Skip to content

Instantly share code, notes, and snippets.

@fasterthanlime

fasterthanlime/share.c

Created August 30, 2017 18:23
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save fasterthanlime/ea38871666bc7cc486c272650523c9e1 to your computer and use it in GitHub Desktop.
Save fasterthanlime/ea38871666bc7cc486c272650523c9e1 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
share.c
#include <windows.h>
#include <AccCtrl.h>
#include <Aclapi.h>
#include <WinNt.h>
#include <stdio.h>
#define SafeRelease(x) if (x != NULL) { LocalFree((HLOCAL)x); x = NULL; }
DWORD AddAceToObjectsSecurityDescriptor (
LPTSTR pszObjName, // name of object
SE_OBJECT_TYPE ObjectType, // type of object
LPTSTR pszTrustee, // trustee for new ACE
TRUSTEE_FORM TrusteeForm, // format of trustee structure
DWORD dwAccessRights, // access mask for new ACE
ACCESS_MODE AccessMode, // type of ACE
DWORD dwInheritance // inheritance flags for new ACE
)
{
DWORD dwRes = 0;
PACL pOldDACL = NULL, pNewDACL = NULL;
PSECURITY_DESCRIPTOR pSD = NULL;
EXPLICIT_ACCESS ea;
BOOL success;
if (NULL == pszObjName) {
return ERROR_INVALID_PARAMETER;
}
// Get a pointer to the existing DACL.
dwRes = GetNamedSecurityInfo(pszObjName, ObjectType,
DACL_SECURITY_INFORMATION,
NULL, NULL, &pOldDACL, NULL, &pSD);
if (ERROR_SUCCESS != dwRes) {
printf( "GetNamedSecurityInfo Error %u\n", dwRes );
goto Cleanup;
}
// Initialize an EXPLICIT_ACCESS structure for the new ACE.
ZeroMemory(&ea, sizeof(EXPLICIT_ACCESS));
ea.grfAccessPermissions = dwAccessRights;
ea.grfAccessMode = AccessMode;
ea.grfInheritance= dwInheritance;
ea.Trustee.TrusteeForm = TrusteeForm;
ea.Trustee.ptstrName = pszTrustee;
// Create a new ACL that merges the new ACE
// into the existing DACL.
dwRes = SetEntriesInAcl(1, &ea, pOldDACL, &pNewDACL);
if (ERROR_SUCCESS != dwRes) {
printf( "SetEntriesInAcl Error %u\n", dwRes );
goto Cleanup;
}
// Convert the security descriptor to absolute format
VOID *pAbsoluteSD = NULL;
DWORD AbsoluteSDSize = 0;
VOID *pDacl = NULL;
DWORD DaclSize = 0;
VOID *pSacl = NULL;
DWORD SaclSize = 0;
VOID *pOwner = NULL;
DWORD OwnerSize = 0;
VOID *pGroup = NULL;
DWORD GroupSize = 0;
MakeAbsoluteSD(
pSD,
(PSECURITY_DESCRIPTOR)pAbsoluteSD,
&AbsoluteSDSize,
(PACL)pDacl,
&DaclSize,
(PACL)pSacl,
&SaclSize,
(PSID)pOwner,
&OwnerSize,
(PSID)pGroup,
&GroupSize
); // will return false which is ok, we just want the sizes
pAbsoluteSD = (PSECURITY_DESCRIPTOR)LocalAlloc(0,AbsoluteSDSize);
if(!pAbsoluteSD) {
dwRes = GetLastError();
printf("LocalAlloc Error %u\n", dwRes);
goto Cleanup;
}
pDacl = (PACL)LocalAlloc(0,DaclSize);
if(!pDacl) {
dwRes = GetLastError();
printf("LocalAlloc Error %u\n", dwRes);
goto Cleanup;
}
pSacl = (PACL)LocalAlloc(0,SaclSize);
if(!pSacl) {
dwRes = GetLastError();
printf("LocalAlloc Error %u\n", dwRes);
goto Cleanup;
}
pOwner = (PSID)LocalAlloc(0,OwnerSize);
if(!pOwner) {
dwRes = GetLastError();
printf("LocalAlloc Error %u\n", dwRes);
goto Cleanup;
}
pGroup = (PSID)LocalAlloc(0,GroupSize);
if(!pGroup) {
dwRes = GetLastError();
printf("LocalAlloc Error %u\n", dwRes);
goto Cleanup;
}
success = MakeAbsoluteSD(
pSD,
(PSECURITY_DESCRIPTOR)pAbsoluteSD,
&AbsoluteSDSize,
(PACL)pDacl,
&DaclSize,
(PACL)pSacl,
&SaclSize,
(PSID)pOwner,
&OwnerSize,
(PSID)pGroup,
&GroupSize
); // will return false which is ok, we just want the sizes
if (!success) {
dwRes = GetLastError();
printf( "MakeAbsoluteSD Error %u\n", dwRes );
goto Cleanup;
}
// Attach the new ACL as the object's DACL.
// dwRes = SetNamedSecurityInfo(pszObjName, ObjectType,
// DACL_SECURITY_INFORMATION,
// NULL, NULL, pNewDACL, NULL);
// if (ERROR_SUCCESS != dwRes) {
// printf( "SetNamedSecurityInfo Error %u\n", dwRes );
// goto Cleanup;
// }
success = SetSecurityDescriptorDacl((PSECURITY_DESCRIPTOR)pAbsoluteSD, TRUE /* specifying dacl */, pNewDACL, FALSE /* not defaulted */);
if (!success) {
dwRes = GetLastError();
printf( "SetSecurityDescriptorDacl Error %u\n", dwRes );
goto Cleanup;
}
success = SetFileSecurity(pszObjName, DACL_SECURITY_INFORMATION, (PSECURITY_DESCRIPTOR)pAbsoluteSD);
if (!success) {
dwRes = GetLastError();
printf( "SetFileSecurity Error: %u\n", dwRes);
goto Cleanup;
}
Cleanup:
SafeRelease(pSD);
SafeRelease(pNewDACL);
return dwRes;
}
int main () {
fprintf(stderr, "Hi there\n");
/////////////////////////////////////
// Sharing
/////////////////////////////////////
// DWORD dwRes = AddAceToObjectsSecurityDescriptor(
// "C:\\Users\\amos\\.electron", // pszObjName
// SE_FILE_OBJECT, // ObjectType
// "itch-player-59922ff6", // pszTrustee
// TRUSTEE_IS_NAME,
// GENERIC_READ,
// GRANT_ACCESS,
// 0
// );
/////////////////////////////////////
// Unsharing
/////////////////////////////////////
DWORD dwRes = AddAceToObjectsSecurityDescriptor(
"C:\\Users\\amos\\.electron", // pszObjName
SE_FILE_OBJECT, // ObjectType
"itch-player-59922ff6", // pszTrustee
TRUSTEE_IS_NAME,
GENERIC_READ,
REVOKE_ACCESS,
0
);
if (ERROR_SUCCESS != dwRes) {
printf( "AddAceToObjectsSecurityDescriptor Error %u\n", dwRes );
return 1;
}
return 0;
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment