Rietveld Code Review Tool
Help | Bug tracker | Discussion group | Source code

Side by Side Diff: src/plugin/AdblockPlusClient.cpp

Issue 6308231068516352: Fix issues with security tokens (Enhanced Protected Mode, Protected Mode etc) (Closed)
Patch Set: Slaying the comments Created March 4, 2014, 10:38 a.m.
Left:
Right:
Use n/p to move between diff chunks; N/P to move between comments.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | src/shared/Communication.cpp » ('j') | src/shared/Communication.cpp » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 #include "PluginStdAfx.h" 1 #include "PluginStdAfx.h"
2 #include "PluginSettings.h" 2 #include "PluginSettings.h"
3 #include "PluginSystem.h" 3 #include "PluginSystem.h"
4 #include "PluginFilter.h" 4 #include "PluginFilter.h"
5 #include "PluginClientFactory.h" 5 #include "PluginClientFactory.h"
6 #include "PluginMutex.h" 6 #include "PluginMutex.h"
7 #include "PluginClass.h" 7 #include "PluginClass.h"
8 8
9 #include "AdblockPlusClient.h" 9 #include "AdblockPlusClient.h"
10 10
(...skipping 37 matching lines...) Expand 10 before | Expand all | Expand 10 after
48 // See http://msdn.microsoft.com/en-us/library/bb250462(v=vs.85).aspx#wpm_ elebp 48 // See http://msdn.microsoft.com/en-us/library/bb250462(v=vs.85).aspx#wpm_ elebp
49 createProcRes = CreateProcessW(engineExecutablePath.c_str(), params.GetBuf fer(params.GetLength() + 1), 49 createProcRes = CreateProcessW(engineExecutablePath.c_str(), params.GetBuf fer(params.GetLength() + 1),
50 0, 0, false, 0, 0, 0, (STARTUPINFOW*)&startupInfo, &processInformation); 50 0, 0, false, 0, 0, 0, (STARTUPINFOW*)&startupInfo, &processInformation);
51 } 51 }
52 else 52 else
53 { 53 {
54 // Launch with Low Integrity explicitly 54 // Launch with Low Integrity explicitly
55 HANDLE newToken; 55 HANDLE newToken;
56 DuplicateTokenEx(token, 0, 0, SecurityImpersonation, TokenPrimary, &newTok en); 56 DuplicateTokenEx(token, 0, 0, SecurityImpersonation, TokenPrimary, &newTok en);
57 57
58 PSID pIntegritySid = 0; 58 PSID integritySid = 0;
59 BOOL res = ConvertStringSidToSid(L"S-1-16-4096", &pIntegritySid); 59 ConvertStringSidToSid(L"S-1-16-4096", &integritySid);
60 std::tr1::shared_ptr<SID> sharedIntegritySid(static_cast<SID*>(pIntegrityS id), FreeSid); // Just to simplify cleanup 60 std::tr1::shared_ptr<SID> sharedIntegritySid(static_cast<SID*>(integritySi d), FreeSid); // Just to simplify cleanup
61 61
62 TOKEN_MANDATORY_LABEL tml = {0}; 62 TOKEN_MANDATORY_LABEL tml = {};
63 tml.Label.Attributes = SE_GROUP_INTEGRITY; 63 tml.Label.Attributes = SE_GROUP_INTEGRITY;
64 tml.Label.Sid = pIntegritySid; 64 tml.Label.Sid = integritySid;
65 65
66 // Set the process integrity level 66 // Set the process integrity level
67 res = SetTokenInformation(newToken, TokenIntegrityLevel, &tml, sizeof(TOKE N_MANDATORY_LABEL) + GetLengthSid(pIntegritySid)); 67 SetTokenInformation(newToken, TokenIntegrityLevel, &tml, sizeof(TOKEN_MAND ATORY_LABEL) + GetLengthSid(integritySid));
68 68
69 STARTUPINFO startupInfo = {}; 69 STARTUPINFO startupInfo = {};
70 PROCESS_INFORMATION processInformation = {}; 70 PROCESS_INFORMATION processInformation = {};
71 BOOL createProcRes = 0;
72 71
73 createProcRes = CreateProcessAsUserW(newToken, engineExecutablePath.c_str( ), params.GetBuffer(params.GetLength() + 1), 72 createProcRes = CreateProcessAsUserW(newToken, engineExecutablePath.c_str( ), params.GetBuffer(params.GetLength() + 1),
74 0, 0, false, 0, 0, 0, (STARTUPINFOW*)&startupInfo, &processInformation); 73 0, 0, false, 0, 0, 0, (STARTUPINFOW*)&startupInfo, &processInformation);
75 } 74 }
76 75
77 if (!createProcRes) 76 if (!createProcRes)
78 { 77 {
79 throw std::runtime_error("Failed to start Adblock Plus Engine"); 78 throw std::runtime_error("Failed to start Adblock Plus Engine");
80 } 79 }
81 80
(...skipping 425 matching lines...) Expand 10 before | Expand all | Expand 10 after
507 bool CAdblockPlusClient::TogglePluginEnabled() 506 bool CAdblockPlusClient::TogglePluginEnabled()
508 { 507 {
509 DEBUG_GENERAL("TogglePluginEnabled"); 508 DEBUG_GENERAL("TogglePluginEnabled");
510 Communication::InputBuffer response; 509 Communication::InputBuffer response;
511 if (!CallEngine(Communication::PROC_TOGGLE_PLUGIN_ENABLED, response)) 510 if (!CallEngine(Communication::PROC_TOGGLE_PLUGIN_ENABLED, response))
512 return false; 511 return false;
513 bool currentEnabledState; 512 bool currentEnabledState;
514 response >> currentEnabledState; 513 response >> currentEnabledState;
515 return currentEnabledState; 514 return currentEnabledState;
516 } 515 }
OLDNEW
« no previous file with comments | « no previous file | src/shared/Communication.cpp » ('j') | src/shared/Communication.cpp » ('J')

Powered by Google App Engine
This is Rietveld