Introduction
CNTFS lib is a simple C++ wrapper for many of the Microsoft security calls such as: GetNamedSecurityInfo, GetAclInformation, AddAccessAllowedAceEx and many others. CNTFS is used to set NTFS permissions and audit settings on files and folders. It's a programmatic alternative to using utilities such as xcacls.exe.
Interface
The following methods are supported in the lib:
int DeleteDACL(CString & I_objPath, BOOL I_removeInheritance)
int DeleteSACL(CString & I_objPath, BOOL I_removeInheritance)
int RemoveInheritance(CString & I_objPath)
int TakeOwnership(CString & I_objPath, CString & I_newOwner)
int AddACEToDACL(CString & I_objPath,
CString & I_securityPrincipal,
DWORD I_objPermission)
int AddACEToSACL(CString & I_objPath,
CString & I_securityPrincipal,
DWORD I_objPermission,
BOOL I_auditSuccess,
BOOL I_auditFailure)
ACLEditor
ACLEditor is a test application for the CNTFS lib. One of the more tricky aspects of CNTFS is the use of access mask flags. Winnt.h defines access mask flags that can be OR'd together. For example, the Modify permission consists of: FILE_GENERIC_READ | FILE_GENERIC_WRITE | FILE_GENERIC_EXECUTE | DELETE. Among other things, ACLEditor demonstrates the use of access masks in setting NTFS permissions.
Building
Be sure to have the Microsoft Platform SDK in
c:\program files\Microsoft SDK. The project settings will reference the include files directory. I've run the lib through Rational Purify so all the mem leaks should be gone.
Any comments or suggestions are welcome.
Enjoy!
Version History
- Version 1.1 - (Oct 23, 2003) Added support for modifying DACLs and SACLs on registry keys. Consolidated
RemoveDACLInheritance and RemoveSACLInheritance into RemoveInheritance method by adding aclType enum.
- Version 1.0 - (Apr 4, 2003) Initial Release.
