Menu
▾
▴
[Acmcontester-developers] SF.net SVN: acmcontester: [225] ACMServer/branches/sharp tester/SourceTest/ SourceTest.cpp
|
From: <Or...@us...> - 2008-06-07 14:12:15
|
Revision: 225
http://acmcontester.svn.sourceforge.net/acmcontester/?rev=225&view=rev
Author: Oracle_
Date: 2008-06-07 07:12:18 -0700 (Sat, 07 Jun 2008)
Log Message:
-----------
More secured version.
Modified Paths:
--------------
ACMServer/branches/sharp tester/SourceTest/SourceTest.cpp
Modified: ACMServer/branches/sharp tester/SourceTest/SourceTest.cpp
===================================================================
--- ACMServer/branches/sharp tester/SourceTest/SourceTest.cpp 2008-06-06 21:44:44 UTC (rev 224)
+++ ACMServer/branches/sharp tester/SourceTest/SourceTest.cpp 2008-06-07 14:12:18 UTC (rev 225)
@@ -8,8 +8,8 @@
#include <Userenv.h>
using namespace System::IO;
-const wchar_t USER_NAME[]={'T','e','s','t','i','n','g','U','s','e','r'}; //username for testing
-const wchar_t USER_PASSW[]={'U','S','E','R','1','2','3','4','5'}; //password of user for testing
+const wchar_t USER_NAME[]={L"TestingUser"}; //username for testing
+const wchar_t USER_PASSW[]={L"USER12345"}; //password of user for testing
namespace SourceTest
{
@@ -764,6 +764,17 @@
return Result;
}
+void DenyAccessFolder(String^ folder)
+{
+ DirectoryInfo^ fi = gcnew DirectoryInfo(folder);
+ DirectorySecurity^ fs = gcnew DirectorySecurity(folder, AccessControlSections::All);
+ fs->SetAccessRule(gcnew FileSystemAccessRule(gcnew String(USER_NAME),FileSystemRights::FullControl,
+ InheritanceFlags::ObjectInherit|InheritanceFlags::ContainerInherit,
+ PropagationFlags::None,
+ AccessControlType::Deny));
+ fi->SetAccessControl(fs);
+}
+
TSecure::TSecure()
{
SetUserObjectFullAccess( GetThreadDesktop(GetCurrentThreadId())); //needed for accessing from CreateProcessAsUser
@@ -783,22 +794,25 @@
{
if (st==NERR_UserExists)
return; //if user exists just do nothing
- MessageBox(NULL,(LPCTSTR)"Can not create testing user - only unsecured mode",(LPCTSTR)"Warning",MB_ICONWARNING|MB_OK);
+ MessageBox(NULL,L"Can not create testing user - only unsecured mode",L"Warning",MB_ICONWARNING|MB_OK);
return;
}
array<DriveInfo^>^ drv=DriveInfo::GetDrives();
for (int i=0;i<drv->Length;i++) //for all drives set limitation
if (drv[i]->DriveType==DriveType::Fixed)
- {
- DirectoryInfo^ fi = gcnew DirectoryInfo(drv[i]->Name);
- DirectorySecurity^ fs = gcnew DirectorySecurity(drv[i]->Name, AccessControlSections::All);
- fs->SetAccessRule(gcnew FileSystemAccessRule(gcnew String(USER_NAME),FileSystemRights::FullControl,
- InheritanceFlags::ObjectInherit|InheritanceFlags::ContainerInherit,
- PropagationFlags::None,
- AccessControlType::Deny));
- fi->SetAccessControl(fs);
- }
-
+ DenyAccessFolder(drv[i]->Name);
+ wchar_t buf[MAX_PATH+1];
+ GetEnvironmentVariableW(L"ProgramFiles",buf,MAX_PATH);
+ DenyAccessFolder(gcnew String(buf));
+ GetEnvironmentVariable(L"ALLUSERSPROFILE",buf,MAX_PATH);
+ DenyAccessFolder(gcnew String(buf));
+ GetWindowsDirectory(buf,MAX_PATH);
+ DenyAccessFolder(gcnew String(buf));
+ GetSystemDirectory(buf,MAX_PATH);
+ DenyAccessFolder(gcnew String(buf));
+ DWORD size=MAX_PATH;
+ GetProfilesDirectory(buf,&size);
+ DenyAccessFolder(gcnew String(buf));
}
TSecure::~TSecure()
@@ -817,8 +831,11 @@
fs->SetAccessRule(gcnew FileSystemAccessRule(gcnew String(USER_NAME),FileSystemRights::ExecuteFile,AccessControlType::Allow));
fi->SetAccessControl(fs);
if (DuplicateTokenEx(Token,TOKEN_ALL_ACCESS,NULL,SecurityImpersonation,TokenPrimary,&token))
+ {
if (ImpersonateLoggedOnUser(token))
+ {
if (CreateEnvironmentBlock((LPVOID*)&env,token,FALSE))
+ {
if (CreateProcessAsUser(token,NULL,lpCommandLine,NULL,NULL,bInheritHandles,dwCreationFlags|CREATE_UNICODE_ENVIRONMENT,env,NULL,lpStartupInfo,lpProcessInformation))
{
DestroyEnvironmentBlock(env);
@@ -828,6 +845,9 @@
return true;
}
}
+ }
+ }
+ }
if (env!=NULL)
DestroyEnvironmentBlock(env);
RevertToSelf();
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
