|
Hello,
Using below code i am trying to authorize user "Valid\User1" to create COM object of "TestServiceSecurity" from a remote machine.
This code is working fine that is it not throwing any kind of error but still it is not giving autorization to "User1".
Can anybody help me with this?
Thanks in advance.
*************************************************************************************************************************
BOOL bDaclPresent = FALSE;
BOOL bDaclDefaulted = FALSE;
DWORD dwError = 0;
DWORD dwSize = 0;
EXPLICIT_ACCESS ea;
PACL pacl = NULL;
PACL pNewAcl = NULL;
PSECURITY_DESCRIPTOR psd;
SC_HANDLE schManager = NULL;
SC_HANDLE schService = NULL;
SECURITY_DESCRIPTOR sd = {0};
SERVICE_STATUS_PROCESS ssp;
DWORD dwBytesNeeded;
PSID sid;
schManager = OpenSCManager(0, 0, SC_MANAGER_CONNECT);
if (schManager == NULL)
DisplayError(GetLastError(), TEXT("OpenSCManager"));
schService = OpenService(schManager , "TestServiceSecurity",SC_MANAGER_ALL_ACCESS);
if (schService == NULL)
DisplayError(GetLastError(), TEXT("OpenService"));
psd = (PSECURITY_DESCRIPTOR)HeapAlloc(GetProcessHeap(),
HEAP_ZERO_MEMORY, dwSize);
// Get the current security descriptor.
BOOL bResult = QueryServiceObjectSecurity(schService, DACL_SECURITY_INFORMATION, psd, 0, &dwSize);
if (!bResult)
{
if (GetLastError() == ERROR_INSUFFICIENT_BUFFER){
psd = (PSECURITY_DESCRIPTOR)HeapAlloc(GetProcessHeap(),
HEAP_ZERO_MEMORY, dwSize);
if (psd == NULL){
DisplayError(0, TEXT("HeapAlloc"));
// note HeapAlloc does not support GetLastError()
}
bResult = QueryServiceObjectSecurity(schService, DACL_SECURITY_INFORMATION, psd, dwSize, &dwSize);
if(!bResult)
DisplayError(GetLastError(), TEXT("QueryServiceObjectSecurity"));
}
else
DisplayError(GetLastError(), TEXT("QueryServiceObjectSecurity"));
}
// Get the DACL.
bResult = GetSecurityDescriptorDacl(psd, &bDaclPresent, &pacl, &bDaclDefaulted);
if (!bResult)
DisplayError(GetLastError(), TEXT("GetSecurityDescriptorDacl"));
// Build the ACE.
BuildExplicitAccessWithName(&ea, TEXT("Valid\\User1"), COM_RIGHTS_EXECUTE,
SET_ACCESS, NO_INHERITANCE);
dwError = SetEntriesInAcl(1, &ea, pacl, &pNewAcl);
if (dwError != ERROR_SUCCESS)
DisplayError(dwError, TEXT("SetEntriesInAcl"));
//AddAccessAllowedACEToACL(
bool bIsValidACL = IsValidAcl(pacl);
// Initialize a NEW Security Descriptor.
bResult = InitializeSecurityDescriptor(&sd, SECURITY_DESCRIPTOR_REVISION);
if (!bResult)
DisplayError(GetLastError(), TEXT("InitializeSecurityDescriptor"));
// Set the new DACL in the Security Descriptor.
bResult = SetSecurityDescriptorDacl(&sd, TRUE, /*pNewAcl*/NULL, FALSE);
if (!bResult)
DisplayError(GetLastError(), TEXT("SetSecurityDescriptorDacl"));
// Set the new DACL for the service object.
bResult = SetServiceObjectSecurity(schService, DACL_SECURITY_INFORMATION, &sd);
if (!bResult)
DisplayError(GetLastError(), TEXT("SetServiceObjectSecurity"));
// Close the handles.
bResult = CloseServiceHandle(schManager);
if (!bResult)
DisplayError(GetLastError(), TEXT("CloseServiceHandle"));
bResult = CloseServiceHandle(schService);
if (!bResult)
DisplayError(GetLastError(), TEXT("CloseServiceHandle"));
// Free buffers.
LocalFree((HLOCAL)pNewAcl);
HeapFree(GetProcessHeap(), 0, (LPVOID)psd);
void DisplayError(DWORD dwError, LPTSTR pszAPI)
{
LPVOID lpvMessageBuffer;
FormatMessage(FORMAT_MESSAGE_ALLOCATE_BUFFER |
FORMAT_MESSAGE_FROM_SYSTEM,
NULL, dwError,
MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT),
(LPTSTR)&lpvMessageBuffer, 0, NULL);
//Now display this string.
_tprintf(TEXT("ERROR: API = %s.\n"), pszAPI);
_tprintf(TEXT(" error code = %u.\n"), dwError);
_tprintf(TEXT(" message = %s.\n"),
(LPTSTR)lpvMessageBuffer);
// Free the buffer allocated by the system.
LocalFree(lpvMessageBuffer);
ExitProcess(dwError);
}
*************************************************************************************************************************
|
|
|
|
|
Hai all,
my application should share same registry entry for diffrent users of same privilage In Vista. Please let me know if you have any idea.
regards
vicky00000
|
|
|
|
|
store it under LOCALMACHINE in the registry and add a new usergroup that you put all the users you want to be able to read/write the registry keys it into that usergroup and then set the ACL for that registry entrie so that that group has full access to it.
|
|
|
|
|
hi,is there a tool which can monitor the specified IO data translation?
I need a tool which can monitor the data translation between one program and the CDROM,not only the action but also the data they exchange each other.
thanks
|
|
|
|
|
Hi, all
<br />
CString cstr = "abcd";<br />
<br />
LPTSTR p = cstr.GetBuffer();<br />
<br />
p[2] = 'r';<br />
<br />
<br />
I want to change 'c' to 'r' in cstr.
How to do?
|
|
|
|
|
hanlei0000000009 wrote: // cstr is abcd, but not is abrd
CString cstr = "abcd";<br />
cstr.SetAt( 2,'r');
hanlei0000000009 wrote: I want to change 'c' to 'r' in cstr.
But your purpose is to replace the c with r, you can use the Replace function..
CString cstr = "abcd";<br />
cstr.Replace( 'c','r');
modified on Thursday, March 27, 2008 11:37 PM
|
|
|
|
|
You rarely need to use GetBuffer(). The CString class has most functions you need, including SetAt()...
CString cstr = _T("abcd");
cstr.SetAt(2, _T('r'));
If you insist on using GetBuffer(), remember:
"If you use the pointer returned by GetBuffer to change the string contents, you must call ReleaseBuffer ..."
CString cstr = _T("abcd");
LPTSTR p = cstr.GetBuffer();
p[2] = _T('r');
cstr.ReleaseBuffer();
Mark
Mark Salsbery
Microsoft MVP - Visual C++
|
|
|
|
|
If the Lord God Almighty had consulted me before embarking upon the Creation, I would have recommended something simpler.
-- Alfonso the Wise, 13th Century King of Castile.
This is going on my arrogant assumptions. You may have a superb reason why I'm completely wrong.
-- Iain Clarke
|
|
|
|
|
Someone said to me that in the next version of MFC, this function would be renamed to GetBufferIReallyKnowWhatImDoing()
Nobody can give you wiser advice than yourself. - Cicero
.·´¯`·->Rajesh<-·´¯`·.
Codeproject.com: Visual C++ MVP
|
|
|
|
|
..and they will also add the method PlzGetBuf , always throwing by design.
If the Lord God Almighty had consulted me before embarking upon the Creation, I would have recommended something simpler.
-- Alfonso the Wise, 13th Century King of Castile.
This is going on my arrogant assumptions. You may have a superb reason why I'm completely wrong.
-- Iain Clarke
|
|
|
|
|
CPallini wrote: ..and they will also add the method PlzGetBuf, always throwing by design.
One more GiveMeBufOtherwiseOsama
"Opinions are neither right nor wrong. I cannot change your opinion. I can, however, change what influences your opinion." - David Crow Never mind - my own stupidity is the source of every "problem" - Mixture
cheers,
Alok Gupta
VC Forum Q&A :- I/ IV
Support CRY- Child Relief and You/codeProject$$>
|
|
|
|
|
CPallini wrote: PlzGetBuf
Does it take a boolean parameter too? PlzGetBuf(BOOL bUrgent)
Nobody can give you wiser advice than yourself. - Cicero
.·´¯`·->Rajesh<-·´¯`·.
Codeproject.com: Visual C++ MVP
|
|
|
|
|
Rajesh R Subramanian wrote: Does it take a boolean parameter too? PlzGetBuf(BOOL bUrgent)
Actually it does, however it is optional:
PXSTR PlzGetBuf(BOOL bUrgent = TRUE);
If the Lord God Almighty had consulted me before embarking upon the Creation, I would have recommended something simpler.
-- Alfonso the Wise, 13th Century King of Castile.
This is going on my arrogant assumptions. You may have a superb reason why I'm completely wrong.
-- Iain Clarke
|
|
|
|
|
Nobody can give you wiser advice than yourself. - Cicero
.·´¯`·->Rajesh<-·´¯`·.
Codeproject.com: Visual C++ MVP
|
|
|
|
|
i will take ReleaseBuffer revenge!
"Opinions are neither right nor wrong. I cannot change your opinion. I can, however, change what influences your opinion." - David Crow Never mind - my own stupidity is the source of every "problem" - Mixture
cheers,
Alok Gupta
VC Forum Q&A :- I/ IV
Support CRY- Child Relief and You/codeProject$$>
|
|
|
|
|
I have to make a login screen for my application. and how do i do validation for this? the application that i am planning to do is an MDI. now the first thing when the exe is called the login screen should appear. so where should i call this dialog box?
if somebody can give me a link tht will lead to an example that would help me a lot.
|
|
|
|
|
Chandrasekharanp wrote: where should i call this dialog box?
It could be the first window you create and show, or you could create your "main" window
hidden and show the dialog after creating the main window.
Same as creating any window - you control when windows are created and made visible.
Mark
Mark Salsbery
Microsoft MVP - Visual C++
|
|
|
|
|
ok.. let me make it more clear..
when u click the exe the first screen tat will appear will be the login screen.. once the login and password is right the applications first window appears..
i hope its clear.. and i could not find any articles with login and password examples.
|
|
|
|
|
That's clear.
What's not clear to me is what you're having trouble with.
You can pop up a modal dialog when your app starts running.
If the login fails you exit the app or loop and show the dialog again.
If the login succeeds, create the MDI window.
That's one way to do it. FWIW, that's what I do in my apps.
Mark
Mark Salsbery
Microsoft MVP - Visual C++
|
|
|
|
|
Mark Salsbery wrote: You can pop up a modal dialog when your app starts running.
that is my requirement.. how do i do that?
|
|
|
|
|
Using DoModal() . I think you should read about creating a dialog
Somethings seem HARD to do, until we know how to do them.
_AnShUmAn_
modified on Friday, March 28, 2008 2:25 AM
|
|
|
|
|
i am aware of DoModal function.
i want a dialog box which pops up when the MDI application.exe is clicked. only once the login and password is correct the control should go to the application.
|
|
|
|
|
How many times does he have to tell you the same thing?
If you're aware of the DoModal member function of a CDialog, then go ahead and use it. Fail. Change your code again, try!
What I did not see in your questions was any evidence that you have tried and failed to do anything. People come here to help, not to bottle feed.
BOOL CMyApp::InitInstance()
{
... some initialisation code?
CMyPasswordDlg dlg;
if (dlg.DoModal != IDOK)
return FALSE;
CMainFrame* pMainFrame = new CMainFrame;
if (!pMainFrame->LoadFrame(IDR_MAINFRAME))
return FALSE;
m_pMainWnd = pMainFrame;
... etc as normal
return TRUE;
}
Iain.
ps, No, I'm not coming to your workplace to type it for you.
Iain Clarke appears even though he's grumpy.
|
|
|
|
|
i did try in my code.. but just that i dint tell u what i did and how i did. i dont expect anybody to bottle feed me.
well thanks for the help
|
|
|
|
|
Ok, glad to hear it - and I apologise a little. Did you progress further with the gappy code I showed you?
Iain.
Iain Clarke appears because CPallini still cares.
|
|
|
|