Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Taking Ownership of a Queue.

576 views
Skip to first unread message

Frank Boyne

unread,
May 6, 2002, 10:04:44 PM5/6/02
to
Several recent posts have asked about taking ownership of a queue, or
rescuing a queue that as been secured so no one can access it. The
following code takes ownership of a queue (assuming it is executed by an
Administrator) and then once it is the owner it sets the queue's DACL to
NULL which means Everyone has Full Access.

To keep the sample code short, I've omitted almost all the error checking,
and all the code to free allocated memory when it is no longer needed. The
code uses a function called SetPrivilege which I got from the MSDN
library...
http://msdn.microsoft.com/library/en-us/security/Security/enabling_and_disab
ling_privileges.asp

HRESULT hr;

LPWSTR wszPathName = L".\\private$\\testq";
DWORD dwFormatNameBufferLength = 256;
WCHAR wszFormatNameBuffer[256];

hr = MQPathNameToFormatName (wszPathName,
wszFormatNameBuffer,
&dwFormatNameBufferLength);

// Open the current process
HANDLE hToken = NULL;
OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY | TOKEN_ADJUST_PRIVILEGES,
&hToken))

// Obtain user identified by current process's access token...
PTOKEN_USER ptgUser = NULL;
DWORD cbBuffer = 0;

//... first get the size...
GetTokenInformation(hToken, TokenUser, NULL, 0, &cbBuffer);

// ... then allocate the space...
ptgUser = static_cast<PTOKEN_USER>(malloc (cbBuffer));

//... and finally get the user
GetTokenInformation(hToken, TokenUser, ptgUser, cbBuffer, &cbBuffer))

// Build an Absolute (not self relative) Security Descriptor
SECURITY_DESCRIPTOR absoluteSD;
InitializeSecurityDescriptor(&absoluteSD, SECURITY_DESCRIPTOR_REVISION))

// Set the owner to whoever is running this program
SetSecurityDescriptorOwner (&absoluteSD, ptgUser->User.Sid, FALSE))

// Set the DACL to NULL (Everyone gets full access)
SetSecurityDescriptorDacl (&absoluteSD, true, NULL, false))

// Verify we built a good Security Descriptor
if (!IsValidSecurityDescriptor (&absoluteSD))
{
hr = GetLastError ();
printf ("IsValidSecurityDescriptor failed - 0x%08X\n", hr);
return -1;
}

// Enable the SE_TAKE_OWNERSHIP_NAME privilege.
SetPrivilege(hToken, SE_TAKE_OWNERSHIP_NAME, TRUE))

// Set Ownership ONLY (that's the only right an Administrator has ex
officio)
hr = MQSetQueueSecurity (wszFormatNameBuffer,
OWNER_SECURITY_INFORMATION,
&absoluteSD);

// Now we are the owner we have the right to set the DACL
hr = MQSetQueueSecurity (wszFormatNameBuffer,
DACL_SECURITY_INFORMATION,
&absoluteSD);


paul

unread,
Jun 11, 2002, 6:37:20 PM6/11/02
to
What Dll would I use to set the perms or take ownership of
a queue I only use VB so the C examples dont help me much?

Thank you for you time.

>.
>

0 new messages