From 756293008b6d122400fcd2462d0c65e589e30ba9 Mon Sep 17 00:00:00 2001 From: Rom Walton Date: Thu, 28 Feb 2008 05:01:52 +0000 Subject: [PATCH] - MGR/SCR: run_program should explicitly set the desktop and window station to whichever desktop and window station the app launching it belongs. If access is denied then change the ACLs on the current desktop and window station then attempt to relaunch the application. lib/ util.C svn path=/trunk/boinc/; revision=14812 --- checkin_notes | 10 +++++++++ lib/util.C | 57 +++++++++++++++++++++++++++++++++++++++++++++++---- 2 files changed, 63 insertions(+), 4 deletions(-) diff --git a/checkin_notes b/checkin_notes index 6193910dff..33e2abccf9 100644 --- a/checkin_notes +++ b/checkin_notes @@ -1711,3 +1711,13 @@ David Feb 27 2008 David Feb 27 2008 - changes to many files to fix gcc4.3 compile + +Rom Feb 27 2008 + - MGR/SCR: run_program should explicitly set the desktop + and window station to whichever desktop and window station + the app launching it belongs. If access is denied then + change the ACLs on the current desktop and window station + then attempt to relaunch the application. + + lib/ + util.C diff --git a/lib/util.C b/lib/util.C index 9fe1e606a8..bf001cd22e 100644 --- a/lib/util.C +++ b/lib/util.C @@ -384,10 +384,38 @@ int run_program( get_sandbox_account_token(); if (sandbox_account_token != NULL) { - // Forces system to create a new desktop and windowstation to host - // the application. + char szWindowStation[256]; + char szDesktop[256]; + char szDesktopName[512]; + memset(szWindowStation, 0, sizeof(szWindowStation)); + memset(szDesktop, 0, sizeof(szDesktop)); + memset(szDesktopName, 0, sizeof(szDesktopName)); + + // Retrieve the current window station and desktop names + GetUserObjectInformation( + GetProcessWindowStation(), + UOI_NAME, + szWindowStation, + sizeof(szWindowStation), + NULL + ); + GetUserObjectInformation( + GetThreadDesktop(GetCurrentThreadId()), + UOI_NAME, + szDesktop, + sizeof(szDesktop), + NULL + ); + + // Construct the destination desktop name + strncat(szDesktopName, szWindowStation, sizeof(szDesktopName) - strlen(szDesktopName)); + strncat(szDesktopName, "\\", sizeof(szDesktopName) - strlen(szDesktopName)); + strncat(szDesktopName, szDesktop, sizeof(szDesktopName) - strlen(szDesktopName)); + + // Tell CreateProcessAsUser which desktop to use explicitly. If the ACLs haven't + // been configured to allow the sandbox account to run an access denied. // - startup_info.lpDesktop = ""; + startup_info.lpDesktop = szDesktopName; retval = CreateProcessAsUser( sandbox_account_token, @@ -401,7 +429,28 @@ int run_program( dir, &startup_info, &process_info - ); + ); + if (!retval && GetLastError() == ERROR_ACCESS_DENIED) { + if (!AddAceToWindowStation(GetProcessWindowStation(), sandbox_account_sid)) { + fprintf(stderr, "Failed to add ACE to current WindowStation\n"); + } + if (!AddAceToDesktop(GetThreadDesktop(GetCurrentThreadId()), sandbox_account_sid)) { + fprintf(stderr, "Failed to add ACE to current Desktop\n"); + } + retval = CreateProcessAsUser( + sandbox_account_token, + file, + cmdline, + NULL, + NULL, + FALSE, + 0, + NULL, + dir, + &startup_info, + &process_info + ); + } } else { retval = CreateProcess( file,