[Python-bugs-list] [ python-Bugs-481284 ] GetFileSecurity returns wrong SID

noreply@sourceforge.net noreply@sourceforge.net
Wed, 27 Mar 2002 19:37:05 -0800 

Bugs item #481284, was opened at 2001-11-14 00:34
You can respond by visiting: 
http://sourceforge.net/tracker/?func=detail&atid=105470&aid=481284&group_id=5470

Category: Windows
Group: Platform-specific
>Status: Closed
>Resolution: Works For Me
Priority: 5
Submitted By: Ruben Marquez (rrm1)
Assigned to: Mark Hammond (mhammond)
Summary: GetFileSecurity returns wrong SID

Initial Comment:
The following code printes PySID:S-1-0x008014000000 for
every file on any machine, independent of the real 
ower of the file:

for f in glob.glob("d:/*.*"):
    try:
        o =
win32security.GetFileSecurity
(f,win32security.OWNER_SECURITY_INFORMATION)
        s = win32security.SID(o)
        print str(s),
    except:
        print "n/a",
    print "   ",f

----------
Interestingly,

def prsid(name):
    import string
    print string.rjust(name,20),
    try:
        sid,box,what=win32security.LookupAccountName
(None,name)
        print str(sid),box,what
    except:
        print "oops"

Works well, so it doesn't seem to be a problem with 
PySIDs.

Thanks for your help in resolving this.

P.S.: (Discussed in http://groups.google.com/groups?
hl=en&th=b808d773d7ba0fee)

----------------------------------------------------------------------

>Comment By: Mark Hammond (mhammond)
Date: 2002-03-28 14:37

Message:
Logged In: YES 
user_id=14198

This is not a bug.  The SID() function does not take a
SECURITY_DESCRIPTOR.  The fact it *seems* to is an artifact
of a SECURITY_DESCRIPTOR implementing the buffer protocol,
and the fact that SID() can be constructed with a buffer
assumed to be valid SID bits.  Thus, your code is attempting
to create a SID from the bits in the SECURITY_DESCRIPTOR.

The code should change to:
    o =
win32security.GetFileSecurity(f,win32security.OWNER_SECURITY_INFORMATION)
    s = o.GetSecurityDescriptorOwner()

s is not the SID of the owner of the file.  There is also
GetSecurityDescriptorGroup(), etc.

----------------------------------------------------------------------

Comment By: Tim Peters (tim_one)
Date: 2001-11-14 03:00

Message:
Logged In: YES 
user_id=31435

Reassigned to MarkH, as this is in the Win32 extensions.

----------------------------------------------------------------------

You can respond by visiting: 
http://sourceforge.net/tracker/?func=detail&atid=105470&aid=481284&group_id=5470