Make reading of ACLs optional, since it may disrupt other processes

Author: grayed

Native.cs

@@ -107,8 +107,71 @@ private static T PtrToStruct<T>(IntPtr p)
         {
             return (T)Marshal.PtrToStructure(p, typeof(T));
         }
+        
+        public static AclModel GetAcl(string path)
+        {
+            var err = GetNamedSecurityInfo(path, SE_OBJECT_TYPE.SE_FILE_OBJECT,
+                SECURITY_INFORMATION.OWNER_SECURITY_INFORMATION | SECURITY_INFORMATION.GROUP_SECURITY_INFORMATION | SECURITY_INFORMATION.DACL_SECURITY_INFORMATION,
+                out var ownerSid, out var groupSid, out var dacl, out _, out var sd);
+            if (!err.Succeeded)
+                return null;
+
+            try
+            {
+                int ownerNameBufLen = 1024, groupNameBufLen = 1024, domainBufLen = 1024;
+                StringBuilder ownerNameBuf = new StringBuilder(ownerNameBufLen);
+                StringBuilder groupNameBuf = new StringBuilder(groupNameBufLen);
+                StringBuilder domainBuf = new StringBuilder(domainBufLen);
+                LookupAccountSid(null, ownerSid, ownerNameBuf, ref ownerNameBufLen, domainBuf, ref domainBufLen, out var ownerAccType);
+                LookupAccountSid(null, groupSid, groupNameBuf, ref groupNameBufLen, null, ref domainBufLen, out var groupAccType);
+
+                List<AclRuleModel> rules = null;
+                if (dacl.IsValidAcl())
+                {
+                    var cnt = dacl.AceCount();
+                    rules = new List<AclRuleModel>((int)cnt);
+                    for (uint i = 0; i < cnt; i++)
+                    {
+                        if (GetAce(dacl, i, out var ace))
+                        {
+                            var sid = ace.GetSid();
+                            int sidNameLen = 1024, sidDomainLen = 1024;
+                            StringBuilder sidNameBuf = new StringBuilder(sidNameLen);
+                            StringBuilder sidDomainBuf = new StringBuilder(sidDomainLen);
+                            LookupAccountSid(null, sid, sidNameBuf, ref sidNameLen, sidDomainBuf, ref sidDomainLen, out var sidAccType);
+
+                            bool isAllowing;
+                            switch (ace.GetHeader().AceType)
+                            {
+                                case AceType.AccessAllowed:
+                                    isAllowing = true;
+                                    break;
+                                case AceType.AccessDenied:
+                                    isAllowing = false;
+                                    break;
+                                default:
+                                    continue;
+                            }
+
+                            var mask = ace.GetMask();
+                            // make Enum formatter happy, since there are no flags for 0x60 bits
+                            mask &= 0xFFFFFF9F;
+
+                            if (sidNameBuf.Length > 0)
+                                rules.Add(new AclRuleModel(sidNameBuf.ToString(), isAllowing, (PipeAccessRights)mask));
+                        }
+                    }
+                }
+
+                return new AclModel(ownerNameBuf.ToString(), groupNameBuf.ToString(), rules);
+            }
+            finally
+            {
+                sd.Dispose();
+            }
+        }
 
-        public static IEnumerable<PipeModel> GetPipes(string pipeHost = ".")
+        public static IEnumerable<PipeModel> GetPipes(bool readAcls, string pipeHost = ".")
         {
             IntPtr dir, tmp;
             bool isFirstQuery = true;
@@ -140,65 +203,8 @@ public static IEnumerable<PipeModel> GetPipes(string pipeHost = ".")
                         var name = Marshal.PtrToStringUni(namePtr, (int)fdi.FileNameLength / 2);
 
                         AclModel acl = null;
-                        var err = GetNamedSecurityInfo(pipesPath + name, SE_OBJECT_TYPE.SE_FILE_OBJECT,
-                            SECURITY_INFORMATION.OWNER_SECURITY_INFORMATION | SECURITY_INFORMATION.GROUP_SECURITY_INFORMATION | SECURITY_INFORMATION.DACL_SECURITY_INFORMATION,
-                            out var ownerSid, out var groupSid, out var dacl, out _, out var sd);
-                        if (err.Succeeded)
-                        {
-                            try
-                            {
-                                int ownerNameBufLen = 1024, groupNameBufLen = 1024, domainBufLen = 1024;
-                                StringBuilder ownerNameBuf = new StringBuilder(ownerNameBufLen);
-                                StringBuilder groupNameBuf = new StringBuilder(groupNameBufLen);
-                                StringBuilder domainBuf = new StringBuilder(domainBufLen);
-                                LookupAccountSid(null, ownerSid, ownerNameBuf, ref ownerNameBufLen, domainBuf, ref domainBufLen, out var ownerAccType);
-                                LookupAccountSid(null, groupSid, groupNameBuf, ref groupNameBufLen, null, ref domainBufLen, out var groupAccType);
-
-                                List<AclRuleModel> rules = null;
-                                if (dacl.IsValidAcl())
-                                {
-                                    var cnt = dacl.AceCount();
-                                    rules = new List<AclRuleModel>((int)cnt);
-                                    for (uint i = 0; i < cnt; i++)
-                                    {
-                                        if (GetAce(dacl, i, out var ace))
-                                        {
-                                            var sid = ace.GetSid();
-                                            int sidNameLen = 1024, sidDomainLen = 1024;
-                                            StringBuilder sidNameBuf = new StringBuilder(sidNameLen);
-                                            StringBuilder sidDomainBuf = new StringBuilder(sidDomainLen);
-                                            LookupAccountSid(null, sid, sidNameBuf, ref sidNameLen, sidDomainBuf, ref sidDomainLen, out var sidAccType);
-
-                                            bool isAllowing;
-                                            switch (ace.GetHeader().AceType)
-                                            {
-                                                case AceType.AccessAllowed:
-                                                    isAllowing = true;
-                                                    break;
-                                                case AceType.AccessDenied:
-                                                    isAllowing = false;
-                                                    break;
-                                                default:
-                                                    continue;
-                                            }
-
-                                            var mask = ace.GetMask();
-                                            // make Enum formatter happy, since there are no flags for 0x60 bits
-                                            mask &= 0xFFFFFF9F;
-
-                                            if (sidNameBuf.Length > 0)
-                                                rules.Add(new AclRuleModel(sidNameBuf.ToString(), isAllowing, (PipeAccessRights)mask));
-                                        }
-                                    }
-                                }
-
-                                acl = new AclModel(ownerNameBuf.ToString(), groupNameBuf.ToString(), rules);
-                            }
-                            finally
-                            {
-                                sd.Dispose();
-                            }
-                        }
+                        if (readAcls)
+                            acl = GetAcl(pipesPath + name);
 
                         yield return new PipeModel(pipeHost, name, (int)fdi.AllocationSize.LowPart, fdi.EndOfFile.LowPart, acl);
 

PipeExplorerMainWindow.xaml

@@ -69,6 +69,13 @@ OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -->
                           Width="400"
                           >
                 <StackPanel Margin="12">
+                    <metro:ToggleSwitch IsOn="{Binding ReadAcls}"
+                                        Header="{x:Static res:Resources.SettingsReadAclsHeader}"
+                                        OnContent="{x:Static res:Resources.SettingsReadAclsOn}"
+                                        OffContent="{x:Static res:Resources.SettingsReadAclsOff}"
+                                        />
+                    <TextBlock Foreground="DarkOrange" Text="{x:Static res:Resources.SettingsReadAclsWarning}" TextWrapping="Wrap" Margin="0, 0, 0, 8" />
+
                     <metro:ToggleSwitch IsOn="{Binding StartImmediately}"
                                         Header="{x:Static res:Resources.SettingsStartImmediatelyHeader}"
                                         OnContent="{x:Static res:Resources.SettingsStartImmediatelyOn}"

Properties/Resources.Designer.cs

@@ -174,6 +174,18 @@
   <data name="SettingsHighlightDuration" xml:space="preserve">
     <value>Highlight duration</value>
   </data>
+  <data name="SettingsReadAclsHeader" xml:space="preserve">
+    <value>Read access control lists (ACL). Does not work for busy pipes.</value>
+  </data>
+  <data name="SettingsReadAclsOff" xml:space="preserve">
+    <value>Do not read</value>
+  </data>
+  <data name="SettingsReadAclsOn" xml:space="preserve">
+    <value>Read</value>
+  </data>
+  <data name="SettingsReadAclsWarning" xml:space="preserve">
+    <value>Warning: reading access control lists may disrupt workflows of processes willing to connect to named pipes, including workflows of system services.</value>
+  </data>
   <data name="SettingsRefreshInterval" xml:space="preserve">
     <value>Refresh interval</value>
   </data>

Properties/Resources.en-US.resx

@@ -174,6 +174,18 @@
   <data name="SettingsHighlightDuration" xml:space="preserve">
     <value>Highlight duration</value>
   </data>
+  <data name="SettingsReadAclsHeader" xml:space="preserve">
+    <value>Read access control lists (ACL). Does not work for busy pipes.</value>
+  </data>
+  <data name="SettingsReadAclsOff" xml:space="preserve">
+    <value>Do not read</value>
+  </data>
+  <data name="SettingsReadAclsOn" xml:space="preserve">
+    <value>Read</value>
+  </data>
+  <data name="SettingsReadAclsWarning" xml:space="preserve">
+    <value>Warning: reading access control lists may disrupt workflows of processes willing to connect to named pipes, including workflows of system services.</value>
+  </data>
   <data name="SettingsRefreshInterval" xml:space="preserve">
     <value>Refresh interval</value>
   </data>

Properties/Resources.resx

@@ -174,6 +174,18 @@
   <data name="SettingsHighlightDuration" xml:space="preserve">
     <value>Длительность подсветки</value>
   </data>
+  <data name="SettingsReadAclsHeader" xml:space="preserve">
+    <value>Считывать списки контроля доступа (ACL). Не работает для занятых каналов.</value>
+  </data>
+  <data name="SettingsReadAclsOff" xml:space="preserve">
+    <value>Не считывать</value>
+  </data>
+  <data name="SettingsReadAclsOn" xml:space="preserve">
+    <value>Считывать</value>
+  </data>
+  <data name="SettingsReadAclsWarning" xml:space="preserve">
+    <value>Предупреждение: считывание параметров доступа может нарушить поведение процессов, подключающихся к именованным каналам, в том числе поведение системных служб.</value>
+  </data>
   <data name="SettingsRefreshInterval" xml:space="preserve">
     <value>Интервал обновления</value>
   </data>

Properties/Resources.ru.resx

@@ -22,6 +22,7 @@
 using System.Threading;
 using PipeExplorer.Models;
 using ReactiveUI;
+using Splat;
 
 namespace PipeExplorer.Services
 {
@@ -143,7 +144,8 @@ public override string ToString()
         private void TimerTick(object state)
         {
             var newPipes = new Dictionary<string, PipeModel>();
-            foreach (var newp in Native.GetPipes(Host))
+            var readAcls = Locator.Current.GetService<ISettings>().ReadAcls;
+            foreach (var newp in Native.GetPipes(readAcls, Host))
             {
                 // do not blindly call newPipes.Add(): GetPipes() could return duplicated entries (and it's not its fault)
                 if (prevPipes.TryGetValue(newp.Name, out var oldp))

Services/PipeWatcher.cs

@@ -42,6 +42,7 @@ interface ISettings : IReactiveObject
         TimeSpan HighlightDuration { get; set; }
         TimeSpan RefreshInterval { get; set; }
         bool StartImmediately { get; set; }
+        bool ReadAcls { get; set; }
         WindowState WindowState { get; set; }
         Rect WindowPosition { get; set; }
         IDictionary<string, int> ColumnWidths { get; }
@@ -57,6 +58,7 @@ class Settings : ReactiveValidationObject<Settings>, ISettings
         [Reactive] public TimeSpan HighlightDuration { get; set; } = TimeSpan.FromSeconds(4);       // sec
         [Reactive] public TimeSpan RefreshInterval { get; set; } = TimeSpan.FromSeconds(1);         // sec
         [Reactive] public bool StartImmediately { get; set; } = true;
+        [Reactive] public bool ReadAcls { get; set; } = false;
         [Reactive] public WindowState WindowState { get; set; } = WindowState.Normal;
         [Reactive] public Rect WindowPosition { get; set; }
         public ObservableDictionary<string, int> ColumnWidths { get; } = new ObservableDictionary<string, int>();
@@ -100,6 +102,8 @@ private void Load()
                         RefreshInterval = TimeSpan.FromSeconds(interval);
                     if (regKey.GetValue("Start immediately", 1) is int n)
                         StartImmediately = n != 0;
+                    if (regKey.GetValue("Read ACLs", 0) is int n2)
+                        ReadAcls = n2 != 0;
                     if (regKey.GetValue("Window state") is string stateStr && Enum.TryParse<WindowState>(stateStr, true, out var state))
                         WindowState = state;
 
@@ -163,6 +167,7 @@ public async void Save()
                     regKey.SetValue("Highlight duration", (int)HighlightDuration.TotalSeconds, RegistryValueKind.DWord);
                     regKey.SetValue("Refresh interval", (int)RefreshInterval.TotalSeconds, RegistryValueKind.DWord);
                     regKey.SetValue("Start immediately", StartImmediately, RegistryValueKind.DWord);
+                    regKey.SetValue("Read ACLs", ReadAcls, RegistryValueKind.DWord);
                     regKey.SetValue("Window state", WindowState.ToString(), RegistryValueKind.String);
 
                     if (WindowState == WindowState.Normal)

Services/Settings.cs

@@ -54,6 +54,20 @@ public bool StartImmediately
             }
         }
 
+        public bool ReadAcls
+        {
+            get => settings.ReadAcls;
+            set
+            {
+                if (value != settings.ReadAcls)
+                {
+                    this.RaisePropertyChanging();
+                    settings.ReadAcls = value;
+                    this.RaisePropertyChanged();
+                }
+            }
+        }
+
         public int RefreshInterval
         {
             get => (int)settings.RefreshInterval.TotalSeconds;
@@ -145,7 +159,7 @@ public PipeExplorerViewModel()
 
             pipesCache
                 .Connect()
-                .Batch(TimeSpan.FromMilliseconds(300))
+                .Batch(TimeSpan.FromMilliseconds(50))
                 .Filter(this.WhenValueChanged(x => x.QuickFilter).Select(BuildFilter))
                 .AutoRefresh(p => p.Pinned)
                 .Sort(SortExpressionComparer<PipeViewModel>.Ascending(p => p))
@@ -163,7 +177,7 @@ public PipeExplorerViewModel()
                 .Select(v => (ImageSource)App.Current.FindResource(v ? "AppIconActive" : "AppIcon"))
                 .Subscribe(v => AppIcon = v);
 
-            pipesCache.AddOrUpdate(Native.GetPipes().Select(p => new PipeViewModel(p, settings.PinnedNames.Contains(p.Name), false)));
+            pipesCache.AddOrUpdate(Native.GetPipes(ReadAcls).Select(p => new PipeViewModel(p, settings.PinnedNames.Contains(p.Name), false)));
             IsRunning = settings.StartImmediately;
         }