Instantly share code, notes, and snippets.
Created
August 30, 2017 18:23
-
Star
0
(0)
You must be signed in to star a gist -
Fork
0
(0)
You must be signed in to fork a gist
-
Save fasterthanlime/ea38871666bc7cc486c272650523c9e1 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <windows.h> | |
| #include <AccCtrl.h> | |
| #include <Aclapi.h> | |
| #include <WinNt.h> | |
| #include <stdio.h> | |
| #define SafeRelease(x) if (x != NULL) { LocalFree((HLOCAL)x); x = NULL; } | |
| DWORD AddAceToObjectsSecurityDescriptor ( | |
| LPTSTR pszObjName, // name of object | |
| SE_OBJECT_TYPE ObjectType, // type of object | |
| LPTSTR pszTrustee, // trustee for new ACE | |
| TRUSTEE_FORM TrusteeForm, // format of trustee structure | |
| DWORD dwAccessRights, // access mask for new ACE | |
| ACCESS_MODE AccessMode, // type of ACE | |
| DWORD dwInheritance // inheritance flags for new ACE | |
| ) | |
| { | |
| DWORD dwRes = 0; | |
| PACL pOldDACL = NULL, pNewDACL = NULL; | |
| PSECURITY_DESCRIPTOR pSD = NULL; | |
| EXPLICIT_ACCESS ea; | |
| BOOL success; | |
| if (NULL == pszObjName) { | |
| return ERROR_INVALID_PARAMETER; | |
| } | |
| // Get a pointer to the existing DACL. | |
| dwRes = GetNamedSecurityInfo(pszObjName, ObjectType, | |
| DACL_SECURITY_INFORMATION, | |
| NULL, NULL, &pOldDACL, NULL, &pSD); | |
| if (ERROR_SUCCESS != dwRes) { | |
| printf( "GetNamedSecurityInfo Error %u\n", dwRes ); | |
| goto Cleanup; | |
| } | |
| // Initialize an EXPLICIT_ACCESS structure for the new ACE. | |
| ZeroMemory(&ea, sizeof(EXPLICIT_ACCESS)); | |
| ea.grfAccessPermissions = dwAccessRights; | |
| ea.grfAccessMode = AccessMode; | |
| ea.grfInheritance= dwInheritance; | |
| ea.Trustee.TrusteeForm = TrusteeForm; | |
| ea.Trustee.ptstrName = pszTrustee; | |
| // Create a new ACL that merges the new ACE | |
| // into the existing DACL. | |
| dwRes = SetEntriesInAcl(1, &ea, pOldDACL, &pNewDACL); | |
| if (ERROR_SUCCESS != dwRes) { | |
| printf( "SetEntriesInAcl Error %u\n", dwRes ); | |
| goto Cleanup; | |
| } | |
| // Convert the security descriptor to absolute format | |
| VOID *pAbsoluteSD = NULL; | |
| DWORD AbsoluteSDSize = 0; | |
| VOID *pDacl = NULL; | |
| DWORD DaclSize = 0; | |
| VOID *pSacl = NULL; | |
| DWORD SaclSize = 0; | |
| VOID *pOwner = NULL; | |
| DWORD OwnerSize = 0; | |
| VOID *pGroup = NULL; | |
| DWORD GroupSize = 0; | |
| MakeAbsoluteSD( | |
| pSD, | |
| (PSECURITY_DESCRIPTOR)pAbsoluteSD, | |
| &AbsoluteSDSize, | |
| (PACL)pDacl, | |
| &DaclSize, | |
| (PACL)pSacl, | |
| &SaclSize, | |
| (PSID)pOwner, | |
| &OwnerSize, | |
| (PSID)pGroup, | |
| &GroupSize | |
| ); // will return false which is ok, we just want the sizes | |
| pAbsoluteSD = (PSECURITY_DESCRIPTOR)LocalAlloc(0,AbsoluteSDSize); | |
| if(!pAbsoluteSD) { | |
| dwRes = GetLastError(); | |
| printf("LocalAlloc Error %u\n", dwRes); | |
| goto Cleanup; | |
| } | |
| pDacl = (PACL)LocalAlloc(0,DaclSize); | |
| if(!pDacl) { | |
| dwRes = GetLastError(); | |
| printf("LocalAlloc Error %u\n", dwRes); | |
| goto Cleanup; | |
| } | |
| pSacl = (PACL)LocalAlloc(0,SaclSize); | |
| if(!pSacl) { | |
| dwRes = GetLastError(); | |
| printf("LocalAlloc Error %u\n", dwRes); | |
| goto Cleanup; | |
| } | |
| pOwner = (PSID)LocalAlloc(0,OwnerSize); | |
| if(!pOwner) { | |
| dwRes = GetLastError(); | |
| printf("LocalAlloc Error %u\n", dwRes); | |
| goto Cleanup; | |
| } | |
| pGroup = (PSID)LocalAlloc(0,GroupSize); | |
| if(!pGroup) { | |
| dwRes = GetLastError(); | |
| printf("LocalAlloc Error %u\n", dwRes); | |
| goto Cleanup; | |
| } | |
| success = MakeAbsoluteSD( | |
| pSD, | |
| (PSECURITY_DESCRIPTOR)pAbsoluteSD, | |
| &AbsoluteSDSize, | |
| (PACL)pDacl, | |
| &DaclSize, | |
| (PACL)pSacl, | |
| &SaclSize, | |
| (PSID)pOwner, | |
| &OwnerSize, | |
| (PSID)pGroup, | |
| &GroupSize | |
| ); // will return false which is ok, we just want the sizes | |
| if (!success) { | |
| dwRes = GetLastError(); | |
| printf( "MakeAbsoluteSD Error %u\n", dwRes ); | |
| goto Cleanup; | |
| } | |
| // Attach the new ACL as the object's DACL. | |
| // dwRes = SetNamedSecurityInfo(pszObjName, ObjectType, | |
| // DACL_SECURITY_INFORMATION, | |
| // NULL, NULL, pNewDACL, NULL); | |
| // if (ERROR_SUCCESS != dwRes) { | |
| // printf( "SetNamedSecurityInfo Error %u\n", dwRes ); | |
| // goto Cleanup; | |
| // } | |
| success = SetSecurityDescriptorDacl((PSECURITY_DESCRIPTOR)pAbsoluteSD, TRUE /* specifying dacl */, pNewDACL, FALSE /* not defaulted */); | |
| if (!success) { | |
| dwRes = GetLastError(); | |
| printf( "SetSecurityDescriptorDacl Error %u\n", dwRes ); | |
| goto Cleanup; | |
| } | |
| success = SetFileSecurity(pszObjName, DACL_SECURITY_INFORMATION, (PSECURITY_DESCRIPTOR)pAbsoluteSD); | |
| if (!success) { | |
| dwRes = GetLastError(); | |
| printf( "SetFileSecurity Error: %u\n", dwRes); | |
| goto Cleanup; | |
| } | |
| Cleanup: | |
| SafeRelease(pSD); | |
| SafeRelease(pNewDACL); | |
| return dwRes; | |
| } | |
| int main () { | |
| fprintf(stderr, "Hi there\n"); | |
| ///////////////////////////////////// | |
| // Sharing | |
| ///////////////////////////////////// | |
| // DWORD dwRes = AddAceToObjectsSecurityDescriptor( | |
| // "C:\\Users\\amos\\.electron", // pszObjName | |
| // SE_FILE_OBJECT, // ObjectType | |
| // "itch-player-59922ff6", // pszTrustee | |
| // TRUSTEE_IS_NAME, | |
| // GENERIC_READ, | |
| // GRANT_ACCESS, | |
| // 0 | |
| // ); | |
| ///////////////////////////////////// | |
| // Unsharing | |
| ///////////////////////////////////// | |
| DWORD dwRes = AddAceToObjectsSecurityDescriptor( | |
| "C:\\Users\\amos\\.electron", // pszObjName | |
| SE_FILE_OBJECT, // ObjectType | |
| "itch-player-59922ff6", // pszTrustee | |
| TRUSTEE_IS_NAME, | |
| GENERIC_READ, | |
| REVOKE_ACCESS, | |
| 0 | |
| ); | |
| if (ERROR_SUCCESS != dwRes) { | |
| printf( "AddAceToObjectsSecurityDescriptor Error %u\n", dwRes ); | |
| return 1; | |
| } | |
| return 0; | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment