Someone forwarded some C code to me recently that they needed to have converted to REALbasic. The idea was that they had a file on disk which they wanted to programmatically change the access rights to. Here's what I eventually came up with:
dim aMode as Integer = &h2
dim aAccess as ExplicitAccess
dim aPath as String = DesktopFolder.Child( "Test" ).AbsolutePath
dim aTrustee as String = "VistaPC\Elissa"
dim aOldACL, aNewACL, aPSD as Integer
dim aErr as UInt32
dim aMask as UInt32 = &h1 + &h2 + &h4 + &h8 + &h10 + &h20 + &h80 + &h100
Soft Declare Function GetNamedSecurityInfoW Lib "AdvApi32" ( name as WString, type as SeObjectType, _
securityInfo as UInt32, sidOwner as Integer, sidGroup as Integer, ByRef dacl as Integer, sacl as Integer, _
ByRef secDesc as Integer ) as Integer
Soft Declare Sub BuildExplicitAccessWithNameW Lib "AdvApi32" ( ByRef access as ExplicitAccess, _
name as Ptr, perms as UInt32, mode as UInt32, inheritance as UInt32 )
Soft Declare Function SetEntriesInAclW Lib "AdvApi32" ( count as UInt32, ByRef access as ExplicitAccess, _
oldAcl as Integer, ByRef newAcl as Integer ) as Integer
Soft Declare Function SetNamedSecurityInfoW Lib "AdvApi32" ( name as WString, type as SeObjectType, _
info as UInt32, ownerSid as Integer, ownerGroup as Integer, dacl as Integer, sacl as Integer ) as Integer
Declare Sub LocalFree Lib "Kernel32" ( pt as Integer )
Const DACL_SECURITY_INFORMATION = &h4
Const SUB_CONTAINERS_AND_OBJECTS_INHERIT = &h3
aErr = GetNamedSecurityInfoW( aPath, SeObjectType.File, DACL_SECURITY_INFORMATION, 0, 0, aOldACL, 0, aPSD )
if aErr <> 0 then
Break
return
end if
dim name as MemoryBlock = ConvertEncoding( aTrustee + Chr( 0 ), Encodings.UTF16 )
BuildExplicitAccessWithNameW( aAccess, name, aMask, aMode, SUB_CONTAINERS_AND_OBJECTS_INHERIT )
aErr = SetEntriesInAclW( 1, aAccess, aOldACL, aNewACL )
if aErr <> 0 then
Break
return
end if
aErr = SetNamedSecurityInfoW( aPath, SeObjectType.File, DACL_SECURITY_INFORMATION, 0, 0, aNewACL, 0 )
LocalFree( aNewACL )
LocalFree( aPSD )
It's not pretty code by any stretch of the imagination. Windows has a very powerful (if hard to use) security API set which works on everything from files to processes to user objects. What this code is doing (in a nutshell) is getting the current security information for the file specified by aPath. Then it builds up an access structure for the username specified by aTrustee with the access rights we want from aMask. Then we assign the new access control list on the object.
I'm contemplating wrapping the security APIs up for the WFS, but it's such a mess-load of APIs that I've not been able to come up with a good structure for them. I haven't even figured out whether I want to make a class to encompass the functionality or a module!
Have any of you had a lot of experience working with the security APIs on Windows?
Ok, seriously -- is there anyone here willing to help me figure out how to post code in MT which doesn't look like utter crap? I tried using pre tags (and code tags) and that would cut the text off at the columns. But this plain text stuff is painful!
What about Jon's RB-PHP Utils?
That doesn't work with MT.