Skip Menu |

This queue is for tickets about the Win32-FileSecurity CPAN distribution.

Report information
The Basics
Id: 29869
Status: resolved
Priority: 0/
Queue: Win32-FileSecurity
People
Owner: Nobody in particular
Requestors: emmanuel.jannetti [...] gmail.com
Cc:
AdminCc:
Bug Information
Severity: Important
Broken in: (no value)
Fixed in: (no value)

History Show all quoted text
  Tue Oct 09 11:02:30 2007 emmanuel.jannetti [...] gmail.com - Ticket created
Subject: FileSecurity::Set does not handle LookupAccountName correctly
internally , FileSecurity::Set calls LookupAccountName. user names passed in the hash map to set the ACL are parsed (splitted at '\' character) for instance foo\bar is splitted into 'foo' and 'bar' during the call of LookupAccountName , foo is then used as 'server' parameter. This is wrong as 'foo' may not be all the times the name of a server (of a host) see FileSecurity.c:524 FileSecurity::Set then fail with error like <----- foo\bar Error handling error: 1722, LookupAccountName at bla.pl <----- User names passed in the hash map are checked and valid on the system. Using a small win32 program to call LookupAccountName, everything works fine on same user names. FileSecurity::Set should pass user names directly as "lpAccountName" parameter of LookupAccountName as they are received. see ++++++++++++++++++++++++++++++++++++++++++++++++++++++ ++++++ following code should be replaced +++++++++++++ ++++++++++++++++++++++++++++++++++++++++++++++++++++++ /* Retrieve the SID */ cbSID = 1024 ; cchDomainName = 80 ; if ( lpszTemp = strchr( lpszAccount, '\\' ) ) { lpszServer = lpszAccount ; *lpszTemp = '\0' ; lpszAccount = lpszTemp + 1 ; } else { lpszServer = NULL ; } if ( lpszServer != NULL ) { for ( i = 0; szLocalLookup[i] != NULL; i++ ) { if ( stricmp( szLocalLookup[i], lpszServer ) == 0 ) { lpszServer = NULL ; break ; } } } bResult = LookupAccountNameA((LPCSTR) lpszServer, (LPCSTR) lpszAccount, pSID, &cbSID, lpszDomain, &cchDomainName, psnuType); ++++++++++++++++++++++++++++++++++++++++++++++++++++++ ++++++ replaced by +++++++++++++++++++++++++++++++++++ ++++++++++++++++++++++++++++++++++++++++++++++++++++++ lpszServer = NULL; cbSID = 0; pSID = NULL; cchDomainName = 0; lpszDomain = NULL; bResult = LookupAccountNameA((LPCSTR) lpszServer, (LPCSTR) lpszAccount, pSID, &cbSID, lpszDomain, &cchDomainName, psnuType); lpszDomain = HeapAlloc(GetProcessHeap(),0,cchDomainName); ... pSID = HeapAlloc(GetProcessHeap(),0,cbSID); ... bResult = LookupAccountNameA((LPCSTR) lpszServer, (LPCSTR) lpszAccount, pSID, &cbSID, lpszDomain, &cchDomainName, psnuType); lpszAccount is the user name as found in the hash map.
  Tue Oct 09 11:04:07 2007 emmanuel.jannetti [...] gmail.com - Correspondence added
From: emmanuel.jannetti [...] gmail.com
On Tue Oct 09 11:02:30 2007, ejannett wrote: Show quoted text
> internally , FileSecurity::Set calls LookupAccountName. > > user names passed in the hash map to set the ACL are parsed > (splitted at '\' character) > for instance foo\bar is splitted into 'foo' and 'bar' > during the call of LookupAccountName , foo is then used as 'server' > parameter. This is wrong as 'foo' may not be all the times > the name of a server (of a host) > > see FileSecurity.c:524 > > FileSecurity::Set then fail with error like > <----- > foo\bar > Error handling error: 1722, LookupAccountName at bla.pl > <----- > > User names passed in the hash map are checked and valid on the system. > Using a small win32 program to call LookupAccountName, everything works > fine on same user names. > > FileSecurity::Set should pass user names directly as "lpAccountName" > parameter of LookupAccountName as they are received. > see > > ++++++++++++++++++++++++++++++++++++++++++++++++++++++ > ++++++ following code should be replaced +++++++++++++ > ++++++++++++++++++++++++++++++++++++++++++++++++++++++ > /* Retrieve the SID */ > cbSID = 1024 ; > cchDomainName = 80 ; > > if ( lpszTemp = strchr( lpszAccount, '\\' ) ) { > lpszServer = lpszAccount ; > *lpszTemp = '\0' ; > lpszAccount = lpszTemp + 1 ; > } else { > lpszServer = NULL ; > } > > if ( lpszServer != NULL ) { > for ( i = 0; szLocalLookup[i] != NULL; i++ ) { > if ( stricmp( szLocalLookup[i], lpszServer ) == 0 ) { > lpszServer = NULL ; > break ; > } > } > } > > bResult = LookupAccountNameA((LPCSTR) lpszServer, > (LPCSTR) lpszAccount, > pSID, > &cbSID, > lpszDomain, > &cchDomainName, > psnuType); > ++++++++++++++++++++++++++++++++++++++++++++++++++++++ > ++++++ replaced by +++++++++++++++++++++++++++++++++++ > ++++++++++++++++++++++++++++++++++++++++++++++++++++++ > > lpszServer = NULL; > cbSID = 0; > pSID = NULL; > cchDomainName = 0; > lpszDomain = NULL; > bResult = LookupAccountNameA((LPCSTR) lpszServer, > (LPCSTR) lpszAccount, > pSID, > &cbSID, > lpszDomain, > &cchDomainName, > psnuType); > > lpszDomain = HeapAlloc(GetProcessHeap(),0,cchDomainName); > ... > pSID = HeapAlloc(GetProcessHeap(),0,cbSID); > ... > bResult = LookupAccountNameA((LPCSTR) lpszServer, > (LPCSTR) lpszAccount, > pSID, > &cbSID, > lpszDomain, > &cchDomainName, > psnuType); > > lpszAccount is the user name as found in the hash map. > > >
see http://msdn2.microsoft.com/en-us/library/aa379159.aspx unless specific action required. setting server name seems to be enough. The Win32 API deals with the name.
  Fri Jun 20 21:29:03 2008 JDB [...] cpan.org - Queue changed from libwin32 to Win32-FileSecurity
  Wed Aug 20 11:01:15 2008 JDB [...] cpan.org - Correspondence added
Fixed in 1.07 http://code.google.com/p/libwin32/source/detail?r=430
  Wed Aug 20 11:01:23 2008 The RT System itself - Status changed from 'new' to 'open'
  Wed Aug 20 11:01:25 2008 JDB [...] cpan.org - Status changed from 'open' to 'resolved'