Win32API ファイルやディレクトリのACEを列挙する GetNamedSecurityInfo
ファイルやディレクトリのセキュリティ情報(セキュリティ記述子やACL)は、GetFileSecurity関数で取得可能であるが、GetNamedSecurityInfo関数でも取得可能である。
GetNamedSecurityInfo関数で、セキュリティ情報(セキュリティ記述子)を取得し、ACEを列挙する手順は以下のとおり
No | 項目 |
1 | GetNamedSecurityInfo関数で、ディレクトリのセキュリティ記述子とDACLを取得する |
2 | GetAclInformation関数で、DACLのサイズ情報を取得する |
3 | GetAce関数で、DACLからACEを取得する |
4 | LookupAccountSid関数で、ACEのアカウント情報を取得する |
「C:\\Program Files」ディレクトリのACEをを列挙する
#include <windows.h> #include <aclapi.h> #include <stdio.h> int main() { PSECURITY_DESCRIPTOR pSD; DWORD nLengthNeeded = 0; PACL pDacl; ACL_SIZE_INFORMATION aclSize; ACCESS_ALLOWED_ACE *pAce; char szAccountName[256]; DWORD dwAccountNameSize; char szDomainName[256]; DWORD dwDomainNameSize; SID_NAME_USE snu; char *lpDirectoryName = "C:\\Program Files"; //1.GetNamedSecurityInfo関数で、ディレクトリのセキュリティ記述子とDACLを取得する GetNamedSecurityInfoA(lpDirectoryName, SE_FILE_OBJECT, DACL_SECURITY_INFORMATION | PROTECTED_DACL_SECURITY_INFORMATION, NULL, NULL, &pDacl, NULL, &pSD); //2.GetAclInformation関数で、DACLのサイズ情報を取得する GetAclInformation(pDacl, &aclSize, sizeof(aclSize), AclSizeInformation); for (DWORD i = 0; i < aclSize.AceCount; i++) { //3.GetAce関数で、DACLからACEを取得する GetAce(pDacl, i, (LPVOID*)&pAce); dwAccountNameSize = sizeof(szAccountName)/sizeof(szAccountName[0]); dwDomainNameSize = sizeof(szDomainName)/sizeof(szDomainName[0]); //4.LookupAccountSid関数で、ACEのアカウント情報を取得する LookupAccountSidA(NULL, &pAce->SidStart, szAccountName, &dwAccountNameSize, szDomainName, &dwDomainNameSize, &snu); puts("=========================================================="); printf("AccountName:%s, DomainName:%s\n",szAccountName, szDomainName); puts("\n===AccessMask==="); //固有のアクセス権 puts("\n#Specific Access Rights"); if ((pAce->Mask & FILE_LIST_DIRECTORY) == FILE_LIST_DIRECTORY) puts("FILE_LIST_DIRECTORY"); if ((pAce->Mask & FILE_ADD_FILE) == FILE_ADD_FILE) puts("FILE_ADD_FILE"); if ((pAce->Mask & FILE_ADD_SUBDIRECTORY) == FILE_ADD_SUBDIRECTORY) puts("FILE_ADD_SUBDIRECTORY"); if ((pAce->Mask & FILE_READ_EA) == FILE_READ_EA) puts("FILE_READ_EA"); if ((pAce->Mask & FILE_WRITE_EA) == FILE_WRITE_EA) puts("FILE_WRITE_EA"); if ((pAce->Mask & FILE_TRAVERSE) == FILE_TRAVERSE) puts("FILE_TRAVERSE"); if ((pAce->Mask & FILE_DELETE_CHILD) == FILE_DELETE_CHILD) puts("FILE_DELETE_CHILD"); if ((pAce->Mask & FILE_READ_ATTRIBUTES) == FILE_READ_ATTRIBUTES) puts("FILE_READ_ATTRIBUTES"); if ((pAce->Mask & FILE_WRITE_ATTRIBUTES) == FILE_WRITE_ATTRIBUTES) puts("FILE_WRITE_ATTRIBUTES"); if ((pAce->Mask & FILE_ALL_ACCESS) == FILE_ALL_ACCESS) puts("FILE_ALL_ACCESS"); if ((pAce->Mask & FILE_GENERIC_READ) == FILE_GENERIC_READ) puts("FILE_GENERIC_READ"); if ((pAce->Mask & FILE_GENERIC_WRITE) == FILE_GENERIC_WRITE) puts("FILE_GENERIC_WRITE"); if ((pAce->Mask & FILE_GENERIC_EXECUTE) == FILE_GENERIC_EXECUTE) puts("FILE_GENERIC_EXECUTE"); //標準のアクセス権 puts("\n#Standard Access Rights"); if ( (pAce->Mask & DELETE) == DELETE ) puts("DELETE"); if ( (pAce->Mask & READ_CONTROL) == READ_CONTROL ) puts("READ_CONTROL"); if ( (pAce->Mask & WRITE_DAC) == WRITE_DAC ) puts("WRITE_DAC"); if ( (pAce->Mask & WRITE_OWNER) == WRITE_OWNER ) puts("WRITE_OWNER"); if ( (pAce->Mask & SYNCHRONIZE) == SYNCHRONIZE ) puts("SYNCHRONIZE"); if ( (pAce->Mask & STANDARD_RIGHTS_REQUIRED) == STANDARD_RIGHTS_REQUIRED ) puts("STANDARD_RIGHTS_REQUIRED"); if ( (pAce->Mask & STANDARD_RIGHTS_READ) == STANDARD_RIGHTS_READ ) puts("STANDARD_RIGHTS_READ"); if ( (pAce->Mask & STANDARD_RIGHTS_WRITE) == STANDARD_RIGHTS_WRITE ) puts("STANDARD_RIGHTS_WRITE"); if ( (pAce->Mask & STANDARD_RIGHTS_EXECUTE) == STANDARD_RIGHTS_EXECUTE ) puts("STANDARD_RIGHTS_EXECUTE"); if ( (pAce->Mask & STANDARD_RIGHTS_ALL) == STANDARD_RIGHTS_ALL ) puts("STANDARD_RIGHTS_ALL"); if ((pAce->Mask & SPECIFIC_RIGHTS_ALL) == SPECIFIC_RIGHTS_ALL ) puts("SPECIFIC_RIGHTS_ALL"); puts("\n===AceType==="); switch (pAce->Header.AceType) { case ACCESS_ALLOWED_ACE_TYPE: puts("ACCESS_ALLOWED_ACE_TYPE"); break; case ACCESS_DENIED_ACE_TYPE: puts("ACCESS_DENIED_ACE_TYPE"); break; case SYSTEM_AUDIT_ACE_TYPE: puts("SYSTEM_AUDIT_ACE_TYPE"); break; default: puts("Unknown ACE type"); break; } puts("\n\n"); } LocalFree(pSD); return 0; }
========================================================== AccountName:TrustedInstaller, DomainName:NT SERVICE ===AccessMask=== #Specific Access Rights FILE_LIST_DIRECTORY FILE_ADD_FILE FILE_ADD_SUBDIRECTORY FILE_READ_EA FILE_WRITE_EA FILE_TRAVERSE FILE_DELETE_CHILD FILE_READ_ATTRIBUTES FILE_WRITE_ATTRIBUTES FILE_ALL_ACCESS FILE_GENERIC_READ FILE_GENERIC_WRITE FILE_GENERIC_EXECUTE #Standard Access Rights DELETE READ_CONTROL WRITE_DAC WRITE_OWNER SYNCHRONIZE STANDARD_RIGHTS_REQUIRED STANDARD_RIGHTS_READ STANDARD_RIGHTS_WRITE STANDARD_RIGHTS_EXECUTE STANDARD_RIGHTS_ALL ===AceType=== ACCESS_ALLOWED_ACE_TYPE ========================================================== AccountName:TrustedInstaller, DomainName:NT SERVICE ===AccessMask=== #Specific Access Rights #Standard Access Rights ===AceType=== ACCESS_ALLOWED_ACE_TYPE ========================================================== AccountName:SYSTEM, DomainName:NT AUTHORITY ===AccessMask=== #Specific Access Rights FILE_LIST_DIRECTORY FILE_ADD_FILE FILE_ADD_SUBDIRECTORY FILE_READ_EA FILE_WRITE_EA FILE_TRAVERSE FILE_READ_ATTRIBUTES FILE_WRITE_ATTRIBUTES FILE_GENERIC_READ FILE_GENERIC_WRITE FILE_GENERIC_EXECUTE #Standard Access Rights DELETE READ_CONTROL SYNCHRONIZE STANDARD_RIGHTS_READ STANDARD_RIGHTS_WRITE STANDARD_RIGHTS_EXECUTE ===AceType=== ACCESS_ALLOWED_ACE_TYPE ========================================================== AccountName:SYSTEM, DomainName:NT AUTHORITY ===AccessMask=== #Specific Access Rights #Standard Access Rights ===AceType=== ACCESS_ALLOWED_ACE_TYPE ========================================================== AccountName:Administrators, DomainName:BUILTIN ===AccessMask=== #Specific Access Rights FILE_LIST_DIRECTORY FILE_ADD_FILE FILE_ADD_SUBDIRECTORY FILE_READ_EA FILE_WRITE_EA FILE_TRAVERSE FILE_READ_ATTRIBUTES FILE_WRITE_ATTRIBUTES FILE_GENERIC_READ FILE_GENERIC_WRITE FILE_GENERIC_EXECUTE #Standard Access Rights DELETE READ_CONTROL SYNCHRONIZE STANDARD_RIGHTS_READ STANDARD_RIGHTS_WRITE STANDARD_RIGHTS_EXECUTE ===AceType=== ACCESS_ALLOWED_ACE_TYPE ========================================================== AccountName:Administrators, DomainName:BUILTIN ===AccessMask=== #Specific Access Rights #Standard Access Rights ===AceType=== ACCESS_ALLOWED_ACE_TYPE ========================================================== AccountName:Users, DomainName:BUILTIN ===AccessMask=== #Specific Access Rights FILE_LIST_DIRECTORY FILE_READ_EA FILE_TRAVERSE FILE_READ_ATTRIBUTES FILE_GENERIC_READ FILE_GENERIC_EXECUTE #Standard Access Rights READ_CONTROL SYNCHRONIZE STANDARD_RIGHTS_READ STANDARD_RIGHTS_WRITE STANDARD_RIGHTS_EXECUTE ===AceType=== ACCESS_ALLOWED_ACE_TYPE ========================================================== AccountName:Users, DomainName:BUILTIN ===AccessMask=== #Specific Access Rights #Standard Access Rights ===AceType=== ACCESS_ALLOWED_ACE_TYPE ========================================================== AccountName:CREATOR OWNER, DomainName: ===AccessMask=== #Specific Access Rights #Standard Access Rights ===AceType=== ACCESS_ALLOWED_ACE_TYPE