Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Security Attributes for a CMutex?

Posted on 2004-09-30
9
Medium Priority
?
453 Views
Last Modified: 2013-11-20
Can anyone tell me how to set the security attributes of a CMutex so that my process and my service can share the mutex?

At the moment I get a ResourceException when trying to reach it....

It works fine when I debug the service ( not making it run in the context of the system, is that correct english? )....
0
Comment
Question by:TYB
  • 4
  • 3
  • 2
9 Comments
 
LVL 55

Accepted Solution

by:
Jaime Olivares earned 680 total points
ID: 12192376
0
 
LVL 86

Assisted Solution

by:jkr
jkr earned 320 total points
ID: 12192526
You'd do that like

static  HANDLE                      g_hSharedMutex  =   INVALID_HANDLE_VALUE;
static  PSID                        g_psidWorldSid  =   NULL;
static  SECURITY_DESCRIPTOR         g_sd;
static  SECURITY_ATTRIBUTES         g_sa;

//...

    SID_IDENTIFIER_AUTHORITY    siaWorldSidAuthority    =   SECURITY_WORLD_SID_AUTHORITY;
    DWORD                       dwCreate                =   0;

    //  Create a security descriptor for the mutex that allows
    //  access from both the privileged service and the non-privileged
    //  user mode programs

    g_psidWorldSid  =   ( PSID) LocalAlloc  (   LPTR,
                                                GetSidLengthRequired    (   1)
                                            );

    InitializeSid   (   g_psidWorldSid, &siaWorldSidAuthority,  1);

    *(  GetSidSubAuthority  (   g_psidWorldSid, 0)) =   SECURITY_WORLD_RID;

    InitializeSecurityDescriptor    (   &g_sd,  SECURITY_DESCRIPTOR_REVISION);

    SetSecurityDescriptorGroup      (   &g_sd,  g_psidWorldSid, TRUE);

    ZeroMemory  (   &g_sa,  sizeof  (   SECURITY_ATTRIBUTES));

    g_sa.nLength                =   sizeof  (   SECURITY_ATTRIBUTES);
    g_sa.lpSecurityDescriptor   =   &g_sd;
    g_sa.bInheritHandle         =   FALSE;

    g_hSharedMutex  =   CreateMutex (   &g_sa,
                                        FALSE,
                                        "MySharedMutex"
                                    );
0
 

Author Comment

by:TYB
ID: 12193277
Tnx for your answer....[jaime_olivares] example worked well for me...it checks if th hMutex is NULL after the creation and if it is NULL then it open it which get me an valid handle to the Mutex.

One more simple question....
CMutex* m_pMutex;
I´m using SingleLock lock(m_pMutex, TRUE) for locking the section, how do I do with a HANDLE hMutex? What functions is equal to SingleLock() ?
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
LVL 86

Expert Comment

by:jkr
ID: 12193323
>>how do I do with a HANDLE hMutex

You'd pass the SECURITY_ATTRIBUTES to the CMutex constructor.
0
 

Author Comment

by:TYB
ID: 12193482
That doens´t work... the CMutex-constuctor internallly uses the ::CreateMutex()...not the OpenMutex...

Have to use the example from jaime...Any suggestions?
0
 
LVL 55

Expert Comment

by:Jaime Olivares
ID: 12193484
I guess this can be done

CMutex myMutex;
myMutex.m_hObject = hMutex;

SingleLock lock(&myMutex, TRUE);

CMutex only wraps a HANDLE object, so if you assign internal public handle to an **initialized** HANDLE, there won't be problems.
0
 
LVL 55

Expert Comment

by:Jaime Olivares
ID: 12193564
Also you can do this, but it's a dirty trick (say nobody):

SingleLock lock((CMutex *)&hMutex, TRUE)
0
 

Author Comment

by:TYB
ID: 12193655
I think you guys should split the points.... do really helped me out..and quick too.

Usually when recieving answer I got a lot of links(oftenly www.microsoft.com) not any good ideas from the one who is answering.

I got a link from you Jaime that really helped me out so I´m greatful...you get a little x-tra  ; )
0
 

Author Comment

by:TYB
ID: 12197933
Jaime... I have the same problem with the security when trying to ::CreateFileMappIng() with the securityattribute created in the link you sent to me as an answer. Instead of creating a hMutex I create replaced it with the following code:

hMap = ::CreateFileMapping((HANDLE)0xFFFFFFFFFFF,&sa,PAGE_READWRITE,0,
            sizeof(CSharedMemory),
            strFilename);

So the complete function looks like this:

HANDLE CIPC::GetSecureHandleFilemap(CString& strFilename)
{
    SID_IDENTIFIER_AUTHORITY siaWorld = SECURITY_WORLD_SID_AUTHORITY;
    PSID psidEveryone = NULL;
    HANDLE hMap = NULL;
    int nSidSize ;
    int nAclSize ;
    PACL paclNewDacl = NULL;
    SECURITY_DESCRIPTOR sd;
    SECURITY_ATTRIBUTES sa;

    bool bResult = true;
   
    __try{
        // Create the everyone sid
        if (!AllocateAndInitializeSid(&siaWorld, 1, SECURITY_WORLD_RID, 0,
                                           0, 0, 0, 0, 0, 0, &psidEveryone))
        {            
            psidEveryone = NULL ;
            __leave;
        }
 
        nSidSize = GetLengthSid(psidEveryone) ;
        nAclSize = nSidSize * 2 + sizeof(ACCESS_ALLOWED_ACE) + sizeof(ACCESS_DENIED_ACE) + sizeof(ACL) ;
        paclNewDacl = (PACL) LocalAlloc( LPTR, nAclSize ) ;
        if( !paclNewDacl )
        {
      bResult = false;
            __leave ;
        }
        if(!InitializeAcl( paclNewDacl, nAclSize, ACL_REVISION ))
        {
      bResult = false;
            __leave ;
        }
        if(!AddAccessDeniedAce( paclNewDacl, ACL_REVISION, WRITE_DAC | WRITE_OWNER, psidEveryone ))
       {
      bResult = false;
            __leave ;
       }
        // I am using GENERIC_ALL here so that this very code can be applied to
        // other objects.  Specific access should be applied when possible.
        if(!AddAccessAllowedAce( paclNewDacl, ACL_REVISION, GENERIC_ALL, psidEveryone ))
       {
      bResult = false;
            __leave ;
       }
        if(!InitializeSecurityDescriptor( &sd, SECURITY_DESCRIPTOR_REVISION ))
        {
      bResult = false;
           __leave ;
        }
        if(!SetSecurityDescriptorDacl( &sd, TRUE, paclNewDacl, FALSE ))
        {
      bResult = false;
            __leave ;
         }
        sa.nLength = sizeof( sa ) ;
        sa.bInheritHandle = FALSE ;
        sa.lpSecurityDescriptor = &sd ;

        hMap = ::CreateFileMapping((HANDLE)0xFFFFFFFFFFF,&sa,PAGE_READWRITE,0,
                  sizeof(CSharedMemory),
                  strFilename);

        DWORD dw = GetLastError();
        TRACE(_T("LastError: [%d]\n"), dw);

     }__finally{
        if( !paclNewDacl )
            LocalFree( paclNewDacl ) ;
        if( !psidEveryone )
            FreeSid( psidEveryone ) ;

    }
    return hMap ;
}

The error I get from GetLastError() is 5 = Access denied....why? Do you have any suggestions?

0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction: Displaying information on the statusbar.   Continuing from the third article about sudoku.   Open the project in visual studio. Status bar – let’s display the timestamp there.  We need to get the timestamp from the document s…
Introduction: Dialogs (2) modeless dialog and a worker thread.  Handling data shared between threads.  Recursive functions. Continuing from the tenth article about sudoku.   Last article we worked with a modal dialog to help maintain informat…
This video will show you how to get GIT to work in Eclipse.   It will walk you through how to install the EGit plugin in eclipse and how to checkout an existing repository.
Screencast - Getting to Know the Pipeline
Suggested Courses
Course of the Month21 days, 4 hours left to enroll

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question