/**************************** Module Header ********************************\
* Module Name: exitwin.c
*
* Copyright (c) 1985 - 1999, Microsoft Corporation
*
* History:
* 07-23-92 ScottLu      Created.
\***************************************************************************/

#include "precomp.h"
#pragma hdrstop

#define OPTIONMASK (EWX_SHUTDOWN | EWX_REBOOT | EWX_FORCE)

/*
 * Globals local to this file only
 */
PWINDOWSTATION  gpwinstaLogoff;
DWORD           gdwLocks;
DWORD           gdwShutdownFlags;
HANDLE          gpidEndSession;

#ifdef PRERELEASE
DWORD gdwllParamCopy, gdwStatusCopy, gdwFlagsCopy;
BOOL  gfNotifiedCopy;
#endif // PRERELEASE

/*
 * Called by ExitWindowsEx() to check whether the thread is permitted to logoff.
 * If it is, and this is WinLogon calling, then also save any of the user's
 * setting that have not yet been stored in the profile.
 */
BOOL PrepareForLogoff(
    UINT uFlags)
{
    PTHREADINFO ptiCurrent = PtiCurrent();

    CheckCritIn();

    if (ptiCurrent->TIF_flags & TIF_RESTRICTED) {
        PW32JOB pW32Job;

        pW32Job = ptiCurrent->ppi->pW32Job;

        UserAssert(pW32Job != NULL);

        if (pW32Job->restrictions & JOB_OBJECT_UILIMIT_EXITWINDOWS) {
            // Not permitted to ExitWindows.
            return FALSE;
        }
    }

    /*
     * There are no restrictions, or the restriction do not deny shutdown:
     * The caller is about to ExitWindowsEx via CSR, so save the volatile
     * elements of the User preferences in their profile
     */
    if (PsGetThreadProcessId(ptiCurrent->pEThread) == gpidLogon) {
        /*
         * Save the current user's NumLock state
         */
        TL tlName;
        PUNICODE_STRING pProfileUserName = CreateProfileUserName(&tlName);
        RegisterPerUserKeyboardIndicators(pProfileUserName);
        FreeProfileUserName(pProfileUserName, &tlName);
    }

    return TRUE;
    UNREFERENCED_PARAMETER(uFlags);
}


BOOL NotifyLogon(
    PWINDOWSTATION pwinsta,
    PLUID pluidCaller,
    DWORD dwFlags,
    NTSTATUS StatusCode)
{
    BOOL fNotified = FALSE;
    DWORD dwllParam;
    DWORD dwStatus;

    if (!(dwFlags & EWX_NONOTIFY)) {

        if (dwFlags & EWX_CANCELED) {
            dwllParam = LOGON_LOGOFFCANCELED;
            dwStatus = StatusCode;
        } else {
            dwllParam = LOGON_LOGOFF;
            dwStatus = dwFlags;
        }

        if (dwFlags & EWX_SHUTDOWN) {
            /*
             * Post the message to the global logon notify window
             */
            if (gspwndLogonNotify != NULL) {
                _PostMessage(gspwndLogonNotify, WM_LOGONNOTIFY,
                             dwllParam, (LONG)dwStatus);
                fNotified = TRUE;
            }
        } else {
            if (gspwndLogonNotify != NULL &&
                    (RtlEqualLuid(&pwinsta->luidUser, pluidCaller) ||
                     RtlEqualLuid(&luidSystem, pluidCaller))) {
                _PostMessage(gspwndLogonNotify, WM_LOGONNOTIFY, dwllParam,
                        (LONG)dwStatus);
                fNotified = TRUE;
            }
        }
    }

#ifdef PRERELEASE
    /*
     * Remember what these were for debugging purposes.
     */
    gdwllParamCopy = dwllParam;
    gdwFlagsCopy   = dwFlags;
    gdwStatusCopy  = dwStatus;
    gfNotifiedCopy = fNotified;
#endif // PRERELEASE

    return fNotified;
}

NTSTATUS InitiateShutdown(
    PETHREAD Thread,
    PULONG lpdwFlags)
{
    static PRIVILEGE_SET psShutdown = {
        1, PRIVILEGE_SET_ALL_NECESSARY, { SE_SHUTDOWN_PRIVILEGE, 0 }
    };
    PEPROCESS Process;
    LUID luidCaller;
    PPROCESSINFO ppi;
    PWINDOWSTATION pwinsta;
    HWINSTA hwinsta;
    PTHREADINFO ptiClient;
    NTSTATUS Status;
    DWORD dwFlags;

    /*
     * Find out the callers sid. Only want to shutdown processes in the
     * callers sid.
     */
    Process = PsGetThreadProcess(Thread);
    ptiClient = PtiFromThread(Thread);
    Status = GetProcessLuid(Thread, &luidCaller);

    if (!NT_SUCCESS(Status)) {
        return Status;
    }

    /*
     * Set the system flag if the caller is a system process.
     * Winlogon uses this to determine in which context to perform
     * a shutdown operation.
     */
    dwFlags = *lpdwFlags;
    if (RtlEqualLuid(&luidCaller, &luidSystem)) {
        dwFlags |= EWX_SYSTEM_CALLER;
    } else {
        dwFlags &= ~EWX_SYSTEM_CALLER;
    }

    /*
     * Find a windowstation.  If the process does not have one
     * assigned, use the standard one.
     */
    ppi = PpiFromProcess(Process);
    if (ppi == NULL) {
        /*
         * We ran into a case where the thread was terminated and had already
         * been cleaned up by USER.  Thus, the ppi and ptiClient was NULL.
         */
        return STATUS_INVALID_HANDLE;
    }
    pwinsta = ppi->rpwinsta;
    hwinsta = ppi->hwinsta;
    /*
     * If we're not being called by Winlogon, validate the call and
     * notify the logon process to do the actual shutdown.
     */
    if (PsGetThreadProcessId(Thread) != gpidLogon) {
        dwFlags &= ~EWX_WINLOGON_CALLER;
        *lpdwFlags = dwFlags;

        if (pwinsta == NULL) {
#ifndef LATER
            return STATUS_INVALID_HANDLE;
#else
            hwinsta = ppi->pOpenObjectTable[HI_WINDOWSTATION].h;
            if (hwinsta == NULL) {
                return STATUS_INVALID_HANDLE;
            }
            pwinsta = (PWINDOWSTATION)ppi->pOpenObjectTable[HI_WINDOWSTATION].phead;
#endif
        }

        /*
         * Check security first - does this thread have access?
         */
        if (!RtlAreAllAccessesGranted(ppi->amwinsta, WINSTA_EXITWINDOWS)) {
            return STATUS_ACCESS_DENIED;
        }

        /*
         * If the client requested shutdown, reboot, or poweroff they must have
         * the shutdown privilege.
         */
        if (dwFlags & EWX_SHUTDOWN) {
            if (!IsPrivileged(&psShutdown) ) {
                return STATUS_PRIVILEGE_NOT_HELD;
            }
        } else {

            /*
             * If this is a non-IO windowstation and we are not shutting down,
             * fail the call.
             */
            if (pwinsta->dwWSF_Flags & WSF_NOIO) {
                return STATUS_INVALID_DEVICE_REQUEST;
            }
        }
    }

    /*
     * Is there a shutdown already in progress?
     */
    if (gdwThreadEndSession != 0) {
        DWORD dwNew;

        /*
         * If the current shutdown in another sid and is not being done by
         * winlogon, override it.
         */
        if (!RtlEqualLuid(&luidCaller, &gpwinstaLogoff->luidEndSession) &&
                (gpidEndSession != gpidLogon)) {
            return STATUS_RETRY;
        }

        /*
         * Calculate new flags
         */
        dwNew = dwFlags & OPTIONMASK & (~gdwShutdownFlags);

        /*
         * Should we override the other shutdown?  Make sure
         * winlogon does not recurse.
         */
        if (dwNew && HandleToUlong(PsGetCurrentThreadId()) !=
                gdwThreadEndSession) {
            /*
             * Only one windowstation can be logged off at a time.
             */
            if (!(dwFlags & EWX_SHUTDOWN) &&
                    pwinsta != gpwinstaLogoff) {
                return STATUS_DEVICE_BUSY;
            }

            /*
             * Set the new flags
             */
            gdwShutdownFlags = dwFlags;

            if (dwNew & EWX_FORCE) {
                return STATUS_RETRY;
            } else {
                return STATUS_PENDING;
            }
        } else {
            /*
             * Don't override
             */
            return STATUS_PENDING;
        }
    }

    /*
     * If the caller is not winlogon, signal winlogon to start
     * the real shutdown.
     */
    if (PsGetThreadProcessId(Thread) != gpidLogon) {
        if (dwFlags & EWX_NOTIFY) {
            if (ptiClient && ptiClient->TIF_flags & TIF_16BIT)
                gptiShutdownNotify = ptiClient;
            dwFlags &= ~EWX_NOTIFY;
            *lpdwFlags = dwFlags;
        }

        if (NotifyLogon(pwinsta, &luidCaller, dwFlags, STATUS_SUCCESS))
            return STATUS_PENDING;
        else if (ptiClient && ptiClient->cWindows)
            return STATUS_CANT_WAIT;
    }

    /*
     * Mark this thread as the one that is currently processing
     * exit windows, and set the global saying someone is exiting
     */
    dwFlags |= EWX_WINLOGON_CALLER;
    *lpdwFlags = dwFlags;
    gdwShutdownFlags = dwFlags;

    gdwThreadEndSession = HandleToUlong(PsGetCurrentThreadId());
    SETSYSMETBOOL(SHUTTINGDOWN, TRUE);
    gpidEndSession = PsGetCurrentThreadProcessId();
    gpwinstaLogoff = pwinsta;
    pwinsta->luidEndSession = luidCaller;

    /*
     * Lock the windowstation to prevent apps from starting
     * while we're doing shutdown processing.
     */
    gdwLocks = pwinsta->dwWSF_Flags & (WSF_SWITCHLOCK | WSF_OPENLOCK);
    pwinsta->dwWSF_Flags |= (WSF_OPENLOCK | WSF_SHUTDOWN);

    /*
     * Set the flag WSF_REALSHUTDOWN if we are not doing just a
     * logoff
     */
    if (dwFlags &
        (EWX_WINLOGON_OLD_SHUTDOWN | EWX_WINLOGON_OLD_REBOOT |
         EWX_SHUTDOWN | EWX_REBOOT)) {

        pwinsta->dwWSF_Flags |= WSF_REALSHUTDOWN;
    }

    return STATUS_SUCCESS;
}

NTSTATUS EndShutdown(
    PETHREAD Thread,
    NTSTATUS StatusShutdown)
{
    PWINDOWSTATION pwinsta = gpwinstaLogoff;
    PDESKTOP pdesk;
    LUID luidCaller;
    UserAssert(gpwinstaLogoff);

    gpwinstaLogoff = NULL;
    gpidEndSession = NULL;
    gdwThreadEndSession = 0;
    SETSYSMETBOOL(SHUTTINGDOWN, FALSE);
    pwinsta->dwWSF_Flags &= ~WSF_SHUTDOWN;

    if (!NT_SUCCESS(GetProcessLuid(Thread, &luidCaller))) {
        luidCaller = RtlConvertUlongToLuid(0);     // null luid
    }

    if (!NT_SUCCESS(StatusShutdown)) {

        /*
         * We need to notify the process that called ExitWindows that
         * the logoff was aborted.
         */
        if (gptiShutdownNotify) {
            _PostThreadMessage(gptiShutdownNotify, WM_ENDSESSION, FALSE, 0);
            gptiShutdownNotify = NULL;
        }

        /*
         * Reset the windowstation lock flags so apps can start
         * again.
         */
        pwinsta->dwWSF_Flags =
                (pwinsta->dwWSF_Flags & ~WSF_OPENLOCK) |
                gdwLocks;

        /*
         * Bug 294204 - joejo
         * Tell winlogon that we we cancelled shutdown/logoff.
         */
        NotifyLogon(pwinsta, &luidCaller, gdwShutdownFlags | EWX_CANCELED, StatusShutdown);

        return STATUS_SUCCESS;
    }

    gptiShutdownNotify = NULL;

    /*
     * If logoff is occuring for the user set by winlogon, perform
     * the normal logoff cleanup.  Otherwise, clear the open lock
     * and continue.
     */
    if (((pwinsta->luidUser.LowPart != 0) || (pwinsta->luidUser.HighPart != 0)) &&
            RtlEqualLuid(&pwinsta->luidUser, &luidCaller)) {

        /*
         * Zero out the free blocks in all desktop heaps.
         */
        for (pdesk = pwinsta->rpdeskList; pdesk != NULL; pdesk = pdesk->rpdeskNext) {
            RtlZeroHeap(Win32HeapGetHandle(pdesk->pheapDesktop), 0);
        }

        /*
         * Logoff/shutdown was successful. In case this is a logoff, remove
         * everything from the clipboard so the next logged on user can't get
         * at this stuff.
         */
        ForceEmptyClipboard(pwinsta);

        /*
         * Destroy all non-pinned atoms in the global atom table.  User can't
         * create pinned atoms.  Currently only the OLE atoms are pinned.
         */
        RtlEmptyAtomTable(pwinsta->pGlobalAtomTable, FALSE);

        // this code path is hit only on logoff and also on shutdown
        // We do not want to unload fonts twice when we attempt shutdown
        // so we mark that the fonts have been unloaded at a logoff time

        if (TEST_PUDF(PUDF_FONTSARELOADED)) {
            LeaveCrit();
            GreRemoveAllButPermanentFonts();
            EnterCrit();
            CLEAR_PUDF(PUDF_FONTSARELOADED);
        }
    } else {
        pwinsta->dwWSF_Flags &= ~WSF_OPENLOCK;
    }

    /*
     * Tell winlogon that we successfully shutdown/logged off.
     */
    NotifyLogon(pwinsta, &luidCaller, gdwShutdownFlags, STATUS_SUCCESS);

    return STATUS_SUCCESS;
}

/***************************************************************************\
* xxxClientShutdown2
*
* Called by xxxClientShutdown
\***************************************************************************/

LONG xxxClientShutdown2(
    PBWL pbwl,
    UINT msg,
    WPARAM wParam)
{
    HWND *phwnd;
    PWND pwnd;
    TL tlpwnd;
    BOOL fEnd;
    PTHREADINFO ptiCurrent = PtiCurrent();
    BOOL fDestroyTimers;
    LPARAM lParam;

    /*
     * Make sure we don't send this window any more WM_TIMER
     * messages if the session is ending. This was causing
     * AfterDark to fault when it freed some memory on the
     * WM_ENDSESSION and then tried to reference it on the
     * WM_TIMER.
     * LATER GerardoB: Do we still need to do this??
     * Do this horrible thing only if the process is in the
     * context being logged off.
     * Perhaps someday we should post a WM_CLOSE so the app
     * gets a better chance to clean up (if this process is in
     * the context being logged off, winsrv is going to call
     * TerminateProcess soon after this).
     */
     fDestroyTimers = (wParam & WMCS_EXIT) && (wParam & WMCS_CONTEXTLOGOFF);

     /*
      * fLogOff and fEndSession parameters (WM_ENDSESSION only)
      */
     lParam = wParam & ENDSESSION_LOGOFF;
     wParam &= WMCS_EXIT;

    /*
     * Now enumerate these windows and send the WM_QUERYENDSESSION or
     * WM_ENDSESSION messages.
     */
    for (phwnd = pbwl->rghwnd; *phwnd != (HWND)1; phwnd++) {
        if ((pwnd = RevalidateHwnd(*phwnd)) == NULL)
            continue;

        ThreadLockAlways(pwnd, &tlpwnd);

        /*
         * Send the message.
         */
        switch (msg) {
        case WM_QUERYENDSESSION:

            /*
             * Windows does not send the WM_QUERYENDSESSION to the app
             * that called ExitWindows
             */
            if (ptiCurrent == gptiShutdownNotify) {
                fEnd = TRUE;
            } else {
                fEnd = (xxxSendMessage(pwnd, WM_QUERYENDSESSION, FALSE, lParam) != 0);
                if (!fEnd) {
                    RIPMSG2(RIP_WARNING, "xxxClientShutdown2: pwnd:%p canceled shutdown. lParam:%p",
                            pwnd, lParam);
                }
            }
            break;

        case WM_ENDSESSION:
            xxxSendMessage(pwnd, WM_ENDSESSION, wParam, lParam);
            fEnd = TRUE;

            if (fDestroyTimers) {
                DestroyWindowsTimers(pwnd);
            }

            break;
        }

        ThreadUnlock(&tlpwnd);

        if (!fEnd)
            return WMCSR_CANCEL;
    }

    return WMCSR_ALLOWSHUTDOWN;
}
/***************************************************************************\
* xxxClientShutdown
*
* This is the processing that occurs when an application receives a
* WM_CLIENTSHUTDOWN message.
*
* 10-01-92 ScottLu      Created.
\***************************************************************************/
LONG xxxClientShutdown(
    PWND pwnd,
    WPARAM wParam)
{
    PBWL pbwl;
    PTHREADINFO ptiT;
    LONG lRet;

    /*
     * Build a list of windows first.
     */
    ptiT = GETPTI(pwnd);

    if ((pbwl = BuildHwndList(ptiT->rpdesk->pDeskInfo->spwnd->spwndChild,
            BWL_ENUMLIST, ptiT)) == NULL) {
        /*
         * Can't allocate memory to notify this thread's windows of shutdown.
         * Can't do more than kill the app
         */
        return WMCSR_ALLOWSHUTDOWN;
    }

    if (wParam & WMCS_QUERYEND) {
        lRet = xxxClientShutdown2(pbwl, WM_QUERYENDSESSION, wParam);
    } else {
        xxxClientShutdown2(pbwl, WM_ENDSESSION, wParam);
        lRet = WMCSR_DONE;
    }

    FreeHwndList(pbwl);
    return lRet;
}

/***************************************************************************\
* xxxRegisterUserHungAppHandlers
*
* This routine simply records the WOW callback address for notification of
* "hung" wow apps.
*
* History:
* 01-Apr-1992 jonpa      Created.
* Added saving and duping of wowexc event handle
\***************************************************************************/

BOOL xxxRegisterUserHungAppHandlers(
    PFNW32ET pfnW32EndTask,
    HANDLE   hEventWowExec)
{
    BOOL   bRetVal;
    PPROCESSINFO    ppi;
    PWOWPROCESSINFO pwpi;

    //
    //  Allocate the per wow process info stuff
    //  ensuring the memory is Zero init.
    //
    pwpi = (PWOWPROCESSINFO) UserAllocPoolWithQuotaZInit(
            sizeof(WOWPROCESSINFO), TAG_WOWPROCESSINFO);

    if (!pwpi)
        return FALSE;

    //
    // Reference the WowExec event for kernel access
    //
    bRetVal = NT_SUCCESS(ObReferenceObjectByHandle(
                 hEventWowExec,
                 EVENT_ALL_ACCESS,
                 *ExEventObjectType,
                 UserMode,
                 &pwpi->pEventWowExec,
                 NULL
                 ));

    //
    //  if sucess then intialize the pwpi, ppi structs
    //  else free allocated memory
    //
    if (bRetVal) {
        pwpi->hEventWowExecClient = hEventWowExec;
        pwpi->lpfnWowExitTask = pfnW32EndTask;
        ppi = PpiCurrent();
        ppi->pwpi = pwpi;

        // add to the list, order doesn't matter
        pwpi->pwpiNext = gpwpiFirstWow;
        gpwpiFirstWow  = pwpi;

        }
    else {
        UserFreePool(pwpi);
        }

   return bRetVal;
}