Geek asks and answers

QLocalSocket :: connectToServer could not be executed with QLocalSocket :: SocketAccessError if the server is running as administrator (Windows 7)

The following issue occurs in Microsoft Windows 7 Qt 4.8.1 deployment:

A QLocalServer (named pipe) expects client connections and works as a server application that works with administrator rights (for example, a system service).

How can I allow a non-privileged QLocalSocket client to connect to this server? The connection attempt is always denied with error code 3 (QLocalSocket :: SocketAccessError). Is there a solution?

Change . As I found out, the solution is to change the channel security by allowing full access to each SID. The only problem is that the call SetSecurityInfoalways fails with the access denied error . First we need to get a pipe handle. Since the pipe has already been created by Qt, we will open it with CreateNamedPipe.

HANDLE hPipe = CreateNamedPipe(
    (const wchar_t *)_Server->fullServerName().utf16(), // pipe name
    PIPE_ACCESS_DUPLEX | FILE_FLAG_OVERLAPPED,       // read/write access
    PIPE_TYPE_BYTE |          // byte type pipe
    PIPE_READMODE_BYTE |      // byte-read mode
    PIPE_WAIT,                // blocking mode
    PIPE_UNLIMITED_INSTANCES, // max. instances
    0,                  // output buffer size
    0,                  // input buffer size
    3000,                     // client time-out
    0 // Default Security
);
// Same call to open/create pipe as in qlocalserver_win.cpp
// Code here to add/change ACEs
if (SetSecurityInfo(hPipe, SE_KERNEL_OBJECT, DACL_SECURITY_INFORMATION,
    0, 0, NewAcl, 0) == ERROR_SUCCESS) {
    // Success
}

Even if the parameter is NewAclset to NULL, the call fails. So, what could result in a "denied access" error?

+3
source share
3 answers

Qt. , CreateNamedPipe QLocalServer:: listen(), CreateNamedPipe, Qt . WRITE_DAC | FILE_FLAG_FIRST_PIPE_INSTANCE, - .

, .

+1

, , . , , .

, server.setSocketOptions(QLocalServer::WorldAccessOption); QLocalServer::​SocketOption listen.

+7

Qt , , QtLocalServer . , , , " ".

- DACL ( ), . , DACL Windows ( c.f.). (ACE), . , ACE "EVERYONE" SID, /, DACL, . , , DACL, WRITE_DAC , , DACL. WRITE_DAC CreateNamedPipe, , SetSecurityInfo .

- , Windows Vista . , , , , . ( Windows 7, , ) , . , ( Q & A , ), because the integrity label is a special ACE contained in the System Access Control List (SACL) for the channel that you need to transmit WRITE_OWNER. Is it even possible in Qt to get hold of this pipe descriptor, I don't know.

+2
source

More articles:


All Articles