Setting Privileges

The following example removes the discretionary ACL from a file. If necessary, ownership of the file is given to the Administrator account. If required, the SE_TAKE_OWNERSHIP_NAME privilege is enabled for the account.

LPSTR lpszOwnFile = "d:\\ntfs_sample_file";

PSID pSIDAliasAdmins = NULL;

static SID_IDENTIFIER_AUTHORITY

siaNTAuthority = SECURITY_NT_AUTHORITY;

BOOL FAR PASCAL TakeOwnership()

{

SECURITY_DESCRIPTOR sd;

/*

* Initialize a security descriptor and assign it a NULL

* discretionary ACL to allow unrestricted access.

* Assign the security descriptor to a file.

*/

if (!InitializeSecurityDescriptor(&sd,

SECURITY_DESCRIPTOR_REVISION)) {

ErrorHandler("InitializeSecurityDescriptor");

return FALSE;

}

if (!SetSecurityDescriptorDacl(&sd,

TRUE,

(PACL) NULL,

FALSE)) {

ErrorHandler("SetSecurityDescriptorDacl");

return FALSE;

}

if (SetFileSecurity(lpszOwnFile,

DACL_SECURITY_INFORMATION,

&sd))

return TRUE;

else

ErrorHandler("SetFileSecurity1");

/*

* If the preceding call to SetFileSecurity fails, create

* an Administrator SID and use it to set the owner of

* the security descriptor.

*/

if (!AllocateAndInitializeSid(&siaNTAuthority,

2, /* subauthority count */

/* first subauthority */

SECURITY_BUILTIN_DOMAIN_RID,

/* second subauthority */

DOMAIN_ALIAS_RID_ADMINS,

0, 0, 0, 0, 0, 0,

&pSIDAliasAdmins)) {

ErrorHandler("AllocateAndInitializeSid");

return FALSE;

}

if (!SetSecurityDescriptorOwner(&sd,

pSIDAliasAdmins,

FALSE)) {

ErrorHandler("SetSecurityDescriptorOwner");

FreeSid(pSIDAliasAdmins);

return FALSE;

}

/*

* If the following call to SetFileSecurity fails,

* enable SE_TAKE_OWNERSHIP_NAME in the access token for

* the current process and try again.

*/

if (!SetFileSecurity(lpszOwnFile,

OWNER_SECURITY_INFORMATION,

&sd)) {

ErrorHandler("SetFileSecurity2");

if (!AssertTakeOwnership(TRUE)) { /* local */

MessageBox(NULL, "Must be logged on as Administrator",

"AssertTakeOwnership", MB_OK);

FreeSid(pSIDAliasAdmins);

return FALSE;

}

if (!SetFileSecurity(lpszOwnFile,

OWNER_SECURITY_INFORMATION,

&sd)) {

MessageBox(NULL, "Must be logged on as Administrator",

"SetFileSecurity", MB_OK);

FreeSid(pSIDAliasAdmins);

return FALSE;

}

}

/*

* The Administrator is now the owner of the file.

* Try again to assign a NULL ACL.

*/

if (SetFileSecurity(lpszOwnFile,

DACL_SECURITY_INFORMATION,

&sd)) {

MessageBox(NULL, "Added NULL DACL; protection removed",

"SetFileSecurity", MB_OK);

AssertTakeOwnership(FALSE);

return TRUE;

}

else {

AssertTakeOwnership(FALSE);

ErrorHandler("SetFileSecurity3");

return FALSE;

}

}

BOOL FAR PASCAL AssertTakeOwnership(BOOL fEnable)

{

HANDLE hToken;

LUID TakeOwnershipValue;

TOKEN_PRIVILEGES tkp;

/* Retrieve a handle of the access token. */

if (!OpenProcessToken(GetCurrentProcess(),

TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY,

&hToken)) {

ErrorHandler("OpenProcessToken");

return FALSE;

}

/*

* Enable the SE_TAKE_OWNERSHIP_NAME privilege or

* disable all privileges, depending on the fEnable

* flag.

*/

if(fEnable) {

if (!LookupPrivilegeValue((LPSTR) NULL,

SE_TAKE_OWNERSHIP_NAME,

&TakeOwnershipValue)) {

ErrorHandler("LookupPrivilegeValue");

return FALSE;

}

tkp.PrivilegeCount = 1;

tkp.Privileges[0].Luid = TakeOwnershipValue;

tkp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;

AdjustTokenPrivileges(hToken,

FALSE,

&tkp,

sizeof(TOKEN_PRIVILEGES),

(PTOKEN_PRIVILEGES) NULL,

(PDWORD) NULL);

/*

* The return value of AdjustTokenPrivileges cannot

* be tested.

*/

if (GetLastError() != ERROR_SUCCESS) {

ErrorHandler("AdjustTokenPrivileges");

return FALSE;

}

}

else {

AdjustTokenPrivileges(hToken,

TRUE, /* disable all privileges */

(PTOKEN_PRIVILEGES) NULL,

(DWORD) 0,

(PTOKEN_PRIVILEGES) NULL,

(PDWORD) NULL);

/*

* The return value of AdjustTokenPrivileges cannot

* be tested.

*/

if (GetLastError() != ERROR_SUCCESS) {

ErrorHandler("AdjustTokenPrivileges");

return FALSE;

}

}

return TRUE;

}

Software for developers
Delphi Components
.Net Components
Software for Android Developers
More information resources
MegaDetailed.Net
Unix Manual Pages
Delphi Examples
Databases for Amazon shops developers
Amazon Categories Database
Browse Nodes Database