在 C# 中使用 SetEntriesInAcl：错误 1332

发布于 2024-12-20 22:05:17 字数 2206 浏览 0 评论 0原文

我需要创建共享文件夹，为此显然我必须使用 pinvoke NetShare* 方法。这部分很好，但我想向共享文件夹添加一些共享权限。我使用 SetEntriesInAcl 但不断收到错误 1332：未完成帐户名称和安全 ID 之间的映射。

定义：

internal enum MULTIPLE_TRUSTEE_OPERATION : uint
{
    NO_MULTIPLE_TRUSTEE = 0,
    TRUSTEE_IS_IMPERSONATE = 1
}

internal enum TRUSTEE_FORM : uint
{
    TRUSTEE_IS_SID = 0,
    TRUSTEE_IS_NAME = 1,
    ...
}

internal enum TRUSTEE_TYPE : uint
{
    TRUSTEE_IS_UNKNOWN = 0,
    TRUSTEE_IS_USER = 1,
    TRUSTEE_IS_GROUP = 2,
    ...
}

internal enum ACCESS_MODE : uint
{
    NOT_USED_ACCESS = 0,
    GRANT_ACCESS = 1,
    ...
}

internal enum ACCESS_MASK : uint
{
    GENERIC_ALL = 0x10000000, //268435456,
    GENERIC_READ = 0x80000000, //2147483648L,
    GENERIC_WRITE = 0x40000000, //1073741824,
    GENERIC_EXECUTE = 0x20000000, //536870912,
    STANDARD_RIGHTS_READ = 0x00020000, //131072
    STANDARD_RIGHTS_WRITE = 0x00020000,
}

[DllImport("advapi32.dll", SetLastError = true)]
private static extern uint SetEntriesInAcl(
    int cCountOfExplicitEntries, 
    ref EXPLICIT_ACCESS pListOfExplicitEntries, 
    IntPtr OldAcl, 
    out IntPtr NewAcl
    );

这是我调用它的方式：

//This pointer will hold the full ACL (access control list) once the loop below has completed
IntPtr aclPtr = default(IntPtr);

EXPLICIT_ACCESS explicitAccessRule = new EXPLICIT_ACCESS();
TRUSTEE account = new TRUSTEE();
{
    account.MultipleTrusteeOperation = MULTIPLE_TRUSTEE_OPERATION.NO_MULTIPLE_TRUSTEE;
    account.pMultipleTrustee = 0;
    account.TrusteeForm = TRUSTEE_FORM.TRUSTEE_IS_NAME;
    account.ptstrName = "Everyone";
    account.TrusteeType = TRUSTEE_TYPE.TRUSTEE_IS_USER;
}
explicitAccessRule.grfAccessMode = ACCESS_MODE.GRANT_ACCESS;
explicitAccessRule.grfAccessPermissions = ACCESS_MASK.GENERIC_READ | ACCESS_MASK.STANDARD_RIGHTS_READ | ACCESS_MASK.GENERIC_EXECUTE;
explicitAccessRule.grfInheritance = NO_INHERITANCE;
//Set the Trustee to the TRUSTEE structure we created earlier in the loop
explicitAccessRule.Trustee = account;

//Add this explicit access rule to the ACL
uint SetEntriesResult = SetEntriesInAcl(1, ref explicitAccessRule, aclPtr, out aclPtr);

有人知道我缺少什么吗？或者还有其他方法可以做到这一点吗？

谢谢。

原文

I need to create shared folder and for this apparently I have to use pinvoke NetShare* methods.
This part is fine but I want to add some share permissions to the shared folder.
I use SetEntriesInAcl but I keep getting error 1332 : No mapping between account names and security IDs was done.

The definitions :

internal enum MULTIPLE_TRUSTEE_OPERATION : uint
{
    NO_MULTIPLE_TRUSTEE = 0,
    TRUSTEE_IS_IMPERSONATE = 1
}

internal enum TRUSTEE_FORM : uint
{
    TRUSTEE_IS_SID = 0,
    TRUSTEE_IS_NAME = 1,
    ...
}

internal enum TRUSTEE_TYPE : uint
{
    TRUSTEE_IS_UNKNOWN = 0,
    TRUSTEE_IS_USER = 1,
    TRUSTEE_IS_GROUP = 2,
    ...
}

internal enum ACCESS_MODE : uint
{
    NOT_USED_ACCESS = 0,
    GRANT_ACCESS = 1,
    ...
}

internal enum ACCESS_MASK : uint
{
    GENERIC_ALL = 0x10000000, //268435456,
    GENERIC_READ = 0x80000000, //2147483648L,
    GENERIC_WRITE = 0x40000000, //1073741824,
    GENERIC_EXECUTE = 0x20000000, //536870912,
    STANDARD_RIGHTS_READ = 0x00020000, //131072
    STANDARD_RIGHTS_WRITE = 0x00020000,
}

[DllImport("advapi32.dll", SetLastError = true)]
private static extern uint SetEntriesInAcl(
    int cCountOfExplicitEntries, 
    ref EXPLICIT_ACCESS pListOfExplicitEntries, 
    IntPtr OldAcl, 
    out IntPtr NewAcl
    );

And here is how I invoke it:

//This pointer will hold the full ACL (access control list) once the loop below has completed
IntPtr aclPtr = default(IntPtr);

EXPLICIT_ACCESS explicitAccessRule = new EXPLICIT_ACCESS();
TRUSTEE account = new TRUSTEE();
{
    account.MultipleTrusteeOperation = MULTIPLE_TRUSTEE_OPERATION.NO_MULTIPLE_TRUSTEE;
    account.pMultipleTrustee = 0;
    account.TrusteeForm = TRUSTEE_FORM.TRUSTEE_IS_NAME;
    account.ptstrName = "Everyone";
    account.TrusteeType = TRUSTEE_TYPE.TRUSTEE_IS_USER;
}
explicitAccessRule.grfAccessMode = ACCESS_MODE.GRANT_ACCESS;
explicitAccessRule.grfAccessPermissions = ACCESS_MASK.GENERIC_READ | ACCESS_MASK.STANDARD_RIGHTS_READ | ACCESS_MASK.GENERIC_EXECUTE;
explicitAccessRule.grfInheritance = NO_INHERITANCE;
//Set the Trustee to the TRUSTEE structure we created earlier in the loop
explicitAccessRule.Trustee = account;

//Add this explicit access rule to the ACL
uint SetEntriesResult = SetEntriesInAcl(1, ref explicitAccessRule, aclPtr, out aclPtr);

Anyone knows what I am missing ?
Or is there another way to do that ?

Thanks.

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

迎风吟唱 2024-12-27 22:05:17

看来 Ansi 名称无法映射。
如果您使用 Unicode 版本 SetEntriesInAclW 或者显式设置 CharSet 属性，它会起作用。

[DllImport("advapi32.dll", CharSet = CharSet.Auto, SetLastError = true)]
static extern uint SetEntriesInAcl(
    int cCountOfExplicitEntries,
    ref EXPLICIT_ACCESS pListOfExplicitEntries,
    IntPtr OldAcl,
    out IntPtr NewAcl);

您还可以使用 BuildExplicitAccessWithName 函数来拟合 EXPLICIT_ACCESS 结构。

[DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Auto)]
static extern void BuildExplicitAccessWithName(
    ref EXPLICIT_ACCESS pExplicitAccess,
    string pTrusteeName,
    uint AccessPermissions,
    uint AccessMode,
    uint Inheritance);

It seems that Ansi names cann't be mapped.
It works if you use Unicode version SetEntriesInAclW or if you explicitely set CharSet property.

[DllImport("advapi32.dll", CharSet = CharSet.Auto, SetLastError = true)]
static extern uint SetEntriesInAcl(
    int cCountOfExplicitEntries,
    ref EXPLICIT_ACCESS pListOfExplicitEntries,
    IntPtr OldAcl,
    out IntPtr NewAcl);

You can also fit EXPLICIT_ACCESS structure with BuildExplicitAccessWithName function.

[DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Auto)]
static extern void BuildExplicitAccessWithName(
    ref EXPLICIT_ACCESS pExplicitAccess,
    string pTrusteeName,
    uint AccessPermissions,
    uint AccessMode,
    uint Inheritance);

回复收藏 0 原文