GetEffectiveRightsFromAcl 抛出无效的 acl 错误

发布于 2024-09-06 19:33:20 字数 1531 浏览 0 评论 0原文

我正在尝试使用 C# 中的互操作来获取用户对文件的有效权限。以下是我正在使用的代码：

        public static FileSystemRights GetFileEffectiveRights(string FileName, string UserName)
    {
        IntPtr pDacl, pZero = IntPtr.Zero;
        int Mask = 0;
        uint errorReturn = GetNamedSecurityInfo(FileName, SE_OBJECT_TYPE.SE_FILE_OBJECT, SECURITY_INFORMATION.Dacl
            , out pZero, out pZero, out pDacl, out pZero, out pZero);
        if (errorReturn != 0)
        {
            throw new Exception("Win error : " + errorReturn);
        }
        Program.TRUSTEE pTrustee = new TRUSTEE();
        pTrustee.pMultipleTrustee = IntPtr.Zero;
        pTrustee.MultipleTrusteeOperation = (int)Program.MULTIPLE_TRUSTEE_OPERATION.NO_MULTIPLE_TRUSTEE;
        pTrustee.ptstrName = UserName;
        pTrustee.TrusteeForm = (int)Program.TRUSTEE_FORM.TRUSTEE_IS_NAME;
        pTrustee.TrusteeType = (int)Program.TRUSTEE_TYPE.TRUSTEE_IS_USER;
        errorReturn = GetEffectiveRightsFromAcl(pDacl, ref pTrustee, ref Mask);
        if (errorReturn != 0)
        {
            throw new Exception("Win error : " + errorReturn);
        }
        return (FileSystemRights)Mask;
    }

此代码工作正常，直到我开始使用类 FileAccessRule 和 FileInfo 修改 ACL 结构，然后我开始收到 Windows 错误 1336：ERROR_INVALID_ACL。如果我调试进程，情况也是如此：我调用 GetFileEffectiveRights 一次，暂停进程，通过 Windows API 更改 ACL，然后恢复并再次调用 GetFileEffectiveRights（第一次调用成功，但第二次调用给出 1336。）
出了什么问题？
PS：我正在使用 VS 2008 和 .NET 3.5 在 Windows 7 上进行开发
编辑：只有当我尝试获取通过 Windows GUI/C# 的文件 API 添加了非继承 ACE 的文件的权限时，才会出现错误。

原文

I am trying to get the effective rights a user has on a file using interop in C#. Following is the code I am using :

        public static FileSystemRights GetFileEffectiveRights(string FileName, string UserName)
    {
        IntPtr pDacl, pZero = IntPtr.Zero;
        int Mask = 0;
        uint errorReturn = GetNamedSecurityInfo(FileName, SE_OBJECT_TYPE.SE_FILE_OBJECT, SECURITY_INFORMATION.Dacl
            , out pZero, out pZero, out pDacl, out pZero, out pZero);
        if (errorReturn != 0)
        {
            throw new Exception("Win error : " + errorReturn);
        }
        Program.TRUSTEE pTrustee = new TRUSTEE();
        pTrustee.pMultipleTrustee = IntPtr.Zero;
        pTrustee.MultipleTrusteeOperation = (int)Program.MULTIPLE_TRUSTEE_OPERATION.NO_MULTIPLE_TRUSTEE;
        pTrustee.ptstrName = UserName;
        pTrustee.TrusteeForm = (int)Program.TRUSTEE_FORM.TRUSTEE_IS_NAME;
        pTrustee.TrusteeType = (int)Program.TRUSTEE_TYPE.TRUSTEE_IS_USER;
        errorReturn = GetEffectiveRightsFromAcl(pDacl, ref pTrustee, ref Mask);
        if (errorReturn != 0)
        {
            throw new Exception("Win error : " + errorReturn);
        }
        return (FileSystemRights)Mask;
    }

This code works fine until I start modifying the ACL structure using the classes FileAccessRule and FileInfo, and then I start getting Windows Error 1336 : ERROR_INVALID_ACL. Same is the case if I debug the process : I call GetFileEffectiveRights once, pause the process,change the ACL through windows API, and resume and call GetFileEffectiveRights again(the 1st call succeeds but the second gives 1336.)
What is going wrong?
PS : I am developing on Windows 7 using VS 2008 and .NET 3.5
EDIT : I only get the error when I try to get rights for a file for which a non-inherited ACE was added through the Windows GUI/ C#'s File API.

分享到QQ

分享到微博