Fix issues with security tokens (Enhanced Protected Mode, Protected Mode etc)

src/shared/Communication.cpp

Index: src/shared/Communication.cpp
===================================================================
--- a/src/shared/Communication.cpp
+++ b/src/shared/Communication.cpp
@@ -9,24 +9,6 @@
 #include "Utils.h"
 
 
-//
-// Application Package Authority.
-//
-
-#define SECURITY_APP_PACKAGE_AUTHORITY              {0,0,0,0,0,15}
-
-#define SECURITY_APP_PACKAGE_BASE_RID               (0x00000002L)
-#define SECURITY_BUILTIN_APP_PACKAGE_RID_COUNT      (2L)
-#define SECURITY_APP_PACKAGE_RID_COUNT              (8L)
-#define SECURITY_CAPABILITY_BASE_RID                (0x00000003L)
-#define SECURITY_BUILTIN_CAPABILITY_RID_COUNT       (2L)
-#define SECURITY_CAPABILITY_RID_COUNT               (5L)
-
-//
-// Built-in Packages.
-//
-
-#define SECURITY_BUILTIN_PACKAGE_ANY_PACKAGE        (0x00000001L)
 
 namespace
 {
@@ -73,7 +55,7 @@
   // Creates a security descriptor: 
   // Allows ALL access to Logon SID and to all app containers in DACL.
   // Sets Low Integrity in SACL.
-  std::auto_ptr<SECURITY_DESCRIPTOR> CreateSecurityDescriptorLowAndAppContainers(PSID logonSid)
+  std::auto_ptr<SECURITY_DESCRIPTOR> CreateSecurityDescriptor(PSID logonSid)
   {
     EXPLICIT_ACCESSW explicitAccess[2] = {};
 
@@ -86,19 +68,19 @@
 
     std::tr1::shared_ptr<SID> sharedAllAppContainersSid;
     // TODO: Would be better to detect if AppContainers are supported instead of checking the Windows version

[Felix Dahlke, 2014/06/24 15:30:39]

You can also slay the TODO comment here now!

-    bool isWindows8 = IsWindows8();
-    if (isWindows8)
+    bool isAppContainersSupported = IsAppContainersSupported();
+    if (isAppContainersSupported)
     {
-      PSID allAppContainersSid = 0;
-      SID_IDENTIFIER_AUTHORITY ApplicationAuthority = SECURITY_APP_PACKAGE_AUTHORITY;
-
       // Create a well-known SID for the all appcontainers group.
       // We need to allow access to all AppContainers, since, apparently,
       // giving access to specific AppContainer (for example AppContainer of IE) 
       // tricks Windows into thinking that token is IN AppContainer. 
       // Which blocks all the calls from outside, making it impossible to communicate
-      // with engine when IE is launched with different security settings.
-      AllocateAndInitializeSid(&ApplicationAuthority, 
+      // with the engine when IE is launched with different security settings.
+      PSID allAppContainersSid = 0;
+      SID_IDENTIFIER_AUTHORITY applicationAuthority = SECURITY_APP_PACKAGE_AUTHORITY;
+
+      AllocateAndInitializeSid(&applicationAuthority, 
               SECURITY_BUILTIN_APP_PACKAGE_RID_COUNT,
               SECURITY_APP_PACKAGE_BASE_RID,
               SECURITY_BUILTIN_PACKAGE_ANY_PACKAGE,
@@ -114,7 +96,7 @@
       explicitAccess[1].Trustee.ptstrName = static_cast<LPWSTR>(allAppContainersSid);
     }
     PACL acl = 0;
-    if (SetEntriesInAcl(isWindows8 ? 2 : 1, explicitAccess, 0, &acl) != ERROR_SUCCESS)
+    if (SetEntriesInAcl(isAppContainersSupported ? 2 : 1, explicitAccess, 0, &acl) != ERROR_SUCCESS)
       return std::auto_ptr<SECURITY_DESCRIPTOR>(0);
     std::tr1::shared_ptr<ACL> sharedAcl(static_cast<ACL*>(acl), LocalFree); // Just to simplify cleanup
 
@@ -127,13 +109,13 @@
 
     // Create a dummy security descriptor with low integrirty preset and copy its SACL into ours
     LPCWSTR accessControlEntry = L"S:(ML;;NW;;;LW)";
-    PSECURITY_DESCRIPTOR pDummySecurityDescriptorLow;
-    ConvertStringSecurityDescriptorToSecurityDescriptorW(accessControlEntry, SDDL_REVISION_1, &pDummySecurityDescriptorLow, 0);
-    std::tr1::shared_ptr<SECURITY_DESCRIPTOR> sharedDummySecurityDescriptor(static_cast<SECURITY_DESCRIPTOR*>(pDummySecurityDescriptorLow), LocalFree); // Just to simplify cleanup
+    PSECURITY_DESCRIPTOR dummySecurityDescriptorLow;
+    ConvertStringSecurityDescriptorToSecurityDescriptorW(accessControlEntry, SDDL_REVISION_1, &dummySecurityDescriptorLow, 0);
+    std::tr1::shared_ptr<SECURITY_DESCRIPTOR> sharedDummySecurityDescriptor(static_cast<SECURITY_DESCRIPTOR*>(dummySecurityDescriptorLow), LocalFree); // Just to simplify cleanup
     BOOL saclPresent = FALSE;
     BOOL saclDefaulted = FALSE;
     PACL sacl;

[Felix Dahlke, 2014/06/24 15:30:39]

Hm, don't we leak sacl now that you removed sharedSacl?

[Eric, 2014/06/25 17:43:55]

Evidently not. The security descriptor structure has internal structure not
exposed in the SECURITY_DESCRIPTOR declaration. My reading of the MS docs (which
are notoriously incomplete about allocation issues) is that the function
GetSecurityDescriptorSacl() does not allocate, but rather returns a pointer to
something that's already present in its first argument.

SECURITY_DESCRIPTOR structure
http://msdn.microsoft.com/en-us/library/windows/desktop/aa379561%28v=vs.85%29...

GetSecurityDescriptorSacl function
http://msdn.microsoft.com/en-us/library/windows/desktop/aa446653%28v=vs.85%29...

[Felix Dahlke, 2014/06/27 14:35:56]

Yeah, I think you're right Eric. Seems like Oleksandr interpreted it the same
way too :)

-    GetSecurityDescriptorSacl(pDummySecurityDescriptorLow, &saclPresent, &sacl, &saclDefaulted); 
+    GetSecurityDescriptorSacl(dummySecurityDescriptorLow, &saclPresent, &sacl, &saclDefaulted); 
     if (saclPresent)
     {
       if (!SetSecurityDescriptorSacl(securityDescriptor.get(), TRUE, sacl, FALSE))
@@ -204,7 +186,7 @@
     std::auto_ptr<SID> logonSid = GetLogonSid(token);
     // Create a SECURITY_DESCRIPTOR that has both Low Integrity and allows access to all AppContainers
     // This is needed since IE likes to jump out of Enhanced Protected Mode for specific pages (bing.com)
-    std::auto_ptr<SECURITY_DESCRIPTOR> securityDescriptor = CreateSecurityDescriptorLowAndAppContainers(logonSid.get());
+    std::auto_ptr<SECURITY_DESCRIPTOR> securityDescriptor = CreateSecurityDescriptor(logonSid.get());
     securityAttributes.lpSecurityDescriptor = securityDescriptor.release();
     sharedSecurityDescriptor.reset(static_cast<SECURITY_DESCRIPTOR*>(securityAttributes.lpSecurityDescriptor));