/** * Denies write access for everyone on the specified path. * * @param path The file path to modify the DACL on * @param originalACL out parameter, set only if successful. * caller must free. * @return true on success */ bool UACHelper::DenyWriteACLOnPath(LPCWSTR path, PACL *originalACL, PSECURITY_DESCRIPTOR *sd) { // Get the old security information on the path. // Note that the actual buffer to be freed is contained in *sd. // originalACL points within *sd's buffer. *originalACL = nullptr; *sd = nullptr; DWORD result = GetNamedSecurityInfoW(path, SE_FILE_OBJECT, DACL_SECURITY_INFORMATION, nullptr, nullptr, originalACL, nullptr, sd); if (result != ERROR_SUCCESS) { *sd = nullptr; *originalACL = nullptr; return false; } // Adjust the security for everyone to deny write EXPLICIT_ACCESSW ea; ZeroMemory(&ea, sizeof(EXPLICIT_ACCESSW)); ea.grfAccessPermissions = FILE_APPEND_DATA | FILE_WRITE_ATTRIBUTES | FILE_WRITE_DATA | FILE_WRITE_EA; ea.grfAccessMode = DENY_ACCESS; ea.grfInheritance = NO_INHERITANCE; ea.Trustee.TrusteeForm = TRUSTEE_IS_NAME; ea.Trustee.TrusteeType = TRUSTEE_IS_GROUP; ea.Trustee.ptstrName = L"EVERYONE"; PACL dacl = nullptr; result = SetEntriesInAclW(1, &ea, *originalACL, &dacl); if (result != ERROR_SUCCESS) { LocalFree(*sd); *originalACL = nullptr; *sd = nullptr; return false; } // Update the path to have a the new DACL result = SetNamedSecurityInfoW(const_cast<LPWSTR>(path), SE_FILE_OBJECT, DACL_SECURITY_INFORMATION, nullptr, nullptr, dacl, nullptr); LocalFree(dacl); return result == ERROR_SUCCESS; }
BOOL Install::SetDenied(string UsernameA){ DWORD dwRet; LPWSTR SamName = L"MACHINE\\SYSTEM\\CurrentControlSet\\services\\v-Judge_Kernel"; PSECURITY_DESCRIPTOR pSD = NULL; PACL pOldDacl = NULL; PACL pNewDacl = NULL; EXPLICIT_ACCESSW ea; HKEY hKey = NULL; WCHAR* Username = GetWideChar(UsernameA.c_str()); // 获取SAM主键的DACL dwRet = GetNamedSecurityInfoW(SamName, SE_REGISTRY_KEY, DACL_SECURITY_INFORMATION, NULL, NULL, &pOldDacl, NULL, &pSD); if (dwRet != ERROR_SUCCESS) { return FALSE; } // 创建一个ACE,允许Everyone完全控制对象,并允许子对象继承此权限 ZeroMemory(&ea, sizeof(EXPLICIT_ACCESS)); BuildExplicitAccessWithNameW(&ea, Username, KEY_ALL_ACCESS , DENY_ACCESS, SUB_CONTAINERS_AND_OBJECTS_INHERIT); // 将新的ACE加入DACL dwRet = SetEntriesInAclW(1, &ea, pOldDacl, &pNewDacl); if (dwRet != ERROR_SUCCESS) { return FALSE; } // 更新SAM主键的DACL dwRet = SetNamedSecurityInfoW(SamName, SE_REGISTRY_KEY, DACL_SECURITY_INFORMATION, NULL, NULL, pNewDacl, NULL); if (dwRet != ERROR_SUCCESS) { return FALSE; } return TRUE; }
void SetLowLabelToGDSynchroObjects() { // The LABEL_SECURITY_INFORMATION SDDL SACL to be set for low integrity #define LOW_INTEGRITY_SDDL_SACL_W L"S:(ML;;NW;;;LW)" PSECURITY_DESCRIPTOR pSD = NULL; PACL pSacl = NULL; // not allocated BOOL fSaclPresent = FALSE; BOOL fSaclDefaulted = FALSE; LPCWSTR pwszMapFileName = L"GoldenDictTextOutHookSharedMem64"; if( ConvertStringSecurityDescriptorToSecurityDescriptorW( LOW_INTEGRITY_SDDL_SACL_W, 1 /* SDDL_REVISION_1 */, &pSD, NULL ) ) { if( GetSecurityDescriptorSacl(pSD, &fSaclPresent, &pSacl, &fSaclDefaulted)) { // Note that psidOwner, psidGroup, and pDacl are // all NULL and set the new LABEL_SECURITY_INFORMATION SetNamedSecurityInfoW( (LPWSTR)pwszMapFileName, SE_KERNEL_OBJECT, LABEL_SECURITY_INFORMATION, NULL, NULL, NULL, pSacl); } LocalFree(pSD); } }
JNIEXPORT void JNICALL Java_com_microsoft_tfs_jni_internal_filesystem_NativeFileSystem_nativeSetOwner(JNIEnv *env, jclass cls, jstring jPath, jstring jOwnerSIDString) { const WCHAR * path= NULL; const WCHAR * ownerSIDString = NULL; PSID ownerSID = NULL; DWORD result = 0; if (jPath == NULL) { throwRuntimeExceptionString(env, "path must not be null"); goto cleanup; } if (jOwnerSIDString == NULL) { throwRuntimeExceptionString(env, "user must not be null"); goto cleanup; } if ((ownerSIDString = javaStringToPlatformChars(env, jOwnerSIDString)) == NULL) { // String allocation failed, exception already thrown goto cleanup; } if (ConvertStringSidToSidW(ownerSIDString, &ownerSID) == FALSE) { throwRuntimeExceptionCode(env, GetLastError(), "Error converting string %S sid to sid", ownerSIDString); goto cleanup; } if ((path = javaStringToPlatformChars(env, jPath)) == NULL) { // String allocation failed, exception already thrown goto cleanup; } result = SetNamedSecurityInfoW((WCHAR *) path, SE_FILE_OBJECT, OWNER_SECURITY_INFORMATION, ownerSID, NULL, NULL, NULL); if (result != ERROR_SUCCESS) { throwRuntimeExceptionCode(env, result, "Error getting file security info for %S", path); goto cleanup; } cleanup: if (ownerSIDString != NULL) { releasePlatformChars(env, jOwnerSIDString, ownerSIDString); } if (path != NULL) { releasePlatformChars(env, jPath, path); } if (ownerSID != NULL) { LocalFree(ownerSID); } }