You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@commons.apache.org by mt...@apache.org on 2009/09/19 08:32:51 UTC
svn commit: r816858 - in /commons/sandbox/runtime/trunk/src/main/native:
include/arch/windows/acr_arch_private.h os/win32/signals.c
os/win32/subproc.c test/testsuite.c
Author: mturk
Date: Sat Sep 19 06:32:51 2009
New Revision: 816858
URL: http://svn.apache.org/viewvc?rev=816858&view=rev
Log:
Use the shared data segment for sharing the signal session keys
Modified:
commons/sandbox/runtime/trunk/src/main/native/include/arch/windows/acr_arch_private.h
commons/sandbox/runtime/trunk/src/main/native/os/win32/signals.c
commons/sandbox/runtime/trunk/src/main/native/os/win32/subproc.c
commons/sandbox/runtime/trunk/src/main/native/test/testsuite.c
Modified: commons/sandbox/runtime/trunk/src/main/native/include/arch/windows/acr_arch_private.h
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/include/arch/windows/acr_arch_private.h?rev=816858&r1=816857&r2=816858&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/include/arch/windows/acr_arch_private.h (original)
+++ commons/sandbox/runtime/trunk/src/main/native/include/arch/windows/acr_arch_private.h Sat Sep 19 06:32:51 2009
@@ -29,6 +29,7 @@
#include <shellapi.h>
#include <winioctl.h>
#include <wtsapi32.h>
+#include <wincrypt.h>
#if defined(NTDDI_VISTA)
#if NTDDI_VERSION >= NTDDI_VISTA
Modified: commons/sandbox/runtime/trunk/src/main/native/os/win32/signals.c
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/os/win32/signals.c?rev=816858&r1=816857&r2=816858&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/os/win32/signals.c (original)
+++ commons/sandbox/runtime/trunk/src/main/native/os/win32/signals.c Sat Sep 19 06:32:51 2009
@@ -50,24 +50,37 @@
#endif
#define PIPE_TIMEOUT 1000
+
+/* Shared DLL data segment across
+ * all ACR loaders.
+ * Within the same box we share the
+ * same random session.
+ */
+#pragma data_seg(".shared$sig")
+volatile int sig_session_ini = 0;
+unsigned char sig_session_key[32] = {
+ 0xde, 0xad, 0xbe, 0xef, 0xba, 0xbe
+};
+#pragma data_seg()
+#pragma comment(linker, "/SECTION:.shared,RWS")
+
static CRITICAL_SECTION signal_lock;
-int dll_daemon_mode = 0;
static sigset_t current_signal_mask;
static sigset_t current_signal_queue;
volatile LONG current_signal_listeners;
static SIG_PF signal_handlers[ACR_NUMSIG];
static volatile int running;
+static DWORD our_priority_mode = NORMAL_PRIORITY_CLASS;
HANDLE sig_raised_event = NULL;
static HANDLE sig_handle_event = NULL;
static HANDLE sig_handle_thread = NULL;
+static int sig_pipe_local = 1;
static HANDLE sig_pipe_handle = INVALID_HANDLE_VALUE;
static wchar_t sig_pipe_name[64];
-static BYTE sig_pipe_salt[ACR_SHA1_DIGEST_LENGTH];
-static int sig_pipe_local = 1;
-static DWORD proc_priority_class = NORMAL_PRIORITY_CLASS;
+static BYTE sig_session_sha[ACR_SHA1_DIGEST_LENGTH];
typedef struct sig_pipe_data_t {
OVERLAPPED ctx;
@@ -87,9 +100,8 @@
static void make_security_cookie(acr_sig_msg_t *msg, const wchar_t *key,
DWORD sn, DWORD to)
{
- acr_sha1_ctx_t sha;
- HW_PROFILE_INFOW hw;
- unsigned char salt[ACR_SHA1_DIGEST_LENGTH];
+ acr_sha1_ctx_t sha;
+ unsigned char salt[ACR_SHA1_DIGEST_LENGTH];
acr_uint32_t me = GetCurrentProcessId();
acr_uint32_t tc = GetTickCount();
@@ -103,16 +115,12 @@
ACR_SHA1Final(salt, &shk);
ACR_SHA1Update(&sha, salt, ACR_SHA1_DIGEST_LENGTH);
}
- else if (GetCurrentHwProfileW(&hw)) {
+ else {
/* No security set.
* In most of the cases setting security is not needed if
* the system is propery secured against malitious software.
*/
- ACR_SHA1UpdateW(&sha, hw.szHwProfileGuid, wcslen(hw.szHwProfileGuid));
- }
- else {
- memset(salt, 0, sizeof(salt));
- ACR_SHA1Update(&sha, salt, ACR_SHA1_DIGEST_LENGTH);
+ ACR_SHA1Update(&sha, sig_session_key, sizeof(sig_session_key));
}
ACR_SHA1Update(&sha, (unsigned char *)&sn, sizeof(acr_uint32_t));
ACR_SHA1Update(&sha, (unsigned char *)&me, sizeof(acr_uint32_t));
@@ -142,13 +150,10 @@
}
ACR_SHA1Init(&sha);
- if (sig_pipe_local) {
- HW_PROFILE_INFOW hw;
- if (GetCurrentHwProfileW(&hw))
- ACR_SHA1UpdateW(&sha, hw.szHwProfileGuid, wcslen(hw.szHwProfileGuid));
- }
+ if (sig_pipe_local)
+ ACR_SHA1Update(&sha, sig_session_key, sizeof(sig_session_key));
else
- ACR_SHA1Update(&sha, sig_pipe_salt, ACR_SHA1_DIGEST_LENGTH);
+ ACR_SHA1Update(&sha, sig_session_sha, ACR_SHA1_DIGEST_LENGTH);
ACR_SHA1Update(&sha, (unsigned char *)&(msg->signal), sizeof(acr_uint32_t));
ACR_SHA1Update(&sha, (unsigned char *)&(msg->sender), sizeof(acr_uint32_t));
ACR_SHA1Update(&sha, (unsigned char *)&(msg->ticket), sizeof(acr_uint32_t));
@@ -171,7 +176,7 @@
case SIGSTOP:
dw = GetPriorityClass(GetCurrentProcess());
if (dw != IDLE_PRIORITY_CLASS) {
- proc_priority_class = dw;
+ our_priority_mode = dw;
/* Not really a stop but as close as we can get
* Since MSDN says it will work during idle time
* on busy system this should be as close to the stopped
@@ -182,7 +187,7 @@
#if defined(DEBUG)
else {
fprintf(stdout, "[native] Already susspended from 0x%08X\n",
- proc_priority_class);
+ our_priority_mode);
fflush(stdout);
}
@@ -191,9 +196,9 @@
case SIGCONT:
dw = GetPriorityClass(GetCurrentProcess());
if (dw == IDLE_PRIORITY_CLASS)
- SetPriorityClass(GetCurrentProcess(), proc_priority_class);
+ SetPriorityClass(GetCurrentProcess(), our_priority_mode);
else
- proc_priority_class = dw;
+ our_priority_mode = dw;
break;
case SIGABRT:
pre_exit_cleanup();
@@ -457,7 +462,7 @@
return rv;
}
-static DWORD WINAPI sig_handler_main(LPVOID unused)
+static unsigned int __stdcall sig_handler_main(void *unused)
{
OVERLAPPED sync;
HANDLE wh[2];
@@ -549,9 +554,31 @@
break;
}
}
+
return 0;
}
+static int new_sig_session_key()
+{
+ HCRYPTPROV hProv;
+ int rc = 0;
+
+ if (!CryptAcquireContext(&hProv, NULL, NULL, PROV_RSA_FULL,
+ CRYPT_VERIFYCONTEXT | CRYPT_SILENT)) {
+ return ACR_GET_OS_ERROR();
+ }
+ /* XXX: An ugly hack for Win64, randomness is such that noone should
+ * ever expect > 2^31 bytes of data at once without the prng
+ * coming to a complete halt.
+ */
+ if (!CryptGenRandom(hProv, (DWORD)sizeof(sig_session_key),
+ sig_session_key)) {
+ rc = ACR_GET_OS_ERROR();
+ }
+ CryptReleaseContext(hProv, 0);
+ return rc;
+}
+
int acr_SignalsInit()
{
HANDLE h;
@@ -570,16 +597,22 @@
return ACR_GET_OS_ERROR();
return 0;
}
+ if (sig_session_ini++ == 0) {
+ /* Generate the random session key since
+ * we are the first process loaded dll.
+ * There's a potential race condition here
+ * but at the end even if two processes are
+ * updating the key, they will all end up
+ * using the same one.
+ */
+ int rc = new_sig_session_key();
+ if (rc) {
+ return rc;
+ }
+ }
if (!InitializeCriticalSectionAndSpinCount(&signal_lock, ACR_SPINCOUNT)) {
return ACR_GET_OS_ERROR();
}
- if (!SetConsoleCtrlHandler(console_event_handler, TRUE)) {
- int rc = ACR_GET_OS_ERROR();
-
- DeleteCriticalSection(&signal_lock);
- running = 0;
- return rc;
- }
sigemptyset(¤t_signal_queue);
sigemptyset(¤t_signal_mask);
@@ -626,17 +659,16 @@
signal_handlers[SIGQUIT] = SIG_DFL;
signal_handlers[SIGTERM] = SIG_DFL;
- memset(sig_pipe_salt, 0, sizeof(sig_pipe_salt));
/* Get the global signal pipe name.
* Combined from pid and ACR_NUMSIG.
*/
pipe_name_from_pid(sig_pipe_name, GetCurrentProcessId(), ACR_NUMSIG);
- if (!(h = CreateThread(NULL,
- 0,
- sig_handler_main,
- NULL,
- 0,
- &i))) {
+ if (!(h = (HANDLE)_beginthreadex(NULL,
+ 0,
+ sig_handler_main,
+ NULL,
+ 0,
+ NULL))) {
/* Failed creating thread.
* If we ever get here the system is
* unstable and will probably crash
@@ -645,6 +677,14 @@
goto cleanup;
}
sig_handle_thread = h;
+ if (!SetConsoleCtrlHandler(console_event_handler, TRUE)) {
+ int rc = ACR_GET_OS_ERROR();
+
+ DeleteCriticalSection(&signal_lock);
+ running = 0;
+ return rc;
+ }
+
return 0;
cleanup:
@@ -817,7 +857,7 @@
ACR_SHA1Init(&sha);
ACR_SHA1UpdateW(&sha, key, wcslen(key));
ACR_SHA1Update(&sha, (unsigned char *)&me, sizeof(acr_uint32_t));
- ACR_SHA1Final(sig_pipe_salt, &sha);
+ ACR_SHA1Final(sig_session_sha, &sha);
sig_pipe_local = 0;
return 0;
@@ -825,15 +865,17 @@
int acr_SignalsCleanup(void)
{
+ int rc = ACR_SUCCESS;
if (!running)
return ACR_SUCCESS;
running = 0;
SetEvent(sig_raised_event);
- if (sig_handle_thread) {
+ if (IS_VALID_HANDLE(sig_handle_thread)) {
SetEvent(sig_handle_event);
if (WaitForSingleObject(sig_handle_thread, 1000))
- return ACR_INCOMPLETE;
+ rc = ACR_INCOMPLETE;
+ CloseHandle(sig_handle_thread);
}
- return ACR_SUCCESS;
+ return rc;
}
Modified: commons/sandbox/runtime/trunk/src/main/native/os/win32/subproc.c
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/os/win32/subproc.c?rev=816858&r1=816857&r2=816858&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/os/win32/subproc.c (original)
+++ commons/sandbox/runtime/trunk/src/main/native/os/win32/subproc.c Sat Sep 19 06:32:51 2009
@@ -27,7 +27,7 @@
#if !defined(ACR_DECLARE_EXPORT)
/* Make sure we are exported from DLL */
-#error "Subproc cannot be compiled as part of static library
+#error "Subproc cannot be compiled as part of static library"
#endif
/* Subproc is a way how ACR launches external programs without flashing
@@ -43,16 +43,22 @@
/* Rundll32 Subproc exports.
* Wide char version doesn't fill the CmdLine correctly
- * (testes both with cmd and cmd /U, however I don't have Unicode system,
+ * (tested both with cmd and cmd /U, however I don't have Unicode system,
* so cannot tell for sure. However GetCommandLineW works as expected, with
* the exception that it returns full command line since we are now inside
- * rundll32 process.
- * Use _TestRun@16 for entry point.
- * We could use the .def file or /EXPORT:FunctionName and have decorated names.
+ * Rundll32 process.
+ *
* Note:
* Rundll32 is missing console, so redirection must be performed, and it requires
- * the short names for locating the .dll.
+ * the short name for loading the .dll.
+ * Usage: Rundll32.exe <ShortPath\[lib]acr.dll>,SubprocMainW ...
*/
+
+ /*
+ * Instead in Makefile exports could go here as well
+ *
+ *#pragma comment(linker, "/EXPORT:SubprocMainW")
+ */
__declspec(dllexport) void __stdcall SubprocMainW(HWND hwnd, HINSTANCE hinst,
LPWSTR lpszCmdLine,
int nCmdShow)
Modified: commons/sandbox/runtime/trunk/src/main/native/test/testsuite.c
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/test/testsuite.c?rev=816858&r1=816857&r2=816858&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/test/testsuite.c (original)
+++ commons/sandbox/runtime/trunk/src/main/native/test/testsuite.c Sat Sep 19 06:32:51 2009
@@ -46,6 +46,7 @@
#include <io.h>
#include <process.h>
#include <sys/stat.h>
+#include <conio.h>
#define random rand
#define srandom srand
#define PRINT_PSTR "%S"
@@ -534,10 +535,9 @@
if (*argv[0] == 's') {
printf("Server waiting %d parent=%d\n", getpid(), getppid());
#if defined(WIN32)
- Sleep(20000);
+ _getche();
#else
- /* TODO: Add portable ACR_Sleep() from APR
- */
+ getchar();
#endif
}
else {
@@ -546,7 +546,7 @@
if (ppid == 0)
return ACR_EINVAL;
if (argc > 1) {
- int signo = atoi(argv[1]);
+ int signo = atoi(argv[1]);
rc = ACR_RaiseSignal(NULL, signo, ppid);
}
else {