Solved

Security Attributes for a CMutex?

Posted on 2004-09-30
9
426 Views
Last Modified: 2013-11-20
Can anyone tell me how to set the security attributes of a CMutex so that my process and my service can share the mutex?

At the moment I get a ResourceException when trying to reach it....

It works fine when I debug the service ( not making it run in the context of the system, is that correct english? )....
0
Comment
Question by:TYB
  • 4
  • 3
  • 2
9 Comments
 
LVL 55

Accepted Solution

by:
Jaime Olivares earned 170 total points
ID: 12192376
0
 
LVL 86

Assisted Solution

by:jkr
jkr earned 80 total points
ID: 12192526
You'd do that like

static  HANDLE                      g_hSharedMutex  =   INVALID_HANDLE_VALUE;
static  PSID                        g_psidWorldSid  =   NULL;
static  SECURITY_DESCRIPTOR         g_sd;
static  SECURITY_ATTRIBUTES         g_sa;

//...

    SID_IDENTIFIER_AUTHORITY    siaWorldSidAuthority    =   SECURITY_WORLD_SID_AUTHORITY;
    DWORD                       dwCreate                =   0;

    //  Create a security descriptor for the mutex that allows
    //  access from both the privileged service and the non-privileged
    //  user mode programs

    g_psidWorldSid  =   ( PSID) LocalAlloc  (   LPTR,
                                                GetSidLengthRequired    (   1)
                                            );

    InitializeSid   (   g_psidWorldSid, &siaWorldSidAuthority,  1);

    *(  GetSidSubAuthority  (   g_psidWorldSid, 0)) =   SECURITY_WORLD_RID;

    InitializeSecurityDescriptor    (   &g_sd,  SECURITY_DESCRIPTOR_REVISION);

    SetSecurityDescriptorGroup      (   &g_sd,  g_psidWorldSid, TRUE);

    ZeroMemory  (   &g_sa,  sizeof  (   SECURITY_ATTRIBUTES));

    g_sa.nLength                =   sizeof  (   SECURITY_ATTRIBUTES);
    g_sa.lpSecurityDescriptor   =   &g_sd;
    g_sa.bInheritHandle         =   FALSE;

    g_hSharedMutex  =   CreateMutex (   &g_sa,
                                        FALSE,
                                        "MySharedMutex"
                                    );
0
 

Author Comment

by:TYB
ID: 12193277
Tnx for your answer....[jaime_olivares] example worked well for me...it checks if th hMutex is NULL after the creation and if it is NULL then it open it which get me an valid handle to the Mutex.

One more simple question....
CMutex* m_pMutex;
I´m using SingleLock lock(m_pMutex, TRUE) for locking the section, how do I do with a HANDLE hMutex? What functions is equal to SingleLock() ?
0
 
LVL 86

Expert Comment

by:jkr
ID: 12193323
>>how do I do with a HANDLE hMutex

You'd pass the SECURITY_ATTRIBUTES to the CMutex constructor.
0
Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

 

Author Comment

by:TYB
ID: 12193482
That doens´t work... the CMutex-constuctor internallly uses the ::CreateMutex()...not the OpenMutex...

Have to use the example from jaime...Any suggestions?
0
 
LVL 55

Expert Comment

by:Jaime Olivares
ID: 12193484
I guess this can be done

CMutex myMutex;
myMutex.m_hObject = hMutex;

SingleLock lock(&myMutex, TRUE);

CMutex only wraps a HANDLE object, so if you assign internal public handle to an **initialized** HANDLE, there won't be problems.
0
 
LVL 55

Expert Comment

by:Jaime Olivares
ID: 12193564
Also you can do this, but it's a dirty trick (say nobody):

SingleLock lock((CMutex *)&hMutex, TRUE)
0
 

Author Comment

by:TYB
ID: 12193655
I think you guys should split the points.... do really helped me out..and quick too.

Usually when recieving answer I got a lot of links(oftenly www.microsoft.com) not any good ideas from the one who is answering.

I got a link from you Jaime that really helped me out so I´m greatful...you get a little x-tra  ; )
0
 

Author Comment

by:TYB
ID: 12197933
Jaime... I have the same problem with the security when trying to ::CreateFileMappIng() with the securityattribute created in the link you sent to me as an answer. Instead of creating a hMutex I create replaced it with the following code:

hMap = ::CreateFileMapping((HANDLE)0xFFFFFFFFFFF,&sa,PAGE_READWRITE,0,
            sizeof(CSharedMemory),
            strFilename);

So the complete function looks like this:

HANDLE CIPC::GetSecureHandleFilemap(CString& strFilename)
{
    SID_IDENTIFIER_AUTHORITY siaWorld = SECURITY_WORLD_SID_AUTHORITY;
    PSID psidEveryone = NULL;
    HANDLE hMap = NULL;
    int nSidSize ;
    int nAclSize ;
    PACL paclNewDacl = NULL;
    SECURITY_DESCRIPTOR sd;
    SECURITY_ATTRIBUTES sa;

    bool bResult = true;
   
    __try{
        // Create the everyone sid
        if (!AllocateAndInitializeSid(&siaWorld, 1, SECURITY_WORLD_RID, 0,
                                           0, 0, 0, 0, 0, 0, &psidEveryone))
        {            
            psidEveryone = NULL ;
            __leave;
        }
 
        nSidSize = GetLengthSid(psidEveryone) ;
        nAclSize = nSidSize * 2 + sizeof(ACCESS_ALLOWED_ACE) + sizeof(ACCESS_DENIED_ACE) + sizeof(ACL) ;
        paclNewDacl = (PACL) LocalAlloc( LPTR, nAclSize ) ;
        if( !paclNewDacl )
        {
      bResult = false;
            __leave ;
        }
        if(!InitializeAcl( paclNewDacl, nAclSize, ACL_REVISION ))
        {
      bResult = false;
            __leave ;
        }
        if(!AddAccessDeniedAce( paclNewDacl, ACL_REVISION, WRITE_DAC | WRITE_OWNER, psidEveryone ))
       {
      bResult = false;
            __leave ;
       }
        // I am using GENERIC_ALL here so that this very code can be applied to
        // other objects.  Specific access should be applied when possible.
        if(!AddAccessAllowedAce( paclNewDacl, ACL_REVISION, GENERIC_ALL, psidEveryone ))
       {
      bResult = false;
            __leave ;
       }
        if(!InitializeSecurityDescriptor( &sd, SECURITY_DESCRIPTOR_REVISION ))
        {
      bResult = false;
           __leave ;
        }
        if(!SetSecurityDescriptorDacl( &sd, TRUE, paclNewDacl, FALSE ))
        {
      bResult = false;
            __leave ;
         }
        sa.nLength = sizeof( sa ) ;
        sa.bInheritHandle = FALSE ;
        sa.lpSecurityDescriptor = &sd ;

        hMap = ::CreateFileMapping((HANDLE)0xFFFFFFFFFFF,&sa,PAGE_READWRITE,0,
                  sizeof(CSharedMemory),
                  strFilename);

        DWORD dw = GetLastError();
        TRACE(_T("LastError: [%d]\n"), dw);

     }__finally{
        if( !paclNewDacl )
            LocalFree( paclNewDacl ) ;
        if( !psidEveryone )
            FreeSid( psidEveryone ) ;

    }
    return hMap ;
}

The error I get from GetLastError() is 5 = Access denied....why? Do you have any suggestions?

0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

Suggested Solutions

Introduction: The undo support, implementing a stack. Continuing from the eigth article about sudoku.   We need a mechanism to keep track of the digits entered so as to implement an undo mechanism.  This should be a ‘Last In First Out’ collec…
Introduction: Dialogs (1) modal - maintaining the database. Continuing from the ninth article about sudoku.   You might have heard of modal and modeless dialogs.  Here with this Sudoku application will we use one of each type: a modal dialog …
This video will show you how to get GIT to work in Eclipse.   It will walk you through how to install the EGit plugin in eclipse and how to checkout an existing repository.
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now