Резюме: Функция GetNamedSecurityInfo возвращает копию дескриптора безопасности для объекта, заданного именем.
C# Signature:
[DllImport("advapi32.dll", CharSet=CharSet.Auto)]
static extern uint GetNamedSecurityInfo(
string pObjectName,
SE_OBJECT_TYPE ObjectType,
SECURITY_INFORMATION SecurityInfo,
out IntPtr pSidOwner,
out IntPtr pSidGroup,
out IntPtr pDacl,
out IntPtr pSacl,
out IntPtr pSecurityDescriptor);
VB.Net Signature:
Declare Function GetNamedSecurityInfo Lib "advapi32.dll" ( _
ByVal pObjectName As String, _
ByVal ObjectType As SE_OBJECT_TYPE, _
ByVal SecurityInfo As SECURITY_INFORMATION, _
ByRef pSidOwner As IntPtr, _
ByRef pSidGroup As IntPtr, _
ByRef pDacl As IntPtr, _
ByRef pSacl As IntPtr, _
ByRef pSecurityDescriptor As IntPtr) As Integer
User Defined Types:
SE_OBJECT_TYPE, SECURITY_INFORMATION
Замечания:
Нет. Нет.
Советы и хитрости:
Пожалуйста добавьте!!
C# Sample Code:
//Returns the Owner Account domain\name for the path specified in the objectName parameter
[DllImport("advapi32.dll", CharSet = CharSet.Unicode, SetLastError = true)]
private static extern uint GetNamedSecurityInfo(String pObjectName, SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo, out IntPtr pSidOwner, out IntPtr pSidGroup, out IntPtr pDacl, out IntPtr pSacl, out IntPtr pSecurityDescriptor);
[DllImport("advapi32.dll", CharSet = CharSet.Unicode, SetLastError = true)]
private static extern bool LookupAccountSid(String lpSystemName, IntPtr Sid, System.Text.StringBuilder lpName, ref int cchName, System.Text.StringBuilder ReferencedDomainName, ref int cchReferencedDomainName, out int peUse);
private enum SE_OBJECT_TYPE
{
SE_UNKNOWN_OBJECT_TYPE=0,
SE_FILE_OBJECT,
SE_SERVICE,
SE_PRINTER,
SE_REGISTRY_KEY,
SE_LMSHARE,
SE_KERNEL_OBJECT,
SE_WINDOW_OBJECT,
SE_DS_OBJECT,
SE_DS_OBJECT_ALL,
SE_PROVIDER_DEFINED_OBJECT,
SE_WMIGUID_OBJECT,S E_REGISTRY_WOW64_32KEY
}
[Flags] private enum SECURITY_INFORMATION : uint
{
Owner = 0x00000001,
Group = 0x00000002,
Dacl = 0x00000004,
Sacl = 0x00000008,
ProtectedDacl = 0x80000000,
ProtectedSacl = 0x40000000,
UnprotectedDacl = 0x20000000,
UnprotectedSacl = 0x10000000
}
public static string GetFileOrDirectoryOwner(String objectName)
{
IntPtr pZero, pSid, psd = IntPtr.Zero;
SECURITY_INFORMATION sFlags = SECURITY_INFORMATION.Owner;
uint errorReturn=GetNamedSecurityInfo(UnicodeHeader+objectName, SE_OBJECT_TYPE.SE_FILE_OBJECT,sFlags,out pSid, out pZero, out pZero, out pZero, out psd);
if (errorReturn != 0)
{
throw(new Exception("An error of code: "+errorReturn+" has occured"));
}
int bufferSize = 64;
int accounLength = bufferSize;
int domainLength = bufferSize;
int sidNameUse = 0;
StringBuilder account = new StringBuilder(bufferSize);
StringBuilder domain = new StringBuilder(bufferSize);
if (!LookupAccountSid(null, pSid, account, ref accounLength, domain, ref domainLength, out sidNameUse))
{
throw (Marshal.GetExceptionForHR(Marshal.GetHRForLastWin32Error()));
}
return domain+@"\"+account;
}
VB.Net Sample Code:
' Type of Securable Object we are operating in this sample code
Private Const SE_FILE_OBJECT = 1&
' The Security Information constants required
Private Const DACL_SECURITY_INFORMATION = 4&
Dim pSecDesc, pOldDACL As IntPtr
Dim Win32Error As Win32Exception
Dim ret As Integer
' get the Security Descriptor and DACL
ret = GetNamedSecurityInfo(strPath, SE_FILE_OBJECT, DACL_SECURITY_INFORMATION, Nothing, Nothing, pOldDACL, Nothing, pSecDesc)
If ret <> 0 Then
Win32Error = New Win32Exception(ret)
Throw New Exception(Win32Error.Message)
End If
Alternative Managed API:
С .NET v2.0 Вы можете использовать классы из System.Security.AccessControl для большинства этих функциональностей.
using System.Security.AccessControl;
using System.Security.Principal;
public static string GetFileObjectOwner(string objectName)
{
FileSecurity pSD = new FileSecurity(objectName, AccessControlSections.Owner);
NTAccount ownerName = (NTAccount)(pSD.GetOwner(typeof(NTAccount)));
/* The username is returned in SAM form (domain\username) */
return ownerName.ToString();
}
Документация: GetNamedSecurityInfo на MSDN
