| blob | dfcb17a4809ac60f54b8e62d09abe754e638c002 |
1 /* Copyright (c) 2003, Roger Dingledine
2 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
3 * Copyright (c) 2007-2021, The Tor Project, Inc. */
4 /* See LICENSE for licensing information */
6 /**
7 * \file process_win32.c
8 * \brief Module for working with Windows processes.
9 **/
11 #define PROCESS_WIN32_PRIVATE
23 #ifdef HAVE_SYS_TIME_H
24 #include <sys/time.h>
25 #endif
27 #ifdef HAVE_STRING_H
28 #include <string.h>
29 #endif
31 #ifdef _WIN32
33 /** The size of our intermediate buffers. */
34 #define BUFFER_SIZE (1024)
36 /** Timer that ticks once a second and calls the process_win32_timer_callback()
37 * function. */
40 /** Structure to represent the state around the pipe HANDLE.
41 *
42 * This structure is used to store state about a given HANDLE, including
43 * whether we have reached end of file, its intermediate buffers, and how much
44 * data that is available in the intermediate buffer. */
46 /** Standard out pipe handle. */
47 HANDLE pipe;
49 /** True iff we have reached EOF from the pipe. */
52 /** How much data is available in buffer. */
55 /** Intermediate buffer for ReadFileEx() and WriteFileEx(). */
58 /** Overlapped structure for ReadFileEx() and WriteFileEx(). */
59 OVERLAPPED overlapped;
61 /** Are we waiting for another I/O operation to complete? */
63 };
65 /** Structure to represent the Windows specific implementation details of this
66 * Process backend.
67 *
68 * This structure is attached to <b>process_t</b> (see process.h) and is
69 * reachable from <b>process_t</b> via the <b>process_get_win32_process()</b>
70 * method. */
72 /** Standard in state. */
73 process_win32_handle_t stdin_handle;
75 /** Standard out state. */
76 process_win32_handle_t stdout_handle;
78 /** Standard error state. */
79 process_win32_handle_t stderr_handle;
81 /** Process Information. */
82 PROCESS_INFORMATION process_information;
83 };
85 /** Create a new <b>process_win32_t</b>.
86 *
87 * This function constructs a new <b>process_win32_t</b> and initializes the
88 * default values. */
89 process_win32_t *
91 {
100 }
102 /** Free a given <b>process_win32_t</b>.
103 *
104 * This function deinitializes and frees up the resources allocated for the
105 * given <b>process_win32_t</b>. */
106 void
108 {
112 /* Cleanup our handles. */
118 }
120 /** Initialize the Windows backend of the Process subsystem. */
121 void
123 {
124 /* We don't start the periodic timer here because it makes no sense to have
125 * the timer running until we have some processes that benefits from the
126 * timer timer ticks. */
127 }
129 /** Deinitialize the Windows backend of the Process subsystem. */
130 void
132 {
133 /* Stop our timer, but only if it's running. */
136 }
138 /** Execute the given process. This function is responsible for setting up
139 * named pipes for I/O between the child process and the Tor process. Returns
140 * <b>PROCESS_STATUS_RUNNING</b> upon success. */
141 process_status_t
143 {
156 /* Setup our security attributes. */
157 SECURITY_ATTRIBUTES security_attributes;
160 /* FIXME: should we set explicit security attributes?
161 * (See Ticket #2046, comment 5) */
164 /* Create our standard out pipe. */
168 PROCESS_WIN32_PIPE_TYPE_READER)) {
170 }
172 /* Create our standard error pipe. */
176 PROCESS_WIN32_PIPE_TYPE_READER)) {
178 }
180 /* Create out standard in pipe. */
184 PROCESS_WIN32_PIPE_TYPE_WRITER)) {
186 }
188 /* Configure startup info for our child process. */
189 STARTUPINFOA startup_info;
198 /* Create the env value for our new process. */
201 /* Create the argv value for our new process. */
204 /* Windows expects argv to be a whitespace delimited string, so join argv up
205 */
208 /* Create the child process */
210 joined_argv,
211 NULL,
212 NULL,
213 TRUE,
214 CREATE_NO_WINDOW,
217 NULL,
229 /* Cleanup our handles. */
237 /* In the Unix backend, we do not get an error in the Tor process when a
238 * child process fails to spawn its target executable since we need to
239 * first do the fork() call in the Tor process and then the child process
240 * is responsible for doing the call to execve().
241 *
242 * This means that the user of the process_exec() API must check for
243 * whether it returns PROCESS_STATUS_ERROR, which will rarely happen on
244 * Unix, but will happen for error cases on Windows where it does not
245 * happen on Unix. For example: when the target executable does not exist
246 * on the file system.
247 *
248 * To have somewhat feature compatibility between the Unix and the Windows
249 * backend, we here notify the process_t owner that the process have exited
250 * (even though it never managed to run) to ensure that the exit callback
251 * is executed.
252 */
256 }
258 /* TODO: Should we close hProcess and hThread in
259 * process_handle->process_information? */
264 /* Close our ends of the pipes that is now owned by the child process. */
269 /* Used by the callback functions from ReadFileEx() and WriteFileEx() such
270 * that we can figure out which process_t that was responsible for the event.
271 *
272 * Warning, here be dragons:
273 *
274 * MSDN says that the hEvent member of the overlapped structure is unused
275 * for ReadFileEx() and WriteFileEx, which allows us to store a pointer to
276 * our process state there.
277 */
282 /* Start our timer if it is not already running. */
286 /* We use Windows Extended I/O functions, so our completion callbacks are
287 * called automatically for us when there is data to read. Because of this
288 * we start the read of standard out and error right away. */
293 }
295 /** Terminate the given process. Returns true on success, otherwise false. */
296 bool
298 {
303 /* Terminate our process. */
304 BOOL ret;
312 }
314 /* Cleanup our handles. */
320 }
322 /** Returns the unique process identifier for the given <b>process</b>. */
323 process_pid_t
325 {
330 }
332 /** Schedule an async write of the data found in <b>buffer</b> for the given
333 * process. This function runs an async write operation of the content of
334 * buffer, if we are not already waiting for a pending I/O request. Returns the
335 * number of bytes that Windows will hopefully write for us in the background.
336 * */
337 int
339 {
348 /* Windows is still writing our buffer. */
352 /* Nothing for us to do right now. */
356 /* We have reached end of file already? */
360 /* Figure out how much data we should read. */
364 /* Read data from the process_t buffer into our intermediate buffer. */
367 /* Because of the slightly weird API for WriteFileEx() we must set this to 0
368 * before we call WriteFileEx() because WriteFileEx() does not reset the last
369 * error itself when it's successful. See comment below after the call to
370 * GetLastError(). */
373 /* Schedule our write. */
376 write_size,
378 process_win32_stdin_write_done);
383 /* No need to log at warning level for these two. */
390 }
394 }
396 /* Here be dragons: According to MSDN's documentation for WriteFileEx() we
397 * should check GetLastError() after a call to WriteFileEx() even though the
398 * `ret` return value was successful. If everything is good, GetLastError()
399 * returns `ERROR_SUCCESS` and nothing happens.
400 *
401 * XXX(ahf): I have not managed to trigger this code while stress-testing
402 * this code. */
406 /* LCOV_EXCL_START */
411 /* LCOV_EXCL_STOP */
412 }
414 /* This cast should be safe since our buffer can maximum be BUFFER_SIZE
415 * large. */
417 }
419 /** This function is called from the Process subsystem whenever the Windows
420 * backend says it has data ready. This function also ensures that we are
421 * starting a new background read from the standard output of the child process
422 * and asks Windows to call process_win32_stdout_read_done() when that
423 * operation is finished. Returns the number of bytes moved into <b>buffer</b>.
424 * */
425 int
427 {
434 buffer,
435 process_win32_stdout_read_done);
436 }
438 /** This function is called from the Process subsystem whenever the Windows
439 * backend says it has data ready. This function also ensures that we are
440 * starting a new background read from the standard error of the child process
441 * and asks Windows to call process_win32_stderr_read_done() when that
442 * operation is finished. Returns the number of bytes moved into <b>buffer</b>.
443 * */
444 int
446 {
453 buffer,
454 process_win32_stderr_read_done);
455 }
457 /** This function is responsible for moving the Tor process into what Microsoft
458 * calls an "alertable" state. Once the process is in an alertable state the
459 * Windows kernel will notify us when our background I/O requests have finished
460 * and the callbacks will be executed. */
461 void
463 {
464 DWORD ret;
466 /* The call to SleepEx(dwMilliseconds, dwAlertable) makes the process sleep
467 * for dwMilliseconds and if dwAlertable is set to TRUE it will also cause
468 * the process to enter alertable state, where the Windows kernel will notify
469 * us about completed I/O requests from ReadFileEx() and WriteFileEX(), which
470 * will cause our completion callbacks to be executed.
471 *
472 * This function returns 0 if the time interval expired or WAIT_IO_COMPLETION
473 * if one or more I/O callbacks were executed. */
476 /* Warn us if the function returned something we did not anticipate. */
479 }
480 }
482 /** Start the periodic timer which is responsible for checking whether
483 * processes are still alive and to make sure that the Tor process is
484 * periodically being moved into an alertable state. */
485 void
487 {
488 /* Make sure we never start our timer if it's already running. */
492 /* Wake up once a second. */
498 process_win32_timer_callback,
499 NULL);
500 }
502 /** Stops the periodic timer. */
503 void
505 {
511 }
513 /** Returns true iff the periodic timer is running. */
514 bool
516 {
518 }
520 /** This function is called whenever the periodic_timer ticks. The function is
521 * responsible for moving the Tor process into an alertable state once a second
522 * and checking for whether our child processes have terminated since the last
523 * tick. */
524 STATIC void
526 {
530 /* Move the process into an alertable state. */
533 /* Check if our processes are still alive. */
535 /* Since the call to process_win32_timer_test_process() might call
536 * process_notify_event_exit() which again might call process_free() which
537 * updates the list of processes returned by process_get_all_processes() it
538 * is important here that we make sure to not touch the list of processes if
539 * the call to process_win32_timer_test_process() returns true. */
547 /* If process_win32_timer_test_process() returns true, it means that
548 * smartlist_remove() might have been called on the list returned by
549 * process_get_all_processes(). We start the loop over again until we
550 * have a successful run over the entire list where the list was not
551 * modified. */
555 }
558 }
560 /** Test whether a given process is still alive. Notify the Process subsystem
561 * if our process have died. Returns true iff the given process have
562 * terminated. */
563 STATIC bool
565 {
568 /* No need to look at processes that don't claim they are running. */
576 /* Sometimes the Windows kernel won't give us the EOF/Broken Pipe error
577 * message until some time after the process have actually terminated. We
578 * make sure that our ReadFileEx() calls for the process have *all* returned
579 * and both standard out and error have been marked as EOF before we try to
580 * see if the process terminated.
581 *
582 * This ensures that we *never* call the exit callback of the `process_t`,
583 * which potentially ends up calling `process_free()` on our `process_t`,
584 * before all data have been received from the process.
585 *
586 * We do NOT have a check here for whether standard in reached EOF since
587 * standard in's WriteFileEx() function is only called on-demand when we have
588 * something to write and is thus usually not awaiting to finish any
589 * operations. If we WriteFileEx() to a file that has terminated we'll simply
590 * get an error from ReadFileEx() or its completion routine and move on with
591 * life. */
598 /* We start by testing whether our process is still running. */
606 }
608 /* Notify our process_t that our process have terminated. Since our
609 * exit_callback might decide to process_free() our process handle it is very
610 * important that we do not touch the process_t after the call to
611 * process_notify_event_exit(). */
615 }
618 }
620 /** Create a new overlapped named pipe. This function creates a new connected,
621 * named, pipe in <b>*read_pipe</b> and <b>*write_pipe</b> if the function is
622 * successful. Returns true on success, false on failure. */
623 STATIC bool
627 process_win32_pipe_type_t pipe_type)
628 {
635 /* Buffer size. */
638 /* Our additional read/write modes that depends on which pipe type we are
639 * creating. */
643 /* Generate the unique pipe name. */
655 /* Only one of our handles can be overlapped. */
664 /* LCOV_EXCL_START */
666 /* LCOV_EXCL_STOP */
667 }
669 /* Setup our read and write handles. */
670 HANDLE read_handle;
671 HANDLE write_handle;
673 /* Create our named pipe. */
678 size,
679 size,
681 attributes);
687 }
689 /* Create our file in the pipe namespace. */
691 GENERIC_WRITE,
693 attributes,
694 OPEN_EXISTING,
696 NULL);
705 }
707 /* Set the inherit flag for our pipe. */
716 /* LCOV_EXCL_START */
718 /* LCOV_EXCL_STOP */
719 }
729 }
731 /* Everything is good. */
736 }
738 /** Cleanup a given <b>handle</b>. */
739 STATIC void
741 {
744 #if 0
745 BOOL ret;
746 DWORD error_code;
748 /* Cancel any pending I/O requests: This means that instead of getting
749 * ERROR_BROKEN_PIPE we get ERROR_OPERATION_ABORTED, but it doesn't seem
750 * like this is needed. */
756 /* There was no pending I/O requests for our handle. */
760 }
761 }
764 /* Close our handle. */
769 }
770 }
772 /** This function is called when ReadFileEx() completes its background read
773 * from the child process's standard output. We notify the Process subsystem if
774 * there is data available for it to read from us. */
775 STATIC VOID WINAPI
777 DWORD byte_count,
778 LPOVERLAPPED overlapped)
779 {
783 /* Extract our process_t from the hEvent member of OVERLAPPED. */
788 error_code,
789 byte_count)) {
790 /* Schedule our next read. */
792 }
793 }
795 /** This function is called when ReadFileEx() completes its background read
796 * from the child process's standard error. We notify the Process subsystem if
797 * there is data available for it to read from us. */
798 STATIC VOID WINAPI
800 DWORD byte_count,
801 LPOVERLAPPED overlapped)
802 {
806 /* Extract our process_t from the hEvent member of OVERLAPPED. */
811 error_code,
812 byte_count)) {
813 /* Schedule our next read. */
815 }
816 }
818 /** This function is called when WriteFileEx() completes its background write
819 * to the child process's standard input. We notify the Process subsystem that
820 * it can write data to us again. */
821 STATIC VOID WINAPI
823 DWORD byte_count,
824 LPOVERLAPPED overlapped)
825 {
834 /* Mark our handle as not having any outstanding I/O requests. */
837 /* Check if we have been asked to write to the handle that have been marked
838 * as having reached EOF. */
843 /** Our data have been successfully written. Clear our state and schedule
844 * the next write. */
849 /* Schedule the next write. */
853 /* Our WriteFileEx() call was successful, but we reached the end of our
854 * file. We mark our handle as having reached EOF and returns. */
859 /* An error happened: We warn the user and mark our handle as having
860 * reached EOF */
865 }
866 }
868 /** This function reads data from the given <b>handle</b>'s internal buffer and
869 * moves it into the given <b>buffer</b>. Additionally, we start the next
870 * ReadFileEx() background operation with the given <b>callback</b> as
871 * completion callback. Returns the number of bytes written to the buffer. */
872 STATIC int
875 LPOVERLAPPED_COMPLETION_ROUTINE callback)
876 {
885 /* We already have a request to read data that isn't complete yet. */
889 /* Check if we have been asked to read from a handle that have already told
890 * us that we have reached the end of the file. */
894 /* This cast should be safe since our buffer can be at maximum up to
895 * BUFFER_SIZE in size. */
899 /* Read data from our intermediate buffer into the process_t buffer. */
902 /* Reset our read state. */
905 }
907 /* Because of the slightly weird API for ReadFileEx() we must set this to 0
908 * before we call ReadFileEx() because ReadFileEx() does not reset the last
909 * error itself when it's successful. See comment below after the call to
910 * GetLastError(). */
913 /* Ask the Windows kernel to read data from our pipe into our buffer and call
914 * the callback function when it is done. */
919 callback);
924 /* No need to log at warning level for these two. */
931 }
935 }
937 /* Here be dragons: According to MSDN's documentation for ReadFileEx() we
938 * should check GetLastError() after a call to ReadFileEx() even though the
939 * `ret` return value was successful. If everything is good, GetLastError()
940 * returns `ERROR_SUCCESS` and nothing happens.
941 *
942 * XXX(ahf): I have not managed to trigger this code while stress-testing
943 * this code. */
947 /* LCOV_EXCL_START */
952 /* LCOV_EXCL_STOP */
953 }
955 /* We mark our handle as having a pending I/O request. */
959 }
961 /** This function checks the callback values from ReadFileEx() in
962 * <b>error_code</b> and <b>byte_count</b> if we have read data. Returns true
963 * iff our caller should request more data from ReadFileEx(). */
964 STATIC bool
966 DWORD error_code,
967 DWORD byte_count)
968 {
971 /* Mark our handle as not having any outstanding I/O requests. */
975 /* Our ReadFileEx() call was successful and there is data for us. */
977 /* This cast should be safe since byte_count should never be larger than
978 * BUFFER_SIZE. */
982 /* Tell our caller to schedule the next read. */
986 /* Our ReadFileEx() finished, but we reached the end of our file. We mark
987 * our handle as having reached EOF and returns. */
992 /* An error happened: We warn the user and mark our handle as having
993 * reached EOF */
999 }
1001 /* Our caller should NOT schedule the next read. */
1003 }
1005 /** Format a single argument for being put on a Windows command line.
1006 * Returns a newly allocated string */
1009 {
1015 /* Backslash we can point to when one is inserted into the string */
1018 /* Smartlist of *char */
1022 /* Quote string if it contains whitespace or is empty */
1025 /* Build up smartlist of *chars */
1028 /* Double up backslashes preceding a quote */
1032 /* Escape the quote */
1036 /* Count backslashes until we know whether to double up */
1037 bs_counter++;
1039 /* Don't double up slashes preceding a non-quote */
1044 }
1045 }
1046 /* Don't double up trailing backslashes */
1050 /* Allocate space for argument, quotes (if needed), and terminator */
1055 /* Add leading quote */
1060 /* Add characters */
1062 {
1064 });
1066 /* Add trailing quote */
1073 }
1075 /** Format a command line for use on Windows, which takes the command as a
1076 * string rather than string array. Follows the rules from "Parsing C++
1077 * Command-Line Arguments" in MSDN. Algorithm based on list2cmdline in the
1078 * Python subprocess module. Returns a newly allocated string */
1081 {
1086 /* Format each argument and put the result in a smartlist */
1090 }
1092 /* Join the arguments with whitespace */
1095 /* Free the newly allocated arguments, and the smartlist */
1097 {
1099 });
1103 }