close

Вход

Забыли?

вход по аккаунту

?

Отчет №4

код для вставкиСкачать
????? ?? ???????????? ?????? ?4
??????????: "????????? ??????????? ???????????"
????: ????? ??????? ???????.
???????? ??????? ??. 5081/13 ???????? ?. ?.
????????????? __________ ???????? ?. ?.
\
1. 1. ????????
???????????? ????? ??????? ???????? ????? "?????", ????? ??????????? ????? ???????. ????? - ??????? ?????? ?????????? ? ???????????? ? ?????-?? ???????? (??? ? ?????? ??????-?? ????????) ???????? ? ?????? (????????, ? ????). ????? ??????? ? ??????? ????????? ?????????? ?????????? ? ???????? ? ????????. ??????? ???????? ? ????? ? ?????? ?????????, ??????????? ????? ????? ?????? ? ???????.
2. ????? ?????????.
???????? ??????? ????????????? ??????????? ??? ?????? ??????. ?????? ?? ??? ?????????, ?? ????????? ?????? ? ????????. ??????? ?????? ????? ??????????, ?? ??? ??????, ??????????? ?????????: ChangeAuditor for Windows, File Servers, NetWrix Change Reporter Suite, Blackbird Auditor for File System,ADAudit Plus, CPTRAX for Windows, FileSure for Windows, File Audit. ???? ? ??????, ?? ??? ??? ?????????? ???????? ???????????. ????????? ?? ? ????? ????, ?????????. ????????? File Audit ????????? ?????????, ??, ??? ? ????????? ???????, ???????? ?????. ?????? ??? ????????????? ???????? ???????? ? ????? ???????? ?????????:
????? ??????? ????? ? ??????? ????? ??????? ????? ???? ??????, ?????????? ??? ????? ???????, ? ??? ?? ? ??????????????, ???? ?????????? ??????? ? ??? ?????. ?? ?????? ?? ???????? ? ?????? ???? ????? ????????? ???????, ? ???? ????? ?????????? ?????? ? ????. ?? ??????? ?????, ??????, ???????? ????????????? ????????? ??? ?????????, ??????? ? ???????. ??????? ??????????? ? MSDN ? ????? ???????, ? ??????? ??????? ? ??????????????? ???????? ?????.
3. ???? ?????????? ?????? ?????.
???????, ??????????? ????? ????? ???? ?????? ? ?????-???? ???????? ?????????? ReadDirectoryChangesW(). ???? ???????????? ???????? ?????, ??????? ??? ?????????:
_In_ HANDLE hDirectory, - ???? ??????????, ? ??????? ??????? ?????
_Out_ LPVOID lpBuffer, - ?????, ???? ???????????? ?????????? ??????
_In_ DWORD nBufferLength, - ????? ????? ??????
_In_ BOOL bWatchSubtree, - ????, ??????????? ????? ?? ???????? ??????????? ?????????, ????????? ? hDirectory
_In_ DWORD dwNotifyFilter, - ??? ??????????? ??? ????????, ??????? ????? ?????????? ??????: ??????,????????? ?????, ????????, ???????? ? ?.?.
_Out_opt_ LPDWORD lpBytesReturned, - ?????? ?????? ??? ?????????? ??????
_Inout_opt_ LPOVERLAPPED lpOverlapped, - ?????????, ???????? ?????? ?? ????? ??????????? ??????
_In_opt_ LPOVERLAPPED_COMPLETION_ROUTINE lpCompletionRoutine - ????????? ??????????? ??? ?????? ?????? ?????.
??? ?????, ??? ?????????, ????????? ? ????????? Audit File ???????? ?????????? ? ???? ???????. ???? ???? ???????? ?????????, ??????????? ??????????? ??? ?? ?????????? ??? ? ????????????? ?????????.
#define UNICODE
#include <Windows.h>
#include <stdio.h>
#include <stdlib.h>
static PCSTR GetActionName(DWORD Action)
{
static const PCSTR Actions[] = { //????????? ???????? ? ??????
"0",
"FILE_ACTION_ADDED", // ???? ????????
"FILE_ACTION_REMOVED", // ???? ??????
"FILE_ACTION_MODIFIED", // ???? ???????
"FILE_ACTION_RENAMED_OLD_NAME", // ???? ???????????? ?? ????? ?????
"FILE_ACTION_RENAMED_NEW_NAME" // ???? ???????????? ? ??? ???
};
static CHAR Buffer[16];
if (Action >= RTL_NUMBER_OF(Actions)) {
sprintf(Buffer, "%lu", Action);
return Buffer;
}
return Actions[Action];
}
int process(void) {
WCHAR DirectoryName[MAX_PATH];
HANDLE DirectoryHandle;
OVERLAPPED Overlapped = { 0 };
FILE_NOTIFY_INFORMATION *FileNotifyInformation;
PVOID FileNotifyInformationBuffer;
DWORD FileNotifyInformationSize;
DWORD BytesReturned;
BOOL Ret;
if (!GetCurrentDirectory(RTL_NUMBER_OF(DirectoryName), DirectoryName)) { // ???????? ??????? ??????????, ? ??????? ??????????? ?????????
fprintf(stderr, "GetCurrentDirectory failed with %lu\n", GetLastError());
return EXIT_FAILURE;
}
DirectoryHandle = CreateFile(DirectoryName, // ?????? ????? ??????? ??????????. FILE_LIST_DIRECTORY,
FILE_SHARE_READ | FILE_SHARE_WRITE,
NULL,
OPEN_EXISTING,
FILE_FLAG_BACKUP_SEMANTICS | FILE_FLAG_OVERLAPPED,
NULL); if (DirectoryHandle == INVALID_HANDLE_VALUE) {
fprintf(stderr, "CreateFile failed with %lu\n", GetLastError());
return EXIT_FAILURE;
}
Overlapped.hEvent = CreateEvent(NULL, TRUE, FALSE, NULL); // ??????? ?????????? ??????? if (Overlapped.hEvent == NULL) {
fprintf(stderr, "CreateEvent failed with %lu\n", GetLastError());
CloseHandle(DirectoryHandle);
return EXIT_FAILURE;
}
FileNotifyInformationSize = 2 * FIELD_OFFSET(FILE_NOTIFY_INFORMATION,FileName[MAX_PATH]); // ??????? ??????????? ???? ??? ??????? ReadDirectoryChangesW
FileNotifyInformationBuffer = HeapAlloc(GetProcessHeap(),0,FileNotifyInformationSize); // ??????? ??????????? ???? ??? ??????? ReadDirectoryChangesW
if (FileNotifyInformationBuffer == NULL) {
fprintf(stderr, "Failed to allocate %lu bytes\n", FileNotifyInformationSize);
CloseHandle(Overlapped.hEvent);
CloseHandle(DirectoryHandle);
return EXIT_FAILURE;
}
printf("Watching directory '%ls' for changes...\n", DirectoryName);
while (1) { // ??????????? ????, ?????? ??? ????????? ????????? ?????? ??????????? ????????????? ?????
Ret = ReadDirectoryChangesW(DirectoryHandle, // ??????? ???????? ????????? ? ??????????, ??????? ??????????? ??? ????????? ???????? ? ??????? ? ???????? ? ???? ????????????. ?????? ?? ??? ??????????.
FileNotifyInformationBuffer,
FileNotifyInformationSize,
TRUE,
FILE_NOTIFY_CHANGE_FILE_NAME | FILE_NOTIFY_CHANGE_DIR_NAME | FILE_NOTIFY_CHANGE_SIZE | FILE_NOTIFY_CHANGE_LAST_WRITE | FILE_NOTIFY_CHANGE_LAST_ACCESS
| FILE_NOTIFY_CHANGE_CREATION | FILE_NOTIFY_CHANGE_SECURITY | FILE_NOTIFY_CHANGE_ATTRIBUTES,
NULL,
&Overlapped,
NULL);
if (!Ret) {
fprintf(stderr, "ReadDirectoryChangesW failed with %lu\n", GetLastError());
HeapFree(GetProcessHeap(), 0, FileNotifyInformationBuffer);
CloseHandle(Overlapped.hEvent);
CloseHandle(DirectoryHandle);
return EXIT_FAILURE;
}
Ret = GetOverlappedResult(DirectoryHandle, // ??????? ???????, ??????????? ?????????? ? ??????????
&Overlapped,
&BytesReturned,
TRUE);
if (!Ret) {
fprintf(stderr, "GetOverlappedResult failed with %lu\n", GetLastError());
HeapFree(GetProcessHeap(), 0, FileNotifyInformationBuffer);
CloseHandle(Overlapped.hEvent);
CloseHandle(DirectoryHandle);
return EXIT_FAILURE;
}
FileNotifyInformation = (FILE_NOTIFY_INFORMATION *)FileNotifyInformationBuffer;
BytesReturned = min(BytesReturned, FileNotifyInformationSize);
while (BytesReturned >= RTL_SIZEOF_THROUGH_FIELD(FILE_NOTIFY_INFORMATION, FileNameLength) &&
BytesReturned >= FIELD_OFFSET(FILE_NOTIFY_INFORMATION, FileName[FileNotifyInformation->FileNameLength / sizeof(WCHAR)])) { // ??? ????????? ???????, ???????????? ????????? ? ??????????? ???????. ????????? ?? ????????? FileNotifyInformation ??? ?????, ? ??????? ??????? ???????? ? ???? ??????????? ????????
printf("File '%.*ls' has seen an action of type %s\n",
(int)FileNotifyInformation->FileNameLength / sizeof(WCHAR),
FileNotifyInformation->FileName,
GetActionName(FileNotifyInformation->Action));
if (FileNotifyInformation->NextEntryOffset == 0)
break;
if (BytesReturned < FileNotifyInformation->NextEntryOffset)
break;
BytesReturned -= FileNotifyInformation->NextEntryOffset; // ???? ??????? ????????? ?? ????, ?? ???????????? ??? ???????.
FileNotifyInformation = (FILE_NOTIFY_INFORMATION *)((ULONG_PTR)FileNotifyInformation + FileNotifyInformation->NextEntryOffset);
}
ZeroMemory(&Overlapped, FIELD_OFFSET(OVERLAPPED, hEvent));
ResetEvent(Overlapped.hEvent);
}
HeapFree(GetProcessHeap(), 0, FileNotifyInformationBuffer);
CloseHandle(Overlapped.hEvent);
CloseHandle(DirectoryHandle);
return EXIT_SUCCESS;
}
void main(int argc, TCHAR *argv[]){
int result = process();
int a;
scanf_s("%d", &a);
}
????????? ?????????? ? ??????? ??? ???????? ? ????????? ??????????:
??? ??? ??? ???????? ???? ????? ??? "????? ????", ?? ???????? ???????? ?? ???????????? ?? ?????(????? ???? ?????? ?????? "File ` ") - ?? ????????? ??????? ??????? ? ???????.
4. ????? ?????? ? ??????? Windows
??? ?? ?????? ? ?????? ?? ??????? ????????? ???? ?????, ?? ????? ??? ???????? ??????????: 1) ????????? ???????? ???????? ?????????? ?? ?????? ???? ?????, ????? ????????. 2) ????????? ?? ????? ????????? ???????? ? ???????? ?????, ? ??? ?? ??? ??????????? ? ?????? ?????. ? ????? ? ????, ? ?????????? ????? ? ??????? ????? - ????? ?????????? ? ??????? windows ??????????? ?????? ??????. ?????? ???? ? windows ????? ?????? ?????????? ?????? ??? ?????? ?????????? ??? ??????????? ?????????????. ?????????? ??? ?????????? ???????? ?? ???????. ???? ?????????? ????????? ??? ???? - ????????? ?? DACL ? SACL. ?????????? ??? ??? ?????. ?????? ?????????? ????????????? ???????? (discretionary access-control list, DACL)?????????, ??? ????? ???????? ?????? ? ??????? ? ????? ???? ???????. ????????? ?????? ?????????? ???????? (system access-control list, SACL) ?????????, ????? ???????? ? ????? ????????????? ?????? ???????????????? ? ??????? ?????? ????????????. ??? ??????? ???????????? ????? ???????? ACL. ?????? ?????????? ????????(access-control list, ACL) ??????? ?? ????????? ? ????? ????????? ???????? (access-control entries, ???). B DACL ?????? ACE ???????? SID ? ????? ??????? (? ????? ????? ??????), ?????? ACE ????? ???? ??????? ?????: "?????? ????????" (access allowed), "?????? ????????" (access denied), "??????????? ??????" (allowed-object) ? "??????????? ??????" (denied-object). ?????? ??? ACE ????????? ???????????? ?????? ? ???????, ? ?????? - ?????????? ? ?????????????? ????, ????????? ? ????? ???????.
??????? ????? ACE ???? "??????????? ??????" ? "?????? ????????", ? ????? ????? ACE ???? "??????????? ??????" ? "?????? ????????" ??????????? ? ???, ??? ??? ???? ???????????? ?????? ? Active Directory. ACE ???? ????? ????? ???? ????????? ??????????? ?????????????? (globally unique identifier, GUID), ??????? ????????, ??? ?????? ACE ???????? ?????? ? ???????????? ???????? ??? ??? ???????? (? GUID-????????????????). ????? ????, ?????????????? GUID ?????????, ??? ??? ????????? ??????? ????????? ACE ??? ??? (???????) ???????? ? ?????????? Active Directory, ? ???????? ???????? ???. (GUID - ??? ?????????????? ?????????? 128-?????? ?????????????.)
?? ???? ??????????? ???? ???????, ?????????????? ? ??????????????? ???, ??????????? ????? ????, ??????????????? ACL-???????. ???? ? ??????????? ?????? ??? DACL (DACL = null), ????? ???????????? ???????? ?????? ?????? ? ???????. ???? DACL ???? (?. ?. ? ??? ??? ???), ??????? ? ??????? ?? ???????? ?????.
SACL ??????? ?? ACE ???? ?????: ?????????? ?????? (system audit ACE) ? ??????? ?????????? ?????? (system audit-object ???). ??? ACE ??????????, ????? ????????, ??????????? ??? ????????? ??????????? ?????????????? ??? ????????, ???????? ??????. ?????????? ?????? ???????? ? ????????? ??????? ??????. ?????? ????? ????????? ??? ????????, ??? ? ????????? ????????. ??? ? ????????????? ??? ???????? ACE ?? DACL, ACE ???????? ?????????? ?????? ???????? GUID, ??????????? ???? ???????? ??? ???-????????, ? ??????? ???????? ?????? ???, ? ?????????????? GUID, ?????????????? ???????? ACE ???????? ???????? ?????????? ?????. ??? SACL, ?????? null, ????? ??????? ?? ???????. ????? ????????????, ?????????? ? DACL ???, ????????? ? ACE ?????????? ?????? ? ???????? ?????????? ??????. ???????????? ??? ??????? ????? ?????? ? ??????? ?????????? ? windows ?????, ? ????? ?????? ??? ?? ????? ????????. ?? ????? MSDN ?????????? ????????? ?????????? ????????? ?????? ? ????? ? ??????? GUI windows: ????????? ?????? ??????? ????????????? ? ??????, ?????? ? ?????????:
� ?????????????? ?????? ?????????? ?????? ????????? ? ?????? ??????? "????????????". ??? ????????? ?????????? ?????? ????????? ????????? ????????: ? ???? "????" ???????? ????? "?????? ??????????", ???????? ?? ?????? "?????????????????? ? ????????????" ? ???????? ?????? ???????? "?????????????????". � ???????? ??????? "????????? ???????? ????????????". � ?????????? ??????? "????????? ????????". � ???????? ????? "???????? ??????". � ??????? ??????? ???? ???????? ???????? "????? ??????? ? ????????". � ??? ???????????? ??????? ??????? ??????? ? ??????, ?????? ? ????????? ?????????? ?????? "?????". � ??? ???????????? ????????? ??????? ??????? ? ??????, ?????? ? ????????? ?????????? ?????? "?????". � ??? ???????????? ???? ??????? ??????? ? ???????? ?????? ?????????? ??? ??????. � ??????? ?????? "??". ???????? ??? ???????? ???????, ? ????????????? ??????? ????????? ?????? ? ?????. ?????? ???? ?????? ????? ?? ????????? ?????? ? ???? ?????? ????????????? ????? ??? ? ???? ?????? ? ?????? ??????? ?? ??????? ? ??????? ????????? ??? ?? ????? ??????? ???????? ??????????????. ??????? ? ????? ???????? ?????????, ??????????? ???????? ? ????????? ????? ? ?????? ?????. 5. ??????????? ?????????? ?????????/?????????? ?????? windows.
??? ?? ? ??????? ????? ???? ???????? ????? ?????, ?????????? ? ???????? ???????????? ???????? ??????????????? ??????????. ??? ????? ??????? ???????, ???????? "????????? ????????? ????????????" ?? ???? "?????????????????". ??????? "????????? ????????" ? "???????? ??????" ? ???????? ? "????????? ????????????" ?????/?????. ????? ??? ?? ??? ??????? ? ??????????, ??????????? ??????? LsaSetInformationPolicy(). NTSTATUS LsaSetInformationPolicy(
_In_ LSA_HANDLE PolicyHandle, - ????? ??????? ???????? ?????????????. ??????? ?? ??????? LsaOpenPolicy(). _In_ POLICY_INFORMATION_CLASS InformationClass, - ?????????? ???? ????? ????????? ????????, ??? ???????? ????? ???????? ???????? ????????????. ? ???? ?????? ?? ????? PolicyAuditEventsInformation
_In_ PVOID Buffer - ?????, ? ??????? ???????????? ??????? ???????????? ??????, ? ??? ????? ?? ??????? ?????? ????????.
);
#include "stdafx.h"
#include <Windows.h>
#include <stdio.h>
#include <ntsecapi.h>
#pragma hdrstop
int IsAuditOn( BOOL forceAuditOn )
{
int rc = 0;
POLICY_ACCOUNT_DOMAIN_INFO *ppadi = NULL;
SECURITY_QUALITY_OF_SERVICE sqos;
LSA_OBJECT_ATTRIBUTES lsaOA;
LSA_HANDLE polHandle;
NTSTATUS nts;
sqos.Length = sizeof(SECURITY_QUALITY_OF_SERVICE);
sqos.ImpersonationLevel = SecurityImpersonation;
sqos.ContextTrackingMode = SECURITY_DYNAMIC_TRACKING;
sqos.EffectiveOnly = FALSE;
lsaOA.Length = sizeof(LSA_OBJECT_ATTRIBUTES); //????????? ????????? ??????? ? ???????? ???????????? lsaOA.RootDirectory = NULL;
lsaOA.ObjectName = NULL;
lsaOA.Attributes = 0;
lsaOA.SecurityDescriptor = NULL;
lsaOA.SecurityQualityOfService = &sqos;
nts = LsaOpenPolicy( ?????????? ?????, ??????????? ?? ????????? ???????? ???????????? windows ?? ??????? ??????????.
NULL, // NULL = current machine.
&lsaOA,
POLICY_VIEW_LOCAL_INFORMATION | GENERIC_READ | GENERIC_EXECUTE |
POLICY_ALL_ACCESS,
&polHandle);
if (nts != 0) return -1;
nts = LsaQueryInformationPolicy( //?? ??????????? ??????, ???????? ???? ????????? ???????? ????????????, ???????????? ? ppadi
polHandle,
PolicyAuditEventsInformation,
(PVOID*) &ppadi);
if (nts != 0) return -1;
if ( forceAuditOn )
{
// ????????????? ??? ?????? ???????? ? ????????? enable.
ppadi->DomainName.Buffer[0] = 3; // restart_shutdown_and_system
ppadi->DomainName.Buffer[2] = 3; // logon_and_logoff
ppadi->DomainName.Buffer[4] = 3; // file_and_object_access
ppadi->DomainName.Buffer[6] = 3; // use_of_user_rights
ppadi->DomainName.Buffer[8] = 3; // process_tracking
ppadi->DomainName.Buffer[10] = 3; // security_policy_changes
ppadi->DomainName.Buffer[12] = 3; // user_and_group_management
ppadi->DomainName.Length = 1;
nts = LsaSetInformationPolicy( // ????????????? ??????????? ???????? ????????????
polHandle,
PolicyAuditEventsInformation,
ppadi);
if (nts != 0) return -1;
rc = 1;
}
LsaFreeMemory(polHandle); //??????????? ??????
return rc;
}
int _tmain(int argc, _TCHAR* argv[])
{
int rc;
rc = IsAuditOn( TRUE );
if ( rc == 1 )
puts( "Auditing has been enabled." );
else if ( rc == 0 )
puts( "The audit state is unchanged." );
else
puts( "Oops!" );
return 0;
}
????? ????, ??? ???????? ??????????? ?????? ?????? ? ?????? ?????????????. ???????? ???? ???????? ????? ??????-???? ?????. ?????? ??????? ??? ?? ??? ??????. ??? ?????? ????? ???????? ??? ?????? ? ?????(security information), ??????? SID ?????????, DACL , SACL ? ?????? ??????????. ???????? ??? ? ??????? ??????? GetNamedSecurityInfo()
DWORD WINAPI GetNamedSecurityInfo(
_In_ LPTSTR pObjectName, - ???? ?? ???????.
_In_ SE_OBJECT_TYPE ObjectType, - ??? ???????. ? ????? ?????? ?????? ????? ???? ?????, ??????? ?????????? ??? ??? ???????? DetermineObjectTypeFromPath
_In_ SECURITY_INFORMATION SecurityInfo, - ????? ???, ???????????? ????? ?????? ?????????? ??? ?????????? ????????
_Out_opt_ PSID *ppsidOwner, - SID ????????? ???????
_Out_opt_ PSID *ppsidGroup, - SID ?????? ???????
_Out_opt_ PACL *ppDacl, - ????????? ?? ????????? DACL
_Out_opt_ PACL *ppSacl, - ????????? ?? ????????? SACL
_Out_opt_ PSECURITY_DESCRIPTOR *ppSecurityDescriptor - ????????? ?? ??? ????????? security information, ?????????? ??? ??????? ??????.
);
????? ????, ??? ?? ???????? security information ? ???????, ????? ????????? ?????? SACL ???????, ??? ?? ? ???? ????????? ????? ACE. ?????????? ?? ? ??????? ??????? GetAclInformation()
BOOL WINAPI GetAclInformation(
_In_ PACL pAcl, - ????????? ?? ????????? SACL ?? GetNamedSecurityInfo
_Out_ LPVOID pAclInformation, - ?????, ???? ????? ???????? ??????????
_In_ DWORD nAclInformationLength, - ????? ??????
_In_ ACL_INFORMATION_CLASS dwAclInformationClass - ?????????? ??? ????????? ??????. ????? ????????? ????? 2 ????????, ? ???? ??????, AclSizeInformation
);
????? ?????????? ????? SACL ? ??????? ??????? InitializeAcl()
BOOL WINAPI InitializeAcl(
_Out_ PACL pAcl, - ????????? ?? ????????? ?????????
_In_ DWORD nAclLength, - ?????? ?????? ??? ????? ?????????
_In_ DWORD dwAclRevision - ??????? ???????
);
?????? ????????? ? ????????? ????????? SACL ??? ?????? ACE ?? ??????????? ????? ??????? SACL( ??????? GetAce() ) ? ??? ?? ????? ACE. ??????? ?????????? ACE: AddAce()
(??????? ????, ?????? ??? ??? ????? ??????)
BOOL WINAPI AddAce(
_Inout_ PACL pAcl, - ????????? ?? ????????? ?????????
_In_ DWORD dwAceRevision, - ??????? ???????
_In_ DWORD dwStartingAceIndex, - ??????? ? SACL ?? ??????? ???????? ????? ACE
_In_ LPVOID pAceList, - ????? ?????? - ????????? ?????? ACE
_In_ DWORD nAceListLength - ? ????? ????? ? ??????????? ACE
);
??????? ? ??? ????? ????? SACL ? ?? ????? ??? ???????? ? ????? security information! ????????? ???????? SetNamedSecurityInfo(). ??? ????????? ?????????? ??????? GetNamedSecurityInfo() ? ? ?? ????? ????? ?? ?????????.
? ??? ? ???? ??????? ?????????? ?????? ? ?????:
int CNTFS::AddACEToSACL(CString & I_objPath, CString & I_securityPrincipal, DWORD I_objPermission,
BOOL I_auditSuccess,
BOOL I_auditFailure)
{
int returnCode = ERROR_SUCCESS;
BOOL isUser = TRUE;
UCHAR BuffSid[256];
PSID pSID = (PSID)BuffSid;
PACL pOldSACL = NULL;
PACL pNewSACL = NULL;
PSECURITY_DESCRIPTOR pSD = NULL;
SECURITY_INFORMATION ACLSecInfo = SACL_SECURITY_INFORMATION;
ACL_SIZE_INFORMATION ACLInfo; SE_OBJECT_TYPE SEObjType = SE_UNKNOWN_OBJECT_TYPE;
memset(&ACLInfo, 0, sizeof(ACL_SIZE_INFORMATION));
if (I_objPath == "")
{
returnCode = ERROR_INVALID_PARAMETER;
}
if (I_securityPrincipal == "")
{
returnCode = ERROR_INVALID_PARAMETER;
}
if (I_objPermission == 0)
{
returnCode = ERROR_INVALID_PARAMETER;
}
if (returnCode == ERROR_SUCCESS)
{
returnCode = ResolveSID(I_securityPrincipal, pSID, isUser);
}
if (returnCode == ERROR_SUCCESS)
{
returnCode = AdjustToken();
}
if (returnCode == ERROR_SUCCESS)
{
SEObjType = DetermineObjectTypeFromPath(I_objPath); // ?????????? ??? ???????, ??????? ????? ?? ?????????? ????.
returnCode = GetNamedSecurityInfo( // ???????? ??? ?????? ? ?????
I_objPath.GetBuffer(_MAX_PATH), // object name
SEObjType, // object type
ACLSecInfo, // information type
NULL, // owner SID
NULL, // primary group SID
NULL, // DACL
&pOldSACL, // SACL
&pSD); // SD
}
// Get SACL size information
if ((returnCode == ERROR_SUCCESS) && (pOldSACL != NULL))
{
BOOL getACLResult = GetAclInformation(pOldSACL, //????????? ?? ????????? ?????????? ??????, ??????????? ??? SACL
&ACLInfo, sizeof(ACLInfo), AclSizeInformation); if (!getACLResult)
{
returnCode = GetLastError();
}
}
if (returnCode == ERROR_SUCCESS)
{
DWORD cb = 0;
DWORD cbExtra = 0;
if (ACLInfo.AclBytesInUse == 0)
{
cbExtra = sizeof(ACL) + sizeof(SYSTEM_AUDIT_ACE) - sizeof(DWORD) + GetLengthSid(pSID);
}
else
{
cbExtra = sizeof(SYSTEM_AUDIT_ACE) - sizeof(DWORD) + GetLengthSid(pSID); }
cb = ACLInfo.AclBytesInUse + cbExtra; //????????? ????? ACE ???????? ?????? ?????????? ACE ? SACL ???? ??? ????? ??????. pNewSACL = static_cast<PACL>(HeapAlloc(GetProcessHeap(),0,cb)); BOOL initACLResult = InitializeAcl(pNewSACL, cb, ACL_REVISION); // ?????????????? ????? ????????? ACL, ? ?????? ?????? ??? SACL
if (!initACLResult)
{
returnCode = GetLastError();
}
}
if (returnCode == ERROR_SUCCESS)
{
for (DWORD i = 0; i < ACLInfo.AceCount; ++i) { ACE_HEADER * pACE = 0; GetAce(pOldSACL, i, reinterpret_cast<void**>(&pACE)); pACE->AceFlags = CONTAINER_INHERIT_ACE | OBJECT_INHERIT_ACE;
pACE->AceType = SYSTEM_AUDIT_ACE_TYPE;
AddAce(pNewSACL, ACL_REVISION, MAXDWORD, pACE, pACE->AceSize); // ????????? ??? ??? ???????????? ACE ? ????????????????????? ????? ????????? ACL
} BOOL addACEResult = AddAuditAccessAceEx(pNewSACL, ACL_REVISION, CONTAINER_INHERIT_ACE | OBJECT_INHERIT_ACE,
I_objPermission, pSID,
I_auditSuccess,
I_auditFailure); // ????????? ????? ACE, ? ??????????? ????????? ? ????????? I_objPermission (??? ???? ?? ?????????? ???????, ?????? ????? ?? ????? ???????? ????????) ? ????? ????????? ACL.
if (!addACEResult)
{
returnCode = GetLastError();
}
}
if (returnCode == ERROR_SUCCESS)
{ DWORD setSIResult = SetNamedSecurityInfo( // ?????????? ??? ?????? ??? ?????????????? SACL ? ?????? ???????????? ????? ?????? ???????.
I_objPath.GetBuffer(_MAX_PATH), // object name
SEObjType, // object type
ACLSecInfo, // type
NULL, // new owner SID
NULL, // new primary group SID
NULL, // new DACL
pNewSACL); // new SACL
if (!setSIResult)
{
returnCode = setSIResult;
}
}
if (pSD != NULL)
{
LocalFree(pSD);
}
if (pNewSACL != NULL)
{
HeapFree(GetProcessHeap(),0, pNewSACL);
}
return returnCode;
}
?????? ?????? ??????? ?????????: DWORD accessMask = FILE_ALL_ACCESS | FILE_GENERIC_READ | FILE_GENERIC_WRITE | FILE_GENERIC_EXECUTE | DELETE;
CString user = "1";
CString path = "D:\\Lab_1.docx";
int status = AddACEToSACL(path,
user,
accessMask,
TRUE,
TRUE);
????? ????? ? ????? D:\\Lab_1.docx ???????? ?????, ? ????? ???????? ? ??? ????? ???????????? ? ??????? ???????????? windows. ? ???????, ???????? ????? ??? ?????? ????????? ???????: 6. ?????? ??????? ???????????? windows.
?????????, ?? ??? ??? ???????? ?????????? ???????? - ?????????????? ?????? ??????? windows ??? ????????? ?????????? ? ?????????? ?????. ? ?????????, ?????????? ???? ???? winAPI ??????? ??? ?????? ?????? ?? ??????? ????????????: ReadEventLog()
BOOL ReadEventLog(
_In_ HANDLE hEventLog, - ?????, ????? ?? ???????? ??????
_In_ DWORD dwReadFlags, - ???????? ?????? - ????????/? ??????/? ?????
_In_ DWORD dwRecordOffset, - ???????? ??? ??????
_Out_ LPVOID lpBuffer, - ?????, ???? ????? ???????????? ??????.
_In_ DWORD nNumberOfBytesToRead, ?????? ??????
_Out_ DWORD *pnBytesRead, - ?????????? ???????? ????
_Out_ DWORD *pnMinNumberOfBytesNeeded - ??????????? ?????????? ??????????? ????
);
??? ??????? ?????????? ????????? EVENTLOGRECORD , ?????????? ????????? ????:
typedef struct _EVENTLOGRECORD {
DWORD Length;
DWORD Reserved;
DWORD RecordNumber;
DWORD TimeGenerated;
DWORD TimeWritten;
DWORD EventID;
WORD EventType;
WORD NumStrings;
WORD EventCategory;
WORD ReservedFlags;
DWORD ClosingRecordNumber;
DWORD StringOffset;
DWORD UserSidLength;
DWORD UserSidOffset;
DWORD DataLength;
DWORD DataOffset;
}
??? ?????, ????? ??? ???? ???? ? ?????? ??????? ? ???????? ??????????? ????????. ??????? ? ???? ?? ?????????? ????????????? ?????? ??????? ?? ??????? ??????? ?????? ? ?????? ??????. ????????, ??? ????? ??????? ?????-?? ??????? ????? ???????? ???????, ?? ? ?? ?????????? ? ????. ?? ???????? ??????? ?????????, ??????????? ??? ?????? ?? ??????? ???????????? windows, ??????? Security:
#include "stdafx.h"
#include <Windows.h>
#define BUFFER_SIZE 16384
void ReadAnyLog();
int _tmain(int argc, _TCHAR* argv[])
{
ReadAnyLog();
char LogName[15];
scanf("%s", LogName);
return 0;
}
void ReadAnyLog()
{
HANDLE h;
EVENTLOGRECORD *pevlr;
BYTE bBuffer[BUFFER_SIZE];
DWORD dwRead, dwNeeded, cRecords, dwThisRecord;
h = OpenEventLog( NULL, (LPCWSTR)"Security"); if (h == NULL)
printf("\n Could not open the Application event log\n");
pevlr = (EVENTLOGRECORD *) &bBuffer;
GetOldestEventLogRecord(h, &dwThisRecord);
while (ReadEventLog(h, // event log handle
EVENTLOG_FORWARDS_READ | // reads forward
EVENTLOG_SEQUENTIAL_READ, // sequential read
0, // ignored for sequential read pevlr, // pointer to buffer BUFFER_SIZE, // size of buffer
&dwRead, // number of bytes read &dwNeeded)) // bytes in next record {
while (dwRead > 0) { printf("%02d Event ID: 0x%08X ", dwThisRecord++, pevlr->EventID); printf("EventType: %d Source: %s\n",
pevlr->EventType, (LPSTR) ((LPBYTE) pevlr +
sizeof(EVENTLOGRECORD)));
dwRead -= pevlr->Length;
pevlr = (EVENTLOGRECORD *)((LPBYTE) pevlr + pevlr->Length);
}
pevlr = (EVENTLOGRECORD *) &bBuffer;
}
CloseEventLog(h); }
7. ??????
� ? ???? ?????? ? ???????? ????? ?????? ? ????????? ??????????. ? ????????, ??? ??? MSDN ? ?????? ??????: ?????????? ???? - ?????: "3.?????????? ?????????? Windows . ????????? ????? ????? ??????????? ??? ? ?????? ? ?????, ??? ? ??? ???????????? ? ????? windows. ???????? ???????? ? security information ???????? ? ????? ?? ?????????. ????? ???????????? ? ???????? ???????????? windows ? ??? ???????????????. ?? ??? ?????? ?????? ???? ????? ??????????, ???? ? ????? ????????.
?????????:
http://www.rulit.net/books/3-vnutrennee-ustrojstvo-windows-gl-8-11-read-17203-7.html
http://www.sepago.de/d/helge/2009/03/12/permissions-a-primer-or-dacl-sacl-owner-sid-and-ace-explained
http://www.codeproject.com/Articles/10042/The-Windows-Access-Control-Model-Part-1
http://www.osp.ru/win2000/2001/05/174875/
http://support.microsoft.com/kb/310399/ru
http://technet.microsoft.com/ru-ru/library/cc738931%28v=ws.10%29.aspx
http://stavkombez.ru/method/PASOIB/html/content/lab_9.html
http://stackoverflow.com/questions/1083372/listening-to-file-changes-in-c-c-on-windows
http://msdn.microsoft.com/en-us/library/aa365261%28VS.85%29.aspx
http://www.softpedia.com/get/System/System-Miscellaneous/File-Audit.shtml
http://msdn.microsoft.com/en-us/library/aa364417%28VS.85%29.aspx
http://msdn.microsoft.com/en-us/library/aa365465%28v=vs.85%29.aspx
http://msdn.microsoft.com/ru-ru/library/windows/desktop/aa363646%28v=vs.85%29.aspx
http://msdn.microsoft.com/ru-ru/library/windows/desktop/aa363674%28v=vs.85%29.aspx
http://msdn.microsoft.com/ru-ru/library/windows/desktop/aa379579%28v=vs.85%29.aspx
http://msdn.microsoft.com/ru-ru/library/windows/desktop/aa446635%28v=vs.85%29.aspx
http://msdn.microsoft.com/ru-ru/library/windows/desktop/aa446645%28v=vs.85%29.aspx
http://msdn.microsoft.com/ru-ru/library/windows/desktop/aa378853%28v=vs.85%29.aspx
.... ? ??? ????????? ?????? ?? msdn.
?????-????????????? ??????????????? ??????????????? ???????????
????????? ??????????? ???????????
??????? ???????????? ??????? ? ??????????? ??????????
?????-?????????
2012?
Документ
Категория
Без категории
Просмотров
38
Размер файла
275 Кб
Теги
отчет
1/--страниц
Пожаловаться на содержимое документа