给已连接的某个特定客户开一个共享目录

最新推荐文章于 2025-05-15 08:57:50 发布

原创最新推荐文章于 2025-05-15 08:57:50 发布 · 699 阅读

0 ·

CC 4.0 BY-SA版权

文章标签：

#descriptor #security #null #structure #access #permissions

vcbcbdelphi的window编程专栏收录该内容

551 篇文章

订阅专栏

本文介绍如何在Windows系统中为共享文件夹设置特定的安全权限，通过创建安全描述符并使用Everyone组来限定只读访问权限。

http://msdn.microsoft.com/library/en-us/netmgmt/netmgmt/netshareadd_sample_windows_95_98_me_.asp

NT always uses user-level security. shi2_permissions structure member will
be ignored on a server running user-level security. To setup a share that
allows Everyone only "Read" access, you have to setup a security descriptor
with level 502 and set shi502_security_descriptor structure member with a
security descriptor that allows Everyone only read access.

 
  
  
  try
   

  ...
  { 
//initialize the 
SecurityDescriptor--------------------------------------------- 
SECURITY_DESCRIPTOR sd; 
PACL pDacl = NULL; 
DWORD dwAclSize ; 
PSID pSid = NULL; 
DWORD cbSid; 
TCHAR RefDomain[DNLEN + 1]; 
DWORD cchDomain = DNLEN + 1; 
SID_NAME_USE peUse; 
cbSid = 96; 
pSid = (PSID)HeapAlloc(GetProcessHeap(), 0, cbSid); 
if(pSid == NULL) Memo1->Lines->Add("HeapAlloc error!"); 

String Username = "Everyone"; //or any other existing 
username in your system... 
wchar_t* userbuf = new wchar_t[(Username.Length() + 1)]; 
Username.WideChar(userbuf, Username.WideCharBufSize()); 


if(!LookupAccountName(NULL, userbuf, pSid, &cbSid, RefDomain, 
&cchDomain, &peUse )) 
...{ 
if(GetLastError() == ERROR_INSUFFICIENT_BUFFER) // try again 
...{ 
pSid = (PSID)HeapReAlloc(GetProcessHeap(), 0, pSid, cbSid); 
if(pSid == NULL) Memo1->Lines->Add("HeapReAlloc error!"); 
cchDomain = DNLEN + 1; 
if(!LookupAccountName(NULL, userbuf, pSid, &cbSid, 
RefDomain, &cchDomain, &peUse)) 
...{ wchar_t* lpMsgBuf = new wchar_t[100]; FormatMessage(FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM, NULL, GetLastError(), MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), (wchar_t *) &lpMsgBuf, 0, NULL); Memo1->Lines->Add("LookupAccountName error! " + AnsiString(lpMsgBuf)); delete lpMsgBuf; } 
} 
else 
...{ 
wchar_t* lpMsgBuf = new wchar_t[100]; 
FormatMessage(FORMAT_MESSAGE_ALLOCATE_BUFFER | 
FORMAT_MESSAGE_FROM_SYSTEM, NULL, GetLastError(), 
MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), (wchar_t *) &lpMsgBuf, 0, 
NULL); 
Memo1->Lines->Add("LookupAccountName error! " + 
AnsiString(lpMsgBuf)); 
delete lpMsgBuf; 
} 
} 
delete userbuf; 
}
   
dwAclSize 
  =
   
  sizeof
  (ACL) 
  +
   
  1
   
  *
   ( 
  sizeof
  (ACCESS_ALLOWED_ACE) 
  -
   

  sizeof
  (DWORD)) GetLengthSid(pSid); 
pDacl 
  =
   (PACL)HeapAlloc(GetProcessHeap(), 
  0
  , dwAclSize); 

  if
  (pDacl 
  ==
   NULL) 
  return
  ; 
InitializeAcl(pDacl, dwAclSize, ACL_REVISION); 
AddAccessAllowedAce(pDacl,ACL_REVISION, GENERIC_READ 
  |
   ACCESS_ATRIB, 
pSid]); 
  //
  use both GENERIC_READ and ACCESS_ATRIB or else windows won''''t 
  

  recognize the share 
  as
   read only... 
InitializeSecurityDescriptor(
  &
  sd, SECURITY_DESCRIPTOR_REVISION) ; 
SetSecurityDescriptorDacl(
  &
  sd, TRUE, pDacl, FALSE); 



  //
  Initialize all other share variables----------------- 
  

  temp.shi502_security_descriptor 
  =
   
  &
  sd; 



  //
   Add the shares----------------- 
  

  
}