What is the "Everyone" Users group on German OS?
BlitzMax Forums/BlitzMax Programming/What is the "Everyone" Users group on German OS?
| ||
| Hi, can someone please check the security settings on a file or folder on a German OS and find out if "Everyone" is in the list or if it is translated into German please? Thanks. There may be an issue with my Grey Alien Framework code that creates a folder with full-access on German OSes (and possibly other non-English OSes too). |
| ||
| There's no API to get the standard path used by the OS? |
| ||
| The word for Everyone that Microsoft uses in their German versions would be "Jeder". "Jeder"/Everyone is mostly there to grant read and execute access. I don't know what you're implementing, but the problem with Windows File Security is that if a user does not have at least read access on ALL of the upper level folders, he won't be able to access your freshly created subfolder. If I'm not mistaken, Unixes behave differently here - if you know the full path to the target, you can still access it. Anyway, maybe you shouldn't play with "Jeder"/Everyone at all. It should be sufficient to grant access to the "Users" group, which translates to "Benutzer". |
| ||
| Oh, Jake, I checked the emails from users who had reported problems like this to me earlier (from the "(5) Unhandled Memory Exception Error" thread on your forum), and they are all using non-English OS's, and I checked a computer I have with Norwegian Windows Vista now, and that has "Brukere" instead of "Users" on the security settings, so this makes sense that the give-full-access code won't work on those :D I thought that it was the same user rights category names on all the languages, guess not =) Hope there's some kind of API we can use to grab the name by the OS... |
| ||
| Im suprised this hasnt cropped up sooner... I havent received issues myself... |
| ||
| why does it make sense that it does not work? If the WinAPI stuff is used to retrieve the corresponding groups etc, it will work out of the box. Also as one of the base always present groups you should actually be able to retrieve it through various ways (its group id should always be the same and alike) |
| ||
| Thanks all for confirming what I suspected. I'm using a hardcoded string which fails of course on international OSes. [Slap own forehead.] There is a WinAPI call to get the localized string for EVERYONE (found it earlier today http://msdn.microsoft.com/en-us/library/aa446585%28v=VS.85%29.aspx ), don't know about USERS though (it's probably one of these: http://msdn.microsoft.com/en-us/library/aa379650%28v=VS.85%29.aspx ) I had heard of people with this issue before but never realised that it was the SID until today, thought it was the path (which is not hardcoded) or some other anomaly with their system. I'll see if I can get this fixed soon (crazy busy with Facebook game right now) unless any framework users can kindly help to modify fullaccess.cpp to implement the code in the links above. It shouldn't be too tough, but it needs testing as follows: Bugged version should do this on non-English OSes: 1) Use the framework to create a brand new game shared data folder (your games should be doing this automatically in Game.Init()) 2) Switch to another user. The ini file will fail to write in the folder because the permissions are wrong for the folder (Everyone and Users are probably missing) and the game will fail to load. After the fix, when you change to another user the ini file should write and the game should load. I apologise for any inconvenience this may have caused you and your international customers. |
| ||
| Nice find, Jake! I've tried to implement this now, but from what I can see, there's no "CreateWellKnownSid" function in any of the MinGW headers. I'm using 3.4.2 and I checked the newest downloadable version too. I'm not that experienced with MinGW etc. though. The code from MSDN works fine in VC2008, and that "CreateWellKnownSid" declaration was in winbase.h there, but that declaration didn't seem to exist in MinGW's files. Perhaps we need something like Import "-ladvapi32" for that function as well? Or a different version of it. |
| ||
| Thanks for trying it out Tor! Hmm, I wonder what we need to import then...more research needed. |
| ||
I don't have any way of testing this right now but according to http://msdn.microsoft.com/en-us/library/aa379639(v=VS.85).aspx (and follow the WELL_KNOWN_GROUP link) we may be able to use this..
ea.Trustee.TrusteeType = TRUSTEE_IS_WELL_KNOWN_GROUP;
ea.Trustee.TrusteeForm = TRUSTEE_IS_SID;
ea.Trustee.ptstrName = TEXT("S-1-1-0");
I don't usually like to take pot shots at an API but this is as far as my searching has taken me and I don't have a vista machine here right now. |
| ||
Ah, good idea matibee! That particular code didn't work 100% though, as TRUSTEE_IS_SID requires the ptstrName to be in a PSID format converted to string (ea.Trustee.ptstrName = (LPTSTR) PSID), which it uses in a special format or something, but I managed to get it working with this code, where I turn the "S-1-1-0" into a PSID using ConvertStringSidToSid():
// This code requires MinGW 3.4.5 or above for ConvertStringSidToSid()
#define WINVER 0x0502 // To make <sddl.h> define ConvertStringSidToSid
#include <windows.h>
#include <aclapi.h>
#include <sddl.h>
bool GiveDirectoryFullAccessToGroup(LPCTSTR lpPath, LPTSTR lpGroup);
extern "C" bool GiveDirectoryFullAccess(LPCTSTR lpPath)
{
if(!GiveDirectoryFullAccessToGroup(lpPath, "S-1-5-32-545")) return false; // Users
if(!GiveDirectoryFullAccessToGroup(lpPath, "S-1-1-0")) return false; // Everyone
return true;
}
bool GiveDirectoryFullAccessToGroup(LPCTSTR lpPath, LPTSTR lpGroup)
{
HANDLE hDir = CreateFile(lpPath,READ_CONTROL|WRITE_DAC,0,NULL,OPEN_EXISTING,FILE_FLAG_BACKUP_SEMANTICS,NULL);
if(hDir == INVALID_HANDLE_VALUE) return false;
ACL* pOldDACL=NULL;
SECURITY_DESCRIPTOR* pSD = NULL;
GetSecurityInfo(hDir,SE_FILE_OBJECT,DACL_SECURITY_INFORMATION,NULL,NULL,&pOldDACL,NULL,&pSD);
EXPLICIT_ACCESS ea={0};
ea.grfAccessMode = GRANT_ACCESS;
ea.grfAccessPermissions = GENERIC_ALL;
ea.grfInheritance = CONTAINER_INHERIT_ACE|OBJECT_INHERIT_ACE;
ea.Trustee.TrusteeType = TRUSTEE_IS_WELL_KNOWN_GROUP;
ea.Trustee.TrusteeForm = TRUSTEE_IS_SID;
PSID newSID;
if(ConvertStringSidToSid(lpGroup, &newSID))
{
ea.Trustee.ptstrName = (LPTSTR)newSID;
ACL* pNewDACL = NULL;
SetEntriesInAcl(1,&ea,pOldDACL,&pNewDACL);
SetSecurityInfo(hDir,SE_FILE_OBJECT,DACL_SECURITY_INFORMATION,NULL,NULL,pNewDACL,NULL);
LocalFree(pSD);
LocalFree(pNewDACL);
CloseHandle(hDir);
return true;
}
return false;
}
Note, I used to use MinGW 3.4.2 but that didn't have ConvertStringSidToSid() in sddl.h, so I upgraded to the newest 3.4.5 and that had it, so this code requires MinGW 3.4.5. Also, please let me know if there's any errors I've missed with the above code :) I also found out that "S-1-5-32-545" is the SID for "Users": http://support.microsoft.com/kb/243330 I tested this on my English and Norwegian Windows', and it worked fine on both. It set Everyone/Users on the English one and Alle/Brukere on the Norwegian one. I also checked my old versions of my games as I now know how to make them get this error, and my old version incorrectly sat the wrong access, while the new version worked fine and didn't give any errors. If anyone else got non-English OS', it would be great if someone could confirm it working and setting the security settings correctly, thanks! :) |
| ||
| You guys are freakin' awesome! This is so cool that you have fixed it and that the community can benefit. Way to go! I can't test it on another OS at the moment, but hopefully someone else can help. Will see if I can get BFG to help. |
| ||
| Query: this fix doesn't compile for me with this error: E:/BlitzMax/Jake/GreyAlienFramework/include/fullaccess.cpp: In function `bool GiveDirectoryFullAccessToGroup(const TCHAR*, TCHAR*)': E:/BlitzMax/Jake/GreyAlienFramework/include/fullaccess.cpp:37: error: `ConvertStringSidToSid' was not declared in this scope Build Error: failed to compile E:/BlitzMax/Jake/GreyAlienFramework/include/fullaccess.cpp I'm using MinGW 3.4.5 (at least when I type gcc -v at the command prompt) it tells me: gcc version 3.4.5 (mingw special). Although I don't recall updating it for quite a while. Maybe I'll try now. Also I'm using BMax 1.36 at home, could update that too. |
| ||
| Update: I followed Ziggy's instructions here and now it works! http://www.blide.org/forum/viewtopic.php?f=12&t=56&start=0 I installed that recommended version of MinGW and now gcc -v reports: gcc version 3.4.5 (mingw-vista special r3) So slightly different. Or perhaps it was the install options; maybe one of them installed some windows libraries on there that were missing before. Anyway, it works on XP Home. Will test on Vista tomorrow. (all English versions though). Still need testers with framework who can test on non-English OSes! |
| ||
| I would like to help out, but I havent got any non-english OSes... Tor did say he tested it on his Norwegian Windows. How did you find the issue in the first place Jake? Did a customer complain? Could you get that customer to test this new code? |
| ||
| I have a spanish OS. If you tell me what I have to do, maybe I can help... |
| ||
| @therevills: BFG spotted it and will now be testing it later in the week, so no need for any testers. Thanks zeb, but I think we are OK now :-) |
| ||
| It's being tested now. Will report back. |
| ||
| It has been confirmed that the above fix works! Thanks everyone for your help, much appreciated. I'll put the code on the Framework forum. |
| ||
| Ahh, awesome! Thanks for getting it tested :D |
| ||
| So I take it that this code still works fine with English OSs ;) |
| ||
| Yeah I tested that myself. Well I tested it made the correct users on the shared data folder (and that they had the correct permissions), but haven't swapped users to check the data is still shared correctly with the new code (that's what BFG did with a foreign version). I'm sure it is but please feel free to confirm. |
| ||
| I'm sure it is but please feel free to confirm. Confimed on Windows 7... can any confirm on XP please? |
| ||
| So the update is in the framework forum then? |
| ||
| Thanks therevills. @MGE: yep, but only the file above. |
| ||
| Oh my God... Magicville is failing on non-English OS's and I suspect this is why! [edit] A tadge confused by this: [edit again] Never mind - sorted it. Fixed my problem in German Windows, too. Thanks for sharing this! |
| ||
| You are welcome and just in time for your release I hope. |
| ||
| You are welcome and just in time for your release I hope Would have been if I'd realised the issue was there!It launched with the foreign OS problem - BFG have a fix ready for testing so its all down to how fast they can make it available. Not ideal but no point dwelling on it - what's done is done. :) |
| ||
| Well at least there's a known fix plus now you can safely do localised versions. |
| ||
| Ouch, I need some help from you guys. I just been "forced" to upgrade to Win8... copied both MingW and BlitzMax from my old XP laptop, added MingW env. vars and compilation runs fine. But when trying to compile modules (they compiled fine on XP!) I'm getting this exact same error: fullaccess.cpp: In function `bool GiveDirectoryFullAccessToGroup(const TCHAR*, TCHAR*)': fullaccess.cpp:37: error: `ConvertStringSidToSid' was not declared in this scope What seems to be the solution posted in this thread, is now offline, so I'm lost on what can I do to fix this... can anyone help me please? Edit: I think I've got it - downloaded a MingW from Blide's website and it is compiling now... very weird. |
   |