upssched and other NUT daemons: fix Windows state pipe permissions#3527
Conversation
Signed-off-by: Jim Klimov <jimklimov+nut@gmail.com>
…pipe_security() to be reusable [networkupstools#3479, networkupstools#3525] Co-authored-by: mbv06 <mbv06.dev@gmail.com> Signed-off-by: Jim Klimov <jimklimov+nut@gmail.com>
… attributes for listening pipes [networkupstools#3525] Replicate what was done for dstate.c in PR networkupstools#3479. Co-authored-by: mbv06 <mbv06.dev@gmail.com> Signed-off-by: Jim Klimov <jimklimov+nut@gmail.com>
|
A ZIP file with standard source tarball and another tarball with pre-built docs for commit 3b3145c is temporarily available: NUT-tarballs-PR-3527.zip. |
|
✅ Build nut 2.8.5.4920-master completed (commit dd08c4a91c by @jimklimov)
|
|
Looks good overall.
One security concern is that the NULL DACL allows any client to connect with full access. I think we should at least add |
No, in this version, upsdhed may be running, but I don't see the console output of its messages and I know for sure that as a result, my event handling script C:\NUT\cmd\upssched-cmd.ps1is not executed. |
|
Thanks @alexdruqn-cpu for the logs. What I think happens here regarding I am not sure yet why I think the tons of
|
|
This test exposed another flaw, I suppose. I stumbled upon this log entry:
However then as we parse the command line with Until this flaw gets fixed, please do use For other messages, also look up |
…ions are present [networkupstools#3525, networkupstools#3105] Signed-off-by: Jim Klimov <jimklimov+nut@gmail.com>
Signed-off-by: Jim Klimov <jimklimov+nut@gmail.com>
…e `SKIP: can't open existing event log NAMED_PIPE` messages [networkupstools#3527] Signed-off-by: Jim Klimov <jimklimov+nut@gmail.com>
…log()/upsdebug() from this method [networkupstools#3527] Signed-off-by: Jim Klimov <jimklimov+nut@gmail.com>
|
Posted a couple of prospective fixes... |
…Pipe(): add PIPE_REJECT_REMOTE_CLIENTS flag to only work with local host clients [networkupstools#3527] Signed-off-by: Jim Klimov <jimklimov+nut@gmail.com>
Yes, I set the NUT_DEBUG_SYSLOG=stderr environment variable and set the debugging level in the configs. And I started receiving messages in the console from upssched.exe Here is the full log of the nightmare that was happening in the system, the timers eventually went crazy and the station left at some point due to the shutdown event. PS: In the launch option that I gave above (upsmon -DDDDD, upssched.exe -DDDDD), upssched.exe definitely didn't start because I didn't observe six processes upssched.exe and dozens of running my powershell script processes. |
|
✅ Build nut 2.8.5.4922-master completed (commit 5e65207f12 by @jimklimov)
|
|
✅ Build nut 2.8.5.4922-master completed (commit 5e65207f12 by @jimklimov) |
|
❌ Build nut 2.8.5.4923-master failed (commit ee673f076d by @jimklimov) |
|
@alexdruqn-cpu : Thanks, I'll try to figure those out. Which Windows version is it? Are there any special group policies, domain settings or other security hardening that might put sticks into wheels, compared to basic systems that Appceyor CI runs on? @mbv06 : it seems that when I added the flag against remote connections in the last commit, tests failed to run on Appveyor machines at least - can't connect (see latest build's log linked above for details). |
|
@jimklimov looks like |
@jimklimov This is a test computer with a freshly installed system and all current updates. Workgroup, local user with admin priv, no group policies, no other software, except 7z, notepad++, far and etc. Windows 11 IoT LTSC 24H2 (26100.8737) |
…Pipe(): add PIPE_REJECT_REMOTE_CLIENTS flag to only work with local host clients [networkupstools#3527] Signed-off-by: Jim Klimov <jimklimov+nut@gmail.com>
|
@mbv06 : (facepalm) Thanks! I've misread the https://learn.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-createnamedpipea as I rushed to post the fix, I guess. |
|
✅ Build nut 2.8.5.4924-master completed (commit bd13519795 by @jimklimov)
|
|
✅ Build nut 2.8.5.4924-master completed (commit bd13519795 by @jimklimov) |
|
@alexdruqn-cpu : were the logs from your latest post made with the latest build (reported by appveyor just before that report of yours?) One log file says Can you please check if https://ci.appveyor.com/api/buildjobs/93af8njpxkif2wdx/artifacts/NUT-for-Windows-x86_64-SNAPSHOT-2.8.5.4924-master.7z behaves better? |
|
@jimklimov I've already tried 4924, in a nutshell - it's all the same, multiple timers running and an event parsing script for event transition OL->OB->OL. I'll post the logs tomorrow. |
|
I can't run this build today - the executable files are not signed and the launch is blocked by windows device guard. I don't have time at all right now to figure out how to disable this signature verification on the test machine, so I'll return to the tests and logs next week. |
|
Thanks for the update. FWIW, they were never signed, so this bit is not a regression in the CI-built preview archives. The involvement of "Enterprise guard" however suggests that the system may be set up in some more complicated fashion than the permissive runners in the CI cloud, which might impact visibility of inter-process communication pipes or whatever. |
|
Status for now: merging this PR as it should fix situations for which the original concern in #3479 applied. Maybe the situation in #3525 just differs from that. In any case, if that problem remains in place, we will follow up on the master branch or its subsequent spin-offs for #3525 discussion. @alexdruqn-cpu : if you would apply these newer post-merge builds to your system, note that now #3499 was also merged, so |
Generalize the fix from PR #3479, hoping it would help with issue #3525.
CC @mbv06 : a cursory review would be welcome :) Also, as I've just asked in your PR trail - would similar fixes be useful in "client" side of the connections (
CreateFile)?CC @alexdruqn-cpu : when/if Appveyor CI produces a build of this PR (in roughly an hour if all goes well; it should post a link in a comment below), a practical test would be welcome to see if this change impacts the issue you've seen on your system.