Calling WIN32 API SetEntriesInAcl() always fails and returns the error code 1332.
in [Win32 API]
|
Prev: Sysevent
Next: Opened windows' hWnd
From: Hailin Peng on 6 Nov 2005 10:41 I'm writing a service procedure which can run in Windows 2K/XP/2003 platform. The procedure creates a mutex object which can be accessed by processes with all kinds of RIGHTS, such as SYSTEM Rights, Administrators Rights, User Rights, etc. When I call Win32 API SetEntriesInAcl() to create a SECURITY_ATTIBUTES object of Everyone Rights, this API function sometimes fails and returns an error code 1332. What makes me puzzled is that once the API function fails, it always fails no matter how many times the procedure subsequently calls it, which is indicated by the log output from my procedure like following: // ... Error: 1332! SetEntriesInAcl() failed! Error: 1332! SetEntriesInAcl() failed! Error: 1332! SetEntriesInAcl() failed! Error: 1332! SetEntriesInAcl() failed! // ... The MSDN description for error code 1332 is: "No mapping between account names and security IDs was done." But i really don't know what it means. And I'm totally a newbie in Windows security programming, so I couldn't do anything to fix this problem. Could you help me or give me some suggestion? Thanks in advance! P.S. The following code that I post here to provide more information is where my procedure calls the API SetEntriesInAcl() , which will fails and returns the error code 1332. // ****************************************************** HANDLE g_hMutex = NULL; void MyFunc() { while (!CreateTestMutex(g_hMutex)) { Sleep(1000); } // Using hMutex.... } BOOL CreateTestMutex(HANDLE& hMutex) { PACL pACL = NULL; PSID pEveryoneSID = NULL; SID_IDENTIFIER_AUTHORITY SIDAuthWorld = SECURITY_WORLD_SID_AUTHORITY; PSECURITY_DESCRIPTOR pSD = NULL; EXPLICIT_ACCESS ea[1]; SECURITY_ATTRIBUTES sa; if(!AllocateAndInitializeSid(&SIDAuthWorld, 1, SECURITY_WORLD_RID, 0, 0, 0, 0, 0, 0, 0, &pEveryoneSID)) { WriteLog(_T("Error: %d! AllocateAndInitializeSid() failed! \n"), GetLastError()); goto Cleanup; } ea[0].grfAccessPermissions = GENERIC_ALL; ea[0].grfAccessMode = SET_ACCESS; ea[0].grfInheritance = NO_INHERITANCE; ea[0].Trustee.TrusteeForm = TRUSTEE_IS_SID; ea[0].Trustee.TrusteeType = TRUSTEE_IS_WELL_KNOWN_GROUP; ea[0].Trustee.ptstrName = (LPTSTR) pEveryoneSID; DWORD dwRes = SetEntriesInAcl(1, ea, NULL, &pACL); if (ERROR_SUCCESS != dwRes) { WriteLog(_T("Error: %d! SetEntriesInAcl() failed!\n"), dwRes); goto Cleanup; } pSD = (PSECURITY_DESCRIPTOR) LocalAlloc(LPTR, SECURITY_DESCRIPTOR_MIN_LENGTH); if (pSD == NULL) { WriteLog(_T("Error: %d! LocalAlloc()failed!\n"), GetLastError()); goto Cleanup; } if (!InitializeSecurityDescriptor(pSD, SECURITY_DESCRIPTOR_REVISION)) { WriteLog(_T("Error: %d! InitializeSecurityDescriptor() failed!\n"), GetLastError()); goto Cleanup; } if (!SetSecurityDescriptorDacl(pSD, TRUE, pACL, FALSE)) { WriteLog(_T("Error: %d! SetSecurityDescriptorDacl() failed!\n"), GetLastError()); goto Cleanup; } sa.nLength = sizeof (SECURITY_ATTRIBUTES); sa.lpSecurityDescriptor = pSD; sa.bInheritHandle = FALSE; // Create mutex hMutex = CreateMutex(&sa, FALSE, _T("TestMutex")); if (hMutex != NULL) { WriteLog(_T("Create mutex successfully...\n")); } else { WriteLog(_T("Create mutex failed! Error: %d\n"), GetLastError()); } // Cleaning up resource Cleanup: if (pEveryoneSID) FreeSid(pEveryoneSID); if (pACL) LocalFree(pACL); if (pSD) LocalFree(pSD); // Return return (NULL != hMutex) ? TRUE : FALSE; } // ****************************************************** Thanks again!
From: Alex Fedotov on 6 Nov 2005 14:45 Hailin Peng wrote: > When I call Win32 API SetEntriesInAcl() to create a > SECURITY_ATTIBUTES object of Everyone Rights, this API function > sometimes fails and returns an error code 1332. What makes me > puzzled is that once the API function fails, it always fails > no matter how many times the procedure subsequently calls it, > which is indicated by the log output from my procedure like > following: > > // ... > Error: 1332! SetEntriesInAcl() failed! > Error: 1332! SetEntriesInAcl() failed! > Error: 1332! SetEntriesInAcl() failed! > Error: 1332! SetEntriesInAcl() failed! > // ... > > The MSDN description for error code 1332 is: > "No mapping between account names and security IDs was done." > > [...] > > BOOL CreateTestMutex(HANDLE& hMutex) > { > PACL pACL = NULL; > PSID pEveryoneSID = NULL; > SID_IDENTIFIER_AUTHORITY SIDAuthWorld = SECURITY_WORLD_SID_AUTHORITY; > PSECURITY_DESCRIPTOR pSD = NULL; > EXPLICIT_ACCESS ea[1]; > SECURITY_ATTRIBUTES sa; > > if(!AllocateAndInitializeSid(&SIDAuthWorld, 1, > SECURITY_WORLD_RID, 0, 0, 0, 0, 0, 0, 0, &pEveryoneSID)) > { > WriteLog(_T("Error: %d! AllocateAndInitializeSid() failed! \n"), > GetLastError()); > goto Cleanup; > } Make sure you zero out the whole array of EXPLICIT_ACCESS structures, otherwise some of the fields will be left unintialized causing random failures. memset(ea, 0, sizeof(ea)); > > ea[0].grfAccessPermissions = GENERIC_ALL; > ea[0].grfAccessMode = SET_ACCESS; > ea[0].grfInheritance = NO_INHERITANCE; > ea[0].Trustee.TrusteeForm = TRUSTEE_IS_SID; > ea[0].Trustee.TrusteeType = TRUSTEE_IS_WELL_KNOWN_GROUP; > ea[0].Trustee.ptstrName = (LPTSTR) pEveryoneSID; > > DWORD dwRes = SetEntriesInAcl(1, ea, NULL, &pACL); > [...] -- Alex Fedotov
|
Pages: 1 Prev: Sysevent Next: Opened windows' hWnd |