Security Attributes for a CMutex?

Can anyone tell me how to set the security attributes of a CMutex so that my process and my service can share the mutex?

At the moment I get a ResourceException when trying to reach it....

It works fine when I debug the service ( not making it run in the context of the system, is that correct english? )....
TYBAsked:
Who is Participating?
 
Jaime OlivaresConnect With a Mentor Software ArchitectCommented:
0
 
jkrConnect With a Mentor Commented:
You'd do that like

static  HANDLE                      g_hSharedMutex  =   INVALID_HANDLE_VALUE;
static  PSID                        g_psidWorldSid  =   NULL;
static  SECURITY_DESCRIPTOR         g_sd;
static  SECURITY_ATTRIBUTES         g_sa;

//...

    SID_IDENTIFIER_AUTHORITY    siaWorldSidAuthority    =   SECURITY_WORLD_SID_AUTHORITY;
    DWORD                       dwCreate                =   0;

    //  Create a security descriptor for the mutex that allows
    //  access from both the privileged service and the non-privileged
    //  user mode programs

    g_psidWorldSid  =   ( PSID) LocalAlloc  (   LPTR,
                                                GetSidLengthRequired    (   1)
                                            );

    InitializeSid   (   g_psidWorldSid, &siaWorldSidAuthority,  1);

    *(  GetSidSubAuthority  (   g_psidWorldSid, 0)) =   SECURITY_WORLD_RID;

    InitializeSecurityDescriptor    (   &g_sd,  SECURITY_DESCRIPTOR_REVISION);

    SetSecurityDescriptorGroup      (   &g_sd,  g_psidWorldSid, TRUE);

    ZeroMemory  (   &g_sa,  sizeof  (   SECURITY_ATTRIBUTES));

    g_sa.nLength                =   sizeof  (   SECURITY_ATTRIBUTES);
    g_sa.lpSecurityDescriptor   =   &g_sd;
    g_sa.bInheritHandle         =   FALSE;

    g_hSharedMutex  =   CreateMutex (   &g_sa,
                                        FALSE,
                                        "MySharedMutex"
                                    );
0
 
TYBAuthor Commented:
Tnx for your answer....[jaime_olivares] example worked well for me...it checks if th hMutex is NULL after the creation and if it is NULL then it open it which get me an valid handle to the Mutex.

One more simple question....
CMutex* m_pMutex;
I´m using SingleLock lock(m_pMutex, TRUE) for locking the section, how do I do with a HANDLE hMutex? What functions is equal to SingleLock() ?
0
Cloud Class® Course: Microsoft Azure 2017

Azure has a changed a lot since it was originally introduce by adding new services and features. Do you know everything you need to about Azure? This course will teach you about the Azure App Service, monitoring and application insights, DevOps, and Team Services.

 
jkrCommented:
>>how do I do with a HANDLE hMutex

You'd pass the SECURITY_ATTRIBUTES to the CMutex constructor.
0
 
TYBAuthor Commented:
That doens´t work... the CMutex-constuctor internallly uses the ::CreateMutex()...not the OpenMutex...

Have to use the example from jaime...Any suggestions?
0
 
Jaime OlivaresSoftware ArchitectCommented:
I guess this can be done

CMutex myMutex;
myMutex.m_hObject = hMutex;

SingleLock lock(&myMutex, TRUE);

CMutex only wraps a HANDLE object, so if you assign internal public handle to an **initialized** HANDLE, there won't be problems.
0
 
Jaime OlivaresSoftware ArchitectCommented:
Also you can do this, but it's a dirty trick (say nobody):

SingleLock lock((CMutex *)&hMutex, TRUE)
0
 
TYBAuthor Commented:
I think you guys should split the points.... do really helped me out..and quick too.

Usually when recieving answer I got a lot of links(oftenly www.microsoft.com) not any good ideas from the one who is answering.

I got a link from you Jaime that really helped me out so I´m greatful...you get a little x-tra  ; )
0
 
TYBAuthor Commented:
Jaime... I have the same problem with the security when trying to ::CreateFileMappIng() with the securityattribute created in the link you sent to me as an answer. Instead of creating a hMutex I create replaced it with the following code:

hMap = ::CreateFileMapping((HANDLE)0xFFFFFFFFFFF,&sa,PAGE_READWRITE,0,
            sizeof(CSharedMemory),
            strFilename);

So the complete function looks like this:

HANDLE CIPC::GetSecureHandleFilemap(CString& strFilename)
{
    SID_IDENTIFIER_AUTHORITY siaWorld = SECURITY_WORLD_SID_AUTHORITY;
    PSID psidEveryone = NULL;
    HANDLE hMap = NULL;
    int nSidSize ;
    int nAclSize ;
    PACL paclNewDacl = NULL;
    SECURITY_DESCRIPTOR sd;
    SECURITY_ATTRIBUTES sa;

    bool bResult = true;
   
    __try{
        // Create the everyone sid
        if (!AllocateAndInitializeSid(&siaWorld, 1, SECURITY_WORLD_RID, 0,
                                           0, 0, 0, 0, 0, 0, &psidEveryone))
        {            
            psidEveryone = NULL ;
            __leave;
        }
 
        nSidSize = GetLengthSid(psidEveryone) ;
        nAclSize = nSidSize * 2 + sizeof(ACCESS_ALLOWED_ACE) + sizeof(ACCESS_DENIED_ACE) + sizeof(ACL) ;
        paclNewDacl = (PACL) LocalAlloc( LPTR, nAclSize ) ;
        if( !paclNewDacl )
        {
      bResult = false;
            __leave ;
        }
        if(!InitializeAcl( paclNewDacl, nAclSize, ACL_REVISION ))
        {
      bResult = false;
            __leave ;
        }
        if(!AddAccessDeniedAce( paclNewDacl, ACL_REVISION, WRITE_DAC | WRITE_OWNER, psidEveryone ))
       {
      bResult = false;
            __leave ;
       }
        // I am using GENERIC_ALL here so that this very code can be applied to
        // other objects.  Specific access should be applied when possible.
        if(!AddAccessAllowedAce( paclNewDacl, ACL_REVISION, GENERIC_ALL, psidEveryone ))
       {
      bResult = false;
            __leave ;
       }
        if(!InitializeSecurityDescriptor( &sd, SECURITY_DESCRIPTOR_REVISION ))
        {
      bResult = false;
           __leave ;
        }
        if(!SetSecurityDescriptorDacl( &sd, TRUE, paclNewDacl, FALSE ))
        {
      bResult = false;
            __leave ;
         }
        sa.nLength = sizeof( sa ) ;
        sa.bInheritHandle = FALSE ;
        sa.lpSecurityDescriptor = &sd ;

        hMap = ::CreateFileMapping((HANDLE)0xFFFFFFFFFFF,&sa,PAGE_READWRITE,0,
                  sizeof(CSharedMemory),
                  strFilename);

        DWORD dw = GetLastError();
        TRACE(_T("LastError: [%d]\n"), dw);

     }__finally{
        if( !paclNewDacl )
            LocalFree( paclNewDacl ) ;
        if( !psidEveryone )
            FreeSid( psidEveryone ) ;

    }
    return hMap ;
}

The error I get from GetLastError() is 5 = Access denied....why? Do you have any suggestions?

0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.