• 创建SECURITY_DESCRIPTOR对象


    Creating a Security Descriptor for a New Object in C++
    • The following example creates a security descriptor for a new registry key using the following process. Similar code can be used to create a security descriptor for other object types.
    • The example fills an array of EXPLICIT_ACCESS structures with the information for two ACEs. One ACE allows read access to everyone; the other ACE allows full access to administrators.
    • The EXPLICIT_ACCESS array is passed to the SetEntriesInAcl function to create a DACL for the security descriptor.
    • After allocating memory for the security descriptor, the example calls the InitializeSecurityDescriptor and SetSecurityDescriptorDacl functions to initialize the security descriptor and attach the DACL.
    • The security descriptor is then stored in a SECURITY_ATTRIBUTES structure and passed to the RegCreateKeyEx function, which attaches the security descriptor to the newly created key.
    #pragma comment(lib, "advapi32.lib")

    #include <windows.h>
    #include <stdio.h>
    #include <aclapi.h>
    #include <tchar.h>

    void main()
    {

    DWORD dwRes, dwDisposition;
    PSID pEveryoneSID = NULL, pAdminSID = NULL;
    PACL pACL = NULL;
    PSECURITY_DESCRIPTOR pSD = NULL;
    EXPLICIT_ACCESS ea[2];
    SID_IDENTIFIER_AUTHORITY SIDAuthWorld =
    SECURITY_WORLD_SID_AUTHORITY;
    SID_IDENTIFIER_AUTHORITY SIDAuthNT = SECURITY_NT_AUTHORITY;
    SECURITY_ATTRIBUTES sa;
    LONG lRes;
    HKEY hkSub = NULL;

      // Create a well-known SID for the Everyone group.
      if(!AllocateAndInitializeSid(&SIDAuthWorld, 1,
    SECURITY_WORLD_RID,
                 0, 0, 0, 0, 0, 0, 0,
    &pEveryoneSID))
    {
    _tprintf(_T("AllocateAndInitializeSid Error %u\n"), GetLastError());
         goto Cleanup;
    }

       // Initialize an EXPLICIT_ACCESS structure for an ACE.
    // The ACE will allow Everyone read access to the key.
    ZeroMemory(&ea, 2 * sizeof(EXPLICIT_ACCESS));
    ea[0].grfAccessPermissions = KEY_READ;
    ea[0].grfAccessMode = SET_ACCESS;
    ea[0].grfInheritance= NO_INHERITANCE;
    ea[0].Trustee.TrusteeForm = TRUSTEE_IS_SID;
    ea[0].Trustee.TrusteeType = TRUSTEE_IS_WELL_KNOWN_GROUP;
    ea[0].Trustee.ptstrName = (LPTSTR) pEveryoneSID;

      // Create a SID for the BUILTIN\Administrators group.
      if(! AllocateAndInitializeSid(&SIDAuthNT, 2,
    SECURITY_BUILTIN_DOMAIN_RID,
    DOMAIN_ALIAS_RID_ADMINS,
                 0, 0, 0, 0, 0, 0,
    &pAdminSID))
    {
    _tprintf(_T("AllocateAndInitializeSid Error %u\n"), GetLastError());
         goto Cleanup;
    }

       // Initialize an EXPLICIT_ACCESS structure for an ACE.
    // The ACE will allow the Administrators group full access to
    // the key.
    ea[1].grfAccessPermissions = KEY_ALL_ACCESS;
    ea[1].grfAccessMode = SET_ACCESS;
    ea[1].grfInheritance= NO_INHERITANCE;
    ea[1].Trustee.TrusteeForm = TRUSTEE_IS_SID;
    ea[1].Trustee.TrusteeType = TRUSTEE_IS_GROUP;
    ea[1].Trustee.ptstrName = (LPTSTR) pAdminSID;

       // Create a new ACL that contains the new ACEs.
    dwRes = SetEntriesInAcl(2, ea, NULL, &pACL);
       if (ERROR_SUCCESS != dwRes)
    {
    _tprintf(_T("SetEntriesInAcl Error %u\n"), GetLastError());
         goto Cleanup;
    }

       // Initialize a security descriptor.
    pSD = (PSECURITY_DESCRIPTOR) LocalAlloc(LPTR,
    SECURITY_DESCRIPTOR_MIN_LENGTH);
      if (NULL == pSD)
    {
    _tprintf(_T("LocalAlloc Error %u\n"), GetLastError());
         goto Cleanup;
    }

      if (!InitializeSecurityDescriptor(pSD,
    SECURITY_DESCRIPTOR_REVISION))
    {
    _tprintf(_T("InitializeSecurityDescriptor Error %u\n"),
    GetLastError());
         goto Cleanup;
    }

      // Add the ACL to the security descriptor.
      if (!SetSecurityDescriptorDacl(pSD,
    TRUE, // bDaclPresent flag
    pACL,
    FALSE)) // not a default DACL
    {
    _tprintf(_T("SetSecurityDescriptorDacl Error %u\n"),
    GetLastError());
         goto Cleanup;
    }

       // Initialize a security attributes structure.
    sa.nLength = sizeof (SECURITY_ATTRIBUTES);
    sa.lpSecurityDescriptor = pSD;
    sa.bInheritHandle = FALSE;

       // Use the security attributes to set the security descriptor
    // when you create a key.
    lRes = RegCreateKeyEx(HKEY_CURRENT_USER, _T("mykey"), 0, _T(""), 0,
    KEY_READ | KEY_WRITE, &sa, &hkSub, &dwDisposition);
    _tprintf(_T("RegCreateKeyEx result %u\n"), lRes );

      Cleanup:

      if (pEveryoneSID)
    FreeSid(pEveryoneSID);
      if (pAdminSID)
    FreeSid(pAdminSID);
      if (pACL)
    LocalFree(pACL);
      if (pSD)
    LocalFree(pSD);
      if (hkSub)
    RegCloseKey(hkSub);

      return;

    }
  • 相关阅读:
    go install
    web网络安全系统
    Web图片分享系统
    web图库网站
    web视频播放网站
    web商业银行管理平台
    web科技管理信息平台
    web工艺品销售平台
    web房产网站
    感谢!
  • 原文地址:https://www.cnblogs.com/handongdong/p/2225356.html
Copyright © 2020-2023  润新知