archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2 Commits
1 Branch
0 Tags
1.5 GiB
Tree: 7b07a90fc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '7b07a90fc1'
${ noResults }
windows-server-2003/printscan/wia/core/server/rpcsvr.cpp

428 lines
11 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. /*++
  3. Copyright (c) 1997 Microsoft Corporation
  5. Module Name:
  7. rpcsvr.c
  9. Abstract:
  11. This file contains routines for starting and stopping RPC servers.
  13. StartRpcServerListen
  14. StopRpcServerListen
  16. Author:
  18. Vlad Sadovsky (vlads) 10-Jan-1997
  21. Environment:
  23. User Mode - Win32
  25. Revision History:
  27. 26-Jan-1997 VladS created
  29. --*/
  31. #include "precomp.h"
  33. //#define NOMINMAX
  35. #include "stiexe.h"
  37. #include <apiutil.h>
  38. #include <stirpc.h>
  40. #ifndef stirpc_ServerIfHandle
  41. #define stirpc_ServerIfHandle stirpc_v2_0_s_ifspec
  42. #endif
  44. HANDLE g_hWiaServiceStarted = NULL;
  46. RPC_STATUS RPC_ENTRY StiRpcSecurityCallBack(
  47. RPC_IF_HANDLE hIF,
  48. void *Context)
  49. {
  50. RPC_STATUS rpcStatus = RPC_S_ACCESS_DENIED;
  51. WCHAR *pBinding = NULL;
  52. WCHAR *pProtSeq = NULL;
  54. RPC_AUTHZ_HANDLE hPrivs;
  55. DWORD dwAuthenticationLevel;
  57. rpcStatus = RpcBindingInqAuthClient(Context,
  58. &hPrivs,
  59. NULL,
  60. &dwAuthenticationLevel,
  61. NULL,
  62. NULL);
  63. if (rpcStatus != RPC_S_OK)
  64. {
  65. DBG_ERR(("STI Security: Error calling RpcBindingInqAuthClient"));
  66. goto CleanUp;
  67. }
  69. //
  70. // We require at least packet-level authentication with integrity checking
  71. //
  72. if (dwAuthenticationLevel < RPC_C_AUTHN_LEVEL_PKT_INTEGRITY)
  73. {
  74. DBG_ERR(("STI Security: Error, client attempting to use weak authentication."));
  75. rpcStatus = RPC_S_ACCESS_DENIED;
  76. goto CleanUp;
  77. }
  79. //
  80. // Also, we only accept LRPC requests i.e. we only process requests from this machine,
  81. // and we disallow any remote calls to us.
  82. //
  83. rpcStatus = RpcBindingToStringBindingW(Context, &pBinding);
  84. if (rpcStatus == RPC_S_OK)
  85. {
  86. rpcStatus = RpcStringBindingParseW(pBinding,
  87. NULL,
  88. &pProtSeq,
  89. NULL,
  90. NULL,
  91. NULL);
  92. if (rpcStatus == RPC_S_OK)
  93. {
  94. if (lstrcmpiW(pProtSeq, L"ncalrpc") == 0)
  95. {
  96. DBG_TRC(("STI Security: We have a local client"));
  97. rpcStatus = RPC_S_OK;
  98. }
  99. else
  100. {
  101. DBG_ERR(("STI Security: Error, remote client attempting to connect to STI RPC server"));
  102. rpcStatus = RPC_S_ACCESS_DENIED;
  103. }
  104. }
  105. else
  106. {
  107. DBG_ERR(("STI Security: Error 0x%08X calling RpcStringBindingParse", rpcStatus));
  108. goto CleanUp;
  109. }
  110. }
  111. else
  112. {
  113. DBG_ERR(("STI Security: Error 0x%08X calling RpcBindingToStringBinding", rpcStatus));
  114. goto CleanUp;
  115. }
  118. CleanUp:
  120. if (pBinding)
  121. {
  122. RpcStringFree(&pBinding);
  123. pBinding = NULL;
  125. }
  126. if (pProtSeq)
  127. {
  128. RpcStringFree(&pProtSeq);
  129. pProtSeq = NULL;
  130. }
  131. return rpcStatus;
  132. }
  135. RPC_STATUS
  136. PrepareStiAcl(
  137. ACL **ppAcl)
  138. /*++
  140. Routine Description:
  142. This function prepares appropriate ACL for our RPC endpoint
  144. Arguments:
  145. ppAcl - points to ACL pointer we allocate and fill in.
  147. The ACL is allocated from the process heap and stays allocated for the
  148. lifetime of the process
  151. Return Value:
  153. NOERROR, or any GetLastError() codes.
  155. --*/
  156. {
  157. RPC_STATUS RpcStatus = NOERROR;
  158. SID_IDENTIFIER_AUTHORITY NtAuthority = SECURITY_NT_AUTHORITY;
  159. PSID AuthenticatedUsers = NULL;
  160. PSID BuiltinAdministrators = NULL;
  161. ULONG AclSize;
  163. if(!AllocateAndInitializeSid(&NtAuthority,
  164. 2,
  165. SECURITY_BUILTIN_DOMAIN_RID,
  166. DOMAIN_ALIAS_RID_ADMINS,
  167. 0,0,0,0,0,0,
  168. &BuiltinAdministrators))
  169. {
  170. RpcStatus = GetLastError();
  171. DBG_ERR(("PrepareStiAcl: failed to allocate SID for BuiltinAdministrators, RpcStatus = %d",
  172. RpcStatus));
  173. goto Cleanup;
  174. }
  176. if(!AllocateAndInitializeSid(&NtAuthority,
  177. 1,
  178. SECURITY_AUTHENTICATED_USER_RID,
  179. 0,0,0,0,0,0, 0,
  180. &AuthenticatedUsers))
  181. {
  182. RpcStatus = GetLastError();
  183. DBG_ERR(("PrepareStiAcl: failed to allocate SID for AuthenticatedUsers, RpcStatus = %d",
  184. RpcStatus));
  185. goto Cleanup;
  186. }
  188. AclSize = sizeof(ACL) +
  189. 2 * (sizeof(ACCESS_ALLOWED_ACE) - sizeof(ULONG)) +
  190. GetLengthSid(AuthenticatedUsers) +
  191. GetLengthSid(BuiltinAdministrators);
  193. *ppAcl = (ACL *)HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, AclSize);
  194. if(*ppAcl == NULL)
  195. {
  196. RpcStatus = GetLastError();
  197. DBG_ERR(("PrepareStiAcl: failed to allocate ACL (LastError = %d)",
  198. RpcStatus));
  199. goto Cleanup;
  200. }
  202. if(!InitializeAcl(*ppAcl, AclSize, ACL_REVISION))
  203. {
  204. RpcStatus = GetLastError();
  205. DBG_ERR(("PrepareStiAcl: failed to initialize ACL (LastError = %d)",
  206. RpcStatus));
  207. goto Cleanup;
  208. }
  210. if(!AddAccessAllowedAce(*ppAcl, ACL_REVISION,
  211. SYNCHRONIZE | GENERIC_READ | GENERIC_WRITE,
  212. AuthenticatedUsers))
  213. {
  214. RpcStatus = GetLastError();
  215. DBG_ERR(("PrepareStiAcl: failed to allow AuthenticatedUsers (LastError = %d)",
  216. RpcStatus));
  217. goto Cleanup;
  218. }
  220. if(!AddAccessAllowedAce(*ppAcl, ACL_REVISION,
  221. GENERIC_ALL,
  222. BuiltinAdministrators))
  223. {
  224. RpcStatus = GetLastError();
  225. DBG_ERR(("PrepareStiAcl: failed to allow BuiltinAdministrators (LastError = %d)",
  226. RpcStatus));
  227. goto Cleanup;
  228. }
  230. Cleanup:
  231. if(RpcStatus != NOERROR)
  232. {
  233. if(AuthenticatedUsers)
  234. {
  235. FreeSid(AuthenticatedUsers);
  236. }
  238. if(BuiltinAdministrators)
  239. {
  240. FreeSid(BuiltinAdministrators);
  241. }
  243. if(*ppAcl)
  244. {
  245. HeapFree(GetProcessHeap(), 0, *ppAcl);
  246. *ppAcl = NULL;
  247. }
  248. }
  250. return RpcStatus;
  251. }
  254. RPC_STATUS
  255. StartRpcServerListen(
  256. VOID)
  257. /*++
  259. Routine Description:
  261. This function starts RpcServerListen for this process.
  263. RPC server only binds to LRPC transport , if STI becomes remotable
  264. it will need to bind to named pipe and/or tcp/ip ( or netbios) transports
  266. Shouldn't happen though, since WIA will be the remotable part, while STI will
  267. be local to the machine.
  269. Arguments:
  273. Return Value:
  275. NERR_Success, or any RPC error codes that can be returned from
  276. RpcServerUnregisterIf.
  278. --*/
  279. {
  281. DBG_FN(StartRpcServerListen);
  283. RPC_STATUS RpcStatus;
  285. SECURITY_DESCRIPTOR SecurityDescriptor;
  286. ACL *pAcl = NULL;
  289. // prepare our ACL
  290. RpcStatus = PrepareStiAcl(&pAcl);
  291. if(pAcl == NULL) {
  292. DBG_ERR(("StartRpcServerListen: PrepareStiAcl() returned RpcStatus=0x%X", RpcStatus));
  293. return RpcStatus;
  294. }
  296. // Give access to everybody
  297. InitializeSecurityDescriptor(&SecurityDescriptor, SECURITY_DESCRIPTOR_REVISION);
  298. SetSecurityDescriptorDacl(&SecurityDescriptor, TRUE, pAcl, FALSE);
  300. //
  301. // For now, ignore the second argument.
  302. //
  304. RpcStatus = RpcServerUseProtseqEp((RPC_STRING)STI_LRPC_SEQ,
  305. STI_LRPC_MAX_REQS,
  306. (RPC_STRING)STI_LRPC_ENDPOINT,
  307. &SecurityDescriptor);
  309. if ( NOERROR != RpcStatus) {
  310. DBG_ERR(("StartRpcServerListen: RpcServerUseProtseqEp returned RpcStatus=0x%X",RpcStatus));
  311. return RpcStatus;
  312. }
  314. //
  315. // Add interface by using implicit handle, generated by MIDL
  316. //
  317. RpcStatus = RpcServerRegisterIfEx(stirpc_ServerIfHandle, //RpcInterface
  318. 0, //MgrUuid
  319. 0, //MgrEpv
  320. RPC_IF_ALLOW_SECURE_ONLY,
  321. RPC_C_LISTEN_MAX_CALLS_DEFAULT,
  322. StiRpcSecurityCallBack);
  324. if ( NOERROR != RpcStatus) {
  325. DBG_ERR(("StartRpcServerListen: RpcServerRegisterIf returned RpcStatus=0x%X",RpcStatus));
  326. return RpcStatus;
  327. }
  329. //
  330. // Now initiate servicing
  331. //
  332. RpcStatus = RpcServerListen(STI_LRPC_THREADS, // Minimum # of listen threads
  333. STI_LRPC_MAX_REQS, // Concurrency
  334. TRUE); // Immediate return
  336. if ( NOERROR != RpcStatus) {
  337. DBG_ERR(("StartRpcServerListen: RpcServerListen returned RpcStatus=0x%X",RpcStatus));
  338. return RpcStatus;
  339. }
  341. //
  342. //
  343. //
  344. SECURITY_ATTRIBUTES sa = { sizeof(sa), FALSE, NULL };
  346. // allocate appropriate security attributes for the named event we
  347. // use to learn about WIA service startup
  348. if(!ConvertStringSecurityDescriptorToSecurityDescriptor(TEXT("D:(A;;0x1f0003;;;SY)(A;;0x1f0003;;;LS)(A;;0x1f0003;;;LA)"),
  349. SDDL_REVISION_1, &(sa.lpSecurityDescriptor), NULL))
  350. {
  351. DBG_ERR(("StartRpcServerListen failed to produce event security descriptor (Error %d)", GetLastError()));
  352. return GetLastError();
  353. }
  355. g_hWiaServiceStarted = CreateEvent(&sa, FALSE, FALSE, TEXT("Global\\WiaServiceStarted"));
  356. if(!g_hWiaServiceStarted) {
  357. DBG_ERR(("StartRpcServerListen failed to produce event security descriptor (Error %d)", GetLastError()));
  358. if(sa.lpSecurityDescriptor) LocalFree(sa.lpSecurityDescriptor);
  359. return GetLastError();
  360. }
  362. if(!SetEvent(g_hWiaServiceStarted)) {
  363. DBG_ERR(("StartRpcServerListen failed to set event (Error %d)", GetLastError()));
  364. }
  366. return (RpcStatus);
  367. }
  370. RPC_STATUS
  371. StopRpcServerListen(
  372. VOID
  373. )
  375. /*++
  377. Routine Description:
  379. Deletes the interface.
  381. Arguments:
  384. Return Value:
  386. RPC_S_OK or any RPC error codes that can be returned from
  387. RpcServerUnregisterIf.
  389. --*/
  390. {
  391. RPC_STATUS RpcStatus;
  393. EnterCriticalSection(&g_RpcEvent.cs);
  395. if(g_RpcEvent.pAsync) {
  396. RPC_STATUS status;
  398. status = RpcAsyncAbortCall(g_RpcEvent.pAsync, RPC_S_CALL_CANCELLED);
  399. if(status) {
  400. DBG_ERR(("RpcAsyncAbortCall failed with error 0x%x", status));
  401. }
  402. g_RpcEvent.pAsync = NULL;
  403. }
  405. LeaveCriticalSection(&g_RpcEvent.cs);
  408. RpcStatus = RpcServerUnregisterIf(stirpc_ServerIfHandle,
  409. NULL, // MgrUuid
  410. TRUE); // wait for calls to complete
  412. // BUGBUG RPC server should stop only after all interfaces are unregistered. For now we
  413. // only have one, so this is non-issue. When adding new interfaces to this RPC server, keep
  414. // ref count on register/unregister
  416. RpcStatus = RpcMgmtStopServerListening(0);
  418. //
  419. // wait for all RPC threads to go away.
  420. //
  422. if( RpcStatus == RPC_S_OK) {
  423. RpcStatus = RpcMgmtWaitServerListen();
  424. }
  426. return (RpcStatus);
  427. }