The Chromoting service should not start automatically unless it was configured from the webapp to d…

remoting/host/wts_session_process_launcher_win.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 //
 // This file implements the Windows service controlling Me2Me host processes
 // running within user sessions.
 
 #include "remoting/host/wts_session_process_launcher_win.h"
 
 #include <windows.h>
 #include <sddl.h>
 #include <limits>
 
+#include "base/bind.h"
+#include "base/bind_helpers.h"
 #include "base/command_line.h"
 #include "base/logging.h"
+#include "base/message_loop_proxy.h"
 #include "base/process_util.h"
 #include "base/rand_util.h"
 #include "base/string16.h"
 #include "base/stringprintf.h"
-#include "base/threading/thread.h"
 #include "base/utf_string_conversions.h"
 #include "base/win/scoped_handle.h"
 #include "base/win/scoped_process_information.h"
 #include "ipc/ipc_channel_proxy.h"
 #include "ipc/ipc_message.h"
 #include "ipc/ipc_message_macros.h"
 
 #include "remoting/host/chromoting_messages.h"
 #include "remoting/host/sas_injector.h"
 #include "remoting/host/wts_console_monitor_win.h"
 
 using base::win::ScopedHandle;
 using base::TimeDelta;
 
 namespace {
 
+// The exit code returned by the host process when its configuration is not
+// valid.
+const int kInvalidHostConfigurationExitCode = 1;
+
 // The minimum and maximum delays between attempts to inject host process into
 // a session.
 const int kMaxLaunchDelaySeconds = 60;
 const int kMinLaunchDelaySeconds = 1;
 
 // Name of the default session desktop.
 const char kDefaultDesktopName[] = "winsta0\\default";
 
 // Match the pipe name prefix used by Chrome IPC channels.
 const char kChromePipeNamePrefix[] = "\\\\.\\pipe\\chrome.";
@@ skipping 193 matching lines @@
   return true;
 }
 
 } // namespace
 
 namespace remoting {
 
 WtsSessionProcessLauncher::WtsSessionProcessLauncher(
     WtsConsoleMonitor* monitor,
     const FilePath& host_binary,
-    base::Thread* io_thread)
+    scoped_refptr<base::MessageLoopProxy> main_message_loop,
+    scoped_refptr<base::MessageLoopProxy> ipc_message_loop)
     : host_binary_(host_binary),
-      io_thread_(io_thread),
+      main_message_loop_(main_message_loop),
+      ipc_message_loop_(ipc_message_loop),
       monitor_(monitor),
       state_(StateDetached) {
   monitor_->AddWtsConsoleObserver(this);
 }
 
 WtsSessionProcessLauncher::~WtsSessionProcessLauncher() {
   DCHECK(state_ == StateDetached);
   DCHECK(!timer_.IsRunning());
   DCHECK(process_.handle() == NULL);
   DCHECK(process_watcher_.GetWatchedObject() == NULL);
   DCHECK(chromoting_channel_.get() == NULL);
 
   monitor_->RemoveWtsConsoleObserver(this);
 }
 
 void WtsSessionProcessLauncher::LaunchProcess() {
+  DCHECK(main_message_loop_->BelongsToCurrentThread());
   DCHECK(state_ == StateStarting);
   DCHECK(!timer_.IsRunning());
   DCHECK(process_.handle() == NULL);
   DCHECK(process_watcher_.GetWatchedObject() == NULL);
   DCHECK(chromoting_channel_.get() == NULL);
 
   launch_time_ = base::Time::Now();
 
   string16 channel_name;
   ScopedHandle pipe;
   if (CreatePipeForIpcChannel(this, &channel_name, &pipe)) {
     // Wrap the pipe into an IPC channel.
     chromoting_channel_.reset(new IPC::ChannelProxy(
         IPC::ChannelHandle(pipe.Get()),
         IPC::Channel::MODE_SERVER,
         this,
-        io_thread_->message_loop_proxy().get()));
+        ipc_message_loop_));
 
     // Create the host process command line passing the name of the IPC channel
     // to use and copying known switches from the service's command line.
     CommandLine command_line(host_binary_);
     command_line.AppendSwitchNative(kChromotingIpcSwitchName, channel_name);
     command_line.CopySwitchesFrom(*CommandLine::ForCurrentProcess(),
                                   kCopiedSwitchNames,
                                   _countof(kCopiedSwitchNames));
 
     // Try to launch the process and attach an object watcher to the returned
@@ skipping 17 matching lines @@
   // is limited by exponential backoff.
   launch_backoff_ = std::max(launch_backoff_ * 2,
                              TimeDelta::FromSeconds(kMinLaunchDelaySeconds));
   launch_backoff_ = std::min(launch_backoff_,
                              TimeDelta::FromSeconds(kMaxLaunchDelaySeconds));
   timer_.Start(FROM_HERE, launch_backoff_,
                this, &WtsSessionProcessLauncher::LaunchProcess);
 }
 
 void WtsSessionProcessLauncher::OnObjectSignaled(HANDLE object) {
+  if (!main_message_loop_->BelongsToCurrentThread()) {
+    main_message_loop_->PostTask(
+        FROM_HERE, base::Bind(&WtsSessionProcessLauncher::OnObjectSignaled,
+                              base::Unretained(this), object));

[Wez, 2012/04/10 21:26:20]

How to do you ensure there are no tasks posted to this object when it's deleted?

[alexeypa (please no reviews), 2012/04/10 22:18:16]

Good question. The shutdown sequence is indeed screwed up. 

I added WtsConsoleMonitor::RequestRemoveWtsConsoleObserver that removes an
observer making sure that OnSessionDetach will be called. This will take care of
|process_watcher_|.

+    return;
+  }
+
   DCHECK(state_ == StateAttached);
   DCHECK(!timer_.IsRunning());
   DCHECK(process_.handle() != NULL);
   DCHECK(process_watcher_.GetWatchedObject() == NULL);
   DCHECK(chromoting_channel_.get() != NULL);
 
+  // Stop trying to restart the host process exited due misconfiguration.

[Wez, 2012/04/10 21:26:20]

typo: missing "if it", I think.

[alexeypa (please no reviews), 2012/04/10 22:18:16]

Done.

+  DWORD exit_code;
+  bool stop_trying = GetExitCodeProcess(process_.handle(), &exit_code) &&
+                     exit_code == kInvalidHostConfigurationExitCode;
+
   // The host process has been terminated for some reason. The handle can now be
   // closed.
   process_.Close();
   chromoting_channel_.reset();
 
+  if (stop_trying) {
+    monitor_->RemoveWtsConsoleObserver(this);

[Wez, 2012/04/10 21:26:20]

nit: Mention that once all observers are gone the service will stop itself.

[alexeypa (please no reviews), 2012/04/10 22:18:16]

Done.

+    return;
+  }
+
   // Expand the backoff interval if the process has died quickly or reset it if
   // it was up longer than the maximum backoff delay.
   base::TimeDelta delta = base::Time::Now() - launch_time_;
   if (delta < base::TimeDelta() ||
       delta >= base::TimeDelta::FromSeconds(kMaxLaunchDelaySeconds)) {
     launch_backoff_ = base::TimeDelta();
   } else {
     launch_backoff_ = std::max(launch_backoff_ * 2,
                                TimeDelta::FromSeconds(kMinLaunchDelaySeconds));
     launch_backoff_ = std::min(launch_backoff_,
@@ skipping 10 matching lines @@
   bool handled = true;
   IPC_BEGIN_MESSAGE_MAP(WtsSessionProcessLauncher, message)
       IPC_MESSAGE_HANDLER(ChromotingHostMsg_SendSasToConsole,
                           OnSendSasToConsole)
       IPC_MESSAGE_UNHANDLED(handled = false)
   IPC_END_MESSAGE_MAP()
   return handled;
 }
 
 void WtsSessionProcessLauncher::OnSendSasToConsole() {
+  if (!main_message_loop_->BelongsToCurrentThread()) {
+    main_message_loop_->PostTask(
+        FROM_HERE, base::Bind(&WtsSessionProcessLauncher::OnSendSasToConsole,
+                              base::Unretained(this)));
+    return;
+  }
+
   if (state_ == StateAttached) {
     if (sas_injector_.get() == NULL) {
       sas_injector_ = SasInjector::Create();
     }
 
     if (sas_injector_.get() != NULL) {
       sas_injector_->InjectSas();
     }
   }
 }
 
 void WtsSessionProcessLauncher::OnSessionAttached(uint32 session_id) {
+  DCHECK(main_message_loop_->BelongsToCurrentThread());
   DCHECK(state_ == StateDetached);
   DCHECK(!timer_.IsRunning());
   DCHECK(process_.handle() == NULL);
   DCHECK(process_watcher_.GetWatchedObject() == NULL);
   DCHECK(chromoting_channel_.get() == NULL);
 
   // Temporarily enable the SE_TCB_NAME privilege. The privileged token is
   // created as needed and kept for later reuse.
   if (privileged_token_.Get() == NULL) {
     if (!CreatePrivilegedToken(&privileged_token_)) {
@@ skipping 17 matching lines @@
 
   if (!result)
     return;
 
   // Now try to launch the host.
   state_ = StateStarting;
   LaunchProcess();
 }
 
 void WtsSessionProcessLauncher::OnSessionDetached() {
+  DCHECK(main_message_loop_->BelongsToCurrentThread());
   DCHECK(state_ == StateDetached ||
          state_ == StateStarting ||
          state_ == StateAttached);
 
   switch (state_) {
     case StateDetached:
       DCHECK(!timer_.IsRunning());
       DCHECK(process_.handle() == NULL);
       DCHECK(process_watcher_.GetWatchedObject() == NULL);
       DCHECK(chromoting_channel_.get() == NULL);
@@ skipping 19 matching lines @@
       process_watcher_.StopWatching();
       process_.Terminate(0);
       process_.Close();
       chromoting_channel_.reset();
       state_ = StateDetached;
       break;
   }
 }
 
 } // namespace remoting