able/windows-nt
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
windows-nt/Source/XPSP1/NT/ds/netapi/svcdlls/seclogon/server/seclogon.c
CryptoAlgo Inc b3cac27891 Add source files
2020-09-26 16:20:57 +08:00

1842 lines
56 KiB
C
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

/*+
*
* Microsoft Windows
* Copyright (C) Microsoft Corporation, 1997 - 1998.
*
* Name : seclogon.cxx
* Author:Jeffrey Richter (v-jeffrr)
*
* Abstract:
* This is the service DLL for Secondary Logon Service
* This service supports the CreateProcessWithLogon API implemented
* in advapi32.dll
*
* Revision History:
* PraeritG 10/8/97 To integrate this in to services.exe
*
-*/
#define STRICT
#include <nt.h>
#include <ntrtl.h>
#include <nturtl.h>
#include <ntlsa.h>
#include <Windows.h>
#define SECURITY_WIN32
#define SECURITY_KERBEROS
#include <security.h>
#include <secint.h>
#include <winsafer.h>
#include <shellapi.h>
#include <svcs.h>
#include <userenv.h>
#include <sddl.h>
#include "seclogon.h"
#include <stdio.h>
#include "stringid.h"
#include "dbgdef.h"
//
// must move to winbase.h soon!
#define LOGON_WITH_PROFILE 0x00000001
#define LOGON_NETCREDENTIALS_ONLY 0x00000002
#define MAXIMUM_SECLOGON_PROCESSES MAXIMUM_WAIT_OBJECTS*4
#define DESKTOP_ALL (DESKTOP_READOBJECTS | DESKTOP_CREATEWINDOW | \
DESKTOP_CREATEMENU | DESKTOP_HOOKCONTROL | \
DESKTOP_JOURNALRECORD | DESKTOP_JOURNALPLAYBACK | \
DESKTOP_ENUMERATE | DESKTOP_WRITEOBJECTS | \
DESKTOP_SWITCHDESKTOP | STANDARD_RIGHTS_REQUIRED)
#define WINSTA_ALL (WINSTA_ENUMDESKTOPS | WINSTA_READATTRIBUTES | \
WINSTA_ACCESSCLIPBOARD | WINSTA_CREATEDESKTOP | \
WINSTA_WRITEATTRIBUTES | WINSTA_ACCESSGLOBALATOMS | \
WINSTA_EXITWINDOWS | WINSTA_ENUMERATE | \
WINSTA_READSCREEN | \
STANDARD_RIGHTS_REQUIRED)
struct SECL_STATE {
SERVICE_STATUS serviceStatus;
SERVICE_STATUS_HANDLE hServiceStatus;
} g_state;
typedef struct _SECONDARYLOGONINFOW {
// First fields should all be quad-word types to avoid alignment errors:
LPSTARTUPINFO lpStartupInfo;
LPWSTR lpUsername;
LPWSTR lpDomain;
LPWSTR lpPassword;
LPWSTR lpApplicationName;
LPWSTR lpCommandLine;
LPVOID lpEnvironment;
LPCWSTR lpCurrentDirectory;
// Next group of fields are double-word types:
DWORD dwProcessId;
ULONG LogonIdLowPart;
LONG LogonIdHighPart;
DWORD dwLogonFlags;
DWORD dwCreationFlags;
DWORD dwSeclogonFlags;
HANDLE hWinsta;
HANDLE hDesk;
// Insert smaller types below:
BOOL fFreeWinsta;
BOOL fFreeDesk;
} SECONDARYLOGONINFOW, *PSECONDARYLOGONINFOW;
typedef struct _SECONDARYLOGONRETINFO {
PROCESS_INFORMATION pi;
DWORD dwErrorCode;
} SECONDARYLOGONRETINFO, *PSECONDARYLOGONRETINFO;
typedef struct _SECONDARYLOGINWATCHINFO {
HANDLE hProcess;
HANDLE hToken;
HANDLE hProfile;
LUID LogonId;
PSECONDARYLOGONINFOW psli;
} SECONDARYLOGONWATCHINFO, *PSECONDARYLOGONWATCHINFO;
typedef struct _JOBINFO {
HANDLE Job;
LUID LogonId;
} JOBINFO, *PJOBINFO;
#define _JumpCondition(condition, label) \
if (condition) \
{ \
goto label; \
} \
else { }
#define _JumpConditionWithExpr(condition, label, expr) \
if (condition) \
{ \
expr; \
goto label; \
} \
else { }
#define ARRAYSIZE(array) ((sizeof(array)) / (sizeof(array[0])))
#define FIELDOFFSET(s,m) ((size_t)(ULONG_PTR)&(((s *)0)->m))
HANDLE g_hThreadWatchdog;
JOBINFO g_Jobs[MAXIMUM_SECLOGON_PROCESSES];
HANDLE g_hProcess[MAXIMUM_SECLOGON_PROCESSES];
HANDLE g_hToken[MAXIMUM_SECLOGON_PROCESSES];
HANDLE g_hProfile[MAXIMUM_SECLOGON_PROCESSES];
LUID g_LogonId[MAXIMUM_SECLOGON_PROCESSES];
PSECONDARYLOGONINFOW g_psli[MAXIMUM_SECLOGON_PROCESSES];
int g_nNumSecondaryLogonProcesses = 0;
CRITICAL_SECTION csForProcessCount;
CRITICAL_SECTION csForDesktop;
BOOL g_fIsCsInitialized = FALSE;
BOOL g_fTerminateSecondaryLogonService = FALSE;
PSVCHOST_GLOBAL_DATA GlobalData;
HANDLE g_hIOCP = NULL;
BOOL g_fCleanupThreadActive = FALSE;
//
// function prototypes
//
void Free_SECONDARYLOGONINFOW(PSECONDARYLOGONINFOW psli);
void FreeGlobalState();
DWORD InitGlobalState();
DWORD MySetServiceStatus(DWORD dwCurrentState, DWORD dwCheckPoint, DWORD dwWaitHint, DWORD dwExitCode);
DWORD MySetServiceStopped(DWORD dwExitCode);
DWORD SeclStartRpcServer();
DWORD SeclStopRpcServer();
VOID SecondaryLogonCleanupJob(LPVOID pvJobIndex, BOOL *pfLastJob);
BOOL SlpLoadUserProfile(HANDLE hToken, PHANDLE hProfile);
DWORD To_SECONDARYLOGONINFOW(PSECL_SLI pSeclSli, PSECONDARYLOGONINFOW *ppsli);
DWORD To_SECL_SLRI(SECONDARYLOGONRETINFO *pslri, PSECL_SLRI pSeclSlri);
void DbgPrintf( DWORD dwSubSysId, LPCSTR pszFormat , ...)
{
va_list args;
CHAR pszBuffer[1024];
va_start(args, pszFormat);
_vsnprintf(pszBuffer, 1024, pszFormat, args);
va_end(args);
}
BOOL
IsSystemProcess(
VOID
)
{
PTOKEN_USER User;
HANDLE Token;
DWORD RetLen;
PSID SystemSid = NULL;
SID_IDENTIFIER_AUTHORITY SidAuthority = SECURITY_NT_AUTHORITY;
BYTE Buffer[100];
if(AllocateAndInitializeSid(&SidAuthority,1,SECURITY_LOCAL_SYSTEM_RID,
0,0,0,0,0,0,0,&SystemSid))
{
if(OpenThreadToken(GetCurrentThread(), MAXIMUM_ALLOWED, FALSE, &Token))
{
if(GetTokenInformation(Token, TokenUser, Buffer, 100, &RetLen))
{
User = (PTOKEN_USER)Buffer;
CloseHandle(Token);
if(EqualSid(User->User.Sid, SystemSid))
{
FreeSid(SystemSid);
return TRUE;
}
}
else
CloseHandle(Token);
}
FreeSid(SystemSid);
}
return FALSE;
}
DWORD
SlpGetClientLogonId(
HANDLE Process,
PLUID LogonId
)
{
HANDLE Token;
TOKEN_STATISTICS TokenStats;
DWORD ReturnLength;
//
// Get handle to the process token.
//
if(OpenProcessToken(Process, MAXIMUM_ALLOWED, &Token))
{
if(GetTokenInformation (
Token,
TokenStatistics,
(PVOID)&TokenStats,
sizeof( TOKEN_STATISTICS ),
&ReturnLength
))
{
*LogonId = TokenStats.AuthenticationId;
CloseHandle(Token);
return ERROR_SUCCESS;
}
CloseHandle(Token);
}
return GetLastError();
}
DWORD ModifyUserAccessToObject
(IN HANDLE hObject,
IN PSID pUserSid,
IN DWORD dwAccessMask, // access mask to apply IF granting access
IN BYTE bAceFlags, // flags to supply with Ace IF granting access
IN BOOL fAdd // true if we're granting access
)
{
ACL_SIZE_INFORMATION asiSize;
PACCESS_ALLOWED_ACE pAce = NULL;
PACCESS_ALLOWED_ACE pAceNew = NULL;
BOOL fRemovedAccess = FALSE;
BOOL fDaclDefaulted;
BOOL fDaclPresent;
DWORD dwIndex;
DWORD dwNeeded;
DWORD dwNewAclSize;
DWORD dwResult;
PACL pDaclNew = NULL;
PACL pDaclReadOnly = NULL;
SECURITY_DESCRIPTOR SdNew;
PSECURITY_DESCRIPTOR pSdReadOnly = NULL;
SECURITY_INFORMATION siRequested;
// Initialize non-pointer data:
ZeroMemory(&SdNew, sizeof(SdNew));
// Query the security descriptor
siRequested = DACL_SECURITY_INFORMATION;
if (!GetUserObjectSecurity(hObject, &siRequested, pSdReadOnly, 0, &dwNeeded))
{
// allocate buffer large for returned SD and another ACE.
pSdReadOnly = (PSECURITY_DESCRIPTOR) HeapAlloc (GetProcessHeap(), 0, dwNeeded + 100);
if (NULL == pSdReadOnly)
goto MemoryError;
if (!GetUserObjectSecurity(hObject, &siRequested, pSdReadOnly, dwNeeded, &dwNeeded))
goto GetUserObjectSecurityError;
}
else
{
// There's no security descriptor, not much we can do here!
goto SuccessReturn;
}
if (!GetSecurityDescriptorDacl(pSdReadOnly, &fDaclPresent, &pDaclReadOnly, &fDaclDefaulted))
goto GetSecurityDescriptorDaclError;
// if Dacl is null, we don't need to do anything
// because it gives WORLD full control...
if (!fDaclPresent || NULL == pDaclReadOnly)
goto SuccessReturn;
// Compute the size for the new ACL, based on the size of the current
// ACL, and the operation to be performed on it.
if (!GetAclInformation(pDaclReadOnly, (PVOID)&asiSize, sizeof(asiSize), AclSizeInformation))
goto GetAclInformationError;
if (fAdd)
dwNewAclSize = asiSize.AclBytesInUse + sizeof(ACCESS_ALLOWED_ACE) + GetLengthSid(pUserSid) + sizeof(DWORD);
else
dwNewAclSize = asiSize.AclBytesInUse - sizeof(ACCESS_ALLOWED_ACE) - GetLengthSid(pUserSid) + sizeof(DWORD);
pDaclNew = (PACL)HeapAlloc(GetProcessHeap(), 0, dwNewAclSize);
if (NULL == pDaclNew)
goto MemoryError;
if (!InitializeAcl(pDaclNew, dwNewAclSize, ACL_REVISION))
goto InitializeAclError;
if (fAdd) // We're granting the user access
{
if (!AddAccessAllowedAce(pDaclNew, ACL_REVISION, dwAccessMask, pUserSid))
goto AddAccessAllowedAceError;
if (!GetAce(pDaclNew, 0, &pAceNew))
goto GetAceError;
pAceNew->Header.AceFlags = bAceFlags;
}
// Copy over the ACEs that are still valid
// (all if adding, all but the user's SID if removing).
for (dwIndex = 0; dwIndex < asiSize.AceCount; dwIndex++)
{
if (!GetAce(pDaclReadOnly, dwIndex, (PVOID*)(&pAce)))
goto GetAceError;
// We're removing -- check if this ACE contains the user's SID
if (!fAdd && !fRemovedAccess)
{
if ((((PACE_HEADER)pAce)->AceType) == ACCESS_ALLOWED_ACE_TYPE)
{
if (EqualSid(pUserSid, (PSID)(&(pAce->SidStart))))
{
// Don't add this ACE to the new ACL we're constructing.
// NOTE: we only want to remove one ACCESS_ALLOWED_ACE. Otherwise, if the
// user already had access to the desktop, we could
// be removing the access they previously had!
fRemovedAccess = TRUE;
continue;
}
}
}
if (!AddAce(pDaclNew, ACL_REVISION, 0xFFFFFFFF, pAce, ((PACE_HEADER)pAce)->AceSize))
goto AddAceError;
}
// Create the new security descriptor to assign to the object:
if (!InitializeSecurityDescriptor(&SdNew, SECURITY_DESCRIPTOR_REVISION))
goto InitializeSecurityDescriptorError;
// Add the new DACL to the descriptor:
if (!SetSecurityDescriptorDacl(&SdNew, TRUE, pDaclNew, fDaclDefaulted))
goto SetSecurityDescriptorDaclError;
// Finally, set the object security using our new security descriptor.
siRequested = DACL_SECURITY_INFORMATION;
if (!SetUserObjectSecurity(hObject, &siRequested, &SdNew))
goto SetUserObjectSecurityError;
SuccessReturn:
dwResult = ERROR_SUCCESS;
ErrorReturn:
if (NULL != pSdReadOnly) { HeapFree(GetProcessHeap(), 0, pSdReadOnly); }
if (NULL != pDaclNew) { HeapFree(GetProcessHeap(), 0, pDaclNew); }
return dwResult;
SET_DWRESULT(AddAceError, GetLastError());
SET_DWRESULT(AddAccessAllowedAceError, GetLastError());
SET_DWRESULT(GetAceError, GetLastError());
SET_DWRESULT(GetAclInformationError, GetLastError());
SET_DWRESULT(GetSecurityDescriptorDaclError, GetLastError());
SET_DWRESULT(GetUserObjectSecurityError, GetLastError());
SET_DWRESULT(InitializeAclError, GetLastError());
SET_DWRESULT(InitializeSecurityDescriptorError, GetLastError());
SET_DWRESULT(MemoryError, ERROR_NOT_ENOUGH_MEMORY);
SET_DWRESULT(SetSecurityDescriptorDaclError, GetLastError());
SET_DWRESULT(SetUserObjectSecurityError, GetLastError());
}
DWORD ModifyUserAccessToDesktop
(IN HANDLE hWinsta,
IN HANDLE hDesk,
IN HANDLE hToken,
IN BOOL fAdd)
{
BOOL fEnteredCriticalSection = FALSE;
BYTE rgbSidBuff[256];
DWORD dwResult = ERROR_SUCCESS;
DWORD dwReturnedLen;
PTOKEN_USER pTokenUser = NULL;
// Get the SID from the token:
pTokenUser = (PSID)&rgbSidBuff[0];
if (!GetTokenInformation(hToken, TokenUser, pTokenUser, sizeof(rgbSidBuff), &dwReturnedLen))
goto GetTokenInformationError;
// We don't want any other threads messing with the desktop ACL
EnterCriticalSection(&csForDesktop);
fEnteredCriticalSection = TRUE;
if (NULL != hWinsta)
{
dwResult = ModifyUserAccessToObject(hWinsta, pTokenUser->User.Sid, WINSTA_ALL, NO_PROPAGATE_INHERIT_ACE, fAdd);
if (ERROR_SUCCESS != dwResult)
goto ModifyUserAccessToObjectError;
}
if (NULL != hDesk)
{
dwResult = ModifyUserAccessToObject(hDesk, pTokenUser->User.Sid, DESKTOP_ALL, 0, fAdd);
if (ERROR_SUCCESS != dwResult)
goto ModifyUserAccessToObjectError;
}
dwResult = ERROR_SUCCESS;
ErrorReturn:
if (fEnteredCriticalSection) { LeaveCriticalSection(&csForDesktop); }
return dwResult;
SET_DWRESULT(GetTokenInformationError, GetLastError());
TRACE_ERROR (ModifyUserAccessToObjectError);
}
DWORD
WINAPI
WaitForNextJobTermination(PVOID pvIgnored)
{
BOOL fResult;
DWORD dwNumberOfBytes;
DWORD dwResult;
OVERLAPPED *po;
ULONG_PTR ulptrCompletionKey;
while (TRUE)
{
fResult = GetQueuedCompletionStatus(g_hIOCP, &dwNumberOfBytes, &ulptrCompletionKey, &po, INFINITE);
if (!fResult) {
// We've encountered an error. Shutdown our cleanup thread -- the next runas will queue another one.
EnterCriticalSection(&csForProcessCount);
g_fCleanupThreadActive = FALSE;
LeaveCriticalSection(&csForProcessCount);
goto GetQueuedCompletionStatusError;
}
// When waiting on job objects, the dwNumberOfBytes contains a message ID, indicating
// the event which just occured.
switch (dwNumberOfBytes)
{
case JOB_OBJECT_MSG_ACTIVE_PROCESS_ZERO:
{
BOOL fLastJob;
// All of our processes have terminated. Call our cleanup function.
SecondaryLogonCleanupJob((LPVOID)ulptrCompletionKey /*job index*/, &fLastJob);
if (fLastJob)
{
// There are no more jobs -- we're done processing notification.
goto CommonReturn;
}
else
{
// More jobs left to clean up. Keep processing...
}
}
default:;
// some message we don't care about. Try again.
}
}
CommonReturn:
dwResult = ERROR_SUCCESS;
ErrorReturn:
return dwResult;
SET_DWRESULT(GetQueuedCompletionStatusError, GetLastError());
}
VOID
SecondaryLogonCleanupJob(
LPVOID pvJobIndex,
BOOL *pfLastJob
)
/*++
Routine Description:
This routine is a process cleanup handler when one of the secondary
logon process goes away.
Arguments:
dwProcessIndex -- the actual index to the process, the pointer is cast
back to dword. THIS IS SAFE IN SUNDOWN.
fWaitStatus -- status of the wait done by one of services.exe threads.
Return Value:
always 0.
--*/
{
DWORD dwJobIndex = PtrToUlong(pvJobIndex);
DWORD ProcessNum = dwJobIndex; // 1-to-1 mapping between jobs and runas'd processes
DWORD dwResult;
EnterCriticalSection(&csForProcessCount);
// We've found another process in this job.
if(g_psli[ProcessNum])
{
// we don't care about return value.
ModifyUserAccessToDesktop(g_psli[ProcessNum]->hWinsta, g_psli[ProcessNum]->hDesk, g_hToken[ProcessNum], FALSE /*remove*/);
Free_SECONDARYLOGONINFOW(g_psli[ProcessNum]);
g_psli[ProcessNum] = NULL;
}
if(g_hProcess[ProcessNum])
{
CloseHandle(g_hProcess[ProcessNum]);
g_hProcess[ProcessNum] = NULL;
}
if(g_hProfile[ProcessNum] != NULL)
{
UnloadUserProfile(g_hToken[ProcessNum], g_hProfile[ProcessNum]);
g_hProfile[ProcessNum] = NULL;
}
if(g_hToken[ProcessNum])
{
CloseHandle(g_hToken[ProcessNum]);
g_hToken[ProcessNum] = NULL;
}
// Close off this job:
CloseHandle(g_Jobs[dwJobIndex].Job);
g_Jobs[dwJobIndex].Job = NULL;
*pfLastJob = --g_nNumSecondaryLogonProcesses == 0;
// If it's the last job, the cleanup thread terminates:
g_fCleanupThreadActive = !(*pfLastJob);
// Update the service status to reflect whether there is a runas'd process alive.
MySetServiceStatus(SERVICE_RUNNING, 0, 0, 0);
LeaveCriticalSection(&csForProcessCount);
return;
}
VOID
APIENTRY
SecondaryLogonProcessWatchdogNewProcess(
PSECONDARYLOGONWATCHINFO dwParam
)
/*++
Routine Description:
This routine puts the secondary logon process created on the wait queue
such that cleanup can be done after the process dies.
Arguments:
dwParam -- the pointer to the process information.
Return Value:
none.
--*/
{
DWORD j, FirstFreeJob;
unsigned __int3264 i;
BOOL JobFound;
JOBOBJECT_ASSOCIATE_COMPLETION_PORT joacp;
LUID ProcessLogonId;
ULONG_PTR ulptrJobIndex;
if (dwParam != NULL) {
PSECONDARYLOGONWATCHINFO pslwi = (PSECONDARYLOGONWATCHINFO) dwParam;
EnterCriticalSection(&csForProcessCount);
for(i=0;i<MAXIMUM_SECLOGON_PROCESSES;i++)
{
// if(g_hProcess[i] == LongToHandle(0xDEADBEEF)) break;
if(g_hProcess[i] == NULL) break;
}
g_hProcess[i] = pslwi->hProcess;
g_hToken[i] = pslwi->hToken;
g_hProfile[i] = pslwi->hProfile;
g_LogonId[i].LowPart = pslwi->LogonId.LowPart;
g_LogonId[i].HighPart = pslwi->LogonId.HighPart;
g_psli[i] = pslwi->psli;
// Initialize this job with the logon ID of the client process.
// If this is a recursive runas, we'll override this value in the following loop
g_Jobs[i].LogonId.LowPart = g_LogonId[i].LowPart;
g_Jobs[i].LogonId.HighPart = g_LogonId[i].HighPart;
// Determine which logon session the new process should be associated with.
for(j=0;j<MAXIMUM_SECLOGON_PROCESSES;j++)
{
if(g_Jobs[j].Job != NULL)
{
SlpGetClientLogonId(g_hProcess[j], &ProcessLogonId);
if(ProcessLogonId.LowPart == g_LogonId[i].LowPart && ProcessLogonId.HighPart == g_LogonId[i].HighPart)
{
JobFound = TRUE;
g_Jobs[i].LogonId.LowPart = g_Jobs[j].LogonId.LowPart;
g_Jobs[i].LogonId.HighPart = g_Jobs[j].LogonId.HighPart;
break;
}
}
}
// Increment the number of runas'd processes
g_nNumSecondaryLogonProcesses++;
// BUGBUG: we currently have no means of recovering from failures
// in the functions below.
// we have to create a new one;
g_Jobs[i].Job = CreateJobObject(NULL, NULL);
if (NULL != g_Jobs[i].Job)
{
if (AssignProcessToJobObject(g_Jobs[i].Job, g_hProcess[i]))
{
ulptrJobIndex = i;
// Register our IO completion port to wait for events from this job:
joacp.CompletionKey = (LPVOID)ulptrJobIndex;
joacp.CompletionPort = g_hIOCP;
if (SetInformationJobObject(g_Jobs[i].Job, JobObjectAssociateCompletionPortInformation, &joacp, sizeof(joacp)))
{
// If we don't already have a cleanup thread running, start one now:
if (!g_fCleanupThreadActive)
{
g_fCleanupThreadActive = QueueUserWorkItem(WaitForNextJobTermination, NULL, WT_EXECUTELONGFUNCTION);
}
}
}
}
// Update the service status to reflect that there is a runas'd process
// This prevents the service from receiving SERVICE_STOP controls
// while runas'd processes are alive.
MySetServiceStatus(SERVICE_RUNNING, 0, 0, 0);
LeaveCriticalSection(&csForProcessCount);
} else {
//
// We were just awakened in order to terminate the service (nothing to do)
//
}
}
DWORD ServiceStop(BOOL fShutdown, DWORD dwExitCode)
{
DWORD dwCheckPoint = 0;
DWORD dwIndex;
DWORD dwResult;
// Don't want the process count to change while we're shutting down the service!
EnterCriticalSection(&csForProcessCount);
// Only stop if we have no runas'd processes, or if we're shutting down
if (fShutdown || 0 == g_nNumSecondaryLogonProcesses) {
dwResult = MySetServiceStatus(SERVICE_STOP_PENDING, dwCheckPoint++, 0, 0);
_JumpCondition(ERROR_SUCCESS != dwResult && !fShutdown, MySetServiceStatusError);
// We shouldn't hold the critical section while we're shutting down the RPC server,
// because RPC threads may be trying to acquire it.
LeaveCriticalSection(&csForProcessCount);
dwResult = SeclStopRpcServer();
_JumpCondition(ERROR_SUCCESS != dwResult && !fShutdown, SeclStopRpcServerError);
dwResult = MySetServiceStatus(SERVICE_STOP_PENDING, dwCheckPoint++, 0, 0);
_JumpCondition(ERROR_SUCCESS != dwResult && !fShutdown, MySetServiceStatusError);
g_fTerminateSecondaryLogonService = TRUE;
if (g_fIsCsInitialized)
{
DeleteCriticalSection(&csForProcessCount);
DeleteCriticalSection(&csForDesktop);
g_fIsCsInitialized = FALSE;
}
if (NULL != g_hIOCP)
{
CloseHandle(g_hIOCP);
g_hIOCP = NULL;
}
// Unlike MySetServiceStatus, this routine doesn't access any
// global state which could have been freed:
dwResult = MySetServiceStopped(dwExitCode);
_JumpCondition(ERROR_SUCCESS != dwResult && !fShutdown, MySetServiceStopped);
}
dwResult = ERROR_SUCCESS;
ErrorReturn:
return dwResult;
SET_DWRESULT(MySetServiceStatusError, dwResult);
SET_DWRESULT(MySetServiceStopped, dwResult);
SET_DWRESULT(SeclStopRpcServerError, dwResult);
}
void
WINAPI
ServiceHandler(
DWORD fdwControl
)
/*++
Routine Description:
Service handler which wakes up the main service thread when ever
service controller needs to send a message.
Arguments:
fdwControl -- the control from the service controller.
Return Value:
none.
--*/
{
BOOL fResult;
BOOL fCanStopService = TRUE;
DWORD dwNextState = g_state.serviceStatus.dwCurrentState;
DWORD dwResult;
switch (fdwControl)
{
case SERVICE_CONTROL_CONTINUE:
dwResult = MySetServiceStatus(SERVICE_CONTINUE_PENDING, 0, 0, 0);
_JumpCondition(ERROR_SUCCESS != dwResult, MySetServiceStatusError);
dwResult = SeclStartRpcServer();
_JumpCondition(ERROR_SUCCESS != dwResult, StartRpcServerError);
dwNextState = SERVICE_RUNNING;
break;
case SERVICE_CONTROL_INTERROGATE:
break;
case SERVICE_CONTROL_PAUSE:
dwResult = MySetServiceStatus(SERVICE_PAUSE_PENDING, 0, 0, 0);
_JumpCondition(ERROR_SUCCESS != dwResult, MySetServiceStatusError);
dwResult = SeclStopRpcServer();
_JumpCondition(ERROR_SUCCESS != dwResult, StopRpcServerError);
dwNextState = SERVICE_PAUSED;
break;
case SERVICE_CONTROL_STOP:
dwResult = ServiceStop(FALSE /*fShutdown*/, ERROR_SUCCESS);
_JumpCondition(ERROR_SUCCESS != dwResult, ServiceStopError);
return ; // All global state has been freed, just exit.
case SERVICE_CONTROL_SHUTDOWN:
dwResult = ServiceStop(TRUE /*fShutdown*/, ERROR_SUCCESS);
_JumpCondition(ERROR_SUCCESS != dwResult, ServiceStopError);
return ; // All global state has been freed, just exit.
default:
// Unhandled service control!
goto ErrorReturn;
}
CommonReturn:
// Restore the original state on error, set the new state on success.
dwResult = MySetServiceStatus(dwNextState, 0, 0, 0);
return;
ErrorReturn:
goto CommonReturn;
SET_ERROR(MySetServiceStatusError, dwResult);
SET_ERROR(ServiceStopError, dwResult);
SET_ERROR(StartRpcServerError, dwResult);
SET_ERROR(StopRpcServerError, dwResult);
}
VOID
SlrCreateProcessWithLogon
(IN RPC_BINDING_HANDLE hRPCBinding,
IN PSECONDARYLOGONINFOW psli,
OUT PSECONDARYLOGONRETINFO pslri)
/*++
Routine Description:
The core routine -- it handles a client request to start a secondary
logon process.
Arguments:
psli -- the input structure with client request information
pslri -- the output structure with response back to the client.
Return Value:
none.
--*/
{
BOOL fAccessWasAllowed = FALSE;
HANDLE hCurrentThread = NULL;
HANDLE hCurrentThreadToken = NULL;
HANDLE hToken = NULL;
HANDLE hProfile = NULL;
HANDLE hProcessClient = NULL;
PVOID pvEnvBlock = NULL, pvUserProfile = NULL;
BOOL fCreatedEnvironmentBlock = FALSE;
BOOL fIsImpersonatingRpcClient = FALSE;
BOOL fIsImpersonatingClient = FALSE;
BOOL fInheritHandles = FALSE;
BOOL fOpenedSTDIN = FALSE;
BOOL fOpenedSTDOUT = FALSE;
BOOL fOpenedSTDERR = FALSE;
PROFILEINFO pi;
SECURITY_ATTRIBUTES sa;
SECONDARYLOGONWATCHINFO slwi;
DWORD dwResult;
DWORD SessionId;
DWORD dwLogonProvider;
SECURITY_LOGON_TYPE LogonType;
__try {
//
// Do some security checks:
//
// 1) We should impersonate the client and then try to open
// the process so that we are assured that they didn't
// give us some fake id.
//
dwResult = RpcImpersonateClient(hRPCBinding);
_JumpCondition(RPC_S_OK != dwResult, leave_with_last_error);
fIsImpersonatingRpcClient = TRUE;
hProcessClient = OpenProcess(MAXIMUM_ALLOWED, FALSE, psli->dwProcessId);
_JumpCondition(hProcessClient == NULL, leave_with_last_error);
#if 0
//
// 2) Check that the client is not running from a restricted account.
//
hCurrentThread = GetCurrentThread(); // Doesn't need to be freed with CloseHandle().
_JumpCondition(NULL == hCurrentThread, leave_with_last_error);
_JumpCondition(FALSE == OpenThreadToken(hCurrentThread,
TOKEN_QUERY | TOKEN_DUPLICATE,
TRUE,
&hCurrentThreadToken),
leave_with_last_error);
#endif
dwResult = RpcRevertToSelfEx(hRPCBinding);
if (RPC_S_OK != dwResult)
{
__leave;
}
fIsImpersonatingRpcClient = FALSE;
#if 0
if (TRUE == IsTokenUntrusted(hCurrentThreadToken))
{
dwResult = ERROR_ACCESS_DENIED;
__leave;
}
#endif
//
// We should get the session id from process id
// we will set this up in the token so that create process
// happens on the correct session.
//
_JumpCondition(!ProcessIdToSessionId(psli->dwProcessId, &SessionId), leave_with_last_error);
//
// Get the unique logonId.
// we will use this to cleanup any running processes
// when the logoff happens.
//
dwResult = SlpGetClientLogonId(hProcessClient, &slwi.LogonId);
if(dwResult != ERROR_SUCCESS)
{
__leave;
}
if ((psli->lpStartupInfo->dwFlags & STARTF_USESTDHANDLES) != 0)
{
_JumpCondition(!DuplicateHandle
(hProcessClient,
psli->lpStartupInfo->hStdInput,
GetCurrentProcess(),
&psli->lpStartupInfo->hStdInput,
0,
TRUE, DUPLICATE_SAME_ACCESS),
leave_with_last_error);
fOpenedSTDIN = TRUE;
_JumpCondition(!DuplicateHandle
(hProcessClient,
psli->lpStartupInfo->hStdOutput,
GetCurrentProcess(),
&psli->lpStartupInfo->hStdOutput,
0,
TRUE,
DUPLICATE_SAME_ACCESS),
leave_with_last_error);
fOpenedSTDOUT = TRUE;
_JumpCondition(!DuplicateHandle
(hProcessClient,
psli->lpStartupInfo->hStdError,
GetCurrentProcess(),
&psli->lpStartupInfo->hStdError,
0,
TRUE,
DUPLICATE_SAME_ACCESS),
leave_with_last_error);
fOpenedSTDERR = TRUE;
fInheritHandles = TRUE;
}
else
{
psli->lpStartupInfo->hStdInput = INVALID_HANDLE_VALUE;
psli->lpStartupInfo->hStdOutput = INVALID_HANDLE_VALUE;
psli->lpStartupInfo->hStdError = INVALID_HANDLE_VALUE;
}
if(psli->dwLogonFlags & LOGON_NETCREDENTIALS_ONLY)
{
LogonType = (SECURITY_LOGON_TYPE)LOGON32_LOGON_NEW_CREDENTIALS;
dwLogonProvider = LOGON32_PROVIDER_WINNT50;
}
else
{
LogonType = (SECURITY_LOGON_TYPE) LOGON32_LOGON_INTERACTIVE;
dwLogonProvider = LOGON32_PROVIDER_DEFAULT;
}
// Duplicate windowstation handles received from the client process
// so that they're valid in this process.
if (NULL != psli->hWinsta)
{
_JumpCondition(!DuplicateHandle(hProcessClient, psli->hWinsta, GetCurrentProcess(), &psli->hWinsta, 0, TRUE, DUPLICATE_SAME_ACCESS),
leave_with_last_error);
psli->fFreeWinsta = TRUE;
}
if (NULL != psli->hDesk)
{
_JumpCondition(!DuplicateHandle(hProcessClient, psli->hDesk, GetCurrentProcess(), &psli->hDesk, 0, TRUE, DUPLICATE_SAME_ACCESS),
leave_with_last_error);
psli->fFreeDesk = TRUE;
}
// LogonUser does not return profile information, we need to grab
// that out of band after the logon has completed.
//
dwResult = RpcImpersonateClient(hRPCBinding);
_JumpCondition(RPC_S_OK != dwResult, leave_with_last_error);
fIsImpersonatingRpcClient = TRUE;
_JumpCondition(!LogonUser(psli->lpUsername,
psli->lpDomain,
psli->lpPassword,
LogonType,
dwLogonProvider,
&hToken),
leave_with_last_error);
if (0 == (SECLOGON_CALLER_SPECIFIED_DESKTOP & psli->dwSeclogonFlags))
{
// If the caller did not specify their own desktop, it is our responsibility
// to grant the user access to the default desktop:
dwResult = ModifyUserAccessToDesktop(psli->hWinsta, psli->hDesk, hToken, TRUE /*grant*/);
if (ERROR_SUCCESS != dwResult)
__leave;
fAccessWasAllowed = TRUE;
}
dwResult = RpcRevertToSelfEx(hRPCBinding);
if (RPC_S_OK != dwResult)
{
__leave;
}
fIsImpersonatingRpcClient = FALSE;
// Let us set the SessionId in the Token.
_JumpCondition(!SetTokenInformation(hToken, TokenSessionId, &SessionId, sizeof(DWORD)),
leave_with_last_error);
// Load the user's profile.
// if this fails, we will not continue
//
if(psli->dwLogonFlags & LOGON_WITH_PROFILE)
{
_JumpCondition(!SlpLoadUserProfile(hToken, &hProfile), leave_with_last_error);
}
// we should now impersonate the user.
//
_JumpCondition(!ImpersonateLoggedOnUser(hToken), leave_with_last_error);
fIsImpersonatingClient = TRUE;
// Query Default Owner/ACL from token. Make SD with this stuff, pass for
sa.nLength = sizeof(sa);
sa.bInheritHandle = FALSE;
sa.lpSecurityDescriptor = NULL;
//
// We should set the console control handler so CtrlC is correctly
// handled by the new process.
//
// SetConsoleCtrlHandler(NULL, FALSE);
//
// if lpEnvironment is NULL, we create new one for this user
// using CreateEnvironmentBlock
//
if(NULL == (psli->lpEnvironment))
{
if(FALSE == CreateEnvironmentBlock( &(psli->lpEnvironment), hToken, FALSE ))
{
psli->lpEnvironment = NULL;
}
else
{
// Successfully created environment block.
fCreatedEnvironmentBlock = TRUE;
}
}
_JumpCondition(!CreateProcessAsUser(hToken,
psli->lpApplicationName,
psli->lpCommandLine,
&sa,
&sa,
fInheritHandles,
psli->dwCreationFlags | CREATE_UNICODE_ENVIRONMENT,
psli->lpEnvironment,
psli->lpCurrentDirectory,
psli->lpStartupInfo,
&pslri->pi),
leave_with_last_error);
SetLastError(NO_ERROR);
leave_with_last_error:
dwResult = GetLastError();
__leave;
}
__finally {
pslri->dwErrorCode = dwResult;
if (fCreatedEnvironmentBlock) { DestroyEnvironmentBlock(psli->lpEnvironment); }
if (fIsImpersonatingClient) { RevertToSelf(); /* Ignore retval: nothing we can do on failure! */ }
if (fIsImpersonatingRpcClient) { RpcRevertToSelfEx(hRPCBinding); /* Ignore retval: nothing we can do on failure! */ }
if (fOpenedSTDIN) { CloseHandle(psli->lpStartupInfo->hStdInput); }
if (fOpenedSTDOUT) { CloseHandle(psli->lpStartupInfo->hStdOutput); }
if (fOpenedSTDERR) { CloseHandle(psli->lpStartupInfo->hStdError); }
if(pslri->dwErrorCode != NO_ERROR)
{
if (NULL != hProfile) { UnloadUserProfile(hToken, hProfile); }
if (fAccessWasAllowed) { ModifyUserAccessToDesktop(psli->hWinsta, psli->hDesk, hToken, FALSE /*remove*/); }
if (NULL != hToken) { CloseHandle(hToken); }
}
else
{
// Start the watchdog process last so it won't delete psli before we're done with it.
slwi.hProcess = pslri->pi.hProcess;
slwi.hToken = hToken;
slwi.hProfile = hProfile;
// LogonId was already filled up.. right at the begining.
slwi.psli = psli;
SecondaryLogonProcessWatchdogNewProcess(&slwi);
// SetConsoleCtrlHandler(NULL, TRUE);
//
// Have the watchdog watch this newly added process so that
// cleanup will occur correctly when the process terminates.
//
// Set up the windowstation and desktop for the process
DuplicateHandle(GetCurrentProcess(), pslri->pi.hProcess,
hProcessClient, &pslri->pi.hProcess, 0, FALSE,
DUPLICATE_SAME_ACCESS);
DuplicateHandle(GetCurrentProcess(), pslri->pi.hThread, hProcessClient,
&pslri->pi.hThread, 0, FALSE,
DUPLICATE_SAME_ACCESS | DUPLICATE_CLOSE_SOURCE);
}
if (NULL != hProcessClient) { CloseHandle(hProcessClient); }
if (NULL != hCurrentThreadToken) { CloseHandle(hCurrentThreadToken); }
}
}
void
WINAPI
ServiceMain
(IN DWORD dwArgc,
IN WCHAR ** lpszArgv)
/*++
Routine Description:
The main service handler thread routine.
Arguments:
Return Value:
none.
--*/
{
DWORD i, dwResult, dwWaitResult;
HANDLE rghWait[4];
for (i = 0; i < MAXIMUM_SECLOGON_PROCESSES; i++)
{
// g_hProcess[i] = LongToHandle(0xDEADBEEF);
g_Jobs[i].Job = NULL;
g_hProcess[i] = NULL;
g_hProfile[i] = NULL;
g_hToken[i] = NULL;
}
__try {
InitializeCriticalSection(&csForProcessCount);
InitializeCriticalSection(&csForDesktop);
g_fIsCsInitialized = TRUE;
}
__except (EXCEPTION_EXECUTE_HANDLER) {
return; // We can't do anything if we can't initialize this critsec
}
g_hIOCP = CreateIoCompletionPort(INVALID_HANDLE_VALUE, NULL, 0,0);
_JumpCondition(NULL == g_hIOCP, CreateIoCompletionPortError);
dwResult = InitGlobalState();
_JumpCondition(ERROR_SUCCESS != dwResult, InitGlobalStateError);
// NOTE: hSS does not have to be closed.
g_state.hServiceStatus = RegisterServiceCtrlHandler(wszSvcName, ServiceHandler);
_JumpCondition(NULL == g_state.hServiceStatus, RegisterServiceCtrlHandlerError);
dwResult = SeclStartRpcServer();
_JumpCondition(ERROR_SUCCESS != dwResult, StartRpcServerError);
// Tell the SCM we're up and running:
dwResult = MySetServiceStatus(SERVICE_RUNNING, 0, 0, ERROR_SUCCESS);
_JumpCondition(ERROR_SUCCESS != dwResult, MySetServiceStatusError);
SetLastError(ERROR_SUCCESS);
ErrorReturn:
// Shut down the service if we couldn't fully start:
if (ERROR_SUCCESS != GetLastError()) {
ServiceStop(TRUE /*fShutdown*/, GetLastError());
}
return;
SET_ERROR(InitGlobalStateError, dwResult)
SET_ERROR(MySetServiceStatusError, dwResult);
SET_ERROR(RegisterServiceCtrlHandlerError, dwResult);
SET_ERROR(StartRpcServerError, dwResult);
TRACE_ERROR(CreateIoCompletionPortError);
}
DWORD
InstallService()
/*++
Routine Description:
It installs the service with service controller, basically creating
the service object.
Arguments:
none.
Return Value:
several - as returned by the service controller.
--*/
{
// TCHAR *szModulePathname;
TCHAR AppName[MAX_PATH];
LPTSTR ptszAppName = NULL;
SC_HANDLE hService;
DWORD dw;
HANDLE hMod;
//
// Open the SCM on this machine.
//
SC_HANDLE hSCM = OpenSCManager(NULL, NULL, SC_MANAGER_CREATE_SERVICE);
if(hSCM == NULL) {
dw = GetLastError();
return dw;
}
//
// Let us give the service a useful description
// This is not earth shattering... if it works fine, if it
// doesn't it is just too bad :-)
//
hMod = GetModuleHandle(L"seclogon.dll");
//
// we'll try to get the localized name for the service,
// if it fails, we'll just put an english string...
//
if(hMod != NULL)
{
LoadString(hMod,
SECLOGON_STRING_NAME,
AppName,
MAX_PATH
);
ptszAppName = AppName;
}
else
ptszAppName = L"RunAs Service";
//
// Add this service to the SCM's database.
//
hService = CreateService
(hSCM,
wszSvcName,
ptszAppName,
SERVICE_ALL_ACCESS,
SERVICE_WIN32_SHARE_PROCESS,
SERVICE_AUTO_START,
SERVICE_ERROR_IGNORE,
L"%SystemRoot%\\system32\\svchost.exe -k netsvcs",
NULL,
NULL,
NULL,
NULL,
NULL);
if(hService == NULL) {
dw = GetLastError();
CloseServiceHandle(hSCM);
return dw;
}
if(hMod != NULL)
{
WCHAR DescString[500];
SERVICE_DESCRIPTION SvcDesc;
LoadString( hMod,
SECLOGON_STRING_DESCRIPTION,
DescString,
500
);
SvcDesc.lpDescription = DescString;
ChangeServiceConfig2( hService,
SERVICE_CONFIG_DESCRIPTION,
&SvcDesc
);
}
//
// Close the service and the SCM
//
CloseServiceHandle(hService);
CloseServiceHandle(hSCM);
return S_OK;
}
DWORD
RemoveService()
/*++
Routine Description:
deinstalls the service.
Arguments:
none.
Return Value:
as returned by service controller apis.
--*/
{
DWORD dw;
SC_HANDLE hService;
//
// Open the SCM on this machine.
//
SC_HANDLE hSCM = OpenSCManager(NULL, NULL, SC_MANAGER_CONNECT);
if(hSCM == NULL) {
dw = GetLastError();
return dw;
}
//
// Open this service for DELETE access
//
hService = OpenService(hSCM, wszSvcName, DELETE);
if(hService == NULL) {
dw = GetLastError();
CloseServiceHandle(hSCM);
return dw;
}
//
// Remove this service from the SCM's database.
//
DeleteService(hService);
//
// Close the service and the SCM
//
CloseServiceHandle(hService);
CloseServiceHandle(hSCM);
return S_OK;
}
void SvchostPushServiceGlobals(PSVCHOST_GLOBAL_DATA pGlobalData) {
// this entry point is called by svchost.exe
GlobalData=pGlobalData;
}
void SvcEntry_Seclogon
(IN DWORD argc,
IN WCHAR **argv)
/*++
Routine Description:
Entry point for the service dll when running in svchost.exe
Arguments:
Return Value:
--*/
{
ServiceMain(0,NULL);
UNREFERENCED_PARAMETER(argc);
UNREFERENCED_PARAMETER(argv);
}
STDAPI
DllRegisterServer(void)
/*++
Routine Description:
Arguments:
Return Value:
--*/
{
return InstallService();
}
STDAPI
DllUnregisterServer(void)
/*++
Routine Description:
Arguments:
Return Value:
--*/
{
return RemoveService();
}
DWORD InitGlobalState() {
ZeroMemory(&g_state, sizeof(g_state));
return ERROR_SUCCESS;
}
DWORD MySetServiceStatus(DWORD dwCurrentState, DWORD dwCheckPoint, DWORD dwWaitHint, DWORD dwExitCode) {
BOOL fResult;
DWORD dwResult;
DWORD dwAcceptStop;
int nNumProcesses;
EnterCriticalSection(&csForProcessCount);
nNumProcesses = g_nNumSecondaryLogonProcesses;
dwAcceptStop = 0 == nNumProcesses ? SERVICE_ACCEPT_STOP : 0;
g_state.serviceStatus.dwServiceType = SERVICE_WIN32_SHARE_PROCESS;
g_state.serviceStatus.dwCurrentState = dwCurrentState;
switch (dwCurrentState)
{
case SERVICE_STOPPED:
case SERVICE_STOP_PENDING:
g_state.serviceStatus.dwControlsAccepted = 0;
break;
case SERVICE_RUNNING:
case SERVICE_PAUSED:
g_state.serviceStatus.dwControlsAccepted =
// SERVICE_ACCEPT_SHUTDOWN
SERVICE_ACCEPT_PAUSE_CONTINUE
| dwAcceptStop;
break;
case SERVICE_START_PENDING:
case SERVICE_CONTINUE_PENDING:
case SERVICE_PAUSE_PENDING:
g_state.serviceStatus.dwControlsAccepted =
// SERVICE_ACCEPT_SHUTDOWN
dwAcceptStop;
break;
}
g_state.serviceStatus.dwWin32ExitCode = dwExitCode;
g_state.serviceStatus.dwCheckPoint = dwCheckPoint;
g_state.serviceStatus.dwWaitHint = dwWaitHint;
fResult = SetServiceStatus(g_state.hServiceStatus, &g_state.serviceStatus);
_JumpCondition(FALSE == fResult, SetServiceStatusError);
dwResult = ERROR_SUCCESS;
CommonReturn:
LeaveCriticalSection(&csForProcessCount);
return dwResult;
ErrorReturn:
goto CommonReturn;
SET_DWRESULT(SetServiceStatusError, GetLastError());
}
DWORD MySetServiceStopped(DWORD dwExitCode) {
BOOL fResult;
DWORD dwResult;
g_state.serviceStatus.dwServiceType = SERVICE_WIN32_SHARE_PROCESS;
g_state.serviceStatus.dwCurrentState = SERVICE_STOPPED;
g_state.serviceStatus.dwControlsAccepted = 0;
g_state.serviceStatus.dwWin32ExitCode = dwExitCode;
g_state.serviceStatus.dwCheckPoint = 0;
g_state.serviceStatus.dwWaitHint = 0;
fResult = SetServiceStatus(g_state.hServiceStatus, &g_state.serviceStatus);
_JumpCondition(FALSE == fResult, SetServiceStatusError);
dwResult = ERROR_SUCCESS;
CommonReturn:
return dwResult;
ErrorReturn:
goto CommonReturn;
SET_DWRESULT(SetServiceStatusError, GetLastError());
}
////////////////////////////////////////////////////////////////////////
//
// Implementation of RPC interface:
//
////////////////////////////////////////////////////////////////////////
void WINAPI SeclCreateProcessWithLogonW
(IN handle_t hRPCBinding,
IN SECL_SLI *pSeclSli,
OUT SECL_SLRI *pSeclSlri)
{
BOOL fIsImpersonatingClient = FALSE;
DWORD dwResult;
HANDLE hHeap = NULL;
PSECONDARYLOGONINFOW psli = NULL;
SECL_SLRI SeclSlri;
SECONDARYLOGONRETINFO slri;
ZeroMemory(&SeclSlri, sizeof(SeclSlri));
ZeroMemory(&slri, sizeof(slri));
// We don't want the service to be stopped while we're creating a process.
EnterCriticalSection(&csForProcessCount);
// Service isn't running anymore ... don't create the process.
_JumpCondition(SERVICE_RUNNING != g_state.serviceStatus.dwCurrentState, ServiceStoppedError);
hHeap = GetProcessHeap();
_JumpCondition(NULL == hHeap, MemoryError);
__try {
dwResult = To_SECONDARYLOGONINFOW(pSeclSli, &psli);
_JumpCondition(ERROR_SUCCESS != dwResult, To_SECONDARYLOGONINFOW_Error);
if (psli->LogonIdHighPart != 0 || psli->LogonIdLowPart != 0)
{
// This is probably a notification from winlogon.exe that
// a client is logging off. If so, we must clean up all processes
// they've left running.
int i;
LUID LogonId;
//
// We should impersonate the client,
// check it is LocalSystem and only then proceed.
//
fIsImpersonatingClient = RPC_S_OK == RpcImpersonateClient((RPC_BINDING_HANDLE)hRPCBinding);
if(FALSE == fIsImpersonatingClient || FALSE == IsSystemProcess())
{
slri.dwErrorCode = ERROR_INVALID_PARAMETER;
ZeroMemory(&slri.pi, sizeof(slri.pi));
}
else
{
LogonId.HighPart = psli->LogonIdHighPart;
LogonId.LowPart = psli->LogonIdLowPart;
for(i=0;i<MAXIMUM_SECLOGON_PROCESSES;i++)
{
//
// Let us destroy all jobs associated with
// this user. There could be more than one.
//
if(g_Jobs[i].Job == NULL)
continue;
if(g_Jobs[i].LogonId.HighPart == LogonId.HighPart && g_Jobs[i].LogonId.LowPart == LogonId.LowPart)
{
TerminateJobObject(g_Jobs[i].Job, 0);
}
}
slri.dwErrorCode = ERROR_SUCCESS;
ZeroMemory(&slri.pi, sizeof(slri.pi));
}
if (fIsImpersonatingClient)
{
// Ignore error: nothing we can do on failure!
if (RPC_S_OK == RpcRevertToSelfEx((RPC_BINDING_HANDLE)hRPCBinding))
{
fIsImpersonatingClient = FALSE;
}
}
}
else
{
// Ok, this isn't notification from winlogon, it's really a user
// trying to use the service. Create a process for them.
//
DWORD currentNumber;
currentNumber = g_nNumSecondaryLogonProcesses;
if(currentNumber == MAXIMUM_SECLOGON_PROCESSES)
{
slri.dwErrorCode = ERROR_NO_SYSTEM_RESOURCES;
ZeroMemory(&slri.pi, sizeof(slri.pi));
}
else
{
SlrCreateProcessWithLogon((RPC_BINDING_HANDLE)hRPCBinding, psli, &slri);
}
}
// If we've errored out, jump to the error handler.
_JumpCondition(NO_ERROR != slri.dwErrorCode, UnspecifiedSeclogonError);
}
__except (EXCEPTION_EXECUTE_HANDLER) {
// If anything goes wrong, return the exception code to the client
dwResult = GetExceptionCode();
goto ExceptionError;
}
CommonReturn:
// Do not free slri: this will be freed by the watchdog!
SeclSlri.hProcess = (unsigned __int64)slri.pi.hProcess;
SeclSlri.hThread = (unsigned __int64)slri.pi.hThread;
SeclSlri.ulProcessId = slri.pi.dwProcessId;
SeclSlri.ulThreadId = slri.pi.dwThreadId;
SeclSlri.ulErrorCode = slri.dwErrorCode;
LeaveCriticalSection(&csForProcessCount);
// Assign the OUT parameter:
*pSeclSlri = SeclSlri;
return;
ErrorReturn:
ZeroMemory(&slri.pi, sizeof(slri.pi));
if (NULL != psli) { Free_SECONDARYLOGONINFOW(psli); }
slri.dwErrorCode = dwResult;
goto CommonReturn;
SET_DWRESULT(ExceptionError, dwResult);
SET_DWRESULT(MemoryError, ERROR_NOT_ENOUGH_MEMORY);
SET_DWRESULT(ServiceStoppedError, ERROR_SERVICE_NOT_ACTIVE);
SET_DWRESULT(To_SECONDARYLOGONINFOW_Error, dwResult);
SET_DWRESULT(UnspecifiedSeclogonError, slri.dwErrorCode);
}
////////////////////////////////////////////////////////////////////////
//
// RPC Utility methods:
//
////////////////////////////////////////////////////////////////////////
DWORD SeclStartRpcServer() {
DWORD dwResult;
RPC_STATUS RpcStatus;
EnterCriticalSection(&csForProcessCount);
if (NULL != GlobalData) {
// we are running under services.exe - we have to play nicely and share
// the process's RPC server. (The other services wouldn't be happy if we
// shut it down while they were still using it.)
RpcStatus = GlobalData->StartRpcServer(wszSeclogonSharedProcEndpointName, ISeclogon_v1_0_s_ifspec);
_JumpCondition(RPC_S_OK != RpcStatus, StartRpcServerError);
}
dwResult = ERROR_SUCCESS;
CommonReturn:
LeaveCriticalSection(&csForProcessCount);
return dwResult;
ErrorReturn:
goto CommonReturn;
SET_DWRESULT(StartRpcServerError, RpcStatus);
}
DWORD SeclStopRpcServer() {
DWORD dwResult;
RPC_STATUS RpcStatus;
EnterCriticalSection(&csForProcessCount);
if (NULL != GlobalData) {
// we are running under services.exe - we have to play nicely and share
// the process's RPC server. (The other services wouldn't be happy if we
// shut it down while they were still using it.)
RpcStatus = GlobalData->StopRpcServer(ISeclogon_v1_0_s_ifspec);
_JumpCondition(RPC_S_OK != RpcStatus, StopRpcServerError);
}
dwResult = ERROR_SUCCESS;
CommonReturn:
LeaveCriticalSection(&csForProcessCount);
return dwResult;
ErrorReturn:
goto CommonReturn;
SET_DWRESULT(StopRpcServerError, RpcStatus);
}
HRESULT To_LPWSTR(IN SECL_STRING *pss,
OUT LPWSTR *ppwsz)
{
DWORD dwResult;
HANDLE hHeap = NULL;
LPWSTR pwsz = NULL;
hHeap = GetProcessHeap();
_JumpCondition(NULL == hHeap, GetProcessHeapError);
__try {
if (pss->ccLength > 0) {
// Prevent large heap allocs:
_JumpCondition(pss->ccLength > 4096, InvalidArgError);
pwsz = (LPWSTR)HeapAlloc(hHeap, HEAP_ZERO_MEMORY, pss->ccLength * sizeof(WCHAR));
_JumpCondition(NULL == pwsz, MemoryError);
CopyMemory(pwsz, pss->pwsz, pss->ccLength * sizeof(WCHAR));
}
} __except (EXCEPTION_EXECUTE_HANDLER) {
dwResult = GetExceptionCode();
goto ExceptionError;
}
*ppwsz = pwsz;
dwResult = ERROR_SUCCESS;
CommonReturn:
return dwResult;
ErrorReturn:
if (NULL != pwsz) { HeapFree(hHeap, 0, pwsz); }
goto CommonReturn;
SET_DWRESULT(ExceptionError, dwResult);
SET_DWRESULT(GetProcessHeapError, GetLastError());
SET_DWRESULT(InvalidArgError, ERROR_INVALID_PARAMETER);
SET_DWRESULT(MemoryError, ERROR_NOT_ENOUGH_MEMORY);
}
void Free_SECONDARYLOGONINFOW(IN PSECONDARYLOGONINFOW psli) {
HANDLE hHeap = GetProcessHeap();
if (NULL == hHeap)
return;
if (NULL != psli) {
if (NULL != psli->lpStartupInfo) {
if (NULL != psli->lpStartupInfo->lpDesktop) { HeapFree(hHeap, 0, psli->lpStartupInfo->lpDesktop); }
if (NULL != psli->lpStartupInfo->lpTitle) { HeapFree(hHeap, 0, psli->lpStartupInfo->lpTitle); }
HeapFree(hHeap, 0, psli->lpStartupInfo);
}
if (NULL != psli->lpUsername) { HeapFree(hHeap, 0, psli->lpUsername); }
if (NULL != psli->lpDomain) { HeapFree(hHeap, 0, psli->lpDomain); }
if (NULL != psli->lpPassword) { HeapFree(hHeap, 0, psli->lpPassword); }
if (NULL != psli->lpApplicationName) { HeapFree(hHeap, 0, psli->lpApplicationName); }
if (NULL != psli->lpCommandLine) { HeapFree(hHeap, 0, psli->lpCommandLine); }
if (NULL != psli->lpCurrentDirectory) { HeapFree(hHeap, 0, (LPVOID)psli->lpCurrentDirectory); }
if (NULL != psli->hWinsta && psli->fFreeWinsta) { CloseHandle(psli->hWinsta); }
if (NULL != psli->hDesk && psli->fFreeDesk) { CloseHandle(psli->hDesk); }
HeapFree(hHeap, 0, psli);
}
}
DWORD To_SECONDARYLOGONINFOW(IN PSECL_SLI pSeclSli,
OUT PSECONDARYLOGONINFOW *ppsli)
{
DWORD dwAllocFlags = HEAP_ZERO_MEMORY;
DWORD dwIndex;
DWORD dwResult;
HANDLE hHeap = NULL;
PSECONDARYLOGONINFOW psli = NULL;
hHeap = GetProcessHeap();
_JumpCondition(NULL == hHeap, GetProcessHeapError);
psli = (PSECONDARYLOGONINFOW)HeapAlloc(hHeap, dwAllocFlags, sizeof(SECONDARYLOGONINFOW));
_JumpCondition(NULL == psli, MemoryError);
psli->lpStartupInfo = (LPSTARTUPINFO)HeapAlloc(hHeap, dwAllocFlags, sizeof(STARTUPINFO));
_JumpCondition(NULL == psli->lpStartupInfo, MemoryError);
__try {
{
struct {
SECL_STRING *pss;
LPWSTR *ppwsz;
} rg_StringsToMap[] = {
{ &(pSeclSli->ssDesktop), /* Is mapped to ----> */ &(psli->lpStartupInfo->lpDesktop) },
{ &(pSeclSli->ssTitle), /* Is mapped to ----> */ &(psli->lpStartupInfo->lpTitle) },
{ &(pSeclSli->ssUsername), /* Is mapped to ----> */ &(psli->lpUsername) },
{ &(pSeclSli->ssDomain), /* Is mapped to ----> */ &(psli->lpDomain) },
{ &(pSeclSli->ssPassword), /* Is mapped to ----> */ &(psli->lpPassword) },
{ &(pSeclSli->ssApplicationName), /* Is mapped to ----> */ &(psli->lpApplicationName) },
{ &(pSeclSli->ssCommandLine), /* Is mapped to ----> */ &(psli->lpCommandLine) },
{ &(pSeclSli->ssCurrentDirectory), /* Is mapped to ----> */ (LPWSTR *)&(psli->lpCurrentDirectory) }
};
for (dwIndex = 0; dwIndex < ARRAYSIZE(rg_StringsToMap); dwIndex++) {
dwResult = To_LPWSTR(rg_StringsToMap[dwIndex].pss, rg_StringsToMap[dwIndex].ppwsz);
_JumpCondition(ERROR_SUCCESS != dwResult, To_LPWSTR_Error);
}
}
if (pSeclSli->sbEnvironment.cb > 0) {
psli->lpEnvironment = HeapAlloc(hHeap, dwAllocFlags, pSeclSli->sbEnvironment.cb);
_JumpCondition(NULL == psli->lpEnvironment, MemoryError);
CopyMemory(psli->lpEnvironment, pSeclSli->sbEnvironment.pb, pSeclSli->sbEnvironment.cb);
}
} __except (EXCEPTION_EXECUTE_HANDLER) {
dwResult = GetExceptionCode();
goto ExceptionError;
}
psli->dwProcessId = pSeclSli->ulProcessId;
psli->LogonIdLowPart = pSeclSli->ulLogonIdLowPart;
psli->LogonIdHighPart = pSeclSli->lLogonIdHighPart;
psli->dwLogonFlags = pSeclSli->ulLogonFlags;
psli->dwCreationFlags = pSeclSli->ulCreationFlags;
psli->dwSeclogonFlags = pSeclSli->ulSeclogonFlags;
psli->hWinsta = (HANDLE)pSeclSli->hWinsta;
psli->hDesk = (HANDLE)pSeclSli->hDesk;
*ppsli = psli;
dwResult = ERROR_SUCCESS;
CommonReturn:
return dwResult;
ErrorReturn:
Free_SECONDARYLOGONINFOW(psli);
goto CommonReturn;
SET_DWRESULT(ExceptionError, dwResult);
SET_DWRESULT(GetProcessHeapError, GetLastError());
SET_DWRESULT(MemoryError, ERROR_NOT_ENOUGH_MEMORY);
SET_DWRESULT(To_LPWSTR_Error, dwResult);
}
//////////////////////////////// End Of File /////////////////////////////////
Reference in a new issue View git blame Copy permalink