Права доступа

← →
charoey_mag (2009-02-19 15:18) [0]

Как можно узнать права доступа у общей папки и права безопасности и нее?

← →
charoey_mag (2009-02-24 12:51) [1]

Спасибо за помощь, и огромное количество развернутых ответов.
Странно кое-где поспрашивал, но ни кто ни чего толкового не сказал, неужели ни кому до этого это не надо было?(а вдруг кому-то понадобится). Поэтому выкладываю свой вымученный пятью днями код.
Если кто найдет какие-нибудь ошибки просьба сообщить.
PS. Писал в D7, в 2009 не компилится, нужны доп. пляски с указателями.

unit Unit1; interface uses Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms, Dialogs, AclApi, accctrl, StdCtrls; type TForm1 = class(TForm) Memo1: TMemo; Button1: TButton; procedure Button1Click(Sender: TObject); private { Private declarations } public { Public declarations } end; const ACCESS_ALLOWED_ACE_TYPE = $00; ACCESS_DENIED_ACE_TYPE = $01; SYSTEM_AUDIT_ACE_TYPE = $02; type ACL_SIZE_INFORMATION = record AceCount : DWORD; AclBytesInUse : DWORD; AclBytesFree : DWORD; end; ACE_HEADER = record AceType : BYTE; AceFlags : BYTE; AceSize : WORD; end; ACCESS_MASK = DWORD; ACCESS_ALLOWED_ACE = record Header : ACE_HEADER; Mask : ACCESS_MASK; SidStart : DWORD; end; PACE = ^ACCESS_ALLOWED_ACE; type NET_API_STATUS = DWORD; type SHARE_INFO_1 = record shi1_netname: LPWSTR; shi1_type: DWORD; shi1_remark: LPWSTR; end; SHARE_INFO_502 = packed record shi502_netname: LPWSTR; shi502_type:DWORD; shi502_remark:LPWSTR; shi502_permissions:DWORD; shi502_max_uses:DWORD; shi502_current_uses:DWORD; shi502_path:LPWSTR; shi502_passwd:LPWSTR; shi502_reserved:DWORD; shi502_security_descriptor:PSECURITY_DESCRIPTOR; end; TAclType = (atShare, atSecurity); const FILE_LIST_DIRECTORY = $0001; //For a directory, the right to list the contents of the directory. FILE_ADD_FILE = $0002; //For a directory, the right to create a file in the directory. FILE_ADD_SUBDIRECTORY = $0004; //For a directory, the right to create a subdirectory. FILE_READ_EA = $0008; //The right to read extended file attributes. FILE_WRITE_EA = $0010; //The right to write extended file attributes. FILE_TRAVERSE = $0020; //For a directory, the right to traverse the directory. FILE_DELETE_CHILD = $0040; //For a directory, the right to delete a directory and all the files it contains, including read-only files. FILE_READ_ATTRIBUTES = $0080; //The right to read file attributes. FILE_WRITE_ATTRIBUTES = $0100; //The right to write file attributes. STND_DELETE = $00010000; STND_READ_CONTROL = $00020000; STND_WRITE_DAC = $00040000; STND_WRITE_OWNER = $00080000; STND_SYNCHRONIZE = $00100000; FILE_RIGHT_READ = FILE_LIST_DIRECTORY or FILE_READ_EA or FILE_TRAVERSE or FILE_READ_ATTRIBUTES; FILE_RIGHT_WRITE = FILE_RIGHT_READ or FILE_ADD_FILE or FILE_ADD_SUBDIRECTORY or FILE_WRITE_EA or FILE_WRITE_ATTRIBUTES; FILE_RIGHT_ALL = FILE_RIGHT_WRITE or FILE_DELETE_CHILD; SEC_RIGHT_WRITE = FILE_ADD_FILE or FILE_ADD_SUBDIRECTORY or FILE_WRITE_EA or FILE_WRITE_ATTRIBUTES; SEC_RIGHT_READ = FILE_LIST_DIRECTORY or FILE_READ_EA or FILE_READ_ATTRIBUTES; SEC_RIGHT_READ_EXEC = SEC_RIGHT_READ or FILE_TRAVERSE; SEC_RIGHT_READ_EX_WR = SEC_RIGHT_READ_EXEC or SEC_RIGHT_WRITE; SEC_RIGHT_MODIFY = SEC_RIGHT_READ_EX_WR; SEC_RIGHT_ALL = SEC_RIGHT_MODIFY or FILE_DELETE_CHILD; STND_RIGHT_READ = STND_READ_CONTROL or STND_SYNCHRONIZE; STND_RIGHT_WRITE = STND_SYNCHRONIZE; STND_RIGHT_MODIFY = STND_RIGHT_READ or STND_DELETE; STND_RIGHT_ALL = STND_RIGHT_MODIFY or STND_WRITE_DAC or STND_WRITE_OWNER; function NetApiBufferAllocate(ByteCount:DWORD; Buffer:pointer):dword;stdcall; External "Netapi32.dll" name "NetApiBufferAllocate"; function NetShareGetInfo(servername: LPWSTR; netname: LPWSTR; level: DWORD; var butptr: Pointer): NET_API_STATUS; stdcall; external "netapi32.dll"; function NetShareEnum(servername: LPWSTR; level: DWORD; var bufptr: Pointer; prefmaxlen: DWORD; entriesread, totalentries, resume_handle: LPDWORD): NET_API_STATUS; stdcall; external "Netapi32.dll"; function NetApiBufferFree(Buffer: Pointer): NET_API_STATUS; stdcall; external "netapi32.dll"; var Form1: TForm1; implementation {$R *.dfm} procedure GetShares(const CompName: String; List:TStrings); type TShareInfo1Array = array of SHARE_INFO_1; var entriesread, totalentries: DWORD; Info: Pointer; I: Integer; CN: PWideChar; begin CN := StringToOleStr(CompName); if NetShareEnum(CN, 1, Info, DWORD(-1), @entriesread, @totalentries, nil) = 0 then try if entriesread > 0 then for I := 0 to entriesread - 1 do List.Add(TShareInfo1Array(@(Info^))[I].shi1_netname); finally NetApiBufferFree(Info); end; end;

← →
charoey_mag (2009-02-24 12:52) [2]

procedure ExportSharePermission(ServerName,ShareName:string; List:TStrings); procedure ExtractAlc(pDACL :PACL; aType:TAclType; List:TStrings); var aclSize : ACL_SIZE_INFORMATION; ace_idx : DWORD; AcePtr : Pointer; SidPtr : PSID; user : array[0..255] of Char; domain : array[0..255] of Char; user_len : DWORD; domain_len : DWORD; sid_nu : SID_NAME_USE; tmpStr : string; ar : dword; spec :bool; begin if( not GetAclInformation( pDACL^, @aclSize, sizeOf(aclSize), AclSizeInformation )) then begin ShowMessage(SysErrorMessage(GetLastError)); exit; end; ace_idx := 0; while( ace_idx < aclSize.AceCount ) do begin tmpStr:=""; if (GetAce( pDACL^, ace_idx, AcePtr )) then begin user_len := SizeOf( user ); domain_len := SizeOf( domain ); SidPtr := PSID(@(PACE(AcePtr)^.SidStart)); tmpStr:=IntToStr(ace_idx)+") "; if (LookupAccountSid( nil, SidPtr, user, user_len, domain, domain_len, sid_nu)) then begin if domain<>"" then tmpStr:=tmpStr+domain+"\"; tmpStr:=tmpStr+user; end else tmpStr:=tmpStr+"!unknown"; case (PACE(AcePtr)^.Header.AceType) of ACCESS_ALLOWED_ACE_TYPE : tmpStr:=tmpStr+#9+" allowed "; ACCESS_DENIED_ACE_TYPE : tmpStr:=tmpStr+#9+" denied "; else tmpStr:=tmpStr+#9+" audit "; end; ar:=PACE(AcePtr)^.Mask; spec:=false; case aType of atShare: begin case ar of (STND_RIGHT_READ or FILE_RIGHT_READ): tmpStr:=tmpStr+#9+""Read""; (STND_RIGHT_MODIFY or FILE_RIGHT_WRITE): tmpStr:=tmpStr+#9+""Write""; (STND_RIGHT_ALL or FILE_RIGHT_ALL): tmpStr:=tmpStr+#9+""Full Access""; else spec:=true; end; end; atSecurity: begin case ar of (STND_RIGHT_ALL or SEC_RIGHT_ALL): tmpStr:=tmpStr+#9+""Full Control""; (STND_RIGHT_MODIFY or SEC_RIGHT_MODIFY): tmpStr:=tmpStr+#9+""Modify""; (STND_RIGHT_READ or SEC_RIGHT_READ_EX_WR): tmpStr:=tmpStr+#9+""Read and Execute", "Write""; (STND_RIGHT_READ or SEC_RIGHT_READ_EXEC): tmpStr:=tmpStr+#9+""Read and Execute""; (STND_RIGHT_READ or SEC_RIGHT_READ): tmpStr:=tmpStr+#9+""Read""; (STND_RIGHT_WRITE or SEC_RIGHT_WRITE): tmpStr:=tmpStr+#9+""Write""; else spec:=true; end; end; end; if spec then begin tmpStr:=tmpStr+#9+"Special("; if (ar and FILE_LIST_DIRECTORY)<>0 then tmpStr:=tmpStr+" FILE_LIST_DIRECTORY "; if (ar and FILE_ADD_FILE)<>0 then tmpStr:=tmpStr+" FILE_ADD_FILE "; if (ar and FILE_ADD_SUBDIRECTORY)<>0 then tmpStr:=tmpStr+" FILE_ADD_SUBDIRECTORY "; if (ar and FILE_READ_EA)<>0 then tmpStr:=tmpStr+" FILE_READ_EA "; if (ar and FILE_WRITE_EA)<>0 then tmpStr:=tmpStr+" FILE_WRITE_EA "; if (ar and FILE_TRAVERSE)<>0 then tmpStr:=tmpStr+" FILE_TRAVERSE "; if (ar and FILE_DELETE_CHILD)<>0 then tmpStr:=tmpStr+" FILE_DELETE_CHILD "; if (ar and FILE_READ_ATTRIBUTES)<>0 then tmpStr:=tmpStr+" FILE_READ_ATTRIBUTES "; if (ar and FILE_WRITE_ATTRIBUTES)<>0 then tmpStr:=tmpStr+" FILE_WRITE_ATTRIBUTES "; if (ar and STND_DELETE)<>0 then tmpStr:=tmpStr+" STND_DELETE "; if (ar and STND_READ_CONTROL)<>0 then tmpStr:=tmpStr+" STND_READ_CONTROL "; if (ar and STND_WRITE_DAC)<>0 then tmpStr:=tmpStr+" STND_WRITE_DAC "; if (ar and STND_WRITE_OWNER)<>0 then tmpStr:=tmpStr+" STND_WRITE_OWNER "; if (ar and STND_SYNCHRONIZE)<>0 then tmpStr:=tmpStr+" STND_SYNCHRONIZE "; if (ar and GENERIC_READ)<>0 then tmpStr:=tmpStr+" GENERIC_READ "; if (ar and GENERIC_WRITE)<>0 then tmpStr:=tmpStr+" GENERIC_WRITE "; if (ar and GENERIC_EXECUTE)<>0 then tmpStr:=tmpStr+" GENERIC_EXECUTE "; if (ar and GENERIC_ALL)<>0 then tmpStr:=tmpStr+" GENERIC_ALL "; tmpStr:=tmpStr+")"; end; Form1.Memo1.Lines.Add(tmpStr); end else begin ShowMessage(SysErrorMessage(GetLastError)); exit; end; Inc( ace_idx ); end; end; var pSD : PSECURITY_DESCRIPTOR; pDACL : PACL; res : DWORD; pbBuffer : ^SHARE_INFO_502; s1,s2 : PWideChar; daclPres : longbool; daclDef : longbool; tmpStr : string; begin pbBuffer:=nil; res:=NetApiBufferAllocate(Sizeof(SHARE_INFO_502),@pbBuffer); if res<>0 then begin ShowMessage(SysErrorMessage(res)); exit; end; s1:=StringToOleStr(ServerName); s2:=StringToOleStr(ShareName); Res := NetShareGetInfo(s1,s2,502,pointer(pbBuffer)); if res<>0 then begin ShowMessage(SysErrorMessage(res)); exit; end; List.Add("Share name: "+pbBuffer^.shi502_netname); List.Add("Share remark: "+pbBuffer^.shi502_remark); List.Add("Share path: "+pbBuffer^.shi502_path); if pbBuffer^.shi502_netname="_IPC$" then begin List.Add("Impossible to get permissin for "IPC$""); exit; end; {--- Get Share Permission ---} daclPres:=false; try GetSecurityDescriptorDacl(pbBuffer^.shi502_security_descriptor,daclPres,pDACL,da clDef); except //ShowMessage(SysErrorMessage(GetLastError)); //exit; end; if daclPres then begin List.Add("Share Permission:"); ExtractAlc(pDACL, atShare, List); end else List.Add("Share Permission not present"); {--- Get Security Permission of Folder---} tmpStr:=pbBuffer^.shi502_path; pDACL:=nil; res := GetNamedSecurityInfo(PChar(tmpStr),SE_FILE_OBJECT,DACL_SECURITY_INFORMATION,nil, nil,PACL(@pDACL),nil, pSD ); if(res<>ERROR_SUCCESS) then begin //ShowMessage(SysErrorMessage(res)); //exit; end; if pDACL<>nil then begin List.Add("Security Permission:"); ExtractAlc(pDACL, atSecurity, List); end else begin List.Add("Security Permission not present"); end; List.Add(""); List.Add(""); end; procedure TForm1.Button1Click(Sender: TObject); var List:TStringList; i:integer; begin Memo1.Clear; List:=TStringList.Create; GetShares("\\xpsp3",List); for i:=0 to List.count-1 do ExportSharePermission("\\xpsp3",list[i],Memo1.Lines); List.Free; end; end.

Права доступа Найти похожие ветки