Win 8 似乎有一个新的用户组“ALL APPLICATION PACKAGES”。默认情况下,该组似乎对所有文件夹都具有读取权限。但是我的要求是在我创建的文件夹上设置一些特定的 ACL。该组目前对我的文件夹没有权限,我编写了一些代码来为“所有应用程序包”添加读取权限。我使用的是 VS 2010,下面是精简的代码片段。

http://msdn.microsoft.com/en-us/library/cc980032.aspx 中列出的“所有应用程序包”的 SID是 ALL_APP_PACKAGES (S-1-15-2-1)。

但无论我作为受托人 Name 如何或传递什么值,下面的代码都不起作用。例如,在下面的代码中,SetNamedSecurityInfo() 因 ERROR_INVALID_ACL 而失败。但是,如果我使用“Administrators”或“Everyone”帐户,则它会起作用。

我需要分配的确切权限是“读取和执行”、“列出文件夹内容”和“读取”

#include "stdafx.h" 
#include "windows.h" 
#include "sddl.h" 
#include "Aclapi.h" 
 
int _tmain(int argc, _TCHAR* argv[]) 
{ 
TCHAR pszObjName[MAX_PATH] = L"C:\\Program Files\\Common Files\\Test\\"; 
PACL pOldDACL = NULL, pNewDACL = NULL; 
PSECURITY_DESCRIPTOR pSD = NULL; 
EXPLICIT_ACCESS ea; 
SECURITY_INFORMATION si = DACL_SECURITY_INFORMATION; 
 
// Get a pointer to the existing DACL (Conditionaly). 
DWORD dwRes = GetNamedSecurityInfo(pszObjName, SE_FILE_OBJECT, DACL_SECURITY_INFORMATION, NULL, NULL, &pOldDACL, NULL, &pSD); 
 
// Initialize an EXPLICIT_ACCESS structure for the new ACE.  
ZeroMemory(&ea, sizeof(EXPLICIT_ACCESS)); 
ea.grfAccessPermissions = STANDARD_RIGHTS_READ; 
ea.grfAccessMode = SET_ACCESS; 
ea.grfInheritance= SUB_CONTAINERS_AND_OBJECTS_INHERIT; 
ea.Trustee.TrusteeForm = TRUSTEE_IS_SID; 
// ea.Trustee.TrusteeType = TRUSTEE_IS_GROUP; 
// Should I be using SID (S-1-15-2-1) (SetEntriesInAcl() fails) or "ALL_APP_PACKAGES" (SetEntriesInAcl() passes but SetNamedSecurityInfo() fails) 
//If I use "Administrators" or "Everyone" as Trustee Name then it works fine but not with "ALL APPLICATION PACKAGES" 
ea.Trustee.ptstrName = _T(" ALL_APP_PACKAGES");  
 
// Create a new ACL that merges the new ACE into the existing DACL. 
dwRes = SetEntriesInAcl(1, &ea, pOldDACL, &pNewDACL); 
if(ERROR_SUCCESS != dwRes)  
goto Cleanup;  
 
// Attach the new ACL as the object's DACL. 
dwRes = SetNamedSecurityInfo(pszObjName, SE_FILE_OBJECT, si, NULL, NULL, pNewDACL, NULL); 
if(ERROR_SUCCESS != dwRes)   
goto Cleanup; 
 
Cleanup: 
if(pSD != NULL)  
LocalFree((HLOCAL) pSD);  
if(pNewDACL != NULL)  
LocalFree((HLOCAL) pNewDACL);  
 
return dwRes; 
} 

请您参考如下方法:

尝试以这种方式设置 Trustee 结构。它对我有用。

ea.Trustee.TrusteeForm = TRUSTEE_IS_NAME; 
ea.Trustee.TrusteeType = TRUSTEE_IS_WELL_KNOWN_GROUP; 
ea.Trustee.ptstrName = L"ALL APPLICATION PACKAGES";  


评论关闭
IT虾米网

微信公众号号:IT虾米 (左侧二维码扫一扫)欢迎添加!