archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
4.9 GiB
Branch: master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
windows-server-2003/windows/core/ntuser/server/reclient.c

478 lines
12 KiB
Raw Permalink Normal View History

commiting as it is
4 years ago
  1. /******************************************************************************\
  3. Copyright (c) 2000 Microsoft Corporation
  5. Module Name:
  6. reclient.c
  8. Abstract:
  9. Implements access to the DW creation pipe.
  11. Revision History:
  12. created derekm 10/15/00
  14. \******************************************************************************/
  16. #include "precomp.h"
  17. #include <pchrexec.h>
  19. static CONST WCHAR wszHangPipe[] = ERRORREP_HANG_PIPENAME;
  21. BOOL MyCallNamedPipe(
  22. LPCWSTR wszPipe,
  23. LPVOID pvIn,
  24. DWORD cbIn,
  25. LPVOID pvOut,
  26. DWORD cbOut,
  27. DWORD *pcbRead,
  28. DWORD dwWaitPipe,
  29. DWORD dwWaitRead)
  30. {
  31. HRESULT hr = NOERROR;
  32. HANDLE hPipe = INVALID_HANDLE_VALUE;
  33. HANDLE hev = NULL;
  34. DWORD dwStart = GetTickCount(), dwNow, dw;
  35. BOOL fRet = FALSE;
  36. OVERLAPPED ol;
  37. DWORD dwMode = PIPE_READMODE_MESSAGE | PIPE_WAIT;
  38. DWORD cbRead = 0;
  40. UserAssert(wszPipe != NULL);
  41. UserAssert(pvIn != NULL);
  42. UserAssert(pvOut != NULL);
  43. UserAssert(pcbRead != NULL);
  45. *pcbRead = 0;
  47. for(;;) {
  48. hPipe = CreateFileW(wszPipe, GENERIC_READ | GENERIC_WRITE,
  49. FILE_SHARE_READ | FILE_SHARE_WRITE,
  50. NULL, OPEN_EXISTING,
  51. FILE_FLAG_OVERLAPPED | SECURITY_IDENTIFICATION |
  52. SECURITY_SQOS_PRESENT | SECURITY_CONTEXT_TRACKING,
  53. NULL);
  54. if (hPipe != INVALID_HANDLE_VALUE) {
  55. break;
  56. }
  58. fRet = WaitNamedPipeW(wszPipe, dwWaitPipe);
  59. if (!fRet) {
  60. goto done;
  61. }
  63. dwNow = GetTickCount();
  64. if (dwNow < dwStart) {
  65. dw = ((DWORD)-1 - dwStart) + dwNow;
  66. } else {
  67. dw = dwNow - dwStart;
  68. }
  70. if (dw >= dwWaitPipe) {
  71. dwWaitPipe = 0;
  72. } else {
  73. dwWaitPipe -= dw;
  74. }
  75. }
  78. // Default open is readmode byte stream- change to message mode.
  79. fRet = SetNamedPipeHandleState(hPipe, &dwMode, NULL, NULL);
  80. if (!fRet) {
  81. goto done;
  82. }
  84. // we need an event for the overlapped structure
  85. hev = CreateEventW(NULL, TRUE, FALSE, NULL);
  86. if (hev == NULL) {
  87. fRet = FALSE;
  88. goto done;
  89. }
  91. // populate the overlapped stuff
  92. ZeroMemory(&ol, sizeof(ol));
  93. ol.hEvent = hev;
  95. if (GetSystemMetrics(SM_SHUTTINGDOWN)) {
  96. SetLastError(WAIT_TIMEOUT);
  97. fRet = FALSE;
  98. goto done;
  99. }
  101. fRet = TransactNamedPipe(hPipe, pvIn, cbIn, pvOut, cbOut, &cbRead, &ol);
  102. if (GetLastError() != ERROR_IO_PENDING) {
  103. if (fRet) {
  104. SetEvent(hev);
  105. } else {
  106. goto done;
  107. }
  108. }
  110. dw = WaitForSingleObject(hev, dwWaitRead);
  111. if (dw != WAIT_OBJECT_0) {
  112. if (dw == WAIT_TIMEOUT) {
  113. SetLastError(WAIT_TIMEOUT);
  114. fRet = FALSE;
  115. }
  116. goto done;
  117. }
  119. fRet = GetOverlappedResult(hPipe, &ol, &cbRead, FALSE);
  120. if (fRet == FALSE) {
  121. goto done;
  122. }
  124. *pcbRead = cbRead;
  126. hr = NOERROR;
  128. done:
  129. if (hPipe != INVALID_HANDLE_VALUE) {
  130. CloseHandle(hPipe);
  131. }
  133. if (hev != NULL) {
  134. CloseHandle(hev);
  135. }
  137. return fRet;
  138. }
  141. // ***************************************************************************
  142. LPWSTR MarshallString(
  143. LPWSTR wszSrc,
  144. PBYTE pBase,
  145. ULONG cbMaxBuf,
  146. PBYTE *ppToWrite,
  147. DWORD *pcbWritten)
  148. {
  149. DWORD cb;
  150. PBYTE pwszNormalized;
  152. cb = (wcslen(wszSrc) + 1) * sizeof(WCHAR);
  154. if ((*pcbWritten + cb) > cbMaxBuf) {
  155. return NULL;
  156. }
  158. RtlMoveMemory(*ppToWrite, wszSrc, cb);
  160. // the normalized ptr is the current count
  161. pwszNormalized = (PBYTE)(*ppToWrite - pBase);
  163. // cb is always a mutliple of sizeof(WHCAR) so the pointer addition below
  164. // always produces a result that is 2byte aligned (assuming the input was
  165. // 2byte aligned of course)
  166. *ppToWrite += cb;
  167. *pcbWritten += cb;
  169. return (LPWSTR)pwszNormalized;
  170. }
  172. BOOL StartHangReport(
  173. ULONG ulSessionId,
  174. LPWSTR wszEventName,
  175. DWORD dwpidHung,
  176. DWORD dwtidHung,
  177. BOOL f64Bit,
  178. HANDLE *phProcDumprep)
  179. {
  180. SPCHExecServHangRequest *pesreq;
  181. SPCHExecServHangReply esrep;
  182. DWORD cbRead, cbReq;
  183. CONST WCHAR *pwszPipeName = wszHangPipe;
  184. LPBYTE pBuffer, pBuf;
  185. BOOL fRet = FALSE;
  187. /*
  188. * Validate params.
  189. */
  190. UserAssert(wszEventName);
  191. UserAssert(phProcDumprep != NULL);
  192. UserAssert(dwpidHung != 0 && dwtidHung != 0);
  194. *phProcDumprep = NULL;
  196. /*
  197. * Setup the marshalling - make sure that pBuf is aligned on a 2byte
  198. * boundary beacause we'll be writing WCHAR buffers to it.
  199. */
  200. pBuffer = LocalAlloc(LPTR, ERRORREP_PIPE_BUF_SIZE);
  201. if (pBuffer == NULL) {
  202. goto done;
  203. }
  204. pesreq = (SPCHExecServHangRequest *)pBuffer;
  205. cbReq = sizeof(SPCHExecServHangRequest) +
  206. (sizeof(WCHAR) -
  207. (sizeof(SPCHExecServHangRequest) % sizeof(WCHAR)));
  208. pBuf = pBuffer + cbReq;
  210. // set the basic parameters
  211. pesreq->cbESR = sizeof(SPCHExecServHangRequest);
  212. pesreq->pidReqProcess = GetCurrentProcessId();
  213. pesreq->ulSessionId = ulSessionId;
  214. pesreq->dwpidHung = dwpidHung;
  215. pesreq->dwtidHung = dwtidHung;
  216. pesreq->fIs64bit = f64Bit;
  219. // marshall all the strings we send across the wire.
  220. pesreq->wszEventName = (UINT64)MarshallString(wszEventName,
  221. pBuffer,
  222. ERRORREP_PIPE_BUF_SIZE,
  223. &pBuf,
  224. &cbReq);
  225. if (pesreq->wszEventName == 0) {
  226. goto done;
  227. }
  229. // set the total size of the message
  230. pesreq->cbTotal = cbReq;
  232. if (GetSystemMetrics(SM_SHUTTINGDOWN)) {
  233. SetLastError(WAIT_TIMEOUT);
  234. fRet = FALSE;
  235. goto done;
  236. }
  238. /*
  239. * Send the buffer out to the server - wait at most 2m for this to
  240. * succeed. If it times out, bail.
  241. */
  242. fRet = MyCallNamedPipe(pwszPipeName,
  243. pBuffer,
  244. cbReq,
  245. &esrep,
  246. sizeof(esrep),
  247. &cbRead,
  248. 120000,
  249. 120000);
  250. if (fRet == FALSE) {
  251. goto done;
  252. }
  254. // Check the result
  255. fRet = (esrep.ess == essOk);
  256. if (fRet == FALSE) {
  257. SetLastError(esrep.dwErr);
  258. goto done;
  259. }
  261. *phProcDumprep = esrep.hProcess;
  263. done:
  264. if (pBuffer != NULL) {
  265. LocalFree(pBuffer);
  266. }
  268. return fRet;
  269. }
  271. // ***************************************************************************
  272. NTSTATUS AllocDefSD(
  273. SECURITY_DESCRIPTOR *psd,
  274. DWORD dwOALS,
  275. DWORD dwWA)
  276. {
  277. SID_IDENTIFIER_AUTHORITY siaNT = SECURITY_NT_AUTHORITY;
  278. SID_IDENTIFIER_AUTHORITY siaWorld = SECURITY_WORLD_SID_AUTHORITY;
  279. PTOKEN_USER ptu = NULL;
  280. NTSTATUS Status;
  281. HANDLE hToken = NULL;
  282. DWORD cb, cbGot;
  283. PACL pacl = NULL;
  284. PSID psidOwner = NULL;
  285. PSID psidLS = NULL;
  286. PSID psidWorld = NULL;
  287. PSID psidAnon = NULL;
  289. UserAssert(psd != NULL);
  291. Status = RtlCreateSecurityDescriptor(psd, SECURITY_DESCRIPTOR_REVISION);
  292. if (!NT_SUCCESS(Status)) {
  293. goto done;
  294. }
  296. // get the SID for the creator / owner
  297. Status = NtOpenThreadToken(GetCurrentThread(), TOKEN_READ, TRUE, &hToken);
  298. if (Status == STATUS_NO_TOKEN) {
  299. Status = NtOpenProcessToken(GetCurrentProcess(), TOKEN_READ, &hToken);
  300. }
  301. if (!NT_SUCCESS(Status)) {
  302. goto done;
  303. }
  305. Status = NtQueryInformationToken(hToken, TokenUser, NULL, 0, &cb);
  306. if (!NT_SUCCESS(Status) && Status != STATUS_BUFFER_TOO_SMALL) {
  307. goto done;
  308. }
  310. ptu = LocalAlloc(LPTR, cb);
  311. if (ptu == NULL) {
  312. Status = STATUS_NO_MEMORY;
  313. goto done;
  314. }
  316. Status = NtQueryInformationToken(hToken, TokenUser, (LPVOID)ptu, cb, &cbGot);
  317. if (!NT_SUCCESS(Status)) {
  318. goto done;
  319. }
  321. // make a copy of the owner SID so we can use it in the owner & group field
  322. cb = RtlLengthSid(ptu->User.Sid);
  323. psidOwner = (PSID)LocalAlloc(LMEM_FIXED, cb);
  324. if (psidOwner == NULL) {
  325. Status = STATUS_NO_MEMORY;
  326. goto done;
  327. }
  329. Status = RtlCopySid(cb, psidOwner, ptu->User.Sid);
  330. if (!NT_SUCCESS(Status)) {
  331. goto done;
  332. }
  334. // get the SID for local system acct
  335. Status = RtlAllocateAndInitializeSid(&siaNT,
  336. 1,
  337. SECURITY_LOCAL_SYSTEM_RID,
  338. 0, 0, 0, 0, 0, 0, 0,
  339. &psidLS);
  340. if (!NT_SUCCESS(Status)) {
  341. goto done;
  342. }
  344. cb = sizeof(ACL) + RtlLengthSid(psidLS) + RtlLengthSid(psidOwner) +
  345. 2 * (sizeof(ACCESS_ALLOWED_ACE) - sizeof(DWORD));
  347. if (dwWA != 0) {
  348. // get the SID for the world (everyone)
  349. Status = RtlAllocateAndInitializeSid(&siaNT,
  350. 1,
  351. SECURITY_ANONYMOUS_LOGON_RID,
  352. 0, 0, 0, 0, 0, 0, 0,
  353. &psidWorld);
  355. // get the SID for the anonymous users acct
  356. Status = RtlAllocateAndInitializeSid(&siaWorld,
  357. 1,
  358. SECURITY_WORLD_RID,
  359. 0, 0, 0, 0, 0, 0, 0,
  360. &psidAnon);
  361. if (!NT_SUCCESS(Status)) {
  362. goto done;
  363. }
  365. cb += RtlLengthSid(psidWorld) + RtlLengthSid(psidAnon) +
  366. 2 * (sizeof(ACCESS_ALLOWED_ACE) - sizeof(DWORD));
  367. }
  369. // make the DACL
  370. pacl = (PACL)LocalAlloc(LMEM_FIXED, cb);
  371. if (pacl == NULL) {
  372. Status = STATUS_NO_MEMORY;
  373. goto done;
  374. }
  376. Status = RtlCreateAcl(pacl, cb, ACL_REVISION);
  377. if (!NT_SUCCESS(Status)) {
  378. goto done;
  379. }
  381. Status = RtlAddAccessAllowedAce(pacl, ACL_REVISION, dwOALS, psidOwner);
  382. if (!NT_SUCCESS(Status)) {
  383. goto done;
  384. }
  386. Status = RtlAddAccessAllowedAce(pacl, ACL_REVISION, dwOALS, psidLS);
  387. if (!NT_SUCCESS(Status)) {
  388. goto done;
  389. }
  391. if (dwWA != 0) {
  392. Status = RtlAddAccessAllowedAce(pacl, ACL_REVISION, dwWA, psidWorld);
  393. if (!NT_SUCCESS(Status)) {
  394. goto done;
  395. }
  397. Status = RtlAddAccessAllowedAce(pacl, ACL_REVISION, dwWA, psidAnon);
  398. if (!NT_SUCCESS(Status)) {
  399. goto done;
  400. }
  401. }
  403. // set the SD owner
  404. Status = RtlSetOwnerSecurityDescriptor(psd, psidOwner, TRUE);
  405. if (!NT_SUCCESS(Status)) {
  406. goto done;
  407. }
  409. // set the SD group
  410. Status = RtlSetGroupSecurityDescriptor(psd, psidOwner, FALSE);
  411. if (!NT_SUCCESS(Status)) {
  412. goto done;
  413. }
  415. // set the SD dacl
  416. Status = RtlSetDaclSecurityDescriptor(psd, TRUE, pacl, FALSE);
  417. if (!NT_SUCCESS(Status)) {
  418. goto done;
  419. }
  421. psidOwner = NULL;
  422. pacl = NULL;
  424. done:
  426. if (hToken != NULL) {
  427. CloseHandle(hToken);
  428. }
  430. if (psidLS != NULL) {
  431. RtlFreeSid(psidLS);
  432. }
  434. if (psidWorld != NULL) {
  435. RtlFreeSid(psidWorld);
  436. }
  438. if (psidAnon != NULL) {
  439. RtlFreeSid(psidAnon);
  440. }
  442. if (psidOwner != NULL) {
  443. LocalFree(psidOwner);
  444. }
  446. if (pacl != NULL) {
  447. LocalFree(pacl);
  448. }
  450. if (ptu != NULL) {
  451. LocalFree(ptu);
  452. }
  454. return Status;
  455. }
  457. // ***************************************************************************
  458. VOID FreeDefSD(
  459. SECURITY_DESCRIPTOR *psd)
  460. {
  461. BOOLEAN f1, f2;
  462. PSID psid = NULL;
  463. PACL pacl = NULL;
  465. UserAssert(psd != NULL);
  467. if (NT_SUCCESS(RtlGetOwnerSecurityDescriptor(psd, &psid, &f1))) {
  468. if (psid != NULL) {
  469. LocalFree(psid);
  470. }
  471. }
  473. if (NT_SUCCESS(RtlGetDaclSecurityDescriptor(psd, &f1, &pacl, &f2))) {
  474. if (pacl != NULL) {
  475. LocalFree(pacl);
  476. }
  477. }
  478. }