Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

CreateNamedPipe Security ID Structure Problem

78 views
Skip to first unread message

mikes

unread,
Jul 11, 2007, 2:44:06 PM7/11/07
to
I have a service application that communicates with client applications
through a named pipe which it opens. Initially the code used the default
secuity attribute (NULL parameter) when it created a named pipe using the
CreateNamedPipe function. The default secuity attribute proved to be a
problem since client applications with non-administrator users could not
connect to the named pipe. So I modified the service applicaiton code so
that it supplies a custom secuity attribute to the CreateNamedPipe function
which opens the pipe for read/write for all authenticated users. This worked
great on Windows 2003 and Window XP machines, but on Windows 2000 machines
the service application gets "The security ID structure is invalid" errors
every time the CreateNamedPipe function is run.

Any idea why this is happening? How can I fix this problem?

Mike

William DePalo [MVP VC++]

unread,
Jul 11, 2007, 8:42:02 PM7/11/07
to
"mikes" <mi...@discussions.microsoft.com> wrote in message
news:AF95BE3F-A84F-4137...@microsoft.com...

> So I modified the service applicaiton code so
> that it supplies a custom secuity attribute to the
> CreateNamedPipe function which opens the pipe for
> read/write for all authenticated users. This worked
> great on Windows 2003 and Window XP machines,
> but on Windows 2000 machines the service application
> gets "The security ID structure is invalid" errors
> every time the CreateNamedPipe function is run.
>
> Any idea why this is happening? How can I fix this problem?

The devil is in the details. You'll need to show some code, preferably in
the kernel group.

Something like this (up to the casts) which I typed without benefit of
compilation should do the trick:

BYTE sd[SECURITY_DESCRIPTOR_MIN_LENGTH];
SECURITY_ATTRIBUTES sa;

InitializeSecurityDescriptor(&sd, SECURITY_DESCRIPTOR_REVISION);
SetSecurityDescriptorDacl(&sd, TRUE, 0, FALSE);

sa.nLength = sizeof(sa);
sa.bInheritHandle = TRUE;
sa.lpSecurityDescriptor = &sd;

CreateNamedPipe(..., &sa);

Regards,
Will


mikes

unread,
Jul 12, 2007, 1:12:06 PM7/12/07
to
The code that did not work was setting specific security for diffent types of
user and I think that's what was causing the problem on Windows 2000. I had
seen another posting yesterday that had the same code that you suggested and
when I tried it my application the problems on Windows 2000 machines went
away. So that's what I am going with.

Thanks for your help.

Mike

William DePalo [MVP VC++]

unread,
Jul 12, 2007, 8:41:56 PM7/12/07
to
"mikes" <mi...@discussions.microsoft.com> wrote in message
news:53B8BFC2-1636-4421...@microsoft.com...

> I had seen another posting yesterday that had the same code
> that you suggested and when I tried it my application the problems on
> Windows 2000 machines went away. So that's what I am going with.

OK. The reason I asked to see some code is that your old approach may be
more secure in that what I posted makes the pipe available to just about any
authenticated user.

> Thanks for your help.

You are welcome.

Regards,
Will


0 new messages