Menu
▾
▴
[Acmcontester-developers] SF.net SVN: acmcontester: [216] ACMServer/branches/sharp tester/SourceTest
|
From: <Or...@us...> - 2008-06-05 14:54:45
|
Revision: 216
http://acmcontester.svn.sourceforge.net/acmcontester/?rev=216&view=rev
Author: Oracle_
Date: 2008-06-05 07:54:51 -0700 (Thu, 05 Jun 2008)
Log Message:
-----------
Added file access control.
Modified Paths:
--------------
ACMServer/branches/sharp tester/SourceTest/SourceTest.cpp
ACMServer/branches/sharp tester/SourceTest/SourceTest.vcproj
Added Paths:
-----------
ACMServer/branches/sharp tester/SourceTest/NetAPI32.Lib here.txt
ACMServer/branches/sharp tester/SourceTest/User32.Lib here.txt
ACMServer/branches/sharp tester/SourceTest/UserEnv.lib here.txt
Added: ACMServer/branches/sharp tester/SourceTest/NetAPI32.Lib here.txt
===================================================================
Modified: ACMServer/branches/sharp tester/SourceTest/SourceTest.cpp
===================================================================
--- ACMServer/branches/sharp tester/SourceTest/SourceTest.cpp 2008-06-04 22:16:56 UTC (rev 215)
+++ ACMServer/branches/sharp tester/SourceTest/SourceTest.cpp 2008-06-05 14:54:51 UTC (rev 216)
@@ -5,8 +5,8 @@
#include "SourceTest.h"
#include <LM.h>
#include <Aclapi.h>
+#include <Userenv.h>
using namespace System::IO;
-using namespace System::Diagnostics;
const wchar_t USER_NAME[]={'T','e','s','t','i','n','g','U','s','e','r'};
const wchar_t USER_PASSW[]={'U','S','E','R','1','2','3','4','5'};
@@ -553,6 +553,11 @@
{
case JOB_OBJECT_MSG_ABNORMAL_EXIT_PROCESS:
GetExitCodeProcess(pi.hProcess,&code);
+ if (code==5)
+ {
+ it->res=trDF;
+ it->Details="Access denied.";
+ } else
if (code!=0)
{
it->res=trRE;
@@ -567,6 +572,11 @@
break;
case JOB_OBJECT_MSG_ACTIVE_PROCESS_ZERO:
GetExitCodeProcess(pi.hProcess,&code);
+ if (code==5)
+ {
+ it->res=trDF;
+ it->Details="Access denied.";
+ } else
if (code!=0)
{
it->res=trRE;
@@ -734,9 +744,25 @@
//-------------SECURITY CLASS----------------------------
//-------------------------------------------------------
+BOOL SetUserObjectFullAccess(HANDLE hUserObject)
+{
+ SECURITY_DESCRIPTOR* Sd;
+ SECURITY_INFORMATION Si;
+ Sd = (SECURITY_DESCRIPTOR*)LocalAlloc(LPTR, SECURITY_DESCRIPTOR_MIN_LENGTH);
+ InitializeSecurityDescriptor(Sd, SECURITY_DESCRIPTOR_REVISION);
+ SetSecurityDescriptorDacl(Sd, TRUE, NULL, FALSE);
+ Si = DACL_SECURITY_INFORMATION;
+ BOOL Result = SetUserObjectSecurity(hUserObject, &Si, Sd);
+ LocalFree(HLOCAL(Sd));
+ return Result;
+}
+
TSecure::TSecure()
{
- /*USER_INFO_1 ui;
+ SetUserObjectFullAccess( GetThreadDesktop(GetCurrentThreadId()));
+ SetUserObjectFullAccess( GetProcessWindowStation());
+
+ USER_INFO_1 ui;
NET_API_STATUS st;
ui.usri1_comment=NULL;
ui.usri1_flags=UF_SCRIPT|UF_PASSWD_CANT_CHANGE;
@@ -751,31 +777,46 @@
if (st==NERR_UserExists)
return;
throw "Can not create user!";
+ }
+ array<DriveInfo^>^ drv=DriveInfo::GetDrives();
+ for (int i=0;i<drv->Length;i++)
+ if (drv[i]->DriveType==DriveType::Fixed)
+ {
+ DirectoryInfo^ fi = gcnew DirectoryInfo(drv[i]->Name);
+ DirectorySecurity^ fs = gcnew DirectorySecurity(drv[i]->Name, AccessControlSections::All);
+ fs->SetAccessRule(gcnew FileSystemAccessRule("TestingUser",FileSystemRights::FullControl,AccessControlType::Deny));
+ fi->SetAccessControl(fs);
}
-
- DirectoryInfo^ fi = gcnew DirectoryInfo("C:\\");
- DirectorySecurity^ fs = gcnew DirectorySecurity("C:\\", AccessControlSections::All);
- fs->SetAccessRule(gcnew FileSystemAccessRule("TestingUser",FileSystemRights::FullControl,AccessControlType::Deny));
- fi->SetAccessControl(fs);*/
}
TSecure::~TSecure()
{
-
+
}
bool TSecure::RunProcess(LPWSTR lpCommandLine,BOOL bInheritHandles,DWORD dwCreationFlags,LPSTARTUPINFOW lpStartupInfo,LPPROCESS_INFORMATION lpProcessInformation)
{
- /*HANDLE token;
- if (LogonUser((LPWSTR)USER_NAME,(LPWSTR)".",(LPWSTR)USER_PASSW,LOGON32_LOGON_INTERACTIVE,LOGON32_PROVIDER_DEFAULT,&token))
+ HANDLE token=NULL,Token=NULL;
+ wchar_t* env=NULL;
+ if (LogonUser((LPWSTR)USER_NAME,(LPWSTR)".",(LPWSTR)USER_PASSW,LOGON32_LOGON_NETWORK,LOGON32_PROVIDER_DEFAULT,&Token))
+ if (DuplicateTokenEx(Token,TOKEN_ALL_ACCESS,NULL,SecurityImpersonation,TokenPrimary,&token))
+ if (ImpersonateLoggedOnUser(token))
+ if (CreateEnvironmentBlock((LPVOID*)&env,token,FALSE))
+ if (CreateProcessAsUser(token,NULL,lpCommandLine,NULL,NULL,bInheritHandles,dwCreationFlags|CREATE_UNICODE_ENVIRONMENT,env,NULL,lpStartupInfo,lpProcessInformation))
{
- if (CreateProcessAsUser(token,NULL,lpCommandLine,NULL,NULL,bInheritHandles,dwCreationFlags,NULL,NULL,lpStartupInfo,lpProcessInformation))
- {
- CloseHandle(token);
- return true;
- }
+ DestroyEnvironmentBlock(env);
+ RevertToSelf();
CloseHandle(token);
- }*/
+ return true;
+ }
+ int x=GetLastError();
+ if (env!=NULL)
+ DestroyEnvironmentBlock(env);
+ RevertToSelf();
+ if (token!=NULL)
+ CloseHandle(token);
+ if (Token!=NULL)
+ CloseHandle(Token);
if (CreateProcess(NULL,lpCommandLine,NULL,NULL,bInheritHandles,dwCreationFlags,NULL,NULL,lpStartupInfo,lpProcessInformation))
return true;
return false;
Modified: ACMServer/branches/sharp tester/SourceTest/SourceTest.vcproj
===================================================================
--- ACMServer/branches/sharp tester/SourceTest/SourceTest.vcproj 2008-06-04 22:16:56 UTC (rev 215)
+++ ACMServer/branches/sharp tester/SourceTest/SourceTest.vcproj 2008-06-05 14:54:51 UTC (rev 216)
@@ -250,6 +250,14 @@
RelativePath=".\NetAPI32.Lib"
>
</File>
+ <File
+ RelativePath=".\User32.Lib"
+ >
+ </File>
+ <File
+ RelativePath=".\UserEnv.Lib"
+ >
+ </File>
</Files>
<Globals>
</Globals>
Added: ACMServer/branches/sharp tester/SourceTest/User32.Lib here.txt
===================================================================
Added: ACMServer/branches/sharp tester/SourceTest/UserEnv.lib here.txt
===================================================================
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
