VirtualBox

Browse Source

Changeset 75807 in vbox

Timestamp:

Nov 29, 2018 7:09:21 AM (6 years ago)

Author:

vboxsync

Message:

VBoxGuestControl: Optimizing message handling - part 3. bugref:9313

Location:

Files:

: 6 edited

include/VBox/VBoxGuestLib.h (modified) (1 diff)
src/VBox/Additions/common/VBoxGuest/lib/VBoxGuestR3LibGuestCtrl.cpp (modified) (12 diffs)
src/VBox/Additions/common/VBoxService/VBoxServiceControl.cpp (modified) (10 diffs)
src/VBox/Additions/common/VBoxService/VBoxServiceControl.h (modified) (3 diffs)
src/VBox/Additions/common/VBoxService/VBoxServiceControlProcess.cpp (modified) (1 diff)
src/VBox/Additions/common/VBoxService/VBoxServiceControlSession.cpp (modified) (15 diffs)

Legend:

: Unmodified
: Added
: Removed

trunk/include/VBox/VBoxGuestLib.h

-              r75798
+              r75807
 VBGLR3DECL(int) VbglR3GuestCtrlConnect(uint32_t *pidClient);
 VBGLR3DECL(int) VbglR3GuestCtrlDisconnect(uint32_t idClient);
+VBGLR3DECL(bool) VbglR3GuestCtrlSupportsOptimizations(uint32_t idClient);
+VBGLR3DECL(int) VbglR3GuestCtrlMakeMeMaster(uint32_t idClient);
 VBGLR3DECL(int) VbglR3GuestCtrlMsgFilterSet(uint32_t uClientId, uint32_t uValue, uint32_t uMaskAdd, uint32_t uMaskRemove);
 VBGLR3DECL(int) VbglR3GuestCtrlMsgReply(PVBGLR3GUESTCTRLCMDCTX pCtx, int rc);
 VBGLR3DECL(int) VbglR3GuestCtrlMsgReplyEx(PVBGLR3GUESTCTRLCMDCTX pCtx, int rc, uint32_t uType,
                                           void *pvPayload, uint32_t cbPayload);
+VBGLR3DECL(int) VbglR3GuestCtrlMsgSkip(uint32_t idClient);
 VBGLR3DECL(int) VbglR3GuestCtrlMsgSkipOld(uint32_t uClientId);
 VBGLR3DECL(int) VbglR3GuestCtrlMsgPeekWait(uint32_t idClient, uint32_t *pidMsg, uint32_t *pcParameters);
 VBGLR3DECL(int) VbglR3GuestCtrlCancelPendingWaits(HGCMCLIENTID idClient);
 /* Guest session handling. */
+VBGLR3DECL(int) VbglR3GuestCtrlSessionPrepare(uint32_t idClient, uint32_t idSession, void const *pvKey, uint32_t cbKey);
+VBGLR3DECL(int) VbglR3GuestCtrlSessionAccept(uint32_t idClient, uint32_t idSession, void const *pvKey, uint32_t cbKey);
+VBGLR3DECL(int) VbglR3GuestCtrlSessionCancelPrepared(uint32_t idClient, uint32_t idSession);
 VBGLR3DECL(int) VbglR3GuestCtrlSessionClose(PVBGLR3GUESTCTRLCMDCTX pCtx, uint32_t fFlags);
 VBGLR3DECL(int) VbglR3GuestCtrlSessionNotify(PVBGLR3GUESTCTRLCMDCTX pCtx, uint32_t uType, uint32_t uResult);
+VBGLR3DECL(int) VbglR3GuestCtrlSessionNotify(PVBGLR3GUESTCTRLCMDCTX pCtx, uint32_t uType, int32_t iResult);
 VBGLR3DECL(int) VbglR3GuestCtrlSessionGetOpen(PVBGLR3GUESTCTRLCMDCTX pCtx, uint32_t *puProtocol, char *pszUser, uint32_t cbUser,
                                               char *pszPassword, uint32_t  cbPassword, char *pszDomain, uint32_t cbDomain,

trunk/src/VBox/Additions/common/VBoxGuest/lib/VBoxGuestR3LibGuestCtrl.cpp

-              r75804
+              r75807
+ *
  * @returns VBox status code.
  * @param   uClientId       The client ID returned by VbglR3GuestCtrlConnect().
+ * @param   idClient        The client ID returned by VbglR3GuestCtrlConnect().
  * @param   pidMsg          Where to store the message id.
  * @param   pcParameters    Where to store the number  of parameters which will
  *                          be received in a second call to the host.
  */
 static int vbglR3GuestCtrlMsgWaitFor(uint32_t uClientId, uint32_t *pidMsg, uint32_t *pcParameters)
+static int vbglR3GuestCtrlMsgWaitFor(uint32_t idClient, uint32_t *pidMsg, uint32_t *pcParameters)
+{
     AssertPtrReturn(pidMsg, VERR_INVALID_POINTER);
 …
     HGCMMsgCmdWaitFor Msg;
     VBGL_HGCM_HDR_INIT(&Msg.hdr, uClientId,
+    VBGL_HGCM_HDR_INIT(&Msg.hdr, idClient,
                        GUEST_MSG_WAIT,      /* Tell the host we want our next command. */
 );                  /* Just peek for the next message! */
 …
 /**
+ * Checks if the host supports the optimizes message and session functions.
+ *
+ * @returns true / false.
+ * @param   idClient    The client ID returned by VbglR3GuestCtrlConnect().
+ *                      We may need to use this for checking.
+ * @since   6.0
+ */
+VBGLR3DECL(bool) VbglR3GuestCtrlSupportsOptimizations(uint32_t idClient)
+{
+    return vbglR3GuestCtrlSupportsPeekGetCancel(idClient);
+}
+/**
+ * Make us the guest control master client.
+ *
+ * @returns VBox status code.
+ * @param   idClient    The client ID returned by VbglR3GuestCtrlConnect().
+ */
+VBGLR3DECL(int) VbglR3GuestCtrlMakeMeMaster(uint32_t idClient)
+{
+    int rc;
+    do
+    {
+        VBGLIOCHGCMCALL Hdr;
+        VBGL_HGCM_HDR_INIT(&Hdr, idClient, GUEST_MAKE_ME_MASTER, 0);
+        rc = VbglR3HGCMCall(&Hdr, sizeof(Hdr));
+    } while (rc == VERR_INTERRUPTED);
+    return rc;
+}
+/**
  * Peeks at the next host message, waiting for one to turn up.
+ *
 …
         VbglHGCMParmUInt32Set(&Msg.num_parms, 0);
         rc = VbglR3HGCMCall(&Msg.hdr, sizeof(Msg));
+        LogRel(("VbglR3GuestCtrlMsgPeekWait -> %Rrc\n", rc));
         if (RT_SUCCESS(rc))
+        {
 …
+ *
  * @return  IPRT status code.
  * @param   uClientId       The client ID returned by VbglR3GuestCtrlConnect().
+ * @param   idClient        The client ID returned by VbglR3GuestCtrlConnect().
  * @param   uValue          The value to filter messages for.
  * @param   uMaskAdd        Filter mask to add.
  * @param   uMaskRemove     Filter mask to remove.
  */
 VBGLR3DECL(int) VbglR3GuestCtrlMsgFilterSet(uint32_t uClientId, uint32_t uValue, uint32_t uMaskAdd, uint32_t uMaskRemove)
+VBGLR3DECL(int) VbglR3GuestCtrlMsgFilterSet(uint32_t idClient, uint32_t uValue, uint32_t uMaskAdd, uint32_t uMaskRemove)
+{
     HGCMMsgCmdFilterSet Msg;
     /* Tell the host we want to set a filter. */
     VBGL_HGCM_HDR_INIT(&Msg.hdr, uClientId, GUEST_MSG_FILTER_SET, 4);
+    VBGL_HGCM_HDR_INIT(&Msg.hdr, idClient, GUEST_MSG_FILTER_SET, 4);
     VbglHGCMParmUInt32Set(&Msg.value, uValue);
     VbglHGCMParmUInt32Set(&Msg.mask_add, uMaskAdd);
 …
+}
+/**
+ * Tell the host to skip the current message replying VERR_NOT_SUPPORTED
+ *
+ * @return  IPRT status code.
+ * @param   idClient        The client ID returned by VbglR3GuestCtrlConnect().
+ */
+VBGLR3DECL(int) VbglR3GuestCtrlMsgSkip(uint32_t idClient)
+{
+    if (vbglR3GuestCtrlSupportsPeekGetCancel(idClient))
+    {
+        VBGLIOCHGCMCALL Hdr;
+        VBGL_HGCM_HDR_INIT(&Hdr, idClient, GUEST_MSG_SKIP, 0);
+        return VbglR3HGCMCall(&Hdr, sizeof(Hdr));
+    }
+    /* This is generally better than nothing... */
+    return VbglR3GuestCtrlMsgSkipOld(idClient);
+}
 /**
 …
+ *
  * @return  IPRT status code.
  * @param   uClientId       The client ID returned by VbglR3GuestCtrlConnect().
  */
 VBGLR3DECL(int) VbglR3GuestCtrlMsgSkipOld(uint32_t uClientId)
+ * @param   idClient        The client ID returned by VbglR3GuestCtrlConnect().
+ */
+VBGLR3DECL(int) VbglR3GuestCtrlMsgSkipOld(uint32_t idClient)
+{
     HGCMMsgCmdSkip Msg;
     /* Tell the host we want to skip the current assigned command. */
     VBGL_HGCM_HDR_INIT(&Msg.hdr, uClientId, GUEST_MSG_SKIP_OLD, 1);
+    VBGL_HGCM_HDR_INIT(&Msg.hdr, idClient, GUEST_MSG_SKIP_OLD, 1);
     VbglHGCMParmUInt32Set(&Msg.flags, 0 /* Flags, unused */);
     return VbglR3HGCMCall(&Msg.hdr, sizeof(Msg));
 …
+ *
  * @returns VBox status code.
  * @param   uClientId     The client ID returned by VbglR3GuestCtrlConnect().
  */
 VBGLR3DECL(int) VbglR3GuestCtrlCancelPendingWaits(uint32_t uClientId)
+ * @param   idClient        The client ID returned by VbglR3GuestCtrlConnect().
+ */
+VBGLR3DECL(int) VbglR3GuestCtrlCancelPendingWaits(uint32_t idClient)
+{
     HGCMMsgCancelPendingWaits Msg;
     VBGL_HGCM_HDR_INIT(&Msg.hdr, uClientId, GUEST_MSG_CANCEL, 0);
+    VBGL_HGCM_HDR_INIT(&Msg.hdr, idClient, GUEST_MSG_CANCEL, 0);
     return VbglR3HGCMCall(&Msg.hdr, sizeof(Msg));
+}
+/**
+ * Prepares a session.
+ * @since   6.0
+ * @sa      GUEST_SESSION_PREPARE
+ */
+VBGLR3DECL(int) VbglR3GuestCtrlSessionPrepare(uint32_t idClient, uint32_t idSession, void const *pvKey, uint32_t cbKey)
+{
+    int rc;
+    do
+    {
+        struct
+        {
+            VBGLIOCHGCMCALL         Hdr;
+            HGCMFunctionParameter   idSession;
+            HGCMFunctionParameter   pKey;
+        } Msg;
+        VBGL_HGCM_HDR_INIT(&Msg.Hdr, idClient, GUEST_SESSION_PREPARE, 2);
+        VbglHGCMParmUInt32Set(&Msg.idSession, idSession);
+        VbglHGCMParmPtrSet(&Msg.pKey, (void *)pvKey, cbKey);
+        rc = VbglR3HGCMCall(&Msg.Hdr, sizeof(Msg));
+    } while (rc == VERR_INTERRUPTED);
+    return rc;
+}
+/**
+ * Accepts a session.
+ * @since   6.0
+ * @sa      GUEST_SESSION_ACCEPT
+ */
+VBGLR3DECL(int) VbglR3GuestCtrlSessionAccept(uint32_t idClient, uint32_t idSession, void const *pvKey, uint32_t cbKey)
+{
+    int rc;
+    do
+    {
+        struct
+        {
+            VBGLIOCHGCMCALL         Hdr;
+            HGCMFunctionParameter   idSession;
+            HGCMFunctionParameter   pKey;
+        } Msg;
+        VBGL_HGCM_HDR_INIT(&Msg.Hdr, idClient, GUEST_SESSION_ACCEPT, 2);
+        VbglHGCMParmUInt32Set(&Msg.idSession, idSession);
+        VbglHGCMParmPtrSet(&Msg.pKey, (void *)pvKey, cbKey);
+        rc = VbglR3HGCMCall(&Msg.Hdr, sizeof(Msg));
+    } while (rc == VERR_INTERRUPTED);
+    return rc;
+}
+/**
+ * Cancels a prepared session.
+ * @since   6.0
+ * @sa      GUEST_SESSION_CANCEL_PREPARED
+ */
+VBGLR3DECL(int) VbglR3GuestCtrlSessionCancelPrepared(uint32_t idClient, uint32_t idSession)
+{
+    int rc;
+    do
+    {
+        struct
+        {
+            VBGLIOCHGCMCALL         Hdr;
+            HGCMFunctionParameter   idSession;
+        } Msg;
+        VBGL_HGCM_HDR_INIT(&Msg.Hdr, idClient, GUEST_SESSION_CANCEL_PREPARED, 1);
+        VbglHGCMParmUInt32Set(&Msg.idSession, idSession);
+        rc = VbglR3HGCMCall(&Msg.Hdr, sizeof(Msg));
+    } while (rc == VERR_INTERRUPTED);
+    return rc;
+}
 …
 VBGLR3DECL(int) VbglR3GuestCtrlSessionNotify(PVBGLR3GUESTCTRLCMDCTX pCtx, uint32_t uType, uint32_t uResult)
+VBGLR3DECL(int) VbglR3GuestCtrlSessionNotify(PVBGLR3GUESTCTRLCMDCTX pCtx, uint32_t uType, int32_t iResult)
+{
     AssertPtrReturn(pCtx, VERR_INVALID_POINTER);
 …
     VbglHGCMParmUInt32Set(&Msg.context, pCtx->uContextID);
     VbglHGCMParmUInt32Set(&Msg.type, uType);
     VbglHGCMParmUInt32Set(&Msg.result, uResult);
+    VbglHGCMParmUInt32Set(&Msg.result, (uint32_t)iResult);
     return VbglR3HGCMCall(&Msg.hdr, sizeof(Msg));
 …
                 *pidSession = VBOX_GUESTCTRL_CONTEXTID_GET_SESSION(pCtx->uContextID);
+        }
+        /* Try get the context ID so we can inform the host about this message retrival failure. */
+        else if (Msg.context.u.value32 != HOST_SESSION_CREATE)
+            Msg.context.GetUInt32(&pCtx->uContextID);
     } while (rc == VERR_INTERRUPTED && g_fVbglR3GuestCtrlHavePeekGetCancel);
     return rc;
 …
         HGCMMsgProcOutput Msg;
         VBGL_HGCM_HDR_INIT(&Msg.hdr, pCtx->uClientID, vbglR3GuestCtrlGetMsgFunctionNo(pCtx->uClientID), pCtx->uNumParms);
         VbglHGCMParmUInt32Set(&Msg.context, 0);
+        VbglHGCMParmUInt32Set(&Msg.context, HOST_EXEC_GET_OUTPUT);
         VbglHGCMParmUInt32Set(&Msg.pid, 0);
         VbglHGCMParmUInt32Set(&Msg.handle, 0);

trunk/src/VBox/Additions/common/VBoxService/VBoxServiceControl.cpp

-              r75803
+              r75807
 static uint64_t             g_idControlSession;
 /** The guest control service client ID. */
 static uint32_t             g_idControlSvcClient = 0;
+uint32_t                    g_idControlSvcClient = 0;
 #if 0 /** @todo process limit */
 /** How many started guest processes are kept into memory for supplying
 …
  *  are kept in VBOXSERVICECTRLSESSIONTHREAD structures. */
 VBOXSERVICECTRLSESSION      g_Session;
+/** Copy of VbglR3GuestCtrlSupportsOptimizations().*/
+bool                        g_fControlSupportsOptimizations = true;
 …
     AssertRCReturn(rc, rc);
+    VbglR3GetSessionId(&g_idControlSession);
+    /* The status code is ignored as this information is not available with VBox < 3.2.10. */
+    VbglR3GetSessionId(&g_idControlSession); /* The status code is ignored as this information is not available with VBox < 3.2.10. */
+    RTListInit(&g_lstControlSessionThreads);
+    /*
+     * Try connect to the host service and tell it we want to be master (if supported).
+     */
+    rc = VbglR3GuestCtrlConnect(&g_idControlSvcClient);
     if (RT_SUCCESS(rc))
+        rc = VbglR3GuestCtrlConnect(&g_idControlSvcClient);
+    if (RT_SUCCESS(rc))
+    {
+        VGSvcVerbose(3, "Guest control service client ID=%RU32\n", g_idControlSvcClient);
+        /* Init session thread list. */
+        RTListInit(&g_lstControlSessionThreads);
+    {
+        g_fControlSupportsOptimizations = VbglR3GuestCtrlSupportsOptimizations(g_idControlSvcClient);
+        if (g_fControlSupportsOptimizations)
+            rc = VbglR3GuestCtrlMakeMeMaster(g_idControlSvcClient);
+        if (RT_SUCCESS(rc))
+        {
+            VGSvcVerbose(3, "Guest control service client ID=%RU32%s\n",
+                         g_idControlSvcClient, g_fControlSupportsOptimizations ? " w/ optimizations" : "");
+            return VINF_SUCCESS;
+        }
+        VGSvcError("Failed to become guest control master: %Rrc\n", rc);
+        VbglR3GuestCtrlDisconnect(g_idControlSvcClient);
+    }
     else
 …
         else
             VGSvcError("Failed to connect to the guest control service! Error: %Rrc\n", rc);
+        RTSemEventMultiDestroy(g_hControlEvent);
+        g_hControlEvent = NIL_RTSEMEVENTMULTI;
+    }
+    }
+    RTSemEventMultiDestroy(g_hControlEvent);
+    g_hControlEvent      = NIL_RTSEMEVENTMULTI;
+    g_idControlSvcClient = 0;
     return rc;
+}
 …
+{
     /*
+     * Tell the control thread that it can continue
+     * spawning services.
+     * Tell the control thread that it can continue spawning services.
      */
     RTThreadUserSignal(RTThreadSelf());
 …
     AssertReturn(pvScratchBuf, VERR_NO_MEMORY);
+    VBGLR3GUESTCTRLCMDCTX ctxHost = { g_idControlSvcClient };
+    /* Set default protocol version to 1. */
+    ctxHost.uProtocol = 1;
+    VBGLR3GUESTCTRLCMDCTX ctxHost = { g_idControlSvcClient, 0 /*idContext*/, 2 /*uProtocol*/, 0  /*cParms*/ };
     int rc = VINF_SUCCESS;      /* (shut up compiler warnings) */
 …
                     break;
+                /* This message is also sent to the child session process (by the host). */
                 case HOST_SESSION_CLOSE:
                     rc = vgsvcGstCtrlHandleSessionClose(&ctxHost);
 …
                 default:
+                {
+                    /*
+                     * Protocol v1 did not have support for (dedicated)
+                     * guest sessions, so all actions need to be performed
+                     * under behalf of VBoxService's main executable.
+                     *
+                     * The global session object then acts as a host for all
+                     * started guest processes which bring all their
+                     * credentials with them with the actual guest process
+                     * execution call.
+                     */
+                    if (ctxHost.uProtocol == 1)
+                        rc = VGSvcGstCtrlSessionHandler(&g_Session, idMsg, &ctxHost, pvScratchBuf, cbScratchBuf, pfShutdown);
+                    if (VbglR3GuestCtrlSupportsOptimizations(g_idControlSvcClient))
+                    {
+                        rc = VbglR3GuestCtrlMsgSkip(g_idControlSvcClient);
+                        VGSvcVerbose(1, "Skipped unexpected message idMsg=%RU32 (%s), cParms=%RU32 (rc=%Rrc)\n",
+                                     idMsg, GstCtrlHostFnName((eHostFn)idMsg), cParms, rc);
+                    }
                     else
+                    {
-                        /*
-                         * ... on newer protocols handling all other commands is
-                         * up to the guest session fork of VBoxService, so just
-                         * skip all not wanted messages here.
-                         */
                         rc = VbglR3GuestCtrlMsgSkipOld(g_idControlSvcClient);
                         VGSvcVerbose(3, "Skipping idMsg=%RU32, cParms=%RU32, rc=%Rrc\n", idMsg, cParms, rc);
+                        VGSvcVerbose(3, "Skipped idMsg=%RU32, cParms=%RU32, rc=%Rrc\n", idMsg, cParms, rc);
+                    }
                     break;
+                }
+            }
 …
     AssertPtrReturn(pHostCtx, VERR_INVALID_POINTER);
+    /*
+     * Retrieve the message parameters.
+     */
     VBOXSERVICECTRLSESSIONSTARTUPINFO ssInfo = { 0 };
     int rc = VbglR3GuestCtrlSessionGetOpen(pHostCtx,
 …
     if (RT_SUCCESS(rc))
+    {
+        /* The session open call has the protocol version the host
+         * wants to use. So update the current protocol version with the one the
+         * host wants to use in subsequent calls. */
+        pHostCtx->uProtocol = ssInfo.uProtocol;
+        VGSvcVerbose(3, "Client ID=%RU32 now is using protocol %RU32\n", pHostCtx->uClientID, pHostCtx->uProtocol);
+        rc = VGSvcGstCtrlSessionThreadCreate(&g_lstControlSessionThreads, &ssInfo, NULL /* ppSessionThread */);
+    }
+    if (RT_FAILURE(rc))
+    {
+        /* Report back on failure. On success this will be done
+         * by the forked session thread. */
+        int rc2 = VbglR3GuestCtrlSessionNotify(pHostCtx, GUEST_SESSION_NOTIFYTYPE_ERROR, rc /* uint32_t vs. int */);
+        if (RT_FAILURE(rc2))
+            VGSvcError("Reporting session error status on open failed with rc=%Rrc\n", rc2);
+    }
+        /*
+         * Flat out refuse to work with protocol v1 hosts.
+         */
+        if (ssInfo.uProtocol == 2)
+        {
+            pHostCtx->uProtocol = ssInfo.uProtocol;
+            VGSvcVerbose(3, "Client ID=%RU32 now is using protocol %RU32\n", pHostCtx->uClientID, pHostCtx->uProtocol);
+/** @todo Someone explain why this code isn't in this file too?  v1 support? */
+            rc = VGSvcGstCtrlSessionThreadCreate(&g_lstControlSessionThreads, &ssInfo, NULL /* ppSessionThread */);
+            /* Report failures to the host (successes are taken care of by the session thread). */
+        }
+        else
+        {
+            VGSvcError("The host wants to use protocol v%u, we only support v2!\n", ssInfo.uProtocol);
+            rc = VERR_VERSION_MISMATCH;
+        }
+        if (RT_FAILURE(rc))
+        {
+            int rc2 = VbglR3GuestCtrlSessionNotify(pHostCtx, GUEST_SESSION_NOTIFYTYPE_ERROR, rc);
+            if (RT_FAILURE(rc2))
+                VGSvcError("Reporting session error status on open failed with rc=%Rrc\n", rc2);
+        }
+    }
+    /*
+     * If we cannot retrieve the message, make sure to skip the command.
+     *
+     * Note! If we totally failed to get any valid context ID, the host will
+     *       not see the notification and be stuck till it times out.
+     */
+    else
+    {
+        VGSvcError("Error fetching guest session parameters: %Rrc\n", rc);
+        VbglR3GuestCtrlSessionNotify(pHostCtx, GUEST_SESSION_NOTIFYTYPE_ERROR, rc);
+        VbglR3GuestCtrlMsgSkip(pHostCtx->uClientID);
+    }
     VGSvcVerbose(3, "Opening a new guest session returned rc=%Rrc\n", rc);
     return rc;

trunk/src/VBox/Additions/common/VBoxService/VBoxServiceControl.h

-              r70390
+              r75807
     RTLISTNODE                      Node;
     /** The sessions's startup info. */
+    VBOXSERVICECTRLSESSIONSTARTUPINFO
+                                    StartupInfo;
+    VBOXSERVICECTRLSESSIONSTARTUPINFO StartupInfo;
+    /** Critical section for thread-safe use. */
+    RTCRITSECT                      CritSect;
     /** The worker thread. */
     RTTHREAD                        Thread;
-    /** Critical section for thread-safe use. */
-    RTCRITSECT                      CritSect;
     /** Process handle for forked child. */
     RTPROCESS                       hProcess;
 …
     RTPIPE                          hNotificationPipeR;
 #endif
+    /** Pipe for handing the secret key to the session process. */
+    RTPIPE                          hKeyPipe;
+    /** Secret key. */
+    uint8_t                         abKey[_4K];
 } VBOXSERVICECTRLSESSIONTHREAD;
 /** Pointer to thread data. */
 …
 extern RTLISTANCHOR             g_lstControlSessionThreads;
 extern VBOXSERVICECTRLSESSION   g_Session;
+extern uint32_t                 g_idControlSvcClient;
+extern bool                     g_fControlSupportsOptimizations;

trunk/src/VBox/Additions/common/VBoxService/VBoxServiceControlProcess.cpp

-              r70390
+              r75807
                  pProcess->StartupInfo.szCmd, pProcess->uClientID, pProcess->StartupInfo.uFlags);
+    /* The process thread is not interested in receiving any commands;
+     * tell the host service. */
+    rc = VbglR3GuestCtrlMsgFilterSet(pProcess->uClientID, 0 /* Skip all */,
+/* Filter mask to add */, 0 /* Filter mask to remove */);
+    if (RT_FAILURE(rc))
+    {
+        VGSvcError("Unable to set message filter, rc=%Rrc\n", rc);
+        /* Non-critical. */
+    /* Legacy setting: */
+    if (!VbglR3GuestCtrlSupportsOptimizations(pProcess->uClientID))
+    {
+        rc = VbglR3GuestCtrlMsgFilterSet(pProcess->uClientID, 0 /* Skip all */,
+/* Filter mask to add */, 0 /* Filter mask to remove */);
+        if (RT_FAILURE(rc))
+            VGSvcError("Unable to set message filter, rc=%Rrc\n", rc); /* Non-critical. */
+    }

trunk/src/VBox/Additions/common/VBoxService/VBoxServiceControlSession.cpp

-              r75798
+              r75807
 #include <iprt/poll.h>
 #include <iprt/process.h>
+#include <iprt/rand.h>
 #include "VBoxServiceInternal.h"
 …
 /**
  * Thread main routine for a spawned guest session process.
+ *
  * This thread runs in the main executable to control the spawned session process.
+ *
 …
     AssertPtrReturn(pThread, VERR_INVALID_POINTER);
+    uint32_t uSessionID = pThread->StartupInfo.uSessionID;
+    uint32_t idClient;
+    int rc = VbglR3GuestCtrlConnect(&idClient);
+    if (RT_SUCCESS(rc))
+    {
+        VGSvcVerbose(3, "Session ID=%RU32 thread running, client ID=%RU32\n", uSessionID, idClient);
+        /* The session thread is not interested in receiving any commands;
+         * tell the host service. */
+        rc = VbglR3GuestCtrlMsgFilterSet(idClient, 0 /* Skip all */, 0 /* Filter mask to add */, 0 /* Filter mask to remove */);
+        if (RT_FAILURE(rc))
+        {
+            VGSvcError("Unable to set message filter, rc=%Rrc\n", rc);
+            /* Non-critical. */
+            rc = VINF_SUCCESS;
+        }
+    }
+    else
+        VGSvcError("Error connecting to guest control service, rc=%Rrc\n", rc);
+    if (RT_FAILURE(rc))
+        pThread->fShutdown = true;
+    uint32_t const idSession = pThread->StartupInfo.uSessionID;
+    uint32_t const idClient  = g_idControlSvcClient;
+    VGSvcVerbose(3, "Session ID=%RU32 thread running\n", idSession);
     /* Let caller know that we're done initializing, regardless of the result. */
 …
     AssertRC(rc2);
     if (RT_FAILURE(rc))
         return rc;
     bool fProcessAlive = true;
     RTPROCSTATUS ProcessStatus;
     RT_ZERO(ProcessStatus);
     int rcWait;
     uint32_t uTimeoutsMS = 30 * 1000; /** @todo Make this configurable. Later. */
     uint64_t u64TimeoutStart = 0;
+    /*
+     * Wait for the child process to stop or the shutdown flag to be signalled.
+     */
+    RTPROCSTATUS    ProcessStatus       = { 0, RTPROCEXITREASON_NORMAL };
+    bool            fProcessAlive       = true;
+    bool            fSessionCancelled   = VbglR3GuestCtrlSupportsOptimizations(g_idControlSvcClient);
+    uint32_t        cMsShutdownTimeout  = 30 * 1000; /** @todo Make this configurable. Later. */
+    uint64_t        msShutdownStart     = 0;
+    uint64_t const  msStart             = RTTimeMilliTS();
+    size_t          offSecretKey        = 0;
+    int             rcWait;
     for (;;)
+    {
+        /* Secret key feeding. */
+        if (offSecretKey < sizeof(pThread->abKey))
+        {
+            size_t cbWritten = 0;
+            rc2 = RTPipeWrite(pThread->hKeyPipe, &pThread->abKey[offSecretKey], sizeof(pThread->abKey) - offSecretKey, &cbWritten);
+            if (RT_SUCCESS(rc2))
+                offSecretKey += cbWritten;
+        }
+        /* Poll child process status. */
         rcWait = RTProcWaitNoResume(pThread->hProcess, RTPROCWAIT_FLAGS_NOBLOCK, &ProcessStatus);
         if (   rcWait == VINF_SUCCESS
 …
                        ("Got unexpected rc=%Rrc while waiting for session process termination\n", rcWait));
+        /* Shutting down? */
         if (ASMAtomicReadBool(&pThread->fShutdown))
+        {
             if (!u64TimeoutStart)
+            if (!msShutdownStart)
+            {
                 VGSvcVerbose(3, "Notifying guest session process (PID=%RU32, session ID=%RU32) ...\n",
                              pThread->hProcess, uSessionID);
+                             pThread->hProcess, idSession);
                 VBGLR3GUESTCTRLCMDCTX hostCtx =
+                {
                     /* .idClient  = */  idClient,
                     /* .idContext = */  VBOX_GUESTCTRL_CONTEXTID_MAKE_SESSION(uSessionID),
+                    /* .idContext = */  VBOX_GUESTCTRL_CONTEXTID_MAKE_SESSION(idSession),
                     /* .uProtocol = */  pThread->StartupInfo.uProtocol,
                     /* .cParams   = */  2
                 };
                 rc = VbglR3GuestCtrlSessionClose(&hostCtx, 0 /* fFlags */);
                 if (RT_FAILURE(rc))
+                rc2 = VbglR3GuestCtrlSessionClose(&hostCtx, 0 /* fFlags */);
+                if (RT_FAILURE(rc2))
+                {
                     VGSvcError("Unable to notify guest session process (PID=%RU32, session ID=%RU32), rc=%Rrc\n",
                                pThread->hProcess, uSessionID, rc);
                     if (rc == VERR_NOT_SUPPORTED)
+                               pThread->hProcess, idSession, rc2);
+                    if (rc2 == VERR_NOT_SUPPORTED)
+                    {
                         /* Terminate guest session process in case it's not supported by a too old host. */
                         rc = RTProcTerminate(pThread->hProcess);
+                        rc2 = RTProcTerminate(pThread->hProcess);
                         VGSvcVerbose(3, "Terminating guest session process (PID=%RU32) ended with rc=%Rrc\n",
                                      pThread->hProcess, rc);
+                                     pThread->hProcess, rc2);
+                    }
                     break;
+                }
                 VGSvcVerbose(3, "Guest session ID=%RU32 thread was asked to terminate, waiting for session process to exit (%RU32ms timeout) ...\n",
                              uSessionID, uTimeoutsMS);
                 u64TimeoutStart = RTTimeMilliTS();
+                VGSvcVerbose(3, "Guest session ID=%RU32 thread was asked to terminate, waiting for session process to exit (%RU32 ms timeout) ...\n",
+                             idSession, cMsShutdownTimeout);
+                msShutdownStart = RTTimeMilliTS();
                 continue; /* Don't waste time on waiting. */
+            }
             if (RTTimeMilliTS() - u64TimeoutStart > uTimeoutsMS)
+            if (RTTimeMilliTS() - msShutdownStart > cMsShutdownTimeout)
+            {
                  VGSvcVerbose(3, "Guest session ID=%RU32 process did not shut down within time\n", uSessionID);
+                 VGSvcVerbose(3, "Guest session ID=%RU32 process did not shut down within time\n", idSession);
                  break;
+            }
+        }
+        /* Cancel the prepared session stuff after 30 seconds. */
+        if (  !fSessionCancelled
+            && RTTimeMilliTS() - msStart >= 30000)
+        {
+            VbglR3GuestCtrlSessionCancelPrepared(g_idControlSvcClient, idSession);
+            fSessionCancelled = true;
+        }
+/** @todo r=bird: This 100ms sleep is _extremely_ sucky! */
         RTThreadSleep(100); /* Wait a bit. */
+    }
+    if (!fSessionCancelled)
+        VbglR3GuestCtrlSessionCancelPrepared(g_idControlSvcClient, idSession);
     if (!fProcessAlive)
+    {
         VGSvcVerbose(2, "Guest session process (ID=%RU32) terminated with rc=%Rrc, reason=%d, status=%d\n",
                      uSessionID, rcWait, ProcessStatus.enmReason, ProcessStatus.iStatus);
+                     idSession, rcWait, ProcessStatus.enmReason, ProcessStatus.iStatus);
         if (ProcessStatus.iStatus == RTEXITCODE_INIT)
+        {
             VGSvcError("Guest session process (ID=%RU32) failed to initialize. Here some hints:\n", uSessionID);
+            VGSvcError("Guest session process (ID=%RU32) failed to initialize. Here some hints:\n", idSession);
             VGSvcError("- Is logging enabled and the output directory is read-only by the guest session user?\n");
             /** @todo Add more here. */
 …
         for (int i = 0; i < 3; i++)
+        {
             VGSvcVerbose(2, "Guest session ID=%RU32 process still alive, killing attempt %d/3\n", uSessionID, i + 1);
             rc = RTProcTerminate(pThread->hProcess);
             if (RT_SUCCESS(rc))
+            VGSvcVerbose(2, "Guest session ID=%RU32 process still alive, killing attempt %d/3\n", idSession, i + 1);
+            rc2 = RTProcTerminate(pThread->hProcess);
+            if (RT_SUCCESS(rc2))
                 break;
             /** @todo r=bird: What's the point of sleeping 3 second after the last attempt? */
 …
+        }
+        VGSvcVerbose(2, "Guest session ID=%RU32 process termination resulted in rc=%Rrc\n", uSessionID, rc);
+        uSessionStatus = RT_SUCCESS(rc) ? GUEST_SESSION_NOTIFYTYPE_TOK : GUEST_SESSION_NOTIFYTYPE_TOA;
+        VGSvcVerbose(2, "Guest session ID=%RU32 process termination resulted in rc=%Rrc\n", idSession, rc2);
+        uSessionStatus = RT_SUCCESS(rc2) ? GUEST_SESSION_NOTIFYTYPE_TOK : GUEST_SESSION_NOTIFYTYPE_TOA;
+    }
     else if (RT_SUCCESS(rcWait))
 …
     else
+    {
+        /* If we didn't find the guest process anymore, just assume it
+         * terminated normally. */
+        /* If we didn't find the guest process anymore, just assume it terminated normally. */
         uSessionStatus = GUEST_SESSION_NOTIFYTYPE_TEN;
+    }
     VGSvcVerbose(3, "Guest session ID=%RU32 thread ended with sessionStatus=%RU32, sessionRc=%Rrc\n",
+                 uSessionID, uSessionStatus, uSessionRc);
+    /* Report final status. */
+                 idSession, uSessionStatus, uSessionRc);
+    /*
+     * Report final status.
+     */
     Assert(uSessionStatus != GUEST_SESSION_NOTIFYTYPE_UNDEFINED);
     VBGLR3GUESTCTRLCMDCTX ctx = { idClient, VBOX_GUESTCTRL_CONTEXTID_MAKE_SESSION(uSessionID) };
+    VBGLR3GUESTCTRLCMDCTX ctx = { idClient, VBOX_GUESTCTRL_CONTEXTID_MAKE_SESSION(idSession) };
     rc2 = VbglR3GuestCtrlSessionNotify(&ctx, uSessionStatus, uSessionRc);
     if (RT_FAILURE(rc2))
+        VGSvcError("Reporting session ID=%RU32 final status failed with rc=%Rrc\n", uSessionID, rc2);
+    VbglR3GuestCtrlDisconnect(idClient);
+    VGSvcVerbose(3, "Session ID=%RU32 thread ended with rc=%Rrc\n", uSessionID, rc);
+    return rc;
+}
+        VGSvcError("Reporting session ID=%RU32 final status failed with rc=%Rrc\n", idSession, rc2);
+    VGSvcVerbose(3, "Session ID=%RU32 thread ending\n", idSession);
+    return VINF_SUCCESS;
+}
+/**
+ * Reads the secret key the parent VBoxService instance passed us and pass it
+ * along as a authentication token to the host service.
+ *
+ * For older hosts, this sets up the message filtering.
+ *
+ * @returns VBox status code.
+ * @param   idClient        The HGCM client ID.
+ * @param   idSession       The session ID.
+ */
+static int vgsvcGstCtrlSessionReadKeyAndAccept(uint32_t idClient, uint32_t idSession)
+{
+    /*
+     * Read it.
+     */
+    RTHANDLE Handle;
+    int rc = RTHandleGetStandard(RTHANDLESTD_INPUT, &Handle);
+    if (RT_SUCCESS(rc))
+    {
+        if (Handle.enmType == RTHANDLETYPE_PIPE)
+        {
+            uint8_t abSecretKey[RT_SIZEOFMEMB(VBOXSERVICECTRLSESSIONTHREAD, abKey)];
+            rc = RTPipeReadBlocking(Handle.u.hPipe, abSecretKey, sizeof(abSecretKey), NULL);
+            if (RT_SUCCESS(rc))
+            {
+                VGSvcVerbose(3, "Got secret key from standard input.\n");
+                /*
+                 * Do the accepting, if appropriate.
+                 */
+                if (g_fControlSupportsOptimizations)
+                {
+                    rc = VbglR3GuestCtrlSessionAccept(idClient, idSession, abSecretKey, sizeof(abSecretKey));
+                    if (RT_SUCCESS(rc))
+                        VGSvcVerbose(3, "Session %u accepted\n");
+                    else
+                        VGSvcError("Failed to accept session: %Rrc\n", rc);
+                }
+                else
+                {
+                    /* For legacy hosts, we do the filtering thingy. */
+                    rc = VbglR3GuestCtrlMsgFilterSet(idClient, VBOX_GUESTCTRL_CONTEXTID_MAKE_SESSION(idSession),
+                                                     VBOX_GUESTCTRL_FILTER_BY_SESSION(idSession), 0);
+                    if (RT_SUCCESS(rc))
+                        VGSvcVerbose(3, "Session %u filtering successfully enabled\n");
+                    else
+                        VGSvcError("Failed to set session filter: %Rrc\n", rc);
+                }
+            }
+            else
+                VGSvcError("Error reading secret key from standard input: %Rrc\n", rc);
+        }
+        else
+        {
+            VGSvcError("Standard input is not a pipe!\n");
+            rc = VERR_INVALID_HANDLE;
+        }
+        RTHandleClose(&Handle);
+    }
+    else
+        VGSvcError("RTHandleGetStandard failed on standard input: %Rrc\n", rc);
+    return rc;
+}
 /**
 …
     if (RT_FAILURE(rc))
         return VGSvcError("Error connecting to guest control service, rc=%Rrc\n", rc);
+    /*
+     * Set session filter. This prevents the guest control host service from
+     * sending messages which belong to another session we don't want to handle.
+     *
+     * Note! Earlier versions of this code would issue GUEST_SESSION_NOTIFYTYPE_STARTED
+     *       even if this failed, then shutdown after that.  Since there was no
+     *       comments explain why, I (bird) assume is was an unintentional glitch.
+     *
+     * Note! There was also a fSessionFilter being set on VERR_NOT_SUPPORTED here
+     *       but since it wasn't used, I assume it was just a leftover from some
+     *       earlier workaround for host behaviour/whatever...
+     */
+/** @todo r=bird: Unless the host is filtering out everything by default, there
+ * is a ugly race here between the client masking unwanted messages and the host
+ * pushing more messages to the clients.  We could in theory end up with someone
+ * elses' messages as the first ones.  Too late to require a VbglR3GuestCtrlMsgFilterSet
+ * call by all clients, which is what would've made sense...  I guess
+ * VbglR3GuestCtrlSessionNotify can't be used as a green-light for sending messages
+ * either. */
+    uint32_t uFilterAdd = VBOX_GUESTCTRL_FILTER_BY_SESSION(pSession->StartupInfo.uSessionID);
+    rc = VbglR3GuestCtrlMsgFilterSet(idClient,
+                                     VBOX_GUESTCTRL_CONTEXTID_MAKE_SESSION(pSession->StartupInfo.uSessionID),
+                                     uFilterAdd, 0 /* Filter remove */);
+    VGSvcVerbose(3, "Setting message filterAdd=0x%x returned %Rrc\n", uFilterAdd, rc);
+    if (   RT_SUCCESS(rc)
+        || rc == VERR_NOT_SUPPORTED /* No session filter available. Ignore. */ )
+    g_fControlSupportsOptimizations = VbglR3GuestCtrlSupportsOptimizations(idClient);
+    rc = vgsvcGstCtrlSessionReadKeyAndAccept(idClient, pSession->StartupInfo.uSessionID);
+    if (RT_SUCCESS(rc))
+    {
         VGSvcVerbose(1, "Using client ID=%RU32\n", idClient);
 …
                     uint32_t cParms = 0;
                     rc = VbglR3GuestCtrlMsgPeekWait(idClient, &uMsg, &cParms);
+                    if (   RT_SUCCESS(rc)
+                        || rc == VERR_TOO_MUCH_DATA)
+                    if (RT_SUCCESS(rc))
+                    {
                         VGSvcVerbose(4, "Msg=%RU32 (%RU32 parms) retrieved (%Rrc)\n", uMsg, cParms, rc);
 …
  * Creates the process for a guest session.
+ *
+ *
  * @return  VBox status code.
  * @param   pSessionStartupInfo     Session startup info.
 …
      * Start by assembling the argument list.
      */
-    int  rc = VINF_SUCCESS;
     char szExeName[RTPATH_MAX];
     char *pszExeName = RTProcGetExecutablePath(szExeName, sizeof(szExeName));
     if (pszExeName)
+    {
         char szParmSessionID[32];
         RTStrPrintf(szParmSessionID, sizeof(szParmSessionID), "--session-id=%RU32", pSessionThread->StartupInfo.uSessionID);
         char szParmSessionProto[32];
         RTStrPrintf(szParmSessionProto, sizeof(szParmSessionProto), "--session-proto=%RU32",
                     pSessionThread->StartupInfo.uProtocol);
+    AssertReturn(pszExeName, VERR_FILENAME_TOO_LONG);
+    char szParmSessionID[32];
+    RTStrPrintf(szParmSessionID, sizeof(szParmSessionID), "--session-id=%RU32", pSessionThread->StartupInfo.uSessionID);
+    char szParmSessionProto[32];
+    RTStrPrintf(szParmSessionProto, sizeof(szParmSessionProto), "--session-proto=%RU32",
+                pSessionThread->StartupInfo.uProtocol);
 #ifdef DEBUG
         char szParmThreadId[32];
         RTStrPrintf(szParmThreadId, sizeof(szParmThreadId), "--thread-id=%RU32", uCtrlSessionThread);
 #endif
         unsigned    idxArg = 0; /* Next index in argument vector. */
         char const *apszArgs[24];
         apszArgs[idxArg++] = pszExeName;
         apszArgs[idxArg++] = "guestsession";
         apszArgs[idxArg++] = szParmSessionID;
         apszArgs[idxArg++] = szParmSessionProto;
+    char szParmThreadId[32];
+    RTStrPrintf(szParmThreadId, sizeof(szParmThreadId), "--thread-id=%RU32", uCtrlSessionThread);
+#endif
+    unsigned    idxArg = 0; /* Next index in argument vector. */
+    char const *apszArgs[24];
+    apszArgs[idxArg++] = pszExeName;
+    apszArgs[idxArg++] = "guestsession";
+    apszArgs[idxArg++] = szParmSessionID;
+    apszArgs[idxArg++] = szParmSessionProto;
 #ifdef DEBUG
+        apszArgs[idxArg++] = szParmThreadId;
+#endif
+        if (!fAnonymous) /* Do we need to pass a user name? */
+        {
+            apszArgs[idxArg++] = "--user";
+            apszArgs[idxArg++] = pSessionThread->StartupInfo.szUser;
+            if (strlen(pSessionThread->StartupInfo.szDomain))
+    apszArgs[idxArg++] = szParmThreadId;
+#endif
+    if (!fAnonymous) /* Do we need to pass a user name? */
+    {
+        apszArgs[idxArg++] = "--user";
+        apszArgs[idxArg++] = pSessionThread->StartupInfo.szUser;
+        if (strlen(pSessionThread->StartupInfo.szDomain))
+        {
+            apszArgs[idxArg++] = "--domain";
+            apszArgs[idxArg++] = pSessionThread->StartupInfo.szDomain;
+        }
+    }
+    /* Add same verbose flags as parent process. */
+    char szParmVerbose[32];
+    if (g_cVerbosity > 0)
+    {
+        unsigned cVs = RT_MIN(g_cVerbosity, RT_ELEMENTS(szParmVerbose) - 2);
+        szParmVerbose[0] = '-';
+        memset(&szParmVerbose[1], 'v', cVs);
+        szParmVerbose[1 + cVs] = '\0';
+        apszArgs[idxArg++] = szParmVerbose;
+    }
+    /* Add log file handling. Each session will have an own
+     * log file, naming based on the parent log file. */
+    char szParmLogFile[sizeof(g_szLogFile) + 128];
+    if (g_szLogFile[0])
+    {
+        const char *pszSuffix = RTPathSuffix(g_szLogFile);
+        if (!pszSuffix)
+            pszSuffix = strchr(g_szLogFile, '\0');
+        size_t cchBase = pszSuffix - g_szLogFile;
+#ifndef DEBUG
+        RTStrPrintf(szParmLogFile, sizeof(szParmLogFile), "%.*s-%RU32-%s%s",
+                    cchBase, g_szLogFile, pSessionStartupInfo->uSessionID, pSessionStartupInfo->szUser, pszSuffix);
+#else
+        RTStrPrintf(szParmLogFile, sizeof(szParmLogFile), "%.*s-%RU32-%RU32-%s%s",
+                    cchBase, g_szLogFile, pSessionStartupInfo->uSessionID, uCtrlSessionThread,
+                    pSessionStartupInfo->szUser, pszSuffix);
+#endif
+        apszArgs[idxArg++] = "--logfile";
+        apszArgs[idxArg++] = szParmLogFile;
+    }
+#ifdef DEBUG
+    if (g_Session.fFlags & VBOXSERVICECTRLSESSION_FLAG_DUMPSTDOUT)
+        apszArgs[idxArg++] = "--dump-stdout";
+    if (g_Session.fFlags & VBOXSERVICECTRLSESSION_FLAG_DUMPSTDERR)
+        apszArgs[idxArg++] = "--dump-stderr";
+#endif
+    apszArgs[idxArg] = NULL;
+    Assert(idxArg < RT_ELEMENTS(apszArgs));
+    if (g_cVerbosity > 3)
+    {
+        VGSvcVerbose(4, "Spawning parameters:\n");
+        for (idxArg = 0; apszArgs[idxArg]; idxArg++)
+            VGSvcVerbose(4, "\t%s\n", apszArgs[idxArg]);
+    }
+    /*
+     * Flags.
+     */
+    uint32_t const fProcCreate = RTPROC_FLAGS_PROFILE
+#ifdef RT_OS_WINDOWS
+                               | RTPROC_FLAGS_SERVICE
+                               | RTPROC_FLAGS_HIDDEN
+#endif
+                               ;
+    /*
+     * Configure standard handles.
+     */
+    RTHANDLE hStdIn;
+    int rc = RTPipeCreate(&hStdIn.u.hPipe, &pSessionThread->hKeyPipe, RTPIPE_C_INHERIT_READ);
+    if (RT_SUCCESS(rc))
+    {
+        hStdIn.enmType = RTHANDLETYPE_PIPE;
+        RTHANDLE hStdOutAndErr;
+        rc = RTFileOpenBitBucket(&hStdOutAndErr.u.hFile, RTFILE_O_WRITE);
+        if (RT_SUCCESS(rc))
+        {
+            hStdOutAndErr.enmType = RTHANDLETYPE_FILE;
+            /*
+             * Windows: If a domain name is given, construct an UPN (User Principle Name)
+             *          with the domain name built-in, e.g. "[email protected]".
+             */
+            const char *pszUser    = pSessionThread->StartupInfo.szUser;
+#ifdef RT_OS_WINDOWS
+            char       *pszUserUPN = NULL;
+            if (pSessionThread->StartupInfo.szDomain[0])
+            {
+                apszArgs[idxArg++] = "--domain";
+                apszArgs[idxArg++] = pSessionThread->StartupInfo.szDomain;
+                int cchbUserUPN = RTStrAPrintf(&pszUserUPN, "%s@%s",
+                                               pSessionThread->StartupInfo.szUser,
+                                               pSessionThread->StartupInfo.szDomain);
+                if (cchbUserUPN > 0)
+                {
+                    pszUser = pszUserUPN;
+                    VGSvcVerbose(3, "Using UPN: %s\n", pszUserUPN);
+                }
+                else
+                    rc = VERR_NO_STR_MEMORY;
+            }
+        }
-        /* Add same verbose flags as parent process. */
-        char szParmVerbose[32];
-        if (g_cVerbosity > 0)
+        {
-            unsigned cVs = RT_MIN(g_cVerbosity, RT_ELEMENTS(szParmVerbose) - 2);
-            szParmVerbose[0] = '-';
-            memset(&szParmVerbose[1], 'v', cVs);
-            szParmVerbose[1 + cVs] = '\0';
-            apszArgs[idxArg++] = szParmVerbose;
+        }
-        /* Add log file handling. Each session will have an own
-         * log file, naming based on the parent log file. */
-        char szParmLogFile[sizeof(g_szLogFile) + 128];
-        if (g_szLogFile[0])
+        {
-            const char *pszSuffix = RTPathSuffix(g_szLogFile);
-            if (!pszSuffix)
-                pszSuffix = strchr(g_szLogFile, '\0');
-            size_t cchBase = pszSuffix - g_szLogFile;
-#ifndef DEBUG
-            RTStrPrintf(szParmLogFile, sizeof(szParmLogFile), "%.*s-%RU32-%s%s",
-                        cchBase, g_szLogFile, pSessionStartupInfo->uSessionID, pSessionStartupInfo->szUser, pszSuffix);
-#else
-            RTStrPrintf(szParmLogFile, sizeof(szParmLogFile), "%.*s-%RU32-%RU32-%s%s",
-                        cchBase, g_szLogFile, pSessionStartupInfo->uSessionID, uCtrlSessionThread,
-                        pSessionStartupInfo->szUser, pszSuffix);
-#endif
-            apszArgs[idxArg++] = "--logfile";
-            apszArgs[idxArg++] = szParmLogFile;
+        }
-#ifdef DEBUG
-        VGSvcVerbose(4, "Argv building rc=%Rrc, session flags=%x\n", rc, g_Session.fFlags);
-        if (RT_SUCCESS(rc))
+        {
-            if (g_Session.fFlags & VBOXSERVICECTRLSESSION_FLAG_DUMPSTDOUT)
-                apszArgs[idxArg++] = "--dump-stdout";
-            if (g_Session.fFlags & VBOXSERVICECTRLSESSION_FLAG_DUMPSTDERR)
-                apszArgs[idxArg++] = "--dump-stderr";
+        }
-#endif
-        apszArgs[idxArg] = NULL;
-        Assert(idxArg < RT_ELEMENTS(apszArgs));
-        if (g_cVerbosity > 3)
+        {
-            VGSvcVerbose(4, "Spawning parameters:\n");
-            for (idxArg = 0; apszArgs[idxArg]; idxArg++)
-                VGSvcVerbose(4, "\t%s\n", apszArgs[idxArg]);
+        }
-        /*
-         * Configure standard handles and finally create the process.
-         */
-        uint32_t fProcCreate = RTPROC_FLAGS_PROFILE;
-#ifdef RT_OS_WINDOWS /* Windows only flags: */
-        fProcCreate         |= RTPROC_FLAGS_SERVICE
-                            |  RTPROC_FLAGS_HIDDEN;       /** @todo More flags from startup info? */
-#endif
-#if 0 /* Pipe handling not needed (yet). */
-        /* Setup pipes. */
-        rc = GstcntlProcessSetupPipe("|", 0 /*STDIN_FILENO*/,
-                                     &pSession->StdIn.hChild, &pSession->StdIn.phChild, &pSession->hStdInW);
-        if (RT_SUCCESS(rc))
+        {
-            rc = GstcntlProcessSetupPipe("|", 1 /*STDOUT_FILENO*/,
-                                         &pSession->StdOut.hChild, &pSession->StdOut.phChild, &pSession->hStdOutR);
             if (RT_SUCCESS(rc))
+#endif
+            {
+                rc = GstcntlProcessSetupPipe("|", 2 /*STDERR_FILENO*/,
+                                             &pSession->StdErr.hChild, &pSession->StdErr.phChild, &pSession->hStdErrR);
+                if (RT_SUCCESS(rc))
+                {
+                    rc = RTPollSetCreate(&pSession->hPollSet);
+                    if (RT_SUCCESS(rc))
+                        rc = RTPollSetAddPipe(pSession->hPollSet, pSession->hStdInW, RTPOLL_EVT_ERROR,
+                                              VBOXSERVICECTRLPIPEID_STDIN);
+                    if (RT_SUCCESS(rc))
+                        rc = RTPollSetAddPipe(pSession->hPollSet, pSession->hStdOutR, RTPOLL_EVT_READ | RTPOLL_EVT_ERROR,
+                                              VBOXSERVICECTRLPIPEID_STDOUT);
+                    if (RT_SUCCESS(rc))
+                        rc = RTPollSetAddPipe(pSession->hPollSet, pSession->hStdErrR, RTPOLL_EVT_READ | RTPOLL_EVT_ERROR,
+                                              VBOXSERVICECTRLPIPEID_STDERR);
+                }
+                if (RT_SUCCESS(rc))
+                    rc = RTProcCreateEx(pszExeName, apszArgs, hEnv, fProcCreate,
+                                        pSession->StdIn.phChild, pSession->StdOut.phChild, pSession->StdErr.phChild,
+                                        !fAnonymous ? pSession->StartupInfo.szUser : NULL,
+                                        !fAnonymous ? pSession->StartupInfo.szPassword : NULL,
+                                        &pSession->hProcess);
+                if (RT_SUCCESS(rc))
+                {
+                    /*
+                     * Close the child ends of any pipes and redirected files.
+                     */
+                    int rc2 = RTHandleClose(pSession->StdIn.phChild); AssertRC(rc2);
+                    pSession->StdIn.phChild     = NULL;
+                    rc2 = RTHandleClose(pSession->StdOut.phChild);    AssertRC(rc2);
+                    pSession->StdOut.phChild    = NULL;
+                    rc2 = RTHandleClose(pSession->StdErr.phChild);    AssertRC(rc2);
+                    pSession->StdErr.phChild    = NULL;
+                }
+                /*
+                 * Finally, create the process.
+                 */
+                rc = RTProcCreateEx(pszExeName, apszArgs, RTENV_DEFAULT, fProcCreate,
+                                    &hStdIn, &hStdOutAndErr, &hStdOutAndErr,
+                                    !fAnonymous ? pszUser : NULL,
+                                    !fAnonymous ? pSessionThread->StartupInfo.szPassword : NULL,
+                                    &pSessionThread->hProcess);
+            }
+        }
+#else
+        if (RT_SUCCESS(rc))
+        {
+            RTHANDLE hStdIn;
+            rc = RTFileOpenBitBucket(&hStdIn.u.hFile, RTFILE_O_READ);
+            if (RT_SUCCESS(rc))
+            {
+                hStdIn.enmType = RTHANDLETYPE_FILE;
+                RTHANDLE hStdOutAndErr;
+                rc = RTFileOpenBitBucket(&hStdOutAndErr.u.hFile, RTFILE_O_WRITE);
+                if (RT_SUCCESS(rc))
+                {
+                    hStdOutAndErr.enmType = RTHANDLETYPE_FILE;
+                    const char *pszUser = pSessionThread->StartupInfo.szUser;
+# ifdef RT_OS_WINDOWS
+                    /* If a domain name is given, construct an UPN (User Principle Name) with
+                     * the domain name built-in, e.g. "[email protected]". */
+                    char *pszUserUPN = NULL;
+                    if (strlen(pSessionThread->StartupInfo.szDomain))
+                    {
+                        int cbUserUPN = RTStrAPrintf(&pszUserUPN, "%s@%s",
+                                                     pSessionThread->StartupInfo.szUser,
+                                                     pSessionThread->StartupInfo.szDomain);
+                        if (cbUserUPN > 0)
+                        {
+                            pszUser = pszUserUPN;
+                            VGSvcVerbose(3, "Using UPN: %s\n", pszUserUPN);
+                        }
+                    }
+# endif
+                    rc = RTProcCreateEx(pszExeName, apszArgs, RTENV_DEFAULT, fProcCreate,
+                                        &hStdIn, &hStdOutAndErr, &hStdOutAndErr,
+                                        !fAnonymous ? pszUser : NULL,
+                                        !fAnonymous ? pSessionThread->StartupInfo.szPassword : NULL,
+                                        &pSessionThread->hProcess);
+# ifdef RT_OS_WINDOWS
+                    if (pszUserUPN)
+                        RTStrFree(pszUserUPN);
+# endif
+                    RTFileClose(hStdOutAndErr.u.hFile);
+                }
+                RTFileClose(hStdIn.u.hFile);
+            }
+        }
+#endif
+    }
+    else
+        rc = VERR_FILE_NOT_FOUND;
+#ifdef RT_OS_WINDOWS
+            RTStrFree(pszUserUPN);
+#endif
+            RTFileClose(hStdOutAndErr.u.hFile);
+        }
+        RTPipeClose(hStdIn.u.hPipe);
+    }
     return rc;
+}
 …
+    }
 #endif
-    int rc = VINF_SUCCESS;
     /* Static counter to help tracking session thread <-> process relations. */
     static uint32_t s_uCtrlSessionThread = 0;
+#if 1
+    if (++s_uCtrlSessionThread == 100000)
+#else /* This must be some joke, right? ;-) */
     if (s_uCtrlSessionThread++ == UINT32_MAX)
+#endif
         s_uCtrlSessionThread = 0; /* Wrap around to not let IPRT freak out. */
 …
      * Allocate and initialize the session thread structure.
      */
+    int rc;
     PVBOXSERVICECTRLSESSIONTHREAD pSessionThread = (PVBOXSERVICECTRLSESSIONTHREAD)RTMemAllocZ(sizeof(*pSessionThread));
     if (pSessionThread)
+    {
+        //pSessionThread->fShutdown = false;
+        //pSessionThread->fStarted  = false;
+        //pSessionThread->fStopped  = false;
+        pSessionThread->hKeyPipe  = NIL_RTPIPE;
+        pSessionThread->Thread    = NIL_RTTHREAD;
+        pSessionThread->hProcess  = NIL_RTPROCESS;
         /* Copy over session startup info. */
         memcpy(&pSessionThread->StartupInfo, pSessionStartupInfo, sizeof(VBOXSERVICECTRLSESSIONSTARTUPINFO));
+        pSessionThread->fShutdown = false;
+        pSessionThread->fStarted  = false;
+        pSessionThread->fStopped  = false;
+        /* Generate the secret key. */
+        RTRandBytes(pSessionThread->abKey, sizeof(pSessionThread->abKey));
         rc = RTCritSectInit(&pSessionThread->CritSect);
 …
+        {
             /*
              * Start the session thread.
+             * Give the session key to the host so it can validate the client.
              */
+            rc = vgsvcVGSvcGstCtrlSessionThreadCreateProcess(pSessionStartupInfo, pSessionThread, s_uCtrlSessionThread);
+            if (VbglR3GuestCtrlSupportsOptimizations(g_idControlSvcClient))
+            {
+                for (uint32_t i = 0; i < 10; i++)
+                {
+                    rc = VbglR3GuestCtrlSessionPrepare(g_idControlSvcClient, pSessionStartupInfo->uSessionID,
+                                                       pSessionThread->abKey, sizeof(pSessionThread->abKey));
+                    if (rc != VERR_OUT_OF_RESOURCES)
+                        break;
+                    RTThreadSleep(100);
+                }
+            }
             if (RT_SUCCESS(rc))
+            {
                 /*
                  * Start the session thread.
+                 * Start the session child process.
                  */
+                rc = RTThreadCreateF(&pSessionThread->Thread, vgsvcGstCtrlSessionThread,
+                                     pSessionThread /*pvUser*/, 0 /*cbStack*/,
+                                     RTTHREADTYPE_DEFAULT, RTTHREADFLAGS_WAITABLE, "sess%u", s_uCtrlSessionThread);
+                rc = vgsvcVGSvcGstCtrlSessionThreadCreateProcess(pSessionStartupInfo, pSessionThread, s_uCtrlSessionThread);
                 if (RT_SUCCESS(rc))
+                {
+                    /* Wait for the thread to initialize. */
+                    rc = RTThreadUserWait(pSessionThread->Thread, RT_MS_1MIN);
+                    if (   RT_SUCCESS(rc)
+                        && !ASMAtomicReadBool(&pSessionThread->fShutdown))
+                    /*
+                     * Start the session thread.
+                     */
+                    rc = RTThreadCreateF(&pSessionThread->Thread, vgsvcGstCtrlSessionThread, pSessionThread /*pvUser*/, 0 /*cbStack*/,
+                                         RTTHREADTYPE_DEFAULT, RTTHREADFLAGS_WAITABLE, "CtrlSess%u", s_uCtrlSessionThread);
+                    if (RT_SUCCESS(rc))
+                    {
+                        VGSvcVerbose(2, "Thread for session ID=%RU32 started\n", pSessionThread->StartupInfo.uSessionID);
+                        ASMAtomicXchgBool(&pSessionThread->fStarted, true);
+                        /* Add session to list. */
+                        RTListAppend(pList, &pSessionThread->Node);
+                        if (ppSessionThread) /* Return session if wanted. */
+                            *ppSessionThread = pSessionThread;
+                        return VINF_SUCCESS;
+                        /* Wait for the thread to initialize. */
+                        rc = RTThreadUserWait(pSessionThread->Thread, RT_MS_1MIN);
+                        if (   RT_SUCCESS(rc)
+                            && !ASMAtomicReadBool(&pSessionThread->fShutdown))
+                        {
+                            VGSvcVerbose(2, "Thread for session ID=%RU32 started\n", pSessionThread->StartupInfo.uSessionID);
+                            ASMAtomicXchgBool(&pSessionThread->fStarted, true);
+                            /* Add session to list. */
+                            RTListAppend(pList, &pSessionThread->Node);
+                            if (ppSessionThread) /* Return session if wanted. */
+                                *ppSessionThread = pSessionThread;
+                            return VINF_SUCCESS;
+                        }
+                        /*
+                         * Bail out.
+                         */
+                        VGSvcError("Thread for session ID=%RU32 failed to start, rc=%Rrc\n",
+                                   pSessionThread->StartupInfo.uSessionID, rc);
+                        if (RT_SUCCESS_NP(rc))
+                            rc = VERR_CANT_CREATE; /** @todo Find a better rc. */
+                    }
+                    /*
+                     * Bail out.
+                     */
+                    VGSvcError("Thread for session ID=%RU32 failed to start, rc=%Rrc\n",
+                               pSessionThread->StartupInfo.uSessionID, rc);
+                    if (RT_SUCCESS_NP(rc))
+                        rc = VERR_CANT_CREATE; /** @todo Find a better rc. */
+                    else
+                        VGSvcError("Creating session thread failed, rc=%Rrc\n", rc);
+                    RTProcTerminate(pSessionThread->hProcess);
+                    uint32_t cMsWait = 1;
+                    while (   RTProcWait(pSessionThread->hProcess, RTPROCWAIT_FLAGS_NOBLOCK, NULL) == VERR_PROCESS_RUNNING
+                           && cMsWait <= 9) /* 1023 ms */
+                    {
+                        RTThreadSleep(cMsWait);
+                        cMsWait <<= 1;
+                    }
+                }
+                else
+                    VGSvcError("Creating session thread failed, rc=%Rrc\n", rc);
+                RTProcTerminate(pSessionThread->hProcess);
+                uint32_t cMsWait = 1;
+                while (   RTProcWait(pSessionThread->hProcess, RTPROCWAIT_FLAGS_NOBLOCK, NULL) == VERR_PROCESS_RUNNING
+                       && cMsWait <= 9) /* 1023 ms */
+                {
+                    RTThreadSleep(cMsWait);
+                    cMsWait <<= 1;
+                }
+                if (VbglR3GuestCtrlSupportsOptimizations(g_idControlSvcClient))
+                    VbglR3GuestCtrlSessionCancelPrepared(g_idControlSvcClient, pSessionStartupInfo->uSessionID);
+            }
+            else
+                VGSvcVerbose(3, "VbglR3GuestCtrlSessionPrepare failed: %Rrc\n", rc);
+            RTPipeClose(pSessionThread->hKeyPipe);
+            pSessionThread->hKeyPipe = NIL_RTPIPE;
             RTCritSectDelete(&pSessionThread->CritSect);
+        }

Note: See TracChangeset for help on using the changeset viewer.

Download in other formats:

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette