, . :
BOOL GetFileSecurity(LPCTSTR lpFileName, SECURITY_INFORMATION secInfo, PSECURITY_DESCRIPTOR pSecurityDescriptor, DWORD cbSd, LPDWORD lpcbLengthNeeded)
BOOL SetFileSecurity(LPCTSTR lpFileName, SECURITY_INFORMATION secInfo, PSECURITY_DESCRIPTOR pSecurityDescriptor)
secInfo :
OWNER_SECURITY_INFORMATION
GROUP_SECURITY_INFORMATION
DACL_SECURITY_INFORMATION
SACL_SECURITY_INFORMATION
, . "".
GetFileSecurity . cbSd 0. , . 15.4.
, . , SetFileSecurity WRITE_DAC, .
GetSecurityDescriptorOwner GetSecurityDescriptorGroup SID , GetFileSecurity. ACL GetSecurityDescriptorDacl.
BOOL GetSecurityDescriptorDacl(PSECURITY_DESCRIPTOR pSecurityDescriptor, LPBOOL lpbDaclPresent, PACL *pAcl, LPBOOL lpbDaclDefaulted)
GetSecurityDescriptorDacl , , , ACL .
ACL, , .
BOOL GetAclInformation(PACL pAcl, LPVOID pAclInformation, DWORD cbAclInfo, ACL INFORMATION CLASS dwAclInfoClass)
ACL, dwAclInfoClass, AclSizeInformation, pAclInformation ACL_SIZE_INFORMATION. AclRevisionInformation.
ACL_SIZE_INFORMATION , AceCount, , . , ACL, AclBytesInUse AclBytesFree ACL_SIZE_INFORMATION.
GetAce .
BOOL GetAce(PACL pAcl, DWORD dwAceIndex, LPVOID *pAce)
|
|
( ) . , Header, , , . ACCESS_ALLOWED_ACE ACCESS DENIED .
:
15.4 ReadFilePermissions, 15.1 15.2. . , ACL 15.3. , 15.3, .
15.4. ReadFilePermissions:
DWORD ReadFilePermissions(LPCTSTR lpFileName, LPTSTR UsrNm, LPTSTR GrpNm)
/* UNIX. */
{
PSECURITY_DESCRIPTOR pSD = NULL;
DWORD LenNeeded, PBits, iAce;
BOOL DaclF, AclDefF, OwnerDefF, GroupDefF;
BYTE DAcl[ACL_SIZE];
PACL pAcl = (PACL)&DAcl;
ACL_SIZE_INFORMATION ASizeInfo;
PACCESS_ALLOWED_ACE pAce;
BYTE AType;
HANDLE ProcHeap = GetProcessHeap();
PSID pOwnerSid, pGroupSid;
TCHAR RefDomain[2][DOM_SIZE];
DWORD RefDomCnt[] = {DOM_SIZE, DOM_SIZE);
DWORD AcctSize[] = {ACCT_NAME_SIZE, ACCT_NAME_SIZE};
SID_NAME_USE sNamUse[] = {SidTypeUser, SidTypeGroup};
/* . */
GetFileSecurity(lpFileName, OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION | DACL_SECURITY_INFORMATION, pSD, 0, &LenNeeded);
pSD = HeapAlloc(ProcHeap, HEAP_GENERATE_EXCEPTIONS, LenNeeded);
GetFileSecurity(lpFileName, OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION | DACL_SECURITY_INFORMATION, pSD, LenNeeded, &LenNeeded);
GetSecurityDescriptorDacl(pSD, &DaclF, &pAcl, &AclDefF);
GetAclInformation(pAcl, &ASizeInfo, sizeof(ACL_SIZE_INFORMATION), AclSizeInformation);
PBits = 0; /* ACL. */
for (iAce = 0; iAce < ASizeInfo.AceCount; iAce++) {
GetAce(pAcl, iAce, &pAce);
AType = pAce->Header.AceType;
if (AType == ACCESS_ALLOWED_ACE_TYPE) PBits |= (0x1 << (8-iAce));
}
/* . */
GetSecurityDescriptorOwner(pSD, &pOwnerSid, &OwnerDefF);
GetSecurityDescriptorGroup(pSD, &pGroupSid, &GroupDefF);
LookupAccountSid(NULL, pOwnerSid, UsrNm, &AcctSize[0], RefDomain[0], &RefDomCnt[0], &sNamUse[0]);
LookupAccountSid(NULL, pGroupSid, GrpNm, &AcctSize[1], RefDomain[1], &RefDomCnt[1], &sNamUse[1]);
return PBits;
}
:
15.5 , . , ChangeFilePermissions, , SID , ACL.
15.5. ChangeFilePermissions:
BOOL ChangeFilePermissions(DWORD fPm, LPCTSTR FNm, LPDWORD AceMsk)
/* . . */
|
|
{
TCHAR UsrNm[ACCT_NAME_SIZE], GrpNm[ACCT_NAME_SIZE];
LPSECURITY_ATTRIBUTES pSA;
PSECURITY_DESCRIPTOR pSD = NULL;
HANDLE hSecHeap;
if (_taccess(FNm, 0)!= 0) return FALSE;
ReadFilePermissions(FNm, UsrNm, GrpNm);
pSA = InitializeUnixSA(fPm, UsrNm, GrpNm, AceMsk, &hSecHeap);
pSD = pSA->lpSecurityDescriptor;
SetFileSecurity(FileName, DACL_SECURITY_INFORMATION, pSD);
HeapDestroy(hSecHeap);
return TRUE;
}