#include "shsrvice.h" #include "dbg.h" #include "tfids.h" #pragma warning(push) // FALSE positive below: gss #pragma warning(disable : 4101) // for now static SECURITY_ATTRIBUTES _sa = {0}; static ACL* _pacl = NULL; static SID* _psidLocalUsers = NULL; static SECURITY_DESCRIPTOR* _psd = NULL; HRESULT _InitSecurityDescriptor(); // for now #ifdef UNICODE extern "C" { int __cdecl wmain(int argc, wchar_t* argv[]) #else int __cdecl main(int argc, char* argv[]) #endif { TRACE(TF_SERVICE, TEXT("Entered main")); HRESULT hres = E_INVALIDARG; #ifdef DEBUG CGenericServiceManager::_fRunAsService = FALSE; #endif if (argc > 1) { hres = CGenericServiceManager::Init(); if (!lstrcmpi(argv[1], TEXT("-i")) || !lstrcmpi(argv[1], TEXT("/i"))) { TRACE(TF_SERVICE, TEXT("Installing")); hres = CGenericServiceManager::Install(); if (SUCCEEDED(hres)) { TRACE(TF_SERVICE, TEXT("Install SUCCEEDED")); } else { TRACE(TF_SERVICE, TEXT("Install FAILED")); } } else { if (!lstrcmpi(argv[1], TEXT("-u")) || !lstrcmpi(argv[1], TEXT("/u"))) { TRACE(TF_SERVICE, TEXT("UnInstalling")); hres = CGenericServiceManager::UnInstall(); if (SUCCEEDED(hres)) { TRACE(TF_SERVICE, TEXT("UnInstall SUCCEEDED")); } else { TRACE(TF_SERVICE, TEXT("UnInstall FAILED")); } } else { hres = E_INVALIDARG; } } CGenericServiceManager::Cleanup(); } else { hres = CoInitializeEx(NULL, COINIT_MULTITHREADED | COINIT_DISABLE_OLE1DDE); if (SUCCEEDED(hres)) { // hres = _InitSecurityDescriptor(); if (SUCCEEDED(hres)) { hres = CoInitializeSecurity(_psd, -1, NULL, NULL, RPC_C_AUTHN_LEVEL_PKT, RPC_C_IMP_LEVEL_IMPERSONATE, NULL, EOAC_NONE, NULL); if (SUCCEEDED(hres)) { // need to be here at most 2 seconds after being launched hres = CGenericServiceManager::StartServiceCtrlDispatcher(); } else { TRACE(TF_SERVICE, TEXT("CoInitializeSecurity failed: 0x%08X"), hres); } } CoUninitialize(); } } return hres; } #ifdef UNICODE } #endif #pragma warning(pop) HRESULT _InitSecurityDescriptor() { HRESULT hres; if (_pacl) { hres = S_OK; } else { hres = E_FAIL; // This is for "Everyone": // // SID_IDENTIFIER_AUTHORITY sidAuthNT = SECURITY_WORLD_SID_AUTHORITY; // // if (AllocateAndInitializeSid(&sidAuthNT, 1, SECURITY_WORLD_RID, // 0, 0, 0, 0, 0, 0, 0, (void**)&_psidLocalUsers)) // This is for local entities only SID_IDENTIFIER_AUTHORITY sidAuthNT = SECURITY_NT_AUTHORITY; if (AllocateAndInitializeSid(&sidAuthNT, 1, SECURITY_INTERACTIVE_RID, 0, 0, 0, 0, 0, 0, 0, (void**)&_psidLocalUsers)) { DWORD cbacl = sizeof(ACL) + sizeof(ACCESS_ALLOWED_ACE) - sizeof(DWORD/*ACCESS_ALLOWED_ACE.SidStart*/) + GetLengthSid(_psidLocalUsers); _pacl = (ACL*)LocalAlloc(LPTR, cbacl); if (_pacl) { if (InitializeAcl(_pacl, cbacl, ACL_REVISION)) { if (AddAccessAllowedAce(_pacl, ACL_REVISION, FILE_ALL_ACCESS, _psidLocalUsers)) { _psd = (SECURITY_DESCRIPTOR*)LocalAlloc(LPTR, sizeof(SECURITY_DESCRIPTOR)); if (_psd) { if (InitializeSecurityDescriptor(_psd, SECURITY_DESCRIPTOR_REVISION)) { if (SetSecurityDescriptorDacl(_psd, TRUE, _pacl, FALSE)) { if (IsValidSecurityDescriptor(_psd)) { _sa.nLength = sizeof(_sa); _sa.lpSecurityDescriptor = _psd; _sa.bInheritHandle = TRUE; hres = S_OK; } } } } else { hres = E_OUTOFMEMORY; } } } } else { hres = E_OUTOFMEMORY; } } if (FAILED(hres)) { if (_psidLocalUsers) { FreeSid(_psidLocalUsers); } if (_pacl) { LocalFree((HLOCAL)_pacl); } if (_psd) { LocalFree((HLOCAL)_psd); } } } return hres; }