Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

msmq:MessageQueuePermission are not applied #8902

Open
1 task done
MBroholmA opened this issue Jan 16, 2025 · 7 comments · May be fixed by wixtoolset/wix#592
Open
1 task done

msmq:MessageQueuePermission are not applied #8902

MBroholmA opened this issue Jan 16, 2025 · 7 comments · May be fixed by wixtoolset/wix#592
Assignees
@bevanweiss @MBroholmA
Labels
extensions
Milestone
v6.0.0-rc.1

Comments

@MBroholmA
Copy link

MBroholmA commented Jan 16, 2025
edited
Loading

WiX Version

5.0.1

.NET or MSBuild or Visual Studio Version

Visual Studio 17.12.4

HeatWave Version

1.0.4

Windows Version

Win10 22H2

Repro Repo

No response

Repro Steps

  1. The issue here is still at play Package with MSMQ custom action fails to install #8628. The following depends on a version of wix with that fix.
  2. Make an installer based on a default project with this content:
<Wix xmlns="http://wixtoolset.org/schemas/v4/wxs" xmlns:msmq="http://wixtoolset.org/schemas/v4/wxs/msmq" xmlns:util="http://wixtoolset.org/schemas/v4/wxs/util">
  <Package Name="MSMQPerm" Manufacturer="TODO Manufacturer" Version="1.0.0.0" UpgradeCode="ef8f73fd-95da-46b1-83cf-70fb0646ec13">

    <MediaTemplate EmbedCab="yes" />
    <MajorUpgrade DowngradeErrorMessage="!(loc.DowngradeError)" />

    <Feature Id="Main">
      <ComponentGroupRef Id="ExampleComponents" />
    </Feature>

    <StandardDirectory Id="ProgramFiles6432Folder">
      <Directory Id="INSTALLFOLDER" Name="!(bind.Property.Manufacturer) !(bind.Property.ProductName)" />
    </StandardDirectory>

    <util:Group Id="Everyone" Name="Everyone" />

    <ComponentGroup Id="ExampleComponents" Directory="INSTALLFOLDER">
      <Component>
        <File Source="Package.wxs" />
        <msmq:MessageQueue Id="ExampleQueue" PathName=".\private$\example-queue" Label="Example Queue" Transactional="yes" >
          <msmq:MessageQueuePermission Id="ExampleQueue_Everyone" GetQueueProperties="yes" GetQueuePermissions="yes" Group="Everyone" />
        </msmq:MessageQueue>
      </Component>
    </ComponentGroup>

  </Package>
</Wix>
  1. Install this on a machine/VM with the MSMQ feature installed

Actual Result

Check "Computer Management" -> "Services and Applications" -> "Message Queuing" -> "Private Queues" -> "example-queue" -> right click -> Properties -> Security.

The permissions for Everyone are not applied.

Expected Result

I expected Everyone to have the access specified.

The bug is in msqueueshed.cpp

The 2 SQL permission queries at the top of mqqueuesched.cpp are missing the 'Wix4' prefix for the Component_ column so it never reads any permissions and will always leave the queue with default Administrator permissions.

It doesn't complain about this error as far as I could see. I think it should fail the CA with an invalid syntax error.

I searched for this pattern and the same bug is in cpapprolesched.cpp (vcsUserInApplicationRoleQuery, vcsGroupInApplicationRoleQuery)

Acknowledgements

  • I acknowledge that this is a fully completed bug report. It is not a question or attempt to get help debugging my issue (because those should be sent to Discussions).
@MBroholmA
Copy link
Author

I'd be happy to contribute a PR with a fix

@barnson
Copy link
Member

barnson commented Jan 16, 2025

Good eye. But I don't see the same problem in ComPlus\ca\cpapprolesched.cpp. The Component_ column names don't have prefixes, just the table names.

@MBroholmA
Copy link
Author

Sorry - I was looking at an older version of cpapprolesched.cpp. It was fixed here

@bevanweiss
Copy link

I've got a PR for this almost ready to go.
Just looking at the decompiler aspect also.

I had a quick look through other tables, and couldn't find any more similar issues. But they are quite tricky to do a full search for.

@MBroholmA
Copy link
Author

I made this branch but haven't had the access to test it yet. Feel free to take what you need. I also found a small thing in mqsched.cpp that I think should be included

@MBroholmA
Copy link
Author

I'm out of town this weekend so I won't have the time to submit anything until next week anyway

@bevanweiss
Copy link

I made this branch but haven't had the access to test it yet. Feel free to take what you need. I also found a small thing in mqsched.cpp that I think should be included

I'll pull in the cost change.
The E2E test I think will have an issue because of the System.Messaging reference, I think that's a .NET Framework only item, so isn't applicable to .NET Standard 2.0+ or .NET Core... from my previous quick look into it, it would essentially need to be P/Invoke magic to get the same thing under .NET Core.

I'll add in a basic compile unit test to validate that the right tables and contents are being populated.

bevanweiss added a commit to bevanweiss/wix that referenced this issue Jan 18, 2025
@bevanweiss
Fix up missing 'Wix4' prefixes on MSQM Permission tables.
4e3c678 
And updated decompiler to Wix4 table names etc in line with firewall CA.

Fixes wixtoolset/issues#8902

Signed-off-by: Bevan Weiss <[email protected]>
bevanweiss added a commit to bevanweiss/wix that referenced this issue Jan 18, 2025
@bevanweiss
Fix up missing 'Wix4' prefixes on MSMQ Permission tables.
7bfb29f 
And updated decompiler to Wix4 table names etc in line with firewall CA.

Fixes wixtoolset/issues#8902

Signed-off-by: Bevan Weiss <[email protected]>
@bevanweiss bevanweiss linked a pull request Jan 18, 2025 that will close this issue
Open
@barnson barnson added this to the v6.0.0-rc.1 milestone Jan 21, 2025
@barnson barnson added extensions and removed triage labels Jan 21, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@bevanweiss bevanweiss

@MBroholmA MBroholmA

Labels
extensions
Projects
None yet
Milestone
v6.0.0-rc.1
Development

Successfully merging a pull request may close this issue.

Fix up missing 'Wix4' prefixes on MSMQ Permission tables. bevanweiss/wix
3 participants
@barnson @bevanweiss @MBroholmA