![[BACK]](/cvsweb/icons/back.gif){kind=icon}
Return to sd_flppy.c CVS log ![[TXT]](/cvsweb/icons/text.gif){kind=icon}
![[DIR]](/cvsweb/icons/dir.gif){kind=icon}
Up to [WindowsNT SDKs] / q_a / samples / sd_flppy|
Return to sd_flppy.c CVS log | Up to [WindowsNT SDKs] / q_a / samples / sd_flppy |
1.1 root 1: /****************************************************************************\
2: *
3: * Microsoft Developer Support
4: * Copyright (c) 1992, 1993 Microsoft Corporation
5: *
6: * MODULE: sd_flppy.c
7: *
8: * There is no way to put a DACL on the floppy drives or on the
9: * COM ports with REGEDT32, or using the Control Panel or other
10: * part of the user interface. And there is no way to use the
11: * Win32 api to put a DACL on the floppy drives or on the COM
12: * ports that survives reboots
13: *
14: * sd_flppy.c, however, does put DACLs on the floppy drives or on
15: * the COM ports that survive logoff/logon, that is, these
16: * DACLs are on the floppy drives or on the COM ports until the
17: * next reboot
18: *
19: * A version of this sample program can be installed as a
20: * service, so that each time the machine boots up the DACLs
21: * are automatically re-applied
22: *
23: * PURPOSE: Show sample code that applies DACLs to floppy drives and COM
24: * ports
25: *
26: * There are possibly as many desired user interfaces to this
27: * sort of functionality as there are people thinking about
28: * this, so it is not a purpose of this sample (or the Win32
29: * service variation of it) to present an incredibly cool user
30: * interface to how the DACLs get applied. A very simplistic
31: * approach is taken to the user interface. Anyone who desires
32: * that more complicated DACLs are applied, or desires other
33: * variations in the user interface hopefully will benefit by
34: * being able to use this sample code as a starting point for
35: * their DACL-applying app
36: *
37: * This sample is not a supported utility
38: *
39: * TO RUN: Type sd_flppy to lock the \\.\A: and \\.\B devices
40: *
41: * Putting sd_flppy in a Startup group or logon script could work
42: * for some people
43: *
44: \****************************************************************************/
45:
46: /****************************************************************************\
47: * INCLUDES, DEFINES
48: \****************************************************************************/
49: #define STRICT
50: #include <windows.h>
51: #include <stdlib.h>
52: #include <stdio.h>
53:
54: #define PERR(api) printf("\n%s: Error %d from %s on line %d", \
55: __FILE__, GetLastError(), api, __LINE__);
56: #define PMSG(msg) printf("\n%s line %d: %s", \
57: __FILE__, __LINE__, msg);
58:
59: /****************************************************************************\
60: * GLOBAL VARIABLES AND TYPEDEFS
61: \****************************************************************************/
62:
63:
64: /****************************************************************************\
65: * FUNCTION PROTOTYPES
66: \****************************************************************************/
67:
68: BOOL WriteSD_ToA_File(PSECURITY_DESCRIPTOR psdAbsoluteSD, LPTSTR lpszFileName);
69: VOID DisplayHelp(VOID);
70:
71: UINT main(UINT argc, char *argv[])
72: {
73:
74: #define SZ_SD_BUF 100
75: #define SZ_SID_BUF 75
76: #define SZ_ACL_BUF 150
77:
78: UCHAR ucAbsSDBuf [SZ_SD_BUF] = "";
79: UCHAR ucSIDBuf [SZ_SID_BUF] = "";
80: UCHAR ucACLBuf [SZ_ACL_BUF] = "";
81:
82: DWORD dwSID = SZ_SID_BUF;
83: DWORD dwDACL = SZ_ACL_BUF;
84:
85: PSECURITY_DESCRIPTOR psdAbsoluteSD = (PSECURITY_DESCRIPTOR)&ucAbsSDBuf;
86: PSID psidAdministrators = (PSID)&ucSIDBuf;
87: PACL pNewDACL = (PACL)&ucACLBuf;
88:
89: /**************************************************************************\
90: *
91: * Display help if any parameters passed in
92: *
93: \**************************************************************************/
94:
95: if (argc != 1)
96: { DisplayHelp();
97: return(1);
98: }
99:
100: /**************************************************************************\
101: *
102: * Get SID of local Administrators
103: *
104: \**************************************************************************/
105:
106: {
107: #define SZ_DOMAIN_BUF 40
108: #define SZ_PSNU_BUF 8
109: UCHAR ucDomainBuf [SZ_DOMAIN_BUF] = "";
110: UCHAR ucPSNUBuf [SZ_PSNU_BUF] = "";
111:
112: DWORD dwDomainName = SZ_DOMAIN_BUF;
113:
114: LPSTR lpszDomain = (LPSTR)&ucDomainBuf;
115: PSID_NAME_USE psnuType = (PSID_NAME_USE)&ucPSNUBuf;
116:
117: if(!LookupAccountName((LPSTR)NULL, /* local name */
118: "Administrators",
119: psidAdministrators,
120: &dwSID,
121: lpszDomain,
122: &dwDomainName,
123: psnuType))
124: { PERR("LookupAccountName");
125: return(1);
126: }
127:
128: if (*psnuType != SidTypeAlias)
129: { PMSG("LookupAccountName returned the wrong SID type");
130: return(1);
131: }
132: }
133:
134: /**************************************************************************\
135: *
136: * Initialize new DACL
137: *
138: \**************************************************************************/
139:
140: if (!InitializeAcl(pNewDACL,
141: dwDACL,
142: ACL_REVISION2))
143: { PERR("InitializeAcl");
144: return(1);
145: }
146:
147: /**************************************************************************\
148: *
149: * Allow All access to the floppy for local Administrators only
150: *
151: \**************************************************************************/
152:
153: if (!AddAccessAllowedAce(pNewDACL,
154: ACL_REVISION2,
155: FILE_ALL_ACCESS,
156: psidAdministrators))
157: { PERR("AddAccessAllowedAce");
158: return(1);
159: }
160:
161: /**************************************************************************\
162: *
163: * Build SD in absolute format
164: *
165: \**************************************************************************/
166:
167: if (!InitializeSecurityDescriptor(psdAbsoluteSD,
168: SECURITY_DESCRIPTOR_REVISION))
169: { PERR("InitializeSecurityDescriptor");
170: return(1);
171: }
172:
173: /**************************************************************************\
174: *
175: * Set DACL into SD
176: *
177: \**************************************************************************/
178:
179: if (!SetSecurityDescriptorDacl(psdAbsoluteSD,
180: TRUE, // fDaclPresent flag
181: pNewDACL,
182: FALSE)) // not a default DACL
183: { PERR("SetSecurityDescriptorDacl");
184: return(1);
185: }
186:
187: /**************************************************************************\
188: *
189: * Check to see that SD is valid before attempting to write it to the file
190: *
191: \**************************************************************************/
192:
193: if (!IsValidSecurityDescriptor(psdAbsoluteSD))
194: { PERR("IsValidSecurityDescriptor");
195: return(1);
196: }
197:
198: /**************************************************************************\
199: *
200: * Write SD to file system - first for A: then B:
201: *
202: \**************************************************************************/
203:
204: if (!WriteSD_ToA_File(psdAbsoluteSD,"\\\\.\\A:"))
205: { return(1);
206: }
207:
208: if (!WriteSD_ToA_File(psdAbsoluteSD,"\\\\.\\B:"))
209: { return(1);
210: }
211:
212: /**************************************************************************\
213: *
214: * Works for CDROM drives as well - commented out as this samples is floppy
215: * only
216: *
217: \**************************************************************************/
218: /*
219: if (!WriteSD_ToA_File(psdAbsoluteSD,"\\\\.\\E:"))
220: { return(1);
221: }
222: */
223: /**************************************************************************\
224: *
225: * Works for COM ports as well - commented out as this samples is floppy only
226: *
227: \**************************************************************************/
228: /*
229: if (!WriteSD_ToA_File(psdAbsoluteSD,"COM1:"))
230: { return(1);
231: }
232: */
233: return(0);
234: }
235:
236: /****************************************************************************\
237: *
238: * FUNCTION: WriteSD_ToA_File
239: *
240: \****************************************************************************/
241:
242: BOOL WriteSD_ToA_File(PSECURITY_DESCRIPTOR psdAbsoluteSD, LPTSTR lpszFileName)
243: {
244: DWORD dwErrorMode;
245: BOOL bStatus;
246:
247: /**************************************************************************\
248: *
249: * SetErrorMode so we don't get the error due to no floppy disk in the floppy
250: * drive
251: *
252: \**************************************************************************/
253:
254: dwErrorMode = SetErrorMode(SEM_FAILCRITICALERRORS);
255:
256: /**************************************************************************\
257: *
258: * Write SD to file system
259: *
260: \**************************************************************************/
261:
262: bStatus = SetFileSecurity(lpszFileName,
263: (SECURITY_INFORMATION)(DACL_SECURITY_INFORMATION),
264: psdAbsoluteSD);
265:
266: /**************************************************************************\
267: *
268: * SetErrorMode back to its previous value
269: *
270: \**************************************************************************/
271:
272: SetErrorMode(dwErrorMode);
273:
274: if (!bStatus)
275: { if (ERROR_FILE_NOT_FOUND == GetLastError())
276: { printf("\nAttempted to lock %s, but it was not found",lpszFileName);
277: }
278: else
279: { PERR("SetFileSecurity");
280: return(FALSE);
281: }
282: }
283:
284: return(TRUE);
285: }
286:
287: /****************************************************************************\
288: *
289: * FUNCTION: DisplayHelp
290: *
291: \****************************************************************************/
292:
293: VOID DisplayHelp(VOID)
294: {
295: printf("\nTo run type SD_FLPPY and no (0) parameters. Syntax:");
296: printf("\n SD_FLPPY");
297: printf("\n ");
298: printf("\nExamples:");
299: printf("\n SD_FLPPY");
300: printf("\n Puts a DACL on A: and B: so that local Administrators");
301: printf("\n have all access and no one else has any access.");
302: printf("\n Since domain Administrators are by default members of");
303: printf("\n local Administrators, this will in many cases give");
304: printf("\n the desired result, but this utility is only one");
305: printf("\n example of the many possible interfaces that may be");
306: printf("\n desired. Full source to this program is available,");
307: printf("\n so people may write different interfaces.");
308: printf("\n This .exe could be run from a logon script, or from");
309: printf("\n the Startup group. An alternative approach is to");
310: printf("\n use the other version of this program. The other");
311: printf("\n version is packaged as a service that applies the");
312: printf("\n DACLs when the machine boots up\n");
313: }
This archive runs on limited infrastructure. Preserving old code on modern bandwidth. Automated agents are requested to crawl responsibly.