Re: Basic security question

From: Ivan Brugiolo [MSFT] (ivanbrug_at_online.microsoft.com)
Date: 06/18/04 

Date: Fri, 18 Jun 2004 10:12:33 -0700

Any "remote" call that goes through RPC follows the RPC security model.
RPC uses a function, called RpcStringBindingCompose, either directly,
or through an internal function associated with each type of binding handle.
Most of the "old" NtLanMan style of remotable/remoted APIs
uses Network-Named-Pipes as the transport, SNEGO as the Authentication
Service,
PKT_PRIVACY as the authentication level, and Identity Tracking.
Given the combination of all these factors,
unless you have run someting like "net use \\machinename\IPC$",
the APIs will use the identity of the current thread
to perform the remote RCP call.
Basically, you can set a breakpoint in RpcStringBindingCompose
and RpcBindingSetAuthInfoEx and you will get all the real params. 

-- 
This posting is provided "AS IS" with no warranties, and confers no rights.
Use of any included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm
"Rob Bolton" <_nospam@_nospam.com> wrote in message
news:Oa5RqiMVEHA.1292@TK2MSFTNGP10.phx.gbl...
> Hi there. I'm very familiar with the basic Windows security model in
> general, but can someone set me straight on what account is used to
process
> a (non-COM) call to a remote machine? For instance, if I call any given
API
> function that takes a machine name argument, such as
"RegConnectRegistry()"
> or "OpenSCManager()" among others, what account does this processing
> actually occur under on that machine? Also, how am I authenticated? Any
> links would be appreciated as well. Thanks.
>
>

Relevant Pages

  • Re: Basic security question
    ... Any "remote" call that goes through RPC follows the RPC security model. ... you can set a breakpoint in RpcStringBindingCompose ...
    (microsoft.public.win32.programmer.wmi)
  • Re: Basic security question
    ... Any "remote" call that goes through RPC follows the RPC security model. ... you can set a breakpoint in RpcStringBindingCompose ...
    (microsoft.public.vc.language)
  • temporary fix for Windows rebooting with RPC message
    ... A possible temporary fix for the rebooting Windows machine with the RPC ... Remote Access Auto Connection Manager ... First select the Remote Access Connection Manager with the secondary ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Exchange 2003 with 3 locations...
    ... I have not studied the rpc over http bandwidth consumption before. ... >> 200 users is a lot for the full client on a T1 even with cached mode. ... >> Might want to look into mailbox servers at the remote sites... ... >> Windows Server MVP ...
    (microsoft.public.exchange2000.general)
  • Re: Remote procedure call
    ... run the "Remote Procedure Call" service despite the fact that I don't allow anybody access to my computer via remote help? ... John, thanks for replying. ... Yes, I'm aware that RPC handles calls between processes and services, but it seems to me that inner-computer calls could be handled discretely from inter-computer calls. ... NT systems are client/server systems, a process that makes a request to another process is a client and the process that responds to the request is a server, the the interprocess communication can be local or across a network, they're all client/server transactions. ...
    (microsoft.public.windowsxp.general)