archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
1.5 GiB
Tree: 5c6fe3db62
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '5c6fe3db62'
${ noResults }
windows-server-2003/inetsrv/iis/svcs/infocomm/extend/w3ssl_config.cxx

692 lines
18 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. /*++
  3. Copyright (c) 1997 Microsoft Corporation
  5. Module Name:
  7. w3ssl_config.cxx
  9. Abstract:
  11. IIS Services IISADMIN Extension
  12. adjust HTTPFilter service imagepath based on IIS mode (old vs new)
  14. Author:
  16. Jaroslav Dunajsky (11/05/2001)
  18. --*/
  20. #include <cominc.hxx>
  21. #include <string.h>
  22. #include "w3ssl_config.hxx"
  26. //static
  27. int W3SSL_CONFIG::s_fConfigTerminationRequested = FALSE;
  28. //static
  29. HANDLE W3SSL_CONFIG::s_hConfigChangeThread = NULL;
  30. //static
  31. LPWSTR W3SSL_CONFIG::s_pszImagePathInetinfo = NULL;
  32. //static
  33. LPWSTR W3SSL_CONFIG::s_pszImagePathLsass = NULL;
  34. //static
  35. LPWSTR W3SSL_CONFIG::s_pszImagePathSvchost = NULL;
  39. //static
  40. HRESULT
  41. W3SSL_CONFIG::SetHTTPFilterImagePath(
  42. BOOL fIIS5IsolationModeEnabled,
  43. BOOL fStartInSvchost
  44. )
  45. /*++
  47. Routine Description:
  49. Configure image path of the service to point either
  50. lsass.exe or inetinfo.exe based on the IIS Application
  51. Mode
  53. Arguments:
  55. fIIS5IsolationModeEnabled - TRUE if IIS runs in old mode
  56. FALSE if it runs in new mode
  57. fStartInSvchost - preferred location for HTTPFilter is svchost.exe
  58. Return Value:
  60. HRESULT
  62. --*/
  64. {
  65. SC_LOCK scLock = NULL;
  66. SC_HANDLE schSCManager = NULL;
  67. SC_HANDLE schHTTPFilterService = NULL;
  68. LPQUERY_SERVICE_CONFIG pServiceConfig = NULL;
  69. DWORD dwBytesNeeded = 0;
  70. HRESULT hr = E_FAIL;
  72. // Open a handle to the SC Manager database.
  74. schSCManager = OpenSCManagerW(
  75. NULL, // local machine
  76. NULL, // ServicesActive database
  77. SC_MANAGER_ALL_ACCESS ); // full access rights
  79. if ( schSCManager == NULL )
  80. {
  81. hr = HRESULT_FROM_WIN32( GetLastError() );
  82. goto Finished;
  83. }
  85. schHTTPFilterService = OpenServiceW(
  86. schSCManager, // SCM database
  87. HTTPFILTER_SERVICE_NAME, // service name
  88. SERVICE_ALL_ACCESS);
  90. if ( schHTTPFilterService == NULL )
  91. {
  92. hr = HRESULT_FROM_WIN32( GetLastError() );
  93. goto Finished;
  94. }
  96. //
  97. // Get the configuration information.
  98. // - to find out the current image path of the
  99. // HTTPFilter service
  100. //
  102. if ( !QueryServiceConfigW(
  103. schHTTPFilterService,
  104. pServiceConfig,
  105. 0,
  106. &dwBytesNeeded ) )
  107. {
  108. if ( GetLastError() == ERROR_INSUFFICIENT_BUFFER )
  109. {
  110. pServiceConfig = reinterpret_cast<LPQUERY_SERVICE_CONFIG> (
  111. new char[dwBytesNeeded] );
  112. if ( pServiceConfig == NULL )
  113. {
  114. hr = HRESULT_FROM_WIN32( ERROR_OUTOFMEMORY );
  115. goto Finished;
  116. }
  117. if ( !QueryServiceConfigW(
  118. schHTTPFilterService,
  119. pServiceConfig,
  120. dwBytesNeeded,
  121. &dwBytesNeeded ) )
  122. {
  123. hr = HRESULT_FROM_WIN32( GetLastError() );
  124. goto Finished;
  125. }
  126. }
  127. else
  128. {
  129. hr = HRESULT_FROM_WIN32( GetLastError() );
  130. goto Finished;
  131. }
  132. }
  134. //
  135. // reconfigure image path of HTTPFilter if necessary
  136. //
  137. if ( ( fIIS5IsolationModeEnabled &&
  138. _wcsicmp( pServiceConfig->lpBinaryPathName,
  139. s_pszImagePathInetinfo ) != 0 ) ||
  140. ( !fIIS5IsolationModeEnabled &&
  141. _wcsicmp( pServiceConfig->lpBinaryPathName,
  142. s_pszImagePathLsass ) != 0 &&
  143. _wcsicmp( pServiceConfig->lpBinaryPathName,
  144. s_pszImagePathSvchost ) != 0 )
  146. )
  147. {
  149. //
  150. // figure out what image path to configure
  151. //
  152. WCHAR * pszImagePath = ( fIIS5IsolationModeEnabled )?
  153. s_pszImagePathInetinfo :
  154. ( ( fStartInSvchost )?
  155. s_pszImagePathSvchost:
  156. s_pszImagePathLsass );
  158. if ( fIIS5IsolationModeEnabled )
  159. {
  160. BOOL fSave = FALSE;
  161. //
  162. // check if we need to store image path information
  163. // before changing
  164. //
  165. if ( _wcsicmp( pServiceConfig->lpBinaryPathName,
  166. s_pszImagePathLsass ) == 0 &&
  167. fStartInSvchost )
  168. {
  169. fStartInSvchost = FALSE;
  170. fSave = TRUE;
  171. }
  172. if ( _wcsicmp( pServiceConfig->lpBinaryPathName,
  173. s_pszImagePathSvchost ) == 0 &&
  174. !fStartInSvchost )
  175. {
  176. fStartInSvchost = TRUE;
  177. fSave = TRUE;
  178. }
  179. if ( fSave )
  180. {
  181. //
  182. // let's flag in the registry which one lsass and svchost
  183. // was hosting the HTTPFilter service
  184. //
  185. DWORD dwValue = (DWORD) fStartInSvchost;
  186. DWORD dwErr;
  187. HKEY hKeyParam;
  190. if ( ( dwErr = RegOpenKeyExW( HKEY_LOCAL_MACHINE,
  191. HTTPFILTER_PARAMETERS_KEY,
  192. 0,
  193. KEY_WRITE,
  194. &hKeyParam ) ) == NO_ERROR )
  195. {
  196. dwErr = RegSetValueExW( hKeyParam,
  197. L"StartInSvchost",
  198. NULL,
  199. REG_DWORD,
  200. ( LPBYTE )&dwValue,
  201. sizeof( dwValue )
  202. );
  203. //
  204. // Ignore the error.
  205. //
  207. RegCloseKey( hKeyParam );
  208. }
  210. if ( dwErr != NO_ERROR )
  211. {
  212. DBGPRINTF(( DBG_CONTEXT,
  213. "Failed to write to registry to path %S (hr = %d)\n",
  214. HTTPFILTER_PARAMETERS_KEY,
  215. HRESULT_FROM_WIN32( dwErr )));
  216. }
  219. }
  221. }
  223. //
  224. // loop to acquire service database lock
  225. //
  226. for ( ; ; )
  227. {
  228. scLock = LockServiceDatabase( schSCManager );
  229. if ( scLock == NULL )
  230. {
  231. if ( GetLastError() == ERROR_SERVICE_DATABASE_LOCKED )
  232. {
  233. if ( s_fConfigTerminationRequested == TRUE )
  234. {
  235. //
  236. // if W3SSL_CONFIG::Terminate() is called
  237. // while this function is still waiting for service
  238. // to get locked, we simply bail out.
  239. // ImagePath will not be changed
  240. //
  241. hr = HRESULT_FROM_WIN32( ERROR_OPERATION_ABORTED );
  242. goto Finished;
  243. }
  245. Sleep( 1000 );
  246. continue;
  247. }
  248. else
  249. {
  250. hr = HRESULT_FROM_WIN32( GetLastError() );
  251. goto Finished;
  252. }
  253. }
  255. if ( s_fConfigTerminationRequested == TRUE )
  256. {
  257. //
  258. // if W3SSL_CONFIG::Terminate() is called
  259. // while this function is still waiting for service
  260. // to get locked, we simply bail out.
  261. // ImagePath will not be changed
  262. //
  263. hr = HRESULT_FROM_WIN32( ERROR_OPERATION_ABORTED );
  264. goto Finished;
  265. }
  267. break;
  268. }
  270. if ( !ChangeServiceConfigW(
  271. schHTTPFilterService, // handle of service
  272. SERVICE_NO_CHANGE, // service type
  273. SERVICE_NO_CHANGE, // change service start type
  274. SERVICE_NO_CHANGE, // error control
  275. pszImagePath, // binary path
  276. NULL, // load order group
  277. NULL, // tag ID
  278. NULL, // dependencies
  279. NULL, // account name
  280. NULL, // password
  281. NULL) ) // display name
  282. {
  283. hr = HRESULT_FROM_WIN32( GetLastError() );
  284. goto Finished;
  285. }
  287. UnlockServiceDatabase( scLock );
  288. scLock = NULL;
  290. }
  293. hr = S_OK;
  295. Finished:
  297. if ( pServiceConfig != NULL )
  298. {
  299. delete [] pServiceConfig;
  300. pServiceConfig = NULL;
  301. }
  303. if ( scLock != NULL )
  304. {
  305. UnlockServiceDatabase( scLock );
  306. scLock = NULL;
  307. }
  309. if ( schHTTPFilterService != NULL )
  310. {
  311. DBG_REQUIRE( CloseServiceHandle( schHTTPFilterService ) );
  312. schHTTPFilterService = NULL;
  313. }
  315. if ( schSCManager != NULL )
  316. {
  317. DBG_REQUIRE( CloseServiceHandle( schSCManager ) );
  318. schSCManager = NULL;
  319. }
  321. return hr;
  323. }
  325. //static
  326. HRESULT
  327. W3SSL_CONFIG::AdjustHTTPFilterImagePath(
  328. VOID
  329. )
  330. /*++
  332. Routine Description:
  334. Based on the metabase valuse
  335. configure image path of the service to point either
  336. lsass.exe or inetinfo.exe based on the IIS Application
  337. Mode
  339. Arguments:
  341. none
  343. Return Value:
  345. HRESULT
  347. --*/
  348. {
  350. HRESULT hr = E_FAIL;
  351. METADATA_RECORD mdrData;
  352. DWORD dwRequiredDataLen = 0;
  353. METADATA_HANDLE mhOpenHandle = 0;
  354. IMDCOM * pcCom = NULL;
  355. DWORD dwStandardModeEnabled = 1;
  357. DWORD dwType;
  358. DWORD nBytes;
  359. DWORD dwValue;
  360. DWORD dwErr;
  361. BOOL fStartInSvchost = FALSE;
  362. HKEY hKeyParam;
  365. //
  366. // read registry to find out if preferred location for HTTPFilter is svchost
  367. //
  369. if ( RegOpenKeyExW( HKEY_LOCAL_MACHINE,
  370. HTTPFILTER_PARAMETERS_KEY,
  371. 0,
  372. KEY_READ,
  373. &hKeyParam ) == NO_ERROR )
  374. {
  375. nBytes = sizeof( dwValue );
  376. dwErr = RegQueryValueExW( hKeyParam,
  377. L"StartInSvchost",
  378. NULL,
  379. &dwType,
  380. ( LPBYTE )&dwValue,
  381. &nBytes
  382. );
  384. if ( ( dwErr == ERROR_SUCCESS ) && ( dwType == REG_DWORD ) )
  385. {
  386. fStartInSvchost = !!dwValue;
  387. }
  389. RegCloseKey( hKeyParam );
  390. }
  394. hr = CoCreateInstance( CLSID_MDCOM,
  395. NULL,
  396. CLSCTX_SERVER,
  397. IID_IMDCOM,
  398. (void**) &pcCom);
  400. if ( FAILED( hr ) )
  401. {
  402. goto Finished;
  403. }
  405. hr = pcCom->ComMDOpenMetaObject( METADATA_MASTER_ROOT_HANDLE,
  406. L"/lm/w3svc",
  407. METADATA_PERMISSION_READ,
  408. OPEN_TIMEOUT_VALUE,
  409. &mhOpenHandle );
  410. if ( FAILED( hr ) )
  411. {
  412. goto Finished;
  413. }
  414. else
  415. {
  416. MD_SET_DATA_RECORD_EXT( &mdrData,
  417. MD_GLOBAL_STANDARD_APP_MODE_ENABLED ,
  418. METADATA_NO_ATTRIBUTES,
  419. ALL_METADATA,
  420. DWORD_METADATA,
  421. sizeof( dwStandardModeEnabled ),
  422. (PBYTE) &dwStandardModeEnabled );
  424. hr = pcCom->ComMDGetMetaData( mhOpenHandle,
  425. NULL,
  426. &mdrData,
  427. &dwRequiredDataLen );
  429. if ( hr == MD_ERROR_DATA_NOT_FOUND )
  430. {
  431. //
  432. // Standard mode is enabled by default
  433. //
  434. dwStandardModeEnabled = 1;
  435. }
  436. else if ( FAILED ( hr ) )
  437. {
  438. //
  439. // Error different from not found
  440. // In this case simply bail out
  441. //
  442. goto Finished;
  443. }
  444. }
  446. //
  447. // Cleanup metabase object
  448. //
  449. pcCom->ComMDCloseMetaObject( mhOpenHandle );
  450. mhOpenHandle = 0;
  452. pcCom->Release();
  453. pcCom = NULL;
  455. hr = SetHTTPFilterImagePath( (BOOL) !!dwStandardModeEnabled, fStartInSvchost );
  456. if ( FAILED( hr ) )
  457. {
  458. goto Finished;
  459. }
  461. hr = S_OK;
  463. Finished:
  465. if ( mhOpenHandle != 0 )
  466. {
  467. pcCom->ComMDCloseMetaObject( mhOpenHandle );
  468. mhOpenHandle = 0;
  469. }
  472. if ( pcCom != NULL )
  473. {
  474. pcCom->Release();
  475. pcCom = NULL;
  476. }
  479. return hr;
  480. }
  482. //static
  483. HRESULT
  484. W3SSL_CONFIG::StartAsyncAdjustHTTPFilterImagePath(
  485. VOID
  486. )
  487. /*++
  489. Routine Description:
  491. Configure image path of the service to point either
  492. lsass.exe or inetinfo.exe based on the IIS Application
  493. Mode.
  494. The action is executed on separate thread
  496. Terminate() must be called to assure proper cleanup
  498. Arguments:
  500. none
  502. Return Value:
  504. HRESULT
  506. --*/
  507. {
  509. s_hConfigChangeThread =
  510. ::CreateThread(
  511. NULL, // default security descriptor
  512. 0, // default process stack size
  513. W3SSL_CONFIG::ConfigChangeThread,
  514. NULL, // thread argument - pointer to this class
  515. 0, // create running
  516. NULL // don't care for thread identifier
  517. );
  519. if ( s_hConfigChangeThread == NULL )
  520. {
  521. return HRESULT_FROM_WIN32( GetLastError() );
  522. }
  524. return S_OK;
  525. }
  527. HRESULT
  528. ExpandImagePath(
  529. const WCHAR * pszPath,
  530. WCHAR ** ppszExpandedPath
  531. )
  532. {
  533. DBG_ASSERT( *ppszExpandedPath == NULL );
  534. DWORD dwLen = ExpandEnvironmentStringsW( pszPath, NULL, 0 );
  535. * ppszExpandedPath = new WCHAR [dwLen];
  536. if ( * ppszExpandedPath == NULL )
  537. {
  538. return HRESULT_FROM_WIN32( ERROR_OUTOFMEMORY );
  539. }
  541. (* ppszExpandedPath)[0] = '\0';
  543. DWORD dwLen2 = ExpandEnvironmentStringsW( pszPath,
  544. *ppszExpandedPath,
  545. dwLen );
  546. if ( dwLen2 != dwLen )
  547. {
  548. return HRESULT_FROM_WIN32( ERROR_INVALID_PARAMETER );
  549. }
  550. return S_OK;
  551. }
  553. //static
  554. HRESULT
  555. W3SSL_CONFIG::Initialize(
  556. VOID
  557. )
  558. /*++
  560. Routine Description:
  562. Initialization
  564. Arguments:
  566. none
  568. Return Value:
  570. VOID
  572. --*/
  573. {
  574. HRESULT hr = E_FAIL;
  576. //
  577. // Expand image path because QueryServiceConfig
  578. // already returns expanded ImagePath and
  579. // Image Paths will be compared few times
  580. //
  582. hr = ExpandImagePath( HTTPFILTER_SERVICE_IMAGEPATH_INETINFO,
  583. &s_pszImagePathInetinfo );
  584. if ( FAILED( hr ) )
  585. {
  586. goto Failed;
  587. }
  588. hr = ExpandImagePath( HTTPFILTER_SERVICE_IMAGEPATH_LSASS,
  589. &s_pszImagePathLsass );
  590. if ( FAILED( hr ) )
  591. {
  592. goto Failed;
  593. }
  594. hr = ExpandImagePath( HTTPFILTER_SERVICE_IMAGEPATH_SVCHOST,
  595. &s_pszImagePathSvchost );
  596. if ( FAILED( hr ) )
  597. {
  598. goto Failed;
  599. }
  601. return S_OK;
  603. Failed:
  604. Terminate();
  605. return hr;
  606. }
  609. //static
  610. VOID
  611. W3SSL_CONFIG::Terminate(
  612. VOID
  613. )
  614. /*++
  616. Routine Description:
  618. Quits the asynchronous change of HTTPFILTER image path (if any)
  619. and/or does final cleanup
  621. Arguments:
  623. none
  625. Return Value:
  627. VOID
  629. --*/
  630. {
  631. s_fConfigTerminationRequested = TRUE;
  633. if ( s_hConfigChangeThread != NULL )
  634. {
  635. DWORD dwRet = WaitForSingleObject( s_hConfigChangeThread,
  636. INFINITE );
  637. DBG_ASSERT( dwRet == WAIT_OBJECT_0 );
  639. // IVANPASH dwRet is used only in debug builds, so on /W4 there is
  640. // a warning, which is cheated by the next otherwise useless line.
  641. (VOID)dwRet;
  643. CloseHandle( s_hConfigChangeThread );
  644. s_hConfigChangeThread = NULL;
  645. }
  647. if ( s_pszImagePathInetinfo != NULL )
  648. {
  649. delete s_pszImagePathInetinfo;
  650. s_pszImagePathInetinfo = NULL;
  651. }
  653. if ( s_pszImagePathSvchost != NULL )
  654. {
  655. delete s_pszImagePathSvchost;
  656. s_pszImagePathSvchost = NULL;
  657. }
  658. if ( s_pszImagePathLsass != NULL )
  659. {
  660. delete s_pszImagePathLsass;
  661. s_pszImagePathLsass = NULL;
  662. }
  664. }
  667. //static
  668. DWORD
  669. W3SSL_CONFIG::ConfigChangeThread(
  670. LPVOID
  671. )
  672. /*++
  674. Routine Description:
  676. Worker thread function used to perform image path change asynchronously
  678. Arguments:
  680. none
  682. Return Value:
  684. VOID
  686. --*/
  688. {
  689. AdjustHTTPFilterImagePath();
  690. return ERROR_SUCCESS;
  691. }