file/folder security

[snotmare]

Hello all!

I am a VB programmer trying to broaden my horizons with javascript. I would like to use the ADsSecurity object that is provided with Windows to see who has what security rights to a given folder or file. Below is the code as I think it should be written in javascript, but I'm not getting results. I'll give more details on the problem in a sec, here's a section of my code embeded in HTML...

<SCRIPT LANGUAGE="JavaScript1.3">
function displaySecurity(strPath){
    var objSec = new ActiveXObject("ADsSecurity")
    var objSD
    var objDacl
	
    objSD = objSec.GetSecurityDescriptor("FILE://" + strPath)
    objDacl = objSD.DiscretionaryAcl
	
    for(objAce in objDacl){
        alert(objAce.Trustee)
    }
}
</SCRIPT>

Some examples of what might be passed to the function are:
"C:\test.txt", "C:\Program Files\test.txt"

This obviously isn't final code as I'm simply displaying the names of those who have access to the folder passed to this function. When this code is executed, no errors are generated. However, the code is not entering the "for" loop. It's like there are no objAce in objDacl, which there should be. Similer code works in VBScript by using the same objects.

Any thoughts on how I can get this to work?
Thank you!

He who has knowledge spares his words, and a man of understanding is of a calm spirit. Even a fool is counted wise when he holds his peace; when he shuts his lips, he is considered perceptive. - King Solomon

 

[BillyRayPreachersSon]

Try this:

function displaySecurity(strPath){
    var objSec = new ActiveXObject("ADsSecurity")
    var objSD
alert(1);
    var objDacl
alert(2);
    
    objSD = objSec.GetSecurityDescriptor("FILE://" + strPath)
alert(3);
    objDacl = objSD.DiscretionaryAcl
alert(4);
    
    for(objAce in objDacl){
        alert(objAce.Trustee)
    }
}

Do you get all 4 alerts happening? Not having AD installed makes it hard to test locally here ;o)

Dan

[tt]D'ya think I got where I am today because I dress like Peter Pan here?[/tt]

 

[snotmare]

Thanks for the response!

I do get all alerts, and even an alert I put after the for loop. Any ideas?

He who has knowledge spares his words, and a man of understanding is of a calm spirit. Even a fool is counted wise when he holds his peace; when he shuts his lips, he is considered perceptive. - King Solomon

 

[BillyRayPreachersSon]

Does objDacl equate to anything? Try changing the "alert(4)" to "alert(objDacl)" and see what is returned.

Dan



[tt]D'ya think I got where I am today because I dress like Peter Pan here?[/tt]

 

[snotmare]

If I add this line of code...

alert(objDacl)

... then it displays "[object]".

If I change the alert to look like this...

alert(objDacl.count)

...the message displays as "undefined". Note, that count is supposed to be a property of objDacl.



He who has knowledge spares his words, and a man of understanding is of a calm spirit. Even a fool is counted wise when he holds his peace; when he shuts his lips, he is considered perceptive. - King Solomon

 

[snotmare]

Just a small update.

I put this line of code in...

alert(objDacl.acecount)

...and it returned the correct count. With this, I know that everything is working correctly up to the for loop.

He who has knowledge spares his words, and a man of understanding is of a calm spirit. Even a fool is counted wise when he holds his peace; when he shuts his lips, he is considered perceptive. - King Solomon

 

[BillyRayPreachersSon]

This is a total guess, as I can find no useful documentation relating to ADS and JavaScript (surprisingly). I'm guessing that it might be an enumerator, and so need different code to access. Try changing this:

for(objAce in objDacl){
	alert(objAce.Trustee)
}

to this:

while (!objAce.atEnd()) {
	alert(objAce.item());
	objAce.moveNext();
}

Hope this helps,
Dan


[tt]D'ya think I got where I am today because I dress like Peter Pan here?[/tt]

 

[snotmare]

Good morning!

I understand your thinking with the suggested change, but ".atEnd", ".item", and ".moveNext" are "not supported by this property or method". It was a very nice try though! Like you, I've struggled to find decent documentation on this. I can find documentation and examples of this for VBScript, provided by Microsoft. I actually downloaded the ADSI resource kit from Microsoft, in which examples were provided for VBScript, but not javascript.

Let me post a working example in VBScript, and perhaps it may shed some light on what the javascript needs to be...

Dim objSec, objSD, objDacl, strMsg, strFile

strFile = "C:\"
strMsg = ""

Set objSec = CreateObject("ADsSecurity")
Set objSD = objSec.GetSecurityDescriptor("FILE://" & strFile)
Set objDacl = objSD.DiscretionaryAcl

For Each objAce In objDacl
    strMsg = strMsg &  "Trustee = " & objAce.Trustee & vbCrlf & _
        "AccessMask = " & objAce.AccessMask & vbCrlf & _
        "Type = " & objAce.AceType & vbCrlf & _
        "Flags = " & objAce.AceFlags & vbCrlf & vbCrlf
Next

MsgBox strMsg

Set objDacl = Nothing
Set objSD = Nothing
Set objSec = Nothing

Thank you for your help, it is appreciated!

He who has knowledge spares his words, and a man of understanding is of a calm spirit. Even a fool is counted wise when he holds his peace; when he shuts his lips, he is considered perceptive. - King Solomon

 

[tsuji]

[1] Be mindful to escape "\" for path.
[2] Read the js ms chm file for new Enumerator syntax.
[3] You can use vbscript in webpage no problem.
- tsuji

 

[BillyRayPreachersSon]

OK - This should be a good JS equivalent - give it a bash:

var objSec, objSD, objDacl, strMsg, strFile;

strFile = 'C:\\';
strMsg = '';

objSec = new ActiveXObject('ADsSecurity');
objSD = objSec.GetSecurityDescriptor('FILE://' + strFile);
objDacl = objSD.DiscretionaryAcl;

for(objAce in objDacl) {
	strMsg += 'Trustee = ' + objAce.Trustee + '\n';
	strMsg += 'AccessMask = ' + objAce.AccessMask + '\n';
	strMsg += 'Type = ' + objAce.AceType + '\n';
	strMsg += 'Flags = ' + objAce.AceFlags + '\n\n';
}

alert(strMsg);

Do you have any documentation as to whether the following are properties or methods?

.Trustee
.AccessMask
.AceType
.AceFlags

The code above assumes they are properties, but if any are methods, you should append () to them.

Hope this helps,
Dan


[tt]D'ya think I got where I am today because I dress like Peter Pan here?[/tt]

 

[snotmare]

Hello tsuji, thanks for the input!

I have heard it said that VBScript only works with explorer, and not with netscape. Not having netscape, I can't test this. Is this a true statement, or is VBScript supported on most web browsers?

I also am going through this exercise so that I can learn more javascript.

He who has knowledge spares his words, and a man of understanding is of a calm spirit. Even a fool is counted wise when he holds his peace; when he shuts his lips, he is considered perceptive. - King Solomon

 

[tsuji]

snotmare,

You are restricted to msie audience right from the beginning. So, do not have to worry for cross-browser on this.

- tsuji

 

[BillyRayPreachersSon]

VBScript will work in IE with no extra plugins, etc. There may be plugins for other browsers, that do not natively support it, however.

Dan


[tt]D'ya think I got where I am today because I dress like Peter Pan here?[/tt]

 

[snotmare]

Hello BillyRay...

I have tried your code, but have two problems. The first, I get "object expected" on line 17, which is the alert statement. The second problem is what appears to be the same problem I'm having to begin with, the code within the for loop is not being executed. I put an alert statement within the for loop, and no message was displayed (or error for that matter).

Are you able to get this working on your workstation? Just so we're on the same page and not making assumptions, my expected output is a list of all trustees for a given folder or file - the same as you would see when you right-click on a folder, go to the security tab, and view the list of groups/users that have access for that folder. If there is a better process (that works with javascript) to get this information than using 'ADsSecurity', I'm all ears!

To answer your questions on whether those are properties or methods, all four of those are properties.

Thank you for your continued help.

He who has knowledge spares his words, and a man of understanding is of a calm spirit. Even a fool is counted wise when he holds his peace; when he shuts his lips, he is considered perceptive. - King Solomon

 

[BillyRayPreachersSon]

I can't even get the VB version to run on my PC - I doubt I have ADs installed.

If you take the VB code as given above, put this above it:

<html>
<script type="text/vbscript">

this below it:

</script>
</html>

and then save it as something like "test.html", does it work for you?

Dan


[tt]D'ya think I got where I am today because I dress like Peter Pan here?[/tt]

 

[snotmare]

Hello tsuji!

Could you please explain why...

You are restricted to msie audience right from the beginning.

... please? Are you saying this because I make use of ADsSecurity? I don't believe that to be the case because I was able to get results that I posted earlier...

Just a small update.

I put this line of code in...

CODE
alert(objDacl.acecount)
...and it returned the correct count. With this, I know that everything is working correctly up to the for loop.

Thanks!

He who has knowledge spares his words, and a man of understanding is of a calm spirit. Even a fool is counted wise when he holds his peace; when he shuts his lips, he is considered perceptive. - King Solomon

 

[snotmare]

BillyRay...

Yup, the code does work when I put HTML code around it.

Thanks!

He who has knowledge spares his words, and a man of understanding is of a calm spirit. Even a fool is counted wise when he holds his peace; when he shuts his lips, he is considered perceptive. - King Solomon