Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

RpcImpersonateClient: Help?

581 views
Skip to first unread message

Mark J.Hogan

unread,
Apr 29, 1999, 3:00:00 AM4/29/99
to
Help,

I am trying to use RpcImpersonateClient, within a servie, to determine if
the caller has the permissions neccessary to utilize a RPC function call (by
looking up his SID/Username and checking membership in specific groups).

Below is a peice of code that I tried. The API all succeeds, but I get the
following information from the next function calls.

This is while the service is running and the SYSTEM account and interacts
with the desktop.

I am (SYSTEM) NT AUTHORITY\SYSTEM [S-1-5-18]

then ...

Now, I am (SYSTEM) \ []

Who am I at this point and how (or can I) check the calling user's
permissions/group membership?

Thanks,
Mark

//---------------------------------------------------------
GetUserName( szBuffer, &nSize );
GetProcessOwner(getpid(),
szUserName,
szDomainName,
szUserSID);
wsprintf(szTemp, "I am (%s) %s\\%s [%s]", szBuffer, szDomainName,
szUserName, szUserSID);
#if _DEBUG
printf("%s\n", szTemp);
MessageBox(0, szTemp, "SMT Service", 0);
#else
WriteLog(szTemp, 0);
#endif
status = RpcImpersonateClient(Binding);

if (status != RPC_S_OK)
{
return(RPC_S_ACCESS_DENIED);
}

GetUserName( szBuffer, &nSize );
GetProcessOwner(getpid(),
szUserName,
szDomainName,
szUserSID);
wsprintf(szTemp, "Now, I am (%s) %s\\%s [%s]", szBuffer, szDomainName,
szUserName, szUserSID);
#if _DEBUG
printf("%s\n", szTemp);
MessageBox(0, szTemp, "SMT Service", 0);
#else
WriteLog(szTemp, 0);
#endif
//---------------------------------------------------------

Felix Kasza [MVP]

unread,
Apr 29, 1999, 3:00:00 AM4/29/99
to
Mark,

> GetUserName( szBuffer, &nSize );

I'll bet that your second call to GUN() returns an error because you
didn't re-initialize nSize to the buffer size.

Your second GetProcessOwner() call likely fails because the impersonated
user doesn't have permission to open your process (this is an educated
guess, but from your getpid() call I am sure you open the process
instead of using a pre-opened handle).

--

Cheers,

Felix.

If you post a reply, kindly refrain from emailing it, too.
Note to spammers: fel...@mvps.org is my real email address.
No anti-spam address here. Just one comment: IN YOUR FACE!

Mark J.Hogan

unread,
Apr 29, 1999, 3:00:00 AM4/29/99
to
OK,
 
I left some things out of my code that then caused a bogus reply from GetUserName.  So, I added some proper programming techniques such as error checking.  Hey, I am a proof of concept person, not a finished product type of developer.....
 
So, here below is my corrected code and the next section is the output.
But, before we get to that, let me ask this?  If my attempt to get the UserName, Domain, and SID is not done in the correct manner, then what should I do?  If RpcImpersonateClient is returning RPC_S_OK, then who is the service running as at this time?  If it is the calling process (which is an Admin), then why doesn't this work?  How do I check the calling user's rights (group membership) without passing the domain\username to the service?
if (InREXEC->bRunAsSelf)
}
#if _DEBUG
    WriteLog("GetUserName and GetProcessOwner before RpcImpersonateClient", 0);
#endif
    if (!GetUserName( szBuffer, &nSize ))
        DisplayError("GetUserName", TRUE);
    GetProcessOwner(getpid(),  // Calls OpenProcess and then OpenProcessToken
        szUserName,            // to get the Current User's Name, Domain & SID String
        szDomainName,
        szUserSID);
#if _DEBUG

    wsprintf(szTemp, "I am (%s) %s\\%s [%s]", szBuffer, szDomainName, szUserName, szUserSID);
    WriteLog(szTemp, 0);

    printf("%s\n", szTemp);
    MessageBox(0, szTemp, "SMT Service", 0);
#endif
    status = RpcImpersonateClient(Binding);
    if (status != RPC_S_OK)
    {
#if _DEBUG
        DisplayError("RpcImpersonateClient", TRUE);
#endif
        return(RPC_S_ACCESS_DENIED);
    }
#if _DEBUG
    WriteLog("RpcImpersonateClient is RPC_S_OK", 0);
#endif
    nSize = 50+1;
    szBuffer[0] = '\0';
#if _DEBUG
    WriteLog("GetUserName and GetProcessOwner after RpcImpersonateClient", 0);
#endif
    if (!GetUserName( szBuffer, &nSize ))
        DisplayError("GetUserName", TRUE);
    GetProcessOwner(getpid(),
        szUserName,
        szDomainName,
        szUserSID);
#if _DEBUG

    wsprintf(szTemp, "Now, I am (%s) %s\\%s [%s]", szBuffer, szDomainName, szUserName, szUserSID);
    WriteLog(szTemp, 0);

    printf("%s\n", szTemp);
    MessageBox(0, szTemp, "SMT Service", 0);
#endif
    // This thread is now running in the clients security context.
    //
    // The server should now open a file, mutex, event or its own data
    // structure which has an ACL associated with it to check that the
    // client has the right to access the server's protected data.
    //
}
if (MyStart(
    InREXEC->szCommand,
    InREXEC->szWorkingDir,
    InREXEC->szParameters,
    "Nothing",
    0,    //CREATE_SHARED_WOW_VDM,
    0,    //HIGH_PRIORITY_CLASS,
    FALSE,
    SW_SHOW,
    InREXEC->dTimeOut,
    10,
    &InREXEC->dwPID,
    &InREXEC->dwHProcess))
    {
    .....
Output....
 
Thu Apr 29 17:39:20 1999: GetUserName and GetProcessOwner before RpcImpersonateClient
Thu Apr 29 17:39:20 1999: I am (SYSTEM) NT AUTHORITY\SYSTEM [S-1-5-18]
Thu Apr 29 17:39:23 1999: RpcImpersonateClient is RPC_S_OK
Thu Apr 29 17:39:23 1999: GetUserName and GetProcessOwner after RpcImpersonateClient
Thu Apr 29 17:39:24 1999: GetUserName
     Error# 5 - Access is denied.
Thu Apr 29 17:39:25 1999: Error on OpenProcess, PID=283
     Error# 1346 - Either a required impersonation level was not provided, or the provided impersonation level is invalid.
Thu Apr 29 17:39:25 1999: Now, I am () \ []
Thu Apr 29 17:39:26 1999: Running notepad
    From [C:\]
    w/ args []
Thu Apr 29 17:39:26 1999: Error in MyStart: While running notepad From [C:\]
     Error# 2 - The system cannot find the file specified.
0 new messages