Public/winfsp
1
0
Fork 0
mirror of https://github.com/winfsp/winfsp.git synced 2025-07-04 01:42:58 -05:00
Code Issues Packages Projects Releases Wiki Activity

dll: FspCallNamedPipeSecurely replaces CallNamedPipeW

Browse Source
This commit is contained in:
Bill Zissimopoulos
2016-05-18 10:05:33 -07:00
parent fea92c4ae0
commit f7adbaba92
5 changed files with 131 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/launcher/launchctl.c
View File

@ -63,13 +63,15 @@ static void usage(void)
static int call_pipe_and_report(PWSTR PipeBuf, ULONG SendSize, ULONG RecvSize)
{
NTSTATUS Result;
DWORD LastError, BytesTransferred;
LastError = CallNamedPipeW(L"" LAUNCHER_PIPE_NAME, PipeBuf, SendSize, PipeBuf, RecvSize,
&BytesTransferred, NMPWAIT_USE_DEFAULT_WAIT) ? 0 : GetLastError();
Result = FspCallNamedPipeSecurely(L"" LAUNCHER_PIPE_NAME, PipeBuf, SendSize, PipeBuf, RecvSize,
&BytesTransferred, NMPWAIT_USE_DEFAULT_WAIT, LAUNCHER_PIPE_OWNER);
LastError = FspWin32FromNtStatus(Result);
if (0 != LastError)
warn("KO CallNamedPipeW = %ld", LastError);
warn("KO CallNamedPipe = %ld", LastError);
else if (sizeof(WCHAR) > BytesTransferred)
warn("KO launcher: empty buffer");
else if (LauncherSuccess == PipeBuf[0])

15
src/launcher/launcher.h
View File

@ -29,16 +29,13 @@
#define LAUNCHER_PIPE_DEFAULT_TIMEOUT 3000
/*
* The launcher named pipe SDDL gives full access to LocalSystem and Administrators.
* It also gives GENERIC_READ and GENERIC_WRITE access to Everyone. This includes the
* FILE_CREATE_PIPE_INSTANCE right which should not normally be granted to any process
* that is not the pipe server. The reason that the GENERIC_WRITE is required is to allow
* clients to use CallNamedPipeW which opens the pipe handle using CreateFileW and the
* GENERIC_READ | GENERIC_WRITE access right. The reason that it should be safe to grant
* the FILE_CREATE_PIPE_INSTANCE right is that the server creates the named pipe with
* MaxInstances == 1 (and therefore no client can create additional instances).
* The launcher named pipe SDDL gives full access to LocalSystem and Administrators and
* GENERIC_READ and FILE_WRITE_DATA access to Everyone. We are careful not to give the
* FILE_CREATE_PIPE_INSTANCE right to Everyone to disallow the creation of additional
* pipe instances.
*/
#define LAUNCHER_PIPE_SDDL "D:P(A;;GA;;;SY)(A;;GA;;;BA)(A;;GRGW;;;WD)"
#define LAUNCHER_PIPE_SDDL "O:SYG:SYD:P(A;;GA;;;SY)(A;;GA;;;BA)(A;;GRDCCR;;;WD)"
#define LAUNCHER_PIPE_OWNER ((PSID)WinLocalSystemSid)
/*
* The default service instance SDDL gives full access to LocalSystem and Administrators.