Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- /*
- Demonstrates how using SetFileSecurity does not result in a [file] ACL with ACEs inherited from parent [folder], while using SetNamedSecurityInfo does, as is proper.
- Disable (comment) the `SetNamedSecurityInfo` call along with its parent `if` statement and enable (uncomment) the following `SetFileSecurity` call (and its parent `if` statement, obviously) to switch the behavior and observe different resultant ACL on the file.
- The Windows application entry point in this snippet expects two command line arguments -- the file path of the file you want to set security information on, and the actual security (specified in SDDL format) information desired for the file.
- */
- #include <windows.h>
- #include <shellapi.h>
- #include <sddl.h>
- #include <aclapi.h>
- int APIENTRY wWinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPWSTR lpCmdLine, int nCmdShow)
- {
- int argc;
- LPWSTR * argv = CommandLineToArgvW(lpCmdLine, &argc);
- if(argv == NULL) {
- return -1;
- }
- if(argc < 2) {
- MessageBox(NULL, L"Invalid command line.", NULL, MB_ICONERROR);
- return -2;
- }
- PSECURITY_DESCRIPTOR p_sd;
- if(ConvertStringSecurityDescriptorToSecurityDescriptor(argv[1], SDDL_REVISION_1, &p_sd, NULL) == 0) {
- return -3;
- }
- PACL p_dacl;
- BOOL p_dacl_present, p_dacl_defaulted;
- if(GetSecurityDescriptorDacl(p_sd, &p_dacl_present, &p_dacl, &p_dacl_defaulted) == 0) {
- return -5;
- }
- if(SetNamedSecurityInfo(argv[0], SE_FILE_OBJECT, DACL_SECURITY_INFORMATION, NULL, NULL, p_dacl, NULL) != 0) {
- return -6;
- }
- /*if(SetFileSecurity(argv[0], DACL_SECURITY_INFORMATION, p_sd) == 0) {
- return -4;
- }*/
- LocalFree(p_sd);
- LocalFree(argv);
- return 0;
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement