|
Setting Privileges
The following example removes the discretionary ACL from a file. If necessary,
ownership of the file is given to the Administrator account. If required, the
SE_TAKE_OWNERSHIP_NAME privilege is enabled for the account.
LPSTR lpszOwnFile = "d:\\ntfs_sample_file";
PSID pSIDAliasAdmins = NULL;
static SID_IDENTIFIER_AUTHORITY
siaNTAuthority = SECURITY_NT_AUTHORITY;
BOOL FAR PASCAL TakeOwnership()
{
SECURITY_DESCRIPTOR sd;
/*
* Initialize a security descriptor and assign it a NULL
* discretionary ACL to allow unrestricted access.
* Assign the security descriptor to a file.
*/
if (!InitializeSecurityDescriptor(&sd,
SECURITY_DESCRIPTOR_REVISION)) {
ErrorHandler("InitializeSecurityDescriptor");
return FALSE;
}
if (!SetSecurityDescriptorDacl(&sd,
TRUE,
(PACL) NULL,
FALSE)) {
ErrorHandler("SetSecurityDescriptorDacl");
return FALSE;
}
if (SetFileSecurity(lpszOwnFile,
DACL_SECURITY_INFORMATION,
&sd))
return TRUE;
else
ErrorHandler("SetFileSecurity1");
/*
* If the preceding call to SetFileSecurity fails, create
* an Administrator SID and use it to set the owner of
* the security descriptor.
*/
if (!AllocateAndInitializeSid(&siaNTAuthority,
2, /* subauthority count */
/* first subauthority */
SECURITY_BUILTIN_DOMAIN_RID,
/* second subauthority */
DOMAIN_ALIAS_RID_ADMINS,
0, 0, 0, 0, 0, 0,
&pSIDAliasAdmins)) {
ErrorHandler("AllocateAndInitializeSid");
return FALSE;
}
if (!SetSecurityDescriptorOwner(&sd,
pSIDAliasAdmins,
FALSE)) {
ErrorHandler("SetSecurityDescriptorOwner");
FreeSid(pSIDAliasAdmins);
return FALSE;
}
/*
* If the following call to SetFileSecurity fails,
* enable SE_TAKE_OWNERSHIP_NAME in the access token for
* the current process and try again.
*/
if (!SetFileSecurity(lpszOwnFile,
OWNER_SECURITY_INFORMATION,
&sd)) {
ErrorHandler("SetFileSecurity2");
if (!AssertTakeOwnership(TRUE)) { /* local */
MessageBox(NULL, "Must be logged on as Administrator",
"AssertTakeOwnership", MB_OK);
FreeSid(pSIDAliasAdmins);
return FALSE;
}
if (!SetFileSecurity(lpszOwnFile,
OWNER_SECURITY_INFORMATION,
&sd)) {
MessageBox(NULL, "Must be logged on as Administrator",
"SetFileSecurity", MB_OK);
FreeSid(pSIDAliasAdmins);
return FALSE;
}
}
/*
* The Administrator is now the owner of the file.
* Try again to assign a NULL ACL.
*/
if (SetFileSecurity(lpszOwnFile,
DACL_SECURITY_INFORMATION,
&sd)) {
MessageBox(NULL, "Added NULL DACL; protection removed",
"SetFileSecurity", MB_OK);
AssertTakeOwnership(FALSE);
return TRUE;
}
else {
AssertTakeOwnership(FALSE);
ErrorHandler("SetFileSecurity3");
return FALSE;
}
}
BOOL FAR PASCAL AssertTakeOwnership(BOOL fEnable)
{
HANDLE hToken;
LUID TakeOwnershipValue;
TOKEN_PRIVILEGES tkp;
/* Retrieve a handle of the access token. */
if (!OpenProcessToken(GetCurrentProcess(),
TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY,
&hToken)) {
ErrorHandler("OpenProcessToken");
return FALSE;
}
/*
* Enable the SE_TAKE_OWNERSHIP_NAME privilege or
* disable all privileges, depending on the fEnable
* flag.
*/
if(fEnable) {
if (!LookupPrivilegeValue((LPSTR) NULL,
SE_TAKE_OWNERSHIP_NAME,
&TakeOwnershipValue)) {
ErrorHandler("LookupPrivilegeValue");
return FALSE;
}
tkp.PrivilegeCount = 1;
tkp.Privileges[0].Luid = TakeOwnershipValue;
tkp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
AdjustTokenPrivileges(hToken,
FALSE,
&tkp,
sizeof(TOKEN_PRIVILEGES),
(PTOKEN_PRIVILEGES) NULL,
(PDWORD) NULL);
/*
* The return value of AdjustTokenPrivileges cannot
* be tested.
*/
if (GetLastError() != ERROR_SUCCESS) {
ErrorHandler("AdjustTokenPrivileges");
return FALSE;
}
}
else {
AdjustTokenPrivileges(hToken,
TRUE, /* disable all privileges */
(PTOKEN_PRIVILEGES) NULL,
(DWORD) 0,
(PTOKEN_PRIVILEGES) NULL,
(PDWORD) NULL);
/*
* The return value of AdjustTokenPrivileges cannot
* be tested.
*/
if (GetLastError() != ERROR_SUCCESS) {
ErrorHandler("AdjustTokenPrivileges");
return FALSE;
}
}
return TRUE;
}
| Last news from Greatis Software |
 |
|
Nostalgia .Net |
|
.Net is powerful, but not all-powerful, so sometimes we need to use Win32 API for our .Net applications. It's simple enough with Platform Invoke if you have Win32 skill, but we do not always have time to dig the ancient documentation, declare the special types that are compatible with Win32, find the values of the Win32's constants and so on. Nostalgia .Net offers several simple-to-use classes, and components that will allow you to forget about the headache of Win32 and just use the power of Win32 in your application the same way as you use the native. Net classes. More » |
| Recommended software for developers |
 |
|
Ultimate Pack |
|
Component pack for Delphi and C++ Builder that contains runtime form designer, runtime object inspector, print suite and much more for the very special price. More » |
 |
|
Form Designer .Net |
|
Unique runtime form design solution that allows to edit any form in .Net WinForms application at runtime with full source codes for only 300 euro! More » |
 |
|
Print Suite .Net |
|
Print Suite .Net is a set of components for easy printing texts, images and grids from your WinForms applications. Full C# source codes are available More » |
 |
|
Gradient Controls .Net |
|
Gradient Controls .Net offers controls with gradient background feature. Labels, panels and so on... Full C# source codes are available More » |
 |
|
Greatis iGrid |
|
iGrid plots drawing grid right over your desktop, so you can use it everywhere, with any drawing application without any special plugins for different graphic editors. More » |
All the contacts and projectsDmitry Vasiliev (just.dmitry)
Related LinksSoftware for Visual Studio .NET developers
Software for Delphi and C++ Builder developers
Software for Visual Basic 6 developers
Delphi Tips&Tricks
MegaDetailed.NET More Online Helps Win32 Programmer's Reference
Win32 Multimedia Programmer's Reference
OLE Programmer's Reference
Microsoft Windows Pen API Programmer's Reference
Microsoft Windows Sockets 2 Reference
Microsoft Windows Telephony API (TAPI) Programmer's Reference
Unix Manual Pages
|
