Hi everybody
Sorry for my English.
I want to make a function which is able to allow a user, user 'John' for
exanple,
for writing  in a folder.
Jonh is a net user, in a WinNt domain.
An api function exists. And I've got a sample, but in C Language.
It's a large example, with a lot of calls to another function. This isn't
the problem,
the problem is the translation of the C' data types declarations into VB.
I've not have enough information about this.
Thank you.

I assume by your post, that user John, may not have current permissions to
write to the folder.  The problem in writing a function to give John
permissions, is that since John is running your program which contains the
function to adjust permissions, it would his process security token which
would be supplied to a function which would attempt to "adjust" permissions.
Unless he has "administrator" level security for the machine containing the
folder in the NT domain, then he can not give himself permissions to write
to the folder; hence any such function would fail in your application if
John is not an administrator.

So if John doesn't have permissions for the folder in his general security
access, there's no way your program can "give" him permissions since it is
run under his security token.   The only work around for this would be to
have such a function run as part of a NT service which uses the log on
account of an Administrator for the target machine, and hence can use an
administrator's security token.  (If this is what you need then you'd have
to create an NT service which is an activeX exe server which can be called
by your program and check John's permissions.  Quite a lot of work, and
would have to be written in C++ or VB5.)

BTW the best book on this subject is "Win32 Network Programming" by Ralph
Davis, Addison Wesley Developers Press.  Although its all in C, most of its
functions can be converted to VB.

Now if John does have permissions in general for the folder, then all you
have to do is use the api function CreateFile, with a null for the security
descriptor parameter, which will cause the function to use John's default
security access token in file creation.

HTH

Steve Arbaugh
ATTAC Consulting Group
web: http://ourworld.compuserve.com/homepages/attac-cg/acgsoft.htm
To reply, remove ~ and nospm from address

Look in the Books online (Pro & Enterprise editions). There's a section
called 'Converting C Declarations to Visual Basic'

Regards,
--
Jonas
TRION Technologies (www.trion.com)

Hi !.Sorry, for my English.
At first time, I thank your answer.

No. Jonh doesn't want (nor can) giving permissions
to himself. I already know that.
I'll explain you a little bit more.

I use to program in ASP( Active Server Pages).
I assume that you know ASP. If you don't, let me know.
I have to create a Intranet page that is able to create a
new user in a specific net local group and give him permissions
for writing in a specific folder.
This folder will be created by my page. How ?
Well. The method is to make a DLL, and I prefer do it in VB5,
because it's more comfortable for me. In ASP you can create an object,
by calling a DLL. (In this DLL, you have to design a new class, with
its properties and its methods).
So then, the user that uses this page doesn't have administrator
permissions, but THE PROGRAM, YES. You can believe me. It is
possible.
Now, you can see this isn't a problem.Really, my problem is
to translate the C data types into VB, more than the functions
decarations.
The API function I have to use to create a new user is 'NetUserAdd'. (Runs
OK)
To assign him to a new net local group, 'NetLocalGroupAddMembers' (Runs OK)
To assign permissions user-folder, 'GetFileSecurity & SetFileSecurity' (oh,
oh!)

Regards and thank you.

Here's the declare's for GetFileSecurity, you should be able to translate to
SetFileSecurity pretty easily.

Const OWNER_SECURITY_INFORMATION = 1

Type ACL
        AclRevision As Byte
        Sbz1 As Byte
        AclSize As Integer
        AceCount As Integer
        Sbz2 As Integer
End Type

Type SECURITY_DESCRIPTOR
        Revision As Byte
        Sbz1 As Byte
        Control As Long
        Owner As Long
        Group As Long
        Sacl As ACL
        Dacl As ACL
End Type

Declare Function GetFileSecurity Lib "advapi32.dll" Alias "GetFileSecurityA"
_
           (ByVal lpFileName As String, _
            ByVal RequestedInformation As Long, _
                  SecurityDescriptor As Any, _
            ByVal nLength As Long, _
            lpnLengthNeeded As Long) As Long

Now, Security Descriptors are a variable length byte array, and can be very
large.  You might want to set your byte array as sBuf(8096) As Byte or
something close.  Then pass it as sBuf(0) when you call GetFileSecurity.
Generally the only way to know if you've got a long enough byte array is to
call GetFileSecurity and see if it works or not and check the value of
lpnLenthNeeded.

So a call to GetFileSecurity might look like:

Dim sBuf(8096) As Byte
Dim sinSecurityInfo As Long
Dim dwSDLength As Long
Dim dwSDLengthReqd As Long
Dim dwReturn As Long

dwSDLength = 255
sinSecurityInfo = OWNER_SECURITY_INFORMATION

dwreturn = GetFileSecurity(strFileName, _
                            sinSecurityInfo, _
                            sBuf(0), _
                            dwSDLength, _
                            dwSDLengthReqd)

In working with Security Descriptors and ACLs, the Type defs above really
only represent SD and ACL header information respectively.  The SD can trail
on for many bytes following the header. So you have to use a bunch of other
api's to pull out information from the SD.

But I have to admit this stuff is like quick sand.  The minute you think you
understand a bit, you find out that NT security is truly a bit complex.
Again I make my recommendation to look at  Win32 Network Programming by
Ralph Davis, Addison Wesley Developers Press  to begin to get a handle on
it.  (I'm certainly a novice in this area myself.)

HTH

Steve Arbaugh
ATTAC Consulting Group
web: http://ourworld.compuserve.com/homepages/attac-cg/acgsoft.htm
To reply, remove ~ and nospm from address