.


:




:

































 

 

 

 


ACL




, ACL, ACL ACL. . 15.1.

ACL. ACL , . , ACL; .

BOOL InitializeAcl(PACL pAcl, DWORD cbAcl, DWORD dwAclRevision)

pAcl cbAcl . 15.4 , ACL, 1 . dwAclRevision ACL_REVISION.

, AddAccessAllowedAce AddAccessDeniedAce.

BOOL AddAccessAllowedAce(PACL pAcl, DWORD dwAclRevision DWORD dwAccessMask, PSID pSid)

BOOL AddAccessDeniedAce(PACL pAcl, DWORD dwAclRevision, DWORD dwAccessMask, PSID pSid)

pAcl ACL, InitializeACL, dwAclRevision ACL_REVISION. pSid SID, , LookupAccountName.

, , SID, (dwAccessMask).

, ACL . ACL SetSecurityDescriptorDacl.

BOOL SetSecurityDescriptorDacl(PSECURITY_DESCRIPTOR pSecurityDescriptor, BOOL bDaclPresent, PACL pAcl, BOOL fDaclDefaulted)

bDaclPresent, TRUE, , pAcl ACL. FALSE, , pAcl fDaclDefaulted, . SE_DACL_PRESENT SECURITY_DESCRIPTOR_CONTROL .

FALSE fDaclDefaulted , ACL . ACL , , , ; , , ACL, TRUE. SE_DACL_PRESENT SECURITY_DESCRIPTOR_CONTROL .

, ACL; . .

: UNIX NTFS

, UNIX, Windows, , UNIX. , , (owner), (group) (everyone). .

1. chmodW UNIX- chmod. , , , .

2. lsFP lsW ( 3.2). , - , ACL, chmodW.

15.1 15.2. 15.3, 15.4 15.5 .

1. InitializeUnixSA, , UNIX. , , , ( 6), ( 11) ( 8).

2. ReadFilePermissions.

3. ChangeFilePermissions.

, Web- . AllowedAceMasks DeniedAceMasks, .

DeniedAceMasks SYNCHRONIZE, SYNCHRONIZE FILE_GENERIC_READ, FILE_GENERIC_WRITE FILE_GENERIC_EXECUTE, (. WINNT.H). , Web-. , , ; , .

15.1. chmodW:

/* 15. chmodW. */

/* chmodW [] [].

.

:

-f .

, . . */

/* NTFS Windows NT ( Windows 9x ). */

 

#include "EvryThng.h"

 

int _tmain(int argc, LPTSTR argv[]) {

HANDLE hFile, hSecHeap;

BOOL Force, CreateNew, Change, Exists;

DWORD Mode, DecMode, UsrCnt = ACCT_NAME_SIZE;

TCHAR UsrNam[ACCT_NAME_SIZE];

int FileIndex, GrpIndex, ModeIndex;

/* , , UNIX. */

/* . */

/*: , Web-, */

/* .*/

DWORD AceMasks[] = {

FILE_GENERIC_READ, FILE_GENERIC_WRITE, FILE_GENERIC_EXECUTE

};

LPSECURITY_ATTRIBUTES pSa = NULL;

ModeIndex = Options(argc, argv, _T("fc"), &Force, &CreateNew, NULL);

GrpIndex = ModeIndex + 2;

FileIndex = ModeIndex + 1;

DecMode = _ttoi(argv[ModeIndex]);

/* . */

Mode = ((DecMode / 100) % 10) * 64 /* .*/

+ ((DecMode / 10) % 10) * 8 + (DecMode % 10);

Exists = (_taccess(argv[FileIndex], 0) == 0);

if (!Exists && CreateNew) {

/* ; . */

GetUserName(UsrNam, &UsrCnt);

pSa = InitializeUnixSA(Mode, UsrNam, argv[GrpIndex], AceMasks, &hSecHeap);

hFile = CreateFile(argv[FileIndex], 0, 0, pSa, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL);

CloseHandle(hFile);

HeapDestroy(hSecHeap); /* , . */

}

else if (Exists) { /* ; . */

Change = ChangeFilePermissions(Mode, argv[FileIndex], AceMasks);

}

return 0;

}

15.2 lsFP, , Process Item.

15.2. lsFP:

static BOOL ProcessItem(LPWIN32_FIND_DATA pFileData, DWORD NumFlags, LPBOOL Flags)

/* . */

/* NTFS Windows NT ( Windows 9x ). */

{

DWORD FType = FileType(pFileData), Mode, i;

BOOL Long = Flags[1];

TCHAR GrpNam[ACCT_NAME_SIZE], UsrNam[ACCT_NAME_SIZE];

SYSTEMTIME LastWrite;

TCHAR PermString[] = _T("---------");

const TCHAR RWX[] = {'r','w','x'}, FileTypeChar[] = {' ', 'd'};

if (FType!= TYPE_FILE && FType!= TYPE_DIR) return FALSE;

_tprintf(_T("\n"));

if (Long) {

Mode = ReadFilePermissions(pFileData->cFileName, UsrNam, GrpNam);

if (Mode == 0xFFFFFFFF) Mode = 0;

for (i = 0; i < 9; i++) {

if (Mode >> (8 i) & 0x1) PermString[i] = RWX[i % 3];

}

_tprintf(_T("%c%s 18.7s %8.7s%10d"), FileTypeChar[FType 1], PermString, UsrNam, GrpNam, pFileData->nFileSizeLow);

FileTimeToSystemTime(&(pFileData->ftLastWriteTime), &LastWrite);

_tprintf(_T(" %02d/%02d/%04d %02d:%02d:%02d"), LastWrite.wMonth, LastWrite.wDay, LastWrite.wYear, LastWrite.wHour, LastWrite.wMinute, LastWrite.wSecond);

}

_tprintf(_T(" %s"), pFileData->cFileName);

return TRUE;

}

.

:

15.3 InitializeUnixSA. , ACL , UNIX. , , (owner), (group) (everyone). , ; AceMasks 15.1.

15.3. InitUnFp:

/* UNIX , SECURITY_ATTRIBUTES. */

 

#include "EvryThng.h"

#define ACL_SIZE 1024

#define INIT_EXCEPTION 0x3

#define CHANGE_EXCEPTION 0x4

#define SID_SIZE LUSIZE

#define DOM_SIZE LUSIZE

 

LPSECURITY_ATTRIBUTES InitializeUnixSA(DWORD UnixPerms, LPCTSTR UsrNam, LPCTSTR GrpNam, LPDWORD AceMasks, LPHANDLE pHeap) {

HANDLE SAHeap = HeapCreate(HEAP_GENERATE_EXCEPTIONS, 0, 0);

LPSECURITY_ATTRIBUTES pSA = NULL;

PSECURITY_DESCRIPTOR pSD = NULL;

PACL pAcl = NULL;

BOOL Success;

DWORD iBit, iSid, UsrCnt = ACCT_NAME_SIZE;

/* (User), (Group) (Everyone), SID LookupAccountName SID. */

LPCTSTR pGrpNms[3] = {EMPTY, EMPTY, _T("Everyone")};

PSID pSidTable[3] = {NULL, NULL, NULL};

SID_NAME_USE sNamUse[3] = {SidTypeUser, SidTypeGroup, SidTypeWellKnownGroup};

TCHAR RefDomain[3][DOM_SIZE];

DWORD RefDomCnt[3] = {DOM_SIZE, DOM_SIZE, DOM_SIZE};

DWORD SidCnt[3] = {SID_SIZE, SID_SIZE, SID_SIZE};

__try { /* try-except . */

* = SAHeap;

pSA = HeapAlloc(SAHeap, 0, sizeof (SECURITY_ATTRIBUTES));

pSA->nLength = sizeof(SECURITY_ATTRIBUTES);

pSA->bInheritHandle = FALSE;

/* . */

pSD = HeapAlloc(SAHeap, 0, sizeof(SECURITY_DESCRIPTOR));

pSA->lpSecurityDescriptor = pSD;

InitializeSecurityDescriptor(pSD, SECURITY DESCRIPTOR REVISION);

/* SID , .

* Web-. */

pGrpNms[0] = UsrNam;

pGrpNms[1] = GrpNam;

for (iSid = 0; iSid < 3; iSid++) {

pSidTable[iSid] = HeapAlloc(SAHeap, 0, SID_SIZE);

LookupAccountName(NULL, pGrpNms[iSid], pSidTable[iSid], &SidCnt[iSid], RefDomain[iSid], &RefDomCnt[iSid], &sNamUse[iSid]);

}

SetSecurityDescriptorOwner(pSD, pSidTable[0], FALSE);

SetSecurityDescriptorGroup(pSD, pSidTable[1], FALSE);

pAcl = HeapAlloc(ProcHeap, HEAP_GENERATE_EXCEPTIONS, ACL_SIZE);

InitializeAcl(pAcl, ACL_SIZE, ACL_REVISION);

/* , . */

for (iBit = 0; iBit < 9; iBit++) {

if ((UnixPerms >> (8 iBit) & 0x1)!= 0 && AceMasks[iBit%3]!= 0) AddAccessAllowedAce(pAcl, ACL_REVISION, AceMasks [iBit%3], pSidTable [iBit/3]);

else if (AceMasks[iBit%3]!= 0) AddAccessDeniedAce(pAcl, ACL_REVISION, AceMasks [iBit%3], pSidTable [iBit/3]);

}

/* "". */

Success = Success && AddAccessDeniedAce(pAcl, ACL_REVISION, STANDARD_RIGHTS_ALL | SPECIFIC_RIGHTS_ALL, pSidTable[2]);

/* ACL . */

SetSecurityDescriptorDacl(pSD, TRUE, pAcl, FALSE);

return pSA;

} /* try-except. */

__except(EXCEPTION_EXECUTE_HANDLER) { /* . */

if (SAHeap!= NULL) HeapDestroy(SAHeap);

pSA = NULL;

}

return pSA;

}





:


: 2015-09-20; !; : 1029 |


:

:

,
==> ...

1000 - | 947 -


© 2015-2024 lektsii.org - -

: 0.033 .