VBoxServiceVMInfo-win.cpp@ 40363

Last change on this file since 40363 was 40158, checked in by vboxsync, 13 years ago
VBoxService/users-win: Added session change detection, more fun with logged-in user detection.
Property svn:eol-style set to `native` Property svn:keywords set to `Author Date Id Revision`
File size: 36.5 KB

Line
1	/* $Id: VBoxServiceVMInfo-win.cpp 40158 2012-02-16 17:06:35Z vboxsync $ */
2	/** @file
3	* VBoxService - Virtual Machine Information for the Host, Windows specifics.
4	*/
5
6	/*
7	* Copyright (C) 2009-2010 Oracle Corporation
8	*
9	* This file is part of VirtualBox Open Source Edition (OSE), as
10	* available from http://www.virtualbox.org. This file is free software;
11	* you can redistribute it and/or modify it under the terms of the GNU
12	* General Public License (GPL) as published by the Free Software
13	* Foundation, in version 2 as it comes in the "COPYING" file of the
14	* VirtualBox OSE distribution. VirtualBox OSE is distributed in the
15	* hope that it will be useful, but WITHOUT ANY WARRANTY of any kind.
16	*/
17
18
19	/*******************************************************************************
20	* Header Files *
21	*******************************************************************************/
22	#if defined(_WIN32_WINNT) && _WIN32_WINNT < 0x0502
23	# undef _WIN32_WINNT
24	# define _WIN32_WINNT 0x0502 /* CachedRemoteInteractive in recent SDKs. */
25	#endif
26	#include <Windows.h>
27	#include <wtsapi32.h> /* For WTS* calls. */
28	#include <psapi.h> /* EnumProcesses. */
29	#include <Ntsecapi.h> /* Needed for process security information. */
30
31	#include <iprt/assert.h>
32	#include <iprt/ldr.h>
33	#include <iprt/mem.h>
34	#include <iprt/thread.h>
35	#include <iprt/string.h>
36	#include <iprt/semaphore.h>
37	#include <iprt/system.h>
38	#include <iprt/time.h>
39	#include <VBox/VBoxGuestLib.h>
40	#include "VBoxServiceInternal.h"
41	#include "VBoxServiceUtils.h"
42
43
44	/*******************************************************************************
45	* Structures and Typedefs *
46	*******************************************************************************/
47	/** Structure for storing the looked up user information. */
48	typedef struct
49	{
50	WCHAR wszUser[_MAX_PATH];
51	WCHAR wszAuthenticationPackage[_MAX_PATH];
52	WCHAR wszLogonDomain[_MAX_PATH];
53	/** Number of assigned user processes. */
54	ULONG ulNumProcs;
55	/** Last (highest) session number. This
56	* is needed for distinguishing old session
57	* process counts from new (current) session
58	* ones. */
59	ULONG ulSession;
60	} VBOXSERVICEVMINFOUSER, *PVBOXSERVICEVMINFOUSER;
61
62	/** Structure for the file information lookup. */
63	typedef struct
64	{
65	char *pszFilePath;
66	char *pszFileName;
67	} VBOXSERVICEVMINFOFILE, *PVBOXSERVICEVMINFOFILE;
68
69	/** Structure for process information lookup. */
70	typedef struct
71	{
72	/** The PID. */
73	DWORD id;
74	/** The LUID. */
75	LUID luid;
76	/** Interactive process. */
77	bool fInteractive;
78	} VBOXSERVICEVMINFOPROC, *PVBOXSERVICEVMINFOPROC;
79
80
81	/*******************************************************************************
82	* Prototypes
83	*******************************************************************************/
84	uint32_t VBoxServiceVMInfoWinSessionHasProcesses(PLUID pSession, PVBOXSERVICEVMINFOPROC const paProcs, DWORD cProcs);
85	bool VBoxServiceVMInfoWinIsLoggedIn(PVBOXSERVICEVMINFOUSER a_pUserInfo, PLUID a_pSession);
86	int VBoxServiceVMInfoWinProcessesEnumerate(PVBOXSERVICEVMINFOPROC ppProc, DWORD pdwCount);
87	void VBoxServiceVMInfoWinProcessesFree(PVBOXSERVICEVMINFOPROC paProcs);
88
89	typedef BOOL WINAPI FNQUERYFULLPROCESSIMAGENAME(HANDLE, DWORD, LPTSTR, PDWORD);
90	typedef FNQUERYFULLPROCESSIMAGENAME *PFNQUERYFULLPROCESSIMAGENAME;
91
92
93	#ifndef TARGET_NT4
94
95	/**
96	* Retrieves the module name of a given process.
97	*
98	* @return IPRT status code.
99	* @param pProc
100	* @param pszBuf
101	* @param cbBuf
102	*/
103	static int VBoxServiceVMInfoWinProcessesGetModuleName(PVBOXSERVICEVMINFOPROC const pProc,
104	TCHAR *pszName, size_t cbName)
105	{
106	AssertPtrReturn(pProc, VERR_INVALID_POINTER);
107	AssertPtrReturn(pszName, VERR_INVALID_POINTER);
108	AssertReturn(cbName, VERR_INVALID_PARAMETER);
109
110	OSVERSIONINFOEX OSInfoEx;
111	RT_ZERO(OSInfoEx);
112	OSInfoEx.dwOSVersionInfoSize = sizeof(OSVERSIONINFOEX);
113	if ( !GetVersionEx((LPOSVERSIONINFO) &OSInfoEx)
114	\|\| OSInfoEx.dwPlatformId != VER_PLATFORM_WIN32_NT)
115	{
116	/* Platform other than NT (e.g. Win9x) not supported. */
117	return VERR_NOT_SUPPORTED;
118	}
119
120	int rc = VINF_SUCCESS;
121
122	DWORD dwFlags = PROCESS_QUERY_INFORMATION \| PROCESS_VM_READ;
123	if (OSInfoEx.dwMajorVersion >= 6 /* Vista or later */)
124	dwFlags = 0x1000; /* = PROCESS_QUERY_LIMITED_INFORMATION; less privileges needed. */
125
126	HANDLE h = OpenProcess(dwFlags, FALSE, pProc->id);
127	if (h == NULL)
128	{
129	DWORD dwErr = GetLastError();
130	if (g_cVerbosity)
131	VBoxServiceError("Unable to open process with PID=%ld, error=%ld\n",
132	pProc->id, dwErr);
133	rc = RTErrConvertFromWin32(dwErr);
134	}
135	else
136	{
137	/* Since GetModuleFileNameEx has trouble with cross-bitness stuff (32-bit apps cannot query 64-bit
138	apps and vice verse) we have to use a different code path for Vista and up. */
139
140	/* Note: For 2000 + NT4 we might just use GetModuleFileName() instead. */
141	if (OSInfoEx.dwMajorVersion >= 6 /* Vista or later */)
142	{
143	/* Loading the module and getting the symbol for each and every process is expensive
144	* -- since this function (at the moment) only is used for debugging purposes it's okay. */
145	RTLDRMOD hMod;
146	rc = RTLdrLoad("kernel32.dll", &hMod);
147	if (RT_SUCCESS(rc))
148	{
149	PFNQUERYFULLPROCESSIMAGENAME pfnQueryFullProcessImageName;
150	rc = RTLdrGetSymbol(hMod, "QueryFullProcessImageNameA", (void **)&pfnQueryFullProcessImageName);
151	if (RT_SUCCESS(rc))
152	{
153	DWORD dwLen = cbName / sizeof(TCHAR);
154	if (!pfnQueryFullProcessImageName(h, 0 /PROCESS_NAME_NATIVE/, pszName, &dwLen))
155	rc = VERR_ACCESS_DENIED;
156	}
157
158	RTLdrClose(hMod);
159	}
160	}
161	else
162	{
163	if (!GetModuleFileNameEx(h, NULL /* Get main executable */, pszName, cbName / sizeof(TCHAR)))
164	rc = VERR_ACCESS_DENIED;
165	}
166
167	CloseHandle(h);
168	}
169
170	return rc;
171	}
172
173
174	/**
175	* Fills in more data for a process.
176	*
177	* @returns VBox status code.
178	* @param pProc The process structure to fill data into.
179	* @param tkClass The kind of token information to get.
180	*/
181	static int VBoxServiceVMInfoWinProcessesGetTokenInfo(PVBOXSERVICEVMINFOPROC pProc,
182	TOKEN_INFORMATION_CLASS tkClass)
183	{
184	AssertPtrReturn(pProc, VERR_INVALID_POINTER);
185
186	DWORD dwErr = ERROR_SUCCESS;
187	HANDLE h = OpenProcess(PROCESS_QUERY_INFORMATION, FALSE, pProc->id);
188	if (h == NULL)
189	{
190	dwErr = GetLastError();
191	if (g_cVerbosity > 4)
192	VBoxServiceError("Unable to open process with PID=%ld, error=%ld\n",
193	pProc->id, dwErr);
194	return RTErrConvertFromWin32(dwErr);
195	}
196
197	int rc = VINF_SUCCESS;
198	HANDLE hToken;
199	if (OpenProcessToken(h, TOKEN_QUERY, &hToken))
200	{
201	void *pvTokenInfo = NULL;
202	DWORD dwTokenInfoSize;
203	switch (tkClass)
204	{
205	case TokenStatistics:
206	dwTokenInfoSize = sizeof(TOKEN_STATISTICS);
207	pvTokenInfo = HeapAlloc(GetProcessHeap(),
208	HEAP_ZERO_MEMORY, dwTokenInfoSize);
209	AssertPtr(pvTokenInfo);
210	break;
211
212	case TokenGroups:
213	dwTokenInfoSize = 0;
214	/* Allocating will follow in a second step. */
215	break;
216
217	/** @todo Implement more token classes here. */
218
219	default:
220	VBoxServiceError("Token class not implemented: %ld", tkClass);
221	rc = VERR_NOT_IMPLEMENTED;
222	break;
223	}
224
225	if (RT_SUCCESS(rc))
226	{
227	DWORD dwRetLength;
228	if (!GetTokenInformation(hToken, tkClass, pvTokenInfo, dwTokenInfoSize, &dwRetLength))
229	{
230	dwErr = GetLastError();
231	if (dwErr == ERROR_INSUFFICIENT_BUFFER)
232	{
233	dwErr = ERROR_SUCCESS;
234
235	switch (tkClass)
236	{
237	case TokenGroups:
238	pvTokenInfo = (PTOKEN_GROUPS)HeapAlloc(GetProcessHeap(),
239	HEAP_ZERO_MEMORY, dwRetLength);
240	if (!pvTokenInfo)
241	dwErr = GetLastError();
242	dwTokenInfoSize = dwRetLength;
243	break;
244
245	default:
246	AssertMsgFailed(("Re-allocating of token information for token class not implemented\n"));
247	break;
248	}
249
250	if (dwErr == ERROR_SUCCESS)
251	{
252	if (!GetTokenInformation(hToken, tkClass, pvTokenInfo, dwTokenInfoSize, &dwRetLength))
253	dwErr = GetLastError();
254	}
255	}
256	}
257
258	if (dwErr == ERROR_SUCCESS)
259	{
260	rc = VINF_SUCCESS;
261
262	switch (tkClass)
263	{
264	case TokenStatistics:
265	{
266	PTOKEN_STATISTICS pStats = (PTOKEN_STATISTICS)pvTokenInfo;
267	memcpy(&pProc->luid, &pStats->AuthenticationId, sizeof(LUID));
268	/** @todo Add more information of TOKEN_STATISTICS as needed. */
269	break;
270	}
271
272	case TokenGroups:
273	{
274	pProc->fInteractive = false;
275
276	SID_IDENTIFIER_AUTHORITY sidAuthNT = SECURITY_NT_AUTHORITY;
277	PSID pSidInteractive = NULL; /* S-1-5-4 */
278	if (!AllocateAndInitializeSid(&sidAuthNT, 1, 4, 0, 0, 0, 0, 0, 0, 0, &pSidInteractive))
279	dwErr = GetLastError();
280
281	PSID pSidLocal = NULL; /* S-1-2-0 */
282	if (dwErr == ERROR_SUCCESS)
283	{
284	SID_IDENTIFIER_AUTHORITY sidAuthLocal = SECURITY_LOCAL_SID_AUTHORITY;
285	if (!AllocateAndInitializeSid(&sidAuthLocal, 1, 0, 0, 0, 0, 0, 0, 0, 0, &pSidLocal))
286	dwErr = GetLastError();
287	}
288
289	if (dwErr == ERROR_SUCCESS)
290	{
291	PTOKEN_GROUPS pGroups = (PTOKEN_GROUPS)pvTokenInfo;
292	AssertPtr(pGroups);
293	for (DWORD i = 0; i < pGroups->GroupCount; i++)
294	{
295	if ( EqualSid(pGroups->Groups[i].Sid, pSidInteractive)
296	\|\| EqualSid(pGroups->Groups[i].Sid, pSidLocal)
297	\|\| pGroups->Groups[i].Attributes & SE_GROUP_LOGON_ID)
298	{
299	pProc->fInteractive = true;
300	break;
301	}
302	}
303	}
304
305	if (pSidInteractive)
306	FreeSid(pSidInteractive);
307	if (pSidLocal)
308	FreeSid(pSidLocal);
309	break;
310	}
311
312	default:
313	AssertMsgFailed(("Unhandled token information class\n"));
314	break;
315	}
316	}
317
318	if (pvTokenInfo)
319	HeapFree(GetProcessHeap(), 0 /* Flags */, pvTokenInfo);
320	}
321	CloseHandle(hToken);
322	}
323	else
324	dwErr = GetLastError();
325
326	if (dwErr != ERROR_SUCCESS)
327	{
328	if (g_cVerbosity)
329	VBoxServiceError("Unable to query token information for PID=%ld, error=%ld\n",
330	pProc->id, dwErr);
331	rc = RTErrConvertFromWin32(dwErr);
332	}
333
334	CloseHandle(h);
335	return rc;
336	}
337
338
339	/**
340	* Enumerate all the processes in the system and get the logon user IDs for
341	* them.
342	*
343	* @returns VBox status code.
344	* @param ppaProcs Where to return the process snapshot. This must be
345	* freed by calling VBoxServiceVMInfoWinProcessesFree.
346	*
347	* @param pcProcs Where to store the returned process count.
348	*/
349	int VBoxServiceVMInfoWinProcessesEnumerate(PVBOXSERVICEVMINFOPROC *ppaProcs, PDWORD pcProcs)
350	{
351	AssertPtr(ppaProcs);
352	AssertPtr(pcProcs);
353
354	/*
355	* Call EnumProcesses with an increasingly larger buffer until it all fits
356	* or we think something is screwed up.
357	*/
358	DWORD cProcesses = 64;
359	PDWORD paPID = NULL;
360	int rc = VINF_SUCCESS;
361	do
362	{
363	/* Allocate / grow the buffer first. */
364	cProcesses *= 2;
365	void pvNew = RTMemRealloc(paPID, cProcesses sizeof(DWORD));
366	if (!pvNew)
367	{
368	rc = VERR_NO_MEMORY;
369	break;
370	}
371	paPID = (PDWORD)pvNew;
372
373	/* Query the processes. Not the cbRet == buffer size means there could be more work to be done. */
374	DWORD cbRet;
375	if (!EnumProcesses(paPID, cProcesses * sizeof(DWORD), &cbRet))
376	{
377	rc = RTErrConvertFromWin32(GetLastError());
378	break;
379	}
380	if (cbRet < cProcesses * sizeof(DWORD))
381	{
382	cProcesses = cbRet / sizeof(DWORD);
383	break;
384	}
385	} while (cProcesses <= _32K); /* Should be enough; see: http://blogs.technet.com/markrussinovich/archive/2009/07/08/3261309.aspx */
386	if (RT_SUCCESS(rc))
387	{
388	/*
389	* Allocate out process structures and fill data into them.
390	* We currently only try lookup their LUID's.
391	*/
392	PVBOXSERVICEVMINFOPROC paProcs;
393	paProcs = (PVBOXSERVICEVMINFOPROC)RTMemAllocZ(cProcesses * sizeof(VBOXSERVICEVMINFOPROC));
394	if (paProcs)
395	{
396	for (DWORD i = 0; i < cProcesses; i++)
397	{
398	paProcs[i].id = paPID[i];
399	rc = VBoxServiceVMInfoWinProcessesGetTokenInfo(&paProcs[i], TokenGroups);
400	if (RT_FAILURE(rc))
401	{
402	/* Because some processes cannot be opened/parsed on
403	Windows, we should not consider to be this an error here. */
404	rc = VINF_SUCCESS;
405	}
406	else
407	{
408	rc = VBoxServiceVMInfoWinProcessesGetTokenInfo(&paProcs[i], TokenStatistics);
409	if (RT_FAILURE(rc))
410	{
411	/* Because some processes cannot be opened/parsed on
412	Windows, we should not consider to be this an error here. */
413	rc = VINF_SUCCESS;
414	}
415	}
416	}
417
418	/* Save number of processes */
419	if (RT_SUCCESS(rc))
420	{
421	*pcProcs = cProcesses;
422	*ppaProcs = paProcs;
423	}
424	else
425	RTMemFree(paProcs);
426	}
427	else
428	rc = VERR_NO_MEMORY;
429	}
430
431	RTMemFree(paPID);
432	return rc;
433	}
434
435	/**
436	* Frees the process structures returned by
437	* VBoxServiceVMInfoWinProcessesEnumerate() before.
438	*
439	* @param paProcs What
440	*/
441	void VBoxServiceVMInfoWinProcessesFree(PVBOXSERVICEVMINFOPROC paProcs)
442	{
443	RTMemFree(paProcs);
444	}
445
446	/**
447	* Determines whether the specified session has processes on the system.
448	*
449	* @returns Number of processes found for a specified session.
450	* @param pSession The session.
451	* @param paProcs The process snapshot.
452	* @param cProcs The number of processes in the snaphot.
453	* @param puSession Looked up session number. Optional.
454	*/
455	uint32_t VBoxServiceVMInfoWinSessionHasProcesses(PLUID pSession,
456	PVBOXSERVICEVMINFOPROC const paProcs, DWORD cProcs,
457	PULONG puSession)
458	{
459	if (!pSession)
460	{
461	VBoxServiceVerbose(1, "Session became invalid while enumerating!\n");
462	return 0;
463	}
464
465	PSECURITY_LOGON_SESSION_DATA pSessionData = NULL;
466	NTSTATUS rcNt = LsaGetLogonSessionData(pSession, &pSessionData);
467	if (rcNt != STATUS_SUCCESS)
468	{
469	VBoxServiceError("Could not get logon session data! rcNt=%#x", rcNt);
470	return 0;
471	}
472
473	/*
474	* Even if a user seems to be logged in, it could be a stale/orphaned logon
475	* session. So check if we have some processes bound to it by comparing the
476	* session <-> process LUIDs.
477	*/
478	uint32_t cNumProcs = 0;
479	for (DWORD i = 0; i < cProcs; i++)
480	{
481	VBoxServiceVerbose(4, "PID=%ld: (Interactive: %RTbool) %ld:%ld <-> %ld:%ld\n",
482	paProcs[i].id, paProcs[i].fInteractive,
483	paProcs[i].luid.HighPart, paProcs[i].luid.LowPart,
484	pSessionData->LogonId.HighPart, pSessionData->LogonId.LowPart);
485	if (g_cVerbosity)
486	{
487	TCHAR szModule[_1K];
488	int rc2 = VBoxServiceVMInfoWinProcessesGetModuleName(&paProcs[i], szModule, sizeof(szModule));
489	if (RT_SUCCESS(rc2))
490	VBoxServiceVerbose(4, "PID=%ld: %s\n",
491	paProcs[i].id, szModule);
492	}
493
494	if ( paProcs[i].fInteractive
495	&& ( paProcs[i].luid.HighPart == pSessionData->LogonId.HighPart
496	&& paProcs[i].luid.LowPart == pSessionData->LogonId.LowPart))
497	{
498	cNumProcs++;
499	if (!g_cVerbosity) /* We want a bit more info on higher verbosity. */
500	break;
501	}
502	}
503
504	if (g_cVerbosity)
505	VBoxServiceVerbose(3, "Session %u has %u processes total\n",
506	pSessionData->Session, cNumProcs);
507	else
508	VBoxServiceVerbose(3, "Session %u has at least one process\n",
509	pSessionData->Session);
510
511	if (puSession)
512	*puSession = pSessionData->Session;
513
514	LsaFreeReturnBuffer(pSessionData);
515	return cNumProcs;
516	}
517
518
519	/**
520	* Save and noisy string copy.
521	*
522	* @param pwszDst Destination buffer.
523	* @param cbDst Size in bytes - not WCHAR count!
524	* @param pSrc Source string.
525	* @param pszWhat What this is. For the log.
526	*/
527	static void VBoxServiceVMInfoWinSafeCopy(PWCHAR pwszDst, size_t cbDst, LSA_UNICODE_STRING const pSrc, const char pszWhat)
528	{
529	Assert(RT_ALIGN(cbDst, sizeof(WCHAR)) == cbDst);
530
531	size_t cbCopy = pSrc->Length;
532	if (cbCopy + sizeof(WCHAR) > cbDst)
533	{
534	VBoxServiceVerbose(0, "%s is too long - %u bytes, buffer %u bytes! It will be truncated.\n",
535	pszWhat, cbCopy, cbDst);
536	cbCopy = cbDst - sizeof(WCHAR);
537	}
538	if (cbCopy)
539	memcpy(pwszDst, pSrc->Buffer, cbCopy);
540	pwszDst[cbCopy / sizeof(WCHAR)] = '\0';
541	}
542
543
544	/**
545	* Detects whether a user is logged on.
546	*
547	* @returns true if logged in, false if not (or error).
548	* @param pUserInfo Where to return the user information.
549	* @param pSession The session to check.
550	*/
551	bool VBoxServiceVMInfoWinIsLoggedIn(PVBOXSERVICEVMINFOUSER pUserInfo, PLUID pSession)
552	{
553	AssertPtrReturn(pUserInfo, false);
554	if (!pSession)
555	return false;
556
557	PSECURITY_LOGON_SESSION_DATA pSessionData = NULL;
558	NTSTATUS rcNt = LsaGetLogonSessionData(pSession, &pSessionData);
559	if (rcNt != STATUS_SUCCESS)
560	{
561	ULONG ulError = LsaNtStatusToWinError(rcNt);
562	switch (ulError)
563	{
564	case ERROR_NOT_ENOUGH_MEMORY:
565	/* If we don't have enough memory it's hard to judge whether the specified user
566	* is logged in or not, so just assume he/she's not. */
567	VBoxServiceVerbose(3, "Not enough memory to retrieve logon session data!\n");
568	break;
569
570	case ERROR_NO_SUCH_LOGON_SESSION:
571	/* Skip session data which is not valid anymore because it may have been
572	* already terminated. */
573	break;
574
575	default:
576	VBoxServiceError("LsaGetLogonSessionData failed with error %u\n", ulError);
577	break;
578	}
579	if (pSessionData)
580	LsaFreeReturnBuffer(pSessionData);
581	return false;
582	}
583	if (!pSessionData)
584	{
585	VBoxServiceError("Invalid logon session data!\n");
586	return false;
587	}
588
589	/*
590	* Only handle users which can login interactively or logged in
591	* remotely over native RDP.
592	*/
593	bool fFoundUser = false;
594	DWORD dwErr = NO_ERROR;
595	if ( IsValidSid(pSessionData->Sid)
596	&& ( (SECURITY_LOGON_TYPE)pSessionData->LogonType == Interactive
597	\|\| (SECURITY_LOGON_TYPE)pSessionData->LogonType == RemoteInteractive))
598	{
599	VBoxServiceVerbose(3, "Session data: Name=%ls, Session=%u, LogonID=%ld,%ld, LogonType=%ld\n",
600	pSessionData->UserName.Buffer,
601	pSessionData->Session,
602	pSessionData->LogonId.HighPart, pSessionData->LogonId.LowPart,
603	pSessionData->LogonType);
604
605	/*
606	* Copy out relevant data.
607	*/
608	VBoxServiceVMInfoWinSafeCopy(pUserInfo->wszUser, sizeof(pUserInfo->wszUser),
609	&pSessionData->UserName, "User name");
610	VBoxServiceVMInfoWinSafeCopy(pUserInfo->wszAuthenticationPackage, sizeof(pUserInfo->wszAuthenticationPackage),
611	&pSessionData->AuthenticationPackage, "Authentication pkg name");
612	VBoxServiceVMInfoWinSafeCopy(pUserInfo->wszLogonDomain, sizeof(pUserInfo->wszLogonDomain),
613	&pSessionData->LogonDomain, "Logon domain name");
614
615	TCHAR szOwnerName[_MAX_PATH] = { 0 };
616	DWORD dwOwnerNameSize = sizeof(szOwnerName);
617	TCHAR szDomainName[_MAX_PATH] = { 0 };
618	DWORD dwDomainNameSize = sizeof(szDomainName);
619	SID_NAME_USE enmOwnerType = SidTypeInvalid;
620	if (!LookupAccountSid(NULL,
621	pSessionData->Sid,
622	szOwnerName,
623	&dwOwnerNameSize,
624	szDomainName,
625	&dwDomainNameSize,
626	&enmOwnerType))
627	{
628	DWORD dwErr = GetLastError();
629	/*
630	* If a network time-out prevents the function from finding the name or
631	* if a SID that does not have a corresponding account name (such as a
632	* logon SID that identifies a logon session), we get ERROR_NONE_MAPPED
633	* here that we just skip.
634	*/
635	if (dwErr != ERROR_NONE_MAPPED)
636	VBoxServiceError("Failed looking up account info for user=%ls, error=$ld!\n",
637	pUserInfo->wszUser, dwErr);
638	}
639	else
640	{
641	if (enmOwnerType == SidTypeUser) /* Only recognize users; we don't care about the rest! */
642	{
643	VBoxServiceVerbose(3, "Account User=%ls, Session=%ld, LogonID=%ld,%ld, AuthPkg=%ls, Domain=%ls\n",
644	pUserInfo->wszUser, pSessionData->Session, pSessionData->LogonId.HighPart,
645	pSessionData->LogonId.LowPart, pUserInfo->wszAuthenticationPackage,
646	pUserInfo->wszLogonDomain);
647
648	/* Detect RDP sessions as well. */
649	LPTSTR pBuffer = NULL;
650	DWORD cbRet = 0;
651	int iState = -1;
652	if (WTSQuerySessionInformation(WTS_CURRENT_SERVER_HANDLE,
653	pSessionData->Session,
654	WTSConnectState,
655	&pBuffer,
656	&cbRet))
657	{
658	if (cbRet)
659	iState = *pBuffer;
660	VBoxServiceVerbose(3, "Account User=%ls, WTSConnectState=%d (%ld)\n",
661	pUserInfo->wszUser, iState, cbRet);
662	if ( iState == WTSActive /* User logged on to WinStation. */
663	\|\| iState == WTSShadow /* Shadowing another WinStation. */
664	\|\| iState == WTSDisconnected) /* WinStation logged on without client. */
665	{
666	/** @todo On Vista and W2K, always "old" user name are still
667	* there. Filter out the old one! */
668	VBoxServiceVerbose(3, "Account User=%ls using TCS/RDP, state=%d \n",
669	pUserInfo->wszUser, iState);
670	fFoundUser = true;
671	}
672	if (pBuffer)
673	WTSFreeMemory(pBuffer);
674	}
675	else
676	{
677	DWORD dwLastErr = GetLastError();
678	switch (dwLastErr)
679	{
680	/*
681	* Terminal services don't run (for example in W2K,
682	* nothing to worry about ...). ... or is on the Vista
683	* fast user switching page!
684	*/
685	case ERROR_CTX_WINSTATION_NOT_FOUND:
686	VBoxServiceVerbose(3, "No WinStation found for user=%ls\n",
687	pUserInfo->wszUser);
688	break;
689
690	default:
691	VBoxServiceVerbose(3, "Cannot query WTS connection state for user=%ls, error=%ld\n",
692	pUserInfo->wszUser, dwLastErr);
693	break;
694	}
695
696	fFoundUser = true;
697	}
698	}
699	}
700
701	VBoxServiceVerbose(3, "Account User=%ls %s logged in\n",
702	pUserInfo->wszUser, fFoundUser ? "is" : "is not");
703	}
704
705	LsaFreeReturnBuffer(pSessionData);
706	return fFoundUser;
707	}
708
709
710	/**
711	* Retrieves the currently logged in users and stores their names along with the
712	* user count.
713	*
714	* @returns VBox status code.
715	* @param ppszUserList Where to store the user list (separated by commas).
716	* Must be freed with RTStrFree().
717	* @param pcUsersInList Where to store the number of users in the list.
718	*/
719	int VBoxServiceVMInfoWinWriteUsers(char *ppszUserList, uint32_t pcUsersInList)
720	{
721	PLUID paSessions = NULL;
722	ULONG cSessions = 0;
723
724	/* This function can report stale or orphaned interactive logon sessions
725	of already logged off users (especially in Windows 2000). */
726	NTSTATUS rcNt = LsaEnumerateLogonSessions(&cSessions, &paSessions);
727	if (rcNt != STATUS_SUCCESS)
728	{
729	ULONG ulError = LsaNtStatusToWinError(rcNt);
730	switch (ulError)
731	{
732	case ERROR_NOT_ENOUGH_MEMORY:
733	VBoxServiceError("Not enough memory to enumerate logon sessions!\n");
734	break;
735
736	case ERROR_SHUTDOWN_IN_PROGRESS:
737	/* If we're about to shutdown when we were in the middle of enumerating the logon
738	* sessions, skip the error to not confuse the user with an unnecessary log message. */
739	VBoxServiceVerbose(3, "Shutdown in progress ...\n");
740	ulError = ERROR_SUCCESS;
741	break;
742
743	default:
744	VBoxServiceError("LsaEnumerate failed with error %u\n", ulError);
745	break;
746	}
747
748	return RTErrConvertFromWin32(ulError);
749	}
750	VBoxServiceVerbose(3, "Found %ld sessions\n", cSessions);
751
752	PVBOXSERVICEVMINFOPROC paProcs;
753	DWORD cProcs;
754	int rc = VBoxServiceVMInfoWinProcessesEnumerate(&paProcs, &cProcs);
755	if (RT_FAILURE(rc))
756	{
757	if (rc == VERR_NO_MEMORY)
758	VBoxServiceError("Not enough memory to enumerate processes\n");
759	else
760	VBoxServiceError("Failed to enumerate processes, rc=%Rrc\n", rc);
761	}
762	else
763	{
764	PVBOXSERVICEVMINFOUSER pUserInfo;
765	pUserInfo = (PVBOXSERVICEVMINFOUSER)RTMemAllocZ(cSessions * sizeof(VBOXSERVICEVMINFOUSER) + 1);
766	if (!pUserInfo)
767	VBoxServiceError("Not enough memory to store enumerated users!\n");
768	else
769	{
770	ULONG cUniqueUsers = 0;
771	for (ULONG i = 0; i < cSessions; i++)
772	{
773	VBOXSERVICEVMINFOUSER UserInfo;
774	if (VBoxServiceVMInfoWinIsLoggedIn(&UserInfo, &paSessions[i]))
775	{
776	VBoxServiceVerbose(4, "Handling user=%ls, domain=%ls, package=%ls\n",
777	UserInfo.wszUser, UserInfo.wszLogonDomain, UserInfo.wszAuthenticationPackage);
778
779	/* Retrieve assigned processes of current session. */
780	ULONG ulSession;
781	uint32_t cSessionProcs = VBoxServiceVMInfoWinSessionHasProcesses(&paSessions[i], paProcs, cProcs, &ulSession);
782	/* Don't return here when current session does not have assigned processes
783	* anymore -- in that case we have to search through the unique users list below
784	* and see if got a stale user/session entry. */
785
786	bool fFoundUser = false;
787	for (ULONG i = 0; i < cUniqueUsers; i++)
788	{
789	if ( !wcscmp(UserInfo.wszUser, pUserInfo[i].wszUser)
790	&& !wcscmp(UserInfo.wszLogonDomain, pUserInfo[i].wszLogonDomain)
791	&& !wcscmp(UserInfo.wszAuthenticationPackage, pUserInfo[i].wszAuthenticationPackage)
792	&& cSessionProcs)
793	{
794	/*
795	* Only respect the highest session for the current user.
796	*/
797	if (ulSession > pUserInfo[i].ulSession)
798	{
799	VBoxServiceVerbose(4, "Updating user=%ls to %u processes (last session: %u)\n",
800	UserInfo.wszUser, cSessionProcs, ulSession);
801
802	pUserInfo[i].ulNumProcs = cSessionProcs;
803	pUserInfo[i].ulSession = ulSession;
804
805	if (!cSessionProcs)
806	VBoxServiceVerbose(3, "Stale session for user=%ls detected! Old processes: %u, new: %u\n",
807	pUserInfo[i].wszUser, pUserInfo[i].ulNumProcs, cSessionProcs);
808	}
809	/* There can be multiple session objects using the same session ID for the
810	* current user -- so when we got the same session again just add the found
811	* processes to it. */
812	else if (pUserInfo[i].ulSession == ulSession)
813	{
814	VBoxServiceVerbose(4, "Adding %u processes to user=%ls (session %u)\n",
815	cSessionProcs, UserInfo.wszUser, ulSession);
816
817	pUserInfo[i].ulNumProcs += cSessionProcs;
818	pUserInfo[i].ulSession = ulSession;
819	}
820
821	fFoundUser = true;
822	break;
823	}
824	}
825
826	if (!fFoundUser)
827	{
828	VBoxServiceVerbose(4, "Adding new user=%ls (session %u) with %u processes\n",
829	UserInfo.wszUser, ulSession, cSessionProcs);
830
831	memcpy(&pUserInfo[cUniqueUsers], &UserInfo, sizeof(VBOXSERVICEVMINFOUSER));
832	pUserInfo[cUniqueUsers].ulNumProcs = cSessionProcs;
833	pUserInfo[cUniqueUsers].ulSession = ulSession;
834	cUniqueUsers++;
835	Assert(cUniqueUsers <= cSessions);
836	}
837	}
838	}
839
840	VBoxServiceVerbose(3, "Found %u unique logged-in user(s)\n",
841	cUniqueUsers);
842
843	*pcUsersInList = 0;
844	for (ULONG i = 0; i < cUniqueUsers; i++)
845	{
846	if (pUserInfo[i].ulNumProcs)
847	{
848	VBoxServiceVerbose(3, "User %ls has %ld processes (session %u)\n",
849	pUserInfo[i].wszUser, pUserInfo[i].ulNumProcs, pUserInfo[i].ulSession);
850
851	if (*pcUsersInList > 0)
852	{
853	rc = RTStrAAppend(ppszUserList, ",");
854	AssertRCBreakStmt(rc, RTStrFree(*ppszUserList));
855	}
856
857	*pcUsersInList += 1;
858
859	char *pszTemp;
860	int rc2 = RTUtf16ToUtf8(pUserInfo[i].wszUser, &pszTemp);
861	if (RT_SUCCESS(rc2))
862	{
863	rc = RTStrAAppend(ppszUserList, pszTemp);
864	RTMemFree(pszTemp);
865	}
866	else
867	rc = RTStrAAppend(ppszUserList, "<string-conversion-error>");
868	AssertRCBreakStmt(rc, RTStrFree(*ppszUserList));
869	}
870	}
871
872	RTMemFree(pUserInfo);
873	}
874	VBoxServiceVMInfoWinProcessesFree(paProcs);
875	}
876	LsaFreeReturnBuffer(paSessions);
877	return rc;
878	}
879
880	#endif /* TARGET_NT4 */
881
882	int VBoxServiceWinGetComponentVersions(uint32_t uClientID)
883	{
884	int rc;
885	char szSysDir[_MAX_PATH] = {0};
886	char szWinDir[_MAX_PATH] = {0};
887	char szDriversDir[_MAX_PATH + 32] = {0};
888
889	/* ASSUME: szSysDir and szWinDir and derivatives are always ASCII compatible. */
890	GetSystemDirectory(szSysDir, _MAX_PATH);
891	GetWindowsDirectory(szWinDir, _MAX_PATH);
892	RTStrPrintf(szDriversDir, sizeof(szDriversDir), "%s\\drivers", szSysDir);
893	#ifdef RT_ARCH_AMD64
894	char szSysWowDir[_MAX_PATH + 32] = {0};
895	RTStrPrintf(szSysWowDir, sizeof(szSysWowDir), "%s\\SysWow64", szWinDir);
896	#endif
897
898	/* The file information table. */
899	#ifndef TARGET_NT4
900	const VBOXSERVICEVMINFOFILE aVBoxFiles[] =
901	{
902	{ szSysDir, "VBoxControl.exe" },
903	{ szSysDir, "VBoxHook.dll" },
904	{ szSysDir, "VBoxDisp.dll" },
905	{ szSysDir, "VBoxMRXNP.dll" },
906	{ szSysDir, "VBoxService.exe" },
907	{ szSysDir, "VBoxTray.exe" },
908	{ szSysDir, "VBoxGINA.dll" },
909	{ szSysDir, "VBoxCredProv.dll" },
910
911	/* On 64-bit we don't yet have the OpenGL DLLs in native format.
912	So just enumerate the 32-bit files in the SYSWOW directory. */
913	# ifdef RT_ARCH_AMD64
914	{ szSysWowDir, "VBoxOGLarrayspu.dll" },
915	{ szSysWowDir, "VBoxOGLcrutil.dll" },
916	{ szSysWowDir, "VBoxOGLerrorspu.dll" },
917	{ szSysWowDir, "VBoxOGLpackspu.dll" },
918	{ szSysWowDir, "VBoxOGLpassthroughspu.dll" },
919	{ szSysWowDir, "VBoxOGLfeedbackspu.dll" },
920	{ szSysWowDir, "VBoxOGL.dll" },
921	# else /* !RT_ARCH_AMD64 */
922	{ szSysDir, "VBoxOGLarrayspu.dll" },
923	{ szSysDir, "VBoxOGLcrutil.dll" },
924	{ szSysDir, "VBoxOGLerrorspu.dll" },
925	{ szSysDir, "VBoxOGLpackspu.dll" },
926	{ szSysDir, "VBoxOGLpassthroughspu.dll" },
927	{ szSysDir, "VBoxOGLfeedbackspu.dll" },
928	{ szSysDir, "VBoxOGL.dll" },
929	# endif /* !RT_ARCH_AMD64 */
930
931	{ szDriversDir, "VBoxGuest.sys" },
932	{ szDriversDir, "VBoxMouse.sys" },
933	{ szDriversDir, "VBoxSF.sys" },
934	{ szDriversDir, "VBoxVideo.sys" },
935	};
936
937	#else /* TARGET_NT4 */
938	const VBOXSERVICEVMINFOFILE aVBoxFiles[] =
939	{
940	{ szSysDir, "VBoxControl.exe" },
941	{ szSysDir, "VBoxHook.dll" },
942	{ szSysDir, "VBoxDisp.dll" },
943	{ szSysDir, "VBoxServiceNT.exe" },
944	{ szSysDir, "VBoxTray.exe" },
945
946	{ szDriversDir, "VBoxGuestNT.sys" },
947	{ szDriversDir, "VBoxMouseNT.sys" },
948	{ szDriversDir, "VBoxVideo.sys" },
949	};
950	#endif /* TARGET_NT4 */
951
952	for (unsigned i = 0; i < RT_ELEMENTS(aVBoxFiles); i++)
953	{
954	char szVer[128];
955	VBoxServiceGetFileVersionString(aVBoxFiles[i].pszFilePath, aVBoxFiles[i].pszFileName, szVer, sizeof(szVer));
956	char szPropPath[256];
957	RTStrPrintf(szPropPath, sizeof(szPropPath), "/VirtualBox/GuestAdd/Components/%s", aVBoxFiles[i].pszFileName);
958	rc = VBoxServiceWritePropF(uClientID, szPropPath, "%s", szVer);
959	}
960
961	return VINF_SUCCESS;
962	}
963

Note: See TracBrowser for help on using the repository browser.

source: vbox/trunk/src/VBox/Additions/common/VBoxService/VBoxServiceVMInfo-win.cpp@ 40363

Download in other formats: