如何在Windows上使用CreateFile創建具有LPSECURITY_屬性的文件?

這是CreateFile文檔。

我想用CreateFileSECURITY_ATTRIBUTES創建一個文件,當我在windows帳戶用戶a下創建它時,另一個windows用戶B不應該訪問該文件。

我發現這為C++中的新對象創建了安全描述符

但還是搞不懂怎么對付某個用戶。

? 最佳回答:

但還是搞不懂怎么對付某個用戶。

您需要先獲取某個用戶的SID。

這里有一些步驟,

  1. 驗證輸入參數。
  2. 為SID和域名創建足夠大的緩沖區。
  3. 在循環中,調用LookupAccountName檢索所提供帳戶名的SID。如果SID的緩沖區或域名的緩沖區不夠大,則需要的緩沖區大小分別在cbSidcchDomainName中返回,并在下一次調用LookupAccountName之前分配一個新的緩沖區。注意,當lpSystemName參數設置為NULL時,在本地系統上檢索信息。
  4. 釋放分配給域名緩沖區的內存。

然后將SID傳遞給setEntriesInCla函數,

SetEntriesInAcl函數通過將新的訪問控制或審核控制信息合并到現有的ACL結構中來創建新的訪問控制列表(ACL)。

Modified code:

#pragma comment(lib, "advapi32.lib")

#include <windows.h>
#include <stdio.h>
#include <aclapi.h>
#include <tchar.h>
#include <mq.h.>

HRESULT GetSid(
    LPCWSTR wszAccName,
    PSID* ppSid
)
{

    // Validate the input parameters.  
    if (wszAccName == NULL || ppSid == NULL)
    {
        return MQ_ERROR_INVALID_PARAMETER;
    }

    // Create buffers that may be large enough.  
    // If a buffer is too small, the count parameter will be set to the size needed.  
    const DWORD INITIAL_SIZE = 32;
    DWORD cbSid = 0;
    DWORD dwSidBufferSize = INITIAL_SIZE;
    DWORD cchDomainName = 0;
    DWORD dwDomainBufferSize = INITIAL_SIZE;
    WCHAR* wszDomainName = NULL;
    SID_NAME_USE eSidType;
    DWORD dwErrorCode = 0;
    HRESULT hr = MQ_OK;

    // Create buffers for the SID and the domain name.  
    *ppSid = (PSID) new BYTE[dwSidBufferSize];
    if (*ppSid == NULL)
    {
        return MQ_ERROR_INSUFFICIENT_RESOURCES;
    }
    memset(*ppSid, 0, dwSidBufferSize);
    wszDomainName = new WCHAR[dwDomainBufferSize];
    if (wszDomainName == NULL)
    {
        return MQ_ERROR_INSUFFICIENT_RESOURCES;
    }
    memset(wszDomainName, 0, dwDomainBufferSize * sizeof(WCHAR));

    // Obtain the SID for the account name passed.  
    for (; ; )
    {

        // Set the count variables to the buffer sizes and retrieve the SID.  
        cbSid = dwSidBufferSize;
        cchDomainName = dwDomainBufferSize;
        if (LookupAccountNameW(
            NULL,            // Computer name. NULL for the local computer  
            wszAccName,
            *ppSid,          // Pointer to the SID buffer. Use NULL to get the size needed,  
            &cbSid,          // Size of the SID buffer needed.  
            wszDomainName,   // wszDomainName,  
            &cchDomainName,
            &eSidType
        ))
        {
            if (IsValidSid(*ppSid) == FALSE)
            {
                wprintf(L"The SID for %s is invalid.\n", wszAccName);
                dwErrorCode = MQ_ERROR;
            }
            break;
        }
        dwErrorCode = GetLastError();

        // Check if one of the buffers was too small.  
        if (dwErrorCode == ERROR_INSUFFICIENT_BUFFER)
        {
            if (cbSid > dwSidBufferSize)
            {

                // Reallocate memory for the SID buffer.  
                wprintf(L"The SID buffer was too small. It will be reallocated.\n");
                FreeSid(*ppSid);
                *ppSid = (PSID) new BYTE[cbSid];
                if (*ppSid == NULL)
                {
                    return MQ_ERROR_INSUFFICIENT_RESOURCES;
                }
                memset(*ppSid, 0, cbSid);
                dwSidBufferSize = cbSid;
            }
            if (cchDomainName > dwDomainBufferSize)
            {

                // Reallocate memory for the domain name buffer.  
                wprintf(L"The domain name buffer was too small. It will be reallocated.\n");
                delete[] wszDomainName;
                wszDomainName = new WCHAR[cchDomainName];
                if (wszDomainName == NULL)
                {
                    return MQ_ERROR_INSUFFICIENT_RESOURCES;
                }
                memset(wszDomainName, 0, cchDomainName * sizeof(WCHAR));
                dwDomainBufferSize = cchDomainName;
            }
        }
        else
        {
            wprintf(L"LookupAccountNameW failed. GetLastError returned: %d\n", dwErrorCode);
            hr = HRESULT_FROM_WIN32(dwErrorCode);
            break;
        }
    }

    delete[] wszDomainName;
    return hr;
}

void main()
{
    PSID sid;
    GetSid(L"strives", &sid); // enter a user name
    DWORD dwRes, dwDisposition;
    PACL pACL = NULL;
    PSECURITY_DESCRIPTOR pSD = NULL;
    EXPLICIT_ACCESS ea;
    SECURITY_ATTRIBUTES sa;
    HANDLE lRes = NULL;
    // Initialize an EXPLICIT_ACCESS structure for an ACE.
    // The ACE will allow Everyone read access to the key.
    ZeroMemory(&ea, sizeof(EXPLICIT_ACCESS));
    ea.grfAccessPermissions = GENERIC_ALL;
    ea.grfAccessMode = SET_ACCESS;
    ea.grfInheritance = NO_INHERITANCE;
    ea.Trustee.TrusteeForm = TRUSTEE_IS_SID;
    ea.Trustee.TrusteeType = TRUSTEE_IS_USER;
    ea.Trustee.ptstrName = (LPTSTR)sid;

    // Create a new ACL that contains the new ACEs.
    dwRes = SetEntriesInAcl(1, &ea, NULL, &pACL);
    if (ERROR_SUCCESS != dwRes)
    {
        _tprintf(_T("SetEntriesInAcl Error %u\n"), GetLastError());
        goto Cleanup;
    }

    // Initialize a security descriptor.  
    pSD = (PSECURITY_DESCRIPTOR)LocalAlloc(LPTR,
        SECURITY_DESCRIPTOR_MIN_LENGTH);
    if (NULL == pSD)
    {
        _tprintf(_T("LocalAlloc Error %u\n"), GetLastError());
        goto Cleanup;
    }

    if (!InitializeSecurityDescriptor(pSD,
        SECURITY_DESCRIPTOR_REVISION))
    {
        _tprintf(_T("InitializeSecurityDescriptor Error %u\n"),
            GetLastError());
        goto Cleanup;
    }

    // Add the ACL to the security descriptor. 
    if (!SetSecurityDescriptorDacl(pSD,
        TRUE,     // bDaclPresent flag   
        pACL,
        FALSE))   // not a default DACL 
    {
        _tprintf(_T("SetSecurityDescriptorDacl Error %u\n"),
            GetLastError());
        goto Cleanup;
    }

    // Initialize a security attributes structure.
    sa.nLength = sizeof(SECURITY_ATTRIBUTES);
    sa.lpSecurityDescriptor = pSD;
    sa.bInheritHandle = FALSE;

    // Use the security attributes to set the security descriptor 
    // when you create a key.
    lRes =  CreateFile(_T("D:\\File.txt"), GENERIC_READ | GENERIC_WRITE, FILE_SHARE_READ,
        &sa, OPEN_ALWAYS, 0, NULL);
    if (lRes != NULL)
    {
        _tprintf(_T("Create file success\n"));
    }
   
Cleanup:

    if (pACL)
        LocalFree(pACL);
    if (pSD)
        LocalFree(pSD);
    if (lRes)
       CloseHandle(lRes);
    return;

}

可以通過檢查文件的屬性進行驗證。

主站蜘蛛池模板: 亚洲成人一区二区| 少妇无码一区二区三区| 无码精品一区二区三区免费视频| 美女啪啪一区二区三区| 中文字幕久久亚洲一区| 国产一区二区三区免费观看在线 | 日本一区二区三区精品国产 | 国产精品亚洲一区二区三区| 亚洲一区二区三区免费观看| 亚洲狠狠狠一区二区三区| 成人免费观看一区二区| 无码一区二区波多野结衣播放搜索| 乱子伦一区二区三区| 亚洲AV日韩综合一区尤物| 国产成人无码精品一区二区三区 | 性色AV一区二区三区| 国产在线精品一区二区三区不卡| 中文字幕在线观看一区二区 | 波霸影院一区二区| 久久久久人妻精品一区三寸| AA区一区二区三无码精片| 麻豆果冻传媒2021精品传媒一区下载 | 亚洲色无码一区二区三区| 久久成人国产精品一区二区| 亚洲国产精品无码久久一区二区| 国产99精品一区二区三区免费| 色系一区二区三区四区五区| 亚洲性日韩精品国产一区二区| 日韩动漫av在线播放一区| 痴汉中文字幕视频一区| 熟女少妇丰满一区二区| 亚洲AV美女一区二区三区| 色婷婷一区二区三区四区成人网| 精品无码一区二区三区爱欲九九| 国产乱码一区二区三区| 久久精品无码一区二区三区不卡| 国产成人综合亚洲一区| 三上悠亚日韩精品一区在线| 无码人妻视频一区二区三区| 伊人久久精品一区二区三区| 夜夜添无码试看一区二区三区|