Security Descriptor and CoInitializeSecurity

Sat Dec 2 13:20:01 EST 2006

Huayang Xia wrote:
> I'd like to call pythoncom.CoInitializeSecurity with a
> PySecurityDescriptor object to set the process-wide security values.
> But I'm not able to find a way to let the code go through.
>
> I have read MSDN and searched web, I've not been able to find answer. I
> cooked a security descriptor like this (assume aces is a tuple of tuple
> (access, sid) :
>
>
>
>    sd = win32security.SECURITY_DESCRIPTOR()
>    sd.Initialize()
>    sd.SetSecurityDescriptorOwner(sid_owner, False)
>    sd.SetSecurityDescriptorGroup(sid_group, False)
>
>
>    # create DACL
>    dacl = win32security.ACL()
>    dacl.Initialize()
>    for (access, acc_sid) in aces:
>        # Add ACE which is access and SID
>        dacl.AddAccessAllowedAce(win32security.ACL_REVISION, access,
> isinstance(acc_sid, (unicode, str)) and
> win32security.ConvertStringSidToSid(acc_sid) or acc_sid)
>
>    sd.SetDacl(True, dacl, False)           # SetSecurityDescriptorDacl
>    print sd.IsSelfRelative()                    # result is 1
>
> The sd is a self relative one.
>
>>From MSDN, after calling InitializeSecurityDescriptor, the sd is
> absolute sd, and CoInitializeSecurity needs absolute sd. Pythonwin has
> not wrapped function like 'MakeAbsoluteSD'.
>
> Has someone ever had same problem. Could you give a hint for solving
> the problem. Thanks.
>
> Regards

PySECURITY_DESCRIPTOR's are always stored in self-relative format.
They should be converted automatically in the few places that require an
absolute SD, but looks like this one was missed.
Could you file a bug report on SourceForge ?
http://sourceforge.net/projects/pywin32/

          Roger

----== Posted via Newsfeeds.Com - Unlimited-Unrestricted-Secure Usenet News==----
http://www.newsfeeds.com The #1 Newsgroup Service in the World! 120,000+ Newsgroups
----= East and West-Coast Server Farms - Total Privacy via Encryption =----