Hi all,
I’ve written code that opens a named pipe within a C++ application so that other programs can pass data packets in. This generally works fine, particularly if the application is running on XP or earlier, but when the application is running on Windows7 we are seeing failures when the clent end tries to open the pipe. It does not always fail but fails more often depending upon the networking environment - for example it seems to work OK when machines & users are members of the same domain but I can never seem to get it to work when the machines are part of an ad-hoc network and a user is having trouble with machines within a workgroup.
A bit of research has revealed that Win7 is much more fussy about the security information provided when creating things like pipes and I have spent some time trying to generate security settings that come closest to ‘just let anybody connect’. This has not made things much better but annoyingly the guy who showed me this example code says that when his program tries to connect to *his* pipe, a logon dialog pops up allowing him to enter a username & password and then the connection goes through. With my code I just get access denied error codes and the like - it does seem to vary a lot.
It seems clear that there is no way that I can create a pipe that just anyone can connect to, but can anybody see anything in my code below (error handling removed for legibility) that could be changed to make a successful connection easier?
PSID pEveryoneSID = NULL; // Security ID referring to everyone
SID_IDENTIFIER_AUTHORITY SIDAuthWorld = SECURITY_WORLD_SID_AUTHORITY;
// Create a well-known SID for the Everyone group
if (!AllocateAndInitializeSid(&SIDAuthWorld, 1,
SECURITY_WORLD_RID,
0, 0, 0, 0, 0, 0, 0,
&pEveryoneSID))
{
return 0;
}
// Initialize an EXPLICIT_ACCESS structure for an ACE.
// The ACE will allow Everyone full access to the pipe.
EXPLICIT_ACCESS ea;
ZeroMemory(&ea, sizeof(EXPLICIT_ACCESS));
ea.grfAccessPermissions = FILE_ALL_ACCESS;
ea.grfAccessMode = SET_ACCESS;
ea.grfInheritance = NO_INHERITANCE;
ea.Trustee.TrusteeForm = TRUSTEE_IS_SID;
ea.Trustee.TrusteeType = TRUSTEE_IS_WELL_KNOWN_GROUP;
ea.Trustee.ptstrName = (LPTSTR)pEveryoneSID;
// Create a new ACL that contains our new ACE.
PACL pACL = NULL;
DWORD dwRes = SetEntriesInAcl(1, &ea, NULL, &pACL);
if (ERROR_SUCCESS != dwRes)
{
return 0;
}
// Create and initialise a security descriptor.
PSECURITY_DESCRIPTOR pSD = NULL; // We need a security descriptor first
pSD = (PSECURITY_DESCRIPTOR)LocalAlloc(LPTR, SECURITY_DESCRIPTOR_MIN_LENGTH);
if (!pSD) // Check that this has succeeded!
{
return 0;
}
if (!InitializeSecurityDescriptor(pSD, SECURITY_DESCRIPTOR_REVISION))
{
return 0;
}
// Add the ACL to the security descriptor. Not a default as we built it.
if (!SetSecurityDescriptorDacl(pSD, TRUE, pACL, FALSE))
{
return 0;
}
// Initialize a security attributes structure to contain our security descriptor.
SECURITY_ATTRIBUTES sa;
sa.nLength = sizeof (SECURITY_ATTRIBUTES);
sa.lpSecurityDescriptor = pSD;
sa.bInheritHandle = FALSE;
g_hTMSPipe = CreateNamedPipe("\\.\Pipe\"TALK_MASTER_PIPE,
PIPE_ACCESS_DUPLEX | FILE_FLAG_OVERLAPPED,
PIPE_TYPE_MESSAGE | PIPE_READMODE_MESSAGE | PIPE_WAIT, 1,
TALK_MASTER_BSIZE, TALK_MASTER_BSIZE, 0, &sa);
All suggestions or pointers to errors gratefully received!
