Win32安全程序设计:文件夹的权限设置
2008-07-02 20:42
513 查看
最近两天在一家公司做兼职。刚去公司,老板就分配了一个任务。公司里有一个软件,在编辑自己产生的文件后,点击保存,文件就会自动上传到服务器进行备份,并立即删除本地的文件。给我的任务是:在Windows2000下,文件夹的属性中的安全选项卡是用户能够看到的。并且一般的用户都可以通过这个安全编辑对话框来更改文件夹的权限。问题是这样的:如果用户把文件夹的删除权限设置为拒绝,那么本地的文件只能上传到服务器,而本地的文件是删不掉的了。老板希望我想一个办法把文件夹的属性中的安全选项卡屏蔽掉。刚刚面试完,不敢说不会,只好满口答应,向老板保证,我一定会尽力去解决的。
在仔细研究了所面对的问题并上网查找了一些资料后,我觉得可以用一种变通的办法来达到同样的效果。那就是:当用户把删除权限设置为拒绝后,我就会检测到,然后再把它改过来。哈哈。不失为一种解决方案。在对Windows安全系统及编程接口完全不熟悉的情况下,我觉得能做到多少就努力做到多少吧。后来老板也很赞同我的想法。从他和我说话的表情和语气。^_^
下面就是我的代码。当然大量参考了Jeffrey Richter先生的宝书《Programming Server-Side Applications for Microsoft Windows 2000》。这是一本很好的书,可惜市面上已经买不到了。自古红颜多薄命,难道好书也像美人一样?幸好,我有英文电子版,可以解一时之急。讲解Win32安全编程机制的书也不多,这是其中的一本。
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/None.gif)
#include "stdafx.h"
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/None.gif)
#include <windows.h>
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/None.gif)
#include <Aclapi.h>
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/None.gif)
#include <AccCtrl.h>
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/None.gif)
#include <Sddl.h>
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/None.gif)
#include <iostream>
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/None.gif)
using namespace std;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/None.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/None.gif)
#define PSIDFromPACE(pACE) ((PSID)(&((pACE)->SidStart)))
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/None.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedBlock.gif)
typedef union _ACE_UNION...{
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
ACE_HEADER aceHeader;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
ACCESS_ALLOWED_ACE aceAllowed;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
ACCESS_DENIED_ACE aceDenied;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
SYSTEM_AUDIT_ACE aceAudit;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedBlockEnd.gif)
}*PACE_UNION;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/None.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/None.gif)
void DumpACL(PACL pACL);
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/None.gif)
DWORD DelAceAndSetACL(PACL pACL, PSID psid, TCHAR *pszBuf);
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/None.gif)
void GrantDeleteRight(TCHAR *pszBuf, PSID psid, PACL pOldDACL, PACL *pNewDACL);
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/None.gif)
ULONG CalculateACLSize(PACL pACLOld, PSID* ppSidArray, int nNumSids, PACE_UNION* ppACEs, int nNumACEs);
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/None.gif)
PACE_UNION AllocateACE(ULONG bACEType, ULONG bACEFlags, ULONG lAccessMask, PSID pSID);
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/None.gif)
ULONG GetACEInsertionIndex(PACL pDACL, PACE_UNION pACENew);
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/None.gif)
BOOL CopyACL( PACL pACLDestination, PACL pACLSource );
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/None.gif)
int FindACEInACL( PACL pACL, PACE_UNION pACE );
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/None.gif)
BOOL IsEqualACE( PACE_UNION pACE1, PACE_UNION pACE2 );
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/None.gif)
LPVOID AllocateTokenInformation(HANDLE hToken, TOKEN_INFORMATION_CLASS tokenClass);
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/None.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedBlock.gif)
struct...{
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
BYTE lACEType;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
PTSTR pszTypeName;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedBlock.gif)
}aceTypes[6] = ...{
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedSubBlock.gif)
...{ACCESS_ALLOWED_ACE_TYPE, TEXT("ACCESS_ALLOWED_ACE_TYPE")},
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedSubBlock.gif)
...{ACCESS_DENIED_ACE_TYPE, TEXT("ACCESS_DENIED_ACE_TYPE")},
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedSubBlock.gif)
...{SYSTEM_AUDIT_ACE_TYPE, TEXT("SYSTEM_AUDIT_ACE_TYPE")},
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedSubBlock.gif)
...{ACCESS_ALLOWED_OBJECT_ACE_TYPE, TEXT("ACCESS_ALLOWED_OBJECT_ACE_TYPE")},
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedSubBlock.gif)
...{ACCESS_DENIED_OBJECT_ACE_TYPE, TEXT("ACCESS_DENIED_OBJECT_ACE_TYPE")},
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedSubBlock.gif)
...{SYSTEM_AUDIT_OBJECT_ACE_TYPE, TEXT("SYSTEM_AUDIT_OBJECT_ACE_TYPE")}};
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/None.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedBlock.gif)
struct...{
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
ULONG lACEFlag;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
PTSTR pszFlagName;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedBlock.gif)
}aceFlags[7] = ...{
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedSubBlock.gif)
...{INHERITED_ACE, TEXT("INHERITED_ACE")},
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedSubBlock.gif)
...{CONTAINER_INHERIT_ACE, TEXT("CONTAINER_INHERIT_ACE")},
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedSubBlock.gif)
...{OBJECT_INHERIT_ACE, TEXT("OBJECT_INHERIT_ACE")},
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedSubBlock.gif)
...{INHERIT_ONLY_ACE, TEXT("INHERIT_ONLY_ACE")},
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedSubBlock.gif)
...{NO_PROPAGATE_INHERIT_ACE, TEXT("NO_PROPAGATE_INHERIT_ACE")},
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedSubBlock.gif)
...{FAILED_ACCESS_ACE_FLAG, TEXT("FAILED_ACCESS_ACE_FLAG")},
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedSubBlock.gif)
...{SUCCESSFUL_ACCESS_ACE_FLAG, TEXT("SUCCESSFUL_ACCESS_ACE_FLAG")}};
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/None.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/None.gif)
int _tmain(int argc, _TCHAR* argv[])
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedBlock.gif)
...{
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
SECURITY_ATTRIBUTES sa;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
SECURITY_DESCRIPTOR sd;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
PSID psid = NULL;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
// 获得当前用户的SID和默认的DACL。
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
HANDLE hToken;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedSubBlock.gif)
if (!OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, &hToken))...{
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
// Error
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
_tprintf(_T("OpenProcessToken Failed."));
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
return 1;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockEnd.gif)
}
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
TOKEN_USER* ptUser = (TOKEN_USER*)AllocateTokenInformation(hToken, TokenUser);
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedSubBlock.gif)
if (ptUser != NULL)...{
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
psid = ptUser->User.Sid;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockEnd.gif)
}
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
TOKEN_DEFAULT_DACL* ptDACL = (TOKEN_DEFAULT_DACL*)AllocateTokenInformation(hToken, TokenDefaultDacl);
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedSubBlock.gif)
if (ptDACL != NULL)...{
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
DumpACL(ptDACL->DefaultDacl);
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockEnd.gif)
}
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
// 初始化sd。使用当前用户的默认DACL。
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
InitializeSecurityDescriptor(&sd, SECURITY_DESCRIPTOR_REVISION);
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
SetSecurityDescriptorDacl(&sd, TRUE, ptDACL->DefaultDacl, FALSE);
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
// 初始化sa。
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
sa.nLength= sizeof(SECURITY_ATTRIBUTES);
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
sa.bInheritHandle = FALSE;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
sa.lpSecurityDescriptor = &sd;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
// 创建一个指定文件夹名和具有上面安全属性的文件夹。
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
TCHAR szPathBuf[MAX_PATH];
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
_tprintf(_T("Input the directory: "));
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
_tscanf(_T("%s"), szPathBuf);
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
CreateDirectory(szPathBuf, &sa);
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
DWORD dwRes = 0;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
PACL pOldDACL = NULL, pNewDACL = NULL;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
PSECURITY_DESCRIPTOR pSD = NULL;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
// Get a pointer to the existing DACL.
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
dwRes = GetNamedSecurityInfo(szPathBuf, SE_FILE_OBJECT, DACL_SECURITY_INFORMATION, NULL, NULL, &pOldDACL, NULL, &pSD);
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedSubBlock.gif)
if (ERROR_SUCCESS != dwRes) ...{
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
_tprintf(_T("GetNamedSecurityInfo Error %u "), dwRes);
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
return 1;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockEnd.gif)
}
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
DumpACL(pOldDACL);
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedSubBlock.gif)
if (DelAceAndSetACL(pOldDACL, psid, szPathBuf) == ERROR_SUCCESS) ...{
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
GrantDeleteRight(szPathBuf, psid, pOldDACL, &pNewDACL);
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
DumpACL(pNewDACL);
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockEnd.gif)
}
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedSubBlock.gif)
else ...{
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
GrantDeleteRight(szPathBuf, psid, pOldDACL, &pNewDACL);
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
DumpACL(pNewDACL);
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockEnd.gif)
}
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
LocalFree(pSD);
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
return 0;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedBlockEnd.gif)
}
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/None.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/None.gif)
DWORD DelAceAndSetACL(PACL pACL, PSID psid, TCHAR *pszBuf)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedBlock.gif)
...{
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
DWORD dwRes = -1;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedSubBlock.gif)
__try ...{
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedSubBlock.gif)
ACL_SIZE_INFORMATION aclSize = ...{0};
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
if (!GetAclInformation(pACL, &aclSize, sizeof(aclSize), AclSizeInformation))
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
__leave;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedSubBlock.gif)
for (ULONG lIndex = 0; lIndex < aclSize.AceCount; lIndex++) ...{
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
ACCESS_ALLOWED_ACE* pACE;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
if (!GetAce(pACL, lIndex, (PVOID*)&pACE))
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
__leave;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
bool flag16 = false, flag26 = false;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
int cnt = 0;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
ULONG lIndex2 = (ULONG)1<<31;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedSubBlock.gif)
while (lIndex2) ...{
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
++cnt;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedSubBlock.gif)
if (cnt == 16 && ((pACE->Mask & lIndex2) != 0)) ...{
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
flag16 = true;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockEnd.gif)
}
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedSubBlock.gif)
if (cnt == 26 && ((pACE->Mask & lIndex2) != 0)) ...{
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
flag26 = true;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockEnd.gif)
}
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
lIndex2 >>= 1;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
if (flag16 || flag26)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
break;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockEnd.gif)
}
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedSubBlock.gif)
if ((flag16 || flag26) && pACE->Header.AceType == ACCESS_DENIED_ACE_TYPE) ...{
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
::DeleteAce(pACL, lIndex);
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
--lIndex;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
--aclSize.AceCount;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
dwRes = SetNamedSecurityInfo(pszBuf, SE_FILE_OBJECT,
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
DACL_SECURITY_INFORMATION | OWNER_SECURITY_INFORMATION,
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
psid, NULL, pACL, NULL);
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
if (ERROR_SUCCESS != dwRes)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
printf("SetNamedSecurityInfo Error %u ", dwRes);
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
flag16 = flag26 = false;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockEnd.gif)
}
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockEnd.gif)
}
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedSubBlock.gif)
}__finally ...{}
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
return dwRes;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedBlockEnd.gif)
}
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/None.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/None.gif)
void GrantDeleteRight(TCHAR *pszBuf, PSID psid, PACL pOldDACL, PACL *pNewDACL)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedBlock.gif)
...{
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
PSID psidArray[1];
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
psidArray[0] = psid;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
// Get the size of the new ACL
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
ULONG lACLSize = CalculateACLSize(pOldDACL, psidArray, 1, NULL, 1);
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedSubBlock.gif)
if (lACLSize == 0)...{
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
// Error
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockEnd.gif)
}
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
// Allocate memory for the ACL
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
*pNewDACL = (PACL)HeapAlloc(GetProcessHeap(), 0, lACLSize);
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedSubBlock.gif)
if (pNewDACL == NULL) ...{
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
// Error
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockEnd.gif)
}
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
// Initialize the ACL
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedSubBlock.gif)
if (!InitializeAcl(*pNewDACL, lACLSize, ACL_REVISION))...{
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
// Error
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockEnd.gif)
}
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
PACE_UNION pNewACE = AllocateACE(
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
ACCESS_ALLOWED_ACE_TYPE,
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
NULL,
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
GENERIC_ALL | FILE_DELETE_CHILD | DELETE,
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
psid
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
);
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
// 如果ACL中有相同的ACE则返回。
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
if (FindACEInACL(*pNewDACL, pNewACE) != -1)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
return;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
CopyACL(*pNewDACL, pOldDACL);
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
// Get location for new ACE
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
ULONG lIndex = GetACEInsertionIndex(*pNewDACL, pNewACE);
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
// Add the new ACE
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
if (!AddAce(*pNewDACL, ACL_REVISION, lIndex, pNewACE, pNewACE->aceHeader.AceSize))
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
printf("Error!");
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
DWORD dwRes = SetNamedSecurityInfo(pszBuf, SE_FILE_OBJECT,
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
DACL_SECURITY_INFORMATION | OWNER_SECURITY_INFORMATION,
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
psid, NULL, *pNewDACL, NULL);
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
if (ERROR_SUCCESS != dwRes)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
printf("SetNamedSecurityInfo Error %u ", dwRes);
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedBlockEnd.gif)
}
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/None.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedBlock.gif)
void DumpACL(PACL pACL)...{
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedSubBlock.gif)
__try...{
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedSubBlock.gif)
if (pACL == NULL)...{
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
_tprintf(TEXT("NULL DACL "));
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
__leave;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockEnd.gif)
}
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedSubBlock.gif)
ACL_SIZE_INFORMATION aclSize = ...{0};
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
if (!GetAclInformation(pACL, &aclSize, sizeof(aclSize), AclSizeInformation))
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
__leave;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
_tprintf(TEXT("ACL ACE count: %d "), aclSize.AceCount);
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedSubBlock.gif)
for (ULONG lIndex = 0;lIndex < aclSize.AceCount;lIndex++)...{
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
ACCESS_ALLOWED_ACE* pACE;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
if (!GetAce(pACL, lIndex, (PVOID*)&pACE))
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
__leave;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
_tprintf(TEXT(" ACE #%d "), lIndex);
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
ULONG lIndex2 = 6;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
PTSTR pszString = TEXT("Unknown ACE Type");
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedSubBlock.gif)
while (lIndex2--)...{
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedSubBlock.gif)
if(pACE->Header.AceType == aceTypes[lIndex2].lACEType) ...{
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
pszString = aceTypes[lIndex2].pszTypeName;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockEnd.gif)
}
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockEnd.gif)
}
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
_tprintf(TEXT(" ACE Type = %s "), pszString);
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
_tprintf(TEXT(" ACE Flags = "));
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
lIndex2 = 7;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedSubBlock.gif)
while (lIndex2--) ...{
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
if ((pACE->Header.AceFlags & aceFlags[lIndex2].lACEFlag)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
!= 0)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
_tprintf(TEXT(" %s "),
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
aceFlags[lIndex2].pszFlagName);
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockEnd.gif)
}
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
_tprintf(TEXT(" ACE Mask (32->0) = "));
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
lIndex2 = (ULONG)1<<31;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedSubBlock.gif)
while (lIndex2) ...{
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
_tprintf(((pACE->Mask & lIndex2) != 0)?TEXT("1"):TEXT("0"));
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
lIndex2>>=1;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockEnd.gif)
}
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
TCHAR szName[1024];
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
TCHAR szDom[1024];
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
PSID pSID = PSIDFromPACE(pACE);
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
SID_NAME_USE sidUse;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
ULONG lLen1 = 1024, lLen2 = 1024;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
if (!LookupAccountSid(NULL, pSID, szName, &lLen1, szDom, &lLen2, &sidUse))
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
lstrcpy(szName, TEXT("Unknown"));
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
PTSTR pszSID;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
if (!ConvertSidToStringSid(pSID, &pszSID))
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
__leave;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
_tprintf(TEXT(" ACE SID = %s (%s) "), pszSID, szName);
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
LocalFree(pszSID);
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockEnd.gif)
}
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedSubBlock.gif)
}__finally...{}
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedBlockEnd.gif)
}
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/None.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/None.gif)
LPVOID AllocateTokenInformation(HANDLE hToken, TOKEN_INFORMATION_CLASS tokenClass)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedBlock.gif)
...{
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
PVOID pvBuffer = NULL;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedSubBlock.gif)
__try...{
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
BOOL fSuccess;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
// Initial buffer size
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
ULONG lSize = 0 ;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
do
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedSubBlock.gif)
...{
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
// Do we have a size yet?
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
if (lSize != 0)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedSubBlock.gif)
...{
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
// Do we already have a buffer?
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
if (pvBuffer != NULL)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
LocalFree(pvBuffer);// Then free it
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
// Allocate a new buffer
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
pvBuffer = LocalAlloc(LPTR, lSize) ;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
if(pvBuffer == NULL)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
__leave;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockEnd.gif)
}
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
// Try again
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
fSuccess = GetTokenInformation( hToken, tokenClass,
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
pvBuffer, lSize, &lSize ) ;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
// Still not enough buffer?
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockEnd.gif)
}while( !fSuccess && (GetLastError() ==
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
ERROR_INSUFFICIENT_BUFFER)) ;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
// If we failed for some other reason, back out
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
if(!fSuccess)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedSubBlock.gif)
...{
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
if(pvBuffer)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
LocalFree(pvBuffer) ;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
pvBuffer = NULL;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockEnd.gif)
}
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedSubBlock.gif)
}__finally...{}
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
// Return locally allocated buffer
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
return (pvBuffer) ;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedBlockEnd.gif)
}
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/None.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/None.gif)
ULONG CalculateACLSize(PACL pACLOld, PSID* ppSidArray, int nNumSids, PACE_UNION* ppACEs, int nNumACEs)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedBlock.gif)
...{
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
ULONG lACLSize = 0;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedSubBlock.gif)
try...{
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
// If we are including an existing ACL, then find its size
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedSubBlock.gif)
if (pACLOld != NULL)...{
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
ACL_SIZE_INFORMATION aclSize;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedSubBlock.gif)
if(!GetAclInformation(pACLOld, &aclSize, sizeof(aclSize), AclSizeInformation))...{
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
goto leave;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockEnd.gif)
}
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
lACLSize = aclSize.AclBytesInUse;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockEnd.gif)
}
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedSubBlock.gif)
if (ppSidArray != NULL)...{
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
// Step through each SID
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedSubBlock.gif)
while (nNumSids--)...{
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
// If a SID isn't valid, then we bail
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedSubBlock.gif)
if (!IsValidSid(ppSidArray[nNumSids]))...{
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
lACLSize = 0;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
goto leave;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockEnd.gif)
}
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
// Get the SID's length
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
lACLSize += GetLengthSid(ppSidArray[nNumSids]);
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
// Add the ACE structure size, minus the
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
// size of the SidStart member
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
lACLSize += sizeof(ACCESS_ALLOWED_ACE) - sizeof(((ACCESS_ALLOWED_ACE*)0)->SidStart);
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockEnd.gif)
}
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockEnd.gif)
}
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedSubBlock.gif)
if (ppACEs != NULL)...{
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
// Step through each ACE
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedSubBlock.gif)
while (nNumACEs--)...{
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
// Get the SIDs length
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
lACLSize += ppACEs[nNumACEs]->aceHeader.AceSize;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockEnd.gif)
}
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockEnd.gif)
}
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
// Add in the ACL structure itself
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
lACLSize += sizeof(ACL);
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
leave:;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedSubBlock.gif)
}catch(...)...{
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
// An exception means we fail the function
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
lACLSize = 0;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockEnd.gif)
}
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
return (lACLSize);
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedBlockEnd.gif)
}
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/None.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/None.gif)
BOOL CopyACL( PACL pACLDestination, PACL pACLSource )
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedBlock.gif)
...{
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
BOOL fReturn = FALSE;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedSubBlock.gif)
try ...{
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
// Get the number of ACEs in the source ACL
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
ACL_SIZE_INFORMATION aclSize;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedSubBlock.gif)
if (!GetAclInformation(pACLSource, &aclSize, sizeof(aclSize), AclSizeInformation))...{
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
goto leave;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockEnd.gif)
}
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
// Use GetAce and AddAce to copy the ACEs
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedSubBlock.gif)
for(ULONG lIndex=0;lIndex < aclSize.AceCount;lIndex++)...{
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
ACE_HEADER* pACE;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
if(!GetAce(pACLSource, lIndex, (PVOID*)&pACE))
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
goto leave;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
if(!AddAce(pACLDestination, ACL_REVISION, MAXDWORD,
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
(PVOID*)pACE, pACE->AceSize))
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
goto leave;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockEnd.gif)
}
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
fReturn = TRUE;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
leave:;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedSubBlock.gif)
}catch(...)...{
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockEnd.gif)
}
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
return (fReturn);
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedBlockEnd.gif)
}
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/None.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/None.gif)
PACE_UNION AllocateACE(ULONG bACEType, ULONG bACEFlags, ULONG lAccessMask, PSID pSID)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedBlock.gif)
...{
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
PACE_UNION pReturnACE = NULL;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
PBYTE pbBuffer = NULL;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedSubBlock.gif)
try...{
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
// Get the offset of the SID in the ACE
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
ULONG lSIDOffset = (ULONG)(&((ACCESS_ALLOWED_ACE*)0)->SidStart);
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
// Get the size of the ACE without the SID
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
ULONG lACEStructSize = sizeof(ACCESS_ALLOWED_ACE) - sizeof(((ACCESS_ALLOWED_ACE*)0)->SidStart);
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
// Get the length of the SID
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
ULONG lSIDSize = GetLengthSid(pSID);
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
// Allocate a buffer for the ACE
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
pbBuffer = (PBYTE)LocalAlloc(LPTR, lACEStructSize + lSIDSize);
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
if (pbBuffer == NULL)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
goto leave;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
// Copy the SID into the ACE
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedSubBlock.gif)
if(!CopySid(lSIDSize, (PSID)(pbBuffer+lSIDOffset), pSID))...{
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
goto leave;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockEnd.gif)
}
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
pReturnACE = (PACE_UNION) pbBuffer;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
pReturnACE->aceHeader.AceSize = (USHORT)(lACEStructSize + lSIDSize);
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
pReturnACE->aceHeader.AceType = (BYTE)bACEType;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
pReturnACE->aceHeader.AceFlags = (BYTE)bACEFlags;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
pReturnACE->aceAllowed.Mask = lAccessMask;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
leave:;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedSubBlock.gif)
}catch(...)...{}
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
// Free the buffer in an error case
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedSubBlock.gif)
if (pbBuffer != (PBYTE)pReturnACE)...{
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
LocalFree(pbBuffer);
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockEnd.gif)
}
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
return (pReturnACE);
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedBlockEnd.gif)
}
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/None.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/None.gif)
ULONG GetACEInsertionIndex(PACL pDACL, PACE_UNION pACENew)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedBlock.gif)
...{
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
ULONG lIndex = (ULONG) -1;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedSubBlock.gif)
try...{
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
// ACE types by ACL order
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedSubBlock.gif)
ULONG lFilterType[] = ...{ ACCESS_DENIED_ACE_TYPE,
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
ACCESS_DENIED_OBJECT_ACE_TYPE,
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
ACCESS_ALLOWED_ACE_TYPE,
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockEnd.gif)
ACCESS_ALLOWED_OBJECT_ACE_TYPE};
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
// Determine which group the new ACE should belong to
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
ULONG lNewAceGroup;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedSubBlock.gif)
for(lNewAceGroup = 0; lNewAceGroup<4 ; lNewAceGroup++)...{
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
if(pACENew->aceHeader.AceType == lFilterType[lNewAceGroup])
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
break;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockEnd.gif)
}
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
// If group == 4, the ACE type is no good
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
if(lNewAceGroup==4)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
goto leave;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
// If new ACE is an inherited ACE, then it goes after other ACEs
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
if((pACENew->aceHeader.AceFlags & INHERITED_ACE) != 0)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
lNewAceGroup+=4;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
// Get ACE count
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
ACL_SIZE_INFORMATION aclSize;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedSubBlock.gif)
if (!GetAclInformation(pDACL, &aclSize, sizeof(aclSize), AclSizeInformation))...{
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
goto leave;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockEnd.gif)
}
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
// Iterate through ACEs
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
lIndex = 0;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedSubBlock.gif)
for(lIndex = 0;lIndex < aclSize.AceCount;lIndex++)...{
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
ACE_HEADER* pACE;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
if(!GetAce(pDACL, lIndex, (PVOID*)&pACE))
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
goto leave;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
// Get the group of the ACL ACE
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
ULONG lAceGroup;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedSubBlock.gif)
for(lAceGroup = 0; lAceGroup<4 ; lAceGroup++)...{
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
if(pACE->AceType == lFilterType[lAceGroup])
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
break;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockEnd.gif)
}
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
// Test for bad ACE
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedSubBlock.gif)
if(lAceGroup==4)...{
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
lIndex = (ULONG) -1;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
goto leave;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockEnd.gif)
}
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
// Inherited adjustment
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
if((pACE->AceFlags & INHERITED_ACE) != 0)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
lAceGroup+=4;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
// If this is the same group, then insertion point found
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
if(lAceGroup>=lNewAceGroup)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
break;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockEnd.gif)
}
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
leave: ;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedSubBlock.gif)
}catch(...)...{
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockEnd.gif)
}
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
return (lIndex);
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedBlockEnd.gif)
}
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/None.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/None.gif)
BOOL IsEqualACE( PACE_UNION pACE1, PACE_UNION pACE2 )
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedBlock.gif)
...{
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
BOOL fReturn = FALSE;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedSubBlock.gif)
try ...{
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
if(pACE1->aceHeader.AceType != pACE2->aceHeader.AceType)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
goto leave;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
// Get the offset of the SID in the ACE
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
ULONG lSIDOffset = (ULONG)((&((ACCESS_ALLOWED_ACE*)0)->SidStart));
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
// Get the size of the ACE without the SID
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
ULONG lACEStructSize = sizeof(ACCESS_ALLOWED_ACE) - sizeof(((ACCESS_ALLOWED_ACE*)0)->SidStart);
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
PBYTE pbACE1 = (PBYTE)pACE1;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
PBYTE pbACE2 = (PBYTE)pACE2;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
fReturn = TRUE;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
while(lACEStructSize--)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
fReturn = (fReturn && ((pbACE1[lACEStructSize] == pbACE2[lACEStructSize])));
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
// Check SIDs
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
fReturn = fReturn && EqualSid((PSID)(pbACE1+lSIDOffset),
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
(PSID)(pbACE2+lSIDOffset));
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
leave:;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedSubBlock.gif)
}catch(...)...{
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockEnd.gif)
}
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
return (fReturn);
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedBlockEnd.gif)
}
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/None.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/None.gif)
int FindACEInACL(PACL pACL, PACE_UNION pACE)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedBlock.gif)
...{
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
int nACEIndex = -1;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedSubBlock.gif)
try...{
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
ACL_SIZE_INFORMATION aclSize;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedSubBlock.gif)
if (!GetAclInformation(pACL, &aclSize, sizeof(aclSize), AclSizeInformation))...{
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
goto leave;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockEnd.gif)
}
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedSubBlock.gif)
while (aclSize.AceCount--)...{
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
PACE_UNION pACETemp;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
if(!GetAce(pACL, aclSize.AceCount, (PVOID *)&pACETemp))
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
goto leave;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedSubBlock.gif)
if(IsEqualACE(pACETemp, pACE))...{
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
nACEIndex = (int)aclSize.AceCount;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
break;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockEnd.gif)
}
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockEnd.gif)
}
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
leave:;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedSubBlock.gif)
}catch(...)...{
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockEnd.gif)
}
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
return (nACEIndex);
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedBlockEnd.gif)
}
在仔细研究了所面对的问题并上网查找了一些资料后,我觉得可以用一种变通的办法来达到同样的效果。那就是:当用户把删除权限设置为拒绝后,我就会检测到,然后再把它改过来。哈哈。不失为一种解决方案。在对Windows安全系统及编程接口完全不熟悉的情况下,我觉得能做到多少就努力做到多少吧。后来老板也很赞同我的想法。从他和我说话的表情和语气。^_^
下面就是我的代码。当然大量参考了Jeffrey Richter先生的宝书《Programming Server-Side Applications for Microsoft Windows 2000》。这是一本很好的书,可惜市面上已经买不到了。自古红颜多薄命,难道好书也像美人一样?幸好,我有英文电子版,可以解一时之急。讲解Win32安全编程机制的书也不多,这是其中的一本。
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/None.gif)
#include "stdafx.h"
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/None.gif)
#include <windows.h>
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/None.gif)
#include <Aclapi.h>
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/None.gif)
#include <AccCtrl.h>
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/None.gif)
#include <Sddl.h>
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/None.gif)
#include <iostream>
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/None.gif)
using namespace std;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/None.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/None.gif)
#define PSIDFromPACE(pACE) ((PSID)(&((pACE)->SidStart)))
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/None.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedBlock.gif)
typedef union _ACE_UNION...{
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
ACE_HEADER aceHeader;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
ACCESS_ALLOWED_ACE aceAllowed;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
ACCESS_DENIED_ACE aceDenied;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
SYSTEM_AUDIT_ACE aceAudit;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedBlockEnd.gif)
}*PACE_UNION;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/None.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/None.gif)
void DumpACL(PACL pACL);
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/None.gif)
DWORD DelAceAndSetACL(PACL pACL, PSID psid, TCHAR *pszBuf);
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/None.gif)
void GrantDeleteRight(TCHAR *pszBuf, PSID psid, PACL pOldDACL, PACL *pNewDACL);
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/None.gif)
ULONG CalculateACLSize(PACL pACLOld, PSID* ppSidArray, int nNumSids, PACE_UNION* ppACEs, int nNumACEs);
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/None.gif)
PACE_UNION AllocateACE(ULONG bACEType, ULONG bACEFlags, ULONG lAccessMask, PSID pSID);
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/None.gif)
ULONG GetACEInsertionIndex(PACL pDACL, PACE_UNION pACENew);
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/None.gif)
BOOL CopyACL( PACL pACLDestination, PACL pACLSource );
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/None.gif)
int FindACEInACL( PACL pACL, PACE_UNION pACE );
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/None.gif)
BOOL IsEqualACE( PACE_UNION pACE1, PACE_UNION pACE2 );
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/None.gif)
LPVOID AllocateTokenInformation(HANDLE hToken, TOKEN_INFORMATION_CLASS tokenClass);
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/None.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedBlock.gif)
struct...{
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
BYTE lACEType;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
PTSTR pszTypeName;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedBlock.gif)
}aceTypes[6] = ...{
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedSubBlock.gif)
...{ACCESS_ALLOWED_ACE_TYPE, TEXT("ACCESS_ALLOWED_ACE_TYPE")},
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedSubBlock.gif)
...{ACCESS_DENIED_ACE_TYPE, TEXT("ACCESS_DENIED_ACE_TYPE")},
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedSubBlock.gif)
...{SYSTEM_AUDIT_ACE_TYPE, TEXT("SYSTEM_AUDIT_ACE_TYPE")},
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedSubBlock.gif)
...{ACCESS_ALLOWED_OBJECT_ACE_TYPE, TEXT("ACCESS_ALLOWED_OBJECT_ACE_TYPE")},
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedSubBlock.gif)
...{ACCESS_DENIED_OBJECT_ACE_TYPE, TEXT("ACCESS_DENIED_OBJECT_ACE_TYPE")},
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedSubBlock.gif)
...{SYSTEM_AUDIT_OBJECT_ACE_TYPE, TEXT("SYSTEM_AUDIT_OBJECT_ACE_TYPE")}};
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/None.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedBlock.gif)
struct...{
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
ULONG lACEFlag;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
PTSTR pszFlagName;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedBlock.gif)
}aceFlags[7] = ...{
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedSubBlock.gif)
...{INHERITED_ACE, TEXT("INHERITED_ACE")},
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedSubBlock.gif)
...{CONTAINER_INHERIT_ACE, TEXT("CONTAINER_INHERIT_ACE")},
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedSubBlock.gif)
...{OBJECT_INHERIT_ACE, TEXT("OBJECT_INHERIT_ACE")},
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedSubBlock.gif)
...{INHERIT_ONLY_ACE, TEXT("INHERIT_ONLY_ACE")},
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedSubBlock.gif)
...{NO_PROPAGATE_INHERIT_ACE, TEXT("NO_PROPAGATE_INHERIT_ACE")},
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedSubBlock.gif)
...{FAILED_ACCESS_ACE_FLAG, TEXT("FAILED_ACCESS_ACE_FLAG")},
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedSubBlock.gif)
...{SUCCESSFUL_ACCESS_ACE_FLAG, TEXT("SUCCESSFUL_ACCESS_ACE_FLAG")}};
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/None.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/None.gif)
int _tmain(int argc, _TCHAR* argv[])
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedBlock.gif)
...{
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
SECURITY_ATTRIBUTES sa;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
SECURITY_DESCRIPTOR sd;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
PSID psid = NULL;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
// 获得当前用户的SID和默认的DACL。
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
HANDLE hToken;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedSubBlock.gif)
if (!OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, &hToken))...{
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
// Error
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
_tprintf(_T("OpenProcessToken Failed."));
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
return 1;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockEnd.gif)
}
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
TOKEN_USER* ptUser = (TOKEN_USER*)AllocateTokenInformation(hToken, TokenUser);
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedSubBlock.gif)
if (ptUser != NULL)...{
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
psid = ptUser->User.Sid;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockEnd.gif)
}
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
TOKEN_DEFAULT_DACL* ptDACL = (TOKEN_DEFAULT_DACL*)AllocateTokenInformation(hToken, TokenDefaultDacl);
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedSubBlock.gif)
if (ptDACL != NULL)...{
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
DumpACL(ptDACL->DefaultDacl);
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockEnd.gif)
}
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
// 初始化sd。使用当前用户的默认DACL。
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
InitializeSecurityDescriptor(&sd, SECURITY_DESCRIPTOR_REVISION);
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
SetSecurityDescriptorDacl(&sd, TRUE, ptDACL->DefaultDacl, FALSE);
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
// 初始化sa。
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
sa.nLength= sizeof(SECURITY_ATTRIBUTES);
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
sa.bInheritHandle = FALSE;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
sa.lpSecurityDescriptor = &sd;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
// 创建一个指定文件夹名和具有上面安全属性的文件夹。
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
TCHAR szPathBuf[MAX_PATH];
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
_tprintf(_T("Input the directory: "));
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
_tscanf(_T("%s"), szPathBuf);
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
CreateDirectory(szPathBuf, &sa);
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
DWORD dwRes = 0;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
PACL pOldDACL = NULL, pNewDACL = NULL;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
PSECURITY_DESCRIPTOR pSD = NULL;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
// Get a pointer to the existing DACL.
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
dwRes = GetNamedSecurityInfo(szPathBuf, SE_FILE_OBJECT, DACL_SECURITY_INFORMATION, NULL, NULL, &pOldDACL, NULL, &pSD);
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedSubBlock.gif)
if (ERROR_SUCCESS != dwRes) ...{
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
_tprintf(_T("GetNamedSecurityInfo Error %u "), dwRes);
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
return 1;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockEnd.gif)
}
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
DumpACL(pOldDACL);
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedSubBlock.gif)
if (DelAceAndSetACL(pOldDACL, psid, szPathBuf) == ERROR_SUCCESS) ...{
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
GrantDeleteRight(szPathBuf, psid, pOldDACL, &pNewDACL);
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
DumpACL(pNewDACL);
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockEnd.gif)
}
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedSubBlock.gif)
else ...{
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
GrantDeleteRight(szPathBuf, psid, pOldDACL, &pNewDACL);
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
DumpACL(pNewDACL);
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockEnd.gif)
}
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
LocalFree(pSD);
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
return 0;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedBlockEnd.gif)
}
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/None.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/None.gif)
DWORD DelAceAndSetACL(PACL pACL, PSID psid, TCHAR *pszBuf)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedBlock.gif)
...{
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
DWORD dwRes = -1;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedSubBlock.gif)
__try ...{
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedSubBlock.gif)
ACL_SIZE_INFORMATION aclSize = ...{0};
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
if (!GetAclInformation(pACL, &aclSize, sizeof(aclSize), AclSizeInformation))
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
__leave;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedSubBlock.gif)
for (ULONG lIndex = 0; lIndex < aclSize.AceCount; lIndex++) ...{
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
ACCESS_ALLOWED_ACE* pACE;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
if (!GetAce(pACL, lIndex, (PVOID*)&pACE))
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
__leave;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
bool flag16 = false, flag26 = false;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
int cnt = 0;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
ULONG lIndex2 = (ULONG)1<<31;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedSubBlock.gif)
while (lIndex2) ...{
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
++cnt;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedSubBlock.gif)
if (cnt == 16 && ((pACE->Mask & lIndex2) != 0)) ...{
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
flag16 = true;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockEnd.gif)
}
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedSubBlock.gif)
if (cnt == 26 && ((pACE->Mask & lIndex2) != 0)) ...{
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
flag26 = true;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockEnd.gif)
}
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
lIndex2 >>= 1;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
if (flag16 || flag26)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
break;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockEnd.gif)
}
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedSubBlock.gif)
if ((flag16 || flag26) && pACE->Header.AceType == ACCESS_DENIED_ACE_TYPE) ...{
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
::DeleteAce(pACL, lIndex);
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
--lIndex;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
--aclSize.AceCount;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
dwRes = SetNamedSecurityInfo(pszBuf, SE_FILE_OBJECT,
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
DACL_SECURITY_INFORMATION | OWNER_SECURITY_INFORMATION,
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
psid, NULL, pACL, NULL);
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
if (ERROR_SUCCESS != dwRes)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
printf("SetNamedSecurityInfo Error %u ", dwRes);
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
flag16 = flag26 = false;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockEnd.gif)
}
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockEnd.gif)
}
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedSubBlock.gif)
}__finally ...{}
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
return dwRes;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedBlockEnd.gif)
}
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/None.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/None.gif)
void GrantDeleteRight(TCHAR *pszBuf, PSID psid, PACL pOldDACL, PACL *pNewDACL)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedBlock.gif)
...{
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
PSID psidArray[1];
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
psidArray[0] = psid;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
// Get the size of the new ACL
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
ULONG lACLSize = CalculateACLSize(pOldDACL, psidArray, 1, NULL, 1);
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedSubBlock.gif)
if (lACLSize == 0)...{
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
// Error
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockEnd.gif)
}
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
// Allocate memory for the ACL
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
*pNewDACL = (PACL)HeapAlloc(GetProcessHeap(), 0, lACLSize);
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedSubBlock.gif)
if (pNewDACL == NULL) ...{
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
// Error
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockEnd.gif)
}
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
// Initialize the ACL
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedSubBlock.gif)
if (!InitializeAcl(*pNewDACL, lACLSize, ACL_REVISION))...{
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
// Error
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockEnd.gif)
}
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
PACE_UNION pNewACE = AllocateACE(
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
ACCESS_ALLOWED_ACE_TYPE,
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
NULL,
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
GENERIC_ALL | FILE_DELETE_CHILD | DELETE,
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
psid
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
);
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
// 如果ACL中有相同的ACE则返回。
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
if (FindACEInACL(*pNewDACL, pNewACE) != -1)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
return;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
CopyACL(*pNewDACL, pOldDACL);
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
// Get location for new ACE
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
ULONG lIndex = GetACEInsertionIndex(*pNewDACL, pNewACE);
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
// Add the new ACE
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
if (!AddAce(*pNewDACL, ACL_REVISION, lIndex, pNewACE, pNewACE->aceHeader.AceSize))
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
printf("Error!");
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
DWORD dwRes = SetNamedSecurityInfo(pszBuf, SE_FILE_OBJECT,
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
DACL_SECURITY_INFORMATION | OWNER_SECURITY_INFORMATION,
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
psid, NULL, *pNewDACL, NULL);
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
if (ERROR_SUCCESS != dwRes)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
printf("SetNamedSecurityInfo Error %u ", dwRes);
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedBlockEnd.gif)
}
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/None.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedBlock.gif)
void DumpACL(PACL pACL)...{
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedSubBlock.gif)
__try...{
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedSubBlock.gif)
if (pACL == NULL)...{
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
_tprintf(TEXT("NULL DACL "));
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
__leave;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockEnd.gif)
}
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedSubBlock.gif)
ACL_SIZE_INFORMATION aclSize = ...{0};
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
if (!GetAclInformation(pACL, &aclSize, sizeof(aclSize), AclSizeInformation))
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
__leave;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
_tprintf(TEXT("ACL ACE count: %d "), aclSize.AceCount);
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedSubBlock.gif)
for (ULONG lIndex = 0;lIndex < aclSize.AceCount;lIndex++)...{
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
ACCESS_ALLOWED_ACE* pACE;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
if (!GetAce(pACL, lIndex, (PVOID*)&pACE))
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
__leave;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
_tprintf(TEXT(" ACE #%d "), lIndex);
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
ULONG lIndex2 = 6;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
PTSTR pszString = TEXT("Unknown ACE Type");
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedSubBlock.gif)
while (lIndex2--)...{
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedSubBlock.gif)
if(pACE->Header.AceType == aceTypes[lIndex2].lACEType) ...{
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
pszString = aceTypes[lIndex2].pszTypeName;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockEnd.gif)
}
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockEnd.gif)
}
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
_tprintf(TEXT(" ACE Type = %s "), pszString);
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
_tprintf(TEXT(" ACE Flags = "));
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
lIndex2 = 7;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedSubBlock.gif)
while (lIndex2--) ...{
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
if ((pACE->Header.AceFlags & aceFlags[lIndex2].lACEFlag)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
!= 0)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
_tprintf(TEXT(" %s "),
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
aceFlags[lIndex2].pszFlagName);
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockEnd.gif)
}
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
_tprintf(TEXT(" ACE Mask (32->0) = "));
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
lIndex2 = (ULONG)1<<31;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedSubBlock.gif)
while (lIndex2) ...{
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
_tprintf(((pACE->Mask & lIndex2) != 0)?TEXT("1"):TEXT("0"));
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
lIndex2>>=1;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockEnd.gif)
}
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
TCHAR szName[1024];
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
TCHAR szDom[1024];
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
PSID pSID = PSIDFromPACE(pACE);
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
SID_NAME_USE sidUse;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
ULONG lLen1 = 1024, lLen2 = 1024;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
if (!LookupAccountSid(NULL, pSID, szName, &lLen1, szDom, &lLen2, &sidUse))
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
lstrcpy(szName, TEXT("Unknown"));
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
PTSTR pszSID;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
if (!ConvertSidToStringSid(pSID, &pszSID))
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
__leave;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
_tprintf(TEXT(" ACE SID = %s (%s) "), pszSID, szName);
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
LocalFree(pszSID);
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockEnd.gif)
}
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedSubBlock.gif)
}__finally...{}
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedBlockEnd.gif)
}
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/None.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/None.gif)
LPVOID AllocateTokenInformation(HANDLE hToken, TOKEN_INFORMATION_CLASS tokenClass)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedBlock.gif)
...{
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
PVOID pvBuffer = NULL;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedSubBlock.gif)
__try...{
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
BOOL fSuccess;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
// Initial buffer size
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
ULONG lSize = 0 ;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
do
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedSubBlock.gif)
...{
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
// Do we have a size yet?
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
if (lSize != 0)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedSubBlock.gif)
...{
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
// Do we already have a buffer?
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
if (pvBuffer != NULL)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
LocalFree(pvBuffer);// Then free it
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
// Allocate a new buffer
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
pvBuffer = LocalAlloc(LPTR, lSize) ;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
if(pvBuffer == NULL)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
__leave;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockEnd.gif)
}
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
// Try again
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
fSuccess = GetTokenInformation( hToken, tokenClass,
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
pvBuffer, lSize, &lSize ) ;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
// Still not enough buffer?
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockEnd.gif)
}while( !fSuccess && (GetLastError() ==
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
ERROR_INSUFFICIENT_BUFFER)) ;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
// If we failed for some other reason, back out
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
if(!fSuccess)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedSubBlock.gif)
...{
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
if(pvBuffer)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
LocalFree(pvBuffer) ;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
pvBuffer = NULL;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockEnd.gif)
}
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedSubBlock.gif)
}__finally...{}
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
// Return locally allocated buffer
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
return (pvBuffer) ;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedBlockEnd.gif)
}
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/None.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/None.gif)
ULONG CalculateACLSize(PACL pACLOld, PSID* ppSidArray, int nNumSids, PACE_UNION* ppACEs, int nNumACEs)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedBlock.gif)
...{
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
ULONG lACLSize = 0;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedSubBlock.gif)
try...{
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
// If we are including an existing ACL, then find its size
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedSubBlock.gif)
if (pACLOld != NULL)...{
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
ACL_SIZE_INFORMATION aclSize;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedSubBlock.gif)
if(!GetAclInformation(pACLOld, &aclSize, sizeof(aclSize), AclSizeInformation))...{
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
goto leave;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockEnd.gif)
}
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
lACLSize = aclSize.AclBytesInUse;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockEnd.gif)
}
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedSubBlock.gif)
if (ppSidArray != NULL)...{
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
// Step through each SID
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedSubBlock.gif)
while (nNumSids--)...{
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
// If a SID isn't valid, then we bail
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedSubBlock.gif)
if (!IsValidSid(ppSidArray[nNumSids]))...{
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
lACLSize = 0;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
goto leave;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockEnd.gif)
}
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
// Get the SID's length
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
lACLSize += GetLengthSid(ppSidArray[nNumSids]);
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
// Add the ACE structure size, minus the
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
// size of the SidStart member
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
lACLSize += sizeof(ACCESS_ALLOWED_ACE) - sizeof(((ACCESS_ALLOWED_ACE*)0)->SidStart);
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockEnd.gif)
}
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockEnd.gif)
}
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedSubBlock.gif)
if (ppACEs != NULL)...{
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
// Step through each ACE
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedSubBlock.gif)
while (nNumACEs--)...{
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
// Get the SIDs length
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
lACLSize += ppACEs[nNumACEs]->aceHeader.AceSize;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockEnd.gif)
}
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockEnd.gif)
}
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
// Add in the ACL structure itself
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
lACLSize += sizeof(ACL);
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
leave:;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedSubBlock.gif)
}catch(...)...{
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
// An exception means we fail the function
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
lACLSize = 0;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockEnd.gif)
}
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
return (lACLSize);
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedBlockEnd.gif)
}
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/None.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/None.gif)
BOOL CopyACL( PACL pACLDestination, PACL pACLSource )
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedBlock.gif)
...{
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
BOOL fReturn = FALSE;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedSubBlock.gif)
try ...{
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
// Get the number of ACEs in the source ACL
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
ACL_SIZE_INFORMATION aclSize;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedSubBlock.gif)
if (!GetAclInformation(pACLSource, &aclSize, sizeof(aclSize), AclSizeInformation))...{
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
goto leave;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockEnd.gif)
}
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
// Use GetAce and AddAce to copy the ACEs
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedSubBlock.gif)
for(ULONG lIndex=0;lIndex < aclSize.AceCount;lIndex++)...{
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
ACE_HEADER* pACE;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
if(!GetAce(pACLSource, lIndex, (PVOID*)&pACE))
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
goto leave;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
if(!AddAce(pACLDestination, ACL_REVISION, MAXDWORD,
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
(PVOID*)pACE, pACE->AceSize))
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
goto leave;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockEnd.gif)
}
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
fReturn = TRUE;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
leave:;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedSubBlock.gif)
}catch(...)...{
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockEnd.gif)
}
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
return (fReturn);
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedBlockEnd.gif)
}
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/None.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/None.gif)
PACE_UNION AllocateACE(ULONG bACEType, ULONG bACEFlags, ULONG lAccessMask, PSID pSID)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedBlock.gif)
...{
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
PACE_UNION pReturnACE = NULL;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
PBYTE pbBuffer = NULL;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedSubBlock.gif)
try...{
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
// Get the offset of the SID in the ACE
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
ULONG lSIDOffset = (ULONG)(&((ACCESS_ALLOWED_ACE*)0)->SidStart);
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
// Get the size of the ACE without the SID
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
ULONG lACEStructSize = sizeof(ACCESS_ALLOWED_ACE) - sizeof(((ACCESS_ALLOWED_ACE*)0)->SidStart);
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
// Get the length of the SID
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
ULONG lSIDSize = GetLengthSid(pSID);
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
// Allocate a buffer for the ACE
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
pbBuffer = (PBYTE)LocalAlloc(LPTR, lACEStructSize + lSIDSize);
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
if (pbBuffer == NULL)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
goto leave;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
// Copy the SID into the ACE
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedSubBlock.gif)
if(!CopySid(lSIDSize, (PSID)(pbBuffer+lSIDOffset), pSID))...{
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
goto leave;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockEnd.gif)
}
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
pReturnACE = (PACE_UNION) pbBuffer;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
pReturnACE->aceHeader.AceSize = (USHORT)(lACEStructSize + lSIDSize);
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
pReturnACE->aceHeader.AceType = (BYTE)bACEType;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
pReturnACE->aceHeader.AceFlags = (BYTE)bACEFlags;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
pReturnACE->aceAllowed.Mask = lAccessMask;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
leave:;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedSubBlock.gif)
}catch(...)...{}
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
// Free the buffer in an error case
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedSubBlock.gif)
if (pbBuffer != (PBYTE)pReturnACE)...{
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
LocalFree(pbBuffer);
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockEnd.gif)
}
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
return (pReturnACE);
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedBlockEnd.gif)
}
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/None.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/None.gif)
ULONG GetACEInsertionIndex(PACL pDACL, PACE_UNION pACENew)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedBlock.gif)
...{
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
ULONG lIndex = (ULONG) -1;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedSubBlock.gif)
try...{
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
// ACE types by ACL order
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedSubBlock.gif)
ULONG lFilterType[] = ...{ ACCESS_DENIED_ACE_TYPE,
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
ACCESS_DENIED_OBJECT_ACE_TYPE,
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
ACCESS_ALLOWED_ACE_TYPE,
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockEnd.gif)
ACCESS_ALLOWED_OBJECT_ACE_TYPE};
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
// Determine which group the new ACE should belong to
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
ULONG lNewAceGroup;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedSubBlock.gif)
for(lNewAceGroup = 0; lNewAceGroup<4 ; lNewAceGroup++)...{
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
if(pACENew->aceHeader.AceType == lFilterType[lNewAceGroup])
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
break;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockEnd.gif)
}
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
// If group == 4, the ACE type is no good
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
if(lNewAceGroup==4)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
goto leave;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
// If new ACE is an inherited ACE, then it goes after other ACEs
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
if((pACENew->aceHeader.AceFlags & INHERITED_ACE) != 0)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
lNewAceGroup+=4;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
// Get ACE count
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
ACL_SIZE_INFORMATION aclSize;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedSubBlock.gif)
if (!GetAclInformation(pDACL, &aclSize, sizeof(aclSize), AclSizeInformation))...{
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
goto leave;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockEnd.gif)
}
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
// Iterate through ACEs
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
lIndex = 0;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedSubBlock.gif)
for(lIndex = 0;lIndex < aclSize.AceCount;lIndex++)...{
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
ACE_HEADER* pACE;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
if(!GetAce(pDACL, lIndex, (PVOID*)&pACE))
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
goto leave;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
// Get the group of the ACL ACE
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
ULONG lAceGroup;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedSubBlock.gif)
for(lAceGroup = 0; lAceGroup<4 ; lAceGroup++)...{
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
if(pACE->AceType == lFilterType[lAceGroup])
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
break;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockEnd.gif)
}
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
// Test for bad ACE
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedSubBlock.gif)
if(lAceGroup==4)...{
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
lIndex = (ULONG) -1;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
goto leave;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockEnd.gif)
}
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
// Inherited adjustment
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
if((pACE->AceFlags & INHERITED_ACE) != 0)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
lAceGroup+=4;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
// If this is the same group, then insertion point found
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
if(lAceGroup>=lNewAceGroup)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
break;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockEnd.gif)
}
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
leave: ;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedSubBlock.gif)
}catch(...)...{
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockEnd.gif)
}
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
return (lIndex);
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedBlockEnd.gif)
}
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/None.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/None.gif)
BOOL IsEqualACE( PACE_UNION pACE1, PACE_UNION pACE2 )
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedBlock.gif)
...{
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
BOOL fReturn = FALSE;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedSubBlock.gif)
try ...{
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
if(pACE1->aceHeader.AceType != pACE2->aceHeader.AceType)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
goto leave;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
// Get the offset of the SID in the ACE
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
ULONG lSIDOffset = (ULONG)((&((ACCESS_ALLOWED_ACE*)0)->SidStart));
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
// Get the size of the ACE without the SID
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
ULONG lACEStructSize = sizeof(ACCESS_ALLOWED_ACE) - sizeof(((ACCESS_ALLOWED_ACE*)0)->SidStart);
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
PBYTE pbACE1 = (PBYTE)pACE1;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
PBYTE pbACE2 = (PBYTE)pACE2;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
fReturn = TRUE;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
while(lACEStructSize--)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
fReturn = (fReturn && ((pbACE1[lACEStructSize] == pbACE2[lACEStructSize])));
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
// Check SIDs
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
fReturn = fReturn && EqualSid((PSID)(pbACE1+lSIDOffset),
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
(PSID)(pbACE2+lSIDOffset));
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
leave:;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedSubBlock.gif)
}catch(...)...{
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockEnd.gif)
}
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
return (fReturn);
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedBlockEnd.gif)
}
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/None.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/None.gif)
int FindACEInACL(PACL pACL, PACE_UNION pACE)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedBlock.gif)
...{
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
int nACEIndex = -1;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedSubBlock.gif)
try...{
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
ACL_SIZE_INFORMATION aclSize;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedSubBlock.gif)
if (!GetAclInformation(pACL, &aclSize, sizeof(aclSize), AclSizeInformation))...{
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
goto leave;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockEnd.gif)
}
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedSubBlock.gif)
while (aclSize.AceCount--)...{
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
PACE_UNION pACETemp;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
if(!GetAce(pACL, aclSize.AceCount, (PVOID *)&pACETemp))
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
goto leave;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedSubBlock.gif)
if(IsEqualACE(pACETemp, pACE))...{
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
nACEIndex = (int)aclSize.AceCount;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
break;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockEnd.gif)
}
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockEnd.gif)
}
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
leave:;
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ContractedSubBlock.gif)
}catch(...)...{
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedSubBlockEnd.gif)
}
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/InBlock.gif)
return (nACEIndex);
![](http://images.csdn.net/syntaxhighlighting/OutliningIndicators/ExpandedBlockEnd.gif)
}
相关文章推荐
- php的mkdir()函数创建文件夹比较安全的权限设置方法
- 设置文件夹的安全权限
- php的mkdir()函数创建文件夹比较安全的权限设置方法
- apache在windows2003下的安全设置(配合文件夹权限目录,很好很安全)
- 如何设置文件夹安全权限
- 用Win32 API设置windows XP中FAT32文件夹共享的读写权限
- 用Win32 API设置windows XP中FAT32文件夹共享的读写权限(二)
- Windows Server 2008 R2 WEB 服务器安全设置指南(三)之文件夹权限设置
- 如何设置文件夹安全权限
- apache在win2003下的安全设置(配合文件夹权限目录,很好很安全)
- 用Win32 API设置windows XP中FAT32文件夹共享的读写权限(一)
- Win2008 R2 WEB 服务器安全设置指南之文件夹权限设置技巧
- 【转帖】用Win32 API设置windows XP中FAT32文件夹共享的读写权限
- apache在windows2003下的安全设置(配合文件夹权限目录,很好很安全)
- win2003文件夹权限设置脚本代码
- .Net下修改文件夹或文件的ACL安全权限
- 设置 Linux 文件和文件夹权限的方法
- Windows Server2003 防木马权限设置IIS服务器安全配置
- iis权限设置,保证服务器安全
- IIS安全权限设置