Named pipes in c++ and php

Question

i am creating a pipe in c++ and when i try to write to that pipe using php code it gives me access denied error when i try to get a handle to that pipe. Basically the php code calls another c++ exe which writes to the pipe but it fails.I think its die to some security or access rights that the user does not have (php user). Any ideas??

Code c++

     hPipe = CreateNamedPipe( 
        wcPipeName,             // pipe name 
        PIPE_ACCESS_DUPLEX,       // read/write access 
         PIPE_TYPE_MESSAGE |       // message type pipe 
         PIPE_READMODE_MESSAGE |   // message-read mode 
            PIPE_WAIT,                // blocking mode 
         PIPE_UNLIMITED_INSTANCES, // max. instances  
        1024,                  // output buffer size 
        1024,                  // input buffer size 
         NMPWAIT_USE_DEFAULT_WAIT, // client time-out 
         NULL); 

Code client for writing called from php

hPipe = CreateFile( 
        lpszPipename,   // pipe name 
        GENERIC_READ,   // read and write access 
        0,              // no sharing 
        NULL,           // default security attributes
        OPEN_EXISTING,  // opens existing pipe 
        0,              // default attributes 
        NULL);          // no template file 

    if (hPipe == INVALID_HANDLE_VALUE) 
    {
        printf("\nCreatePipe failed\n %d \n",GetLastError()); 

        return FALSE;
    }

    //Sleep(1000);

    // Write the reply to the pipe. 
    fSuccess = WriteFile( 
        hPipe,        // handle to pipe 
        Buffer,      // buffer to write from 
        BufferSize-1,       // number of bytes to write 
        &cbWritten,   // number of bytes written 
        NULL);        // not overlapped I/O 

    FlushFileBuffers(hPipe); 
    CloseHandle(hPipe);

Answer 1

As the server and client processes are running under two different user accounts and the server side pipe is created with a default security descriptor suggest setting a security descriptor that would allow Everyone access:

// Create a security descriptor that has an an empty DACL to
// grant access to 'Everyone'
//
SECURITY_DESCRIPTOR sd;
if (0 == InitializeSecurityDescriptor(&sd,
                                      SECURITY_DESCRIPTOR_REVISION) ||
    0 == SetSecurityDescriptorDacl(&sd,
                                   TRUE,
                                   static_cast<PACL>(0),
                                   FALSE))
{
    std::cerr << "Failed: " << GetLastError() << "\n";
}
else
{

    SECURITY_ATTRIBUTES sa;
    sa.nLength              = sizeof(sa);
    sa.lpSecurityDescriptor = &sd;
    sa.bInheritHandle       = FALSE;

    hPipe = CreateNamedPipe( 
        wcPipeName,             // pipe name 
        PIPE_ACCESS_DUPLEX,       // read/write access 
         PIPE_TYPE_MESSAGE |       // message type pipe 
         PIPE_READMODE_MESSAGE |   // message-read mode 
         PIPE_WAIT,                // blocking mode 
        PIPE_UNLIMITED_INSTANCES, // max. instances  
        1024,                  // output buffer size 
        1024,                  // input buffer size 
        NMPWAIT_USE_DEFAULT_WAIT, // client time-out 
        &sa); 
}

Also, the client side opens the pipe with GENERIC_READ and then attempts to WriteFile() to the handle: this needs to be either GENERIC_WRITE or GENERIC_READ | GENERIC_WRITE.