#include <ntoskrnl.h>#include <debug.h>
Include dependency graph for connect.c:
Go to the source code of this file.
Macros | |
| #define | NDEBUG |
Functions | |
| PVOID NTAPI | LpcpFreeConMsg (IN OUT PLPCP_MESSAGE *Message, IN OUT PLPCP_CONNECTION_MESSAGE *ConnectMessage, IN PETHREAD CurrentThread) |
| NTSTATUS NTAPI | NtSecureConnectPort (OUT PHANDLE PortHandle, IN PUNICODE_STRING PortName, IN PSECURITY_QUALITY_OF_SERVICE SecurityQos, IN OUT PPORT_VIEW ClientView OPTIONAL, IN PSID ServerSid OPTIONAL, IN OUT PREMOTE_PORT_VIEW ServerView OPTIONAL, OUT PULONG MaxMessageLength OPTIONAL, IN OUT PVOID ConnectionInformation OPTIONAL, IN OUT PULONG ConnectionInformationLength OPTIONAL) |
| NTSTATUS NTAPI | NtConnectPort (OUT PHANDLE PortHandle, IN PUNICODE_STRING PortName, IN PSECURITY_QUALITY_OF_SERVICE SecurityQos, IN OUT PPORT_VIEW ClientView OPTIONAL, IN OUT PREMOTE_PORT_VIEW ServerView OPTIONAL, OUT PULONG MaxMessageLength OPTIONAL, IN OUT PVOID ConnectionInformation OPTIONAL, IN OUT PULONG ConnectionInformationLength OPTIONAL) |
Macro Definition Documentation
◆ NDEBUG
Function Documentation
◆ LpcpFreeConMsg()
| PVOID NTAPI LpcpFreeConMsg | ( | IN OUT PLPCP_MESSAGE * | Message, |
| IN OUT PLPCP_CONNECTION_MESSAGE * | ConnectMessage, | ||
| IN PETHREAD | CurrentThread | ||
| ) |
Definition at line 19 of file connect.c.
22{
23 PVOID SectionToMap;
25
26 /* Acquire the LPC lock */
28
29 /* Check if the reply chain is not empty */
31 {
32 /* Remove this entry and re-initialize it */
33 RemoveEntryList(&CurrentThread->LpcReplyChain);
34 InitializeListHead(&CurrentThread->LpcReplyChain);
35 }
36
37 /* Check if there's a reply message */
40 {
41 /* Get the message */
43
44 /* Check if it's got messages */
46 {
47 /* Clear the list */
50 }
51
52 /* Clear message data */
53 CurrentThread->LpcReceivedMessageId = 0;
54 CurrentThread->LpcReplyMessage = NULL;
55
56 /* Get the connection message and clear the section */
58 SectionToMap = (*ConnectMessage)->SectionToMap;
59 (*ConnectMessage)->SectionToMap = NULL;
60 }
61 else
62 {
63 /* No message to return */
65 SectionToMap = NULL;
66 }
67
68 /* Release the lock and return the section */
70 return SectionToMap;
71}
VOID FASTCALL KeReleaseGuardedMutex(IN OUT PKGUARDED_MUTEX GuardedMutex)
Definition: gmutex.c:53
VOID FASTCALL KeAcquireGuardedMutex(IN PKGUARDED_MUTEX GuardedMutex)
Definition: gmutex.c:42
Definition: nsiface.idl:2307
FORCEINLINE PLPCP_MESSAGE LpcpGetMessageFromThread(IN PETHREAD Thread)
Definition: lpc_x.h:129
struct _LPCP_CONNECTION_MESSAGE * PLPCP_CONNECTION_MESSAGE
Definition: lpctypes.h:238
BOOL WINAPI ReplyMessage(_In_ LRESULT)
Referenced by NtSecureConnectPort().
◆ NtConnectPort()
| NTSTATUS NTAPI NtConnectPort | ( | OUT PHANDLE | PortHandle, |
| IN PUNICODE_STRING | PortName, | ||
| IN PSECURITY_QUALITY_OF_SERVICE | SecurityQos, | ||
| IN OUT PPORT_VIEW ClientView | OPTIONAL, | ||
| IN OUT PREMOTE_PORT_VIEW ServerView | OPTIONAL, | ||
| OUT PULONG MaxMessageLength | OPTIONAL, | ||
| IN OUT PVOID ConnectionInformation | OPTIONAL, | ||
| IN OUT PULONG ConnectionInformationLength | OPTIONAL | ||
| ) |
Definition at line 753 of file connect.c.
761{
762 /* Call the newer API */
764 PortName,
765 SecurityQos,
766 ClientView,
767 NULL,
768 ServerView,
769 MaxMessageLength,
770 ConnectionInformation,
771 ConnectionInformationLength);
772}
NTSTATUS NTAPI NtSecureConnectPort(OUT PHANDLE PortHandle, IN PUNICODE_STRING PortName, IN PSECURITY_QUALITY_OF_SERVICE SecurityQos, IN OUT PPORT_VIEW ClientView OPTIONAL, IN PSID ServerSid OPTIONAL, IN OUT PREMOTE_PORT_VIEW ServerView OPTIONAL, OUT PULONG MaxMessageLength OPTIONAL, IN OUT PVOID ConnectionInformation OPTIONAL, IN OUT PULONG ConnectionInformationLength OPTIONAL)
Definition: connect.c:80
Referenced by ClientThread(), LsaConnectUntrusted(), LsapOpenLsaPort(), LsapRmInitializeServer(), main(), SmConnectToSm(), and SmpHandleConnectionRequest().
◆ NtSecureConnectPort()
| NTSTATUS NTAPI NtSecureConnectPort | ( | OUT PHANDLE | PortHandle, |
| IN PUNICODE_STRING | PortName, | ||
| IN PSECURITY_QUALITY_OF_SERVICE | SecurityQos, | ||
| IN OUT PPORT_VIEW ClientView | OPTIONAL, | ||
| IN PSID ServerSid | OPTIONAL, | ||
| IN OUT PREMOTE_PORT_VIEW ServerView | OPTIONAL, | ||
| OUT PULONG MaxMessageLength | OPTIONAL, | ||
| IN OUT PVOID ConnectionInformation | OPTIONAL, | ||
| IN OUT PULONG ConnectionInformationLength | OPTIONAL | ||
| ) |
Definition at line 80 of file connect.c.
89{
93 SECURITY_QUALITY_OF_SERVICE CapturedQos;
94 PORT_VIEW CapturedClientView;
95 PSID CapturedServerSid;
96 ULONG ConnectionInfoLength = 0;
99 PLPCP_CONNECTION_MESSAGE ConnectMessage;
100 ULONG PortMessageLength;
102 PVOID SectionToMap;
105 PTOKEN_USER TokenUserInfo;
106
107 PAGED_CODE();
109 "Name: %wZ. SecurityQos: %p. Views: %p/%p. Sid: %p\n",
110 PortName,
111 SecurityQos,
112 ClientView,
113 ServerView,
114 ServerSid);
115
116 /* Check if the call comes from user mode */
118 {
119 /* Enter SEH for probing the parameters */
120 _SEH2_TRY
121 {
122 /* Probe the PortHandle */
123 ProbeForWriteHandle(PortHandle);
124
125 /* Probe and capture the QoS */
128 /* NOTE: Do not care about CapturedQos.Length */
129
130 /* The following parameters are optional */
131
132 /* Capture the client view */
133 if (ClientView)
134 {
137
138 /* Validate the size of the client view */
140 {
141 /* Invalid size */
143 }
144
145 }
146
147 /* Capture the server view */
148 if (ServerView)
149 {
151
152 /* Validate the size of the server view */
154 {
155 /* Invalid size */
157 }
158 }
159
160 if (MaxMessageLength)
161 ProbeForWriteUlong(MaxMessageLength);
162
163 /* Capture connection information length */
164 if (ConnectionInformationLength)
165 {
166 ProbeForWriteUlong(ConnectionInformationLength);
168 }
169
170 /* Probe the ConnectionInformation */
171 if (ConnectionInformation)
173
174 CapturedServerSid = ServerSid;
176 {
177 /* Capture it */
179 PreviousMode,
180 PagedPool,
181 TRUE,
182 &CapturedServerSid);
184 {
187 }
188 }
189 }
191 {
192 /* There was an exception, return the exception code */
194 }
195 _SEH2_END;
196 }
197 else
198 {
199 CapturedQos = *SecurityQos;
200 /* NOTE: Do not care about CapturedQos.Length */
201
202 /* The following parameters are optional */
203
204 /* Capture the client view */
205 if (ClientView)
206 {
207 /* Validate the size of the client view */
208 if (ClientView->Length != sizeof(*ClientView))
209 {
210 /* Invalid size */
212 }
213 CapturedClientView = *ClientView;
214 }
215
216 /* Capture the server view */
217 if (ServerView)
218 {
219 /* Validate the size of the server view */
221 {
222 /* Invalid size */
224 }
225 }
226
227 /* Capture connection information length */
228 if (ConnectionInformationLength)
229 ConnectionInfoLength = *ConnectionInformationLength;
230
231 CapturedServerSid = ServerSid;
232 }
233
234 /* Get the port */
236 0,
237 NULL,
238 PORT_CONNECT,
239 LpcPortObjectType,
240 PreviousMode,
241 NULL,
244 {
246
247 if (CapturedServerSid != ServerSid)
249
251 }
252
253 /* This has to be a connection port */
255 {
257
258 /* It isn't, so fail */
260
261 if (CapturedServerSid != ServerSid)
263
265 }
266
267 /* Check if we have a (captured) SID */
268 if (ServerSid)
269 {
270 /* Make sure that we have a server */
272 {
273 /* Get its token and query user information */
277
278 /* Check for success */
280 {
281 /* Compare the SIDs */
283 {
284 /* Fail */
287 }
288
289 /* Free token information */
291 }
292 }
293 else
294 {
295 /* Invalid SID */
298 }
299
300 /* Finally release the captured SID, we don't need it anymore */
301 if (CapturedServerSid != ServerSid)
303
304 /* Check if SID failed */
306 {
307 /* Quit */
310 }
311 }
312
313 /* Create the client port */
315 LpcPortObjectType,
316 NULL,
317 PreviousMode,
318 NULL,
320 0,
321 0,
324 {
325 /* Failed, dereference the server port and return */
329 }
330
331 /*
332 * Setup the client port -- From now on, dereferencing the client port
333 * will automatically dereference the connection port too.
334 */
339 ClientPort->SecurityQos = CapturedQos;
342
343 /* Check if we have dynamic security */
345 {
346 /* Remember that */
348 }
349 else
350 {
351 /* Create our own client security */
353 &CapturedQos,
354 FALSE,
355 &ClientPort->StaticSecurity);
357 {
358 /* Security failed, dereference and return */
362 }
363 }
364
365 /* Initialize the port queue */
368 {
369 /* Failed */
373 }
374
375 /* Check if we have a client view */
376 if (ClientView)
377 {
378 /* Get the section handle */
380 SECTION_MAP_READ |
381 SECTION_MAP_WRITE,
382 MmSectionObjectType,
383 PreviousMode,
384 (PVOID*)&SectionToMap,
385 NULL);
387 {
388 /* Fail */
392 }
393
394 /* Set the section offset */
396
397 /* Map it */
399 PsGetCurrentProcess(),
400 &ClientPort->ClientSectionBase,
401 0,
402 0,
403 &SectionOffset,
404 &CapturedClientView.ViewSize,
405 ViewUnmap,
406 0,
407 PAGE_READWRITE);
408
409 /* Update the offset */
411
412 /* Check for failure */
414 {
415 /* Fail */
417 ObDereferenceObject(SectionToMap);
420 }
421
422 /* Update the base */
424
425 /* Reference and remember the process */
428 }
429 else
430 {
431 /* No section */
432 SectionToMap = NULL;
433 }
434
435 /* Normalize connection information */
437 {
438 /* Use the port's maximum allowed value */
439 ConnectionInfoLength = Port->MaxConnectionInfoLength;
440 }
441
442 /* Allocate a message from the port zone */
445 {
446 /* Fail if we couldn't allocate a message */
451 }
452
453 /* Set pointer to the connection message and fill in the CID */
456
457 /* Check if we have a client view */
458 if (ClientView)
459 {
460 /* Set the view size */
462
463 /* Copy the client view and clear the server view */
465 &CapturedClientView,
466 sizeof(CapturedClientView));
468 }
469 else
470 {
471 /* Set the size to 0 and clear the connect message */
472 Message->Request.ClientViewSize = 0;
474 }
475
476 /* Set the section and client port. Port is NULL for now */
478 ConnectMessage->SectionToMap = SectionToMap;
479
480 /* Set the data for the connection request message */
484 Message->Request.u1.s1.DataLength;
486
487 /* Check if we have connection information */
488 if (ConnectionInformation)
489 {
490 _SEH2_TRY
491 {
492 /* Copy it in */
493 RtlCopyMemory(ConnectMessage + 1,
494 ConnectionInformation,
495 ConnectionInfoLength);
496 }
498 {
500 _SEH2_GetExceptionCode());
501
502 /* Cleanup and return the exception code */
503
504 /* Free the message we have */
506
507 /* Dereference other objects */
510
511 /* Return status */
513 }
514 _SEH2_END;
515 }
516
517 /* Reset the status code */
519
520 /* Acquire the port lock */
522
523 /* Check if someone already deleted the port name */
525 {
526 /* Fail the request */
528 }
529 else
530 {
531 /* Associate no thread yet */
533
534 /* Generate the Message ID and set it */
538
539 /* Insert the message into the queue and thread chain */
543
544 /* Now we can finally reference the client port and link it */
547
548 /* Enter a critical region */
549 KeEnterCriticalRegion();
550 }
551
552 /* Add another reference to the port */
554
555 /* Release the lock */
557
558 /* Check for success */
560 {
562 "Messages: %p/%p. Ports: %p/%p. Status: %lx\n",
563 Message,
564 ConnectMessage,
565 Port,
566 ClientPort,
567 Status);
568
569 /* If this is a waitable port, set the event */
572
573 /* Release the queue semaphore and leave the critical region */
575 KeLeaveCriticalRegion();
576
577 /* Now wait for a reply and set 'Status' */
579 }
580
581 /* Now, always free the connection message */
583
584 /* Check for failure */
586 {
587 /* Check if the semaphore got signaled in the meantime */
589 {
590 /* Wait on it */
592 WrExecutive,
593 KernelMode,
594 FALSE,
595 NULL);
596 }
597
598 goto Failure;
599 }
600
601 /* Check if we got a message back */
603 {
604 /* Check for new return length */
607 {
608 /* Set new normalized connection length */
609 ConnectionInfoLength = Message->Request.u1.s1.DataLength -
611 }
612
613 /* Check if the caller had connection information */
614 if (ConnectionInformation)
615 {
616 _SEH2_TRY
617 {
618 /* Return the connection information length if needed */
619 if (ConnectionInformationLength)
620 *ConnectionInformationLength = ConnectionInfoLength;
621
622 /* Return the connection information */
623 RtlCopyMemory(ConnectionInformation,
624 ConnectMessage + 1,
625 ConnectionInfoLength);
626 }
628 {
629 /* Cleanup and return the exception code */
632 }
633 _SEH2_END;
634 }
635
636 /* Make sure we had a connected port */
638 {
639 /* Get the message length before the port might get killed */
640 PortMessageLength = Port->MaxMessageLength;
641
642 /* Insert the client port */
644 NULL,
645 PORT_ALL_ACCESS,
646 0,
647 NULL,
648 &Handle);
650 {
652 "Handle: %p. Length: %lx\n",
653 Handle,
654 PortMessageLength);
655
656 _SEH2_TRY
657 {
658 /* Return the handle */
659 *PortHandle = Handle;
660
661 /* Check if maximum length was requested */
662 if (MaxMessageLength)
663 *MaxMessageLength = PortMessageLength;
664
665 /* Check if we had a client view */
666 if (ClientView)
667 {
668 /* Copy it back */
669 RtlCopyMemory(ClientView,
670 &ConnectMessage->ClientView,
671 sizeof(*ClientView));
672 }
673
674 /* Check if we had a server view */
675 if (ServerView)
676 {
677 /* Copy it back */
678 RtlCopyMemory(ServerView,
679 &ConnectMessage->ServerView,
680 sizeof(*ServerView));
681 }
682 }
684 {
685 /* An exception happened, close the opened handle */
688 }
689 _SEH2_END;
690 }
691 }
692 else
693 {
694 /* No connection port, we failed */
696
697 /* Acquire the lock */
699
700 /* Check if it's because the name got deleted */
703 {
704 /* Set the correct status */
706 }
707 else
708 {
709 /* Otherwise, the caller refused us */
711 }
712
713 /* Release the lock */
715
716 /* Kill the port */
718 }
719
720 /* Free the message */
722 }
723 else
724 {
725 /* No reply message, fail */
727 goto Failure;
728 }
729
731
732 /* Return status */
734
735Failure:
736 /* Check if we had a message and free it */
738
739 /* Dereference other objects */
743
744 /* Return status */
746}
Definition: tokenizer.hpp:28
#define KeWaitForSingleObject(pEvt, foo, a, b, c)
Definition: env_spec_w32.h:478
VOID NTAPI ProbeForRead(IN CONST VOID *Address, IN SIZE_T Length, IN ULONG Alignment)
Definition: exintrin.c:102
VOID NTAPI ProbeForWrite(IN PVOID Address, IN SIZE_T Length, IN ULONG Alignment)
Definition: exintrin.c:143
VOID NTAPI LpcpFreeToPortZone(IN PLPCP_MESSAGE Message, IN ULONG LockFlags)
Definition: close.c:52
NTSTATUS NTAPI LpcpInitializePortQueue(IN PLPCP_PORT_OBJECT Port)
Definition: create.c:19
static __inline PLPCP_MESSAGE LpcpAllocateFromPortZone(VOID)
Definition: lpc_x.h:100
struct _LPCP_MESSAGE LPCP_MESSAGE
struct _LPCP_CONNECTION_MESSAGE LPCP_CONNECTION_MESSAGE
NTKERNELAPI NTSTATUS NTAPI SeCreateClientSecurity(IN PETHREAD Thread, IN PSECURITY_QUALITY_OF_SERVICE QualityOfService, IN BOOLEAN RemoteClient, OUT PSECURITY_CLIENT_CONTEXT ClientContext)
_In_ HANDLE _Outptr_result_bytebuffer_ ViewSize PVOID _In_ ULONG_PTR _In_ SIZE_T _Inout_opt_ PLARGE_INTEGER SectionOffset
Definition: mmfuncs.h:407
NTSYSAPI BOOLEAN NTAPI RtlEqualSid(_In_ PSID Sid1, _In_ PSID Sid2)
VOID NTAPI SepReleaseSid(_In_ PSID CapturedSid, _In_ KPROCESSOR_MODE AccessMode, _In_ BOOLEAN CaptureIfKernel)
Releases a captured SID.
Definition: sid.c:400
NTSTATUS NTAPI SepCaptureSid(_In_ PSID InputSid, _In_ KPROCESSOR_MODE AccessMode, _In_ POOL_TYPE PoolType, _In_ BOOLEAN CaptureIfKernel, _Out_ PSID *CapturedSid)
Captures a SID.
Definition: sid.c:314
PVOID NTAPI LpcpFreeConMsg(IN OUT PLPCP_MESSAGE *Message, IN OUT PLPCP_CONNECTION_MESSAGE *ConnectMessage, IN PETHREAD CurrentThread)
Definition: connect.c:19
PACCESS_TOKEN NTAPI PsReferencePrimaryToken(PEPROCESS Process)
Definition: security.c:440
NTSTATUS NTAPI ObCloseHandle(IN HANDLE Handle, IN KPROCESSOR_MODE AccessMode)
Definition: obhandle.c:3379
NTSTATUS NTAPI ObInsertObject(IN PVOID Object, IN PACCESS_STATE AccessState OPTIONAL, IN ACCESS_MASK DesiredAccess, IN ULONG ObjectPointerBias, OUT PVOID *NewObject OPTIONAL, OUT PHANDLE Handle)
Definition: obhandle.c:2935
NTSTATUS NTAPI ObCreateObject(IN KPROCESSOR_MODE ProbeMode OPTIONAL, IN POBJECT_TYPE Type, IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, IN KPROCESSOR_MODE AccessMode, IN OUT PVOID ParseContext OPTIONAL, IN ULONG ObjectSize, IN ULONG PagedPoolCharge OPTIONAL, IN ULONG NonPagedPoolCharge OPTIONAL, OUT PVOID *Object)
Definition: oblife.c:1024
NTSTATUS NTAPI ObReferenceObjectByName(IN PUNICODE_STRING ObjectPath, IN ULONG Attributes, IN PACCESS_STATE PassedAccessState, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, IN OUT PVOID ParseContext, OUT PVOID *ObjectPtr)
Definition: obref.c:409
NTSTATUS NTAPI ObReferenceObjectByHandle(IN HANDLE Handle, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, OUT PVOID *Object, OUT POBJECT_HANDLE_INFORMATION HandleInformation OPTIONAL)
Definition: obref.c:494
NTSTATUS NTAPI MmMapViewOfSection(IN PVOID SectionObject, IN PEPROCESS Process, IN OUT PVOID *BaseAddress, IN ULONG_PTR ZeroBits, IN SIZE_T CommitSize, IN OUT PLARGE_INTEGER SectionOffset OPTIONAL, IN OUT PSIZE_T ViewSize, IN SECTION_INHERIT InheritDisposition, IN ULONG AllocationType, IN ULONG Protect)
Definition: section.c:3918
LONG NTAPI KeReadStateSemaphore(IN PKSEMAPHORE Semaphore)
Definition: semphobj.c:41
Definition: pstypes.h:1102
Definition: lpctypes.h:255
Definition: lpctypes.h:210
Definition: ntifs.template.h:1627
Definition: ntifs.template.h:1637
Definition: lsa.idl:63
SECURITY_CONTEXT_TRACKING_MODE ContextTrackingMode
Definition: lsa.idl:66
Definition: ms-dtyp.idl:198
Definition: setypes.h:1005
Definition: setypes.h:216
NTSTATUS NTAPI SeQueryInformationToken(_In_ PACCESS_TOKEN AccessToken, _In_ TOKEN_INFORMATION_CLASS TokenInformationClass, _Outptr_result_buffer_(_Inexpressible_(token-dependent)) PVOID *TokenInformation)
Queries information details about the given token to the call. The difference between NtQueryInformat...
Definition: tokencls.c:95
Definition: typedefs.h:103
Referenced by CsrpConnectToServer(), and NtConnectPort().
