remoting/host/sas_injector_win.cc - chromium/src - Git at Google

 // Copyright 2012 The Chromium Authors
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 #include "remoting/host/sas_injector.h"

 #include <memory>
 #include <utility>

 #include "base/files/file_path.h"
 #include "base/logging.h"
 #include "base/scoped_native_library.h"
 #include "base/win/registry.h"

 namespace remoting {

 namespace {

 // The registry key and value holding the policy controlling software SAS
 // generation.
 const wchar_t kSystemPolicyKeyName[] =
     L"Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System";
 const wchar_t kSoftwareSasValueName[] = L"SoftwareSASGeneration";

 const DWORD kEnableSoftwareSasByServices = 1;

 // https://docs.microsoft.com/en-us/windows/win32/api/sas/nf-sas-sendsas
 typedef void(NTAPI* SendSASFunction)(BOOL);

 // Toggles the default software SAS generation policy to enable SAS generation
 // by services. Non-default policy is not changed.
 class ScopedSoftwareSasPolicy {
  public:
   ScopedSoftwareSasPolicy();

   ScopedSoftwareSasPolicy(const ScopedSoftwareSasPolicy&) = delete;
   ScopedSoftwareSasPolicy& operator=(const ScopedSoftwareSasPolicy&) = delete;

   ~ScopedSoftwareSasPolicy();

   bool Apply();

  private:
   // The handle of the registry key were SoftwareSASGeneration policy is stored.
   base::win::RegKey system_policy_;

   // True if the policy needs to be restored.
   bool restore_policy_ = false;
 };

 ScopedSoftwareSasPolicy::ScopedSoftwareSasPolicy() = default;

 ScopedSoftwareSasPolicy::~ScopedSoftwareSasPolicy() {
   // Restore the default policy by deleting the value that we have set.
   if (restore_policy_) {
     LONG result = system_policy_.DeleteValue(kSoftwareSasValueName);
     if (result != ERROR_SUCCESS) {
       SetLastError(result);
       PLOG(ERROR) << "Failed to restore the software SAS generation policy";
     }
   }
 }

 bool ScopedSoftwareSasPolicy::Apply() {
   // Query the currently set SoftwareSASGeneration policy.
   LONG result =
       system_policy_.Open(HKEY_LOCAL_MACHINE, kSystemPolicyKeyName,
                           KEY_QUERY_VALUE | KEY_SET_VALUE | KEY_WOW64_64KEY);
   if (result != ERROR_SUCCESS) {
     SetLastError(result);
     PLOG(ERROR) << "Failed to open 'HKLM\\" << kSystemPolicyKeyName << "'";
     return false;
   }

   bool custom_policy = system_policy_.HasValue(kSoftwareSasValueName);

   // Override the default policy (i.e. there is no value in the registry) only.
   if (!custom_policy) {
     result = system_policy_.WriteValue(kSoftwareSasValueName,
                                        kEnableSoftwareSasByServices);
     if (result != ERROR_SUCCESS) {
       SetLastError(result);
       PLOG(ERROR) << "Failed to enable software SAS generation by services";
       return false;
     } else {
       restore_policy_ = true;
     }
   }

   return true;
 }

 }  // namespace

 // Sends Secure Attention Sequence.  Checks the current policy before sending.
 class SasInjectorWin : public SasInjector {
  public:
   SasInjectorWin();
   SasInjectorWin(const SasInjectorWin&) = delete;
   SasInjectorWin& operator=(const SasInjectorWin&) = delete;
   ~SasInjectorWin() override;

   // SasInjector implementation.
   bool InjectSas() override;
 };

 SasInjectorWin::SasInjectorWin() = default;

 SasInjectorWin::~SasInjectorWin() = default;

 bool SasInjectorWin::InjectSas() {
   // Enable software SAS generation by services and send SAS. SAS can still fail
   // if the policy does not allow services to generate software SAS.
   ScopedSoftwareSasPolicy enable_sas;
   if (!enable_sas.Apply()) {
     LOG(ERROR) << "SAS policy could not be applied, skipping SAS injection.";
     return false;
   }

   // Use LoadLibrary here as sas.dll is not consistently shipped on all Windows
   // SKUs (notably server releases) and linking against it prevents the host
   // from starting correctly.
   bool sas_injected = false;
   base::ScopedNativeLibrary library(base::FilePath(L"sas.dll"));
   if (library.is_valid()) {
     SendSASFunction send_sas_func = reinterpret_cast<SendSASFunction>(
         library.GetFunctionPointer("SendSAS"));
     if (send_sas_func) {
       sas_injected = true;
       send_sas_func(/*AsUser=*/FALSE);
     } else {
       LOG(ERROR) << "SendSAS() not found in sas.dll, skipping SAS injection.";
     }
   } else {
     LOG(ERROR) << "sas.dll could not be loaded, skipping SAS injection.";
   }
   return sas_injected;
 }

 std::unique_ptr<SasInjector> SasInjector::Create() {
   return std::make_unique<SasInjectorWin>();
 }

 }  // namespace remoting
	// Copyright 2012 The Chromium Authors
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	#include "remoting/host/sas_injector.h"

	#include <memory>
	#include <utility>

	#include "base/files/file_path.h"
	#include "base/logging.h"
	#include "base/scoped_native_library.h"
	#include "base/win/registry.h"

	namespace remoting {

	namespace {

	// The registry key and value holding the policy controlling software SAS
	// generation.
	const wchar_t kSystemPolicyKeyName[] =
	L"Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System";
	const wchar_t kSoftwareSasValueName[] = L"SoftwareSASGeneration";

	const DWORD kEnableSoftwareSasByServices = 1;

	// https://docs.microsoft.com/en-us/windows/win32/api/sas/nf-sas-sendsas
	typedef void(NTAPI* SendSASFunction)(BOOL);

	// Toggles the default software SAS generation policy to enable SAS generation
	// by services. Non-default policy is not changed.
	class ScopedSoftwareSasPolicy {
	public:
	ScopedSoftwareSasPolicy();

	ScopedSoftwareSasPolicy(const ScopedSoftwareSasPolicy&) = delete;
	ScopedSoftwareSasPolicy& operator=(const ScopedSoftwareSasPolicy&) = delete;

	~ScopedSoftwareSasPolicy();

	bool Apply();

	private:
	// The handle of the registry key were SoftwareSASGeneration policy is stored.
	base::win::RegKey system_policy_;

	// True if the policy needs to be restored.
	bool restore_policy_ = false;
	};

	ScopedSoftwareSasPolicy::ScopedSoftwareSasPolicy() = default;

	ScopedSoftwareSasPolicy::~ScopedSoftwareSasPolicy() {
	// Restore the default policy by deleting the value that we have set.
	if (restore_policy_) {
	LONG result = system_policy_.DeleteValue(kSoftwareSasValueName);
	if (result != ERROR_SUCCESS) {
	SetLastError(result);
	PLOG(ERROR) << "Failed to restore the software SAS generation policy";
	}
	}
	}

	bool ScopedSoftwareSasPolicy::Apply() {
	// Query the currently set SoftwareSASGeneration policy.
	LONG result =
	system_policy_.Open(HKEY_LOCAL_MACHINE, kSystemPolicyKeyName,
	KEY_QUERY_VALUE \| KEY_SET_VALUE \| KEY_WOW64_64KEY);
	if (result != ERROR_SUCCESS) {
	SetLastError(result);
	PLOG(ERROR) << "Failed to open 'HKLM\\" << kSystemPolicyKeyName << "'";
	return false;
	}

	bool custom_policy = system_policy_.HasValue(kSoftwareSasValueName);

	// Override the default policy (i.e. there is no value in the registry) only.
	if (!custom_policy) {
	result = system_policy_.WriteValue(kSoftwareSasValueName,
	kEnableSoftwareSasByServices);
	if (result != ERROR_SUCCESS) {
	SetLastError(result);
	PLOG(ERROR) << "Failed to enable software SAS generation by services";
	return false;
	} else {
	restore_policy_ = true;
	}
	}

	return true;
	}

	} // namespace

	// Sends Secure Attention Sequence. Checks the current policy before sending.
	class SasInjectorWin : public SasInjector {
	public:
	SasInjectorWin();
	SasInjectorWin(const SasInjectorWin&) = delete;
	SasInjectorWin& operator=(const SasInjectorWin&) = delete;
	~SasInjectorWin() override;

	// SasInjector implementation.
	bool InjectSas() override;
	};

	SasInjectorWin::SasInjectorWin() = default;

	SasInjectorWin::~SasInjectorWin() = default;

	bool SasInjectorWin::InjectSas() {
	// Enable software SAS generation by services and send SAS. SAS can still fail
	// if the policy does not allow services to generate software SAS.
	ScopedSoftwareSasPolicy enable_sas;
	if (!enable_sas.Apply()) {
	LOG(ERROR) << "SAS policy could not be applied, skipping SAS injection.";
	return false;
	}

	// Use LoadLibrary here as sas.dll is not consistently shipped on all Windows
	// SKUs (notably server releases) and linking against it prevents the host
	// from starting correctly.
	bool sas_injected = false;
	base::ScopedNativeLibrary library(base::FilePath(L"sas.dll"));
	if (library.is_valid()) {
	SendSASFunction send_sas_func = reinterpret_cast<SendSASFunction>(
	library.GetFunctionPointer("SendSAS"));
	if (send_sas_func) {
	sas_injected = true;
	send_sas_func(/AsUser=/FALSE);
	} else {
	LOG(ERROR) << "SendSAS() not found in sas.dll, skipping SAS injection.";
	}
	} else {
	LOG(ERROR) << "sas.dll could not be loaded, skipping SAS injection.";
	}
	return sas_injected;
	}

	std::unique_ptr<SasInjector> SasInjector::Create() {
	return std::make_unique<SasInjectorWin>();
	}

	} // namespace remoting