Hello all, I'm trying to create a utility which exports a file's security descriptor, and re-assign it on demand.
I've created a test sample, which uses GetSecurityInfo() with the DACL flag, and then try to re-assign the very same DACL with SetSecurityInfo().
Before applying SetSecurityInfo(), the descriptor's 'Control' is: 0xA004 , SE_DACL_PRESENT , SE_SACL_PROTECTED , SE_SELF_RELATIVE.
After applying SetSecurityInfo(), the descriptor's 'Control' is: 0x8404 , SE_DACL_AUTO_INHERITED , SE_DACL_PRESENT , SE_SELF_RELATIVE.
Is there a way to store a file descriptor's state, and re-store it IDENTICALLY?
Here is the sample:
#define _WIN32_WINNT 0x0501
#define WINVER 0x0501
#include <stdio.h>
#include <windows.h>
#include "accctrl.h"
#include "aclapi.h"
#include "sddl.h"
int main (void)
{
PSECURITY_DESCRIPTOR PSecurityD;
HANDLE hFile;
PACL dacl;
int ret = 0;
DWORD lasterror;
hFile = CreateFile("test.txt", READ_CONTROL | ACCESS_SYSTEM_SECURITY ,
FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_FLAG_BACKUP_SEMANTICS, NULL);
if (hFile == INVALID_HANDLE_VALUE) {
fprintf(stderr,"CreateFile() failed. Error: INVALID_HANDLE_VALUE\n");
return 1;
}
lasterror = GetSecurityInfo(hFile, SE_FILE_OBJECT, DACL_SECURITY_INFORMATION,
NULL, NULL, &dacl, NULL, &PSecurityD);
if (lasterror != ERROR_SUCCESS) {
fprintf(stderr,"GetSecurityInfo() failed. Error: %lu;\n", lasterror);
ret = 1;
goto ret1;
}
CloseHandle(hFile);
hFile = CreateFile("test.txt",READ_CONTROL | WRITE_OWNER | WRITE_DAC | ACCESS_SYSTEM_SECURITY ,
0, NULL, OPEN_EXISTING, FILE_FLAG_BACKUP_SEMANTICS, NULL);
if (hFile == INVALID_HANDLE_VALUE) {
fprintf(stderr,"CreateFile() failed. Error: INVALID_HANDLE_VALUE\n");
ret = 2;
goto ret2;;
}
lasterror = SetSecurityInfo(hFile, SE_FILE_OBJECT, DACL_SECURITY_INFORMATION , NULL, NULL, dacl, NULL);
if (lasterror != ERROR_SUCCESS) {
fprintf(stderr,"SetSecurityInfo() failed. Last error: %lu;\n", lasterror);
ret = 2;
goto ret2;
}
CloseHandle(hFile);
ret2:
free(dacl);
free(PSecurityD);
ret1:
return ret;
}