private async Task Loop()
{
while (!_tokenSource.IsCancellationRequested)
{
try
{
PipeAccessRule rule = new(new SecurityIdentifier(WellKnownSidType.WorldSid, null), PipeAccessRights.FullControl, AccessControlType.Allow);
PipeSecurity pipeSecurity = new();
pipeSecurity.SetAccessRule(rule);
NamedPipeServerStream pipeStream = NamedPipeServerStreamAcl.Create(
_pipeName,
PipeDirection.InOut,
NamedPipeServerStream.MaxAllowedServerInstances,
PipeTransmissionMode.Message,
PipeOptions.Asynchronous,
1024,
0,
pipeSecurity);
await pipeStream.WaitForConnectionAsync(_tokenSource.Token).ConfigureAwait(false);
PipeReader reader = new(pipeStream);
reader.CommandReceived += OnReaderCommandReceived;
reader.Disconnected += OnReaderDisconnected;
_readers.Add(reader);
ClientConnected?.Invoke(this, EventArgs.Empty);
}
catch (Exception e)
{
Exception?.Invoke(this, e);
}
}
}
internal static NamedPipeServerStream NewNamedPipeServerStream(string pipeName, PipeDirection direction, int maxNumberOfServerInstances, PipeTransmissionMode transmissionMode, PipeOptions options, Func <PipeSecurity> pipeSecurity)
{
#if NET461
return(new(pipeName, direction, maxNumberOfServerInstances, transmissionMode, options, inBufferSize : 0, outBufferSize : 0, pipeSecurity()));
#elif NET5_0_WINDOWS
return(NamedPipeServerStreamAcl.Create(pipeName, direction, maxNumberOfServerInstances, transmissionMode, options, inBufferSize: 0, outBufferSize: 0, pipeSecurity()));
#else
return(new(pipeName, direction, maxNumberOfServerInstances, transmissionMode, options));
#endif
}
private NamedPipeServerStream CreateNamedPipe(
string pipeName,
PipeSecurity expectedSecurity,
PipeDirection direction = DefaultPipeDirection,
int maxNumberOfServerInstances = DefaultNumberOfServerInstances,
PipeTransmissionMode transmissionMode = DefaultPipeTransmissionMode,
PipeOptions options = DefaultPipeOptions,
int inBufferSize = DefaultBufferSize,
int outBufferSize = DefaultBufferSize,
HandleInheritability inheritability = DefaultInheritability,
PipeAccessRights additionalAccessRights = 0)
{
NamedPipeServerStream pipe = NamedPipeServerStreamAcl.Create(pipeName, direction, maxNumberOfServerInstances, transmissionMode, options, inBufferSize, outBufferSize, expectedSecurity, inheritability, additionalAccessRights);
Assert.NotNull(pipe);
return(pipe);
}
/// <summary>
/// Creates a new <see cref="NetSdkMsiInstallerServer"/> instance.
/// </summary>
/// <returns></returns>
public static NetSdkMsiInstallerServer Create()
{
if (!WindowsUtils.IsAdministrator())
{
throw new UnauthorizedAccessException(LocalizableStrings.InsufficientPrivilegeToStartServer);
}
// Best effort to verify that the server was not started indirectly or being spoofed.
if ((ParentProcess == null) || (ParentProcess.StartTime > CurrentProcess.StartTime) ||
string.IsNullOrWhiteSpace(CurrentProcess.MainModule.FileName) ||
!string.Equals(ParentProcess.MainModule.FileName, CurrentProcess.MainModule.FileName, StringComparison.OrdinalIgnoreCase))
{
throw new SecurityException(String.Format(LocalizableStrings.NoTrustWithParentPID, ParentProcess?.Id));
}
// Configure pipe DACLs
SecurityIdentifier authenticatedUserIdentifier = new SecurityIdentifier(WellKnownSidType.AuthenticatedUserSid, null);
SecurityIdentifier currentOwnerIdentifier = WindowsIdentity.GetCurrent().Owner;
PipeSecurity pipeSecurity = new();
// The current user has full control and should be running as Administrator.
pipeSecurity.SetOwner(currentOwnerIdentifier);
pipeSecurity.AddAccessRule(new PipeAccessRule(currentOwnerIdentifier, PipeAccessRights.FullControl, AccessControlType.Allow));
// Restrict read/write access to authenticated users
pipeSecurity.AddAccessRule(new PipeAccessRule(authenticatedUserIdentifier,
PipeAccessRights.Read | PipeAccessRights.Write | PipeAccessRights.Synchronize, AccessControlType.Allow));
// Initialize the named pipe for dispatching commands. The name of the pipe is based off the server PID since
// the client knows this value and ensures both processes can generate the same name.
string pipeName = WindowsUtils.CreatePipeName(CurrentProcess.Id);
NamedPipeServerStream serverPipe = NamedPipeServerStreamAcl.Create(pipeName, PipeDirection.InOut, 1, PipeTransmissionMode.Message,
PipeOptions.None, 65535, 65535, pipeSecurity);
InstallMessageDispatcher dispatcher = new(serverPipe);
// The client process will generate the actual log file. The server will log messages through a separate pipe.
string logPipeName = WindowsUtils.CreatePipeName(CurrentProcess.Id, "log");
NamedPipeServerStream logPipe = NamedPipeServerStreamAcl.Create(logPipeName, PipeDirection.InOut, 1, PipeTransmissionMode.Message,
PipeOptions.None, 65535, 65535, pipeSecurity);
PipeStreamSetupLogger logger = new(logPipe, logPipeName);
InstallServerElevationContext elevationContext = new(serverPipe);
return(new NetSdkMsiInstallerServer(elevationContext, logger));
}
private NamedPipeServerStream CreatePipeServer()
{
var pipeOptions = PipeOptions.Asynchronous;
#if NETCOREAPP || NETSTANDARD
#if !NETSTANDARD2_0
if (_options.CurrentUserOnly)
{
pipeOptions |= PipeOptions.CurrentUserOnly;
}
#endif
#if NET5_0
return(NamedPipeServerStreamAcl.Create(_pipeName,
PipeDirection.InOut,
NamedPipeServerStream.MaxAllowedServerInstances,
PipeTransmissionMode.Message,
pipeOptions,
0,
0,
_options.PipeSecurity));
#else
return(new NamedPipeServerStream(_pipeName,
PipeDirection.InOut,
NamedPipeServerStream.MaxAllowedServerInstances,
PipeTransmissionMode.Message,
pipeOptions));
#endif
#endif
#if NETFRAMEWORK
return(new NamedPipeServerStream(_pipeName,
PipeDirection.InOut,
NamedPipeServerStream.MaxAllowedServerInstances,
PipeTransmissionMode.Message,
pipeOptions,
0,
0,
_options.PipeSecurity));
#endif
}
protected override async Task ExecuteAsync(CancellationToken stoppingToken)
{
_logger.LogInformation("[worker.receiver] starting assister...");
var _pipe_secure = new PipeSecurity();
_pipe_secure.SetAccessRule(new PipeAccessRule("Everyone", PipeAccessRights.FullControl, AccessControlType.Allow));
var _pipe_server = NamedPipeServerStreamAcl.Create(
PQueue.ReceiveServerPipeName, PipeDirection.InOut,
20, PipeTransmissionMode.Message, PipeOptions.Asynchronous, 512, 512,
_pipe_secure
);
var _reader = new StreamReader(_pipe_server);
var _writer = new StreamWriter(_pipe_server);
var _response = new VmsResponse <bool>();
while (!stoppingToken.IsCancellationRequested)
{
try
{
await _pipe_server.WaitForConnectionAsync();
var _read_line = await _reader.ReadLineAsync();
var _request = JsonConvert.DeserializeObject <VmsRequest <JToken> >(_read_line);
{
_response.command = _request.command;
_response.message = "";
_response.data = true;
if (_request.command == QCommand.AnalystQ)
{
PQueue.QAnalyst.Enqueue(_read_line);
}
else if (_request.command == QCommand.ChoicerQ)
{
PQueue.QChoicer.Enqueue(_read_line);
}
else if (_request.command == QCommand.SelectorQ)
{
PQueue.QSelector.Enqueue(_read_line);
}
else if (_request.command == QCommand.WinnerQ)
{
PQueue.QWinner.Enqueue(_read_line);
}
}
}
catch (Exception ex)
{
_logger.LogError(ex, "receiver.choicer");
_response.message = ex.InnerMessage();
_response.data = false;
}
finally
{
if (_pipe_server.IsConnected)
{
var _write_line = JsonConvert.SerializeObject(_response);
await _writer.WriteLineAsync(_write_line);
await _writer.FlushAsync();
_pipe_server.Disconnect();
}
}
}
_pipe_server.Close();
}