| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "remoting/host/win/launch_process_with_token.h" | 5 #include "remoting/host/win/launch_process_with_token.h" |
| 6 | 6 |
| 7 #include <windows.h> | 7 #include <windows.h> |
| 8 #include <winternl.h> | 8 #include <winternl.h> |
| 9 | 9 |
| 10 #include "base/logging.h" | 10 #include "base/logging.h" |
| (...skipping 22 matching lines...) Expand all Loading... |
| 33 const int kPipeConnectMaxAttempts = 3; | 33 const int kPipeConnectMaxAttempts = 3; |
| 34 | 34 |
| 35 // The minimum and maximum delays between attempts to inject host process into | 35 // The minimum and maximum delays between attempts to inject host process into |
| 36 // a session. | 36 // a session. |
| 37 const int kMaxLaunchDelaySeconds = 60; | 37 const int kMaxLaunchDelaySeconds = 60; |
| 38 const int kMinLaunchDelaySeconds = 1; | 38 const int kMinLaunchDelaySeconds = 1; |
| 39 | 39 |
| 40 // Name of the default session desktop. | 40 // Name of the default session desktop. |
| 41 wchar_t kDefaultDesktopName[] = L"winsta0\\default"; | 41 wchar_t kDefaultDesktopName[] = L"winsta0\\default"; |
| 42 | 42 |
| 43 // Copies the process token making it a primary impersonation token. |
| 44 // The returned handle will have |desired_access| rights. |
| 45 bool CopyProcessToken(DWORD desired_access, ScopedHandle* token_out) { |
| 46 ScopedHandle process_token; |
| 47 if (!OpenProcessToken(GetCurrentProcess(), |
| 48 TOKEN_DUPLICATE | desired_access, |
| 49 process_token.Receive())) { |
| 50 LOG_GETLASTERROR(ERROR) << "Failed to open process token"; |
| 51 return false; |
| 52 } |
| 53 |
| 54 ScopedHandle copied_token; |
| 55 if (!DuplicateTokenEx(process_token, |
| 56 desired_access, |
| 57 NULL, |
| 58 SecurityImpersonation, |
| 59 TokenPrimary, |
| 60 copied_token.Receive())) { |
| 61 LOG_GETLASTERROR(ERROR) << "Failed to duplicate the process token"; |
| 62 return false; |
| 63 } |
| 64 |
| 65 *token_out = copied_token.Pass(); |
| 66 return true; |
| 67 } |
| 68 |
| 69 // Creates a copy of the current process with SE_TCB_NAME privilege enabled. |
| 70 bool CreatePrivilegedToken(ScopedHandle* token_out) { |
| 71 ScopedHandle privileged_token; |
| 72 DWORD desired_access = TOKEN_ADJUST_PRIVILEGES | TOKEN_IMPERSONATE | |
| 73 TOKEN_DUPLICATE | TOKEN_QUERY; |
| 74 if (!CopyProcessToken(desired_access, &privileged_token)) { |
| 75 return false; |
| 76 } |
| 77 |
| 78 // Get the LUID for the SE_TCB_NAME privilege. |
| 79 TOKEN_PRIVILEGES state; |
| 80 state.PrivilegeCount = 1; |
| 81 state.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED; |
| 82 if (!LookupPrivilegeValue(NULL, SE_TCB_NAME, &state.Privileges[0].Luid)) { |
| 83 LOG_GETLASTERROR(ERROR) << |
| 84 "Failed to lookup the LUID for the SE_TCB_NAME privilege"; |
| 85 return false; |
| 86 } |
| 87 |
| 88 // Enable the SE_TCB_NAME privilege. |
| 89 if (!AdjustTokenPrivileges(privileged_token, FALSE, &state, 0, NULL, 0)) { |
| 90 LOG_GETLASTERROR(ERROR) << |
| 91 "Failed to enable SE_TCB_NAME privilege in a token"; |
| 92 return false; |
| 93 } |
| 94 |
| 95 *token_out = privileged_token.Pass(); |
| 96 return true; |
| 97 } |
| 98 |
| 43 // Requests the execution server to create a process in the specified session | 99 // Requests the execution server to create a process in the specified session |
| 44 // using the default (i.e. Winlogon) token. This routine relies on undocumented | 100 // using the default (i.e. Winlogon) token. This routine relies on undocumented |
| 45 // OS functionality and will likely not work on anything but XP or W2K3. | 101 // OS functionality and will likely not work on anything but XP or W2K3. |
| 46 bool CreateRemoteSessionProcess( | 102 bool CreateRemoteSessionProcess( |
| 47 uint32 session_id, | 103 uint32 session_id, |
| 48 const std::wstring& application_name, | 104 const std::wstring& application_name, |
| 49 const std::wstring& command_line, | 105 const std::wstring& command_line, |
| 50 PROCESS_INFORMATION* process_information_out) | 106 PROCESS_INFORMATION* process_information_out) |
| 51 { | 107 { |
| 52 DCHECK(base::win::GetVersion() == base::win::VERSION_XP); | 108 DCHECK(base::win::GetVersion() == base::win::VERSION_XP); |
| (...skipping 112 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 165 buffer_offset += (command_line.size() + 1) * sizeof(wchar_t); | 221 buffer_offset += (command_line.size() + 1) * sizeof(wchar_t); |
| 166 | 222 |
| 167 request->startup_info.lpDesktop = | 223 request->startup_info.lpDesktop = |
| 168 reinterpret_cast<LPWSTR>(buffer_offset); | 224 reinterpret_cast<LPWSTR>(buffer_offset); |
| 169 std::copy(desktop_name.begin(), | 225 std::copy(desktop_name.begin(), |
| 170 desktop_name.end(), | 226 desktop_name.end(), |
| 171 reinterpret_cast<wchar_t*>(buffer.get() + buffer_offset)); | 227 reinterpret_cast<wchar_t*>(buffer.get() + buffer_offset)); |
| 172 | 228 |
| 173 // Pass the request to create a process in the target session. | 229 // Pass the request to create a process in the target session. |
| 174 DWORD bytes; | 230 DWORD bytes; |
| 175 if (!WriteFile(pipe.Get(), buffer.get(), size, &bytes, NULL)) { | 231 if (!WriteFile(pipe, buffer.get(), size, &bytes, NULL)) { |
| 176 LOG_GETLASTERROR(ERROR) << "Failed to send CreateProcessAsUser request"; | 232 LOG_GETLASTERROR(ERROR) << "Failed to send CreateProcessAsUser request"; |
| 177 return false; | 233 return false; |
| 178 } | 234 } |
| 179 | 235 |
| 180 // Receive the response. | 236 // Receive the response. |
| 181 struct CreateProcessResponse { | 237 struct CreateProcessResponse { |
| 182 DWORD size; | 238 DWORD size; |
| 183 BOOL success; | 239 BOOL success; |
| 184 DWORD last_error; | 240 DWORD last_error; |
| 185 PROCESS_INFORMATION process_information; | 241 PROCESS_INFORMATION process_information; |
| 186 }; | 242 }; |
| 187 | 243 |
| 188 CreateProcessResponse response; | 244 CreateProcessResponse response; |
| 189 if (!ReadFile(pipe.Get(), &response, sizeof(response), &bytes, NULL)) { | 245 if (!ReadFile(pipe, &response, sizeof(response), &bytes, NULL)) { |
| 190 LOG_GETLASTERROR(ERROR) << "Failed to receive CreateProcessAsUser response"; | 246 LOG_GETLASTERROR(ERROR) << "Failed to receive CreateProcessAsUser response"; |
| 191 return false; | 247 return false; |
| 192 } | 248 } |
| 193 | 249 |
| 194 // The server sends the data in one chunk so if we didn't received a complete | 250 // The server sends the data in one chunk so if we didn't received a complete |
| 195 // answer something bad happend and there is no point in retrying. | 251 // answer something bad happend and there is no point in retrying. |
| 196 if (bytes != sizeof(response)) { | 252 if (bytes != sizeof(response)) { |
| 197 SetLastError(ERROR_RECEIVE_PARTIAL); | 253 SetLastError(ERROR_RECEIVE_PARTIAL); |
| 198 return false; | 254 return false; |
| 199 } | 255 } |
| (...skipping 36 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 236 } | 292 } |
| 237 | 293 |
| 238 *process_information_out = response.process_information; | 294 *process_information_out = response.process_information; |
| 239 return true; | 295 return true; |
| 240 } | 296 } |
| 241 | 297 |
| 242 } // namespace | 298 } // namespace |
| 243 | 299 |
| 244 namespace remoting { | 300 namespace remoting { |
| 245 | 301 |
| 302 // Creates a copy of the current process token for the given |session_id| so |
| 303 // it can be used to launch a process in that session. |
| 304 bool CreateSessionToken(uint32 session_id, ScopedHandle* token_out) { |
| 305 ScopedHandle session_token; |
| 306 DWORD desired_access = TOKEN_ADJUST_DEFAULT | TOKEN_ADJUST_SESSIONID | |
| 307 TOKEN_ASSIGN_PRIMARY | TOKEN_DUPLICATE | TOKEN_QUERY; |
| 308 if (!CopyProcessToken(desired_access, &session_token)) { |
| 309 return false; |
| 310 } |
| 311 |
| 312 // Temporarily enable the SE_TCB_NAME privilege as it is required by |
| 313 // SetTokenInformation(TokenSessionId). |
| 314 ScopedHandle privileged_token; |
| 315 if (!CreatePrivilegedToken(&privileged_token)) { |
| 316 return false; |
| 317 } |
| 318 if (!ImpersonateLoggedOnUser(privileged_token)) { |
| 319 LOG_GETLASTERROR(ERROR) << |
| 320 "Failed to impersonate the privileged token"; |
| 321 return false; |
| 322 } |
| 323 |
| 324 // Change the session ID of the token. |
| 325 DWORD new_session_id = session_id; |
| 326 if (!SetTokenInformation(session_token, |
| 327 TokenSessionId, |
| 328 &new_session_id, |
| 329 sizeof(new_session_id))) { |
| 330 LOG_GETLASTERROR(ERROR) << "Failed to change session ID of a token"; |
| 331 |
| 332 // Revert to the default token. |
| 333 CHECK(RevertToSelf()); |
| 334 return false; |
| 335 } |
| 336 |
| 337 // Revert to the default token. |
| 338 CHECK(RevertToSelf()); |
| 339 |
| 340 *token_out = session_token.Pass(); |
| 341 return true; |
| 342 } |
| 343 |
| 246 bool LaunchProcessWithToken(const FilePath& binary, | 344 bool LaunchProcessWithToken(const FilePath& binary, |
| 247 const std::wstring& command_line, | 345 const std::wstring& command_line, |
| 248 HANDLE user_token, | 346 HANDLE user_token, |
| 249 base::Process* process_out) { | 347 base::Process* process_out) { |
| 250 std::wstring application_name = binary.value(); | 348 std::wstring application_name = binary.value(); |
| 251 | 349 |
| 252 base::win::ScopedProcessInformation process_info; | 350 base::win::ScopedProcessInformation process_info; |
| 253 STARTUPINFOW startup_info; | 351 STARTUPINFOW startup_info; |
| 254 | 352 |
| 255 memset(&startup_info, 0, sizeof(startup_info)); | 353 memset(&startup_info, 0, sizeof(startup_info)); |
| (...skipping 45 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 301 "Failed to launch a process with a user token"; | 399 "Failed to launch a process with a user token"; |
| 302 return false; | 400 return false; |
| 303 } | 401 } |
| 304 | 402 |
| 305 CHECK(process_info.IsValid()); | 403 CHECK(process_info.IsValid()); |
| 306 process_out->set_handle(process_info.TakeProcessHandle()); | 404 process_out->set_handle(process_info.TakeProcessHandle()); |
| 307 return true; | 405 return true; |
| 308 } | 406 } |
| 309 | 407 |
| 310 } // namespace remoting | 408 } // namespace remoting |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 10828160:
[Chromoting] Move CreateSessionToken() next to launch process utilities. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src