Best way to "reset" security

delphi package - easy access to security apis
Post Reply
2BrightSparks
Posts: 28
Joined: Mon Jan 03, 2005 3:03 pm
Contact:

Best way to "reset" security

Post by 2BrightSparks »

I'm saving the file security information (the owner, group, and all the ACL info). What is the best way to restore the settings to the saved values?

For example, do I need to Deallocate, and then change the owner to myself before trying to rebuild the ACL? This is all assuming I'm the administrator.

Also, I'm having problems using NewItem with IACL - it always returns the error "No mapping between account names and security IDs was done". I'm using SID's (no alternative because the app is Unicode). How do I get around this?

Thanks
madshi
Site Admin
Posts: 10753
Joined: Sun Mar 21, 2004 5:25 pm

Post by madshi »

If you don't have access to the file yet, because the ACL doesn't give you access to it, then you have to first take ownership of the file, then add yourself to the ACL (or deallocate the ACL). If you already have access to the ACL, you can set all stuff directly.

Please execute this code:

Code: Select all

with Account(sid) do
  if IsStillValid then
    MessageBox(0, 'sid is ok', 'info', 0)
  else
    MessageBox(0, pchar(LastErrorStr), 'error', 0);
2BrightSparks
Posts: 28
Joined: Mon Jan 03, 2005 3:03 pm
Contact:

Post by 2BrightSparks »

I get the same error (i.e. no mapping...). But I have found a temporary solution. If I convert the SID string into a PSID pointer (using another Delphi component) and then pass the PSID instead of an SID string, then it works :?

Is there any method in madSecurity to convert an SID string into a PSID?

Thanks
madshi
Site Admin
Posts: 10753
Joined: Sun Mar 21, 2004 5:25 pm

Post by madshi »

Oh, when writing "Account(sid)" I meant "sid" to be a PSid pointer. I was not aware that you were thinking about a sid string instead.

Right now there's no build in function in madSecurity, which can convert a sid string to a PSid pointer, but it should be no problem to add. I'll add that to my to do list. It might make it into the next release, which is planned for in about 2 weeks from today.
2BrightSparks
Posts: 28
Joined: Mon Jan 03, 2005 3:03 pm
Contact:

Post by 2BrightSparks »

Thanks
madshi
Site Admin
Posts: 10753
Joined: Sun Mar 21, 2004 5:25 pm

Post by madshi »

Here's a new beta build:

http://madshi.net/madCollectionBeta.exe

With it you can e.g. do this:

Account('S-1-1-0');
2BrightSparks
Posts: 28
Joined: Mon Jan 03, 2005 3:03 pm
Contact:

Post by 2BrightSparks »

Excellent, thanks!
Post Reply