-
Brauche dies gerade selber... da nach sowas hier gefragt wurde dachte ich, es würde den Thread vervollständigen.
@Berechtigung
Wenn's Dich noch interessiert, schau zudem mal die paar links an.
http://msdn.microsoft.com/en-us/library/aa374872
http://msdn.microsoft.com/en-us/library/aa446596
http://msdn.microsoft.com/en-us/library/aa379283%28v=VS.85%29.aspx
Versuche den folgenden Quelltext und die MSDN Inf. zu verstehen, denn zum erklären bin ich jetzt zu müde.
Nur ein Bsp.
#include <windows.h>
#include <stdio.h>
#include <Sddl.h>
#include <Aclapi.h>
#pragma comment(lib, "advapi32.lib")
int main()
{
DWORD rc = 0;
PSID sid = NULL;
if( ConvertStringSidToSid("WD" ,&sid ) == 0 ) {
printf("ConvertStringSidToSid error\n");
getchar();
return 1;
}
rc = AddAceToObjectsSecurityDescriptor(
"DATA", // name of object
SE_FILE_OBJECT, // type of object
sid, // trustee for new ACE
TRUSTEE_IS_SID, // format of trustee structure
GENERIC_ALL, // access mask for new ACE
SET_ACCESS, // type of ACE - SET_ACCESS - DENY_ACCESS
NO_INHERITANCE // inheritance flags for new ACE - NO_INHERITANCE
);
LocalFree( sid);
printf("%li",rc);
return 0;
}
DWORD AddAceToObjectsSecurityDescriptor (
LPTSTR pszObjName,
SE_OBJECT_TYPE ObjectType,
LPTSTR pszTrustee,
TRUSTEE_FORM TrusteeForm,
DWORD dwAccessRights,
ACCESS_MODE AccessMode,
DWORD dwInheritance
)
{
DWORD dwRes = 0;
PACL pOldDACL = NULL, pNewDACL = NULL;
PSECURITY_DESCRIPTOR pSD = NULL;
EXPLICIT_ACCESS ea;
if (NULL == pszObjName)
return ERROR_INVALID_PARAMETER;
// Get a pointer to the existing DACL.
dwRes = GetNamedSecurityInfo(pszObjName ,ObjectType ,DACL_SECURITY_INFORMATION,
NULL, NULL, &pOldDACL, NULL, &pSD);
if (ERROR_SUCCESS != dwRes) {
printf( "GetNamedSecurityInfo Error %u\n", dwRes );
goto Cleanup;
}
// Initialize an EXPLICIT_ACCESS structure for the new ACE.
ZeroMemory(&ea ,sizeof(EXPLICIT_ACCESS));
ea.grfAccessPermissions = dwAccessRights;
ea.grfAccessMode = AccessMode;
ea.grfInheritance= dwInheritance;
ea.Trustee.TrusteeForm = TrusteeForm;
ea.Trustee.ptstrName = pszTrustee;
// Create a new ACL that merges the new ACE
// into the existing DACL.
dwRes = SetEntriesInAcl(1, &ea, pOldDACL, &pNewDACL);
if (ERROR_SUCCESS != dwRes) {
printf( "SetEntriesInAcl Error %u\n", dwRes );
goto Cleanup;
}
// Attach the new ACL as the object's DACL.
dwRes = SetNamedSecurityInfo(pszObjName ,ObjectType ,DACL_SECURITY_INFORMATION ,NULL ,NULL ,pNewDACL ,NULL);
if (ERROR_SUCCESS != dwRes) {
printf( "SetNamedSecurityInfo Error %u\n", dwRes );
goto Cleanup;
}
Cleanup:
if(pSD != NULL)
LocalFree((HLOCAL) pSD);
if(pNewDACL != NULL)
LocalFree((HLOCAL) pNewDACL);
return dwRes;
}
