search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Blink roll 25b6bd3a7a131ffe68d809546ad1a20707915cdc:3a503f41ae42e5b79cfcd2ff10e65afde...
[chromium-blink-merge.git] / remoting / host / win / elevated_controller.cc
blobcf84d0bb13cbbf28aa5b11ace0d3b00de053ed7b
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "remoting/host/win/elevated_controller.h"
6
7 #include "base/file_version_info.h"
8 #include "base/files/file_util.h"
9 #include "base/json/json_reader.h"
10 #include "base/json/json_writer.h"
11 #include "base/logging.h"
12 #include "base/memory/scoped_ptr.h"
13 #include "base/process/memory.h"
14 #include "base/strings/utf_string_conversions.h"
15 #include "base/values.h"
16 #include "base/win/scoped_handle.h"
17 #include "remoting/host/branding.h"
18 #include "remoting/host/host_config.h"
19 #include "remoting/host/usage_stats_consent.h"
20 #include "remoting/host/verify_config_window_win.h"
21 #include "remoting/host/win/core_resource.h"
22 #include "remoting/host/win/security_descriptor.h"
23
24 namespace remoting {
25
26 namespace {
27
28 // The maximum size of the configuration file. "1MB ought to be enough" for any
29 // reasonable configuration we will ever need. 1MB is low enough to make
30 // the probability of out of memory situation fairly low. OOM is still possible
31 // and we will crash if it occurs.
32 const size_t kMaxConfigFileSize = 1024 * 1024;
33
34 // The host configuration file name.
35 const base::FilePath::CharType kConfigFileName[] = FILE_PATH_LITERAL("host.json");
36
37 // The unprivileged configuration file name.
38 const base::FilePath::CharType kUnprivilegedConfigFileName[] =
39 FILE_PATH_LITERAL("host_unprivileged.json");
40
41 // The extension for the temporary file.
42 const base::FilePath::CharType kTempFileExtension[] = FILE_PATH_LITERAL("json~");
43
44 // The host configuration file security descriptor that enables full access to
45 // Local System and built-in administrators only.
46 const char kConfigFileSecurityDescriptor[] =
47 "O:BAG:BAD:(A;;GA;;;SY)(A;;GA;;;BA)";
48
49 const char kUnprivilegedConfigFileSecurityDescriptor[] =
50 "O:BAG:BAD:(A;;GA;;;SY)(A;;GA;;;BA)(A;;GR;;;AU)";
51
52 // Configuration keys.
53
54 // The configuration keys that cannot be specified in UpdateConfig().
55 const char* const kReadonlyKeys[] = {
56 kHostIdConfigPath, kHostOwnerConfigPath, kHostOwnerEmailConfigPath,
57 kXmppLoginConfigPath };
58
59 // The configuration keys whose values may be read by GetConfig().
60 const char* const kUnprivilegedConfigKeys[] = {
61 kHostIdConfigPath, kXmppLoginConfigPath };
62
63 // Determines if the client runs in the security context that allows performing
64 // administrative tasks (i.e. the user belongs to the adminstrators group and
65 // the client runs elevated).
66 bool IsClientAdmin() {
67 HRESULT hr = CoImpersonateClient();
68 if (FAILED(hr)) {
69 return false;
70 }
71
72 SID_IDENTIFIER_AUTHORITY nt_authority = SECURITY_NT_AUTHORITY;
73 PSID administrators_group = NULL;
74 BOOL result = AllocateAndInitializeSid(&nt_authority,
75 2,
76 SECURITY_BUILTIN_DOMAIN_RID,
77 DOMAIN_ALIAS_RID_ADMINS,
78 0, 0, 0, 0, 0, 0,
79 &administrators_group);
80 if (result) {
81 if (!CheckTokenMembership(NULL, administrators_group, &result)) {
82 result = false;
83 }
84 FreeSid(administrators_group);
85 }
86
87 hr = CoRevertToSelf();
88 CHECK(SUCCEEDED(hr));
89
90 return !!result;
91 }
92
93 // Reads and parses the configuration file up to |kMaxConfigFileSize| in
94 // size.
95 HRESULT ReadConfig(const base::FilePath& filename,
96 scoped_ptr<base::DictionaryValue>* config_out) {
97
98 // Read raw data from the configuration file.
99 base::win::ScopedHandle file(
100 CreateFileW(filename.value().c_str(),
101 GENERIC_READ,
102 FILE_SHARE_READ | FILE_SHARE_WRITE,
103 NULL,
104 OPEN_EXISTING,
105 FILE_FLAG_SEQUENTIAL_SCAN,
106 NULL));
107
108 if (!file.IsValid()) {
109 DWORD error = GetLastError();
110 PLOG(ERROR) << "Failed to open '" << filename.value() << "'";
111 return HRESULT_FROM_WIN32(error);
112 }
113
114 scoped_ptr<char[]> buffer(new char[kMaxConfigFileSize]);
115 DWORD size = kMaxConfigFileSize;
116 if (!::ReadFile(file.Get(), &buffer[0], size, &size, NULL)) {
117 DWORD error = GetLastError();
118 PLOG(ERROR) << "Failed to read '" << filename.value() << "'";
119 return HRESULT_FROM_WIN32(error);
120 }
121
122 // Parse the JSON configuration, expecting it to contain a dictionary.
123 std::string file_content(buffer.get(), size);
124 scoped_ptr<base::Value> value(
125 base::JSONReader::Read(file_content, base::JSON_ALLOW_TRAILING_COMMAS));
126
127 base::DictionaryValue* dictionary;
128 if (value.get() == NULL || !value->GetAsDictionary(&dictionary)) {
129 LOG(ERROR) << "Failed to read '" << filename.value() << "'.";
130 return E_FAIL;
131 }
132
133 value.release();
134 config_out->reset(dictionary);
135 return S_OK;
136 }
137
138 base::FilePath GetTempLocationFor(const base::FilePath& filename) {
139 return filename.ReplaceExtension(kTempFileExtension);
140 }
141
142 // Writes a config file to a temporary location.
143 HRESULT WriteConfigFileToTemp(const base::FilePath& filename,
144 const char* security_descriptor,
145 const char* content,
146 size_t length) {
147 // Create the security descriptor for the configuration file.
148 ScopedSd sd = ConvertSddlToSd(security_descriptor);
149 if (!sd) {
150 DWORD error = GetLastError();
151 PLOG(ERROR)
152 << "Failed to create a security descriptor for the configuration file";
153 return HRESULT_FROM_WIN32(error);
154 }
155
156 SECURITY_ATTRIBUTES security_attributes = {0};
157 security_attributes.nLength = sizeof(security_attributes);
158 security_attributes.lpSecurityDescriptor = sd.get();
159 security_attributes.bInheritHandle = FALSE;
160
161 // Create a temporary file and write configuration to it.
162 base::FilePath tempname = GetTempLocationFor(filename);
163 base::win::ScopedHandle file(
164 CreateFileW(tempname.value().c_str(),
165 GENERIC_WRITE,
166 0,
167 &security_attributes,
168 CREATE_ALWAYS,
169 FILE_FLAG_SEQUENTIAL_SCAN,
170 NULL));
171
172 if (!file.IsValid()) {
173 DWORD error = GetLastError();
174 PLOG(ERROR) << "Failed to create '" << filename.value() << "'";
175 return HRESULT_FROM_WIN32(error);
176 }
177
178 DWORD written;
179 if (!WriteFile(file.Get(), content, static_cast<DWORD>(length), &written,
180 NULL)) {
181 DWORD error = GetLastError();
182 PLOG(ERROR) << "Failed to write to '" << filename.value() << "'";
183 return HRESULT_FROM_WIN32(error);
184 }
185
186 return S_OK;
187 }
188
189 // Moves a config file from its temporary location to its permanent location.
190 HRESULT MoveConfigFileFromTemp(const base::FilePath& filename) {
191 // Now that the configuration is stored successfully replace the actual
192 // configuration file.
193 base::FilePath tempname = GetTempLocationFor(filename);
194 if (!MoveFileExW(tempname.value().c_str(),
195 filename.value().c_str(),
196 MOVEFILE_REPLACE_EXISTING)) {
197 DWORD error = GetLastError();
198 PLOG(ERROR) << "Failed to rename '" << tempname.value() << "' to '"
199 << filename.value() << "'";
200 return HRESULT_FROM_WIN32(error);
201 }
202
203 return S_OK;
204 }
205
206 // Writes the configuration file up to |kMaxConfigFileSize| in size.
207 HRESULT WriteConfig(const char* content, size_t length, HWND owner_window) {
208 if (length > kMaxConfigFileSize) {
209 return E_FAIL;
210 }
211
212 // Extract the configuration data that the user will verify.
213 scoped_ptr<base::Value> config_value(base::JSONReader::Read(content));
214 if (!config_value.get()) {
215 return E_FAIL;
216 }
217 base::DictionaryValue* config_dict = NULL;
218 if (!config_value->GetAsDictionary(&config_dict)) {
219 return E_FAIL;
220 }
221 std::string email;
222 if (!config_dict->GetString(kHostOwnerEmailConfigPath, &email)) {
223 if (!config_dict->GetString(kHostOwnerConfigPath, &email)) {
224 if (!config_dict->GetString(kXmppLoginConfigPath, &email)) {
225 return E_FAIL;
226 }
227 }
228 }
229 std::string host_id, host_secret_hash;
230 if (!config_dict->GetString(kHostIdConfigPath, &host_id) ||
231 !config_dict->GetString(kHostSecretHashConfigPath, &host_secret_hash)) {
232 return E_FAIL;
233 }
234
235 // Ask the user to verify the configuration (unless the client is admin
236 // already).
237 if (!IsClientAdmin()) {
238 remoting::VerifyConfigWindowWin verify_win(email, host_id,
239 host_secret_hash);
240 DWORD error = verify_win.DoModal(owner_window);
241 if (error != ERROR_SUCCESS) {
242 return HRESULT_FROM_WIN32(error);
243 }
244 }
245
246 // Extract the unprivileged fields from the configuration.
247 base::DictionaryValue unprivileged_config_dict;
248 for (int i = 0; i < arraysize(kUnprivilegedConfigKeys); ++i) {
249 const char* key = kUnprivilegedConfigKeys[i];
250 base::string16 value;
251 if (config_dict->GetString(key, &value)) {
252 unprivileged_config_dict.SetString(key, value);
253 }
254 }
255 std::string unprivileged_config_str;
256 base::JSONWriter::Write(&unprivileged_config_dict, &unprivileged_config_str);
257
258 // Write the full configuration file to a temporary location.
259 base::FilePath full_config_file_path =
260 remoting::GetConfigDir().Append(kConfigFileName);
261 HRESULT hr = WriteConfigFileToTemp(full_config_file_path,
262 kConfigFileSecurityDescriptor,
263 content,
264 length);
265 if (FAILED(hr)) {
266 return hr;
267 }
268
269 // Write the unprivileged configuration file to a temporary location.
270 base::FilePath unprivileged_config_file_path =
271 remoting::GetConfigDir().Append(kUnprivilegedConfigFileName);
272 hr = WriteConfigFileToTemp(unprivileged_config_file_path,
273 kUnprivilegedConfigFileSecurityDescriptor,
274 unprivileged_config_str.data(),
275 unprivileged_config_str.size());
276 if (FAILED(hr)) {
277 return hr;
278 }
279
280 // Move the full configuration file to its permanent location.
281 hr = MoveConfigFileFromTemp(full_config_file_path);
282 if (FAILED(hr)) {
283 return hr;
284 }
285
286 // Move the unprivileged configuration file to its permanent location.
287 hr = MoveConfigFileFromTemp(unprivileged_config_file_path);
288 if (FAILED(hr)) {
289 return hr;
290 }
291
292 return S_OK;
293 }
294
295 } // namespace
296
297 ElevatedController::ElevatedController() : owner_window_(NULL) {
298 }
299
300 HRESULT ElevatedController::FinalConstruct() {
301 return S_OK;
302 }
303
304 void ElevatedController::FinalRelease() {
305 }
306
307 STDMETHODIMP ElevatedController::GetConfig(BSTR* config_out) {
308 base::FilePath config_dir = remoting::GetConfigDir();
309
310 // Read the unprivileged part of host configuration.
311 scoped_ptr<base::DictionaryValue> config;
312 HRESULT hr = ReadConfig(config_dir.Append(kUnprivilegedConfigFileName),
313 &config);
314 if (FAILED(hr)) {
315 return hr;
316 }
317
318 // Convert the config back to a string and return it to the caller.
319 std::string file_content;
320 base::JSONWriter::Write(config.get(), &file_content);
321
322 *config_out = ::SysAllocString(base::UTF8ToUTF16(file_content).c_str());
323 if (config_out == NULL) {
324 return E_OUTOFMEMORY;
325 }
326
327 return S_OK;
328 }
329
330 STDMETHODIMP ElevatedController::GetVersion(BSTR* version_out) {
331 // Report the product version number of the daemon controller binary as
332 // the host version.
333 HMODULE binary = base::GetModuleFromAddress(
334 reinterpret_cast<void*>(&ReadConfig));
335 scoped_ptr<FileVersionInfo> version_info(
336 FileVersionInfo::CreateFileVersionInfoForModule(binary));
337
338 base::string16 version;
339 if (version_info.get()) {
340 version = version_info->product_version();
341 }
342
343 *version_out = ::SysAllocString(version.c_str());
344 if (version_out == NULL) {
345 return E_OUTOFMEMORY;
346 }
347
348 return S_OK;
349 }
350
351 STDMETHODIMP ElevatedController::SetConfig(BSTR config) {
352 // Determine the config directory path and create it if necessary.
353 base::FilePath config_dir = remoting::GetConfigDir();
354 if (!base::CreateDirectory(config_dir)) {
355 return HRESULT_FROM_WIN32(ERROR_ACCESS_DENIED);
356 }
357
358 std::string file_content = base::UTF16ToUTF8(
359 base::string16(static_cast<base::char16*>(config), ::SysStringLen(config)));
360
361 return WriteConfig(file_content.c_str(), file_content.size(), owner_window_);
362 }
363
364 STDMETHODIMP ElevatedController::SetOwnerWindow(LONG_PTR window_handle) {
365 owner_window_ = reinterpret_cast<HWND>(window_handle);
366 return S_OK;
367 }
368
369 STDMETHODIMP ElevatedController::StartDaemon() {
370 ScopedScHandle service;
371 HRESULT hr = OpenService(&service);
372 if (FAILED(hr)) {
373 return hr;
374 }
375
376 // Change the service start type to 'auto'.
377 if (!::ChangeServiceConfigW(service.Get(),
378 SERVICE_NO_CHANGE,
379 SERVICE_AUTO_START,
380 SERVICE_NO_CHANGE,
381 NULL,
382 NULL,
383 NULL,
384 NULL,
385 NULL,
386 NULL,
387 NULL)) {
388 DWORD error = GetLastError();
389 PLOG(ERROR) << "Failed to change the '" << kWindowsServiceName
390 << "'service start type to 'auto'";
391 return HRESULT_FROM_WIN32(error);
392 }
393
394 // Start the service.
395 if (!StartService(service.Get(), 0, NULL)) {
396 DWORD error = GetLastError();
397 if (error != ERROR_SERVICE_ALREADY_RUNNING) {
398 PLOG(ERROR) << "Failed to start the '" << kWindowsServiceName
399 << "'service";
400
401 return HRESULT_FROM_WIN32(error);
402 }
403 }
404
405 return S_OK;
406 }
407
408 STDMETHODIMP ElevatedController::StopDaemon() {
409 ScopedScHandle service;
410 HRESULT hr = OpenService(&service);
411 if (FAILED(hr)) {
412 return hr;
413 }
414
415 // Change the service start type to 'manual'.
416 if (!::ChangeServiceConfigW(service.Get(),
417 SERVICE_NO_CHANGE,
418 SERVICE_DEMAND_START,
419 SERVICE_NO_CHANGE,
420 NULL,
421 NULL,
422 NULL,
423 NULL,
424 NULL,
425 NULL,
426 NULL)) {
427 DWORD error = GetLastError();
428 PLOG(ERROR) << "Failed to change the '" << kWindowsServiceName
429 << "'service start type to 'manual'";
430 return HRESULT_FROM_WIN32(error);
431 }
432
433 // Stop the service.
434 SERVICE_STATUS status;
435 if (!ControlService(service.Get(), SERVICE_CONTROL_STOP, &status)) {
436 DWORD error = GetLastError();
437 if (error != ERROR_SERVICE_NOT_ACTIVE) {
438 PLOG(ERROR) << "Failed to stop the '" << kWindowsServiceName
439 << "'service";
440 return HRESULT_FROM_WIN32(error);
441 }
442 }
443
444 return S_OK;
445 }
446
447 STDMETHODIMP ElevatedController::UpdateConfig(BSTR config) {
448 // Parse the config.
449 std::string config_str = base::UTF16ToUTF8(
450 base::string16(static_cast<base::char16*>(config), ::SysStringLen(config)));
451 scoped_ptr<base::Value> config_value(base::JSONReader::Read(config_str));
452 if (!config_value.get()) {
453 return E_FAIL;
454 }
455 base::DictionaryValue* config_dict = NULL;
456 if (!config_value->GetAsDictionary(&config_dict)) {
457 return E_FAIL;
458 }
459 // Check for bad keys.
460 for (int i = 0; i < arraysize(kReadonlyKeys); ++i) {
461 if (config_dict->HasKey(kReadonlyKeys[i])) {
462 return HRESULT_FROM_WIN32(ERROR_ACCESS_DENIED);
463 }
464 }
465 // Get the old config.
466 base::FilePath config_dir = remoting::GetConfigDir();
467 scoped_ptr<base::DictionaryValue> config_old;
468 HRESULT hr = ReadConfig(config_dir.Append(kConfigFileName), &config_old);
469 if (FAILED(hr)) {
470 return hr;
471 }
472 // Merge items from the given config into the old config.
473 config_old->MergeDictionary(config_dict);
474 // Write the updated config.
475 std::string config_updated_str;
476 base::JSONWriter::Write(config_old.get(), &config_updated_str);
477 return WriteConfig(config_updated_str.c_str(), config_updated_str.size(),
478 owner_window_);
479 }
480
481 STDMETHODIMP ElevatedController::GetUsageStatsConsent(BOOL* allowed,
482 BOOL* set_by_policy) {
483 bool local_allowed;
484 bool local_set_by_policy;
485 if (remoting::GetUsageStatsConsent(&local_allowed, &local_set_by_policy)) {
486 *allowed = local_allowed;
487 *set_by_policy = local_set_by_policy;
488 return S_OK;
489 } else {
490 return E_FAIL;
491 }
492 }
493
494 STDMETHODIMP ElevatedController::SetUsageStatsConsent(BOOL allowed) {
495 if (remoting::SetUsageStatsConsent(!!allowed)) {
496 return S_OK;
497 } else {
498 return E_FAIL;
499 }
500 }
501
502 HRESULT ElevatedController::OpenService(ScopedScHandle* service_out) {
503 DWORD error;
504
505 ScopedScHandle scmanager(
506 ::OpenSCManagerW(NULL, SERVICES_ACTIVE_DATABASE,
507 SC_MANAGER_CONNECT | SC_MANAGER_ENUMERATE_SERVICE));
508 if (!scmanager.IsValid()) {
509 error = GetLastError();
510 PLOG(ERROR) << "Failed to connect to the service control manager";
511
512 return HRESULT_FROM_WIN32(error);
513 }
514
515 DWORD desired_access = SERVICE_CHANGE_CONFIG | SERVICE_QUERY_STATUS |
516 SERVICE_START | SERVICE_STOP;
517 ScopedScHandle service(
518 ::OpenServiceW(scmanager.Get(), kWindowsServiceName, desired_access));
519 if (!service.IsValid()) {
520 error = GetLastError();
521 PLOG(ERROR) << "Failed to open to the '" << kWindowsServiceName
522 << "' service";
523
524 return HRESULT_FROM_WIN32(error);
525 }
526
527 service_out->Set(service.Take());
528 return S_OK;
529 }
530
531 } // namespace remoting