Тип записи контроля доступа | Наименование соответствующей структуры |
ACCESS_ALLOWED_ACE_TYPE | ACCESS_ALLOWED_ACE |
ACCESS_ALLOWED_OBJECT_ACE_TYPE | ACCESS_ALLOWED_OBJECT_ACE |
ACCESS_DENIED_ACE_TYPE | ACCESS_DENIED_ACE |
ACCESS_DENIED_OBJECT_ACE_TYPE | ACCESS_DENIED_OBJECT_ACE. |
SYSTEM_AUDIT_ACE_TYPE | SYSTEM_AUDIT_ACE |
SYSTEM_AUDIT_OBJECT_ACE_TYPE | SYSTEM_AUDIT_OBJECT_ACE |
IN | lpRootPathName | Корневой каталог раздела |
OUT | lpVolumeNameBuffer | Имя дискового раздела |
IN | nVolumeNameSize | Размер буфера, в котором возвращается имя раздела |
OUT | lpVolumeSerialNumber | Номер дискового раздела |
OUT | LpMaximumComponentLength | Максимальная длина имени файла, возможная для этого раздела |
OUT | lpFileSystemFlags | Набор флагов, описывающих св-ва раздела |
OUT | lpFileSystemNameBuffer | Буфер, в котором будет возвращено название операционной системы |
IN | nFileSystemNameSize | Размер буфера, в котором возвращается имя операционной системы |
Листинг 1. Список дисковых разделов на локальном компьютере.
void LoadDrives() { LPBYTE lpBuf; DWORD dwReaded; DWORD dwTotal; PWCHAR p; DWORD i; CString csStr; CString csFileSystemName; int nItem; BOOL bIsACL; if( NetServerDiskEnum( NULL,0,&lpBuf,MAX_ PREFERRED_ LENGTH,&dwReaded, &dwTotal,NULL ) == NERR_Success ) { p = (PWCHAR)lpBuf; for( i = 0; i < dwReaded; i++ ) { csStr = p; csStr = csStr + "\\"; nItem = m_listDrive.InsertItem( i,csStr,0); GetPartitionTypeEx( csStr,csFileSystemName, bIsACL ); … p = p + 3; } NetApiBufferFree( lpBuf ); } }
Листинг 2. Информация о логическом дисковом разделе.
int GetPartitionTypeEx( LPCTSTR szName, CString &csFileSystemName, BOOL &bIsACL ) { char szVolumeNameBuffer[MAX_PATH + 1]; DWORD dwMaximumComponentLength; DWORD dwFileSystemFlags; DWORD dwVolumeSerialNumber; char szFileSystemNameBuffer[MAX_PATH + 1]; if( GetVolumeInformation( szName, szVolumeNameBuffer, MAX_PATH, &dwVolumeSerialNumber, &dwMaximumComponentLength, &dwFileSystemFlags, szFileSystemNameBuffer, MAX_PATH ) ) { csFileSystemName = szFileSystemNameBuffer; bIsACL = ( dwFileSystemFlags & FS_PERSISTENT_ACLS ) == FS_PERSISTENT_ACLS; } else { csFileSystemName = "unknown"; bIsACL = FALSE; } return 1; }
Листинг 3. Получение информации о правах доступа к объекту.
BOOL GetObjectPermissions( LPTSTR szObjectName ) { PSECURITY_DESCRIPTOR lpSec; PACL pDACL; PSID lpOwnerSID; SID_NAME_USE eUse; TCHAR szName[ACE_NAME_SIZE + 1]; unsigned long nNameSize = ACE_NAME_SIZE; TCHAR szDomain[ACE_NAME_SIZE + 1]; unsigned long nDomainSize = ACE_NAME_SIZE; int i; ACE_HEADER *lpACEHeader; ACCESS_ALLOWED_ACE *lpAllowedACE; LPOBJECTACCESS_MASK lpAccess; if( GetNamedSecurityInfo( szObjectName, SE_FILE_OBJECT, DACL_ SECURITY_INFORMATION, (void**)&lpOwnerSID, NULL, &pDACL, NULL, NULL ) == ERROR_SUCCESS ) { if( ( pDACL != NULL ) && ( pDACL->AceCount > 0 ) ) { lpACEHeader = (ACE_HEADER*)((char*)pDACL + sizeof(ACL) ); i = 0; while( GetAce( pDACL,i,(void**)&lpACEHeader ) ) { nNameSize = ACE_NAME_SIZE; nDomainSize = ACE_NAME_SIZE; switch( lpACEHeader->AceType ) { case ACCESS_ALLOWED_OBJECT_ACE_TYPE: break; case ACCESS_DENIED_ACE_TYPE: break; case ACCESS_DENIED_OBJECT_ACE_TYPE: break; case ACCESS_ALLOWED_ACE_TYPE: lpAllowedACE = (ACCESS_ALLOWED_ACE*)lpACEHeader; if( LookupAccountSid( NULL, (void*)&lpAllowedACE->SidStart, szName, &nNameSize, szDomain, &nDomainSize, &eUse ) ) { lpAccess = (LPOBJECTACCESS_MASK)&lpAllowedACE ->Mask; if( lpAccess->StandardRights == 31 ) { // Full Control } if( lpAccess->StandardRights == 18 ) { // Read } if( lpAccess->StandardRights == 19 ) { // Write (change) } } break; } i++; } ……… LocalFree( lpSec ); } } return TRUE; }
Листинг 4. Получение списка разделяемых ресурсов и прав на них.
void ScanShares( … ) { DWORD dwReaded; DWORD dwTotal; LPSHARE_INFO_502 lpShareInfo; LPSHARE_INFO_502 lpShare; PSECURITY_DESCRIPTOR lpSecDescr; BOOL bDaclPresent; PACL pDACL; BOOL bDaclDefaulted; DWORD i; int j; ACE_HEADER *lpACEHeader; ACCESS_ALLOWED_ACE *lpAllowedACE; TCHAR szName[ACE_NAME_SIZE + 1]; unsigned long nNameSize = ACE_NAME_SIZE; TCHAR szDomain[ACE_NAME_SIZE + 1]; unsigned long nDomainSize = ACE_NAME_SIZE; SID_NAME_USE eUse; TCHAR szBuf[ACE_NAME_SIZE + 1]; CString csShareName; CString csPath; CString csCommand; CString csDelCommand; TCHAR szCompName[MAX_COMPUTERNAME_LENGTH + 1]; DWORD dwCompNameSize = MAX_COMPUTERNAME_LENGTH; LPOBJECTACCESS_MASK lpAccess; m_nSharesCount = 0; if( NetShareEnum( NULL,502,(LPBYTE*)&lpShareInfo,0xFFFFFFFF, &dwReaded,&dwTotal,NULL ) == NERR_Success ) { for( i = 0; i < dwReaded; i++ ) { WideCharToMultiByte( CP_ACP,0,(unsigned short*)lpShareInfo[i] .shi502_path,-1,szBuf,ACE_NAME_SIZE,NULL,NULL ); csPath = szBuf; if( IsPathExists( csPath ) || ( !m_checkShareValid.GetCheck() ) ) { if( NetShareGetInfo( NULL,lpShareInfo[i].shi502_netname,502, (LPBYTE*)&lpShare ) == NERR_Success ) { lpSecDescr = lpShare->shi502_security_descriptor; if( lpSecDescr != NULL ) { if( GetSecurityDescriptorDacl( lpSecDescr,&bDaclPresent, &pDACL,&bDaclDefaulted ) ) { j = 0; while( GetAce( pDACL,j,(void**)&lpACEHeader ) ) { nNameSize = ACE_NAME_SIZE; nDomainSize = ACE_NAME_SIZE; switch( lpACEHeader->AceType ) { case ACCESS_ALLOWED_ACE_TYPE: lpAllowedACE = (ACCESS_ALLOWED_ACE*)lpACEHeader; if( LookupAccountSid( NULL,(void*)&lpAllowedACE->SidStart, szName,&nNameSize, szDomain,&nDomainSize, &eUse ) ) { lpAccess = (LPOBJECTACCESS_MASK) &lpAllowedACE->Mask; if( lpAccess->StandardRights == 31 { … } else { if( lpAccess->StandardRights == 18 ) { … } else { if( lpAccess->StandardRights == 19 ) } … } } } } break; } j++; } } } NetApiBufferFree( (LPVOID)lpShare ); WriteStringToFile( hFile,TRUE,csDelCommand ); WriteStringToFile( hFile,TRUE,csCommand ); m_nSharesCount++; ShowStatistics(); } } } NetApiBufferFree( (LPVOID)lpShareInfo ); } }