I have a global event that signifies that my service is running. I need to give read access to this object for everyone. I used the following code to create the security descriptor (code w/o error handling):
PSID pSIDEveryone;<br/>
PSID pSIDAdmin;<br/>
PACL pACL;<br/>
PSECURITY_DESCRIPTOR pSD;
<br/>
//Allocate SID for everyone<br/>
SID_IDENTIFIER_AUTHORITY SIDAuthWorld = SECURITY_WORLD_SID_AUTHORITY;<br/>
AllocateAndInitializeSid(&SIDAuthWorld, 1,<br/>
SECURITY_WORLD_RID,<br/>
0,<br/>
0, 0, 0, 0, 0, 0,<br/>
&pSIDEveryone);
//Allocate SID for the BUILTINAdministrators group.<br/>
SID_IDENTIFIER_AUTHORITY SIDAuthNT = SECURITY_NT_AUTHORITY;<br/>
AllocateAndInitializeSid(&SIDAuthNT, 2,<br/>
SECURITY_BUILTIN_DOMAIN_RID,<br/>
DOMAIN_ALIAS_RID_ADMINS,<br/>
0, 0, 0, 0, 0, 0,<br/>
&pSIDAdmin);
//The ACE will allow Everyone read access and all access to the admin<br/>
EXPLICIT_ACCESS ea[2] = {0};
//First Everyone<br/>
ea[0].grfAccessPermissions = KEY_READ | SYNCHRONIZE;<br/>
ea[0].grfAccessMode = SET_ACCESS;<br/>
ea[0].grfInheritance= NO_INHERITANCE;<br/>
ea[0].Trustee.TrusteeForm = TRUSTEE_IS_SID;<br/>
ea[0].Trustee.TrusteeType = TRUSTEE_IS_WELL_KNOWN_GROUP;<br/>
ea[0].Trustee.ptstrName = (LPTSTR)pSIDEveryone;
//Then admin<br/>
ea[1].grfAccessPermissions = GENERIC_ALL;<br/>
ea[1].grfAccessMode = SET_ACCESS;<br/>
ea[1].grfInheritance= NO_INHERITANCE;<br/>
ea[1].Trustee.TrusteeForm = TRUSTEE_IS_SID;<br/>
ea[1].Trustee.TrusteeType = TRUSTEE_IS_GROUP;<br/>
ea[1].Trustee.ptstrName = (LPTSTR)pSIDAdmin;
SetEntriesInAcl(SIZEOF(ea), ea, NULL, &pACL);
pSD = (PSECURITY_DESCRIPTOR)LocalAlloc(LPTR, SECURITY_DESCRIPTOR_MIN_LENGTH);
InitializeSecurityDescriptor(pSD, SECURITY_DESCRIPTOR_REVISION);
//Add the ACL to the security descriptor<br/>
SetSecurityDescriptorDacl(pSD, TRUE, pACL, FALSE);
and then I use this SD to create a global event:
<br/>
#define GLOBAL_EVENT_NAME _T("Global\my_service_event_name")
SECURITY_ATTRIBUTES sa;<br/>
sa.nLength = sizeof(sa);<br/>
sa.bInheritHandle = FALSE;<br/>
sa.lpSecurityDescriptor = pSD;
::CreateEvent(&sa, FALSE, FALSE, GLOBAL_EVENT_NAME);
Then if I need to check if my service is running I do this:
<br/>
HANDLE hEvent = ::OpenEvent(READ_CONTROL, FALSE, GLOBAL_EVENT_NAME);<br/>
if(hEvent)<br/>
{<br/>
//Its on<br/>
bServiceIsOn = TRUE;
CloseHandle(hEvent);<br/>
}
<br/>
The last function (OpenEvent) seems to be working fine even from a built in Guest account. The problem arises when I try to call it from my screen saver that is running when no user is logged on. The OpenEvent in the code above returns ERROR_ACCESS_DENIED.
Im not sure why?
PS. <span style=" <span style=" I spent a whole day so far trying to crack one more of these Windows conundrums.....<span>
<br/>
<br/>
So far I was able to establish that both my service and the screen saver are running with the integrity level or<span> S-1-16-16384: Mandatory LabelSystem Mandatory Level<span> and the screen saver is running with the credentials
of<span> SID: S-1-5-19: Local Service<span> and the service:<span> SID: S-1-5-18: Local System.<br/>
<br/>
Are there any privileges that the screensaver needs to be able to open an event object?<br/>
<br/>
Any ideas why I cant open it???
View the full article
PSID pSIDEveryone;<br/>
PSID pSIDAdmin;<br/>
PACL pACL;<br/>
PSECURITY_DESCRIPTOR pSD;
<br/>
//Allocate SID for everyone<br/>
SID_IDENTIFIER_AUTHORITY SIDAuthWorld = SECURITY_WORLD_SID_AUTHORITY;<br/>
AllocateAndInitializeSid(&SIDAuthWorld, 1,<br/>
SECURITY_WORLD_RID,<br/>
0,<br/>
0, 0, 0, 0, 0, 0,<br/>
&pSIDEveryone);
//Allocate SID for the BUILTINAdministrators group.<br/>
SID_IDENTIFIER_AUTHORITY SIDAuthNT = SECURITY_NT_AUTHORITY;<br/>
AllocateAndInitializeSid(&SIDAuthNT, 2,<br/>
SECURITY_BUILTIN_DOMAIN_RID,<br/>
DOMAIN_ALIAS_RID_ADMINS,<br/>
0, 0, 0, 0, 0, 0,<br/>
&pSIDAdmin);
//The ACE will allow Everyone read access and all access to the admin<br/>
EXPLICIT_ACCESS ea[2] = {0};
//First Everyone<br/>
ea[0].grfAccessPermissions = KEY_READ | SYNCHRONIZE;<br/>
ea[0].grfAccessMode = SET_ACCESS;<br/>
ea[0].grfInheritance= NO_INHERITANCE;<br/>
ea[0].Trustee.TrusteeForm = TRUSTEE_IS_SID;<br/>
ea[0].Trustee.TrusteeType = TRUSTEE_IS_WELL_KNOWN_GROUP;<br/>
ea[0].Trustee.ptstrName = (LPTSTR)pSIDEveryone;
//Then admin<br/>
ea[1].grfAccessPermissions = GENERIC_ALL;<br/>
ea[1].grfAccessMode = SET_ACCESS;<br/>
ea[1].grfInheritance= NO_INHERITANCE;<br/>
ea[1].Trustee.TrusteeForm = TRUSTEE_IS_SID;<br/>
ea[1].Trustee.TrusteeType = TRUSTEE_IS_GROUP;<br/>
ea[1].Trustee.ptstrName = (LPTSTR)pSIDAdmin;
SetEntriesInAcl(SIZEOF(ea), ea, NULL, &pACL);
pSD = (PSECURITY_DESCRIPTOR)LocalAlloc(LPTR, SECURITY_DESCRIPTOR_MIN_LENGTH);
InitializeSecurityDescriptor(pSD, SECURITY_DESCRIPTOR_REVISION);
//Add the ACL to the security descriptor<br/>
SetSecurityDescriptorDacl(pSD, TRUE, pACL, FALSE);
and then I use this SD to create a global event:
<br/>
#define GLOBAL_EVENT_NAME _T("Global\my_service_event_name")
SECURITY_ATTRIBUTES sa;<br/>
sa.nLength = sizeof(sa);<br/>
sa.bInheritHandle = FALSE;<br/>
sa.lpSecurityDescriptor = pSD;
::CreateEvent(&sa, FALSE, FALSE, GLOBAL_EVENT_NAME);
Then if I need to check if my service is running I do this:
<br/>
HANDLE hEvent = ::OpenEvent(READ_CONTROL, FALSE, GLOBAL_EVENT_NAME);<br/>
if(hEvent)<br/>
{<br/>
//Its on<br/>
bServiceIsOn = TRUE;
CloseHandle(hEvent);<br/>
}
<br/>
The last function (OpenEvent) seems to be working fine even from a built in Guest account. The problem arises when I try to call it from my screen saver that is running when no user is logged on. The OpenEvent in the code above returns ERROR_ACCESS_DENIED.
Im not sure why?
PS. <span style=" <span style=" I spent a whole day so far trying to crack one more of these Windows conundrums.....<span>
<br/><br/>
So far I was able to establish that both my service and the screen saver are running with the integrity level or<span> S-1-16-16384: Mandatory LabelSystem Mandatory Level<span> and the screen saver is running with the credentials
of<span> SID: S-1-5-19: Local Service<span> and the service:<span> SID: S-1-5-18: Local System.<br/>
<br/>
Are there any privileges that the screensaver needs to be able to open an event object?<br/>
<br/>
Any ideas why I cant open it???
View the full article