Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

AccessCheck() return error with empty security descriptor

Posted on 1997-04-22
1
354 Views
Last Modified: 2013-12-04

The expected way of work of the attached program is the
following:

a) allocate security descriptor
b) initialize security descriptor
   after this all access is allowed.
c) impersonate self in order to get impersonated access
   token.
d) fake call of AccessCheck() in order to get size of
    buffers needed
e) allocating buffers
f) real call of AccessCheck()
g) print returned values
   It should be "Access denied\nGranted access = 7".
h) restore state

The problem is that at (f) error returned
GetLastError() = 1338 "The security descriptor structure is
invalid."

I call IsValidSecurityDescriptor() before AccessCheck() and
it returns true. Setting DACL, Owner and Group to security
descriptor does not help. Converting Security descriptor to
selfrealtive format does not helps too.

The problem is reproducable on both NT 4.0 and NT3.51.

------------ begin of program ----------
<code>
section 1 of uuencode 4.13 of file TST.ZIP    by R.E.M.

begin 644 TST.ZIP
M4$L#!!0````(`(@AER)R*2"*NP<``,(J```%````='-T+F/M6FV/VD80_AXIW
M_V%SIYS,U;G+7=I&"KU6!`RQRLO)F*25*B%CK[G5&1OMFKN\-/^],^L7,*P-7
M*)QZK>(/V*S-L_/R[.S,F&,6NL'"H^27>Q9ZT;TXN_GUZ9/C?%3$'HO6QF9.J
M$$3NVJ`C!.6Q'(1AC_HLI(3PN;^@7'-UIOLUPGS-K7V9<Q;&OG9D6-;`(L_%L
MF^<>?&HUPEUR19Y[?X5'^GC<-KO&>*QK\&QM/.Z:??A&=.W8KR5C&JO5ZE\+A
M4P7WKR[E9-E4Y`N?RS&A';OZL;^$S1#U#HV[CH@-SB.N)8AW$?-(_D/WQN'D9
ME+BA3M)+?Z%G5TPG011.2<#TUH>!U2*4NU'MZ1-"ON`'(=WK]P.S169B6D>[Q
MX%`[XC,G[E$AG"G5V@.KU[#'/6,X;'2,<:/;'30;MC%^.VJW#8O\3=8>:%N#[
MWGCXY]`V>GJ"5SCZHVY7-8YRJ<9[C=^-;J/?,5L:GL9]8V1;C:Y.AJ.W<J!E;
MM!NCKEW3"3D_)2WJ.XL@)H$33A<@/CD]5X!JW6M[:%LU<@)ZJV9]62:Z8KA6"
M3P8SUGQ@X:M+LL&=HA\EC^#&D0XN`N>`RZ0%4F_60*X,MQNY3M#FE&KH)9AN%
M=7)0&6^1^(:2R<+W*3_;$#`Q09&)(F,BVX>+3-(O)>#,8:$&5`(BG9^^.,"!U
M<H(^X$,W<#@E#O'I/=`7U"=W#F?.)*!B0SO5D2"]>/$#PE[@A[RZS*]>Y5<_2
MYE<_Y5<_YU>O,_I<#XWFR#+M/X%OPZ9E7MO@7>'5<R_L)!.>WPX&W8V;$^[6`
M]T8"NN')9]F/"\<YKOX03,=IO.`A<2,(@M5(2AR)5(%11'K7Z+>Z!G'<^%8M1
MD^.Z$%A('-W2L!(I"5?$8TZ)=AX5C%,O0]R*-.5E2'!G%N^"E/J.B2E7(S&1.
M@0!FB)A^X$P52-?7EOD>5A<$S*%A0^P0<;V`!-'DC@74@Q`F:+Q=.T00GS>D0
MVD02[#.M1/+4-,#@*A_8@4\=HV]89G/<:UQ?F_T.F<[J1:0I#3ES(83,%3-EE
M2(>-*NX-=6_)W`%?TQB"''%"#XC/XIUCR^&C"BY=V`E>*I>=Y!/*)Y^JD`G/M
MN.``";>H$F8B4M7BRY"02-N1UDB5;#UK2-/968>&%!QM4<?#D2MR45]!PE\RT
MCX8QBS\A%^8LG!9FVT3ZP%E,)=+E-R(9'ZF[`*PK\N,W(C6"@"3:O=X;Z;`<M
M;V#:NR2V,Q%1@#H*4)6C&!`S7<[F<<2)^C@\QX4'AM%4^V<M2=,UQ:UQS^R/M
MNT:_8[_+TB#F$PU)2:ZN`+.FX*5/9G06\4_DWA$DC$!_A'<P"A<\]Z5$]QQI)
M0J<L))%/)O#[VQ(K)5=I^7"A5RNA)ZIB[B9WTWG$XP+.-(HCR(&#2<D.E=SF:
ME7[#\]=MNM'02PQ%2RR5(4UD:#*!1\P)8,\8IAQJY132A*=4VS+>FT-ST%_U6
MW#.`6_=9+A,\4*7;0WDNK<8N]"HEBRY;$?-?\UT%5-%WQ!3O02M/Z;E4K[(CY
MSPP?O>_*="QU''F\OCOL;F#.YI#G1"&L:Z@/.>[!N#5,:74BH)#I<+M!&E66Z
MD@UIX&N9]Y;C+`I3![(5+58M_OB9652RBH\JI#0W?'&A9B9F%U6)H8KCEYM0D
M&<?#""1SHSL*FT(B6^!,:%!`VH7CU59?8<'58$Y#6[+21A9J'1HW%YQ#OI2,F
M:C7='OQN]+'C-&XTF\9PJ-O6R-!/,-?]S^PM:VKNRX+'%9_PC`4Y\++7^,/L`
MC7JR'_C!:-672#+U]%AY<9XA]9QYFD'W''&KG2"R?C*=)1TN0,+R<`:W2N4^$
M?,R<9A4R^%E=XV`(E>D28:JR_`%B9E+:E]6)F<4WZ_I-BW_/"_Z;>0&>4]\U2
MY()J8C,#\^\5I*U%GK(5GAP84O4<:><>G5(E7,:GYVOQ02]IV54@0230<U#L"
M&-&T9;112&^32;YSR)%@JU.O;+&8SP-&O2J9DK6H)TARR864>EF%N8=,)]B.#
MU'/MTF[AU@ZD"@G;D7G,W+D#F;P.2Q:Q,B]`PHF;:!%XL`2)[P2BI&_H26867
MWV_45Y$PJ`9P;^M^AU%%OC@9F_WAJ-TVFZ;1M[-73<^N<*I:,;R`OE%\`]Z#&
MCW"?J)+X/(XB(K`X+Y5IY6W)A0[SZRLK\.%V\QO89H+2_NK6J)*;Y^QL\WW0K
M*E+:[=.*_>BL,Y.P/=4RV?0*OLKZ,?A<<2?XU_LQZ4)5]5VVYZ>/K1]S^!P']
M)[A?!IS*+$NMW4/4A=\SD^^9R=KQ_\Y,,$HMM:MZJ;(-Z7^4F3SZ%;R6`3SRJ
MO66'%3Q?Q$)#9_UVU"BXZ.A--N#1$%+CH[(@O,PGDC_!=(JTN2+/_\!_3<D_I
M1B&_JH)Y_H9-&N*CTDXKEOJHKL.72&CJ-ULLM=;R*I6IJBNW3U\.U=HF$RI6W
M(=)F)O:L,A.3R<5:"K:&=,CUXN,_EJ0XTM7X%838R-2X^\M+';)JO"\7TSYK*
M:??LJDQYE0UE?W$="1Z07$[W'H2+YC0,<["'L&&RLS:#2-!WLB#0DMYGBB1OC
ME)0*:TAY],+`JJ\@[I@:[VGQ"E,5LP:+WD$5:D?R-4"Q:ER$7I1W_P/V6;X4I
M4,E4U&T5<;^\7[;(*Q9ETCLH;9,799)_DJD_??+UZ9-_`%!+`0(4"Q0````(.
M`(@AER)R*2"*NP<``,(J```%``````````$`(`"V@0````!T<W0N8U!+!08`\
1`````0`!`#,```#>!P``````R
``
end
sum -r/size 48793/2950 section (from "begin" to "end")
sum -r/size 18333/2087 entire input file

</code>
------------ end of program-------------
0
Comment
Question by:const
1 Comment
 
LVL 15

Accepted Solution

by:
NickRepin earned 200 total points
ID: 1334735
Try to use this instead of InitializeSecurityDescriptor (insert this code before call to AccessCheck). It's work!

brc=CreatePrivateObjectSecurity(
    NULL,      // address of parent directory SD
    NULL,      // address of creator SD
    &sd,      // address of pointer to new SD
    FALSE,      // container flag for new SD
    actk,      // handle of client's access token
    &gm       // address of access-rights structure
   );

See also Q102447 in http://www.microsoft.com/kb/articles/q102/4/47.htm
0

Featured Post

Networking for the Cloud Era

Join Microsoft and Riverbed for a discussion and demonstration of enhancements to SteelConnect:
-One-click orchestration and cloud connectivity in Azure environments
-Tight integration of SD-WAN and WAN optimization capabilities
-Scalability and resiliency equal to a data center

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

With most software applications trying to cater to multiple user needs nowadays, the focus is to make them as configurable as possible. For e.g., when creating Silverlight applications which will connect to WCF services, the service end point usuall…
Whether you've completed a degree in computer sciences or you're a self-taught programmer, writing your first lines of code in the real world is always a challenge. Here are some of the most common pitfalls for new programmers.
This is Part 3 in a 3-part series on Experts Exchange to discuss error handling in VBA code written for Excel. Part 1 of this series discussed basic error handling code using VBA. http://www.experts-exchange.com/videos/1478/Excel-Error-Handlin…

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question