Форум: "Начинающим";
Текущий архив: 2009.04.12;
Скачать: [xml.tar.bz2];
ВнизПрава доступа Найти похожие ветки
← →
charoey_mag (2009-02-19 15:18) [0]Как можно узнать права доступа у общей папки и права безопасности и нее?
← →
charoey_mag (2009-02-24 12:51) [1]Спасибо за помощь, и огромное количество развернутых ответов.
Странно кое-где поспрашивал, но ни кто ни чего толкового не сказал, неужели ни кому до этого это не надо было?(а вдруг кому-то понадобится). Поэтому выкладываю свой вымученный пятью днями код.
Если кто найдет какие-нибудь ошибки просьба сообщить.
PS. Писал в D7, в 2009 не компилится, нужны доп. пляски с указателями.
unit Unit1;
interface
uses
Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
Dialogs, AclApi, accctrl, StdCtrls;
type
TForm1 = class(TForm)
Memo1: TMemo;
Button1: TButton;
procedure Button1Click(Sender: TObject);
private
{ Private declarations }
public
{ Public declarations }
end;
const
ACCESS_ALLOWED_ACE_TYPE = $00;
ACCESS_DENIED_ACE_TYPE = $01;
SYSTEM_AUDIT_ACE_TYPE = $02;
type
ACL_SIZE_INFORMATION = record
AceCount : DWORD;
AclBytesInUse : DWORD;
AclBytesFree : DWORD;
end;
ACE_HEADER = record
AceType : BYTE;
AceFlags : BYTE;
AceSize : WORD;
end;
ACCESS_MASK = DWORD;
ACCESS_ALLOWED_ACE = record
Header : ACE_HEADER;
Mask : ACCESS_MASK;
SidStart : DWORD;
end;
PACE = ^ACCESS_ALLOWED_ACE;
type
NET_API_STATUS = DWORD;
type
SHARE_INFO_1 = record
shi1_netname: LPWSTR;
shi1_type: DWORD;
shi1_remark: LPWSTR;
end;
SHARE_INFO_502 = packed record
shi502_netname: LPWSTR;
shi502_type:DWORD;
shi502_remark:LPWSTR;
shi502_permissions:DWORD;
shi502_max_uses:DWORD;
shi502_current_uses:DWORD;
shi502_path:LPWSTR;
shi502_passwd:LPWSTR;
shi502_reserved:DWORD;
shi502_security_descriptor:PSECURITY_DESCRIPTOR;
end;
TAclType = (atShare, atSecurity);
const
FILE_LIST_DIRECTORY = $0001; //For a directory, the right to list the contents of the directory.
FILE_ADD_FILE = $0002; //For a directory, the right to create a file in the directory.
FILE_ADD_SUBDIRECTORY = $0004; //For a directory, the right to create a subdirectory.
FILE_READ_EA = $0008; //The right to read extended file attributes.
FILE_WRITE_EA = $0010; //The right to write extended file attributes.
FILE_TRAVERSE = $0020; //For a directory, the right to traverse the directory.
FILE_DELETE_CHILD = $0040; //For a directory, the right to delete a directory and all the files it contains, including read-only files.
FILE_READ_ATTRIBUTES = $0080; //The right to read file attributes.
FILE_WRITE_ATTRIBUTES = $0100; //The right to write file attributes.
STND_DELETE = $00010000;
STND_READ_CONTROL = $00020000;
STND_WRITE_DAC = $00040000;
STND_WRITE_OWNER = $00080000;
STND_SYNCHRONIZE = $00100000;
FILE_RIGHT_READ = FILE_LIST_DIRECTORY or FILE_READ_EA or FILE_TRAVERSE or FILE_READ_ATTRIBUTES;
FILE_RIGHT_WRITE = FILE_RIGHT_READ or FILE_ADD_FILE or FILE_ADD_SUBDIRECTORY or FILE_WRITE_EA or FILE_WRITE_ATTRIBUTES;
FILE_RIGHT_ALL = FILE_RIGHT_WRITE or FILE_DELETE_CHILD;
SEC_RIGHT_WRITE = FILE_ADD_FILE or FILE_ADD_SUBDIRECTORY or FILE_WRITE_EA or FILE_WRITE_ATTRIBUTES;
SEC_RIGHT_READ = FILE_LIST_DIRECTORY or FILE_READ_EA or FILE_READ_ATTRIBUTES;
SEC_RIGHT_READ_EXEC = SEC_RIGHT_READ or FILE_TRAVERSE;
SEC_RIGHT_READ_EX_WR = SEC_RIGHT_READ_EXEC or SEC_RIGHT_WRITE;
SEC_RIGHT_MODIFY = SEC_RIGHT_READ_EX_WR;
SEC_RIGHT_ALL = SEC_RIGHT_MODIFY or FILE_DELETE_CHILD;
STND_RIGHT_READ = STND_READ_CONTROL or STND_SYNCHRONIZE;
STND_RIGHT_WRITE = STND_SYNCHRONIZE;
STND_RIGHT_MODIFY = STND_RIGHT_READ or STND_DELETE;
STND_RIGHT_ALL = STND_RIGHT_MODIFY or STND_WRITE_DAC or STND_WRITE_OWNER;
function NetApiBufferAllocate(ByteCount:DWORD; Buffer:pointer):dword;stdcall; External "Netapi32.dll" name "NetApiBufferAllocate";
function NetShareGetInfo(servername: LPWSTR; netname: LPWSTR; level: DWORD; var butptr: Pointer): NET_API_STATUS; stdcall; external "netapi32.dll";
function NetShareEnum(servername: LPWSTR; level: DWORD; var bufptr: Pointer; prefmaxlen: DWORD; entriesread, totalentries, resume_handle: LPDWORD): NET_API_STATUS; stdcall; external "Netapi32.dll";
function NetApiBufferFree(Buffer: Pointer): NET_API_STATUS; stdcall; external "netapi32.dll";
var
Form1: TForm1;
implementation
{$R *.dfm}
procedure GetShares(const CompName: String; List:TStrings);
type TShareInfo1Array = array of SHARE_INFO_1;
var
entriesread, totalentries: DWORD;
Info: Pointer;
I: Integer;
CN: PWideChar;
begin
CN := StringToOleStr(CompName);
if NetShareEnum(CN, 1, Info, DWORD(-1), @entriesread, @totalentries, nil) = 0 then
try
if entriesread > 0 then
for I := 0 to entriesread - 1 do
List.Add(TShareInfo1Array(@(Info^))[I].shi1_netname);
finally
NetApiBufferFree(Info);
end;
end;
← →
charoey_mag (2009-02-24 12:52) [2]
procedure ExportSharePermission(ServerName,ShareName:string; List:TStrings);
procedure ExtractAlc(pDACL :PACL; aType:TAclType; List:TStrings);
var
aclSize : ACL_SIZE_INFORMATION;
ace_idx : DWORD;
AcePtr : Pointer;
SidPtr : PSID;
user : array[0..255] of Char;
domain : array[0..255] of Char;
user_len : DWORD;
domain_len : DWORD;
sid_nu : SID_NAME_USE;
tmpStr : string;
ar : dword;
spec :bool;
begin
if( not GetAclInformation( pDACL^, @aclSize, sizeOf(aclSize), AclSizeInformation )) then
begin
ShowMessage(SysErrorMessage(GetLastError));
exit;
end;
ace_idx := 0;
while( ace_idx < aclSize.AceCount ) do
begin
tmpStr:="";
if (GetAce( pDACL^, ace_idx, AcePtr )) then
begin
user_len := SizeOf( user );
domain_len := SizeOf( domain );
SidPtr := PSID(@(PACE(AcePtr)^.SidStart));
tmpStr:=IntToStr(ace_idx)+") ";
if (LookupAccountSid( nil, SidPtr, user, user_len, domain, domain_len, sid_nu)) then
begin
if domain<>"" then
tmpStr:=tmpStr+domain+"\";
tmpStr:=tmpStr+user;
end
else
tmpStr:=tmpStr+"!unknown";
case (PACE(AcePtr)^.Header.AceType) of
ACCESS_ALLOWED_ACE_TYPE : tmpStr:=tmpStr+#9+" allowed ";
ACCESS_DENIED_ACE_TYPE : tmpStr:=tmpStr+#9+" denied ";
else tmpStr:=tmpStr+#9+" audit ";
end;
ar:=PACE(AcePtr)^.Mask;
spec:=false;
case aType of
atShare:
begin
case ar of
(STND_RIGHT_READ or FILE_RIGHT_READ): tmpStr:=tmpStr+#9+""Read"";
(STND_RIGHT_MODIFY or FILE_RIGHT_WRITE): tmpStr:=tmpStr+#9+""Write"";
(STND_RIGHT_ALL or FILE_RIGHT_ALL): tmpStr:=tmpStr+#9+""Full Access"";
else
spec:=true;
end;
end;
atSecurity:
begin
case ar of
(STND_RIGHT_ALL or SEC_RIGHT_ALL): tmpStr:=tmpStr+#9+""Full Control"";
(STND_RIGHT_MODIFY or SEC_RIGHT_MODIFY): tmpStr:=tmpStr+#9+""Modify"";
(STND_RIGHT_READ or SEC_RIGHT_READ_EX_WR): tmpStr:=tmpStr+#9+""Read and Execute", "Write"";
(STND_RIGHT_READ or SEC_RIGHT_READ_EXEC): tmpStr:=tmpStr+#9+""Read and Execute"";
(STND_RIGHT_READ or SEC_RIGHT_READ): tmpStr:=tmpStr+#9+""Read"";
(STND_RIGHT_WRITE or SEC_RIGHT_WRITE): tmpStr:=tmpStr+#9+""Write"";
else
spec:=true;
end;
end;
end;
if spec then
begin
tmpStr:=tmpStr+#9+"Special(";
if (ar and FILE_LIST_DIRECTORY)<>0 then
tmpStr:=tmpStr+" FILE_LIST_DIRECTORY ";
if (ar and FILE_ADD_FILE)<>0 then
tmpStr:=tmpStr+" FILE_ADD_FILE ";
if (ar and FILE_ADD_SUBDIRECTORY)<>0 then
tmpStr:=tmpStr+" FILE_ADD_SUBDIRECTORY ";
if (ar and FILE_READ_EA)<>0 then
tmpStr:=tmpStr+" FILE_READ_EA ";
if (ar and FILE_WRITE_EA)<>0 then
tmpStr:=tmpStr+" FILE_WRITE_EA ";
if (ar and FILE_TRAVERSE)<>0 then
tmpStr:=tmpStr+" FILE_TRAVERSE ";
if (ar and FILE_DELETE_CHILD)<>0 then
tmpStr:=tmpStr+" FILE_DELETE_CHILD ";
if (ar and FILE_READ_ATTRIBUTES)<>0 then
tmpStr:=tmpStr+" FILE_READ_ATTRIBUTES ";
if (ar and FILE_WRITE_ATTRIBUTES)<>0 then
tmpStr:=tmpStr+" FILE_WRITE_ATTRIBUTES ";
if (ar and STND_DELETE)<>0 then
tmpStr:=tmpStr+" STND_DELETE ";
if (ar and STND_READ_CONTROL)<>0 then
tmpStr:=tmpStr+" STND_READ_CONTROL ";
if (ar and STND_WRITE_DAC)<>0 then
tmpStr:=tmpStr+" STND_WRITE_DAC ";
if (ar and STND_WRITE_OWNER)<>0 then
tmpStr:=tmpStr+" STND_WRITE_OWNER ";
if (ar and STND_SYNCHRONIZE)<>0 then
tmpStr:=tmpStr+" STND_SYNCHRONIZE ";
if (ar and GENERIC_READ)<>0 then
tmpStr:=tmpStr+" GENERIC_READ ";
if (ar and GENERIC_WRITE)<>0 then
tmpStr:=tmpStr+" GENERIC_WRITE ";
if (ar and GENERIC_EXECUTE)<>0 then
tmpStr:=tmpStr+" GENERIC_EXECUTE ";
if (ar and GENERIC_ALL)<>0 then
tmpStr:=tmpStr+" GENERIC_ALL ";
tmpStr:=tmpStr+")";
end;
Form1.Memo1.Lines.Add(tmpStr);
end
else
begin
ShowMessage(SysErrorMessage(GetLastError));
exit;
end;
Inc( ace_idx );
end;
end;
var
pSD : PSECURITY_DESCRIPTOR;
pDACL : PACL;
res : DWORD;
pbBuffer : ^SHARE_INFO_502;
s1,s2 : PWideChar;
daclPres : longbool;
daclDef : longbool;
tmpStr : string;
begin
pbBuffer:=nil;
res:=NetApiBufferAllocate(Sizeof(SHARE_INFO_502),@pbBuffer);
if res<>0 then
begin
ShowMessage(SysErrorMessage(res));
exit;
end;
s1:=StringToOleStr(ServerName);
s2:=StringToOleStr(ShareName);
Res := NetShareGetInfo(s1,s2,502,pointer(pbBuffer));
if res<>0 then
begin
ShowMessage(SysErrorMessage(res));
exit;
end;
List.Add("Share name: "+pbBuffer^.shi502_netname);
List.Add("Share remark: "+pbBuffer^.shi502_remark);
List.Add("Share path: "+pbBuffer^.shi502_path);
if pbBuffer^.shi502_netname="_IPC$" then
begin
List.Add("Impossible to get permissin for "IPC$"");
exit;
end;
{--- Get Share Permission ---}
daclPres:=false;
try
GetSecurityDescriptorDacl(pbBuffer^.shi502_security_descriptor,daclPres,pDACL,da clDef);
except
//ShowMessage(SysErrorMessage(GetLastError));
//exit;
end;
if daclPres then
begin
List.Add("Share Permission:");
ExtractAlc(pDACL, atShare, List);
end
else
List.Add("Share Permission not present");
{--- Get Security Permission of Folder---}
tmpStr:=pbBuffer^.shi502_path;
pDACL:=nil;
res := GetNamedSecurityInfo(PChar(tmpStr),SE_FILE_OBJECT,DACL_SECURITY_INFORMATION,nil, nil,PACL(@pDACL),nil, pSD );
if(res<>ERROR_SUCCESS) then
begin
//ShowMessage(SysErrorMessage(res));
//exit;
end;
if pDACL<>nil then
begin
List.Add("Security Permission:");
ExtractAlc(pDACL, atSecurity, List);
end
else
begin
List.Add("Security Permission not present");
end;
List.Add("");
List.Add("");
end;
procedure TForm1.Button1Click(Sender: TObject);
var List:TStringList;
i:integer;
begin
Memo1.Clear;
List:=TStringList.Create;
GetShares("\\xpsp3",List);
for i:=0 to List.count-1 do
ExportSharePermission("\\xpsp3",list[i],Memo1.Lines);
List.Free;
end;
end.
Страницы: 1 вся ветка
Форум: "Начинающим";
Текущий архив: 2009.04.12;
Скачать: [xml.tar.bz2];
Память: 0.51 MB
Время: 0.005 c