Auswirkung von File_Read_attributes und File_Read_ea -Attributen auf einer Datei ⇐ C++

[Anonymous]

msdn definiert File_read_attributes als "das Recht, Dateiattribute zu lesen". /> Soweit ich verstehe, verlieren wir, wenn diese Rechte fehlen, den Zugriff auf Dateiattribute. Wenn ich diese Rechte jedoch von einer Datei wegnehme, gibt GetFileTtributes weiterhin Dateiattribute zurück. Der richtige Pfad zur Datei < /p>

Code: Select all

#include 
#include 
#include 
#include 
#include 
#include 
#include 

DWORD GetSecurityDescriptor(HANDLE handle, std::unique_ptr& pSD)
{
DWORD dwSDLen;
std::unique_ptr buffer;

if (GetKernelObjectSecurity(handle, DACL_SECURITY_INFORMATION, NULL, 0, &dwSDLen) == 0)
{
DWORD err = GetLastError();

if (err == ERROR_INSUFFICIENT_BUFFER)
{
buffer.reset(new(std::nothrow) BYTE[dwSDLen]);

if (!buffer)
{
return ERROR_NOT_ENOUGH_MEMORY;
}

if (GetKernelObjectSecurity(handle, DACL_SECURITY_INFORMATION, buffer.get(), dwSDLen, &dwSDLen) == 0)
{
return GetLastError();
}

pSD = std::move(buffer);
}
else
{
return err;
}
}

return ERROR_SUCCESS;
}

DWORD ToAbsoluteSD(const std::unique_ptr& selfRelativeSD, std::unique_ptr& absoluteSD)
{
DWORD absSDSize = 0;
DWORD dwDaclSize = 0;
DWORD dwSaclSize = 0;
DWORD dwOwnerSize = 0;
DWORD dwPrimaryGroupSize = 0;

DWORD result = MakeAbsoluteSD(selfRelativeSD.get(), NULL, &absSDSize,
NULL, &dwDaclSize,
NULL, &dwSaclSize,
NULL, &dwOwnerSize,
NULL, &dwPrimaryGroupSize);

if (result != 0)
{
return ERROR_INSUFFICIENT_BUFFER;
}

DWORD err = GetLastError();

if (err == ERROR_INSUFFICIENT_BUFFER)
{
std::unique_ptr absSD(new(std::nothrow) BYTE[absSDSize]);
std::unique_ptr dacl(new(std::nothrow) BYTE[dwDaclSize]);
std::unique_ptr sacl(new(std::nothrow) BYTE[dwSaclSize]);
std::unique_ptr owner(new(std::nothrow) BYTE[dwOwnerSize]);
std::unique_ptr primaryGroup(new(std::nothrow) BYTE[dwPrimaryGroupSize]);

if (!absSD || !dacl || !sacl || !owner || !primaryGroup)
{
return ERROR_NOT_ENOUGH_MEMORY;
}

result = MakeAbsoluteSD(selfRelativeSD.get(), absSD.get(), &absSDSize,
(PACL)dacl.get(), &dwDaclSize,
(PACL)sacl.get(), &dwSaclSize,
(PSID)owner.get(), &dwOwnerSize,
(PSID)primaryGroup.get(), &dwPrimaryGroupSize);

if (result == 0)
{
return GetLastError();
}

absoluteSD = std::move(absSD);
}
else
{
return err;
}

return ERROR_SUCCESS;
}

DWORD SetPermissions(const std::wstring& fileName, PSID pSID, bool allowed, ACCESS_MASK accessRights, bool set)
{
if (fileName.size() == 0)
{
return ERROR_INVALID_PARAMETER;
}

if (!pSID)
{
return ERROR_INVALID_PARAMETER;
}

wil::unique_handle hFile(CreateFile(fileName.c_str(), READ_CONTROL | WRITE_DAC, 0, NULL, OPEN_EXISTING, FILE_FLAG_BACKUP_SEMANTICS, NULL));
if (!hFile)
{
return GetLastError();
}

std::unique_ptr pSD;
DWORD result = GetSecurityDescriptor(hFile.get(), pSD);
if (result != ERROR_SUCCESS)
{
return result;
}

PACL dacl = nullptr;
BOOL present;
BOOL defaulted;

if (GetSecurityDescriptorDacl(pSD.get(), &present, &dacl, &defaulted) == 0)
{
return GetLastError();
}

if (!present)
{
return ERROR_NOT_SUPPORTED;
}

bool aceType = allowed ? ACCESS_ALLOWED_ACE_TYPE : ACCESS_DENIED_ACE_TYPE;

// if DACL present and not NULL
if (dacl)
{
for (WORD i = 0; i < dacl->AceCount; i++)
{
PACE_HEADER header;
if (GetAce(dacl, i, (PVOID*)&header) != 0)
{
if (header->AceType == aceType)
{
auto ace = (ACCESS_ALLOWED_ACE*)header;  // have the same binary layout as ACCESS_DENIED_ACE
if (EqualSid((PSID)&ace->SidStart, pSID) != 0)
{
set ? ace->Mask |= accessRights : ace->Mask &= ~accessRights;
if (SetKernelObjectSecurity(hFile.get(), DACL_SECURITY_INFORMATION, pSD.get()) == 0)
{
return GetLastError();
}

return ERROR_SUCCESS;
}
}
}
}
}

EXPLICIT_ACCESS ea;
PACL pNewDACL = NULL;

// Initialize an EXPLICIT_ACCESS structure for the new ACE.
ZeroMemory(&ea, sizeof(EXPLICIT_ACCESS));
ea.grfAccessPermissions = accessRights;
ea.grfAccessMode = allowed ? SET_ACCESS : DENY_ACCESS;
ea.grfInheritance = NO_INHERITANCE;
ea.Trustee.TrusteeForm = TRUSTEE_IS_SID;
ea.Trustee.ptstrName = (PWSTR)pSID;

result = SetEntriesInAcl(1, &ea, dacl, &pNewDACL);
if (result != ERROR_SUCCESS) {
return result;
}

std::unique_ptr absoluteSD;
result = ToAbsoluteSD(pSD, absoluteSD);
if (result != ERROR_SUCCESS)
{
return result;
}

if (SetSecurityDescriptorDacl(absoluteSD.get(), TRUE, pNewDACL, FALSE) == 0)
{
return GetLastError();
}

if (SetKernelObjectSecurity(hFile.get(), DACL_SECURITY_INFORMATION, absoluteSD.get()) == 0)
{
return GetLastError();
}

return ERROR_SUCCESS;
}

int main()
{
wchar_t trusteeSID[] = L"S-1-5-21-#-#-#-#";
PSID pSid;
if (!ConvertStringSidToSid(trusteeSID, &pSid)) {
std::cout