Windows System Programming Third Edition [Electronic resources] نسخه متنی

Overview of Additional Security Features

There is much more to Windows security, but this chapter is an introduction, showing how to secure Windows objects using the security API. The following sections give a brief overview of additional security subjects that some readers will want to explore.

Removing ACEs

The DeleteAce function deletes an ACE specified by an index, in a manner similar to that used with GetAce.

Absolute and Self-Relative Security Descriptors

Program 15-5, which changed ACLs, had the benefit of simply replacing one security descriptor (SD) with another. To change an existing SD, however, some care is required because of the distinction between absolute and self-relative SDs. The internal details of these data structures are not important for our purposes, but it is necessary to understand why there are two distinct SD types and how to convert between them.

• During construction, an SD is absolute, with pointers to various structures in memory. In fact, InitializeSecurityDescriptor creates an absolute SD.

• When the SD is associated with a permanent object, such as the file, the OS consolidates the SD into a compact, self-relative structure. However, changing an SD (changing an ACL, for example) causes difficulties in managing space within the absolute SD structure.

• It is possible to convert between the two forms using Windows functions for that purpose. Use MakeAbsoluteSD to convert a self-relative SD, such as the one returned by GetFileSecurity. Modify the SD in self-relative form and then use MakeSelfRelativeSD to convert it back. MakeAbsoluteSD is one of the more formidable Windows functions, having eleven parameters: two for each of the four SD components, one each for the input and output SDs, and one for the length of the resulting absolute SD.

System ACLs

A complete class of functions is available for managing system ACLs; only system administrators can use it. System ACLs specify which object accesses should be logged. The principal function is AddAuditAccessAce, which is similar to AddAccessAllowedAce. There is no concept of access denied with system ACLs.

Two other system ACL functions are GetSecurityDescriptorSacl and SetSecurityDescriptorSacl. These functions are comparable to their discretionary ACL counterparts, GetSecurityDescriptorDacl and SetSecurityDescriptorDacl.

Access Token Information

Program 15-1 did not solve the problem of obtaining the groups associated with a process in its access token. Program 15-1 simply required the user to specify the group name. You use the GetTokenInformation function for this; a process handle, covered in Chapter 6, is required. Exercise 1512 addresses this, providing a hint toward the solution. The solution code is also included on the book's Web site.

Access tokens also contain security privileges so that a process will gain certain access by virtue of its identity rather than by the rights associated with the object. For example, an administrator requires access that will override those specifically granted by an object. Note, again, the distinction between a right and a privilege.

SID Management

The examples obtained SIDs from user and group names, but you can also create new SIDs with the AllocateAndInitializeSid function. Other functions obtain SID information, and you can even copy (CopySid) and compare (CompareSid) SIDs.

Secure Sockets Layer (SSL)

Windows Sockets (Winsock), described in Chapter 12, provides networked communication between systems. Winsock conforms to industry standards, so it is also possible to communicate with non-Windows systems. SSL, an extension, layers a security protocol on top of the underlying transport protocol, providing message authentication, encryption, and decryption.