Update Windows It2Me to allow remote users to interact with elevated windows

remoting/host/it2me/it2me_native_messaging_host.cc

 // Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "remoting/host/it2me/it2me_native_messaging_host.h"
 
 #include <string>
 #include <utility>
 
 #include "base/bind.h"
 #include "base/callback.h"
+#include "base/callback_helpers.h"
 #include "base/json/json_reader.h"
 #include "base/json/json_writer.h"
 #include "base/strings/string_number_conversions.h"
 #include "base/strings/string_util.h"
 #include "base/strings/stringize_macros.h"
 #include "base/threading/thread.h"
+#include "base/time/time.h"
 #include "base/values.h"
 #include "build/build_config.h"
+#include "components/policy/policy_constants.h"
 #include "net/base/url_util.h"
 #include "net/url_request/url_request_context_getter.h"
 #include "remoting/base/auto_thread_task_runner.h"
 #include "remoting/host/chromoting_host_context.h"
 #include "remoting/host/host_exit_codes.h"
+#include "remoting/host/policy_watcher.h"
 #include "remoting/host/service_urls.h"
 #include "remoting/protocol/name_value_map.h"
 
+#if defined(OS_WIN)
+#include "base/command_line.h"
+#include "base/files/file_path.h"
+
+#include "remoting/host/win/elevated_native_messaging_host.h"
+#endif  // defined(OS_WIN)
+
 namespace remoting {
 
 namespace {
 
 const remoting::protocol::NameMapElement<It2MeHostState> kIt2MeHostStates[] = {
     {kDisconnected, "DISCONNECTED"},
     {kStarting, "STARTING"},
     {kRequestedAccessCode, "REQUESTED_ACCESS_CODE"},
     {kReceivedAccessCode, "RECEIVED_ACCESS_CODE"},
     {kConnected, "CONNECTED"},
     {kError, "ERROR"},
     {kInvalidDomainError, "INVALID_DOMAIN_ERROR"},
 };
 
+#if defined(OS_WIN)
+const base::FilePath::CharType kBaseHostBinaryName[] =
+    FILE_PATH_LITERAL("remote_assistance_host.exe");
+const base::FilePath::CharType kElevatedHostBinaryName[] =
+    FILE_PATH_LITERAL("remote_assistance_host_uiaccess.exe");
+#endif  // defined(OS_WIN)
+
 }  // namespace
 
 It2MeNativeMessagingHost::It2MeNativeMessagingHost(
+    bool needs_elevation,
     std::unique_ptr<ChromotingHostContext> context,
     std::unique_ptr<It2MeHostFactory> factory)
-    : client_(nullptr),
+    : needs_elevation_(needs_elevation),
       host_context_(std::move(context)),
       factory_(std::move(factory)),
+      policy_watcher_(PolicyWatcher::Create(factory_->get_policy_service(),
+                                            host_context_->file_task_runner())),
       weak_factory_(this) {
   weak_ptr_ = weak_factory_.GetWeakPtr();
 
   const ServiceUrls* service_urls = ServiceUrls::GetInstance();
   const bool xmpp_server_valid =
       net::ParseHostAndPort(service_urls->xmpp_server_address(),
                             &xmpp_server_config_.host,
                             &xmpp_server_config_.port);
   DCHECK(xmpp_server_valid);
 
   xmpp_server_config_.use_tls = service_urls->xmpp_server_use_tls();
   directory_bot_jid_ = service_urls->directory_bot_jid();
+
+  policy_watcher_->StartWatching(
+      base::Bind(&It2MeNativeMessagingHost::OnPolicyUpdate,
+                 base::Unretained(this)),

[Sergey Ulanov, 2016/08/31 23:00:17]

I don't think it's safe to use Unretained() here because policy_watcher_ will
call this closure on a thread different from the one on which
It2MeNativeMessagingHost is destroyed.

[joedow, 2016/09/02 21:58:59]

Done.

+      base::Bind(&It2MeNativeMessagingHost::OnPolicyError,
+                 base::Unretained(this)));
 }
 
 It2MeNativeMessagingHost::~It2MeNativeMessagingHost() {
   DCHECK(task_runner()->BelongsToCurrentThread());
 
   if (it2me_host_.get()) {
     it2me_host_->Disconnect();
     it2me_host_ = nullptr;
   }
 }
@@ skipping 20 matching lines @@
 
   std::string type;
   if (!message_dict->GetString("type", &type)) {
     SendErrorAndExit(std::move(response), "'type' not found in request.");
     return;
   }
 
   response->SetString("type", type + "Response");
 
   if (type == "hello") {
-    ProcessHello(*message_dict, std::move(response));
+    ProcessHello(std::move(message_dict), std::move(response));
   } else if (type == "connect") {
-    ProcessConnect(*message_dict, std::move(response));
+    ProcessConnect(std::move(message_dict), std::move(response));
   } else if (type == "disconnect") {
-    ProcessDisconnect(*message_dict, std::move(response));
+    ProcessDisconnect(std::move(message_dict), std::move(response));
   } else {
     SendErrorAndExit(std::move(response), "Unsupported request type: " + type);
   }
 }
 
 void It2MeNativeMessagingHost::Start(Client* client) {
   DCHECK(task_runner()->BelongsToCurrentThread());
   client_ = client;
 #if !defined(OS_CHROMEOS)
   log_message_handler_.reset(
       new LogMessageHandler(
           base::Bind(&It2MeNativeMessagingHost::SendMessageToClient,
                      base::Unretained(this))));
 #endif  // !defined(OS_CHROMEOS)
 }
 
 void It2MeNativeMessagingHost::SendMessageToClient(
     std::unique_ptr<base::Value> message) const {
   DCHECK(task_runner()->BelongsToCurrentThread());
   std::string message_json;
   base::JSONWriter::Write(*message, &message_json);
   client_->PostMessageFromNativeHost(message_json);
 }
 
 void It2MeNativeMessagingHost::ProcessHello(
-    const base::DictionaryValue& message,
+    std::unique_ptr<base::DictionaryValue> message,
     std::unique_ptr<base::DictionaryValue> response) const {
   DCHECK(task_runner()->BelongsToCurrentThread());
 
   response->SetString("version", STRINGIZE(VERSION));
 
   // This list will be populated when new features are added.
   std::unique_ptr<base::ListValue> supported_features_list(
       new base::ListValue());
   response->Set("supportedFeatures", supported_features_list.release());
 
   SendMessageToClient(std::move(response));
 }
 
 void It2MeNativeMessagingHost::ProcessConnect(
-    const base::DictionaryValue& message,
+    std::unique_ptr<base::DictionaryValue> message,
     std::unique_ptr<base::DictionaryValue> response) {
   DCHECK(task_runner()->BelongsToCurrentThread());
 
+  if (!policy_received_) {
+    DCHECK(pending_connect_.is_null());
+    pending_connect_ =
+        base::Bind(&It2MeNativeMessagingHost::ProcessConnect, weak_ptr_,
+                   base::Passed(&message), base::Passed(&response));
+    return;
+  }
+
+  if (needs_elevation_ && allow_elevated_host_) {

[Sergey Ulanov, 2016/08/31 23:00:16]

Add a comment here to explain what happens here.

[joedow, 2016/09/02 21:58:59]

Done.

+    if (!DelegateToElevatedHost(std::move(message))) {
+      response->SetBoolean("result", false);

[Sergey Ulanov, 2016/08/31 23:00:16]

Does the app support this field right now?

[joedow, 2016/09/02 21:58:59]

I seem to remember testing this in a previous iteration but I think it is better
to be consistent so I will use the same error mechanism as the rest of this
file.

+      SendMessageToClient(std::move(response));
+    }
+    return;
+  }
+
   if (it2me_host_.get()) {
     SendErrorAndExit(std::move(response),
                      "Connect can be called only when disconnected.");
     return;
   }
 
   XmppSignalStrategy::XmppServerConfig xmpp_config = xmpp_server_config_;
 
-  if (!message.GetString("userName", &xmpp_config.username)) {
+  if (!message->GetString("userName", &xmpp_config.username)) {
     SendErrorAndExit(std::move(response), "'userName' not found in request.");
     return;
   }
 
   std::string auth_service_with_token;
-  if (!message.GetString("authServiceWithToken", &auth_service_with_token)) {
+  if (!message->GetString("authServiceWithToken", &auth_service_with_token)) {
     SendErrorAndExit(std::move(response),
                      "'authServiceWithToken' not found in request.");
     return;
   }
 
   // For backward compatibility the webapp still passes OAuth service as part of
   // the authServiceWithToken field. But auth service part is always expected to
   // be set to oauth2.
   const char kOAuth2ServicePrefix[] = "oauth2:";
   if (!base::StartsWith(auth_service_with_token, kOAuth2ServicePrefix,
                         base::CompareCase::SENSITIVE)) {
     SendErrorAndExit(std::move(response), "Invalid 'authServiceWithToken': " +
                                               auth_service_with_token);
     return;
   }
 
   xmpp_config.auth_token =
       auth_service_with_token.substr(strlen(kOAuth2ServicePrefix));
 
 #if !defined(NDEBUG)
   std::string address;
-  if (!message.GetString("xmppServerAddress", &address)) {
+  if (!message->GetString("xmppServerAddress", &address)) {
     SendErrorAndExit(std::move(response),
                      "'xmppServerAddress' not found in request.");
     return;
   }
 
   if (!net::ParseHostAndPort(address, &xmpp_config.host,
                              &xmpp_config.port)) {
     SendErrorAndExit(std::move(response),
                      "Invalid 'xmppServerAddress': " + address);
     return;
   }
 
-  if (!message.GetBoolean("xmppServerUseTls", &xmpp_config.use_tls)) {
+  if (!message->GetBoolean("xmppServerUseTls", &xmpp_config.use_tls)) {
     SendErrorAndExit(std::move(response),
                      "'xmppServerUseTls' not found in request.");
     return;
   }
 
-  if (!message.GetString("directoryBotJid", &directory_bot_jid_)) {
+  if (!message->GetString("directoryBotJid", &directory_bot_jid_)) {
     SendErrorAndExit(std::move(response),
                      "'directoryBotJid' not found in request.");
     return;
   }
 #endif  // !defined(NDEBUG)
 
   // Create the It2Me host and start connecting.
   it2me_host_ = factory_->CreateIt2MeHost(host_context_->Copy(),
                                           weak_ptr_,
                                           xmpp_config,
                                           directory_bot_jid_);
   it2me_host_->Connect();
 
   SendMessageToClient(std::move(response));
 }
 
 void It2MeNativeMessagingHost::ProcessDisconnect(
-    const base::DictionaryValue& message,
+    std::unique_ptr<base::DictionaryValue> message,
     std::unique_ptr<base::DictionaryValue> response) {
   DCHECK(task_runner()->BelongsToCurrentThread());
+  DCHECK(policy_received_);
+
+  if (needs_elevation_ && allow_elevated_host_) {
+    if (!DelegateToElevatedHost(std::move(message))) {
+      response->SetBoolean("result", false);
+      SendMessageToClient(std::move(response));
+    }
+    return;
+  }
 
   if (it2me_host_.get()) {
     it2me_host_->Disconnect();
     it2me_host_ = nullptr;
   }
   SendMessageToClient(std::move(response));
 }
 
 void It2MeNativeMessagingHost::SendErrorAndExit(
     std::unique_ptr<base::DictionaryValue> response,
@@ skipping 84 matching lines @@
 It2MeNativeMessagingHost::task_runner() const {
   return host_context_->ui_task_runner();
 }
 
 /* static */
 std::string It2MeNativeMessagingHost::HostStateToString(
     It2MeHostState host_state) {
   return ValueToName(kIt2MeHostStates, host_state);
 }
 
+void It2MeNativeMessagingHost::OnPolicyUpdate(
+    std::unique_ptr<base::DictionaryValue> policies) {
+  // The policy watcher runs on the |file_task_runner| but we want to run the
+  // update code on |task_runner|.
+  if (!task_runner()->BelongsToCurrentThread()) {
+    task_runner()->PostTask(
+        FROM_HERE, base::Bind(&It2MeNativeMessagingHost::OnPolicyUpdate,
+                              weak_ptr_, base::Passed(&policies)));
+    return;
+  }
+
+  if (policy_received_) {
+    // Don't dynamically change how the host operates since we don't have a good
+    // way to communicate changes to the user.
+    return;
+  }
+
+  if (!policies->GetBoolean(
+          policy::key::kRemoteAccessHostAllowUiAccessForRemoteAssistance,
+          &allow_elevated_host_)) {
+    LOG(WARNING) << "Failed to retrieve elevated host policy value.";
+  }
+
+  policy_received_ = true;
+  if (!pending_connect_.is_null()) {
+    base::ResetAndReturn(&pending_connect_).Run();
+  }
+}
+
+void It2MeNativeMessagingHost::OnPolicyError() {
+  // TODO(joedow): Report the policy error to the user.  crbug.com/433009
+  NOTIMPLEMENTED();
+}
+
+#if defined(OS_WIN)
+
+bool It2MeNativeMessagingHost::DelegateToElevatedHost(
+    std::unique_ptr<base::DictionaryValue> message) {
+  DCHECK(task_runner()->BelongsToCurrentThread());
+  DCHECK(needs_elevation_);
+  DCHECK(allow_elevated_host_);
+
+  if (!elevated_host_) {
+    base::FilePath binary_path =
+        base::CommandLine::ForCurrentProcess()->GetProgram();
+    CHECK(binary_path.BaseName() == base::FilePath(kBaseHostBinaryName));
+
+    // The new process runs at an elevated level due to being granted uiAccess.
+    elevated_host_.reset(new ElevatedNativeMessagingHost(
+        binary_path.DirName().Append(kElevatedHostBinaryName),
+        /*parent_window_handle=*/0,

[Sergey Ulanov, 2016/08/31 23:00:17]

Why is this not parameter passed to the elevated process? maybe explain it in
the comments?

[joedow, 2016/09/02 21:58:59]

Done.

+        /*elevate_process=*/false,
+        /*host_timeout=*/base::TimeDelta(), client_));
+  }
+
+  if (elevated_host_->EnsureElevatedHostCreated()) {
+    elevated_host_->SendMessage(std::move(message));
+    return true;
+  }
+
+  return false;
+}
+
+#else  // !defined(OS_WIN)
+
+bool It2MeNativeMessagingHost::DelegateToElevatedHost(
+    std::unique_ptr<base::DictionaryValue> message) {
+  NOTREACHED();
+  return false;
+}
+
+#endif  // !defined(OS_WIN)
+
 }  // namespace remoting