目录共享权限的问题,高分(300) (200分)

Firejone · 2001-09-29

过程目的:用户GUEST对SHAREDIR目录有完全的权限 看以下过程,一直无效,找不到毛病,请高手指点 procedure CreateShare; var   sid,domain

ointer;   cbsid,cbdomain:dword;   name :SID_NAME_USE;   mmacl :_acl;   sd

SECURITY_DESCRIPTOR;   si1501 :SHARE_INFO_1501; begin cbdomain := 1024; cbsid := 96; Getmem(sd,1024); GetMem(domain,cbdomain); GetMem(sid,cbsid); name := SidTypeUser; LookupAccountName(nil,'guest',sid,cbsid,domain,cbdomain,name); InitializeAcl(mmacl,//Sizeof(_ACL),                  //getlengthsid函数似乎有问题               sizeof(_ACL)+sizeof(ACCESS_ALLOWED_ACE)+GetLengthSid(Sid)-sizeof(DWORD),               2); AddAccessAllowedAce(mmacl,2,GENERIC_ALL,sid); InitializeSecurityDescriptor(sd,SECURITY_DESCRIPTOR_REVISION); SetSecurityDescriptorDacl(sd,true,@mmacl,false); si1501.shi1501_reserved := 0; si1501.shi1501_security_descriptor := sd; NetShareSetInfo(nil,'sharedir',1501,@si1501,0); FreeMem(domain); FreeMem(sid); FreeMem(sd); end;

Firejone · 2001-09-29

忘了,环境是W2K SERVER下,高手快出动呀!!!

Tense · 2001-09-29

关注。

Firejone · 2001-09-29

[

]关注是不够的,请大家给出意见.

commons_sheng · 2001-09-29

jeo · 2001-09-29

这个问题简单，为什么简单呢？我下次再说！

ggqq · 2001-09-30

API函数WNETAddconnection2或WNETAddconnection3看看先。

lww · 2001-10-07

查一下MSDN,需要利用NetShareAdd这个API

fanren945 · 2001-10-07

这个问题我也想知道答案。[

]

JohnsonGuo · 2001-10-08

listen

Firejone · 2001-10-08

高手请关注呀！

悲酥清风 · 2001-10-10

bbkxjy · 2001-10-12

to Firejone:   下面的两个函数分别对文件和共享资源添加访问权限，在 D6 + Win2kSvr 中通过。注意 AddFileAccessRights 也可对目录操作。 const   ACL_REVISION = 2;   ACL_REVISION2 = 2;   netapi32lib = 'Netapi32.dll'; Type   NET_API_STATUS = Integer;   PShare_Info_502 = ^TShare_Info_502;   TShare_Info_502 = record     shi502_netName: PWideChar;     shi502_type: DWORD;     shi502_remark: PWideChar;     shi502_permissions: DWORD;     shi502_max_uses: DWORD;     shi502_current_uses : DWORD;     shi502_path: PWideChar;     shi502_passwd: PWideChar;     shi502_reserved: DWORD;     shi502_security_descriptor: PSECURITY_DESCRIPTOR;   end;   ACE_HEADER = record     AceType: Byte;     AceFlags: Byte;     AceSize: Word;   end;   ACCESS_ALLOWED_ACE = record     Header:ACE_HEADER;     Mask:ACCESS_MASK;     SidStart

WORD;   end;   ACL_SIZE_INFORMATION = record     AceCount: DWORD;     AclBytesInUse: DWORD;     AclBytesFree: DWORD;   end;   PACE_HEADER = ^ACE_HEADER; function NetApiBufferFree(Buffer: Pointer): NET_API_STATUS; stdcall external netapi32lib; function NetShareGetInfo(servername: LPWSTR; netname: LPWSTR; level: DWORD;     var butptr: Pointer): NET_API_STATUS; stdcall; external netapi32lib; function NetShareSetInfo(servername: LPWSTR; netname: LPWSTR; leve: DWORD;    const buf: Pointer; parm_err: PDWORD): NET_API_STATUS; stdcall; external netapi32lib; //添加文件、目录访问权限，对应于对象属性页中"安全" 页中的设置 function AddFileAccesRights(const FileName, UserName: string;   dwAccessMask: DWORD): boolean; var   // SID variables   snuType : SID_NAME_USE;   szDomain : PChar;   cbDomain: DWORD;   pUserSID: Pointer;   cbUserSID: DWORD;   // File SD variables.   pFileSD: PSECURITY_DESCRIPTOR;   cbFileSD: DWORD;   // New SD variables.   pNewSD: PSECURITY_DESCRIPTOR;   // ACL variables.   p_ACL : PACL;   fDaclPresent, fDaclDefaulted : LongBool;   AclInfo: ACL_SIZE_INFORMATION;   // New ACL variables.   pNewACL : PACL;   cbNewACL: DWORD;   // Temporary ACE.   pTempAce: Pointer;   CurrentAceIndex : Cardinal; begin   szDomain := nil;   cbDomain := 0;   pUserSID := nil;   cbUserSID := 0;   pFileSD := nil;   cbFileSD := 0;   pNewSD := nil;   p_ACL := nil;   pNewACL := nil;   pTempAce := nil;   //   // STEP 1: Get SID for given user.   //   Result := LookupAccountName(nil, PChar(UserName),     pUserSID, cbUserSID, szDomain, cbDomain, snuType);   // API should have failed with insufficient buffer.   if (not Result) and (GetLastError <> ERROR_INSUFFICIENT_BUFFER) then     RaiseLastWin32Error;   pUserSID := AllocMem(cbUserSID);   szDomain := AllocMem(cbDomain);   try     Result := LookupAccountName(nil, PChar(UserName),        pUserSID, cbUserSID, szDomain, cbDomain, snuType);     if (not Result) then       RaiseLastWin32Error;     // STEP 2: Get security descriptor (SD) for file.     Result := GetFileSecurity(PChar(FileName),       DACL_SECURITY_INFORMATION, pFileSD, 0, cbFileSD);     if (not Result) and (GetLastError <> ERROR_INSUFFICIENT_BUFFER) then       RaiseLastWin32Error;     pFileSD := AllocMem(cbFileSD);     Result := GetFileSecurity(PChar(FileName),       DACL_SECURITY_INFORMATION, pFileSD, cbFileSD, cbFileSD);     if (not Result) then       RaiseLastWin32Error;     // STEP 3: Initialize new SD.     pNewSD := AllocMem(cbFileSD); // Should be same size as FileSD.     if (not InitializeSecurityDescriptor(pNewSD,       SECURITY_DESCRIPTOR_REVISION)) then       RaiseLastWin32Error;     // STEP 4: Get DACL from SD.     if (not GetSecurityDescriptorDacl(pFileSD, fDaclPresent, p_ACL,       fDaclDefaulted)) then       RaiseLastWin32Error;     // STEP 5: Get size information for DACL.     AclInfo.AceCount := 0; // Assume NULL DACL.     AclInfo.AclBytesFree := 0;     AclInfo.AclBytesInUse := SizeOf(ACL);     if (fDaclPresent and Assigned(p_ACL)) then     begin       if (not GetAclInformation(p_ACL^, @AclInfo,           SizeOf(ACL_SIZE_INFORMATION), AclSizeInformation)) then         RaiseLastWin32Error;       // STEP 6: Compute size needed for the new ACL.       cbNewACL := AclInfo.AclBytesInUse + SizeOf(ACCESS_ALLOWED_ACE)         + GetLengthSid(pUserSID) - SizeOf(DWORD);       // STEP 7: Allocate memory for new ACL.       pNewACL := AllocMem(cbNewACL);       // STEP 8: Initialize the new ACL.       if (not InitializeAcl(pNewACL^, cbNewACL, ACL_REVISION2)) then         RaiseLastWin32Error;       // STEP 9: If DACL is present, copy it to a new DACL.       if (fDaclPresent) then       begin         // STEP 10: Copy the file's ACEs to the new ACL.         if (AclInfo.AceCount > 0) then         begin           for CurrentAceIndex := 0 to AclInfo.AceCount - 1 do           begin             // STEP 11: Get an ACE.             if (not GetAce(p_ACL^, CurrentAceIndex, pTempAce)) then               RaiseLastWin32Error;             // STEP 12: Add the ACE to the new ACL.             if (not AddAce(pNewACL^, ACL_REVISION, MAXDWORD, pTempAce,                PACE_HEADER(pTempAce)^.AceSize)) then               RaiseLastWin32Error;           end         end       end;       // STEP 13: Add the access-allowed ACE to the new DACL.       if (not AddAccessAllowedAce(pNewACL^, ACL_REVISION2, dwAccessMask,           pUserSID)) then         RaiseLastWin32Error;       // STEP 14: Set the new DACL to the file SD.       if (not SetSecurityDescriptorDacl(pNewSD, True, pNewACL, False)) then         RaiseLastWin32Error;       // STEP 15: Set the SD to the File.       if (not SetFileSecurity(PChar(FileName), DACL_SECURITY_INFORMATION,           pNewSD)) then         RaiseLastWin32Error;       Result := True;     end;   finally     // STEP 16: Free allocated memory     if Assigned(pUserSID) then       FreeMem(pUserSID);     if Assigned(szDomain) then       FreeMem(szDomain);     if Assigned(pFileSD) then       FreeMem(pFileSD);     if Assigned(pNewSD) then       FreeMem(pNewSD);     if Assigned(pNewACL) then       FreeMem(pNewACL);   end; end; //添加共享资源的访问权限，对应于对象属性页中"共享" 页中的设置,注意 ShareName //对应的资源应已被设置为共享。这可以通过 NetShareAdd API 设置 function AddShareAccesRights(const ShareName: WideString;   const UserName: string; dwAccessMask: DWORD): boolean; var   // SID variables   snuType : SID_NAME_USE;   szDomain : PChar;   cbDomain: DWORD;   pUserSID: Pointer;   cbUserSID: DWORD;   // File SD variables.   pShareSD: PSECURITY_DESCRIPTOR;   // New SD variables.   pNewSD: PSECURITY_DESCRIPTOR;   // ACL variables.   p_ACL : PACL;   fDaclPresent, fDaclDefaulted : LongBool;   AclInfo: ACL_SIZE_INFORMATION;   //Share_Info variables   BufPtr: PShare_Info_502;   ShareInfo: TShare_Info_502;   // New ACL variables.   pNewACL : PACL;   cbNewACL: DWORD;   // Temporary ACE.   pTempAce: Pointer;   CurrentAceIndex : Cardinal;   parm_err: DWORD; begin   szDomain := nil;   cbDomain := 0;   pUserSID := nil;   cbUserSID := 0;   pNewSD := nil;   p_ACL := nil;   pNewACL := nil;   pTempAce := nil;   BufPtr := nil;   // STEP 1: Get SID for given user.   Result := LookupAccountName(nil, PChar(UserName),     pUserSID, cbUserSID, szDomain, cbDomain, snuType);   // API should have failed with insufficient buffer.   if (not Result) and (GetLastError <> ERROR_INSUFFICIENT_BUFFER) then     RaiseLastWin32Error;   pUserSID := AllocMem(cbUserSID);   szDomain := AllocMem(cbDomain);   try     Result := LookupAccountName(nil, PChar(UserName),        pUserSID, cbUserSID, szDomain, cbDomain, snuType);     if (not Result) then       RaiseLastWin32Error;     // STEP 2: Get security descriptor (SD) for ShareRes.     if (NetShareGetInfo(nil, PWideChar(ShareName), 502, Pointer(BufPtr))       = ERROR_SUCCESS) then     begin       if not IsValidSecurityDescriptor(BufPtr^.shi502_security_descriptor) then         RaiseLastWin32Error;     end     else       RaiseLastWin32Error;     pShareSD := BufPtr^.shi502_security_descriptor;     // STEP 3: Initialize new SD.     pNewSD := AllocMem(GetSecurityDescriptorLength(pShareSD));     if (not InitializeSecurityDescriptor(pNewSD,       SECURITY_DESCRIPTOR_REVISION)) then       RaiseLastWin32Error;     // STEP 4: Get DACL from SD.     if (not GetSecurityDescriptorDacl(pShareSD, fDaclPresent, p_ACL,       fDaclDefaulted)) then       RaiseLastWin32Error;     //     // STEP 5: Get size information for DACL.     //     AclInfo.AceCount := 0; // Assume NULL DACL.     AclInfo.AclBytesFree := 0;     AclInfo.AclBytesInUse := SizeOf(ACL);     if (fDaclPresent and Assigned(p_ACL)) then     begin       if (not GetAclInformation(p_ACL^, @AclInfo,           SizeOf(ACL_SIZE_INFORMATION), AclSizeInformation)) then         RaiseLastWin32Error;       // STEP 6: Compute size needed for the new ACL.       cbNewACL := AclInfo.AclBytesInUse + SizeOf(ACCESS_ALLOWED_ACE)         + GetLengthSid(pUserSID) - SizeOf(DWORD);       // STEP 7: Allocate memory for new ACL.       pNewACL := AllocMem(cbNewACL);       // STEP 8: Initialize the new ACL.       if (not InitializeAcl(pNewACL^, cbNewACL, ACL_REVISION2)) then         RaiseLastWin32Error;       // STEP 9: If DACL is present, copy it to a new DACL.       if (fDaclPresent) then       begin         // STEP 10: Copy the file's ACEs to the new ACL.         if (AclInfo.AceCount > 0) then         begin           for CurrentAceIndex := 0 to AclInfo.AceCount - 1 do           begin             // STEP 11: Get an ACE.             if (not GetAce(p_ACL^, CurrentAceIndex, pTempAce)) then               RaiseLastWin32Error;             // STEP 12: Add the ACE to the new ACL.             if (not AddAce(pNewACL^, ACL_REVISION, MAXDWORD, pTempAce,                PACE_HEADER(pTempAce)^.AceSize)) then               RaiseLastWin32Error;           end         end       end;       // STEP 13: Add the access-allowed ACE to the new DACL.       if (not AddAccessAllowedAce(pNewACL^, ACL_REVISION2, dwAccessMask,           pUserSID)) then         RaiseLastWin32Error;       // STEP 14: Set the new DACL to the new Share SD.       if (not SetSecurityDescriptorDacl(pNewSD, True, pNewACL, False)) then         RaiseLastWin32Error;       // STEP 15: Set the new SD to the ShareRes.       Move(BufPtr^,ShareInfo, SizeOf(ShareInfo));       ShareInfo.shi502_security_descriptor := pNewSD;       if not (NetShareSetInfo(nil, PWideChar(ShareName), 502, @ShareInfo,           @parm_err) = ERROR_SUCCESS) then         RaiseLastWin32Error;       Result := True;     end;   finally     // STEP 16: Free allocated memory     if Assigned(pUserSID) then       FreeMem(pUserSID);     if Assigned(szDomain) then       FreeMem(szDomain);     if Assigned(pNewSD) then       FreeMem(pNewSD);     if Assigned(pNewACL) then       FreeMem(pNewACL);     if Assigned(BufPtr) then       NetApiBufferFree(BufPtr);   end; end;

Firejone · 2001-10-12

[

]谢谢bbkxjy,我明白了

Firejone · 2001-10-12

多人接受答案了。

hebiziyu · 2003-08-07

有没有哪位朋友给一个例子给我看看?就是应用上面朋友给的函数的使用例子? function AddShareAccesRights(const ShareName: WideString;   const UserName: string; dwAccessMask: DWORD): boolean; 这里的deAccessmask究竟应该是怎样的数据? 我不明白,希望有人能给我答复.

目录共享权限的问题,高分(300) (200分)

Firejone

Unregistered / Unconfirmed

Firejone

Unregistered / Unconfirmed

Tense

Unregistered / Unconfirmed

Firejone

Unregistered / Unconfirmed

commons_sheng

Unregistered / Unconfirmed

jeo

Unregistered / Unconfirmed

ggqq

Unregistered / Unconfirmed

lww

Unregistered / Unconfirmed

fanren945

Unregistered / Unconfirmed

JohnsonGuo

Unregistered / Unconfirmed

Firejone

Unregistered / Unconfirmed

悲酥清风

Unregistered / Unconfirmed

bbkxjy

Unregistered / Unconfirmed

Firejone

Unregistered / Unconfirmed

Firejone

Unregistered / Unconfirmed

hebiziyu

Unregistered / Unconfirmed

Similar threads