|
|
// PMSPservice.cpp
#include "NTServApp.h"
#include "PMSPservice.h"
#include "svchost.h"
#define BUFSIZE 256
#define PIPE_TIMEOUT 2000
#define NUM_BYTES_PER_READ_REQUEST (sizeof(MEDIA_SERIAL_NUMBER_DATA))
#define INACTIVE_TIMEOUT_SHUTDOWN (5*60*1000) // in millisec -- 5 minutes
#include "serialid.h"
#include "aclapi.h"
#include <crtdbg.h>
LPTSTR g_lpszPipename = "\\\\.\\pipe\\WMDMPMSPpipe";
// static member variables
const DWORD CPMSPService::m_dwMaxConsecutiveConnectErrors = 5;
static DWORD CheckDriveType(HANDLE hPipe, LPCWSTR pwszDrive){ // On XP, as a result of the impersonation, we use the
// client's drive letter namespace for the GetDriveType call.
// When we CreateFile the drive letter, we use the LocalSystem
// drive namespace.
if (ImpersonateNamedPipeClient(hPipe) == 0) { return GetLastError(); }
DWORD dwDriveType = GetDriveTypeW(pwszDrive);
RevertToSelf();
if (dwDriveType != DRIVE_FIXED && dwDriveType != DRIVE_REMOVABLE) { return ERROR_INVALID_PARAMETER; } return ERROR_SUCCESS; }
static VOID GetAnswerToRequest(HANDLE hPipe, LPBYTE szBufIn, DWORD dwSizeIn, LPBYTE szBufOut, DWORD dwBufSizeOut, LPDWORD pdwNumBytesWritten){ WCHAR wcsDeviceName[]=L"A:\\"; WMDMID stMSN; DWORD dwDriveNum; HRESULT hr=E_FAIL; PMEDIA_SERIAL_NUMBER_DATA pMSNIn = (PMEDIA_SERIAL_NUMBER_DATA)szBufIn; PMEDIA_SERIAL_NUMBER_DATA pMSNOut = (PMEDIA_SERIAL_NUMBER_DATA)szBufOut;
if (!hPipe || !szBufIn || !szBufOut || !pdwNumBytesWritten || dwBufSizeOut < sizeof(MEDIA_SERIAL_NUMBER_DATA)) { _ASSERTE(0); return; }
// For all errors, we send back (and write to the pipe) the
// entire MEDIA_SERIAL_NUMBER_DATA struct. On successful returns,
// the number of bytes written may be more or less than
// sizeof(MEDIA_SERIAL_NUMBER_DATA) depnding on the length of
// the serial number.
ZeroMemory(szBufOut, dwBufSizeOut); *pdwNumBytesWritten = sizeof(MEDIA_SERIAL_NUMBER_DATA); if (dwSizeIn >= NUM_BYTES_PER_READ_REQUEST) { dwDriveNum = pMSNIn->Reserved[1]; if (dwDriveNum < 26) { wcsDeviceName[0] = L'A' + (USHORT)dwDriveNum; CPMSPService::DebugMsg("Getting serial number for %c", 'A' + (USHORT) (wcsDeviceName[0] - 'A'));
DWORD dwErr = CheckDriveType(hPipe, wcsDeviceName); CPMSPService::DebugMsg("CheckDriveType returns %u", dwErr);
if (dwErr == ERROR_SUCCESS) { hr = UtilGetSerialNumber(wcsDeviceName, &stMSN, FALSE);
CPMSPService::DebugMsg("hr = %x\n", hr); CPMSPService::DebugMsg("serial = %c %c %c %c ...\n", stMSN.pID[0], stMSN.pID[1], stMSN.pID[2], stMSN.pID[3]);
if (hr == S_OK) { // Note that dwNumBytesToTransfer could actually be less than sizeof(MEDIA_SERIAL_NUMBER_DATA)
DWORD dwNumBytesToTransfer = FIELD_OFFSET(MEDIA_SERIAL_NUMBER_DATA, SerialNumberData) + stMSN.SerialNumberLength; if (dwNumBytesToTransfer > dwBufSizeOut) { pMSNOut->Result = ERROR_INSUFFICIENT_BUFFER; } else { CopyMemory(pMSNOut->SerialNumberData, stMSN.pID, stMSN.SerialNumberLength); *pdwNumBytesWritten = dwNumBytesToTransfer; pMSNOut->SerialNumberLength = stMSN.SerialNumberLength; pMSNOut->Reserved[1] = stMSN.dwVendorID; pMSNOut->Result = ERROR_SUCCESS; } } else { pMSNOut->Result = 0xFFFF & hr; } } else { pMSNOut->Result = dwErr; } } else { pMSNOut->Result = ERROR_INVALID_PARAMETER; } } else { // This should never happen because this function is called only after
// reading NUM_BYTES_PER_READ_REQUEST or more bytes.
_ASSERTE(m_PipeState[i].dwNumBytesRead >= NUM_BYTES_PER_READ_REQUEST); pMSNOut->Result = ERROR_INVALID_PARAMETER; }}
CPMSPService::CPMSPService(DWORD& dwLastError):CNTService(){ ZeroMemory(&m_PipeState, MAX_PIPE_INSTANCES * sizeof(PIPE_STATE));
m_hStopEvent = CreateEvent(NULL, TRUE, FALSE, NULL); // unsignalled manual reset event
m_dwNumClients = 0;
dwLastError = m_hStopEvent? ERROR_SUCCESS : GetLastError();}
CPMSPService::~CPMSPService(){ CPMSPService::DebugMsg("~CPMSPService, last error %u, num clients: %u", m_Status.dwWin32ExitCode, m_dwNumClients );
if (m_hStopEvent) { CloseHandle(m_hStopEvent); }
DWORD i; DWORD dwRet;
for (i = 0; i < MAX_PIPE_INSTANCES; i++) { if (m_PipeState[i].state == PIPE_STATE::CONNECT_PENDING || m_PipeState[i].state == PIPE_STATE::READ_PENDING || m_PipeState[i].state == PIPE_STATE::WRITE_PENDING) { BOOL bDisconnect = 0;
_ASSERTE(m_PipeState[i].hPipe); _ASSERTE(m_PipeState[i].overlapped.hEvent); CancelIo(m_PipeState[i].hPipe);
CPMSPService::DebugMsg("~CPMSPService client %u's state: %u", i, m_PipeState[i].state);
if (m_PipeState[i].state == PIPE_STATE::CONNECT_PENDING) { dwRet = WaitForSingleObject(m_PipeState[i].overlapped.hEvent, 0); _ASSERTE(dwRet != WAIT_FAILED); if (dwRet == WAIT_OBJECT_0) { bDisconnect = 1; } } else { bDisconnect = 1; _ASSERTE(m_dwNumClients > 0); m_dwNumClients--; }
// Note that we do not call FlushFileBuffers. That is
// a sync call and a malicious client can prevent us from
// progressing by not reading bytes from a pipe. That would
// prevent the service from stopping.
//
// In normal circumstances we disconnect the pipe only after
// the client tells us it is done (by closing its end of the
// pipe), so these is no need to flush.
if (bDisconnect) { DisconnectNamedPipe(m_PipeState[i].hPipe); } } if (m_PipeState[i].overlapped.hEvent) { CloseHandle(m_PipeState[i].overlapped.hEvent); } if (m_PipeState[i].hPipe) { CloseHandle(m_PipeState[i].hPipe); } } _ASSERTE(m_dwNumClients == 0);}
BOOL CPMSPService::OnInit(DWORD& dwLastError){ BOOL bRet = FALSE; PSID pAuthUserSID = NULL; PSID pAdminSID = NULL; PACL pACL = NULL; PSECURITY_DESCRIPTOR pSD = NULL;
__try { DWORD i; DWORD dwRet;
EXPLICIT_ACCESS ea[2]; // SID_IDENTIFIER_AUTHORITY SIDAuthWorld = SECURITY_WORLD_SID_AUTHORITY;
SID_IDENTIFIER_AUTHORITY SIDAuthNT = SECURITY_NT_AUTHORITY; SECURITY_ATTRIBUTES sa;
// Create a well-known SID for interactive users
if (!AllocateAndInitializeSid(&SIDAuthNT, 1, SECURITY_INTERACTIVE_RID, 0, 0, 0, 0, 0, 0, 0, &pAuthUserSID)) { dwLastError = GetLastError(); DebugMsg("AllocateAndInitializeSid Error %u - auth users\n", dwLastError); __leave; }
// Initialize an EXPLICIT_ACCESS structure for an ACE.
// The ACE will allow authenticated users read access to the key.
ZeroMemory(ea, 2 * sizeof(EXPLICIT_ACCESS));
// Was: ea[0].grfAccessPermissions = GENERIC_WRITE | GENERIC_READ;
// Disallow non admins from creating pipe instances. Don't know if
// GENERIC_WRITE enables that, but the replacement below is safer.
// Following leaves DELETE access turned on; what effect does this have for named pipes?
// ea[0].grfAccessPermissions = (FILE_ALL_ACCESS & ~(FILE_CREATE_PIPE_INSTANCE | WRITE_OWNER | WRITE_DAC));
// Following is same as above except that DELETE access is not given
ea[0].grfAccessPermissions = (FILE_GENERIC_READ | FILE_GENERIC_WRITE) & ~(FILE_CREATE_PIPE_INSTANCE); ea[0].grfAccessMode = SET_ACCESS; ea[0].grfInheritance= NO_INHERITANCE; ea[0].Trustee.TrusteeForm = TRUSTEE_IS_SID; ea[0].Trustee.TrusteeType = TRUSTEE_IS_WELL_KNOWN_GROUP; ea[0].Trustee.ptstrName = (LPTSTR) pAuthUserSID;
// Create a SID for the BUILTIN\Administrators group.
if (!AllocateAndInitializeSid(&SIDAuthNT, 2, // 3,
SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ADMINS, 0, // DOMAIN_ALIAS_RID_POWER_USERS,
0, 0, 0, 0, 0, &pAdminSID)) { dwLastError = GetLastError(); DebugMsg("AllocateAndInitializeSid Error %u - Domain, Power, Admins\n", dwLastError); __leave; }
// Initialize an EXPLICIT_ACCESS structure for an ACE.
// The ACE will allow the Administrators group full access to the key.
ea[1].grfAccessPermissions = GENERIC_ALL; ea[1].grfAccessMode = SET_ACCESS; ea[1].grfInheritance= NO_INHERITANCE; ea[1].Trustee.TrusteeForm = TRUSTEE_IS_SID; ea[1].Trustee.TrusteeType = TRUSTEE_IS_GROUP; ea[1].Trustee.ptstrName = (LPTSTR) pAdminSID;
// Create a new ACL that contains the new ACEs.
dwRet = SetEntriesInAcl(2, ea, NULL, &pACL); if (ERROR_SUCCESS != dwRet) { dwLastError = dwRet; DebugMsg("SetEntriesInAcl Error %u\n", dwLastError); __leave; }
// Initialize a security descriptor.
pSD = (PSECURITY_DESCRIPTOR) LocalAlloc(LPTR, SECURITY_DESCRIPTOR_MIN_LENGTH); if (pSD == NULL) { dwLastError = GetLastError(); DebugMsg("LocalAlloc Error %u\n", dwLastError); __leave; }
if (!InitializeSecurityDescriptor(pSD, SECURITY_DESCRIPTOR_REVISION)) { dwLastError = GetLastError(); DebugMsg("InitializeSecurityDescriptor Error %u\n", dwLastError); __leave; }
// Add the ACL to the security descriptor.
if (!SetSecurityDescriptorDacl(pSD, TRUE, // fDaclPresent flag
pACL, FALSE)) // not a default DACL
{ dwLastError = GetLastError(); DebugMsg("SetSecurityDescriptorDacl Error %u\n", dwLastError); __leave; } // Bump up the check point
SetStatus(SERVICE_START_PENDING);
// Initialize a security attributes structure.
sa.nLength = sizeof (SECURITY_ATTRIBUTES); sa.lpSecurityDescriptor = pSD; sa.bInheritHandle = FALSE;
for (i = 0; i < MAX_PIPE_INSTANCES; i++) { // Note that if i == 0, we supply FILE_FLAG_FIRST_PIPE_INSTANCE
// to this function. This causes the call to fail if an instance
// of the named pipe is already open. That can happen in 2
// cases: 1. Another instance of this dll is running or 2. We have
// a name clash with another app (benign or malicious).
// @@@@ Note: Apparently FILE_FLAG_FIRST_PIPE_INSTANCE is supported
// only with Win2K SP2 and up. To do: (a) Confirm this (b) What is
// the effect of setting this flag on Win2K gold and SP1?
m_PipeState[i].hPipe = CreateNamedPipe( g_lpszPipename, // pipe name
PIPE_ACCESS_DUPLEX | FILE_FLAG_OVERLAPPED | (i == 0? FILE_FLAG_FIRST_PIPE_INSTANCE : 0), // read/write access
PIPE_TYPE_BYTE | // byte type pipe
PIPE_READMODE_BYTE | // byte-read mode
PIPE_WAIT, // blocking mode
MAX_PIPE_INSTANCES, // max. instances
BUFSIZE, // output buffer size
BUFSIZE, // input buffer size
PIPE_TIMEOUT, // client time-out
&sa); // no security attribute
if (m_PipeState[i].hPipe == INVALID_HANDLE_VALUE) { // Note that we bail out if we fail to create ANY pipe instance,
// not just the first one. We expect to create all pipe instances;
// failure to do so could mean that another app (benign or malicious)
// is creating pipe instances. This is possible only if the other
// app has the FILE_CREATE_PIPE_INSTANCE access right.
dwLastError = GetLastError(); m_PipeState[i].hPipe = NULL; DebugMsg("CreateNamedPipe Error %u, instance = %u\n", dwLastError, i); __leave; }
m_PipeState[i].overlapped.hEvent = CreateEvent(NULL, TRUE, FALSE, NULL); // unsignalled manual reset event
if (m_PipeState[i].overlapped.hEvent == NULL) { dwLastError = GetLastError(); DebugMsg("CreateEvent Error %u, instance = %u\n", dwLastError, i); __leave; }
// Errors connecting ot the client are sdtashed away in
// m_PipeState[i].dwLastIOCallError. Let CPMSPService::Run
// deal with the error. We'll just continue to start up the
// service here.
ConnectToClient(i);
// Bump up the check point
SetStatus(SERVICE_START_PENDING); }
bRet = TRUE; dwLastError = ERROR_SUCCESS; CPMSPService::DebugMsg("OnInit succeeded"); } __finally { if (pAuthUserSID) { FreeSid(pAuthUserSID); } if (pAdminSID) { FreeSid(pAdminSID); } if (pACL) { LocalFree(pACL); } if (pSD) { LocalFree(pSD); } }
return bRet;}
// This routine initiates a connection to a client on pipe instance i.
// Success/error status is saved away in m_PipeState[i].dwLastIOCallError
void CPMSPService::ConnectToClient(DWORD i){ m_PipeState[i].state = PIPE_STATE::CONNECT_PENDING;
m_PipeState[i].overlapped.Offset = m_PipeState[i].overlapped.OffsetHigh = 0; m_PipeState[i].dwNumBytesTransferredByLastIOCall = 0; m_PipeState[i].dwNumBytesRead = 0; m_PipeState[i].dwNumBytesToWrite = m_PipeState[i].dwNumBytesWritten = 0; m_PipeState[i].dwLastIOCallError = 0;
DWORD dwRet = ConnectNamedPipe(m_PipeState[i].hPipe, &m_PipeState[i].overlapped); if (dwRet) { // The event should be signalled already, but just in case:
SetEvent(m_PipeState[i].overlapped.hEvent);
m_PipeState[i].dwLastIOCallError = ERROR_SUCCESS; } else { m_PipeState[i].dwLastIOCallError = GetLastError(); if (m_PipeState[i].dwLastIOCallError == ERROR_PIPE_CONNECTED) { // The event should be signalled already, but just in case:
SetEvent(m_PipeState[i].overlapped.hEvent); } else if (m_PipeState[i].dwLastIOCallError == ERROR_IO_PENDING) { // Do nothing
} else { // Set tbe event so that CPMSPService::Run deals with the error
// in the next iteration of its main loop
SetEvent(m_PipeState[i].overlapped.hEvent); } }}
// This routine initiates a read on pipe instance i.
// Success/error status is saved away in m_PipeState[i].dwLastIOCallError
void CPMSPService::Read(DWORD i){ DWORD dwRet;
m_PipeState[i].state = PIPE_STATE::READ_PENDING;
m_PipeState[i].overlapped.Offset = m_PipeState[i].overlapped.OffsetHigh = 0;
CPMSPService::DebugMsg("Read(): client %u has %u unprocessed bytes in read buffer", i, m_PipeState[i].dwNumBytesRead);
if (m_PipeState[i].dwNumBytesRead >= NUM_BYTES_PER_READ_REQUEST) { // We already have another complete request; process it.
dwRet = 1; m_PipeState[i].dwNumBytesTransferredByLastIOCall = 0; } else { dwRet = ReadFile(m_PipeState[i].hPipe, m_PipeState[i].readBuf + m_PipeState[i].dwNumBytesRead, sizeof(m_PipeState[i].readBuf)- m_PipeState[i].dwNumBytesRead, &m_PipeState[i].dwNumBytesTransferredByLastIOCall, &m_PipeState[i].overlapped); } if (dwRet) { // The event should be signalled already if we issued a ReadFile,
// but it won't be signalled in other cases
SetEvent(m_PipeState[i].overlapped.hEvent);
m_PipeState[i].dwLastIOCallError = ERROR_SUCCESS; } else { m_PipeState[i].dwLastIOCallError = GetLastError(); if (m_PipeState[i].dwLastIOCallError == ERROR_IO_PENDING) { // Do nothing
} else { // Set tbe event so that CPMSPService::Run deals with the error
// in the next iteration of its main loop. (Note that this may
// not be an error condition - e.g., it could be EOF)
SetEvent(m_PipeState[i].overlapped.hEvent); } }}
// This routine initiates a write on pipe instance i.
// Success/error status is saved away in m_PipeState[i].dwLastIOCallError
void CPMSPService::Write(DWORD i){ DWORD dwRet;
m_PipeState[i].state = PIPE_STATE::WRITE_PENDING;
m_PipeState[i].overlapped.Offset = m_PipeState[i].overlapped.OffsetHigh = 0;
dwRet = WriteFile(m_PipeState[i].hPipe, m_PipeState[i].writeBuf + m_PipeState[i].dwNumBytesWritten, m_PipeState[i].dwNumBytesToWrite - m_PipeState[i].dwNumBytesWritten, &m_PipeState[i].dwNumBytesTransferredByLastIOCall, &m_PipeState[i].overlapped); if (dwRet) { // The event should be signalled already, but just in case:
SetEvent(m_PipeState[i].overlapped.hEvent);
m_PipeState[i].dwLastIOCallError = ERROR_SUCCESS; } else { m_PipeState[i].dwLastIOCallError = GetLastError(); if (m_PipeState[i].dwLastIOCallError == ERROR_IO_PENDING) { // Do nothing
} else { // Set tbe event so that CPMSPService::Run deals with the error
// in the next iteration of its main loop. (Note that this may
// not be an error condition - e.g., it could be EOF)
SetEvent(m_PipeState[i].overlapped.hEvent); } }}
void CPMSPService::Run(){ DWORD i; DWORD dwRet; HANDLE hWaitArray[MAX_PIPE_INSTANCES+1];
SetStatus(SERVICE_RUNNING);
hWaitArray[0] = m_hStopEvent; for (i = 0; i < MAX_PIPE_INSTANCES; i++) { hWaitArray[i+1] = m_PipeState[i].overlapped.hEvent; }
do { DWORD dwTimeout = (m_dwNumClients == 0)? INACTIVE_TIMEOUT_SHUTDOWN : INFINITE; dwRet = WaitForMultipleObjects( sizeof(hWaitArray)/sizeof(hWaitArray[0]), hWaitArray, FALSE, // wait for any one to be signalled
dwTimeout);
if (dwRet == WAIT_FAILED) { m_Status.dwWin32ExitCode = GetLastError(); CPMSPService::DebugMsg("Wait failed, last error %u", m_Status.dwWin32ExitCode ); break; } if (dwRet == WAIT_OBJECT_0) { // Service has been stopped
CPMSPService::DebugMsg("Service stopped"); break; } if (dwRet == WAIT_TIMEOUT) { _ASSERTE(m_dwNumClients == 0); CPMSPService::DebugMsg("Service timed out - stopping"); OnStop(); continue; } _ASSERTE(dwRet >= WAIT_OBJECT_0 + 1);
i = dwRet - WAIT_OBJECT_0 - 1;
_ASSERTE(i < MAX_PIPE_INSTANCES);
CPMSPService::DebugMsg("Service woken up by client %u in state %u", i, m_PipeState[i].state);
// Although it's likely that all Win32 I/O calls do this at the
// start of an I/O, we need to do this anyway. Our destructor
// uses the state of this event to determine whether to disconnect
// the pipe.
ResetEvent(m_PipeState[i].overlapped.hEvent);
_ASSERTE(m_PipeState[i].state != PIPE_STATE::NO_IO_PENDING);
if (m_PipeState[i].dwLastIOCallError == ERROR_IO_PENDING) { if (!GetOverlappedResult(m_PipeState[i].hPipe, &m_PipeState[i].overlapped, &m_PipeState[i].dwNumBytesTransferredByLastIOCall, FALSE)) { m_PipeState[i].dwLastIOCallError = GetLastError();
// The following assertion should not fail because our event was
// signaled.
_ASSERTE(m_PipeState[i].dwLastIOCallError != ERROR_IO_INCOMPLETE); } else { m_PipeState[i].dwLastIOCallError = ERROR_SUCCESS; } }
switch (m_PipeState[i].state) { case PIPE_STATE::NO_IO_PENDING: // This should not happen.
// We have asserted m_PipeState[i].state != NO_IO_PENDING above.
break;
case PIPE_STATE::CONNECT_PENDING: if (m_PipeState[i].dwLastIOCallError == ERROR_SUCCESS || m_PipeState[i].dwLastIOCallError == ERROR_PIPE_CONNECTED) { // A client has connected; issue a read
m_dwNumClients++; CPMSPService::DebugMsg("Client %u connected, num clients is now: %u", i, m_dwNumClients); Read(i);
// Reset error counter
m_PipeState[i].dwConsecutiveConnectErrors = 0; } else { CPMSPService::DebugMsg("Client %u connect failed, error %u, # consecutive errors %u", i, m_PipeState[i].dwLastIOCallError, m_PipeState[i].dwConsecutiveConnectErrors+1); if (++m_PipeState[i].dwConsecutiveConnectErrors == m_dwMaxConsecutiveConnectErrors) { // We are done with this instance of the pipe, don't
// attempt to connect any more
// @@@@ We should break out of the loop and stop the service if all pipe instances
// are hosed?
m_PipeState[i].state = PIPE_STATE::NO_IO_PENDING; } else { // Connect to next client
ConnectToClient(i); } } break;
case PIPE_STATE::READ_PENDING: if (m_PipeState[i].dwLastIOCallError == ERROR_SUCCESS) { // We read something. We may have read only a part of
// a request or more than one request (if the client wrote
// two requests to pipe before our read completed).
//
// We have assumed that a request always has NUM_BYTES_PER_READ_REQUEST
// bytes. Otherwise, we can't handle cases where the client writes
// two requests at once (before our read completes) or writes part of
// requests or writes the whole request but ReadFile returns with some
// of the bytes that the client wrote (this is unlikely to happen in
// practice).
m_PipeState[i].dwNumBytesRead += m_PipeState[i].dwNumBytesTransferredByLastIOCall;
CPMSPService::DebugMsg("Client %u read %u bytes; total bytes read: %u", i, m_PipeState[i].dwNumBytesTransferredByLastIOCall, m_PipeState[i].dwNumBytesRead);
if (m_PipeState[i].dwNumBytesRead >= NUM_BYTES_PER_READ_REQUEST) { GetAnswerToRequest(m_PipeState[i].hPipe, m_PipeState[i].readBuf, m_PipeState[i].dwNumBytesRead, m_PipeState[i].writeBuf, sizeof(m_PipeState[i].writeBuf), &m_PipeState[i].dwNumBytesToWrite); // Remove the read request that has been processed from the read buffer
m_PipeState[i].dwNumBytesRead -= NUM_BYTES_PER_READ_REQUEST; MoveMemory(m_PipeState[i].readBuf, m_PipeState[i].readBuf + NUM_BYTES_PER_READ_REQUEST, m_PipeState[i].dwNumBytesRead);
// Write response to the request that was just processed
Write(i); } else { Read(i); } } else { // If (m_PipeState[i].dwLastIOCallError == ERROR_HANDLE_EOF),
// the reader's done and gone. So we can connect to another
// client. For all other errors, we bail out on the client,
// and connect to another client. Note that we do not call
// FlushFileBuffers here. When the client's gone (we read EOF),
// this is not necessary. In other cases, the client may lose
// the response to its last request - too bad. In any case the
// client has to be able to handle the server's abrupt disconnect.
//
// Calling FlushFileBuffers opens us up to DOS attacks (and could
// prevent the service from stopping) because the call is synchronous
// and does not return till the client has read the stuff we wrote to
// the pipe.
CPMSPService::DebugMsg("Client %u read failed, error %u, num clients left: %u", i, m_PipeState[i].dwLastIOCallError, m_dwNumClients-1); DisconnectNamedPipe(m_PipeState[i].hPipe); m_dwNumClients--;
// Connect to another client
ConnectToClient(i); } break;
case PIPE_STATE::WRITE_PENDING: if (m_PipeState[i].dwLastIOCallError == ERROR_SUCCESS) { m_PipeState[i].dwNumBytesWritten += m_PipeState[i].dwNumBytesTransferredByLastIOCall;
_ASSERTE(m_PipeState[i].dwNumBytesWritten <= m_PipeState[i].dwNumBytesToWrite);
CPMSPService::DebugMsg("Wrote %u of %u bytes to client %u", m_PipeState[i].dwNumBytesWritten, m_PipeState[i].dwNumBytesToWrite, i); // >= is only a safety net. == should suffice in view of the assert above.
if (m_PipeState[i].dwNumBytesWritten >= m_PipeState[i].dwNumBytesToWrite) { // We are done with this request, read the next one
m_PipeState[i].dwNumBytesWritten = m_PipeState[i].dwNumBytesToWrite = 0; Read(i); } else { // We wrote only a part of what we were asked to write. Write the rest.
// This is very unlikely to happen since our buffers are small.
Write(i); } } else { // For all errors, we bail out on the client,
// and connect to another client. Note that we do not call
// FlushFileBuffers here. The client may lose
// the response to its last request - too bad. In any case the
// client has to be able to handle the server's abrupt disconnect.
//
// Calling FlushFileBuffers opens us up to DOS attacks (and could
// prevent the service from stopping) because the call is synchronous
// and does not return till the client has read the stuff we wrote to
// the pipe.
CPMSPService::DebugMsg("Client %u write failed, error %u, num clients left: %u", i, m_PipeState[i].dwLastIOCallError, m_dwNumClients-1); m_PipeState[i].dwNumBytesWritten = m_PipeState[i].dwNumBytesToWrite = 0; DisconnectNamedPipe(m_PipeState[i].hPipe); m_dwNumClients--;
// Connect to another client
ConnectToClient(i); } break;
} // switch m_PipeState[i].state)
} while (1);
return;}
// Process user control requests
BOOL CPMSPService::OnUserControl(DWORD dwOpcode){ // switch (dwOpcode)
// {
// case SERVICE_CONTROL_USER + 0:
// // Save the current status in the registry
// SaveStatus();
// return TRUE;
// default:
// break;
// }
return FALSE; // say not handled
}
void CPMSPService::OnStop(){ SetStatus(SERVICE_STOP_PENDING); if (m_hStopEvent) { SetEvent(m_hStopEvent); } else { _ASSERTE(m_hStopEvent); }}
void CPMSPService::OnShutdown(){ OnStop();}
|
