Beefy Boxes and Bandwidth Generously Provided by pair Networks
The stupid question is the question not asked
 
PerlMonks  

Re^3: Private temporal files on Windows

by BrowserUk (Patriarch)
on Dec 19, 2014 at 09:02 UTC ( #1110817=note: print w/replies, xml ) Need Help??


in reply to Re^2: Private temporal files on Windows
in thread Private temporal files on Windows

Then I suggest trying the extprog method: --password=extprog://PROGRAM; and have that program (a perl script) connect to the named pipe to fetch the password and emit it to its stdout.

I'd avoid trying to get into the world of windows permissions; its a nightmare to end all nightmares.


With the rise and rise of 'Social' network sites: 'Computers are making people easier to use everyday'
Examine what is said, not who speaks -- Silence betokens consent -- Love the truth but pardon error.
"Science is about questioning the status quo. Questioning authority".
In the absence of evidence, opinion is indistinguishable from prejudice.

Replies are listed 'Best First'.
Re^4: Private temporal files on Windows
by salva (Canon) on Dec 19, 2014 at 10:36 UTC
    I already have a solution using extprog that mostly works, the problem with that approach is that, as sshg3 reuses the connections, you never kwnow if it is actually going to run the helper program or not and when it doesn't, the parent just get stalled at the $pipe->Connect.

    The option I am considering now is opening an anonymous pipe on the parent (just using pipe), mark the read side as inheritable and then recover and use it from the helper. The problem is reconstructing a Perl level fh from the windows handler... probably, the easiest solution would be to move away from Perl there, program the helper in C and just bundle it precompiled.

    Anyway, I still have to check that the file handle survives the full chain of program calls (perl -> sshg3 -> cmd -> helper).

    Also, a minor issue I have found with extprog is that a console window pops up briefly. Besides the visual ugliness what really worries me is if that could cause the helper invocation to fail on contexts lacking a GUI environment. For instance, when called from the task scheduler, a web server, or any other program not started inside an user session.

      If you want to avoid the console windows popping up, use wperl.exe instead of perl.exe for the helper process. Note that STDIN etc. will be unavailable.

        But the way to pass the password back to the caller is via STDOUT!
      the parent just get stalled at the $pipe->Connect.

      Um..?

      async{ my $pipe = Win32::Pipe->new( 'MyPipe' ); while( 1 ) { $pipe->Connect; $pipe->Write( 'The quick brown fox' ); $pipe->Disconnect; } }->detach;

      With the rise and rise of 'Social' network sites: 'Computers are making people easier to use everyday'
      Examine what is said, not who speaks -- Silence betokens consent -- Love the truth but pardon error.
      "Science is about questioning the status quo. Questioning authority".
      In the absence of evidence, opinion is indistinguishable from prejudice.
      Also, a minor issue I have found with extprog is that a console window pops up briefly. Besides the visual ugliness what really worries me is if that could cause the helper invocation to fail on contexts lacking a GUI environment. For instance, when called from the task scheduler, a web server, or any other program not started inside an user session.

      Hm. Given that you aren't spawning the program, none of the usual tricks to prevent the window popping will work.


      With the rise and rise of 'Social' network sites: 'Computers are making people easier to use everyday'
      Examine what is said, not who speaks -- Silence betokens consent -- Love the truth but pardon error.
      "Science is about questioning the status quo. Questioning authority".
      In the absence of evidence, opinion is indistinguishable from prejudice.
        But what really bothers is not the windows popping but if it will always be able to pop...
      Anyway, I still have to check that the file handle survives the full chain of program calls (perl -> sshg3 -> cmd -> helper)

      It doesn't, the file handle is not inherited by sshg3 children.

        You could try to use the technique from FDPasser to pass the filehandle as a string in %ENV to the helper process... But then I guess you could pass the information via %ENV already :-/

Re^4: Private temporal files on Windows
by Corion (Patriarch) on Dec 19, 2014 at 09:08 UTC

    Yes, it seems that an alternative approach is much easier. I didn't find anything accessible about the ACLs, not even C code that shows an example of how to construct a security descriptor.

      how to construct a security descriptor.

      The simplest way (I know of) is to use ConvertStringSecurityDescriptorToSecurityDescriptor()

      You start with a string something like:

      O:S-1-5-21-3383984691-152274320-3948966431-1000 D:PAI(A;;FA;;;S-1-5-21-3383984691-152274320-3948966431-1000)(D;;FA;;;W +D)

      But that contains a hard-coded SID, and I couldn't find any simple way to get the SID for the current user. (Ought to be simple; but then nothing is in this world!)

      Theoretically, you ought to be able to substitute 'CO' (creator/owner) for the explicit SID, but my attempts to have icacls apply (/restore) that to a file I created resulted in it running flat out (25%cpu) forever.


      With the rise and rise of 'Social' network sites: 'Computers are making people easier to use everyday'
      Examine what is said, not who speaks -- Silence betokens consent -- Love the truth but pardon error.
      "Science is about questioning the status quo. Questioning authority".
      In the absence of evidence, opinion is indistinguishable from prejudice.
        Incidentally to get the SID of current user i used sometimes:
        whoami /user /FO TABLE /NH
        the command returns the full current username and the SID. Seems available post win2000.

        L*

        There are no rules, there are no thumbs..
        Reinvent the wheel, then learn The Wheel; may be one day you reinvent one of THE WHEELS.
      I didn't find anything accessible about the ACLs, not even C code that shows an example of how to construct a security descriptor.

      I found this C++ code (in each of the sections)!


      With the rise and rise of 'Social' network sites: 'Computers are making people easier to use everyday'
      Examine what is said, not who speaks -- Silence betokens consent -- Love the truth but pardon error.
      "Science is about questioning the status quo. Questioning authority".
      In the absence of evidence, opinion is indistinguishable from prejudice.

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://1110817]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others about the Monastery: (2)
As of 2022-05-22 12:13 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    Do you prefer to work remotely?



    Results (80 votes). Check out past polls.

    Notices?