archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
1.5 GiB
Branch: master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
windows-server-2003/shell/services/bamsrv/badapplicationapirequest.cpp

538 lines
19 KiB
Raw Permalink Normal View History

commiting as it is
4 years ago
  1. // --------------------------------------------------------------------------
  2. // Module Name: BadApplicationAPIRequest.cpp
  3. //
  4. // Copyright (c) 2000, Microsoft Corporation
  5. //
  6. // This file contains a class to implement bad application manager API
  7. // requests.
  8. //
  9. // History: 2000-08-25 vtan created
  10. // 2000-12-04 vtan moved to separate file
  11. // --------------------------------------------------------------------------
  13. #ifdef _X86_
  15. #include "StandardHeader.h"
  16. #include "BadApplicationAPIRequest.h"
  18. #include "StatusCode.h"
  19. #include "TokenInformation.h"
  21. // --------------------------------------------------------------------------
  22. // CBadApplicationAPIRequest::s_pBadApplicationManager
  23. //
  24. // Purpose: Single instance of the CBadApplicationManager object.
  25. //
  26. // History: 2000-08-26 vtan created
  27. // --------------------------------------------------------------------------
  29. CBadApplicationManager* CBadApplicationAPIRequest::s_pBadApplicationManager = NULL;
  31. // --------------------------------------------------------------------------
  32. // CBadApplicationAPIRequest::CBadApplicationAPIRequest
  33. //
  34. // Arguments: pAPIDispatcher = CAPIDispatcher that calls this object.
  35. //
  36. // Returns: <none>
  37. //
  38. // Purpose: Constructor for the CBadApplicationAPIRequest class. It just passes the
  39. // control to the super class.
  40. //
  41. // History: 2000-08-25 vtan created
  42. // --------------------------------------------------------------------------
  44. CBadApplicationAPIRequest::CBadApplicationAPIRequest (CAPIDispatcher* pAPIDispatcher) :
  45. CAPIRequest(pAPIDispatcher)
  47. {
  48. }
  50. // --------------------------------------------------------------------------
  51. // CBadApplicationAPIRequest::CBadApplicationAPIRequest
  52. //
  53. // Arguments: pAPIDispatcher = CAPIDispatcher that calls this object.
  54. // portMessage = CPortMessage to copy construct.
  55. //
  56. // Returns: <none>
  57. //
  58. // Purpose: Constructor for the CBadApplicationAPIRequest class. It just passes the
  59. // control to the super class.
  60. //
  61. // History: 2000-08-25 vtan created
  62. // --------------------------------------------------------------------------
  64. CBadApplicationAPIRequest::CBadApplicationAPIRequest (CAPIDispatcher* pAPIDispatcher, const CPortMessage& portMessage) :
  65. CAPIRequest(pAPIDispatcher, portMessage)
  67. {
  68. }
  70. // --------------------------------------------------------------------------
  71. // CBadApplicationAPIRequest::~CBadApplicationAPIRequest
  72. //
  73. // Arguments: <none>
  74. //
  75. // Returns: <none>
  76. //
  77. // Purpose: Destructor for the CBadApplicationAPIRequest class.
  78. //
  79. // History: 2000-08-25 vtan created
  80. // --------------------------------------------------------------------------
  82. CBadApplicationAPIRequest::~CBadApplicationAPIRequest (void)
  84. {
  85. }
  87. // --------------------------------------------------------------------------
  88. // CBadApplicationAPIRequest::Execute
  89. //
  90. // Arguments: pAPIDispatchSync - allows request execution access to various
  91. // service notifications and events
  92. //
  93. // Returns: NTSTATUS
  94. //
  95. // Purpose: Execute implementation for bad application API requests. This
  96. // function dispatches requests based on the API request number.
  97. //
  98. // History: 2000-08-25 vtan created
  99. // 2002-03-24 scotthan add DispatchSync arg
  100. // --------------------------------------------------------------------------
  102. NTSTATUS CBadApplicationAPIRequest::Execute (CAPIDispatchSync* pAPIDispatchSync)
  104. {
  105. NTSTATUS status;
  107. UNREFERENCED_PARAMETER(pAPIDispatchSync);
  109. switch (reinterpret_cast<API_BAM*>(&_data)->apiGeneric.ulAPINumber)
  110. {
  111. case API_BAM_QUERYRUNNING:
  112. status = Execute_QueryRunning();
  113. break;
  114. case API_BAM_REGISTERRUNNING:
  115. status = Execute_RegisterRunning();
  116. break;
  117. case API_BAM_QUERYUSERPERMISSION:
  118. status = Execute_QueryUserPermission();
  119. break;
  120. case API_BAM_TERMINATERUNNING:
  121. status = Execute_TerminateRunning();
  122. break;
  123. case API_BAM_REQUESTSWITCHUSER:
  124. status = Execute_RequestSwitchUser();
  125. break;
  126. default:
  127. DISPLAYMSG("Unknown API request in CBadApplicationAPIRequest::Execute");
  128. status = STATUS_NOT_IMPLEMENTED;
  129. break;
  130. }
  131. TSTATUS(status);
  132. return(status);
  133. }
  135. // --------------------------------------------------------------------------
  136. // CBadApplicationAPIRequest::StaticInitialize
  137. //
  138. // Arguments: <none>
  139. //
  140. // Returns: NTSTATUS
  141. //
  142. // Purpose: Static initializer for the class. It creates the static
  143. // instance of the CBadApplicationManager which must be a single
  144. // instance and knows about bad running applications.
  145. //
  146. // History: 2000-08-26 vtan created
  147. // --------------------------------------------------------------------------
  149. NTSTATUS CBadApplicationAPIRequest::StaticInitialize (HINSTANCE hInstance)
  151. {
  152. NTSTATUS status;
  154. if (s_pBadApplicationManager == NULL)
  155. {
  156. s_pBadApplicationManager = new CBadApplicationManager(hInstance);
  157. if (s_pBadApplicationManager != NULL)
  158. {
  159. status = STATUS_SUCCESS;
  160. }
  161. else
  162. {
  163. status = STATUS_NO_MEMORY;
  164. }
  165. }
  166. else
  167. {
  168. status = STATUS_SUCCESS;
  169. }
  170. return(status);
  171. }
  173. // --------------------------------------------------------------------------
  174. // CBadApplicationAPIRequest::StaticTerminate
  175. //
  176. // Arguments: <none>
  177. //
  178. // Returns: NTSTATUS
  179. //
  180. // Purpose: Static destructor for the class. This terminates the bad
  181. // application manager, releases the reference on the object and
  182. // clears out the static variable. When the thread dies it will
  183. // clean itself up.
  184. //
  185. // History: 2000-08-26 vtan created
  186. // --------------------------------------------------------------------------
  188. NTSTATUS CBadApplicationAPIRequest::StaticTerminate (void)
  190. {
  191. if (s_pBadApplicationManager != NULL)
  192. {
  193. s_pBadApplicationManager->Terminate();
  194. s_pBadApplicationManager->Release();
  195. s_pBadApplicationManager = NULL;
  196. }
  197. return(STATUS_SUCCESS);
  198. }
  200. // --------------------------------------------------------------------------
  201. // CBadApplicationAPIRequest::Execute_QueryRunning
  202. //
  203. // Arguments: <none>
  204. //
  205. // Returns: NTSTATUS
  206. //
  207. // Purpose: Handles API_BAM_QUERYRUNNING. Returns whether or not the
  208. // requested image path is currently a known (tracked)
  209. // executable that is running. Let the bad application manager
  210. // do the work. Exclude checking in the same session.
  211. //
  212. // History: 2000-08-26 vtan created
  213. // --------------------------------------------------------------------------
  215. NTSTATUS CBadApplicationAPIRequest::Execute_QueryRunning (void)
  217. {
  218. NTSTATUS status;
  219. HANDLE hProcessClient;
  220. SIZE_T dwNumberOfBytesRead;
  221. API_BAM_QUERYRUNNING_IN *pAPIIn;
  222. API_BAM_QUERYRUNNING_OUT *pAPIOut;
  223. WCHAR szImageName[MAX_PATH];
  225. hProcessClient = _pAPIDispatcher->GetClientProcess();
  226. pAPIIn = &reinterpret_cast<API_BAM*>(&_data)->apiSpecific.apiQueryRunning.in;
  227. pAPIOut = &reinterpret_cast<API_BAM*>(&_data)->apiSpecific.apiQueryRunning.out;
  228. if (ReadProcessMemory(hProcessClient,
  229. pAPIIn->pszImageName,
  230. szImageName,
  231. pAPIIn->cchImageName * sizeof(WCHAR),
  232. &dwNumberOfBytesRead) != FALSE)
  233. {
  234. CBadApplication badApplication(szImageName);
  236. pAPIOut->fResult = s_pBadApplicationManager->QueryRunning(badApplication, _pAPIDispatcher->GetClientSessionID());
  237. status = STATUS_SUCCESS;
  238. }
  239. else
  240. {
  241. status = CStatusCode::StatusCodeOfLastError();
  242. }
  243. SetDataLength(sizeof(API_BAM));
  244. return(status);
  245. }
  247. // --------------------------------------------------------------------------
  248. // CBadApplicationAPIRequest::Execute_RegisterRunning
  249. //
  250. // Arguments: <none>
  251. //
  252. // Returns: NTSTATUS
  253. //
  254. // Purpose: Handles API_BAM_REGISTERRUNNING. Adds the given image
  255. // executable to the list of currently running bad applications
  256. // so that further instances can be excluded.
  257. //
  258. // History: 2000-08-26 vtan created
  259. // --------------------------------------------------------------------------
  261. NTSTATUS CBadApplicationAPIRequest::Execute_RegisterRunning (void)
  263. {
  264. NTSTATUS status;
  265. SIZE_T dwNumberOfBytesRead;
  266. API_BAM_REGISTERRUNNING_IN *pAPIIn;
  267. API_BAM_REGISTERRUNNING_OUT *pAPIOut;
  268. WCHAR szImageName[MAX_PATH];
  270. pAPIIn = &reinterpret_cast<API_BAM*>(&_data)->apiSpecific.apiRegisterRunning.in;
  271. pAPIOut = &reinterpret_cast<API_BAM*>(&_data)->apiSpecific.apiRegisterRunning.out;
  272. if ((pAPIIn->bamType > BAM_TYPE_MINIMUM) && (pAPIIn->bamType < BAM_TYPE_MAXIMUM))
  273. {
  274. if (ReadProcessMemory(_pAPIDispatcher->GetClientProcess(),
  275. pAPIIn->pszImageName,
  276. szImageName,
  277. pAPIIn->cchImageName * sizeof(WCHAR),
  278. &dwNumberOfBytesRead) != FALSE)
  279. {
  280. HANDLE hProcess;
  281. CBadApplication badApplication(szImageName);
  283. hProcess = OpenProcess(SYNCHRONIZE | PROCESS_QUERY_INFORMATION,
  284. FALSE,
  285. pAPIIn->dwProcessID);
  286. if (hProcess != NULL)
  287. {
  288. status = s_pBadApplicationManager->RegisterRunning(badApplication, hProcess, pAPIIn->bamType);
  289. TBOOL(CloseHandle(hProcess));
  290. }
  291. else
  292. {
  293. status = CStatusCode::StatusCodeOfLastError();
  294. }
  295. }
  296. else
  297. {
  298. status = CStatusCode::StatusCodeOfLastError();
  299. }
  300. }
  301. else
  302. {
  303. status = STATUS_INVALID_PARAMETER;
  304. }
  305. SetDataLength(sizeof(API_BAM));
  306. return(status);
  307. }
  309. // --------------------------------------------------------------------------
  310. // CBadApplicationAPIRequest::Execute_QueryUserPermission
  311. //
  312. // Arguments: <none>
  313. //
  314. // Returns: NTSTATUS
  315. //
  316. // Purpose: Handles API_BAM_QUERYUSERPERMISSION. Queries the client
  317. // permission to close down the bad application. Also returns
  318. // the current user of the bad application.
  319. //
  320. // History: 2000-08-31 vtan created
  321. // --------------------------------------------------------------------------
  323. NTSTATUS CBadApplicationAPIRequest::Execute_QueryUserPermission (void)
  325. {
  326. NTSTATUS status;
  327. SIZE_T dwNumberOfBytesRead;
  328. API_BAM_QUERYUSERPERMISSION_IN *pAPIIn;
  329. API_BAM_QUERYUSERPERMISSION_OUT *pAPIOut;
  330. WCHAR szImageName[MAX_PATH];
  332. pAPIIn = &reinterpret_cast<API_BAM*>(&_data)->apiSpecific.apiQueryUserPermission.in;
  333. pAPIOut = &reinterpret_cast<API_BAM*>(&_data)->apiSpecific.apiQueryUserPermission.out;
  334. if (ReadProcessMemory(_pAPIDispatcher->GetClientProcess(),
  335. pAPIIn->pszImageName,
  336. szImageName,
  337. pAPIIn->cchImageName * sizeof(WCHAR),
  338. &dwNumberOfBytesRead) != FALSE)
  339. {
  340. HANDLE hProcess;
  341. CBadApplication badApplication(szImageName);
  343. // Query information on the bad application
  344. // (get back the process handle).
  346. status = s_pBadApplicationManager->QueryInformation(badApplication, hProcess);
  347. if (NT_SUCCESS(status))
  348. {
  349. HANDLE hToken;
  351. // Get the client token and impersonate that user.
  353. status = OpenClientToken(hToken);
  354. if (NT_SUCCESS(status))
  355. {
  356. bool fCanShutdownApplication;
  357. HANDLE hTokenProcess;
  358. CTokenInformation tokenInformationClient(hToken);
  360. fCanShutdownApplication = tokenInformationClient.IsUserAnAdministrator();
  362. // Get the bad application process token to get
  363. // information on the user for the process.
  365. if (OpenProcessToken(hProcess,
  366. TOKEN_QUERY,
  367. &hTokenProcess) != FALSE)
  368. {
  369. const WCHAR *pszUserDisplayName;
  370. CTokenInformation tokenInformationProcess(hTokenProcess);
  372. pszUserDisplayName = tokenInformationProcess.GetUserDisplayName();
  373. if (pszUserDisplayName != NULL)
  374. {
  375. int iCharsToWrite;
  376. SIZE_T dwNumberOfBytesWritten;
  378. // Return the information back to the client.
  380. pAPIOut->fCanShutdownApplication = fCanShutdownApplication;
  381. iCharsToWrite = lstrlen(pszUserDisplayName) + sizeof('\0');
  382. if (iCharsToWrite > pAPIIn->cchUser)
  383. {
  384. iCharsToWrite = pAPIIn->cchUser;
  385. }
  386. if (WriteProcessMemory(_pAPIDispatcher->GetClientProcess(),
  387. pAPIIn->pszUser,
  388. const_cast<WCHAR*>(pszUserDisplayName),
  389. iCharsToWrite * sizeof(WCHAR),
  390. &dwNumberOfBytesWritten) != FALSE)
  391. {
  392. status = STATUS_SUCCESS;
  393. }
  394. else
  395. {
  396. status = CStatusCode::StatusCodeOfLastError();
  397. }
  398. }
  399. else
  400. {
  401. status = CStatusCode::StatusCodeOfLastError();
  402. }
  403. TBOOL(CloseHandle(hTokenProcess));
  404. }
  405. else
  406. {
  407. status = CStatusCode::StatusCodeOfLastError();
  408. }
  409. TBOOL(CloseHandle(hToken));
  410. }
  411. else
  412. {
  413. status = CStatusCode::StatusCodeOfLastError();
  414. }
  415. TBOOL(CloseHandle(hProcess));
  416. }
  417. }
  418. else
  419. {
  420. status = CStatusCode::StatusCodeOfLastError();
  421. }
  422. SetDataLength(sizeof(API_BAM));
  423. return(status);
  424. }
  426. // --------------------------------------------------------------------------
  427. // CBadApplicationAPIRequest::Execute_QueryUserPermission
  428. //
  429. // Arguments: <none>
  430. //
  431. // Returns: NTSTATUS
  432. //
  433. // Purpose: Handles API_BAM_TERMINATERUNNING. Terminates the given running
  434. // bad application so a different instance on a different
  435. // window station can start it.
  436. //
  437. // History: 2000-08-31 vtan created
  438. // --------------------------------------------------------------------------
  440. NTSTATUS CBadApplicationAPIRequest::Execute_TerminateRunning (void)
  442. {
  443. NTSTATUS status;
  444. SIZE_T dwNumberOfBytesRead;
  445. API_BAM_TERMINATERUNNING_IN *pAPIIn;
  446. API_BAM_TERMINATERUNNING_OUT *pAPIOut;
  447. WCHAR szImageName[MAX_PATH];
  449. pAPIIn = &reinterpret_cast<API_BAM*>(&_data)->apiSpecific.apiTerminateRunning.in;
  450. pAPIOut = &reinterpret_cast<API_BAM*>(&_data)->apiSpecific.apiTerminateRunning.out;
  451. if (ReadProcessMemory(_pAPIDispatcher->GetClientProcess(),
  452. pAPIIn->pszImageName,
  453. szImageName,
  454. pAPIIn->cchImageName * sizeof(WCHAR),
  455. &dwNumberOfBytesRead) != FALSE)
  456. {
  457. HANDLE hToken;
  459. // Get the client token and for membership of the local administrators
  460. // group. DO NOT IMPERSONATE THE CLIENT. This will almost certainly
  461. // guarantee that the process cannot be terminated.
  463. status = OpenClientToken(hToken);
  464. if (NT_SUCCESS(status))
  465. {
  466. CTokenInformation tokenInformationClient(hToken);
  468. if (tokenInformationClient.IsUserAnAdministrator())
  469. {
  470. HANDLE hProcess;
  471. CBadApplication badApplication(szImageName);
  473. // Query information on the bad application
  474. // (get back the process handle).
  476. status = s_pBadApplicationManager->QueryInformation(badApplication, hProcess);
  477. if (NT_SUCCESS(status))
  478. {
  479. do
  480. {
  481. status = CBadApplicationManager::PerformTermination(hProcess, true);
  482. TBOOL(CloseHandle(hProcess));
  483. } while (NT_SUCCESS(status) &&
  484. NT_SUCCESS(s_pBadApplicationManager->QueryInformation(badApplication, hProcess)));
  485. }
  487. // If the information could not be found then it's
  488. // probably not running. This indicates success.
  490. else
  491. {
  492. status = STATUS_SUCCESS;
  493. }
  494. }
  495. else
  496. {
  497. status = STATUS_ACCESS_DENIED;
  498. }
  499. TBOOL(CloseHandle(hToken));
  500. }
  501. }
  502. else
  503. {
  504. status = CStatusCode::StatusCodeOfLastError();
  505. }
  506. pAPIOut->fResult = NT_SUCCESS(status);
  507. SetDataLength(sizeof(API_BAM));
  508. return(status);
  509. }
  511. // --------------------------------------------------------------------------
  512. // CBadApplicationAPIRequest::Execute_RequestSwitchUser
  513. //
  514. // Arguments: <none>
  515. //
  516. // Returns: NTSTATUS
  517. //
  518. // Purpose: Handles API_BAM_REQUESTSWITCHUSER. Request from
  519. // winlogon/msgina to switch a user. Terminate all bad
  520. // applications related to disconnect. Reject the disconnect if
  521. // it fails.
  522. //
  523. // History: 2000-11-02 vtan created
  524. // --------------------------------------------------------------------------
  526. NTSTATUS CBadApplicationAPIRequest::Execute_RequestSwitchUser (void)
  528. {
  529. API_BAM_REQUESTSWITCHUSER_OUT *pAPIOut;
  531. pAPIOut = &reinterpret_cast<API_BAM*>(&_data)->apiSpecific.apiRequestSwitchUser.out;
  532. pAPIOut->fAllowSwitch = NT_SUCCESS(s_pBadApplicationManager->RequestSwitchUser());
  533. SetDataLength(sizeof(API_BAM));
  534. return(STATUS_SUCCESS);
  535. }
  537. #endif /* _X86_ */