Set low integrity on named-pipes.
This bug was originally resolved as:
https://bugzilla.redhat.com/show_bug.cgi?id=668980
Fixes regression:
https://bugzilla.redhat.com/show_bug.cgi?id=844461
---
gtk/controller/Makefile.am | 2 +
gtk/controller/spice-controller-listener.c | 3 +-
gtk/controller/spice-foreign-menu-listener.c | 3 +-
gtk/controller/win32-util.c | 111 +++++++++++++++++++++++++++
gtk/controller/win32-util.h | 30 ++++++++
5 files changed, 147 insertions(+), 2 deletions(-)
create mode 100644 gtk/controller/win32-util.c
create mode 100644 gtk/controller/win32-util.h
diff --git a/gtk/controller/Makefile.am b/gtk/controller/Makefile.am
index 7bfa51b..f2abf93 100644
--- a/gtk/controller/Makefile.am
+++ b/gtk/controller/Makefile.am
@@ -56,6 +56,8 @@ libspice_controller_la_SOURCES += \
namedpipeconnection.h \
namedpipelistener.c \
namedpipelistener.h \
+ win32-util.c \
+ win32-util.h \
$(NULL)
endif
libspice_controller_la_LDFLAGS = \
diff --git a/gtk/controller/spice-controller-listener.c b/gtk/controller/spice-controller-listener.c
index da1121e..0189848 100644
--- a/gtk/controller/spice-controller-listener.c
+++ b/gtk/controller/spice-controller-listener.c
@@ -25,6 +25,7 @@
#include <windows.h>
#include "namedpipe.h"
#include "namedpipelistener.h"
+#include "win32-util.h"
#endif
#ifdef G_OS_UNIX
@@ -89,7 +90,7 @@ spice_controller_listener_new (const gchar *address, GError **error)
listener = G_OBJECT (spice_named_pipe_listener_new ());
- np = spice_named_pipe_new (addr, error);
+ np = spice_win32_user_pipe_new (addr, error);
if (!np) {
g_object_unref (listener);
listener = NULL;
diff --git a/gtk/controller/spice-foreign-menu-listener.c b/gtk/controller/spice-foreign-menu-listener.c
index 8322a13..6693e21 100644
--- a/gtk/controller/spice-foreign-menu-listener.c
+++ b/gtk/controller/spice-foreign-menu-listener.c
@@ -25,6 +25,7 @@
#include <windows.h>
#include "namedpipe.h"
#include "namedpipelistener.h"
+#include "win32-util.h"
#endif
#ifdef G_OS_UNIX
@@ -91,7 +92,7 @@ spice_foreign_menu_listener_new (const gchar *address, GError **error)
listener = G_OBJECT (spice_named_pipe_listener_new ());
- np = spice_named_pipe_new (addr, error);
+ np = spice_win32_user_pipe_new (addr, error);
if (!np) {
g_object_unref (listener);
listener = NULL;
diff --git a/gtk/controller/win32-util.c b/gtk/controller/win32-util.c
new file mode 100644
index 0000000..4e3ec4c
--- /dev/null
+++ b/gtk/controller/win32-util.c
@@ -0,0 +1,111 @@
+/*
+ Copyright (C) 2012 Red Hat, Inc.
+
+ This library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ This library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with this library; if not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "win32-util.h"
+#include <windows.h>
+#include <sddl.h>
+#include <aclapi.h>
+
+gboolean
+spice_win32_set_low_integrity (void* handle, GError **error)
+{
+ g_return_val_if_fail (handle != NULL, FALSE);
+ g_return_val_if_fail (error == NULL || *error == NULL, FALSE);
+
+ /* see also http://msdn.microsoft.com/en-us/library/bb625960.aspx */
+ PSECURITY_DESCRIPTOR psd = NULL;
+ PACL psacl = NULL;
+ BOOL sacl_present = FALSE;
+ BOOL sacl_defaulted = FALSE;
+ char *emsg;
+ int errsv;
+ gboolean success = FALSE;
+
+ if (!ConvertStringSecurityDescriptorToSecurityDescriptor ("S:(ML;;NW;;;LW)",
+ SDDL_REVISION_1, &psd, NULL))
+ goto failed;
+
+ if (!GetSecurityDescriptorSacl (psd, &sacl_present, &psacl, &sacl_defaulted))
+ goto failed;
+
+ if (SetSecurityInfo (handle, SE_KERNEL_OBJECT, LABEL_SECURITY_INFORMATION,
+ NULL, NULL, NULL, psacl) != ERROR_SUCCESS)
+ goto failed;
+
+ success = TRUE;
+ goto end;
+
+failed:
+ errsv = GetLastError ();
+ emsg = g_win32_error_message (errsv);
+ g_set_error (error, G_IO_ERROR,
+ g_io_error_from_win32_error (errsv),
+ "Error setting integrity: %s",
+ emsg);
+ g_free (emsg);
+
+end:
+ if (psd != NULL)
+ LocalFree (psd);
+
+ return success;
+}
+#define DEFAULT_PIPE_BUF_SIZE 4096
+
+SpiceNamedPipe*
+spice_win32_user_pipe_new (gchar *name, GError **error)
+{
+ HANDLE pipe;
+ SpiceNamedPipe *np = NULL;
+
+ g_return_val_if_fail (name != NULL, NULL);
+ g_return_val_if_fail (error != NULL, NULL);
+
+ pipe = CreateNamedPipe (name,
+ PIPE_ACCESS_DUPLEX | FILE_FLAG_OVERLAPPED |
+ /* FIXME: why is FILE_FLAG_FIRST_PIPE_INSTANCE needed for WRITE_DAC
+ * (apparently needed by SetSecurityInfo). This will prevent
+ * multiple pipe listener....?! */
+ FILE_FLAG_FIRST_PIPE_INSTANCE | WRITE_DAC,
+ PIPE_TYPE_BYTE | PIPE_READMODE_BYTE | PIPE_WAIT,
+ PIPE_UNLIMITED_INSTANCES,
+ DEFAULT_PIPE_BUF_SIZE, DEFAULT_PIPE_BUF_SIZE,
+ 0, NULL);
+
+ if (pipe == INVALID_HANDLE_VALUE) {
+ int errsv = GetLastError ();
+ gchar *emsg = g_win32_error_message (errsv);
+
+ g_set_error (error,
+ G_IO_ERROR,
+ g_io_error_from_win32_error (errsv),
+ "Error CreateNamedPipe(): %s",
+ emsg);
+
+ g_free (emsg);
+ goto end;
+ }
+
+ if (!spice_win32_set_low_integrity (pipe, error))
+ goto end;
+
+ np = SPICE_NAMED_PIPE (g_initable_new (SPICE_TYPE_NAMED_PIPE,
+ NULL, error, "handle", pipe, NULL));
+
+end:
+ return np;
+}
diff --git a/gtk/controller/win32-util.h b/gtk/controller/win32-util.h
new file mode 100644
index 0000000..b24ac77
--- /dev/null
+++ b/gtk/controller/win32-util.h
@@ -0,0 +1,30 @@
+/*
+ Copyright (C) 2012 Red Hat, Inc.
+
+ This library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ This library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with this library; if not, see <http://www.gnu.org/licenses/>.
+*/
+#ifndef __WIN32_UTIL_H__
+#define __WIN32_UTIL_H__
+
+#include <gio/gio.h>
+#include "namedpipe.h"
+
+G_BEGIN_DECLS
+
+gboolean spice_win32_set_low_integrity (void* handle, GError **error);
+SpiceNamedPipe* spice_win32_user_pipe_new (gchar *name, GError **error);
+
+G_END_DECLS
+
+#endif /* __WIN32_UTIL_H__ */