1 | /* $Id: VBoxServiceVMInfo-win.cpp 106246 2024-10-08 17:50:15Z vboxsync $ */
|
---|
2 | /** @file
|
---|
3 | * VBoxService - Virtual Machine Information for the Host, Windows specifics.
|
---|
4 | */
|
---|
5 |
|
---|
6 | /*
|
---|
7 | * Copyright (C) 2009-2024 Oracle and/or its affiliates.
|
---|
8 | *
|
---|
9 | * This file is part of VirtualBox base platform packages, as
|
---|
10 | * available from https://www.virtualbox.org.
|
---|
11 | *
|
---|
12 | * This program is free software; you can redistribute it and/or
|
---|
13 | * modify it under the terms of the GNU General Public License
|
---|
14 | * as published by the Free Software Foundation, in version 3 of the
|
---|
15 | * License.
|
---|
16 | *
|
---|
17 | * This program is distributed in the hope that it will be useful, but
|
---|
18 | * WITHOUT ANY WARRANTY; without even the implied warranty of
|
---|
19 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
---|
20 | * General Public License for more details.
|
---|
21 | *
|
---|
22 | * You should have received a copy of the GNU General Public License
|
---|
23 | * along with this program; if not, see <https://www.gnu.org/licenses>.
|
---|
24 | *
|
---|
25 | * SPDX-License-Identifier: GPL-3.0-only
|
---|
26 | */
|
---|
27 |
|
---|
28 |
|
---|
29 | /*********************************************************************************************************************************
|
---|
30 | * Header Files *
|
---|
31 | *********************************************************************************************************************************/
|
---|
32 | #if defined(_WIN32_WINNT) && _WIN32_WINNT < 0x0600
|
---|
33 | # undef _WIN32_WINNT
|
---|
34 | # define _WIN32_WINNT 0x0600 /* QueryFullProcessImageNameW in recent SDKs. */
|
---|
35 | #endif
|
---|
36 | #include <iprt/win/windows.h>
|
---|
37 | #include <wtsapi32.h> /* For WTS* calls. */
|
---|
38 | #include <psapi.h> /* EnumProcesses. */
|
---|
39 | #include <sddl.h> /* For ConvertSidToStringSidW. */
|
---|
40 | #include <Ntsecapi.h> /* Needed for process security information. */
|
---|
41 |
|
---|
42 | #include <iprt/assert.h>
|
---|
43 | #include <iprt/ldr.h>
|
---|
44 | #include <iprt/localipc.h>
|
---|
45 | #include <iprt/mem.h>
|
---|
46 | #include <iprt/once.h>
|
---|
47 | #include <iprt/process.h>
|
---|
48 | #include <iprt/string.h>
|
---|
49 | #include <iprt/semaphore.h>
|
---|
50 | #include <iprt/system.h>
|
---|
51 | #include <iprt/time.h>
|
---|
52 | #include <iprt/thread.h>
|
---|
53 | #include <iprt/utf16.h>
|
---|
54 |
|
---|
55 | #include <VBox/VBoxGuestLib.h>
|
---|
56 | #include "VBoxServiceInternal.h"
|
---|
57 | #include "VBoxServiceUtils.h"
|
---|
58 | #include "VBoxServiceVMInfo.h"
|
---|
59 | #include "../../WINNT/VBoxTray/VBoxTrayMsg.h" /* For IPC. */
|
---|
60 |
|
---|
61 |
|
---|
62 | /*********************************************************************************************************************************
|
---|
63 | * Structures and Typedefs *
|
---|
64 | *********************************************************************************************************************************/
|
---|
65 | /* advapi32.dll: */
|
---|
66 | typedef BOOL (WINAPI *PFNCONVERTSIDTOSTRINGSIDW)(PSID, LPWSTR *);
|
---|
67 |
|
---|
68 | /* advapi32.dll: */
|
---|
69 | static PFNCONVERTSIDTOSTRINGSIDW g_pfnConvertSidToStringSidW = NULL;
|
---|
70 |
|
---|
71 | /** Structure for storing the looked up user information. */
|
---|
72 | typedef struct VBOXSERVICEVMINFOUSER
|
---|
73 | {
|
---|
74 | WCHAR wszUser[MAX_PATH];
|
---|
75 | WCHAR wszAuthenticationPackage[MAX_PATH];
|
---|
76 | WCHAR wszLogonDomain[MAX_PATH];
|
---|
77 | /** Number of assigned user processes. */
|
---|
78 | ULONG ulNumProcs;
|
---|
79 | /** Last (highest) session ID. This
|
---|
80 | * is needed for distinguishing old session
|
---|
81 | * process counts from new (current) session
|
---|
82 | * ones. */
|
---|
83 | ULONG ulLastSession;
|
---|
84 | } VBOXSERVICEVMINFOUSER, *PVBOXSERVICEVMINFOUSER;
|
---|
85 |
|
---|
86 | /** Structure for the file information lookup. */
|
---|
87 | typedef struct VBOXSERVICEVMINFOFILE
|
---|
88 | {
|
---|
89 | const char *pszFilePath;
|
---|
90 | const char *pszFileName;
|
---|
91 | } VBOXSERVICEVMINFOFILE, *PVBOXSERVICEVMINFOFILE;
|
---|
92 |
|
---|
93 | /** Structure for process information lookup. */
|
---|
94 | typedef struct VBOXSERVICEVMINFOPROC
|
---|
95 | {
|
---|
96 | /** The PID. */
|
---|
97 | DWORD id;
|
---|
98 | /** The SID. */
|
---|
99 | PSID pSid;
|
---|
100 | /** The LUID. */
|
---|
101 | LUID luid;
|
---|
102 | /** Interactive process. */
|
---|
103 | bool fInteractive;
|
---|
104 | } VBOXSERVICEVMINFOPROC, *PVBOXSERVICEVMINFOPROC;
|
---|
105 |
|
---|
106 |
|
---|
107 | /*********************************************************************************************************************************
|
---|
108 | * Internal Functions *
|
---|
109 | *********************************************************************************************************************************/
|
---|
110 | static uint32_t vgsvcVMInfoWinSessionHasProcesses(PLUID pSession, PVBOXSERVICEVMINFOPROC const paProcs, DWORD cProcs);
|
---|
111 | static bool vgsvcVMInfoWinIsLoggedIn(PVBOXSERVICEVMINFOUSER a_pUserInfo, PLUID a_pSession);
|
---|
112 | static int vgsvcVMInfoWinProcessesEnumerate(PVBOXSERVICEVMINFOPROC *ppProc, DWORD *pdwCount);
|
---|
113 | static void vgsvcVMInfoWinProcessesFree(DWORD cProcs, PVBOXSERVICEVMINFOPROC paProcs);
|
---|
114 | static int vgsvcVMInfoWinWriteLastInput(PVBOXSERVICEVEPROPCACHE pCache, const char *pszUser, const char *pszDomain);
|
---|
115 |
|
---|
116 |
|
---|
117 | /*********************************************************************************************************************************
|
---|
118 | * Global Variables *
|
---|
119 | *********************************************************************************************************************************/
|
---|
120 | static uint32_t s_uDebugGuestPropClientID = 0;
|
---|
121 | static uint32_t s_uDebugIter = 0;
|
---|
122 | /** Whether to skip the logged-in user detection over RDP or not.
|
---|
123 | * See notes in this section why we might want to skip this. */
|
---|
124 | static bool s_fSkipRDPDetection = false;
|
---|
125 |
|
---|
126 | static RTONCE g_vgsvcWinVmInitOnce = RTONCE_INITIALIZER;
|
---|
127 |
|
---|
128 | /** @name Secur32.dll imports are dynamically resolved because of NT4.
|
---|
129 | * @{ */
|
---|
130 | static decltype(LsaGetLogonSessionData) *g_pfnLsaGetLogonSessionData = NULL;
|
---|
131 | static decltype(LsaEnumerateLogonSessions) *g_pfnLsaEnumerateLogonSessions = NULL;
|
---|
132 | static decltype(LsaFreeReturnBuffer) *g_pfnLsaFreeReturnBuffer = NULL;
|
---|
133 | /** @} */
|
---|
134 |
|
---|
135 | /** @name WtsApi32.dll imports are dynamically resolved because of NT4.
|
---|
136 | * @{ */
|
---|
137 | static decltype(WTSFreeMemory) *g_pfnWTSFreeMemory = NULL;
|
---|
138 | static decltype(WTSQuerySessionInformationA) *g_pfnWTSQuerySessionInformationA = NULL;
|
---|
139 | /** @} */
|
---|
140 |
|
---|
141 | /** @name PsApi.dll imports are dynamically resolved because of NT4.
|
---|
142 | * @{ */
|
---|
143 | static decltype(EnumProcesses) *g_pfnEnumProcesses = NULL;
|
---|
144 | static decltype(GetModuleFileNameExW) *g_pfnGetModuleFileNameExW = NULL;
|
---|
145 | /** @} */
|
---|
146 |
|
---|
147 | /** @name New Kernel32.dll APIs we may use when present.
|
---|
148 | * @{ */
|
---|
149 | static decltype(QueryFullProcessImageNameW) *g_pfnQueryFullProcessImageNameW = NULL;
|
---|
150 |
|
---|
151 | /** @} */
|
---|
152 |
|
---|
153 |
|
---|
154 | /**
|
---|
155 | * An RTOnce callback function.
|
---|
156 | */
|
---|
157 | static DECLCALLBACK(int) vgsvcWinVmInfoInitOnce(void *pvIgnored)
|
---|
158 | {
|
---|
159 | RT_NOREF1(pvIgnored);
|
---|
160 |
|
---|
161 | /* SECUR32 */
|
---|
162 | RTLDRMOD hLdrMod;
|
---|
163 | int rc = RTLdrLoadSystem("secur32.dll", true /*fNoUnload*/, &hLdrMod);
|
---|
164 | if (RT_SUCCESS(rc))
|
---|
165 | {
|
---|
166 | rc = RTLdrGetSymbol(hLdrMod, "LsaGetLogonSessionData", (void **)&g_pfnLsaGetLogonSessionData);
|
---|
167 | if (RT_SUCCESS(rc))
|
---|
168 | rc = RTLdrGetSymbol(hLdrMod, "LsaEnumerateLogonSessions", (void **)&g_pfnLsaEnumerateLogonSessions);
|
---|
169 | if (RT_SUCCESS(rc))
|
---|
170 | rc = RTLdrGetSymbol(hLdrMod, "LsaFreeReturnBuffer", (void **)&g_pfnLsaFreeReturnBuffer);
|
---|
171 | AssertRC(rc);
|
---|
172 | RTLdrClose(hLdrMod);
|
---|
173 | }
|
---|
174 | if (RT_FAILURE(rc))
|
---|
175 | {
|
---|
176 | VGSvcVerbose(1, "Secur32.dll APIs are not available (%Rrc)\n", rc);
|
---|
177 | g_pfnLsaGetLogonSessionData = NULL;
|
---|
178 | g_pfnLsaEnumerateLogonSessions = NULL;
|
---|
179 | g_pfnLsaFreeReturnBuffer = NULL;
|
---|
180 | Assert(RTSystemGetNtVersion() < RTSYSTEM_MAKE_NT_VERSION(5, 0, 0));
|
---|
181 | }
|
---|
182 |
|
---|
183 | /* WTSAPI32 */
|
---|
184 | rc = RTLdrLoadSystem("wtsapi32.dll", true /*fNoUnload*/, &hLdrMod);
|
---|
185 | if (RT_SUCCESS(rc))
|
---|
186 | {
|
---|
187 | rc = RTLdrGetSymbol(hLdrMod, "WTSFreeMemory", (void **)&g_pfnWTSFreeMemory);
|
---|
188 | if (RT_SUCCESS(rc))
|
---|
189 | rc = RTLdrGetSymbol(hLdrMod, "WTSQuerySessionInformationA", (void **)&g_pfnWTSQuerySessionInformationA);
|
---|
190 | AssertRC(rc);
|
---|
191 | RTLdrClose(hLdrMod);
|
---|
192 | }
|
---|
193 | if (RT_FAILURE(rc))
|
---|
194 | {
|
---|
195 | VGSvcVerbose(1, "WtsApi32.dll APIs are not available (%Rrc)\n", rc);
|
---|
196 | g_pfnWTSFreeMemory = NULL;
|
---|
197 | g_pfnWTSQuerySessionInformationA = NULL;
|
---|
198 | Assert(RTSystemGetNtVersion() < RTSYSTEM_MAKE_NT_VERSION(5, 0, 0));
|
---|
199 | }
|
---|
200 |
|
---|
201 | /* PSAPI */
|
---|
202 | rc = RTLdrLoadSystem("psapi.dll", true /*fNoUnload*/, &hLdrMod);
|
---|
203 | if (RT_SUCCESS(rc))
|
---|
204 | {
|
---|
205 | rc = RTLdrGetSymbol(hLdrMod, "EnumProcesses", (void **)&g_pfnEnumProcesses);
|
---|
206 | if (RT_SUCCESS(rc))
|
---|
207 | rc = RTLdrGetSymbol(hLdrMod, "GetModuleFileNameExW", (void **)&g_pfnGetModuleFileNameExW);
|
---|
208 | AssertRC(rc);
|
---|
209 | RTLdrClose(hLdrMod);
|
---|
210 | }
|
---|
211 | if (RT_FAILURE(rc))
|
---|
212 | {
|
---|
213 | VGSvcVerbose(1, "psapi.dll APIs are not available (%Rrc)\n", rc);
|
---|
214 | g_pfnEnumProcesses = NULL;
|
---|
215 | g_pfnGetModuleFileNameExW = NULL;
|
---|
216 | Assert(RTSystemGetNtVersion() < RTSYSTEM_MAKE_NT_VERSION(5, 0, 0));
|
---|
217 | }
|
---|
218 |
|
---|
219 | /* Kernel32: */
|
---|
220 | rc = RTLdrLoadSystem("kernel32.dll", true /*fNoUnload*/, &hLdrMod);
|
---|
221 | AssertRCReturn(rc, rc);
|
---|
222 | rc = RTLdrGetSymbol(hLdrMod, "QueryFullProcessImageNameW", (void **)&g_pfnQueryFullProcessImageNameW);
|
---|
223 | if (RT_FAILURE(rc))
|
---|
224 | {
|
---|
225 | Assert(RTSystemGetNtVersion() < RTSYSTEM_MAKE_NT_VERSION(6, 0, 0));
|
---|
226 | g_pfnQueryFullProcessImageNameW = NULL;
|
---|
227 | }
|
---|
228 | RTLdrClose(hLdrMod);
|
---|
229 |
|
---|
230 | /* advapi32: */
|
---|
231 | rc = RTLdrLoadSystem("advapi32.dll", true /*fNoUnload*/, &hLdrMod);
|
---|
232 | if (RT_SUCCESS(rc))
|
---|
233 | RTLdrGetSymbol(hLdrMod, "ConvertSidToStringSidW", (void **)&g_pfnConvertSidToStringSidW);
|
---|
234 |
|
---|
235 | return VINF_SUCCESS;
|
---|
236 | }
|
---|
237 |
|
---|
238 |
|
---|
239 | static bool vgsvcVMInfoSession0Separation(void)
|
---|
240 | {
|
---|
241 | return RTSystemGetNtVersion() >= RTSYSTEM_MAKE_NT_VERSION(6, 0, 0); /* Vista */
|
---|
242 | }
|
---|
243 |
|
---|
244 |
|
---|
245 | /**
|
---|
246 | * Retrieves the module name of a given process.
|
---|
247 | *
|
---|
248 | * @return IPRT status code.
|
---|
249 | */
|
---|
250 | static int vgsvcVMInfoWinProcessesGetModuleNameW(PVBOXSERVICEVMINFOPROC const pProc, PRTUTF16 *ppszName)
|
---|
251 | {
|
---|
252 | *ppszName = NULL;
|
---|
253 | AssertPtrReturn(ppszName, VERR_INVALID_POINTER);
|
---|
254 | AssertPtrReturn(pProc, VERR_INVALID_POINTER);
|
---|
255 | AssertReturn(g_pfnGetModuleFileNameExW || g_pfnQueryFullProcessImageNameW, VERR_NOT_SUPPORTED);
|
---|
256 |
|
---|
257 | /*
|
---|
258 | * Open the process.
|
---|
259 | */
|
---|
260 | DWORD dwFlags = PROCESS_QUERY_INFORMATION | PROCESS_VM_READ;
|
---|
261 | if (RTSystemGetNtVersion() >= RTSYSTEM_MAKE_NT_VERSION(6, 0, 0)) /* Vista and later */
|
---|
262 | dwFlags = PROCESS_QUERY_LIMITED_INFORMATION; /* possible to do on more processes */
|
---|
263 |
|
---|
264 | HANDLE hProcess = OpenProcess(dwFlags, FALSE, pProc->id);
|
---|
265 | if (hProcess == NULL)
|
---|
266 | {
|
---|
267 | DWORD dwErr = GetLastError();
|
---|
268 | if (g_cVerbosity)
|
---|
269 | VGSvcError("Unable to open process with PID=%u, error=%u\n", pProc->id, dwErr);
|
---|
270 | return RTErrConvertFromWin32(dwErr);
|
---|
271 | }
|
---|
272 |
|
---|
273 | /*
|
---|
274 | * Since GetModuleFileNameEx has trouble with cross-bitness stuff (32-bit apps
|
---|
275 | * cannot query 64-bit apps and vice verse) we have to use a different code
|
---|
276 | * path for Vista and up.
|
---|
277 | *
|
---|
278 | * So use QueryFullProcessImageNameW when available (Vista+), fall back on
|
---|
279 | * GetModuleFileNameExW on older windows version (
|
---|
280 | */
|
---|
281 | WCHAR wszName[_1K];
|
---|
282 | DWORD dwLen = _1K;
|
---|
283 | BOOL fRc;
|
---|
284 | if (g_pfnQueryFullProcessImageNameW)
|
---|
285 | fRc = g_pfnQueryFullProcessImageNameW(hProcess, 0 /*PROCESS_NAME_NATIVE*/, wszName, &dwLen);
|
---|
286 | else
|
---|
287 | fRc = g_pfnGetModuleFileNameExW(hProcess, NULL /* Get main executable */, wszName, dwLen);
|
---|
288 |
|
---|
289 | int rc;
|
---|
290 | if (fRc)
|
---|
291 | rc = RTUtf16DupEx(ppszName, wszName, 0);
|
---|
292 | else
|
---|
293 | {
|
---|
294 | DWORD dwErr = GetLastError();
|
---|
295 | if (g_cVerbosity > 3)
|
---|
296 | VGSvcError("Unable to retrieve process name for PID=%u, LastError=%Rwc\n", pProc->id, dwErr);
|
---|
297 | rc = RTErrConvertFromWin32(dwErr);
|
---|
298 | }
|
---|
299 |
|
---|
300 | CloseHandle(hProcess);
|
---|
301 | return rc;
|
---|
302 | }
|
---|
303 |
|
---|
304 |
|
---|
305 | /**
|
---|
306 | * Fills in more data for a process.
|
---|
307 | *
|
---|
308 | * @returns VBox status code.
|
---|
309 | * @param pProc The process structure to fill data into.
|
---|
310 | * @param tkClass The kind of token information to get.
|
---|
311 | */
|
---|
312 | static int vgsvcVMInfoWinProcessesGetTokenInfo(PVBOXSERVICEVMINFOPROC pProc, TOKEN_INFORMATION_CLASS tkClass)
|
---|
313 | {
|
---|
314 | AssertPtrReturn(pProc, VERR_INVALID_POINTER);
|
---|
315 |
|
---|
316 | DWORD dwErr = ERROR_SUCCESS;
|
---|
317 | HANDLE h = OpenProcess(PROCESS_QUERY_INFORMATION, FALSE, pProc->id);
|
---|
318 | if (h == NULL)
|
---|
319 | {
|
---|
320 | dwErr = GetLastError();
|
---|
321 | if (g_cVerbosity > 4)
|
---|
322 | VGSvcError("Unable to open process with PID=%u, error=%u\n", pProc->id, dwErr);
|
---|
323 | return RTErrConvertFromWin32(dwErr);
|
---|
324 | }
|
---|
325 |
|
---|
326 | int rc = VINF_SUCCESS;
|
---|
327 | HANDLE hToken;
|
---|
328 | if (OpenProcessToken(h, TOKEN_QUERY, &hToken))
|
---|
329 | {
|
---|
330 | void *pvTokenInfo = NULL;
|
---|
331 | DWORD dwTokenInfoSize;
|
---|
332 | switch (tkClass)
|
---|
333 | {
|
---|
334 | case TokenStatistics:
|
---|
335 | /** @todo r=bird: Someone has been reading too many MSDN examples. You shall
|
---|
336 | * use RTMemAlloc here! There is absolutely not reason for
|
---|
337 | * complicating things uncessarily by using HeapAlloc! */
|
---|
338 | dwTokenInfoSize = sizeof(TOKEN_STATISTICS);
|
---|
339 | pvTokenInfo = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, dwTokenInfoSize);
|
---|
340 | AssertPtr(pvTokenInfo);
|
---|
341 | break;
|
---|
342 |
|
---|
343 | case TokenGroups:
|
---|
344 | dwTokenInfoSize = 0;
|
---|
345 | /* Allocation will follow in a second step. */
|
---|
346 | break;
|
---|
347 |
|
---|
348 | case TokenUser:
|
---|
349 | dwTokenInfoSize = 0;
|
---|
350 | /* Allocation will follow in a second step. */
|
---|
351 | break;
|
---|
352 |
|
---|
353 | default:
|
---|
354 | VGSvcError("Token class not implemented: %d\n", tkClass);
|
---|
355 | rc = VERR_NOT_IMPLEMENTED;
|
---|
356 | dwTokenInfoSize = 0; /* Shut up MSC. */
|
---|
357 | break;
|
---|
358 | }
|
---|
359 |
|
---|
360 | if (RT_SUCCESS(rc))
|
---|
361 | {
|
---|
362 | DWORD dwRetLength;
|
---|
363 | if (!GetTokenInformation(hToken, tkClass, pvTokenInfo, dwTokenInfoSize, &dwRetLength))
|
---|
364 | {
|
---|
365 | dwErr = GetLastError();
|
---|
366 | if (dwErr == ERROR_INSUFFICIENT_BUFFER)
|
---|
367 | {
|
---|
368 | dwErr = ERROR_SUCCESS;
|
---|
369 |
|
---|
370 | switch (tkClass)
|
---|
371 | {
|
---|
372 | case TokenGroups:
|
---|
373 | pvTokenInfo = (PTOKEN_GROUPS)HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, dwRetLength);
|
---|
374 | if (!pvTokenInfo)
|
---|
375 | dwErr = GetLastError();
|
---|
376 | dwTokenInfoSize = dwRetLength;
|
---|
377 | break;
|
---|
378 |
|
---|
379 | case TokenUser:
|
---|
380 | pvTokenInfo = (PTOKEN_USER)HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, dwRetLength);
|
---|
381 | if (!pvTokenInfo)
|
---|
382 | dwErr = GetLastError();
|
---|
383 | dwTokenInfoSize = dwRetLength;
|
---|
384 | break;
|
---|
385 |
|
---|
386 | default:
|
---|
387 | AssertMsgFailed(("Re-allocating of token information for token class not implemented\n"));
|
---|
388 | break;
|
---|
389 | }
|
---|
390 |
|
---|
391 | if (dwErr == ERROR_SUCCESS)
|
---|
392 | {
|
---|
393 | if (!GetTokenInformation(hToken, tkClass, pvTokenInfo, dwTokenInfoSize, &dwRetLength))
|
---|
394 | dwErr = GetLastError();
|
---|
395 | }
|
---|
396 | }
|
---|
397 | }
|
---|
398 |
|
---|
399 | if (dwErr == ERROR_SUCCESS)
|
---|
400 | {
|
---|
401 | rc = VINF_SUCCESS;
|
---|
402 |
|
---|
403 | switch (tkClass)
|
---|
404 | {
|
---|
405 | case TokenStatistics:
|
---|
406 | {
|
---|
407 | PTOKEN_STATISTICS pStats = (PTOKEN_STATISTICS)pvTokenInfo;
|
---|
408 | AssertPtr(pStats);
|
---|
409 | memcpy(&pProc->luid, &pStats->AuthenticationId, sizeof(LUID));
|
---|
410 | /** @todo Add more information of TOKEN_STATISTICS as needed. */
|
---|
411 | break;
|
---|
412 | }
|
---|
413 |
|
---|
414 | case TokenGroups:
|
---|
415 | {
|
---|
416 | pProc->fInteractive = false;
|
---|
417 |
|
---|
418 | SID_IDENTIFIER_AUTHORITY sidAuthNT = SECURITY_NT_AUTHORITY;
|
---|
419 | PSID pSidInteractive = NULL; /* S-1-5-4 */
|
---|
420 | if (!AllocateAndInitializeSid(&sidAuthNT, 1, 4, 0, 0, 0, 0, 0, 0, 0, &pSidInteractive))
|
---|
421 | dwErr = GetLastError();
|
---|
422 |
|
---|
423 | PSID pSidLocal = NULL; /* S-1-2-0 */
|
---|
424 | if (dwErr == ERROR_SUCCESS)
|
---|
425 | {
|
---|
426 | SID_IDENTIFIER_AUTHORITY sidAuthLocal = SECURITY_LOCAL_SID_AUTHORITY;
|
---|
427 | if (!AllocateAndInitializeSid(&sidAuthLocal, 1, 0, 0, 0, 0, 0, 0, 0, 0, &pSidLocal))
|
---|
428 | dwErr = GetLastError();
|
---|
429 | }
|
---|
430 |
|
---|
431 | if (dwErr == ERROR_SUCCESS)
|
---|
432 | {
|
---|
433 | PTOKEN_GROUPS pGroups = (PTOKEN_GROUPS)pvTokenInfo;
|
---|
434 | AssertPtr(pGroups);
|
---|
435 | for (DWORD i = 0; i < pGroups->GroupCount; i++)
|
---|
436 | {
|
---|
437 | if ( EqualSid(pGroups->Groups[i].Sid, pSidInteractive)
|
---|
438 | || EqualSid(pGroups->Groups[i].Sid, pSidLocal)
|
---|
439 | || pGroups->Groups[i].Attributes & SE_GROUP_LOGON_ID)
|
---|
440 | {
|
---|
441 | pProc->fInteractive = true;
|
---|
442 | break;
|
---|
443 | }
|
---|
444 | }
|
---|
445 | }
|
---|
446 |
|
---|
447 | if (pSidInteractive)
|
---|
448 | FreeSid(pSidInteractive);
|
---|
449 | if (pSidLocal)
|
---|
450 | FreeSid(pSidLocal);
|
---|
451 | break;
|
---|
452 | }
|
---|
453 |
|
---|
454 | case TokenUser:
|
---|
455 | {
|
---|
456 | PTOKEN_USER pUser = (PTOKEN_USER)pvTokenInfo;
|
---|
457 | AssertPtr(pUser);
|
---|
458 |
|
---|
459 | DWORD dwLength = GetLengthSid(pUser->User.Sid);
|
---|
460 | Assert(dwLength);
|
---|
461 | if (dwLength)
|
---|
462 | {
|
---|
463 | pProc->pSid = (PSID)HeapAlloc(GetProcessHeap(),
|
---|
464 | HEAP_ZERO_MEMORY, dwLength);
|
---|
465 | AssertPtr(pProc->pSid);
|
---|
466 | if (CopySid(dwLength, pProc->pSid, pUser->User.Sid))
|
---|
467 | {
|
---|
468 | if (!IsValidSid(pProc->pSid))
|
---|
469 | dwErr = ERROR_INVALID_NAME;
|
---|
470 | }
|
---|
471 | else
|
---|
472 | dwErr = GetLastError();
|
---|
473 | }
|
---|
474 | else
|
---|
475 | dwErr = ERROR_NO_DATA;
|
---|
476 |
|
---|
477 | if (dwErr != ERROR_SUCCESS)
|
---|
478 | {
|
---|
479 | VGSvcError("Error retrieving SID of process PID=%u: %u\n", pProc->id, dwErr);
|
---|
480 | if (pProc->pSid)
|
---|
481 | {
|
---|
482 | HeapFree(GetProcessHeap(), 0 /* Flags */, pProc->pSid);
|
---|
483 | pProc->pSid = NULL;
|
---|
484 | }
|
---|
485 | }
|
---|
486 | break;
|
---|
487 | }
|
---|
488 |
|
---|
489 | default:
|
---|
490 | AssertMsgFailed(("Unhandled token information class\n"));
|
---|
491 | break;
|
---|
492 | }
|
---|
493 | }
|
---|
494 |
|
---|
495 | if (pvTokenInfo)
|
---|
496 | HeapFree(GetProcessHeap(), 0 /* Flags */, pvTokenInfo);
|
---|
497 | }
|
---|
498 | CloseHandle(hToken);
|
---|
499 | }
|
---|
500 | else
|
---|
501 | dwErr = GetLastError();
|
---|
502 |
|
---|
503 | if (dwErr != ERROR_SUCCESS)
|
---|
504 | {
|
---|
505 | if (g_cVerbosity)
|
---|
506 | VGSvcError("Unable to query token information for PID=%u, error=%u\n", pProc->id, dwErr);
|
---|
507 | rc = RTErrConvertFromWin32(dwErr);
|
---|
508 | }
|
---|
509 |
|
---|
510 | CloseHandle(h);
|
---|
511 | return rc;
|
---|
512 | }
|
---|
513 |
|
---|
514 |
|
---|
515 | /**
|
---|
516 | * Enumerate all the processes in the system and get the logon user IDs for
|
---|
517 | * them.
|
---|
518 | *
|
---|
519 | * @returns VBox status code.
|
---|
520 | * @param ppaProcs Where to return the process snapshot. This must be
|
---|
521 | * freed by calling vgsvcVMInfoWinProcessesFree.
|
---|
522 | *
|
---|
523 | * @param pcProcs Where to store the returned process count.
|
---|
524 | */
|
---|
525 | static int vgsvcVMInfoWinProcessesEnumerate(PVBOXSERVICEVMINFOPROC *ppaProcs, PDWORD pcProcs)
|
---|
526 | {
|
---|
527 | AssertPtr(ppaProcs);
|
---|
528 | AssertPtr(pcProcs);
|
---|
529 |
|
---|
530 | if (!g_pfnEnumProcesses)
|
---|
531 | return VERR_NOT_SUPPORTED;
|
---|
532 |
|
---|
533 | /*
|
---|
534 | * Call EnumProcesses with an increasingly larger buffer until it all fits
|
---|
535 | * or we think something is screwed up.
|
---|
536 | */
|
---|
537 | DWORD cProcesses = 64;
|
---|
538 | PDWORD paPID = NULL;
|
---|
539 | int rc = VINF_SUCCESS;
|
---|
540 | do
|
---|
541 | {
|
---|
542 | /* Allocate / grow the buffer first. */
|
---|
543 | cProcesses *= 2;
|
---|
544 | void *pvNew = RTMemRealloc(paPID, cProcesses * sizeof(DWORD));
|
---|
545 | if (!pvNew)
|
---|
546 | {
|
---|
547 | rc = VERR_NO_MEMORY;
|
---|
548 | break;
|
---|
549 | }
|
---|
550 | paPID = (PDWORD)pvNew;
|
---|
551 |
|
---|
552 | /* Query the processes. Not the cbRet == buffer size means there could be more work to be done. */
|
---|
553 | DWORD cbRet;
|
---|
554 | if (!g_pfnEnumProcesses(paPID, cProcesses * sizeof(DWORD), &cbRet))
|
---|
555 | {
|
---|
556 | rc = RTErrConvertFromWin32(GetLastError());
|
---|
557 | break;
|
---|
558 | }
|
---|
559 | if (cbRet < cProcesses * sizeof(DWORD))
|
---|
560 | {
|
---|
561 | cProcesses = cbRet / sizeof(DWORD);
|
---|
562 | break;
|
---|
563 | }
|
---|
564 | } while (cProcesses <= _32K); /* Should be enough; see: http://blogs.technet.com/markrussinovich/archive/2009/07/08/3261309.aspx */
|
---|
565 |
|
---|
566 | if (RT_SUCCESS(rc))
|
---|
567 | {
|
---|
568 | /*
|
---|
569 | * Allocate out process structures and fill data into them.
|
---|
570 | * We currently only try lookup their LUID's.
|
---|
571 | */
|
---|
572 | PVBOXSERVICEVMINFOPROC paProcs;
|
---|
573 | paProcs = (PVBOXSERVICEVMINFOPROC)RTMemAllocZ(cProcesses * sizeof(VBOXSERVICEVMINFOPROC));
|
---|
574 | if (paProcs)
|
---|
575 | {
|
---|
576 | for (DWORD i = 0; i < cProcesses; i++)
|
---|
577 | {
|
---|
578 | paProcs[i].id = paPID[i];
|
---|
579 | paProcs[i].pSid = NULL;
|
---|
580 |
|
---|
581 | int rc2 = vgsvcVMInfoWinProcessesGetTokenInfo(&paProcs[i], TokenUser);
|
---|
582 | if (RT_FAILURE(rc2) && g_cVerbosity)
|
---|
583 | VGSvcError("Get token class 'user' for process %u failed, rc=%Rrc\n", paProcs[i].id, rc2);
|
---|
584 |
|
---|
585 | rc2 = vgsvcVMInfoWinProcessesGetTokenInfo(&paProcs[i], TokenGroups);
|
---|
586 | if (RT_FAILURE(rc2) && g_cVerbosity)
|
---|
587 | VGSvcError("Get token class 'groups' for process %u failed, rc=%Rrc\n", paProcs[i].id, rc2);
|
---|
588 |
|
---|
589 | rc2 = vgsvcVMInfoWinProcessesGetTokenInfo(&paProcs[i], TokenStatistics);
|
---|
590 | if (RT_FAILURE(rc2) && g_cVerbosity)
|
---|
591 | VGSvcError("Get token class 'statistics' for process %u failed, rc=%Rrc\n", paProcs[i].id, rc2);
|
---|
592 | }
|
---|
593 |
|
---|
594 | /* Save number of processes */
|
---|
595 | if (RT_SUCCESS(rc))
|
---|
596 | {
|
---|
597 | *pcProcs = cProcesses;
|
---|
598 | *ppaProcs = paProcs;
|
---|
599 | }
|
---|
600 | else
|
---|
601 | vgsvcVMInfoWinProcessesFree(cProcesses, paProcs);
|
---|
602 | }
|
---|
603 | else
|
---|
604 | rc = VERR_NO_MEMORY;
|
---|
605 | }
|
---|
606 |
|
---|
607 | RTMemFree(paPID);
|
---|
608 | return rc;
|
---|
609 | }
|
---|
610 |
|
---|
611 | /**
|
---|
612 | * Frees the process structures returned by
|
---|
613 | * vgsvcVMInfoWinProcessesEnumerate() before.
|
---|
614 | *
|
---|
615 | * @param cProcs Number of processes in paProcs.
|
---|
616 | * @param paProcs The process array.
|
---|
617 | */
|
---|
618 | static void vgsvcVMInfoWinProcessesFree(DWORD cProcs, PVBOXSERVICEVMINFOPROC paProcs)
|
---|
619 | {
|
---|
620 | for (DWORD i = 0; i < cProcs; i++)
|
---|
621 | if (paProcs[i].pSid)
|
---|
622 | {
|
---|
623 | HeapFree(GetProcessHeap(), 0 /* Flags */, paProcs[i].pSid);
|
---|
624 | paProcs[i].pSid = NULL;
|
---|
625 | }
|
---|
626 | RTMemFree(paProcs);
|
---|
627 | }
|
---|
628 |
|
---|
629 | /**
|
---|
630 | * Determines whether the specified session has processes on the system.
|
---|
631 | *
|
---|
632 | * @returns Number of processes found for a specified session.
|
---|
633 | * @param pSession The current user's SID.
|
---|
634 | * @param paProcs The process snapshot.
|
---|
635 | * @param cProcs The number of processes in the snaphot.
|
---|
636 | * @param puTerminalSession Where to return terminal session number.
|
---|
637 | * Optional.
|
---|
638 | */
|
---|
639 | /** @todo r=bird: The 'Has' indicates a predicate function, which this is
|
---|
640 | * not. Predicate functions always returns bool. */
|
---|
641 | static uint32_t vgsvcVMInfoWinSessionHasProcesses(PLUID pSession, PVBOXSERVICEVMINFOPROC const paProcs, DWORD cProcs,
|
---|
642 | PULONG puTerminalSession)
|
---|
643 | {
|
---|
644 | if (!pSession)
|
---|
645 | {
|
---|
646 | VGSvcVerbose(1, "Session became invalid while enumerating!\n");
|
---|
647 | return 0;
|
---|
648 | }
|
---|
649 | if (!g_pfnLsaGetLogonSessionData)
|
---|
650 | return 0;
|
---|
651 |
|
---|
652 | PSECURITY_LOGON_SESSION_DATA pSessionData = NULL;
|
---|
653 | NTSTATUS rcNt = g_pfnLsaGetLogonSessionData(pSession, &pSessionData);
|
---|
654 | if (rcNt != STATUS_SUCCESS)
|
---|
655 | {
|
---|
656 | VGSvcError("Could not get logon session data! rcNt=%#x\n", rcNt);
|
---|
657 | return 0;
|
---|
658 | }
|
---|
659 |
|
---|
660 | if (!IsValidSid(pSessionData->Sid))
|
---|
661 | {
|
---|
662 | VGSvcError("User SID=%p is not valid\n", pSessionData->Sid);
|
---|
663 | if (pSessionData)
|
---|
664 | g_pfnLsaFreeReturnBuffer(pSessionData);
|
---|
665 | return 0;
|
---|
666 | }
|
---|
667 |
|
---|
668 |
|
---|
669 | /*
|
---|
670 | * Even if a user seems to be logged in, it could be a stale/orphaned logon
|
---|
671 | * session. So check if we have some processes bound to it by comparing the
|
---|
672 | * session <-> process LUIDs.
|
---|
673 | */
|
---|
674 | int rc = VINF_SUCCESS;
|
---|
675 | uint32_t cProcessesFound = 0;
|
---|
676 | for (DWORD i = 0; i < cProcs; i++)
|
---|
677 | {
|
---|
678 | PSID pProcSID = paProcs[i].pSid;
|
---|
679 | if ( RT_SUCCESS(rc)
|
---|
680 | && pProcSID
|
---|
681 | && IsValidSid(pProcSID))
|
---|
682 | {
|
---|
683 | if (EqualSid(pSessionData->Sid, paProcs[i].pSid))
|
---|
684 | {
|
---|
685 | if (g_cVerbosity)
|
---|
686 | {
|
---|
687 | PRTUTF16 pszName;
|
---|
688 | int rc2 = vgsvcVMInfoWinProcessesGetModuleNameW(&paProcs[i], &pszName);
|
---|
689 | VGSvcVerbose(4, "Session %RU32: PID=%u (fInt=%RTbool): %ls\n",
|
---|
690 | pSessionData->Session, paProcs[i].id, paProcs[i].fInteractive,
|
---|
691 | RT_SUCCESS(rc2) ? pszName : L"<Unknown>");
|
---|
692 | if (RT_SUCCESS(rc2))
|
---|
693 | RTUtf16Free(pszName);
|
---|
694 | }
|
---|
695 |
|
---|
696 | if (paProcs[i].fInteractive)
|
---|
697 | {
|
---|
698 | cProcessesFound++;
|
---|
699 | if (!g_cVerbosity) /* We want a bit more info on higher verbosity. */
|
---|
700 | break;
|
---|
701 | }
|
---|
702 | }
|
---|
703 | }
|
---|
704 | }
|
---|
705 |
|
---|
706 | if (puTerminalSession)
|
---|
707 | *puTerminalSession = pSessionData->Session;
|
---|
708 |
|
---|
709 | g_pfnLsaFreeReturnBuffer(pSessionData);
|
---|
710 |
|
---|
711 | return cProcessesFound;
|
---|
712 | }
|
---|
713 |
|
---|
714 |
|
---|
715 | /**
|
---|
716 | * Save and noisy string copy.
|
---|
717 | *
|
---|
718 | * @param pwszDst Destination buffer.
|
---|
719 | * @param cbDst Size in bytes - not WCHAR count!
|
---|
720 | * @param pSrc Source string.
|
---|
721 | * @param pszWhat What this is. For the log.
|
---|
722 | */
|
---|
723 | static void vgsvcVMInfoWinSafeCopy(PWCHAR pwszDst, size_t cbDst, LSA_UNICODE_STRING const *pSrc, const char *pszWhat)
|
---|
724 | {
|
---|
725 | Assert(RT_ALIGN(cbDst, sizeof(WCHAR)) == cbDst);
|
---|
726 |
|
---|
727 | size_t cbCopy = pSrc->Length;
|
---|
728 | if (cbCopy + sizeof(WCHAR) > cbDst)
|
---|
729 | {
|
---|
730 | VGSvcVerbose(0, "%s is too long - %u bytes, buffer %u bytes! It will be truncated.\n", pszWhat, cbCopy, cbDst);
|
---|
731 | cbCopy = cbDst - sizeof(WCHAR);
|
---|
732 | }
|
---|
733 | if (cbCopy)
|
---|
734 | memcpy(pwszDst, pSrc->Buffer, cbCopy);
|
---|
735 | pwszDst[cbCopy / sizeof(WCHAR)] = '\0';
|
---|
736 | }
|
---|
737 |
|
---|
738 |
|
---|
739 | /**
|
---|
740 | * Detects whether a user is logged on.
|
---|
741 | *
|
---|
742 | * @returns true if logged in, false if not (or error).
|
---|
743 | * @param pUserInfo Where to return the user information.
|
---|
744 | * @param pSession The session to check.
|
---|
745 | */
|
---|
746 | static bool vgsvcVMInfoWinIsLoggedIn(PVBOXSERVICEVMINFOUSER pUserInfo, PLUID pSession)
|
---|
747 | {
|
---|
748 | AssertPtrReturn(pUserInfo, false);
|
---|
749 | if (!pSession)
|
---|
750 | return false;
|
---|
751 | if ( !g_pfnLsaGetLogonSessionData
|
---|
752 | || !g_pfnLsaNtStatusToWinError)
|
---|
753 | return false;
|
---|
754 |
|
---|
755 | PSECURITY_LOGON_SESSION_DATA pSessionData = NULL;
|
---|
756 | NTSTATUS rcNt = g_pfnLsaGetLogonSessionData(pSession, &pSessionData);
|
---|
757 | if (rcNt != STATUS_SUCCESS)
|
---|
758 | {
|
---|
759 | ULONG ulError = g_pfnLsaNtStatusToWinError(rcNt);
|
---|
760 | switch (ulError)
|
---|
761 | {
|
---|
762 | case ERROR_NOT_ENOUGH_MEMORY:
|
---|
763 | /* If we don't have enough memory it's hard to judge whether the specified user
|
---|
764 | * is logged in or not, so just assume he/she's not. */
|
---|
765 | VGSvcVerbose(3, "Not enough memory to retrieve logon session data!\n");
|
---|
766 | break;
|
---|
767 |
|
---|
768 | case ERROR_NO_SUCH_LOGON_SESSION:
|
---|
769 | /* Skip session data which is not valid anymore because it may have been
|
---|
770 | * already terminated. */
|
---|
771 | break;
|
---|
772 |
|
---|
773 | default:
|
---|
774 | VGSvcError("LsaGetLogonSessionData failed with error %u\n", ulError);
|
---|
775 | break;
|
---|
776 | }
|
---|
777 | if (pSessionData)
|
---|
778 | g_pfnLsaFreeReturnBuffer(pSessionData);
|
---|
779 | return false;
|
---|
780 | }
|
---|
781 | if (!pSessionData)
|
---|
782 | {
|
---|
783 | VGSvcError("Invalid logon session data!\n");
|
---|
784 | return false;
|
---|
785 | }
|
---|
786 |
|
---|
787 | VGSvcVerbose(3, "Session data: Name=%ls, SessionID=%RU32, LogonID=%d,%u, LogonType=%u\n",
|
---|
788 | pSessionData->UserName.Buffer, pSessionData->Session,
|
---|
789 | pSessionData->LogonId.HighPart, pSessionData->LogonId.LowPart, pSessionData->LogonType);
|
---|
790 |
|
---|
791 | if (vgsvcVMInfoSession0Separation())
|
---|
792 | {
|
---|
793 | /* Starting at Windows Vista user sessions begin with session 1, so
|
---|
794 | * ignore (stale) session 0 users. */
|
---|
795 | if ( pSessionData->Session == 0
|
---|
796 | /* Also check the logon time. */
|
---|
797 | || pSessionData->LogonTime.QuadPart == 0)
|
---|
798 | {
|
---|
799 | g_pfnLsaFreeReturnBuffer(pSessionData);
|
---|
800 | return false;
|
---|
801 | }
|
---|
802 | }
|
---|
803 |
|
---|
804 | /*
|
---|
805 | * Only handle users which can login interactively or logged in
|
---|
806 | * remotely over native RDP.
|
---|
807 | */
|
---|
808 | bool fFoundUser = false;
|
---|
809 | if ( IsValidSid(pSessionData->Sid)
|
---|
810 | && ( (SECURITY_LOGON_TYPE)pSessionData->LogonType == Interactive
|
---|
811 | || (SECURITY_LOGON_TYPE)pSessionData->LogonType == RemoteInteractive
|
---|
812 | /* Note: We also need CachedInteractive in case Windows cached the credentials
|
---|
813 | * or just wants to reuse them! */
|
---|
814 | || (SECURITY_LOGON_TYPE)pSessionData->LogonType == CachedInteractive))
|
---|
815 | {
|
---|
816 | VGSvcVerbose(3, "Session LogonType=%u is supported -- looking up SID + type ...\n", pSessionData->LogonType);
|
---|
817 |
|
---|
818 | /*
|
---|
819 | * Copy out relevant data.
|
---|
820 | */
|
---|
821 | vgsvcVMInfoWinSafeCopy(pUserInfo->wszUser, sizeof(pUserInfo->wszUser), &pSessionData->UserName, "User name");
|
---|
822 | vgsvcVMInfoWinSafeCopy(pUserInfo->wszAuthenticationPackage, sizeof(pUserInfo->wszAuthenticationPackage),
|
---|
823 | &pSessionData->AuthenticationPackage, "Authentication pkg name");
|
---|
824 | vgsvcVMInfoWinSafeCopy(pUserInfo->wszLogonDomain, sizeof(pUserInfo->wszLogonDomain),
|
---|
825 | &pSessionData->LogonDomain, "Logon domain name");
|
---|
826 |
|
---|
827 | TCHAR szOwnerName[MAX_PATH] = { 0 };
|
---|
828 | DWORD dwOwnerNameSize = sizeof(szOwnerName);
|
---|
829 | TCHAR szDomainName[MAX_PATH] = { 0 };
|
---|
830 | DWORD dwDomainNameSize = sizeof(szDomainName);
|
---|
831 | SID_NAME_USE enmOwnerType = SidTypeInvalid;
|
---|
832 | if (!LookupAccountSid(NULL,
|
---|
833 | pSessionData->Sid,
|
---|
834 | szOwnerName,
|
---|
835 | &dwOwnerNameSize,
|
---|
836 | szDomainName,
|
---|
837 | &dwDomainNameSize,
|
---|
838 | &enmOwnerType))
|
---|
839 | {
|
---|
840 | DWORD dwErr = GetLastError();
|
---|
841 | /*
|
---|
842 | * If a network time-out prevents the function from finding the name or
|
---|
843 | * if a SID that does not have a corresponding account name (such as a
|
---|
844 | * logon SID that identifies a logon session), we get ERROR_NONE_MAPPED
|
---|
845 | * here that we just skip.
|
---|
846 | */
|
---|
847 | if (dwErr != ERROR_NONE_MAPPED)
|
---|
848 | VGSvcError("Failed looking up account info for user=%ls, error=$ld!\n", pUserInfo->wszUser, dwErr);
|
---|
849 | }
|
---|
850 | else
|
---|
851 | {
|
---|
852 | if (enmOwnerType == SidTypeUser) /* Only recognize users; we don't care about the rest! */
|
---|
853 | {
|
---|
854 | VGSvcVerbose(3, "Account User=%ls, Session=%u, LogonID=%d,%u, AuthPkg=%ls, Domain=%ls\n",
|
---|
855 | pUserInfo->wszUser, pSessionData->Session, pSessionData->LogonId.HighPart,
|
---|
856 | pSessionData->LogonId.LowPart, pUserInfo->wszAuthenticationPackage, pUserInfo->wszLogonDomain);
|
---|
857 |
|
---|
858 | /* KB970910 (check http://support.microsoft.com/kb/970910 on archive.org)
|
---|
859 | * indicates that WTSQuerySessionInformation may leak memory and return the
|
---|
860 | * wrong status code for WTSApplicationName and WTSInitialProgram queries.
|
---|
861 | *
|
---|
862 | * The system must be low on resources, and presumably some internal operation
|
---|
863 | * must fail because of this, triggering an error handling path that forgets
|
---|
864 | * to free memory and set last error.
|
---|
865 | *
|
---|
866 | * bird 2022-08-26: However, we do not query either of those info items. We
|
---|
867 | * query WTSConnectState, which is a rather simple affair. So, I've
|
---|
868 | * re-enabled the code for all systems that includes the API.
|
---|
869 | */
|
---|
870 | if (!s_fSkipRDPDetection)
|
---|
871 | {
|
---|
872 | /* Skip if we don't have the WTS API. */
|
---|
873 | if (!g_pfnWTSQuerySessionInformationA)
|
---|
874 | s_fSkipRDPDetection = true;
|
---|
875 | #if 0 /* bird: see above */
|
---|
876 | /* Skip RDP detection on Windows 2000 and older.
|
---|
877 | For Windows 2000 however we don't have any hotfixes, so just skip the
|
---|
878 | RDP detection in any case. */
|
---|
879 | else if (RTSystemGetNtVersion() < RTSYSTEM_MAKE_NT_VERSION(5, 1, 0)) /* older than XP */
|
---|
880 | s_fSkipRDPDetection = true;
|
---|
881 | #endif
|
---|
882 | if (s_fSkipRDPDetection)
|
---|
883 | VGSvcVerbose(0, "Detection of logged-in users via RDP is disabled\n");
|
---|
884 | }
|
---|
885 |
|
---|
886 | if (!s_fSkipRDPDetection)
|
---|
887 | {
|
---|
888 | Assert(g_pfnWTSQuerySessionInformationA);
|
---|
889 | Assert(g_pfnWTSFreeMemory);
|
---|
890 |
|
---|
891 | /* Detect RDP sessions as well. */
|
---|
892 | LPTSTR pBuffer = NULL;
|
---|
893 | DWORD cbRet = 0;
|
---|
894 | int iState = -1;
|
---|
895 | if (g_pfnWTSQuerySessionInformationA(WTS_CURRENT_SERVER_HANDLE,
|
---|
896 | pSessionData->Session,
|
---|
897 | WTSConnectState,
|
---|
898 | &pBuffer,
|
---|
899 | &cbRet))
|
---|
900 | {
|
---|
901 | if (cbRet)
|
---|
902 | iState = *pBuffer;
|
---|
903 | VGSvcVerbose(3, "Account User=%ls, WTSConnectState=%d (%u)\n", pUserInfo->wszUser, iState, cbRet);
|
---|
904 | if ( iState == WTSActive /* User logged on to WinStation. */
|
---|
905 | || iState == WTSShadow /* Shadowing another WinStation. */
|
---|
906 | || iState == WTSDisconnected) /* WinStation logged on without client. */
|
---|
907 | {
|
---|
908 | /** @todo On Vista and W2K, always "old" user name are still
|
---|
909 | * there. Filter out the old one! */
|
---|
910 | VGSvcVerbose(3, "Account User=%ls using TCS/RDP, state=%d \n", pUserInfo->wszUser, iState);
|
---|
911 | fFoundUser = true;
|
---|
912 | }
|
---|
913 | if (pBuffer)
|
---|
914 | g_pfnWTSFreeMemory(pBuffer);
|
---|
915 | }
|
---|
916 | else
|
---|
917 | {
|
---|
918 | DWORD dwLastErr = GetLastError();
|
---|
919 | switch (dwLastErr)
|
---|
920 | {
|
---|
921 | /*
|
---|
922 | * Terminal services don't run (for example in W2K,
|
---|
923 | * nothing to worry about ...). ... or is on the Vista
|
---|
924 | * fast user switching page!
|
---|
925 | */
|
---|
926 | case ERROR_CTX_WINSTATION_NOT_FOUND:
|
---|
927 | VGSvcVerbose(3, "No WinStation found for user=%ls\n", pUserInfo->wszUser);
|
---|
928 | break;
|
---|
929 |
|
---|
930 | default:
|
---|
931 | VGSvcVerbose(3, "Cannot query WTS connection state for user=%ls, error=%u\n",
|
---|
932 | pUserInfo->wszUser, dwLastErr);
|
---|
933 | break;
|
---|
934 | }
|
---|
935 |
|
---|
936 | fFoundUser = true;
|
---|
937 | }
|
---|
938 | }
|
---|
939 | }
|
---|
940 | else
|
---|
941 | VGSvcVerbose(3, "SID owner type=%d not handled, skipping\n", enmOwnerType);
|
---|
942 | }
|
---|
943 |
|
---|
944 | VGSvcVerbose(3, "Account User=%ls %s logged in\n", pUserInfo->wszUser, fFoundUser ? "is" : "is not");
|
---|
945 | }
|
---|
946 |
|
---|
947 | if (fFoundUser)
|
---|
948 | pUserInfo->ulLastSession = pSessionData->Session;
|
---|
949 |
|
---|
950 | g_pfnLsaFreeReturnBuffer(pSessionData);
|
---|
951 | return fFoundUser;
|
---|
952 | }
|
---|
953 |
|
---|
954 |
|
---|
955 | /**
|
---|
956 | * Destroys an allocated SID.
|
---|
957 | *
|
---|
958 | * @param pSid SID to dsetroy. The pointer will be invalid on return.
|
---|
959 | */
|
---|
960 | static void vgsvcVMInfoWinUserSidDestroy(PSID pSid)
|
---|
961 | {
|
---|
962 | RTMemFree(pSid);
|
---|
963 | pSid = NULL;
|
---|
964 | }
|
---|
965 |
|
---|
966 |
|
---|
967 | /**
|
---|
968 | * Looks up and returns a SID for a given user.
|
---|
969 | *
|
---|
970 | * @returns VBox status code.
|
---|
971 | * @param pszUser User to look up a SID for.
|
---|
972 | * @param ppSid Where to return the allocated SID.
|
---|
973 | * Must be destroyed with vgsvcVMInfoWinUserSidDestroy().
|
---|
974 | */
|
---|
975 | static int vgsvcVMInfoWinUserSidLookup(const char *pszUser, PSID *ppSid)
|
---|
976 | {
|
---|
977 | RTUTF16 *pwszUser = NULL;
|
---|
978 | size_t cwUser = 0;
|
---|
979 | int rc = RTStrToUtf16Ex(pszUser, RTSTR_MAX, &pwszUser, 0, &cwUser);
|
---|
980 | AssertRCReturn(rc, rc);
|
---|
981 |
|
---|
982 | PSID pSid = NULL;
|
---|
983 | DWORD cbSid = 0;
|
---|
984 | DWORD cbDomain = 0;
|
---|
985 | SID_NAME_USE enmSidUse = SidTypeUser;
|
---|
986 | if (!LookupAccountNameW(NULL, pwszUser, pSid, &cbSid, NULL, &cbDomain, &enmSidUse))
|
---|
987 | {
|
---|
988 | DWORD const dwErr = GetLastError();
|
---|
989 | if (dwErr == ERROR_INSUFFICIENT_BUFFER)
|
---|
990 | {
|
---|
991 | pSid = (PSID)RTMemAllocZ(cbSid);
|
---|
992 | if (pSid)
|
---|
993 | {
|
---|
994 | PRTUTF16 pwszDomain = (PRTUTF16)RTMemAllocZ(cbDomain * sizeof(RTUTF16));
|
---|
995 | if (pwszDomain)
|
---|
996 | {
|
---|
997 | if (LookupAccountNameW(NULL, pwszUser, pSid, &cbSid, pwszDomain, &cbDomain, &enmSidUse))
|
---|
998 | {
|
---|
999 | if (IsValidSid(pSid))
|
---|
1000 | *ppSid = pSid;
|
---|
1001 | else
|
---|
1002 | rc = VERR_INVALID_PARAMETER;
|
---|
1003 | }
|
---|
1004 | else
|
---|
1005 | rc = RTErrConvertFromWin32(GetLastError());
|
---|
1006 | }
|
---|
1007 | else
|
---|
1008 | rc = VERR_NO_MEMORY;
|
---|
1009 | }
|
---|
1010 | else
|
---|
1011 | rc = VERR_NO_MEMORY;
|
---|
1012 | }
|
---|
1013 | else
|
---|
1014 | rc = RTErrConvertFromWin32(dwErr);
|
---|
1015 | }
|
---|
1016 | else
|
---|
1017 | rc = RTErrConvertFromWin32(GetLastError());
|
---|
1018 |
|
---|
1019 | if (RT_FAILURE(rc))
|
---|
1020 | vgsvcVMInfoWinUserSidDestroy(pSid);
|
---|
1021 |
|
---|
1022 | return rc;
|
---|
1023 | }
|
---|
1024 |
|
---|
1025 |
|
---|
1026 | /**
|
---|
1027 | * Fallback function in case writing the user name failed within vgsvcVMInfoWinUserUpdateF().
|
---|
1028 | *
|
---|
1029 | * This uses the following approach:
|
---|
1030 | * - only use the user name as part of the property name from now on
|
---|
1031 | * - write the domain name into a separate "Domain" property
|
---|
1032 | * - write the (full) SID into a separate "SID" property
|
---|
1033 | *
|
---|
1034 | * @returns VBox status code.
|
---|
1035 | * @retval VERR_BUFFER_OVERFLOW if the final property name length exceeds the maximum supported length.
|
---|
1036 | * @param pCache Pointer to guest property cache to update user in.
|
---|
1037 | * @param pszUser Name of guest user to update.
|
---|
1038 | * @param pszDomain Domain of guest user to update. Optional.
|
---|
1039 | * @param pwszSid The user's SID as a string. Might be NULL if not supported (NT4).
|
---|
1040 | * @param pszKey Key name of guest property to update.
|
---|
1041 | * @param pszValueFormat Guest property value to set. Pass NULL for deleting
|
---|
1042 | * the property.
|
---|
1043 | * @param va Variable arguments.
|
---|
1044 | */
|
---|
1045 | static int vgsvcVMInfoWinUserUpdateFallbackV(PVBOXSERVICEVEPROPCACHE pCache, const char *pszUser, const char *pszDomain,
|
---|
1046 | WCHAR *pwszSid, const char *pszKey, const char *pszValueFormat, va_list va)
|
---|
1047 | {
|
---|
1048 | int rc = VGSvcUserUpdateF(pCache, pszUser, NULL /* pszDomain */, "Domain", pszDomain);
|
---|
1049 | if (pwszSid && RT_SUCCESS(rc))
|
---|
1050 | rc = VGSvcUserUpdateF(pCache, pszUser, NULL /* pszDomain */, "SID", "%ls", pwszSid);
|
---|
1051 |
|
---|
1052 | /* Last but no least, write the actual guest property value we initially were called for.
|
---|
1053 | * We always do this, no matter of what the outcome from above was. */
|
---|
1054 | int rc2 = VGSvcUserUpdateV(pCache, pszUser, NULL /* pszDomain */, pszKey, pszValueFormat, va);
|
---|
1055 | if (RT_SUCCESS(rc))
|
---|
1056 | rc2 = rc;
|
---|
1057 |
|
---|
1058 | return rc;
|
---|
1059 | }
|
---|
1060 |
|
---|
1061 |
|
---|
1062 | /**
|
---|
1063 | * Wrapper function for VGSvcUserUpdateF() that deals with too long guest property names.
|
---|
1064 | *
|
---|
1065 | * @return VBox status code.
|
---|
1066 | * @retval VERR_BUFFER_OVERFLOW if the final property name length exceeds the maximum supported length.
|
---|
1067 | * @param pCache Pointer to guest property cache to update user in.
|
---|
1068 | * @param pszUser Name of guest user to update.
|
---|
1069 | * @param pszDomain Domain of guest user to update. Optional.
|
---|
1070 | * @param pszKey Key name of guest property to update.
|
---|
1071 | * @param pszValueFormat Guest property value to set. Pass NULL for deleting
|
---|
1072 | * the property.
|
---|
1073 | * @param ... Variable arguments.
|
---|
1074 | */
|
---|
1075 | static int vgsvcVMInfoWinUserUpdateF(PVBOXSERVICEVEPROPCACHE pCache, const char *pszUser, const char *pszDomain,
|
---|
1076 | const char *pszKey, const char *pszValueFormat, ...)
|
---|
1077 | {
|
---|
1078 | va_list va;
|
---|
1079 | va_start(va, pszValueFormat);
|
---|
1080 |
|
---|
1081 | /* First, try to write stuff as we always did, to not break older VBox versions. */
|
---|
1082 | int rc = VGSvcUserUpdateV(pCache, pszUser, pszDomain, pszKey, pszValueFormat, va);
|
---|
1083 | if (rc == VERR_BUFFER_OVERFLOW)
|
---|
1084 | {
|
---|
1085 | /**
|
---|
1086 | * If the constructed property name was too long, we have to be a little more creative here:
|
---|
1087 | *
|
---|
1088 | * - only use the user name as part of the property name from now on
|
---|
1089 | * - write the domain name into a separate "Domain" property
|
---|
1090 | * - write the (full) SID into a separate "SID" property
|
---|
1091 | */
|
---|
1092 | PSID pSid;
|
---|
1093 | rc = vgsvcVMInfoWinUserSidLookup(pszUser, &pSid); /** @todo Shall we cache this? */
|
---|
1094 | if (RT_SUCCESS(rc))
|
---|
1095 | {
|
---|
1096 | WCHAR *pwszSid = NULL;
|
---|
1097 | if (g_pfnConvertSidToStringSidW)
|
---|
1098 | g_pfnConvertSidToStringSidW(pSid, &pwszSid); /** @todo Ditto. */
|
---|
1099 |
|
---|
1100 | rc = vgsvcVMInfoWinUserUpdateFallbackV(pCache, pszUser, pszDomain, pwszSid, pszKey, pszValueFormat, va);
|
---|
1101 | if (RT_FAILURE(rc))
|
---|
1102 | {
|
---|
1103 | /**
|
---|
1104 | * If using the sole user name as a property name still is too long or something else failed,
|
---|
1105 | * at least try to look up the user's RID (relative identifier). Note that the RID always is bound to the
|
---|
1106 | * to the authority that issued the SID.
|
---|
1107 | */
|
---|
1108 | int const cSubAuth = *GetSidSubAuthorityCount(pSid);
|
---|
1109 | if (cSubAuth > 1)
|
---|
1110 | {
|
---|
1111 | DWORD const dwUserRid = *GetSidSubAuthority(pSid, cSubAuth - 1);
|
---|
1112 | char szUserRid[16 + 1];
|
---|
1113 | if (RTStrPrintf2(szUserRid, sizeof(szUserRid), "%ld", dwUserRid) > 0)
|
---|
1114 | {
|
---|
1115 | rc = vgsvcVMInfoWinUserUpdateFallbackV(pCache, szUserRid, pszDomain, pwszSid, pszKey,
|
---|
1116 | pszValueFormat, va);
|
---|
1117 | /* Also write the resolved user name into a dedicated key,
|
---|
1118 | * so that it's easier to look it up for the host. */
|
---|
1119 | if (RT_SUCCESS(rc))
|
---|
1120 | rc = VGSvcUserUpdateF(pCache, szUserRid, NULL /* pszDomain */, "User", pszUser);
|
---|
1121 | }
|
---|
1122 | else
|
---|
1123 | rc = VERR_BUFFER_OVERFLOW;
|
---|
1124 | }
|
---|
1125 | /* else not much else we can do then. */
|
---|
1126 | }
|
---|
1127 |
|
---|
1128 | if (pwszSid)
|
---|
1129 | {
|
---|
1130 | LocalFree(pwszSid);
|
---|
1131 | pwszSid = NULL;
|
---|
1132 | }
|
---|
1133 |
|
---|
1134 | vgsvcVMInfoWinUserSidDestroy(pSid);
|
---|
1135 | }
|
---|
1136 | else
|
---|
1137 | VGSvcError("Looking up SID for user '%s' (domain '%s') failed with %Rrc\n", pszUser, pszDomain, rc);
|
---|
1138 | }
|
---|
1139 | va_end(va);
|
---|
1140 | return rc;
|
---|
1141 | }
|
---|
1142 |
|
---|
1143 |
|
---|
1144 | static int vgsvcVMInfoWinWriteLastInput(PVBOXSERVICEVEPROPCACHE pCache, const char *pszUser, const char *pszDomain)
|
---|
1145 | {
|
---|
1146 | AssertPtrReturn(pCache, VERR_INVALID_POINTER);
|
---|
1147 | AssertPtrReturn(pszUser, VERR_INVALID_POINTER);
|
---|
1148 | /* pszDomain is optional. */
|
---|
1149 |
|
---|
1150 | char szPipeName[512 + sizeof(VBOXTRAY_IPC_PIPE_PREFIX)];
|
---|
1151 | memcpy(szPipeName, VBOXTRAY_IPC_PIPE_PREFIX, sizeof(VBOXTRAY_IPC_PIPE_PREFIX));
|
---|
1152 | int rc = RTStrCat(szPipeName, sizeof(szPipeName), pszUser);
|
---|
1153 | if (RT_SUCCESS(rc))
|
---|
1154 | {
|
---|
1155 | bool fReportToHost = false;
|
---|
1156 | VBoxGuestUserState userState = VBoxGuestUserState_Unknown;
|
---|
1157 |
|
---|
1158 | RTLOCALIPCSESSION hSession;
|
---|
1159 | rc = RTLocalIpcSessionConnect(&hSession, szPipeName, RTLOCALIPC_FLAGS_NATIVE_NAME);
|
---|
1160 | if (RT_SUCCESS(rc))
|
---|
1161 | {
|
---|
1162 | VBOXTRAYIPCHEADER ipcHdr =
|
---|
1163 | {
|
---|
1164 | /* .uMagic = */ VBOXTRAY_IPC_HDR_MAGIC,
|
---|
1165 | /* .uVersion = */ VBOXTRAY_IPC_HDR_VERSION,
|
---|
1166 | /* .enmMsgType = */ VBOXTRAYIPCMSGTYPE_USER_LAST_INPUT,
|
---|
1167 | /* .cbPayload = */ 0 /* No payload */
|
---|
1168 | };
|
---|
1169 |
|
---|
1170 | rc = RTLocalIpcSessionWrite(hSession, &ipcHdr, sizeof(ipcHdr));
|
---|
1171 | if (RT_SUCCESS(rc))
|
---|
1172 | {
|
---|
1173 | VBOXTRAYIPCREPLY_USER_LAST_INPUT_T ipcReply;
|
---|
1174 | rc = RTLocalIpcSessionRead(hSession, &ipcReply, sizeof(ipcReply), NULL /* Exact read */);
|
---|
1175 | if ( RT_SUCCESS(rc)
|
---|
1176 | /* If uLastInput is set to UINT32_MAX VBoxTray was not able to retrieve the
|
---|
1177 | * user's last input time. This might happen when running on Windows NT4 or older. */
|
---|
1178 | && ipcReply.cSecSinceLastInput != UINT32_MAX)
|
---|
1179 | {
|
---|
1180 | userState = ipcReply.cSecSinceLastInput * 1000 < g_uVMInfoUserIdleThresholdMS
|
---|
1181 | ? VBoxGuestUserState_InUse
|
---|
1182 | : VBoxGuestUserState_Idle;
|
---|
1183 |
|
---|
1184 | rc = vgsvcVMInfoWinUserUpdateF(pCache, pszUser, pszDomain, "UsageState",
|
---|
1185 | userState == VBoxGuestUserState_InUse ? "InUse" : "Idle");
|
---|
1186 | /*
|
---|
1187 | * Note: vboxServiceUserUpdateF can return VINF_NO_CHANGE in case there wasn't anything
|
---|
1188 | * to update. So only report the user's status to host when we really got something
|
---|
1189 | * new.
|
---|
1190 | */
|
---|
1191 | fReportToHost = rc == VINF_SUCCESS;
|
---|
1192 | VGSvcVerbose(4, "User '%s' (domain '%s') is idle for %RU32, fReportToHost=%RTbool\n",
|
---|
1193 | pszUser, pszDomain ? pszDomain : "<None>", ipcReply.cSecSinceLastInput, fReportToHost);
|
---|
1194 |
|
---|
1195 | #if 0 /* Do we want to write the idle time as well? */
|
---|
1196 | /* Also write the user's current idle time, if there is any. */
|
---|
1197 | if (userState == VBoxGuestUserState_Idle)
|
---|
1198 | rc = vgsvcVMInfoWinUserUpdateF(pCache, pszUser, pszDomain, "IdleTimeMs", "%RU32",
|
---|
1199 | ipcReply.cSecSinceLastInput);
|
---|
1200 | else
|
---|
1201 | rc = vgsvcVMInfoWinUserUpdateF(pCache, pszUser, pszDomain, "IdleTimeMs",
|
---|
1202 | NULL /* Delete property */);
|
---|
1203 | if (RT_SUCCESS(rc))
|
---|
1204 | #endif
|
---|
1205 | }
|
---|
1206 | #ifdef DEBUG
|
---|
1207 | else if (RT_SUCCESS(rc) && ipcReply.cSecSinceLastInput == UINT32_MAX)
|
---|
1208 | VGSvcVerbose(4, "Last input for user '%s' is not supported, skipping\n", pszUser, rc);
|
---|
1209 | #endif
|
---|
1210 | }
|
---|
1211 | #ifdef DEBUG
|
---|
1212 | VGSvcVerbose(4, "Getting last input for user '%s' ended with rc=%Rrc\n", pszUser, rc);
|
---|
1213 | #endif
|
---|
1214 | int rc2 = RTLocalIpcSessionClose(hSession);
|
---|
1215 | if (RT_SUCCESS(rc) && RT_FAILURE(rc2))
|
---|
1216 | rc = rc2;
|
---|
1217 | }
|
---|
1218 | else
|
---|
1219 | {
|
---|
1220 | switch (rc)
|
---|
1221 | {
|
---|
1222 | case VERR_FILE_NOT_FOUND:
|
---|
1223 | {
|
---|
1224 | /* No VBoxTray (or too old version which does not support IPC) running
|
---|
1225 | for the given user. Not much we can do then. */
|
---|
1226 | VGSvcVerbose(4, "VBoxTray for user '%s' not running (anymore), no last input available\n", pszUser);
|
---|
1227 |
|
---|
1228 | /* Overwrite rc from above. */
|
---|
1229 | rc = vgsvcVMInfoWinUserUpdateF(pCache, pszUser, pszDomain, "UsageState", "Idle");
|
---|
1230 |
|
---|
1231 | fReportToHost = rc == VINF_SUCCESS;
|
---|
1232 | if (fReportToHost)
|
---|
1233 | userState = VBoxGuestUserState_Idle;
|
---|
1234 | break;
|
---|
1235 | }
|
---|
1236 |
|
---|
1237 | default:
|
---|
1238 | VGSvcError("Error querying last input for user '%s', rc=%Rrc\n", pszUser, rc);
|
---|
1239 | break;
|
---|
1240 | }
|
---|
1241 | }
|
---|
1242 |
|
---|
1243 | if (fReportToHost)
|
---|
1244 | {
|
---|
1245 | Assert(userState != VBoxGuestUserState_Unknown);
|
---|
1246 | int rc2 = VbglR3GuestUserReportState(pszUser, pszDomain, userState, NULL /* No details */, 0);
|
---|
1247 | if (RT_FAILURE(rc2))
|
---|
1248 | VGSvcError("Error reporting usage state %d for user '%s' to host, rc=%Rrc\n", userState, pszUser, rc2);
|
---|
1249 | if (RT_SUCCESS(rc))
|
---|
1250 | rc = rc2;
|
---|
1251 | }
|
---|
1252 | }
|
---|
1253 |
|
---|
1254 | return rc;
|
---|
1255 | }
|
---|
1256 |
|
---|
1257 |
|
---|
1258 | /**
|
---|
1259 | * Retrieves the currently logged in users and stores their names along with the
|
---|
1260 | * user count.
|
---|
1261 | *
|
---|
1262 | * @returns VBox status code.
|
---|
1263 | * @param pCache Property cache to use for storing some of the lookup
|
---|
1264 | * data in between calls.
|
---|
1265 | * @param ppszUserList Where to store the user list (separated by commas).
|
---|
1266 | * Must be freed with RTStrFree().
|
---|
1267 | * @param pcUsersInList Where to store the number of users in the list.
|
---|
1268 | */
|
---|
1269 | int VGSvcVMInfoWinWriteUsers(PVBOXSERVICEVEPROPCACHE pCache, char **ppszUserList, uint32_t *pcUsersInList)
|
---|
1270 | {
|
---|
1271 | AssertPtrReturn(pCache, VERR_INVALID_POINTER);
|
---|
1272 | AssertPtrReturn(ppszUserList, VERR_INVALID_POINTER);
|
---|
1273 | AssertPtrReturn(pcUsersInList, VERR_INVALID_POINTER);
|
---|
1274 |
|
---|
1275 | int rc = RTOnce(&g_vgsvcWinVmInitOnce, vgsvcWinVmInfoInitOnce, NULL);
|
---|
1276 | if (RT_FAILURE(rc))
|
---|
1277 | return rc;
|
---|
1278 | if (!g_pfnLsaEnumerateLogonSessions || !g_pfnEnumProcesses || !g_pfnLsaNtStatusToWinError)
|
---|
1279 | return VERR_NOT_SUPPORTED;
|
---|
1280 |
|
---|
1281 | rc = VbglR3GuestPropConnect(&s_uDebugGuestPropClientID);
|
---|
1282 | AssertRC(rc);
|
---|
1283 |
|
---|
1284 | char *pszUserList = NULL;
|
---|
1285 | uint32_t cUsersInList = 0;
|
---|
1286 |
|
---|
1287 | /* This function can report stale or orphaned interactive logon sessions
|
---|
1288 | of already logged off users (especially in Windows 2000). */
|
---|
1289 | PLUID paSessions = NULL;
|
---|
1290 | ULONG cSessions = 0;
|
---|
1291 | NTSTATUS rcNt = g_pfnLsaEnumerateLogonSessions(&cSessions, &paSessions);
|
---|
1292 | if (rcNt != STATUS_SUCCESS)
|
---|
1293 | {
|
---|
1294 | ULONG uError = g_pfnLsaNtStatusToWinError(rcNt);
|
---|
1295 | switch (uError)
|
---|
1296 | {
|
---|
1297 | case ERROR_NOT_ENOUGH_MEMORY:
|
---|
1298 | VGSvcError("Not enough memory to enumerate logon sessions!\n");
|
---|
1299 | break;
|
---|
1300 |
|
---|
1301 | case ERROR_SHUTDOWN_IN_PROGRESS:
|
---|
1302 | /* If we're about to shutdown when we were in the middle of enumerating the logon
|
---|
1303 | * sessions, skip the error to not confuse the user with an unnecessary log message. */
|
---|
1304 | VGSvcVerbose(3, "Shutdown in progress ...\n");
|
---|
1305 | uError = ERROR_SUCCESS;
|
---|
1306 | break;
|
---|
1307 |
|
---|
1308 | default:
|
---|
1309 | VGSvcError("LsaEnumerate failed with error %RU32\n", uError);
|
---|
1310 | break;
|
---|
1311 | }
|
---|
1312 |
|
---|
1313 | if (paSessions)
|
---|
1314 | g_pfnLsaFreeReturnBuffer(paSessions);
|
---|
1315 |
|
---|
1316 | return RTErrConvertFromWin32(uError);
|
---|
1317 | }
|
---|
1318 | VGSvcVerbose(3, "Found %u sessions\n", cSessions);
|
---|
1319 |
|
---|
1320 | PVBOXSERVICEVMINFOPROC paProcs;
|
---|
1321 | DWORD cProcs;
|
---|
1322 | rc = vgsvcVMInfoWinProcessesEnumerate(&paProcs, &cProcs);
|
---|
1323 | if (RT_FAILURE(rc))
|
---|
1324 | {
|
---|
1325 | if (rc == VERR_NO_MEMORY)
|
---|
1326 | VGSvcError("Not enough memory to enumerate processes\n");
|
---|
1327 | else
|
---|
1328 | VGSvcError("Failed to enumerate processes, rc=%Rrc\n", rc);
|
---|
1329 | }
|
---|
1330 | else
|
---|
1331 | {
|
---|
1332 | PVBOXSERVICEVMINFOUSER pUserInfo;
|
---|
1333 | pUserInfo = (PVBOXSERVICEVMINFOUSER)RTMemAllocZ(cSessions * sizeof(VBOXSERVICEVMINFOUSER) + 1);
|
---|
1334 | if (!pUserInfo)
|
---|
1335 | VGSvcError("Not enough memory to store enumerated users!\n");
|
---|
1336 | else
|
---|
1337 | {
|
---|
1338 | ULONG cUniqueUsers = 0;
|
---|
1339 |
|
---|
1340 | /*
|
---|
1341 | * Note: The cSessions loop variable does *not* correlate with
|
---|
1342 | * the Windows session ID!
|
---|
1343 | */
|
---|
1344 | for (ULONG i = 0; i < cSessions; i++)
|
---|
1345 | {
|
---|
1346 | VGSvcVerbose(3, "Handling session %RU32 (of %RU32)\n", i + 1, cSessions);
|
---|
1347 |
|
---|
1348 | VBOXSERVICEVMINFOUSER userSession;
|
---|
1349 | if (vgsvcVMInfoWinIsLoggedIn(&userSession, &paSessions[i]))
|
---|
1350 | {
|
---|
1351 | VGSvcVerbose(4, "Handling user=%ls, domain=%ls, package=%ls, session=%RU32\n",
|
---|
1352 | userSession.wszUser, userSession.wszLogonDomain, userSession.wszAuthenticationPackage,
|
---|
1353 | userSession.ulLastSession);
|
---|
1354 |
|
---|
1355 | /* Retrieve assigned processes of current session. */
|
---|
1356 | uint32_t cCurSessionProcs = vgsvcVMInfoWinSessionHasProcesses(&paSessions[i], paProcs, cProcs,
|
---|
1357 | NULL /* Terminal session ID */);
|
---|
1358 | /* Don't return here when current session does not have assigned processes
|
---|
1359 | * anymore -- in that case we have to search through the unique users list below
|
---|
1360 | * and see if got a stale user/session entry. */
|
---|
1361 |
|
---|
1362 | if (g_cVerbosity > 3)
|
---|
1363 | {
|
---|
1364 | char szDebugSessionPath[255];
|
---|
1365 | RTStrPrintf(szDebugSessionPath, sizeof(szDebugSessionPath),
|
---|
1366 | "/VirtualBox/GuestInfo/Debug/LSA/Session/%RU32", userSession.ulLastSession);
|
---|
1367 | VGSvcWritePropF(s_uDebugGuestPropClientID, szDebugSessionPath,
|
---|
1368 | "#%RU32: cSessionProcs=%RU32 (of %RU32 procs total)",
|
---|
1369 | s_uDebugIter, cCurSessionProcs, cProcs);
|
---|
1370 | }
|
---|
1371 |
|
---|
1372 | bool fFoundUser = false;
|
---|
1373 | for (ULONG a = 0; a < cUniqueUsers; a++)
|
---|
1374 | {
|
---|
1375 | PVBOXSERVICEVMINFOUSER pCurUser = &pUserInfo[a];
|
---|
1376 | AssertPtr(pCurUser);
|
---|
1377 |
|
---|
1378 | if ( !RTUtf16Cmp(userSession.wszUser, pCurUser->wszUser)
|
---|
1379 | && !RTUtf16Cmp(userSession.wszLogonDomain, pCurUser->wszLogonDomain)
|
---|
1380 | && !RTUtf16Cmp(userSession.wszAuthenticationPackage, pCurUser->wszAuthenticationPackage))
|
---|
1381 | {
|
---|
1382 | /*
|
---|
1383 | * Only respect the highest session for the current user.
|
---|
1384 | */
|
---|
1385 | if (userSession.ulLastSession > pCurUser->ulLastSession)
|
---|
1386 | {
|
---|
1387 | VGSvcVerbose(4, "Updating user=%ls to %u processes (last used session: %RU32)\n",
|
---|
1388 | pCurUser->wszUser, cCurSessionProcs, userSession.ulLastSession);
|
---|
1389 |
|
---|
1390 | if (!cCurSessionProcs)
|
---|
1391 | VGSvcVerbose(3, "Stale session for user=%ls detected! Processes: %RU32 -> %RU32, Session: %RU32 -> %RU32\n",
|
---|
1392 | pCurUser->wszUser, pCurUser->ulNumProcs, cCurSessionProcs,
|
---|
1393 | pCurUser->ulLastSession, userSession.ulLastSession);
|
---|
1394 |
|
---|
1395 | pCurUser->ulNumProcs = cCurSessionProcs;
|
---|
1396 | pCurUser->ulLastSession = userSession.ulLastSession;
|
---|
1397 | }
|
---|
1398 | /* There can be multiple session objects using the same session ID for the
|
---|
1399 | * current user -- so when we got the same session again just add the found
|
---|
1400 | * processes to it. */
|
---|
1401 | else if (pCurUser->ulLastSession == userSession.ulLastSession)
|
---|
1402 | {
|
---|
1403 | VGSvcVerbose(4, "Updating processes for user=%ls (old procs=%RU32, new procs=%RU32, session=%RU32)\n",
|
---|
1404 | pCurUser->wszUser, pCurUser->ulNumProcs, cCurSessionProcs, pCurUser->ulLastSession);
|
---|
1405 |
|
---|
1406 | pCurUser->ulNumProcs = cCurSessionProcs;
|
---|
1407 | }
|
---|
1408 |
|
---|
1409 | fFoundUser = true;
|
---|
1410 | break;
|
---|
1411 | }
|
---|
1412 | }
|
---|
1413 |
|
---|
1414 | if (!fFoundUser)
|
---|
1415 | {
|
---|
1416 | VGSvcVerbose(4, "Adding new user=%ls (session=%RU32) with %RU32 processes\n",
|
---|
1417 | userSession.wszUser, userSession.ulLastSession, cCurSessionProcs);
|
---|
1418 |
|
---|
1419 | memcpy(&pUserInfo[cUniqueUsers], &userSession, sizeof(VBOXSERVICEVMINFOUSER));
|
---|
1420 | pUserInfo[cUniqueUsers].ulNumProcs = cCurSessionProcs;
|
---|
1421 | cUniqueUsers++;
|
---|
1422 | Assert(cUniqueUsers <= cSessions);
|
---|
1423 | }
|
---|
1424 | }
|
---|
1425 | }
|
---|
1426 |
|
---|
1427 | if (g_cVerbosity > 3)
|
---|
1428 | VGSvcWritePropF(s_uDebugGuestPropClientID, "/VirtualBox/GuestInfo/Debug/LSA",
|
---|
1429 | "#%RU32: cSessions=%RU32, cProcs=%RU32, cUniqueUsers=%RU32",
|
---|
1430 | s_uDebugIter, cSessions, cProcs, cUniqueUsers);
|
---|
1431 |
|
---|
1432 | VGSvcVerbose(3, "Found %u unique logged-in user(s)\n", cUniqueUsers);
|
---|
1433 |
|
---|
1434 | for (ULONG i = 0; i < cUniqueUsers; i++)
|
---|
1435 | {
|
---|
1436 | if (g_cVerbosity > 3)
|
---|
1437 | {
|
---|
1438 | char szDebugUserPath[255]; RTStrPrintf(szDebugUserPath, sizeof(szDebugUserPath), "/VirtualBox/GuestInfo/Debug/LSA/User/%RU32", i);
|
---|
1439 | VGSvcWritePropF(s_uDebugGuestPropClientID, szDebugUserPath,
|
---|
1440 | "#%RU32: szName=%ls, sessionID=%RU32, cProcs=%RU32",
|
---|
1441 | s_uDebugIter, pUserInfo[i].wszUser, pUserInfo[i].ulLastSession, pUserInfo[i].ulNumProcs);
|
---|
1442 | }
|
---|
1443 |
|
---|
1444 | bool fAddUser = false;
|
---|
1445 | if (pUserInfo[i].ulNumProcs)
|
---|
1446 | fAddUser = true;
|
---|
1447 |
|
---|
1448 | if (fAddUser)
|
---|
1449 | {
|
---|
1450 | VGSvcVerbose(3, "User '%ls' has %RU32 interactive processes (session=%RU32)\n",
|
---|
1451 | pUserInfo[i].wszUser, pUserInfo[i].ulNumProcs, pUserInfo[i].ulLastSession);
|
---|
1452 |
|
---|
1453 | if (cUsersInList > 0)
|
---|
1454 | {
|
---|
1455 | rc = RTStrAAppend(&pszUserList, ",");
|
---|
1456 | AssertRCBreakStmt(rc, RTStrFree(pszUserList));
|
---|
1457 | }
|
---|
1458 |
|
---|
1459 | cUsersInList += 1;
|
---|
1460 |
|
---|
1461 | char *pszUser = NULL;
|
---|
1462 | char *pszDomain = NULL;
|
---|
1463 | rc = RTUtf16ToUtf8(pUserInfo[i].wszUser, &pszUser);
|
---|
1464 | if ( RT_SUCCESS(rc)
|
---|
1465 | && pUserInfo[i].wszLogonDomain)
|
---|
1466 | rc = RTUtf16ToUtf8(pUserInfo[i].wszLogonDomain, &pszDomain);
|
---|
1467 | if (RT_SUCCESS(rc))
|
---|
1468 | {
|
---|
1469 | /* Append user to users list. */
|
---|
1470 | rc = RTStrAAppend(&pszUserList, pszUser);
|
---|
1471 |
|
---|
1472 | /* Do idle detection. */
|
---|
1473 | if (RT_SUCCESS(rc))
|
---|
1474 | rc = vgsvcVMInfoWinWriteLastInput(pCache, pszUser, pszDomain);
|
---|
1475 | }
|
---|
1476 | else
|
---|
1477 | rc = RTStrAAppend(&pszUserList, "<string-conversion-error>");
|
---|
1478 |
|
---|
1479 | RTStrFree(pszUser);
|
---|
1480 | RTStrFree(pszDomain);
|
---|
1481 |
|
---|
1482 | AssertRCBreakStmt(rc, RTStrFree(pszUserList));
|
---|
1483 | }
|
---|
1484 | }
|
---|
1485 |
|
---|
1486 | RTMemFree(pUserInfo);
|
---|
1487 | }
|
---|
1488 | vgsvcVMInfoWinProcessesFree(cProcs, paProcs);
|
---|
1489 | }
|
---|
1490 | if (paSessions)
|
---|
1491 | g_pfnLsaFreeReturnBuffer(paSessions);
|
---|
1492 |
|
---|
1493 | if (RT_SUCCESS(rc))
|
---|
1494 | {
|
---|
1495 | *ppszUserList = pszUserList;
|
---|
1496 | *pcUsersInList = cUsersInList;
|
---|
1497 | }
|
---|
1498 |
|
---|
1499 | s_uDebugIter++;
|
---|
1500 | VbglR3GuestPropDisconnect(s_uDebugGuestPropClientID);
|
---|
1501 |
|
---|
1502 | return rc;
|
---|
1503 | }
|
---|
1504 |
|
---|
1505 |
|
---|
1506 | int VGSvcVMInfoWinGetComponentVersions(uint32_t uClientID)
|
---|
1507 | {
|
---|
1508 | int rc;
|
---|
1509 | char szSysDir[MAX_PATH] = {0};
|
---|
1510 | char szWinDir[MAX_PATH] = {0};
|
---|
1511 | char szDriversDir[MAX_PATH + 32] = {0};
|
---|
1512 |
|
---|
1513 | /* ASSUME: szSysDir and szWinDir and derivatives are always ASCII compatible. */
|
---|
1514 | GetSystemDirectory(szSysDir, MAX_PATH);
|
---|
1515 | GetWindowsDirectory(szWinDir, MAX_PATH);
|
---|
1516 | RTStrPrintf(szDriversDir, sizeof(szDriversDir), "%s\\drivers", szSysDir);
|
---|
1517 | #ifdef RT_ARCH_AMD64
|
---|
1518 | char szSysWowDir[MAX_PATH + 32] = {0};
|
---|
1519 | RTStrPrintf(szSysWowDir, sizeof(szSysWowDir), "%s\\SysWow64", szWinDir);
|
---|
1520 | #endif
|
---|
1521 |
|
---|
1522 | /* The file information table. */
|
---|
1523 | const VBOXSERVICEVMINFOFILE aVBoxFiles[] =
|
---|
1524 | {
|
---|
1525 | { szSysDir, "VBoxControl.exe" },
|
---|
1526 | { szSysDir, "VBoxHook.dll" },
|
---|
1527 | { szSysDir, "VBoxDisp.dll" },
|
---|
1528 | { szSysDir, "VBoxTray.exe" },
|
---|
1529 | { szSysDir, "VBoxService.exe" },
|
---|
1530 | { szSysDir, "VBoxMRXNP.dll" },
|
---|
1531 | { szSysDir, "VBoxGINA.dll" },
|
---|
1532 | { szSysDir, "VBoxCredProv.dll" },
|
---|
1533 |
|
---|
1534 | /* On 64-bit we don't yet have the OpenGL DLLs in native format.
|
---|
1535 | So just enumerate the 32-bit files in the SYSWOW directory. */
|
---|
1536 | #ifdef RT_ARCH_AMD64
|
---|
1537 | { szSysWowDir, "VBoxOGL-x86.dll" },
|
---|
1538 | #else /* !RT_ARCH_AMD64 */
|
---|
1539 | { szSysDir, "VBoxOGL.dll" },
|
---|
1540 | #endif /* !RT_ARCH_AMD64 */
|
---|
1541 |
|
---|
1542 | { szDriversDir, "VBoxGuest.sys" },
|
---|
1543 | { szDriversDir, "VBoxMouseNT.sys" },
|
---|
1544 | { szDriversDir, "VBoxMouse.sys" },
|
---|
1545 | { szDriversDir, "VBoxSF.sys" },
|
---|
1546 | { szDriversDir, "VBoxVideo.sys" },
|
---|
1547 | };
|
---|
1548 |
|
---|
1549 | for (unsigned i = 0; i < RT_ELEMENTS(aVBoxFiles); i++)
|
---|
1550 | {
|
---|
1551 | char szVer[128];
|
---|
1552 | rc = VGSvcUtilWinGetFileVersionString(aVBoxFiles[i].pszFilePath, aVBoxFiles[i].pszFileName, szVer, sizeof(szVer));
|
---|
1553 | char szPropPath[256];
|
---|
1554 | RTStrPrintf(szPropPath, sizeof(szPropPath), "/VirtualBox/GuestAdd/Components/%s", aVBoxFiles[i].pszFileName);
|
---|
1555 | if ( rc != VERR_FILE_NOT_FOUND
|
---|
1556 | && rc != VERR_PATH_NOT_FOUND)
|
---|
1557 | VGSvcWritePropF(uClientID, szPropPath, "%s", szVer);
|
---|
1558 | else
|
---|
1559 | VGSvcWritePropF(uClientID, szPropPath, NULL);
|
---|
1560 | }
|
---|
1561 |
|
---|
1562 | return VINF_SUCCESS;
|
---|
1563 | }
|
---|
1564 |
|
---|