Q: I created a shared memory with CREATEFILEMApping on the server. Let this EXE run on the server. At the same time, other users use IE access to the server, and the data to be queried by the web page is submitted. After the server gets the web page parameters, create a COM object to access the shared memory of the previous EXE, and then in shared memory The result of the query is returned to the customer. The problem is that this COM cannot access the shared memory of EXE in OpenMapping, prompting access to rejection. And I will recommend an engineering to EXE in the server, and the file can access this shared memory !! Why is it in the web? Does COM have any permission settings. What is the permissions integration method between the two processes? How to use DACL?
I wrote a service with ATL. In this service, I created a shared memory (Memory maping) and a MUTEX and I visited this shared memory and Mutex in another normal program, but I used CreateMutex to open MUTEX. Failure, getLastError () returns 5, the meaning is the access being rejected! ! Similarly, when I use MapViewoffile, I also get the same mistake! ! ! ! ! !
I have known the reason because Iset_attributes I set as NULL !!! when creating shared memory and mutext
But I didn't solve the method, I hope you have a prawn to help!
A: Check the user's permissions used by the service run. Usually, for safety, the owner authority of the service process is very low. To allow the service process to access objects, you need to specify a more wide security descriptor when you create a shared memory, add a new access control project (ACE) to your ASP process owner. The default access control list (ACL) only includes the founder and administrator group.
The following code creates a security descriptor that all users can access. You can use this security descriptor when you create a shared memory. CShareRestrictedSD ShareRestrictedSD; hMapFile = CreateFileMapping (INVALID_HANDLE_VALUE, // Current file handle ShareRestrictedSD.GetSA (), // Default security // NULL, PAGE_READWRITE, // Read / write permission 0, // Max object size FileSize,..... // size of hfile. Mapname); // name of mapping object.
class CShareRestrictedSD {public: CShareRestrictedSD (); virtual ~ CShareRestrictedSD (); SECURITY_ATTRIBUTES * GetSA (); protected: PVOID ptr; SECURITY_ATTRIBUTES sa; SECURITY_DESCRIPTOR sd;}; // If this guy works, its author is jiangsheng; / / If this guy is not used, then I don't know its author. Pvoid BuildrestrictedSd (Psecurity_Descriptor PSD) {
DWORD DWACLLLLENGTH;
Psid psideveryone = null; PACL PDACL = NULL; BOOL BRESULT = FALSE
PACCESS_ALLOWED_ACE PACE = NULL;
SID_IDENTIFIER_AUTHORITY SIAWORLD = Security_World_SID_AUTHORITY; Security_INFORMATION SI = DACL_SECURITY_INFORMATION; __TRY {
(! InitializeSecurityDescriptor (pSD, SECURITY_DESCRIPTOR_REVISION)) // initialize the security descriptor if {printf ( "InitializeSecurityDescriptor () failed with error% d / n", GetLastError ()); __leave;}
// obtain a sid for the Authenticated Users Group if (! AllocateAndInitializeSid (& siaWorld, 1, SECURITY_WORLD_RID, 0, 0, 0, 0, 0, 0, 0, & psidEveryone)) {printf ( "AllocateAndInitializeSid () failed with error% d / N ", getLastError ()); __LEAVE;
// NOTE: // // The Authenticated Users group includes all user accounts that // have been successfully authenticated by the system If access // must be restricted to a specific user or group other than // Authenticated Users, the SID can. BE Constructed Using The // Lookupaccountsid () API Based ON A User or Group Name.
// Calculate The Dacl Length Dwacllength = SizeOf (ACL) // Add Space for Authenticated Users Group ACE SIZEOF (Access_allowed_ace) - SizeOf (DWORD) GetLengthsid (psidevery ";
// Allocate Memory for the DACL PDACL = (PACL) HeapAlloc (getProcessHeap (), Heap_zero_memory, dwacllength; if (! PDACL) {Printf ("HeapAlloc () Faled with Error% D / N", getLastError ()); __LEAVE }
// Initialize The Dacl if (! Initialize, Dwacllength, ACL_REVISION) {Printf ("INITIALIZEACL () FAILED with ERROR% D / N", getLastError ()); __leave;} // add the authenticated users group ace to TO (! AddAccessAllowedAce (pDACL, ACL_REVISION, GENERIC_ALL, psidEveryone)) the DACL with // GENERIC_READ, GENERIC_WRITE, and GENERIC_EXECUTE access if {printf ( "AddAccessAllowedAce () failed with error% d / n", GetLastError ()); __leave;} // set the dacl in the security descriptor if (! setsecurityDescriptordacl (psd, true, pdacl, false) {printf ("SetSecurityDescriptOpal () Failed with error% d / n", getLastError ()); __leave;}
BRESULT = true;} __finally {
IF (psideveryone) FREESID (psideveryone);
IF (BRESULT == false) {if (pdacl) HeapFree (getProcessHeap (), 0, pdacl; pdacl = null;}
Return (PVOID) PDACL;
// The folload function free memory allocated in the // buildrestrictedsd () Functionvoid FreerestrictedSd (PVOID PTR) {
IF (PTR) HeapFree (getProcessHeap (), 0, PTR);
Return;}
CShareRestrictedSD :: CShareRestrictedSD () {ptr = NULL; sa.nLength = sizeof (sa); sa.lpSecurityDescriptor = & sd; sa.bInheritHandle = FALSE; // build a restricted security descriptor ptr = BuildRestrictedSD (& sd); if (ptr! ) {Trace ("buildrestrictedsd () failed / n");}}
Csharerestrictedsdsd :: ~ csharerestrictedsd () {if (ptr) {freerestrictedsd (ptr);}} security_attributes * csharerestrictedsdsds * csharerestrictedsdsds * csharerestrictedsdsds * csharerestrictedsdsdsds * csharerestrictedsdsds * csharerestrictedsdsds * csharerestrictedsdsdsds * csharerestrictedsdsds * csharerestrictedsdsds * csharerestrictedsdsds * csharerestrictedsdsd ::}
More information can be referenced
