1.0.9

2022-01-31 00:16:53 +01:00 · 2022-01-31 00:16:53 +01:00 · 013a032cd3
parent af4fba34b9
commit 013a032cd3
6 changed files with 137 additions and 20 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -10,6 +10,7 @@ This project adheres to [Semantic Versioning](http://semver.org/).
 - added new maintenance menu option "Uninstall All" to quickly remove all components when running in portable mode
 - added option to return not to a snapshot but to an empty box state while keeping all snapshots
 - Sandboxie-Plus.ini can now be placed in C:\ProgramData\Sandboxie-Plus\ folder and takes precedence (for business use)
+- added support for AF_UNIX in on windows to resolve issues with OpenJDK17 and later [#1009](https://github.com/sandboxie-plus/Sandboxie/issues/1009)  [#1520](https://github.com/sandboxie-plus/Sandboxie/issues/1520) [#1521](https://github.com/sandboxie-plus/Sandboxie/issues/1521)

 ### Changed
 - reworked breakout mechanism to be service based and not allowing the parent process to access the broken out child process
@ -29,8 +30,8 @@ This project adheres to [Semantic Versioning](http://semver.org/).
 - fixed issues with sysnative directory [#1403](https://github.com/sandboxie-plus/Sandboxie/issues/1403)
 - fixed issue with starting SandMan when running sandboxed from context menu [#1579](https://github.com/sandboxie-plus/Sandboxie/issues/1579)
 - fixed dark mode flash issue with main window creation [#1231](https://github.com/sandboxie-plus/Sandboxie/issues/1231#issuecomment-1024469681)
- fixed issues with snapshot error handling
-
+- fixed issues with snapshot error handling [#350](https://github.com/sandboxie-plus/Sandboxie/issues/350)
+- fixed issues with the always on top option



--- a/Sandboxie/common/my_wsa.h
+++ b/Sandboxie/common/my_wsa.h
@ -42,6 +42,7 @@

 #define WSA_IO_PENDING          (ERROR_IO_PENDING)

+#define AF_UNIX                 1               /* unix socket available since windows build 17063 */
 #define AF_INET                 2               /* internetwork: UDP, TCP, etc. */
 #define AF_INET6                23              /* internetwork v6: UDP, TCP, etc. */
 #define SOCKET                  ULONG_PTR
@ -95,11 +96,16 @@ typedef struct sockaddr_in6 {
    ULONG  sin6_flowinfo;       // IPv6 flow information.
    IN6_ADDR sin6_addr;         // IPv6 address.
    union {
-        ULONG sin6_scope_id;     // Set of interfaces for a scope.
+        ULONG sin6_scope_id;    // Set of interfaces for a scope.
        SCOPE_ID sin6_scope_struct;
    };
 } SOCKADDR_IN6_LH, *PSOCKADDR_IN6_LH, FAR *LPSOCKADDR_IN6_LH;

+typedef struct sockaddr_un {
+    ADDRESS_FAMILY  family;     // AF_UNIX
+    char            path[1];    // Pathname
+} SOCKADDR_UN;
+
 typedef void (*PIPFORWARD_CHANGE_CALLBACK)
    (void *CallerContext, void *Row, ULONG NotificationType);

--- a/Sandboxie/core/dll/file.c
+++ b/Sandboxie/core/dll/file.c
@ -258,7 +258,7 @@ static NTSTATUS File_SetAttributes(
    HANDLE FileHandle, const WCHAR *CopyPath,
    FILE_BASIC_INFORMATION *Information);

-static NTSTATUS File_SetDisposition(
+NTSTATUS File_SetDisposition(
    HANDLE FileHandle, IO_STATUS_BLOCK *IoStatusBlock,
    void *FileInformation, ULONG Length, FILE_INFORMATION_CLASS FileInformationClass);

--- a/Sandboxie/core/dll/file_pipe.c
+++ b/Sandboxie/core/dll/file_pipe.c
@ -1356,6 +1356,8 @@ _FX NTSTATUS File_NtDeviceIoControlFile(
    OUT PVOID OutputBuffer OPTIONAL,
    IN ULONG OutputBufferLength)
 {
+    NTSTATUS status;
+
    //
    // check if this is an IOCTL that we want to deny
    //
@ -1366,7 +1368,6 @@ _FX NTSTATUS File_NtDeviceIoControlFile(
        ULONG LastError;
        THREAD_DATA *TlsData = Dll_GetTlsData(&LastError);

-        NTSTATUS status;
        WCHAR *TruePath;
        WCHAR *CopyPath;

@ -1411,8 +1412,10 @@ _FX NTSTATUS File_NtDeviceIoControlFile(
    // otherwise
    //

-    return __sys_NtDeviceIoControlFile(
+    status = __sys_NtDeviceIoControlFile(
        FileHandle, Event, ApcRoutine, ApcContext, IoStatusBlock,
        IoControlCode, InputBuffer, InputBufferLength,
        OutputBuffer, OutputBufferLength);
+
+    return status;
 }
--- a/Sandboxie/core/dll/net.c
+++ b/Sandboxie/core/dll/net.c
@ -80,10 +80,10 @@ static SOCKET WSA_WSASocketW(
    unsigned int        g,
    DWORD               dwFlags);

-/*static int WSA_bind(
+static int WSA_bind(
    SOCKET         s,
    const void     *name,
-    int            namelen);*/
+    int            namelen);

 static int WSA_connect(
    SOCKET         s,
@ -300,7 +300,7 @@ static P_WSANSPIoctl        __sys_WSANSPIoctl       = NULL;

 static P_WSASocketW         __sys_WSASocketW        = NULL;

-//static P_bind               __sys_bind              = NULL;
+static P_bind               __sys_bind              = NULL;

 static P_connect            __sys_connect           = NULL;
 static P_WSAConnect         __sys_WSAConnect        = NULL;
@ -464,17 +464,103 @@ static SOCKET WSA_WSASocketW(
 }


+//---------------------------------------------------------------------------
+// WSA_HandleAfUnix
+//---------------------------------------------------------------------------
+
+
+_FX BOOLEAN WSA_HandleAfUnix(const short** paddr, int* paddrlen)
+{
+    if (!(*paddrlen >= sizeof(SOCKADDR_UN) && *paddr && (*paddr)[0] == AF_UNIX))
+        return FALSE; // not AF_UNIX nothing to do
+
+    BOOLEAN ret = FALSE;
+    HANDLE handle = INVALID_HANDLE_VALUE;
+    WCHAR* path = NULL;
+
+    //
+    // use create file to get the proper sandboxed file path, take care of resource access settings 
+    // and encure a box path exists if needed
+    //
+
+    handle = CreateFileA(((SOCKADDR_UN*)*paddr)->path, GENERIC_WRITE, FILE_SHARE_READ, NULL, OPEN_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL);
+    DWORD err = GetLastError();
+    if (handle == INVALID_HANDLE_VALUE)
+        goto finish;
+    
+    //
+    // if the file was created we need to delete it again
+    //
+
+    if (err == 0) { // != ERROR_ALREADY_EXISTS
+        
+        NTSTATUS File_SetDisposition(
+            HANDLE FileHandle, IO_STATUS_BLOCK * IoStatusBlock,
+            void* FileInformation, ULONG Length, FILE_INFORMATION_CLASS FileInformationClass);
+
+        IO_STATUS_BLOCK Iosb;
+        FILE_DISPOSITION_INFORMATION fdi;
+        fdi.DeleteFileOnClose = TRUE;
+        File_SetDisposition(handle, &Iosb, &fdi, sizeof(FILE_DISPOSITION_INFORMATION), FileDispositionInformation);
+    }
+
+    //
+    // get the path form the handle and translate it to Dos
+    //
+
+    path = Dll_Alloc(sizeof(WCHAR) * 8192);
+
+    BOOLEAN IsBoxedPath;
+    NTSTATUS status = SbieDll_GetHandlePath(handle, path, &IsBoxedPath);
+    if (!NT_SUCCESS(status))
+        goto finish;
+
+    if (!SbieDll_TranslateNtToDosPath(path))
+        goto finish;
+    
+    //
+    // create a new addr with the new path
+    //
+
+    ULONG len = wcslen(path) * 2;
+    *paddr = Dll_Alloc(sizeof(SOCKADDR_UN) + len);
+
+    SOCKADDR_UN* un_addr = (SOCKADDR_UN*)*paddr;
+    un_addr->family = AF_UNIX;
+
+    len = WideCharToMultiByte(CP_ACP, 0, path, wcslen(path) + 1, un_addr->path, len, NULL, NULL);
+
+    *paddrlen = sizeof(SOCKADDR_UN) + len;
+
+    ret = TRUE;
+
+finish:
+    if (handle != INVALID_HANDLE_VALUE) 
+        NtClose(handle);
+    if (path)
+        Dll_Free(path);
+
+    return ret;
+}
+
+
 //---------------------------------------------------------------------------
 // WSA_bind
 //---------------------------------------------------------------------------

-/*_FX int WSA_bind(
+_FX int WSA_bind(
    SOCKET         s,
    const void     *name,
    int            namelen)
 {
-    return __sys_bind(s, name, namelen);
-}*/
+    BOOLEAN new_name = WSA_HandleAfUnix(&name, &namelen);
+
+    int ret = __sys_bind(s, name, namelen);
+
+    if (new_name) Dll_Free((void*)name);
+
+    return ret;
+}


 //---------------------------------------------------------------------------
@ -544,7 +630,14 @@ _FX int WSA_connect(
 {
    if (WSA_IsBlockedTraffic(name, namelen, IPPROTO_TCP))
        return SOCKET_ERROR;
-    return __sys_connect(s, name, namelen);
+
+    BOOLEAN new_name = WSA_HandleAfUnix(&name, &namelen);
+
+    int ret = __sys_connect(s, name, namelen);
+
+    if (new_name) Dll_Free((void*)name);
+
+    return ret;
 }


@ -564,8 +657,15 @@ _FX int WSA_WSAConnect(
 {
    if (WSA_IsBlockedTraffic(name, namelen, IPPROTO_TCP))
        return SOCKET_ERROR;
-    return __sys_WSAConnect(
+
+    BOOLEAN new_name = WSA_HandleAfUnix(&name, &namelen);
+
+    int ret = __sys_WSAConnect(
        s, name, namelen, lpCallerData, lpCalleeData, lpSQOS, lpGQOS);
+
+    if (new_name) Dll_Free((void*)name);
+
+    return ret;
 }


@ -585,8 +685,15 @@ _FX int WSA_ConnectEx(
 {
    if (WSA_IsBlockedTraffic(name, namelen, IPPROTO_TCP))
        return SOCKET_ERROR;
-    return __sys_ConnectEx(
+
+    BOOLEAN new_name = WSA_HandleAfUnix(&name, &namelen);
+
+    int ret = __sys_ConnectEx(
        s, name, namelen, lpSendBuffer, dwSendDataLength, lpdwBytesSent, lpOverlapped);
+
+    if (new_name) Dll_Free((void*)name);
+
+    return ret;
 }

 /*
@ -789,7 +896,7 @@ _FX BOOLEAN WSA_Init(HMODULE module)

    P_WSASocketW        WSASocketW;

-    //P_bind              bind;
+    P_bind              bind;

    P_connect           connect;
    P_WSAConnect        WSAConnect;
@ -813,10 +920,10 @@ _FX BOOLEAN WSA_Init(HMODULE module)
    }


-    /*bind = (P_WSANSPIoctl)GetProcAddress(module, "bind");
+    bind = (P_bind)GetProcAddress(module, "bind");
    if (bind) {
        SBIEDLL_HOOK(WSA_,bind);
-    }*/
+    }


    //
--- a/SandboxiePlus/SandMan/SandMan.cpp
+++ b/SandboxiePlus/SandMan/SandMan.cpp
@ -1896,9 +1896,9 @@ void CSandMan::CheckResults(QList<SB_STATUS> Results)
 	}

 	if (Errors.count() == 1)
-		QMessageBox::warning(NULL, tr("Sandboxie-Plus - Error"), Errors.first());
+		QMessageBox::warning(theGUI, tr("Sandboxie-Plus - Error"), Errors.first());
 	else if (Errors.count() > 1) {
-		CMultiErrorDialog Dialog(tr("Operation failed for %1 item(s).").arg(Errors.size()), Errors);
+		CMultiErrorDialog Dialog(tr("Operation failed for %1 item(s).").arg(Errors.size()), Errors, theGUI);
 		Dialog.exec();
 	}
 }