TYB
asked on
Security Attributes for a CMutex?
Can anyone tell me how to set the security attributes of a CMutex so that my process and my service can share the mutex?
At the moment I get a ResourceException when trying to reach it....
It works fine when I debug the service ( not making it run in the context of the system, is that correct english? )....
At the moment I get a ResourceException when trying to reach it....
It works fine when I debug the service ( not making it run in the context of the system, is that correct english? )....
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
>>how do I do with a HANDLE hMutex
You'd pass the SECURITY_ATTRIBUTES to the CMutex constructor.
You'd pass the SECURITY_ATTRIBUTES to the CMutex constructor.
ASKER
That doens´t work... the CMutex-constuctor internallly uses the ::CreateMutex()...not the OpenMutex...
Have to use the example from jaime...Any suggestions?
Have to use the example from jaime...Any suggestions?
I guess this can be done
CMutex myMutex;
myMutex.m_hObject = hMutex;
SingleLock lock(&myMutex, TRUE);
CMutex only wraps a HANDLE object, so if you assign internal public handle to an **initialized** HANDLE, there won't be problems.
CMutex myMutex;
myMutex.m_hObject = hMutex;
SingleLock lock(&myMutex, TRUE);
CMutex only wraps a HANDLE object, so if you assign internal public handle to an **initialized** HANDLE, there won't be problems.
Also you can do this, but it's a dirty trick (say nobody):
SingleLock lock((CMutex *)&hMutex, TRUE)
SingleLock lock((CMutex *)&hMutex, TRUE)
ASKER
I think you guys should split the points.... do really helped me out..and quick too.
Usually when recieving answer I got a lot of links(oftenly www.microsoft.com) not any good ideas from the one who is answering.
I got a link from you Jaime that really helped me out so I´m greatful...you get a little x-tra ; )
Usually when recieving answer I got a lot of links(oftenly www.microsoft.com) not any good ideas from the one who is answering.
I got a link from you Jaime that really helped me out so I´m greatful...you get a little x-tra ; )
ASKER
Jaime... I have the same problem with the security when trying to ::CreateFileMappIng() with the securityattribute created in the link you sent to me as an answer. Instead of creating a hMutex I create replaced it with the following code:
hMap = ::CreateFileMapping((HANDL E)0xFFFFFF FFFFF,&sa, PAGE_READW RITE,0,
sizeof(CSharedMemory),
strFilename);
So the complete function looks like this:
HANDLE CIPC::GetSecureHandleFilem ap(CString & strFilename)
{
SID_IDENTIFIER_AUTHORITY siaWorld = SECURITY_WORLD_SID_AUTHORI TY;
PSID psidEveryone = NULL;
HANDLE hMap = NULL;
int nSidSize ;
int nAclSize ;
PACL paclNewDacl = NULL;
SECURITY_DESCRIPTOR sd;
SECURITY_ATTRIBUTES sa;
bool bResult = true;
__try{
// Create the everyone sid
if (!AllocateAndInitializeSid (&siaWorld , 1, SECURITY_WORLD_RID, 0,
0, 0, 0, 0, 0, 0, &psidEveryone))
{
psidEveryone = NULL ;
__leave;
}
nSidSize = GetLengthSid(psidEveryone) ;
nAclSize = nSidSize * 2 + sizeof(ACCESS_ALLOWED_ACE) + sizeof(ACCESS_DENIED_ACE) + sizeof(ACL) ;
paclNewDacl = (PACL) LocalAlloc( LPTR, nAclSize ) ;
if( !paclNewDacl )
{
bResult = false;
__leave ;
}
if(!InitializeAcl( paclNewDacl, nAclSize, ACL_REVISION ))
{
bResult = false;
__leave ;
}
if(!AddAccessDeniedAce( paclNewDacl, ACL_REVISION, WRITE_DAC | WRITE_OWNER, psidEveryone ))
{
bResult = false;
__leave ;
}
// I am using GENERIC_ALL here so that this very code can be applied to
// other objects. Specific access should be applied when possible.
if(!AddAccessAllowedAce( paclNewDacl, ACL_REVISION, GENERIC_ALL, psidEveryone ))
{
bResult = false;
__leave ;
}
if(!InitializeSecurityDesc riptor( &sd, SECURITY_DESCRIPTOR_REVISI ON ))
{
bResult = false;
__leave ;
}
if(!SetSecurityDescriptorD acl( &sd, TRUE, paclNewDacl, FALSE ))
{
bResult = false;
__leave ;
}
sa.nLength = sizeof( sa ) ;
sa.bInheritHandle = FALSE ;
sa.lpSecurityDescriptor = &sd ;
hMap = ::CreateFileMapping((HANDL E)0xFFFFFF FFFFF,&sa, PAGE_READW RITE,0,
sizeof(CSharedMemory),
strFilename);
DWORD dw = GetLastError();
TRACE(_T("LastError: [%d]\n"), dw);
}__finally{
if( !paclNewDacl )
LocalFree( paclNewDacl ) ;
if( !psidEveryone )
FreeSid( psidEveryone ) ;
}
return hMap ;
}
The error I get from GetLastError() is 5 = Access denied....why? Do you have any suggestions?
hMap = ::CreateFileMapping((HANDL
sizeof(CSharedMemory),
strFilename);
So the complete function looks like this:
HANDLE CIPC::GetSecureHandleFilem
{
SID_IDENTIFIER_AUTHORITY siaWorld = SECURITY_WORLD_SID_AUTHORI
PSID psidEveryone = NULL;
HANDLE hMap = NULL;
int nSidSize ;
int nAclSize ;
PACL paclNewDacl = NULL;
SECURITY_DESCRIPTOR sd;
SECURITY_ATTRIBUTES sa;
bool bResult = true;
__try{
// Create the everyone sid
if (!AllocateAndInitializeSid
0, 0, 0, 0, 0, 0, &psidEveryone))
{
psidEveryone = NULL ;
__leave;
}
nSidSize = GetLengthSid(psidEveryone)
nAclSize = nSidSize * 2 + sizeof(ACCESS_ALLOWED_ACE)
paclNewDacl = (PACL) LocalAlloc( LPTR, nAclSize ) ;
if( !paclNewDacl )
{
bResult = false;
__leave ;
}
if(!InitializeAcl( paclNewDacl, nAclSize, ACL_REVISION ))
{
bResult = false;
__leave ;
}
if(!AddAccessDeniedAce( paclNewDacl, ACL_REVISION, WRITE_DAC | WRITE_OWNER, psidEveryone ))
{
bResult = false;
__leave ;
}
// I am using GENERIC_ALL here so that this very code can be applied to
// other objects. Specific access should be applied when possible.
if(!AddAccessAllowedAce( paclNewDacl, ACL_REVISION, GENERIC_ALL, psidEveryone ))
{
bResult = false;
__leave ;
}
if(!InitializeSecurityDesc
{
bResult = false;
__leave ;
}
if(!SetSecurityDescriptorD
{
bResult = false;
__leave ;
}
sa.nLength = sizeof( sa ) ;
sa.bInheritHandle = FALSE ;
sa.lpSecurityDescriptor = &sd ;
hMap = ::CreateFileMapping((HANDL
sizeof(CSharedMemory),
strFilename);
DWORD dw = GetLastError();
TRACE(_T("LastError: [%d]\n"), dw);
}__finally{
if( !paclNewDacl )
LocalFree( paclNewDacl ) ;
if( !psidEveryone )
FreeSid( psidEveryone ) ;
}
return hMap ;
}
The error I get from GetLastError() is 5 = Access denied....why? Do you have any suggestions?
ASKER
One more simple question....
CMutex* m_pMutex;
I´m using SingleLock lock(m_pMutex, TRUE) for locking the section, how do I do with a HANDLE hMutex? What functions is equal to SingleLock() ?