首页 > 代码库 > 很久以前写的一个 ShareRestrictedSD 类
很久以前写的一个 ShareRestrictedSD 类
代码中一开始的 几个 USES 单元,可能是多余的。
unit ShareRestrictedSD; interface uses Windows, Messages, SysUtils, Classes, Graphics, Controls, Forms, Shlobj, ActiveX, Dialogs,Shellapi; /////////////////// //如果这家伙起作用,那么它的作者是jiangsheng(C++); //如果这家伙一点用没有,那我不知道它的作者 //以上为 jiangsheng 的声明. //使用方法. //var // SharedSD:TShareRestrictedSD; //创建一个工具类. // try // SharedSD:=TShareRestrictedSD.Create; // FMappingHandle := // CreateFileMapping( // $FFFFFFFF, {to virtual memory} // SharedSD.GetSA, //获得一个超级用户安全对象. // page_readwrite, // 0, // FSize, // pchar(FNameToCreate)); // finally // if Assigned(SharedSD) then // begin // FreeAndNil(SharedSD); //一定要记得释放 // end; // end; //修改:Flying Wang 和 爱吃猪头肉 /////////////////// const SECURITY_NULL_SID_AUTHORITY = $0; SECURITY_WORLD_SID_AUTHORITY = $1; SECURITY_LOCAL_SID_AUTHORITY = $2; SECURITY_CREATOR_SID_AUTHORITY = $3; SECURITY_NT_AUTHORITY = $5; ACL_REVISION = $2; SECURITY_NULL_RID = $0; SECURITY_LOCAL_RID = $0; SECURITY_WORLD_RID = $0; SECURITY_CREATOR_OWNER_RID = $0; SECURITY_DIALUP_RID = $1; SECURITY_CREATOR_GROUP_RID = $1; SECURITY_NETWORK_RID = $2; SECURITY_BATCH_RID = $3; SECURITY_INTERACTIVE_RID = $4; SECURITY_LOGON_IDS_RID = $5; SECURITY_SERVICE_RID = $6; SECURITY_LOCAL_SYSTEM_RID =$12; SECURITY_BUILTIN_DOMAIN_RID =$20; HEAP_NO_SERIALIZE = $1; HEAP_GROWABLE = $2; HEAP_GENERATE_EXCEPTIONS = $4; HEAP_ZERO_MEMORY = $8; HEAP_REALLOC_IN_PLACE_ONLY =$10; HEAP_TAG_SHIFT =$12; HEAP_TAIL_CHECKING_ENABLED =$20; HEAP_FREE_CHECKING_ENABLED =$40; HEAP_DISABLE_COALESCE_ON_FREE =$80; HEAP_MAXIMUM_TAG =$0FFF; HEAP_PSEUDO_TAG_FLAG =$8000; HEAP_CREATE_ALIGN_16 =$00010000; HEAP_CREATE_ENABLE_TRACING =$00020000; type PACE_HEADER = ^TACE_HEADER; _ACE_HEADER = record AceType:Byte; AceFlags:Byte; AceSize:Word; end; TACE_HEADER = _ACE_HEADER; ACE_HEADER = _ACE_HEADER; // ACCESS_MASK = DWORD; PACCESS_ALLOWED_ACE = ^TACCESS_ALLOWED_ACE; _ACCESS_ALLOWED_ACE = record Header:TACE_HEADER; Mask:ACCESS_MASK; SidStart:DWORD; end; TACCESS_ALLOWED_ACE = _ACCESS_ALLOWED_ACE; ACCESS_ALLOWED_ACE = _ACCESS_ALLOWED_ACE; TShareRestrictedSD =class(TObject) private { Private-Deklarationen } ptr:Pointer; sa:TSecurityAttributes; sd:TSecurityDescriptor; protected { Protected-Deklarationen } public { Public-Deklarationen } Constructor Create; Destructor Destroy; override; function GetSA:PSecurityAttributes; published { Published-Deklarationen } end; implementation Const DefSubAuthorityCount = 1; Function BuildRestrictedSD(pSD:PSecurityDescriptor):Pointer; var dwAclLength:DWORD; psideveryone:PSID; pDACL:PACL; bResult:Boolean; pACE:PACCESS_ALLOWED_ACE; siaWorld:TSIDIdentifierAuthority; si:SECURITY_INFORMATION; begin Result:=nil; psideveryone:=nil; pDACL:=nil; bResult:=False; pACE:=nil; FillMemory(@siaWorld,Sizeof(siaWorld),SECURITY_NULL_SID_AUTHORITY); siaWorld.Value[5]:=SECURITY_WORLD_SID_AUTHORITY; si:=DACL_SECURITY_INFORMATION; try // initialize the security descriptor if (not InitializeSecurityDescriptor(pSD, SECURITY_DESCRIPTOR_REVISION)) then begin //InitializeSecurityDescriptor() failed; exit; end; // obtain a sid for the Authenticated Users Group if (not AllocateAndInitializeSid(siaWorld, DefSubAuthorityCount, SECURITY_WORLD_RID, SECURITY_NULL_RID, SECURITY_NULL_RID, SECURITY_NULL_RID, SECURITY_NULL_RID, SECURITY_NULL_RID, SECURITY_NULL_RID, SECURITY_NULL_RID, psidEveryone)) then begin //AllocateAndInitializeSid() failed; exit; end; // NOTE: // // The Authenticated Users group includes all user accounts that // have been successfully authenticated by the system. If access // must be restricted to a specific user or group other than // Authenticated Users, the SID can be constructed using the // LookupAccountSid() API based on a user or group name. // calculate the DACL length dwAclLength:= sizeof(ACL) // add space for Authenticated Users group ACE + sizeof(ACCESS_ALLOWED_ACE) - sizeof(DWORD) + GetLengthSid(psidEveryone); // allocate memory for the DACL pDACL:=PACL(HeapAlloc(GetProcessHeap, HEAP_ZERO_MEMORY, dwAclLength)); if (pDACL=nil) then begin //HeapAlloc() failed; exit; end; // initialize the DACL if (not InitializeAcl(pDACL^, dwAclLength, ACL_REVISION)) then begin //InitializeAcl() failed exit; end; // add the Authenticated Users group ACE to the DACL with // GENERIC_READ, GENERIC_WRITE, and GENERIC_EXECUTE access if (not AddAccessAllowedAce(pDACL^, ACL_REVISION, GENERIC_ALL, psidEveryone)) then begin //AddAccessAllowedAce() failed; exit; end; // set the DACL in the security descriptor if (not SetSecurityDescriptorDacl(pSD, TRUE, pDACL, FALSE)) then begin //SetSecurityDescriptorDacl() failed; exit; end; bResult:=True; finally if (psidEveryone<>nil) then begin FreeSid(psidEveryone); end; if (not bResult) then begin if (pDACL<>nil) then begin HeapFree(GetProcessHeap, 0, pDACL); end; pDACL:=nil; end; end; Result:=pDACL; end; //The following function frees memory allocated in the // BuildRestrictedSD() function procedure FreeRestrictedSD(ptr:Pointer); begin if (ptr<>nil) then begin HeapFree(GetProcessHeap, 0, ptr); end; end; Constructor TShareRestrictedSD.Create; begin ptr:=nil; sa.nLength:=Sizeof(sa); sa.lpSecurityDescriptor:= @Sd; sa.bInheritHandle:=False; // build a restricted security descriptor if Win32Platform = VER_PLATFORM_WIN32_NT then begin ptr:=BuildRestrictedSD(@sd); if (ptr=nil) then begin Raise Exception.Create(‘BuildRestrictedSD failed‘); end; end; end; Destructor TShareRestrictedSD.Destroy; begin if (ptr<>nil) then begin FreeRestrictedSD(ptr); end; end; function TShareRestrictedSD.GetSA:PSecurityAttributes; begin if (ptr<>nil) then begin Result:=@Sa; end else begin Result:=nil; end; end; end.
声明:以上内容来自用户投稿及互联网公开渠道收集整理发布,本网站不拥有所有权,未作人工编辑处理,也不承担相关法律责任,若内容有误或涉及侵权可进行投诉: 投诉/举报 工作人员会在5个工作日内联系你,一经查实,本站将立刻删除涉嫌侵权内容。