Add functions to windows-utils for checking named pipe ownership

Author: dlon

Cargo.lock

@@ -19,3 +19,5 @@ path = "windows-utils-rs/lib.rs"
 neon = "1"
 windows = { version = "0.59.0", features = ["Win32", "Win32_UI", "Win32_UI_Shell", "Win32_System", "Win32_System_Com", "Win32_Storage_FileSystem"] }
 thiserror = { workspace = true }
+
+talpid-windows = { path = "../../../talpid-windows" }

desktop/packages/windows-utils/Cargo.toml

@@ -7,6 +7,7 @@ import * as addon from './load.cjs';
 // which otherwise by default are `any`.
 declare module './load.cjs' {
   function readShortcut(linkPath: string): string | null;
+  function pipeIsAdminOwned(pipePath: string): boolean;
 }
 
 /**
@@ -16,3 +17,11 @@ declare module './load.cjs' {
 export function readShortcut(linkPath: string): string | null {
   return addon.readShortcut(linkPath);
 }
+
+/**
+ * Return whether a named pipe is owned by the admin or SYSTEM account.
+ * @param pipePath path to a named pipe.
+ */
+export function pipeIsAdminOwned(pipePath: string): boolean {
+  return addon.pipeIsAdminOwned(pipePath);
+}

desktop/packages/windows-utils/src/index.cts

@@ -0,0 +1,35 @@
+use std::io;
+use std::path::Path;
+
+use neon::prelude::{Context, FunctionContext};
+use neon::result::JsResult;
+use neon::types::{JsString, JsValue, Value};
+
+#[derive(thiserror::Error, Debug)]
+enum Error {
+    /// Failed to open the provided file
+    #[error("Failed to open named pipe")]
+    OpenPipe(#[source] io::Error),
+
+    /// Failed to check pipe ownership (GetSecurityInfo)
+    #[error("Failed to check named pipe ownership (GetSecurityInfo failed)")]
+    CheckPermissions(#[source] io::Error),
+}
+
+pub fn pipe_is_admin_owned(mut cx: FunctionContext<'_>) -> JsResult<'_, JsValue> {
+    let link_path = cx.argument::<JsString>(0)?.value(&mut cx);
+
+    match pipe_is_admin_owned_inner(link_path) {
+        Ok(is_admin_owned) => Ok(cx.boolean(is_admin_owned).as_value(&mut cx)),
+        Err(err) => cx.throw_error(format!("Failed to get pipe ownership: {err}")),
+    }
+}
+
+fn pipe_is_admin_owned_inner<P: AsRef<Path>>(path: P) -> Result<bool, Error> {
+    let client = std::fs::File::options()
+        .read(true)
+        .open(path)
+        .map_err(Error::OpenPipe)?;
+
+    talpid_windows::fs::is_admin_owned(client).map_err(Error::CheckPermissions)
+}

desktop/packages/windows-utils/windows-utils-rs/fs.rs

@@ -2,11 +2,13 @@
 
 use neon::{prelude::ModuleContext, result::NeonResult};
 
+mod fs;
 mod shortcut;
 
 #[neon::main]
 fn main(mut cx: ModuleContext<'_>) -> NeonResult<()> {
     cx.export_function("readShortcut", shortcut::read_shortcut)?;
+    cx.export_function("pipeIsAdminOwned", fs::pipe_is_admin_owned)?;
 
     Ok(())
 }