windowsserviceacldacl

How to add synchronisation right in a SDDL string for CreateEvent


My Windows service creates 2 Events with CreateEvent for communication with a user app. The service and the user app are not running under the same user account. The user app opens the event and set it to signaled without error. But the event is never received by the service. The other event works in the opposite direction. So I think the events miss the syncronization right.

Service:

SECURITY_ATTRIBUTES security;
ZeroMemory(&security, sizeof(security));
security.nLength = sizeof(security);
ConvertStringSecurityDescriptorToSecurityDescriptor(L"D:P(A;OICI;GA;;;SY)(A;OICI;GA;;;BA)(A;OICI;GWGR;;;IU)", SDDL_REVISION_1, &security.lpSecurityDescriptor, NULL);
EvtCreateNewUserSession = CreateEventW( 
            &security,       // security attributes
            TRUE,       // manual-reset event
            FALSE,      // initial state is not signaled
            L"Global\\MyEvent"      // object name 
            );

Interactive App:

HANDLE EvtCreateNewUserSession = OpenEventW( 
EVENT_MODIFY_STATE | SYNCHRONIZE,       // default security attributes
FALSE,      // initial state is not signaled
L"Global\\MyEvent"      // object name 
;

Thanks for your help,

Olivier


Solution

  • Instead of using 'string SDDL rights' (like GA) use 0xXXXXXXXX format (you can combine flags and then convert them to hex-string).

    For example this SDDL: D:(A;;0x001F0003;;;BA)(A;;0x00100002;;;AU) creates DACL for:

    - BA=Administrators, 0x001F0003=EVENT_ALL_ACCESS (LocalSystem and LocalService are in Administrators group, but NetworkService is not)
    - AU=Authenticated Users, 0x00100002=SYNCHRONIZE | EVENT_MODIFY_STATE
    

    http://msdn.microsoft.com/en-us/library/windows/desktop/aa374928(v=vs.85).aspx - field rights

    A string that indicates the access rights controlled by the ACE.
    This string can be a hexadecimal string representation of the access rights, 
    such as "0x7800003F", or it can be a concatenation of the following strings. 
    ...