Windows System Programming Third Edition [Electronic resources] نسخه متنی

151.

Extend Program 15-1 so that multiple groups have their own unique permissions. The group name and permission pairs can be separate arguments to the function.

152.

Extend Program 15-4 so that it can report on all the groups that have ACEs in the object's security descriptor.

153.

Confirm that chmodW has the desired effect of limiting file access.

154.

Investigate the default security attributes you get with a file.

155.

What are some of the other access masks you can use with an ACE? The Microsoft documentation supplies some information.

156.

Enhance both chmodW and lsFP so that they produce an error message if asked to deal with a file on a non-NTFS file system. GetVolumeInformation is required.

157.

Enhance the chmodW command so that there is an -o option to set the owning user to be the user of the chmodW program.

158.

Determine the actual size of the ACL buffer required by Program 15-3 to store the ACEs. Program 15-3 uses 1,024 bytes. Can you determine a formula for estimating the required ACL size?

159.

The Cygwin Web site (Program 15-3, which created a security descriptor, required the programmer to supply the group name. Modify the program so that it creates permissions for all the user's groups. Hint: It is necessary to use the OpenProcessToken function, which returns an array with the group names, although you will need to experiment to find out how group names are stored in the array. The source program on the book's Web site contains a partial solution.

1513.

Note in the client/server system that the clients can access exactly the same files and other objects that are available to the server on the server's machine with the server's access rights. Remove this limitation by implementing security delegation using the functions ImpersonateNamedPipeClient and RevertToSelf. Clients that are not in the group used to secure the pipe cannot connect to the server.

1514.

There are several additional Windows functions that you may find useful and that could be applied to simplify or improve this chapter's examples. Look up the following functions: AreAllAccessesGranted, AreAnyAccessesGranted, AccessCheck, and MapGenericMask. Can you use these functions to simplify or improve the examples?