New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 617185 link

Starred by 1 user
Status: Verified
Owner:
ajnolley@chromium.org
Last visit > 30 days ago
Closed: Sep 2016
Components:
EstimatedDays: ----
NextAction: ----
OS: Windows
Pri: 2
Type: Feature

Blocked on:
issue 645540


Sign in to add a comment

Update Windows It2Me to allow remote users to interact with elevated windows

Project Member Reported by joedow@chromium.org, Jun 3 2016 
Update Windows It2Me solution to use uiAccess manifest flag which will allow remote users to interact with elevated windows.

Comment 1 by joedow@chromium.org, Jun 3 2016

Components: Services>Chromoting

Comment 2 by joedow@chromium.org, Jul 12 2016

Status: Started (was: Assigned)
Project Member

Comment 3 by bugdroid1@chromium.org, Aug 1 2016 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/e99d91e315defc0b0e01e9b533c3284a07035d66

commit e99d91e315defc0b0e01e9b533c3284a07035d66
Author: joedow <joedow@chromium.org>
Date: Mon Aug 01 20:27:46 2016

Refactoring Native Messaging Host process launching code into its own file.

This change will allow Me2Me and It2Me native messaging hosts to use the same
code to launch and commnicate with an elevated (admin/uiaccess) child process.

BUG= 617185 

Review-Url: https://codereview.chromium.org/2152953002
Cr-Commit-Position: refs/heads/master@{#409043}

[modify] https://crrev.com/e99d91e315defc0b0e01e9b533c3284a07035d66/remoting/host/BUILD.gn
[modify] https://crrev.com/e99d91e315defc0b0e01e9b533c3284a07035d66/remoting/host/setup/me2me_native_messaging_host.cc
[modify] https://crrev.com/e99d91e315defc0b0e01e9b533c3284a07035d66/remoting/host/setup/me2me_native_messaging_host.h
[modify] https://crrev.com/e99d91e315defc0b0e01e9b533c3284a07035d66/remoting/host/setup/me2me_native_messaging_host_main.cc
[modify] https://crrev.com/e99d91e315defc0b0e01e9b533c3284a07035d66/remoting/host/switches.cc
[modify] https://crrev.com/e99d91e315defc0b0e01e9b533c3284a07035d66/remoting/host/switches.h
[add] https://crrev.com/e99d91e315defc0b0e01e9b533c3284a07035d66/remoting/host/win/launch_native_messaging_host_process.cc
[add] https://crrev.com/e99d91e315defc0b0e01e9b533c3284a07035d66/remoting/host/win/launch_native_messaging_host_process.h
[modify] https://crrev.com/e99d91e315defc0b0e01e9b533c3284a07035d66/remoting/remoting_host_win.gypi
[modify] https://crrev.com/e99d91e315defc0b0e01e9b533c3284a07035d66/remoting/remoting_test.gypi
Project Member

Comment 4 by bugdroid1@chromium.org, Aug 1 2016 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/d4e32e5c0e660268a8e262f6b58ed5412d62a304

commit d4e32e5c0e660268a8e262f6b58ed5412d62a304
Author: joedow <joedow@chromium.org>
Date: Mon Aug 01 20:40:03 2016

Refactoring Me2MeNativeMessagingHost to implement NativeMessageHost interface

This change updates the Me2Me native messaging host to use the same interface
as the It2Me native messaging host.  This change reduces the differences
between the two hosts and will make it simpler to continue the refactoring in
my next change to allow Me2Me and It2Me native messaging hosts to share the
same process elevation logic and communication channel.

BUG= 617185 

Review-Url: https://codereview.chromium.org/2153313002
Cr-Commit-Position: refs/heads/master@{#409046}

[modify] https://crrev.com/d4e32e5c0e660268a8e262f6b58ed5412d62a304/remoting/host/it2me/it2me_native_messaging_host.cc
[modify] https://crrev.com/d4e32e5c0e660268a8e262f6b58ed5412d62a304/remoting/host/it2me/it2me_native_messaging_host.h
[modify] https://crrev.com/d4e32e5c0e660268a8e262f6b58ed5412d62a304/remoting/host/it2me/it2me_native_messaging_host_main.cc
[modify] https://crrev.com/d4e32e5c0e660268a8e262f6b58ed5412d62a304/remoting/host/setup/me2me_native_messaging_host.cc
[modify] https://crrev.com/d4e32e5c0e660268a8e262f6b58ed5412d62a304/remoting/host/setup/me2me_native_messaging_host.h
[modify] https://crrev.com/d4e32e5c0e660268a8e262f6b58ed5412d62a304/remoting/host/setup/me2me_native_messaging_host_main.cc
[modify] https://crrev.com/d4e32e5c0e660268a8e262f6b58ed5412d62a304/remoting/host/setup/me2me_native_messaging_host_unittest.cc

Comment 6 by joedow@chromium.org, Aug 23 2016

Labels: -M-54 M-55
Project Member

Comment 7 by bugdroid1@chromium.org, Aug 26 2016 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/f9f0423abeb242dd3c23bbd44655a2a2a513e392

commit f9f0423abeb242dd3c23bbd44655a2a2a513e392
Author: joedow <joedow@chromium.org>
Date: Fri Aug 26 22:39:35 2016

Adding an It2Me host binary which is uiaccess enabled.

This binary will be used by the non-elevated It2Me process to allow the remote
user to interact with higher UIPI level windows on the desktop.

BUG= 617185 

Review-Url: https://codereview.chromium.org/2185693003
Cr-Commit-Position: refs/heads/master@{#414837}

[modify] https://crrev.com/f9f0423abeb242dd3c23bbd44655a2a2a513e392/remoting/BUILD.gn
[modify] https://crrev.com/f9f0423abeb242dd3c23bbd44655a2a2a513e392/remoting/host/BUILD.gn
[modify] https://crrev.com/f9f0423abeb242dd3c23bbd44655a2a2a513e392/remoting/host/installer/win/chromoting.wxs
[modify] https://crrev.com/f9f0423abeb242dd3c23bbd44655a2a2a513e392/remoting/host/it2me/BUILD.gn
[modify] https://crrev.com/f9f0423abeb242dd3c23bbd44655a2a2a513e392/remoting/host/predefines_win.gni
[add] https://crrev.com/f9f0423abeb242dd3c23bbd44655a2a2a513e392/remoting/host/win/enable_uiaccess.manifest
[modify] https://crrev.com/f9f0423abeb242dd3c23bbd44655a2a2a513e392/remoting/host/win/version.rc.jinja2
[modify] https://crrev.com/f9f0423abeb242dd3c23bbd44655a2a2a513e392/remoting/remoting.gyp
[modify] https://crrev.com/f9f0423abeb242dd3c23bbd44655a2a2a513e392/remoting/remoting_host_win.gypi
Project Member

Comment 8 by bugdroid1@chromium.org, Aug 30 2016 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/6f0893de17c488ead4015e8e6b222fc2fef28c0d

commit 6f0893de17c488ead4015e8e6b222fc2fef28c0d
Author: joedow <joedow@chromium.org>
Date: Tue Aug 30 04:40:54 2016

Adding a policy for using the uiAccess enabled It2Me binary on Windows

This change adds a Chrome enterprise policy to control whether or not we use
the uiAccess enabled binary for It2Me or the binary which runs at the user's
integrity level.

BUG= 617185 

Review-Url: https://codereview.chromium.org/2252243002
Cr-Commit-Position: refs/heads/master@{#415107}

[modify] https://crrev.com/6f0893de17c488ead4015e8e6b222fc2fef28c0d/chrome/test/data/policy/policy_test_cases.json
[modify] https://crrev.com/6f0893de17c488ead4015e8e6b222fc2fef28c0d/components/policy/resources/policy_templates.json
[modify] https://crrev.com/6f0893de17c488ead4015e8e6b222fc2fef28c0d/remoting/host/policy_watcher.cc
[modify] https://crrev.com/6f0893de17c488ead4015e8e6b222fc2fef28c0d/remoting/host/policy_watcher_unittest.cc
[modify] https://crrev.com/6f0893de17c488ead4015e8e6b222fc2fef28c0d/tools/metrics/histograms/histograms.xml
Project Member

Comment 9 by bugdroid1@chromium.org, Aug 31 2016 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/7dc48990ea0ea98b1afa35697676895307f9c615

commit 7dc48990ea0ea98b1afa35697676895307f9c615
Author: joedow <joedow@chromium.org>
Date: Wed Aug 31 19:13:38 2016

Adding a new authenticator which validates incoming connection details

This change introduces a new authenticator class which handles two scenarios:
- Connection policy validation (i.e. do the details of the connection match the
  current policies set on the machine)
- Interactive connection validation (i.e. prompt the user to allow the
  connection to be established)

The first scenario is typically synchronous but the second is async, therefore
this validation mechanism must handle both.  The new authenticator class wraps
another, functional authenticator to provide a level of validation before
allowing the wrapped authenticator to take over.

BUG= 617185 

Review-Url: https://codereview.chromium.org/2277553002
Cr-Commit-Position: refs/heads/master@{#415715}

[modify] https://crrev.com/7dc48990ea0ea98b1afa35697676895307f9c615/remoting/protocol/BUILD.gn
[modify] https://crrev.com/7dc48990ea0ea98b1afa35697676895307f9c615/remoting/protocol/authenticator.h
[modify] https://crrev.com/7dc48990ea0ea98b1afa35697676895307f9c615/remoting/protocol/jingle_session.cc
[modify] https://crrev.com/7dc48990ea0ea98b1afa35697676895307f9c615/remoting/protocol/protocol_mock_objects.cc
[modify] https://crrev.com/7dc48990ea0ea98b1afa35697676895307f9c615/remoting/protocol/protocol_mock_objects.h
[add] https://crrev.com/7dc48990ea0ea98b1afa35697676895307f9c615/remoting/protocol/validating_authenticator.cc
[add] https://crrev.com/7dc48990ea0ea98b1afa35697676895307f9c615/remoting/protocol/validating_authenticator.h
[add] https://crrev.com/7dc48990ea0ea98b1afa35697676895307f9c615/remoting/protocol/validating_authenticator_unittest.cc
[modify] https://crrev.com/7dc48990ea0ea98b1afa35697676895307f9c615/remoting/remoting_srcs.gypi
Project Member

Comment 10 by bugdroid1@chromium.org, Aug 31 2016 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/9816b437d44dbaf5d9571216bb0b21bb6dc452bd

commit 9816b437d44dbaf5d9571216bb0b21bb6dc452bd
Author: joedow <joedow@chromium.org>
Date: Wed Aug 31 22:09:15 2016

Updating It2Me to use the new ValidatingAuthenticator class

This change moves the connection validation logic for It2Me from the host
factory and into a callback in the It2Mehost class.

A subsequent change will move the confirmation dialog into this new method as
well but that is a larger change and I wanted to keep the initial change small.

BUG= 617185 

Review-Url: https://codereview.chromium.org/2271933002
Cr-Commit-Position: refs/heads/master@{#415774}

[modify] https://crrev.com/9816b437d44dbaf5d9571216bb0b21bb6dc452bd/remoting/host/BUILD.gn
[modify] https://crrev.com/9816b437d44dbaf5d9571216bb0b21bb6dc452bd/remoting/host/it2me/it2me_host.cc
[modify] https://crrev.com/9816b437d44dbaf5d9571216bb0b21bb6dc452bd/remoting/host/it2me/it2me_host.h
[add] https://crrev.com/9816b437d44dbaf5d9571216bb0b21bb6dc452bd/remoting/host/it2me/it2me_host_unittest.cc
[modify] https://crrev.com/9816b437d44dbaf5d9571216bb0b21bb6dc452bd/remoting/host/it2me/it2me_native_messaging_host_unittest.cc
[modify] https://crrev.com/9816b437d44dbaf5d9571216bb0b21bb6dc452bd/remoting/protocol/it2me_host_authenticator_factory.cc
[modify] https://crrev.com/9816b437d44dbaf5d9571216bb0b21bb6dc452bd/remoting/protocol/it2me_host_authenticator_factory.h
[modify] https://crrev.com/9816b437d44dbaf5d9571216bb0b21bb6dc452bd/remoting/signaling/jid_util.h
Project Member

Comment 11 by bugdroid1@chromium.org, Sep 3 2016 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/5e3932143c85ccc346653588c4e30441e506a59c

commit 5e3932143c85ccc346653588c4e30441e506a59c
Author: joedow <joedow@chromium.org>
Date: Sat Sep 03 00:30:34 2016

Addressing feedback from ValidatingAuthenticator CL

This change addresses comments left on
https://codereview.chromium.org/2277553002/ after it was checked in.

The comments were around improvements to the switch used to set the
current authenticator state.  I addressed them by removing the default
case (and leaving a comment on why) and moving the success case into the
switch.

BUG= 617185 

Review-Url: https://codereview.chromium.org/2308133002
Cr-Commit-Position: refs/heads/master@{#416410}

[modify] https://crrev.com/5e3932143c85ccc346653588c4e30441e506a59c/remoting/protocol/validating_authenticator.cc
Project Member

Comment 12 by bugdroid1@chromium.org, Sep 6 2016 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/a89fa1aab1ef6fda1e88e2482c867594157d89e4

commit a89fa1aab1ef6fda1e88e2482c867594157d89e4
Author: joedow <joedow@chromium.org>
Date: Tue Sep 06 23:48:59 2016

Update Windows It2Me to allow remote users to interact with elevated windows

This changes updates the existing It2Me host for windows to use a second
process It2Me process (with the uiaccess flag in its manifest) to allow
the remote user to interact with elevated windows on the desktop.

BUG= 617185 

Review-Url: https://codereview.chromium.org/2179353004
Cr-Commit-Position: refs/heads/master@{#416778}

[modify] https://crrev.com/a89fa1aab1ef6fda1e88e2482c867594157d89e4/chrome/browser/extensions/api/messaging/native_message_host_chromeos.cc
[modify] https://crrev.com/a89fa1aab1ef6fda1e88e2482c867594157d89e4/remoting/host/android/jni_host.cc
[modify] https://crrev.com/a89fa1aab1ef6fda1e88e2482c867594157d89e4/remoting/host/it2me/it2me_host.cc
[modify] https://crrev.com/a89fa1aab1ef6fda1e88e2482c867594157d89e4/remoting/host/it2me/it2me_host.h
[modify] https://crrev.com/a89fa1aab1ef6fda1e88e2482c867594157d89e4/remoting/host/it2me/it2me_native_messaging_host.cc
[modify] https://crrev.com/a89fa1aab1ef6fda1e88e2482c867594157d89e4/remoting/host/it2me/it2me_native_messaging_host.h
[modify] https://crrev.com/a89fa1aab1ef6fda1e88e2482c867594157d89e4/remoting/host/it2me/it2me_native_messaging_host_main.cc
[modify] https://crrev.com/a89fa1aab1ef6fda1e88e2482c867594157d89e4/remoting/host/it2me/it2me_native_messaging_host_unittest.cc
[modify] https://crrev.com/a89fa1aab1ef6fda1e88e2482c867594157d89e4/remoting/host/win/elevation_helpers.cc
[modify] https://crrev.com/a89fa1aab1ef6fda1e88e2482c867594157d89e4/remoting/host/win/elevation_helpers.h
[modify] https://crrev.com/a89fa1aab1ef6fda1e88e2482c867594157d89e4/remoting/host/win/launch_native_messaging_host_process.cc

Comment 13 by sergeyu@chromium.org, Sep 9 2016

Blockedon: 645540
I've filed  bug 645540  for the new It2Me prompt we talked about yesterday. I think it's better to track it separately as it affects all platform.

Comment 14 by joedow@chromium.org, Sep 12 2016 

Tracking the It2Me Dialog changes separately SGTM.
Project Member

Comment 15 by bugdroid1@chromium.org, Sep 16 2016 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/6bdf6f38d40d69ea093f7577a654d0b87d81c09c

commit 6bdf6f38d40d69ea093f7577a654d0b87d81c09c
Author: joedow <joedow@chromium.org>
Date: Fri Sep 16 17:51:43 2016

Adding UiAccess enabled binary to the signing list

This is needed to allow the UiAccess enabled binary to work.  Otherwise the
binary will crash on launch which is an undesirable behavior.

BUG= 617185 

Review-Url: https://codereview.chromium.org/2349583002
Cr-Commit-Position: refs/heads/master@{#419211}

[modify] https://crrev.com/6bdf6f38d40d69ea093f7577a654d0b87d81c09c/remoting/host/installer/win/parameters.json

Comment 16 by joedow@chromium.org, Sep 20 2016

Owner: ajnolley@chromium.org
Status: Fixed (was: Started)
And it's done!  It2Me has been updated.  The Chrome Policy "RemoteAccessHostAllowUiAccessForRemoteAssistance" must be set to '1' and then the remote user will be granted UiAccesss permissions.

Comment 17 by ajnolley@chromium.org, Sep 21 2016

Status: Verified (was: Fixed)
After entering the policy and setting to 1, the remote user can interact with elevated windows (not including the UAC prompt, which is by design). Verified in 55.0.2867.0

Sign in to add a comment