打开文件、文件夹权限的C++源码 (去掉禁用权限)
本篇文章属于《518抽奖软件开发日志》系列文章的一部分。
我在开发《518抽奖软件》(www.518cj.net)的时候,偶尔会遇到正常文件夹下没读写权限,本来是应该有权限的。就是因为不知道怎么回事禁用了权限,删除禁用权限即可,代码如下,此代码对注册表项也适用。
void Tfuns::open_perm(const WCHAR* file)
{
BOOL bReg = FALSE;
if (StrStrI(file, L"USERS") == file ||
StrStrI(file, L"MACHINE") == file ||
StrStrI(file, L"CURRENT_USER") == file ||
StrStrI(file, L"CLASSES_ROOT") == file)
bReg = TRUE;
if (!bReg) SetFileAttributes(file, FILE_ATTRIBUTE_NORMAL);
PACL pOldDacl = NULL;
PACL pNewDacl = NULL;
PSECURITY_DESCRIPTOR pSD = NULL;
SE_OBJECT_TYPE type = SE_FILE_OBJECT;
if (bReg) type = SE_REGISTRY_KEY;
if (ERROR_SUCCESS != GetNamedSecurityInfo(file, type, DACL_SECURITY_INFORMATION, NULL, NULL, &pOldDacl, NULL, &pSD))
{
if (Tfuns::is_userAdmin() || Tfuns::is_runasAdmin())
setOwner_admins(file);
if (ERROR_SUCCESS != GetNamedSecurityInfo(file, type, DACL_SECURITY_INFORMATION, NULL, NULL, &pOldDacl, NULL, &pSD))
goto ERR;
}
{
WCHAR username[MAX_PATH] = { 0 };
DWORD sz = MAX_PATH;
GetUserName(username, &sz);
EXPLICIT_ACCESS ea = { 0 };
// 增加允许权限
BuildExplicitAccessWithName(&ea, (LPTSTR)username, GENERIC_ALL, GRANT_ACCESS, SUB_CONTAINERS_AND_OBJECTS_INHERIT);
SetEntriesInAcl(1, &ea, pOldDacl, &pNewDacl);
if (!pNewDacl)
{
SetEntriesInAcl(0, NULL, pOldDacl, &pNewDacl);
if (!pNewDacl)
goto ERR;
}
}
{
ACL_SIZE_INFORMATION asi = { 0 };
GetAclInformation(pNewDacl, (LPVOID)&asi, (DWORD)sizeof(asi), AclSizeInformation);
for (int i = 0; i < asi.AceCount; i++)
{
LPVOID ace = NULL;
GetAce(pNewDacl, i, &ace);
if (!ace) goto ERR;
// 删除禁用权限
if (((ACE_HEADER*)ace)->AceType == ACCESS_DENIED_ACE_TYPE ||
((ACE_HEADER*)ace)->AceType == ACCESS_DENIED_CALLBACK_ACE_TYPE ||
((ACE_HEADER*)ace)->AceType == ACCESS_DENIED_CALLBACK_OBJECT_ACE_TYPE ||
((ACE_HEADER*)ace)->AceType == ACCESS_DENIED_OBJECT_ACE_TYPE)
{
if (!DeleteAce(pNewDacl, i))
goto ERR;
asi.AceCount--;
i--;
}
}
}
WCHAR obj[MAX_PATH] = { 0 };
wcscpy(obj, file);
if (ERROR_SUCCESS != SetNamedSecurityInfo(obj, type, DACL_SECURITY_INFORMATION, NULL, NULL, pNewDacl, NULL))
{
if (Tfuns::is_userAdmin() || Tfuns::is_runasAdmin())
setOwner_admins(file);
if (ERROR_SUCCESS != SetNamedSecurityInfo(obj, type, DACL_SECURITY_INFORMATION, NULL, NULL, pNewDacl, NULL))
goto ERR;
}
ERR:
if (pSD) LocalFree((HLOCAL)pSD);
if (pNewDacl) LocalFree((HLOCAL)pNewDacl);
}
static BOOL SetPrivilege(HANDLE hToken, LPCTSTR name, BOOL bEnable)
{
TOKEN_PRIVILEGES tp = { 0 };
LUID luid = { 0 };
if (!LookupPrivilegeValue(NULL, name, &luid))
return FALSE;
tp.PrivilegeCount = 1;
tp.Privileges[0].Luid = luid;
if (bEnable)
tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
else
tp.Privileges[0].Attributes = 0;
return AdjustTokenPrivileges(hToken, FALSE, &tp, sizeof(TOKEN_PRIVILEGES), NULL, NULL);
}
static BOOL setOwner_admins(const WCHAR* file)
{
BOOL bReg = FALSE;
if (StrStrI(file, L"USERS") == file ||
StrStrI(file, L"MACHINE") == file ||
StrStrI(file, L"CURRENT_USER") == file ||
StrStrI(file, L"CLASSES_ROOT") == file)
bReg = TRUE;
SE_OBJECT_TYPE type = SE_FILE_OBJECT;
if (bReg) type = SE_REGISTRY_KEY;
HANDLE hToken = NULL;
OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES, &hToken);
if (!hToken)
return FALSE;
if (!SetPrivilege(hToken, SE_TAKE_OWNERSHIP_NAME, TRUE))
return FALSE;
PSID pSID = NULL;
SID_IDENTIFIER_AUTHORITY SIDAuth = SECURITY_NT_AUTHORITY;
if (!AllocateAndInitializeSid(&SIDAuth, 2, SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ADMINS, 0, 0, 0, 0, 0, 0, &pSID))
return FALSE;
WCHAR obj[MAX_PATH] = { 0 };
wcscpy(obj, file);
DWORD r = SetNamedSecurityInfo(obj, type, OWNER_SECURITY_INFORMATION, pSID, NULL, NULL, NULL);
if (pSID) FreeSid(pSID);
if (r == ERROR_SUCCESS) return TRUE;
else return FALSE;
}