private static extern int GetAuditedPermissionsFromAcl( IntPtr pacl, ref TRUSTEE2 pTrustee, ref uint pSuccessfulAuditedRights, ref uint pFailedAuditedRights);
private static extern int GetEffectiveRightsFromAcl(IntPtr pacl, ref TRUSTEE2 pTrustee, ref UInt32 pAccessRights);
private bool GetEffectiveSecurityAccessRights() { try { bool daclPresent = false; bool defaulted = false; int sidSize = 0; SID_NAME_USE usage = SID_NAME_USE.SidTypeGroup; StringBuilder domain = new StringBuilder(80); int domainSize = 80; // lookup the account name, first call gets the size LookupAccountName(IntPtr.Zero, _accountName, IntPtr.Zero, ref sidSize, domain, ref domainSize, ref usage); // allocate the memory for the SID _pSid = Marshal.AllocHGlobal(sidSize); // and calling again we get the sid domainSize = 80; LookupAccountName(IntPtr.Zero, _accountName, _pSid, ref sidSize, domain, ref domainSize, ref usage); // Create a the Trustee data structure. TRUSTEE2 trustee = new TRUSTEE2(); trustee.MultipleTrusteeOperation = MULTIPLE_TRUSTEE_OPERATION.NO_MULTIPLE_TRUSTEE; trustee.pMultipleTrustee = IntPtr.Zero; trustee.ptstrName = _pSid; trustee.TrusteeForm = TRUSTEE_FORM.TRUSTEE_IS_SID; trustee.TrusteeType = TRUSTEE_TYPE.TRUSTEE_IS_UNKNOWN; this.GetFileSecurityDescriptor(_path, SecurityInformation.DACL, out _pSecurityDescriptor); if (_pSecurityDescriptor == IntPtr.Zero) { System.Diagnostics.Trace.WriteLine("File security descriptor is null"); return false;; } // get the dacl from the descriptor GetSecurityDescriptorDacl(_pSecurityDescriptor, ref daclPresent, out _pDacl, ref defaulted); // if the dacl is null or one is not found then all access is allowed if (!daclPresent || _pDacl == IntPtr.Zero) return true; // get the rights for the dacl int result = GetEffectiveRightsFromAcl(_pDacl, ref trustee, ref _accessGranted); // int result = GetAuditedPermissionsFromAcl(_pDacl, ref trustee, ref _accessGranted, ref _accessDenied); if (result != ERROR_SUCCESS) throw new System.ComponentModel.Win32Exception(result); return true; } catch(System.Exception systemException) { System.Diagnostics.Trace.WriteLine(systemException); } // by default fail on the side of good return true; }
private bool GetEffectiveSecurityAccessRights() { try { bool daclPresent = false; bool defaulted = false; int sidSize = 0; SID_NAME_USE usage = SID_NAME_USE.SidTypeGroup; StringBuilder domain = new StringBuilder(80); int domainSize = 80; // lookup the account name, first call gets the size LookupAccountName(IntPtr.Zero, _accountName, IntPtr.Zero, ref sidSize, domain, ref domainSize, ref usage); // allocate the memory for the SID _pSid = Marshal.AllocHGlobal(sidSize); // and calling again we get the sid domainSize = 80; LookupAccountName(IntPtr.Zero, _accountName, _pSid, ref sidSize, domain, ref domainSize, ref usage); // Create a the Trustee data structure. TRUSTEE2 trustee = new TRUSTEE2(); trustee.MultipleTrusteeOperation = MULTIPLE_TRUSTEE_OPERATION.NO_MULTIPLE_TRUSTEE; trustee.pMultipleTrustee = IntPtr.Zero; trustee.ptstrName = _pSid; trustee.TrusteeForm = TRUSTEE_FORM.TRUSTEE_IS_SID; trustee.TrusteeType = TRUSTEE_TYPE.TRUSTEE_IS_UNKNOWN; this.GetFileSecurityDescriptor(_path, SecurityInformation.DACL, out _pSecurityDescriptor); if (_pSecurityDescriptor == IntPtr.Zero) { System.Diagnostics.Trace.WriteLine("File security descriptor is null"); return(false);; } // get the dacl from the descriptor GetSecurityDescriptorDacl(_pSecurityDescriptor, ref daclPresent, out _pDacl, ref defaulted); // if the dacl is null or one is not found then all access is allowed if (!daclPresent || _pDacl == IntPtr.Zero) { return(true); } // get the rights for the dacl int result = GetEffectiveRightsFromAcl(_pDacl, ref trustee, ref _accessGranted); // int result = GetAuditedPermissionsFromAcl(_pDacl, ref trustee, ref _accessGranted, ref _accessDenied); if (result != ERROR_SUCCESS) { throw new System.ComponentModel.Win32Exception(result); } return(true); } catch (System.Exception systemException) { System.Diagnostics.Trace.WriteLine(systemException); } // by default fail on the side of good return(true); }