amn/set-security-info-by-sddl.c

## set-security-info-by-sddl.c
/*
	Demonstrates how using SetFileSecurity does not result in a [file] ACL with ACEs inherited from parent [folder], while using SetNamedSecurityInfo does, as is proper.

	Disable (comment) the `SetNamedSecurityInfo` call along with its parent `if` statement and enable (uncomment) the following `SetFileSecurity` call (and its parent `if` statement, obviously) to switch the behavior and observe different resultant ACL on the file.

	The Windows application entry point in this snippet expects two command line arguments -- the file path of the file you want to set security information on, and the actual security (specified in SDDL format) information desired for the file.
*/

#include <windows.h>
#include <shellapi.h>
#include <sddl.h>
#include <aclapi.h>

int APIENTRY wWinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPWSTR lpCmdLine, int nCmdShow)
{
	int argc;

	LPWSTR * argv = CommandLineToArgvW(lpCmdLine, &argc);

	if(argv == NULL) {
		return -1;
	}

	if(argc < 2) {
		MessageBox(NULL, L"Invalid command line.", NULL, MB_ICONERROR);
		return -2;
	}

	PSECURITY_DESCRIPTOR p_sd;

	if(ConvertStringSecurityDescriptorToSecurityDescriptor(argv[1], SDDL_REVISION_1, &p_sd, NULL) == 0) {
		return -3;
	}

	PACL p_dacl;
	BOOL p_dacl_present, p_dacl_defaulted;

	if(GetSecurityDescriptorDacl(p_sd, &p_dacl_present, &p_dacl, &p_dacl_defaulted) == 0) {
		return -5;
	}

	if(SetNamedSecurityInfo(argv[0], SE_FILE_OBJECT, DACL_SECURITY_INFORMATION, NULL, NULL, p_dacl, NULL) != 0) {
		return -6;
	}

	/*if(SetFileSecurity(argv[0], DACL_SECURITY_INFORMATION, p_sd) == 0) {
		return -4;
	}*/

	LocalFree(p_sd);
	LocalFree(argv);

	return 0;
}
	/*
	Demonstrates how using SetFileSecurity does not result in a [file] ACL with ACEs inherited from parent [folder], while using SetNamedSecurityInfo does, as is proper.

	Disable (comment) the `SetNamedSecurityInfo` call along with its parent `if` statement and enable (uncomment) the following `SetFileSecurity` call (and its parent `if` statement, obviously) to switch the behavior and observe different resultant ACL on the file.

	The Windows application entry point in this snippet expects two command line arguments -- the file path of the file you want to set security information on, and the actual security (specified in SDDL format) information desired for the file.
	*/

	#include <windows.h>
	#include <shellapi.h>
	#include <sddl.h>
	#include <aclapi.h>

	int APIENTRY wWinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPWSTR lpCmdLine, int nCmdShow)
	{
	int argc;

	LPWSTR * argv = CommandLineToArgvW(lpCmdLine, &argc);

	if(argv == NULL) {
	return -1;
	}

	if(argc < 2) {
	MessageBox(NULL, L"Invalid command line.", NULL, MB_ICONERROR);
	return -2;
	}

	PSECURITY_DESCRIPTOR p_sd;

	if(ConvertStringSecurityDescriptorToSecurityDescriptor(argv[1], SDDL_REVISION_1, &p_sd, NULL) == 0) {
	return -3;
	}

	PACL p_dacl;
	BOOL p_dacl_present, p_dacl_defaulted;

	if(GetSecurityDescriptorDacl(p_sd, &p_dacl_present, &p_dacl, &p_dacl_defaulted) == 0) {
	return -5;
	}

	if(SetNamedSecurityInfo(argv[0], SE_FILE_OBJECT, DACL_SECURITY_INFORMATION, NULL, NULL, p_dacl, NULL) != 0) {
	return -6;
	}

	/*if(SetFileSecurity(argv[0], DACL_SECURITY_INFORMATION, p_sd) == 0) {
	return -4;
	}*/

	LocalFree(p_sd);
	LocalFree(argv);

	return 0;
	}