[Python-bugs-list] [ python-Bugs-481284 ] GetFileSecurity returns wrong SID
noreply@sourceforge.net
noreply@sourceforge.net
Sun, 23 Jun 2002 17:21:52 -0700
Bugs item #481284, was opened at 2001-11-14 02:34
You can respond by visiting:
http://sourceforge.net/tracker/?func=detail&atid=105470&aid=481284&group_id=5470
Category: Windows
Group: Platform-specific
Status: Closed
Resolution: Works For Me
Priority: 5
Submitted By: Ruben Marquez (rrm1)
Assigned to: Mark Hammond (mhammond)
Summary: GetFileSecurity returns wrong SID
Initial Comment:
The following code printes PySID:S-1-0x008014000000 for
every file on any machine, independent of the real
ower of the file:
for f in glob.glob("d:/*.*"):
try:
o =
win32security.GetFileSecurity
(f,win32security.OWNER_SECURITY_INFORMATION)
s = win32security.SID(o)
print str(s),
except:
print "n/a",
print " ",f
----------
Interestingly,
def prsid(name):
import string
print string.rjust(name,20),
try:
sid,box,what=win32security.LookupAccountName
(None,name)
print str(sid),box,what
except:
print "oops"
Works well, so it doesn't seem to be a problem with
PySIDs.
Thanks for your help in resolving this.
P.S.: (Discussed in http://groups.google.com/groups?
hl=en&th=b808d773d7ba0fee)
----------------------------------------------------------------------
Comment By: Darryl Dixon (esrever_otua)
Date: 2002-06-24 12:21
Message:
Logged In: YES
user_id=567623
Hi Mark,
Thanks for getting back to me and giving me the chance to
explore this one. I'm using ActiveState ActivePython 2.1.1
build 212. The Release notes say that this includes your
Win32 extensions build 135. I'm on Windows 2000
Professional Service Pack 2, and am logged in as an
administrator-level account (so permissions shouldn't be an
issue).
I had a look at the RAM where the fileSecurity object was
referenced at, and first line of memory looks like this:
unsigned char data[16] = {
0x01, 0x00, 0x00, 0x00, 0x28, 0xB9, 0x60, 0x1E,
0xD0, 0x94, 0x8A, 0x00, 0x00, 0x00, 0x00, 0x00
};
Dunno if that's really relevant at all, as I haven't yet
familiarised myself with how this type of object is structured,
but if it's any use to you, great :-)
Any other information I can supply or things that I can do for
you on this I am happy to go through, I'd love to get this
working,
Thanks heaps,
Darryl Dixon
exec("def\040me(list=
[97,117,116,111,95,114,101,118,101,114,115,101]):\n\tretstr=''
\n\tfor\040i\040in\040range(0,len(list)):\n\t\tretstr+='chr('+str
(list.pop())+')+'\n\treturn\040retstr[:-1]\nprint\040eval(me())")
----------------------------------------------------------------------
Comment By: Mark Hammond (mhammond)
Date: 2002-06-24 11:15
Message:
Logged In: YES
user_id=14198
What OS are you on, and what version of win32all. It works
fine for me.
>>> import win32security
>>> fileSecurity =
win32security.GetFileSecurity('f:/windows',win32security.OWNER_SECURITY_INFORMATION)
>>> secInfo = fileSecurity.GetSecurityDescriptorOwner()
>>> secInfo
<PySID object at 0x00D18CD8>
>>>
----------------------------------------------------------------------
Comment By: Nobody/Anonymous (nobody)
Date: 2002-06-24 10:59
Message:
Logged In: NO
Hi Mark,
I've had a read through all of the information that I could on
this, and the problem resolution that you've outlined here
doesn't seem to be valid. That is, if I use:
fileSecurity = win32security.GetFileSecurity
('c:/winnt',win32security.OWNER_SECURITY_INFORMATION)
and then watch fileSecurity in a debugger like Komodo, I find
that there are only three object methods available,
fileSecurity.Initialize()
fileSecurity.SetDacl()
fileSecuiryt.SetSecurityDescriptorDacl()
I haven't yet gotten desperate enough to use a tool that
allows the inspection of the contents of RAM to find out
what's in the fileSecurity object, but I'm getting close to it... ;-)
To be completely explicit, if I use:
import win32security
fileSecurity = win32security.GetFileSecurity
('c:/winnt',win32security.OWNER_SECURITY_INFORMATION)
secInfo = fileSecurity.GetSecurityDescriptorOwner()
Python errors and the traceback looks like this:
Traceback (most recent call last):
File "getfilesecurity.py", line 17, in ?
secInfo = fileSecurity.GetSecurityDesc
AttributeError: GetSecurityDescriptorOwner
I love Python and would dearly like to use this API to do
some work... I found a white paper written by someone that
talked about the possibility of extending a Python module
with SWIG to use the GetNamedSecurityInfo() API, but I don't
have a C compiler ATM to knock the code up with :-(
Oh, and just as background, basically, I'm writing a class
library to allow someone to list each unique NT account that
has rights to a file/directory and what those (cumulative)
rights are. I already have a basic class that will enumerate
individual user accounts in local groups for me, now I just
need to extend it to point at groups in ACLs...
Please please please assist;
Cheers,
Darryl Dixon
----------------------------------------------------------------------
Comment By: Mark Hammond (mhammond)
Date: 2002-03-28 15:37
Message:
Logged In: YES
user_id=14198
This is not a bug. The SID() function does not take a
SECURITY_DESCRIPTOR. The fact it *seems* to is an artifact
of a SECURITY_DESCRIPTOR implementing the buffer protocol,
and the fact that SID() can be constructed with a buffer
assumed to be valid SID bits. Thus, your code is attempting
to create a SID from the bits in the SECURITY_DESCRIPTOR.
The code should change to:
o =
win32security.GetFileSecurity(f,win32security.OWNER_SECURITY_INFORMATION)
s = o.GetSecurityDescriptorOwner()
s is not the SID of the owner of the file. There is also
GetSecurityDescriptorGroup(), etc.
----------------------------------------------------------------------
Comment By: Tim Peters (tim_one)
Date: 2001-11-14 05:00
Message:
Logged In: YES
user_id=31435
Reassigned to MarkH, as this is in the Win32 extensions.
----------------------------------------------------------------------
You can respond by visiting:
http://sourceforge.net/tracker/?func=detail&atid=105470&aid=481284&group_id=5470