471,338 Members | 1,377 Online
Bytes | Software Development & Data Engineering Community
Post +

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 471,338 software developers and data experts.

ACE order in ACL

Even when I add (or think I do!) a new ACL in the correct order
according to http://support.microsoft.com/default...b;en-us;269159
I still get errors when trying to view the security permissions on
newley created child objects on XP. I've been twekaing the constants
all day with mixed results, but not once have I not got the "The
permissions on xxx are incorrectly ordered..." message, what am I
doing wrong??? Here's my code (what for line breaks)...

Module StartUp
Const defaultAccessMask As ActiveDs.ADS_RIGHTS_ENUM =
ActiveDs.ADS_RIGHTS_ENUM.ADS_RIGHT_GENERIC_READ +
ActiveDs.ADS_RIGHTS_ENUM.ADS_RIGHT_GENERIC_WRITE +
ActiveDs.ADS_RIGHTS_ENUM.ADS_RIGHT_GENERIC_EXECUTE +
ActiveDs.ADS_RIGHTS_ENUM.ADS_RIGHT_DELETE
Const defaultAceFlags As ActiveDs.ADS_ACEFLAG_ENUM =
ActiveDs.ADS_ACEFLAG_ENUM.ADS_ACEFLAG_INHERIT_ACE
Const defaultAceType As ActiveDs.ADS_ACETYPE_ENUM =
ActiveDs.ADS_ACETYPE_ENUM.ADS_ACETYPE_ACCESS_ALLOW ED

Sub Main()
Call PermissionFolder("C:\Program Files\test",
"somedomain\user1234", defaultAccessMask, defaultAceFlags,
defaultAceType)
Call ListACEs("C:\Program Files\test")
End Sub

Sub PermissionFolder(ByVal folderPath As String, ByVal trustee As
String, ByVal accessMask As ActiveDs.ADS_RIGHTS_ENUM, ByVal aceFlags
As ActiveDs.ADS_ACEFLAG_ENUM, ByVal aceType As
ActiveDs.ADS_ACETYPE_ENUM)
Dim adsSecurity As New ActiveDs.ADsSecurityUtilityClass
Dim adsDescriptor As ActiveDs.SecurityDescriptor
Dim folderACL As ActiveDs.AccessControlList
Dim newACE As New ActiveDs.AccessControlEntry

adsDescriptor = adsSecurity.GetSecurityDescriptor(folderPath,
ActiveDs.ADS_PATHTYPE_ENUM.ADS_PATH_FILE,
ActiveDs.ADS_SD_FORMAT_ENUM.ADS_SD_FORMAT_IID)
folderACL = adsDescriptor.DiscretionaryAcl()

newACE.Trustee = trustee
newACE.AccessMask = accessMask
newACE.AceFlags = aceFlags
newACE.AceType = aceType

folderACL.AddAce(newACE)
adsDescriptor.DiscretionaryAcl = OrderACL(folderACL)
adsSecurity.SetSecurityDescriptor(folderPath,
ActiveDs.ADS_PATHTYPE_ENUM.ADS_PATH_FILE, adsDescriptor,
ActiveDs.ADS_SD_FORMAT_ENUM.ADS_SD_FORMAT_IID)
End Sub

Function OrderACL(ByVal dacl As ActiveDs.AccessControlList) As
ActiveDs.AccessControlList
Dim impDenyDACL As New ActiveDs.AccessControlList
Dim impDenyObjectDACL As New ActiveDs.AccessControlList
Dim impAllowDACL As New ActiveDs.AccessControlList
Dim impAllowObjectDACL As New ActiveDs.AccessControlList
Dim inheritedDACL As New ActiveDs.AccessControlList
Dim ace As ActiveDs.AccessControlEntry
Dim returnDACL As New ActiveDs.AccessControlList

For Each ace In dacl

If ace.AceFlags =
ActiveDs.ADS_ACEFLAG_ENUM.ADS_ACEFLAG_INHERITED_AC E Then
inheritedDACL.AddAce(ace)
Else

Select Case ace.AceType
Case
ActiveDs.ADS_ACETYPE_ENUM.ADS_ACETYPE_ACCESS_ALLOW ED
impAllowDACL.AddAce(ace)
Case
ActiveDs.ADS_ACETYPE_ENUM.ADS_ACETYPE_ACCESS_DENIE D
impDenyDACL.AddAce(ace)
Case
ActiveDs.ADS_ACETYPE_ENUM.ADS_ACETYPE_ACCESS_ALLOW ED_OBJECT
impAllowObjectDACL.AddAce(ace)
Case
ActiveDs.ADS_ACETYPE_ENUM.ADS_ACETYPE_ACCESS_DENIE D_OBJECT
impDenyObjectDACL.AddAce(ace)
End Select

End If

Next

For Each ace In impDenyDACL
returnDACL.AddAce(ace)
Next

For Each ace In impDenyObjectDACL
returnDACL.AddAce(ace)
Next

For Each ace In impAllowDACL
returnDACL.AddAce(ace)
Next

For Each ace In impAllowObjectDACL
returnDACL.AddAce(ace)
Next

For Each ace In inheritedDACL
returnDACL.AddAce(ace)
Next

returnDACL.AclRevision = dacl.AclRevision

Return returnDACL
End Function

Sub ListACEs(ByVal folderPath As String)
Dim securityObj As New ActiveDs.ADsSecurityUtilityClass
Dim descriptorObj As ActiveDs.SecurityDescriptor
Dim aclObj As ActiveDs.AccessControlList
Dim aceObj As ActiveDs.AccessControlEntry
Dim aceOutput As String

descriptorObj = securityObj.GetSecurityDescriptor(folderPath,
ActiveDs.ADS_PATHTYPE_ENUM.ADS_PATH_FILE,
ActiveDs.ADS_SD_FORMAT_ENUM.ADS_SD_FORMAT_IID)
aclObj = descriptorObj.DiscretionaryAcl()

For Each aceObj In aclObj
aceOutput = aceOutput & aceObj.Trustee & vbTab &
aceObj.AccessMask & vbTab & aceObj.AceFlags & vbTab & aceObj.AceType &
vbTab & aceObj.InheritedObjectType & vbCrLf
Next

MessageBox.Show(aceOutput)
End Sub
End Module
Jul 21 '05 #1
0 2383

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

9 posts views Thread by Steven T. Hatton | last post: by
27 posts views Thread by Abdullah Kauchali | last post: by
8 posts views Thread by kaosyeti | last post: by
104 posts views Thread by Beowulf | last post: by
54 posts views Thread by Rasjid | last post: by
reply views Thread by rosydwin | last post: by

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.