zoukankan      html  css  js  c++  java
  • 转载:c++修改文件(夹)的用户访问权限程序代码

    一般Windows下的系统文件(夹)只让受限帐户读取而不让写入和修改。如果要开启写操作权限就需要手动修改文件(夹)的用户帐户安全权限(这操作当然要在管理员帐户下执行).以下用程序封装了一下该操作:

      先来个API版本:

      //

      // 启用某个账户对某个文件(夹)的所有操作权限

      // pszPath: 文件(夹)路径

      // pszAccount: 账户名称

      //

      BOOL  EnableFileAccountPrivilege (PCTSTR pszPath, PCTSTR pszAccount)

      {

      BOOL bSuccess = TRUE;

      PACL pNewDacl = NULL, pOldDacl = NULL;

      EXPLICIT_ACCESS ea;

      do

      {

      // 获取文件(夹)安全对象的DACL列表

      if (ERROR_SUCCESS != ::GetNamedSecurityInfo ((LPTSTR)pszPath, SE_FILE_OBJECT, DACL_SECURITY_INFORMATION, NULL, NULL, &pOldDacl, NULL, NULL))

      {

      bSuccess  =  FALSE;

      break;

      }

      // 此处不可直接用AddAccessAllowedAce函数,因为已有的DACL长度是固定,必须重新创建一个DACL对象

      // 生成指定用户帐户的访问控制信息(这里指定赋予全部的访问权限)

      ::BuildExplicitAccessWithName (&ea, (LPTSTR)pszAccount, GENERIC_ALL, GRANT_ACCESS, SUB_CONTAINERS_AND_OBJECTS_INHERIT);

      // 创建新的ACL对象(合并已有的ACL对象和刚生成的用户帐户访问控制信息)

      if (ERROR_SUCCESS != ::SetEntriesInAcl(1, &ea, pOldDacl, &pNewDacl))

      {

      bSuccess   =  FALSE;

      break;

      }[next]

      // 设置文件(夹)安全对象的DACL列表

      if (ERROR_SUCCESS != ::SetNamedSecurityInfo ((LPTSTR)pszPath, SE_FILE_OBJECT, DACL_SECURITY_INFORMATION, NULL, NULL, pNewDacl, NULL))

      {

      bSuccess   =  FALSE;

      }

      } while (FALSE);

      // 释放资源

      if (pNewDacl != NULL)

      ::LocalFree(pNewDacl);

      return bSuccess;

      }ATL封装了安全操作函数,用ATL来写就简单多了: //

      // 启用某个账户对某个文件(夹)的所有操作权限(ATL版本)

      // pszPath: 文件(夹)路径

      // pszAccount: 账户名称

      //

      BOOL  AtlEnableFileAccountPrivilege (PCTSTR pszPath, PCTSTR pszAccount)

      {

      CDacl  dacl;

      CSid   sid;

      // 获取用户帐户标志符

      if (!sid.LoadAccount (pszAccount))

      {

      return FALSE;

      }

      // 获取文件(夹)的DACL

      if (!AtlGetDacl (pszPath, SE_FILE_OBJECT, &dacl))

      {

      return FALSE;

      }

      // 在DACL中添加新的ACE项

      dacl.AddAllowedAce (sid, GENERIC_ALL);

      // 设置文件(夹)的DACL

      return AtlSetDacl (pszPath, SE_FILE_OBJECT, dacl) ? TRUE : FALSE;

      }

    来源:http://www.uniuc.com/computer/show-6322-1.html\\\



    通过程序对文件夹的访问权限进行控制。
    BOOL   My_SetFolderSecurity(WCHAR*   szPath)
    {
    SID_IDENTIFIER_AUTHORITY   sia   =   SECURITY_NT_AUTHORITY;
    PSID   pSidSystem   =   NULL;
    PSID   pSidAdmins   =   NULL;
    PSID   pSidWorld   =   NULL;
    PACL   pDacl   =   NULL;
    EXPLICIT_ACCESS   ea[4];
    SECURITY_DESCRIPTOR   SecDesc;

    ULONG   lRes   =   ERROR_SUCCESS;

    __try
    {
    //   create   SYSTEM   SID
    if   (!AllocateAndInitializeSid(&sia,   1,   SECURITY_LOCAL_SYSTEM_RID,
    0,   0,   0,   0,   0,   0,   0,   &pSidSystem))
    {
    lRes   =   GetLastError();
    __leave;
    }

    //   create   Local   Administrators   alias   SID
    if   (!AllocateAndInitializeSid(&sia,   2,   SECURITY_BUILTIN_DOMAIN_RID,
    DOMAIN_ALIAS_RID_ADMINS,   0,   0,   0,   0,  
    0,   0,   &pSidAdmins))
    {
    lRes   =   GetLastError();
    __leave;
    }


    //   create   Authenticated   users   well-known   group   SID
    if   (!AllocateAndInitializeSid(&sia,   1,   SECURITY_AUTHENTICATED_USER_RID,
    0,   0,   0,   0,   0,   0,   0,   &pSidWorld))
    {
    lRes   =   GetLastError();
    __leave;
    }

    //   fill   an   entry   for   the   SYSTEM   account
    ea[0].grfAccessMode   =   GRANT_ACCESS;
    ea[0].grfAccessPermissions   =   FILE_ALL_ACCESS;
    ea[0].grfInheritance   =   OBJECT_INHERIT_ACE|CONTAINER_INHERIT_ACE;
    ea[0].Trustee.MultipleTrusteeOperation   =   NO_MULTIPLE_TRUSTEE;
    ea[0].Trustee.pMultipleTrustee   =   NULL;
    ea[0].Trustee.TrusteeForm   =   TRUSTEE_IS_SID;
    ea[0].Trustee.TrusteeType   =   TRUSTEE_IS_WELL_KNOWN_GROUP;
    ea[0].Trustee.ptstrName   =   (LPTSTR)pSidSystem;

    //   fill   an   entry   entries   for   the   Administrators   alias
    ea[1].grfAccessMode   =   GRANT_ACCESS;
    ea[1].grfAccessPermissions   =   FILE_ALL_ACCESS;
    ea[1].grfInheritance   =   OBJECT_INHERIT_ACE|CONTAINER_INHERIT_ACE;
    ea[1].Trustee.MultipleTrusteeOperation   =   NO_MULTIPLE_TRUSTEE;
    ea[1].Trustee.pMultipleTrustee   =   NULL;
    ea[1].Trustee.TrusteeForm   =   TRUSTEE_IS_SID;
    ea[1].Trustee.TrusteeType   =   TRUSTEE_IS_ALIAS;
    ea[1].Trustee.ptstrName   =   (LPTSTR)pSidAdmins;

    //   fill   an   entry   for   the   Authenticated   users   well-known   group
    ea[2].grfAccessMode   =   GRANT_ACCESS;
    ea[2].grfAccessPermissions   =   FILE_GENERIC_READ|FILE_GENERIC_WRITE   ;
    ea[2].grfInheritance   =   OBJECT_INHERIT_ACE|CONTAINER_INHERIT_ACE;
    ea[2].Trustee.MultipleTrusteeOperation   =   NO_MULTIPLE_TRUSTEE;
    ea[2].Trustee.pMultipleTrustee   =   NULL;
    ea[2].Trustee.TrusteeForm   =   TRUSTEE_IS_SID;
    ea[2].Trustee.TrusteeType   =   TRUSTEE_IS_WELL_KNOWN_GROUP;
    ea[2].Trustee.ptstrName   =   (LPTSTR)pSidWorld;


    //   create   a   DACL
    lRes   =   SetEntriesInAcl(3,   ea,   NULL,   &pDacl);
    if   (lRes   !=   ERROR_SUCCESS)
    __leave;

    //   initialize   security   descriptor
    if(!InitializeSecurityDescriptor(&SecDesc,   SECURITY_DESCRIPTOR_REVISION))
    __leave   ;

    if(!SetSecurityDescriptorDacl(&SecDesc,   TRUE,   pDacl,   FALSE))
    __leave   ;

    //   assign   security   descriptor   to   the   key
    //lRes   =   RegSetKeySecurity(hKey,   DACL_SECURITY_INFORMATION,   &SecDesc);

    lRes   =   SR_SetFileSecurityRecursive(szPath,   DACL_SECURITY_INFORMATION,   &SecDesc);
    //lRes   =   SetFileSecurity(szPath,   DACL_SECURITY_INFORMATION,   &SecDesc);


    }
    __finally
    {
    if   (pSidSystem   !=   NULL)
    FreeSid(pSidSystem);
    if   (pSidAdmins   !=   NULL)
    FreeSid(pSidAdmins);
    if   (pSidWorld   !=   NULL)
    FreeSid(pSidWorld);
    if   (pDacl   !=   NULL)
    LocalFree((HLOCAL)pDacl);
    }

    SetLastError(lRes);
    return   lRes   !=   ERROR_SUCCESS;
    }  


    Command   what   is   yours
    Conquer   what   is   not

    ==========================================================
    我解决了,在MSDN里找到的
    (取自MSDN)

    #define   _WIN32_WINNT   0x0500

    #include   <windows.h>
    #include   <sddl.h>
    #include   <stdio.h>

    BOOL   CreateMyDACL(SECURITY_ATTRIBUTES   *);

    void   main()
    {
    SECURITY_ATTRIBUTES     sa;

    sa.nLength   =   sizeof(SECURITY_ATTRIBUTES);
    sa.bInheritHandle   =   FALSE;    

    //   Call   function   to   set   the   DACL.   The   DACL
    //   is   set   in   the   SECURITY_ATTRIBUTES  
    //   lpSecurityDescriptor   member.
    if   (!CreateMyDACL(&sa))
    {
    //   Error   encountered;   generate   message   and   exit.
    printf( "Failed   CreateMyDACL\n ");
    exit(1);
    }

    //   Use   the   updated   SECURITY_ATTRIBUTES   to   specify
    //   security   attributes   for   securable   objects.
    //   This   example   uses   security   attributes   during
    //   creation   of   a   new   directory.
    if   (0   ==   CreateDirectory(TEXT( "C:\\MyFolder "),   &sa))
    {
    //   Error   encountered;   generate   message   and   exit.
    printf( "Failed   CreateDirectory\n ");
    exit(1);
    }

    //   Free   the   memory   allocated   for   the   SECURITY_DESCRIPTOR.
    if   (NULL   !=   LocalFree(sa.lpSecurityDescriptor))
    {
    //   Error   encountered;   generate   message   and   exit.
    printf( "Failed   LocalFree\n ");
    exit(1);
    }
    }

    BOOL   CreateMyDACL(SECURITY_ATTRIBUTES   *   pSA)
    {
    TCHAR   *   szSD   =   TEXT( "D: ")               //   Discretionary   ACL
    TEXT( "(D;OICI;GA;;;BG) ")           //   Deny   access   to   built-in   guests
    TEXT( "(D;OICI;GA;;;AN) ")           //   Deny   access   to   anonymous   logon
    TEXT( "(A;OICI;GRGWGX;;;AU) ")   //   Allow   read/write/execute   to   authenticated   users
    TEXT( "(A;OICI;GA;;;BA) ");         //   Allow   full   control   to   administrators

    if   (NULL   ==   pSA)
    return   FALSE;

    return   ConvertStringSecurityDescriptorToSecurityDescriptor(
    szSD,
    SDDL_REVISION_1,
    &(pSA-> lpSecurityDescriptor),
    NULL);
    }
  • 相关阅读:
    spark 读取mongodb失败,报executor time out 和GC overhead limit exceeded 异常
    在zepplin 使用spark sql 查询mongodb的数据
    Unable to query from Mongodb from Zeppelin using spark
    spark 与zepplin 版本兼容
    kafka 新旧消费者的区别
    kafka 新生产者发送消息流程
    spark ui acl 不生效的问题分析
    python中if __name__ == '__main__': 的解析
    深入C++的new
    NSSplitView
  • 原文地址:https://www.cnblogs.com/shenchao/p/2944630.html
Copyright © 2011-2022 走看看