VirtualBox

source: vbox/trunk/src/VBox/Additions/common/VBoxService/VBoxServiceControl.cpp@ 71874

Last change on this file since 71874 was 69500, checked in by vboxsync, 7 years ago

*: scm --update-copyright-year

  • Property svn:eol-style set to native
  • Property svn:keywords set to Author Date Id Revision
File size: 20.5 KB
Line 
1/* $Id: VBoxServiceControl.cpp 69500 2017-10-28 15:14:05Z vboxsync $ */
2/** @file
3 * VBoxServiceControl - Host-driven Guest Control.
4 */
5
6/*
7 * Copyright (C) 2012-2017 Oracle Corporation
8 *
9 * This file is part of VirtualBox Open Source Edition (OSE), as
10 * available from http://www.virtualbox.org. This file is free software;
11 * you can redistribute it and/or modify it under the terms of the GNU
12 * General Public License (GPL) as published by the Free Software
13 * Foundation, in version 2 as it comes in the "COPYING" file of the
14 * VirtualBox OSE distribution. VirtualBox OSE is distributed in the
15 * hope that it will be useful, but WITHOUT ANY WARRANTY of any kind.
16 */
17
18/** @page pg_vgsvc_gstctrl VBoxService - Guest Control
19 *
20 * The Guest Control subservice helps implementing the IGuest APIs.
21 *
22 * The communication between this service (and its children) and IGuest goes
23 * over the HGCM GuestControl service.
24 *
25 * The IGuest APIs provides means to manipulate (control) files, directories,
26 * symbolic links and processes within the guest. Most of these means requires
27 * credentials of a guest OS user to operate, though some restricted ones
28 * operates directly as the VBoxService user (root / system service account).
29 *
30 * The current design is that a subprocess is spawned for handling operations as
31 * a given user. This process is represented as IGuestSession in the API. The
32 * subprocess will be spawned as the given use, giving up the privileges the
33 * parent subservice had.
34 *
35 * It will try handle as many of the operations directly from within the
36 * subprocess, but for more complicated things (or things that haven't yet been
37 * converted), it will spawn a helper process that does the actual work.
38 *
39 * These helpers are the typically modeled on similar unix core utilities, like
40 * mkdir, rm, rmdir, cat and so on. The helper tools can also be launched
41 * directly from VBoxManage by the user by prepending the 'vbox_' prefix to the
42 * unix command.
43 *
44 */
45
46
47/*********************************************************************************************************************************
48* Header Files *
49*********************************************************************************************************************************/
50#include <iprt/asm.h>
51#include <iprt/assert.h>
52#include <iprt/env.h>
53#include <iprt/file.h>
54#include <iprt/getopt.h>
55#include <iprt/mem.h>
56#include <iprt/path.h>
57#include <iprt/process.h>
58#include <iprt/semaphore.h>
59#include <iprt/thread.h>
60#include <VBox/VBoxGuestLib.h>
61#include <VBox/HostServices/GuestControlSvc.h>
62#include "VBoxServiceInternal.h"
63#include "VBoxServiceControl.h"
64#include "VBoxServiceUtils.h"
65
66using namespace guestControl;
67
68
69/*********************************************************************************************************************************
70* Global Variables *
71*********************************************************************************************************************************/
72/** The control interval (milliseconds). */
73static uint32_t g_msControlInterval = 0;
74/** The semaphore we're blocking our main control thread on. */
75static RTSEMEVENTMULTI g_hControlEvent = NIL_RTSEMEVENTMULTI;
76/** The VM session ID. Changes whenever the VM is restored or reset. */
77static uint64_t g_idControlSession;
78/** The guest control service client ID. */
79static uint32_t g_uControlSvcClientID = 0;
80#if 0 /** @todo process limit */
81/** How many started guest processes are kept into memory for supplying
82 * information to the host. Default is 256 processes. If 0 is specified,
83 * the maximum number of processes is unlimited. */
84static uint32_t g_uControlProcsMaxKept = 256;
85#endif
86/** List of guest control session threads (VBOXSERVICECTRLSESSIONTHREAD).
87 * A guest session thread represents a forked guest session process
88 * of VBoxService. */
89RTLISTANCHOR g_lstControlSessionThreads;
90/** The local session object used for handling all session-related stuff.
91 * When using the legacy guest control protocol (< 2), this session runs
92 * under behalf of the VBoxService main process. On newer protocol versions
93 * each session is a forked version of VBoxService using the appropriate
94 * user credentials for opening a guest session. These forked sessions then
95 * are kept in VBOXSERVICECTRLSESSIONTHREAD structures. */
96VBOXSERVICECTRLSESSION g_Session;
97
98
99/*********************************************************************************************************************************
100* Internal Functions *
101*********************************************************************************************************************************/
102static int vgsvcGstCtrlHandleSessionOpen(PVBGLR3GUESTCTRLCMDCTX pHostCtx);
103static int vgsvcGstCtrlHandleSessionClose(PVBGLR3GUESTCTRLCMDCTX pHostCtx);
104static void vgsvcGstCtrlShutdown(void);
105
106
107/**
108 * @interface_method_impl{VBOXSERVICE,pfnPreInit}
109 */
110static DECLCALLBACK(int) vgsvcGstCtrlPreInit(void)
111{
112 int rc;
113#ifdef VBOX_WITH_GUEST_PROPS
114 /*
115 * Read the service options from the VM's guest properties.
116 * Note that these options can be overridden by the command line options later.
117 */
118 uint32_t uGuestPropSvcClientID;
119 rc = VbglR3GuestPropConnect(&uGuestPropSvcClientID);
120 if (RT_FAILURE(rc))
121 {
122 if (rc == VERR_HGCM_SERVICE_NOT_FOUND) /* Host service is not available. */
123 {
124 VGSvcVerbose(0, "Guest property service is not available, skipping\n");
125 rc = VINF_SUCCESS;
126 }
127 else
128 VGSvcError("Failed to connect to the guest property service, rc=%Rrc\n", rc);
129 }
130 else
131 VbglR3GuestPropDisconnect(uGuestPropSvcClientID);
132
133 if (rc == VERR_NOT_FOUND) /* If a value is not found, don't be sad! */
134 rc = VINF_SUCCESS;
135#else
136 /* Nothing to do here yet. */
137 rc = VINF_SUCCESS;
138#endif
139
140 if (RT_SUCCESS(rc))
141 {
142 /* Init session object. */
143 rc = VGSvcGstCtrlSessionInit(&g_Session, 0 /* Flags */);
144 }
145
146 return rc;
147}
148
149
150/**
151 * @interface_method_impl{VBOXSERVICE,pfnOption}
152 */
153static DECLCALLBACK(int) vgsvcGstCtrlOption(const char **ppszShort, int argc, char **argv, int *pi)
154{
155 int rc = -1;
156 if (ppszShort)
157 /* no short options */;
158 else if (!strcmp(argv[*pi], "--control-interval"))
159 rc = VGSvcArgUInt32(argc, argv, "", pi,
160 &g_msControlInterval, 1, UINT32_MAX - 1);
161#ifdef DEBUG
162 else if (!strcmp(argv[*pi], "--control-dump-stdout"))
163 {
164 g_Session.fFlags |= VBOXSERVICECTRLSESSION_FLAG_DUMPSTDOUT;
165 rc = 0; /* Flag this command as parsed. */
166 }
167 else if (!strcmp(argv[*pi], "--control-dump-stderr"))
168 {
169 g_Session.fFlags |= VBOXSERVICECTRLSESSION_FLAG_DUMPSTDERR;
170 rc = 0; /* Flag this command as parsed. */
171 }
172#endif
173 return rc;
174}
175
176
177/**
178 * @interface_method_impl{VBOXSERVICE,pfnInit}
179 */
180static DECLCALLBACK(int) vgsvcGstCtrlInit(void)
181{
182 /*
183 * If not specified, find the right interval default.
184 * Then create the event sem to block on.
185 */
186 if (!g_msControlInterval)
187 g_msControlInterval = 1000;
188
189 int rc = RTSemEventMultiCreate(&g_hControlEvent);
190 AssertRCReturn(rc, rc);
191
192 VbglR3GetSessionId(&g_idControlSession);
193 /* The status code is ignored as this information is not available with VBox < 3.2.10. */
194
195 if (RT_SUCCESS(rc))
196 rc = VbglR3GuestCtrlConnect(&g_uControlSvcClientID);
197 if (RT_SUCCESS(rc))
198 {
199 VGSvcVerbose(3, "Guest control service client ID=%RU32\n", g_uControlSvcClientID);
200
201 /* Init session thread list. */
202 RTListInit(&g_lstControlSessionThreads);
203 }
204 else
205 {
206 /* If the service was not found, we disable this service without
207 causing VBoxService to fail. */
208 if (rc == VERR_HGCM_SERVICE_NOT_FOUND) /* Host service is not available. */
209 {
210 VGSvcVerbose(0, "Guest control service is not available\n");
211 rc = VERR_SERVICE_DISABLED;
212 }
213 else
214 VGSvcError("Failed to connect to the guest control service! Error: %Rrc\n", rc);
215 RTSemEventMultiDestroy(g_hControlEvent);
216 g_hControlEvent = NIL_RTSEMEVENTMULTI;
217 }
218 return rc;
219}
220
221
222/**
223 * @interface_method_impl{VBOXSERVICE,pfnWorker}
224 */
225static DECLCALLBACK(int) vgsvcGstCtrlWorker(bool volatile *pfShutdown)
226{
227 /*
228 * Tell the control thread that it can continue
229 * spawning services.
230 */
231 RTThreadUserSignal(RTThreadSelf());
232 Assert(g_uControlSvcClientID > 0);
233
234 int rc = VINF_SUCCESS;
235
236 /* Allocate a scratch buffer for commands which also send
237 * payload data with them. */
238 uint32_t cbScratchBuf = _64K; /** @todo Make buffer size configurable via guest properties/argv! */
239 AssertReturn(RT_IS_POWER_OF_TWO(cbScratchBuf), VERR_INVALID_PARAMETER);
240 uint8_t *pvScratchBuf = (uint8_t*)RTMemAlloc(cbScratchBuf);
241 AssertReturn(pvScratchBuf, VERR_NO_MEMORY);
242
243 VBGLR3GUESTCTRLCMDCTX ctxHost = { g_uControlSvcClientID };
244 /* Set default protocol version to 1. */
245 ctxHost.uProtocol = 1;
246
247 int cRetrievalFailed = 0; /* Number of failed message retrievals in a row. */
248 for (;;)
249 {
250 VGSvcVerbose(3, "Waiting for host msg ...\n");
251 uint32_t uMsg = 0;
252 uint32_t cParms = 0;
253 rc = VbglR3GuestCtrlMsgWaitFor(g_uControlSvcClientID, &uMsg, &cParms);
254 if (rc == VERR_TOO_MUCH_DATA)
255 {
256#ifdef DEBUG
257 VGSvcVerbose(4, "Message requires %ld parameters, but only 2 supplied -- retrying request (no error!)...\n",
258 cParms);
259#endif
260 rc = VINF_SUCCESS; /* Try to get "real" message in next block below. */
261 }
262 else if (RT_FAILURE(rc))
263 {
264 /* Note: VERR_GEN_IO_FAILURE seems to be normal if ran into timeout. */
265 VGSvcError("Getting host message failed with %Rrc\n", rc);
266
267 /* Check for VM session change. */
268 uint64_t idNewSession = g_idControlSession;
269 int rc2 = VbglR3GetSessionId(&idNewSession);
270 if ( RT_SUCCESS(rc2)
271 && (idNewSession != g_idControlSession))
272 {
273 VGSvcVerbose(1, "The VM session ID changed\n");
274 g_idControlSession = idNewSession;
275
276 /* Close all opened guest sessions -- all context IDs, sessions etc.
277 * are now invalid. */
278 rc2 = VGSvcGstCtrlSessionClose(&g_Session);
279 AssertRC(rc2);
280
281 /* Do a reconnect. */
282 VGSvcVerbose(1, "Reconnecting to HGCM service ...\n");
283 rc2 = VbglR3GuestCtrlConnect(&g_uControlSvcClientID);
284 if (RT_SUCCESS(rc2))
285 {
286 VGSvcVerbose(3, "Guest control service client ID=%RU32\n", g_uControlSvcClientID);
287 cRetrievalFailed = 0;
288 continue; /* Skip waiting. */
289 }
290 else
291 {
292 VGSvcError("Unable to re-connect to HGCM service, rc=%Rrc, bailing out\n", rc);
293 break;
294 }
295 }
296
297 if (++cRetrievalFailed > 16) /** @todo Make this configurable? */
298 {
299 VGSvcError("Too many failed attempts in a row to get next message, bailing out\n");
300 break;
301 }
302
303 RTThreadSleep(1000); /* Wait a bit before retrying. */
304 }
305
306 if (RT_SUCCESS(rc))
307 {
308 VGSvcVerbose(4, "Msg=%RU32 (%RU32 parms) retrieved\n", uMsg, cParms);
309 cRetrievalFailed = 0; /* Reset failed retrieval count. */
310
311 /* Set number of parameters for current host context. */
312 ctxHost.uNumParms = cParms;
313
314 /* Check for VM session change. */
315 uint64_t idNewSession = g_idControlSession;
316 int rc2 = VbglR3GetSessionId(&idNewSession);
317 if ( RT_SUCCESS(rc2)
318 && (idNewSession != g_idControlSession))
319 {
320 VGSvcVerbose(1, "The VM session ID changed\n");
321 g_idControlSession = idNewSession;
322
323 /* Close all opened guest sessions -- all context IDs, sessions etc.
324 * are now invalid. */
325 rc2 = VGSvcGstCtrlSessionClose(&g_Session);
326 AssertRC(rc2);
327 }
328
329 switch (uMsg)
330 {
331 case HOST_CANCEL_PENDING_WAITS:
332 VGSvcVerbose(1, "We were asked to quit ...\n");
333 break;
334
335 case HOST_SESSION_CREATE:
336 rc = vgsvcGstCtrlHandleSessionOpen(&ctxHost);
337 break;
338
339 case HOST_SESSION_CLOSE:
340 rc = vgsvcGstCtrlHandleSessionClose(&ctxHost);
341 break;
342
343 default:
344 {
345 /*
346 * Protocol v1 did not have support for (dedicated)
347 * guest sessions, so all actions need to be performed
348 * under behalf of VBoxService's main executable.
349 *
350 * The global session object then acts as a host for all
351 * started guest processes which bring all their
352 * credentials with them with the actual guest process
353 * execution call.
354 */
355 if (ctxHost.uProtocol == 1)
356 rc = VGSvcGstCtrlSessionHandler(&g_Session, uMsg, &ctxHost, pvScratchBuf, cbScratchBuf, pfShutdown);
357 else
358 {
359 /*
360 * ... on newer protocols handling all other commands is
361 * up to the guest session fork of VBoxService, so just
362 * skip all not wanted messages here.
363 */
364 rc = VbglR3GuestCtrlMsgSkip(g_uControlSvcClientID);
365 VGSvcVerbose(3, "Skipping uMsg=%RU32, cParms=%RU32, rc=%Rrc\n", uMsg, cParms, rc);
366 }
367 break;
368 }
369 }
370 }
371
372 /* Do we need to shutdown? */
373 if ( *pfShutdown
374 || (RT_SUCCESS(rc) && uMsg == HOST_CANCEL_PENDING_WAITS))
375 {
376 break;
377 }
378
379 /* Let's sleep for a bit and let others run ... */
380 RTThreadYield();
381 }
382
383 VGSvcVerbose(0, "Guest control service stopped\n");
384
385 /* Delete scratch buffer. */
386 if (pvScratchBuf)
387 RTMemFree(pvScratchBuf);
388
389 VGSvcVerbose(0, "Guest control worker returned with rc=%Rrc\n", rc);
390 return rc;
391}
392
393
394static int vgsvcGstCtrlHandleSessionOpen(PVBGLR3GUESTCTRLCMDCTX pHostCtx)
395{
396 AssertPtrReturn(pHostCtx, VERR_INVALID_POINTER);
397
398 VBOXSERVICECTRLSESSIONSTARTUPINFO ssInfo = { 0 };
399 int rc = VbglR3GuestCtrlSessionGetOpen(pHostCtx,
400 &ssInfo.uProtocol,
401 ssInfo.szUser, sizeof(ssInfo.szUser),
402 ssInfo.szPassword, sizeof(ssInfo.szPassword),
403 ssInfo.szDomain, sizeof(ssInfo.szDomain),
404 &ssInfo.fFlags, &ssInfo.uSessionID);
405 if (RT_SUCCESS(rc))
406 {
407 /* The session open call has the protocol version the host
408 * wants to use. So update the current protocol version with the one the
409 * host wants to use in subsequent calls. */
410 pHostCtx->uProtocol = ssInfo.uProtocol;
411 VGSvcVerbose(3, "Client ID=%RU32 now is using protocol %RU32\n", pHostCtx->uClientID, pHostCtx->uProtocol);
412
413 rc = VGSvcGstCtrlSessionThreadCreate(&g_lstControlSessionThreads, &ssInfo, NULL /* ppSessionThread */);
414 }
415
416 if (RT_FAILURE(rc))
417 {
418 /* Report back on failure. On success this will be done
419 * by the forked session thread. */
420 int rc2 = VbglR3GuestCtrlSessionNotify(pHostCtx, GUEST_SESSION_NOTIFYTYPE_ERROR, rc /* uint32_t vs. int */);
421 if (RT_FAILURE(rc2))
422 VGSvcError("Reporting session error status on open failed with rc=%Rrc\n", rc2);
423 }
424
425 VGSvcVerbose(3, "Opening a new guest session returned rc=%Rrc\n", rc);
426 return rc;
427}
428
429
430static int vgsvcGstCtrlHandleSessionClose(PVBGLR3GUESTCTRLCMDCTX pHostCtx)
431{
432 AssertPtrReturn(pHostCtx, VERR_INVALID_POINTER);
433
434 uint32_t uSessionID;
435 uint32_t fFlags;
436 int rc = VbglR3GuestCtrlSessionGetClose(pHostCtx, &fFlags, &uSessionID);
437 if (RT_SUCCESS(rc))
438 {
439 rc = VERR_NOT_FOUND;
440
441 PVBOXSERVICECTRLSESSIONTHREAD pThread;
442 RTListForEach(&g_lstControlSessionThreads, pThread, VBOXSERVICECTRLSESSIONTHREAD, Node)
443 {
444 if (pThread->StartupInfo.uSessionID == uSessionID)
445 {
446 rc = VGSvcGstCtrlSessionThreadDestroy(pThread, fFlags);
447 break;
448 }
449 }
450#if 0
451 if (RT_FAILURE(rc))
452 {
453 /* Report back on failure. On success this will be done
454 * by the forked session thread. */
455 int rc2 = VbglR3GuestCtrlSessionNotify(pHostCtx,
456 GUEST_SESSION_NOTIFYTYPE_ERROR, rc);
457 if (RT_FAILURE(rc2))
458 {
459 VGSvcError("Reporting session error status on close failed with rc=%Rrc\n", rc2);
460 if (RT_SUCCESS(rc))
461 rc = rc2;
462 }
463 }
464#endif
465 VGSvcVerbose(2, "Closing guest session %RU32 returned rc=%Rrc\n", uSessionID, rc);
466 }
467 else
468 VGSvcError("Closing guest session %RU32 failed with rc=%Rrc\n", uSessionID, rc);
469 return rc;
470}
471
472
473/**
474 * @interface_method_impl{VBOXSERVICE,pfnStop}
475 */
476static DECLCALLBACK(void) vgsvcGstCtrlStop(void)
477{
478 VGSvcVerbose(3, "Stopping ...\n");
479
480 /** @todo Later, figure what to do if we're in RTProcWait(). It's a very
481 * annoying call since doesn't support timeouts in the posix world. */
482 if (g_hControlEvent != NIL_RTSEMEVENTMULTI)
483 RTSemEventMultiSignal(g_hControlEvent);
484
485 /*
486 * Ask the host service to cancel all pending requests for the main
487 * control thread so that we can shutdown properly here.
488 */
489 if (g_uControlSvcClientID)
490 {
491 VGSvcVerbose(3, "Cancelling pending waits (client ID=%u) ...\n",
492 g_uControlSvcClientID);
493
494 int rc = VbglR3GuestCtrlCancelPendingWaits(g_uControlSvcClientID);
495 if (RT_FAILURE(rc))
496 VGSvcError("Cancelling pending waits failed; rc=%Rrc\n", rc);
497 }
498}
499
500
501/**
502 * Destroys all guest process threads which are still active.
503 */
504static void vgsvcGstCtrlShutdown(void)
505{
506 VGSvcVerbose(2, "Shutting down ...\n");
507
508 int rc2 = VGSvcGstCtrlSessionThreadDestroyAll(&g_lstControlSessionThreads, 0 /* Flags */);
509 if (RT_FAILURE(rc2))
510 VGSvcError("Closing session threads failed with rc=%Rrc\n", rc2);
511
512 rc2 = VGSvcGstCtrlSessionClose(&g_Session);
513 if (RT_FAILURE(rc2))
514 VGSvcError("Closing session failed with rc=%Rrc\n", rc2);
515
516 VGSvcVerbose(2, "Shutting down complete\n");
517}
518
519
520/**
521 * @interface_method_impl{VBOXSERVICE,pfnTerm}
522 */
523static DECLCALLBACK(void) vgsvcGstCtrlTerm(void)
524{
525 VGSvcVerbose(3, "Terminating ...\n");
526
527 vgsvcGstCtrlShutdown();
528
529 VGSvcVerbose(3, "Disconnecting client ID=%u ...\n", g_uControlSvcClientID);
530 VbglR3GuestCtrlDisconnect(g_uControlSvcClientID);
531 g_uControlSvcClientID = 0;
532
533 if (g_hControlEvent != NIL_RTSEMEVENTMULTI)
534 {
535 RTSemEventMultiDestroy(g_hControlEvent);
536 g_hControlEvent = NIL_RTSEMEVENTMULTI;
537 }
538}
539
540
541/**
542 * The 'vminfo' service description.
543 */
544VBOXSERVICE g_Control =
545{
546 /* pszName. */
547 "control",
548 /* pszDescription. */
549 "Host-driven Guest Control",
550 /* pszUsage. */
551#ifdef DEBUG
552 " [--control-dump-stderr] [--control-dump-stdout]\n"
553#endif
554 " [--control-interval <ms>]"
555 ,
556 /* pszOptions. */
557#ifdef DEBUG
558 " --control-dump-stderr Dumps all guest proccesses stderr data to the\n"
559 " temporary directory.\n"
560 " --control-dump-stdout Dumps all guest proccesses stdout data to the\n"
561 " temporary directory.\n"
562#endif
563 " --control-interval Specifies the interval at which to check for\n"
564 " new control commands. The default is 1000 ms.\n"
565 ,
566 /* methods */
567 vgsvcGstCtrlPreInit,
568 vgsvcGstCtrlOption,
569 vgsvcGstCtrlInit,
570 vgsvcGstCtrlWorker,
571 vgsvcGstCtrlStop,
572 vgsvcGstCtrlTerm
573};
574
Note: See TracBrowser for help on using the repository browser.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette