Using SetEntriesInAcl in C# : error 1332

2019-08-03 00:16发布

站内问答 / C#
1879 3 5

I need to create shared folder and for this apparently I have to use pinvoke NetShare* methods. This part is fine but I want to add some share permissions to the shared folder. I use SetEntriesInAcl but I keep getting error 1332 : No mapping between account names and security IDs was done.

The definitions :

internal enum MULTIPLE_TRUSTEE_OPERATION : uint
{
    NO_MULTIPLE_TRUSTEE = 0,
    TRUSTEE_IS_IMPERSONATE = 1
}

internal enum TRUSTEE_FORM : uint
{
    TRUSTEE_IS_SID = 0,
    TRUSTEE_IS_NAME = 1,
    ...
}

internal enum TRUSTEE_TYPE : uint
{
    TRUSTEE_IS_UNKNOWN = 0,
    TRUSTEE_IS_USER = 1,
    TRUSTEE_IS_GROUP = 2,
    ...
}

internal enum ACCESS_MODE : uint
{
    NOT_USED_ACCESS = 0,
    GRANT_ACCESS = 1,
    ...
}

internal enum ACCESS_MASK : uint
{
    GENERIC_ALL = 0x10000000, //268435456,
    GENERIC_READ = 0x80000000, //2147483648L,
    GENERIC_WRITE = 0x40000000, //1073741824,
    GENERIC_EXECUTE = 0x20000000, //536870912,
    STANDARD_RIGHTS_READ = 0x00020000, //131072
    STANDARD_RIGHTS_WRITE = 0x00020000,
}

[DllImport("advapi32.dll", SetLastError = true)]
private static extern uint SetEntriesInAcl(
    int cCountOfExplicitEntries, 
    ref EXPLICIT_ACCESS pListOfExplicitEntries, 
    IntPtr OldAcl, 
    out IntPtr NewAcl
    );

And here is how I invoke it:

//This pointer will hold the full ACL (access control list) once the loop below has completed
IntPtr aclPtr = default(IntPtr);

EXPLICIT_ACCESS explicitAccessRule = new EXPLICIT_ACCESS();
TRUSTEE account = new TRUSTEE();
{
    account.MultipleTrusteeOperation = MULTIPLE_TRUSTEE_OPERATION.NO_MULTIPLE_TRUSTEE;
    account.pMultipleTrustee = 0;
    account.TrusteeForm = TRUSTEE_FORM.TRUSTEE_IS_NAME;
    account.ptstrName = "Everyone";
    account.TrusteeType = TRUSTEE_TYPE.TRUSTEE_IS_USER;
}
explicitAccessRule.grfAccessMode = ACCESS_MODE.GRANT_ACCESS;
explicitAccessRule.grfAccessPermissions = ACCESS_MASK.GENERIC_READ | ACCESS_MASK.STANDARD_RIGHTS_READ | ACCESS_MASK.GENERIC_EXECUTE;
explicitAccessRule.grfInheritance = NO_INHERITANCE;
//Set the Trustee to the TRUSTEE structure we created earlier in the loop
explicitAccessRule.Trustee = account;

//Add this explicit access rule to the ACL
uint SetEntriesResult = SetEntriesInAcl(1, ref explicitAccessRule, aclPtr, out aclPtr);

Anyone knows what I am missing ? Or is there another way to do that ?

Thanks.

3条回答
我命由我不由天
2楼-- · 2019-08-03 00:43

It seems that Ansi names cann't be mapped. It works if you use Unicode version SetEntriesInAclW or if you explicitely set CharSet property.

[DllImport("advapi32.dll", CharSet = CharSet.Auto, SetLastError = true)]
static extern uint SetEntriesInAcl(
    int cCountOfExplicitEntries,
    ref EXPLICIT_ACCESS pListOfExplicitEntries,
    IntPtr OldAcl,
    out IntPtr NewAcl);

You can also fit EXPLICIT_ACCESS structure with BuildExplicitAccessWithName function.

[DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Auto)]
static extern void BuildExplicitAccessWithName(
    ref EXPLICIT_ACCESS pExplicitAccess,
    string pTrusteeName,
    uint AccessPermissions,
    uint AccessMode,
    uint Inheritance);
查看更多
0人赞 添加讨论(0) 举报
Lonely孤独者°
3楼-- · 2019-08-03 00:54

For starters the variable aclPtr is an input variable. Ideally it should have got its value from the API GetSecurityInfo. ( http://msdn.microsoft.com/en-us/library/windows/desktop/aa446654(v=vs.85).aspx ) Thanks.

查看更多
0人赞 添加讨论(0) 举报
放荡不羁爱自由
4楼-- · 2019-08-03 00:55

I ran into all the same problems because of the lack of the CharSet, inconsistent definitions across my structs and method definitions and incorrect marshalling of string parameters.

I put code examples on a different thread so that you don't have to lose days of time trying to weed through the Win32 errors that are not always so helpful.

Updating permissions on a file share:

A working .NET example using SetEntriesInAcl interop in action

查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(5)