Set low integrity on named-pipes. This bug was originally resolved as: https://bugzilla.redhat.com/show_bug.cgi?id=668980 Fixes regression: https://bugzilla.redhat.com/show_bug.cgi?id=844461 --- gtk/controller/Makefile.am | 2 + gtk/controller/spice-controller-listener.c | 3 +- gtk/controller/spice-foreign-menu-listener.c | 3 +- gtk/controller/win32-util.c | 111 +++++++++++++++++++++++++++ gtk/controller/win32-util.h | 30 ++++++++ 5 files changed, 147 insertions(+), 2 deletions(-) create mode 100644 gtk/controller/win32-util.c create mode 100644 gtk/controller/win32-util.h diff --git a/gtk/controller/Makefile.am b/gtk/controller/Makefile.am index 7bfa51b..f2abf93 100644 --- a/gtk/controller/Makefile.am +++ b/gtk/controller/Makefile.am @@ -56,6 +56,8 @@ libspice_controller_la_SOURCES += \ namedpipeconnection.h \ namedpipelistener.c \ namedpipelistener.h \ + win32-util.c \ + win32-util.h \ $(NULL) endif libspice_controller_la_LDFLAGS = \ diff --git a/gtk/controller/spice-controller-listener.c b/gtk/controller/spice-controller-listener.c index da1121e..0189848 100644 --- a/gtk/controller/spice-controller-listener.c +++ b/gtk/controller/spice-controller-listener.c @@ -25,6 +25,7 @@ #include <windows.h> #include "namedpipe.h" #include "namedpipelistener.h" +#include "win32-util.h" #endif #ifdef G_OS_UNIX @@ -89,7 +90,7 @@ spice_controller_listener_new (const gchar *address, GError **error) listener = G_OBJECT (spice_named_pipe_listener_new ()); - np = spice_named_pipe_new (addr, error); + np = spice_win32_user_pipe_new (addr, error); if (!np) { g_object_unref (listener); listener = NULL; diff --git a/gtk/controller/spice-foreign-menu-listener.c b/gtk/controller/spice-foreign-menu-listener.c index 8322a13..6693e21 100644 --- a/gtk/controller/spice-foreign-menu-listener.c +++ b/gtk/controller/spice-foreign-menu-listener.c @@ -25,6 +25,7 @@ #include <windows.h> #include "namedpipe.h" #include "namedpipelistener.h" +#include "win32-util.h" #endif #ifdef G_OS_UNIX @@ -91,7 +92,7 @@ spice_foreign_menu_listener_new (const gchar *address, GError **error) listener = G_OBJECT (spice_named_pipe_listener_new ()); - np = spice_named_pipe_new (addr, error); + np = spice_win32_user_pipe_new (addr, error); if (!np) { g_object_unref (listener); listener = NULL; diff --git a/gtk/controller/win32-util.c b/gtk/controller/win32-util.c new file mode 100644 index 0000000..4e3ec4c --- /dev/null +++ b/gtk/controller/win32-util.c @@ -0,0 +1,111 @@ +/* + Copyright (C) 2012 Red Hat, Inc. + + This library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + This library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with this library; if not, see <http://www.gnu.org/licenses/>. +*/ + +#include "win32-util.h" +#include <windows.h> +#include <sddl.h> +#include <aclapi.h> + +gboolean +spice_win32_set_low_integrity (void* handle, GError **error) +{ + g_return_val_if_fail (handle != NULL, FALSE); + g_return_val_if_fail (error == NULL || *error == NULL, FALSE); + + /* see also http://msdn.microsoft.com/en-us/library/bb625960.aspx */ + PSECURITY_DESCRIPTOR psd = NULL; + PACL psacl = NULL; + BOOL sacl_present = FALSE; + BOOL sacl_defaulted = FALSE; + char *emsg; + int errsv; + gboolean success = FALSE; + + if (!ConvertStringSecurityDescriptorToSecurityDescriptor ("S:(ML;;NW;;;LW)", + SDDL_REVISION_1, &psd, NULL)) + goto failed; + + if (!GetSecurityDescriptorSacl (psd, &sacl_present, &psacl, &sacl_defaulted)) + goto failed; + + if (SetSecurityInfo (handle, SE_KERNEL_OBJECT, LABEL_SECURITY_INFORMATION, + NULL, NULL, NULL, psacl) != ERROR_SUCCESS) + goto failed; + + success = TRUE; + goto end; + +failed: + errsv = GetLastError (); + emsg = g_win32_error_message (errsv); + g_set_error (error, G_IO_ERROR, + g_io_error_from_win32_error (errsv), + "Error setting integrity: %s", + emsg); + g_free (emsg); + +end: + if (psd != NULL) + LocalFree (psd); + + return success; +} +#define DEFAULT_PIPE_BUF_SIZE 4096 + +SpiceNamedPipe* +spice_win32_user_pipe_new (gchar *name, GError **error) +{ + HANDLE pipe; + SpiceNamedPipe *np = NULL; + + g_return_val_if_fail (name != NULL, NULL); + g_return_val_if_fail (error != NULL, NULL); + + pipe = CreateNamedPipe (name, + PIPE_ACCESS_DUPLEX | FILE_FLAG_OVERLAPPED | + /* FIXME: why is FILE_FLAG_FIRST_PIPE_INSTANCE needed for WRITE_DAC + * (apparently needed by SetSecurityInfo). This will prevent + * multiple pipe listener....?! */ + FILE_FLAG_FIRST_PIPE_INSTANCE | WRITE_DAC, + PIPE_TYPE_BYTE | PIPE_READMODE_BYTE | PIPE_WAIT, + PIPE_UNLIMITED_INSTANCES, + DEFAULT_PIPE_BUF_SIZE, DEFAULT_PIPE_BUF_SIZE, + 0, NULL); + + if (pipe == INVALID_HANDLE_VALUE) { + int errsv = GetLastError (); + gchar *emsg = g_win32_error_message (errsv); + + g_set_error (error, + G_IO_ERROR, + g_io_error_from_win32_error (errsv), + "Error CreateNamedPipe(): %s", + emsg); + + g_free (emsg); + goto end; + } + + if (!spice_win32_set_low_integrity (pipe, error)) + goto end; + + np = SPICE_NAMED_PIPE (g_initable_new (SPICE_TYPE_NAMED_PIPE, + NULL, error, "handle", pipe, NULL)); + +end: + return np; +} diff --git a/gtk/controller/win32-util.h b/gtk/controller/win32-util.h new file mode 100644 index 0000000..b24ac77 --- /dev/null +++ b/gtk/controller/win32-util.h @@ -0,0 +1,30 @@ +/* + Copyright (C) 2012 Red Hat, Inc. + + This library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + This library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with this library; if not, see <http://www.gnu.org/licenses/>. +*/ +#ifndef __WIN32_UTIL_H__ +#define __WIN32_UTIL_H__ + +#include <gio/gio.h> +#include "namedpipe.h" + +G_BEGIN_DECLS + +gboolean spice_win32_set_low_integrity (void* handle, GError **error); +SpiceNamedPipe* spice_win32_user_pipe_new (gchar *name, GError **error); + +G_END_DECLS + +#endif /* __WIN32_UTIL_H__ */ -- 1.7.11.7 _______________________________________________ Spice-devel mailing list Spice-devel@xxxxxxxxxxxxxxxxxxxxx http://lists.freedesktop.org/mailman/listinfo/spice-devel