• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1407
  • Last Modified:

SetFileSecurity

Can somebody give me an example for SetFileSecurity
and GetFileSecurity procedures for WIN NT 4.0?
I mean source.

Cheers
0
desno
Asked:
desno
  • 5
  • 4
  • 3
  • +2
1 Solution
 
viktornetCommented:
try out this C code...

http://wino.physik.uni-mainz.de/~frink/chown/chown.c

..-=ViKtOr=-..
0
 
EpsylonCommented:
Vik, this is the Delphi Area  ;o)
0
Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

 
viktornetCommented:
I know it is... In fact C sources contain the most useful info of all times... lots of low level techniques and stuff... Why did you think I posted it??
0
 
desnoAuthor Commented:
Sorry, but I need Delphi code. I am bad at C
0
 
intheCommented:
http://members.xoom.com/sergei19/ntset.htm
has a filesecurity components and a registry security components that may help.

i also post this unit here that contains setfilesecurity and getfilesecurity if you wish to pull out the functions that you need instead of installing a component:

unit NTAddFileSecurity;

interface

uses
  NTDecls, NTSecurityDecls, Messages, SysUtils, Classes, Graphics, Controls, Forms, Dialogs;

type
  TNTAddFileSecurity = class(TComponent)
  private
    { Private declarations }
    FUserID:String;
    FDomainName:String;
    FFileName:String;
    FAccessMask:DWORD;
    function GetUserID:String;
    function GetFileName:String;
    function GetAccessMask:DWORD;
    procedure SetUserID(TheValue:String);
    procedure SetFileName(TheValue:String);
    procedure SetAccessMask(TheValue:DWORD);
  protected
    { Protected declarations }
  public
    { Public declarations }
  published
    { Published declarations }
    property UserID:String read GetUserID write SetUserID;
    property FileName:String read GetFileName write SetFileName;
    property AccessMask:DWORD read GetAccessMask write SetAccessMask;
    function Execute:Integer;
  end;

procedure Register;

implementation

const SD_SIZE = (65536 + SECURITY_DESCRIPTOR_MIN_LENGTH);

Type ACL_SIZE_INFORMATION=record
    AceCount:DWORD;
    AclBytesInUse:DWORD;
    AclBytesFree:DWORD;
End;

Type ACE_HEADER=record
    AceType:Byte;
    AceFlags:Byte;
    AceSize:Word;
End;

Type ACCESS_ALLOWED_ACE=record
    Header:ACE_HEADER;
    Mask:ACCESS_MASK;
    SidStart:DWORD;
End;

function TNTAddFileSecurity.GetUserID:String;
begin
     Result:=FUserID;
end;

function TNTAddFileSecurity.GetFileName:String;
begin
     Result:=FFileName;
end;

function TNTAddFileSecurity.GetAccessMask:DWORD;
begin
     Result:=FAccessMask;
end;

procedure TNTAddFileSecurity.SetUserID(TheValue:String);
begin
     FUserID:=TheValue;
end;

procedure TNTAddFileSecurity.SetFileName(TheValue:String);
begin
     FFileName:=TheValue;
end;

procedure TNTAddFileSecurity.SetAccessMask(TheValue:DWORD);
begin
     FAccessMask:=TheValue;
end;

function TNTAddFileSecurity.Execute:Integer;
var
   // SID variables
   psnuType:SID_NAME_USE;
   lpszDomain:Array[0..2048] Of Char;
   UserSID:Array[0..1024] Of Char;
   dwDomainLength:DWORD;
   dwSIDBuffSize:DWORD;
   // User name variables
   lpszUserName:Array[0..250] Of Char;
   dwUserNameLength:DWORD;
   // File SD variables
   ucSDbuf:Array[0..SD_SIZE] Of Byte;
   pFileSD:PSECURITY_DESCRIPTOR;
   dwSDLengthNeeded:DWORD;
   // ACL variables
   p_ACL:PACL;
   bDaclPresent,bDaclDefaulted:Boolean;
   AclInfo:ACL_SIZE_INFORMATION;
   // New ACL variables
   pNewACL:PACL;
   dwNewACLSize:DWORD;
   // New SD variables
   NewSD:Array[0..SECURITY_DESCRIPTOR_MIN_LENGTH] Of Byte;
   psdNewSD:PSECURITY_DESCRIPTOR;
   // Temporary ACE
   pTempAce:Pointer;
   CurrentAceIndex:Integer;
   // Temporary File And Access Mask
   pFileName:Array[0..250] Of Char;
   dwACCESSMASK:Dword;
begin
   dwUserNameLength:=250;
   dwDomainLength:=250;
   dwSIDBuffSize:=1024;
   StrPCopy(pFileName,FFileName);
   StrPCopy(lpszUserName,FUserID);
   dwACCESSMASK:=FAccessMask;

   // Get SID for current user
   If Not LookupAccountName(nil,lpszUserName,@UserSID,dwSIDBuffSize,lpszDomain,dwDomainLength,psnuType) Then
   Begin
        Result:=1;
        Exit;
   End;

   // Get security descriptor (SD) for file
   If Not GetFileSecurity(pFileName,SECURITY_INFORMATION(DACL_SECURITY_INFORMATION),pFileSD,SD_SIZE,dwSDLengthNeeded) Then
   Begin
      Result:=2;
      Exit;
   End;

   // Initialize new SD
   If Not InitializeSecurityDescriptor(psdNewSD,SECURITY_DESCRIPTOR_REVISION) Then
   Begin
      Result:=3;
      Exit;
   End;

   // Get DACL from SD
   If GetSecurityDescriptorDacl(@pFileSD,bDaclPresent,@p_ACL,bDaclDefaulted)=False Then
   Begin
        Result:=4;
        Exit;
   End;

   // Get file ACL size information
   If GetAclInformation(@p_ACL,@AclInfo,SizeOf(ACL_SIZE_INFORMATION),AclSizeInformation)=False Then
   Begin
      Result:=5;
      Exit;
   End;

   // Compute size needed for the new ACL
   dwNewACLSize:=AclInfo.AclBytesInUse + SizeOf(ACCESS_ALLOWED_ACE) + GetLengthSid(@UserSID) - SizeOf(DWORD);

   // Allocate memory for new ACL
   pNewACL:=PACL(LocalAlloc(LPTR, dwNewACLSize));

   // Initialize the new ACL
   // 1 must be ACL_REVISION
   If Not InitializeAcl(pNewACL, dwNewACLSize, 1) Then
   Begin
      LocalFree(HLOCAL(pNewACL));
      Result:=6;
      Exit;
   End;

   // If DACL is present, copy it to a new DACL
   If bDaclPresent Then
   Begin
        // Copy the file's ACEs to our new ACL
        If AclInfo.AceCount>0 Then
        Begin
             For CurrentAceIndex:=0 To AclInfo.AceCount-1 Do
             Begin
                  // Get an ACE
                  pTempAce:=p_ACL;       /// ???????????/
                  If Not GetAce(p_ACL,CurrentAceIndex,@pTempAce) Then
                  Begin
                       LocalFree(HLOCAL(pNewACL));
                       Result:=7;
                       Exit;
                  End;
                  // Add the ACE to the new ACL
                  If Not AddAce(pNewACL,ACL_REVISION,MAXDWORD,pTempAce,SizeOf(pTempAce)) Then
                  Begin
                       LocalFree(HLOCAL(pNewACL));
                       Result:=8;
                       Exit;
                  End;
             End;
        End;
   End;

   // Add the access-allowed ACE to the new DACL
   If Not AddAccessAllowedAce(pNewACL,ACL_REVISION,dwAccessMask, @UserSID)  Then
   Begin
        LocalFree(HLOCAL(pNewACL));
        Result:=9;
        Exit;
   End;

   // Set our new DACL to the file SD
   If Not SetSecurityDescriptorDacl(psdNewSD,TRUE,pNewACL,FALSE) Then
   Begin
        LocalFree(HLOCAL(pNewACL));
        Result:=10;
        Exit;
   End;

   // Set the SD to the File
   If Not SetFileSecurity(pFileName, DACL_SECURITY_INFORMATION,psdNewSD) Then
   Begin
        LocalFree(HLOCAL(pNewACL));
        Result:=11;
        Exit;
   End;

   // Free the memory allocated for the new ACL
   LocalFree(HLOCAL(pNewACL));
   Result:=0;
end;

procedure Register;
begin
  RegisterComponents('NT Tools - Additional', [TNTAddFileSecurity]);
end;

end.

Regards Barry
0
 
desnoAuthor Commented:
I compile your unit but there are too much errors and
 uses NTDecls, NTSecurityDecls ???????????
Where are NTDecls, NTSecurityDecls .dcl ??????

Cheers
0
 
EpsylonCommented:
I think you didn't install the components.....
0
 
desnoAuthor Commented:
I tried to do something but I got too many error messages:

B := GetFileSecurity(PChar(Filename.Text),DACL_Security_Information,@SD,SizeOf(SD),I);

[Error] MainForm.pas(88): Types of actual and formal var parameters must be identical
[Error] MainForm.pas(108): Types of actual and formal var parameters must be identical
[Fatal Error] NTSecurity.dpr(5): Could not compile used unit 'MainForm.pas'

Can you help me inthe????

I cannot download those components
but this will be ok, just help me with this.........
0
 
EpsylonCommented:
Desno, that line is ok but the variable I but be defined as 'Cardinal'.

  var I: Cardinal;
0
 
EpsylonCommented:
Again but now without any typo    :o)

Desno, that line is ok but the variable I must be defined as 'Cardinal'.

  var I: Cardinal;


Cheers,

Epsylon.
0
 
intheCommented:
your question:
>>Can somebody give me an example for SetFileSecurity
>>and GetFileSecurity procedures for WIN NT 4.0?
>>I mean source


you dont have NTDecls, NTSecurityDecls ,these are extra components that came with a set of nt components i have.
if you want them let me know the zip file is 185kb and contains about 40 componnets for nt only.
i merely pasted the example of that component because it contains examples of what you wanted and asked for.
ive also gave a web site with other component which does basically the same thing.
i had enough trouble installing the components with NTDecls and NTSecurityDecls so i dunno how your supposed to install without them ;-)
what have you declared i as?
dword,cradinal ?
what version of delphi do you use?

Regards Barry

0
 
desnoAuthor Commented:
I declared it as Integer, but now I declared it as cardinal,
and it's working now. And I really need that set of NT componets, my email: zeko@cg.yu, And post me an answer.
I'll give your point, (deserved) .

(but send me first that components  :))

Cheers,
0
 
intheCommented:
ok i have sent  and it is 477kb
.
i cant install all the components as i get "a device attached to the system is not functioning error"
maybe your system will be ok,i dunno
i managaed to get around some of them b installing each component seperate in a package of it own,the rest of components i just use the source ,if it contains a function i need.
im going to ask a seperate question on that error you may want to follow it if you get that error.
Regards Barry
0
 
desnoAuthor Commented:
Thanks
0
 
RadlerCommented:
Hi inthe;

In the past I tried implement some features like this.
All work fine except to directories, where I can't assign the users rigths corretly.
Do you can help me, send me your answer to teste@ars.com.br?

Thanks in advance,

T++, Radler.
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 5
  • 4
  • 3
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now