Sharing a semaphore between users
in [MFC]
|
Prev: Disk or network error
Next: Unable to link (static MFC)
From: Phil on 9 Jun 2008 10:09 Hi, I'm using Vista and MS VC 6.0. has anyone being able to share a global semaphore between different users? I've done the following in my dialog-based application: HANDLE g_hSem; BOOL CMyApp::InitInstance() { g_hSem = CreateSemaphore(NULL,3,3,"Global\\MyAppUniqueID"); if (g_hSem==NULL) { TRACE("%s\n", strerror(errno)); } // do something ReleaseSemaphore(g_hSem,1,NULL); return FALSE; } My problem is when I use fast switching to log in as another user, and run the same app, the handle g_hSem is NULL, and the error is "access denied". So I want to set a security attributes variable as the first arg of CreateSemaphore() : SECURITY_ATTRIBUTES SecAtt; SecAtt.bInheritHandle=FALSE; SecAtt.nLength=sizeof(SecAtt); // Init the security descriptor SetSecurityDescriptorControl( &(SecAtt.lpSecurityDescriptor), SE_DACL_PROTECTED, 0 ); g_hSem = CreateSemaphore(&SecAtt,3,3,"Global\\MyAppUniqueID"); but when compiling I get a 'SetSecurityDescriptorControl' : undeclared identifier message. Anyway, is it the right path to follow? Thanks
From: David Ching on 9 Jun 2008 10:34 "Phil" <pbruyant(a)yahoo.com> wrote in message news:44af0914-0206-4bfd-801a-be134b1cbedf(a)2g2000hsn.googlegroups.com... > HANDLE g_hSem; > ... > g_hSem = CreateSemaphore(NULL,3,3,"Global\\MyAppUniqueID"); >... > My problem is when I use fast switching to log in as another user, and > run the same app, > the handle g_hSem is NULL, and the error is "access denied". If the semaphore is already created, I think you need to call OpenSemaphore() instead of CreateSemaphore(). Also, don't forget to call CloseHandle() when you're done with it. -- David
From: Phil on 9 Jun 2008 12:42 On 9 juin, 16:34, "David Ching" <d...(a)remove-this.dcsoft.com> wrote: > "Phil" <pbruy...(a)yahoo.com> wrote in message > > news:44af0914-0206-4bfd-801a-be134b1cbedf(a)2g2000hsn.googlegroups.com... > > > HANDLE g_hSem; > > ... > > g_hSem = CreateSemaphore(NULL,3,3,"Global\\MyAppUniqueID"); > >... > > My problem is when I use fast switching to log in as another user, and > > run the same app, > > the handle g_hSem is NULL, and the error is "access denied". > > If the semaphore is already created, I think you need to call > OpenSemaphore() instead of CreateSemaphore(). > > Also, don't forget to call CloseHandle() when you're done with it. > > -- David Thanks David The MSDN help says that if the semaphore is already created, a new call CreateSemaphore() just returns a handle to the existing semaphore, so it should be ok. Nevertheless, I've followed your suggestion regarding using OpenSemaphore() rather than CreateSemaphore() when the semaphore already exists. I've added CloseHandle after ReleaseSemaphore. I've made some progress: //////////////////////////////////////////// HANDLE g_hSem=NULL; BOOL CMyApp::InitInstance() { SECURITY_ATTRIBUTES SecAtt; SECURITY_DESCRIPTOR SecDesc; SecAtt.bInheritHandle=FALSE; InitializeSecurityDescriptor(&SecDesc, SECURITY_DESCRIPTOR_REVISION); SecAtt.lpSecurityDescriptor=&SecDesc; // This should grant read/write/execute accesses to authenticated users ConvertStringSecurityDescriptorToSecurityDescriptor( TEXT("(A;OICI;GRGWGX;;;AU)"), SDDL_REVISION_1, &(SecAtt.lpSecurityDescriptor), NULL); SecAtt.nLength=sizeof(SECURITY_DESCRIPTOR); if ((g_hSem=OpenSemaphore(SEMAPHORE_ALL_ACCESS,TRUE,"Global\ \MyApp"))==NULL) { g_hSem = CreateSemaphore(&SecAtt,3,3,"Global\\MyApp"); } if (g_hSem==NULL) { sprintf(Msg,"g_hSem : %s",strerror(errno)); AfxMessageBox(Msg); return FALSE; // stop here } // Do something ReleaseSemaphore(g_hSem,1,NULL); CloseHandle(g_hSem); return FALSE; } ////////////////////////////////////// When I run the program as user A, and fast-switch to user B and run a second instance, the semaphore is NULL and I get an "g_hSem : Input/ Output error" error. I feel so frustrated, because I believe I'm so close to get it to work !! Phil
From: David Ching on 9 Jun 2008 16:13 "Phil" <pbruyant(a)yahoo.com> wrote in message news:040638eb-bebf-4bcf-b4e0-e533ce9ec7ae(a)k13g2000hse.googlegroups.com... > SECURITY_ATTRIBUTES SecAtt; > SECURITY_DESCRIPTOR SecDesc; > SecAtt.bInheritHandle=FALSE; > InitializeSecurityDescriptor(&SecDesc, SECURITY_DESCRIPTOR_REVISION); > SecAtt.lpSecurityDescriptor=&SecDesc; > > // This should grant read/write/execute accesses to authenticated > users > ConvertStringSecurityDescriptorToSecurityDescriptor( > TEXT("(A;OICI;GRGWGX;;;AU)"), > SDDL_REVISION_1, > &(SecAtt.lpSecurityDescriptor), > NULL); > > SecAtt.nLength=sizeof(SECURITY_DESCRIPTOR); > if ((g_hSem=OpenSemaphore(SEMAPHORE_ALL_ACCESS,TRUE,"Global\ > \MyApp"))==NULL) > { > g_hSem = CreateSemaphore(&SecAtt,3,3,"Global\\MyApp"); > } > If the error is still related to security, I'm not sure the SECURITY_ATTRIBUTES is correct. I'm no expert at this at all, but this code I have used to create a mutex (not semaphore) that could be accessed when fast-user switching was invoked: PSID pEveryoneSID = NULL; PSECURITY_DESCRIPTOR pSD = NULL; SID_IDENTIFIER_AUTHORITY SIDAuthWorld = SECURITY_WORLD_SID_AUTHORITY; SECURITY_ATTRIBUTES sa; // Create a well-known SID for the Everyone group. if(! AllocateAndInitializeSid( &SIDAuthWorld, 1, SECURITY_WORLD_RID, 0, 0, 0, 0, 0, 0, 0, &pEveryoneSID) ) { return FALSE; } EXPLICIT_ACCESS ea; ZeroMemory(&ea, sizeof(EXPLICIT_ACCESS)); ea.grfAccessPermissions = STANDARD_RIGHTS_ALL | SPECIFIC_RIGHTS_ALL; ea.grfAccessMode = SET_ACCESS; ea.grfInheritance= NO_INHERITANCE; ea.Trustee.TrusteeForm = TRUSTEE_IS_SID; ea.Trustee.TrusteeType = TRUSTEE_IS_WELL_KNOWN_GROUP; ea.Trustee.ptstrName = (LPTSTR) pEveryoneSID; // Create a new ACL that contains the new ACE. PACL pACL = NULL; dwRes = SetEntriesInAcl(1, &ea, NULL, &pACL); if (ERROR_SUCCESS != dwRes) { goto Cleanup; } // Initialize a security descriptor. pSD = (PSECURITY_DESCRIPTOR) LocalAlloc(LPTR, SECURITY_DESCRIPTOR_MIN_LENGTH); if (pSD == NULL) { goto Cleanup; } if (!InitializeSecurityDescriptor(pSD, SECURITY_DESCRIPTOR_REVISION)) { goto Cleanup; } // Add the ACL to the security descriptor. if (!SetSecurityDescriptorDacl(pSD, TRUE, // fDaclPresent flag pACL, FALSE)) // not a default DACL { goto Cleanup; } // Initialize a security attributes structure. sa.nLength = sizeof (SECURITY_ATTRIBUTES); sa.lpSecurityDescriptor = pSD; sa.bInheritHandle = FALSE; // Create your semaphore using 'sa' cleanup: ... Hope this helps, David
From: Phil on 10 Jun 2008 00:40
On 9 juin, 22:13, "David Ching" <d...(a)remove-this.dcsoft.com> wrote: > "Phil" <pbruy...(a)yahoo.com> wrote in message > > news:040638eb-bebf-4bcf-b4e0-e533ce9ec7ae(a)k13g2000hse.googlegroups.com... > > > > > SECURITY_ATTRIBUTES SecAtt; > > SECURITY_DESCRIPTOR SecDesc; > > SecAtt.bInheritHandle=FALSE; > > InitializeSecurityDescriptor(&SecDesc, SECURITY_DESCRIPTOR_REVISION); > > SecAtt.lpSecurityDescriptor=&SecDesc; > > > // This should grant read/write/execute accesses to authenticated > > users > > ConvertStringSecurityDescriptorToSecurityDescriptor( > > TEXT("(A;OICI;GRGWGX;;;AU)"), > > SDDL_REVISION_1, > > &(SecAtt.lpSecurityDescriptor), > > NULL); > > > SecAtt.nLength=sizeof(SECURITY_DESCRIPTOR); > > if ((g_hSem=OpenSemaphore(SEMAPHORE_ALL_ACCESS,TRUE,"Global\ > > \MyApp"))==NULL) > > { > > g_hSem = CreateSemaphore(&SecAtt,3,3,"Global\\MyApp"); > > } > > If the error is still related to security, I'm not sure the > SECURITY_ATTRIBUTES is correct. I'm no expert at this at all, but this code > I have used to create a mutex (not semaphore) that could be accessed when > fast-user switching was invoked: > > PSID pEveryoneSID = NULL; > PSECURITY_DESCRIPTOR pSD = NULL; > SID_IDENTIFIER_AUTHORITY SIDAuthWorld = SECURITY_WORLD_SID_AUTHORITY; > SECURITY_ATTRIBUTES sa; > > // Create a well-known SID for the Everyone group. > if(! AllocateAndInitializeSid( &SIDAuthWorld, 1, > SECURITY_WORLD_RID, > 0, 0, 0, 0, 0, 0, 0, > &pEveryoneSID) ) > { > return FALSE; > } > > EXPLICIT_ACCESS ea; > ZeroMemory(&ea, sizeof(EXPLICIT_ACCESS)); > ea.grfAccessPermissions = STANDARD_RIGHTS_ALL | SPECIFIC_RIGHTS_ALL; > ea.grfAccessMode = SET_ACCESS; > ea.grfInheritance= NO_INHERITANCE; > ea.Trustee.TrusteeForm = TRUSTEE_IS_SID; > ea.Trustee.TrusteeType = TRUSTEE_IS_WELL_KNOWN_GROUP; > ea.Trustee.ptstrName = (LPTSTR) pEveryoneSID; > > // Create a new ACL that contains the new ACE. > > PACL pACL = NULL; > dwRes = SetEntriesInAcl(1, &ea, NULL, &pACL); > if (ERROR_SUCCESS != dwRes) > { > goto Cleanup; > } > > // Initialize a security descriptor. > > pSD = (PSECURITY_DESCRIPTOR) LocalAlloc(LPTR, > SECURITY_DESCRIPTOR_MIN_LENGTH); > if (pSD == NULL) > { > goto Cleanup; > } > > if (!InitializeSecurityDescriptor(pSD, SECURITY_DESCRIPTOR_REVISION)) > { > goto Cleanup; > } > > // Add the ACL to the security descriptor. > > if (!SetSecurityDescriptorDacl(pSD, > TRUE, // fDaclPresent flag > pACL, > FALSE)) // not a default DACL > { > goto Cleanup; > } > > // Initialize a security attributes structure. > > sa.nLength = sizeof (SECURITY_ATTRIBUTES); > sa.lpSecurityDescriptor = pSD; > sa.bInheritHandle = FALSE; > > // Create your semaphore using 'sa' > > cleanup: > ... > > Hope this helps, > David David, It does help !! I've implemented your code, and it worked :) Don't know what's wrong with my code, but yours work. I can share a semaphore between users. Thank you for sharing your expertise, Phil |