当前位置: 文江博客话题详情

用 C 存储 NTFS 安全描述符

发布于 2024-09-01 06:23:32 字数 2196 浏览 4 评论 0原文

我的目标是以相同的本机状态存储 NTFS 安全描述符。目的是按需恢复。

我设法为此目的编写了代码,我想知道是否有人介意验证它的示例? (for 循环代表我存储本机描述符的方式)

此示例仅包含“OWNER”标志,但我的目的是对所有安全描述符标志应用相同的方法。

我只是一个初学者,非常感谢您的提醒。 谢谢,Doori 酒吧

#define _WIN32_WINNT 0x0501
#define WINVER 0x0501

#include <stdio.h>
#include <windows.h>
#include "accctrl.h"
#include "aclapi.h"
#include "sddl.h"

int main (void)
{
  DWORD lasterror;
  PSECURITY_DESCRIPTOR PSecurityD1, PSecurityD2;
  HANDLE hFile;
  PSID owner;
  LPTSTR ownerstr;
  BOOL ownerdefault;

  int ret = 0;
  unsigned int i;

  hFile = CreateFile("c:\\boot.ini", GENERIC_READ | ACCESS_SYSTEM_SECURITY, 
                     FILE_SHARE_READ, NULL, OPEN_EXISTING, 
                     FILE_FLAG_BACKUP_SEMANTICS, NULL);

  if (hFile == INVALID_HANDLE_VALUE) {
    fprintf(stderr,"CreateFile() failed. Error: INVALID_HANDLE_VALUE\n");
    return 1;
  }

  lasterror = GetSecurityInfo(hFile, SE_FILE_OBJECT, OWNER_SECURITY_INFORMATION
                              , &owner, NULL, NULL, NULL, &PSecurityD1);

  if (lasterror != ERROR_SUCCESS) {
    fprintf(stderr,"GetSecurityInfo() failed. Error: %lu;\n", lasterror);
    ret = 1;
    goto ret1;
  }

  ConvertSidToStringSid(owner,&ownerstr);
  printf("ownerstr of PSecurityD1: %s\n", ownerstr);

  /* The for loop represents the way I store the native descriptor */
  PSecurityD2 = malloc( GetSecurityDescriptorLength(PSecurityD1) * 
                        sizeof(unsigned char) );

  for (i=0; i < GetSecurityDescriptorLength(PSecurityD1); i++)
    ((unsigned char *) PSecurityD2)[i] = ((unsigned char *) PSecurityD1)[i];

  if (IsValidSecurityDescriptor(PSecurityD2) == 0) {
    fprintf(stderr,"IsValidSecurityDescriptor(PSecurityD2) failed.\n");
    ret = 2;
    goto ret2;
  }

  if (GetSecurityDescriptorOwner(PSecurityD2,&owner,&ownerdefault) == 0) {
    fprintf(stderr,"GetSecurityDescriptorOwner() failed.");
    ret = 2;
    goto ret2;
  }
  ConvertSidToStringSid(owner,&ownerstr);
  printf("ownerstr of PSecurityD2: %s\n", ownerstr);

  ret2:
  free(owner);
  free(ownerstr);
  free(PSecurityD1);
  free(PSecurityD2);
  ret1:
  CloseHandle(hFile);
  return ret;
}
原文

My goal is to store a NTFS Security Descriptor in its identical native state. The purpose is to restore it on-demand.

I managed to write the code for that purpose, I was wondering if anybody mind to validate a sample of it? (The for loop represents the way I store the native descriptor)

This sample only contains the flag for "OWNER", but my intention is to apply the same method for all of the security descriptor flags.

I'm just a beginner, would appreciate the heads up.
Thanks, Doori Bar

#define _WIN32_WINNT 0x0501
#define WINVER 0x0501

#include <stdio.h>
#include <windows.h>
#include "accctrl.h"
#include "aclapi.h"
#include "sddl.h"

int main (void)
{
  DWORD lasterror;
  PSECURITY_DESCRIPTOR PSecurityD1, PSecurityD2;
  HANDLE hFile;
  PSID owner;
  LPTSTR ownerstr;
  BOOL ownerdefault;

  int ret = 0;
  unsigned int i;

  hFile = CreateFile("c:\\boot.ini", GENERIC_READ | ACCESS_SYSTEM_SECURITY, 
                     FILE_SHARE_READ, NULL, OPEN_EXISTING, 
                     FILE_FLAG_BACKUP_SEMANTICS, NULL);

  if (hFile == INVALID_HANDLE_VALUE) {
    fprintf(stderr,"CreateFile() failed. Error: INVALID_HANDLE_VALUE\n");
    return 1;
  }

  lasterror = GetSecurityInfo(hFile, SE_FILE_OBJECT, OWNER_SECURITY_INFORMATION
                              , &owner, NULL, NULL, NULL, &PSecurityD1);

  if (lasterror != ERROR_SUCCESS) {
    fprintf(stderr,"GetSecurityInfo() failed. Error: %lu;\n", lasterror);
    ret = 1;
    goto ret1;
  }

  ConvertSidToStringSid(owner,&ownerstr);
  printf("ownerstr of PSecurityD1: %s\n", ownerstr);

  /* The for loop represents the way I store the native descriptor */
  PSecurityD2 = malloc( GetSecurityDescriptorLength(PSecurityD1) * 
                        sizeof(unsigned char) );

  for (i=0; i < GetSecurityDescriptorLength(PSecurityD1); i++)
    ((unsigned char *) PSecurityD2)[i] = ((unsigned char *) PSecurityD1)[i];

  if (IsValidSecurityDescriptor(PSecurityD2) == 0) {
    fprintf(stderr,"IsValidSecurityDescriptor(PSecurityD2) failed.\n");
    ret = 2;
    goto ret2;
  }

  if (GetSecurityDescriptorOwner(PSecurityD2,&owner,&ownerdefault) == 0) {
    fprintf(stderr,"GetSecurityDescriptorOwner() failed.");
    ret = 2;
    goto ret2;
  }
  ConvertSidToStringSid(owner,&ownerstr);
  printf("ownerstr of PSecurityD2: %s\n", ownerstr);

  ret2:
  free(owner);
  free(ownerstr);
  free(PSecurityD1);
  free(PSecurityD2);
  ret1:
  CloseHandle(hFile);
  return ret;
}

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

绅刃 2024-09-08 06:23:32

基本上没问题 - 声明时我会将owner、ownerstr、PSecurityD1 和PSecurityD2 归零。否则(失败时,您可能会释放未分配的内存)

您也可以使用 memcpy 代替复制循环

Basically ok - I'd zero out owner, ownerstr, PSecurityD1 and PSecurityD2 when declared. Otherwise (on failure you might be freeing unallocated memory)

Also you can use a memcpy instread of the copy loop

回复 原文
~没有更多了~

关于作者

酒解孤独

暂无简介

0 文章
0 评论
23 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

1CH1MKgiKxn9p

文章 0 评论 0

ゞ记忆︶ㄣ

文章 0 评论 0

JackDx

文章 0 评论 0

信远

文章 0 评论 0

yaoduoduo1995

文章 0 评论 0

霞映澄塘

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文