java 共享内存获取写权限_跨进程访问共享内存的权限问题
問:我在服務(wù)器上用 CreateFileMapping 創(chuàng)建了一段共享內(nèi)存。讓這個exe始終在服務(wù)器上跑。
同時,別的用戶在客戶端用IE訪問服務(wù)器,將要查詢的數(shù)據(jù)通過C#制作的網(wǎng)頁提交上來,服務(wù)器得到網(wǎng)頁參數(shù)后,建立一個COM對象訪問上一個exe的共享內(nèi)存,然后將在共享內(nèi)存中的查詢結(jié)果返回給客戶。
問題是現(xiàn)在這個COM無法用openmapping訪問exe的共享內(nèi)存,提示 訪問拒絕 。而我在服務(wù)器上隨便建議一個工程編譯成exe,文件就可訪問這段共享內(nèi)存!!為何在網(wǎng)頁中就不成?COM難道要有什么 權(quán)限 設(shè)置.兩個進(jìn)程之間的權(quán)限整合方法是什么?怎么用DACL?
我用ATL寫了一個Service,在這個Service中,我創(chuàng)建了一塊共享內(nèi)存(Memory Mapping)和一個Mutex
然后我在另一個普通程序中去訪問這塊共享內(nèi)存和Mutex,但是,我用CreateMutex打開Mutex失敗,GetLastError()返回5,含義是訪問被拒絕!!
同樣,我在用MapViewOfFile時,也得到同樣的錯誤!!!!!!
我已經(jīng)知道原因是因?yàn)樵趧?chuàng)建共享內(nèi)存和Mutext時,SECURITY_ATTRIBUTES我設(shè)為NULL!!!
但是我沒有解決的方法,希望各位大蝦幫幫忙!
答:檢查服務(wù)運(yùn)行所使用的用戶的權(quán)限。通常,為了安全起見,服務(wù)進(jìn)程的擁有者權(quán)限是很低的。為了讓服務(wù)進(jìn)程訪問對象,你需要在創(chuàng)建共享內(nèi)存時指定一個更加廣泛的的安全描述符,增加一個新的訪問控制項(xiàng)目(ACE)給你的ASP進(jìn)程的擁有者。默認(rèn)的訪問控制列表(ACL)只包含創(chuàng)建者和管理員組。
下列代碼創(chuàng)建一個所有用戶都可以訪問的安全描述符。你可以在創(chuàng)建共享內(nèi)存時使用這個安全描述符。
CShareRestrictedSD?ShareRestrictedSD;
hMapFile = CreateFileMapping(INVALID_HANDLE_VALUE,??? // Current file handle.
ShareRestrictedSD.GetSA(),???// Default security.
//??? NULL,
PAGE_READWRITE,??????????????????? // Read/write permission.
0,???????????????????????????????? // Max. object size.
FileSize,???????????????????????????????? // Size of hFile.
MapName);??????????? // Name of mapping object.
class CShareRestrictedSD
{
public:
CShareRestrictedSD();
virtual ~CShareRestrictedSD();
SECURITY_ATTRIBUTES*?GetSA();
protected:
PVOID? ptr;
SECURITY_ATTRIBUTES?sa;
SECURITY_DESCRIPTOR sd;
};
//如果這家伙起作用,那么它的作者是jiangsheng;
//如果這家伙一點(diǎn)用沒有,那我不知道它的作者。
PVOID BuildRestrictedSD(PSECURITY_DESCRIPTOR pSD) {
DWORD? dwAclLength;
PSID?? psidEveryone = NULL;
PACL?? pDACL?? = NULL;
BOOL?? bResult = FALSE;
PACCESS_ALLOWED_ACE pACE = NULL;
SID_IDENTIFIER_AUTHORITY siaWorld = SECURITY_WORLD_SID_AUTHORITY? ;
SECURITY_INFORMATION si = DACL_SECURITY_INFORMATION;
__try {
// initialize the security descriptor
if (!InitializeSecurityDescriptor(pSD,
SECURITY_DESCRIPTOR_REVISION)) {
printf("InitializeSecurityDescriptor() failed with error %d/n",
GetLastError());
__leave;
}
// obtain a sid for the Authenticated Users Group
if (!AllocateAndInitializeSid(&siaWorld, 1,
SECURITY_WORLD_RID, 0, 0, 0, 0, 0, 0, 0,
&psidEveryone)) {
printf("AllocateAndInitializeSid() failed with error %d/n",
GetLastError());
__leave;
}
// NOTE:
//
// The Authenticated Users group includes all user accounts that
// have been successfully authenticated by the system. If access
// must be restricted to a specific user or group other than
// Authenticated Users, the SID can be constructed using the
// LookupAccountSid() API based on a user or group name.
// calculate the DACL length
dwAclLength = sizeof(ACL)
// add space for Authenticated Users group ACE
+ sizeof(ACCESS_ALLOWED_ACE) - sizeof(DWORD)
+ GetLengthSid(psidEveryone);
// allocate memory for the DACL
pDACL = (PACL) HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY,
dwAclLength);
if (!pDACL) {
printf("HeapAlloc() failed with error %d/n", GetLastError());
__leave;
}
// initialize the DACL
if (!InitializeAcl(pDACL, dwAclLength, ACL_REVISION)) {
printf("InitializeAcl() failed with error %d/n",
GetLastError());
__leave;
}
// add the Authenticated Users group ACE to the DACL with
// GENERIC_READ, GENERIC_WRITE, and GENERIC_EXECUTE access
if (!AddAccessAllowedAce(pDACL, ACL_REVISION,
GENERIC_ALL,
psidEveryone)) {
printf("AddAccessAllowedAce() failed with error %d/n",
GetLastError());
__leave;
}
// set the DACL in the security descriptor
if (!SetSecurityDescriptorDacl(pSD, TRUE, pDACL, FALSE)) {
printf("SetSecurityDescriptorDacl() failed with error %d/n",
GetLastError());
__leave;
}
bResult = TRUE;
} __finally {
if (psidEveryone) FreeSid(psidEveryone);
}
if (bResult == FALSE) {
if (pDACL) HeapFree(GetProcessHeap(), 0, pDACL);
pDACL = NULL;
}
return (PVOID) pDACL;
}
// The following function frees memory allocated in the
// BuildRestrictedSD() function
VOID FreeRestrictedSD(PVOID ptr) {
if (ptr) HeapFree(GetProcessHeap(), 0, ptr);
return;
}
CShareRestrictedSD::CShareRestrictedSD()
{
ptr=NULL;
sa.nLength = sizeof(sa);
sa.lpSecurityDescriptor = &sd;
sa.bInheritHandle = FALSE;
// build a restricted security descriptor
ptr = BuildRestrictedSD(&sd);
if (!ptr) {
TRACE("BuildRestrictedSD() failed/n");
}
}
CShareRestrictedSD::~CShareRestrictedSD()
{
if(ptr){
FreeRestrictedSD(ptr);
}
}
SECURITY_ATTRIBUTES*?CShareRestrictedSD::GetSA()
{
if(ptr){
return &sa;
}
else
return NULL;
}
更多信息可以參考
總結(jié)
以上是生活随笔為你收集整理的java 共享内存获取写权限_跨进程访问共享内存的权限问题的全部內(nèi)容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: java中窗体背景图片_Java Swi
- 下一篇: java用的原码还是反码_java 原码