OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "remoting/host/win/launch_process_with_token.h" | 5 #include "remoting/host/win/launch_process_with_token.h" |
6 | 6 |
7 #include <windows.h> | 7 #include <windows.h> |
8 #include <stddef.h> | 8 #include <stddef.h> |
9 #include <winternl.h> | 9 #include <winternl.h> |
10 | 10 |
11 #include <limits> | 11 #include <limits> |
| 12 #include <utility> |
12 | 13 |
13 #include "base/logging.h" | 14 #include "base/logging.h" |
14 #include "base/memory/scoped_ptr.h" | 15 #include "base/memory/scoped_ptr.h" |
15 #include "base/rand_util.h" | 16 #include "base/rand_util.h" |
16 #include "base/scoped_native_library.h" | 17 #include "base/scoped_native_library.h" |
17 #include "base/strings/string16.h" | 18 #include "base/strings/string16.h" |
18 #include "base/strings/stringprintf.h" | 19 #include "base/strings/stringprintf.h" |
19 #include "base/strings/utf_string_conversions.h" | 20 #include "base/strings/utf_string_conversions.h" |
20 #include "base/win/scoped_handle.h" | 21 #include "base/win/scoped_handle.h" |
21 #include "base/win/scoped_process_information.h" | 22 #include "base/win/scoped_process_information.h" |
(...skipping 88 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
110 if (!WaitNamedPipe(pipe_name.c_str(), kPipeBusyWaitTimeoutMs)) { | 111 if (!WaitNamedPipe(pipe_name.c_str(), kPipeBusyWaitTimeoutMs)) { |
111 break; | 112 break; |
112 } | 113 } |
113 } | 114 } |
114 | 115 |
115 if (!pipe.IsValid()) { | 116 if (!pipe.IsValid()) { |
116 PLOG(ERROR) << "Failed to connect to '" << pipe_name << "'"; | 117 PLOG(ERROR) << "Failed to connect to '" << pipe_name << "'"; |
117 return false; | 118 return false; |
118 } | 119 } |
119 | 120 |
120 *pipe_out = pipe.Pass(); | 121 *pipe_out = std::move(pipe); |
121 return true; | 122 return true; |
122 } | 123 } |
123 | 124 |
124 // Copies the process token making it a primary impersonation token. | 125 // Copies the process token making it a primary impersonation token. |
125 // The returned handle will have |desired_access| rights. | 126 // The returned handle will have |desired_access| rights. |
126 bool CopyProcessToken(DWORD desired_access, ScopedHandle* token_out) { | 127 bool CopyProcessToken(DWORD desired_access, ScopedHandle* token_out) { |
127 HANDLE temp_handle; | 128 HANDLE temp_handle; |
128 if (!OpenProcessToken(GetCurrentProcess(), | 129 if (!OpenProcessToken(GetCurrentProcess(), |
129 TOKEN_DUPLICATE | desired_access, | 130 TOKEN_DUPLICATE | desired_access, |
130 &temp_handle)) { | 131 &temp_handle)) { |
(...skipping 34 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
165 return false; | 166 return false; |
166 } | 167 } |
167 | 168 |
168 // Enable the SE_TCB_NAME privilege. | 169 // Enable the SE_TCB_NAME privilege. |
169 if (!AdjustTokenPrivileges(privileged_token.Get(), FALSE, &state, 0, nullptr, | 170 if (!AdjustTokenPrivileges(privileged_token.Get(), FALSE, &state, 0, nullptr, |
170 0)) { | 171 0)) { |
171 PLOG(ERROR) << "Failed to enable SE_TCB_NAME privilege in a token"; | 172 PLOG(ERROR) << "Failed to enable SE_TCB_NAME privilege in a token"; |
172 return false; | 173 return false; |
173 } | 174 } |
174 | 175 |
175 *token_out = privileged_token.Pass(); | 176 *token_out = std::move(privileged_token); |
176 return true; | 177 return true; |
177 } | 178 } |
178 | 179 |
179 // Fills the process and thread handles in the passed |process_information| | 180 // Fills the process and thread handles in the passed |process_information| |
180 // structure and resume the process if the caller didn't want to suspend it. | 181 // structure and resume the process if the caller didn't want to suspend it. |
181 bool ProcessCreateProcessResponse(DWORD creation_flags, | 182 bool ProcessCreateProcessResponse(DWORD creation_flags, |
182 PROCESS_INFORMATION* process_information) { | 183 PROCESS_INFORMATION* process_information) { |
183 // The execution server does not return handles to the created process and | 184 // The execution server does not return handles to the created process and |
184 // thread. | 185 // thread. |
185 if (!process_information->hProcess) { | 186 if (!process_information->hProcess) { |
(...skipping 251 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
437 PLOG(ERROR) << "Failed to change session ID of a token"; | 438 PLOG(ERROR) << "Failed to change session ID of a token"; |
438 | 439 |
439 // Revert to the default token. | 440 // Revert to the default token. |
440 CHECK(RevertToSelf()); | 441 CHECK(RevertToSelf()); |
441 return false; | 442 return false; |
442 } | 443 } |
443 | 444 |
444 // Revert to the default token. | 445 // Revert to the default token. |
445 CHECK(RevertToSelf()); | 446 CHECK(RevertToSelf()); |
446 | 447 |
447 *token_out = session_token.Pass(); | 448 *token_out = std::move(session_token); |
448 return true; | 449 return true; |
449 } | 450 } |
450 | 451 |
451 bool LaunchProcessWithToken(const base::FilePath& binary, | 452 bool LaunchProcessWithToken(const base::FilePath& binary, |
452 const base::CommandLine::StringType& command_line, | 453 const base::CommandLine::StringType& command_line, |
453 HANDLE user_token, | 454 HANDLE user_token, |
454 SECURITY_ATTRIBUTES* process_attributes, | 455 SECURITY_ATTRIBUTES* process_attributes, |
455 SECURITY_ATTRIBUTES* thread_attributes, | 456 SECURITY_ATTRIBUTES* thread_attributes, |
456 bool inherit_handles, | 457 bool inherit_handles, |
457 DWORD creation_flags, | 458 DWORD creation_flags, |
(...skipping 58 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
516 | 517 |
517 base::win::ScopedProcessInformation process_info(temp_process_info); | 518 base::win::ScopedProcessInformation process_info(temp_process_info); |
518 | 519 |
519 CHECK(process_info.IsValid()); | 520 CHECK(process_info.IsValid()); |
520 process_out->Set(process_info.TakeProcessHandle()); | 521 process_out->Set(process_info.TakeProcessHandle()); |
521 thread_out->Set(process_info.TakeThreadHandle()); | 522 thread_out->Set(process_info.TakeThreadHandle()); |
522 return true; | 523 return true; |
523 } | 524 } |
524 | 525 |
525 } // namespace remoting | 526 } // namespace remoting |
OLD | NEW |