Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2024-06-28 17:01:28 +00:00
Code Issues Packages Projects Releases Wiki Activity

[SERVICES] Use a proper security descriptor for the control pipes

Browse source
This commit is contained in:
Eric Kohl 2019-08-04 22:30:40 +02:00
parent b03d2b4d65
commit 8abbdd2808
3 changed files with 97 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
base/system/services/database.c
View file

@ -44,6 +44,7 @@ static DWORD
ScmCreateNewControlPipe(PSERVICE_IMAGE pServiceImage)
{
WCHAR szControlPipeName[MAX_PATH + 1];
SECURITY_ATTRIBUTES SecurityAttributes;
HKEY hServiceCurrentKey = INVALID_HANDLE_VALUE;
DWORD ServiceCurrent = 0;
DWORD KeyDisposition;
@ -97,6 +98,10 @@ ScmCreateNewControlPipe(PSERVICE_IMAGE pServiceImage)
DPRINT("PipeName: %S\n", szControlPipeName);
SecurityAttributes.nLength = sizeof(SecurityAttributes);
SecurityAttributes.lpSecurityDescriptor = pPipeSD;
SecurityAttributes.bInheritHandle = FALSE;
pServiceImage->hControlPipe = CreateNamedPipeW(szControlPipeName,
PIPE_ACCESS_DUPLEX | FILE_FLAG_OVERLAPPED,
PIPE_TYPE_MESSAGE | PIPE_READMODE_MESSAGE | PIPE_WAIT,
@ -104,7 +109,7 @@ ScmCreateNewControlPipe(PSERVICE_IMAGE pServiceImage)
8000,
4,
PipeTimeout,
NULL);
&SecurityAttributes);
DPRINT("CreateNamedPipeW(%S) done\n", szControlPipeName);
if (pServiceImage->hControlPipe == INVALID_HANDLE_VALUE)
{

91
base/system/services/security.c
View file

@ -14,14 +14,17 @@
#include <debug.h>
static PSID pNullSid = NULL;
static PSID pWorldSid = NULL;
static PSID pLocalSystemSid = NULL;
static PSID pAuthenticatedUserSid = NULL;
static PSID pAliasAdminsSid = NULL;
static PACL pDefaultDacl = NULL;
static PACL pDefaultSacl = NULL;
static PACL pPipeDacl = NULL;
static PSECURITY_DESCRIPTOR pDefaultSD = NULL;
PSECURITY_DESCRIPTOR pPipeSD = NULL;
/* FUNCTIONS ****************************************************************/
@ -33,6 +36,9 @@ ScmFreeSids(VOID)
if (pNullSid != NULL)
RtlFreeHeap(RtlGetProcessHeap(), 0, pNullSid);
if (pWorldSid != NULL)
RtlFreeHeap(RtlGetProcessHeap(), 0, pWorldSid);
if (pLocalSystemSid != NULL)
RtlFreeHeap(RtlGetProcessHeap(), 0, pLocalSystemSid);
@ -41,7 +47,6 @@ ScmFreeSids(VOID)
if (pAliasAdminsSid != NULL)
RtlFreeHeap(RtlGetProcessHeap(), 0, pAliasAdminsSid);
}
@ -66,6 +71,17 @@ ScmCreateSids(VOID)
pSubAuthority = RtlSubAuthoritySid(pNullSid, 0);
*pSubAuthority = SECURITY_NULL_RID;
/* Create the World SID */
pWorldSid = RtlAllocateHeap(RtlGetProcessHeap(), 0, ulLength1);
if (pWorldSid == NULL)
{
return ERROR_OUTOFMEMORY;
}
RtlInitializeSid(pWorldSid, &NullAuthority, 1);
pSubAuthority = RtlSubAuthoritySid(pWorldSid, 0);
*pSubAuthority = SECURITY_WORLD_RID;
/* Create the LocalSystem SID */
pLocalSystemSid = RtlAllocateHeap(RtlGetProcessHeap(), 0, ulLength1);
if (pLocalSystemSid == NULL)
@ -158,6 +174,21 @@ ScmCreateAcls(VOID)
FALSE,
TRUE);
/* Create the pipe DACL */
ulLength = sizeof(ACL) +
(sizeof(ACE) + RtlLengthSid(pWorldSid));
pPipeDacl = RtlAllocateHeap(RtlGetProcessHeap(), HEAP_ZERO_MEMORY, ulLength);
if (pPipeDacl == NULL)
return ERROR_OUTOFMEMORY;
RtlCreateAcl(pPipeDacl, ulLength, ACL_REVISION);
RtlAddAccessAllowedAce(pPipeDacl,
ACL_REVISION,
GENERIC_ALL,
pWorldSid);
return ERROR_SUCCESS;
}
@ -171,6 +202,9 @@ ScmFreeAcls(VOID)
if (pDefaultSacl != NULL)
RtlFreeHeap(RtlGetProcessHeap(), 0, pDefaultSacl);
if (pPipeDacl != NULL)
RtlFreeHeap(RtlGetProcessHeap(), 0, pPipeDacl);
}
@ -231,6 +265,56 @@ ScmFreeDefaultSD(VOID)
}
static
DWORD
ScmCreatePipeSD(VOID)
{
NTSTATUS Status;
/* Create the absolute security descriptor */
pPipeSD = RtlAllocateHeap(RtlGetProcessHeap(), HEAP_ZERO_MEMORY, sizeof(SECURITY_DESCRIPTOR));
if (pPipeSD == NULL)
return ERROR_OUTOFMEMORY;
DPRINT("pPipeSD %p\n", pDefaultSD);
Status = RtlCreateSecurityDescriptor(pPipeSD,
SECURITY_DESCRIPTOR_REVISION);
if (!NT_SUCCESS(Status))
return RtlNtStatusToDosError(Status);
Status = RtlSetOwnerSecurityDescriptor(pPipeSD,
pLocalSystemSid,
FALSE);
if (!NT_SUCCESS(Status))
return RtlNtStatusToDosError(Status);
Status = RtlSetGroupSecurityDescriptor(pPipeSD,
pLocalSystemSid,
FALSE);
if (!NT_SUCCESS(Status))
return RtlNtStatusToDosError(Status);
Status = RtlSetDaclSecurityDescriptor(pPipeSD,
TRUE,
pPipeDacl,
FALSE);
if (!NT_SUCCESS(Status))
return RtlNtStatusToDosError(Status);
return ERROR_SUCCESS;
}
static
VOID
ScmFreePipeSD(VOID)
{
if (pPipeSD != NULL)
RtlFreeHeap(RtlGetProcessHeap(), 0, pPipeSD);
}
DWORD
ScmCreateDefaultServiceSD(
PSECURITY_DESCRIPTOR *ppSecurityDescriptor)
@ -301,6 +385,10 @@ ScmInitializeSecurity(VOID)
if (dwError != ERROR_SUCCESS)
return dwError;
dwError = ScmCreatePipeSD();
if (dwError != ERROR_SUCCESS)
return dwError;
return ERROR_SUCCESS;
}
@ -308,6 +396,7 @@ ScmInitializeSecurity(VOID)
VOID
ScmShutdownSecurity(VOID)
{
ScmFreePipeSD();
ScmFreeDefaultSD();
ScmFreeAcls();
ScmFreeSids();

1
base/system/services/services.h
View file

@ -100,6 +100,7 @@ extern LIST_ENTRY GroupListHead;
extern LIST_ENTRY ImageListHead;
extern BOOL ScmInitialize;
extern BOOL ScmShutdown;
extern PSECURITY_DESCRIPTOR pPipeSD;
/* FUNCTIONS ***************************************************************/