[Bug 16882] Multiple Windows service processes fail to start/ hang due to missing SECURITY_SERVICE_RID in process token ( Microsoft WMI core 1.5 service, PostgreSQL)

wine-bugs at winehq.org wine-bugs at winehq.org
Fri May 11 02:42:28 CDT 2018 

https://bugs.winehq.org/show_bug.cgi?id=16882

Anastasius Focht <focht at gmx.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
            Summary|Microsoft WMI core 1.5      |Multiple Windows service
                   |service hangs due to        |processes fail to
                   |missing                     |start/hang due to missing
                   |SECURITY_SERVICE_RID        |SECURITY_SERVICE_RID in
                   |(process token)             |process token (Microsoft
                   |                            |WMI core 1.5 service,
                   |                            |PostgreSQL)

--- Comment #13 from Anastasius Focht <focht at gmx.net> ---
Hello folks,

revisiting, still present.

--- snip ---
$ winetricks -q wmi

# will hang after install -> starting service
<CTRL+C>

$ wineserver -k

$ wine net start Winmgmt
0025:fixme:ntoskrnl:MmMapIoSpace stub: 0x00000000000f0000, 65536, 1
0032:fixme:ole:CoInitializeSecurity ((nil),-1,(nil),(nil),2,2,(nil),32,(nil)) -
stub!
000f:err:service:process_send_command service protocol error - failed to write
pipe!
000f:fixme:service:scmdatabase_autostart_services Auto-start service L"Winmgmt"
failed to start: 1053
The Windows Management Instrumentation service is starting.
003e:fixme:ole:CoInitializeSecurity ((nil),-1,(nil),(nil),2,2,(nil),32,(nil)) -
stub!
003c:err:service:process_send_command service protocol error - failed to write
pipe!
Service request timeout.
--- snip ---

Updated (non-broken) link to Github project(s):

https://github.com/postgres/postgres/blob/master/src/port/win32security.c#L94

--- snip ---
/*
 * We consider ourselves running as a service if one of the following is
 * true:
 *
 * 1) We are running as LocalSystem (only used by services)
 * 2) Our token contains SECURITY_SERVICE_RID (automatically added to the
 *      process token by the SCM when starting a service)
 *
 * The check for LocalSystem is needed, because surprisingly, if a service
 * is running as LocalSystem, it does not have SECURITY_SERVICE_RID in its
 * process token.
 *
 * Return values:
 *     0 = Not service
 *     1 = Service
 *    -1 = Error
 *
 * Note: we can't report errors via either ereport (we're called too early
 * in the backend) or write_stderr (because that calls this).  We are
 * therefore reduced to writing directly on stderr, which sucks, but we
 * have few alternatives.
 */
--- snip ---

Process hacker:

https://github.com/processhacker/processhacker/search?utf8=✓&q=PhSeServiceSid

--- snip ---
VOID KphSetServiceSecurity(
    _In_ SC_HANDLE ServiceHandle
    )
{
    static SID_IDENTIFIER_AUTHORITY ntAuthority = SECURITY_NT_AUTHORITY;
    PSECURITY_DESCRIPTOR securityDescriptor;
    ULONG sdAllocationLength;
    UCHAR administratorsSidBuffer[FIELD_OFFSET(SID, SubAuthority) +
sizeof(ULONG) * 2];
    PSID administratorsSid;
    PACL dacl;

    administratorsSid = (PSID)administratorsSidBuffer;
    RtlInitializeSid(administratorsSid, &ntAuthority, 2);
    *RtlSubAuthoritySid(administratorsSid, 0) = SECURITY_BUILTIN_DOMAIN_RID;
    *RtlSubAuthoritySid(administratorsSid, 1) = DOMAIN_ALIAS_RID_ADMINS;

    sdAllocationLength = SECURITY_DESCRIPTOR_MIN_LENGTH +
        (ULONG)sizeof(ACL) +
        (ULONG)sizeof(ACCESS_ALLOWED_ACE) +
        RtlLengthSid(&PhSeServiceSid) +
        (ULONG)sizeof(ACCESS_ALLOWED_ACE) +
        RtlLengthSid(administratorsSid) +
        (ULONG)sizeof(ACCESS_ALLOWED_ACE) +
        RtlLengthSid(&PhSeInteractiveSid);

    securityDescriptor = PhAllocate(sdAllocationLength);
    dacl = (PACL)PTR_ADD_OFFSET(securityDescriptor,
SECURITY_DESCRIPTOR_MIN_LENGTH);

    RtlCreateSecurityDescriptor(securityDescriptor,
SECURITY_DESCRIPTOR_REVISION);
    RtlCreateAcl(dacl, sdAllocationLength - SECURITY_DESCRIPTOR_MIN_LENGTH,
ACL_REVISION);
    RtlAddAccessAllowedAce(dacl, ACL_REVISION, SERVICE_ALL_ACCESS,
&PhSeServiceSid);
    RtlAddAccessAllowedAce(dacl, ACL_REVISION, SERVICE_ALL_ACCESS,
administratorsSid);
    RtlAddAccessAllowedAce(dacl, ACL_REVISION, 
        SERVICE_QUERY_CONFIG |
        SERVICE_QUERY_STATUS |
        SERVICE_START |
        SERVICE_STOP |
        SERVICE_INTERROGATE |
        DELETE,
        &PhSeInteractiveSid
        );
    RtlSetDaclSecurityDescriptor(securityDescriptor, TRUE, dacl, FALSE);

    SetServiceObjectSecurity(ServiceHandle, DACL_SECURITY_INFORMATION,
securityDescriptor);

    PhFree(securityDescriptor);
}
--- snip ---

$ wine --version
wine-3.7-156-g6d6b4bffb3

Regards

-- 
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.

More information about the wine-bugs mailing list