Gerbarii

Hello! I have imported CreateFileMapping function, yet I can't quite implement it's SecurityAtributes parameter. When setting it to null, everything works well, untill you access shared memory with another user...

Thus I tried some classes with SIDs and everything, but me being no expert in native security functions they all fail: CreateFileMapping returns ERROR_NOACCES... It's not a major drawback, but really would like to allow cross-user communication.

Thank you!

static extern IntPtr CreateFileMapping(IntPtr hFile, SecurityAttributes secAttributes, ....);

class SecurityAttributes

{

public SecurityAttributes(IntPtr securityDescriptor)

{

this.lpSecurityDescriptor = securityDescriptor;

}

UInt32 nLegnth = 12;

IntPtr lpSecurityDescriptor;

Boolean bInheritHandle = true;

}

public test()

{

IntPtr descriptor = IntPtr.Zero, sid = IntPtr.Zero;

AdvApi32.InitializeSecurityDescriptor(out descriptor, 1);

WindowsIdentity identity = WindowsIdentity.GetCurrent();

AdvApi32.ConvertStringSidToSid(identity.User.Value, ref sid);

AdvApi32.SetSecurityDescriptorDacl(ref descriptor, true, sid, false);

Kernel32.SecurityAttributes securityAttributes = new Kernel32.SecurityAttributes(descriptor);

Kernel32.CreateFileMapping((IntPtr)Kernel32.INVALID_HANDLE_VALUE, securityAttributes, ...);

Kernel32.GetLastError();

// ^^ that's where I get error 998...

}



Re: Visual C# General How to CreateFileMapping with security attributes that allow cross-user access?

TaylorMichaelL

Ah the infamous NULL security issue. This applies to all security attributes in Win32. The problem is that a NULL security attribute means you want to use the default security of the process/thread. This means it is specific to a user. If you want anybody to have access to the object in question then you need to instead use a NULL descriptor (which is different). A NULL descriptor is a DACL that is set to NULL. This means anybody has access. So create one security attribute, set the security descriptor to NULL (IntPtr.Zero) and pass that to the function and anybody should have access.

Michael Taylor - 3/30/07

http://p3net.mvps.org





Re: Visual C# General How to CreateFileMapping with security attributes that allow cross-user access?

Gerbarii

Thanks a lot!

Finally I can do it: ConvertStringSecurityDescriptorToSecurityDescriptor function. And MSDN has a fine description to understand how to build valid strings...

If you had another way (function) in mind, could you, please, tell me Thanks again =)





Re: Visual C# General How to CreateFileMapping with security attributes that allow cross-user access?

TaylorMichaelL

If you're using v2 then SecurityIdentifier will probably work but I haven't tried it.

SecurityIdentifier sid = new SecurityIdentifier(WellKnownSidType.NullSid, null); //NULL SID

Then use GetBinaryForm or Value to get the binary or string format that you can then pass to unmanaged code.

Michael Taylor - 3/30/07

http://p3net.mvps.org