stu_pb
asked on
Named Pipe Security for Domain Users only...
I am creating a named pipe that I want to allow only domain users to access. I have posted the code below that I am using. When I run the application there are no exceptions, everything appears to run normally. However, when I try to create a client for the named pipe, I always get and ERROR_ACCESS_DENIED Win32 error code. If I create the security descriptor with a NULL ACL the application works properly.
Hopefully someone can help.
SID_IDENTIFIER_AUTHORITY SIDDomainAuth = SECURITY_NT_AUTHORITY; // The domain users authority
int nSize; // The size of the ACL
// Allocate memory for the security descriptor
m_pSD = (PSECURITY_DESCRIPTOR)Loca lAlloc(LPT R,SECURITY _DESCRIPTO R_MIN_LENG TH);
// Check for allocation failure
if (m_pSD == NULL)
ThrowPipeException("Failed to allocate memory for the security descriptor.",false);
// Initialize the security descriptor
if (!InitializeSecurityDescri ptor(m_pSD , SECURITY_DESCRIPTOR_REVISI ON))
ThrowPipeException("Failed to initialize the security descriptor.");
// m_pACL = NULL;
// Allocate memory for the ACL
m_pACL = (PACL)LocalAlloc(LPTR,size of(ACL));
// Allocate and initialize a domain SID
if (!AllocateAndInitializeSid (&SIDDomai nAuth,1,DO MAIN_GROUP _RID_USERS ,0,0,0,0,0 ,0,0,&m_pS IDDomain))
ThrowPipeException("Failed to allocate a domain user SID.");
// Calculate the size of the ACL
nSize = sizeof(ACL);
nSize += (sizeof(ACCESS_ALLOWED_ACE ) - sizeof (DWORD) + GetLengthSid(m_pSIDDomain) );
// Initialize the ACL
if (!InitializeAcl(m_pACL,nSi ze,ACL_REV ISION))
ThrowPipeException("Failed to initialize the ACL.");
// Add the appropriate access for the domain users
if (!AddAccessAllowedAce(m_pA CL,ACL_REV ISION,FILE _ALL_ACCES S,m_pSIDDo main))
ThrowPipeException("Failed to grant access to domain users.");
// Check to make sure the ACL is valid
if (!IsValidAcl(m_pACL))
ThrowPipeException("Invali d ACL.");
// Set the security descriptor's SACL
if (!SetSecurityDescriptorDac l(m_pSD,TR UE,m_pACL, FALSE))
ThrowPipeException("Failed to set the security descriptor DACL.");
// Check to make sure the security descriptor is valid
if (!IsValidSecurityDescripto r(m_pSD))
ThrowPipeException("Invali d security descriptor.");
// Initialize the security attributes
m_SA.nLength = sizeof(m_SA);
m_SA.lpSecurityDescriptor = m_pSD;
m_SA.bInheritHandle = FALSE;
Hopefully someone can help.
SID_IDENTIFIER_AUTHORITY SIDDomainAuth = SECURITY_NT_AUTHORITY; // The domain users authority
int nSize; // The size of the ACL
// Allocate memory for the security descriptor
m_pSD = (PSECURITY_DESCRIPTOR)Loca
// Check for allocation failure
if (m_pSD == NULL)
ThrowPipeException("Failed
// Initialize the security descriptor
if (!InitializeSecurityDescri
ThrowPipeException("Failed
// m_pACL = NULL;
// Allocate memory for the ACL
m_pACL = (PACL)LocalAlloc(LPTR,size
// Allocate and initialize a domain SID
if (!AllocateAndInitializeSid
ThrowPipeException("Failed
// Calculate the size of the ACL
nSize = sizeof(ACL);
nSize += (sizeof(ACCESS_ALLOWED_ACE
// Initialize the ACL
if (!InitializeAcl(m_pACL,nSi
ThrowPipeException("Failed
// Add the appropriate access for the domain users
if (!AddAccessAllowedAce(m_pA
ThrowPipeException("Failed
// Check to make sure the ACL is valid
if (!IsValidAcl(m_pACL))
ThrowPipeException("Invali
// Set the security descriptor's SACL
if (!SetSecurityDescriptorDac
ThrowPipeException("Failed
// Check to make sure the security descriptor is valid
if (!IsValidSecurityDescripto
ThrowPipeException("Invali
// Initialize the security attributes
m_SA.nLength = sizeof(m_SA);
m_SA.lpSecurityDescriptor = m_pSD;
m_SA.bInheritHandle = FALSE;
ASKER
I gave this a try and still no luck, is this method documented anywhere that I can look?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
// Allocate and initialize a domain SID
if (!AllocateAndInitializeSid
?