| OLD | NEW |
| 1 // Copyright 2016 The Chromium Authors. All rights reserved. | 1 // Copyright 2016 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "mojo/edk/embedder/named_platform_handle_utils.h" | 5 #include "mojo/edk/embedder/named_platform_handle_utils.h" |
| 6 | 6 |
| 7 #include <sddl.h> | 7 #include <sddl.h> |
| 8 #include <windows.h> | 8 #include <windows.h> |
| 9 | 9 |
| 10 #include <memory> | 10 #include <memory> |
| 11 | 11 |
| 12 #include "base/logging.h" | 12 #include "base/logging.h" |
| 13 #include "base/win/windows_version.h" | 13 #include "base/win/windows_version.h" |
| 14 #include "mojo/edk/embedder/named_platform_handle.h" | 14 #include "mojo/edk/embedder/named_platform_handle.h" |
| 15 | 15 |
| 16 namespace mojo { | 16 namespace mojo { |
| 17 namespace edk { | 17 namespace edk { |
| 18 namespace { |
| 19 |
| 20 // A DACL to grant: |
| 21 // GA = Generic All |
| 22 // access to: |
| 23 // SY = LOCAL_SYSTEM |
| 24 // BA = BUILTIN_ADMINISTRATORS |
| 25 // OW = OWNER_RIGHTS |
| 26 constexpr base::char16 kDefaultSecurityDescriptor[] = |
| 27 L"D:(A;;GA;;;SY)(A;;GA;;;BA)(A;;GA;;;OW)"; |
| 28 |
| 29 } // namespace |
| 18 | 30 |
| 19 ScopedPlatformHandle CreateClientHandle( | 31 ScopedPlatformHandle CreateClientHandle( |
| 20 const NamedPlatformHandle& named_handle) { | 32 const NamedPlatformHandle& named_handle) { |
| 21 if (!named_handle.is_valid()) | 33 if (!named_handle.is_valid()) |
| 22 return ScopedPlatformHandle(); | 34 return ScopedPlatformHandle(); |
| 23 | 35 |
| 24 base::string16 pipe_name = named_handle.pipe_name(); | 36 base::string16 pipe_name = named_handle.pipe_name(); |
| 25 | 37 |
| 26 // Note: This may block. | 38 // Note: This may block. |
| 27 if (!WaitNamedPipeW(pipe_name.c_str(), NMPWAIT_USE_DEFAULT_WAIT)) | 39 if (!WaitNamedPipeW(pipe_name.c_str(), NMPWAIT_USE_DEFAULT_WAIT)) |
| 28 return ScopedPlatformHandle(); | 40 return ScopedPlatformHandle(); |
| 29 | 41 |
| 30 const DWORD kDesiredAccess = GENERIC_READ | GENERIC_WRITE; | 42 const DWORD kDesiredAccess = GENERIC_READ | GENERIC_WRITE; |
| 31 // The SECURITY_ANONYMOUS flag means that the server side cannot impersonate | 43 // The SECURITY_ANONYMOUS flag means that the server side cannot impersonate |
| 32 // the client. | 44 // the client. |
| 33 const DWORD kFlags = | 45 const DWORD kFlags = |
| 34 SECURITY_SQOS_PRESENT | SECURITY_ANONYMOUS | FILE_FLAG_OVERLAPPED; | 46 SECURITY_SQOS_PRESENT | SECURITY_ANONYMOUS | FILE_FLAG_OVERLAPPED; |
| 35 ScopedPlatformHandle handle( | 47 ScopedPlatformHandle handle( |
| 36 PlatformHandle(CreateFileW(pipe_name.c_str(), kDesiredAccess, | 48 PlatformHandle(CreateFileW(pipe_name.c_str(), kDesiredAccess, |
| 37 0, // No sharing. | 49 0, // No sharing. |
| 38 nullptr, OPEN_EXISTING, kFlags, | 50 nullptr, OPEN_EXISTING, kFlags, |
| 39 nullptr))); // No template file. | 51 nullptr))); // No template file. |
| 40 PCHECK(handle.is_valid()); | 52 PCHECK(handle.is_valid()); |
| 41 return handle; | 53 return handle; |
| 42 } | 54 } |
| 43 | 55 |
| 44 ScopedPlatformHandle CreateServerHandle(const NamedPlatformHandle& named_handle, | 56 ScopedPlatformHandle CreateServerHandle( |
| 45 bool enforce_uniqueness) { | 57 const NamedPlatformHandle& named_handle, |
| 58 const CreateServerHandleOptions& options) { |
| 46 if (!named_handle.is_valid()) | 59 if (!named_handle.is_valid()) |
| 47 return ScopedPlatformHandle(); | 60 return ScopedPlatformHandle(); |
| 48 | 61 |
| 49 PSECURITY_DESCRIPTOR security_desc = nullptr; | 62 PSECURITY_DESCRIPTOR security_desc = nullptr; |
| 50 ULONG security_desc_len = 0; | 63 ULONG security_desc_len = 0; |
| 51 // Create a DACL to grant: | |
| 52 // GA = Generic All | |
| 53 // access to: | |
| 54 // SY = LOCAL_SYSTEM | |
| 55 // BA = BUILTIN_ADMINISTRATORS | |
| 56 // OW = OWNER_RIGHTS | |
| 57 PCHECK(ConvertStringSecurityDescriptorToSecurityDescriptor( | 64 PCHECK(ConvertStringSecurityDescriptorToSecurityDescriptor( |
| 58 L"D:(A;;GA;;;SY)(A;;GA;;;BA)(A;;GA;;;OW)", SDDL_REVISION_1, | 65 options.security_descriptor.empty() ? kDefaultSecurityDescriptor |
| 59 &security_desc, &security_desc_len)); | 66 : options.security_descriptor.c_str(), |
| 67 SDDL_REVISION_1, &security_desc, &security_desc_len)); |
| 60 std::unique_ptr<void, decltype(::LocalFree)*> p(security_desc, ::LocalFree); | 68 std::unique_ptr<void, decltype(::LocalFree)*> p(security_desc, ::LocalFree); |
| 61 SECURITY_ATTRIBUTES security_attributes = {sizeof(SECURITY_ATTRIBUTES), | 69 SECURITY_ATTRIBUTES security_attributes = {sizeof(SECURITY_ATTRIBUTES), |
| 62 security_desc, FALSE}; | 70 security_desc, FALSE}; |
| 63 | 71 |
| 64 const DWORD kOpenMode = enforce_uniqueness | 72 const DWORD kOpenMode = options.enforce_uniqueness |
| 65 ? PIPE_ACCESS_DUPLEX | FILE_FLAG_OVERLAPPED | | 73 ? PIPE_ACCESS_DUPLEX | FILE_FLAG_OVERLAPPED | |
| 66 FILE_FLAG_FIRST_PIPE_INSTANCE | 74 FILE_FLAG_FIRST_PIPE_INSTANCE |
| 67 : PIPE_ACCESS_DUPLEX | FILE_FLAG_OVERLAPPED; | 75 : PIPE_ACCESS_DUPLEX | FILE_FLAG_OVERLAPPED; |
| 68 const DWORD kPipeMode = | 76 const DWORD kPipeMode = |
| 69 PIPE_TYPE_BYTE | PIPE_READMODE_BYTE | PIPE_REJECT_REMOTE_CLIENTS; | 77 PIPE_TYPE_BYTE | PIPE_READMODE_BYTE | PIPE_REJECT_REMOTE_CLIENTS; |
| 70 PlatformHandle handle( | 78 PlatformHandle handle( |
| 71 CreateNamedPipeW(named_handle.pipe_name().c_str(), kOpenMode, kPipeMode, | 79 CreateNamedPipeW(named_handle.pipe_name().c_str(), kOpenMode, kPipeMode, |
| 72 enforce_uniqueness ? 1 : 255, // Max instances. | 80 options.enforce_uniqueness ? 1 : 255, // Max instances. |
| 73 4096, // Out buffer size. | 81 4096, // Out buffer size. |
| 74 4096, // In buffer size. | 82 4096, // In buffer size. |
| 75 5000, // Timeout in milliseconds. | 83 5000, // Timeout in milliseconds. |
| 76 &security_attributes)); | 84 &security_attributes)); |
| 77 handle.needs_connection = true; | 85 handle.needs_connection = true; |
| 78 return ScopedPlatformHandle(handle); | 86 return ScopedPlatformHandle(handle); |
| 79 } | 87 } |
| 80 | 88 |
| 81 } // namespace edk | 89 } // namespace edk |
| 82 } // namespace mojo | 90 } // namespace mojo |
| OLD | NEW |