如何使用 API 从 VisualBasic 访问高级控件

如何使用 API 从 VisualBasic 访问高级控件

察看本文应用于的产品
function loadTOCNode(){}

注意：这篇文章是由无人工介入的自动的机器翻译系统翻译完成。这些文章是微软为不懂英语的用户提供的, 以使他们能够理解这些文章的内容。微软不保证机器翻译的正确度，也不对由于内容的误译或者客户对它的使用所引起的任何直接的, 或间接的可能的问题负责。

文章编号	:	295004
最后修改	:	2006年11月21日
修订	:	4.1

概要

loadTOCNode(1, 'summary');
Win32API 提供两个 API 用于与安全描述符 (SDs) 处理和访问控制列表 (ACL)。 用于处理 SDs 和 ACL 以及高级访问控制低级 API 集提供接口。 高级访问控制 API 用于 Microsoft Windows 2000 和 WindowsXP, MIcrosoft 已得到增强以支持特定对象的访问控制项 (ACE)、 目录服务 (DS) 对象和自动继承。 本文提供示例代码使用高级访问控制 API 来修改一个现有自由访问控制列表 (DACL) 文件夹安全对象上。

更多信息

loadTOCNode(1, 'moreinformation');
以下 Visual Basic 示例代码使用 GetNamedSecurityInfo() API 来检索现有 DACL 的目标 C:/Test1 文件夹。 通过 BuildExplicitAccessWithName() API 然后, 它建立对 所有人 具有 GENERIC _ READ 访问托管 EXPLICIT_ACCESS 结构。 在本示例, 与 CONTAINER_INHERIT_ACE 或 OBJECT_INHERIT_ACE, 如高效 ACE 对 C:/Test1 文件夹和用于子文件夹以及文件继承 ACE 应用继承构造 ACE。

SetEntriesInAcl() API 通过合并插入现有 ACL EXPLICIT_ACCESS 结构中指定新访问控制信息创建新访问控制列表 (ACL) 并返回新更新 DACL 内存中。 此更新 DACL 然后用于通过 SetNamedSecurityInfo() API C:/Test1 文件夹上设置安全性。



Option Explicit

' Success status of high level access control APIs
Private Const ERROR_SUCCESS = 0&

' Type of Securable Object we are operating in this sample code
Private Const SE_FILE_OBJECT = 1&

' The Security Information constants required
Private Const DACL_SECURITY_INFORMATION = 4&
Private Const SET_ACCESS = 2&

' Standard access rights extracted from WinNT.h
Private Const SYNCHRONIZE = &H100000
Private Const READ_CONTROL = &H20000
Private Const WRITE_DAC = &H40000
Private Const WRITE_OWNER = &H80000
Private Const STANDARD_RIGHTS_READ = (READ_CONTROL)
Private Const STANDARD_RIGHTS_WRITE = (READ_CONTROL)
Private Const DELETE = &H10000

' Generic access rights extracted from WinNT.h
Private Const GENERIC_ALL = &H10000000
Private Const GENERIC_EXECUTE = &H20000000
Private Const GENERIC_READ = &H80000000
Private Const GENERIC_WRITE = &H40000000

' Inheritance Flags
Private Const CONTAINER_INHERIT_ACE = &H2
Private Const OBJECT_INHERIT_ACE = &H1

' The TRUSTEE structure identifies the user account, group account, or logon session
' to which an ACE applies. The structure can use a name or a security identifier (SID)
' to identify the trustee.

' Access control APIs, such as SetEntriesInAcl and GetExplicitEntriesFromAcl, use this
' structure to identify the account associated with the access-control or audit-control
' information in an EXPLICIT_ACCESS structure.
Private Type TRUSTEE
pMultipleTrustee As Long
MultipleTrusteeOperation As Long
TrusteeForm As Long
TrusteeType As Long
ptstrName As String
End Type

' EXPLICIT_ACCESS structure that specifies access-control information for a specified
' trustee such as access mask as well as inheritance flags
Private Type EXPLICIT_ACCESS
grfAccessPermissions As Long
grfAccessMode As Long
grfInheritance As Long
pTRUSTEE As TRUSTEE
End Type

' High Level access control API declarations
Private Declare Sub BuildExplicitAccessWithName Lib "Advapi32.dll" Alias _
"BuildExplicitAccessWithNameA" _
(ea As Any, _
ByVal TrusteeName As String, _
ByVal AccessPermissions As Long, _
ByVal AccessMode As Integer, _
ByVal Inheritance As Long)

Private Declare Function SetEntriesInAcl Lib "Advapi32.dll" Alias _
"SetEntriesInAclA" _
(ByVal CountofExplicitEntries As Long, _
ea As Any, _
ByVal OldAcl As Long, _
NewAcl As Long) As Long

Private Declare Function GetNamedSecurityInfo Lib "Advapi32.dll" Alias _
"GetNamedSecurityInfoA" _
(ByVal ObjName As String, _
ByVal SE_OBJECT_TYPE As Long, _
ByVal SecInfo As Long, _
ByVal pSid As Long, _
ByVal pSidGroup As Long, _
pDacl As Long, _
ByVal pSacl As Long, _
pSecurityDescriptor As Long) As Long

Private Declare Function SetNamedSecurityInfo Lib "Advapi32.dll" Alias _
"SetNamedSecurityInfoA" _
(ByVal ObjName As String, _
ByVal SE_OBJECT As Long, _
ByVal SecInfo As Long, _
ByVal pSid As Long, _
ByVal pSidGroup As Long, _
ByVal pDacl As Long, _
ByVal pSacl As Long) As Long

Private Declare Function LocalFree Lib "kernel32" (ByVal hMem As Long) As Long

Private Sub Command1_Click()

Dim result As Long
Dim pSecDesc As Long
Dim ea As EXPLICIT_ACCESS
Dim pNewDACL As Long
Dim pOldDACL As Long

' Get the DACL information of c:/test1 folder using GetNamedSecurityInfo() API.
' SE_FILE_OBJECT constant says that the named securable object is a file or folder
result = GetNamedSecurityInfo("c:/test1", SE_FILE_OBJECT, DACL_SECURITY_INFORMATION, 0&, 0&, pOldDACL, 0&, pSecDesc)
If result = ERROR_SUCCESS Then

' Construct an EXPLICIT_ACCESS structure for Everyone with GENERIC_READ access that will apply for c:/test1
' as well as subfolder and files using BuildExplicitAccessWithName() API
BuildExplicitAccessWithName ea, "Users", GENERIC_READ, SET_ACCESS, CONTAINER_INHERIT_ACE Or OBJECT_INHERIT_ACE

' Merge constructed EXPLICIT_ACCESS structure to the existing DACL and get an updated DACL in memory from
' SetEntriesInAcl() API
result = SetEntriesInAcl(1, ea, pOldDACL, pNewDACL)
If result = ERROR_SUCCESS Then
MsgBox "SetEntriesInAcl succeeded"

' Call SetNamedSecurityInfo() API with the updated DACL in memory to change the DACL of c:/test1 folder
result = SetNamedSecurityInfo("c:/test1", SE_FILE_OBJECT, DACL_SECURITY_INFORMATION, 0&, 0&, pNewDACL, 0&)
If result = ERROR_SUCCESS Then
MsgBox "SetNamedSecurityInfo succeeded"
Else
MsgBox "SetNamedSecurityInfo failed with error code : " & result
End If

' Free the memory allocated for the new DACL by the SetEntriesInAcl() API, using LocalFree() API
LocalFree pNewDACL
Else
MsgBox "SetEntriesInAcl failed with error code : " & result
End If

' Free the memory allocated for the security descriptor by the GetNamedSecurityInfo() API, using LocalFree() API
LocalFree pSecDesc
Else
MsgBox "GetNamedSecurityInfo failed with error code : " & result
End If
End Sub


http://support.microsoft.com/default.aspx?scid=kb%3Bzh-cn%3B295004