By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
440,222 Members | 2,478 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 440,222 IT Pros & Developers. It's quick & easy.

Security Descriptor and CoInitializeSecurity

P: n/a
I'd like to call pythoncom.CoInitializeSecurity with a
PySecurityDescriptor object to set the process-wide security values.
But I'm not able to find a way to let the code go through.

I have read MSDN and searched web, I've not been able to find answer. I
cooked a security descriptor like this (assume aces is a tuple of tuple
(access, sid) :

sd = win32security.SECURITY_DESCRIPTOR()
sd.Initialize()
sd.SetSecurityDescriptorOwner(sid_owner, False)
sd.SetSecurityDescriptorGroup(sid_group, False)
# create DACL
dacl = win32security.ACL()
dacl.Initialize()
for (access, acc_sid) in aces:
# Add ACE which is access and SID
dacl.AddAccessAllowedAce(win32security.ACL_REVISIO N, access,
isinstance(acc_sid, (unicode, str)) and
win32security.ConvertStringSidToSid(acc_sid) or acc_sid)

sd.SetDacl(True, dacl, False) # SetSecurityDescriptorDacl
print sd.IsSelfRelative() # result is 1

The sd is a self relative one.
>From MSDN, after calling InitializeSecurityDescriptor, the sd is
absolute sd, and CoInitializeSecurity needs absolute sd. Pythonwin has
not wrapped function like 'MakeAbsoluteSD'.

Has someone ever had same problem. Could you give a hint for solving
the problem. Thanks.

Regards

Dec 1 '06 #1
Share this Question
Share on Google+
1 Reply


P: n/a

Huayang Xia wrote:
I'd like to call pythoncom.CoInitializeSecurity with a
PySecurityDescriptor object to set the process-wide security values.
But I'm not able to find a way to let the code go through.

I have read MSDN and searched web, I've not been able to find answer. I
cooked a security descriptor like this (assume aces is a tuple of tuple
(access, sid) :

sd = win32security.SECURITY_DESCRIPTOR()
sd.Initialize()
sd.SetSecurityDescriptorOwner(sid_owner, False)
sd.SetSecurityDescriptorGroup(sid_group, False)
# create DACL
dacl = win32security.ACL()
dacl.Initialize()
for (access, acc_sid) in aces:
# Add ACE which is access and SID
dacl.AddAccessAllowedAce(win32security.ACL_REVISIO N, access,
isinstance(acc_sid, (unicode, str)) and
win32security.ConvertStringSidToSid(acc_sid) or acc_sid)

sd.SetDacl(True, dacl, False) # SetSecurityDescriptorDacl
print sd.IsSelfRelative() # result is 1

The sd is a self relative one.
>>From MSDN, after calling InitializeSecurityDescriptor, the sd is
absolute sd, and CoInitializeSecurity needs absolute sd. Pythonwin has
not wrapped function like 'MakeAbsoluteSD'.

Has someone ever had same problem. Could you give a hint for solving
the problem. Thanks.

Regards
PySECURITY_DESCRIPTOR's are always stored in self-relative format.
They should be converted automatically in the few places that require an
absolute SD, but looks like this one was missed.
Could you file a bug report on SourceForge ?
http://sourceforge.net/projects/pywin32/

Roger


----== Posted via Newsfeeds.Com - Unlimited-Unrestricted-Secure Usenet News==----
http://www.newsfeeds.com The #1 Newsgroup Service in the World! 120,000+ Newsgroups
----= East and West-Coast Server Farms - Total Privacy via Encryption =----
Dec 2 '06 #2

This discussion thread is closed

Replies have been disabled for this discussion.