Link to home
Start Free TrialLog in
Avatar of TYB
TYB

asked on

Security Attributes for a CMutex?

Can anyone tell me how to set the security attributes of a CMutex so that my process and my service can share the mutex?

At the moment I get a ResourceException when trying to reach it....

It works fine when I debug the service ( not making it run in the context of the system, is that correct english? )....
ASKER CERTIFIED SOLUTION
Avatar of Jaime Olivares
Jaime Olivares
Flag of Peru image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Avatar of jkr
jkr
Flag of Germany image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of TYB
TYB

ASKER

Tnx for your answer....[jaime_olivares] example worked well for me...it checks if th hMutex is NULL after the creation and if it is NULL then it open it which get me an valid handle to the Mutex.

One more simple question....
CMutex* m_pMutex;
I´m using SingleLock lock(m_pMutex, TRUE) for locking the section, how do I do with a HANDLE hMutex? What functions is equal to SingleLock() ?
Avatar of jkr
jkr
Flag of Germany image
>>how do I do with a HANDLE hMutex

You'd pass the SECURITY_ATTRIBUTES to the CMutex constructor.
Avatar of TYB
TYB

ASKER

That doens´t work... the CMutex-constuctor internallly uses the ::CreateMutex()...not the OpenMutex...

Have to use the example from jaime...Any suggestions?
Avatar of Jaime Olivares
Jaime Olivares
Flag of Peru image
I guess this can be done

CMutex myMutex;
myMutex.m_hObject = hMutex;

SingleLock lock(&myMutex, TRUE);

CMutex only wraps a HANDLE object, so if you assign internal public handle to an **initialized** HANDLE, there won't be problems.
Avatar of Jaime Olivares
Jaime Olivares
Flag of Peru image
Also you can do this, but it's a dirty trick (say nobody):

SingleLock lock((CMutex *)&hMutex, TRUE)
Avatar of TYB
TYB

ASKER

I think you guys should split the points.... do really helped me out..and quick too.

Usually when recieving answer I got a lot of links(oftenly www.microsoft.com) not any good ideas from the one who is answering.

I got a link from you Jaime that really helped me out so I´m greatful...you get a little x-tra  ; )
Avatar of TYB
TYB

ASKER

Jaime... I have the same problem with the security when trying to ::CreateFileMappIng() with the securityattribute created in the link you sent to me as an answer. Instead of creating a hMutex I create replaced it with the following code:

hMap = ::CreateFileMapping((HANDLE)0xFFFFFFFFFFF,&sa,PAGE_READWRITE,0,
            sizeof(CSharedMemory),
            strFilename);

So the complete function looks like this:

HANDLE CIPC::GetSecureHandleFilemap(CString& strFilename)
{
    SID_IDENTIFIER_AUTHORITY siaWorld = SECURITY_WORLD_SID_AUTHORITY;
    PSID psidEveryone = NULL;
    HANDLE hMap = NULL;
    int nSidSize ;
    int nAclSize ;
    PACL paclNewDacl = NULL;
    SECURITY_DESCRIPTOR sd;
    SECURITY_ATTRIBUTES sa;

    bool bResult = true;
   
    __try{
        // Create the everyone sid
        if (!AllocateAndInitializeSid(&siaWorld, 1, SECURITY_WORLD_RID, 0,
                                           0, 0, 0, 0, 0, 0, &psidEveryone))
        {            
            psidEveryone = NULL ;
            __leave;
        }
 
        nSidSize = GetLengthSid(psidEveryone) ;
        nAclSize = nSidSize * 2 + sizeof(ACCESS_ALLOWED_ACE) + sizeof(ACCESS_DENIED_ACE) + sizeof(ACL) ;
        paclNewDacl = (PACL) LocalAlloc( LPTR, nAclSize ) ;
        if( !paclNewDacl )
        {
      bResult = false;
            __leave ;
        }
        if(!InitializeAcl( paclNewDacl, nAclSize, ACL_REVISION ))
        {
      bResult = false;
            __leave ;
        }
        if(!AddAccessDeniedAce( paclNewDacl, ACL_REVISION, WRITE_DAC | WRITE_OWNER, psidEveryone ))
       {
      bResult = false;
            __leave ;
       }
        // I am using GENERIC_ALL here so that this very code can be applied to
        // other objects.  Specific access should be applied when possible.
        if(!AddAccessAllowedAce( paclNewDacl, ACL_REVISION, GENERIC_ALL, psidEveryone ))
       {
      bResult = false;
            __leave ;
       }
        if(!InitializeSecurityDescriptor( &sd, SECURITY_DESCRIPTOR_REVISION ))
        {
      bResult = false;
           __leave ;
        }
        if(!SetSecurityDescriptorDacl( &sd, TRUE, paclNewDacl, FALSE ))
        {
      bResult = false;
            __leave ;
         }
        sa.nLength = sizeof( sa ) ;
        sa.bInheritHandle = FALSE ;
        sa.lpSecurityDescriptor = &sd ;

        hMap = ::CreateFileMapping((HANDLE)0xFFFFFFFFFFF,&sa,PAGE_READWRITE,0,
                  sizeof(CSharedMemory),
                  strFilename);

        DWORD dw = GetLastError();
        TRACE(_T("LastError: [%d]\n"), dw);

     }__finally{
        if( !paclNewDacl )
            LocalFree( paclNewDacl ) ;
        if( !psidEveryone )
            FreeSid( psidEveryone ) ;

    }
    return hMap ;
}

The error I get from GetLastError() is 5 = Access denied....why? Do you have any suggestions?