Named Pipes access accross network
-
Hi, I have created a Named Pipe with a NULL DACL security descriptor to allow everyone to access the pipe on a server application and have also created a client application to connect to it. All works fine if client and server are on the same machine but i get a 0x0000052e Logon failure: unknown user name or bad password. When using a remote client. Anybody shed some light on this will be appreciated. Ceri
-
Hi, I have created a Named Pipe with a NULL DACL security descriptor to allow everyone to access the pipe on a server application and have also created a client application to connect to it. All works fine if client and server are on the same machine but i get a 0x0000052e Logon failure: unknown user name or bad password. When using a remote client. Anybody shed some light on this will be appreciated. Ceri
If you specify NULL as DACL, the named pipe gets a default security descriptor. The ACLs in the default security descriptor for a named pipe grant full control to the LocalSystem account, administrators, and the creator owner. They also grant read access to members of the Everyone group and the anonymous account. So check if u can communicate with client machine with administartor rights. Else set named pipe's security descriptor by calling the SetSecurityInfo function. Chill, The chosen One :)
-
If you specify NULL as DACL, the named pipe gets a default security descriptor. The ACLs in the default security descriptor for a named pipe grant full control to the LocalSystem account, administrators, and the creator owner. They also grant read access to members of the Everyone group and the anonymous account. So check if u can communicate with client machine with administartor rights. Else set named pipe's security descriptor by calling the SetSecurityInfo function. Chill, The chosen One :)
No, that is incorrect. That's true if you specify NULL for the lpSecurityAttributes to CreateNamedPipe. I am creating a security attribute structure but the DACL for the security descriptor is NULL - see below
SECURITY_ATTRIBUTES saPipeSecurity; PSECURITY_DESCRIPTOR pPipeSD = NULL; // security inits memset ( ( VOID *) &saPipeSecurity, 0, sizeof ( SECURITY_ATTRIBUTES) ); // alloc & init SD if ( ! ( pPipeSD = ( PSECURITY_DESCRIPTOR) ( malloc ( SECURITY_DESCRIPTOR_MIN_LENGTH)) ) ) return FALSE; if ( ! InitializeSecurityDescriptor ( pPipeSD, SECURITY_DESCRIPTOR_REVISION) ) return FALSE; // set NULL DACL on the SD if ( ! SetSecurityDescriptorDacl ( pPipeSD, TRUE, ( PACL) NULL, FALSE) ) return FALSE; // now set up the security attributes saPipeSecurity.nLength = sizeof ( SECURITY_ATTRIBUTES); saPipeSecurity.bInheritHandle = TRUE; saPipeSecurity.lpSecurityDescriptor = pPipeSD; HANDLE hPipe = CreateNamedPipe("\\\\.\\pipe\\PipeTest",PIPE_ACCESS_INBOUND ,PIPE_TYPE_BYTE,PIPE_UNLIMITED_INSTANCES,4086,4086,20000,&saPipeSecurity);