This is an archived low-energy page for bots and other anonmyous visitors.
Please sign up if you are a human and want to interact.
in reply to Re: Win32::NetResource
in thread Win32::NetResource
In "Win32 Perl Scripting: An Administrator's Handbook", Roth writes a section (I believe it's in chapter 3) about Win32::NetResource, Win32::Perms, and Win32::NetAdmin. He mentions that with Win32::NetResource, you can not set user-level share permissions. With Win32::FileSecurity, you can set the permissions on the folder itself. However, those are not the same as the permissions that are allowed when the folder/directory/file/etc. is accessed from a sharepoint (or at least that has been my experience over the last 6 yrs with WinNT.). Please correct me if my thinking is wrong (I could use a slice of humble pie). I looked over the SHARE_INFO_502 C++ structure on MSDN, and it too does not show any way of specifying sharepoint permissions. The only way I know of so far is to set them manually. The program I'm writting right now is for adding lots of users (I can post the module I've written to house most of the code for the server-side.) via RPC. Basically, a student sits down, enters their info, and requests that an account be created. I've seen it done in ASDI, but I wanted to try something different. Also, this setup (after some tweaking), gives me the option of running it on as many servers as I want without adding network traffic (since the RPC.pm only blocks locally). I've been workin on this project for a year now, mainly because the netadmins here in the school district said it can't be done. There are basically 3 parts. The server, the module (Student.pm), and the client. The server is like 6-10 lines (because all the server routines are packed in the module). The module is about 250 lines (because it has routines shared by both server and client). The client portion is also about 250 lines (if you count the routines that are used from the modules, it would amount to about 300-400 lines). If anyone wants to look at this madness code, I'm willing to give it out. It's meant to work with SIS (Student Information System) dumps from the LAUSD system.
Just as a note, I don't believe this is just a Win32::NetResource problem, but something involving the structure of WindowsNT.
Theodore Charles III (aka Necos/Secon)
Network Administrator
Los Angeles High
email->secon_kun@hotmail.com() |
Re: Re: Re: Win32::NetResource
by idnopheq (Chaplain) on Sep 17, 2001 at 13:08 UTC
|
Humble appologies if my advice was not to your question. Again, if you can post a snippit I might have been more help.
Regardless of that, maybe you'll just have to make systems calls to net share. Or, use Win32::API. IIRC, it is possible to write sharepoints directly to the registry via Win32::Registry, Win32::TieRegistry, or Win32API::Registry. YMMV.
HTH
--
idnopheq
Apply yourself to new problems without preparation, develop confidence in your ability to to meet situations as they arrise.
| [reply] |
|
|
This is a quote directly from the book (Win32 Perl Programming: The Standard Extensions, page 39):
"The capability to specify user-level permissions (that is, permissions assigned to users and/or groups) on a share is currently not supported under any of the standard Win32 extensions."
Then there is another statement some ways later in the book that reads (page 48):
"Currently, the Win32::NetResource extension is not capable of applying account-based permissions on a network share. Users who need to apply permissions can use the Explorer or Server Manager programs that come with WindowsNT."
This is my subroutine:
sub usr_add {
my $obj = shift;
my $usr = shift;
my $bday = Student::get_attr($obj, 'BDAY_ID');
print STDERR "$bday\n";
my @bday = split(/\x2F/,$bday);
$bday = join("",@bday);
print STDERR "$bday\n";
my $hdir = "";
my @buf2;
my $buf1 = Student::get_attr($obj, 'LN');
print STDERR "$buf1\n";
my $buf2 = Student::get_attr($obj, 'FN');
print STDERR "$buf2\n";
$buf2 =~ s/^\s+//;
$buf2 =~ s/\s+$//;
$buf1 =~ s/^\s+//;
$buf1 =~ s/\s+$//;
@buf2 = split(/\s/, $buf2);
$buf2 = "$buf2[0]";
$buf2 =~ s/^\s+//;
$buf2 =~ s/\s+$//;
$hdir = join(',', $buf1, $buf2);
print STDERR "$hdir\n";
my $hdir_srv = 'd:/' . "$hdir";
print STDERR "$hdir_srv\n";
mkdir($hdir_srv, '0777');
my $student_perms = Win32::FileSecurity::MakeMask( qw( CHANGE GENE
+RIC_WRITE GENERIC_READ GENERIC_EXECUTE ) );
my $staff_perms = Win32::FileSecurity::MakeMask( qw( CHANGE GENERI
+C_WRITE GENERIC_READ GENERIC_EXECUTE ) );
my $admin_perms = Win32::FileSecurity::MakeMask( qw(FULL GENERIC_A
+LL) );
my %hdir_perm_hash;
if ( Win32::FileSecurity::Get($hdir_srv, \%hdir_perm_hash) ) {
print STDERR "$hdir_srv has been opened\n";
}
$hdir_perm_hash{'CLC\\Domain Patricians'} = $staff_perms;
$hdir_perm_hash{'CLC\\Domain Admins'} = $admin_perms;
$hdir_perm_hash{'CLC\\Domain Plebs'} = $student_perms;
delete($hdir_perm_hash{'Everyone'});
if ( Win32::FileSecurity::Set($hdir_srv, \%hdir_perm_hash) ) {
print STDERR "$hdir_srv has been set\n";
}
print "\n";
print STDERR "$usr\n";
return($usr, $bday, $hdir);
}
This code works for everything that I've done so far. The next step after creating the directory and setting local permissions for it is to share it and set the permissions for accessing it through the sharepoint (since it will be the user's home directory, we don't want anyone just accessing it any ole way. I might have to hack together a Win32::Registry routine that sets the permissions in the registry itself (I'm still researching that) if that's possible. More updates to come...
Theodore Charles III
Network Administrator
Los Angeles High
email->secon_kun@hotmail.com() | [reply]
[d/l] |
|
|
A tool that will help w/ the registry keys is RegMon from SysInternals. It will spit out odles and odles of registry access info depending on how much stuff you have running at the time, but it helped me with the various and sundary keys in tracking down the TCP/IP settings.
When you get something hacked together, I'd be happy to help you test it as pennace for my inappropriate and/or inaccurate response before.
UPDATE: check out
HKEY_LOCAL_MACHINE\SYSTEM\ CurrentControlSet\Services\lanmanserver\Shares
!!!
HTH
--
idnopheq
Apply yourself to new problems without preparation, develop confidence in your ability to to meet situations as they arrise.
| [reply] |
|
|
|
|
