Security Descriptor and CoInitializeSecurity
Huayang Xia
huayang.xia at gmail.com
Fri Dec 1 13:47:39 EST 2006
I'd like to call pythoncom.CoInitializeSecurity with a
PySecurityDescriptor object to set the process-wide security values.
But I'm not able to find a way to let the code go through.
I have read MSDN and searched web, I've not been able to find answer. I
cooked a security descriptor like this (assume aces is a tuple of tuple
(access, sid) :
sd = win32security.SECURITY_DESCRIPTOR()
sd.Initialize()
sd.SetSecurityDescriptorOwner(sid_owner, False)
sd.SetSecurityDescriptorGroup(sid_group, False)
# create DACL
dacl = win32security.ACL()
dacl.Initialize()
for (access, acc_sid) in aces:
# Add ACE which is access and SID
dacl.AddAccessAllowedAce(win32security.ACL_REVISION, access,
isinstance(acc_sid, (unicode, str)) and
win32security.ConvertStringSidToSid(acc_sid) or acc_sid)
sd.SetDacl(True, dacl, False) # SetSecurityDescriptorDacl
print sd.IsSelfRelative() # result is 1
The sd is a self relative one.
>From MSDN, after calling InitializeSecurityDescriptor, the sd is
absolute sd, and CoInitializeSecurity needs absolute sd. Pythonwin has
not wrapped function like 'MakeAbsoluteSD'.
Has someone ever had same problem. Could you give a hint for solving
the problem. Thanks.
Regards
More information about the Python-list
mailing list