archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
1.5 GiB
Branch: master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
windows-server-2003/termsrv/wtsapi/wtsapi32.c

550 lines
15 KiB
Raw Permalink Normal View History

commiting as it is
4 years ago
  1. /*******************************************************************************
  2. * wtsapi32.c
  3. *
  4. * Published Terminal Server APIs
  5. *
  6. * Copyright 1998, Citrix Systems Inc.
  7. * Copyright (C) 1997-1999 Microsoft Corp.
  8. /******************************************************************************/
  10. #include <nt.h>
  11. #include <ntrtl.h>
  12. #include <nturtl.h>
  13. #include <ntddkbd.h>
  14. #include <ntddmou.h>
  15. #include <windows.h>
  16. #include <winbase.h>
  17. #include <winerror.h>
  19. #if(WINVER >= 0x0500)
  20. #include <ntstatus.h>
  21. #include <winsta.h>
  22. #else
  23. #include <citrix\cxstatus.h>
  24. #include <citrix\winsta.h>
  25. #endif
  26. #include <utildll.h>
  28. #include <stdio.h>
  29. #include <stdarg.h>
  32. #include <wtsapi32.h>
  34. // Private User function that returns user token for session 0 only
  35. // Used in the case when TS is not running
  36. extern
  37. HANDLE
  38. GetCurrentUserTokenW (
  39. WCHAR Winsta[],
  40. DWORD DesiredAccess
  41. );
  45. /*=============================================================================
  46. == External procedures defined
  47. =============================================================================*/
  49. BOOL WINAPI WTSShutdownSystem( HANDLE, DWORD );
  50. BOOL WINAPI WTSWaitSystemEvent( HANDLE, DWORD, DWORD * );
  51. VOID WINAPI WTSFreeMemory( PVOID pMemory );
  52. BOOL WINAPI WTSQueryUserToken(ULONG SessionId, PHANDLE phToken);
  57. /*=============================================================================
  58. == Internal procedures defined
  59. =============================================================================*/
  61. BOOL WINAPI DllEntryPoint( HINSTANCE, DWORD, LPVOID );
  62. BOOL IsTerminalServiceRunning(VOID);
  63. BOOL IsProcessPrivileged(CONST PCWSTR szPrivilege);
  67. /*=============================================================================
  68. == Local function prototypes
  69. =============================================================================*/
  71. BOOLEAN CheckShutdownPrivilege();
  74. /****************************************************************************
  75. *
  76. * WTSShutdowSystem
  77. *
  78. * Shutdown and/or reboot system
  79. *
  80. * ENTRY:
  81. * hServer (input)
  82. * Terminal Server handle (or WTS_CURRENT_SERVER)
  83. * ShutdownFlags (input)
  84. * Flags which specify shutdown options.
  85. *
  86. * EXIT:
  87. *
  88. * TRUE -- The operation succeeded.
  89. *
  90. * FALSE -- The operation failed. Extended error status is available
  91. * using GetLastError.
  92. *
  93. ****************************************************************************/
  95. BOOL
  96. WINAPI
  97. WTSShutdownSystem(
  98. IN HANDLE hServer,
  99. IN DWORD ShutdownFlags
  100. )
  101. {
  102. ULONG uiOptions = 0;
  104. // Make sure the user has the proper privilege to shutdown the system when
  105. // hServer is a local server handle. For remote server, the user privilege
  106. // is checked when WTSOpenServer is called.
  108. if (hServer == SERVERNAME_CURRENT && !CheckShutdownPrivilege()) {
  109. SetLastError(ERROR_PRIVILEGE_NOT_HELD);
  110. return(FALSE);
  111. }
  113. // Construct the shutdown flag
  115. if (ShutdownFlags == WTS_WSD_LOGOFF) {
  116. // log off all users and deletes sessions
  117. uiOptions = WSD_LOGOFF;
  118. } else if (ShutdownFlags == WTS_WSD_SHUTDOWN) {
  119. uiOptions = WSD_LOGOFF | WSD_SHUTDOWN;
  120. } else if (ShutdownFlags == WTS_WSD_REBOOT) {
  121. uiOptions = WSD_LOGOFF | WSD_SHUTDOWN | WSD_REBOOT;
  122. } else if (ShutdownFlags == WTS_WSD_POWEROFF) {
  123. uiOptions = WSD_LOGOFF | WSD_SHUTDOWN | WSD_POWEROFF;
  124. } else if (ShutdownFlags == WTS_WSD_FASTREBOOT) {
  125. uiOptions = WSD_FASTREBOOT | WSD_REBOOT;
  126. } else {
  127. SetLastError(ERROR_INVALID_PARAMETER);
  128. return FALSE;
  129. }
  131. return( WinStationShutdownSystem( hServer, uiOptions ));
  133. }
  136. /****************************************************************************
  137. *
  138. * WTSWaitSystemEvent
  139. *
  140. * Waits for an event (WinStation create, delete, connect, etc) before
  141. * returning to the caller.
  142. *
  143. * ENTRY:
  144. * hServer (input)
  145. * Terminal Server handle (or WTS_CURRENT_SERVER)
  146. * EventFlags (input)
  147. * Bit mask that specifies which event(s) to wait for (WTS_EVENT_?)
  148. * pEventFlags (output)
  149. * Bit mask of event(s) that occurred.
  150. *
  151. * EXIT:
  152. *
  153. * TRUE -- The operation succeeded.
  154. *
  155. * FALSE -- The operation failed. Extended error status is available
  156. * using GetLastError.
  157. *
  158. ****************************************************************************/
  160. BOOL
  161. WINAPI
  162. WTSWaitSystemEvent(
  163. IN HANDLE hServer,
  164. IN DWORD EventMask,
  165. OUT DWORD * pEventFlags
  166. )
  167. {
  168. BOOL fSuccess;
  169. ULONG WSEventMask;
  170. ULONG WSEventFlags = 0;
  172. if (IsBadWritePtr(pEventFlags, sizeof(DWORD))) {
  174. SetLastError(ERROR_INVALID_PARAMETER);
  175. return FALSE;
  177. }
  180. /*
  181. * Map event mask
  182. */
  183. WSEventMask = 0;
  184. if ( EventMask & WTS_EVENT_CREATE )
  185. WSEventMask |= WEVENT_CREATE;
  186. if ( EventMask & WTS_EVENT_DELETE )
  187. WSEventMask |= WEVENT_DELETE;
  188. if ( EventMask & WTS_EVENT_RENAME )
  189. WSEventMask |= WEVENT_RENAME;
  190. if ( EventMask & WTS_EVENT_CONNECT )
  191. WSEventMask |= WEVENT_CONNECT;
  192. if ( EventMask & WTS_EVENT_DISCONNECT )
  193. WSEventMask |= WEVENT_DISCONNECT;
  194. if ( EventMask & WTS_EVENT_LOGON )
  195. WSEventMask |= WEVENT_LOGON;
  196. if ( EventMask & WTS_EVENT_LOGOFF )
  197. WSEventMask |= WEVENT_LOGOFF;
  198. if ( EventMask & WTS_EVENT_STATECHANGE )
  199. WSEventMask |= WEVENT_STATECHANGE;
  200. if ( EventMask & WTS_EVENT_LICENSE )
  201. WSEventMask |= WEVENT_LICENSE;
  203. if ( EventMask & WTS_EVENT_FLUSH )
  204. WSEventMask |= WEVENT_FLUSH;
  206. /*
  207. * Wait for system event
  208. */
  209. fSuccess = WinStationWaitSystemEvent( hServer, WSEventMask, &WSEventFlags );
  211. /*
  212. * Map event mask
  213. */
  214. *pEventFlags = 0;
  215. if ( WSEventFlags & WEVENT_CREATE )
  216. *pEventFlags |= WTS_EVENT_CREATE;
  217. if ( WSEventFlags & WEVENT_DELETE )
  218. *pEventFlags |= WTS_EVENT_DELETE;
  219. if ( WSEventFlags & WEVENT_RENAME )
  220. *pEventFlags |= WTS_EVENT_RENAME;
  221. if ( WSEventFlags & WEVENT_CONNECT )
  222. *pEventFlags |= WTS_EVENT_CONNECT;
  223. if ( WSEventFlags & WEVENT_DISCONNECT )
  224. *pEventFlags |= WTS_EVENT_DISCONNECT;
  225. if ( WSEventFlags & WEVENT_LOGON )
  226. *pEventFlags |= WTS_EVENT_LOGON;
  227. if ( WSEventFlags & WEVENT_LOGOFF )
  228. *pEventFlags |= WTS_EVENT_LOGOFF;
  229. if ( WSEventFlags & WEVENT_STATECHANGE )
  230. *pEventFlags |= WTS_EVENT_STATECHANGE;
  231. if ( WSEventFlags & WEVENT_LICENSE )
  232. *pEventFlags |= WTS_EVENT_LICENSE;
  234. return( fSuccess );
  235. }
  238. /****************************************************************************
  239. *
  240. * WTSFreeMemory
  241. *
  242. * Free memory allocated by Terminal Server APIs
  243. *
  244. * ENTRY:
  245. * pMemory (input)
  246. * Pointer to memory to free
  247. *
  248. * EXIT:
  249. * nothing
  250. *
  251. ****************************************************************************/
  253. VOID
  254. WINAPI
  255. WTSFreeMemory( PVOID pMemory )
  256. {
  257. LocalFree( pMemory );
  258. }
  261. /****************************************************************************
  262. *
  263. * DllEntryPoint
  264. *
  265. * Function is called when the DLL is loaded and unloaded.
  266. *
  267. * ENTRY:
  268. * hinstDLL (input)
  269. * Handle of DLL module
  270. * fdwReason (input)
  271. * Why function was called
  272. * lpvReserved (input)
  273. * Reserved; must be NULL
  274. *
  275. * EXIT:
  276. * TRUE - Success
  277. * FALSE - Error occurred
  278. *
  279. ****************************************************************************/
  281. BOOL WINAPI
  282. DllEntryPoint( HINSTANCE hinstDLL,
  283. DWORD fdwReason,
  284. LPVOID lpvReserved )
  285. {
  286. switch ( fdwReason ) {
  287. case DLL_PROCESS_ATTACH:
  288. break;
  290. case DLL_PROCESS_DETACH:
  291. break;
  293. default:
  294. break;
  295. }
  297. return( TRUE );
  298. }
  301. /*****************************************************************************
  302. *
  303. * CheckShutdownPrivilege
  304. *
  305. * Check whether the current process has shutdown permission.
  306. *
  307. * ENTRY:
  308. *
  309. * EXIT:
  310. *
  311. *
  312. ****************************************************************************/
  314. BOOLEAN
  315. CheckShutdownPrivilege()
  316. {
  317. NTSTATUS Status;
  318. BOOLEAN WasEnabled;
  320. //
  321. // Try the thread token first
  322. //
  324. Status = RtlAdjustPrivilege(SE_SHUTDOWN_PRIVILEGE,
  325. TRUE,
  326. TRUE,
  327. &WasEnabled);
  329. if (Status == STATUS_NO_TOKEN) {
  331. //
  332. // No thread token, use the process token
  333. //
  335. Status = RtlAdjustPrivilege(SE_SHUTDOWN_PRIVILEGE,
  336. TRUE,
  337. FALSE,
  338. &WasEnabled);
  339. }
  341. if (!NT_SUCCESS(Status)) {
  342. return(FALSE);
  343. }
  344. return(TRUE);
  345. }
  347. /*++
  349. Routine Description:
  351. Allows to read the token of the user interactively logged in the session identified by SessionId.
  352. The caller must be running under local system account and hold SE_TCB_NAME privilege. This API
  353. is intended for highly trusted services. Service Providers using it must be very cautious not to
  354. leak user tokens.
  356. NOTE : The API is RPC based and hence cannot be called with the loader lock held (specifically
  357. from DLL attach/detach code)
  359. Arguments:
  361. SessionId: IN. Identifies the session the user is logged in.
  362. phToken: OUT. Points to the user token handle, if the function succeeded.
  364. Return Values:
  366. TRUE in case of success. phToken points to the user token.
  367. FALSE in case of failure. Use GetLastError() to get extended error code.
  369. The token returned is a duplicate of a primary token.
  371. --*/
  374. BOOL
  375. WINAPI
  376. WTSQueryUserToken(ULONG SessionId, PHANDLE phToken)
  377. {
  379. BOOL IsTsUp = FALSE;
  380. BOOL Result, bHasPrivilege;
  381. ULONG ReturnLength;
  382. WINSTATIONUSERTOKEN Info;
  383. NTSTATUS Status;
  384. HANDLE hUserToken = NULL;
  385. SECURITY_QUALITY_OF_SERVICE SecurityQualityOfService;
  387. // Do parameter Validation
  388. if (NULL == phToken) {
  389. SetLastError(ERROR_INVALID_PARAMETER);
  390. return(FALSE);
  391. }
  393. // We will first check if the process which is calling us, has SE_TCB_NAME privilege
  394. bHasPrivilege = IsProcessPrivileged(SE_TCB_NAME);
  395. if (!bHasPrivilege) {
  396. SetLastError(ERROR_PRIVILEGE_NOT_HELD);
  397. return(FALSE);
  398. }
  400. // If it is session 0, don't call winsta. Use GetCurrentUserToken instead.
  401. if (SessionId == 0)
  402. {
  403. hUserToken = GetCurrentUserTokenW(L"WinSta0",
  404. TOKEN_QUERY |
  405. TOKEN_DUPLICATE |
  406. TOKEN_ASSIGN_PRIMARY
  407. );
  409. if (hUserToken == NULL)
  410. return FALSE;
  411. else
  412. *phToken = hUserToken;
  413. }
  414. else // Non-zero sessions
  415. {
  416. // No one except TS has any idea about non-zero sessions. So, check if the TS is running.
  417. IsTsUp = IsTerminalServiceRunning();
  418. if (IsTsUp)
  419. { // This is so that CSRSS can dup the handle to our process
  420. Info.ProcessId = LongToHandle(GetCurrentProcessId());
  421. Info.ThreadId = LongToHandle(GetCurrentThreadId());
  423. Result = WinStationQueryInformation(
  424. SERVERNAME_CURRENT,
  425. SessionId,
  426. WinStationUserToken,
  427. &Info,
  428. sizeof(Info),
  429. &ReturnLength
  430. );
  432. if( !Result )
  433. return FALSE;
  434. else
  435. *phToken = Info.UserToken ;
  436. }
  437. else
  438. { // TS is not running. So, set error for non-zero sessions: WINSTATION_NOT_FOUND.
  439. SetLastError(ERROR_CTX_WINSTATION_NOT_FOUND);
  440. return FALSE;
  441. }
  442. }
  444. return TRUE;
  445. }
  447. // This function determines if the Terminal Service is currently Running
  448. BOOL IsTerminalServiceRunning (VOID)
  449. {
  451. BOOL bReturn = FALSE;
  452. SC_HANDLE hServiceController;
  454. hServiceController = OpenSCManager(NULL, NULL, GENERIC_READ);
  455. if (hServiceController) {
  456. SC_HANDLE hTermServ ;
  457. hTermServ = OpenService(hServiceController, L"TermService", SERVICE_QUERY_STATUS);
  458. if (hTermServ) {
  459. SERVICE_STATUS tTermServStatus;
  460. if (QueryServiceStatus(hTermServ, &tTermServStatus)) {
  461. bReturn = (tTermServStatus.dwCurrentState == SERVICE_RUNNING);
  462. } else {
  463. CloseServiceHandle(hTermServ);
  464. CloseServiceHandle(hServiceController);
  465. return FALSE;
  466. }
  467. CloseServiceHandle(hTermServ);
  468. } else {
  469. CloseServiceHandle(hServiceController);
  470. return FALSE;
  471. }
  472. CloseServiceHandle(hServiceController);
  473. } else {
  474. return FALSE;
  475. }
  477. return bReturn;
  478. }
  481. /*++
  482. Routine Description:
  484. This function checks to see if the specified privilege is enabled
  485. in the primary access token for the current thread.
  487. Arguments:
  489. szPrivilege - The privilege to be checked for
  491. Return Value:
  493. TRUE if the specified privilege is enabled, FALSE otherwise.
  495. --*/
  496. BOOL
  497. IsProcessPrivileged(
  498. CONST PCWSTR szPrivilege
  499. )
  501. {
  502. LUID luidValue; // LUID (locally unique ID) for the privilege
  503. BOOL bResult = FALSE, bHasPrivilege = FALSE;
  504. HANDLE hToken = NULL;
  505. PRIVILEGE_SET privilegeSet;
  507. // Get the LUID for the privilege from the privilege name
  508. bResult = LookupPrivilegeValue(
  509. NULL,
  510. szPrivilege,
  511. &luidValue
  512. );
  514. if (!bResult) {
  515. return FALSE;
  516. }
  518. // Get the token of the present thread
  519. bResult = OpenThreadToken(
  520. GetCurrentThread(),
  521. MAXIMUM_ALLOWED,
  522. FALSE,
  523. &hToken
  524. );
  526. if (!bResult) {
  527. // We want to use the token for the current process
  528. bResult = OpenProcessToken(
  529. GetCurrentProcess(),
  530. MAXIMUM_ALLOWED,
  531. &hToken
  532. );
  533. if (!bResult) {
  534. return FALSE;
  535. }
  536. }
  538. // And check for the privilege
  539. privilegeSet.PrivilegeCount = 1;
  540. privilegeSet.Control = PRIVILEGE_SET_ALL_NECESSARY;
  541. privilegeSet.Privilege[0].Luid = luidValue;
  542. privilegeSet.Privilege[0].Attributes = SE_PRIVILEGE_ENABLED;
  544. bResult = PrivilegeCheck(hToken, &privilegeSet, &bHasPrivilege);
  546. CloseHandle(hToken);
  548. return (bResult && bHasPrivilege);
  549. }