我在創建NamedPipe時遇到了安全描述符設置問題。我希望在Windows服務(高完整性)中創建的管道能夠從中等和低完整性流程中打開。對中/高完整性管道安全描述符的低完整性
我正在使用Windows 7 x64。我不太明白我在這裏做什麼,但這裏是我用來爲我創建的管道創建安全描述符的代碼。下面的代碼不會讓我在從低完整性進程都高,中誠信LEVE創建開放管道:
PSID psidWorldSid = NULL, pAdminSID = NULL, pLowSID = NULL, pHighSID = NULL;
WCHAR wszIntegritySid[] = L"S-1-16-4096";
WCHAR wszSystemSid[] = L"S-1-16-16384";
PACL pACL = NULL;
PSECURITY_DESCRIPTOR pSD = NULL;
SECURITY_ATTRIBUTES sa;
SID_IDENTIFIER_AUTHORITY SIDAuthNT = SECURITY_NT_AUTHORITY;
SID_IDENTIFIER_AUTHORITY siaWorldSidAuthority = SECURITY_WORLD_SID_AUTHORITY;
EXPLICIT_ACCESS ea[4];
// Create a security descriptor for the log file that allows
// access from both the privileged service and the non-privileged
// user mode programs
AllocateAndInitializeSid(&siaWorldSidAuthority, 1,
SECURITY_WORLD_RID,
0, 0, 0, 0, 0, 0, 0,
&psidWorldSid);
ZeroMemory(&ea, sizeof(ea));
ea[0].grfAccessPermissions = FILE_ALL_ACCESS | GENERIC_WRITE | GENERIC_READ;
ea[0].grfAccessMode = SET_ACCESS;
ea[0].grfInheritance= NO_INHERITANCE;
ea[0].Trustee.TrusteeForm = TRUSTEE_IS_SID;
ea[0].Trustee.TrusteeType = TRUSTEE_IS_WELL_KNOWN_GROUP;
ea[0].Trustee.ptstrName = (LPTSTR) psidWorldSid;
// Create a SID for the BUILTIN\Administrators group.
AllocateAndInitializeSid(&SIDAuthNT, 2,
SECURITY_BUILTIN_DOMAIN_RID,
DOMAIN_ALIAS_RID_ADMINS,
0, 0, 0, 0, 0, 0,
&pAdminSID);
// Initialize an EXPLICIT_ACCESS structure for an ACE.
// The ACE will allow the Administrators group full access to
// the key.
ea[1].grfAccessPermissions = FILE_ALL_ACCESS | GENERIC_WRITE | GENERIC_READ;
ea[1].grfAccessMode = SET_ACCESS;
ea[1].grfInheritance= NO_INHERITANCE;
ea[1].Trustee.TrusteeForm = TRUSTEE_IS_SID;
ea[1].Trustee.TrusteeType = TRUSTEE_IS_GROUP;
ea[1].Trustee.ptstrName = (LPTSTR) pAdminSID;
AllocateAndInitializeSid(&siaWorldSidAuthority, 1,
SECURITY_MANDATORY_LOW_RID,
0,
0, 0, 0, 0, 0, 0,
&pLowSID);
ea[2].grfAccessPermissions = FILE_ALL_ACCESS | GENERIC_WRITE | GENERIC_READ;
ea[2].grfAccessMode = SET_ACCESS;
ea[2].grfInheritance= NO_INHERITANCE;
ea[2].Trustee.TrusteeForm = TRUSTEE_IS_SID;
ea[2].Trustee.TrusteeType = TRUSTEE_IS_WELL_KNOWN_GROUP;
ea[2].Trustee.ptstrName = (LPTSTR) pLowSID;
AllocateAndInitializeSid(&siaWorldSidAuthority, 1,
SECURITY_MANDATORY_HIGH_RID,
0,
0, 0, 0, 0, 0, 0,
&pHighSID);
ea[3].grfAccessPermissions = FILE_ALL_ACCESS | GENERIC_WRITE | GENERIC_READ;
ea[3].grfAccessMode = SET_ACCESS;
ea[3].grfInheritance= NO_INHERITANCE;
ea[3].Trustee.TrusteeForm = TRUSTEE_IS_SID;
ea[3].Trustee.TrusteeType = TRUSTEE_IS_WELL_KNOWN_GROUP;
ea[3].Trustee.ptstrName = (LPTSTR) pHighSID;
SetEntriesInAcl(4, ea, NULL, &pACL);
pSD = (PSECURITY_DESCRIPTOR)LocalAlloc(LPTR, SECURITY_DESCRIPTOR_MIN_LENGTH);
InitializeSecurityDescriptor(pSD, SECURITY_DESCRIPTOR_REVISION);
SetSecurityDescriptorDacl(pSD, TRUE, pACL, FALSE);
ZeroMemory(&sa, sizeof(SECURITY_ATTRIBUTES));
sa.nLength = sizeof(SECURITY_ATTRIBUTES);
sa.lpSecurityDescriptor = pSD;
sa.bInheritHandle = FALSE;
m_hPipe = CreateNamedPipeA(
m_szName.c_str(),
PIPE_ACCESS_DUPLEX,
PIPE_TYPE_BYTE | PIPE_READMODE_BYTE | BlockFlag,
PIPE_UNLIMITED_INSTANCES,
BUFFER_SIZE,
BUFFER_SIZE,
NMPWAIT_USE_DEFAULT_WAIT,
&sa
);
if (psidWorldSid)
FreeSid(psidWorldSid);
if (pAdminSID)
FreeSid(pAdminSID);
if (pLowSID)
FreeSid(pLowSID);
if (pHighSID)
FreeSid(pHighSID);
if (pACL)
LocalFree(pACL);
if (pSD)
LocalFree(pSD);
看來,當我從字符串創建一個安全描述符的工作幾乎罰款:
ConvertStringSecurityDescriptorToSecurityDescriptorW(L"S:(ML;;NW;;;LW)", SDDL_REVISION_1, &pSD, NULL);
當我從上面的字符串創建安全描述符時,我至少可以打開使用低完整性進程創建的中等完整權限的管道。
謝謝你的任何建議。
問候, 庫巴
你應該接受克里斯的回答。 – 2012-03-17 05:37:32