Cant get SACL

akin_ocal · July 7, 2007, 10:26am

I cant get SACL of an existing file on my system with this code.

GetNamedSecurityInfo returns 0 (ERROR_SUCCESS) , which means
there is no error in execution of it but pSACL still becomes 0x00000000
and IsValidAcl(pSACL) returns FALSE .

#include <windows.h>
#include <aclapi.h>

unsigned long enable_privilege(const char priv)
{
HANDLE token = INVALID_HANDLE_VALUE;
u status = OpenProcessToken(
GetCurrentProcess(),
TOKEN_ADJUST_PRIVILEGES,
&token
);
if( !status )
{
return GetLastError();
}

unsigned char buf[sizeof(TOKEN_PRIVILEGES) + sizeof(LUID_AND_ATTRIBUTES)];
TOKEN_PRIVILEGES privs = (TOKEN_PRIVILEGES)buf;

status = LookupPrivilegeValue(
NULL,
priv,
&privs->Privileges->Luid
);
if( !status )
{
u err = GetLastError();
CloseHandle(token);
return err;
}

privs->PrivilegeCount = 1;
privs->Privileges->Attributes = SE_PRIVILEGE_ENABLED;
AdjustTokenPrivileges(
token,
FALSE, // do not disable all
privs,
0, // zero buffer for prev state
NULL, // prev state don’t care
NULL // no sink for returned prev state size
);

status = GetLastError();

CloseHandle(token);

return status;
}

int _tmain(int argc, _TCHAR argv)
{
PACL pSACL = NULL;
PSECURITY_DESCRIPTOR pSD = NULL;

unsigned long returnValue ;

enable_privilege(SE_SECURITY_NAME );

returnValue = GetNamedSecurityInfo(
“D:\aa.txt”, // object name
SE_FILE_OBJECT, // object type
SACL_SECURITY_INFORMATION, // information type
NULL, // owner SID
NULL, // primary group SID
NULL, // DACL
&pSACL, // SACL

&pSD); // SD

if(!IsValidAcl(pSACL))
printf(“FAILED , ERROR CODE : %d\n\n”,returnValue);

LocalFree(pSD);

return 0 ;
}</aclapi.h></windows.h>

OSR_Community_User · July 9, 2007, 11:53am

It may not contain an SACL.

mm

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of
xxxxx@hotmail.com
Sent: Saturday, July 07, 2007 10:28
To: Windows System Software Devs Interest List
Subject: [ntdev] Cant get SACL

I cant get SACL of an existing file on my system with this code.

GetNamedSecurityInfo returns 0 (ERROR_SUCCESS) , which means
there is no error in execution of it but pSACL still becomes 0x00000000
and IsValidAcl(pSACL) returns FALSE .

#include <windows.h>
#include <aclapi.h>

unsigned long enable_privilege(const char priv)
{
HANDLE token = INVALID_HANDLE_VALUE;
u status = OpenProcessToken(
GetCurrentProcess(),
TOKEN_ADJUST_PRIVILEGES,
&token
);
if( !status )
{
return GetLastError();
}

unsigned char buf[sizeof(TOKEN_PRIVILEGES) +
sizeof(LUID_AND_ATTRIBUTES)];
TOKEN_PRIVILEGES privs = (TOKEN_PRIVILEGES)buf;

status = LookupPrivilegeValue(
NULL,
priv,
&privs->Privileges->Luid
);
if( !status )
{
u err = GetLastError();
CloseHandle(token);
return err;
}

privs->PrivilegeCount = 1;
privs->Privileges->Attributes = SE_PRIVILEGE_ENABLED;
AdjustTokenPrivileges(
token,
FALSE, // do not disable all
privs,
0, // zero buffer for prev state
NULL, // prev state don’t care
NULL // no sink for returned prev state size
);

status = GetLastError();

CloseHandle(token);

return status;
}

int _tmain(int argc, _TCHAR argv)
{
PACL pSACL = NULL;
PSECURITY_DESCRIPTOR pSD = NULL;

unsigned long returnValue ;

enable_privilege(SE_SECURITY_NAME );

returnValue = GetNamedSecurityInfo(
“D:\aa.txt”, // object name
SE_FILE_OBJECT,
// object type
SACL_SECURITY_INFORMATION,
// information type
NULL, // owner SID
NULL, // primary
group SID
NULL,
// DACL
&pSACL, // SACL

&pSD); // SD

if(!IsValidAcl(pSACL))
printf(“FAILED , ERROR CODE : %d\n\n”,returnValue);

LocalFree(pSD);

return 0 ;
}

—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer</aclapi.h></windows.h>