| OLD | NEW |
|---|
| 1 | 1 |
| 2 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 2 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 3 // Use of this source code is governed by a BSD-style license that can be | 3 // Use of this source code is governed by a BSD-style license that can be |
| 4 // found in the LICENSE file. | 4 // found in the LICENSE file. |
| 5 // | 5 // |
| 6 // This file implements the Windows service controlling Me2Me host processes | 6 // This file implements the Windows service controlling Me2Me host processes |
| 7 // running within user sessions. | 7 // running within user sessions. |
| 8 | 8 |
| 9 #include "remoting/host/win/unprivileged_process_delegate.h" | 9 #include "remoting/host/win/unprivileged_process_delegate.h" |
| 10 | 10 |
| (...skipping 56 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 67 // Security descriptor of the worker process threads. It gives access SYSTEM | 67 // Security descriptor of the worker process threads. It gives access SYSTEM |
| 68 // full access to the threads. It gives READ_CONTROL, SYNCHRONIZE, | 68 // full access to the threads. It gives READ_CONTROL, SYNCHRONIZE, |
| 69 // THREAD_QUERY_INFORMATION and THREAD_TERMINATE rights to the built-in | 69 // THREAD_QUERY_INFORMATION and THREAD_TERMINATE rights to the built-in |
| 70 // administrators group. | 70 // administrators group. |
| 71 const char kWorkerThreadSd[] = "O:SYG:SYD:(A;;GA;;;SY)(A;;0x120801;;;BA)"; | 71 const char kWorkerThreadSd[] = "O:SYG:SYD:(A;;GA;;;SY)(A;;0x120801;;;BA)"; |
| 72 | 72 |
| 73 // Creates a token with limited access that will be used to run the worker | 73 // Creates a token with limited access that will be used to run the worker |
| 74 // process. | 74 // process. |
| 75 bool CreateRestrictedToken(ScopedHandle* token_out) { | 75 bool CreateRestrictedToken(ScopedHandle* token_out) { |
| 76 // Create a token representing LocalService account. | 76 // Create a token representing LocalService account. |
| 77 HANDLE temp_handle; | 77 ScopedHandle token; |
| 78 if (!LogonUser(L"LocalService", L"NT AUTHORITY", NULL, LOGON32_LOGON_SERVICE, | 78 if (!LogonUser(L"LocalService", L"NT AUTHORITY", NULL, LOGON32_LOGON_SERVICE, |
| 79 LOGON32_PROVIDER_DEFAULT, &temp_handle)) { | 79 LOGON32_PROVIDER_DEFAULT, token.Receive())) { |
| 80 return false; | 80 return false; |
| 81 } | 81 } |
| 82 ScopedHandle token(temp_handle); | |
| 83 | 82 |
| 84 sandbox::RestrictedToken restricted_token; | 83 sandbox::RestrictedToken restricted_token; |
| 85 if (restricted_token.Init(token) != ERROR_SUCCESS) | 84 if (restricted_token.Init(token) != ERROR_SUCCESS) |
| 86 return false; | 85 return false; |
| 87 | 86 |
| 88 // Remove all privileges in the token. | 87 // Remove all privileges in the token. |
| 89 if (restricted_token.DeleteAllPrivileges(NULL) != ERROR_SUCCESS) | 88 if (restricted_token.DeleteAllPrivileges(NULL) != ERROR_SUCCESS) |
| 90 return false; | 89 return false; |
| 91 | 90 |
| 92 // Set low integrity level if supported by the OS. | 91 // Set low integrity level if supported by the OS. |
| 93 if (base::win::GetVersion() >= base::win::VERSION_VISTA) { | 92 if (base::win::GetVersion() >= base::win::VERSION_VISTA) { |
| 94 if (restricted_token.SetIntegrityLevel(sandbox::INTEGRITY_LEVEL_LOW) | 93 if (restricted_token.SetIntegrityLevel(sandbox::INTEGRITY_LEVEL_LOW) |
| 95 != ERROR_SUCCESS) { | 94 != ERROR_SUCCESS) { |
| 96 return false; | 95 return false; |
| 97 } | 96 } |
| 98 } | 97 } |
| 99 | 98 |
| 100 // Return the resulting token. | 99 // Return the resulting token. |
| 101 if (restricted_token.GetRestrictedTokenHandle(&temp_handle) == | 100 return restricted_token.GetRestrictedTokenHandle(token_out->Receive()) == |
| 102 ERROR_SUCCESS) { | 101 ERROR_SUCCESS; |
| 103 token_out->Set(temp_handle); | |
| 104 return true; | |
| 105 } | |
| 106 return false; | |
| 107 } | 102 } |
| 108 | 103 |
| 109 // Creates a window station with a given name and the default desktop giving | 104 // Creates a window station with a given name and the default desktop giving |
| 110 // the complete access to |logon_sid|. | 105 // the complete access to |logon_sid|. |
| 111 bool CreateWindowStationAndDesktop(ScopedSid logon_sid, | 106 bool CreateWindowStationAndDesktop(ScopedSid logon_sid, |
| 112 WindowStationAndDesktop* handles_out) { | 107 WindowStationAndDesktop* handles_out) { |
| 113 // Convert the logon SID into a string. | 108 // Convert the logon SID into a string. |
| 114 std::string logon_sid_string = ConvertSidToString(logon_sid.get()); | 109 std::string logon_sid_string = ConvertSidToString(logon_sid.get()); |
| 115 if (logon_sid_string.empty()) { | 110 if (logon_sid_string.empty()) { |
| 116 LOG_GETLASTERROR(ERROR) << "Failed to convert a SID to string"; | 111 LOG_GETLASTERROR(ERROR) << "Failed to convert a SID to string"; |
| (...skipping 154 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 271 thread_attributes.lpSecurityDescriptor = thread_sd.get(); | 266 thread_attributes.lpSecurityDescriptor = thread_sd.get(); |
| 272 thread_attributes.bInheritHandle = FALSE; | 267 thread_attributes.bInheritHandle = FALSE; |
| 273 | 268 |
| 274 ScopedHandle worker_process; | 269 ScopedHandle worker_process; |
| 275 { | 270 { |
| 276 // Take a lock why any inheritable handles are open to make sure that only | 271 // Take a lock why any inheritable handles are open to make sure that only |
| 277 // one process inherits them. | 272 // one process inherits them. |
| 278 base::AutoLock lock(g_inherit_handles_lock.Get()); | 273 base::AutoLock lock(g_inherit_handles_lock.Get()); |
| 279 | 274 |
| 280 // Create a connected IPC channel. | 275 // Create a connected IPC channel. |
| 281 HANDLE temp_handle; | 276 ScopedHandle client; |
| 282 if (!CreateConnectedIpcChannel(io_task_runner_, this, &temp_handle, | 277 if (!CreateConnectedIpcChannel(io_task_runner_, this, client.Receive(), |
| 283 &server)) { | 278 &server)) { |
| 284 ReportFatalError(); | 279 ReportFatalError(); |
| 285 return; | 280 return; |
| 286 } | 281 } |
| 287 ScopedHandle client(temp_handle); | |
| 288 | 282 |
| 289 // Convert the handle value into a decimal integer. Handle values are 32bit | 283 // Convert the handle value into a decimal integer. Handle values are 32bit |
| 290 // even on 64bit platforms. | 284 // even on 64bit platforms. |
| 291 std::string pipe_handle = base::StringPrintf( | 285 std::string pipe_handle = base::StringPrintf( |
| 292 "%d", reinterpret_cast<ULONG_PTR>(client.Get())); | 286 "%d", reinterpret_cast<ULONG_PTR>(client.Get())); |
| 293 | 287 |
| 294 // Pass the IPC channel via the command line. | 288 // Pass the IPC channel via the command line. |
| 295 CommandLine command_line(target_command_->argv()); | 289 CommandLine command_line(target_command_->argv()); |
| 296 command_line.AppendSwitchASCII(kDaemonPipeSwitchName, pipe_handle); | 290 command_line.AppendSwitchASCII(kDaemonPipeSwitchName, pipe_handle); |
| 297 | 291 |
| (...skipping 98 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 396 base::win::ScopedHandle worker_process) { | 390 base::win::ScopedHandle worker_process) { |
| 397 DCHECK(CalledOnValidThread()); | 391 DCHECK(CalledOnValidThread()); |
| 398 DCHECK(!worker_process_.IsValid()); | 392 DCHECK(!worker_process_.IsValid()); |
| 399 | 393 |
| 400 worker_process_ = worker_process.Pass(); | 394 worker_process_ = worker_process.Pass(); |
| 401 | 395 |
| 402 // Report a handle that can be used to wait for the worker process completion, | 396 // Report a handle that can be used to wait for the worker process completion, |
| 403 // query information about the process and duplicate handles. | 397 // query information about the process and duplicate handles. |
| 404 DWORD desired_access = | 398 DWORD desired_access = |
| 405 SYNCHRONIZE | PROCESS_DUP_HANDLE | PROCESS_QUERY_INFORMATION; | 399 SYNCHRONIZE | PROCESS_DUP_HANDLE | PROCESS_QUERY_INFORMATION; |
| 406 HANDLE temp_handle; | 400 ScopedHandle limited_handle; |
| 407 if (!DuplicateHandle(GetCurrentProcess(), | 401 if (!DuplicateHandle(GetCurrentProcess(), |
| 408 worker_process_, | 402 worker_process_, |
| 409 GetCurrentProcess(), | 403 GetCurrentProcess(), |
| 410 &temp_handle, | 404 limited_handle.Receive(), |
| 411 desired_access, | 405 desired_access, |
| 412 FALSE, | 406 FALSE, |
| 413 0)) { | 407 0)) { |
| 414 LOG_GETLASTERROR(ERROR) << "Failed to duplicate a handle"; | 408 LOG_GETLASTERROR(ERROR) << "Failed to duplicate a handle"; |
| 415 ReportFatalError(); | 409 ReportFatalError(); |
| 416 return; | 410 return; |
| 417 } | 411 } |
| 418 ScopedHandle limited_handle(temp_handle); | |
| 419 | 412 |
| 420 event_handler_->OnProcessLaunched(limited_handle.Pass()); | 413 event_handler_->OnProcessLaunched(limited_handle.Pass()); |
| 421 } | 414 } |
| 422 | 415 |
| 423 } // namespace remoting | 416 } // namespace remoting |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 90963002:
Revert of Base: Remove Receive() from ScopedHandle. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src