5
我试图读取使用此代码(Tim Golden's proposed patch to os.access to make it read from ACLs on Windows图案后)的文件和目录在Windows中访问:什么使这个安全描述符变坏?
from ctypes import(
windll,
wintypes,
c_char_p,
c_void_p,
byref
)
from win32api import GetCurrentThread
from win32security import (
GetFileSecurity,
DACL_SECURITY_INFORMATION,
ImpersonateSelf,
SecurityImpersonation,
OpenThreadToken,
TOKEN_ALL_ACCESS,
MapGenericMask
)
from ntsecuritycon import (
FILE_READ_DATA,
FILE_WRITE_DATA,
FILE_EXECUTE,
FILE_ALL_ACCESS
)
import pywintypes
import winnt
TRUE = 1
def CheckAccess(path,AccessDesired):
result = wintypes.BOOL()
granted = wintypes.DWORD(0)
privsetlength = wintypes.DWORD(0)
fileSD = GetFileSecurity(path, DACL_SECURITY_INFORMATION)
if not fileSD.IsValid():
raise Exception("Invalid security descriptor")
ImpersonateSelf(SecurityImpersonation)
token = OpenThreadToken(GetCurrentThread(), TOKEN_ALL_ACCESS, TRUE)
mapping = wintypes.DWORD(MapGenericMask(AccessDesired,
(FILE_READ_DATA, FILE_WRITE_DATA, FILE_EXECUTE, FILE_ALL_ACCESS)))
if not windll.advapi32.AccessCheck(
c_char_p(str(buffer(fileSD))),
wintypes.HANDLE(int(token)),
AccessDesired,
byref(mapping),
c_void_p(0), #privilege set, optional
byref(privsetlength), #size of optional privilege set
byref(granted),
byref(result)
):
code = GetLastError()
raise WindowsError(GetLastError(),FormatMessage(code))
return bool(result)
def HasReadAccess(path):
return CheckAccess(path,FILE_READ_DATA)
def HasWriteAccess(path):
return CheckAccess(path,FILE_WRITE_DATA)
if __name__ == "__main__":
print(HasReadAccess("C:/Python26"))
不过,我每次运行这个时候,我得到这个:
WindowsError: [Error 1338] The security descriptor structure is invalid.
我该如何将SecurityDescriptor传递给AccessCheck?
编辑:将DACL_SECURITY_INFORMATION更改为DACL_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION | OWNER_SECURITY_INFORMATION给我这个:
WindowsError: [Error 122] The data area passed to a system call is too small.
嗨,斯图尔特,我现在正在处理同样的问题;你能否发布你的最终工作代码? – Ali 2012-11-16 05:11:24
这是我从一年前的一次实习中拿来的,我没有带着我的代码,但是从阅读我在这里说的话,我想诀窍是(按照这里写的例子)替换'privsetlength = wintypes.DWORD(0)'用'privsetlength = wintypes.DWORD(20)'和'c_void_p(0)'用'create_string_buffer(20)'这样的东西(我已经花了一年半的时间快乐地忘记了一切曾经涉及Python的ctypes模块)。 – 2012-11-16 23:36:44
哈哈:-)有利于你把ctypes放在后面!我确实得到了这个工作。对于任何感兴趣的用户,我所做的就是先用null调用AccessCheck以获取默认行为(privsetlength),然后再调用正确的大小(请参阅AccessCheck的msdn中的注释)。 – Ali 2012-11-17 00:50:38