[issue37746] Provide Windows predefined access type constants

Eryk Sun report at bugs.python.org
Fri Aug 2 23:31:56 EDT 2019 

Eryk Sun <eryksun at gmail.com> added the comment:

> Perhaps _winapi is the best place? It already includes CreateFile and 
> OpenProcess, both of which also use these flags and already have some 
> of the "preconstructed" values exposed.

I'd like to see an os.windows namespace, with os.windows.constants and os.windows.errors. _winapi is for internal use. Some of what's defined there can be made public, including common constants and errors, but not all of it.

> At least the first five can be used to open keys with even less rights 
> than default, which can sometimes be necessary for keys with obscure 
> ACLs.

Key objects don't support SYNCHRONIZE. The only concern for us is excluding the other standard rights (i.e. READ_CONTROL, WRITE_OWNER, WRITE_DAC, DELETE).

All four modes of generic access include READ_CONTROL, which allows querying an object's owner, group, and DACL, but we have no direct use of this information in winreg. KEY_ALL_ACCESS also includes WRITE_OWNER, WRITE_DAC and DELETE access, of which we also have no need. For deleting a key, DeleteKey[Ex] does not require DELETE access on the supplied handle, which is used by WINAPI RegDeleteKey[Ex]W only for an internal handle-relative open that requests DELETE access. The other two are also never needed directly by winreg, since it doesn't support security functions to modify the owner/group and DACL in a key's security descriptor. They're only of use indirectly if using ctypes or PyWin32 to call a handle-based security function such as SetSecurityInfo.

If we can't get generic access because we lack one or more of the standard rights or specific rights in the generic set, then we can request just the required specific rights. The specific rights of the four generic access modes are as follows:

    KEY_READ      : KEY_QUERY_VALUE, KEY_ENUMERATE_SUB_KEYS, KEY_NOTIFY
    KEY_WRITE     : KEY_SET_VALUE, KEY_CREATE_SUB_KEY
    KEY_EXECUTE   : Same as KEY_READ
    KEY_ALL_ACCESS: KEY_QUERY_VALUE, KEY_SET_VALUE, KEY_CREATE_SUB_KEY,
                    KEY_ENUMERATE_SUB_KEYS, KEY_NOTIFY, KEY_CREATE_LINK

----------

_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue37746>
_______________________________________

More information about the Python-bugs-list mailing list