Discussion:
named pipes security
(too old to reply)
samintz
2010-08-02 16:22:03 UTC
Permalink
When a server returns from a call to ConnectNamedPipe() is there a way to
retrieve the username of the user who is running the client?

The server does a LookupAccountName() and ConvertSidToStringSid() and then
creates a SDDL string "(A;OICI;GA;;;<sidstring>)" that is passed to
ConvertStringSecurityDescriptorToSecurityDescriptor() to create the security
attributes passed in to the CreateNamedPipe() initially. The
LookupAccountName() gets the the SID of a specific group. The intention
being that only users that are members of that group are allowed to open the
pipe.

That appears to work. I'd like to be able to tell which specific user
opened the pipe. How do I do that?
Paul Baker
2010-09-02 12:37:47 UTC
Permalink
Samintz,

ImpersonateNamedPipeClient() may help you identify the client user:
http://msdn.microsoft.com/en-us/library/aa378618(v=VS.85).aspx

Why do you want to identify the client user if you are using the built in
security by passing an SD to CreateNamedPipe()?

Paul
Post by samintz
When a server returns from a call to ConnectNamedPipe() is there a way to
retrieve the username of the user who is running the client?
The server does a LookupAccountName() and ConvertSidToStringSid() and then
creates a SDDL string "(A;OICI;GA;;;<sidstring>)" that is passed to
ConvertStringSecurityDescriptorToSecurityDescriptor() to create the security
attributes passed in to the CreateNamedPipe() initially. The
LookupAccountName() gets the the SID of a specific group. The intention
being that only users that are members of that group are allowed to open the
pipe.
That appears to work. I'd like to be able to tell which specific user
opened the pipe. How do I do that?
Loading...