7 files changed, 459 insertions, 0 deletions
diff --git a/sspap3registrypermissions/sspap3registrypermissions.cpp b/sspap3registrypermissions/sspap3registrypermissions.cpp
new file mode 100755
index 0000000..5c7d239
--- /dev/null
+++ b/sspap3registrypermissions/sspap3registrypermissions.cpp
@@ -0,0 +1,295 @@
+// sspap3registrypermissions.cpp : Defines the entry point for the console application.
+//
+
+#include "stdafx.h"
+#include <windows.h>
+#include <stdio.h>
+#include <aclapi.h>
+
+#define RTN_OK 0
+#define RTN_ERROR 13
+
+void
+DisplayWinError(
+    LPSTR szAPI,    // pointer to Ansi function name
+    DWORD dwError   // DWORD WinError
+    );
+
+
+int _tmain(int argc, _TCHAR* argv[])
+{
+	SID_IDENTIFIER_AUTHORITY sia = SECURITY_NT_AUTHORITY;
+	PSID pRestrictedSid = NULL;
+	PSID pSystemSid = NULL;
+	PSID pAdministratorsSid = NULL;
+	PSID pEveryoneSid = NULL;
+	SECURITY_DESCRIPTOR sd;
+	PACL pDacl = NULL;
+	DWORD dwAclSize;
+	DWORD sidSize;
+	HKEY hKey;
+	LONG lRetCode;
+	BOOL bSuccess = FALSE; // assume this function fails
+
+    //
+    // open the performance key for WRITE_DAC access
+    //
+    lRetCode = RegOpenKeyEx(
+        HKEY_CURRENT_USER,
+        TEXT(""),
+        0,
+        WRITE_DAC,
+        &hKey
+        );
+
+    if(lRetCode != ERROR_SUCCESS) {
+        DisplayWinError("RegOpenKeyEx", lRetCode);
+        return RTN_ERROR;
+    }
+
+    //
+    // prepare a Sid representing the Restricted user
+    //
+    if(!AllocateAndInitializeSid(
+        &sia,
+        1,
+        SECURITY_RESTRICTED_CODE_RID,
+        0, 0, 0, 0, 0, 0, 0,
+        &pRestrictedSid
+        )) {
+        DisplayWinError("AllocateAndInitializeSid SECURITY_RESTRICTED_CODE_RID", GetLastError());
+        goto cleanup;
+    }
+
+	//
+    // prepare a Sid representing the System user
+    //
+    if(!AllocateAndInitializeSid(
+        &sia,
+        1,
+        SECURITY_LOCAL_SYSTEM_RID,
+        0, 0, 0, 0, 0, 0, 0,
+        &pSystemSid
+        )) {
+        DisplayWinError("AllocateAndInitializeSid SECURITY_LOCAL_SYSTEM_RID", GetLastError());
+        goto cleanup;
+    }
+
+    //
+    // prepare a Sid representing any administrator
+    //
+	pAdministratorsSid = (PSID)HeapAlloc(GetProcessHeap(), 0, SECURITY_MAX_SID_SIZE);
+    if(pAdministratorsSid == NULL) goto cleanup;
+    if(!CreateWellKnownSid(
+        WinBuiltinAdministratorsSid,
+		NULL,
+        pAdministratorsSid,
+		&sidSize
+        )) {
+        DisplayWinError("CreateWellKnownSid WinBuiltinAdministratorsSid", GetLastError());
+        goto cleanup;
+    }
+
+    //
+    // prepare a Sid representing any user
+    //
+	pEveryoneSid = (PSID)HeapAlloc(GetProcessHeap(), 0, SECURITY_MAX_SID_SIZE);
+    if(pEveryoneSid == NULL) goto cleanup;
+    if(!CreateWellKnownSid(
+        WinWorldSid,
+		NULL,
+        pEveryoneSid,
+		&sidSize
+        )) {
+        DisplayWinError("CreateWellKnownSid WinWorldSid", GetLastError());
+        goto cleanup;
+    }
+
+    //
+    // compute size of new acl
+    //
+    dwAclSize = sizeof(ACL) +
+        4 * ( sizeof(ACCESS_ALLOWED_ACE) - sizeof(DWORD) ) +
+		GetLengthSid(pRestrictedSid) +
+		GetLengthSid(pSystemSid) +
+        GetLengthSid(pAdministratorsSid) +
+        GetLengthSid(pEveryoneSid) ;
+
+    //
+    // allocate storage for Acl
+    //
+    pDacl = (PACL)HeapAlloc(GetProcessHeap(), 0, dwAclSize);
+    if(pDacl == NULL) goto cleanup;
+
+    if(!InitializeAcl(pDacl, dwAclSize, ACL_REVISION)) {
+        DisplayWinError("InitializeAcl", GetLastError());
+        goto cleanup;
+    }
+
+    //
+    // grant the Restricted Sid KEY_READ access to the perf key
+    //
+    if(!AddAccessAllowedAceEx(
+        pDacl,
+        ACL_REVISION,
+        CONTAINER_INHERIT_ACE | OBJECT_INHERIT_ACE,
+		KEY_READ,
+        pRestrictedSid
+        )) {
+        DisplayWinError("AddAccessAllowedAce", GetLastError());
+        goto cleanup;
+    }
+
+    //
+    // grant the System Sid KEY_ALL_ACCESS access to the perf key
+    //
+    if(!AddAccessAllowedAceEx(
+        pDacl,
+        ACL_REVISION,
+        CONTAINER_INHERIT_ACE | OBJECT_INHERIT_ACE,
+		KEY_ALL_ACCESS,
+        pSystemSid
+        )) {
+        DisplayWinError("AddAccessAllowedAce", GetLastError());
+        goto cleanup;
+    }
+
+    //
+    // grant the Administrators Sid KEY_ALL_ACCESS access to the perf key
+    //
+    if(!AddAccessAllowedAceEx(
+        pDacl,
+        ACL_REVISION,
+        CONTAINER_INHERIT_ACE | OBJECT_INHERIT_ACE,
+		KEY_ALL_ACCESS,
+        pAdministratorsSid
+        )) {
+        DisplayWinError("AddAccessAllowedAce", GetLastError());
+        goto cleanup;
+    }
+
+    //
+    // grant the Everyone Sid KEY_ALL_ACCESS access to the perf key
+    //
+    if(!AddAccessAllowedAceEx(
+        pDacl,
+        ACL_REVISION,
+        CONTAINER_INHERIT_ACE | OBJECT_INHERIT_ACE,
+		KEY_ALL_ACCESS,
+        pEveryoneSid
+        )) {
+        DisplayWinError("AddAccessAllowedAce", GetLastError());
+        goto cleanup;
+    }
+
+    if(!InitializeSecurityDescriptor(&sd, SECURITY_DESCRIPTOR_REVISION)) {
+        DisplayWinError("InitializeSecurityDescriptor", GetLastError());
+        goto cleanup;
+    }
+
+/*    if(!SetSecurityDescriptorDacl(&sd, TRUE, pDacl, FALSE)) {
+        DisplayWinError("SetSecurityDescriptorDacl", GetLastError());
+        goto cleanup;
+    }*/
+
+	//
+	// Unlike SetSecurityDescriptorDacl, SetNamedSecurityInfo propogates inheritance to subkeys
+	// See http://comments.gmane.org/gmane.comp.python.windows/10609
+	//
+	if(!SetNamedSecurityInfo(L"CURRENT_USER", SE_REGISTRY_KEY, DACL_SECURITY_INFORMATION, NULL, NULL, pDacl, NULL)) {
+		DisplayWinError("SetNamedSecurityInfo", GetLastError());
+		goto cleanup;
+	}
+
+    //
+    // apply the security descriptor to the registry key
+    //
+    lRetCode = RegSetKeySecurity(
+        hKey,
+        (SECURITY_INFORMATION)DACL_SECURITY_INFORMATION,
+        &sd
+        );
+
+    if(lRetCode != ERROR_SUCCESS) {
+        DisplayWinError("RegSetKeySecurity", lRetCode);
+        goto cleanup;
+    }
+
+    bSuccess = TRUE; // indicate success
+
+cleanup:
+
+    RegCloseKey(hKey);
+    RegCloseKey(HKEY_LOCAL_MACHINE);
+
+    //
+    // free allocated resources
+    //
+    if(pDacl != NULL)
+        HeapFree(GetProcessHeap(), 0, pDacl);
+
+    if(pRestrictedSid != NULL)
+        FreeSid(pRestrictedSid);
+
+    if(pSystemSid != NULL)
+        FreeSid(pSystemSid);
+
+    if(pAdministratorsSid != NULL)
+        FreeSid(pAdministratorsSid);
+
+    if(pEveryoneSid != NULL)
+        FreeSid(pEveryoneSid);
+
+    if(bSuccess) {
+        printf("SUCCESS updating user hive security\n");
+        return RTN_OK;
+    } else {
+        printf("ERROR updating user hive security\n");
+        return RTN_ERROR;
+    }
+}
+
+void
+DisplayWinError(
+    LPSTR szAPI,    // pointer to Ansi function name
+    DWORD dwError   // DWORD WinError
+    )
+{
+    LPSTR MessageBuffer;
+    DWORD dwBufferLength;
+
+    //
+    // TODO get this fprintf out of here!
+    //
+    fprintf(stderr,"%s error!\n", szAPI);
+
+    if(dwBufferLength=FormatMessageA(
+            FORMAT_MESSAGE_ALLOCATE_BUFFER |
+            FORMAT_MESSAGE_FROM_SYSTEM,
+            NULL,
+            dwError,
+            MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT),
+            (LPSTR) &MessageBuffer,
+            0,
+            NULL
+            ))
+    {
+        DWORD dwBytesWritten; // unused
+
+        //
+        // Output message string on stderr
+        //
+        WriteFile(
+                GetStdHandle(STD_ERROR_HANDLE),
+                MessageBuffer,
+                dwBufferLength,
+                &dwBytesWritten,
+                NULL
+                );
+
+        //
+        // free the buffer allocated by the system
+        //
+        LocalFree(MessageBuffer);
+    }
+}
diff --git a/sspap3registrypermissions/sspap3registrypermissions.vcxproj b/sspap3registrypermissions/sspap3registrypermissions.vcxproj
new file mode 100755
index 0000000..f86e7eb
--- /dev/null
+++ b/sspap3registrypermissions/sspap3registrypermissions.vcxproj
@@ -0,0 +1,94 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{9BCBC2A2-62A2-4613-B61F-E7477CE0A487}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+    <RootNamespace>sspap3registrypermissions</RootNamespace>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v110</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <PrecompiledHeader>Use</PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>Disabled</Optimization>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <SDLCheck>true</SDLCheck>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <PrecompiledHeader>Use</PrecompiledHeader>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <SDLCheck>true</SDLCheck>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClInclude Include="stdafx.h" />
+    <ClInclude Include="targetver.h" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="sspap3registrypermissions.cpp" />
+    <ClCompile Include="stdafx.cpp">
+      <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">Create</PrecompiledHeader>
+      <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">Create</PrecompiledHeader>
+    </ClCompile>
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
+\ No newline at end of file
diff --git a/sspap3registrypermissions/sspap3registrypermissions.vcxproj.filters b/sspap3registrypermissions/sspap3registrypermissions.vcxproj.filters
new file mode 100755
index 0000000..a063d2e
--- /dev/null
+++ b/sspap3registrypermissions/sspap3registrypermissions.vcxproj.filters
@@ -0,0 +1,36 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="Source Files">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="Header Files">
+      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+      <Extensions>h;hpp;hxx;hm;inl;inc;xsd</Extensions>
+    </Filter>
+    <Filter Include="Resource Files">
+      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClInclude Include="stdafx.h">
+      <Filter>Header Files</Filter>
+    </ClInclude>
+    <ClInclude Include="targetver.h">
+      <Filter>Header Files</Filter>
+    </ClInclude>
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="stdafx.cpp">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="sspap3registrypermissions.cpp">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+  </ItemGroup>
+</Project>
+\ No newline at end of file
diff --git a/sspap3registrypermissions/sspap3registrypermissions.vcxproj.user b/sspap3registrypermissions/sspap3registrypermissions.vcxproj.user
new file mode 100755
index 0000000..695b5c7
--- /dev/null
+++ b/sspap3registrypermissions/sspap3registrypermissions.vcxproj.user
@@ -0,0 +1,3 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+</Project>
+\ No newline at end of file
diff --git a/sspap3registrypermissions/stdafx.cpp b/sspap3registrypermissions/stdafx.cpp
new file mode 100755
index 0000000..81d6fb6
--- /dev/null
+++ b/sspap3registrypermissions/stdafx.cpp
@@ -0,0 +1,8 @@
+// stdafx.cpp : source file that includes just the standard includes
+// sspap3registrypermissions.pch will be the pre-compiled header
+// stdafx.obj will contain the pre-compiled type information
+
+#include "stdafx.h"
+
+// TODO: reference any additional headers you need in STDAFX.H
+// and not in this file
diff --git a/sspap3registrypermissions/stdafx.h b/sspap3registrypermissions/stdafx.h
new file mode 100755
index 0000000..47a0d02
--- /dev/null
+++ b/sspap3registrypermissions/stdafx.h
@@ -0,0 +1,15 @@
+// stdafx.h : include file for standard system include files,
+// or project specific include files that are used frequently, but
+// are changed infrequently
+//
+
+#pragma once
+
+#include "targetver.h"
+
+#include <stdio.h>
+#include <tchar.h>
+
+
+
+// TODO: reference additional headers your program requires here
diff --git a/sspap3registrypermissions/targetver.h b/sspap3registrypermissions/targetver.h
new file mode 100755
index 0000000..90e767b
--- /dev/null
+++ b/sspap3registrypermissions/targetver.h
@@ -0,0 +1,8 @@
+#pragma once
+
+// Including SDKDDKVer.h defines the highest available Windows platform.
+
+// If you wish to build your application for a previous Windows platform, include WinSDKVer.h and
+// set the _WIN32_WINNT macro to the platform you wish to support before including SDKDDKVer.h.
+
+#include <SDKDDKVer.h>