mirror of
https://github.com/tnodir/fort
synced 2024-11-14 22:05:12 +00:00
Remove Service SID-s handling
This commit is contained in:
Nodir Temirkhodjaev
parent
1521efccf0
commit
80ca99f1d7
@ -317,30 +317,3 @@ FORT_API BOOL fort_conf_app_group_blocked(const FORT_CONF_FLAGS conf_flags, FORT
|
||||
|
||||
return conf_flags.group_blocked;
|
||||
}
|
||||
|
||||
FORT_API PCWSTR fort_conf_service_sid_name_find(
|
||||
PCFORT_SERVICE_SID_LIST service_sids, const char *sidBytes)
|
||||
{
|
||||
if (service_sids == NULL)
|
||||
return NULL;
|
||||
|
||||
const char *data = service_sids->data;
|
||||
const int services_n = service_sids->services_n;
|
||||
|
||||
const int sid_index = fort_conf_blob_index(data, sidBytes, FORT_SERVICE_SID_SIZE, services_n);
|
||||
if (sid_index < 0)
|
||||
return NULL;
|
||||
|
||||
const UINT16 name_index =
|
||||
((UINT16 *) (data + FORT_SERVICE_SID_LIST_SID_NAME_INDEXES_OFF(services_n)))[sid_index];
|
||||
|
||||
const UINT32 name_off =
|
||||
((UINT32 *) (data + FORT_SERVICE_SID_LIST_NAMES_HEADER_OFF(services_n)))[name_index];
|
||||
|
||||
const int names_n = service_sids->names_n;
|
||||
const char *names_data = data + FORT_SERVICE_SID_LIST_NAMES_OFF(services_n, names_n);
|
||||
|
||||
PCWSTR name = (PCWSTR) (names_data + name_off);
|
||||
|
||||
return name;
|
||||
}
|
||||
|
||||
@ -77,35 +77,6 @@ typedef struct fort_service_info_list
|
||||
#define FORT_SERVICE_INFO_LIST_MIN_SIZE \
|
||||
(FORT_SERVICE_INFO_LIST_DATA_OFF + FORT_SERVICE_INFO_MAX_SIZE)
|
||||
|
||||
typedef struct fort_service_sid_list
|
||||
{
|
||||
UINT16 services_n;
|
||||
UINT16 names_n;
|
||||
|
||||
char data[1];
|
||||
} FORT_SERVICE_SID_LIST, *PFORT_SERVICE_SID_LIST;
|
||||
|
||||
typedef const FORT_SERVICE_SID_LIST *PCFORT_SERVICE_SID_LIST;
|
||||
|
||||
#define FORT_SERVICE_SID_LIST_DATA_OFF offsetof(FORT_SERVICE_SID_LIST, data)
|
||||
#define FORT_SERVICE_SID_SIZE (5 * sizeof(UINT32))
|
||||
|
||||
#define FORT_SERVICE_SID_LIST_SID_NAME_INDEXES_OFF(services_n) \
|
||||
((services_n) * FORT_SERVICE_SID_SIZE)
|
||||
|
||||
#define FORT_SERVICE_SID_LIST_NAMES_HEADER_OFF(services_n) \
|
||||
(FORT_SERVICE_SID_LIST_SID_NAME_INDEXES_OFF(services_n) + (services_n) * sizeof(UINT16))
|
||||
|
||||
#define FORT_SERVICE_SID_LIST_NAMES_HEADER_SIZE(names_n) ((names_n) * sizeof(UINT32))
|
||||
|
||||
#define FORT_SERVICE_SID_LIST_NAMES_OFF(services_n, names_n) \
|
||||
(FORT_SERVICE_SID_LIST_NAMES_HEADER_OFF(services_n) \
|
||||
+ FORT_SERVICE_SID_LIST_NAMES_HEADER_SIZE(names_n))
|
||||
|
||||
#define FORT_SERVICE_SID_LIST_MAX_SIZE(services_n, names_n) \
|
||||
(FORT_SERVICE_SID_LIST_DATA_OFF + FORT_SERVICE_SID_LIST_NAMES_OFF(services_n, names_n) \
|
||||
+ (names_n) * FORT_SERVICE_INFO_NAME_MAX_SIZE)
|
||||
|
||||
typedef struct fort_conf_port_list
|
||||
{
|
||||
UINT8 port_n;
|
||||
@ -388,9 +359,6 @@ FORT_API FORT_APP_DATA fort_conf_app_find(const PFORT_CONF conf, PCFORT_APP_PATH
|
||||
|
||||
FORT_API BOOL fort_conf_app_group_blocked(const FORT_CONF_FLAGS conf_flags, FORT_APP_DATA app_data);
|
||||
|
||||
FORT_API PCWSTR fort_conf_service_sid_name_find(
|
||||
PCFORT_SERVICE_SID_LIST service_sids, const char *sidBytes);
|
||||
|
||||
#ifdef __cplusplus
|
||||
} // extern "C"
|
||||
#endif
|
||||
|
||||
@ -182,18 +182,16 @@ DEFINE_GUID(FORT_GUID_EMPTY, 0x00000000, 0x0000, 0x0000, 0x00, 0x00, 0x00, 0x00,
|
||||
|
||||
#define FORT_IOCTL_INDEX_VALIDATE 0
|
||||
#define FORT_IOCTL_INDEX_SETSERVICES 1
|
||||
#define FORT_IOCTL_INDEX_SETSERVICE_SIDS 2
|
||||
#define FORT_IOCTL_INDEX_SETCONF 3
|
||||
#define FORT_IOCTL_INDEX_SETFLAGS 4
|
||||
#define FORT_IOCTL_INDEX_GETLOG 5
|
||||
#define FORT_IOCTL_INDEX_ADDAPP 6
|
||||
#define FORT_IOCTL_INDEX_DELAPP 7
|
||||
#define FORT_IOCTL_INDEX_SETZONES 8
|
||||
#define FORT_IOCTL_INDEX_SETZONEFLAG 9
|
||||
#define FORT_IOCTL_INDEX_SETCONF 2
|
||||
#define FORT_IOCTL_INDEX_SETFLAGS 3
|
||||
#define FORT_IOCTL_INDEX_GETLOG 4
|
||||
#define FORT_IOCTL_INDEX_ADDAPP 5
|
||||
#define FORT_IOCTL_INDEX_DELAPP 6
|
||||
#define FORT_IOCTL_INDEX_SETZONES 7
|
||||
#define FORT_IOCTL_INDEX_SETZONEFLAG 8
|
||||
|
||||
#define FORT_IOCTL_VALIDATE FORT_CTL_CODE(FORT_IOCTL_INDEX_VALIDATE, FILE_WRITE_DATA)
|
||||
#define FORT_IOCTL_SETSERVICES FORT_CTL_CODE(FORT_IOCTL_INDEX_SETSERVICES, FILE_WRITE_DATA)
|
||||
#define FORT_IOCTL_SETSERVICE_SIDS FORT_CTL_CODE(FORT_IOCTL_INDEX_SETSERVICE_SIDS, FILE_WRITE_DATA)
|
||||
#define FORT_IOCTL_SETCONF FORT_CTL_CODE(FORT_IOCTL_INDEX_SETCONF, FILE_WRITE_DATA)
|
||||
#define FORT_IOCTL_SETFLAGS FORT_CTL_CODE(FORT_IOCTL_INDEX_SETFLAGS, FILE_WRITE_DATA)
|
||||
#define FORT_IOCTL_GETLOG FORT_CTL_CODE(FORT_IOCTL_INDEX_GETLOG, FILE_READ_DATA)
|
||||
|
||||
@ -419,53 +419,6 @@ FORT_API FORT_CONF_FLAGS fort_conf_ref_flags_set(
|
||||
return old_conf_flags;
|
||||
}
|
||||
|
||||
FORT_API PFORT_SERVICE_SID_LIST fort_conf_service_sids_new(
|
||||
PCFORT_SERVICE_SID_LIST service_sids, ULONG len)
|
||||
{
|
||||
return fort_conf_mem_alloc(service_sids, len);
|
||||
}
|
||||
|
||||
FORT_API void fort_conf_service_sids_set(
|
||||
PFORT_DEVICE_CONF device_conf, PFORT_SERVICE_SID_LIST service_sids)
|
||||
{
|
||||
KIRQL oldIrql = ExAcquireSpinLockExclusive(&device_conf->lock);
|
||||
{
|
||||
fort_conf_mem_free(device_conf->service_sids);
|
||||
device_conf->service_sids = service_sids;
|
||||
}
|
||||
ExReleaseSpinLockExclusive(&device_conf->lock, oldIrql);
|
||||
}
|
||||
|
||||
FORT_API BOOL fort_conf_get_service_sid_path(
|
||||
PFORT_DEVICE_CONF device_conf, const char *sidBytes, PFORT_APP_PATH path)
|
||||
{
|
||||
char *buffer = (char *) path->buffer;
|
||||
|
||||
path->len = 0;
|
||||
|
||||
KIRQL oldIrql = ExAcquireSpinLockExclusive(&device_conf->lock);
|
||||
{
|
||||
PCWSTR service_name = fort_conf_service_sid_name_find(device_conf->service_sids, sidBytes);
|
||||
if (service_name != NULL) {
|
||||
char *name_buf = buffer + FORT_SVCHOST_PREFIX_SIZE;
|
||||
const DWORD name_size = (DWORD) (wcslen(service_name) * sizeof(WCHAR));
|
||||
|
||||
RtlCopyMemory(
|
||||
name_buf, service_name, name_size + sizeof(WCHAR)); /* + null terminator */
|
||||
|
||||
path->len = (UINT16) (FORT_SVCHOST_PREFIX_SIZE + name_size);
|
||||
}
|
||||
}
|
||||
ExReleaseSpinLockExclusive(&device_conf->lock, oldIrql);
|
||||
|
||||
if (path->len == 0)
|
||||
return FALSE;
|
||||
|
||||
RtlCopyMemory(buffer, FORT_SVCHOST_PREFIX, FORT_SVCHOST_PREFIX_SIZE);
|
||||
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
FORT_API PFORT_CONF_ZONES fort_conf_zones_new(PFORT_CONF_ZONES zones, ULONG len)
|
||||
{
|
||||
return fort_conf_mem_alloc(zones, len);
|
||||
|
||||
@ -42,7 +42,6 @@ typedef struct fort_device_conf
|
||||
PFORT_CONF_REF volatile ref;
|
||||
KSPIN_LOCK ref_lock;
|
||||
|
||||
PFORT_SERVICE_SID_LIST service_sids;
|
||||
PFORT_CONF_ZONES zones;
|
||||
|
||||
EX_SPIN_LOCK lock;
|
||||
@ -80,15 +79,6 @@ FORT_API FORT_CONF_FLAGS fort_conf_ref_set(PFORT_DEVICE_CONF device_conf, PFORT_
|
||||
FORT_API FORT_CONF_FLAGS fort_conf_ref_flags_set(
|
||||
PFORT_DEVICE_CONF device_conf, const FORT_CONF_FLAGS conf_flags);
|
||||
|
||||
FORT_API PFORT_SERVICE_SID_LIST fort_conf_service_sids_new(
|
||||
PCFORT_SERVICE_SID_LIST service_sids, ULONG len);
|
||||
|
||||
FORT_API void fort_conf_service_sids_set(
|
||||
PFORT_DEVICE_CONF device_conf, PFORT_SERVICE_SID_LIST service_sids);
|
||||
|
||||
FORT_API BOOL fort_conf_get_service_sid_path(
|
||||
PFORT_DEVICE_CONF device_conf, const char *sidBytes, PFORT_APP_PATH path);
|
||||
|
||||
FORT_API PFORT_CONF_ZONES fort_conf_zones_new(PFORT_CONF_ZONES zones, ULONG len);
|
||||
|
||||
FORT_API void fort_conf_zones_set(PFORT_DEVICE_CONF device_conf, PFORT_CONF_ZONES zones);
|
||||
|
||||
@ -365,72 +365,14 @@ inline static void fort_callout_ale_classify_action(PCFORT_CALLOUT_ARG ca,
|
||||
}
|
||||
}
|
||||
|
||||
inline static PSID_AND_ATTRIBUTES_HASH fort_callout_ale_get_sid(PCFORT_CALLOUT_ARG ca)
|
||||
{
|
||||
const FWP_VALUE0 userIdField = ca->inFixedValues->incomingValue[ca->fi->userId].value;
|
||||
if (userIdField.type != FWP_TOKEN_ACCESS_INFORMATION_TYPE)
|
||||
return NULL;
|
||||
|
||||
const PTOKEN_ACCESS_INFORMATION tokenInfo =
|
||||
(PTOKEN_ACCESS_INFORMATION) userIdField.tokenAccessInformation->data;
|
||||
if (tokenInfo == NULL)
|
||||
return NULL;
|
||||
|
||||
return tokenInfo->SidHash;
|
||||
}
|
||||
|
||||
inline static const char *fort_callout_ale_get_service_sid(const SID *sid)
|
||||
{
|
||||
if (sid == NULL)
|
||||
return NULL;
|
||||
|
||||
if (sid->Revision != 1)
|
||||
return NULL;
|
||||
|
||||
if (sid->SubAuthorityCount != 6)
|
||||
return NULL; // not "Service SID"'s sub-auth count
|
||||
|
||||
const DWORD *subAuth = &sid->SubAuthority[0];
|
||||
if (*subAuth != 80)
|
||||
return NULL; // not "Service SID"'s prefix
|
||||
|
||||
const BYTE *idAuth = &sid->IdentifierAuthority.Value[0];
|
||||
if (idAuth[5] != 5)
|
||||
return NULL; // not "NT Authority"
|
||||
|
||||
if (idAuth[4] != 0 || *((PUINT32) &idAuth[0]) != 0)
|
||||
return NULL; // not "NT Authority"
|
||||
|
||||
return (const char *) &subAuth[1];
|
||||
}
|
||||
|
||||
inline static BOOL fort_callout_ale_fill_path_sid(
|
||||
inline static BOOL fort_callout_ale_fill_path_tag(
|
||||
PCFORT_CALLOUT_ARG ca, PFORT_CALLOUT_ALE_EXTRA cx, BOOL isSvcHost)
|
||||
{
|
||||
if (!isSvcHost)
|
||||
return FALSE;
|
||||
|
||||
const PSID_AND_ATTRIBUTES_HASH sidHash = fort_callout_ale_get_sid(ca);
|
||||
if (sidHash == NULL)
|
||||
return FALSE;
|
||||
|
||||
const int sidCount = sidHash->SidCount;
|
||||
|
||||
for (int i = 0; i < sidCount; ++i) {
|
||||
const SID *sid = sidHash->SidAttr[i].Sid;
|
||||
|
||||
// Get Service Name by SID
|
||||
const char *sidBytes = fort_callout_ale_get_service_sid(sid);
|
||||
if (sidBytes == NULL)
|
||||
continue;
|
||||
|
||||
cx->path.buffer = cx->svchost_name;
|
||||
|
||||
if (fort_conf_get_service_sid_path(&fort_device()->conf, sidBytes, &cx->path))
|
||||
return TRUE;
|
||||
|
||||
break;
|
||||
}
|
||||
// TODO
|
||||
// PCWSTR tag = (PCWSTR) ca->inMetaValues->subProcessTag;
|
||||
|
||||
return FALSE;
|
||||
}
|
||||
@ -449,7 +391,7 @@ inline static void fort_callout_ale_fill_path(PCFORT_CALLOUT_ARG ca, PFORT_CALLO
|
||||
|
||||
if (fort_pstree_get_proc_name(
|
||||
&fort_device()->ps_tree, cx->process_id, path, &isSvcHost, &inherited)
|
||||
|| fort_callout_ale_fill_path_sid(ca, cx, isSvcHost)) {
|
||||
|| fort_callout_ale_fill_path_tag(ca, cx, isSvcHost)) {
|
||||
|
||||
if (!inherited) {
|
||||
*real_path = *path;
|
||||
|
||||
@ -107,7 +107,6 @@ FORT_API NTSTATUS fort_device_cleanup(PDEVICE_OBJECT device, PIRP irp)
|
||||
const FORT_CONF_FLAGS old_conf_flags = fort_conf_ref_set(&fort_device()->conf, NULL);
|
||||
const FORT_CONF_FLAGS conf_flags = fort_device()->conf.conf_flags;
|
||||
|
||||
fort_conf_service_sids_set(&fort_device()->conf, NULL);
|
||||
fort_conf_zones_set(&fort_device()->conf, NULL);
|
||||
|
||||
fort_stat_conf_flags_update(&fort_device()->stat, conf_flags);
|
||||
@ -156,30 +155,6 @@ static NTSTATUS fort_device_control_setservices(PFORT_DEVICE_CONTROL_ARG dca)
|
||||
return STATUS_UNSUCCESSFUL;
|
||||
}
|
||||
|
||||
static NTSTATUS fort_device_control_setservice_sids(PFORT_DEVICE_CONTROL_ARG dca)
|
||||
{
|
||||
const PCFORT_SERVICE_SID_LIST service_sids = dca->buffer;
|
||||
const ULONG len = dca->in_len;
|
||||
|
||||
if (len > sizeof(FORT_SERVICE_SID_LIST)) {
|
||||
PFORT_SERVICE_SID_LIST sids = fort_conf_service_sids_new(service_sids, len);
|
||||
|
||||
if (sids == NULL) {
|
||||
return STATUS_INSUFFICIENT_RESOURCES;
|
||||
} else {
|
||||
fort_conf_service_sids_set(&fort_device()->conf, sids);
|
||||
|
||||
fort_device_reauth_queue();
|
||||
|
||||
return STATUS_SUCCESS;
|
||||
}
|
||||
|
||||
return STATUS_SUCCESS;
|
||||
}
|
||||
|
||||
return STATUS_UNSUCCESSFUL;
|
||||
}
|
||||
|
||||
inline static NTSTATUS fort_device_control_setconf_ref(
|
||||
const PFORT_CONF_IO conf_io, PFORT_CONF_REF conf_ref)
|
||||
{
|
||||
@ -354,7 +329,6 @@ typedef FORT_DEVICE_CONTROL_PROCESS_FUNC *PFORT_DEVICE_CONTROL_PROCESS_FUNC;
|
||||
static PFORT_DEVICE_CONTROL_PROCESS_FUNC fortDeviceControlProcess_funcList[] = {
|
||||
&fort_device_control_validate,
|
||||
&fort_device_control_setservices,
|
||||
&fort_device_control_setservice_sids,
|
||||
&fort_device_control_setconf,
|
||||
&fort_device_control_setflags,
|
||||
&fort_device_control_getlog,
|
||||
|
||||
@ -139,81 +139,3 @@ TEST_F(ConfUtilTest, checkEnvManager)
|
||||
|
||||
ASSERT_NE(envManager.expandString("%HOME%"), QString());
|
||||
}
|
||||
|
||||
TEST_F(ConfUtilTest, serviceSidsWriteRead)
|
||||
{
|
||||
const auto SVC = [](const char *name) -> ServiceInfo {
|
||||
ServiceInfo si;
|
||||
si.serviceName = si.realServiceName = name;
|
||||
return si;
|
||||
};
|
||||
|
||||
const QVector<ServiceInfo> services = { SVC("AppIDSvc"), SVC("Appinfo"), SVC("AppMgmt"),
|
||||
SVC("AppReadiness"), SVC("AppXSvc"), SVC("AudioEndpointBuilder"), SVC("AxInstSV"),
|
||||
SVC("BFE"), SVC("BITS"), SVC("BrokerInfrastructure"), SVC("BTAGService"),
|
||||
SVC("BthAvctpSvc"), SVC("bthserv"), SVC("camsvc"), SVC("CDPSvc"), SVC("CertPropSvc"),
|
||||
SVC("ClipSVC"), SVC("CoreMessagingRegistrar"), SVC("DcomLaunch"),
|
||||
SVC("DeviceAssociationService"), SVC("DeviceInstall"), SVC("DevQueryBroker"), SVC("Dhcp"),
|
||||
SVC("DialogBlockingService"), SVC("DispBrokerDesktopSvc"), SVC("DisplayEnhancementService"),
|
||||
SVC("dot3svc"), SVC("DPS"), SVC("DsmSvc"), SVC("DsSvc"), SVC("EapHost"),
|
||||
SVC("embeddedmode"), SVC("EntAppSvc"), SVC("EventLog"), SVC("EventSystem"), SVC("fdPHost"),
|
||||
SVC("FDResPub"), SVC("fhsvc"), SVC("FontCache"), SVC("FrameServer"), SVC("hidserv"),
|
||||
SVC("icssvc"), SVC("IKEEXT"), SVC("iphlpsvc"), SVC("IpxlatCfgSvc"), SVC("KtmRm"),
|
||||
SVC("LanmanServer"), SVC("LanmanWorkstation"), SVC("lfsvc"), SVC("LicenseManager"),
|
||||
SVC("lltdsvc"), SVC("lmhosts"), SVC("LSM"), SVC("LxpSvc"), SVC("mpssvc"), SVC("MSiSCSI"),
|
||||
SVC("MsKeyboardFilter"), SVC("NaturalAuthentication"), SVC("NcaSvc"), SVC("NcbService"),
|
||||
SVC("NcdAutoSetup"), SVC("Netman"), SVC("netprofm"), SVC("NetSetupSvc"), SVC("NgcCtnrSvc"),
|
||||
SVC("NgcSvc"), SVC("NlaSvc"), SVC("nsi"), SVC("PcaSvc"), SVC("PhoneSvc"), SVC("pla"),
|
||||
SVC("PlugPlay"), SVC("PolicyAgent"), SVC("Power"), SVC("PrintDeviceConfigurationService"),
|
||||
SVC("PrintScanBrokerService"), SVC("ProfSvc"), SVC("PushToInstall"), SVC("QWAVE"),
|
||||
SVC("RasAuto"), SVC("RasMan"), SVC("RemoteAccess"), SVC("RemoteRegistry"), SVC("RmSvc"),
|
||||
SVC("RpcEptMapper"), SVC("RpcSs"), SVC("SCardSvr"), SVC("ScDeviceEnum"), SVC("Schedule"),
|
||||
SVC("SCPolicySvc"), SVC("seclogon"), SVC("SENS"), SVC("SensorService"), SVC("SensrSvc"),
|
||||
SVC("SessionEnv"), SVC("SharedAccess"), SVC("ShellHWDetection"), SVC("shpamsvc"),
|
||||
SVC("SmsRouter"), SVC("SSDPSRV"), SVC("SstpSvc"), SVC("StateRepository"), SVC("StorSvc"),
|
||||
SVC("svsvc"), SVC("SysMain"), SVC("SystemEventsBroker"), SVC("TapiSrv"), SVC("TermService"),
|
||||
SVC("TextInputManagementService"), SVC("Themes"), SVC("TimeBrokerSvc"), SVC("TokenBroker"),
|
||||
SVC("TrkWks"), SVC("TroubleshootingSvc"), SVC("tzautoupdate"), SVC("UmRdpService"),
|
||||
SVC("upnphost"), SVC("UserManager"), SVC("UsoSvc"), SVC("vmicguestinterface"),
|
||||
SVC("vmicheartbeat"), SVC("vmickvpexchange"), SVC("vmicrdv"), SVC("vmicshutdown"),
|
||||
SVC("vmictimesync"), SVC("vmicvmsession"), SVC("W32Time"), SVC("WaaSMedicSvc"),
|
||||
SVC("WbioSrvc"), SVC("wcncsvc"), SVC("WdiServiceHost"), SVC("WdiSystemHost"),
|
||||
SVC("WebClient"), SVC("webthreatdefsvc"), SVC("Wecsvc"), SVC("WEPHOSTSVC"),
|
||||
SVC("wercplsupport"), SVC("WFDSConMgrSvc"), SVC("WiaRpc"), SVC("WinHttpAutoProxySvc"),
|
||||
SVC("Winmgmt"), SVC("WinRM"), SVC("wisvc"), SVC("wlidsvc"), SVC("wlpasvc"), SVC("WManSvc"),
|
||||
SVC("WPDBusEnum"), SVC("WpnService"), SVC("wuauserv"), SVC("WwanSvc"),
|
||||
SVC("XblAuthManager"), SVC("XblGameSave"), SVC("XboxGipSvc"), SVC("XboxNetApiSvc"),
|
||||
SVC("AarSvc"), SVC("BcastDVRUserService"), SVC("CaptureService"), SVC("cbdhsvc"),
|
||||
SVC("CDPUserSvc"), SVC("ConsentUxUserSvc"), SVC("DeviceAssociationBrokerSvc"),
|
||||
SVC("DevicePickerUserSvc"), SVC("DevicesFlowUserSvc"), SVC("MessagingService"),
|
||||
SVC("NPSMSvc"), SVC("PimIndexMaintenanceSvc"), SVC("PrintWorkflowUserSvc"),
|
||||
SVC("UdkUserSvc"), SVC("UnistoreSvc"), SVC("UserDataSvc"), SVC("webthreatdefusersvc"),
|
||||
SVC("WpnUserService") };
|
||||
|
||||
ConfBuffer confBuf;
|
||||
|
||||
confBuf.writeServiceSids(services);
|
||||
|
||||
// Check the buffer
|
||||
const auto buffer = confBuf.buffer();
|
||||
|
||||
ASSERT_NE(buffer.size(), 0);
|
||||
|
||||
PCFORT_SERVICE_SID_LIST service_sids = PCFORT_SERVICE_SID_LIST(buffer.data());
|
||||
|
||||
// Find Service Name by SID
|
||||
for (const auto &si : services) {
|
||||
const auto sid = StringUtil::serviceSid(si.realServiceName);
|
||||
const auto name = DriverCommon::confServiceSidNameFind(service_sids, sid);
|
||||
|
||||
ASSERT_EQ(name, si.serviceName.toLower());
|
||||
}
|
||||
|
||||
// Find Invalid Service Name by SID
|
||||
{
|
||||
const auto sid = StringUtil::serviceSid("Bad");
|
||||
|
||||
ASSERT_EQ(sid.size(), FORT_SERVICE_SID_SIZE);
|
||||
ASSERT_EQ(DriverCommon::confServiceSidNameFind(service_sids, sid), QString());
|
||||
}
|
||||
}
|
||||
|
||||
@ -925,7 +925,6 @@ void ConfManager::updateServices()
|
||||
auto serviceInfoManager = IoC<ServiceInfoManager>();
|
||||
|
||||
updateOwnProcessServices(serviceInfoManager);
|
||||
updateShareProcessServices(serviceInfoManager);
|
||||
}
|
||||
|
||||
void ConfManager::updateDriverServices(
|
||||
@ -938,15 +937,6 @@ void ConfManager::updateDriverServices(
|
||||
IoC<DriverManager>()->writeServices(confBuf.buffer());
|
||||
}
|
||||
|
||||
void ConfManager::updateDriverServiceSids(const QVector<ServiceInfo> &services)
|
||||
{
|
||||
ConfBuffer confBuf;
|
||||
|
||||
confBuf.writeServiceSids(services);
|
||||
|
||||
IoC<DriverManager>()->writeServiceSids(confBuf.buffer());
|
||||
}
|
||||
|
||||
void ConfManager::updateOwnProcessServices(ServiceInfoManager *serviceInfoManager)
|
||||
{
|
||||
int runningServicesCount = 0;
|
||||
@ -961,17 +951,6 @@ void ConfManager::updateOwnProcessServices(ServiceInfoManager *serviceInfoManage
|
||||
}
|
||||
}
|
||||
|
||||
void ConfManager::updateShareProcessServices(ServiceInfoManager *serviceInfoManager)
|
||||
{
|
||||
const QVector<ServiceInfo> services = serviceInfoManager->loadServiceInfoList(
|
||||
ServiceInfo::TypeWin32ShareProcess, ServiceInfo::StateAll,
|
||||
/*displayName=*/false);
|
||||
|
||||
if (!services.isEmpty()) {
|
||||
updateDriverServiceSids(services);
|
||||
}
|
||||
}
|
||||
|
||||
bool ConfManager::loadFromDb(FirewallConf &conf, bool &isNew)
|
||||
{
|
||||
// Load Address Groups
|
||||
|
||||
@ -97,10 +97,7 @@ private:
|
||||
|
||||
bool validateConf(const FirewallConf &newConf);
|
||||
|
||||
void updateDriverServiceSids(const QVector<ServiceInfo> &services);
|
||||
|
||||
void updateOwnProcessServices(ServiceInfoManager *serviceInfoManager);
|
||||
void updateShareProcessServices(ServiceInfoManager *serviceInfoManager);
|
||||
|
||||
bool loadFromDb(FirewallConf &conf, bool &isNew);
|
||||
bool saveToDb(const FirewallConf &conf);
|
||||
|
||||
@ -22,11 +22,6 @@ quint32 ioctlSetServices()
|
||||
return FORT_IOCTL_SETSERVICES;
|
||||
}
|
||||
|
||||
quint32 ioctlSetServiceSids()
|
||||
{
|
||||
return FORT_IOCTL_SETSERVICE_SIDS;
|
||||
}
|
||||
|
||||
quint32 ioctlSetConf()
|
||||
{
|
||||
return FORT_IOCTL_SETCONF;
|
||||
@ -231,13 +226,6 @@ FORT_APP_DATA confAppFind(const void *drvConf, const QString &kernelPath)
|
||||
return app_data;
|
||||
}
|
||||
|
||||
QString confServiceSidNameFind(PCFORT_SERVICE_SID_LIST service_sids, const char *sidBytes)
|
||||
{
|
||||
PCWSTR name = fort_conf_service_sid_name_find(service_sids, sidBytes);
|
||||
|
||||
return name ? QString::fromWCharArray(name) : QString();
|
||||
}
|
||||
|
||||
bool provRegister(bool bootFilter)
|
||||
{
|
||||
const FORT_PROV_BOOT_CONF boot_conf = {
|
||||
|
||||
@ -11,7 +11,6 @@ QString deviceName();
|
||||
|
||||
quint32 ioctlValidate();
|
||||
quint32 ioctlSetServices();
|
||||
quint32 ioctlSetServiceSids();
|
||||
quint32 ioctlSetConf();
|
||||
quint32 ioctlSetFlags();
|
||||
quint32 ioctlGetLog();
|
||||
@ -71,8 +70,6 @@ bool confIp6InRange(
|
||||
|
||||
FORT_APP_DATA confAppFind(const void *drvConf, const QString &kernelPath);
|
||||
|
||||
QString confServiceSidNameFind(PCFORT_SERVICE_SID_LIST service_sids, const char *sidBytes);
|
||||
|
||||
bool provRegister(bool bootFilter);
|
||||
void provUnregister();
|
||||
|
||||
|
||||
@ -108,11 +108,6 @@ bool DriverManager::writeServices(QByteArray &buf)
|
||||
return writeData(DriverCommon::ioctlSetServices(), buf);
|
||||
}
|
||||
|
||||
bool DriverManager::writeServiceSids(QByteArray &buf)
|
||||
{
|
||||
return writeData(DriverCommon::ioctlSetServiceSids(), buf);
|
||||
}
|
||||
|
||||
bool DriverManager::writeConf(QByteArray &buf, bool onlyFlags)
|
||||
{
|
||||
return writeData(onlyFlags ? DriverCommon::ioctlSetFlags() : DriverCommon::ioctlSetConf(), buf);
|
||||
|
||||
@ -44,7 +44,6 @@ public slots:
|
||||
bool validate(QByteArray &buf);
|
||||
|
||||
bool writeServices(QByteArray &buf);
|
||||
bool writeServiceSids(QByteArray &buf);
|
||||
bool writeConf(QByteArray &buf, bool onlyFlags = false);
|
||||
bool writeApp(QByteArray &buf, bool remove = false);
|
||||
bool writeZones(QByteArray &buf, bool onlyFlags = false);
|
||||
|
||||
@ -54,25 +54,6 @@ int writeServiceInfo(char *data, const ServiceInfo &serviceInfo)
|
||||
return FORT_SERVICE_INFO_NAME_OFF + FORT_CONF_STR_DATA_SIZE(nameLen);
|
||||
}
|
||||
|
||||
void collectServiceSidsNames(const QVector<ServiceInfo> &services, WriteServiceSidsArgs &wssa)
|
||||
{
|
||||
QHash<QString, int> nameIndexMap;
|
||||
|
||||
for (const ServiceInfo &info : services) {
|
||||
const auto sid = StringUtil::serviceSid(info.realServiceName);
|
||||
|
||||
const auto name = info.serviceName;
|
||||
int nameIndex = nameIndexMap.value(name, -1);
|
||||
|
||||
if (nameIndex == -1) {
|
||||
nameIndex = wssa.namesList.size();
|
||||
wssa.namesList.append(name);
|
||||
}
|
||||
|
||||
wssa.sidNameIndexMap.insert(sid, nameIndex);
|
||||
}
|
||||
}
|
||||
|
||||
void writeAppGroupFlags(PFORT_CONF_GROUP out, const FirewallConf &conf)
|
||||
{
|
||||
out->group_bits = 0;
|
||||
@ -195,28 +176,6 @@ void ConfBuffer::writeServices(const QVector<ServiceInfo> &services, int running
|
||||
buffer().resize(outSize); // shrink to actual size
|
||||
}
|
||||
|
||||
void ConfBuffer::writeServiceSids(const QVector<ServiceInfo> &services)
|
||||
{
|
||||
WriteServiceSidsArgs wssa;
|
||||
|
||||
collectServiceSidsNames(services, wssa);
|
||||
|
||||
// Resize the buffer to max size
|
||||
{
|
||||
const int servicesCount = wssa.sidNameIndexMap.size();
|
||||
const int namesCount = wssa.namesList.size();
|
||||
|
||||
buffer().resize(FORT_SERVICE_SID_LIST_MAX_SIZE(servicesCount, namesCount));
|
||||
}
|
||||
|
||||
// Fill the buffer
|
||||
char *data = buffer().data();
|
||||
|
||||
const int outSize = ConfUtil::writeServiceSids(&data, wssa);
|
||||
|
||||
buffer().resize(outSize); // shrink to actual size
|
||||
}
|
||||
|
||||
bool ConfBuffer::write(
|
||||
const FirewallConf &conf, const ConfAppsWalker *confAppsWalker, EnvManager &envManager)
|
||||
{
|
||||
|
||||
@ -35,7 +35,6 @@ public slots:
|
||||
void writeVersion();
|
||||
|
||||
void writeServices(const QVector<ServiceInfo> &services, int runningServicesCount);
|
||||
void writeServiceSids(const QVector<ServiceInfo> &services);
|
||||
|
||||
bool write(
|
||||
const FirewallConf &conf, const ConfAppsWalker *confAppsWalker, EnvManager &envManager);
|
||||
|
||||
@ -119,51 +119,6 @@ QRegularExpressionMatch ConfUtil::matchWildcard(const QStringView &path)
|
||||
return StringUtil::match(wildMatcher, path);
|
||||
}
|
||||
|
||||
int ConfUtil::writeServiceSids(char **data, const WriteServiceSidsArgs &wssa)
|
||||
{
|
||||
PFORT_SERVICE_SID_LIST serviceSids = PFORT_SERVICE_SID_LIST(*data);
|
||||
|
||||
const int servicesCount = wssa.sidNameIndexMap.size();
|
||||
const int namesCount = wssa.namesList.size();
|
||||
|
||||
serviceSids->services_n = servicesCount;
|
||||
serviceSids->names_n = namesCount;
|
||||
|
||||
// Write Service SID-s and Name Indexes
|
||||
char *sid = serviceSids->data;
|
||||
quint16 *nameIndex = (quint16 *) (sid + servicesCount * FORT_SERVICE_SID_SIZE);
|
||||
|
||||
#if QT_VERSION >= QT_VERSION_CHECK(6, 6, 0)
|
||||
for (const auto &[sidData, index] : wssa.sidNameIndexMap.asKeyValueRange()) {
|
||||
#else
|
||||
auto it = wssa.sidNameIndexMap.constBegin();
|
||||
for (; it != wssa.sidNameIndexMap.constEnd(); ++it) {
|
||||
const auto &sidData = it.key();
|
||||
const auto index = it.value();
|
||||
#endif
|
||||
|
||||
writeArray(&sid, sidData);
|
||||
|
||||
*nameIndex++ = index;
|
||||
}
|
||||
|
||||
// Write Service Names: Offsets and Texts
|
||||
quint32 *nameOffset = (quint32 *) nameIndex;
|
||||
|
||||
char *nameData = (char *) (nameOffset + namesCount);
|
||||
char *nameText = nameData;
|
||||
|
||||
for (const auto &name : wssa.namesList) {
|
||||
const quint32 off = nameText - nameData;
|
||||
|
||||
*nameOffset++ = off;
|
||||
|
||||
writeString(&nameText, name.toLower());
|
||||
}
|
||||
|
||||
return (nameText - *data);
|
||||
}
|
||||
|
||||
QString ConfUtil::parseAppPath(const QStringView &line, bool &isWild, bool &isPrefix)
|
||||
{
|
||||
auto path = line;
|
||||
|
||||
@ -17,12 +17,6 @@ using longs_arr_t = QVector<quint32>;
|
||||
using shorts_arr_t = QVector<quint16>;
|
||||
using chars_arr_t = QVector<qint8>;
|
||||
|
||||
struct WriteServiceSidsArgs
|
||||
{
|
||||
QMap<QByteArray, int> sidNameIndexMap;
|
||||
QStringList namesList;
|
||||
};
|
||||
|
||||
struct ParseAddressGroupsArgs
|
||||
{
|
||||
addrranges_arr_t addressRanges;
|
||||
@ -48,8 +42,6 @@ public:
|
||||
|
||||
static QRegularExpressionMatch matchWildcard(const QStringView &path);
|
||||
|
||||
static int writeServiceSids(char **data, const WriteServiceSidsArgs &wssa);
|
||||
|
||||
static QString parseAppPath(const QStringView &line, bool &isWild, bool &isPrefix);
|
||||
|
||||
static void writeConf(char **data, const WriteConfArgs &wca, AppParseOptions &opt);
|
||||
|
||||
@ -16,6 +16,6 @@
|
||||
#define APP_UPDATES_URL "https://github.com/tnodir/fort/releases"
|
||||
#define APP_UPDATES_API_URL "https://api.github.com/repos/tnodir/fort/releases/latest"
|
||||
|
||||
#define DRIVER_VERSION 40
|
||||
#define DRIVER_VERSION 41
|
||||
|
||||
#endif // FORT_VERSION_H
|
||||
|
||||
Loading…
Reference in New Issue
Block a user