Not able to add Audit policy (ACE) for object access (Folder) in windows using c++ -


i writing c++ program add ace object access audit sasl. though functions return success, when go , check properties of folder manually, not see policy has been set.

below code. have modified sample code given in msdn site @ below link add sasl instead of dacl .

https://msdn.microsoft.com/en-us/library/windows/desktop/aa379283(v=vs.85).aspx

bool setprivilege(     handle htoken,          // access token handle     lpctstr lpszprivilege,  // name of privilege enable/disable     bool benableprivilege   // enable or disable privilege ) { token_privileges tp; luid luid;  if (!lookupprivilegevalue(     null,            // lookup privilege on local system     lpszprivilege,   // privilege lookup      &luid))        // receives luid of privilege {     printf("lookupprivilegevalue error: %u\n", getlasterror());     return false; }  tp.privilegecount = 1; tp.privileges[0].luid = luid; if (benableprivilege)     tp.privileges[0].attributes = se_privilege_enabled; else     tp.privileges[0].attributes = 0;  // enable privilege or disable privileges.  if (!adjusttokenprivileges(     htoken,     false,     &tp,     sizeof(token_privileges),     (ptoken_privileges)null,     (pdword)null)) {     printf("adjusttokenprivileges error: %u\n", getlasterror());     return false; }  if (getlasterror() == error_not_all_assigned)  {     printf("the token not have specified privilege. \n");     return false; }  return true; }   dword addacetoobjectssecuritydescriptor( lptstr pszobjname,          // name of object se_object_type objecttype,  // type of object lptstr psztrustee          // trustee new ace ) { dword dwres = 0; pacl poldsacl = null, pnewsacl = null; psecurity_descriptor psd = null; explicit_access ea; handle htoken;  if (null == pszobjname)     return error_invalid_parameter;  // open handle access token calling process. if (!openprocesstoken(getcurrentprocess(),     token_adjust_privileges,     &htoken)) {     printf("openprocesstoken failed: %u\n", getlasterror());     goto cleanup; }  // enable se_security_name privilege. if (!setprivilege(htoken, se_security_name, true)) {     printf("you must logged on administrator.\n");     goto cleanup; }  // pointer existing sacl.  dwres = getnamedsecurityinfo(pszobjname, objecttype,     sacl_security_information,     null, null, null, &poldsacl, &psd); if (error_success != dwres) {     printf("getnamedsecurityinfo error %u\n", dwres);     goto cleanup; }  // initialize explicit_access structure new ace.   zeromemory(&ea, sizeof(explicit_access)); //ea.grfaccesspermissions = dwaccessrights; ea.grfaccesspermissions = generic_all; //ea.grfaccessmode = accessmode; ea.grfaccessmode = set_audit_success; //ea.grfinheritance = dwinheritance; ea.grfinheritance = inherit_only; //ea.trustee.trusteeform = trusteeform; ea.trustee.trusteeform = trustee_is_name; ea.trustee.ptstrname = psztrustee; ea.trustee.trusteetype = trustee_is_user;  // create new acl merges new ace // existing sacl.  dwres = setentriesinacl(1, &ea, poldsacl, &pnewsacl); if (error_success != dwres)  {     printf("setentriesinacl error %u\n", dwres);     goto cleanup; }  // attach new acl object's sacl.  dwres = setnamedsecurityinfo(pszobjname, objecttype,     sacl_security_information,     null, null, null, pnewsacl); if (error_success != dwres)  {     printf("setnamedsecurityinfo error %u\n", dwres);     goto cleanup; }  // disable se_security_name privilege. if (!setprivilege(htoken, se_security_name, false)) {     printf("you must logged on administrator.\n");     goto cleanup; }  cleanup:  if (psd != null)     localfree((hlocal)psd); if (pnewsacl != null)     localfree((hlocal)pnewsacl);  return dwres; }  int _tmain(int argc, _tchar* argv[]) { lptstr objstrname = l"c:\\path\\to\\folder\\test_folder"; lptstr trusteename = l"username"; // have mentioned username here addacetoobjectssecuritydescriptor(objstrname, se_file_object, trusteename); return 0; }

though functions return success, not able see new audit policy getting set. might setting parameters wrong, case expect functions fail. please resolve issue.

i believe problem setting wrong inheritance flags.

inherit_only means ace should not apply object, inherited child objects.

however, have not set either container_inherit_ace or object_inherit_ace. ace not apply child objects.

since ace applies neither parent nor children, has no effect, windows discards it.


Comments

Post a Comment

Popular posts from this blog

html - Outlook 2010 Anchor (url/address/link) -

i'm trying link specific pdf page msoutlook'10 or msword'10, #page=... anchor particularly useful , works fine elsewhere. unfortunately when click [ctr-k] in outlook or winword, links re-formatted assuming unc path. pdf file located on shared drive. using "file:" prefix links open pdf in adobe reader (outside of browser), , "http:" open inside browser. issue seem need open in browser "file:" prefix in order anchor work. know anchors work inside browser. outlook uses windows/explorer default program (based on file extension) seems open in adobe reader neglecting anchor. is aware of solution, link specific page or bookmark of shared-pdf ms outlook and/or winword link? common references: mailermailer.com/...anchor-tags-html-emails campaignmonitor.com/...anchor-links-in-email-newsletters/ stackoverflow.com/...anchor-in-pdf-document
Read more

javascript - Why does running this loop 9 times take 100x longer than running it 8 times? -

consider code: test = function() { } t = new test(); (var = 0; < 8; i++) { result = t instanceof test; } if change number of iterations 8 9 , loop take 100 times longer complete in latest version of firefox (41.0.1). tested on 2 different pcs , magic limit 8. here jsperf test used: http://jsperf.com/instanceof-8-times-vs-9-times does have idea why might happen? seems specific instanceof . not happen if else object, example check property. note: filed bugzilla bug this. jan de mooij mozilla team has posted details in bugzilla thread . here's simplistic interpretation of highly technical answers: in i < 8 case, firefox smart enough hoist result = t instanceof test; statement out of loop (according tests, doesn't seem omit altogether). in i < 9 case, apparently doesn't optimization . why? reason not clear, related fact 9 iterations threshold above function considered "hot" enough run through jit compiler. i < 8 cas...
Read more

Getting gateway time-out Rails app with Nginx + Puma running on Digital Ocean -

following this guide setup app on digital ocean droplet, not working. site not loading , it's throwing: "gateway time-out". the puma server works, since ps aux | grep puma prints: root 15878 0.0 0.4 376832 2168 ? sl 12:50 0:00 puma 2.13.4 (unix:///var/www/myapp/shared/tmp/sockets/myapp-puma.sock) [20150930164940] root 15881 0.0 0.7 903676 3692 ? sl 12:50 0:06 puma: cluster worker 0: 15878 [20150930164940] root 24654 0.0 0.1 11748 916 pts/2 s+ 18:00 0:00 grep --color=auto puma my nginx config: user root; worker_processes 1; events { worker_connections 1024; } http { upstream puma { server unix:///var/www/myapp/shared/tmp/sockets/myapp-puma.sock; } server { listen 80; server_name myapp.com; root /var/www/myapp/current/public; access_log /var/www/myapp/current/log/access.log; error_log /...
Read more