[pulseaudio-commits] [Git][pulseaudio/pulseaudio][master] win32: Use DACLs when setting socket permissions

PulseAudio Marge Bot (@pulseaudio-merge-bot) gitlab at gitlab.freedesktop.org
Mon May 3 11:48:33 UTC 2021 


PulseAudio Marge Bot pushed to branch master at PulseAudio / pulseaudio


Commits:
39125a0f by Patrick Gaskin at 2021-05-03T11:43:10+00:00
win32: Use DACLs when setting socket permissions

Part-of: <https://gitlab.freedesktop.org/pulseaudio/pulseaudio/-/merge_requests/548>

- - - - -


1 changed file:

- src/pulsecore/socket-server.c


Changes:

=====================================
src/pulsecore/socket-server.c
=====================================
@@ -58,6 +58,12 @@ int deny_severity = LOG_WARNING;
 #include <systemd/sd-daemon.h>
 #endif
 
+#ifdef HAVE_WINDOWS_H
+#include <windows.h>
+#include <aclapi.h>
+#include <sddl.h>
+#endif
+
 #include <pulse/xmalloc.h>
 #include <pulse/util.h>
 
@@ -220,6 +226,31 @@ pa_socket_server* pa_socket_server_new_unix(pa_mainloop_api *m, const char *file
         * inodes. */
         chmod(filename, 0777);
 
+#ifdef OS_IS_WIN32
+        /* https://docs.microsoft.com/en-us/windows/win32/secauthz/ace-strings */
+        /* https://docs.microsoft.com/en-us/windows/win32/secauthz/modifying-the-acls-of-an-object-in-c-- */
+        /* https://docs.microsoft.com/en-us/windows/win32/api/sddl/nf-sddl-convertstringsecuritydescriptortosecuritydescriptora */
+        PSECURITY_DESCRIPTOR sd;
+        if (ConvertStringSecurityDescriptorToSecurityDescriptorA(
+            "D:"                /* DACL */
+            "(A;;FRFW;;;WD)",   /* allow all users to read/write */
+            SDDL_REVISION_1, &sd, NULL
+        )) {
+            PACL acl;
+            BOOL acl_present, acl_default;
+            if (GetSecurityDescriptorDacl(sd, &acl_present, &acl, &acl_default)) {
+                if (SetNamedSecurityInfo(filename, SE_FILE_OBJECT, DACL_SECURITY_INFORMATION, NULL, NULL, acl, NULL) != ERROR_SUCCESS) {
+                    pa_log_warn("Failed to set DACL for socket: failed to apply DACL: error %lu.", GetLastError());
+                }
+                LocalFree(acl);
+            } else {
+                pa_log_warn("Failed to set DACL for socket: failed to get security descriptor DACL: error %lu.", GetLastError());
+            }
+        } else {
+            pa_log_warn("Failed to set DACL for socket: failed to parse security descriptor: error %lu.", GetLastError());
+        }
+#endif
+
         if (listen(fd, 5) < 0) {
             pa_log("listen(): %s", pa_cstrerror(errno));
             goto fail;



View it on GitLab: https://gitlab.freedesktop.org/pulseaudio/pulseaudio/-/commit/39125a0f2b68513139961ba61dc9b4a405b766b0

-- 
View it on GitLab: https://gitlab.freedesktop.org/pulseaudio/pulseaudio/-/commit/39125a0f2b68513139961ba61dc9b4a405b766b0
You're receiving this email because of your account on gitlab.freedesktop.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/pulseaudio-commits/attachments/20210503/260b73c3/attachment-0001.htm>

More information about the pulseaudio-commits mailing list