archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
9 Commits
1 Branch
0 Tags
2.0 GiB
Tree: 75c48ba87f
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '75c48ba87f'
${ noResults }
windows-xp/Source/XPSP1/NT/base/subsys/sm/server/smloop.c

793 lines
21 KiB
Raw Normal View History

Add source files
4 years ago
  1. /*++
  3. Copyright (c) 1989 Microsoft Corporation
  5. Module Name:
  7. smloop.c
  9. Abstract:
  11. Session Manager Listen and API loops
  13. Author:
  15. Mark Lucovsky (markl) 04-Oct-1989
  17. Revision History:
  19. --*/
  21. #include "smsrvp.h"
  23. #include <ntosp.h> // Only for the interlocked functions.
  26. #define SM_WORKER_THREADS_LIMIT 4
  28. ULONG_PTR SmUniqueProcessId;
  30. LONG SmpCurrentThreadsLimit = SM_WORKER_THREADS_LIMIT;
  31. LONG SmWorkerThreadsAvailable = 0;
  32. LONG SmTotalApiThreads = 0;
  34. PSMP_CLIENT_CONTEXT SmpDeferredFreeList = NULL;
  37. NTSTATUS
  38. SmpHandleConnectionRequest(
  39. IN HANDLE ConnectionPort,
  40. IN PSBAPIMSG Message
  41. );
  44. PSMAPI SmpApiDispatch[SmMaxApiNumber] = {
  45. SmpCreateForeignSession,
  46. SmpSessionComplete,
  47. SmpTerminateForeignSession,
  48. SmpExecPgm,
  49. SmpLoadDeferedSubsystem,
  50. SmpStartCsr,
  51. SmpStopCsr
  52. };
  55. #if DBG
  56. PSZ SmpApiName[ SmMaxApiNumber+1 ] = {
  57. "SmCreateForeignSession",
  58. "SmSessionComplete",
  59. "SmTerminateForeignSession",
  60. "SmExecPgm",
  61. "SmLoadDeferedSubsystem",
  62. "SmStartCsr",
  63. "SmStopCsr",
  64. "Unknown Sm Api Number"
  65. };
  66. #endif // DBG
  68. EXCEPTION_DISPOSITION
  69. DbgpUnhandledExceptionFilter(
  70. struct _EXCEPTION_POINTERS *ExceptionInfo
  71. );
  73. VOID
  74. SmpFlushDeferredList()
  75. {
  76. PSMP_CLIENT_CONTEXT Head = SmpDeferredFreeList;
  78. SmpDeferredFreeList = NULL;
  80. while (Head != NULL) {
  82. PSMP_CLIENT_CONTEXT ClientContext = Head;
  83. NTSTATUS Status;
  84. Head = Head->Link;
  86. if (ClientContext->ClientProcessHandle) {
  87. Status = NtClose( ClientContext->ClientProcessHandle );
  88. ASSERT(NT_SUCCESS(Status));
  89. }
  90. Status = NtClose( ClientContext->ServerPortHandle );
  91. ASSERT(NT_SUCCESS(Status));
  92. RtlFreeHeap( SmpHeap, 0, ClientContext );
  93. }
  95. SmpCurrentThreadsLimit = SM_WORKER_THREADS_LIMIT;
  96. }
  98. VOID
  99. SmpPushDeferredClientContext(
  100. PSMP_CLIENT_CONTEXT ClientContext
  101. )
  102. {
  103. PSMP_CLIENT_CONTEXT CapturedHead;
  105. do {
  107. CapturedHead = SmpDeferredFreeList;
  109. ClientContext->Link = CapturedHead;
  111. } while ( InterlockedCompareExchangePointer(&SmpDeferredFreeList, ClientContext, CapturedHead) != CapturedHead );
  113. SmpCurrentThreadsLimit = 1;
  114. }
  118. NTSTATUS
  119. SmpApiLoop (
  120. IN PVOID ThreadParameter
  121. )
  123. /*++
  125. Routine Description:
  127. This is the main Session Manager API Loop. It
  128. services session manager API requests.
  130. Arguments:
  132. ThreadParameter - Supplies a handle to the API port used
  133. to receive session manager API requests.
  135. Return Value:
  137. None.
  139. --*/
  141. {
  142. PSMAPIMSG SmApiReplyMsg;
  143. SMMESSAGE_SIZE MsgBuf;
  145. PSMAPIMSG SmApiMsg;
  146. NTSTATUS Status;
  147. HANDLE ConnectionPort;
  148. PSMP_CLIENT_CONTEXT ClientContext;
  149. PSMPKNOWNSUBSYS KnownSubSys;
  150. PROCESS_BASIC_INFORMATION ProcessInfo;
  152. InterlockedIncrement(&SmTotalApiThreads);
  154. RtlSetThreadIsCritical(TRUE, NULL, TRUE);
  156. NtQueryInformationProcess( NtCurrentProcess(),
  157. ProcessBasicInformation,
  158. &ProcessInfo,
  159. sizeof(ProcessInfo),
  160. NULL );
  161. SmUniqueProcessId = ProcessInfo.UniqueProcessId;
  163. ConnectionPort = (HANDLE) ThreadParameter;
  165. SmApiMsg = (PSMAPIMSG)&MsgBuf;
  166. SmApiReplyMsg = NULL;
  167. try {
  168. for(;;) {
  170. {
  171. LONG CapturedThreads;
  173. do {
  175. CapturedThreads = SmWorkerThreadsAvailable;
  177. if (CapturedThreads >= SmpCurrentThreadsLimit) {
  179. if (SmApiReplyMsg) {
  181. Status = NtReplyPort(
  182. ConnectionPort,
  183. (PPORT_MESSAGE) SmApiReplyMsg
  184. );
  186. }
  188. InterlockedDecrement(&SmTotalApiThreads);
  189. RtlSetThreadIsCritical(FALSE, NULL, TRUE);
  191. RtlExitUserThread(STATUS_SUCCESS);
  193. //
  194. // RtlExitUserThread never returns
  195. //
  196. }
  198. } while ( InterlockedCompareExchange(&SmWorkerThreadsAvailable, CapturedThreads + 1, CapturedThreads) != CapturedThreads);
  200. }
  202. if (SmTotalApiThreads == 1) {
  204. SmpFlushDeferredList();
  205. }
  207. Status = NtReplyWaitReceivePort(
  208. ConnectionPort,
  209. (PVOID *) &ClientContext,
  210. (PPORT_MESSAGE) SmApiReplyMsg,
  211. (PPORT_MESSAGE) SmApiMsg
  212. );
  214. //
  215. // Launching at the same time a several subsystems can deadlock smss
  216. // if it has only two worker threads.
  217. // We create more threads if there is no server thread available
  218. //
  220. if (InterlockedDecrement(&SmWorkerThreadsAvailable) == 0) {
  222. NTSTATUS st = RtlCreateUserThread(
  223. NtCurrentProcess(),
  224. NULL,
  225. FALSE,
  226. 0L,
  227. 0L,
  228. 0L,
  229. SmpApiLoop,
  230. (PVOID) ThreadParameter,
  231. NULL,
  232. NULL
  233. );
  234. }
  236. if ( !NT_SUCCESS(Status) ) {
  237. SmApiReplyMsg = NULL;
  238. continue;
  239. } else if ( SmApiMsg->h.u2.s2.Type == LPC_CONNECTION_REQUEST ) {
  240. SmpHandleConnectionRequest( ConnectionPort,
  241. (PSBAPIMSG) SmApiMsg
  242. );
  243. SmApiReplyMsg = NULL;
  244. } else if ( SmApiMsg->h.u2.s2.Type == LPC_PORT_CLOSED ) {
  245. if (ClientContext) {
  246. SmpPushDeferredClientContext(ClientContext);
  247. }
  248. SmApiReplyMsg = NULL;
  249. } else {
  251. if ( !ClientContext ) {
  252. SmApiReplyMsg = NULL;
  253. continue;
  254. }
  256. KnownSubSys = ClientContext->KnownSubSys;
  258. SmApiMsg->ReturnedStatus = STATUS_PENDING;
  260. if ((ULONG) SmApiMsg->ApiNumber >= (ULONG) SmMaxApiNumber ) {
  262. Status = STATUS_NOT_IMPLEMENTED;
  264. } else {
  266. switch (SmApiMsg->ApiNumber) {
  267. case SmExecPgmApi :
  268. Status = (SmpApiDispatch[SmApiMsg->ApiNumber])(
  269. SmApiMsg,
  270. ClientContext,
  271. ConnectionPort);
  272. break;
  274. case SmLoadDeferedSubsystemApi :
  275. Status = (SmpApiDispatch[SmApiMsg->ApiNumber])(
  276. SmApiMsg,
  277. ClientContext,
  278. ConnectionPort);
  279. break;
  282. case SmStopCsrApi :
  283. case SmStartCsrApi :
  285. //
  286. // These Api's can only be called from a system process
  287. //
  288. if (ClientContext->SecurityContext == UNKNOWN_CONTEXT) {
  289. //
  290. // Initialize the client security context
  291. //
  292. ClientContext->SecurityContext =
  293. SmpClientSecurityContext ((PPORT_MESSAGE)SmApiMsg,
  294. ClientContext->ServerPortHandle);
  295. }
  297. if (ClientContext->SecurityContext == SYSTEM_CONTEXT) {
  299. Status = (SmpApiDispatch[SmApiMsg->ApiNumber])(
  300. SmApiMsg,
  301. ClientContext,
  302. ConnectionPort);
  304. } else {
  305. #if DBG
  306. KdPrint(("SMSS: Calling Sm Terminal Server Api from Non-System context.Status = STATUS_ACCESS_DENIED\n"));
  307. #endif
  309. Status = STATUS_ACCESS_DENIED;
  311. }
  312. break;
  314. case SmCreateForeignSessionApi :
  315. case SmSessionCompleteApi :
  316. case SmTerminateForeignSessionApi :
  317. if (!KnownSubSys) {
  318. Status = STATUS_INVALID_PARAMETER;
  319. } else {
  321. Status =
  322. (SmpApiDispatch[SmApiMsg->ApiNumber])(
  323. SmApiMsg,
  324. ClientContext,
  325. ConnectionPort);
  326. }
  327. break;
  329. }
  331. }
  333. SmApiMsg->ReturnedStatus = Status;
  334. SmApiReplyMsg = SmApiMsg;
  335. }
  336. }
  337. } except (DbgpUnhandledExceptionFilter( GetExceptionInformation() )) {
  338. ;
  339. }
  341. //
  342. // Make the compiler happy
  343. //
  345. return STATUS_UNSUCCESSFUL;
  346. }
  349. NTSTATUS
  350. SmpHandleConnectionRequest(
  351. IN HANDLE ConnectionPort,
  352. IN PSBAPIMSG Message
  353. )
  355. /*++
  357. Routine Description:
  359. This routine handles connection requests from either known subsystems,
  360. or other clients. Other clients are admin processes.
  362. The protocol for connection from a known subsystem is:
  364. capture the name of the subsystem's Sb API port
  366. Accept the connection
  368. Connect to the subsystems Sb API port
  370. Store the communication port handle in the known subsystem database
  372. signal the event associated with the known subsystem
  374. The protocol for others is to simply validate and accept the connection
  375. request.
  377. Arguments:
  379. Return Value:
  381. None.
  383. --*/
  385. {
  386. NTSTATUS st;
  387. HANDLE CommunicationPort;
  388. REMOTE_PORT_VIEW ClientView;
  389. PSBCONNECTINFO ConnectInfo;
  390. ULONG ConnectInfoLength;
  391. PSMPKNOWNSUBSYS KnownSubSys, KnownSubSys2;
  392. BOOLEAN Accept;
  393. UNICODE_STRING SubSystemPort;
  394. SECURITY_QUALITY_OF_SERVICE DynamicQos;
  395. PSMP_CLIENT_CONTEXT ClientContext;
  396. OBJECT_ATTRIBUTES ObjA;
  397. HANDLE ClientProcessHandle=NULL;
  398. ULONG MuSessionId = 0;
  400. //
  401. // Set up the security quality of service parameters to use over the
  402. // sb API port. Use the most efficient (least overhead) - which is dynamic
  403. // rather than static tracking.
  404. //
  406. DynamicQos.ImpersonationLevel = SecurityIdentification;
  407. DynamicQos.ContextTrackingMode = SECURITY_DYNAMIC_TRACKING;
  408. DynamicQos.EffectiveOnly = TRUE;
  411. Accept = TRUE; // Assume we will accept
  412. //
  413. // Get MuSessionId of the client if session manager is not connecting to itself
  414. //
  415. if ( (ULONG_PTR) Message->h.ClientId.UniqueProcess == SmUniqueProcessId ) {
  416. KnownSubSys = NULL;
  417. ClientProcessHandle = NULL;
  418. } else {
  419. InitializeObjectAttributes( &ObjA, NULL, 0, NULL, NULL );
  420. st = NtOpenProcess( &ClientProcessHandle, PROCESS_QUERY_INFORMATION,
  421. &ObjA, &Message->h.ClientId );
  422. if (NT_SUCCESS (st)) {
  423. SmpGetProcessMuSessionId( ClientProcessHandle, &MuSessionId );
  424. } else {
  425. Accept = FALSE;
  426. }
  427. }
  429. ConnectInfo = &Message->ConnectionRequest;
  430. KnownSubSys = SmpLocateKnownSubSysByCid(&Message->h.ClientId);
  432. if ( (KnownSubSys) && (Accept == TRUE) ) {
  433. KnownSubSys2 = SmpLocateKnownSubSysByType(MuSessionId, ConnectInfo->SubsystemImageType);
  436. if (KnownSubSys2 == KnownSubSys ) {
  437. Accept = FALSE;
  438. KdPrint(("SMSS: Connection from SubSystem rejected\n"));
  439. KdPrint(("SMSS: Image type already being served\n"));
  440. } else {
  441. KnownSubSys->ImageType = ConnectInfo->SubsystemImageType;
  442. }
  443. if (KnownSubSys2) {
  444. RtlEnterCriticalSection( &SmpKnownSubSysLock );
  445. SmpDeferenceKnownSubSys(KnownSubSys2);
  446. RtlLeaveCriticalSection( &SmpKnownSubSysLock );
  447. }
  448. }
  450. if (Accept) {
  451. ClientContext = RtlAllocateHeap(SmpHeap, MAKE_TAG( SM_TAG ), sizeof(SMP_CLIENT_CONTEXT));
  452. if ( ClientContext ) {
  453. ClientContext->ClientProcessHandle = ClientProcessHandle;
  454. ClientContext->KnownSubSys = KnownSubSys;
  456. //
  457. // The sm apis used by Terminal Server to start and stop CSR
  458. // do not get called from known subsystems and are restricted
  459. // to system processes only.
  460. //
  462. ClientContext->SecurityContext = UNKNOWN_CONTEXT;
  463. ClientContext->ServerPortHandle = NULL;
  464. } else {
  465. Accept = FALSE;
  466. }
  467. }
  469. ClientView.Length = sizeof(ClientView);
  470. st = NtAcceptConnectPort(
  471. &CommunicationPort,
  472. ClientContext,
  473. (PPORT_MESSAGE)Message,
  474. Accept,
  475. NULL,
  476. &ClientView
  477. );
  479. if ( Accept ) {
  481. if (NT_SUCCESS (st)) {
  482. if (ClientContext) {
  484. ClientContext->ServerPortHandle = CommunicationPort;
  486. }
  489. if ( KnownSubSys ) {
  490. KnownSubSys->SmApiCommunicationPort = CommunicationPort;
  491. }
  493. st = NtCompleteConnectPort(CommunicationPort);
  494. if (!NT_SUCCESS(st)) {
  496. if ( KnownSubSys ) {
  497. KnownSubSys->SmApiCommunicationPort = NULL;
  498. RtlEnterCriticalSection( &SmpKnownSubSysLock );
  499. SmpDeferenceKnownSubSys(KnownSubSys);
  500. RtlLeaveCriticalSection( &SmpKnownSubSysLock );
  501. }
  503. return st;
  504. }
  506. //
  507. // Connect Back to subsystem.
  508. //
  510. if ( KnownSubSys ) {
  511. ConnectInfo->EmulationSubSystemPortName[
  512. sizeof (ConnectInfo->EmulationSubSystemPortName)/sizeof (WCHAR) - 1] = '\0';
  513. RtlCreateUnicodeString( &SubSystemPort,
  514. ConnectInfo->EmulationSubSystemPortName
  515. );
  516. ConnectInfoLength = sizeof( *ConnectInfo );
  518. st = NtConnectPort(
  519. &KnownSubSys->SbApiCommunicationPort,
  520. &SubSystemPort,
  521. &DynamicQos,
  522. NULL,
  523. NULL,
  524. NULL,
  525. NULL,
  526. NULL
  527. );
  528. if ( !NT_SUCCESS(st) ) {
  529. KdPrint(("SMSS: Connect back to Sb %wZ failed %lx\n",&SubSystemPort,st));
  530. }
  532. RtlFreeUnicodeString( &SubSystemPort );
  533. NtSetEvent(KnownSubSys->Active,NULL);
  534. }
  535. } else {
  536. if (ClientProcessHandle) {
  537. NtClose( ClientProcessHandle );
  538. }
  539. RtlFreeHeap( SmpHeap, 0, ClientContext );
  540. }
  541. } else {
  542. if (ClientProcessHandle) {
  543. NtClose( ClientProcessHandle );
  544. }
  545. }
  546. if (KnownSubSys) {
  547. RtlEnterCriticalSection( &SmpKnownSubSysLock );
  548. SmpDeferenceKnownSubSys(KnownSubSys);
  549. RtlLeaveCriticalSection( &SmpKnownSubSysLock );
  550. }
  552. return st;
  553. }
  556. PSMPKNOWNSUBSYS
  557. SmpLocateKnownSubSysByCid(
  558. IN PCLIENT_ID ClientId
  559. )
  561. /*++
  563. Routine Description:
  565. This function scans the known subsystem table looking for
  566. a matching client id (just UniqueProcess portion). If found,
  567. than the connection request is from a known subsystem and
  568. accept is always granted. Otherwise, it must be an administrative
  569. process.
  571. Arguments:
  573. ClientId - Supplies the ClientId whose UniqueProcess field is to be used
  574. in the known subsystem scan.
  576. Return Value:
  578. NULL - The ClientId does not match a known subsystem.
  580. NON-NULL - Returns the address of the known subsystem.
  582. --*/
  584. {
  586. PSMPKNOWNSUBSYS KnownSubSys = NULL;
  587. PLIST_ENTRY Next;
  589. //
  590. // Acquire known subsystem lock.
  591. //
  593. RtlEnterCriticalSection(&SmpKnownSubSysLock);
  595. Next = SmpKnownSubSysHead.Flink;
  597. while ( Next != &SmpKnownSubSysHead ) {
  599. KnownSubSys = CONTAINING_RECORD(Next,SMPKNOWNSUBSYS,Links);
  600. Next = Next->Flink;
  603. if ( (KnownSubSys->InitialClientId.UniqueProcess == ClientId->UniqueProcess) &&
  604. !KnownSubSys->Deleting ) {
  605. SmpReferenceKnownSubSys(KnownSubSys);
  606. break;
  607. } else {
  608. KnownSubSys = NULL;
  609. }
  610. }
  612. //
  613. // Unlock known subsystems.
  614. //
  616. RtlLeaveCriticalSection(&SmpKnownSubSysLock);
  618. return KnownSubSys;
  619. }
  622. PSMPKNOWNSUBSYS
  623. SmpLocateKnownSubSysByType(
  624. IN ULONG MuSessionId,
  625. IN ULONG ImageType
  626. )
  628. /*++
  630. Routine Description:
  632. This function scans the known subsystem table looking for
  633. a matching image type.
  635. Arguments:
  637. ImageType - Supplies the image type whose subsystem is to be located.
  639. Return Value:
  641. NULL - The image type does not match a known subsystem.
  643. NON-NULL - Returns the address of the known subsystem.
  645. --*/
  647. {
  649. PSMPKNOWNSUBSYS KnownSubSys = NULL;
  650. PLIST_ENTRY Next;
  652. //
  653. // Aquire known subsystem lock
  654. //
  656. RtlEnterCriticalSection(&SmpKnownSubSysLock);
  658. Next = SmpKnownSubSysHead.Flink;
  660. while ( Next != &SmpKnownSubSysHead ) {
  662. KnownSubSys = CONTAINING_RECORD(Next,SMPKNOWNSUBSYS,Links);
  663. Next = Next->Flink;
  666. if ( (KnownSubSys->ImageType == ImageType) &&
  667. !KnownSubSys->Deleting &&
  668. (KnownSubSys->MuSessionId == MuSessionId) ) {
  669. SmpReferenceKnownSubSys(KnownSubSys);
  670. break;
  671. } else {
  672. KnownSubSys = NULL;
  673. }
  674. }
  676. //
  677. // Unlock known subsystems.
  678. //
  680. RtlLeaveCriticalSection(&SmpKnownSubSysLock);
  682. return KnownSubSys;
  683. }
  685. ENUMSECURITYCONTEXT
  686. SmpClientSecurityContext (
  687. IN PPORT_MESSAGE Message,
  688. IN HANDLE ServerPortHandle
  689. )
  690. /*++
  692. Routine Description:
  694. Impersonate the client and check if it is running under system security context
  696. Arguments:
  698. PPORT_MESSAGE - LPC message pointer
  699. ServerPortHandle - LPC Port Handle
  701. Return Value:
  703. SYSTEM_CONTEXT - Client is running under system LUID
  704. NONSYSTEM_CONTEXT - Failure or client is not running under system LUID
  706. --*/
  708. {
  709. NTSTATUS NtStatus ;
  710. HANDLE ImpersonationToken;
  711. HANDLE TokenHandle;
  712. TOKEN_STATISTICS TokenStatisticsInformation;
  713. ULONG Size;
  714. ENUMSECURITYCONTEXT retval = NONSYSTEM_CONTEXT;
  715. LUID SystemAuthenticationId = SYSTEM_LUID;
  718. NtStatus = NtImpersonateClientOfPort(ServerPortHandle,
  719. Message);
  721. if (!NT_SUCCESS(NtStatus)) {
  723. #if DBG
  724. KdPrint(( "SMSS: NtImpersonateClientOfPort failed: 0x%lX\n",
  725. NtStatus)) ;
  726. #endif
  728. return NONSYSTEM_CONTEXT ;
  729. }
  731. //
  732. // Get the Token Handle.
  733. //
  735. if (NT_SUCCESS(NtOpenThreadToken (NtCurrentThread(),
  736. TOKEN_IMPERSONATE | TOKEN_QUERY,
  737. FALSE,
  738. &TokenHandle) == FALSE)) {
  741. if (NT_SUCCESS(NtQueryInformationToken(
  742. TokenHandle,
  743. TokenStatistics,
  744. &TokenStatisticsInformation,
  745. sizeof(TokenStatisticsInformation),
  746. &Size
  747. ))) {
  749. if ( RtlEqualLuid ( &TokenStatisticsInformation.AuthenticationId,
  750. &SystemAuthenticationId ) ) {
  752. retval = SYSTEM_CONTEXT;
  754. }
  757. }
  760. NtClose(TokenHandle);
  763. } else {
  765. #if DBG
  766. KdPrint(( "SMSS: OpenThreadToken failed\n")) ;
  767. #endif
  769. }
  772. //
  773. //Revert to Self
  774. //
  776. ImpersonationToken = 0;
  778. NtStatus = NtSetInformationThread(NtCurrentThread(),
  779. ThreadImpersonationToken,
  780. &ImpersonationToken,
  781. sizeof(HANDLE));
  783. #if DBG
  784. if (!NT_SUCCESS(NtStatus)) {
  785. KdPrint(( "SMSS: NtSetInformationThread : %lx\n", NtStatus));
  786. }
  787. #endif // DBG
  790. return retval;
  793. }