archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
3 Commits
1 Branch
0 Tags
1.5 GiB
Tree: 827363a95b
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '827363a95b'
${ noResults }
windows-server-2003/base/subsys/sm/sfc/dll/apicli.c

783 lines
18 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. /*++
  3. Copyright (c) 1999 Microsoft Corporation
  5. Module Name:
  7. apicli.c
  9. Abstract:
  11. Windows File Protection client side APIs.
  13. Author:
  15. Wesley Witt (wesw) 27-May-1999
  17. Revision History:
  19. Andrew Ritz (andrewr) 5-Jul-1999 : added comments
  21. --*/
  23. #include "sfcp.h"
  24. #pragma hdrstop
  26. #define STRSAFE_NO_DEPRECATE
  27. #include <strsafe.h>
  29. //
  30. // global RPC binding handle because some client API's don't require you to
  31. // specify an RPC handle
  32. //
  33. HANDLE _pRpcHandle;
  35. //
  36. // these macros are used by each client side api to
  37. // ensure that we have a valid rpc handle. if the
  38. // calling application chooses to not call SfcConnectToServer
  39. // they connect to the local server and save the handle
  40. // in a global for future use.
  41. //
  42. #define EnsureGoodConnectionHandleStatus(_h)\
  43. if (_h == NULL) {\
  44. if (_pRpcHandle == NULL) {\
  45. _pRpcHandle = SfcConnectToServer( NULL );\
  46. if (_pRpcHandle == NULL) {\
  47. return RPC_S_SERVER_UNAVAILABLE;\
  48. }\
  49. }\
  50. _h = _pRpcHandle;\
  51. }
  53. #define EnsureGoodConnectionHandleBool(_h)\
  54. if (_h == NULL) {\
  55. if (_pRpcHandle == NULL) {\
  56. _pRpcHandle = SfcConnectToServer( NULL );\
  57. if (_pRpcHandle == NULL) {\
  58. SetLastError(RPC_S_SERVER_UNAVAILABLE);\
  59. return FALSE;\
  60. }\
  61. }\
  62. _h = _pRpcHandle;\
  63. }
  66. void
  67. ClientApiInit(
  68. void
  69. )
  70. {
  71. #ifndef _WIN64
  72. SfcInitPathTranslator();
  73. #endif // _WIN64
  74. }
  76. void
  77. ClientApiCleanup(
  78. void
  79. )
  80. /*++
  82. Routine Description:
  84. RPC cleanup wrapper routine called by client side when done with server side
  85. connection that was previously established with SfcConnectToServer().
  87. Arguments:
  89. None
  91. Return Value:
  93. none.
  95. --*/
  96. {
  97. if (_pRpcHandle) {
  98. SfcClose( _pRpcHandle );
  99. _pRpcHandle = NULL;
  100. }
  102. #ifndef _WIN64
  103. SfcCleanupPathTranslator(TRUE);
  104. #endif // _WIN64
  105. }
  108. HANDLE
  109. WINAPI
  110. SfcConnectToServer(
  111. IN PCWSTR ServerName
  112. )
  113. /*++
  115. Routine Description:
  117. RPC attachment routine.
  119. Arguments:
  121. ServerName - NULL terminated unicode string specifying server to connect to
  123. Return Value:
  125. an RPC binding handle on success, else NULL.
  127. --*/
  128. {
  129. RPC_STATUS Status;
  130. RPC_BINDING_HANDLE RpcHandle = NULL;
  131. PWSTR szStringBinding = NULL;
  132. RPC_SECURITY_QOS qos;
  133. PWSTR szPrincName = NULL;
  134. PSID pSid = NULL;
  136. if (ServerName) {
  137. Status = ERROR_CALL_NOT_IMPLEMENTED;
  138. goto exit;
  139. }
  141. //
  142. // We need to get the name of the local system account for mutual authentication to the server
  143. //
  144. Status = SfcCreateSid(WinLocalSystemSid, &pSid);
  146. if(Status != ERROR_SUCCESS) {
  147. goto exit;
  148. }
  150. Status = SfcGetSidName(pSid, &szPrincName);
  152. if(Status != ERROR_SUCCESS) {
  153. goto exit;
  154. }
  156. //
  157. // Compose a binding string using LRPC protocol and WFP's endpoint name
  158. //
  159. Status = RpcStringBindingCompose(
  160. NULL,
  161. L"ncalrpc",
  162. NULL,
  163. SFC_RPC_ENDPOINT,
  164. NULL,
  165. &szStringBinding
  166. );
  168. if(Status != RPC_S_OK) {
  169. szStringBinding = NULL;
  170. goto exit;
  171. }
  173. //
  174. // Connect and get the binding handle
  175. //
  176. Status = RpcBindingFromStringBinding(szStringBinding, &RpcHandle);
  178. if(Status != RPC_S_OK) {
  179. RpcHandle = NULL;
  180. goto exit;
  181. }
  183. //
  184. // Make RPC use mutual authentication
  185. //
  186. RtlZeroMemory(&qos, sizeof(qos));
  187. qos.Version = RPC_C_SECURITY_QOS_VERSION;
  188. qos.Capabilities = RPC_C_QOS_CAPABILITIES_MUTUAL_AUTH;
  189. qos.IdentityTracking = RPC_C_QOS_IDENTITY_DYNAMIC;
  190. qos.ImpersonationType = RPC_C_IMP_LEVEL_IDENTIFY;
  192. Status = RpcBindingSetAuthInfoEx(
  193. RpcHandle,
  194. szPrincName,
  195. RPC_C_AUTHN_LEVEL_PKT_PRIVACY, // used anyway with ncalrpc
  196. RPC_C_AUTHN_WINNT,
  197. NULL, // current process credentials
  198. RPC_C_AUTHZ_NONE,
  199. &qos
  200. );
  202. if(Status != RPC_S_OK) {
  203. RpcBindingFree(&RpcHandle);
  204. RpcHandle = NULL;
  205. goto exit;
  206. }
  208. exit:
  209. if(szStringBinding != NULL) {
  210. RpcStringFree(&szStringBinding);
  211. }
  213. MemFree(szPrincName);
  214. MemFree(pSid);
  215. SetLastError(Status);
  216. return RpcHandle;
  217. }
  220. VOID
  221. SfcClose(
  222. IN HANDLE RpcHandle
  223. )
  225. /*++
  227. Routine Description:
  229. RPC cleanup routine.
  231. Arguments:
  233. RpcHandle - RPC binding handle to the SFC server
  235. Return Value:
  237. None.
  239. --*/
  240. {
  241. RpcBindingFree(&RpcHandle);
  242. }
  245. DWORD
  246. WINAPI
  247. SfcFileException(
  248. IN HANDLE RpcHandle,
  249. IN PCWSTR FileName,
  250. IN DWORD ExpectedChangeType
  251. )
  252. /*++
  254. Routine Description:
  256. Routine to exempt a given file from the specified file change. This
  257. routine is used by certain clients to allow files to be deleted from
  258. the system, etc.
  260. Arguments:
  262. RpcHandle - RPC binding handle to the SFC server
  263. FileName - NULL terminated unicode string specifying full filename of the
  264. file to be exempted
  265. ExpectedChangeType - SFC_ACTION_* mask listing the file changes to exempt
  267. Return Value:
  269. Win32 error code indicating outcome.
  271. --*/
  272. {
  273. #ifndef _WIN64
  275. DWORD dwError = ERROR_SUCCESS;
  276. UNICODE_STRING Path = { 0 };
  277. NTSTATUS Status;
  279. if(NULL == FileName || 0 == FileName[0]) {
  280. dwError = ERROR_INVALID_PARAMETER;
  281. goto exit;
  282. }
  284. EnsureGoodConnectionHandleStatus( RpcHandle );
  285. Status = SfcRedirectPath(FileName, &Path);
  287. if(!NT_SUCCESS(Status))
  288. {
  289. dwError = RtlNtStatusToDosError(Status);
  290. goto exit;
  291. }
  293. ASSERT(Path.Buffer != NULL);
  294. dwError = SfcCli_FileException( RpcHandle, Path.Buffer, ExpectedChangeType );
  296. exit:
  297. MemFree(Path.Buffer);
  298. return dwError;
  300. #else // _WIN64
  302. EnsureGoodConnectionHandleStatus( RpcHandle );
  303. return SfcCli_FileException( RpcHandle, FileName, ExpectedChangeType );
  305. #endif // _WIN64
  306. }
  309. DWORD
  310. WINAPI
  311. SfcInitiateScan(
  312. IN HANDLE RpcHandle,
  313. IN DWORD ScanWhen
  314. )
  315. /*++
  317. Routine Description:
  319. Routine to start some sort scan on the system.
  321. Arguments:
  323. RpcHandle - RPC binding handle to the SFC server
  324. ScanWhen - flag indicating when to scan. This parameter is currently
  325. unused.
  327. Return Value:
  329. Win32 error code indicating outcome.
  331. --*/
  332. {
  333. UNREFERENCED_PARAMETER(ScanWhen);
  335. EnsureGoodConnectionHandleStatus( RpcHandle );
  336. return SfcCli_InitiateScan( RpcHandle, ScanWhen );
  337. }
  340. BOOL
  341. WINAPI
  342. SfcInstallProtectedFiles(
  343. IN HANDLE RpcHandle,
  344. IN PCWSTR FileNames,
  345. IN BOOL AllowUI,
  346. IN PCWSTR ClassName,
  347. IN PCWSTR WindowName,
  348. IN PSFCNOTIFICATIONCALLBACK SfcNotificationCallback,
  349. IN DWORD_PTR Context OPTIONAL
  350. )
  351. /*++
  353. Routine Description:
  355. Routine to install one or more protected system files onto the system at
  356. the protected location. A client can use this API to request that WFP
  357. install the specified operating system files as appropriate (instead of the
  358. client redistributing the operating system files!) The caller specifies a
  359. callback routine and a context structure that is called once per file.
  361. Arguments:
  363. RpcHandle - RPC binding handle to the SFC server
  364. FileNames - a list of NULL seperated unicode strings, terminated by two
  365. NULL characters
  366. AllowUI - a BOOL indicating whether UI is allowed or not. If this value
  367. is TRUE, then any prompts for UI cause the API call to fail.
  368. ClassName - NULL terminated unicode string indicating the window classname
  369. for the parent window
  370. WindowName - NULL terminated unicode string indicating the window name for
  371. the parent window for any UI that may be displayed
  372. SfcNotificationCallback - pointer to a callback routine that is called once
  373. per file.
  374. Context - opaque pointer to caller defined context structure that is
  375. passed through to the callback routine.
  377. Return Value:
  379. TRUE for success, FALSE for error. last error code contains a Win32 error
  380. code on failure.
  382. --*/
  383. {
  384. DWORD rVal = ERROR_SUCCESS;
  385. PCWSTR fname;
  386. ULONG cnt = 0, cntold = 0;
  387. ULONG sz = 0;
  388. PFILEINSTALL_STATUS cs = NULL;
  389. DWORD StatusSize = 0;
  390. UNICODE_STRING Path = { 0 };
  392. #ifndef _WIN64
  393. //
  394. // must translate the paths
  395. //
  396. PWSTR szTranslatedFiles = NULL;
  397. #endif
  399. //
  400. // parameter validation
  401. //
  402. if((SfcNotificationCallback == NULL) ||
  403. (FileNames == NULL)) {
  404. rVal = ERROR_INVALID_PARAMETER;
  405. goto exit;
  406. }
  408. //
  409. // 1. if a windowname is specified, a classname should be specified
  410. // 2. if a classname is specified, a windowname should be specified
  411. // 3. if we don't allow UI, then windowname and classname should both be
  412. // NULL.
  413. //
  414. if ((WindowName && !ClassName)
  415. || (ClassName && !WindowName)
  416. || (!AllowUI && (ClassName || WindowName))) {
  417. rVal = ERROR_INVALID_PARAMETER;
  418. goto exit;
  419. }
  421. //
  422. // validate RPC handle
  423. //
  424. EnsureGoodConnectionHandleBool( RpcHandle );
  426. //
  427. // check out how large of a buffer to send over
  428. //
  430. try {
  431. #ifdef _WIN64
  433. for(fname = FileNames; *fname; ++cntold) {
  435. DWORD StringLength;
  436. StringLength = wcslen(fname) + 1;
  437. sz += StringLength * sizeof(WCHAR);
  438. fname += StringLength;
  439. }
  441. #else
  442. //
  443. // must translate paths before calling the server
  444. //
  445. PWSTR szNewBuf = NULL;
  447. for(fname = FileNames; *fname; fname += wcslen(fname) + 1, ++cntold) {
  448. NTSTATUS Status;
  450. Status = SfcRedirectPath(fname, &Path);
  452. if(!NT_SUCCESS(Status))
  453. {
  454. rVal = RtlNtStatusToDosError(Status);
  455. goto exit;
  456. }
  458. if(NULL == szTranslatedFiles)
  459. {
  460. szNewBuf = (PWSTR) MemAlloc(Path.Length + 2 * sizeof(WCHAR));
  461. }
  462. else
  463. {
  464. szNewBuf = (PWSTR) MemReAlloc(sz + Path.Length + 2 * sizeof(WCHAR), szTranslatedFiles);
  465. }
  467. if(szNewBuf != NULL)
  468. {
  469. szTranslatedFiles = szNewBuf;
  470. RtlCopyMemory((PCHAR) szTranslatedFiles + sz, Path.Buffer, Path.Length + sizeof(WCHAR));
  471. sz += Path.Length + sizeof(WCHAR);
  472. }
  474. MemFree(Path.Buffer);
  475. RtlZeroMemory(&Path, sizeof(Path));
  477. if(NULL == szNewBuf)
  478. {
  479. rVal = ERROR_NOT_ENOUGH_MEMORY;
  480. goto exit;
  481. }
  482. }
  484. //
  485. //set the last null
  486. //
  487. if(szTranslatedFiles != NULL)
  488. {
  489. szTranslatedFiles[sz / sizeof(WCHAR)] = L'\0';
  490. }
  492. #endif
  493. } except (EXCEPTION_EXECUTE_HANDLER) {
  494. rVal = RtlNtStatusToDosError(GetExceptionCode());
  495. goto exit;
  496. }
  498. if(0 == cntold)
  499. {
  500. //
  501. // not files to install
  502. //
  503. rVal = ERROR_INVALID_PARAMETER;
  504. goto exit;
  505. }
  507. //
  508. // for terminating NULL
  509. //
  510. sz+=sizeof(WCHAR);
  512. //
  513. // make the RPC call to install the files
  514. //
  515. rVal = SfcCli_InstallProtectedFiles(
  516. RpcHandle,
  517. #ifdef _WIN64
  518. (LPBYTE)FileNames,
  519. #else
  520. (LPBYTE)szTranslatedFiles,
  521. #endif
  522. sz,
  523. (LPBYTE*)&cs,
  524. &StatusSize,
  525. &cnt,
  526. AllowUI,
  527. ClassName,
  528. WindowName
  529. );
  531. if (rVal != ERROR_SUCCESS) {
  532. goto exit;
  533. }
  535. //
  536. // we should have gotten back the same amount of status information as the
  537. // number of files that we passed in
  538. //
  539. ASSERT(cnt == cntold);
  541. //
  542. // call the callback function once for each file, now that we've completed
  543. // copying the files in the list. We pass the caller a structure which
  544. // indicates the success of copying each individual file in the list.
  545. //
  546. for (fname = FileNames, sz=0; sz<cnt; sz++, fname += wcslen(fname) + 1) {
  547. LPEXCEPTION_POINTERS ExceptionPointers = NULL;
  548. try {
  549. NTSTATUS Status;
  550. BOOL b;
  551. //
  552. // don't use the (possibly reditected) file names returned from the server
  553. //
  554. Status = SfcAllocUnicodeStringFromPath(fname, &Path);
  556. if(!NT_SUCCESS(Status))
  557. {
  558. rVal = RtlNtStatusToDosError(Status);
  559. goto exit;
  560. }
  562. cs[sz].FileName = Path.Buffer;
  563. b = SfcNotificationCallback( &cs[sz], Context );
  564. MemFree(Path.Buffer);
  565. RtlZeroMemory(&Path, sizeof(Path));
  567. if (!b) {
  568. //
  569. // return FALSE if the callback fails for any reason
  570. //
  571. rVal = ERROR_CANCELLED;
  572. goto exit;
  573. }
  574. } except (ExceptionPointers = GetExceptionInformation(),
  575. EXCEPTION_EXECUTE_HANDLER) {
  576. //
  577. // we hit an exception calling the callback...return exception code
  578. //
  579. DebugPrint3( LVL_VERBOSE,
  580. L"SIPF hit exception %x while calling callback routine %x at address %x\n",
  581. ExceptionPointers->ExceptionRecord->ExceptionCode,
  582. SfcNotificationCallback,
  583. ExceptionPointers->ExceptionRecord->ExceptionAddress
  584. );
  585. rVal = RtlNtStatusToDosError(ExceptionPointers->ExceptionRecord->ExceptionCode);
  586. goto exit;
  587. }
  588. }
  590. exit:
  591. MemFree(Path.Buffer);
  593. if(cs != NULL)
  594. {
  595. midl_user_free( cs );
  596. }
  598. #ifndef _WIN64
  599. MemFree(szTranslatedFiles);
  600. #endif
  602. SetLastError(rVal);
  603. return rVal == ERROR_SUCCESS;
  604. }
  606. BOOL
  607. WINAPI
  608. SfcGetNextProtectedFile(
  609. IN HANDLE RpcHandle,
  610. IN PPROTECTED_FILE_DATA ProtFileData
  611. )
  612. /*++
  614. Routine Description:
  616. Routine to retrieve the next protected file in the list.
  618. Arguments:
  620. RpcHandle - RPC binding handle to the SFC server
  621. ProtFileData - pointer to a PROTECTED_FILE_DATA structure to be filled
  622. in by function.
  624. Return Value:
  626. TRUE for success, FALSE for failure. If there are no more files, the last
  627. error code will be set to ERROR_NO_MORE_FILES.
  629. --*/
  630. {
  631. DWORD rVal;
  632. LPWSTR FileName = NULL;
  633. DWORD FileNameSize = 0;
  634. BOOL bReturn = FALSE;
  635. DWORD FileNumber;
  637. //
  638. // validate parameters
  639. //
  640. if (ProtFileData == NULL) {
  641. SetLastError(ERROR_INVALID_PARAMETER);
  642. return(FALSE);
  643. }
  645. try {
  646. FileNumber = ProtFileData->FileNumber;
  647. } except (EXCEPTION_EXECUTE_HANDLER) {
  648. SetLastError(ERROR_INVALID_DATA);
  649. return(FALSE);
  650. }
  652. //
  653. // If this is not an internal client, then RpcHandle must be NULL.
  654. //
  655. EnsureGoodConnectionHandleBool( RpcHandle );
  657. //
  658. // call the server API
  659. //
  660. rVal = SfcCli_GetNextProtectedFile(
  661. RpcHandle,
  662. FileNumber,
  663. (LPBYTE*)&FileName,
  664. &FileNameSize
  665. );
  666. if (rVal != ERROR_SUCCESS) {
  667. SetLastError(rVal);
  668. goto exit;
  669. }
  671. bReturn = TRUE;
  673. //
  674. // copy into the caller supplied buffer
  675. //
  676. try {
  677. (void) StringCchCopy(ProtFileData->FileName, UnicodeChars(ProtFileData->FileName), FileName);
  678. ProtFileData->FileNumber += 1;
  679. } except (EXCEPTION_EXECUTE_HANDLER) {
  680. SetLastError(RtlNtStatusToDosError(GetExceptionCode()));
  681. bReturn = FALSE;
  682. }
  684. midl_user_free( FileName );
  686. exit:
  687. return(bReturn);
  688. }
  691. BOOL
  692. WINAPI
  693. SfcIsFileProtected(
  694. IN HANDLE RpcHandle,
  695. IN LPCWSTR ProtFileName
  696. )
  697. /*++
  699. Routine Description:
  701. Routine to determine if the specified file is protected.
  703. Arguments:
  705. RpcHandle - RPC binding handle to the SFC server
  706. ProtFileName - NULL terminated unicode string indicating fully qualified
  707. filename to query
  709. Return Value:
  711. TRUE if file is protected, FALSE if it isn't. last error code contains a
  712. Win32 error code on failure.
  714. --*/
  715. {
  716. DWORD rVal;
  717. DWORD dwAttributes, dwSize;
  718. WCHAR Buffer[MAX_PATH];
  720. //
  721. // parameter validation
  722. //
  723. if (ProtFileName == NULL) {
  724. SetLastError(ERROR_INVALID_PARAMETER);
  725. return FALSE;
  726. }
  728. //
  729. // if this is not an internal client, then RpcHandle must be NULL.
  730. //
  731. EnsureGoodConnectionHandleBool( RpcHandle );
  733. //
  734. // check whether this file is sxs-wfp first, which could be done on client-side only
  735. //
  737. //
  738. // check whether it begins with "%SystemRoot%\\WinSxS\\"
  739. //
  740. dwSize = ExpandEnvironmentStrings( L"%SystemRoot%\\WinSxS\\", Buffer, UnicodeChars(Buffer));
  741. if(0 == dwSize)
  742. {
  743. DebugPrint1( LVL_MINIMAL, L"SFC : ExpandEnvironmentStrings failed with lastError = 0x%x", GetLastError());
  744. return FALSE;
  745. }
  747. if(dwSize > UnicodeChars(Buffer)) {
  748. SetLastError(ERROR_BUFFER_OVERFLOW);
  749. return FALSE;
  750. }
  752. --dwSize;
  754. try {
  755. if ((wcslen(ProtFileName) > dwSize) &&
  756. (_wcsnicmp(Buffer, ProtFileName, dwSize) == 0)) // if they're equal, this could be a protected file
  757. {
  758. dwAttributes = GetFileAttributesW(ProtFileName);
  759. if (dwAttributes == 0xFFFFFFFF)
  760. return FALSE;
  762. if (dwAttributes & FILE_ATTRIBUTE_DIRECTORY) {
  763. SetLastError(ERROR_INVALID_PARAMETER);
  764. return FALSE;
  765. }
  767. return TRUE;
  768. }
  769. } except(EXCEPTION_EXECUTE_HANDLER) {
  770. SetLastError(ERROR_INVALID_PARAMETER);
  771. return FALSE;
  772. }
  774. //
  775. // call server to determine if file is protected
  776. //
  777. rVal = SfcCli_IsFileProtected( RpcHandle, (PWSTR)ProtFileName );
  778. if (rVal != ERROR_SUCCESS) {
  779. SetLastError(rVal);
  780. return FALSE;
  781. }
  782. return TRUE;
  783. }