- CLI: Adjust the shared memory ACLs so that everybody can read/write to

them, the default ACL limits read/write access to SYSTEM and boinc_master
        when run in secure mode.
        
    lib/
        boinc_win.h
        shmem.C

svn path=/trunk/boinc/; revision=14903
This commit is contained in:
Rom Walton 2008-03-12 18:23:48 +00:00
parent 7ca07df3a9
commit c2028c37fd
3 changed files with 86 additions and 6 deletions

View File

@ -2257,3 +2257,12 @@ Charlie Mar 11 2008 (HEAD)
/ /
configure.ac configure.ac
version.h version.h
Rom Mar 11 2008
- CLI: Adjust the shared memory ACLs so that everybody can read/write to
them, the default ACL limits read/write access to SYSTEM and boinc_master
when run in secure mode.
lib/
boinc_win.h
shmem.C

View File

@ -73,6 +73,7 @@
#include <share.h> #include <share.h>
#include <shlobj.h> #include <shlobj.h>
#include <userenv.h> #include <userenv.h>
#include <aclapi.h>
#if !defined(__CYGWIN32__) || defined(USE_WINSOCK) #if !defined(__CYGWIN32__) || defined(USE_WINSOCK)

View File

@ -65,15 +65,76 @@ extern "C" int debug_printf(const char *fmt, ...);
#ifdef _WIN32 #ifdef _WIN32
HANDLE create_shmem(LPCTSTR seg_name, int size, void** pp, bool disable_mapview) { HANDLE create_shmem(LPCTSTR seg_name, int size, void** pp, bool disable_mapview) {
SECURITY_ATTRIBUTES security; HANDLE hMap = NULL;
HANDLE hMap;
DWORD dwError = 0; DWORD dwError = 0;
DWORD dwRes;
PSID pEveryoneSID = NULL;
PACL pACL = NULL;
PSECURITY_DESCRIPTOR pSD = NULL;
EXPLICIT_ACCESS ea;
SID_IDENTIFIER_AUTHORITY SIDAuthWorld = SECURITY_WORLD_SID_AUTHORITY;
SECURITY_ATTRIBUTES sa;
security.nLength = sizeof(security); // Create a well-known SID for the Everyone group.
security.lpSecurityDescriptor = NULL; if(!AllocateAndInitializeSid(&SIDAuthWorld, 1,
security.bInheritHandle = TRUE; SECURITY_WORLD_RID,
0, 0, 0, 0, 0, 0, 0,
&pEveryoneSID))
{
fprintf(stderr, "AllocateAndInitializeSid Error %u\n", GetLastError());
goto Cleanup;
}
hMap = CreateFileMapping(INVALID_HANDLE_VALUE, &security, PAGE_READWRITE, 0, size, seg_name); // Initialize an EXPLICIT_ACCESS structure for an ACE.
// The ACE will allow Everyone all access to the shared memory object.
ZeroMemory(&ea, sizeof(EXPLICIT_ACCESS));
ea.grfAccessPermissions = FILE_MAP_ALL_ACCESS;
ea.grfAccessMode = SET_ACCESS;
ea.grfInheritance= NO_INHERITANCE;
ea.Trustee.TrusteeForm = TRUSTEE_IS_SID;
ea.Trustee.TrusteeType = TRUSTEE_IS_WELL_KNOWN_GROUP;
ea.Trustee.ptstrName = (LPTSTR) pEveryoneSID;
// Create a new ACL that contains the new ACEs.
dwRes = SetEntriesInAcl(1, &ea, NULL, &pACL);
if (ERROR_SUCCESS != dwRes)
{
fprintf(stderr, "SetEntriesInAcl Error %u\n", GetLastError());
goto Cleanup;
}
// Initialize a security descriptor.
pSD = (PSECURITY_DESCRIPTOR) LocalAlloc(LPTR, SECURITY_DESCRIPTOR_MIN_LENGTH);
if (NULL == pSD)
{
fprintf(stderr, "LocalAlloc Error %u\n", GetLastError());
goto Cleanup;
}
if (!InitializeSecurityDescriptor(pSD, SECURITY_DESCRIPTOR_REVISION))
{
fprintf(stderr, "InitializeSecurityDescriptor Error %u\n", GetLastError());
goto Cleanup;
}
// Add the ACL to the security descriptor.
if (!SetSecurityDescriptorDacl(pSD,
TRUE, // bDaclPresent flag
pACL,
FALSE)) // not a default DACL
{
fprintf(stderr, "SetSecurityDescriptorDacl Error %u\n", GetLastError());
goto Cleanup;
}
// Initialize a security attributes structure.
sa.nLength = sizeof (SECURITY_ATTRIBUTES);
sa.lpSecurityDescriptor = pSD;
sa.bInheritHandle = FALSE;
// Use the security attributes to set the security descriptor
// when you create a shared file mapping.
hMap = CreateFileMapping(INVALID_HANDLE_VALUE, &sa, PAGE_READWRITE, 0, size, seg_name);
dwError = GetLastError(); dwError = GetLastError();
if (disable_mapview && (NULL != hMap) && (ERROR_ALREADY_EXISTS == dwError)) { if (disable_mapview && (NULL != hMap) && (ERROR_ALREADY_EXISTS == dwError)) {
CloseHandle(hMap); CloseHandle(hMap);
@ -84,6 +145,15 @@ HANDLE create_shmem(LPCTSTR seg_name, int size, void** pp, bool disable_mapview)
*pp = MapViewOfFile( hMap, FILE_MAP_ALL_ACCESS, 0, 0, 0 ); *pp = MapViewOfFile( hMap, FILE_MAP_ALL_ACCESS, 0, 0, 0 );
} }
Cleanup:
if (pEveryoneSID)
FreeSid(pEveryoneSID);
if (pACL)
LocalFree(pACL);
if (pSD)
LocalFree(pSD);
return hMap; return hMap;
} }