Thema: Delphi Zurgiffsrechte bestimmen bzw. testen

Einzelnen Beitrag anzeigen

Dezipaitor

Registriert seit: 14. Apr 2003
Ort: Stuttgart
1.701 Beiträge
 
Delphi 7 Professional
 

Re: Zurgiffsrechte bestimmen bzw. testen

  Alt 19. Okt 2008, 17:01
Ich habe das mal angepasst, so dass man durch setzen des Threadtokens ein AccessCheck machen kann.

zusammenfalten · markieren
Delphi-Quellcode:
uses
  JwaWindows;

var
  GenericFileMapping : TGenericMapping = (
    GenericRead: FILE_GENERIC_READ;
    GenericWrite: FILE_GENERIC_WRITE;
    GenericExecute: FILE_GENERIC_EXECUTE;
    GenericAll: FILE_ALL_ACCESS
    );

function CheckAccessToFile(DesiredAccess: DWORD; const FileName: WideString;
    const OpenAsSelf : Boolean = true): Boolean;

var
  LengthNeeded : DWORD;
  SecurityDescriptor : PSecurityDescriptor;
  ClientToken2,
  ClientToken : THandle;
  AccessMask : DWORD;
  PrivilegeSet : TPrivilegeSet;
  PrivilegeSetLength : DWORD;
  GrantedAccess : DWORD;
  AccessStatus : BOOL;
begin
  Result := False;
  SetLastError(0);

  if not GetFileSecurityW(PWideChar(FileName), OWNER_SECURITY_INFORMATION or
    GROUP_SECURITY_INFORMATION or DACL_SECURITY_INFORMATION, nil, 0,
    LengthNeeded) and (GetLastError <> ERROR_INSUFFICIENT_BUFFER) then
    Exit;

  GetMem(SecurityDescriptor, LengthNeeded);
  try
    if not GetFileSecurityW(PWideChar(FileName), OWNER_SECURITY_INFORMATION or
      GROUP_SECURITY_INFORMATION or DACL_SECURITY_INFORMATION,
      SecurityDescriptor, LengthNeeded, LengthNeeded) then
      Exit;

    //first try token assigned to the current thread
    if not OpenThreadToken(GetCurrentThread, TOKEN_QUERY or
        TOKEN_IMPERSONATE or TOKEN_DUPLICATE, OpenAsSelf, ClientToken) then
    begin
      //otherwise use process token
      if (GetLastError() = ERROR_NO_TOKEN) and
         (not OpenProcessToken(GetCurrentProcess, TOKEN_QUERY or
        TOKEN_IMPERSONATE or TOKEN_DUPLICATE, ClientToken)) then
        Exit;

      //convert to thread token.
      if not DuplicateToken(ClientToken, SecurityImpersonation, @ClientToken2) then
        exit;

      //close process token and switch them for further processing
      CloseHandle(ClientToken);

      ClientToken := ClientToken2;
    end;

    AccessMask := DesiredAccess;
    MapGenericMask(AccessMask, GenericFileMapping);
    PrivilegeSetLength := SizeOf(TPrivilegeSet);

    if AccessCheck(SecurityDescriptor, ClientToken, AccessMask,
      GenericFileMapping, PrivilegeSet, PrivilegeSetLength, GrantedAccess,
      AccessStatus) then
      Result := AccessStatus;

    CloseHandle(ClientToken);
  finally
    FreeMem(SecurityDescriptor);
  end;
end;
Christian
Windows, Tokens, Access Control List, Dateisicherheit, Desktop, Vista Elevation?
Goto: JEDI API LIB & Windows Security Code Library (JWSCL)
  Mit Zitat antworten Zitat