Merge pull request #1942 from mxmauro/win_fixes

This PR aims to fix different Windows issues that appeared while attempted to use wallets.

1. Windows uses a totally different security model for directories than *nix like OSes.
On this release, the check will be bypassed but the installer will be changed to add the proper access control list.

2. Windows 10 build 16257 added the ANSI compatible terminal which is not enabled by default. Sending escape codes will simply add garbage to the output.
This behavior was only seen when an account is created and the mnemonic displayed. The colorization was removed in Windows builds.

3. `Signal(0)` handling. *nix OSes can use signal(0) to check if a process is valid and if the caller can send signals to it.
Code was modified to enforce a similar behavior on Windows.

Author: tsachiherman

cmd/goal/messages.go

@@ -164,7 +164,6 @@ const (
 	infoCreatedWallet            = "Created wallet '%s'"
 	infoBackupExplanation        = "Your new wallet has a backup phrase that can be used for recovery.\nKeeping this backup phrase safe is extremely important.\nWould you like to see it now? (Y/n): "
 	infoPrintedBackupPhrase      = "Your backup phrase is printed below.\nKeep this information safe -- never share it with anyone!"
-	infoBackupPhrase             = "\n\x1B[32m%s\033[0m"
 	infoNoWallets                = "No wallets found. You can create a wallet with `goal wallet new`"
 	errorCouldntCreateWallet     = "Couldn't create wallet: %s"
 	errorCouldntInitializeWallet = "Couldn't initialize wallet: %s"

cmd/goal/messages_common.go

@@ -0,0 +1,24 @@
+// Copyright (C) 2019-2021 Algorand, Inc.
+// This file is part of go-algorand
+//
+// go-algorand is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as
+// published by the Free Software Foundation, either version 3 of the
+// License, or (at your option) any later version.
+//
+// go-algorand is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with go-algorand.  If not, see <https://www.gnu.org/licenses/>.
+
+// +build !windows
+
+package main
+
+const (
+	// Wallet
+	infoBackupPhrase = "\n\x1B[32m%s\033[0m"
+)

cmd/goal/messages_windows.go

@@ -0,0 +1,22 @@
+// Copyright (C) 2019-2021 Algorand, Inc.
+// This file is part of go-algorand
+//
+// go-algorand is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as
+// published by the Free Software Foundation, either version 3 of the
+// License, or (at your option) any later version.
+//
+// go-algorand is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with go-algorand.  If not, see <https://www.gnu.org/licenses/>.
+
+package main
+
+const (
+	// Wallet
+	infoBackupPhrase = "\n%s"
+)

nodecontrol/NodeController.go

@@ -17,7 +17,6 @@
 package nodecontrol
 
 import (
-	"os"
 	"path/filepath"
 	"syscall"
 	"time"
@@ -113,7 +112,7 @@ func (nc NodeController) stopProcesses() (kmdAlreadyStopped bool, err error) {
 }
 
 func killPID(pid int) error {
-	process, err := os.FindProcess(pid)
+	process, err := util.FindProcess(pid)
 	if process == nil || err != nil {
 		return err
 	}

nodecontrol/kmdControl.go

@@ -200,8 +200,7 @@ func (kc *KMDController) StartKMD(args KMDStartArgs) (alreadyRunning bool, err e
 			logging.Base().Errorf("%s: kmd data dir exists but is not a directory", kc.kmdDataDir)
 			return false, errors.New("bad kmd data dir")
 		}
-		if (dataDirStat.Mode() & 0077) != 0 {
-			logging.Base().Errorf("%s: kmd data dir exists but is too permissive (%o), change to (%o)", kc.kmdDataDir, dataDirStat.Mode()&0777, DefaultKMDDataDirPerms)
+		if !kc.isDirectorySafe(dataDirStat) {
 			return false, errors.New("kmd data dir not secure")
 		}
 	} else {

nodecontrol/kmdControl_common.go

@@ -0,0 +1,33 @@
+// Copyright (C) 2019-2021 Algorand, Inc.
+// This file is part of go-algorand
+//
+// go-algorand is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as
+// published by the Free Software Foundation, either version 3 of the
+// License, or (at your option) any later version.
+//
+// go-algorand is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with go-algorand.  If not, see <https://www.gnu.org/licenses/>.
+
+// +build !windows
+
+package nodecontrol
+
+import (
+	"os"
+
+	"github.com/algorand/go-algorand/logging"
+)
+
+func (kc *KMDController) isDirectorySafe(dirStats os.FileInfo) bool {
+	if (dirStats.Mode() & 0077) != 0 {
+		logging.Base().Errorf("%s: kmd data dir exists but is too permissive (%o), change to (%o)", kc.kmdDataDir, dirStats.Mode()&0777, DefaultKMDDataDirPerms)
+		return false
+	}
+	return true
+}

nodecontrol/kmdControl_windows.go

@@ -0,0 +1,25 @@
+// Copyright (C) 2019-2021 Algorand, Inc.
+// This file is part of go-algorand
+//
+// go-algorand is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as
+// published by the Free Software Foundation, either version 3 of the
+// License, or (at your option) any later version.
+//
+// go-algorand is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with go-algorand.  If not, see <https://www.gnu.org/licenses/>.
+
+package nodecontrol
+
+import (
+	"os"
+)
+
+func (kc *KMDController) isDirectorySafe(_ os.FileInfo) bool {
+	return true
+}

util/process_common.go

@@ -19,9 +19,15 @@
 package util
 
 import (
+	"os"
 	"syscall"
 )
 
+// FindProcess looks for a running process by its pid
+func FindProcess(pid int) (*os.Process, error) {
+	return os.FindProcess(pid)
+}
+
 // KillProcess kills a running OS process
 func KillProcess(pid int, sig syscall.Signal) error {
 	return syscall.Kill(pid, sig)

util/process_windows.go

@@ -19,49 +19,161 @@
 package util
 
 import (
+	"errors"
 	"os"
+	"syscall"
 	"unsafe"
 
 	"golang.org/x/sys/windows"
 )
 
-// KillProcess kills a running OS process
-func KillProcess(pid int, _ os.Signal) error {
+const (
+	ERROR_INVALID_PARAMETER = syscall.Errno(87)
+
+	STATUS_CANCELLED = uint32(0xC0000120)
+
+	processTerminateWaitInMs = 1000
+
+	killChildsPassCount = 4
+)
+
+var (
+	errFinishedProcess = errors.New("os: process already finished")
+)
 
-	p, err := os.FindProcess(pid)
+// FindProcess looks for a running process by its pid
+func FindProcess(pid int) (*os.Process, error) {
+	var h syscall.Handle
+
+	process, err := os.FindProcess(pid)
+	if err != nil {
+		if isInvalidParameterError(err) { // NOTE: See function definition for details
+			return nil, nil
+		}
+		return nil, err
+	}
+
+	// If we have a process, check if it is terminated
+	h, err = syscall.OpenProcess(syscall.SYNCHRONIZE, false, uint32(pid))
 	if err == nil {
+		defer func() {
+			_ = syscall.CloseHandle(h)
+		}()
 
-		for _, v := range getChildrenProcesses(pid) {
-			_ = v.Kill()
+		ret, e2 := syscall.WaitForSingleObject(h, 0)
+		if e2 == nil && ret == syscall.WAIT_OBJECT_0 {
+			return nil, nil
 		}
+	} else {
+		if isInvalidParameterError(err) { // NOTE: See function definition for details
+			return nil, nil
+		}
+	}
 
-		err = p.Kill()
+	return process, nil
+}
+
+// KillProcess kills a running OS process
+func KillProcess(pid int, signal os.Signal) error {
+	// Signal(0) only checks if we have access to kill a process and if it is really dead
+	if signal == syscall.Signal(0) {
+		return isProcessAlive(pid)
 	}
+
+	return killProcessTree(pid)
+}
+
+func isProcessAlive(pid int) error {
+	var ret uint32
+
+	h, err := syscall.OpenProcess(syscall.SYNCHRONIZE|syscall.PROCESS_TERMINATE, false, uint32(pid))
+	if err != nil {
+		if isInvalidParameterError(err) { // NOTE: See function definition for details
+			return errFinishedProcess
+		}
+		return err
+	}
+	ret, err = syscall.WaitForSingleObject(h, 0)
+	if err == nil && ret == syscall.WAIT_OBJECT_0 {
+		err = errFinishedProcess
+	}
+
+	_ = syscall.CloseHandle(h)
 	return err
 }
 
-func getChildrenProcesses(parentPid int) []*os.Process {
-	out := []*os.Process{}
+func killProcessTree(pid int) error {
+	err := killProcess(pid)
+	if err != nil {
+		return err
+	}
+
+	// We do several passes just in case the process being killed spawns a new one
+	for pass := 1; pass <= killChildsPassCount; pass++ {
+		childProcessList := getChildProcesses(pid)
+		if len(childProcessList) == 0 {
+			break
+		}
+		for _, childPid := range childProcessList {
+			killProcessTree(childPid)
+		}
+	}
+
+	return nil
+}
+
+func getChildProcesses(pid int) []int {
+	var pe32 windows.ProcessEntry32
+
+	out := make([]int, 0)
+
 	snap, err := windows.CreateToolhelp32Snapshot(windows.TH32CS_SNAPPROCESS, uint32(0))
-	if err == nil {
-		var pe32 windows.ProcessEntry32
-
-		defer windows.CloseHandle(snap)
-
-		pe32.Size = uint32(unsafe.Sizeof(pe32))
-		if err := windows.Process32First(snap, &pe32); err == nil {
-			for {
-				if pe32.ParentProcessID == uint32(parentPid) {
-					p, err := os.FindProcess(int(pe32.ProcessID))
-					if err == nil {
-						out = append(out, p)
-					}
-				}
-				if err = windows.Process32Next(snap, &pe32); err != nil {
-					break
-				}
-			}
+	if err != nil {
+		return out
+	}
+
+	defer func() {
+		_ = windows.CloseHandle(snap)
+	}()
+
+	pe32.Size = uint32(unsafe.Sizeof(pe32))
+	err = windows.Process32First(snap, &pe32)
+	for err != nil {
+		if pe32.ParentProcessID == uint32(pid) {
+			// Add to list
+			out = append(out, int(pe32.ProcessID))
 		}
+
+		err = windows.Process32Next(snap, &pe32)
 	}
+
 	return out
 }
+
+func killProcess(pid int) error {
+	h, err := syscall.OpenProcess(syscall.SYNCHRONIZE | syscall.PROCESS_TERMINATE, false, uint32(pid))
+	if err == nil {
+		err = syscall.TerminateProcess(h, STATUS_CANCELLED)
+		if err == nil {
+			_, _ = syscall.WaitForSingleObject(h, processTerminateWaitInMs)
+		}
+
+		_ = syscall.CloseHandle(h)
+	}
+
+	return err
+}
+
+// NOTE: Unlike Unix, Windows tries to open the target process in order to kill it.
+//       ERROR_INVALID_PARAMETER is returned if the process does not exists.
+//       To mimic other OS behavior, if the process does not exist, don't return an error
+func isInvalidParameterError(err error) bool {
+	var syscallError syscall.Errno
+
+	if errors.As(err, &syscallError) {
+		if syscallError == ERROR_INVALID_PARAMETER {
+			return true
+		}
+	}
+	return false
+}