server: Correctly implement permission checking for named pipes.

commit: 9034e694a36df25fadd654c29a13bdd1444bbd6a [log] [tgz]
author: Bernhard Loos <bernhardloos@googlemail.com> Thu Sep 29 11:20:50 2011 +0200
committer: Alexandre Julliard <julliard@winehq.org> Sat Oct 08 19:55:35 2011 +0200
tree: 3a55ee63575abf90528d5af3c47980238d01c4e3
parent: e4c2a6d1cdc5c56404414afb1dd0ecc51938a4b3 [diff] [blame]
diff --git a/server/named_pipe.c b/server/named_pipe.c
index 750f3bc..d6c1383 100644
--- a/server/named_pipe.c
+++ b/server/named_pipe.c

@@ -804,6 +804,7 @@
     struct named_pipe *pipe = (struct named_pipe *)obj;
     struct pipe_server *server;
     struct pipe_client *client;
+    unsigned int pipe_sharing;
     int fds[2];
 
     if (!(server = find_available_server( pipe )))
@@ -812,6 +813,15 @@
         return NULL;
     }
 
+    pipe_sharing = server->pipe->sharing;
+    if (((access & GENERIC_READ) && !(pipe_sharing & FILE_SHARE_READ)) ||
+        ((access & GENERIC_WRITE) && !(pipe_sharing & FILE_SHARE_WRITE)))
+    {
+        set_error( STATUS_ACCESS_DENIED );
+        release_object( server );
+        return NULL;
+    }
+
     if ((client = create_pipe_client( options )))
     {
         if (!socketpair( PF_UNIX, SOCK_STREAM, 0, fds ))
commit	9034e694a36df25fadd654c29a13bdd1444bbd6a	[log] [tgz]
author	Bernhard Loos <bernhardloos@googlemail.com>	Thu Sep 29 11:20:50 2011 +0200
committer	Alexandre Julliard <julliard@winehq.org>	Sat Oct 08 19:55:35 2011 +0200
tree	3a55ee63575abf90528d5af3c47980238d01c4e3
parent	e4c2a6d1cdc5c56404414afb1dd0ecc51938a4b3 [diff] [blame]