Removing WinXP and Vista specific code from Chromoting.

Since we no longer support WinXP/WS2K3 and Vista/WS2K8, we can clean up our
code a bit by removing logic and conditions which only apply to those versions.

BUG=607676

Review-Url: https://codereview.chromium.org/2037163002
Cr-Commit-Position: refs/heads/master@{#398169}

remoting/host/clipboard_win.cc

@@ -15,7 +15,6 @@
 #include "base/threading/platform_thread.h"
 #include "base/win/message_window.h"
 #include "base/win/scoped_hglobal.h"
-#include "base/win/windows_version.h"
 #include "remoting/base/constants.h"
 #include "remoting/base/util.h"
 #include "remoting/proto/event.pb.h"

remoting/host/curtain_mode_win.cc

@@ -8,7 +8,6 @@
 #include "base/macros.h"
 #include "base/memory/ptr_util.h"
 #include "base/single_thread_task_runner.h"
-#include "base/win/windows_version.h"
 #include "remoting/host/client_session_control.h"
 
 namespace remoting {
@@ -28,11 +27,6 @@ CurtainModeWin::CurtainModeWin() {
 }
 
 bool CurtainModeWin::Activate() {
-  if (base::win::GetVersion() < base::win::VERSION_VISTA) {
-    LOG(ERROR) << "Curtain mode is not supported on Windows XP/2003";
-    return false;
-  }
-
   DWORD session_id;
   if (!ProcessIdToSessionId(GetCurrentProcessId(), &session_id)) {
     PLOG(ERROR) << "Failed to map the current PID to session ID";

remoting/host/setup/daemon_controller_delegate_win.cc

@@ -16,7 +16,6 @@
 #include "base/threading/thread_task_runner_handle.h"
 #include "base/values.h"
 #include "base/win/scoped_bstr.h"
-#include "base/win/windows_version.h"
 #include "remoting/base/scoped_sc_handle_win.h"
 #include "remoting/host/branding.h"
 #include "remoting/host/host_config.h"

remoting/host/setup/me2me_native_messaging_host_main.cc

@@ -34,7 +34,6 @@
 
 #if defined(OS_WIN)
 #include "base/win/registry.h"
-#include "base/win/windows_version.h"
 #include "remoting/host/pairing_registry_delegate_win.h"
 #include "remoting/host/win/elevation_helpers.h"
 #endif  // defined(OS_WIN)

remoting/host/win/chromoting_module.cc

@@ -10,7 +10,6 @@
 #include "base/run_loop.h"
 #include "base/strings/utf_string_conversions.h"
 #include "base/win/scoped_handle.h"
-#include "base/win/windows_version.h"
 #include "remoting/base/auto_thread_task_runner.h"
 #include "remoting/base/typed_buffer.h"
 #include "remoting/host/host_exit_codes.h"
@@ -184,9 +183,8 @@ HRESULT ChromotingModule::RevokeClassObjects() {
 int RdpDesktopSessionMain() {
   // Lower the integrity level to medium, which is the lowest level at which
   // the RDP ActiveX control can run.
-  if (base::win::GetVersion() >= base::win::VERSION_VISTA) {
-    if (!LowerProcessIntegrityLevel(SECURITY_MANDATORY_MEDIUM_RID))
-      return kInitializationFailed;
+  if (!LowerProcessIntegrityLevel(SECURITY_MANDATORY_MEDIUM_RID)) {
+    return kInitializationFailed;
   }
 
   ATL::_ATL_OBJMAP_ENTRY rdp_client_entry[] = {

remoting/host/win/com_security.cc

@@ -8,7 +8,6 @@
 
 #include "base/compiler_specific.h"
 #include "base/logging.h"
-#include "base/win/windows_version.h"
 #include "remoting/host/win/security_descriptor.h"
 
 namespace remoting {
@@ -16,10 +15,7 @@ namespace remoting {
 bool InitializeComSecurity(const std::string& security_descriptor,
                            const std::string& mandatory_label,
                            bool activate_as_activator) {
-  std::string sddl = security_descriptor;
-  if (base::win::GetVersion() >= base::win::VERSION_VISTA) {
-    sddl += mandatory_label;
-  }
+  std::string sddl = security_descriptor + mandatory_label;
 
   // Convert the SDDL description into a security descriptor in absolute format.
   ScopedSd relative_sd = ConvertSddlToSd(sddl);

remoting/host/win/com_security.h

@@ -19,14 +19,11 @@
 namespace remoting {
 
 // Initializes COM security of the process applying the passed security
-// descriptor. The mandatory label is applied if mandatory integrity control is
-// supported by the OS (i.e. on Vista and above). The function configures
-// the following settings:
-//  - the server authenticates that all data received is from the expected
-//    client.
-//  - the server can impersonate clients to check their identity but cannot act
-//    on their behalf.
-//  - the caller's identity is verified on every call (Dynamic cloaking).
+// descriptor.  The function configures the following settings:
+//  - Server authenticates that all data received is from the expected client.
+//  - Server can impersonate clients to check their identity but cannot act on
+//    their behalf.
+//  - Caller's identity is verified on every call (Dynamic cloaking).
 //  - Unless |activate_as_activator| is true, activations where the server would
 //    run under this process's identity are prohibited.
 bool InitializeComSecurity(const std::string& security_descriptor,

remoting/host/win/session_input_injector.cc

@@ -16,7 +16,6 @@
 #include "base/location.h"
 #include "base/macros.h"
 #include "base/single_thread_task_runner.h"
-#include "base/win/windows_version.h"
 #include "remoting/host/sas_injector.h"
 #include "remoting/proto/event.pb.h"
 #include "third_party/webrtc/modules/desktop_capture/win/desktop.h"
@@ -89,7 +88,7 @@ class SessionInputInjectorWin::Core
 
   webrtc::ScopedThreadDesktop desktop_;
 
-  // Used to inject Secure Attention Sequence on Vista+.
+  // Used to inject Secure Attention Sequence.
   base::Closure inject_sas_;
 
   // Used to lock the current session on non-home SKUs of Windows.
@@ -156,15 +155,7 @@ void SessionInputInjectorWin::Core::InjectKeyEvent(const KeyEvent& event) {
       if (dom_code == ui::DomCode::DEL &&
           CheckCtrlAndAltArePressed(pressed_keys_)) {
         VLOG(3) << "Sending Secure Attention Sequence to the session";
-
-        if (base::win::GetVersion() < base::win::VERSION_VISTA) {
-          if (!sas_injector_)
-            sas_injector_ = SasInjector::Create();
-          if (!sas_injector_->InjectSas())
-            LOG(ERROR) << "Failed to inject Secure Attention Sequence.";
-        } else {
-          execute_action_task_runner_->PostTask(FROM_HERE, inject_sas_);
-        }
+        execute_action_task_runner_->PostTask(FROM_HERE, inject_sas_);
       } else if (dom_code == ui::DomCode::US_L &&
                  IsWinKeyPressed(pressed_keys_)) {
         execute_action_task_runner_->PostTask(FROM_HERE, lock_workstation_);

remoting/host/win/unprivileged_process_delegate.cc

@@ -22,7 +22,6 @@
 #include "base/strings/utf_string_conversions.h"
 #include "base/synchronization/lock.h"
 #include "base/win/scoped_handle.h"
-#include "base/win/windows_version.h"
 #include "ipc/attachment_broker.h"
 #include "ipc/ipc_channel.h"
 #include "ipc/ipc_channel_proxy.h"
@@ -92,34 +91,23 @@ bool CreateRestrictedToken(ScopedHandle* token_out) {
   if (restricted_token.Init(token.Get()) != ERROR_SUCCESS)
     return false;
 
-  if (base::win::GetVersion() >= base::win::VERSION_VISTA) {
-    // "SeChangeNotifyPrivilege" is needed to access the machine certificate
-    // (including its private key) in the "Local Machine" cert store. This is
-    // needed for HTTPS client third-party authentication . But the presence of
-    // "SeChangeNotifyPrivilege" also allows it to open and manipulate objects
-    // owned by the same user. This risk is only mitigated by setting the
-    // process integrity level to Low, which is why it is unsafe to enable
-    // "SeChangeNotifyPrivilege" on Windows XP where we don't have process
-    // integrity to protect us.
-    std::vector<base::string16> exceptions;
-    exceptions.push_back(base::string16(L"SeChangeNotifyPrivilege"));
-
-    // Remove privileges in the token.
-    if (restricted_token.DeleteAllPrivileges(&exceptions) != ERROR_SUCCESS)
-      return false;
-
-    // Set low integrity level if supported by the OS.
-    if (restricted_token.SetIntegrityLevel(sandbox::INTEGRITY_LEVEL_LOW)
-        != ERROR_SUCCESS) {
-      return false;
-    }
-  } else {
-    // Remove all privileges in the token.
-    // Since "SeChangeNotifyPrivilege" is among the privileges being removed,
-    // the network process won't be able to acquire certificates from the local
-    // machine store. This means third-party authentication won't work.
-    if (restricted_token.DeleteAllPrivileges(nullptr) != ERROR_SUCCESS)
-      return false;
+  // "SeChangeNotifyPrivilege" is needed to access the machine certificate
+  // (including its private key) in the "Local Machine" cert store. This is
+  // needed for HTTPS client third-party authentication . But the presence of
+  // "SeChangeNotifyPrivilege" also allows it to open and manipulate objects
+  // owned by the same user. This risk is only mitigated by setting the
+  // process integrity level to Low.
+  std::vector<base::string16> exceptions;
+  exceptions.push_back(base::string16(L"SeChangeNotifyPrivilege"));
+
+  // Remove privileges in the token.
+  if (restricted_token.DeleteAllPrivileges(&exceptions) != ERROR_SUCCESS)
+    return false;
+
+  // Set low integrity level.
+  if (restricted_token.SetIntegrityLevel(sandbox::INTEGRITY_LEVEL_LOW) !=
+      ERROR_SUCCESS) {
+    return false;
   }
 
   // Return the resulting token.
@@ -145,17 +133,12 @@ bool CreateWindowStationAndDesktop(ScopedSid logon_sid,
 
   // Format the security descriptors in SDDL form.
   std::string desktop_sddl =
-      base::StringPrintf(kDesktopSdFormat, logon_sid_string.c_str());
+      base::StringPrintf(kDesktopSdFormat, logon_sid_string.c_str()) +
+      kLowIntegrityMandatoryLabel;
   std::string window_station_sddl =
       base::StringPrintf(kWindowStationSdFormat, logon_sid_string.c_str(),
-                         logon_sid_string.c_str());
-
-  // The worker runs at low integrity level. Make sure it will be able to attach
-  // to the window station and desktop.
-  if (base::win::GetVersion() >= base::win::VERSION_VISTA) {
-    desktop_sddl += kLowIntegrityMandatoryLabel;
-    window_station_sddl += kLowIntegrityMandatoryLabel;
-  }
+                         logon_sid_string.c_str()) +
+      kLowIntegrityMandatoryLabel;
 
   // Create the desktop and window station security descriptors.
   ScopedSd desktop_sd = ConvertSddlToSd(desktop_sddl);
@@ -177,9 +160,7 @@ bool CreateWindowStationAndDesktop(ScopedSid logon_sid,
 
   // Make sure that a new window station will be created instead of opening
   // an existing one.
-  DWORD window_station_flags = 0;
-  if (base::win::GetVersion() >= base::win::VERSION_VISTA)
-    window_station_flags = CWF_CREATE_ONLY;
+  DWORD window_station_flags = CWF_CREATE_ONLY;
 
   // Request full access because this handle will be inherited by the worker
   // process which needs full access in order to attach to the window station.

remoting/host/win/worker_process_launcher.cc

@@ -10,7 +10,6 @@
 #include "base/logging.h"
 #include "base/single_thread_task_runner.h"
 #include "base/time/time.h"
-#include "base/win/windows_version.h"
 #include "ipc/ipc_message.h"
 #include "remoting/host/chromoting_messages.h"
 #include "remoting/host/host_exit_codes.h"

remoting/host/win/wts_session_process_delegate.cc

@@ -19,7 +19,6 @@
 #include "base/strings/utf_string_conversions.h"
 #include "base/threading/thread_task_runner_handle.h"
 #include "base/win/scoped_handle.h"
-#include "base/win/windows_version.h"
 #include "ipc/attachment_broker.h"
 #include "ipc/ipc_channel.h"
 #include "ipc/ipc_channel_proxy.h"
@@ -163,10 +162,6 @@ WtsSessionProcessDelegate::Core::Core(
 bool WtsSessionProcessDelegate::Core::Initialize(uint32_t session_id) {
   DCHECK(caller_task_runner_->BelongsToCurrentThread());
 
-  // Windows XP does not support elevation.
-  if (base::win::GetVersion() < base::win::VERSION_VISTA)
-    launch_elevated_ = false;
-
   if (launch_elevated_) {
     // GetNamedPipeClientProcessId() is available starting from Vista.
     HMODULE kernel32 = ::GetModuleHandle(L"kernel32.dll");