Author: Lou Adler
I want to be able to store a file and its security decriptor, then reload it later.
I have been able to use GetFileSecurity and GetSecurityDescriptorOwner, but I don't
understand how to translate this information into a transportable format, store it
in a remote table, then retrieve it and rebuild the correct description?
Answer:
Below is code I have used to convert to a Self Relative SD:
1 { ... }
2 if Assigned(SD) then
3 begin
4 lpdwAbsoluteSecurityDescriptorSize := 0;
5 lpdwDaclSize := 0;
6 lpdwSaclSize := 0;
7 lpdwOwnerSize := 0;
8 lpdwPrimaryGroupSize := 0;
9 MakeAbsoluteSD(SD,
10 AbsoluteSID, lpdwAbsoluteSecurityDescriptorSize,
11 pDacl^, lpdwDaclSize,
12 pSacl^, lpdwSaclSize,
13 pOwner, lpdwOwnerSize,
14 pPrimaryGroup, lpdwPrimaryGroupSize);
15 GetMem(AbsoluteSID, lpdwAbsoluteSecurityDescriptorSize);
16 GetMem(pDacl, lpdwDaclSize);
17 GetMem(pSacl, lpdwSaclSize);
18 GetMem(pOwner, lpdwOwnerSize);
19 GetMem(pPrimaryGroup, lpdwPrimaryGroupSize);
20 try
21 if not MakeAbsoluteSD(SD, AbsoluteSID, lpdwAbsoluteSecurityDescriptorSize,
22 pDacl^, lpdwDaclSize, pSacl^, lpdwSaclSize, pOwner, lpdwOwnerSize,
23 pPrimaryGroup, lpdwPrimaryGroupSize) then
24 raise Exception.create(LastErrorMessage);
25 lpdwBufferLength := 0;
26 MakeSelfRelativeSD(AbsoluteSID, RelativeSID, lpdwBufferLength);
27 GetMem(RelativeSID, lpdwBufferLength);
28 if not MakeSelfRelativeSD(AbsoluteSID, RelativeSID, lpdwBufferLength) then
29 raise Exception.create(LastErrorMessage);
30 finally
31 FreeMem(AbsoluteSID, lpdwAbsoluteSecurityDescriptorSize);
32 FreeMem(pSacl, lpdwSaclSize);
33 FreeMem(pOwner, lpdwOwnerSize);
34 FreeMem(pPrimaryGroup, lpdwPrimaryGroupSize);
35 end;
36 end;
37 { ... }
For Windows 2000 and up: Retrieve only those parts of the security descriptor you need to persist through GetFileSecurity, convert it to a string using ConvertSecurityDescriptorToStringSecurityDescriptor. To restore the decriptor use ConvertStringSecurityDescriptorToSecurityDesciptor and SetFileSecurity.
|
