[Chromoting] Move CreateSessionToken() next to launch process utilities.

remoting/host/win/launch_process_with_token.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "remoting/host/win/launch_process_with_token.h"
 
 #include <windows.h>
 #include <winternl.h>
 
 #include "base/logging.h"
@@ skipping 22 matching lines @@
 const int kPipeConnectMaxAttempts = 3;
 
 // The minimum and maximum delays between attempts to inject host process into
 // a session.
 const int kMaxLaunchDelaySeconds = 60;
 const int kMinLaunchDelaySeconds = 1;
 
 // Name of the default session desktop.
 wchar_t kDefaultDesktopName[] = L"winsta0\\default";
 
+// Copies the process token making it a primary impersonation token.
+// The returned handle will have |desired_access| rights.
+bool CopyProcessToken(DWORD desired_access, HANDLE* token_out) {

[Wez, 2012/08/06 17:41:04]

Why has this become HANDLE, rather than staying ScopedHandle and using
Set(Take()) below?

[alexeypa (please no reviews), 2012/08/06 17:48:36]

See my previous comment. I believe it looks cleaner this way.

+  ScopedHandle process_token;
+  if (!OpenProcessToken(GetCurrentProcess(),
+                        TOKEN_DUPLICATE | desired_access,
+                        process_token.Receive())) {
+    LOG_GETLASTERROR(ERROR) << "Failed to open process token";
+    return false;
+  }
+
+  ScopedHandle copied_token;
+  if (!DuplicateTokenEx(process_token,
+                        desired_access,
+                        NULL,
+                        SecurityImpersonation,
+                        TokenPrimary,
+                        copied_token.Receive())) {
+    LOG_GETLASTERROR(ERROR) << "Failed to duplicate the process token";
+    return false;
+  }
+
+  *token_out = copied_token.Take();
+  return true;
+}
+
+// Creates a copy of the current process with SE_TCB_NAME privilege enabled.
+bool CreatePrivilegedToken(HANDLE* token_out) {

[Wez, 2012/08/06 17:41:04]

Why not ScopedHandle* here any more?

[alexeypa (please no reviews), 2012/08/06 17:48:36]

See my previous comment. I believe it looks cleaner this way.

+  ScopedHandle privileged_token;
+  DWORD desired_access = TOKEN_ADJUST_PRIVILEGES | TOKEN_IMPERSONATE |
+                         TOKEN_DUPLICATE | TOKEN_QUERY;
+  if (!CopyProcessToken(desired_access, privileged_token.Receive())) {
+    return false;
+  }
+
+  // Get the LUID for the SE_TCB_NAME privilege.
+  TOKEN_PRIVILEGES state;
+  state.PrivilegeCount = 1;
+  state.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
+  if (!LookupPrivilegeValue(NULL, SE_TCB_NAME, &state.Privileges[0].Luid)) {
+    LOG_GETLASTERROR(ERROR) <<
+        "Failed to lookup the LUID for the SE_TCB_NAME privilege";
+    return false;
+  }
+
+  // Enable the SE_TCB_NAME privilege.
+  if (!AdjustTokenPrivileges(privileged_token, FALSE, &state, 0, NULL, 0)) {
+    LOG_GETLASTERROR(ERROR) <<
+        "Failed to enable SE_TCB_NAME privilege in a token";
+    return false;
+  }
+
+  *token_out = privileged_token.Take();
+  return true;
+}
+
 // Requests the execution server to create a process in the specified session
 // using the default (i.e. Winlogon) token. This routine relies on undocumented
 // OS functionality and will likely not work on anything but XP or W2K3.
 bool CreateRemoteSessionProcess(
     uint32 session_id,
     const std::wstring& application_name,
     const std::wstring& command_line,
     PROCESS_INFORMATION* process_information_out)
 {
   DCHECK(base::win::GetVersion() == base::win::VERSION_XP);
@@ skipping 112 matching lines @@
   buffer_offset += (command_line.size() + 1) * sizeof(wchar_t);
 
   request->startup_info.lpDesktop =
       reinterpret_cast<LPWSTR>(buffer_offset);
   std::copy(desktop_name.begin(),
             desktop_name.end(),
             reinterpret_cast<wchar_t*>(buffer.get() + buffer_offset));
 
   // Pass the request to create a process in the target session.
   DWORD bytes;
-  if (!WriteFile(pipe.Get(), buffer.get(), size, &bytes, NULL)) {
+  if (!WriteFile(pipe, buffer.get(), size, &bytes, NULL)) {
     LOG_GETLASTERROR(ERROR) << "Failed to send CreateProcessAsUser request";
     return false;
   }
 
   // Receive the response.
   struct CreateProcessResponse {
     DWORD size;
     BOOL success;
     DWORD last_error;
     PROCESS_INFORMATION process_information;
   };
 
   CreateProcessResponse response;
-  if (!ReadFile(pipe.Get(), &response, sizeof(response), &bytes, NULL)) {
+  if (!ReadFile(pipe, &response, sizeof(response), &bytes, NULL)) {
     LOG_GETLASTERROR(ERROR) << "Failed to receive CreateProcessAsUser response";
     return false;
   }
 
   // The server sends the data in one chunk so if we didn't received a complete
   // answer something bad happend and there is no point in retrying.
   if (bytes != sizeof(response)) {
     SetLastError(ERROR_RECEIVE_PARTIAL);
     return false;
   }
@@ skipping 36 matching lines @@
   }
 
   *process_information_out = response.process_information;
   return true;
 }
 
 } // namespace
 
 namespace remoting {
 
+// Creates a copy of the current process token for the given |session_id| so
+// it can be used to launch a process in that session.
+bool CreateSessionToken(uint32 session_id, HANDLE* token_out) {
+  ScopedHandle session_token;
+  DWORD desired_access = TOKEN_ADJUST_DEFAULT | TOKEN_ADJUST_SESSIONID |
+                         TOKEN_ASSIGN_PRIMARY | TOKEN_DUPLICATE | TOKEN_QUERY;
+  if (!CopyProcessToken(desired_access, session_token.Receive())) {
+    return false;
+  }
+
+  // Temporarily enable the SE_TCB_NAME privilege as it is required by
+  // SetTokenInformation(TokenSessionId).
+  ScopedHandle privileged_token;
+  if (!CreatePrivilegedToken(privileged_token.Receive())) {
+    return false;
+  }
+  if (!ImpersonateLoggedOnUser(privileged_token)) {
+    LOG_GETLASTERROR(ERROR) <<
+        "Failed to impersonate the privileged token";
+    return false;
+  }
+
+  // Change the session ID of the token.
+  DWORD new_session_id = session_id;
+  if (!SetTokenInformation(session_token,
+                           TokenSessionId,
+                           &new_session_id,
+                           sizeof(new_session_id))) {
+    LOG_GETLASTERROR(ERROR) << "Failed to change session ID of a token";
+
+    // Revert to the default token.
+    CHECK(RevertToSelf());
+    return false;
+  }
+
+  // Revert to the default token.
+  CHECK(RevertToSelf());
+
+  *token_out = session_token.Take();
+  return true;
+}
+
 bool LaunchProcessWithToken(const FilePath& binary,
                             const std::wstring& command_line,
                             HANDLE user_token,
                             base::Process* process_out) {
   std::wstring application_name = binary.value();
 
   base::win::ScopedProcessInformation process_info;
   STARTUPINFOW startup_info;
 
   memset(&startup_info, 0, sizeof(startup_info));
@@ skipping 45 matching lines @@
         "Failed to launch a process with a user token";
     return false;
   }
 
   CHECK(process_info.IsValid());
   process_out->set_handle(process_info.TakeProcessHandle());
   return true;
 }
 
 } // namespace remoting