|
-
May 15th, 2008, 04:51 AM
#1
NetShareGetInfo returns invalid SD??
Hi all,
i want to set accessrights for a shared folder.
What I try to do is:
Code:
SHARE_INFO_502* pBuff = NULL;
long nRes = NetShareGetInfo( NULL, _T("public"), 502, (BYTE**)&pBuff );
BOOL bPresent=0;
BOOL bDefault=0;
PACL acl = NULL;
if (!GetSecurityDescriptorDacl(pBuff->shi502_security_descriptor,
&bPresent, // bDaclPresent flag
&acl,
&bDefault)) // not a default DACL
{
printf("GetSecurityDescriptorDacl Error %u\n",
GetLastError());
}
The call to GetSecurityDescriptorDacl blocks seemingliy forever. When I try to call SetSecurityDescriptorDacl it retuns 'The Security Descriptor is invalid'...
Any Ideas??
Regards,
Christoph
-
May 15th, 2008, 07:18 AM
#2
Re: NetShareGetInfo returns invalid SD??
Well you have a NULL pointer. You try to use the pointer before
Code:
if (!GetSecurityDescriptorDacl(pBuff->shi502_security_descriptor,
you initialize it to a valid memory address. That could be the problem.
Tis an Access violation 0xC0000006 waiting to happen.
HTH,
Last edited by ahoodin; May 15th, 2008 at 07:29 AM.
ahoodin
To keep the plot moving, that's why.
-
May 15th, 2008, 08:15 AM
#3
Re: NetShareGetInfo returns invalid SD??
Hi ahoodin, zhanks for the reply but this is not a null pointer issue.
I have benn fiddling around a little and got the following result:
I can get the ACL using GetSecurityDescriptorDacl. Great. But when I try to set exactly the same ACL I receive an error 1338 : "The security descriptor structure is invalid."
This is my code:
Code:
SHARE_INFO_502* pBuff = NULL;
long nRes = NetShareGetInfo( NULL, _T("public"), 502, (BYTE**)&pBuff );
BOOL bPresent=0;
BOOL bDefault=0;
PACL acl = NULL;
if (!GetSecurityDescriptorDacl(pBuff->shi502_security_descriptor,
&bPresent, // bDaclPresent flag
&acl,
&bDefault)) // not a default DACL
{
printf("GetSecurityDescriptorDacl Error %u\n",
GetLastError());
goto Cleanup;
}
// Add the ACL to the security descriptor.
if (!SetSecurityDescriptorDacl(pBuff->shi502_security_descriptor,
TRUE, // bDaclPresent flag
acl,
FALSE)) // not a default DACL
{
printf("SetSecurityDescriptorDacl Error %u\n",
GetLastError());
goto Cleanup;
}
I would think the acl returned previously from GetSecurityDescriptorDacl should be valid. So Wy does SetSecurityDescriptorDacl tell me its not?? What am I getting wrong here??
regards,
Chris
Last edited by C.Schlue; May 15th, 2008 at 08:20 AM.
-
May 15th, 2008, 08:28 AM
#4
Re: NetShareGetInfo returns invalid SD??
I think its talking about this security descriptor being invalid:
Code:
if (!GetSecurityDescriptorDacl(pBuff->shi502_security_descriptor
Alot of times error messages are sort of anomolouse, especially MS error messages  .
Code:
pBuff->shi502_security_descriptor
Its obvious that the GetSecurityDescriptorDacl() function is supposed to fill your pAcl, but not your pBuff.
ahoodin
To keep the plot moving, that's why.
-
May 15th, 2008, 08:34 AM
#5
Re: NetShareGetInfo returns invalid SD??
Yeah- I also just sensed that the error issues a problem with the security descriptor and not with the acl.
However- basically my question remains the same: Why is the security descriptor valid for getting an ACL but invalid for setting the ACL??
My programm is running under the local Administrator account. So this should not be an security issue right? Would it be useful for anyone to if I put a sample together an upload it here?
EDIT:
Ahoodin, the buffer is completely 'filled' by the NetShareGetInfo function
Last edited by C.Schlue; May 15th, 2008 at 08:36 AM.
-
May 15th, 2008, 08:43 AM
#6
Re: NetShareGetInfo returns invalid SD??
probably 1st call:
Code:
NET_API_STATUS NetShareGetInfo(
LPWSTR servername,
LPWSTR netname,
DWORD level,
LPBYTE *bufptr
);
to fill pBuff.
Ok I am seeing this now.
IT does call that first.
ahoodin
To keep the plot moving, that's why.
-
May 15th, 2008, 08:57 AM
#7
Re: NetShareGetInfo returns invalid SD??
Have you stepped through the code with the debugger to look at the return values on NetShareGetInfo() etc?
ahoodin
To keep the plot moving, that's why.
-
May 15th, 2008, 09:05 AM
#8
Re: NetShareGetInfo returns invalid SD??
Shure. Everythig looks fine exept the call to SetSecurityDescriptorDacl.
=> NetShareGetInfo succeeds. And returns a security descriptor.
=> I can use the security descriptor to get the associated ACL
=> I cannot use this security descriptor to set the ACL ( error 1338 = invalid security descriptor)
-
May 15th, 2008, 09:09 AM
#9
Re: NetShareGetInfo returns invalid SD??
Hmmmm look at what I found:
Link to 1338 error at CG
ahoodin
To keep the plot moving, that's why.
-
May 15th, 2008, 09:46 AM
#10
Re: NetShareGetInfo returns invalid SD??
Says you got to put the security descriptor passed to SetSecurityDescriptorDacl in Absolute format with MakeAbsoluteSD().
ahoodin
To keep the plot moving, that's why.
-
May 15th, 2008, 10:25 AM
#11
 Re: NetShareGetInfo returns invalid SD??
Oh dear. Sometimes I'm just to blind. I saw this Absolute SD thing in the MSDN docs for SetACL but immediatly forgot about it again. Just didnt belive that would be the problem here.
Yeah- well this absolutely does the trick. Now it works perfectly. For anyone also having this problem here is my working code. For testing purposes I do simply set a NULL DACL for my share:
Code:
SHARE_INFO_502* pBuff = NULL;
long nRes = NetShareGetInfo( NULL, _T("public"), 502, (BYTE**)&pBuff );
BOOL bPresent=0;
BOOL bDefault=0;
PACL acl = NULL;
if (!GetSecurityDescriptorDacl(pBuff->shi502_security_descriptor,
&bPresent, // bDaclPresent flag
&acl,
&bDefault)) // not a default DACL
{
printf("GetSecurityDescriptorDacl Error %u\n",
GetLastError());
goto Cleanup;
}
DWORD dwAbsoluteSDSize = 0;
DWORD dwAbsoluteDACLSize= 0;
DWORD dwAbsoluteSACLSize= 0;
DWORD dwAbsoluteOwnerSize= 0;
DWORD dwAbsoluteGroupSize= 0;
SECURITY_DESCRIPTOR* pAbsoluteSD = NULL;
PACL pAbsoluteDACL= NULL;
PACL pAbsoluteSACL= NULL;
PSID pAbsoluteOwner=NULL;
PSID pAbsoluteGroup=NULL;
MakeAbsoluteSD( pBuff->shi502_security_descriptor,
NULL, &dwAbsoluteSDSize,
NULL, &dwAbsoluteDACLSize,
NULL, &dwAbsoluteSACLSize,
NULL, &dwAbsoluteOwnerSize,
NULL, &dwAbsoluteGroupSize);
if(GetLastError()!=STATUS_BUFFER_TOO_SMALL)
{
printf("MakeAbsoluteSD (1) Error %u\n",
GetLastError());
goto Cleanup;
}
pAbsoluteSD = (SECURITY_DESCRIPTOR*) new BYTE[ dwAbsoluteSDSize ];
pAbsoluteDACL = (PACL) new BYTE[ dwAbsoluteDACLSize];
pAbsoluteSACL = (PACL) new BYTE[ dwAbsoluteSACLSize ];
pAbsoluteOwner = (PSID) new BYTE[ dwAbsoluteOwnerSize ];
pAbsoluteGroup = (PSID) new BYTE[ dwAbsoluteGroupSize ];
if( ! MakeAbsoluteSD(
pBuff->shi502_security_descriptor,
pAbsoluteSD, &dwAbsoluteSDSize,
pAbsoluteDACL, &dwAbsoluteDACLSize,
pAbsoluteSACL, &dwAbsoluteSACLSize,
pAbsoluteOwner, &dwAbsoluteOwnerSize,
pAbsoluteGroup, &dwAbsoluteGroupSize) )
{
printf("MakeAbsoluteSD (2) Error %u\n",
GetLastError());
goto Cleanup;
}
// Add the ACL to the security descriptor.
if (!SetSecurityDescriptorDacl(pAbsoluteSD,
FALSE, // bDaclPresent flag
NULL,
FALSE)) // not a default DACL
{
printf("SetSecurityDescriptorDacl Error %u\n",
GetLastError());
goto Cleanup;
}
pBuff->shi502_security_descriptor = pAbsoluteSD;
DWORD parmError = 0;
nRes = NetShareSetInfo( NULL, _T("public"), 502, (BYTE*)pBuff, &parmError );
if( nRes!=0 )
{
printf("NetShareSetInfo Error %u\n",
GetLastError());
goto Cleanup;
}
Thanks ahoodin for helping me focusing on the problem
Regards,
Chris
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|
Reply With Quote
