场景:我有一个可以创建、启动、停止其他服务的服务,并通过 IPC 将其提供给用户进程。
如果调用进程有权访问 SCM,我如何签入我的服务?
所以在更抽象的层面上,我有一些安全的对象,在这种情况下是 SCM,但它实际上可以是任何其他进程、线程、文件、文件夹或 reg 键等......而且我有一些用户进程可能或可能没有访问该资源的权限。如何在第 3 方进程中确定所述用户进程是否有权访问给定的安全对象?
问问题
80 次
1 回答
0
好的,我有它:D 接缝可以做我需要的事情,它基于http://blog.aaronballman.com/2011/08/how-to-check-access-rights/
bool CanAccessSCM(HANDLE idProcess)
{
bool bRet = false;
DWORD genericAccessRights = SC_MANAGER_ALL_ACCESS;
SC_HANDLE scHandle = OpenSCManager(NULL, NULL, READ_CONTROL);
if (scHandle != NULL) {
PSECURITY_DESCRIPTOR securityDescriptor;
if (NT_SUCCESS(GetSecurityInfo(scHandle, SE_SERVICE, OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION | DACL_SECURITY_INFORMATION
, NULL, NULL, NULL, NULL, &securityDescriptor))) {
HANDLE hProcess = OpenProcess(PROCESS_QUERY_INFORMATION, FALSE, (DWORD)(ULONG_PTR)idProcess);
if (hProcess != NULL) {
HANDLE hToken = NULL;
if (OpenProcessToken(hProcess, TOKEN_IMPERSONATE | TOKEN_QUERY | TOKEN_DUPLICATE | STANDARD_RIGHTS_READ, &hToken)) {
HANDLE hImpersonatedToken = NULL;
if (DuplicateToken(hToken, SecurityImpersonation, &hImpersonatedToken)) {
GENERIC_MAPPING mapping = { 0xFFFFFFFF };
PRIVILEGE_SET privileges = { 0 };
DWORD grantedAccess = 0, privilegesLength = sizeof(privileges);
BOOL result = FALSE;
/*
mapping.GenericRead = FILE_GENERIC_READ;
mapping.GenericWrite = FILE_GENERIC_WRITE;
mapping.GenericExecute = FILE_GENERIC_EXECUTE;
mapping.GenericAll = FILE_ALL_ACCESS;
::MapGenericMask( &genericAccessRights, &mapping );*/
if (::AccessCheck(securityDescriptor, hToken, genericAccessRights,
&mapping, &privileges, &privilegesLength, &grantedAccess, &result)) {
bRet = (result == TRUE);
}
CloseHandle(hImpersonatedToken);
}
CloseHandle(hToken);
}
CloseHandle(hProcess);
}
LocalFree(securityDescriptor);
}
CloseHandle(scHandle);
}
return bRet;
}
´´´
于 2020-07-01T21:18:38.010 回答