share folder

derhackler

i've the following problem. i'd like to create a folder on my DNS server and share it only to selecte users. for example i'd like to create a folder named BEckhard an then share it. Only the user BEckhard and the group of Administrators should have rights for this folder. (example: BEckhard is only allowed to create files). The users are stored in the active directory (win2000 server). creating the folder isn't the problem but sharing it seems to be impossible :*-(( please could you give me a code example for sharing a folder for a specific user. thanks benedikt

Ghazi H Wadi

Here is asample of sharing the directory.

#define FORCE_UNICODE
#include <windows.h>
#include <stdio.h>
#include <lm.h>

// if using NT/ or 2000
#pragma comment ( lib, "Netapi32.lib")
// if using 98/95
//#pragma comment ( lib, "Svrapi.lib")

void wmain( int argc, TCHAR *argv[ ])
{
NET_API_STATUS res;
SHARE_INFO_2 p; //Pointer to the buffer that specifies the data.
//The format of this data depends on the value of the level parameter.
// in this sample it is level 2
DWORD parm_err = 0;

if(argc<2)
printf("Usage: NetShareAdd server\n");
else
{
//
// Fill in the SHARE_INFO_2 structure.
//
p.shi2_netname = (unsigned short *)TEXT("TESTSHARE");
p.shi2_type = STYPE_DISKTREE; // disk drive
p.shi2_remark = (unsigned short *)TEXT("TESTSHARE to test NetShareAdd");
p.shi2_permissions = 0;
p.shi2_max_uses = 4;
p.shi2_current_uses = 0;
p.shi2_path = (unsigned short * )TEXT("C:\\");
p.shi2_passwd = NULL; // no password
//
// Call the NetShareAdd function,
// level 2.
// Specifies information about the shared resource,
// including name of the resource, type and permissions,
// and number of connections.
// The p parameter points to a SHARE_INFO_2 structure

  res=NetShareAdd((unsigned short \*)argv\[1\], 2, (LPBYTE) &p, &parm\_err);
  //
  // If the call succeeds, inform the user.
  //
  if(res==0)
     printf("Share created.\\n");
  
  // Otherwise, print an error,
  //  and identify the parameter in error.
  //
  else
     printf("Error: %u\\tparmerr=%u\\n", res, parm\_err);

}
return;
}

In this sample the Level of sharing is 2. In your case where you want to restrict the sharing to specific users you need to modifiy the info structure to pass it a pointer to SHARE_INFO_502 structure instead of SHARE_INFO_2. after you define the PSECURITY_DESCRIPTOR for it. Hope this might help cheers Alfadhly

derhackler

thank you for your example. i tried to work with the PSECURITY_DESCRIPTOR, but it's a little bit difficult. would it be possible to gife me an example of sharing a folder (lets say "Benedikt") for the user "BEckhard"? isn't it possible to use the netshare functions like in the console. it would be much more easier. thanx benedikt

Ghazi H Wadi

Hi, Why is it diffecult to use the PSECURITY_DESCRIPTOR Steps are as follow 1) get the required size to hold Sid associated with the supplied user "BEckhard" using LookupAccountNameW it will be returned in the 4th parameter of the LookupAccountNameW function 2) Now that you have the size get the Sid associated with the supplied user "BEckhard" using LookupAccountNameW again 3)Add the required access to the PSID using AddAccessAllowedAce 4) Initilize a new SID 5) set the information in a discretionary access-control (SetSecurityDescriptorDacl)list in the new Sid using the SID you got in setp 2 6) Now set up the share information in the SHARE_INFO_502 structure and set the "si502.shi502_security_descriptor" to the one you set in step 5 , and si502.shi502_path to "The full path of Benedikt directory" 7) Finally call NetShareAdd to add the share on the Hope this might help Cheers Alfadhly

derhackler

thank you for your answer. i'll try it on sunday. maybe i'll send you a code snipped an you could tell me why it doesn't work. :) :) benedikt

derhackler

thank you for your description. i tried it with the following code, but something doesn't work. i get no error message but there must be an error! maybe you find time to check my code. thanx CString cstrStandardpfad = "C:\\User\\"; CString cstrOrdnername = ""; CString cstrPfad = ""; int nCounter = 1; SHARE_INFO_502 shareInfo; PSECURITY_DESCRIPTOR security; EXPLICIT_ACCESS actrlEntrys[2]; PACL pACL = NULL; char* pcNetname = new char[MAX_PATH]; char* pcPath = new char[MAX_PATH]; //acl entry erstellen ZeroMemory(&actrlEntrys, 2 * sizeof(EXPLICIT_ACCESS)); actrlEntrys[0].grfAccessMode = GRANT_ACCESS; actrlEntrys[0].grfAccessPermissions = FILE_ADD_SUBDIRECTORY|FILE_ADD_FILE|FILE_DELETE_CHILD| FILE_LIST_DIRECTORY|FILE_TRAVERSE; actrlEntrys[0].grfInheritance = CONTAINER_INHERIT_ACE; actrlEntrys[0].Trustee.pMultipleTrustee = NULL; actrlEntrys[0].Trustee.MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE; actrlEntrys[0].Trustee.TrusteeForm = TRUSTEE_IS_NAME; actrlEntrys[0].Trustee.TrusteeType = TRUSTEE_IS_GROUP; actrlEntrys[0].Trustee.ptstrName = "Administratoren"; actrlEntrys[1].grfAccessMode = GRANT_ACCESS; actrlEntrys[1].grfAccessPermissions = FILE_ADD_FILE|FILE_DELETE_CHILD| FILE_LIST_DIRECTORY|FILE_TRAVERSE; actrlEntrys[1].grfInheritance = CONTAINER_INHERIT_ACE; actrlEntrys[1].Trustee.pMultipleTrustee = NULL; actrlEntrys[1].Trustee.MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE; actrlEntrys[1].Trustee.TrusteeForm = TRUSTEE_IS_NAME; actrlEntrys[1].Trustee.TrusteeType = TRUSTEE_IS_USER; while(nCounter<20) { //ordnername + pfad ermitteln cstrOrdnername = m_pGrid->GetItemText(nCounter,1); cstrPfad = cstrStandardpfad+cstrOrdnername; pcPath = (char*)(LPCSTR)(cstrPfad); pcNetname = (char*)(LPCSTR)(cstrOrdnername); //ace entry modifizieren actrlEntrys[1].Trustee.ptstrName = pcNetname; //access list generieren SetEntriesInAcl(2,actrlEntrys,NULL,&pACL); // security descriptor initialisieren security = (PSECURITY_DESCRIPTOR) LocalAlloc(LPTR, SECURITY_DESCRIPTOR_MIN_LENGTH); if (security == NULL) { AfxMessageBox("Fehler beim Erstellen vom Security Descriptor!"); } if (!InitializeSecurityDescriptor(security, SECURITY_DESCRIPTOR_REVISION)) { AfxMessageBox("Fehler beim Initialisieren des security descriptors!"); } // die acl dem security descriptor hinzufügen if (!SetSecurityDescriptorDacl(security, TRUE, // fDaclPresent flag pACL, FALSE)) // not

Ghazi H Wadi

I have not been able to reply to your message with the source code for the last two days. However, I have written my own test function that you may like to use. I hope it will help. But first let me make sure that this posting goes through. I have already sent Chris the dscription of the problem , But I know he has his hand full after VSLive, ... As I read .. Cheers Alfadhly

Ghazi H Wadi

Hi, I have tried the following code and was able to see the sharing. This simple function will add sharing for the specified user on the specified machine Hope it will help. P.S in the following example the machine Name, and Domain was changed to protect the yada yada yada. :) cheers Alfadhly

// NetShareMFC.cpp : Defines the entry point for the console application.
//
#include "stdafx.h"
#include "NetShareMFC.h"
#include < LM.h >
#ifdef _DEBUG
#define new DEBUG_NEW
#undef THIS_FILE
static char THIS_FILE[] = __FILE__;
#endif
#define _UNICODE
#define RTN_OK 0
#define RTN_ERROR 13
//
#pragma comment ( lib, "Netapi32.lib")
CWinApp theApp;
using namespace std;
int CleanUp( PSECURITY_DESCRIPTOR pSid, PACL pAcl, BOOL bSuccess);
int ShareFolder( LPCSTR szDirectory, LPCSTR szShareName, LPCSTR szUserName, LPCSTR szServer);
int _tmain(int argc, TCHAR* argv[], TCHAR* envp[])
{
int nRetCode = 0;
// initialize MFC and print and error on failure
if (!AfxWinInit(::GetModuleHandle(NULL), NULL, ::GetCommandLine(), 0))
{
cerr << _T("Fatal Error: MFC initialization failed") << endl;
nRetCode = 1;
}
else
{
// Just Share the folder simple and clear
cout << "Share folder returned " ;
cout << ShareFolder(
"c:\\temp" // folder full path name
, "alfadhly44$" // The share name
, "MYDOMAIN\\alfadhlyG" // who do we want to grant access to this directory
,"\\\\MYMACHINE" // Which machine NULL if we want it for local machine
) ;
cout << endl;
}
return nRetCode;
}
int ShareFolder( LPCSTR szDirectory, LPCSTR szShareName, LPCSTR szUserName, LPCSTR szServer)
{
LPWSTR DirectoryToShare;
LPWSTR Sharename;
LPWSTR Username;
LPWSTR Server;
PSID pSid = NULL;
DWORD cbSid;
WCHAR RefDomain[DNLEN + 1];
DWORD cchDomain = DNLEN + 1;
SID_NAME_USE peUse;
SECURITY_DESCRIPTOR sd;
PACL pDacl = NULL;
DWORD dwAclSize;
SHARE_INFO_502 si502;
NET_API_STATUS nas;
BOOL bSuccess = FALSE; // assume this function fails
DWORD dwString;
// Convert the parameter to Unicode
dwString = MultiByteToWideChar(CP_ACP, 0, szDirectory, -1, NULL, 0);
DirectoryToShare = (PWSTR)LocalAlloc(LMEM_FIXED, dwString * sizeof(WCHAR));
if(dwString == NULL)
return -1;//OUT_OF_MEMORY;
dwString = MultiByteToWideChar(CP_ACP, 0, szDirectory, -1, DirectoryToShare, dwString);
if(dwString == 0)
return -1; //PARAMETER_INVALID_VALUE;
// Convert the parameter to Unicode
dwString = Mu

derhackler

thank you for your code. i'll try it tomorrow. it's now very late at my time zone. :) benedikt