Hi all,

I am pretty new to C++ and hope you guys can help me out. I need to write a C++ code which map a network drive (in filesystem), create a new folder on filesystem(called user101) then grant user101 full control access to this newly created folder. My code works fine until the system which runs my code is in a different domain as the filesystem. So let's say the system which runs my code is in domain domain1.com and the filesystem is in domain2.com. I would think because the system can not know the the accounts in the other domain so it can not assign one to the folder. Right now my code uses setEntriesInACL and I do have the account name and pw of a domain admin in domain2.com so maybe I can use that to grant access..?

my code looks like this:

LPTSTR pszObjName = L"Z:\\146371"; // the newly created folder on the mapped drive
SE_OBJECT_TYPE ObjectType = SE_FILE_OBJECT; 
LPTSTR pszTrustee = L"asiapac\\146371"; // the account name
TRUSTEE_FORM TrusteeForm = TRUSTEE_IS_NAME; 
DWORD dwAccessRights = GENERIC_READ | GENERIC_WRITE | GENERIC_EXECUTE | DELETE; 
ACCESS_MODE AccessMode = GRANT_ACCESS; 
DWORD dwInheritance = CONTAINER_INHERIT_ACE | OBJECT_INHERIT_ACE; 
 
AddAceToObjectsSecurityDescriptor(pszObjName,ObjectType,pszTrustee,TrusteeF*orm,dwAccessRights,AccessMode,dwInheritance); 
// function from msdn. 
 
DWORD AddAceToObjectsSecurityDescriptor ( 
LPTSTR pszObjName, // name of object 
SE_OBJECT_TYPE ObjectType, // type of object 
LPTSTR pszTrustee, // trustee for new ACE 
TRUSTEE_FORM TrusteeForm, // format of trustee structure 
DWORD dwAccessRights, // access mask for new ACE 
ACCESS_MODE AccessMode, // type of ACE 
DWORD dwInheritance // inheritance flags for new ACE 
) 
{ 
DWORD dwRes = 0; 
PACL pOldDACL = NULL, pNewDACL = NULL; 
PSECURITY_DESCRIPTOR pSD = NULL; 
EXPLICIT_ACCESS ea; 
 
 
if (NULL == pszObjName) 
return ERROR_INVALID_PARAMETER; 
 
 
// Get a pointer to the existing DACL. 
 
 
dwRes = GetNamedSecurityInfo(pszObjName, ObjectType, 
DACL_SECURITY_INFORMATION, 
NULL, NULL, &pOldDACL, NULL, &pSD); 
if (ERROR_SUCCESS != dwRes) { 
printf( "GetNamedSecurityInfo Error %u\n", dwRes ); 
goto Cleanup; 
 
 
 
} 
 
 
// Initialize an EXPLICIT_ACCESS structure for the new ACE. 
 
ZeroMemory(&ea, sizeof(EXPLICIT_ACCESS)); 
ea.grfAccessPermissions = dwAccessRights; 
ea.grfAccessMode = AccessMode; 
ea.grfInheritance= dwInheritance; 
ea.Trustee.TrusteeForm = TrusteeForm; 
ea.Trustee.ptstrName = pszTrustee; 
 
 
// Create a new ACL that merges the new ACE 
// into the existing DACL. 
 
 
dwRes = SetEntriesInAcl(1, &ea, pOldDACL, &pNewDACL); 
if (ERROR_SUCCESS != dwRes) { 
printf( "SetEntriesInAcl Error %u\n", dwRes ); 
goto Cleanup; 
 
 
 
} 
 
 
// Attach the new ACL as the object's DACL. 
 
dwRes = SetNamedSecurityInfo(pszObjName, ObjectType, 
DACL_SECURITY_INFORMATION, 
NULL, NULL, pNewDACL, NULL); 
if (ERROR_SUCCESS != dwRes) { 
printf( "SetNamedSecurityInfo Error %u\n", dwRes ); 
goto Cleanup; 
 
 
 
} 
 
 
Cleanup: 
 
if(pSD != NULL) 
LocalFree((HLOCAL) pSD); 
if(pNewDACL != NULL) 
LocalFree((HLOCAL) pNewDACL); 
 
 
return dwRes;

I wonder if there's any functions in winapi that I can put in the domain account and pw of domain2.com so that i can use to make it work... thanks alot

Lewis

LogonUser() will allow you to log onto the computer if you know a valid user name and password. There are no functions to retrieve the password of a given user -- it would be a huge security violation if there was such a function.

Can you give me some more details as how logonUser() can help me to solve the problem..? becoz I need to create a folder on filesystem and filesystem can not be logged on...

the username and the pw that I mentioned is actually a domain admin username and pw in the other domain (domain2.com...

thanks

This article has been dead for over six months. Start a new discussion instead.