I am trying to get the effective rights a user has on a file using interop in C#. Following is the code I am using :
public static FileSystemRights GetFileEffectiveRights(string FileName, string UserName)
{
IntPtr pDacl, pZero = IntPtr.Zero;
int Mask = 0;
uint errorReturn = GetNamedSecurityInfo(FileName, SE_OBJECT_TYPE.SE_FILE_OBJECT, SECURITY_INFORMATION.Dacl
, out pZero, out pZero, out pDacl, out pZero, out pZero);
if (errorReturn != 0)
{
throw new Exception("Win error : " + errorReturn);
}
Program.TRUSTEE pTrustee = new TRUSTEE();
pTrustee.pMultipleTrustee = IntPtr.Zero;
pTrustee.MultipleTrusteeOperation = (int)Program.MULTIPLE_TRUSTEE_OPERATION.NO_MULTIPLE_TRUSTEE;
pTrustee.ptstrName = UserName;
pTrustee.TrusteeForm = (int)Program.TRUSTEE_FORM.TRUSTEE_IS_NAME;
pTrustee.TrusteeType = (int)Program.TRUSTEE_TYPE.TRUSTEE_IS_USER;
errorReturn = GetEffectiveRightsFromAcl(pDacl, ref pTrustee, ref Mask);
if (errorReturn != 0)
{
throw new Exception("Win error : " + errorReturn);
}
return (FileSystemRights)Mask;
}
This code works fine until I start modifying the ACL structure using the classes FileAccessRule and FileInfo, and then I start getting Windows Error 1336 : ERROR_INVALID_ACL. Same is the case if I debug the process call GetFileEffectiveRights once, pause the process,change the ACL through windows API, and resume and call GetFileEffectiveRights again(the 1st call succeeds but the second gives 1336.)
What is going wrong?