You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
296 lines
7.3 KiB
296 lines
7.3 KiB
// sspap3registrypermissions.cpp : Defines the entry point for the console application.
|
|
//
|
|
|
|
#include "stdafx.h"
|
|
#include <windows.h>
|
|
#include <stdio.h>
|
|
#include <aclapi.h>
|
|
|
|
#define RTN_OK 0
|
|
#define RTN_ERROR 13
|
|
|
|
void
|
|
DisplayWinError(
|
|
LPSTR szAPI, // pointer to Ansi function name
|
|
DWORD dwError // DWORD WinError
|
|
);
|
|
|
|
|
|
int _tmain(int argc, _TCHAR* argv[])
|
|
{
|
|
SID_IDENTIFIER_AUTHORITY sia = SECURITY_NT_AUTHORITY;
|
|
PSID pRestrictedSid = NULL;
|
|
PSID pSystemSid = NULL;
|
|
PSID pAdministratorsSid = NULL;
|
|
PSID pEveryoneSid = NULL;
|
|
SECURITY_DESCRIPTOR sd;
|
|
PACL pDacl = NULL;
|
|
DWORD dwAclSize;
|
|
DWORD sidSize;
|
|
HKEY hKey;
|
|
LONG lRetCode;
|
|
BOOL bSuccess = FALSE; // assume this function fails
|
|
|
|
//
|
|
// open the performance key for WRITE_DAC access
|
|
//
|
|
lRetCode = RegOpenKeyEx(
|
|
HKEY_CURRENT_USER,
|
|
TEXT(""),
|
|
0,
|
|
WRITE_DAC,
|
|
&hKey
|
|
);
|
|
|
|
if(lRetCode != ERROR_SUCCESS) {
|
|
DisplayWinError("RegOpenKeyEx", lRetCode);
|
|
return RTN_ERROR;
|
|
}
|
|
|
|
//
|
|
// prepare a Sid representing the Restricted user
|
|
//
|
|
if(!AllocateAndInitializeSid(
|
|
&sia,
|
|
1,
|
|
SECURITY_RESTRICTED_CODE_RID,
|
|
0, 0, 0, 0, 0, 0, 0,
|
|
&pRestrictedSid
|
|
)) {
|
|
DisplayWinError("AllocateAndInitializeSid SECURITY_RESTRICTED_CODE_RID", GetLastError());
|
|
goto cleanup;
|
|
}
|
|
|
|
//
|
|
// prepare a Sid representing the System user
|
|
//
|
|
if(!AllocateAndInitializeSid(
|
|
&sia,
|
|
1,
|
|
SECURITY_LOCAL_SYSTEM_RID,
|
|
0, 0, 0, 0, 0, 0, 0,
|
|
&pSystemSid
|
|
)) {
|
|
DisplayWinError("AllocateAndInitializeSid SECURITY_LOCAL_SYSTEM_RID", GetLastError());
|
|
goto cleanup;
|
|
}
|
|
|
|
//
|
|
// prepare a Sid representing any administrator
|
|
//
|
|
pAdministratorsSid = (PSID)HeapAlloc(GetProcessHeap(), 0, SECURITY_MAX_SID_SIZE);
|
|
if(pAdministratorsSid == NULL) goto cleanup;
|
|
if(!CreateWellKnownSid(
|
|
WinBuiltinAdministratorsSid,
|
|
NULL,
|
|
pAdministratorsSid,
|
|
&sidSize
|
|
)) {
|
|
DisplayWinError("CreateWellKnownSid WinBuiltinAdministratorsSid", GetLastError());
|
|
goto cleanup;
|
|
}
|
|
|
|
//
|
|
// prepare a Sid representing any user
|
|
//
|
|
pEveryoneSid = (PSID)HeapAlloc(GetProcessHeap(), 0, SECURITY_MAX_SID_SIZE);
|
|
if(pEveryoneSid == NULL) goto cleanup;
|
|
if(!CreateWellKnownSid(
|
|
WinWorldSid,
|
|
NULL,
|
|
pEveryoneSid,
|
|
&sidSize
|
|
)) {
|
|
DisplayWinError("CreateWellKnownSid WinWorldSid", GetLastError());
|
|
goto cleanup;
|
|
}
|
|
|
|
//
|
|
// compute size of new acl
|
|
//
|
|
dwAclSize = sizeof(ACL) +
|
|
4 * ( sizeof(ACCESS_ALLOWED_ACE) - sizeof(DWORD) ) +
|
|
GetLengthSid(pRestrictedSid) +
|
|
GetLengthSid(pSystemSid) +
|
|
GetLengthSid(pAdministratorsSid) +
|
|
GetLengthSid(pEveryoneSid) ;
|
|
|
|
//
|
|
// allocate storage for Acl
|
|
//
|
|
pDacl = (PACL)HeapAlloc(GetProcessHeap(), 0, dwAclSize);
|
|
if(pDacl == NULL) goto cleanup;
|
|
|
|
if(!InitializeAcl(pDacl, dwAclSize, ACL_REVISION)) {
|
|
DisplayWinError("InitializeAcl", GetLastError());
|
|
goto cleanup;
|
|
}
|
|
|
|
//
|
|
// grant the Restricted Sid KEY_READ access to the perf key
|
|
//
|
|
if(!AddAccessAllowedAceEx(
|
|
pDacl,
|
|
ACL_REVISION,
|
|
CONTAINER_INHERIT_ACE | OBJECT_INHERIT_ACE,
|
|
KEY_READ,
|
|
pRestrictedSid
|
|
)) {
|
|
DisplayWinError("AddAccessAllowedAce", GetLastError());
|
|
goto cleanup;
|
|
}
|
|
|
|
//
|
|
// grant the System Sid KEY_ALL_ACCESS access to the perf key
|
|
//
|
|
if(!AddAccessAllowedAceEx(
|
|
pDacl,
|
|
ACL_REVISION,
|
|
CONTAINER_INHERIT_ACE | OBJECT_INHERIT_ACE,
|
|
KEY_ALL_ACCESS,
|
|
pSystemSid
|
|
)) {
|
|
DisplayWinError("AddAccessAllowedAce", GetLastError());
|
|
goto cleanup;
|
|
}
|
|
|
|
//
|
|
// grant the Administrators Sid KEY_ALL_ACCESS access to the perf key
|
|
//
|
|
if(!AddAccessAllowedAceEx(
|
|
pDacl,
|
|
ACL_REVISION,
|
|
CONTAINER_INHERIT_ACE | OBJECT_INHERIT_ACE,
|
|
KEY_ALL_ACCESS,
|
|
pAdministratorsSid
|
|
)) {
|
|
DisplayWinError("AddAccessAllowedAce", GetLastError());
|
|
goto cleanup;
|
|
}
|
|
|
|
//
|
|
// grant the Everyone Sid KEY_ALL_ACCESS access to the perf key
|
|
//
|
|
if(!AddAccessAllowedAceEx(
|
|
pDacl,
|
|
ACL_REVISION,
|
|
CONTAINER_INHERIT_ACE | OBJECT_INHERIT_ACE,
|
|
KEY_ALL_ACCESS,
|
|
pEveryoneSid
|
|
)) {
|
|
DisplayWinError("AddAccessAllowedAce", GetLastError());
|
|
goto cleanup;
|
|
}
|
|
|
|
if(!InitializeSecurityDescriptor(&sd, SECURITY_DESCRIPTOR_REVISION)) {
|
|
DisplayWinError("InitializeSecurityDescriptor", GetLastError());
|
|
goto cleanup;
|
|
}
|
|
|
|
/* if(!SetSecurityDescriptorDacl(&sd, TRUE, pDacl, FALSE)) {
|
|
DisplayWinError("SetSecurityDescriptorDacl", GetLastError());
|
|
goto cleanup;
|
|
}*/
|
|
|
|
//
|
|
// Unlike SetSecurityDescriptorDacl, SetNamedSecurityInfo propogates inheritance to subkeys
|
|
// See http://comments.gmane.org/gmane.comp.python.windows/10609
|
|
//
|
|
if(!SetNamedSecurityInfo(L"CURRENT_USER", SE_REGISTRY_KEY, DACL_SECURITY_INFORMATION, NULL, NULL, pDacl, NULL)) {
|
|
DisplayWinError("SetNamedSecurityInfo", GetLastError());
|
|
goto cleanup;
|
|
}
|
|
|
|
//
|
|
// apply the security descriptor to the registry key
|
|
//
|
|
lRetCode = RegSetKeySecurity(
|
|
hKey,
|
|
(SECURITY_INFORMATION)DACL_SECURITY_INFORMATION,
|
|
&sd
|
|
);
|
|
|
|
if(lRetCode != ERROR_SUCCESS) {
|
|
DisplayWinError("RegSetKeySecurity", lRetCode);
|
|
goto cleanup;
|
|
}
|
|
|
|
bSuccess = TRUE; // indicate success
|
|
|
|
cleanup:
|
|
|
|
RegCloseKey(hKey);
|
|
RegCloseKey(HKEY_LOCAL_MACHINE);
|
|
|
|
//
|
|
// free allocated resources
|
|
//
|
|
if(pDacl != NULL)
|
|
HeapFree(GetProcessHeap(), 0, pDacl);
|
|
|
|
if(pRestrictedSid != NULL)
|
|
FreeSid(pRestrictedSid);
|
|
|
|
if(pSystemSid != NULL)
|
|
FreeSid(pSystemSid);
|
|
|
|
if(pAdministratorsSid != NULL)
|
|
FreeSid(pAdministratorsSid);
|
|
|
|
if(pEveryoneSid != NULL)
|
|
FreeSid(pEveryoneSid);
|
|
|
|
if(bSuccess) {
|
|
printf("SUCCESS updating user hive security\n");
|
|
return RTN_OK;
|
|
} else {
|
|
printf("ERROR updating user hive security\n");
|
|
return RTN_ERROR;
|
|
}
|
|
}
|
|
|
|
void
|
|
DisplayWinError(
|
|
LPSTR szAPI, // pointer to Ansi function name
|
|
DWORD dwError // DWORD WinError
|
|
)
|
|
{
|
|
LPSTR MessageBuffer;
|
|
DWORD dwBufferLength;
|
|
|
|
//
|
|
// TODO get this fprintf out of here!
|
|
//
|
|
fprintf(stderr,"%s error!\n", szAPI);
|
|
|
|
if(dwBufferLength=FormatMessageA(
|
|
FORMAT_MESSAGE_ALLOCATE_BUFFER |
|
|
FORMAT_MESSAGE_FROM_SYSTEM,
|
|
NULL,
|
|
dwError,
|
|
MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT),
|
|
(LPSTR) &MessageBuffer,
|
|
0,
|
|
NULL
|
|
))
|
|
{
|
|
DWORD dwBytesWritten; // unused
|
|
|
|
//
|
|
// Output message string on stderr
|
|
//
|
|
WriteFile(
|
|
GetStdHandle(STD_ERROR_HANDLE),
|
|
MessageBuffer,
|
|
dwBufferLength,
|
|
&dwBytesWritten,
|
|
NULL
|
|
);
|
|
|
|
//
|
|
// free the buffer allocated by the system
|
|
//
|
|
LocalFree(MessageBuffer);
|
|
}
|
|
}
|