Author: weiden Date: Sat Jun 30 01:43:18 2007 New Revision: 27341
URL: http://svn.reactos.org/svn/reactos?rev=27341&view=rev Log: Create the named pipe with R/W access for everyone. This enables VMware running without administrative privileges to connect to the service.
Modified: trunk/tools/vmwaregateway/vmwaregateway.cpp
Modified: trunk/tools/vmwaregateway/vmwaregateway.cpp URL: http://svn.reactos.org/svn/reactos/trunk/tools/vmwaregateway/vmwaregateway.c... ============================================================================== --- trunk/tools/vmwaregateway/vmwaregateway.cpp (original) +++ trunk/tools/vmwaregateway/vmwaregateway.cpp Sat Jun 30 01:43:18 2007 @@ -36,11 +36,160 @@ // verbose output - traces a lot BOOL verbose = FALSE;
+PSECURITY_DESCRIPTOR +CreateVmwareGatewaySD(VOID) +{ + static SID_IDENTIFIER_AUTHORITY LocalSystemAuthority = {SECURITY_NT_AUTHORITY}; + static SID_IDENTIFIER_AUTHORITY WorldAuthority = {SECURITY_WORLD_SID_AUTHORITY}; + PSID LocalSystemSid = NULL; + PSID AdministratorsSid = NULL; + PSID EveryoneSid = NULL; + PACL Dacl; + DWORD DaclSize; + PSECURITY_DESCRIPTOR pSD = NULL; + + /* create the SYSTEM, Administrators and Everyone SIDs */ + if (!AllocateAndInitializeSid(&LocalSystemAuthority, + 1, + SECURITY_LOCAL_SYSTEM_RID, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + &LocalSystemSid) || + !AllocateAndInitializeSid(&LocalSystemAuthority, + 2, + SECURITY_BUILTIN_DOMAIN_RID, + DOMAIN_ALIAS_RID_ADMINS, + 0, + 0, + 0, + 0, + 0, + 0, + &AdministratorsSid) || + !AllocateAndInitializeSid(&WorldAuthority, + 1, + SECURITY_WORLD_RID, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + &EveryoneSid)) + { + printf("Failed initializing the SIDs for the default security descriptor (0x%p, 0x%p, 0x%p)\n", + LocalSystemSid, AdministratorsSid, EveryoneSid); + goto Cleanup; + } + + /* allocate the security descriptor and DACL */ + DaclSize = sizeof(ACL) + + ((GetLengthSid(LocalSystemSid) + + GetLengthSid(AdministratorsSid) + + GetLengthSid(EveryoneSid)) + + (3 * FIELD_OFFSET(ACCESS_ALLOWED_ACE, + SidStart))); + + pSD = (PSECURITY_DESCRIPTOR)LocalAlloc(LMEM_FIXED, + (SIZE_T)DaclSize + sizeof(SECURITY_DESCRIPTOR)); + if (pSD == NULL) + { + printf("Failed to allocate the default security descriptor and ACL\n"); + goto Cleanup; + } + + if (!InitializeSecurityDescriptor(pSD, + SECURITY_DESCRIPTOR_REVISION)) + { + printf("Failed to initialize the default security descriptor\n"); + goto Cleanup; + } + + /* initialize and build the DACL */ + Dacl = (PACL)((ULONG_PTR)pSD + sizeof(SECURITY_DESCRIPTOR)); + if (!InitializeAcl(Dacl, + (DWORD)DaclSize, + ACL_REVISION)) + { + printf("Failed to initialize the DACL of the default security descriptor\n"); + goto Cleanup; + } + + /* add the SYSTEM Ace */ + if (!AddAccessAllowedAce(Dacl, + ACL_REVISION, + FILE_GENERIC_READ | FILE_GENERIC_WRITE | FILE_GENERIC_EXECUTE, + LocalSystemSid)) + { + printf("Failed to add the SYSTEM ACE\n"); + goto Cleanup; + } + + /* add the Administrators Ace */ + if (!AddAccessAllowedAce(Dacl, + ACL_REVISION, + FILE_GENERIC_READ | FILE_GENERIC_WRITE | FILE_GENERIC_EXECUTE, + AdministratorsSid)) + { + printf("Failed to add the Administrators ACE\n"); + goto Cleanup; + } + + /* add the Everyone Ace */ + if (!AddAccessAllowedAce(Dacl, + ACL_REVISION, + FILE_GENERIC_READ | FILE_GENERIC_WRITE | FILE_GENERIC_EXECUTE, + EveryoneSid)) + { + printf("Failed to add the Everyone ACE\n"); + goto Cleanup; + } + + /* set the DACL */ + if (!SetSecurityDescriptorDacl(pSD, + TRUE, + Dacl, + FALSE)) + { + printf("Failed to set the DACL of the default security descriptor\n"); + +Cleanup: + if (pSD != NULL) + { + LocalFree((HLOCAL)pSD); + pSD = NULL; + } + } + + if (LocalSystemSid != NULL) + { + FreeSid(LocalSystemSid); + } + if (AdministratorsSid != NULL) + { + FreeSid(AdministratorsSid); + } + if (EveryoneSid != NULL) + { + FreeSid(EveryoneSid); + } + + return pSD; +} + // the central server loop void Server() { WORD wVersionRequested; WSADATA wsaData; + PSECURITY_DESCRIPTOR sd; + SECURITY_ATTRIBUTES sa; wVersionRequested = MAKEWORD( 2, 2 );
// socket and pipe handles @@ -69,6 +218,12 @@ return; }
+ // create a suitable security descriptor + sd = CreateVmwareGatewaySD(); + sa.nLength = sizeof(sa); + sa.lpSecurityDescriptor = sd; + sa.bInheritHandle = FALSE; + // first create the named pipe pipe = CreateNamedPipe(PIPE_NAME, PIPE_ACCESS_DUPLEX | FILE_FLAG_OVERLAPPED, @@ -77,7 +232,9 @@ 100, 100, NMPWAIT_WAIT_FOREVER, - NULL); + &sa); + if (sd != NULL) + LocalFree((HLOCAL)sd); if (pipe == INVALID_HANDLE_VALUE) { printf("Could not create named pipe (%d)\n", GetLastError());