Newsgroups : Borland : borland.public.delphi.rtl.win32 : 2006 Feb : GetAce or PSID problems... What am I doing wrong?

www.cryer.info
Managed Newsgroup Archive

GetAce or PSID problems... What am I doing wrong?

Subject:GetAce or PSID problems... What am I doing wrong?
Posted by:"Frank Staal" (f.staal_at_nospam.hushmail.com@)
Date:Tue, 21 Feb 2006 11:29:05

Glossary

I try to read the permissions that has been set on a file. For that
purpose I created an object called TSecurityInfo that has, among
others, two functions. One to get an ACE and a general utility
function get to get the UserName and DomainName based on a PSID.

If I call GetACE and subsequently try to get the User and Domain from
LookupAccountBySid this always result in an empty string. I do know
that the LookupAccountBySid works because I already extracted the
Owner and the Group with it, so my idea that I am doing something
wrong in the ACE extraction. The documentation says that the member
SidStart is the first byte of the Sid that the ACE points to. To me
that means that if I capture the value and typecast it into a PSID I
should have the memory address of the PSID. But that fails. Am I
misreading something? Or doing something else wrong?

Here's the example code that I use, as you can see I've tried several
different methods of passing the Sid to the function, but all of them
are not working:

    Ace := FSecInfo.GetACE(I);
    Sid := Pointer(Ace.SidStart);

    SNU := LookupAccountBySID(PSID(@(Ace.SidStart)), U, D);
//    SNU := LookupAccountBySID(Sid, U, D);

function TSecurityInfo.GetACE(Index: Integer): TAccessAllowedAce;
var
  Ace: PAccessAllowedAce;
begin
  ZeroMemory(@Result ,SizeOf(Result));
  Ace := PAccessAllowedAce(@Result);
  if Windows.GetAce(FDACL^, Index, Pointer(Ace)) then
    CopyMemory(@Result, Ace, SizeOf(Result));
end;

function LookupAccountBySid(Sid: PSID; var UserName, DomainName:
string): SID_NAME_USE;
var
  NameSize, RefDomainSize: DWORD;
begin
  NameSize := 0;
  RefDomainSize := 0;
  LookupAccountSid(nil, Sid, nil, NameSize, nil, RefDomainSize,
Result);
  SetLength(UserName, NameSize - 1);
  SetLength(DomainName, RefDomainSize - 1);
  LookupAccountSid(nil, Sid, PChar(UserName), NameSize,
PChar(DomainName),
    RefDomainSize, Result);
end;

The only thing I can think of is that GetACE goes wrong thanks to
local variables, so I will be changing the function into procedure
TSecurityInfo.GetACE(Index: Integer; var ACE: PAccessAllowedAce); and
see if that works...

Thanks for any advice.

Replies:

www.cryer.info
Managed Newsgroup Archive