-
Notifications
You must be signed in to change notification settings - Fork 4k
/
Copy pathnamed_pipe.cc
347 lines (304 loc) · 13.6 KB
/
named_pipe.cc
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
/* Copyright (c) 2012, 2024, Oracle and/or its affiliates.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License, version 2.0,
as published by the Free Software Foundation.
This program is designed to work with certain software (including
but not limited to OpenSSL) that is licensed under separate terms,
as designated in a particular file or component or in included license
documentation. The authors of MySQL hereby grant you an additional
permission to link the program and your derivative works with the
separately licensed software that they have either included with
the program or referenced in the documentation.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License, version 2.0, for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */
#include "sql/named_pipe.h"
#include <AclAPI.h>
#include <accctrl.h>
#include <errno.h>
#include <mysql/components/services/log_builtins.h>
#include "my_config.h"
#include "my_sys.h"
#include "mysql/strings/int2str.h"
#include "mysqld_error.h"
#include "nulls.h"
#include "sql/current_thd.h"
#include "sql/log.h"
#include "sql/mysqld.h"
#include "sql/sql_error.h"
#include "strxnmov.h"
bool is_existing_windows_group_name(const char *group_name) {
// First, let's get a SID for the given group name...
BYTE soughtSID[SECURITY_MAX_SID_SIZE] = {0};
DWORD size_sid = SECURITY_MAX_SID_SIZE;
char referencedDomainName[MAX_PATH];
DWORD size_referencedDomainName = MAX_PATH;
SID_NAME_USE sid_name_use;
if (!LookupAccountName(nullptr, group_name, soughtSID, &size_sid,
referencedDomainName, &size_referencedDomainName,
&sid_name_use)) {
return false;
}
// sid_name_use is SidTypeAlias when group_name is a local group
if (sid_name_use != SidTypeAlias && sid_name_use != SidTypeWellKnownGroup) {
return false;
}
return true;
}
/*
return false on successfully checking group, true on error.
*/
static bool check_windows_group_for_everyone(const char *group_name,
bool *is_everyone_group) {
*is_everyone_group = false;
if (!group_name || group_name[0] == '\0') {
return false;
}
if (strcmp(group_name, NAMED_PIPE_FULL_ACCESS_GROUP_EVERYONE) == 0) {
*is_everyone_group = true;
return false;
} else {
TCHAR last_error_msg[256];
// First, let's get a SID for the given group name...
BYTE soughtSID[SECURITY_MAX_SID_SIZE] = {0};
DWORD size_sought_sid = SECURITY_MAX_SID_SIZE;
BYTE worldSID[SECURITY_MAX_SID_SIZE] = {0};
DWORD size_world_sid = SECURITY_MAX_SID_SIZE;
char referencedDomainName[MAX_PATH];
DWORD size_referencedDomainName = MAX_PATH;
SID_NAME_USE sid_name_use;
if (!LookupAccountName(nullptr, group_name, soughtSID, &size_sought_sid,
referencedDomainName, &size_referencedDomainName,
&sid_name_use)) {
return false;
}
if (!CreateWellKnownSid(WinWorldSid, nullptr, worldSID, &size_world_sid)) {
const DWORD last_error_num = GetLastError();
FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_IGNORE_INSERTS,
nullptr, last_error_num,
MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), last_error_msg,
sizeof(last_error_msg) / sizeof(TCHAR), nullptr);
my_printf_error(
ER_UNKNOWN_ERROR,
"check_windows_group_for_everyone, CreateWellKnownSid failed: %s",
MYF(0), last_error_msg);
return true;
}
*is_everyone_group = EqualSid(soughtSID, worldSID);
return false;
}
}
bool is_valid_named_pipe_full_access_group(const char *group_name) {
if (!group_name || group_name[0] == '\0') {
return true;
}
bool is_everyone_group = false;
if (check_windows_group_for_everyone(group_name, &is_everyone_group)) {
return false;
}
if (is_everyone_group || is_existing_windows_group_name(group_name)) {
return true;
}
return false;
}
// return false on success, true on failure.
bool my_security_attr_add_rights_to_group(SECURITY_ATTRIBUTES *psa,
const char *group_name,
DWORD group_rights) {
TCHAR last_error_msg[256];
// First, let's get a SID for the given group name...
BYTE soughtSID[SECURITY_MAX_SID_SIZE] = {0};
DWORD size_sid = SECURITY_MAX_SID_SIZE;
char referencedDomainName[MAX_PATH];
DWORD size_referencedDomainName = MAX_PATH;
SID_NAME_USE sid_name_use;
bool is_everyone_group = false;
if (check_windows_group_for_everyone(group_name, &is_everyone_group)) {
return true;
}
if (is_everyone_group) {
sql_print_warning(ER_DEFAULT(WARN_NAMED_PIPE_ACCESS_EVERYONE), group_name);
if (current_thd) {
push_warning_printf(current_thd, Sql_condition::SL_WARNING,
WARN_NAMED_PIPE_ACCESS_EVERYONE,
ER_THD(current_thd, WARN_NAMED_PIPE_ACCESS_EVERYONE),
group_name);
}
}
// Treat the NAMED_PIPE_FULL_ACCESS_GROUP_EVERYONE value
// as a special case: we convert it to the "world" SID
if (strcmp(group_name, NAMED_PIPE_FULL_ACCESS_GROUP_EVERYONE) == 0) {
if (!CreateWellKnownSid(WinWorldSid, nullptr, soughtSID, &size_sid)) {
const DWORD last_error_num = GetLastError();
FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_IGNORE_INSERTS,
nullptr, last_error_num,
MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), last_error_msg,
sizeof(last_error_msg) / sizeof(TCHAR), nullptr);
log_message(
LOG_TYPE_ERROR, LOG_ITEM_LOG_PRIO, (longlong)ERROR_LEVEL,
LOG_ITEM_LOG_LOOKUP, ER_NPIPE_CANT_CREATE,
"my_security_attr_add_rights_to_group, CreateWellKnownSid failed",
last_error_msg);
return true;
}
} else {
if (!LookupAccountName(nullptr, group_name, soughtSID, &size_sid,
referencedDomainName, &size_referencedDomainName,
&sid_name_use)) {
const DWORD last_error_num = GetLastError();
FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_IGNORE_INSERTS,
nullptr, last_error_num,
MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), last_error_msg,
sizeof(last_error_msg) / sizeof(TCHAR), nullptr);
log_message(LOG_TYPE_ERROR, LOG_ITEM_LOG_PRIO, (longlong)ERROR_LEVEL,
LOG_ITEM_LOG_LOOKUP, ER_NPIPE_CANT_CREATE,
"LookupAccountName failed", last_error_msg);
return true;
}
// sid_name_use is SidTypeAlias when group_name is a local group
if (sid_name_use != SidTypeAlias && sid_name_use != SidTypeWellKnownGroup) {
log_message(LOG_TYPE_ERROR, LOG_ITEM_LOG_PRIO, (longlong)ERROR_LEVEL,
LOG_ITEM_LOG_LOOKUP, ER_NPIPE_CANT_CREATE,
"LookupAccountName failed", "unexpected sid_name_use");
return true;
}
}
PACL pNewDACL = nullptr;
PACL pOldDACL = nullptr;
BOOL dacl_present_in_descriptor = FALSE;
BOOL dacl_defaulted = FALSE;
if (!GetSecurityDescriptorDacl(psa->lpSecurityDescriptor,
&dacl_present_in_descriptor, &pOldDACL,
&dacl_defaulted) ||
!dacl_present_in_descriptor) {
const DWORD last_error_num = GetLastError();
FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_IGNORE_INSERTS,
nullptr, last_error_num,
MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), last_error_msg,
sizeof(last_error_msg) / sizeof(TCHAR), nullptr);
log_message(LOG_TYPE_ERROR, LOG_ITEM_LOG_PRIO, (longlong)ERROR_LEVEL,
LOG_ITEM_LOG_LOOKUP, ER_NPIPE_CANT_CREATE,
"GetSecurityDescriptorDacl failed", last_error_msg);
return true;
}
// Just because GetSecurityDescriptorDacl succeeded doesn't mean we're out of
// the woods: a NULL value for pOldDACL is a bad/unexpected thing, as is
// dacl_defaulted == TRUE
if (pOldDACL == nullptr || dacl_defaulted) {
log_message(LOG_TYPE_ERROR, LOG_ITEM_LOG_PRIO, (longlong)ERROR_LEVEL,
LOG_ITEM_LOG_LOOKUP, ER_NPIPE_CANT_CREATE,
"Invalid DACL on named pipe",
(pOldDACL == nullptr) ? "NULL DACL" : "Defaulted DACL");
return true;
}
EXPLICIT_ACCESS ea;
// Initialize an EXPLICIT_ACCESS structure for the new ACE.
ZeroMemory(&ea, sizeof(EXPLICIT_ACCESS));
ea.grfAccessPermissions = group_rights;
ea.grfAccessMode = SET_ACCESS;
ea.grfInheritance = NO_INHERITANCE;
ea.Trustee.TrusteeForm = TRUSTEE_IS_SID;
ea.Trustee.ptstrName = (LPSTR)soughtSID;
// Create a new ACL that merges the new ACE
// into the existing DACL.
const DWORD dwRes = SetEntriesInAcl(1, &ea, pOldDACL, &pNewDACL);
if (ERROR_SUCCESS != dwRes) {
char num_buff[20];
longlong10_to_str(dwRes, num_buff, 10);
log_message(LOG_TYPE_ERROR, LOG_ITEM_LOG_PRIO, (longlong)ERROR_LEVEL,
LOG_ITEM_LOG_LOOKUP, ER_NPIPE_CANT_CREATE,
"SetEntriesInAcl to add group permissions failed", num_buff);
return true;
}
// Apply the new DACL to the existing security descriptor...
if (!SetSecurityDescriptorDacl(psa->lpSecurityDescriptor, TRUE, pNewDACL,
FALSE)) {
const DWORD last_error_num = GetLastError();
FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_IGNORE_INSERTS,
nullptr, last_error_num,
MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), last_error_msg,
sizeof(last_error_msg) / sizeof(TCHAR), nullptr);
log_message(LOG_TYPE_ERROR, LOG_ITEM_LOG_PRIO, (longlong)ERROR_LEVEL,
LOG_ITEM_LOG_LOOKUP, ER_NPIPE_CANT_CREATE,
"SetSecurityDescriptorDacl failed", last_error_msg);
return true;
}
return false;
}
/**
Creates an instance of a named pipe and returns a handle.
@param ppsec_attr Output argument: on exit, points to the security
attributes for the pipe.
@param buffer_size Number of bytes to reserve for input and output buffers.
@param name The name of the pipe.
@param name_buf Output argument: null-terminated concatenation of
"\\.\pipe\" and name.
@param buflen The size of name_buff.
@param full_access_group_name The name of the local Windows group whose
members will have full access to the named
pipe.
@returns Pipe handle, or INVALID_HANDLE_VALUE in case of error.
@note The entire pipe name string can be up to 256 characters long.
Pipe names are not case sensitive.
*/
HANDLE create_server_named_pipe(SECURITY_ATTRIBUTES **ppsec_attr,
DWORD buffer_size, const char *name,
char *name_buf, size_t buflen,
const char *full_access_group_name) {
HANDLE ret_handle = INVALID_HANDLE_VALUE;
TCHAR last_error_msg[256];
strxnmov(name_buf, buflen - 1, "\\\\.\\pipe\\", name, NullS);
const char *perror = nullptr;
// Set up security for the named pipe to provide full access to the owner
// and minimal read/write access to others.
if (my_security_attr_create(ppsec_attr, &perror, NAMED_PIPE_OWNER_PERMISSIONS,
NAMED_PIPE_EVERYONE_PERMISSIONS) != 0) {
log_message(LOG_TYPE_ERROR, LOG_ITEM_LOG_PRIO, (longlong)ERROR_LEVEL,
LOG_ITEM_LOG_LOOKUP, ER_NPIPE_CANT_CREATE,
"my_security_attr_create", perror);
return ret_handle;
}
if (full_access_group_name && full_access_group_name[0] != '\0') {
if (my_security_attr_add_rights_to_group(
*ppsec_attr, full_access_group_name,
NAMED_PIPE_FULL_ACCESS_GROUP_PERMISSIONS)) {
return ret_handle;
}
}
ret_handle = CreateNamedPipe(
name_buf,
PIPE_ACCESS_DUPLEX | FILE_FLAG_OVERLAPPED |
FILE_FLAG_FIRST_PIPE_INSTANCE | WRITE_DAC,
PIPE_TYPE_BYTE | PIPE_READMODE_BYTE | PIPE_WAIT, PIPE_UNLIMITED_INSTANCES,
buffer_size, buffer_size, NMPWAIT_USE_DEFAULT_WAIT, *ppsec_attr);
if (ret_handle == INVALID_HANDLE_VALUE) {
const DWORD last_error_num = GetLastError();
if (last_error_num == ERROR_ACCESS_DENIED) {
/*
TODO: ER_NPIPE_PIPE_ALREADY_IN_USE is in the error-log range; refactor
this to use LogErr() or log_message() instead of my_printf_error() once
the logger has been refactored to simplify unit testing of expected
errors.
*/
my_printf_error(ER_NPIPE_PIPE_ALREADY_IN_USE,
ER_DEFAULT(ER_NPIPE_PIPE_ALREADY_IN_USE),
MYF(ME_FATALERROR), name);
} else {
FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_IGNORE_INSERTS |
FORMAT_MESSAGE_MAX_WIDTH_MASK,
nullptr, last_error_num,
MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), last_error_msg,
sizeof(last_error_msg) / sizeof(TCHAR), nullptr);
char num_buff[20];
longlong10_to_str(last_error_num, num_buff, 10);
log_message(LOG_TYPE_ERROR, LOG_ITEM_LOG_PRIO, (longlong)ERROR_LEVEL,
LOG_ITEM_LOG_LOOKUP, ER_NPIPE_CANT_CREATE, last_error_msg,
num_buff);
}
}
return ret_handle;
}