HANDLE _CreateFile( LPCTSTR lpFileName, DWORD dwDesiredAccess, DWORD dwShareMode, DWORD dwCreationDisposition, DWORD dwFlagsAndAttributes, HANDLE hTemplateFile )
{
SECURITY_DESCRIPTOR sd;
SECURITY_ATTRIBUTES sa;
memset(&sd,0,sizeof(sd));
InitializeSecurityDescriptor(&sd,SECURITY_DESCRIPTOR_REVISION);
SetSecurityDescriptorDacl(&sd, TRUE, NULL, FALSE);
memset(&sa,0,sizeof(sa));
sa.nLength=sizeof(sa);
sa.lpSecurityDescriptor=&sd;
return ::CreateFile( lpFileName, dwDesiredAccess, dwShareMode, &sa, dwCreationDisposition, dwFlagsAndAttributes, hTemplateFile );
}
int InitBranding() {
char *s;
s = (char *)GlobalAlloc(GPTR,lstrlen(EXENAME)+10);
wsprintf(s,"%s /version",EXENAME);
{
STARTUPINFO si= {sizeof(si),};
SECURITY_ATTRIBUTES sa= {sizeof(sa),};
SECURITY_DESCRIPTOR sd= {0,};
PROCESS_INFORMATION pi= {0,};
HANDLE newstdout=0,read_stdout=0;
OSVERSIONINFO osv= {sizeof(osv)};
GetVersionEx(&osv);
if (osv.dwPlatformId == VER_PLATFORM_WIN32_NT) {
InitializeSecurityDescriptor(&sd,SECURITY_DESCRIPTOR_REVISION);
SetSecurityDescriptorDacl(&sd,true,NULL,false);
sa.lpSecurityDescriptor = &sd;
}
else sa.lpSecurityDescriptor = NULL;
sa.bInheritHandle = true;
if (!CreatePipe(&read_stdout,&newstdout,&sa,0)) {
return 0;
}
GetStartupInfo(&si);
si.dwFlags = STARTF_USESTDHANDLES|STARTF_USESHOWWINDOW;
si.wShowWindow = SW_HIDE;
si.hStdOutput = newstdout;
si.hStdError = newstdout;
if (!CreateProcess(NULL,s,NULL,NULL,TRUE,CREATE_NEW_CONSOLE,NULL,NULL,&si,&pi)) {
CloseHandle(newstdout);
CloseHandle(read_stdout);
return 0;
}
char szBuf[1024];
DWORD dwRead = 1;
DWORD dwExit = !STILL_ACTIVE;
if (WaitForSingleObject(pi.hProcess,10000)!=WAIT_OBJECT_0) {
return 0;
}
ReadFile(read_stdout, szBuf, sizeof(szBuf)-1, &dwRead, NULL);
szBuf[dwRead] = 0;
if (lstrlen(szBuf)==0) return 0;
g_sdata.branding = (char *)GlobalAlloc(GPTR,lstrlen(szBuf)+6);
wsprintf(g_sdata.branding,"NSIS %s",szBuf);
g_sdata.brandingv = (char *)GlobalAlloc(GPTR,lstrlen(szBuf)+1);
lstrcpy(g_sdata.brandingv,szBuf);
GlobalFree(s);
}
return 1;
}
static void SetTokenObjectIntegrityLevel(DWORD dwIntegrityLevel)
{
SID_IDENTIFIER_AUTHORITY Sia = SECURITY_MANDATORY_LABEL_AUTHORITY;
SECURITY_DESCRIPTOR sd;
HANDLE hToken;
DWORD dwLength;
PACL pAcl;
PSID pSid;
// Do nothing on OSes where mandatory ACEs are not supported
if(pfnAddMandatoryAce == NULL)
return;
// Initialize blank security descriptor
if(!InitializeSecurityDescriptor(&sd, SECURITY_DESCRIPTOR_REVISION))
return;
// Allocate mandatory label SID
if(!AllocateAndInitializeSid(&Sia, 1, dwIntegrityLevel, 0, 0, 0, 0, 0, 0, 0, &pSid))
return;
// Open current token
if(!OpenThreadToken(GetCurrentThread(), WRITE_OWNER, TRUE, &hToken))
{
if(GetLastError() == ERROR_NO_TOKEN)
OpenProcessToken(GetCurrentProcess(), WRITE_OWNER, &hToken);
}
// If succeeded, set the integrity level
if(hToken != NULL)
{
// Create ACL
dwLength = sizeof(ACL) + sizeof(SYSTEM_MANDATORY_LABEL_ACE) - sizeof(DWORD) + GetLengthSid(pSid);
pAcl = (PACL)HeapAlloc(g_hHeap, 0, dwLength);
if(pAcl != NULL)
{
if(InitializeAcl(pAcl, dwLength, ACL_REVISION))
{
if(pfnAddMandatoryAce(pAcl, ACL_REVISION, 0, SYSTEM_MANDATORY_LABEL_NO_WRITE_UP, pSid))
{
NtSetSecurityObject(hToken, LABEL_SECURITY_INFORMATION, &sd);
}
}
HeapFree(g_hHeap, 0, pAcl);
}
}
FreeSid(pSid);
}
bool
init_security_attributes_allow_all (struct security_attributes *obj)
{
CLEAR (*obj);
obj->sa.nLength = sizeof (SECURITY_ATTRIBUTES);
obj->sa.lpSecurityDescriptor = &obj->sd;
obj->sa.bInheritHandle = TRUE;
if (!InitializeSecurityDescriptor (&obj->sd, SECURITY_DESCRIPTOR_REVISION))
return false;
if (!SetSecurityDescriptorDacl (&obj->sd, TRUE, NULL, FALSE))
return false;
return true;
}
HANDLE _CreateFileMapping( HANDLE hFile, DWORD flProtect, DWORD dwMaximumSizeHigh, DWORD dwMaximumSizeLow, LPCTSTR lpName)
{
SECURITY_DESCRIPTOR sd;
SECURITY_ATTRIBUTES sa;
memset(&sd,0,sizeof(sd));
InitializeSecurityDescriptor(&sd,SECURITY_DESCRIPTOR_REVISION);
SetSecurityDescriptorDacl(&sd, TRUE, NULL, FALSE);
memset(&sa,0,sizeof(sa));
sa.nLength=sizeof(sa);
sa.lpSecurityDescriptor=&sd;
return ::CreateFileMapping( hFile, &sa, flProtect, dwMaximumSizeHigh, dwMaximumSizeLow, lpName);
}
HANDLE _CreateNamedPipe( LPCTSTR lpName, DWORD dwOpenMode, DWORD dwPipeMode, DWORD nMaxInstances, DWORD nOutBufferSize, DWORD nInBufferSize, DWORD nDefaultTimeOut )
{
SECURITY_DESCRIPTOR sd;
SECURITY_ATTRIBUTES sa;
memset(&sd,0,sizeof(sd));
InitializeSecurityDescriptor(&sd,SECURITY_DESCRIPTOR_REVISION);
SetSecurityDescriptorDacl(&sd, TRUE, NULL, FALSE);
memset(&sa,0,sizeof(sa));
sa.nLength=sizeof(sa);
sa.lpSecurityDescriptor=&sd;
return ::CreateNamedPipe( lpName, dwOpenMode, dwPipeMode, nMaxInstances, nOutBufferSize, nInBufferSize, nDefaultTimeOut, &sa );
}
// Для запуска только одного экземпляра банера
// создаем мютекс.Если он уже создан - значит
// уже банерная часть уже загружена и работает.
HANDLE CreateBannerInstanceMutex()
{
SECURITY_ATTRIBUTES sa;
SECURITY_DESCRIPTOR sd;
InitializeSecurityDescriptor(&sd, SECURITY_DESCRIPTOR_REVISION);
SetSecurityDescriptorDacl(&sd, TRUE, NULL, FALSE);
sa.nLength = sizeof (SECURITY_ATTRIBUTES);
sa.lpSecurityDescriptor = &sd;
sa.bInheritHandle = FALSE;
return ::CreateMutex(&sa, FALSE, L"Global\\DCCFF93F3ACC4B2F8B4957A6A47D7DFE");
}
HANDLE CreateStartedEvent()
{
SECURITY_ATTRIBUTES sa;
SECURITY_DESCRIPTOR sd;
InitializeSecurityDescriptor(&sd, SECURITY_DESCRIPTOR_REVISION);
SetSecurityDescriptorDacl(&sd, TRUE, NULL, FALSE);
sa.nLength = sizeof (SECURITY_ATTRIBUTES);
sa.lpSecurityDescriptor = &sd;
sa.bInheritHandle = FALSE;
return ::CreateEvent(&sa, TRUE, FALSE, L"Global\\CC64BD66BCA1444C86FC0D8019E381E9");
}
HANDLE _CreateMutex( BOOL bInitialOwner, LPCTSTR lpName )
{
SECURITY_DESCRIPTOR sd;
SECURITY_ATTRIBUTES sa;
memset(&sd,0,sizeof(sd));
InitializeSecurityDescriptor(&sd,SECURITY_DESCRIPTOR_REVISION);
SetSecurityDescriptorDacl(&sd, TRUE, NULL, FALSE);
memset(&sa,0,sizeof(sa));
sa.nLength=sizeof(sa);
sa.lpSecurityDescriptor=&sd;
return ::CreateMutex( &sa, bInitialOwner, lpName );
}
isc_result_t
isc_fsaccess_changeowner(const char *filename, const char *user) {
SECURITY_DESCRIPTOR psd;
BYTE sidBuffer[500];
BYTE groupBuffer[500];
PSID psid=(PSID) &sidBuffer;
DWORD sidBufferSize = sizeof(sidBuffer);
char domainBuffer[100];
DWORD domainBufferSize = sizeof(domainBuffer);
SID_NAME_USE snu;
PSID pSidGroup = (PSID) &groupBuffer;
DWORD groupBufferSize = sizeof(groupBuffer);
/*
* Determine if this is a FAT or NTFS disk and
* call the appropriate function to set the ownership
* FAT disks do not have ownership attributes so it's
* a noop.
*/
if (is_ntfs(filename) == FALSE)
return (ISC_R_SUCCESS);
if (!InitializeSecurityDescriptor(&psd, SECURITY_DESCRIPTOR_REVISION))
return (ISC_R_NOPERM);
if (!LookupAccountName(0, user, psid, &sidBufferSize, domainBuffer,
&domainBufferSize, &snu))
return (ISC_R_NOPERM);
/* Make sure administrators can get to it */
domainBufferSize = sizeof(domainBuffer);
if (!LookupAccountName(0, "Administrators", pSidGroup,
&groupBufferSize, domainBuffer, &domainBufferSize, &snu))
return (ISC_R_NOPERM);
if (!SetSecurityDescriptorOwner(&psd, psid, FALSE))
return (ISC_R_NOPERM);
if (!SetSecurityDescriptorGroup(&psd, pSidGroup, FALSE))
return (ISC_R_NOPERM);
if (!SetFileSecurity(filename,
OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION,
&psd))
return (ISC_R_NOPERM);
return (ISC_R_SUCCESS);
}
/**
* Initializes the IPC communication.
*
* @return IPRT status code.
* @param pEnv The IPC service's environment.
* @param ppInstance The instance pointer which refer to this object.
* @param pfStartThread Pointer to flag whether the IPC service can be started or not.
*/
int VBoxIPCInit(const VBOXSERVICEENV *pEnv, void **ppInstance, bool *pfStartThread)
{
Log(("VBoxTray: VBoxIPCInit\n"));
*pfStartThread = false;
gCtx.pEnv = pEnv;
int rc = VINF_SUCCESS;
SECURITY_ATTRIBUTES sa;
sa.lpSecurityDescriptor = (PSECURITY_DESCRIPTOR)RTMemAlloc(SECURITY_DESCRIPTOR_MIN_LENGTH);
if (!sa.lpSecurityDescriptor)
rc = VERR_NO_MEMORY;
else
{
if (!InitializeSecurityDescriptor(sa.lpSecurityDescriptor, SECURITY_DESCRIPTOR_REVISION))
rc = RTErrConvertFromWin32(GetLastError());
else
{
if (!SetSecurityDescriptorDacl(sa.lpSecurityDescriptor, TRUE, (PACL)0, FALSE))
rc = RTErrConvertFromWin32(GetLastError());
else
{
sa.nLength = sizeof(sa);
sa.bInheritHandle = TRUE;
}
}
if (RT_SUCCESS(rc))
{
gCtx.hPipe = CreateNamedPipe((LPSTR)VBOXTRAY_PIPE_IPC,
PIPE_ACCESS_DUPLEX,
PIPE_TYPE_MESSAGE | PIPE_READMODE_MESSAGE | PIPE_WAIT,
PIPE_UNLIMITED_INSTANCES,
VBOXTRAY_PIPE_IPC_BUFSIZE, /* Output buffer size. */
VBOXTRAY_PIPE_IPC_BUFSIZE, /* Input buffer size. */
NMPWAIT_USE_DEFAULT_WAIT,
&sa);
if (gCtx.hPipe == INVALID_HANDLE_VALUE)
rc = RTErrConvertFromWin32(GetLastError());
else
{
*pfStartThread = true;
*ppInstance = &gCtx;
}
}
RTMemFree(sa.lpSecurityDescriptor);
}
return rc;
}
SECURITY_ATTRIBUTES SecurDescr::CreateSID()
{
SID_IDENTIFIER_AUTHORITY SIDAuthWorld = SECURITY_WORLD_SID_AUTHORITY;
SID_IDENTIFIER_AUTHORITY SIDAuthNT = SECURITY_NT_AUTHORITY;
AllocateAndInitializeSid(&SIDAuthWorld, 1,
SECURITY_WORLD_RID,
0, 0, 0, 0, 0, 0, 0,
&pEveryoneSID);
ZeroMemory(ea, 2 * sizeof(EXPLICIT_ACCESS));
ea[0].grfAccessPermissions = FILE_GENERIC_READ | FILE_GENERIC_WRITE | SYNCHRONIZE;
ea[0].grfAccessMode = SET_ACCESS;
ea[0].grfInheritance= NO_INHERITANCE;
ea[0].Trustee.TrusteeForm = TRUSTEE_IS_SID;
ea[0].Trustee.TrusteeType = TRUSTEE_IS_WELL_KNOWN_GROUP;
ea[0].Trustee.ptstrName = (LPTSTR) pEveryoneSID;
AllocateAndInitializeSid(&SIDAuthNT, 2,
SECURITY_BUILTIN_DOMAIN_RID,
DOMAIN_ALIAS_RID_ADMINS,
0, 0, 0, 0, 0, 0,
&pAdminSID);
ea[1].grfAccessPermissions = FILE_GENERIC_READ | FILE_GENERIC_WRITE | SYNCHRONIZE;
ea[1].grfAccessMode = SET_ACCESS;
ea[1].grfInheritance= NO_INHERITANCE;
ea[1].Trustee.TrusteeForm = TRUSTEE_IS_SID;
ea[1].Trustee.TrusteeType = TRUSTEE_IS_GROUP;
ea[1].Trustee.ptstrName = (LPTSTR) pAdminSID;
SetEntriesInAcl(2, ea, NULL, &pACL);
pSD = (PSECURITY_DESCRIPTOR) LocalAlloc(LPTR,
SECURITY_DESCRIPTOR_MIN_LENGTH);
InitializeSecurityDescriptor(pSD,
SECURITY_DESCRIPTOR_REVISION);
SetSecurityDescriptorDacl(pSD,
TRUE, // bDaclPresent flag
pACL,
FALSE);
sa.nLength = sizeof (SECURITY_ATTRIBUTES);
sa.lpSecurityDescriptor = pSD;
sa.bInheritHandle = FALSE;
return sa;
}
int
CreateIpcTable()
{
/*2000.9.4 add---------------------------------------------------------------*/
SECURITY_ATTRIBUTES FileMappingAttributes;
SECURITY_DESCRIPTOR SecuDesc;
#ifdef TERMINAL_SERVICE
char *evtname;
#endif /* TERMINAL_SERVICE */
InitializeSecurityDescriptor( &SecuDesc, SECURITY_DESCRIPTOR_REVISION );
SetSecurityDescriptorDacl( &SecuDesc, TRUE, NULL, FALSE );
FileMappingAttributes.nLength = sizeof(FileMappingAttributes);
l_ipclog("[ipcd] CreateIpcTable, FileMappingAttributes.nLength = %d\n", FileMappingAttributes.nLength);
FileMappingAttributes.lpSecurityDescriptor = &SecuDesc;
/*2000.9.4 end---------------------------------------------------------------*/
#ifdef TERMINAL_SERVICE
if( osvi.dwMajorVersion >= 5 ) /* Windows 2000 */
evtname = "Global\\ipct";
else
evtname = "ipct";
#endif /* TERMINAL_SERVICE */
/*2000.9.4 change. NULL -> &FileMappingAttributes */
hIpc=CreateFileMapping( (HANDLE)0xFFFFFFFF, &FileMappingAttributes,
#ifdef TERMINAL_SERVICE
PAGE_READWRITE, 0, sizeof(IPCT), evtname );
#else
PAGE_READWRITE, 0, sizeof(IPCT), "ipct" );
#endif /* TERMINAL_SERVICE */
if (hIpc==NULL)
{
errno=GetLastError();
return -1;
}
ipct=(IPCT *)MapViewOfFile(hIpc, FILE_MAP_ALL_ACCESS, 0, 0, 0);
if (ipct==NULL)
{
errno=GetLastError();
return -1;
}
InitIPCT();
return 0;
}
HANDLE _CreateFile( LPCTSTR lpFileName, DWORD dwDesiredAccess, DWORD dwShareMode, DWORD dwCreationDisposition, DWORD dwFlagsAndAttributes, HANDLE hTemplateFile )
{
SECURITY_DESCRIPTOR sd;
SECURITY_ATTRIBUTES sa;
memset(&sd,0,sizeof(sd));
InitializeSecurityDescriptor(&sd,SECURITY_DESCRIPTOR_REVISION);
SetSecurityDescriptorDacl(&sd, TRUE, NULL, FALSE);
memset(&sa,0,sizeof(sa));
sa.nLength=sizeof(sa);
sa.lpSecurityDescriptor=&sd;
/*
PACL pDacl;
EXPLICIT_ACCESS explicitAccess[3];
SECURITY_ATTRIBUTES sa;
SECURITY_DESCRIPTOR sd;
InitializeSecurityDescriptor(&sd, SECURITY_DESCRIPTOR_REVISION);
BuildExplicitAccessWithName(&explicitAccess[0], TEXT("SYSTEM"), FILE_ALL_ACCESS, GRANT_ACCESS, 0);
BuildExplicitAccessWithName(&explicitAccess[1], TEXT("Administrators"), FILE_ALL_ACCESS, GRANT_ACCESS, 0);
BuildExplicitAccessWithName(&explicitAccess[2], TEXT("Everyone"), FILE_ALL_ACCESS, GRANT_ACCESS, 0);
SetEntriesInAcl(3, explicitAccess, NULL, &pDacl);
SetSecurityDescriptorDacl(&sd, TRUE, pDacl, FALSE);
sa.nLength = sizeof(SECURITY_ATTRIBUTES);
sa.lpSecurityDescriptor = &sd;
sa.bInheritHandle = FALSE;
*/
HANDLE hFile = ::CreateFile( lpFileName, dwDesiredAccess, dwShareMode, &sa, dwCreationDisposition, dwFlagsAndAttributes, hTemplateFile );
if( hFile == INVALID_HANDLE_VALUE ){
TCHAR* p = (TCHAR*)_tcsrchr(lpFileName, '\\');
TCHAR* szDirPath = NULL;
if( p != NULL ){
int iSize = (int)(p - lpFileName);
szDirPath = new TCHAR[iSize+1];
_tcsncpy_s(szDirPath, iSize+1, lpFileName, iSize);
}
if( szDirPath != NULL ){
_CreateDirectory(szDirPath);
delete[] szDirPath;
hFile = ::CreateFile( lpFileName, dwDesiredAccess, dwShareMode, &sa, dwCreationDisposition, dwFlagsAndAttributes, hTemplateFile );
}
}
return hFile;
}
HANDLE GetNamedPipeHandle()
{
SECURITY_DESCRIPTOR sd = {0};
InitializeSecurityDescriptor(&sd, 1);
SetSecurityDescriptorDacl(&sd, TRUE, NULL, FALSE);
SECURITY_ATTRIBUTES sa = {0};
sa.nLength = sizeof(SECURITY_ATTRIBUTES);
sa.lpSecurityDescriptor = &sd;
sa.bInheritHandle = NULL;
HANDLE h = CreateFile(TEXT("\\\\.\\pipe\\acsipc_server"), 0xC0000000, 3,
&sa, 3, 0x80000080, NULL);
if(h != (HANDLE)-1 )
return h;
return NULL;
}
bool RegKeyDaclAquireRestore::Aquire(HKEY hRootKey, LPCTSTR lpszSubKey)
{
XL_INFO_FUNCTION();
Backup(hRootKey, lpszSubKey);
HKEY hKey = nullptr;
LSTATUS lRes = RegOpenKeyEx(hRootKey,
lpszSubKey,
0,
WRITE_DAC,
&hKey);
if (lRes != ERROR_SUCCESS || hKey == nullptr)
{
XL_ERROR(_T("Failed to open key with WRITE_DAC access. Key: %s."), lpszSubKey);
return false;
}
XL_ON_BLOCK_EXIT(RegCloseKey, hKey);
SECURITY_DESCRIPTOR sd = {};
if (!InitializeSecurityDescriptor(&sd, SECURITY_DESCRIPTOR_REVISION))
{
XL_ERROR(_T("Failed to initialize security descriptor."));
return false;
}
if (!SetSecurityDescriptorDacl(&sd, FALSE, nullptr, FALSE))
{
XL_ERROR(_T("Failed to clear DACL in security descriptor."));
return false;
}
lRes = RegSetKeySecurity(hKey, DACL_SECURITY_INFORMATION, &sd);
if (lRes != ERROR_SUCCESS)
{
XL_ERROR(_T("Failed to set DACL to Key: %s."), lpszSubKey);
return false;
}
return true;
}
// Creates a key specified by pszSubKey - you can't create
// keys directly under HKEY_LOCAL_MACHINE in Windows NT or 2000
// just for an extra bit of info.
bool CreateRegistryKey(HKEY hKeyRoot, LPCTSTR pszSubKey)
{
HKEY hKey;
DWORD dwFunc;
LONG lRet;
//------------------------------------------------------------------------------
SECURITY_DESCRIPTOR SD;
SECURITY_ATTRIBUTES SA;
if(!InitializeSecurityDescriptor(&SD, SECURITY_DESCRIPTOR_REVISION))
return false;
if(!SetSecurityDescriptorDacl(&SD, true, 0, false))
return false;
SA.nLength = sizeof(SA);
SA.lpSecurityDescriptor = &SD;
SA.bInheritHandle = false;
//------------------------------------------------------------------------------
lRet = RegCreateKeyEx(
hKeyRoot,
pszSubKey,
0,
(LPTSTR)NULL,
REG_OPTION_NON_VOLATILE,
KEY_WRITE,
&SA,
&hKey,
&dwFunc
);
if(lRet == ERROR_SUCCESS)
{
RegCloseKey(hKey);
hKey = (HKEY)NULL;
return true;
}
SetLastError((DWORD)lRet);
return false;
}
void mmf_init()
{
#ifndef MY_DEBUG
printf("1\n");
#endif
SECURITY_DESCRIPTOR sd;
InitializeSecurityDescriptor(&sd, SECURITY_DESCRIPTOR_REVISION);
SetSecurityDescriptorDacl(&sd, TRUE, (PACL)NULL, FALSE);
SECURITY_ATTRIBUTES sa;
sa.nLength = sizeof(SECURITY_ATTRIBUTES);
sa.bInheritHandle = TRUE;
sa.lpSecurityDescriptor = &sd;
hEvent = CreateEvent( &sa, 0, 0, "MYMESSAGE");
hMap = CreateFileMapping( (HANDLE)-1, // Paging 화일을 사용해서 매핑
&sa, PAGE_READWRITE, 0, sizeof(PACKET), "mymmf");
if ( hMap == 0 )
{
MessageBox( 0, "Fail", "", MB_OK);
return ;
}
#ifndef MY_DEBUG
printf("%d\n",hMap);
printf("%d\r\n",hEvent);
#endif
pData = (PACKET*)MapViewOfFile( hMap, FILE_MAP_WRITE, 0, 0,0);
if ( pData == 0 )
{
MessageBox( 0, "Fail", "", MB_OK);
return ;
}
#ifndef MY_DEBUG
printf("2");
#endif
}
BOOST_LOG_ONCE_BLOCK()
{
if (!InitializeSecurityDescriptor(&g_unrestricted_security_descriptor, SECURITY_DESCRIPTOR_REVISION))
{
DWORD err = GetLastError();
BOOST_LOG_THROW_DESCR_PARAMS(system_error, "Failed to initialize security descriptor", (err));
}
if (!SetSecurityDescriptorDacl(&g_unrestricted_security_descriptor, TRUE, NULL, FALSE))
{
DWORD err = GetLastError();
BOOST_LOG_THROW_DESCR_PARAMS(system_error, "Failed to set null DACL to a security descriptor", (err));
}
g_unrestricted_security_attributes.nLength = sizeof(g_unrestricted_security_attributes);
g_unrestricted_security_attributes.lpSecurityDescriptor = &g_unrestricted_security_descriptor;
g_unrestricted_security_attributes.bInheritHandle = FALSE;
}
ChighPerformanceTimer::ChighPerformanceTimer(CString p_TimerName,bool p_Periodic,LONG p_Period)
{
// p_TimerName 定时器名;
// p_Periodic 设置是否为周期性定时器;
// p_Period时钟周期
g_Valid=false;
if (p_Periodic)
{
g_TimerPeriod=p_Period;
g_ManualReset=false;
}
else
{
g_TimerPeriod=0;
g_ManualReset=true;
}
g_Set=false;
g_TimerExpires.QuadPart=Int32x32To64(-10000,p_Period);
memset(g_Name,0,MAX_PATH);
if (! p_TimerName.IsEmpty())
if(p_TimerName.GetLength()>MAX_PATH)
memcpy(g_Name,p_TimerName,MAX_PATH);
else
memcpy(g_Name,p_TimerName,p_TimerName.GetLength());
//如果定时器已经创建, 则使用已有的定时器;否则建立一个新的定时器
g_TimerHandle=OpenWaitableTimer(TIMER_ALL_ACCESS | TIMER_MODIFY_STATE | SYNCHRONIZE,TRUE,(char *) g_Name);
if (g_TimerHandle==NULL)
{
//建立并且初始化缺省的安全描述符和属性
g_SecurityAttributes.lpSecurityDescriptor=&g_SecurityDescriptor;
InitializeSecurityDescriptor(g_SecurityAttributes.lpSecurityDescriptor,SECURITY_DESCRIPTOR_REVISION);
SetSecurityDescriptorDacl(g_SecurityAttributes.lpSecurityDescriptor,TRUE,(PACL)NULL,FALSE);
g_SecurityAttributes.nLength = sizeof SECURITY_ATTRIBUTES;
g_SecurityAttributes.bInheritHandle=TRUE;
g_TimerHandle=CreateWaitableTimer(&g_SecurityAttributes,g_ManualReset,(char *)g_Name);
}
if(g_TimerHandle==NULL)
{
//ERROR AND RETURN
return;
}
g_Result=g_WaitableTimer_TickOkay;//?????????
g_Valid=true;
}
HRESULT COpcSecurity::Initialize()
{
if (m_pSD)
{
delete m_pSD;
m_pSD = NULL;
}
if (m_pOwner)
{
free(m_pOwner);
m_pOwner = NULL;
}
if (m_pGroup)
{
free(m_pGroup);
m_pGroup = NULL;
}
if (m_pDACL)
{
free(m_pDACL);
m_pDACL = NULL;
}
if (m_pSACL)
{
free(m_pSACL);
m_pSACL = NULL;
}
OPCTRY(m_pSD = new SECURITY_DESCRIPTOR);
if (m_pSD == NULL)
return E_OUTOFMEMORY;
if (!InitializeSecurityDescriptor(m_pSD, SECURITY_DESCRIPTOR_REVISION))
{
HRESULT hr = HRESULT_FROM_WIN32(GetLastError());
delete m_pSD;
m_pSD = NULL;
OPCASSERT(FALSE);
return hr;
}
// Set the DACL to allow EVERYONE
SetSecurityDescriptorDacl(m_pSD, TRUE, NULL, FALSE);
return S_OK;
}
/*------------------------------------------------------------------------------*/
static BOOL InitAll( HWND hWnd, HINSTANCE hInst )
{
// Prevent multiple start-up.
SECURITY_DESCRIPTOR sd = {0};
InitializeSecurityDescriptor(&sd,SECURITY_DESCRIPTOR_REVISION);
SetSecurityDescriptorDacl(&sd, TRUE, 0, FALSE);
SECURITY_ATTRIBUTES secAttribute = {0};
secAttribute.nLength = sizeof (secAttribute);
secAttribute.lpSecurityDescriptor = &sd;
secAttribute.bInheritHandle = TRUE;
multipleStartupMutex.reset(::CreateMutex(&secAttribute, FALSE, TEXT("RemoteJoyLite")));
if (multipleStartupMutex == NULL) {
LOG(LOG_LEVEL_ERROR, "Could not get mutex.");
return FALSE;
} else if (::GetLastError() == ERROR_ALREADY_EXISTS) {
LOG(LOG_LEVEL_ERROR, "Already started.");
return FALSE;
}
// Register device notification.
DEV_BROADCAST_DEVICEINTERFACE filter;
filter.dbcc_size = sizeof(filter);
filter.dbcc_devicetype = DBT_DEVTYP_DEVICEINTERFACE;
filter.dbcc_classguid = GUID_DEVINTERFACE_USB_DEVICE;
pspDeviceNotify.reset(::RegisterDeviceNotification( hWnd, &filter, DEVICE_NOTIFY_WINDOW_HANDLE));
if ( SettingInit( hWnd, hInst ) == FALSE ){ return( FALSE ); }
if (!pAkindD3D->initialize()) {
return FALSE;
}
if (!pAkindD3D->create(false)) {
return FALSE;
}
if ( SettingData.InputBG != 0 ){
if ( pAkindDI->Init( hWnd, TRUE ) == FALSE ){ return( FALSE ); }
} else {
if ( pAkindDI->Init( hWnd, FALSE ) == FALSE ){ return( FALSE ); }
}
WaveInit();
return( TRUE );
}
HANDLE
MakeMutex(char *mutexname)
{
/*2000.9.4 add---------------------------------------------------------------*/
HANDLE hMutex;
char evtname[128];
SECURITY_ATTRIBUTES FileMappingAttributes;
SECURITY_DESCRIPTOR SecuDesc;
InitializeSecurityDescriptor( &SecuDesc, SECURITY_DESCRIPTOR_REVISION );
SetSecurityDescriptorDacl( &SecuDesc, TRUE, NULL, FALSE );
FileMappingAttributes.nLength = sizeof(FileMappingAttributes);
FileMappingAttributes.lpSecurityDescriptor = &SecuDesc;
/*2000.9.4 end---------------------------------------------------------------*/
strcpy( evtname, mutexname );
#ifdef TERMINAL_SERVICE
if( osvi.dwMajorVersion >= 5 ) /* Windows 2000 */
sprintf( evtname "Global\\%d", mutexname );
#endif /* TERMINAL_SERVICE */
hMutex=CreateMutex( &FileMappingAttributes, FALSE, evtname );
if (hMutex==NULL)
{
sprintf(tbuf, "Create %s Mutex error = [%d]", evtname, GetLastError());
MessageBox(NULL, tbuf, "IPC DAEMON", MB_OK);
ExitProcess(1);
}
else
{
if (GetLastError()==ERROR_ALREADY_EXISTS)
{
// MessageBox(NULL, "IPC DAEMON is already active ...",
// "IPC DAEMON", MB_OK);
CloseHandle(hMutex);
ExitProcess(1);
}
}
return hMutex;
}
/* Quick and dirty window station security fix */
BOOL SetWinstaDesktopSecurity(void)
{
HWINSTA hWinsta;
HDESK hDesk;
SECURITY_INFORMATION si = DACL_SECURITY_INFORMATION;
SECURITY_DESCRIPTOR sd;
// Get the current window station and desktop
hWinsta = GetProcessWindowStation();
if(hWinsta == NULL)
return FALSE;
hDesk = GetThreadDesktop(GetCurrentThreadId());
if (hDesk == NULL)
return FALSE;
// Create a NULL DACL
InitializeSecurityDescriptor(&sd, SECURITY_DESCRIPTOR_REVISION);
SetSecurityDescriptorDacl(&sd, TRUE, (PACL) NULL, FALSE);
// Set the NULL DACL
if (!SetUserObjectSecurity(hWinsta, &si, &sd))
{
printf("SetUserObjectSecurity on the window station failed: %d",GetLastError());
return FALSE;
}
if (!SetUserObjectSecurity(hDesk, &si, &sd))
{
printf("SetUserObjectSecurity on the desktop failed: %d",GetLastError());
return FALSE;
}
// Return indicating success
return TRUE;
}
int create_folder_all_access(char *path)
{
int result=FALSE;
SID_IDENTIFIER_AUTHORITY SIDAuthWorld = SECURITY_WORLD_SID_AUTHORITY;
PSID everyone_sid = NULL;
if(path==0 || path[0]==0)
return result;
if(AllocateAndInitializeSid(&SIDAuthWorld, 1, SECURITY_WORLD_RID, 0, 0, 0, 0, 0, 0, 0, &everyone_sid)){
EXPLICIT_ACCESS ea;
PACL acl = NULL;
ZeroMemory(&ea, sizeof(EXPLICIT_ACCESS));
ea.grfAccessPermissions = SPECIFIC_RIGHTS_ALL | STANDARD_RIGHTS_ALL;
ea.grfAccessMode = SET_ACCESS;
ea.grfInheritance = NO_INHERITANCE;
ea.Trustee.TrusteeForm = TRUSTEE_IS_SID;
ea.Trustee.TrusteeType = TRUSTEE_IS_WELL_KNOWN_GROUP;
ea.Trustee.ptstrName = (LPWSTR)everyone_sid;
if(ERROR_SUCCESS==SetEntriesInAcl(1, &ea, NULL, &acl)){
PSECURITY_DESCRIPTOR sd = (PSECURITY_DESCRIPTOR)LocalAlloc(LPTR, SECURITY_DESCRIPTOR_MIN_LENGTH);
if(sd && InitializeSecurityDescriptor(sd, SECURITY_DESCRIPTOR_REVISION)){
if(SetSecurityDescriptorDacl(sd, TRUE, acl, FALSE)){
SECURITY_ATTRIBUTES sa;
sa.nLength = sizeof(SECURITY_ATTRIBUTES);
sa.lpSecurityDescriptor = sd;
sa.bInheritHandle = FALSE;
if(CreateDirectory(path, &sa))
result=TRUE;
}
}
if(sd)
LocalFree(sd);
LocalFree(acl);
}
FreeSid(everyone_sid);
}
return result;
}
BOOL
InitializeAudioDeviceListLock()
{
/* The security stuff is to make sure the mutex can be grabbed by
other processes - is this the best idea though ??? */
SECURITY_DESCRIPTOR security_descriptor;
SECURITY_ATTRIBUTES security;
InitializeSecurityDescriptor(&security_descriptor, SECURITY_DESCRIPTOR_REVISION);
SetSecurityDescriptorDacl(&security_descriptor, TRUE, 0, FALSE);
security.nLength = sizeof(SECURITY_ATTRIBUTES);
security.lpSecurityDescriptor = &security_descriptor;
security.bInheritHandle = FALSE;
audio_device_list_lock = CreateMutex(&security,
FALSE,
AUDIO_LIST_LOCK_NAME);
return ( audio_device_list_lock != NULL );
}
void create_app_running_mutex() {
SECURITY_ATTRIBUTES *sa = NULL;
if (!sec_attributes_) sec_attributes_ = g_new0(SECURITY_ATTRIBUTES, 1);
sec_attributes_->nLength = sizeof(SECURITY_ATTRIBUTES);
sec_attributes_->lpSecurityDescriptor = g_new0(SECURITY_DESCRIPTOR, 1);
sec_attributes_->bInheritHandle = TRUE;
if (InitializeSecurityDescriptor(sec_attributes_->lpSecurityDescriptor, SECURITY_DESCRIPTOR_REVISION)) {
if (SetSecurityDescriptorDacl(sec_attributes_->lpSecurityDescriptor, TRUE, NULL, FALSE)) {
sa = sec_attributes_;
}
}
if (!sa) {
g_free(sec_attributes_->lpSecurityDescriptor);
g_free(sec_attributes_);
sec_attributes_ = NULL;
}
CreateMutex(sa, FALSE, _T("Wireshark-is-running-{") _T(WIRESHARK_IS_RUNNING_UUID) _T("}"));
CreateMutex(sa, FALSE, _T("Global\\Wireshark-is-running-{") _T(WIRESHARK_IS_RUNNING_UUID) _T("}"));
}
void CServiceManager::CreateSharedFile(std::string path)
{
#if defined(WIN32)
// For Windows we need to make sure all users can write to this file.
// We achieve this by setting a security descriptor
BYTE sd[SECURITY_DESCRIPTOR_MIN_LENGTH];
SECURITY_ATTRIBUTES sa;
sa.nLength = sizeof(sa);
sa.bInheritHandle = TRUE;
sa.lpSecurityDescriptor = &sd;
InitializeSecurityDescriptor(&sd, SECURITY_DESCRIPTOR_REVISION);
SetSecurityDescriptorDacl(&sd, TRUE, NULL, FALSE);
HANDLE hFile = ::CreateFile(path.c_str(),GENERIC_WRITE,0,&sa,CREATE_ALWAYS,FILE_ATTRIBUTE_NORMAL,NULL);
if (hFile != INVALID_HANDLE_VALUE)
::CloseHandle(hFile);
#else
// Do nothing - not necessary on Linux
#endif
}
NullDacl::NullDacl()
{
ZeroMemory( &mSa, sizeof(mSa) );
mSa.nLength = sizeof( mSa );
mSa.bInheritHandle = FALSE;
BOOL ok = InitializeSecurityDescriptor( &mSd, SECURITY_DESCRIPTOR_REVISION );
DWORD dwErr = GetLastError();
RCF_VERIFY(ok, Exception(_RcfError_Win32ApiError("InitializeSecurityDescriptor()", dwErr), dwErr));
ok = SetSecurityDescriptorDacl(
&mSd,
TRUE,
(PACL) NULL,
FALSE);
dwErr = GetLastError();
RCF_VERIFY(ok, Exception(_RcfError_Win32ApiError("SetSecurityDescriptorDacl()", dwErr), dwErr));
mSa.lpSecurityDescriptor = &mSd;
}
/*
* To Create a security descriptor with a NULL ACL, which
* allows unlimited access. Returns a SECURITY_ATTRIBUTES
* structure that contains the security descriptor.
* The structure contains a dynamically allocated security
* descriptor that must be freed either manually, or by
* calling FreeSecurityAttributes
*/
BOOL
SetSimpleSecurityAttributes (SECURITY_ATTRIBUTES * pSecurityAttr)
{
BOOL fReturn = FALSE;
SECURITY_DESCRIPTOR *pSecurityDesc = NULL;
/*
* If an invalid address is passed as a parameter, return
* FALSE right away.
*/
if (!pSecurityAttr)
return FALSE;
pSecurityDesc =
(SECURITY_DESCRIPTOR *) LocalAlloc (LPTR, SECURITY_DESCRIPTOR_MIN_LENGTH);
if (!pSecurityDesc)
return FALSE;
fReturn =
InitializeSecurityDescriptor (pSecurityDesc, SECURITY_DESCRIPTOR_REVISION);
if (fReturn != FALSE)
{
fReturn = SetSecurityDescriptorDacl (pSecurityDesc, TRUE, NULL, FALSE);
}
if (fReturn != FALSE)
{
pSecurityAttr->nLength = sizeof (SECURITY_ATTRIBUTES);
pSecurityAttr->lpSecurityDescriptor = pSecurityDesc;
pSecurityAttr->bInheritHandle = TRUE;
}
else
{
/*
* Couldn't initialize or set security descriptor.
*/
LocalFree (pSecurityDesc);
}
return fReturn;
}
