如何在CreateEvent的SDDL字符串中直接添加同步 [英] How to add synchronisation right in a SDDL string for CreateEvent

问题描述

我的Windows服务使用CreateEvent创建2个事件以与用户应用程序通信。
服务和用户应用程序不在同一用户帐户下运行。
用户应用程序打开事件并将其设置为已发出信号，而没有错误。但是服务永远不会收到该事件。另一个事件的工作方向相反。
所以我认为事件错过了同步权。

My Windows service creates 2 Events with CreateEvent for communication with a user app. The service and the user app are not running under the same user account. The user app opens the event and set it to signaled without error. But the event is never received by the service. The other event works in the opposite direction. So I think the events miss the syncronization right.

服务：

SECURITY_ATTRIBUTES security;
ZeroMemory(&security, sizeof(security));
security.nLength = sizeof(security);
ConvertStringSecurityDescriptorToSecurityDescriptor(L"D:P(A;OICI;GA;;;SY)(A;OICI;GA;;;BA)(A;OICI;GWGR;;;IU)", SDDL_REVISION_1, &security.lpSecurityDescriptor, NULL);
EvtCreateNewUserSession = CreateEventW( 
            &security,       // security attributes
            TRUE,       // manual-reset event
            FALSE,      // initial state is not signaled
            L"Global\\MyEvent"      // object name 
            );

交互式应用程序：

HANDLE EvtCreateNewUserSession = OpenEventW( 
EVENT_MODIFY_STATE | SYNCHRONIZE,       // default security attributes
FALSE,      // initial state is not signaled
L"Global\\MyEvent"      // object name 
;

感谢您的帮助，

Olivier

推荐答案

而不是使用字符串SDDL权限（例如GA），请使用0xXXXXXXXX格式（您可以组合标记，然后将其转换为十六进制字符串。

Instead of using 'string SDDL rights' (like GA) use 0xXXXXXXXX format (you can combine flags and then convert them to hex-string).

例如，此SDDL： D：（A ;; 0x001F0003 ;; BA）（A ;; 0x00100002 ;;; AU）为以下项创建DACL：

For example this SDDL: D:(A;;0x001F0003;;;BA)(A;;0x00100002;;;AU) creates DACL for:

- BA=Administrators, 0x001F0003=EVENT_ALL_ACCESS (LocalSystem and LocalService are in Administrators group, but NetworkService is not)
- AU=Authenticated Users, 0x00100002=SYNCHRONIZE | EVENT_MODIFY_STATE

http://msdn.microsoft.com/zh-cn/library/windows/desktop/aa374928（v = vs.85）。 aspx -字段 rights

A string that indicates the access rights controlled by the ACE.
This string can be a hexadecimal string representation of the access rights, 
such as "0x7800003F", or it can be a concatenation of the following strings. 
...

这篇关于如何在CreateEvent的SDDL字符串中直接添加同步的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！