inline HRESULT RegisterAppId(bool bService = false) throw()
{
if (!Uninstall())
return E_FAIL;
HRESULT hr = UpdateRegistryAppId(TRUE);
if (FAILED(hr))
return hr;
CRegKey keyAppID;
LONG lRes = keyAppID.Open(HKEY_CLASSES_ROOT, _T("AppID"), KEY_WRITE);
if (lRes != ERROR_SUCCESS)
return AtlHresultFromWin32(lRes);
CRegKey key;
lRes = key.Create(keyAppID, GetAppIdT());
if (lRes != ERROR_SUCCESS)
return AtlHresultFromWin32(lRes);
key.DeleteValue(_T("LocalService"));
if (!bService)
return S_OK;
key.SetStringValue(_T("LocalService"), m_szServiceName);
// change LaunchACL and AccessACL,so that no "Administrator" privileges is need.
//S-1-5-32-545 is USERS's SID
TCHAR szUsersSID[] = _T("S-1-5-32-545");
DWORD error = ChangeAppIDLaunchACL(GetAppIdT(),szUsersSID,true,true,COM_RIGHTS_ACTIVATE_LOCAL);
if(error){
DebugOutF(filelog::log_error,"ChangeAppIDLaunchACL failed with %d",error);
}
error = ChangeAppIDAccessACL(GetAppIdT(),szUsersSID,true,true,COM_RIGHTS_EXECUTE_LOCAL);
if(error){
DebugOutF(filelog::log_error,"ChangeAppIDAccessACL failed with %d",error);
}
// Create service
if (!Install())
return E_FAIL;
return S_OK;
}
/////////////////////////////////////////////////////////////////////
//
// Function:
//
// Description:
//
/////////////////////////////////////////////////////////////////////
UINT CAGrantBOINCAdminsVirtualBoxRights::OnExecution()
{
ChangeAppIDAccessACL(
_T("{819B4D85-9CEE-493C-B6FC-64FFE759B3C9}"),
_T("boinc_admins"),
TRUE,
TRUE
);
ChangeAppIDLaunchACL(
_T("{819B4D85-9CEE-493C-B6FC-64FFE759B3C9}"),
_T("boinc_admins"),
TRUE,
TRUE
);
return ERROR_SUCCESS;
}
void
HandleAAOption (
int argc,
TCHAR **argv
)
{
DWORD returnValue;
HKEY registryKey;
TCHAR appid [256];
TCHAR keyName [256];
if (argc < 4)
ShowUsage (TEXT("Invalid number of arguments."));
if (_tcscmp (_tcsupr (argv[3]), TEXT("LIST")) == 0)
{
if (argc < 4)
ShowUsage (TEXT("Invalid number of arguments."));
_tprintf (TEXT("Access permission list for AppID %s:\n\n"), argv[2]);
ListAppIDAccessACL (argv[2]);
return;
}
if (_tcscmp (_tcsupr (argv[3]), TEXT("DEFAULT")) == 0)
{
if (argv [2][0] == '{')
wsprintf (appid, TEXT("%s"), argv [2]); else
wsprintf (appid, TEXT("{%s}"), argv [2]);
wsprintf (keyName, TEXT("APPID\\%s"), appid);
returnValue = RegOpenKeyEx (HKEY_CLASSES_ROOT, keyName, 0, KEY_ALL_ACCESS, ®istryKey);
if (returnValue != ERROR_SUCCESS && returnValue != ERROR_FILE_NOT_FOUND)
Error (TEXT("ERROR: Cannot open AppID registry key."), returnValue);
returnValue = RegDeleteValue (registryKey, TEXT("AccessPermission"));
if (returnValue != ERROR_SUCCESS && returnValue != ERROR_FILE_NOT_FOUND)
Error (TEXT("ERROR: Cannot delete AccessPermission value."), returnValue);
RegCloseKey (registryKey);
return;
}
if (argc < 5)
ShowUsage (TEXT("Invalid number of arguments."));
if (_tcscmp (_tcsupr (argv [3]), TEXT("SET")) == 0)
{
if (argc < 6)
ShowUsage (TEXT("Invalid number of arguments."));
if (_tcscmp (_tcsupr (argv [5]), TEXT("PERMIT")) == 0)
returnValue = ChangeAppIDAccessACL (argv[2], argv [4], TRUE, TRUE); else
if (_tcscmp (_tcsupr (argv [5]), TEXT("DENY")) == 0)
returnValue = ChangeAppIDAccessACL (argv[2], argv [4], TRUE, FALSE); else
{
ShowUsage (TEXT("You can only set a user's permissions to \"permit\" or \"deny\".\n\n"));
}
if (returnValue != ERROR_SUCCESS)
Error (TEXT("ERROR: Cannot add user to application access ACL."), returnValue);
} else
if (_tcscmp (_tcsupr (argv [3]), TEXT("REMOVE")) == 0)
{
returnValue = ChangeAppIDAccessACL (argv[2], argv[4], FALSE, FALSE);
if (returnValue != ERROR_SUCCESS)
Error (TEXT("ERROR: Cannot remove user from application access ACL."), returnValue);
} else
ShowUsage (TEXT("You can only \"set\" or \"remove\" a user."));
}
void HandleApplicationAccessOption (
int cArgs,
TCHAR **pptszArgv
)
{
DWORD dwReturnValue = ERROR_SUCCESS;
HKEY hkeyRegistry = NULL;
TCHAR tszAppID [SIZE_NAME_BUFFER] = {0};
TCHAR tszKeyName [SIZE_NAME_BUFFER] = {0};
DWORD dwAccessMask = COM_RIGHTS_EXECUTE;
if (cArgs < 4)
ShowUsage (_T("Invalid number of arguments."));
if (_tcsicmp (pptszArgv[3], _T("LIST")) == 0)
{
if (cArgs < 4) ShowUsage (_T("Invalid number of arguments."));
_tprintf (_T("Access permission list for AppID %s:\n\n"), pptszArgv[2]);
ListAppIDAccessACL (pptszArgv[2]);
return;
}
if (_tcsicmp (pptszArgv[3], _T("DEFAULT")) == 0)
{
_stprintf_s (tszAppID, RTL_NUMBER_OF(tszAppID), pptszArgv [2][0] == '{' ? _T("%s") : _T("{%s}"), pptszArgv [2]);
_stprintf_s (tszKeyName, RTL_NUMBER_OF(tszKeyName), _T("APPID\\%s"), tszAppID);
dwReturnValue = RegOpenKeyEx (HKEY_CLASSES_ROOT, tszKeyName, 0, KEY_ALL_ACCESS, &hkeyRegistry);
if (dwReturnValue != ERROR_SUCCESS && dwReturnValue != ERROR_FILE_NOT_FOUND)
{
Error (_T("ERROR: Cannot open AppID registry key."), dwReturnValue);
}
dwReturnValue = RegDeleteValue (hkeyRegistry, _T("AccessPermission"));
if (dwReturnValue != ERROR_SUCCESS && dwReturnValue != ERROR_FILE_NOT_FOUND)
{
Error (_T("ERROR: Cannot delete AccessPermission value."), dwReturnValue);
}
if(hkeyRegistry) RegCloseKey (hkeyRegistry);
_tprintf (_T("Successfully set the Application Access to the machine default.\n"));
return;
}
if (cArgs < 5) ShowUsage (_T("Invalid number of arguments."));
if (_tcsicmp (pptszArgv [3], _T("SET")) == 0)
{
if (cArgs < 6) ShowUsage (_T("Invalid number of arguments."));
if(cArgs == 7)
{
SetAccessMaskFromCommandLine(pptszArgv[6], &dwAccessMask, SDTYPE_APPLICATION_ACCESS);
}
else if(!IsLegacySecurityModel())
{
_tprintf (_T("WARNING: Default access flags designated on a system with an enhanced security model.\n"));
}
if (_tcsicmp (pptszArgv [5], _T("PERMIT")) == 0)
{
dwReturnValue = ChangeAppIDAccessACL (pptszArgv[2], pptszArgv [4], TRUE, TRUE, dwAccessMask);
}
else if (_tcsicmp (pptszArgv [5], _T("DENY")) == 0)
{
dwReturnValue = ChangeAppIDAccessACL (pptszArgv[2], pptszArgv [4], TRUE, FALSE, dwAccessMask);
}
else
{
ShowUsage (_T("You can only set a user's permissions to \"permit\" or \"deny\".\n\n"));
}
if (dwReturnValue != ERROR_SUCCESS)
{
Error (_T("ERROR: Cannot add user to application access ACL."), dwReturnValue);
}
}
else if (_tcsicmp (pptszArgv [3], _T("REMOVE")) == 0)
{
dwReturnValue = ChangeAppIDAccessACL (pptszArgv[2], pptszArgv[4], FALSE, FALSE, dwAccessMask);
if (dwReturnValue != ERROR_SUCCESS)
{
Error (_T("ERROR: Cannot remove user from application access ACL."), dwReturnValue);
}
}
else
{
ShowUsage (_T("You can only \"set\" or \"remove\" a user."));
}
_tprintf (_T("Successfully set the Application Access ACL.\n"));
ListAppIDAccessACL(pptszArgv[2]);
}
