More information: Windows NT/2000/XP has API function AccessCheck, which in fact checks access rights to every operating system object, which supports access rights. This function is called implicitly by system every time user accesses such object. To call AccessCheck function explicitly it is necessary to carry out a whole series of operations with data structures responsible for OS security and call some other functions.
To simplify working with access rights to objects of NTFS file system (files, directories) I have written CheckFileAccess function which assumes all this hard work.
Here is description of this function:
CheckFileAccess(Filename As String, _
ByVal DesiredAccess As Long) As Long,
where:
Filename - file or directory full path.
Directory path must not end on "/" character.
DesiredAccess - desired access rights bit mask.
The function returns a bit mask which consists of those bits of desired bit mask, which correspond with allowed access rights. In case of access rights to given file or directory not supported, the function returns -1 value.
As desired access mask you may use any combination with OR operator of constants from the beginning of CheckFileAccess function listing. The most popular of them are:
FILE_GENERIC_READ - read access,
FILE_GENERIC_WRITE - write access,
FILE_GENERIC_EXECUTE - execute access,
DELETE - delete access,
WRITE_DAC - change access rights access,
WRITE_OWNER - change owner access,
FILE_ALL_ACCESS - full access,
MAXIMUM_ALLOWED - maximal allowed access.
It is also possible to use constants, applicable to any secure OS objects:
GENERIC_READ - read access,
GENERIC_WRITE - write access,
GENERIC_EXECUTE - execute access,
GENERIC_ALL - full access,
but in this case the function returns correspondingly values FILE_GENERIC_READ, FILE_GENERIC_WRITE, FILE_GENERIC_EXECUTE, FILE_ALL_ACCESS (of course, if correspondent rights exist).
For example, to find out whether exists read and write access to the file "d:/Test.tmp", it is possible to use two ways:
Way 1:
Dim AccessRead As Boolean, AccessWrite As Boolean AccessRead = CheckFileAccess("d:/Test.tmp", _ FILE_GENERIC_READ) = FILE_GENERIC_READ AccessWrite = CheckFileAccess("d:/Test.tmp", _ FILE_GENERIC_WRITE) = FILE_GENERIC_WRITEWay 2:
Dim AccessRead As Boolean, AccessWrite As Boolean Dim AccessMask As Long AccessMask = CheckFileAccess("d:/Test.tmp", MAXIMUM_ALLOWED) AccessRead = (AccessMask _ And FILE_GENERIC_READ) = FILE_GENERIC_READ AccessWrite = (AccessMask _ And FILE_GENERIC_WRITE) = FILE_GENERIC_WRITEIn the first case call of CheckFileAccess function performs twice, in second case intermediate variable used.
This code has been viewed 78147 times.
Instructions: Copy the declarations and code below and paste directly into your VB project.
- 'PUT IN MODULE
- Option Explicit
- ' ********************************************
- ' * ?2000 Sergey Merzlikin *
- ' ********************************************
- ' Desired access rights constants
- Public Const MAXIMUM_ALLOWED As Long =
- Public Const DELETE As Long =
- Public Const READ_CONTROL As Long =
- Public Const WRITE_DAC As Long =
- Public Const WRITE_OWNER As Long =
- Public Const SYNCHRONIZE As Long =
- Public Const STANDARD_RIGHTS_READ As Long = READ_CONTROL
- Public Const STANDARD_RIGHTS_WRITE As Long = READ_CONTROL
- Public Const STANDARD_RIGHTS_EXECUTE As Long = READ_CONTROL
- Public Const STANDARD_RIGHTS_REQUIRED As Long =
- Public Const FILE_READ_DATA As Long = &H1 ' file & pipe
- Public Const FILE_LIST_DIRECTORY As Long = &H1 ' directory
- Public Const FILE_ADD_FILE As Long = &H2 ' directory
- Public Const FILE_WRITE_DATA As Long = &H2 ' file & pipe
- Public Const FILE_CREATE_PIPE_INSTANCE As Long = &H4 ' named pipe
- Public Const FILE_ADD_SUBDIRECTORY As Long = &H4 ' directory
- Public Const FILE_APPEND_DATA As Long = &H4 ' file
- Public Const FILE_READ_EA As Long = &H8 ' file & directory
- Public Const FILE_READ_PROPERTIES As Long = FILE_READ_EA
- Public Const FILE_WRITE_EA As Long = &H10 ' file & directory
- Public Const FILE_WRITE_PROPERTIES As Long = FILE_WRITE_EA
- Public Const FILE_EXECUTE As Long = &H20 ' file
- Public Const FILE_TRAVERSE As Long = &H20 ' directory
- Public Const FILE_DELETE_CHILD As Long = &H40 ' directory
- Public Const FILE_READ_ATTRIBUTES As Long = &H80 ' all
- Public Const FILE_WRITE_ATTRIBUTES As Long = &H100 ' all
- Public Const FILE_GENERIC_READ As Long = (STANDARD_RIGHTS_READ _
- Or FILE_READ_DATA Or FILE_READ_ATTRIBUTES _
- Or FILE_READ_EA Or SYNCHRONIZE)
- Public Const FILE_GENERIC_WRITE As Long = (STANDARD_RIGHTS_WRITE _
- Or FILE_WRITE_DATA Or FILE_WRITE_ATTRIBUTES _
- Or FILE_WRITE_EA Or FILE_APPEND_DATA Or SYNCHRONIZE)
- Public Const FILE_GENERIC_EXECUTE As Long = (STANDARD_RIGHTS_EXECUTE _
- Or FILE_READ_ATTRIBUTES Or FILE_EXECUTE Or SYNCHRONIZE)
- Public Const FILE_ALL_ACCESS As Long = (STANDARD_RIGHTS_REQUIRED _
- Or SYNCHRONIZE Or &H1FF&)
- Public Const GENERIC_READ As Long =
- Public Const GENERIC_WRITE As Long =
- Public Const GENERIC_EXECUTE As Long =
- Public Const GENERIC_ALL As Long =
- ' Types, constants and functions
- ' to work with access rights
- Public Const OWNER_SECURITY_INFORMATION As Long =
- Public Const GROUP_SECURITY_INFORMATION As Long =
- Public Const DACL_SECURITY_INFORMATION As Long =
- Public Const TOKEN_QUERY As Long = 8
- Public Const SecurityImpersonation As Integer = 3
- Public Const ANYSIZE_ARRAY = 1
- Public Type GENERIC_MAPPING
- GenericRead As Long
- GenericWrite As Long
- GenericExecute As Long
- GenericAll As Long
- End Type
- Public Type LUID
- LowPart As Long
- HighPart As Long
- End Type
- Public Type LUID_AND_ATTRIBUTES
- pLuid As LUID
- Attributes As Long
- End Type
- Public Type PRIVILEGE_SET
- PrivilegeCount As Long
- Control As Long
- Privilege(ANYSIZE_ARRAY) As LUID_AND_ATTRIBUTES
- End Type
- Public Declare Function GetFileSecurity Lib "advapi32.dll" _
- Alias "GetFileSecurityA" (ByVal lpFileName As String, _
- ByVal RequestedInformation As Long, pSecurityDescriptor As Byte, _
- ByVal nLength As Long, lpnLengthNeeded As Long) As Long
- Public Declare Function AccessCheck Lib "advapi32.dll" _
- (pSecurityDescriptor As Byte, ByVal ClientToken As Long, _
- ByVal DesiredAccess As Long, GenericMapping As GENERIC_MAPPING, _
- PrivilegeSet As PRIVILEGE_SET, PrivilegeSetLength As Long, _
- GrantedAccess As Long, Status As Long) As Long
- Public Declare Function ImpersonateSelf Lib "advapi32.dll" _
- (ByVal ImpersonationLevel As Integer) As Long
- Public Declare Function RevertToSelf Lib "advapi32.dll" () As Long
- Public Declare Sub MapGenericMask Lib "advapi32.dll" (AccessMask As Long, _
- GenericMapping As GENERIC_MAPPING)
- Public Declare Function OpenThreadToken Lib "advapi32.dll" _
- (ByVal ThreadHandle As Long, ByVal DesiredAccess As Long, _
- ByVal OpenAsSelf As Long, TokenHandle As Long) As Long
- Public Declare Function GetCurrentThread Lib "kernel32" () As Long
- Public Declare Function CloseHandle Lib "kernel32" _
- (ByVal hObject As Long) As Long
- ' Types, constants and functions for OS version detection
- Public Type OSVERSIONINFO
- dwOSVersionInfoSize As Long
- dwMajorVersion As Long
- dwMinorVersion As Long
- dwBuildNumber As Long
- dwPlatformId As Long
- szCSDVersion As String * 128
- End Type
- Public Const VER_PLATFORM_WIN32_NT As Long = 2
- Public Declare Function GetVersionEx Lib "kernel32" Alias "GetVersionExA" _
- (lpVersionInformation As OSVERSIONINFO) As Long
- ' Constant and function for detection of support
- ' of access rights by file system
- Public Const FS_PERSISTENT_ACLS As Long =
- Public Declare Function GetVolumeInformation Lib "kernel32" _
- Alias "GetVolumeInformationA" (ByVal lpRootPathName As String, _
- ByVal lpVolumeNameBuffer As String, ByVal nVolumeNameSize As Long, _
- lpVolumeSerialNumber As Long, lpMaximumComponentLength As Long, _
- lpFileSystemFlags As Long, ByVal lpFileSystemNameBuffer As String, _
- ByVal nFileSystemNameSize As Long) As Long
- ' *-----------------------------------------------------------------------*
- ' CheckFileAccess function checks access rights to given file.
- ' DesiredAccess - bitmask of desired access rights.
- ' The function returns bitmask, which contains those bits of desired bitmask,
- ' which correspond with existing access rights.
- Private Function CheckFileAccess(Filename As String, _
- ByVal DesiredAccess As Long) As Long
- Dim r As Long, SecDesc() As Byte, SDSize As Long, hToken As Long
- Dim PrivSet As PRIVILEGE_SET, GenMap As GENERIC_MAPPING
- Dim Volume As String, FSFlags As Long
- ' Checking OS type
- If Not IsNT() Then
- ' Rights not supported. Returning -1.
- CheckFileAccess = -1
- Exit Function
- End If
- ' Checking access rights support by file system
- If Left$(Filename, 2) = "//" Then
- ' Path in UNC format. Extracting share name from it
- r = InStr(3, Filename, "/")
- If r = 0 Then
- Volume = Filename & "/"
- Else
- Volume = Left$(Filename, r)
- End If
- ElseIf Mid$(Filename, 2, 2) = ":/" Then
- ' Path begins with drive letter
- Volume = Left$(Filename, 3)
- 'Else
- ' If path not set, we are leaving Volume blank.
- ' It retutns information about current drive.
- End If
- ' Getting information about drive
- GetVolumeInformation Volume, vbNullString, 0, ByVal 0&, _
- ByVal 0&, FSFlags, vbNullString, 0
- If (FSFlags And FS_PERSISTENT_ACLS) = 0 Then
- ' Rights not supported. Returning -1.
- CheckFileAccess = -1
- Exit Function
- End If
- ' Determination of buffer size
- GetFileSecurity Filename, OWNER_SECURITY_INFORMATION _
- Or GROUP_SECURITY_INFORMATION _
- Or DACL_SECURITY_INFORMATION, 0, 0, SDSize
- If Err.LastDllError <> 122 Then
- ' Rights not supported. Returning -1.
- CheckFileAccess = -1
- Exit Function
- End If
- If SDSize = 0 Then Exit Function
- ' Buffer allocation
- ReDim SecDesc(1 To SDSize)
- ' Once more call of function
- ' to obtain Security Descriptor
- If GetFileSecurity(Filename, OWNER_SECURITY_INFORMATION _
- Or GROUP_SECURITY_INFORMATION _
- Or DACL_SECURITY_INFORMATION, _
- SecDesc(1), SDSize, SDSize) = 0 Then
- ' Error. We must return no access rights.
- Exit Function
- End If
- ' Adding Impersonation Token for thread
- ImpersonateSelf SecurityImpersonation
- ' Opening of Token of current thread
- OpenThreadToken GetCurrentThread(), TOKEN_QUERY, 0, hToken
- If hToken <> 0 Then
- ' Filling GenericMask type
- GenMap.GenericRead = FILE_GENERIC_READ
- GenMap.GenericWrite = FILE_GENERIC_WRITE
- GenMap.GenericExecute = FILE_GENERIC_EXECUTE
- GenMap.GenericAll = FILE_ALL_ACCESS
- ' Conversion of generic rights
- ' to specific file access rights
- MapGenericMask DesiredAccess, GenMap
- ' Checking access
- AccessCheck SecDesc(1), hToken, DesiredAccess, GenMap, _
- PrivSet, Len(PrivSet), CheckFileAccess, r
- CloseHandle hToken
- End If
- ' Deleting Impersonation Token
- RevertToSelf
- End Function
- ' *-----------------------------------------------------------------------*
- ' IsNT() function returns True, if the program works
- ' in Windows NT or Windows 2000 operating system, and False
- ' otherwise.
- Private Function IsNT() As Boolean
- Dim OSVer As OSVERSIONINFO
- OSVer.dwOSVersionInfoSize = Len(OSVer)
- GetVersionEx OSVer
- IsNT = (OSVer.dwPlatformId = VER_PLATFORM_WIN32_NT)
- End Function
- ' *-----------------------------------------------------------------------*