Skip Menu |
 

This queue is for tickets about the Win32-FileSecurity CPAN distribution.

Report information
The Basics
Id: 29869
Status: resolved
Priority: 0/
Queue: Win32-FileSecurity

People
Owner: Nobody in particular
Requestors: emmanuel.jannetti [...] gmail.com
Cc:
AdminCc:

Bug Information
Severity: Important
Broken in: (no value)
Fixed in: (no value)



Subject: FileSecurity::Set does not handle LookupAccountName correctly
Download (untitled) / with headers
text/plain 2.2k
internally , FileSecurity::Set calls LookupAccountName. user names passed in the hash map to set the ACL are parsed (splitted at '\' character) for instance foo\bar is splitted into 'foo' and 'bar' during the call of LookupAccountName , foo is then used as 'server' parameter. This is wrong as 'foo' may not be all the times the name of a server (of a host) see FileSecurity.c:524 FileSecurity::Set then fail with error like <----- foo\bar Error handling error: 1722, LookupAccountName at bla.pl <----- User names passed in the hash map are checked and valid on the system. Using a small win32 program to call LookupAccountName, everything works fine on same user names. FileSecurity::Set should pass user names directly as "lpAccountName" parameter of LookupAccountName as they are received. see ++++++++++++++++++++++++++++++++++++++++++++++++++++++ ++++++ following code should be replaced +++++++++++++ ++++++++++++++++++++++++++++++++++++++++++++++++++++++ /* Retrieve the SID */ cbSID = 1024 ; cchDomainName = 80 ; if ( lpszTemp = strchr( lpszAccount, '\\' ) ) { lpszServer = lpszAccount ; *lpszTemp = '\0' ; lpszAccount = lpszTemp + 1 ; } else { lpszServer = NULL ; } if ( lpszServer != NULL ) { for ( i = 0; szLocalLookup[i] != NULL; i++ ) { if ( stricmp( szLocalLookup[i], lpszServer ) == 0 ) { lpszServer = NULL ; break ; } } } bResult = LookupAccountNameA((LPCSTR) lpszServer, (LPCSTR) lpszAccount, pSID, &cbSID, lpszDomain, &cchDomainName, psnuType); ++++++++++++++++++++++++++++++++++++++++++++++++++++++ ++++++ replaced by +++++++++++++++++++++++++++++++++++ ++++++++++++++++++++++++++++++++++++++++++++++++++++++ lpszServer = NULL; cbSID = 0; pSID = NULL; cchDomainName = 0; lpszDomain = NULL; bResult = LookupAccountNameA((LPCSTR) lpszServer, (LPCSTR) lpszAccount, pSID, &cbSID, lpszDomain, &cchDomainName, psnuType); lpszDomain = HeapAlloc(GetProcessHeap(),0,cchDomainName); ... pSID = HeapAlloc(GetProcessHeap(),0,cbSID); ... bResult = LookupAccountNameA((LPCSTR) lpszServer, (LPCSTR) lpszAccount, pSID, &cbSID, lpszDomain, &cchDomainName, psnuType); lpszAccount is the user name as found in the hash map.
From: emmanuel.jannetti [...] gmail.com
Download (untitled) / with headers
text/plain 2.6k
On Tue Oct 09 11:02:30 2007, ejannett wrote: Show quoted text
> internally , FileSecurity::Set calls LookupAccountName. > > user names passed in the hash map to set the ACL are parsed > (splitted at '\' character) > for instance foo\bar is splitted into 'foo' and 'bar' > during the call of LookupAccountName , foo is then used as 'server' > parameter. This is wrong as 'foo' may not be all the times > the name of a server (of a host) > > see FileSecurity.c:524 > > FileSecurity::Set then fail with error like > <----- > foo\bar > Error handling error: 1722, LookupAccountName at bla.pl > <----- > > User names passed in the hash map are checked and valid on the system. > Using a small win32 program to call LookupAccountName, everything works > fine on same user names. > > FileSecurity::Set should pass user names directly as "lpAccountName" > parameter of LookupAccountName as they are received. > see > > ++++++++++++++++++++++++++++++++++++++++++++++++++++++ > ++++++ following code should be replaced +++++++++++++ > ++++++++++++++++++++++++++++++++++++++++++++++++++++++ > /* Retrieve the SID */ > cbSID = 1024 ; > cchDomainName = 80 ; > > if ( lpszTemp = strchr( lpszAccount, '\\' ) ) { > lpszServer = lpszAccount ; > *lpszTemp = '\0' ; > lpszAccount = lpszTemp + 1 ; > } else { > lpszServer = NULL ; > } > > if ( lpszServer != NULL ) { > for ( i = 0; szLocalLookup[i] != NULL; i++ ) { > if ( stricmp( szLocalLookup[i], lpszServer ) == 0 ) { > lpszServer = NULL ; > break ; > } > } > } > > bResult = LookupAccountNameA((LPCSTR) lpszServer, > (LPCSTR) lpszAccount, > pSID, > &cbSID, > lpszDomain, > &cchDomainName, > psnuType); > ++++++++++++++++++++++++++++++++++++++++++++++++++++++ > ++++++ replaced by +++++++++++++++++++++++++++++++++++ > ++++++++++++++++++++++++++++++++++++++++++++++++++++++ > > lpszServer = NULL; > cbSID = 0; > pSID = NULL; > cchDomainName = 0; > lpszDomain = NULL; > bResult = LookupAccountNameA((LPCSTR) lpszServer, > (LPCSTR) lpszAccount, > pSID, > &cbSID, > lpszDomain, > &cchDomainName, > psnuType); > > lpszDomain = HeapAlloc(GetProcessHeap(),0,cchDomainName); > ... > pSID = HeapAlloc(GetProcessHeap(),0,cbSID); > ... > bResult = LookupAccountNameA((LPCSTR) lpszServer, > (LPCSTR) lpszAccount, > pSID, > &cbSID, > lpszDomain, > &cchDomainName, > psnuType); > > lpszAccount is the user name as found in the hash map. > > >
see http://msdn2.microsoft.com/en-us/library/aa379159.aspx unless specific action required. setting server name seems to be enough. The Win32 API deals with the name.


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.