C++处理系统相关权限问题

 1、给某个文件或文件夹赋予特定用户的特定访问权限

/* 给文件（夹）szPath设置用户名为pszAccount的可读可写可修改权限 */
bool GiveTheAccountPrivToFile(const TCHAR szPath[], const TCHAR pszAccount[])
{
    PACL pDaclOld = NULL;
    // 获取文件安全对象的DACL列表
    if (ERROR_SUCCESS != GetNamedSecurityInfo (szPath, SE_FILE_OBJECT, DACL_SECURITY_INFORMATION, NULL, NULL, &pDaclOld, NULL, NULL))
    {
        std::cout << "GetNamedSecurityInfo fail. LastError: " << GetLastError() << endl; 
        return false;
    }

    EXPLICIT_ACCESS ea = { 0 };

    // 生成指定用户帐户的访问控制信息(这里指定赋予修改、读取和执行、读取、写入权限)
    ::BuildExplicitAccessWithName (&ea, (LPTSTR)pszAccount, GENERIC_READ | GENERIC_WRITE | GENERIC_EXECUTE, GRANT_ACCESS, SUB_CONTAINERS_AND_OBJECTS_INHERIT);

    // 生成指定用户帐户的访问控制信息(这里指定赋予所有权限)
    // ::BuildExplicitAccessWithName (&ea, (LPTSTR)pszAccount, GENERIC_ALL, GRANT_ACCESS, SUB_CONTAINERS_AND_OBJECTS_INHERIT);

    BOOL bSuccess = TRUE;
    PACL pDaclNew = NULL;
    do
    {
        // 创建新的ACL对象(合并已有的ACL对象和刚生成的用户帐户访问控制信息)
        if (ERROR_SUCCESS != ::SetEntriesInAcl(1, &ea, pDaclOld, &pDaclNew))
        {
            std::cout << "SetEntriesInAcl fail. LastError: " << GetLastError() << endl; 
            bSuccess = FALSE;
            break;
        }

        // 设置文件安全对象的DACL列表
        if (ERROR_SUCCESS != ::SetNamedSecurityInfo ((LPTSTR)szPath, SE_FILE_OBJECT, DACL_SECURITY_INFORMATION, NULL, NULL, pDaclNew, NULL))
        {
            std::cout << "SetNamedSecurityInfo fail. LastError: " << GetLastError() << endl;
            bSuccess = FALSE;
        }
    }while(FALSE);

    if (NULL != pDaclNew)
    {
        ::LocalFree(pDaclNew);
    }

    return bSuccess;
}

2、提升进程权限

#include <windows.h>
#include <stdio.h>
#pragma comment(lib, "cmcfg32.lib")

BOOL SetPrivilege(
    HANDLE hToken,         // access token handle
    LPCTSTR lpszPrivilege, // name of privilege to enable/disable
    BOOL bEnablePrivilege  // to enable or disable privilege
)
{
    TOKEN_PRIVILEGES tp;
    LUID luid;

    if (FALSE == LookupPrivilegeValue(
                     NULL,          // lookup privilege on local system
                     lpszPrivilege, // privilege to lookup
                     &luid))        // receives LUID of privilege
    {
        printf("LookupPrivilegeValue fail. gle: 0x%08x\n", GetLastError());
        return FALSE;
    }

    tp.PrivilegeCount = 1;
    tp.Privileges[0].Luid = luid;
    if (bEnablePrivilege)
        tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
    else
        tp.Privileges[0].Attributes = 0;

    // Enable the privilege or disable all privileges.

    if (FALSE == AdjustTokenPrivileges(
                     hToken,
                     FALSE,
                     &tp,
                     sizeof(TOKEN_PRIVILEGES),
                     NULL,
                     NULL))
    {
        printf("AdjustTokenPrivileges fail. gle: 0x%08x\n", GetLastError());
        return FALSE;
    }

    if (GetLastError() == ERROR_NOT_ALL_ASSIGNED)
    {
        printf("The token does not have the specified privilege. \n");
        return FALSE;
    }

    return TRUE;
}