-
Получение информации о дескрипторе безопасности объекта и о субъекте:
The GetFileSecurity function obtains specified information about the security of a file or directory. The information obtained is constrained by the caller's access rights and privileges.
BOOL GetFileSecurity(
LPCTSTR lpFileName, // address of string for file name
SECURITY_INFORMATION RequestedInformation, // requested information
PSECURITY_DESCRIPTOR pSecurityDescriptor, // address of security descriptor
DWORD nLength, // size of security descriptor buffer
LPDWORD lpnLengthNeeded // address of required size of buffer );
The SECURITY_INFORMATION structure identifies the object-related security information being set or queried. This security information includes:
· The owner of an object
· The primary group of an object
· The discretionary access-control list (ACL) of an object
· The system ACL of an object
typedef DWORD SECURITY_INFORMATION;
Each item of security information is designated by a bit flag. The following values specify the bits:
Value Meaning
OWNER_SECURITY_INFORMATION Indicates the owner identifier of the object is being referenced.
GROUP_SECURITY_INFORMATION Indicates the primary group identifier of the object is being referenced.
DACL_SECURITY_INFORMATION Indicates the discretionary ACL of the object is being referenced.
SACL_SECURITY_INFORMATION Indicates the system ACL of the object is being referenced.
The GetNamedSecurityInfo function retrieves a copy of the security descriptor for an object specified by name.
DWORD GetNamedSecurityInfo(
LPTSTR pObjectName, // name of the object
SE_OBJECT_TYPE ObjectType, // type of object
SECURITY_INFORMATION SecurityInfo, // type of security information to retrieve
PSID *ppsidOwner, // receives a pointer to the owner SID
PSID *ppsidGroup, // receives a pointer to the primary group SID
PACL *ppDacl, // receives a pointer to the DACL
PACL *ppSacl, // receives a pointer to the SACL
PSECURITY_DESCRIPTOR *ppSecurityDescriptor // receives a pointer to the security descriptor );
The SE_OBJECT_TYPE enumeration type contains values that correspond to the types of Win32 objects that support security. The GetSecurityInfo, SetSecurityInfo, GetNamedSecurityInfo, and SetNamedSecurityInfo functions use these values to indicate the type of object.
typedef enum _SE_OBJECT_TYPE
{
SE_UNKNOWN_OBJECT_TYPE = 0,
SE_FILE_OBJECT,
SE_SERVICE,
SE_PRINTER,
SE_REGISTRY_KEY,
SE_LMSHARE,
SE_KERNEL_OBJECT,
SE_WINDOW_OBJECT
} SE_OBJECT_TYPE;
The LookupSecurityDescriptorParts function retrieves security information from a self-relative security descriptor.
DWORD LookupSecurityDescriptorParts(
PTRUSTEE *pOwner, // receives the owner SID from the security descriptor
PTRUSTEE *pGroup, // receives the group SID from the security descriptor
PULONG cCountOfAccessEntries, // receives number of access-control entries
PEXPLICIT_ACCESS *pListOfAccessEntries, // receives an array of DACL access-control entries
PULONG cCountOfAuditEntries, // receives number of audit-control entries
PEXPLICIT_ACCESS *pListOfAuditEntries, // receives an array of SACL audit-control entries
PSECURITY_DESCRIPTOR pSD // pointer that receives the new security descriptor
);
The EXPLICIT_ACCESS structure specifies access-control information for a specified trustee. Access control functions, such as SetEntriesInAcl and GetExplicitEntriesFromAcl, use this structure to describe the information in an access-control entry (ACE) of an access-control list (
ACL).
typedef struct _EXPLICIT_ACCESS {
DWORD grfAccessPermissions;
ACCESS_MODE grfAccessMode;
DWORD grfInheritance;
TRUSTEE Trustee;
} EXPLICIT_ACCESS, *PEXPLICIT_ACCESS;
The ACCESS_MODE enumeration type contains values that indicate how the access rights in an EXPLICIT_ACCESS structure apply to the trustee. Functions such as SetEntriesInAcl and GetExplicitEntriesFromAcl use these values to set or retrieve information in an access-control entry (ACE).
typedef enum _ACCESS_MODE
{
NOT_USED_ACCESS = 0,
GRANT_ACCESS,
SET_ACCESS,
DENY_ACCESS,
REVOKE_ACCESS,
SET_AUDIT_SUCCESS,
SET_AUDIT_FAILURE
} ACCESS_MODE;
The GetExplicitEntriesFromAcl function retrieves an array of EXPLICIT_ACCESS structures that describe the access-control entries (ACEs) in an access-control list (ACL).
DWORD GetExplicitEntriesFromAcl(
PACL pacl, // pointer to the ACL from which to get entries
PULONG pcCountOfExplicitEntries, // receives number of entries in the list
PEXPLICIT_ACCESS * pListOfExplicitEntries // receives pointer to list of entries );
The TRUSTEE structure identifies a user account, group account, or a logon account for a program such as a Windows NT service. The structure can use a name or a security identifier (SID) to identify the trustee.
Access control functions, such as SetEntriesInAcl and GetExplicitEntriesFromAcl, use this structure to identify the logon account associated with the access-control or audit-control information in an EXPLICIT_ACCESS structure.
typedef struct _TRUSTEE
{
PTRUSTEE pMultipleTrustee;
MULTIPLE_TRUSTEE_OPERATION MultipleTrusteeOperation;
TRUSTEE_FORM TrusteeForm;
TRUSTEE_TYPE TrusteeType;
LPTSTR ptstrName;
} TRUSTEE;
The TRUSTEE_FORM enumeration type contains values that indicate how a TRUSTEE structure identifies the trustee.
typedef enum _TRUSTEE_FORM
{
TRUSTEE_IS_SID,
TRUSTEE_IS_NAME,
} TRUSTEE_FORM;
The TRUSTEE_TYPE enumeration type contains values that indicate the type of trustee identified by a TRUSTEE structure.
typedef enum _TRUSTEE_TYPE
{
TRUSTEE_IS_UNKNOWN,
TRUSTEE_IS_USER,
TRUSTEE_IS_GROUP,
} TRUSTEE_TYPE;
The MULTIPLE_TRUSTEE_OPERATION enumeration type contains values that indicate whether a TRUSTEE structure is an impersonate trustee.
typedef enum _MULTIPLE_TRUSTEE_OPERATION
{
NO_MULTIPLE_TRUSTEE,
TRUSTEE_IS_IMPERSONATE,
} MULTIPLE_TRUSTEE_OPERATION;
The GetTrusteeName function retrieves the trustee name from a TRUSTEE structure.
LPTSTR GetTrusteeName(
PTRUSTEE pTrustee // pointer to a TRUSTEE structure );
The GetTrusteeType function retrieves the value assigned to the TrusteeType member of a specified TRUSTEE structure. This value indicates whether the trustee is a user, a group, or the trustee type is unknown.
TRUSTEE_TYPE GetTrusteeType(
PTRUSTEE pTrustee // pointer to the TRUSTEE structure );
The GetTrusteeForm function retrieves the value assigned to the TrusteeForm member of a specified TRUSTEE structure. This value indicates whether the structure uses a name string or a security identifier (SID) to identify the trustee.
TRUSTEE_FORM GetTrusteeForm(
PTRUSTEE pTrustee // pointer to a TRUSTEE structure );
The BuildTrusteeWithName function initializes a TRUSTEE structure. The caller specifies the trustee name. The function sets other members of the structure to default values.
VOID BuildTrusteeWithName(
PTRUSTEE pTrustee, // pointer to the structure to initialize
LPTSTR pName // name of the trustee to put in the structure );
The BuildTrusteeWithSid function initializes a TRUSTEE structure. The caller specifies the security identifier (SID) of the trustee. The function sets other members of the structure to default values. The function does not look up the name associated with the SID.
VOID BuildTrusteeWithName(
PTRUSTEE pTrustee, // pointer to the structure to initialize
PSID pSid // name of the trustee to put in the structure );
-
Работа с учетными записями пользователей
The LookupAccountName function accepts the name of a system and an account as input. It retrieves a security identifier (SID) for the account and the name of the domain on which the account was found.
BOOL LookupAccountName(
LPCTSTR lpSystemName, // address of string for system name
LPCTSTR lpAccountName, // address of string for account name
PSID Sid, // address of security identifier
LPDWORD cbSid, // address of size of security identifier
LPTSTR ReferencedDomainName, // address of string for referenced domain
LPDWORD cbReferencedDomainName, // address of size of domain string
PSID_NAME_USE peUse // address of SID-type indicator );
The LookupAccountSid function accepts a security identifier (SID) as input. It retrieves the name of the account for this SID and the name of the first domain on which this SID is found.
BOOL LookupAccountSid(
LPCTSTR lpSystemName, // address of string for system name
PSID Sid, // address of security identifier
LPTSTR Name, // address of string for account name
LPDWORD cbName, // address of size account string
LPTSTR ReferencedDomainName, // address of string for referenced domain
LPDWORD cbReferencedDomainName, // address of size domain string
PSID_NAME_USE peUse // address of structure for SID type );
The SID_NAME_USE enumeration type contains values that specify the type of a security identifier (SID).
typedef enum _SID_NAME_USE {
SidTypeUser = 1,
SidTypeGroup,
SidTypeDomain,
SidTypeAlias,
SidTypeWellKnownGroup,
SidTypeDeletedAccount,
SidTypeInvalid,
SidTypeUnknown
} SID_NAME_USE;
The LogonUser function attempts to perform a user logon operation. You specify the user with a user name and domain, and authenticate the user with a clear-text password. If the function succeeds, you receive a handle to a token that represents the logged-on user. You can then use this token handle to impersonate the specified user, or in most cases, to create a process running in the context of the specified user.
BOOL LogonUser(
LPTSTR lpszUsername, // string that specifies the user name
LPTSTR lpszDomain, // string that specifies the domain or server
LPTSTR lpszPassword, // string that specifies the password
DWORD dwLogonType, // specifies the type of logon operation
DWORD dwLogonProvider, // specifies the logon provider
PHANDLE phToken // pointer to variable to receive token handle );
The NetGetDisplayInformationIndex function gets the index of the first display information entry whose name begins with a specified string or alphabetically follows the string. You can use this function to determine a starting index for subsequent calls to the NetQueryDisplayInformation function.
NET_API_STATUS NetGetDisplayInformationIndex(
LPWSTR ServerName, // pointer to server to get information from
DWORD Level, // level of information to retrieve
LPWSTR Prefix, // pointer to prefix string
LPDWORD Index // receives index of entry );
The NetQueryDisplayInformation function returns user, computer, or global group account information. Use this function to quickly enumerate account information for display in user interfaces.
NET_API_STATUS NetQueryDisplayInformation(
LPWSTR ServerName,
DWORD Level,
DWORD Index,
DWORD EntriesRequested,
DWORD PreferredMaximumLength,
LPDWORD ReturnedEntryCount,
PVOID *SortedBuffer );
Level - Specifies one of the following values to return the level of information provided.
Value Meaning
1 Return all Local and Global (normal) user accounts. The returned buffer points to an array of NET_DISPLAY_USER structures.
2 Return all Workstation and Server (BDC) user accounts. The returned buffer points to an array of NET_DISPLAY_MACHINE structures.
3 Return all Global Groups. The returned buffer points to an array of NET_DISPLAY_GROUP structures.
The NET_DISPLAY_USER structure contains information that an account manager can access to determine information about user names, directory information for users, and user passwords.
typedef struct _NET_DISPLAY_USER {
LPWSTR usri1_name;
LPWSTR usri1_comment;
DWORD usri1_flags;
LPWSTR usri1_full_name;
DWORD usri1_user_id;
DWORD usri1_next_index;
} NET_DISPLAY_USER, *PNET_DISPLAY_USER;
The NET_DISPLAY_MACHINE structure contains information that an account manager can access to determine information about machine names and their attributes.
typedef struct _NET_DISPLAY_MACHINE {
LPWSTR usri2_name;
LPWSTR usri2_comment;
DWORD usri2_flags;
DWORD usri2_user_id;
DWORD usri2_next_index;
} NET_DISPLAY_MACHINE, *PNET_DISPLAY_MACHINE;
The NET_DISPLAY_GROUP structure contains information that an account manager can access to determine information about user groups.
typedef struct _NET_DISPLAY_GROUP {
LPWSTR grpi3_name;
LPWSTR grpi3_comment;
DWORD grpi3_group_id;
DWORD grpi3_attributes;
DWORD grpi3_next_index;
} NET_DISPLAY_GROUP, *PNET_DISPLAY_GROUP;