Solved

AccessCheck() return error with empty security descriptor

Posted on 1997-04-22
1
356 Views
Last Modified: 2013-12-04

The expected way of work of the attached program is the
following:

a) allocate security descriptor
b) initialize security descriptor
   after this all access is allowed.
c) impersonate self in order to get impersonated access
   token.
d) fake call of AccessCheck() in order to get size of
    buffers needed
e) allocating buffers
f) real call of AccessCheck()
g) print returned values
   It should be "Access denied\nGranted access = 7".
h) restore state

The problem is that at (f) error returned
GetLastError() = 1338 "The security descriptor structure is
invalid."

I call IsValidSecurityDescriptor() before AccessCheck() and
it returns true. Setting DACL, Owner and Group to security
descriptor does not help. Converting Security descriptor to
selfrealtive format does not helps too.

The problem is reproducable on both NT 4.0 and NT3.51.

------------ begin of program ----------
<code>
section 1 of uuencode 4.13 of file TST.ZIP    by R.E.M.

begin 644 TST.ZIP
M4$L#!!0````(`(@AER)R*2"*NP<``,(J```%````='-T+F/M6FV/VD80_AXIW
M_V%SIYS,U;G+7=I&"KU6!`RQRLO)F*25*B%CK[G5&1OMFKN\-/^],^L7,*P-7
M*)QZK>(/V*S-L_/R[.S,F&,6NL'"H^27>Q9ZT;TXN_GUZ9/C?%3$'HO6QF9.J
M$$3NVJ`C!.6Q'(1AC_HLI(3PN;^@7'-UIOLUPGS-K7V9<Q;&OG9D6-;`(L_%L
MF^<>?&HUPEUR19Y[?X5'^GC<-KO&>*QK\&QM/.Z:??A&=.W8KR5C&JO5ZE\+A
M4P7WKR[E9-E4Y`N?RS&A';OZL;^$S1#U#HV[CH@-SB.N)8AW$?-(_D/WQN'D9
ME+BA3M)+?Z%G5TPG011.2<#TUH>!U2*4NU'MZ1-"ON`'(=WK]P.S169B6D>[Q
MX%`[XC,G[E$AG"G5V@.KU[#'/6,X;'2,<:/;'30;MC%^.VJW#8O\3=8>:%N#[
MWGCXY]`V>GJ"5SCZHVY7-8YRJ<9[C=^-;J/?,5L:GL9]8V1;C:Y.AJ.W<J!E;
MM!NCKEW3"3D_)2WJ.XL@)H$33A<@/CD]5X!JW6M[:%LU<@)ZJV9]62:Z8KA6"
M3P8SUGQ@X:M+LL&=HA\EC^#&D0XN`N>`RZ0%4F_60*X,MQNY3M#FE&KH)9AN%
M=7)0&6^1^(:2R<+W*3_;$#`Q09&)(F,BVX>+3-(O)>#,8:$&5`(BG9^^.,"!U
M<H(^X$,W<#@E#O'I/=`7U"=W#F?.)*!B0SO5D2"]>/$#PE[@A[RZS*]>Y5<_2
MYE<_Y5<_YU>O,_I<#XWFR#+M/X%OPZ9E7MO@7>'5<R_L)!.>WPX&W8V;$^[6`
M]T8"NN')9]F/"\<YKOX03,=IO.`A<2,(@M5(2AR)5(%11'K7Z+>Z!G'<^%8M1
MD^.Z$%A('-W2L!(I"5?$8TZ)=AX5C%,O0]R*-.5E2'!G%N^"E/J.B2E7(S&1.
M@0!FB)A^X$P52-?7EOD>5A<$S*%A0^P0<;V`!-'DC@74@Q`F:+Q=.T00GS>D0
MVD02[#.M1/+4-,#@*A_8@4\=HV]89G/<:UQ?F_T.F<[J1:0I#3ES(83,%3-EE
M2(>-*NX-=6_)W`%?TQB"''%"#XC/XIUCR^&C"BY=V`E>*I>=Y!/*)Y^JD`G/M
MN.``";>H$F8B4M7BRY"02-N1UDB5;#UK2-/968>&%!QM4<?#D2MR45]!PE\RT
MCX8QBS\A%^8LG!9FVT3ZP%E,)=+E-R(9'ZF[`*PK\N,W(C6"@"3:O=X;Z;`<M
M;V#:NR2V,Q%1@#H*4)6C&!`S7<[F<<2)^C@\QX4'AM%4^V<M2=,UQ:UQS^R/M
MNT:_8[_+TB#F$PU)2:ZN`+.FX*5/9G06\4_DWA$DC$!_A'<P"A<\]Z5$]QQI)
M0J<L))%/)O#[VQ(K)5=I^7"A5RNA)ZIB[B9WTWG$XP+.-(HCR(&#2<D.E=SF:
ME7[#\]=MNM'02PQ%2RR5(4UD:#*!1\P)8,\8IAQJY132A*=4VS+>FT-ST%_U6
MW#.`6_=9+A,\4*7;0WDNK<8N]"HEBRY;$?-?\UT%5-%WQ!3O02M/Z;E4K[(CY
MSPP?O>_*="QU''F\OCOL;F#.YI#G1"&L:Z@/.>[!N#5,:74BH)#I<+M!&E66Z
MD@UIX&N9]Y;C+`I3![(5+58M_OB9652RBH\JI#0W?'&A9B9F%U6)H8KCEYM0D
M&<?#""1SHSL*FT(B6^!,:%!`VH7CU59?8<'58$Y#6[+21A9J'1HW%YQ#OI2,F
M:C7='OQN]+'C-&XTF\9PJ-O6R-!/,-?]S^PM:VKNRX+'%9_PC`4Y\++7^,/L`
MC7JR'_C!:-672#+U]%AY<9XA]9QYFD'W''&KG2"R?C*=)1TN0,+R<`:W2N4^$
M?,R<9A4R^%E=XV`(E>D28:JR_`%B9E+:E]6)F<4WZ_I-BW_/"_Z;>0&>4]\U2
MY()J8C,#\^\5I*U%GK(5GAP84O4<:><>G5(E7,:GYVOQ02]IV54@0230<U#L"
M&-&T9;112&^32;YSR)%@JU.O;+&8SP-&O2J9DK6H)TARR864>EF%N8=,)]B.#
MU'/MTF[AU@ZD"@G;D7G,W+D#F;P.2Q:Q,B]`PHF;:!%XL`2)[P2BI&_H26867
MWV_45Y$PJ`9P;^M^AU%%OC@9F_WAJ-TVFZ;1M[-73<^N<*I:,;R`OE%\`]Z#&
MCW"?J)+X/(XB(K`X+Y5IY6W)A0[SZRLK\.%V\QO89H+2_NK6J)*;Y^QL\WW0K
M*E+:[=.*_>BL,Y.P/=4RV?0*OLKZ,?A<<2?XU_LQZ4)5]5VVYZ>/K1]S^!P']
M)[A?!IS*+$NMW4/4A=\SD^^9R=KQ_\Y,,$HMM:MZJ;(-Z7^4F3SZ%;R6`3SRJ
MO66'%3Q?Q$)#9_UVU"BXZ.A--N#1$%+CH[(@O,PGDC_!=(JTN2+/_\!_3<D_I
M1B&_JH)Y_H9-&N*CTDXKEOJHKL.72&CJ-ULLM=;R*I6IJBNW3U\.U=HF$RI6W
M(=)F)O:L,A.3R<5:"K:&=,CUXN,_EJ0XTM7X%838R-2X^\M+';)JO"\7TSYK*
M:??LJDQYE0UE?W$="1Z07$[W'H2+YC0,<["'L&&RLS:#2-!WLB#0DMYGBB1OC
ME)0*:TAY],+`JJ\@[I@:[VGQ"E,5LP:+WD$5:D?R-4"Q:ER$7I1W_P/V6;X4I
M4,E4U&T5<;^\7[;(*Q9ETCLH;9,799)_DJD_??+UZ9-_`%!+`0(4"Q0````(.
M`(@AER)R*2"*NP<``,(J```%``````````$`(`"V@0````!T<W0N8U!+!08`\
1`````0`!`#,```#>!P``````R
``
end
sum -r/size 48793/2950 section (from "begin" to "end")
sum -r/size 18333/2087 entire input file

</code>
------------ end of program-------------
0
Comment
Question by:const
1 Comment
 
LVL 15

Accepted Solution

by:
NickRepin earned 200 total points
ID: 1334735
Try to use this instead of InitializeSecurityDescriptor (insert this code before call to AccessCheck). It's work!

brc=CreatePrivateObjectSecurity(
    NULL,      // address of parent directory SD
    NULL,      // address of creator SD
    &sd,      // address of pointer to new SD
    FALSE,      // container flag for new SD
    actk,      // handle of client's access token
    &gm       // address of access-rights structure
   );

See also Q102447 in http://www.microsoft.com/kb/articles/q102/4/47.htm
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This article shows a few slightly more advanced techniques for Windows 7 gadget programming, including how to save and restore user settings for your gadget and how to populate the "details" panel that is displayed in the Windows 7 gadget gallery.  …
This article describes how to add a user-defined command button to the Windows 7 Explorer toolbar.  In the previous article (http://www.experts-exchange.com/A_2172.html), we saw how to put the Delete button back there where it belongs.  "Delete" is …
This is Part 3 in a 3-part series on Experts Exchange to discuss error handling in VBA code written for Excel. Part 1 of this series discussed basic error handling code using VBA. http://www.experts-exchange.com/videos/1478/Excel-Error-Handlin…
I've attached the XLSM Excel spreadsheet I used in the video and also text files containing the macros used below. https://filedb.experts-exchange.com/incoming/2017/03_w12/1151775/Permutations.txt https://filedb.experts-exchange.com/incoming/201…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question