winevdm: Fix incorrect heap allocation sizes and possible out-of-bounds access in...
[wine.git] / server / winstation.c
blob20656aa454aeaa5fbc06a84aabbf9ceed0b68342
1 /*
2 * Server-side window stations and desktops handling
4 * Copyright (C) 2002, 2005 Alexandre Julliard
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2.1 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
21 #include "config.h"
22 #include "wine/port.h"
24 #include <stdio.h>
25 #include <stdarg.h>
27 #include "ntstatus.h"
28 #define WIN32_NO_STATUS
29 #include "windef.h"
30 #include "winbase.h"
31 #include "winuser.h"
32 #include "winternl.h"
34 #include "object.h"
35 #include "handle.h"
36 #include "request.h"
37 #include "process.h"
38 #include "user.h"
39 #include "file.h"
40 #include "security.h"
41 #include "wine/unicode.h"
44 static struct list winstation_list = LIST_INIT(winstation_list);
45 static struct namespace *winstation_namespace;
47 static void winstation_dump( struct object *obj, int verbose );
48 static struct object_type *winstation_get_type( struct object *obj );
49 static int winstation_close_handle( struct object *obj, struct process *process, obj_handle_t handle );
50 static void winstation_destroy( struct object *obj );
51 static unsigned int winstation_map_access( struct object *obj, unsigned int access );
52 static void desktop_dump( struct object *obj, int verbose );
53 static struct object_type *desktop_get_type( struct object *obj );
54 static int desktop_close_handle( struct object *obj, struct process *process, obj_handle_t handle );
55 static void desktop_destroy( struct object *obj );
56 static unsigned int desktop_map_access( struct object *obj, unsigned int access );
58 static const struct object_ops winstation_ops =
60 sizeof(struct winstation), /* size */
61 winstation_dump, /* dump */
62 winstation_get_type, /* get_type */
63 no_add_queue, /* add_queue */
64 NULL, /* remove_queue */
65 NULL, /* signaled */
66 NULL, /* satisfied */
67 no_signal, /* signal */
68 no_get_fd, /* get_fd */
69 winstation_map_access, /* map_access */
70 default_get_sd, /* get_sd */
71 default_set_sd, /* set_sd */
72 no_lookup_name, /* lookup_name */
73 no_open_file, /* open_file */
74 winstation_close_handle, /* close_handle */
75 winstation_destroy /* destroy */
79 static const struct object_ops desktop_ops =
81 sizeof(struct desktop), /* size */
82 desktop_dump, /* dump */
83 desktop_get_type, /* get_type */
84 no_add_queue, /* add_queue */
85 NULL, /* remove_queue */
86 NULL, /* signaled */
87 NULL, /* satisfied */
88 no_signal, /* signal */
89 no_get_fd, /* get_fd */
90 desktop_map_access, /* map_access */
91 default_get_sd, /* get_sd */
92 default_set_sd, /* set_sd */
93 no_lookup_name, /* lookup_name */
94 no_open_file, /* open_file */
95 desktop_close_handle, /* close_handle */
96 desktop_destroy /* destroy */
99 #define DESKTOP_ALL_ACCESS 0x01ff
101 /* create a winstation object */
102 static struct winstation *create_winstation( const struct unicode_str *name, unsigned int attr,
103 unsigned int flags )
105 struct winstation *winstation;
107 if (!winstation_namespace && !(winstation_namespace = create_namespace( 7 )))
108 return NULL;
110 if (memchrW( name->str, '\\', name->len / sizeof(WCHAR) )) /* no backslash allowed in name */
112 set_error( STATUS_INVALID_PARAMETER );
113 return NULL;
116 if ((winstation = create_named_object( winstation_namespace, &winstation_ops, name, attr )))
118 if (get_error() != STATUS_OBJECT_NAME_EXISTS)
120 /* initialize it if it didn't already exist */
121 winstation->flags = flags;
122 winstation->clipboard = NULL;
123 winstation->atom_table = NULL;
124 list_add_tail( &winstation_list, &winstation->entry );
125 list_init( &winstation->desktops );
128 return winstation;
131 static void winstation_dump( struct object *obj, int verbose )
133 struct winstation *winstation = (struct winstation *)obj;
135 fprintf( stderr, "Winstation flags=%x clipboard=%p atoms=%p ",
136 winstation->flags, winstation->clipboard, winstation->atom_table );
137 dump_object_name( &winstation->obj );
138 fputc( '\n', stderr );
141 static struct object_type *winstation_get_type( struct object *obj )
143 static const WCHAR name[] = {'W','i','n','d','o','w','S','t','a','t','i','o','n'};
144 static const struct unicode_str str = { name, sizeof(name) };
145 return get_object_type( &str );
148 static int winstation_close_handle( struct object *obj, struct process *process, obj_handle_t handle )
150 return (process->winstation != handle);
153 static void winstation_destroy( struct object *obj )
155 struct winstation *winstation = (struct winstation *)obj;
157 list_remove( &winstation->entry );
158 if (winstation->clipboard) release_object( winstation->clipboard );
159 if (winstation->atom_table) release_object( winstation->atom_table );
162 static unsigned int winstation_map_access( struct object *obj, unsigned int access )
164 if (access & GENERIC_READ) access |= STANDARD_RIGHTS_READ | WINSTA_ENUMDESKTOPS | WINSTA_READATTRIBUTES |
165 WINSTA_ENUMERATE | WINSTA_READSCREEN;
166 if (access & GENERIC_WRITE) access |= STANDARD_RIGHTS_WRITE | WINSTA_ACCESSCLIPBOARD | WINSTA_CREATEDESKTOP |
167 WINSTA_WRITEATTRIBUTES;
168 if (access & GENERIC_EXECUTE) access |= STANDARD_RIGHTS_EXECUTE | WINSTA_ACCESSGLOBALATOMS | WINSTA_EXITWINDOWS;
169 if (access & GENERIC_ALL) access |= STANDARD_RIGHTS_REQUIRED | WINSTA_ALL_ACCESS;
170 return access & ~(GENERIC_READ | GENERIC_WRITE | GENERIC_EXECUTE | GENERIC_ALL);
173 /* retrieve the process window station, checking the handle access rights */
174 struct winstation *get_process_winstation( struct process *process, unsigned int access )
176 return (struct winstation *)get_handle_obj( process, process->winstation,
177 access, &winstation_ops );
180 /* build the full name of a desktop object */
181 static WCHAR *build_desktop_name( const struct unicode_str *name,
182 struct winstation *winstation, struct unicode_str *res )
184 const WCHAR *winstation_name;
185 WCHAR *full_name;
186 data_size_t winstation_len;
188 if (memchrW( name->str, '\\', name->len / sizeof(WCHAR) ))
190 set_error( STATUS_INVALID_PARAMETER );
191 return NULL;
194 if (!(winstation_name = get_object_name( &winstation->obj, &winstation_len )))
195 winstation_len = 0;
197 res->len = winstation_len + name->len + sizeof(WCHAR);
198 if (!(full_name = mem_alloc( res->len ))) return NULL;
199 memcpy( full_name, winstation_name, winstation_len );
200 full_name[winstation_len / sizeof(WCHAR)] = '\\';
201 memcpy( full_name + winstation_len / sizeof(WCHAR) + 1, name->str, name->len );
202 res->str = full_name;
203 return full_name;
206 /* retrieve a pointer to a desktop object */
207 struct desktop *get_desktop_obj( struct process *process, obj_handle_t handle, unsigned int access )
209 return (struct desktop *)get_handle_obj( process, handle, access, &desktop_ops );
212 /* create a desktop object */
213 static struct desktop *create_desktop( const struct unicode_str *name, unsigned int attr,
214 unsigned int flags, struct winstation *winstation )
216 struct desktop *desktop;
217 struct unicode_str full_str;
218 WCHAR *full_name;
220 if (!(full_name = build_desktop_name( name, winstation, &full_str ))) return NULL;
222 if ((desktop = create_named_object( winstation_namespace, &desktop_ops, &full_str, attr )))
224 if (get_error() != STATUS_OBJECT_NAME_EXISTS)
226 /* initialize it if it didn't already exist */
227 desktop->flags = flags;
228 desktop->winstation = (struct winstation *)grab_object( winstation );
229 desktop->top_window = NULL;
230 desktop->msg_window = NULL;
231 desktop->global_hooks = NULL;
232 desktop->close_timeout = NULL;
233 desktop->foreground_input = NULL;
234 desktop->users = 0;
235 memset( &desktop->cursor, 0, sizeof(desktop->cursor) );
236 memset( desktop->keystate, 0, sizeof(desktop->keystate) );
237 list_add_tail( &winstation->desktops, &desktop->entry );
240 free( full_name );
241 return desktop;
244 static void desktop_dump( struct object *obj, int verbose )
246 struct desktop *desktop = (struct desktop *)obj;
248 fprintf( stderr, "Desktop flags=%x winstation=%p top_win=%p hooks=%p ",
249 desktop->flags, desktop->winstation, desktop->top_window, desktop->global_hooks );
250 dump_object_name( &desktop->obj );
251 fputc( '\n', stderr );
254 static struct object_type *desktop_get_type( struct object *obj )
256 static const WCHAR name[] = {'D','e','s','k','t','o','p'};
257 static const struct unicode_str str = { name, sizeof(name) };
258 return get_object_type( &str );
261 static int desktop_close_handle( struct object *obj, struct process *process, obj_handle_t handle )
263 struct thread *thread;
265 /* check if the handle is currently used by the process or one of its threads */
266 if (process->desktop == handle) return 0;
267 LIST_FOR_EACH_ENTRY( thread, &process->thread_list, struct thread, proc_entry )
268 if (thread->desktop == handle) return 0;
269 return 1;
272 static void desktop_destroy( struct object *obj )
274 struct desktop *desktop = (struct desktop *)obj;
276 if (desktop->top_window) destroy_window( desktop->top_window );
277 if (desktop->msg_window) destroy_window( desktop->msg_window );
278 if (desktop->global_hooks) release_object( desktop->global_hooks );
279 if (desktop->close_timeout) remove_timeout_user( desktop->close_timeout );
280 list_remove( &desktop->entry );
281 release_object( desktop->winstation );
284 static unsigned int desktop_map_access( struct object *obj, unsigned int access )
286 if (access & GENERIC_READ) access |= STANDARD_RIGHTS_READ | DESKTOP_READOBJECTS | DESKTOP_ENUMERATE;
287 if (access & GENERIC_WRITE) access |= STANDARD_RIGHTS_WRITE | DESKTOP_CREATEMENU | DESKTOP_CREATEWINDOW |
288 DESKTOP_HOOKCONTROL | DESKTOP_JOURNALRECORD | DESKTOP_JOURNALPLAYBACK |
289 DESKTOP_WRITEOBJECTS;
290 if (access & GENERIC_EXECUTE) access |= STANDARD_RIGHTS_EXECUTE | DESKTOP_SWITCHDESKTOP;
291 if (access & GENERIC_ALL) access |= STANDARD_RIGHTS_REQUIRED | DESKTOP_ALL_ACCESS;
292 return access & ~(GENERIC_READ | GENERIC_WRITE | GENERIC_EXECUTE | GENERIC_ALL);
295 /* retrieve the thread desktop, checking the handle access rights */
296 struct desktop *get_thread_desktop( struct thread *thread, unsigned int access )
298 return get_desktop_obj( thread->process, thread->desktop, access );
301 /* set the process default desktop handle */
302 void set_process_default_desktop( struct process *process, struct desktop *desktop,
303 obj_handle_t handle )
305 struct thread *thread;
306 struct desktop *old_desktop;
308 if (process->desktop == handle) return; /* nothing to do */
310 if (!(old_desktop = get_desktop_obj( process, process->desktop, 0 ))) clear_error();
311 process->desktop = handle;
313 /* set desktop for threads that don't have one yet */
314 LIST_FOR_EACH_ENTRY( thread, &process->thread_list, struct thread, proc_entry )
315 if (!thread->desktop) thread->desktop = handle;
317 if (!process->is_system)
319 desktop->users++;
320 if (desktop->close_timeout)
322 remove_timeout_user( desktop->close_timeout );
323 desktop->close_timeout = NULL;
325 if (old_desktop) old_desktop->users--;
328 if (old_desktop) release_object( old_desktop );
331 /* connect a process to its window station */
332 void connect_process_winstation( struct process *process, struct thread *parent )
334 struct winstation *winstation = NULL;
335 struct desktop *desktop = NULL;
336 obj_handle_t handle;
338 /* check for an inherited winstation handle (don't ask...) */
339 if ((handle = find_inherited_handle( process, &winstation_ops )))
341 winstation = (struct winstation *)get_handle_obj( process, handle, 0, &winstation_ops );
343 else if (parent && parent->process->winstation)
345 handle = duplicate_handle( parent->process, parent->process->winstation,
346 process, 0, 0, DUP_HANDLE_SAME_ACCESS );
347 winstation = (struct winstation *)get_handle_obj( process, handle, 0, &winstation_ops );
349 if (!winstation) goto done;
350 process->winstation = handle;
352 if ((handle = find_inherited_handle( process, &desktop_ops )))
354 desktop = get_desktop_obj( process, handle, 0 );
355 if (!desktop || desktop->winstation != winstation) goto done;
357 else if (parent && parent->desktop)
359 desktop = get_desktop_obj( parent->process, parent->desktop, 0 );
360 if (!desktop || desktop->winstation != winstation) goto done;
361 handle = duplicate_handle( parent->process, parent->desktop,
362 process, 0, 0, DUP_HANDLE_SAME_ACCESS );
365 if (handle) set_process_default_desktop( process, desktop, handle );
367 done:
368 if (desktop) release_object( desktop );
369 if (winstation) release_object( winstation );
370 clear_error();
373 static void close_desktop_timeout( void *private )
375 struct desktop *desktop = private;
377 desktop->close_timeout = NULL;
378 unlink_named_object( &desktop->obj ); /* make sure no other process can open it */
379 post_desktop_message( desktop, WM_CLOSE, 0, 0 ); /* and signal the owner to quit */
382 /* close the desktop of a given process */
383 void close_process_desktop( struct process *process )
385 struct desktop *desktop;
387 if (process->desktop && (desktop = get_desktop_obj( process, process->desktop, 0 )))
389 assert( desktop->users > 0 );
390 desktop->users--;
391 /* if we have one remaining user, it has to be the manager of the desktop window */
392 if (desktop->users == 1 && get_top_window_owner( desktop ))
394 assert( !desktop->close_timeout );
395 desktop->close_timeout = add_timeout_user( -TICKS_PER_SEC, close_desktop_timeout, desktop );
397 release_object( desktop );
399 clear_error(); /* ignore errors */
402 /* close the desktop of a given thread */
403 void close_thread_desktop( struct thread *thread )
405 obj_handle_t handle = thread->desktop;
407 thread->desktop = 0;
408 if (handle) close_handle( thread->process, handle );
411 /* set the reply data from the object name */
412 static void set_reply_data_obj_name( struct object *obj )
414 data_size_t len;
415 const WCHAR *ptr, *name = get_object_name( obj, &len );
417 /* if there is a backslash return the part of the name after it */
418 if (name && (ptr = memchrW( name, '\\', len/sizeof(WCHAR) )))
420 len -= (ptr + 1 - name) * sizeof(WCHAR);
421 name = ptr + 1;
423 if (name) set_reply_data( name, min( len, get_reply_max_size() ));
426 /* create a window station */
427 DECL_HANDLER(create_winstation)
429 struct winstation *winstation;
430 struct unicode_str name;
432 reply->handle = 0;
433 get_req_unicode_str( &name );
434 if ((winstation = create_winstation( &name, req->attributes, req->flags )))
436 reply->handle = alloc_handle( current->process, winstation, req->access, req->attributes );
437 release_object( winstation );
441 /* open a handle to a window station */
442 DECL_HANDLER(open_winstation)
444 struct unicode_str name;
446 get_req_unicode_str( &name );
447 if (winstation_namespace)
448 reply->handle = open_object( winstation_namespace, &name, &winstation_ops, req->access,
449 req->attributes );
450 else
451 set_error( STATUS_OBJECT_NAME_NOT_FOUND );
455 /* close a window station */
456 DECL_HANDLER(close_winstation)
458 struct winstation *winstation;
460 if ((winstation = (struct winstation *)get_handle_obj( current->process, req->handle,
461 0, &winstation_ops )))
463 if (close_handle( current->process, req->handle )) set_error( STATUS_ACCESS_DENIED );
464 release_object( winstation );
469 /* get the process current window station */
470 DECL_HANDLER(get_process_winstation)
472 reply->handle = current->process->winstation;
476 /* set the process current window station */
477 DECL_HANDLER(set_process_winstation)
479 struct winstation *winstation;
481 if ((winstation = (struct winstation *)get_handle_obj( current->process, req->handle,
482 0, &winstation_ops )))
484 /* FIXME: should we close the old one? */
485 current->process->winstation = req->handle;
486 release_object( winstation );
490 /* create a desktop */
491 DECL_HANDLER(create_desktop)
493 struct desktop *desktop;
494 struct winstation *winstation;
495 struct unicode_str name;
497 reply->handle = 0;
498 get_req_unicode_str( &name );
499 if ((winstation = get_process_winstation( current->process, WINSTA_CREATEDESKTOP )))
501 if ((desktop = create_desktop( &name, req->attributes, req->flags, winstation )))
503 reply->handle = alloc_handle( current->process, desktop, req->access, req->attributes );
504 release_object( desktop );
506 release_object( winstation );
510 /* open a handle to a desktop */
511 DECL_HANDLER(open_desktop)
513 struct winstation *winstation;
514 struct unicode_str name;
516 get_req_unicode_str( &name );
518 /* FIXME: check access rights */
519 if (!req->winsta)
520 winstation = get_process_winstation( current->process, 0 );
521 else
522 winstation = (struct winstation *)get_handle_obj( current->process, req->winsta, 0, &winstation_ops );
524 if (winstation)
526 struct unicode_str full_str;
527 WCHAR *full_name;
529 if ((full_name = build_desktop_name( &name, winstation, &full_str )))
531 reply->handle = open_object( winstation_namespace, &full_str, &desktop_ops, req->access,
532 req->attributes );
533 free( full_name );
535 release_object( winstation );
540 /* close a desktop */
541 DECL_HANDLER(close_desktop)
543 struct desktop *desktop;
545 /* make sure it is a desktop handle */
546 if ((desktop = (struct desktop *)get_handle_obj( current->process, req->handle,
547 0, &desktop_ops )))
549 if (close_handle( current->process, req->handle )) set_error( STATUS_DEVICE_BUSY );
550 release_object( desktop );
555 /* get the thread current desktop */
556 DECL_HANDLER(get_thread_desktop)
558 struct thread *thread;
560 if (!(thread = get_thread_from_id( req->tid ))) return;
561 reply->handle = thread->desktop;
562 release_object( thread );
566 /* set the thread current desktop */
567 DECL_HANDLER(set_thread_desktop)
569 struct desktop *old_desktop, *new_desktop;
570 struct winstation *winstation;
572 if (!(winstation = get_process_winstation( current->process, 0 /* FIXME: access rights? */ )))
573 return;
575 if (!(new_desktop = get_desktop_obj( current->process, req->handle, 0 )))
577 release_object( winstation );
578 return;
580 if (new_desktop->winstation != winstation)
582 set_error( STATUS_ACCESS_DENIED );
583 release_object( new_desktop );
584 release_object( winstation );
585 return;
588 /* check if we are changing to a new desktop */
590 if (!(old_desktop = get_desktop_obj( current->process, current->desktop, 0)))
591 clear_error(); /* ignore error */
593 /* when changing desktop, we can't have any users on the current one */
594 if (old_desktop != new_desktop && current->desktop_users > 0)
595 set_error( STATUS_DEVICE_BUSY );
596 else
597 current->desktop = req->handle; /* FIXME: should we close the old one? */
599 if (!current->process->desktop)
600 set_process_default_desktop( current->process, new_desktop, req->handle );
602 if (old_desktop != new_desktop && current->queue) detach_thread_input( current );
604 if (old_desktop) release_object( old_desktop );
605 release_object( new_desktop );
606 release_object( winstation );
610 /* get/set information about a user object (window station or desktop) */
611 DECL_HANDLER(set_user_object_info)
613 struct object *obj;
615 if (!(obj = get_handle_obj( current->process, req->handle, 0, NULL ))) return;
617 if (obj->ops == &desktop_ops)
619 struct desktop *desktop = (struct desktop *)obj;
620 reply->is_desktop = 1;
621 reply->old_obj_flags = desktop->flags;
622 if (req->flags & SET_USER_OBJECT_FLAGS) desktop->flags = req->obj_flags;
624 else if (obj->ops == &winstation_ops)
626 struct winstation *winstation = (struct winstation *)obj;
627 reply->is_desktop = 0;
628 reply->old_obj_flags = winstation->flags;
629 if (req->flags & SET_USER_OBJECT_FLAGS) winstation->flags = req->obj_flags;
631 else
633 set_error( STATUS_OBJECT_TYPE_MISMATCH );
634 release_object( obj );
635 return;
637 if (get_reply_max_size()) set_reply_data_obj_name( obj );
638 release_object( obj );
642 /* enumerate window stations */
643 DECL_HANDLER(enum_winstation)
645 unsigned int index = 0;
646 struct winstation *winsta;
648 LIST_FOR_EACH_ENTRY( winsta, &winstation_list, struct winstation, entry )
650 unsigned int access = WINSTA_ENUMERATE;
651 if (req->index > index++) continue;
652 if (!check_object_access( &winsta->obj, &access )) continue;
653 set_reply_data_obj_name( &winsta->obj );
654 clear_error();
655 reply->next = index;
656 return;
658 set_error( STATUS_NO_MORE_ENTRIES );
662 /* enumerate desktops */
663 DECL_HANDLER(enum_desktop)
665 struct winstation *winstation;
666 struct desktop *desktop;
667 unsigned int index = 0;
669 if (!(winstation = (struct winstation *)get_handle_obj( current->process, req->winstation,
670 WINSTA_ENUMDESKTOPS, &winstation_ops )))
671 return;
673 LIST_FOR_EACH_ENTRY( desktop, &winstation->desktops, struct desktop, entry )
675 unsigned int access = DESKTOP_ENUMERATE;
676 if (req->index > index++) continue;
677 if (!desktop->obj.name) continue;
678 if (!check_object_access( &desktop->obj, &access )) continue;
679 set_reply_data_obj_name( &desktop->obj );
680 release_object( winstation );
681 clear_error();
682 reply->next = index;
683 return;
686 release_object( winstation );
687 set_error( STATUS_NO_MORE_ENTRIES );