Changeset 66411 in vbox for trunk/src/VBox/Main

Timestamp:

Apr 3, 2017 9:09:37 PM (8 years ago)

Author:

vboxsync

Message:

VBox/Main: ​​​bugref:3300: VBoxSVC from terminal server session is not 'visible' - extended validation for VBoxSDS issues

Location:

trunk/src/VBox/Main

Files:

• Makefile.kmk (modified) (1 diff)
• include/VirtualBoxClientImpl.h (modified) (1 diff)
• src-client/VirtualBoxClientImpl.cpp (modified) (11 diffs)

trunk/src/VBox/Main/Makefile.kmk

@@ -990 +990 @@
         $(PATH_STAGE_LIB)/VBoxAPIWrap-x86$(VBOX_SUFF_LIB)
  VBoxClient-x86_LIBS.win = $(NO_SUCH_VARIABLE)
- VBoxClient-x86_LIBS.win.x86 = $(PATH_TOOL_$(VBOX_VCC_TOOL_STEM)X86_LIB)/delayimp.lib
+ VBoxClient-x86_LIBS.win.x86 += \
+    $(PATH_TOOL_$(VBOX_VCC_TOOL_STEM)X86_LIB)/delayimp.lib \
+        $(PATH_SDK_$(VBOX_WINPSDK)_LIB.x86)/WbemUuid.Lib
  VBoxClient-x86_CLEAN.win += $(VBoxClient-x86_0_OUTDIR)/VBoxClient-x86.rgs
  src-client/win/VBoxClient-x86.rc_DEPS = \

trunk/src/VBox/Main/include/VirtualBoxClientImpl.h

@@ -71 +71 @@
 #endif
 
+#ifdef VBOX_WITH_SDS
+    DWORD getServiceAccount(const wchar_t* wszServiceName, wchar_t* wszAccountName, size_t cbAccountNameSize);
+    HRESULT isServiceDisabled(const wchar_t* wszServiceName, bool* pOutIsDisabled);
+#endif
+
     static DECLCALLBACK(int) SVCWatcherThread(RTTHREAD ThreadSelf, void *pvUser);
 

trunk/src/VBox/Main/src-client/VirtualBoxClientImpl.cpp

@@ -28 +28 @@
 #include <iprt/semaphore.h>
 #include <iprt/cpp/utils.h>
+#include <iprt/utf16.h>
 #ifdef RT_OS_WINDOWS
 # include <iprt/ldr.h>
 # include <msi.h>
+# include <WbemIdl.h>
 #endif
 
@@ -76 +78 @@
     if (FAILED(rc))
     {
-        //AssertComRCThrow(rc, setError(rc,
-        //    tr("Could not create VirtualBoxSDS bridge object for VirtualBoxClient")));
         Assert(SUCCEEDED(rc));
         return rc;
@@ -84 +84 @@
     rc = aVirtualBoxSDS->get_VirtualBox(aVirtualBox.asOutParam());
     if (FAILED(rc))
-    {
         Assert(SUCCEEDED(rc));
-        //AssertComRCThrow(rc, setError(rc,
-        //    tr("Could not create VirtualBox object for VirtualBoxClient")));
-    }
+
     return rc;
 }
@@ -103 +100 @@
     if (FAILED(rc))
     {
-        //AssertComRCThrow(rc, setError(rc,
-        //    tr("Could not create VirtualBoxSDS bridge object for VirtualBoxClient")));
         LogRel(("ReleaseVirtualBox - instantiation of IVirtualBoxSDS failed, %x\n", rc));
         Assert(SUCCEEDED(rc));
@@ -117 +112 @@
     }
     return rc;
+}
+
+
+DWORD VirtualBoxClient::getServiceAccount(
+    const wchar_t* wszServiceName, 
+    wchar_t* wszAccountName, 
+    size_t cbAccountNameSize
+    )
+{
+    SC_HANDLE schSCManager;
+    SC_HANDLE schService;
+    LPQUERY_SERVICE_CONFIG pSc = NULL;
+    DWORD dwBytesNeeded;
+    int dwError;
+
+    Assert(wszServiceName);
+    Assert(wszAccountName);
+    Assert(cbAccountNameSize);
+
+    // Get a handle to the SCM database. 
+    schSCManager = OpenSCManager( NULL, NULL, SC_MANAGER_ALL_ACCESS);
+    if (NULL == schSCManager)
+    {
+        dwError = GetLastError();
+        LogRel(("Error: could not open SCM: %Rhrc\n"));
+        return RTErrConvertFromWin32(dwError);
+    }
+
+    // Get a handle to the service.
+    schService = OpenService(schSCManager, wszServiceName, SERVICE_QUERY_CONFIG);
+    if (schService == NULL)
+    {
+        dwError = GetLastError();
+        CloseServiceHandle(schSCManager);
+        LogRel(("Error: Could not open service: %Rwc\n", dwError));
+        return RTErrConvertFromWin32(dwError);
+    }
+
+    // Get the configuration information.
+    if (!QueryServiceConfig(schService, NULL, 0, &dwBytesNeeded))
+    {
+        dwError = GetLastError();
+        if (ERROR_INSUFFICIENT_BUFFER == dwError)
+        {
+            pSc = (LPQUERY_SERVICE_CONFIG)malloc(dwBytesNeeded);
+            if (!pSc)
+            {
+                LogRel(("Error: allocating memory for service config, %Rwc\n", dwError));
+                CloseServiceHandle(schSCManager);
+                CloseServiceHandle(schService);
+                return RTErrConvertFromWin32(dwError);
+            }
+            if (!QueryServiceConfig(schService, pSc, dwBytesNeeded, &dwBytesNeeded))
+            {
+                dwError = GetLastError();
+                LogRel(("Error: error in querying service config, %Rwc\n", dwError));
+                free(pSc);
+                CloseServiceHandle(schService);
+                CloseServiceHandle(schSCManager);
+                return RTErrConvertFromWin32(dwError);
+            }
+        }
+    }
+
+    dwError = RTUtf16Copy((RTUTF16*)wszAccountName, cbAccountNameSize / sizeof(RTUTF16), 
+        (RTUTF16*)pSc->lpServiceStartName);
+    if (RT_FAILURE(dwError))
+    {
+        LogRel(("Error: cannot copy account name to destination, %Rrc\n", dwError));
+        free(pSc);
+        CloseServiceHandle(schService);
+        CloseServiceHandle(schSCManager);
+        return RTErrConvertFromWin32(dwError);
+    }
+
+    free(pSc);
+    CloseServiceHandle(schService);
+    CloseServiceHandle(schSCManager);
+    return VINF_SUCCESS;
+}
+
+
+HRESULT VirtualBoxClient::isServiceDisabled(const wchar_t* wszServiceName, bool* pOutIsDisabled)
+{
+    Assert(pOutIsDisabled);
+    Assert(wszServiceName);
+    ComPtr<IWbemLocator> aLocator;
+    ComPtr<IWbemServices> aService;
+
+    HRESULT hr = CoCreateInstance(CLSID_WbemLocator, 0,
+        CLSCTX_INPROC_SERVER, IID_IWbemLocator, (LPVOID *)aLocator.asOutParam());
+    if (FAILED(hr))
+    {
+        LogRel(("Error: Cannot instantiate WbemLocator: %Rhrc", hr));
+        return hr;
+    }
+
+    hr = aLocator->ConnectServer(
+        com::Bstr(L"ROOT\\CIMV2").raw(), // Object path of WMI namespace
+        NULL,                    // User name. NULL = current user
+        NULL,                    // User password. NULL = current
+        0,                       // Locale. NULL indicates current
+        NULL,                    // Security flags.
+        0,                       // Authority (for example, Kerberos)
+        0,                       // Context object 
+        aService.asOutParam()    // pointer to IWbemServices proxy
+    );
+    if (FAILED(hr))
+    {
+        LogRel(("Error: Cannot connect to Wbem Service: %Rhrc\n", hr));
+        return hr;
+    }
+
+    // query settings for VBoxSDS windows service
+    ComPtr<IEnumWbemClassObject> aEnumerator;
+    hr = aService->ExecQuery(
+        com::Bstr("WQL").raw(),
+        com::BstrFmt("SELECT * FROM Win32_Service WHERE Name='%ls'", wszServiceName).raw(),
+        WBEM_FLAG_FORWARD_ONLY | WBEM_FLAG_RETURN_IMMEDIATELY,
+        NULL,
+        aEnumerator.asOutParam());
+    if (FAILED(hr) || aEnumerator == NULL)
+    {
+        LogRel(("Error: querying service settings from WMI: %Rhrc\n", hr));
+        return hr;
+    }
+
+    ULONG uReturn = 0;
+    ComPtr<IWbemClassObject> aVBoxSDSObj;
+    hr = aEnumerator->Next(WBEM_INFINITE, 1, aVBoxSDSObj.asOutParam(), &uReturn);
+    if (FAILED(hr))
+    {
+        LogRel(("Error: Cannot get Service WMI record: %Rhrc\n", hr));
+        return hr;
+    }
+    if (aVBoxSDSObj == NULL || uReturn == 0)
+    {
+        LogRel(("Error: Service record didn't exist in WMI: %Rhrc\n", hr));
+        return hr;
+    }
+
+    VARIANT vtProp;
+    VariantInit(&vtProp);
+
+    // Get "StartMode" property
+    hr = aVBoxSDSObj->Get(L"StartMode", 0, &vtProp, 0, 0);
+    if (FAILED(hr) || (vtProp.vt & VT_NULL) == VT_NULL)
+    {
+        LogRel(("Error: Didn't found StartMode property: %Rhrc\n", hr));
+        return hr;
+    }
+    
+    Assert((vtProp.vt & VT_BSTR) == VT_BSTR);
+
+    *pOutIsDisabled = RTUtf16Cmp((RTUTF16*)vtProp.bstrVal, 
+        (RTUTF16*)L"Disabled") == 0;
+
+    LogRel(("Service start mode is '%ls' \n", vtProp.bstrVal));
+
+    VariantClear(&vtProp);
+
+    return S_OK;
 }
 
@@ -130 +287 @@
 
 #ifdef VBOX_WITH_SDS
-    // TODO: AM rework for final version
     // setup COM Security to enable impersonation
     // This works for console Virtual Box clients, GUI has own security settings
@@ -143 +299 @@
                                                              EOAC_NONE,
                                                              NULL);
-    //Assert(RPC_E_TOO_LATE != hrGUICoInitializeSecurity);
     Assert(SUCCEEDED(hrGUICoInitializeSecurity) || hrGUICoInitializeSecurity == RPC_E_TOO_LATE);
 #endif
@@ -257 +412 @@
 HRESULT VirtualBoxClient::i_investigateVirtualBoxObjectCreationFailure(HRESULT hrcCaller)
 {
-    // TODO: AM place creation of VBox through SDS
      /*
      * First step is to try get an IUnknown interface of the VirtualBox object.
@@ -266 +420 @@
      */
     IUnknown *pUnknown = NULL;
+
+#ifdef VBOX_WITH_SDS
+    // Check the VBOXSDS service running account name is SYSTEM
+    wchar_t wszBuffer[256];
+    int dwError = getServiceAccount(L"VBoxSDS", wszBuffer, sizeof(wszBuffer));
+    if(RT_FAILURE(dwError))
+        return setError(hrcCaller, tr("Failed to instantiate CLSID_VirtualBox using VBoxSDS: The VBoxSDS is unavailable: %Rwc"), dwError);
+
+    LogRelFunc(("VBoxSDS service is running under '%ls' account.\n", wszBuffer));
+
+    if(RTUtf16Cmp(L"LocalSystem", wszBuffer) != 0)
+        return setError(hrcCaller, 
+            tr("VBoxSDS should be run under SYSTEM account, but it started under '%ls' account:\n"
+                "Change VBoxSDS Windows Service Logon parameters in Service Control Manager. \n%Rhrc"
+               ), wszBuffer, hrcCaller);
+
+    bool bIsVBoxSDSDisabled = false;
+    HRESULT hrc = isServiceDisabled(L"VBoxSDS", &bIsVBoxSDSDisabled);
+    if (FAILED(hrc))
+    {
+        return setError(hrcCaller, tr("Failed to get information about VBoxSDS using WMI:: %Rhrc & %Rhrc"), hrcCaller, hrc);
+    }
+    if (bIsVBoxSDSDisabled)
+    {
+        return setError(hrcCaller, tr("Completely failed to instantiate CLSID_VirtualBox using VBoxSDS: "
+            "VBoxSDS windows service disabled.\n"
+            "Enable VBoxSDS Windows Service using Windows Service Management Console.\n %Rhrc"), hrcCaller);
+    }
+
+    // Check the VBoxSDS windows service is enabled
+    ComPtr<IVirtualBox> aVirtualBox;
+    hrc = CreateVirtualBoxThroughSDS(aVirtualBox);
+    if (FAILED(hrc))
+    {
+        if (hrc == hrcCaller)
+            return setError(hrcCaller, tr("Completely failed to instantiate CLSID_VirtualBox using VBoxSDS: %Rhrc"), hrcCaller);
+        return setError(hrcCaller, tr("Completely failed to instantiate CLSID_VirtualBox using VBoxSDS: %Rhrc & %Rhrc"), hrcCaller, hrc);
+    }
+
+    hrc = aVirtualBox.queryInterfaceTo<IUnknown>(&pUnknown);
+    if (FAILED(hrc))
+    {
+        if (hrc == hrcCaller)
+            return setError(hrcCaller, tr("Completely failed to instantiate CLSID_VirtualBox using VBoxSDS: %Rhrc"), hrcCaller);
+        return setError(hrcCaller, tr("Completely failed to instantiate CLSID_VirtualBox using VBoxSDS: %Rhrc & %Rhrc"), hrcCaller, hrc);
+    }
+#else
     HRESULT hrc = CoCreateInstance(CLSID_VirtualBox, NULL, CLSCTX_LOCAL_SERVER, IID_IUnknown, (void **)&pUnknown);
     if (FAILED(hrc))
@@ -273 +474 @@
         return setError(hrcCaller, tr("Completely failed to instantiate CLSID_VirtualBox: %Rhrc & %Rhrc"), hrcCaller, hrc);
     }
+#endif
 
     /*
@@ -530 +732 @@
 /////////////////////////////////////////////////////////////////////////////
 
+
+// TODO: AM Add pinging of VBoxSDS
 /*static*/
 DECLCALLBACK(int) VirtualBoxClient::SVCWatcherThread(RTTHREAD ThreadSelf,