Commit Graph

31 Commits

Author SHA1 Message Date
Quantum
ebda52b18b [host] service: use SYSTEM token attached to the current process
Since with the service, we are already running as SYSTEM, we don't need
to use dupeSystemProcessToken to get the token for SYSTEM. This removes
the need for having SeDebugPrivilege, SeTcbPrivilege, and
SeAssignPrimaryTokenPrivilege, or otherwise doing sketchy things.

Furthermore, we now only open the token with the privileges we actually
need.
2021-07-20 11:27:03 +10:00
Quantum
16ee1a825c [host] windows: use event to gracefully signal exit
This allows the process to be terminated without resorting to
TerminateProcess. With some fixes, this allows the notification icon to be
removed when the service is restarted.

Furthermore, instead of sending WM_DESTROY to fool the window into believing
it's being destroyed, we actually call DestroyWindow now.
2021-07-20 11:26:49 +10:00
Quantum
24d0aa0c18 [all] normalize copyright on all source files 2021-06-06 11:53:05 +10:00
Quantum
6a1ec9420e [host] service: compare SIDs directly without string conversion
Instead of converting every SID to string with ConvertSidToStringSidA
and compare it with the magical SID string for local system with strcmp,
we could instead create the local system SID and compare directly with
EqualSid.
2021-04-29 11:52:23 +10:00
Quantum
93d97424df [host] service: disable handle inheritance when spawning host
We don't actually have any handles that should be inherited, so specifying
TRUE for bInheritHandles to CreateProcessAsUserA is pointless.

Furthermore, according to MSDN, "[y]ou cannot inherit handles across
sessions," and we are spawning the host in a different session, so this
is even more pointless.
2021-04-29 11:51:41 +10:00
Quantum
2afad4e1be [host] service: disable privileges as soon as they are not needed
It is usually considered good practice to enable elevated privileges
for the shortest duration possible.
2021-04-29 11:51:30 +10:00
Quantum
5bfb33c739 [host] windows: re-implement open log safely
Instead of doing ShellExecute from the service, we instead get the token
of the currently logged in user, and do CreateProcessAsUserA to run
notepad with that token. This should be safe.
2021-03-22 09:06:07 +11:00
Quantum
a089c4ea32 [host] service: introduce fatal errors for ivshmem failures
Also for failure to parse command line. For these errors, restarting
with exponential backoff will not help: no amount of restarting the
service could possibly make the ivshmem device exist or larger, so
we shouldn't try.
2021-03-22 08:54:58 +11:00
Quantum
c12c6ea3c7 [host] service: retry a few times when host fails to restart
Certain users of Radeon cards have observed that the host fails to start
at boot, with D3D11CreateDevice failing with HSTATUS 0x887a0004, which
translates to "The specified device interface or feature level is not
supported on this system."

This failure results in a LG_HOST_EXIT_FAILED exit code, which the service
does not attempt to restart. The user has to manually restart the service
for the host application to work.

These users reported that the host application started fine on
B2. This strongly suggests that the fix to enable capturing the login
screen made the host application start too early during the boot process,
and the graphics driver did not have time to initialize fully.

This PR allows the service to retry a few times on LG_HOST_EXIT_FAILED,
with exponential backoff, before giving up. This should cover this bug
and other similar bugs related to the early initialization which I do not
have logs for.
2021-03-22 08:54:58 +11:00
Quantum
1761ea2b9b [host] windows: move log path to %ProgramData%\Looking Glass (host)
Instead of using %windir%\Temp, which is not accessible by default and
contains a lot of unrelated files, as the location for our log files,
this commit moves it to %ProgramData%\Looking Glass (host), which will
be a dedicated directory just for the LG host log files. This applies
to both the host application logs and the service logs.

Also, we now switched to using PathCombineA from shlwapi.dll instead
of using snprintf, which greatly simplifies the code. PathCombineA
guarantees that the path would not overflow a buffer of MAX_PATH.
2021-01-29 15:56:01 +11:00
Geoffrey McRae
e2e49bce13 [host] service: fix possible use of unitialized variable 2021-01-27 01:23:58 +11:00
Quantum
f9ec32b255 [host] service: disable buffering on the log file
Before this change, the log is buffered, so if the host application exits
for any reason, it usually would not show up in the log file immediately,
and the service has to be restarted for the logs to be flushed.

This commit disables the buffering so that any log entries shows up
immediately.
2021-01-25 09:35:03 +11:00
Quantum
fe835b98d5 [host] windows: sleep for 1 second instead of 1 millisecond
This is definitely supposed to sleep for 1 second.
1 ms is basically no throttling.
2021-01-17 02:58:27 +11:00
Quantum
c5c43d99f3 [host] windows: allow capture of login screen
WTSGetActiveConsoleSessionId will return a session even if it's not logged in,
unlike our old GetInteractiveSessionID function. Launching looking glass on
such a console session will allow the login screen to be captured.

Note that WTSGetActiveConsoleSessionId() will return 0xFFFFFFFF if there are
no sessions attached.
2021-01-17 02:56:29 +11:00
Quantum
4858bb5899 [host] windows: avoid quoting issues with CreateProcessAsUserA
To quote MSDN documentation:

> The lpApplicationName parameter can be NULL, in which case the executable
> name must be the first white space–delimited string in lpCommandLine. If
> the executable or path name has a space in it, there is a risk that a
> different executable could be run because of the way the function parses
> spaces. The following example is dangerous because the function will
> attempt to run "Program.exe", if it exists, instead of "MyApp.exe".
>
>   LPTSTR szCmdline[] = _tcsdup(TEXT("C:\\Program Files\\MyApp"));
>   CreateProcessAsUser(hToken, NULL, szCmdline, /*...*/ );
>
> If a malicious user were to create an application called "Program.exe" on
> a system, any program that incorrectly calls CreateProcessAsUser using the
> Program Files directory will run this application instead of the intended
> application.
>
> To avoid this problem, do not pass NULL for lpApplicationName.

So instead, we pass the executable to lpApplicationName instead, which avoids
the issue. MSDN says:

> The lpCommandLine parameter can be NULL. In that case, the function uses
> the string pointed to by lpApplicationName as the command line.

This also avoids the strdup since lpApplicationName is LPCSTR unlike
lpCommandLine which is LPSTR.
2021-01-16 11:48:03 +11:00
Quantum
8f27789d25 [host] windows: close handle to token in enablePriv
This should eliminate all handle leaks resulting from killing the host.
2021-01-15 20:44:50 +11:00
Quantum
e401513552 [host] windows: add timestamps to service logs
This makes it easier to identify when things in the logs happened.
2021-01-15 20:44:38 +11:00
Quantum
81561a242f [host] windows: remove ImpersonateLoggedOnUser call
It shouldn't have any effect, since the host application is created with
the token, and there is no need for the service itself to impersonate.

In practice, removal doesn't appear to have any effect on the ability to
capture privileged things like secure desktop.
2021-01-15 20:44:25 +11:00
Quantum
789f21ccb3 [host] windows: handle defined exit codes in service
The service should now react to host application exit codes.
For the exit codes that demands it, the service will exit instead of
restarting the host.
2021-01-15 20:44:13 +11:00
Quantum
323aab8ec2 [host] windows: improve restart logic and remove mutex hack
Use the process handle returned by CreateProcessAsUserA to wait on the
process. This results in faster response times and less polling.
For example, it now restarts instantly when UAC is activated.

This also removes the call to OpenProcess and rendering the mutex unnecessary.

As a bonus, it should fix #298.
2021-01-15 11:43:23 +11:00
Quantum
65009dcedc [host] windows: avoid leaking process and thread handles
The handles in PROCESS_INFORMATION must be closed if not used, or they
will leak.
2021-01-15 09:49:42 +11:00
Tudor Brindus
a46a3a2668 [all] use explicit void parameter lists
This makes it a compile-time error to call a function that semantically
takes no parameters with a nonzero number of arguments.

Previously, such code would still compile, but risk blowing up the stack
if a compiler chose to use something other than caller-cleanup calling
conventions.
2021-01-14 17:29:37 +11:00
Geoffrey McRae
38198b1477 [host] dynamically locate CreateProcesssAsUserA for pre-win 10 2020-12-30 18:29:58 +11:00
Geoffrey McRae
9d0ae23f9f [host] init ivshmem options before testing 2020-10-19 03:01:35 +11:00
Geoffrey McRae
9ff1859dc1 [host] windows: check the ivshmem device exists in the service 2020-10-19 02:49:15 +11:00
Geoffrey McRae
15d1a74291 [host] Windows: multiple fixes to the installer 2020-08-12 21:50:48 +10:00
Geoffrey McRae
64fdb8b7bb [host] Windows: service (un)install now starts/stops the service
In addition to starting and stopping the service, it now also stops the
LG process if the service started it.
2020-08-12 20:56:02 +10:00
Geoffrey McRae
0cf1e27709 [host] Windows: run with HIGH priority if started by the service 2020-08-11 17:37:40 +10:00
Geoffrey McRae
bf5481446b [host] Windows: poll more freqently for a stopped LG process 2020-08-11 15:22:29 +10:00
Geoffrey McRae
10d9678b3d [host] Windows: improved service restart detection 2020-08-11 12:47:50 +10:00
Geoffrey McRae
e08d3afdbc [host] Windows: added missing service files 2020-08-11 12:27:04 +10:00