예제 #1
0
// Apply the provided access control entries to a file. If the replace
// parameter is true, existing entries will be overwritten. If the inherit
// parameter is true, the file will inherit ACEs from its parent.
func Apply(name string, replace, inherit bool, entries ...api.ExplicitAccess) error {
	var oldAcl windows.Handle
	if !replace {
		var secDesc windows.Handle
		api.GetNamedSecurityInfo(
			name,
			api.SE_FILE_OBJECT,
			api.DACL_SECURITY_INFORMATION,
			nil,
			nil,
			&oldAcl,
			nil,
			&secDesc,
		)
		defer windows.LocalFree(secDesc)
	}
	var acl windows.Handle
	if err := api.SetEntriesInAcl(
		entries,
		oldAcl,
		&acl,
	); err != nil {
		return err
	}
	defer windows.LocalFree((windows.Handle)(unsafe.Pointer(acl)))
	var secInfo uint32
	if !inherit {
		secInfo = api.PROTECTED_DACL_SECURITY_INFORMATION
	} else {
		secInfo = api.UNPROTECTED_DACL_SECURITY_INFORMATION
	}
	return api.SetNamedSecurityInfo(
		name,
		api.SE_FILE_OBJECT,
		api.DACL_SECURITY_INFORMATION|secInfo,
		nil,
		nil,
		acl,
		0,
	)
}
예제 #2
0
func TestGetNamedSecurityInfo(t *testing.T) {
	f, err := ioutil.TempFile(os.TempDir(), "")
	if err != nil {
		t.Fatal(err)
	}
	defer os.Remove(f.Name())
	var (
		secDesc windows.Handle
	)
	if err = GetNamedSecurityInfo(
		f.Name(),
		SE_FILE_OBJECT,
		0,
		nil,
		nil,
		nil,
		nil,
		&secDesc,
	); err != nil {
		t.Fatal(err)
	}
	defer windows.LocalFree(secDesc)
}
예제 #3
0
func TestSetEntriesInAcl(t *testing.T) {
	var (
		entries = []ExplicitAccess{
			{
				AccessPermissions: windows.GENERIC_READ,
				AccessMode:        GRANT_ACCESS,
				Inheritance:       NO_INHERITANCE,
				Trustee: Trustee{
					TrusteeForm: TRUSTEE_IS_NAME,
					Name:        windows.StringToUTF16Ptr("CURRENT_USER"),
				},
			},
		}
		acl windows.Handle
	)
	if err := SetEntriesInAcl(
		entries,
		0,
		&acl,
	); err != nil {
		t.Fatal(err)
	}
	defer windows.LocalFree(acl)
}