[Spice-devel] [PATCH spice-gtk 1/2] controller/win32: allow ActiveX connection on untrusted website
Arnon Gilboa
agilboa at redhat.com
Thu Oct 25 03:40:12 PDT 2012
ack
Marc-André Lureau wrote:
> Set low integrity on named-pipes.
>
> This bug was originally resolved as:
> https://bugzilla.redhat.com/show_bug.cgi?id=668980
>
> Fixes regression:
> https://bugzilla.redhat.com/show_bug.cgi?id=844461
> ---
> gtk/controller/Makefile.am | 2 +
> gtk/controller/spice-controller-listener.c | 3 +-
> gtk/controller/spice-foreign-menu-listener.c | 3 +-
> gtk/controller/win32-util.c | 111 +++++++++++++++++++++++++++
> gtk/controller/win32-util.h | 30 ++++++++
> 5 files changed, 147 insertions(+), 2 deletions(-)
> create mode 100644 gtk/controller/win32-util.c
> create mode 100644 gtk/controller/win32-util.h
>
> diff --git a/gtk/controller/Makefile.am b/gtk/controller/Makefile.am
> index 7bfa51b..f2abf93 100644
> --- a/gtk/controller/Makefile.am
> +++ b/gtk/controller/Makefile.am
> @@ -56,6 +56,8 @@ libspice_controller_la_SOURCES += \
> namedpipeconnection.h \
> namedpipelistener.c \
> namedpipelistener.h \
> + win32-util.c \
> + win32-util.h \
> $(NULL)
> endif
> libspice_controller_la_LDFLAGS = \
> diff --git a/gtk/controller/spice-controller-listener.c b/gtk/controller/spice-controller-listener.c
> index da1121e..0189848 100644
> --- a/gtk/controller/spice-controller-listener.c
> +++ b/gtk/controller/spice-controller-listener.c
> @@ -25,6 +25,7 @@
> #include <windows.h>
> #include "namedpipe.h"
> #include "namedpipelistener.h"
> +#include "win32-util.h"
> #endif
>
> #ifdef G_OS_UNIX
> @@ -89,7 +90,7 @@ spice_controller_listener_new (const gchar *address, GError **error)
>
> listener = G_OBJECT (spice_named_pipe_listener_new ());
>
> - np = spice_named_pipe_new (addr, error);
> + np = spice_win32_user_pipe_new (addr, error);
> if (!np) {
> g_object_unref (listener);
> listener = NULL;
> diff --git a/gtk/controller/spice-foreign-menu-listener.c b/gtk/controller/spice-foreign-menu-listener.c
> index 8322a13..6693e21 100644
> --- a/gtk/controller/spice-foreign-menu-listener.c
> +++ b/gtk/controller/spice-foreign-menu-listener.c
> @@ -25,6 +25,7 @@
> #include <windows.h>
> #include "namedpipe.h"
> #include "namedpipelistener.h"
> +#include "win32-util.h"
> #endif
>
> #ifdef G_OS_UNIX
> @@ -91,7 +92,7 @@ spice_foreign_menu_listener_new (const gchar *address, GError **error)
>
> listener = G_OBJECT (spice_named_pipe_listener_new ());
>
> - np = spice_named_pipe_new (addr, error);
> + np = spice_win32_user_pipe_new (addr, error);
> if (!np) {
> g_object_unref (listener);
> listener = NULL;
> diff --git a/gtk/controller/win32-util.c b/gtk/controller/win32-util.c
> new file mode 100644
> index 0000000..4e3ec4c
> --- /dev/null
> +++ b/gtk/controller/win32-util.c
> @@ -0,0 +1,111 @@
> +/*
> + Copyright (C) 2012 Red Hat, Inc.
> +
> + This library is free software; you can redistribute it and/or
> + modify it under the terms of the GNU Lesser General Public
> + License as published by the Free Software Foundation; either
> + version 2.1 of the License, or (at your option) any later version.
> +
> + This library is distributed in the hope that it will be useful,
> + but WITHOUT ANY WARRANTY; without even the implied warranty of
> + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> + Lesser General Public License for more details.
> +
> + You should have received a copy of the GNU Lesser General Public
> + License along with this library; if not, see <http://www.gnu.org/licenses/>.
> +*/
> +
> +#include "win32-util.h"
> +#include <windows.h>
> +#include <sddl.h>
> +#include <aclapi.h>
> +
> +gboolean
> +spice_win32_set_low_integrity (void* handle, GError **error)
> +{
> + g_return_val_if_fail (handle != NULL, FALSE);
> + g_return_val_if_fail (error == NULL || *error == NULL, FALSE);
> +
> + /* see also http://msdn.microsoft.com/en-us/library/bb625960.aspx */
> + PSECURITY_DESCRIPTOR psd = NULL;
> + PACL psacl = NULL;
> + BOOL sacl_present = FALSE;
> + BOOL sacl_defaulted = FALSE;
> + char *emsg;
> + int errsv;
> + gboolean success = FALSE;
> +
> + if (!ConvertStringSecurityDescriptorToSecurityDescriptor ("S:(ML;;NW;;;LW)",
> + SDDL_REVISION_1, &psd, NULL))
> + goto failed;
> +
> + if (!GetSecurityDescriptorSacl (psd, &sacl_present, &psacl, &sacl_defaulted))
> + goto failed;
> +
> + if (SetSecurityInfo (handle, SE_KERNEL_OBJECT, LABEL_SECURITY_INFORMATION,
> + NULL, NULL, NULL, psacl) != ERROR_SUCCESS)
> + goto failed;
> +
> + success = TRUE;
> + goto end;
> +
> +failed:
> + errsv = GetLastError ();
> + emsg = g_win32_error_message (errsv);
> + g_set_error (error, G_IO_ERROR,
> + g_io_error_from_win32_error (errsv),
> + "Error setting integrity: %s",
> + emsg);
> + g_free (emsg);
> +
> +end:
> + if (psd != NULL)
> + LocalFree (psd);
> +
> + return success;
> +}
> +#define DEFAULT_PIPE_BUF_SIZE 4096
> +
> +SpiceNamedPipe*
> +spice_win32_user_pipe_new (gchar *name, GError **error)
> +{
> + HANDLE pipe;
> + SpiceNamedPipe *np = NULL;
> +
> + g_return_val_if_fail (name != NULL, NULL);
> + g_return_val_if_fail (error != NULL, NULL);
> +
> + pipe = CreateNamedPipe (name,
> + PIPE_ACCESS_DUPLEX | FILE_FLAG_OVERLAPPED |
> + /* FIXME: why is FILE_FLAG_FIRST_PIPE_INSTANCE needed for WRITE_DAC
> + * (apparently needed by SetSecurityInfo). This will prevent
> + * multiple pipe listener....?! */
> + FILE_FLAG_FIRST_PIPE_INSTANCE | WRITE_DAC,
> + PIPE_TYPE_BYTE | PIPE_READMODE_BYTE | PIPE_WAIT,
> + PIPE_UNLIMITED_INSTANCES,
> + DEFAULT_PIPE_BUF_SIZE, DEFAULT_PIPE_BUF_SIZE,
> + 0, NULL);
> +
> + if (pipe == INVALID_HANDLE_VALUE) {
> + int errsv = GetLastError ();
> + gchar *emsg = g_win32_error_message (errsv);
> +
> + g_set_error (error,
> + G_IO_ERROR,
> + g_io_error_from_win32_error (errsv),
> + "Error CreateNamedPipe(): %s",
> + emsg);
> +
> + g_free (emsg);
> + goto end;
> + }
> +
> + if (!spice_win32_set_low_integrity (pipe, error))
> + goto end;
> +
> + np = SPICE_NAMED_PIPE (g_initable_new (SPICE_TYPE_NAMED_PIPE,
> + NULL, error, "handle", pipe, NULL));
> +
> +end:
> + return np;
> +}
> diff --git a/gtk/controller/win32-util.h b/gtk/controller/win32-util.h
> new file mode 100644
> index 0000000..b24ac77
> --- /dev/null
> +++ b/gtk/controller/win32-util.h
> @@ -0,0 +1,30 @@
> +/*
> + Copyright (C) 2012 Red Hat, Inc.
> +
> + This library is free software; you can redistribute it and/or
> + modify it under the terms of the GNU Lesser General Public
> + License as published by the Free Software Foundation; either
> + version 2.1 of the License, or (at your option) any later version.
> +
> + This library is distributed in the hope that it will be useful,
> + but WITHOUT ANY WARRANTY; without even the implied warranty of
> + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> + Lesser General Public License for more details.
> +
> + You should have received a copy of the GNU Lesser General Public
> + License along with this library; if not, see <http://www.gnu.org/licenses/>.
> +*/
> +#ifndef __WIN32_UTIL_H__
> +#define __WIN32_UTIL_H__
> +
> +#include <gio/gio.h>
> +#include "namedpipe.h"
> +
> +G_BEGIN_DECLS
> +
> +gboolean spice_win32_set_low_integrity (void* handle, GError **error);
> +SpiceNamedPipe* spice_win32_user_pipe_new (gchar *name, GError **error);
> +
> +G_END_DECLS
> +
> +#endif /* __WIN32_UTIL_H__ */
>
More information about the Spice-devel
mailing list