Unable to connect to Named Pipe
-
Hi, I have implemented Client and server applications using Named pipes. Server is written as a Service. This is working fine in admin user mode, Server (service) and client able to communicate properly. where as in a guest user mode , Server is able to start( at the startup service starts automatically). But client not able to connect getting access denied error. Not sure any privilizes have to provide while creating a pipe or creating a file from client. Can any one help me out in this. Nagadravid
-
Hi, I have implemented Client and server applications using Named pipes. Server is written as a Service. This is working fine in admin user mode, Server (service) and client able to communicate properly. where as in a guest user mode , Server is able to start( at the startup service starts automatically). But client not able to connect getting access denied error. Not sure any privilizes have to provide while creating a pipe or creating a file from client. Can any one help me out in this. Nagadravid
I think your OS is Vista! It is so sure, that you cant do think the easy way. You got to create accessable objects in your service. This is a sample from the great Micheal Dunn, which should help you: http://www.codeproject.com/vista-security/PMSurvivalGuide.asp
Greetings from Germany
-
I think your OS is Vista! It is so sure, that you cant do think the easy way. You got to create accessable objects in your service. This is a sample from the great Micheal Dunn, which should help you: http://www.codeproject.com/vista-security/PMSurvivalGuide.asp
Greetings from Germany
Thanks Karstenk. My OS is XP. One thing m not able to understand is if I run server as a normal console application (rather than as a service), even in guest usermode it is working fine. but in case of service it is failing.
-
Thanks Karstenk. My OS is XP. One thing m not able to understand is if I run server as a normal console application (rather than as a service), even in guest usermode it is working fine. but in case of service it is failing.
What account is your service running in the context of? Mark
Mark Salsbery Microsoft MVP - Visual C++ :java:
-
What account is your service running in the context of? Mark
Mark Salsbery Microsoft MVP - Visual C++ :java:
Service is running in Local system account (admin mode). Below are the service creation properties. CreateService( shSCManager, // SCM database m_pServiceName, // name of service m_pServiceName, // service name to display SERVICE_ALL_ACCESS, // desired access SERVICE_WIN32_OWN_PROCESS |SERVICE_INTERACTIVE_PROCESS, // service type SERVICE_AUTO_START, // start type SERVICE_ERROR_CRITICAL, // error control type szServicePath, // path to service's binary NULL, // no load ordering group NULL, // no tag identifier NULL, // no dependencies NULL, // LocalSystem account NULL); There is no dependencies on the service.
-
Thanks Karstenk. My OS is XP. One thing m not able to understand is if I run server as a normal console application (rather than as a service), even in guest usermode it is working fine. but in case of service it is failing.
Hey weird just solved this problem ! with the help of the really cool tool Process Explorer Mine was to do with passing events but the same problems occur. It is todo with Security descriptors. My guess is that you are using CreateNamedPipe HANDLE WINAPI CreateNamedPipe( LPCTSTR lpName, DWORD dwOpenMode, DWORD dwPipeMode, DWORD nMaxInstances, DWORD nOutBufferSize, DWORD nInBufferSize, DWORD nDefaultTimeOut, LPSECURITY_ATTRIBUTES lpSecurityAttributes ); Now my other guess is that your are passing NULL as lpSecurityAttributes. Refering to MSDN "If lpSecurityAttributes is NULL, the pipe gets a default security descriptor" You will not that is doesn't say THE default security descriptor. This is because it creates the pipe with the security descriptor for the user that creates it. This explains your "It works in user mode command-line" but not as a service because the service will be running as SYSTEM. FIRST SOLUTION Pass an empty (DACL) security descriptor which has the behaviour of allowing any user/system process to access your pipe. SECURITY_ATTRIBUTES sa; SECURITY_DESCRIPTOR* psd=(SECURITY_DESCRIPTOR*)new unsigned char[SECURITY_DESCRIPTOR_MIN_LENGTH]; InitializeSecurityDescriptor(psd,SECURITY_DESCRIPTOR_REVISION); SetSecurityDescriptorDacl(psd, TRUE,(PACL)NULL,FALSE); sa.nLength = 0; sa.bInheritHandle = TRUE; sa.lpSecurityDescriptor = psd; Now use "sa" in the call to CreateNamedPipe SECOND MORE SECURE SOLUTION pass a fully filled out security descriptor, have a look at MSDN for an example.
-
Hey weird just solved this problem ! with the help of the really cool tool Process Explorer Mine was to do with passing events but the same problems occur. It is todo with Security descriptors. My guess is that you are using CreateNamedPipe HANDLE WINAPI CreateNamedPipe( LPCTSTR lpName, DWORD dwOpenMode, DWORD dwPipeMode, DWORD nMaxInstances, DWORD nOutBufferSize, DWORD nInBufferSize, DWORD nDefaultTimeOut, LPSECURITY_ATTRIBUTES lpSecurityAttributes ); Now my other guess is that your are passing NULL as lpSecurityAttributes. Refering to MSDN "If lpSecurityAttributes is NULL, the pipe gets a default security descriptor" You will not that is doesn't say THE default security descriptor. This is because it creates the pipe with the security descriptor for the user that creates it. This explains your "It works in user mode command-line" but not as a service because the service will be running as SYSTEM. FIRST SOLUTION Pass an empty (DACL) security descriptor which has the behaviour of allowing any user/system process to access your pipe. SECURITY_ATTRIBUTES sa; SECURITY_DESCRIPTOR* psd=(SECURITY_DESCRIPTOR*)new unsigned char[SECURITY_DESCRIPTOR_MIN_LENGTH]; InitializeSecurityDescriptor(psd,SECURITY_DESCRIPTOR_REVISION); SetSecurityDescriptorDacl(psd, TRUE,(PACL)NULL,FALSE); sa.nLength = 0; sa.bInheritHandle = TRUE; sa.lpSecurityDescriptor = psd; Now use "sa" in the call to CreateNamedPipe SECOND MORE SECURE SOLUTION pass a fully filled out security descriptor, have a look at MSDN for an example.
Thanks Carrivick. I hope it will resolve my problem. Naag
-
Thanks Karstenk. My OS is XP. One thing m not able to understand is if I run server as a normal console application (rather than as a service), even in guest usermode it is working fine. but in case of service it is failing.
As Mark pointed to, it is important to run the service in a spezific account, so an outside program has access rights. Or as in M.Dunn project the objects becomes lower rights so it can accessed. This is all about accounts and access rights, really boring and bad documented stuff.:~
Greetings from Germany
-
Thanks Carrivick. I hope it will resolve my problem. Naag