Our application is based on Qt4.8.4 that supports openSSL. Currently we are using openSSL1.0.0d. We would like to go for windows app certification/Microsoft client logo certification. One of the requirements for this is running a tool called Application Verifier that comes along with the certification kit. When the application is ran under this tool with luaPriv(UAC) related tests, 2 errors related to UAC were thrown. This basically tests when the user runs application with LUA priviliges(as standard user). The stack trace is as following:
*Error 1:* -<avrf:logEntry Severity="Error" StopCode="0x331B" LayerName="LuaPriv" Time="2014-01-23 : 10:57:12"><avrf:message>Access was restricted to trusted users only.</avrf:message><avrf:formatmessage>*CreateFileW: File (\Device\NamedPipe\srvsvc) only grants requested 'FILE_APPEND_DATA' to 'NT AUTHORITY\SYSTEM'*</avrf:formatmessage><avrf:parameter1>7fefafb35b4 - Object Type</avrf:parameter1><avrf:parameter2>43cd0d0 - Object Name</avrf:parameter2><avrf:parameter3>4 - Access Mask</avrf:parameter3><avrf:parameter4>43cbd00 - String SID</avrf:parameter4>-<avrf:stackTrace><avrf:trace>vfluapriv!+7fefafb8714 ( @ 0)</avrf:trace><avrf:trace>vfluapriv!+7fefafb88d2 ( @ 0)</avrf:trace><avrf:trace>vfluapriv!+7fefafb8d20 ( @ 0)</avrf:trace><avrf:trace>vfluapriv!+7fefafb8e99 ( @ 0)</avrf:trace><avrf:trace>vfluapriv!+7fefafb93ca ( @ 0)</avrf:trace><avrf:trace>vfluapriv!+7fefafb95f9 ( @ 0)</avrf:trace><avrf:trace>vfluapriv!+7fefafbf6c7 ( @ 0)</avrf:trace><avrf:trace>RPCRT4!NdrClientInitialize+1336 ( @ 0)</avrf:trace><avrf:trace>RPCRT4!NdrClientInitialize+2ced ( @ 0)</avrf:trace><avrf:trace>RPCRT4!NdrClientInitialize+28e6 ( @ 0)</avrf:trace><avrf:trace>RPCRT4!NdrClientInitialize+2726 ( @ 0)</avrf:trace><avrf:trace>RPCRT4!NdrClientInitialize+2648 ( @ 0)</avrf:trace><avrf:trace>RPCRT4!I_RpcTransConnectionReallocPacket+3900 ( @ 0)</avrf:trace><avrf:trace>RPCRT4!I_RpcTransConnectionReallocPacket+3780 ( @ 0)</avrf:trace><avrf:trace>RPCRT4!I_RpcNegotiateTransferSyntax+ab ( @ 0)</avrf:trace><avrf:trace>RPCRT4!Ndr64AsyncClientCall+a23 ( @ 0)</avrf:trace><avrf:trace>RPCRT4!Ndr64AsyncClientCall+c9b ( @ 0)</avrf:trace><avrf:trace>RPCRT4!NdrClientCall3+f5 ( @ 0)</avrf:trace><avrf:trace>srvcli!NetServerStatisticsGet+5d ( @ 0)</avrf:trace><avrf:trace>NETAPI32!NetStatisticsGet+78 ( @ 0)</avrf:trace><avrf:trace>LIBEAY32!EVP_EncodeBlock+11e (d:\poc\openssl-1.0.0d\crypto\evp\encode.c @ 221)</avrf:trace><avrf:trace>LIBEAY32!OBJ_obj2txt+2df (d:\poc\openssl-1.0.0d\crypto\objects\obj_dat.c @ 597)</avrf:trace><avrf:trace>QtNetwork4!QSslSocket::defaultCaCertificates+1ab7 ( @ 0)</avrf:trace><avrf:trace>QtNetwork4!QSslSocket::defaultCaCertificates+4719 ( @ 0)</avrf:trace><avrf:trace>QtNetwork4!QSslSocket::readData+a93 ( @ 0)</avrf:trace><avrf:trace>QtNetwork4!QSslConfiguration::defaultConfiguration+16 ( @ 0)</avrf:trace><avrf:trace>QtNetwork4!QNetworkRequest::sslConfiguration+48 ( @ 0)</avrf:trace><avrf:trace>QtNetwork4!QNetworkAccessManager::createRequest+5b9 ( @ 0)</avrf:trace><avrf:trace>QtNetwork4!QNetworkAccessManager::get+1a ( @ 0)</avrf:trace><avrf:trace>Adoddle_Navigator!Exchanger::TestConnectionUsingProxy+27e (e:\cbim_build_system\cbim_src\cbim_17_1_from_trunk\asitecbimviewer\src\exchanger.cpp @ 75)</avrf:trace><avrf:trace>Adoddle_Navigator!loginWidget::OnSubmitClicked+b4d (e:\cbim_build_system\cbim_src\cbim_17_1_from_trunk\asitecbimviewer\src\loginwidget.cpp @ 628)</avrf:trace><avrf:trace>Adoddle_Navigator!loginWidget::loginWidget+2f6c (e:\cbim_build_system\cbim_src\cbim_17_1_from_trunk\asitecbimviewer\src\loginwidget.cpp @ 417)</avrf:trace><avrf:trace>Adoddle_Navigator!CAppStartUpWindow::CAppStartUpWindow+bfe (e:\cbim_build_system\cbim_src\cbim_17_1_from_trunk\asitecbimviewer\src\appstartupwindow.cpp @ 117)</avrf:trace><avrf:trace>Adoddle_Navigator!main+1186 (e:\cbim_build_system\cbim_src\cbim_17_1_from_trunk\asitecbimviewer\src\main.cpp @ 354)</avrf:trace><avrf:trace>Adoddle_Navigator!WinMain+149 ( @ 0)</avrf:trace><avrf:trace>Adoddle_Navigator!__tmainCRTStartup+15f (f:\dd\vctools\crt_bld\self_64_amd64\crt\src\crtexe.c @ 578)</avrf:trace><avrf:trace>KERNEL32!BaseThreadInitThunk+d ( @ 0)</avrf:trace><avrf:trace>ntdll!RtlUserThreadStart+21 ( @ 0)</avrf:trace></avrf:stackTrace></avrf:logEntry> *Error 2:* -<avrf:logEntry Severity="Error" StopCode="0x331B" LayerName="LuaPriv" Time="2014-01-23 : 10:57:12"><avrf:message>Access was restricted to trusted users only.</avrf:message><avrf:formatmessage>*CreateFileW: File (\Device\NamedPipe\wkssvc) only grants requested 'FILE_APPEND_DATA' to 'NT AUTHORITY\SYSTEM, NT AUTHORITY\NETWORK SERVICE'*</avrf:formatmessage><avrf:parameter1>7fefafb35b4 - Object Type</avrf:parameter1><avrf:parameter2>43cd0d0 - Object Name</avrf:parameter2><avrf:parameter3>4 - Access Mask</avrf:parameter3><avrf:parameter4>43cf200 - String SID</avrf:parameter4>-<avrf:stackTrace><avrf:trace>vfluapriv!+7fefafb8714 ( @ 0)</avrf:trace><avrf:trace>vfluapriv!+7fefafb88d2 ( @ 0)</avrf:trace><avrf:trace>vfluapriv!+7fefafb8d20 ( @ 0)</avrf:trace><avrf:trace>vfluapriv!+7fefafb8e99 ( @ 0)</avrf:trace><avrf:trace>vfluapriv!+7fefafb93ca ( @ 0)</avrf:trace><avrf:trace>vfluapriv!+7fefafb95f9 ( @ 0)</avrf:trace><avrf:trace>vfluapriv!+7fefafbf6c7 ( @ 0)</avrf:trace><avrf:trace>RPCRT4!NdrClientInitialize+1336 ( @ 0)</avrf:trace><avrf:trace>RPCRT4!NdrClientInitialize+2ced ( @ 0)</avrf:trace><avrf:trace>RPCRT4!NdrClientInitialize+28e6 ( @ 0)</avrf:trace><avrf:trace>RPCRT4!NdrClientInitialize+2726 ( @ 0)</avrf:trace><avrf:trace>RPCRT4!NdrClientInitialize+2648 ( @ 0)</avrf:trace><avrf:trace>RPCRT4!I_RpcTransConnectionReallocPacket+3900 ( @ 0)</avrf:trace><avrf:trace>RPCRT4!I_RpcTransConnectionReallocPacket+3780 ( @ 0)</avrf:trace><avrf:trace>RPCRT4!I_RpcNegotiateTransferSyntax+ab ( @ 0)</avrf:trace><avrf:trace>RPCRT4!Ndr64AsyncClientCall+a23 ( @ 0)</avrf:trace><avrf:trace>RPCRT4!Ndr64AsyncClientCall+c9b ( @ 0)</avrf:trace><avrf:trace>RPCRT4!NdrClientCall3+f5 ( @ 0)</avrf:trace><avrf:trace>wkscli!NetWkstaStatisticsGet+85 ( @ 0)</avrf:trace><avrf:trace>NETAPI32!NetStatisticsGet+52 ( @ 0)</avrf:trace><avrf:trace>LIBEAY32!EVP_EncodeBlock+df (d:\poc\openssl-1.0.0d\crypto\evp\encode.c @ 212)</avrf:trace><avrf:trace>LIBEAY32!OBJ_obj2txt+2df (d:\poc\openssl-1.0.0d\crypto\objects\obj_dat.c @ 597)</avrf:trace><avrf:trace>QtNetwork4!QSslSocket::defaultCaCertificates+1ab7 ( @ 0)</avrf:trace><avrf:trace>QtNetwork4!QSslSocket::defaultCaCertificates+4719 ( @ 0)</avrf:trace><avrf:trace>QtNetwork4!QSslSocket::readData+a93 ( @ 0)</avrf:trace><avrf:trace>QtNetwork4!QSslConfiguration::defaultConfiguration+16 ( @ 0)</avrf:trace><avrf:trace>QtNetwork4!QNetworkRequest::sslConfiguration+48 ( @ 0)</avrf:trace><avrf:trace>QtNetwork4!QNetworkAccessManager::createRequest+5b9 ( @ 0)</avrf:trace><avrf:trace>QtNetwork4!QNetworkAccessManager::get+1a ( @ 0)</avrf:trace><avrf:trace>Adoddle_Navigator!Exchanger::TestConnectionUsingProxy+27e (e:\cbim_build_system\cbim_src\cbim_17_1_from_trunk\asitecbimviewer\src\exchanger.cpp @ 75)</avrf:trace><avrf:trace>Adoddle_Navigator!loginWidget::OnSubmitClicked+b4d (e:\cbim_build_system\cbim_src\cbim_17_1_from_trunk\asitecbimviewer\src\loginwidget.cpp @ 628)</avrf:trace><avrf:trace>Adoddle_Navigator!loginWidget::loginWidget+2f6c (e:\cbim_build_system\cbim_src\cbim_17_1_from_trunk\asitecbimviewer\src\loginwidget.cpp @ 417)</avrf:trace><avrf:trace>Adoddle_Navigator!CAppStartUpWindow::CAppStartUpWindow+bfe (e:\cbim_build_system\cbim_src\cbim_17_1_from_trunk\asitecbimviewer\src\appstartupwindow.cpp @ 117)</avrf:trace><avrf:trace>Adoddle_Navigator!main+1186 (e:\cbim_build_system\cbim_src\cbim_17_1_from_trunk\asitecbimviewer\src\main.cpp @ 354)</avrf:trace><avrf:trace>Adoddle_Navigator!WinMain+149 ( @ 0)</avrf:trace><avrf:trace>Adoddle_Navigator!__tmainCRTStartup+15f (f:\dd\vctools\crt_bld\self_64_amd64\crt\src\crtexe.c @ 578)</avrf:trace><avrf:trace>KERNEL32!BaseThreadInitThunk+d ( @ 0)</avrf:trace><avrf:trace>ntdll!RtlUserThreadStart+21 ( @ 0)</avrf:trace></avrf:stackTrace></avrf:logEntry> After going through the openssl code, root cause maybe use of LanmanServer and LanmanWorkstation services in netstatisticsget call as since windows vista they have UAC concept coming in. So this would probably be a session 0 violation related issue . Any idea if there is/can any other reason(s) and any way to get over these errors. Any kind of help is highly appreciated. Thanks in advance. -- View this message in context: http://openssl.6102.n7.nabble.com/UAC-related-errors-on-windows-7-64-bit-with-Application-Verifier-tp48377.html Sent from the OpenSSL - User mailing list archive at Nabble.com. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [email protected] Automated List Manager [email protected]
