Solved

Check directory for write access by current user

Posted on 2008-10-01
4
2,536 Views
Last Modified: 2013-11-20
How do use MFC to check if the current user has write access to a directory?
0
Comment
Question by:steenpat
4 Comments
 
LVL 86

Accepted Solution

by:
jkr earned 250 total points
ID: 22618586
You can use the following code:
#include <windows.h>

#include <svrapi.h>

#include <stdio.h>
 

BOOL IsAccessPermitted(LPCTSTR pszFolder) {
 

          HANDLE hToken;

	  // AccessCheck() variables

	  DWORD           dwAccessDesired;

	  PRIVILEGE_SET   PrivilegeSet;

	  DWORD           dwPrivSetSize;

	  DWORD           dwAccessGranted;

	  BOOL            fAccessGranted = FALSE;

	  GENERIC_MAPPING GenericMapping;
 

          SECURITY_INFORMATION si = (SECURITY_INFORMATION)( OWNER_SECURITY_INFORMATION

            | GROUP_SECURITY_INFORMATION

            | DACL_SECURITY_INFORMATION);
 
 

	  PSECURITY_DESCRIPTOR psdSD = NULL;

	  DWORD dwNeeded;
 

	  GetFileSecurity(pszFolder,si,NULL,0,&dwNeeded);
 
 

	  psdSD = (PSECURITY_DESCRIPTOR) new BYTE[dwNeeded];
 

	  if (!GetFileSecurity(pszFolder,si,psdSD,dwNeeded,&dwNeeded)) {
 

              printf("GetFileSecurity\n");

          }
 

      // AccessCheck() requires an impersonation token.

      ImpersonateSelf(SecurityImpersonation);
 

      OpenThreadToken(GetCurrentThread(), TOKEN_ALL_ACCESS, TRUE, 

            &hToken);
 

      // Using AccessCheck(), there are two different things we could do:

      // 

      // 1. See if we have Read/Write access to the object.

      // 

      dwAccessDesired = ACCESS_READ;
 

      // Initialize generic mapping structure to map all.

      memset(&GenericMapping, 0xff, sizeof(GENERIC_MAPPING));

      GenericMapping.GenericRead = ACCESS_READ;

      GenericMapping.GenericWrite = ACCESS_WRITE;

      GenericMapping.GenericExecute = 0;

      GenericMapping.GenericAll = ACCESS_READ | ACCESS_WRITE;
 

      // This only does something if we want to use generic access

      // rights, like GENERIC_ALL, in our call to AccessCheck().

      MapGenericMask(&dwAccessDesired, &GenericMapping);
 

      dwPrivSetSize = sizeof(PRIVILEGE_SET);
 

      printf("calling 'AccessCheck()'...\n");
 

      // Make the AccessCheck() call.

      if (!AccessCheck(psdSD, hToken, dwAccessDesired, &GenericMapping,

            &PrivilegeSet, &dwPrivSetSize, &dwAccessGranted, 

            &fAccessGranted)){
 

              printf("AccessCheck: %d\n",GetLastError());

          }
 

      printf("... 'AccessCheck()' succeeded\n");

      delete [] psdSD;
 

  return fAccessGranted;

}
 

void main () {
 

    BOOL bRes = IsAccessPermitted("c:\\Windows\\notepad.exe");
 

    printf("permitted: %s\n", bRes ? "Yes" :  "No");
 

}

Open in new window

0
 
LVL 14

Assisted Solution

by:wayside
wayside earned 250 total points
ID: 22618636
Quick and dirty method would be to just create a file in the directory. If it succeeds, you have write access; if not, you don't.

CString mydir = "c:/windows/system32";

CString tempName = mydir + "/mytemp.foo";
CFile tempFile;

BOOL bOpenOK = tempFile.Open(tempName, CFile::modeCreate | CFile::modeWrite);
if (bOpenOK == TRUE) {
  // success! clean up.
  tempFile.Close();
  CFile::Remove(tempName);
}

0
 
LVL 17

Expert Comment

by:CSecurity
ID: 22623330
try to create a directory using CreateDirectory of try to create a file using CreateFile API function.
if one of above functions failed, check error reason using GetLastError() API to get error code.
if(GetLastError() == ERROR_ACCESS_DENIED) // or if(GetLastError() == 5)
//means that access denied
as "Wayside"s comment: quick and dirty way ;)
Regards
0
 

Author Comment

by:steenpat
ID: 22996449
I would like to comment that RevertToSelf is necessary at the bottom of this function otherwise it keeps running in the context of the client and this is undesirable. It caused issues with my application until I figured this out. I called RevertToSelf, and then CloseHandle(hToken) and this resolved issues.
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
how to monitor remote shell execution on linux 9 93
sumDigits challenge 9 98
mapAB Challlenge 35 85
gdb doesn't stop on breakpoint 2 7
Templates For Beginners Or How To Encourage The Compiler To Work For You Introduction This tutorial is targeted at the reader who is, perhaps, familiar with the basics of C++ but would prefer a little slower introduction to the more ad…
Exception Handling is in the core of any application that is able to dignify its name. In this article, I'll guide you through the process of writing a DRY (Don't Repeat Yourself) Exception Handling mechanism, using Aspect Oriented Programming.
The viewer will learn how to use the return statement in functions in C++. The video will also teach the user how to pass data to a function and have the function return data back for further processing.
The viewer will learn how to user default arguments when defining functions. This method of defining functions will be contrasted with the non-default-argument of defining functions.

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now