2380 lines
71 KiB
C
2380 lines
71 KiB
C
/****************************************************************************/
|
|
// channel.c
|
|
//
|
|
// Terminal Server channel handling.
|
|
//
|
|
// Copyright (C) 1997-2000 Microsoft Corporation
|
|
/****************************************************************************/
|
|
|
|
#include <precomp.h>
|
|
#pragma hdrstop
|
|
#include <ntddkbd.h>
|
|
#include <ntddmou.h>
|
|
|
|
#include "ptdrvcom.h"
|
|
|
|
|
|
#define min(a,b) (((a) < (b)) ? (a) : (b))
|
|
|
|
|
|
NTSTATUS
|
|
IcaExceptionFilter(
|
|
IN PWSTR OutputString,
|
|
IN PEXCEPTION_POINTERS pexi
|
|
);
|
|
|
|
NTSTATUS
|
|
IcaReadChannel (
|
|
IN PICA_CHANNEL pChannel,
|
|
IN PIRP Irp,
|
|
IN PIO_STACK_LOCATION IrpSp
|
|
);
|
|
|
|
NTSTATUS
|
|
IcaWriteChannel (
|
|
IN PICA_CHANNEL pChannel,
|
|
IN PIRP Irp,
|
|
IN PIO_STACK_LOCATION IrpSp
|
|
);
|
|
|
|
NTSTATUS
|
|
IcaDeviceControlChannel (
|
|
IN PICA_CHANNEL pChannel,
|
|
IN PIRP Irp,
|
|
IN PIO_STACK_LOCATION IrpSp
|
|
);
|
|
|
|
NTSTATUS
|
|
IcaFlushChannel (
|
|
IN PICA_CHANNEL pChannel,
|
|
IN PIRP Irp,
|
|
IN PIO_STACK_LOCATION IrpSp
|
|
);
|
|
|
|
NTSTATUS
|
|
IcaCleanupChannel (
|
|
IN PICA_CHANNEL pChannel,
|
|
IN PIRP Irp,
|
|
IN PIO_STACK_LOCATION IrpSp
|
|
);
|
|
|
|
NTSTATUS
|
|
IcaCloseChannel (
|
|
IN PICA_CHANNEL pChannel,
|
|
IN PIRP Irp,
|
|
IN PIO_STACK_LOCATION IrpSp
|
|
);
|
|
|
|
VOID
|
|
IcaFreeAllVcBind(
|
|
IN PICA_CONNECTION pConnect
|
|
);
|
|
|
|
NTSTATUS
|
|
IcaCancelReadChannel (
|
|
IN PICA_CHANNEL pChannel,
|
|
IN PIRP Irp,
|
|
IN PIO_STACK_LOCATION IrpSp
|
|
);
|
|
|
|
|
|
/*
|
|
* Local procedure prototypes
|
|
*/
|
|
NTSTATUS
|
|
_IcaReadChannelComplete(
|
|
IN PICA_CHANNEL pChannel,
|
|
IN PIRP Irp,
|
|
IN PIO_STACK_LOCATION IrpSp
|
|
);
|
|
|
|
NTSTATUS _IcaQueueReadChannelRequest(
|
|
IN PICA_CHANNEL pChannel,
|
|
IN PIRP Irp,
|
|
IN PIO_STACK_LOCATION IrpSp
|
|
);
|
|
|
|
NTSTATUS
|
|
_IcaCopyDataToUserBuffer(
|
|
IN PIRP Irp,
|
|
IN PUCHAR pBuffer,
|
|
IN ULONG ByteCount
|
|
);
|
|
|
|
VOID
|
|
_IcaReadChannelCancelIrp(
|
|
IN PDEVICE_OBJECT DeviceObject,
|
|
IN PIRP Irp
|
|
);
|
|
|
|
VOID _IcaProcessIrpList(
|
|
IN PICA_CHANNEL pChannel
|
|
);
|
|
|
|
PICA_CHANNEL
|
|
_IcaAllocateChannel(
|
|
IN PICA_CONNECTION pConnect,
|
|
IN CHANNELCLASS ChannelClass,
|
|
IN PVIRTUALCHANNELNAME pVirtualName
|
|
);
|
|
|
|
void _IcaFreeChannel(IN PICA_CHANNEL);
|
|
|
|
NTSTATUS
|
|
_IcaCallStack(
|
|
IN PICA_STACK pStack,
|
|
IN ULONG ProcIndex,
|
|
IN OUT PVOID pParms
|
|
);
|
|
|
|
NTSTATUS
|
|
_IcaCallStackNoLock(
|
|
IN PICA_STACK pStack,
|
|
IN ULONG ProcIndex,
|
|
IN OUT PVOID pParms
|
|
);
|
|
|
|
NTSTATUS
|
|
_IcaRegisterVcBind(
|
|
IN PICA_CONNECTION pConnect,
|
|
IN PVIRTUALCHANNELNAME pVirtualName,
|
|
IN VIRTUALCHANNELCLASS VirtualClass,
|
|
IN ULONG Flags
|
|
);
|
|
|
|
VIRTUALCHANNELCLASS
|
|
_IcaFindVcBind(
|
|
IN PICA_CONNECTION pConnect,
|
|
IN PVIRTUALCHANNELNAME pVirtualName,
|
|
OUT PULONG pFlags
|
|
);
|
|
|
|
VOID
|
|
_IcaBindChannel(
|
|
IN PICA_CHANNEL pChannel,
|
|
IN CHANNELCLASS ChannelClass,
|
|
IN VIRTUALCHANNELCLASS VirtualClass,
|
|
IN ULONG Flags
|
|
);
|
|
|
|
|
|
|
|
/*
|
|
* Dispatch table for ICA channel objects
|
|
*/
|
|
PICA_DISPATCH IcaChannelDispatchTable[IRP_MJ_MAXIMUM_FUNCTION+1] = {
|
|
NULL, // IRP_MJ_CREATE
|
|
NULL, // IRP_MJ_CREATE_NAMED_PIPE
|
|
IcaCloseChannel, // IRP_MJ_CLOSE
|
|
IcaReadChannel, // IRP_MJ_READ
|
|
IcaWriteChannel, // IRP_MJ_WRITE
|
|
NULL, // IRP_MJ_QUERY_INFORMATION
|
|
NULL, // IRP_MJ_SET_INFORMATION
|
|
NULL, // IRP_MJ_QUERY_EA
|
|
NULL, // IRP_MJ_SET_EA
|
|
IcaFlushChannel, // IRP_MJ_FLUSH_BUFFERS
|
|
NULL, // IRP_MJ_QUERY_VOLUME_INFORMATION
|
|
NULL, // IRP_MJ_SET_VOLUME_INFORMATION
|
|
NULL, // IRP_MJ_DIRECTORY_CONTROL
|
|
NULL, // IRP_MJ_FILE_SYSTEM_CONTROL
|
|
IcaDeviceControlChannel, // IRP_MJ_DEVICE_CONTROL
|
|
NULL, // IRP_MJ_INTERNAL_DEVICE_CONTROL
|
|
NULL, // IRP_MJ_SHUTDOWN
|
|
NULL, // IRP_MJ_LOCK_CONTROL
|
|
IcaCleanupChannel, // IRP_MJ_CLEANUP
|
|
NULL, // IRP_MJ_CREATE_MAILSLOT
|
|
NULL, // IRP_MJ_QUERY_SECURITY
|
|
NULL, // IRP_MJ_SET_SECURITY
|
|
NULL, // IRP_MJ_SET_POWER
|
|
NULL, // IRP_MJ_QUERY_POWER
|
|
};
|
|
|
|
#if DBG
|
|
extern PICA_DISPATCH IcaStackDispatchTable[];
|
|
#endif
|
|
|
|
|
|
NTSTATUS IcaCreateChannel(
|
|
IN PICA_CONNECTION pConnect,
|
|
IN PICA_OPEN_PACKET openPacket,
|
|
IN PIRP Irp,
|
|
IN PIO_STACK_LOCATION IrpSp)
|
|
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This routine is called to create a new ICA_CHANNEL object.
|
|
- the reference count is incremented by one
|
|
|
|
Arguments:
|
|
|
|
pConnect -- pointer to ICA_CONNECTION object
|
|
|
|
Irp - Pointer to I/O request packet
|
|
|
|
IrpSp - pointer to the stack location to use for this request.
|
|
|
|
Return Value:
|
|
|
|
NTSTATUS -- Indicates whether the request was successfully queued.
|
|
|
|
--*/
|
|
|
|
{
|
|
PICA_CHANNEL pChannel;
|
|
CHANNELCLASS ChannelClass;
|
|
NTSTATUS Status;
|
|
|
|
/*
|
|
* Validate ChannelClass
|
|
*/
|
|
ChannelClass = openPacket->TypeInfo.ChannelClass;
|
|
if ( !(ChannelClass >= Channel_Keyboard && ChannelClass <= Channel_Virtual) )
|
|
return( STATUS_INVALID_PARAMETER );
|
|
|
|
/*
|
|
* Ensure VirtualName has a trailing NULL
|
|
*/
|
|
if ( !memchr( openPacket->TypeInfo.VirtualName,
|
|
'\0',
|
|
sizeof( openPacket->TypeInfo.VirtualName ) ) )
|
|
return( STATUS_INVALID_PARAMETER );
|
|
|
|
|
|
/*
|
|
* Must lock connection object to create new channel.
|
|
*/
|
|
IcaLockConnection( pConnect );
|
|
|
|
TRACE(( pConnect, TC_ICADD, TT_API2, "TermDD: IcaCreateChannel: cc %u, vn %s\n",
|
|
ChannelClass, openPacket->TypeInfo.VirtualName ));
|
|
|
|
/*
|
|
* Locate channel object
|
|
*/
|
|
pChannel = IcaFindChannelByName(pConnect,
|
|
ChannelClass,
|
|
openPacket->TypeInfo.VirtualName);
|
|
|
|
/*
|
|
* See if this channel has already been created.
|
|
* If not, then create/initialize it now.
|
|
*/
|
|
if ( pChannel == NULL ) {
|
|
/*
|
|
* Allocate a new ICA channel object
|
|
*/
|
|
pChannel = _IcaAllocateChannel(pConnect,
|
|
ChannelClass,
|
|
openPacket->TypeInfo.VirtualName);
|
|
if (pChannel == NULL) {
|
|
IcaUnlockConnection(pConnect);
|
|
return( STATUS_INSUFFICIENT_RESOURCES );
|
|
}
|
|
}
|
|
|
|
/*
|
|
* Increment open count for this channel
|
|
*/
|
|
if (InterlockedIncrement(&pChannel->OpenCount) <= 0) {
|
|
ASSERT( FALSE );
|
|
}
|
|
|
|
/*
|
|
* If the CHANNEL_CLOSING flag is set, then we are re-referenceing
|
|
* a channel object that was just closed by a previous caller,
|
|
* but has not yet been completely dereferenced.
|
|
* This can happen if this create call comes in between the
|
|
* calls to IcaCleanupChannel and IcaCloseChannel which happen
|
|
* when a channel handle is closed.
|
|
*/
|
|
if ( pChannel->Flags & CHANNEL_CLOSING ) {
|
|
/*
|
|
* Lock channel while we clear out the CHANNEL_CLOSING flag.
|
|
*/
|
|
IcaLockChannel(pChannel);
|
|
pChannel->Flags &= ~CHANNEL_CLOSING;
|
|
IcaUnlockChannel(pChannel);
|
|
}
|
|
|
|
IcaUnlockConnection(pConnect);
|
|
|
|
/*
|
|
* Save a pointer to the channel in the file object
|
|
* so that we can find it in future calls.
|
|
* - leave the reference on the channel object
|
|
*/
|
|
IrpSp->FileObject->FsContext = pChannel;
|
|
|
|
/*
|
|
* Exit with the channel reference count incremented by one
|
|
*/
|
|
return STATUS_SUCCESS;
|
|
}
|
|
|
|
|
|
NTSTATUS IcaReadChannel(
|
|
IN PICA_CHANNEL pChannel,
|
|
IN PIRP Irp,
|
|
IN PIO_STACK_LOCATION IrpSp)
|
|
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This is the read routine for ICA channels.
|
|
|
|
Arguments:
|
|
|
|
pChannel -- pointer to ICA_CHANNEL object
|
|
|
|
Irp - Pointer to I/O request packet
|
|
|
|
IrpSp - pointer to the stack location to use for this request.
|
|
|
|
Return Value:
|
|
|
|
NTSTATUS -- Indicates whether the request was successfully queued.
|
|
|
|
--*/
|
|
|
|
{
|
|
KIRQL cancelIrql;
|
|
NTSTATUS Status = STATUS_PENDING;
|
|
ULONG bChannelAlreadyLocked;
|
|
|
|
|
|
/*
|
|
* Determine the channel type to see if read is supported.
|
|
* Also do read size verification for keyboard/mouse.
|
|
*/
|
|
switch ( pChannel->ChannelClass ) {
|
|
/*
|
|
* Make sure input size is a multiple of KEYBOARD_INPUT_DATA
|
|
*/
|
|
case Channel_Keyboard :
|
|
if ( IrpSp->Parameters.Read.Length % sizeof(KEYBOARD_INPUT_DATA) )
|
|
Status = STATUS_BUFFER_TOO_SMALL;
|
|
break;
|
|
|
|
/*
|
|
* Make sure input size is a multiple of MOUSE_INPUT_DATA
|
|
*/
|
|
case Channel_Mouse :
|
|
if ( IrpSp->Parameters.Read.Length % sizeof(MOUSE_INPUT_DATA) )
|
|
Status = STATUS_BUFFER_TOO_SMALL;
|
|
break;
|
|
|
|
/*
|
|
* Nothing required for Command/Virtual channels
|
|
*/
|
|
case Channel_Command :
|
|
case Channel_Virtual :
|
|
break;
|
|
|
|
/*
|
|
* Read not supported for the following channels
|
|
*/
|
|
case Channel_Video :
|
|
case Channel_Beep :
|
|
Status = STATUS_INVALID_DEVICE_REQUEST;
|
|
break;
|
|
|
|
default:
|
|
ASSERTMSG( "TermDD: Invalid Channel Class", FALSE );
|
|
Status = STATUS_INVALID_DEVICE_REQUEST;
|
|
break;
|
|
}
|
|
|
|
/*
|
|
* If read length is 0, or an error is being returned, return now.
|
|
*/
|
|
if (Status == STATUS_PENDING && IrpSp->Parameters.Read.Length == 0)
|
|
Status = STATUS_SUCCESS;
|
|
if (Status != STATUS_PENDING) {
|
|
Irp->IoStatus.Status = Status;
|
|
IoCompleteRequest(Irp, IcaPriorityBoost);
|
|
TRACECHANNEL(( pChannel, TC_ICADD, TT_ERROR,
|
|
"TermDD: IcaReadChannel, cc %u, vc %d, 0x%x\n",
|
|
pChannel->ChannelClass, pChannel->VirtualClass, Status ));
|
|
return Status;
|
|
}
|
|
|
|
/*
|
|
* Verify user's buffer is valid
|
|
*/
|
|
if (Irp->RequestorMode != KernelMode) {
|
|
try {
|
|
ProbeForWrite(Irp->UserBuffer, IrpSp->Parameters.Read.Length, sizeof(BYTE));
|
|
} except(EXCEPTION_EXECUTE_HANDLER) {
|
|
Status = GetExceptionCode();
|
|
Irp->IoStatus.Status = Status;
|
|
IoCompleteRequest(Irp, IcaPriorityBoost);
|
|
TRACECHANNEL((pChannel, TC_ICADD, TT_ERROR,
|
|
"TermDD: IcaReadChannel, cc %u, vc %d, 0x%x\n",
|
|
pChannel->ChannelClass, pChannel->VirtualClass, Status));
|
|
return Status;
|
|
}
|
|
}
|
|
|
|
/*
|
|
* Lock the channel while we determine how to handle this read request.
|
|
* One of the following will be true:
|
|
* 1) Input data is available; copy it to user buffer and complete IRP,
|
|
* 2) No data available, IRP cancel is requested; cancel/complete IRP,
|
|
* 3) No data; add IRP to pending read list, return STATUS_PENDING.
|
|
*/
|
|
if (ExIsResourceAcquiredExclusiveLite(&(pChannel->Resource))) {
|
|
bChannelAlreadyLocked = TRUE;
|
|
IcaReferenceChannel(pChannel);
|
|
}
|
|
else {
|
|
bChannelAlreadyLocked = FALSE;
|
|
IcaLockChannel(pChannel);
|
|
}
|
|
|
|
/*
|
|
* If the channel is being closed,
|
|
* then don't allow any further read requests.
|
|
*/
|
|
if (pChannel->Flags & CHANNEL_CLOSING) {
|
|
Status = STATUS_FILE_CLOSED;
|
|
Irp->IoStatus.Status = Status;
|
|
IoCompleteRequest(Irp, IcaPriorityBoost);
|
|
TRACECHANNEL((pChannel, TC_ICADD, TT_ERROR,
|
|
"TermDD: IcaReadChannel, cc %u, vc %d, 0x%x\n",
|
|
pChannel->ChannelClass, pChannel->VirtualClass, Status));
|
|
IcaUnlockChannel(pChannel);
|
|
return Status;
|
|
}
|
|
|
|
/*
|
|
* If the Winstation is terminating and Reads are cancelled
|
|
* then don't allow any further read requests.
|
|
*/
|
|
if (pChannel->Flags & CHANNEL_CANCEL_READS) {
|
|
Status = STATUS_FILE_CLOSED;
|
|
Irp->IoStatus.Status = Status;
|
|
IoCompleteRequest(Irp, IcaPriorityBoost);
|
|
TRACECHANNEL((pChannel, TC_ICADD, TT_ERROR,
|
|
"TermDD: IcaReadChannel, cc %u, vc %d, 0x%x\n",
|
|
pChannel->ChannelClass, pChannel->VirtualClass, Status));
|
|
IcaUnlockChannel(pChannel);
|
|
return Status;
|
|
}
|
|
|
|
|
|
|
|
if (InterlockedCompareExchange(&(pChannel->CompletionRoutineCount), 1, 0) == 0) {
|
|
|
|
/*
|
|
* If there is already input data available,
|
|
* then use it to satisfy the caller's read request.
|
|
*/
|
|
if ( !IsListEmpty( &pChannel->InputBufHead ) ) {
|
|
_IcaProcessIrpList(pChannel);
|
|
|
|
if (!IsListEmpty( &pChannel->InputBufHead )) {
|
|
Status = _IcaReadChannelComplete( pChannel, Irp, IrpSp );
|
|
|
|
TRACECHANNEL(( pChannel, TC_ICADD, TT_IN3, "TermDD: IcaReadChannel, cc %u, vc %d, 0x%x\n",
|
|
pChannel->ChannelClass, pChannel->VirtualClass, Status ));
|
|
|
|
_IcaProcessIrpList(pChannel);
|
|
}
|
|
else {
|
|
Status = _IcaQueueReadChannelRequest(pChannel, Irp, IrpSp);
|
|
}
|
|
}
|
|
else {
|
|
Status = _IcaQueueReadChannelRequest(pChannel, Irp, IrpSp);
|
|
}
|
|
|
|
InterlockedDecrement(&(pChannel->CompletionRoutineCount));
|
|
ASSERT(pChannel->CompletionRoutineCount == 0);
|
|
}
|
|
else {
|
|
Status = _IcaQueueReadChannelRequest(pChannel, Irp, IrpSp);
|
|
}
|
|
|
|
/*
|
|
* Unlock channel now
|
|
*/
|
|
if (bChannelAlreadyLocked) {
|
|
IcaDereferenceChannel( pChannel );
|
|
}
|
|
else {
|
|
IcaUnlockChannel(pChannel);
|
|
}
|
|
return Status;
|
|
}
|
|
|
|
void _IcaProcessIrpList(
|
|
IN PICA_CHANNEL pChannel)
|
|
{
|
|
KIRQL cancelIrql;
|
|
PIRP irpFromQueue;
|
|
PIO_STACK_LOCATION irpSpFromQueue;
|
|
PLIST_ENTRY irpQueueHead;
|
|
NTSTATUS irpStatus;
|
|
|
|
ASSERT( ExIsResourceAcquiredExclusiveLite( &pChannel->Resource ) );
|
|
|
|
/*
|
|
* Acquire IoCancel spinlock while checking InputIrp list
|
|
*/
|
|
IoAcquireCancelSpinLock( &cancelIrql );
|
|
|
|
/*
|
|
* If there is a pending read IRP, then remove it from the
|
|
* list and try to complete it now.
|
|
*/
|
|
|
|
while (!IsListEmpty( &pChannel->InputIrpHead ) &&
|
|
!IsListEmpty( &pChannel->InputBufHead )) {
|
|
|
|
irpQueueHead = RemoveHeadList( &pChannel->InputIrpHead );
|
|
irpFromQueue = CONTAINING_RECORD( irpQueueHead, IRP, Tail.Overlay.ListEntry );
|
|
irpSpFromQueue = IoGetCurrentIrpStackLocation( irpFromQueue );
|
|
|
|
/*
|
|
* Clear the cancel routine for this IRP
|
|
*/
|
|
IoSetCancelRoutine( irpFromQueue, NULL );
|
|
|
|
IoReleaseCancelSpinLock( cancelIrql );
|
|
|
|
irpStatus = _IcaReadChannelComplete( pChannel, irpFromQueue, irpSpFromQueue );
|
|
|
|
TRACECHANNEL(( pChannel, TC_ICADD, TT_IN3, "TermDD: IcaReadChannel, cc %u, vc %d, 0x%x\n",
|
|
pChannel->ChannelClass, pChannel->VirtualClass, irpStatus ));
|
|
|
|
/*
|
|
* Acquire IoCancel spinlock while checking InputIrp list
|
|
*/
|
|
IoAcquireCancelSpinLock( &cancelIrql );
|
|
}
|
|
|
|
IoReleaseCancelSpinLock( cancelIrql );
|
|
}
|
|
|
|
NTSTATUS _IcaQueueReadChannelRequest(
|
|
IN PICA_CHANNEL pChannel,
|
|
IN PIRP Irp,
|
|
IN PIO_STACK_LOCATION IrpSp)
|
|
{
|
|
KIRQL cancelIrql;
|
|
NTSTATUS Status = STATUS_PENDING;
|
|
|
|
ASSERT( ExIsResourceAcquiredExclusiveLite( &pChannel->Resource ) );
|
|
|
|
/*
|
|
* Acquire the IoCancel spinlock.
|
|
* We use this spinlock to protect access to the InputIrp list.
|
|
*/
|
|
IoAcquireCancelSpinLock(&cancelIrql);
|
|
|
|
/*
|
|
* No input data is available.
|
|
* Add the Irp to the pending Irp list for this channel.
|
|
*/
|
|
InsertTailList(&pChannel->InputIrpHead, &Irp->Tail.Overlay.ListEntry);
|
|
IoMarkIrpPending(Irp);
|
|
/*
|
|
* If this IRP is being cancelled, then cancel it now.
|
|
* Otherwise, set the cancel routine for this request.
|
|
*/
|
|
if (Irp->Cancel) {
|
|
Irp->CancelIrql = cancelIrql;
|
|
_IcaReadChannelCancelIrp(IrpSp->DeviceObject, Irp);
|
|
TRACECHANNEL(( pChannel, TC_ICADD, TT_IN3,
|
|
"TermDD: _IcaQueueReadChannelRequest, cc %u, vc %d (canceled)\n",
|
|
pChannel->ChannelClass, pChannel->VirtualClass));
|
|
return STATUS_CANCELLED;
|
|
}
|
|
|
|
IoSetCancelRoutine(Irp, _IcaReadChannelCancelIrp);
|
|
IoReleaseCancelSpinLock(cancelIrql);
|
|
|
|
TRACECHANNEL((pChannel, TC_ICADD, TT_IN3,
|
|
"TermDD: _IcaQueueReadChannelRequest, cc %u, vc %d (pending)\n",
|
|
pChannel->ChannelClass, pChannel->VirtualClass));
|
|
|
|
return STATUS_PENDING;
|
|
|
|
}
|
|
|
|
NTSTATUS _IcaReadChannelComplete(
|
|
IN PICA_CHANNEL pChannel,
|
|
IN PIRP Irp,
|
|
IN PIO_STACK_LOCATION IrpSp)
|
|
{
|
|
KIRQL cancelIrql;
|
|
PLIST_ENTRY Head;
|
|
PINBUF pInBuf;
|
|
PVOID pBuffer;
|
|
ULONG CopyCount;
|
|
NTSTATUS Status;
|
|
|
|
ASSERT( ExIsResourceAcquiredExclusiveLite( &pChannel->Resource ) );
|
|
|
|
TRACECHANNEL(( pChannel, TC_ICADD, TT_IN4, "TermDD: _IcaReadChannelComplete, cc %u, vc %d\n",
|
|
pChannel->ChannelClass, pChannel->VirtualClass ));
|
|
|
|
/*
|
|
* Get pointer to first input buffer
|
|
*/
|
|
ASSERT( !IsListEmpty( &pChannel->InputBufHead ) );
|
|
Head = pChannel->InputBufHead.Flink;
|
|
pInBuf = CONTAINING_RECORD( Head, INBUF, Links );
|
|
|
|
/*
|
|
* Clear the cancel routine for this IRP,
|
|
* since one way or the other it will be completed.
|
|
*/
|
|
IoAcquireCancelSpinLock( &cancelIrql );
|
|
IoSetCancelRoutine( Irp, NULL );
|
|
IoReleaseCancelSpinLock( cancelIrql );
|
|
|
|
/*
|
|
* If this is a message mode channel, all data from a single input
|
|
* buffer must fit in the user buffer, otherwise we return an error.
|
|
*/
|
|
if (IrpSp->Parameters.Read.Length < pInBuf->ByteCount &&
|
|
(pChannel->Flags & CHANNEL_MESSAGE_MODE)) {
|
|
Irp->IoStatus.Status = STATUS_BUFFER_TOO_SMALL;
|
|
IoCompleteRequest( Irp, IcaPriorityBoost );
|
|
TRACECHANNEL(( pChannel, TC_ICADD, TT_ERROR,
|
|
"TermDD: _IcaReadChannelComplete: cc %u, vc %d (buffer too small)\n",
|
|
pChannel->ChannelClass, pChannel->VirtualClass ));
|
|
return STATUS_BUFFER_TOO_SMALL;
|
|
}
|
|
|
|
/*
|
|
* Determine amount of data to copy to user's buffer.
|
|
*/
|
|
CopyCount = min(IrpSp->Parameters.Read.Length, pInBuf->ByteCount);
|
|
|
|
/*
|
|
* Copy input data to user's buffer
|
|
*/
|
|
Status = _IcaCopyDataToUserBuffer(Irp, pInBuf->pBuffer, CopyCount);
|
|
|
|
|
|
/*
|
|
* Update ICA buffer pointer and bytes remaining.
|
|
* If no bytes remain, then unlink the input buffer and free it.
|
|
*/
|
|
if ( Status == STATUS_SUCCESS ) {
|
|
pChannel->InputBufCurSize -= CopyCount;
|
|
pInBuf->pBuffer += CopyCount;
|
|
pInBuf->ByteCount -= CopyCount;
|
|
if ( pInBuf->ByteCount == 0 ) {
|
|
RemoveEntryList( &pInBuf->Links );
|
|
ICA_FREE_POOL( pInBuf );
|
|
}
|
|
}
|
|
|
|
/*
|
|
* Mark the Irp complete
|
|
*/
|
|
Irp->IoStatus.Status = Status;
|
|
IoCompleteRequest( Irp, IcaPriorityBoost );
|
|
TRACECHANNEL(( pChannel, TC_ICADD, TT_IN3,
|
|
"TermDD: _IcaReadChannelComplete: cc %u, vc %d, bc %u, 0x%x\n",
|
|
pChannel->ChannelClass, pChannel->VirtualClass, CopyCount, Status ));
|
|
|
|
return Status;
|
|
}
|
|
|
|
|
|
NTSTATUS _IcaCopyDataToUserBuffer(
|
|
IN PIRP Irp,
|
|
IN PUCHAR pBuffer,
|
|
IN ULONG ByteCount)
|
|
{
|
|
NTSTATUS Status;
|
|
|
|
/*
|
|
* If we are in the context of the original caller's process,
|
|
* then just copy the data into the user's buffer directly.
|
|
*/
|
|
if ( IoGetRequestorProcess( Irp ) == IoGetCurrentProcess() ) {
|
|
try {
|
|
Status = STATUS_SUCCESS;
|
|
RtlCopyMemory( Irp->UserBuffer, pBuffer, ByteCount );
|
|
} except( EXCEPTION_EXECUTE_HANDLER ) {
|
|
Status = GetExceptionCode();
|
|
}
|
|
|
|
/*
|
|
* If there is a MDL allocated for this IRP, then copy the data
|
|
* directly to the users buffer via the MDL.
|
|
*/
|
|
} else if ( Irp->MdlAddress ) {
|
|
PVOID UserBuffer;
|
|
|
|
UserBuffer = MmGetSystemAddressForMdl( Irp->MdlAddress );
|
|
try {
|
|
if (UserBuffer != NULL) {
|
|
Status = STATUS_SUCCESS;
|
|
RtlCopyMemory( UserBuffer, pBuffer, ByteCount );
|
|
}else {
|
|
Status = STATUS_INSUFFICIENT_RESOURCES;
|
|
}
|
|
} except( EXCEPTION_EXECUTE_HANDLER ) {
|
|
Status = GetExceptionCode();
|
|
}
|
|
|
|
/*
|
|
* There is no MDL for this request. We must allocate a secondary
|
|
* buffer, copy the data to it, and indicate this is a buffered I/O
|
|
* request in the IRP. The I/O completion routine will copy the
|
|
* data to the user's buffer.
|
|
*/
|
|
} else {
|
|
ASSERT( Irp->AssociatedIrp.SystemBuffer == NULL );
|
|
Irp->AssociatedIrp.SystemBuffer = ExAllocatePoolWithTag( PagedPool,
|
|
ByteCount,
|
|
ICA_POOL_TAG );
|
|
if ( Irp->AssociatedIrp.SystemBuffer == NULL )
|
|
return( STATUS_INSUFFICIENT_RESOURCES );
|
|
RtlCopyMemory( Irp->AssociatedIrp.SystemBuffer, pBuffer, ByteCount );
|
|
Irp->Flags |= (IRP_BUFFERED_IO |
|
|
IRP_DEALLOCATE_BUFFER |
|
|
IRP_INPUT_OPERATION);
|
|
Status = STATUS_SUCCESS;
|
|
}
|
|
|
|
if ( Status == STATUS_SUCCESS )
|
|
Irp->IoStatus.Information = ByteCount;
|
|
|
|
return Status;
|
|
}
|
|
|
|
|
|
VOID _IcaReadChannelCancelIrp(IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp)
|
|
{
|
|
PIO_STACK_LOCATION IrpSp;
|
|
PICA_CHANNEL pChannel;
|
|
|
|
IrpSp = IoGetCurrentIrpStackLocation( Irp );
|
|
|
|
pChannel = IrpSp->FileObject->FsContext;
|
|
|
|
/*
|
|
* Remove IRP from channel pending IRP list and release cancel spinlock
|
|
*/
|
|
RemoveEntryList(&Irp->Tail.Overlay.ListEntry);
|
|
IoReleaseCancelSpinLock(Irp->CancelIrql);
|
|
|
|
/*
|
|
* Complete the IRP with a cancellation status code.
|
|
*/
|
|
Irp->IoStatus.Information = 0;
|
|
Irp->IoStatus.Status = STATUS_CANCELLED;
|
|
IoCompleteRequest(Irp, IcaPriorityBoost);
|
|
}
|
|
|
|
|
|
NTSTATUS IcaWriteChannel(
|
|
IN PICA_CHANNEL pChannel,
|
|
IN PIRP Irp,
|
|
IN PIO_STACK_LOCATION IrpSp)
|
|
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This is the write routine for ICA channels.
|
|
|
|
Arguments:
|
|
|
|
pChannel -- pointer to ICA_CHANNEL object
|
|
|
|
Irp - Pointer to I/O request packet. Flags, specific to this
|
|
driver, can be specified as a pointer to a ULONG flags value.
|
|
The pointer to this value is the first element in the
|
|
IRP.Tail.Overlay.DriverContext field.
|
|
|
|
Currently, only CHANNEL_WRITE_LOWPRIO is supported. Write IRP's with
|
|
this flag set will take lower priority than Write IRP's without this
|
|
flag set.
|
|
|
|
IrpSp - pointer to the stack location to use for this request.
|
|
|
|
Return Value:
|
|
|
|
NTSTATUS -- Indicates whether the request was successfully queued.
|
|
|
|
--*/
|
|
|
|
{
|
|
SD_CHANNELWRITE SdWrite;
|
|
NTSTATUS Status = STATUS_PENDING;
|
|
|
|
/*
|
|
* Determine the channel type to see if write is supported.
|
|
*/
|
|
switch ( pChannel->ChannelClass ) {
|
|
|
|
case Channel_Virtual :
|
|
if ( pChannel->VirtualClass == UNBOUND_CHANNEL ) {
|
|
Status = STATUS_INVALID_DEVICE_REQUEST;
|
|
}
|
|
break;
|
|
|
|
/*
|
|
* Write not supported for the following channels
|
|
*/
|
|
case Channel_Command :
|
|
case Channel_Keyboard :
|
|
case Channel_Mouse :
|
|
case Channel_Video :
|
|
case Channel_Beep :
|
|
Status = STATUS_INVALID_DEVICE_REQUEST;
|
|
break;
|
|
|
|
default:
|
|
ASSERTMSG( "ICA.SYS: Invalid Channel Class", FALSE );
|
|
Status = STATUS_INVALID_DEVICE_REQUEST;
|
|
break;
|
|
}
|
|
|
|
/*
|
|
* If the channel is being closed,
|
|
* then don't allow any further write requests.
|
|
*/
|
|
if ( pChannel->Flags & CHANNEL_CLOSING )
|
|
Status = STATUS_FILE_CLOSED;
|
|
|
|
/*
|
|
* If write length is 0, or an error is being returned, return now.
|
|
*/
|
|
if ( Status == STATUS_PENDING && IrpSp->Parameters.Write.Length == 0 )
|
|
Status = STATUS_SUCCESS;
|
|
if ( Status != STATUS_PENDING ) {
|
|
Irp->IoStatus.Status = Status;
|
|
IoCompleteRequest( Irp, IcaPriorityBoost );
|
|
TRACECHANNEL(( pChannel, TC_ICADD, TT_ERROR, "TermDD: IcaWriteChannel, cc %u, vc %d, 0x%x\n",
|
|
pChannel->ChannelClass, pChannel->VirtualClass, Status ));
|
|
return( Status );
|
|
}
|
|
|
|
/*
|
|
* Verify user's buffer is valid
|
|
*/
|
|
if ( Irp->RequestorMode != KernelMode ) {
|
|
try {
|
|
ProbeForRead( Irp->UserBuffer, IrpSp->Parameters.Write.Length, sizeof(BYTE) );
|
|
} except( EXCEPTION_EXECUTE_HANDLER ) {
|
|
Status = GetExceptionCode();
|
|
Irp->IoStatus.Status = Status;
|
|
IoCompleteRequest( Irp, IcaPriorityBoost );
|
|
TRACECHANNEL(( pChannel, TC_ICADD, TT_ERROR, "TermDD: IcaWriteChannel, cc %u, vc %d, 0x%x\n",
|
|
pChannel->ChannelClass, pChannel->VirtualClass, Status ));
|
|
return( Status );
|
|
}
|
|
}
|
|
|
|
/*
|
|
* Call the top level stack driver to handle the write
|
|
*/
|
|
SdWrite.ChannelClass = pChannel->ChannelClass;
|
|
SdWrite.VirtualClass = pChannel->VirtualClass;
|
|
SdWrite.pBuffer = Irp->UserBuffer;
|
|
SdWrite.ByteCount = IrpSp->Parameters.Write.Length;
|
|
SdWrite.fScreenData = (BOOLEAN)(pChannel->Flags & CHANNEL_SCREENDATA);
|
|
SdWrite.fFlags = 0;
|
|
|
|
/*
|
|
* See if the low prio write flag is set in the IRP.
|
|
*
|
|
* The flags field is passed to termdd.sys via an IRP_MJ_WRITE
|
|
* Irp, as a ULONG pointer in the Irp->Tail.Overlay.DriverContext[0] field.
|
|
*/
|
|
if (Irp->Tail.Overlay.DriverContext[0] != NULL) {
|
|
ULONG flags = *((ULONG *)Irp->Tail.Overlay.DriverContext[0]);
|
|
if (flags & CHANNEL_WRITE_LOWPRIO) {
|
|
SdWrite.fFlags |= SD_CHANNELWRITE_LOWPRIO;
|
|
}
|
|
}
|
|
|
|
Status = IcaCallDriver( pChannel, SD$CHANNELWRITE, &SdWrite );
|
|
|
|
/*
|
|
* Complete the IRP now since all channel writes are synchronous
|
|
* (the user data is captured by the stack driver before returning).
|
|
*/
|
|
Irp->IoStatus.Status = Status;
|
|
if ( Status == STATUS_SUCCESS )
|
|
Irp->IoStatus.Information = IrpSp->Parameters.Write.Length;
|
|
IoCompleteRequest( Irp, IcaPriorityBoost );
|
|
|
|
TRACECHANNEL(( pChannel, TC_ICADD, TT_OUT3, "TermDD: IcaWriteChannel, cc %u, vc %d, bc %u, 0x%x\n",
|
|
pChannel->ChannelClass, pChannel->VirtualClass, SdWrite.ByteCount, Status ));
|
|
|
|
return Status;
|
|
}
|
|
|
|
|
|
NTSTATUS IcaDeviceControlChannel(
|
|
IN PICA_CHANNEL pChannel,
|
|
IN PIRP Irp,
|
|
IN PIO_STACK_LOCATION IrpSp)
|
|
{
|
|
ULONG code;
|
|
PICA_TRACE_BUFFER pTraceBuffer;
|
|
NTSTATUS Status;
|
|
|
|
|
|
/*
|
|
* If the channel is being closed,
|
|
* then don't allow any further requests.
|
|
*/
|
|
if ( pChannel->Flags & CHANNEL_CLOSING )
|
|
return( STATUS_FILE_CLOSED );
|
|
|
|
/*
|
|
* Extract the IOCTL control code and process the request.
|
|
*/
|
|
code = IrpSp->Parameters.DeviceIoControl.IoControlCode;
|
|
|
|
|
|
#if DBG
|
|
if ( code != IOCTL_ICA_CHANNEL_TRACE ) {
|
|
TRACECHANNEL(( pChannel, TC_ICADD, TT_API1, "TermDD: IcaDeviceControlChannel, fc %d, ref %u (enter)\n",
|
|
(code & 0x3fff) >> 2, pChannel->RefCount ));
|
|
}
|
|
#endif
|
|
|
|
|
|
/*
|
|
* Process generic channel ioctl requests
|
|
*/
|
|
try {
|
|
switch ( code ) {
|
|
|
|
case IOCTL_ICA_CHANNEL_TRACE :
|
|
|
|
if ( IrpSp->Parameters.DeviceIoControl.InputBufferLength < (ULONG)(FIELD_OFFSET(ICA_TRACE_BUFFER,Data[0])) )
|
|
return( STATUS_BUFFER_TOO_SMALL );
|
|
if ( IrpSp->Parameters.DeviceIoControl.InputBufferLength > sizeof(ICA_TRACE_BUFFER) )
|
|
return( STATUS_INVALID_BUFFER_SIZE );
|
|
if ( Irp->RequestorMode != KernelMode ) {
|
|
ProbeForRead( IrpSp->Parameters.DeviceIoControl.Type3InputBuffer,
|
|
IrpSp->Parameters.DeviceIoControl.InputBufferLength,
|
|
sizeof(BYTE) );
|
|
}
|
|
|
|
pTraceBuffer = (PICA_TRACE_BUFFER)IrpSp->Parameters.DeviceIoControl.Type3InputBuffer;
|
|
|
|
IcaLockConnection( pChannel->pConnect );
|
|
IcaTraceFormat( &pChannel->pConnect->TraceInfo,
|
|
pTraceBuffer->TraceClass,
|
|
pTraceBuffer->TraceEnable,
|
|
pTraceBuffer->Data );
|
|
IcaUnlockConnection( pChannel->pConnect );
|
|
|
|
Status = STATUS_SUCCESS;
|
|
break;
|
|
|
|
case IOCTL_ICA_CHANNEL_DISABLE_SESSION_IO:
|
|
|
|
IcaLockConnection( pChannel->pConnect );
|
|
pChannel->Flags |= CHANNEL_SESSION_DISABLEIO;
|
|
Status = IcaFlushChannel( pChannel, Irp, IrpSp );
|
|
IcaUnlockConnection( pChannel->pConnect );
|
|
break;
|
|
|
|
case IOCTL_ICA_CHANNEL_ENABLE_SESSION_IO:
|
|
|
|
IcaLockConnection( pChannel->pConnect );
|
|
pChannel->Flags &= ~CHANNEL_SESSION_DISABLEIO;
|
|
IcaUnlockConnection( pChannel->pConnect );
|
|
Status = STATUS_SUCCESS;
|
|
break;
|
|
|
|
case IOCTL_ICA_CHANNEL_CLOSE_COMMAND_CHANNEL :
|
|
|
|
IcaLockConnection( pChannel->pConnect );
|
|
Status = IcaCancelReadChannel(pChannel, Irp, IrpSp);
|
|
IcaUnlockConnection( pChannel->pConnect );
|
|
break;
|
|
|
|
case IOCTL_ICA_CHANNEL_ENABLE_SHADOW :
|
|
|
|
IcaLockConnection( pChannel->pConnect );
|
|
pChannel->Flags |= CHANNEL_SHADOW_IO;
|
|
IcaUnlockConnection( pChannel->pConnect );
|
|
Status = STATUS_SUCCESS;
|
|
break;
|
|
|
|
case IOCTL_ICA_CHANNEL_DISABLE_SHADOW :
|
|
|
|
IcaLockConnection( pChannel->pConnect );
|
|
pChannel->Flags &= ~CHANNEL_SHADOW_IO;
|
|
IcaUnlockConnection( pChannel->pConnect );
|
|
Status = STATUS_SUCCESS;
|
|
break;
|
|
|
|
case IOCTL_ICA_CHANNEL_END_SHADOW :
|
|
{
|
|
PLIST_ENTRY Head, Next;
|
|
PICA_STACK pStack;
|
|
BOOLEAN bShadowEnded = FALSE;
|
|
PICA_CHANNEL_END_SHADOW_DATA pData;
|
|
|
|
if ( IrpSp->Parameters.DeviceIoControl.InputBufferLength != sizeof(ICA_CHANNEL_END_SHADOW_DATA) ) {
|
|
Status = STATUS_INVALID_BUFFER_SIZE;
|
|
break;
|
|
}
|
|
if ( Irp->RequestorMode != KernelMode ) {
|
|
ProbeForRead( IrpSp->Parameters.DeviceIoControl.Type3InputBuffer,
|
|
IrpSp->Parameters.DeviceIoControl.InputBufferLength,
|
|
sizeof(BYTE) );
|
|
}
|
|
|
|
pData = (PICA_CHANNEL_END_SHADOW_DATA)IrpSp->Parameters.DeviceIoControl.Type3InputBuffer;
|
|
|
|
/*
|
|
* Lock the connection object.
|
|
* This will serialize all channel calls for this connection.
|
|
*/
|
|
IcaLockConnection( pChannel->pConnect );
|
|
if ( IsListEmpty( &pChannel->pConnect->StackHead ) ) {
|
|
IcaUnlockConnection( pChannel->pConnect );
|
|
Status = STATUS_INVALID_DEVICE_REQUEST;
|
|
break;
|
|
}
|
|
|
|
/*
|
|
* Look for shadow stack(s).
|
|
*/
|
|
Head = &pChannel->pConnect->StackHead;
|
|
for ( Next = Head->Flink; Next != Head; Next = Next->Flink ) {
|
|
pStack = CONTAINING_RECORD( Next, ICA_STACK, StackEntry );
|
|
|
|
/*
|
|
* If this is a shadow stack, end it.
|
|
*/
|
|
if ( pStack->StackClass == Stack_Shadow ) {
|
|
if ( pStack->pBrokenEventObject ) {
|
|
KeSetEvent( pStack->pBrokenEventObject, 0, FALSE );
|
|
bShadowEnded = TRUE;
|
|
}
|
|
}
|
|
}
|
|
|
|
/*
|
|
* Unlock the connection object now.
|
|
*/
|
|
IcaUnlockConnection( pChannel->pConnect );
|
|
Status = STATUS_SUCCESS;
|
|
|
|
if (bShadowEnded && pData->bLogError) {
|
|
IcaLogError(NULL, pData->StatusCode, NULL, 0, NULL, 0);
|
|
}
|
|
break;
|
|
}
|
|
|
|
// This IOCTL is not supported by RDP or ICA driver
|
|
case IOCTL_VIDEO_ENUM_MONITOR_PDO:
|
|
|
|
Status = STATUS_DEVICE_NOT_READY;
|
|
break;
|
|
|
|
|
|
default :
|
|
|
|
/*
|
|
* Call the appropriate worker routine based on channel type
|
|
*/
|
|
switch ( pChannel->ChannelClass ) {
|
|
|
|
case Channel_Keyboard :
|
|
Status = IcaDeviceControlKeyboard( pChannel, Irp, IrpSp );
|
|
break;
|
|
|
|
case Channel_Mouse :
|
|
Status = IcaDeviceControlMouse( pChannel, Irp, IrpSp );
|
|
break;
|
|
|
|
case Channel_Video :
|
|
Status = IcaDeviceControlVideo( pChannel, Irp, IrpSp );
|
|
break;
|
|
|
|
case Channel_Beep :
|
|
Status = IcaDeviceControlBeep( pChannel, Irp, IrpSp );
|
|
break;
|
|
|
|
case Channel_Virtual :
|
|
Status = IcaDeviceControlVirtual( pChannel, Irp, IrpSp );
|
|
break;
|
|
|
|
case Channel_Command :
|
|
Status = STATUS_INVALID_DEVICE_REQUEST;
|
|
break;
|
|
|
|
default:
|
|
ASSERTMSG( "ICA.SYS: Invalid Channel Class", FALSE );
|
|
Status = STATUS_INVALID_DEVICE_REQUEST;
|
|
break;
|
|
}
|
|
}
|
|
} except( IcaExceptionFilter( L"IcaDeviceControlChannel TRAPPED!!",
|
|
GetExceptionInformation() ) ) {
|
|
Status = GetExceptionCode();
|
|
}
|
|
|
|
#if DBG
|
|
if ( code != IOCTL_ICA_CHANNEL_TRACE ) {
|
|
TRACECHANNEL(( pChannel, TC_ICADD, TT_API1, "TermDD: IcaDeviceControlChannel, fc %d, ref %u, 0x%x\n",
|
|
(code & 0x3fff) >> 2, pChannel->RefCount, Status ));
|
|
}
|
|
#endif
|
|
|
|
|
|
return Status;
|
|
}
|
|
|
|
|
|
NTSTATUS IcaFlushChannel(
|
|
IN PICA_CHANNEL pChannel,
|
|
IN PIRP Irp,
|
|
IN PIO_STACK_LOCATION IrpSp)
|
|
{
|
|
KIRQL cancelIrql;
|
|
PLIST_ENTRY Head;
|
|
PINBUF pInBuf;
|
|
|
|
TRACECHANNEL((pChannel, TC_ICADD, TT_API2,
|
|
"TermDD: IcaFlushChannel, cc %u, vc %d\n",
|
|
pChannel->ChannelClass, pChannel->VirtualClass));
|
|
|
|
/*
|
|
* Lock channel while we flush any input buffers.
|
|
*/
|
|
IcaLockChannel(pChannel);
|
|
|
|
while (!IsListEmpty( &pChannel->InputBufHead)) {
|
|
Head = RemoveHeadList(&pChannel->InputBufHead);
|
|
pInBuf = CONTAINING_RECORD(Head, INBUF, Links);
|
|
ICA_FREE_POOL(pInBuf);
|
|
}
|
|
|
|
IcaUnlockChannel(pChannel);
|
|
|
|
return STATUS_SUCCESS;
|
|
}
|
|
|
|
|
|
NTSTATUS IcaCleanupChannel(
|
|
IN PICA_CHANNEL pChannel,
|
|
IN PIRP Irp,
|
|
IN PIO_STACK_LOCATION IrpSp)
|
|
{
|
|
KIRQL cancelIrql;
|
|
PLIST_ENTRY Head;
|
|
PIRP ReadIrp;
|
|
PINBUF pInBuf;
|
|
|
|
TRACECHANNEL((pChannel, TC_ICADD, TT_API2,
|
|
"TermDD: IcaCleanupChannel, cc %u, vc %d\n",
|
|
pChannel->ChannelClass, pChannel->VirtualClass));
|
|
|
|
/*
|
|
* Decrement the open count; if it is 0, perform channel cleanup now.
|
|
*/
|
|
ASSERT(pChannel->OpenCount > 0);
|
|
if (InterlockedDecrement( &pChannel->OpenCount) == 0) {
|
|
|
|
/*
|
|
* Lock channel while we clear out any
|
|
* pending read IRPs and/or input buffers.
|
|
*/
|
|
IcaLockChannel(pChannel);
|
|
|
|
/*
|
|
* Indicate this channel is being closed
|
|
*/
|
|
pChannel->Flags |= CHANNEL_CLOSING;
|
|
|
|
IoAcquireCancelSpinLock( &cancelIrql );
|
|
while ( !IsListEmpty( &pChannel->InputIrpHead ) ) {
|
|
Head = pChannel->InputIrpHead.Flink;
|
|
ReadIrp = CONTAINING_RECORD( Head, IRP, Tail.Overlay.ListEntry );
|
|
ReadIrp->CancelIrql = cancelIrql;
|
|
IoSetCancelRoutine( ReadIrp, NULL );
|
|
_IcaReadChannelCancelIrp( IrpSp->DeviceObject, ReadIrp );
|
|
IoAcquireCancelSpinLock( &cancelIrql );
|
|
}
|
|
IoReleaseCancelSpinLock( cancelIrql );
|
|
|
|
while ( !IsListEmpty( &pChannel->InputBufHead ) ) {
|
|
Head = RemoveHeadList( &pChannel->InputBufHead );
|
|
pInBuf = CONTAINING_RECORD( Head, INBUF, Links );
|
|
ICA_FREE_POOL( pInBuf );
|
|
}
|
|
|
|
IcaUnlockChannel(pChannel);
|
|
}
|
|
|
|
return STATUS_SUCCESS;
|
|
}
|
|
|
|
|
|
NTSTATUS IcaCloseChannel(
|
|
IN PICA_CHANNEL pChannel,
|
|
IN PIRP Irp,
|
|
IN PIO_STACK_LOCATION IrpSp)
|
|
{
|
|
PICA_CONNECTION pConnect;
|
|
|
|
TRACECHANNEL(( pChannel, TC_ICADD, TT_API2, "TermDD: IcaCloseChannel, cc %u, vc %d, vn %s\n",
|
|
pChannel->ChannelClass, pChannel->VirtualClass, pChannel->VirtualName ));
|
|
|
|
pConnect = pChannel->pConnect;
|
|
|
|
/*
|
|
* Remove the file object reference for this channel.
|
|
*/
|
|
IcaDereferenceChannel(pChannel);
|
|
|
|
return STATUS_SUCCESS;
|
|
}
|
|
|
|
|
|
NTSTATUS IcaChannelInput(
|
|
IN PSDCONTEXT pContext,
|
|
IN CHANNELCLASS ChannelClass,
|
|
IN VIRTUALCHANNELCLASS VirtualClass,
|
|
IN PINBUF pInBuf OPTIONAL,
|
|
IN PUCHAR pBuffer OPTIONAL,
|
|
IN ULONG ByteCount)
|
|
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This is the input (stack callup) routine for ICA channel input.
|
|
|
|
Arguments:
|
|
|
|
pContext - Pointer to SDCONTEXT for this Stack Driver
|
|
|
|
ChannelClass - Channel number for input
|
|
|
|
VirtualClass - Virtual channel number for input
|
|
|
|
pInBuf - Pointer to INBUF containing data
|
|
|
|
pBuffer - Pointer to input data
|
|
|
|
NOTE: Either pInBuf OR pBuffer must be specified, but not both.
|
|
|
|
ByteCount - length of data in pBuffer
|
|
|
|
Return Value:
|
|
|
|
NTSTATUS -- Indicates whether the request was handled successfully.
|
|
|
|
--*/
|
|
|
|
{
|
|
PSDLINK pSdLink;
|
|
PICA_STACK pStack;
|
|
PICA_CONNECTION pConnect;
|
|
NTSTATUS Status;
|
|
|
|
/*
|
|
* Use SD passed context to get the SDLINK pointer.
|
|
*/
|
|
pSdLink = CONTAINING_RECORD( pContext, SDLINK, SdContext );
|
|
pStack = pSdLink->pStack; // save stack pointer for use below
|
|
pConnect = IcaGetConnectionForStack( pStack );
|
|
ASSERT( pSdLink->pStack->Header.Type == IcaType_Stack );
|
|
ASSERT( pSdLink->pStack->Header.pDispatchTable == IcaStackDispatchTable );
|
|
|
|
TRACESTACK(( pStack, TC_ICADD, TT_API1, "TermDD: IcaChannelInput, bc=%u (enter)\n", ByteCount ));
|
|
|
|
/*
|
|
* Only the stack object should be locked during input.
|
|
*/
|
|
ASSERT( ExIsResourceAcquiredExclusiveLite( &pStack->Resource ) );
|
|
|
|
/*
|
|
* Walk up the SDLINK list looking for a driver which has specified
|
|
* a ChannelInput callup routine. If we find one, then call the
|
|
* driver ChannelInput routine to let it handle the call.
|
|
*/
|
|
while ( (pSdLink = IcaGetPreviousSdLink( pSdLink )) != NULL ) {
|
|
ASSERT( pSdLink->pStack == pStack );
|
|
if ( pSdLink->SdContext.pCallup->pSdChannelInput ) {
|
|
IcaReferenceSdLink( pSdLink );
|
|
Status = (pSdLink->SdContext.pCallup->pSdChannelInput)(
|
|
pSdLink->SdContext.pContext,
|
|
ChannelClass,
|
|
VirtualClass,
|
|
pInBuf,
|
|
pBuffer,
|
|
ByteCount );
|
|
IcaDereferenceSdLink( pSdLink );
|
|
return Status;
|
|
}
|
|
}
|
|
|
|
return IcaChannelInputInternal(pStack, ChannelClass, VirtualClass,
|
|
pInBuf, pBuffer, ByteCount);
|
|
}
|
|
|
|
|
|
NTSTATUS IcaChannelInputInternal(
|
|
IN PICA_STACK pStack,
|
|
IN CHANNELCLASS ChannelClass,
|
|
IN VIRTUALCHANNELCLASS VirtualClass,
|
|
IN PINBUF pInBuf OPTIONAL,
|
|
IN PCHAR pBuffer OPTIONAL,
|
|
IN ULONG ByteCount)
|
|
{
|
|
PICA_COMMAND_HEADER pHeader;
|
|
PICA_CONNECTION pConnect;
|
|
PICA_CHANNEL pChannel;
|
|
PLIST_ENTRY Head;
|
|
PIRP Irp;
|
|
PIO_STACK_LOCATION IrpSp;
|
|
KIRQL cancelIrql;
|
|
ULONG CopyCount;
|
|
NTSTATUS Status;
|
|
SD_IOCTL SdIoctl;
|
|
|
|
TRACESTACK(( pStack, TC_ICADD, TT_API2,
|
|
"TermDD: IcaChannelInputInternal: cc %u, vc %d, bc %u\n",
|
|
ChannelClass, VirtualClass, ByteCount ));
|
|
|
|
/*
|
|
* Check for channel command
|
|
*/
|
|
switch ( ChannelClass ) {
|
|
|
|
case Channel_Keyboard :
|
|
case Channel_Mouse :
|
|
KeQuerySystemTime( &pStack->LastInputTime );
|
|
break;
|
|
|
|
case Channel_Command :
|
|
|
|
if ( ByteCount < sizeof(ICA_COMMAND_HEADER) ) {
|
|
TRACESTACK(( pStack, TC_ICADD, TT_ERROR,
|
|
"TermDD: IcaChannelInputInternal: Channel_command bad bytecount\n" ));
|
|
break;
|
|
}
|
|
|
|
pHeader = (PICA_COMMAND_HEADER) pBuffer;
|
|
|
|
switch ( pHeader->Command ) {
|
|
case ICA_COMMAND_BROKEN_CONNECTION :
|
|
TRACESTACK(( pStack, TC_ICADD, TT_API1,
|
|
"TermDD: IcaChannelInputInternal, Broken Connection\n" ));
|
|
|
|
/* set closing flag */
|
|
pStack->fClosing = TRUE;
|
|
|
|
/*
|
|
* Send cancel i/o to stack drivers
|
|
* - fClosing flag must be set before issuing cancel i/o
|
|
*/
|
|
SdIoctl.IoControlCode = IOCTL_ICA_STACK_CANCEL_IO;
|
|
(void) _IcaCallStackNoLock( pStack, SD$IOCTL, &SdIoctl );
|
|
|
|
/*
|
|
* If a broken event has been registered for this stack,
|
|
* then signal the event now.
|
|
* NOTE: In this case we exit without forwarding the
|
|
* broken notification to the channel.
|
|
*/
|
|
if ( pStack->pBrokenEventObject ) {
|
|
KeSetEvent( pStack->pBrokenEventObject, 0, FALSE );
|
|
ObDereferenceObject( pStack->pBrokenEventObject );
|
|
pStack->pBrokenEventObject = NULL;
|
|
if ( pInBuf )
|
|
ICA_FREE_POOL( pInBuf );
|
|
return( STATUS_SUCCESS );
|
|
}
|
|
break;
|
|
}
|
|
break;
|
|
}
|
|
|
|
/*
|
|
* Get the specified channel for this input packet.
|
|
* If not found, we have no choice but to bit-bucket the data.
|
|
*/
|
|
pConnect = IcaGetConnectionForStack(pStack);
|
|
pChannel = IcaFindChannel(pConnect, ChannelClass, VirtualClass);
|
|
if (pChannel == NULL) {
|
|
if (pInBuf)
|
|
ICA_FREE_POOL(pInBuf);
|
|
TRACESTACK((pStack, TC_ICADD, TT_ERROR,
|
|
"TermDD: IcaChannelInputInternal: channel not found\n" ));
|
|
return STATUS_SUCCESS;
|
|
}
|
|
|
|
/*
|
|
* Lock channel while processing I/O
|
|
*/
|
|
IcaLockChannel(pChannel);
|
|
|
|
/*
|
|
* If input is from a shadow stack and this channel should not
|
|
* process shadow I/O then bit bucket the data.
|
|
* Do the same if the channel is closing or IO are disabled.
|
|
*/
|
|
if ( (pChannel->Flags & (CHANNEL_SESSION_DISABLEIO | CHANNEL_CLOSING)) ||
|
|
(pStack->StackClass == Stack_Shadow &&
|
|
!(pChannel->Flags & CHANNEL_SHADOW_IO)) ) {
|
|
|
|
IcaUnlockChannel(pChannel);
|
|
IcaDereferenceChannel(pChannel);
|
|
if (pInBuf)
|
|
ICA_FREE_POOL(pInBuf);
|
|
TRACESTACK((pStack, TC_ICADD, TT_API2,
|
|
"TermDD: IcaChannelInputInternal: shadow or closing channel input\n"));
|
|
return STATUS_SUCCESS;
|
|
}
|
|
|
|
/*
|
|
* If input is from an INBUF, initialize pBuffer and ByteCount
|
|
* with values from the buffer header.
|
|
*/
|
|
if (pInBuf) {
|
|
pBuffer = pInBuf->pBuffer;
|
|
ByteCount = pInBuf->ByteCount;
|
|
}
|
|
|
|
/*
|
|
* If there is a channel filter loaded for this channel,
|
|
* then pass the input data through it before going on.
|
|
*/
|
|
if (pChannel->pFilter) {
|
|
PINBUF pFilterBuf;
|
|
|
|
pChannel->pFilter->InputFilter(pChannel->pFilter, pBuffer, ByteCount,
|
|
&pFilterBuf);
|
|
if (pInBuf)
|
|
ICA_FREE_POOL(pInBuf);
|
|
|
|
/*
|
|
* Refresh INBUF pointer, buffer pointer, and byte count.
|
|
*/
|
|
pInBuf = pFilterBuf;
|
|
pBuffer = pInBuf->pBuffer;
|
|
ByteCount = pInBuf->ByteCount;
|
|
}
|
|
|
|
|
|
/*
|
|
* Process the input data
|
|
*/
|
|
while ( ByteCount != 0 ) {
|
|
|
|
/*
|
|
* If this is a shadow stack, see if the stack we're shadowing is
|
|
* for a console session
|
|
*/
|
|
if (pStack->StackClass == Stack_Shadow)
|
|
{
|
|
PICA_STACK pTopStack;
|
|
PLIST_ENTRY Head, Next;
|
|
|
|
Head = &pConnect->StackHead;
|
|
Next = Head->Flink;
|
|
|
|
pTopStack = CONTAINING_RECORD( Next, ICA_STACK, StackEntry );
|
|
|
|
if (pTopStack->StackClass == Stack_Console)
|
|
{
|
|
/*
|
|
* It is the console, so put on our keyboard/mouse port
|
|
* driver hat and inject the input that way
|
|
*/
|
|
if (ChannelClass == Channel_Mouse)
|
|
{
|
|
MOUSE_INPUT_DATA *pmInputData;
|
|
ULONG count;
|
|
|
|
pmInputData = (MOUSE_INPUT_DATA *)pBuffer;
|
|
count = ByteCount / sizeof(MOUSE_INPUT_DATA);
|
|
|
|
/*
|
|
* This function will always consume all the data
|
|
*/
|
|
PtSendCurrentMouseInput(MouDeviceObject, pmInputData, count);
|
|
ByteCount = 0;
|
|
continue;
|
|
}
|
|
else if (ChannelClass == Channel_Keyboard)
|
|
{
|
|
KEYBOARD_INPUT_DATA *pkInputData;
|
|
ULONG count;
|
|
|
|
pkInputData = (KEYBOARD_INPUT_DATA *)pBuffer;
|
|
count = ByteCount / sizeof(KEYBOARD_INPUT_DATA);
|
|
|
|
/*
|
|
* This function will always consume all the data
|
|
*/
|
|
PtSendCurrentKeyboardInput(KbdDeviceObject, pkInputData, count);
|
|
ByteCount = 0;
|
|
continue;
|
|
}
|
|
}
|
|
}
|
|
/*
|
|
* Acquire IoCancel spinlock while checking InputIrp list
|
|
*/
|
|
IoAcquireCancelSpinLock( &cancelIrql );
|
|
|
|
/*
|
|
* If there is a pending read IRP, then remove it from the
|
|
* list and try to complete it now.
|
|
*/
|
|
if ( !IsListEmpty( &pChannel->InputIrpHead ) ) {
|
|
|
|
Head = RemoveHeadList( &pChannel->InputIrpHead );
|
|
Irp = CONTAINING_RECORD( Head, IRP, Tail.Overlay.ListEntry );
|
|
IrpSp = IoGetCurrentIrpStackLocation( Irp );
|
|
|
|
/*
|
|
* Clear the cancel routine for this IRP
|
|
*/
|
|
IoSetCancelRoutine( Irp, NULL );
|
|
IoReleaseCancelSpinLock( cancelIrql );
|
|
|
|
/*
|
|
* If this is a message mode channel, all data from a single input
|
|
* buffer must fit in the user buffer, otherwise we return an error.
|
|
*/
|
|
if ( IrpSp->Parameters.Read.Length < ByteCount &&
|
|
(pChannel->Flags & CHANNEL_MESSAGE_MODE) ) {
|
|
Irp->IoStatus.Status = STATUS_BUFFER_TOO_SMALL;
|
|
IoCompleteRequest( Irp, IcaPriorityBoost );
|
|
TRACECHANNEL(( pChannel, TC_ICADD, TT_API2,
|
|
"TermDD: IcaChannelInputInternal: cc %u, vc %d, (too small)\n",
|
|
ChannelClass, VirtualClass ));
|
|
continue;
|
|
}
|
|
|
|
/*
|
|
* Determine amount of data to copy to user's buffer.
|
|
*/
|
|
CopyCount = min( IrpSp->Parameters.Read.Length, ByteCount );
|
|
|
|
/*
|
|
* Copy input data to user's buffer
|
|
*/
|
|
Status = _IcaCopyDataToUserBuffer( Irp, pBuffer, CopyCount );
|
|
|
|
/*
|
|
* Mark the Irp complete and return success
|
|
*/
|
|
Irp->IoStatus.Status = Status;
|
|
IoCompleteRequest( Irp, IcaPriorityBoost );
|
|
TRACECHANNEL(( pChannel, TC_ICADD, TT_API2,
|
|
"TermDD: IcaChannelInputInternal: cc %u, vc %d, bc %u, 0x%x\n",
|
|
ChannelClass, VirtualClass, CopyCount, Status ));
|
|
|
|
/*
|
|
* Update input data pointer and count remaining.
|
|
* Note no need to update pChannel->InputBufCurSize since we never
|
|
* stored this data.
|
|
*/
|
|
if ( Status == STATUS_SUCCESS ) {
|
|
pBuffer += CopyCount;
|
|
ByteCount -= CopyCount;
|
|
if ( pInBuf ) {
|
|
pInBuf->pBuffer += CopyCount;
|
|
pInBuf->ByteCount -= CopyCount;
|
|
}
|
|
}
|
|
|
|
/*
|
|
* There are no pending IRPs for this channel, so just queue the data.
|
|
*/
|
|
} else {
|
|
|
|
IoReleaseCancelSpinLock( cancelIrql );
|
|
|
|
/*
|
|
* Check to see if we need to discard the data (too much data
|
|
* backed up). This policy only takes effect when the max size
|
|
* is nonzero, which is currently only the case for mouse and
|
|
* keyboard inputs which can withstand being dropped.
|
|
* Note that the read IRPs sent for channels that can have
|
|
* data dropped must request in integral numbers of input
|
|
* blocks -- e.g. a mouse read IRP must have a read buffer size
|
|
* that is a multiple of sizeof(MOUSE_INPUT_DATA). If this is
|
|
* not the case the immediate-copy block above may copy
|
|
* partial input blocks before arriving here.
|
|
*/
|
|
if (pChannel->InputBufMaxSize == 0 ||
|
|
(pChannel->InputBufCurSize + ByteCount) <=
|
|
pChannel->InputBufMaxSize) {
|
|
/*
|
|
* If necessary, allocate an input buffer and copy the data
|
|
*/
|
|
if (pInBuf == NULL) {
|
|
/*
|
|
* Get input buffer and copy the data
|
|
* If this fails, we have no choice but to bail out.
|
|
*/
|
|
pInBuf = ICA_ALLOCATE_POOL(NonPagedPool, sizeof(INBUF) +
|
|
ByteCount);
|
|
if (pInBuf != NULL) {
|
|
pInBuf->ByteCount = ByteCount;
|
|
pInBuf->MaxByteCount = ByteCount;
|
|
pInBuf->pBuffer = (PUCHAR)(pInBuf + 1);
|
|
RtlCopyMemory(pInBuf->pBuffer, pBuffer, ByteCount);
|
|
}
|
|
else {
|
|
break;
|
|
}
|
|
}
|
|
|
|
/*
|
|
* Add buffer to tail of input list and clear pInBuf
|
|
* to indicate we have no buffer to free when done.
|
|
*/
|
|
InsertTailList( &pChannel->InputBufHead, &pInBuf->Links );
|
|
pChannel->InputBufCurSize += ByteCount;
|
|
pInBuf = NULL;
|
|
|
|
/*
|
|
* If any read(s) were posted while we allocated the input
|
|
* buffer, then try to complete as many as possible.
|
|
*/
|
|
IoAcquireCancelSpinLock( &cancelIrql );
|
|
while ( !IsListEmpty( &pChannel->InputIrpHead ) &&
|
|
!IsListEmpty( &pChannel->InputBufHead ) ) {
|
|
|
|
Head = RemoveHeadList( &pChannel->InputIrpHead );
|
|
Irp = CONTAINING_RECORD( Head, IRP, Tail.Overlay.ListEntry );
|
|
IoSetCancelRoutine( Irp, NULL );
|
|
IoReleaseCancelSpinLock( cancelIrql );
|
|
|
|
IrpSp = IoGetCurrentIrpStackLocation( Irp );
|
|
|
|
Status = _IcaReadChannelComplete( pChannel, Irp, IrpSp );
|
|
IoAcquireCancelSpinLock( &cancelIrql );
|
|
}
|
|
IoReleaseCancelSpinLock( cancelIrql );
|
|
}
|
|
else {
|
|
TRACESTACK(( pStack, TC_ICADD, TT_ERROR,
|
|
"TermDD: IcaChannelInputInternal: Dropped %u bytes "
|
|
"on channelclass %u\n", ByteCount, ChannelClass));
|
|
}
|
|
|
|
break;
|
|
}
|
|
}
|
|
|
|
/*
|
|
* Unlock channel now
|
|
*/
|
|
IcaUnlockChannel(pChannel);
|
|
|
|
/*
|
|
* If we still have an INBUF, free it now.
|
|
*/
|
|
if (pInBuf)
|
|
ICA_FREE_POOL(pInBuf);
|
|
|
|
/*
|
|
* Decrement channel refcount and return
|
|
*/
|
|
IcaDereferenceChannel(pChannel);
|
|
|
|
return STATUS_SUCCESS;
|
|
}
|
|
|
|
|
|
/****************************************************************************/
|
|
// IcaFindChannel
|
|
// IcaFindChannelByName
|
|
//
|
|
// Searches for a given channel in the connection channel list, and returns
|
|
// a pointer to it (with an added reference). Returns NULL if not found.
|
|
/****************************************************************************/
|
|
PICA_CHANNEL IcaFindChannel(
|
|
IN PICA_CONNECTION pConnect,
|
|
IN CHANNELCLASS ChannelClass,
|
|
IN VIRTUALCHANNELCLASS VirtualClass)
|
|
{
|
|
PICA_CHANNEL pChannel;
|
|
KIRQL oldIrql;
|
|
NTSTATUS Status;
|
|
|
|
/*
|
|
* Ensure we're not looking for an invalid virtual channel number
|
|
*/
|
|
ASSERT( ChannelClass != Channel_Virtual ||
|
|
(VirtualClass >= 0 && VirtualClass < VIRTUAL_MAXIMUM) );
|
|
|
|
/*
|
|
* If channel does not exist, return NULL.
|
|
*/
|
|
|
|
IcaLockChannelTable(&pConnect->ChannelTableLock);
|
|
|
|
pChannel = pConnect->pChannel[ ChannelClass + VirtualClass ];
|
|
|
|
if (pChannel == NULL) {
|
|
TRACE(( pConnect, TC_ICADD, TT_API3,
|
|
"TermDD: IcaFindChannel, cc %u, vc %d (not found)\n",
|
|
ChannelClass, VirtualClass ));
|
|
IcaUnlockChannelTable(&pConnect->ChannelTableLock);
|
|
return NULL;
|
|
}
|
|
|
|
IcaReferenceChannel(pChannel);
|
|
|
|
IcaUnlockChannelTable(&pConnect->ChannelTableLock);
|
|
|
|
TRACE((pConnect, TC_ICADD, TT_API3,
|
|
"TermDD: IcaFindChannel, cc %u, vc %d -> %s\n",
|
|
ChannelClass, VirtualClass, pChannel->VirtualName));
|
|
|
|
return pChannel;
|
|
}
|
|
|
|
|
|
PICA_CHANNEL IcaFindChannelByName(
|
|
IN PICA_CONNECTION pConnect,
|
|
IN CHANNELCLASS ChannelClass,
|
|
IN PVIRTUALCHANNELNAME pVirtualName)
|
|
{
|
|
PICA_CHANNEL pChannel;
|
|
PLIST_ENTRY Head, Next;
|
|
|
|
ASSERT( ExIsResourceAcquiredExclusiveLite( &pConnect->Resource ) );
|
|
|
|
/*
|
|
* If this is not a virtual channel use channel class only
|
|
*/
|
|
if (ChannelClass != Channel_Virtual) {
|
|
return IcaFindChannel( pConnect, ChannelClass, 0);
|
|
}
|
|
|
|
/*
|
|
* Search the existing channel structures to locate virtual channel name
|
|
*/
|
|
|
|
IcaLockChannelTable(&pConnect->ChannelTableLock);
|
|
|
|
Head = &pConnect->ChannelHead;
|
|
for ( Next = Head->Flink; Next != Head; Next = Next->Flink ) {
|
|
pChannel = CONTAINING_RECORD( Next, ICA_CHANNEL, Links );
|
|
if ( (pChannel->ChannelClass == Channel_Virtual) &&
|
|
!_stricmp( pChannel->VirtualName, pVirtualName ) ) {
|
|
break;
|
|
}
|
|
}
|
|
|
|
/*
|
|
* If name does not exist, return unbound
|
|
*/
|
|
if (Next == Head) {
|
|
TRACE((pConnect, TC_ICADD, TT_API2,
|
|
"TermDD: IcaFindChannelByName: vn %s (not found)\n", pVirtualName));
|
|
IcaUnlockChannelTable(&pConnect->ChannelTableLock);
|
|
return(NULL);
|
|
}
|
|
|
|
IcaReferenceChannel(pChannel);
|
|
|
|
IcaUnlockChannelTable(&pConnect->ChannelTableLock);
|
|
TRACE((pConnect, TC_ICADD, TT_API2,
|
|
"TermDD: IcaFindChannelByName: vn %s, vc %d, ref %u\n",
|
|
pVirtualName, pChannel->VirtualClass,
|
|
(pChannel != NULL ? pChannel->RefCount : 0)));
|
|
|
|
return pChannel;
|
|
}
|
|
|
|
|
|
VOID IcaReferenceChannel(IN PICA_CHANNEL pChannel)
|
|
{
|
|
TRACECHANNEL((pChannel, TC_ICADD, TT_API2,
|
|
"TermDD: IcaReferenceChannel: cc %u, vc %d, ref %u\n",
|
|
pChannel->ChannelClass, pChannel->VirtualClass, pChannel->RefCount));
|
|
|
|
ASSERT(pChannel->RefCount >= 0);
|
|
|
|
/*
|
|
* Increment the reference count
|
|
*/
|
|
if (InterlockedIncrement( &pChannel->RefCount) <= 0) {
|
|
ASSERT(FALSE);
|
|
}
|
|
}
|
|
|
|
|
|
VOID IcaDereferenceChannel(
|
|
IN PICA_CHANNEL pChannel)
|
|
{
|
|
BOOLEAN bNeedLock = FALSE;
|
|
BOOLEAN bChannelFreed = FALSE;
|
|
PERESOURCE pResource = pChannel->pChannelTableLock;
|
|
PICA_CONNECTION pConnect = pChannel->pConnect;
|
|
TRACECHANNEL((pChannel, TC_ICADD, TT_API2,
|
|
"TermDD: IcaDefeferenceChannel: cc %u, vc %d, ref %u\n",
|
|
pChannel->ChannelClass, pChannel->VirtualClass,
|
|
pChannel->RefCount));
|
|
|
|
ASSERT(pChannel->RefCount > 0);
|
|
|
|
/*
|
|
* Lock the channel table since a reference going to Zero would cause
|
|
* to change table entry.
|
|
*/
|
|
if (pChannel->RefCount == 1) {
|
|
bNeedLock = TRUE;
|
|
IcaLockChannelTable(pResource);
|
|
}
|
|
|
|
/*
|
|
* Decrement the reference count; if it is 0, free the channel.
|
|
*/
|
|
if (InterlockedDecrement(&pChannel->RefCount) == 0){
|
|
ASSERT(bNeedLock);
|
|
_IcaFreeChannel(pChannel);
|
|
bChannelFreed = TRUE;
|
|
}
|
|
|
|
if (bNeedLock) {
|
|
IcaUnlockChannelTable(pResource);
|
|
}
|
|
|
|
/*
|
|
* Remove the reference to the Connection object for this channel.
|
|
* moved this here from _IcaFreeChannel because we need to be sure
|
|
* the connection object can't go away before the call to IcaUnlockChannelTable
|
|
* because the connection object is where the channel table locck live.
|
|
*/
|
|
if (bChannelFreed) {
|
|
IcaDereferenceConnection(pConnect);
|
|
}
|
|
}
|
|
|
|
|
|
NTSTATUS IcaBindVirtualChannels(IN PICA_STACK pStack)
|
|
{
|
|
PICA_CONNECTION pConnect;
|
|
PSD_VCBIND pSdVcBind = NULL;
|
|
SD_VCBIND aSdVcBind[ VIRTUAL_MAXIMUM ];
|
|
ULONG SdVcBindCount;
|
|
VIRTUALCHANNELCLASS VirtualClass;
|
|
PICA_CHANNEL pChannel;
|
|
NTSTATUS Status;
|
|
ULONG i, Flags;
|
|
SD_IOCTL SdIoctl;
|
|
|
|
pConnect = IcaLockConnectionForStack(pStack);
|
|
|
|
SdIoctl.IoControlCode = IOCTL_ICA_VIRTUAL_QUERY_BINDINGS;
|
|
SdIoctl.InputBuffer = NULL;
|
|
SdIoctl.InputBufferLength = 0;
|
|
SdIoctl.OutputBuffer = aSdVcBind;
|
|
SdIoctl.OutputBufferLength = sizeof(aSdVcBind);
|
|
Status = _IcaCallStack(pStack, SD$IOCTL, &SdIoctl);
|
|
if (NT_SUCCESS(Status)) {
|
|
pSdVcBind = &aSdVcBind[0];
|
|
SdVcBindCount = SdIoctl.BytesReturned / sizeof(SD_VCBIND);
|
|
|
|
for (i = 0; i < SdVcBindCount; i++, pSdVcBind++) {
|
|
TRACE((pConnect, TC_ICADD, TT_API2,
|
|
"TermDD: IcaBindVirtualChannels: %s -> %d Flags=%x\n",
|
|
pSdVcBind->VirtualName, pSdVcBind->VirtualClass, pSdVcBind->Flags));
|
|
|
|
/*
|
|
* Locate virtual class binding
|
|
*/
|
|
VirtualClass = _IcaFindVcBind(pConnect, pSdVcBind->VirtualName, &Flags);
|
|
|
|
/*
|
|
* If virtual class binding does not exist, create one
|
|
*/
|
|
if (VirtualClass == UNBOUND_CHANNEL) {
|
|
/*
|
|
* Allocate a new virtual bind object
|
|
*/
|
|
Status = _IcaRegisterVcBind(pConnect, pSdVcBind->VirtualName,
|
|
pSdVcBind->VirtualClass, pSdVcBind->Flags );
|
|
if (!NT_SUCCESS(Status))
|
|
goto PostLockConnection;
|
|
}
|
|
|
|
/*
|
|
* Locate channel object
|
|
*/
|
|
pChannel = IcaFindChannelByName(pConnect, Channel_Virtual,
|
|
pSdVcBind->VirtualName);
|
|
|
|
/*
|
|
* If we found an existing channel object - update it
|
|
*/
|
|
if (pChannel != NULL) {
|
|
IcaLockChannel(pChannel);
|
|
_IcaBindChannel(pChannel, Channel_Virtual, pSdVcBind->VirtualClass, pSdVcBind->Flags);
|
|
IcaUnlockChannel(pChannel);
|
|
IcaDereferenceChannel(pChannel);
|
|
}
|
|
}
|
|
}
|
|
|
|
PostLockConnection:
|
|
IcaUnlockConnection(pConnect);
|
|
return Status;
|
|
}
|
|
|
|
|
|
VOID IcaRebindVirtualChannels(IN PICA_CONNECTION pConnect)
|
|
{
|
|
PLIST_ENTRY Head, Next;
|
|
PICA_VCBIND pVcBind;
|
|
PICA_CHANNEL pChannel;
|
|
|
|
Head = &pConnect->VcBindHead;
|
|
for (Next = Head->Flink; Next != Head; Next = Next->Flink) {
|
|
pVcBind = CONTAINING_RECORD(Next, ICA_VCBIND, Links);
|
|
|
|
/*
|
|
* Locate channel object
|
|
*/
|
|
pChannel = IcaFindChannelByName(pConnect, Channel_Virtual,
|
|
pVcBind->VirtualName);
|
|
|
|
/*
|
|
* If we found an existing channel object - update it
|
|
*/
|
|
if (pChannel != NULL) {
|
|
IcaLockChannel(pChannel);
|
|
_IcaBindChannel(pChannel, Channel_Virtual, pVcBind->VirtualClass, pVcBind->Flags);
|
|
IcaUnlockChannel(pChannel);
|
|
IcaDereferenceChannel(pChannel);
|
|
}
|
|
}
|
|
}
|
|
|
|
|
|
VOID IcaUnbindVirtualChannels(IN PICA_CONNECTION pConnect)
|
|
{
|
|
PLIST_ENTRY Head, Next;
|
|
PICA_CHANNEL pChannel;
|
|
KIRQL oldIrql;
|
|
|
|
/*
|
|
* Loop through the channel list and clear the virtual class
|
|
* for all virtual channels. Also remove the channel pointer
|
|
* from the channel pointers array in the connection object.
|
|
*/
|
|
|
|
IcaLockChannelTable(&pConnect->ChannelTableLock);
|
|
Head = &pConnect->ChannelHead;
|
|
for (Next = Head->Flink; Next != Head; Next = Next->Flink) {
|
|
pChannel = CONTAINING_RECORD(Next, ICA_CHANNEL, Links);
|
|
if (pChannel->ChannelClass == Channel_Virtual &&
|
|
pChannel->VirtualClass != UNBOUND_CHANNEL) {
|
|
pConnect->pChannel[pChannel->ChannelClass +
|
|
pChannel->VirtualClass] = NULL;
|
|
pChannel->VirtualClass = UNBOUND_CHANNEL;
|
|
}
|
|
}
|
|
IcaUnlockChannelTable(&pConnect->ChannelTableLock);
|
|
}
|
|
|
|
|
|
NTSTATUS IcaUnbindVirtualChannel(
|
|
IN PICA_CONNECTION pConnect,
|
|
IN PVIRTUALCHANNELNAME pVirtualName)
|
|
{
|
|
PLIST_ENTRY Head, Next;
|
|
PICA_CHANNEL pChannel;
|
|
PICA_VCBIND pVcBind;
|
|
KIRQL oldIrql;
|
|
|
|
/*
|
|
* Loop through the channel list and clear the virtual class
|
|
* for the matching virtual channel. Also remove the channel pointer
|
|
* from the channel pointers array in the connection object.
|
|
*/
|
|
|
|
IcaLockChannelTable(&pConnect->ChannelTableLock);
|
|
Head = &pConnect->ChannelHead;
|
|
for (Next = Head->Flink; Next != Head; Next = Next->Flink) {
|
|
pChannel = CONTAINING_RECORD(Next, ICA_CHANNEL, Links);
|
|
if (pChannel->ChannelClass == Channel_Virtual &&
|
|
pChannel->VirtualClass != UNBOUND_CHANNEL &&
|
|
!_stricmp( pChannel->VirtualName, pVirtualName)) {
|
|
pConnect->pChannel[pChannel->ChannelClass +
|
|
pChannel->VirtualClass] = NULL;
|
|
pChannel->VirtualClass = UNBOUND_CHANNEL;
|
|
break;
|
|
}
|
|
}
|
|
|
|
Head = &pConnect->VcBindHead;
|
|
for (Next = Head->Flink; Next != Head; Next = Next->Flink) {
|
|
pVcBind = CONTAINING_RECORD( Next, ICA_VCBIND, Links );
|
|
if (!_stricmp(pVcBind->VirtualName, pVirtualName)) {
|
|
RemoveEntryList( &pVcBind->Links );
|
|
ICA_FREE_POOL(pVcBind);
|
|
IcaUnlockChannelTable(&pConnect->ChannelTableLock);
|
|
return STATUS_SUCCESS;
|
|
}
|
|
}
|
|
IcaUnlockChannelTable(&pConnect->ChannelTableLock);
|
|
|
|
return STATUS_OBJECT_NAME_NOT_FOUND;
|
|
}
|
|
|
|
|
|
PICA_CHANNEL _IcaAllocateChannel(
|
|
IN PICA_CONNECTION pConnect,
|
|
IN CHANNELCLASS ChannelClass,
|
|
IN PVIRTUALCHANNELNAME pVirtualName)
|
|
{
|
|
PICA_CHANNEL pChannel;
|
|
VIRTUALCHANNELCLASS VirtualClass;
|
|
KIRQL oldIrql;
|
|
NTSTATUS Status;
|
|
ULONG Flags;
|
|
|
|
ASSERT(ExIsResourceAcquiredExclusiveLite(&pConnect->Resource));
|
|
|
|
pChannel = ICA_ALLOCATE_POOL(NonPagedPool, sizeof(*pChannel));
|
|
if (pChannel == NULL)
|
|
return( NULL );
|
|
|
|
TRACE((pConnect, TC_ICADD, TT_API2,
|
|
"TermDD: _IcaAllocateChannel: cc %u, vn %s, %x\n",
|
|
ChannelClass, pVirtualName, pChannel));
|
|
|
|
RtlZeroMemory(pChannel, sizeof(*pChannel));
|
|
|
|
|
|
/*
|
|
* Reference the connection object this channel belongs to
|
|
*/
|
|
IcaReferenceConnection(pConnect);
|
|
pChannel->pConnect = pConnect;
|
|
pChannel->pChannelTableLock = &pConnect->ChannelTableLock;
|
|
|
|
|
|
/*
|
|
* Initialize channel reference count to 1;
|
|
* for the file object reference that will be made by the caller.
|
|
*/
|
|
pChannel->RefCount = 1;
|
|
pChannel->CompletionRoutineCount = 0;
|
|
|
|
/*
|
|
* Initialize the rest of the channel object for non-zero values.
|
|
*/
|
|
pChannel->Header.Type = IcaType_Channel;
|
|
pChannel->Header.pDispatchTable = IcaChannelDispatchTable;
|
|
|
|
ExInitializeResourceLite(&pChannel->Resource);
|
|
InitializeListHead(&pChannel->InputIrpHead);
|
|
InitializeListHead(&pChannel->InputBufHead);
|
|
|
|
IcaLockChannel(pChannel);
|
|
|
|
if (ChannelClass == Channel_Virtual) {
|
|
strncpy(pChannel->VirtualName, pVirtualName, VIRTUALCHANNELNAME_LENGTH);
|
|
VirtualClass = _IcaFindVcBind(pConnect, pVirtualName, &Flags);
|
|
} else {
|
|
VirtualClass = 0;
|
|
Flags = 0;
|
|
}
|
|
|
|
_IcaBindChannel(pChannel, ChannelClass, VirtualClass, Flags);
|
|
|
|
/*
|
|
* Link channel object to connect object
|
|
*/
|
|
|
|
IcaLockChannelTable(&pConnect->ChannelTableLock);
|
|
|
|
InsertHeadList(&pConnect->ChannelHead, &pChannel->Links);
|
|
|
|
IcaUnlockChannelTable(&pConnect->ChannelTableLock);
|
|
|
|
/*
|
|
* Set channel type specific flags/fields
|
|
* (i.e. shadow I/O is implicitly enabled for the video, beep,
|
|
* and command channels; the command and all virtual channels
|
|
* are message mode channels)
|
|
* Also sets throttling values taken from registry (if appropriate,
|
|
* plus remember a zeromem done to channel struct above).
|
|
*/
|
|
switch (ChannelClass) {
|
|
case Channel_Keyboard:
|
|
pChannel->InputBufMaxSize = SysParams.KeyboardThrottleSize;
|
|
break;
|
|
|
|
case Channel_Mouse :
|
|
pChannel->InputBufMaxSize = SysParams.MouseThrottleSize;
|
|
break;
|
|
|
|
case Channel_Video :
|
|
case Channel_Beep :
|
|
pChannel->Flags |= CHANNEL_SHADOW_IO;
|
|
break;
|
|
|
|
case Channel_Command :
|
|
pChannel->Flags |= CHANNEL_SHADOW_IO;
|
|
/* fall through */
|
|
|
|
case Channel_Virtual :
|
|
pChannel->Flags |= CHANNEL_MESSAGE_MODE;
|
|
if (!_stricmp( pVirtualName, VIRTUAL_THINWIRE)) {
|
|
pChannel->Flags |= CHANNEL_SCREENDATA;
|
|
}
|
|
break;
|
|
}
|
|
|
|
// Per above assert, this function is assumed to be called while the
|
|
// connection lock is held.
|
|
IcaUnlockChannel(pChannel);
|
|
|
|
return pChannel;
|
|
}
|
|
|
|
|
|
void _IcaFreeChannel(IN PICA_CHANNEL pChannel)
|
|
{
|
|
KIRQL oldIrql;
|
|
|
|
ASSERT(pChannel->RefCount == 0);
|
|
ASSERT(IsListEmpty(&pChannel->InputIrpHead));
|
|
ASSERT(IsListEmpty(&pChannel->InputBufHead));
|
|
ASSERT(!ExIsResourceAcquiredExclusiveLite(&pChannel->Resource));
|
|
|
|
TRACECHANNEL((pChannel, TC_ICADD, TT_API2,
|
|
"TermDD: _IcaFreeChannel: cc %u, vn %s, \n",
|
|
pChannel->ChannelClass, pChannel->VirtualName));
|
|
|
|
|
|
|
|
/*
|
|
* Unlink this channel from the channel list for this connection.
|
|
* this routine must be called with channel table lock held.
|
|
*/
|
|
|
|
RemoveEntryList(&pChannel->Links);
|
|
|
|
if (pChannel->VirtualClass != UNBOUND_CHANNEL) {
|
|
pChannel->pConnect->pChannel[pChannel->ChannelClass + pChannel->VirtualClass] = NULL;
|
|
}
|
|
|
|
|
|
ExDeleteResourceLite(&pChannel->Resource);
|
|
|
|
ICA_FREE_POOL(pChannel);
|
|
}
|
|
|
|
|
|
NTSTATUS _IcaRegisterVcBind(
|
|
IN PICA_CONNECTION pConnect,
|
|
IN PVIRTUALCHANNELNAME pVirtualName,
|
|
IN VIRTUALCHANNELCLASS VirtualClass,
|
|
IN ULONG Flags)
|
|
{
|
|
PICA_VCBIND pVcBind;
|
|
NTSTATUS Status;
|
|
|
|
ASSERT(ExIsResourceAcquiredExclusiveLite(&pConnect->Resource));
|
|
|
|
TRACE((pConnect, TC_ICADD, TT_API2,
|
|
"TermDD: _IcaRegisterVcBind: %s -> %d\n",
|
|
pVirtualName, VirtualClass));
|
|
|
|
/*
|
|
* Allocate bind structure
|
|
*/
|
|
pVcBind = ICA_ALLOCATE_POOL( NonPagedPool, sizeof(*pVcBind) );
|
|
if (pVcBind != NULL) {
|
|
/*
|
|
* Initialize structure
|
|
*/
|
|
RtlZeroMemory(pVcBind, sizeof(*pVcBind));
|
|
strncpy(pVcBind->VirtualName, pVirtualName, VIRTUALCHANNELNAME_LENGTH);
|
|
pVcBind->VirtualClass = VirtualClass;
|
|
pVcBind->Flags = Flags;
|
|
|
|
/*
|
|
* Link bind structure to connect object
|
|
*/
|
|
InsertHeadList(&pConnect->VcBindHead, &pVcBind->Links);
|
|
|
|
return STATUS_SUCCESS;
|
|
}
|
|
else {
|
|
return STATUS_INSUFFICIENT_RESOURCES;
|
|
}
|
|
}
|
|
|
|
|
|
VOID IcaFreeAllVcBind(IN PICA_CONNECTION pConnect)
|
|
{
|
|
PICA_VCBIND pVcBind;
|
|
PLIST_ENTRY Head;
|
|
|
|
TRACE(( pConnect, TC_ICADD, TT_API2, "TermDD: IcaFreeAllVcBind\n" ));
|
|
|
|
/*
|
|
* Free all bind structures
|
|
*/
|
|
while ( !IsListEmpty( &pConnect->VcBindHead ) ) {
|
|
Head = RemoveHeadList( &pConnect->VcBindHead );
|
|
pVcBind = CONTAINING_RECORD( Head, ICA_VCBIND, Links );
|
|
ICA_FREE_POOL( pVcBind );
|
|
}
|
|
|
|
}
|
|
|
|
|
|
VIRTUALCHANNELCLASS _IcaFindVcBind(
|
|
IN PICA_CONNECTION pConnect,
|
|
IN PVIRTUALCHANNELNAME pVirtualName,
|
|
OUT PULONG pFlags)
|
|
{
|
|
PICA_VCBIND pVcBind;
|
|
PLIST_ENTRY Head, Next;
|
|
|
|
ASSERT( ExIsResourceAcquiredExclusiveLite( &pConnect->Resource ) );
|
|
|
|
/*
|
|
* Search the existing VC bind structures to locate virtual channel name
|
|
*/
|
|
Head = &pConnect->VcBindHead;
|
|
for (Next = Head->Flink; Next != Head; Next = Next->Flink) {
|
|
pVcBind = CONTAINING_RECORD(Next, ICA_VCBIND, Links);
|
|
if (!_stricmp(pVcBind->VirtualName, pVirtualName)) {
|
|
TRACE((pConnect, TC_ICADD, TT_API2,
|
|
"TermDD: _IcaFindVcBind: vn %s -> vc %d\n",
|
|
pVirtualName, pVcBind->VirtualClass));
|
|
*pFlags = pVcBind->Flags;
|
|
return pVcBind->VirtualClass;
|
|
}
|
|
}
|
|
|
|
/*
|
|
* If name does not exist, return UNBOUND_CHANNEL
|
|
*/
|
|
TRACE(( pConnect, TC_ICADD, TT_API2,
|
|
"TermDD: _IcaFindVcBind: vn %s (not found)\n", pVirtualName ));
|
|
return UNBOUND_CHANNEL;
|
|
}
|
|
|
|
|
|
VOID _IcaBindChannel(
|
|
IN PICA_CHANNEL pChannel,
|
|
IN CHANNELCLASS ChannelClass,
|
|
IN VIRTUALCHANNELCLASS VirtualClass,
|
|
IN ULONG Flags)
|
|
{
|
|
KIRQL oldIrql;
|
|
|
|
ASSERT(ExIsResourceAcquiredExclusiveLite(&pChannel->Resource));
|
|
|
|
TRACECHANNEL(( pChannel, TC_ICADD, TT_API2,
|
|
"TermDD: _IcaBindChannel: cc %u, vn %s vc %d\n",
|
|
ChannelClass, pChannel->VirtualName, VirtualClass ));
|
|
|
|
pChannel->ChannelClass = ChannelClass;
|
|
pChannel->VirtualClass = VirtualClass;
|
|
IcaLockChannelTable(pChannel->pChannelTableLock);
|
|
|
|
if (Flags & SD_CHANNEL_FLAG_SHADOW_PERSISTENT)
|
|
pChannel->Flags |= CHANNEL_SHADOW_PERSISTENT;
|
|
|
|
if (VirtualClass != UNBOUND_CHANNEL) {
|
|
ASSERT(pChannel->pConnect->pChannel[ChannelClass + VirtualClass] == NULL);
|
|
pChannel->pConnect->pChannel[ChannelClass + VirtualClass] = pChannel;
|
|
}
|
|
IcaUnlockChannelTable(pChannel->pChannelTableLock);
|
|
}
|
|
|
|
|
|
|
|
BOOLEAN IcaLockChannelTable(PERESOURCE pResource)
|
|
{
|
|
KIRQL oldIrql;
|
|
BOOLEAN Result;
|
|
|
|
|
|
/*
|
|
* lock the channel object
|
|
*/
|
|
KeEnterCriticalRegion(); // Disable APC calls when holding a resource.
|
|
Result = ExAcquireResourceExclusiveLite( pResource, TRUE );
|
|
|
|
return Result;
|
|
}
|
|
|
|
|
|
void IcaUnlockChannelTable(PERESOURCE pResource)
|
|
{
|
|
|
|
ExReleaseResourceLite(pResource);
|
|
KeLeaveCriticalRegion(); // Resume APC calls after releasing resource.
|
|
|
|
}
|
|
|
|
NTSTATUS IcaCancelReadChannel(
|
|
IN PICA_CHANNEL pChannel,
|
|
IN PIRP Irp,
|
|
IN PIO_STACK_LOCATION IrpSp)
|
|
{
|
|
KIRQL cancelIrql;
|
|
PLIST_ENTRY Head;
|
|
PIRP ReadIrp;
|
|
PINBUF pInBuf;
|
|
|
|
|
|
TRACECHANNEL((pChannel, TC_ICADD, TT_API2,
|
|
"TermDD: IcaCancelReadChannel, cc %u, vc %d\n",
|
|
pChannel->ChannelClass, pChannel->VirtualClass));
|
|
|
|
/*
|
|
* Lock channel while we clear out any
|
|
* pending read IRPs and/or input buffers.
|
|
*/
|
|
IcaLockChannel(pChannel);
|
|
|
|
/*
|
|
* Indicate that Reads are cancelled to this channel
|
|
*/
|
|
pChannel->Flags |= CHANNEL_CANCEL_READS;
|
|
|
|
IoAcquireCancelSpinLock( &cancelIrql );
|
|
while ( !IsListEmpty( &pChannel->InputIrpHead ) ) {
|
|
Head = pChannel->InputIrpHead.Flink;
|
|
ReadIrp = CONTAINING_RECORD( Head, IRP, Tail.Overlay.ListEntry );
|
|
ReadIrp->CancelIrql = cancelIrql;
|
|
IoSetCancelRoutine( ReadIrp, NULL );
|
|
_IcaReadChannelCancelIrp( IrpSp->DeviceObject, ReadIrp );
|
|
IoAcquireCancelSpinLock( &cancelIrql );
|
|
}
|
|
IoReleaseCancelSpinLock( cancelIrql );
|
|
|
|
|
|
IcaUnlockChannel(pChannel);
|
|
|
|
return STATUS_SUCCESS;
|
|
}
|