[Python-bugs-list] [ python-Bugs-481284 ] GetFileSecurity returns wrong SID
noreply@sourceforge.net
noreply@sourceforge.net
Sun, 23 Jun 2002 15:59:31 -0700
Bugs item #481284, was opened at 2001-11-13 05:34
You can respond by visiting:
http://sourceforge.net/tracker/?func=detail&atid=105470&aid=481284&group_id=5470
Category: Windows
Group: Platform-specific
Status: Closed
Resolution: Works For Me
Priority: 5
Submitted By: Ruben Marquez (rrm1)
Assigned to: Mark Hammond (mhammond)
Summary: GetFileSecurity returns wrong SID
Initial Comment:
The following code printes PySID:S-1-0x008014000000 for
every file on any machine, independent of the real
ower of the file:
for f in glob.glob("d:/*.*"):
try:
o =
win32security.GetFileSecurity
(f,win32security.OWNER_SECURITY_INFORMATION)
s = win32security.SID(o)
print str(s),
except:
print "n/a",
print " ",f
----------
Interestingly,
def prsid(name):
import string
print string.rjust(name,20),
try:
sid,box,what=win32security.LookupAccountName
(None,name)
print str(sid),box,what
except:
print "oops"
Works well, so it doesn't seem to be a problem with
PySIDs.
Thanks for your help in resolving this.
P.S.: (Discussed in http://groups.google.com/groups?
hl=en&th=b808d773d7ba0fee)
----------------------------------------------------------------------
Comment By: Nobody/Anonymous (nobody)
Date: 2002-06-23 15:59
Message:
Logged In: NO
Hi Mark,
I've had a read through all of the information that I could on
this, and the problem resolution that you've outlined here
doesn't seem to be valid. That is, if I use:
fileSecurity = win32security.GetFileSecurity
('c:/winnt',win32security.OWNER_SECURITY_INFORMATION)
and then watch fileSecurity in a debugger like Komodo, I find
that there are only three object methods available,
fileSecurity.Initialize()
fileSecurity.SetDacl()
fileSecuiryt.SetSecurityDescriptorDacl()
I haven't yet gotten desperate enough to use a tool that
allows the inspection of the contents of RAM to find out
what's in the fileSecurity object, but I'm getting close to it... ;-)
To be completely explicit, if I use:
import win32security
fileSecurity = win32security.GetFileSecurity
('c:/winnt',win32security.OWNER_SECURITY_INFORMATION)
secInfo = fileSecurity.GetSecurityDescriptorOwner()
Python errors and the traceback looks like this:
Traceback (most recent call last):
File "getfilesecurity.py", line 17, in ?
secInfo = fileSecurity.GetSecurityDesc
AttributeError: GetSecurityDescriptorOwner
I love Python and would dearly like to use this API to do
some work... I found a white paper written by someone that
talked about the possibility of extending a Python module
with SWIG to use the GetNamedSecurityInfo() API, but I don't
have a C compiler ATM to knock the code up with :-(
Oh, and just as background, basically, I'm writing a class
library to allow someone to list each unique NT account that
has rights to a file/directory and what those (cumulative)
rights are. I already have a basic class that will enumerate
individual user accounts in local groups for me, now I just
need to extend it to point at groups in ACLs...
Please please please assist;
Cheers,
Darryl Dixon
----------------------------------------------------------------------
Comment By: Mark Hammond (mhammond)
Date: 2002-03-27 19:37
Message:
Logged In: YES
user_id=14198
This is not a bug. The SID() function does not take a
SECURITY_DESCRIPTOR. The fact it *seems* to is an artifact
of a SECURITY_DESCRIPTOR implementing the buffer protocol,
and the fact that SID() can be constructed with a buffer
assumed to be valid SID bits. Thus, your code is attempting
to create a SID from the bits in the SECURITY_DESCRIPTOR.
The code should change to:
o =
win32security.GetFileSecurity(f,win32security.OWNER_SECURITY_INFORMATION)
s = o.GetSecurityDescriptorOwner()
s is not the SID of the owner of the file. There is also
GetSecurityDescriptorGroup(), etc.
----------------------------------------------------------------------
Comment By: Tim Peters (tim_one)
Date: 2001-11-13 08:00
Message:
Logged In: YES
user_id=31435
Reassigned to MarkH, as this is in the Win32 extensions.
----------------------------------------------------------------------
You can respond by visiting:
http://sourceforge.net/tracker/?func=detail&atid=105470&aid=481284&group_id=5470