Security Descriptor and CoInitializeSecurity
Roger Upole
rupole at hotmail.com
Sat Dec 2 13:20:01 EST 2006
Huayang Xia wrote:
> I'd like to call pythoncom.CoInitializeSecurity with a
> PySecurityDescriptor object to set the process-wide security values.
> But I'm not able to find a way to let the code go through.
>
> I have read MSDN and searched web, I've not been able to find answer. I
> cooked a security descriptor like this (assume aces is a tuple of tuple
> (access, sid) :
>
>
>
> sd = win32security.SECURITY_DESCRIPTOR()
> sd.Initialize()
> sd.SetSecurityDescriptorOwner(sid_owner, False)
> sd.SetSecurityDescriptorGroup(sid_group, False)
>
>
> # create DACL
> dacl = win32security.ACL()
> dacl.Initialize()
> for (access, acc_sid) in aces:
> # Add ACE which is access and SID
> dacl.AddAccessAllowedAce(win32security.ACL_REVISION, access,
> isinstance(acc_sid, (unicode, str)) and
> win32security.ConvertStringSidToSid(acc_sid) or acc_sid)
>
> sd.SetDacl(True, dacl, False) # SetSecurityDescriptorDacl
> print sd.IsSelfRelative() # result is 1
>
> The sd is a self relative one.
>
>>From MSDN, after calling InitializeSecurityDescriptor, the sd is
> absolute sd, and CoInitializeSecurity needs absolute sd. Pythonwin has
> not wrapped function like 'MakeAbsoluteSD'.
>
> Has someone ever had same problem. Could you give a hint for solving
> the problem. Thanks.
>
> Regards
PySECURITY_DESCRIPTOR's are always stored in self-relative format.
They should be converted automatically in the few places that require an
absolute SD, but looks like this one was missed.
Could you file a bug report on SourceForge ?
http://sourceforge.net/projects/pywin32/
Roger
----== Posted via Newsfeeds.Com - Unlimited-Unrestricted-Secure Usenet News==----
http://www.newsfeeds.com The #1 Newsgroup Service in the World! 120,000+ Newsgroups
----= East and West-Coast Server Farms - Total Privacy via Encryption =----
More information about the Python-list
mailing list