Installer: Grant access to system and services (fix #391)

This commit is contained in:
Stas'M 2018-05-16 17:14:17 +03:00
parent 560c5a7b45
commit 2df3a74958
2 changed files with 56 additions and 6 deletions

View File

@ -1,5 +1,5 @@
{ {
Copyright 2017 Stas'M Corp. Copyright 2018 Stas'M Corp.
Licensed under the Apache License, Version 2.0 (the "License"); Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License. you may not use this file except in compliance with the License.
@ -26,7 +26,9 @@ uses
Classes, Classes,
WinSvc, WinSvc,
Registry, Registry,
WinInet; WinInet,
AccCtrl,
AclAPI;
function EnumServicesStatusEx( function EnumServicesStatusEx(
hSCManager: SC_HANDLE; hSCManager: SC_HANDLE;
@ -41,6 +43,11 @@ function EnumServicesStatusEx(
pszGroupName: PWideChar): BOOL; stdcall; pszGroupName: PWideChar): BOOL; stdcall;
external advapi32 name 'EnumServicesStatusExW'; external advapi32 name 'EnumServicesStatusExW';
function ConvertStringSidToSid(
StringSid: PWideChar;
var Sid: PSID): BOOL; stdcall;
external advapi32 name 'ConvertStringSidToSidW';
type type
FILE_VERSION = record FILE_VERSION = record
Version: record case Boolean of Version: record case Boolean of
@ -639,14 +646,57 @@ begin
Result := True; Result := True;
end; end;
procedure GrantSidFullAccess(Path, SID: String);
var
p_SID: PSID;
pDACL: PACL;
EA: EXPLICIT_ACCESS;
Code, Result: DWORD;
begin
p_SID := nil;
if not ConvertStringSidToSid(PChar(SID), p_SID) then
begin
Code := GetLastError;
Writeln('[-] ConvertStringSidToSid error (code ', Code, ').');
Exit;
end;
EA.grfAccessPermissions := GENERIC_ALL;
EA.grfAccessMode := GRANT_ACCESS;
EA.grfInheritance := SUB_CONTAINERS_AND_OBJECTS_INHERIT;
EA.Trustee.pMultipleTrustee := nil;
EA.Trustee.MultipleTrusteeOperation := NO_MULTIPLE_TRUSTEE;
EA.Trustee.TrusteeForm := TRUSTEE_IS_SID;
EA.Trustee.TrusteeType := TRUSTEE_IS_WELL_KNOWN_GROUP;
EA.Trustee.ptstrName := p_SID;
Result := SetEntriesInAcl(1, @EA, nil, pDACL);
if Result = ERROR_SUCCESS then
begin
if SetNamedSecurityInfo(pchar(Path), SE_FILE_OBJECT, DACL_SECURITY_INFORMATION, nil, nil, pDACL, nil) <> ERROR_SUCCESS then
begin
Code := GetLastError;
Writeln('[-] SetNamedSecurityInfo error (code ', Code, ').');
end;
LocalFree(Cardinal(pDACL));
end
else begin
Code := GetLastError;
Writeln('[-] SetEntriesInAcl error (code ', Code, ').');
end;
end;
procedure ExtractFiles; procedure ExtractFiles;
var var
RDPClipRes, RfxvmtRes, S: String; RDPClipRes, RfxvmtRes, S: String;
OnlineINI: TStringList; OnlineINI: TStringList;
begin begin
if not DirectoryExists(ExtractFilePath(ExpandPath(WrapPath))) then if not DirectoryExists(ExtractFilePath(ExpandPath(WrapPath))) then
if ForceDirectories(ExtractFilePath(ExpandPath(WrapPath))) then if ForceDirectories(ExtractFilePath(ExpandPath(WrapPath))) then begin
Writeln('[+] Folder created: ', ExtractFilePath(ExpandPath(WrapPath))) S := ExtractFilePath(ExpandPath(WrapPath));
Writeln('[+] Folder created: ', S);
GrantSidFullAccess(S, 'S-1-5-18'); // Local System account
GrantSidFullAccess(S, 'S-1-5-6'); // Service group
end
else begin else begin
Writeln('[-] ForceDirectories error.'); Writeln('[-] ForceDirectories error.');
Writeln('[*] Path: ', ExtractFilePath(ExpandPath(WrapPath))); Writeln('[*] Path: ', ExtractFilePath(ExpandPath(WrapPath)));
@ -1080,8 +1130,8 @@ var
I: Integer; I: Integer;
begin begin
Writeln('RDP Wrapper Library v1.6.2'); Writeln('RDP Wrapper Library v1.6.2');
Writeln('Installer v2.5'); Writeln('Installer v2.6');
Writeln('Copyright (C) Stas''M Corp. 2017'); Writeln('Copyright (C) Stas''M Corp. 2018');
Writeln(''); Writeln('');
if (ParamCount < 1) if (ParamCount < 1)

Binary file not shown.