cRemainingName = cConnectionName - i;
1094
1095	Log(("VBOXSF: vbsfVerifyConnectionName: prefix %d remaining %d [%.*ls]\n",
1096	*pwc1 == 0, cRemainingName, cRemainingName, &ConnectionName->Buffer[i]));
1097
1098	if (*pwc1 == 0)
1099	{
1100	/* pwc should point to a drive letter followed by ':\' that is at least 3 chars more. */
1101	if (cRemainingName >= 3)
1102	{
1103	if ( pwc[0] >= L'A' && pwc[0] <= L'Z'
1104	&& pwc[1] == L':')
1105	{
1106	pwc += 2;
1107	cRemainingName -= 2;
1108
1109	/* @todo should also check that the drive letter corresponds to the name. */
1110	if (vboxIsPrefixOK(pwc, cRemainingName * sizeof (WCHAR)))
1111	Status = STATUS_SUCCESS;
1112	}
1113	}
1114	}
1115
1116	return Status;
1117	}
1118
1119	static HANDLE vbsfOpenConnectionHandle(PUNICODE_STRING ConnectionName, NTSTATUS *prcNt)
1120	{
1121	NTSTATUS Status;
1122	IO_STATUS_BLOCK IoStatusBlock;
1123	OBJECT_ATTRIBUTES ObjectAttributes;
1124
1125	HANDLE Handle = INVALID_HANDLE_VALUE;
1126
1127	Log(("VBOXSF: vbsfOpenConnectionHandle: ConnectionName = %.*ls\n",
1128	ConnectionName->Length / sizeof(WCHAR), ConnectionName->Buffer));
1129
1130	Status = vbsfVerifyConnectionName(ConnectionName);
1131
1132	if (NT_SUCCESS(Status))
1133	{
1134	/* Have to create a OBJ_KERNEL_HANDLE. Otherwise the driver verifier on Windows 7 bugchecks. */
1135	InitializeObjectAttributes(&ObjectAttributes,
1136	ConnectionName,
1137	OBJ_CASE_INSENSITIVE \| OBJ_KERNEL_HANDLE,
1138	NULL,
1139	NULL);
1140
1141	Status = ZwCreateFile(&Handle,
1142	SYNCHRONIZE,
1143	&ObjectAttributes,
1144	&IoStatusBlock,
1145	NULL,
1146	FILE_ATTRIBUTE_NORMAL,
1147	FILE_SHARE_READ \| FILE_SHARE_WRITE \| FILE_SHARE_DELETE,
1148	FILE_OPEN_IF,
1149	FILE_CREATE_TREE_CONNECTION \| FILE_SYNCHRONOUS_IO_NONALERT,
1150	NULL,
1151	0);
1152	}
1153
1154	if ( Status != STATUS_SUCCESS
1155	\|\| Handle == INVALID_HANDLE_VALUE)
1156	{
1157	Log(("VBOXSF: vbsfOpenConnectionHandle: ZwCreateFile failed status 0x%08X or invalid handle!\n", Status));
1158	if (prcNt)
1159	*prcNt = !NT_SUCCESS(Status) ? Status : STATUS_UNSUCCESSFUL;
1160	Handle = INVALID_HANDLE_VALUE;
1161	}
1162
1163	return Handle;
1164	}
1165
1166	NTSTATUS vbsfCreateConnection(IN PRX_CONTEXT RxContext, OUT PBOOLEAN PostToFsp)
1167	{
1168	NTSTATUS Status = STATUS_SUCCESS;
1169
1170	PMRX_VBOX_DEVICE_EXTENSION pDeviceExtension;
1171
1172	PLOWIO_CONTEXT LowIoContext;
1173	ULONG cbConnectName;
1174	PWCHAR pwcConnectName;
1175
1176	HANDLE Handle;
1177	UNICODE_STRING FileName;
1178
1179	BOOLEAN fMutexAcquired = FALSE;
1180
1181	Log(("VBOXSF: vbsfCreateConnection\n"));
1182
1183	if (!BooleanFlagOn(RxContext->Flags, RX_CONTEXT_FLAG_WAIT))
1184	{
1185	Log(("VBOXSF: vbsfCreateConnection: post to file system process\n"));
1186	*PostToFsp = TRUE;
1187	return STATUS_PENDING;
1188	}
1189
1190	pDeviceExtension = VBoxMRxGetDeviceExtension(RxContext);
1191	if (!pDeviceExtension)
1192	return STATUS_INVALID_PARAMETER;
1193
1194	LowIoContext = &RxContext->LowIoContext;
1195	cbConnectName = LowIoContext->ParamsFor.IoCtl.InputBufferLength;
1196	pwcConnectName = (PWCHAR)LowIoContext->ParamsFor.IoCtl.pInputBuffer;
1197
1198	if (cbConnectName == 0 \|\| !pwcConnectName)
1199	{
1200	Log(("VBOXSF: vbsfCreateConnection: Connection name / length is invalid!\n"));
1201	return STATUS_INVALID_PARAMETER;
1202	}
1203
1204	__try
1205	{
1206	Log(("VBOXSF: vbsfCreateConnection: Name = %.*ls, Len = %d\n",
1207	cbConnectName / sizeof(WCHAR), pwcConnectName, cbConnectName));
1208
1209	FileName.Buffer = pwcConnectName;
1210	FileName.Length = (USHORT)cbConnectName;
1211	FileName.MaximumLength = (USHORT)cbConnectName;
1212
1213	Handle = vbsfOpenConnectionHandle(&FileName, NULL);
1214
1215	if (Handle != INVALID_HANDLE_VALUE)
1216	{
1217	PWCHAR pwc;
1218	ULONG i;
1219
1220	ZwClose(Handle);
1221
1222	/* Skip the "\Device\VBoxMiniRdr\;X:" of the string "\Device\VBoxMiniRdr\;X:\vboxsrv\sf" */
1223	pwc = pwcConnectName;
1224	for (i = 0; i < cbConnectName; i += sizeof(WCHAR))
1225	{
1226	if (*pwc == L':')
1227	break;
1228	pwc++;
1229	}
1230
1231	if (i >= sizeof(WCHAR) && i < cbConnectName)
1232	{
1233	pwc--; /* Go back to the drive letter, "X" for example. */
1234
1235	if (pwc >= L'A' && pwc <= L'Z') /* Are we in range? */
1236	{
1237	uint32_t idx = pwc - L'A'; / Get the index based on the driver letter numbers (26). */
1238
1239	if (idx >= RTL_NUMBER_OF(pDeviceExtension->cLocalConnections))
1240	{
1241	Log(("VBOXSF: vbsfCreateConnection: Index 0x%x is invalid!\n",
1242	idx));
1243	Status = STATUS_BAD_NETWORK_NAME;
1244	}
1245	else
1246	{
1247	ExAcquireFastMutex(&pDeviceExtension->mtxLocalCon);
1248	fMutexAcquired = TRUE;
1249
1250	if (pDeviceExtension->wszLocalConnectionName[idx] != NULL)
1251	{
1252	Log(("VBOXSF: vbsfCreateConnection: LocalConnectionName at index %d is NOT empty!\n",
1253	idx));
1254	}
1255
1256	pDeviceExtension->wszLocalConnectionName[idx] = (PUNICODE_STRING)vbsfAllocNonPagedMem(sizeof(UNICODE_STRING) + cbConnectName);
1257
1258	if (!pDeviceExtension->wszLocalConnectionName[idx])
1259	{
1260	Log(("VBOXSF: vbsfCreateConnection: LocalConnectionName at index %d NOT allocated!\n",
1261	idx));
1262	Status = STATUS_INSUFFICIENT_RESOURCES;
1263	}
1264	else
1265	{
1266	PUNICODE_STRING pRemoteName = pDeviceExtension->wszLocalConnectionName[idx];
1267
1268	pRemoteName->Buffer = (PWSTR)(pRemoteName + 1);
1269	pRemoteName->Length = (USHORT)(cbConnectName - i - sizeof(WCHAR));
1270	pRemoteName->MaximumLength = pRemoteName->Length;
1271	RtlCopyMemory(&pRemoteName->Buffer[0], pwc+2, pRemoteName->Length);
1272
1273	Log(("VBOXSF: vbsfCreateConnection: RemoteName %.*ls, Len = %d\n",
1274	pRemoteName->Length / sizeof(WCHAR), pRemoteName->Buffer, pRemoteName->Length));
1275
1276	pDeviceExtension->cLocalConnections[idx] = TRUE;
1277	}
1278
1279	ExReleaseFastMutex(&pDeviceExtension->mtxLocalCon);
1280	fMutexAcquired = FALSE;
1281	}
1282	}
1283	}
1284	else
1285	{
1286	Log(("VBOXSF: vbsfCreateConnection: bad format\n"));
1287	Status = STATUS_BAD_NETWORK_NAME;
1288	}
1289	}
1290	else
1291	{
1292	Log(("VBOXSF: vbsfCreateConnection: connection was not found\n"));
1293	Status = STATUS_BAD_NETWORK_NAME;
1294	}
1295	}
1296	__except(EXCEPTION_EXECUTE_HANDLER)
1297	{
1298	Status = STATUS_INVALID_PARAMETER;
1299	}
1300
1301	if (fMutexAcquired)
1302	{
1303	ExReleaseFastMutex(&pDeviceExtension->mtxLocalCon);
1304	fMutexAcquired = FALSE;
1305	}
1306
1307	return Status;
1308	}
1309
1310	NTSTATUS vbsfDeleteConnection(IN PRX_CONTEXT RxContext, OUT PBOOLEAN PostToFsp)
1311	{
1312	NTSTATUS Status;
1313	UNICODE_STRING FileName;
1314	HANDLE Handle;
1315	PLOWIO_CONTEXT LowIoContext;
1316	PWCHAR pwcConnectName;
1317	ULONG cbConnectName;
1318	PMRX_VBOX_DEVICE_EXTENSION pDeviceExtension;
1319
1320	BOOLEAN fMutexAcquired = FALSE;
1321
1322	Log(("VBOXSF: vbsfDeleteConnection\n"));
1323
1324	if (!BooleanFlagOn(RxContext->Flags, RX_CONTEXT_FLAG_WAIT))
1325	{
1326	Log(("VBOXSF: vbsfDeleteConnection: post to file system process\n"));
1327	*PostToFsp = TRUE;
1328	return STATUS_PENDING;
1329	}
1330
1331	LowIoContext = &RxContext->LowIoContext;
1332	pwcConnectName = (PWCHAR)LowIoContext->ParamsFor.IoCtl.pInputBuffer;
1333	cbConnectName = LowIoContext->ParamsFor.IoCtl.InputBufferLength;
1334
1335	pDeviceExtension = VBoxMRxGetDeviceExtension(RxContext);
1336	if (!pDeviceExtension)
1337	return STATUS_INVALID_PARAMETER;
1338
1339	__try
1340	{
1341	Log(("VBOXSF: vbsfDeleteConnection: pwcConnectName = %.*ls\n",
1342	cbConnectName / sizeof(WCHAR), pwcConnectName));
1343
1344	FileName.Buffer = pwcConnectName;
1345	FileName.Length = (USHORT)cbConnectName;
1346	FileName.MaximumLength = (USHORT)cbConnectName;
1347
1348	Handle = vbsfOpenConnectionHandle(&FileName, &Status);
1349	if (Handle != INVALID_HANDLE_VALUE)
1350	{
1351	PFILE_OBJECT pFileObject;
1352	Status = ObReferenceObjectByHandle(Handle, 0L, NULL, KernelMode, (PVOID *)&pFileObject, NULL);
1353
1354	Log(("VBOXSF: vbsfDeleteConnection: ObReferenceObjectByHandle Status 0x%08X\n",
1355	Status));
1356
1357	if (NT_SUCCESS(Status))
1358	{
1359	PFOBX Fobx = (PFOBX)pFileObject->FsContext2;
1360	Log(("VBOXSF: vbsfDeleteConnection: Fobx %p\n", Fobx));
1361
1362	if (Fobx && NodeType(Fobx) == RDBSS_NTC_V_NETROOT)
1363	{
1364	PV_NET_ROOT VNetRoot = (PV_NET_ROOT)Fobx;
1365
1366	Status = RxFinalizeConnection(VNetRoot->NetRoot, VNetRoot, TRUE);
1367	}
1368	else
1369	{
1370	Log(("VBOXSF: vbsfDeleteConnection: wrong FsContext2\n"));
1371	Status = STATUS_INVALID_DEVICE_REQUEST;
1372	}
1373
1374	ObDereferenceObject(pFileObject);
1375	}
1376
1377	ZwClose(Handle);
1378
1379	if (NT_SUCCESS(Status))
1380	{
1381	PWCHAR pwc;
1382	ULONG i;
1383
1384	/* Skip the "\Device\VBoxMiniRdr\;X:" of the string "\Device\VBoxMiniRdr\;X:\vboxsrv\sf" */
1385	pwc = pwcConnectName;
1386	for (i = 0; i < cbConnectName; i += sizeof(WCHAR))
1387	{
1388	if (*pwc == L':')
1389	{
1390	break;
1391	}
1392	pwc++;
1393	}
1394
1395	if (i >= sizeof(WCHAR) && i < cbConnectName)
1396	{
1397	pwc--;
1398
1399	if (pwc >= L'A' && pwc <= L'Z')
1400	{
1401	uint32_t idx = *pwc - L'A';
1402
1403	if (idx >= RTL_NUMBER_OF(pDeviceExtension->cLocalConnections))
1404	{
1405	Log(("VBOXSF: vbsfDeleteConnection: Index 0x%x is invalid!\n",
1406	idx));
1407	Status = STATUS_BAD_NETWORK_NAME;
1408	}
1409	else
1410	{
1411	ExAcquireFastMutex(&pDeviceExtension->mtxLocalCon);
1412	fMutexAcquired = TRUE;
1413
1414	pDeviceExtension->cLocalConnections[idx] = FALSE;
1415
1416	/* Free saved name */
1417	if (pDeviceExtension->wszLocalConnectionName[idx])
1418	{
1419	vbsfFreeNonPagedMem(pDeviceExtension->wszLocalConnectionName[idx]);
1420	pDeviceExtension->wszLocalConnectionName[idx] = NULL;
1421	}
1422
1423	ExReleaseFastMutex(&pDeviceExtension->mtxLocalCon);
1424	fMutexAcquired = FALSE;
1425
1426	Log(("VBOXSF: vbsfDeleteConnection: deleted index 0x%x\n",
1427	idx));
1428	}
1429	}
1430	}
1431	else
1432	{
1433	Log(("VBOXSF: vbsfCreateConnection: bad format\n"));
1434	Status = STATUS_BAD_NETWORK_NAME;
1435	}
1436	}
1437	}
1438	}
1439	__except(EXCEPTION_EXECUTE_HANDLER)
1440	{
1441	Status = STATUS_INVALID_PARAMETER;
1442	}
1443
1444	if (fMutexAcquired)
1445	{
1446	ExReleaseFastMutex(&pDeviceExtension->mtxLocalCon);
1447	fMutexAcquired = FALSE;
1448	}
1449
1450	Log(("VBOXSF: vbsfDeleteConnection: Status 0x%08X\n", Status));
1451	return Status;
1452	}
1453
1454	NTSTATUS VBoxMRxQueryEaInfo(IN OUT PRX_CONTEXT RxContext)
1455	{
1456	RT_NOREF(RxContext);
1457	Log(("VBOXSF: MRxQueryEaInfo: Ea buffer len remaining is %d\n", RxContext->Info.LengthRemaining));
1458	return STATUS_SUCCESS;
1459	}
1460
1461	NTSTATUS VBoxMRxSetEaInfo(IN OUT PRX_CONTEXT RxContext)
1462	{
1463	RT_NOREF(RxContext);
1464	Log(("VBOXSF: MRxSetEaInfo\n"));
1465	return STATUS_NOT_IMPLEMENTED;
1466	}
1467
1468	NTSTATUS VBoxMRxFsCtl(IN OUT PRX_CONTEXT RxContext)
1469	{
1470	RT_NOREF(RxContext);
1471	Log(("VBOXSF: MRxFsCtl\n"));
1472	return STATUS_INVALID_DEVICE_REQUEST;
1473	}
1474
1475	NTSTATUS VBoxMRxNotifyChangeDirectory(IN OUT PRX_CONTEXT RxContext)
1476	{
1477	RT_NOREF(RxContext);
1478	Log(("VBOXSF: MRxNotifyChangeDirectory\n"));
1479	return STATUS_NOT_IMPLEMENTED;
1480	}
1481
1482	NTSTATUS VBoxMRxQuerySdInfo(IN OUT PRX_CONTEXT RxContext)
1483	{
1484	RT_NOREF(RxContext);
1485	Log(("VBOXSF: MRxQuerySdInfo\n"));
1486	return STATUS_NOT_IMPLEMENTED;
1487	}
1488
1489	NTSTATUS VBoxMRxSetSdInfo(IN OUT struct _RX_CONTEXT * RxContext)
1490	{
1491	RT_NOREF(RxContext);
1492	Log(("VBOXSF: MRxSetSdInfo\n"));
1493	return STATUS_NOT_IMPLEMENTED;
1494	}
1495
1496	/*
1497	* WML stubs which are referenced by rdbsslib.
1498	*/
1499	NTSTATUS WmlTinySystemControl(IN OUT PVOID pWmiLibInfo, IN PVOID pDevObj, IN PVOID pIrp)
1500	{
1501	RT_NOREF(pWmiLibInfo, pDevObj, pIrp);
1502	return STATUS_WMI_GUID_NOT_FOUND;
1503	}
1504
1505	ULONG WmlTrace(IN ULONG ulType, IN PVOID pTraceUuid, IN ULONG64 ullLogger, ...)
1506	{
1507	RT_NOREF(ulType, pTraceUuid, ullLogger);
1508	return STATUS_SUCCESS;
1509	}
1510

Note: See TracBrowser for help on using the repository browser.

source: vbox/trunk/src/VBox/Additions/WINNT/SharedFolders/driver/vbsf.c@ 63087

Download in other formats: