/// <summary> /// Helper method to create a PowerShell transport named pipe via native API, along /// with a returned .Net NamedPipeServerStream object wrapping the named pipe. /// </summary> /// <param name="pipeName">Named pipe core name.</param> /// <param name="securityDesc"></param> /// <returns>NamedPipeServerStream</returns> internal static NamedPipeServerStream CreateNamedPipe( string pipeName, PipeSecurity pipeSecurity) { string fullPipeName = @"\\.\pipe\" + pipeName; CommonSecurityDescriptor securityDesc = new CommonSecurityDescriptor(false, false, pipeSecurity.GetSecurityDescriptorBinaryForm(), 0); // Create optional security attributes based on provided PipeSecurity. NamedPipeNative.SECURITY_ATTRIBUTES securityAttributes = null; GCHandle?securityDescHandle = null; if (securityDesc != null) { byte[] securityDescBuffer = new byte[securityDesc.BinaryLength]; securityDesc.GetBinaryForm(securityDescBuffer, 0); securityDescHandle = GCHandle.Alloc(securityDescBuffer, GCHandleType.Pinned); securityAttributes = NamedPipeNative.GetSecurityAttributes(securityDescHandle.Value); } // Create named pipe. SafePipeHandle pipeHandle = NamedPipeNative.CreateNamedPipe( fullPipeName, NamedPipeNative.PIPE_ACCESS_DUPLEX | NamedPipeNative.FILE_FLAG_FIRST_PIPE_INSTANCE | NamedPipeNative.FILE_FLAG_OVERLAPPED, NamedPipeNative.PIPE_TYPE_BYTE | NamedPipeNative.PIPE_READMODE_BYTE, 1, 1024, 1024, 0, securityAttributes); int lastError = Marshal.GetLastWin32Error(); if (securityDescHandle != null) { securityDescHandle.Value.Free(); } if (pipeHandle.IsInvalid) { throw new InvalidOperationException(); } // Create the .Net NamedPipeServerStream wrapper. try { return(new NamedPipeServerStream( PipeDirection.InOut, true, // IsAsync false, // IsConnected pipeHandle)); } catch (Exception) { pipeHandle.Dispose(); throw; } }
public override void Start() { try { if (RuntimeInformation.IsOSPlatform(OSPlatform.Windows)) { PipeSecurity pipeSecurity = new PipeSecurity(); WindowsIdentity identity = WindowsIdentity.GetCurrent(); WindowsPrincipal principal = new WindowsPrincipal(identity); if (principal.IsInRole(WindowsBuiltInRole.Administrator)) { // Allow the Administrators group full access to the pipe. pipeSecurity.AddAccessRule(new PipeAccessRule( new SecurityIdentifier(WellKnownSidType.BuiltinAdministratorsSid, null).Translate(typeof(NTAccount)), PipeAccessRights.FullControl, AccessControlType.Allow)); } else { // Allow the current user read/write access to the pipe. pipeSecurity.AddAccessRule(new PipeAccessRule( WindowsIdentity.GetCurrent().User, PipeAccessRights.ReadWrite, AccessControlType.Allow)); } // Unfortunately, .NET Core does not support passing in a PipeSecurity object into the constructor for // NamedPipeServerStream so we are creating native Named Pipes and securing them using native APIs. The // issue on .NET Core regarding Named Pipe security is here: https://github.com/dotnet/corefx/issues/30170 // 99% of this code was borrowed from PowerShell here: // https://github.com/PowerShell/PowerShell/blob/master/src/System.Management.Automation/engine/remoting/common/RemoteSessionNamedPipe.cs#L124-L256 this.pipeServer = NamedPipeNative.CreateNamedPipe(pipeName, pipeSecurity); } else { // This handles the Unix case since PipeSecurity is not supported on Unix. // Instead, we use chmod in Start-EditorServices.ps1 this.pipeServer = new NamedPipeServerStream( pipeName: pipeName, direction: PipeDirection.InOut, maxNumberOfServerInstances: 1, transmissionMode: PipeTransmissionMode.Byte, options: PipeOptions.Asynchronous); } ListenForConnection(); } catch (IOException e) { this.logger.Write( LogLevel.Verbose, "Named pipe server failed to start due to exception:\r\n\r\n" + e.Message); throw e; } }