场景:我有一个服务可以创建,启动,停止其他服务,并通过IPC向用户进程提供此服务。
如果调用进程有权访问 SCM,如何签入我的服务?
所以在更抽象的层面上,我有一些安全对象,在这种情况下是 SCM,但它实际上可以是其他进程、线程、文件、文件夹或注册密钥等...... 我有一些用户进程可能具有访问该资源的权限,也可能没有访问权限。 如何在第三方进程中确定所述用户进程是否有权访问给定的安全对象?
好吧,我有它:D 接缝做我需要它做的事情,它基于 http://blog.aaronballman.com/2011/08/how-to-check-access-rights/
bool CanAccessSCM(HANDLE idProcess)
{
bool bRet = false;
DWORD genericAccessRights = SC_MANAGER_ALL_ACCESS;
SC_HANDLE scHandle = OpenSCManager(NULL, NULL, READ_CONTROL);
if (scHandle != NULL) {
PSECURITY_DESCRIPTOR securityDescriptor;
if (NT_SUCCESS(GetSecurityInfo(scHandle, SE_SERVICE, OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION | DACL_SECURITY_INFORMATION
, NULL, NULL, NULL, NULL, &securityDescriptor))) {
HANDLE hProcess = OpenProcess(PROCESS_QUERY_INFORMATION, FALSE, (DWORD)(ULONG_PTR)idProcess);
if (hProcess != NULL) {
HANDLE hToken = NULL;
if (OpenProcessToken(hProcess, TOKEN_IMPERSONATE | TOKEN_QUERY | TOKEN_DUPLICATE | STANDARD_RIGHTS_READ, &hToken)) {
HANDLE hImpersonatedToken = NULL;
if (DuplicateToken(hToken, SecurityImpersonation, &hImpersonatedToken)) {
GENERIC_MAPPING mapping = { 0xFFFFFFFF };
PRIVILEGE_SET privileges = { 0 };
DWORD grantedAccess = 0, privilegesLength = sizeof(privileges);
BOOL result = FALSE;
/*
mapping.GenericRead = FILE_GENERIC_READ;
mapping.GenericWrite = FILE_GENERIC_WRITE;
mapping.GenericExecute = FILE_GENERIC_EXECUTE;
mapping.GenericAll = FILE_ALL_ACCESS;
::MapGenericMask( &genericAccessRights, &mapping );*/
if (::AccessCheck(securityDescriptor, hToken, genericAccessRights,
&mapping, &privileges, &privilegesLength, &grantedAccess, &result)) {
bRet = (result == TRUE);
}
CloseHandle(hImpersonatedToken);
}
CloseHandle(hToken);
}
CloseHandle(hProcess);
}
LocalFree(securityDescriptor);
}
CloseHandle(scHandle);
}
return bRet;
}
´´´