堆栈内存溢出
  简体   繁体   English

IIS下的Windows命名管道ACL

[英]Windows Named-Pipe ACL under IIS

 原文  2009-03-27 04:23:57       c++/ windows/ iis/ named-pipes

问题描述

I am trying to connect a CGI process to my windows service with a named pipe. 我正在尝试使用命名管道将CGI进程连接到Windows服务。 My code runs fine using another server on my development machine, but on IIS there are security issues when I call CreateFile() in the CGI process. 我的代码可以在开发计算机上使用其他服务器正常运行,但是在IIS上,当我在CGI进程中调用CreateFile()时,存在安全问题。

The Windows service is the Named Pipe Server and so the CGI process is trying to connect to that named pipe as a client. Windows服务是命名管道服务器,因此CGI进程正尝试以客户端身份连接到该命名管道。

I have dug up some code that creates a Global security descriptor with the flag SECURITY_WORLD_SID_AUTHORITY by calling: 我通过调用以下代码挖掘了一些创建带有标志SECURITY_WORLD_SID_AUTHORITY的全局安全描述符的代码: 

  InitializeAcl()
  AddAccessAllowedAce()
  SetSecurityDescriptorDacl()

But I dont really understand the concept. 但是我真的不明白这个概念。 I am assuming that the Pipe Server CreateNamedPipe() must be called with this ACL in the SECURITY_ATTRIBUTES structure but what about the Named Pipe client? 我假设必须在SECURITY_ATTRIBUTES结构中使用此ACL调用管道服务器CreateNamedPipe(),但是命名管道客户端又如何呢?

Do I create another Global security descriptor and call CreateFile() with that? 我是否要创建另一个全局安全描述符并使用它调用CreateFile()?

Do I inherit it with 我可以继承吗 

 SecurityAttributes.bInheritHandle   = TRUE;

Do I just pass Null in the CreateFile() call? 我是否只在CreateFile()调用中传递Null?

1 个解决方案

解决方案1
 1 已采纳  

Since the pipe is created by the server, only the server needs to specify the ACL, the client uses NULL for the ACL. 由于管道是由服务器创建的,因此只有服务器需要指定ACL,客户端将NULL用作ACL。

Inheritance only applies if the named pipe is created in one process and that processes creates a new process in which you want that spawned process to have direct access to the handle (it doesn't reopen the handle, rather it gets the value some other way, like a command line). 仅当在一个进程中创建了命名管道并且该进程创建一个新进程时,继承才适用。在该进程中,您希望生成的进程可以直接访问该句柄(它不会重新打开该句柄,而是以其他方式获取值) ,例如命令行)。

You can use the Process Explorer on sysinternals to view named pipes open in a process and then look at the ACL. 您可以在sysinternals上使用Process Explorer来查看在进程中打开的命名管道,然后查看ACL。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 命名管道读取超时 - Named-pipe reading timeout Linux中的Windows命名管道支持 - Windows Named Pipe Support in Linux Windows:检查命名 pipe 的存在 - Windows: Check existence of named pipe 无法在Vista下重新创建命名管道 - Cannot recreate named pipe under vista Windows 上的命名管道文件存储在哪里? - Where on Windows a named pipe file is stored? 打破 ReadFile() 阻塞 - 命名管道 (Windows API) - Breaking ReadFile() blocking - Named Pipe (Windows API) 是否有等效于 Windows 命名管道的 Mac OS X - Is there a Mac OS X equivalent of Windows' named pipe 命名管道消息无法通过(Windows / C ++) - Named Pipe messages not getting through (Windows / C++) Windows服务中的多线程命名管道会锁定客户端 - Multi-threaded named pipe in a Windows service locks up clients 未收到C ++ Windows Asynch IO命名管道优先消息 - C++ Windows Asynch IO Named Pipe first message not received
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM