Резюме: Функция GetNamedSecurityInfo возвращает копию дескриптора безопасности для объекта, заданного именем.

C# Signature:

[DllImport("advapi32.dll", CharSet=CharSet.Auto)]
static extern uint GetNamedSecurityInfo(
    string pObjectName,
    SE_OBJECT_TYPE ObjectType,
    SECURITY_INFORMATION SecurityInfo,
    out IntPtr pSidOwner,
    out IntPtr pSidGroup,
    out IntPtr pDacl,
    out IntPtr pSacl,
    out IntPtr pSecurityDescriptor);

VB Signature:

VB.Net Signature:

Declare Function GetNamedSecurityInfo Lib "advapi32.dll" ( _
    ByVal pObjectName As String, _
    ByVal ObjectType As SE_OBJECT_TYPE, _
    ByVal SecurityInfo As SECURITY_INFORMATION, _
    ByRef pSidOwner As IntPtr, _
    ByRef pSidGroup As IntPtr, _
    ByRef pDacl As IntPtr, _
    ByRef pSacl As IntPtr, _
    ByRef pSecurityDescriptor As IntPtr) As Integer

User-Defined Types:

User Defined Types:

SE_OBJECT_TYPE, SECURITY_INFORMATION

Notes:

The caller needs to call LocalFree() on the pointer to the security descriptor returned from this call.

Замечания:

Нет. Нет.

Also, the example given below is mildly incompatible with the example given for LookupAccountSid() on this site.

Советы и хитрости:

Пожалуйста добавьте!!

Tips & Tricks:

Please add some!!

C# Sample Code:

public static string GetFileObjectOwner(string objectName)
//Returns the Owner Account domain\name for the path specified in the objectName parameter

    IntPtr pZero = IntPtr.Zero;
    IntPtr pSid = pZero;
    IntPtr psd = pZero;
    int errorReturn = GetNamedSecurityInfo(objectName, SE_FILE_OBJECT,
        OWNER_SECURITY_INFORMATION,
        out pSid, out pZero, out pZero, out pZero, out psd);
[DllImport("advapi32.dll", CharSet = CharSet.Unicode, SetLastError = true)]
private static extern uint GetNamedSecurityInfo(String pObjectName, SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo, out IntPtr pSidOwner, out IntPtr pSidGroup, out IntPtr pDacl, out IntPtr pSacl, out IntPtr pSecurityDescriptor);

    if(errorReturn != 0)
    {
        Console.WriteLine("GetNamedSecurityInfo: {0} ", errorReturn);
        return null;
    }
[DllImport("advapi32.dll", CharSet = CharSet.Unicode, SetLastError = true)]
private static extern bool LookupAccountSid(String lpSystemName, IntPtr Sid, System.Text.StringBuilder lpName, ref int cchName, System.Text.StringBuilder ReferencedDomainName, ref int cchReferencedDomainName, out int peUse);

private enum SE_OBJECT_TYPE
{
    SE_UNKNOWN_OBJECT_TYPE=0,     
    SE_FILE_OBJECT,
    SE_SERVICE,
    SE_PRINTER,
    SE_REGISTRY_KEY,
    SE_LMSHARE,
    SE_KERNEL_OBJECT,
    SE_WINDOW_OBJECT,
    SE_DS_OBJECT,
    SE_DS_OBJECT_ALL,
    SE_PROVIDER_DEFINED_OBJECT,
    SE_WMIGUID_OBJECT,S E_REGISTRY_WOW64_32KEY
}

    int _bufferSize = 64;
    StringBuilder _buffer = new StringBuilder();
    int _accounLength = _bufferSize;
    int _domainLength = _bufferSize;
    int _sidNameUse= 0;
[Flags] private enum SECURITY_INFORMATION : uint
{
    Owner = 0x00000001,
    Group = 0x00000002,
    Dacl = 0x00000004,
    Sacl = 0x00000008,
    ProtectedDacl = 0x80000000,
    ProtectedSacl = 0x40000000,
    UnprotectedDacl = 0x20000000,
    UnprotectedSacl = 0x10000000
}

    StringBuilder _account = new StringBuilder(_bufferSize);
    StringBuilder _domain = new StringBuilder(_bufferSize);
public static string GetFileOrDirectoryOwner(String objectName)
    {

    errorReturn = LookupAccountSid(null, pSid, _account, ref _accounLength, _domain, ref _domainLength, out _sidNameUse);
    if(errorReturn == 0)
    {
        Console.WriteLine("LookupAccountSid: {0}", Marshal.GetLastWin32Error());
        return null;
    }
    _buffer.Append(_domain);
    _buffer.Append(@"\");
    _buffer.Append(_account);
    LocalFree(psd);
    return _buffer.ToString();
        IntPtr pZero, pSid, psd = IntPtr.Zero;
        SECURITY_INFORMATION sFlags = SECURITY_INFORMATION.Owner;

        uint errorReturn=GetNamedSecurityInfo(UnicodeHeader+objectName, SE_OBJECT_TYPE.SE_FILE_OBJECT,sFlags,out pSid, out pZero, out pZero, out pZero, out psd);

VB.Net Sample Code:

    ' Type of Securable Object we are operating in this sample code
    Private Const SE_FILE_OBJECT = 1&
        if (errorReturn != 0)
        {
        throw(new Exception("An error of code: "+errorReturn+" has occured"));

        }

    ' The Security Information constants required
    Private Const DACL_SECURITY_INFORMATION = 4&
        int bufferSize = 64;
        int accounLength = bufferSize;
        int domainLength = bufferSize;
        int sidNameUse = 0;

    Dim pSecDesc, pOldDACL As IntPtr
    Dim Win32Error As Win32Exception
    Dim ret As Integer
        StringBuilder account = new StringBuilder(bufferSize);
        StringBuilder domain = new StringBuilder(bufferSize);

    ' get the Security Descriptor and DACL
    ret = GetNamedSecurityInfo(strPath, SE_FILE_OBJECT, DACL_SECURITY_INFORMATION, Nothing, Nothing, pOldDACL, Nothing, pSecDesc)
    If ret <> 0 Then
        Win32Error = New Win32Exception(ret)
        Throw New Exception(Win32Error.Message)
    End If
        if (!LookupAccountSid(null, pSid, account, ref accounLength, domain, ref domainLength, out sidNameUse))
        {
        throw (Marshal.GetExceptionForHR(Marshal.GetHRForLastWin32Error()));        
        }

        return domain+@"\"+account;      
    }

Alternative Managed API:

With .NET v2.0 you can use the classes in System.Security.AccessControl to duplicate most of this functionality.

VB.Net Sample Code:

    ' Type of Securable Object we are operating in this sample code
    Private Const SE_FILE_OBJECT = 1&

  using System.Security.AccessControl;
  using System.Security.Principal;
    ' The Security Information constants required
    Private Const DACL_SECURITY_INFORMATION = 4&

  public static string GetFileObjectOwner(string objectName)
  {
    FileSecurity pSD = new FileSecurity(objectName, AccessControlSections.Owner);
    Dim pSecDesc, pOldDACL As IntPtr
    Dim Win32Error As Win32Exception
    Dim ret As Integer

    NTAccount ownerName = (NTAccount)(pSD.GetOwner(typeof(NTAccount)));
    /* The username is returned in SAM form (domain\username) */
    ' get the Security Descriptor and DACL
    ret = GetNamedSecurityInfo(strPath, SE_FILE_OBJECT, DACL_SECURITY_INFORMATION, Nothing, Nothing, pOldDACL, Nothing, pSecDesc)
    If ret <> 0 Then
        Win32Error = New Win32Exception(ret)
        Throw New Exception(Win32Error.Message)
    End If

    return ownerName.ToString();
  }

Alternative Managed API:

С .NET v2.0 Вы можете использовать классы из System.Security.AccessControl для большинства этих функциональностей.

  using System.Security.AccessControl;
  using System.Security.Principal;

  public static string GetFileObjectOwner(string objectName)
  {
    FileSecurity pSD = new FileSecurity(objectName, AccessControlSections.Owner);

    NTAccount ownerName = (NTAccount)(pSD.GetOwner(typeof(NTAccount)));
    /* The username is returned in SAM form (domain\username) */

    return ownerName.ToString();
  }

Документация: GetNamedSecurityInfo на MSDN

Please edit this page!

Do you have...

• helpful tips or sample code to share for using this API in managed code?
• corrections to the existing content?
• variations of the signature you want to share?
• additional languages you want to include?

Select "Edit This Page" on the right hand toolbar and edit it! Or add new pages containing supporting types needed for this API (structures, delegates, and more).