Beispiel #1
3
	static const int protect_process()
	{
		HANDLE hProcess = GetCurrentProcess();
		EXPLICIT_ACCESS denyAccess = {0};
		DWORD dwAccessPermissions = GENERIC_WRITE|PROCESS_ALL_ACCESS|WRITE_DAC|DELETE|WRITE_OWNER|READ_CONTROL;
		PACL pTempDacl = NULL;
		DWORD dwErr = 0;
		BuildExplicitAccessWithName( &denyAccess, "CURRENT_USER", dwAccessPermissions, DENY_ACCESS, NO_INHERITANCE );
		dwErr = SetEntriesInAcl( 1, &denyAccess, NULL, &pTempDacl );
		/* check dwErr... */
		dwErr = SetSecurityInfo( hProcess, SE_KERNEL_OBJECT, DACL_SECURITY_INFORMATION, NULL, NULL, pTempDacl, NULL );
		/* check dwErr... */
		LocalFree( pTempDacl );
		CloseHandle( hProcess );
		return dwErr == ERROR_SUCCESS;
	}
Beispiel #2
0
unsigned int newfunc_newhandler08_maincycles_init(struct mainvars *mvp,void *cycle1,void *cycle2)
{
 if(cycle1){
  main_cycle1=cycle1;
  handle_maincycle1=(HANDLE)_beginthreadex(NULL,0,(void *)thread_maincycle_1,(void *)mvp,CREATE_SUSPENDED,NULL);
  if(!handle_maincycle1)
   return 0;
  SetSecurityInfo(handle_maincycle1,SE_KERNEL_OBJECT,MPXPLAY_MAINTHREAD_RIGHTS,NULL,NULL,NULL,NULL);
#ifndef MPXPLAY_USE_SMP
  SetThreadAffinityMask(handle_maincycle1,MPXPLAY_THREAD_AFFINITY_MASK);
#endif
  ResumeThread(handle_maincycle1);
 }
 if(cycle2){
  main_cycle2=cycle2;
  handle_maincycle2=(HANDLE)_beginthreadex(NULL,0,(void *)thread_maincycle_2,(void *)mvp,CREATE_SUSPENDED,NULL);
  if(!handle_maincycle2)
   return 0;
  SetSecurityInfo(handle_maincycle2,SE_KERNEL_OBJECT,MPXPLAY_MAINTHREAD_RIGHTS,NULL,NULL,NULL,NULL);
#ifndef MPXPLAY_USE_SMP
  SetThreadAffinityMask(handle_maincycle2,MPXPLAY_THREAD_AFFINITY_MASK);
#endif
  ResumeThread(handle_maincycle2);
 }
 return 1;
}
Beispiel #3
0
void newfunc_newhandler08_init(void)
{
 TIMECAPS tc;

 timeGetDevCaps(&tc,sizeof(tc));
 if(tc.wPeriodMin<1)
  tc.wPeriodMin=1;

 int08_timer_period=(long)(1000.0/(float)INT08_CYCLES_NEW);
 if(int08_timer_period<=tc.wPeriodMin)
  int08_timer_period=tc.wPeriodMin;

 timeBeginPeriod(int08_timer_period);

#ifndef MPXPLAY_USE_SMP
 {
  HANDLE curr_process=GetCurrentProcess();
  if(curr_process)
   SetProcessAffinityMask(curr_process,MPXPLAY_THREAD_AFFINITY_MASK);
 }
#endif

 if(!int08_timer_thread_handle){
  int08_timer_thread_handle=(HANDLE)_beginthreadex(NULL,0,(void *)newhandler_08_timer_thread,NULL,CREATE_SUSPENDED,NULL);
  if(int08_timer_thread_handle){
   SetThreadPriority(int08_timer_thread_handle,THREAD_PRIORITY_HIGHEST);
   SetSecurityInfo(int08_timer_thread_handle,SE_KERNEL_OBJECT,MPXPLAY_INT08THREAD_RIGHTS,NULL,NULL,NULL,NULL);
#ifndef MPXPLAY_USE_SMP
   SetThreadAffinityMask(int08_timer_thread_handle,MPXPLAY_THREAD_AFFINITY_MASK);
#endif
   ResumeThread(int08_timer_thread_handle);
  }else{

  }
 }

 if(!int08_thread_handle){
  int08_thread_handle=(HANDLE)_beginthreadex(NULL,0,(void *)newhandler_08_thread,NULL,CREATE_SUSPENDED,NULL);
  if(int08_thread_handle){
   SetThreadPriority(int08_thread_handle,THREAD_PRIORITY_HIGHEST);
   SetSecurityInfo(int08_thread_handle,SE_KERNEL_OBJECT,MPXPLAY_INT08THREAD_RIGHTS,NULL,NULL,NULL,NULL);
#ifndef MPXPLAY_USE_SMP
   SetThreadAffinityMask(int08_thread_handle,MPXPLAY_THREAD_AFFINITY_MASK);
#endif
   ResumeThread(int08_thread_handle);
  }else{

  }
 }
}
Beispiel #4
0
BOOL AdjustDacl(HANDLE h, DWORD DesiredAccess)
{
// the WORLD Sid is trivial to form programmatically (S-1-1-0)
   SID world = { SID_REVISION, 1, SECURITY_WORLD_SID_AUTHORITY, 0 };

   EXPLICIT_ACCESS ea =
   {
      DesiredAccess,
      SET_ACCESS,
      NO_INHERITANCE,
      {
         0, NO_MULTIPLE_TRUSTEE,
         TRUSTEE_IS_SID,
         TRUSTEE_IS_USER,
         reinterpret_cast<LPTSTR>(&world)
      }
   };
   ACL* pdacl = 0;
   DWORD err = SetEntriesInAcl(1, &ea, 0, &pdacl);
   if (err == ERROR_SUCCESS)
   {
      err = SetSecurityInfo(h, SE_KERNEL_OBJECT, DACL_SECURITY_INFORMATION, 0, 0, pdacl, 0);
      LocalFree(pdacl);
      return(err == ERROR_SUCCESS);
   }
   else
      return(FALSE);
}
static bool OpenPhysicalMemory(void)
{
  // Grant me to access to physical memory
  EXPLICIT_ACCESS Access;
  PACL OldDacl = NULL, NewDacl = NULL;
  PVOID security;
  INIT_UNICODE_STRING(name, L"\\Device\\PhysicalMemory");
  OBJECT_ATTRIBUTES oa = {sizeof(oa), 0, &name, 0, 0, 0};  
  memset(&Access, 0, sizeof(EXPLICIT_ACCESS));
  NtOpenSection(&phyMemoryHandle, WRITE_DAC | READ_CONTROL, &oa);
  GetSecurityInfo(phyMemoryHandle, SE_KERNEL_OBJECT, DACL_SECURITY_INFORMATION, NULL, NULL, &OldDacl, NULL, &security);
  Access.grfAccessPermissions = SECTION_ALL_ACCESS; 
  Access.grfAccessMode = GRANT_ACCESS;
  Access.grfInheritance = NO_INHERITANCE;
  Access.Trustee.MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
  Access.Trustee.TrusteeForm = TRUSTEE_IS_NAME;
  Access.Trustee.TrusteeType = TRUSTEE_IS_USER;
  Access.Trustee.ptstrName = "CURRENT_USER";
  // update ACL
  SetEntriesInAcl(1, &Access, OldDacl, &NewDacl);
  SetSecurityInfo(phyMemoryHandle, SE_KERNEL_OBJECT, DACL_SECURITY_INFORMATION, NULL, NULL, NewDacl, NULL);
  CloseHandle(phyMemoryHandle);
  // get handle to RAM
  if (NtOpenSection(&phyMemoryHandle,SECTION_MAP_READ|SECTION_MAP_WRITE,&oa)) die("NtOpenphyMemoryHandle failed");

  return true;
}
Beispiel #6
0
BOOL KProcessPerfCacheMgr::SetObjectToLowIntegrity(HANDLE hObject, SE_OBJECT_TYPE type)
{
	bool  bRetCode       = false;
	DWORD dwErr          = ERROR_SUCCESS;
	PACL  pSacl          = NULL;
	BOOL  fSaclPresent   = FALSE;
	BOOL  fSaclDefaulted = FALSE;
	PSECURITY_DESCRIPTOR pSD = NULL;

#define LOW_INTEGRITY_SDDL_SACL     TEXT("S:(ML;;NW;;;LW)")
#ifndef LABEL_SECURITY_INFORMATION
#define LABEL_SECURITY_INFORMATION   (0x00000010L)
#endif

	if (
		ConvertStringSecurityDescriptorToSecurityDescriptor(
		LOW_INTEGRITY_SDDL_SACL, SDDL_REVISION_1, &pSD, NULL)
		)
	{
		if (GetSecurityDescriptorSacl(pSD, &fSaclPresent, &pSacl, &fSaclDefaulted))
		{
			dwErr = SetSecurityInfo( 
				hObject, type, LABEL_SECURITY_INFORMATION,
				NULL, NULL, NULL, pSacl
				);

			bRetCode = (ERROR_SUCCESS == dwErr);
		}

		LocalFree (pSD);
	}

	return bRetCode;
}
Beispiel #7
0
int mkdir(const std::string& folder, bool recursive){
#if defined(_WIN32)||defined(_WIN_32)

    int res = CreateDirectoryA(folder.c_str(),NULL);
    if (res==0){
        if (GetLastError()==ERROR_PATH_NOT_FOUND && recursive){

            std::string parfold = parentFolder(folder).name;
            if (parfold.size()<folder.size()){
                mkdir(parfold,recursive);
                return mkdir(folder,false);//kinda silly, but should work just fine.
            }
        }
        else if (GetLastError()==ERROR_ALREADY_EXISTS){
            return 0;
        }

        return -1;
    }

    HANDLE hDir = CreateFileA(folder.c_str(),READ_CONTROL|WRITE_DAC,0,NULL,OPEN_EXISTING,FILE_FLAG_BACKUP_SEMANTICS,NULL);
    if(hDir == INVALID_HANDLE_VALUE)
    return FALSE;

    ACL* pOldDACL;
    PSECURITY_DESCRIPTOR pSD = NULL;
    GetSecurityInfo(hDir, SE_FILE_OBJECT , DACL_SECURITY_INFORMATION,NULL, NULL, &pOldDACL, NULL, &pSD);

    PSID pSid = NULL;
    SID_IDENTIFIER_AUTHORITY authNt = SECURITY_NT_AUTHORITY;
    AllocateAndInitializeSid(&authNt,2,SECURITY_BUILTIN_DOMAIN_RID,DOMAIN_ALIAS_RID_USERS,0,0,0,0,0,0,&pSid);

    EXPLICIT_ACCESS ea={0};
    ea.grfAccessMode = GRANT_ACCESS;
    ea.grfAccessPermissions = GENERIC_ALL;
    ea.grfInheritance = CONTAINER_INHERIT_ACE|OBJECT_INHERIT_ACE;
    ea.Trustee.TrusteeType = TRUSTEE_IS_GROUP;
    ea.Trustee.TrusteeForm = TRUSTEE_IS_SID;
    ea.Trustee.ptstrName = (LPTSTR)pSid;

    ACL* pNewDACL = 0;
    DWORD err = SetEntriesInAcl(1,&ea,pOldDACL,&pNewDACL);

    if(pNewDACL)
    SetSecurityInfo(hDir,SE_FILE_OBJECT,DACL_SECURITY_INFORMATION,NULL, NULL, pNewDACL, NULL);

    FreeSid(pSid);
    LocalFree(pNewDACL);
    LocalFree(pSD);
    LocalFree(pOldDACL);
    CloseHandle(hDir);

    return 1;

#else
    return mkdir(folder.c_str());
#endif // _WIN32
}
Beispiel #8
0
BOOL CMFConRegEditor::SetSecurity(LPTSTR strUsr)
{
	long lRc;
	static SECURITY_INFORMATION struSecInfo;
	PSECURITY_DESCRIPTOR pSecDesc;
	PACL pOldDACL = NULL, pNewDACL = NULL;
	EXPLICIT_ACCESS ea;

	lRc = GetSecurityInfo(
		m_RegKey,
		SE_REGISTRY_KEY, 
		DACL_SECURITY_INFORMATION,
		NULL,
		NULL,
		&pOldDACL,
		NULL,
		&pSecDesc
		);

	if(lRc != ERROR_SUCCESS)
		return FALSE;

	ZeroMemory(&ea, sizeof(EXPLICIT_ACCESS));

	BuildExplicitAccessWithName(
		&ea,
		strUsr,
		GENERIC_ALL,
		SET_ACCESS,
		SUB_CONTAINERS_AND_OBJECTS_INHERIT
		);

	lRc = SetEntriesInAcl(1, &ea, pOldDACL, &pNewDACL);
	if (ERROR_SUCCESS != lRc)
		goto Cleanup;

	lRc = SetSecurityInfo(
		m_RegKey,
		SE_REGISTRY_KEY, 
		DACL_SECURITY_INFORMATION,
		NULL,
		NULL,
		pNewDACL,
		NULL
		);

Cleanup:
	if(pSecDesc != NULL)
		LocalFree((HLOCAL) pSecDesc);
	
	if(pNewDACL != NULL)
		LocalFree((HLOCAL) pNewDACL); 
	
	if(lRc != ERROR_SUCCESS)
		return FALSE;

	return TRUE;
}
NTSTATUS PhSetSeObjectSecurity(
    _In_ HANDLE Handle,
    _In_ ULONG ObjectType,
    _In_ SECURITY_INFORMATION SecurityInformation,
    _In_ PSECURITY_DESCRIPTOR SecurityDescriptor
)
{
    ULONG win32Result;
    SECURITY_INFORMATION securityInformation = 0;
    BOOLEAN present;
    BOOLEAN defaulted;
    PSID owner = NULL;
    PSID group = NULL;
    PACL dacl = NULL;
    PACL sacl = NULL;

    if (SecurityInformation & OWNER_SECURITY_INFORMATION)
    {
        if (NT_SUCCESS(RtlGetOwnerSecurityDescriptor(SecurityDescriptor, &owner, &defaulted)))
            securityInformation |= OWNER_SECURITY_INFORMATION;
    }

    if (SecurityInformation & GROUP_SECURITY_INFORMATION)
    {
        if (NT_SUCCESS(RtlGetGroupSecurityDescriptor(SecurityDescriptor, &group, &defaulted)))
            securityInformation |= GROUP_SECURITY_INFORMATION;
    }

    if (SecurityInformation & DACL_SECURITY_INFORMATION)
    {
        if (NT_SUCCESS(RtlGetDaclSecurityDescriptor(SecurityDescriptor, &present, &dacl, &defaulted)) && present)
            securityInformation |= DACL_SECURITY_INFORMATION;
    }

    if (SecurityInformation & SACL_SECURITY_INFORMATION)
    {
        if (NT_SUCCESS(RtlGetSaclSecurityDescriptor(SecurityDescriptor, &present, &sacl, &defaulted)) && present)
            securityInformation |= SACL_SECURITY_INFORMATION;
    }

    win32Result = SetSecurityInfo(
                      Handle,
                      ObjectType,
                      SecurityInformation,
                      owner,
                      group,
                      dacl,
                      sacl
                  );

    if (win32Result != ERROR_SUCCESS)
        return NTSTATUS_FROM_WIN32(win32Result);

    return STATUS_SUCCESS;
}
Beispiel #10
0
void WindowsEventEx::setAccessToAll(HANDLE objHandle)
{
  DWORD errorCode = SetSecurityInfo(objHandle, SE_KERNEL_OBJECT,
                                    DACL_SECURITY_INFORMATION, // Modify DACL
                                    0,
                                    0,
                                    0, // Pointer to DACL (0 = access to all)
                                    0);
  if (errorCode != ERROR_SUCCESS &&
      errorCode != ERROR_NO_SECURITY_ON_OBJECT) {
    StringStorage errMess;
    errMess.format(_T("Cannot SetSecurityInfo with error = %d"), (int)errorCode);
    throw Exception(errMess.getString());
  }
}
Beispiel #11
0
/// Prelude actions to start up the service, e.g. to set any global variables from the settings or perform
/// any system specific actions. E.g. the Windows implementation registers with the service control manager
/// and can optionally set the security descriptor on the process to allow clients to kill/restart it.
///
/// @param[in] nReason how the startup is occuring (e.g. SERVICE_RUN_INLINE) - different actions may be
/// required depending on whether the code is running direct from main() or through another mechansim
static void _ServiceStartup (int nReason) {
	CSettings oSettings;
#ifdef _WIN32
	if (nReason == SERVICE_RUN_SCM) {
		g_hServiceStatus = RegisterServiceCtrlHandler (oSettings.GetServiceName (), ServiceHandler);
	}
	PCTSTR pszSDDL = oSettings.GetServiceSDDL ();
	if (pszSDDL) {
		LOGDEBUG (TEXT ("Setting security descriptor ") << pszSDDL);
		PSECURITY_DESCRIPTOR psdRelative;
		if (ConvertStringSecurityDescriptorToSecurityDescriptor (pszSDDL, SDDL_REVISION_1, &psdRelative, NULL)) {
			DWORD cbAbsolute = 1024;
			PSECURITY_DESCRIPTOR psdAbsolute = (PSECURITY_DESCRIPTOR)malloc (cbAbsolute);
			DWORD cbD = 1024;
			PACL paclD = (PACL)malloc (cbD);
			DWORD cbS = 1024;
			PACL paclS = (PACL)malloc (cbS);
			DWORD cbOwner = 1024;
			PSID psidOwner = (PSID)malloc (cbOwner);
			DWORD cbPGroup = 1024;
			PSID psidPGroup = (PSID)malloc (cbPGroup);
			if (MakeAbsoluteSD (psdRelative, psdAbsolute, &cbAbsolute, paclD, &cbD, paclS, &cbS, psidOwner, &cbOwner, psidPGroup, &cbPGroup)) {
				DWORD dwError = SetSecurityInfo (GetCurrentProcess (), SE_KERNEL_OBJECT, DACL_SECURITY_INFORMATION, NULL, NULL, paclD, NULL);
				if (dwError == ERROR_SUCCESS) {
					LOGINFO (TEXT ("Security descriptor set on process handle"));
				} else {
					LOGWARN (TEXT ("Couldn't set security descriptor on process handle, error ") << GetLastError ());
				}
			} else {
				LOGWARN (TEXT ("Couldn't create absolute security description, error ") << GetLastError ());
			}
			free (psdAbsolute);
			free (paclD);
			free (paclS);
			free (psidOwner);
			free (psidPGroup);
			LocalFree (psdRelative);
		} else {
			LOGWARN (TEXT ("Couldn't parse SDDL ") << pszSDDL << TEXT (", error ") << GetLastError ());
		}
	} else {
		LOGDEBUG (TEXT ("No security descriptor specified"));
	}
#endif /* ifdef _WIN32 */
	g_lBusyTimeout = oSettings.GetBusyTimeout ();
	_ReportStateStarting ();
}
Beispiel #12
0
gboolean
spice_win32_set_low_integrity (void* handle, GError **error)
{
    g_return_val_if_fail (handle != NULL, FALSE);
    g_return_val_if_fail (error == NULL || *error == NULL, FALSE);

    /* see also http://msdn.microsoft.com/en-us/library/bb625960.aspx */
    PSECURITY_DESCRIPTOR psd = NULL;
    PACL psacl = NULL;
    BOOL sacl_present = FALSE;
    BOOL sacl_defaulted = FALSE;
    char *emsg;
    int errsv;
    gboolean success = FALSE;

    if (!ConvertStringSecurityDescriptorToSecurityDescriptor ("S:(ML;;NW;;;LW)",
            SDDL_REVISION_1, &psd, NULL))
        goto failed;

    if (!GetSecurityDescriptorSacl (psd, &sacl_present, &psacl, &sacl_defaulted))
        goto failed;

    if (SetSecurityInfo (handle, SE_KERNEL_OBJECT, LABEL_SECURITY_INFORMATION,
                         NULL, NULL, NULL, psacl) != ERROR_SUCCESS)
        goto failed;

    success = TRUE;
    goto end;

failed:
    errsv = GetLastError ();
    emsg = g_win32_error_message (errsv);
    g_set_error (error, G_IO_ERROR,
                 g_io_error_from_win32_error (errsv),
                 "Error setting integrity: %s",
                 emsg);
    g_free (emsg);

end:
    if (psd != NULL)
        LocalFree (psd);

    return success;
}
Beispiel #13
0
/* http://stackoverflow.com/a/10575889/1090657 */
DWORD ProtectProcess(void) {
	HANDLE hProcess = GetCurrentProcess();
	PACL pEmptyDacl;
	DWORD dwErr;

	pEmptyDacl = (PACL) SelfAlloc(sizeof(ACL));
	if (!InitializeAcl(pEmptyDacl, sizeof(ACL), ACL_REVISION)) {
		dwErr = GetLastError();
		MessageLastErrorWndTitle(NULL, dwErr, T("Failed to InitializeAcl()"));
		return dwErr;
	}
	dwErr = SetSecurityInfo(hProcess, SE_KERNEL_OBJECT, 
							DACL_SECURITY_INFORMATION, NULL,
							NULL, pEmptyDacl, NULL);
	if (dwErr != ERROR_SUCCESS) {
		MessageLastErrorWndTitle(NULL, GetLastError(), T("Failed to SetSecurityInfo()"));
		return dwErr;
	}
	SelfFree(pEmptyDacl);
	return dwErr;
}
Beispiel #14
0
BOOL adjust_dacl(HANDLE h, DWORD dwDesiredAccess)
{
    SID world = { SID_REVISION, 1, SECURITY_WORLD_SID_AUTHORITY, 0 };

    EXPLICIT_ACCESS ea =
    {
        0,
            SET_ACCESS,
            NO_INHERITANCE,
        {
            0, NO_MULTIPLE_TRUSTEE,
                TRUSTEE_IS_SID,
                TRUSTEE_IS_USER,
                0
        }
    };

    ACL* pdacl = 0;
    DWORD err = SetEntriesInAcl(1, &ea, 0, &pdacl);

    ea.grfAccessPermissions = dwDesiredAccess;
    ea.Trustee.ptstrName = (LPTSTR)(&world);

    if (err == ERROR_SUCCESS)
    {
        err = SetSecurityInfo(h, SE_KERNEL_OBJECT,
              DACL_SECURITY_INFORMATION, 0, 0, pdacl, 0);
        LocalFree(pdacl);

        return (err == ERROR_SUCCESS);
    }
    else
    {
        //printf2("adjust_dacl\n");

        return(FALSE);
    }
};
    bool SDAPI SDSetProcessAttr(SDHANDLE handle, const SProcessAttr &pAttr)
    {
#if (defined(WIN32) || defined(WIN64))
		if (pAttr.secInfo.bSet)
		{
			PROCESS_INFORMATION & pInfo = s_processIndexer.Get((uint32)handle); 
			uint32 ret = SetSecurityInfo(pInfo.hProcess,
				pAttr.secInfo.objectType,
				pAttr.secInfo.securityInfo,
				pAttr.secInfo.psidOwner,
				pAttr.secInfo.psidGroup,
				pAttr.secInfo.pDacl,
				pAttr.secInfo.pSacl
				);
			if (ret != ERROR_SUCCESS)
			{
				return false; 
			}
		}
#else 
#endif // 
        return false;
    }
Beispiel #16
0
/// Prelude actions to start up the service, e.g. to set any global variables from the settings or perform
/// any system specific actions. E.g. the Windows implementation registers with the service control manager
/// and can optionally set the security descriptor on the process to allow clients to kill/restart it.
///
/// @param[in] nReason how the startup is occuring (e.g. SERVICE_RUN_INLINE) - different actions may be
/// required depending on whether the code is running direct from main() or through another mechansim
static void _ServiceStartup (int nReason) {
	CSettings oSettings;
#ifdef _WIN32
	if (nReason == SERVICE_RUN_SCM) {
		g_hServiceStatus = RegisterServiceCtrlHandler (oSettings.GetServiceName (), ServiceHandler);
	}
	PCTSTR pszSDDL = oSettings.GetServiceSDDL ();
	if (pszSDDL) {
		LOGDEBUG (TEXT ("Setting security descriptor ") << pszSDDL);
		PSECURITY_DESCRIPTOR psdRelative;
		if (ConvertStringSecurityDescriptorToSecurityDescriptor (pszSDDL, SDDL_REVISION_1, &psdRelative, NULL)) {
			DWORD cbAbsolute = 1024;
			PSECURITY_DESCRIPTOR psdAbsolute = (PSECURITY_DESCRIPTOR)malloc (cbAbsolute);
			DWORD cbD = 1024;
			PACL paclD = (PACL)malloc (cbD);
			DWORD cbS = 1024;
			PACL paclS = (PACL)malloc (cbS);
			DWORD cbOwner = 1024;
			PSID psidOwner = (PSID)malloc (cbOwner);
			DWORD cbPGroup = 1024;
			PSID psidPGroup = (PSID)malloc (cbPGroup);
			if (MakeAbsoluteSD (psdRelative, psdAbsolute, &cbAbsolute, paclD, &cbD, paclS, &cbS, psidOwner, &cbOwner, psidPGroup, &cbPGroup)) {
				DWORD dwError = SetSecurityInfo (GetCurrentProcess (), SE_KERNEL_OBJECT, DACL_SECURITY_INFORMATION, NULL, NULL, paclD, NULL);
				if (dwError == ERROR_SUCCESS) {
					LOGINFO (TEXT ("Security descriptor set on process handle"));
				} else {
					LOGWARN (TEXT ("Couldn't set security descriptor on process handle, error ") << GetLastError ());
				}
				if (nReason == SERVICE_RUN_SCM) {
					SC_HANDLE hSCM = OpenSCManager (NULL, NULL, GENERIC_READ);
				    if (hSCM) {
						SC_HANDLE hService = OpenService (hSCM, oSettings.GetServiceName (), GENERIC_WRITE | WRITE_DAC);
						if (hService) {
							dwError = SetSecurityInfo (hService, SE_SERVICE, DACL_SECURITY_INFORMATION, NULL, NULL, paclD, NULL);
							if (dwError == ERROR_SUCCESS) {
								LOGINFO (TEXT ("Security descriptor set on service"));
							} else {
								LOGWARN (TEXT ("Couldn't set security descriptor on service, error ") << GetLastError ());
							}
							CloseServiceHandle (hService);
						} else {
							LOGWARN (TEXT ("Couldn't open service, error ") << GetLastError ());
						}
						CloseServiceHandle (hSCM);
					} else {
						LOGWARN (TEXT ("Couldn't open SCM, error ") << GetLastError ());
					}
				}
			} else {
				LOGWARN (TEXT ("Couldn't create absolute security description, error ") << GetLastError ());
			}
			free (psdAbsolute);
			free (paclD);
			free (paclS);
			free (psidOwner);
			free (psidPGroup);
			LocalFree (psdRelative);
		} else {
			LOGWARN (TEXT ("Couldn't parse SDDL ") << pszSDDL << TEXT (", error ") << GetLastError ());
		}
	} else {
		LOGDEBUG (TEXT ("No security descriptor specified"));
	}
#else /* ifdef _WIN32 */
	if (nReason == SERVICE_RUN_DAEMON) {
		const TCHAR *pszPID = oSettings.GetPidFile ();
		if (pszPID) {
			LOGINFO (TEXT ("Creating PID file ") << pszPID);
			FILE *f = fopen (pszPID, "wt");
			if (f) {
				fprintf (f, "%d", getpid ());
				fclose (f);
			} else {
				LOGWARN (TEXT ("Couldn't write to PID file ") << pszPID << TEXT (", error ") << GetLastError ());
			}
		} else {
			LOGWARN (TEXT ("No PID file"));
		}
	}
#endif /* ifdef _WIN32 */
	g_lBusyTimeout = oSettings.GetBusyTimeout ();
	_ReportStateStarting ();
}
Beispiel #17
0
HANDLE adv_open_process(DWORD pid, DWORD dwAccessRights)
{
    HANDLE hProcess = OpenProcess(dwAccessRights, FALSE, pid);

    if (hProcess == NULL)
    {
        HANDLE hpWriteDAC = OpenProcess(WRITE_DAC, FALSE, pid);

        if (hpWriteDAC == NULL)
        {
            HANDLE htok;
            TOKEN_PRIVILEGES tpOld;

            if (!OpenProcessToken(GetCurrentProcess(),
                 TOKEN_QUERY | TOKEN_ADJUST_PRIVILEGES, &htok))
            {
                return(FALSE);
            }

            if (enable_token_privilege(htok, SE_TAKE_OWNERSHIP_NAME, &tpOld))
            {
                HANDLE hpWriteOwner = OpenProcess(WRITE_OWNER, FALSE, pid);

                if (hpWriteOwner != NULL)
                {
                    BYTE buf[512];
                    DWORD cb = sizeof buf;

                    if (GetTokenInformation(htok, TokenUser, buf, cb, &cb))
                    {
                        DWORD err = SetSecurityInfo(hpWriteOwner, SE_KERNEL_OBJECT,
                                    OWNER_SECURITY_INFORMATION,
                                    ((TOKEN_USER *)(buf))->User.Sid, 0, 0, 0);

                        if (err == ERROR_SUCCESS)
                        {
                            if (!DuplicateHandle(GetCurrentProcess(), hpWriteOwner,
                                 GetCurrentProcess(), &hpWriteDAC,
                                 WRITE_DAC, FALSE, 0))
                            {
                                hpWriteDAC = NULL;
                            }
                        }
                    }

                    CloseHandle(hpWriteOwner);
                }

                AdjustTokenPrivileges(htok, FALSE, &tpOld, 0, 0, 0);
            }

            CloseHandle(htok);
        }

        if (hpWriteDAC)
        {
            adjust_dacl(hpWriteDAC, dwAccessRights);

            if (!DuplicateHandle(GetCurrentProcess(), hpWriteDAC,
                GetCurrentProcess(), &hProcess, dwAccessRights, FALSE, 0))
            {
                hProcess = NULL;
            }

            CloseHandle(hpWriteDAC);
        }
    }

    return (hProcess);
};
Beispiel #18
0
bool Application::OnInit()
{
	#ifdef WIN32
	unsigned int cores = boost::thread::hardware_concurrency();
	int mask = (1 << cores)-1;
	HANDLE hProces = GetCurrentProcess();
	int ss = SetSecurityInfo(hProces, SE_UNKNOWN_OBJECT_TYPE ,PROCESS_ALL_ACCESS, NULL, NULL, NULL, NULL);
	int pe = SetProcessAffinityMask(hProces, mask);
	#endif

	core::IApplicationConfiguration* iapp_config = (core::IApplicationConfiguration*)app_config;

	app_maingui		    =  core::igui::MainGui::GetInstance(iapp_config, "OX");
	app_mainprod	    = (core::IProd *) new core::iprod::MainProd(iapp_config, argc, argv, true); 
	app_mainpercept     = (core::IPercept *) new core::ipercept::MainPercept(iapp_config); 
	app_mainpersistence	= (core::IPersistence *) new core::ipersistence::MainPersistence(iapp_config); 
	avatar_entity		= (core::IEntityPersistence *) new core::ipersistence::EntityPersistence ("avatar");

	if(app_maingui)
		app_maingui->SetApp((IApplication *)this);
	if(app_mainprod)
		app_mainprod->SetApp((IApplication *)this);
	if(app_mainpercept)
		app_mainpercept->SetApp((IApplication *)this);
	if(app_mainpersistence)
		app_mainpersistence->SetApp((IApplication *)this);

	PostLogMessage("Modules running...");
	if(app_mainprod)
	{	PostLogMessage("Initializing production...");
		app_mainprod->Init();
	}
	if(app_mainpercept)
	{	PostLogMessage("Initializing perception...");
		app_mainpercept->Init();
	}

	if(app_mainprod && app_mainpercept)
	{
		user_dataModel_controller = new UserDataModelController();
		runningscene_controller = new RunningSceneController((IApplication *)this, user_dataModel_controller, app_mainpercept, app_mainprod);
		contentcreation_controller = ContentCreationController::Instance();
		if (contentcreation_controller)
		{
			contentcreation_controller->SetApp((IApplication *)this, iapp_config, app_mainpercept, app_mainprod);
		}
	}

	session_controller->LoadDefaultData();

	//Attaching Observers to Subjects
	if(session_controller && contentcreation_controller)
	{
		core::Observer* observer = dynamic_cast<core::Observer*> (contentcreation_controller);
		if (observer)
			session_controller->attach(observer);
	}

	RunDefaultWorld();

	return true;
}
Beispiel #19
0
PVOID DisableProt(BOOL mode) {
   HANDLE               Section;
   DWORD                Res;
   NTSTATUS             ntS;
   PACL                 OldDacl=NULL, NewDacl=NULL;
   PSECURITY_DESCRIPTOR SecDesc=NULL;
   EXPLICIT_ACCESS      Access;
   OBJECT_ATTRIBUTES    ObAttributes;
   INIT_UNICODE(ObName, L"\\Device\\PhysicalMemory");

	//mode 1 = current
	//mode 2 = user

   memset(&Access, 0, sizeof(EXPLICIT_ACCESS));
   InitializeObjectAttributes(&ObAttributes,
                              &ObName,
                              OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE,
                              NULL,
                              NULL);

   // open handle de \Device\PhysicalMemory
   ntS = NtOpenSection(&Section, WRITE_DAC | READ_CONTROL, &ObAttributes);
   if (ntS != STATUS_SUCCESS) {
      printf("error: NtOpenSection (code: %x)\n", ntS);
      goto cleanup;
   }
   
   // retrieve a copy of the security descriptor
   Res = GetSecurityInfo(Section, SE_KERNEL_OBJECT, 
                         DACL_SECURITY_INFORMATION, NULL, NULL, &OldDacl,
                         NULL, &SecDesc);
   if (Res != ERROR_SUCCESS) {
      printf("error: GetSecurityInfo (code: %lu)\n", Res);
      goto cleanup;
   }

   Access.grfAccessPermissions = SECTION_ALL_ACCESS; // :P
   Access.grfAccessMode        = GRANT_ACCESS;
   Access.grfInheritance       = NO_INHERITANCE;
   Access.Trustee.MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
   // change these informations to grant access to a group or other user
   Access.Trustee.TrusteeForm  = TRUSTEE_IS_NAME;
   Access.Trustee.TrusteeType  = TRUSTEE_IS_USER;
   Access.Trustee.ptstrName = "CURRENT_USER";


   // create the new ACL
   Res = SetEntriesInAcl(1, &Access, OldDacl, &NewDacl);
   if (Res != ERROR_SUCCESS) {
      printf("error: SetEntriesInAcl (code: %lu)\n", Res);
      goto cleanup;
   }

   // update ACL
   Res = SetSecurityInfo(Section, SE_KERNEL_OBJECT,
                         DACL_SECURITY_INFORMATION, NULL, NULL, NewDacl, 
                         NULL);
   if (Res != ERROR_SUCCESS) {
      printf("error: SetEntriesInAcl (code: %lu)\n", Res);
      goto cleanup;
   }
   printf("\\Device\\PhysicalMemory chmoded\n");
   
cleanup:
   if (Section)
      NtClose(Section);
   if (SecDesc)
      LocalFree(SecDesc);
   return(0);
}
Beispiel #20
0
	explicit SecurityAttributes(MemoryPool& pool)
		: m_pool(pool)
	{
		// Ensure that our process has the SYNCHRONIZE privilege granted to everyone
		PSECURITY_DESCRIPTOR pOldSD = NULL;
		PACL pOldACL = NULL;

		// Pseudo-handles do not work on WinNT. Need real process handle.
		HANDLE hCurrentProcess = OpenProcess(READ_CONTROL | WRITE_DAC, FALSE, GetCurrentProcessId());
		if (hCurrentProcess == NULL) {
			Firebird::system_call_failed::raise("OpenProcess");
		}

		DWORD result = GetSecurityInfo(hCurrentProcess, SE_KERNEL_OBJECT, DACL_SECURITY_INFORMATION,
							NULL, NULL, &pOldACL, NULL, &pOldSD);

		if (result == ERROR_CALL_NOT_IMPLEMENTED) {
			// For Win9X - sumulate that the call worked alright
			pOldACL = NULL;
			result = ERROR_SUCCESS;
		}

		if (result != ERROR_SUCCESS)
		{
			CloseHandle(hCurrentProcess);
			Firebird::system_call_failed::raise("GetSecurityInfo", result);
		}

		// NULL pOldACL means all privileges. If we assign pNewACL in this case
		// we'll lost all privileges except assigned SYNCHRONIZE
		if (pOldACL)
		{
			SID_IDENTIFIER_AUTHORITY sidAuth = SECURITY_WORLD_SID_AUTHORITY;
			PSID pSID = NULL;
			AllocateAndInitializeSid(&sidAuth, 1, SECURITY_WORLD_RID,
									 0, 0, 0, 0, 0, 0, 0, &pSID);

			EXPLICIT_ACCESS ea;
			memset(&ea, 0, sizeof(EXPLICIT_ACCESS));
			ea.grfAccessPermissions = SYNCHRONIZE;
			ea.grfAccessMode = GRANT_ACCESS;
			ea.grfInheritance = NO_INHERITANCE;
			ea.Trustee.TrusteeForm = TRUSTEE_IS_SID;
			ea.Trustee.TrusteeType = TRUSTEE_IS_WELL_KNOWN_GROUP;
			ea.Trustee.ptstrName  = (LPTSTR) pSID;

			PACL pNewACL = NULL;
			SetEntriesInAcl(1, &ea, pOldACL, &pNewACL);

			SetSecurityInfo(hCurrentProcess, SE_KERNEL_OBJECT, DACL_SECURITY_INFORMATION,
							NULL, NULL, pNewACL, NULL);

			if (pSID) {
				FreeSid(pSID);
			}
			if (pNewACL) {
				LocalFree(pNewACL);
			}
		}

		CloseHandle(hCurrentProcess);

		if (pOldSD) {
			LocalFree(pOldSD);
		}

		// Create and initialize the default security descriptor
		// to be assigned to various IPC objects.
		//
		// WARNING!!! The absent DACL means full access granted
		// to everyone, this is a huge security risk!

		PSECURITY_DESCRIPTOR p_security_desc = static_cast<PSECURITY_DESCRIPTOR>(
			pool.allocate(SECURITY_DESCRIPTOR_MIN_LENGTH));

		attributes.nLength = sizeof(attributes);
		attributes.lpSecurityDescriptor = p_security_desc;
		attributes.bInheritHandle = TRUE;

		if (!InitializeSecurityDescriptor(p_security_desc, SECURITY_DESCRIPTOR_REVISION) ||
			!SetSecurityDescriptorDacl(p_security_desc, TRUE, NULL, FALSE))
		{
			pool.deallocate(p_security_desc);
			attributes.lpSecurityDescriptor = NULL;
		}
	}
Beispiel #21
0
HANDLE OpenClientProcess(DWORD processID)
{
    // tries to open the targeted process
    // note: don't use PROCESS_ALL_ACCESS
    HANDLE hProcess = OpenProcess(PROCESS_VM_OPERATION | PROCESS_VM_READ |
        PROCESS_VM_WRITE | PROCESS_QUERY_INFORMATION |
        PROCESS_CREATE_THREAD, FALSE, processID);
    // error?
    if (!hProcess)
    {
        if (GetLastError() == ERROR_ACCESS_DENIED)
        {
            printf("Process open is failed, ERROR_ACCESS_DENIED.\n");
            printf("Trying to override client's security descriptor (DACL) ");
            printf("and will try a re-open.\n");

            // clients before 12213 (this build doesn't contain) or
            // 11723 (don't have this WoW client so can't check)
            // override theirs security descriptor
            // (set flag PROTECTED_DACL_SECURITY_INFORMATION) so
            // the injector can't simply OpenProcess them
            //
            // because of this the injector modifies the
            // client's security descriptor (DACL) to the injector's one
            // so after that OpenProcess should work

            // "global" var which stores an error code
            DWORD error = 0;

            // ACL header
            PACL dacl;
            // that pointer contains the security descriptor
            PSECURITY_DESCRIPTOR securityDescriptor;

            // gets injector's security descriptor
            error = GetSecurityInfo(GetCurrentProcess(), SE_KERNEL_OBJECT, DACL_SECURITY_INFORMATION, NULL, NULL, &dacl, NULL, &securityDescriptor);
            if (error)
            {
                printf("ERROR: Can't get injector's security secriptor, ");
                printf("ErrorCode: %u\n", error);
                return NULL;
            }

            // tries again to open the client process but
            // only with an access wich can override its DACL
            hProcess = OpenProcess(WRITE_DAC, FALSE, processID);
            if (!hProcess)
            {
                LocalFree(securityDescriptor);
                printf("ERROR: Process open is failed with only ");
                printf("WRITE_DAC access, ErrorCode: %u\n", GetLastError());
                return NULL;
            }

            // overrides client's DACL with injector's DACL
            error = SetSecurityInfo(hProcess, SE_KERNEL_OBJECT, DACL_SECURITY_INFORMATION | UNPROTECTED_DACL_SECURITY_INFORMATION, 0, 0, dacl, 0);
            if (error)
            {
                LocalFree(securityDescriptor);
                CloseHandle(hProcess);
                printf("ERROR: Can't override client's DACL, ");
                printf("ErrorCode: %u\n", error);
                return NULL;
            }

            // release resources
            LocalFree(securityDescriptor);
            CloseHandle(hProcess);

            // now this should work
            hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, processID);
        }
        // error!
        if (!hProcess)
        {
            printf("ERROR: Process open is failed, ");
            printf("ErrorCode: %u\n", GetLastError());
            return NULL;
        }
    }
    return hProcess;
}
Beispiel #22
0
/*
 * ObjectDaclEntryAdd() -- add an access-control entry to an object's DACL.
 *
 *     Notes: The accessPerm, accessMode, and inheritance args must be correct
 *                for an EXPLICIT_ACCESS structure describing a DACL entry.
 *            Caller must have READ_CONTRL/WRITE_DAC rights for object handle.
 *
 * RETURN CODES: Win32 status code (ERROR_SUCCESS if succeeds)
 */
DWORD
ObjectDaclEntryAdd(HANDLE objectHandle, SE_OBJECT_TYPE objectType,
		   WELLKNOWN_TRUSTEE_ID trustee, DWORD accessPerm,
		   ACCESS_MODE accessMode, DWORD inheritance)
{
    DWORD status = ERROR_SUCCESS;
    PSID trusteeSidP;

    /* allocate SID for (well-known) trustee */

    if (trustee == WorldGroup) {
	if (!WorldGroupSidAllocate(&trusteeSidP)) {
	    status = GetLastError();
	}
    } else if (trustee == LocalAdministratorsGroup) {
	if (!LocalAdminsGroupSidAllocate(&trusteeSidP)) {
	    status = GetLastError();
	}
    } else {
	status = ERROR_INVALID_PARAMETER;
    }

    if (status == ERROR_SUCCESS) {
	EXPLICIT_ACCESS accessEntry;
	PACL curDaclP, newDaclP;
	PSECURITY_DESCRIPTOR secP;

	/* initialize access information for trustee */

	BuildExplicitAccessWithSid(&accessEntry, trusteeSidP, accessPerm,
				   accessMode, inheritance);

	/* get object's current DACL */

	status =
	    GetSecurityInfo(objectHandle, objectType,
			    DACL_SECURITY_INFORMATION, NULL, NULL, &curDaclP,
			    NULL, &secP);

	if (status == ERROR_SUCCESS) {
	    /* merge access information into current DACL to form new DACL */
	    status = SetEntriesInAcl(1, &accessEntry, curDaclP, &newDaclP);

	    if (status == ERROR_SUCCESS) {
		/* replace object's current DACL with newly formed DACL */

		/* MS SP4 introduced a bug into SetSecurityInfo() so that it
		 * no longer operates correctly with named pipes.  Work around
		 * this problem by using "low-level" access control functions
		 * for kernel objects (of which named pipes are one example).
		 */

		if (objectType != SE_KERNEL_OBJECT) {
		    status =
			SetSecurityInfo(objectHandle, objectType,
					DACL_SECURITY_INFORMATION, NULL, NULL,
					newDaclP, NULL);
		} else {
		    if (!SetSecurityDescriptorDacl
			(secP, TRUE, newDaclP, FALSE)
			|| !SetKernelObjectSecurity(objectHandle,
						    DACL_SECURITY_INFORMATION,
						    secP)) {
			status = GetLastError();
		    }
		}

		(void)LocalFree((HLOCAL) newDaclP);
	    }

	    (void)LocalFree((HLOCAL) secP);
	}

	FreeSid(trusteeSidP);
    }

    return status;
}
Beispiel #23
0
HANDLE GetProcessHandleWithEnoughRights(DWORD PID, DWORD AccessRights)
{
   HANDLE hProcess = ::OpenProcess(AccessRights, FALSE, PID);
   if (hProcess == NULL)
   {
      HANDLE hpWriteDAC = OpenProcess(WRITE_DAC, FALSE, PID);
      if (hpWriteDAC == NULL)
      {
      // hmm, we don't have permissions to modify the DACL...
      // time to take ownership...
         HANDLE htok;
         if (!OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY | TOKEN_ADJUST_PRIVILEGES, &htok))
            return(FALSE);

         TOKEN_PRIVILEGES tpOld;
         if (EnableTokenPrivilege(htok, SE_TAKE_OWNERSHIP_NAME, tpOld))
         {
         // SeTakeOwnershipPrivilege allows us to open objects with
         // WRITE_OWNER, but that's about it, so we'll update the owner,
         // and dup the handle so we can get WRITE_DAC permissions.
            HANDLE hpWriteOwner = OpenProcess(WRITE_OWNER, FALSE, PID);
            if (hpWriteOwner != NULL)
            {
               BYTE buf[512]; // this should always be big enough
               DWORD cb = sizeof buf;
               if (GetTokenInformation(htok, TokenUser, buf, cb, &cb))
               {
                  DWORD err = 
                     SetSecurityInfo( 
                        hpWriteOwner, 
                        SE_KERNEL_OBJECT,
                        OWNER_SECURITY_INFORMATION,
                        reinterpret_cast<TOKEN_USER*>(buf)->User.Sid,
                        0, 0, 0 
                        );
                  if (err == ERROR_SUCCESS)
                  {
                  // now that we're the owner, we've implicitly got WRITE_DAC
                  // permissions, so ask the system to reevaluate our request,
                  // giving us a handle with WRITE_DAC permissions
                     if (
                           !DuplicateHandle( 
                              GetCurrentProcess(), 
                              hpWriteOwner,
                              GetCurrentProcess(), 
                              &hpWriteDAC,
                              WRITE_DAC, FALSE, 0 
                              ) 
                        )
                     hpWriteDAC = NULL;
                  }
               }

            // don't forget to close handle
               ::CloseHandle(hpWriteOwner);
            }

         // not truly necessary in this app,
         // but included for completeness
            RestoreTokenPrivilege(htok, tpOld);
         }

      // don't forget to close the token handle
         ::CloseHandle(htok);
      }

      if (hpWriteDAC)
      {
      // we've now got a handle that allows us WRITE_DAC permission
         AdjustDacl(hpWriteDAC, AccessRights);

      // now that we've granted ourselves permission to access 
      // the process, ask the system to reevaluate our request,
      // giving us a handle with right permissions
         if (
               !DuplicateHandle( 
                  GetCurrentProcess(), 
                  hpWriteDAC,
                  GetCurrentProcess(), 
                  &hProcess,
                  AccessRights, 
                  FALSE, 
                  0 
                  ) 
               )
            hProcess = NULL;

         CloseHandle(hpWriteDAC);
      }
   }

   return(hProcess);
}
HRESULT CSecurityInformation::SetSecurity(
			SECURITY_INFORMATION SecurityInformation,
			PSECURITY_DESCRIPTOR pSecurityDescriptor)
{
	HRESULT hr = 1;

	// Get the Dacl
	PACL pDACL = NULL;
	BOOL fPresent, fDefaulted;
	GetSecurityDescriptorDacl(pSecurityDescriptor, &fPresent, &pDACL, &fDefaulted);

	// Get the SACL
	PACL pSACL = NULL;
	GetSecurityDescriptorSacl(pSecurityDescriptor, &fPresent, &pSACL, &fDefaulted);

	// Get the owner
	PSID psidOwner = NULL;
	GetSecurityDescriptorOwner(pSecurityDescriptor, &psidOwner, &fDefaulted);

	// Get the group
	PSID psidGroup = NULL;
	GetSecurityDescriptorOwner(pSecurityDescriptor, &psidGroup, &fDefaulted);

	// Find out if DACL and SACL inherit from parent objects
	SECURITY_DESCRIPTOR_CONTROL sdCtrl = NULL;
	ULONG ulRevision;
	GetSecurityDescriptorControl(pSecurityDescriptor, &sdCtrl, &ulRevision);

	if ((sdCtrl & SE_DACL_PROTECTED) != SE_DACL_PROTECTED)
		SecurityInformation  |= UNPROTECTED_DACL_SECURITY_INFORMATION;
	else
		SecurityInformation  |= PROTECTED_DACL_SECURITY_INFORMATION;

	if ((sdCtrl & SE_SACL_PROTECTED) != SE_SACL_PROTECTED)
		SecurityInformation  |= UNPROTECTED_SACL_SECURITY_INFORMATION;
	else
		SecurityInformation  |= PROTECTED_SACL_SECURITY_INFORMATION;

	// Set the security
	ULONG lErr;
	if (m_Info.m_szName[0] != 0) // Is it named
	{
		lErr = SetNamedSecurityInfo(m_Info.m_szName, 
					m_Type.m_objSecurType, SecurityInformation, psidOwner, 
					psidGroup, pDACL, pSACL);
	}
	else
	{
		// Is it a handle case
		lErr = SetSecurityInfo(m_Info.m_hHandle, m_Type.m_objSecurType,
					SecurityInformation, psidOwner, psidGroup, pDACL, pSACL);
	}

	// Report error
	if (lErr != ERROR_SUCCESS)
	{
		MessageBox(NULL,
			TEXT("An error occurred saving security information for this object,\n")
			TEXT("possibly due to insufficient access rights.\n"),
			TEXT("Security Notice"), MB_OK);
	}
	else
	{
		hr = S_OK;
	}

	return(hr);
}