Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2025-08-02 05:45:50 +00:00
Code Issues Projects Releases Packages Wiki Activity

[SERVICES] Use a proper security descriptor for the control pipes

Browse source
This commit is contained in:
Eric Kohl 2019-08-04 22:30:40 +02:00
parent b03d2b4d65
commit 8abbdd2808
3 changed files with 97 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

7
base/system/services/database.c
View file

@ -44,6 +44,7 @@ static DWORD
ScmCreateNewControlPipe(PSERVICE_IMAGE pServiceImage) ScmCreateNewControlPipe(PSERVICE_IMAGE pServiceImage)
{ {
WCHAR szControlPipeName[MAX_PATH + 1]; WCHAR szControlPipeName[MAX_PATH + 1];
SECURITY_ATTRIBUTES SecurityAttributes;
HKEY hServiceCurrentKey = INVALID_HANDLE_VALUE; HKEY hServiceCurrentKey = INVALID_HANDLE_VALUE;
DWORD ServiceCurrent = 0; DWORD ServiceCurrent = 0;
DWORD KeyDisposition; DWORD KeyDisposition;
@ -97,6 +98,10 @@ ScmCreateNewControlPipe(PSERVICE_IMAGE pServiceImage)
DPRINT("PipeName: %S\n", szControlPipeName); DPRINT("PipeName: %S\n", szControlPipeName);
SecurityAttributes.nLength = sizeof(SecurityAttributes);
SecurityAttributes.lpSecurityDescriptor = pPipeSD;
SecurityAttributes.bInheritHandle = FALSE;
pServiceImage->hControlPipe = CreateNamedPipeW(szControlPipeName, pServiceImage->hControlPipe = CreateNamedPipeW(szControlPipeName,
PIPE_ACCESS_DUPLEX | FILE_FLAG_OVERLAPPED, PIPE_ACCESS_DUPLEX | FILE_FLAG_OVERLAPPED,
PIPE_TYPE_MESSAGE | PIPE_READMODE_MESSAGE | PIPE_WAIT, PIPE_TYPE_MESSAGE | PIPE_READMODE_MESSAGE | PIPE_WAIT,
@ -104,7 +109,7 @@ ScmCreateNewControlPipe(PSERVICE_IMAGE pServiceImage)
8000, 8000,
4, 4,
PipeTimeout, PipeTimeout,
NULL); &SecurityAttributes);
DPRINT("CreateNamedPipeW(%S) done\n", szControlPipeName); DPRINT("CreateNamedPipeW(%S) done\n", szControlPipeName);
if (pServiceImage->hControlPipe == INVALID_HANDLE_VALUE) if (pServiceImage->hControlPipe == INVALID_HANDLE_VALUE)
{ {

91
base/system/services/security.c
View file

@ -14,14 +14,17 @@
#include <debug.h> #include <debug.h>
static PSID pNullSid = NULL; static PSID pNullSid = NULL;
static PSID pWorldSid = NULL;
static PSID pLocalSystemSid = NULL; static PSID pLocalSystemSid = NULL;
static PSID pAuthenticatedUserSid = NULL; static PSID pAuthenticatedUserSid = NULL;
static PSID pAliasAdminsSid = NULL; static PSID pAliasAdminsSid = NULL;
static PACL pDefaultDacl = NULL; static PACL pDefaultDacl = NULL;
static PACL pDefaultSacl = NULL; static PACL pDefaultSacl = NULL;
static PACL pPipeDacl = NULL;
static PSECURITY_DESCRIPTOR pDefaultSD = NULL; static PSECURITY_DESCRIPTOR pDefaultSD = NULL;
PSECURITY_DESCRIPTOR pPipeSD = NULL;
/* FUNCTIONS ****************************************************************/ /* FUNCTIONS ****************************************************************/
@ -33,6 +36,9 @@ ScmFreeSids(VOID)
if (pNullSid != NULL) if (pNullSid != NULL)
RtlFreeHeap(RtlGetProcessHeap(), 0, pNullSid); RtlFreeHeap(RtlGetProcessHeap(), 0, pNullSid);
if (pWorldSid != NULL)
RtlFreeHeap(RtlGetProcessHeap(), 0, pWorldSid);
if (pLocalSystemSid != NULL) if (pLocalSystemSid != NULL)
RtlFreeHeap(RtlGetProcessHeap(), 0, pLocalSystemSid); RtlFreeHeap(RtlGetProcessHeap(), 0, pLocalSystemSid);
@ -41,7 +47,6 @@ ScmFreeSids(VOID)
if (pAliasAdminsSid != NULL) if (pAliasAdminsSid != NULL)
RtlFreeHeap(RtlGetProcessHeap(), 0, pAliasAdminsSid); RtlFreeHeap(RtlGetProcessHeap(), 0, pAliasAdminsSid);
} }
@ -66,6 +71,17 @@ ScmCreateSids(VOID)
pSubAuthority = RtlSubAuthoritySid(pNullSid, 0); pSubAuthority = RtlSubAuthoritySid(pNullSid, 0);
*pSubAuthority = SECURITY_NULL_RID; *pSubAuthority = SECURITY_NULL_RID;
/* Create the World SID */
pWorldSid = RtlAllocateHeap(RtlGetProcessHeap(), 0, ulLength1);
if (pWorldSid == NULL)
{
return ERROR_OUTOFMEMORY;
}
RtlInitializeSid(pWorldSid, &NullAuthority, 1);
pSubAuthority = RtlSubAuthoritySid(pWorldSid, 0);
*pSubAuthority = SECURITY_WORLD_RID;
/* Create the LocalSystem SID */ /* Create the LocalSystem SID */
pLocalSystemSid = RtlAllocateHeap(RtlGetProcessHeap(), 0, ulLength1); pLocalSystemSid = RtlAllocateHeap(RtlGetProcessHeap(), 0, ulLength1);
if (pLocalSystemSid == NULL) if (pLocalSystemSid == NULL)
@ -158,6 +174,21 @@ ScmCreateAcls(VOID)
FALSE, FALSE,
TRUE); TRUE);
/* Create the pipe DACL */
ulLength = sizeof(ACL) +
(sizeof(ACE) + RtlLengthSid(pWorldSid));
pPipeDacl = RtlAllocateHeap(RtlGetProcessHeap(), HEAP_ZERO_MEMORY, ulLength);
if (pPipeDacl == NULL)
return ERROR_OUTOFMEMORY;
RtlCreateAcl(pPipeDacl, ulLength, ACL_REVISION);
RtlAddAccessAllowedAce(pPipeDacl,
ACL_REVISION,
GENERIC_ALL,
pWorldSid);
return ERROR_SUCCESS; return ERROR_SUCCESS;
} }
@ -171,6 +202,9 @@ ScmFreeAcls(VOID)
if (pDefaultSacl != NULL) if (pDefaultSacl != NULL)
RtlFreeHeap(RtlGetProcessHeap(), 0, pDefaultSacl); RtlFreeHeap(RtlGetProcessHeap(), 0, pDefaultSacl);
if (pPipeDacl != NULL)
RtlFreeHeap(RtlGetProcessHeap(), 0, pPipeDacl);
} }
@ -231,6 +265,56 @@ ScmFreeDefaultSD(VOID)
} }
static
DWORD
ScmCreatePipeSD(VOID)
{
NTSTATUS Status;
/* Create the absolute security descriptor */
pPipeSD = RtlAllocateHeap(RtlGetProcessHeap(), HEAP_ZERO_MEMORY, sizeof(SECURITY_DESCRIPTOR));
if (pPipeSD == NULL)
return ERROR_OUTOFMEMORY;
DPRINT("pPipeSD %p\n", pDefaultSD);
Status = RtlCreateSecurityDescriptor(pPipeSD,
SECURITY_DESCRIPTOR_REVISION);
if (!NT_SUCCESS(Status))
return RtlNtStatusToDosError(Status);
Status = RtlSetOwnerSecurityDescriptor(pPipeSD,
pLocalSystemSid,
FALSE);
if (!NT_SUCCESS(Status))
return RtlNtStatusToDosError(Status);
Status = RtlSetGroupSecurityDescriptor(pPipeSD,
pLocalSystemSid,
FALSE);
if (!NT_SUCCESS(Status))
return RtlNtStatusToDosError(Status);
Status = RtlSetDaclSecurityDescriptor(pPipeSD,
TRUE,
pPipeDacl,
FALSE);
if (!NT_SUCCESS(Status))
return RtlNtStatusToDosError(Status);
return ERROR_SUCCESS;
}
static
VOID
ScmFreePipeSD(VOID)
{
if (pPipeSD != NULL)
RtlFreeHeap(RtlGetProcessHeap(), 0, pPipeSD);
}
DWORD DWORD
ScmCreateDefaultServiceSD( ScmCreateDefaultServiceSD(
PSECURITY_DESCRIPTOR *ppSecurityDescriptor) PSECURITY_DESCRIPTOR *ppSecurityDescriptor)
@ -301,6 +385,10 @@ ScmInitializeSecurity(VOID)
if (dwError != ERROR_SUCCESS) if (dwError != ERROR_SUCCESS)
return dwError; return dwError;
dwError = ScmCreatePipeSD();
if (dwError != ERROR_SUCCESS)
return dwError;
return ERROR_SUCCESS; return ERROR_SUCCESS;
} }
@ -308,6 +396,7 @@ ScmInitializeSecurity(VOID)
VOID VOID
ScmShutdownSecurity(VOID) ScmShutdownSecurity(VOID)
{ {
ScmFreePipeSD();
ScmFreeDefaultSD(); ScmFreeDefaultSD();
ScmFreeAcls(); ScmFreeAcls();
ScmFreeSids(); ScmFreeSids();

1
base/system/services/services.h
View file

@ -100,6 +100,7 @@ extern LIST_ENTRY GroupListHead;
extern LIST_ENTRY ImageListHead; extern LIST_ENTRY ImageListHead;
extern BOOL ScmInitialize; extern BOOL ScmInitialize;
extern BOOL ScmShutdown; extern BOOL ScmShutdown;
extern PSECURITY_DESCRIPTOR pPipeSD;
/* FUNCTIONS ***************************************************************/ /* FUNCTIONS ***************************************************************/