2. it
  3. 转载:c++修改文件(夹)的用户访问权限程序代码

转载:c++修改文件(夹)的用户访问权限程序代码

mac2022-06-30  27

一般Windows下的系统文件(夹)只让受限帐户读取而不让写入和修改。如果要开启写操作权限就需要手动修改文件(夹)的用户帐户安全权限(这操作当然要在管理员帐户下执行).以下用程序封装了一下该操作:

  先来个API版本:

  //

  // 启用某个账户对某个文件(夹)的所有操作权限

  // pszPath: 文件(夹)路径

  // pszAccount: 账户名称

  //

  BOOL  EnableFileAccountPrivilege (PCTSTR pszPath, PCTSTR pszAccount)

  {

  BOOL bSuccess = TRUE;

  PACL pNewDacl = NULL, pOldDacl = NULL;

  EXPLICIT_ACCESS ea;

  do

  {

  // 获取文件(夹)安全对象的DACL列表

  if (ERROR_SUCCESS != ::GetNamedSecurityInfo ((LPTSTR)pszPath, SE_FILE_OBJECT, DACL_SECURITY_INFORMATION, NULL, NULL, &pOldDacl, NULL, NULL))

  {

  bSuccess  =  FALSE;

  break;

  }

  // 此处不可直接用AddAccessAllowedAce函数,因为已有的DACL长度是固定,必须重新创建一个DACL对象

  // 生成指定用户帐户的访问控制信息(这里指定赋予全部的访问权限)

  ::BuildExplicitAccessWithName (&ea, (LPTSTR)pszAccount, GENERIC_ALL, GRANT_ACCESS, SUB_CONTAINERS_AND_OBJECTS_INHERIT);

  // 创建新的ACL对象(合并已有的ACL对象和刚生成的用户帐户访问控制信息)

  if (ERROR_SUCCESS != ::SetEntriesInAcl(1, &ea, pOldDacl, &pNewDacl))

  {

  bSuccess   =  FALSE;

  break;

  }[next]

  // 设置文件(夹)安全对象的DACL列表

  if (ERROR_SUCCESS != ::SetNamedSecurityInfo ((LPTSTR)pszPath, SE_FILE_OBJECT, DACL_SECURITY_INFORMATION, NULL, NULL, pNewDacl, NULL))

  {

  bSuccess   =  FALSE;

  }

  } while (FALSE);

  // 释放资源

  if (pNewDacl != NULL)

  ::LocalFree(pNewDacl);

  return bSuccess;

  }ATL封装了安全操作函数,用ATL来写就简单多了: //

  // 启用某个账户对某个文件(夹)的所有操作权限(ATL版本)

  // pszPath: 文件(夹)路径

  // pszAccount: 账户名称

  //

  BOOL  AtlEnableFileAccountPrivilege (PCTSTR pszPath, PCTSTR pszAccount)

  {

  CDacl  dacl;

  CSid   sid;

  // 获取用户帐户标志符

  if (!sid.LoadAccount (pszAccount))

  {

  return FALSE;

  }

  // 获取文件(夹)的DACL

  if (!AtlGetDacl (pszPath, SE_FILE_OBJECT, &dacl))

  {

  return FALSE;

  }

  // 在DACL中添加新的ACE项

  dacl.AddAllowedAce (sid, GENERIC_ALL);

  // 设置文件(夹)的DACL

  return AtlSetDacl (pszPath, SE_FILE_OBJECT, dacl) ? TRUE : FALSE;

  }

来源:http://www.uniuc.com/computer/show-6322-1.html\\\

通过程序对文件夹的访问权限进行控制。 BOOL   My_SetFolderSecurity(WCHAR*   szPath) { SID_IDENTIFIER_AUTHORITY   sia   =   SECURITY_NT_AUTHORITY; PSID   pSidSystem   =   NULL; PSID   pSidAdmins   =   NULL; PSID   pSidWorld   =   NULL; PACL   pDacl   =   NULL; EXPLICIT_ACCESS   ea[4]; SECURITY_DESCRIPTOR   SecDesc; ULONG   lRes   =   ERROR_SUCCESS; __try { //   create   SYSTEM   SID if   (!AllocateAndInitializeSid(&sia,   1,   SECURITY_LOCAL_SYSTEM_RID, 0,   0,   0,   0,   0,   0,   0,   &pSidSystem)) { lRes   =   GetLastError(); __leave; } //   create   Local   Administrators   alias   SID if   (!AllocateAndInitializeSid(&sia,   2,   SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ADMINS,   0,   0,   0,   0,   0,   0,   &pSidAdmins)) { lRes   =   GetLastError(); __leave; } //   create   Authenticated   users   well-known   group   SID if   (!AllocateAndInitializeSid(&sia,   1,   SECURITY_AUTHENTICATED_USER_RID, 0,   0,   0,   0,   0,   0,   0,   &pSidWorld)) { lRes   =   GetLastError(); __leave; } //   fill   an   entry   for   the   SYSTEM   account ea[0].grfAccessMode   =   GRANT_ACCESS; ea[0].grfAccessPermissions   =   FILE_ALL_ACCESS; ea[0].grfInheritance   =   OBJECT_INHERIT_ACE|CONTAINER_INHERIT_ACE; ea[0].Trustee.MultipleTrusteeOperation   =   NO_MULTIPLE_TRUSTEE; ea[0].Trustee.pMultipleTrustee   =   NULL; ea[0].Trustee.TrusteeForm   =   TRUSTEE_IS_SID; ea[0].Trustee.TrusteeType   =   TRUSTEE_IS_WELL_KNOWN_GROUP; ea[0].Trustee.ptstrName   =   (LPTSTR)pSidSystem; //   fill   an   entry   entries   for   the   Administrators   alias ea[1].grfAccessMode   =   GRANT_ACCESS; ea[1].grfAccessPermissions   =   FILE_ALL_ACCESS; ea[1].grfInheritance   =   OBJECT_INHERIT_ACE|CONTAINER_INHERIT_ACE; ea[1].Trustee.MultipleTrusteeOperation   =   NO_MULTIPLE_TRUSTEE; ea[1].Trustee.pMultipleTrustee   =   NULL; ea[1].Trustee.TrusteeForm   =   TRUSTEE_IS_SID; ea[1].Trustee.TrusteeType   =   TRUSTEE_IS_ALIAS; ea[1].Trustee.ptstrName   =   (LPTSTR)pSidAdmins; //   fill   an   entry   for   the   Authenticated   users   well-known   group ea[2].grfAccessMode   =   GRANT_ACCESS; ea[2].grfAccessPermissions   =   FILE_GENERIC_READ|FILE_GENERIC_WRITE   ; ea[2].grfInheritance   =   OBJECT_INHERIT_ACE|CONTAINER_INHERIT_ACE; ea[2].Trustee.MultipleTrusteeOperation   =   NO_MULTIPLE_TRUSTEE; ea[2].Trustee.pMultipleTrustee   =   NULL; ea[2].Trustee.TrusteeForm   =   TRUSTEE_IS_SID; ea[2].Trustee.TrusteeType   =   TRUSTEE_IS_WELL_KNOWN_GROUP; ea[2].Trustee.ptstrName   =   (LPTSTR)pSidWorld; //   create   a   DACL lRes   =   SetEntriesInAcl(3,   ea,   NULL,   &pDacl); if   (lRes   !=   ERROR_SUCCESS) __leave; //   initialize   security   descriptor if(!InitializeSecurityDescriptor(&SecDesc,   SECURITY_DESCRIPTOR_REVISION)) __leave   ; if(!SetSecurityDescriptorDacl(&SecDesc,   TRUE,   pDacl,   FALSE)) __leave   ; //   assign   security   descriptor   to   the   key //lRes   =   RegSetKeySecurity(hKey,   DACL_SECURITY_INFORMATION,   &SecDesc); lRes   =   SR_SetFileSecurityRecursive(szPath,   DACL_SECURITY_INFORMATION,   &SecDesc); //lRes   =   SetFileSecurity(szPath,   DACL_SECURITY_INFORMATION,   &SecDesc); } __finally { if   (pSidSystem   !=   NULL) FreeSid(pSidSystem); if   (pSidAdmins   !=   NULL) FreeSid(pSidAdmins); if   (pSidWorld   !=   NULL) FreeSid(pSidWorld); if   (pDacl   !=   NULL) LocalFree((HLOCAL)pDacl); } SetLastError(lRes); return   lRes   !=   ERROR_SUCCESS; }   Command   what   is   yours Conquer   what   is   not ========================================================== 我解决了,在MSDN里找到的 (取自MSDN) #define   _WIN32_WINNT   0x0500 #include   <windows.h> #include   <sddl.h> #include   <stdio.h> BOOL   CreateMyDACL(SECURITY_ATTRIBUTES   *); void   main() { SECURITY_ATTRIBUTES     sa; sa.nLength   =   sizeof(SECURITY_ATTRIBUTES); sa.bInheritHandle   =   FALSE;     //   Call   function   to   set   the   DACL.   The   DACL //   is   set   in   the   SECURITY_ATTRIBUTES   //   lpSecurityDescriptor   member. if   (!CreateMyDACL(&sa)) { //   Error   encountered;   generate   message   and   exit. printf( "Failed   CreateMyDACL\n "); exit(1); } //   Use   the   updated   SECURITY_ATTRIBUTES   to   specify //   security   attributes   for   securable   objects. //   This   example   uses   security   attributes   during //   creation   of   a   new   directory. if   (0   ==   CreateDirectory(TEXT( "C:\\MyFolder "),   &sa)) { //   Error   encountered;   generate   message   and   exit. printf( "Failed   CreateDirectory\n "); exit(1); } //   Free   the   memory   allocated   for   the   SECURITY_DESCRIPTOR. if   (NULL   !=   LocalFree(sa.lpSecurityDescriptor)) { //   Error   encountered;   generate   message   and   exit. printf( "Failed   LocalFree\n "); exit(1); } } BOOL   CreateMyDACL(SECURITY_ATTRIBUTES   *   pSA) { TCHAR   *   szSD   =   TEXT( "D: ")               //   Discretionary   ACL TEXT( "(D;OICI;GA;;;BG) ")           //   Deny   access   to   built-in   guests TEXT( "(D;OICI;GA;;;AN) ")           //   Deny   access   to   anonymous   logon TEXT( "(A;OICI;GRGWGX;;;AU) ")   //   Allow   read/write/execute   to   authenticated   users TEXT( "(A;OICI;GA;;;BA) ");         //   Allow   full   control   to   administrators if   (NULL   ==   pSA) return   FALSE; return   ConvertStringSecurityDescriptorToSecurityDescriptor( szSD, SDDL_REVISION_1, &(pSA-> lpSecurityDescriptor), NULL); }

转载于:https://www.cnblogs.com/shenchao/archive/2013/03/05/2944630.html

最新回复(0)