You cannot impersonate a pipe until you have read from it. Even a write call doesn’t work. So a service has to wait for a dummy client write call until it can check the client’s token.

The following codes shows how multi instance pipe server could look like. Be aware that I wrote this to show how it can be done and not for a simple copy&paste.

  1. //necessary units
  2. uses JwaWindows, …, JwsclToken, JwsclUtils, JwsclComUtils, JwsclLogging, SvcMgr;
  4. {checks ReadFile and WriteFile result but ignores overlapped error result}
  5. function CheckPipe(const Value : Boolean) : Boolean;
  6. begin
  7.   result := (Value )
  8.       or (not Value and (GetLastError() = ERROR_IO_PENDING));
  9. end;
  10.  
  11. var
  12.   ServiceStopEvent : THandle; //define a stop event for the service
  13.   Stopped : Boolean = false;
  14.  
  15. procedureServiceExecute
  16. var
  17.   Log : IJwLogClient;
  18.  
  19.   ProtocolVersion,
  20.   WaitResult : DWORD;
  21.   Msg : TMsg;
  22.   OvLapped : OVERLAPPED;
  23.   PipeToken : TJwSecurityToken;
  24. begin
  25.   //JWSCL logging
  26.   Log := uLogging.LogServer.Connect(etMethod,ClassName,
  27.           ‘ServiceExecute’,‘MainUnit.pas’,);
  28.  
  29.   hPipe := CreateNamedPipe(‘\\.\pipe\PipeName’,
  30.         PIPE_ACCESS_DUPLEX or FILE_FLAG_OVERLAPPED,
  31.         PIPE_WAIT, PIPE_UNLIMITED_INSTANCES, 0, 0, 0, nil);
  32.  
  33.   //check hPipe here…TODO for the reader
  34.  
  35.   ZeroMemory(@OvLapped, sizeof(OvLapped));
  36.   OvLapped.hEvent := CreateEvent(nil, false, false, nil);
  37.   //auto CloseHandle
  38.   TJwAutoPointer.Wrap(OvLapped.hEvent);
  39.  
  40.   Stopped := false;
  41.   //for services we use this msg friendly approach
  42.   repeat //1.
  43.      ConnectNamedPipe(Pipe, @OvLapped);
  44.  
  45.      repeat //2.
  46.        ServiceThread.ProcessRequests(False);
  47.        WaitResult := JwMsgWaitForMultipleObjects([ServiceStopEvent, OvLapped.hEvent], false, INFINITE, QS_ALLINPUT);
  48.  
  49.        case WaitResult of
  50.           WAIT_OBJECT_0 + 1 :  ResetEvent(OvLapped.hEvent);
  51.           WAIT_OBJECT_0 + 2 :  PeekMessage(Msg, 0, 0, 0, PM_NOREMOVE); //tag message as read, so waitfor does not return next time
  52.        else
  53.           //another problem
  54.        end;
  55.      until WaitResult <> WAIT_OBJECT_0 + 2; //2.
  56.  
  57.      if WaitResult = WAIT_OBJECT_0 +1 then //connected
  58.      begin
  59.        //read dummy data or e.g. Protocol version of client
  60.        if not CheckPipe(ReadFile(Pipe, @ProtocolVersion, sizeof(ProtocolVersion) ,nil, @OvLapped)) then
  61.          //uhh error
  62.        else
  63.        begin
  64.          //JWSCL JwsclUtils.pas implements this more convenient wait function
  65.          if JwWaitForMultipleObjects([ServiceStopEvent, OvLapped.hEvent], false,
  66.                 TIMEOUT) = WAIT_OBJECT_0 +1 then
  67.          begin
  68.             try
  69.               //now we can get the client’s token - may throw exception if it fails!
  70.               TJwSecurityToken.ImpersonateNamedPipeClient(Pipe);
  71.  
  72.               try
  73.                 PipeToken := TJwSecurityToken.CreateTokenByThread(0, MAXIMUM_ALLOWED, true);
  74.               finally
  75.                 TJwSecurityToken.RevertToSelf;
  76.               end;
  77.               //……. go on with what you want
  78.             on E : Exception do
  79.             begin
  80.               Log.Exception(E);
  81.             end;
  82.          end
  83.          else
  84.            Log.Log(‘Read for protocol version failed.’);
  85.        end;
  86.      end;
  87.  
  88.      DisconnectNamedPipe(Pipe);
  89.   until Stopped; //1. - the one who signales ServiceStopEvent, must also set this boolean value to true
  90.  
  91.   CloseHandle(Pipe);
  92. end;
Send post as PDF to www.pdf24.org
convert this post to pdf.