Location: Symbol Reference > Classes > TJwSecureFileObject Class
JWSCL Documentation
ContentsIndexHome
PreviousUpNext
TJwSecureFileObject Class
Pascal
TJwSecureFileObject = class(TJwSecureBaseClass);

TJwSecureFileObject provides access to security relevant information for files and folders. The words file and folders are combined into file object. It is used equally for both files and folders.

 
Name 
Description 
 
This is Destroy, a member of class TJwSecureBaseClass. 
TJwSecureFileObject Class
 
Name 
Description 
 
This is the overview for the Create constructor overload. 
 
Destroy destroys the instance. If a handle was duplicated it is also closed. 
Name 
Description 
The following tables list the members exposed by TJwSecureBaseClass. 
The methods of the TJwSecureBaseClass class are listed here. 
TJwSecureFileObject Class
Name 
Description 
The following tables list the members exposed by TJwSecureFileObject. 
The methods of the TJwSecureFileObject class are listed here. 
The properties of the TJwSecureFileObject class are listed here. 
 
Name 
Description 
 
This function converts generic rights to specifc ones It can convert several generic rights.
This function converts generic rights to specifc ones It can convert several generic rights. 
 
This is HasValidHandle, a member of class TJwSecureBaseClass. 
 
this procedure replaces GENERIC access masks in the DACL with specific mask using mapping GenericMapping
this procedure replaces GENERIC access masks in the DACL with specific mask using mapping GenericMapping 
TJwSecureFileObject Class
 
Name 
Description 
 
This is the overview for the AccessCheck method overload. 
 
AccessCheckAndAuditAlarm. See http://msdn2.microsoft.com/en-us/library/aa374823.aspx for more information.
Not tested yet! 
 
GetDACL returns the DACL of the file object.  
 
This is the overview for the GetFileInheritanceSource method overload. 
 
GetGroup returns the group of the file object.  
 
GetInheritanceSource retrieves the source if inheritance for the ACEs in the ACL of the given object. See MSDN http://msdn2.microsoft.com/en-us/library/aa446640.aspx.
 
 
GetMandatoryLabel returns the mandatory level of the object. The object is retrieved from the SACL. Its only supported on Windows Vista and newer.  
 
GetOwner returns the owner of the file object.  
 
GetSACL returns the SACL of the file object. You need to have SE_SECURITY_NAME privilege be enabled otherwise the call fails.
 
 
GetSecurityDescriptor returns a security descriptor of the file with specified SD entries given in parameter SD_entries.  
 
GetTempDACL returns the DACL of a file object. It does the same like GetGroup but the return value is stored and used as a cache. Consequently the returned instance must not be freed! The first call gets the file object owner. The following calls use the data from the first call. 
 
GetTempGroup returns the group of a file object. It does the same like GetGroup but the return value is stored and used as a cache. Consequently the returned instance must not be freed! The first call gets the file object owner. The following calls use the data from the first call. 
 
GetTempOwner returns the owner of a file object. It does the same like GetOwner but the return value is stored and used as a cache. Consequently the returned instance must not be freed! The first call gets the file object owner. The following calls use the data from the first call. 
 
GetTempSACL returns the SACL of a file object. It does the same like GetGroup but the return value is stored and used as a cache. Consequently the returned instance must not be freed! The first call gets the file object owner. The following calls use the data from the first call. 
 
This is the overview for the RemoveInheritanceFlow method overload. 
 
ResetTemp resets the cache. Subsequent calls to GetTempXXX will not use the cache instead it calls the security winapi functions.  
 
This is the overview for the RestoreInheritanceFlow method overload. 
 
SetDACL sets the DACL of the file object. You need WRITE_DACL rights to set the DACL or the curren token must be the owner.
If you want to replace an existing DACL completly, you have to first call SetDACL with a nil list-Parameter. This creates a NULL DACL (with everybody has access to it) Afterwards you can set a new DACL to the file. So nobody can hijack the file you should also open the file exclusively and do not use the SetNamedXXX methods.
New: You can also use apProtected to remove inherited ACEs (replace an existing DACL completely).
The... more 
 
SetGroup sets the group of the file object.
The SID is copied into the file object. 
 
SetMandatoryLabel sets the mandatory level of the object. 
 
SetOwner sets the owner of the file object. You need WRITE_DACL and WRITE_OWNER rights to set the DACL or the privilege SE_TAKE_OWNERSHIP must be enabled. To make a successfull call the ID must be the user of the thread calling this function. Only a user with enough rights can take ownership to his username. To set the owner to a different user as the token owner the user must be logged on (using LogonUser or similar), the thread must be impersonated to this user and the SetOwner is called in this thread.
The SID is copied into the file object.... more 
 
SetSACL sets the SACL of the file object. You need to have SE_SECURITY_NAME privilege be enabled otherwise the call fails.
New: You can also use apProtected to remove inherited ACEs (replace an existing SACL completly).
The list is copied into the file object.
 
 
SetSecurityDescriptor sets the security descriptor of the file. It simply calls all SetXXX methods if defined in SD_entries. If a entry of the SD cannot be set an exception is raised and the rest is dismissed. However all entries that were successfully set before the exception are stored into the file security.
The following values are ignored in SD_entries:
  • siprotectedDaclSecurityInformation
  • siUnprotectedDaclSecurityInformation
  • siprotectedSaclSecurityInformation
  • siUnprotectedSaclSecurityInformation
  • siLabelSecurityInformation : Use SetMandatoryLabel instead

Instead use TJwSecurityDescriptor.InheritanceDACLProtection or TJwSecurityDescriptor.InheritanceSACLProtection to control inheritance.
 
 
SupportACL checks if a given drive or UNC Path supports ACL.  
 
This is the overview for the TakeOwnerShip method overload. 
 
TreeFileObjectSetNamedSecurityInfo sets or resets the security information of a folder tree. The process can be observed by a callback method or function. This method can be run in a seperate thread so that it immediately returns.
This method cannot restore the security information for a locked out user without using SeBackupPrivilege privilege. TreeFileObjectSetNamedSecurityInfo cannot change inheritance protection flow.
 
 
TreeResetNamedSecurityInfo sets the securiy information of a folder and all its children. See MSDN for more information http://msdn2.microsoft.com/en-us/library/aa965849.aspx. This function needs Windows XP or higher.
This method can restore the security information for a locked out user without using SeBackupPrivilege privilege. It uses a highly privileged system accout to do this.
Both callback methods can be used at the same time. If both are not nil, they are called in the following order : FNProgressMethod, FNProgressProcedure. Exceptions are caught in these calls.
 
TJwSecureFileObject Class
 
Name 
Description 
 
AccessMask defines desired access. It is used if DesiredAccess parameter of AccessCheck methods is (-1). 
 
AutoResetACL defines whether a call to SetDACL (implicit set property DACL) and to SetSACL (implicit set property SACL) removes the old ACL by setting it to nil (true) or leaves it alone (false). Set to true if you want to remove all ACEs before restructure new ones. 
 
DACL 
DACL returns a cached version of the file object DACL 
 
Group return a cached version of the file object group 
 
Handle returns the handle of the currently used file object. If the instance was created using a filename the Handle is 0. It will be automatically freed. 
 
Owner return a cached version of the file object owner 
 
SACL 
SACL returns a cached version of the file object SACL 
Copyright (c) 2010. All rights reserved.
This help was created by Doc-O-Matic sponsored by toolsfactory software inc.
What do you think about this topic? Send feedback!