==============================ModuleJ===================================== | | | The program examples' source codes have been arranged in the same | | order that appeared in the Tutorial. This is unedited and unverified | | compilation. Published as is basis for educational, reacretional and | | brain teaser purposes. All trademarks, copyrights and IPs, wherever | | exist, are the sole property of their respective owner and/or | | holder. Any damage or loss by using the materials presented in this | | tutorial is USER responsibility. Part or full distribution, | | reproduction and modification is granted to any body. | | Copyright 2003-2005 © Tenouk, Inc. All rights reserved. | | Distributed through http://www.tenouk.com | | | | | =========================================================================== Compiled using VC++/VC++ .Net.....unmanaged... #define _WIN32_WINNT 0x0500 #include #include #include // Prototype BOOL CreateMyDACL(SECURITY_ATTRIBUTES *); TCHAR DirName[20] = "C:\\MyDirectory"; int main() { SECURITY_ATTRIBUTES sa; // The SECURITY_ATTRIBUTE structure size sa.nLength = sizeof(SECURITY_ATTRIBUTES); // The return handle not inherited sa.bInheritHandle = FALSE; // Call CreateMyDACL() function to set the DACL. The DACL // is set in the SECURITY_ATTRIBUTES // lpSecurityDescriptor member. if(!CreateMyDACL(&sa)) { //Error encountered; generate message and just exit. printf("Failed CreateMyDACL()\n"); exit(1); } else printf("CreateMyDACL() is OK\n"); // Use the updated SECURITY_ATTRIBUTES to specify // security attributes for securable objects. // This example uses security attributes during // creation of a new directory. if(CreateDirectory(DirName, &sa) == 0) { // Error encountered; generate message and exit. printf("CreateDirectory() failed lol!\n"); exit(1); } else printf("CreateDirectory() is OK.\n"); // Release the memory allocated for the SECURITY_DESCRIPTOR. if(LocalFree(sa.lpSecurityDescriptor) != NULL) { // Error encountered; generate message and exit. printf("LocalFree() failed.\n"); exit(1); } else printf("LocalFree() is OK.\n"); return 0; } // CreateMyDACL. // Create a security descriptor that contains the DACL you want. // This function uses SDDL to make Deny and Allow ACEs. // // Parameter: // SECURITY_ATTRIBUTES * pSA // Pointer to a SECURITY_ATTRIBUTES structure. It is the caller's // responsibility to properly initialize the structure and to free // the structure's lpSecurityDescriptor member when the caller has // finished using it. To free the structure's lpSecurityDescriptor // member, call the LocalFree function. // // Return value: // FALSE if the address to the structure is NULL. // Otherwise, this function returns the value from the // ConvertStringSecurityDescriptorToSecurityDescriptor function. BOOL CreateMyDACL(SECURITY_ATTRIBUTES * pSA) { // Define the SDDL for the DACL. This example sets // the following access: // Deny all for built-in Administrators group // Allow read/write/execute to Authenticated users // Allow all to anonymous logon // Allow all to built-in guests // This is not a proper setting, how come you deny the Administrator lol!!! // But this example just for fun... TCHAR * szSD = TEXT("D:") // Discretionary ACL TEXT("(D;OICI;GA;;;BA)") // Deny all for built-in Administrators group :o) TEXT("(D;OICI;GRGWGX;;;AU)") // Allow read/write/execute to Authenticated users TEXT("(A;OICI;GA;;;AN)") // Allow all to anonymous logon TEXT("(A;OICI;GA;;;BG)"); // Allow all to built-in guests if(pSA == NULL) return FALSE; PULONG nSize = 0; // Do some verification printf("The ACE strings: %s \n", szSD); printf("The converted string is at: %p \n", &(pSA->lpSecurityDescriptor)); // Convert the string to the security descriptor binary and return return ConvertStringSecurityDescriptorToSecurityDescriptor( szSD, // The ACE strings SDDL_REVISION_1, // Standard revision level &(pSA->lpSecurityDescriptor), // Pointer to the converted security descriptor nSize); // The size in byte the converted security descriptor } -------------------------------------------------------------------------------------------------------- //Creating an ACL-DACL & SACL, need the required privilege for SACL //The following #define must be the 1st statement #define _WIN32_WINNT 0x0500 #include #include #include //******************* Enabling the privilege ******************* BOOL SetPrivilege( HANDLE hToken, // access token handle LPCTSTR lpszPrivilege, // name of privilege to enable/disable BOOL bEnablePrivilege // to enable (or disable privilege) ) { TOKEN_PRIVILEGES tp; LUID luid; if(!LookupPrivilegeValue( NULL, // lookup privilege on local system lpszPrivilege, // privilege to lookup &luid)) // receives LUID of privilege { printf("LookupPrivilegeValue() error: %u\n", GetLastError()); return FALSE; } else printf("LookupPrivilegeValue() is OK\n"); tp.PrivilegeCount = 1; tp.Privileges[0].Luid = luid; // Don't forget to disable the privilege after you enable them, if(bEnablePrivilege) { tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED; // Just a verification here... printf("tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED\n"); } else { tp.Privileges[0].Attributes = 0; printf("tp.Privileges[0].Attributes = 0\n"); } // Enable the privilege (or disable all privileges). if(!AdjustTokenPrivileges( hToken, FALSE, // If TRUE, function disables all privileges, if FALSE // the function modifies privileges based on the tp &tp, sizeof(TOKEN_PRIVILEGES), (PTOKEN_PRIVILEGES) NULL, (PDWORD) NULL)) { printf("AdjustTokenPrivileges() error: %u\n", GetLastError()); return FALSE; } else printf("AdjustTokenPrivileges() is OK, last error if any: %u\n", GetLastError()); return TRUE; } //********************** Create the ACL ***************** // CreateMyACL() routine. // The return value is FALSE if the address to the structure is NULL. // Otherwise, this function returns the value from the // ConvertStringSecurityDescriptorToSecurityDescriptor function. BOOL CreateMyACL(SECURITY_ATTRIBUTES * pSA) { // Define the SDDL for the DACL & SACL. TCHAR * szSD = TEXT("D:") // DACL TEXT("(D;OICI;GRLOFR;;;AN)") // Deny Anonymous some rights TEXT("(A;;RPWPCCDCLCRCWOWDSDSW;;;SY)") // Allow System some rights TEXT("(A;OICI;GACCFA;;;LA)") // Allow Built-in Administrator some rights TEXT("(A;OICI;GACCFA;;;S-1-5-11)") // Allow Authenticated user some rights TEXT("S:") // SACL TEXT("(OU;SAFA;RPWPCCDCLCRCWOWDSDSW;;;S-1-5-18)") // Object audit success/fail, Local // systems, using a SID string TEXT("(OU;SAFA;GACCFA;;;AU)") // Object audit success/fail, Authenticated users TEXT("(OU;SAFA;GAWPFW;;;LA)"); // Object audit success/fail, Built-in Administrator // Verify if(pSA == NULL) return FALSE; // Do some verification printf("The ACE strings: %s \n", szSD); // Convert to security descriptor binary and return return ConvertStringSecurityDescriptorToSecurityDescriptor( szSD, // The ACE strings SDDL_REVISION_1, // Standard revision level &(pSA->lpSecurityDescriptor), // Pointer to the converted security descriptor NULL); // The size in byte the converted security descriptor } //******************* main ******************* int main() { TCHAR DirName[30] = "H:\\MyTestDir"; SECURITY_ATTRIBUTES sa; //******************* Enable the privilege first ******************* LPCTSTR lpszPrivilege = "SeSecurityPrivilege"; // Change this BOOL value to set/unset the SE_PRIVILEGE_ENABLED attribute BOOL bEnablePrivilege = TRUE; // Handle to the running process that is this (running) program HANDLE hToken; //*************** Get the handle to the process **************** // Open a handle to the access token for the calling process. // That is this running program if(!OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES, &hToken)) { printf("OpenProcessToken() error %u\n", GetLastError()); return FALSE; } else printf("OpenProcessToken() is OK\n"); //********************* Enabling (Disabling) privilege *************************** // Call the user defined SetPrivilege() function to enable privilege BOOL test = SetPrivilege(hToken, lpszPrivilege, bEnablePrivilege); // Verify printf("The SetPrivilage() return value: %d\n\n", test); //*********************** End enabling privilege ********************* // The SECURITY_ATTRIBUTE structure size sa.nLength = sizeof(SECURITY_ATTRIBUTES); // The return handle not inherited sa.bInheritHandle = FALSE; // Call CreateMyACL() function to set the DACL and SACL, // is set in the SECURITY_ATTRIBUTES lpSecurityDescriptor member. if(!CreateMyACL(&sa)) { //Error encountered; generate message and just exit. printf("CreateMyACL() is not OK, error %u.\n", GetLastError()); exit(1); } else printf("CreateMyACL() is OK.\n"); // Use the updated SECURITY_ATTRIBUTES to specify // security attributes for securable objects. // This example uses security attributes during // creation of a new directory. if(CreateDirectory(DirName, &sa) == 0) { // Error encountered; generate message and just exit. printf("CreateDirectory() is not OK lol!\n"); exit(1); } else printf("CreateDirectory() is OK.\n\n"); //***************** Disable the privilege ******************** bEnablePrivilege = FALSE; SetPrivilege(hToken, lpszPrivilege, bEnablePrivilege); // Verify printf("The SetPrivilage() return value: %d\n\n", test); //****************** Clean up ******************************** // Release the memory allocated for the SECURITY_DESCRIPTOR. // This means release back the used memory to the system if(LocalFree(sa.lpSecurityDescriptor) != NULL) { // Error encountered; generate message and just exit. printf("LocalFree() is not OK.\n"); exit(1); } else printf("LocalFree() is OK.\n"); return 0; } -------------------------------------------------------------------------------------------------------- // Using the same program, but in this program // we try to demonstrate creating an empty DACL #define _WIN32_WINNT 0x0500 #include #include #include // Prototype BOOL CreateMyDACL(SECURITY_ATTRIBUTES *); TCHAR DirName[20] = "C:\\MyDirectory"; int main() { SECURITY_ATTRIBUTES sa; // The SECURITY_ATTRIBUTE structure size sa.nLength = sizeof(SECURITY_ATTRIBUTES); // The return handle not inherited sa.bInheritHandle = FALSE; // Call CreateMyDACL() function to set the DACL. The DACL // is set in the SECURITY_ATTRIBUTES // lpSecurityDescriptor member. if(!CreateMyDACL(&sa)) { //Error encountered; generate message and just exit. printf("Failed CreateMyDACL()\n"); exit(1); } else printf("CreateMyDACL() is OK\n"); // Use the updated SECURITY_ATTRIBUTES to specify // security attributes for securable objects. // This example uses security attributes during // creation of a new directory. if(CreateDirectory(DirName, &sa) == 0) { // If error encountered; generate message and exit. printf("CreateDirectory() for %s failed lol!\n", DirName); exit(1); } else printf("CreateDirectory() for %s is OK.\n", DirName); // Release the memory allocated for the SECURITY_DESCRIPTOR. if(LocalFree(sa.lpSecurityDescriptor) != NULL) { // Error encountered; generate message and exit. printf("LocalFree() failed.\n"); exit(1); } else printf("LocalFree() is OK.\n"); return 0; } // Create a security descriptor that contains the DACL you want. BOOL CreateMyDACL(SECURITY_ATTRIBUTES * pSA) { TCHAR * szSD = TEXT("D:"); // An empty DACL if(pSA == NULL) return FALSE; PULONG nSize = 0; // Do some verification printf("The ACE strings: %s \n", szSD); printf("The converted string is at: %p \n", &(pSA->lpSecurityDescriptor)); // Convert the string to the security descriptor binary and return return ConvertStringSecurityDescriptorToSecurityDescriptor( szSD, // The ACE strings SDDL_REVISION_1, // Standard revision level &(pSA->lpSecurityDescriptor), // Pointer to the converted security descriptor nSize); // The size in byte the converted security descriptor } -------------------------------------------------------------------------------------------------------- // Using the same program, but in this program // we try to demonstrate creating a NULL DACL #define _WIN32_WINNT 0x0500 #include #include #include // Prototype BOOL CreateMyDACL(SECURITY_ATTRIBUTES *); TCHAR DirName[20] = "C:\\MyDirectory"; int main() { SECURITY_ATTRIBUTES sa; // The SECURITY_ATTRIBUTE structure size sa.nLength = sizeof(SECURITY_ATTRIBUTES); // The return handle not inherited sa.bInheritHandle = FALSE; // Call CreateMyDACL() function to set the DACL. The DACL // is set in the SECURITY_ATTRIBUTES // lpSecurityDescriptor member. if(!CreateMyDACL(&sa)) { //Error encountered; generate message and just exit. printf("Failed CreateMyDACL()\n"); exit(1); } else printf("CreateMyDACL() is OK\n"); // Here we just set a NULL DACL lol! if(CreateDirectory(DirName, NULL) == 0) { // Error encountered; generate message and exit. printf("CreateDirectory() for %s failed lol!\n", DirName); exit(1); } else printf("CreateDirectory() for %s is OK.\n", DirName); // Release the memory allocated for the SECURITY_DESCRIPTOR. if(LocalFree(sa.lpSecurityDescriptor) != NULL) { // Error encountered; generate message and exit. printf("LocalFree() failed.\n"); exit(1); } else printf("LocalFree() is OK.\n"); return 0; } // Create a security descriptor that contains the DACL you want. BOOL CreateMyDACL(SECURITY_ATTRIBUTES * pSA) { TCHAR * szSD = TEXT("D:") // Discretionary ACL TEXT("(D;OICI;GA;;;BA)") // Deny all for built-in Administrators group :o) TEXT("(D;OICI;GRGWGX;;;AU)") // Allow read/write/execute to Authenticated users TEXT("(A;OICI;GA;;;AN)") // Allow all to anonymous logon TEXT("(A;OICI;GA;;;BG)"); // Allow all to built-in guests if(pSA == NULL) return FALSE; PULONG nSize = 0; // Do some verification printf("The ACE strings: %s \n", szSD); printf("The converted string is at: %p \n", &(pSA->lpSecurityDescriptor)); // Convert the string to the security descriptor binary and return return ConvertStringSecurityDescriptorToSecurityDescriptor( szSD, // The ACE strings SDDL_REVISION_1, // Standard revision level &(pSA->lpSecurityDescriptor), // Pointer to the converted security descriptor nSize); // The size in byte the converted security descriptor } -------------------------------------------------------------------------------------------------------- // Modifying DACL of an object. In ACL there are ACEs... // So add or remove ACEs lol. Here we are going // to add deny standard right access for Administrators group // This Win XP machine is logged in by user named Mike who is // a member of Administrators group... #include #include #include #include // Clean up the buffer function void Cleanup(PSECURITY_DESCRIPTOR pSD, PACL pNewDACL) { if(pSD != NULL) LocalFree((HLOCAL) pSD); else printf("pSD cleaning is OK\n"); if(pNewDACL != NULL) LocalFree((HLOCAL) pNewDACL); else printf("pNewDACL cleaning is OK\n"); } int main() { // name of object, here we will add ACE for a directory // the directory is already created... LPTSTR pszObjName = "C:\\Testdir"; // type of object, file or directory. Here we test on directory SE_OBJECT_TYPE ObjectType = SE_FILE_OBJECT; // access mask for new ACE equal to 0x001F0000 flags (bit 0 till 15) DWORD dwAccessRights = STANDARD_RIGHTS_ALL; // type of ACE, Access denied ACE ACCESS_MODE AccessMode = DENY_ACCESS; // inheritance flags for new the ACE. // The OBJECT_INHERIT_ACE and CONTAINER_INHERIT_ACE flags are // not propagated to an inherited ACE. DWORD dwInheritance = NO_PROPAGATE_INHERIT_ACE; // format of trustee structure, the trustee is name TRUSTEE_FORM TrusteeForm = TRUSTEE_IS_NAME; // trustee for new ACE. This just for fun...When you run once, only one // element will take effect. By changing the first array element we // can change to other trustee and re run the program.... // Other than Mike, they are all well known trustees char pszTrustee[4][15] = {"Administrators", "System", "Users", "Mike"}; // Result DWORD dwRes = 0; // Existing and new DACL pointers... PACL pOldDACL = NULL, pNewDACL = NULL; // Security descriptor PSECURITY_DESCRIPTOR pSD = NULL; // EXPLICIT_ACCESS structure. For more than one entries, // declare an array of the EXPLICIT_ACCESS structure EXPLICIT_ACCESS ea; // Verify the object name validity if(pszObjName == NULL) return ERROR_INVALID_PARAMETER; else printf("The object name is OK\n"); // Some verification...just for fun... // Verify that our new trustee strings is OK for(int i = 0; i <= 3; i++) printf("Test pointer #%d: %s\n", i, pszTrustee[i]); // Get a pointer to the existing DACL. dwRes = GetNamedSecurityInfo(pszObjName, ObjectType, DACL_SECURITY_INFORMATION, NULL, NULL, &pOldDACL, NULL, &pSD); // Verify if(dwRes != ERROR_SUCCESS) { printf("GetNamedSecurityInfo() error %u\n", dwRes); Cleanup(pSD, pNewDACL); } else printf("GetNamedSecurityInfo() is OK\n"); // Initialize an EXPLICIT_ACCESS structure for the new ACE. // For more entries, declare an array of the EXPLICIT_ACCESS structure ZeroMemory(&ea, sizeof(EXPLICIT_ACCESS)); ea.grfAccessPermissions = dwAccessRights; ea.grfAccessMode = AccessMode; ea.grfInheritance= dwInheritance; ea.Trustee.TrusteeForm = TrusteeForm; // Test for Administrators group, a new trustee for the ACE // For other trustees, you can try changing the array index // to 1, 2 and 3 and rerun, see the effect ea.Trustee.ptstrName = (LPTSTR)(pszTrustee[0]); // Create a new ACL that merges the new ACE // into the existing DACL. dwRes = SetEntriesInAcl(1, &ea, pOldDACL, &pNewDACL); // Verify if(dwRes != ERROR_SUCCESS) { printf("SetEntriesInAcl() Error %u\n", dwRes); Cleanup(pSD, pNewDACL); } else printf("SetEntriesInAcl() is OK\n"); // Attach the new ACL as the object's DACL. dwRes = SetNamedSecurityInfo(pszObjName, ObjectType, DACL_SECURITY_INFORMATION, NULL, NULL, pNewDACL, NULL); if(dwRes != ERROR_SUCCESS) { printf("SetNamedSecurityInfo() Error %u\n", dwRes); Cleanup(pSD, pNewDACL); } printf("SetNamedSecurityInfo() is OK\n"); return 0; } -------------------------------------------------------------------------------------------------------- // Modifying ACL of an object. Here we are going to // add Allow standard right access and SACL. // This Win XP machine is logged in by user named Mike // who is a member of Administrators group... // To access a SACL using the GetNamedSecurityInfo() // or SetNamedSecurityInfo() functions, we have to enable // the SE_SECURITY_NAME privilege. #include #include #include #include // Clean up routine void Cleanup(PSECURITY_DESCRIPTOR pSS, PACL pNewSACL) { if(pSS != NULL) LocalFree((HLOCAL) pSS); else printf("pSS cleaning is OK\n"); if(pNewSACL != NULL) LocalFree((HLOCAL) pNewSACL); else printf("pNewSACL cleaning is OK\n"); } int main() { // name of object, here we will add an ACE for a directory LPTSTR pszObjName = "C:\\Testdir2\\Testdir3"; // type of object, file or directory, a directory SE_OBJECT_TYPE ObjectType = SE_FILE_OBJECT; // access mask for new ACE equal to 0X11000000 // GENERIC_ALL and ACCESS_SYSTEM_SECURITY DWORD dwAccessRights = 0X11000000; // type of ACE, set audit for success ACCESS_MODE AccessMode = SET_AUDIT_SUCCESS; // inheritance flags for new ACE. // The OBJECT_INHERIT_ACE and CONTAINER_INHERIT_ACE flags are // not propagated to an inherited ACE. DWORD dwInheritance = NO_PROPAGATE_INHERIT_ACE; // format of trustee structure, the trustee is name TRUSTEE_FORM TrusteeForm = TRUSTEE_IS_NAME; // the new trustee for the ACE is set to testuser, // a normal user LPTSTR pszTrustee = "testuser"; // Result DWORD dwRes = 0; // Existing and new SACL pointers... PACL pOldSACL = NULL, pNewSACL = NULL; // Security descriptor PSECURITY_DESCRIPTOR pSS = NULL; // EXPLICIT_ACCESS structure EXPLICIT_ACCESS ea; // Verify the object name validity if(pszObjName == NULL) return ERROR_INVALID_PARAMETER; else printf("The object name is OK\n"); //****************************************************** // Get the privilege first!!! // Privilege routine here //****************************************************** // Get a pointer to the existing SACL. dwRes = GetNamedSecurityInfo(pszObjName, ObjectType, SACL_SECURITY_INFORMATION, NULL, NULL, NULL, &pOldSACL, &pSS); // Verify if(dwRes != ERROR_SUCCESS) { printf("GetNamedSecurityInfo() error %u\n", dwRes); Cleanup(pSS, pNewSACL); } else printf("GetNamedSecurityInfo() is OK\n"); // Initialize an EXPLICIT_ACCESS structure for the new ACE. // If more entries needed, you can create an array of the ea variable of // the EXPLICIT_ACCESS ZeroMemory(&ea, sizeof(EXPLICIT_ACCESS)); ea.grfAccessPermissions = dwAccessRights; ea.grfAccessMode = AccessMode; ea.grfInheritance= dwInheritance; ea.Trustee.TrusteeForm = TrusteeForm; // Other structure elements... // ea.Trustee.TrusteeType = TRUSTEE_IS_GROUP; // ea.Trustee.TrusteeType = TRUSTEE_IS_USER; // The trustee is testuser ea.Trustee.ptstrName = pszTrustee; // Create a new ACL that merges the new ACE // into the existing ACL. dwRes = SetEntriesInAcl(1, &ea, pOldSACL, &pNewSACL); if(dwRes != ERROR_SUCCESS) { printf("SetEntriesInAcl() error %u\n", dwRes); Cleanup(pSS, pNewSACL); } else printf("SetEntriesInAcl() is OK\n"); // Attach the new ACL as the object's SACL. dwRes = SetNamedSecurityInfo(pszObjName, ObjectType, SACL_SECURITY_INFORMATION, NULL, NULL, NULL, pNewSACL); if(dwRes != ERROR_SUCCESS) { printf("SetNamedSecurityInfo() error %u\n", dwRes); Cleanup(pSS, pNewSACL); } else printf("SetNamedSecurityInfo() is OK\n"); return 0; } ====================================================================================================