[SERVICES] Use a proper security descriptor for the control pipes

author Eric Kohl <eric.kohl@reactos.org>

Sun, 4 Aug 2019 20:30:40 +0000 (22:30 +0200)

committer Eric Kohl <eric.kohl@reactos.org>

Sun, 4 Aug 2019 20:30:40 +0000 (22:30 +0200)
author Eric Kohl <eric.kohl@reactos.org>
Sun, 4 Aug 2019 20:30:40 +0000 (22:30 +0200)
committer Eric Kohl <eric.kohl@reactos.org>
Sun, 4 Aug 2019 20:30:40 +0000 (22:30 +0200)
diff --git a/base/system/services/database.c b/base/system/services/database.c

index 460b748..7c41c54 100644 (file)
--- a/base/system/services/database.c
+++ b/base/system/services/database.c
@@ -44,6 +44,7 @@ static DWORD
  ScmCreateNewControlPipe(PSERVICE_IMAGE pServiceImage)
  {
      WCHAR szControlPipeName[MAX_PATH + 1];
  ScmCreateNewControlPipe(PSERVICE_IMAGE pServiceImage)
  {
      WCHAR szControlPipeName[MAX_PATH + 1];
+    SECURITY_ATTRIBUTES SecurityAttributes;
      HKEY hServiceCurrentKey = INVALID_HANDLE_VALUE;
      DWORD ServiceCurrent = 0;
      DWORD KeyDisposition;
      HKEY hServiceCurrentKey = INVALID_HANDLE_VALUE;
      DWORD ServiceCurrent = 0;
      DWORD KeyDisposition;
@@ -97,6 +98,10 @@ ScmCreateNewControlPipe(PSERVICE_IMAGE pServiceImage)
  
      DPRINT("PipeName: %S\n", szControlPipeName);
  
  
      DPRINT("PipeName: %S\n", szControlPipeName);
  
+    SecurityAttributes.nLength = sizeof(SecurityAttributes);
+    SecurityAttributes.lpSecurityDescriptor = pPipeSD;
+    SecurityAttributes.bInheritHandle = FALSE;
+
      pServiceImage->hControlPipe = CreateNamedPipeW(szControlPipeName,
                                                     PIPE_ACCESS_DUPLEX | FILE_FLAG_OVERLAPPED,
                                                     PIPE_TYPE_MESSAGE | PIPE_READMODE_MESSAGE | PIPE_WAIT,
      pServiceImage->hControlPipe = CreateNamedPipeW(szControlPipeName,
                                                     PIPE_ACCESS_DUPLEX | FILE_FLAG_OVERLAPPED,
                                                     PIPE_TYPE_MESSAGE | PIPE_READMODE_MESSAGE | PIPE_WAIT,
@@ -104,7 +109,7 @@ ScmCreateNewControlPipe(PSERVICE_IMAGE pServiceImage)
                                                     8000,
                                                     4,
                                                     PipeTimeout,
                                                     8000,
                                                     4,
                                                     PipeTimeout,
-                                                   NULL);
+                                                   &SecurityAttributes);
      DPRINT("CreateNamedPipeW(%S) done\n", szControlPipeName);
      if (pServiceImage->hControlPipe == INVALID_HANDLE_VALUE)
      {
      DPRINT("CreateNamedPipeW(%S) done\n", szControlPipeName);
      if (pServiceImage->hControlPipe == INVALID_HANDLE_VALUE)
      {
diff --git a/base/system/services/security.c b/base/system/services/security.c

index b6a5469..b2639e9 100644 (file)
--- a/base/system/services/security.c
+++ b/base/system/services/security.c
@@ -14,14 +14,17 @@
  #include <debug.h>
  
  static PSID pNullSid = NULL;
  #include <debug.h>
  
  static PSID pNullSid = NULL;
+static PSID pWorldSid = NULL;
  static PSID pLocalSystemSid = NULL;
  static PSID pAuthenticatedUserSid = NULL;
  static PSID pAliasAdminsSid = NULL;
  
  static PACL pDefaultDacl = NULL;
  static PACL pDefaultSacl = NULL;
  static PSID pLocalSystemSid = NULL;
  static PSID pAuthenticatedUserSid = NULL;
  static PSID pAliasAdminsSid = NULL;
  
  static PACL pDefaultDacl = NULL;
  static PACL pDefaultSacl = NULL;
+static PACL pPipeDacl = NULL;
  
  static PSECURITY_DESCRIPTOR pDefaultSD = NULL;
  
  static PSECURITY_DESCRIPTOR pDefaultSD = NULL;
+PSECURITY_DESCRIPTOR pPipeSD = NULL;
  
  
  /* FUNCTIONS ****************************************************************/
  
  
  /* FUNCTIONS ****************************************************************/
@@ -33,6 +36,9 @@ ScmFreeSids(VOID)
      if (pNullSid != NULL)
          RtlFreeHeap(RtlGetProcessHeap(), 0, pNullSid);
  
      if (pNullSid != NULL)
          RtlFreeHeap(RtlGetProcessHeap(), 0, pNullSid);
  
+    if (pWorldSid != NULL)
+        RtlFreeHeap(RtlGetProcessHeap(), 0, pWorldSid);
+
      if (pLocalSystemSid != NULL)
          RtlFreeHeap(RtlGetProcessHeap(), 0, pLocalSystemSid);
  
      if (pLocalSystemSid != NULL)
          RtlFreeHeap(RtlGetProcessHeap(), 0, pLocalSystemSid);
  
@@ -41,7 +47,6 @@ ScmFreeSids(VOID)
  
      if (pAliasAdminsSid != NULL)
          RtlFreeHeap(RtlGetProcessHeap(), 0, pAliasAdminsSid);
  
      if (pAliasAdminsSid != NULL)
          RtlFreeHeap(RtlGetProcessHeap(), 0, pAliasAdminsSid);
-
  }
  
  
  }
  
  
@@ -66,6 +71,17 @@ ScmCreateSids(VOID)
      pSubAuthority = RtlSubAuthoritySid(pNullSid, 0);
      *pSubAuthority = SECURITY_NULL_RID;
  
      pSubAuthority = RtlSubAuthoritySid(pNullSid, 0);
      *pSubAuthority = SECURITY_NULL_RID;
  
+    /* Create the World SID */
+    pWorldSid = RtlAllocateHeap(RtlGetProcessHeap(), 0, ulLength1);
+    if (pWorldSid == NULL)
+    {
+        return ERROR_OUTOFMEMORY;
+    }
+
+    RtlInitializeSid(pWorldSid, &NullAuthority, 1);
+    pSubAuthority = RtlSubAuthoritySid(pWorldSid, 0);
+    *pSubAuthority = SECURITY_WORLD_RID;
+
      /* Create the LocalSystem SID */
      pLocalSystemSid = RtlAllocateHeap(RtlGetProcessHeap(), 0, ulLength1);
      if (pLocalSystemSid == NULL)
      /* Create the LocalSystem SID */
      pLocalSystemSid = RtlAllocateHeap(RtlGetProcessHeap(), 0, ulLength1);
      if (pLocalSystemSid == NULL)
@@ -158,6 +174,21 @@ ScmCreateAcls(VOID)
                           FALSE,
                           TRUE);
  
                           FALSE,
                           TRUE);
  
+    /* Create the pipe DACL */
+    ulLength = sizeof(ACL) +
+               (sizeof(ACE) + RtlLengthSid(pWorldSid));
+
+    pPipeDacl = RtlAllocateHeap(RtlGetProcessHeap(), HEAP_ZERO_MEMORY, ulLength);
+    if (pPipeDacl == NULL)
+        return ERROR_OUTOFMEMORY;
+
+    RtlCreateAcl(pPipeDacl, ulLength, ACL_REVISION);
+
+    RtlAddAccessAllowedAce(pPipeDacl,
+                           ACL_REVISION,
+                           GENERIC_ALL,
+                           pWorldSid);
+
      return ERROR_SUCCESS;
  }
  
      return ERROR_SUCCESS;
  }
  
@@ -171,6 +202,9 @@ ScmFreeAcls(VOID)
  
      if (pDefaultSacl != NULL)
          RtlFreeHeap(RtlGetProcessHeap(), 0, pDefaultSacl);
  
      if (pDefaultSacl != NULL)
          RtlFreeHeap(RtlGetProcessHeap(), 0, pDefaultSacl);
+
+    if (pPipeDacl != NULL)
+        RtlFreeHeap(RtlGetProcessHeap(), 0, pPipeDacl);
  }
  
  
  }
  
  
@@ -231,6 +265,56 @@ ScmFreeDefaultSD(VOID)
  }
  
  
  }
  
  
+static
+DWORD
+ScmCreatePipeSD(VOID)
+{
+    NTSTATUS Status;
+
+    /* Create the absolute security descriptor */
+    pPipeSD = RtlAllocateHeap(RtlGetProcessHeap(), HEAP_ZERO_MEMORY, sizeof(SECURITY_DESCRIPTOR));
+    if (pPipeSD == NULL)
+        return ERROR_OUTOFMEMORY;
+
+    DPRINT("pPipeSD %p\n", pDefaultSD);
+
+    Status = RtlCreateSecurityDescriptor(pPipeSD,
+                                         SECURITY_DESCRIPTOR_REVISION);
+    if (!NT_SUCCESS(Status))
+        return RtlNtStatusToDosError(Status);
+
+    Status = RtlSetOwnerSecurityDescriptor(pPipeSD,
+                                           pLocalSystemSid,
+                                           FALSE);
+    if (!NT_SUCCESS(Status))
+        return RtlNtStatusToDosError(Status);
+
+    Status = RtlSetGroupSecurityDescriptor(pPipeSD,
+                                           pLocalSystemSid,
+                                           FALSE);
+    if (!NT_SUCCESS(Status))
+        return RtlNtStatusToDosError(Status);
+
+    Status = RtlSetDaclSecurityDescriptor(pPipeSD,
+                                          TRUE,
+                                          pPipeDacl,
+                                          FALSE);
+    if (!NT_SUCCESS(Status))
+        return RtlNtStatusToDosError(Status);
+
+    return ERROR_SUCCESS;
+}
+
+
+static
+VOID
+ScmFreePipeSD(VOID)
+{
+    if (pPipeSD != NULL)
+        RtlFreeHeap(RtlGetProcessHeap(), 0, pPipeSD);
+}
+
+
  DWORD
  ScmCreateDefaultServiceSD(
      PSECURITY_DESCRIPTOR *ppSecurityDescriptor)
  DWORD
  ScmCreateDefaultServiceSD(
      PSECURITY_DESCRIPTOR *ppSecurityDescriptor)
@@ -301,6 +385,10 @@ ScmInitializeSecurity(VOID)
      if (dwError != ERROR_SUCCESS)
          return dwError;
  
      if (dwError != ERROR_SUCCESS)
          return dwError;
  
+    dwError = ScmCreatePipeSD();
+    if (dwError != ERROR_SUCCESS)
+        return dwError;
+
      return ERROR_SUCCESS;
  }
  
      return ERROR_SUCCESS;
  }
  
@@ -308,6 +396,7 @@ ScmInitializeSecurity(VOID)
  VOID
  ScmShutdownSecurity(VOID)
  {
  VOID
  ScmShutdownSecurity(VOID)
  {
+    ScmFreePipeSD();
      ScmFreeDefaultSD();
      ScmFreeAcls();
      ScmFreeSids();
      ScmFreeDefaultSD();
      ScmFreeAcls();
      ScmFreeSids();
diff --git a/base/system/services/services.h b/base/system/services/services.h

index 9297c7c..4a1a0c0 100644 (file)
--- a/base/system/services/services.h
+++ b/base/system/services/services.h
@@ -100,6 +100,7 @@ extern LIST_ENTRY GroupListHead;
  extern LIST_ENTRY ImageListHead;
  extern BOOL ScmInitialize;
  extern BOOL ScmShutdown;
  extern LIST_ENTRY ImageListHead;
  extern BOOL ScmInitialize;
  extern BOOL ScmShutdown;
+extern PSECURITY_DESCRIPTOR pPipeSD;
  
  
  /* FUNCTIONS ***************************************************************/
  
  
  /* FUNCTIONS ***************************************************************/
author	Eric Kohl <eric.kohl@reactos.org>
	Sun, 4 Aug 2019 20:30:40 +0000 (22:30 +0200)
committer	Eric Kohl <eric.kohl@reactos.org>
	Sun, 4 Aug 2019 20:30:40 +0000 (22:30 +0200)
base/system/services/database.c		patch \| blob \| history
base/system/services/security.c		patch \| blob \| history
base/system/services/services.h		patch \| blob \| history