question

MukilanIK-5436 avatar image
0 Votes"
MukilanIK-5436 asked MukilanIK-5436 commented

How to get the source from which an ACE is inherited?

I'm trying to write a program to get the NTFS permissions for a folder and information about each Access Control Entry(ACE). How do I get the source object from which an ACE was inherited?

 for (int i = 0; i < dacl->AceCount; i++)
  {
             dw_name = 0;
             dw_domain = 0;
             GetAce(dacl, i, (PVOID *)&ace);
    
             if((ace->Header.AceFlags & INHERITED_ACE) == INHERITED_ACE)
                   // Get inherited source
 }




windows-apic++
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Did you try with GetInheritanceSourceW as I suggested?

0 Votes 0 ·

1 Answer

RLWA32-6355 avatar image
2 Votes"
RLWA32-6355 answered MukilanIK-5436 commented

See the API function nf-aclapi-getinheritancesourcew


· 9
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thank you for your reply. I'm getting an error trying to using this function, 144231-image.png

I am using windows 10 and this is my code. I'm only working with folders and not files.

       GENERIC_MAPPING g_ObjMap = {
           FILE_GENERIC_READ,
           FILE_GENERIC_WRITE,
           FILE_GENERIC_EXECUTE,
           FILE_ALL_ACCESS};
       PACL dacl;
       PSECURITY_DESCRIPTOR sd;
       PINHERITED_FROM ifrom;
       SID *pSid = NULL;
       BOOL rtn = TRUE;
       DWORD dw_name = 0, dw_domain = 0;
       LPTSTR name = NULL, domain = NULL;
       SID_NAME_USE eUse = SidTypeUnknown;
       ACCESS_ALLOWED_ACE *ace;
    
       rtn = GetNamedSecurityInfo((LPSTR)fileName, SE_FILE_OBJECT, DACL_SECURITY_INFORMATION, NULL, NULL, &dacl, NULL, &sd);
       if (rtn != ERROR_SUCCESS)
       {
             _PrintLastError();
             obj_list = NULL;
             goto Cleanup;
       }
    
       ifrom = (PINHERITED_FROM)LocalAlloc(LPTR, (1 + dacl->AceCount) * sizeof(INHERITED_FROM));
       rtn = GetInheritanceSource((LPSTR)fileName, SE_FILE_OBJECT, DACL_SECURITY_INFORMATION, TRUE, NULL, 0, dacl, NULL, &g_ObjMap, ifrom);
       if (rtn != ERROR_SUCCESS)
       {
             std::cout << rtn << std::endl;
             _PrintLastError(rtn);
             obj_list = NULL;
             goto Cleanup;
       }









0 Votes 0 ·
image.png (2.9 KiB)

You need to use the UNICODE version of the function (GetInheritanceSourceW). The documentation for GetInheritanceSourceA indicates "This version of this function is not supported."

1 Vote 1 ·

Thank you for waiting. The UNICODE version of the function works as you mentioned but I'm getting a "The filename, directory name, or volume label syntax is incorrect." or "The system cannot find the file specified" error for any folder path.

0 Votes 0 ·
Show more comments