zoukankan      html  css  js  c++  java

  • Windows Internals 6th Security

    访问权限(Access Right)和访问掩码(Access Mask):

    访问权限是一个位标志(bit flag),表示线程可对对象所作的某一个操作,比如:KEY_SET_VALUE访问权限,表明线程可以在某个key下面set value。

    访问掩码是一个32位的值,对应于一个对象所支持的所有访问权限。

    typedef DWORD ACCESS_MASK;

    访问掩码主要可分为4部分:

    格式如下:

    Access mask format

    

    


    BitsMeaning
    

    


    0–15
    
    		


    Specific rights. Contains the access mask specific to the object type associated with the mask.
    
    		

    

    


    16–23
    
    		


    Standard rights. Contains the object's standard access rights.
    
    		

    

    


    24
    
    		


    Access system security (ACCESS_SYSTEM_SECURITY). It is used to indicate access to a system access control list (SACL). This type of access requires the calling process to have the SE_SECURITY_NAME (Manage auditing and security log) privilege. If this flag is set in the access mask of an audit access ACE (successful or unsuccessful access), the SACL access will be audited.
    
    		

    

    


    25
    
    		


    Maximum allowed (MAXIMUM_ALLOWED).
    
    		

    

    


    26–27
    
    		


    Reserved.
    
    		

    

    


    28
    
    		


    Generic all (GENERIC_ALL).
    
    		

    

    


    29
    
    		


    Generic execute (GENERIC_EXECUTE).
    
    		

    

    


    30
    
    		


    Generic write (GENERIC_WRITE).
    
    		

    

    


    31
    
    		


    Generic read (GENERIC_READ).
    
    		

    
    

    

    Standard rights bits, 16 to 23, contain the object's standard access rights and can be a combination of the following predefined flags.
    

    


    BitFlagMeaning
    

    


    16
    
    		


    DELETE
    
    		


    Delete access.
    
    		

    

    


    17
    
    		


    READ_CONTROL
    
    		


    Read access to the owner, group, and discretionary access control list (DACL) of the security descriptor.
    
    		

    

    


    18
    
    		


    WRITE_DAC
    
    		


    Write access to the DACL.
    
    		

    

    


    19
    
    		


    WRITE_OWNER
    
    		


    Write access to owner.
    
    		

    

    


    20
    
    		


    SYNCHRONIZE
    
    		


    Synchronize access.
    
    		

    
    

    

    标准访问权限(共有5个)适用于所有对象。对象特定访问权限(最多有16个)由每种对象自己定义。通用访问权限(共有4个),是标准访问权限和对象特定访问权限的掩码,每种对象都要自定义通用访问权限到标准访问权限/对象特定访问权限的映射(GENERIC_MAPPING)。
    

    例如:文件的GENERIC_READ被映射为:
    

    标准访问权限的READ_CONTROL和SYNCHRONIZE
    

    对象特定访问权限的FILE_READ_DATA, FILE_READ_EA, 和FILE_READ_ATTRIBUTES
    


    通用访问权限主要为了方便用户,用户可以直接要求通用访问权限而不用关心标准访问权限和对象特定访问权限,使用通用访问权限更简单。
    

    http://msdn.microsoft.com/en-us/library/windows/hardware/ff566424%28v=vs.85%29.aspx
    

    列出了文件对象的object specific 访问权限和generic访问权限到standard访问权限和object specific访问权限的映射。
    

    http://msdn.microsoft.com/en-us/library/windows/hardware/ms724878%28v=vs.85%29.aspx
    

    注册表的。
    

    
    
                
    
                
              
    • 
              
    
              
  • 

                相关阅读:
    
                
                  template.js简单入门
                    
    Tortoisegit和GitHub使用入门
                    
    自定义Http请求头并且获取
                    
    Dapper基础入门
                    
    StackExchange.Redis在net中使用
                    
    领域驱动设计(DDD)
                    
    Java动态代理机制详解(JDK 和CGLIB,Javassist,ASM) AspectJ
                    
    重构流程
                    
    性能优化方法论举例(***)
                    
    线上紧急问题,如宕机、卡顿、bug等,如何快速反应和解决,具体解决方案
                    
                        
              
    • 
              
    
              
  • 
                原文地址:https://www.cnblogs.com/littledot/p/3484876.html
              
    • 

            

          



          
          

            

            

          

        

      

      



      

      

        

          Copyright © 2011-2022 走看看