VirtualBox

Changeset 18673 in vbox for trunk/src


Ignore:
Timestamp:
Apr 3, 2009 9:02:44 AM (16 years ago)
Author:
vboxsync
Message:

Guest Additions/common: Added token privilege handling.

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/src/VBox/Additions/common/VBoxService/VBoxServiceTimeSync.cpp

    r18634 r18673  
    116116static uint32_t g_TimeSyncMinAdjust = 1000;
    117117#else
    118 static uint32_t g_TimeSyncMinAdjust = 100;
     118 #if RT_OS_WINDOWS
     119  /** Process token. */
     120  static HANDLE g_hTokenProcess = NULL;
     121  /* Old token privileges. */
     122  static TOKEN_PRIVILEGES g_tpOld;
     123  static uint32_t g_TimeSyncMinAdjust = 100;
     124 #else
     125  static uint32_t g_TimeSyncMinAdjust = 100;
     126 #endif
    119127#endif
    120128/** @see pg_vboxservice_timesync */
     
    125133/** The semaphore we're blocking on. */
    126134static RTSEMEVENTMULTI g_TimeSyncEvent = NIL_RTSEMEVENTMULTI;
    127 
    128135
    129136/** @copydoc VBOXSERVICE::pfnPreInit */
     
    159166static DECLCALLBACK(int) VBoxServiceTimeSyncInit(void)
    160167{
     168    int rc = VINF_SUCCESS;
     169
    161170    /*
    162171     * If not specified, find the right interval default.
     
    168177        g_TimeSyncInterval = 10 * 1000;
    169178
    170     int rc = RTSemEventMultiCreate(&g_TimeSyncEvent);
     179    rc = RTSemEventMultiCreate(&g_TimeSyncEvent);
    171180    AssertRC(rc);
     181
     182#if defined(RT_OS_WINDOWS)
     183    /* Adjust priviledges of this process to adjust the time. */
     184    TOKEN_PRIVILEGES tp; /* Token provileges. */
     185    DWORD dwSize = sizeof (TOKEN_PRIVILEGES);
     186    LUID luid = {0};
     187
     188    if (!OpenProcessToken(GetCurrentProcess(),
     189                          TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &g_hTokenProcess))
     190    {
     191        VBoxServiceError("Opening process token (SE_SYSTEMTIME_NAME) failed with code %ld!\n", GetLastError());
     192        rc = VERR_PERMISSION_DENIED;
     193    }
     194    else
     195    {
     196        if(!::LookupPrivilegeValue(NULL, SE_SYSTEMTIME_NAME, &luid))
     197        {
     198            VBoxServiceError("Looking up token privileges (SE_SYSTEMTIME_NAME) failed with code %ld!\n", GetLastError());
     199            rc = VERR_PERMISSION_DENIED;
     200        }
     201
     202        ZeroMemory (&tp, sizeof (tp));
     203        tp.PrivilegeCount = 1;
     204        tp.Privileges[0].Luid = luid;
     205        tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
     206
     207        /* Adjust Token privileges. */
     208        if (!::AdjustTokenPrivileges(g_hTokenProcess, FALSE, &tp, sizeof(TOKEN_PRIVILEGES),
     209                 &g_tpOld, &dwSize))
     210        {
     211           VBoxServiceError("Adjusting token privileges (SE_SYSTEMTIME_NAME) failed with code %ld!\n", GetLastError());
     212           rc = VERR_PERMISSION_DENIED;
     213        }
     214    }
     215#else
     216    /* Nothing to do here yet. */
     217#endif
     218
     219    if (RT_FAILURE(rc))
     220    {
     221        CloseHandle (g_hTokenProcess);
     222        g_hTokenProcess = NULL;
     223    }
     224
    172225    return rc;
    173226}
     
    236289                     * *NIX systems have it. Fall back on settimeofday.
    237290                     */
    238 #ifdef RT_OS_WINDOWS
     291#if defined(RT_OS_WINDOWS)
     292
     293
    239294                    /* Just make sure it compiles for now, but later:
    240295                     SetSystemTimeAdjustment and fall back on SetSystemTime.
    241296                     */
    242                     AssertFatalFailed();
     297                    //AssertFatalFailed();
    243298#else
    244299                    struct timeval tv;
    245 # if !defined(RT_OS_OS2) /* PORTME */
     300#if !defined(RT_OS_OS2) /* PORTME */
    246301                    RTTimeSpecGetTimeval(&Drift, &tv);
    247302                    if (adjtime(&tv, NULL) == 0)
     
    252307                    }
    253308                    else
    254 # endif
     309#endif
    255310                    {
    256311                        errno = 0;
     
    264319                                    VBoxServiceVerbose(1, "settimeofday to %s\n",
    265320                                                       RTTimeToString(RTTimeExplode(&Time, &Tmp), sz, sizeof(sz)));
    266 # ifdef DEBUG
     321#ifdef DEBUG
    267322                                if (g_cVerbosity >= 3)
    268323                                    VBoxServiceVerbose(2, "       new time %s\n",
    269324                                                       RTTimeToString(RTTimeExplode(&Time, RTTimeNow(&Tmp)), sz, sizeof(sz)));
    270 # endif
     325#endif
    271326                                cErrors = 0;
    272327                            }
     
    320375static DECLCALLBACK(void) VBoxServiceTimeSyncTerm(void)
    321376{
     377#if defined(RT_OS_WINDOWS)
     378    /* Disable SE_SYSTEMTIME_NAME again. */
     379    DWORD dwSize = sizeof (TOKEN_PRIVILEGES);
     380    if (g_hTokenProcess && !::AdjustTokenPrivileges(g_hTokenProcess, FALSE, &g_tpOld, dwSize, NULL, NULL))
     381        VBoxServiceError("Adjusting back token privileges (SE_SYSTEMTIME_NAME) failed with code %ld!\n", GetLastError());
     382#endif
     383
    322384    RTSemEventMultiDestroy(g_TimeSyncEvent);
    323385    g_TimeSyncEvent = NIL_RTSEMEVENTMULTI;
Note: See TracChangeset for help on using the changeset viewer.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette