偶在别处找到的Ntfs格式下的文件添加权限,代码如下:
const
ACL_REVISION = 2;
ACL_REVISION2 = 2;
netapi32lib = 'Netapi32.dll';Type
NET_API_STATUS = Integer; PShare_Info_502 = ^TShare_Info_502;
TShare_Info_502 = record
shi502_netName: PWideChar;
shi502_type: DWORD;
shi502_re: PWideChar;
shi502_permissions: DWORD;
shi502_max_uses: DWORD;
shi502_current_uses : DWORD;
shi502_path: PWideChar;
shi502_passwd: PWideChar;
shi502_reserved: DWORD;
shi502_security_descriptor: PSECURITY_DESCRIPTOR;
end; ACE_HEADER = record
AceType: Byte;
AceFlags: Byte;
AceSize: Word;
end; ACCESS_ALLOWED_ACE = record
Header:ACE_HEADER;
Mask:ACCESS_MASK;
SidStart:DWORD;
end; ACL_SIZE_INFORMATION = record
AceCount: DWORD;
AclBytesInUse: DWORD;
AclBytesFree: DWORD;
end; PACE_HEADER = ^ACE_HEADER;function NetApiBufferFree(Buffer: Pointer): NET_API_STATUS; stdcall external netapi32lib;
function NetShareGetInfo(servername: LPWSTR; netname: LPWSTR; level: DWORD;
var butptr: Pointer): NET_API_STATUS; stdcall; external netapi32lib;
function NetShareSetInfo(servername: LPWSTR; netname: LPWSTR; leve: DWORD;
const buf: Pointer; parm_err: PDWORD): NET_API_STATUS; stdcall; external netapi32lib;//添加文件、目录访问权限,对应于对象属性页中"安全" 页中的设置
function AddFileAccesRights(const FileName, UserName: string;
dwAccessMask: DWORD): boolean;
var
// SID variables
snuType : SID_NAME_USE;
szDomain : PChar;
cbDomain: DWORD;
pUserSID: Pointer;
cbUserSID: DWORD;
// File SD variables.
pFileSD: PSECURITY_DESCRIPTOR;
cbFileSD: DWORD;
// New SD variables.
pNewSD: PSECURITY_DESCRIPTOR;
// ACL variables.
p_ACL : PACL;
fDaclPresent, fDaclDefaulted : LongBool;
AclInfo: ACL_SIZE_INFORMATION;
// New ACL variables.
pNewACL : PACL;
cbNewACL: DWORD;
// Temporary ACE.
pTempAce: Pointer;
CurrentAceIndex : Cardinal;
begin
szDomain := nil;
cbDomain := 0;
pUserSID := nil;
cbUserSID := 0;
pFileSD := nil;
cbFileSD := 0;
pNewSD := nil;
p_ACL := nil;
pNewACL := nil;
pTempAce := nil; //
// STEP 1: Get SID for given user.
//
Result := LookupAccountName(nil, PChar(UserName),
pUserSID, cbUserSID, szDomain, cbDomain, snuType); // API should have failed with insufficient buffer.
if (not Result) and (GetLastError <> ERROR_INSUFFICIENT_BUFFER) then
RaiseLastWin32Error; pUserSID := AllocMem(cbUserSID);
szDomain := AllocMem(cbDomain);
try
Result := LookupAccountName(nil, PChar(UserName),
pUserSID, cbUserSID, szDomain, cbDomain, snuType); if (not Result) then
RaiseLastWin32Error; // STEP 2: Get security descriptor (SD) for file.
Result := GetFileSecurity(PChar(FileName),
DACL_SECURITY_INFORMATION, pFileSD, 0, cbFileSD); if (not Result) and (GetLastError <> ERROR_INSUFFICIENT_BUFFER) then
RaiseLastWin32Error; pFileSD := AllocMem(cbFileSD); Result := GetFileSecurity(PChar(FileName),
DACL_SECURITY_INFORMATION, pFileSD, cbFileSD, cbFileSD);
if (not Result) then
RaiseLastWin32Error; // STEP 3: Initialize new SD.
pNewSD := AllocMem(cbFileSD); // Should be same size as FileSD. if (not InitializeSecurityDescriptor(pNewSD,
SECURITY_DESCRIPTOR_REVISION)) then
RaiseLastWin32Error; // STEP 4: Get DACL from SD.
if (not GetSecurityDescriptorDacl(pFileSD, fDaclPresent, p_ACL,
fDaclDefaulted)) then
RaiseLastWin32Error;
// STEP 5: Get size information for DACL.
AclInfo.AceCount := 0; // Assume NULL DACL.
AclInfo.AclBytesFree := 0;
AclInfo.AclBytesInUse := SizeOf(ACL); if (fDaclPresent and Assigned(p_ACL)) then
begin
if (not GetAclInformation(p_ACL^, @AclInfo,
SizeOf(ACL_SIZE_INFORMATION), AclSizeInformation)) then
RaiseLastWin32Error; // STEP 6: Compute size needed for the new ACL.
cbNewACL := AclInfo.AclBytesInUse + SizeOf(ACCESS_ALLOWED_ACE)
+ GetLengthSid(pUserSID) - SizeOf(DWORD); // STEP 7: Allocate memory for new ACL.
pNewACL := AllocMem(cbNewACL); // STEP 8: Initialize the new ACL.
if (not InitializeAcl(pNewACL^, cbNewACL, ACL_REVISION2)) then
RaiseLastWin32Error;
// STEP 9: If DACL is present, copy it to a new DACL.
if (fDaclPresent) then
begin
// STEP 10: Copy the file's ACEs to the new ACL.
if (AclInfo.AceCount > 0) then
begin
for CurrentAceIndex := 0 to AclInfo.AceCount - 1 do
begin
// STEP 11: Get an ACE.
if (not GetAce(p_ACL^, CurrentAceIndex, pTempAce)) then
RaiseLastWin32Error;
// STEP 12: Add the ACE to the new ACL.
if (not AddAce(pNewACL^, ACL_REVISION, MAXDWORD, pTempAce,
PACE_HEADER(pTempAce)^.AceSize)) then
RaiseLastWin32Error;
end
end
end; // STEP 13: Add the access-allowed ACE to the new DACL.
if (not AddAccessAllowedAce(pNewACL^, ACL_REVISION2, dwAccessMask,
pUserSID)) then
RaiseLastWin32Error; // STEP 14: Set the new DACL to the file SD.
if (not SetSecurityDescriptorDacl(pNewSD, True, pNewACL, False)) then
RaiseLastWin32Error; // STEP 15: Set the SD to the File.
if (not SetFileSecurity(PChar(FileName), DACL_SECURITY_INFORMATION,
pNewSD)) then
RaiseLastWin32Error;
Result := True;
end;
finally
// STEP 16: Free allocated memory
if Assigned(pUserSID) then
FreeMem(pUserSID);
if Assigned(szDomain) then
FreeMem(szDomain);
if Assigned(pFileSD) then
FreeMem(pFileSD);
if Assigned(pNewSD) then
FreeMem(pNewSD);
if Assigned(pNewACL) then
FreeMem(pNewACL);
end;
end;
可是在这里权限这个变量dwAccessMask偶实在不知道该取什么值,我把GENERIC_ALL等几个权限值都试了一遍,执行完成后,我在windows中查看安全时,总是提示我新添加的安全权限顺序不正确,不知道为什么,望各位大侠帮帮忙,另外还有一疑问,就是用这个函数对文件夹设安全权限时,不知道怎样把权限应用于该文件夹及子文件夹及文件,此函数执行后为应用于该文件夹,不知道该怎样修改。
如果有其它函数可以实现也可以!偶先谢谢各位了。
const
ACL_REVISION = 2;
ACL_REVISION2 = 2;
netapi32lib = 'Netapi32.dll';Type
NET_API_STATUS = Integer; PShare_Info_502 = ^TShare_Info_502;
TShare_Info_502 = record
shi502_netName: PWideChar;
shi502_type: DWORD;
shi502_re: PWideChar;
shi502_permissions: DWORD;
shi502_max_uses: DWORD;
shi502_current_uses : DWORD;
shi502_path: PWideChar;
shi502_passwd: PWideChar;
shi502_reserved: DWORD;
shi502_security_descriptor: PSECURITY_DESCRIPTOR;
end; ACE_HEADER = record
AceType: Byte;
AceFlags: Byte;
AceSize: Word;
end; ACCESS_ALLOWED_ACE = record
Header:ACE_HEADER;
Mask:ACCESS_MASK;
SidStart:DWORD;
end; ACL_SIZE_INFORMATION = record
AceCount: DWORD;
AclBytesInUse: DWORD;
AclBytesFree: DWORD;
end; PACE_HEADER = ^ACE_HEADER;function NetApiBufferFree(Buffer: Pointer): NET_API_STATUS; stdcall external netapi32lib;
function NetShareGetInfo(servername: LPWSTR; netname: LPWSTR; level: DWORD;
var butptr: Pointer): NET_API_STATUS; stdcall; external netapi32lib;
function NetShareSetInfo(servername: LPWSTR; netname: LPWSTR; leve: DWORD;
const buf: Pointer; parm_err: PDWORD): NET_API_STATUS; stdcall; external netapi32lib;//添加文件、目录访问权限,对应于对象属性页中"安全" 页中的设置
function AddFileAccesRights(const FileName, UserName: string;
dwAccessMask: DWORD): boolean;
var
// SID variables
snuType : SID_NAME_USE;
szDomain : PChar;
cbDomain: DWORD;
pUserSID: Pointer;
cbUserSID: DWORD;
// File SD variables.
pFileSD: PSECURITY_DESCRIPTOR;
cbFileSD: DWORD;
// New SD variables.
pNewSD: PSECURITY_DESCRIPTOR;
// ACL variables.
p_ACL : PACL;
fDaclPresent, fDaclDefaulted : LongBool;
AclInfo: ACL_SIZE_INFORMATION;
// New ACL variables.
pNewACL : PACL;
cbNewACL: DWORD;
// Temporary ACE.
pTempAce: Pointer;
CurrentAceIndex : Cardinal;
begin
szDomain := nil;
cbDomain := 0;
pUserSID := nil;
cbUserSID := 0;
pFileSD := nil;
cbFileSD := 0;
pNewSD := nil;
p_ACL := nil;
pNewACL := nil;
pTempAce := nil; //
// STEP 1: Get SID for given user.
//
Result := LookupAccountName(nil, PChar(UserName),
pUserSID, cbUserSID, szDomain, cbDomain, snuType); // API should have failed with insufficient buffer.
if (not Result) and (GetLastError <> ERROR_INSUFFICIENT_BUFFER) then
RaiseLastWin32Error; pUserSID := AllocMem(cbUserSID);
szDomain := AllocMem(cbDomain);
try
Result := LookupAccountName(nil, PChar(UserName),
pUserSID, cbUserSID, szDomain, cbDomain, snuType); if (not Result) then
RaiseLastWin32Error; // STEP 2: Get security descriptor (SD) for file.
Result := GetFileSecurity(PChar(FileName),
DACL_SECURITY_INFORMATION, pFileSD, 0, cbFileSD); if (not Result) and (GetLastError <> ERROR_INSUFFICIENT_BUFFER) then
RaiseLastWin32Error; pFileSD := AllocMem(cbFileSD); Result := GetFileSecurity(PChar(FileName),
DACL_SECURITY_INFORMATION, pFileSD, cbFileSD, cbFileSD);
if (not Result) then
RaiseLastWin32Error; // STEP 3: Initialize new SD.
pNewSD := AllocMem(cbFileSD); // Should be same size as FileSD. if (not InitializeSecurityDescriptor(pNewSD,
SECURITY_DESCRIPTOR_REVISION)) then
RaiseLastWin32Error; // STEP 4: Get DACL from SD.
if (not GetSecurityDescriptorDacl(pFileSD, fDaclPresent, p_ACL,
fDaclDefaulted)) then
RaiseLastWin32Error;
// STEP 5: Get size information for DACL.
AclInfo.AceCount := 0; // Assume NULL DACL.
AclInfo.AclBytesFree := 0;
AclInfo.AclBytesInUse := SizeOf(ACL); if (fDaclPresent and Assigned(p_ACL)) then
begin
if (not GetAclInformation(p_ACL^, @AclInfo,
SizeOf(ACL_SIZE_INFORMATION), AclSizeInformation)) then
RaiseLastWin32Error; // STEP 6: Compute size needed for the new ACL.
cbNewACL := AclInfo.AclBytesInUse + SizeOf(ACCESS_ALLOWED_ACE)
+ GetLengthSid(pUserSID) - SizeOf(DWORD); // STEP 7: Allocate memory for new ACL.
pNewACL := AllocMem(cbNewACL); // STEP 8: Initialize the new ACL.
if (not InitializeAcl(pNewACL^, cbNewACL, ACL_REVISION2)) then
RaiseLastWin32Error;
// STEP 9: If DACL is present, copy it to a new DACL.
if (fDaclPresent) then
begin
// STEP 10: Copy the file's ACEs to the new ACL.
if (AclInfo.AceCount > 0) then
begin
for CurrentAceIndex := 0 to AclInfo.AceCount - 1 do
begin
// STEP 11: Get an ACE.
if (not GetAce(p_ACL^, CurrentAceIndex, pTempAce)) then
RaiseLastWin32Error;
// STEP 12: Add the ACE to the new ACL.
if (not AddAce(pNewACL^, ACL_REVISION, MAXDWORD, pTempAce,
PACE_HEADER(pTempAce)^.AceSize)) then
RaiseLastWin32Error;
end
end
end; // STEP 13: Add the access-allowed ACE to the new DACL.
if (not AddAccessAllowedAce(pNewACL^, ACL_REVISION2, dwAccessMask,
pUserSID)) then
RaiseLastWin32Error; // STEP 14: Set the new DACL to the file SD.
if (not SetSecurityDescriptorDacl(pNewSD, True, pNewACL, False)) then
RaiseLastWin32Error; // STEP 15: Set the SD to the File.
if (not SetFileSecurity(PChar(FileName), DACL_SECURITY_INFORMATION,
pNewSD)) then
RaiseLastWin32Error;
Result := True;
end;
finally
// STEP 16: Free allocated memory
if Assigned(pUserSID) then
FreeMem(pUserSID);
if Assigned(szDomain) then
FreeMem(szDomain);
if Assigned(pFileSD) then
FreeMem(pFileSD);
if Assigned(pNewSD) then
FreeMem(pNewSD);
if Assigned(pNewACL) then
FreeMem(pNewACL);
end;
end;
可是在这里权限这个变量dwAccessMask偶实在不知道该取什么值,我把GENERIC_ALL等几个权限值都试了一遍,执行完成后,我在windows中查看安全时,总是提示我新添加的安全权限顺序不正确,不知道为什么,望各位大侠帮帮忙,另外还有一疑问,就是用这个函数对文件夹设安全权限时,不知道怎样把权限应用于该文件夹及子文件夹及文件,此函数执行后为应用于该文件夹,不知道该怎样修改。
如果有其它函数可以实现也可以!偶先谢谢各位了。
http://www.vclxx.org/DELPHI/D32FREE/FILESEC.ZIP其实我以前没用过这个功能,不过这个例子我装上去以后是可以用的。
if (not AddAccessAllowedAceEx(pNewACL^, ACL_REVISION2,3, dwAccessMask,
pUserSID)) then
RaiseLastWin32Error;
问题已经解决!结贴!