in reply to Re^3: Learning Perl Chap 2 Win32::FileSecurity Help
in thread Learning Perl Chap 2 Win32::FileSecurity Help

I kind of see where you're going with this, but the scope is a little over my ability. I read the eval page, but still lost.

You are saying I can force Perl to grab the error, and if one exists, ignore that file? (case?)

If so, how can I implement this in code? Is this a general error? Or just with EVERYONE? Or just with the FileSecurity mod?

Thanks for your in depth feedback, I really appreciate it.

JP Bourget (punklrokk) MS Information and Security Rochester Institute of Technology Rochester, NY
  • Comment on Re^4: Learning Perl Chap 2 Win32::FileSecurity Help

Replies are listed 'Best First'.
Re^5: Learning Perl Chap 2 Win32::FileSecurity Help
by BrowserUk (Patriarch) on May 09, 2006 at 19:02 UTC

    The code I supplied above should work for you--it does for me. The significant bit is this 

    return unless eval{ Win32::FileSecurity::Get($_, \%users); 1 };

    [download]

    What that does is wrap the call that may (erroneously) die with the error you encountered in eval{ ... }.

    In a nutshell, that traps the error and ignores it (and the file that caused the error to be skipped). You may like to try this version of your script. 

    #! perl -sw
use strict;
use File::Find;
use Win32::FileSecurity;

#determine the DACL mask for Full Access
my $fullmask = Win32::FileSecurity::MakeMask('FULL');

&find(\&wanted,"\\");

my %users;

sub wanted {
    # Win32::FileSecurity::Get does not like the paging file, skip it
    return if ($_ eq "pagefile.sys");
    return unless -f $_;
    unless( eval{ Win32::FileSecurity::Get($_, \%users); 1 } ) {
        print "Attempt to get the ACLs for $_ failed with: \n", $@;
        print "Skipping ...\n";
        return;
    }
    return unless defined $users{"Everyone"};
    return unless $users{"Everyone"} == $fullmask;
    print "$File::Find::name\n";
}

    [download]

    An example of the errors that you might see and ignore is 

    Attempt to get the ACLs for drwtsn32.log failed with: 
Error handling error: 122, Dacl is NULL: implicit access grant at C:\t
+est\junk2.pl
Skipping ...

    [download]

    Which is saying that the file has no explicit ACL, so it is implicitly consider to be accessible by anyone. Ie. equivalent to be owned by Everyone.

    You will need to interpret other errors as they arise according to the context in which you encounter them.

    Examine what is said, not who speaks -- Silence betokens consent -- Love the truth but pardon error.
    Lingua non convalesco, consenesco et abolesco. -- Rule 1 has a caveat! -- Who broke the cabal?
    "Science is about questioning the status quo. Questioning authority".
    In the absence of evidence, opinion is indistinguishable from prejudice.
[reply]
[d/l]
[select]
      Hey,
      Well that worked for me, pretty interesting stuff, I'm now gonna try on files with other permissions.
      This would be way cool to say, print out exchange mailboxes which have people allowed sendAs permission other than the owner.
      Thanks so much for your help. Cheers!
      JP Bourget (punklrokk) MS Information and Security Rochester Institute of Technology Rochester, NY
[reply]

In Section Seekers of Perl Wisdom