// Apply the provided access control entries to a file. If the replace
// parameter is true, existing entries will be overwritten. If the inherit
// parameter is true, the file will inherit ACEs from its parent.
func Apply(name string, replace, inherit bool, entries ...api.ExplicitAccess) error {
var oldAcl windows.Handle
if !replace {
var secDesc windows.Handle
api.GetNamedSecurityInfo(
name,
api.SE_FILE_OBJECT,
api.DACL_SECURITY_INFORMATION,
nil,
nil,
&oldAcl,
nil,
&secDesc,
)
defer windows.LocalFree(secDesc)
}
var acl windows.Handle
if err := api.SetEntriesInAcl(
entries,
oldAcl,
&acl,
); err != nil {
return err
}
defer windows.LocalFree((windows.Handle)(unsafe.Pointer(acl)))
var secInfo uint32
if !inherit {
secInfo = api.PROTECTED_DACL_SECURITY_INFORMATION
} else {
secInfo = api.UNPROTECTED_DACL_SECURITY_INFORMATION
}
return api.SetNamedSecurityInfo(
name,
api.SE_FILE_OBJECT,
api.DACL_SECURITY_INFORMATION|secInfo,
nil,
nil,
acl,
0,
)
}
func TestGetNamedSecurityInfo(t *testing.T) {
f, err := ioutil.TempFile(os.TempDir(), "")
if err != nil {
t.Fatal(err)
}
defer os.Remove(f.Name())
var (
secDesc windows.Handle
)
if err = GetNamedSecurityInfo(
f.Name(),
SE_FILE_OBJECT,
0,
nil,
nil,
nil,
nil,
&secDesc,
); err != nil {
t.Fatal(err)
}
defer windows.LocalFree(secDesc)
}
func TestSetEntriesInAcl(t *testing.T) {
var (
entries = []ExplicitAccess{
{
AccessPermissions: windows.GENERIC_READ,
AccessMode: GRANT_ACCESS,
Inheritance: NO_INHERITANCE,
Trustee: Trustee{
TrusteeForm: TRUSTEE_IS_NAME,
Name: windows.StringToUTF16Ptr("CURRENT_USER"),
},
},
}
acl windows.Handle
)
if err := SetEntriesInAcl(
entries,
0,
&acl,
); err != nil {
t.Fatal(err)
}
defer windows.LocalFree(acl)
}