archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
4.9 GiB
Tree: 5c6fe3db62
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '5c6fe3db62'
${ noResults }
windows-server-2003/com/ole32/dcomss/olescm/execclt.cxx

371 lines
9.4 KiB
Raw Normal View History

commiting as it is
4 years ago
  2. /*************************************************************************
  3. *
  4. * execclt.c
  5. *
  6. * Exec service client.
  7. *
  8. * This allows the starting of a program on any Terminal Server Session under
  9. * the account of the logged on user, or the SYSTEM account for services.
  10. *
  11. * copyright notice: Copyright 1998, Microsoft Corporation
  12. *
  13. *
  14. *
  15. *************************************************************************/
  17. #include "act.hxx"
  18. extern "C" {
  19. #include <execsrv.h>
  20. #include <winsta.h>
  21. }
  25. //
  26. // Forward references
  27. //
  29. PWCHAR
  30. MarshallString(
  31. PWCHAR pSource,
  32. PCHAR pBase,
  33. ULONG MaxSize,
  34. PCHAR *ppPtr,
  35. PULONG pCount,
  36. BOOL bMulti = FALSE
  37. );
  43. /*****************************************************************************
  44. *
  45. * CreateRemoteSessionProcess
  46. *
  47. * Create a process on the given Terminal Server Session
  48. *
  49. * ENTRY:
  50. * SessionId (input)
  51. * SessionId of Session to create process on
  52. *
  53. * Param1 (input/output)
  54. * Comments
  55. *
  56. * EXIT:
  57. * STATUS_SUCCESS - no error
  58. *
  59. ****************************************************************************/
  61. BOOL
  62. CreateRemoteSessionProcess(
  63. ULONG SessionId,
  64. HANDLE hSaferToken,
  65. BOOL System,
  66. PWCHAR lpszImageName,
  67. PWCHAR lpszCommandLine,
  68. PSECURITY_ATTRIBUTES psaProcess,
  69. PSECURITY_ATTRIBUTES psaThread,
  70. BOOL fInheritHandles,
  71. DWORD fdwCreate,
  72. LPVOID lpvEnvironment,
  73. LPWSTR lpszCurDir,
  74. LPSTARTUPINFOW pStartInfo,
  75. LPPROCESS_INFORMATION pProcInfo
  76. )
  77. {
  78. BOOL Result;
  79. HANDLE hPipe = NULL;
  80. WCHAR szPipeName[EXECSRVPIPENAMELEN];
  81. PCHAR ptr;
  82. ULONG Count, AmountWrote, AmountRead;
  83. DWORD MyProcId;
  84. PEXECSRV_REQUEST pReq;
  85. EXECSRV_REPLY Rep;
  86. CHAR Buf[EXECSRV_BUFFER_SIZE];
  87. ULONG MaxSize = EXECSRV_BUFFER_SIZE;
  88. ULONG ReturnLen;
  90. if( lpszImageName )
  91. CairoleDebugOut((DEB_TRACE, "EXECCLIENT: lpszImageName %ws\n",lpszImageName));
  93. if( lpszCommandLine )
  94. CairoleDebugOut((DEB_TRACE, "EXECCLIENT: lpszCommandLine %ws\n",lpszCommandLine));
  96. // Winlogon handles all now. System flag tells it what to do
  97. Result = WinStationQueryInformation( NULL, SessionId, WinStationExecSrvSystemPipe, szPipeName, sizeof(szPipeName), &ReturnLen );
  98. if ( !Result ) {
  99. CairoleDebugOut((DEB_ERROR, "WinStationQueryInformation for the EXECSRV pipe name failed\n"));
  100. return(FALSE);
  101. }
  104. while (TRUE) {
  106. hPipe = CreateFileW(
  107. szPipeName,
  108. GENERIC_READ|GENERIC_WRITE,
  109. 0, // File share mode
  110. NULL, // default security
  111. OPEN_EXISTING,
  112. 0, // Attrs and flags
  113. NULL // template file handle
  114. );
  116. if( hPipe == INVALID_HANDLE_VALUE ) {
  118. if (GetLastError() == ERROR_PIPE_BUSY) {
  120. if (!WaitNamedPipe( szPipeName, 30000 )) { // 30 sec
  122. CairoleDebugOut((DEB_ERROR, "EXECCLIENT: Waited too long for pipe name %ws\n", szPipeName));
  123. return(FALSE);
  124. }
  125. } else {
  127. CairoleDebugOut((DEB_ERROR, "EXECCLIENT: Could not create pipe name %ws\n", szPipeName));
  128. return(FALSE);
  129. }
  130. } else {
  132. break;
  133. }
  134. }
  136. /*
  137. * Get the handle to the current process
  138. */
  139. MyProcId = GetCurrentProcessId();
  141. /*
  142. * setup the marshalling
  143. */
  144. ptr = Buf;
  145. Count = 0;
  147. pReq = (PEXECSRV_REQUEST)ptr;
  148. ptr += sizeof(EXECSRV_REQUEST);
  149. Count += sizeof(EXECSRV_REQUEST);
  151. // set the basic parameters
  152. pReq->hToken = hSaferToken;
  153. pReq->System = System;
  154. pReq->RequestingProcessId = MyProcId;
  155. pReq->fInheritHandles = fInheritHandles;
  156. pReq->fdwCreate = fdwCreate;
  158. // marshall the ImageName string
  159. if( lpszImageName ) {
  160. pReq->lpszImageName = MarshallString( lpszImageName, Buf, MaxSize, &ptr, &Count );
  161. }
  162. else {
  163. pReq->lpszImageName = NULL;
  164. }
  166. // marshall in the CommandLine string
  167. if( lpszCommandLine ) {
  168. pReq->lpszCommandLine = MarshallString( lpszCommandLine, Buf, MaxSize, &ptr, &Count );
  169. }
  170. else {
  171. pReq->lpszCommandLine = NULL;
  172. }
  174. // marshall in the CurDir string
  175. if( lpszCurDir ) {
  176. pReq->lpszCurDir = MarshallString( lpszCurDir, Buf, MaxSize, &ptr, &Count );
  177. }
  178. else {
  179. pReq->lpszCurDir = NULL;
  180. }
  182. // marshall in the StartupInfo structure
  183. RtlMoveMemory( &pReq->StartInfo, pStartInfo, sizeof(STARTUPINFO) );
  185. // Now marshall the strings in STARTUPINFO
  186. if( pStartInfo->lpDesktop ) {
  187. pReq->StartInfo.lpDesktop = MarshallString( pStartInfo->lpDesktop, Buf, MaxSize, &ptr, &Count );
  188. }
  189. else {
  190. pReq->StartInfo.lpDesktop = NULL;
  191. }
  193. if( pStartInfo->lpTitle ) {
  194. pReq->StartInfo.lpTitle = MarshallString( pStartInfo->lpTitle, Buf, MaxSize, &ptr, &Count );
  195. }
  196. else {
  197. pReq->StartInfo.lpTitle = NULL;
  198. }
  200. if( lpvEnvironment ) {
  201. pReq->lpvEnvironment = MarshallString( (PWCHAR)lpvEnvironment, Buf, MaxSize, &ptr, &Count, TRUE );
  202. }
  203. else {
  204. pReq->lpvEnvironment = NULL;
  205. }
  207. //
  208. // WARNING: This version does not pass the following:
  209. //
  210. // Also saProcess and saThread are ignored right now and use
  211. // the users default security on the remote WinStation
  212. //
  213. // Set things that are always NULL
  214. //
  215. pReq->StartInfo.lpReserved = NULL; // always NULL
  217. // now fill in the total count
  218. pReq->Size = Count;
  220. /*
  221. * Now send the buffer out to the server
  222. */
  223. Result = WriteFile(
  224. hPipe,
  225. Buf,
  226. Count,
  227. &AmountWrote,
  228. NULL
  229. );
  231. if( !Result ) {
  232. CairoleDebugOut((DEB_ERROR, "EXECCLIENT: Error %d sending request\n",GetLastError()));
  233. goto Cleanup;
  234. }
  236. /*
  237. * Now read the reply
  238. */
  239. Result = ReadFile(
  240. hPipe,
  241. &Rep,
  242. sizeof(Rep),
  243. &AmountRead,
  244. NULL
  245. );
  247. if( !Result ) {
  248. CairoleDebugOut((DEB_ERROR, "EXECCLIENT: Error %d reading reply\n",GetLastError()));
  249. goto Cleanup;
  250. }
  252. /*
  253. * Check the result
  254. */
  255. if( !Rep.Result ) {
  256. CairoleDebugOut((DEB_ERROR, "EXECCLIENT: Error %d in reply\n",Rep.LastError));
  257. // set the error in the current thread to the returned error
  258. Result = Rep.Result;
  259. SetLastError( Rep.LastError );
  260. goto Cleanup;
  261. }
  263. /*
  264. * We copy the PROCESS_INFO structure from the reply
  265. * to the caller.
  266. *
  267. * The remote site has duplicated the handles into our
  268. * process space for hProcess and hThread so that they will
  269. * behave like CreateProcessW()
  270. */
  272. RtlMoveMemory( pProcInfo, &Rep.ProcInfo, sizeof( PROCESS_INFORMATION ) );
  274. Cleanup:
  275. CloseHandle(hPipe);
  277. CairoleDebugOut((DEB_TRACE, "EXECCLIENT: Result 0x%x\n", Result));
  279. return(Result);
  280. }
  282. /*****************************************************************************
  283. *
  284. * MarshallString
  285. *
  286. * Marshall in a UNICODE_NULL terminated WCHAR string
  287. *
  288. * ENTRY:
  289. * pSource (input)
  290. * Pointer to source string
  291. *
  292. * pBase (input)
  293. * Base buffer pointer for normalizing the string pointer
  294. *
  295. * MaxSize (input)
  296. * Maximum buffer size available
  297. *
  298. * ppPtr (input/output)
  299. * Pointer to the current context pointer in the marshall buffer.
  300. * This is updated as data is marshalled into the buffer
  301. *
  302. * pCount (input/output)
  303. * Current count of data in the marshall buffer.
  304. * This is updated as data is marshalled into the buffer
  305. *
  306. * bMulti (optional input)
  307. * If TRUE then marshall in a multi UNICODE string. Each string are
  308. * UNICODE_NULL terminated and the multi string is terminated with a double
  309. * UNICODE_NULL. The default value is FALSE.
  310. *
  311. * EXIT:
  312. * NULL - Error
  313. * !=NULL "normalized" pointer to the string in reference to pBase
  314. *
  315. ****************************************************************************/
  317. PWCHAR
  318. MarshallString(
  319. PWCHAR pSource,
  320. PCHAR pBase,
  321. ULONG MaxSize,
  322. PCHAR *ppPtr,
  323. PULONG pCount,
  324. BOOL bMulti
  325. )
  326. {
  327. SIZE_T Len;
  328. PCHAR ptr;
  330. if (bMulti) {
  332. Len = 0;
  334. for (PWCHAR pStr = pSource; *pStr; ) {
  336. SIZE_T StrLen = wcslen( pStr ) + 1; // include the NULL
  338. Len += StrLen;
  339. pStr += StrLen;
  341. // bail out if too long
  342. if( (*pCount + (Len * sizeof(WCHAR))) > MaxSize ) {
  343. return( NULL );
  344. }
  345. }
  347. Len++; // include last NULL
  349. } else {
  350. Len = wcslen( pSource );
  351. Len++; // include the NULL
  352. }
  354. Len *= sizeof(WCHAR); // convert to bytes
  356. if( (*pCount + Len) > MaxSize ) {
  357. return( NULL );
  358. }
  360. RtlMoveMemory( *ppPtr, pSource, Len );
  362. // the normalized ptr is the current count - Sundown: zero-extended value.
  363. ptr = (PCHAR)ULongToPtr(*pCount);
  365. *ppPtr += Len;
  366. *pCount += (ULONG) Len;
  368. return((PWCHAR)ptr);
  369. }