zoukankan      html  css  js  c++  java
  • 转载:c++修改文件(夹)的用户访问权限程序代码

    一般Windows下的系统文件(夹)只让受限帐户读取而不让写入和修改。如果要开启写操作权限就需要手动修改文件(夹)的用户帐户安全权限(这操作当然要在管理员帐户下执行).以下用程序封装了一下该操作:

      先来个API版本:

      //

      // 启用某个账户对某个文件(夹)的所有操作权限

      // pszPath: 文件(夹)路径

      // pszAccount: 账户名称

      //

      BOOL  EnableFileAccountPrivilege (PCTSTR pszPath, PCTSTR pszAccount)

      {

      BOOL bSuccess = TRUE;

      PACL pNewDacl = NULL, pOldDacl = NULL;

      EXPLICIT_ACCESS ea;

      do

      {

      // 获取文件(夹)安全对象的DACL列表

      if (ERROR_SUCCESS != ::GetNamedSecurityInfo ((LPTSTR)pszPath, SE_FILE_OBJECT, DACL_SECURITY_INFORMATION, NULL, NULL, &pOldDacl, NULL, NULL))

      {

      bSuccess  =  FALSE;

      break;

      }

      // 此处不可直接用AddAccessAllowedAce函数,因为已有的DACL长度是固定,必须重新创建一个DACL对象

      // 生成指定用户帐户的访问控制信息(这里指定赋予全部的访问权限)

      ::BuildExplicitAccessWithName (&ea, (LPTSTR)pszAccount, GENERIC_ALL, GRANT_ACCESS, SUB_CONTAINERS_AND_OBJECTS_INHERIT);

      // 创建新的ACL对象(合并已有的ACL对象和刚生成的用户帐户访问控制信息)

      if (ERROR_SUCCESS != ::SetEntriesInAcl(1, &ea, pOldDacl, &pNewDacl))

      {

      bSuccess   =  FALSE;

      break;

      }[next]

      // 设置文件(夹)安全对象的DACL列表

      if (ERROR_SUCCESS != ::SetNamedSecurityInfo ((LPTSTR)pszPath, SE_FILE_OBJECT, DACL_SECURITY_INFORMATION, NULL, NULL, pNewDacl, NULL))

      {

      bSuccess   =  FALSE;

      }

      } while (FALSE);

      // 释放资源

      if (pNewDacl != NULL)

      ::LocalFree(pNewDacl);

      return bSuccess;

      }ATL封装了安全操作函数,用ATL来写就简单多了: //

      // 启用某个账户对某个文件(夹)的所有操作权限(ATL版本)

      // pszPath: 文件(夹)路径

      // pszAccount: 账户名称

      //

      BOOL  AtlEnableFileAccountPrivilege (PCTSTR pszPath, PCTSTR pszAccount)

      {

      CDacl  dacl;

      CSid   sid;

      // 获取用户帐户标志符

      if (!sid.LoadAccount (pszAccount))

      {

      return FALSE;

      }

      // 获取文件(夹)的DACL

      if (!AtlGetDacl (pszPath, SE_FILE_OBJECT, &dacl))

      {

      return FALSE;

      }

      // 在DACL中添加新的ACE项

      dacl.AddAllowedAce (sid, GENERIC_ALL);

      // 设置文件(夹)的DACL

      return AtlSetDacl (pszPath, SE_FILE_OBJECT, dacl) ? TRUE : FALSE;

      }

    来源:http://www.uniuc.com/computer/show-6322-1.html\\\



    通过程序对文件夹的访问权限进行控制。
    BOOL   My_SetFolderSecurity(WCHAR*   szPath)
    {
    SID_IDENTIFIER_AUTHORITY   sia   =   SECURITY_NT_AUTHORITY;
    PSID   pSidSystem   =   NULL;
    PSID   pSidAdmins   =   NULL;
    PSID   pSidWorld   =   NULL;
    PACL   pDacl   =   NULL;
    EXPLICIT_ACCESS   ea[4];
    SECURITY_DESCRIPTOR   SecDesc;

    ULONG   lRes   =   ERROR_SUCCESS;

    __try
    {
    //   create   SYSTEM   SID
    if   (!AllocateAndInitializeSid(&sia,   1,   SECURITY_LOCAL_SYSTEM_RID,
    0,   0,   0,   0,   0,   0,   0,   &pSidSystem))
    {
    lRes   =   GetLastError();
    __leave;
    }

    //   create   Local   Administrators   alias   SID
    if   (!AllocateAndInitializeSid(&sia,   2,   SECURITY_BUILTIN_DOMAIN_RID,
    DOMAIN_ALIAS_RID_ADMINS,   0,   0,   0,   0,  
    0,   0,   &pSidAdmins))
    {
    lRes   =   GetLastError();
    __leave;
    }


    //   create   Authenticated   users   well-known   group   SID
    if   (!AllocateAndInitializeSid(&sia,   1,   SECURITY_AUTHENTICATED_USER_RID,
    0,   0,   0,   0,   0,   0,   0,   &pSidWorld))
    {
    lRes   =   GetLastError();
    __leave;
    }

    //   fill   an   entry   for   the   SYSTEM   account
    ea[0].grfAccessMode   =   GRANT_ACCESS;
    ea[0].grfAccessPermissions   =   FILE_ALL_ACCESS;
    ea[0].grfInheritance   =   OBJECT_INHERIT_ACE|CONTAINER_INHERIT_ACE;
    ea[0].Trustee.MultipleTrusteeOperation   =   NO_MULTIPLE_TRUSTEE;
    ea[0].Trustee.pMultipleTrustee   =   NULL;
    ea[0].Trustee.TrusteeForm   =   TRUSTEE_IS_SID;
    ea[0].Trustee.TrusteeType   =   TRUSTEE_IS_WELL_KNOWN_GROUP;
    ea[0].Trustee.ptstrName   =   (LPTSTR)pSidSystem;

    //   fill   an   entry   entries   for   the   Administrators   alias
    ea[1].grfAccessMode   =   GRANT_ACCESS;
    ea[1].grfAccessPermissions   =   FILE_ALL_ACCESS;
    ea[1].grfInheritance   =   OBJECT_INHERIT_ACE|CONTAINER_INHERIT_ACE;
    ea[1].Trustee.MultipleTrusteeOperation   =   NO_MULTIPLE_TRUSTEE;
    ea[1].Trustee.pMultipleTrustee   =   NULL;
    ea[1].Trustee.TrusteeForm   =   TRUSTEE_IS_SID;
    ea[1].Trustee.TrusteeType   =   TRUSTEE_IS_ALIAS;
    ea[1].Trustee.ptstrName   =   (LPTSTR)pSidAdmins;

    //   fill   an   entry   for   the   Authenticated   users   well-known   group
    ea[2].grfAccessMode   =   GRANT_ACCESS;
    ea[2].grfAccessPermissions   =   FILE_GENERIC_READ|FILE_GENERIC_WRITE   ;
    ea[2].grfInheritance   =   OBJECT_INHERIT_ACE|CONTAINER_INHERIT_ACE;
    ea[2].Trustee.MultipleTrusteeOperation   =   NO_MULTIPLE_TRUSTEE;
    ea[2].Trustee.pMultipleTrustee   =   NULL;
    ea[2].Trustee.TrusteeForm   =   TRUSTEE_IS_SID;
    ea[2].Trustee.TrusteeType   =   TRUSTEE_IS_WELL_KNOWN_GROUP;
    ea[2].Trustee.ptstrName   =   (LPTSTR)pSidWorld;


    //   create   a   DACL
    lRes   =   SetEntriesInAcl(3,   ea,   NULL,   &pDacl);
    if   (lRes   !=   ERROR_SUCCESS)
    __leave;

    //   initialize   security   descriptor
    if(!InitializeSecurityDescriptor(&SecDesc,   SECURITY_DESCRIPTOR_REVISION))
    __leave   ;

    if(!SetSecurityDescriptorDacl(&SecDesc,   TRUE,   pDacl,   FALSE))
    __leave   ;

    //   assign   security   descriptor   to   the   key
    //lRes   =   RegSetKeySecurity(hKey,   DACL_SECURITY_INFORMATION,   &SecDesc);

    lRes   =   SR_SetFileSecurityRecursive(szPath,   DACL_SECURITY_INFORMATION,   &SecDesc);
    //lRes   =   SetFileSecurity(szPath,   DACL_SECURITY_INFORMATION,   &SecDesc);


    }
    __finally
    {
    if   (pSidSystem   !=   NULL)
    FreeSid(pSidSystem);
    if   (pSidAdmins   !=   NULL)
    FreeSid(pSidAdmins);
    if   (pSidWorld   !=   NULL)
    FreeSid(pSidWorld);
    if   (pDacl   !=   NULL)
    LocalFree((HLOCAL)pDacl);
    }

    SetLastError(lRes);
    return   lRes   !=   ERROR_SUCCESS;
    }  


    Command   what   is   yours
    Conquer   what   is   not

    ==========================================================
    我解决了,在MSDN里找到的
    (取自MSDN)

    #define   _WIN32_WINNT   0x0500

    #include   <windows.h>
    #include   <sddl.h>
    #include   <stdio.h>

    BOOL   CreateMyDACL(SECURITY_ATTRIBUTES   *);

    void   main()
    {
    SECURITY_ATTRIBUTES     sa;

    sa.nLength   =   sizeof(SECURITY_ATTRIBUTES);
    sa.bInheritHandle   =   FALSE;    

    //   Call   function   to   set   the   DACL.   The   DACL
    //   is   set   in   the   SECURITY_ATTRIBUTES  
    //   lpSecurityDescriptor   member.
    if   (!CreateMyDACL(&sa))
    {
    //   Error   encountered;   generate   message   and   exit.
    printf( "Failed   CreateMyDACL\n ");
    exit(1);
    }

    //   Use   the   updated   SECURITY_ATTRIBUTES   to   specify
    //   security   attributes   for   securable   objects.
    //   This   example   uses   security   attributes   during
    //   creation   of   a   new   directory.
    if   (0   ==   CreateDirectory(TEXT( "C:\\MyFolder "),   &sa))
    {
    //   Error   encountered;   generate   message   and   exit.
    printf( "Failed   CreateDirectory\n ");
    exit(1);
    }

    //   Free   the   memory   allocated   for   the   SECURITY_DESCRIPTOR.
    if   (NULL   !=   LocalFree(sa.lpSecurityDescriptor))
    {
    //   Error   encountered;   generate   message   and   exit.
    printf( "Failed   LocalFree\n ");
    exit(1);
    }
    }

    BOOL   CreateMyDACL(SECURITY_ATTRIBUTES   *   pSA)
    {
    TCHAR   *   szSD   =   TEXT( "D: ")               //   Discretionary   ACL
    TEXT( "(D;OICI;GA;;;BG) ")           //   Deny   access   to   built-in   guests
    TEXT( "(D;OICI;GA;;;AN) ")           //   Deny   access   to   anonymous   logon
    TEXT( "(A;OICI;GRGWGX;;;AU) ")   //   Allow   read/write/execute   to   authenticated   users
    TEXT( "(A;OICI;GA;;;BA) ");         //   Allow   full   control   to   administrators

    if   (NULL   ==   pSA)
    return   FALSE;

    return   ConvertStringSecurityDescriptorToSecurityDescriptor(
    szSD,
    SDDL_REVISION_1,
    &(pSA-> lpSecurityDescriptor),
    NULL);
    }
  • 相关阅读:
    Windows10 JDK1.8安装及环境变量配置
    Adobe Premiere Pro 2020破解教程
    如何消除任务栏系统更新失败的图标
    微服务架构-Gradle下载安装配置教程
    第十五次-语法制导的语义翻译
    第十四次——算符优先分析
    第09组 Alpha冲刺(4/4)
    第09组 Alpha冲刺(3/4)
    第09组 Alpha冲刺(2/4)
    第09组 Alpha冲刺(1/4)
  • 原文地址:https://www.cnblogs.com/shenchao/p/2944630.html
Copyright © 2011-2022 走看看