Work with file security descriptors (Views: 29)
Problem/Question/Abstract: I want to be able to store a file and its security decriptor, then reload it later. I have been able to use GetFileSecurity and GetSecurityDescriptorOwner, but I don't understand how to translate this information into a transportable format, store it in a remote table, then retrieve it and rebuild the correct description? Answer: Below is code I have used to convert to a Self Relative SD: { ... } if Assigned(SD) then begin lpdwAbsoluteSecurityDescriptorSize := 0; lpdwDaclSize := 0; lpdwSaclSize := 0; lpdwOwnerSize := 0; lpdwPrimaryGroupSize := 0; MakeAbsoluteSD(SD, AbsoluteSID, lpdwAbsoluteSecurityDescriptorSize, pDacl^, lpdwDaclSize, pSacl^, lpdwSaclSize, pOwner, lpdwOwnerSize, pPrimaryGroup, lpdwPrimaryGroupSize); GetMem(AbsoluteSID, lpdwAbsoluteSecurityDescriptorSize); GetMem(pDacl, lpdwDaclSize); GetMem(pSacl, lpdwSaclSize); GetMem(pOwner, lpdwOwnerSize); GetMem(pPrimaryGroup, lpdwPrimaryGroupSize); try if not MakeAbsoluteSD(SD, AbsoluteSID, lpdwAbsoluteSecurityDescriptorSize, pDacl^, lpdwDaclSize, pSacl^, lpdwSaclSize, pOwner, lpdwOwnerSize, pPrimaryGroup, lpdwPrimaryGroupSize) then raise Exception.create(LastErrorMessage); lpdwBufferLength := 0; MakeSelfRelativeSD(AbsoluteSID, RelativeSID, lpdwBufferLength); GetMem(RelativeSID, lpdwBufferLength); if not MakeSelfRelativeSD(AbsoluteSID, RelativeSID, lpdwBufferLength) then raise Exception.create(LastErrorMessage); finally FreeMem(AbsoluteSID, lpdwAbsoluteSecurityDescriptorSize); FreeMem(pSacl, lpdwSaclSize); FreeMem(pOwner, lpdwOwnerSize); FreeMem(pPrimaryGroup, lpdwPrimaryGroupSize); end; end; { ... } For Windows 2000 and up: Retrieve only those parts of the security descriptor you need to persist through GetFileSecurity, convert it to a string using ConvertSecurityDescriptorToStringSecurityDescriptor. To restore the decriptor use ConvertStringSecurityDescriptorToSecurityDesciptor and SetFileSecurity. |