Security Descriptor and CoInitializeSecurity

H

Huayang Xia

I'd like to call pythoncom.CoInitializeSecurity with a
PySecurityDescriptor object to set the process-wide security values.
But I'm not able to find a way to let the code go through.

I have read MSDN and searched web, I've not been able to find answer. I
cooked a security descriptor like this (assume aces is a tuple of tuple
(access, sid) :



sd = win32security.SECURITY_DESCRIPTOR()
sd.Initialize()
sd.SetSecurityDescriptorOwner(sid_owner, False)
sd.SetSecurityDescriptorGroup(sid_group, False)


# create DACL
dacl = win32security.ACL()
dacl.Initialize()
for (access, acc_sid) in aces:
# Add ACE which is access and SID
dacl.AddAccessAllowedAce(win32security.ACL_REVISION, access,
isinstance(acc_sid, (unicode, str)) and
win32security.ConvertStringSidToSid(acc_sid) or acc_sid)

sd.SetDacl(True, dacl, False) # SetSecurityDescriptorDacl
print sd.IsSelfRelative() # result is 1

The sd is a self relative one.
From MSDN, after calling InitializeSecurityDescriptor, the sd is
Click to expand...
absolute sd, and CoInitializeSecurity needs absolute sd. Pythonwin has
not wrapped function like 'MakeAbsoluteSD'.

Has someone ever had same problem. Could you give a hint for solving
the problem. Thanks.

Regards
 
R

Roger Upole

Huayang said:
I'd like to call pythoncom.CoInitializeSecurity with a
PySecurityDescriptor object to set the process-wide security values.
But I'm not able to find a way to let the code go through.

I have read MSDN and searched web, I've not been able to find answer. I
cooked a security descriptor like this (assume aces is a tuple of tuple
(access, sid) :



sd = win32security.SECURITY_DESCRIPTOR()
sd.Initialize()
sd.SetSecurityDescriptorOwner(sid_owner, False)
sd.SetSecurityDescriptorGroup(sid_group, False)


# create DACL
dacl = win32security.ACL()
dacl.Initialize()
for (access, acc_sid) in aces:
# Add ACE which is access and SID
dacl.AddAccessAllowedAce(win32security.ACL_REVISION, access,
isinstance(acc_sid, (unicode, str)) and
win32security.ConvertStringSidToSid(acc_sid) or acc_sid)

sd.SetDacl(True, dacl, False) # SetSecurityDescriptorDacl
print sd.IsSelfRelative() # result is 1

The sd is a self relative one.

absolute sd, and CoInitializeSecurity needs absolute sd. Pythonwin has
not wrapped function like 'MakeAbsoluteSD'.

Has someone ever had same problem. Could you give a hint for solving
the problem. Thanks.

Regards
Click to expand...

PySECURITY_DESCRIPTOR's are always stored in self-relative format.
They should be converted automatically in the few places that require an
absolute SD, but looks like this one was missed.
Could you file a bug report on SourceForge ?
http://sourceforge.net/projects/pywin32/

Roger
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Password validation security issue 19
Simple security between prototype iPhone app and SimpleHTTPServerREST service? 0
Emulate @classmethod using decorator and descriptor 2
FAQ 5.35 How do I close a file descriptor by number? 0
Urgent Help Needed: Supporting Education and Family Through Hard Work 0
Applets security and HTMLets 10
Problem with a login script, SESSION user rights and put this together so it works with the other pages and MySQL. Code examples. 2
Docking electron desktop app above browsers and other applications. 7

Members online

Total: 72 (members: 2, guests: 70)
Robots: 66

Forum statistics

Threads
474,265
Messages
2,571,069
Members
48,771
Latest member
ElysaD

Latest Threads

Top