CreateDirEx(DirectoryName:
string; FileSetting: TFileSetting);
var
UserToken : TJwSecurityToken;
SD : TJwSecurityDescriptor;
FileObject : TJwSecureFileObject;
Owner : TJwSecurityId;
DACL : TJwDAccessControlList;
UserSid : TJwSecurityId;
AccessMask: Cardinal;
begin
CreateDirectory(PWideChar(DirectoryName),
nil);
if not DirectoryExists(DirectoryName)
then
exit;
JwInitWellKnownSIDs;
UserToken := TJwSecurityToken.CreateTokenEffective(MAXIMUM_ALLOWED);
Owner := UserToken.GetTokenOwner;
try
UserSid := TJwSecurityId.Create(EdSystemName.Text, EdAccountName.Text);
except
MessageDlg('
Benutzer nicht gefunden.', mtError, [mbOK], 0);
exit;
end;
try
FileObject := TJwSecureFileObject.Create(DirectoryName);
//Make me owner if we cant access DACL
if not FileObject.AccessCheck(WRITE_DAC)
then
begin
//try to become owner
JwEnablePrivilege(SE_TAKE_OWNERSHIP_NAME, pst_Enable);
FileObject.Owner := Owner;
end;
// combine attributes
if FileSetting.
Read then
AccessMask := GENERIC_READ;
if FileSetting.
Write then
AccessMask := AccessMask
or GENERIC_WRITE;
if FileSetting.Modify
then
AccessMask := GENERIC_READ
or GENERIC_WRITE;
if FileSetting.Execute
then
AccessMask := AccessMask
or GENERIC_EXECUTE
or GENERIC_READ;
if FileSetting.FullAccess
then
AccessMask := GENERIC_ALL;
DACL := FileObject.DACL;
// Berechtigungseintrag in Liste einfügen
if AccessMask > 0
then
DACL.Add(TJwDiscretionaryAccessControlEntryAllow.Create(
nil, [afObjectInheritAce,afContainerInheritAce], AccessMask, UserSid, false));
// Eventuell neuen Entrag mit anderen Vererbungen setzten "Ordnerinhalt auflisten"
if (FileSetting.List)
and (
not FileSetting.FullAccess)
then
begin
AccessMask := GENERIC_EXECUTE
or GENERIC_READ;
DACL.Add(TJwDiscretionaryAccessControlEntryAllow.Create(
nil, [afContainerInheritAce], AccessMask, UserSid, false));
end;
FileObject.SetDACL(DACL);
except
MessageDlg('
Fehler beim Setzten der Berechtigungen', mtError, [mbOK], 0);
end;
FileObject.Free;
Owner.Free;
UserToken.Free;
end;