📄 usbsdmgr.cpp
字号:
//--------------------------------------------------------------------
// Include
#include "stdafx.h"
#include "Windows.h"
#include "USBSdMgr.h"
//--------------------------------------------------------------------
// const variables
USBCNTL_RSRC_ACCESSMASK UsbCntlAccessMask[CUSBCntlSdMgr::driMax] = {
// ALL, WRITE, READ
{GENERIC_ALL, GENERIC_WRITE, GENERIC_READ }, // driFile
{GENERIC_ALL, GENERIC_WRITE, GENERIC_READ }, // driEvent
{GENERIC_ALL, GENERIC_WRITE, GENERIC_READ }, // driMutex
{KEY_ALL_ACCESS, KEY_WRITE, KEY_READ }, // driReg
{FILE_MAP_ALL_ACCESS, FILE_MAP_WRITE, FILE_MAP_READ}, // driShMem
{PRINTER_ALL_ACCESS, JOB_ALL_ACCESS, PRINTER_READ } // driPrinter
};
//--------------------------------------------------------------------
// class
/*@
@func CUSBCntlSdMgr(void)
@brief Constructor
@*/
CUSBCntlSdMgr::CUSBCntlSdMgr(void)
{
this->m_SecAttr.nLength = sizeof(this->m_SecAttr);
this->m_SecAttr.bInheritHandle = FALSE;
this->m_pSecDesc = NULL;
this->m_pSid = NULL;
this->m_pSidSystemUser = NULL;
this->m_pSidEveryUser = NULL;
this->m_pAcl = NULL;
}
/*@
@func ~CUSBCntlSdMgr(void)
@brief Destructor
@*/
CUSBCntlSdMgr::~CUSBCntlSdMgr(void)
{
this->Close();
}
/*@
@func BOOL Close(void)
@brief The resource of the member variable is closed.
@return TRUE :惉岟
FALSE :幐攕
@*/
BOOL CUSBCntlSdMgr::Close(void)
{
if (this->m_pSecDesc != NULL) {
::LocalFree(this->m_pSecDesc);
this->m_pSecDesc = NULL;
}
if (this->m_pSid != NULL) {
::LocalFree(this->m_pSid);
this->m_pSid = NULL;
}
if (this->m_pSidSystemUser != NULL) {
::LocalFree(this->m_pSidSystemUser);
this->m_pSidSystemUser = NULL;
}
if (this->m_pSidEveryUser != NULL) {
::LocalFree(this->m_pSidEveryUser);
this->m_pSidEveryUser = NULL;
}
if (this->m_pAcl != NULL) {
::LocalFree(this->m_pAcl);
this->m_pAcl = NULL;
}
return TRUE;
}
/*@
@func BOOL GenerateSdOfEveryoneFullAccess(DWORD dwRsrcId)
@brief Everyone full access
@arg [I] DWORD dwRsrcId :Resource ID
@return TRUE :Success
FALSE :幐攕
@*/
BOOL CUSBCntlSdMgr::GenerateSdOfEveryoneFullAccess(DWORD dwRsrcId)
{
if (!this->GetSecdesc(USBCNTL_EVERY_USER, UsbCntlAccessMask[dwRsrcId].All)) {
return FALSE;
}
this->m_SecAttr.lpSecurityDescriptor = this->m_pSecDesc;
return TRUE;
}
/*@
@func BOOL GenerateSdOfOnlyAdminAccess(DWORD dwRsrcId)
@brief System full access
@arg [I] DWORD dwRsrcId :Resource ID
@return TRUE :惉岟
FALSE :幐攕
@*/
BOOL CUSBCntlSdMgr::GenerateSdOfOnlyAdminAccess(DWORD dwRsrcId)
{
if (!this->GetSecdesc(USBCNTL_SYSTEM_USER, UsbCntlAccessMask[dwRsrcId].All)) {
return FALSE;
}
this->m_SecAttr.lpSecurityDescriptor = this->m_pSecDesc;
return TRUE;
}
/*@
@func BOOL GenerateSdOfEveryoneReadOnly(DWORD dwRsrcId)
@brief Only the reference System full accesses Everyone.
@arg [I] DWORD dwRsrcId :Resource ID
@return TRUE :惉岟
FALSE :幐攕
@*/
BOOL CUSBCntlSdMgr::GenerateSdOfEveryoneReadOnly(DWORD dwRsrcId)
{
if (!this->InitSecDesc()) {
return FALSE;
}
BOOL bRet = TRUE;
DWORD dwAclSize;
// System account
if (!this->GetSid(USBCNTL_SYSTEM_USER, this->m_pSidSystemUser)) {
return FALSE;
}
// EveryOne account
if (!this->GetSid(USBCNTL_EVERY_USER, this->m_pSidEveryUser)) {
return FALSE;
}
// The size of ACL is calculated.
// ACL becomes two each user for the printer.
#ifdef _DEBUG_TEST
if(dwRsrcId == DtsSdMgr::driPrinter)
{
dwAclSize = sizeof(ACL) + 4 * ( sizeof(ACCESS_ALLOWED_ACE) - sizeof(DWORD) )
+ ::GetLengthSid(this->m_pSidSystemUser)
+ ::GetLengthSid(this->m_pSidSystemUser)
+ ::GetLengthSid(this->m_pSidEveryUser)
+ ::GetLengthSid(this->m_pSidEveryUser);
}
else
{
dwAclSize = sizeof(ACL) + 2 * ( sizeof(ACCESS_ALLOWED_ACE) - sizeof(DWORD) )
+ ::GetLengthSid(this->m_pSidSystemUser)
+ ::GetLengthSid(this->m_pSidEveryUser);
}
#else
if(dwRsrcId == CUSBCntlSdMgr::driPrinter)
{
dwAclSize = sizeof(ACL) + 3 * ( sizeof(ACCESS_ALLOWED_ACE) - sizeof(DWORD) )
+ ::GetLengthSid(this->m_pSidSystemUser)
+ ::GetLengthSid(this->m_pSidSystemUser)
+ ::GetLengthSid(this->m_pSidEveryUser);
}
else
{
dwAclSize = sizeof(ACL) + 2 * ( sizeof(ACCESS_ALLOWED_ACE) - sizeof(DWORD) )
+ ::GetLengthSid(this->m_pSidSystemUser)
+ ::GetLengthSid(this->m_pSidEveryUser);
}
#endif
this->m_pAcl = (PACL)::LocalAlloc(LPTR, dwAclSize);
if (this->m_pAcl == NULL) {
return FALSE;
}
if (!::InitializeAcl(this->m_pAcl, dwAclSize, ACL_REVISION)) {
return FALSE;
}
// System account
// Use and management authority ACE of printer
bRet = ::AddAccessAllowedAce(this->m_pAcl, ACL_REVISION, UsbCntlAccessMask[dwRsrcId].All, this->m_pSidSystemUser);
if (!bRet) {
return FALSE;
}
// Only for the printer.
if(dwRsrcId == CUSBCntlSdMgr::driPrinter)
{
// Management authority ACE of document
bRet = ::AddAccessAllowedAceEx(this->m_pAcl, ACL_REVISION, PRINTER_INHERIT, UsbCntlAccessMask[dwRsrcId].Write, this->m_pSidSystemUser);
if (!bRet) {
return FALSE;
}
}
// EveryOne account
#ifdef _DEBUG_TEST
// 僨僶僢僌帪偼僄儔乕夞旔偺偨傔僼儖傾僋僙僗偵偡傞
bRet = ::AddAccessAllowedAce(this->m_pAcl, ACL_REVISION, UsbCntlAccessMask[dwRsrcId].All, this->m_pSidEveryUser);
// 僾儕儞僞偺応崌偺傒丅
if(dwRsrcId == DtsSdMgr::driPrinter)
{
// 僪僉儏儊儞僩偺娗棟尃尷ACE
bRet = ::AddAccessAllowedAceEx(this->m_pAcl, ACL_REVISION, PRINTER_INHERIT, UsbCntlAccessMask[dwRsrcId].Write, this->m_pSidEveryUser);
if (!bRet) {
return FALSE;
}
}
#else
bRet = ::AddAccessAllowedAce(this->m_pAcl, ACL_REVISION, UsbCntlAccessMask[dwRsrcId].Read, this->m_pSidEveryUser);
#endif
if (!bRet) {
return FALSE;
}
// The security descriptor is registered as DACL.
bRet = ::SetSecurityDescriptorDacl(this->m_pSecDesc, TRUE, this->m_pAcl, FALSE);
if(bRet == FALSE){
return FALSE;
}
this->m_SecAttr.lpSecurityDescriptor = this->m_pSecDesc;
return TRUE;
}
/*@
@func BOOL GenerateSdOfSystemAndEveryoneFullAccess(DWORD dwRsrcId)
@brief Everyone and System full access
@arg [I] DWORD dwRsrcId :Resource ID
@return TRUE :惉岟
FALSE :幐攕
@*/
BOOL CUSBCntlSdMgr::GenerateSdOfSystemAndEveryoneFullAccess(DWORD dwRsrcId)
{
if (!this->InitSecDesc()) {
return FALSE;
}
BOOL bRet = TRUE;
DWORD dwAclSize;
// System account
if (!this->GetSid(USBCNTL_SYSTEM_USER, this->m_pSidSystemUser)) {
return FALSE;
}
// EveryOne account
if (!this->GetSid(USBCNTL_EVERY_USER, this->m_pSidEveryUser)) {
return FALSE;
}
// The size of ACL is calculated.
// Only the number of ACL is added.
// ACL becomes two each user for the printer.
if(dwRsrcId == CUSBCntlSdMgr::driPrinter)
{
dwAclSize = sizeof(ACL) + 4 * ( sizeof(ACCESS_ALLOWED_ACE) - sizeof(DWORD) )
+ ::GetLengthSid(this->m_pSidSystemUser)
+ ::GetLengthSid(this->m_pSidSystemUser)
+ ::GetLengthSid(this->m_pSidEveryUser)
+ ::GetLengthSid(this->m_pSidEveryUser);
}
else
{
dwAclSize = sizeof(ACL) + 2 * ( sizeof(ACCESS_ALLOWED_ACE) - sizeof(DWORD) )
+ ::GetLengthSid(this->m_pSidSystemUser)
+ ::GetLengthSid(this->m_pSidEveryUser);
}
this->m_pAcl = (PACL)::LocalAlloc(LPTR, dwAclSize);
if (this->m_pAcl == NULL) {
return FALSE;
}
if (!::InitializeAcl(this->m_pAcl, dwAclSize, ACL_REVISION)) {
return FALSE;
}
// System account
// Use and management authority ACE of printer
bRet = ::AddAccessAllowedAce(this->m_pAcl, ACL_REVISION, UsbCntlAccessMask[dwRsrcId].All, this->m_pSidSystemUser);
if (!bRet) {
return FALSE;
}
// Only for the printer.
if(dwRsrcId == CUSBCntlSdMgr::driPrinter)
{
// Management authority ACE of document
bRet = ::AddAccessAllowedAceEx(this->m_pAcl, ACL_REVISION, PRINTER_INHERIT, UsbCntlAccessMask[dwRsrcId].Write, this->m_pSidSystemUser);
if (!bRet) {
return FALSE;
}
}
// EveryOne account
bRet = ::AddAccessAllowedAce(this->m_pAcl, ACL_REVISION, UsbCntlAccessMask[dwRsrcId].All, this->m_pSidEveryUser);
if (!bRet) {
return FALSE;
}
// Only for the printer.
if(dwRsrcId == CUSBCntlSdMgr::driPrinter)
{
// Management authority ACE of document
bRet = ::AddAccessAllowedAceEx(this->m_pAcl, ACL_REVISION, PRINTER_INHERIT, UsbCntlAccessMask[dwRsrcId].Write, this->m_pSidEveryUser);
if (!bRet) {
return FALSE;
}
}
// The security descriptor is registered as DACL.
bRet = ::SetSecurityDescriptorDacl(this->m_pSecDesc, TRUE, this->m_pAcl, FALSE);
if(bRet == FALSE){
return FALSE;
}
this->m_SecAttr.lpSecurityDescriptor = this->m_pSecDesc;
return TRUE;
}
/*@
@func BOOL InitSecDesc(void)
@brief Initialization of security descriptor
@return TRUE :惉岟
FALSE :幐攕
@*/
BOOL CUSBCntlSdMgr::InitSecDesc(void)
{
BOOL bRet = TRUE;
this->Close();
this->m_pSecDesc = (PSECURITY_DESCRIPTOR)::LocalAlloc(LPTR, SECURITY_DESCRIPTOR_MIN_LENGTH);
if (this->m_pSecDesc == NULL) {
return FALSE;
}
bRet = ::InitializeSecurityDescriptor(this->m_pSecDesc, SECURITY_DESCRIPTOR_REVISION);
if (!bRet) {
return FALSE;
}
return TRUE;
}
/*@
@func BOOL GetSid(PWCHAR pwszUserName, PSID& pSid)
@brief SID acquisition processing
@arg [I] PWCHAR pwszUserName :Pointer of user-name
@arg [O] PSID& pSid :Reference to pointer of SID
@return TRUE :惉岟
FALSE :幐攕
@*/
BOOL CUSBCntlSdMgr::GetSid(PWCHAR pwszUserName, PSID& pSid)
{
BOOL bRet;
DWORD cbSid = 0;
WCHAR szRefDomain[SD_BUFSIZE_DOMAINNAME];
DWORD cbRefDomain = sizeof(szRefDomain)/sizeof(WCHAR);
SID_NAME_USE eUse;
bRet = ::LookupAccountNameW(NULL, pwszUserName, pSid, &cbSid, szRefDomain, &cbRefDomain, &eUse);
if (bRet) {
return FALSE;
} else if (::GetLastError() != ERROR_INSUFFICIENT_BUFFER) {
return FALSE;
}
pSid = (PSID)::LocalAlloc(LMEM_FIXED, cbSid);
if (pSid == NULL) {
return FALSE;
}
bRet = ::LookupAccountNameW(NULL, pwszUserName, pSid, &cbSid, szRefDomain, &cbRefDomain, &eUse);
if (!bRet) {
return FALSE;
}
return TRUE;
}
/*@
@func BOOL GetSecdesc(PWCHAR pwszUserName, DWORD dwAccessMask)
@brief Acquisition processing of security descriptor
@arg [I] PWCHAR pwszUserName :Pointer of user-name
@arg [I] DWORD dwAccessMask :Access mask
@return TRUE :惉岟
FALSE :幐攕
@*/
BOOL CUSBCntlSdMgr::GetSecdesc(PWCHAR pwszUserName, DWORD dwAccessMask)
{
BOOL bRet = TRUE;
if (!this->InitSecDesc()) {
return FALSE;
}
this->m_pSid = NULL;
// SID of the account is acquired.
if (!this->GetSid(pwszUserName, this->m_pSid)) {
return FALSE;
}
// The size of ACL is calculated.
DWORD dwAclSize = sizeof(ACL) + 1 * ( sizeof(ACCESS_ALLOWED_ACE) - sizeof(DWORD) ) +
::GetLengthSid(this->m_pSid);
this->m_pAcl = (PACL)::LocalAlloc(LPTR, dwAclSize);
if (this->m_pAcl == NULL) {
return FALSE;
}
if (!::InitializeAcl(this->m_pAcl, dwAclSize, ACL_REVISION)) {
return FALSE;
}
bRet = ::AddAccessAllowedAce(this->m_pAcl, ACL_REVISION, dwAccessMask, this->m_pSid);
if (!bRet) {
return FALSE;
}
// The security descriptor is registered as DACL.
bRet = ::SetSecurityDescriptorDacl(this->m_pSecDesc, TRUE, this->m_pAcl, FALSE);
if(bRet == FALSE){
return FALSE;
}
return bRet;
}
/*@
@func BOOL GenerateSdOfSystemFullAccess(DWORD dwRsrcId)
@brief System full access
@arg [I] DWORD dwRsrcId :Resource ID
@return TRUE :惉岟
FALSE :幐攕
@*/
BOOL CUSBCntlSdMgr::GenerateSdOfSystemFullAccess(DWORD dwRsrcId)
{
if (!this->InitSecDesc()) {
return FALSE;
}
BOOL bRet = TRUE;
DWORD dwAclSize;
// System account
if (!this->GetSid(USBCNTL_SYSTEM_USER, this->m_pSidSystemUser)) {
return FALSE;
}
// The size of ACL is calculated.
if(dwRsrcId == CUSBCntlSdMgr::driPrinter)
{
dwAclSize = sizeof(ACL) + 2 * ( sizeof(ACCESS_ALLOWED_ACE) - sizeof(DWORD) )
+ ::GetLengthSid(this->m_pSidSystemUser)
+ ::GetLengthSid(this->m_pSidSystemUser);
}
else
{
dwAclSize = sizeof(ACL) + ( sizeof(ACCESS_ALLOWED_ACE) - sizeof(DWORD) )
+ ::GetLengthSid(this->m_pSidSystemUser);
}
this->m_pAcl = (PACL)::LocalAlloc(LPTR, dwAclSize);
if (this->m_pAcl == NULL) {
return FALSE;
}
if (!::InitializeAcl(this->m_pAcl, dwAclSize, ACL_REVISION)) {
return FALSE;
}
// System account
bRet = ::AddAccessAllowedAce(this->m_pAcl, ACL_REVISION, UsbCntlAccessMask[dwRsrcId].All, this->m_pSidSystemUser);
if (!bRet) {
return FALSE;
}
// Only for the printer.
if(dwRsrcId == CUSBCntlSdMgr::driPrinter)
{
// Management authority ACE of document
bRet = ::AddAccessAllowedAceEx(this->m_pAcl, ACL_REVISION, PRINTER_INHERIT, UsbCntlAccessMask[dwRsrcId].Write, this->m_pSidSystemUser);
if (!bRet) {
return FALSE;
}
}
// The security descriptor is registered as DACL.
bRet = ::SetSecurityDescriptorDacl(this->m_pSecDesc, TRUE, this->m_pAcl, FALSE);
if(bRet == FALSE){
return FALSE;
}
this->m_SecAttr.lpSecurityDescriptor = this->m_pSecDesc;
return TRUE;
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -