Hypercell ein ] Hypercell aus ] Zeige Navigation ] Verstecke Navigation ]
c++.de  
   
Forentreff 2012   Startseite ] [ Links ] [ FAQs ] [ Humor ] [ Compiler ] [ Bücher ] [ Magazin ] [ Tutorials ] [ Videos ] [ Impressum & AGB ] [ Twitter Twitter ] [ Facebook Facebook ] [ Kontakt ]
Anleitung ] [ Suchen ] [ Profil ] [ Eigene Beiträge ] [ Registrieren ]
Login ]
   
Bücher-Shop mit Amazon (Buchkategorien)C++ : Referenzen zu C++ : C++ Builder : Visual C++ : C# : Java : Spieleprogrammierung : Systemprogrammierung Linux : Software-Entwicklung : .NET : Compilertechnik : Algorithmen & Datenstrukturen : Objektorientierung : Entwurfsmuster : UML : eXtreme Programming : Scrum : Projektmanagement : Software-Testing : Datenbanken : Tom DeMarco : Dilbert : User Friendly
C/C++ Forum :: WinAPI ::  DACL für Datei setzen funktioniert nicht     Zeige alle Beiträge auf einer Seite Auf Beitrag antworten
Autor Nachricht
SeekingForTheAnswer
Unregistrierter
Beitrag SeekingForTheAnswer Unregistrierter 18:07:07 23.01.2012   Titel:   DACL für Datei setzen funktioniert nicht            Zitieren
Hallo,

es gibt mal wieder ein Problem. Mein Ziel ist es die DACL einer Datei so umzuändern, dass alle Benutzer (und Benutzergruppen) die Datei nur noch Löschen, Ausführen und Besitz ergreifen können. Diese Berechtigungen ändern soll keiner können. Hier mein Code:

C/C++ Code:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
BOOL SetDACLForObject(const char* Object, SE_OBJECT_TYPE ObjectType, int AccessPerms, ACCESS_MODE AccessMode)
{
    char StrTrustee[4][100] = {"Administrators", "System", "Users", ""};
   
    char UserName[100];
    DWORD SizeUserName = sizeof(UserName);
    GetUserName(UserName, &SizeUserName);

    strcpy(StrTrustee[3], UserName);

    DWORD Res = 0;
    PACL NewDACL = NULL;
    PSID SidAdmin = NULL;
    PSECURITY_DESCRIPTOR SD = NULL;
    SID_IDENTIFIER_AUTHORITY SIDAuthNT = SECURITY_NT_AUTHORITY;
    EXPLICIT_ACCESS ea[4];

    if (!AllocateAndInitializeSid(&SIDAuthNT, 2,
        SECURITY_BUILTIN_DOMAIN_RID,
        DOMAIN_ALIAS_RID_ADMINS, 0, 0, 0, 0,
        0, 0, &SidAdmin))
    {
        cout <<"AllocateAndInitializeSid() failed: " <<GetLastError() <<endl;
        return FALSE;
    }

    ZeroMemory(&ea, 4 * sizeof(EXPLICIT_ACCESS));
    ea[0].grfAccessPermissions    = AccessPerms;
    ea[0].grfAccessMode            = AccessMode;
    ea[0].grfInheritance        = NO_PROPAGATE_INHERIT_ACE; //NO_INHERITANCE;
    ea[0].Trustee.TrusteeForm    = TRUSTEE_IS_NAME;
    ea[0].Trustee.TrusteeType    = TRUSTEE_IS_GROUP;
    ea[0].Trustee.ptstrName        = (LPTSTR) (StrTrustee[0]);

    ea[1].grfAccessPermissions    = AccessPerms;
    ea[1].grfAccessMode            = AccessMode;
    ea[1].grfInheritance        = NO_PROPAGATE_INHERIT_ACE;
    ea[1].Trustee.TrusteeForm    = TRUSTEE_IS_NAME;
    ea[1].Trustee.ptstrName        = (LPTSTR) (StrTrustee[1]);

    ea[2].grfAccessPermissions    = AccessPerms;
    ea[2].grfAccessMode            = AccessMode;
    ea[2].grfInheritance        = NO_PROPAGATE_INHERIT_ACE;
    ea[2].Trustee.TrusteeForm    = TRUSTEE_IS_NAME;
    ea[2].Trustee.TrusteeType    = TRUSTEE_IS_COMPUTER;
    ea[2].Trustee.ptstrName        = (LPTSTR) (StrTrustee[2]);

    ea[3].grfAccessPermissions    = AccessPerms;
    ea[3].grfAccessMode            = AccessMode;
    ea[3].grfInheritance        = NO_PROPAGATE_INHERIT_ACE;
    ea[3].Trustee.TrusteeForm    = TRUSTEE_IS_NAME;
    ea[3].Trustee.TrusteeType    = TRUSTEE_IS_USER;
    ea[3].Trustee.ptstrName        = (LPTSTR) (StrTrustee[3]);

    Res = SetEntriesInAcl(4, ea, NULL, &NewDACL);
    if (Res != ERROR_SUCCESS)
    {
        cout <<"SetEntriesInAcl() failed: " <<GetLastError() <<endl;
        return FALSE;
    }

    Res = SetNamedSecurityInfo((LPTSTR) Object, ObjectType, DACL_SECURITY_INFORMATION, SidAdmin, NULL, NewDACL, NULL);
    if (Res != ERROR_SUCCESS)
    {
        cout <<"SetNamedSecurityInfo() failed: " <<GetLastError() <<endl;
        return FALSE;
    }

    LocalFree(SD);
    LocalFree(NewDACL);

    return TRUE;
}
C/C++ Code:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
BOOL SetDACLForObject(const char* Object, SE_OBJECT_TYPE ObjectType, int AccessPerms, ACCESS_MODE AccessMode)
{
char StrTrustee[4][100] = {"Administrators", "System", "Users", ""};

char UserName[100];
DWORD SizeUserName = sizeof(UserName);
GetUserName(UserName, &SizeUserName);

strcpy(StrTrustee[3], UserName);

DWORD Res = 0;
PACL NewDACL = NULL;
PSID SidAdmin = NULL;
PSECURITY_DESCRIPTOR SD = NULL;
SID_IDENTIFIER_AUTHORITY SIDAuthNT = SECURITY_NT_AUTHORITY;
EXPLICIT_ACCESS ea[4];

if (!AllocateAndInitializeSid(&SIDAuthNT, 2,
SECURITY_BUILTIN_DOMAIN_RID,
DOMAIN_ALIAS_RID_ADMINS, 0, 0, 0, 0,
0, 0, &SidAdmin))
{
cout <<"AllocateAndInitializeSid() failed: " <<GetLastError() <<endl;
return FALSE;
}

ZeroMemory(&ea, 4 * sizeof(EXPLICIT_ACCESS));
ea[0].grfAccessPermissions = AccessPerms;
ea[0].grfAccessMode = AccessMode;
ea[0].grfInheritance = NO_PROPAGATE_INHERIT_ACE; //NO_INHERITANCE;
ea[0].Trustee.TrusteeForm = TRUSTEE_IS_NAME;
ea[0].Trustee.TrusteeType = TRUSTEE_IS_GROUP;
ea[0].Trustee.ptstrName = (LPTSTR) (StrTrustee[0]);

ea[1].grfAccessPermissions = AccessPerms;
ea[1].grfAccessMode = AccessMode;
ea[1].grfInheritance = NO_PROPAGATE_INHERIT_ACE;
ea[1].Trustee.TrusteeForm = TRUSTEE_IS_NAME;
ea[1].Trustee.ptstrName = (LPTSTR) (StrTrustee[1]);

ea[2].grfAccessPermissions = AccessPerms;
ea[2].grfAccessMode = AccessMode;
ea[2].grfInheritance = NO_PROPAGATE_INHERIT_ACE;
ea[2].Trustee.TrusteeForm = TRUSTEE_IS_NAME;
ea[2].Trustee.TrusteeType = TRUSTEE_IS_COMPUTER;
ea[2].Trustee.ptstrName = (LPTSTR) (StrTrustee[2]);

ea[3].grfAccessPermissions = AccessPerms;
ea[3].grfAccessMode = AccessMode;
ea[3].grfInheritance = NO_PROPAGATE_INHERIT_ACE;
ea[3].Trustee.TrusteeForm = TRUSTEE_IS_NAME;
ea[3].Trustee.TrusteeType = TRUSTEE_IS_USER;
ea[3].Trustee.ptstrName = (LPTSTR) (StrTrustee[3]);

Res = SetEntriesInAcl(4, ea, NULL, &NewDACL);
if (Res != ERROR_SUCCESS)
{
cout <<"SetEntriesInAcl() failed: " <<GetLastError() <<endl;
return FALSE;
}

Res = SetNamedSecurityInfo((LPTSTR) Object, ObjectType, DACL_SECURITY_INFORMATION, SidAdmin, NULL, NewDACL, NULL);
if (Res != ERROR_SUCCESS)
{
cout <<"SetNamedSecurityInfo() failed: " <<GetLastError() <<endl;
return FALSE;
}

LocalFree(SD);
LocalFree(NewDACL);

return TRUE;
}
C/C++ Code:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
BOOL SetDACLForObject(const char* Object, SE_OBJECT_TYPE ObjectType, int AccessPerms, ACCESS_MODE AccessMode)
{
    char StrTrustee[4][100] = {"Administrators", "System", "Users", ""};
   
    char UserName[100];
    DWORD SizeUserName = sizeof(UserName);
    GetUserName(UserName, &SizeUserName);

    strcpy(StrTrustee[3], UserName);

    DWORD Res = 0;
    PACL NewDACL = NULL;
    PSID SidAdmin = NULL;
    PSECURITY_DESCRIPTOR SD = NULL;
    SID_IDENTIFIER_AUTHORITY SIDAuthNT = SECURITY_NT_AUTHORITY;
    EXPLICIT_ACCESS ea[4];

    if (!AllocateAndInitializeSid(&SIDAuthNT, 2,
        SECURITY_BUILTIN_DOMAIN_RID,
        DOMAIN_ALIAS_RID_ADMINS, 0, 0, 0, 0,
        0, 0, &SidAdmin))
    {
        cout <<"AllocateAndInitializeSid() failed: " <<GetLastError() <<endl;
        return FALSE;
    }

    ZeroMemory(&ea, 4 * sizeof(EXPLICIT_ACCESS));
    ea[0].grfAccessPermissions    = AccessPerms;
    ea[0].grfAccessMode            = AccessMode;
    ea[0].grfInheritance        = NO_PROPAGATE_INHERIT_ACE; //NO_INHERITANCE;
    ea[0].Trustee.TrusteeForm    = TRUSTEE_IS_NAME;
    ea[0].Trustee.TrusteeType    = TRUSTEE_IS_GROUP;
    ea[0].Trustee.ptstrName        = (LPTSTR) (StrTrustee[0]);

    ea[1].grfAccessPermissions    = AccessPerms;
    ea[1].grfAccessMode            = AccessMode;
    ea[1].grfInheritance        = NO_PROPAGATE_INHERIT_ACE;
    ea[1].Trustee.TrusteeForm    = TRUSTEE_IS_NAME;
    ea[1].Trustee.ptstrName        = (LPTSTR) (StrTrustee[1]);

    ea[2].grfAccessPermissions    = AccessPerms;
    ea[2].grfAccessMode            = AccessMode;
    ea[2].grfInheritance        = NO_PROPAGATE_INHERIT_ACE;
    ea[2].Trustee.TrusteeForm    = TRUSTEE_IS_NAME;
    ea[2].Trustee.TrusteeType    = TRUSTEE_IS_COMPUTER;
    ea[2].Trustee.ptstrName        = (LPTSTR) (StrTrustee[2]);

    ea[3].grfAccessPermissions    = AccessPerms;
    ea[3].grfAccessMode            = AccessMode;
    ea[3].grfInheritance        = NO_PROPAGATE_INHERIT_ACE;
    ea[3].Trustee.TrusteeForm    = TRUSTEE_IS_NAME;
    ea[3].Trustee.TrusteeType    = TRUSTEE_IS_USER;
    ea[3].Trustee.ptstrName        = (LPTSTR) (StrTrustee[3]);

    Res = SetEntriesInAcl(4, ea, NULL, &NewDACL);
    if (Res != ERROR_SUCCESS)
    {
        cout <<"SetEntriesInAcl() failed: " <<GetLastError() <<endl;
        return FALSE;
    }

    Res = SetNamedSecurityInfo((LPTSTR) Object, ObjectType, DACL_SECURITY_INFORMATION, SidAdmin, NULL, NewDACL, NULL);
    if (Res != ERROR_SUCCESS)
    {
        cout <<"SetNamedSecurityInfo() failed: " <<GetLastError() <<endl;
        return FALSE;
    }

    LocalFree(SD);
    LocalFree(NewDACL);

    return TRUE;
}


Ich rufe die Funktion zweimal auf:
C/C++ Code:
SetDACLForObject("C:\\Test.txt", SE_FILE_OBJECT, CUSTOM_ALLOW, SET_ACCESS);
SetDACLForObject("C:\\Test.txt", SE_FILE_OBJECT, CUSTOM_DENY, DENY_ACCESS);
C/C++ Code:
SetDACLForObject("C:\\Test.txt", SE_FILE_OBJECT, CUSTOM_ALLOW, SET_ACCESS);
SetDACLForObject("C:\\Test.txt", SE_FILE_OBJECT, CUSTOM_DENY, DENY_ACCESS);
C/C++ Code:
SetDACLForObject("C:\\Test.txt", SE_FILE_OBJECT, CUSTOM_ALLOW, SET_ACCESS);
SetDACLForObject("C:\\Test.txt", SE_FILE_OBJECT, CUSTOM_DENY, DENY_ACCESS);

mit
C/C++ Code:
#define CUSTOM_ALLOW    (READ_CONTROL            |\
                         WRITE_OWNER             |\
                         DELETE)

#define CUSTOM_DENY    (WRITE_DAC)
C/C++ Code:
#define CUSTOM_ALLOW (READ_CONTROL |\
WRITE_OWNER |\
DELETE)

#define CUSTOM_DENY (WRITE_DAC)
C/C++ Code:
#define CUSTOM_ALLOW    (READ_CONTROL            |\
                         WRITE_OWNER             |\
                         DELETE)

#define CUSTOM_DENY    (WRITE_DAC)


Das Ergebnis ist enttäuschend. Alle Benutzer und Benutzergruppen haben Vollzugriff auf die Datei und nur die Verweigern-Spalte ist noch editierbar, nicht die Zulassen. Was mache ich falsch?

Vielen Dank schonmal für jede gute Antwort!
der besitzer
Unregistrierter
Beitrag der besitzer Unregistrierter 18:35:45 23.01.2012   Titel:              Zitieren
Der Besitzer kann immer die Berechtigung ändern!
SeekingForTheAnswer
Unregistrierter
Beitrag SeekingForTheAnswer Unregistrierter 19:51:46 23.01.2012   Titel:              Zitieren
Danke erstmal für die Antwort. Das könnte natürlich ein Widerspruch sein, aber wenn ich CUSTOM_ALLOW und CUSTOM_DENY umdefiniere:

C/C++ Code:
#define CUSTOM_ALLOW    (READ_CONTROL            |\
                         DELETE)

#define CUSTOM_DENY    (WRITE_DAC                 |\
                        WRITE_OWNER)
C/C++ Code:
#define CUSTOM_ALLOW (READ_CONTROL |\
DELETE)

#define CUSTOM_DENY (WRITE_DAC |\
WRITE_OWNER)
C/C++ Code:
#define CUSTOM_ALLOW    (READ_CONTROL            |\
                         DELETE)

#define CUSTOM_DENY    (WRITE_DAC                 |\
                        WRITE_OWNER)


...besteht das Problem weiterhin.
der besitzer
Unregistrierter
Beitrag der besitzer Unregistrierter 21:12:02 23.01.2012   Titel:              Zitieren
Die übergeordneten Objecte sind das Problem!
SeekingForTheAnswer
Unregistrierter
Beitrag SeekingForTheAnswer Unregistrierter 08:59:03 24.01.2012   Titel:              Zitieren
Entschuldigung, aber kannst du das genauer erklären?
der besitzer
Unregistrierter
Beitrag der besitzer Unregistrierter 17:23:02 24.01.2012   Titel:              Zitieren
Die übergeordneten Objekte dürfen nicht vererbt werden.
SeekingForTheAnswer
Unregistrierter
Beitrag SeekingForTheAnswer Unregistrierter 20:50:32 24.01.2012   Titel:              Zitieren
Okay, habe mal auf NO_INHERITANCE gestellt. Das Problem ist aber ein anderes, SetEntriesInAcl gibt den Errorcode 1332 zurück, deshalb wird die Funktion garnicht komplett durchgeführt.
hustbaer
Mitglied

Benutzerprofil
Anmeldungsdatum: 27.10.2006
Beiträge: 13529
Beitrag hustbaer Mitglied 23:12:25 24.01.2012   Titel:              Zitieren
1332 No mapping between account names and security IDs was done.

Er mag also einen deiner Strings nicht.
Probier sie einzeln durch, dann weisst du welchen.

Offensichtliche Probleme: "Users" ist wohl kein Computername. "" wird kein gültiger Username sein. Beim 2. Eintrag setzt du "TrusteeType" nicht (k.A. ob die Null die du von ZeroMemory dort stehen hast der passende TrusteeType ist, ich würd's aber auf jeden Fall trotzdem hinschreiben, auch wenn 0 das ist was du brauchst).

Alles Schlampigkeitsfehler.

_________________
"Let there be Licht..." http://lichttools.sourceforge.net/
Sehr cooles ASCII Spiel (leider nicht von mir): ASCII-Scramble - http://www.roskakori.at/ascii/
Martin Richter
Moderator

Benutzerprofil
Anmeldungsdatum: 18.04.2006
Beiträge: 13520
Beitrag Martin Richter Moderator 09:18:12 25.01.2012   Titel:              Zitieren
Ich tippe mal eher auf ein Unicode/MBCS Konflikt, der cast auf LPTSTR gehört da garantiert nicht hin und das Projekt ist vermutlich Unicode und die Strings sind als char angelegt...

Wie immer...

_________________
Martin Richter (MVP für C++) WWJD http://blog.m-ri.de
"A well-written program is its own heaven; a poorly written program is its own hell!" The Tao of Programming
SeekingForTheAnswer
Unregistrierter
Beitrag SeekingForTheAnswer Unregistrierter 19:32:49 26.01.2012   Titel:              Zitieren
@hustbaer:
Hab mal meinen Code ein wenig geändert:
C/C++ Code:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
BOOL SetDACLForObject(const char* Object, SE_OBJECT_TYPE ObjectType, int AccessPerms, ACCESS_MODE AccessMode)
{
    char StrTrustee[2][100] = {"Administrators", "System"};
   
    char UserName[100];
    DWORD SizeUserName = sizeof(UserName);
    GetUserName(UserName, &SizeUserName);

    DWORD Res = 0;
    PACL NewDACL = NULL;
    PSID SidAdmin = NULL;
    PSECURITY_DESCRIPTOR SD = NULL;
    SID_IDENTIFIER_AUTHORITY SIDAuthNT = SECURITY_NT_AUTHORITY;
    EXPLICIT_ACCESS ea[3];

    if (!AllocateAndInitializeSid(&SIDAuthNT, 2,
        SECURITY_BUILTIN_DOMAIN_RID,
        DOMAIN_ALIAS_RID_ADMINS, 0, 0, 0, 0,
        0, 0, &SidAdmin))
    {
        cout <<"AllocateAndInitializeSid() failed: " <<GetLastError() <<endl;
        return FALSE;
    }

    ZeroMemory(ea, 3 * sizeof(EXPLICIT_ACCESS));
    ea[0].grfAccessPermissions    = AccessPerms;
    ea[0].grfAccessMode            = AccessMode;
    ea[0].grfInheritance        = NO_INHERITANCE; //NO_INHERITANCE;
    ea[0].Trustee.TrusteeForm    = TRUSTEE_IS_NAME;
    ea[0].Trustee.TrusteeType    = TRUSTEE_IS_GROUP;
    ea[0].Trustee.ptstrName        = (LPTSTR) (StrTrustee[0]);

    /*ea[1].grfAccessPermissions    = AccessPerms;
    ea[1].grfAccessMode            = AccessMode;
    ea[1].grfInheritance        = NO_INHERITANCE;
    ea[1].Trustee.TrusteeForm    = TRUSTEE_IS_NAME;
    ea[1].Trustee.ptstrName        = (LPTSTR) (CURRENT_USER);*/

    ea[1].grfAccessPermissions    = AccessPerms;
    ea[1].grfAccessMode            = AccessMode;
    ea[1].grfInheritance        = NO_INHERITANCE;
    ea[1].Trustee.TrusteeForm    = TRUSTEE_IS_NAME;
    ea[1].Trustee.TrusteeType    = TRUSTEE_IS_COMPUTER;
    ea[1].Trustee.ptstrName        = (LPTSTR) (StrTrustee[1]);

    ea[2].grfAccessPermissions    = AccessPerms;
    ea[2].grfAccessMode            = AccessMode;
    ea[2].grfInheritance        = NO_INHERITANCE;
    ea[2].Trustee.TrusteeForm    = TRUSTEE_IS_NAME;
    ea[2].Trustee.TrusteeType    = TRUSTEE_IS_USER;
    ea[2].Trustee.ptstrName        = (LPTSTR) (UserName);

    Res = SetEntriesInAcl(3, ea, NULL, &NewDACL);
    if (Res != ERROR_SUCCESS)
    {
        Res = GetLastError();
        cout <<"SetEntriesInAcl() failed: " <<GetLastError() <<endl;
        return FALSE;
    }

    Res = SetNamedSecurityInfo((LPTSTR) Object, ObjectType, DACL_SECURITY_INFORMATION, SidAdmin, NULL, NewDACL, NULL);
    if (Res != ERROR_SUCCESS)
    {
        cout <<"SetNamedSecurityInfo() failed: " <<GetLastError() <<endl;
        return FALSE;
    }

    LocalFree(SD);
    LocalFree(NewDACL);

    return TRUE;
}
C/C++ Code:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
BOOL SetDACLForObject(const char* Object, SE_OBJECT_TYPE ObjectType, int AccessPerms, ACCESS_MODE AccessMode)
{
char StrTrustee[2][100] = {"Administrators", "System"};

char UserName[100];
DWORD SizeUserName = sizeof(UserName);
GetUserName(UserName, &SizeUserName);

DWORD Res = 0;
PACL NewDACL = NULL;
PSID SidAdmin = NULL;
PSECURITY_DESCRIPTOR SD = NULL;
SID_IDENTIFIER_AUTHORITY SIDAuthNT = SECURITY_NT_AUTHORITY;
EXPLICIT_ACCESS ea[3];

if (!AllocateAndInitializeSid(&SIDAuthNT, 2,
SECURITY_BUILTIN_DOMAIN_RID,
DOMAIN_ALIAS_RID_ADMINS, 0, 0, 0, 0,
0, 0, &SidAdmin))
{
cout <<"AllocateAndInitializeSid() failed: " <<GetLastError() <<endl;
return FALSE;
}

ZeroMemory(ea, 3 * sizeof(EXPLICIT_ACCESS));
ea[0].grfAccessPermissions = AccessPerms;
ea[0].grfAccessMode = AccessMode;
ea[0].grfInheritance = NO_INHERITANCE; //NO_INHERITANCE;
ea[0].Trustee.TrusteeForm = TRUSTEE_IS_NAME;
ea[0].Trustee.TrusteeType = TRUSTEE_IS_GROUP;
ea[0].Trustee.ptstrName = (LPTSTR) (StrTrustee[0]);

/*ea[1].grfAccessPermissions = AccessPerms;
ea[1].grfAccessMode = AccessMode;
ea[1].grfInheritance = NO_INHERITANCE;
ea[1].Trustee.TrusteeForm = TRUSTEE_IS_NAME;
ea[1].Trustee.ptstrName = (LPTSTR) (CURRENT_USER);*/

ea[1].grfAccessPermissions = AccessPerms;
ea[1].grfAccessMode = AccessMode;
ea[1].grfInheritance = NO_INHERITANCE;
ea[1].Trustee.TrusteeForm = TRUSTEE_IS_NAME;
ea[1].Trustee.TrusteeType = TRUSTEE_IS_COMPUTER;
ea[1].Trustee.ptstrName = (LPTSTR) (StrTrustee[1]);

ea[2].grfAccessPermissions = AccessPerms;
ea[2].grfAccessMode = AccessMode;
ea[2].grfInheritance = NO_INHERITANCE;
ea[2].Trustee.TrusteeForm = TRUSTEE_IS_NAME;
ea[2].Trustee.TrusteeType = TRUSTEE_IS_USER;
ea[2].Trustee.ptstrName = (LPTSTR) (UserName);

Res = SetEntriesInAcl(3, ea, NULL, &NewDACL);
if (Res != ERROR_SUCCESS)
{
Res = GetLastError();
cout <<"SetEntriesInAcl() failed: " <<GetLastError() <<endl;
return FALSE;
}

Res = SetNamedSecurityInfo((LPTSTR) Object, ObjectType, DACL_SECURITY_INFORMATION, SidAdmin, NULL, NewDACL, NULL);
if (Res != ERROR_SUCCESS)
{
cout <<"SetNamedSecurityInfo() failed: " <<GetLastError() <<endl;
return FALSE;
}

LocalFree(SD);
LocalFree(NewDACL);

return TRUE;
}
C/C++ Code:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
BOOL SetDACLForObject(const char* Object, SE_OBJECT_TYPE ObjectType, int AccessPerms, ACCESS_MODE AccessMode)
{
    char StrTrustee[2][100] = {"Administrators", "System"};
   
    char UserName[100];
    DWORD SizeUserName = sizeof(UserName);
    GetUserName(UserName, &SizeUserName);

    DWORD Res = 0;
    PACL NewDACL = NULL;
    PSID SidAdmin = NULL;
    PSECURITY_DESCRIPTOR SD = NULL;
    SID_IDENTIFIER_AUTHORITY SIDAuthNT = SECURITY_NT_AUTHORITY;
    EXPLICIT_ACCESS ea[3];

    if (!AllocateAndInitializeSid(&SIDAuthNT, 2,
        SECURITY_BUILTIN_DOMAIN_RID,
        DOMAIN_ALIAS_RID_ADMINS, 0, 0, 0, 0,
        0, 0, &SidAdmin))
    {
        cout <<"AllocateAndInitializeSid() failed: " <<GetLastError() <<endl;
        return FALSE;
    }

    ZeroMemory(ea, 3 * sizeof(EXPLICIT_ACCESS));
    ea[0].grfAccessPermissions    = AccessPerms;
    ea[0].grfAccessMode            = AccessMode;
    ea[0].grfInheritance        = NO_INHERITANCE; //NO_INHERITANCE;
    ea[0].Trustee.TrusteeForm    = TRUSTEE_IS_NAME;
    ea[0].Trustee.TrusteeType    = TRUSTEE_IS_GROUP;
    ea[0].Trustee.ptstrName        = (LPTSTR) (StrTrustee[0]);

    /*ea[1].grfAccessPermissions    = AccessPerms;
    ea[1].grfAccessMode            = AccessMode;
    ea[1].grfInheritance        = NO_INHERITANCE;
    ea[1].Trustee.TrusteeForm    = TRUSTEE_IS_NAME;
    ea[1].Trustee.ptstrName        = (LPTSTR) (CURRENT_USER);*/

    ea[1].grfAccessPermissions    = AccessPerms;
    ea[1].grfAccessMode            = AccessMode;
    ea[1].grfInheritance        = NO_INHERITANCE;
    ea[1].Trustee.TrusteeForm    = TRUSTEE_IS_NAME;
    ea[1].Trustee.TrusteeType    = TRUSTEE_IS_COMPUTER;
    ea[1].Trustee.ptstrName        = (LPTSTR) (StrTrustee[1]);

    ea[2].grfAccessPermissions    = AccessPerms;
    ea[2].grfAccessMode            = AccessMode;
    ea[2].grfInheritance        = NO_INHERITANCE;
    ea[2].Trustee.TrusteeForm    = TRUSTEE_IS_NAME;
    ea[2].Trustee.TrusteeType    = TRUSTEE_IS_USER;
    ea[2].Trustee.ptstrName        = (LPTSTR) (UserName);

    Res = SetEntriesInAcl(3, ea, NULL, &NewDACL);
    if (Res != ERROR_SUCCESS)
    {
        Res = GetLastError();
        cout <<"SetEntriesInAcl() failed: " <<GetLastError() <<endl;
        return FALSE;
    }

    Res = SetNamedSecurityInfo((LPTSTR) Object, ObjectType, DACL_SECURITY_INFORMATION, SidAdmin, NULL, NewDACL, NULL);
    if (Res != ERROR_SUCCESS)
    {
        cout <<"SetNamedSecurityInfo() failed: " <<GetLastError() <<endl;
        return FALSE;
    }

    LocalFree(SD);
    LocalFree(NewDACL);

    return TRUE;
}


@Martin Richter:
Mein Projekt ist auf Multibyte gestellt.
der besitzer
Unregistrierter
Beitrag der besitzer Unregistrierter 21:05:55 26.01.2012   Titel:              Zitieren
Dein Problem sind immer noch die übergeordneten Objekte...
hustbaer
Mitglied

Benutzerprofil
Anmeldungsdatum: 27.10.2006
Beiträge: 13529
Beitrag hustbaer Mitglied 21:24:54 26.01.2012   Titel:              Zitieren
Ich glaube immer noch nicht dass "System" ein Computer ist. AFAIK ist "NT AUTHORITY\SYSTEM" ein User-Account.

_________________
"Let there be Licht..." http://lichttools.sourceforge.net/
Sehr cooles ASCII Spiel (leider nicht von mir): ASCII-Scramble - http://www.roskakori.at/ascii/
der besitzer
Unregistrierter
Beitrag der besitzer Unregistrierter 22:09:01 26.01.2012   Titel:              Zitieren
Ja dass stimmt, aber er hat dennoch die Probleme...
hustbaer
Mitglied

Benutzerprofil
Anmeldungsdatum: 27.10.2006
Beiträge: 13529
Beitrag hustbaer Mitglied 01:04:45 27.01.2012   Titel:              Zitieren
Ich wollte damit nicht behaupten dass das was du schreibst nicht stimmt.

Ich meine er sollte schrittweise rangehen. Also erstmal die Ursache für den ersten Fehler den er bekommt suchen, diese fixen, nochmal probieren. Wenns wieder nicht geht (mit neuem Fehler), die Ursache für den finden, fixen, etc.

Alles auf einmal lösen zu wollen ist nach meiner Erfahrung nicht sinnvoll, weil man länger braucht als wenn man systematisch Schritt für Schritt vorgeht. Bzw. auch oft zu gar keinen Ergebnis kommt.

_________________
"Let there be Licht..." http://lichttools.sourceforge.net/
Sehr cooles ASCII Spiel (leider nicht von mir): ASCII-Scramble - http://www.roskakori.at/ascii/
SeekingForTheAnswer
Unregistrierter
Beitrag SeekingForTheAnswer Unregistrierter 09:50:23 27.01.2012   Titel:              Zitieren
Gut - ich habe die Funktion nochmal überarbeitet und jetzt ergibt sie auch keinen Fehler mehr (das Problem war direkt der erste Eintrag "Administrators", zum Glück hatte ich noch eine SID):
C/C++ Code:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
BOOL SetDACLForObject(const char* Object, SE_OBJECT_TYPE ObjectType, int AccessPerms, ACCESS_MODE AccessMode)
{
    char StrTrustee[100] = "System";
   
    char UserName[100];
    DWORD SizeUserName = sizeof(UserName);
    GetUserName(UserName, &SizeUserName);

    DWORD Res = 0;
    PACL NewDACL = NULL;
    PSID SidAdmin = NULL;
    PSECURITY_DESCRIPTOR SD = NULL;
    SID_IDENTIFIER_AUTHORITY SIDAuthNT = SECURITY_NT_AUTHORITY;
    EXPLICIT_ACCESS ea[3];

    if (!AllocateAndInitializeSid(&SIDAuthNT, 2,
        SECURITY_BUILTIN_DOMAIN_RID,
        DOMAIN_ALIAS_RID_ADMINS, 0, 0, 0, 0,
        0, 0, &SidAdmin))
    {
        cout <<"AllocateAndInitializeSid() failed: " <<GetLastError() <<endl;
        return FALSE;
    }

    ZeroMemory(ea, 3 * sizeof(EXPLICIT_ACCESS));
    ea[0].grfAccessPermissions    = AccessPerms;
    ea[0].grfAccessMode            = AccessMode;
    ea[0].grfInheritance        = NO_INHERITANCE; //NO_INHERITANCE;
    ea[0].Trustee.TrusteeForm    = TRUSTEE_IS_SID;
    ea[0].Trustee.TrusteeType    = TRUSTEE_IS_GROUP;
    ea[0].Trustee.ptstrName        = (LPTSTR) (SidAdmin);

    /*ea[1].grfAccessPermissions    = AccessPerms;
    ea[1].grfAccessMode            = AccessMode;
    ea[1].grfInheritance        = NO_INHERITANCE;
    ea[1].Trustee.TrusteeForm    = TRUSTEE_IS_NAME;
    ea[1].Trustee.ptstrName        = (LPTSTR) (CURRENT_USER);*/

    ea[1].grfAccessPermissions    = AccessPerms;
    ea[1].grfAccessMode            = AccessMode;
    ea[1].grfInheritance        = NO_INHERITANCE;
    ea[1].Trustee.TrusteeForm    = TRUSTEE_IS_NAME;
    ea[1].Trustee.TrusteeType    = TRUSTEE_IS_USER;
    ea[1].Trustee.ptstrName        = (LPTSTR) (StrTrustee);

    ea[2].grfAccessPermissions    = AccessPerms;
    ea[2].grfAccessMode            = AccessMode;
    ea[2].grfInheritance        = NO_INHERITANCE;
    ea[2].Trustee.TrusteeForm    = TRUSTEE_IS_NAME;
    ea[2].Trustee.TrusteeType    = TRUSTEE_IS_USER;
    ea[2].Trustee.ptstrName        = (LPTSTR) (UserName);

    Res = SetEntriesInAcl(3, ea, NULL, &NewDACL);
    if (Res != ERROR_SUCCESS)
    {
        cout <<"SetEntriesInAcl() failed: " <<GetLastError() <<endl;
        return FALSE;
    }

    Res = SetNamedSecurityInfo((LPTSTR) Object, ObjectType, DACL_SECURITY_INFORMATION, SidAdmin, NULL, NewDACL, NULL);
    if (Res != ERROR_SUCCESS)
    {
        cout <<"SetNamedSecurityInfo() failed: " <<GetLastError() <<endl;
        return FALSE;
    }

    LocalFree(SD);
    LocalFree(NewDACL);
    FreeSid(SidAdmin);

    return TRUE;
}
C/C++ Code:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
BOOL SetDACLForObject(const char* Object, SE_OBJECT_TYPE ObjectType, int AccessPerms, ACCESS_MODE AccessMode)
{
char StrTrustee[100] = "System";

char UserName[100];
DWORD SizeUserName = sizeof(UserName);
GetUserName(UserName, &SizeUserName);

DWORD Res = 0;
PACL NewDACL = NULL;
PSID SidAdmin = NULL;
PSECURITY_DESCRIPTOR SD = NULL;
SID_IDENTIFIER_AUTHORITY SIDAuthNT = SECURITY_NT_AUTHORITY;
EXPLICIT_ACCESS ea[3];

if (!AllocateAndInitializeSid(&SIDAuthNT, 2,
SECURITY_BUILTIN_DOMAIN_RID,
DOMAIN_ALIAS_RID_ADMINS, 0, 0, 0, 0,
0, 0, &SidAdmin))
{
cout <<"AllocateAndInitializeSid() failed: " <<GetLastError() <<endl;
return FALSE;
}

ZeroMemory(ea, 3 * sizeof(EXPLICIT_ACCESS));
ea[0].grfAccessPermissions = AccessPerms;
ea[0].grfAccessMode = AccessMode;
ea[0].grfInheritance = NO_INHERITANCE; //NO_INHERITANCE;
ea[0].Trustee.TrusteeForm = TRUSTEE_IS_SID;
ea[0].Trustee.TrusteeType = TRUSTEE_IS_GROUP;
ea[0].Trustee.ptstrName = (LPTSTR) (SidAdmin);

/*ea[1].grfAccessPermissions = AccessPerms;
ea[1].grfAccessMode = AccessMode;
ea[1].grfInheritance = NO_INHERITANCE;
ea[1].Trustee.TrusteeForm = TRUSTEE_IS_NAME;
ea[1].Trustee.ptstrName = (LPTSTR) (CURRENT_USER);*/

ea[1].grfAccessPermissions = AccessPerms;
ea[1].grfAccessMode = AccessMode;
ea[1].grfInheritance = NO_INHERITANCE;
ea[1].Trustee.TrusteeForm = TRUSTEE_IS_NAME;
ea[1].Trustee.TrusteeType = TRUSTEE_IS_USER;
ea[1].Trustee.ptstrName = (LPTSTR) (StrTrustee);

ea[2].grfAccessPermissions = AccessPerms;
ea[2].grfAccessMode = AccessMode;
ea[2].grfInheritance = NO_INHERITANCE;
ea[2].Trustee.TrusteeForm = TRUSTEE_IS_NAME;
ea[2].Trustee.TrusteeType = TRUSTEE_IS_USER;
ea[2].Trustee.ptstrName = (LPTSTR) (UserName);

Res = SetEntriesInAcl(3, ea, NULL, &NewDACL);
if (Res != ERROR_SUCCESS)
{
cout <<"SetEntriesInAcl() failed: " <<GetLastError() <<endl;
return FALSE;
}

Res = SetNamedSecurityInfo((LPTSTR) Object, ObjectType, DACL_SECURITY_INFORMATION, SidAdmin, NULL, NewDACL, NULL);
if (Res != ERROR_SUCCESS)
{
cout <<"SetNamedSecurityInfo() failed: " <<GetLastError() <<endl;
return FALSE;
}

LocalFree(SD);
LocalFree(NewDACL);
FreeSid(SidAdmin);

return TRUE;
}
C/C++ Code:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
BOOL SetDACLForObject(const char* Object, SE_OBJECT_TYPE ObjectType, int AccessPerms, ACCESS_MODE AccessMode)
{
    char StrTrustee[100] = "System";
   
    char UserName[100];
    DWORD SizeUserName = sizeof(UserName);
    GetUserName(UserName, &SizeUserName);

    DWORD Res = 0;
    PACL NewDACL = NULL;
    PSID SidAdmin = NULL;
    PSECURITY_DESCRIPTOR SD = NULL;
    SID_IDENTIFIER_AUTHORITY SIDAuthNT = SECURITY_NT_AUTHORITY;
    EXPLICIT_ACCESS ea[3];

    if (!AllocateAndInitializeSid(&SIDAuthNT, 2,
        SECURITY_BUILTIN_DOMAIN_RID,
        DOMAIN_ALIAS_RID_ADMINS, 0, 0, 0, 0,
        0, 0, &SidAdmin))
    {
        cout <<"AllocateAndInitializeSid() failed: " <<GetLastError() <<endl;
        return FALSE;
    }

    ZeroMemory(ea, 3 * sizeof(EXPLICIT_ACCESS));
    ea[0].grfAccessPermissions    = AccessPerms;
    ea[0].grfAccessMode            = AccessMode;
    ea[0].grfInheritance        = NO_INHERITANCE; //NO_INHERITANCE;
    ea[0].Trustee.TrusteeForm    = TRUSTEE_IS_SID;
    ea[0].Trustee.TrusteeType    = TRUSTEE_IS_GROUP;
    ea[0].Trustee.ptstrName        = (LPTSTR) (SidAdmin);

    /*ea[1].grfAccessPermissions    = AccessPerms;
    ea[1].grfAccessMode            = AccessMode;
    ea[1].grfInheritance        = NO_INHERITANCE;
    ea[1].Trustee.TrusteeForm    = TRUSTEE_IS_NAME;
    ea[1].Trustee.ptstrName        = (LPTSTR) (CURRENT_USER);*/

    ea[1].grfAccessPermissions    = AccessPerms;
    ea[1].grfAccessMode            = AccessMode;
    ea[1].grfInheritance        = NO_INHERITANCE;
    ea[1].Trustee.TrusteeForm    = TRUSTEE_IS_NAME;
    ea[1].Trustee.TrusteeType    = TRUSTEE_IS_USER;
    ea[1].Trustee.ptstrName        = (LPTSTR) (StrTrustee);

    ea[2].grfAccessPermissions    = AccessPerms;
    ea[2].grfAccessMode            = AccessMode;
    ea[2].grfInheritance        = NO_INHERITANCE;
    ea[2].Trustee.TrusteeForm    = TRUSTEE_IS_NAME;
    ea[2].Trustee.TrusteeType    = TRUSTEE_IS_USER;
    ea[2].Trustee.ptstrName        = (LPTSTR) (UserName);

    Res = SetEntriesInAcl(3, ea, NULL, &NewDACL);
    if (Res != ERROR_SUCCESS)
    {
        cout <<"SetEntriesInAcl() failed: " <<GetLastError() <<endl;
        return FALSE;
    }

    Res = SetNamedSecurityInfo((LPTSTR) Object, ObjectType, DACL_SECURITY_INFORMATION, SidAdmin, NULL, NewDACL, NULL);
    if (Res != ERROR_SUCCESS)
    {
        cout <<"SetNamedSecurityInfo() failed: " <<GetLastError() <<endl;
        return FALSE;
    }

    LocalFree(SD);
    LocalFree(NewDACL);
    FreeSid(SidAdmin);

    return TRUE;
}


Das Problem nun ist, dass zwar "Berechtigungen ändern" und "Besitz übernehmen" verweigert sind, aber "Löschen" und "Ordner durchsuchen/Datei ausführen" nicht zugelassen sind.
SeekingForTheAnswer
Unregistrierter
Beitrag SeekingForTheAnswer Unregistrierter 13:25:02 28.01.2012   Titel:              Zitieren
Ich habe mal

C/C++ Code:
SetDACLForObject(systemstartfolder, SE_FILE_OBJECT, CUSTOM_DENY, DENY_ACCESS);
C/C++ Code:
SetDACLForObject(systemstartfolder, SE_FILE_OBJECT, CUSTOM_DENY, DENY_ACCESS);
C/C++ Code:
SetDACLForObject(systemstartfolder, SE_FILE_OBJECT, CUSTOM_DENY, DENY_ACCESS);


zuerst geschrieben und dannach

C/C++ Code:
SetDACLForObject(systemstartfolder, SE_FILE_OBJECT, CUSTOM_ALLOW, SET_ACCESS);
C/C++ Code:
SetDACLForObject(systemstartfolder, SE_FILE_OBJECT, CUSTOM_ALLOW, SET_ACCESS);
C/C++ Code:
SetDACLForObject(systemstartfolder, SE_FILE_OBJECT, CUSTOM_ALLOW, SET_ACCESS);


Nun sind "Löschen" und "Berechtigungen lesen" zugelassen, aber "Berechtigungen ändern" und "Besitz übernehmen" weder zugelassen noch verweigert. Kann es sein. dass sich zwei Aufrufe irgendwie im Weg stehen?

(Btw.: Eigentlich wollte ich ja "Ordner durchsuchen/Datei ausführen" zulassen und nicht "Berechtigungen lesen", aber was soll ich anstatt READ_CONTROL nehmen? Schließlich ist STANDARD_RIGHTS_EXECUTE ja auch als READ_CONTROL definiert: http://msdn.microsoft.com/en-us/library/windows/desktop/aa379607%28v=vs.85%29.aspx)
der besitzer
Unregistrierter
Beitrag der besitzer Unregistrierter 14:13:12 28.01.2012   Titel:              Zitieren
Wegen den übergeordneten Objekten... also nochmals widerhole ich mich nicht.
SeekingForTheAnswer
Unregistrierter
Beitrag SeekingForTheAnswer Unregistrierter 14:27:44 28.01.2012   Titel:              Zitieren
der besitzer schrieb:
Wegen den übergeordneten Objekten... also nochmals widerhole ich mich nicht.


Tut mir Leid, aber kannst du präzise sagen, wo der Fehler liegt? Wo vererbe ich die übergeordneten Objekte?
SeekingForTheAnswer
Unregistrierter
Beitrag SeekingForTheAnswer Unregistrierter 14:52:23 28.01.2012   Titel:              Zitieren
Ich glaube, ich habe den Fehler gefunden (dank dieses Threads: http://www.c-plusplus.de/forum/p2172437). Ich muss mir erst das bestehende DACL holen und dann modifizieren. Hier mein neuer Code:

C/C++ Code:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
BOOL SetDACLForObject(const char* Object, SE_OBJECT_TYPE ObjectType, int AccessPerms, ACCESS_MODE AccessMode)
{
    char StrTrustee[100] = "System";
   
    char UserName[100];
    DWORD SizeUserName = sizeof(UserName);
    GetUserName(UserName, &SizeUserName);

    DWORD Res = 0;
    PACL NewDACL = NULL, OldDACL = NULL;
    PSID SidAdmin = NULL;
    PSECURITY_DESCRIPTOR SD = NULL;
    SID_IDENTIFIER_AUTHORITY SIDAuthNT = SECURITY_NT_AUTHORITY;
    EXPLICIT_ACCESS ea[3];

    Res = GetNamedSecurityInfo((LPTSTR) Object, ObjectType, DACL_SECURITY_INFORMATION, NULL, NULL, &OldDACL, NULL, NULL);
    if (Res != ERROR_SUCCESS)
    {
        cout <<"GetNamedSecurityInfo() failed: " <<GetLastError() <<endl;
        return FALSE;
    }

    if (!AllocateAndInitializeSid(&SIDAuthNT, 2,
        SECURITY_BUILTIN_DOMAIN_RID,
        DOMAIN_ALIAS_RID_ADMINS, 0, 0, 0, 0,
        0, 0, &SidAdmin))
    {
        cout <<"AllocateAndInitializeSid() failed: " <<GetLastError() <<endl;
        return FALSE;
    }

    ZeroMemory(ea, 3 * sizeof(EXPLICIT_ACCESS));
    ea[0].grfAccessPermissions    = AccessPerms;
    ea[0].grfAccessMode            = AccessMode;
    ea[0].grfInheritance        = NO_INHERITANCE; //NO_INHERITANCE;
    ea[0].Trustee.TrusteeForm    = TRUSTEE_IS_SID;
    ea[0].Trustee.TrusteeType    = TRUSTEE_IS_GROUP;
    ea[0].Trustee.ptstrName        = (LPTSTR) (SidAdmin);

    /*ea[1].grfAccessPermissions    = AccessPerms;
    ea[1].grfAccessMode            = AccessMode;
    ea[1].grfInheritance        = NO_INHERITANCE;
    ea[1].Trustee.TrusteeForm    = TRUSTEE_IS_NAME;
    ea[1].Trustee.ptstrName        = (LPTSTR) (CURRENT_USER);*/

    ea[1].grfAccessPermissions    = AccessPerms;
    ea[1].grfAccessMode            = AccessMode;
    ea[1].grfInheritance        = NO_INHERITANCE;
    ea[1].Trustee.TrusteeForm    = TRUSTEE_IS_NAME;
    ea[1].Trustee.TrusteeType    = TRUSTEE_IS_USER;
    ea[1].Trustee.ptstrName        = (LPTSTR) (StrTrustee);

    ea[2].grfAccessPermissions    = AccessPerms;
    ea[2].grfAccessMode            = AccessMode;
    ea[2].grfInheritance        = NO_INHERITANCE;
    ea[2].Trustee.TrusteeForm    = TRUSTEE_IS_NAME;
    ea[2].Trustee.TrusteeType    = TRUSTEE_IS_USER;
    ea[2].Trustee.ptstrName        = (LPTSTR) (UserName);

    Res = SetEntriesInAcl(3, ea, OldDACL, &NewDACL);
    if (Res != ERROR_SUCCESS)
    {
        cout <<"SetEntriesInAcl() failed: " <<GetLastError() <<endl;
        return FALSE;
    }

    Res = SetNamedSecurityInfo((LPTSTR) Object, ObjectType, DACL_SECURITY_INFORMATION, SidAdmin, NULL, NewDACL, NULL);
    if (Res != ERROR_SUCCESS)
    {
        cout <<"SetNamedSecurityInfo() failed: " <<GetLastError() <<endl;
        return FALSE;
    }

    LocalFree(SD);
    LocalFree(NewDACL);
    LocalFree(OldDACL);
    FreeSid(SidAdmin);

    return TRUE;
}
C/C++ Code:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
BOOL SetDACLForObject(const char* Object, SE_OBJECT_TYPE ObjectType, int AccessPerms, ACCESS_MODE AccessMode)
{
char StrTrustee[100] = "System";

char UserName[100];
DWORD SizeUserName = sizeof(UserName);
GetUserName(UserName, &SizeUserName);

DWORD Res = 0;
PACL NewDACL = NULL, OldDACL = NULL;
PSID SidAdmin = NULL;
PSECURITY_DESCRIPTOR SD = NULL;
SID_IDENTIFIER_AUTHORITY SIDAuthNT = SECURITY_NT_AUTHORITY;
EXPLICIT_ACCESS ea[3];

Res = GetNamedSecurityInfo((LPTSTR) Object, ObjectType, DACL_SECURITY_INFORMATION, NULL, NULL, &OldDACL, NULL, NULL);
if (Res != ERROR_SUCCESS)
{
cout <<"GetNamedSecurityInfo() failed: " <<GetLastError() <<endl;
return FALSE;
}

if (!AllocateAndInitializeSid(&SIDAuthNT, 2,
SECURITY_BUILTIN_DOMAIN_RID,
DOMAIN_ALIAS_RID_ADMINS, 0, 0, 0, 0,
0, 0, &SidAdmin))
{
cout <<"AllocateAndInitializeSid() failed: " <<GetLastError() <<endl;
return FALSE;
}

ZeroMemory(ea, 3 * sizeof(EXPLICIT_ACCESS));
ea[0].grfAccessPermissions = AccessPerms;
ea[0].grfAccessMode = AccessMode;
ea[0].grfInheritance = NO_INHERITANCE; //NO_INHERITANCE;
ea[0].Trustee.TrusteeForm = TRUSTEE_IS_SID;
ea[0].Trustee.TrusteeType = TRUSTEE_IS_GROUP;
ea[0].Trustee.ptstrName = (LPTSTR) (SidAdmin);

/*ea[1].grfAccessPermissions = AccessPerms;
ea[1].grfAccessMode = AccessMode;
ea[1].grfInheritance = NO_INHERITANCE;
ea[1].Trustee.TrusteeForm = TRUSTEE_IS_NAME;
ea[1].Trustee.ptstrName = (LPTSTR) (CURRENT_USER);*/

ea[1].grfAccessPermissions = AccessPerms;
ea[1].grfAccessMode = AccessMode;
ea[1].grfInheritance = NO_INHERITANCE;
ea[1].Trustee.TrusteeForm = TRUSTEE_IS_NAME;
ea[1].Trustee.TrusteeType = TRUSTEE_IS_USER;
ea[1].Trustee.ptstrName = (LPTSTR) (StrTrustee);

ea[2].grfAccessPermissions = AccessPerms;
ea[2].grfAccessMode = AccessMode;
ea[2].grfInheritance = NO_INHERITANCE;
ea[2].Trustee.TrusteeForm = TRUSTEE_IS_NAME;
ea[2].Trustee.TrusteeType = TRUSTEE_IS_USER;
ea[2].Trustee.ptstrName = (LPTSTR) (UserName);

Res = SetEntriesInAcl(3, ea, OldDACL, &NewDACL);
if (Res != ERROR_SUCCESS)
{
cout <<"SetEntriesInAcl() failed: " <<GetLastError() <<endl;
return FALSE;
}

Res = SetNamedSecurityInfo((LPTSTR) Object, ObjectType, DACL_SECURITY_INFORMATION, SidAdmin, NULL, NewDACL, NULL);
if (Res != ERROR_SUCCESS)
{
cout <<"SetNamedSecurityInfo() failed: " <<GetLastError() <<endl;
return FALSE;
}

LocalFree(SD);
LocalFree(NewDACL);
LocalFree(OldDACL);
FreeSid(SidAdmin);

return TRUE;
}
C/C++ Code:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
BOOL SetDACLForObject(const char* Object, SE_OBJECT_TYPE ObjectType, int AccessPerms, ACCESS_MODE AccessMode)
{
    char StrTrustee[100] = "System";
   
    char UserName[100];
    DWORD SizeUserName = sizeof(UserName);
    GetUserName(UserName, &SizeUserName);

    DWORD Res = 0;
    PACL NewDACL = NULL, OldDACL = NULL;
    PSID SidAdmin = NULL;
    PSECURITY_DESCRIPTOR SD = NULL;
    SID_IDENTIFIER_AUTHORITY SIDAuthNT = SECURITY_NT_AUTHORITY;
    EXPLICIT_ACCESS ea[3];

    Res = GetNamedSecurityInfo((LPTSTR) Object, ObjectType, DACL_SECURITY_INFORMATION, NULL, NULL, &OldDACL, NULL, NULL);
    if (Res != ERROR_SUCCESS)
    {
        cout <<"GetNamedSecurityInfo() failed: " <<GetLastError() <<endl;
        return FALSE;
    }

    if (!AllocateAndInitializeSid(&SIDAuthNT, 2,
        SECURITY_BUILTIN_DOMAIN_RID,
        DOMAIN_ALIAS_RID_ADMINS, 0, 0, 0, 0,
        0, 0, &SidAdmin))
    {
        cout <<"AllocateAndInitializeSid() failed: " <<GetLastError() <<endl;
        return FALSE;
    }

    ZeroMemory(ea, 3 * sizeof(EXPLICIT_ACCESS));
    ea[0].grfAccessPermissions    = AccessPerms;
    ea[0].grfAccessMode            = AccessMode;
    ea[0].grfInheritance        = NO_INHERITANCE; //NO_INHERITANCE;
    ea[0].Trustee.TrusteeForm    = TRUSTEE_IS_SID;
    ea[0].Trustee.TrusteeType    = TRUSTEE_IS_GROUP;
    ea[0].Trustee.ptstrName        = (LPTSTR) (SidAdmin);

    /*ea[1].grfAccessPermissions    = AccessPerms;
    ea[1].grfAccessMode            = AccessMode;
    ea[1].grfInheritance        = NO_INHERITANCE;
    ea[1].Trustee.TrusteeForm    = TRUSTEE_IS_NAME;
    ea[1].Trustee.ptstrName        = (LPTSTR) (CURRENT_USER);*/

    ea[1].grfAccessPermissions    = AccessPerms;
    ea[1].grfAccessMode            = AccessMode;
    ea[1].grfInheritance        = NO_INHERITANCE;
    ea[1].Trustee.TrusteeForm    = TRUSTEE_IS_NAME;
    ea[1].Trustee.TrusteeType    = TRUSTEE_IS_USER;
    ea[1].Trustee.ptstrName        = (LPTSTR) (StrTrustee);

    ea[2].grfAccessPermissions    = AccessPerms;
    ea[2].grfAccessMode            = AccessMode;
    ea[2].grfInheritance        = NO_INHERITANCE;
    ea[2].Trustee.TrusteeForm    = TRUSTEE_IS_NAME;
    ea[2].Trustee.TrusteeType    = TRUSTEE_IS_USER;
    ea[2].Trustee.ptstrName        = (LPTSTR) (UserName);

    Res = SetEntriesInAcl(3, ea, OldDACL, &NewDACL);
    if (Res != ERROR_SUCCESS)
    {
        cout <<"SetEntriesInAcl() failed: " <<GetLastError() <<endl;
        return FALSE;
    }

    Res = SetNamedSecurityInfo((LPTSTR) Object, ObjectType, DACL_SECURITY_INFORMATION, SidAdmin, NULL, NewDACL, NULL);
    if (Res != ERROR_SUCCESS)
    {
        cout <<"SetNamedSecurityInfo() failed: " <<GetLastError() <<endl;
        return FALSE;
    }

    LocalFree(SD);
    LocalFree(NewDACL);
    LocalFree(OldDACL);
    FreeSid(SidAdmin);

    return TRUE;
}


Trotzdem habe ich das selbe Problem...
der besitzer
Unregistrierter
Beitrag der besitzer Unregistrierter 02:38:12 30.01.2012   Titel:              Zitieren
Du darfst die übergeordneten Objekte eben nicht vererben!
SeekingForTheAnswer
Unregistrierter
Beitrag SeekingForTheAnswer Unregistrierter 13:40:56 30.01.2012   Titel:              Zitieren
Sorry, aber ich kapiers nicht. Zeig einfach mal genauer wo ich den Fehler mache.
SeekingForTheAnswer
Unregistrierter
Beitrag SeekingForTheAnswer Unregistrierter 10:25:44 31.01.2012   Titel:              Zitieren
Also, man kann ja die bisherige Vererbung garnicht aufheben:

Martin Richter schrieb:
Du kannst so die Vererbung nicht aufheben. Du musst dazu die Rechte "kopieren". So macht es der Explorer auch.

Also bisherige DACL holen, evtl. Änderungen machen und neu setzen.


(aus http://www.c-plusplus.de/forum/p2172437)

Genau das mache ich doch, hier bestätigt mich auch dieser MSDN Artikel: http://msdn.microsoft.com/en-us/library/windows/desktop/aa379283%28v=vs.85%29.aspx .
C/C++ Forum :: WinAPI ::  DACL für Datei setzen funktioniert nicht   Auf Beitrag antworten

Zeige alle Beiträge auf einer Seite




Nächstes Thema anzeigen
Vorheriges Thema anzeigen
Sie können Beiträge in dieses Forum schreiben.
Sie können auf Beiträge in diesem Forum antworten.
Sie können Ihre Beiträge in diesem Forum nicht bearbeiten.
Sie können Ihre Beiträge in diesem Forum nicht löschen.
Sie können an Umfragen in diesem Forum nicht mitmachen.

Powered by phpBB © 2001, 2002 phpBB Group :: FI Theme

c++.de ist Teilnehmer des Partnerprogramms von Amazon Europe S.à.r.l. und Partner des Werbeprogramms, das zur Bereitstellung eines Mediums für Websites konzipiert wurde, mittels dessen durch die Platzierung von Werbeanzeigen und Links zu amazon.de Werbekostenerstattung verdient werden kann.

Die Vervielfältigung der auf den Seiten www.c-plusplus.de, www.c-plusplus.info, www.c-sar.de, www.c-plusplus.net und www.baeckmann.de enthaltenen Informationen ohne eine schriftliche Genehmigung des Seitenbetreibers ist untersagt (vgl. §4 Urheberrechtsgesetz). Die Nutzung und Änderung der vorgestellten Strukturen und Verfahren in privaten und kommerziellen Softwareanwendungen ist ausdrücklich erlaubt, soweit keine Rechte Dritter verletzt werden. Der Seitenbetreiber übernimmt keine Gewähr für die Funktion einzelner Beiträge oder Programmfragmente, insbesondere übernimmt er keine Haftung für eventuelle aus dem Gebrauch entstehenden Folgeschäden.