1.14.2

2024-06-11 11:42:28 +02:00 · 2024-06-11 11:42:28 +02:00 · b13710b2eb
parent 017291290b
commit b13710b2eb
2 changed files with 44 additions and 1 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -9,6 +9,8 @@ This project adheres to [Semantic Versioning](http://semver.org/).

 ### Fixed
 - fixed security issue with the newly introduced experimental "UseCreateToken=y" machanism
+- fixed issue with "UseCreateToken=y" when using a MSFT online account
+



--- a/Sandboxie/core/drv/token.c
+++ b/Sandboxie/core/drv/token.c
@ -2318,6 +2318,13 @@ _FX void* Token_CreateToken(void* TokenObject, PROCESS* proc)
 		memcpy(LocalUser->User.Sid, proc->SandboxieLogonSid, RtlLengthSid(proc->SandboxieLogonSid));
 	}
    
+    //UNICODE_STRING unicodeString;
+    //status = RtlConvertSidToUnicodeString(&unicodeString, LocalUser->User.Sid, TRUE);
+    //if (NT_SUCCESS(status)) {
+    //    DbgPrint("SID: %wZ\n", &unicodeString);
+    //    RtlFreeUnicodeString(&unicodeString);
+    //}
+
    status = SbieCreateToken(
        &TokenHandle,
        TOKEN_ALL_ACCESS,
@ -2340,6 +2347,39 @@ _FX void* Token_CreateToken(void* TokenObject, PROCESS* proc)
        LocalSource
    );

+    //
+    // For online accounts we must change the primary group
+    //
+
+    if (proc->SandboxieLogonSid && status == STATUS_INVALID_PRIMARY_GROUP)
+    {
+        ExFreePool((PVOID)LocalPrimaryGroup);
+        LocalPrimaryGroup = (PTOKEN_PRIMARY_GROUP)ExAllocatePoolWithTag(PagedPool, sizeof(PTOKEN_PRIMARY_GROUP), tzuk);
+        LocalPrimaryGroup->PrimaryGroup = LocalUser->User.Sid;
+
+        status = SbieCreateToken(
+            &TokenHandle,
+            TOKEN_ALL_ACCESS,
+            &ObjectAttributes,
+            TokenType,
+            &AuthenticationId,
+            &ExpirationTime,
+            LocalUser,
+            LocalGroups,
+            LocalPrivileges,
+
+            0, //UserAttributes,
+            0, //DeviceAttributes,
+            0, //DeviceGroups,
+            MandatoryPolicy,
+
+            LocalOwner,
+            LocalPrimaryGroup,
+            NewDefaultDacl,
+            LocalSource
+        );
+    }
+
    if (NT_SUCCESS(status))
        status = Thread_GetKernelHandleForUserHandle(&KernelTokenHandle, TokenHandle);

@ -2405,7 +2445,8 @@ _FX void* Token_CreateToken(void* TokenObject, PROCESS* proc)
        Token_SetHandleDacl(NtCurrentThread(), NewDacl);
        Token_SetHandleDacl(KernelTokenHandle, NewDacl);
    }
-    else if (!NT_SUCCESS(status))
+    
+    if (!NT_SUCCESS(status))
    {
        Log_Status_Ex_Process(MSG_1222, 0xA4, status, NULL, proc->box->session_id, proc->pid);
        goto finish;