| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "remoting/host/win/launch_process_with_token.h" | 5 #include "remoting/host/win/launch_process_with_token.h" |
| 6 | 6 |
| 7 #include <windows.h> | 7 #include <windows.h> |
| 8 | 8 |
| 9 #include <utility> | 9 #include <utility> |
| 10 | 10 |
| 11 #include "base/logging.h" | 11 #include "base/logging.h" |
| 12 #include "base/win/scoped_handle.h" | 12 #include "base/win/scoped_handle.h" |
| 13 #include "base/win/scoped_process_information.h" | 13 #include "base/win/scoped_process_information.h" |
| 14 #include "base/win/startup_information.h" |
| 14 | 15 |
| 15 using base::win::ScopedHandle; | 16 using base::win::ScopedHandle; |
| 16 | 17 |
| 17 namespace { | 18 namespace { |
| 18 | 19 |
| 19 // Copies the process token making it a primary impersonation token. | 20 // Copies the process token making it a primary impersonation token. |
| 20 // The returned handle will have |desired_access| rights. | 21 // The returned handle will have |desired_access| rights. |
| 21 bool CopyProcessToken(DWORD desired_access, ScopedHandle* token_out) { | 22 bool CopyProcessToken(DWORD desired_access, ScopedHandle* token_out) { |
| 22 HANDLE temp_handle; | 23 HANDLE temp_handle; |
| 23 if (!OpenProcessToken(GetCurrentProcess(), | 24 if (!OpenProcessToken(GetCurrentProcess(), |
| (...skipping 44 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 68 } | 69 } |
| 69 | 70 |
| 70 *token_out = std::move(privileged_token); | 71 *token_out = std::move(privileged_token); |
| 71 return true; | 72 return true; |
| 72 } | 73 } |
| 73 | 74 |
| 74 } // namespace | 75 } // namespace |
| 75 | 76 |
| 76 namespace remoting { | 77 namespace remoting { |
| 77 | 78 |
| 78 base::LazyInstance<base::Lock>::Leaky g_inherit_handles_lock = | |
| 79 LAZY_INSTANCE_INITIALIZER; | |
| 80 | |
| 81 // Creates a copy of the current process token for the given |session_id| so | 79 // Creates a copy of the current process token for the given |session_id| so |
| 82 // it can be used to launch a process in that session. | 80 // it can be used to launch a process in that session. |
| 83 bool CreateSessionToken(uint32_t session_id, ScopedHandle* token_out) { | 81 bool CreateSessionToken(uint32_t session_id, ScopedHandle* token_out) { |
| 84 ScopedHandle session_token; | 82 ScopedHandle session_token; |
| 85 DWORD desired_access = TOKEN_ADJUST_DEFAULT | TOKEN_ADJUST_SESSIONID | | 83 DWORD desired_access = TOKEN_ADJUST_DEFAULT | TOKEN_ADJUST_SESSIONID | |
| 86 TOKEN_ASSIGN_PRIMARY | TOKEN_DUPLICATE | TOKEN_QUERY; | 84 TOKEN_ASSIGN_PRIMARY | TOKEN_DUPLICATE | TOKEN_QUERY; |
| 87 if (!CopyProcessToken(desired_access, &session_token)) { | 85 if (!CopyProcessToken(desired_access, &session_token)) { |
| 88 return false; | 86 return false; |
| 89 } | 87 } |
| 90 | 88 |
| (...skipping 21 matching lines...) Expand all Loading... |
| 112 return false; | 110 return false; |
| 113 } | 111 } |
| 114 | 112 |
| 115 // Revert to the default token. | 113 // Revert to the default token. |
| 116 CHECK(RevertToSelf()); | 114 CHECK(RevertToSelf()); |
| 117 | 115 |
| 118 *token_out = std::move(session_token); | 116 *token_out = std::move(session_token); |
| 119 return true; | 117 return true; |
| 120 } | 118 } |
| 121 | 119 |
| 122 bool LaunchProcessWithToken(const base::FilePath& binary, | 120 bool LaunchProcessWithToken( |
| 123 const base::CommandLine::StringType& command_line, | 121 const base::FilePath& binary, |
| 124 HANDLE user_token, | 122 const base::CommandLine::StringType& command_line, |
| 125 SECURITY_ATTRIBUTES* process_attributes, | 123 HANDLE user_token, |
| 126 SECURITY_ATTRIBUTES* thread_attributes, | 124 SECURITY_ATTRIBUTES* process_attributes, |
| 127 bool inherit_handles, | 125 SECURITY_ATTRIBUTES* thread_attributes, |
| 128 DWORD creation_flags, | 126 const base::HandlesToInheritVector& handles_to_inherit, |
| 129 const base::char16* desktop_name, | 127 DWORD creation_flags, |
| 130 ScopedHandle* process_out, | 128 const base::char16* desktop_name, |
| 131 ScopedHandle* thread_out) { | 129 ScopedHandle* process_out, |
| 130 ScopedHandle* thread_out) { |
| 132 base::FilePath::StringType application_name = binary.value(); | 131 base::FilePath::StringType application_name = binary.value(); |
| 133 | 132 |
| 134 STARTUPINFOW startup_info; | 133 base::win::StartupInformation startup_info_wrapper; |
| 135 memset(&startup_info, 0, sizeof(startup_info)); | 134 STARTUPINFO* startup_info = startup_info_wrapper.startup_info(); |
| 136 startup_info.cb = sizeof(startup_info); | |
| 137 if (desktop_name) | 135 if (desktop_name) |
| 138 startup_info.lpDesktop = const_cast<base::char16*>(desktop_name); | 136 startup_info->lpDesktop = const_cast<base::char16*>(desktop_name); |
| 139 | 137 |
| 138 bool inherit_handles = false; |
| 139 if (!handles_to_inherit.empty()) { |
| 140 if (handles_to_inherit.size() > |
| 141 std::numeric_limits<DWORD>::max() / sizeof(HANDLE)) { |
| 142 DLOG(ERROR) << "Too many handles to inherit."; |
| 143 return false; |
| 144 } |
| 145 |
| 146 // Ensure the handles can be inherited. |
| 147 for (HANDLE handle : handles_to_inherit) { |
| 148 BOOL result = SetHandleInformation(handle, HANDLE_FLAG_INHERIT, |
| 149 HANDLE_FLAG_INHERIT); |
| 150 PCHECK(result); |
| 151 } |
| 152 |
| 153 if (!startup_info_wrapper.InitializeProcThreadAttributeList( |
| 154 /* attribute_count= */ 1)) { |
| 155 PLOG(ERROR) << "InitializeProcThreadAttributeList()"; |
| 156 return false; |
| 157 } |
| 158 |
| 159 if (!startup_info_wrapper.UpdateProcThreadAttribute( |
| 160 PROC_THREAD_ATTRIBUTE_HANDLE_LIST, |
| 161 const_cast<HANDLE*>(&handles_to_inherit.at(0)), |
| 162 static_cast<DWORD>(handles_to_inherit.size() * sizeof(HANDLE)))) { |
| 163 PLOG(ERROR) << "UpdateProcThreadAttribute()"; |
| 164 return false; |
| 165 } |
| 166 |
| 167 inherit_handles = true; |
| 168 creation_flags |= EXTENDED_STARTUPINFO_PRESENT; |
| 169 } |
| 140 PROCESS_INFORMATION temp_process_info = {}; | 170 PROCESS_INFORMATION temp_process_info = {}; |
| 141 BOOL result = CreateProcessAsUser(user_token, | 171 BOOL result = CreateProcessAsUser(user_token, application_name.c_str(), |
| 142 application_name.c_str(), | |
| 143 const_cast<LPWSTR>(command_line.c_str()), | 172 const_cast<LPWSTR>(command_line.c_str()), |
| 144 process_attributes, | 173 process_attributes, thread_attributes, |
| 145 thread_attributes, | 174 inherit_handles, creation_flags, nullptr, |
| 146 inherit_handles, | 175 nullptr, startup_info, &temp_process_info); |
| 147 creation_flags, | |
| 148 nullptr, | |
| 149 nullptr, | |
| 150 &startup_info, | |
| 151 &temp_process_info); | |
| 152 | 176 |
| 153 if (!result) { | 177 if (!result) { |
| 154 PLOG(ERROR) << "Failed to launch a process with a user token"; | 178 PLOG(ERROR) << "Failed to launch a process with a user token"; |
| 155 return false; | 179 return false; |
| 156 } | 180 } |
| 157 | 181 |
| 158 base::win::ScopedProcessInformation process_info(temp_process_info); | 182 base::win::ScopedProcessInformation process_info(temp_process_info); |
| 159 | 183 |
| 160 CHECK(process_info.IsValid()); | 184 CHECK(process_info.IsValid()); |
| 161 process_out->Set(process_info.TakeProcessHandle()); | 185 process_out->Set(process_info.TakeProcessHandle()); |
| 162 thread_out->Set(process_info.TakeThreadHandle()); | 186 thread_out->Set(process_info.TakeThreadHandle()); |
| 163 return true; | 187 return true; |
| 164 } | 188 } |
| 165 | 189 |
| 166 } // namespace remoting | 190 } // namespace remoting |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2424353002:
Use ChannelMojo between the remoting daemon and network processes. (Closed)
