![[BACK]](/cvsweb/icons/back.gif){kind=icon}
Return to sd_flppy.c CVS log ![[TXT]](/cvsweb/icons/text.gif){kind=icon}
![[DIR]](/cvsweb/icons/dir.gif){kind=icon}
Up to [WindowsNT SDKs] / q_a / samples / sd_flppy|
Return to sd_flppy.c CVS log | Up to [WindowsNT SDKs] / q_a / samples / sd_flppy |
1.1 ! root 1: /****************************************************************************\ ! 2: * ! 3: * Microsoft Developer Support ! 4: * Copyright (c) 1992, 1993 Microsoft Corporation ! 5: * ! 6: * MODULE: sd_flppy.c ! 7: * ! 8: * There is no way to put a DACL on the floppy drives or on the ! 9: * COM ports with REGEDT32, or using the Control Panel or other ! 10: * part of the user interface. And there is no way to use the ! 11: * Win32 api to put a DACL on the floppy drives or on the COM ! 12: * ports that survives reboots ! 13: * ! 14: * sd_flppy.c, however, does put DACLs on the floppy drives or on ! 15: * the COM ports that survive logoff/logon, that is, these ! 16: * DACLs are on the floppy drives or on the COM ports until the ! 17: * next reboot ! 18: * ! 19: * A version of this sample program can be installed as a ! 20: * service, so that each time the machine boots up the DACLs ! 21: * are automatically re-applied ! 22: * ! 23: * PURPOSE: Show sample code that applies DACLs to floppy drives and COM ! 24: * ports ! 25: * ! 26: * There are possibly as many desired user interfaces to this ! 27: * sort of functionality as there are people thinking about ! 28: * this, so it is not a purpose of this sample (or the Win32 ! 29: * service variation of it) to present an incredibly cool user ! 30: * interface to how the DACLs get applied. A very simplistic ! 31: * approach is taken to the user interface. Anyone who desires ! 32: * that more complicated DACLs are applied, or desires other ! 33: * variations in the user interface hopefully will benefit by ! 34: * being able to use this sample code as a starting point for ! 35: * their DACL-applying app ! 36: * ! 37: * This sample is not a supported utility ! 38: * ! 39: * TO RUN: Type sd_flppy to lock the \\.\A: and \\.\B devices ! 40: * ! 41: * Putting sd_flppy in a Startup group or logon script could work ! 42: * for some people ! 43: * ! 44: \****************************************************************************/ ! 45: ! 46: /****************************************************************************\ ! 47: * INCLUDES, DEFINES ! 48: \****************************************************************************/ ! 49: #define STRICT ! 50: #include <windows.h> ! 51: #include <stdlib.h> ! 52: #include <stdio.h> ! 53: ! 54: #define PERR(api) printf("\n%s: Error %d from %s on line %d", \ ! 55: __FILE__, GetLastError(), api, __LINE__); ! 56: #define PMSG(msg) printf("\n%s line %d: %s", \ ! 57: __FILE__, __LINE__, msg); ! 58: ! 59: /****************************************************************************\ ! 60: * GLOBAL VARIABLES AND TYPEDEFS ! 61: \****************************************************************************/ ! 62: ! 63: ! 64: /****************************************************************************\ ! 65: * FUNCTION PROTOTYPES ! 66: \****************************************************************************/ ! 67: ! 68: BOOL WriteSD_ToA_File(PSECURITY_DESCRIPTOR psdAbsoluteSD, LPTSTR lpszFileName); ! 69: VOID DisplayHelp(VOID); ! 70: ! 71: UINT main(UINT argc, char *argv[]) ! 72: { ! 73: ! 74: #define SZ_SD_BUF 100 ! 75: #define SZ_SID_BUF 75 ! 76: #define SZ_ACL_BUF 150 ! 77: ! 78: UCHAR ucAbsSDBuf [SZ_SD_BUF] = ""; ! 79: UCHAR ucSIDBuf [SZ_SID_BUF] = ""; ! 80: UCHAR ucACLBuf [SZ_ACL_BUF] = ""; ! 81: ! 82: DWORD dwSID = SZ_SID_BUF; ! 83: DWORD dwDACL = SZ_ACL_BUF; ! 84: ! 85: PSECURITY_DESCRIPTOR psdAbsoluteSD = (PSECURITY_DESCRIPTOR)&ucAbsSDBuf; ! 86: PSID psidAdministrators = (PSID)&ucSIDBuf; ! 87: PACL pNewDACL = (PACL)&ucACLBuf; ! 88: ! 89: /**************************************************************************\ ! 90: * ! 91: * Display help if any parameters passed in ! 92: * ! 93: \**************************************************************************/ ! 94: ! 95: if (argc != 1) ! 96: { DisplayHelp(); ! 97: return(1); ! 98: } ! 99: ! 100: /**************************************************************************\ ! 101: * ! 102: * Get SID of local Administrators ! 103: * ! 104: \**************************************************************************/ ! 105: ! 106: { ! 107: #define SZ_DOMAIN_BUF 40 ! 108: #define SZ_PSNU_BUF 8 ! 109: UCHAR ucDomainBuf [SZ_DOMAIN_BUF] = ""; ! 110: UCHAR ucPSNUBuf [SZ_PSNU_BUF] = ""; ! 111: ! 112: DWORD dwDomainName = SZ_DOMAIN_BUF; ! 113: ! 114: LPSTR lpszDomain = (LPSTR)&ucDomainBuf; ! 115: PSID_NAME_USE psnuType = (PSID_NAME_USE)&ucPSNUBuf; ! 116: ! 117: if(!LookupAccountName((LPSTR)NULL, /* local name */ ! 118: "Administrators", ! 119: psidAdministrators, ! 120: &dwSID, ! 121: lpszDomain, ! 122: &dwDomainName, ! 123: psnuType)) ! 124: { PERR("LookupAccountName"); ! 125: return(1); ! 126: } ! 127: ! 128: if (*psnuType != SidTypeAlias) ! 129: { PMSG("LookupAccountName returned the wrong SID type"); ! 130: return(1); ! 131: } ! 132: } ! 133: ! 134: /**************************************************************************\ ! 135: * ! 136: * Initialize new DACL ! 137: * ! 138: \**************************************************************************/ ! 139: ! 140: if (!InitializeAcl(pNewDACL, ! 141: dwDACL, ! 142: ACL_REVISION2)) ! 143: { PERR("InitializeAcl"); ! 144: return(1); ! 145: } ! 146: ! 147: /**************************************************************************\ ! 148: * ! 149: * Allow All access to the floppy for local Administrators only ! 150: * ! 151: \**************************************************************************/ ! 152: ! 153: if (!AddAccessAllowedAce(pNewDACL, ! 154: ACL_REVISION2, ! 155: FILE_ALL_ACCESS, ! 156: psidAdministrators)) ! 157: { PERR("AddAccessAllowedAce"); ! 158: return(1); ! 159: } ! 160: ! 161: /**************************************************************************\ ! 162: * ! 163: * Build SD in absolute format ! 164: * ! 165: \**************************************************************************/ ! 166: ! 167: if (!InitializeSecurityDescriptor(psdAbsoluteSD, ! 168: SECURITY_DESCRIPTOR_REVISION)) ! 169: { PERR("InitializeSecurityDescriptor"); ! 170: return(1); ! 171: } ! 172: ! 173: /**************************************************************************\ ! 174: * ! 175: * Set DACL into SD ! 176: * ! 177: \**************************************************************************/ ! 178: ! 179: if (!SetSecurityDescriptorDacl(psdAbsoluteSD, ! 180: TRUE, // fDaclPresent flag ! 181: pNewDACL, ! 182: FALSE)) // not a default DACL ! 183: { PERR("SetSecurityDescriptorDacl"); ! 184: return(1); ! 185: } ! 186: ! 187: /**************************************************************************\ ! 188: * ! 189: * Check to see that SD is valid before attempting to write it to the file ! 190: * ! 191: \**************************************************************************/ ! 192: ! 193: if (!IsValidSecurityDescriptor(psdAbsoluteSD)) ! 194: { PERR("IsValidSecurityDescriptor"); ! 195: return(1); ! 196: } ! 197: ! 198: /**************************************************************************\ ! 199: * ! 200: * Write SD to file system - first for A: then B: ! 201: * ! 202: \**************************************************************************/ ! 203: ! 204: if (!WriteSD_ToA_File(psdAbsoluteSD,"\\\\.\\A:")) ! 205: { return(1); ! 206: } ! 207: ! 208: if (!WriteSD_ToA_File(psdAbsoluteSD,"\\\\.\\B:")) ! 209: { return(1); ! 210: } ! 211: ! 212: /**************************************************************************\ ! 213: * ! 214: * Works for CDROM drives as well - commented out as this samples is floppy ! 215: * only ! 216: * ! 217: \**************************************************************************/ ! 218: /* ! 219: if (!WriteSD_ToA_File(psdAbsoluteSD,"\\\\.\\E:")) ! 220: { return(1); ! 221: } ! 222: */ ! 223: /**************************************************************************\ ! 224: * ! 225: * Works for COM ports as well - commented out as this samples is floppy only ! 226: * ! 227: \**************************************************************************/ ! 228: /* ! 229: if (!WriteSD_ToA_File(psdAbsoluteSD,"COM1:")) ! 230: { return(1); ! 231: } ! 232: */ ! 233: return(0); ! 234: } ! 235: ! 236: /****************************************************************************\ ! 237: * ! 238: * FUNCTION: WriteSD_ToA_File ! 239: * ! 240: \****************************************************************************/ ! 241: ! 242: BOOL WriteSD_ToA_File(PSECURITY_DESCRIPTOR psdAbsoluteSD, LPTSTR lpszFileName) ! 243: { ! 244: DWORD dwErrorMode; ! 245: BOOL bStatus; ! 246: ! 247: /**************************************************************************\ ! 248: * ! 249: * SetErrorMode so we don't get the error due to no floppy disk in the floppy ! 250: * drive ! 251: * ! 252: \**************************************************************************/ ! 253: ! 254: dwErrorMode = SetErrorMode(SEM_FAILCRITICALERRORS); ! 255: ! 256: /**************************************************************************\ ! 257: * ! 258: * Write SD to file system ! 259: * ! 260: \**************************************************************************/ ! 261: ! 262: bStatus = SetFileSecurity(lpszFileName, ! 263: (SECURITY_INFORMATION)(DACL_SECURITY_INFORMATION), ! 264: psdAbsoluteSD); ! 265: ! 266: /**************************************************************************\ ! 267: * ! 268: * SetErrorMode back to its previous value ! 269: * ! 270: \**************************************************************************/ ! 271: ! 272: SetErrorMode(dwErrorMode); ! 273: ! 274: if (!bStatus) ! 275: { if (ERROR_FILE_NOT_FOUND == GetLastError()) ! 276: { printf("\nAttempted to lock %s, but it was not found",lpszFileName); ! 277: } ! 278: else ! 279: { PERR("SetFileSecurity"); ! 280: return(FALSE); ! 281: } ! 282: } ! 283: ! 284: return(TRUE); ! 285: } ! 286: ! 287: /****************************************************************************\ ! 288: * ! 289: * FUNCTION: DisplayHelp ! 290: * ! 291: \****************************************************************************/ ! 292: ! 293: VOID DisplayHelp(VOID) ! 294: { ! 295: printf("\nTo run type SD_FLPPY and no (0) parameters. Syntax:"); ! 296: printf("\n SD_FLPPY"); ! 297: printf("\n "); ! 298: printf("\nExamples:"); ! 299: printf("\n SD_FLPPY"); ! 300: printf("\n Puts a DACL on A: and B: so that local Administrators"); ! 301: printf("\n have all access and no one else has any access."); ! 302: printf("\n Since domain Administrators are by default members of"); ! 303: printf("\n local Administrators, this will in many cases give"); ! 304: printf("\n the desired result, but this utility is only one"); ! 305: printf("\n example of the many possible interfaces that may be"); ! 306: printf("\n desired. Full source to this program is available,"); ! 307: printf("\n so people may write different interfaces."); ! 308: printf("\n This .exe could be run from a logon script, or from"); ! 309: printf("\n the Startup group. An alternative approach is to"); ! 310: printf("\n use the other version of this program. The other"); ! 311: printf("\n version is packaged as a service that applies the"); ! 312: printf("\n DACLs when the machine boots up\n"); ! 313: }
This archive runs on limited infrastructure. Preserving old code on modern bandwidth. Automated agents are requested to crawl responsibly.