Re: Copying files to a remote authenticated share
Jan Dubois wrote: On Tue, 13 Sep 2005, David Landgren wrote: I don't do much Windows system administration. If you could point me in the right direction to give the user permission to access the network I'd be much obliged. Should I be using secpol.msc or something else? Right-click on "My Computer" and select "Manage". Expand "Local Users and Groups" and select "Users". This should give you a start. But frankly I'm not sure if you should start granting additional access rights to IIS processes if you don't have a good understanding of Windows administration. You can easily create big security risks. I understand the risks. This is an internal machine with no exposure to the World At Large and even internally it is behind a firewall. I just want an interface for the end-user to kick of a process that in part results in files being copied to another box. There are reasons why the IUSR_* account doesn't have network access. Ideally you should delegate the functionality that needs this to a locally running service and pass any requests on to that service. I Mmm yes, that sounds reasonable. After having searched a bit it looks like Win32::Daemon is the way to go. understand that this is a lot more work, and that you can shortcut this by granting more rights to the IUSR_* user. But remember that *every* CGI script will now have these right, and a security vulnerability in any of them will now put your network at risk. Yes. I shall use this as an opportunity to learn something new. Thanks, David ___ Perl-Win32-Web mailing list Perl-Win32-Web@listserv.ActiveState.com To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs
RE: Copying files to a remote authenticated share
On Tue, 13 Sep 2005, David Landgren wrote: > I don't do much Windows system administration. If you could point me > in the right direction to give the user permission to access the > network I'd be much obliged. Should I be using secpol.msc or > something else? Right-click on "My Computer" and select "Manage". Expand "Local Users and Groups" and select "Users". This should give you a start. But frankly I'm not sure if you should start granting additional access rights to IIS processes if you don't have a good understanding of Windows administration. You can easily create big security risks. There are reasons why the IUSR_* account doesn't have network access. Ideally you should delegate the functionality that needs this to a locally running service and pass any requests on to that service. I understand that this is a lot more work, and that you can shortcut this by granting more rights to the IUSR_* user. But remember that *every* CGI script will now have these right, and a security vulnerability in any of them will now put your network at risk. Cheers, -Jan ___ Perl-Win32-Web mailing list Perl-Win32-Web@listserv.ActiveState.com To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs
RE: Copying files to a remote authenticated share
On Tue, 13 Sep 2005, David Landgren wrote: > I have a module that encapsulates the mapping of a drive letter to a > remote share and copying a local file to the remote share. It works > just fine when used from the command line, however, when run from a > CGI within IIS it complains (probably quite rightly) about a specfied > session not existing. Did you give the IIS user permission to access the network? The default user IUSR_machinename only has permission to access local resources for security reasons. Cheers, -Jan ___ Perl-Win32-Web mailing list Perl-Win32-Web@listserv.ActiveState.com To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs
Re: Copying files to a remote authenticated share
Jan Dubois wrote: On Tue, 13 Sep 2005, David Landgren wrote: I have a module that encapsulates the mapping of a drive letter to a remote share and copying a local file to the remote share. It works just fine when used from the command line, however, when run from a CGI within IIS it complains (probably quite rightly) about a specfied session not existing. Did you give the IIS user permission to access the network? The default user IUSR_machinename only has permission to access local resources for security reasons. Hmm, I guess not. I'm currently playing around with secpol.msc and applying different privileges in turn to the account, but not making much progress. Specifically, the code is dying with Windows error code 1312. The text is completely unhelpful, but I found a web page that mentioned that this can be due to the local account not having sufficient privileges to open a network connection. And that sounds exactly like my problem. http://techsupt.winbatch.com/TS/T01036F39.html I don't do much Windows system administration. If you could point me in the right direction to give the user permission to access the network I'd be much obliged. Should I be using secpol.msc or something else? Thanks, David ___ Perl-Win32-Web mailing list Perl-Win32-Web@listserv.ActiveState.com To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs
Copying files to a remote authenticated share
Hello list,
I have a module that encapsulates the mapping of a drive letter to a
remote share and copying a local file to the remote share. It works just
fine when used from the command line, however, when run from a CGI
within IIS it complains (probably quite rightly) about a specfied
session not existing.
It is the AddConnection() call that is failing below. From what I can
glean from the documentation, the fourth parameter (set here to 0) is a
reference to a suitable connection, but I don't know how to set that up.
Any ideas or suggestions would be gratefully appreciated.
Thanks,
David
package Remote::Filecopy;
use strict;
use warnings;
use constant SHARE_NAME => 'a\\b';
use constant USER_NAME => 'user';
use constant PASSWORD => 'pw';
use Carp qw/ carp croak /;
use Win32::NetResource qw/ GetUNCName AddConnection CancelConnection /;
use Win32API::File qw/ CopyFile fileLastError /;
use Exporter;
use vars qw/ @ISA @EXPORT_OK $VERSION /;
@ISA = qw/ Exporter /;
$VERSION = '0.1';
my $SHARE = {
RemoteName => SHARE_NAME,
LocalName => undef,
};
push @EXPORT_OK, 'filecopy';
sub filecopy {
my %args = @_;
if( not defined $SHARE->{LocalName} ) {
$SHARE->{LocalName} = free_drive_letter();
if( not AddConnection( $SHARE, PASSWORD, USER_NAME, 0 )) {
croak "share connection error:\n", win32err();
}
}
CopyFile( $args{from}, "$SHARE->{LocalName}$args{to}", 0 )
or carp "copy of [$args{from}] to
[$SHARE->{LocalName}$args{to}] failed: "
. fileLastError() . "\n";
}
sub free_drive_letter {
my $drive;
for my $letter ('f' .. 'z' ) {
my $mapped;
$drive = "$letter:";
GetUNCName( $mapped, $drive );
return $drive if not $mapped;
}
croak "All network drive letters (F: .. Z:) are in use\n";
}
END {
if( defined $SHARE->{LocalName} ) {
if( not CancelConnection( $SHARE->{LocalName}, 0, 1 )) {
carp "disconnection error:\n", win32err();
}
}
}
sub win32err {
my $err;
Win32::NetResource::GetError($err);
Win32::FormatMessage($err);
}
__END__
___
Perl-Win32-Web mailing list
Perl-Win32-Web@listserv.ActiveState.com
To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs
