#include "stdafx.h"
#include <iostream>
#include <aclapi.h>
int main()
{
USES_CONVERSION;
DWORD rt;
LPSTR log = "04228";
EXPLICIT_ACCESS drt[2]; //The EXPLICIT_ACCESS structure defines access control information for a specified trustee
PSECURITY_DESCRIPTOR secDescript = NULL;//structure contains the security information associated with an object
PACL pAcl = NULL;
SECURITY_ATTRIBUTES sa;
PSID pAdminSID;
SID_IDENTIFIER_AUTHORITY SIDAuthNT = SECURITY_NT_AUTHORITY;
ZeroMemory(&drt,sizeof(EXPLICIT_ACCESS));
drt[0].Trustee.TrusteeForm = TRUSTEE_IS_NAME; //indicate type pointed by ptstrName, a null-terminated string indicate a user
drt[0].Trustee.TrusteeType = TRUSTEE_IS_USER; //indicates whether the trustee is a user account/group account/unknown account type
drt[0].Trustee.ptstrName = log;
drt[0].grfAccessPermissions = GENERIC_READ;
drt[0].grfAccessMode = SET_ACCESS;
drt[0].grfInheritance = CONTAINER_INHERIT_ACE;
AllocateAndInitializeSid(&SIDAuthNT, 2, SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ADMINS, 0, 0, 0, 0, 0, 0,&pAdminSID);
drt[1].grfAccessPermissions = KEY_ALL_ACCESS;
drt[1].grfAccessMode = SET_ACCESS;
drt[1].grfInheritance= CONTAINER_INHERIT_ACE;
drt[1].Trustee.TrusteeForm = TRUSTEE_IS_SID;
drt[1].Trustee.TrusteeType = TRUSTEE_IS_GROUP;
drt[1].Trustee.ptstrName = (LPTSTR) pAdminSID;
std::cout << drt[0].Trustee.ptstrName << std::endl;
rt = SetEntriesInAcl(2,drt,NULL,&pAcl); // Create a new ACL that contains the new ACEs.
secDescript = (PSECURITY_DESCRIPTOR) LocalAlloc(LPTR,SECURITY_DESCRIPTOR_MIN_LENGTH);
InitializeSecurityDescriptor(secDescript, SECURITY_DESCRIPTOR_REVISION);
SetSecurityDescriptorDacl(secDescript,true,pAcl,false);
sa.nLength = sizeof(SECURITY_ATTRIBUTES);
sa.bInheritHandle = false;
sa.lpSecurityDescriptor = secDescript;
int test = CreateDirectory("C:\\test3",&sa);
if( test =!0 ) printf("CreateDirectory error occured: %u\n",GetLastError());
LocalFree(secDescript);
system("pause");
return 0;
}
Partager