All About Named Pipe Binding

(1)Chris wrote excellent blog about Named pipe Binding

 https://blogs.charteris.com/blogs/chrisdi/archive/2008/05/19/exploring-the-wcf-named-pipe-binding-part-1.aspx

https://blogs.charteris.com/blogs/chrisdi/archive/2008/06/16/exploring-the-wcf-named-pipe-binding-part-2.aspx

https://blogs.charteris.com/blogs/chrisdi/archive/2008/06/23/exploring-the-wcf-named-pipe-binding-part-3.aspx

 

(2)Named pipe binding security model ( https://blogs.msdn.com/drnick/archive/2008/04/01/the-pipe-dacl.aspx )

 

When a named pipe channel listener creates a new named pipe it has to supply a discretionary ACL that describes who can connect to the pipe. Here is how that DACL is constructed:

  1. An access control entry is added to deny GENERIC_ALL access to the well-known network SID (S-1-5-2).
  2. Access control entries are added to allow GENERIC_READ and GENERIC_WRITE access to a list of SIDs that is defined on the binding element. The default is to allow the well-known world SID (S-1-1-0). Since this list is an internal setting, you will almost always be using the default.
  3. An access control entry is added to allow GENERIC_READ and GENERIC_WRITE access to the well-known creator owner SID (S-1-3-0).

And that's how the DACL gets built.

There are a few other settings as well required to create the pipe if you're interested in their values. The pipe is bidirectional (PIPE_ACCESS_DUPLEX), data is written to the pipe as messages (PIPE_TYPE_MESSAGE), data is read from the pipe as messages (PIPE_READMODE_MESSAGE), we use overlapped IO (FILE_FLAG_OVERLAPPED), and if this is the first pipe created by the listener, then we need to say that more pipes are coming (FILE_FLAG_FIRST_PIPE_INSTANCE).

 

(3)How can I know what are the pipes opened on my machine( https://technet.microsoft.com/en-us/sysinternals/bb897446.aspx )

Named Pipe Directory Listings:

Did you know that the device driver that implements named pipes is actually a file system driver" In fact, the driver's name is NPFS.SYS, for "Named Pipe File System". What you might also find surprising is that it’s possible to obtain a directory listing of the named pipes defined on a system. This fact is not documented, nor is it possible to do this using the Win32 API. Directly using NtQueryDirectoryFile, the native function that the Win32 FindFile APIs rely on, makes it possible to list the pipes. The directory listing NPFS returns also indicates the maximum number of pipe instances set for each pipe and the number of active instances.

To demonstrate the listing of named pipes I've written a program called PipeList. PipeList displays the named pipes on your system, including the number of maximum instances and active instances for each pipe.

 

(4) Sample code to Create Named Pipe

#include <windows.h>

#include <process.h>

#include <stdio.h>

HANDLE hPipe;

int Buffer_in;

int count;

int main(int argc, char* argv[])

{

    hPipe = CreateNamedPipe("\\\\.\\pipe\\muller", //this machine

    PIPE_ACCESS_INBOUND,

    PIPE_TYPE_BYTE | PIPE_WAIT,

    10, 0, sizeof(Buffer_in),

   10000, // timeout in millseconds

    NULL); // security descriptor

if(INVALID_HANDLE_VALUE == hPipe)

{

   printf("Server Pipe not created\n");

   exit(0);

}

else

   printf("Successful in creating server pipe\n");

// wait of a connection.

while ( !ConnectNamedPipe(hPipe, (LPOVERLAPPED) NULL)); printf("Client has connected\n");

for(int i=0; i<10; i++)

{

ReadFile(hPipe,

(LPVOID) &Buffer_in, (DWORD) sizeof(Buffer_in), (LPDWORD) &count, (LPOVERLAPPED) NULL);

printf("revieved %d\n", Buffer_in);

}

printf("press 'c' to quit\n");

while( toupper(getchar()) != 'C');

CloseHandle(hPipe);

return 0;

}

 

// clientpipe.cpp : Defines the entry point for the console application.

//

#include <windows.h>

#include <process.h>

#include <stdio.h>

HANDLE hPipe;

const int BUFSIZE = 10;

int Buffer_out;

int count;

int main(int argc, char* argv[])

{

  hPipe = CreateFile("\\\\.\\pipe\\muller", // this machine

  GENERIC_WRITE, 0,

  NULL, OPEN_EXISTING,

  FILE_ATTRIBUTE_NORMAL,

  (HANDLE) NULL);

if(INVALID_HANDLE_VALUE == hPipe)

{

 printf("Server Pipe not found\n");

 goto done;

}

else

  printf("Successful in finding server pipe\n");

for(Buffer_out=0; Buffer_out< BUFSIZE; Buffer_out++)

{

 printf("sending %d\n", Buffer_out);

    WriteFile(hPipe,

                &Buffer_out, sizeof(Buffer_out),

                 (LPDWORD) &count, NULL);

}

printf("%d integers written, press 'c' to quit\n");

CloseHandle(hPipe);

done:

while( toupper(getchar()) != 'C');

return 0;

}

MORE INFO:

If you want to know about SID

https://en.wikipedia.org/wiki/Security_Identifier

https://support.microsoft.com/kb/163846/en-us