port.c File Reference

#include <ntoskrnl.h>
#include <debug.h>

Include dependency graph for port.c:

Go to the source code of this file.

Macros
#define	NDEBUG

Functions
BOOLEAN NTAPI	LpcInitSystem (VOID)
BOOLEAN NTAPI	LpcpValidateClientPort (PETHREAD ClientThread, PLPCP_PORT_OBJECT Port)
NTSTATUS NTAPI	NtImpersonateClientOfPort (IN HANDLE PortHandle, IN PPORT_MESSAGE ClientMessage)
NTSTATUS NTAPI	NtQueryPortInformationProcess (VOID)
NTSTATUS NTAPI	NtQueryInformationPort (IN HANDLE PortHandle, IN PORT_INFORMATION_CLASS PortInformationClass, OUT PVOID PortInformation, IN ULONG PortInformationLength, OUT PULONG ReturnLength)

Variables
POBJECT_TYPE	LpcPortObjectType
POBJECT_TYPE	LpcWaitablePortObjectType
ULONG	LpcpMaxMessageSize
PAGED_LOOKASIDE_LIST	LpcpMessagesLookaside
KGUARDED_MUTEX	LpcpLock
ULONG	LpcpTraceLevel = 0
ULONG	LpcpNextMessageId = 1
ULONG	LpcpNextCallbackId = 1
static GENERIC_MAPPING	LpcpPortMapping

Macro Definition Documentation

NDEBUG

#define NDEBUG

Definition at line 12 of file port.c.

Function Documentation

LpcInitSystem()

BOOLEAN NTAPI LpcInitSystem

(

VOID

)

Definition at line 37 of file port.c.

{
    OBJECT_TYPE_INITIALIZER ObjectTypeInitializer;
    UNICODE_STRING Name;
 
    /* Setup the LPC Lock */
    KeInitializeGuardedMutex(&LpcpLock);
 
    /* Create the Port Object Type */
    RtlZeroMemory(&ObjectTypeInitializer, sizeof(ObjectTypeInitializer));
    RtlInitUnicodeString(&Name, L"Port");
    ObjectTypeInitializer.Length = sizeof(ObjectTypeInitializer);
    ObjectTypeInitializer.DefaultNonPagedPoolCharge = sizeof(LPCP_NONPAGED_PORT_QUEUE);
    ObjectTypeInitializer.DefaultPagedPoolCharge = FIELD_OFFSET(LPCP_PORT_OBJECT, WaitEvent);
    ObjectTypeInitializer.GenericMapping = LpcpPortMapping;
    ObjectTypeInitializer.PoolType = PagedPool;
    ObjectTypeInitializer.UseDefaultObject = TRUE;
    ObjectTypeInitializer.CloseProcedure = LpcpClosePort;
    ObjectTypeInitializer.DeleteProcedure = LpcpDeletePort;
    ObjectTypeInitializer.ValidAccessMask = PORT_ALL_ACCESS;
    ObjectTypeInitializer.InvalidAttributes = OBJ_VALID_ATTRIBUTES & ~OBJ_CASE_INSENSITIVE;
    ObCreateObjectType(&Name,
                       &ObjectTypeInitializer,
                       NULL,
                       &LpcPortObjectType);
 
    /* Create the Waitable Port Object Type */
    RtlInitUnicodeString(&Name, L"WaitablePort");
    ObjectTypeInitializer.PoolType = NonPagedPool;
    ObjectTypeInitializer.DefaultNonPagedPoolCharge += sizeof(LPCP_PORT_OBJECT);
    ObjectTypeInitializer.DefaultPagedPoolCharge = 0;
    ObjectTypeInitializer.UseDefaultObject = FALSE;
    ObCreateObjectType(&Name,
                       &ObjectTypeInitializer,
                       NULL,
                       &LpcWaitablePortObjectType);
 
    /* Allocate the LPC lookaside list */
    LpcpMaxMessageSize = LPCP_MAX_MESSAGE_SIZE;
    ExInitializePagedLookasideList(&LpcpMessagesLookaside,
                                   NULL,
                                   NULL,
                                   0,
                                   LpcpMaxMessageSize,
                                   'McpL',
                                   32);
 
    /* We're done */
    return TRUE;
}

Referenced by Phase1InitializationDiscard().

LpcpValidateClientPort()

BOOLEAN NTAPI LpcpValidateClientPort	(	PETHREAD	ClientThread,
		PLPCP_PORT_OBJECT	Port
	)

Definition at line 90 of file port.c.

{
    PLPCP_PORT_OBJECT ThreadPort;
 
    /* Get the thread's port */
    ThreadPort = LpcpGetPortFromThread(ClientThread);
    if (ThreadPort == NULL)
    {
        return FALSE;
    }
 
    /* Check if the port matches directly */
    if ((Port == ThreadPort) ||
        (Port == ThreadPort->ConnectionPort) ||
        (Port == ThreadPort->ConnectedPort))
    {
        return TRUE;
    }
 
    /* Check if this is a communication port and the connection port matches */
    if (((Port->Flags & LPCP_PORT_TYPE_MASK) == LPCP_COMMUNICATION_PORT) &&
        (Port->ConnectionPort == ThreadPort))
    {
        return TRUE;
    }
 
    return FALSE;
}

Referenced by LpcpCopyRequestData(), and NtImpersonateClientOfPort().

NtImpersonateClientOfPort()

NTSTATUS NTAPI NtImpersonateClientOfPort	(	IN HANDLE	PortHandle,
		IN PPORT_MESSAGE	ClientMessage
	)

Definition at line 126 of file port.c.

{
    NTSTATUS Status;
    KPROCESSOR_MODE PreviousMode = KeGetPreviousMode();
    CLIENT_ID ClientId;
    ULONG MessageId;
    PLPCP_PORT_OBJECT Port = NULL, ConnectedPort = NULL;
    PETHREAD ClientThread = NULL;
    SECURITY_CLIENT_CONTEXT ClientContext;
 
    PAGED_CODE();
 
    /* Check if the call comes from user mode */
    if (PreviousMode != KernelMode)
    {
        _SEH2_TRY
        {
            ProbeForRead(ClientMessage, sizeof(*ClientMessage), sizeof(PVOID));
            ClientId  = ((volatile PORT_MESSAGE*)ClientMessage)->ClientId;
            MessageId = ((volatile PORT_MESSAGE*)ClientMessage)->MessageId;
        }
        _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
        {
            _SEH2_YIELD(return _SEH2_GetExceptionCode());
        }
        _SEH2_END;
    }
    else
    {
        ClientId  = ClientMessage->ClientId;
        MessageId = ClientMessage->MessageId;
    }
 
    /* Reference the port handle */
    Status = ObReferenceObjectByHandle(PortHandle,
                                       PORT_ALL_ACCESS,
                                       LpcPortObjectType,
                                       PreviousMode,
                                       (PVOID*)&Port,
                                       NULL);
    if (!NT_SUCCESS(Status))
    {
        DPRINT1("Failed to reference port handle: 0x%ls\n", Status);
        return Status;
    }
 
    /* Make sure this is a connection port */
    if ((Port->Flags & LPCP_PORT_TYPE_MASK) != LPCP_COMMUNICATION_PORT)
    {
        /* It isn't, fail */
        DPRINT1("Port is not a communication port\n");
        Status = STATUS_INVALID_PORT_HANDLE;
        goto Cleanup;
    }
 
    /* Look up the client thread */
    Status = PsLookupProcessThreadByCid(&ClientId, NULL, &ClientThread);
    if (!NT_SUCCESS(Status))
    {
        DPRINT1("Failed to lookup client thread: 0x%ls\n", Status);
        goto Cleanup;
    }
 
    /* Acquire the lock */
    KeAcquireGuardedMutex(&LpcpLock);
 
    /* Get the connected port and try to reference it */
    ConnectedPort = Port->ConnectedPort;
    if ((ConnectedPort == NULL) || !ObReferenceObjectSafe(ConnectedPort))
    {
        DPRINT1("Failed to reference the connected port\n");
        ConnectedPort = NULL;
        Status = STATUS_PORT_DISCONNECTED;
        goto CleanupWithLock;
    }
 
    /* Check for no-impersonation flag */
    if ((ULONG_PTR)ClientThread->LpcReplyMessage & LPCP_THREAD_FLAG_NO_IMPERSONATION)
    {
        DPRINT1("Reply message has no impersonation flag set\n");
        Status = STATUS_ACCESS_DENIED;
        goto CleanupWithLock;
    }
 
    /* Check for message id mismatch */
    if ((ClientThread->LpcReplyMessageId != MessageId) || (MessageId == 0))
    {
        DPRINT1("LpcReplyMessageId mismatch: 0x%lx/0x%lx.\n",
                ClientThread->LpcReplyMessageId, MessageId);
        Status = STATUS_REPLY_MESSAGE_MISMATCH;
        goto CleanupWithLock;
    }
 
    /* Validate the port */
    if (!LpcpValidateClientPort(ClientThread, Port))
    {
        DPRINT1("LpcpValidateClientPort failed\n");
        Status = STATUS_REPLY_MESSAGE_MISMATCH;
        goto CleanupWithLock;
    }
 
    /* Release the lock */
    KeReleaseGuardedMutex(&LpcpLock);
 
    /* Check if security is static */
    if (!(ConnectedPort->Flags & LPCP_SECURITY_DYNAMIC))
    {
        /* Use the static security for impersonation */
        Status = SeImpersonateClientEx(&ConnectedPort->StaticSecurity, NULL);
        goto Cleanup;
    }
 
    /* Create new dynamic security */
    Status = SeCreateClientSecurity(ClientThread,
                                    &ConnectedPort->SecurityQos,
                                    FALSE,
                                    &ClientContext);
    if (!NT_SUCCESS(Status))
    {
        DPRINT1("SeCreateClientSecurity failed\n");
        goto Cleanup;
    }
 
    /* Use dynamic security for impersonation */
    Status = SeImpersonateClientEx(&ClientContext, NULL);
 
    /* Get rid of the security context */
    SeDeleteClientSecurity(&ClientContext);
 
Cleanup:
 
    if (ConnectedPort != NULL)
        ObDereferenceObject(ConnectedPort);
 
    if (ClientThread != NULL)
        ObDereferenceObject(ClientThread);
 
    ObDereferenceObject(Port);
 
    return Status;
 
CleanupWithLock:
 
    /* Release the lock */
    KeReleaseGuardedMutex(&LpcpLock);
    goto Cleanup;
}

NtQueryInformationPort()

NTSTATUS NTAPI NtQueryInformationPort	(	IN HANDLE	PortHandle,
		IN PORT_INFORMATION_CLASS	PortInformationClass,
		OUT PVOID	PortInformation,
		IN ULONG	PortInformationLength,
		OUT PULONG	ReturnLength
	)

Definition at line 285 of file port.c.

{
    UNIMPLEMENTED;
    return STATUS_NOT_IMPLEMENTED;
}

NtQueryPortInformationProcess()

NTSTATUS NTAPI NtQueryPortInformationProcess

(

VOID

)

Definition at line 277 of file port.c.

{
    /* This is all this function does */
    return STATUS_UNSUCCESSFUL;
}

Variable Documentation

LpcpLock

KGUARDED_MUTEX LpcpLock

Definition at line 20 of file port.c.

Referenced by LpcExitThread(), LpcInitSystem(), LpcpAllocateFromPortZone(), LpcpCopyRequestData(), LpcpDeletePort(), LpcpDestroyPortQueue(), LpcpFreeConMsg(), LpcpFreeToPortZone(), LpcpSaveDataInfoMessage(), LpcRequestPort(), LpcRequestWaitReplyPort(), NtAcceptConnectPort(), NtCompleteConnectPort(), NtImpersonateClientOfPort(), NtReplyPort(), NtReplyWaitReceivePortEx(), NtRequestPort(), NtRequestWaitReplyPort(), and NtSecureConnectPort().

LpcpMaxMessageSize

ULONG LpcpMaxMessageSize

Definition at line 18 of file port.c.

Referenced by LpcInitSystem(), and LpcpCreatePort().

LpcpMessagesLookaside

PAGED_LOOKASIDE_LIST LpcpMessagesLookaside

Definition at line 19 of file port.c.

Referenced by LpcInitSystem(), LpcpAllocateFromPortZone(), and LpcpFreeToPortZone().

LpcpNextCallbackId

ULONG LpcpNextCallbackId = 1

Definition at line 22 of file port.c.

LpcpNextMessageId

ULONG LpcpNextMessageId = 1

Definition at line 22 of file port.c.

Referenced by LpcRequestPort(), LpcRequestWaitReplyPort(), NtRequestPort(), NtRequestWaitReplyPort(), and NtSecureConnectPort().

LpcPortObjectType

POBJECT_TYPE LpcPortObjectType

Definition at line 17 of file port.c.

Referenced by InitCsrApiPort(), LpcInitSystem(), LpcpCopyRequestData(), LpcpCreatePort(), NtCompleteConnectPort(), NtImpersonateClientOfPort(), NtRegisterThreadTerminatePort(), NtReplyPort(), NtReplyWaitReceivePortEx(), NtRequestPort(), NtRequestWaitReplyPort(), NtSecureConnectPort(), NtSetDefaultHardErrorPort(), NtSetInformationProcess(), PspCreateProcess(), and TestWin2003ObjectTypes().

LpcpPortMapping

GENERIC_MAPPING LpcpPortMapping

static

Initial value:

=
{
    READ_CONTROL | PORT_CONNECT,
    DELETE | PORT_CONNECT,
    0,
    PORT_ALL_ACCESS
}

Definition at line 24 of file port.c.

Referenced by LpcInitSystem().

LpcpTraceLevel

ULONG LpcpTraceLevel = 0

Definition at line 21 of file port.c.

LpcWaitablePortObjectType

POBJECT_TYPE LpcWaitablePortObjectType

Definition at line 17 of file port.c.

Referenced by LpcInitSystem().