Solved

AccessCheck() return error with empty security descriptor

Posted on 1997-04-22
1
360 Views
Last Modified: 2013-12-04

The expected way of work of the attached program is the
following:

a) allocate security descriptor
b) initialize security descriptor
   after this all access is allowed.
c) impersonate self in order to get impersonated access
   token.
d) fake call of AccessCheck() in order to get size of
    buffers needed
e) allocating buffers
f) real call of AccessCheck()
g) print returned values
   It should be "Access denied\nGranted access = 7".
h) restore state

The problem is that at (f) error returned
GetLastError() = 1338 "The security descriptor structure is
invalid."

I call IsValidSecurityDescriptor() before AccessCheck() and
it returns true. Setting DACL, Owner and Group to security
descriptor does not help. Converting Security descriptor to
selfrealtive format does not helps too.

The problem is reproducable on both NT 4.0 and NT3.51.

------------ begin of program ----------
<code>
section 1 of uuencode 4.13 of file TST.ZIP    by R.E.M.

begin 644 TST.ZIP
M4$L#!!0````(`(@AER)R*2"*NP<``,(J```%````='-T+F/M6FV/VD80_AXIW
M_V%SIYS,U;G+7=I&"KU6!`RQRLO)F*25*B%CK[G5&1OMFKN\-/^],^L7,*P-7
M*)QZK>(/V*S-L_/R[.S,F&,6NL'"H^27>Q9ZT;TXN_GUZ9/C?%3$'HO6QF9.J
M$$3NVJ`C!.6Q'(1AC_HLI(3PN;^@7'-UIOLUPGS-K7V9<Q;&OG9D6-;`(L_%L
MF^<>?&HUPEUR19Y[?X5'^GC<-KO&>*QK\&QM/.Z:??A&=.W8KR5C&JO5ZE\+A
M4P7WKR[E9-E4Y`N?RS&A';OZL;^$S1#U#HV[CH@-SB.N)8AW$?-(_D/WQN'D9
ME+BA3M)+?Z%G5TPG011.2<#TUH>!U2*4NU'MZ1-"ON`'(=WK]P.S169B6D>[Q
MX%`[XC,G[E$AG"G5V@.KU[#'/6,X;'2,<:/;'30;MC%^.VJW#8O\3=8>:%N#[
MWGCXY]`V>GJ"5SCZHVY7-8YRJ<9[C=^-;J/?,5L:GL9]8V1;C:Y.AJ.W<J!E;
MM!NCKEW3"3D_)2WJ.XL@)H$33A<@/CD]5X!JW6M[:%LU<@)ZJV9]62:Z8KA6"
M3P8SUGQ@X:M+LL&=HA\EC^#&D0XN`N>`RZ0%4F_60*X,MQNY3M#FE&KH)9AN%
M=7)0&6^1^(:2R<+W*3_;$#`Q09&)(F,BVX>+3-(O)>#,8:$&5`(BG9^^.,"!U
M<H(^X$,W<#@E#O'I/=`7U"=W#F?.)*!B0SO5D2"]>/$#PE[@A[RZS*]>Y5<_2
MYE<_Y5<_YU>O,_I<#XWFR#+M/X%OPZ9E7MO@7>'5<R_L)!.>WPX&W8V;$^[6`
M]T8"NN')9]F/"\<YKOX03,=IO.`A<2,(@M5(2AR)5(%11'K7Z+>Z!G'<^%8M1
MD^.Z$%A('-W2L!(I"5?$8TZ)=AX5C%,O0]R*-.5E2'!G%N^"E/J.B2E7(S&1.
M@0!FB)A^X$P52-?7EOD>5A<$S*%A0^P0<;V`!-'DC@74@Q`F:+Q=.T00GS>D0
MVD02[#.M1/+4-,#@*A_8@4\=HV]89G/<:UQ?F_T.F<[J1:0I#3ES(83,%3-EE
M2(>-*NX-=6_)W`%?TQB"''%"#XC/XIUCR^&C"BY=V`E>*I>=Y!/*)Y^JD`G/M
MN.``";>H$F8B4M7BRY"02-N1UDB5;#UK2-/968>&%!QM4<?#D2MR45]!PE\RT
MCX8QBS\A%^8LG!9FVT3ZP%E,)=+E-R(9'ZF[`*PK\N,W(C6"@"3:O=X;Z;`<M
M;V#:NR2V,Q%1@#H*4)6C&!`S7<[F<<2)^C@\QX4'AM%4^V<M2=,UQ:UQS^R/M
MNT:_8[_+TB#F$PU)2:ZN`+.FX*5/9G06\4_DWA$DC$!_A'<P"A<\]Z5$]QQI)
M0J<L))%/)O#[VQ(K)5=I^7"A5RNA)ZIB[B9WTWG$XP+.-(HCR(&#2<D.E=SF:
ME7[#\]=MNM'02PQ%2RR5(4UD:#*!1\P)8,\8IAQJY132A*=4VS+>FT-ST%_U6
MW#.`6_=9+A,\4*7;0WDNK<8N]"HEBRY;$?-?\UT%5-%WQ!3O02M/Z;E4K[(CY
MSPP?O>_*="QU''F\OCOL;F#.YI#G1"&L:Z@/.>[!N#5,:74BH)#I<+M!&E66Z
MD@UIX&N9]Y;C+`I3![(5+58M_OB9652RBH\JI#0W?'&A9B9F%U6)H8KCEYM0D
M&<?#""1SHSL*FT(B6^!,:%!`VH7CU59?8<'58$Y#6[+21A9J'1HW%YQ#OI2,F
M:C7='OQN]+'C-&XTF\9PJ-O6R-!/,-?]S^PM:VKNRX+'%9_PC`4Y\++7^,/L`
MC7JR'_C!:-672#+U]%AY<9XA]9QYFD'W''&KG2"R?C*=)1TN0,+R<`:W2N4^$
M?,R<9A4R^%E=XV`(E>D28:JR_`%B9E+:E]6)F<4WZ_I-BW_/"_Z;>0&>4]\U2
MY()J8C,#\^\5I*U%GK(5GAP84O4<:><>G5(E7,:GYVOQ02]IV54@0230<U#L"
M&-&T9;112&^32;YSR)%@JU.O;+&8SP-&O2J9DK6H)TARR864>EF%N8=,)]B.#
MU'/MTF[AU@ZD"@G;D7G,W+D#F;P.2Q:Q,B]`PHF;:!%XL`2)[P2BI&_H26867
MWV_45Y$PJ`9P;^M^AU%%OC@9F_WAJ-TVFZ;1M[-73<^N<*I:,;R`OE%\`]Z#&
MCW"?J)+X/(XB(K`X+Y5IY6W)A0[SZRLK\.%V\QO89H+2_NK6J)*;Y^QL\WW0K
M*E+:[=.*_>BL,Y.P/=4RV?0*OLKZ,?A<<2?XU_LQZ4)5]5VVYZ>/K1]S^!P']
M)[A?!IS*+$NMW4/4A=\SD^^9R=KQ_\Y,,$HMM:MZJ;(-Z7^4F3SZ%;R6`3SRJ
MO66'%3Q?Q$)#9_UVU"BXZ.A--N#1$%+CH[(@O,PGDC_!=(JTN2+/_\!_3<D_I
M1B&_JH)Y_H9-&N*CTDXKEOJHKL.72&CJ-ULLM=;R*I6IJBNW3U\.U=HF$RI6W
M(=)F)O:L,A.3R<5:"K:&=,CUXN,_EJ0XTM7X%838R-2X^\M+';)JO"\7TSYK*
M:??LJDQYE0UE?W$="1Z07$[W'H2+YC0,<["'L&&RLS:#2-!WLB#0DMYGBB1OC
ME)0*:TAY],+`JJ\@[I@:[VGQ"E,5LP:+WD$5:D?R-4"Q:ER$7I1W_P/V6;X4I
M4,E4U&T5<;^\7[;(*Q9ETCLH;9,799)_DJD_??+UZ9-_`%!+`0(4"Q0````(.
M`(@AER)R*2"*NP<``,(J```%``````````$`(`"V@0````!T<W0N8U!+!08`\
1`````0`!`#,```#>!P``````R
``
end
sum -r/size 48793/2950 section (from "begin" to "end")
sum -r/size 18333/2087 entire input file

</code>
------------ end of program-------------
0
Comment
Question by:const
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 15

Accepted Solution

by:
NickRepin earned 200 total points
ID: 1334735
Try to use this instead of InitializeSecurityDescriptor (insert this code before call to AccessCheck). It's work!

brc=CreatePrivateObjectSecurity(
    NULL,      // address of parent directory SD
    NULL,      // address of creator SD
    &sd,      // address of pointer to new SD
    FALSE,      // container flag for new SD
    actk,      // handle of client's access token
    &gm       // address of access-rights structure
   );

See also Q102447 in http://www.microsoft.com/kb/articles/q102/4/47.htm
0

Featured Post

Enroll in May's Course of the Month

May’s Course of the Month is now available! Experts Exchange’s Premium Members and Team Accounts have access to a complimentary course each month as part of their membership—an extra way to increase training and boost professional development.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article shows how to make a Windows 7 gadget that accepts files dropped from the Windows Explorer.  It also illustrates how to give your gadget a non-rectangular shape and how to add some nifty visual effects to text displayed in a your gadget.…
This article describes how to programmatically preset the "Pages per Sheet" option that's available with most printer drivers.   This setting lets you do "n-Up" printing, where two, four, or more pages are printed on each sheet of paper. If your …
This is Part 3 in a 3-part series on Experts Exchange to discuss error handling in VBA code written for Excel. Part 1 of this series discussed basic error handling code using VBA. http://www.experts-exchange.com/videos/1478/Excel-Error-Handlin…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question