Failure of AllocateAndInitializeSid(...) on Windows 2000 Server
Posted on 2006-07-06
I have written a service in C++ (Microsoft Visual Studio 6.0 SP5) that must coordinate access to a shared set of resources with another application that I've written. The service normally runs as a Windows system account while the other application is run manually (in user-mode) by whoever is logged in to the system.
To accomplish the needed coordination of resource use, I use a mutex object that is created by the service and shared between the service and the other application. At the time the service creates the mutex object, I need to ensure that anyone logged into the system isn't blocked from accessing the mutex object for security reasons.
To ensure access by others, I've been giving the necessary rights to the well known group "Everyone." This worked well on all of my Windows XP systems. Then, I noticed my application wasn't behaving properly on a Windows 2000 Server system. After some research, I found the culprit to be the following section of code:
PSID pEveryoneSID = NULL;
SID_IDENTIFIER_AUTHORITY SIDAuthWorld = SECURITY_WORLD_SID_AUTHORITY;
if((!AllocateAndInitializeSid(&SIDAuthWorld, 1, SECURITY_WORLD_RID, 0, 0, 0, 0, 0, 0, 0, &pEveryoneSID))
The call to AllocateAndInitializeSid was returning a success indicator, but the variable pEveryoneSID was still null. I've not tested on other Windows 2000 Servers to know if this common to all Win2k systems or not. Either way, I know for sure that this function properly assigns the value to pEveryoneSID on my Windows XP systems but does NOT on the Windows 2000 Server where I need it to work.
Does anyone have any insight about what might cause this?