//+------------------------------------------------------------------------- // // Microsoft Windows // // Copyright (C) Microsoft Corporation, 1996 - 1999 // // File: ntfssi.cpp // // This file contains the implementation of the CNTFSSecurity object. // //-------------------------------------------------------------------------- #include "rshx32.h" #include // GET_WM_COMMAND_ID, etc. #include #define MY_FILE_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED \ | SYNCHRONIZE \ | FILE_READ_DATA | FILE_LIST_DIRECTORY \ | FILE_WRITE_DATA | FILE_ADD_FILE \ | FILE_APPEND_DATA | FILE_ADD_SUBDIRECTORY \ | FILE_CREATE_PIPE_INSTANCE \ | FILE_READ_EA \ | FILE_WRITE_EA \ | FILE_EXECUTE | FILE_TRAVERSE \ | FILE_DELETE_CHILD \ | FILE_READ_ATTRIBUTES \ | FILE_WRITE_ATTRIBUTES) #if(FILE_ALL_ACCESS != MY_FILE_ALL_ACCESS) #error ACL editor needs to sync with file permissions changes in ntioapi.h (or ntioapi.h is broken) #endif #define INHERIT_FULL (CONTAINER_INHERIT_ACE | OBJECT_INHERIT_ACE) // // Treat SYNCHRONIZE specially. In particular, always allow SYNCHRONIZE and // never Deny SYNCHRONIZE. Do this by removing it from the Generic Mapping, // turning it off in all ACEs and SI_ACCESS entries, and then adding it to // all Allow ACEs before saving a new ACL. // #define FILE_GENERIC_READ_ (FILE_GENERIC_READ & ~SYNCHRONIZE) #define FILE_GENERIC_WRITE_ (FILE_GENERIC_WRITE & ~(SYNCHRONIZE | READ_CONTROL)) #define FILE_GENERIC_EXECUTE_ (FILE_GENERIC_EXECUTE & ~SYNCHRONIZE) #define FILE_GENERIC_ALL_ (FILE_ALL_ACCESS & ~SYNCHRONIZE) #define FILE_GENERAL_MODIFY (FILE_GENERIC_READ_ | FILE_GENERIC_WRITE_ | FILE_GENERIC_EXECUTE_ | DELETE) #define FILE_GENERAL_PUBLISH (FILE_GENERIC_READ_ | FILE_GENERIC_WRITE_ | FILE_GENERIC_EXECUTE_) #define FILE_GENERAL_DEPOSIT (FILE_GENERIC_WRITE_ | FILE_GENERIC_EXECUTE_) #define FILE_GENERAL_READ_EX (FILE_GENERIC_READ_ | FILE_GENERIC_EXECUTE_) // The following array defines the permission names for NTFS objects. SI_ACCESS siNTFSAccesses[] = { { &GUID_NULL, FILE_GENERIC_ALL_, MAKEINTRESOURCE(IDS_NTFS_GENERIC_ALL), SI_ACCESS_GENERAL | INHERIT_FULL|SI_ACCESS_SPECIFIC }, { &GUID_NULL, FILE_GENERAL_MODIFY, MAKEINTRESOURCE(IDS_NTFS_GENERAL_MODIFY), SI_ACCESS_GENERAL | INHERIT_FULL }, { &GUID_NULL, FILE_GENERAL_READ_EX, MAKEINTRESOURCE(IDS_NTFS_GENERAL_READ), SI_ACCESS_GENERAL | INHERIT_FULL }, { &GUID_NULL, FILE_GENERAL_READ_EX, MAKEINTRESOURCE(IDS_NTFS_GENERAL_LIST), SI_ACCESS_CONTAINER | CONTAINER_INHERIT_ACE }, { &GUID_NULL, FILE_GENERIC_READ_, MAKEINTRESOURCE(IDS_NTFS_GENERIC_READ), SI_ACCESS_GENERAL | INHERIT_FULL }, { &GUID_NULL, FILE_GENERIC_WRITE_, MAKEINTRESOURCE(IDS_NTFS_GENERIC_WRITE), SI_ACCESS_GENERAL | INHERIT_FULL }, { &GUID_NULL, FILE_EXECUTE, MAKEINTRESOURCE(IDS_NTFS_FILE_EXECUTE), SI_ACCESS_SPECIFIC }, { &GUID_NULL, FILE_READ_DATA, MAKEINTRESOURCE(IDS_NTFS_FILE_READ_DATA), SI_ACCESS_SPECIFIC }, { &GUID_NULL, FILE_READ_ATTRIBUTES, MAKEINTRESOURCE(IDS_NTFS_FILE_READ_ATTR), SI_ACCESS_SPECIFIC }, { &GUID_NULL, FILE_READ_EA, MAKEINTRESOURCE(IDS_NTFS_FILE_READ_EA), SI_ACCESS_SPECIFIC }, { &GUID_NULL, FILE_WRITE_DATA, MAKEINTRESOURCE(IDS_NTFS_FILE_WRITE_DATA), SI_ACCESS_SPECIFIC }, { &GUID_NULL, FILE_APPEND_DATA, MAKEINTRESOURCE(IDS_NTFS_FILE_APPEND_DATA), SI_ACCESS_SPECIFIC }, { &GUID_NULL, FILE_WRITE_ATTRIBUTES,MAKEINTRESOURCE(IDS_NTFS_FILE_WRITE_ATTR), SI_ACCESS_SPECIFIC }, { &GUID_NULL, FILE_WRITE_EA, MAKEINTRESOURCE(IDS_NTFS_FILE_WRITE_EA), SI_ACCESS_SPECIFIC }, { &GUID_NULL, FILE_DELETE_CHILD, MAKEINTRESOURCE(IDS_NTFS_FILE_DELETE_CHILD),SI_ACCESS_SPECIFIC }, #if(FILE_CREATE_PIPE_INSTANCE != FILE_APPEND_DATA) { &GUID_NULL, FILE_CREATE_PIPE_INSTANCE, MAKEINTRESOURCE(IDS_NTFS_FILE_CREATE_PIPE), SI_ACCESS_SPECIFIC }, #endif { &GUID_NULL, DELETE, MAKEINTRESOURCE(IDS_NTFS_STD_DELETE), SI_ACCESS_SPECIFIC }, { &GUID_NULL, READ_CONTROL, MAKEINTRESOURCE(IDS_NTFS_STD_READ_CONTROL), SI_ACCESS_SPECIFIC }, { &GUID_NULL, WRITE_DAC, MAKEINTRESOURCE(IDS_NTFS_STD_WRITE_DAC), SI_ACCESS_SPECIFIC }, { &GUID_NULL, WRITE_OWNER, MAKEINTRESOURCE(IDS_NTFS_STD_WRITE_OWNER), SI_ACCESS_SPECIFIC }, // { &GUID_NULL, SYNCHRONIZE, MAKEINTRESOURCE(IDS_NTFS_STD_SYNCHRONIZE), SI_ACCESS_SPECIFIC }, { &GUID_NULL, 0, MAKEINTRESOURCE(IDS_NONE), 0 }, { &GUID_NULL, FILE_GENERIC_EXECUTE_,MAKEINTRESOURCE(IDS_NTFS_GENERIC_EXECUTE), 0 }, { &GUID_NULL, FILE_GENERAL_DEPOSIT, MAKEINTRESOURCE(IDS_NTFS_GENERAL_DEPOSIT), 0 }, { &GUID_NULL, FILE_GENERAL_PUBLISH, MAKEINTRESOURCE(IDS_NTFS_GENERAL_PUBLISH), 0 }, }; #define iNTFSDefAccess 2 // FILE_GENERAL_READ_EX #define iNTFSDelChildAccess 14 // FILE_DELETE_CHILD // The following array defines the inheritance types for NTFS directories. SI_INHERIT_TYPE siNTFSInheritTypes[] = { &GUID_NULL, 0, MAKEINTRESOURCE(IDS_NTFS_FOLDER), &GUID_NULL, CONTAINER_INHERIT_ACE | OBJECT_INHERIT_ACE, MAKEINTRESOURCE(IDS_NTFS_FOLDER_SUBITEMS), &GUID_NULL, CONTAINER_INHERIT_ACE, MAKEINTRESOURCE(IDS_NTFS_FOLDER_SUBFOLDER), &GUID_NULL, OBJECT_INHERIT_ACE, MAKEINTRESOURCE(IDS_NTFS_FOLDER_FILE), &GUID_NULL, INHERIT_ONLY_ACE | CONTAINER_INHERIT_ACE | OBJECT_INHERIT_ACE, MAKEINTRESOURCE(IDS_NTFS_SUBITEMS_ONLY), &GUID_NULL, INHERIT_ONLY_ACE | CONTAINER_INHERIT_ACE, MAKEINTRESOURCE(IDS_NTFS_SUBFOLDER_ONLY), &GUID_NULL, INHERIT_ONLY_ACE | OBJECT_INHERIT_ACE, MAKEINTRESOURCE(IDS_NTFS_FILE_ONLY), }; VOID ProgressFunction(IN LPWSTR pObjectName, IN DWORD Status, IN OUT PPROG_INVOKE_SETTING pInvokeSetting , IN PVOID Args, IN BOOL SecuritySet); BOOL SetFileSecurityUsingNTName(IN PUNICODE_STRING pFileName, IN PSECURITY_DESCRIPTOR pSecurityDescriptor, OUT PBOOL pbIsFile); STDMETHODIMP CheckFileAccess(LPCTSTR pszObjectName, LPDWORD pdwAccessGranted) { HRESULT hr = S_OK; UINT i; UNICODE_STRING usNtFileName = {0}; DWORD dwAccessDesired[] = { ALL_SECURITY_ACCESS, READ_CONTROL, WRITE_DAC, WRITE_OWNER, ACCESS_SYSTEM_SECURITY }; TraceEnter(TRACE_NTFSSI, "CheckFileAccess"); TraceAssert(pdwAccessGranted != NULL); *pdwAccessGranted = 0; if (!RtlDosPathNameToNtPathName_U(pszObjectName, &usNtFileName, NULL, NULL)) { ExitGracefully(hr, E_OUTOFMEMORY, "RtlDosPathNameToNtPathName_U failed"); } for (i = 0; i < ARRAYSIZE(dwAccessDesired); i++) { OBJECT_ATTRIBUTES oa; IO_STATUS_BLOCK StatusBlock; DWORD dwErr; HANDLE hFile; if ((dwAccessDesired[i] & *pdwAccessGranted) == dwAccessDesired[i]) continue; // already have this access InitializeObjectAttributes(&oa, &usNtFileName, OBJ_CASE_INSENSITIVE, 0, 0); dwErr = RtlNtStatusToDosError(NtOpenFile(&hFile, dwAccessDesired[i], &oa, &StatusBlock, FILE_SHARE_READ | FILE_SHARE_WRITE, 0)); if (dwErr == 0) { *pdwAccessGranted |= dwAccessDesired[i]; NtClose(hFile); } } exit_gracefully: RtlFreeUnicodeString(&usNtFileName); Trace((TEXT("Access = 0x%08x"), *pdwAccessGranted)); TraceLeaveResult(hr); } DWORD GetCurrentToken(DWORD dwDesiredAccess, PHANDLE phToken) { DWORD dwErr = NOERROR; if (!OpenThreadToken(GetCurrentThread(), dwDesiredAccess, TRUE, phToken) && !OpenProcessToken(GetCurrentProcess(), dwDesiredAccess, phToken)) { dwErr = GetLastError(); } return dwErr; } /////////////////////////////////////////////////////////// // // Constructor/destructor // /////////////////////////////////////////////////////////// NTFS_COMPARE_DATA::~NTFS_COMPARE_DATA() { LocalFreeString(&pszSaclConflict); LocalFreeString(&pszDaclConflict); } CNTFSSecurity::CNTFSSecurity(SE_OBJECT_TYPE seType) : CSecurityInformation(seType) { } CNTFSSecurity::~CNTFSSecurity() { if (m_pCompareData != NULL) m_pCompareData->bAbortThread = TRUE; WaitForComparison(); delete m_pCompareData; } STDMETHODIMP CNTFSSecurity::Initialize(HDPA hItemList, DWORD dwFlags, LPTSTR pszServer, LPTSTR pszObject) { HRESULT hr; // // If we're editing the owner on a folder, turn on the Recurse button. // if (dwFlags & SI_CONTAINER) { if ((dwFlags & (SI_EDIT_OWNER | SI_OWNER_READONLY)) == SI_EDIT_OWNER) dwFlags |= SI_OWNER_RECURSE; if (!(dwFlags & SI_READONLY)) dwFlags |= SI_RESET_DACL_TREE; if (dwFlags & SI_EDIT_AUDITS) dwFlags |= SI_RESET_SACL_TREE; } // // Let the base class do its thing // hr = CSecurityInformation::Initialize(hItemList, dwFlags, pszServer, pszObject); // // If multiple selection, create thread to compare security descriptors // if (m_hItemList && DPA_GetPtrCount(m_hItemList) > 1) { m_pCompareData = new NTFS_COMPARE_DATA(m_hItemList, m_dwSIFlags); if (m_pCompareData != NULL) { DWORD dwID; m_hCompareThread = CreateThread(NULL, 0, NTFSCompareThreadProc, m_pCompareData, CREATE_SUSPENDED, &dwID); if (m_hCompareThread != NULL) { SetThreadPriority(m_hCompareThread, THREAD_PRIORITY_BELOW_NORMAL); ResumeThread(m_hCompareThread); } else { delete m_pCompareData; m_pCompareData = NULL; } } } return hr; } /////////////////////////////////////////////////////////// // // ISecurityInformation methods // /////////////////////////////////////////////////////////// STDMETHODIMP CNTFSSecurity::GetAccessRights(const GUID* /*pguidObjectType*/, DWORD dwFlags, PSI_ACCESS *ppAccesses, ULONG *pcAccesses, ULONG *piDefaultAccess) { TraceEnter(TRACE_NTFSSI, "CNTFSSecurity::GetAccessRights"); TraceAssert(ppAccesses != NULL); TraceAssert(pcAccesses != NULL); TraceAssert(piDefaultAccess != NULL); // //Don't Show delete subfolder and files for files or //when applyonto is files only // if(IsFile()) siNTFSAccesses[iNTFSDelChildAccess].dwFlags = 0; else siNTFSAccesses[iNTFSDelChildAccess].dwFlags = SI_ACCESS_SPECIFIC; *ppAccesses = siNTFSAccesses; *pcAccesses = ARRAYSIZE(siNTFSAccesses); *piDefaultAccess = iNTFSDefAccess; TraceLeaveResult(S_OK); } GENERIC_MAPPING NTFSMap = { FILE_GENERIC_READ_, FILE_GENERIC_WRITE_, FILE_GENERIC_EXECUTE_, FILE_GENERIC_ALL_ }; STDMETHODIMP CNTFSSecurity::MapGeneric(const GUID* /*pguidObjectType*/, UCHAR * /*pAceFlags*/, ACCESS_MASK *pmask) { TraceEnter(TRACE_NTFSSI, "CNTFSSecurity::MapGeneric"); TraceAssert(pmask != NULL); MapGenericMask(pmask, &NTFSMap); *pmask &= ~SYNCHRONIZE; TraceLeaveResult(S_OK); } STDMETHODIMP CNTFSSecurity::GetInheritTypes(PSI_INHERIT_TYPE *ppInheritTypes, ULONG *pcInheritTypes) { TraceEnter(TRACE_NTFSSI, "CNTFSSecurity::GetInheritTypes"); TraceAssert(ppInheritTypes != NULL); TraceAssert(pcInheritTypes != NULL); if (m_dwSIFlags & SI_CONTAINER) { *ppInheritTypes = siNTFSInheritTypes; *pcInheritTypes = ARRAYSIZE(siNTFSInheritTypes); TraceLeaveResult(S_OK); } TraceLeaveResult(E_NOTIMPL); } STDMETHODIMP CNTFSSecurity::GetSecurity(SECURITY_INFORMATION si, PSECURITY_DESCRIPTOR *ppSD, BOOL fDefault) { HRESULT hr = S_OK; SECURITY_INFORMATION siConflict = 0; TraceEnter(TRACE_NTFSSI, "CNTFSSecurity::GetSecurity"); TraceAssert(si != 0); TraceAssert(ppSD != NULL); *ppSD = NULL; if (fDefault) { #ifdef SUPPORT_NTFS_DEFAULT hr = GetDefaultSecurity(si, ppSD); ExitGracefully(hr, hr, "Returning default security descriptor"); #else ExitGracefully(hr, E_NOTIMPL, "Default security descriptor not supported"); #endif } WaitForComparison(); if (m_pCompareData != NULL) { // Of the bits requested (si) figure out which ones // conflict and which ones don't. // First check DACL and SACL SECURITY_INFORMATION siAcl = si & m_pCompareData->siConflict; siAcl &= (SACL_SECURITY_INFORMATION | DACL_SECURITY_INFORMATION); if (siAcl) { // To get here, we've already told the user there is a conflict // and they said to reset the ACL(s) and continue. // Build security descriptor with empty DACL and NULL SACL SECURITY_DESCRIPTOR sdEmpty = {0}; ACL aclEmpty = {0}; InitializeSecurityDescriptor(&sdEmpty, SECURITY_DESCRIPTOR_REVISION); InitializeAcl(&aclEmpty, sizeof(ACL), ACL_REVISION); SetSecurityDescriptorSacl(&sdEmpty, TRUE, &aclEmpty, FALSE); SetSecurityDescriptorDacl(&sdEmpty, TRUE, &aclEmpty, FALSE); // Reset the DACL and/or SACL hr = SetSecurity(siAcl, (PSECURITY_DESCRIPTOR)&sdEmpty); } // Note that SetSecurity will free m_pCompareData if there are // no more conflicts, so check the pointer again here. if (m_pCompareData != NULL) siConflict = si & m_pCompareData->siConflict; } // Read it from the first item. hr = CSecurityInformation::GetSecurity(si, ppSD, fDefault); if (SUCCEEDED(hr) && siConflict != 0) { // // Clear out any of the parts that conflict // PISECURITY_DESCRIPTOR psd = (PISECURITY_DESCRIPTOR)*ppSD; TraceAssert(psd != NULL); if (siConflict & OWNER_SECURITY_INFORMATION) { psd->Owner = NULL; } if (siConflict & GROUP_SECURITY_INFORMATION) { psd->Group = NULL; } // The following can happen if there was an error resetting ACLs above if (siConflict & SACL_SECURITY_INFORMATION) { psd->Control &= ~SE_SACL_PRESENT; psd->Sacl = NULL; } if (siConflict & DACL_SECURITY_INFORMATION) { psd->Control &= ~SE_DACL_PRESENT; psd->Dacl = NULL; } } exit_gracefully: TraceLeaveResult(hr); } // // See comments about SYNCHRONIZE at the top of this file // void FixSynchronizeAccess(SECURITY_INFORMATION si, PSECURITY_DESCRIPTOR pSD) { if (NULL != pSD && 0 != (si & DACL_SECURITY_INFORMATION)) { BOOL bPresent; BOOL bDefault; PACL pDacl = NULL; GetSecurityDescriptorDacl(pSD, &bPresent, &pDacl, &bDefault); if (pDacl) { PACE_HEADER pAce; int i; for (i = 0, pAce = (PACE_HEADER)FirstAce(pDacl); i < pDacl->AceCount; i++, pAce = (PACE_HEADER)NextAce(pAce)) { if (ACCESS_ALLOWED_ACE_TYPE == pAce->AceType) ((PKNOWN_ACE)pAce)->Mask |= SYNCHRONIZE; } } } } STDMETHODIMP CNTFSSecurity::SetSecurity(SECURITY_INFORMATION si, PSECURITY_DESCRIPTOR pSD) { HRESULT hr = S_OK; if (si & DACL_SECURITY_INFORMATION) FixSynchronizeAccess(si, pSD); if(!SetAclOnRemoteNetworkDrive(m_hItemList, si, pSD, GetLastActivePopup(m_hwndOwner))) { return S_FALSE; } // // If we need to recursively set the Owner, get the Owner & // Group from pSD. // if (si & ( SI_OWNER_RECURSE | SI_RESET_DACL_TREE | SI_RESET_SACL_TREE ) ) { si = si & (~( SI_OWNER_RECURSE | SI_RESET_DACL_TREE | SI_RESET_SACL_TREE )); hr = SetSecurityLocal(si, pSD, NULL); // Remember whether the user cancelled, since hr gets // reset when we call the base class below. } else { // See comments about SYNCHRONIZE at the top of this file // Call the base class to do the rest hr = CSecurityInformation::SetSecurity(si, pSD); } if (S_OK == hr && m_pCompareData) { // If we successfully wrote it, then it doesn't conflict anymore m_pCompareData->siConflict &= ~(si); if (0 == m_pCompareData->siConflict) { delete m_pCompareData; m_pCompareData = NULL; } } return hr; } STDMETHODIMP CNTFSSecurity::PropertySheetPageCallback(HWND hwnd, UINT uMsg, SI_PAGE_TYPE uPage) { HRESULT hr; LPUINT pidsPrompt = NULL; LPCTSTR pszFile2 = NULL; TraceEnter(TRACE_NTFSSI, "CNTFSSecurity::PropertySheetPageCallback"); hr = CSecurityInformation::PropertySheetPageCallback(hwnd, uMsg, uPage); if (uMsg == PSPCB_SI_INITDIALOG) { WaitForComparison(); if (m_pCompareData != NULL) { if (SUCCEEDED(m_pCompareData->hrResult)) { switch (uPage) { case SI_PAGE_PERM: case SI_PAGE_ADVPERM: pidsPrompt = &m_pCompareData->idsDaclPrompt; pszFile2 = m_pCompareData->pszDaclConflict; break; case SI_PAGE_AUDIT: pidsPrompt = &m_pCompareData->idsSaclPrompt; pszFile2 = m_pCompareData->pszSaclConflict; break; } } } if (pidsPrompt != NULL && *pidsPrompt != 0) { if (IDYES != MsgPopup(hwnd, MAKEINTRESOURCE(*pidsPrompt), MAKEINTRESOURCE(IDS_PROPPAGE_TITLE), MB_YESNO | MB_ICONWARNING | MB_SETFOREGROUND, g_hInstance, m_pszObjectName, pszFile2)) { hr = E_FAIL; // abort } // Don't want to prompt again for the same thing, so set // this to zero. *pidsPrompt = 0; } } TraceLeaveResult(hr); } #ifdef SUPPORT_NTFS_DEFAULT HRESULT CNTFSSecurity::GetParentSecurity(SECURITY_INFORMATION si, PSECURITY_DESCRIPTOR *ppSD) { HRESULT hr = S_OK; LPTSTR pszItem; TraceEnter(TRACE_NTFSSI, "CNTFSSecurity::GetParentSecurity"); TraceAssert(m_hItemList && DPA_GetPtrCount(m_hItemList)); // Get the name of the first item pszItem = (LPTSTR)DPA_GetPtr(m_hItemList, 0); if (NULL != pszItem && !PathIsRoot(pszItem)) { TCHAR szParent[MAX_PATH]; lstrcpyn(szParent, pszItem, ARRAYSIZE(szParent)); PathRemoveFileSpec(szParent); // Read the parent DACL/SACL hr = ReadObjectSecurity(szParent, si, ppSD); } TraceLeaveResult(hr); } STDMETHODIMP CNTFSSecurity::GetDefaultSecurity(SECURITY_INFORMATION si, PSECURITY_DESCRIPTOR *ppSD) { HRESULT hr = S_OK; DWORD dwErr; PSECURITY_DESCRIPTOR psdParent = NULL; SECURITY_INFORMATION siLocal; HANDLE hToken = INVALID_HANDLE_VALUE; ULONG ulAutoInheritFlags = (SEF_DACL_AUTO_INHERIT | SEF_SACL_AUTO_INHERIT | SEF_AVOID_PRIVILEGE_CHECK | SEF_AVOID_OWNER_CHECK); TraceEnter(TRACE_NTFSSI, "CNTFSSecurity::GetDefaultSecurity"); TraceAssert(m_hItemList && DPA_GetPtrCount(m_hItemList)); dwErr = GetCurrentToken(TOKEN_QUERY, &hToken); if (NOERROR != dwErr) ExitGracefully(hr, HRESULT_FROM_WIN32(dwErr), "Unable to get current token"); // Only DACL and SACL get inherited siLocal = si & ~(OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION); if (siLocal) { hr = GetParentSecurity(si, &psdParent); FailGracefully(hr, "Unable to get parent security descriptor"); } #if(_WIN32_WINNT >= 0x0500) if(!CreatePrivateObjectSecurityEx(psdParent,// Inherited ACEs come from here NULL, ppSD, NULL, !!(m_dwSIFlags & SI_CONTAINER), ulAutoInheritFlags, hToken, // owner & group come from here &NTFSMap)) #else if(!CreatePrivateObjectSecurity(psdParent, NULL, ppSD, !!(m_dwSIFlags & SI_CONTAINER), hToken, &NTFSMap)) #endif { dwErr = GetLastError(); hr = HRESULT_FROM_WIN32(dwErr); } exit_gracefully: if (hToken != INVALID_HANDLE_VALUE) CloseHandle(hToken); if (psdParent) LocalFree(psdParent); TraceLeaveResult(hr); } #endif // SUPPORT_NTFS_DEFAULT #ifdef DONT_USE_ACLAPI STDMETHODIMP CNTFSSecurity::ReadObjectSecurity(LPCTSTR pszObject, SECURITY_INFORMATION si, PSECURITY_DESCRIPTOR *ppSD) { DWORD dwErr; TraceEnter(TRACE_NTFSSI, "CNTFSSecurity::ReadObjectSecurity"); dwErr = NTFSReadSD(pszObject, si, ppSD); TraceLeaveResult(HRESULT_FROM_WIN32(dwErr)); } #endif // DONT_USE_ACLAPI STDMETHODIMP CNTFSSecurity::WriteObjectSecurity(LPCTSTR pszObject, SECURITY_INFORMATION si, PSECURITY_DESCRIPTOR pSD) { DWORD dwErr; HRESULT hr = S_OK; TraceEnter(TRACE_NTFSSI, "CNTFSSecurity::WriteObjectSecurity"); TraceAssert(pszObject != NULL); TraceAssert(si != 0); TraceAssert(pSD != NULL); #ifdef DONT_USE_ACLAPI // // Assume that required privileges have already been // enabled, if appropriate. // if (!SetFileSecurity(pszObject, si, pSD)) { dwErr = GetLastError(); hr = HRESULT_FROM_WIN32(dwErr); } #else hr = CSecurityInformation::WriteObjectSecurity(pszObject, si, pSD); // This is a workaround. SetNamedSecurityInfo[Ex] fails with Access Denied // in some cases where the owner is trying to set the DACL // (typically because the propagation code can't enumerate the children // because owner doesn't have read access). if (E_ACCESSDENIED == hr) { SECURITY_DESCRIPTOR_CONTROL wControl = 0; DWORD dwRevision; // If we're setting a protected DACL (i.e. no inheritance from parent) // try SetFileSecurity. If that works, try the full write again. // // Don't do this if the DACL isn't protected since it may fool the // system into thinking that this is a downlevel DACL that should // be protected. That would be very confusing to the user. GetSecurityDescriptorControl(pSD, &wControl, &dwRevision); if ((si & DACL_SECURITY_INFORMATION) && ((wControl & SE_DACL_PROTECTED) || (m_dwSIFlags & SI_NO_ACL_PROTECT)) && SetFileSecurity(pszObject, si, pSD)) { hr = CSecurityInformation::WriteObjectSecurity(pszObject, si, pSD); } } #endif // DONT_USE_ACLAPI // // Notify the shell if we change permissions on a folder (48220) // if (SUCCEEDED(hr) && (si & DACL_SECURITY_INFORMATION) && (m_dwSIFlags & SI_CONTAINER)) { SHChangeNotify(SHCNE_UPDATEDIR, SHCNF_PATH | SHCNF_FLUSH | SHCNF_FLUSHNOWAIT, pszObject, NULL); } TraceLeaveResult(hr); } void CNTFSSecurity::WaitForComparison() { if (m_hCompareThread != NULL) { DWORD dwResult; HCURSOR hcurPrevious = SetCursor(LoadCursor(NULL, IDC_WAIT)); SetThreadPriority(m_hCompareThread, THREAD_PRIORITY_HIGHEST); dwResult = WaitForSingleObject(m_hCompareThread, INFINITE); if (m_pCompareData != NULL) { if (GetExitCodeThread(m_hCompareThread, &dwResult)) { m_pCompareData->hrResult = dwResult; } else { dwResult = GetLastError(); m_pCompareData->hrResult = HRESULT_FROM_WIN32(dwResult); } } CloseHandle(m_hCompareThread); m_hCompareThread = NULL; SetCursor(hcurPrevious); } } DWORD WINAPI CNTFSSecurity::NTFSReadSD(LPCTSTR pszObject, SECURITY_INFORMATION si, PSECURITY_DESCRIPTOR* ppSD) { DWORD dwLength = 0; DWORD dwErr = 0; TraceEnter(TRACE_NTFSSI | TRACE_NTFSCOMPARE, "CNTFSSecurity::NTFSReadSD"); TraceAssert(pszObject != NULL); TraceAssert(si != 0); TraceAssert(ppSD != NULL); // // Assume that required privileges have already been // enabled, if appropriate. // GetFileSecurity(pszObject, si, NULL, 0, &dwLength); if (dwLength) { *ppSD = LocalAlloc(LPTR, dwLength); if (*ppSD && !GetFileSecurity(pszObject, si, *ppSD, dwLength, &dwLength)) { dwErr = GetLastError(); LocalFree(*ppSD); *ppSD = NULL; } } else dwErr = GetLastError(); TraceLeaveValue(dwErr); } DWORD WINAPI CNTFSSecurity::NTFSCompareThreadProc(LPVOID pvData) { PNTFS_COMPARE_DATA pCompareData = (PNTFS_COMPARE_DATA)pvData; HRESULT hr; DWORD dwSIFlags; BOOL bOwnerConflict = FALSE; BOOL bSaclConflict = FALSE; BOOL bDaclConflict = FALSE; TraceEnter(TRACE_NTFSCOMPARE, "CNTFSSecurity::NTFSCompareThreadProc"); TraceAssert(pCompareData != NULL); dwSIFlags = pCompareData->dwSIFlags; hr = DPA_CompareSecurityIntersection(pCompareData->hItemList, NTFSReadSD, (dwSIFlags & SI_EDIT_OWNER) ? &bOwnerConflict : NULL, NULL, (dwSIFlags & SI_EDIT_AUDITS) ? &bSaclConflict : NULL, &bDaclConflict, NULL, NULL, &pCompareData->pszSaclConflict, &pCompareData->pszDaclConflict, &pCompareData->bAbortThread); if (SUCCEEDED(hr)) { if (bOwnerConflict) pCompareData->siConflict |= OWNER_SECURITY_INFORMATION; if (bSaclConflict) pCompareData->siConflict |= SACL_SECURITY_INFORMATION; if (bDaclConflict) pCompareData->siConflict |= DACL_SECURITY_INFORMATION; if (pCompareData->pszSaclConflict) pCompareData->idsSaclPrompt = IDS_BAD_SACL_INTERSECTION; if (pCompareData->pszDaclConflict) pCompareData->idsDaclPrompt = IDS_BAD_DACL_INTERSECTION; } TraceLeaveResult(hr); } HRESULT CNTFSSecurity::SetSecurityLocal(SECURITY_INFORMATION si, PSECURITY_DESCRIPTOR pSD, LPBOOL pbNotAllApplied) { HRESULT hr = S_OK; HCURSOR hcur = NULL; int i; TraceEnter(TRACE_NTFSSI, "CNTFSSecurity::SetSecurityLocal"); TraceAssert(pSD != NULL); TraceAssert(SI_CONTAINER & m_dwSIFlags); SECURITY_DESCRIPTOR_CONTROL wSDControl = 0; DWORD dwRevision; PSID psidOwner = NULL; PSID psidGroup = NULL; PACL pDacl = NULL; PACL pSacl = NULL; BOOL bDefaulted; BOOL bPresent; DWORD dwErr = ERROR_SUCCESS; NTFS_PF_DATA dataPF; if( !si ) TraceLeaveResult(hr); dataPF.si = si; dataPF.pNTFSSec = this; dataPF.pSD = pSD; dataPF.bCancel = FALSE; // // Get pointers to various security descriptor parts for // calling SetNamedSecurityInfo // GetSecurityDescriptorControl(pSD, &wSDControl, &dwRevision); GetSecurityDescriptorOwner(pSD, &psidOwner, &bDefaulted); GetSecurityDescriptorGroup(pSD, &psidGroup, &bDefaulted); GetSecurityDescriptorDacl(pSD, &bPresent, &pDacl, &bDefaulted); GetSecurityDescriptorSacl(pSD, &bPresent, &pSacl, &bDefaulted); if (si & DACL_SECURITY_INFORMATION) { if (wSDControl & SE_DACL_PROTECTED) si |= PROTECTED_DACL_SECURITY_INFORMATION; else si |= UNPROTECTED_DACL_SECURITY_INFORMATION; } if (si & SACL_SECURITY_INFORMATION) { if (wSDControl & SE_SACL_PROTECTED) si |= PROTECTED_SACL_SECURITY_INFORMATION; else si |= UNPROTECTED_SACL_SECURITY_INFORMATION; } if (pbNotAllApplied) *pbNotAllApplied = FALSE; if (NULL == m_hItemList) ExitGracefully(hr, E_UNEXPECTED, "CSecurityInformation not initialized"); hcur = SetCursor(LoadCursor(NULL, IDC_WAIT)); CreateProgressDialog(si); for (i = 0; i < DPA_GetPtrCount(m_hItemList); i++) { LPTSTR pszItem = (LPTSTR)DPA_FastGetPtr(m_hItemList, i); if (NULL != pszItem) { dwErr = TreeResetNamedSecurityInfo( pszItem, SE_FILE_OBJECT, si, si & OWNER_SECURITY_INFORMATION ? psidOwner : NULL, NULL, si & DACL_SECURITY_INFORMATION ? pDacl : NULL, si & SACL_SECURITY_INFORMATION ? pSacl : NULL, FALSE, ProgressFunction, ProgressInvokeEveryObject, (PVOID)&dataPF); hr = HRESULT_FROM_WIN32(dwErr); FailGracefully(hr, "Unable to recursively apply security"); if(dataPF.bCancel) { if(pbNotAllApplied) *pbNotAllApplied = TRUE; ExitGracefully(hr, S_FALSE, "User canceled the operation"); } } else { hr = E_UNEXPECTED; break; } } exit_gracefully: CloseProgressDialog(); if (m_psdOwnerFullControl) { LocalFree(m_psdOwnerFullControl); m_psdOwnerFullControl = NULL; } if (hcur) { SetCursor(hcur); } TraceLeaveResult(hr); } BOOL PathIsDotOrDotDot(LPCTSTR pszPath) { if (TEXT('.') == *pszPath++) { if (TEXT('\0') == *pszPath || (TEXT('.') == *pszPath && TEXT('\0') == *(pszPath + 1))) return TRUE; } return FALSE; } typedef struct _APPLY_SECURITY_ERROR { HWND hwndParent; DWORD dwError; LPCTSTR pszPath; UINT idMsg[1]; // Optional, string resource IDs (only 1 used so far) } APPLY_SECURITY_ERROR; INT_PTR CALLBACK FailedApplySecurityProc(HWND hDlg, UINT uMsg, WPARAM wParam, LPARAM lParam) { switch (uMsg) { case WM_INITDIALOG: { APPLY_SECURITY_ERROR* pae = (APPLY_SECURITY_ERROR*)lParam; LPTSTR pszT = NULL; // Set the message string(s) for (int i = 0; i < ARRAYSIZE(pae->idMsg); i++) { if (pae->idMsg[i]) { LoadStringAlloc(&pszT, g_hInstance, pae->idMsg[i]); if (pszT) SetDlgItemText(hDlg, (IDC_MSG1 + i), pszT); LocalFreeString(&pszT); } } // Compact the path so it fits on the dialog PathSetDlgItemPath(hDlg, IDC_FILENAME, pae->pszPath); // Set the error text if (NOERROR != pae->dwError) { if (!GetSystemErrorText(&pszT, pae->dwError)) FormatStringID(&pszT, g_hInstance, IDS_FMT_UNKNOWN_ERROR, pae->dwError); if (pszT) SetDlgItemText(hDlg, IDC_ERROR_TXT, pszT); LocalFreeString(&pszT); } break; } case WM_COMMAND: { WORD wControlID = GET_WM_COMMAND_ID(wParam, lParam); switch (wControlID) { case IDOK: case IDCANCEL: EndDialog(hDlg, wControlID); return TRUE; } break; } } return FALSE; } // // This function displays the "An error has occured [Continue] [Cancel]" message // // Returns IDOK or IDCANCEL // int FailedApplySecurityErrorDlg(HWND hWndParent, APPLY_SECURITY_ERROR* pae) { //The progress dialog must be visible when this error message is shown if( !IsWindowVisible( pae->hwndParent ) ) { ShowWindow( pae->hwndParent, SW_SHOW); SetForegroundWindow( pae->hwndParent ); } return (int)DialogBoxParam(g_hInstance, MAKEINTRESOURCE(IDD_SET_SECURITY_ERROR), hWndParent, FailedApplySecurityProc, (LPARAM)pae); } #ifndef IDA_APPLYATTRIBS // this is the resource ID of an AVI in shell32.dll. If shell32's // resource ID's change, we'll get the wrong animation (or none). // We could steal the AVI and build it into rshx32's resources, except // it almost doubles the size of rshx32.dll (~35k to ~57k). #define IDA_APPLYATTRIBS 165 // animation for applying file attributes #endif void CNTFSSecurity::CreateProgressDialog(SECURITY_INFORMATION si) { HRESULT hr = S_OK; // Shouldn't be necessary, but just in case CloseProgressDialog(); // m_hwndOwner is the toplevel parent of the Security page m_hwndPopupOwner = GetLastActivePopup(m_hwndOwner); __try { hr = CoCreateInstance(CLSID_ProgressDialog, NULL, CLSCTX_INPROC_SERVER, IID_IProgressDialog, (void**)&m_pProgressDlg); } __except(EXCEPTION_EXECUTE_HANDLER) { hr = E_OUTOFMEMORY; } if (SUCCEEDED(hr) && m_pProgressDlg) { WCHAR szT[256]; UINT ids = IDS_RESET_SEC_TREE; IOleWindow *pWindow; LoadStringW(g_hInstance, IDS_PROPPAGE_TITLE, szT, ARRAYSIZE(szT)); m_pProgressDlg->SetTitle(szT); switch (si) { case OWNER_SECURITY_INFORMATION: ids = IDS_RESET_OWNER_TREE; break; case SACL_SECURITY_INFORMATION: ids = IDS_RESET_SACL_TREE; break; case DACL_SECURITY_INFORMATION: ids = IDS_RESET_DACL_TREE; break; } LoadStringW(g_hInstance, ids, szT, ARRAYSIZE(szT)); m_pProgressDlg->SetLine(1, szT, FALSE, NULL); m_pProgressDlg->SetAnimation(GetModuleHandle(TEXT("shell32.dll")), IDA_APPLYATTRIBS); m_pProgressDlg->StartProgressDialog(m_hwndPopupOwner, NULL, PROGDLG_MODAL | PROGDLG_NOTIME | PROGDLG_NOMINIMIZE | PROGDLG_NOPROGRESSBAR, NULL); if (SUCCEEDED(m_pProgressDlg->QueryInterface(IID_IOleWindow, (void**)&pWindow))) { pWindow->GetWindow(&m_hwndPopupOwner); pWindow->Release(); } } } void CNTFSSecurity::CloseProgressDialog(void) { m_hwndPopupOwner = NULL; if (m_pProgressDlg) { m_pProgressDlg->StopProgressDialog(); m_pProgressDlg->Release(); m_pProgressDlg = NULL; } } HRESULT CNTFSSecurity::SetProgress(LPTSTR pszFile) { USES_CONVERSION; if (m_pProgressDlg) { m_pProgressDlg->SetLine(2, T2W(pszFile), TRUE, NULL); if (m_pProgressDlg->HasUserCancelled()) return S_FALSE; } return S_OK; } HRESULT CNTFSSecurity::BuildOwnerFullControlSD(PSECURITY_DESCRIPTOR pSD) { PSID psidOwner; BOOL bDefaulted; DWORD dwAclLen; PACL pAcl; PACE_HEADER pAce; if (!GetSecurityDescriptorOwner(pSD, &psidOwner, &bDefaulted)) return E_INVALIDARG; dwAclLen = sizeof(ACL) + sizeof(KNOWN_ACE) - sizeof(DWORD) + GetLengthSid(psidOwner); m_psdOwnerFullControl = (PSECURITY_DESCRIPTOR)LocalAlloc(LPTR, SECURITY_DESCRIPTOR_MIN_LENGTH + dwAclLen); if (NULL == m_psdOwnerFullControl) return E_OUTOFMEMORY; InitializeSecurityDescriptor(m_psdOwnerFullControl, SECURITY_DESCRIPTOR_REVISION); pAcl = (PACL)ByteOffset(m_psdOwnerFullControl, SECURITY_DESCRIPTOR_MIN_LENGTH); InitializeAcl(pAcl, dwAclLen, ACL_REVISION); AddAccessAllowedAce(pAcl, ACL_REVISION, FILE_ALL_ACCESS, psidOwner); pAce = (PACE_HEADER)FirstAce(pAcl); pAce->AceFlags = INHERIT_FULL; SetSecurityDescriptorDacl(m_psdOwnerFullControl, TRUE, pAcl, TRUE); return S_OK; } VOID ProgressFunction(IN LPWSTR pObjectName, IN DWORD Status, IN OUT PPROG_INVOKE_SETTING pInvokeSetting , IN PVOID Args, BOOL bSecuritySet) { TraceEnter(TRACE_NTFSCOMPARE, "ProgressFunction"); TraceAssert(pObjectName != NULL); TraceAssert(Args); PNTFS_PF_DATA pfData = (PNTFS_PF_DATA)(Args); CNTFSSecurity * pNTFSSec = pfData->pNTFSSec; HRESULT hr = S_OK; if( Status == ERROR_SUCCESS ) { // // Notify the shell if we change permissions on a folder (48220) // if ( pfData->si & DACL_SECURITY_INFORMATION) { SHChangeNotify(SHCNE_UPDATEDIR, SHCNF_PATH | SHCNF_FLUSH | SHCNF_FLUSHNOWAIT, pObjectName, NULL); } } else { // //This means it was able to set security on this folder and some error //occured while enumerating child. // if(bSecuritySet && pfData->si & OWNER_SECURITY_INFORMATION) { BOOL bIsFile = FALSE; hr = pNTFSSec->GiveOwnerFullControl(pObjectName, pfData->pSD, &bIsFile); if(hr == S_OK) { // //Look for comment in SetFileSecurityUsingNTName // *pInvokeSetting = bIsFile ?ProgressInvokeEveryObject:ProgressRetryOperation; TraceLeaveVoid(); } } APPLY_SECURITY_ERROR ae = { ((PNTFS_PF_DATA)(Args))->pNTFSSec->GetHwndPopOwner(),HRESULT_FROM_WIN32(Status), pObjectName, { 0 } }; if (IDOK != FailedApplySecurityErrorDlg( ((PNTFS_PF_DATA)(Args))->pNTFSSec->GetHwndPopOwner(), &ae)) { *pInvokeSetting = ProgressCancelOperation; // abort pfData->bCancel = TRUE; } else { *pInvokeSetting = ProgressInvokeEveryObject; // continue } } if (S_FALSE == ((PNTFS_PF_DATA)(Args))->pNTFSSec->SetProgress(pObjectName)) *pInvokeSetting = ProgressCancelOperation; TraceLeaveVoid(); } HRESULT CNTFSSecurity::GiveOwnerFullControl( LPCWSTR lpszFileName, PSECURITY_DESCRIPTOR pSD, BOOL *pbIsFile) { HRESULT hr = S_OK; // Ask the user if they want to grant themselves access if (!m_psdOwnerFullControl) { if (IDYES == MsgPopup(m_hwndPopupOwner, MAKEINTRESOURCE(IDS_FMT_WRITE_OWNER_ERR), MAKEINTRESOURCE(IDS_PROPPAGE_TITLE), MB_YESNO | MB_ICONWARNING | MB_SETFOREGROUND, g_hInstance, lpszFileName)) { BuildOwnerFullControlSD(pSD); } else { // Continue without enumerating this folder TraceLeaveResult(S_FALSE); } } if (m_psdOwnerFullControl) { // Give the owner Full Control // Use SetFileSecurity instead?, yes Use SetFileSecurity instead UNICODE_STRING usFileName; RtlInitUnicodeString(&usFileName,lpszFileName); if(!SetFileSecurityUsingNTName(&usFileName, m_psdOwnerFullControl, pbIsFile)) { hr = E_FAIL; } if(SUCCEEDED(hr)) TraceLeaveResult(S_OK); } TraceLeaveResult(S_FALSE); } GENERIC_MAPPING STANDARD_FILE_MAP= { FILE_GENERIC_READ, FILE_GENERIC_WRITE, FILE_GENERIC_EXECUTE, FILE_ALL_ACCESS }; STDMETHODIMP CNTFSSecurity::GetInheritSource( SECURITY_INFORMATION si, PACL pACL, PINHERITED_FROM *ppInheritArray) { HRESULT hr = S_OK; LPTSTR pszItem; DWORD dwErr = ERROR_SUCCESS; PINHERITED_FROM pTempInherit = NULL; PINHERITED_FROM pTempInherit2 = NULL; LPWSTR pStrTemp = NULL; TraceEnter(TRACE_SI, "CNTFSSecurity::GetInheritSource"); TraceAssert(pACL != 0); TraceAssert(ppInheritArray != NULL); if( pACL == NULL || ppInheritArray == NULL ) ExitGracefully(hr, E_POINTER, "Invalid Parameters, CNTFSSecurity::GetInheritSource"); // Get the name of the first item pszItem = (LPTSTR)DPA_GetPtr(m_hItemList, 0); if (NULL == pszItem) ExitGracefully(hr, E_UNEXPECTED, "CSecurityInformation not initialized"); pTempInherit = (PINHERITED_FROM)LocalAlloc( LPTR, sizeof(INHERITED_FROM)*pACL->AceCount); if(pTempInherit == NULL) ExitGracefully(hr, E_OUTOFMEMORY,"OUT of Memory"); dwErr = GetInheritanceSource(pszItem, SE_FILE_OBJECT, si, m_dwSIFlags & SI_CONTAINER, NULL, 0, pACL, NULL, &STANDARD_FILE_MAP, pTempInherit); hr = HRESULT_FROM_WIN32(dwErr); FailGracefully( hr, "GetInheritanceSource Failed"); DWORD nSize; UINT i; nSize = sizeof(INHERITED_FROM)*pACL->AceCount; for(i = 0; i < pACL->AceCount; ++i) { if(pTempInherit[i].AncestorName) nSize += StringByteSize(pTempInherit[i].AncestorName); } pTempInherit2 = (PINHERITED_FROM)LocalAlloc( LPTR, nSize ); if(pTempInherit2 == NULL) ExitGracefully(hr, E_OUTOFMEMORY,"OUT of Memory"); pStrTemp = (LPWSTR)(pTempInherit2 + pACL->AceCount); for(i = 0; i < pACL->AceCount; ++i) { pTempInherit2[i].GenerationGap = pTempInherit[i].GenerationGap; if(pTempInherit[i].AncestorName) { pTempInherit2[i].AncestorName = pStrTemp; wcscpy(pStrTemp,pTempInherit[i].AncestorName); pStrTemp += (wcslen(pTempInherit[i].AncestorName)+1); } } exit_gracefully: if(SUCCEEDED(hr)) { //FreeInheritedFromArray(pTempInherit, pACL->AceCount,NULL); *ppInheritArray = pTempInherit2; } if(pTempInherit) LocalFree(pTempInherit); TraceLeaveResult(hr); } BOOL SetFileSecurityUsingNTName(IN PUNICODE_STRING pFileName, IN PSECURITY_DESCRIPTOR pSecurityDescriptor, IN PBOOL pbIsFile) { NTSTATUS Status; OBJECT_ATTRIBUTES Obja; IO_STATUS_BLOCK IoStatusBlock; HANDLE hFile = NULL; InitializeObjectAttributes( &Obja, pFileName, OBJ_CASE_INSENSITIVE, NULL, NULL ); Status = NtOpenFile( &hFile, WRITE_DAC, &Obja, &IoStatusBlock, FILE_SHARE_READ | FILE_SHARE_WRITE | FILE_SHARE_DELETE, FILE_OPEN_REPARSE_POINT ); if ( Status == STATUS_INVALID_PARAMETER ) { Status = NtOpenFile( &hFile, WRITE_DAC, &Obja, &IoStatusBlock, FILE_SHARE_READ | FILE_SHARE_WRITE | FILE_SHARE_DELETE, 0 ); } if (!NT_SUCCESS(Status)) { return FALSE; } if (!SetKernelObjectSecurity( hFile, DACL_SECURITY_INFORMATION, pSecurityDescriptor )) { ASSERT(FALSE); NtClose(hFile); return FALSE; } NtClose(hFile); // //When resetting the owner, if user is not owner and he doesn't have any permissions //TreeResetNamedSecurityInfo cannot determine if its a file or directory. So after //setting the ownership TreeResetNamedSecurityInfo tries to enumerate the file, which fails //as there is nothing to enumerate and TreeResetNamedSecurityInfo calls ProgressFunction //which stamps a FullControl on the file and ask TreeResetNamedSecurityInfo to retry //which again fails and we are infinte loop. The way to break this is ask TreeResetNamedSecurityInfo //not to retry if its a file. which is what we are doing below. Ugly, yup. // //default we assume its a file //if its a file and we assume its a dir, we are infinite loop //if its a dir and we assume its a file, we skip that dir which //is lesser evil // *pbIsFile = TRUE; // //Open the file for Generic_read // if (NT_SUCCESS(Status = NtOpenFile( &hFile, FILE_GENERIC_READ, &Obja, &IoStatusBlock, FILE_SHARE_READ | FILE_SHARE_WRITE | FILE_SHARE_DELETE, 0 ))) { // // Query the attributes for the file/dir. // In case of error, assume that it is a dir. // FILE_BASIC_INFORMATION BasicFileInfo; if (NT_SUCCESS(Status = NtQueryInformationFile( hFile, &IoStatusBlock, &BasicFileInfo, sizeof(BasicFileInfo), FileBasicInformation))) { if(BasicFileInfo.FileAttributes & FILE_ATTRIBUTE_DIRECTORY) *pbIsFile = FALSE; } NtClose(hFile); } return TRUE; }