Windows: Refactor AFSProcessSupport
authorJeffrey Altman <jaltman@your-file-system.com>
Tue, 20 Mar 2012 01:10:31 +0000 (21:10 -0400)
committerJeffrey Altman <jaltman@secure-endpoints.com>
Sun, 25 Mar 2012 20:50:20 +0000 (13:50 -0700)
Breakup AFSProcessNotify() into AFSProcessCreate() and
AFSProcessDestroy().

Correct inconsistencies with ETHREAD vs ThreadId HANDLE.

Add AFSProcessNotifyEx() and use PsSetCreateProcessNotifyRoutineEx()
to register it on Vista SP1 and above.

Change-Id: I2be85c3e8229883b4e239e1fdba9a65fc704daaa
Reviewed-on: http://gerrit.openafs.org/6926
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Peter Scott <pscott@kerneldrivers.com>
Reviewed-by: Jeffrey Altman <jaltman@secure-endpoints.com>
Tested-by: Jeffrey Altman <jaltman@secure-endpoints.com>

src/WINNT/afsrdr/kernel/fs/AFSInit.cpp
src/WINNT/afsrdr/kernel/fs/AFSProcessSupport.cpp
src/WINNT/afsrdr/kernel/fs/Include/AFSCommon.h
src/WINNT/afsrdr/kernel/fs/Include/AFSStructs.h

index 770de37..bbc662a 100644 (file)
@@ -45,6 +45,8 @@ extern void                   *KeServiceDescriptorTable;
 };
 #endif
 
+typedef NTSTATUS (*PsSetCreateProcessNotifyRoutineEx_t)( PCREATE_PROCESS_NOTIFY_ROUTINE_EX NotifyRoutine, BOOLEAN Remove);
+
 //
 // DriverEntry
 //
@@ -76,6 +78,8 @@ DriverEntry( PDRIVER_OBJECT DriverObject,
     BOOLEAN bExit = FALSE;
     UNICODE_STRING uniRoutine;
     RTL_OSVERSIONINFOW sysVersion;
+    UNICODE_STRING uniPsSetCreateProcessNotifyRoutineEx;
+    PsSetCreateProcessNotifyRoutineEx_t pPsSetCreateProcessNotifyRoutineEx = NULL;
 
     __try
     {
@@ -452,8 +456,23 @@ DriverEntry( PDRIVER_OBJECT DriverObject,
         // Register the call back for process creation and tear down
         //
 
-        PsSetCreateProcessNotifyRoutine( AFSProcessNotify,
-                                         FALSE);
+        RtlInitUnicodeString( &uniPsSetCreateProcessNotifyRoutineEx,
+                              L"PsSetCreateProcessNotifyRoutineEx");
+
+        pPsSetCreateProcessNotifyRoutineEx = (PsSetCreateProcessNotifyRoutineEx_t)MmGetSystemRoutineAddress(&uniPsSetCreateProcessNotifyRoutineEx);
+
+        if ( pPsSetCreateProcessNotifyRoutineEx)
+        {
+
+            pPsSetCreateProcessNotifyRoutineEx( AFSProcessNotifyEx,
+                                                FALSE);
+        }
+        else
+        {
+
+            PsSetCreateProcessNotifyRoutine( AFSProcessNotify,
+                                             FALSE);
+        }
 
 try_exit:
 
index 5c8e82e..c30b868 100644 (file)
@@ -44,57 +44,127 @@ AFSProcessNotify( IN HANDLE  ParentId,
                   IN BOOLEAN  Create)
 {
 
+    //
+    // If this is a create notification then update our tree, otherwise remove the
+    // entry
+    //
+
+    if( Create)
+    {
+
+        AFSProcessCreate( ParentId,
+                          ProcessId,
+                          PsGetCurrentProcessId(),
+                          PsGetCurrentThreadId());
+    }
+    else
+    {
+
+        AFSProcessDestroy( ParentId,
+                           ProcessId);
+    }
+
+    return;
+}
+
+void
+AFSProcessNotifyEx( IN OUT PEPROCESS Process,
+                    IN     HANDLE ProcessId,
+                    IN OUT PPS_CREATE_NOTIFY_INFO CreateInfo)
+{
+
+    if ( CreateInfo)
+    {
+
+        AFSProcessCreate( CreateInfo->ParentProcessId,
+                          ProcessId,
+                          CreateInfo->CreatingThreadId.UniqueProcess,
+                          CreateInfo->CreatingThreadId.UniqueThread);
+    }
+    else
+    {
+
+        AFSProcessDestroy( CreateInfo->ParentProcessId,
+                           ProcessId);
+    }
+}
+
+
+void
+AFSProcessCreate( IN HANDLE ParentId,
+                  IN HANDLE ProcessId,
+                  IN HANDLE CreatingProcessId,
+                  IN HANDLE CreatingThreadId)
+{
     NTSTATUS ntStatus = STATUS_SUCCESS;
-    AFSProcessCB *pProcessCB = NULL, *pParentProcessCB = NULL;
     AFSDeviceExt *pDeviceExt = (AFSDeviceExt *)AFSDeviceObject->DeviceExtension;
-    AFSProcessAuthGroupCB *pProcessAuthGroup = NULL, *pLastAuthGroup = NULL;
-    AFSThreadCB *pThreadCB = NULL, *pNextThreadCB = NULL;
+    AFSProcessCB *pProcessCB = NULL;
 
     __Enter
     {
 
-        //
-        // If this is a create notification then update our tree, otherwise remove the
-        // entry
-        //
-
         AFSDbgLogMsg( AFS_SUBSYSTEM_LOCK_PROCESSING,
                       AFS_TRACE_LEVEL_VERBOSE,
-                      "AFSProcessNotify Acquiring Control ProcessTree.TreeLock lock %08lX EXCL %08lX\n",
+                      "AFSProcessCreate Acquiring Control ProcessTree.TreeLock lock %08lX EXCL %08lX\n",
                       pDeviceExt->Specific.Control.ProcessTree.TreeLock,
                       PsGetCurrentThread());
 
         AFSAcquireExcl( pDeviceExt->Specific.Control.ProcessTree.TreeLock,
                         TRUE);
 
-        if( Create)
-        {
+        AFSDbgLogMsg( AFS_SUBSYSTEM_PROCESS_PROCESSING,
+                      AFS_TRACE_LEVEL_VERBOSE,
+                      "AFSProcessCreate Parent %08lX Process %08lX %08lX\n",
+                      ParentId,
+                      ProcessId,
+                      PsGetCurrentThread());
 
-            AFSDbgLogMsg( AFS_SUBSYSTEM_PROCESS_PROCESSING,
-                          AFS_TRACE_LEVEL_VERBOSE,
-                          "AFSProcessNotify CREATE Parent %08lX Process %08lX %08lX\n",
-                          ParentId,
-                          ProcessId,
-                          PsGetCurrentThread());
+        pProcessCB = AFSInitializeProcessCB( (ULONGLONG)ParentId,
+                                             (ULONGLONG)ProcessId);
 
-            pProcessCB = AFSInitializeProcessCB( (ULONGLONG)ParentId,
-                                                 (ULONGLONG)ProcessId);
+        if( pProcessCB != NULL)
+        {
 
-            if( pProcessCB != NULL)
-            {
-                pProcessCB->CreatingThread = (ULONGLONG)PsGetCurrentThreadId();
-            }
+            pProcessCB->CreatingProcessId = (ULONGLONG)CreatingProcessId;
 
-            try_return( ntStatus);
+            pProcessCB->CreatingThreadId = (ULONGLONG)CreatingThreadId;
         }
 
+        AFSReleaseResource( pDeviceExt->Specific.Control.ProcessTree.TreeLock);
+    }
+
+    return;
+}
+
+void
+AFSProcessDestroy( IN HANDLE ParentId,
+                   IN HANDLE ProcessId)
+{
+
+    NTSTATUS ntStatus = STATUS_SUCCESS;
+    AFSDeviceExt *pDeviceExt = (AFSDeviceExt *)AFSDeviceObject->DeviceExtension;
+    AFSProcessCB *pProcessCB = NULL, *pParentProcessCB = NULL;
+    AFSProcessAuthGroupCB *pProcessAuthGroup = NULL, *pLastAuthGroup = NULL;
+    AFSThreadCB *pThreadCB = NULL, *pNextThreadCB = NULL;
+
+    __Enter
+    {
+
+        AFSDbgLogMsg( AFS_SUBSYSTEM_LOCK_PROCESSING,
+                      AFS_TRACE_LEVEL_VERBOSE,
+                      "AFSProcessDestroy Acquiring Control ProcessTree.TreeLock lock %08lX EXCL %08lX\n",
+                      pDeviceExt->Specific.Control.ProcessTree.TreeLock,
+                      PsGetCurrentThreadId());
+
+        AFSAcquireExcl( pDeviceExt->Specific.Control.ProcessTree.TreeLock,
+                        TRUE);
         //
         // It's a remove so pull the entry
         //
 
         AFSDbgLogMsg( AFS_SUBSYSTEM_PROCESS_PROCESSING,
                       AFS_TRACE_LEVEL_VERBOSE,
-                      "AFSProcessNotify DESTROY Process %08lX %08lX\n",
+                      "AFSProcessDestroy Process %08lX %08lX\n",
                       ProcessId,
                       PsGetCurrentThread());
 
@@ -141,16 +211,13 @@ AFSProcessNotify( IN HANDLE  ParentId,
         {
             AFSDbgLogMsg( AFS_SUBSYSTEM_PROCESS_PROCESSING,
                           AFS_TRACE_LEVEL_WARNING,
-                          "AFSProcessNotify Process %08lX not found in ProcessTree Status %08lX %08lX\n",
+                          "AFSProcessDestroy Process %08lX not found in ProcessTree Status %08lX %08lX\n",
                           ProcessId,
                           ntStatus,
                           PsGetCurrentThread());
         }
 
-try_exit:
-
         AFSReleaseResource( pDeviceExt->Specific.Control.ProcessTree.TreeLock);
-
     }
 
     return;
@@ -354,7 +421,7 @@ AFSValidateProcessEntry( void)
                       pParentThreadCB = pParentThreadCB->Next)
                 {
 
-                    if( pParentThreadCB->ThreadId == pProcessCB->CreatingThread)
+                    if( pParentThreadCB->ThreadId == pProcessCB->CreatingThreadId)
                     {
                         break;
                     }
index c4b9819..311fea0 100644 (file)
@@ -796,6 +796,21 @@ AFSProcessNotify( IN HANDLE  ParentId,
                   IN HANDLE  ProcessId,
                   IN BOOLEAN  Create);
 
+void
+AFSProcessNotifyEx( IN OUT PEPROCESS Process,
+                    IN     HANDLE ProcessId,
+                    IN OUT PPS_CREATE_NOTIFY_INFO CreateInfo);
+
+void
+AFSProcessCreate( IN HANDLE ParentId,
+                  IN HANDLE ProcessId,
+                  IN HANDLE CreatingProcessId,
+                  IN HANDLE CreatingThreadId);
+
+void
+AFSProcessDestroy( IN HANDLE ParentId,
+                   IN HANDLE ProcessId);
+
 GUID *
 AFSValidateProcessEntry( void);
 
index 65d6413..8b4e06f 100644 (file)
@@ -63,7 +63,9 @@ typedef struct AFS_PROCESS_CB
 
     ULONGLONG           ParentProcessId;
 
-    ULONGLONG           CreatingThread;
+    ULONGLONG           CreatingProcessId;
+
+    ULONGLONG           CreatingThreadId;
 
     GUID               *ActiveAuthGroup;