I am trying to get the effective rights a user has on a file using interop in C#. Following is the code I am using :
public static FileSystemRights GetFileEffectiveRights(string FileName, string UserName)
{
IntPtr pDacl, pZero = IntPtr.Zero;
int Mask = 0;
uint errorReturn = GetNamedSecurityInfo(FileName, SE_OBJECT_TYPE.SE_FILE_OBJECT, SECURITY_INFORMATION.Dacl
, out pZero, out pZero, out pDacl, out pZero, out pZero);
if (errorReturn != 0)
{
throw new Exception("Win error : " + errorReturn);
}
Program.TRUSTEE pTrustee = new TRUSTEE();
pTrustee.pMultipleTrustee = IntPtr.Zero;
pTrustee.MultipleTrusteeOperation = (int)Program.MULTIPLE_TRUSTEE_OPERATION.NO_MULTIPLE_TRUSTEE;
pTrustee.ptstrName = UserName;
pTrustee.TrusteeForm = (int)Program.TRUSTEE_FORM.TRUSTEE_IS_NAME;
pTrustee.TrusteeType = (int)Program.TRUSTEE_TYPE.TRUSTEE_IS_USER;
errorReturn = GetEffectiveRightsFromAcl(pDacl, ref pTrustee, ref Mask);
if (errorReturn != 0)
{
throw new Exception("Win error : " + errorReturn);
}
return (FileSystemRights)Mask;
}
This code works fine until I start modifying the ACL structure using the classes FileAccessRule and FileInfo, and then I start getting Windows Error 1336 : ERROR_INVALID_ACL. Same is the case if I debug the process : I call GetFileEffectiveRights once, pause the process,change the ACL through windows API, and resume and call GetFileEffectiveRights again(the 1st call succeeds but the second gives 1336.)
What is going wrong?
PS : I am developing on Windows 7 using VS 2008 and .NET 3.5
EDIT : I only get the error when I try to get rights for a file for which a non-inherited ACE was added through the Windows GUI/ C#'s File API.