Changeset 95274 in vbox

Timestamp:

Jun 14, 2022 10:48:33 AM (2 years ago)

Author:

vboxsync

Message:

FE/VBoxAutostart/adi: Added experimental support for running VBoxSVC session 0 (service session). Did some minor cleanup for the patch posted at comment 95. Disabled by default for now. bugref:9341

Location:

trunk

Files:

• Config.kmk (modified) (1 diff)
• include/iprt/process.h (modified) (2 diffs)
• src/VBox/Main/Makefile.kmk (modified) (1 diff)
• src/VBox/Main/idl/VirtualBox.xidl (modified) (1 diff)
• src/VBox/Main/src-global/win/VirtualBoxSDSImpl.cpp (modified) (12 diffs)
• src/VBox/Main/src-server/win/svcmain.cpp (modified) (8 diffs)
• src/VBox/Runtime/r3/win/process-win.cpp (modified) (10 diffs)

trunk/Config.kmk

@@ -779 +779 @@
 VBOX_WITH_SECURELABEL = 1
 endif
+# Start VBoxSVC in windows session 0 (services session).
+VBOX_WITH_VBOXSVC_SESSION_0 =
 # The headless frontend.
 VBOX_WITH_HEADLESS = 1

trunk/include/iprt/process.h

@@ -230 +230 @@
 /** For use with RTPROC_FLAGS_SERVICE to specify a desired session ID
  * (Windows only, ignored elsewhere).  The @a pvExtraData argument points to
- * a uint32_t containing the session ID, UINT32_MAX means any session. */
+ * a uint32_t containing the session ID, UINT32_MAX means any session.
+ * Can not be set with RTPROC_FLAGS_TOKEN_SUPPLIED */
 #define RTPROC_FLAGS_DESIRED_SESSION_ID     RT_BIT(11)
 /** This is a modifier to RTPROC_FLAGS_PROFILE on unix systems that makes it
@@ -238 +239 @@
  * This is ignored on Windows as it is using UTF-16. */
 #define RTPROC_FLAGS_UTF8_ARGV              RT_BIT_32(13)
+/** Create process using supplied token. The @a pvExtraData argument points to
+ * a HANDLE containing the token used as user credentials for process creation.
+ * Can not be set with RTPROC_FLAGS_DESIRED_SESSION_ID.
+ * Windows only flag, ignored everywhere else. */
+#define RTPROC_FLAGS_TOKEN_SUPPLIED         RT_BIT(14)
+
 /** Valid flag mask. */
-#define RTPROC_FLAGS_VALID_MASK             UINT32_C(0x3fff)
+#define RTPROC_FLAGS_VALID_MASK             UINT32_C(0x7fff)
 /** @}  */
 

trunk/src/VBox/Main/Makefile.kmk

@@ -458 +458 @@
  ifdef VBOX_WITH_QTGUI
 VBoxSDS_DEFS += VBOX_WITH_QTGUI
+ endif
+ ifdef VBOX_WITH_VBOXSVC_SESSION_0
+VBoxSDS_DEFS += VBOX_WITH_VBOXSVC_SESSION_0
  endif
 VBoxSDS_INCS  = \

trunk/src/VBox/Main/idl/VirtualBox.xidl

@@ -29870 +29870 @@
 
       <method name="registerVBoxSVC">
-        <desc>Registers a VBoxSVC instance with the SDS.</desc>
+        <desc>
+          Registers a VBoxSVC instance with VBoxSDS. If the caller is not running
+          in a Windows 0 session, the method attempts to run VBoxSVC in that
+          session.
+          <result name="E_PENDING">
+            The caller is not running in a Windows session 0 and no VBoxSVC
+            is registered. VBoxSVC registration begins in Windows session 0.
+            You should call this method again later.
+          </result>
+        </desc>
         <param name="vboxSVC" type="IVBoxSVCRegistration" dir="in">
           <desc>Interface implemented by the VirtualBox class factory.</desc>

trunk/src/VBox/Main/src-global/win/VirtualBoxSDSImpl.cpp

@@ -22 +22 @@
 #define LOG_GROUP LOG_GROUP_MAIN_VIRTUALBOXSDS
 #include <VBox/com/VirtualBox.h>
+#include <VBox/com/utils.h>
 #include "VirtualBoxSDSImpl.h"
 
@@ -31 +32 @@
 #include <iprt/asm.h>
 #include <iprt/critsect.h>
+#include <iprt/env.h>
+#include <iprt/err.h>
 #include <iprt/mem.h>
+#include <iprt/path.h>
 #include <iprt/process.h>
 #include <iprt/system.h>
@@ -71 +75 @@
     /** The PID of the chosen one. */
     RTPROCESS                       m_pidTheChosenOne;
+    /** The tick count when the process in Windows session 0 started */
+    uint32_t                        m_tickTheChosenOne;
     /** The current watcher thread index, UINT32_MAX if not watched. */
     uint32_t                        m_iWatcher;
@@ -89 +95 @@
         , m_strUsername(a_rStrUsername)
         , m_pidTheChosenOne(NIL_RTPROCESS)
+        , m_tickTheChosenOne(0)
 #ifdef WITH_WATCHER
         , m_iWatcher(UINT32_MAX)
@@ -146 +153 @@
         }
         m_pidTheChosenOne = NIL_RTPROCESS;
+        m_tickTheChosenOne = 0;
     }
 
@@ -250 +258 @@
     {
         *aExistingVirtualBox = NULL;
-
         /*
          * Get the client user SID and name.
@@ -263 +270 @@
                 /*
                  * If there already is a chosen one, ask it for a IVirtualBox instance
-                 * to return to the caller.  Should it be dead or unresponsive, the caller
+                 * to return to the caller. Should it be dead or unresponsive, the caller
                  * takes its place.
-                 */
+                */
                 if (pUserData->m_ptrTheChosenOne.isNotNull())
                 {
@@ -271 +278 @@
                     {
                         hrc = pUserData->m_ptrTheChosenOne->GetVirtualBox(aExistingVirtualBox);
+                        /* seems the VBoxSVC in windows session 0 is not yet finished object creation.
+                         * Give it a time. */
+                        if (FAILED(hrc) && GetTickCount() - pUserData->m_tickTheChosenOne < 60 * 1000)
+                            hrc = E_PENDING;
                     }
                     catch (...)
@@ -284 +295 @@
 #endif
                         pUserData->i_unchooseTheOne(true /*fIrregular*/);
+                        hrc = S_OK;
                     }
                 }
@@ -289 +301 @@
                     hrc = S_OK;
 
-                /*
-                 * No chosen one?  Make the caller the new chosen one!
-                 */
-                if (pUserData->m_ptrTheChosenOne.isNull())
+                /* No chosen one?  Make the caller the new chosen one! */
+                if (SUCCEEDED(hrc) && pUserData->m_ptrTheChosenOne.isNull())
                 {
-                    LogRel(("registerVBoxSVC: Making aPid=%u (%#x) the chosen one for user %s (%s)!\n",
-                            aPid, aPid, pUserData->m_strUserSid.c_str(), pUserData->m_strUsername.c_str()));
+#ifdef VBOX_WITH_VBOXSVC_SESSION_0
+                    /* Get user token. */
+                    HANDLE hThreadToken = NULL;
+                    hrc = CoImpersonateClient();
+                    if (SUCCEEDED(hrc))
+                    {
+                        hrc = E_FAIL;
+                        if (OpenThreadToken(GetCurrentThread(),
+                                              TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY | TOKEN_DUPLICATE | TOKEN_IMPERSONATE
+                                            | TOKEN_ASSIGN_PRIMARY | TOKEN_ADJUST_SESSIONID | TOKEN_READ | TOKEN_WRITE,
+                                            TRUE /* OpenAsSelf - for impersonation at SecurityIdentification level */,
+                                            &hThreadToken))
+                        {
+                            HANDLE hNewToken;
+                            if (DuplicateTokenEx(hThreadToken, MAXIMUM_ALLOWED, NULL /*SecurityAttribs*/,
+                                                    SecurityIdentification, TokenPrimary, &hNewToken))
+                            {
+                                CloseHandle(hThreadToken);
+                                hThreadToken = hNewToken;
+                                hrc = S_OK;
+                            }
+                            else
+                                LogRel(("registerVBoxSVC: DuplicateTokenEx failed: %ld\n", GetLastError()));
+                        }
+                        else
+                            LogRel(("registerVBoxSVC: OpenThreadToken failed: %ld\n", GetLastError()));
+
+                        CoRevertToSelf();
+                    }
+                    else
+                        LogRel(("registerVBoxSVC: CoImpersonateClient failed: %Rhrc\n", hrc));
+
+                    /* check windows session */
+                    DWORD dwSessionId = 0;
+                    if (SUCCEEDED(hrc) && hThreadToken != NULL)
+                    {
+                        hrc = E_FAIL;
+                        DWORD cbSessionId = sizeof(DWORD);
+                        if (GetTokenInformation(hThreadToken, TokenSessionId, (LPVOID)&dwSessionId, cbSessionId, &cbSessionId))
+                        {
+                            if (cbSessionId == sizeof(DWORD))
+                                hrc = S_OK;
+                            else
+                                LogRel(("registerVBoxSVC: GetTokenInformation return value has invalid size\n"));
+                        }
+                        else
+                            LogRel(("registerVBoxSVC: GetTokenInformation failed: %ld\n", GetLastError()));
+                    }
+                    if (SUCCEEDED(hrc) && dwSessionId != 0)
+                    {
+                        /* if VBoxSVC in the Windows session 0 is not started or if it did not
+                            * registered during a minute, start new one */
+                        if (   pUserData->m_pidTheChosenOne == NIL_RTPROCESS
+                            || GetTickCount() - pUserData->m_tickTheChosenOne > 60 * 1000)
+                        {
+                            uint32_t uSessionId = 0;
+                            if (SetTokenInformation(hThreadToken, TokenSessionId, &uSessionId, sizeof(uint32_t)))
+                            {
+                                /* start VBoxSVC process */
+                                /* Get the path to the executable directory w/ trailing slash: */
+                                char szPath[RTPATH_MAX];
+                                int vrc = RTPathAppPrivateArch(szPath, sizeof(szPath));
+                                AssertRCReturn(vrc, vrc);
+                                size_t cbBufLeft = RTPathEnsureTrailingSeparator(szPath, sizeof(szPath));
+                                AssertReturn(cbBufLeft > 0, VERR_FILENAME_TOO_LONG);
+                                char *pszNamePart = &szPath[cbBufLeft]; NOREF(pszNamePart);
+                                cbBufLeft = sizeof(szPath) - cbBufLeft;
+                                static const char s_szVirtualBox_exe[] = "VBoxSVC.exe";
+                                vrc = RTStrCopy(pszNamePart, cbBufLeft, s_szVirtualBox_exe);
+                                AssertRCReturn(vrc, vrc);
+                                const char *apszArgs[] =
+                                {
+                                    szPath,
+                                    "--registervbox",
+                                    NULL
+                                };
+
+                                RTPROCESS pid;
+                                vrc = RTProcCreateEx(szPath,
+                                                     apszArgs,
+                                                     RTENV_DEFAULT,
+                                                     RTPROC_FLAGS_TOKEN_SUPPLIED,
+                                                     NULL, NULL, NULL, NULL, NULL, &hThreadToken, &pid);
+
+                                if (RT_SUCCESS(vrc))
+                                {
+                                    pUserData->m_pidTheChosenOne = pid;
+                                    pUserData->m_tickTheChosenOne = GetTickCount();
+                                    hrc = E_PENDING;
+                                }
+                                else
+                                    LogRel(("registerVBoxSVC: Create VBoxSVC process failed: %Rrc\n", vrc));
+                            }
+                            else
+                            {
+                                hrc = E_FAIL;
+                                LogRel(("registerVBoxSVC: SetTokenInformation failed: %ld\n", GetLastError()));
+                            }
+                        }
+                        else /* the VBoxSVC in Windows session 0 already started */
+                            hrc = E_PENDING;
+                    }
+                    CloseHandle(hThreadToken);
+
+                    if (SUCCEEDED(hrc) && dwSessionId == 0)
+                    {
+#endif
+                        LogRel(("registerVBoxSVC: Making aPid=%u (%#x) the chosen one for user %s (%s)!\n",
+                                aPid, aPid, pUserData->m_strUserSid.c_str(), pUserData->m_strUsername.c_str()));
 #ifdef WITH_WATCHER
-                    /* Open the process so we can watch it. */
-                    HANDLE hProcess = OpenProcess(SYNCHRONIZE | PROCESS_QUERY_INFORMATION, FALSE /*fInherit*/, aPid);
-                    if (hProcess == NULL)
-                        hProcess = OpenProcess(SYNCHRONIZE | PROCESS_QUERY_LIMITED_INFORMATION, FALSE /*fInherit*/, aPid);
-                    if (hProcess == NULL)
-                        hProcess = OpenProcess(SYNCHRONIZE, FALSE /*fInherit*/, aPid);
-                    if (hProcess != NULL)
-                    {
-                        if (i_watchIt(pUserData, hProcess, aPid))
+                        /* Open the process so we can watch it. */
+                        HANDLE hProcess = OpenProcess(SYNCHRONIZE | PROCESS_QUERY_INFORMATION, FALSE /*fInherit*/, aPid);
+                        if (hProcess == NULL)
+                            hProcess = OpenProcess(SYNCHRONIZE | PROCESS_QUERY_LIMITED_INFORMATION, FALSE /*fInherit*/, aPid);
+                        if (hProcess == NULL)
+                            hProcess = OpenProcess(SYNCHRONIZE, FALSE /*fInherit*/, aPid);
+                        if (hProcess != NULL)
+                        {
+                            if (i_watchIt(pUserData, hProcess, aPid))
 #endif
-                        {
-                            /* Make it official... */
-                            pUserData->m_ptrTheChosenOne = aVBoxSVC;
-                            pUserData->m_pidTheChosenOne = aPid;
-                            hrc = S_OK;
+                            {
+                                /* Make it official... */
+                                pUserData->m_ptrTheChosenOne = aVBoxSVC;
+                                pUserData->m_pidTheChosenOne = aPid;
+                                hrc = S_OK;
+                            }
+#ifdef WITH_WATCHER
+                            else
+                            {
+
+                                LogRel(("registerVBoxSVC: i_watchIt failed!\n"));
+                                hrc = RPC_E_OUT_OF_RESOURCES;
+                            }
                         }
-#ifdef WITH_WATCHER
                         else
                         {
-
-                            LogRel(("registerVBoxSVC: i_watchIt failed!\n"));
-                            hrc = RPC_E_OUT_OF_RESOURCES;
+                            LogRel(("registerVBoxSVC: OpenProcess() failed: %ld\n", GetLastError()));
+                            hrc = E_ACCESSDENIED;
                         }
-                    }
-                    else
-                    {
-                        LogRel(("registerVBoxSVC: OpenProcess failed: %u\n", GetLastError()));
-                        hrc = E_ACCESSDENIED;
+#endif
+#ifdef VBOX_WITH_VBOXSVC_SESSION_0
                     }
 #endif
                 }
-
                 pUserData->i_unlock();
                 pUserData->i_release();
@@ -474 +593 @@
     a_pStrUsername->setNull();
 
-    CoInitializeEx(NULL, COINIT_MULTITHREADED); // is this necessary?
     HRESULT hrc = CoImpersonateClient();
     if (SUCCEEDED(hrc))
@@ -555 +673 @@
     else
         LogRel(("i_GetClientUserSID: CoImpersonateClient failed: %Rhrc\n", hrc));
-    CoUninitialize();
     return fRet;
 }

trunk/src/VBox/Main/src-server/win/svcmain.cpp

@@ -333 +333 @@
     if (SUCCEEDED(hrc))
     {
-        /*
-         * Create VBoxSVCRegistration object and hand that to VBoxSDS.
-         */
-        m_pVBoxSVC = new VBoxSVCRegistration(this);
-        hrc = m_ptrVirtualBoxSDS->RegisterVBoxSVC(m_pVBoxSVC, GetCurrentProcessId(), ppOtherVirtualBox);
+        /* By default the RPC_C_IMP_LEVEL_IDENTIFY is used for impersonation the client. It allows
+           ACL checking but restricts an access to system objects e.g. files. Call to CoSetProxyBlanket
+           elevates the impersonation level up to RPC_C_IMP_LEVEL_IMPERSONATE allowing the VBoxSDS
+           service to access the files. */
+        hrc = CoSetProxyBlanket(m_ptrVirtualBoxSDS,
+                                RPC_C_AUTHN_DEFAULT,
+                                RPC_C_AUTHZ_DEFAULT,
+                                COLE_DEFAULT_PRINCIPAL,
+                                RPC_C_AUTHN_LEVEL_DEFAULT,
+                                RPC_C_IMP_LEVEL_IMPERSONATE,
+                                NULL,
+                                EOAC_DEFAULT);
         if (SUCCEEDED(hrc))
         {
-            g_fRegisteredWithVBoxSDS = !*ppOtherVirtualBox;
-            return hrc;
-        }
-        m_pVBoxSVC->Release();
+            /*
+             * Create VBoxSVCRegistration object and hand that to VBoxSDS.
+             */
+            m_pVBoxSVC = new VBoxSVCRegistration(this);
+            hrc = E_PENDING;
+            /* we try to register IVirtualBox 10 times */
+            for (int regTimes = 0; hrc == E_PENDING && regTimes < 10;  --regTimes)
+            {
+                hrc = m_ptrVirtualBoxSDS->RegisterVBoxSVC(m_pVBoxSVC, GetCurrentProcessId(), ppOtherVirtualBox);
+                if (SUCCEEDED(hrc))
+                {
+                    g_fRegisteredWithVBoxSDS = !*ppOtherVirtualBox;
+                    return hrc;
+                }
+                /* sleep to give a time for windows session 0 registration */
+                if (hrc == E_PENDING)
+                    RTThreadSleep(1000);
+            }
+            m_pVBoxSVC->Release();
+        }
     }
     m_ptrVirtualBoxSDS.setNull();
@@ -687 +710 @@
             break;
         }
-
         case WM_DESTROY:
         {
@@ -823 +845 @@
 {
     /* never called, just need to be here */
+}
+
+
+/* thread for registering the VBoxSVC started in session 0 */
+static DWORD WINAPI threadRegisterVirtualBox(LPVOID lpParam) throw()
+{
+    HANDLE hEvent = (HANDLE)lpParam;
+    HRESULT hrc = CoInitializeEx(NULL, COINIT_MULTITHREADED);
+    if (SUCCEEDED(hrc))
+    {
+        /* create IVirtualBox instance */
+        ComPtr<IVirtualBox> pVirtualBox;
+        hrc = CoCreateInstance(CLSID_VirtualBox, NULL, CLSCTX_INPROC_SERVER /*CLSCTX_LOCAL_SERVER */, IID_IVirtualBox,
+                               (void **)pVirtualBox.asOutParam());
+        if (SUCCEEDED(hrc))
+        {
+            /* wait a minute allowing clients to connect to the instance */
+            WaitForSingleObject(hEvent, 60 * 1000);
+            /* remove reference. If anybody connected to IVirtualBox it will stay alive. */
+            pVirtualBox.setNull();
+        }
+        CoUninitialize();
+    }
+    return 0L;
 }
 
@@ -891 +937 @@
         { "-loginterval",   'I',    RTGETOPT_REQ_UINT32 | RTGETOPT_FLAG_ICASE },
         { "/loginterval",   'I',    RTGETOPT_REQ_UINT32 | RTGETOPT_FLAG_ICASE },
+        { "--registervbox", 'b',    RTGETOPT_REQ_NOTHING | RTGETOPT_FLAG_ICASE },
+        { "-registervbox",  'b',    RTGETOPT_REQ_NOTHING | RTGETOPT_FLAG_ICASE },
+        { "/registervbox",  'b',    RTGETOPT_REQ_NOTHING | RTGETOPT_FLAG_ICASE },
     };
 
@@ -901 +950 @@
     uint32_t        uHistoryFileTime = RT_SEC_1DAY; // max 1 day per file
     uint64_t        uHistoryFileSize = 100 * _1M;   // max 100MB per file
+    bool            fRegisterVBox = false;
 
     RTGETOPTSTATE   GetOptState;
@@ -981 +1031 @@
             }
 
+            case 'b':
+                fRegisterVBox = true;
+                break;
+
             default:
                 /** @todo this assumes that stderr is visible, which is not
@@ -1101 +1155 @@
             Log(("SVCMain: Failed to create main window\n"));
 
+        /* create thread to register IVirtualBox in VBoxSDS
+         * It is used for starting the VBoxSVC in the windows
+         * session 0. */
+        HANDLE hWaitEvent = CreateEvent(NULL, TRUE, FALSE, NULL);
+        HANDLE hRegisterVBoxThread = NULL;
+        if (fRegisterVBox)
+        {
+            DWORD  dwThreadId = 0;
+            hRegisterVBoxThread = CreateThread(NULL, 0, threadRegisterVirtualBox, (LPVOID)hWaitEvent,
+                                               0, &dwThreadId);
+        }
+
         MSG msg;
         while (GetMessage(&msg, 0, 0, 0) > 0)
@@ -1109 +1175 @@
 
         DestroyMainWindow();
+
+        if (fRegisterVBox)
+        {
+            SetEvent(hWaitEvent);
+            WaitForSingleObject(hRegisterVBoxThread, INFINITE);
+            CloseHandle(hRegisterVBoxThread);
+            CloseHandle(hWaitEvent);
+        }
 
         g_pModule->RevokeClassObjects();

trunk/src/VBox/Runtime/r3/win/process-win.cpp

@@ -1612 +1612 @@
                                   RTENV hEnv, DWORD dwCreationFlags,
                                   STARTUPINFOW *pStartupInfo, PROCESS_INFORMATION *pProcInfo,
-                                  uint32_t fFlags, const char *pszExec, uint32_t idDesiredSession)
+                                  uint32_t fFlags, const char *pszExec, uint32_t idDesiredSession,
+                                  HANDLE hUserToken)
 {
     /*
@@ -1642 +1643 @@
     DWORD   dwErr       = NO_ERROR;
     HANDLE  hTokenLogon = INVALID_HANDLE_VALUE;
-    int rc;
-    if (fFlags & RTPROC_FLAGS_AS_IMPERSONATED_TOKEN)
+    int rc = VINF_SUCCESS;
+    if (fFlags & RTPROC_FLAGS_TOKEN_SUPPLIED)
+        hTokenLogon = hUserToken;
+    else if (fFlags & RTPROC_FLAGS_AS_IMPERSONATED_TOKEN)
         rc = rtProcWinGetThreadTokenHandle(GetCurrentThread(), &hTokenLogon);
     else if (pwszUser == NULL)
@@ -1850 +1853 @@
         if (hTokenUserDesktop != INVALID_HANDLE_VALUE)
             CloseHandle(hTokenUserDesktop);
-        if (hTokenLogon != INVALID_HANDLE_VALUE)
+        if (   !(fFlags & RTPROC_FLAGS_TOKEN_SUPPLIED)
+            && hTokenLogon != INVALID_HANDLE_VALUE)
             CloseHandle(hTokenLogon);
 
@@ -2088 +2092 @@
                                  RTENV hEnv, DWORD dwCreationFlags,
                                  STARTUPINFOW *pStartupInfo, PROCESS_INFORMATION *pProcInfo,
-                                 uint32_t fFlags, const char *pszExec, uint32_t idDesiredSession)
+                                 uint32_t fFlags, const char *pszExec, uint32_t idDesiredSession,
+                                 HANDLE hUserToken)
 {
     /*
@@ -2096 +2101 @@
      * Note! This method is very slow on W2K.
      */
-    if (!(fFlags & (RTPROC_FLAGS_SERVICE | RTPROC_FLAGS_AS_IMPERSONATED_TOKEN)))
+    if (!(fFlags & (RTPROC_FLAGS_SERVICE | RTPROC_FLAGS_AS_IMPERSONATED_TOKEN | RTPROC_FLAGS_TOKEN_SUPPLIED)))
     {
         AssertPtr(pwszUser);
@@ -2104 +2109 @@
             return rc;
     }
-    return rtProcWinCreateAsUser2(pwszUser, pwszPassword, ppwszExec, pwszCmdLine,
-                                  hEnv, dwCreationFlags, pStartupInfo, pProcInfo, fFlags, pszExec, idDesiredSession);
+    return rtProcWinCreateAsUser2(pwszUser, pwszPassword, ppwszExec, pwszCmdLine, hEnv, dwCreationFlags,
+                                  pStartupInfo, pProcInfo, fFlags, pszExec, idDesiredSession, hUserToken);
 }
 
@@ -2282 +2287 @@
         AssertReturn(!(fFlags & RTPROC_FLAGS_DESIRED_SESSION_ID), VERR_INVALID_FLAGS);
 
+    HANDLE hUserToken = NULL;
+    if (fFlags & RTPROC_FLAGS_TOKEN_SUPPLIED)
+        hUserToken = *(HANDLE *)pvExtraData;
+
     /*
      * Initialize the globals.
@@ -2287 +2296 @@
     int rc = RTOnce(&g_rtProcWinInitOnce, rtProcWinInitOnce, NULL);
     AssertRCReturn(rc, rc);
-    if (pszAsUser || (fFlags & (RTPROC_FLAGS_PROFILE | RTPROC_FLAGS_SERVICE | RTPROC_FLAGS_AS_IMPERSONATED_TOKEN)))
+    if (   pszAsUser
+        || (fFlags & (RTPROC_FLAGS_PROFILE | RTPROC_FLAGS_SERVICE | RTPROC_FLAGS_AS_IMPERSONATED_TOKEN
+                      | RTPROC_FLAGS_TOKEN_SUPPLIED)))
     {
         rc = RTOnce(&g_rtProcWinResolveOnce, rtProcWinResolveOnce, NULL);
@@ -2445 +2456 @@
              */
             if (   pszAsUser == NULL
-                && !(fFlags & (RTPROC_FLAGS_SERVICE | RTPROC_FLAGS_AS_IMPERSONATED_TOKEN)))
+                && !(fFlags & (RTPROC_FLAGS_SERVICE | RTPROC_FLAGS_AS_IMPERSONATED_TOKEN | RTPROC_FLAGS_TOKEN_SUPPLIED)))
             {
                 /* Create the environment block first. */
@@ -2483 +2494 @@
                     if (RT_SUCCESS(rc))
                     {
-                        rc = rtProcWinCreateAsUser(pwszUser, pwszPassword,
-                                                   &pwszExec, pwszCmdLine, hEnv, dwCreationFlags,
-                                                   &StartupInfo, &ProcInfo, fFlags, pszExec, idDesiredSession);
+                        rc = rtProcWinCreateAsUser(pwszUser, pwszPassword, &pwszExec, pwszCmdLine, hEnv, dwCreationFlags,
+                                                   &StartupInfo, &ProcInfo, fFlags, pszExec, idDesiredSession,
+                                                   hUserToken);
 
                         if (pwszPassword && *pwszPassword)