Re^3: Learning Perl Chap 2 Win32::FileSecurity Help

Kind of. The line commented out is meant to get access to the perl variable $! so that it can assign the error code and text into it (the else branch of the if statement), so that these will be available to the calling application.

If it successfully obtains access to $! and takes the else branch, then the sub returns to it's immediate caller (other XS routines within the module), where those subs would then return undef or whatever to the calling application. The calling application (ie. your code), can then decide whether the error is something that it can saftely ignore and continue or abort as fits the purpose of the application.

As it currently stands (on CPAN), any API error passed into ErrorHandler() is always fatal which is a nonsense. It's hard to guess why that would have been commented out or by whom--it looks like it was a quick check that got forgotten to me. Whatever, it should be corrected which means someone should raise a perlbug against it.

As a workaround, though not a particularly satisfactory one because it means you will effectively be ignoring all api errors, you can use an eval block to trap the croak some thing like this:

use File::Find;
use Win32::FileSecurity;

#determine the DACL mask for Full Access
my $fullmask = Win32::FileSecurity::MakeMask('FULL');

&find(\&wanted,"\\");

my %users;

## Note: use return not next from a subroutine
## with warnings enabled perl will remind you of this
sub wanted {
    # Win32::FileSecurity::Get does not like the paging file, skip it
    return if ($_ eq "pagefile.sys");
    return unless -f $_;

    ## Do the get in an eval block and return 1 if it succeeds.
    ## Otherwise ignore the problem and go onto the next file.
    return unless eval{ Win32::FileSecurity::Get($_, \%users); 1 }; 
    return unless defined $users{"Everyone"};
    return unless $users{"Everyone"} == $fullmask;
    print "$File::Find::name\n";
}
[download]

Examine what is said, not who speaks -- Silence betokens consent -- Love the truth but pardon error.

Lingua non convalesco, consenesco et abolesco. -- Rule 1 has a caveat! -- Who broke the cabal?

"Science is about questioning the status quo. Questioning authority".

In the absence of evidence, opinion is indistinguishable from prejudice.

Comment on Re^3: Learning Perl Chap 2 Win32::FileSecurity Help Select or Download Code

Replies are listed 'Best First'.
Re^4: Learning Perl Chap 2 Win32::FileSecurity Help by punklrokk (Scribe) on May 09, 2006 at 18:45 UTC
I kind of see where you're going with this, but the scope is a little over my ability. I read the eval page, but still lost. You are saying I can force Perl to grab the error, and if one exists, ignore that file? (case?) If so, how can I implement this in code? Is this a general error? Or just with EVERYONE? Or just with the FileSecurity mod? Thanks for your in depth feedback, I really appreciate it. JP Bourget (punklrokk) MS Information and Security Rochester Institute of Technology Rochester, NY	[reply]
Re^5: Learning Perl Chap 2 Win32::FileSecurity Help by BrowserUk (Patriarch) on May 09, 2006 at 19:02 UTC
The code I supplied above should work for you--it does for me. The significant bit is this `return unless eval{ Win32::FileSecurity::Get($_, \%users); 1 };` [download] What that does is wrap the call that may (erroneously) die with the error you encountered in `eval{ ... }`. In a nutshell, that traps the error and ignores it (and the file that caused the error to be skipped). You may like to try this version of your script. #! perl -sw use strict; use File::Find; use Win32::FileSecurity; #determine the DACL mask for Full Access my $fullmask = Win32::FileSecurity::MakeMask('FULL'); &find(\&wanted,"\\"); my %users; sub wanted { # Win32::FileSecurity::Get does not like the paging file, skip it return if ($_ eq "pagefile.sys"); return unless -f $_; unless( eval{ Win32::FileSecurity::Get($_, \%users); 1 } ) { print "Attempt to get the ACLs for $_ failed with: \n", $@; print "Skipping ...\n"; return; } return unless defined $users{"Everyone"}; return unless $users{"Everyone"} == $fullmask; print "$File::Find::name\n"; } [download] An example of the errors that you might see and ignore is `Attempt to get the ACLs for drwtsn32.log failed with: Error handling error: 122, Dacl is NULL: implicit access grant at C:\t +est\junk2.pl Skipping ...` [download] Which is saying that the file has no explicit ACL, so it is implicitly consider to be accessible by anyone. Ie. equivalent to be owned by Everyone. You will need to interpret other errors as they arise according to the context in which you encounter them. Examine what is said, not who speaks -- Silence betokens consent -- Love the truth but pardon error. Lingua non convalesco, consenesco et abolesco. -- Rule 1 has a caveat! -- Who broke the cabal? "Science is about questioning the status quo. Questioning authority". In the absence of evidence, opinion is indistinguishable from prejudice.	[reply] [d/l] [select]
Re^6: Learning Perl Chap 2 Win32::FileSecurity Help by punklrokk (Scribe) on May 09, 2006 at 19:49 UTC
Hey, Well that worked for me, pretty interesting stuff, I'm now gonna try on files with other permissions. This would be way cool to say, print out exchange mailboxes which have people allowed sendAs permission other than the owner. Thanks so much for your help. Cheers! JP Bourget (punklrokk) MS Information and Security Rochester Institute of Technology Rochester, NY	[reply]