1 /* 2 * COPYRIGHT: See COPYING in the top level directory 3 * PROJECT: ReactOS Win32k subsystem 4 * PURPOSE: Shutdown routines 5 * FILE: win32ss/user/ntuser/shutdown.c 6 * PROGRAMER: Hermes Belusca 7 */ 8 9 #include <win32k.h> 10 11 DBG_DEFAULT_CHANNEL(UserShutdown); 12 13 /* Our local copy of shutdown flags */ 14 static ULONG gdwShutdownFlags = 0; 15 16 /* 17 * Based on CSRSS and described in pages 1115 - 1118 "Windows Internals, Fifth Edition". 18 * CSRSS sends WM_CLIENTSHUTDOWN messages to top-level windows, and it is our job 19 * to send WM_QUERYENDSESSION / WM_ENDSESSION messages in response. 20 */ 21 LRESULT 22 IntClientShutdown(IN PWND pWindow, 23 IN WPARAM wParam, 24 IN LPARAM lParam) 25 { 26 LPARAM lParams; 27 BOOL KillTimers; 28 INT i; 29 LRESULT lResult = MCSR_GOODFORSHUTDOWN; 30 HWND *List; 31 32 KillTimers = wParam & MCS_ENDSESSION ? TRUE : FALSE; 33 lParams = lParam & (ENDSESSION_LOGOFF | ENDSESSION_CRITICAL | ENDSESSION_CLOSEAPP); 34 35 /* First, send end sessions to children */ 36 List = IntWinListChildren(pWindow); 37 38 if (List) 39 { 40 for (i = 0; List[i]; i++) 41 { 42 PWND WndChild; 43 44 if (!(WndChild = UserGetWindowObject(List[i]))) 45 continue; 46 47 if (wParam & MCS_QUERYENDSESSION) 48 { 49 if (!co_IntSendMessage(UserHMGetHandle(WndChild), WM_QUERYENDSESSION, 0, lParams)) 50 { 51 lResult = MCSR_DONOTSHUTDOWN; 52 break; 53 } 54 } 55 else 56 { 57 co_IntSendMessage(UserHMGetHandle(WndChild), WM_ENDSESSION, KillTimers, lParams); 58 if (KillTimers) 59 { 60 DestroyTimersForWindow(WndChild->head.pti, WndChild); 61 } 62 lResult = MCSR_SHUTDOWNFINISHED; 63 } 64 } 65 ExFreePoolWithTag(List, USERTAG_WINDOWLIST); 66 if (lResult == MCSR_DONOTSHUTDOWN) 67 return lResult; 68 } 69 70 /* Send to the caller */ 71 if (wParam & MCS_QUERYENDSESSION) 72 { 73 if (!co_IntSendMessage(UserHMGetHandle(pWindow), WM_QUERYENDSESSION, 0, lParams)) 74 { 75 lResult = MCSR_DONOTSHUTDOWN; 76 } 77 } 78 else 79 { 80 co_IntSendMessage(UserHMGetHandle(pWindow), WM_ENDSESSION, KillTimers, lParams); 81 if (KillTimers) 82 { 83 DestroyTimersForWindow(pWindow->head.pti, pWindow); 84 } 85 lResult = MCSR_SHUTDOWNFINISHED; 86 } 87 88 return lResult; 89 } 90 91 BOOLEAN 92 HasPrivilege(IN PPRIVILEGE_SET Privilege) 93 { 94 BOOLEAN Result; 95 SECURITY_SUBJECT_CONTEXT SubjectContext; 96 97 /* Capture and lock the security subject context */ 98 SeCaptureSubjectContext(&SubjectContext); 99 SeLockSubjectContext(&SubjectContext); 100 101 /* Do privilege check */ 102 Result = SePrivilegeCheck(Privilege, &SubjectContext, UserMode); 103 104 /* Audit the privilege */ 105 #if 0 106 SePrivilegeObjectAuditAlarm(NULL, 107 &SubjectContext, 108 0, 109 Privilege, 110 Result, 111 UserMode); 112 #endif 113 114 /* Unlock and release the security subject context and return */ 115 SeUnlockSubjectContext(&SubjectContext); 116 SeReleaseSubjectContext(&SubjectContext); 117 return Result; 118 } 119 120 BOOL 121 NotifyLogon(IN HWND hWndSta, 122 IN PLUID CallerLuid, 123 IN ULONG Flags, 124 IN NTSTATUS ShutdownStatus) 125 { 126 // LUID SystemLuid = SYSTEM_LUID; 127 ULONG Notif, Param; 128 129 ERR("NotifyLogon(0x%lx, 0x%lx)\n", Flags, ShutdownStatus); 130 131 /* If no Winlogon notifications are needed, just return */ 132 if (Flags & EWX_NONOTIFY) 133 return FALSE; 134 135 /* In case we cancelled the shutdown...*/ 136 if (Flags & EWX_SHUTDOWN_CANCELED) 137 { 138 /* ... send a LN_LOGOFF_CANCELED to Winlogon with the real cancel status... */ 139 Notif = LN_LOGOFF_CANCELED; 140 Param = ShutdownStatus; 141 } 142 else 143 { 144 /* ... otherwise it's a real logoff. Send the shutdown flags in that case. */ 145 Notif = LN_LOGOFF; 146 Param = Flags; 147 } 148 149 // FIXME: At the moment, always send the notifications... In real world some checks are done. 150 // if (hwndSAS && ( (Flags & EWX_SHUTDOWN) || RtlEqualLuid(CallerLuid, &SystemLuid)) ) 151 if (hwndSAS) 152 { 153 TRACE("\tSending %s message to Winlogon\n", Notif == LN_LOGOFF ? "LN_LOGOFF" : "LN_LOGOFF_CANCELED"); 154 UserPostMessage(hwndSAS, WM_LOGONNOTIFY, Notif, (LPARAM)Param); 155 return TRUE; 156 } 157 else 158 { 159 ERR("hwndSAS == NULL\n"); 160 } 161 162 return FALSE; 163 } 164 165 NTSTATUS 166 UserInitiateShutdown(IN PETHREAD Thread, 167 IN OUT PULONG pFlags) 168 { 169 NTSTATUS Status; 170 ULONG Flags = *pFlags; 171 LUID CallerLuid; 172 LUID SystemLuid = SYSTEM_LUID; 173 static PRIVILEGE_SET ShutdownPrivilege = 174 { 175 1, PRIVILEGE_SET_ALL_NECESSARY, 176 { {{SE_SHUTDOWN_PRIVILEGE, 0}, 0} } 177 }; 178 179 PPROCESSINFO ppi; 180 181 TRACE("UserInitiateShutdown\n"); 182 183 /* Get the caller's LUID */ 184 Status = GetProcessLuid(Thread, NULL, &CallerLuid); 185 if (!NT_SUCCESS(Status)) 186 { 187 ERR("UserInitiateShutdown: GetProcessLuid failed\n"); 188 return Status; 189 } 190 191 /* 192 * Check if this is the System LUID, and adjust flags if needed. 193 * In particular, be sure there is no EWX_CALLER_SYSTEM flag 194 * spuriously set (could be the sign of malicous app!). 195 */ 196 if (RtlEqualLuid(&CallerLuid, &SystemLuid)) 197 Flags |= EWX_CALLER_SYSTEM; 198 else 199 Flags &= ~EWX_CALLER_SYSTEM; 200 201 *pFlags = Flags; 202 203 /* Retrieve the Win32 process info */ 204 ppi = PsGetProcessWin32Process(PsGetThreadProcess(Thread)); 205 if (ppi == NULL) 206 { 207 ERR("UserInitiateShutdown: Failed to get win32 thread!\n"); 208 return STATUS_INVALID_HANDLE; 209 } 210 211 /* If the caller is not Winlogon, do some security checks */ 212 if (PsGetThreadProcessId(Thread) != gpidLogon) 213 { 214 /* 215 * Here also, be sure there is no EWX_CALLER_WINLOGON flag 216 * spuriously set (could be the sign of malicous app!). 217 */ 218 Flags &= ~EWX_CALLER_WINLOGON; 219 220 *pFlags = Flags; 221 222 /* Check whether the current process is attached to a window station */ 223 if (ppi->prpwinsta == NULL) 224 { 225 ERR("UserInitiateShutdown: Process is not attached to a desktop\n"); 226 return STATUS_INVALID_HANDLE; 227 } 228 229 /* Check whether the window station of the current process can send exit requests */ 230 if (!RtlAreAllAccessesGranted(ppi->amwinsta, WINSTA_EXITWINDOWS)) 231 { 232 ERR("UserInitiateShutdown: Caller doesn't have the rights to shutdown\n"); 233 return STATUS_ACCESS_DENIED; 234 } 235 236 /* 237 * NOTE: USERSRV automatically adds the shutdown flag when we poweroff or reboot. 238 * 239 * If the caller wants to shutdown / reboot / power-off... 240 */ 241 if (Flags & EWX_SHUTDOWN) 242 { 243 /* ... check whether it has shutdown privilege */ 244 if (!HasPrivilege(&ShutdownPrivilege)) 245 { 246 ERR("UserInitiateShutdown: Caller doesn't have the rights to shutdown\n"); 247 return STATUS_PRIVILEGE_NOT_HELD; 248 } 249 } 250 else 251 { 252 /* 253 * ... but if it just wants to log-off, in case its 254 * window station is a non-IO one, fail the call. 255 */ 256 if (ppi->prpwinsta->Flags & WSS_NOIO) 257 { 258 ERR("UserInitiateShutdown: Caller doesn't have the rights to logoff\n"); 259 return STATUS_INVALID_DEVICE_REQUEST; 260 } 261 } 262 } 263 264 /* If the caller is not Winlogon, possibly notify it to perform the real shutdown */ 265 if (PsGetThreadProcessId(Thread) != gpidLogon) 266 { 267 // FIXME: HACK!! Do more checks!! 268 TRACE("UserInitiateShutdown: Notify Winlogon for shutdown\n"); 269 NotifyLogon(hwndSAS, &CallerLuid, Flags, STATUS_SUCCESS); 270 return STATUS_PENDING; 271 } 272 273 // If we reach this point, that means it's Winlogon that triggered the shutdown. 274 TRACE("UserInitiateShutdown: Winlogon is doing a shutdown\n"); 275 276 /* 277 * Update and save the shutdown flags globally for renotifying 278 * Winlogon if needed, when calling EndShutdown. 279 */ 280 Flags |= EWX_CALLER_WINLOGON; // Winlogon is doing a shutdown, be sure the internal flag is set. 281 *pFlags = Flags; 282 283 /* Save the shutdown flags now */ 284 gdwShutdownFlags = Flags; 285 286 return STATUS_SUCCESS; 287 } 288 289 NTSTATUS 290 UserEndShutdown(IN PETHREAD Thread, 291 IN NTSTATUS ShutdownStatus) 292 { 293 NTSTATUS Status; 294 ULONG Flags; 295 LUID CallerLuid; 296 297 TRACE("UserEndShutdown called\n"); 298 299 /* 300 * FIXME: Some cleanup should be done when shutdown succeeds, 301 * and some reset should be done when shutdown is cancelled. 302 */ 303 //STUB; 304 305 Status = GetProcessLuid(Thread, NULL, &CallerLuid); 306 if (!NT_SUCCESS(Status)) 307 { 308 ERR("UserEndShutdown: GetProcessLuid failed\n"); 309 return Status; 310 } 311 312 /* Copy the global flags because we're going to modify them for our purposes */ 313 Flags = gdwShutdownFlags; 314 315 if (NT_SUCCESS(ShutdownStatus)) 316 { 317 /* Just report success, and keep the shutdown flags as they are */ 318 ShutdownStatus = STATUS_SUCCESS; 319 } 320 else 321 { 322 /* Report the status to Winlogon and say that we cancel the shutdown */ 323 Flags |= EWX_SHUTDOWN_CANCELED; 324 // FIXME: Should we reset gdwShutdownFlags to 0 ?? 325 } 326 327 TRACE("UserEndShutdown: Notify Winlogon for end of shutdown\n"); 328 NotifyLogon(hwndSAS, &CallerLuid, Flags, ShutdownStatus); 329 330 /* Always return success */ 331 return STATUS_SUCCESS; 332 } 333 334 /* EOF */ 335