10.2.1 存取控制.htm
来自「Windows2000后台服务程序开发手册」· HTM 代码 · 共 723 行 · 第 1/5 页
HTM
723 行
<TD style="LINE-HEIGHT: 25px"><FONT style="LINE-HEIGHT: 25px"
face=arial size=2> </FONT></TD></TR>
<TR style="LINE-HEIGHT: 25px">
<TD style="LINE-HEIGHT: 25px"><FONT style="LINE-HEIGHT: 25px"
face=arial size=2> </FONT></TD>
<TD style="LINE-HEIGHT: 25px"><FONT style="LINE-HEIGHT: 25px"
size=2>
<DIV
style="LINE-HEIGHT: 25px; BACKGROUND-COLOR: #d7d7d7"><FONT
style="LINE-HEIGHT: 25px" face=Arial size=3><PRE style="LINE-HEIGHT: 25px">JOB_OBJECT_ALL_ACCESS <BR> (STANDARD_RIGHTS_REQUIRED | <BR> SYNCHRONIZE | <BR> 0x1F) <BR> (0x1F包括所有目前为工作对象定义的标准权利) <BR> JOB_OBJECT_ASSIGN_PROCESS <BR> JOB_OBJECT_SET_ATTRIBUTES <BR> JOB_OBJECT_QUERY <BR> JOB_OBJECT_TERMINATE <BR> JOB_OBJECT_SET_SECURITY_ATTRIBUTES</PRE></FONT></DIV></FONT></TD></TR>
<TR style="LINE-HEIGHT: 25px">
<TD style="LINE-HEIGHT: 25px"><FONT style="LINE-HEIGHT: 25px"
size=2>号志(Semaphore)(WinNT.h)</FONT></TD>
<TD style="LINE-HEIGHT: 25px"><FONT style="LINE-HEIGHT: 25px"
face=arial size=2> </FONT></TD></TR>
<TR style="LINE-HEIGHT: 25px">
<TD style="LINE-HEIGHT: 25px"><FONT style="LINE-HEIGHT: 25px"
face=arial size=2> </FONT></TD>
<TD style="LINE-HEIGHT: 25px"><FONT style="LINE-HEIGHT: 25px"
size=2>
<DIV
style="LINE-HEIGHT: 25px; BACKGROUND-COLOR: #d7d7d7"><FONT
style="LINE-HEIGHT: 25px" face=Arial size=3><PRE style="LINE-HEIGHT: 25px">SEMAPHORE_ALL_ACCESS <BR> (STANDARD_RIGHTS_REQUIRED | <BR> SYNCHRONIZE | <BR> 0x3) <BR> (0x3包括所有目前为号志(Semaphore)定义的标准权利) <BR> SEMAPHORE_MODIFY_STATE <BR> MUTANT_QUERY_STATE</PRE></FONT></DIV></FONT></TD></TR>
<TR style="LINE-HEIGHT: 25px">
<TD style="LINE-HEIGHT: 25px"><FONT style="LINE-HEIGHT: 25px"
size=2>事件(WinNT.h)</FONT></TD>
<TD style="LINE-HEIGHT: 25px"><FONT style="LINE-HEIGHT: 25px"
face=arial size=2> </FONT></TD></TR>
<TR style="LINE-HEIGHT: 25px">
<TD style="LINE-HEIGHT: 25px"><FONT style="LINE-HEIGHT: 25px"
face=arial size=2> </FONT></TD>
<TD style="LINE-HEIGHT: 25px"><FONT style="LINE-HEIGHT: 25px"
size=2>
<DIV
style="LINE-HEIGHT: 25px; BACKGROUND-COLOR: #d7d7d7"><FONT
style="LINE-HEIGHT: 25px" face=Arial size=3><PRE style="LINE-HEIGHT: 25px">EVENT_ALL_ACCESS <BR> (STANDARD_RIGHTS_REQUIRED | <BR> SYNCHRONIZE | <BR> 0x3) <BR> (0x3包括所有目前为事件定义的标准权利) <BR> EVENT_MODIFY_STATE <BR> MUTANT_QUERY_STATE</PRE></FONT></DIV></FONT></TD></TR>
<TR style="LINE-HEIGHT: 25px">
<TD style="LINE-HEIGHT: 25px"><FONT style="LINE-HEIGHT: 25px"
size=2>Mutex(WinBase.h)</FONT></TD>
<TD style="LINE-HEIGHT: 25px"><FONT style="LINE-HEIGHT: 25px"
face=arial size=2> </FONT></TD></TR>
<TR style="LINE-HEIGHT: 25px">
<TD style="LINE-HEIGHT: 25px"><FONT style="LINE-HEIGHT: 25px"
face=arial size=2> </FONT></TD>
<TD style="LINE-HEIGHT: 25px"><FONT style="LINE-HEIGHT: 25px"
size=2>
<DIV
style="LINE-HEIGHT: 25px; BACKGROUND-COLOR: #d7d7d7"><FONT
style="LINE-HEIGHT: 25px" face=Arial size=3><PRE style="LINE-HEIGHT: 25px">MUTEX_ALL_ACCESS <BR> (STANDARD_RIGHTS_REQUIRED | <BR> SYNCHRONIZE | <BR> 0x3) <BR> (0x3包括所有目前为Mutexes定义的标准权利) <BR> MUTEX_MODIFY_STATE <BR> MUTANT_QUERY_STATE</PRE></FONT></DIV></FONT></TD></TR>
<TR style="LINE-HEIGHT: 25px">
<TD style="LINE-HEIGHT: 25px"><FONT style="LINE-HEIGHT: 25px"
size=2>文件对应对象(WinBase.h)</FONT></TD>
<TD style="LINE-HEIGHT: 25px"><FONT style="LINE-HEIGHT: 25px"
face=arial size=2> </FONT></TD></TR>
<TR style="LINE-HEIGHT: 25px">
<TD style="LINE-HEIGHT: 25px"><FONT style="LINE-HEIGHT: 25px"
face=arial size=2> </FONT></TD>
<TD style="LINE-HEIGHT: 25px"><FONT style="LINE-HEIGHT: 25px"
size=2>
<DIV
style="LINE-HEIGHT: 25px; BACKGROUND-COLOR: #d7d7d7"><FONT
style="LINE-HEIGHT: 25px" face=Arial size=3><PRE style="LINE-HEIGHT: 25px">FILE_MAP_ALL_ACCESS <BR> (STANDARD_RIGHTS_REQUIRED | <BR> FILE_MAP_COPY | <BR> FILE_MAP_WRITE | <BR> FILE_MAP_READ | <BR> SECTION_MAP_EXECUTE <BR> SECTION_EXTEND_SIZE) <BR> FILE_MAP_WRITE <BR> FILE_MAP_READ <BR> FILE_MAP_COPY <BR> SECTION_EXTEND_SIZE</PRE></FONT></DIV></FONT></TD></TR>
<TR style="LINE-HEIGHT: 25px">
<TD style="LINE-HEIGHT: 25px"><FONT style="LINE-HEIGHT: 25px"
size=2>可等待的计时器(WinNT.h)</FONT></TD>
<TD style="LINE-HEIGHT: 25px"><FONT style="LINE-HEIGHT: 25px"
face=arial size=2> </FONT></TD></TR>
<TR style="LINE-HEIGHT: 25px">
<TD style="LINE-HEIGHT: 25px"><FONT style="LINE-HEIGHT: 25px"
face=arial size=2> </FONT></TD>
<TD style="LINE-HEIGHT: 25px"><FONT style="LINE-HEIGHT: 25px"
size=2>
<DIV
style="LINE-HEIGHT: 25px; BACKGROUND-COLOR: #d7d7d7"><FONT
style="LINE-HEIGHT: 25px" face=Arial size=3><PRE style="LINE-HEIGHT: 25px">TIMER_ALL_ACCESS <BR> (STANDARD_RIGHTS_REQUIRED | <BR> SYNCHRONIZE | <BR> TIMER_QUERY_STATE | <BR> TIMER_MODIFY_STATE) <BR> TIMER_QUERY_STATE <BR> TIMER_MODIFY_STATE</PRE></FONT></DIV></FONT></TD></TR>
<TR style="LINE-HEIGHT: 25px">
<TD style="LINE-HEIGHT: 25px"><FONT style="LINE-HEIGHT: 25px"
size=2>Token (WinNT.h)</FONT></TD>
<TD style="LINE-HEIGHT: 25px"><FONT style="LINE-HEIGHT: 25px"
face=arial size=2> </FONT></TD></TR>
<TR style="LINE-HEIGHT: 25px">
<TD style="LINE-HEIGHT: 25px"><FONT style="LINE-HEIGHT: 25px"
face=arial size=2> </FONT></TD>
<TD style="LINE-HEIGHT: 25px"><FONT style="LINE-HEIGHT: 25px"
size=2>
<DIV
style="LINE-HEIGHT: 25px; BACKGROUND-COLOR: #d7d7d7"><FONT
style="LINE-HEIGHT: 25px" face=Arial size=3><PRE style="LINE-HEIGHT: 25px">TOKEN_ALL_ACCESS <BR> (STANDARD_RIGHTS_REQUIRED | <BR> TOKEN_ASSIGN_PRIMARY | <BR> TOKEN_DUPLICATE | <BR> TOKEN_IMPERSONATE | <BR> TOKEN_QUERY | <BR> TOKEN_QUERY_SOURCE | <BR> TOKEN_ADJUST_PRIVILEGES | <BR> TOKEN_ADJUST_GROUPS | <BR> TOKEN_ADJUST_SESSIONID | <BR> TOKEN_ADJUST_DEFAULT) <BR> TOKEN_ASSIGN_PRIMARY <BR> TOKEN_DUPLICATE <BR> TOKEN_IMPERSONATE <BR> TOKEN_QUERY <BR> TOKEN_QUERY_SOURCE <BR> TOKEN_ADJUST_PRIVILEGES <BR> TOKEN_ADJUST_GROUPS <BR> TOKEN_ADJUST_DEFAULT <BR> TOKEN_ADJUST_SESSIONID</PRE></FONT></DIV></FONT></TD></TR>
<TR style="LINE-HEIGHT: 25px">
<TD style="LINE-HEIGHT: 25px"><FONT style="LINE-HEIGHT: 25px"
size=2>管道(WinNT.h)</FONT></TD>
<TD style="LINE-HEIGHT: 25px"><FONT style="LINE-HEIGHT: 25px"
face=arial size=2> </FONT></TD></TR>
<TR style="LINE-HEIGHT: 25px">
<TD style="LINE-HEIGHT: 25px"><FONT style="LINE-HEIGHT: 25px"
face=arial size=2> </FONT></TD>
<TD style="LINE-HEIGHT: 25px"><FONT style="LINE-HEIGHT: 25px"
size=2>
<DIV
style="LINE-HEIGHT: 25px; BACKGROUND-COLOR: #d7d7d7"><FONT
style="LINE-HEIGHT: 25px" face=Arial size=3><PRE style="LINE-HEIGHT: 25px">FILE_ALL_ACCESS <BR> (STANDARD_RIGHTS_REQUIRED | <BR> SYNCHRONIZE | <BR> 0x1FF) <BR> (0x1FF包括所有目前为文件定义的标准权利) <BR> FILE_READ_DATA <BR> FILE_WRITE_DATA <BR> FILE_CREATE_PIPE_INSTANCE <BR> FILE_READ_ATTRIBUTES <BR> FILE_WRITE_ATTRIBUTES</PRE></FONT></DIV></FONT></TD></TR>
<TR style="LINE-HEIGHT: 25px">
<TD style="LINE-HEIGHT: 25px"><FONT style="LINE-HEIGHT: 25px"
size=2>Window站台(WinUser.h)</FONT></TD>
<TD style="LINE-HEIGHT: 25px"><FONT style="LINE-HEIGHT: 25px"
face=arial size=2> </FONT></TD></TR>
<TR style="LINE-HEIGHT: 25px">
<TD style="LINE-HEIGHT: 25px"><FONT style="LINE-HEIGHT: 25px"
face=arial size=2> </FONT></TD>
<TD style="LINE-HEIGHT: 25px"><FONT style="LINE-HEIGHT: 25px"
size=2>
<DIV
style="LINE-HEIGHT: 25px; BACKGROUND-COLOR: #d7d7d7"><FONT
style="LINE-HEIGHT: 25px" face=Arial size=3><PRE style="LINE-HEIGHT: 25px">WINSTA_ACCESSCLIPBOARD <BR> WINSTA_ACCESSGLOBALATOMS <BR> WINSTA_CREATEDESKTOP <BR> WINSTA_ENUMDESKTOPS <BR> WINSTA_ENUMERATE <BR> WINSTA_EXITWINDOWS <BR> WINSTA_READATTRIBUTES <BR> WINSTA_READSCREEN <BR> WINSTA_WRITEATTRIBUTES</PRE></FONT></DIV></FONT></TD></TR>
<TR style="LINE-HEIGHT: 25px">
<TD style="LINE-HEIGHT: 25px"><FONT style="LINE-HEIGHT: 25px"
size=2>桌面(WinUser.h)</FONT></TD>
<TD style="LINE-HEIGHT: 25px"><FONT style="LINE-HEIGHT: 25px"
face=arial size=2> </FONT></TD></TR>
<TR style="LINE-HEIGHT: 25px">
<TD style="LINE-HEIGHT: 25px"><FONT style="LINE-HEIGHT: 25px"
face=arial size=2> </FONT></TD>
<TD style="LINE-HEIGHT: 25px"><FONT style="LINE-HEIGHT: 25px"
size=2>
<DIV
style="LINE-HEIGHT: 25px; BACKGROUND-COLOR: #d7d7d7"><FONT
style="LINE-HEIGHT: 25px" face=Arial size=3>DESKTOP_CREATEMENU
<BR>DESKTOP_CREATEWINDOW <BR>DESKTOP_ENUMERATE
<BR>DESKTOP_HOOKCONTROL <BR>DESKTOP_JOURNALPLAYBACK
<BR>DESKTOP_JOURNALRECORD <BR>DESKTOP_READOBJECTS
<BR>DESKTOP_SWITCHDESKTOP <BR>DESKTOP_WRITEOBJECTS
</FONT></DIV></FONT></TD></TR></TBODY></TABLE></CENTER>
<P><FONT style="LINE-HEIGHT: 25px" face=arial color=#000000
size=2>包括这些特定权利及先前讨论的标准权利在内,您已经拥有保护对象安全所要求的所有权利。然而,还有一些通用权利的议题需要讨论。</FONT></P>
<P><FONT style="LINE-HEIGHT: 25px" face=arial color=#000000
size=2><FONT style="LINE-HEIGHT: 25px" face=arial color=#3e80d7
size=2><B
style="LINE-HEIGHT: 25px"> 通用权利及预设的安全性 </B></FONT>本章稍早曾提到软件在建立一个没有明显设定安全性的对象时,会指派预设的安全性给安全对象。这个指派的特点通常是经由传递NULL给函数的安全属性参数,以建立一个安全对象,例如文件或事件。在我们可以开始讨论通用权利之前,您必须了解如何实作预设安全性的内容。</FONT></P>
<P><FONT style="LINE-HEIGHT: 25px" face=arial color=#000000
size=2>请记得您执行的程序代码与权杖(Token)的内部结构相关联。到目前为止,已经说明了权杖包含您的识别SID及群组SIDs,以及指派给您的权限清单。除了这个资讯外,每个权杖也储存一个以预设安全性建立对象的DACL,即<FONT
style="LINE-HEIGHT: 25px" face=arial color=#3e80d7 size=2><B
style="LINE-HEIGHT: 25px"> 预设的DACL </B></FONT>,可以由您的程序代码设定(这个和其他与权杖相关的主题将在下一章中做更详细的讨论)。</FONT></P>
<P><FONT style="LINE-HEIGHT: 25px" face=arial color=#000000
size=2>目前,您需要了解已存在的DACL(您可以修改及设定),它可以适用于预设安全性建立的对象。要注意的重要部份是DACL可以适用于对象的任何类型,因而产生了一个系统方面的问题。</FONT></P>
<HR style="LINE-HEIGHT: 25px">
⌨️ 快捷键说明
复制代码Ctrl + C
搜索代码Ctrl + F
全屏模式F11
增大字号Ctrl + =
减小字号Ctrl + -
显示快捷键?