archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
7 Commits
1 Branch
0 Tags
2.0 GiB
Tree: 9769ad7c3d
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '9769ad7c3d'
${ noResults }
windows-xp/Source/XPSP1/NT/com/ole32/dcomss/olescm/execclt.cxx

364 lines
8.7 KiB
Raw Normal View History

Add source files
4 years ago
  2. /*************************************************************************
  3. *
  4. * execclt.c
  5. *
  6. * Exec service client.
  7. *
  8. * This allows the starting of a program on any Terminal Server Session under
  9. * the account of the logged on user, or the SYSTEM account for services.
  10. *
  11. * copyright notice: Copyright 1998, Microsoft Corporation
  12. *
  13. *
  14. *
  15. *************************************************************************/
  17. #include "act.hxx"
  18. extern "C" {
  19. #include <execsrv.h>
  20. }
  24. //
  25. // Forward references
  26. //
  28. PWCHAR
  29. MarshallString(
  30. PWCHAR pSource,
  31. PCHAR pBase,
  32. ULONG MaxSize,
  33. PCHAR *ppPtr,
  34. PULONG pCount,
  35. BOOL bMulti = FALSE
  36. );
  42. /*****************************************************************************
  43. *
  44. * CreateRemoteSessionProcess
  45. *
  46. * Create a process on the given Terminal Server Session
  47. *
  48. * ENTRY:
  49. * SessionId (input)
  50. * SessionId of Session to create process on
  51. *
  52. * Param1 (input/output)
  53. * Comments
  54. *
  55. * EXIT:
  56. * STATUS_SUCCESS - no error
  57. *
  58. ****************************************************************************/
  60. BOOL
  61. CreateRemoteSessionProcess(
  62. ULONG SessionId,
  63. HANDLE hSaferToken,
  64. BOOL System,
  65. PWCHAR lpszImageName,
  66. PWCHAR lpszCommandLine,
  67. PSECURITY_ATTRIBUTES psaProcess,
  68. PSECURITY_ATTRIBUTES psaThread,
  69. BOOL fInheritHandles,
  70. DWORD fdwCreate,
  71. LPVOID lpvEnvironment,
  72. LPWSTR lpszCurDir,
  73. LPSTARTUPINFOW pStartInfo,
  74. LPPROCESS_INFORMATION pProcInfo
  75. )
  76. {
  77. BOOL Result;
  78. HANDLE hPipe = NULL;
  79. WCHAR szPipeName[MAX_PATH];
  80. PCHAR ptr;
  81. ULONG Count, AmountWrote, AmountRead;
  82. DWORD MyProcId;
  83. PEXECSRV_REQUEST pReq;
  84. EXECSRV_REPLY Rep;
  85. CHAR Buf[EXECSRV_BUFFER_SIZE];
  86. ULONG MaxSize = EXECSRV_BUFFER_SIZE;
  88. if( lpszImageName )
  89. CairoleDebugOut((DEB_TRACE, "EXECCLIENT: lpszImageName %ws\n",lpszImageName));
  91. if( lpszCommandLine )
  92. CairoleDebugOut((DEB_TRACE, "EXECCLIENT: lpszCommandLine %ws\n",lpszCommandLine));
  94. // Winlogon handles all now. System flag tells it what to do
  95. swprintf(szPipeName, EXECSRV_SYSTEM_PIPE_NAME, SessionId);
  97. while (TRUE) {
  99. hPipe = CreateFileW(
  100. szPipeName,
  101. GENERIC_READ|GENERIC_WRITE,
  102. 0, // File share mode
  103. NULL, // default security
  104. OPEN_EXISTING,
  105. 0, // Attrs and flags
  106. NULL // template file handle
  107. );
  109. if( hPipe == INVALID_HANDLE_VALUE ) {
  111. if (GetLastError() == ERROR_PIPE_BUSY) {
  113. if (!WaitNamedPipe( szPipeName, 30000 )) { // 30 sec
  115. CairoleDebugOut((DEB_ERROR, "EXECCLIENT: Waited too long for pipe name %ws\n", szPipeName));
  116. return(FALSE);
  117. }
  118. } else {
  120. CairoleDebugOut((DEB_ERROR, "EXECCLIENT: Could not create pipe name %ws\n", szPipeName));
  121. return(FALSE);
  122. }
  123. } else {
  125. break;
  126. }
  127. }
  129. /*
  130. * Get the handle to the current process
  131. */
  132. MyProcId = GetCurrentProcessId();
  134. /*
  135. * setup the marshalling
  136. */
  137. ptr = Buf;
  138. Count = 0;
  140. pReq = (PEXECSRV_REQUEST)ptr;
  141. ptr += sizeof(EXECSRV_REQUEST);
  142. Count += sizeof(EXECSRV_REQUEST);
  144. // set the basic parameters
  145. pReq->hToken = hSaferToken;
  146. pReq->System = System;
  147. pReq->RequestingProcessId = MyProcId;
  148. pReq->fInheritHandles = fInheritHandles;
  149. pReq->fdwCreate = fdwCreate;
  151. // marshall the ImageName string
  152. if( lpszImageName ) {
  153. pReq->lpszImageName = MarshallString( lpszImageName, Buf, MaxSize, &ptr, &Count );
  154. }
  155. else {
  156. pReq->lpszImageName = NULL;
  157. }
  159. // marshall in the CommandLine string
  160. if( lpszCommandLine ) {
  161. pReq->lpszCommandLine = MarshallString( lpszCommandLine, Buf, MaxSize, &ptr, &Count );
  162. }
  163. else {
  164. pReq->lpszCommandLine = NULL;
  165. }
  167. // marshall in the CurDir string
  168. if( lpszCurDir ) {
  169. pReq->lpszCurDir = MarshallString( lpszCurDir, Buf, MaxSize, &ptr, &Count );
  170. }
  171. else {
  172. pReq->lpszCurDir = NULL;
  173. }
  175. // marshall in the StartupInfo structure
  176. RtlMoveMemory( &pReq->StartInfo, pStartInfo, sizeof(STARTUPINFO) );
  178. // Now marshall the strings in STARTUPINFO
  179. if( pStartInfo->lpDesktop ) {
  180. pReq->StartInfo.lpDesktop = MarshallString( pStartInfo->lpDesktop, Buf, MaxSize, &ptr, &Count );
  181. }
  182. else {
  183. pReq->StartInfo.lpDesktop = NULL;
  184. }
  186. if( pStartInfo->lpTitle ) {
  187. pReq->StartInfo.lpTitle = MarshallString( pStartInfo->lpTitle, Buf, MaxSize, &ptr, &Count );
  188. }
  189. else {
  190. pReq->StartInfo.lpTitle = NULL;
  191. }
  193. if( lpvEnvironment ) {
  194. pReq->lpvEnvironment = MarshallString( (PWCHAR)lpvEnvironment, Buf, MaxSize, &ptr, &Count, TRUE );
  195. }
  196. else {
  197. pReq->lpvEnvironment = NULL;
  198. }
  200. //
  201. // WARNING: This version does not pass the following:
  202. //
  203. // Also saProcess and saThread are ignored right now and use
  204. // the users default security on the remote WinStation
  205. //
  206. // Set things that are always NULL
  207. //
  208. pReq->StartInfo.lpReserved = NULL; // always NULL
  210. // now fill in the total count
  211. pReq->Size = Count;
  213. /*
  214. * Now send the buffer out to the server
  215. */
  216. Result = WriteFile(
  217. hPipe,
  218. Buf,
  219. Count,
  220. &AmountWrote,
  221. NULL
  222. );
  224. if( !Result ) {
  225. CairoleDebugOut((DEB_ERROR, "EXECCLIENT: Error %d sending request\n",GetLastError()));
  226. goto Cleanup;
  227. }
  229. /*
  230. * Now read the reply
  231. */
  232. Result = ReadFile(
  233. hPipe,
  234. &Rep,
  235. sizeof(Rep),
  236. &AmountRead,
  237. NULL
  238. );
  240. if( !Result ) {
  241. CairoleDebugOut((DEB_ERROR, "EXECCLIENT: Error %d reading reply\n",GetLastError()));
  242. goto Cleanup;
  243. }
  245. /*
  246. * Check the result
  247. */
  248. if( !Rep.Result ) {
  249. CairoleDebugOut((DEB_ERROR, "EXECCLIENT: Error %d in reply\n",Rep.LastError));
  250. // set the error in the current thread to the returned error
  251. Result = Rep.Result;
  252. SetLastError( Rep.LastError );
  253. goto Cleanup;
  254. }
  256. /*
  257. * We copy the PROCESS_INFO structure from the reply
  258. * to the caller.
  259. *
  260. * The remote site has duplicated the handles into our
  261. * process space for hProcess and hThread so that they will
  262. * behave like CreateProcessW()
  263. */
  265. RtlMoveMemory( pProcInfo, &Rep.ProcInfo, sizeof( PROCESS_INFORMATION ) );
  267. Cleanup:
  268. CloseHandle(hPipe);
  270. CairoleDebugOut((DEB_TRACE, "EXECCLIENT: Result 0x%x\n", Result));
  272. return(Result);
  273. }
  275. /*****************************************************************************
  276. *
  277. * MarshallString
  278. *
  279. * Marshall in a UNICODE_NULL terminated WCHAR string
  280. *
  281. * ENTRY:
  282. * pSource (input)
  283. * Pointer to source string
  284. *
  285. * pBase (input)
  286. * Base buffer pointer for normalizing the string pointer
  287. *
  288. * MaxSize (input)
  289. * Maximum buffer size available
  290. *
  291. * ppPtr (input/output)
  292. * Pointer to the current context pointer in the marshall buffer.
  293. * This is updated as data is marshalled into the buffer
  294. *
  295. * pCount (input/output)
  296. * Current count of data in the marshall buffer.
  297. * This is updated as data is marshalled into the buffer
  298. *
  299. * bMulti (optional input)
  300. * If TRUE then marshall in a multi UNICODE string. Each string are
  301. * UNICODE_NULL terminated and the multi string is terminated with a double
  302. * UNICODE_NULL. The default value is FALSE.
  303. *
  304. * EXIT:
  305. * NULL - Error
  306. * !=NULL "normalized" pointer to the string in reference to pBase
  307. *
  308. ****************************************************************************/
  310. PWCHAR
  311. MarshallString(
  312. PWCHAR pSource,
  313. PCHAR pBase,
  314. ULONG MaxSize,
  315. PCHAR *ppPtr,
  316. PULONG pCount,
  317. BOOL bMulti
  318. )
  319. {
  320. ULONG Len;
  321. PCHAR ptr;
  323. if (bMulti) {
  325. Len = 0;
  327. for (PWCHAR pStr = pSource; *pStr; ) {
  329. ULONG StrLen = wcslen( pStr ) + 1; // include the NULL
  331. Len += StrLen;
  332. pStr += StrLen;
  334. // bail out if too long
  335. if( (*pCount + (Len * sizeof(WCHAR))) > MaxSize ) {
  336. return( NULL );
  337. }
  338. }
  340. Len++; // include last NULL
  342. } else {
  343. Len = wcslen( pSource );
  344. Len++; // include the NULL
  345. }
  347. Len *= sizeof(WCHAR); // convert to bytes
  349. if( (*pCount + Len) > MaxSize ) {
  350. return( NULL );
  351. }
  353. RtlMoveMemory( *ppPtr, pSource, Len );
  355. // the normalized ptr is the current count - Sundown: zero-extended value.
  356. ptr = (PCHAR)ULongToPtr(*pCount);
  358. *ppPtr += Len;
  359. *pCount += Len;
  361. return((PWCHAR)ptr);
  362. }