1. 首页
  2. 问答
  3. 什么使这个安全描述符变坏?

什么使这个安全描述符变坏?

2011-05-12 35 views
5

我试图读取使用此代码(Tim Golden's proposed patch to os.access to make it read from ACLs on Windows图案后)的文件和目录在Windows中访问:什么使这个安全描述符变坏?

from ctypes import(
    windll, 
    wintypes, 
    c_char_p, 
    c_void_p, 
    byref 
    ) 
from win32api import GetCurrentThread 
from win32security import (
    GetFileSecurity, 
    DACL_SECURITY_INFORMATION, 
    ImpersonateSelf, 
    SecurityImpersonation, 
    OpenThreadToken, 
    TOKEN_ALL_ACCESS, 
    MapGenericMask 
    ) 
from ntsecuritycon import (
    FILE_READ_DATA, 
    FILE_WRITE_DATA, 
    FILE_EXECUTE, 
    FILE_ALL_ACCESS 
    ) 
import pywintypes 
import winnt 

TRUE = 1 

def CheckAccess(path,AccessDesired): 
    result = wintypes.BOOL() 
    granted = wintypes.DWORD(0) 
    privsetlength = wintypes.DWORD(0) 

    fileSD = GetFileSecurity(path, DACL_SECURITY_INFORMATION) 
    if not fileSD.IsValid(): 
     raise Exception("Invalid security descriptor") 

    ImpersonateSelf(SecurityImpersonation) 
    token = OpenThreadToken(GetCurrentThread(), TOKEN_ALL_ACCESS, TRUE) 
    mapping = wintypes.DWORD(MapGenericMask(AccessDesired, 
     (FILE_READ_DATA, FILE_WRITE_DATA, FILE_EXECUTE, FILE_ALL_ACCESS))) 
    if not windll.advapi32.AccessCheck(
     c_char_p(str(buffer(fileSD))), 
     wintypes.HANDLE(int(token)), 
     AccessDesired, 
     byref(mapping), 
     c_void_p(0), #privilege set, optional 
     byref(privsetlength), #size of optional privilege set 
     byref(granted), 
     byref(result) 
     ): 
      code = GetLastError() 
      raise WindowsError(GetLastError(),FormatMessage(code)) 
    return bool(result) 

def HasReadAccess(path): 
    return CheckAccess(path,FILE_READ_DATA) 

def HasWriteAccess(path): 
    return CheckAccess(path,FILE_WRITE_DATA) 

if __name__ == "__main__": 
    print(HasReadAccess("C:/Python26"))

不过,我每次运行这个时候,我得到这个:

WindowsError: [Error 1338] The security descriptor structure is invalid.

我该如何将SecurityDescriptor传递给AccessCheck?

编辑:将DACL_SECURITY_INFORMATION更改为DACL_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION | OWNER_SECURITY_INFORMATION给我这个:

WindowsError: [Error 122] The data area passed to a system call is too small.

来源

2011-05-12 Stuart P. Bentley

回答

5

显然“可选”Windows意味着“必需”。我通过分配缓冲区并传递PRIVILEGE_SET(20)的大小来修复它。

来源

2011-05-13 15:22:32

+0

嗨,斯图尔特,我现在正在处理同样的问题;你能否发布你的最终工作代码? – Ali 2012-11-16 05:11:24

+2

这是我从一年前的一次实习中拿来的,我没有带着我的代码,但是从阅读我在这里说的话,我想诀窍是(按照这里写的例子)替换'privsetlength = wintypes.DWORD(0)'用'privsetlength = wintypes.DWORD(20)'和'c_void_p(0)'用'create_string_buffer(20)'这样的东西(我已经花了一年半的时间快乐地忘记了一切曾经涉及Python的ctypes模块)。 – 2012-11-16 23:36:44

+0

哈哈:-)有利于你把ctypes放在后面!我确实得到了这个工作。对于任何感兴趣的用户,我所做的就是先用null调用AccessCheck以获取默认行为(privsetlength),然后再调用正确的大小(请参阅AccessCheck的msdn中的注释)。 – Ali 2012-11-17 00:50:38

相关问题

 相关问题