[Python-bugs-list] [ python-Bugs-481284 ] GetFileSecurity returns wrong SID

noreply@sourceforge.net noreply@sourceforge.net
Sun, 23 Jun 2002 15:59:31 -0700 

Bugs item #481284, was opened at 2001-11-13 05:34
You can respond by visiting: 
http://sourceforge.net/tracker/?func=detail&atid=105470&aid=481284&group_id=5470

Category: Windows
Group: Platform-specific
Status: Closed
Resolution: Works For Me
Priority: 5
Submitted By: Ruben Marquez (rrm1)
Assigned to: Mark Hammond (mhammond)
Summary: GetFileSecurity returns wrong SID

Initial Comment:
The following code printes PySID:S-1-0x008014000000 for
every file on any machine, independent of the real 
ower of the file:

for f in glob.glob("d:/*.*"):
    try:
        o =
win32security.GetFileSecurity
(f,win32security.OWNER_SECURITY_INFORMATION)
        s = win32security.SID(o)
        print str(s),
    except:
        print "n/a",
    print "   ",f

----------
Interestingly,

def prsid(name):
    import string
    print string.rjust(name,20),
    try:
        sid,box,what=win32security.LookupAccountName
(None,name)
        print str(sid),box,what
    except:
        print "oops"

Works well, so it doesn't seem to be a problem with 
PySIDs.

Thanks for your help in resolving this.

P.S.: (Discussed in http://groups.google.com/groups?
hl=en&th=b808d773d7ba0fee)

----------------------------------------------------------------------

Comment By: Nobody/Anonymous (nobody)
Date: 2002-06-23 15:59

Message:
Logged In: NO 

Hi Mark,

  I've had a read through all of the information that I could on 
this, and the problem resolution that you've outlined here 
doesn't seem to be valid.  That is, if I use:
fileSecurity = win32security.GetFileSecurity
('c:/winnt',win32security.OWNER_SECURITY_INFORMATION)

and then watch fileSecurity in a debugger like Komodo, I find 
that there are only three object methods available, 
fileSecurity.Initialize()
fileSecurity.SetDacl()
fileSecuiryt.SetSecurityDescriptorDacl()

I haven't yet gotten desperate enough to use a tool that 
allows the inspection of the contents of RAM to find out 
what's in the fileSecurity object, but I'm getting close to it... ;-)

To be completely explicit, if I use:
import win32security
fileSecurity = win32security.GetFileSecurity
('c:/winnt',win32security.OWNER_SECURITY_INFORMATION)
secInfo = fileSecurity.GetSecurityDescriptorOwner()

Python errors and the traceback looks like this:
Traceback (most recent call last):
  File "getfilesecurity.py", line 17, in ?
    secInfo = fileSecurity.GetSecurityDesc
AttributeError: GetSecurityDescriptorOwner

I love Python and would dearly like to use this API to do 
some work...  I found a white paper written by someone that 
talked about the possibility of extending a Python module 
with SWIG to use the GetNamedSecurityInfo() API, but I don't 
have a C compiler ATM to knock the code up with :-(
Oh, and just as background, basically, I'm writing a class 
library to allow someone to list each unique NT account that 
has rights to a file/directory and what those (cumulative) 
rights are.  I already have a basic class that will enumerate 
individual user accounts in local groups for me, now I just 
need to extend it to point at groups in ACLs...

Please please please assist;
Cheers,
Darryl Dixon

----------------------------------------------------------------------

Comment By: Mark Hammond (mhammond)
Date: 2002-03-27 19:37

Message:
Logged In: YES 
user_id=14198

This is not a bug.  The SID() function does not take a
SECURITY_DESCRIPTOR.  The fact it *seems* to is an artifact
of a SECURITY_DESCRIPTOR implementing the buffer protocol,
and the fact that SID() can be constructed with a buffer
assumed to be valid SID bits.  Thus, your code is attempting
to create a SID from the bits in the SECURITY_DESCRIPTOR.

The code should change to:
    o =
win32security.GetFileSecurity(f,win32security.OWNER_SECURITY_INFORMATION)
    s = o.GetSecurityDescriptorOwner()

s is not the SID of the owner of the file.  There is also
GetSecurityDescriptorGroup(), etc.

----------------------------------------------------------------------

Comment By: Tim Peters (tim_one)
Date: 2001-11-13 08:00

Message:
Logged In: YES 
user_id=31435

Reassigned to MarkH, as this is in the Win32 extensions.

----------------------------------------------------------------------

You can respond by visiting: 
http://sourceforge.net/tracker/?func=detail&atid=105470&aid=481284&group_id=5470