?
Solved

SetFileSecurity

Posted on 1999-07-09
16
Medium Priority
?
1,356 Views
Last Modified: 2008-03-17
Can somebody give me an example for SetFileSecurity
and GetFileSecurity procedures for WIN NT 4.0?
I mean source.

Cheers
0
Comment
Question by:desno
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
  • 3
  • +2
16 Comments
 
LVL 10

Expert Comment

by:viktornet
ID: 1387437
try out this C code...

http://wino.physik.uni-mainz.de/~frink/chown/chown.c

..-=ViKtOr=-..
0
 
LVL 13

Expert Comment

by:Epsylon
ID: 1387439
Vik, this is the Delphi Area  ;o)
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
LVL 10

Expert Comment

by:viktornet
ID: 1387440
I know it is... In fact C sources contain the most useful info of all times... lots of low level techniques and stuff... Why did you think I posted it??
0
 

Author Comment

by:desno
ID: 1387441
Sorry, but I need Delphi code. I am bad at C
0
 
LVL 17

Expert Comment

by:inthe
ID: 1387442
http://members.xoom.com/sergei19/ntset.htm
has a filesecurity components and a registry security components that may help.

i also post this unit here that contains setfilesecurity and getfilesecurity if you wish to pull out the functions that you need instead of installing a component:

unit NTAddFileSecurity;

interface

uses
  NTDecls, NTSecurityDecls, Messages, SysUtils, Classes, Graphics, Controls, Forms, Dialogs;

type
  TNTAddFileSecurity = class(TComponent)
  private
    { Private declarations }
    FUserID:String;
    FDomainName:String;
    FFileName:String;
    FAccessMask:DWORD;
    function GetUserID:String;
    function GetFileName:String;
    function GetAccessMask:DWORD;
    procedure SetUserID(TheValue:String);
    procedure SetFileName(TheValue:String);
    procedure SetAccessMask(TheValue:DWORD);
  protected
    { Protected declarations }
  public
    { Public declarations }
  published
    { Published declarations }
    property UserID:String read GetUserID write SetUserID;
    property FileName:String read GetFileName write SetFileName;
    property AccessMask:DWORD read GetAccessMask write SetAccessMask;
    function Execute:Integer;
  end;

procedure Register;

implementation

const SD_SIZE = (65536 + SECURITY_DESCRIPTOR_MIN_LENGTH);

Type ACL_SIZE_INFORMATION=record
    AceCount:DWORD;
    AclBytesInUse:DWORD;
    AclBytesFree:DWORD;
End;

Type ACE_HEADER=record
    AceType:Byte;
    AceFlags:Byte;
    AceSize:Word;
End;

Type ACCESS_ALLOWED_ACE=record
    Header:ACE_HEADER;
    Mask:ACCESS_MASK;
    SidStart:DWORD;
End;

function TNTAddFileSecurity.GetUserID:String;
begin
     Result:=FUserID;
end;

function TNTAddFileSecurity.GetFileName:String;
begin
     Result:=FFileName;
end;

function TNTAddFileSecurity.GetAccessMask:DWORD;
begin
     Result:=FAccessMask;
end;

procedure TNTAddFileSecurity.SetUserID(TheValue:String);
begin
     FUserID:=TheValue;
end;

procedure TNTAddFileSecurity.SetFileName(TheValue:String);
begin
     FFileName:=TheValue;
end;

procedure TNTAddFileSecurity.SetAccessMask(TheValue:DWORD);
begin
     FAccessMask:=TheValue;
end;

function TNTAddFileSecurity.Execute:Integer;
var
   // SID variables
   psnuType:SID_NAME_USE;
   lpszDomain:Array[0..2048] Of Char;
   UserSID:Array[0..1024] Of Char;
   dwDomainLength:DWORD;
   dwSIDBuffSize:DWORD;
   // User name variables
   lpszUserName:Array[0..250] Of Char;
   dwUserNameLength:DWORD;
   // File SD variables
   ucSDbuf:Array[0..SD_SIZE] Of Byte;
   pFileSD:PSECURITY_DESCRIPTOR;
   dwSDLengthNeeded:DWORD;
   // ACL variables
   p_ACL:PACL;
   bDaclPresent,bDaclDefaulted:Boolean;
   AclInfo:ACL_SIZE_INFORMATION;
   // New ACL variables
   pNewACL:PACL;
   dwNewACLSize:DWORD;
   // New SD variables
   NewSD:Array[0..SECURITY_DESCRIPTOR_MIN_LENGTH] Of Byte;
   psdNewSD:PSECURITY_DESCRIPTOR;
   // Temporary ACE
   pTempAce:Pointer;
   CurrentAceIndex:Integer;
   // Temporary File And Access Mask
   pFileName:Array[0..250] Of Char;
   dwACCESSMASK:Dword;
begin
   dwUserNameLength:=250;
   dwDomainLength:=250;
   dwSIDBuffSize:=1024;
   StrPCopy(pFileName,FFileName);
   StrPCopy(lpszUserName,FUserID);
   dwACCESSMASK:=FAccessMask;

   // Get SID for current user
   If Not LookupAccountName(nil,lpszUserName,@UserSID,dwSIDBuffSize,lpszDomain,dwDomainLength,psnuType) Then
   Begin
        Result:=1;
        Exit;
   End;

   // Get security descriptor (SD) for file
   If Not GetFileSecurity(pFileName,SECURITY_INFORMATION(DACL_SECURITY_INFORMATION),pFileSD,SD_SIZE,dwSDLengthNeeded) Then
   Begin
      Result:=2;
      Exit;
   End;

   // Initialize new SD
   If Not InitializeSecurityDescriptor(psdNewSD,SECURITY_DESCRIPTOR_REVISION) Then
   Begin
      Result:=3;
      Exit;
   End;

   // Get DACL from SD
   If GetSecurityDescriptorDacl(@pFileSD,bDaclPresent,@p_ACL,bDaclDefaulted)=False Then
   Begin
        Result:=4;
        Exit;
   End;

   // Get file ACL size information
   If GetAclInformation(@p_ACL,@AclInfo,SizeOf(ACL_SIZE_INFORMATION),AclSizeInformation)=False Then
   Begin
      Result:=5;
      Exit;
   End;

   // Compute size needed for the new ACL
   dwNewACLSize:=AclInfo.AclBytesInUse + SizeOf(ACCESS_ALLOWED_ACE) + GetLengthSid(@UserSID) - SizeOf(DWORD);

   // Allocate memory for new ACL
   pNewACL:=PACL(LocalAlloc(LPTR, dwNewACLSize));

   // Initialize the new ACL
   // 1 must be ACL_REVISION
   If Not InitializeAcl(pNewACL, dwNewACLSize, 1) Then
   Begin
      LocalFree(HLOCAL(pNewACL));
      Result:=6;
      Exit;
   End;

   // If DACL is present, copy it to a new DACL
   If bDaclPresent Then
   Begin
        // Copy the file's ACEs to our new ACL
        If AclInfo.AceCount>0 Then
        Begin
             For CurrentAceIndex:=0 To AclInfo.AceCount-1 Do
             Begin
                  // Get an ACE
                  pTempAce:=p_ACL;       /// ???????????/
                  If Not GetAce(p_ACL,CurrentAceIndex,@pTempAce) Then
                  Begin
                       LocalFree(HLOCAL(pNewACL));
                       Result:=7;
                       Exit;
                  End;
                  // Add the ACE to the new ACL
                  If Not AddAce(pNewACL,ACL_REVISION,MAXDWORD,pTempAce,SizeOf(pTempAce)) Then
                  Begin
                       LocalFree(HLOCAL(pNewACL));
                       Result:=8;
                       Exit;
                  End;
             End;
        End;
   End;

   // Add the access-allowed ACE to the new DACL
   If Not AddAccessAllowedAce(pNewACL,ACL_REVISION,dwAccessMask, @UserSID)  Then
   Begin
        LocalFree(HLOCAL(pNewACL));
        Result:=9;
        Exit;
   End;

   // Set our new DACL to the file SD
   If Not SetSecurityDescriptorDacl(psdNewSD,TRUE,pNewACL,FALSE) Then
   Begin
        LocalFree(HLOCAL(pNewACL));
        Result:=10;
        Exit;
   End;

   // Set the SD to the File
   If Not SetFileSecurity(pFileName, DACL_SECURITY_INFORMATION,psdNewSD) Then
   Begin
        LocalFree(HLOCAL(pNewACL));
        Result:=11;
        Exit;
   End;

   // Free the memory allocated for the new ACL
   LocalFree(HLOCAL(pNewACL));
   Result:=0;
end;

procedure Register;
begin
  RegisterComponents('NT Tools - Additional', [TNTAddFileSecurity]);
end;

end.

Regards Barry
0
 

Author Comment

by:desno
ID: 1387443
I compile your unit but there are too much errors and
 uses NTDecls, NTSecurityDecls ???????????
Where are NTDecls, NTSecurityDecls .dcl ??????

Cheers
0
 
LVL 13

Expert Comment

by:Epsylon
ID: 1387444
I think you didn't install the components.....
0
 

Author Comment

by:desno
ID: 1387445
I tried to do something but I got too many error messages:

B := GetFileSecurity(PChar(Filename.Text),DACL_Security_Information,@SD,SizeOf(SD),I);

[Error] MainForm.pas(88): Types of actual and formal var parameters must be identical
[Error] MainForm.pas(108): Types of actual and formal var parameters must be identical
[Fatal Error] NTSecurity.dpr(5): Could not compile used unit 'MainForm.pas'

Can you help me inthe????

I cannot download those components
but this will be ok, just help me with this.........
0
 
LVL 13

Expert Comment

by:Epsylon
ID: 1387446
Desno, that line is ok but the variable I but be defined as 'Cardinal'.

  var I: Cardinal;
0
 
LVL 13

Expert Comment

by:Epsylon
ID: 1387447
Again but now without any typo    :o)

Desno, that line is ok but the variable I must be defined as 'Cardinal'.

  var I: Cardinal;


Cheers,

Epsylon.
0
 
LVL 17

Expert Comment

by:inthe
ID: 1387448
your question:
>>Can somebody give me an example for SetFileSecurity
>>and GetFileSecurity procedures for WIN NT 4.0?
>>I mean source


you dont have NTDecls, NTSecurityDecls ,these are extra components that came with a set of nt components i have.
if you want them let me know the zip file is 185kb and contains about 40 componnets for nt only.
i merely pasted the example of that component because it contains examples of what you wanted and asked for.
ive also gave a web site with other component which does basically the same thing.
i had enough trouble installing the components with NTDecls and NTSecurityDecls so i dunno how your supposed to install without them ;-)
what have you declared i as?
dword,cradinal ?
what version of delphi do you use?

Regards Barry

0
 

Author Comment

by:desno
ID: 1387449
I declared it as Integer, but now I declared it as cardinal,
and it's working now. And I really need that set of NT componets, my email: zeko@cg.yu, And post me an answer.
I'll give your point, (deserved) .

(but send me first that components  :))

Cheers,
0
 
LVL 17

Accepted Solution

by:
inthe earned 680 total points
ID: 1387450
ok i have sent  and it is 477kb
.
i cant install all the components as i get "a device attached to the system is not functioning error"
maybe your system will be ok,i dunno
i managaed to get around some of them b installing each component seperate in a package of it own,the rest of components i just use the source ,if it contains a function i need.
im going to ask a seperate question on that error you may want to follow it if you get that error.
Regards Barry
0
 

Author Comment

by:desno
ID: 1387451
Thanks
0
 
LVL 4

Expert Comment

by:Radler
ID: 1387452
Hi inthe;

In the past I tried implement some features like this.
All work fine except to directories, where I can't assign the users rigths corretly.
Do you can help me, send me your answer to teste@ars.com.br?

Thanks in advance,

T++, Radler.
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Hello everybody This Article will show you how to validate number with TEdit control, What's the TEdit control? TEdit is a standard Windows edit control on a form, it allows to user to write, read and copy/paste single line of text. Usua…
Introduction I have seen many questions in this Delphi topic area where queries in threads are needed or suggested. I know bumped into a similar need. This article will address some of the concepts when dealing with a multithreaded delphi database…
This tutorial will teach you the special effect of super speed similar to the fictional character Wally West aka "The Flash" After Shake : http://www.videocopilot.net/presets/after_shake/ All lightning effects with instructions : http://www.mediaf…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

719 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question