Enabled pairing registry in the me2me host on Windows.

This CL is based on https://chromiumcodereview.appspot.com/23440071/.

TBR=jschuh@chromium.org

BUG=325567

Review URL: https://codereview.chromium.org/139803008

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@249772 0039d316-1c4b-4281-b951-d872f2087c98

5 files changed, 179 insertions, 3 deletions

diff --git a/remoting/host/chromoting_messages.h b/remoting/host/chromoting_messages.h
index e56b0f3..f83e308 100644
--- a/remoting/host/chromoting_messages.h
+++ b/remoting/host/chromoting_messages.h
@@ -38,6 +38,12 @@ IPC_MESSAGE_CONTROL3(ChromotingDaemonMsg_Crash,
 // Delivers the host configuration (and updates) to the network process.
 IPC_MESSAGE_CONTROL1(ChromotingDaemonNetworkMsg_Configuration, std::string)
 
+// Initializes the pairing registry on Windows. The passed key handles are
+// already duplicated by the sender.
+IPC_MESSAGE_CONTROL2(ChromotingDaemonNetworkMsg_InitializePairingRegistry,
+                     IPC::PlatformFileForTransit /* privileged_key */,
+                     IPC::PlatformFileForTransit /* unprivileged_key */)
+
 // Notifies the network process that the terminal |terminal_id| has been
 // disconnected from the desktop session.
 IPC_MESSAGE_CONTROL1(ChromotingDaemonNetworkMsg_TerminalDisconnected,
diff --git a/remoting/host/daemon_process_win.cc b/remoting/host/daemon_process_win.cc
index a365f3e..fa91cb6 100644
--- a/remoting/host/daemon_process_win.cc
+++ b/remoting/host/daemon_process_win.cc
@@ -16,6 +16,7 @@
 #include "base/strings/utf_string_conversions.h"
 #include "base/time/time.h"
 #include "base/timer/timer.h"
+#include "base/win/registry.h"
 #include "base/win/scoped_handle.h"
 #include "ipc/ipc_message.h"
 #include "ipc/ipc_message_macros.h"
@@ -35,6 +36,31 @@
 using base::win::ScopedHandle;
 using base::TimeDelta;
 
+namespace {
+
+#if defined(OFFICIAL_BUILD)
+const wchar_t kPairingRegistryKeyName[] =
+    L"SOFTWARE\\Google\\Chrome Remote Desktop\\paired-clients";
+#else
+const wchar_t kPairingRegistryKeyName[] =
+    L"SOFTWARE\\Chromoting\\paired-clients";
+#endif
+
+const wchar_t kPrivilegedKeyName[] = L"secrets";
+const wchar_t kUnprivilegedKeyName[] = L"clients";
+
+// Duplicates |key| into |target_process| and returns the value that can be sent
+// over IPC.
+IPC::PlatformFileForTransit GetRegistryKeyForTransit(
+    base::ProcessHandle target_process,
+    const base::win::RegKey& key) {
+  base::PlatformFile handle =
+      reinterpret_cast<base::PlatformFile>(key.Handle());
+  return IPC::GetFileHandleForProcess(handle, target_process, false);
+}
+
+}  // namespace
+
 namespace remoting {
 
 class WtsTerminalMonitor;
@@ -75,12 +101,22 @@ class DaemonProcessWin : public DaemonProcess {
   // Changes the service start type to 'manual'.
   void DisableAutoStart();
 
+  // Initializes the pairing registry on the host side by sending
+  // ChromotingDaemonNetworkMsg_InitializePairingRegistry message.
+  bool InitializePairingRegistry();
+
+  // Opens the pairing registry keys.
+  bool OpenPairingRegistry();
+
  private:
   scoped_ptr<WorkerProcessLauncher> network_launcher_;
 
   // Handle of the network process.
   ScopedHandle network_process_;
 
+  base::win::RegKey pairing_registry_privileged_key_;
+  base::win::RegKey pairing_registry_unprivileged_key_;
+
   DISALLOW_COPY_AND_ASSIGN(DaemonProcessWin);
 };
 
@@ -102,6 +138,11 @@ void DaemonProcessWin::OnChannelConnected(int32 peer_pid) {
     return;
   }
 
+  if (!InitializePairingRegistry()) {
+    CrashNetworkProcess(FROM_HERE);
+    return;
+  }
+
   DaemonProcess::OnChannelConnected(peer_pid);
 }
 
@@ -240,4 +281,65 @@ void DaemonProcessWin::DisableAutoStart() {
   }
 }
 
+bool DaemonProcessWin::InitializePairingRegistry() {
+  if (!pairing_registry_privileged_key_.Valid()) {
+    if (!OpenPairingRegistry())
+      return false;
+  }
+
+  // Duplicate handles to the network process.
+  IPC::PlatformFileForTransit privileged_key = GetRegistryKeyForTransit(
+      network_process_, pairing_registry_privileged_key_);
+  IPC::PlatformFileForTransit unprivileged_key = GetRegistryKeyForTransit(
+      network_process_, pairing_registry_unprivileged_key_);
+  if (!(privileged_key && unprivileged_key))
+    return false;
+
+  // Initialize the pairing registry in the network process. This has to be done
+  // before the host configuration is sent, otherwise the host will not use
+  // the passed handles.
+  SendToNetwork(new ChromotingDaemonNetworkMsg_InitializePairingRegistry(
+      privileged_key, unprivileged_key));
+  return true;
+}
+
+bool DaemonProcessWin::OpenPairingRegistry() {
+  DCHECK(!pairing_registry_privileged_key_.Valid());
+  DCHECK(!pairing_registry_unprivileged_key_.Valid());
+
+  // Open the root of the pairing registry.
+  base::win::RegKey root;
+  LONG result = root.Open(HKEY_LOCAL_MACHINE, kPairingRegistryKeyName,
+                          KEY_READ);
+  if (result != ERROR_SUCCESS) {
+    SetLastError(result);
+    PLOG(ERROR) << "Failed to open HKLM\\" << kPairingRegistryKeyName;
+    return false;
+  }
+
+  base::win::RegKey privileged;
+  result = privileged.Open(root.Handle(), kPrivilegedKeyName,
+                           KEY_READ | KEY_WRITE);
+  if (result != ERROR_SUCCESS) {
+    SetLastError(result);
+    PLOG(ERROR) << "Failed to open HKLM\\" << kPairingRegistryKeyName << "\\"
+                << kPrivilegedKeyName;
+    return false;
+  }
+
+  base::win::RegKey unprivileged;
+  result = unprivileged.Open(root.Handle(), kUnprivilegedKeyName,
+                             KEY_READ | KEY_WRITE);
+  if (result != ERROR_SUCCESS) {
+    SetLastError(result);
+    PLOG(ERROR) << "Failed to open HKLM\\" << kUnprivilegedKeyName << "\\"
+                << kUnprivilegedKeyName;
+    return false;
+  }
+
+  pairing_registry_privileged_key_.Set(privileged.Take());
+  pairing_registry_unprivileged_key_.Set(unprivileged.Take());
+  return true;
+}
+
 }  // namespace remoting
diff --git a/remoting/host/installer/win/chromoting.wxs b/remoting/host/installer/win/chromoting.wxs
index 4d25291..d2ac5e0 100644
--- a/remoting/host/installer/win/chromoting.wxs
+++ b/remoting/host/installer/win/chromoting.wxs
@@ -18,6 +18,12 @@
     <?define Manufacturer = "The Chromium Authors" ?>
   <?endif?>
 
+  <?if $(var.OfficialBuild) != 0 ?>
+    <?define ChromotingKeyPath = "Google\Chrome Remote Desktop" ?>
+  <?else?>
+    <?define ChromotingKeyPath = "Chromoting" ?>
+  <?endif?>
+
   <?define FirewallName = "$(var.ChromotingHost)" ?>
 
   <?define OmahaAppid = "{b210701e-ffc4-49e3-932b-370728c72662}" ?>
@@ -473,6 +479,20 @@
 
       </Component>
 
+      <!-- Creates the pairing registry store and protect it with an ACL. -->
+      <Component Id="remoting_pairing_registry" Guid="960bc7eb-a816-428b-90e8-ad13336955d5">
+        <RegistryKey Root="HKLM"
+                     Key="SOFTWARE\$(var.ChromotingKeyPath)\paired-clients"
+                     Action="create">
+          <RegistryKey Key="clients" Action="create"/>
+          <RegistryKey Key="secrets" Action="create">
+            <!-- Gives full access to SYSTEM only. -->
+            <PermissionEx Sddl="O:SYG:SYD:(A;;GA;;;SY)"/>
+          </RegistryKey>
+        </RegistryKey>
+        <CreateFolder/>
+      </Component>
+
       <!-- Register with Sawbuck. See http://code.google.com/p/sawbuck/. -->
       <Component Id="sawbuck_provider" Guid="*">
         <RegistryKey Root="HKLM"
@@ -577,6 +597,7 @@
       <ComponentRef Id="remoting_desktop"/>
       <ComponentRef Id="remoting_host"/>
       <ComponentRef Id="remoting_lib"/>
+      <ComponentRef Id="remoting_pairing_registry"/>
       <ComponentRef Id="sas"/>
       <ComponentRef Id="sawbuck_provider"/>
     </Feature>
diff --git a/remoting/host/pairing_registry_delegate_win.cc b/remoting/host/pairing_registry_delegate_win.cc
index 7987f1c..1d7ad31 100644
--- a/remoting/host/pairing_registry_delegate_win.cc
+++ b/remoting/host/pairing_registry_delegate_win.cc
@@ -249,7 +249,8 @@ bool PairingRegistryDelegateWin::Delete(const std::string& client_id) {
 }
 
 scoped_ptr<PairingRegistry::Delegate> CreatePairingRegistryDelegate() {
-  return scoped_ptr<PairingRegistry::Delegate>();
+  return scoped_ptr<PairingRegistry::Delegate>(
+      new PairingRegistryDelegateWin());
 }
 
 }  // namespace remoting
diff --git a/remoting/host/remoting_me2me_host.cc b/remoting/host/remoting_me2me_host.cc
index b4ab023..8b7475e 100644
--- a/remoting/host/remoting_me2me_host.cc
+++ b/remoting/host/remoting_me2me_host.cc
@@ -91,7 +91,9 @@
 
 #if defined(OS_WIN)
 #include <commctrl.h>
+#include "base/win/registry.h"
 #include "base/win/scoped_handle.h"
+#include "remoting/host/pairing_registry_delegate_win.h"
 #include "remoting/host/win/session_desktop_environment.h"
 #endif  // defined(OS_WIN)
 
@@ -99,6 +101,10 @@
 #include "ui/gfx/gtk_util.h"
 #endif  // defined(TOOLKIT_GTK)
 
+using remoting::protocol::PairingRegistry;
+
+namespace {
+
 // This is used for tagging system event logs.
 const char kApplicationName[] = "chromoting";
 
@@ -116,6 +122,8 @@ const char kSignalParentSwitchName[] = "signal-parent";
 // from stdin.
 const char kStdinConfigPath[] = "-";
 
+}  // namespace
+
 namespace remoting {
 
 class HostProcess
@@ -143,6 +151,11 @@ class HostProcess
   // HostChangeNotificationListener::Listener overrides.
   virtual void OnHostDeleted() OVERRIDE;
 
+  // Initializes the pairing registry on Windows.
+  void OnInitializePairingRegistry(
+      IPC::PlatformFileForTransit privileged_key,
+      IPC::PlatformFileForTransit unprivileged_key);
+
  private:
   enum HostState {
     // Host process has just been started. Waiting for config and policies to be
@@ -293,6 +306,8 @@ class HostProcess
 
   int* exit_code_out_;
   bool signal_parent_;
+
+  scoped_ptr<PairingRegistry::Delegate> pairing_registry_delegate_;
 };
 
 HostProcess::HostProcess(scoped_ptr<ChromotingHostContext> context,
@@ -508,9 +523,15 @@ void HostProcess::CreateAuthenticatorFactory() {
     return;
   }
 
-  scoped_refptr<protocol::PairingRegistry> pairing_registry = NULL;
+  scoped_refptr<PairingRegistry> pairing_registry = NULL;
   if (allow_pairing_) {
-    pairing_registry = CreatePairingRegistry(context_->file_task_runner());
+    if (!pairing_registry_delegate_)
+      pairing_registry_delegate_ = CreatePairingRegistryDelegate();
+
+    if (pairing_registry_delegate_) {
+      pairing_registry = new PairingRegistry(context_->file_task_runner(),
+                                             pairing_registry_delegate_.Pass());
+    }
   }
 
   scoped_ptr<protocol::AuthenticatorFactory> factory;
@@ -560,6 +581,8 @@ bool HostProcess::OnMessageReceived(const IPC::Message& message) {
     IPC_MESSAGE_HANDLER(ChromotingDaemonMsg_Crash, OnCrash)
     IPC_MESSAGE_HANDLER(ChromotingDaemonNetworkMsg_Configuration,
                         OnConfigUpdated)
+    IPC_MESSAGE_HANDLER(ChromotingDaemonNetworkMsg_InitializePairingRegistry,
+                        OnInitializePairingRegistry)
     IPC_MESSAGE_FORWARD(
         ChromotingDaemonNetworkMsg_DesktopAttached,
         desktop_session_connector_,
@@ -676,6 +699,29 @@ void HostProcess::OnHostDeleted() {
   ShutdownHost(kInvalidHostIdExitCode);
 }
 
+void HostProcess::OnInitializePairingRegistry(
+    IPC::PlatformFileForTransit privileged_key,
+    IPC::PlatformFileForTransit unprivileged_key) {
+  DCHECK(!pairing_registry_delegate_);
+
+#if defined(OS_WIN)
+  // Initialize the pairing registry delegate.
+  scoped_ptr<PairingRegistryDelegateWin> delegate(
+      new PairingRegistryDelegateWin());
+  bool result = delegate->SetRootKeys(
+      reinterpret_cast<HKEY>(
+          IPC::PlatformFileForTransitToPlatformFile(privileged_key)),
+      reinterpret_cast<HKEY>(
+          IPC::PlatformFileForTransitToPlatformFile(unprivileged_key)));
+  if (!result)
+    return;
+
+  pairing_registry_delegate_ = delegate.PassAs<PairingRegistry::Delegate>();
+#else  // !defined(OS_WIN)
+  NOTREACHED();
+#endif  // !defined(OS_WIN)
+}
+
 // Applies the host config, returning true if successful.
 bool HostProcess::ApplyConfig(scoped_ptr<JsonHostConfig> config) {
   DCHECK(context_->network_task_runner()->BelongsToCurrentThread());