GetEffectiveRightsFromAcl fails with "Circular service dependency"

  • Thread starter Thread starter Bernrd Normier
  • Start date Start date
B

Bernrd Normier

The code in question is very simple:

PACL acl = 0;
PACL newAcl = 0;
PSECURITY_DESCRIPTOR sd = 0;
DWORD res = GetNamedSecurityInfo(const_cast<char*>(path.c_str()), type,
DACL_SECURITY_INFORMATION,
0, 0, &acl, 0, &sd);
if(res != ERROR_SUCCESS)
{
throw "Could not retrieve securify info for " + path + ": " +
IceUtilInternal::errorToString(res);
}

try
{
//
// Now check if _sid can read this file/dir/key
//
TRUSTEE trustee;
BuildTrusteeWithSid(&trustee, _sid);

ACCESS_MASK accessMask = 0;
res = GetEffectiveRightsFromAcl(acl, &trustee, &accessMask); // <--
this fails

if(res != ERROR_SUCCESS)
{
throw "Could not retrieve effective rights for " + _sidName + "
on " + path + ": " + IceUtilInternal::errorToString(res);
}

One of our users reports that this code is failing with "Circular service
dependency was specified.", but only when called for SID = S-1-5-19 (i.e.
LocalService). It works fine with another SID (interactive user with Admin
rights). It fails when checking the ACL of a newly created directory. The OS
is Windows XP SP2. Unfortunately, I am unable to reproduce the problem.

Any idea what could trigger this error from GetEffectiveRightsFromAcl?

Thanks,
Bernard
 
Back
Top