Pass the client end handle of the network-to-daemon IPC channel via handle inheritance.

remoting/host/win/launch_process_with_token.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "remoting/host/win/launch_process_with_token.h"
 
 #include <windows.h>
+#include <sddl.h>
 #include <winternl.h>
 
+#include <limits>
+
 #include "base/logging.h"
 #include "base/memory/scoped_ptr.h"
+#include "base/process_util.h"
+#include "base/rand_util.h"
 #include "base/scoped_native_library.h"
+#include "base/single_thread_task_runner.h"
 #include "base/stringprintf.h"
 #include "base/utf_string_conversions.h"
 #include "base/win/scoped_handle.h"
 #include "base/win/scoped_process_information.h"
 #include "base/win/windows_version.h"
+#include "ipc/ipc_channel_proxy.h"
 
 using base::win::ScopedHandle;
 
 namespace {
 
+// Match the pipe name prefix used by Chrome IPC channels so that the client
+// could use Chrome IPC APIs instead of connecting manually.
+const char kChromePipeNamePrefix[] = "\\\\.\\pipe\\chrome.";
+
 const char kCreateProcessDefaultPipeNameFormat[] =
     "\\\\.\\Pipe\\TerminalServer\\SystemExecSrvr\\%d";
 
 // Undocumented WINSTATIONINFOCLASS value causing
 // winsta!WinStationQueryInformationW() to return the name of the pipe for
 // requesting cross-session process creation.
 const WINSTATIONINFOCLASS kCreateProcessPipeNameClass =
     static_cast<WINSTATIONINFOCLASS>(0x21);
 
 const int kPipeBusyWaitTimeoutMs = 2000;
@@ skipping 359 matching lines @@
   }
 
   *process_information_out = process_information;
   return true;
 }
 
 } // namespace
 
 namespace remoting {
 
+bool CreateIpcChannel(
+    const std::string& channel_name,
+    const std::string& pipe_security_descriptor,
+    scoped_refptr<base::SingleThreadTaskRunner> io_task_runner,
+    IPC::Listener* delegate,
+    scoped_ptr<IPC::ChannelProxy>* channel_out) {
+  // Create security descriptor for the channel.
+  SECURITY_ATTRIBUTES security_attributes;
+  security_attributes.nLength = sizeof(security_attributes);
+  security_attributes.bInheritHandle = FALSE;
+
+  ULONG security_descriptor_length = 0;
+  if (!ConvertStringSecurityDescriptorToSecurityDescriptor(
+          UTF8ToUTF16(pipe_security_descriptor).c_str(),
+          SDDL_REVISION_1,
+          reinterpret_cast<PSECURITY_DESCRIPTOR*>(
+              &security_attributes.lpSecurityDescriptor),
+          &security_descriptor_length)) {
+    LOG_GETLASTERROR(ERROR) <<
+        "Failed to create a security descriptor for the Chromoting IPC channel";
+    return false;
+  }
+
+  // Convert the channel name to the pipe name.
+  std::string pipe_name(kChromePipeNamePrefix);
+  pipe_name.append(channel_name);
+
+  // Create the server end of the pipe. This code should match the code in
+  // IPC::Channel with exception of passing a non-default security descriptor.
+  base::win::ScopedHandle pipe;
+  pipe.Set(CreateNamedPipe(
+      UTF8ToUTF16(pipe_name).c_str(),
+      PIPE_ACCESS_DUPLEX | FILE_FLAG_OVERLAPPED | FILE_FLAG_FIRST_PIPE_INSTANCE,
+      PIPE_TYPE_BYTE | PIPE_READMODE_BYTE,
+      1,
+      IPC::Channel::kReadBufferSize,
+      IPC::Channel::kReadBufferSize,
+      5000,
+      &security_attributes));
+  if (!pipe.IsValid()) {
+    LOG_GETLASTERROR(ERROR) <<
+        "Failed to create the server end of the Chromoting IPC channel";
+    LocalFree(security_attributes.lpSecurityDescriptor);
+    return false;
+  }
+
+  LocalFree(security_attributes.lpSecurityDescriptor);
+
+  // Wrap the pipe into an IPC channel.
+  channel_out->reset(new IPC::ChannelProxy(
+      IPC::ChannelHandle(pipe),
+      IPC::Channel::MODE_SERVER,
+      delegate,
+      io_task_runner));
+  return true;
+}
+
 // Creates a copy of the current process token for the given |session_id| so
 // it can be used to launch a process in that session.
 bool CreateSessionToken(uint32 session_id, ScopedHandle* token_out) {
   ScopedHandle session_token;
   DWORD desired_access = TOKEN_ADJUST_DEFAULT | TOKEN_ADJUST_SESSIONID |
                          TOKEN_ASSIGN_PRIMARY | TOKEN_DUPLICATE | TOKEN_QUERY;
   if (!CopyProcessToken(desired_access, &session_token)) {
     return false;
   }
 
@@ skipping 22 matching lines @@
     return false;
   }
 
   // Revert to the default token.
   CHECK(RevertToSelf());
 
   *token_out = session_token.Pass();
   return true;
 }
 
+// Generates a unique IPC channel name.
+std::string GenerateIpcChannelName(void* client) {
+  // Generate the pipe name. This code is copied from
+  // src/content/common/child_process_host_impl.cc
+  return base::StringPrintf("%d.%p.%d",
+                            base::GetCurrentProcId(), client,
+                            base::RandInt(0, std::numeric_limits<int>::max()));
+}
+
 bool LaunchProcessWithToken(const FilePath& binary,
                             const CommandLine::StringType& command_line,
                             HANDLE user_token,
+                            bool inherit_handles,
                             DWORD creation_flags,
                             ScopedHandle* process_out,
                             ScopedHandle* thread_out) {
   FilePath::StringType application_name = binary.value();
 
   base::win::ScopedProcessInformation process_info;
   STARTUPINFOW startup_info;
 
   string16 desktop_name(UTF8ToUTF16(kDefaultDesktopName));
 
   memset(&startup_info, 0, sizeof(startup_info));
   startup_info.cb = sizeof(startup_info);
   startup_info.lpDesktop = const_cast<char16*>(desktop_name.c_str());
 
   BOOL result = CreateProcessAsUser(user_token,
                                     application_name.c_str(),
                                     const_cast<LPWSTR>(command_line.c_str()),
                                     NULL,
                                     NULL,
-                                    FALSE,
+                                    inherit_handles,
                                     creation_flags,
                                     NULL,
                                     NULL,
                                     &startup_info,
                                     process_info.Receive());
 
   // CreateProcessAsUser will fail on XP and W2K3 with ERROR_PIPE_NOT_CONNECTED
   // if the user hasn't logged to the target session yet. In such a case
   // we try to talk to the execution server directly emulating what
   // the undocumented and not-exported advapi32!CreateRemoteSessionProcessW()
@@ skipping 28 matching lines @@
     return false;
   }
 
   CHECK(process_info.IsValid());
   process_out->Set(process_info.TakeProcessHandle());
   thread_out->Set(process_info.TakeThreadHandle());
   return true;
 }
 
 } // namespace remoting