编程设置修改文件和注册表权限最新完整例子
2015-12-28 15:23
507 查看
取消继承权限的关键在于使用SetNamedSecurityInfo 参数PROTECTED_DACL_SECURITY_INFORMATION
注意:注册表的pObjectName需要转换,这里给出一个例子
#include "Sddl.h"
#include "Aclapi.h"
LRESULT RegModifySecurity(HKEY therootkey,LPTSTR subkey,LPTSTR keysecurity)
{
long ret=-1;
TCHAR keyname[1024]={0};
if (therootkey==HKEY_CLASSES_ROOT)
{
lstrcpy(keyname,_T("CLASSES_ROOT\"));
}else
if (therootkey==HKEY_LOCAL_MACHINE)
{
lstrcpy(keyname,_T("MACHINE\"));
}else
if (therootkey==HKEY_CURRENT_USER)
{
lstrcpy(keyname,_T("CURRENT_USER\"));
}
else
if (therootkey==HKEY_USERS)
{
lstrcpy(keyname,_T("USERS\"));
}
lstrcat(keyname,subkey);
ret=MySetSecurity(keyname,SE_REGISTRY_KEY,keysecurity);
return ret;
};
/////http://blog.sina.com.cn/advnetsoft
BOOL SetPrivilege(
HANDLE hToken, // access token handle
LPCTSTR lpszPrivilege, // name of privilege to enable/disable
BOOL bEnablePrivilege // to enable or disable privilege
)
{
TOKEN_PRIVILEGES tp;
LUID luid;
if ( !LookupPrivilegeValue(
NULL, // lookup privilege on local system
lpszPrivilege, // privilege to lookup
&luid ) ) // receives LUID of privilege
{
return FALSE;
}
/////http://blog.sina.com.cn/advnetsoft
tp.PrivilegeCount = 1;
tp.Privileges[0].Luid = luid;
if (bEnablePrivilege)
tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
else
tp.Privileges[0].Attributes = 0;
// Enable the privilege or disable all privileges.
if ( !AdjustTokenPrivileges(
hToken,
FALSE,
&tp,
sizeof(TOKEN_PRIVILEGES),
(PTOKEN_PRIVILEGES) NULL,
(PDWORD) NULL) )
{
return FALSE;
}
if (GetLastError() == ERROR_NOT_ALL_ASSIGNED)
{
return FALSE;
}
/////http://blog.sina.com.cn/advnetsoft
return TRUE;
}
LRESULT MySetSecurity(LPTSTR str_name,SE_OBJECT_TYPE e_type, LPTSTR geneic_str)
{
long bRetval = -1;
HANDLE hToken = NULL;
PSID pSIDAdmin = NULL;
PSID pSIDEveryone = NULL;
PACL pNewDACL = NULL,pOldDACL = NULL;
SID_IDENTIFIER_AUTHORITY SIDAuthWorld = SECURITY_WORLD_SID_AUTHORITY;
SID_IDENTIFIER_AUTHORITY SIDAuthNT = SECURITY_NT_AUTHORITY;
const int NUM_ACES = 2;
EXPLICIT_ACCESS ea[NUM_ACES];
DWORD dwRes;
/////http://blog.sina.com.cn/advnetsoft
///获取操作权限
OpenProcessToken(GetCurrentProcess(),TOKEN_ADJUST_PRIVILEGES,&hToken);
SetPrivilege(hToken, SE_TAKE_OWNERSHIP_NAME, TRUE);
///获取所有权,再设置
AllocateAndInitializeSid(&SIDAuthWorld, 1,
SECURITY_WORLD_RID,
0,
0, 0, 0, 0, 0, 0,
&pSIDEveryone);
AllocateAndInitializeSid(&SIDAuthNT, 2,
SECURITY_BUILTIN_DOMAIN_RID,
DOMAIN_ALIAS_RID_ADMINS,
0, 0, 0, 0, 0, 0,
&pSIDAdmin);
SetNamedSecurityInfo(
str_name, // name of the object
e_type, // type of object
OWNER_SECURITY_INFORMATION, // change only the object's owner
pSIDAdmin, // SID of Administrator group
NULL,
NULL,
NULL);
/////http://blog.sina.com.cn/advnetsoft
///////新权限设置/////////////////////////////
ZeroMemory(&ea, NUM_ACES * sizeof(EXPLICIT_ACCESS));
DWORD dwPermission=0;
ACCESS_MODE e_am=SET_ACCESS;
if (0==lstrcmpi(geneic_str,_T("ACCESS_READONLY")))
{
dwPermission=GENERIC_READ|GENERIC_EXECUTE;
e_am=SET_ACCESS;
}else
if (0==lstrcmpi(geneic_str,_T("ACCESS_DENYALL")))
{
dwPermission=GENERIC_ALL;
e_am=DENY_ACCESS;
}else
if (0==lstrcmpi(geneic_str,_T("ACCESS_GENERICALL")))
{
dwPermission=GENERIC_ALL;
e_am=SET_ACCESS;
}
/////http://blog.sina.com.cn/advnetsoft
ea[0].grfAccessPermissions = dwPermission;
ea[0].grfAccessMode = e_am;
ea[0].grfInheritance = NO_INHERITANCE;
ea[0].Trustee.TrusteeForm = TRUSTEE_IS_SID;
ea[0].Trustee.TrusteeType = TRUSTEE_IS_WELL_KNOWN_GROUP;
ea[0].Trustee.ptstrName = (LPTSTR) pSIDEveryone;
ea[1].grfAccessPermissions = dwPermission;
ea[1].grfAccessMode = e_am;
ea[1].grfInheritance = NO_INHERITANCE;
ea[1].Trustee.TrusteeForm = TRUSTEE_IS_SID;
ea[1].Trustee.TrusteeType = TRUSTEE_IS_WELL_KNOWN_GROUP;
ea[1].Trustee.ptstrName = (LPTSTR) pSIDAdmin;
SetEntriesInAcl(NUM_ACES, ea, NULL, &pNewDACL);
////////设置////////////////////////
bRetval = SetNamedSecurityInfo(
str_name, // name of the object
e_type, // type of object
DACL_SECURITY_INFORMATION|PROTECTED_DACL_SECURITY_INFORMATION, // change only the object's DACL
NULL,
NULL, // do not change owner or group
pNewDACL, // DACL specified
NULL); // do not change SACL
/////http://blog.sina.com.cn/advnetsoft
Cleanup:
if (hToken)
CloseHandle(hToken);
if (pSIDEveryone)
FreeSid(pSIDEveryone);
if (pSIDAdmin)
FreeSid(pSIDAdmin);
if (pNewDACL)
LocalFree(pNewDACL);
return bRetval;
}
/////http://blog.sina.com.cn/advnetsoft
//使用方式
RegModifySecurity(HKEY_CURRENT_USER,_T("aaa"),_T("ACCESS_READONLY"));
MySetSecurity(_T("CURRENT_USER\\aaa"),SE_REGISTRY_KEY,_T("ACCESS_READONLY"));
MySetSecurity(_T("C:\\Program Files\"),SE_FILE_OBJECT,_T("ACCESS_DENYALL"));
注意:注册表的pObjectName需要转换,这里给出一个例子
#include "Sddl.h"
#include "Aclapi.h"
LRESULT RegModifySecurity(HKEY therootkey,LPTSTR subkey,LPTSTR keysecurity)
{
long ret=-1;
TCHAR keyname[1024]={0};
if (therootkey==HKEY_CLASSES_ROOT)
{
lstrcpy(keyname,_T("CLASSES_ROOT\"));
}else
if (therootkey==HKEY_LOCAL_MACHINE)
{
lstrcpy(keyname,_T("MACHINE\"));
}else
if (therootkey==HKEY_CURRENT_USER)
{
lstrcpy(keyname,_T("CURRENT_USER\"));
}
else
if (therootkey==HKEY_USERS)
{
lstrcpy(keyname,_T("USERS\"));
}
lstrcat(keyname,subkey);
ret=MySetSecurity(keyname,SE_REGISTRY_KEY,keysecurity);
return ret;
};
/////http://blog.sina.com.cn/advnetsoft
BOOL SetPrivilege(
HANDLE hToken, // access token handle
LPCTSTR lpszPrivilege, // name of privilege to enable/disable
BOOL bEnablePrivilege // to enable or disable privilege
)
{
TOKEN_PRIVILEGES tp;
LUID luid;
if ( !LookupPrivilegeValue(
NULL, // lookup privilege on local system
lpszPrivilege, // privilege to lookup
&luid ) ) // receives LUID of privilege
{
return FALSE;
}
/////http://blog.sina.com.cn/advnetsoft
tp.PrivilegeCount = 1;
tp.Privileges[0].Luid = luid;
if (bEnablePrivilege)
tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
else
tp.Privileges[0].Attributes = 0;
// Enable the privilege or disable all privileges.
if ( !AdjustTokenPrivileges(
hToken,
FALSE,
&tp,
sizeof(TOKEN_PRIVILEGES),
(PTOKEN_PRIVILEGES) NULL,
(PDWORD) NULL) )
{
return FALSE;
}
if (GetLastError() == ERROR_NOT_ALL_ASSIGNED)
{
return FALSE;
}
/////http://blog.sina.com.cn/advnetsoft
return TRUE;
}
LRESULT MySetSecurity(LPTSTR str_name,SE_OBJECT_TYPE e_type, LPTSTR geneic_str)
{
long bRetval = -1;
HANDLE hToken = NULL;
PSID pSIDAdmin = NULL;
PSID pSIDEveryone = NULL;
PACL pNewDACL = NULL,pOldDACL = NULL;
SID_IDENTIFIER_AUTHORITY SIDAuthWorld = SECURITY_WORLD_SID_AUTHORITY;
SID_IDENTIFIER_AUTHORITY SIDAuthNT = SECURITY_NT_AUTHORITY;
const int NUM_ACES = 2;
EXPLICIT_ACCESS ea[NUM_ACES];
DWORD dwRes;
/////http://blog.sina.com.cn/advnetsoft
///获取操作权限
OpenProcessToken(GetCurrentProcess(),TOKEN_ADJUST_PRIVILEGES,&hToken);
SetPrivilege(hToken, SE_TAKE_OWNERSHIP_NAME, TRUE);
///获取所有权,再设置
AllocateAndInitializeSid(&SIDAuthWorld, 1,
SECURITY_WORLD_RID,
0,
0, 0, 0, 0, 0, 0,
&pSIDEveryone);
AllocateAndInitializeSid(&SIDAuthNT, 2,
SECURITY_BUILTIN_DOMAIN_RID,
DOMAIN_ALIAS_RID_ADMINS,
0, 0, 0, 0, 0, 0,
&pSIDAdmin);
SetNamedSecurityInfo(
str_name, // name of the object
e_type, // type of object
OWNER_SECURITY_INFORMATION, // change only the object's owner
pSIDAdmin, // SID of Administrator group
NULL,
NULL,
NULL);
/////http://blog.sina.com.cn/advnetsoft
///////新权限设置/////////////////////////////
ZeroMemory(&ea, NUM_ACES * sizeof(EXPLICIT_ACCESS));
DWORD dwPermission=0;
ACCESS_MODE e_am=SET_ACCESS;
if (0==lstrcmpi(geneic_str,_T("ACCESS_READONLY")))
{
dwPermission=GENERIC_READ|GENERIC_EXECUTE;
e_am=SET_ACCESS;
}else
if (0==lstrcmpi(geneic_str,_T("ACCESS_DENYALL")))
{
dwPermission=GENERIC_ALL;
e_am=DENY_ACCESS;
}else
if (0==lstrcmpi(geneic_str,_T("ACCESS_GENERICALL")))
{
dwPermission=GENERIC_ALL;
e_am=SET_ACCESS;
}
/////http://blog.sina.com.cn/advnetsoft
ea[0].grfAccessPermissions = dwPermission;
ea[0].grfAccessMode = e_am;
ea[0].grfInheritance = NO_INHERITANCE;
ea[0].Trustee.TrusteeForm = TRUSTEE_IS_SID;
ea[0].Trustee.TrusteeType = TRUSTEE_IS_WELL_KNOWN_GROUP;
ea[0].Trustee.ptstrName = (LPTSTR) pSIDEveryone;
ea[1].grfAccessPermissions = dwPermission;
ea[1].grfAccessMode = e_am;
ea[1].grfInheritance = NO_INHERITANCE;
ea[1].Trustee.TrusteeForm = TRUSTEE_IS_SID;
ea[1].Trustee.TrusteeType = TRUSTEE_IS_WELL_KNOWN_GROUP;
ea[1].Trustee.ptstrName = (LPTSTR) pSIDAdmin;
SetEntriesInAcl(NUM_ACES, ea, NULL, &pNewDACL);
////////设置////////////////////////
bRetval = SetNamedSecurityInfo(
str_name, // name of the object
e_type, // type of object
DACL_SECURITY_INFORMATION|PROTECTED_DACL_SECURITY_INFORMATION, // change only the object's DACL
NULL,
NULL, // do not change owner or group
pNewDACL, // DACL specified
NULL); // do not change SACL
/////http://blog.sina.com.cn/advnetsoft
Cleanup:
if (hToken)
CloseHandle(hToken);
if (pSIDEveryone)
FreeSid(pSIDEveryone);
if (pSIDAdmin)
FreeSid(pSIDAdmin);
if (pNewDACL)
LocalFree(pNewDACL);
return bRetval;
}
/////http://blog.sina.com.cn/advnetsoft
//使用方式
RegModifySecurity(HKEY_CURRENT_USER,_T("aaa"),_T("ACCESS_READONLY"));
MySetSecurity(_T("CURRENT_USER\\aaa"),SE_REGISTRY_KEY,_T("ACCESS_READONLY"));
MySetSecurity(_T("C:\\Program Files\"),SE_FILE_OBJECT,_T("ACCESS_DENYALL"));
相关文章推荐
- 【转载】C++中的基类与派生类
- Delphi:GLScene报错Need at least OpenGL version 1.1的解决方法
- C#中timer类的用法总结
- ios des加密与解密(对应JAVA加解密)
- SAS学习笔记之《SAS编程与数据挖掘商业案例》(3)变量操作、观测值操作、SAS数据集管理
- SAS学习笔记之《SAS编程与数据挖掘商业案例》(3)变量操作、观测值操作、SAS数据集管理
- php【基础学习十三】零散知识点
- Problem A: C语言习题5.9--整数n和m之间的素数个数
- fir.im Weekly - 除了写代码,还需要了解什么
- 代码实现TopActivity方法
- python连接数据库出报表
- 解决Spring MVC @ResponseBody返回中文字符串乱码问题
- AS2.0大步更新 Google强势逆天
- Java Web系列:Spring MVC基础
- C++ Virtual
- 按返回键退出程序但不销毁代码,像QQ一样,后台运行
- 解读python中SocketServer源码
- 读书笔记--python数据可视化--006_从数据库导入数据
- Qt中设定tablewidget的选定范围
- 【转载】struts应用在断网情况下启动报错解决办法(java/net/AbstractPlainSocketImpl.java:178:-1)