Storage Control Model under the NT / 2000 / XP platform (Access Control Model) by Li Zhiyong 2003-7-18 16:28 (2) Before involving other, let's first see a program that may have problems. IF (Error_Success! = RegcreateKeyexw (HKEY_LOCAL_MACHINE, L "Software // 007H", 0, NULL, REG_OPTION_NON_VOLATILE, Key_Write, Null, & HKEY, NULL)
{Return False;}
IF (Error_Success! = RegSetValueex (HKEY, LPITEM, 0, REG_SZ, (LPBYTE) "90", 2))
{
RegcloseKey (HKEY); RETURN FALSE;
}
RegcloseKey (HKEY);
(Program 1)
This program is simple, that is, open the registry, and write the value. There is basically no problem under 98 or administrator privileges. But what is the potential problem? We do such a hypothesis that this code runs in a DDI interface of a user-state printer driver, such as DriversPdePdev. This requires call when different users are printed. The problem has occurred, and under other user privileges, it is possible to open or set the value to fail. GetLastError () returns 5 (Access Denied). The reason is that NULL is used as a safety permission when you establish a related subkey "Software // 007h". "LPSecurityAttribute). Using NULL means directly from the parent button directly to DACL, once the ACE that is given to the account you use in this DACL, you must fail to fail on the registry. (Enumerate the code of "Software", but reading the ACE string is a bit difficult, simply, Built-in users only has the right to read "Software", so the user of the users and guest groups will Unable to write the subtles "007h" you established because the DACL of the subkey established in the above manner inherits from "Software"). In order to avoid this, you should clearly develop safety permissions when establishing a registry key. The code is as follows (from MSDN): This code creates an administrator to do anything, any user can read and write the sub-keys, programs, and related structures of the program, will be performed in the next section.
Security_attributes usecurityattributes;
PSID peveryonesid = null, padminsid = null;
PACL PACL = NULL;
PSecurity_Descriptor PSD = NULL;
Explicit_access EA [2];
SID_IDENTIFIER_AUTHORITY SIDAUTHWORLD = Security_World_sid_AUTHORITY
SID_IDENTIFIER_AUTHORITY SIDAUTHNT = Security_NT_AUTHORITY
Security_attributes sa;
Long Lres;
HKEY HKSUB = NULL;
// Create a Well-KNown Sid for the eve Yone Group.
Bool Bresult = AllocateAndinitializesid (& Sidauthworld, 1,
Security_world_rid,
0, 0, 0, 0, 0, 0, 0,
& speveryonesid); // Initialize An Explicit_Access Structure for An Ace.
// the ace will allow eveningone read access to the key.
ZeromeMory (& EA, 2 * SIZEOF (Explicit_Access));
EA [0] .grfaccesspermissions = key_read | Key_write;
EA [0] .grfaccessmode = set_access;
EA [0] .grfinheritance = no_inheritance;
EA [0] .trustee.trusteeform = trustee_is_sid;
EA [0] .trustee.trustetype = trustee_is_well_known_group;
EA [0] .trustee.ptstrname = (lptstr) peveryonesid;
AllocateandInitializesid (& SidauThnt, 2,
Security_builtin_domain_rid,
Domain_Alias_rid_admins,
0, 0, 0, 0, 0, 0,
& padminsid;
// Initialize An Explicit_Access Structure for an Ace.
// The ace will allow the administrators group full access to the key.
EA [1] .grfaccesspermissions = key_all_access;
EA [1] .grfaccessmode = set_access;
EA [1] .grfinheritance = no_inheritance;
EA [1] .trustee.trusteeform = trustee_is_sid;
EA [1] .trustee.trustetype = trustee_is_group;
EA [1] .trustee.ptstrname = (lptstr) Padminsid;
// Create a new acl That Contains the New aces.
DWRES = STENTRIESINACL (2, EA, NULL, & PACL);
// Initialize A Security Descriptor.
PSD = (psecurity_descriptor) Localalloc (LPTR,
Security_Descriptor_min_length);
InitializeSecurityDescriptor (PSD, Security_Descriptor_revision);
SetSecurityDescriptOpaCl (PSD,
True, // bdaclpresent flag
Pacl,
FALSE);
// Initialize A Security Attributes structure.
Sa.nlength = sizeof (security_attributes);
Sa.lpsecurityDescriptor = psd;
Sa.binherithandle = false;
IF ((Dwerr = regcreateKeyexw (HKEY_LOCAL_MACHINE, L "Software // 800", 0, NULL,
REG_OPTION_NON_VOLATILE, Key_Read | Key_Write, & Sa, & HKEY, NULL)! = Error_Success)
{Return;} else if ((Dwerr = RegSetValueex (HKEY, LPITEM, 0, REG_SZ, (LPBYTE) LPVER90, 2))
= Error_Success)
{RegcloseKey (HKEY); RETURN;}
RegcloseKey (HKEY); if (padminsid)
FreesID (Padminsid);
IF (PeveryOsid)
FREESID (PeveryOsid);
IF (PACL)
LocalFree (PACL);
IF (PSD)
Localfree (PSD);
(Program 2)
Here is the resolution of the current registry key security information and convert it into a string, see MSDN. DWORD DWRES;
PACL POLDDACL = NULL;
PSecurity_Descriptor PSD = NULL;
Psid pprimarysid = null, power;
LPSTR PSTRING;
HKEY HOBJECT;
IF (Error_Success! = regopenkeyex (HKEY_LOCAL_MACHINE, "Software // 800", 0, Key_Read, & HObject))
Return 0;
// Get a Pointer to the EXISTING DACL.
DWRES = GetSecurityInfo ((Handle) HOBJECT, SE_REGISTRY_KEY,
DACL_SECURITY_INFORMATION | Group_security_information | Owner_Security_Information,
& Pownersid, & PprimarySid, & PoldDaCl, NULL, & PSD;
ConvertSecurityDescriptostringsecurityDescriptor (PSD, SDDL_REVISION_1,
DACL_SECURITY_INFORMATION | Group_security_information | Owner_Security_Information,
& pstring, null;
IF (PSD! = NULL)
LocalFree (Hlocal) PSD);
IF (pstring! = null)
LocalFree (hlocal);
RegcloseKey (HOBJECT);
(Program 3)
