windows-nt/Source/XPSP1/NT/base/subsys/sm/server/smloop.c

/*++

Copyright (c) 1989  Microsoft Corporation

Module Name:

    smloop.c

Abstract:

    Session Manager Listen and API loops

Author:

    Mark Lucovsky (markl) 04-Oct-1989

Revision History:

--*/

#include "smsrvp.h"

#include <ntosp.h>  //  Only for the interlocked functions. 


#define SM_WORKER_THREADS_LIMIT 4

ULONG_PTR SmUniqueProcessId;

LONG SmpCurrentThreadsLimit = SM_WORKER_THREADS_LIMIT;
LONG SmWorkerThreadsAvailable = 0;
LONG SmTotalApiThreads = 0;

PSMP_CLIENT_CONTEXT SmpDeferredFreeList = NULL;


NTSTATUS
SmpHandleConnectionRequest(
    IN HANDLE ConnectionPort,
    IN PSBAPIMSG Message
    );


PSMAPI SmpApiDispatch[SmMaxApiNumber] = {
    SmpCreateForeignSession,
    SmpSessionComplete,
    SmpTerminateForeignSession,
    SmpExecPgm,
    SmpLoadDeferedSubsystem,
    SmpStartCsr,
    SmpStopCsr
    };


#if DBG
PSZ SmpApiName[ SmMaxApiNumber+1 ] = {
    "SmCreateForeignSession",
    "SmSessionComplete",
    "SmTerminateForeignSession",
    "SmExecPgm",
    "SmLoadDeferedSubsystem",
    "SmStartCsr",
    "SmStopCsr",
    "Unknown Sm Api Number"
};
#endif // DBG

EXCEPTION_DISPOSITION
DbgpUnhandledExceptionFilter(
    struct _EXCEPTION_POINTERS *ExceptionInfo
    );

VOID
SmpFlushDeferredList()
{
    PSMP_CLIENT_CONTEXT Head = SmpDeferredFreeList;

    SmpDeferredFreeList = NULL;

    while (Head != NULL) {

        PSMP_CLIENT_CONTEXT ClientContext = Head;
        NTSTATUS Status;
        Head = Head->Link;

        if (ClientContext->ClientProcessHandle) {
           Status = NtClose( ClientContext->ClientProcessHandle );
           ASSERT(NT_SUCCESS(Status));
        }
        Status = NtClose( ClientContext->ServerPortHandle );
        ASSERT(NT_SUCCESS(Status));
        RtlFreeHeap( SmpHeap, 0, ClientContext );
    }

    SmpCurrentThreadsLimit = SM_WORKER_THREADS_LIMIT;
}

VOID
SmpPushDeferredClientContext(
    PSMP_CLIENT_CONTEXT ClientContext
    )
{
    PSMP_CLIENT_CONTEXT CapturedHead;

    do {
        
        CapturedHead = SmpDeferredFreeList;

        ClientContext->Link = CapturedHead;

    } while ( InterlockedCompareExchangePointer(&SmpDeferredFreeList, ClientContext, CapturedHead) != CapturedHead );
    
    SmpCurrentThreadsLimit = 1;
}



NTSTATUS
SmpApiLoop (
    IN PVOID ThreadParameter
    )

/*++

Routine Description:

    This is the main Session Manager API Loop. It
    services session manager API requests.

Arguments:

    ThreadParameter - Supplies a handle to the API port used
        to receive session manager API requests.

Return Value:

    None.

--*/

{
    PSMAPIMSG SmApiReplyMsg;
    SMMESSAGE_SIZE MsgBuf;

    PSMAPIMSG SmApiMsg;
    NTSTATUS Status;
    HANDLE ConnectionPort;
    PSMP_CLIENT_CONTEXT ClientContext;
    PSMPKNOWNSUBSYS KnownSubSys;
    PROCESS_BASIC_INFORMATION ProcessInfo;

    InterlockedIncrement(&SmTotalApiThreads);

    RtlSetThreadIsCritical(TRUE, NULL, TRUE);

    NtQueryInformationProcess( NtCurrentProcess(),
                               ProcessBasicInformation,
                               &ProcessInfo,
                               sizeof(ProcessInfo),
                               NULL );
    SmUniqueProcessId = ProcessInfo.UniqueProcessId;

    ConnectionPort = (HANDLE) ThreadParameter;

    SmApiMsg = (PSMAPIMSG)&MsgBuf;
    SmApiReplyMsg = NULL;
    try {
        for(;;) {

            {
                LONG CapturedThreads;

                do {

                    CapturedThreads = SmWorkerThreadsAvailable;

                    if (CapturedThreads >= SmpCurrentThreadsLimit) {

                        if (SmApiReplyMsg) {

                            Status = NtReplyPort(
                                        ConnectionPort,
                                        (PPORT_MESSAGE) SmApiReplyMsg
                                        );

                        }

                        InterlockedDecrement(&SmTotalApiThreads);
                        RtlSetThreadIsCritical(FALSE, NULL, TRUE);

                        RtlExitUserThread(STATUS_SUCCESS);

                        //
                        //  RtlExitUserThread never returns
                        //
                    }

                } while ( InterlockedCompareExchange(&SmWorkerThreadsAvailable, CapturedThreads + 1, CapturedThreads) !=  CapturedThreads);

            }
            
            if (SmTotalApiThreads == 1) {

                SmpFlushDeferredList();
            }

            Status = NtReplyWaitReceivePort(
                        ConnectionPort,
                        (PVOID *) &ClientContext,
                        (PPORT_MESSAGE) SmApiReplyMsg,
                        (PPORT_MESSAGE) SmApiMsg
                        );

            //
            //  Launching at the same time a several subsystems can deadlock smss
            //  if it has only two worker threads.
            //  We create more threads if there is no server thread available
            //

            if (InterlockedDecrement(&SmWorkerThreadsAvailable) == 0) {
                
                NTSTATUS st = RtlCreateUserThread(
                        NtCurrentProcess(),
                        NULL,
                        FALSE,
                        0L,
                        0L,
                        0L,
                        SmpApiLoop,
                        (PVOID) ThreadParameter,
                        NULL,
                        NULL
                        );
            }

            if ( !NT_SUCCESS(Status) ) {
                SmApiReplyMsg = NULL;
                continue;
            } else if ( SmApiMsg->h.u2.s2.Type == LPC_CONNECTION_REQUEST ) {
                SmpHandleConnectionRequest( ConnectionPort,
                                            (PSBAPIMSG) SmApiMsg
                                          );
                SmApiReplyMsg = NULL;
            } else if ( SmApiMsg->h.u2.s2.Type == LPC_PORT_CLOSED ) {
                if (ClientContext) {
                   SmpPushDeferredClientContext(ClientContext);
                }
                SmApiReplyMsg = NULL;
            } else {

                if ( !ClientContext ) {
                    SmApiReplyMsg = NULL;
                    continue;
                    }

                KnownSubSys = ClientContext->KnownSubSys;

                SmApiMsg->ReturnedStatus = STATUS_PENDING;

                if ((ULONG) SmApiMsg->ApiNumber >= (ULONG) SmMaxApiNumber ) {

                    Status = STATUS_NOT_IMPLEMENTED;

                } else {

                    switch (SmApiMsg->ApiNumber) {
                        case SmExecPgmApi :
                            Status = (SmpApiDispatch[SmApiMsg->ApiNumber])(
                                          SmApiMsg,
                                          ClientContext,
                                          ConnectionPort);
                            break;

                        case SmLoadDeferedSubsystemApi :
                            Status = (SmpApiDispatch[SmApiMsg->ApiNumber])(
                                          SmApiMsg,
                                          ClientContext,
                                          ConnectionPort);
                            break;


                        case SmStopCsrApi :
                        case SmStartCsrApi :

                            // 
                            // These Api's can only be called from a system process
                            //
                            if (ClientContext->SecurityContext == UNKNOWN_CONTEXT) {
                                // 
                                // Initialize the client security context
                                //
                                ClientContext->SecurityContext =
                                             SmpClientSecurityContext ((PPORT_MESSAGE)SmApiMsg,
                                                                       ClientContext->ServerPortHandle);
                            }

                            if (ClientContext->SecurityContext == SYSTEM_CONTEXT) {

                                Status = (SmpApiDispatch[SmApiMsg->ApiNumber])(
                                              SmApiMsg,
                                              ClientContext,
                                              ConnectionPort);
                                                                
                            } else {
#if DBG
                               KdPrint(("SMSS: Calling Sm Terminal Server Api from Non-System context.Status = STATUS_ACCESS_DENIED\n"));
#endif

                               Status = STATUS_ACCESS_DENIED;

                            }
                            break;

                        case SmCreateForeignSessionApi :
                        case SmSessionCompleteApi :
                        case SmTerminateForeignSessionApi :
                            if (!KnownSubSys) {
                                Status = STATUS_INVALID_PARAMETER;
                            } else {

                                Status =
                                    (SmpApiDispatch[SmApiMsg->ApiNumber])(
                                         SmApiMsg,
                                         ClientContext,
                                         ConnectionPort);
                            }
                            break;

                    }

                }

                SmApiMsg->ReturnedStatus = Status;
                SmApiReplyMsg = SmApiMsg;
            }
        }
    } except (DbgpUnhandledExceptionFilter( GetExceptionInformation() )) {
        ;
    }

    //
    // Make the compiler happy
    //

    return STATUS_UNSUCCESSFUL;
}


NTSTATUS
SmpHandleConnectionRequest(
    IN HANDLE ConnectionPort,
    IN PSBAPIMSG Message
    )

/*++

Routine Description:

    This routine handles connection requests from either known subsystems,
    or other clients. Other clients are admin processes.

    The protocol for connection from a known subsystem is:

        capture the name of the subsystem's Sb API port

        Accept the connection

        Connect to the subsystems Sb API port

        Store the communication port handle in the known subsystem database

        signal the event associated with the known subsystem

    The protocol for others is to simply validate and accept the connection
    request.

Arguments:

Return Value:

    None.

--*/

{
    NTSTATUS st;
    HANDLE CommunicationPort;
    REMOTE_PORT_VIEW ClientView;
    PSBCONNECTINFO ConnectInfo;
    ULONG ConnectInfoLength;
    PSMPKNOWNSUBSYS KnownSubSys, KnownSubSys2;
    BOOLEAN Accept;
    UNICODE_STRING SubSystemPort;
    SECURITY_QUALITY_OF_SERVICE DynamicQos;
    PSMP_CLIENT_CONTEXT ClientContext;
    OBJECT_ATTRIBUTES ObjA;
    HANDLE ClientProcessHandle=NULL;
    ULONG MuSessionId = 0;

    //
    // Set up the security quality of service parameters to use over the
    // sb API port.  Use the most efficient (least overhead) - which is dynamic
    // rather than static tracking.
    //

    DynamicQos.ImpersonationLevel = SecurityIdentification;
    DynamicQos.ContextTrackingMode = SECURITY_DYNAMIC_TRACKING;
    DynamicQos.EffectiveOnly = TRUE;


    Accept = TRUE; // Assume we will accept
    //
    // Get MuSessionId of the client if session manager is not connecting to itself
    //
    if ( (ULONG_PTR) Message->h.ClientId.UniqueProcess == SmUniqueProcessId ) {
        KnownSubSys = NULL;
        ClientProcessHandle = NULL;
    } else {
        InitializeObjectAttributes( &ObjA, NULL, 0, NULL, NULL );
        st = NtOpenProcess( &ClientProcessHandle, PROCESS_QUERY_INFORMATION,
                            &ObjA, &Message->h.ClientId );
        if (NT_SUCCESS (st)) {
           SmpGetProcessMuSessionId( ClientProcessHandle, &MuSessionId );
        } else {
           Accept = FALSE;
        }
    }

    ConnectInfo = &Message->ConnectionRequest;
    KnownSubSys = SmpLocateKnownSubSysByCid(&Message->h.ClientId);

    if ( (KnownSubSys) && (Accept == TRUE) ) {
        KnownSubSys2 = SmpLocateKnownSubSysByType(MuSessionId, ConnectInfo->SubsystemImageType);


        if (KnownSubSys2 == KnownSubSys ) {
            Accept = FALSE;
            KdPrint(("SMSS: Connection from SubSystem rejected\n"));
            KdPrint(("SMSS: Image type already being served\n"));
        } else {
            KnownSubSys->ImageType = ConnectInfo->SubsystemImageType;
        }
        if (KnownSubSys2) {
            RtlEnterCriticalSection( &SmpKnownSubSysLock );
            SmpDeferenceKnownSubSys(KnownSubSys2);
            RtlLeaveCriticalSection( &SmpKnownSubSysLock );
        }
    }

    if (Accept) {
        ClientContext = RtlAllocateHeap(SmpHeap, MAKE_TAG( SM_TAG ), sizeof(SMP_CLIENT_CONTEXT));
        if ( ClientContext ) {
            ClientContext->ClientProcessHandle = ClientProcessHandle;
            ClientContext->KnownSubSys = KnownSubSys;

            //
            // The sm apis used by Terminal Server to start and stop CSR
            // do not get called from known subsystems and are restricted
            // to system processes only.
            //

            ClientContext->SecurityContext = UNKNOWN_CONTEXT;
            ClientContext->ServerPortHandle = NULL;
        } else {
            Accept = FALSE;
        }
    }

    ClientView.Length = sizeof(ClientView);
    st = NtAcceptConnectPort(
            &CommunicationPort,
            ClientContext,
            (PPORT_MESSAGE)Message,
            Accept,
            NULL,
            &ClientView
            );

    if ( Accept ) {        

        if (NT_SUCCESS (st)) {
            if (ClientContext) {

                ClientContext->ServerPortHandle = CommunicationPort;

            }
        

            if ( KnownSubSys ) {
                KnownSubSys->SmApiCommunicationPort = CommunicationPort;
            }

            st = NtCompleteConnectPort(CommunicationPort);
            if (!NT_SUCCESS(st)) {
               
                if ( KnownSubSys ) {
                   KnownSubSys->SmApiCommunicationPort = NULL;
                   RtlEnterCriticalSection( &SmpKnownSubSysLock );
                   SmpDeferenceKnownSubSys(KnownSubSys);
                   RtlLeaveCriticalSection( &SmpKnownSubSysLock );
               }
               
               return st;
            }

            //
            // Connect Back to subsystem.
            //

            if ( KnownSubSys ) {
                ConnectInfo->EmulationSubSystemPortName[
                   sizeof (ConnectInfo->EmulationSubSystemPortName)/sizeof (WCHAR) - 1] = '\0';
                RtlCreateUnicodeString( &SubSystemPort,
                                        ConnectInfo->EmulationSubSystemPortName
                                      );
                ConnectInfoLength = sizeof( *ConnectInfo );

                st = NtConnectPort(
                        &KnownSubSys->SbApiCommunicationPort,
                        &SubSystemPort,
                        &DynamicQos,
                        NULL,
                        NULL,
                        NULL,
                        NULL,
                        NULL
                        );
                if ( !NT_SUCCESS(st) ) {
                    KdPrint(("SMSS: Connect back to Sb %wZ failed %lx\n",&SubSystemPort,st));
                }

                RtlFreeUnicodeString( &SubSystemPort );
                NtSetEvent(KnownSubSys->Active,NULL);
            }
        } else {
            if (ClientProcessHandle) {
               NtClose( ClientProcessHandle );
            }
            RtlFreeHeap( SmpHeap, 0, ClientContext );
        }
    } else {
        if (ClientProcessHandle) {
            NtClose( ClientProcessHandle );
        }
    }
    if (KnownSubSys) {
        RtlEnterCriticalSection( &SmpKnownSubSysLock );
        SmpDeferenceKnownSubSys(KnownSubSys);
        RtlLeaveCriticalSection( &SmpKnownSubSysLock );
    }

    return st;
}


PSMPKNOWNSUBSYS
SmpLocateKnownSubSysByCid(
    IN PCLIENT_ID ClientId
    )

/*++

Routine Description:

    This function scans the known subsystem table looking for
    a matching client id (just UniqueProcess portion). If found,
    than the connection request is from a known subsystem and
    accept is always granted. Otherwise, it must be an administrative
    process.

Arguments:

    ClientId - Supplies the ClientId whose UniqueProcess field is to be used
        in the known subsystem scan.

Return Value:

    NULL - The ClientId does not match a known subsystem.

    NON-NULL - Returns the address of the known subsystem.

--*/

{

    PSMPKNOWNSUBSYS KnownSubSys = NULL;
    PLIST_ENTRY Next;

    //
    // Acquire known subsystem lock.
    //

    RtlEnterCriticalSection(&SmpKnownSubSysLock);

    Next = SmpKnownSubSysHead.Flink;

    while ( Next != &SmpKnownSubSysHead ) {

        KnownSubSys = CONTAINING_RECORD(Next,SMPKNOWNSUBSYS,Links);
        Next = Next->Flink;


            if ( (KnownSubSys->InitialClientId.UniqueProcess == ClientId->UniqueProcess) &&
                !KnownSubSys->Deleting ) {
               SmpReferenceKnownSubSys(KnownSubSys);
               break;
        } else {
            KnownSubSys = NULL;
        }
    }

    //
    // Unlock known subsystems.
    //

    RtlLeaveCriticalSection(&SmpKnownSubSysLock);

    return KnownSubSys;
}


PSMPKNOWNSUBSYS
SmpLocateKnownSubSysByType(
    IN ULONG MuSessionId,
    IN ULONG ImageType
    )

/*++

Routine Description:

    This function scans the known subsystem table looking for
    a matching image type.

Arguments:

    ImageType - Supplies the image type whose subsystem is to be located.

Return Value:

    NULL - The image type does not match a known subsystem.

    NON-NULL - Returns the address of the known subsystem.

--*/

{

    PSMPKNOWNSUBSYS KnownSubSys = NULL;
    PLIST_ENTRY Next;

    //
    // Aquire known subsystem lock
    //

    RtlEnterCriticalSection(&SmpKnownSubSysLock);

    Next = SmpKnownSubSysHead.Flink;

    while ( Next != &SmpKnownSubSysHead ) {

        KnownSubSys = CONTAINING_RECORD(Next,SMPKNOWNSUBSYS,Links);
        Next = Next->Flink;


            if ( (KnownSubSys->ImageType == ImageType) &&
             !KnownSubSys->Deleting                &&
               (KnownSubSys->MuSessionId == MuSessionId) ) {
                SmpReferenceKnownSubSys(KnownSubSys);
                break;
        } else {
            KnownSubSys = NULL;
        }
    }

    //
    // Unlock known subsystems.
    //

    RtlLeaveCriticalSection(&SmpKnownSubSysLock);

    return KnownSubSys;
}

ENUMSECURITYCONTEXT
SmpClientSecurityContext (
    IN PPORT_MESSAGE Message,
    IN HANDLE ServerPortHandle
    )
/*++

Routine Description:

    Impersonate the client and check if it is running under system security context

Arguments:

 PPORT_MESSAGE          - LPC message pointer
 ServerPortHandle       - LPC Port Handle

Return Value:

 SYSTEM_CONTEXT - Client is running under system LUID
 NONSYSTEM_CONTEXT - Failure or client is not running under system LUID

--*/

{
    NTSTATUS NtStatus ;
    HANDLE ImpersonationToken;
    HANDLE TokenHandle;
    TOKEN_STATISTICS TokenStatisticsInformation;
    ULONG Size;
    ENUMSECURITYCONTEXT retval = NONSYSTEM_CONTEXT;
    LUID SystemAuthenticationId = SYSTEM_LUID;
    

    NtStatus = NtImpersonateClientOfPort(ServerPortHandle,
                                        Message);

    if (!NT_SUCCESS(NtStatus)) {

#if DBG
        KdPrint(( "SMSS: NtImpersonateClientOfPort failed: 0x%lX\n",
                        NtStatus)) ;
#endif

        return NONSYSTEM_CONTEXT ;
    }

    //
    // Get the Token Handle.
    //

    if (NT_SUCCESS(NtOpenThreadToken (NtCurrentThread(),
                                     TOKEN_IMPERSONATE | TOKEN_QUERY,
                                     FALSE,
                                     &TokenHandle) == FALSE)) {

        
        if (NT_SUCCESS(NtQueryInformationToken(
                                 TokenHandle,
                                 TokenStatistics,
                                 &TokenStatisticsInformation,
                                 sizeof(TokenStatisticsInformation),
                                 &Size
                                 ))) {

            if ( RtlEqualLuid ( &TokenStatisticsInformation.AuthenticationId,
                                    &SystemAuthenticationId ) ) {

                retval = SYSTEM_CONTEXT;

            }
                

        }

        
        NtClose(TokenHandle);


    } else {

#if DBG
        KdPrint(( "SMSS:  OpenThreadToken failed\n")) ;
#endif

    }


    //
    //Revert to Self
    //
    
    ImpersonationToken = 0;

    NtStatus = NtSetInformationThread(NtCurrentThread(),
                                      ThreadImpersonationToken,
                                      &ImpersonationToken,
                                      sizeof(HANDLE));

#if DBG
    if (!NT_SUCCESS(NtStatus)) {
        KdPrint(( "SMSS:  NtSetInformationThread : %lx\n", NtStatus));
    }
#endif // DBG


    return retval;


}