DWORD AddAccessDeniedACEToACL ( PACL *Acl, DWORD PermissionMask, LPTSTR Principal ) { ACL_SIZE_INFORMATION aclSizeInfo; int aclSize; DWORD returnValue; PSID principalSID; PACL oldACL, newACL; oldACL = *Acl; returnValue = GetPrincipalSID (Principal, &principalSID); if (returnValue != ERROR_SUCCESS) return returnValue; GetAclInformation (oldACL, (LPVOID) &aclSizeInfo, (DWORD) sizeof (ACL_SIZE_INFORMATION), AclSizeInformation); aclSize = aclSizeInfo.AclBytesInUse + sizeof (ACL) + sizeof (ACCESS_DENIED_ACE) + GetLengthSid (principalSID) - sizeof (DWORD); newACL = (PACL) new BYTE [aclSize]; if (!InitializeAcl (newACL, aclSize, ACL_REVISION)) { free (principalSID); return GetLastError(); } if (!AddAccessDeniedAce (newACL, ACL_REVISION2, PermissionMask, principalSID)) { free (principalSID); return GetLastError(); } returnValue = CopyACL (oldACL, newACL); if (returnValue != ERROR_SUCCESS) { free (principalSID); return returnValue; } *Acl = newACL; free (principalSID); return ERROR_SUCCESS; }
HRESULT COpcSecurity::AddAccessAllowedACEToACL(PACL *ppAcl, LPCTSTR pszPrincipal, DWORD dwAccessMask) { ACL_SIZE_INFORMATION aclSizeInfo; int aclSize; DWORD returnValue; PSID principalSID; PACL oldACL, newACL = NULL; oldACL = *ppAcl; returnValue = GetPrincipalSID(pszPrincipal, &principalSID); if (FAILED(returnValue)) return returnValue; aclSizeInfo.AclBytesInUse = 0; if (*ppAcl != NULL) GetAclInformation(oldACL, (LPVOID) &aclSizeInfo, (DWORD) sizeof(ACL_SIZE_INFORMATION), AclSizeInformation); aclSize = aclSizeInfo.AclBytesInUse + sizeof(ACL) + sizeof(ACCESS_ALLOWED_ACE) + GetLengthSid(principalSID) - sizeof(DWORD); OPCTRY(newACL = (PACL) new BYTE[aclSize]); if (newACL == NULL) return E_OUTOFMEMORY; if (!InitializeAcl(newACL, aclSize, ACL_REVISION)) { free(principalSID); return HRESULT_FROM_WIN32(GetLastError()); } returnValue = CopyACL(newACL, oldACL); if (FAILED(returnValue)) { free(principalSID); return returnValue; } if (!AddAccessAllowedAce(newACL, ACL_REVISION2, dwAccessMask, principalSID)) { free(principalSID); return HRESULT_FROM_WIN32(GetLastError()); } *ppAcl = newACL; if (oldACL != NULL) free(oldACL); free(principalSID); return S_OK; }
DWORD COxtSecurityHelper::AddAccessDeniedACEToACL(PACL *paclOrig, DWORD dwAccessMask, LPCTSTR tszPrincipal) { ACL_SIZE_INFORMATION aclSizeInfo = {0}; int cbAclSize = 0; DWORD dwReturnValue = ERROR_SUCCESS; PSID psidPrincipal = NULL; PACL paclOld = NULL; PACL paclNew = NULL; if (paclOrig == NULL) return ERROR_BAD_ARGUMENTS; paclOld = *paclOrig; do { dwReturnValue = GetPrincipalSID(tszPrincipal, &psidPrincipal); if (dwReturnValue != ERROR_SUCCESS) break; if (!::GetAclInformation(paclOld, (LPVOID)&aclSizeInfo, sizeof (ACL_SIZE_INFORMATION), AclSizeInformation)) { dwReturnValue = ::GetLastError(); break; } cbAclSize = aclSizeInfo.AclBytesInUse + sizeof (ACL) + sizeof (ACCESS_DENIED_ACE) + ::GetLengthSid (psidPrincipal) - sizeof (DWORD); paclNew = (PACL)malloc(cbAclSize); if (paclNew == NULL) { dwReturnValue = ERROR_OUTOFMEMORY; break; } if (!::InitializeAcl(paclNew, cbAclSize, ACL_REVISION)) { dwReturnValue = ::GetLastError(); break; } if (!::AddAccessDeniedAce(paclNew, ACL_REVISION2, dwAccessMask, psidPrincipal)) { dwReturnValue = ::GetLastError(); break; } dwReturnValue = CopyACL(paclOld, paclNew); if (dwReturnValue != ERROR_SUCCESS) break; *paclOrig = paclNew; } while (false); if (psidPrincipal != NULL) ::LocalFree(psidPrincipal); return dwReturnValue; }