[Bug 16882] Multiple Windows service processes fail to start/ hang due to missing SECURITY_SERVICE_RID in process token ( Microsoft WMI core 1.5 service, PostgreSQL)
wine-bugs at winehq.org
wine-bugs at winehq.org
Fri May 11 02:42:28 CDT 2018
https://bugs.winehq.org/show_bug.cgi?id=16882
Anastasius Focht <focht at gmx.net> changed:
What |Removed |Added
----------------------------------------------------------------------------
Summary|Microsoft WMI core 1.5 |Multiple Windows service
|service hangs due to |processes fail to
|missing |start/hang due to missing
|SECURITY_SERVICE_RID |SECURITY_SERVICE_RID in
|(process token) |process token (Microsoft
| |WMI core 1.5 service,
| |PostgreSQL)
--- Comment #13 from Anastasius Focht <focht at gmx.net> ---
Hello folks,
revisiting, still present.
--- snip ---
$ winetricks -q wmi
# will hang after install -> starting service
<CTRL+C>
$ wineserver -k
$ wine net start Winmgmt
0025:fixme:ntoskrnl:MmMapIoSpace stub: 0x00000000000f0000, 65536, 1
0032:fixme:ole:CoInitializeSecurity ((nil),-1,(nil),(nil),2,2,(nil),32,(nil)) -
stub!
000f:err:service:process_send_command service protocol error - failed to write
pipe!
000f:fixme:service:scmdatabase_autostart_services Auto-start service L"Winmgmt"
failed to start: 1053
The Windows Management Instrumentation service is starting.
003e:fixme:ole:CoInitializeSecurity ((nil),-1,(nil),(nil),2,2,(nil),32,(nil)) -
stub!
003c:err:service:process_send_command service protocol error - failed to write
pipe!
Service request timeout.
--- snip ---
Updated (non-broken) link to Github project(s):
https://github.com/postgres/postgres/blob/master/src/port/win32security.c#L94
--- snip ---
/*
* We consider ourselves running as a service if one of the following is
* true:
*
* 1) We are running as LocalSystem (only used by services)
* 2) Our token contains SECURITY_SERVICE_RID (automatically added to the
* process token by the SCM when starting a service)
*
* The check for LocalSystem is needed, because surprisingly, if a service
* is running as LocalSystem, it does not have SECURITY_SERVICE_RID in its
* process token.
*
* Return values:
* 0 = Not service
* 1 = Service
* -1 = Error
*
* Note: we can't report errors via either ereport (we're called too early
* in the backend) or write_stderr (because that calls this). We are
* therefore reduced to writing directly on stderr, which sucks, but we
* have few alternatives.
*/
--- snip ---
Process hacker:
https://github.com/processhacker/processhacker/search?utf8=✓&q=PhSeServiceSid
--- snip ---
VOID KphSetServiceSecurity(
_In_ SC_HANDLE ServiceHandle
)
{
static SID_IDENTIFIER_AUTHORITY ntAuthority = SECURITY_NT_AUTHORITY;
PSECURITY_DESCRIPTOR securityDescriptor;
ULONG sdAllocationLength;
UCHAR administratorsSidBuffer[FIELD_OFFSET(SID, SubAuthority) +
sizeof(ULONG) * 2];
PSID administratorsSid;
PACL dacl;
administratorsSid = (PSID)administratorsSidBuffer;
RtlInitializeSid(administratorsSid, &ntAuthority, 2);
*RtlSubAuthoritySid(administratorsSid, 0) = SECURITY_BUILTIN_DOMAIN_RID;
*RtlSubAuthoritySid(administratorsSid, 1) = DOMAIN_ALIAS_RID_ADMINS;
sdAllocationLength = SECURITY_DESCRIPTOR_MIN_LENGTH +
(ULONG)sizeof(ACL) +
(ULONG)sizeof(ACCESS_ALLOWED_ACE) +
RtlLengthSid(&PhSeServiceSid) +
(ULONG)sizeof(ACCESS_ALLOWED_ACE) +
RtlLengthSid(administratorsSid) +
(ULONG)sizeof(ACCESS_ALLOWED_ACE) +
RtlLengthSid(&PhSeInteractiveSid);
securityDescriptor = PhAllocate(sdAllocationLength);
dacl = (PACL)PTR_ADD_OFFSET(securityDescriptor,
SECURITY_DESCRIPTOR_MIN_LENGTH);
RtlCreateSecurityDescriptor(securityDescriptor,
SECURITY_DESCRIPTOR_REVISION);
RtlCreateAcl(dacl, sdAllocationLength - SECURITY_DESCRIPTOR_MIN_LENGTH,
ACL_REVISION);
RtlAddAccessAllowedAce(dacl, ACL_REVISION, SERVICE_ALL_ACCESS,
&PhSeServiceSid);
RtlAddAccessAllowedAce(dacl, ACL_REVISION, SERVICE_ALL_ACCESS,
administratorsSid);
RtlAddAccessAllowedAce(dacl, ACL_REVISION,
SERVICE_QUERY_CONFIG |
SERVICE_QUERY_STATUS |
SERVICE_START |
SERVICE_STOP |
SERVICE_INTERROGATE |
DELETE,
&PhSeInteractiveSid
);
RtlSetDaclSecurityDescriptor(securityDescriptor, TRUE, dacl, FALSE);
SetServiceObjectSecurity(ServiceHandle, DACL_SECURITY_INFORMATION,
securityDescriptor);
PhFree(securityDescriptor);
}
--- snip ---
$ wine --version
wine-3.7-156-g6d6b4bffb3
Regards
--
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.
More information about the wine-bugs
mailing list