Create the named pipe with R/W access for everyone. This enables VMware running without administrative privileges to connect to the service.

svn path=/trunk/tools/vmwaregateway/; revision=271
2024-11-23 03:19:49 +00:00 · 2007-06-29 21:43:18 +00:00 · 2007-06-29 21:43:18 +00:00 · 00a6573a32
commit 00a6573a32
parent a4b6633b0d
1 changed files with 158 additions and 1 deletions
--- a/vmwaregateway.cpp
+++ b/vmwaregateway.cpp
@ -36,11 +36,160 @@ const char* errServerBusy = "Server is currently connected\n";
 // verbose output - traces a lot
 BOOL verbose = FALSE;
 PSECURITY_DESCRIPTOR
 CreateVmwareGatewaySD(VOID)
 {
 	static SID_IDENTIFIER_AUTHORITY LocalSystemAuthority = {SECURITY_NT_AUTHORITY};
 	static SID_IDENTIFIER_AUTHORITY WorldAuthority = {SECURITY_WORLD_SID_AUTHORITY};
 	PSID LocalSystemSid = NULL;
 	PSID AdministratorsSid = NULL;
 	PSID EveryoneSid = NULL;
 	PACL Dacl;
 	DWORD DaclSize;
 	PSECURITY_DESCRIPTOR pSD = NULL;
 	/* create the SYSTEM, Administrators and Everyone SIDs */
 	if (!AllocateAndInitializeSid(&LocalSystemAuthority,
 	                              1,
 	                              SECURITY_LOCAL_SYSTEM_RID,
 	                              0,
 	                              0,
 	                              0,
 	                              0,
 	                              0,
 	                              0,
 	                              0,
 	                              &LocalSystemSid) ||
 	    !AllocateAndInitializeSid(&LocalSystemAuthority,
 	                              2,
 	                              SECURITY_BUILTIN_DOMAIN_RID,
 	                              DOMAIN_ALIAS_RID_ADMINS,
 	                              0,
 	                              0,
 	                              0,
 	                              0,
 	                              0,
 	                              0,
 	                              &AdministratorsSid) ||
 	    !AllocateAndInitializeSid(&WorldAuthority,
 	                              1,
 	                              SECURITY_WORLD_RID,
 	                              0,
 	                              0,
 	                              0,
 	                              0,
 	                              0,
 	                              0,
 	                              0,
 	                              &EveryoneSid))
 	{
 		printf("Failed initializing the SIDs for the default security descriptor (0x%p, 0x%p, 0x%p)\n",
 		        LocalSystemSid, AdministratorsSid, EveryoneSid);
 		goto Cleanup;
 	}
 	/* allocate the security descriptor and DACL */
 	DaclSize = sizeof(ACL) +
 	           ((GetLengthSid(LocalSystemSid) +
 	             GetLengthSid(AdministratorsSid) +
 	             GetLengthSid(EveryoneSid)) +
 	            (3 * FIELD_OFFSET(ACCESS_ALLOWED_ACE,
 	                              SidStart)));
 	pSD = (PSECURITY_DESCRIPTOR)LocalAlloc(LMEM_FIXED,
 	                                       (SIZE_T)DaclSize + sizeof(SECURITY_DESCRIPTOR));
 	if (pSD == NULL)
 	{
 		printf("Failed to allocate the default security descriptor and ACL\n");
 		goto Cleanup;
 	}
 	if (!InitializeSecurityDescriptor(pSD,
 	                                  SECURITY_DESCRIPTOR_REVISION))
 	{
 		printf("Failed to initialize the default security descriptor\n");
 		goto Cleanup;
 	}
 	/* initialize and build the DACL */
 	Dacl = (PACL)((ULONG_PTR)pSD + sizeof(SECURITY_DESCRIPTOR));
 	if (!InitializeAcl(Dacl,
 	                   (DWORD)DaclSize,
 	                   ACL_REVISION))
 	{
 		printf("Failed to initialize the DACL of the default security descriptor\n");
 		goto Cleanup;
 	}
 	/* add the SYSTEM Ace */
 	if (!AddAccessAllowedAce(Dacl,
 	                         ACL_REVISION,
 	                         FILE_GENERIC_READ | FILE_GENERIC_WRITE | FILE_GENERIC_EXECUTE,
 	                         LocalSystemSid))
 	{
 		printf("Failed to add the SYSTEM ACE\n");
 		goto Cleanup;
 	}
 	/* add the Administrators Ace */
 	if (!AddAccessAllowedAce(Dacl,
 	                         ACL_REVISION,
 	                         FILE_GENERIC_READ | FILE_GENERIC_WRITE | FILE_GENERIC_EXECUTE,
 	                         AdministratorsSid))
 	{
 		printf("Failed to add the Administrators ACE\n");
 		goto Cleanup;
 	}
 	/* add the Everyone Ace */
 	if (!AddAccessAllowedAce(Dacl,
 	                         ACL_REVISION,
 	                         FILE_GENERIC_READ | FILE_GENERIC_WRITE | FILE_GENERIC_EXECUTE,
 	                         EveryoneSid))
 	{
 		printf("Failed to add the Everyone ACE\n");
 		goto Cleanup;
 	}
 	/* set the DACL */
 	if (!SetSecurityDescriptorDacl(pSD,
 	                               TRUE,
 	                               Dacl,
 	                               FALSE))
 	{
 		printf("Failed to set the DACL of the default security descriptor\n");
 Cleanup:
 		if (pSD != NULL)
 		{
 			LocalFree((HLOCAL)pSD);
 			pSD = NULL;
 		}
 	}
 	if (LocalSystemSid != NULL)
 	{
 		FreeSid(LocalSystemSid);
 	}
 	if (AdministratorsSid != NULL)
 	{
 		FreeSid(AdministratorsSid);
 	}
 	if (EveryoneSid != NULL)
 	{
 		FreeSid(EveryoneSid);
 	}
 	return pSD;
 }
 // the central server loop
 void Server()
 {
 	WORD wVersionRequested;
 	WSADATA wsaData;
 	PSECURITY_DESCRIPTOR sd;
 	SECURITY_ATTRIBUTES sa;
 	wVersionRequested = MAKEWORD( 2, 2 );
 	// socket and pipe handles
@ -69,6 +218,12 @@ void Server()
 		return;
 	}
 	// create a suitable security descriptor
 	sd = CreateVmwareGatewaySD();
 	sa.nLength = sizeof(sa);
 	sa.lpSecurityDescriptor = sd;
 	sa.bInheritHandle = FALSE;
 	// first create the named pipe
 	pipe = CreateNamedPipe(PIPE_NAME, 
 		PIPE_ACCESS_DUPLEX | FILE_FLAG_OVERLAPPED,
@ -77,7 +232,9 @@ void Server()
 		100,
 		100,
 		NMPWAIT_WAIT_FOREVER,
-		NULL);
+		&sa);
 	if (sd != NULL)
 		LocalFree((HLOCAL)sd);
 	if (pipe == INVALID_HANDLE_VALUE) {
 		printf("Could not create named pipe (%d)\n", GetLastError());