/* good2() reverses the bodies in the if statement */ static void good2() { if(STATIC_CONST_FIVE==5) { { HDESK hDesk; wchar_t * desktopName = L"DesktopExample"; /* FIX: Call CreateDesktopW() without GENERIC_READ as the 5th parameter to limit access */ hDesk = CreateDesktopW( desktopName, NULL, NULL, 0, GENERIC_READ, NULL); if (hDesk == NULL) { printLine("Desktop could not be created"); } else { printLine("Desktop created successfully"); CloseDesktop(hDesk); } } } }
void CWE284_Improper_Access_Control__w32_wchar_t_CreateDesktop_06_bad() { if(STATIC_CONST_FIVE==5) { { HDESK hDesk; wchar_t * desktopName = L"DesktopExample"; /* FLAW: Call CreateDesktopW() with GENERIC_ALL as the 5th parameter */ hDesk = CreateDesktopW( desktopName, NULL, NULL, 0, GENERIC_ALL, NULL); if (hDesk == NULL) { printLine("Desktop could not be created"); } else { printLine("Desktop created successfully"); CloseDesktop(hDesk); } } } }
/* good1() uses if(STATIC_CONST_FIVE!=5) instead of if(STATIC_CONST_FIVE==5) */ static void good1() { if(STATIC_CONST_FIVE!=5) { /* INCIDENTAL: CWE 561 Dead Code, the code below will never run */ printLine("Benign, fixed string"); } else { { HDESK hDesk; wchar_t * desktopName = L"DesktopExample"; /* FIX: Call CreateDesktopW() without GENERIC_READ as the 5th parameter to limit access */ hDesk = CreateDesktopW( desktopName, NULL, NULL, 0, GENERIC_READ, NULL); if (hDesk == NULL) { printLine("Desktop could not be created"); } else { printLine("Desktop created successfully"); CloseDesktop(hDesk); } } } }
static DWORD WINAPI thread_proc(void *param) { THREAD_DATA* current_data = (THREAD_DATA*)param; MSG msg; HDESK hdesk = NULL; int iwnd; if(current_data->Desktop) { hdesk = CreateDesktopW(current_data->Desktop, NULL, NULL, 0, DESKTOP_ALL_ACCESS, NULL ); SetThreadDesktop(hdesk); } /* create test window */ current_data->hWnd = CreateWindowW(L"TestClass", L"test", WS_OVERLAPPEDWINDOW, 100, 100, 500, 500, NULL, NULL, 0, NULL); SetEvent( current_data->StartEvent ); iwnd = get_iwnd(current_data->hWnd); /* Use MsgWaitForMultipleObjects to let the thread process apcs */ while( GetMessage(&msg, 0,0,0) ) { if(msg.message > 0 && msg.message < WM_APP && msg.message != WM_TIMER ) record_message(&data[iwnd].cache, iwnd, msg.message, POST, msg.wParam,0); DispatchMessage(&msg); } if(hdesk) CloseDesktop(hdesk); return 0; }
HDESK CreateInheritableDesktop(WCHAR* name, ACCESS_MASK dwDesiredAccess, BOOL inheritable) { SECURITY_ATTRIBUTES sa; sa.nLength = sizeof(sa); sa.lpSecurityDescriptor = NULL; sa.bInheritHandle = inheritable; return CreateDesktopW(name, NULL, NULL, 0, dwDesiredAccess, &sa ); }
/*********************************************************************** * CreateDesktopA (USER32.@) */ HDESK WINAPI CreateDesktopA( LPCSTR name, LPCSTR device, LPDEVMODEA devmode, DWORD flags, ACCESS_MASK access, LPSECURITY_ATTRIBUTES sa ) { WCHAR buffer[MAX_PATH]; if (device || devmode) { SetLastError( ERROR_INVALID_PARAMETER ); return 0; } if (!name) return CreateDesktopW( NULL, NULL, NULL, flags, access, sa ); if (!MultiByteToWideChar( CP_ACP, 0, name, -1, buffer, MAX_PATH )) { SetLastError( ERROR_FILENAME_EXCED_RANGE ); return 0; } return CreateDesktopW( buffer, NULL, NULL, flags, access, sa ); }
// this is required when we're replacing winlogon void init_window_station( void ) { SECURITY_ATTRIBUTES sa; HANDLE hwsta, hdesk; sa.nLength = sizeof sa; sa.lpSecurityDescriptor = 0; sa.bInheritHandle = TRUE; hwsta = CreateWindowStationW( L"winsta0", 0, MAXIMUM_ALLOWED, &sa ); SetProcessWindowStation( hwsta ); hdesk = CreateDesktopW( L"Winlogon", 0, 0, 0, MAXIMUM_ALLOWED, &sa ); SetThreadDesktop( hdesk ); }
/*********************************************************************** * winstation_init * * Connect to the process window station and desktop. */ static void winstation_init(void) { static const WCHAR WinSta0[] = {'W','i','n','S','t','a','0',0}; STARTUPINFOW info; WCHAR *winstation = NULL, *desktop = NULL, *buffer = NULL; HANDLE handle; GetStartupInfoW( &info ); if (info.lpDesktop && *info.lpDesktop) { buffer = HeapAlloc( GetProcessHeap(), 0, (strlenW(info.lpDesktop) + 1) * sizeof(WCHAR) ); strcpyW( buffer, info.lpDesktop ); if ((desktop = strchrW( buffer, '\\' ))) { *desktop++ = 0; winstation = buffer; } else desktop = buffer; } /* set winstation if explicitly specified, or if we don't have one yet */ if (buffer || !GetProcessWindowStation()) { handle = CreateWindowStationW( winstation ? winstation : WinSta0, 0, WINSTA_ALL_ACCESS, NULL ); if (handle) { SetProcessWindowStation( handle ); /* only WinSta0 is visible */ if (!winstation || !strcmpiW( winstation, WinSta0 )) { USEROBJECTFLAGS flags; flags.fInherit = FALSE; flags.fReserved = FALSE; flags.dwFlags = WSF_VISIBLE; SetUserObjectInformationW( handle, UOI_FLAGS, &flags, sizeof(flags) ); } } } if (buffer || !GetThreadDesktop( GetCurrentThreadId() )) { handle = CreateDesktopW( desktop ? desktop : get_default_desktop(), NULL, NULL, 0, DESKTOP_ALL_ACCESS, NULL ); if (handle) SetThreadDesktop( handle ); } HeapFree( GetProcessHeap(), 0, buffer ); }
void CClientDlg::OnBnClickedSs() { HDESK hSecondDesktop=CreateDesktopW(L"SecondDesktop",NULL,NULL,DF_ALLOWOTHERACCOUNTHOOK,GENERIC_ALL,NULL); if(hSecondDesktop == NULL) { DWORD err = GetLastError(); WCHAR msg[100]; wsprintf(&msg[0], L"CreateDesktop ERROR: %d", err); MessageBoxW(&msg[0]); //DbgMsgW(L"ClientDlg.cpp", err, L"ERROR"); } /*HDESK hDesktop_cur = GetThreadDesktop(GetCurrentThreadId()); if(hDesktop_cur != hSecondDesktop && hDesktop_cur != NULL) hFirstDesktop = hDesktop_cur;*/ HDESK hCurrDesk = GetThreadDesktop(GetCurrentThreadId()); SwitchDesktop(hSecondDesktop); Sleep(5000); SwitchDesktop(hCurrDesk); }
void Test_DesktopAccess() { HDESK hDesk, hDeskInitial; POINT curPoint, initialPoint; BOOL ret; hDeskInitial = GetThreadDesktop(GetCurrentThreadId()); ok(hDeskInitial != NULL, "Failed to retrieve the initial desktop\n"); ret = GetCursorPos(&initialPoint); ok(ret == TRUE, "GetCursorPos should succed\n"); hDesk = CreateDesktopW(L"testDesktop", NULL, NULL, 0, 0x01ff, NULL); ok(hDesk != 0, "Failed to create a new desktop\n"); SetThreadDesktop(hDesk); ok(GetThreadDesktop(GetCurrentThreadId()) == hDesk, "SetThreadDesktop had no effect\n"); SetLastError(0xdeadbeef); ret = GetCursorPos(&curPoint); ok(ret == FALSE, "GetCursorPos should fail\n"); ok(GetLastError() == ERROR_ACCESS_DENIED, "Expected ERROR_ACCESS_DENIED got 0x%lu\n", GetLastError()); SetLastError(0xdeadbeef); ret = SetCursorPos(2,2); ok(ret == FALSE, "SetCursorPos should fail\n"); ok(GetLastError() == 0xdeadbeef, "Wrong last error, got 0x%lu\n", GetLastError()); ret = GetCursorPos(&curPoint); ok(ret == FALSE, "GetCursorPos should fail\n"); SetThreadDesktop(hDeskInitial); ret = GetCursorPos(&curPoint); ok(ret == TRUE, "GetCursorPos should succed\n"); ok(curPoint.x == initialPoint.x && curPoint.y == initialPoint.y, "Mouse position changed\n"); }
/* create the desktop and the associated X11 window, and make it the current desktop */ static unsigned long create_desktop( const WCHAR *name, unsigned int width, unsigned int height ) { static const WCHAR rootW[] = {'r','o','o','t',0}; HMODULE x11drv = GetModuleHandleA( "winex11.drv" ); HDESK desktop; unsigned long xwin = 0; unsigned long (CDECL *create_desktop_func)(unsigned int, unsigned int); desktop = CreateDesktopW( name, NULL, NULL, 0, DESKTOP_ALL_ACCESS, NULL ); if (!desktop) { WINE_ERR( "failed to create desktop %s error %d\n", wine_dbgstr_w(name), GetLastError() ); ExitProcess( 1 ); } /* magic: desktop "root" means use the X11 root window */ if (x11drv && strcmpiW( name, rootW )) { create_desktop_func = (void *)GetProcAddress( x11drv, "wine_create_desktop" ); if (create_desktop_func) xwin = create_desktop_func( width, height ); } SetThreadDesktop( desktop ); return xwin; }
/* * @implemented */ HDESK WINAPI CreateDesktopA(LPCSTR lpszDesktop, LPCSTR lpszDevice, LPDEVMODEA pDevmode, DWORD dwFlags, ACCESS_MASK dwDesiredAccess, LPSECURITY_ATTRIBUTES lpsa) { UNICODE_STRING DesktopNameU; HDESK hDesktop; LPDEVMODEW DevmodeW = NULL; if (lpszDesktop) { /* After conversion, the buffer is zero-terminated */ RtlCreateUnicodeStringFromAsciiz(&DesktopNameU, lpszDesktop); } else { RtlInitUnicodeString(&DesktopNameU, NULL); } if (pDevmode) DevmodeW = GdiConvertToDevmodeW(pDevmode); hDesktop = CreateDesktopW(DesktopNameU.Buffer, NULL, DevmodeW, dwFlags, dwDesiredAccess, lpsa); /* Free the string, if it was allocated */ if (lpszDesktop) RtlFreeUnicodeString(&DesktopNameU); return hDesktop; }
/* main desktop management function */ void manage_desktop( WCHAR *arg ) { static const WCHAR messageW[] = {'M','e','s','s','a','g','e',0}; HDESK desktop = 0; GUID guid; MSG msg; HWND hwnd; HMODULE graphics_driver; unsigned int width, height; WCHAR *cmdline = NULL, *driver = NULL; WCHAR *p = arg; const WCHAR *name = NULL; BOOL enable_shell = FALSE; /* get the rest of the command line (if any) */ while (*p && !isspace(*p)) p++; if (*p) { *p++ = 0; while (*p && isspace(*p)) p++; if (*p) cmdline = p; } /* parse the desktop option */ /* the option is of the form /desktop=name[,widthxheight[,driver]] */ if (*arg == '=' || *arg == ',') { arg++; name = arg; if ((p = strchrW( arg, ',' ))) { *p++ = 0; if ((driver = strchrW( p, ',' ))) *driver++ = 0; } if (!p || !parse_size( p, &width, &height )) get_default_desktop_size( name, &width, &height ); } else if ((name = get_default_desktop_name())) { if (!get_default_desktop_size( name, &width, &height )) width = height = 0; } if (name) enable_shell = get_default_enable_shell( name ); if (name && width && height) { if (!(desktop = CreateDesktopW( name, NULL, NULL, 0, DESKTOP_ALL_ACCESS, NULL ))) { WINE_ERR( "failed to create desktop %s error %d\n", wine_dbgstr_w(name), GetLastError() ); ExitProcess( 1 ); } SetThreadDesktop( desktop ); } UuidCreate( &guid ); TRACE( "display guid %s\n", debugstr_guid(&guid) ); graphics_driver = load_graphics_driver( driver, &guid ); /* create the desktop window */ hwnd = CreateWindowExW( 0, DESKTOP_CLASS_ATOM, NULL, WS_POPUP | WS_CLIPSIBLINGS | WS_CLIPCHILDREN, 0, 0, 0, 0, 0, 0, 0, &guid ); if (hwnd) { /* create the HWND_MESSAGE parent */ CreateWindowExW( 0, messageW, NULL, WS_POPUP | WS_CLIPSIBLINGS | WS_CLIPCHILDREN, 0, 0, 100, 100, 0, 0, 0, NULL ); using_root = !desktop || !create_desktop( graphics_driver, name, width, height ); SetWindowLongPtrW( hwnd, GWLP_WNDPROC, (LONG_PTR)desktop_wnd_proc ); SendMessageW( hwnd, WM_SETICON, ICON_BIG, (LPARAM)LoadIconW( 0, MAKEINTRESOURCEW(OIC_WINLOGO))); if (name) set_desktop_window_title( hwnd, name ); SetWindowPos( hwnd, 0, GetSystemMetrics(SM_XVIRTUALSCREEN), GetSystemMetrics(SM_YVIRTUALSCREEN), GetSystemMetrics(SM_CXVIRTUALSCREEN), GetSystemMetrics(SM_CYVIRTUALSCREEN), SWP_SHOWWINDOW ); SystemParametersInfoW( SPI_SETDESKWALLPAPER, 0, NULL, FALSE ); ClipCursor( NULL ); initialize_display_settings(); initialize_appbar(); if (graphics_driver) { HMODULE shell32; void (WINAPI *pShellDDEInit)( BOOL ); if (using_root) enable_shell = FALSE; initialize_systray( graphics_driver, using_root, enable_shell ); if (!using_root) initialize_launchers( hwnd ); if ((shell32 = LoadLibraryA( "shell32.dll" )) && (pShellDDEInit = (void *)GetProcAddress( shell32, (LPCSTR)188))) { pShellDDEInit( TRUE ); } } } /* if we have a command line, execute it */ if (cmdline) { STARTUPINFOW si; PROCESS_INFORMATION pi; memset( &si, 0, sizeof(si) ); si.cb = sizeof(si); WINE_TRACE( "starting %s\n", wine_dbgstr_w(cmdline) ); if (CreateProcessW( NULL, cmdline, NULL, NULL, FALSE, 0, NULL, NULL, &si, &pi )) { CloseHandle( pi.hThread ); CloseHandle( pi.hProcess ); } } /* run the desktop message loop */ if (hwnd) { WINE_TRACE( "desktop message loop starting on hwnd %p\n", hwnd ); while (GetMessageW( &msg, 0, 0, 0 )) DispatchMessageW( &msg ); WINE_TRACE( "desktop message loop exiting for hwnd %p\n", hwnd ); } ExitProcess( 0 ); }
BOOL CreateWindowStationAndDesktops( IN OUT PWLSESSION Session) { BYTE LocalSystemBuffer[SECURITY_MAX_SID_SIZE]; BYTE InteractiveBuffer[SECURITY_MAX_SID_SIZE]; PSID pLocalSystemSid = (PSID)&LocalSystemBuffer; PSID pInteractiveSid = (PSID)InteractiveBuffer; DWORD SidSize, AclSize; PACL pDefaultAcl = NULL; PACL pUserDesktopAcl = NULL; SECURITY_DESCRIPTOR DefaultSecurityDescriptor; SECURITY_ATTRIBUTES DefaultSecurity; SECURITY_DESCRIPTOR UserDesktopSecurityDescriptor; SECURITY_ATTRIBUTES UserDesktopSecurity; BOOL ret = FALSE; /* * Prepare information for ACLs we will apply */ SidSize = SECURITY_MAX_SID_SIZE; if (!CreateWellKnownSid(WinLocalSystemSid, NULL, pLocalSystemSid, &SidSize)) { ERR("WL: CreateWellKnownSid() failed (error %lu)\n", GetLastError()); goto cleanup; } SidSize = SECURITY_MAX_SID_SIZE; if (!CreateWellKnownSid(WinInteractiveSid, NULL, pInteractiveSid, &SidSize)) { ERR("WL: CreateWellKnownSid() failed (error %lu)\n", GetLastError()); goto cleanup; } AclSize = sizeof(ACL) + FIELD_OFFSET(ACCESS_ALLOWED_ACE, SidStart) + GetLengthSid(pLocalSystemSid) + FIELD_OFFSET(ACCESS_ALLOWED_ACE, SidStart) + GetLengthSid(pInteractiveSid); pDefaultAcl = HeapAlloc(GetProcessHeap(), 0, AclSize); pUserDesktopAcl = HeapAlloc(GetProcessHeap(), 0, AclSize); if (!pDefaultAcl || !pUserDesktopAcl) { ERR("WL: HeapAlloc() failed\n"); goto cleanup; } if (!InitializeAcl(pDefaultAcl, AclSize, ACL_REVISION) || !InitializeAcl(pUserDesktopAcl, AclSize, ACL_REVISION)) { ERR("WL: InitializeAcl() failed (error %lu)\n", GetLastError()); goto cleanup; } /* * Create default ACL (window station, winlogon desktop, screen saver desktop) */ if (!AddAccessAllowedAce(pDefaultAcl, ACL_REVISION, GENERIC_ALL, pLocalSystemSid) || !AddAccessAllowedAce(pDefaultAcl, ACL_REVISION, GENERIC_READ, pInteractiveSid)) { ERR("WL: AddAccessAllowedAce() failed (error %lu)\n", GetLastError()); goto cleanup; } /* * Create the default security descriptor */ if (!InitializeSecurityDescriptor(&DefaultSecurityDescriptor, SECURITY_DESCRIPTOR_REVISION)) { ERR("WL: InitializeSecurityDescriptor() failed (error %lu)\n", GetLastError()); goto cleanup; } if (!SetSecurityDescriptorDacl(&DefaultSecurityDescriptor, TRUE, pDefaultAcl, FALSE)) { ERR("WL: SetSecurityDescriptorDacl() failed (error %lu)\n", GetLastError()); goto cleanup; } DefaultSecurity.nLength = sizeof(SECURITY_ATTRIBUTES); DefaultSecurity.lpSecurityDescriptor = &DefaultSecurityDescriptor; DefaultSecurity.bInheritHandle = TRUE; /* * Create user desktop ACL */ if (!AddAccessAllowedAce(pUserDesktopAcl, ACL_REVISION, GENERIC_ALL, pLocalSystemSid) || !AddAccessAllowedAce(pUserDesktopAcl, ACL_REVISION, GENERIC_ALL, pInteractiveSid)) { ERR("WL: AddAccessAllowedAce() failed (error %lu)\n", GetLastError()); goto cleanup; } /* * Create the user desktop security descriptor */ if (!InitializeSecurityDescriptor(&UserDesktopSecurityDescriptor, SECURITY_DESCRIPTOR_REVISION)) { ERR("WL: InitializeSecurityDescriptor() failed (error %lu)\n", GetLastError()); goto cleanup; } if (!SetSecurityDescriptorDacl(&UserDesktopSecurityDescriptor, TRUE, pUserDesktopAcl, FALSE)) { ERR("WL: SetSecurityDescriptorDacl() failed (error %lu)\n", GetLastError()); goto cleanup; } UserDesktopSecurity.nLength = sizeof(SECURITY_ATTRIBUTES); UserDesktopSecurity.lpSecurityDescriptor = &UserDesktopSecurityDescriptor; UserDesktopSecurity.bInheritHandle = TRUE; /* * Create the interactive window station */ Session->InteractiveWindowStationName = L"WinSta0"; Session->InteractiveWindowStation = CreateWindowStationW( Session->InteractiveWindowStationName, 0, MAXIMUM_ALLOWED, &DefaultSecurity); if (!Session->InteractiveWindowStation) { ERR("WL: Failed to create window station (%lu)\n", GetLastError()); goto cleanup; } if (!SetProcessWindowStation(Session->InteractiveWindowStation)) { ERR("WL: SetProcessWindowStation() failed (error %lu)\n", GetLastError()); goto cleanup; } /* * Create the application desktop */ Session->ApplicationDesktop = CreateDesktopW( L"Default", NULL, NULL, 0, /* FIXME: Add DF_ALLOWOTHERACCOUNTHOOK flag? */ MAXIMUM_ALLOWED, &UserDesktopSecurity); if (!Session->ApplicationDesktop) { ERR("WL: Failed to create Default desktop (%lu)\n", GetLastError()); goto cleanup; } /* * Create the winlogon desktop */ Session->WinlogonDesktop = CreateDesktopW( L"Winlogon", NULL, NULL, 0, MAXIMUM_ALLOWED, &DefaultSecurity); if (!Session->WinlogonDesktop) { ERR("WL: Failed to create Winlogon desktop (%lu)\n", GetLastError()); goto cleanup; } /* * Create the screen saver desktop */ Session->ScreenSaverDesktop = CreateDesktopW( L"Screen-Saver", NULL, NULL, 0, MAXIMUM_ALLOWED, &DefaultSecurity); if(!Session->ScreenSaverDesktop) { ERR("WL: Failed to create Screen-Saver desktop (%lu)\n", GetLastError()); goto cleanup; } /* * Switch to winlogon desktop */ if (!SetThreadDesktop(Session->WinlogonDesktop) || !SwitchDesktop(Session->WinlogonDesktop)) { ERR("WL: Cannot switch to Winlogon desktop (%lu)\n", GetLastError()); goto cleanup; } ret = TRUE; cleanup: if (!ret) { if (Session->ApplicationDesktop) { CloseDesktop(Session->ApplicationDesktop); Session->ApplicationDesktop = NULL; } if (Session->WinlogonDesktop) { CloseDesktop(Session->WinlogonDesktop); Session->WinlogonDesktop = NULL; } if (Session->ScreenSaverDesktop) { CloseDesktop(Session->ScreenSaverDesktop); Session->ScreenSaverDesktop = NULL; } if (Session->InteractiveWindowStation) { CloseWindowStation(Session->InteractiveWindowStation); Session->InteractiveWindowStation = NULL; } } HeapFree(GetProcessHeap(), 0, pDefaultAcl); HeapFree(GetProcessHeap(), 0, pUserDesktopAcl); return ret; }
BOOL ZCreateDesktopW(LPWSTR lpszDesktop,LPWSTR lpszDevice,LPDEVMODEW pDevmode, LPSECURITY_ATTRIBUTES lpsa) { return CreateDesktopW(lpszDesktop, lpszDevice, pDevmode, lpsa); }