All geek questions in one place

What is the lpSecurityAttributes time in CreateNamedPipe ()?

  • How soon can I destroy the structure pointed to by lpSecurityAttributes passed to CreateNamedPipe() ?
  • Do I need a separate instance for each channel instance?

The MSDN documentation for CreateNamedPipe () says:

lpSecurityAttributes [in, optional]

Pointer to a SECURITY_ATTRIBUTES structure that defines the security descriptor for the new named pipe ...

The emphasis is mine. “New” means a new named pipe or a new instance of a named pipe? The following is said:

Note

To create an instance of a named pipe using CreateNamedPipe, the user must have FILE_CREATE_PIPE_INSTANCE access to the named pipe object. If a new named pipe is created, the access control list (ACL) from the security attribute setting defines discretionary access control for the named pipe.

(We emphasize again.) One could read this as the meaning that lpSecurityAttributes used only when creating the first instance of the named pipe (new named pipe) and is ignored when creating additional instances of the same pipe name. If so, then only one instance of the lpSecurityAttributes structure is lpSecurityAttributes .

Or maybe you need to pass a valid lpSecurityAttributes for each instance, but it can (should?) Be the same?

Or maybe you need to allocate a new SECURITY_ATTRIBUTES structure for each channel instance?

My related question is: can the SECURITY_ATTRIBUTES structure be destroyed as soon as the CreateNamedPipe() call returns or remains in effect until the last handle (to the pipe or only this channel instance?) Isn even called.

Does anyone have definitive answers to these two questions?

+4
source share
2 answers

You need to pass a valid SECURITY_ATTRIBUTES or NULL structure for each call to CreateNamedPipe. You can use the same structure for additional calls or use separate structures, whichever is more convenient. It might be unsafe to use the same structure in multiple simultaneous calls from separate threads - I suspect that everything will be okay, but I would avoid it anyway.

“New” means “new channel”, not “new instance”. The ACL in the lpSecurityDescriptor member is not used if the named pipe already exists. Therefore, if you know that you are creating a new instance of an existing channel and do not need to set bInheritHandle, you should just pass NULL for lpSecurityAttributes. If you need to set bInheritHandle, make sure lpSecurityDescriptor is NULL or points to a valid security descriptor.

As already mentioned, the contents in lpSecurityAttributes can be dropped as soon as the call returns (unless you plan to reuse it in another call!) And yes, this includes the memory allocated to the security descriptor.

+4
source

The structure is copied when the call is completed. This applies to all calls to the security descriptor when creating kernel objects.

Thus: after the call, you can discard its contents.

+2
source

Source: https://habr.com/ru/post/1379108/

More articles:


All Articles