The SECURITY_ATTRIBUTES struct and CreateNamedPipe()

后端 未结 3 2067
故里飘歌
故里飘歌 2021-02-10 17:47

My scenario is the following: the process that creates the named pipe object with CreateNamedPipe() has administrator privileges, but the client process \"connectin

3条回答
  •  遇见更好的自我
    2021-02-10 18:07

    error in line SetEntriesInAcl(2, ea, NULL, &pACL); when need SetEntriesInAcl(1, ea, NULL, &pACL); - you really init and use only 1 entry. and not check result returned by SetEntriesInAcl. the next code will be work correct:

            EXPLICIT_ACCESS ea = {
                STANDARD_RIGHTS_ALL,SET_ACCESS, NO_INHERITANCE, { 0, NO_MULTIPLE_TRUSTEE, TRUSTEE_IS_SID, TRUSTEE_IS_WELL_KNOWN_GROUP, (LPTSTR)pEveryoneSID }
            };
            PACL pACL;
            if (SetEntriesInAcl(1, &ea, NULL, &pACL) == ERROR_SUCCESS)
            {
            }
    

    here also can be access denied by Integrity Level. need check os version, and if vista+ set LowLabel in security descriptor. and can use 0 DACL. ( by default system assume MediumLabelSid if it not explicitly set, as result LowIntegrity clients fail open pipe, but for usual not admin clients solution by @Remy Lebeau is enough )

    PSECURITY_DESCRIPTOR pSecurityDescriptor = (PSECURITY_DESCRIPTOR)alloca(SECURITY_DESCRIPTOR_MIN_LENGTH);
    
    BOOL fOk = FALSE;
    
    if (
        InitializeSecurityDescriptor(pSecurityDescriptor, SECURITY_DESCRIPTOR_REVISION) 
        && 
        SetSecurityDescriptorDacl(pSecurityDescriptor, TRUE, 0, 0)
        )
    {
        RTL_OSVERSIONINFOW rov = { sizeof (rov)};
    
        if (0 <= RtlGetVersion(&rov))
        {
            if (rov.dwMajorVersion < 6)
            {
                fOk = TRUE;
            }
            else
            {
                PSID LowLabelSid = (PSID)alloca(64);
                ULONG cbSid = 64;
                if (CreateWellKnownSid(::WinLowLabelSid, 0, LowLabelSid, &cbSid))
                {
                    ::PACL LowLabelAcl = (::PACL)alloca(64+cbSid);
                    InitializeAcl(LowLabelAcl, 64+cbSid, ACL_REVISION);
                    if (AddMandatoryAce(LowLabelAcl, ACL_REVISION, 0, SYSTEM_MANDATORY_LABEL_NO_WRITE_UP, LowLabelSid))
                    {
                        fOk = SetSecurityDescriptorSacl(pSecurityDescriptor, TRUE, LowLabelAcl, FALSE);
                    }
                }
            }
        }
    }
    

提交回复
热议问题