权限问题处理是日常开发过程中很常见的一个操作,这里记录一下使用方法
1、给某个文件或文件夹赋予特定用户的特定访问权限
/* 给文件(夹)szPath设置用户名为pszAccount的可读可写可修改权限 */
bool GiveTheAccountPrivToFile(const TCHAR szPath[], const TCHAR pszAccount[])
{
PACL pDaclOld = NULL;
// 获取文件安全对象的DACL列表
if (ERROR_SUCCESS != GetNamedSecurityInfo (szPath, SE_FILE_OBJECT, DACL_SECURITY_INFORMATION, NULL, NULL, &pDaclOld, NULL, NULL))
{
std::cout << "GetNamedSecurityInfo fail. LastError: " << GetLastError() << endl;
return false;
}
EXPLICIT_ACCESS ea = { 0 };
// 生成指定用户帐户的访问控制信息(这里指定赋予修改、读取和执行、读取、写入权限)
::BuildExplicitAccessWithName (&ea, (LPTSTR)pszAccount, GENERIC_READ | GENERIC_WRITE | GENERIC_EXECUTE, GRANT_ACCESS, SUB_CONTAINERS_AND_OBJECTS_INHERIT);
// 生成指定用户帐户的访问控制信息(这里指定赋予所有权限)
// ::BuildExplicitAccessWithName (&ea, (LPTSTR)pszAccount, GENERIC_ALL, GRANT_ACCESS, SUB_CONTAINERS_AND_OBJECTS_INHERIT);
BOOL bSuccess = TRUE;
PACL pDaclNew = NULL;
do
{
// 创建新的ACL对象(合并已有的ACL对象和刚生成的用户帐户访问控制信息)
if (ERROR_SUCCESS != ::SetEntriesInAcl(1, &ea, pDaclOld, &pDaclNew))
{
std::cout << "SetEntriesInAcl fail. LastError: " << GetLastError() << endl;
bSuccess = FALSE;
break;
}
// 设置文件安全对象的DACL列表
if (ERROR_SUCCESS != ::SetNamedSecurityInfo ((LPTSTR)szPath, SE_FILE_OBJECT, DACL_SECURITY_INFORMATION, NULL, NULL, pDaclNew, NULL))
{
std::cout << "SetNamedSecurityInfo fail. LastError: " << GetLastError() << endl;
bSuccess = FALSE;
}
}while(FALSE);
if (NULL != pDaclNew)
{
::LocalFree(pDaclNew);
}
return bSuccess;
}
2、提升进程权限
#include
#include
#pragma comment(lib, "cmcfg32.lib")
BOOL SetPrivilege(
HANDLE hToken, // access token handle
LPCTSTR lpszPrivilege, // name of privilege to enable/disable
BOOL bEnablePrivilege // to enable or disable privilege
)
{
TOKEN_PRIVILEGES tp;
LUID luid;
if (FALSE == LookupPrivilegeValue(
NULL, // lookup privilege on local system
lpszPrivilege, // privilege to lookup
&luid)) // receives LUID of privilege
{
printf("LookupPrivilegeValue fail. gle: 0x%08x\n", GetLastError());
return FALSE;
}
tp.PrivilegeCount = 1;
tp.Privileges[0].Luid = luid;
if (bEnablePrivilege)
tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
else
tp.Privileges[0].Attributes = 0;
// Enable the privilege or disable all privileges.
if (FALSE == AdjustTokenPrivileges(
hToken,
FALSE,
&tp,
sizeof(TOKEN_PRIVILEGES),
NULL,
NULL))
{
printf("AdjustTokenPrivileges fail. gle: 0x%08x\n", GetLastError());
return FALSE;
}
if (GetLastError() == ERROR_NOT_ALL_ASSIGNED)
{
printf("The token does not have the specified privilege. \n");
return FALSE;
}
return TRUE;
}
本文来自博客园,作者:Arthurian,转载请注明原文链接:https://www.cnblogs.com/Arthurian/p/16663266.html
欢迎邮件交流:zhuanxinxin@aliyun.com
Original: https://www.cnblogs.com/Arthurian/p/16663266.html
Author: Arthurian
Title: C++处理系统相关权限问题
原创文章受到原创版权保护。转载请注明出处:https://www.johngo689.com/683677/
转载文章受原作者版权保护。转载请注明原作者出处!