static NamedPipeServerStream CreateServerStream()
{
var user = WindowsIdentity.GetCurrent().User;
var security = new PipeSecurity();
security.AddAccessRule( new PipeAccessRule( user, PipeAccessRights.FullControl, AccessControlType.Allow ) );
security.SetOwner( user );
security.SetGroup( user );
IncrementServers();
try
{
return new NamedPipeServerStream(
ProtocolConstants.PipeName,
PipeDirection.InOut,
20,
PipeTransmissionMode.Byte,
PipeOptions.Asynchronous,
CommandLineLength,
CommandLineLength,
security );
}
catch ( Exception )
{
DecrementServers();
throw;
}
}
// This overload is used in Mono to implement public constructors.
private void Create(string pipeName, PipeDirection direction, int maxNumberOfServerInstances,
PipeTransmissionMode transmissionMode, PipeOptions options, int inBufferSize, int outBufferSize,
PipeSecurity?pipeSecurity, HandleInheritability inheritability, PipeAccessRights additionalAccessRights)
{
Debug.Assert(pipeName != null && pipeName.Length != 0, "fullPipeName is null or empty");
Debug.Assert(direction >= PipeDirection.In && direction <= PipeDirection.InOut, "invalid pipe direction");
Debug.Assert(inBufferSize >= 0, "inBufferSize is negative");
Debug.Assert(outBufferSize >= 0, "outBufferSize is negative");
Debug.Assert((maxNumberOfServerInstances >= 1 && maxNumberOfServerInstances <= 254) || (maxNumberOfServerInstances == MaxAllowedServerInstances), "maxNumberOfServerInstances is invalid");
Debug.Assert(transmissionMode >= PipeTransmissionMode.Byte && transmissionMode <= PipeTransmissionMode.Message, "transmissionMode is out of range");
string fullPipeName = Path.GetFullPath(@"\\.\pipe\" + pipeName);
// Make sure the pipe name isn't one of our reserved names for anonymous pipes.
if (string.Equals(fullPipeName, @"\\.\pipe\anonymous", StringComparison.OrdinalIgnoreCase))
{
throw new ArgumentOutOfRangeException(nameof(pipeName), SR.ArgumentOutOfRange_AnonymousReserved);
}
if (IsCurrentUserOnly)
{
Debug.Assert(pipeSecurity == null);
using (WindowsIdentity currentIdentity = WindowsIdentity.GetCurrent())
{
SecurityIdentifier identifier = currentIdentity.Owner !;
// Grant full control to the owner so multiple servers can be opened.
// Full control is the default per MSDN docs for CreateNamedPipe.
PipeAccessRule rule = new PipeAccessRule(identifier, PipeAccessRights.FullControl, AccessControlType.Allow);
pipeSecurity = new PipeSecurity();
pipeSecurity.AddAccessRule(rule);
pipeSecurity.SetOwner(identifier);
}
// PipeOptions.CurrentUserOnly is special since it doesn't match directly to a corresponding Win32 valid flag.
// Remove it, while keeping others untouched since historically this has been used as a way to pass flags to CreateNamedPipe
// that were not defined in the enumeration.
options &= ~PipeOptions.CurrentUserOnly;
}
int openMode = ((int)direction) |
(maxNumberOfServerInstances == 1 ? Interop.Kernel32.FileOperations.FILE_FLAG_FIRST_PIPE_INSTANCE : 0) |
(int)options |
(int)additionalAccessRights;
// We automatically set the ReadMode to match the TransmissionMode.
int pipeModes = (int)transmissionMode << 2 | (int)transmissionMode << 1;
// Convert -1 to 255 to match win32 (we asserted that it is between -1 and 254).
if (maxNumberOfServerInstances == MaxAllowedServerInstances)
{
maxNumberOfServerInstances = 255;
}
GCHandle pinningHandle = default;
try
{
Interop.Kernel32.SECURITY_ATTRIBUTES secAttrs = GetSecAttrs(inheritability, pipeSecurity, ref pinningHandle);
SafePipeHandle handle = Interop.Kernel32.CreateNamedPipe(fullPipeName, openMode, pipeModes,
maxNumberOfServerInstances, outBufferSize, inBufferSize, 0, ref secAttrs);
if (handle.IsInvalid)
{
throw Win32Marshal.GetExceptionForLastWin32Error();
}
InitializeHandle(handle, false, (options & PipeOptions.Asynchronous) != 0);
}
finally
{
if (pinningHandle.IsAllocated)
{
pinningHandle.Free();
}
}
}
/// <summary>
/// Instantiates an endpoint to act as a client
/// </summary>
/// <param name="pipeName">The name of the pipe to which we should connect.</param>
internal void InternalConstruct(string pipeName)
{
ErrorUtilities.VerifyThrowArgumentLength(pipeName, "pipeName");
_debugCommunications = (Environment.GetEnvironmentVariable("MSBUILDDEBUGCOMM") == "1");
_status = LinkStatus.Inactive;
_asyncDataMonitor = new object();
_sharedReadBuffer = InterningBinaryReader.CreateSharedBuffer();
SecurityIdentifier identifier = WindowsIdentity.GetCurrent().Owner;
PipeSecurity security = new PipeSecurity();
// Restrict access to just this account. We set the owner specifically here, and on the
// pipe client side they will check the owner against this one - they must have identical
// SIDs or the client will reject this server. This is used to avoid attacks where a
// hacked server creates a less restricted pipe in an attempt to lure us into using it and
// then sending build requests to the real pipe client (which is the MSBuild Build Manager.)
PipeAccessRule rule = new PipeAccessRule(identifier, PipeAccessRights.ReadWrite, AccessControlType.Allow);
security.AddAccessRule(rule);
security.SetOwner(identifier);
_pipeServer = new NamedPipeServerStream
(
pipeName,
PipeDirection.InOut,
1, // Only allow one connection at a time.
PipeTransmissionMode.Byte,
PipeOptions.Asynchronous | PipeOptions.WriteThrough,
PipeBufferSize, // Default input buffer
PipeBufferSize, // Default output buffer
security,
HandleInheritability.None
);
}
/// <summary>
/// Checks to see if memory is available, and if it is creates a new
/// Connection object, awaits the completion of the connection, then
/// runs <see cref="ConnectionCompleted"/> for cleanup.
/// </summary>
private async Task DispatchConnection(NamedPipeServerStream pipeStream)
{
try
{
// There is always a race between timeout and connections because
// there is no way to cancel listening on the pipe without
// closing the pipe. We immediately increment the connection
// semaphore while processing connections in order to narrow
// the race window as much as possible.
Interlocked.Increment(ref this.activeConnectionCount);
if (Environment.Is64BitProcess || MemoryHelper.IsMemoryAvailable())
{
CompilerServerLogger.Log("Memory available - accepting connection");
Connection connection = new Connection(pipeStream, handler);
await connection.ServeConnection().ConfigureAwait(false);
// The connection should be finished
ConnectionCompleted(connection);
}
else
{
CompilerServerLogger.Log("Memory tight - rejecting connection.");
// As long as we haven't written a response, the client has not
// committed to this server instance and can look elsewhere.
pipeStream.Close();
// We didn't create a connection -- decrement the semaphore
Interlocked.Decrement(ref this.activeConnectionCount);
// Start a terminate server timer if there are no active
// connections
StartTimeoutTimerIfNecessary();
}
}
catch (Exception e) if (CompilerFatalError.Report(e))
{
throw ExceptionUtilities.Unreachable;
}
}
/// <summary>
/// Create an instance of the pipe. This might be the first instance, or a subsequent instance.
/// There always needs to be an instance of the pipe created to listen for a new client connection.
/// </summary>
/// <returns>The pipe instance, or NULL if the pipe couldn't be created..</returns>
private NamedPipeServerStream ConstructPipe()
{
// Add the process ID onto the pipe name so each process gets a unique pipe name.
// The client must user this algorithm too to connect.
string pipeName = basePipeName + Process.GetCurrentProcess().Id.ToString();
try
{
CompilerServerLogger.Log("Constructing pipe '{0}'.", pipeName);
SecurityIdentifier identifier = WindowsIdentity.GetCurrent().Owner;
PipeSecurity security = new PipeSecurity();
// Restrict access to just this account.
PipeAccessRule rule = new PipeAccessRule(identifier, PipeAccessRights.ReadWrite | PipeAccessRights.CreateNewInstance, AccessControlType.Allow);
security.AddAccessRule(rule);
security.SetOwner(identifier);
NamedPipeServerStream pipeStream = new NamedPipeServerStream(
pipeName,
PipeDirection.InOut,
NamedPipeServerStream.MaxAllowedServerInstances, // Maximum connections.
PipeTransmissionMode.Byte,
PipeOptions.Asynchronous | PipeOptions.WriteThrough,
PipeBufferSize, // Default input buffer
PipeBufferSize, // Default output buffer
security,
HandleInheritability.None);
CompilerServerLogger.Log("Successfully constructed pipe '{0}'.", pipeName);
return pipeStream;
}
catch (Exception e)
{
// Windows may not create the pipe for a number of reasons.
CompilerServerLogger.LogException(e, string.Format("Construction of pipe '{0}' failed", pipeName));
return null;
}
}
/// <summary>
/// Create an instance of the pipe. This might be the first instance, or a subsequent instance.
/// There always needs to be an instance of the pipe created to listen for a new client connection.
/// </summary>
/// <returns>The pipe instance or throws an exception.</returns>
private NamedPipeServerStream ConstructPipe(string pipeName)
{
CompilerServerLogger.Log("Constructing pipe '{0}'.", pipeName);
SecurityIdentifier identifier = WindowsIdentity.GetCurrent().Owner;
PipeSecurity security = new PipeSecurity();
// Restrict access to just this account.
PipeAccessRule rule = new PipeAccessRule(identifier, PipeAccessRights.ReadWrite | PipeAccessRights.CreateNewInstance, AccessControlType.Allow);
security.AddAccessRule(rule);
security.SetOwner(identifier);
NamedPipeServerStream pipeStream = new NamedPipeServerStream(
pipeName,
PipeDirection.InOut,
NamedPipeServerStream.MaxAllowedServerInstances, // Maximum connections.
PipeTransmissionMode.Byte,
PipeOptions.Asynchronous | PipeOptions.WriteThrough,
PipeBufferSize, // Default input buffer
PipeBufferSize, // Default output buffer
security,
HandleInheritability.None);
CompilerServerLogger.Log("Successfully constructed pipe '{0}'.", pipeName);
return pipeStream;
}