From: Jeffrey Altman Date: Sun, 28 Jun 2015 17:51:40 +0000 (-0400) Subject: Windows: NPSupport Remote Name verification X-Git-Tag: openafs-stable-1_8_0pre1~236 X-Git-Url: https://git.openafs.org/?p=openafs.git;a=commitdiff_plain;h=dfc8db6e3d21208c43f07bc90835cdd37f6f6812 Windows: NPSupport Remote Name verification When adding a connection verify that the server name and the share name are valid. If not return ERROR_BAD_NETWORK_NAME. When getting connection information, if a pre-existing connection does not exist and either the server name or the share name do not verify return ERROR_BAD_NETWORK_NAME and not ERROR_INVALID_PARAMETER. Change-Id: Ib40a6b56318793d1c1b351ba895736beb616585d Reviewed-on: http://gerrit.openafs.org/11916 Tested-by: BuildBot Reviewed-by: Jeffrey Altman --- diff --git a/src/WINNT/afsrdr/kernel/lib/AFSNetworkProviderSupport.cpp b/src/WINNT/afsrdr/kernel/lib/AFSNetworkProviderSupport.cpp index 6875abf..66a5dd7 100644 --- a/src/WINNT/afsrdr/kernel/lib/AFSNetworkProviderSupport.cpp +++ b/src/WINNT/afsrdr/kernel/lib/AFSNetworkProviderSupport.cpp @@ -46,7 +46,7 @@ AFSAddConnection( IN AFSNetworkProviderConnectionCB *ConnectCB, NTSTATUS ntStatus = STATUS_SUCCESS; AFSProviderConnectionCB *pConnection = NULL, *pLastConnection = NULL; - UNICODE_STRING uniRemoteName; + UNICODE_STRING uniRemoteName, uniServerName, uniShareName, uniRemainingPath; AFSDeviceExt *pRDRDevExt = (AFSDeviceExt *)AFSRDRDeviceObject->DeviceExtension; __Enter @@ -76,6 +76,14 @@ AFSAddConnection( IN AFSNetworkProviderConnectionCB *ConnectCB, "AFSAddConnection Retrieved authentication id %I64X\n", ConnectCB->AuthenticationId.QuadPart)); + uniServerName.Length = 0; + uniServerName.MaximumLength = 0; + uniServerName.Buffer = NULL; + + uniShareName.Length = 0; + uniShareName.MaximumLength = 0; + uniShareName.Buffer = NULL; + AFSAcquireExcl( &pRDRDevExt->Specific.RDR.ProviderListLock, TRUE); @@ -89,12 +97,12 @@ AFSAddConnection( IN AFSNetworkProviderConnectionCB *ConnectCB, uniRemoteName.Buffer = ConnectCB->RemoteName; // - // Strip off any trailing slashes - // + // Strip off any trailing slashes + // if( uniRemoteName.Length >= sizeof( WCHAR) && uniRemoteName.Buffer[ (uniRemoteName.Length/sizeof( WCHAR)) - 1] == L'\\') - { + { uniRemoteName.Length -= sizeof( WCHAR); } @@ -104,6 +112,28 @@ AFSAddConnection( IN AFSNetworkProviderConnectionCB *ConnectCB, while( pConnection != NULL) { + if( pConnection->LocalName != L'\0') + { + + AFSDbgTrace(( AFS_SUBSYSTEM_NETWORK_PROVIDER, + AFS_TRACE_LEVEL_VERBOSE, + "AFSAddConnection Comparing passed in %C to %C authentication id %I64X - %I64X\n", + ConnectCB->LocalName, + pConnection->LocalName, + ConnectCB->AuthenticationId.QuadPart, + pConnection->AuthenticationId.QuadPart)); + } + else + { + + AFSDbgTrace(( AFS_SUBSYSTEM_NETWORK_PROVIDER, + AFS_TRACE_LEVEL_VERBOSE, + "AFSAddConnection Comparing passed in %C to (NULL) authentication id %I64X - %I64X\n", + ConnectCB->LocalName, + ConnectCB->AuthenticationId.QuadPart, + pConnection->AuthenticationId.QuadPart)); + } + if( pConnection->LocalName == ConnectCB->LocalName && pConnection->AuthenticationId.QuadPart == ConnectCB->AuthenticationId.QuadPart && RtlCompareUnicodeString( &uniRemoteName, @@ -163,106 +193,82 @@ AFSAddConnection( IN AFSNetworkProviderConnectionCB *ConnectCB, uniRemoteName.Length -= (2 * sizeof( WCHAR)); } - if( uniRemoteName.Length >= AFSServerName.Length) - { + FsRtlDissectName( uniRemoteName, + &uniServerName, + &uniRemainingPath); - USHORT usLength = uniRemoteName.Length; - - if (uniRemoteName.Buffer[AFSServerName.Length/sizeof( WCHAR)] != L'\\') - { - - if( ConnectCB->LocalName != L'\0') - { - - AFSDbgTrace(( AFS_SUBSYSTEM_NETWORK_PROVIDER, - AFS_TRACE_LEVEL_VERBOSE, - "AFSAddConnection BAD_NETNAME 1 remote name %wZ Local %C authentication id %I64X\n", - &uniRemoteName, - ConnectCB->LocalName, - ConnectCB->AuthenticationId.QuadPart)); - } - else - { - - AFSDbgTrace(( AFS_SUBSYSTEM_NETWORK_PROVIDER, - AFS_TRACE_LEVEL_VERBOSE, - "AFSAddConnection BAD_NETNAME 1 remote name %wZ Local (NULL) authentication id %I64X\n", - &uniRemoteName, - ConnectCB->AuthenticationId.QuadPart)); - } + if( RtlCompareUnicodeString( &uniServerName, + &AFSServerName, + TRUE) != 0) + { - *ResultStatus = WN_BAD_NETNAME; + if( ConnectCB->LocalName != L'\0') + { - *ReturnOutputBufferLength = sizeof( ULONG); + AFSDbgTrace(( AFS_SUBSYSTEM_NETWORK_PROVIDER, + AFS_TRACE_LEVEL_VERBOSE, + "AFSAddConnection Bad Server Name remote name %wZ Local %C authentication id %I64X\n", + &uniRemoteName, + ConnectCB->LocalName, + ConnectCB->AuthenticationId.QuadPart)); + } + else + { - try_return( ntStatus = STATUS_SUCCESS); - } + AFSDbgTrace(( AFS_SUBSYSTEM_NETWORK_PROVIDER, + AFS_TRACE_LEVEL_VERBOSE, + "AFSAddConnection Bad Server Name remote name %wZ Local (NULL) authentication id %I64X\n", + &uniRemoteName, + ConnectCB->AuthenticationId.QuadPart)); + } - uniRemoteName.Length = AFSServerName.Length; + *ResultStatus = WN_BAD_NETNAME; - if( RtlCompareUnicodeString( &AFSServerName, - &uniRemoteName, - TRUE) != 0) - { + *ReturnOutputBufferLength = sizeof( ULONG); - if( ConnectCB->LocalName != L'\0') - { + try_return( ntStatus = STATUS_SUCCESS); + } - AFSDbgTrace(( AFS_SUBSYSTEM_NETWORK_PROVIDER, - AFS_TRACE_LEVEL_VERBOSE, - "AFSAddConnection BAD_NETNAME 2 remote name %wZ Local %C authentication id %I64X\n", - &uniRemoteName, - ConnectCB->LocalName, - ConnectCB->AuthenticationId.QuadPart)); - } - else - { + if (uniRemainingPath.Length > 0) + { - AFSDbgTrace(( AFS_SUBSYSTEM_NETWORK_PROVIDER, - AFS_TRACE_LEVEL_VERBOSE, - "AFSAddConnection BAD_NETNAME 2 remote name %wZ Local (NULL) authentication id %I64X\n", - &uniRemoteName, - ConnectCB->AuthenticationId.QuadPart)); - } + AFSProviderConnectionCB *pConnection; - *ResultStatus = WN_BAD_NETNAME; + FsRtlDissectName( uniRemainingPath, + &uniShareName, + &uniRemainingPath); - *ReturnOutputBufferLength = sizeof( ULONG); + pConnection = AFSLocateEnumRootEntry( &uniShareName); - try_return( ntStatus = STATUS_SUCCESS); - } + if ( pConnection == NULL) { - uniRemoteName.Length = usLength; - } - else - { - - if( ConnectCB->LocalName != L'\0') - { + if( ConnectCB->LocalName != L'\0') + { - AFSDbgTrace(( AFS_SUBSYSTEM_NETWORK_PROVIDER, - AFS_TRACE_LEVEL_VERBOSE, - "AFSAddConnection BAD_NETNAME 3 remote name %wZ Local %C authentication id %I64X\n", - &uniRemoteName, - ConnectCB->LocalName, - ConnectCB->AuthenticationId.QuadPart)); - } - else - { + AFSDbgTrace(( AFS_SUBSYSTEM_NETWORK_PROVIDER, + AFS_TRACE_LEVEL_VERBOSE, + "AFSAddConnection Bad Share Name remote name %wZ Local %C authentication id %I64X\n", + &uniRemoteName, + ConnectCB->LocalName, + ConnectCB->AuthenticationId.QuadPart)); + } + else + { - AFSDbgTrace(( AFS_SUBSYSTEM_NETWORK_PROVIDER, - AFS_TRACE_LEVEL_VERBOSE, - "AFSAddConnection BAD_NETNAME 3 remote name %wZ Local (NULL) authentication id %I64X\n", - &uniRemoteName, - ConnectCB->AuthenticationId.QuadPart)); - } + AFSDbgTrace(( AFS_SUBSYSTEM_NETWORK_PROVIDER, + AFS_TRACE_LEVEL_VERBOSE, + "AFSAddConnection Bad Share Name remote name %wZ Local (NULL) authentication id %I64X\n", + &uniRemoteName, + ConnectCB->AuthenticationId.QuadPart)); + } - *ResultStatus = WN_BAD_NETNAME; + *ResultStatus = WN_BAD_NETNAME; - *ReturnOutputBufferLength = sizeof( ULONG); + *ReturnOutputBufferLength = sizeof( ULONG); - try_return( ntStatus = STATUS_SUCCESS); - } + try_return( ntStatus = STATUS_SUCCESS); + } + } uniRemoteName.Length = (USHORT)ConnectCB->RemoteNameLength; uniRemoteName.MaximumLength = uniRemoteName.Length; @@ -270,12 +276,12 @@ AFSAddConnection( IN AFSNetworkProviderConnectionCB *ConnectCB, uniRemoteName.Buffer = ConnectCB->RemoteName; // - // Strip off any trailing slashes - // + // Strip off any trailing slashes + // if( uniRemoteName.Length >= sizeof( WCHAR) && uniRemoteName.Buffer[ (uniRemoteName.Length/sizeof( WCHAR)) - 1] == L'\\') - { + { uniRemoteName.Length -= sizeof( WCHAR); } @@ -1591,7 +1597,7 @@ AFSGetConnectionInfo( IN AFSNetworkProviderConnectionCB *ConnectCB, TRUE) != 0) { - try_return( ntStatus = STATUS_INVALID_PARAMETER); + try_return( ntStatus = STATUS_BAD_NETWORK_NAME); } if ( uniRemainingPath.Length > 0 ) @@ -1787,7 +1793,7 @@ AFSGetConnectionInfo( IN AFSNetworkProviderConnectionCB *ConnectCB, "AFSGetConnectionInfo Evaluation Failed share name %wZ\n", uniShareName)); - try_return( ntStatus = STATUS_INVALID_PARAMETER); + try_return( ntStatus = STATUS_BAD_NETWORK_NAME); }