NamedPipe: CurrentUserOnly, quick fixes for Unix (#27463)

* NamedPipe: CurrentUserOnly, quick fixes for Unix

* The path for the directory of when using current user only was wrong and not using the intended folder.
* Added getpeerid validation on the server side.

* Clean some dirty changes used for quick validation.

* PR feedback round #1

src/System.IO.Pipes/src/Resources/Strings.resx

@@ -285,4 +285,7 @@
  <data name="UnauthorizedAccess_NotOwnedByCurrentUser" xml:space="preserve">
  <value>Could not connect to the pipe because it was not owned by the current user.</value>
  </data>
+ <data name="UnauthorizedAccess_ClientIsNotCurrentUser" xml:space="preserve">
+ <value>Client connection (user id {0}) was refused because it was not owned by the current user (id {1}).</value>
+ </data>
 </root>

src/System.IO.Pipes/src/System/IO/Pipes/NamedPipeServerStream.Unix.cs

@@ -83,8 +83,25 @@ async Task WaitForConnectionAsyncCore() =>
  private void HandleAcceptedSocket(Socket acceptedSocket)
  {
  var serverHandle = new SafePipeHandle(acceptedSocket);
+
  try
  {
+ if (IsCurrentUserOnly)
+ {
+ uint serverEUID = Interop.Sys.GetEUid();
+
+ uint peerID;
+ if (Interop.Sys.GetPeerID(serverHandle, out peerID) == -1)
+ {
+ throw CreateExceptionForLastError(_instance?.PipeName);
+ }
+
+ if (serverEUID != peerID)
+ {
+ throw new UnauthorizedAccessException(string.Format(SR.UnauthorizedAccess_ClientIsNotCurrentUser, peerID, serverEUID));
+ }
+ }
+
  ConfigureSocket(acceptedSocket, serverHandle, _direction, _inBufferSize, _outBufferSize, _inheritability);
  }
  catch

src/System.IO.Pipes/src/System/IO/Pipes/PipeStream.Unix.cs

@@ -68,7 +68,7 @@ internal static string GetPipePath(string serverName, string pipeName, bool isCu
  throw CreateExceptionForLastError();
  }
 
- return Path.Combine(directory, s_pipePrefix + pipeName);
+ return Path.Combine(directory, pipeName);
  }
 
  return s_pipePrefix + pipeName;

src/System.IO.Pipes/tests/NamedPipeTests/NamedPipeTest.CurrentUserOnly.netcoreapp.cs

@@ -30,7 +30,7 @@ public static void CreateServer_CurrentUserOnly()
  [Fact]
  public static void CreateServer_ConnectClient()
  {
- var name = GetUniquePipeName();
+ string name = GetUniquePipeName();
  using (var server = new NamedPipeServerStream(name, PipeDirection.InOut, 1, PipeTransmissionMode.Byte, PipeOptions.CurrentUserOnly))
  {
  using (var client = new NamedPipeClientStream(".", name, PipeDirection.InOut, PipeOptions.CurrentUserOnly))
@@ -41,12 +41,26 @@ public static void CreateServer_ConnectClient()
  }
  }
 
+ [Fact]
+ [PlatformSpecific(TestPlatforms.AnyUnix)] // On Unix domain socket should have different location in this case.
+ public static void CreateServerNotCurrentUserOnly_ClientCurrentUserOnly_ThrowsTimeout_OnUnix()
+ {
+ string name = GetUniquePipeName();
+ using (var server = new NamedPipeServerStream(name, PipeDirection.InOut, 1, PipeTransmissionMode.Byte))
+ {
+ using (var client = new NamedPipeClientStream(".", name, PipeDirection.InOut, PipeOptions.CurrentUserOnly))
+ { 
+ Assert.Throws<TimeoutException>(() => client.Connect(1));
+ }
+ }
+ }
+
  [Fact]
  public static void CreateMultipleServers_ConnectMultipleClients()
  {
- var name1 = GetUniquePipeName();
- var name2 = GetUniquePipeName();
- var name3 = GetUniquePipeName();
+ string name1 = GetUniquePipeName();
+ string name2 = GetUniquePipeName();
+ string name3 = GetUniquePipeName();
  using (var server1 = new NamedPipeServerStream(name1, PipeDirection.InOut, 1, PipeTransmissionMode.Byte, PipeOptions.CurrentUserOnly))
  using (var server2 = new NamedPipeServerStream(name2, PipeDirection.InOut, 1, PipeTransmissionMode.Byte, PipeOptions.CurrentUserOnly))
  using (var server3 = new NamedPipeServerStream(name3, PipeDirection.InOut, 1, PipeTransmissionMode.Byte, PipeOptions.CurrentUserOnly))