You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
498 lines
13 KiB
498 lines
13 KiB
/*++
|
|
|
|
Copyright (c) 1990 Microsoft Corporation
|
|
|
|
Module Name:
|
|
|
|
srvtask.c
|
|
|
|
Abstract:
|
|
|
|
This module implements windows server tasking functions
|
|
|
|
Author:
|
|
|
|
Mark Lucovsky (markl) 13-Nov-1990
|
|
|
|
Revision History:
|
|
|
|
--*/
|
|
|
|
#include "basesrv.h"
|
|
|
|
#if defined(_WIN64)
|
|
#include <wow64t.h>
|
|
#endif // defined(_WIN64)
|
|
|
|
PFNNOTIFYPROCESSCREATE UserNotifyProcessCreate = NULL;
|
|
|
|
void
|
|
BaseSetProcessCreateNotify(
|
|
IN PFNNOTIFYPROCESSCREATE ProcessCreateRoutine
|
|
)
|
|
{
|
|
UserNotifyProcessCreate = ProcessCreateRoutine;
|
|
}
|
|
|
|
ULONG
|
|
BaseSrvCreateProcess(
|
|
IN OUT PCSR_API_MSG m,
|
|
IN OUT PCSR_REPLY_STATUS ReplyStatus
|
|
)
|
|
{
|
|
NTSTATUS Status, Status1;
|
|
PBASE_CREATEPROCESS_MSG a = (PBASE_CREATEPROCESS_MSG)&m->u.ApiMessageData;
|
|
HANDLE CsrClientProcess = NULL;
|
|
HANDLE NewProcess = NULL;
|
|
HANDLE Thread = NULL;
|
|
PCSR_THREAD t;
|
|
ULONG DebugFlags;
|
|
DWORD dwFlags;
|
|
PCSR_PROCESS ProcessVDM;
|
|
#if defined(_WIN64)
|
|
PPEB32 Peb32 = NULL;
|
|
#endif // defined(_WIN64)
|
|
PPEB NewPeb = NULL;
|
|
USHORT ProcessorArchitecture = a->ProcessorArchitecture;
|
|
BOOL setVdmBits = FALSE;
|
|
PROCESS_BASIC_INFORMATION ProcessBasicInfo;
|
|
|
|
if (a->VdmBinaryType ) {
|
|
|
|
//
|
|
// Remove the bit which indicates Check VDM Allowed access.
|
|
// (See the client side for setting the bit.)
|
|
//
|
|
|
|
if (a->VdmBinaryType == BINARY_TYPE_INJWOW) {
|
|
a->VdmBinaryType = 0;
|
|
if (!BaseSrvIsVdmAllowed()) {
|
|
Status = STATUS_ACCESS_DENIED;
|
|
goto Cleanup;
|
|
}
|
|
}
|
|
|
|
setVdmBits = TRUE;
|
|
}
|
|
|
|
t = CSR_SERVER_QUERYCLIENTTHREAD();
|
|
CsrClientProcess = t->Process->ProcessHandle;
|
|
|
|
#if defined(_WIN64)
|
|
if (ProcessorArchitecture == PROCESSOR_ARCHITECTURE_INTEL)
|
|
ProcessorArchitecture = PROCESSOR_ARCHITECTURE_IA32_ON_WIN64;
|
|
#endif // defined(_WIN64)
|
|
|
|
//
|
|
// Get handles to the process and thread local to the
|
|
// Windows server.
|
|
//
|
|
|
|
if ((dwFlags = (DWORD)((ULONG_PTR)a->ProcessHandle) & 3)) {
|
|
a->ProcessHandle = (HANDLE)((ULONG_PTR)a->ProcessHandle & ~3);
|
|
}
|
|
|
|
Status = NtDuplicateObject(
|
|
CsrClientProcess,
|
|
a->ProcessHandle,
|
|
NtCurrentProcess(),
|
|
&NewProcess,
|
|
0L,
|
|
0L,
|
|
DUPLICATE_SAME_ACCESS
|
|
);
|
|
if ( !NT_SUCCESS(Status) ) {
|
|
goto Cleanup;
|
|
}
|
|
|
|
Status = NtDuplicateObject(
|
|
CsrClientProcess,
|
|
a->ThreadHandle,
|
|
NtCurrentProcess(),
|
|
&Thread,
|
|
0L,
|
|
0L,
|
|
DUPLICATE_SAME_ACCESS
|
|
);
|
|
if ( !NT_SUCCESS(Status) ) {
|
|
goto Cleanup;
|
|
}
|
|
|
|
//
|
|
// Register vdm allow bit with ntoskrnl to gain access to ntvdmcontrol
|
|
//
|
|
|
|
if (setVdmBits) {
|
|
ULONG vdmFlags = 1;
|
|
|
|
Status = NtSetInformationProcess(
|
|
NewProcess,
|
|
ProcessWx86Information,
|
|
&vdmFlags,
|
|
sizeof(vdmFlags)
|
|
);
|
|
if (!NT_SUCCESS(Status)) {
|
|
goto Cleanup;
|
|
}
|
|
}
|
|
|
|
//
|
|
// If we are a native client then we will have passed out Peb though so save a system call.
|
|
//
|
|
NewPeb = (PPEB) a->RealPeb;
|
|
|
|
if (NewPeb == NULL) {
|
|
|
|
Status =
|
|
NtQueryInformationProcess(
|
|
NewProcess,
|
|
ProcessBasicInformation,
|
|
&ProcessBasicInfo,
|
|
sizeof(ProcessBasicInfo),
|
|
NULL);
|
|
if (!NT_SUCCESS(Status)) {
|
|
DbgPrintEx(
|
|
DPFLTR_SXS_ID,
|
|
DPFLTR_ERROR_LEVEL,
|
|
"SXS: NtQueryInformationProcess failed.\n", Status);
|
|
goto Cleanup;
|
|
}
|
|
NewPeb = ProcessBasicInfo.PebBaseAddress;
|
|
}
|
|
|
|
if ((a->CreationFlags & CREATE_IGNORE_SYSTEM_DEFAULT) == 0) {
|
|
Status = BaseSrvSxsDoSystemDefaultActivationContext(ProcessorArchitecture, NewProcess, NewPeb);
|
|
if ((!NT_SUCCESS(Status)) && (Status != STATUS_SXS_SYSTEM_DEFAULT_ACTIVATION_CONTEXT_EMPTY)) {
|
|
goto Cleanup;
|
|
}
|
|
}
|
|
|
|
Status = BaseSrvSxsCreateProcess(CsrClientProcess, NewProcess, m, NewPeb);
|
|
if (!NT_SUCCESS(Status)) {
|
|
goto Cleanup;
|
|
}
|
|
|
|
DebugFlags = 0;
|
|
|
|
if ( a->CreationFlags & CREATE_NEW_PROCESS_GROUP ) {
|
|
DebugFlags |= CSR_CREATE_PROCESS_GROUP;
|
|
}
|
|
|
|
if ( !(dwFlags & 2) ) {
|
|
DebugFlags |= CSR_PROCESS_CONSOLEAPP;
|
|
}
|
|
|
|
Status = CsrCreateProcess(
|
|
NewProcess,
|
|
Thread,
|
|
&a->ClientId,
|
|
t->Process->NtSession,
|
|
DebugFlags,
|
|
NULL
|
|
);
|
|
|
|
switch(Status) {
|
|
case STATUS_THREAD_IS_TERMINATING:
|
|
if (a->VdmBinaryType )
|
|
BaseSrvVDMTerminated (a->hVDM, a->VdmTask);
|
|
*ReplyStatus = CsrClientDied;
|
|
goto Cleanup;
|
|
|
|
case STATUS_SUCCESS:
|
|
//
|
|
// notify USER that a process is being created. USER needs to know
|
|
// for various synchronization issues such as startup activation,
|
|
// startup synchronization, and type ahead.
|
|
//
|
|
// Turn on 0x8 bit of dwFlags if this is a WOW process being
|
|
// created so that UserSrv knows to ignore the console's call
|
|
// to UserNotifyConsoleApplication.
|
|
//
|
|
|
|
if (IS_WOW_BINARY(a->VdmBinaryType)) {
|
|
dwFlags |= 8;
|
|
}
|
|
|
|
if (UserNotifyProcessCreate != NULL) {
|
|
if (!(*UserNotifyProcessCreate)((DWORD)((ULONG_PTR)a->ClientId.UniqueProcess),
|
|
(DWORD)((ULONG_PTR)t->ClientId.UniqueThread),
|
|
0, dwFlags)) {
|
|
//
|
|
// NTRAID#589638-2002/03/29-earhart: changed to NTRAID
|
|
// marker. Shouldn't we close the duplicated
|
|
// process and thread handles above?
|
|
//
|
|
}
|
|
}
|
|
|
|
//
|
|
// Update the VDM sequence number.
|
|
//
|
|
|
|
|
|
if (a->VdmBinaryType) {
|
|
|
|
Status = BaseSrvUpdateVDMSequenceNumber(a->VdmBinaryType,
|
|
a->hVDM,
|
|
a->VdmTask,
|
|
a->ClientId.UniqueProcess,
|
|
m->h.ClientId.UniqueProcess);
|
|
if (!NT_SUCCESS( Status )) {
|
|
//
|
|
// NTRAID#589638-2002/03/29-earhart: changed to
|
|
// NTRAID marker. Shouldn't we close the
|
|
// duplicated process and thread handles above?
|
|
//
|
|
BaseSrvVDMTerminated (a->hVDM, a->VdmTask);
|
|
}
|
|
}
|
|
break;
|
|
|
|
default:
|
|
goto Cleanup;
|
|
}
|
|
|
|
// We don't use the usual Exit: pattern here in order to more carefully
|
|
// preserve the preexisting behavior, which apparently leaks handles in error cases.
|
|
return( (ULONG)Status );
|
|
Cleanup:
|
|
if (NewProcess != NULL) {
|
|
Status1 = NtClose(NewProcess);
|
|
RTL_SOFT_ASSERT(NT_SUCCESS(Status1));
|
|
}
|
|
if (Thread != NULL) {
|
|
Status1 = NtClose(Thread);
|
|
RTL_SOFT_ASSERT(NT_SUCCESS(Status1));
|
|
}
|
|
return( (ULONG)Status );
|
|
}
|
|
|
|
ULONG
|
|
BaseSrvCreateThread(
|
|
IN OUT PCSR_API_MSG m,
|
|
IN OUT PCSR_REPLY_STATUS ReplyStatus
|
|
)
|
|
{
|
|
PBASE_CREATETHREAD_MSG a = (PBASE_CREATETHREAD_MSG)&m->u.ApiMessageData;
|
|
HANDLE Thread;
|
|
NTSTATUS Status;
|
|
PCSR_PROCESS Process;
|
|
PCSR_THREAD t;
|
|
|
|
t = CSR_SERVER_QUERYCLIENTTHREAD();
|
|
|
|
Process = t->Process;
|
|
if (Process->ClientId.UniqueProcess != a->ClientId.UniqueProcess) {
|
|
if ( a->ClientId.UniqueProcess == NtCurrentTeb()->ClientId.UniqueProcess ) {
|
|
return STATUS_SUCCESS;
|
|
}
|
|
Status = CsrLockProcessByClientId( a->ClientId.UniqueProcess,
|
|
&Process
|
|
);
|
|
if (!NT_SUCCESS( Status )) {
|
|
return( Status );
|
|
}
|
|
}
|
|
|
|
//
|
|
// Get handles to the thread local to the
|
|
// Windows server.
|
|
//
|
|
|
|
Status = NtDuplicateObject(
|
|
t->Process->ProcessHandle,
|
|
a->ThreadHandle,
|
|
NtCurrentProcess(),
|
|
&Thread,
|
|
0L,
|
|
0L,
|
|
DUPLICATE_SAME_ACCESS
|
|
);
|
|
if ( NT_SUCCESS(Status) ) {
|
|
Status = CsrCreateThread(
|
|
Process,
|
|
Thread,
|
|
&a->ClientId,
|
|
TRUE
|
|
);
|
|
if (!NT_SUCCESS(Status)) {
|
|
NtClose(Thread);
|
|
}
|
|
}
|
|
|
|
if (Process != t->Process) {
|
|
CsrUnlockProcess( Process );
|
|
}
|
|
|
|
return( (ULONG)Status );
|
|
ReplyStatus; // get rid of unreferenced parameter warning message
|
|
}
|
|
|
|
ULONG
|
|
BaseSrvRegisterThread(
|
|
IN OUT PCSR_API_MSG m,
|
|
IN OUT PCSR_REPLY_STATUS ReplyStatus
|
|
)
|
|
{
|
|
PBASE_CREATETHREAD_MSG a = (PBASE_CREATETHREAD_MSG)&m->u.ApiMessageData;
|
|
HANDLE Thread;
|
|
NTSTATUS Status;
|
|
PCSR_PROCESS Process;
|
|
PCSR_THREAD CsrThread, ExistingThread;
|
|
OBJECT_ATTRIBUTES NullAttributes;
|
|
|
|
//
|
|
// We assume the following:
|
|
//
|
|
// We are called via a LPC_DATAGRAM since this is the only way
|
|
// that CSR will let the call go through. (csr requires
|
|
// LPC_REQUEST to be sent only by threads in its list). This
|
|
// means that CSR_SERVER_QUERYCLIENTTHREAD(); does not return a
|
|
// valid value.
|
|
|
|
|
|
Status = CsrLockProcessByClientId( a->ClientId.UniqueProcess,
|
|
&Process
|
|
);
|
|
if (!NT_SUCCESS( Status )) {
|
|
return( Status );
|
|
}
|
|
|
|
//
|
|
// Get handle to the thread local to the
|
|
// Windows server. Since this is called as a
|
|
// LPC_DATAGRAM message, the thread handle is
|
|
// not passed in the message, but instead the
|
|
// calling thread is opened
|
|
//
|
|
|
|
InitializeObjectAttributes( &NullAttributes, NULL, 0, NULL, NULL );
|
|
Status = NtOpenThread(&Thread,
|
|
THREAD_ALL_ACCESS,
|
|
&NullAttributes,
|
|
&a->ClientId);
|
|
|
|
if ( NT_SUCCESS(Status) ) {
|
|
Status = CsrCreateThread(
|
|
Process,
|
|
Thread,
|
|
&a->ClientId,
|
|
FALSE
|
|
);
|
|
if (!NT_SUCCESS(Status)) {
|
|
NtClose(Thread);
|
|
}
|
|
}
|
|
|
|
CsrUnlockProcess( Process );
|
|
|
|
return( (ULONG)Status );
|
|
ReplyStatus; // get rid of unreferenced parameter warning message
|
|
}
|
|
|
|
|
|
EXCEPTION_DISPOSITION
|
|
FatalExceptionFilter(
|
|
struct _EXCEPTION_POINTERS *ExceptionInfo
|
|
)
|
|
{
|
|
DbgPrint("CSRSRV: Fatal Server Side Exception. Exception Info %lx\n",
|
|
ExceptionInfo
|
|
);
|
|
DbgBreakPoint();
|
|
return EXCEPTION_EXECUTE_HANDLER;
|
|
}
|
|
|
|
ULONG
|
|
BaseSrvExitProcess(
|
|
IN OUT PCSR_API_MSG m,
|
|
IN OUT PCSR_REPLY_STATUS ReplyStatus
|
|
)
|
|
{
|
|
PBASE_EXITPROCESS_MSG a = (PBASE_EXITPROCESS_MSG)&m->u.ApiMessageData;
|
|
PCSR_THREAD t;
|
|
ULONG rc = (ULONG)STATUS_ACCESS_DENIED;
|
|
|
|
t = CSR_SERVER_QUERYCLIENTTHREAD();
|
|
try {
|
|
*ReplyStatus = CsrClientDied;
|
|
rc = (ULONG)CsrDestroyProcess( &t->ClientId, (NTSTATUS)a->uExitCode );
|
|
}
|
|
except(FatalExceptionFilter( GetExceptionInformation() )) {
|
|
DbgBreakPoint();
|
|
}
|
|
return rc;
|
|
}
|
|
|
|
ULONG
|
|
BaseSrvGetTempFile(
|
|
IN OUT PCSR_API_MSG m,
|
|
IN OUT PCSR_REPLY_STATUS ReplyStatus
|
|
)
|
|
{
|
|
PBASE_GETTEMPFILE_MSG a = (PBASE_GETTEMPFILE_MSG)&m->u.ApiMessageData;
|
|
|
|
BaseSrvGetTempFileUnique++;
|
|
a->uUnique = BaseSrvGetTempFileUnique;
|
|
return( (ULONG)a->uUnique & 0xffff );
|
|
ReplyStatus; // get rid of unreferenced parameter warning message
|
|
}
|
|
|
|
ULONG
|
|
BaseSrvDebugProcess(
|
|
IN OUT PCSR_API_MSG m,
|
|
IN OUT PCSR_REPLY_STATUS ReplyStatus
|
|
)
|
|
{
|
|
return STATUS_UNSUCCESSFUL;
|
|
}
|
|
|
|
ULONG
|
|
BaseSrvDebugProcessStop(
|
|
IN OUT PCSR_API_MSG m,
|
|
IN OUT PCSR_REPLY_STATUS ReplyStatus
|
|
)
|
|
{
|
|
return STATUS_UNSUCCESSFUL;
|
|
}
|
|
|
|
ULONG
|
|
BaseSrvSetProcessShutdownParam(
|
|
IN OUT PCSR_API_MSG m,
|
|
IN OUT PCSR_REPLY_STATUS ReplyStatus
|
|
)
|
|
{
|
|
PCSR_PROCESS p;
|
|
PBASE_SHUTDOWNPARAM_MSG a = (PBASE_SHUTDOWNPARAM_MSG)&m->u.ApiMessageData;
|
|
|
|
p = CSR_SERVER_QUERYCLIENTTHREAD()->Process;
|
|
|
|
if (a->ShutdownFlags & (~(SHUTDOWN_NORETRY))) {
|
|
return !STATUS_SUCCESS;
|
|
}
|
|
|
|
p->ShutdownLevel = a->ShutdownLevel;
|
|
p->ShutdownFlags = a->ShutdownFlags;
|
|
|
|
return STATUS_SUCCESS;
|
|
ReplyStatus;
|
|
}
|
|
|
|
ULONG
|
|
BaseSrvGetProcessShutdownParam(
|
|
IN OUT PCSR_API_MSG m,
|
|
IN OUT PCSR_REPLY_STATUS ReplyStatus
|
|
)
|
|
{
|
|
PCSR_PROCESS p;
|
|
PBASE_SHUTDOWNPARAM_MSG a = (PBASE_SHUTDOWNPARAM_MSG)&m->u.ApiMessageData;
|
|
|
|
p = CSR_SERVER_QUERYCLIENTTHREAD()->Process;
|
|
|
|
a->ShutdownLevel = p->ShutdownLevel;
|
|
a->ShutdownFlags = p->ShutdownFlags & SHUTDOWN_NORETRY;
|
|
|
|
return STATUS_SUCCESS;
|
|
ReplyStatus;
|
|
}
|
|
|