Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

How to share a folder with security settings?

8 views
Skip to first unread message

VC2008User

unread,
Sep 30, 2009, 4:12:10 AM9/30/09
to
Hi All,
I need to share a folder so that everyone (including guest) have write
access permission to it. The following code can share the folder, but its
share permission is incorrect. What is wrong here? The code snippet is built
by Visual Studio 2008 and run on Windows XP SP2. Can anyone have a look and
give some suggestions? Thanks a lot.
#include <windows.h>
#include <atlsecurity.h>
#include <direct.h>
#include <lm.h>
#pragma comment(lib, "Netapi32.lib")
int main()
{
LPCTSTR local_folder = _T("c:\\testsharefolder");
int ret = _trmdir(local_folder);
if (ret != 0 )
{
ret = errno;
printf("%s failed to rmdir, error %d.\n", __FUNCTION__, ret);
//return ret;
}
CDacl local_folder_d;
local_folder_d.AddAllowedAce(Sids::Admins(), GENERIC_ALL, 0);
local_folder_d.AddAllowedAce(Sids::Guests(), GENERIC_WRITE, 0);
local_folder_d.AddAllowedAce(Sids::World(), GENERIC_WRITE, 0);
CSecurityDesc local_folder_sd;
local_folder_sd.SetDacl(local_folder_d);
CSecurityAttributes local_folder_sa;
local_folder_sa.Set(local_folder_sd);
BOOL cdret = CreateDirectory(local_folder, &local_folder_sa);
if (!cdret)
{
ret = GetLastError();
printf("Create directory error %d.\n", ret);
return ret;
}
CDacl share_d;
BYTE aceflags = 0/*CONTAINER_INHERIT_ACE|OBJECT_INHERIT_ACE*/;
share_d.AddAllowedAce(Sids::Guests(), GENERIC_WRITE, aceflags);
share_d.AddAllowedAce(Sids::World(), GENERIC_WRITE, aceflags);
CSecurityDesc share_sd;
share_sd.SetDacl(share_d);
PSECURITY_DESCRIPTOR psd_everyone_rw =
const_cast<SECURITY_DESCRIPTOR*>(share_sd.GetPSECURITY_DESCRIPTOR());
DWORD ulParmErr = 0;
SHARE_INFO_502 siShareInfo;
// Setup the share info structure.
siShareInfo.shi502_netname = L"TestShare";
siShareInfo.shi502_type = STYPE_DISKTREE;
siShareInfo.shi502_remark = (LPWSTR)local_folder;
siShareInfo.shi502_permissions = ACCESS_READ;
siShareInfo.shi502_max_uses = SHI_USES_UNLIMITED;
siShareInfo.shi502_current_uses = 0;
siShareInfo.shi502_path = (LPWSTR)local_folder;
siShareInfo.shi502_passwd = L"Abcd1234";
siShareInfo.shi502_reserved = 0;
siShareInfo.shi502_security_descriptor = psd_everyone_rw;
NET_API_STATUS res = NetShareAdd(NULL, // local machine
502, (LPBYTE) &siShareInfo, &ulParmErr);
if (res == NERR_Success)
{
printf("%s share successfully.", __FUNCTION__);
}
else
{
printf("%s share error message %d, parameter error code %d.",
__FUNCTION__,
res, ulParmErr);
return res;
}
return 0;
}
// cl main.cpp

Dan Griffin

unread,
Oct 13, 2009, 3:48:01 PM10/13/09
to
Have you tried using the icacls.exe tool? It may only be available on Vista
and later, but once the code is correct, it'll probably run the same
downlevel. For example, you could use it to set the ACEs you want, read them
back programmatically, then duplicate that in your code.

>icacls \\somecomputer\someshare
\\somecomputer\someshare NT AUTHORITY\SYSTEM:(I)(OI)(CI)(F)
BUILTIN\Administrators:(I)(OI)(CI)(F)
BUILTIN\Users:(I)(OI)(CI)(RX)
BUILTIN\Users:(I)(CI)(AD)
BUILTIN\Users:(I)(CI)(WD)
CREATOR OWNER:(I)(OI)(CI)(IO)(F)

Successfully processed 1 files; Failed processing 0 files

0 new messages