Installer: Grant access to system and services (fix #391)
This commit is contained in:
parent
560c5a7b45
commit
2df3a74958
@ -1,5 +1,5 @@
|
|||||||
{
|
{
|
||||||
Copyright 2017 Stas'M Corp.
|
Copyright 2018 Stas'M Corp.
|
||||||
|
|
||||||
Licensed under the Apache License, Version 2.0 (the "License");
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
you may not use this file except in compliance with the License.
|
you may not use this file except in compliance with the License.
|
||||||
@ -26,7 +26,9 @@ uses
|
|||||||
Classes,
|
Classes,
|
||||||
WinSvc,
|
WinSvc,
|
||||||
Registry,
|
Registry,
|
||||||
WinInet;
|
WinInet,
|
||||||
|
AccCtrl,
|
||||||
|
AclAPI;
|
||||||
|
|
||||||
function EnumServicesStatusEx(
|
function EnumServicesStatusEx(
|
||||||
hSCManager: SC_HANDLE;
|
hSCManager: SC_HANDLE;
|
||||||
@ -41,6 +43,11 @@ function EnumServicesStatusEx(
|
|||||||
pszGroupName: PWideChar): BOOL; stdcall;
|
pszGroupName: PWideChar): BOOL; stdcall;
|
||||||
external advapi32 name 'EnumServicesStatusExW';
|
external advapi32 name 'EnumServicesStatusExW';
|
||||||
|
|
||||||
|
function ConvertStringSidToSid(
|
||||||
|
StringSid: PWideChar;
|
||||||
|
var Sid: PSID): BOOL; stdcall;
|
||||||
|
external advapi32 name 'ConvertStringSidToSidW';
|
||||||
|
|
||||||
type
|
type
|
||||||
FILE_VERSION = record
|
FILE_VERSION = record
|
||||||
Version: record case Boolean of
|
Version: record case Boolean of
|
||||||
@ -639,14 +646,57 @@ begin
|
|||||||
Result := True;
|
Result := True;
|
||||||
end;
|
end;
|
||||||
|
|
||||||
|
procedure GrantSidFullAccess(Path, SID: String);
|
||||||
|
var
|
||||||
|
p_SID: PSID;
|
||||||
|
pDACL: PACL;
|
||||||
|
EA: EXPLICIT_ACCESS;
|
||||||
|
Code, Result: DWORD;
|
||||||
|
begin
|
||||||
|
p_SID := nil;
|
||||||
|
if not ConvertStringSidToSid(PChar(SID), p_SID) then
|
||||||
|
begin
|
||||||
|
Code := GetLastError;
|
||||||
|
Writeln('[-] ConvertStringSidToSid error (code ', Code, ').');
|
||||||
|
Exit;
|
||||||
|
end;
|
||||||
|
EA.grfAccessPermissions := GENERIC_ALL;
|
||||||
|
EA.grfAccessMode := GRANT_ACCESS;
|
||||||
|
EA.grfInheritance := SUB_CONTAINERS_AND_OBJECTS_INHERIT;
|
||||||
|
EA.Trustee.pMultipleTrustee := nil;
|
||||||
|
EA.Trustee.MultipleTrusteeOperation := NO_MULTIPLE_TRUSTEE;
|
||||||
|
EA.Trustee.TrusteeForm := TRUSTEE_IS_SID;
|
||||||
|
EA.Trustee.TrusteeType := TRUSTEE_IS_WELL_KNOWN_GROUP;
|
||||||
|
EA.Trustee.ptstrName := p_SID;
|
||||||
|
|
||||||
|
Result := SetEntriesInAcl(1, @EA, nil, pDACL);
|
||||||
|
if Result = ERROR_SUCCESS then
|
||||||
|
begin
|
||||||
|
if SetNamedSecurityInfo(pchar(Path), SE_FILE_OBJECT, DACL_SECURITY_INFORMATION, nil, nil, pDACL, nil) <> ERROR_SUCCESS then
|
||||||
|
begin
|
||||||
|
Code := GetLastError;
|
||||||
|
Writeln('[-] SetNamedSecurityInfo error (code ', Code, ').');
|
||||||
|
end;
|
||||||
|
LocalFree(Cardinal(pDACL));
|
||||||
|
end
|
||||||
|
else begin
|
||||||
|
Code := GetLastError;
|
||||||
|
Writeln('[-] SetEntriesInAcl error (code ', Code, ').');
|
||||||
|
end;
|
||||||
|
end;
|
||||||
|
|
||||||
procedure ExtractFiles;
|
procedure ExtractFiles;
|
||||||
var
|
var
|
||||||
RDPClipRes, RfxvmtRes, S: String;
|
RDPClipRes, RfxvmtRes, S: String;
|
||||||
OnlineINI: TStringList;
|
OnlineINI: TStringList;
|
||||||
begin
|
begin
|
||||||
if not DirectoryExists(ExtractFilePath(ExpandPath(WrapPath))) then
|
if not DirectoryExists(ExtractFilePath(ExpandPath(WrapPath))) then
|
||||||
if ForceDirectories(ExtractFilePath(ExpandPath(WrapPath))) then
|
if ForceDirectories(ExtractFilePath(ExpandPath(WrapPath))) then begin
|
||||||
Writeln('[+] Folder created: ', ExtractFilePath(ExpandPath(WrapPath)))
|
S := ExtractFilePath(ExpandPath(WrapPath));
|
||||||
|
Writeln('[+] Folder created: ', S);
|
||||||
|
GrantSidFullAccess(S, 'S-1-5-18'); // Local System account
|
||||||
|
GrantSidFullAccess(S, 'S-1-5-6'); // Service group
|
||||||
|
end
|
||||||
else begin
|
else begin
|
||||||
Writeln('[-] ForceDirectories error.');
|
Writeln('[-] ForceDirectories error.');
|
||||||
Writeln('[*] Path: ', ExtractFilePath(ExpandPath(WrapPath)));
|
Writeln('[*] Path: ', ExtractFilePath(ExpandPath(WrapPath)));
|
||||||
@ -1080,8 +1130,8 @@ var
|
|||||||
I: Integer;
|
I: Integer;
|
||||||
begin
|
begin
|
||||||
Writeln('RDP Wrapper Library v1.6.2');
|
Writeln('RDP Wrapper Library v1.6.2');
|
||||||
Writeln('Installer v2.5');
|
Writeln('Installer v2.6');
|
||||||
Writeln('Copyright (C) Stas''M Corp. 2017');
|
Writeln('Copyright (C) Stas''M Corp. 2018');
|
||||||
Writeln('');
|
Writeln('');
|
||||||
|
|
||||||
if (ParamCount < 1)
|
if (ParamCount < 1)
|
||||||
|
Binary file not shown.
Loading…
Reference in New Issue
Block a user