我的客户使用在多个Windows版本上运行的,用c++编写的旧版软件。该软件仅限于Windows XP以来可用的API,并且使用命名管道。
例如,在Windows 10 Home上,管道完整性设置为不可信,以允许任意用户访问命名管道。 CreateNamedPipe()返回错误1314。
SECURITY_DESCRIPTOR sd;
SECURITY_ATTRIBUTES sa;
SECURITY_ATTRIBUTES *psa = NULL;
OSVERSIONINFO ovi = {0};
ovi.dwOSVersionInfoSize = sizeof(ovi);
GetVersionEx(&ovi);
if (ovi.dwMajorVersion > 5) {
// create SID S-1-16-0 (= untrusted)
int sl = 12;
char x[] = {1, 1, 0, 0, 0, 0, 0, 16, 0, 0, 0, 0};
PSID UntrustedLabelSid = x;
PACL Sacl = (PACL)alloca(sl += sizeof(ACL) + sizeof(ACE_HEADER) + sizeof(ACCESS_MASK));
InitializeAcl(Sacl, sl, ACL_REVISION);
if (AddAccessAllowedAce(Sacl, ACL_REVISION, 0, UntrustedLabelSid)) {
InitializeSecurityDescriptor(&sd, SECURITY_DESCRIPTOR_REVISION);
SetSecurityDescriptorDacl(&sd, true, NULL, false);
SetSecurityDescriptorSacl(&sd, true, Sacl, false);
sa.nLength = sizeof(sa);
sa.lpSecurityDescriptor = &sd;
sa.bInheritHandle = false;
psa = &sa;
}
}
Pipe = CreateNamedPipe(TEXT(PipeName), PIPE_ACCESS_DUPLEX,
PIPE_TYPE_MESSAGE | PIPE_READMODE_MESSAGE | PIPE_NOWAIT,
1, PipeLength, PipeLength, 10, psa);