1 files changed, 295 insertions, 0 deletions
diff --git a/sspap3registrypermissions/sspap3registrypermissions.cpp b/sspap3registrypermissions/sspap3registrypermissions.cpp
new file mode 100755
index 0000000..5c7d239
--- /dev/null
+++ b/sspap3registrypermissions/sspap3registrypermissions.cpp
@@ -0,0 +1,295 @@
+// sspap3registrypermissions.cpp : Defines the entry point for the console application.
+//
+
+#include "stdafx.h"
+#include <windows.h>
+#include <stdio.h>
+#include <aclapi.h>
+
+#define RTN_OK 0
+#define RTN_ERROR 13
+
+void
+DisplayWinError(
+    LPSTR szAPI,    // pointer to Ansi function name
+    DWORD dwError   // DWORD WinError
+    );
+
+
+int _tmain(int argc, _TCHAR* argv[])
+{
+	SID_IDENTIFIER_AUTHORITY sia = SECURITY_NT_AUTHORITY;
+	PSID pRestrictedSid = NULL;
+	PSID pSystemSid = NULL;
+	PSID pAdministratorsSid = NULL;
+	PSID pEveryoneSid = NULL;
+	SECURITY_DESCRIPTOR sd;
+	PACL pDacl = NULL;
+	DWORD dwAclSize;
+	DWORD sidSize;
+	HKEY hKey;
+	LONG lRetCode;
+	BOOL bSuccess = FALSE; // assume this function fails
+
+    //
+    // open the performance key for WRITE_DAC access
+    //
+    lRetCode = RegOpenKeyEx(
+        HKEY_CURRENT_USER,
+        TEXT(""),
+        0,
+        WRITE_DAC,
+        &hKey
+        );
+
+    if(lRetCode != ERROR_SUCCESS) {
+        DisplayWinError("RegOpenKeyEx", lRetCode);
+        return RTN_ERROR;
+    }
+
+    //
+    // prepare a Sid representing the Restricted user
+    //
+    if(!AllocateAndInitializeSid(
+        &sia,
+        1,
+        SECURITY_RESTRICTED_CODE_RID,
+        0, 0, 0, 0, 0, 0, 0,
+        &pRestrictedSid
+        )) {
+        DisplayWinError("AllocateAndInitializeSid SECURITY_RESTRICTED_CODE_RID", GetLastError());
+        goto cleanup;
+    }
+
+	//
+    // prepare a Sid representing the System user
+    //
+    if(!AllocateAndInitializeSid(
+        &sia,
+        1,
+        SECURITY_LOCAL_SYSTEM_RID,
+        0, 0, 0, 0, 0, 0, 0,
+        &pSystemSid
+        )) {
+        DisplayWinError("AllocateAndInitializeSid SECURITY_LOCAL_SYSTEM_RID", GetLastError());
+        goto cleanup;
+    }
+
+    //
+    // prepare a Sid representing any administrator
+    //
+	pAdministratorsSid = (PSID)HeapAlloc(GetProcessHeap(), 0, SECURITY_MAX_SID_SIZE);
+    if(pAdministratorsSid == NULL) goto cleanup;
+    if(!CreateWellKnownSid(
+        WinBuiltinAdministratorsSid,
+		NULL,
+        pAdministratorsSid,
+		&sidSize
+        )) {
+        DisplayWinError("CreateWellKnownSid WinBuiltinAdministratorsSid", GetLastError());
+        goto cleanup;
+    }
+
+    //
+    // prepare a Sid representing any user
+    //
+	pEveryoneSid = (PSID)HeapAlloc(GetProcessHeap(), 0, SECURITY_MAX_SID_SIZE);
+    if(pEveryoneSid == NULL) goto cleanup;
+    if(!CreateWellKnownSid(
+        WinWorldSid,
+		NULL,
+        pEveryoneSid,
+		&sidSize
+        )) {
+        DisplayWinError("CreateWellKnownSid WinWorldSid", GetLastError());
+        goto cleanup;
+    }
+
+    //
+    // compute size of new acl
+    //
+    dwAclSize = sizeof(ACL) +
+        4 * ( sizeof(ACCESS_ALLOWED_ACE) - sizeof(DWORD) ) +
+		GetLengthSid(pRestrictedSid) +
+		GetLengthSid(pSystemSid) +
+        GetLengthSid(pAdministratorsSid) +
+        GetLengthSid(pEveryoneSid) ;
+
+    //
+    // allocate storage for Acl
+    //
+    pDacl = (PACL)HeapAlloc(GetProcessHeap(), 0, dwAclSize);
+    if(pDacl == NULL) goto cleanup;
+
+    if(!InitializeAcl(pDacl, dwAclSize, ACL_REVISION)) {
+        DisplayWinError("InitializeAcl", GetLastError());
+        goto cleanup;
+    }
+
+    //
+    // grant the Restricted Sid KEY_READ access to the perf key
+    //
+    if(!AddAccessAllowedAceEx(
+        pDacl,
+        ACL_REVISION,
+        CONTAINER_INHERIT_ACE | OBJECT_INHERIT_ACE,
+		KEY_READ,
+        pRestrictedSid
+        )) {
+        DisplayWinError("AddAccessAllowedAce", GetLastError());
+        goto cleanup;
+    }
+
+    //
+    // grant the System Sid KEY_ALL_ACCESS access to the perf key
+    //
+    if(!AddAccessAllowedAceEx(
+        pDacl,
+        ACL_REVISION,
+        CONTAINER_INHERIT_ACE | OBJECT_INHERIT_ACE,
+		KEY_ALL_ACCESS,
+        pSystemSid
+        )) {
+        DisplayWinError("AddAccessAllowedAce", GetLastError());
+        goto cleanup;
+    }
+
+    //
+    // grant the Administrators Sid KEY_ALL_ACCESS access to the perf key
+    //
+    if(!AddAccessAllowedAceEx(
+        pDacl,
+        ACL_REVISION,
+        CONTAINER_INHERIT_ACE | OBJECT_INHERIT_ACE,
+		KEY_ALL_ACCESS,
+        pAdministratorsSid
+        )) {
+        DisplayWinError("AddAccessAllowedAce", GetLastError());
+        goto cleanup;
+    }
+
+    //
+    // grant the Everyone Sid KEY_ALL_ACCESS access to the perf key
+    //
+    if(!AddAccessAllowedAceEx(
+        pDacl,
+        ACL_REVISION,
+        CONTAINER_INHERIT_ACE | OBJECT_INHERIT_ACE,
+		KEY_ALL_ACCESS,
+        pEveryoneSid
+        )) {
+        DisplayWinError("AddAccessAllowedAce", GetLastError());
+        goto cleanup;
+    }
+
+    if(!InitializeSecurityDescriptor(&sd, SECURITY_DESCRIPTOR_REVISION)) {
+        DisplayWinError("InitializeSecurityDescriptor", GetLastError());
+        goto cleanup;
+    }
+
+/*    if(!SetSecurityDescriptorDacl(&sd, TRUE, pDacl, FALSE)) {
+        DisplayWinError("SetSecurityDescriptorDacl", GetLastError());
+        goto cleanup;
+    }*/
+
+	//
+	// Unlike SetSecurityDescriptorDacl, SetNamedSecurityInfo propogates inheritance to subkeys
+	// See http://comments.gmane.org/gmane.comp.python.windows/10609
+	//
+	if(!SetNamedSecurityInfo(L"CURRENT_USER", SE_REGISTRY_KEY, DACL_SECURITY_INFORMATION, NULL, NULL, pDacl, NULL)) {
+		DisplayWinError("SetNamedSecurityInfo", GetLastError());
+		goto cleanup;
+	}
+
+    //
+    // apply the security descriptor to the registry key
+    //
+    lRetCode = RegSetKeySecurity(
+        hKey,
+        (SECURITY_INFORMATION)DACL_SECURITY_INFORMATION,
+        &sd
+        );
+
+    if(lRetCode != ERROR_SUCCESS) {
+        DisplayWinError("RegSetKeySecurity", lRetCode);
+        goto cleanup;
+    }
+
+    bSuccess = TRUE; // indicate success
+
+cleanup:
+
+    RegCloseKey(hKey);
+    RegCloseKey(HKEY_LOCAL_MACHINE);
+
+    //
+    // free allocated resources
+    //
+    if(pDacl != NULL)
+        HeapFree(GetProcessHeap(), 0, pDacl);
+
+    if(pRestrictedSid != NULL)
+        FreeSid(pRestrictedSid);
+
+    if(pSystemSid != NULL)
+        FreeSid(pSystemSid);
+
+    if(pAdministratorsSid != NULL)
+        FreeSid(pAdministratorsSid);
+
+    if(pEveryoneSid != NULL)
+        FreeSid(pEveryoneSid);
+
+    if(bSuccess) {
+        printf("SUCCESS updating user hive security\n");
+        return RTN_OK;
+    } else {
+        printf("ERROR updating user hive security\n");
+        return RTN_ERROR;
+    }
+}
+
+void
+DisplayWinError(
+    LPSTR szAPI,    // pointer to Ansi function name
+    DWORD dwError   // DWORD WinError
+    )
+{
+    LPSTR MessageBuffer;
+    DWORD dwBufferLength;
+
+    //
+    // TODO get this fprintf out of here!
+    //
+    fprintf(stderr,"%s error!\n", szAPI);
+
+    if(dwBufferLength=FormatMessageA(
+            FORMAT_MESSAGE_ALLOCATE_BUFFER |
+            FORMAT_MESSAGE_FROM_SYSTEM,
+            NULL,
+            dwError,
+            MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT),
+            (LPSTR) &MessageBuffer,
+            0,
+            NULL
+            ))
+    {
+        DWORD dwBytesWritten; // unused
+
+        //
+        // Output message string on stderr
+        //
+        WriteFile(
+                GetStdHandle(STD_ERROR_HANDLE),
+                MessageBuffer,
+                dwBufferLength,
+                &dwBytesWritten,
+                NULL
+                );
+
+        //
+        // free the buffer allocated by the system
+        //
+        LocalFree(MessageBuffer);
+    }
+}