inline HRESULT RegisterAppId(bool bService = false) throw() { if (!Uninstall()) return E_FAIL; HRESULT hr = UpdateRegistryAppId(TRUE); if (FAILED(hr)) return hr; CRegKey keyAppID; LONG lRes = keyAppID.Open(HKEY_CLASSES_ROOT, _T("AppID"), KEY_WRITE); if (lRes != ERROR_SUCCESS) return AtlHresultFromWin32(lRes); CRegKey key; lRes = key.Create(keyAppID, GetAppIdT()); if (lRes != ERROR_SUCCESS) return AtlHresultFromWin32(lRes); key.DeleteValue(_T("LocalService")); if (!bService) return S_OK; key.SetStringValue(_T("LocalService"), m_szServiceName); // change LaunchACL and AccessACL,so that no "Administrator" privileges is need. //S-1-5-32-545 is USERS's SID TCHAR szUsersSID[] = _T("S-1-5-32-545"); DWORD error = ChangeAppIDLaunchACL(GetAppIdT(),szUsersSID,true,true,COM_RIGHTS_ACTIVATE_LOCAL); if(error){ DebugOutF(filelog::log_error,"ChangeAppIDLaunchACL failed with %d",error); } error = ChangeAppIDAccessACL(GetAppIdT(),szUsersSID,true,true,COM_RIGHTS_EXECUTE_LOCAL); if(error){ DebugOutF(filelog::log_error,"ChangeAppIDAccessACL failed with %d",error); } // Create service if (!Install()) return E_FAIL; return S_OK; }
///////////////////////////////////////////////////////////////////// // // Function: // // Description: // ///////////////////////////////////////////////////////////////////// UINT CAGrantBOINCAdminsVirtualBoxRights::OnExecution() { ChangeAppIDAccessACL( _T("{819B4D85-9CEE-493C-B6FC-64FFE759B3C9}"), _T("boinc_admins"), TRUE, TRUE ); ChangeAppIDLaunchACL( _T("{819B4D85-9CEE-493C-B6FC-64FFE759B3C9}"), _T("boinc_admins"), TRUE, TRUE ); return ERROR_SUCCESS; }
void HandleALOption ( int argc, TCHAR **argv ) { DWORD returnValue; HKEY registryKey; TCHAR appid [256]; TCHAR keyName [256]; if (argc < 4) ShowUsage (TEXT("Invalid number of arguments.")); if (_tcscmp (_tcsupr (argv[3]), TEXT("LIST")) == 0) { if (argc < 4) ShowUsage (TEXT("Invalid number of arguments.\n")); _tprintf (TEXT("Launch permission list for AppID %s:\n\n"), argv[2]); ListAppIDLaunchACL (argv[2]); return; } if (_tcscmp (_tcsupr (argv[3]), TEXT("DEFAULT")) == 0) { if (argv [2][0] == '{') wsprintf (appid, TEXT("%s"), argv [2]); else wsprintf (appid, TEXT("{%s}"), argv [2]); wsprintf (keyName, TEXT("APPID\\%s"), appid); returnValue = RegOpenKeyEx (HKEY_CLASSES_ROOT, keyName, 0, KEY_ALL_ACCESS, ®istryKey); if (returnValue != ERROR_SUCCESS && returnValue != ERROR_FILE_NOT_FOUND) Error (TEXT("ERROR: Cannot open AppID registry key."), returnValue); returnValue = RegDeleteValue (registryKey, TEXT("LaunchPermission")); if (returnValue != ERROR_SUCCESS && returnValue != ERROR_FILE_NOT_FOUND) Error (TEXT("ERROR: Cannot delete LaunchPermission value."), returnValue); RegCloseKey (registryKey); return; } if (argc < 5) ShowUsage (TEXT("Invalid number of arguments.")); if (_tcscmp (_tcsupr (argv [3]), TEXT("SET")) == 0) { if (argc < 6) ShowUsage (TEXT("Invalid number of arguments.")); if (_tcscmp (_tcsupr (argv [5]), TEXT("PERMIT")) == 0) returnValue = ChangeAppIDLaunchACL (argv[2], argv [4], TRUE, TRUE); else if (_tcscmp (_tcsupr (argv [5]), TEXT("DENY")) == 0) returnValue = ChangeAppIDLaunchACL (argv[2], argv [4], TRUE, FALSE); else { ShowUsage (TEXT("You can only set a user's permissions to \"permit\" or \"deny\".\n\n")); } if (returnValue != ERROR_SUCCESS) Error (TEXT("ERROR: Cannot add user to application launch ACL."), returnValue); } else if (_tcscmp (_tcsupr (argv [3]), TEXT("REMOVE")) == 0) { returnValue = ChangeAppIDLaunchACL (argv[2], argv[4], FALSE, FALSE); if (returnValue != ERROR_SUCCESS) Error (TEXT("ERROR: Cannot remove user from application launch ACL."), returnValue); } else ShowUsage (TEXT("You can only \"set\" or \"remove\" a user.")); }