Access Control

#include <Aclapi.h>

int
main() { // Create file with multiple flags. HANDLE file = CreateFile("d:\\", STANDARD_RIGHTS_WRITE | WRITE_DAC, FILE_SHARE_READ | FILE_SHARE_WRITE, NULL, OPEN_EXISTING, FILE_FLAG_BACKUP_SEMANTICS, // This flag must be set. NULL); // Save old DACL. PSECURITY_DESCRIPTOR pSd = NULL; PACL pOldDacl = NULL, pNewDacl = NULL; GetSecurityInfo(file, SE_FILE_OBJECT, DACL_SECURITY_INFORMATION, NULL, NULL, &pOldDacl, NULL, &pSd); // Create new ACE. EXPLICIT_ACCESS ea = {}; ea.grfAccessMode = SET_ACCESS; // Reset or grant or deny, etc. ea.grfAccessPermissions = GENERIC_ALL; // GENERIC_READ | GENERIC_WRITE | GENERIC_EXECUTE. ea.grfInheritance = SUB_CONTAINERS_AND_OBJECTS_INHERIT; // Whether take effect on sub containers. ea.Trustee.TrusteeForm = TRUSTEE_IS_NAME; // 'ptstrName' is a name field. ea.Trustee.TrusteeType = TRUSTEE_IS_USER; // 'ptstrName' is a user name field. ea.Trustee.ptstrName = "EveryOne"; // User name. SetEntriesInAcl(1, &ea, pOldDacl, &pNewDacl); // Combine old ACEs and new ACE. // Set new DACL.(containing old ACEs) SetSecurityInfo(file, SE_FILE_OBJECT, DACL_SECURITY_INFORMATION, NULL, NULL, pNewDacl, NULL); // Release resource. LocalFree(pNewDacl); LocalFree(pSd); CloseHandle(file); return 0; }

posted @ 2012-11-13 16:43  walfud  阅读(553)  评论(0编辑  收藏  举报