1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 //
5 // This file implements the Windows service controlling Me2Me host processes
6 // running within user sessions.
7
8 #include "remoting/host/win/host_service.h"
9
10 #include <sddl.h>
11 #include <windows.h>
12 #include <wtsapi32.h>
13
14 #include "base/base_paths.h"
15 #include "base/base_switches.h"
16 #include "base/bind.h"
17 #include "base/command_line.h"
18 #include "base/files/file_path.h"
19 #include "base/message_loop/message_loop.h"
20 #include "base/run_loop.h"
21 #include "base/single_thread_task_runner.h"
22 #include "base/strings/utf_string_conversions.h"
23 #include "base/threading/thread.h"
24 #include "base/win/message_window.h"
25 #include "base/win/scoped_com_initializer.h"
26 #include "remoting/base/auto_thread.h"
27 #include "remoting/base/scoped_sc_handle_win.h"
28 #include "remoting/host/branding.h"
29 #include "remoting/host/daemon_process.h"
30 #include "remoting/host/host_exit_codes.h"
31 #include "remoting/host/logging.h"
32 #include "remoting/host/win/com_security.h"
33 #include "remoting/host/win/core_resource.h"
34 #include "remoting/host/win/wts_terminal_observer.h"
35
36 namespace remoting {
37
38 namespace {
39
40 const char kIoThreadName[] = "I/O thread";
41
42 // Command line switches:
43
44 // "--console" runs the service interactively for debugging purposes.
45 const char kConsoleSwitchName[] = "console";
46
47 // Security descriptor allowing local processes running under SYSTEM or
48 // LocalService accounts to call COM methods exposed by the daemon.
49 const wchar_t kComProcessSd[] =
50 SDDL_OWNER L":" SDDL_LOCAL_SYSTEM
51 SDDL_GROUP L":" SDDL_LOCAL_SYSTEM
52 SDDL_DACL L":"
53 SDDL_ACE(SDDL_ACCESS_ALLOWED, SDDL_COM_EXECUTE_LOCAL, SDDL_LOCAL_SYSTEM)
54 SDDL_ACE(SDDL_ACCESS_ALLOWED, SDDL_COM_EXECUTE_LOCAL, SDDL_LOCAL_SERVICE);
55
56 // Appended to |kComProcessSd| to specify that only callers running at medium or
57 // higher integrity level are allowed to call COM methods exposed by the daemon.
58 const wchar_t kComProcessMandatoryLabel[] =
59 SDDL_SACL L":"
60 SDDL_ACE(SDDL_MANDATORY_LABEL, SDDL_NO_EXECUTE_UP, SDDL_ML_MEDIUM);
61
62 } // namespace
63
GetInstance()64 HostService* HostService::GetInstance() {
65 return Singleton<HostService>::get();
66 }
67
InitWithCommandLine(const CommandLine * command_line)68 bool HostService::InitWithCommandLine(const CommandLine* command_line) {
69 CommandLine::StringVector args = command_line->GetArgs();
70 if (!args.empty()) {
71 LOG(ERROR) << "No positional parameters expected.";
72 return false;
73 }
74
75 // Run interactively if needed.
76 if (run_routine_ == &HostService::RunAsService &&
77 command_line->HasSwitch(kConsoleSwitchName)) {
78 run_routine_ = &HostService::RunInConsole;
79 }
80
81 return true;
82 }
83
Run()84 int HostService::Run() {
85 return (this->*run_routine_)();
86 }
87
AddWtsTerminalObserver(const std::string & terminal_id,WtsTerminalObserver * observer)88 bool HostService::AddWtsTerminalObserver(const std::string& terminal_id,
89 WtsTerminalObserver* observer) {
90 DCHECK(main_task_runner_->BelongsToCurrentThread());
91
92 RegisteredObserver registered_observer;
93 registered_observer.terminal_id = terminal_id;
94 registered_observer.session_id = kInvalidSessionId;
95 registered_observer.observer = observer;
96
97 bool session_id_found = false;
98 std::list<RegisteredObserver>::const_iterator i;
99 for (i = observers_.begin(); i != observers_.end(); ++i) {
100 // Get the attached session ID from another observer watching the same WTS
101 // console if any.
102 if (i->terminal_id == terminal_id) {
103 registered_observer.session_id = i->session_id;
104 session_id_found = true;
105 }
106
107 // Check that |observer| hasn't been registered already.
108 if (i->observer == observer)
109 return false;
110 }
111
112 // If |terminal_id| is new, enumerate all sessions to see if there is one
113 // attached to |terminal_id|.
114 if (!session_id_found)
115 registered_observer.session_id = LookupSessionId(terminal_id);
116
117 observers_.push_back(registered_observer);
118
119 if (registered_observer.session_id != kInvalidSessionId) {
120 observer->OnSessionAttached(registered_observer.session_id);
121 }
122
123 return true;
124 }
125
RemoveWtsTerminalObserver(WtsTerminalObserver * observer)126 void HostService::RemoveWtsTerminalObserver(WtsTerminalObserver* observer) {
127 DCHECK(main_task_runner_->BelongsToCurrentThread());
128
129 std::list<RegisteredObserver>::const_iterator i;
130 for (i = observers_.begin(); i != observers_.end(); ++i) {
131 if (i->observer == observer) {
132 observers_.erase(i);
133 return;
134 }
135 }
136 }
137
HostService()138 HostService::HostService() :
139 run_routine_(&HostService::RunAsService),
140 service_status_handle_(0),
141 stopped_event_(true, false),
142 weak_factory_(this) {
143 }
144
~HostService()145 HostService::~HostService() {
146 }
147
OnSessionChange(uint32 event,uint32 session_id)148 void HostService::OnSessionChange(uint32 event, uint32 session_id) {
149 DCHECK(main_task_runner_->BelongsToCurrentThread());
150 DCHECK_NE(session_id, kInvalidSessionId);
151
152 // Process only attach/detach notifications.
153 if (event != WTS_CONSOLE_CONNECT && event != WTS_CONSOLE_DISCONNECT &&
154 event != WTS_REMOTE_CONNECT && event != WTS_REMOTE_DISCONNECT) {
155 return;
156 }
157
158 // Assuming that notification can arrive later query the current state of
159 // |session_id|.
160 std::string terminal_id;
161 bool attached = LookupTerminalId(session_id, &terminal_id);
162
163 std::list<RegisteredObserver>::iterator i = observers_.begin();
164 while (i != observers_.end()) {
165 std::list<RegisteredObserver>::iterator next = i;
166 ++next;
167
168 // Issue a detach notification if the session was detached from a client or
169 // if it is now attached to a different client.
170 if (i->session_id == session_id &&
171 (!attached || !(i->terminal_id == terminal_id))) {
172 i->session_id = kInvalidSessionId;
173 i->observer->OnSessionDetached();
174 i = next;
175 continue;
176 }
177
178 // The client currently attached to |session_id| was attached to a different
179 // session before. Reconnect it to |session_id|.
180 if (attached && i->terminal_id == terminal_id &&
181 i->session_id != session_id) {
182 WtsTerminalObserver* observer = i->observer;
183
184 if (i->session_id != kInvalidSessionId) {
185 i->session_id = kInvalidSessionId;
186 i->observer->OnSessionDetached();
187 }
188
189 // Verify that OnSessionDetached() above didn't remove |observer|
190 // from the list.
191 std::list<RegisteredObserver>::iterator j = next;
192 --j;
193 if (j->observer == observer) {
194 j->session_id = session_id;
195 observer->OnSessionAttached(session_id);
196 }
197 }
198
199 i = next;
200 }
201 }
202
CreateLauncher(scoped_refptr<AutoThreadTaskRunner> task_runner)203 void HostService::CreateLauncher(
204 scoped_refptr<AutoThreadTaskRunner> task_runner) {
205 // Launch the I/O thread.
206 scoped_refptr<AutoThreadTaskRunner> io_task_runner =
207 AutoThread::CreateWithType(
208 kIoThreadName, task_runner, base::MessageLoop::TYPE_IO);
209 if (!io_task_runner) {
210 LOG(FATAL) << "Failed to start the I/O thread";
211 return;
212 }
213
214 daemon_process_ = DaemonProcess::Create(
215 task_runner,
216 io_task_runner,
217 base::Bind(&HostService::StopDaemonProcess, weak_ptr_));
218 }
219
RunAsService()220 int HostService::RunAsService() {
221 SERVICE_TABLE_ENTRYW dispatch_table[] = {
222 { const_cast<LPWSTR>(kWindowsServiceName), &HostService::ServiceMain },
223 { NULL, NULL }
224 };
225
226 if (!StartServiceCtrlDispatcherW(dispatch_table)) {
227 LOG_GETLASTERROR(ERROR)
228 << "Failed to connect to the service control manager";
229 return kInitializationFailed;
230 }
231
232 // Wait until the service thread completely exited to avoid concurrent
233 // teardown of objects registered with base::AtExitManager and object
234 // destoyed by the service thread.
235 stopped_event_.Wait();
236
237 return kSuccessExitCode;
238 }
239
RunAsServiceImpl()240 void HostService::RunAsServiceImpl() {
241 base::MessageLoop message_loop(base::MessageLoop::TYPE_UI);
242 base::RunLoop run_loop;
243 main_task_runner_ = message_loop.message_loop_proxy();
244 weak_ptr_ = weak_factory_.GetWeakPtr();
245
246 // Register the service control handler.
247 service_status_handle_ = RegisterServiceCtrlHandlerExW(
248 kWindowsServiceName, &HostService::ServiceControlHandler, this);
249 if (service_status_handle_ == 0) {
250 LOG_GETLASTERROR(ERROR)
251 << "Failed to register the service control handler";
252 return;
253 }
254
255 // Report running status of the service.
256 SERVICE_STATUS service_status;
257 ZeroMemory(&service_status, sizeof(service_status));
258 service_status.dwServiceType = SERVICE_WIN32_OWN_PROCESS;
259 service_status.dwCurrentState = SERVICE_RUNNING;
260 service_status.dwControlsAccepted = SERVICE_ACCEPT_SHUTDOWN |
261 SERVICE_ACCEPT_STOP |
262 SERVICE_ACCEPT_SESSIONCHANGE;
263 service_status.dwWin32ExitCode = kSuccessExitCode;
264 if (!SetServiceStatus(service_status_handle_, &service_status)) {
265 LOG_GETLASTERROR(ERROR)
266 << "Failed to report service status to the service control manager";
267 return;
268 }
269
270 // Initialize COM.
271 base::win::ScopedCOMInitializer com_initializer;
272 if (!com_initializer.succeeded())
273 return;
274
275 if (!InitializeComSecurity(WideToUTF8(kComProcessSd),
276 WideToUTF8(kComProcessMandatoryLabel), false)) {
277 return;
278 }
279
280 CreateLauncher(scoped_refptr<AutoThreadTaskRunner>(
281 new AutoThreadTaskRunner(main_task_runner_,
282 run_loop.QuitClosure())));
283
284 // Run the service.
285 run_loop.Run();
286 weak_factory_.InvalidateWeakPtrs();
287
288 // Tell SCM that the service is stopped.
289 service_status.dwCurrentState = SERVICE_STOPPED;
290 service_status.dwControlsAccepted = 0;
291 if (!SetServiceStatus(service_status_handle_, &service_status)) {
292 LOG_GETLASTERROR(ERROR)
293 << "Failed to report service status to the service control manager";
294 return;
295 }
296 }
297
RunInConsole()298 int HostService::RunInConsole() {
299 base::MessageLoop message_loop(base::MessageLoop::TYPE_UI);
300 base::RunLoop run_loop;
301 main_task_runner_ = message_loop.message_loop_proxy();
302 weak_ptr_ = weak_factory_.GetWeakPtr();
303
304 int result = kInitializationFailed;
305
306 // Initialize COM.
307 base::win::ScopedCOMInitializer com_initializer;
308 if (!com_initializer.succeeded())
309 return result;
310
311 if (!InitializeComSecurity(WideToUTF8(kComProcessSd),
312 WideToUTF8(kComProcessMandatoryLabel), false)) {
313 return result;
314 }
315
316 // Subscribe to Ctrl-C and other console events.
317 if (!SetConsoleCtrlHandler(&HostService::ConsoleControlHandler, TRUE)) {
318 LOG_GETLASTERROR(ERROR)
319 << "Failed to set console control handler";
320 return result;
321 }
322
323 // Create a window for receiving session change notifications.
324 base::win::MessageWindow window;
325 if (!window.Create(base::Bind(&HostService::HandleMessage,
326 base::Unretained(this)))) {
327 LOG_GETLASTERROR(ERROR)
328 << "Failed to create the session notification window";
329 goto cleanup;
330 }
331
332 // Subscribe to session change notifications.
333 if (WTSRegisterSessionNotification(window.hwnd(),
334 NOTIFY_FOR_ALL_SESSIONS) != FALSE) {
335 CreateLauncher(scoped_refptr<AutoThreadTaskRunner>(
336 new AutoThreadTaskRunner(main_task_runner_,
337 run_loop.QuitClosure())));
338
339 // Run the service.
340 run_loop.Run();
341
342 // Release the control handler.
343 stopped_event_.Signal();
344
345 WTSUnRegisterSessionNotification(window.hwnd());
346 result = kSuccessExitCode;
347 }
348
349 cleanup:
350 weak_factory_.InvalidateWeakPtrs();
351
352 // Unsubscribe from console events. Ignore the exit code. There is nothing
353 // we can do about it now and the program is about to exit anyway. Even if
354 // it crashes nothing is going to be broken because of it.
355 SetConsoleCtrlHandler(&HostService::ConsoleControlHandler, FALSE);
356
357 return result;
358 }
359
StopDaemonProcess()360 void HostService::StopDaemonProcess() {
361 DCHECK(main_task_runner_->BelongsToCurrentThread());
362
363 daemon_process_.reset();
364 }
365
HandleMessage(UINT message,WPARAM wparam,LPARAM lparam,LRESULT * result)366 bool HostService::HandleMessage(
367 UINT message, WPARAM wparam, LPARAM lparam, LRESULT* result) {
368 if (message == WM_WTSSESSION_CHANGE) {
369 OnSessionChange(wparam, lparam);
370 *result = 0;
371 return true;
372 }
373
374 return false;
375 }
376
377 // static
ConsoleControlHandler(DWORD event)378 BOOL WINAPI HostService::ConsoleControlHandler(DWORD event) {
379 HostService* self = HostService::GetInstance();
380 switch (event) {
381 case CTRL_C_EVENT:
382 case CTRL_BREAK_EVENT:
383 case CTRL_CLOSE_EVENT:
384 case CTRL_LOGOFF_EVENT:
385 case CTRL_SHUTDOWN_EVENT:
386 self->main_task_runner_->PostTask(
387 FROM_HERE, base::Bind(&HostService::StopDaemonProcess,
388 self->weak_ptr_));
389 return TRUE;
390
391 default:
392 return FALSE;
393 }
394 }
395
396 // static
ServiceControlHandler(DWORD control,DWORD event_type,LPVOID event_data,LPVOID context)397 DWORD WINAPI HostService::ServiceControlHandler(DWORD control,
398 DWORD event_type,
399 LPVOID event_data,
400 LPVOID context) {
401 HostService* self = reinterpret_cast<HostService*>(context);
402 switch (control) {
403 case SERVICE_CONTROL_INTERROGATE:
404 return NO_ERROR;
405
406 case SERVICE_CONTROL_SHUTDOWN:
407 case SERVICE_CONTROL_STOP:
408 self->main_task_runner_->PostTask(
409 FROM_HERE, base::Bind(&HostService::StopDaemonProcess,
410 self->weak_ptr_));
411 return NO_ERROR;
412
413 case SERVICE_CONTROL_SESSIONCHANGE:
414 self->main_task_runner_->PostTask(FROM_HERE, base::Bind(
415 &HostService::OnSessionChange, self->weak_ptr_, event_type,
416 reinterpret_cast<WTSSESSION_NOTIFICATION*>(event_data)->dwSessionId));
417 return NO_ERROR;
418
419 default:
420 return ERROR_CALL_NOT_IMPLEMENTED;
421 }
422 }
423
424 // static
ServiceMain(DWORD argc,WCHAR * argv[])425 VOID WINAPI HostService::ServiceMain(DWORD argc, WCHAR* argv[]) {
426 HostService* self = HostService::GetInstance();
427
428 // Run the service.
429 self->RunAsServiceImpl();
430
431 // Release the control handler and notify the main thread that it can exit
432 // now.
433 self->stopped_event_.Signal();
434 }
435
DaemonProcessMain()436 int DaemonProcessMain() {
437 HostService* service = HostService::GetInstance();
438 if (!service->InitWithCommandLine(CommandLine::ForCurrentProcess())) {
439 return kUsageExitCode;
440 }
441
442 return service->Run();
443 }
444
445 } // namespace remoting
446