473,698 Members | 1,901 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

Security Descriptor and CoInitializeSec urity

I'd like to call pythoncom.CoIni tializeSecurity with a
PySecurityDescr iptor object to set the process-wide security values.
But I'm not able to find a way to let the code go through.

I have read MSDN and searched web, I've not been able to find answer. I
cooked a security descriptor like this (assume aces is a tuple of tuple
(access, sid) :

sd = win32security.S ECURITY_DESCRIP TOR()
sd.Initialize()
sd.SetSecurityD escriptorOwner( sid_owner, False)
sd.SetSecurityD escriptorGroup( sid_group, False)
# create DACL
dacl = win32security.A CL()
dacl.Initialize ()
for (access, acc_sid) in aces:
# Add ACE which is access and SID
dacl.AddAccessA llowedAce(win32 security.ACL_RE VISION, access,
isinstance(acc_ sid, (unicode, str)) and
win32security.C onvertStringSid ToSid(acc_sid) or acc_sid)

sd.SetDacl(True , dacl, False) # SetSecurityDesc riptorDacl
print sd.IsSelfRelati ve() # result is 1

The sd is a self relative one.
>From MSDN, after calling InitializeSecur ityDescriptor, the sd is
absolute sd, and CoInitializeSec urity needs absolute sd. Pythonwin has
not wrapped function like 'MakeAbsoluteSD '.

Has someone ever had same problem. Could you give a hint for solving
the problem. Thanks.

Regards

Dec 1 '06 #1
1 3228

Huayang Xia wrote:
I'd like to call pythoncom.CoIni tializeSecurity with a
PySecurityDescr iptor object to set the process-wide security values.
But I'm not able to find a way to let the code go through.

I have read MSDN and searched web, I've not been able to find answer. I
cooked a security descriptor like this (assume aces is a tuple of tuple
(access, sid) :

sd = win32security.S ECURITY_DESCRIP TOR()
sd.Initialize()
sd.SetSecurityD escriptorOwner( sid_owner, False)
sd.SetSecurityD escriptorGroup( sid_group, False)
# create DACL
dacl = win32security.A CL()
dacl.Initialize ()
for (access, acc_sid) in aces:
# Add ACE which is access and SID
dacl.AddAccessA llowedAce(win32 security.ACL_RE VISION, access,
isinstance(acc_ sid, (unicode, str)) and
win32security.C onvertStringSid ToSid(acc_sid) or acc_sid)

sd.SetDacl(True , dacl, False) # SetSecurityDesc riptorDacl
print sd.IsSelfRelati ve() # result is 1

The sd is a self relative one.
>>From MSDN, after calling InitializeSecur ityDescriptor, the sd is
absolute sd, and CoInitializeSec urity needs absolute sd. Pythonwin has
not wrapped function like 'MakeAbsoluteSD '.

Has someone ever had same problem. Could you give a hint for solving
the problem. Thanks.

Regards
PySECURITY_DESC RIPTOR's are always stored in self-relative format.
They should be converted automatically in the few places that require an
absolute SD, but looks like this one was missed.
Could you file a bug report on SourceForge ?
http://sourceforge.net/projects/pywin32/

Roger


----== Posted via Newsfeeds.Com - Unlimited-Unrestricted-Secure Usenet News==----
http://www.newsfeeds.com The #1 Newsgroup Service in the World! 120,000+ Newsgroups
----= East and West-Coast Server Farms - Total Privacy via Encryption =----
Dec 2 '06 #2

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

1
2241
by: Luke Wojtow | last post by:
Hi all, http://bugs.mysql.com/bug.php?id=3779 Discussion about insecurity of mysql_pconnect in multi-server/multi-user environment.Can anyone explain what Hartmut Holzgraefe meant by "But even if close_on_exec were set on PHP->MySQL connections there would still be the risk of connection hijacking with PHP pconnect as any other piece of code executed within the web server context has access to the persistant connection. This especially...
9
6321
by: Clas Hortien | last post by:
Hello, i try to get access to a local virtual server object. I have a aspx page with a button and textbox, this is the code: public class WebForm1 : System.Web.UI.Page { protected System.Web.UI.WebControls.Button btnFillBox; protected System.Web.UI.WebControls.TextBox txtHost; protected System.Web.UI.WebControls.Label Label1;
10
1777
by: Jayme Pechan | last post by:
I wrote a very simply web application and I'm having all sorts of problems with the security getting in the way. All the web application does is load an out-of-process COM server that is running as a service. The code is here written for both a WinForm C# application (which works correctly) and a Web application (which does not work correctly): // C# application xtapisvrLib.XtapiConfig x = new xtapisvrLib.XtapiConfigClass(); ...
1
8695
by: Jan Nielsen | last post by:
In a C# application I'm using the NetShareGetInfo API function to get some information about a share. This is working all right. Now I want my application to be able to display the contents of the security descriptor as well. Using NetShareGetInfo I get a IntPtr (SECURITY_DESCRIPTOR*) to the security descriptor. I would like to convert this into an ActiveDs.IADsSecurityDescriptor.
1
2651
by: Danko Greiner | last post by:
Thanx Willy, this was very helpful. But i also need (and want to know) how to do this from code. Can you plase give me right topic in MSDN? is there good example? Thanx p.s. this is copy/paste from previous thread, don't ask why... "Grei" <danko.greinerREMOVE@zg.htnet.hr> wrote in message news:d1vihg$m3b$1@ss405.t-com.hr...
0
3832
by: ChrisWoodruff | last post by:
I have a C++ function in a COM object that I am trying to implement in VB.NET (the functionality, NOT the COM object, I want to remove the requirement for the COM DLL) I am an experienced VB programmer, but this is my first .NET app... Original Code (what I have been doing and works) VB6 (extra stuff removed for clarity) Set objWbem = CreateObject("WbemScripting.SWbemLocator") Set objSvc = objWbem.ConnectServer(ComputerName, "root")
2
1256
by: Yosh | last post by:
How do you validate a user that is currently logged in against a Security Descriptor to see if they have access to an object? Hope this makes sense. Thanks, Yosh
1
1538
by: Surfy wu | last post by:
HI all: Call poll() function at two threads, and the important is the two threads are waitting for the same socket descriptor . one of them is set POLLIN , the other is set POLLOUT. What i want to know is whether i should protect the socket descriptor by using lock. thanks advance
2
1478
by: Newsgroups | last post by:
Hi, I found some code from codeproject site using WMI in VC++. I have created a method having the following code in it. It works fine when I am running into "Admin" accound in Windows XP Pro while in "Restricted user account", its not able to run. It's giving error messsage "Could not enumerate" so it seems "pEnumObject" seems null or empty. Please help, Thanks in advance,
0
8600
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
0
9156
Oralloy
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. Here is my compilation command: g++-12 -std=c++20 -Wnarrowing bit_field.cpp Here is the code in...
0
9021
jinu1996
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...
1
8892
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
0
7712
agi2029
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own.... Now, this would greatly impact the work of software developers. The idea...
1
6518
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms. Adolph will...
0
5860
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...
0
4614
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
3
1998
bsmnconsultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.