// sspap3registrypermissions.cpp : Defines the entry point for the console application. // #include "stdafx.h" #include #include #include #define RTN_OK 0 #define RTN_ERROR 13 void DisplayWinError( LPSTR szAPI, // pointer to Ansi function name DWORD dwError // DWORD WinError ); int _tmain(int argc, _TCHAR* argv[]) { SID_IDENTIFIER_AUTHORITY sia = SECURITY_NT_AUTHORITY; PSID pRestrictedSid = NULL; PSID pSystemSid = NULL; PSID pAdministratorsSid = NULL; PSID pEveryoneSid = NULL; SECURITY_DESCRIPTOR sd; PACL pDacl = NULL; DWORD dwAclSize; DWORD sidSize; HKEY hKey; LONG lRetCode; BOOL bSuccess = FALSE; // assume this function fails // // open the performance key for WRITE_DAC access // lRetCode = RegOpenKeyEx( HKEY_CURRENT_USER, TEXT(""), 0, WRITE_DAC, &hKey ); if(lRetCode != ERROR_SUCCESS) { DisplayWinError("RegOpenKeyEx", lRetCode); return RTN_ERROR; } // // prepare a Sid representing the Restricted user // if(!AllocateAndInitializeSid( &sia, 1, SECURITY_RESTRICTED_CODE_RID, 0, 0, 0, 0, 0, 0, 0, &pRestrictedSid )) { DisplayWinError("AllocateAndInitializeSid SECURITY_RESTRICTED_CODE_RID", GetLastError()); goto cleanup; } // // prepare a Sid representing the System user // if(!AllocateAndInitializeSid( &sia, 1, SECURITY_LOCAL_SYSTEM_RID, 0, 0, 0, 0, 0, 0, 0, &pSystemSid )) { DisplayWinError("AllocateAndInitializeSid SECURITY_LOCAL_SYSTEM_RID", GetLastError()); goto cleanup; } // // prepare a Sid representing any administrator // pAdministratorsSid = (PSID)HeapAlloc(GetProcessHeap(), 0, SECURITY_MAX_SID_SIZE); if(pAdministratorsSid == NULL) goto cleanup; if(!CreateWellKnownSid( WinBuiltinAdministratorsSid, NULL, pAdministratorsSid, &sidSize )) { DisplayWinError("CreateWellKnownSid WinBuiltinAdministratorsSid", GetLastError()); goto cleanup; } // // prepare a Sid representing any user // pEveryoneSid = (PSID)HeapAlloc(GetProcessHeap(), 0, SECURITY_MAX_SID_SIZE); if(pEveryoneSid == NULL) goto cleanup; if(!CreateWellKnownSid( WinWorldSid, NULL, pEveryoneSid, &sidSize )) { DisplayWinError("CreateWellKnownSid WinWorldSid", GetLastError()); goto cleanup; } // // compute size of new acl // dwAclSize = sizeof(ACL) + 4 * ( sizeof(ACCESS_ALLOWED_ACE) - sizeof(DWORD) ) + GetLengthSid(pRestrictedSid) + GetLengthSid(pSystemSid) + GetLengthSid(pAdministratorsSid) + GetLengthSid(pEveryoneSid) ; // // allocate storage for Acl // pDacl = (PACL)HeapAlloc(GetProcessHeap(), 0, dwAclSize); if(pDacl == NULL) goto cleanup; if(!InitializeAcl(pDacl, dwAclSize, ACL_REVISION)) { DisplayWinError("InitializeAcl", GetLastError()); goto cleanup; } // // grant the Restricted Sid KEY_READ access to the perf key // if(!AddAccessAllowedAceEx( pDacl, ACL_REVISION, CONTAINER_INHERIT_ACE | OBJECT_INHERIT_ACE, KEY_READ, pRestrictedSid )) { DisplayWinError("AddAccessAllowedAce", GetLastError()); goto cleanup; } // // grant the System Sid KEY_ALL_ACCESS access to the perf key // if(!AddAccessAllowedAceEx( pDacl, ACL_REVISION, CONTAINER_INHERIT_ACE | OBJECT_INHERIT_ACE, KEY_ALL_ACCESS, pSystemSid )) { DisplayWinError("AddAccessAllowedAce", GetLastError()); goto cleanup; } // // grant the Administrators Sid KEY_ALL_ACCESS access to the perf key // if(!AddAccessAllowedAceEx( pDacl, ACL_REVISION, CONTAINER_INHERIT_ACE | OBJECT_INHERIT_ACE, KEY_ALL_ACCESS, pAdministratorsSid )) { DisplayWinError("AddAccessAllowedAce", GetLastError()); goto cleanup; } // // grant the Everyone Sid KEY_ALL_ACCESS access to the perf key // if(!AddAccessAllowedAceEx( pDacl, ACL_REVISION, CONTAINER_INHERIT_ACE | OBJECT_INHERIT_ACE, KEY_ALL_ACCESS, pEveryoneSid )) { DisplayWinError("AddAccessAllowedAce", GetLastError()); goto cleanup; } if(!InitializeSecurityDescriptor(&sd, SECURITY_DESCRIPTOR_REVISION)) { DisplayWinError("InitializeSecurityDescriptor", GetLastError()); goto cleanup; } /* if(!SetSecurityDescriptorDacl(&sd, TRUE, pDacl, FALSE)) { DisplayWinError("SetSecurityDescriptorDacl", GetLastError()); goto cleanup; }*/ // // Unlike SetSecurityDescriptorDacl, SetNamedSecurityInfo propogates inheritance to subkeys // See http://comments.gmane.org/gmane.comp.python.windows/10609 // if(!SetNamedSecurityInfo(L"CURRENT_USER", SE_REGISTRY_KEY, DACL_SECURITY_INFORMATION, NULL, NULL, pDacl, NULL)) { DisplayWinError("SetNamedSecurityInfo", GetLastError()); goto cleanup; } // // apply the security descriptor to the registry key // lRetCode = RegSetKeySecurity( hKey, (SECURITY_INFORMATION)DACL_SECURITY_INFORMATION, &sd ); if(lRetCode != ERROR_SUCCESS) { DisplayWinError("RegSetKeySecurity", lRetCode); goto cleanup; } bSuccess = TRUE; // indicate success cleanup: RegCloseKey(hKey); RegCloseKey(HKEY_LOCAL_MACHINE); // // free allocated resources // if(pDacl != NULL) HeapFree(GetProcessHeap(), 0, pDacl); if(pRestrictedSid != NULL) FreeSid(pRestrictedSid); if(pSystemSid != NULL) FreeSid(pSystemSid); if(pAdministratorsSid != NULL) FreeSid(pAdministratorsSid); if(pEveryoneSid != NULL) FreeSid(pEveryoneSid); if(bSuccess) { printf("SUCCESS updating user hive security\n"); return RTN_OK; } else { printf("ERROR updating user hive security\n"); return RTN_ERROR; } } void DisplayWinError( LPSTR szAPI, // pointer to Ansi function name DWORD dwError // DWORD WinError ) { LPSTR MessageBuffer; DWORD dwBufferLength; // // TODO get this fprintf out of here! // fprintf(stderr,"%s error!\n", szAPI); if(dwBufferLength=FormatMessageA( FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM, NULL, dwError, MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), (LPSTR) &MessageBuffer, 0, NULL )) { DWORD dwBytesWritten; // unused // // Output message string on stderr // WriteFile( GetStdHandle(STD_ERROR_HANDLE), MessageBuffer, dwBufferLength, &dwBytesWritten, NULL ); // // free the buffer allocated by the system // LocalFree(MessageBuffer); } }