?
Solved

Named Pipe Security for Domain Users only...

Posted on 2004-04-29
5
Medium Priority
?
991 Views
Last Modified: 2008-02-01
I am creating a named pipe that I want to allow only domain users to access.  I have posted the code below that I am using.  When I run the application there are no exceptions, everything appears to run normally.  However, when I try to create a client for the named pipe, I always get and ERROR_ACCESS_DENIED Win32 error code.  If I create the security descriptor with a NULL ACL the application works properly.

Hopefully someone can help.

SID_IDENTIFIER_AUTHORITY      SIDDomainAuth = SECURITY_NT_AUTHORITY;            // The domain users authority
int            nSize;                                                // The size of the ACL

// Allocate memory for the security descriptor
m_pSD = (PSECURITY_DESCRIPTOR)LocalAlloc(LPTR,SECURITY_DESCRIPTOR_MIN_LENGTH);

// Check for allocation failure
if (m_pSD == NULL)
      ThrowPipeException("Failed to allocate memory for the security descriptor.",false);

// Initialize the security descriptor
if (!InitializeSecurityDescriptor(m_pSD, SECURITY_DESCRIPTOR_REVISION))
      ThrowPipeException("Failed to initialize the security descriptor.");

//      m_pACL = NULL;

// Allocate memory for the ACL
m_pACL = (PACL)LocalAlloc(LPTR,sizeof(ACL));

// Allocate and initialize a domain SID
if (!AllocateAndInitializeSid(&SIDDomainAuth,1,DOMAIN_GROUP_RID_USERS,0,0,0,0,0,0,0,&m_pSIDDomain))
      ThrowPipeException("Failed to allocate a domain user SID.");

// Calculate the size of the ACL
nSize = sizeof(ACL);
nSize += (sizeof(ACCESS_ALLOWED_ACE) - sizeof (DWORD) + GetLengthSid(m_pSIDDomain));

// Initialize the ACL
if (!InitializeAcl(m_pACL,nSize,ACL_REVISION))
      ThrowPipeException("Failed to initialize the ACL.");

// Add the appropriate access for the domain users
if (!AddAccessAllowedAce(m_pACL,ACL_REVISION,FILE_ALL_ACCESS,m_pSIDDomain))
      ThrowPipeException("Failed to grant access to domain users.");

// Check to make sure the ACL is valid
if (!IsValidAcl(m_pACL))
      ThrowPipeException("Invalid ACL.");

// Set the security descriptor's SACL
if (!SetSecurityDescriptorDacl(m_pSD,TRUE,m_pACL,FALSE))
      ThrowPipeException("Failed to set the security descriptor DACL.");

// Check to make sure the security descriptor is valid
if (!IsValidSecurityDescriptor(m_pSD))
      ThrowPipeException("Invalid security descriptor.");

// Initialize the security attributes
m_SA.nLength = sizeof(m_SA);
m_SA.lpSecurityDescriptor = m_pSD;
m_SA.bInheritHandle = FALSE;
0
Comment
Question by:stu_pb
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
5 Comments
 
LVL 86

Expert Comment

by:jkr
ID: 10952692
Shouldn't that be

// Allocate and initialize a domain SID
if (!AllocateAndInitializeSid(&SIDDomainAuth,2,SECURITY_BUILTIN_DOMAIN_RID,DOMAIN_GROUP_RID_USERS,0,0,0,0,0,0,&m_pSIDDomain))

?
0
 
LVL 3

Author Comment

by:stu_pb
ID: 10952803
I gave this a try and still no luck, is this method documented anywhere that I can look?
0
 
LVL 86

Accepted Solution

by:
jkr earned 1000 total points
ID: 10952918
Hm, I'd recommend http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnsecure/html/msdn_seccpp.asp ("Windows NT Security in Theory and Practice") and http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnsecure/html/msdn_secguts.asp ("The Guts of Security") in particular as starting points (both come with source code).
0

Featured Post

Want to be a Web Developer? Get Certified Today!

Enroll in the Certified Web Development Professional course package to learn HTML, Javascript, and PHP. Build a solid foundation to work toward your dream job!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will show you some of the more useful Standard Template Library (STL) algorithms through the use of working examples.  You will learn about how these algorithms fit into the STL architecture, how they work with STL containers, and why t…
IntroductionThis article is the second in a three part article series on the Visual Studio 2008 Debugger.  It provides tips in setting and using breakpoints. If not familiar with this debugger, you can find a basic introduction in the EE article loc…
The goal of the video will be to teach the user the concept of local variables and scope. An example of a locally defined variable will be given as well as an explanation of what scope is in C++. The local variable and concept of scope will be relat…
The viewer will learn additional member functions of the vector class. Specifically, the capacity and swap member functions will be introduced.
Suggested Courses

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question