Commit Graph

24 Commits

Author SHA1 Message Date
Konstantin Kostiuk
b629412e9d qga/win32: Use rundll for VSS installation
The custom action uses cmd.exe to run VSS Service installation
and removal which causes an interactive command shell to spawn.
This shell can be used to execute any commands as a SYSTEM user.
Even if call qemu-ga.exe directly the interactive command shell
will be spawned as qemu-ga.exe is a console application and used
by users from the console as well as a service.

As VSS Service runs from DLL which contains the installer and
uninstaller code, it can be run directly by rundll32.exe without
any interactive command shell.

Add specific entry points for rundll which is just a wrapper
for COMRegister/COMUnregister functions with proper arguments.

resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2167423
fixes: CVE-2023-0664 (part 2 of 2)

Signed-off-by: Konstantin Kostiuk <kkostiuk@redhat.com>
Reviewed-by: Yan Vugenfirer <yvugenfi@redhat.com>
Reported-by: Brian Wiltse <brian.wiltse@live.com>
(cherry picked from commit 07ce178a2b)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2023-08-02 16:07:32 +03:00
Konstantin Kostiuk
5bfbcc3faa qga/win32: Remove change action from MSI installer
Remove the 'change' button from "Programs and Features" because it does
not checks if a user is an admin or not. The installer has no components
to choose from and always installs everything. So the 'change' button is
not obviously needed but can create a security issue.

resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2167423
fixes: CVE-2023-0664 (part 1 of 2)

Signed-off-by: Konstantin Kostiuk <kkostiuk@redhat.com>
Reviewed-by: Yan Vugenfirer <yvugenfi@redhat.com>
Reported-by: Brian Wiltse <brian.wiltse@live.com>
(cherry picked from commit 88288c2a51)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2023-03-30 12:19:04 +03:00
Marc-André Lureau
5b9e7d05d6 qga/wixl: replace QEMU_GA_MSI_MINGW_BIN_PATH with glib bindir
Use more conventional variables to set the location of pre-built
DLL/bin.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Konstantin Kostiuk <kkostiuk@redhat.com>
Message-Id: <20220525144140.591926-15-marcandre.lureau@redhat.com>
2022-05-28 11:42:56 +02:00
Marc-André Lureau
0480a1b67b qga/wixl: simplify some pre-processing
Sadly, wixl doesn't have 'elif'.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Konstantin Kostiuk <kkostiuk@redhat.com>
Message-Id: <20220525144140.591926-14-marcandre.lureau@redhat.com>
2022-05-28 11:42:56 +02:00
Marc-André Lureau
be2db8368f qga/wixl: require Mingw_bin
No clear reason to make guesses here.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Konstantin Kostiuk <kkostiuk@redhat.com>
Message-Id: <20220525144140.591926-13-marcandre.lureau@redhat.com>
2022-05-28 11:42:56 +02:00
Marc-André Lureau
4f3c5778a9 qga/wixl: prefer variables over environment
No need to setup an environment or to check if the variable is undefined
manually.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Konstantin Kostiuk <kkostiuk@redhat.com>
Message-Id: <20220525144140.591926-12-marcandre.lureau@redhat.com>
2022-05-28 11:42:56 +02:00
Michael Roth
e300858ed4 qga-win/msi: fix missing libstdc++-6 DLL in MSI installer
libstdc++ is required for the qga-vss.dll that provides fsfreeze
functionality. Currently it is not provided by the MSI installer,
resulting in fsfreeze being disabled in guest environments where it has
not been installed by other means.

In the future this would be better handled via gcc-cpp ComponentGroup
provided by msitools, but that would be better handled with a general
rework of DLL dependency handling in the installer build. Keep it
simple for now to fix this regression.

Tested with Fedora 34 mingw build environment.

Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Kostiantyn Kostiuk <konstantin@daynix.com>
Cc: Marc-André Lureau <marcandre.lureau@redhat.com>
Cc: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Signed-off-by: Michael Roth <michael.roth@amd.com>
2021-08-03 07:01:36 -05:00
Gerd Hoffmann
5f2a8b1fc1 qemu-ga/msi: fix w32 libgcc name
This is what I find on my Fedora 34 mingw install.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Michael Roth <michael.roth@amd.com>
2021-08-02 22:20:01 -05:00
Paolo Bonzini
f15bff25f7 meson: convert qemu-ga
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2020-08-21 06:30:12 -04:00
Basil Salman
bb1ce44b15 qga: Installer: Wait for installation to finish
Installation might fail if we don't wait for the provider
unregisteration process to finish.

Signed-off-by: Sameeh Jubran <sjubran@redhat.com>
Signed-off-by: Basil Salman <basil@daynix.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
2020-03-24 11:32:19 -05:00
Michael Roth
ebc88c0ecf qga-win: install service with --retry-path set by default
It's nicer from a management perspective that the agent can survive
hotplug/unplug of the channel device, or be started prior to the
installation of the channel device's driver without and still be able
to resume normal function afterward. On linux there are alternatives
like systemd to support this, but on w32 --retry-path is the only
option so it makes sense to set it by default when installed as a
w32 service.

Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
2018-10-31 09:04:20 -05:00
Bishara AbuHattoum
a972304d18 qga-win: Fixing msi upgrade disallow in WiX file
Issue: When upgrading qemu-ga using the msi from an old version
       to a newer one, the upgrade is not allowed by the msi
       showing this error message "Another version of this product
       is already installed."

BZ# 1536331: https://bugzilla.redhat.com/show_bug.cgi?id=1536331

Fix: For the upgrade to be allowed by the msi the WiX file must
     provide three things:
      1. Changing product's Id. (assigning it to "*")
      2. Constant product's UpgradeId. (exists)
      3. Changing version. (exists)

Reference: http://wixtoolset.org/documentation/manual/v3/howtos/updates/major_upgrade.html

Signed-off-by: Bishara AbuHattoum <bishara@daynix.com>
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
2018-07-03 15:20:50 -05:00
Thomas Lamprecht
f2dce827f5 qemu-ga: add missing libpcre to MSI build
glib depends on libpcre which was not shipped with the MSI, thus
starting of the qemu-ga.exe failed with the respective error message.

Tell WIXL to ship this library with the MSI to avoid this problem.

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
CC: Stefan Weil <sw@weilnetz.de>
CC: Michael Roth <mdroth@linux.vnet.ibm.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
2017-07-17 18:58:37 -05:00
Yuri Pudgorodskiy
27559c214d qga: Workaround for console redirection from non-interactive qemu-ga service
mingw-glib uses helper process to assist gspawn() api. There are two
versions of helpers, one with main() and another with WinMain() startup
routines.

Whenever gspawn() detects consoleless environment (and qemu-ga is running
in such environment as Win32 service), it chooses helper with main()
instead of WinMain. It is done by name, e.g.
gspawn-win32-helper-console.exe vs gspawn-win32-helper.exe

Running console-aware application like any win32 console apps from main()
crt initalized process results in redirection of stdout to console created
in crt startup instead of parent-provided handle connected to subprocess
pipe. Thus, stdout/stderr redirection do not work correctly.

The patch makes WinMain()'s version of helper be used as the only helper
shipped with qemu-ga package. Using only win32 helper ensures console
is created before any redirection and fixes stdout/stderr redirection
issue.

Signed-off-by: Yuri Pudgorodskiy <yur@virtuozzo.com>
Signed-off-by: Denis V. Lunev <den@openvz.org>
CC: Michael Roth <mdroth@linux.vnet.ibm.com>
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
2016-04-07 11:43:54 -05:00
Leonid Bloch
01fdadde80 qemu-ga: Fixed minor version switch issue
With automatically generated GUID, on minor version changes, an error
occurred, stating that there is a problem with the installer.
Now, a notification is shown, warning the user that another version of
this product is already installed, and that configuration or removal of
the existing version is possible through Add/Remove Programs on the
Control Panel (expected behavior).

Signed-off-by: Leonid Bloch <leonid@daynix.com>
Reviewed-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
2016-02-25 09:48:51 -06:00
Yuri Pudgorodskiy
44c6e00c3f qga: added another non-interactive gspawn() helper file.
With previous commit we added gspawn-win64-helper-console.exe,
required for gspawn() mingw implementation.
Unfortunatly when running as a service without interactive
desktop, gspawn() also requires another helper app.

Added gspawn-win64-helper.exe and gspawn-win32-helper.exe
for corresponding architectures.

Signed-off-by: Yuri Pudgorodskiy <yur@virtuozzo.com>
Signed-off-by: Denis V. Lunev <den@openvz.org>
CC: Michael Roth <mdroth@linux.vnet.ibm.com>
* remove trailing whitespace
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
2015-11-25 17:56:45 -06:00
Yuri Pudgorodskiy
f2b608ab80 qga: gspawn() console helper to Windows guest agent msi build
This helper, gspawn-win64-helper-console.exe for 64-bit and
gspawn-win32-helper-console.exe for 32-bit environment,
is needed for gspawn() mingw implementation, used by guest-exec command.

Without these files guest-exec command on Windows will not
work with "file not found" diagnostic message.

Signed-off-by: Yuri Pudgorodskiy <yur@virtuozzo.com>
Signed-off-by: Denis V. Lunev <den@openvz.org>
CC: Michael Roth <mdroth@linux.vnet.ibm.com>
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
2015-11-25 10:21:55 -06:00
Leonid Bloch
decdfbd28d qemu-ga: Fixed paths issue with MSI build
Previously, if building out-of-tree, the MSI build would fail since
it wasn't able to find the needed files.

Signed-off-by: Leonid Bloch <leonid@daynix.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
* fixed up commit msg formating
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
2015-09-01 11:07:09 -05:00
Leonid Bloch
848849dddf qemu-ga: Prevent QEMU-GA VSS provider from being unregistered on MSI reinstall
Previously, running the .msi would unregister the QEMU GA VSS service if QEMU GA was already installed on the machine, and then register it only if QEMU GA was NOT previously installed. This behavior caused the service to be registered only after the INITIAL installation, and any subsequent run of the .msi (to redo, repair, or upgrade the installation) ended in the service being unregistered.

Now, the VSS service is still unregistered if QEMU GA is already installed (so that a fix or an update could be performed) but then it is registered again (if the GA is not being uninstalled) thus finishing the repair/upgrade correctly. Additionally, downgrading is now prevented. If a user would like to downgrade a version, he/she must uninstall the newer version first.

Signed-off-by: Leonid Bloch <leonid@daynix.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
2015-09-01 11:07:09 -05:00
Leonid Bloch
5e994f9412 qemu-ga: Created a separate component for each installed file in the MSI
This is done to follow the recommendations given here: https://msdn.microsoft.com/en-us/library/aa368269%28VS.85%29.aspx

Signed-off-by: Leonid Bloch <leonid@daynix.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
2015-09-01 11:07:09 -05:00
Leonid Bloch
8b17ccccb2 qemu-ga: Minor cosmetic changes to the WXS file
Signed-off-by: Leonid Bloch <leonid@daynix.com>
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
2015-09-01 11:07:08 -05:00
Leonid Bloch
1d394fb787 qemu-ga: Fixed GUID capitalization
For compatibility, all the letters in GUID should be capital.

Signed-off-by: Leonid Bloch <leonid@daynix.com>
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
2015-09-01 11:07:08 -05:00
Leonid Bloch
0a18750f29 qemu-ga: Two MSI related cosmetic changes
Signed-off-by: Leonid Bloch <leonid@daynix.com>
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
2015-09-01 11:07:08 -05:00
Yossi Hindin
66ae13bb9e qemu-ga: Introduce Windows MSI script
The script enables building Windows MSI installation package on Linux with wixl tool.

Signed-off-by: Yossi Hindin <yhindin@redhat.com>
Message-Id: <1430913460-13174-4-git-send-email-yhindin@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-06-17 16:03:47 +02:00