, ACL, ACL ACL. . 15.1.
ACL. ACL , . , ACL; .
BOOL InitializeAcl(PACL pAcl, DWORD cbAcl, DWORD dwAclRevision)
pAcl cbAcl . 15.4 , ACL, 1 . dwAclRevision ACL_REVISION.
, AddAccessAllowedAce AddAccessDeniedAce.
BOOL AddAccessAllowedAce(PACL pAcl, DWORD dwAclRevision DWORD dwAccessMask, PSID pSid)
BOOL AddAccessDeniedAce(PACL pAcl, DWORD dwAclRevision, DWORD dwAccessMask, PSID pSid)
pAcl ACL, InitializeACL, dwAclRevision ACL_REVISION. pSid SID, , LookupAccountName.
, , SID, (dwAccessMask).
, ACL . ACL SetSecurityDescriptorDacl.
BOOL SetSecurityDescriptorDacl(PSECURITY_DESCRIPTOR pSecurityDescriptor, BOOL bDaclPresent, PACL pAcl, BOOL fDaclDefaulted)
bDaclPresent, TRUE, , pAcl ACL. FALSE, , pAcl fDaclDefaulted, . SE_DACL_PRESENT SECURITY_DESCRIPTOR_CONTROL .
FALSE fDaclDefaulted , ACL . ACL , , , ; , , ACL, TRUE. SE_DACL_PRESENT SECURITY_DESCRIPTOR_CONTROL .
, ACL; . .
: UNIX NTFS
, UNIX, Windows, , UNIX. , , (owner), (group) (everyone). .
|
|
1. chmodW UNIX- chmod. , , , .
2. lsFP lsW ( 3.2). , - , ACL, chmodW.
15.1 15.2. 15.3, 15.4 15.5 .
1. InitializeUnixSA, , UNIX. , , , ( 6), ( 11) ( 8).
2. ReadFilePermissions.
3. ChangeFilePermissions.
, Web- . AllowedAceMasks DeniedAceMasks, .
DeniedAceMasks SYNCHRONIZE, SYNCHRONIZE FILE_GENERIC_READ, FILE_GENERIC_WRITE FILE_GENERIC_EXECUTE, (. WINNT.H). , Web-. , , ; , .
15.1. chmodW:
/* 15. chmodW. */
/* chmodW [] [].
.
:
-f .
, . . */
/* NTFS Windows NT ( Windows 9x ). */
#include "EvryThng.h"
int _tmain(int argc, LPTSTR argv[]) {
HANDLE hFile, hSecHeap;
BOOL Force, CreateNew, Change, Exists;
DWORD Mode, DecMode, UsrCnt = ACCT_NAME_SIZE;
TCHAR UsrNam[ACCT_NAME_SIZE];
int FileIndex, GrpIndex, ModeIndex;
/* , , UNIX. */
/* . */
/*: , Web-, */
/* .*/
DWORD AceMasks[] = {
FILE_GENERIC_READ, FILE_GENERIC_WRITE, FILE_GENERIC_EXECUTE
|
|
};
LPSECURITY_ATTRIBUTES pSa = NULL;
ModeIndex = Options(argc, argv, _T("fc"), &Force, &CreateNew, NULL);
GrpIndex = ModeIndex + 2;
FileIndex = ModeIndex + 1;
DecMode = _ttoi(argv[ModeIndex]);
/* . */
Mode = ((DecMode / 100) % 10) * 64 /* .*/
+ ((DecMode / 10) % 10) * 8 + (DecMode % 10);
Exists = (_taccess(argv[FileIndex], 0) == 0);
if (!Exists && CreateNew) {
/* ; . */
GetUserName(UsrNam, &UsrCnt);
pSa = InitializeUnixSA(Mode, UsrNam, argv[GrpIndex], AceMasks, &hSecHeap);
hFile = CreateFile(argv[FileIndex], 0, 0, pSa, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL);
CloseHandle(hFile);
HeapDestroy(hSecHeap); /* , . */
}
else if (Exists) { /* ; . */
Change = ChangeFilePermissions(Mode, argv[FileIndex], AceMasks);
}
return 0;
}
15.2 lsFP, , Process Item.
15.2. lsFP:
static BOOL ProcessItem(LPWIN32_FIND_DATA pFileData, DWORD NumFlags, LPBOOL Flags)
/* . */
/* NTFS Windows NT ( Windows 9x ). */
{
DWORD FType = FileType(pFileData), Mode, i;
BOOL Long = Flags[1];
TCHAR GrpNam[ACCT_NAME_SIZE], UsrNam[ACCT_NAME_SIZE];
SYSTEMTIME LastWrite;
TCHAR PermString[] = _T("---------");
const TCHAR RWX[] = {'r','w','x'}, FileTypeChar[] = {' ', 'd'};
if (FType!= TYPE_FILE && FType!= TYPE_DIR) return FALSE;
_tprintf(_T("\n"));
if (Long) {
Mode = ReadFilePermissions(pFileData->cFileName, UsrNam, GrpNam);
if (Mode == 0xFFFFFFFF) Mode = 0;
for (i = 0; i < 9; i++) {
if (Mode >> (8 i) & 0x1) PermString[i] = RWX[i % 3];
}
_tprintf(_T("%c%s 18.7s %8.7s%10d"), FileTypeChar[FType 1], PermString, UsrNam, GrpNam, pFileData->nFileSizeLow);
FileTimeToSystemTime(&(pFileData->ftLastWriteTime), &LastWrite);
_tprintf(_T(" %02d/%02d/%04d %02d:%02d:%02d"), LastWrite.wMonth, LastWrite.wDay, LastWrite.wYear, LastWrite.wHour, LastWrite.wMinute, LastWrite.wSecond);
}
_tprintf(_T(" %s"), pFileData->cFileName);
return TRUE;
}
.
:
15.3 InitializeUnixSA. , ACL , UNIX. , , (owner), (group) (everyone). , ; AceMasks 15.1.
15.3. InitUnFp:
/* UNIX , SECURITY_ATTRIBUTES. */
#include "EvryThng.h"
#define ACL_SIZE 1024
#define INIT_EXCEPTION 0x3
#define CHANGE_EXCEPTION 0x4
#define SID_SIZE LUSIZE
#define DOM_SIZE LUSIZE
LPSECURITY_ATTRIBUTES InitializeUnixSA(DWORD UnixPerms, LPCTSTR UsrNam, LPCTSTR GrpNam, LPDWORD AceMasks, LPHANDLE pHeap) {
HANDLE SAHeap = HeapCreate(HEAP_GENERATE_EXCEPTIONS, 0, 0);
LPSECURITY_ATTRIBUTES pSA = NULL;
PSECURITY_DESCRIPTOR pSD = NULL;
PACL pAcl = NULL;
BOOL Success;
DWORD iBit, iSid, UsrCnt = ACCT_NAME_SIZE;
/* (User), (Group) (Everyone), SID LookupAccountName SID. */
|
|
LPCTSTR pGrpNms[3] = {EMPTY, EMPTY, _T("Everyone")};
PSID pSidTable[3] = {NULL, NULL, NULL};
SID_NAME_USE sNamUse[3] = {SidTypeUser, SidTypeGroup, SidTypeWellKnownGroup};
TCHAR RefDomain[3][DOM_SIZE];
DWORD RefDomCnt[3] = {DOM_SIZE, DOM_SIZE, DOM_SIZE};
DWORD SidCnt[3] = {SID_SIZE, SID_SIZE, SID_SIZE};
__try { /* try-except . */
* = SAHeap;
pSA = HeapAlloc(SAHeap, 0, sizeof (SECURITY_ATTRIBUTES));
pSA->nLength = sizeof(SECURITY_ATTRIBUTES);
pSA->bInheritHandle = FALSE;
/* . */
pSD = HeapAlloc(SAHeap, 0, sizeof(SECURITY_DESCRIPTOR));
pSA->lpSecurityDescriptor = pSD;
InitializeSecurityDescriptor(pSD, SECURITY DESCRIPTOR REVISION);
/* SID , .
* Web-. */
pGrpNms[0] = UsrNam;
pGrpNms[1] = GrpNam;
for (iSid = 0; iSid < 3; iSid++) {
pSidTable[iSid] = HeapAlloc(SAHeap, 0, SID_SIZE);
LookupAccountName(NULL, pGrpNms[iSid], pSidTable[iSid], &SidCnt[iSid], RefDomain[iSid], &RefDomCnt[iSid], &sNamUse[iSid]);
}
SetSecurityDescriptorOwner(pSD, pSidTable[0], FALSE);
SetSecurityDescriptorGroup(pSD, pSidTable[1], FALSE);
pAcl = HeapAlloc(ProcHeap, HEAP_GENERATE_EXCEPTIONS, ACL_SIZE);
InitializeAcl(pAcl, ACL_SIZE, ACL_REVISION);
/* , . */
for (iBit = 0; iBit < 9; iBit++) {
if ((UnixPerms >> (8 iBit) & 0x1)!= 0 && AceMasks[iBit%3]!= 0) AddAccessAllowedAce(pAcl, ACL_REVISION, AceMasks [iBit%3], pSidTable [iBit/3]);
else if (AceMasks[iBit%3]!= 0) AddAccessDeniedAce(pAcl, ACL_REVISION, AceMasks [iBit%3], pSidTable [iBit/3]);
}
/* "". */
Success = Success && AddAccessDeniedAce(pAcl, ACL_REVISION, STANDARD_RIGHTS_ALL | SPECIFIC_RIGHTS_ALL, pSidTable[2]);
/* ACL . */
SetSecurityDescriptorDacl(pSD, TRUE, pAcl, FALSE);
return pSA;
} /* try-except. */
__except(EXCEPTION_EXECUTE_HANDLER) { /* . */
if (SAHeap!= NULL) HeapDestroy(SAHeap);
pSA = NULL;
}
return pSA;
}