Windows System Programming Third Edition [Electronic resources] نسخه متنی

اینجــــا یک کتابخانه دیجیتالی است

با بیش از 100000 منبع الکترونیکی رایگان به زبان فارسی ، عربی و انگلیسی

جستجو بر اساس ... همه عنوان پدیدآور موضوع یادداشت تمام متن
اصطلاحنامه مجموعه ها مرورالفبایی لغت نامه دهخدا
جستجو در لغت نامه
بیشتر
کتابخانه شخصی پرسش از کتابدار ارسال منبع

Windows System Programming Third Edition [Electronic resources] - نسخه متنی

Johnson M. Hart

| نمايش فراداده ، افزودن یک نقد و بررسی
افزودن به کتابخانه شخصی
میخواهم بخوانم
درحال خواندن
خوانده شده
ارسال به دوستان

آدرس پست الکترونیک گیرنده :

آدرس پست الکترونیک فرستنده :

نام و نام خانوارگی فرستنده :

پیغام برای گیرنده ( حداکثر 250 حرف ) :

کد امنیتی را وارد نمایید

ارسال
جستجو در متن کتاب
بیشتر
تنظیمات قلم

فونت

اندازه قلم

+ - پیش فرض

حالت نمایش

روز نیمروز شب
جستجو در لغت نامه
بیشتر
لیست موضوعات

Index
Windows System Programming Third Edition
By Johnson M. Hart
Publisher: Addison Wesley Professional
Pub Date: October 26, 2004
ISBN: 0-321-25619-0
Pages: 576

توضیحات
افزودن یادداشت جدید











  • Example: Initializing Security Attributes


    Program 15-1.

    Program 15-3. InitUnFp: Initializing Security Attributes


    /* Set UNIX-style permissions as ACEs in a
    SECURITY_ATTRIBUTES structure. */
    #include "EvryThng.h"
    #define ACL_SIZE 1024
    #define INIT_EXCEPTION 0x3
    #define CHANGE_EXCEPTION 0x4
    #define SID_SIZE LUSIZE
    #define DOM_SIZE LUSIZE
    LPSECURITY_ATTRIBUTES InitializeUnixSA (DWORD UnixPerms,
    LPCTSTR UsrNam, LPCTSTR GrpNam, LPDWORD AceMasks,
    LPHANDLE pHeap)
    {
    HANDLE SAHeap = HeapCreate (HEAP_GENERATE_EXCEPTIONS, 0, 0);
    LPSECURITY_ATTRIBUTES pSA = NULL;
    PSECURITY_DESCRIPTOR pSD = NULL;
    PACL pAcl = NULL;
    BOOL Success;
    DWORD iBit, iSid, UsrCnt = ACCT_NAME_SIZE;
    /* Tables of User, Group, and Everyone Names, SIDs,
    etc. for LookupAccountName and SID creation. */
    LPCTSTR pGrpNms [3] = {EMPTY, EMPTY, _T ("Everyone")};
    PSID pSidTable [3] = {NULL, NULL, NULL};
    SID_NAME_USE sNamUse [3] =
    {SidTypeUser, SidTypeGroup, SidTypeWellKnownGroup};
    TCHAR RefDomain [3] [DOM_SIZE];
    DWORD RefDomCnt [3] = {DOM_SIZE, DOM_SIZE, DOM_SIZE};
    DWORD SidCnt [3] = {SID_SIZE, SID_SIZE, SID_SIZE};
    __try { /* Try-except block for memory allocation failures. */
    *pHeap = SAHeap;
    pSA = HeapAlloc (SAHeap, 0, sizeof (SECURITY_ATTRIBUTES));
    pSA->nLength = sizeof (SECURITY_ATTRIBUTES);
    pSA->bInheritHandle = FALSE;
    /* Programmer can set this later. */
    pSD = HeapAlloc (SAHeap, 0, sizeof (SECURITY_DESCRIPTOR));
    pSA->lpSecurityDescriptor = pSD;
    InitializeSecurityDescriptor (pSD,
    SECURITY_DESCRIPTOR_REVISION);
    /* Get a SID for User, Group, and Everyone.
    * See the Web site for additional important details. */
    pGrpNms [0] = UsrNam; pGrpNms [1] = GrpNam;
    for (iSid = 0; iSid < 3; iSid++) {
    pSidTable [iSid] = HeapAlloc (SAHeap, 0, SID_SIZE);
    LookupAccountName (NULL, pGrpNms [iSid],
    pSidTable [iSid], &SidCnt [iSid],
    RefDomain [iSid], &RefDomCnt [iSid],
    &sNamUse [iSid]);
    }
    SetSecurityDescriptorOwner (pSD, pSidTable [0], FALSE);
    SetSecurityDescriptorGroup (pSD, pSidTable [1], FALSE);
    pAcl = HeapAlloc (ProcHeap, HEAP_GENERATE_EXCEPTIONS, ACL_SIZE);
    InitializeAcl (pAcl, ACL_SIZE, ACL_REVISION);
    /* Add all the access allowed/denied ACEs. */
    for (iBit = 0; iBit < 9; iBit++) {
    if ((UnixPerms >> (8 - iBit) & 0x1) != 0 &&
    AceMasks[iBit%3] != 0)
    AddAccessAllowedAce (pAcl, ACL_REVISION,
    AceMasks [iBit%3], pSidTable [iBit/3]);
    else if (AceMasks[iBit%3] != 0)
    AddAccessDeniedAce (pAcl, ACL_REVISION,
    AceMasks [iBit%3], pSidTable [iBit/3]);
    }
    /* Add a final deny all to Everyone ACE. */
    Success = Success && AddAccessDeniedAce (pAcl, ACL_REVISION,
    STANDARD_RIGHTS_ALL | SPECIFIC_RIGHTS_ALL, pSidTable [2]);
    /* Associate ACL with the security descriptor. */
    SetSecurityDescriptorDacl (pSD, TRUE, pAcl, FALSE);
    return pSA;
    }   /* End of try-except block. */
    __except (EXCEPTION_EXECUTE_HANDLER) { /* Free all resources. */
    if (SAHeap != NULL)
    HeapDestroy (SAHeap);
    pSA = NULL;
    }
    return pSA;
    }

    Comments on

    (Program 15-3

    Chapter 11). Program 15-4 shows how to integrate the security attributes with a file.

  • To emulate UNIX behavior, the order of ACE entry is critical. Notice that access-denied and access-allowed ACEs are added to the ACL as the permission bits are processed from left (Owner/Read) to right (Everyone/Execute). In this way, permission bits of, say, 460 (in octal) will deny write access to the user even though the user may be in the group.

  • The ACEs' rights are access values, such as FILE_GENERIC_READ and FILE_GENERIC_WRITE, which are similar to the flags used with CreateFile, although other access flags, such as SYNCHRONIZE, are added. The rights are specified in the calling program (Program 15-1 in this case) so that the rights can be appropriate for the object.

  • The defined constant ACL_SIZE is large enough to contain the nine ACEs. After Program 15-5, it will be apparent how to determine the required size.

  • The function uses three SIDs: one each for User, Group, and Everyone. THRee different techniques are employed to get the name to use as an argument to LookupAccountName. The user name comes from GetUserName. The name for everyone is Everyone in a SidTypeWellKnownGroup. The group name must be supplied as a command line argument and is looked up as a SidTypeGroup. Finding the groups that a user belongs to requires some knowledge of process handles, and solving this problem is Exercise 1512.

  • The version of the program on the book's Web site, but not the one shown here, is fastidious about error checking. It even goes to the effort to validate the generated structures using the self-explanatory IsValidSecurityDescriptor, IsValidSid, and IsValidAcl functions. This error testing proved to be extremely helpful during debugging.



    • / 291