问题
I need to grant access to everyone for a named pipe I'm creating. I understand the way to do it is to create a NULL/empty DACL and pass it to CreateNamedPipe.
How do I create a NULL DACL? I was told that it is not the same as passing a NULL pointer for LPSECURITY_ATTRIBUTES.
回答1:
Like this:
SECURITY_DESCRIPTOR SD;
InitializeSecurityDescriptor(&SD, SECURITY_DESCRIPTOR_REVISION);
SetSecurityDescriptorDacl(&SD, TRUE, NULL, FALSE);
I omitted error checking for the sake of brevity. You would not do that.
Then when you call CreateNamedPipe you can set up the security attributes record like this:
SA.nLength = sizeof(SA);
SA.lpSecurityDescriptor = &SD;
SA.bInheritHandle = TRUE;
The documentation for SetSecurityDescriptorDacl states:
When the pDacl parameter does not point to a DACL and the bDaclPresent flag is TRUE, a NULL DACL is specified. All access is allowed. You should not use a NULL DACL with an object because any user can change the DACL and owner of the security descriptor. This will interfere with use of the object.
So, the above is how to do it, but the documentation does stress that you should not do so.
回答2:
Here's the code we use in one of our projects:
SECURITY_DESCRIPTOR pSD;
SECURITY_ATTRIBUTES SA;
if(!InitializeSecurityDescriptor(&pSD, SECURITY_DESCRIPTOR_REVISION))
throw error;
if(!SetSecurityDescriptorDacl(&pSD, true, NULL, false))
throw error;
SA.nLength = sizeof(SA);
SA.lpSecurityDescriptor = &pSD;
SA.bInheritHandle = true;
pSA = &SA;
...
FMapping = CreateFileMapping(INVALID_HANDLE_VALUE, pSA, PAGE_READWRITE, 0, 4096, p);
This code creates a mapping with access for all
来源:https://stackoverflow.com/questions/14502450/how-do-i-create-a-null-empty-dacl