https://bugs.winehq.org/show_bug.cgi?id=16882
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Summary|Microsoft WMI core 1.5 |Multiple Windows service |service hangs due to |processes fail to |missing |start/hang due to missing |SECURITY_SERVICE_RID |SECURITY_SERVICE_RID in |(process token) |process token (Microsoft | |WMI core 1.5 service, | |PostgreSQL)
--- Comment #13 from Anastasius Focht focht@gmx.net --- Hello folks,
revisiting, still present.
--- snip --- $ winetricks -q wmi
# will hang after install -> starting service <CTRL+C>
$ wineserver -k
$ wine net start Winmgmt 0025:fixme:ntoskrnl:MmMapIoSpace stub: 0x00000000000f0000, 65536, 1 0032:fixme:ole:CoInitializeSecurity ((nil),-1,(nil),(nil),2,2,(nil),32,(nil)) - stub! 000f:err:service:process_send_command service protocol error - failed to write pipe! 000f:fixme:service:scmdatabase_autostart_services Auto-start service L"Winmgmt" failed to start: 1053 The Windows Management Instrumentation service is starting. 003e:fixme:ole:CoInitializeSecurity ((nil),-1,(nil),(nil),2,2,(nil),32,(nil)) - stub! 003c:err:service:process_send_command service protocol error - failed to write pipe! Service request timeout. --- snip ---
Updated (non-broken) link to Github project(s):
https://github.com/postgres/postgres/blob/master/src/port/win32security.c#L9...
--- snip --- /* * We consider ourselves running as a service if one of the following is * true: * * 1) We are running as LocalSystem (only used by services) * 2) Our token contains SECURITY_SERVICE_RID (automatically added to the * process token by the SCM when starting a service) * * The check for LocalSystem is needed, because surprisingly, if a service * is running as LocalSystem, it does not have SECURITY_SERVICE_RID in its * process token. * * Return values: * 0 = Not service * 1 = Service * -1 = Error * * Note: we can't report errors via either ereport (we're called too early * in the backend) or write_stderr (because that calls this). We are * therefore reduced to writing directly on stderr, which sucks, but we * have few alternatives. */ --- snip ---
Process hacker:
https://github.com/processhacker/processhacker/search?utf8=%E2%9C%93&q=P...
--- snip --- VOID KphSetServiceSecurity( _In_ SC_HANDLE ServiceHandle ) { static SID_IDENTIFIER_AUTHORITY ntAuthority = SECURITY_NT_AUTHORITY; PSECURITY_DESCRIPTOR securityDescriptor; ULONG sdAllocationLength; UCHAR administratorsSidBuffer[FIELD_OFFSET(SID, SubAuthority) + sizeof(ULONG) * 2]; PSID administratorsSid; PACL dacl;
administratorsSid = (PSID)administratorsSidBuffer; RtlInitializeSid(administratorsSid, &ntAuthority, 2); *RtlSubAuthoritySid(administratorsSid, 0) = SECURITY_BUILTIN_DOMAIN_RID; *RtlSubAuthoritySid(administratorsSid, 1) = DOMAIN_ALIAS_RID_ADMINS;
sdAllocationLength = SECURITY_DESCRIPTOR_MIN_LENGTH + (ULONG)sizeof(ACL) + (ULONG)sizeof(ACCESS_ALLOWED_ACE) + RtlLengthSid(&PhSeServiceSid) + (ULONG)sizeof(ACCESS_ALLOWED_ACE) + RtlLengthSid(administratorsSid) + (ULONG)sizeof(ACCESS_ALLOWED_ACE) + RtlLengthSid(&PhSeInteractiveSid);
securityDescriptor = PhAllocate(sdAllocationLength); dacl = (PACL)PTR_ADD_OFFSET(securityDescriptor, SECURITY_DESCRIPTOR_MIN_LENGTH);
RtlCreateSecurityDescriptor(securityDescriptor, SECURITY_DESCRIPTOR_REVISION); RtlCreateAcl(dacl, sdAllocationLength - SECURITY_DESCRIPTOR_MIN_LENGTH, ACL_REVISION); RtlAddAccessAllowedAce(dacl, ACL_REVISION, SERVICE_ALL_ACCESS, &PhSeServiceSid); RtlAddAccessAllowedAce(dacl, ACL_REVISION, SERVICE_ALL_ACCESS, administratorsSid); RtlAddAccessAllowedAce(dacl, ACL_REVISION, SERVICE_QUERY_CONFIG | SERVICE_QUERY_STATUS | SERVICE_START | SERVICE_STOP | SERVICE_INTERROGATE | DELETE, &PhSeInteractiveSid ); RtlSetDaclSecurityDescriptor(securityDescriptor, TRUE, dacl, FALSE);
SetServiceObjectSecurity(ServiceHandle, DACL_SECURITY_INFORMATION, securityDescriptor);
PhFree(securityDescriptor); } --- snip ---
$ wine --version wine-3.7-156-g6d6b4bffb3
Regards