Solved

Security Attributes for a CMutex?

Posted on 2004-09-30
9
437 Views
Last Modified: 2013-11-20
Can anyone tell me how to set the security attributes of a CMutex so that my process and my service can share the mutex?

At the moment I get a ResourceException when trying to reach it....

It works fine when I debug the service ( not making it run in the context of the system, is that correct english? )....
0
Comment
Question by:TYB
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
9 Comments
 
LVL 55

Accepted Solution

by:
Jaime Olivares earned 170 total points
ID: 12192376
0
 
LVL 86

Assisted Solution

by:jkr
jkr earned 80 total points
ID: 12192526
You'd do that like

static  HANDLE                      g_hSharedMutex  =   INVALID_HANDLE_VALUE;
static  PSID                        g_psidWorldSid  =   NULL;
static  SECURITY_DESCRIPTOR         g_sd;
static  SECURITY_ATTRIBUTES         g_sa;

//...

    SID_IDENTIFIER_AUTHORITY    siaWorldSidAuthority    =   SECURITY_WORLD_SID_AUTHORITY;
    DWORD                       dwCreate                =   0;

    //  Create a security descriptor for the mutex that allows
    //  access from both the privileged service and the non-privileged
    //  user mode programs

    g_psidWorldSid  =   ( PSID) LocalAlloc  (   LPTR,
                                                GetSidLengthRequired    (   1)
                                            );

    InitializeSid   (   g_psidWorldSid, &siaWorldSidAuthority,  1);

    *(  GetSidSubAuthority  (   g_psidWorldSid, 0)) =   SECURITY_WORLD_RID;

    InitializeSecurityDescriptor    (   &g_sd,  SECURITY_DESCRIPTOR_REVISION);

    SetSecurityDescriptorGroup      (   &g_sd,  g_psidWorldSid, TRUE);

    ZeroMemory  (   &g_sa,  sizeof  (   SECURITY_ATTRIBUTES));

    g_sa.nLength                =   sizeof  (   SECURITY_ATTRIBUTES);
    g_sa.lpSecurityDescriptor   =   &g_sd;
    g_sa.bInheritHandle         =   FALSE;

    g_hSharedMutex  =   CreateMutex (   &g_sa,
                                        FALSE,
                                        "MySharedMutex"
                                    );
0
 

Author Comment

by:TYB
ID: 12193277
Tnx for your answer....[jaime_olivares] example worked well for me...it checks if th hMutex is NULL after the creation and if it is NULL then it open it which get me an valid handle to the Mutex.

One more simple question....
CMutex* m_pMutex;
I´m using SingleLock lock(m_pMutex, TRUE) for locking the section, how do I do with a HANDLE hMutex? What functions is equal to SingleLock() ?
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 86

Expert Comment

by:jkr
ID: 12193323
>>how do I do with a HANDLE hMutex

You'd pass the SECURITY_ATTRIBUTES to the CMutex constructor.
0
 

Author Comment

by:TYB
ID: 12193482
That doens´t work... the CMutex-constuctor internallly uses the ::CreateMutex()...not the OpenMutex...

Have to use the example from jaime...Any suggestions?
0
 
LVL 55

Expert Comment

by:Jaime Olivares
ID: 12193484
I guess this can be done

CMutex myMutex;
myMutex.m_hObject = hMutex;

SingleLock lock(&myMutex, TRUE);

CMutex only wraps a HANDLE object, so if you assign internal public handle to an **initialized** HANDLE, there won't be problems.
0
 
LVL 55

Expert Comment

by:Jaime Olivares
ID: 12193564
Also you can do this, but it's a dirty trick (say nobody):

SingleLock lock((CMutex *)&hMutex, TRUE)
0
 

Author Comment

by:TYB
ID: 12193655
I think you guys should split the points.... do really helped me out..and quick too.

Usually when recieving answer I got a lot of links(oftenly www.microsoft.com) not any good ideas from the one who is answering.

I got a link from you Jaime that really helped me out so I´m greatful...you get a little x-tra  ; )
0
 

Author Comment

by:TYB
ID: 12197933
Jaime... I have the same problem with the security when trying to ::CreateFileMappIng() with the securityattribute created in the link you sent to me as an answer. Instead of creating a hMutex I create replaced it with the following code:

hMap = ::CreateFileMapping((HANDLE)0xFFFFFFFFFFF,&sa,PAGE_READWRITE,0,
            sizeof(CSharedMemory),
            strFilename);

So the complete function looks like this:

HANDLE CIPC::GetSecureHandleFilemap(CString& strFilename)
{
    SID_IDENTIFIER_AUTHORITY siaWorld = SECURITY_WORLD_SID_AUTHORITY;
    PSID psidEveryone = NULL;
    HANDLE hMap = NULL;
    int nSidSize ;
    int nAclSize ;
    PACL paclNewDacl = NULL;
    SECURITY_DESCRIPTOR sd;
    SECURITY_ATTRIBUTES sa;

    bool bResult = true;
   
    __try{
        // Create the everyone sid
        if (!AllocateAndInitializeSid(&siaWorld, 1, SECURITY_WORLD_RID, 0,
                                           0, 0, 0, 0, 0, 0, &psidEveryone))
        {            
            psidEveryone = NULL ;
            __leave;
        }
 
        nSidSize = GetLengthSid(psidEveryone) ;
        nAclSize = nSidSize * 2 + sizeof(ACCESS_ALLOWED_ACE) + sizeof(ACCESS_DENIED_ACE) + sizeof(ACL) ;
        paclNewDacl = (PACL) LocalAlloc( LPTR, nAclSize ) ;
        if( !paclNewDacl )
        {
      bResult = false;
            __leave ;
        }
        if(!InitializeAcl( paclNewDacl, nAclSize, ACL_REVISION ))
        {
      bResult = false;
            __leave ;
        }
        if(!AddAccessDeniedAce( paclNewDacl, ACL_REVISION, WRITE_DAC | WRITE_OWNER, psidEveryone ))
       {
      bResult = false;
            __leave ;
       }
        // I am using GENERIC_ALL here so that this very code can be applied to
        // other objects.  Specific access should be applied when possible.
        if(!AddAccessAllowedAce( paclNewDacl, ACL_REVISION, GENERIC_ALL, psidEveryone ))
       {
      bResult = false;
            __leave ;
       }
        if(!InitializeSecurityDescriptor( &sd, SECURITY_DESCRIPTOR_REVISION ))
        {
      bResult = false;
           __leave ;
        }
        if(!SetSecurityDescriptorDacl( &sd, TRUE, paclNewDacl, FALSE ))
        {
      bResult = false;
            __leave ;
         }
        sa.nLength = sizeof( sa ) ;
        sa.bInheritHandle = FALSE ;
        sa.lpSecurityDescriptor = &sd ;

        hMap = ::CreateFileMapping((HANDLE)0xFFFFFFFFFFF,&sa,PAGE_READWRITE,0,
                  sizeof(CSharedMemory),
                  strFilename);

        DWORD dw = GetLastError();
        TRACE(_T("LastError: [%d]\n"), dw);

     }__finally{
        if( !paclNewDacl )
            LocalFree( paclNewDacl ) ;
        if( !psidEveryone )
            FreeSid( psidEveryone ) ;

    }
    return hMap ;
}

The error I get from GetLastError() is 5 = Access denied....why? Do you have any suggestions?

0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
difference between String.subString() and String.subSequence() 6 285
Window placement 17 99
ShiftLeft challenge 21 95
Use of condition with 'serial' in ansible 2 99
Introduction: Dynamic window placements and drawing on a form, simple usage of windows registry as a storage place for information. Continuing from the first article about sudoku.  There we have designed the application and put a lot of user int…
Introduction: The undo support, implementing a stack. Continuing from the eigth article about sudoku.   We need a mechanism to keep track of the digits entered so as to implement an undo mechanism.  This should be a ‘Last In First Out’ collec…
This video will show you how to get GIT to work in Eclipse.   It will walk you through how to install the EGit plugin in eclipse and how to checkout an existing repository.

742 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question