archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
1.5 GiB
Branch: master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
windows-server-2003/base/win32/server/srvtask.c

498 lines
13 KiB
Raw Permalink Normal View History

commiting as it is
4 years ago
  1. /*++
  3. Copyright (c) 1990 Microsoft Corporation
  5. Module Name:
  7. srvtask.c
  9. Abstract:
  11. This module implements windows server tasking functions
  13. Author:
  15. Mark Lucovsky (markl) 13-Nov-1990
  17. Revision History:
  19. --*/
  21. #include "basesrv.h"
  23. #if defined(_WIN64)
  24. #include <wow64t.h>
  25. #endif // defined(_WIN64)
  27. PFNNOTIFYPROCESSCREATE UserNotifyProcessCreate = NULL;
  29. void
  30. BaseSetProcessCreateNotify(
  31. IN PFNNOTIFYPROCESSCREATE ProcessCreateRoutine
  32. )
  33. {
  34. UserNotifyProcessCreate = ProcessCreateRoutine;
  35. }
  37. ULONG
  38. BaseSrvCreateProcess(
  39. IN OUT PCSR_API_MSG m,
  40. IN OUT PCSR_REPLY_STATUS ReplyStatus
  41. )
  42. {
  43. NTSTATUS Status, Status1;
  44. PBASE_CREATEPROCESS_MSG a = (PBASE_CREATEPROCESS_MSG)&m->u.ApiMessageData;
  45. HANDLE CsrClientProcess = NULL;
  46. HANDLE NewProcess = NULL;
  47. HANDLE Thread = NULL;
  48. PCSR_THREAD t;
  49. ULONG DebugFlags;
  50. DWORD dwFlags;
  51. PCSR_PROCESS ProcessVDM;
  52. #if defined(_WIN64)
  53. PPEB32 Peb32 = NULL;
  54. #endif // defined(_WIN64)
  55. PPEB NewPeb = NULL;
  56. USHORT ProcessorArchitecture = a->ProcessorArchitecture;
  57. BOOL setVdmBits = FALSE;
  58. PROCESS_BASIC_INFORMATION ProcessBasicInfo;
  60. if (a->VdmBinaryType ) {
  62. //
  63. // Remove the bit which indicates Check VDM Allowed access.
  64. // (See the client side for setting the bit.)
  65. //
  67. if (a->VdmBinaryType == BINARY_TYPE_INJWOW) {
  68. a->VdmBinaryType = 0;
  69. if (!BaseSrvIsVdmAllowed()) {
  70. Status = STATUS_ACCESS_DENIED;
  71. goto Cleanup;
  72. }
  73. }
  75. setVdmBits = TRUE;
  76. }
  78. t = CSR_SERVER_QUERYCLIENTTHREAD();
  79. CsrClientProcess = t->Process->ProcessHandle;
  81. #if defined(_WIN64)
  82. if (ProcessorArchitecture == PROCESSOR_ARCHITECTURE_INTEL)
  83. ProcessorArchitecture = PROCESSOR_ARCHITECTURE_IA32_ON_WIN64;
  84. #endif // defined(_WIN64)
  86. //
  87. // Get handles to the process and thread local to the
  88. // Windows server.
  89. //
  91. if ((dwFlags = (DWORD)((ULONG_PTR)a->ProcessHandle) & 3)) {
  92. a->ProcessHandle = (HANDLE)((ULONG_PTR)a->ProcessHandle & ~3);
  93. }
  95. Status = NtDuplicateObject(
  96. CsrClientProcess,
  97. a->ProcessHandle,
  98. NtCurrentProcess(),
  99. &NewProcess,
  100. 0L,
  101. 0L,
  102. DUPLICATE_SAME_ACCESS
  103. );
  104. if ( !NT_SUCCESS(Status) ) {
  105. goto Cleanup;
  106. }
  108. Status = NtDuplicateObject(
  109. CsrClientProcess,
  110. a->ThreadHandle,
  111. NtCurrentProcess(),
  112. &Thread,
  113. 0L,
  114. 0L,
  115. DUPLICATE_SAME_ACCESS
  116. );
  117. if ( !NT_SUCCESS(Status) ) {
  118. goto Cleanup;
  119. }
  121. //
  122. // Register vdm allow bit with ntoskrnl to gain access to ntvdmcontrol
  123. //
  125. if (setVdmBits) {
  126. ULONG vdmFlags = 1;
  128. Status = NtSetInformationProcess(
  129. NewProcess,
  130. ProcessWx86Information,
  131. &vdmFlags,
  132. sizeof(vdmFlags)
  133. );
  134. if (!NT_SUCCESS(Status)) {
  135. goto Cleanup;
  136. }
  137. }
  139. //
  140. // If we are a native client then we will have passed out Peb though so save a system call.
  141. //
  142. NewPeb = (PPEB) a->RealPeb;
  144. if (NewPeb == NULL) {
  146. Status =
  147. NtQueryInformationProcess(
  148. NewProcess,
  149. ProcessBasicInformation,
  150. &ProcessBasicInfo,
  151. sizeof(ProcessBasicInfo),
  152. NULL);
  153. if (!NT_SUCCESS(Status)) {
  154. DbgPrintEx(
  155. DPFLTR_SXS_ID,
  156. DPFLTR_ERROR_LEVEL,
  157. "SXS: NtQueryInformationProcess failed.\n", Status);
  158. goto Cleanup;
  159. }
  160. NewPeb = ProcessBasicInfo.PebBaseAddress;
  161. }
  163. if ((a->CreationFlags & CREATE_IGNORE_SYSTEM_DEFAULT) == 0) {
  164. Status = BaseSrvSxsDoSystemDefaultActivationContext(ProcessorArchitecture, NewProcess, NewPeb);
  165. if ((!NT_SUCCESS(Status)) && (Status != STATUS_SXS_SYSTEM_DEFAULT_ACTIVATION_CONTEXT_EMPTY)) {
  166. goto Cleanup;
  167. }
  168. }
  170. Status = BaseSrvSxsCreateProcess(CsrClientProcess, NewProcess, m, NewPeb);
  171. if (!NT_SUCCESS(Status)) {
  172. goto Cleanup;
  173. }
  175. DebugFlags = 0;
  177. if ( a->CreationFlags & CREATE_NEW_PROCESS_GROUP ) {
  178. DebugFlags |= CSR_CREATE_PROCESS_GROUP;
  179. }
  181. if ( !(dwFlags & 2) ) {
  182. DebugFlags |= CSR_PROCESS_CONSOLEAPP;
  183. }
  185. Status = CsrCreateProcess(
  186. NewProcess,
  187. Thread,
  188. &a->ClientId,
  189. t->Process->NtSession,
  190. DebugFlags,
  191. NULL
  192. );
  194. switch(Status) {
  195. case STATUS_THREAD_IS_TERMINATING:
  196. if (a->VdmBinaryType )
  197. BaseSrvVDMTerminated (a->hVDM, a->VdmTask);
  198. *ReplyStatus = CsrClientDied;
  199. goto Cleanup;
  201. case STATUS_SUCCESS:
  202. //
  203. // notify USER that a process is being created. USER needs to know
  204. // for various synchronization issues such as startup activation,
  205. // startup synchronization, and type ahead.
  206. //
  207. // Turn on 0x8 bit of dwFlags if this is a WOW process being
  208. // created so that UserSrv knows to ignore the console's call
  209. // to UserNotifyConsoleApplication.
  210. //
  212. if (IS_WOW_BINARY(a->VdmBinaryType)) {
  213. dwFlags |= 8;
  214. }
  216. if (UserNotifyProcessCreate != NULL) {
  217. if (!(*UserNotifyProcessCreate)((DWORD)((ULONG_PTR)a->ClientId.UniqueProcess),
  218. (DWORD)((ULONG_PTR)t->ClientId.UniqueThread),
  219. 0, dwFlags)) {
  220. //
  221. // NTRAID#589638-2002/03/29-earhart: changed to NTRAID
  222. // marker. Shouldn't we close the duplicated
  223. // process and thread handles above?
  224. //
  225. }
  226. }
  228. //
  229. // Update the VDM sequence number.
  230. //
  233. if (a->VdmBinaryType) {
  235. Status = BaseSrvUpdateVDMSequenceNumber(a->VdmBinaryType,
  236. a->hVDM,
  237. a->VdmTask,
  238. a->ClientId.UniqueProcess,
  239. m->h.ClientId.UniqueProcess);
  240. if (!NT_SUCCESS( Status )) {
  241. //
  242. // NTRAID#589638-2002/03/29-earhart: changed to
  243. // NTRAID marker. Shouldn't we close the
  244. // duplicated process and thread handles above?
  245. //
  246. BaseSrvVDMTerminated (a->hVDM, a->VdmTask);
  247. }
  248. }
  249. break;
  251. default:
  252. goto Cleanup;
  253. }
  255. // We don't use the usual Exit: pattern here in order to more carefully
  256. // preserve the preexisting behavior, which apparently leaks handles in error cases.
  257. return( (ULONG)Status );
  258. Cleanup:
  259. if (NewProcess != NULL) {
  260. Status1 = NtClose(NewProcess);
  261. RTL_SOFT_ASSERT(NT_SUCCESS(Status1));
  262. }
  263. if (Thread != NULL) {
  264. Status1 = NtClose(Thread);
  265. RTL_SOFT_ASSERT(NT_SUCCESS(Status1));
  266. }
  267. return( (ULONG)Status );
  268. }
  270. ULONG
  271. BaseSrvCreateThread(
  272. IN OUT PCSR_API_MSG m,
  273. IN OUT PCSR_REPLY_STATUS ReplyStatus
  274. )
  275. {
  276. PBASE_CREATETHREAD_MSG a = (PBASE_CREATETHREAD_MSG)&m->u.ApiMessageData;
  277. HANDLE Thread;
  278. NTSTATUS Status;
  279. PCSR_PROCESS Process;
  280. PCSR_THREAD t;
  282. t = CSR_SERVER_QUERYCLIENTTHREAD();
  284. Process = t->Process;
  285. if (Process->ClientId.UniqueProcess != a->ClientId.UniqueProcess) {
  286. if ( a->ClientId.UniqueProcess == NtCurrentTeb()->ClientId.UniqueProcess ) {
  287. return STATUS_SUCCESS;
  288. }
  289. Status = CsrLockProcessByClientId( a->ClientId.UniqueProcess,
  290. &Process
  291. );
  292. if (!NT_SUCCESS( Status )) {
  293. return( Status );
  294. }
  295. }
  297. //
  298. // Get handles to the thread local to the
  299. // Windows server.
  300. //
  302. Status = NtDuplicateObject(
  303. t->Process->ProcessHandle,
  304. a->ThreadHandle,
  305. NtCurrentProcess(),
  306. &Thread,
  307. 0L,
  308. 0L,
  309. DUPLICATE_SAME_ACCESS
  310. );
  311. if ( NT_SUCCESS(Status) ) {
  312. Status = CsrCreateThread(
  313. Process,
  314. Thread,
  315. &a->ClientId,
  316. TRUE
  317. );
  318. if (!NT_SUCCESS(Status)) {
  319. NtClose(Thread);
  320. }
  321. }
  323. if (Process != t->Process) {
  324. CsrUnlockProcess( Process );
  325. }
  327. return( (ULONG)Status );
  328. ReplyStatus; // get rid of unreferenced parameter warning message
  329. }
  331. ULONG
  332. BaseSrvRegisterThread(
  333. IN OUT PCSR_API_MSG m,
  334. IN OUT PCSR_REPLY_STATUS ReplyStatus
  335. )
  336. {
  337. PBASE_CREATETHREAD_MSG a = (PBASE_CREATETHREAD_MSG)&m->u.ApiMessageData;
  338. HANDLE Thread;
  339. NTSTATUS Status;
  340. PCSR_PROCESS Process;
  341. PCSR_THREAD CsrThread, ExistingThread;
  342. OBJECT_ATTRIBUTES NullAttributes;
  344. //
  345. // We assume the following:
  346. //
  347. // We are called via a LPC_DATAGRAM since this is the only way
  348. // that CSR will let the call go through. (csr requires
  349. // LPC_REQUEST to be sent only by threads in its list). This
  350. // means that CSR_SERVER_QUERYCLIENTTHREAD(); does not return a
  351. // valid value.
  354. Status = CsrLockProcessByClientId( a->ClientId.UniqueProcess,
  355. &Process
  356. );
  357. if (!NT_SUCCESS( Status )) {
  358. return( Status );
  359. }
  361. //
  362. // Get handle to the thread local to the
  363. // Windows server. Since this is called as a
  364. // LPC_DATAGRAM message, the thread handle is
  365. // not passed in the message, but instead the
  366. // calling thread is opened
  367. //
  369. InitializeObjectAttributes( &NullAttributes, NULL, 0, NULL, NULL );
  370. Status = NtOpenThread(&Thread,
  371. THREAD_ALL_ACCESS,
  372. &NullAttributes,
  373. &a->ClientId);
  375. if ( NT_SUCCESS(Status) ) {
  376. Status = CsrCreateThread(
  377. Process,
  378. Thread,
  379. &a->ClientId,
  380. FALSE
  381. );
  382. if (!NT_SUCCESS(Status)) {
  383. NtClose(Thread);
  384. }
  385. }
  387. CsrUnlockProcess( Process );
  389. return( (ULONG)Status );
  390. ReplyStatus; // get rid of unreferenced parameter warning message
  391. }
  394. EXCEPTION_DISPOSITION
  395. FatalExceptionFilter(
  396. struct _EXCEPTION_POINTERS *ExceptionInfo
  397. )
  398. {
  399. DbgPrint("CSRSRV: Fatal Server Side Exception. Exception Info %lx\n",
  400. ExceptionInfo
  401. );
  402. DbgBreakPoint();
  403. return EXCEPTION_EXECUTE_HANDLER;
  404. }
  406. ULONG
  407. BaseSrvExitProcess(
  408. IN OUT PCSR_API_MSG m,
  409. IN OUT PCSR_REPLY_STATUS ReplyStatus
  410. )
  411. {
  412. PBASE_EXITPROCESS_MSG a = (PBASE_EXITPROCESS_MSG)&m->u.ApiMessageData;
  413. PCSR_THREAD t;
  414. ULONG rc = (ULONG)STATUS_ACCESS_DENIED;
  416. t = CSR_SERVER_QUERYCLIENTTHREAD();
  417. try {
  418. *ReplyStatus = CsrClientDied;
  419. rc = (ULONG)CsrDestroyProcess( &t->ClientId, (NTSTATUS)a->uExitCode );
  420. }
  421. except(FatalExceptionFilter( GetExceptionInformation() )) {
  422. DbgBreakPoint();
  423. }
  424. return rc;
  425. }
  427. ULONG
  428. BaseSrvGetTempFile(
  429. IN OUT PCSR_API_MSG m,
  430. IN OUT PCSR_REPLY_STATUS ReplyStatus
  431. )
  432. {
  433. PBASE_GETTEMPFILE_MSG a = (PBASE_GETTEMPFILE_MSG)&m->u.ApiMessageData;
  435. BaseSrvGetTempFileUnique++;
  436. a->uUnique = BaseSrvGetTempFileUnique;
  437. return( (ULONG)a->uUnique & 0xffff );
  438. ReplyStatus; // get rid of unreferenced parameter warning message
  439. }
  441. ULONG
  442. BaseSrvDebugProcess(
  443. IN OUT PCSR_API_MSG m,
  444. IN OUT PCSR_REPLY_STATUS ReplyStatus
  445. )
  446. {
  447. return STATUS_UNSUCCESSFUL;
  448. }
  450. ULONG
  451. BaseSrvDebugProcessStop(
  452. IN OUT PCSR_API_MSG m,
  453. IN OUT PCSR_REPLY_STATUS ReplyStatus
  454. )
  455. {
  456. return STATUS_UNSUCCESSFUL;
  457. }
  459. ULONG
  460. BaseSrvSetProcessShutdownParam(
  461. IN OUT PCSR_API_MSG m,
  462. IN OUT PCSR_REPLY_STATUS ReplyStatus
  463. )
  464. {
  465. PCSR_PROCESS p;
  466. PBASE_SHUTDOWNPARAM_MSG a = (PBASE_SHUTDOWNPARAM_MSG)&m->u.ApiMessageData;
  468. p = CSR_SERVER_QUERYCLIENTTHREAD()->Process;
  470. if (a->ShutdownFlags & (~(SHUTDOWN_NORETRY))) {
  471. return !STATUS_SUCCESS;
  472. }
  474. p->ShutdownLevel = a->ShutdownLevel;
  475. p->ShutdownFlags = a->ShutdownFlags;
  477. return STATUS_SUCCESS;
  478. ReplyStatus;
  479. }
  481. ULONG
  482. BaseSrvGetProcessShutdownParam(
  483. IN OUT PCSR_API_MSG m,
  484. IN OUT PCSR_REPLY_STATUS ReplyStatus
  485. )
  486. {
  487. PCSR_PROCESS p;
  488. PBASE_SHUTDOWNPARAM_MSG a = (PBASE_SHUTDOWNPARAM_MSG)&m->u.ApiMessageData;
  490. p = CSR_SERVER_QUERYCLIENTTHREAD()->Process;
  492. a->ShutdownLevel = p->ShutdownLevel;
  493. a->ShutdownFlags = p->ShutdownFlags & SHUTDOWN_NORETRY;
  495. return STATUS_SUCCESS;
  496. ReplyStatus;
  497. }