|
|
/**************************************************************************\
* Module Name: server.c** Server support routines for the CSR stuff.** Copyright (c) 1985 - 1999, Microsoft Corporation** Created: 10-Dec-90** History:* 10-Dec-90 created by sMeans*\**************************************************************************/
#include "precomp.h"
#pragma hdrstop
#include <dbt.h>
#include <ntdddisk.h>
#include "ntuser.h"
#include <regstr.h>
HANDLE hKeyPriority;UNICODE_STRING PriorityValueName;IO_STATUS_BLOCK IoStatusRegChange;ULONG RegChangeBuffer;HANDLE ghNlsEvent;BOOL gfLogon;HANDLE ghPowerRequestEvent;HANDLE ghMediaRequestEvent;
#define ID_NLS 0
#define ID_POWER 1
#define ID_MEDIACHANGE 2
#define ID_NETDEVCHANGE 3
#define ID_NUM_EVENTS 4
//
// Name of event to pulse to request a device-arrival broadcast,
//
#define SC_BSM_EVENT_NAME L"ScNetDrvMsg"
//
// What the net drive bitmask was when we last broadcast (initially 0)
//
DWORD LastNetDrives;
HANDLE CsrApiPort;HANDLE CsrQueryApiPort(VOID);
ULONGSrvExitWindowsEx( IN OUT PCSR_API_MSG m, IN OUT PCSR_REPLY_STATUS ReplyStatus);
ULONGSrvEndTask( IN OUT PCSR_API_MSG m, IN OUT PCSR_REPLY_STATUS ReplyStatus);
ULONGSrvLogon( IN OUT PCSR_API_MSG m, IN OUT PCSR_REPLY_STATUS ReplyStatus);
ULONGSrvRegisterServicesProcess( IN OUT PCSR_API_MSG m, IN OUT PCSR_REPLY_STATUS ReplyStatus);
ULONGSrvActivateDebugger( IN OUT PCSR_API_MSG m, IN OUT PCSR_REPLY_STATUS ReplyStatus);
ULONGSrvGetThreadConsoleDesktop( IN OUT PCSR_API_MSG m, IN OUT PCSR_REPLY_STATUS ReplyStatus);
ULONGSrvDeviceEvent( IN OUT PCSR_API_MSG m, IN OUT PCSR_REPLY_STATUS ReplyStatus);
ULONGSrvRegisterLogonProcess( IN OUT PCSR_API_MSG m, IN OUT PCSR_REPLY_STATUS ReplyStatus);
#if DBG
ULONGSrvWin32HeapFail( IN OUT PCSR_API_MSG m, IN OUT PCSR_REPLY_STATUS ReplyStatus);
ULONGSrvWin32HeapStat( IN OUT PCSR_API_MSG m, IN OUT PCSR_REPLY_STATUS ReplyStatus);#endif
ULONG SrvCreateSystemThreads( IN OUT PCSR_API_MSG m, IN OUT PCSR_REPLY_STATUS ReplyStatus);
ULONG SrvRecordShutdownReason( IN OUT PCSR_API_MSG m, IN OUT PCSR_REPLY_STATUS ReplyStatus);
CONST PCSR_API_ROUTINE UserServerApiDispatchTable[] = { SrvExitWindowsEx, SrvEndTask, SrvLogon, SrvRegisterServicesProcess, SrvActivateDebugger, SrvGetThreadConsoleDesktop, SrvDeviceEvent, SrvRegisterLogonProcess, SrvCreateSystemThreads, SrvRecordShutdownReason,#if DBG
SrvWin32HeapFail, SrvWin32HeapStat,#endif
};
BOOLEAN UserServerApiServerValidTable[] = { FALSE, // ExitWindowsEx
FALSE, // EndTask
FALSE, // Logon
FALSE, // RegisterServicesProcess
FALSE, // ActivateDebugger
TRUE, // GetThreadConsoleDesktop
FALSE, // DeviceEvent
FALSE, // RegisterLogonProcess
FALSE, // CreateSystemThreads
TRUE, // RecordShutdownReason
#if DBG
FALSE, // Win32HeapFail
FALSE, // Win32HeapStat
#endif
};
#if DBG
CONST PSZ UserServerApiNameTable[] = { "SrvExitWindowsEx", "SrvEndTask", "SrvLogon", "SrvRegisterServicesProcess", "SrvActivateDebugger", "SrvGetThreadConsoleDesktop", "SrvDeviceEvent", "SrvRegisterLogonProcess", "SrvCreateSystemThreads", "SrvRecordShutdownReason" "SrvWin32HeapFail", "SrvWin32HeapStat",};#endif // DBG
NTSTATUS UserServerDllInitialization( PCSR_SERVER_DLL psrvdll);
NTSTATUS UserClientConnect( PCSR_PROCESS Process, PVOID ConnectionInformation, PULONG pulConnectionLen);
VOID UserHardError( PCSR_THREAD pcsrt, PHARDERROR_MSG pmsg);
NTSTATUS UserClientShutdown( PCSR_PROCESS Process, ULONG dwFlags, BOOLEAN fFirstPass);
VOID StartRegReadRead( VOID);
VOID RegReadApcProcedure( PVOID RegReadApcContext, PIO_STATUS_BLOCK IoStatus);
NTSTATUS NotificationThread( PVOID);
VOID InitializeConsoleAttributes( VOID);
NTSTATUS GetThreadConsoleDesktop( DWORD dwThreadId, HDESK *phdesk);
NTSTATUS MyRegOpenKey(IN HANDLE hKey, IN LPWSTR lpSubKey, OUT PHANDLE phResult);
typedef BOOL (*PFNPROCESSCREATE)(DWORD, DWORD, ULONG_PTR, DWORD);BOOL BaseSetProcessCreateNotify( PFNPROCESSCREATE pfn);
VOID BaseSrvNlsUpdateRegistryCache( PVOID ApcContext, PIO_STATUS_BLOCK pIoStatusBlock);
NTSTATUS BaseSrvNlsLogon( BOOL fLogon);
NTSTATUS WinStationAPIInit( VOID);
/***************************************************************************\
* UserServerDllInitialization** Called by the CSR stuff to allow a server DLL to initialize itself and* provide information about the APIs it provides.** Several operations are performed during this initialization:** - The shared heap (client read-only) handle is initialized.* - The Raw Input Thread (RIT) is launched.* - GDI is initialized.** History:* 10-19-92 DarrinM Integrated xxxUserServerDllInitialize into this rtn.* 11-08-91 patrickh move GDI init here from DLL init routine.* 12-10-90 sMeans Created.\***************************************************************************/NTSTATUS UserServerDllInitialization( PCSR_SERVER_DLL psrvdll){ CLIENT_ID ClientId; BOOL bAllocated; NTSTATUS Status; HANDLE hThreadNotification;
if (RtlGetNtGlobalFlags() & FLG_SHOW_LDR_SNAPS) { RIPMSG0(RIP_WARNING, "UserServerDllInitialization: entered"); }
/*
* Initialize a critical section structure that will be used to protect * all of the User Server's critical sections. */ Status = RtlInitializeCriticalSection(&gcsUserSrv); if (!NT_SUCCESS(Status)) { RIPMSGF1(RIP_WARNING, "InitializeCriticalSection failed with Status 0x%x", Status); return Status; } EnterCrit();
/*
* Remember WINSRV.DLL's hmodule so we can grab resources from it later. */ ghModuleWin = psrvdll->ModuleHandle;
psrvdll->ApiNumberBase = USERSRV_FIRST_API_NUMBER; psrvdll->MaxApiNumber = UserpMaxApiNumber; psrvdll->ApiDispatchTable = UserServerApiDispatchTable;
if (ISTS()) { UserServerApiServerValidTable[0] = TRUE; // for ExitWindowsEx
}
psrvdll->ApiServerValidTable = UserServerApiServerValidTable;#if DBG
psrvdll->ApiNameTable = UserServerApiNameTable;#endif
psrvdll->ConnectRoutine = UserClientConnect; psrvdll->HardErrorRoutine = UserHardError; psrvdll->ShutdownProcessRoutine = UserClientShutdown;
/*
* Create the events used by shutdown. */ Status = NtCreateEvent(&gheventCancel, EVENT_ALL_ACCESS, NULL, NotificationEvent, FALSE); if (!NT_SUCCESS(Status)) { RIPMSG1(RIP_WARNING, "UserServerDllInitialization: NtCreateEvent failed with Status 0x%x", Status); goto ExitUserInit; } Status = NtCreateEvent(&gheventCancelled, EVENT_ALL_ACCESS, NULL, NotificationEvent, FALSE); if (!NT_SUCCESS(Status)) { RIPMSG1(RIP_WARNING, "UserServerDllInitialization: NtCreateEvent failed with Status 0x%x", Status); goto ExitUserInit; }
/*
* Create the event used by the power request code. */ Status = NtCreateEvent(&ghPowerRequestEvent, EVENT_ALL_ACCESS, NULL, SynchronizationEvent, FALSE); if (!NT_SUCCESS(Status)) { RIPMSG1(RIP_WARNING, "UserServerDllInitialization: NtCreateEvent failed with Status 0x%x", Status); goto ExitUserInit; }
/*
* Create the event used by the media change code. */ Status = NtCreateEvent(&ghMediaRequestEvent, EVENT_ALL_ACCESS, NULL, SynchronizationEvent, FALSE); if (!NT_SUCCESS(Status)) { RIPMSG1(RIP_WARNING, "UserServerDllInitialization: NtCreateEvent failed with Status 0x%x", Status); goto ExitUserInit; }
/*
* Create the event used by the nls code. */ Status = NtCreateEvent(&ghNlsEvent, EVENT_ALL_ACCESS, NULL, SynchronizationEvent, FALSE); if (!NT_SUCCESS(Status)) { RIPMSG1(RIP_WARNING, "UserServerDllInitialization: NtCreateEvent failed with Status 0x%x", Status); goto ExitUserInit; }
/*
* Tell the base what user address to call when it is creating a process * (but before the process starts running). */ BaseSetProcessCreateNotify(NtUserNotifyProcessCreate);
/*
* Load some strings. */ gpwszaSUCCESS = (PWSTR)RtlLoadStringOrError(ghModuleWin, STR_SUCCESS, NULL, &bAllocated, FALSE); gpwszaSYSTEM_INFORMATION = (PWSTR)RtlLoadStringOrError(ghModuleWin, STR_SYSTEM_INFORMATION, NULL, &bAllocated, FALSE); gpwszaSYSTEM_WARNING = (PWSTR)RtlLoadStringOrError(ghModuleWin, STR_SYSTEM_WARNING, NULL, &bAllocated, FALSE); gpwszaSYSTEM_ERROR = (PWSTR)RtlLoadStringOrError(ghModuleWin, STR_SYSTEM_ERROR, NULL, &bAllocated, FALSE); /*
* Initialize USER */
Status = NtUserInitialize(USERCURRENTVERSION, ghPowerRequestEvent, ghMediaRequestEvent);
if (!NT_SUCCESS(Status)) { RIPMSG1(RIP_WARNING, "NtUserInitialize failed with Status 0x%x", Status); goto ExitUserInit; }
if (ISTS()) { Status = WinStationAPIInit(); if (!NT_SUCCESS(Status)) { RIPMSG1(RIP_WARNING, "UserServerDllInitialization: WinStationAPIInit failed with Status 0x%x", Status); goto ExitUserInit; } }
/*
* Start registry notification thread */ Status = RtlCreateUserThread(NtCurrentProcess(), NULL, FALSE, 0, 0, 0, NotificationThread, NULL, &hThreadNotification, &ClientId); if (NT_SUCCESS(Status)) { UserVerify(CsrAddStaticServerThread(hThreadNotification, &ClientId, 0)); } else { RIPMSG1(RIP_WARNING, "UserServerDllInitialization: RtlCreateUserThread failed with Status 0x%x", Status); }
ExitUserInit: LeaveCrit(); return Status;}
/**************************************************************************\
* UserClientConnect** This function is called once for each client process that connects to the* User server. When the client dynlinks to USER.DLL, USER.DLL's init code* is executed and calls CsrClientConnectToServer to establish the connection.* The server portion of ConnectToServer calls out this entrypoint.** UserClientConnect first verifies version numbers to make sure the client* is compatible with this server and then completes all process-specific* initialization.** History:* 02-??-91 SMeans Created.* 04-02-91 DarrinM Added User intialization code.\**************************************************************************/
extern WORD gDispatchTableValues;
NTSTATUS UserClientConnect( PCSR_PROCESS Process, PVOID ConnectionInformation, PULONG pulConnectionLen){ NTSTATUS Status; /*
* Pass the api port to the kernel. Do this early so the kernel * can send a datagram to CSR to activate a debugger. */ if (CsrApiPort == NULL) { CsrApiPort = CsrQueryApiPort();
UserAssert(CsrApiPort != NULL);
Status = NtUserSetInformationThread( NtCurrentThread(), UserThreadCsrApiPort, &CsrApiPort, sizeof(HANDLE));
if (!NT_SUCCESS(Status)) { return Status; } }
UserAssert(*pulConnectionLen == sizeof(USERCONNECT)); if (*pulConnectionLen != sizeof(USERCONNECT)) { return STATUS_INVALID_PARAMETER; }
((PUSERCONNECT)ConnectionInformation)->dwDispatchCount = gDispatchTableValues; return NtUserProcessConnect(Process->ProcessHandle, (PUSERCONNECT)ConnectionInformation, *pulConnectionLen);}
VOID RegReadApcProcedure( PVOID RegReadApcContext, PIO_STATUS_BLOCK IoStatus){ UNICODE_STRING ValueString; LONG Status; BYTE Buf[sizeof(KEY_VALUE_PARTIAL_INFORMATION) + sizeof(DWORD)]; DWORD cbSize; ULONG l;
UNREFERENCED_PARAMETER(RegReadApcContext); UNREFERENCED_PARAMETER(IoStatus);
RtlInitUnicodeString(&ValueString, L"Win32PrioritySeparation"); Status = NtQueryValueKey(hKeyPriority, &ValueString, KeyValuePartialInformation, (PKEY_VALUE_PARTIAL_INFORMATION)Buf, sizeof(Buf), &cbSize); if (NT_SUCCESS(Status)) { l = *((PDWORD)((PKEY_VALUE_PARTIAL_INFORMATION)Buf)->Data); } else { l = PROCESS_PRIORITY_SEPARATION_MAX; // last resort default
}
NtSetSystemInformation(SystemPrioritySeperation,&l,sizeof(ULONG));
NtNotifyChangeKey(hKeyPriority, NULL, (PIO_APC_ROUTINE)RegReadApcProcedure, NULL, &IoStatusRegChange, REG_NOTIFY_CHANGE_LAST_SET, FALSE, &RegChangeBuffer, sizeof(RegChangeBuffer), TRUE);}
VOID StartRegReadRead( VOID){ UNICODE_STRING UnicodeString; OBJECT_ATTRIBUTES OA;
RtlInitUnicodeString(&UnicodeString, L"\\Registry\\Machine\\System\\CurrentControlSet\\Control\\PriorityControl"); InitializeObjectAttributes(&OA, &UnicodeString, OBJ_CASE_INSENSITIVE, NULL, NULL);
UserVerify(NT_SUCCESS(NtOpenKey(&hKeyPriority, KEY_READ | KEY_NOTIFY, &OA)));
RegReadApcProcedure(NULL, NULL);}
/***************************************************************************\
* HandlePowerCallout** This handles properly attaching to a desktop and calling into the kernel* to handle a power-related event.** History:* 11/20/2001 JasonSch Created.\***************************************************************************/VOID HandlePowerCallout( VOID){ NTSTATUS Status; USERTHREAD_USEDESKTOPINFO utudi;
/*
* Attach to the desktop before calling into the kernel. This is * necessary because (at least) if a window gets destroyed when we * callback in xxxxSendBSMtoDesktop, we will call xxxRedrawWindow, * which requires the calling thread to be on a desktop if the PWND * passed in is NULL. */ utudi.hThread = NULL; utudi.drdRestore.pdeskRestore = NULL; Status = NtUserSetInformationThread(NtCurrentThread(), UserThreadUseActiveDesktop, &utudi, sizeof(utudi)); if (NT_SUCCESS(Status)) { NtUserCallNoParam(SFI_XXXUSERPOWERCALLOUTWORKER);
/*
* Now unattach from the desktop. */ Status = NtUserSetInformationThread(NtCurrentThread(), UserThreadUseDesktop, &utudi, sizeof(utudi)); UserAssert(NT_SUCCESS(Status)); }}
/***************************************************************************\
* HandleMediaChangeEvent** This routine is responsible for broadcasting the WM_DEVICECHANGE message* when media arrives or is removed from a CD-ROM device.** History:* 23-Feb-96 BradG Modified to handle event per CD-ROM device* 23-April-96 Salimc Some CD-ROM drives notify us that media has* arrived before the drive has recognized that it had* new media. The call to DeviceIoctl() will fail in* this case. To fix this we made the following changes** aDriveState is an array of tri-state global variable* for each drive.Each variable starts off in an UNKNOWN* state and on the first event with any drive we do the* full MAX_TRIES or less CHECK_VERIFY's which then gets* us into either a INSERTED or EJECTED state. From then* on we know that each new event is going to be the* opposite of what we currently have.** UNKNOWN => do upto MAX_TRIES CHECK_VERIFY's with* delay to get into EJECTED or INSERTED state.** INSERTED => do 1 CHECK_VERIFY to get into* EJECTED state** EJECTED => do upto MAX_TRIES CHECK_VERIFY's with* delay to get into INSERTED state*\***************************************************************************/VOID HandleMediaChangeEvent( VOID){ /*
* Local variables */
DWORD dwRecipients; BOOL bResult; NTSTATUS Status; DEV_BROADCAST_VOLUME dbcvInfo; USERTHREAD_USEDESKTOPINFO utudi;
ULONG cDrive;
while (cDrive = (ULONG)NtUserCallNoParam(SFI_XXXGETDEVICECHANGEINFO)) {
/*
* Determine if it's an arrival or removal */ bResult = (cDrive & HMCE_ARRIVAL); cDrive &= ~HMCE_ARRIVAL;
/*
* Initialize the structures used for BroadcastSystemMessage */ dbcvInfo.dbcv_size = sizeof(dbcvInfo); dbcvInfo.dbcv_devicetype = DBT_DEVTYP_VOLUME; dbcvInfo.dbcv_reserved = 0; dbcvInfo.dbcv_flags = DBTF_MEDIA; dbcvInfo.dbcv_unitmask = cDrive;
dwRecipients = BSM_ALLCOMPONENTS | BSM_ALLDESKTOPS;
/*
* Temporarily we must assign this thread to a desktop so we can * call USER's BroascastSystemMessage() routine. We call the * private SetThreadDesktopToDefault() to assign ourselves to the * desktop that is currently receiving input. */ utudi.hThread = NULL; utudi.drdRestore.pdeskRestore = NULL; Status = NtUserSetInformationThread(NtCurrentThread(), UserThreadUseActiveDesktop, &utudi, sizeof(utudi)); if (NT_SUCCESS(Status)) { /*
* Broadcast the message */ BroadcastSystemMessage(BSF_FORCEIFHUNG | ((bResult) ? BSF_ALLOWSFW : 0), &dwRecipients, WM_DEVICECHANGE,// HACK: need to or 0x8000 in wParam
// because this is a flag to let
// BSM know that lParam is a pointer
// to a data structure.
0x8000 | ((bResult) ? DBT_DEVICEARRIVAL : DBT_DEVICEREMOVECOMPLETE), (LPARAM)&dbcvInfo);
/*
* Set our thread's desktop back to NULL. This will decrement * the desktop's reference count. */ NtUserSetInformationThread(NtCurrentThread(), UserThreadUseDesktop, &utudi, sizeof(utudi)); } }}
DWORDGetNetworkDrives( )/*++
Routine Description:
Returns a drive bitmask similar to GetLogicalDrives, but including only the network drives.
Arguments:
Return Value:
--*/{ DWORD Mask = 0; DWORD DriveNumber; PROCESS_DEVICEMAP_INFORMATION ProcessDeviceMapInfo;
if (NT_SUCCESS(NtQueryInformationProcess( NtCurrentProcess(), ProcessDeviceMap, &ProcessDeviceMapInfo.Query, sizeof( ProcessDeviceMapInfo.Query ), NULL ))) { // For all the drives from C to Z
for (DriveNumber = 2; DriveNumber < 26; DriveNumber++) { if (ProcessDeviceMapInfo.Query.DriveType[DriveNumber] == DOSDEVICE_DRIVE_REMOTE) { Mask |= (1 << DriveNumber); } } }
return Mask;}
VOIDHandleRemoteNetDeviceChangeEvent( )/*++
Routine Description:
Arguments:
Return Value:
--*/{ DWORD NetDrives; DEV_BROADCAST_VOLUME dbv; LONG status; USERTHREAD_USEDESKTOPINFO utudi;
/*
* Temporarily we must assign this thread to a desktop so we can * call USER's BroascastSystemMessage() routine. We call the * private SetThreadDesktopToDefault() to assign ourselves to the * desktop that is currently receiving input. */ utudi.hThread = NULL; utudi.drdRestore.pdeskRestore = NULL; status = NtUserSetInformationThread(NtCurrentThread(), UserThreadUseActiveDesktop, &utudi, sizeof(utudi)); if (!NT_SUCCESS(status)) { return; }
//
// Keep broadcasting until the set of net drives stops changing
//
for (;;) {
//
// Get the current net drive bitmask and compare against the net
// drive bitmask when we last broadcast
//
NetDrives = GetNetworkDrives();
if (NetDrives == LastNetDrives) { break; }
//
// Broadcast about deleted volumes
//
dbv.dbcv_size = sizeof(dbv); dbv.dbcv_devicetype = DBT_DEVTYP_VOLUME; dbv.dbcv_reserved = 0; dbv.dbcv_unitmask = LastNetDrives & ~NetDrives; dbv.dbcv_flags = DBTF_NET; if (dbv.dbcv_unitmask != 0) { DWORD dwRec = BSM_APPLICATIONS | BSM_ALLDESKTOPS; status = BroadcastSystemMessage( BSF_FORCEIFHUNG | BSF_NOHANG | BSF_NOTIMEOUTIFNOTHUNG, &dwRec, WM_DEVICECHANGE, (WPARAM) DBT_DEVICEREMOVECOMPLETE, (LPARAM)(DEV_BROADCAST_HDR*)(&dbv) );
}
//
// Broadcast about added volumes
//
dbv.dbcv_unitmask = NetDrives & ~LastNetDrives; if (dbv.dbcv_unitmask != 0) { DWORD dwRec = BSM_APPLICATIONS | BSM_ALLDESKTOPS;
status = BroadcastSystemMessage( BSF_FORCEIFHUNG | BSF_NOHANG | BSF_NOTIMEOUTIFNOTHUNG, &dwRec, WM_DEVICECHANGE, (WPARAM) DBT_DEVICEARRIVAL, (LPARAM)(DEV_BROADCAST_HDR*)(&dbv) );
}
//
// Remember the drive set that we last broadcast about
//
LastNetDrives = NetDrives;
//
// Go around the loop again to detect changes that may have occurred
// while we were broadcasting
//
}
/*
* Set our thread's desktop back to NULL. This will decrement * the desktop's reference count. */ NtUserSetInformationThread(NtCurrentThread(), UserThreadUseDesktop, &utudi, sizeof(utudi));
return;}
BOOLCreateBSMEventSD( PSECURITY_DESCRIPTOR * SecurityDescriptor )/*++
Routine Description:
This function creates a security descriptor for the BSM request event. It grants EVENT_ALL_ACCESS to local system and EVENT_MODIFY_STATE access to the rest of the world. This prevents principals other than local system from waiting for the event.
Arguments:
SecurityDescriptor - Receives a pointer to the new security descriptor. Should be freed with LocalFree.
Return Value:
TRUE - success
FALSE - failure, use GetLastError
--*/{ NTSTATUS Status; ULONG AclLength; PACL EventDacl; PSID WorldSid = NULL; PSID SystemSid = NULL; SID_IDENTIFIER_AUTHORITY NtSidAuthority = SECURITY_NT_AUTHORITY; SID_IDENTIFIER_AUTHORITY WorldSidAuthority = SECURITY_WORLD_SID_AUTHORITY; BOOL retval = TRUE;
*SecurityDescriptor = NULL;
Status = RtlAllocateAndInitializeSid( &NtSidAuthority, 1, SECURITY_LOCAL_SYSTEM_RID, 0, 0, 0, 0, 0, 0, 0, &SystemSid );
if (!NT_SUCCESS(Status)) { retval = FALSE; goto Cleanup; }
Status = RtlAllocateAndInitializeSid( &WorldSidAuthority, 1, SECURITY_WORLD_RID, 0, 0, 0, 0, 0, 0, 0, &WorldSid );
if (!NT_SUCCESS(Status)) { retval = FALSE; goto Cleanup; }
//
// Allocate a buffer to contain the SD followed by the DACL
// Note, the well-known SIDs are expected to have been created
// by this time
//
AclLength = (ULONG)sizeof(ACL) + (2*((ULONG)sizeof(ACCESS_ALLOWED_ACE))) + RtlLengthSid( SystemSid ) + RtlLengthSid( WorldSid ) + 8; // 8 is for good measure
*SecurityDescriptor = (PSECURITY_DESCRIPTOR) LocalAlloc( 0, SECURITY_DESCRIPTOR_MIN_LENGTH + AclLength );
if (*SecurityDescriptor == NULL) { retval = FALSE; goto Cleanup; }
EventDacl = (PACL) ((BYTE*)(*SecurityDescriptor) + SECURITY_DESCRIPTOR_MIN_LENGTH);
//
// Set up a default ACL
//
// Public: WORLD:EVENT_MODIFY_STATE, SYSTEM:all
Status = RtlCreateAcl( EventDacl, AclLength, ACL_REVISION2); if (!NT_SUCCESS(Status)) { retval = FALSE; goto Cleanup; }
//
// WORLD access
//
Status = RtlAddAccessAllowedAce ( EventDacl, ACL_REVISION2, EVENT_MODIFY_STATE, WorldSid ); if (!NT_SUCCESS(Status)) { retval = FALSE; goto Cleanup; }
//
// SYSTEM access
//
Status = RtlAddAccessAllowedAce ( EventDacl, ACL_REVISION2, EVENT_ALL_ACCESS, SystemSid ); if (!NT_SUCCESS(Status)) { retval = FALSE; goto Cleanup; }
//
// Now initialize security descriptors
// that export this protection
//
Status = RtlCreateSecurityDescriptor( *SecurityDescriptor, SECURITY_DESCRIPTOR_REVISION1 ); if (!NT_SUCCESS(Status)) { retval = FALSE; goto Cleanup; }
Status = RtlSetDaclSecurityDescriptor( *SecurityDescriptor, TRUE, // DaclPresent
EventDacl, FALSE // DaclDefaulted
);
if (!NT_SUCCESS(Status)) { retval = FALSE; goto Cleanup; }
Cleanup:
if (WorldSid) { RtlFreeSid(WorldSid); }
if (SystemSid) { RtlFreeSid(SystemSid); }
if ((retval == FALSE) && (*SecurityDescriptor != NULL)) { LocalFree(*SecurityDescriptor); *SecurityDescriptor = NULL; }
return retval;}
NTSTATUS NotificationThread( PVOID ThreadParameter){ KPRIORITY Priority; NTSTATUS Status; HANDLE hEvent[ID_NUM_EVENTS]; WCHAR szObjectStr[MAX_SESSION_PATH]; OBJECT_ATTRIBUTES Attributes; UNICODE_STRING UnicodeString; PSECURITY_DESCRIPTOR pSD = NULL; ULONG NumEvents = ID_NUM_EVENTS;
UNREFERENCED_PARAMETER(ThreadParameter);
Priority = LOW_PRIORITY + 3; Status = NtSetInformationThread(GetCurrentThread(), ThreadPriority, &Priority, sizeof(KPRIORITY)); UserAssert(NT_SUCCESS(Status));
UserAssert(ghNlsEvent && ghPowerRequestEvent && ghMediaRequestEvent);
/*
* Setup the NLS event. */ hEvent[ID_NLS] = ghNlsEvent;
/*
* Setup the power request event. */ hEvent[ID_POWER] = ghPowerRequestEvent;
/*
* Setup the MediaChangeEvent. */ hEvent[ID_MEDIACHANGE] = ghMediaRequestEvent;
/*
* Setup the NetDeviceChange Event (only on remote sessions). */ if (gSessionId != 0) { swprintf(szObjectStr, L"%ws\\%ld\\BaseNamedObjects\\%ws", SESSION_ROOT, gSessionId, SC_BSM_EVENT_NAME);
RtlInitUnicodeString(&UnicodeString, szObjectStr);
if (CreateBSMEventSD(&pSD)) { InitializeObjectAttributes(&Attributes, &UnicodeString, OBJ_CASE_INSENSITIVE | OBJ_OPENIF, NULL, pSD);
if (!NT_SUCCESS(NtCreateEvent(&hEvent[ID_NETDEVCHANGE], EVENT_ALL_ACCESS, &Attributes, SynchronizationEvent, FALSE))) { NumEvents--; }
LocalFree(pSD); } else { NumEvents--; } } else { NumEvents--; }
StartRegReadRead();
/*
* Sit and wait forever. */ while (TRUE) { Status = NtWaitForMultipleObjects(NumEvents, hEvent, WaitAny, TRUE, NULL); if (Status == ID_NLS + WAIT_OBJECT_0) { /*
* Handle the NLS event. */ if (gfLogon) { gfLogon = FALSE; BaseSrvNlsUpdateRegistryCache(NULL, NULL); } } else if (Status == ID_POWER + WAIT_OBJECT_0) { /*
* Handle the power request event. */ HandlePowerCallout(); } else if (Status == ID_MEDIACHANGE + WAIT_OBJECT_0) { /*
* Handle the media change event. */ HandleMediaChangeEvent();
NtResetEvent(hEvent[ID_MEDIACHANGE], NULL); } else if (Status == ID_NETDEVCHANGE + WAIT_OBJECT_0) { /*
* Handle the NetDevice change event for remote sessions. */ HandleRemoteNetDeviceChangeEvent(); } }
UserExitWorkerThread(STATUS_SUCCESS); return STATUS_SUCCESS;}
UINT GetRegIntFromID( HKEY hKey, int KeyID, UINT nDefault){ LPWSTR lpszValue; BOOL fAllocated; UNICODE_STRING Value; DWORD cbSize; BYTE Buf[sizeof(KEY_VALUE_PARTIAL_INFORMATION) + 20 * sizeof(WCHAR)]; NTSTATUS Status; UINT ReturnValue;
lpszValue = RtlLoadStringOrError(ghModuleWin, KeyID, NULL, &fAllocated, FALSE);
RtlInitUnicodeString(&Value, lpszValue); Status = NtQueryValueKey(hKey, &Value, KeyValuePartialInformation, (PKEY_VALUE_PARTIAL_INFORMATION)Buf, sizeof(Buf), &cbSize); if (NT_SUCCESS(Status)) {
/*
* Convert string to int. */ RtlInitUnicodeString(&Value, (LPWSTR)((PKEY_VALUE_PARTIAL_INFORMATION)Buf)->Data); RtlUnicodeStringToInteger(&Value, 10, &ReturnValue); } else { ReturnValue = nDefault; }
LocalFree(lpszValue);
return ReturnValue;}
VOID GetTimeouts( VOID){ HANDLE hCurrentUserKey; HANDLE hKey; NTSTATUS Status;
Status = RtlOpenCurrentUser(MAXIMUM_ALLOWED, &hCurrentUserKey); if (NT_SUCCESS(Status)) { Status = MyRegOpenKey(hCurrentUserKey, L"Control Panel\\Desktop", &hKey); if (NT_SUCCESS(Status)) { gCmsHungAppTimeout = GetRegIntFromID( hKey, STR_CMSHUNGAPPTIMEOUT, CMSHUNGAPPTIMEOUT); gCmsWaitToKillTimeout = GetRegIntFromID( hKey, STR_CMSWAITTOKILLTIMEOUT, CMSWAITTOKILLTIMEOUT);
/*
* Need to protect ourselves from users mucking about the registry. */ if (gCmsHungAppTimeout == 0) { gCmsHungAppTimeout = CMSHUNGAPPTIMEOUT; } gdwHungToKillCount = gCmsWaitToKillTimeout / gCmsHungAppTimeout;
gfAutoEndTask = GetRegIntFromID( hKey, STR_AUTOENDTASK, gfAutoEndTask); NtClose(hKey); } NtClose(hCurrentUserKey); }
Status = MyRegOpenKey(NULL, L"\\Registry\\Machine\\System\\CurrentControlSet\\Control", &hKey); if (NT_SUCCESS(Status)) { gdwServicesWaitToKillTimeout = GetRegIntFromID( hKey, STR_WAITTOKILLSERVICETIMEOUT, gCmsWaitToKillTimeout); gdwProcessTerminateTimeout = GetRegIntFromID( hKey, STR_PROCESSTERMINATETIMEOUT, PROCESSTERMINATETIMEOUT); if (gdwProcessTerminateTimeout < CMSHUNGAPPTIMEOUT) { gdwProcessTerminateTimeout = CMSHUNGAPPTIMEOUT; }
NtClose(hKey); }}
ULONGSrvLogon( IN OUT PCSR_API_MSG m, IN OUT PCSR_REPLY_STATUS ReplyStatus){ PLOGONMSG a = (PLOGONMSG)&m->u.ApiMessageData; NTSTATUS Status;
UNREFERENCED_PARAMETER(ReplyStatus);
if (!CsrImpersonateClient(NULL)) { return STATUS_UNSUCCESSFUL; }
if (a->fLogon) { /*
* Flush the MultiLingual UI (MUI) alternate resource modules from * within NTDLL, so that the new user logging-on gets his chance to * load his own. */ LdrFlushAlternateResourceModules();
/*
* Take care of NLS cache for LogON. */ BaseSrvNlsLogon(TRUE);
/*
* Set the cleanup event so that the RIT can handle the NLS * registry notification. */ gfLogon = TRUE; Status = NtSetEvent(ghNlsEvent, NULL); ASSERT(NT_SUCCESS(Status)); } else { /*
* Take care of NLS cache for LogOFF. */ BaseSrvNlsLogon(FALSE); }
/*
* Get timeout values from registry. */ GetTimeouts();
CsrRevertToSelf();
/*
* Initialize console attributes. */ InitializeConsoleAttributes();
return STATUS_SUCCESS;}
ULONGSrvRegisterLogonProcess( IN OUT PCSR_API_MSG m, IN OUT PCSR_REPLY_STATUS ReplyStatus){ NTSTATUS Status;
UNREFERENCED_PARAMETER(ReplyStatus);
/*
* Fail if this is not the first call. */ EnterCrit();
if (gIdLogon == 0) { gIdLogon = *(DWORD*)m->u.ApiMessageData; Status = STATUS_SUCCESS; } else { Status = STATUS_UNSUCCESSFUL; }
LeaveCrit();
return Status;}
#if DBG
ULONGSrvWin32HeapFail( IN OUT PCSR_API_MSG m, IN OUT PCSR_REPLY_STATUS ReplyStatus){ PWIN32HEAPFAILMSG a = (PWIN32HEAPFAILMSG)&m->u.ApiMessageData;
UNREFERENCED_PARAMETER(ReplyStatus);
Win32HeapFailAllocations(a->bFail);
return STATUS_SUCCESS;}
ULONGSrvWin32HeapStat( IN OUT PCSR_API_MSG m, IN OUT PCSR_REPLY_STATUS ReplyStatus){ extern DWORD Win32HeapStat(PDBGHEAPSTAT phs, DWORD dwLen, BOOL bNeedTagShift); PWIN32HEAPSTATMSG a = (PWIN32HEAPSTATMSG)&m->u.ApiMessageData;
UNREFERENCED_PARAMETER(ReplyStatus);
if (!CsrValidateMessageBuffer(m, &a->phs, a->dwLen, sizeof(BYTE))) { return STATUS_INVALID_PARAMETER; } a->dwMaxTag = Win32HeapStat(a->phs, a->dwLen, TRUE);
return STATUS_SUCCESS;}#endif
ULONGSrvGetThreadConsoleDesktop( IN OUT PCSR_API_MSG m, IN OUT PCSR_REPLY_STATUS ReplyStatus){ PGETTHREADCONSOLEDESKTOPMSG a = (PGETTHREADCONSOLEDESKTOPMSG)&m->u.ApiMessageData;
UNREFERENCED_PARAMETER(ReplyStatus);
return GetThreadConsoleDesktop(a->dwThreadId, &a->hdeskConsole);}
/***************************************************************************\
* FindWindowFromThread** This is a callback function passed to EnumThreadWindows by to find a top* level window owned by a given thread. Ideally, we want to find a top level* owner.** 07/18/96 GerardoB Created\***************************************************************************/BOOL CALLBACK FindWindowFromThread( HWND hwnd, LPARAM lParam){ BOOL fTopLevelOwner;
#ifdef FE_IME
if (IsImeWindow(hwnd)) { return TRUE; }#endif
fTopLevelOwner = (GetWindow(hwnd, GW_OWNER) == NULL); if (*((HWND *)lParam) == NULL || fTopLevelOwner) { *((HWND *)lParam) = hwnd; }
return !fTopLevelOwner;}
#if DBG
DWORD GetRipComponent( VOID){ return RIP_USERSRV;}#endif
/***************************************************************************\
* StartCreateSystemThreads** Simply calls xxxCreateSystemThreads which will calls to the right* thread routine (depending on uThreadID).** History:* 15-Mar-00 MHamid Created.\***************************************************************************/VOID StartCreateSystemThreads( PVOID pUnused){ PCSR_THREAD pt = CsrConnectToUser();
UNREFERENCED_PARAMETER(pUnused);
NtUserCallOneParam(FALSE, SFI_XXXCREATESYSTEMTHREADS);
if (pt) { CsrDereferenceThread(pt); }
UserExitWorkerThread(STATUS_SUCCESS);}
/***************************************************************************\
* SrvCreateSystemThreads** Just creates a thread (at StartCreateSystemThreads) and return.** History:* 15-Mar-00 MHamid Created.\***************************************************************************/ULONG SrvCreateSystemThreads( IN OUT PCSR_API_MSG m, IN OUT PCSR_REPLY_STATUS ReplyStatus){ NTSTATUS Status = STATUS_UNSUCCESSFUL; HANDLE UniqueProcessId; HANDLE hProcess; BOOL bRemoteThread; CLIENT_ID ClientId; PCREATESYSTEMTHREADSMSG pCreateSystemThreads = (PCREATESYSTEMTHREADSMSG)&m->u.ApiMessageData;
UNREFERENCED_PARAMETER(ReplyStatus);
if ((bRemoteThread = pCreateSystemThreads->bRemoteThread)) { LPTHREAD_START_ROUTINE ThreadStart = NULL; PCSR_PROCESS Process; HANDLE huser32 = GetModuleHandle(TEXT("user32.dll"));
if (huser32) { ThreadStart = (LPTHREAD_START_ROUTINE)GetProcAddress(huser32, "CreateSystemThreads"); }
if (ThreadStart) { UniqueProcessId = (HANDLE)NtUserCallNoParam(SFI_GETREMOTEPROCESSID);
Status = CsrLockProcessByClientId(UniqueProcessId, &Process); if (!NT_SUCCESS(Status)) { RIPMSG1(RIP_WARNING, "SrvCreateSystemThreads: CsrLockProcessByClientId failed for remote thread with Status 0x%x", Status); NtUserCallOneParam(TRUE, SFI_HANDLESYSTEMTHREADCREATIONFAILURE); return Status; } hProcess = Process->ProcessHandle;
Status = RtlCreateUserThread(hProcess, NULL, FALSE, 0, 0, 0x4000, ThreadStart, NULL, NULL, &ClientId); CsrUnlockProcess(Process); }
if (!NT_SUCCESS(Status)) { RIPMSG1(RIP_WARNING, "SrvCreateSystemThreads: Failed for remote thread with Status 0x%x", Status); NtUserCallOneParam(TRUE, SFI_HANDLESYSTEMTHREADCREATIONFAILURE); } } else { Status = CsrExecServerThread((PUSER_THREAD_START_ROUTINE)StartCreateSystemThreads, 0); if (!NT_SUCCESS(Status)) { RIPMSG1(RIP_WARNING, "SrvCreateSystemThreads: RtlCreateUserThread failed with Status 0x%x", Status); NtUserCallOneParam(FALSE, SFI_HANDLESYSTEMTHREADCREATIONFAILURE); } }
return Status;}
|
