更改命名管道上的 SACL
Change SACL on Named Pipe
我有 C++ 代码可以按预期更改文件夹的 SACL。当我想更改现有命名管道的 SACL 时,事情变得很奇怪,代码执行成功,但是当我通过 Get-Acl -Path \.\pipe\lsass -Audit | fl 检查它时,它 returns 错误号 87,即 ERROR_INVALID_PARAMETER 而 SACL 执行不行。该错误可能是由于根据 MS Support Site 将 OVERLAPPED 结构设置为非零引起的,但它对设置 SACL 几乎没有帮助。
Whosebug要我补充一些细节,所以我在这里写点水
也许我搞砸了一些提供给 SetSecurityInfo 的权利,它是命名管道特有的,或者我需要在更改 SACL 之前暂停它?
using namespace std;
int main()
{
SetSecurityPrivilage(TRUE); // Got SeSecurityPrivilage
//HANDLE hPipe = CreateFile(L"C\:\Users\simp\Desktop\test", ACCESS_SYSTEM_SECURITY, 0, NULL, OPEN_EXISTING, FILE_FLAG_BACKUP_SEMANTICS, NULL); // Folder SACL testing
HANDLE hPipe = CreateFile(L"\\.\pipe\lsass", ACCESS_SYSTEM_SECURITY, 0, NULL, OPEN_EXISTING, NULL, NULL);
if (hPipe != INVALID_HANDLE_VALUE)
{
PACL pOldSACL = NULL;
if (GetSecurityInfo(hPipe, SE_KERNEL_OBJECT, SACL_SECURITY_INFORMATION, NULL, NULL, NULL, &pOldSACL, NULL) == ERROR_SUCCESS)
{
// SACL
TRUSTEE trusteeSACL[1];
trusteeSACL[0].TrusteeForm = TRUSTEE_IS_NAME;
trusteeSACL[0].TrusteeType = TRUSTEE_IS_GROUP;
trusteeSACL[0].ptstrName = (LPWCH)(L"Everyone");
trusteeSACL[0].MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
trusteeSACL[0].pMultipleTrustee = NULL;
EXPLICIT_ACCESS explicit_access_listSACL[1];
ZeroMemory(&explicit_access_listSACL[0], sizeof(EXPLICIT_ACCESS));
explicit_access_listSACL[0].grfAccessMode = SET_AUDIT_SUCCESS;
//explicit_access_listSACL[0].grfAccessMode = SET_AUDIT_FAILURE;
explicit_access_listSACL[0].grfAccessPermissions = ACCESS_SYSTEM_SECURITY;
explicit_access_listSACL[0].grfInheritance = NO_INHERITANCE;
explicit_access_listSACL[0].Trustee = trusteeSACL[0];
PACL pNewSACL = NULL;
if (SetEntriesInAcl(1, explicit_access_listSACL, pOldSACL, &pNewSACL) == ERROR_SUCCESS)
{
if (SetSecurityInfo(hPipe, SE_KERNEL_OBJECT, SACL_SECURITY_INFORMATION, NULL, NULL, NULL, pNewSACL) == ERROR_SUCCESS)
{
printf("%s\n", "SACL SetSecurityInfo IS WORKS");
}
else
{
//Error handling
printf("%s%d\n", "SetSecurityInfo SACL", GetLastError());
}
LocalFree(pNewSACL);
}
else
{
//Error handling
printf("%s%d\n", "SetEntriesInAcl", GetLastError());
}
LocalFree(pOldSACL);
}
else
{
//Error
printf("%s%d\n", "GetSecurityInfo SACL", GetLastError());
}
}
else
{
//Error handling
printf("%s%d", "Incorrect handle", GetLastError());
}
CloseHandle(hPipe);
实际上,代码正在执行它的工作。然后你编译并 运行 这个,你将改变管道和文件的 SACL。我的错误在这部分:
explicit_access_listSACL[0].grfAccessPermissions = ACCESS_SYSTEM_SECURITY;
这意味着只有当用户请求对管道的 ACCESS_SYSTEM_SECURITY 权限时才会生成日志,因此请根据您的需要进行更改。然而,87错误背后的原因仍然未知。
我有 C++ 代码可以按预期更改文件夹的 SACL。当我想更改现有命名管道的 SACL 时,事情变得很奇怪,代码执行成功,但是当我通过 Get-Acl -Path \.\pipe\lsass -Audit | fl 检查它时,它 returns 错误号 87,即 ERROR_INVALID_PARAMETER 而 SACL 执行不行。该错误可能是由于根据 MS Support Site 将 OVERLAPPED 结构设置为非零引起的,但它对设置 SACL 几乎没有帮助。
Whosebug要我补充一些细节,所以我在这里写点水
也许我搞砸了一些提供给 SetSecurityInfo 的权利,它是命名管道特有的,或者我需要在更改 SACL 之前暂停它?
using namespace std;
int main()
{
SetSecurityPrivilage(TRUE); // Got SeSecurityPrivilage
//HANDLE hPipe = CreateFile(L"C\:\Users\simp\Desktop\test", ACCESS_SYSTEM_SECURITY, 0, NULL, OPEN_EXISTING, FILE_FLAG_BACKUP_SEMANTICS, NULL); // Folder SACL testing
HANDLE hPipe = CreateFile(L"\\.\pipe\lsass", ACCESS_SYSTEM_SECURITY, 0, NULL, OPEN_EXISTING, NULL, NULL);
if (hPipe != INVALID_HANDLE_VALUE)
{
PACL pOldSACL = NULL;
if (GetSecurityInfo(hPipe, SE_KERNEL_OBJECT, SACL_SECURITY_INFORMATION, NULL, NULL, NULL, &pOldSACL, NULL) == ERROR_SUCCESS)
{
// SACL
TRUSTEE trusteeSACL[1];
trusteeSACL[0].TrusteeForm = TRUSTEE_IS_NAME;
trusteeSACL[0].TrusteeType = TRUSTEE_IS_GROUP;
trusteeSACL[0].ptstrName = (LPWCH)(L"Everyone");
trusteeSACL[0].MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
trusteeSACL[0].pMultipleTrustee = NULL;
EXPLICIT_ACCESS explicit_access_listSACL[1];
ZeroMemory(&explicit_access_listSACL[0], sizeof(EXPLICIT_ACCESS));
explicit_access_listSACL[0].grfAccessMode = SET_AUDIT_SUCCESS;
//explicit_access_listSACL[0].grfAccessMode = SET_AUDIT_FAILURE;
explicit_access_listSACL[0].grfAccessPermissions = ACCESS_SYSTEM_SECURITY;
explicit_access_listSACL[0].grfInheritance = NO_INHERITANCE;
explicit_access_listSACL[0].Trustee = trusteeSACL[0];
PACL pNewSACL = NULL;
if (SetEntriesInAcl(1, explicit_access_listSACL, pOldSACL, &pNewSACL) == ERROR_SUCCESS)
{
if (SetSecurityInfo(hPipe, SE_KERNEL_OBJECT, SACL_SECURITY_INFORMATION, NULL, NULL, NULL, pNewSACL) == ERROR_SUCCESS)
{
printf("%s\n", "SACL SetSecurityInfo IS WORKS");
}
else
{
//Error handling
printf("%s%d\n", "SetSecurityInfo SACL", GetLastError());
}
LocalFree(pNewSACL);
}
else
{
//Error handling
printf("%s%d\n", "SetEntriesInAcl", GetLastError());
}
LocalFree(pOldSACL);
}
else
{
//Error
printf("%s%d\n", "GetSecurityInfo SACL", GetLastError());
}
}
else
{
//Error handling
printf("%s%d", "Incorrect handle", GetLastError());
}
CloseHandle(hPipe);
实际上,代码正在执行它的工作。然后你编译并 运行 这个,你将改变管道和文件的 SACL。我的错误在这部分:
explicit_access_listSACL[0].grfAccessPermissions = ACCESS_SYSTEM_SECURITY;
这意味着只有当用户请求对管道的 ACCESS_SYSTEM_SECURITY 权限时才会生成日志,因此请根据您的需要进行更改。然而,87错误背后的原因仍然未知。