How Can I check file permissions?
-
Hi I want to check if my current process has the proper access rights to a file. I read about the ACL and windows security and I understand how they work conceptually. But I am not sure how to invoke the functions to do my checks. Up to now (correct me if I missunderstood something) I am about to use GetFileSecurity() to get the security ID of my file. It seems that I have to call it with OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION | DACL_SECURITY_INFORMATION to get all the ACLs of that file in the proper order. It also seems that I have to call the OpenProcessToken() with the current process handle to get my current process rights. Then I have to call (according to my understanding) the AccessCheck to verify my access. And there is where I am stack. I know that I need to specify desired access and the GENERIC_MAPPING structure. I think that for read the desired access is FILE_READ_ATTRIBUTE | FILE_READ_DATA | FILE_READ_EA | READ_CONTROL | SYNCHRONIZE, for write FILE_APPEND_DATA | FILE_WRITE_ATTRIBUTES | FILE_WRITE_DATA | FILE_WRITE_EA | WRITE_CONTROL | SYNCHRONIZE, for execute or directory traversing FILE_READ_ATTRIBUTES | READ_CONTROL | FILE_EXECUTE | SYNCHRONIZE and for deletion DELETE (or do I also need to combine the write flags also)? I 've seen the GENERIC_READ, GENERIC_WRITE and the GENERIC_EXECUTE flag. I am not understanding what to declare in the GENERIC_MAPPING structure and what to use in the MapGenericMask function (which the MSDN suggests to use). Please help me since I am begginer to windows security coding. Thanks... Dimitris Vikeloudas