Could
someone please assist me with what should be a trivial PERMS issue? I need to
set the permissions on a registry key, but am confused by the Perms
documentation. There are three tables in the Docs (http://www.roth.net/perl/perms/) that
list: "Mask Constant", "Type Constant", and "Flag Constant".
Earlier in the Docs "Flags" are listed:
OBJECT_INHERIT_ACE, CONTAINER_INHERIT_ACE, INHERIT_ONLY_ACE,
NO_PROPAGATE_INHERIT_ACE. These "Flags" are not in agreement with the "Flag
Constants" from Table #3 listed above. What is the difference between these
Flags?
Although my code seems to add an ACE to the RegKey and
it is verified by the Perms "Dump" method, the ACE does show up in the security
properties of the key when viewed by Regedt32 in NT4 or W2K.
My Code:
use Win32::Perms;
use strict;
use strict;
my $Path =
"Reg:HKEY_LOCAL_MACHINE\Software\TestKey1\TestKey2";
my $KeyPerms = new Win32::Perms( $Path ) || warn "Could
not create Perms object\n";
$KeyPerms->Dump;
$KeyPerms->Dump;
#Things tried:
#Allow( $Account [, $Mask [, $Flag ] ] )
#This method will create a new access allowed ACE with the specified account, mask and flag. The ACE will allow the specified $Account to access the object with the specified $Mask.
#Mask can be any combination of constants from
Table 1
OR'ed together.
#Flag can be any
combination of constants from Table 3 OR'ed together.
#Returns TRUE (1) if successful and FALSE (0) if it fails.
# $KeyPerms->Allow('dss_test\TestUser2', FULL, KEY
) # Masks from Table #3
# $KeyPerms->Allow('dss_test\TestUser2', FULL, KEY | CONTAINER)
# $KeyPerms->Allow('dss_test\TestUser2', FULL, KEY | CONTAINER)
#
$KeyPerms->Allow('dss_test\TestUser2', FULL, KEY |
CONTAINER)
$KeyPerms->Allow('dss_test\TestUser2', FULL, CONTAINER_INHERIT_ACE); # trying something else
$KeyPerms->Allow('dss_test\TestUser2', FULL, CONTAINER_INHERIT_ACE); # trying something else
$KeyPerms->Dump;
$KeyPerms->Set();
#------------------------------------------------------
When DecodeMask, DecodeType, and DecodeFlag are employed, the following
results:
Mask:KEY_READ
KEY_WRITE
Type:ACCESS_ALLOWED_ACE_TYPE
Flags:CONTAINER_INHERIT_ACE
Access: Allow
Account: Administrators
Domain: BUILTIN
Entry: DACL
Flag: 2
Mask: 983103
ObjectName: Registry
ObjectType: 3
SID: S-1-5-32-544
Type: 0
Type:ACCESS_ALLOWED_ACE_TYPE
Flags:CONTAINER_INHERIT_ACE
Access: Allow
Account: Administrators
Domain: BUILTIN
Entry: DACL
Flag: 2
Mask: 983103
ObjectName: Registry
ObjectType: 3
SID: S-1-5-32-544
Type: 0
The Mask is not one of the values from Table
#1.
I need to make progress on this today. Can someone post some valid
examples of how to use Perms to add ACEs to a registry key? Also, has anyone
successfully used the Set or SetRecurse methods? If an object is created with a
PATH as above, must the PATH still be explicitly placed in the SetRecurse
statement?
