Security Descriptor and CoInitializeSec urity

Huayang Xia

I'd like to call pythoncom.CoIni tializeSecurity with a
PySecurityDescr iptor object to set the process-wide security values.
But I'm not able to find a way to let the code go through.

I have read MSDN and searched web, I've not been able to find answer. I
cooked a security descriptor like this (assume aces is a tuple of tuple
(access, sid) :

sd = win32security.S ECURITY_DESCRIP TOR()
sd.Initialize()
sd.SetSecurityD escriptorOwner( sid_owner, False)
sd.SetSecurityD escriptorGroup( sid_group, False)
# create DACL
dacl = win32security.A CL()
dacl.Initialize ()
for (access, acc_sid) in aces:
# Add ACE which is access and SID
dacl.AddAccessA llowedAce(win32 security.ACL_RE VISION, access,
isinstance(acc_ sid, (unicode, str)) and
win32security.C onvertStringSid ToSid(acc_sid) or acc_sid)

sd.SetDacl(True , dacl, False) # SetSecurityDesc riptorDacl
print sd.IsSelfRelati ve() # result is 1

The sd is a self relative one.

>From MSDN, after calling InitializeSecur ityDescriptor, the sd is

absolute sd, and CoInitializeSec urity needs absolute sd. Pythonwin has
not wrapped function like 'MakeAbsoluteSD '.

Has someone ever had same problem. Could you give a hint for solving
the problem. Thanks.

Regards

Dec 1 '06 #1

Subscribe Reply

3228

Roger Upole

Huayang Xia wrote:

I'd like to call pythoncom.CoIni tializeSecurity with a
PySecurityDescr iptor object to set the process-wide security values.
But I'm not able to find a way to let the code go through.

I have read MSDN and searched web, I've not been able to find answer. I
cooked a security descriptor like this (assume aces is a tuple of tuple
(access, sid) :

sd = win32security.S ECURITY_DESCRIP TOR()
sd.Initialize()
sd.SetSecurityD escriptorOwner( sid_owner, False)
sd.SetSecurityD escriptorGroup( sid_group, False)
# create DACL
dacl = win32security.A CL()
dacl.Initialize ()
for (access, acc_sid) in aces:
# Add ACE which is access and SID
dacl.AddAccessA llowedAce(win32 security.ACL_RE VISION, access,
isinstance(acc_ sid, (unicode, str)) and
win32security.C onvertStringSid ToSid(acc_sid) or acc_sid)

sd.SetDacl(True , dacl, False) # SetSecurityDesc riptorDacl
print sd.IsSelfRelati ve() # result is 1

The sd is a self relative one.

>>From MSDN, after calling InitializeSecur ityDescriptor, the sd is
absolute sd, and CoInitializeSec urity needs absolute sd. Pythonwin has
not wrapped function like 'MakeAbsoluteSD '.

Has someone ever had same problem. Could you give a hint for solving
the problem. Thanks.

Regards

PySECURITY_DESC RIPTOR's are always stored in self-relative format.
They should be converted automatically in the few places that require an
absolute SD, but looks like this one was missed.
Could you file a bug report on SourceForge ?
http://sourceforge.net/projects/pywin32/

Roger

----== Posted via Newsfeeds.Com - Unlimited-Unrestricted-Secure Usenet News==----
http://www.newsfeeds.com The #1 Newsgroup Service in the World! 120,000+ Newsgroups
----= East and West-Coast Server Farms - Total Privacy via Encryption =----

Dec 2 '06 #2

Similar topics

2241

non close-on-exec mysql connection descriptor leads to security risks

by: Luke Wojtow | last post by:

Hi all, http://bugs.mysql.com/bug.php?id=3779 Discussion about insecurity of mysql_pconnect in multi-server/multi-user environment.Can anyone explain what Hartmut Holzgraefe meant by "But even if close_on_exec were set on PHP->MySQL connections there would still be the risk of connection hijacking with PHP pconnect as any other piece of code executed within the web server context has access to the persistant connection. This especially...

PHP

6321

CoInitializeSecurity in ASP.NET

by: Clas Hortien | last post by:

Hello, i try to get access to a local virtual server object. I have a aspx page with a button and textbox, this is the code: public class WebForm1 : System.Web.UI.Page { protected System.Web.UI.WebControls.Button btnFillBox; protected System.Web.UI.WebControls.TextBox txtHost; protected System.Web.UI.WebControls.Label Label1;

C# / C Sharp

1777

Need help on a Web security thing

by: Jayme Pechan | last post by:

I wrote a very simply web application and I'm having all sorts of problems with the security getting in the way. All the web application does is load an out-of-process COM server that is running as a service. The code is here written for both a WinForm C# application (which works correctly) and a Web application (which does not work correctly): // C# application xtapisvrLib.XtapiConfig x = new xtapisvrLib.XtapiConfigClass(); ...

C# / C Sharp

8695

Converting a security descriptor

by: Jan Nielsen | last post by:

In a C# application I'm using the NetShareGetInfo API function to get some information about a share. This is working all right. Now I want my application to be able to display the contents of the security descriptor as well. Using NetShareGetInfo I get a IntPtr (SECURITY_DESCRIPTOR*) to the security descriptor. I would like to convert this into an ActiveDs.IADsSecurityDescriptor.

C# / C Sharp

2651

setting security from code

by: Danko Greiner | last post by:

Thanx Willy, this was very helpful. But i also need (and want to know) how to do this from code. Can you plase give me right topic in MSDN? is there good example? Thanx p.s. this is copy/paste from previous thread, don't ask why... "Grei" <danko.greinerREMOVE@zg.htnet.hr> wrote in message news:d1vihg$m3b$1@ss405.t-com.hr...

C# / C Sharp

3832

Converting WMI binary SD array to Security Descriptor

by: ChrisWoodruff | last post by:

I have a C++ function in a COM object that I am trying to implement in VB.NET (the functionality, NOT the COM object, I want to remove the requirement for the COM DLL) I am an experienced VB programmer, but this is my first .NET app... Original Code (what I have been doing and works) VB6 (extra stuff removed for clarity) Set objWbem = CreateObject("WbemScripting.SWbemLocator") Set objSvc = objWbem.ConnectServer(ComputerName, "root")

Visual Basic .NET

1256

Access Control List and Security Descriptor

by: Yosh | last post by:

How do you validate a user that is currently logged in against a Security Descriptor to see if they have access to an object? Hope this makes sense. Thanks, Yosh

.NET Framework

1538

thread security

by: Surfy wu | last post by:

HI all: Call poll() function at two threads, and the important is the two threads are waitting for the same socket descriptor . one of them is set POLLIN , the other is set POLLOUT. What i want to know is whether i should protect the socket descriptor by using lock. thanks advance

C / C++

1478

VC++ security problem using WMI

by: Newsgroups | last post by:

Hi, I found some code from codeproject site using WMI in VC++. I have created a method having the following code in it. It works fine when I am running into "Admin" accound in Windows XP Pro while in "Restricted user account", its not able to run. It's giving error messsage "Could not enumerate" so it seems "pEnumObject" seems null or empty. Please help, Thanks in advance,

.NET Framework

8600

Changing the language in Windows 10

by: Hystou | last post by:

Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...

Windows Server

9156

Problem With Comparison Operator <=> in G++

by: Oralloy | last post by:

Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. Here is my compilation command: g++-12 -std=c++20 -Wnarrowing bit_field.cpp Here is the code in...

C / C++

9021

Maximizing Business Potential: The Nexus of Website Design and Digital Marketing

by: jinu1996 | last post by:

In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...

Online Marketing

8892

The easy way to turn off automatic updates for Windows 10/11

by: Hystou | last post by:

Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...

Windows Server

7712

AI Job Threat for Devs

by: agi2029 | last post by:

Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own.... Now, this would greatly impact the work of software developers. The idea...

Career Advice

6518

Access Europe - Using VBA to create a class based on a table - Wed 1 May

by: isladogs | last post by:

The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms. Adolph will...

Microsoft Access / VBA

5860

Couldn’t get equations in html when convert word .docx file to html file in C#.

by: conductexam | last post by:

I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...

C# / C Sharp

4614

Windows Forms - .Net 8.0

by: adsilva | last post by:

A Windows Forms form does not have the event Unload, like VB6. What one acts like?

Visual Basic .NET

1998

Comprehensive Guide to Website Development in Toronto: Expert Insights from BSMN Consultancy

by: bsmnconsultancy | last post by:

In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...

General