1.14.9
This commit is contained in:
DavidXanatos
parent
7ba9820173
commit
030032f1ac
|
|
@ -1816,7 +1816,7 @@ _FX LONG SbieApi_GetUnmountHive(
|
|||
//---------------------------------------------------------------------------
|
||||
|
||||
|
||||
_FX LONG SbieApi_SessionLeader(HANDLE TokenHandle, HANDLE *ProcessId)
|
||||
_FX LONG SbieApi_SessionLeader(ULONG session_id, HANDLE *ProcessId)
|
||||
{
|
||||
NTSTATUS status;
|
||||
__declspec(align(8)) ULONG64 ResultValue;
|
||||
|
|
@ -1826,9 +1826,11 @@ _FX LONG SbieApi_SessionLeader(HANDLE TokenHandle, HANDLE *ProcessId)
|
|||
memset(parms, 0, sizeof(parms));
|
||||
args->func_code = API_SESSION_LEADER;
|
||||
if (ProcessId) {
|
||||
args->token_handle.val64 = (ULONG64)(ULONG_PTR)TokenHandle;
|
||||
args->session_id.val64 = (ULONG64)(ULONG_PTR)session_id;
|
||||
args->token_handle.val64 = 0;
|
||||
args->process_id.val64 = (ULONG64)(ULONG_PTR)&ResultValue;
|
||||
} else {
|
||||
args->session_id.val64 = 0;
|
||||
args->token_handle.val64 = 0;
|
||||
args->process_id.val64 = 0;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -190,7 +190,7 @@ LONG SbieApi_EnumProcessEx(
|
|||
|
||||
SBIEAPI_EXPORT
|
||||
LONG SbieApi_SessionLeader(
|
||||
HANDLE TokenHandle,
|
||||
ULONG session_id,
|
||||
HANDLE *ProcessId);
|
||||
|
||||
SBIEAPI_EXPORT
|
||||
|
|
|
|||
|
|
@ -410,6 +410,7 @@ API_ARGS_CLOSE(API_OPEN_DEVICE_MAP_ARGS)
|
|||
API_ARGS_BEGIN(API_SESSION_LEADER_ARGS)
|
||||
API_ARGS_FIELD(HANDLE,token_handle)
|
||||
API_ARGS_FIELD(ULONG64 *,process_id)
|
||||
API_ARGS_FIELD(ULONG,session_id)
|
||||
API_ARGS_CLOSE(API_SESSION_LEADER_ARGS)
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -690,32 +690,6 @@ void* Driver_FindMissingService(const char* ProcName, int prmcnt)
|
|||
|
||||
_FX BOOLEAN Driver_FindMissingServices(void)
|
||||
{
|
||||
#ifdef OLD_DDK
|
||||
UNICODE_STRING uni;
|
||||
RtlInitUnicodeString(&uni, L"ZwSetInformationToken");
|
||||
|
||||
//
|
||||
// Windows 7 kernel exports ZwSetInformationToken
|
||||
// on earlier versions of Windows, we search for it
|
||||
//
|
||||
//#ifndef _WIN64
|
||||
if (Driver_OsVersion < DRIVER_WINDOWS_7) {
|
||||
|
||||
ZwSetInformationToken = (P_NtSetInformationToken) Driver_FindMissingService("ZwSetInformationToken", 4);
|
||||
|
||||
} else
|
||||
//#endif
|
||||
{
|
||||
ZwSetInformationToken = (P_NtSetInformationToken) MmGetSystemRoutineAddress(&uni);
|
||||
}
|
||||
|
||||
if (!ZwSetInformationToken) {
|
||||
Log_Msg1(MSG_1108, uni.Buffer);
|
||||
return FALSE;
|
||||
}
|
||||
#endif
|
||||
|
||||
|
||||
//
|
||||
// Retrieve some unexported kernel functions which may be useful
|
||||
//
|
||||
|
|
@ -773,6 +747,31 @@ _FX BOOLEAN Driver_FindMissingServices(void)
|
|||
|
||||
#endif
|
||||
|
||||
#ifdef OLD_DDK
|
||||
UNICODE_STRING uni;
|
||||
RtlInitUnicodeString(&uni, L"ZwSetInformationToken");
|
||||
|
||||
//
|
||||
// Windows 7 kernel exports ZwSetInformationToken
|
||||
// on earlier versions of Windows, we search for it
|
||||
//
|
||||
//#ifndef _WIN64
|
||||
if (Driver_OsVersion < DRIVER_WINDOWS_7) {
|
||||
|
||||
ZwSetInformationToken = (P_NtSetInformationToken) Driver_FindMissingService("ZwSetInformationToken", 4);
|
||||
|
||||
} else
|
||||
//#endif
|
||||
{
|
||||
ZwSetInformationToken = (P_NtSetInformationToken) MmGetSystemRoutineAddress(&uni);
|
||||
}
|
||||
|
||||
if (!ZwSetInformationToken) {
|
||||
Log_Msg1(MSG_1108, uni.Buffer);
|
||||
return FALSE;
|
||||
}
|
||||
#endif
|
||||
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -168,9 +168,9 @@ _FX BOX *Process_GetForcedStartBox(
|
|||
BOOLEAN same_image_name;
|
||||
|
||||
|
||||
void* nbuf;
|
||||
ULONG nlen;
|
||||
WCHAR* ParentName;
|
||||
void* nbuf = NULL;
|
||||
ULONG nlen = 0;
|
||||
WCHAR* ParentName = NULL;
|
||||
|
||||
check_force = TRUE;
|
||||
|
||||
|
|
|
|||
|
|
@ -362,19 +362,22 @@ _FX NTSTATUS Session_Api_Leader(PROCESS *proc, ULONG64 *parms)
|
|||
// get leader
|
||||
//
|
||||
|
||||
HANDLE TokenHandle = args->token_handle.val;
|
||||
ULONG session_id = args->session_id.val;
|
||||
|
||||
ULONG SessionId;
|
||||
ULONG len = sizeof(ULONG);
|
||||
if (session_id == -1) {
|
||||
|
||||
status = ZwQueryInformationToken(
|
||||
TokenHandle, TokenSessionId, &SessionId, len, &len);
|
||||
HANDLE TokenHandle = args->token_handle.val;
|
||||
|
||||
ULONG len = sizeof(session_id);
|
||||
status = ZwQueryInformationToken(
|
||||
TokenHandle, TokenSessionId, &session_id, len, &len);
|
||||
}
|
||||
|
||||
if (NT_SUCCESS(status)) {
|
||||
|
||||
__try {
|
||||
|
||||
session = Session_Get(FALSE, SessionId, &irql);
|
||||
session = Session_Get(FALSE, session_id, &irql);
|
||||
if (session)
|
||||
ProcessIdToReturn = (ULONG64)session->leader_pid;
|
||||
|
||||
|
|
|
|||
|
|
@ -1290,6 +1290,7 @@ _FX NTSTATUS Token_RestrictHelper2(
|
|||
return STATUS_SUCCESS;
|
||||
|
||||
BOOLEAN NoUntrustedToken = Conf_Get_Boolean(proc->box->name, L"NoUntrustedToken", 0, FALSE);
|
||||
BOOLEAN OpenWndStation = Conf_Get_Boolean(proc->box->name, L"OpenWndStation", 0, FALSE);
|
||||
|
||||
label = (ULONG)(ULONG_PTR)Token_Query(
|
||||
TokenObject, TokenIntegrityLevel, proc->box->session_id);
|
||||
|
|
@ -1316,7 +1317,7 @@ _FX NTSTATUS Token_RestrictHelper2(
|
|||
LabelSid[1] = 0x10000000;
|
||||
// debug tip. You can change the sandboxed process's integrity level below
|
||||
//LabelSid[2] = SECURITY_MANDATORY_HIGH_RID;
|
||||
if(NoUntrustedToken)
|
||||
if(NoUntrustedToken || OpenWndStation)
|
||||
LabelSid[2] = SECURITY_MANDATORY_LOW_RID;
|
||||
else
|
||||
LabelSid[2] = SECURITY_MANDATORY_UNTRUSTED_RID;
|
||||
|
|
@ -1392,6 +1393,7 @@ _FX void *Token_RestrictHelper3(
|
|||
|
||||
BOOLEAN KeepUserGroup = Conf_Get_Boolean(proc->box->name, L"KeepUserGroup", 0, FALSE);
|
||||
BOOLEAN KeepLogonSession = Conf_Get_Boolean(proc->box->name, L"KeepLogonSession", 0, FALSE);
|
||||
BOOLEAN OpenWndStation = Conf_Get_Boolean(proc->box->name, L"OpenWndStation", 0, FALSE);
|
||||
|
||||
n = 0;
|
||||
|
||||
|
|
@ -1400,7 +1402,7 @@ _FX void *Token_RestrictHelper3(
|
|||
if (Groups->Groups[i].Attributes & SE_GROUP_INTEGRITY)
|
||||
continue;
|
||||
|
||||
if (KeepLogonSession && (Groups->Groups[i].Attributes & SE_GROUP_LOGON_ID))
|
||||
if ((KeepLogonSession || OpenWndStation) && (Groups->Groups[i].Attributes & SE_GROUP_LOGON_ID))
|
||||
continue;
|
||||
|
||||
if (RtlEqualSid(Groups->Groups[i].Sid, UserSid)) {
|
||||
|
|
@ -2250,6 +2252,7 @@ _FX void* Token_CreateToken(void* TokenObject, PROCESS* proc)
|
|||
if (!Conf_Get_Boolean(proc->box->name, L"UnstrippedToken", 0, FALSE))
|
||||
{
|
||||
BOOLEAN NoUntrustedToken = Conf_Get_Boolean(proc->box->name, L"NoUntrustedToken", 0, FALSE);
|
||||
BOOLEAN OpenWndStation = Conf_Get_Boolean(proc->box->name, L"OpenWndStation", 0, FALSE);
|
||||
BOOLEAN KeepUserGroup = Conf_Get_Boolean(proc->box->name, L"KeepUserGroup", 0, FALSE);
|
||||
BOOLEAN KeepLogonSession = Conf_Get_Boolean(proc->box->name, L"KeepLogonSession", 0, FALSE);
|
||||
|
||||
|
|
@ -2257,7 +2260,7 @@ _FX void* Token_CreateToken(void* TokenObject, PROCESS* proc)
|
|||
|
||||
if (LocalGroups->Groups[i].Attributes & SE_GROUP_INTEGRITY) {
|
||||
if (!Conf_Get_Boolean(proc->box->name, L"KeepTokenIntegrity", 0, FALSE)) {
|
||||
if(NoUntrustedToken)
|
||||
if(NoUntrustedToken || OpenWndStation)
|
||||
*RtlSubAuthoritySid(LocalGroups->Groups[i].Sid, 0) = SECURITY_MANDATORY_LOW_RID;
|
||||
else
|
||||
*RtlSubAuthoritySid(LocalGroups->Groups[i].Sid, 0) = SECURITY_MANDATORY_UNTRUSTED_RID;
|
||||
|
|
|
|||
|
|
@ -2275,7 +2275,7 @@ MSG_HEADER *SbieIniServer::RunSbieCtrl(MSG_HEADER *msg, HANDLE idProcess, bool i
|
|||
if (ok) {
|
||||
|
||||
HANDLE SbieCtrlProcessId;
|
||||
SbieApi_SessionLeader(hToken, &SbieCtrlProcessId);
|
||||
SbieApi_SessionLeader(m_session_id, &SbieCtrlProcessId);
|
||||
if (SbieCtrlProcessId) {
|
||||
status = STATUS_IMAGE_ALREADY_LOADED;
|
||||
ok = FALSE;
|
||||
|
|
|
|||
Loading…
Reference in New Issue