OLD | NEW |
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "remoting/host/win/chromoting_module.h" | 5 #include "remoting/host/win/chromoting_module.h" |
6 | 6 |
7 #include <sddl.h> | |
8 | |
9 #include "base/lazy_instance.h" | 7 #include "base/lazy_instance.h" |
10 #include "base/logging.h" | 8 #include "base/logging.h" |
11 #include "base/message_loop/message_loop.h" | 9 #include "base/message_loop/message_loop.h" |
12 #include "base/run_loop.h" | 10 #include "base/run_loop.h" |
13 #include "base/strings/utf_string_conversions.h" | 11 #include "base/strings/utf_string_conversions.h" |
14 #include "base/win/scoped_handle.h" | 12 #include "base/win/scoped_handle.h" |
15 #include "base/win/windows_version.h" | 13 #include "base/win/windows_version.h" |
16 #include "remoting/base/auto_thread_task_runner.h" | 14 #include "remoting/base/auto_thread_task_runner.h" |
17 #include "remoting/base/typed_buffer.h" | 15 #include "remoting/base/typed_buffer.h" |
18 #include "remoting/host/host_exit_codes.h" | 16 #include "remoting/host/host_exit_codes.h" |
19 #include "remoting/host/win/com_security.h" | |
20 #include "remoting/host/win/elevated_controller.h" | |
21 #include "remoting/host/win/rdp_desktop_session.h" | 17 #include "remoting/host/win/rdp_desktop_session.h" |
22 | 18 |
23 namespace remoting { | 19 namespace remoting { |
24 | 20 |
25 namespace { | 21 namespace { |
26 | 22 |
27 // A security descriptor allowing local processes running under SYSTEM, built-in | |
28 // administrators and interactive users to call COM methods. | |
29 const wchar_t kElevatedControllerSd[] = | |
30 SDDL_OWNER L":" SDDL_BUILTIN_ADMINISTRATORS | |
31 SDDL_GROUP L":" SDDL_BUILTIN_ADMINISTRATORS | |
32 SDDL_DACL L":" | |
33 SDDL_ACE(SDDL_ACCESS_ALLOWED, SDDL_COM_EXECUTE_LOCAL, SDDL_LOCAL_SYSTEM) | |
34 SDDL_ACE(SDDL_ACCESS_ALLOWED, SDDL_COM_EXECUTE_LOCAL, | |
35 SDDL_BUILTIN_ADMINISTRATORS) | |
36 SDDL_ACE(SDDL_ACCESS_ALLOWED, SDDL_COM_EXECUTE_LOCAL, SDDL_INTERACTIVE); | |
37 | |
38 // Holds a reference to the task runner used by the module. | 23 // Holds a reference to the task runner used by the module. |
39 base::LazyInstance<scoped_refptr<AutoThreadTaskRunner> > g_module_task_runner = | 24 base::LazyInstance<scoped_refptr<AutoThreadTaskRunner> > g_module_task_runner = |
40 LAZY_INSTANCE_INITIALIZER; | 25 LAZY_INSTANCE_INITIALIZER; |
41 | 26 |
42 // Lowers the process integrity level such that it does not exceed |max_level|. | 27 // Lowers the process integrity level such that it does not exceed |max_level|. |
43 // |max_level| is expected to be one of SECURITY_MANDATORY_XXX constants. | 28 // |max_level| is expected to be one of SECURITY_MANDATORY_XXX constants. |
44 bool LowerProcessIntegrityLevel(DWORD max_level) { | 29 bool LowerProcessIntegrityLevel(DWORD max_level) { |
45 HANDLE temp_handle; | 30 HANDLE temp_handle; |
46 if (!OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY | TOKEN_WRITE, | 31 if (!OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY | TOKEN_WRITE, |
47 &temp_handle)) { | 32 &temp_handle)) { |
(...skipping 140 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
188 HRESULT ChromotingModule::RevokeClassObjects() { | 173 HRESULT ChromotingModule::RevokeClassObjects() { |
189 for (ATL::_ATL_OBJMAP_ENTRY* i = classes_; i != classes_end_; ++i) { | 174 for (ATL::_ATL_OBJMAP_ENTRY* i = classes_; i != classes_end_; ++i) { |
190 HRESULT result = i->RevokeClassObject(); | 175 HRESULT result = i->RevokeClassObject(); |
191 if (FAILED(result)) | 176 if (FAILED(result)) |
192 return result; | 177 return result; |
193 } | 178 } |
194 | 179 |
195 return S_OK; | 180 return S_OK; |
196 } | 181 } |
197 | 182 |
198 // Elevated controller entry point. | |
199 int ElevatedControllerMain() { | |
200 ATL::_ATL_OBJMAP_ENTRY elevated_controller_entry[] = { | |
201 OBJECT_ENTRY(__uuidof(ElevatedController), ElevatedController) | |
202 }; | |
203 | |
204 ChromotingModule module(elevated_controller_entry, | |
205 elevated_controller_entry + 1); | |
206 | |
207 if (!InitializeComSecurity(base::WideToUTF8(kElevatedControllerSd), "", true)) | |
208 return kInitializationFailed; | |
209 | |
210 if (!module.Run()) | |
211 return kInitializationFailed; | |
212 | |
213 return kSuccessExitCode; | |
214 } | |
215 | |
216 // RdpClient entry point. | 183 // RdpClient entry point. |
217 int RdpDesktopSessionMain() { | 184 int RdpDesktopSessionMain() { |
218 // Lower the integrity level to medium, which is the lowest level at which | 185 // Lower the integrity level to medium, which is the lowest level at which |
219 // the RDP ActiveX control can run. | 186 // the RDP ActiveX control can run. |
220 if (base::win::GetVersion() >= base::win::VERSION_VISTA) { | 187 if (base::win::GetVersion() >= base::win::VERSION_VISTA) { |
221 if (!LowerProcessIntegrityLevel(SECURITY_MANDATORY_MEDIUM_RID)) | 188 if (!LowerProcessIntegrityLevel(SECURITY_MANDATORY_MEDIUM_RID)) |
222 return kInitializationFailed; | 189 return kInitializationFailed; |
223 } | 190 } |
224 | 191 |
225 ATL::_ATL_OBJMAP_ENTRY rdp_client_entry[] = { | 192 ATL::_ATL_OBJMAP_ENTRY rdp_client_entry[] = { |
226 OBJECT_ENTRY(__uuidof(RdpDesktopSession), RdpDesktopSession) | 193 OBJECT_ENTRY(__uuidof(RdpDesktopSession), RdpDesktopSession) |
227 }; | 194 }; |
228 | 195 |
229 ChromotingModule module(rdp_client_entry, rdp_client_entry + 1); | 196 ChromotingModule module(rdp_client_entry, rdp_client_entry + 1); |
230 return module.Run() ? kSuccessExitCode : kInitializationFailed; | 197 return module.Run() ? kSuccessExitCode : kInitializationFailed; |
231 } | 198 } |
232 | 199 |
233 } // namespace remoting | 200 } // namespace remoting |
OLD | NEW |