[Chromoting] Move CreateSessionToken() next to launch process utilities.

remoting/host/win/launch_process_with_token.cc

Index: remoting/host/win/launch_process_with_token.cc
diff --git a/remoting/host/win/launch_process_with_token.cc b/remoting/host/win/launch_process_with_token.cc
index 0dfbb4d2dd63006d9ad1efe9eb7f4f2c17d4dce8..7b9ab2afc1a8f2c70a049a7ca62a419dc8f50b3f 100644
--- a/remoting/host/win/launch_process_with_token.cc
+++ b/remoting/host/win/launch_process_with_token.cc
@@ -12,7 +12,6 @@
 #include "base/scoped_native_library.h"
 #include "base/stringprintf.h"
 #include "base/utf_string_conversions.h"
-#include "base/win/scoped_handle.h"
 #include "base/win/scoped_process_information.h"
 #include "base/win/windows_version.h"
 
@@ -40,6 +39,63 @@ const int kMinLaunchDelaySeconds = 1;
 // Name of the default session desktop.
 wchar_t kDefaultDesktopName[] = L"winsta0\\default";
 
+// Takes the process token and makes a copy of it. The returned handle will have
+// |desired_access| rights.

[Wez, 2012/08/03 20:56:06]

nit: Clarify that we make an impersonation token from it.

[alexeypa (please no reviews), 2012/08/03 21:40:39]

Done.

+bool CopyProcessToken(DWORD desired_access, ScopedHandle* token_out) {
+  HANDLE handle;

[Wez, 2012/08/03 20:56:06]

Why not use ScopedHandle::Receive() to avoid the unmanaged HANDLE?

[alexeypa (please no reviews), 2012/08/03 21:40:39]

Good point. I missed this piece.

+  if (!OpenProcessToken(GetCurrentProcess(),
+                        TOKEN_DUPLICATE | desired_access,
+                        &handle)) {
+    LOG_GETLASTERROR(ERROR) << "Failed to open process token";
+    return false;
+  }
+
+  ScopedHandle process_token(handle);
+
+  if (!DuplicateTokenEx(process_token,
+                        desired_access,
+                        NULL,
+                        SecurityImpersonation,
+                        TokenPrimary,
+                        &handle)) {
+    LOG_GETLASTERROR(ERROR) << "Failed to duplicate the process token";
+    return false;
+  }
+
+  token_out->Set(handle);
+  return true;
+}
+
+// Creates a copy of the current process with SE_TCB_NAME privilege enabled.
+bool CreatePrivilegedToken(ScopedHandle* token_out) {

[Wez, 2012/08/03 20:56:06]

nit: Why not have CreatePrivilegedToken() accept the token to duplicate to be
privileged as a parameter, pass the process token in, and have this method
duplicate it?

[alexeypa (please no reviews), 2012/08/03 21:40:39]

The main reason is that it is not going to be used by the existing code. Should
such need arise it will be easy to make the change.

+  ScopedHandle privileged_token;
+  DWORD desired_access = TOKEN_ADJUST_PRIVILEGES | TOKEN_IMPERSONATE |
+                         TOKEN_DUPLICATE | TOKEN_QUERY;
+  if (!CopyProcessToken(desired_access, &privileged_token)) {
+    return false;
+  }
+
+  // Get the LUID for the SE_TCB_NAME privilege.
+  TOKEN_PRIVILEGES state;
+  state.PrivilegeCount = 1;
+  state.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
+  if (!LookupPrivilegeValue(NULL, SE_TCB_NAME, &state.Privileges[0].Luid)) {
+    LOG_GETLASTERROR(ERROR) <<
+        "Failed to lookup the LUID for the SE_TCB_NAME privilege";
+    return false;
+  }
+
+  // Enable the SE_TCB_NAME privilege.
+  if (!AdjustTokenPrivileges(privileged_token, FALSE, &state, 0, NULL, 0)) {
+    LOG_GETLASTERROR(ERROR) <<
+        "Failed to enable SE_TCB_NAME privilege in a token";
+    return false;
+  }
+
+  token_out->Set(privileged_token.Take());
+  return true;
+}
+
 // Requests the execution server to create a process in the specified session
 // using the default (i.e. Winlogon) token. This routine relies on undocumented
 // OS functionality and will likely not work on anything but XP or W2K3.
@@ -243,6 +299,48 @@ bool CreateRemoteSessionProcess(
 
 namespace remoting {
 
+// Creates a copy of the current process token for the given |session_id| so
+// it can be used to launch a process in that session.
+bool CreateSessionToken(uint32 session_id, ScopedHandle* token_out) {
+  ScopedHandle session_token;
+  DWORD desired_access = TOKEN_ADJUST_DEFAULT | TOKEN_ADJUST_SESSIONID |
+                         TOKEN_ASSIGN_PRIMARY | TOKEN_DUPLICATE | TOKEN_QUERY;
+  if (!CopyProcessToken(desired_access, &session_token)) {
+    return false;
+  }
+
+  // Temporarily enable the SE_TCB_NAME privilege.

[Wez, 2012/08/03 20:56:06]

nit: Update comment to indicate _why_ we're doing this.

[alexeypa (please no reviews), 2012/08/03 21:40:39]

Done.

+  ScopedHandle privileged_token;
+  if (!CreatePrivilegedToken(&privileged_token)) {
+    return false;
+  }
+

[Wez, 2012/08/03 20:56:06]

nit: Lose the blank line; it implies that the impersonation isn't related to the
SE_TCB_NAME comment.

[alexeypa (please no reviews), 2012/08/03 21:40:39]

Done.

+  if (!ImpersonateLoggedOnUser(privileged_token)) {
+    LOG_GETLASTERROR(ERROR) <<
+        "Failed to impersonate the privileged token";
+    return false;
+  }
+
+  // Change the session ID of the token.
+  DWORD new_session_id = session_id;
+  if (!SetTokenInformation(session_token,
+                           TokenSessionId,
+                           &new_session_id,
+                           sizeof(new_session_id))) {
+    LOG_GETLASTERROR(ERROR) << "Failed to change session ID of a token";
+
+    // Revert to the default token.
+    CHECK(RevertToSelf());
+    return false;
+  }
+
+  // Revert to the default token.
+  CHECK(RevertToSelf());
+
+  token_out->Set(session_token.Take());
+  return true;
+}
+
 bool LaunchProcessWithToken(const FilePath& binary,
                             const std::wstring& command_line,
                             HANDLE user_token,