You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1255 lines
37 KiB
1255 lines
37 KiB
|
|
/******************************************************************************\
|
|
* This is a part of the Microsoft Source Code Samples.
|
|
* Copyright 1995 - 1997 Microsoft Corporation.
|
|
* All rights reserved.
|
|
* This source code is only intended as a supplement to
|
|
* Microsoft Development Tools and/or WinHelp documentation.
|
|
* See these sources for detailed information regarding the
|
|
* Microsoft samples programs.
|
|
\******************************************************************************/
|
|
|
|
/*++
|
|
|
|
Copyright (c) 1997 Microsoft Corporation
|
|
|
|
Module Name:
|
|
|
|
SrvUtil.c
|
|
|
|
Abstract:
|
|
|
|
The server component of Remote. It spawns a child process
|
|
and redirects the stdin/stdout/stderr of child to itself.
|
|
Waits for connections from clients - passing the
|
|
output of child process to client and the input from clients
|
|
to child process.
|
|
|
|
Author:
|
|
|
|
Rajivendra Nath 2-Jan-1992
|
|
Dave Hart 30 May 1997 split from Server.c
|
|
|
|
Environment:
|
|
|
|
Console App. User mode.
|
|
|
|
Revision History:
|
|
|
|
--*/
|
|
|
|
#include <precomp.h>
|
|
#include "Remote.h"
|
|
#include "Server.h"
|
|
#include <sddl.h>
|
|
#define DEFAULT_SECURITY_DESCRIPTOR L"D:(A;;FA;;;BA)(A;;FA;;;CO)(A;;0x1301bf;;;WD)"
|
|
#define REGISTRY_PATH L"Software\\Microsoft\\Remote"
|
|
#define REGISTRY_VALUE L"DefaultSecurity"
|
|
|
|
#define COMMANDFORMAT "%c%-20s [%-12s %s]\n%08x%c"
|
|
#define CMDSTRING(OutBuff,OutSize,InpBuff,Client,szTime,ForceShow) \
|
|
{ \
|
|
char *pch; \
|
|
\
|
|
for (pch = InpBuff; \
|
|
*pch; \
|
|
pch++) { \
|
|
\
|
|
if (ENDMARK == *pch || \
|
|
BEGINMARK == *pch) { \
|
|
\
|
|
*pch = '`'; \
|
|
} \
|
|
} \
|
|
\
|
|
OutSize = \
|
|
sprintf( \
|
|
(OutBuff), \
|
|
COMMANDFORMAT, \
|
|
BEGINMARK, \
|
|
(InpBuff), \
|
|
(Client)->Name, \
|
|
(szTime), \
|
|
(ForceShow) ? 0 : (Client)->dwID, \
|
|
ENDMARK \
|
|
); \
|
|
}
|
|
|
|
|
|
/*************************************************************/
|
|
// GetFormattedTime -- returns pointer to formatted time
|
|
//
|
|
// returns pointer to static buffer, only the main thread
|
|
// should use this.
|
|
//
|
|
|
|
PCHAR
|
|
GetFormattedTime(
|
|
BOOL bDateToo
|
|
)
|
|
{
|
|
static char szTime[64];
|
|
int cch = 0;
|
|
|
|
if (bDateToo) {
|
|
|
|
cch =
|
|
GetDateFormat(
|
|
LOCALE_USER_DEFAULT,
|
|
0,
|
|
NULL, // current date
|
|
"ddd", // short day of week
|
|
szTime,
|
|
sizeof szTime
|
|
);
|
|
|
|
// cch includes null terminator, change it to
|
|
// a space to separate from time.
|
|
|
|
szTime[ cch - 1 ] = ' ';
|
|
}
|
|
|
|
//
|
|
// Get time and format to characters
|
|
//
|
|
|
|
GetTimeFormat(
|
|
LOCALE_USER_DEFAULT,
|
|
TIME_NOSECONDS,
|
|
NULL, // use current time
|
|
NULL, // use default format
|
|
szTime + cch,
|
|
(sizeof szTime) - cch );
|
|
|
|
return szTime;
|
|
}
|
|
|
|
/*************************************************************/
|
|
|
|
BOOL
|
|
FilterCommand(
|
|
REMOTE_CLIENT *cl,
|
|
char *buff,
|
|
int dread
|
|
)
|
|
{
|
|
char tmpchar;
|
|
DWORD tmp;
|
|
int len, i;
|
|
DWORD ThreadID;
|
|
char inp_buff[2048];
|
|
char ch[3];
|
|
|
|
if (dread==0)
|
|
return(FALSE);
|
|
|
|
buff[dread]=0;
|
|
|
|
if (buff[0]==COMMANDCHAR)
|
|
{
|
|
|
|
switch(buff[1]) {
|
|
case 'k':
|
|
case 'K':
|
|
|
|
if (INVALID_HANDLE_VALUE != hWriteChildStdIn) {
|
|
|
|
printf("Remote: killing child softly, @K again to be more convincing.\n");
|
|
|
|
CancelIo( hWriteChildStdIn );
|
|
CloseHandle( hWriteChildStdIn );
|
|
hWriteChildStdIn = INVALID_HANDLE_VALUE;
|
|
|
|
GenerateConsoleCtrlEvent(CTRL_CLOSE_EVENT, 0);
|
|
SleepEx(200, TRUE);
|
|
cPendingCtrlCEvents++;
|
|
GenerateConsoleCtrlEvent(CTRL_C_EVENT, 0);
|
|
SleepEx(20, TRUE);
|
|
GenerateConsoleCtrlEvent(CTRL_BREAK_EVENT, 0);
|
|
|
|
} else {
|
|
|
|
printf("Remote: Resorting to TerminateProcess.\n");
|
|
|
|
TerminateProcess(ChldProc, ERROR_PROCESS_ABORTED);
|
|
}
|
|
|
|
|
|
break;
|
|
case 's':
|
|
case 'S':
|
|
CloseHandle( (HANDLE)
|
|
_beginthreadex(
|
|
NULL, // security
|
|
0, // default stack size
|
|
SendStatus,
|
|
(void *) cl->PipeWriteH,
|
|
0, // not suspended
|
|
&ThreadID
|
|
));
|
|
break;
|
|
|
|
case 'p':
|
|
case 'P':
|
|
{
|
|
char *msg;
|
|
|
|
msg = HeapAlloc(hHeap, HEAP_ZERO_MEMORY, 4096 );
|
|
if ( ! msg) {
|
|
break;
|
|
}
|
|
|
|
sprintf(msg,"From %s %s [%s]\n\n%s\n",cl->Name,cl->UserName,GetFormattedTime(TRUE),&buff[2]);
|
|
|
|
if (WriteFileSynch(hWriteTempFile,msg,strlen(msg),&tmp,dwWriteFilePointer,&olMainThread)) {
|
|
dwWriteFilePointer += tmp;
|
|
StartServerToClientFlow();
|
|
}
|
|
|
|
CloseHandle( (HANDLE)
|
|
CreateThread( // no CRT for ShowPopup
|
|
NULL, // security
|
|
0, // default stack size
|
|
ShowPopup,
|
|
(void *) msg,
|
|
0, // not suspended
|
|
&ThreadID
|
|
));
|
|
|
|
break;
|
|
}
|
|
|
|
case 'm':
|
|
case 'M':
|
|
buff[dread-2]=0;
|
|
CMDSTRING(inp_buff,len,buff,cl,GetFormattedTime(TRUE),TRUE);
|
|
|
|
if (WriteFileSynch(hWriteTempFile,inp_buff,len,&tmp,dwWriteFilePointer,&olMainThread)) {
|
|
dwWriteFilePointer += tmp;
|
|
StartServerToClientFlow();
|
|
}
|
|
break;
|
|
|
|
case '@':
|
|
buff[dread-2]=0;
|
|
CMDSTRING(inp_buff,len,&buff[1],cl,GetFormattedTime(FALSE),FALSE);
|
|
if (WriteFileSynch(hWriteTempFile,inp_buff,len,&tmp,dwWriteFilePointer,&olMainThread)) {
|
|
dwWriteFilePointer += tmp;
|
|
StartServerToClientFlow();
|
|
}
|
|
//
|
|
// Remove the first @ sign
|
|
//
|
|
MoveMemory(buff,&buff[1],dread-1);
|
|
buff[dread-1]=' ';
|
|
return(FALSE); //Send it it to the chile process
|
|
|
|
|
|
default :
|
|
ZeroMemory(inp_buff, sizeof(inp_buff));
|
|
strncpy(inp_buff, "** Unknown Command **\n", sizeof(inp_buff)-1);
|
|
if (WriteFileSynch(hWriteTempFile,inp_buff,strlen(inp_buff),&tmp,dwWriteFilePointer,&olMainThread)) {
|
|
dwWriteFilePointer += tmp;
|
|
// we do this below // StartServerToClientFlow();
|
|
}
|
|
case 'h':
|
|
case 'H':
|
|
_snprintf(inp_buff,sizeof(inp_buff), "%cM: To Send Message\n",COMMANDCHAR);
|
|
if (WriteFileSynch(hWriteTempFile,inp_buff,strlen(inp_buff),&tmp,dwWriteFilePointer,&olMainThread)) {
|
|
dwWriteFilePointer += tmp;
|
|
}
|
|
_snprintf(inp_buff,sizeof(inp_buff), "%cP: To Generate popup\n",COMMANDCHAR);
|
|
if (WriteFileSynch(hWriteTempFile,inp_buff,strlen(inp_buff),&tmp,dwWriteFilePointer,&olMainThread)) {
|
|
dwWriteFilePointer += tmp;
|
|
}
|
|
_snprintf(inp_buff,sizeof(inp_buff), "%cK: To kill the server\n",COMMANDCHAR);
|
|
if (WriteFileSynch(hWriteTempFile,inp_buff,strlen(inp_buff),&tmp,dwWriteFilePointer,&olMainThread)) {
|
|
dwWriteFilePointer += tmp;
|
|
}
|
|
_snprintf(inp_buff,sizeof(inp_buff), "%cQ: To Quit client\n",COMMANDCHAR);
|
|
if (WriteFileSynch(hWriteTempFile,inp_buff,strlen(inp_buff),&tmp,dwWriteFilePointer,&olMainThread)) {
|
|
dwWriteFilePointer += tmp;
|
|
}
|
|
_snprintf(inp_buff,sizeof(inp_buff), "%cH: This Help\n",COMMANDCHAR);
|
|
if (WriteFileSynch(hWriteTempFile,inp_buff,strlen(inp_buff),&tmp,dwWriteFilePointer,&olMainThread)) {
|
|
dwWriteFilePointer += tmp;
|
|
}
|
|
StartServerToClientFlow();
|
|
break;
|
|
}
|
|
return(TRUE);
|
|
}
|
|
|
|
|
|
if ((buff[0]<26)) {
|
|
BOOL ret=FALSE;
|
|
|
|
_snprintf(ch, sizeof(ch), "^%c", buff[0] + 'A' - 1);
|
|
|
|
if (buff[0]==CTRLC) {
|
|
// show this even to this client
|
|
CMDSTRING(inp_buff,len,ch,cl,GetFormattedTime(FALSE),TRUE);
|
|
|
|
cPendingCtrlCEvents++;
|
|
GenerateConsoleCtrlEvent(CTRL_C_EVENT, 0);
|
|
ret = TRUE; // Already sent to child
|
|
} else {
|
|
CMDSTRING(inp_buff,len,ch,cl,GetFormattedTime(FALSE),FALSE);
|
|
}
|
|
|
|
if (WriteFileSynch(hWriteTempFile,inp_buff,len,&tmp,dwWriteFilePointer,&olMainThread)) {
|
|
dwWriteFilePointer += tmp;
|
|
StartServerToClientFlow();
|
|
}
|
|
return(ret); //FALSE:send it to child StdIn
|
|
}
|
|
|
|
// options here are CRLF(\r\n) or just LF(\n)
|
|
if (buff[dread-2] == 13) {
|
|
i = 2; // 13 is CR
|
|
} else {
|
|
i = 1;
|
|
}
|
|
|
|
tmpchar=buff[dread-i];
|
|
buff[dread-i]=0;
|
|
CMDSTRING(inp_buff,len,buff,cl,GetFormattedTime(FALSE),FALSE);
|
|
buff[dread-i]=tmpchar;
|
|
if (WriteFileSynch(hWriteTempFile,inp_buff,len,&tmp,dwWriteFilePointer,&olMainThread)) {
|
|
dwWriteFilePointer += tmp;
|
|
StartServerToClientFlow();
|
|
}
|
|
return(FALSE);
|
|
}
|
|
|
|
/*************************************************************/
|
|
HANDLE
|
|
ForkChildProcess( // Creates a new process
|
|
char *cmd, // Redirects its stdin,stdout
|
|
PHANDLE inH, // and stderr - returns the
|
|
PHANDLE outH // corresponding pipe ends.
|
|
)
|
|
{
|
|
SECURITY_ATTRIBUTES lsa;
|
|
STARTUPINFO si;
|
|
PROCESS_INFORMATION pi;
|
|
HANDLE ChildIn;
|
|
HANDLE ChildOut, ChildOutDup;
|
|
HANDLE hWriteChild;
|
|
HANDLE hReadChild;
|
|
BOOL Success;
|
|
|
|
BOOL // pipeex.c
|
|
APIENTRY
|
|
MyCreatePipeEx(
|
|
OUT LPHANDLE lpReadPipe,
|
|
OUT LPHANDLE lpWritePipe,
|
|
IN LPSECURITY_ATTRIBUTES lpPipeAttributes,
|
|
IN DWORD nSize,
|
|
DWORD dwReadMode,
|
|
DWORD dwWriteMode
|
|
);
|
|
|
|
lsa.nLength=sizeof(SECURITY_ATTRIBUTES);
|
|
lsa.lpSecurityDescriptor=NULL;
|
|
lsa.bInheritHandle=TRUE;
|
|
|
|
//
|
|
// Create Parent_Write to ChildStdIn Pipe. Then
|
|
// duplicate the parent copy to a noninheritable
|
|
// handle and close the inheritable one so that
|
|
// the child won't be holding open a handle to
|
|
// the server end of its stdin pipe when we try
|
|
// to nuke that pipe to close the child.
|
|
//
|
|
|
|
Success = MyCreatePipeEx(
|
|
&ChildIn,
|
|
&hWriteChild,
|
|
&lsa,
|
|
0,
|
|
0,
|
|
FILE_FLAG_OVERLAPPED) &&
|
|
|
|
DuplicateHandle(
|
|
GetCurrentProcess(),
|
|
hWriteChild,
|
|
GetCurrentProcess(),
|
|
inH,
|
|
0, // ignored b/c SAME_ACCESS
|
|
FALSE, // not inheritable
|
|
DUPLICATE_SAME_ACCESS | DUPLICATE_CLOSE_SOURCE
|
|
);
|
|
|
|
if (!Success) {
|
|
ErrorExit("Could Not Create Parent-->Child Pipe");
|
|
}
|
|
|
|
//
|
|
//Create ChildStdOut/stderr to Parent_Read pipe
|
|
//
|
|
|
|
Success = MyCreatePipeEx(
|
|
&hReadChild,
|
|
&ChildOut,
|
|
&lsa,
|
|
0,
|
|
FILE_FLAG_OVERLAPPED,
|
|
0) &&
|
|
|
|
DuplicateHandle(
|
|
GetCurrentProcess(),
|
|
hReadChild,
|
|
GetCurrentProcess(),
|
|
outH,
|
|
0, // ignored b/c SAME_ACCESS
|
|
FALSE, // not inheritable
|
|
DUPLICATE_SAME_ACCESS | DUPLICATE_CLOSE_SOURCE
|
|
) &&
|
|
|
|
DuplicateHandle(
|
|
GetCurrentProcess(),
|
|
ChildOut,
|
|
GetCurrentProcess(),
|
|
&ChildOutDup,
|
|
0, // ignored b/c SAME_ACCESS
|
|
TRUE, // inheritable
|
|
DUPLICATE_SAME_ACCESS
|
|
);
|
|
|
|
if (!Success) {
|
|
ErrorExit("Could Not Create Child-->Parent Pipe");
|
|
}
|
|
|
|
ZeroMemory(&si, sizeof(si));
|
|
si.cb = sizeof(STARTUPINFO);
|
|
si.dwFlags = STARTF_USESTDHANDLES;
|
|
si.hStdInput = ChildIn;
|
|
si.hStdOutput = ChildOut;
|
|
si.hStdError = ChildOutDup;
|
|
si.wShowWindow = SW_SHOW;
|
|
|
|
//
|
|
// Create Child Process
|
|
//
|
|
|
|
if ( ! CreateProcess(
|
|
NULL,
|
|
cmd,
|
|
NULL,
|
|
NULL,
|
|
TRUE,
|
|
GetPriorityClass( GetCurrentProcess() ),
|
|
NULL,
|
|
NULL,
|
|
&si,
|
|
&pi)) {
|
|
|
|
if (GetLastError()==2) {
|
|
printf("Executable %s not found\n",cmd);
|
|
} else {
|
|
printf("CreateProcess(%s) failed, error %d.\n", cmd, GetLastError());
|
|
}
|
|
ErrorExit("Could Not Create Child Process");
|
|
}
|
|
|
|
//
|
|
// Close unneccesary Handles
|
|
//
|
|
|
|
CloseHandle(ChildIn);
|
|
CloseHandle(ChildOut);
|
|
CloseHandle(ChildOutDup);
|
|
CloseHandle(pi.hThread);
|
|
|
|
pidChild = pi.dwProcessId;
|
|
|
|
return(pi.hProcess);
|
|
}
|
|
|
|
//
|
|
// SendStatus runs as its own thread, with C runtime available.
|
|
//
|
|
|
|
DWORD
|
|
WINAPI
|
|
SendStatus(
|
|
LPVOID lpSendStatusParm
|
|
)
|
|
{
|
|
HANDLE hClientPipe = (HANDLE) lpSendStatusParm;
|
|
char *pch;
|
|
DWORD tmp;
|
|
PREMOTE_CLIENT pClient;
|
|
OVERLAPPED ol;
|
|
char buff[2048];
|
|
char szSep[] = " ------------------------------\n";
|
|
|
|
//
|
|
// Since we're in our own thread we need our own
|
|
// overlapped structure for our client pipe writes.
|
|
//
|
|
|
|
ZeroMemory(&ol, sizeof(ol));
|
|
|
|
ol.hEvent = CreateEvent(
|
|
NULL, // security
|
|
TRUE, // auto-reset
|
|
FALSE, // initially nonsignaled
|
|
NULL // unnamed
|
|
);
|
|
|
|
//
|
|
// Dump the closing client list
|
|
//
|
|
|
|
pch = buff;
|
|
|
|
EnterCriticalSection(&csClosingClientList);
|
|
|
|
for (pClient = (PREMOTE_CLIENT) ClosingClientListHead.Flink;
|
|
pClient != (PREMOTE_CLIENT) &ClosingClientListHead;
|
|
pClient = (PREMOTE_CLIENT) pClient->Links.Flink ) {
|
|
|
|
if (pch + 60 > buff + sizeof(buff)) {
|
|
|
|
break;
|
|
}
|
|
|
|
pch += sprintf(pch, "%d: %s %s (Disconnected)\n", pClient->dwID, pClient->Name, pClient->UserName);
|
|
}
|
|
|
|
LeaveCriticalSection(&csClosingClientList);
|
|
|
|
WriteFileSynch(hClientPipe, buff, (DWORD)(pch - buff), &tmp, 0, &ol);
|
|
|
|
WriteFileSynch(hClientPipe, szSep, sizeof(szSep) - 1, &tmp, 0, &ol);
|
|
|
|
//
|
|
// Dump the normal client list
|
|
//
|
|
|
|
pch = buff;
|
|
|
|
EnterCriticalSection(&csClientList);
|
|
|
|
for (pClient = (PREMOTE_CLIENT) ClientListHead.Flink;
|
|
pClient != (PREMOTE_CLIENT) &ClientListHead;
|
|
pClient = (PREMOTE_CLIENT) pClient->Links.Flink ) {
|
|
|
|
if (pch + 60 > buff + sizeof(buff)) {
|
|
|
|
break;
|
|
}
|
|
|
|
pch += sprintf(pch, "%d: %s %s\n", pClient->dwID, pClient->Name, pClient->UserName);
|
|
}
|
|
|
|
LeaveCriticalSection(&csClientList);
|
|
|
|
WriteFileSynch(hClientPipe, buff, (DWORD)(pch - buff), &tmp, 0, &ol);
|
|
|
|
WriteFileSynch(hClientPipe, szSep, sizeof(szSep) - 1, &tmp, 0, &ol);
|
|
|
|
//
|
|
// Dump the handshaking client list
|
|
//
|
|
|
|
pch = buff;
|
|
|
|
EnterCriticalSection(&csHandshakingList);
|
|
|
|
for (pClient = (PREMOTE_CLIENT) HandshakingListHead.Flink;
|
|
pClient != (PREMOTE_CLIENT) &HandshakingListHead;
|
|
pClient = (PREMOTE_CLIENT) pClient->Links.Flink ) {
|
|
|
|
if (pch + 60 > buff + sizeof(buff)) {
|
|
|
|
break;
|
|
}
|
|
|
|
pch += sprintf(pch, "%d: %s %s (Connecting)\n", pClient->dwID, pClient->Name, pClient->UserName);
|
|
}
|
|
|
|
LeaveCriticalSection(&csHandshakingList);
|
|
|
|
WriteFileSynch(hClientPipe, buff, (DWORD)(pch - buff), &tmp, 0, &ol);
|
|
|
|
WriteFileSynch(hClientPipe, szSep, sizeof(szSep) - 1, &tmp, 0, &ol);
|
|
|
|
//
|
|
// Dump summary information.
|
|
//
|
|
|
|
pch = buff;
|
|
|
|
pch += sprintf(pch, "REMOTE /C %s \"%s\"\n", HostName, PipeName);
|
|
pch += sprintf(pch, "Command: %s\n", ChildCmd);
|
|
pch += sprintf(pch, "Windows NT %d.%d build %d \n",
|
|
OsVersionInfo.dwMajorVersion,
|
|
OsVersionInfo.dwMinorVersion,
|
|
OsVersionInfo.dwBuildNumber);
|
|
|
|
WriteFileSynch(hClientPipe, buff, (DWORD)(pch - buff), &tmp, 0, &ol);
|
|
|
|
WriteFileSynch(hClientPipe, szSep, sizeof(szSep) - 1, &tmp, 0, &ol);
|
|
|
|
CloseHandle(ol.hEvent);
|
|
|
|
return 0;
|
|
}
|
|
|
|
/*************************************************************/
|
|
|
|
DWORD // NO CRT for ShowPopup
|
|
WINAPI
|
|
ShowPopup(
|
|
void *vpArg
|
|
)
|
|
{
|
|
char *msg = (char *) vpArg;
|
|
|
|
MessageBox(GetActiveWindow(),msg,"** REMOTE.EXE **",MB_OK|MB_SETFOREGROUND);
|
|
HeapFree(hHeap, 0, msg);
|
|
return(0);
|
|
}
|
|
|
|
/*************************************************************/
|
|
|
|
//
|
|
// SrvCtrlHand is the console event handler for the server side
|
|
// of remote. If our stdin is a console handle, we've disabled
|
|
// generation of ^C events by the console code. Therefore
|
|
// any we see are either generated by us for the benefit of
|
|
// our child processes sharing the console, or generated by
|
|
// some other process. We want to ignore the ones we generate
|
|
// (since we're already done with everything that needs to be
|
|
// done at that point), and also ignore ^C's generated by
|
|
// other processes since we don't need to do anything with those.
|
|
// For example if someone runs:
|
|
//
|
|
// remote /s "remote /s cmd inner" outer
|
|
//
|
|
// Then local keyboard ^C's will be read by the outer remote.exe
|
|
// from its stdin handle, then it will generate a CTRL_C_EVENT that
|
|
// all processes in the console will see, including both remote.exe's
|
|
// and the child cmd.exe. So the handler needs do nothing but indicate
|
|
// the event was handled by returning TRUE so the default handler
|
|
// won't kill us. For ^BREAK we want to specifically kill our child
|
|
// process so that cmd.exe and others that ignore ^BREAK will go away.
|
|
// Of course this won't kill our grandchildren and so on. Oh well.
|
|
//
|
|
// For all other events we return FALSE and let the default handler
|
|
// have it.
|
|
//
|
|
|
|
BOOL
|
|
WINAPI
|
|
SrvCtrlHand(
|
|
DWORD event
|
|
)
|
|
{
|
|
BOOL bRet = FALSE;
|
|
DWORD cb;
|
|
DWORD dwTempFileOffset;
|
|
OVERLAPPED ol;
|
|
char szTime[64];
|
|
char szCmd[128];
|
|
|
|
if (event == CTRL_BREAK_EVENT) {
|
|
TerminateProcess(ChldProc, 3);
|
|
bRet = TRUE;
|
|
} else if (event == CTRL_C_EVENT) {
|
|
if ( ! cPendingCtrlCEvents ) {
|
|
|
|
//
|
|
// This came from the local keyboard or
|
|
// was generated by another process in
|
|
// this console. Echo it as a local
|
|
// command. We have use GetTimeFormat
|
|
// here not our GetFormattedTime since
|
|
// the latter is for the use of the
|
|
// main thread only.
|
|
//
|
|
|
|
GetTimeFormat(
|
|
LOCALE_USER_DEFAULT,
|
|
TIME_NOSECONDS,
|
|
NULL, // use current time
|
|
NULL, // use default format
|
|
szTime,
|
|
sizeof(szTime)
|
|
);
|
|
|
|
CMDSTRING(szCmd, cb, "^C", pLocalClient, szTime, TRUE);
|
|
|
|
ZeroMemory(&ol, sizeof(ol));
|
|
ol.hEvent =
|
|
CreateEvent(
|
|
NULL, // security
|
|
TRUE, // auto-reset
|
|
FALSE, // initially nonsignaled
|
|
NULL // unnamed
|
|
);
|
|
|
|
//
|
|
// Practically all writes to the tempfile are happening on
|
|
// the primary server thread. We're on a Ctrl-C thread.
|
|
// We can't start the server to client I/O going after
|
|
// writing because we're on the wrong thread, so we
|
|
// punt. To fix this we need an event we can signal
|
|
// that causes the main thread to call StartServerToClientFlow.
|
|
//
|
|
|
|
dwTempFileOffset = dwWriteFilePointer;
|
|
dwWriteFilePointer += cb;
|
|
WriteFileSynch(hWriteTempFile, szCmd, cb, &cb, dwTempFileOffset, &ol);
|
|
// wrong thread // StartServerToClientFlow();
|
|
|
|
CloseHandle(ol.hEvent);
|
|
|
|
} else {
|
|
|
|
//
|
|
// We generated this event in response to a ^C received from
|
|
// a client, it's already been displayed to all clients.
|
|
//
|
|
|
|
cPendingCtrlCEvents--;
|
|
}
|
|
|
|
bRet = TRUE;
|
|
}
|
|
|
|
return bRet;
|
|
}
|
|
|
|
|
|
/*************************************************************/
|
|
|
|
typedef BOOL (STRINGSDTOSDW)(
|
|
LPWSTR String,
|
|
DWORD Version,
|
|
PSECURITY_DESCRIPTOR * pSD,
|
|
PULONG SDSize
|
|
);
|
|
typedef STRINGSDTOSDW * PSTRINGSDTOSDW ;
|
|
|
|
typedef BOOL (SDTOSTRINGSDW)(
|
|
PSECURITY_DESCRIPTOR SD,
|
|
DWORD StringVersion,
|
|
SECURITY_INFORMATION SecInfo,
|
|
LPWSTR * StringDescriptor,
|
|
PULONG Size
|
|
);
|
|
typedef SDTOSTRINGSDW * PSDTOSTRINGSDW ;
|
|
|
|
BOOL
|
|
SddlToSecurityDescriptor(
|
|
LPWSTR String,
|
|
DWORD Version,
|
|
PSECURITY_DESCRIPTOR * pSD,
|
|
PULONG SDSize
|
|
)
|
|
{
|
|
HMODULE hModule ;
|
|
PSTRINGSDTOSDW pStringSecurityDescriptorToSecurityDescriptor ;
|
|
BOOL Success = FALSE ;
|
|
PSECURITY_DESCRIPTOR sd ;
|
|
|
|
hModule = GetModuleHandle( "advapi32.dll" );
|
|
|
|
if ( hModule )
|
|
{
|
|
pStringSecurityDescriptorToSecurityDescriptor = (PSTRINGSDTOSDW) GetProcAddress(
|
|
hModule, "ConvertStringSecurityDescriptorToSecurityDescriptorW" );
|
|
|
|
if ( pStringSecurityDescriptorToSecurityDescriptor )
|
|
{
|
|
Success = pStringSecurityDescriptorToSecurityDescriptor( String, Version, pSD, SDSize);
|
|
return Success ;
|
|
}
|
|
}
|
|
|
|
sd = LocalAlloc( LMEM_FIXED, sizeof( SECURITY_DESCRIPTOR ) );
|
|
|
|
if ( sd )
|
|
{
|
|
InitializeSecurityDescriptor(
|
|
sd,
|
|
SECURITY_DESCRIPTOR_REVISION
|
|
);
|
|
|
|
SetSecurityDescriptorDacl(
|
|
sd,
|
|
TRUE,
|
|
NULL,
|
|
FALSE
|
|
);
|
|
|
|
*pSD = sd ;
|
|
if ( SDSize )
|
|
{
|
|
*SDSize = sizeof( SECURITY_DESCRIPTOR );
|
|
|
|
}
|
|
|
|
return TRUE ;
|
|
}
|
|
|
|
return FALSE ;
|
|
}
|
|
|
|
/*************************************************************/
|
|
|
|
BOOL
|
|
SDtoStringSD(
|
|
PSECURITY_DESCRIPTOR pSD,
|
|
DWORD Version,
|
|
SECURITY_INFORMATION SecInfo,
|
|
LPWSTR * StringSD,
|
|
PULONG StringSize
|
|
)
|
|
{
|
|
HMODULE hModule ;
|
|
PSDTOSTRINGSDW pSDtoStringSD ;
|
|
BOOL Success = FALSE ;
|
|
|
|
hModule = GetModuleHandle( "advapi32.dll" );
|
|
|
|
if ( hModule )
|
|
{
|
|
pSDtoStringSD = (PSDTOSTRINGSDW) GetProcAddress(
|
|
hModule, "ConvertSecurityDescriptorToStringSecurityDescriptorW" );
|
|
|
|
if ( pSDtoStringSD )
|
|
{
|
|
Success = pSDtoStringSD(pSD, Version, SecInfo, StringSD, StringSize );
|
|
|
|
FreeLibrary( hModule );
|
|
|
|
return Success ;
|
|
}
|
|
}
|
|
|
|
return FALSE ;
|
|
}
|
|
|
|
/*************************************************************/
|
|
|
|
PSECURITY_DESCRIPTOR
|
|
FormatSecurityDescriptor(
|
|
CHAR * * DenyNames,
|
|
DWORD DenyCount,
|
|
CHAR * * Names,
|
|
DWORD Count)
|
|
{
|
|
PSECURITY_DESCRIPTOR Sd;
|
|
PACL Acl;
|
|
DWORD i;
|
|
PSID Sids;
|
|
DWORD SidLength ;
|
|
CHAR ReferencedDomain[ MAX_PATH ];
|
|
UCHAR SidBuffer[ 8 * sizeof(DWORD) + 8 ];
|
|
DWORD DomainLen ;
|
|
SID_NAME_USE Use;
|
|
DWORD SdLen;
|
|
|
|
SdLen = sizeof(SECURITY_DESCRIPTOR) +
|
|
DenyCount * (sizeof( ACCESS_DENIED_ACE ) ) +
|
|
DenyCount * GetSidLengthRequired( 8 ) +
|
|
Count * (sizeof( ACCESS_ALLOWED_ACE ) ) + sizeof(ACL) +
|
|
(Count * GetSidLengthRequired( 8 ) );
|
|
|
|
Sd = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, SdLen );
|
|
if ( !Sd ) {
|
|
ErrorExit("Could not allocate SD");
|
|
}
|
|
|
|
InitializeSecurityDescriptor( Sd, SECURITY_DESCRIPTOR_REVISION );
|
|
|
|
Acl = (PACL)( (PUCHAR) Sd + sizeof( SECURITY_DESCRIPTOR) );
|
|
|
|
InitializeAcl( Acl, SdLen - sizeof( SECURITY_DESCRIPTOR) ,
|
|
ACL_REVISION );
|
|
|
|
Sids = SidBuffer;
|
|
for (i = 0 ; i < DenyCount ; i ++ ) {
|
|
SidLength = sizeof( SidBuffer );
|
|
|
|
DomainLen = MAX_PATH ;
|
|
|
|
if (! LookupAccountName(NULL,
|
|
DenyNames[ i ],
|
|
Sids,
|
|
&SidLength,
|
|
ReferencedDomain,
|
|
&DomainLen,
|
|
&Use ) )
|
|
{
|
|
_snprintf( ReferencedDomain, MAX_PATH, "Unable to find account %s", DenyNames[ i ]);
|
|
ErrorExit( ReferencedDomain );
|
|
}
|
|
|
|
//
|
|
// Got the sid. Now, add it as an access denied ace:
|
|
//
|
|
|
|
AddAccessDeniedAce( Acl,
|
|
ACL_REVISION,
|
|
FILE_GENERIC_READ |
|
|
FILE_GENERIC_WRITE |
|
|
FILE_CREATE_PIPE_INSTANCE,
|
|
Sids );
|
|
|
|
|
|
}
|
|
|
|
for (i = 0 ; i < Count ; i ++ ) {
|
|
SidLength = sizeof( SidBuffer );
|
|
|
|
DomainLen = MAX_PATH ;
|
|
|
|
if (! LookupAccountName(NULL,
|
|
Names[ i ],
|
|
Sids,
|
|
&SidLength,
|
|
ReferencedDomain,
|
|
&DomainLen,
|
|
&Use ) )
|
|
{
|
|
_snprintf( ReferencedDomain, MAX_PATH, "Unable to find account %s", Names[ i ]);
|
|
ErrorExit( ReferencedDomain );
|
|
}
|
|
|
|
//
|
|
// Got the sid. Now, add it as an access allowed ace:
|
|
//
|
|
|
|
AddAccessAllowedAce(Acl,
|
|
ACL_REVISION,
|
|
FILE_GENERIC_READ |
|
|
FILE_GENERIC_WRITE |
|
|
FILE_CREATE_PIPE_INSTANCE,
|
|
Sids );
|
|
}
|
|
|
|
//
|
|
// Now the ACL should be complete, so set it into the SD and return:
|
|
//
|
|
|
|
SetSecurityDescriptorDacl( Sd, TRUE, Acl, FALSE );
|
|
|
|
return Sd ;
|
|
}
|
|
|
|
|
|
/*************************************************************/
|
|
|
|
VOID
|
|
CloseClient(
|
|
REMOTE_CLIENT *pClient
|
|
)
|
|
{
|
|
DWORD tmp;
|
|
char Buf[200];
|
|
|
|
#if DBG
|
|
if (pClient->ServerFlags & ~SFLG_VALID) {
|
|
|
|
printf("pClient %p looks nasty in CloseClient.\n", pClient);
|
|
ErrorExit("REMOTE_CLIENT structure corrupt.");
|
|
}
|
|
#endif
|
|
|
|
//
|
|
// If we're still active (on the normal client list)
|
|
// start tearing things down and move to the closing
|
|
// list.
|
|
//
|
|
|
|
if (pClient->ServerFlags & SFLG_CLOSING) {
|
|
return;
|
|
}
|
|
|
|
if (pClient->ServerFlags & SFLG_HANDSHAKING) {
|
|
MoveClientToNormalList(pClient);
|
|
}
|
|
|
|
MoveClientToClosingList(pClient);
|
|
|
|
pClient->ServerFlags |= SFLG_CLOSING;
|
|
|
|
|
|
if (pClient->PipeWriteH != INVALID_HANDLE_VALUE) {
|
|
TRACE(CONNECT, ("Disconnecting %d PipeWriteH (%p).\n", pClient->dwID, pClient->PipeWriteH));
|
|
CancelIo(pClient->PipeWriteH);
|
|
DisconnectNamedPipe(pClient->PipeWriteH);
|
|
CloseHandle(pClient->PipeWriteH);
|
|
}
|
|
|
|
if (pClient->PipeReadH != INVALID_HANDLE_VALUE &&
|
|
pClient->PipeReadH != pClient->PipeWriteH) {
|
|
|
|
TRACE(CONNECT, ("Disconnecting %d PipeReadH (%p).\n", pClient->dwID, pClient->PipeReadH));
|
|
CancelIo(pClient->PipeReadH);
|
|
DisconnectNamedPipe(pClient->PipeReadH);
|
|
CloseHandle(pClient->PipeReadH);
|
|
}
|
|
|
|
|
|
if (pClient->rSaveFile != INVALID_HANDLE_VALUE) {
|
|
CancelIo(pClient->rSaveFile);
|
|
CloseHandle(pClient->rSaveFile);
|
|
}
|
|
|
|
pClient->rSaveFile =
|
|
pClient->PipeWriteH =
|
|
pClient->PipeReadH =
|
|
INVALID_HANDLE_VALUE;
|
|
|
|
|
|
if ( ! bShuttingDownServer ) {
|
|
ZeroMemory(Buf, sizeof(Buf));
|
|
_snprintf(Buf, sizeof(Buf)-1, "\n**Remote: Disconnected from %s %s [%s]\n", pClient->Name, pClient->UserName, GetFormattedTime(TRUE));
|
|
|
|
if (WriteFileSynch(hWriteTempFile,Buf,strlen(Buf),&tmp,dwWriteFilePointer,&olMainThread)) {
|
|
dwWriteFilePointer += tmp;
|
|
StartServerToClientFlow();
|
|
}
|
|
}
|
|
|
|
return;
|
|
}
|
|
|
|
BOOL
|
|
FASTCALL
|
|
HandleSessionError(
|
|
PREMOTE_CLIENT pClient,
|
|
DWORD dwError
|
|
)
|
|
{
|
|
if (pClient->ServerFlags & SFLG_CLOSING) {
|
|
return TRUE;
|
|
}
|
|
|
|
if (dwError) {
|
|
if (ERROR_BROKEN_PIPE == dwError ||
|
|
ERROR_OPERATION_ABORTED == dwError ||
|
|
ERROR_NO_DATA == dwError )
|
|
{
|
|
CloseClient(pClient);
|
|
return TRUE;
|
|
}
|
|
|
|
SetLastError(dwError);
|
|
ErrorExit("Unhandled session error.");
|
|
}
|
|
|
|
return FALSE;
|
|
}
|
|
|
|
|
|
VOID
|
|
FASTCALL
|
|
CleanupTempFiles(
|
|
PSZ pszTempDir
|
|
)
|
|
{
|
|
HANDLE hSearch;
|
|
WIN32_FIND_DATA FindData;
|
|
char szPath[MAX_PATH + 1] = {0};
|
|
char szFile[MAX_PATH + 1];
|
|
|
|
//
|
|
// pszTempDir, from GetTempPath, has a trailing backslash.
|
|
//
|
|
|
|
_snprintf(szPath, sizeof(szPath)-1, "%sREM*.tmp", pszTempDir);
|
|
|
|
hSearch = FindFirstFile(szPath, &FindData);
|
|
|
|
if (INVALID_HANDLE_VALUE != hSearch) {
|
|
do {
|
|
ZeroMemory(szFile, sizeof(szFile));
|
|
_snprintf(szFile, sizeof(szFile)-1, "%s%s", pszTempDir, FindData.cFileName);
|
|
|
|
DeleteFile(szFile);
|
|
} while (FindNextFile(hSearch, &FindData));
|
|
|
|
FindClose(hSearch);
|
|
}
|
|
}
|
|
|
|
VOID
|
|
SaveDacl(
|
|
PSECURITY_DESCRIPTOR psd
|
|
)
|
|
{
|
|
HKEY hKey ;
|
|
int err ;
|
|
DWORD disp ;
|
|
LPWSTR StringSD ;
|
|
DWORD StringLen;
|
|
|
|
err = RegCreateKeyExW(
|
|
HKEY_LOCAL_MACHINE,
|
|
REGISTRY_PATH,
|
|
0,
|
|
NULL,
|
|
REG_OPTION_NON_VOLATILE,
|
|
KEY_WRITE,
|
|
NULL,
|
|
&hKey,
|
|
&disp );
|
|
|
|
if ( err == 0 ) {
|
|
if ( SDtoStringSD(sdPublic, 1, DACL_SECURITY_INFORMATION, &StringSD, &StringLen ) ) {
|
|
err = RegSetValueExW(
|
|
hKey,
|
|
REGISTRY_VALUE,
|
|
0,
|
|
REG_SZ,
|
|
(LPBYTE) StringSD,
|
|
StringLen * sizeof(WCHAR) );
|
|
}
|
|
|
|
RegCloseKey( hKey );
|
|
}
|
|
}
|
|
|
|
#pragma prefast(push)
|
|
#pragma prefast(disable: 248) // NULL dacl is by design here, really
|
|
VOID
|
|
FASTCALL
|
|
SetupSecurityDescriptors(
|
|
VOID
|
|
)
|
|
{
|
|
int i;
|
|
int err ;
|
|
HKEY hKey ;
|
|
PWSTR TextSD ;
|
|
DWORD Type ;
|
|
DWORD Size ;
|
|
PSID Everyone ;
|
|
PACL pDacl ;
|
|
SID_IDENTIFIER_AUTHORITY World = SECURITY_WORLD_SID_AUTHORITY ;
|
|
PSECURITY_DESCRIPTOR psd ;
|
|
|
|
pDacl = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, 12 + sizeof( ACCESS_ALLOWED_ACE ) + sizeof( ACL ));
|
|
psd = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, sizeof( SECURITY_DESCRIPTOR ));
|
|
|
|
//
|
|
// initialize the struct
|
|
//
|
|
saLocalNamedObjects.nLength = sizeof( SECURITY_ATTRIBUTES );
|
|
|
|
if ( (pDacl != NULL) && (psd != NULL ) ) {
|
|
if ( AllocateAndInitializeSid(&World, 1, SECURITY_WORLD_RID, 0, 0, 0, 0, 0, 0, 0, &Everyone) ) {
|
|
InitializeAcl(pDacl, 12 + sizeof( ACCESS_ALLOWED_ACE ) + sizeof( ACL ), ACL_REVISION);
|
|
|
|
AddAccessAllowedAce(pDacl, ACL_REVISION,
|
|
EVENT_ALL_ACCESS | MUTEX_ALL_ACCESS | SYNCHRONIZE, Everyone );
|
|
|
|
InitializeSecurityDescriptor(psd, SECURITY_DESCRIPTOR_REVISION );
|
|
|
|
SetSecurityDescriptorDacl( psd, TRUE, pDacl, FALSE );
|
|
|
|
saLocalNamedObjects.bInheritHandle = FALSE ;
|
|
saLocalNamedObjects.lpSecurityDescriptor = psd ;
|
|
|
|
HeapFree(GetProcessHeap(), 0, Everyone );
|
|
}
|
|
}
|
|
|
|
//
|
|
// Initialize the wide-open security descriptor.
|
|
//
|
|
|
|
if ( !SddlToSecurityDescriptor(DEFAULT_SECURITY_DESCRIPTOR, 1, &sdPublic, NULL ) ) {
|
|
sdPublic = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, sizeof( SECURITY_DESCRIPTOR ) );
|
|
|
|
if ( sdPublic ) {
|
|
InitializeSecurityDescriptor( sdPublic, SECURITY_DESCRIPTOR_REVISION );
|
|
SetSecurityDescriptorDacl( sdPublic, TRUE, NULL, FALSE );
|
|
}
|
|
}
|
|
|
|
saPublic.nLength = sizeof(saPublic);
|
|
saPublic.lpSecurityDescriptor = sdPublic;
|
|
|
|
//
|
|
// if /u was specified once or more, build the security descriptor to
|
|
// enforce it.
|
|
//
|
|
|
|
saPipe.nLength = sizeof(saPipe);
|
|
|
|
if ( DaclNameCount || DaclDenyNameCount ) {
|
|
saPipe.lpSecurityDescriptor =
|
|
FormatSecurityDescriptor( DaclDenyNames, DaclDenyNameCount, DaclNames, DaclNameCount );
|
|
|
|
if ( SaveDaclToRegistry ) {
|
|
SaveDacl( saPipe.lpSecurityDescriptor );
|
|
}
|
|
|
|
if (DaclNameCount) {
|
|
fputs( "\nProtected Server! Only the following users or groups can connect:\n", stdout );
|
|
|
|
for (i = 0 ; i < (int) DaclNameCount ; i++) {
|
|
printf( " %s\n", DaclNames[i] );
|
|
}
|
|
}
|
|
|
|
if (DaclDenyNameCount) {
|
|
fputs("The following users or groups explicitly cannot connect:\n", stdout );
|
|
|
|
for (i = 0 ; i < (int) DaclDenyNameCount ; i++) {
|
|
printf(" %s\n", DaclDenyNames[i] );
|
|
}
|
|
}
|
|
} else {
|
|
|
|
saPipe.lpSecurityDescriptor = sdPublic;
|
|
|
|
err = RegOpenKeyExW(
|
|
HKEY_LOCAL_MACHINE,
|
|
REGISTRY_PATH,
|
|
0,
|
|
KEY_READ,
|
|
&hKey );
|
|
|
|
if ( err == 0 ) {
|
|
err = RegQueryValueExW(
|
|
hKey,
|
|
REGISTRY_VALUE,
|
|
0,
|
|
&Type,
|
|
NULL,
|
|
&Size );
|
|
|
|
if ( err != ERROR_FILE_NOT_FOUND ) {
|
|
TextSD = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, Size );
|
|
|
|
if ( TextSD ) {
|
|
err = RegQueryValueExW(
|
|
hKey,
|
|
REGISTRY_VALUE,
|
|
0,
|
|
&Type,
|
|
(LPBYTE) TextSD,
|
|
&Size );
|
|
|
|
if ( err == 0 ) {
|
|
SddlToSecurityDescriptor(
|
|
TextSD, 1, &saPipe.lpSecurityDescriptor, NULL );
|
|
}
|
|
}
|
|
}
|
|
|
|
RegCloseKey( hKey );
|
|
}
|
|
}
|
|
}
|
|
#pragma prefast(pop)
|