From patchwork Wed Jan 22 08:18:58 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Li,Rongqing via dev" X-Patchwork-Id: 1227122 X-Patchwork-Delegate: aserdean@cloudbasesolutions.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=140.211.166.137; helo=fraxinus.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=openvswitch.org Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=vmware.com header.i=@vmware.com header.a=rsa-sha256 header.s=selector2 header.b=IBHcsFlJ; dkim-atps=neutral Received: from fraxinus.osuosl.org (smtp4.osuosl.org [140.211.166.137]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 482fJk4WDhz9sP6 for ; Wed, 22 Jan 2020 19:51:18 +1100 (AEDT) Received: from localhost (localhost [127.0.0.1]) by fraxinus.osuosl.org (Postfix) with ESMTP id CBC3385F80; Wed, 22 Jan 2020 08:51:16 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from fraxinus.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JsHfml-M_z_x; Wed, 22 Jan 2020 08:51:15 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by fraxinus.osuosl.org (Postfix) with ESMTP id 8829985F8E; Wed, 22 Jan 2020 08:51:15 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id 6341EC1796; Wed, 22 Jan 2020 08:51:15 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from fraxinus.osuosl.org (smtp4.osuosl.org [140.211.166.137]) by lists.linuxfoundation.org (Postfix) with ESMTP id 644B4C0174 for ; Wed, 22 Jan 2020 08:51:14 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by fraxinus.osuosl.org (Postfix) with ESMTP id 4D2AD85F91 for ; Wed, 22 Jan 2020 08:51:14 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from fraxinus.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZsHgPj993owY for ; Wed, 22 Jan 2020 08:51:12 +0000 (UTC) X-Greylist: from auto-whitelisted by SQLgrey-1.7.6 Received: from NAM11-CO1-obe.outbound.protection.outlook.com (mail-co1nam11on2064.outbound.protection.outlook.com [40.107.220.64]) by fraxinus.osuosl.org (Postfix) with ESMTPS id 9A02185F80 for ; Wed, 22 Jan 2020 08:51:12 +0000 (UTC) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=h6fNas8dQ+gQ/mX9e2vi/HSxYat9S0uOt6pE895OBBzPD7lGNd4Ehs6hncb6U9eLJiUriIq3ur/ckuwt7Lv6SjtiXeZxgHIARDqEuVSgnUQYfZQAZHf1ZuKleOzrNGTzkfDXP/h28JDfKk57eLOCmhJP417jfjh1Vfeoj6RZbdNSOT14dbSO2+J/71jAm/aElT63fJJQUtUzMIcCPgMgHWYCjF6P8xLvdY5Kr8SoFHdeC55hyJ7ueg/BFe5qz/lzyGEI3oGqRL0xWS1I0swA+nsvow2E/t9z4sOGAzpbD8UGfp316lMBXFTG7jgy9wDCtAPVOlknsrt3g1OeG4g4zg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=yP77U9K9uWho4CH4RtngaIQiebEos2IJkbBEcfCB5XM=; b=YFow8b8WhvOyqB3oamvFJ5Sjh7zvzECTOrOtHI+mUZJPXbdJifOtVfQiHtKXBhYAjkMbK/kzrhOxw8ZfpEogDMh0IO2ghVd439HRNQhQbI9jzopxDTKn49fsdB6aHlcIgatmJ1dNua7L8t7FB73cTWLu1vRncVKIgxtBaYVLZeycRitiZkbJygnpcCP0xIqLpecMvKD4z9MKowKdlat7P3N40E9I/XFE1ZOpp4YbBEDBSWZ3vWi5hTqljf0B5ifValtldCfvTXJnUj3DH47oKkKZWKyGjjdztGMBGs209ZlW8FnergSSaQ32MgeXsLmfZTaTQ7h2HEBcRnbLPthlqw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=vmware.com; dmarc=pass action=none header.from=vmware.com; dkim=pass header.d=vmware.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=vmware.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=yP77U9K9uWho4CH4RtngaIQiebEos2IJkbBEcfCB5XM=; b=IBHcsFlJjJoFtGhVIvEtcrhKYp90ytjludLKqFUbHD05SsfX6YI20P9tpN0uWoCk6SSpNS2+OxIGNeO7w97kuwHM/PcS/v8TYYALJAConF28rxnSGkfb++ypOYC7H1ONB0cVbSN2Xt6lRyzhaAq6lRyVIY44TFYOpPdU+kEA6RY= Received: from BN6PR05MB3364.namprd05.prod.outlook.com (10.174.95.150) by BN6PR05MB3153.namprd05.prod.outlook.com (10.172.146.147) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2686.11; Wed, 22 Jan 2020 08:18:58 +0000 Received: from BN6PR05MB3364.namprd05.prod.outlook.com ([fe80::30a4:7259:1795:d260]) by BN6PR05MB3364.namprd05.prod.outlook.com ([fe80::30a4:7259:1795:d260%7]) with mapi id 15.20.2665.016; Wed, 22 Jan 2020 08:18:58 +0000 To: Alin Serdean , "dev@openvswitch.org" , Anand Kumar Thread-Topic: [PATCH]lib/stream-windows.c: Grant Access Privilege of Named Pipe to Creator Thread-Index: AdXQ/KHEPc3mYxQkT/WzLU2w9SNhCg== Date: Wed, 22 Jan 2020 08:18:58 +0000 Message-ID: Accept-Language: en-US, zh-CN Content-Language: en-US X-MS-Has-Attach: yes X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=nwu@vmware.com; x-originating-ip: [114.255.243.125] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 9633aafd-6667-4eb5-cc0e-08d79f13bafc x-ms-traffictypediagnostic: BN6PR05MB3153:|BN6PR05MB3153: x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:569; x-forefront-prvs: 029097202E x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(346002)(39860400002)(396003)(376002)(366004)(136003)(199004)(189003)(478600001)(5660300002)(71200400001)(45080400002)(316002)(110136005)(54906003)(6636002)(81156014)(81166006)(4326008)(107886003)(8676002)(8936002)(53546011)(6506007)(26005)(7696005)(186003)(9686003)(55016002)(2906002)(64756008)(66476007)(66946007)(66446008)(66556008)(66616009)(33656002)(76116006)(52536014)(86362001)(966005); DIR:OUT; SFP:1101; SCL:1; SRVR:BN6PR05MB3153; H:BN6PR05MB3364.namprd05.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; received-spf: None (protection.outlook.com: vmware.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: VlHSejLHfwRkjDhiXNI/mvKsZ8sstGvQzbdg/rcjxjS05Oy/Czq69HPWdHGY8caqalGCkhFvTTt/MZToPw/vBPiaDxYp4jE3VG1e3hh8VbizPkrTRrG34vevrHz0v+XjtWmZBeXsvkSr8nyHNKauWbVVOywWW9pgRoNUEH3Zh9odU677uRs5efrvhtbJ9fyOe0gJdXaEYb8/1+6ziyx9+ExfcSOCjU+5UOlxmbgk2JiZ8rDRG6XPNT9LHvGRBpCFXic2iAnLfPs/0YURs5xNNqMWQr+fX9OzkRqn4UPaj8S0HLm7iIZWcAD/XCLdMfhIN/sP/sXalKCxPtWcNofyZN1687WoZ0ZPaVRB1g1wtPICTY42hvwQ6nV6dFko0bMljytb1j81IApkZDT2bNYdes7Widxs6wCXPSEulsxtOx7aovOWtnJAgbBM3JENXj+plYXueugyJ6lQYN5x4Is5Eag7V2kEqGYeHPhWO6mWJnRs4/Mepo3BRV9PhXhq+m/glhmZ63ctoREXy1fTMfz3MQ== x-ms-exchange-antispam-messagedata: vo6K/UM/niieJI2NUfEOJYdi5YmkADA69cty78xcxR2ODUwstVZPYeIjVlxL8F1ZgCDy9Om4RujaRwKietY31m7kJPa4nFdfX3pig9VY+EGjVaLm0nKNZzlT0CWgD4DYxYkg6RyW6GhG0bJnW4bXNQ== MIME-Version: 1.0 X-OriginatorOrg: vmware.com X-MS-Exchange-CrossTenant-Network-Message-Id: 9633aafd-6667-4eb5-cc0e-08d79f13bafc X-MS-Exchange-CrossTenant-originalarrivaltime: 22 Jan 2020 08:18:58.3950 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: b39138ca-3cee-4b4a-a4d6-cd83d9dd62f0 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: ONFKXZq4ew1urpW3F/P/Z9w07LJcD3rBvcLedS8yarcvl7ubU+ToQ5X9KgVOhZvu X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN6PR05MB3153 X-Content-Filtered-By: Mailman/MimeDel 2.1.15 Cc: Lina Li , Roy Luo Subject: [ovs-dev] [PATCH]lib/stream-windows.c: Grant Access Privilege of Named Pipe to Creator X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-Patchwork-Original-From: Ning Wu via dev From: "Li,Rongqing via dev" Reply-To: Ning Wu Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" From e42950665acee9aab941b26ebdd067ca0de908a3 Mon Sep 17 00:00:00 2001 From: Ning Wu Date: Tue, 21 Jan 2020 23:46:58 -0800 Subject: [PATCH]lib/stream-windows.c: Grant Access Privilege of Named Pipe to Creator Current implementation of ovs on windows only allows LocalSystem and Administrators to access the named pipe created with API of ovs. Thus any service that needs to invoke the API to create named pipe has to run as System account to interactive with ovs. It causes the system more vulnerable if one of those services was break into. The patch adds the creator owner account to allowed ACLs. Signed-off-by: Ning Wu Signed-off-by: Ning Wu Acked-by: Alin Gabriel Serdean Acked-by: Anand Kumar --- Documentation/ref/ovsdb.7.rst | 3 ++- lib/stream-windows.c | 33 ++++++++++++++++++++++++++++++++- 2 files changed, 34 insertions(+), 2 deletions(-) diff --git a/Documentation/ref/ovsdb.7.rst b/Documentation/ref/ovsdb.7.rst index b1f3f5d..da4dbed 100644 --- a/Documentation/ref/ovsdb.7.rst +++ b/Documentation/ref/ovsdb.7.rst @@ -422,7 +422,8 @@ punix: named . On Windows, listens on a local named pipe, creating a named pipe - to mimic the behavior of a Unix domain socket. + to mimic the behavior of a Unix domain socket. The ACLs of the named + pipe include LocalSystem, Administrators, and Creator Owner. All IP-based connection methods accept IPv4 and IPv6 addresses. To specify an IPv6 address, wrap it in square brackets, e.g. ``ssl:[::1]:6640``. Passive diff --git a/lib/stream-windows.c b/lib/stream-windows.c index 34bc610..5c4c55e 100644 --- a/lib/stream-windows.c +++ b/lib/stream-windows.c @@ -41,7 +41,7 @@ static void maybe_unlink_and_free(char *path); #define LOCAL_PREFIX "\\\\.\\pipe\\" /* Size of the allowed PSIDs for securing Named Pipe. */ -#define ALLOWED_PSIDS_SIZE 2 +#define ALLOWED_PSIDS_SIZE 3 /* This function has the purpose to remove all the slashes received in s. */ static char * @@ -412,6 +412,9 @@ create_pnpipe(char *name) PACL acl = NULL; PSECURITY_DESCRIPTOR psd = NULL; HANDLE npipe; + HANDLE hToken = NULL; + DWORD dwBufSize = 0; + PTOKEN_USER pTokenUsr = NULL; /* Disable access over network. */ if (!AllocateAndInitializeSid(&sia, 1, SECURITY_NETWORK_RID, @@ -438,6 +441,32 @@ create_pnpipe(char *name) goto handle_error; } + /* Open the access token of calling process */ + if (!OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, &hToken)) { + VLOG_ERR_RL(&rl, "Error opening access token of calling process."); + goto handle_error; + } + + /* get the buffer size buffer needed for SID */ + GetTokenInformation(hToken, TokenUser, NULL, 0, &dwBufSize); + + pTokenUsr = xmalloc(dwBufSize); + memset(pTokenUsr, 0, dwBufSize); + + /* Retrieve the token information in a TOKEN_USER structure. */ + if (!GetTokenInformation(hToken, TokenUser, pTokenUsr, dwBufSize, + &dwBufSize)) { + VLOG_ERR_RL(&rl, "Error retrieving token information."); + goto handle_error; + } + CloseHandle(hToken); + + if (!IsValidSid(pTokenUsr->User.Sid)) { + VLOG_ERR_RL(&rl, "Invalid SID."); + goto handle_error; + } + allowedPsid[2] = pTokenUsr->User.Sid; + for (int i = 0; i < ALLOWED_PSIDS_SIZE; i++) { aclSize += sizeof(ACCESS_ALLOWED_ACE) + GetLengthSid(allowedPsid[i]) - @@ -490,11 +519,13 @@ create_pnpipe(char *name) npipe = CreateNamedPipe(name, PIPE_ACCESS_DUPLEX | FILE_FLAG_OVERLAPPED, PIPE_TYPE_MESSAGE | PIPE_READMODE_BYTE | PIPE_WAIT, 64, BUFSIZE, BUFSIZE, 0, &sa); + free(pTokenUsr); free(acl); free(psd); return npipe; handle_error: + free(pTokenUsr); free(acl); free(psd); return INVALID_HANDLE_VALUE;