1.0.9
This commit is contained in:
parent
af4fba34b9
commit
013a032cd3
|
@ -10,6 +10,7 @@ This project adheres to [Semantic Versioning](http://semver.org/).
|
|||
- added new maintenance menu option "Uninstall All" to quickly remove all components when running in portable mode
|
||||
- added option to return not to a snapshot but to an empty box state while keeping all snapshots
|
||||
- Sandboxie-Plus.ini can now be placed in C:\ProgramData\Sandboxie-Plus\ folder and takes precedence (for business use)
|
||||
- added support for AF_UNIX in on windows to resolve issues with OpenJDK17 and later [#1009](https://github.com/sandboxie-plus/Sandboxie/issues/1009) [#1520](https://github.com/sandboxie-plus/Sandboxie/issues/1520) [#1521](https://github.com/sandboxie-plus/Sandboxie/issues/1521)
|
||||
|
||||
### Changed
|
||||
- reworked breakout mechanism to be service based and not allowing the parent process to access the broken out child process
|
||||
|
@ -29,8 +30,8 @@ This project adheres to [Semantic Versioning](http://semver.org/).
|
|||
- fixed issues with sysnative directory [#1403](https://github.com/sandboxie-plus/Sandboxie/issues/1403)
|
||||
- fixed issue with starting SandMan when running sandboxed from context menu [#1579](https://github.com/sandboxie-plus/Sandboxie/issues/1579)
|
||||
- fixed dark mode flash issue with main window creation [#1231](https://github.com/sandboxie-plus/Sandboxie/issues/1231#issuecomment-1024469681)
|
||||
- fixed issues with snapshot error handling
|
||||
|
||||
- fixed issues with snapshot error handling [#350](https://github.com/sandboxie-plus/Sandboxie/issues/350)
|
||||
- fixed issues with the always on top option
|
||||
|
||||
|
||||
|
||||
|
|
|
@ -42,6 +42,7 @@
|
|||
|
||||
#define WSA_IO_PENDING (ERROR_IO_PENDING)
|
||||
|
||||
#define AF_UNIX 1 /* unix socket available since windows build 17063 */
|
||||
#define AF_INET 2 /* internetwork: UDP, TCP, etc. */
|
||||
#define AF_INET6 23 /* internetwork v6: UDP, TCP, etc. */
|
||||
#define SOCKET ULONG_PTR
|
||||
|
@ -95,11 +96,16 @@ typedef struct sockaddr_in6 {
|
|||
ULONG sin6_flowinfo; // IPv6 flow information.
|
||||
IN6_ADDR sin6_addr; // IPv6 address.
|
||||
union {
|
||||
ULONG sin6_scope_id; // Set of interfaces for a scope.
|
||||
ULONG sin6_scope_id; // Set of interfaces for a scope.
|
||||
SCOPE_ID sin6_scope_struct;
|
||||
};
|
||||
} SOCKADDR_IN6_LH, *PSOCKADDR_IN6_LH, FAR *LPSOCKADDR_IN6_LH;
|
||||
|
||||
typedef struct sockaddr_un {
|
||||
ADDRESS_FAMILY family; // AF_UNIX
|
||||
char path[1]; // Pathname
|
||||
} SOCKADDR_UN;
|
||||
|
||||
typedef void (*PIPFORWARD_CHANGE_CALLBACK)
|
||||
(void *CallerContext, void *Row, ULONG NotificationType);
|
||||
|
||||
|
|
|
@ -258,7 +258,7 @@ static NTSTATUS File_SetAttributes(
|
|||
HANDLE FileHandle, const WCHAR *CopyPath,
|
||||
FILE_BASIC_INFORMATION *Information);
|
||||
|
||||
static NTSTATUS File_SetDisposition(
|
||||
NTSTATUS File_SetDisposition(
|
||||
HANDLE FileHandle, IO_STATUS_BLOCK *IoStatusBlock,
|
||||
void *FileInformation, ULONG Length, FILE_INFORMATION_CLASS FileInformationClass);
|
||||
|
||||
|
|
|
@ -1356,6 +1356,8 @@ _FX NTSTATUS File_NtDeviceIoControlFile(
|
|||
OUT PVOID OutputBuffer OPTIONAL,
|
||||
IN ULONG OutputBufferLength)
|
||||
{
|
||||
NTSTATUS status;
|
||||
|
||||
//
|
||||
// check if this is an IOCTL that we want to deny
|
||||
//
|
||||
|
@ -1366,7 +1368,6 @@ _FX NTSTATUS File_NtDeviceIoControlFile(
|
|||
ULONG LastError;
|
||||
THREAD_DATA *TlsData = Dll_GetTlsData(&LastError);
|
||||
|
||||
NTSTATUS status;
|
||||
WCHAR *TruePath;
|
||||
WCHAR *CopyPath;
|
||||
|
||||
|
@ -1411,8 +1412,10 @@ _FX NTSTATUS File_NtDeviceIoControlFile(
|
|||
// otherwise
|
||||
//
|
||||
|
||||
return __sys_NtDeviceIoControlFile(
|
||||
status = __sys_NtDeviceIoControlFile(
|
||||
FileHandle, Event, ApcRoutine, ApcContext, IoStatusBlock,
|
||||
IoControlCode, InputBuffer, InputBufferLength,
|
||||
OutputBuffer, OutputBufferLength);
|
||||
|
||||
return status;
|
||||
}
|
||||
|
|
|
@ -80,10 +80,10 @@ static SOCKET WSA_WSASocketW(
|
|||
unsigned int g,
|
||||
DWORD dwFlags);
|
||||
|
||||
/*static int WSA_bind(
|
||||
static int WSA_bind(
|
||||
SOCKET s,
|
||||
const void *name,
|
||||
int namelen);*/
|
||||
int namelen);
|
||||
|
||||
static int WSA_connect(
|
||||
SOCKET s,
|
||||
|
@ -300,7 +300,7 @@ static P_WSANSPIoctl __sys_WSANSPIoctl = NULL;
|
|||
|
||||
static P_WSASocketW __sys_WSASocketW = NULL;
|
||||
|
||||
//static P_bind __sys_bind = NULL;
|
||||
static P_bind __sys_bind = NULL;
|
||||
|
||||
static P_connect __sys_connect = NULL;
|
||||
static P_WSAConnect __sys_WSAConnect = NULL;
|
||||
|
@ -464,17 +464,103 @@ static SOCKET WSA_WSASocketW(
|
|||
}
|
||||
|
||||
|
||||
//---------------------------------------------------------------------------
|
||||
// WSA_HandleAfUnix
|
||||
//---------------------------------------------------------------------------
|
||||
|
||||
|
||||
_FX BOOLEAN WSA_HandleAfUnix(const short** paddr, int* paddrlen)
|
||||
{
|
||||
if (!(*paddrlen >= sizeof(SOCKADDR_UN) && *paddr && (*paddr)[0] == AF_UNIX))
|
||||
return FALSE; // not AF_UNIX nothing to do
|
||||
|
||||
BOOLEAN ret = FALSE;
|
||||
HANDLE handle = INVALID_HANDLE_VALUE;
|
||||
WCHAR* path = NULL;
|
||||
|
||||
//
|
||||
// use create file to get the proper sandboxed file path, take care of resource access settings
|
||||
// and encure a box path exists if needed
|
||||
//
|
||||
|
||||
handle = CreateFileA(((SOCKADDR_UN*)*paddr)->path, GENERIC_WRITE, FILE_SHARE_READ, NULL, OPEN_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL);
|
||||
DWORD err = GetLastError();
|
||||
if (handle == INVALID_HANDLE_VALUE)
|
||||
goto finish;
|
||||
|
||||
//
|
||||
// if the file was created we need to delete it again
|
||||
//
|
||||
|
||||
if (err == 0) { // != ERROR_ALREADY_EXISTS
|
||||
|
||||
NTSTATUS File_SetDisposition(
|
||||
HANDLE FileHandle, IO_STATUS_BLOCK * IoStatusBlock,
|
||||
void* FileInformation, ULONG Length, FILE_INFORMATION_CLASS FileInformationClass);
|
||||
|
||||
IO_STATUS_BLOCK Iosb;
|
||||
FILE_DISPOSITION_INFORMATION fdi;
|
||||
fdi.DeleteFileOnClose = TRUE;
|
||||
File_SetDisposition(handle, &Iosb, &fdi, sizeof(FILE_DISPOSITION_INFORMATION), FileDispositionInformation);
|
||||
}
|
||||
|
||||
//
|
||||
// get the path form the handle and translate it to Dos
|
||||
//
|
||||
|
||||
path = Dll_Alloc(sizeof(WCHAR) * 8192);
|
||||
|
||||
BOOLEAN IsBoxedPath;
|
||||
NTSTATUS status = SbieDll_GetHandlePath(handle, path, &IsBoxedPath);
|
||||
if (!NT_SUCCESS(status))
|
||||
goto finish;
|
||||
|
||||
if (!SbieDll_TranslateNtToDosPath(path))
|
||||
goto finish;
|
||||
|
||||
//
|
||||
// create a new addr with the new path
|
||||
//
|
||||
|
||||
ULONG len = wcslen(path) * 2;
|
||||
*paddr = Dll_Alloc(sizeof(SOCKADDR_UN) + len);
|
||||
|
||||
SOCKADDR_UN* un_addr = (SOCKADDR_UN*)*paddr;
|
||||
un_addr->family = AF_UNIX;
|
||||
|
||||
len = WideCharToMultiByte(CP_ACP, 0, path, wcslen(path) + 1, un_addr->path, len, NULL, NULL);
|
||||
|
||||
*paddrlen = sizeof(SOCKADDR_UN) + len;
|
||||
|
||||
ret = TRUE;
|
||||
|
||||
finish:
|
||||
if (handle != INVALID_HANDLE_VALUE)
|
||||
NtClose(handle);
|
||||
if (path)
|
||||
Dll_Free(path);
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
|
||||
//---------------------------------------------------------------------------
|
||||
// WSA_bind
|
||||
//---------------------------------------------------------------------------
|
||||
|
||||
/*_FX int WSA_bind(
|
||||
_FX int WSA_bind(
|
||||
SOCKET s,
|
||||
const void *name,
|
||||
int namelen)
|
||||
{
|
||||
return __sys_bind(s, name, namelen);
|
||||
}*/
|
||||
BOOLEAN new_name = WSA_HandleAfUnix(&name, &namelen);
|
||||
|
||||
int ret = __sys_bind(s, name, namelen);
|
||||
|
||||
if (new_name) Dll_Free((void*)name);
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
|
||||
//---------------------------------------------------------------------------
|
||||
|
@ -544,7 +630,14 @@ _FX int WSA_connect(
|
|||
{
|
||||
if (WSA_IsBlockedTraffic(name, namelen, IPPROTO_TCP))
|
||||
return SOCKET_ERROR;
|
||||
return __sys_connect(s, name, namelen);
|
||||
|
||||
BOOLEAN new_name = WSA_HandleAfUnix(&name, &namelen);
|
||||
|
||||
int ret = __sys_connect(s, name, namelen);
|
||||
|
||||
if (new_name) Dll_Free((void*)name);
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
|
||||
|
@ -564,8 +657,15 @@ _FX int WSA_WSAConnect(
|
|||
{
|
||||
if (WSA_IsBlockedTraffic(name, namelen, IPPROTO_TCP))
|
||||
return SOCKET_ERROR;
|
||||
return __sys_WSAConnect(
|
||||
|
||||
BOOLEAN new_name = WSA_HandleAfUnix(&name, &namelen);
|
||||
|
||||
int ret = __sys_WSAConnect(
|
||||
s, name, namelen, lpCallerData, lpCalleeData, lpSQOS, lpGQOS);
|
||||
|
||||
if (new_name) Dll_Free((void*)name);
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
|
||||
|
@ -585,8 +685,15 @@ _FX int WSA_ConnectEx(
|
|||
{
|
||||
if (WSA_IsBlockedTraffic(name, namelen, IPPROTO_TCP))
|
||||
return SOCKET_ERROR;
|
||||
return __sys_ConnectEx(
|
||||
|
||||
BOOLEAN new_name = WSA_HandleAfUnix(&name, &namelen);
|
||||
|
||||
int ret = __sys_ConnectEx(
|
||||
s, name, namelen, lpSendBuffer, dwSendDataLength, lpdwBytesSent, lpOverlapped);
|
||||
|
||||
if (new_name) Dll_Free((void*)name);
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
/*
|
||||
|
@ -789,7 +896,7 @@ _FX BOOLEAN WSA_Init(HMODULE module)
|
|||
|
||||
P_WSASocketW WSASocketW;
|
||||
|
||||
//P_bind bind;
|
||||
P_bind bind;
|
||||
|
||||
P_connect connect;
|
||||
P_WSAConnect WSAConnect;
|
||||
|
@ -813,10 +920,10 @@ _FX BOOLEAN WSA_Init(HMODULE module)
|
|||
}
|
||||
|
||||
|
||||
/*bind = (P_WSANSPIoctl)GetProcAddress(module, "bind");
|
||||
bind = (P_bind)GetProcAddress(module, "bind");
|
||||
if (bind) {
|
||||
SBIEDLL_HOOK(WSA_,bind);
|
||||
}*/
|
||||
}
|
||||
|
||||
|
||||
//
|
||||
|
|
|
@ -1896,9 +1896,9 @@ void CSandMan::CheckResults(QList<SB_STATUS> Results)
|
|||
}
|
||||
|
||||
if (Errors.count() == 1)
|
||||
QMessageBox::warning(NULL, tr("Sandboxie-Plus - Error"), Errors.first());
|
||||
QMessageBox::warning(theGUI, tr("Sandboxie-Plus - Error"), Errors.first());
|
||||
else if (Errors.count() > 1) {
|
||||
CMultiErrorDialog Dialog(tr("Operation failed for %1 item(s).").arg(Errors.size()), Errors);
|
||||
CMultiErrorDialog Dialog(tr("Operation failed for %1 item(s).").arg(Errors.size()), Errors, theGUI);
|
||||
Dialog.exec();
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue