OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "remoting/host/desktop_session_win.h" | 5 #include "remoting/host/desktop_session_win.h" |
6 | 6 |
7 #include <sddl.h> | 7 #include <sddl.h> |
8 | 8 |
9 #include <limits> | 9 #include <limits> |
10 #include <memory> | 10 #include <memory> |
(...skipping 43 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
54 | 54 |
55 // The security descriptor of the daemon IPC endpoint. It gives full access | 55 // The security descriptor of the daemon IPC endpoint. It gives full access |
56 // to SYSTEM and denies access by anyone else. | 56 // to SYSTEM and denies access by anyone else. |
57 const wchar_t kDaemonIpcSecurityDescriptor[] = | 57 const wchar_t kDaemonIpcSecurityDescriptor[] = |
58 SDDL_OWNER L":" SDDL_LOCAL_SYSTEM | 58 SDDL_OWNER L":" SDDL_LOCAL_SYSTEM |
59 SDDL_GROUP L":" SDDL_LOCAL_SYSTEM | 59 SDDL_GROUP L":" SDDL_LOCAL_SYSTEM |
60 SDDL_DACL L":(" | 60 SDDL_DACL L":(" |
61 SDDL_ACCESS_ALLOWED L";;" SDDL_GENERIC_ALL L";;;" SDDL_LOCAL_SYSTEM | 61 SDDL_ACCESS_ALLOWED L";;" SDDL_GENERIC_ALL L";;;" SDDL_LOCAL_SYSTEM |
62 L")"; | 62 L")"; |
63 | 63 |
64 // This security descriptor is used to give the network process, running in the | |
65 // local service context, the PROCESS_QUERY_LIMITED_INFORMATION access right. | |
66 // It also gives SYSTEM full control of the process and PROCESS_VM_READ, | |
67 // PROCESS_QUERY_INFORMATION, PROCESS_TERMINATE, and READ_CONTROL rights to the | |
68 // built-in administrators group. | |
69 const wchar_t kDesktopProcessSecurityDescriptor[] = | |
70 SDDL_OWNER L":" SDDL_LOCAL_SYSTEM | |
71 SDDL_GROUP L":" SDDL_LOCAL_SYSTEM | |
72 SDDL_DACL L":" | |
73 SDDL_ACCESS_ALLOWED L";;" SDDL_GENERIC_ALL L";;;" SDDL_LOCAL_SYSTEM | |
74 L")(" | |
75 SDDL_ACCESS_ALLOWED L";;0x21411;;;" SDDL_BUILTIN_ADMINISTRATORS | |
76 L")(" | |
77 SDDL_ACCESS_ALLOWED L";;0x1000;;;" SDDL_LOCAL_SERVICE | |
78 L")"; | |
79 | |
80 // The command line parameters that should be copied from the service's command | 64 // The command line parameters that should be copied from the service's command |
81 // line to the desktop process. | 65 // line to the desktop process. |
82 const char* kCopiedSwitchNames[] = { switches::kV, switches::kVModule }; | 66 const char* kCopiedSwitchNames[] = { switches::kV, switches::kVModule }; |
83 | 67 |
84 // The default screen dimensions for an RDP session. | 68 // The default screen dimensions for an RDP session. |
85 const int kDefaultRdpScreenWidth = 1280; | 69 const int kDefaultRdpScreenWidth = 1280; |
86 const int kDefaultRdpScreenHeight = 768; | 70 const int kDefaultRdpScreenHeight = 768; |
87 | 71 |
88 // RDC 6.1 (W2K8) supports dimensions of up to 4096x2048. | 72 // RDC 6.1 (W2K8) supports dimensions of up to 4096x2048. |
89 const int kMaxRdpScreenWidth = 4096; | 73 const int kMaxRdpScreenWidth = 4096; |
(...skipping 552 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
642 new base::CommandLine(desktop_binary)); | 626 new base::CommandLine(desktop_binary)); |
643 target->AppendSwitchASCII(kProcessTypeSwitchName, kProcessTypeDesktop); | 627 target->AppendSwitchASCII(kProcessTypeSwitchName, kProcessTypeDesktop); |
644 // Copy the command line switches enabling verbose logging. | 628 // Copy the command line switches enabling verbose logging. |
645 target->CopySwitchesFrom(*base::CommandLine::ForCurrentProcess(), | 629 target->CopySwitchesFrom(*base::CommandLine::ForCurrentProcess(), |
646 kCopiedSwitchNames, arraysize(kCopiedSwitchNames)); | 630 kCopiedSwitchNames, arraysize(kCopiedSwitchNames)); |
647 | 631 |
648 // Create a delegate capable of launching a process in a different session. | 632 // Create a delegate capable of launching a process in a different session. |
649 std::unique_ptr<WtsSessionProcessDelegate> delegate( | 633 std::unique_ptr<WtsSessionProcessDelegate> delegate( |
650 new WtsSessionProcessDelegate( | 634 new WtsSessionProcessDelegate( |
651 io_task_runner_, std::move(target), launch_elevated, | 635 io_task_runner_, std::move(target), launch_elevated, |
652 base::WideToUTF8(kDaemonIpcSecurityDescriptor), | 636 base::WideToUTF8(kDaemonIpcSecurityDescriptor))); |
653 base::WideToUTF8(kDesktopProcessSecurityDescriptor))); | |
654 if (!delegate->Initialize(session_id)) { | 637 if (!delegate->Initialize(session_id)) { |
655 TerminateSession(); | 638 TerminateSession(); |
656 return; | 639 return; |
657 } | 640 } |
658 | 641 |
659 // Create a launcher for the desktop process, using the per-session delegate. | 642 // Create a launcher for the desktop process, using the per-session delegate. |
660 launcher_.reset(new WorkerProcessLauncher(std::move(delegate), this)); | 643 launcher_.reset(new WorkerProcessLauncher(std::move(delegate), this)); |
661 session_id_ = session_id; | 644 session_id_ = session_id; |
662 } | 645 } |
663 | 646 |
(...skipping 44 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
708 exploded.hour, | 691 exploded.hour, |
709 exploded.minute, | 692 exploded.minute, |
710 exploded.second, | 693 exploded.second, |
711 exploded.millisecond, | 694 exploded.millisecond, |
712 passed.c_str()); | 695 passed.c_str()); |
713 | 696 |
714 last_timestamp_ = now; | 697 last_timestamp_ = now; |
715 } | 698 } |
716 | 699 |
717 } // namespace remoting | 700 } // namespace remoting |
OLD | NEW |