mirror of
https://github.com/reactos/vmwaregateway.git
synced 2024-11-26 21:00:34 +00:00
Create the named pipe with R/W access for everyone. This enables VMware running without administrative privileges to connect to the service.
svn path=/trunk/tools/vmwaregateway/; revision=271
This commit is contained in:
parent
a4b6633b0d
commit
00a6573a32
@ -36,11 +36,160 @@ const char* errServerBusy = "Server is currently connected\n";
|
||||
// verbose output - traces a lot
|
||||
BOOL verbose = FALSE;
|
||||
|
||||
PSECURITY_DESCRIPTOR
|
||||
CreateVmwareGatewaySD(VOID)
|
||||
{
|
||||
static SID_IDENTIFIER_AUTHORITY LocalSystemAuthority = {SECURITY_NT_AUTHORITY};
|
||||
static SID_IDENTIFIER_AUTHORITY WorldAuthority = {SECURITY_WORLD_SID_AUTHORITY};
|
||||
PSID LocalSystemSid = NULL;
|
||||
PSID AdministratorsSid = NULL;
|
||||
PSID EveryoneSid = NULL;
|
||||
PACL Dacl;
|
||||
DWORD DaclSize;
|
||||
PSECURITY_DESCRIPTOR pSD = NULL;
|
||||
|
||||
/* create the SYSTEM, Administrators and Everyone SIDs */
|
||||
if (!AllocateAndInitializeSid(&LocalSystemAuthority,
|
||||
1,
|
||||
SECURITY_LOCAL_SYSTEM_RID,
|
||||
0,
|
||||
0,
|
||||
0,
|
||||
0,
|
||||
0,
|
||||
0,
|
||||
0,
|
||||
&LocalSystemSid) ||
|
||||
!AllocateAndInitializeSid(&LocalSystemAuthority,
|
||||
2,
|
||||
SECURITY_BUILTIN_DOMAIN_RID,
|
||||
DOMAIN_ALIAS_RID_ADMINS,
|
||||
0,
|
||||
0,
|
||||
0,
|
||||
0,
|
||||
0,
|
||||
0,
|
||||
&AdministratorsSid) ||
|
||||
!AllocateAndInitializeSid(&WorldAuthority,
|
||||
1,
|
||||
SECURITY_WORLD_RID,
|
||||
0,
|
||||
0,
|
||||
0,
|
||||
0,
|
||||
0,
|
||||
0,
|
||||
0,
|
||||
&EveryoneSid))
|
||||
{
|
||||
printf("Failed initializing the SIDs for the default security descriptor (0x%p, 0x%p, 0x%p)\n",
|
||||
LocalSystemSid, AdministratorsSid, EveryoneSid);
|
||||
goto Cleanup;
|
||||
}
|
||||
|
||||
/* allocate the security descriptor and DACL */
|
||||
DaclSize = sizeof(ACL) +
|
||||
((GetLengthSid(LocalSystemSid) +
|
||||
GetLengthSid(AdministratorsSid) +
|
||||
GetLengthSid(EveryoneSid)) +
|
||||
(3 * FIELD_OFFSET(ACCESS_ALLOWED_ACE,
|
||||
SidStart)));
|
||||
|
||||
pSD = (PSECURITY_DESCRIPTOR)LocalAlloc(LMEM_FIXED,
|
||||
(SIZE_T)DaclSize + sizeof(SECURITY_DESCRIPTOR));
|
||||
if (pSD == NULL)
|
||||
{
|
||||
printf("Failed to allocate the default security descriptor and ACL\n");
|
||||
goto Cleanup;
|
||||
}
|
||||
|
||||
if (!InitializeSecurityDescriptor(pSD,
|
||||
SECURITY_DESCRIPTOR_REVISION))
|
||||
{
|
||||
printf("Failed to initialize the default security descriptor\n");
|
||||
goto Cleanup;
|
||||
}
|
||||
|
||||
/* initialize and build the DACL */
|
||||
Dacl = (PACL)((ULONG_PTR)pSD + sizeof(SECURITY_DESCRIPTOR));
|
||||
if (!InitializeAcl(Dacl,
|
||||
(DWORD)DaclSize,
|
||||
ACL_REVISION))
|
||||
{
|
||||
printf("Failed to initialize the DACL of the default security descriptor\n");
|
||||
goto Cleanup;
|
||||
}
|
||||
|
||||
/* add the SYSTEM Ace */
|
||||
if (!AddAccessAllowedAce(Dacl,
|
||||
ACL_REVISION,
|
||||
FILE_GENERIC_READ | FILE_GENERIC_WRITE | FILE_GENERIC_EXECUTE,
|
||||
LocalSystemSid))
|
||||
{
|
||||
printf("Failed to add the SYSTEM ACE\n");
|
||||
goto Cleanup;
|
||||
}
|
||||
|
||||
/* add the Administrators Ace */
|
||||
if (!AddAccessAllowedAce(Dacl,
|
||||
ACL_REVISION,
|
||||
FILE_GENERIC_READ | FILE_GENERIC_WRITE | FILE_GENERIC_EXECUTE,
|
||||
AdministratorsSid))
|
||||
{
|
||||
printf("Failed to add the Administrators ACE\n");
|
||||
goto Cleanup;
|
||||
}
|
||||
|
||||
/* add the Everyone Ace */
|
||||
if (!AddAccessAllowedAce(Dacl,
|
||||
ACL_REVISION,
|
||||
FILE_GENERIC_READ | FILE_GENERIC_WRITE | FILE_GENERIC_EXECUTE,
|
||||
EveryoneSid))
|
||||
{
|
||||
printf("Failed to add the Everyone ACE\n");
|
||||
goto Cleanup;
|
||||
}
|
||||
|
||||
/* set the DACL */
|
||||
if (!SetSecurityDescriptorDacl(pSD,
|
||||
TRUE,
|
||||
Dacl,
|
||||
FALSE))
|
||||
{
|
||||
printf("Failed to set the DACL of the default security descriptor\n");
|
||||
|
||||
Cleanup:
|
||||
if (pSD != NULL)
|
||||
{
|
||||
LocalFree((HLOCAL)pSD);
|
||||
pSD = NULL;
|
||||
}
|
||||
}
|
||||
|
||||
if (LocalSystemSid != NULL)
|
||||
{
|
||||
FreeSid(LocalSystemSid);
|
||||
}
|
||||
if (AdministratorsSid != NULL)
|
||||
{
|
||||
FreeSid(AdministratorsSid);
|
||||
}
|
||||
if (EveryoneSid != NULL)
|
||||
{
|
||||
FreeSid(EveryoneSid);
|
||||
}
|
||||
|
||||
return pSD;
|
||||
}
|
||||
|
||||
// the central server loop
|
||||
void Server()
|
||||
{
|
||||
WORD wVersionRequested;
|
||||
WSADATA wsaData;
|
||||
PSECURITY_DESCRIPTOR sd;
|
||||
SECURITY_ATTRIBUTES sa;
|
||||
wVersionRequested = MAKEWORD( 2, 2 );
|
||||
|
||||
// socket and pipe handles
|
||||
@ -69,6 +218,12 @@ void Server()
|
||||
return;
|
||||
}
|
||||
|
||||
// create a suitable security descriptor
|
||||
sd = CreateVmwareGatewaySD();
|
||||
sa.nLength = sizeof(sa);
|
||||
sa.lpSecurityDescriptor = sd;
|
||||
sa.bInheritHandle = FALSE;
|
||||
|
||||
// first create the named pipe
|
||||
pipe = CreateNamedPipe(PIPE_NAME,
|
||||
PIPE_ACCESS_DUPLEX | FILE_FLAG_OVERLAPPED,
|
||||
@ -77,7 +232,9 @@ void Server()
|
||||
100,
|
||||
100,
|
||||
NMPWAIT_WAIT_FOREVER,
|
||||
NULL);
|
||||
&sa);
|
||||
if (sd != NULL)
|
||||
LocalFree((HLOCAL)sd);
|
||||
|
||||
if (pipe == INVALID_HANDLE_VALUE) {
|
||||
printf("Could not create named pipe (%d)\n", GetLastError());
|
||||
|
Loading…
Reference in New Issue
Block a user