Create the named pipe with R/W access for everyone. This enables VMware running without administrative privileges to connect to the service.

svn path=/trunk/tools/vmwaregateway/; revision=271
2024-11-23 03:19:49 +00:00 · 2007-06-29 21:43:18 +00:00 · 2007-06-29 21:43:18 +00:00 · 00a6573a32
commit 00a6573a32
parent a4b6633b0d
1 changed files with 158 additions and 1 deletions
--- a/vmwaregateway.cpp
+++ b/vmwaregateway.cpp
@ -36,11 +36,160 @@ const char* errServerBusy = "Server is currently connected\n";
 // verbose output - traces a lot
 BOOL verbose = FALSE;

+PSECURITY_DESCRIPTOR
+CreateVmwareGatewaySD(VOID)
+{
+	static SID_IDENTIFIER_AUTHORITY LocalSystemAuthority = {SECURITY_NT_AUTHORITY};
+	static SID_IDENTIFIER_AUTHORITY WorldAuthority = {SECURITY_WORLD_SID_AUTHORITY};
+	PSID LocalSystemSid = NULL;
+	PSID AdministratorsSid = NULL;
+	PSID EveryoneSid = NULL;
+	PACL Dacl;
+	DWORD DaclSize;
+	PSECURITY_DESCRIPTOR pSD = NULL;
+
+	/* create the SYSTEM, Administrators and Everyone SIDs */
+	if (!AllocateAndInitializeSid(&LocalSystemAuthority,
+	                              1,
+	                              SECURITY_LOCAL_SYSTEM_RID,
+	                              0,
+	                              0,
+	                              0,
+	                              0,
+	                              0,
+	                              0,
+	                              0,
+	                              &LocalSystemSid) ||
+	    !AllocateAndInitializeSid(&LocalSystemAuthority,
+	                              2,
+	                              SECURITY_BUILTIN_DOMAIN_RID,
+	                              DOMAIN_ALIAS_RID_ADMINS,
+	                              0,
+	                              0,
+	                              0,
+	                              0,
+	                              0,
+	                              0,
+	                              &AdministratorsSid) ||
+	    !AllocateAndInitializeSid(&WorldAuthority,
+	                              1,
+	                              SECURITY_WORLD_RID,
+	                              0,
+	                              0,
+	                              0,
+	                              0,
+	                              0,
+	                              0,
+	                              0,
+	                              &EveryoneSid))
+	{
+		printf("Failed initializing the SIDs for the default security descriptor (0x%p, 0x%p, 0x%p)\n",
+		        LocalSystemSid, AdministratorsSid, EveryoneSid);
+		goto Cleanup;
+	}
+
+	/* allocate the security descriptor and DACL */
+	DaclSize = sizeof(ACL) +
+	           ((GetLengthSid(LocalSystemSid) +
+	             GetLengthSid(AdministratorsSid) +
+	             GetLengthSid(EveryoneSid)) +
+	            (3 * FIELD_OFFSET(ACCESS_ALLOWED_ACE,
+	                              SidStart)));
+
+	pSD = (PSECURITY_DESCRIPTOR)LocalAlloc(LMEM_FIXED,
+	                                       (SIZE_T)DaclSize + sizeof(SECURITY_DESCRIPTOR));
+	if (pSD == NULL)
+	{
+		printf("Failed to allocate the default security descriptor and ACL\n");
+		goto Cleanup;
+	}
+
+	if (!InitializeSecurityDescriptor(pSD,
+	                                  SECURITY_DESCRIPTOR_REVISION))
+	{
+		printf("Failed to initialize the default security descriptor\n");
+		goto Cleanup;
+	}
+
+	/* initialize and build the DACL */
+	Dacl = (PACL)((ULONG_PTR)pSD + sizeof(SECURITY_DESCRIPTOR));
+	if (!InitializeAcl(Dacl,
+	                   (DWORD)DaclSize,
+	                   ACL_REVISION))
+	{
+		printf("Failed to initialize the DACL of the default security descriptor\n");
+		goto Cleanup;
+	}
+
+	/* add the SYSTEM Ace */
+	if (!AddAccessAllowedAce(Dacl,
+	                         ACL_REVISION,
+	                         FILE_GENERIC_READ | FILE_GENERIC_WRITE | FILE_GENERIC_EXECUTE,
+	                         LocalSystemSid))
+	{
+		printf("Failed to add the SYSTEM ACE\n");
+		goto Cleanup;
+	}
+
+	/* add the Administrators Ace */
+	if (!AddAccessAllowedAce(Dacl,
+	                         ACL_REVISION,
+	                         FILE_GENERIC_READ | FILE_GENERIC_WRITE | FILE_GENERIC_EXECUTE,
+	                         AdministratorsSid))
+	{
+		printf("Failed to add the Administrators ACE\n");
+		goto Cleanup;
+	}
+
+	/* add the Everyone Ace */
+	if (!AddAccessAllowedAce(Dacl,
+	                         ACL_REVISION,
+	                         FILE_GENERIC_READ | FILE_GENERIC_WRITE | FILE_GENERIC_EXECUTE,
+	                         EveryoneSid))
+	{
+		printf("Failed to add the Everyone ACE\n");
+		goto Cleanup;
+	}
+
+	/* set the DACL */
+	if (!SetSecurityDescriptorDacl(pSD,
+	                               TRUE,
+	                               Dacl,
+	                               FALSE))
+	{
+		printf("Failed to set the DACL of the default security descriptor\n");
+
+Cleanup:
+		if (pSD != NULL)
+		{
+			LocalFree((HLOCAL)pSD);
+			pSD = NULL;
+		}
+	}
+
+	if (LocalSystemSid != NULL)
+	{
+		FreeSid(LocalSystemSid);
+	}
+	if (AdministratorsSid != NULL)
+	{
+		FreeSid(AdministratorsSid);
+	}
+	if (EveryoneSid != NULL)
+	{
+		FreeSid(EveryoneSid);
+	}
+
+	return pSD;
+}
+
 // the central server loop
 void Server()
 {
 	WORD wVersionRequested;
 	WSADATA wsaData;
+	PSECURITY_DESCRIPTOR sd;
+	SECURITY_ATTRIBUTES sa;
 	wVersionRequested = MAKEWORD( 2, 2 );

 	// socket and pipe handles
@ -69,6 +218,12 @@ void Server()
 		return;
 	}

+	// create a suitable security descriptor
+	sd = CreateVmwareGatewaySD();
+	sa.nLength = sizeof(sa);
+	sa.lpSecurityDescriptor = sd;
+	sa.bInheritHandle = FALSE;
+
 	// first create the named pipe
 	pipe = CreateNamedPipe(PIPE_NAME, 
 		PIPE_ACCESS_DUPLEX | FILE_FLAG_OVERLAPPED,
@ -77,7 +232,9 @@ void Server()
 		100,
 		100,
 		NMPWAIT_WAIT_FOREVER,
-		NULL);
+		&sa);
+	if (sd != NULL)
+		LocalFree((HLOCAL)sd);
 	
 	if (pipe == INVALID_HANDLE_VALUE) {
 		printf("Could not create named pipe (%d)\n", GetLastError());