diff --git a/WeaselIPCServer/SecurityAttribute.cpp b/WeaselIPCServer/SecurityAttribute.cpp index e94070f12..e244de91d 100644 --- a/WeaselIPCServer/SecurityAttribute.cpp +++ b/WeaselIPCServer/SecurityAttribute.cpp @@ -1,70 +1,18 @@ #include "stdafx.h" #include "SecurityAttribute.h" - -#define SECURITY_APP_PACKAGE_AUTHORITY {0,0,0,0,0,15} -#define SECURITY_APP_PACKAGE_BASE_RID (0x00000002L) -#define SECURITY_BUILTIN_APP_PACKAGE_RID_COUNT (2L) -#define SECURITY_APP_PACKAGE_RID_COUNT (8L) -#define SECURITY_CAPABILITY_BASE_RID (0x00000003L) -#define SECURITY_BUILTIN_CAPABILITY_RID_COUNT (2L) -#define SECURITY_CAPABILITY_RID_COUNT (5L) -#define SECURITY_PARENT_PACKAGE_RID_COUNT (SECURITY_APP_PACKAGE_RID_COUNT) -#define SECURITY_CHILD_PACKAGE_RID_COUNT (12L) -#define SECURITY_BUILTIN_PACKAGE_ANY_PACKAGE (0x00000001L) +#include namespace weasel { void SecurityAttribute::_Init() { - memset(&ea, 0, sizeof(ea)); - - // 对一般 desktop APP 的权限设置 - - SID_IDENTIFIER_AUTHORITY worldSidAuthority = SECURITY_WORLD_SID_AUTHORITY; - AllocateAndInitializeSid(&worldSidAuthority, 1, - SECURITY_WORLD_RID, 0, 0, 0, 0, 0, 0, 0, &sid_everyone); - - ea[0].grfAccessPermissions = GENERIC_ALL; - ea[0].grfAccessMode = SET_ACCESS; - ea[0].grfInheritance = SUB_CONTAINERS_AND_OBJECTS_INHERIT; - ea[0].Trustee.pMultipleTrustee = NULL; - ea[0].Trustee.MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE; - ea[0].Trustee.TrusteeForm = TRUSTEE_IS_SID; - ea[0].Trustee.TrusteeType = TRUSTEE_IS_WELL_KNOWN_GROUP; - ea[0].Trustee.ptstrName = (LPTSTR)sid_everyone; - - // 对 winrt (UWP) APP 的权限设置 - // - // Application Package Authority. - // - - - SID_IDENTIFIER_AUTHORITY appPackageAuthority = SECURITY_APP_PACKAGE_AUTHORITY; - AllocateAndInitializeSid(&appPackageAuthority, - SECURITY_BUILTIN_APP_PACKAGE_RID_COUNT, - SECURITY_APP_PACKAGE_BASE_RID, - SECURITY_BUILTIN_PACKAGE_ANY_PACKAGE, - 0, 0, 0, 0, 0, 0, &sid_all_apps); - - ea[1].grfAccessPermissions = GENERIC_ALL; - ea[1].grfAccessMode = SET_ACCESS; - ea[1].grfInheritance = SUB_CONTAINERS_AND_OBJECTS_INHERIT; - ea[1].Trustee.pMultipleTrustee = NULL; - ea[1].Trustee.MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE; - ea[1].Trustee.TrusteeForm = TRUSTEE_IS_SID; - ea[1].Trustee.TrusteeType = TRUSTEE_IS_GROUP; - ea[1].Trustee.ptstrName = (LPTSTR)sid_all_apps; - - // create DACL - DWORD err = SetEntriesInAcl(2, ea, NULL, &pacl); - if (0 == err) { - // security descriptor - pd = (PSECURITY_DESCRIPTOR)LocalAlloc(LPTR, SECURITY_DESCRIPTOR_MIN_LENGTH); - InitializeSecurityDescriptor(pd, SECURITY_DESCRIPTOR_REVISION); - - // Add the ACL to the security descriptor. - SetSecurityDescriptorDacl(pd, TRUE, pacl, FALSE); - } + // Privilages for UWP and IE protected mode + // https://stackoverflow.com/questions/39138674/accessing-named-pipe-servers-from-within-ie-epm-bho + ConvertStringSecurityDescriptorToSecurityDescriptorW( + L"S:(ML;;NW;;;LW)D:(A;;FA;;;SY)(A;;FA;;;WD)(A;;FA;;;AC)", + SDDL_REVISION_1, + &pd, + NULL); sa.nLength = sizeof(SECURITY_ATTRIBUTES); sa.lpSecurityDescriptor = pd; diff --git a/WeaselIPCServer/SecurityAttribute.h b/WeaselIPCServer/SecurityAttribute.h index c2ae8c7d3..3c4f00f5d 100644 --- a/WeaselIPCServer/SecurityAttribute.h +++ b/WeaselIPCServer/SecurityAttribute.h @@ -7,10 +7,6 @@ namespace weasel { private: PSECURITY_DESCRIPTOR pd; SECURITY_ATTRIBUTES sa; - PACL pacl; - EXPLICIT_ACCESS ea[2]; - PSID sid_everyone; - PSID sid_all_apps; void _Init(); public: SecurityAttribute() { _Init(); } diff --git a/WeaselIPCServer/WeaselServerImpl.cpp b/WeaselIPCServer/WeaselServerImpl.cpp index 6ab69adf9..fffd6316e 100644 --- a/WeaselIPCServer/WeaselServerImpl.cpp +++ b/WeaselIPCServer/WeaselServerImpl.cpp @@ -109,17 +109,6 @@ int ServerImpl::Start() HWND hwnd = Create(NULL); - // 浣跨敤銆屾秷鎭厤鐤亷婵俱嶇篂閬嶪E9鐨勭敤鎴剁晫闈㈢壒娆婇殧闆㈡鍒 - if (IsWindowsVistaOrGreater()) - { - using PCWMF = BOOL (WINAPI *)(UINT, DWORD); - PCWMF ChangeWindowMessageFilter = (PCWMF)::GetProcAddress(m_hUser32Module, "ChangeWindowMessageFilter"); - for (UINT cmd = WEASEL_IPC_ECHO; cmd < WEASEL_IPC_LAST_COMMAND; ++cmd) - { - ChangeWindowMessageFilter(cmd, MSGFLT_ADD); - } - } - return (int)hwnd; }