Ros-diffs

ros-diffs@reactos.org

81390 discussions

[reactos] 20/21: [NTOS:SE] Enable support for principal and restricted SIDs
by George Bișoc 06 May '22

06 May '22

https://git.reactos.org/?p=reactos.git;a=commitdiff;h=f48191b4b5b2f5d5498ff… commit f48191b4b5b2f5d5498ff77a651d062a59dc546b Author: George Bișoc <george.bisoc(a)reactos.org> AuthorDate: Sat Feb 5 22:21:14 2022 +0100 Commit: George Bișoc <george.bisoc(a)reactos.org> CommitDate: Fri May 6 10:09:53 2022 +0200 [NTOS:SE] Enable support for principal and restricted SIDs SepSidInTokenEx function already provides the necessary mechanism to handle scenario where a token has restricted SIDs or a principal SID is given to the call. There's no reason to have these redundant ASSERTs anymore. In addition to that make sure if the SID is not a restricted and if that SID is the first element on the array and it's enabled, this is the primary user. --- ntoskrnl/se/access.c | 21 ++++++++++++--------- 1 file changed, 12 insertions(+), 9 deletions(-) diff --git a/ntoskrnl/se/access.c b/ntoskrnl/se/access.c index 7e6eb23d136..98b00a70d1e 100644 --- a/ntoskrnl/se/access.c +++ b/ntoskrnl/se/access.c @@ -37,7 +37,7 @@ ERESOURCE SepSubjectContextLock; * * @param[in] Restricted * If set to TRUE, the caller expects that a SID in a token is - * restricted. + * restricted (by the general definition, a token is restricted). * * @return * Returns TRUE if the specified SID in the call is present in the token, @@ -52,7 +52,7 @@ SepSidInTokenEx( _In_ BOOLEAN Deny, _In_ BOOLEAN Restricted) { - ULONG i; + ULONG SidIndex; PTOKEN Token = (PTOKEN)_Token; PISID TokenSid, Sid = (PISID)_Sid; PSID_AND_ATTRIBUTES SidAndAttributes; @@ -60,10 +60,6 @@ SepSidInTokenEx( USHORT SidMetadata; PAGED_CODE(); - /* Not yet supported */ - ASSERT(PrincipalSelfSid == NULL); - ASSERT(Restricted == FALSE); - /* Check if a principal SID was given, and this is our current SID already */ if ((PrincipalSelfSid) && (RtlEqualSid(SePrincipalSelfSid, Sid))) { @@ -91,7 +87,7 @@ SepSidInTokenEx( SidMetadata = *(PUSHORT)&Sid->Revision; /* Loop every SID */ - for (i = 0; i < SidCount; i++) + for (SidIndex = 0; SidIndex < SidCount; SidIndex++) { TokenSid = (PISID)SidAndAttributes->Sid; #if SE_SID_DEBUG @@ -106,8 +102,15 @@ SepSidInTokenEx( /* Check if the SID data matches */ if (RtlEqualMemory(Sid, TokenSid, SidLength)) { - /* Check if the group is enabled, or used for deny only */ - if ((!(i) && !(SidAndAttributes->Attributes & SE_GROUP_USE_FOR_DENY_ONLY)) || + /* + * Check if the group is enabled, or used for deny only. + * Otherwise we have to check if this is the first user. + * We understand that by looking if this SID is not + * restricted, this is the first element we are iterating + * and that it doesn't have SE_GROUP_USE_FOR_DENY_ONLY + * attribute. + */ + if ((!Restricted && (SidIndex == 0) && !(SidAndAttributes->Attributes & SE_GROUP_USE_FOR_DENY_ONLY)) || (SidAndAttributes->Attributes & SE_GROUP_ENABLED) || ((Deny) && (SidAndAttributes->Attributes & SE_GROUP_USE_FOR_DENY_ONLY))) {

1 0

[reactos] 19/21: [NTOS:SE] Implement SepGetSidFromAce
by George Bișoc 06 May '22

06 May '22

https://git.reactos.org/?p=reactos.git;a=commitdiff;h=bac67a65f26df384f5962… commit bac67a65f26df384f5962e85f001f5984caa2b66 Author: George Bișoc <george.bisoc(a)reactos.org> AuthorDate: Sat Feb 5 22:01:39 2022 +0100 Commit: George Bișoc <george.bisoc(a)reactos.org> CommitDate: Fri May 6 10:09:53 2022 +0200 [NTOS:SE] Implement SepGetSidFromAce This function will be used to retrieve a security identifier from a valid access control entry in the kernel. Mostly and exclusively used within access checks related code and such. --- ntoskrnl/se/sid.c | 71 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 71 insertions(+) diff --git a/ntoskrnl/se/sid.c b/ntoskrnl/se/sid.c index 509b3777488..13aeba2662b 100644 --- a/ntoskrnl/se/sid.c +++ b/ntoskrnl/se/sid.c @@ -412,6 +412,77 @@ SepReleaseSid( } } +/** + * @brief + * Captures a security identifier from a + * given access control entry. This identifier + * is valid for the whole of its lifetime. + * + * @param[in] AceType + * The type of an access control entry. This + * type that is given by the calling thread + * must coincide with the actual ACE that is + * given in the second parameter otherwise this + * can potentially lead to UNDEFINED behavior! + * + * @param[in] Ace + * A pointer to an access control entry, which + * can be obtained from a DACL. + * + * @return + * Returns a pointer to a security identifier (SID), + * otherwise NULL is returned if an unsupported ACE + * type was given to the function. + */ +PSID +NTAPI +SepGetSidFromAce( + _In_ UCHAR AceType, + _In_ PACE Ace) +{ + PSID Sid; + PAGED_CODE(); + + /* Sanity check */ + ASSERT(Ace); + + /* Initialize the SID */ + Sid = NULL; + + /* Obtain the SID based upon ACE type */ + switch (AceType) + { + case ACCESS_DENIED_ACE_TYPE: + { + Sid = (PSID)&((PACCESS_DENIED_ACE)Ace)->SidStart; + break; + } + + case ACCESS_ALLOWED_ACE_TYPE: + { + Sid = (PSID)&((PACCESS_ALLOWED_ACE)Ace)->SidStart; + break; + } + + case ACCESS_DENIED_OBJECT_ACE_TYPE: + { + Sid = (PSID)&((PACCESS_DENIED_OBJECT_ACE)Ace)->SidStart; + break; + } + + case ACCESS_ALLOWED_OBJECT_ACE_TYPE: + { + Sid = (PSID)&((PACCESS_ALLOWED_OBJECT_ACE)Ace)->SidStart; + break; + } + + default: + break; + } + + return Sid; +} + /** * @brief * Captures a SID with attributes.

1 0

[reactos] 18/21: [NTOS:SE] Add SepGetSidFromAce prototype & Niscellaneous Stuff
by George Bișoc 06 May '22

06 May '22

https://git.reactos.org/?p=reactos.git;a=commitdiff;h=c93bf84747637c090ffce… commit c93bf84747637c090ffced8506472d5505b4f69e Author: George Bișoc <george.bisoc(a)reactos.org> AuthorDate: Tue Apr 19 11:33:09 2022 +0200 Commit: George Bișoc <george.bisoc(a)reactos.org> CommitDate: Fri May 6 10:09:52 2022 +0200 [NTOS:SE] Add SepGetSidFromAce prototype & Niscellaneous Stuff --- ntoskrnl/include/internal/se.h | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/ntoskrnl/include/internal/se.h b/ntoskrnl/include/internal/se.h index 90c318878a9..034203d9313 100644 --- a/ntoskrnl/include/internal/se.h +++ b/ntoskrnl/include/internal/se.h @@ -24,6 +24,19 @@ typedef struct _KNOWN_COMPOUND_ACE ULONG SidStart; } KNOWN_COMPOUND_ACE, *PKNOWN_COMPOUND_ACE; +typedef struct _ACCESS_CHECK_RIGHTS +{ + ACCESS_MASK RemainingAccessRights; + ACCESS_MASK GrantedAccessRights; + ACCESS_MASK DeniedAccessRights; +} ACCESS_CHECK_RIGHTS, *PACCESS_CHECK_RIGHTS; + +typedef enum _ACCESS_CHECK_RIGHT_TYPE +{ + AccessCheckMaximum, + AccessCheckRegular +} ACCESS_CHECK_RIGHT_TYPE; + typedef struct _TOKEN_AUDIT_POLICY_INFORMATION { ULONG PolicyCount; @@ -501,6 +514,12 @@ SepReleaseSid( _In_ KPROCESSOR_MODE AccessMode, _In_ BOOLEAN CaptureIfKernel); +PSID +NTAPI +SepGetSidFromAce( + _In_ UCHAR AceType, + _In_ PACE Ace); + NTSTATUS NTAPI SeCaptureSidAndAttributesArray(

1 0

[reactos] 17/21: [XDK] Move security object related structures to appropriate place
by George Bișoc 06 May '22

06 May '22

https://git.reactos.org/?p=reactos.git;a=commitdiff;h=bcf0aebb13979a283985d… commit bcf0aebb13979a283985dc1bd03b7232be8db022 Author: George Bișoc <george.bisoc(a)reactos.org> AuthorDate: Sat Feb 5 21:50:39 2022 +0100 Commit: George Bișoc <george.bisoc(a)reactos.org> CommitDate: Fri May 6 10:09:52 2022 +0200 [XDK] Move security object related structures to appropriate place ACCESS_ALLOWED_OBJECT_ACE and ACCESS_DENIED_OBJECT_ACE structures must be in the XDK section of SDK as these will be used in the future in the security subsystem of the kernel. --- sdk/include/xdk/setypes.h | 18 ++++++++++++++++++ sdk/include/xdk/winnt_old.h | 18 ------------------ 2 files changed, 18 insertions(+), 18 deletions(-) diff --git a/sdk/include/xdk/setypes.h b/sdk/include/xdk/setypes.h index 763906c40d1..a46e4295274 100644 --- a/sdk/include/xdk/setypes.h +++ b/sdk/include/xdk/setypes.h @@ -765,6 +765,24 @@ typedef struct _ACCESS_DENIED_ACE { $ULONG SidStart; } ACCESS_DENIED_ACE, *PACCESS_DENIED_ACE; +typedef struct _ACCESS_ALLOWED_OBJECT_ACE { + ACE_HEADER Header; + ACCESS_MASK Mask; + $ULONG Flags; + GUID ObjectType; + GUID InheritedObjectType; + $ULONG SidStart; +} ACCESS_ALLOWED_OBJECT_ACE, *PACCESS_ALLOWED_OBJECT_ACE; + +typedef struct _ACCESS_DENIED_OBJECT_ACE { + ACE_HEADER Header; + ACCESS_MASK Mask; + $ULONG Flags; + GUID ObjectType; + GUID InheritedObjectType; + $ULONG SidStart; +} ACCESS_DENIED_OBJECT_ACE, *PACCESS_DENIED_OBJECT_ACE; + typedef struct _SYSTEM_AUDIT_ACE { ACE_HEADER Header; ACCESS_MASK Mask; diff --git a/sdk/include/xdk/winnt_old.h b/sdk/include/xdk/winnt_old.h index b043574a15d..c62c462b294 100644 --- a/sdk/include/xdk/winnt_old.h +++ b/sdk/include/xdk/winnt_old.h @@ -2426,24 +2426,6 @@ typedef struct _SECURITY_ATTRIBUTES { $include(setypes.h) -typedef struct _ACCESS_ALLOWED_OBJECT_ACE { - ACE_HEADER Header; - ACCESS_MASK Mask; - DWORD Flags; - GUID ObjectType; - GUID InheritedObjectType; - DWORD SidStart; -} ACCESS_ALLOWED_OBJECT_ACE,*PACCESS_ALLOWED_OBJECT_ACE; - -typedef struct _ACCESS_DENIED_OBJECT_ACE { - ACE_HEADER Header; - ACCESS_MASK Mask; - DWORD Flags; - GUID ObjectType; - GUID InheritedObjectType; - DWORD SidStart; -} ACCESS_DENIED_OBJECT_ACE,*PACCESS_DENIED_OBJECT_ACE; - typedef struct _SYSTEM_AUDIT_OBJECT_ACE { ACE_HEADER Header; ACCESS_MASK Mask;

1 0

[reactos] 16/21: [NTOSKRNL] Add security access check rights pool tag
by George Bișoc 06 May '22

06 May '22

https://git.reactos.org/?p=reactos.git;a=commitdiff;h=9101a5dc6d1664da6f57d… commit 9101a5dc6d1664da6f57d64cb3da174515ba9789 Author: George Bișoc <george.bisoc(a)reactos.org> AuthorDate: Tue Feb 8 11:54:57 2022 +0100 Commit: George Bișoc <george.bisoc(a)reactos.org> CommitDate: Fri May 6 10:09:52 2022 +0200 [NTOSKRNL] Add security access check rights pool tag --- ntoskrnl/include/internal/tag.h | 1 + 1 file changed, 1 insertion(+) diff --git a/ntoskrnl/include/internal/tag.h b/ntoskrnl/include/internal/tag.h index 16616ccc92c..cdc8eaf031a 100644 --- a/ntoskrnl/include/internal/tag.h +++ b/ntoskrnl/include/internal/tag.h @@ -159,6 +159,7 @@ #define TAG_LOGON_NOTIFICATION 'nLeS' #define TAG_SID_AND_ATTRIBUTES 'aSeS' #define TAG_SID_VALIDATE 'vSeS' +#define TAG_ACCESS_CHECK_RIGHT 'rCeS' /* LPC Tags */ #define TAG_LPC_MESSAGE 'McpL'

1 0

[reactos] 15/21: [SERVICES] Assign a World identity authority for Everyone SID, not Null authority
by George Bișoc 06 May '22

06 May '22

https://git.reactos.org/?p=reactos.git;a=commitdiff;h=f559f63063a64aba3f489… commit f559f63063a64aba3f489aef210a9848a0850d48 Author: George Bișoc <george.bisoc(a)reactos.org> AuthorDate: Sun Feb 13 19:12:19 2022 +0100 Commit: George Bișoc <george.bisoc(a)reactos.org> CommitDate: Fri May 6 10:09:52 2022 +0200 [SERVICES] Assign a World identity authority for Everyone SID, not Null authority The current code allocates memory and initializes the Everyone "World" security identifier but with a Null authority identifier. This is utterly wrong on so many levels, more so partly because a Null authority identifier is 0 so after the Everyone SID is initialized, it is actually initialized as S-1-0-0 instead of S-1-1-0. --- base/system/services/security.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/base/system/services/security.c b/base/system/services/security.c index b2639e95a20..2e8f284a714 100644 --- a/base/system/services/security.c +++ b/base/system/services/security.c @@ -55,6 +55,7 @@ DWORD ScmCreateSids(VOID) { SID_IDENTIFIER_AUTHORITY NullAuthority = {SECURITY_NULL_SID_AUTHORITY}; + SID_IDENTIFIER_AUTHORITY WorldAuthority = {SECURITY_WORLD_SID_AUTHORITY}; SID_IDENTIFIER_AUTHORITY NtAuthority = {SECURITY_NT_AUTHORITY}; PULONG pSubAuthority; ULONG ulLength1 = RtlLengthRequiredSid(1); @@ -78,7 +79,7 @@ ScmCreateSids(VOID) return ERROR_OUTOFMEMORY; } - RtlInitializeSid(pWorldSid, &NullAuthority, 1); + RtlInitializeSid(pWorldSid, &WorldAuthority, 1); pSubAuthority = RtlSubAuthoritySid(pWorldSid, 0); *pSubAuthority = SECURITY_WORLD_RID;

1 0

[reactos] 14/21: [SERVICES] Grant ReactOS Setup component SYSTEM access
by George Bișoc 06 May '22

06 May '22

https://git.reactos.org/?p=reactos.git;a=commitdiff;h=f340524ea4d103221a7fd… commit f340524ea4d103221a7fd2eaca51787ea02461c7 Author: George Bișoc <george.bisoc(a)reactos.org> AuthorDate: Mon Feb 21 11:12:48 2022 +0100 Commit: George Bișoc <george.bisoc(a)reactos.org> CommitDate: Fri May 6 10:09:51 2022 +0200 [SERVICES] Grant ReactOS Setup component SYSTEM access ReactOS Setup is an integral component that is part of the operating system responsible for the installation of ROS during 2nd installation stage. The situation with current master branch is like this -- the Services component always tries to create the process on behalf of the logged in user with its own security context. That user doesn't have the privileges and access rights like SYSTEM thus the Services component tries to create the process but it fails to do so because of lacking of required access right, TOKEN_DUPLICATE, in order for the calling thread to impersonate as self. --- base/system/services/database.c | 2 +- base/system/services/services.c | 24 ++++++++++++++++++++++++ base/system/services/services.h | 1 + 3 files changed, 26 insertions(+), 1 deletion(-) diff --git a/base/system/services/database.c b/base/system/services/database.c index d773a44e102..8dbf148d43a 100644 --- a/base/system/services/database.c +++ b/base/system/services/database.c @@ -370,7 +370,7 @@ ScmLogonService( DPRINT("ScmLogonService(%p %p)\n", pService, pImage); DPRINT("Service %S\n", pService->lpServiceName); - if (ScmIsLocalSystemAccount(pImage->pszAccountName) || ScmLiveSetup) + if (ScmIsLocalSystemAccount(pImage->pszAccountName) || ScmLiveSetup || ScmSetupInProgress) return ERROR_SUCCESS; /* Get the user and domain names */ diff --git a/base/system/services/services.c b/base/system/services/services.c index b45ac07b745..fec54827b87 100644 --- a/base/system/services/services.c +++ b/base/system/services/services.c @@ -28,6 +28,7 @@ int WINAPI RegisterServicesProcess(DWORD ServicesProcessId); BOOL ScmInitialize = FALSE; BOOL ScmShutdown = FALSE; BOOL ScmLiveSetup = FALSE; +BOOL ScmSetupInProgress = FALSE; static HANDLE hScmShutdownEvent = NULL; static HANDLE hScmSecurityServicesEvent = NULL; @@ -55,6 +56,7 @@ CheckForLiveCD(VOID) WCHAR CommandLine[MAX_PATH]; HKEY hSetupKey; DWORD dwSetupType; + DWORD dwSetupInProgress; DWORD dwType; DWORD dwSize; DWORD dwError; @@ -107,6 +109,28 @@ CheckForLiveCD(VOID) ScmLiveSetup = TRUE; } + /* Read the SystemSetupInProgress value */ + dwSize = sizeof(DWORD); + dwError = RegQueryValueExW(hSetupKey, + L"SystemSetupInProgress", + NULL, + &dwType, + (LPBYTE)&dwSetupInProgress, + &dwSize); + if (dwError != ERROR_SUCCESS || + dwType != REG_DWORD || + dwSize != sizeof(DWORD) || + dwSetupType == 0) + { + goto done; + } + + if (dwSetupInProgress == 1) + { + DPRINT1("ReactOS Setup currently in progress!\n"); + ScmSetupInProgress = TRUE; + } + done: RegCloseKey(hSetupKey); diff --git a/base/system/services/services.h b/base/system/services/services.h index cbaa4a93329..204375c17c6 100644 --- a/base/system/services/services.h +++ b/base/system/services/services.h @@ -102,6 +102,7 @@ extern LIST_ENTRY ImageListHead; extern BOOL ScmInitialize; extern BOOL ScmShutdown; extern BOOL ScmLiveSetup; +extern BOOL ScmSetupInProgress; extern PSECURITY_DESCRIPTOR pPipeSD;

1 0

[reactos] 13/21: [UMPNPMGR] Create a security descriptor for PnP installation device event
by George Bișoc 06 May '22

06 May '22

https://git.reactos.org/?p=reactos.git;a=commitdiff;h=cd1070dfc42ea30bf3361… commit cd1070dfc42ea30bf336129cba62a41ad3a83ff6 Author: George Bișoc <george.bisoc(a)reactos.org> AuthorDate: Fri Apr 15 11:11:12 2022 +0200 Commit: George Bișoc <george.bisoc(a)reactos.org> CommitDate: Fri May 6 10:09:51 2022 +0200 [UMPNPMGR] Create a security descriptor for PnP installation device event --- base/services/umpnpmgr/install.c | 179 ++++++++++++++++++++++++++++++++++++++- 1 file changed, 178 insertions(+), 1 deletion(-) diff --git a/base/services/umpnpmgr/install.c b/base/services/umpnpmgr/install.c index dae3e649254..f6caee01c4a 100644 --- a/base/services/umpnpmgr/install.c +++ b/base/services/umpnpmgr/install.c @@ -45,6 +45,9 @@ HANDLE hDeviceInstallListMutex; LIST_ENTRY DeviceInstallListHead; HANDLE hDeviceInstallListNotEmpty; +DWORD +CreatePnpInstallEventSecurity( + _Out_ PSECURITY_DESCRIPTOR *EventSd); /* FUNCTIONS *****************************************************************/ @@ -54,6 +57,7 @@ InstallDevice(PCWSTR DeviceInstance, BOOL ShowWizard) BOOL DeviceInstalled = FALSE; DWORD BytesWritten; DWORD Value; + DWORD ErrCode; HANDLE hInstallEvent; HANDLE hPipe = INVALID_HANDLE_VALUE; LPVOID Environment = NULL; @@ -61,6 +65,8 @@ InstallDevice(PCWSTR DeviceInstance, BOOL ShowWizard) STARTUPINFOW StartupInfo; UUID RandomUuid; HKEY DeviceKey; + SECURITY_ATTRIBUTES EventAttrs; + PSECURITY_DESCRIPTOR EventSd; /* The following lengths are constant (see below), they cannot overflow */ WCHAR CommandLine[116]; @@ -119,10 +125,23 @@ InstallDevice(PCWSTR DeviceInstance, BOOL ShowWizard) RandomUuid.Data4[3], RandomUuid.Data4[4], RandomUuid.Data4[5], RandomUuid.Data4[6], RandomUuid.Data4[7]); + ErrCode = CreatePnpInstallEventSecurity(&EventSd); + if (ErrCode != ERROR_SUCCESS) + { + DPRINT1("CreatePnpInstallEventSecurity failed with error %u\n", GetLastError()); + return FALSE; + } + + /* Set up the security attributes for the event */ + EventAttrs.nLength = sizeof(SECURITY_ATTRIBUTES); + EventAttrs.lpSecurityDescriptor = EventSd; + EventAttrs.bInheritHandle = FALSE; + /* Create the event */ wcscpy(InstallEventName, L"Global\\PNP_Device_Install_Event_0."); wcscat(InstallEventName, UuidString); - hInstallEvent = CreateEventW(NULL, TRUE, FALSE, InstallEventName); + hInstallEvent = CreateEventW(&EventAttrs, TRUE, FALSE, InstallEventName); + HeapFree(GetProcessHeap(), 0, EventSd); if (!hInstallEvent) { DPRINT1("CreateEventW('%ls') failed with error %lu\n", InstallEventName, GetLastError()); @@ -298,6 +317,164 @@ cleanup: } +/** + * @brief + * Creates a security descriptor for the PnP event + * installation. + * + * @param[out] EventSd + * A pointer to an allocated security descriptor + * for the event. + * + * @return + * ERROR_SUCCESS is returned if the function has + * successfully created the descriptor, otherwise + * a Win32 error code is returned. + * + * @remarks + * Only admins and local system have full power + * over this event as privileged users can install + * devices on a system. + */ +DWORD +CreatePnpInstallEventSecurity( + _Out_ PSECURITY_DESCRIPTOR *EventSd) +{ + DWORD ErrCode; + PACL Dacl; + ULONG DaclSize; + SECURITY_DESCRIPTOR AbsoluteSd; + ULONG Size = 0; + PSECURITY_DESCRIPTOR RelativeSd = NULL; + PSID SystemSid = NULL, AdminsSid = NULL; + static SID_IDENTIFIER_AUTHORITY NtAuthority = {SECURITY_NT_AUTHORITY}; + + if (!AllocateAndInitializeSid(&NtAuthority, + 1, + SECURITY_LOCAL_SYSTEM_RID, + 0, 0, 0, 0, 0, 0, 0, + &SystemSid)) + { + return GetLastError(); + } + + if (!AllocateAndInitializeSid(&NtAuthority, + 2, + SECURITY_BUILTIN_DOMAIN_RID, + DOMAIN_ALIAS_RID_ADMINS, + 0, 0, 0, 0, 0, 0, + &AdminsSid)) + { + ErrCode = GetLastError(); + goto Quit; + } + + DaclSize = sizeof(ACL) + + sizeof(ACCESS_ALLOWED_ACE) + GetLengthSid(SystemSid) + + sizeof(ACCESS_ALLOWED_ACE) + GetLengthSid(AdminsSid); + + Dacl = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, DaclSize); + if (!Dacl) + { + ErrCode = ERROR_OUTOFMEMORY; + goto Quit; + } + + if (!InitializeAcl(Dacl, DaclSize, ACL_REVISION)) + { + ErrCode = GetLastError(); + goto Quit; + } + + if (!AddAccessAllowedAce(Dacl, + ACL_REVISION, + EVENT_ALL_ACCESS, + SystemSid)) + { + ErrCode = GetLastError(); + goto Quit; + } + + if (!AddAccessAllowedAce(Dacl, + ACL_REVISION, + EVENT_ALL_ACCESS, + AdminsSid)) + { + ErrCode = GetLastError(); + goto Quit; + } + + if (!InitializeSecurityDescriptor(&AbsoluteSd, SECURITY_DESCRIPTOR_REVISION)) + { + ErrCode = GetLastError(); + goto Quit; + } + + if (!SetSecurityDescriptorDacl(&AbsoluteSd, TRUE, Dacl, FALSE)) + { + ErrCode = GetLastError(); + goto Quit; + } + + if (!SetSecurityDescriptorOwner(&AbsoluteSd, SystemSid, FALSE)) + { + ErrCode = GetLastError(); + goto Quit; + } + + if (!SetSecurityDescriptorGroup(&AbsoluteSd, AdminsSid, FALSE)) + { + ErrCode = GetLastError(); + goto Quit; + } + + if (!MakeSelfRelativeSD(&AbsoluteSd, NULL, &Size) && GetLastError() == ERROR_INSUFFICIENT_BUFFER) + { + RelativeSd = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, Size); + if (RelativeSd == NULL) + { + ErrCode = ERROR_OUTOFMEMORY; + goto Quit; + } + + if (!MakeSelfRelativeSD(&AbsoluteSd, RelativeSd, &Size)) + { + ErrCode = GetLastError(); + goto Quit; + } + } + + *EventSd = RelativeSd; + ErrCode = ERROR_SUCCESS; + +Quit: + if (SystemSid) + { + FreeSid(SystemSid); + } + + if (AdminsSid) + { + FreeSid(AdminsSid); + } + + if (Dacl) + { + HeapFree(GetProcessHeap(), 0, Dacl); + } + + if (ErrCode != ERROR_SUCCESS) + { + if (RelativeSd) + { + HeapFree(GetProcessHeap(), 0, RelativeSd); + } + } + + return ErrCode; +} + + static BOOL IsConsoleBoot(VOID) {

1 0

[reactos] 12/21: [POWRPROF] Create a security descriptor for power management semaphore
by George Bișoc 06 May '22

06 May '22

https://git.reactos.org/?p=reactos.git;a=commitdiff;h=fd25e2dc64e44cc5921c5… commit fd25e2dc64e44cc5921c56a7ba17faadde29ee34 Author: George Bișoc <george.bisoc(a)reactos.org> AuthorDate: Thu Apr 14 21:14:46 2022 +0200 Commit: George Bișoc <george.bisoc(a)reactos.org> CommitDate: Fri May 6 10:09:51 2022 +0200 [POWRPROF] Create a security descriptor for power management semaphore --- dll/win32/powrprof/powrprof.c | 181 +++++++++++++++++++++++++++++++++++++++++- 1 file changed, 180 insertions(+), 1 deletion(-) diff --git a/dll/win32/powrprof/powrprof.c b/dll/win32/powrprof/powrprof.c index 9aaa1c1b003..7172bb43646 100644 --- a/dll/win32/powrprof/powrprof.c +++ b/dll/win32/powrprof/powrprof.c @@ -826,6 +826,172 @@ CheckPowerActionPolicy(PPOWER_ACTION_POLICY pPAP, SYSTEM_POWER_CAPABILITIES Powe }; } +/** + * @brief + * Creates a security descriptor for the power + * management registry semaphore. + * + * @param[out] PowrProfSd + * A pointer to an allocated security descriptor + * for the semaphore. + * + * @return + * Returns TRUE if the function succeeds, otherwise + * FALSE is returned. + * + * @remarks + * Authenticated users are only given a subset of specific + * rights for the semaphore access, local system and admins + * have full power. + */ +static BOOLEAN +CreatePowrProfSemaphoreSecurity(_Out_ PSECURITY_DESCRIPTOR *PowrProfSd) +{ + BOOLEAN Success = FALSE; + PACL Dacl; + ULONG DaclSize, RelSDSize = 0; + PSID AuthenticatedUsersSid = NULL, SystemSid = NULL, AdminsSid = NULL; + SECURITY_DESCRIPTOR AbsSd; + PSECURITY_DESCRIPTOR RelSd = NULL; + static SID_IDENTIFIER_AUTHORITY NtAuthority = {SECURITY_NT_AUTHORITY}; + + if (!AllocateAndInitializeSid(&NtAuthority, + 1, + SECURITY_AUTHENTICATED_USER_RID, + 0, 0, 0, 0, 0, 0, 0, + &AuthenticatedUsersSid)) + { + return FALSE; + } + + if (!AllocateAndInitializeSid(&NtAuthority, + 1, + SECURITY_LOCAL_SYSTEM_RID, + 0, 0, 0, 0, 0, 0, 0, + &SystemSid)) + { + goto Quit; + } + + if (!AllocateAndInitializeSid(&NtAuthority, + 2, + SECURITY_BUILTIN_DOMAIN_RID, + DOMAIN_ALIAS_RID_ADMINS, + 0, 0, 0, 0, 0, 0, + &AdminsSid)) + { + goto Quit; + } + + if (!InitializeSecurityDescriptor(&AbsSd, SECURITY_DESCRIPTOR_REVISION)) + { + goto Quit; + } + + DaclSize = sizeof(ACL) + + sizeof(ACCESS_ALLOWED_ACE) + GetLengthSid(AuthenticatedUsersSid) + + sizeof(ACCESS_ALLOWED_ACE) + GetLengthSid(SystemSid) + + sizeof(ACCESS_ALLOWED_ACE) + GetLengthSid(AdminsSid); + + Dacl = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, DaclSize); + if (!Dacl) + { + goto Quit; + } + + if (!InitializeAcl(Dacl, DaclSize, ACL_REVISION)) + { + goto Quit; + } + + if (!AddAccessAllowedAce(Dacl, + ACL_REVISION, + SYNCHRONIZE | STANDARD_RIGHTS_READ | 0x3, + AuthenticatedUsersSid)) + { + goto Quit; + } + + if (!AddAccessAllowedAce(Dacl, + ACL_REVISION, + SEMAPHORE_ALL_ACCESS, + SystemSid)) + { + goto Quit; + } + + if (!AddAccessAllowedAce(Dacl, + ACL_REVISION, + SEMAPHORE_ALL_ACCESS, + AdminsSid)) + { + goto Quit; + } + + if (!SetSecurityDescriptorDacl(&AbsSd, TRUE, Dacl, FALSE)) + { + goto Quit; + } + + if (!SetSecurityDescriptorOwner(&AbsSd, AdminsSid, FALSE)) + { + goto Quit; + } + + if (!SetSecurityDescriptorGroup(&AbsSd, SystemSid, FALSE)) + { + goto Quit; + } + + if (!MakeSelfRelativeSD(&AbsSd, NULL, &RelSDSize) && GetLastError() == ERROR_INSUFFICIENT_BUFFER) + { + RelSd = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, RelSDSize); + if (RelSd == NULL) + { + goto Quit; + } + + if (!MakeSelfRelativeSD(&AbsSd, RelSd, &RelSDSize)) + { + goto Quit; + } + } + + *PowrProfSd = RelSd; + Success = TRUE; + +Quit: + if (AuthenticatedUsersSid) + { + FreeSid(AuthenticatedUsersSid); + } + + if (SystemSid) + { + FreeSid(SystemSid); + } + + if (AdminsSid) + { + FreeSid(AdminsSid); + } + + if (Dacl) + { + HeapFree(GetProcessHeap(), 0, Dacl); + } + + if (!Success) + { + if (RelSd) + { + HeapFree(GetProcessHeap(), 0, RelSd); + } + } + + return Success; +} + static VOID FixSystemPowerState(PSYSTEM_POWER_STATE Psps, SYSTEM_POWER_CAPABILITIES PowerCaps) { @@ -1098,6 +1264,8 @@ DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved) { HKEY hKey; LONG Err; + SECURITY_ATTRIBUTES SecAttrs; + PSECURITY_DESCRIPTOR Sd; DisableThreadLibraryCalls(hinstDLL); @@ -1124,7 +1292,18 @@ DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved) RegCloseKey(hKey); } - PPRegSemaphore = CreateSemaphoreW(NULL, 1, 1, szSemaphoreName); + if (!CreatePowrProfSemaphoreSecurity(&Sd)) + { + ERR("Couldn't create POWRPROF semaphore security descriptor!\n"); + return FALSE; + } + + SecAttrs.nLength = sizeof(SECURITY_ATTRIBUTES); + SecAttrs.lpSecurityDescriptor = Sd; + SecAttrs.bInheritHandle = FALSE; + + PPRegSemaphore = CreateSemaphoreW(&SecAttrs, 1, 1, szSemaphoreName); + HeapFree(GetProcessHeap(), 0, Sd); if (PPRegSemaphore == NULL) { ERR("Couldn't create Semaphore: %d\n", GetLastError());

1 0

[reactos] 11/21: [RPCRT4] Set up a security descriptor for RPC named pipes
by George Bișoc 06 May '22

06 May '22

https://git.reactos.org/?p=reactos.git;a=commitdiff;h=56a2c0fec4eb69f898b98… commit 56a2c0fec4eb69f898b98439bc4a5b0353e6f759 Author: George Bișoc <george.bisoc(a)reactos.org> AuthorDate: Fri Feb 18 21:42:51 2022 +0100 Commit: George Bișoc <george.bisoc(a)reactos.org> CommitDate: Fri May 6 10:09:51 2022 +0200 [RPCRT4] Set up a security descriptor for RPC named pipes rpcrt4_create_pipe_security function will be held in charge to set up security descriptors specific for each named pipe upon creation in rpcrt4_conn_create_pipe. The descriptor is then freed after the pipe is no longer needed. --- dll/win32/rpcrt4/rpc_transport.c | 240 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 240 insertions(+) diff --git a/dll/win32/rpcrt4/rpc_transport.c b/dll/win32/rpcrt4/rpc_transport.c index 88f027d9990..be0d052bef3 100644 --- a/dll/win32/rpcrt4/rpc_transport.c +++ b/dll/win32/rpcrt4/rpc_transport.c @@ -107,23 +107,263 @@ static void release_np_event(RpcConnection_np *connection, HANDLE event) CloseHandle(event); } +#ifdef __REACTOS__ +/** + * @brief + * Creates a security descriptor for RPC4 pipe + * + * @param[out] SecDesc + * A pointer to an allocated security descriptor. + * + * @return + * ERROR_SUCCESS is returned if the function has + * successfully created the security descriptor, + * otherwise a Win32 error code is returned. + * + * @remarks + * Everyone (aka World SID) and anonynous users + * are given a subset of rights to access the pipe, + * whereas admins are given full power. + */ +static DWORD rpcrt4_create_pipe_security(PSECURITY_DESCRIPTOR *SecDesc) +{ + DWORD ErrCode; + PACL Dacl; + ULONG DaclSize, RelSDSize = 0; + PSID EveryoneSid = NULL, AnonymousSid = NULL, AdminsSid = NULL; + PSECURITY_DESCRIPTOR AbsSD = NULL, RelSD = NULL; + static SID_IDENTIFIER_AUTHORITY WorldAuthority = {SECURITY_WORLD_SID_AUTHORITY}; + static SID_IDENTIFIER_AUTHORITY NtAuthority = {SECURITY_NT_AUTHORITY}; + + if (!AllocateAndInitializeSid(&WorldAuthority, + 1, + SECURITY_WORLD_RID, + 0, 0, 0, 0, 0, 0, 0, + &EveryoneSid)) + { + ERR("rpcrt4_create_pipe_security(): Failed to allocate Everyone SID (error code %d)\n", GetLastError()); + return GetLastError(); + } + + if (!AllocateAndInitializeSid(&NtAuthority, + 1, + SECURITY_ANONYMOUS_LOGON_RID, + 0, 0, 0, 0, 0, 0, 0, + &AnonymousSid)) + { + ERR("rpcrt4_create_pipe_security(): Failed to allocate Anonymous SID (error code %d)\n", GetLastError()); + ErrCode = GetLastError(); + goto Quit; + } + + if (!AllocateAndInitializeSid(&NtAuthority, + 2, + SECURITY_BUILTIN_DOMAIN_RID, + DOMAIN_ALIAS_RID_ADMINS, + 0, 0, 0, 0, 0, 0, + &AdminsSid)) + { + ERR("rpcrt4_create_pipe_security(): Failed to allocate Admins SID (error code %d)\n", GetLastError()); + ErrCode = GetLastError(); + goto Quit; + } + + AbsSD = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, sizeof(SECURITY_DESCRIPTOR)); + if (AbsSD == NULL) + { + ERR("rpcrt4_create_pipe_security(): Failed to allocate absolute SD!\n"); + ErrCode = ERROR_OUTOFMEMORY; + goto Quit; + } + + if (!InitializeSecurityDescriptor(AbsSD, SECURITY_DESCRIPTOR_REVISION)) + { + ERR("rpcrt4_create_pipe_security(): Failed to create absolute SD (error code %d)\n", GetLastError()); + ErrCode = GetLastError(); + goto Quit; + } + + DaclSize = sizeof(ACL) + + sizeof(ACCESS_ALLOWED_ACE) + RtlLengthSid(EveryoneSid) + + sizeof(ACCESS_ALLOWED_ACE) + RtlLengthSid(AnonymousSid) + + sizeof(ACCESS_ALLOWED_ACE) + RtlLengthSid(AdminsSid); + + + Dacl = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, DaclSize); + if (Dacl == NULL) + { + ERR("rpcrt4_create_pipe_security(): Failed to allocate DACL!\n"); + ErrCode = ERROR_OUTOFMEMORY; + goto Quit; + } + + if (!InitializeAcl(Dacl, DaclSize, ACL_REVISION)) + { + ERR("rpcrt4_create_pipe_security(): Failed to create DACL (error code %d)\n", GetLastError()); + ErrCode = GetLastError(); + goto Quit; + } + + if (!AddAccessAllowedAce(Dacl, + ACL_REVISION, + GENERIC_READ | GENERIC_WRITE | SYNCHRONIZE | READ_CONTROL, + EveryoneSid)) + { + ERR("rpcrt4_create_pipe_security(): Failed to set up ACE for Everyone SID (error code %d)\n", GetLastError()); + ErrCode = GetLastError(); + goto Quit; + } + + if (!AddAccessAllowedAce(Dacl, + ACL_REVISION, + GENERIC_READ | GENERIC_WRITE | SYNCHRONIZE | READ_CONTROL, + AnonymousSid)) + { + ERR("rpcrt4_create_pipe_security(): Failed to set up ACE for Anonymous SID (error code %d)\n", GetLastError()); + ErrCode = GetLastError(); + goto Quit; + } + + if (!AddAccessAllowedAce(Dacl, + ACL_REVISION, + GENERIC_ALL, + AdminsSid)) + { + ERR("rpcrt4_create_pipe_security(): Failed to set up ACE for Admins SID (error code %d)\n", GetLastError()); + ErrCode = GetLastError(); + goto Quit; + } + + if (!SetSecurityDescriptorDacl(AbsSD, TRUE, Dacl, FALSE)) + { + ERR("rpcrt4_create_pipe_security(): Failed to set DACL to absolute SD (error code %d)\n", GetLastError()); + ErrCode = GetLastError(); + goto Quit; + } + + if (!SetSecurityDescriptorOwner(AbsSD, AdminsSid, FALSE)) + { + ERR("rpcrt4_create_pipe_security(): Failed to set SD owner (error code %d)\n", GetLastError()); + ErrCode = GetLastError(); + goto Quit; + } + + if (!SetSecurityDescriptorGroup(AbsSD, AdminsSid, FALSE)) + { + ERR("rpcrt4_create_pipe_security(): Failed to set SD group (error code %d)\n", GetLastError()); + ErrCode = GetLastError(); + goto Quit; + } + + if (!MakeSelfRelativeSD(AbsSD, NULL, &RelSDSize) && GetLastError() != ERROR_INSUFFICIENT_BUFFER) + { + ERR("rpcrt4_create_pipe_security(): Unexpected error code (error code %d -- must be ERROR_INSUFFICIENT_BUFFER)\n", GetLastError()); + ErrCode = GetLastError(); + goto Quit; + } + + RelSD = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, RelSDSize); + if (RelSD == NULL) + { + ERR("rpcrt4_create_pipe_security(): Failed to allocate relative SD!\n"); + ErrCode = ERROR_OUTOFMEMORY; + goto Quit; + } + + if (!MakeSelfRelativeSD(AbsSD, RelSD, &RelSDSize) && GetLastError() == ERROR_INSUFFICIENT_BUFFER) + { + ERR("rpcrt4_create_pipe_security(): Failed to allocate relative SD, buffer too smal (expected size %lu)\n", RelSDSize); + ErrCode = ERROR_INSUFFICIENT_BUFFER; + goto Quit; + } + + TRACE("rpcrt4_create_pipe_security(): Success!\n"); + *SecDesc = RelSD; + ErrCode = ERROR_SUCCESS; + +Quit: + if (ErrCode != ERROR_SUCCESS) + { + if (RelSD != NULL) + { + HeapFree(GetProcessHeap(), 0, RelSD); + } + } + + if (EveryoneSid != NULL) + { + FreeSid(EveryoneSid); + } + + if (AnonymousSid != NULL) + { + FreeSid(AnonymousSid); + } + + if (AdminsSid != NULL) + { + FreeSid(AdminsSid); + } + + if (Dacl != NULL) + { + HeapFree(GetProcessHeap(), 0, Dacl); + } + + if (AbsSD != NULL) + { + HeapFree(GetProcessHeap(), 0, AbsSD); + } + + return ErrCode; +} +#endif + static RPC_STATUS rpcrt4_conn_create_pipe(RpcConnection *conn) { RpcConnection_np *connection = (RpcConnection_np *) conn; +#ifdef __REACTOS__ + DWORD ErrCode; + SECURITY_ATTRIBUTES SecurityAttributes; + PSECURITY_DESCRIPTOR PipeSecDesc; +#endif TRACE("listening on %s\n", connection->listen_pipe); +#ifdef __REACTOS__ + ErrCode = rpcrt4_create_pipe_security(&PipeSecDesc); + if (ErrCode != ERROR_SUCCESS) + { + ERR("rpcrt4_conn_create_pipe(): Pipe security descriptor creation failed!\n"); + return RPC_S_CANT_CREATE_ENDPOINT; + } + + SecurityAttributes.nLength = sizeof(SECURITY_ATTRIBUTES); + SecurityAttributes.lpSecurityDescriptor = PipeSecDesc; + SecurityAttributes.bInheritHandle = FALSE; + + connection->pipe = CreateNamedPipeA(connection->listen_pipe, PIPE_ACCESS_DUPLEX | FILE_FLAG_OVERLAPPED, + PIPE_TYPE_MESSAGE | PIPE_READMODE_MESSAGE, + PIPE_UNLIMITED_INSTANCES, + RPC_MAX_PACKET_SIZE, RPC_MAX_PACKET_SIZE, 5000, &SecurityAttributes); + HeapFree(GetProcessHeap(), 0, PipeSecDesc); +#else connection->pipe = CreateNamedPipeA(connection->listen_pipe, PIPE_ACCESS_DUPLEX | FILE_FLAG_OVERLAPPED, PIPE_TYPE_MESSAGE | PIPE_READMODE_MESSAGE, PIPE_UNLIMITED_INSTANCES, RPC_MAX_PACKET_SIZE, RPC_MAX_PACKET_SIZE, 5000, NULL); +#endif if (connection->pipe == INVALID_HANDLE_VALUE) { WARN("CreateNamedPipe failed with error %d\n", GetLastError()); if (GetLastError() == ERROR_FILE_EXISTS) + { return RPC_S_DUPLICATE_ENDPOINT; + } else + { return RPC_S_CANT_CREATE_ENDPOINT; + } } return RPC_S_OK;

1 0

Jump to page:

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

Ros-diffs