This commit is contained in:
DavidXanatos 2024-10-18 10:17:28 +02:00
parent 68623f5a70
commit ce7d03cf03
3 changed files with 33 additions and 11 deletions

View File

@ -10,6 +10,8 @@ This project adheres to [Semantic Versioning](http://semver.org/).
### Changed ### Changed
- improved SandboxieCrypto startup - improved SandboxieCrypto startup
- improved Sandboxed RPCSS startup
- Set tab orders and buddies of UI controls [#4300](https://github.com/sandboxie-plus/Sandboxie/pull/4300) (thanks gexgd0419)

View File

@ -855,20 +855,35 @@ HANDLE ProcessServer::RunSandboxedGetToken(
if (CallerInSandbox) { if (CallerInSandbox) {
if ((wcscmp(cmd, L"*RPCSS*") == 0 /* || wcscmp(cmd, L"*DCOM*") == 0 */) if ((wcscmp(cmd, L"*RPCSS*") == 0 /* || wcscmp(cmd, L"*DCOM*") == 0 */)) {
&& ProcessServer__RunRpcssAsSystem(boxname, CompartmentMode)) {
// if (ProcessServer__RunRpcssAsSystem(boxname, CompartmentMode)) {
// use our system token
// //
// use our system token
//
ok = OpenProcessToken(
GetCurrentProcess(), TOKEN_RIGHTS, &OldTokenHandle);
ShouldAdjustDacl = true;
}
else {
//
// use the session token
//
ULONG SessionId = PipeServer::GetCallerSessionId();
ok = WTSQueryUserToken(SessionId, &OldTokenHandle);
ShouldAdjustSessionId = false;
}
ok = OpenProcessToken(
GetCurrentProcess(), TOKEN_RIGHTS, &OldTokenHandle);
if (! ok) if (! ok)
return NULL; return NULL;
ShouldAdjustDacl = true;
} }
else else
// OriginalToken BEGIN // OriginalToken BEGIN

View File

@ -31,6 +31,7 @@
#include "core/dll/sbiedll.h" #include "core/dll/sbiedll.h"
#include <aclapi.h> #include <aclapi.h>
#include "ProcessServer.h" #include "ProcessServer.h"
#include <wtsapi32.h>
#define MISC_H_WITHOUT_WIN32_NTDDK_H #define MISC_H_WITHOUT_WIN32_NTDDK_H
#include "misc.h" #include "misc.h"
@ -353,7 +354,11 @@ ULONG ServiceServer::RunHandler2(
// use our system token // use our system token
ok = OpenProcessToken(GetCurrentProcess(), TOKEN_RIGHTS, &hOldToken); ok = OpenProcessToken(GetCurrentProcess(), TOKEN_RIGHTS, &hOldToken);
} }
// OriginalToken BEGIN else {
// use the users default token
ok = WTSQueryUserToken(idSession, &hOldToken);
}
/*// OriginalToken BEGIN
else if (CompartmentMode || SbieApi_QueryConfBool(boxname, L"OriginalToken", FALSE)) { else if (CompartmentMode || SbieApi_QueryConfBool(boxname, L"OriginalToken", FALSE)) {
HANDLE hProcess = OpenProcess(PROCESS_QUERY_INFORMATION, FALSE, (ULONG)(ULONG_PTR)idProcess); HANDLE hProcess = OpenProcess(PROCESS_QUERY_INFORMATION, FALSE, (ULONG)(ULONG_PTR)idProcess);
if (!hProcess) if (!hProcess)
@ -369,7 +374,7 @@ ULONG ServiceServer::RunHandler2(
else { else {
// use the callers original token // use the callers original token
hOldToken = (HANDLE)SbieApi_QueryProcessInfo(idProcess, 'ptok'); hOldToken = (HANDLE)SbieApi_QueryProcessInfo(idProcess, 'ptok');
} }*/
} }
if (ok) { if (ok) {