diff options
author | weitaosu@chromium.org <weitaosu@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2014-02-07 20:51:12 +0000 |
---|---|---|
committer | weitaosu@chromium.org <weitaosu@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2014-02-07 20:51:12 +0000 |
commit | 4220a2d2220ae0b21edc8b4c8f56a95cdab1da0a (patch) | |
tree | 80ec2a812604de2ce972ec716b0c35e9766f0346 | |
parent | 87e3a9174661e3724249513e4a90be698af84557 (diff) | |
download | chromium_src-4220a2d2220ae0b21edc8b4c8f56a95cdab1da0a.zip chromium_src-4220a2d2220ae0b21edc8b4c8f56a95cdab1da0a.tar.gz chromium_src-4220a2d2220ae0b21edc8b4c8f56a95cdab1da0a.tar.bz2 |
Enabled pairing registry in the me2me host on Windows.
This CL is based on https://chromiumcodereview.appspot.com/23440071/.
TBR=jschuh@chromium.org
BUG=325567
Review URL: https://codereview.chromium.org/139803008
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@249772 0039d316-1c4b-4281-b951-d872f2087c98
-rw-r--r-- | remoting/host/chromoting_messages.h | 6 | ||||
-rw-r--r-- | remoting/host/daemon_process_win.cc | 102 | ||||
-rw-r--r-- | remoting/host/installer/win/chromoting.wxs | 21 | ||||
-rw-r--r-- | remoting/host/pairing_registry_delegate_win.cc | 3 | ||||
-rw-r--r-- | remoting/host/remoting_me2me_host.cc | 50 |
5 files changed, 179 insertions, 3 deletions
diff --git a/remoting/host/chromoting_messages.h b/remoting/host/chromoting_messages.h index e56b0f3..f83e308 100644 --- a/remoting/host/chromoting_messages.h +++ b/remoting/host/chromoting_messages.h @@ -38,6 +38,12 @@ IPC_MESSAGE_CONTROL3(ChromotingDaemonMsg_Crash, // Delivers the host configuration (and updates) to the network process. IPC_MESSAGE_CONTROL1(ChromotingDaemonNetworkMsg_Configuration, std::string) +// Initializes the pairing registry on Windows. The passed key handles are +// already duplicated by the sender. +IPC_MESSAGE_CONTROL2(ChromotingDaemonNetworkMsg_InitializePairingRegistry, + IPC::PlatformFileForTransit /* privileged_key */, + IPC::PlatformFileForTransit /* unprivileged_key */) + // Notifies the network process that the terminal |terminal_id| has been // disconnected from the desktop session. IPC_MESSAGE_CONTROL1(ChromotingDaemonNetworkMsg_TerminalDisconnected, diff --git a/remoting/host/daemon_process_win.cc b/remoting/host/daemon_process_win.cc index a365f3e..fa91cb6 100644 --- a/remoting/host/daemon_process_win.cc +++ b/remoting/host/daemon_process_win.cc @@ -16,6 +16,7 @@ #include "base/strings/utf_string_conversions.h" #include "base/time/time.h" #include "base/timer/timer.h" +#include "base/win/registry.h" #include "base/win/scoped_handle.h" #include "ipc/ipc_message.h" #include "ipc/ipc_message_macros.h" @@ -35,6 +36,31 @@ using base::win::ScopedHandle; using base::TimeDelta; +namespace { + +#if defined(OFFICIAL_BUILD) +const wchar_t kPairingRegistryKeyName[] = + L"SOFTWARE\\Google\\Chrome Remote Desktop\\paired-clients"; +#else +const wchar_t kPairingRegistryKeyName[] = + L"SOFTWARE\\Chromoting\\paired-clients"; +#endif + +const wchar_t kPrivilegedKeyName[] = L"secrets"; +const wchar_t kUnprivilegedKeyName[] = L"clients"; + +// Duplicates |key| into |target_process| and returns the value that can be sent +// over IPC. +IPC::PlatformFileForTransit GetRegistryKeyForTransit( + base::ProcessHandle target_process, + const base::win::RegKey& key) { + base::PlatformFile handle = + reinterpret_cast<base::PlatformFile>(key.Handle()); + return IPC::GetFileHandleForProcess(handle, target_process, false); +} + +} // namespace + namespace remoting { class WtsTerminalMonitor; @@ -75,12 +101,22 @@ class DaemonProcessWin : public DaemonProcess { // Changes the service start type to 'manual'. void DisableAutoStart(); + // Initializes the pairing registry on the host side by sending + // ChromotingDaemonNetworkMsg_InitializePairingRegistry message. + bool InitializePairingRegistry(); + + // Opens the pairing registry keys. + bool OpenPairingRegistry(); + private: scoped_ptr<WorkerProcessLauncher> network_launcher_; // Handle of the network process. ScopedHandle network_process_; + base::win::RegKey pairing_registry_privileged_key_; + base::win::RegKey pairing_registry_unprivileged_key_; + DISALLOW_COPY_AND_ASSIGN(DaemonProcessWin); }; @@ -102,6 +138,11 @@ void DaemonProcessWin::OnChannelConnected(int32 peer_pid) { return; } + if (!InitializePairingRegistry()) { + CrashNetworkProcess(FROM_HERE); + return; + } + DaemonProcess::OnChannelConnected(peer_pid); } @@ -240,4 +281,65 @@ void DaemonProcessWin::DisableAutoStart() { } } +bool DaemonProcessWin::InitializePairingRegistry() { + if (!pairing_registry_privileged_key_.Valid()) { + if (!OpenPairingRegistry()) + return false; + } + + // Duplicate handles to the network process. + IPC::PlatformFileForTransit privileged_key = GetRegistryKeyForTransit( + network_process_, pairing_registry_privileged_key_); + IPC::PlatformFileForTransit unprivileged_key = GetRegistryKeyForTransit( + network_process_, pairing_registry_unprivileged_key_); + if (!(privileged_key && unprivileged_key)) + return false; + + // Initialize the pairing registry in the network process. This has to be done + // before the host configuration is sent, otherwise the host will not use + // the passed handles. + SendToNetwork(new ChromotingDaemonNetworkMsg_InitializePairingRegistry( + privileged_key, unprivileged_key)); + return true; +} + +bool DaemonProcessWin::OpenPairingRegistry() { + DCHECK(!pairing_registry_privileged_key_.Valid()); + DCHECK(!pairing_registry_unprivileged_key_.Valid()); + + // Open the root of the pairing registry. + base::win::RegKey root; + LONG result = root.Open(HKEY_LOCAL_MACHINE, kPairingRegistryKeyName, + KEY_READ); + if (result != ERROR_SUCCESS) { + SetLastError(result); + PLOG(ERROR) << "Failed to open HKLM\\" << kPairingRegistryKeyName; + return false; + } + + base::win::RegKey privileged; + result = privileged.Open(root.Handle(), kPrivilegedKeyName, + KEY_READ | KEY_WRITE); + if (result != ERROR_SUCCESS) { + SetLastError(result); + PLOG(ERROR) << "Failed to open HKLM\\" << kPairingRegistryKeyName << "\\" + << kPrivilegedKeyName; + return false; + } + + base::win::RegKey unprivileged; + result = unprivileged.Open(root.Handle(), kUnprivilegedKeyName, + KEY_READ | KEY_WRITE); + if (result != ERROR_SUCCESS) { + SetLastError(result); + PLOG(ERROR) << "Failed to open HKLM\\" << kUnprivilegedKeyName << "\\" + << kUnprivilegedKeyName; + return false; + } + + pairing_registry_privileged_key_.Set(privileged.Take()); + pairing_registry_unprivileged_key_.Set(unprivileged.Take()); + return true; +} + } // namespace remoting diff --git a/remoting/host/installer/win/chromoting.wxs b/remoting/host/installer/win/chromoting.wxs index 4d25291..d2ac5e0 100644 --- a/remoting/host/installer/win/chromoting.wxs +++ b/remoting/host/installer/win/chromoting.wxs @@ -18,6 +18,12 @@ <?define Manufacturer = "The Chromium Authors" ?> <?endif?> + <?if $(var.OfficialBuild) != 0 ?> + <?define ChromotingKeyPath = "Google\Chrome Remote Desktop" ?> + <?else?> + <?define ChromotingKeyPath = "Chromoting" ?> + <?endif?> + <?define FirewallName = "$(var.ChromotingHost)" ?> <?define OmahaAppid = "{b210701e-ffc4-49e3-932b-370728c72662}" ?> @@ -473,6 +479,20 @@ </Component> + <!-- Creates the pairing registry store and protect it with an ACL. --> + <Component Id="remoting_pairing_registry" Guid="960bc7eb-a816-428b-90e8-ad13336955d5"> + <RegistryKey Root="HKLM" + Key="SOFTWARE\$(var.ChromotingKeyPath)\paired-clients" + Action="create"> + <RegistryKey Key="clients" Action="create"/> + <RegistryKey Key="secrets" Action="create"> + <!-- Gives full access to SYSTEM only. --> + <PermissionEx Sddl="O:SYG:SYD:(A;;GA;;;SY)"/> + </RegistryKey> + </RegistryKey> + <CreateFolder/> + </Component> + <!-- Register with Sawbuck. See http://code.google.com/p/sawbuck/. --> <Component Id="sawbuck_provider" Guid="*"> <RegistryKey Root="HKLM" @@ -577,6 +597,7 @@ <ComponentRef Id="remoting_desktop"/> <ComponentRef Id="remoting_host"/> <ComponentRef Id="remoting_lib"/> + <ComponentRef Id="remoting_pairing_registry"/> <ComponentRef Id="sas"/> <ComponentRef Id="sawbuck_provider"/> </Feature> diff --git a/remoting/host/pairing_registry_delegate_win.cc b/remoting/host/pairing_registry_delegate_win.cc index 7987f1c..1d7ad31 100644 --- a/remoting/host/pairing_registry_delegate_win.cc +++ b/remoting/host/pairing_registry_delegate_win.cc @@ -249,7 +249,8 @@ bool PairingRegistryDelegateWin::Delete(const std::string& client_id) { } scoped_ptr<PairingRegistry::Delegate> CreatePairingRegistryDelegate() { - return scoped_ptr<PairingRegistry::Delegate>(); + return scoped_ptr<PairingRegistry::Delegate>( + new PairingRegistryDelegateWin()); } } // namespace remoting diff --git a/remoting/host/remoting_me2me_host.cc b/remoting/host/remoting_me2me_host.cc index b4ab023..8b7475e 100644 --- a/remoting/host/remoting_me2me_host.cc +++ b/remoting/host/remoting_me2me_host.cc @@ -91,7 +91,9 @@ #if defined(OS_WIN) #include <commctrl.h> +#include "base/win/registry.h" #include "base/win/scoped_handle.h" +#include "remoting/host/pairing_registry_delegate_win.h" #include "remoting/host/win/session_desktop_environment.h" #endif // defined(OS_WIN) @@ -99,6 +101,10 @@ #include "ui/gfx/gtk_util.h" #endif // defined(TOOLKIT_GTK) +using remoting::protocol::PairingRegistry; + +namespace { + // This is used for tagging system event logs. const char kApplicationName[] = "chromoting"; @@ -116,6 +122,8 @@ const char kSignalParentSwitchName[] = "signal-parent"; // from stdin. const char kStdinConfigPath[] = "-"; +} // namespace + namespace remoting { class HostProcess @@ -143,6 +151,11 @@ class HostProcess // HostChangeNotificationListener::Listener overrides. virtual void OnHostDeleted() OVERRIDE; + // Initializes the pairing registry on Windows. + void OnInitializePairingRegistry( + IPC::PlatformFileForTransit privileged_key, + IPC::PlatformFileForTransit unprivileged_key); + private: enum HostState { // Host process has just been started. Waiting for config and policies to be @@ -293,6 +306,8 @@ class HostProcess int* exit_code_out_; bool signal_parent_; + + scoped_ptr<PairingRegistry::Delegate> pairing_registry_delegate_; }; HostProcess::HostProcess(scoped_ptr<ChromotingHostContext> context, @@ -508,9 +523,15 @@ void HostProcess::CreateAuthenticatorFactory() { return; } - scoped_refptr<protocol::PairingRegistry> pairing_registry = NULL; + scoped_refptr<PairingRegistry> pairing_registry = NULL; if (allow_pairing_) { - pairing_registry = CreatePairingRegistry(context_->file_task_runner()); + if (!pairing_registry_delegate_) + pairing_registry_delegate_ = CreatePairingRegistryDelegate(); + + if (pairing_registry_delegate_) { + pairing_registry = new PairingRegistry(context_->file_task_runner(), + pairing_registry_delegate_.Pass()); + } } scoped_ptr<protocol::AuthenticatorFactory> factory; @@ -560,6 +581,8 @@ bool HostProcess::OnMessageReceived(const IPC::Message& message) { IPC_MESSAGE_HANDLER(ChromotingDaemonMsg_Crash, OnCrash) IPC_MESSAGE_HANDLER(ChromotingDaemonNetworkMsg_Configuration, OnConfigUpdated) + IPC_MESSAGE_HANDLER(ChromotingDaemonNetworkMsg_InitializePairingRegistry, + OnInitializePairingRegistry) IPC_MESSAGE_FORWARD( ChromotingDaemonNetworkMsg_DesktopAttached, desktop_session_connector_, @@ -676,6 +699,29 @@ void HostProcess::OnHostDeleted() { ShutdownHost(kInvalidHostIdExitCode); } +void HostProcess::OnInitializePairingRegistry( + IPC::PlatformFileForTransit privileged_key, + IPC::PlatformFileForTransit unprivileged_key) { + DCHECK(!pairing_registry_delegate_); + +#if defined(OS_WIN) + // Initialize the pairing registry delegate. + scoped_ptr<PairingRegistryDelegateWin> delegate( + new PairingRegistryDelegateWin()); + bool result = delegate->SetRootKeys( + reinterpret_cast<HKEY>( + IPC::PlatformFileForTransitToPlatformFile(privileged_key)), + reinterpret_cast<HKEY>( + IPC::PlatformFileForTransitToPlatformFile(unprivileged_key))); + if (!result) + return; + + pairing_registry_delegate_ = delegate.PassAs<PairingRegistry::Delegate>(); +#else // !defined(OS_WIN) + NOTREACHED(); +#endif // !defined(OS_WIN) +} + // Applies the host config, returning true if successful. bool HostProcess::ApplyConfig(scoped_ptr<JsonHostConfig> config) { DCHECK(context_->network_task_runner()->BelongsToCurrentThread()); |