VirtualBox

source: vbox/trunk/src/VBox/Additions/common/VBoxService/VBoxServiceVMInfo-win.cpp@ 41943

Last change on this file since 41943 was 40445, checked in by vboxsync, 13 years ago

VBoxService/VMInfo-win: Don't skip CachedInteractive sessions, be more verbose on why certain sessions were skipped.

  • Property svn:eol-style set to native
  • Property svn:keywords set to Author Date Id Revision
File size: 37.1 KB
Line 
1/* $Id: VBoxServiceVMInfo-win.cpp 40445 2012-03-13 14:34:27Z vboxsync $ */
2/** @file
3 * VBoxService - Virtual Machine Information for the Host, Windows specifics.
4 */
5
6/*
7 * Copyright (C) 2009-2010 Oracle Corporation
8 *
9 * This file is part of VirtualBox Open Source Edition (OSE), as
10 * available from http://www.virtualbox.org. This file is free software;
11 * you can redistribute it and/or modify it under the terms of the GNU
12 * General Public License (GPL) as published by the Free Software
13 * Foundation, in version 2 as it comes in the "COPYING" file of the
14 * VirtualBox OSE distribution. VirtualBox OSE is distributed in the
15 * hope that it will be useful, but WITHOUT ANY WARRANTY of any kind.
16 */
17
18
19/*******************************************************************************
20* Header Files *
21*******************************************************************************/
22#if defined(_WIN32_WINNT) && _WIN32_WINNT < 0x0502
23# undef _WIN32_WINNT
24# define _WIN32_WINNT 0x0502 /* CachedRemoteInteractive in recent SDKs. */
25#endif
26#include <Windows.h>
27#include <wtsapi32.h> /* For WTS* calls. */
28#include <psapi.h> /* EnumProcesses. */
29#include <Ntsecapi.h> /* Needed for process security information. */
30
31#include <iprt/assert.h>
32#include <iprt/ldr.h>
33#include <iprt/mem.h>
34#include <iprt/thread.h>
35#include <iprt/string.h>
36#include <iprt/semaphore.h>
37#include <iprt/system.h>
38#include <iprt/time.h>
39#include <VBox/VBoxGuestLib.h>
40#include "VBoxServiceInternal.h"
41#include "VBoxServiceUtils.h"
42
43
44/*******************************************************************************
45* Structures and Typedefs *
46*******************************************************************************/
47/** Structure for storing the looked up user information. */
48typedef struct
49{
50 WCHAR wszUser[_MAX_PATH];
51 WCHAR wszAuthenticationPackage[_MAX_PATH];
52 WCHAR wszLogonDomain[_MAX_PATH];
53 /** Number of assigned user processes. */
54 ULONG ulNumProcs;
55 /** Last (highest) session number. This
56 * is needed for distinguishing old session
57 * process counts from new (current) session
58 * ones. */
59 ULONG ulSession;
60} VBOXSERVICEVMINFOUSER, *PVBOXSERVICEVMINFOUSER;
61
62/** Structure for the file information lookup. */
63typedef struct
64{
65 char *pszFilePath;
66 char *pszFileName;
67} VBOXSERVICEVMINFOFILE, *PVBOXSERVICEVMINFOFILE;
68
69/** Structure for process information lookup. */
70typedef struct
71{
72 /** The PID. */
73 DWORD id;
74 /** The LUID. */
75 LUID luid;
76 /** Interactive process. */
77 bool fInteractive;
78} VBOXSERVICEVMINFOPROC, *PVBOXSERVICEVMINFOPROC;
79
80
81/*******************************************************************************
82* Prototypes
83*******************************************************************************/
84uint32_t VBoxServiceVMInfoWinSessionHasProcesses(PLUID pSession, PVBOXSERVICEVMINFOPROC const paProcs, DWORD cProcs);
85bool VBoxServiceVMInfoWinIsLoggedIn(PVBOXSERVICEVMINFOUSER a_pUserInfo, PLUID a_pSession);
86int VBoxServiceVMInfoWinProcessesEnumerate(PVBOXSERVICEVMINFOPROC *ppProc, DWORD *pdwCount);
87void VBoxServiceVMInfoWinProcessesFree(PVBOXSERVICEVMINFOPROC paProcs);
88
89typedef BOOL WINAPI FNQUERYFULLPROCESSIMAGENAME(HANDLE, DWORD, LPTSTR, PDWORD);
90typedef FNQUERYFULLPROCESSIMAGENAME *PFNQUERYFULLPROCESSIMAGENAME;
91
92
93#ifndef TARGET_NT4
94
95/**
96 * Retrieves the module name of a given process.
97 *
98 * @return IPRT status code.
99 * @param pProc
100 * @param pszBuf
101 * @param cbBuf
102 */
103static int VBoxServiceVMInfoWinProcessesGetModuleName(PVBOXSERVICEVMINFOPROC const pProc,
104 TCHAR *pszName, size_t cbName)
105{
106 AssertPtrReturn(pProc, VERR_INVALID_POINTER);
107 AssertPtrReturn(pszName, VERR_INVALID_POINTER);
108 AssertReturn(cbName, VERR_INVALID_PARAMETER);
109
110 OSVERSIONINFOEX OSInfoEx;
111 RT_ZERO(OSInfoEx);
112 OSInfoEx.dwOSVersionInfoSize = sizeof(OSVERSIONINFOEX);
113 if ( !GetVersionEx((LPOSVERSIONINFO) &OSInfoEx)
114 || OSInfoEx.dwPlatformId != VER_PLATFORM_WIN32_NT)
115 {
116 /* Platform other than NT (e.g. Win9x) not supported. */
117 return VERR_NOT_SUPPORTED;
118 }
119
120 int rc = VINF_SUCCESS;
121
122 DWORD dwFlags = PROCESS_QUERY_INFORMATION | PROCESS_VM_READ;
123 if (OSInfoEx.dwMajorVersion >= 6 /* Vista or later */)
124 dwFlags = 0x1000; /* = PROCESS_QUERY_LIMITED_INFORMATION; less privileges needed. */
125
126 HANDLE h = OpenProcess(dwFlags, FALSE, pProc->id);
127 if (h == NULL)
128 {
129 DWORD dwErr = GetLastError();
130 if (g_cVerbosity)
131 VBoxServiceError("Unable to open process with PID=%ld, error=%ld\n",
132 pProc->id, dwErr);
133 rc = RTErrConvertFromWin32(dwErr);
134 }
135 else
136 {
137 /* Since GetModuleFileNameEx has trouble with cross-bitness stuff (32-bit apps cannot query 64-bit
138 apps and vice verse) we have to use a different code path for Vista and up. */
139
140 /* Note: For 2000 + NT4 we might just use GetModuleFileName() instead. */
141 if (OSInfoEx.dwMajorVersion >= 6 /* Vista or later */)
142 {
143 /* Loading the module and getting the symbol for each and every process is expensive
144 * -- since this function (at the moment) only is used for debugging purposes it's okay. */
145 RTLDRMOD hMod;
146 rc = RTLdrLoad("kernel32.dll", &hMod);
147 if (RT_SUCCESS(rc))
148 {
149 PFNQUERYFULLPROCESSIMAGENAME pfnQueryFullProcessImageName;
150 rc = RTLdrGetSymbol(hMod, "QueryFullProcessImageNameA", (void **)&pfnQueryFullProcessImageName);
151 if (RT_SUCCESS(rc))
152 {
153 DWORD dwLen = cbName / sizeof(TCHAR);
154 if (!pfnQueryFullProcessImageName(h, 0 /*PROCESS_NAME_NATIVE*/, pszName, &dwLen))
155 rc = VERR_ACCESS_DENIED;
156 }
157
158 RTLdrClose(hMod);
159 }
160 }
161 else
162 {
163 if (!GetModuleFileNameEx(h, NULL /* Get main executable */, pszName, cbName / sizeof(TCHAR)))
164 rc = VERR_ACCESS_DENIED;
165 }
166
167 CloseHandle(h);
168 }
169
170 return rc;
171}
172
173
174/**
175 * Fills in more data for a process.
176 *
177 * @returns VBox status code.
178 * @param pProc The process structure to fill data into.
179 * @param tkClass The kind of token information to get.
180 */
181static int VBoxServiceVMInfoWinProcessesGetTokenInfo(PVBOXSERVICEVMINFOPROC pProc,
182 TOKEN_INFORMATION_CLASS tkClass)
183{
184 AssertPtrReturn(pProc, VERR_INVALID_POINTER);
185
186 DWORD dwErr = ERROR_SUCCESS;
187 HANDLE h = OpenProcess(PROCESS_QUERY_INFORMATION, FALSE, pProc->id);
188 if (h == NULL)
189 {
190 dwErr = GetLastError();
191 if (g_cVerbosity > 4)
192 VBoxServiceError("Unable to open process with PID=%ld, error=%ld\n",
193 pProc->id, dwErr);
194 return RTErrConvertFromWin32(dwErr);
195 }
196
197 int rc = VINF_SUCCESS;
198 HANDLE hToken;
199 if (OpenProcessToken(h, TOKEN_QUERY, &hToken))
200 {
201 void *pvTokenInfo = NULL;
202 DWORD dwTokenInfoSize;
203 switch (tkClass)
204 {
205 case TokenStatistics:
206 dwTokenInfoSize = sizeof(TOKEN_STATISTICS);
207 pvTokenInfo = HeapAlloc(GetProcessHeap(),
208 HEAP_ZERO_MEMORY, dwTokenInfoSize);
209 AssertPtr(pvTokenInfo);
210 break;
211
212 case TokenGroups:
213 dwTokenInfoSize = 0;
214 /* Allocating will follow in a second step. */
215 break;
216
217 /** @todo Implement more token classes here. */
218
219 default:
220 VBoxServiceError("Token class not implemented: %ld", tkClass);
221 rc = VERR_NOT_IMPLEMENTED;
222 break;
223 }
224
225 if (RT_SUCCESS(rc))
226 {
227 DWORD dwRetLength;
228 if (!GetTokenInformation(hToken, tkClass, pvTokenInfo, dwTokenInfoSize, &dwRetLength))
229 {
230 dwErr = GetLastError();
231 if (dwErr == ERROR_INSUFFICIENT_BUFFER)
232 {
233 dwErr = ERROR_SUCCESS;
234
235 switch (tkClass)
236 {
237 case TokenGroups:
238 pvTokenInfo = (PTOKEN_GROUPS)HeapAlloc(GetProcessHeap(),
239 HEAP_ZERO_MEMORY, dwRetLength);
240 if (!pvTokenInfo)
241 dwErr = GetLastError();
242 dwTokenInfoSize = dwRetLength;
243 break;
244
245 default:
246 AssertMsgFailed(("Re-allocating of token information for token class not implemented\n"));
247 break;
248 }
249
250 if (dwErr == ERROR_SUCCESS)
251 {
252 if (!GetTokenInformation(hToken, tkClass, pvTokenInfo, dwTokenInfoSize, &dwRetLength))
253 dwErr = GetLastError();
254 }
255 }
256 }
257
258 if (dwErr == ERROR_SUCCESS)
259 {
260 rc = VINF_SUCCESS;
261
262 switch (tkClass)
263 {
264 case TokenStatistics:
265 {
266 PTOKEN_STATISTICS pStats = (PTOKEN_STATISTICS)pvTokenInfo;
267 memcpy(&pProc->luid, &pStats->AuthenticationId, sizeof(LUID));
268 /** @todo Add more information of TOKEN_STATISTICS as needed. */
269 break;
270 }
271
272 case TokenGroups:
273 {
274 pProc->fInteractive = false;
275
276 SID_IDENTIFIER_AUTHORITY sidAuthNT = SECURITY_NT_AUTHORITY;
277 PSID pSidInteractive = NULL; /* S-1-5-4 */
278 if (!AllocateAndInitializeSid(&sidAuthNT, 1, 4, 0, 0, 0, 0, 0, 0, 0, &pSidInteractive))
279 dwErr = GetLastError();
280
281 PSID pSidLocal = NULL; /* S-1-2-0 */
282 if (dwErr == ERROR_SUCCESS)
283 {
284 SID_IDENTIFIER_AUTHORITY sidAuthLocal = SECURITY_LOCAL_SID_AUTHORITY;
285 if (!AllocateAndInitializeSid(&sidAuthLocal, 1, 0, 0, 0, 0, 0, 0, 0, 0, &pSidLocal))
286 dwErr = GetLastError();
287 }
288
289 if (dwErr == ERROR_SUCCESS)
290 {
291 PTOKEN_GROUPS pGroups = (PTOKEN_GROUPS)pvTokenInfo;
292 AssertPtr(pGroups);
293 for (DWORD i = 0; i < pGroups->GroupCount; i++)
294 {
295 if ( EqualSid(pGroups->Groups[i].Sid, pSidInteractive)
296 || EqualSid(pGroups->Groups[i].Sid, pSidLocal)
297 || pGroups->Groups[i].Attributes & SE_GROUP_LOGON_ID)
298 {
299 pProc->fInteractive = true;
300 break;
301 }
302 }
303 }
304
305 if (pSidInteractive)
306 FreeSid(pSidInteractive);
307 if (pSidLocal)
308 FreeSid(pSidLocal);
309 break;
310 }
311
312 default:
313 AssertMsgFailed(("Unhandled token information class\n"));
314 break;
315 }
316 }
317
318 if (pvTokenInfo)
319 HeapFree(GetProcessHeap(), 0 /* Flags */, pvTokenInfo);
320 }
321 CloseHandle(hToken);
322 }
323 else
324 dwErr = GetLastError();
325
326 if (dwErr != ERROR_SUCCESS)
327 {
328 if (g_cVerbosity)
329 VBoxServiceError("Unable to query token information for PID=%ld, error=%ld\n",
330 pProc->id, dwErr);
331 rc = RTErrConvertFromWin32(dwErr);
332 }
333
334 CloseHandle(h);
335 return rc;
336}
337
338
339/**
340 * Enumerate all the processes in the system and get the logon user IDs for
341 * them.
342 *
343 * @returns VBox status code.
344 * @param ppaProcs Where to return the process snapshot. This must be
345 * freed by calling VBoxServiceVMInfoWinProcessesFree.
346 *
347 * @param pcProcs Where to store the returned process count.
348 */
349int VBoxServiceVMInfoWinProcessesEnumerate(PVBOXSERVICEVMINFOPROC *ppaProcs, PDWORD pcProcs)
350{
351 AssertPtr(ppaProcs);
352 AssertPtr(pcProcs);
353
354 /*
355 * Call EnumProcesses with an increasingly larger buffer until it all fits
356 * or we think something is screwed up.
357 */
358 DWORD cProcesses = 64;
359 PDWORD paPID = NULL;
360 int rc = VINF_SUCCESS;
361 do
362 {
363 /* Allocate / grow the buffer first. */
364 cProcesses *= 2;
365 void *pvNew = RTMemRealloc(paPID, cProcesses * sizeof(DWORD));
366 if (!pvNew)
367 {
368 rc = VERR_NO_MEMORY;
369 break;
370 }
371 paPID = (PDWORD)pvNew;
372
373 /* Query the processes. Not the cbRet == buffer size means there could be more work to be done. */
374 DWORD cbRet;
375 if (!EnumProcesses(paPID, cProcesses * sizeof(DWORD), &cbRet))
376 {
377 rc = RTErrConvertFromWin32(GetLastError());
378 break;
379 }
380 if (cbRet < cProcesses * sizeof(DWORD))
381 {
382 cProcesses = cbRet / sizeof(DWORD);
383 break;
384 }
385 } while (cProcesses <= _32K); /* Should be enough; see: http://blogs.technet.com/markrussinovich/archive/2009/07/08/3261309.aspx */
386 if (RT_SUCCESS(rc))
387 {
388 /*
389 * Allocate out process structures and fill data into them.
390 * We currently only try lookup their LUID's.
391 */
392 PVBOXSERVICEVMINFOPROC paProcs;
393 paProcs = (PVBOXSERVICEVMINFOPROC)RTMemAllocZ(cProcesses * sizeof(VBOXSERVICEVMINFOPROC));
394 if (paProcs)
395 {
396 for (DWORD i = 0; i < cProcesses; i++)
397 {
398 paProcs[i].id = paPID[i];
399 rc = VBoxServiceVMInfoWinProcessesGetTokenInfo(&paProcs[i], TokenGroups);
400 if (RT_FAILURE(rc))
401 {
402 /* Because some processes cannot be opened/parsed on
403 Windows, we should not consider to be this an error here. */
404 rc = VINF_SUCCESS;
405 }
406 else
407 {
408 rc = VBoxServiceVMInfoWinProcessesGetTokenInfo(&paProcs[i], TokenStatistics);
409 if (RT_FAILURE(rc))
410 {
411 /* Because some processes cannot be opened/parsed on
412 Windows, we should not consider to be this an error here. */
413 rc = VINF_SUCCESS;
414 }
415 }
416 }
417
418 /* Save number of processes */
419 if (RT_SUCCESS(rc))
420 {
421 *pcProcs = cProcesses;
422 *ppaProcs = paProcs;
423 }
424 else
425 RTMemFree(paProcs);
426 }
427 else
428 rc = VERR_NO_MEMORY;
429 }
430
431 RTMemFree(paPID);
432 return rc;
433}
434
435/**
436 * Frees the process structures returned by
437 * VBoxServiceVMInfoWinProcessesEnumerate() before.
438 *
439 * @param paProcs What
440 */
441void VBoxServiceVMInfoWinProcessesFree(PVBOXSERVICEVMINFOPROC paProcs)
442{
443 RTMemFree(paProcs);
444}
445
446/**
447 * Determines whether the specified session has processes on the system.
448 *
449 * @returns Number of processes found for a specified session.
450 * @param pSession The session.
451 * @param paProcs The process snapshot.
452 * @param cProcs The number of processes in the snaphot.
453 * @param puSession Looked up session number. Optional.
454 */
455uint32_t VBoxServiceVMInfoWinSessionHasProcesses(PLUID pSession,
456 PVBOXSERVICEVMINFOPROC const paProcs, DWORD cProcs,
457 PULONG puSession)
458{
459 if (!pSession)
460 {
461 VBoxServiceVerbose(1, "Session became invalid while enumerating!\n");
462 return 0;
463 }
464
465 PSECURITY_LOGON_SESSION_DATA pSessionData = NULL;
466 NTSTATUS rcNt = LsaGetLogonSessionData(pSession, &pSessionData);
467 if (rcNt != STATUS_SUCCESS)
468 {
469 VBoxServiceError("Could not get logon session data! rcNt=%#x", rcNt);
470 return 0;
471 }
472
473 /*
474 * Even if a user seems to be logged in, it could be a stale/orphaned logon
475 * session. So check if we have some processes bound to it by comparing the
476 * session <-> process LUIDs.
477 */
478 uint32_t cNumProcs = 0;
479 for (DWORD i = 0; i < cProcs; i++)
480 {
481 VBoxServiceVerbose(4, "PID=%ld: (Interactive: %RTbool) %ld:%ld <-> %ld:%ld\n",
482 paProcs[i].id, paProcs[i].fInteractive,
483 paProcs[i].luid.HighPart, paProcs[i].luid.LowPart,
484 pSessionData->LogonId.HighPart, pSessionData->LogonId.LowPart);
485 if (g_cVerbosity)
486 {
487 TCHAR szModule[_1K];
488 int rc2 = VBoxServiceVMInfoWinProcessesGetModuleName(&paProcs[i], szModule, sizeof(szModule));
489 if (RT_SUCCESS(rc2))
490 VBoxServiceVerbose(4, "PID=%ld: %s\n",
491 paProcs[i].id, szModule);
492 }
493
494 if ( paProcs[i].fInteractive
495 && ( paProcs[i].luid.HighPart == pSessionData->LogonId.HighPart
496 && paProcs[i].luid.LowPart == pSessionData->LogonId.LowPart))
497 {
498 cNumProcs++;
499 if (!g_cVerbosity) /* We want a bit more info on higher verbosity. */
500 break;
501 }
502 }
503
504 if (g_cVerbosity)
505 VBoxServiceVerbose(3, "Session %u has %u processes total\n",
506 pSessionData->Session, cNumProcs);
507 else
508 VBoxServiceVerbose(3, "Session %u has at least one process\n",
509 pSessionData->Session);
510
511 if (puSession)
512 *puSession = pSessionData->Session;
513
514 LsaFreeReturnBuffer(pSessionData);
515 return cNumProcs;
516}
517
518
519/**
520 * Save and noisy string copy.
521 *
522 * @param pwszDst Destination buffer.
523 * @param cbDst Size in bytes - not WCHAR count!
524 * @param pSrc Source string.
525 * @param pszWhat What this is. For the log.
526 */
527static void VBoxServiceVMInfoWinSafeCopy(PWCHAR pwszDst, size_t cbDst, LSA_UNICODE_STRING const *pSrc, const char *pszWhat)
528{
529 Assert(RT_ALIGN(cbDst, sizeof(WCHAR)) == cbDst);
530
531 size_t cbCopy = pSrc->Length;
532 if (cbCopy + sizeof(WCHAR) > cbDst)
533 {
534 VBoxServiceVerbose(0, "%s is too long - %u bytes, buffer %u bytes! It will be truncated.\n",
535 pszWhat, cbCopy, cbDst);
536 cbCopy = cbDst - sizeof(WCHAR);
537 }
538 if (cbCopy)
539 memcpy(pwszDst, pSrc->Buffer, cbCopy);
540 pwszDst[cbCopy / sizeof(WCHAR)] = '\0';
541}
542
543
544/**
545 * Detects whether a user is logged on.
546 *
547 * @returns true if logged in, false if not (or error).
548 * @param pUserInfo Where to return the user information.
549 * @param pSession The session to check.
550 */
551bool VBoxServiceVMInfoWinIsLoggedIn(PVBOXSERVICEVMINFOUSER pUserInfo, PLUID pSession)
552{
553 AssertPtrReturn(pUserInfo, false);
554 if (!pSession)
555 return false;
556
557 PSECURITY_LOGON_SESSION_DATA pSessionData = NULL;
558 NTSTATUS rcNt = LsaGetLogonSessionData(pSession, &pSessionData);
559 if (rcNt != STATUS_SUCCESS)
560 {
561 ULONG ulError = LsaNtStatusToWinError(rcNt);
562 switch (ulError)
563 {
564 case ERROR_NOT_ENOUGH_MEMORY:
565 /* If we don't have enough memory it's hard to judge whether the specified user
566 * is logged in or not, so just assume he/she's not. */
567 VBoxServiceVerbose(3, "Not enough memory to retrieve logon session data!\n");
568 break;
569
570 case ERROR_NO_SUCH_LOGON_SESSION:
571 /* Skip session data which is not valid anymore because it may have been
572 * already terminated. */
573 break;
574
575 default:
576 VBoxServiceError("LsaGetLogonSessionData failed with error %u\n", ulError);
577 break;
578 }
579 if (pSessionData)
580 LsaFreeReturnBuffer(pSessionData);
581 return false;
582 }
583 if (!pSessionData)
584 {
585 VBoxServiceError("Invalid logon session data!\n");
586 return false;
587 }
588
589 VBoxServiceVerbose(3, "Session data: Name=%ls, Session=%u, LogonID=%ld,%ld, LogonType=%ld\n",
590 pSessionData->UserName.Buffer,
591 pSessionData->Session,
592 pSessionData->LogonId.HighPart, pSessionData->LogonId.LowPart,
593 pSessionData->LogonType);
594
595 /*
596 * Only handle users which can login interactively or logged in
597 * remotely over native RDP.
598 */
599 bool fFoundUser = false;
600 DWORD dwErr = NO_ERROR;
601 if ( IsValidSid(pSessionData->Sid)
602 && ( (SECURITY_LOGON_TYPE)pSessionData->LogonType == Interactive
603 || (SECURITY_LOGON_TYPE)pSessionData->LogonType == RemoteInteractive
604 /* Note: We also need CachedInteractive in case Windows cached the credentials
605 * or just wants to reuse them! */
606 || (SECURITY_LOGON_TYPE)pSessionData->LogonType == CachedInteractive))
607 {
608 VBoxServiceVerbose(3, "Session LogonType=%ld is supported -- looking up SID + type ...\n",
609 pSessionData->LogonType);
610
611 /*
612 * Copy out relevant data.
613 */
614 VBoxServiceVMInfoWinSafeCopy(pUserInfo->wszUser, sizeof(pUserInfo->wszUser),
615 &pSessionData->UserName, "User name");
616 VBoxServiceVMInfoWinSafeCopy(pUserInfo->wszAuthenticationPackage, sizeof(pUserInfo->wszAuthenticationPackage),
617 &pSessionData->AuthenticationPackage, "Authentication pkg name");
618 VBoxServiceVMInfoWinSafeCopy(pUserInfo->wszLogonDomain, sizeof(pUserInfo->wszLogonDomain),
619 &pSessionData->LogonDomain, "Logon domain name");
620
621 TCHAR szOwnerName[_MAX_PATH] = { 0 };
622 DWORD dwOwnerNameSize = sizeof(szOwnerName);
623 TCHAR szDomainName[_MAX_PATH] = { 0 };
624 DWORD dwDomainNameSize = sizeof(szDomainName);
625 SID_NAME_USE enmOwnerType = SidTypeInvalid;
626 if (!LookupAccountSid(NULL,
627 pSessionData->Sid,
628 szOwnerName,
629 &dwOwnerNameSize,
630 szDomainName,
631 &dwDomainNameSize,
632 &enmOwnerType))
633 {
634 DWORD dwErr = GetLastError();
635 /*
636 * If a network time-out prevents the function from finding the name or
637 * if a SID that does not have a corresponding account name (such as a
638 * logon SID that identifies a logon session), we get ERROR_NONE_MAPPED
639 * here that we just skip.
640 */
641 if (dwErr != ERROR_NONE_MAPPED)
642 VBoxServiceError("Failed looking up account info for user=%ls, error=$ld!\n",
643 pUserInfo->wszUser, dwErr);
644 }
645 else
646 {
647 if (enmOwnerType == SidTypeUser) /* Only recognize users; we don't care about the rest! */
648 {
649 VBoxServiceVerbose(3, "Account User=%ls, Session=%ld, LogonID=%ld,%ld, AuthPkg=%ls, Domain=%ls\n",
650 pUserInfo->wszUser, pSessionData->Session, pSessionData->LogonId.HighPart,
651 pSessionData->LogonId.LowPart, pUserInfo->wszAuthenticationPackage,
652 pUserInfo->wszLogonDomain);
653
654 /* Detect RDP sessions as well. */
655 LPTSTR pBuffer = NULL;
656 DWORD cbRet = 0;
657 int iState = -1;
658 if (WTSQuerySessionInformation(WTS_CURRENT_SERVER_HANDLE,
659 pSessionData->Session,
660 WTSConnectState,
661 &pBuffer,
662 &cbRet))
663 {
664 if (cbRet)
665 iState = *pBuffer;
666 VBoxServiceVerbose(3, "Account User=%ls, WTSConnectState=%d (%ld)\n",
667 pUserInfo->wszUser, iState, cbRet);
668 if ( iState == WTSActive /* User logged on to WinStation. */
669 || iState == WTSShadow /* Shadowing another WinStation. */
670 || iState == WTSDisconnected) /* WinStation logged on without client. */
671 {
672 /** @todo On Vista and W2K, always "old" user name are still
673 * there. Filter out the old one! */
674 VBoxServiceVerbose(3, "Account User=%ls using TCS/RDP, state=%d \n",
675 pUserInfo->wszUser, iState);
676 fFoundUser = true;
677 }
678 if (pBuffer)
679 WTSFreeMemory(pBuffer);
680 }
681 else
682 {
683 DWORD dwLastErr = GetLastError();
684 switch (dwLastErr)
685 {
686 /*
687 * Terminal services don't run (for example in W2K,
688 * nothing to worry about ...). ... or is on the Vista
689 * fast user switching page!
690 */
691 case ERROR_CTX_WINSTATION_NOT_FOUND:
692 VBoxServiceVerbose(3, "No WinStation found for user=%ls\n",
693 pUserInfo->wszUser);
694 break;
695
696 default:
697 VBoxServiceVerbose(3, "Cannot query WTS connection state for user=%ls, error=%ld\n",
698 pUserInfo->wszUser, dwLastErr);
699 break;
700 }
701
702 fFoundUser = true;
703 }
704 }
705 else
706 VBoxServiceVerbose(3, "SID owner type=%d not handled, skipping\n",
707 enmOwnerType);
708 }
709
710 VBoxServiceVerbose(3, "Account User=%ls %s logged in\n",
711 pUserInfo->wszUser, fFoundUser ? "is" : "is not");
712 }
713
714 LsaFreeReturnBuffer(pSessionData);
715 return fFoundUser;
716}
717
718
719/**
720 * Retrieves the currently logged in users and stores their names along with the
721 * user count.
722 *
723 * @returns VBox status code.
724 * @param ppszUserList Where to store the user list (separated by commas).
725 * Must be freed with RTStrFree().
726 * @param pcUsersInList Where to store the number of users in the list.
727 */
728int VBoxServiceVMInfoWinWriteUsers(char **ppszUserList, uint32_t *pcUsersInList)
729{
730 PLUID paSessions = NULL;
731 ULONG cSessions = 0;
732
733 /* This function can report stale or orphaned interactive logon sessions
734 of already logged off users (especially in Windows 2000). */
735 NTSTATUS rcNt = LsaEnumerateLogonSessions(&cSessions, &paSessions);
736 if (rcNt != STATUS_SUCCESS)
737 {
738 ULONG ulError = LsaNtStatusToWinError(rcNt);
739 switch (ulError)
740 {
741 case ERROR_NOT_ENOUGH_MEMORY:
742 VBoxServiceError("Not enough memory to enumerate logon sessions!\n");
743 break;
744
745 case ERROR_SHUTDOWN_IN_PROGRESS:
746 /* If we're about to shutdown when we were in the middle of enumerating the logon
747 * sessions, skip the error to not confuse the user with an unnecessary log message. */
748 VBoxServiceVerbose(3, "Shutdown in progress ...\n");
749 ulError = ERROR_SUCCESS;
750 break;
751
752 default:
753 VBoxServiceError("LsaEnumerate failed with error %u\n", ulError);
754 break;
755 }
756
757 return RTErrConvertFromWin32(ulError);
758 }
759 VBoxServiceVerbose(3, "Found %ld sessions\n", cSessions);
760
761 PVBOXSERVICEVMINFOPROC paProcs;
762 DWORD cProcs;
763 int rc = VBoxServiceVMInfoWinProcessesEnumerate(&paProcs, &cProcs);
764 if (RT_FAILURE(rc))
765 {
766 if (rc == VERR_NO_MEMORY)
767 VBoxServiceError("Not enough memory to enumerate processes\n");
768 else
769 VBoxServiceError("Failed to enumerate processes, rc=%Rrc\n", rc);
770 }
771 else
772 {
773 PVBOXSERVICEVMINFOUSER pUserInfo;
774 pUserInfo = (PVBOXSERVICEVMINFOUSER)RTMemAllocZ(cSessions * sizeof(VBOXSERVICEVMINFOUSER) + 1);
775 if (!pUserInfo)
776 VBoxServiceError("Not enough memory to store enumerated users!\n");
777 else
778 {
779 ULONG cUniqueUsers = 0;
780 for (ULONG i = 0; i < cSessions; i++)
781 {
782 VBoxServiceVerbose(3, "Handling session %u\n", i);
783
784 VBOXSERVICEVMINFOUSER UserInfo;
785 if (VBoxServiceVMInfoWinIsLoggedIn(&UserInfo, &paSessions[i]))
786 {
787 VBoxServiceVerbose(4, "Handling user=%ls, domain=%ls, package=%ls\n",
788 UserInfo.wszUser, UserInfo.wszLogonDomain, UserInfo.wszAuthenticationPackage);
789
790 /* Retrieve assigned processes of current session. */
791 ULONG ulSession;
792 uint32_t cSessionProcs = VBoxServiceVMInfoWinSessionHasProcesses(&paSessions[i], paProcs, cProcs, &ulSession);
793 /* Don't return here when current session does not have assigned processes
794 * anymore -- in that case we have to search through the unique users list below
795 * and see if got a stale user/session entry. */
796
797 bool fFoundUser = false;
798 for (ULONG i = 0; i < cUniqueUsers; i++)
799 {
800 if ( !wcscmp(UserInfo.wszUser, pUserInfo[i].wszUser)
801 && !wcscmp(UserInfo.wszLogonDomain, pUserInfo[i].wszLogonDomain)
802 && !wcscmp(UserInfo.wszAuthenticationPackage, pUserInfo[i].wszAuthenticationPackage)
803 && cSessionProcs)
804 {
805 /*
806 * Only respect the highest session for the current user.
807 */
808 if (ulSession > pUserInfo[i].ulSession)
809 {
810 VBoxServiceVerbose(4, "Updating user=%ls to %u processes (last session: %u)\n",
811 UserInfo.wszUser, cSessionProcs, ulSession);
812
813 pUserInfo[i].ulNumProcs = cSessionProcs;
814 pUserInfo[i].ulSession = ulSession;
815
816 if (!cSessionProcs)
817 VBoxServiceVerbose(3, "Stale session for user=%ls detected! Old processes: %u, new: %u\n",
818 pUserInfo[i].wszUser, pUserInfo[i].ulNumProcs, cSessionProcs);
819 }
820 /* There can be multiple session objects using the same session ID for the
821 * current user -- so when we got the same session again just add the found
822 * processes to it. */
823 else if (pUserInfo[i].ulSession == ulSession)
824 {
825 VBoxServiceVerbose(4, "Adding %u processes to user=%ls (session %u)\n",
826 cSessionProcs, UserInfo.wszUser, ulSession);
827
828 pUserInfo[i].ulNumProcs += cSessionProcs;
829 pUserInfo[i].ulSession = ulSession;
830 }
831
832 fFoundUser = true;
833 break;
834 }
835 }
836
837 if (!fFoundUser)
838 {
839 VBoxServiceVerbose(4, "Adding new user=%ls (session %u) with %u processes\n",
840 UserInfo.wszUser, ulSession, cSessionProcs);
841
842 memcpy(&pUserInfo[cUniqueUsers], &UserInfo, sizeof(VBOXSERVICEVMINFOUSER));
843 pUserInfo[cUniqueUsers].ulNumProcs = cSessionProcs;
844 pUserInfo[cUniqueUsers].ulSession = ulSession;
845 cUniqueUsers++;
846 Assert(cUniqueUsers <= cSessions);
847 }
848 }
849 }
850
851 VBoxServiceVerbose(3, "Found %u unique logged-in user(s)\n",
852 cUniqueUsers);
853
854 *pcUsersInList = 0;
855 for (ULONG i = 0; i < cUniqueUsers; i++)
856 {
857 if (pUserInfo[i].ulNumProcs)
858 {
859 VBoxServiceVerbose(3, "User %ls has %ld processes (session %u)\n",
860 pUserInfo[i].wszUser, pUserInfo[i].ulNumProcs, pUserInfo[i].ulSession);
861
862 if (*pcUsersInList > 0)
863 {
864 rc = RTStrAAppend(ppszUserList, ",");
865 AssertRCBreakStmt(rc, RTStrFree(*ppszUserList));
866 }
867
868 *pcUsersInList += 1;
869
870 char *pszTemp;
871 int rc2 = RTUtf16ToUtf8(pUserInfo[i].wszUser, &pszTemp);
872 if (RT_SUCCESS(rc2))
873 {
874 rc = RTStrAAppend(ppszUserList, pszTemp);
875 RTMemFree(pszTemp);
876 }
877 else
878 rc = RTStrAAppend(ppszUserList, "<string-conversion-error>");
879 AssertRCBreakStmt(rc, RTStrFree(*ppszUserList));
880 }
881 }
882
883 RTMemFree(pUserInfo);
884 }
885 VBoxServiceVMInfoWinProcessesFree(paProcs);
886 }
887 LsaFreeReturnBuffer(paSessions);
888 return rc;
889}
890
891#endif /* TARGET_NT4 */
892
893int VBoxServiceWinGetComponentVersions(uint32_t uClientID)
894{
895 int rc;
896 char szSysDir[_MAX_PATH] = {0};
897 char szWinDir[_MAX_PATH] = {0};
898 char szDriversDir[_MAX_PATH + 32] = {0};
899
900 /* ASSUME: szSysDir and szWinDir and derivatives are always ASCII compatible. */
901 GetSystemDirectory(szSysDir, _MAX_PATH);
902 GetWindowsDirectory(szWinDir, _MAX_PATH);
903 RTStrPrintf(szDriversDir, sizeof(szDriversDir), "%s\\drivers", szSysDir);
904#ifdef RT_ARCH_AMD64
905 char szSysWowDir[_MAX_PATH + 32] = {0};
906 RTStrPrintf(szSysWowDir, sizeof(szSysWowDir), "%s\\SysWow64", szWinDir);
907#endif
908
909 /* The file information table. */
910#ifndef TARGET_NT4
911 const VBOXSERVICEVMINFOFILE aVBoxFiles[] =
912 {
913 { szSysDir, "VBoxControl.exe" },
914 { szSysDir, "VBoxHook.dll" },
915 { szSysDir, "VBoxDisp.dll" },
916 { szSysDir, "VBoxMRXNP.dll" },
917 { szSysDir, "VBoxService.exe" },
918 { szSysDir, "VBoxTray.exe" },
919 { szSysDir, "VBoxGINA.dll" },
920 { szSysDir, "VBoxCredProv.dll" },
921
922 /* On 64-bit we don't yet have the OpenGL DLLs in native format.
923 So just enumerate the 32-bit files in the SYSWOW directory. */
924# ifdef RT_ARCH_AMD64
925 { szSysWowDir, "VBoxOGLarrayspu.dll" },
926 { szSysWowDir, "VBoxOGLcrutil.dll" },
927 { szSysWowDir, "VBoxOGLerrorspu.dll" },
928 { szSysWowDir, "VBoxOGLpackspu.dll" },
929 { szSysWowDir, "VBoxOGLpassthroughspu.dll" },
930 { szSysWowDir, "VBoxOGLfeedbackspu.dll" },
931 { szSysWowDir, "VBoxOGL.dll" },
932# else /* !RT_ARCH_AMD64 */
933 { szSysDir, "VBoxOGLarrayspu.dll" },
934 { szSysDir, "VBoxOGLcrutil.dll" },
935 { szSysDir, "VBoxOGLerrorspu.dll" },
936 { szSysDir, "VBoxOGLpackspu.dll" },
937 { szSysDir, "VBoxOGLpassthroughspu.dll" },
938 { szSysDir, "VBoxOGLfeedbackspu.dll" },
939 { szSysDir, "VBoxOGL.dll" },
940# endif /* !RT_ARCH_AMD64 */
941
942 { szDriversDir, "VBoxGuest.sys" },
943 { szDriversDir, "VBoxMouse.sys" },
944 { szDriversDir, "VBoxSF.sys" },
945 { szDriversDir, "VBoxVideo.sys" },
946 };
947
948#else /* TARGET_NT4 */
949 const VBOXSERVICEVMINFOFILE aVBoxFiles[] =
950 {
951 { szSysDir, "VBoxControl.exe" },
952 { szSysDir, "VBoxHook.dll" },
953 { szSysDir, "VBoxDisp.dll" },
954 { szSysDir, "VBoxServiceNT.exe" },
955 { szSysDir, "VBoxTray.exe" },
956
957 { szDriversDir, "VBoxGuestNT.sys" },
958 { szDriversDir, "VBoxMouseNT.sys" },
959 { szDriversDir, "VBoxVideo.sys" },
960 };
961#endif /* TARGET_NT4 */
962
963 for (unsigned i = 0; i < RT_ELEMENTS(aVBoxFiles); i++)
964 {
965 char szVer[128];
966 VBoxServiceGetFileVersionString(aVBoxFiles[i].pszFilePath, aVBoxFiles[i].pszFileName, szVer, sizeof(szVer));
967 char szPropPath[256];
968 RTStrPrintf(szPropPath, sizeof(szPropPath), "/VirtualBox/GuestAdd/Components/%s", aVBoxFiles[i].pszFileName);
969 rc = VBoxServiceWritePropF(uClientID, szPropPath, "%s", szVer);
970 }
971
972 return VINF_SUCCESS;
973}
974
Note: See TracBrowser for help on using the repository browser.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette