If you have to go the private file route, this may help. It creates a file that can only be read by the current userid, and writes the password to it. It then waits for keyboard input and deletes the file.
I've verified that other users, including administrators cannot read or delete the file, nor even inspect its permissions.
Also, in theory, by using FILE_ATTRIBUTE_TEMPORARY, the contents may never actually be written to the disk, and (assuming a small file and a system file cache that is not overrun) only ever exist in cache. (In theory!)
#include <windows.h>
#include <sddl.h>
#include <stdio.h>
#include <conio.h>
#include <Lmcons.h>
#include "debug.h"
#define TESTFILENAME "PermissionsTest.txt"
int main( int argc, char **argv ) {
char userName[ UNLEN+1 ];
char sid[ 400 ];
char *stringSID;
char domainName[ 256 ];
SID_NAME_USE sidType;
char pswd[] = "The quick brown fox";
char ssdTemplate[] = "O:%sD:P(A;;FA;;;%s)";
char ssd[1024];
SECURITY_DESCRIPTOR *psd = NULL;
SECURITY_ATTRIBUTES sa = { sizeof( SECURITY_ATTRIBUTES ), NULL, 0
+};
ULONG sdSize, unSize = sizeof( userName ), sidSize = sizeof( sid )
+, dnSize = sizeof( domainName ), written;
HANDLE h;
DIEIF( !GetUserName( userName, &unSize ), NULL );
DIEIF( !LookupAccountName( NULL, userName, sid, &sidSize, domainNa
+me, &dnSize, &sidType ), NULL );
printf( "Got sid\n" );
DIEIF( !ConvertSidToStringSid( sid, &stringSID ), NULL );
printf( "SID (as string): '%s'\n", stringSID );
sprintf_s( ssd, sizeof(ssd), ssdTemplate, stringSID, stringSID );
printf( "SSD: '%s'\n", ssd );
DIEIF( !ConvertStringSecurityDescriptorToSecurityDescriptor( ssd,
+SDDL_REVISION_1, &psd, &sdSize ), NULL );
printf( "psd:%x sdSize: %d\n", psd, sdSize );
sa.lpSecurityDescriptor = psd;
DIEIF( ( h = CreateFile(
TESTFILENAME, GENERIC_WRITE, FILE_SHARE_READ, &sa, CREATE_
+ALWAYS,
FILE_ATTRIBUTE_TEMPORARY, NULL
)) == INVALID_HANDLE_VALUE, NULL
);
printf("File created\n" );
DIEIF( !WriteFile( h, pswd, sizeof( pswd ), &written, NULL ), NULL
+ );
printf( "File written '%s'\n", pswd );
while( !_kbhit() ) Sleep( 1 );
printf( "Closing file\n" );
DIEIF( !CloseHandle( h ), NULL );
DIEIF( !DeleteFile( TESTFILENAME ), NULL );
return 0;
}
With the rise and rise of 'Social' network sites: 'Computers are making people easier to use everyday'
Examine what is said, not who speaks -- Silence betokens consent -- Love the truth but pardon error.
"Science is about questioning the status quo. Questioning authority".
In the absence of evidence, opinion is indistinguishable from prejudice.
|