bool getsids(char **error)
{
#ifdef __clang__
#pragma clang diagnostic push
#pragma clang diagnostic ignored "-Wmissing-braces"
#endif
SID_IDENTIFIER_AUTHORITY world_auth = SECURITY_WORLD_SID_AUTHORITY;
SID_IDENTIFIER_AUTHORITY nt_auth = SECURITY_NT_AUTHORITY;
#ifdef __clang__
#pragma clang diagnostic pop
#endif
bool ret = false;
*error = NULL;
if (!usersid) {
if ((usersid = get_user_sid()) == NULL) {
*error = dupprintf("unable to construct SID for current user: %s",
win_strerror(GetLastError()));
goto cleanup;
}
}
if (!worldsid) {
if (!AllocateAndInitializeSid(&world_auth, 1, SECURITY_WORLD_RID,
0, 0, 0, 0, 0, 0, 0, &worldsid)) {
*error = dupprintf("unable to construct SID for world: %s",
win_strerror(GetLastError()));
goto cleanup;
}
}
if (!networksid) {
if (!AllocateAndInitializeSid(&nt_auth, 1, SECURITY_NETWORK_RID,
0, 0, 0, 0, 0, 0, 0, &networksid)) {
*error = dupprintf("unable to construct SID for "
"local same-user access only: %s",
win_strerror(GetLastError()));
goto cleanup;
}
}
ret = true;
cleanup:
return ret;
}
/*
* Sets the receive mode of the interface.
*/
int pkt_set_rcv_mode (int mode)
{
struct {
PACKET_OID_DATA oidData;
DWORD filter;
} oid;
BOOL rc;
const ADAPTER *adapter;
if (!_pkt_inf)
return (0);
adapter = (const ADAPTER*) _pkt_inf->adapter;
memset (&oid, 0, sizeof(oid));
oid.oidData.Oid = OID_GEN_CURRENT_PACKET_FILTER;
oid.oidData.Length = sizeof(oid.filter);
*(DWORD*)oid.oidData.Data = mode;
rc = PacketRequest (adapter, TRUE, &oid.oidData);
if (rc)
_pkt_rxmode = mode;
else _pkt_errno = GetLastError();
TCP_CONSOLE_MSG (2, ("pkt_set_rcv_mode(); mode 0x%02X, rc %d; %s\n",
mode, rc, !rc ? win_strerror(GetLastError()) : "okay"));
return (rc);
}
/*
* Canonize file and paths names. E.g. convert this:
* g:\mingw32\bin\../lib/gcc/x86_64-w64-mingw32/4.8.1/include
* into something more readable:
* g:\mingw32\lib\gcc\x86_64-w64-mingw32\4.8.1\include
*
* I.e. turns 'path' into a fully-qualified path.
*
* Note: the 'path' doesn't have to exist.
* assumes 'result' is at least '_MAX_PATH' characters long (if non-NULL).
*/
char *_fixpath (const char *path, char *result)
{
if (!path || !*path)
{
DEBUGF (1, "given a bogus 'path'\n");
errno = EINVAL;
return (NULL);
}
if (!result)
result = CALLOC (_MAX_PATH, 1);
/* GetFullPathName() doesn't seems to handle
* '/' in 'path'. Convert to '\\'.
* Note: the 'result' file or path may not exists.
* Use 'FILE_EXISTS()' to test.
*
* to-do: maybe use GetLongPathName()?
*/
path = slashify (path, '\\');
if (!GetFullPathName(path, _MAX_PATH, result, NULL))
{
DEBUGF (2, "GetFullPathName(\"%s\") failed: %s\n",
path, win_strerror(GetLastError()));
_strlcpy (result, path, _MAX_PATH);
}
return (result);
}
int getsids(char *error)
{
SID_IDENTIFIER_AUTHORITY world_auth = SECURITY_WORLD_SID_AUTHORITY;
SID_IDENTIFIER_AUTHORITY nt_auth = SECURITY_NT_AUTHORITY;
int ret;
error=NULL;
if (!usersid) {
if ((usersid = get_user_sid()) == NULL) {
error = dupprintf("unable to construct SID for current user: %s",
win_strerror(GetLastError()));
goto cleanup;
}
}
if (!worldsid) {
if (!AllocateAndInitializeSid(&world_auth, 1, SECURITY_WORLD_RID,
0, 0, 0, 0, 0, 0, 0, &worldsid)) {
error = dupprintf("unable to construct SID for world: %s",
win_strerror(GetLastError()));
goto cleanup;
}
}
if (!networksid) {
if (!AllocateAndInitializeSid(&nt_auth, 1, SECURITY_NETWORK_RID,
0, 0, 0, 0, 0, 0, 0, &networksid)) {
error = dupprintf("unable to construct SID for "
"local same-user access only: %s",
win_strerror(GetLastError()));
goto cleanup;
}
}
ret=TRUE;
cleanup:
if (ret) {
sfree(error);
error = NULL;
}
return ret;
}
int pkt_release (void)
{
ADAPTER *adapter;
DWORD status = 1;
if (!_pkt_inf || _watt_fatal_error)
return (0);
adapter = (ADAPTER*) _pkt_inf->adapter;
TCP_CONSOLE_MSG (2, ("pkt_release(): adapter %08lX\n", (DWORD)adapter));
if (adapter && adapter != INVALID_HANDLE_VALUE)
{
/* Don't close the adapter before telling the thread about it.
*/
if (_pkt_inf->recv_thread)
{
FILETIME ctime, etime, ktime, utime;
DWORD err = 0;
_pkt_inf->stop_thread = TRUE;
SetEvent (adapter->ReadEvent);
Sleep (50);
GetExitCodeThread (_pkt_inf->recv_thread, &status);
if (status == STILL_ACTIVE)
TCP_CONSOLE_MSG (2, ("pkt_release(): killing thread.\n"));
else TCP_CONSOLE_MSG (2, ("pkt_release(): thread exit code %lu.\n",
status));
if (!GetThreadTimes (_pkt_inf->recv_thread, &ctime, &etime, &ktime, &utime))
err = GetLastError();
TerminateThread (_pkt_inf->recv_thread, 1);
CloseHandle (_pkt_inf->recv_thread);
if (err)
TCP_CONSOLE_MSG (2, (" GetThreadTime() %s, ", win_strerror(err)));
TCP_CONSOLE_MSG (2, (" kernel time %.6fs, user time %.6fs\n",
filetime_sec(&ktime), filetime_sec(&utime)));
}
PacketCloseAdapter (adapter);
_pkt_inf->adapter = NULL;
}
DO_FREE (_pkt_inf->npf_buf);
DO_FREE (_pkt_inf);
PacketInitModule (FALSE, dump_file);
if (dump_file)
fclose (dump_file);
dump_file = NULL;
return (int) status;
}
/*
* NDIS has the annoying feature (?) of looping packets we send in
* NDIS_PACKET_TYPE_ALL_LOCAL mode (the default?). Disable it, but
* doesn't seem to have any effect yet. Maybe need to use a BPF filter?
*
* No need when using RXMODE_DEFAULT (9).
*/
static BOOL ndis_set_loopback (BOOL enable)
{
struct {
PACKET_OID_DATA oidData;
DWORD options;
} oid;
const ADAPTER *adapter;
BOOL rc;
DWORD options;
DWORD gen_oid = OID_GEN_MAC_OPTIONS;
DWORD opt_bit = NDIS_MAC_OPTION_NO_LOOPBACK;
if (!_pkt_inf)
return (FALSE);
adapter = (const ADAPTER*) _pkt_inf->adapter;
memset (&oid, 0, sizeof(oid));
oid.oidData.Oid = gen_oid;
oid.oidData.Length = sizeof(oid.options);
/* Get current MAC/protocol options
*/
rc = PacketRequest (adapter, FALSE, &oid.oidData);
options = *(DWORD*) &oid.oidData.Data;
TCP_CONSOLE_MSG (2, ("ndis_set_loopback(); rc %d, options 0x%02lX; %s\n",
rc, options, !rc ? win_strerror(GetLastError()) : "okay"));
if (enable)
options &= ~opt_bit;
else options |= opt_bit;
/* Set it back
*/
memset (&oid, 0, sizeof(oid));
oid.oidData.Oid = gen_oid;
oid.oidData.Length = sizeof(oid.options);
*(DWORD*) &oid.oidData.Data = options;
rc = PacketRequest (adapter, TRUE, &oid.oidData);
TCP_CONSOLE_MSG (2, ("ndis_set_loopback(); rc %d; %s\n",
rc, !rc ? win_strerror(GetLastError()) : "okay"));
return (rc);
}
/*
* Return the MAC address.
*/
int pkt_get_addr (mac_address *eth)
{
mac_address mac;
if (get_perm_mac_address(&mac))
{
memcpy (eth, &mac, sizeof(*eth));
return (1);
}
TCP_CONSOLE_MSG (2, ("Failed to get our MAC address; %s\n",
win_strerror(GetLastError())));
return (0);
}
static void handle_sentdata(struct handle *h, int new_backlog)
{
Handle_Socket ps = (Handle_Socket) handle_get_privdata(h);
if (new_backlog < 0) {
/* Special case: this is actually reporting an error writing
* to the underlying handle, and our input value is the error
* code itself, negated. */
plug_closing(ps->plug, win_strerror(-new_backlog), -new_backlog, 0);
return;
}
plug_sent(ps->plug, new_backlog);
}
/*
* Check if running under WOW64.
*/
BOOL is_wow64_active (void)
{
BOOL rc = FALSE;
BOOL wow64 = FALSE;
#if (IS_WIN64 == 0)
typedef BOOL (WINAPI *func_IsWow64Process) (HANDLE proc, BOOL *wow64);
func_IsWow64Process p_IsWow64Process;
const char *dll = "kernel32.dll";
HANDLE hnd = LoadLibrary (dll);
if (!hnd || hnd == INVALID_HANDLE_VALUE)
{
DEBUGF (1, "Failed to load %s; %s\n",
dll, win_strerror(GetLastError()));
return (rc);
}
p_IsWow64Process = (func_IsWow64Process) GetProcAddress (hnd, "IsWow64Process");
if (!p_IsWow64Process)
{
DEBUGF (1, "Failed to find \"p_IsWow64Process()\" in %s; %s\n",
dll, win_strerror(GetLastError()));
FreeLibrary (hnd);
return (rc);
}
if (p_IsWow64Process)
if ((*p_IsWow64Process) (GetCurrentProcess(), &wow64))
rc = wow64;
FreeLibrary (hnd);
#endif /* IS_WIN64 */
DEBUGF (2, "IsWow64Process(): rc: %d, wow64: %d.\n", rc, wow64);
return (rc);
}
void __redisSetError(redisContext *c, int type, const char *str) {
size_t len;
c->err = type;
if (str != NULL) {
len = strlen(str);
len = len < (sizeof(c->errstr)-1) ? len : (sizeof(c->errstr)-1);
memcpy(c->errstr,str,len);
c->errstr[len] = '\0';
} else {
/* Only REDIS_ERR_IO may lack a description! */
assert(type == REDIS_ERR_IO);
#ifdef WIN32
win_strerror(errno,c->errstr,sizeof(c->errstr));
#else
strerror_r(errno,c->errstr,sizeof(c->errstr));
#endif
}
}
void System::CheckError(const String& msg)
{
#ifdef VHWD_WINDOWS
int ret=::GetLastError();
if(ret!=0)
{
System::LogTrace("%s failed, code(%d): %s",msg,ret,win_strerror(ret));
}
#else
int ret=errno;
if(ret!=0)
{
System::LogTrace("%s failed, code(%d): %s",msg,ret,strerror(ret));
}
#endif
}
int platform_ssh_share(const char *pi_name, Conf *conf,
Plug downplug, Plug upplug, Socket *sock,
char **logtext, char **ds_err, char **us_err,
int can_upstream, int can_downstream)
{
char *name, *mutexname, *pipename;
HANDLE mutex;
Socket retsock;
PSECURITY_DESCRIPTOR psd;
PACL acl;
/*
* Transform the platform-independent version of the connection
* identifier into the obfuscated version we'll use for our
* Windows named pipe and mutex. A side effect of doing this is
* that it also eliminates any characters illegal in Windows pipe
* names.
*/
name = obfuscate_name(pi_name);
if (!name) {
*logtext = dupprintf("Unable to call CryptProtectMemory: %s",
win_strerror(GetLastError()));
return SHARE_NONE;
}
/*
* Make a mutex name out of the connection identifier, and lock it
* while we decide whether to be upstream or downstream.
*/
{
SECURITY_ATTRIBUTES sa;
mutexname = make_name(CONNSHARE_MUTEX_PREFIX, name);
if (!make_private_security_descriptor(MUTEX_ALL_ACCESS,
&psd, &acl, logtext)) {
sfree(mutexname);
return SHARE_NONE;
}
memset(&sa, 0, sizeof(sa));
sa.nLength = sizeof(sa);
sa.lpSecurityDescriptor = psd;
sa.bInheritHandle = FALSE;
mutex = CreateMutex(&sa, FALSE, mutexname);
if (!mutex) {
*logtext = dupprintf("CreateMutex(\"%s\") failed: %s",
mutexname, win_strerror(GetLastError()));
sfree(mutexname);
LocalFree(psd);
LocalFree(acl);
return SHARE_NONE;
}
sfree(mutexname);
LocalFree(psd);
LocalFree(acl);
WaitForSingleObject(mutex, INFINITE);
}
pipename = make_name(CONNSHARE_PIPE_PREFIX, name);
*logtext = NULL;
if (can_downstream) {
retsock = new_named_pipe_client(pipename, downplug);
if (sk_socket_error(retsock) == NULL) {
sfree(*logtext);
*logtext = pipename;
*sock = retsock;
sfree(name);
ReleaseMutex(mutex);
CloseHandle(mutex);
return SHARE_DOWNSTREAM;
}
sfree(*ds_err);
*ds_err = dupprintf("%s: %s", pipename, sk_socket_error(retsock));
sk_close(retsock);
}
if (can_upstream) {
retsock = new_named_pipe_listener(pipename, upplug);
if (sk_socket_error(retsock) == NULL) {
sfree(*logtext);
*logtext = pipename;
*sock = retsock;
sfree(name);
ReleaseMutex(mutex);
CloseHandle(mutex);
return SHARE_UPSTREAM;
}
sfree(*us_err);
*us_err = dupprintf("%s: %s", pipename, sk_socket_error(retsock));
sk_close(retsock);
}
/* One of the above clauses ought to have happened. */
assert(*logtext || *ds_err || *us_err);
sfree(pipename);
sfree(name);
ReleaseMutex(mutex);
CloseHandle(mutex);
return SHARE_NONE;
}
int make_private_security_descriptor(DWORD permissions,
PSECURITY_DESCRIPTOR *psd,
PACL *acl,
char **error)
{
SID_IDENTIFIER_AUTHORITY world_auth = SECURITY_WORLD_SID_AUTHORITY;
SID_IDENTIFIER_AUTHORITY nt_auth = SECURITY_NT_AUTHORITY;
EXPLICIT_ACCESS ea[3];
int acl_err;
int ret = FALSE;
/* Initialised once, then kept around to reuse forever */
static PSID worldsid, networksid, usersid;
*psd = NULL;
*acl = NULL;
*error = NULL;
if (!got_advapi()) {
*error = dupprintf("unable to load advapi32.dll");
goto cleanup;
}
if (!usersid) {
if ((usersid = get_user_sid()) == NULL) {
*error = dupprintf("unable to construct SID for current user: %s",
win_strerror(GetLastError()));
goto cleanup;
}
}
if (!worldsid) {
if (!AllocateAndInitializeSid(&world_auth, 1, SECURITY_WORLD_RID,
0, 0, 0, 0, 0, 0, 0, &worldsid)) {
*error = dupprintf("unable to construct SID for world: %s",
win_strerror(GetLastError()));
goto cleanup;
}
}
if (!networksid) {
if (!AllocateAndInitializeSid(&nt_auth, 1, SECURITY_NETWORK_RID,
0, 0, 0, 0, 0, 0, 0, &networksid)) {
*error = dupprintf("unable to construct SID for "
"local same-user access only: %s",
win_strerror(GetLastError()));
goto cleanup;
}
}
memset(ea, 0, sizeof(ea));
ea[0].grfAccessPermissions = permissions;
ea[0].grfAccessMode = REVOKE_ACCESS;
ea[0].grfInheritance = NO_INHERITANCE;
ea[0].Trustee.TrusteeForm = TRUSTEE_IS_SID;
ea[0].Trustee.ptstrName = (LPTSTR)worldsid;
ea[1].grfAccessPermissions = permissions;
ea[1].grfAccessMode = GRANT_ACCESS;
ea[1].grfInheritance = NO_INHERITANCE;
ea[1].Trustee.TrusteeForm = TRUSTEE_IS_SID;
ea[1].Trustee.ptstrName = (LPTSTR)usersid;
ea[2].grfAccessPermissions = permissions;
ea[2].grfAccessMode = REVOKE_ACCESS;
ea[2].grfInheritance = NO_INHERITANCE;
ea[2].Trustee.TrusteeForm = TRUSTEE_IS_SID;
ea[2].Trustee.ptstrName = (LPTSTR)networksid;
acl_err = p_SetEntriesInAclA(3, ea, NULL, acl);
if (acl_err != ERROR_SUCCESS || *acl == NULL) {
*error = dupprintf("unable to construct ACL: %s",
win_strerror(acl_err));
goto cleanup;
}
*psd = (PSECURITY_DESCRIPTOR)
LocalAlloc(LPTR, SECURITY_DESCRIPTOR_MIN_LENGTH);
if (!*psd) {
*error = dupprintf("unable to allocate security descriptor: %s",
win_strerror(GetLastError()));
goto cleanup;
}
if (!InitializeSecurityDescriptor(*psd, SECURITY_DESCRIPTOR_REVISION)) {
*error = dupprintf("unable to initialise security descriptor: %s",
win_strerror(GetLastError()));
goto cleanup;
}
if (!SetSecurityDescriptorDacl(*psd, TRUE, *acl, FALSE)) {
*error = dupprintf("unable to set DACL in security descriptor: %s",
win_strerror(GetLastError()));
goto cleanup;
}
ret = TRUE;
cleanup:
if (!ret) {
if (*psd) {
LocalFree(*psd);
*psd = NULL;
}
if (*acl) {
LocalFree(*acl);
*acl = NULL;
}
} else {
sfree(*error);
*error = NULL;
}
return ret;
}
Socket new_named_pipe_client(const char *pipename, Plug plug)
{
HANDLE pipehandle;
PSID usersid, pipeowner;
PSECURITY_DESCRIPTOR psd;
char *err;
Socket ret;
assert(strncmp(pipename, "\\\\.\\pipe\\", 9) == 0);
assert(strchr(pipename + 9, '\\') == NULL);
while (1) {
pipehandle = CreateFile(pipename, GENERIC_READ | GENERIC_WRITE,
0, NULL, OPEN_EXISTING,
FILE_FLAG_OVERLAPPED, NULL);
if (pipehandle != INVALID_HANDLE_VALUE)
break;
if (GetLastError() != ERROR_PIPE_BUSY) {
err = dupprintf("Unable to open named pipe '%s': %s",
pipename, win_strerror(GetLastError()));
ret = new_error_socket(err, plug);
sfree(err);
return ret;
}
/*
* If we got ERROR_PIPE_BUSY, wait for the server to
* create a new pipe instance. (Since the server is
* expected to be winnps.c, which will do that immediately
* after a previous connection is accepted, that shouldn't
* take excessively long.)
*/
if (!WaitNamedPipe(pipename, NMPWAIT_USE_DEFAULT_WAIT)) {
err = dupprintf("Error waiting for named pipe '%s': %s",
pipename, win_strerror(GetLastError()));
ret = new_error_socket(err, plug);
sfree(err);
return ret;
}
}
if ((usersid = get_user_sid()) == NULL) {
CloseHandle(pipehandle);
err = dupprintf("Unable to get user SID");
ret = new_error_socket(err, plug);
sfree(err);
return ret;
}
if (p_GetSecurityInfo(pipehandle, SE_KERNEL_OBJECT,
OWNER_SECURITY_INFORMATION,
&pipeowner, NULL, NULL, NULL,
&psd) != ERROR_SUCCESS) {
err = dupprintf("Unable to get named pipe security information: %s",
win_strerror(GetLastError()));
ret = new_error_socket(err, plug);
sfree(err);
CloseHandle(pipehandle);
return ret;
}
if (!EqualSid(pipeowner, usersid)) {
err = dupprintf("Owner of named pipe '%s' is not us", pipename);
ret = new_error_socket(err, plug);
sfree(err);
CloseHandle(pipehandle);
LocalFree(psd);
return ret;
}
LocalFree(psd);
return make_handle_socket(pipehandle, pipehandle, NULL, plug, TRUE);
}
/**
* Initialise WinPcap and return our MAC address.
*/
int pkt_eth_init (mac_address *mac_addr)
{
struct {
PACKET_OID_DATA oidData;
char descr[512];
} oid;
const ADAPTER *adapter = NULL;
DWORD thread_id;
BOOL is_up;
if (_watt_is_win9x) /**< \todo Support Win-9x too */
{
(*_printf) (_LANG("Win-NT or later reqired.\n"));
_pkt_errno = PDERR_GEN_FAIL;
return (WERR_ILL_DOSX);
}
if (!_watt_no_config || _watt_user_config_fn)
parse_config_pass_1();
_pkt_inf = calloc (sizeof(*_pkt_inf), 1);
if (!_pkt_inf)
{
(*_printf) (_LANG("Failed to allocate WinPcap DRIVER data.\n"));
_pkt_errno = PDERR_GEN_FAIL;
return (WERR_NO_MEM);
}
if (debug_on >= 2 && dump_fname[0])
dump_file = fopen_excl (ExpandVarStr(dump_fname), "w+t");
if (!PacketInitModule(TRUE, dump_file))
{
(*_printf) (_LANG("Failed to initialise WinPcap.\n"));
pkt_release();
_pkt_errno = PDERR_NO_DRIVER;
return (WERR_PKT_ERROR);
}
if (!_pktdrvrname[0] &&
!find_adapter(_pktdrvrname,sizeof(_pktdrvrname)))
{
(*_printf) (_LANG("No WinPcap driver found.\n"));
_pkt_errno = PDERR_NO_DRIVER;
return (WERR_NO_DRIVER);
}
TCP_CONSOLE_MSG (2, ("device %s\n", _pktdrvrname));
adapter = PacketOpenAdapter (_pktdrvrname);
if (!adapter)
{
if (debug_on > 0)
(*_printf) (_LANG("PacketOpenAdapter (\"%s\") failed; %s\n"),
_pktdrvrname, win_strerror(GetLastError()));
pkt_release();
return (WERR_NO_DRIVER);
}
_pkt_inf->adapter = adapter;
#if defined(USE_DYN_PACKET)
_pkt_inf->adapter_info = NULL;
#else
_pkt_inf->adapter_info = PacketFindAdInfo (_pktdrvrname);
#endif
/* Query the NIC driver for the adapter description
*/
memset (&oid, 0, sizeof(oid));
oid.oidData.Oid = OID_GEN_VENDOR_DESCRIPTION;
oid.oidData.Length = sizeof(oid.descr);
if (PacketRequest (adapter, FALSE, &oid.oidData))
StrLcpy (_pktdrvr_descr, (char*)oid.oidData.Data, sizeof(_pktdrvr_descr));
else
{
(*_printf) (_LANG("PacketRequest() failed; %s\n"),
win_strerror(GetLastError()));
pkt_release();
return (WERR_PKT_ERROR);
}
if (!get_interface_type(&_pktdevclass))
{
pkt_release();
return (WERR_PKT_ERROR);
}
if (get_connected_status(&is_up) && !is_up)
(*_printf) (_LANG("Warning: the adapter %s is down\n"), _pktdrvrname);
switch (_pktdevclass)
{
case PDCLASS_TOKEN:
_pkt_ip_ofs = sizeof(tok_Header);
break;
case PDCLASS_ETHER:
_pkt_ip_ofs = sizeof(eth_Header);
break;
case PDCLASS_FDDI:
_pkt_ip_ofs = sizeof(fddi_Header);
break;
case PDCLASS_ARCNET:
_pkt_ip_ofs = ARC_HDRLEN;
break;
default:
pkt_release();
(*_printf) (_LANG("WinPcap-ERROR: Unsupported driver class %dh\n"),
_pktdevclass);
_pkt_errno = PDERR_NO_CLASS;
return (WERR_PKT_ERROR);
}
if (!pkt_get_addr(mac_addr)) /* get our MAC address */
{
pkt_release();
return (WERR_PKT_ERROR);
}
pktq_init (&_pkt_inf->pkt_queue,
sizeof(_pkt_inf->rx_buf[0]), /* RX_SIZE */
DIM(_pkt_inf->rx_buf), /* RX_BUFS */
(char*)&_pkt_inf->rx_buf);
_pkt_inf->npf_buf_size = RX_SIZE * pkt_num_rx_bufs;
_pkt_inf->npf_buf = malloc (_pkt_inf->npf_buf_size);
if (!_pkt_inf->npf_buf)
{
(*_printf) (_LANG("Failed to allocate %d byte Rx buffer.\n"),
_pkt_inf->npf_buf_size);
pkt_release();
_pkt_errno = PDERR_GEN_FAIL;
return (WERR_NO_MEM);
}
PacketSetMode (adapter, PACKET_MODE_CAPT);
PacketSetBuff (adapter, _pkt_inf->npf_buf_size);
PacketSetMinToCopy (adapter, ETH_MIN);
/* PacketReceivePacket() blocks until something is received
*/
PacketSetReadTimeout ((ADAPTER*)adapter, 0);
/* Set Rx-mode forced via config.
*/
if (_pkt_forced_rxmode != -1)
{
_pkt_forced_rxmode &= 0xFFFF; /* clear bits not set via ARG_ATOX_W */
if (_pkt_forced_rxmode == 0 || /* check illegal bit-values */
(_pkt_forced_rxmode & 0x10) ||
(_pkt_forced_rxmode & 0x40) ||
(_pkt_forced_rxmode > 0x80))
{
TCP_CONSOLE_MSG (0, ("Illegal Rx-mode (0x%02X) specified\n",
_pkt_forced_rxmode));
_pkt_forced_rxmode = -1;
}
}
if (pkt_get_rcv_mode())
_pkt_rxmode0 = _pkt_rxmode;
if (_pkt_forced_rxmode != -1)
pkt_set_rcv_mode (_pkt_forced_rxmode);
else pkt_set_rcv_mode (RXMODE_DEFAULT);
#if 1
_pkt_inf->recv_thread = CreateThread (NULL, 2048, pkt_recv_thread,
NULL, 0, &thread_id);
#else
_pkt_inf->recv_thread = _beginthreadex (NULL, 2048, pkt_recv_thread,
NULL, 0, &thread_id);
#endif
if (!_pkt_inf->recv_thread)
{
(*_printf) (_LANG("Failed to create receiver thread; %s\n"),
win_strerror(GetLastError()));
pkt_release();
_pkt_errno = PDERR_GEN_FAIL;
return (WERR_PKT_ERROR);
}
if (thr_realtime)
SetThreadPriority (_pkt_inf->recv_thread,
THREAD_PRIORITY_TIME_CRITICAL);
TCP_CONSOLE_MSG (2, ("capture thread-id %lu\n", thread_id));
#if defined(USE_DEBUG)
if (debug_on >= 2)
{
(*_printf) ("link-details:\n");
show_link_details();
}
#endif
return (0);
}
char *
gai_strerror(int ecode)
{
return (win_strerror(ecode));
}
int setprocessacl(char *error)
{
EXPLICIT_ACCESS ea[2];
int acl_err;
int ret=FALSE;
PACL acl = NULL;
static const nastyace=WRITE_DAC | WRITE_OWNER |
PROCESS_CREATE_PROCESS | PROCESS_CREATE_THREAD |
PROCESS_DUP_HANDLE | PROCESS_QUERY_INFORMATION |
PROCESS_SET_QUOTA | PROCESS_SET_INFORMATION |
PROCESS_VM_OPERATION | PROCESS_VM_READ | PROCESS_VM_WRITE |
PROCESS_SUSPEND_RESUME;
if (!getsids(error))
goto cleanup;
memset(ea, 0, sizeof(ea));
/* Everyone: deny */
ea[0].grfAccessPermissions = nastyace;
ea[0].grfAccessMode = DENY_ACCESS;
ea[0].grfInheritance = SUB_CONTAINERS_AND_OBJECTS_INHERIT;
ea[0].Trustee.TrusteeForm = TRUSTEE_IS_SID;
ea[0].Trustee.ptstrName = (LPTSTR)worldsid;
/* User: user ace */
ea[1].grfAccessPermissions = ~nastyace & 0x1fff;
ea[1].grfAccessMode = GRANT_ACCESS;
ea[1].grfInheritance = SUB_CONTAINERS_AND_OBJECTS_INHERIT;
ea[1].Trustee.TrusteeForm = TRUSTEE_IS_SID;
ea[1].Trustee.ptstrName = (LPTSTR)usersid;
acl_err = p_SetEntriesInAclA(2, ea, NULL, &acl);
if (acl_err != ERROR_SUCCESS || acl == NULL) {
error = dupprintf("unable to construct ACL: %s",
win_strerror(acl_err));
goto cleanup;
}
if (ERROR_SUCCESS != p_SetSecurityInfo
(GetCurrentProcess(), SE_KERNEL_OBJECT,
OWNER_SECURITY_INFORMATION | DACL_SECURITY_INFORMATION,
usersid, NULL, acl, NULL)) {
error=dupprintf("Unable to set process ACL: %s",
win_strerror(GetLastError()));
goto cleanup;
}
ret=TRUE;
cleanup:
if (!ret) {
if (acl) {
LocalFree(acl);
acl = NULL;
}
}
return ret;
}
int WINAPI WinMain(HINSTANCE hInstance,HINSTANCE hPrevInstance,LPSTR lpszCmd,
int nCmd)
{
STARTUPINFO sProcStartupInfo;
PROCESS_INFORMATION sProcInformation;
DWORD dwNewProcessAffinity;
int argc, i, rv = 1;
char **argv, *szProcCmdLine, *szLastErrorMsg;
LPCTSTR lpProcWorkingDir = NULL;
argv = CommandLineToArgvA(GetCommandLine(),&argc,&szProcCmdLine);
if(argc < 2)
{
ErrorMsgBox("Usage : [-a affinity] [-d working_dir] -- <cmdline>",
"Improper parameters");
goto beach;
}
for(i=1; i<argc; ++i)
{
if(strcmp(argv[i],"-a") == 0)
{
++i;
if(i >= argc)
{
ErrorMsgBox("No data after -a.","Improper parameters");
goto beach;
}
else if(sscanf_s(argv[i],"%8x",&dwNewProcessAffinity) != 1)
{
ErrorMsgBox("Improper affinity specification",
"Improper parameters");
goto beach;
}
}
else if(strcmp(argv[i],"-d") == 0)
{
++i;
if(i >= argc)
{
ErrorMsgBox("No data after -d.","Improper parameters");
goto beach;
}
else lpProcWorkingDir = argv[i];
}
}
/* prepare the STARTUPINFO structure. in our case, it is desired to hide
* the window of the launched process. */
ZeroMemory(&sProcStartupInfo, sizeof(sProcStartupInfo));
sProcStartupInfo.cb = sizeof(sProcStartupInfo);
sProcStartupInfo.dwFlags = STARTF_USESHOWWINDOW;
sProcStartupInfo.wShowWindow = SW_HIDE;
ZeroMemory(&sProcInformation, sizeof(sProcInformation));
/* create the process by specifying its commandline. the process is created
* as a suspended one. it is later resumed with ResumeThread() after setting
* its affinity. therefore, the process will not start its execution until
* the desired affinity is set. */
if(CreateProcess(NULL, szProcCmdLine, NULL, NULL, FALSE,
CREATE_SUSPENDED, NULL, lpProcWorkingDir, &sProcStartupInfo,
&sProcInformation) == 0)
{
szLastErrorMsg = win_strerror("CreateProcess()");
ErrorMsgBox(szLastErrorMsg, "WinAPI call failed");
HeapFree(GetProcessHeap(),0,szLastErrorMsg);
return 1;
}
/* set the affinity mask for the process. */
if(SetProcessAffinityMask(sProcInformation.hProcess, dwNewProcessAffinity)
== 0)
{
szLastErrorMsg = win_strerror("SetProcessAffinityMask()");
ErrorMsgBox(szLastErrorMsg, "WinAPI call failed");
HeapFree(GetProcessHeap(),0,szLastErrorMsg);
if(TerminateProcess(sProcInformation.hProcess, 255) == 0)
{
szLastErrorMsg = win_strerror("TerminateProcess()");
ErrorMsgBox(szLastErrorMsg, "WinAPI call failed");
HeapFree(GetProcessHeap(),0,szLastErrorMsg);
}
goto beach2;
}
/* and resume (actually, start) its execution. */
if(ResumeThread(sProcInformation.hThread) == -1)
{
szLastErrorMsg = win_strerror("ResumeThread()");
ErrorMsgBox(szLastErrorMsg, "WinAPI call failed");
HeapFree(GetProcessHeap(),0,szLastErrorMsg);
if(TerminateProcess(sProcInformation.hProcess, 255) == 0)
{
szLastErrorMsg = win_strerror("TerminateProcess()");
ErrorMsgBox(szLastErrorMsg, "WinAPI call failed");
HeapFree(GetProcessHeap(),0,szLastErrorMsg);
}
goto beach2;
}
/* process launched successfully. */
rv = 0;
beach2:
/* close handles to the created process and its main thread, and exit. */
CloseHandle(sProcInformation.hProcess);
CloseHandle(sProcInformation.hThread);
beach:
HeapFree(GetProcessHeap(),0,argv);
return rv;
}
const char *winsock_error_string(int error)
{
/*
* Error codes we know about and have historically had reasonably
* sensible error messages for.
*/
switch (error) {
case WSAEACCES:
return "Network error: Permission denied";
case WSAEADDRINUSE:
return "Network error: Address already in use";
case WSAEADDRNOTAVAIL:
return "Network error: Cannot assign requested address";
case WSAEAFNOSUPPORT:
return
"Network error: Address family not supported by protocol family";
case WSAEALREADY:
return "Network error: Operation already in progress";
case WSAECONNABORTED:
return "Network error: Software caused connection abort";
case WSAECONNREFUSED:
return "Network error: Connection refused";
case WSAECONNRESET:
return "Network error: Connection reset by peer";
case WSAEDESTADDRREQ:
return "Network error: Destination address required";
case WSAEFAULT:
return "Network error: Bad address";
case WSAEHOSTDOWN:
return "Network error: Host is down";
case WSAEHOSTUNREACH:
return "Network error: No route to host";
case WSAEINPROGRESS:
return "Network error: Operation now in progress";
case WSAEINTR:
return "Network error: Interrupted function call";
case WSAEINVAL:
return "Network error: Invalid argument";
case WSAEISCONN:
return "Network error: Socket is already connected";
case WSAEMFILE:
return "Network error: Too many open files";
case WSAEMSGSIZE:
return "Network error: Message too long";
case WSAENETDOWN:
return "Network error: Network is down";
case WSAENETRESET:
return "Network error: Network dropped connection on reset";
case WSAENETUNREACH:
return "Network error: Network is unreachable";
case WSAENOBUFS:
return "Network error: No buffer space available";
case WSAENOPROTOOPT:
return "Network error: Bad protocol option";
case WSAENOTCONN:
return "Network error: Socket is not connected";
case WSAENOTSOCK:
return "Network error: Socket operation on non-socket";
case WSAEOPNOTSUPP:
return "Network error: Operation not supported";
case WSAEPFNOSUPPORT:
return "Network error: Protocol family not supported";
case WSAEPROCLIM:
return "Network error: Too many processes";
case WSAEPROTONOSUPPORT:
return "Network error: Protocol not supported";
case WSAEPROTOTYPE:
return "Network error: Protocol wrong type for socket";
case WSAESHUTDOWN:
return "Network error: Cannot send after socket shutdown";
case WSAESOCKTNOSUPPORT:
return "Network error: Socket type not supported";
case WSAETIMEDOUT:
return "Network error: Connection timed out";
case WSAEWOULDBLOCK:
return "Network error: Resource temporarily unavailable";
case WSAEDISCON:
return "Network error: Graceful shutdown in progress";
}
/*
* Handle any other error code by delegating to win_strerror.
*/
return win_strerror(error);
}
int make_private_security_descriptor(DWORD permissions,
PSECURITY_DESCRIPTOR *psd,
PACL *acl,
char **error)
{
EXPLICIT_ACCESS ea[3];
int acl_err;
int ret = FALSE;
*psd = NULL;
*acl = NULL;
*error = NULL;
if (!getsids(*error))
goto cleanup;
memset(ea, 0, sizeof(ea));
ea[0].grfAccessPermissions = permissions;
ea[0].grfAccessMode = REVOKE_ACCESS;
ea[0].grfInheritance = NO_INHERITANCE;
ea[0].Trustee.TrusteeForm = TRUSTEE_IS_SID;
ea[0].Trustee.ptstrName = (LPTSTR)worldsid;
ea[1].grfAccessPermissions = permissions;
ea[1].grfAccessMode = GRANT_ACCESS;
ea[1].grfInheritance = NO_INHERITANCE;
ea[1].Trustee.TrusteeForm = TRUSTEE_IS_SID;
ea[1].Trustee.ptstrName = (LPTSTR)usersid;
ea[2].grfAccessPermissions = permissions;
ea[2].grfAccessMode = REVOKE_ACCESS;
ea[2].grfInheritance = NO_INHERITANCE;
ea[2].Trustee.TrusteeForm = TRUSTEE_IS_SID;
ea[2].Trustee.ptstrName = (LPTSTR)networksid;
acl_err = p_SetEntriesInAclA(3, ea, NULL, acl);
if (acl_err != ERROR_SUCCESS || *acl == NULL) {
*error = dupprintf("unable to construct ACL: %s",
win_strerror(acl_err));
goto cleanup;
}
*psd = (PSECURITY_DESCRIPTOR)
LocalAlloc(LPTR, SECURITY_DESCRIPTOR_MIN_LENGTH);
if (!*psd) {
*error = dupprintf("unable to allocate security descriptor: %s",
win_strerror(GetLastError()));
goto cleanup;
}
if (!InitializeSecurityDescriptor(*psd, SECURITY_DESCRIPTOR_REVISION)) {
*error = dupprintf("unable to initialise security descriptor: %s",
win_strerror(GetLastError()));
goto cleanup;
}
if (!SetSecurityDescriptorOwner(*psd, usersid, FALSE)) {
*error = dupprintf("unable to set owner in security descriptor: %s",
win_strerror(GetLastError()));
goto cleanup;
}
if (!SetSecurityDescriptorDacl(*psd, TRUE, *acl, FALSE)) {
*error = dupprintf("unable to set DACL in security descriptor: %s",
win_strerror(GetLastError()));
goto cleanup;
}
ret = TRUE;
cleanup:
if (!ret) {
if (*psd) {
LocalFree(*psd);
*psd = NULL;
}
if (*acl) {
LocalFree(*acl);
*acl = NULL;
}
} else {
sfree(*error);
*error = NULL;
}
return ret;
}
