Use Win32 API to set the read and write permissions shared by the FAT32 folder in windows XP (2)

Source: Internet
Author: User

In the previous article, I briefly explained the differences between NTFS file sharing and FAT32 file sharing in Windows XP. In the second half, I will not talk nonsense, directly paste the key code that sets the read and write permissions for file sharing.

First, set the folder as the shared code:

// Set a folder for net share
NET_API_STATUS AddNetShare (LPSTR sharedFolderPath, LPSTR shareName)
{
DWORD level = 2;
__Info_2 si;
DWORD parmErr = 0;

Si. shi2_netname = shareName; // share name
Si. shi2_type = STYPE_DISKTREE;
Si. shi2_remark = (LPSTR) L "This is a shared folder."; // remark for the shared folder
Si. shi2_path = sharedFolderPath; // path of the shared folder
Si. shi2_permissions = ACCESS_ALL; // this parameter doesn't work acctually
Si. shi2_passwd = NULL; // no password need
Si. shi2_max_uses =-1; // unlimited connected
Si. shi2_current_uses = 0;

NET_API_STATUS res = netmask add (NULL, level, (LPBYTE) & si, & parmErr );

Return res;
}

Note: As mentioned in the previous article, in pai_info_2Shi2_permissionsWindows XP is invalid. You can set it to any value, but it does not apply to the shared read/write permissions of folders.

If you only call the above function to set the folder as shared, by default, the network user has all the read and write permissions, but in many cases we do not want the network user to modify the shared file content, in this way, you must program to set the sharing permission to read-only. The following Code sets the sharing permission:

Enum netmask accesspermission
{
NetShareReadOnly = 0x000000a9, // readonly permission
Netmask fullcontrol = 0x001f01ff // full control permission
};

// Set access permission for net shared folder
DWORD SetNetsharePermission (LPTSTR shareName, netmask accesspermission permission)
{
DWORD res = 0;
PACL pOldDacl = NULL, pNewDacl = NULL;
PSECURITY_DESCRIPTOR pSD = NULL;
EXPLICIT_ACCESS ea;

Res = GetNamedSecurityInfo (shareName,
SE_LMSHARE,
DACL_SECURITY_INFORMATION,
NULL,
NULL,
& POldDacl,
NULL,
& PSD );
If (res! = ERROR_SUCCESS)
{
Goto Cleanup;
}

ZeroMemory (& ea, sizeof (EXPLICIT_ACCESS ));

Ea. grfAccessPermissions = permission; // Set access permission (defined in enum netmask accesspermission)
Ea. grfAccessMode = SET_ACCESS;
Ea. grfInheritance = CONTAINER_INHERIT_ACE;
Ea. Trustee. TrusteeForm = TRUSTEE_IS_NAME;
Ea. Trustee. ptstrName = L "Everyone ";

Res = SetEntriesInAcl (1, & ea, pOldDacl, & pNewDacl );
If (res! = ERROR_SUCCESS)
{
Goto Cleanup;
}

Res = SetNamedSecurityInfo (shareName,
SE_LMSHARE,
DACL_SECURITY_INFORMATION,
NULL,
NULL,
PNewDacl,
NULL );

Cleanup: // Release resource
If (pSD! = NULL)
{
LocalFree (HLOCAL) pSD );
}

If (pNewDacl! = NULL)
{
LocalFree (HLOCAL) pNewDacl );
}

Return res;
}

The most critical statement of this Code is:

Ea. grfAccessPermissions = permission;

The permission parameter is a customNetmask accesspermissionEnumeration. If permission = NetShareReadOnly (0x000000a9), you can set the shared folder to read-only.

But the key to the problem is, why do we need to define such an enumeration? Where do the two passwords 0x000000a9 and 0x001f01ff come from in hexadecimal notation? Isn't this enumeration or macro defined in MSDN?

In fact, MSDN does have several predefined values that can be ea. the macro assigned by grfAccessPermissions. The two hexadecimal numbers above are a DWORD switch variable related to setting file system security, named ACCESS_MASK. For specific definitions, refer to MSDN. The header file of the win32 API function has defined several macros that can assign values to this parameter, such as GENERIC_READ and KEY_READ, however, these two macros are also not detailed in MSDN (or I am a rookie, but it is clear what people say, you just have a blind eye ......), However, you can enter these two Macros in VS, right-click them, and right-click them to define the header files. There are a few explanations in the header files. We can also see more predefined Macros in this header file.

Unfortunately, I didn't find the macro I wanted. KEY_READ is used to set the Registry read-only permission. GENERIC_READ, er, I don't know what to set, I only know that these two macros are not helpful for setting my shared permissions except for triggering some weird behaviors.

In this way, you can only manually set the horrible 32-bit switch variable. For a 32-bit binary number, there is a total of 4G combinations. Suppose it takes 30 s to try a combination, and it takes 24 hours a day to get up for dinner and sleep, well, it will take me 3800 to finish the trial ......

However, I can consider handing over this glorious task to my future son, and then give it a recursion, using "the child has the child, the child has the sun, and the child has the sun, and the child has the sun, const cannot be added "......

Fortunately, my thinking is still meticulous. I cannot guarantee that I will have a son. In this way, my recursion may end due to exceptions caused by the condition being not met ......

I have never been unsure about it. I think of a opportunistic way: I can first set the permission to share folders through the Windows UI, then the program gets the values of related variables and struct, saves these values, and does not understand these values (in fact, it is not likely to understand them, some 32-bit switches and Some 3800 S), just assign values to our code.

I did not find an API for directly obtaining ACCESS_MASK, so I tried to use the debugging function of VS. below is the code I used to obtain ACCESS_MASK:

// Get the value of access mask
Void GetAceTest ()
{
DWORD res = 0;
PACL pOldDacl = NULL, pNewDacl = NULL;
PSECURITY_DESCRIPTOR pSD = NULL;
EXPLICIT_ACCESS ea;

ACCESS_ALLOWED_ACE * pAce;

LPTSTR shareName = (LPTSTR) L "test1_folder ";

Res = GetNamedSecurityInfo (shareName,
SE_LMSHARE,
DACL_SECURITY_INFORMATION,
NULL,
NULL,
& POldDacl,
NULL,
& PSD );

GetAce (pOldDacl, 0, (LPVOID *) & pAce );

ACCESS_MASK Mask = pAce-> Mask;

Return;
}

ACCESS_MASK is directly associated with ACE. As for ACE, well, let's look at MSDN.

Note that the second parameter of GetAce () must be set to 0, because the ACEs index starts from 0. If it is accidentally set to 1, what you see in the VS debugger is enough to make you depressed.

In addition, there is also a method to set file sharing permissions. In the above Code, set the folder as shared, set the second parameter level of the function netmask add () to 502, and the third parameter to pai_info_2. If you set the level to 502, if the third parameter is set to pai_info_502, you can use the parameter pai_info_502 to set the permission. Its definition is as follows:

Typedef struct _ SHARE_INFO_502
{
LPWSTR shi502_netname;
DWORD shi502_type;
LPWSTR shi502_remark;
DWORD shi502_permissions;
DWORD shi502_max_uses;
DWORD shi502_current_uses;
LPWSTR shi502_path;
LPWSTR shi502_passwd;
DWORD shi502_reserved;
PSECURITY_DESCRIPTOR shi502_security_descriptor;
} Pai_info_502,
* PSHARE_INFO_502,
* LPSHARE_INFO_502;

Among them, the PSECURITY_DESCRIPTOR shi502_security_descriptor parameter can be used to set the Folder Share access permission, but this parameter is also very difficult, I did not find a way to directly set this parameter, you can only use the previous opportunistic method to achieve your goal.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.