From 39125a0f2b68513139961ba61dc9b4a405b766b0 Mon Sep 17 00:00:00 2001 From: Patrick Gaskin Date: Thu, 22 Apr 2021 21:44:40 -0400 Subject: [PATCH] win32: Use DACLs when setting socket permissions Part-of: --- src/pulsecore/socket-server.c | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) diff --git a/src/pulsecore/socket-server.c b/src/pulsecore/socket-server.c index bc5116ae7..13d8a99f7 100644 --- a/src/pulsecore/socket-server.c +++ b/src/pulsecore/socket-server.c @@ -58,6 +58,12 @@ int deny_severity = LOG_WARNING; #include #endif +#ifdef HAVE_WINDOWS_H +#include +#include +#include +#endif + #include #include @@ -220,6 +226,31 @@ pa_socket_server* pa_socket_server_new_unix(pa_mainloop_api *m, const char *file * inodes. */ chmod(filename, 0777); +#ifdef OS_IS_WIN32 + /* https://docs.microsoft.com/en-us/windows/win32/secauthz/ace-strings */ + /* https://docs.microsoft.com/en-us/windows/win32/secauthz/modifying-the-acls-of-an-object-in-c-- */ + /* https://docs.microsoft.com/en-us/windows/win32/api/sddl/nf-sddl-convertstringsecuritydescriptortosecuritydescriptora */ + PSECURITY_DESCRIPTOR sd; + if (ConvertStringSecurityDescriptorToSecurityDescriptorA( + "D:" /* DACL */ + "(A;;FRFW;;;WD)", /* allow all users to read/write */ + SDDL_REVISION_1, &sd, NULL + )) { + PACL acl; + BOOL acl_present, acl_default; + if (GetSecurityDescriptorDacl(sd, &acl_present, &acl, &acl_default)) { + if (SetNamedSecurityInfo(filename, SE_FILE_OBJECT, DACL_SECURITY_INFORMATION, NULL, NULL, acl, NULL) != ERROR_SUCCESS) { + pa_log_warn("Failed to set DACL for socket: failed to apply DACL: error %lu.", GetLastError()); + } + LocalFree(acl); + } else { + pa_log_warn("Failed to set DACL for socket: failed to get security descriptor DACL: error %lu.", GetLastError()); + } + } else { + pa_log_warn("Failed to set DACL for socket: failed to parse security descriptor: error %lu.", GetLastError()); + } +#endif + if (listen(fd, 5) < 0) { pa_log("listen(): %s", pa_cstrerror(errno)); goto fail;