Security Descriptor and CoInitializeSecurity

Huayang Xia

I'd like to call pythoncom.CoInitializeSecurity with a
PySecurityDescriptor object to set the process-wide security values.
But I'm not able to find a way to let the code go through.

I have read MSDN and searched web, I've not been able to find answer. I
cooked a security descriptor like this (assume aces is a tuple of tuple
(access, sid) :

sd = win32security.SECURITY_DESCRIPTOR()
sd.Initialize()
sd.SetSecurityDescriptorOwner(sid_owner, False)
sd.SetSecurityDescriptorGroup(sid_group, False)
# create DACL
dacl = win32security.ACL()
dacl.Initialize()
for (access, acc_sid) in aces:
# Add ACE which is access and SID
dacl.AddAccessAllowedAce(win32security.ACL_REVISIO N, access,
isinstance(acc_sid, (unicode, str)) and
win32security.ConvertStringSidToSid(acc_sid) or acc_sid)

sd.SetDacl(True, dacl, False) # SetSecurityDescriptorDacl
print sd.IsSelfRelative() # result is 1

The sd is a self relative one.

>From MSDN, after calling InitializeSecurityDescriptor, the sd is

absolute sd, and CoInitializeSecurity needs absolute sd. Pythonwin has
not wrapped function like 'MakeAbsoluteSD'.

Has someone ever had same problem. Could you give a hint for solving
the problem. Thanks.

Regards

Dec 1 '06 #1

Subscribe Post Reply

3192

Roger Upole

Huayang Xia wrote:

I'd like to call pythoncom.CoInitializeSecurity with a
PySecurityDescriptor object to set the process-wide security values.
But I'm not able to find a way to let the code go through.

I have read MSDN and searched web, I've not been able to find answer. I
cooked a security descriptor like this (assume aces is a tuple of tuple
(access, sid) :

sd = win32security.SECURITY_DESCRIPTOR()
sd.Initialize()
sd.SetSecurityDescriptorOwner(sid_owner, False)
sd.SetSecurityDescriptorGroup(sid_group, False)
# create DACL
dacl = win32security.ACL()
dacl.Initialize()
for (access, acc_sid) in aces:
# Add ACE which is access and SID
dacl.AddAccessAllowedAce(win32security.ACL_REVISIO N, access,
isinstance(acc_sid, (unicode, str)) and
win32security.ConvertStringSidToSid(acc_sid) or acc_sid)

sd.SetDacl(True, dacl, False) # SetSecurityDescriptorDacl
print sd.IsSelfRelative() # result is 1

The sd is a self relative one.

>>From MSDN, after calling InitializeSecurityDescriptor, the sd is
absolute sd, and CoInitializeSecurity needs absolute sd. Pythonwin has
not wrapped function like 'MakeAbsoluteSD'.

Has someone ever had same problem. Could you give a hint for solving
the problem. Thanks.

Regards

PySECURITY_DESCRIPTOR's are always stored in self-relative format.
They should be converted automatically in the few places that require an
absolute SD, but looks like this one was missed.
Could you file a bug report on SourceForge ?
http://sourceforge.net/projects/pywin32/

Roger

----== Posted via Newsfeeds.Com - Unlimited-Unrestricted-Secure Usenet News==----
http://www.newsfeeds.com The #1 Newsgroup Service in the World! 120,000+ Newsgroups
----= East and West-Coast Server Farms - Total Privacy via Encryption =----

Dec 2 '06 #2

by: Luke Wojtow | last post by:

Hi all, http://bugs.mysql.com/bug.php?id=3779 Discussion about insecurity of mysql_pconnect in multi-server/multi-user environment.Can anyone explain what Hartmut Holzgraefe meant by "But even...

PHP

CoInitializeSecurity in ASP.NET

by: Clas Hortien | last post by:

Hello, i try to get access to a local virtual server object. I have a aspx page with a button and textbox, this is the code: public class WebForm1 : System.Web.UI.Page { protected...

C# / C Sharp

Need help on a Web security thing

by: Jayme Pechan | last post by:

I wrote a very simply web application and I'm having all sorts of problems with the security getting in the way. All the web application does is load an out-of-process COM server that is running...

C# / C Sharp

Converting a security descriptor

by: Jan Nielsen | last post by:

In a C# application I'm using the NetShareGetInfo API function to get some information about a share. This is working all right. Now I want my application to be able to display the contents of...

C# / C Sharp

setting security from code

by: Danko Greiner | last post by:

Thanx Willy, this was very helpful. But i also need (and want to know) how to do this from code. Can you plase give me right topic in MSDN? is there good example? Thanx p.s. this is...

C# / C Sharp

Converting WMI binary SD array to Security Descriptor

by: ChrisWoodruff | last post by:

I have a C++ function in a COM object that I am trying to implement in VB.NET (the functionality, NOT the COM object, I want to remove the requirement for the COM DLL) I am an experienced VB...

Visual Basic .NET

Access Control List and Security Descriptor

by: Yosh | last post by:

How do you validate a user that is currently logged in against a Security Descriptor to see if they have access to an object? Hope this makes sense. Thanks, Yosh

.NET Framework

thread security

by: Surfy wu | last post by:

HI all: Call poll() function at two threads, and the important is the two threads are waitting for the same socket descriptor . one of them is set POLLIN , the other is set POLLOUT. What i want to...

C / C++

VC++ security problem using WMI

by: Newsgroups | last post by:

Hi, I found some code from codeproject site using WMI in VC++. I have created a method having the following code in it. It works fine when I am running into "Admin" accound in Windows XP Pro...

.NET Framework

Access Europe: Command bars, the Access Shortcut Tool and a simple Audit Log - Wed 3 April

by: isladogs | last post by:

The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome former...

General

One-click Importing Excel Data into a*Database

by: ryjfgjl | last post by:

In our work, we often need to import Excel data into databases (such as MySQL, SQL Server, Oracle) for data analysis and processing. Usually, we use database tools like Navicat or the Excel import...

Microsoft Excel

How to turn on java script in a villaon keypad mobile phone

by: Charles Arthur | last post by:

How do i turn on java script on a villaon, callus and itel keypad mobile phone

Java

Basic Javascript concepts

by: aa123db | last post by:

Variable and constants Use var or let for variables and const fror constants. Var foo ='bar'; Let foo ='bar';const baz ='bar'; Functions function $name$ ($parameters$) { } ...

Javascript

Batch import of multiple excel files into the database

by: ryjfgjl | last post by:

If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...

Data Management

Merging data from multiple Excel files

by: ryjfgjl | last post by:

In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...

Data Management

Migrating Website to Cloud - Emmanuel Katto

by: emmanuelkatto | last post by:

Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel

General

Looking to do Android software development, any suggestions? Is flutter better?

by: nemocccc | last post by:

hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?

General

How to build RAID in BIOS?

by: Hystou | last post by:

There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...

Computer Hardware

Security Descriptor and CoInitializeSecurity

Similar topics