//Copyright (c) Microsoft Corporation. All rights reserved.
#include <Windows.h>
#include <TChar.h>
#include <MsgFile.h>
#include <TelnetD.h>
#include <RegUtil.h>
#include <TlntUtils.h>
#include <Debug.h>
#include <KillApps.h>
#include <psapi.h>
#pragma warning(disable:4100)
#pragma warning(disable: 4127)
using namespace _Utils;
using CDebugLevel::TRACE_DEBUGGING;
using CDebugLevel::TRACE_HANDLE;
using CDebugLevel::TRACE_SOCKET;
#define DOWN_WITH_AUTHORITY {0, 0, 0, 0, 0x6, 0x66} // s-1-666
#define DEMONS 1
PSID g_psidBgJobGroup = NULL;
DWORD g_dwKillAllApps = DEFAULT_DISCONNECT_KILLALL_APPS;
extern HANDLE g_hSyncCloseHandle;
bool CreateBgjobSpecificSid()
{
SID_IDENTIFIER_AUTHORITY AnarchyAuthority = DOWN_WITH_AUTHORITY;
if( !AllocateAndInitializeSid( &AnarchyAuthority, 1, DEMONS,
0, 0, 0, 0, 0, 0, 0, &g_psidBgJobGroup ) )
{
return false;
}
return true;
}
bool IsAclAddedByBgJobPresent( PACL pAcl )
{
ACCESS_DENIED_ACE *pAce = NULL;
WORD wIndex = 0;
for( wIndex=0; wIndex<pAcl->AceCount; wIndex++ )
{
if( GetAce( pAcl, wIndex, ( PVOID * )&pAce ) )
{
if( EqualSid( g_psidBgJobGroup, &( pAce->SidStart ) ) )
{
return true;
}
}
}
return false;
}
//We check if this process's DACL has an ACE added by the BgJob
//ACE is generated from a SID know both to the BgJob and tlntsess.exe
bool IsThisProcessLaunchedFromBgJob( HANDLE hToken )
{
DWORD dwLength = 0;
TOKEN_DEFAULT_DACL *ptdDacl = NULL;
if( g_dwKillAllApps )
{
return false;
}
// Get required buffer size and allocate the Default Dacl buffer.
if (!GetTokenInformation( hToken, TokenDefaultDacl, NULL, 0, &dwLength ) )
{
if(GetLastError() != ERROR_INSUFFICIENT_BUFFER )
return false;
ptdDacl = ( TOKEN_DEFAULT_DACL * ) HeapAlloc( GetProcessHeap(), HEAP_ZERO_MEMORY, dwLength);
}
if ( ptdDacl == NULL)
{
return false;
}
if ( GetTokenInformation( hToken, TokenDefaultDacl, ptdDacl, dwLength, &dwLength ) )
{
if( ptdDacl && IsAclAddedByBgJobPresent( ptdDacl->DefaultDacl ) )
{
HeapFree( GetProcessHeap(), 0,ptdDacl );
return ( true );
}
}
HeapFree( GetProcessHeap(), 0,ptdDacl );
return( false );
}
void EnumSessionProcesses( LUID id, void fPtr ( HANDLE, DWORD, LPWSTR ),
ENUM_PURPOSE epWhyEnumerate )
{
DWORD rgdwPids[ MAX_PROCESSES_IN_SYSTEM ];
DWORD dwActualSizeInBytes = 0;
DWORD dwActualNoOfPids = 0;
DWORD dwIndex = 0;
HANDLE hProc = NULL;
HANDLE hAccessToken = NULL;
LUID luidID;
EnableDebugPriv();
EnumProcesses( rgdwPids, MAX_PROCESSES_IN_SYSTEM, &dwActualSizeInBytes );
dwActualNoOfPids = dwActualSizeInBytes / sizeof( DWORD );
for( dwIndex = 0; dwIndex < dwActualNoOfPids; dwIndex++ )
{
SfuZeroMemory( &luidID, sizeof( luidID ) );
hProc = OpenProcess( PROCESS_ALL_ACCESS, FALSE, rgdwPids[ dwIndex ] );
if( hProc )
{
if( OpenProcessToken( hProc, TOKEN_QUERY, &hAccessToken ))
{
if( GetAuthenticationId( hAccessToken, &luidID ) )
{
if( id.HighPart == luidID.HighPart&&
id.LowPart == luidID.LowPart )
{
//this process belongs to our session
if( epWhyEnumerate != TO_CLEANUP ||
!IsThisProcessLaunchedFromBgJob( hAccessToken ) )
{
LPTSTR lpszProcessName = NULL;
( fPtr )( hProc, rgdwPids[ dwIndex ], lpszProcessName );
_TRACE( TRACE_DEBUGGING, " pid = %d ", rgdwPids[ dwIndex ] );
}
}
}
TELNET_CLOSE_HANDLE( hAccessToken );
}
TELNET_CLOSE_HANDLE( hProc );
}
}
}
BOOL EnableDebugPriv( VOID )
{
HANDLE hToken;
LUID DebugValue;
TOKEN_PRIVILEGES tkp;
//
// Retrieve a handle of the access token
//
if (!OpenProcessToken(GetCurrentProcess(),
TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY,
&hToken))
{
// printf("OpenProcessToken failed with %d\n", GetLastError());
return FALSE;
}
//
// Enable the SE_DEBUG_NAME privilege or disable
// all privileges, depending on the fEnable flag.
//
if (!LookupPrivilegeValue((LPTSTR) NULL,
SE_DEBUG_NAME,
&DebugValue))
{
TELNET_CLOSE_HANDLE( hToken );
// printf("LookupPrivilegeValue failed with %d\n", GetLastError());
return FALSE;
}
tkp.PrivilegeCount = 1;
tkp.Privileges[0].Luid = DebugValue;
tkp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
if (!AdjustTokenPrivileges(
hToken,
FALSE,
&tkp,
sizeof(TOKEN_PRIVILEGES),
(PTOKEN_PRIVILEGES) NULL,
(PDWORD) NULL))
{
TELNET_CLOSE_HANDLE( hToken );
// printf("AdjustTokenPrivileges failed with %d\n", GetLastError());
return FALSE;
}
TELNET_CLOSE_HANDLE( hToken );
return TRUE;
}
BOOL GetAuthenticationId( HANDLE hToken, LUID* pId )
{
BOOL bSuccess = FALSE;
DWORD dwLength = 0;
PTOKEN_STATISTICS pts = NULL;
// Get required buffer size and allocate the TOKEN_GROUPS buffer.
if (!GetTokenInformation( hToken, TokenStatistics, (LPVOID) pts, 0,
&dwLength ))
{
if(GetLastError() != ERROR_INSUFFICIENT_BUFFER )
goto Cleanup;
pts = (PTOKEN_STATISTICS) VirtualAlloc(NULL,dwLength,
MEM_COMMIT, PAGE_READWRITE);
}
if( pts == NULL )
goto Cleanup;
// Get the token group information from the access token.
if( !GetTokenInformation( hToken, TokenStatistics, (LPVOID) pts, dwLength,
&dwLength ))
goto Cleanup;
*pId = pts->AuthenticationId;
bSuccess = TRUE;
Cleanup:
// Free the buffer for the token groups.
if( pts != NULL )
VirtualFree( pts, 0, MEM_RELEASE );
return bSuccess;
}
void KillTheProcess( HANDLE hProc, DWORD dwProcessId, LPWSTR lpszProcessName )
{
TerminateProcess( hProc, 1 );
return;
}
bool GetRegValues()
{
HKEY hk = NULL;
bool bRetVal = false;
if( RegOpenKey( HKEY_LOCAL_MACHINE, REG_PARAMS_KEY, &hk ) )
{
goto ExitOnError;
}
if( !GetRegistryDW( hk, NULL, L"DisconnectKillAllApps", &g_dwKillAllApps,
DEFAULT_DISCONNECT_KILLALL_APPS,FALSE ) )
{
goto ExitOnError;
}
bRetVal = true;
ExitOnError:
RegCloseKey( hk );
return ( bRetVal );
}
BOOL KillProcs( LUID id )
{
GetRegValues();
CreateBgjobSpecificSid();
EnumSessionProcesses( id, KillTheProcess, TO_CLEANUP );
FreeSid( g_psidBgJobGroup );
return TRUE;
}