从IE EPM BHO中访问命名管道服务器 [英] Accessing named pipe servers from within IE EPM BHO

问题描述

我正在尝试对我们的旧产品进行一些更改，以支持BHO上的IE EPM。我设法让它加载和各种方法 - SetSite，DocumentComplete等 - 被调用。

I am trying to make some changes to our legacy product to support IE EPM on the BHO. I have managed to get it to load and the various methods - SetSite, DocumentComplete etc. - get invoked.

我试图连接到它时似乎遇到了障碍在Windows服务中运行的命名管道服务器。

I seem to be hitting a snag when trying to connect to the named pipe server running inside a Windows Service.

以前，我们已经进行了更改以允许IE BHO处于保护模式以访问命名管道服务器 - 使用LOW_INTEGRITY_SDDL_SACL（S：（ML ;; NW ;;; LW））。在代码中，我们使用ConvertStringSecurityDescriptorToSecurityDescriptor方法创建安全描述符，然后在实际SD或SECURITY_ATTRIBUTES对象上执行SetSecurityDescriptorSacl。这允许BHO代码访问SYSTEM服务中托管的命名管道服务器。

Previously, we had already made changes to allow IE BHO in protected mode to access the named pipe server - using LOW_INTEGRITY_SDDL_SACL ("S:(ML;;NW;;;LW)"). Within the code, we were using creating the security descriptor using the ConvertStringSecurityDescriptorToSecurityDescriptor method, then performing a SetSecurityDescriptorSacl on the actual SD or the SECURITY_ATTRIBUTES object. This allowed the BHO code to access named pipe servers hosted in the SYSTEM service.

我提到了一些文章，可能最有用的一篇是这篇文章 - 有没有办法在IE11上从AppContainer BHO创建命名管道？

I referred to a few articles and probably the most useful one was this post - Is there a way to create a named pipe from an AppContainer BHO on IE11?

我对SDDL进行了一些更改，现在它看起来像 -

I made some changes to SDDL so it now looks like -

#define EPM_INTEGRITY_SDDL L"S:(ML;;NW;;;LW)D:(A;;FA;;;SY)(A;;FA;;;WD)(A;;FA;;;AC)"

这基本上给出了完整档案访问DACL部分中的所有人，所有应用程序包和系统。我知道它太过宽松了，但我预计这应该至少在我使用SetSecurityDescriptorDacl时起作用： - ）

This basically gives full file access to Everyone, ALL APPLICATION PACKAGES and SYSTEM in the DACL part. I know it's way too permissive, but I expected this should at least work once I used SetSecurityDescriptorDacl :-)

无论如何，设置SD的代码现在如下所示。我在这里遗漏了什么吗？

Anyway, the code that sets the SD now looks as below. Am I missing something here?

if (!ConvertStringSecurityDescriptorToSecurityDescriptor(EPM_INTEGRITY_SDDL, SDDL_REVISION_1, &pLISD, NULL))
{
    OutputDebugString(L"Unable to get the app-container integrity security descriptor");
    return false;
}

PACL pAcl = 0;
BOOL bAclPresent   = FALSE;
BOOL bAclDefaulted = FALSE;             
if (!GetSecurityDescriptorSacl(pLISD, &bAclPresent, &pAcl, &bAclDefaulted) || !bAclPresent)
{
    return false;
}

if (!SetSecurityDescriptorSacl(pSecurityDesc, TRUE, pAcl, FALSE))
{
    return false;
}

pAcl = 0;
bAclPresent = FALSE;
bAclDefaulted = FALSE;
if (!GetSecurityDescriptorDacl(pLISD, &bAclPresent, &pAcl, &bAclDefaulted) || !bAclPresent)
{
    OutputDebugString(L"Setting to low integrity : No DACL Available");
            return false;
}

if (!SetSecurityDescriptorDacl(pSecurityDesc, TRUE, pAcl, FALSE))
{
    OutputDebugString(L"Setting to low integrity : Unable to set the DACL");
    return false;
}

推荐答案

我做了一些研究和管理找出一种有效的方法。

I did some research and managed to figure out an approach that works.

首先，似乎AppContainer中的BHO无法访问在Windows会话中创建的命名管道等。由于我在Windows服务中创建了命名管道服务器，因此我指定的安全描述符无关紧要。它不起作用。

First, it appears that the BHO inside the AppContainer cannot access named pipes etc. created in a Windows session other than its own. Since I was creating my named pipe server in a Windows Service, it doesn't matter what security descriptor I specify. It won't work.

其次，使用中等完整性代理程序进程创建具有相同尝试SD的命名管道，并且可以访问它。因此，我采用的方法是为我的BHO创建一个代理，将这些消息转发给Windows服务。所以，我的服务器逻辑不需要移动。

Second, use the medium-integrity broker process to create the named pipe with the same attempted SD and it will be accessible. So, the approach I took was to create a proxy to my BHO that forwards these messages to the Windows Service. So, my "server" logic did not need to move.

我对这种方法并不感到兴奋，但它并不太糟糕，因为我可以重用这段代码对于基于JS的扩展，也没有完全重写核心代码。

I am not thrilled with the approach, but it isn't too bad, because I can reuse this code for the JS-based extensions too without completely re-writing the core code.

第三，我需要某种方式回调BHO，要求它采取一些行动基于外部刺激。我设法通过在BHO的SetSite中创建HWND_MESSAGE窗口并使用Broker进程中的SendMessage调用它来实现此目的。由于这是跨进程的，因此您需要使用WM_COPYDATA。

Third, I needed some way to call back into the BHO to ask it to take some action based on external stimuli. I managed to achieve this by creating a HWND_MESSAGE window in the SetSite of the BHO and calling to it using SendMessage from the Broker process. Since this is cross-process, you would need to use WM_COPYDATA.

这篇关于从IE EPM BHO中访问命名管道服务器的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！