User Mode Questions about NTFS

NTFSD
1

I have some simple questions , thank you very much…

  1. How can i get Owner and Group SIDs and matched username and groupnames of a file/folder ?

  2. How can i get DACL and SACL of a file/folder ? Are they human-readable , if not how can they be parsed into a human-readable form ?

  3. How can i get number of data streams and read data streams ( without changing access-time) of a file/folder ?

2

Security is fun, isn’t it?

This is really not my thing, but I believe what follows will help you.

In general, the relevant SDK information can be found under
“Authorization” under (roughly) “Win32 and COM Development/Security”:

ms-help://MS.MSDNQTR.v80.en/MS.MSDN.v80/MS.WIN32COM.v10.en/secauthz/security/authorization_portal.htm

For questions 1 & 2, The basic chain of events goes something like
this:

GetFileSecurity(): This gives you a pointer to a SECURITY_DESCRIPTOR
(among other things) for the given file or directory

GetSecurityDescriptorDacl()/GetSecurityDescriptorGetSacl()/GetSecurityDescriptorGroup()/GetSecurityDescriptorOwner()
or GetSecurityInfo(): Each of these takes the pointer to the
SECURITY_DESCRIPTOR from the step above, and returns a pointer to an SID
for the function specific type (i. e. - Group for
GetSecurityDesciptorGroup(), et. c.); GetSecurityInfo() combines a few
functions in to one, and gets the Owner, Group, DACL and SACL.

ConvertSecurityDescriptorToStringSecurityDescriptor(): This takes and
SID from above and returns a text representation.

Question 3 has nothing to do with security, but it is straightforward
on Vista or longhorn:

GetFileInformationByHandleEx(FILE_STREAM_INFO_CLASS):

Pre-Vista/Longhorn, it involves using the Backup API, which kind of
sucks:

ms-help://MS.MSDNQTR.v80.en/MS.MSDN.v80/MS.WIN32COM.v10.en/backup/backup/backup.htm

Happy reading,

mm

>> xxxxx@hotmail.com 2007-05-22 20:13 >>>
I have some simple questions , thank you very much…

  1. How can i get Owner and Group SIDs and matched username and
    groupnames of a file/folder ?

  2. How can i get DACL and SACL of a file/folder ? Are they
    human-readable , if not how can they be parsed into a human-readable
    form ?

  3. How can i get number of data streams and read data streams ( without
    changing access-time) of a file/folder ?

Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17

You are currently subscribed to ntfsd as: xxxxx@evitechnology.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

3

Thank you very much