我需要创建一个命名管道用于客户端和服务器之间的通信(在同一主机中),这是代码:
WCHAR wszPipeName[MAX_FILE_LENGTH];
swprintf_s(wszPipeName, MAX_FILE_LENGTH, L"\\\\.\\pipe\\TEST%d", uniqueID);
pipe = CreateNamedPipe(
wszPipeName, // name of the pipe
PIPE_ACCESS_DUPLEX,
PIPE_TYPE_MESSAGE | PIPE_READMODE_MESSAGE | PIPE_NOWAIT,
1,
MAX_MSG_SIZE,
MAX_MSG_SIZE , //inbound buffer
MAX_READ_DATA_TIMEOUT,
NULL // use default security attributes
);
处理程序返回的始终是 INVALID_HANDLE_VAULE,并且错误是 ERROR_ACCESS_DENIED。
这里有什么问题吗?它在 Windows 7/8 上运行。
谢谢
这是Python代码,但这为本地用户设置了一个安全描述符并拒绝远程:
dacl = ACL()
# Deny NT AUTHORITY\NETWORK SID
sid = CreateWellKnownSid(WinNetworkSid)
dacl.AddAccessDeniedAce(ACL_REVISION, GENERIC_ALL, sid)
# Allow current user SID
token = OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY)
sid = GetTokenInformation(token, TokenUser)[0]
dacl.AddAccessAllowedAce(ACL_REVISION, GENERIC_READ | GENERIC_WRITE, sid)
security_descriptor = SECURITY_DESCRIPTOR()
security_descriptor.SetSecurityDescriptorDacl(True, dacl, False)
security_attributes = SECURITY_ATTRIBUTES()
security_attributes.SECURITY_DESCRIPTOR = security_descriptor
pipe = CreateNamedPipe(
<your other params here>
security_attributes
)
我有同样的问题,即使使用安全描述符并以管理员权限执行代码,我仍然收到错误 ERROR_ACCESS_DENIED。这是我的代码L。
BOOL fConnected = FALSE;
DWORD dwThreadId = 0;
HANDLE hPipe = INVALID_HANDLE_VALUE, hThread = NULL;
LPCTSTR lpszPipename = TEXT("\\\\.\\pipe\\myPipe");
DWORD dwRes, dwDisposition;
PSID pEveryoneSID = NULL, pAdminSID = NULL;
PACL pACL = NULL;
PSECURITY_DESCRIPTOR pSD = NULL;
EXPLICIT_ACCESS ea[2];
SID_IDENTIFIER_AUTHORITY SIDAuthWorld =
SECURITY_WORLD_SID_AUTHORITY;
SID_IDENTIFIER_AUTHORITY SIDAuthNT = SECURITY_NT_AUTHORITY;
SECURITY_ATTRIBUTES sa;
LONG lRes;
HKEY hkSub = NULL;
// Create a well-known SID for the Everyone group.
if (!AllocateAndInitializeSid(&SIDAuthWorld, 1,
SECURITY_WORLD_RID,
0, 0, 0, 0, 0, 0, 0,
&pEveryoneSID)) {
}
ZeroMemory(&ea, 2 * sizeof(EXPLICIT_ACCESS));
ea[0].grfAccessPermissions = KEY_ALL_ACCESS;
ea[0].grfAccessMode = SET_ACCESS;
ea[0].grfInheritance = NO_INHERITANCE;
ea[0].Trustee.TrusteeForm = TRUSTEE_IS_SID;
ea[0].Trustee.TrusteeType = TRUSTEE_IS_WELL_KNOWN_GROUP;
ea[0].Trustee.ptstrName = (LPTSTR)pEveryoneSID;
dwRes = SetEntriesInAcl(2, ea, NULL, &pACL);
pSD = (PSECURITY_DESCRIPTOR)LocalAlloc(LPTR,
SECURITY_DESCRIPTOR_MIN_LENGTH);
if (!InitializeSecurityDescriptor(pSD,
SECURITY_DESCRIPTOR_REVISION))
{
_tprintf(_T("InitializeSecurityDescriptor Error %u\n"),
GetLastError());
}
if (!SetSecurityDescriptorDacl(pSD,
TRUE, // bDaclPresent flag
pACL,
FALSE)) // not a default DACL
{
_tprintf(_T("SetSecurityDescriptorDacl Error %u\n"),
GetLastError());
}
sa.nLength = sizeof(SECURITY_ATTRIBUTES);
sa.lpSecurityDescriptor = pSD;
sa.bInheritHandle = FALSE;
hPipe = CreateNamedPipe(
lpszPipename, // pipe name
PIPE_ACCESS_DUPLEX, // read/write access
PIPE_TYPE_MESSAGE | // message type pipe
PIPE_READMODE_MESSAGE | // message-read mode
PIPE_WAIT, // blocking mode
PIPE_UNLIMITED_INSTANCES, // max. instances
512, // output buffer size
512, // input buffer size
0, // client time-out
&sa);
DWORD test;
if (hPipe == NULL || hPipe == INVALID_HANDLE_VALUE) {
test = GetLastError(); //Here I am getting ERROR_ACCESS_DENIED
}
有人知道我做错了什么吗?
找到原因了,是因为安全限制。提供合适的安全描述符后,它就可以工作了!