How to set share permissions for shared folder programmatically?

[maggiezhao]

I use
net share
to share a folder from command line, but
I don't know how to set share permissions for shared folder (not permission for security) programmatically?

Thanks a lot!

[Mick]

I think you want to look at the NetShareAdd(...) function, and grouped functions for shares, in the IDE help or on MSDN.microsoft.com

[maggiezhao]

Originally posted by Mick_2002
I think you want to look at the NetShareAdd(...) function, and grouped functions for shares, in the IDE help or on MSDN.microsoft.com

[maggiezhao]

The following are my C++ code (Unicode) to create a
share folder. It created shared folder successfully,
but p.shi2_permissions = ACCESS_READ;
seems not work.
I want to deny permissions for everyone user!!!


In MSDN:
shi2_permissions
Specifies a DWORD value that indicates the shared resource's permissions for servers running with share-level security. A server running user-level security ignores this member. This member can be one or more of the following values. Calls to the NetShareSetInfo function ignore this member.


Any further help will be appreciated!

Thanks!



// XpShare.cpp : Defines the entry point for the console //application.
//

#include "stdafx.h"
#include <windows.h>
#include <tchar.h>

#include <Lmshare.h>
extern "C" {
#include <Lm.h>
}

int _tmain(int argc, _TCHAR* argv[])
{
NET_API_STATUS res;
SHARE_INFO_2 p;
DWORD parm_err = 0;

//
// Fill in the SHARE_INFO_2 structure.
//
p.shi2_netname = TEXT("TESTSHARE_A");
p.shi2_type = STYPE_DISKTREE; // disk drive
p.shi2_remark = TEXT("created by NetShareAdd");
p.shi2_permissions = ACCESS_READ;
p.shi2_max_uses = 4;
p.shi2_current_uses = 0;
p.shi2_path = TEXT("C:\\A");
p.shi2_passwd = NULL; // no password
//
// Call the NetShareAdd function,
// specifying level 2.
//
res=NetShareAdd(NULL, 2, (LPBYTE) &p, &parm_err);
//
// If the call succeeds, inform the user.
//
if(res==0)
printf("Share created.\n");

// Otherwise, print an error,
// and identify the parameter in error.
//
else
{
printf("Error: %u\tparmerr=%u\n", res, parm_err);
}

return 0;
}

[Fuzzy_NZ]

The following are my C++ code (Unicode) to create a
share folder. It created shared folder successfully,
but p.shi2_permissions = ACCESS_READ;
seems not work.
I want to deny permissions for everyone user!!!


In MSDN:
shi2_permissions
Specifies a DWORD value that indicates the shared resource's permissions for servers running with share-level security. A server running user-level security ignores this member. This member can be one or more of the following values. Calls to the NetShareSetInfo function ignore this member.


Any further help will be appreciated!

Thanks!



// XpShare.cpp : Defines the entry point for the console //application.
//

#include "stdafx.h"
#include <windows.h>
#include <tchar.h>

#include <Lmshare.h>
extern "C" {
#include <Lm.h>
}

int _tmain(int argc, _TCHAR* argv[])
{
NET_API_STATUS res;
SHARE_INFO_2 p;
...
res=NetShareAdd(NULL, 2, (LPBYTE) &p, &parm_err);
...

}

firstly change SHARE_INFO_2 to SHARE_INFO_502
and change res=NetShareAdd(NULL, 2, (LPBYTE) &p, &parm_err);
to res=NetShareAdd(NULL, 502, (LPBYTE) &p, &parm_err);

then you will need to set the security discriptor in the SHARE_INFO_502 structor
you should also note there is a NetShareSetInfo that will set the permissions for a share that exists
p.shi2_permissions is only used for Simple file sharing not NT file sharing
Dont ask me how make the file discriptor work, I cant even get the NetShareAdd function to work, I keep getting the these errors 123 and 1320 (I think) and have no idea what they are

If you prog works (sharing the folder) would you mind emailing me a compiled copy so i can test it on my computer
email address is [email protected]

[pebmeister]

The following code will create a share, set its share permissions and set the security for the folder.


Paul

Code:

// CreateRTXShare.cpp : Defines the entry point for the console application.
//

#include "stdafx.h"

#include <Windows.h>
#include <lm.h>
#include <AccCtrl.h>
#include <AclAPI.h>
#include <sddl.h>


#pragma comment(lib, "Netapi32.lib")
#define MAX_ERROR_BUFFER_SZ		0xFFFF

int CreateShare(LPTSTR name, LPTSTR path);
TCHAR* GetErrorText(DWORD error);
PSID GetSIDForNamedUserOrGroup(LPTSTR pUserName);

int _tmain(int argc, _TCHAR* argv[])
{
	if (argc != 3)
	{
		_tprintf(_T("Usage:\nShare name path\n"));
		return 0;
	}
	DWORD err = CreateShare(argv[1], argv[2]);
	if (err)
		_tprintf(_T("ERROR:\n%s"), GetErrorText(err));

	return err;
}

// Create theShare
int CreateShare(LPTSTR name, LPTSTR path)
{
	DWORD err = 0;
	NET_API_STATUS res = 0;
	SHARE_INFO_502 p = { 0 };
	DWORD dwUserNameSz = UNLEN + 1;
	TCHAR chCurrentUser[UNLEN + 1] = { 0 };
	PSID pAdminSID = NULL;
	PSID pAuthenticatedUsersSID = NULL;
	PSID pCurrentUserSID = NULL;
	PSID pSystemSID = NULL;
	PSID pEveryOneSID = NULL;
	PACL pACL = NULL;
	PEXPLICIT_ACCESS ea = NULL;
	SID_IDENTIFIER_AUTHORITY SIDAuthNT = SECURITY_NT_AUTHORITY;
	DWORD sidSize = SECURITY_MAX_SID_SIZE;
	PSECURITY_DESCRIPTOR pSD = NULL;

	// Get the current logged in User Name
	GetUserName(chCurrentUser, &dwUserNameSz);

	// Get SID of Current User
	pCurrentUserSID = GetSIDForNamedUserOrGroup(chCurrentUser);

	// Get SID of System
	sidSize = SECURITY_MAX_SID_SIZE;
	pSystemSID = LocalAlloc(LPTR, sidSize);
	CreateWellKnownSid(WinLocalSystemSid, NULL, pSystemSID, &sidSize);;

	// get Sid for EveryOne
	sidSize = SECURITY_MAX_SID_SIZE;
	pEveryOneSID = LocalAlloc(LPTR, sidSize);
	CreateWellKnownSid(WinWorldSid, NULL, pEveryOneSID, &sidSize);

	do
	{
		if (!AllocateAndInitializeSid(&SIDAuthNT, 1,
			SECURITY_AUTHENTICATED_USER_RID,
			0, 0, 0, 0, 0, 0, 0,
			&pAuthenticatedUsersSID))
		{
			err = GetLastError();
			break;
		}

		// Create a SID for the BUILTIN\Administrators group.
		if (!AllocateAndInitializeSid(&SIDAuthNT, 2,
			SECURITY_BUILTIN_DOMAIN_RID,
			DOMAIN_ALIAS_RID_ADMINS,
			0, 0, 0, 0, 0, 0,
			&pAdminSID))
		{
			err = GetLastError();
			break;
		}
		// SID array
		PSID pSIDs[] =
		{
			pCurrentUserSID,
			pAuthenticatedUsersSID,
			pAdminSID,
			pSystemSID,
			pEveryOneSID,
		};
		int numSids = sizeof(pSIDs) / sizeof(PSID);

		// Initialize an EXPLICIT_ACCESS structure for an ACE.
		ea = (PEXPLICIT_ACCESS)LocalAlloc(LPTR, sizeof(EXPLICIT_ACCESS) * numSids);
		if (!ea)
		{
			err = GetLastError();
			break;
		}

		int sidIndex = 0;
		for (int i = 0; i < numSids; i++)
		{
			// Check current user SID
			if (!IsValidSid(pSIDs[i]))
				continue;

			ea[sidIndex].grfAccessPermissions = TRUSTEE_ACCESS_ALL;
			ea[sidIndex].grfAccessMode = GRANT_ACCESS;
			ea[sidIndex].grfInheritance = SUB_CONTAINERS_AND_OBJECTS_INHERIT;
			ea[sidIndex].Trustee.TrusteeForm = TRUSTEE_IS_SID;
			ea[sidIndex].Trustee.TrusteeType = TRUSTEE_IS_WELL_KNOWN_GROUP;
			ea[sidIndex].Trustee.ptstrName = (LPTSTR)pSIDs[sidIndex];
			sidIndex++;
		}
		numSids = sidIndex;

		// Create a new ACL that contains the new ACEs.
		if (SetEntriesInAcl(numSids, ea, NULL, &pACL))
		{
			err = GetLastError();
			break;
		}

		// Initialize a security descriptor.
		pSD = (PSECURITY_DESCRIPTOR)LocalAlloc(LPTR, SECURITY_DESCRIPTOR_MIN_LENGTH);

		// init the descriptor
		if (!InitializeSecurityDescriptor(pSD, SECURITY_DESCRIPTOR_REVISION))
		{
			err = GetLastError();
			LocalFree(pSD);
			pSD = NULL;
			break;
		}

		// Add the ACL to the security descriptor.
		if (!SetSecurityDescriptorDacl(pSD,
			TRUE,     // bDaclPresent flag
			pACL,
			FALSE))   // not a default DACL
		{
			err = GetLastError();
			LocalFree(pSD);
			pSD = NULL;
			break;
		}

		// Set the Owner
		if (!SetSecurityDescriptorOwner(pSD, pCurrentUserSID, TRUE))
		{
			err = GetLastError();
			LocalFree(pSD);
			pSD = NULL;
			break;
		}

	} while (false);

	if (!err)
	{
		p.shi502_netname = name;
		p.shi502_type = STYPE_DISKTREE;
		p.shi502_remark = name;
		p.shi502_permissions = 0;
		p.shi502_max_uses = -1;
		p.shi502_current_uses = 0;
		p.shi502_path = path;
		p.shi502_passwd = NULL; // no password
		p.shi502_security_descriptor = pSD;

		res = NetShareAdd(NULL, 502, (LPBYTE)&p, &err);
		if (res)
			return err;

		if (!SetFileSecurity(path, DACL_SECURITY_INFORMATION, pSD))
			err = GetLastError();
	}

	// free SIDs
	if (pAuthenticatedUsersSID)
		FreeSid(pAuthenticatedUsersSID);
	if (pAdminSID)
		FreeSid(pAdminSID);
	// free buffers
	if (pEveryOneSID)
		LocalFree(pEveryOneSID);
	if (pCurrentUserSID)
		LocalFree(pCurrentUserSID);
	if (pSystemSID)
		LocalFree(pSystemSID);
	if (pACL)
		LocalFree(pACL);
	if (ea)
		LocalFree(ea);
	if (pSD)
		LocalFree(pSD);
	return err;
}

//************************************
// Method:    GetSIDForNamedUserOrGroup
// FullName:  GetSIDForNamedUserOrGroup
// Access:    public
// Returns:   PSID
// Qualifier:
// Parameter: LPTSTR pUserName
//************************************
PSID GetSIDForNamedUserOrGroup(LPTSTR pUserName)
{
	SID_NAME_USE eSidType = SidTypeUnknown;
	DWORD dwDomainSz = 0;
	DWORD dwUserSIDsz = SECURITY_MAX_SID_SIZE;
	LPTSTR pDomainName = NULL;
	PSID pUserSID = NULL;

	// get size of buffers needed
	LookupAccountName(
		NULL,           // Computer name. NULL for the local computer
		pUserName,
		pUserSID,		// Pointer to the SID buffer. Use NULL to get the size needed,
		&dwUserSIDsz,	// Size of the SID buffer needed.
		pDomainName,	// wszDomainName NULL to get the size needed,
		&dwDomainSz,	//
		&eSidType
		);

	pUserSID = (PSID)LocalAlloc(LPTR, (dwUserSIDsz + 1) * sizeof(TCHAR)); // allocate space for user SID
	pDomainName = (LPTSTR)LocalAlloc(LPTR, (dwDomainSz + 1) * sizeof(TCHAR));	// allocate space for Domain
	LookupAccountName(
		NULL,           // Computer name. NULL for the local computer
		pUserName,
		pUserSID,		// Pointer to the SID buffer. Use NULL to get the size needed,
		&dwUserSIDsz,	// Size of the SID buffer needed.
		pDomainName,	// wszDomainName,
		&dwDomainSz,
		&eSidType
		);

	// Free Domain
	if (pDomainName)
		LocalFree(pDomainName);

	return pUserSID;
}

TCHAR* GetErrorText(DWORD error)
{
	static TCHAR tempBuffer[MAX_ERROR_BUFFER_SZ] = { 0 };

	DWORD size = FormatMessage(
		FORMAT_MESSAGE_FROM_SYSTEM,
		NULL,
		error,
		LOCALE_USER_DEFAULT,
		(LPTSTR)&tempBuffer,
		MAX_ERROR_BUFFER_SZ,
		NULL);

	while (size > 0 && (tempBuffer[size - 1] == '\r' || tempBuffer[size - 1] == '\n'))
		tempBuffer[--size] = 0;
	
	return tempBuffer;
}