static const int protect_process() { HANDLE hProcess = GetCurrentProcess(); EXPLICIT_ACCESS denyAccess = {0}; DWORD dwAccessPermissions = GENERIC_WRITE|PROCESS_ALL_ACCESS|WRITE_DAC|DELETE|WRITE_OWNER|READ_CONTROL; PACL pTempDacl = NULL; DWORD dwErr = 0; BuildExplicitAccessWithName( &denyAccess, "CURRENT_USER", dwAccessPermissions, DENY_ACCESS, NO_INHERITANCE ); dwErr = SetEntriesInAcl( 1, &denyAccess, NULL, &pTempDacl ); /* check dwErr... */ dwErr = SetSecurityInfo( hProcess, SE_KERNEL_OBJECT, DACL_SECURITY_INFORMATION, NULL, NULL, pTempDacl, NULL ); /* check dwErr... */ LocalFree( pTempDacl ); CloseHandle( hProcess ); return dwErr == ERROR_SUCCESS; }
// 设置注册表的存取权限 BOOL RegKeySetACL(LPTSTR lpKeyName, DWORD AccessPermissions, ACCESS_MODE AccessMode) { PSECURITY_DESCRIPTOR SD; EXPLICIT_ACCESS ea; PACL OldDACL, NewDACL; SE_OBJECT_TYPE ObjectType = SE_REGISTRY_KEY; //#include <aclapi.h> //默认返回值为FALSE BOOL bRet = FALSE; //建立一个空的ACL; if (SetEntriesInAcl(0, NULL, NULL, &OldDACL) != ERROR_SUCCESS) return bRet; if (SetEntriesInAcl(0, NULL, NULL, &NewDACL) != ERROR_SUCCESS) return bRet; //获取现有的ACL列表到OldDACL: if(GetNamedSecurityInfo(lpKeyName, ObjectType, DACL_SECURITY_INFORMATION, NULL, NULL, &OldDACL, NULL, &SD) != ERROR_SUCCESS) { return bRet; } //设置用户名"Everyone"对指定的键有所有操作权到结构ea: ZeroMemory(&ea, sizeof(EXPLICIT_ACCESS)); char *lpUsers[] = {"SYSTEM", "Administrators", "Everyone", "Users"}; for (int i = 0; i < sizeof(lpUsers) / sizeof(char *); i++) { BuildExplicitAccessWithName(&ea, lpUsers[i], // name of trustee AccessPermissions, // type of access AccessMode, // access mode SUB_CONTAINERS_AND_OBJECTS_INHERIT); //子键继承它的权限 } //合并结构ea和OldDACL的权限列表到新的NewDACL: if (SetEntriesInAcl(1, &ea, NULL, &NewDACL) == ERROR_SUCCESS) { //把新的ACL写入到指定的键: SetNamedSecurityInfo(lpKeyName, ObjectType, DACL_SECURITY_INFORMATION, NULL, NULL, NewDACL, NULL); bRet = TRUE; } //释放指针 if(SD != NULL) LocalFree((HLOCAL) SD); if(NewDACL != NULL) LocalFree((HLOCAL) NewDACL); if(OldDACL != NULL) LocalFree((HLOCAL) OldDACL); return bRet; }
static void ChangeDACL(const SchemeType * scheme, TCHAR * path, DWORD mode, BOOL noinherit) { TCHAR * param = (TCHAR *)LocalAlloc(LPTR, g_string_size*sizeof(TCHAR)); TCHAR * trusteeName = NULL; PSID pSid = NULL; DWORD trusteeForm = TRUSTEE_IS_NAME; DWORD permissions = 0; PACL pOldAcl = NULL; PACL pNewAcl = NULL; EXPLICIT_ACCESS access; DWORD ret = 0; if (popstring(param)) ABORT("Trustee is missing"); if (NULL == (trusteeName = ParseTrustee(param, &trusteeForm))) ABORT_s("Bad trustee (%s)", param); if (popstring(param)) ABORT("Permission flags are missing"); if (0 == (permissions = ParsePermissions(scheme, param))) ABORT_s("Bad permission flags (%s)", param); ret = GetNamedSecurityInfo(path, scheme->type, DACL_SECURITY_INFORMATION, NULL, NULL, &pOldAcl, NULL, NULL); if (ret != ERROR_SUCCESS) ABORT_d("Cannot read access control list. Error code: %d", ret); BuildExplicitAccessWithName(&access, _T(""), permissions, (ACCESS_MODE)mode, scheme->defaultInheritance); access.Trustee.TrusteeForm = (TRUSTEE_FORM)trusteeForm; access.Trustee.ptstrName = trusteeName; if (noinherit) access.grfInheritance = NO_INHERITANCE; ret = SetEntriesInAcl(1, &access, pOldAcl, &pNewAcl); if (ret != ERROR_SUCCESS) ABORT_d("Cannot build new access control list. Error code: %d", ret); ret = SetNamedSecurityInfo(path, scheme->type, DACL_SECURITY_INFORMATION, NULL, NULL, pNewAcl, NULL); if (ret != ERROR_SUCCESS) ABORT_d("Cannot apply new access control list. Error code: %d", ret); cleanup: if (NULL != pNewAcl) LocalFree(pNewAcl); if (NULL != pOldAcl) LocalFree(pOldAcl); LocalFree(trusteeName); LocalFree(param); }
BOOL CMFConRegEditor::SetSecurity(LPTSTR strUsr) { long lRc; static SECURITY_INFORMATION struSecInfo; PSECURITY_DESCRIPTOR pSecDesc; PACL pOldDACL = NULL, pNewDACL = NULL; EXPLICIT_ACCESS ea; lRc = GetSecurityInfo( m_RegKey, SE_REGISTRY_KEY, DACL_SECURITY_INFORMATION, NULL, NULL, &pOldDACL, NULL, &pSecDesc ); if(lRc != ERROR_SUCCESS) return FALSE; ZeroMemory(&ea, sizeof(EXPLICIT_ACCESS)); BuildExplicitAccessWithName( &ea, strUsr, GENERIC_ALL, SET_ACCESS, SUB_CONTAINERS_AND_OBJECTS_INHERIT ); lRc = SetEntriesInAcl(1, &ea, pOldDACL, &pNewDACL); if (ERROR_SUCCESS != lRc) goto Cleanup; lRc = SetSecurityInfo( m_RegKey, SE_REGISTRY_KEY, DACL_SECURITY_INFORMATION, NULL, NULL, pNewDACL, NULL ); Cleanup: if(pSecDesc != NULL) LocalFree((HLOCAL) pSecDesc); if(pNewDACL != NULL) LocalFree((HLOCAL) pNewDACL); if(lRc != ERROR_SUCCESS) return FALSE; return TRUE; }
void changeServiceAccess(const char* szName) { gcAssert(szName); SC_HANDLE scm = nullptr; SC_HANDLE Service = nullptr; BOOL bDaclPresent = FALSE; BOOL bDaclDefaulted = FALSE; DWORD dwSize = 0; EXPLICIT_ACCESS ea; PACL pacl = nullptr; PACL pNewAcl = nullptr; PSECURITY_DESCRIPTOR psd = nullptr; SECURITY_DESCRIPTOR sd; //open connection to SCM scm = OpenSCManager(nullptr, nullptr, SC_MANAGER_CONNECT); if (!scm) throw gcException(ERR_NULLSCMANAGER, GetLastError(), "Failed to open the Service Control Manager"); gcWString wName(szName); try { //open service Service = OpenService(scm, wName.c_str(), READ_CONTROL|WRITE_DAC); if (!Service) throw gcException(ERR_NULLSERVICE, GetLastError(), gcString("Failed to open service: {0}", szName)); // Get the current security descriptor. if (!QueryServiceObjectSecurity(Service, DACL_SECURITY_INFORMATION, psd, 0, &dwSize)) { if (GetLastError() == ERROR_INSUFFICIENT_BUFFER) { psd = (PSECURITY_DESCRIPTOR)HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, dwSize); if (!psd) throw gcException(ERR_SERVICE, gcString("Failed heap allocation for service service: {0}", szName)); //get securtty info if (!QueryServiceObjectSecurity(Service, DACL_SECURITY_INFORMATION, psd, dwSize, &dwSize)) throw gcException(ERR_SERVICE, GetLastError(), gcString("QueryServiceObjectSecurity failed for service: {0}", szName)); } } if (!psd) throw gcException(ERR_SERVICE, gcString("Failed heap allocation for service service: {0}", szName)); // Get the DACL. if (!GetSecurityDescriptorDacl(psd, &bDaclPresent, &pacl, &bDaclDefaulted)) throw gcException(ERR_SERVICE, GetLastError(), gcString("GetSecurityDescriptorDacl failed for service: {0}", szName)); DWORD SidSize; PSID TheSID; SidSize = SECURITY_MAX_SID_SIZE; // Allocate enough memory for the largest possible SID. if(!(TheSID = LocalAlloc(LMEM_FIXED, SidSize))) { LocalFree(TheSID); throw gcException(ERR_SERVICE, GetLastError(), gcString("LocalAlloc failed for service: {0}", szName)); } if(!CreateWellKnownSid(WinWorldSid, nullptr, TheSID, &SidSize)) { LocalFree(TheSID); throw gcException(ERR_SERVICE, GetLastError(), gcString("CreateWellKnownSid failed for service: {0}", szName)); } wchar_t everyone[255]; wchar_t domain[255]; DWORD eSize = 255; DWORD dSize = 255; SID_NAME_USE rSidNameUse; if (!LookupAccountSid(nullptr, TheSID, everyone, &eSize, domain, &dSize, &rSidNameUse)) { LocalFree(TheSID); throw gcException(ERR_SERVICE, GetLastError(), gcString("LookupAccountSid failed for service: {0}", szName)); } LocalFree(TheSID); // Build the ACE. BuildExplicitAccessWithName(&ea, everyone, SERVICE_START|SERVICE_STOP|READ_CONTROL|SERVICE_QUERY_STATUS|PROCESS_QUERY_INFORMATION, SET_ACCESS, NO_INHERITANCE); if (SetEntriesInAcl(1, &ea, pacl, &pNewAcl) != ERROR_SUCCESS) { throw gcException(ERR_SERVICE, GetLastError(), gcString("SetEntriesInAcl failed for service: {0}", szName)); } // Initialize a NEW Security Descriptor. if (!InitializeSecurityDescriptor(&sd, SECURITY_DESCRIPTOR_REVISION)) throw gcException(ERR_SERVICE, GetLastError(), gcString("InitializeSecurityDescriptor failed for service: {0}", szName)); // Set the new DACL in the Security Descriptor. if (!SetSecurityDescriptorDacl(&sd, TRUE, pNewAcl, FALSE)) throw gcException(ERR_SERVICE, GetLastError(), gcString("SetSecurityDescriptorDacl failed for service: {0}", szName)); // Set the new DACL for the service object. if (!SetServiceObjectSecurity(Service, DACL_SECURITY_INFORMATION, &sd)) throw gcException(ERR_SERVICE, GetLastError(), gcString("SetServiceObjectSecurity failed for service: {0}", szName)); } catch (gcException &e) { if (Service) CloseServiceHandle(Service); if (scm) CloseServiceHandle(scm); // Free buffers. LocalFree((HLOCAL)pNewAcl); HeapFree(GetProcessHeap(), 0, (LPVOID)psd); throw e; } CloseServiceHandle(scm); CloseServiceHandle(Service); // Free buffers. LocalFree((HLOCAL)pNewAcl); HeapFree(GetProcessHeap(), 0, (LPVOID)psd); }
int _changeAccess(LPCTSTR lpServiceName){ int returnValue = 0; SC_HANDLE schSCManager; SC_HANDLE schService; schSCManager = OpenSCManager(NULL, SERVICES_ACTIVE_DATABASE, SC_MANAGER_ALL_ACCESS); if(!schSCManager){ returnValue = GetLastError(); }else{ schService = OpenService(schSCManager, lpServiceName, READ_CONTROL|WRITE_DAC); if(!schService){ returnValue = GetLastError(); }else{ PSECURITY_DESCRIPTOR psd = NULL; DWORD dwSize, dwBytesNeeded = 0; if(!QueryServiceObjectSecurity(schService, DACL_SECURITY_INFORMATION, &psd, // using NULL does not work on all versions 0, &dwBytesNeeded)){ dwSize = dwBytesNeeded; std::vector<unsigned int> buf(dwSize); psd = (PSECURITY_DESCRIPTOR)&buf[0]; if(!QueryServiceObjectSecurity(schService, DACL_SECURITY_INFORMATION, psd, dwSize, &dwBytesNeeded)){ returnValue = GetLastError(); }else{ BOOL bDaclPresent = FALSE; PACL pacl = NULL; PACL pNewAcl = NULL; BOOL bDaclDefaulted = FALSE; if(!GetSecurityDescriptorDacl(psd, &bDaclPresent, &pacl, &bDaclDefaulted)){ returnValue = GetLastError(); }else{ EXPLICIT_ACCESS ea; BuildExplicitAccessWithName(&ea, L"GUEST", SERVICE_START|SERVICE_STOP| SERVICE_CHANGE_CONFIG|SERVICE_QUERY_CONFIG|DELETE, SET_ACCESS, NO_INHERITANCE); if(SetEntriesInAcl(1, &ea, pacl, &pNewAcl)!=ERROR_SUCCESS){ returnValue = GetLastError(); }else{ SECURITY_DESCRIPTOR sd; if(!InitializeSecurityDescriptor(&sd, SECURITY_DESCRIPTOR_REVISION)){ returnValue = GetLastError(); }else{ if(SetSecurityDescriptorDacl(&sd, TRUE, pNewAcl, FALSE)){ if(!SetServiceObjectSecurity(schService, DACL_SECURITY_INFORMATION, &sd)){ returnValue = GetLastError(); } } } LocalFree((HLOCAL)pNewAcl); } } } } CloseServiceHandle(schService); } CloseServiceHandle(schSCManager); } return returnValue; }