Expose PipeOptions.CurrentUserOnly and add implementation when flag is passed (#26395)

* Expose PipeOptions.CurrentUserOnly and add windows implementation when flag is passed

* PR Feedback

* Add missing if statement

* Move PipeSecurity types in implementation to System.IO.Pipes

* PR Feedback and move tests to netcoreapp file

* Add CurrentUserOnly implementation for NamedPipeClient in Unix

* PR Feedback

* Refactor to not have duplicated code

* Implement server side current option only in named pipes for unix

* More PR Feedback

* PR Feedback round 3

* Add more tests

* Fix build and add using to WindowsIdentity objects

* Fix packaging issues

* netstandard-Windows_NT needs to be built from sources

Author: safern

pkg/Microsoft.Private.CoreFx.NETCoreApp/Microsoft.Private.CoreFx.NETCoreApp.pkgproj

@@ -39,6 +39,7 @@
         Microsoft.VisualBasic;
         Microsoft.Win32.Registry;
         System.IO.FileSystem.AccessControl;
+        System.IO.Pipes.AccessControl;
         System.Private.DataContractSerialization;
         System.Private.Uri;
         System.Private.Xml;

pkg/Microsoft.Private.PackageBaseline/packageIndex.json

@@ -2154,7 +2154,9 @@
         "4.4.0"
       ],
       "BaselineVersion": "4.4.0",
-      "InboxOn": {},
+      "InboxOn": {
+        "uap10.0.16300": "4.0.3.0"
+      },
       "AssemblyVersionInPackageVersion": {
         "4.0.1.0": "4.3.0",
         "4.0.2.0": "4.4.0",

src/System.IO.Pipes.AccessControl/dir.props

@@ -4,5 +4,8 @@
   <PropertyGroup>
     <AssemblyVersion>4.0.3.0</AssemblyVersion>
     <AssemblyKey>MSFT</AssemblyKey>
+    <IsNETCoreApp>true</IsNETCoreApp>
+    <IsNETCoreAppRef>false</IsNETCoreAppRef>
+    <IsUAP>true</IsUAP>
   </PropertyGroup>
 </Project>

src/System.IO.Pipes.AccessControl/pkg/System.IO.Pipes.AccessControl.pkgproj

@@ -3,14 +3,18 @@
   <Import Project="$([MSBuild]::GetDirectoryNameOfFileAbove($(MSBuildThisFileDirectory), dir.props))\dir.props" />
   <ItemGroup>
     <ProjectReference Include="..\ref\System.IO.Pipes.AccessControl.csproj">
-      <SupportedFramework>net461;netcoreapp2.0;$(AllXamarinFrameworks)</SupportedFramework>
+      <SupportedFramework>net461;netcoreapp2.0;$(UAPvNextTFM);$(AllXamarinFrameworks)</SupportedFramework>
     </ProjectReference>
     <ProjectReference Include="..\src\System.IO.Pipes.AccessControl.csproj" />
     <HarvestIncludePaths Include="ref/net46;lib/net46;runtimes/win/lib/net46" />
     <HarvestIncludePaths Include="ref/netstandard1.3">
       <SupportedFramework>netcore50</SupportedFramework>
     </HarvestIncludePaths>
     <HarvestIncludePaths Include="runtimes/win/lib/netstandard1.3;lib/netstandard1.3" />
+    <InboxOnTargetFramework Include="$(UAPvNextTFM)" />
+    <File Include="$(PlaceHolderFile)">  
+      <TargetPath>runtimes/win/lib/$(UAPvNextTFM)</TargetPath>  
+    </File>
   </ItemGroup>
   <Import Project="$([MSBuild]::GetDirectoryNameOfFileAbove($(MSBuildThisFileDirectory), dir.targets))\dir.targets" />
 </Project>

src/System.IO.Pipes.AccessControl/src/Configurations.props

@@ -3,6 +3,8 @@
   <PropertyGroup>
     <BuildConfigurations>
       netfx-Windows_NT;
+      netcoreapp-Windows_NT;
+      uap-Windows_NT;
       netstandard-Windows_NT;
       netstandard;
     </BuildConfigurations>

src/System.IO.Pipes.AccessControl/src/System.IO.Pipes.AccessControl.csproj

@@ -4,32 +4,38 @@
   <PropertyGroup>
     <AssemblyName>System.IO.Pipes.AccessControl</AssemblyName>
     <ProjectGuid>{40059634-BB03-4A6F-8657-CCE2D376BC8B}</ProjectGuid>
-    <AllowUnsafeBlocks Condition="'$(TargetGroup)'=='netstandard'">true</AllowUnsafeBlocks>
+    <IncludeDefaultReferences Condition="'$(TargetGroup)' == 'netcoreapp' OR '$(TargetGroup)' == 'uap'">false</IncludeDefaultReferences>
+    <AllowUnsafeBlocks Condition="'$(TargetGroup)' == 'netstandard'">true</AllowUnsafeBlocks>
     <GeneratePlatformNotSupportedAssemblyMessage Condition="'$(TargetGroup)' == 'netstandard' AND '$(TargetsWindows)' != 'true'">SR.PlatformNotSupported_AccessControl</GeneratePlatformNotSupportedAssemblyMessage>
-    <IsPartialFacadeAssembly Condition="'$(TargetGroup)'=='netfx'">true</IsPartialFacadeAssembly>
+    <IsPartialFacadeAssembly Condition="'$(TargetGroup)' != 'netstandard'">true</IsPartialFacadeAssembly>
   </PropertyGroup>
-  <!-- Default configurations to help VS understand the options -->
   <PropertyGroup Condition="'$(Configuration)|$(Platform)' == 'netfx-Windows_NT-Debug|AnyCPU'" />
   <PropertyGroup Condition="'$(Configuration)|$(Platform)' == 'netfx-Windows_NT-Release|AnyCPU'" />
   <PropertyGroup Condition="'$(Configuration)|$(Platform)' == 'netstandard-Debug|AnyCPU'" />
   <PropertyGroup Condition="'$(Configuration)|$(Platform)' == 'netstandard-Release|AnyCPU'" />
   <PropertyGroup Condition="'$(Configuration)|$(Platform)' == 'netstandard-Windows_NT-Debug|AnyCPU'" />
   <PropertyGroup Condition="'$(Configuration)|$(Platform)' == 'netstandard-Windows_NT-Release|AnyCPU'" />
-  <ItemGroup Condition="'$(IsPartialFacadeAssembly)'!='true' AND '$(TargetsWindows)'=='true'">
-    <Compile Include="System\IO\PipeSecurity.cs" />
-    <Compile Include="System\IO\PipeAccessRights.cs" />
-    <Compile Include="System\IO\PipeAccessRule.cs" />
-    <Compile Include="System\IO\PipeAuditRule.cs" />
-    <Compile Include="System\IO\PipesAclExtensions.cs" />
+  <ItemGroup Condition="'$(TargetGroup)' == 'netstandard' AND '$(TargetsWindows)' == 'true'">
+    <Compile Include="..\..\System.IO.Pipes\src\System\IO\Pipes\PipeSecurity.cs" />
+    <Compile Include="..\..\System.IO.Pipes\src\System\IO\Pipes\PipeAccessRights.cs" />
+    <Compile Include="..\..\System.IO.Pipes\src\System\IO\Pipes\PipeAccessRule.cs" />
+    <Compile Include="..\..\System.IO.Pipes\src\System\IO\Pipes\PipeAuditRule.cs" />
+    <Compile Include="..\..\System.IO.Pipes\src\System\IO\Pipes\PipesAclExtensions.cs" />
   </ItemGroup>
-  <ItemGroup Condition="'$(TargetGroup)'=='netfx'">
+  <ItemGroup Condition="'$(TargetGroup)' == 'netfx'">
     <Reference Include="mscorlib" />
     <Reference Include="System.Core" />
     <Compile Include="System\IO\PipesAclExtensions.net46.cs" />
   </ItemGroup>
-  <ItemGroup Condition="'$(TargetGroup)'!='netfx'">
+  <ItemGroup Condition="'$(TargetGroup)' == 'netstandard'">
     <Reference Include="System.Security.AccessControl" />
     <Reference Include="System.Security.Principal.Windows" />
   </ItemGroup>
+  <ItemGroup Condition="'$(TargetGroup)' == 'netcoreapp' OR '$(TargetGroup)' == 'uap'">
+    <Reference Include="System.Runtime" />
+    <Reference Include="System.Resources.ResourceManager" />
+    <ProjectReference Include="..\..\System.IO.Pipes\src\System.IO.Pipes.csproj" />
+    <ProjectReference Include="..\..\System.Security.AccessControl\src\System.Security.AccessControl.csproj" />
+  </ItemGroup>
   <Import Project="$([MSBuild]::GetDirectoryNameOfFileAbove($(MSBuildThisFileDirectory), dir.targets))\dir.targets" />
-</Project>
+</Project>

src/System.IO.Pipes/ref/System.IO.Pipes.cs

@@ -90,6 +90,7 @@ public enum PipeDirection
     public enum PipeOptions
     {
         Asynchronous = 1073741824,
+        CurrentUserOnly = 536870912,
         None = 0,
         WriteThrough = -2147483648,
     }

src/System.IO.Pipes/src/Resources/Strings.resx

@@ -120,12 +120,18 @@
   <data name="ArgumentOutOfRange_NeedNonNegNum" xml:space="preserve">
     <value>Non negative number is required.</value>
   </data>
+  <data name="ArgumentOutOfRange_NeedValidPipeAccessRights" xml:space="preserve">
+    <value>Invalid PipeAccessRights value.</value>
+  </data>
   <data name="Argument_InvalidOffLen" xml:space="preserve">
     <value>Offset and length were out of bounds for the array or count is greater than the number of elements from index to the end of the source collection.</value>
   </data>
   <data name="Argument_NeedNonemptyPipeName" xml:space="preserve">
     <value>pipeName cannot be an empty string.</value>
   </data>
+  <data name="Argument_NonContainerInvalidAnyFlag" xml:space="preserve">
+    <value>This flag may not be set on a pipe.</value>
+  </data>
   <data name="Argument_EmptyServerName" xml:space="preserve">
     <value>serverName cannot be an empty string.  Use \\\".\\\" for current machine.</value>
   </data>
@@ -201,6 +207,9 @@
   <data name="IO_FileExists_Name" xml:space="preserve">
     <value>The file '{0}' already exists.</value>
   </data>
+  <data name="IO_IO_PipeBroken" xml:space="preserve">
+    <value>Pipe is broken.</value>
+  </data>
   <data name="IO_OperationAborted" xml:space="preserve">
     <value>IO operation was aborted unexpectedly.</value>
   </data>
@@ -273,4 +282,7 @@
   <data name="IO_PathTooLong_Path" xml:space="preserve">
     <value>The path '{0}' is too long, or a component of the specified path is too long.</value>
   </data>
+  <data name="UnauthorizedAccess_NotOwnedByCurrentUser" xml:space="preserve">
+    <value>Could not connect to the pipe because it was not owned by the current user.</value>
+  </data>
 </root>

src/System.IO.Pipes/src/System.IO.Pipes.csproj

@@ -140,7 +140,12 @@
     <Compile Include="System\IO\Pipes\ConnectionCompletionSource.cs" />
     <Compile Include="System\IO\Pipes\NamedPipeClientStream.Windows.cs" />
     <Compile Include="System\IO\Pipes\NamedPipeServerStream.Windows.cs" />
+    <Compile Include="System\IO\Pipes\PipeAccessRights.cs" />
+    <Compile Include="System\IO\Pipes\PipeAccessRule.cs" />
+    <Compile Include="System\IO\Pipes\PipeAuditRule.cs" />
+    <Compile Include="System\IO\Pipes\PipesAclExtensions.cs" />
     <Compile Include="System\IO\Pipes\PipeCompletionSource.cs" />
+    <Compile Include="System\IO\Pipes\PipeSecurity.cs" />
     <Compile Include="System\IO\Pipes\PipeStream.Windows.cs" />
     <Compile Include="System\IO\Pipes\ReadWriteCompletionSource.cs" />
   </ItemGroup>
@@ -177,6 +182,9 @@
     <Compile Include="$(CommonPath)\Interop\Unix\Interop.IOErrors.cs">
       <Link>Common\Interop\Unix\Interop.IOErrors.cs</Link>
     </Compile>
+    <Compile Include="$(CommonPath)\Interop\Unix\System.Native\Interop.ChMod.cs">
+      <Link>Common\Interop\Unix\Interop.ChMod.cs</Link>
+    </Compile>
     <Compile Include="$(CommonPath)\Interop\Unix\System.Native\Interop.Close.cs">
       <Link>Common\Interop\Unix\Interop.Close.cs</Link>
     </Compile>
@@ -204,7 +212,7 @@
     <Compile Include="$(CommonPath)\Interop\Unix\System.Native\Interop.OpenFlags.cs">
       <Link>Common\Interop\Unix\Interop.OpenFlags.cs</Link>
     </Compile>
-    <Compile Include="$(CommonPath)\Interop\Unix\System.Native\Interop.Permissions.cs">
+    <Compile Include="$(CommonPath)\CoreLib\Interop\Unix\System.Native\Interop.Permissions.cs">
       <Link>Common\Interop\Unix\Interop.Permissions.cs</Link>
     </Compile>
     <Compile Include="$(CommonPath)\Interop\Unix\System.Native\Interop.Pipe.cs">
@@ -255,8 +263,15 @@
     <Reference Include="System.Threading.Overlapped" />
     <Reference Include="System.Threading.Tasks" />
   </ItemGroup>
+  <ItemGroup Condition="'$(TargetsWindows)' == 'true'">
+    <Reference Include="System.Collections.NonGeneric" />
+    <Reference Include="System.Security.AccessControl" />
+    <Reference Include="System.Security.Principal.Windows" />
+    <Reference Include="System.Security.Claims" />
+  </ItemGroup>
   <ItemGroup Condition="'$(TargetsUnix)' == 'true'">
     <Reference Include="Microsoft.Win32.Primitives" />
+    <Reference Include="System.IO.FileSystem" />
     <Reference Include="System.Net.Primitives" />
     <Reference Include="System.Net.Sockets" />
   </ItemGroup>

src/System.IO.Pipes/src/System/IO/Pipes/NamedPipeClientStream.Unix.cs

@@ -3,7 +3,9 @@
 // See the LICENSE file in the project root for more information.
 
 using Microsoft.Win32.SafeHandles;
+using System.ComponentModel;
 using System.Diagnostics.CodeAnalysis;
+using System.Runtime.InteropServices;
 using System.Net.Sockets;
 using System.Security;
 using System.Threading;
@@ -49,6 +51,17 @@ private bool TryConnect(int timeout, CancellationToken cancellationToken)
                 }
             }
 
+            try
+            {
+                ValidateRemotePipeUser(clientHandle);
+            }
+            catch (Exception)
+            {
+                clientHandle.Dispose();
+                socket.Dispose();
+                throw;
+            }
+
             InitializeHandle(clientHandle, isExposed: false, isAsync: (_pipeOptions & PipeOptions.Asynchronous) != 0);
             State = PipeState.Connected;
             return true;
@@ -84,6 +97,23 @@ public override int OutBufferSize
             }
         }
 
+        private void ValidateRemotePipeUser(SafePipeHandle handle)
+        {
+            if (!IsCurrentUserOnly)
+                return;
+
+            uint userId = Interop.Sys.GetEUid();
+            if (Interop.Sys.GetPeerID(handle, out uint serverOwner) == -1)
+            {
+                throw CreateExceptionForLastError();
+            }
+
+            if (userId != serverOwner)
+            {
+                throw new UnauthorizedAccessException(SR.UnauthorizedAccess_NotOwnedByCurrentUser);
+            }
+        }
+
         // -----------------------------
         // ---- PAL layer ends here ----
         // -----------------------------