is there way check if ace exists in dacl of object?
i want use rtladdaccessallowedace api call add ace object, want if ace doesn't exist already.
does know how can either check if ace exist, or try remove given ace before adding it, or other solution achieve same goal? thanks!
you can or use winapi or direct walk acl aces - enumerate ace 1 one , check specific ace exist:
variant 1:
void walkacl(pacl acl) { acl_size_information asi; if (getaclinformation(acl, &asi, sizeof(asi), aclsizeinformation)) { if (asi.acecount) { { union { pvoid pvace; pace_header paceheader; paccess_allowed_ace pallowedace; }; pwstr szsid; if (getace(acl, --asi.acecount, &pvace)) { switch (paceheader->acetype) { case access_allowed_ace_type: if (convertsidtostringsid(&pallowedace->sidstart, &szsid)) { dbgprint("%08x %s\n", pallowedace->mask, szsid); localfree(szsid); } break; } } } while (asi.acecount); } } } variant 2:
void walkacl(pacl acl) { if (ushort acecount = acl->acecount) { union { pvoid pv; pbyte pb; pace_header paceheader; paccess_allowed_ace pallowedace; }; pv = acl + 1; { unicode_string ussid; switch (paceheader->acetype) { case access_allowed_ace_type: if (0 <= rtlconvertsidtounicodestring(&ussid, &pallowedace->sidstart, true)) { dbgprint("%08x %wz\n", pallowedace->mask, ussid); rtlfreeunicodestring(&ussid); } break; } } while (pb += paceheader->acesize, --acecount); } } 
Comments
Post a Comment