我正在尝试使用以下代码(模仿Tim Golden提出的补丁,使其能够从Windows ACLs中读取文件和目录的访问权限)来读取Windows中的文件和目录的访问权限:
from ctypes import(
windll,
wintypes,
c_char_p,
c_void_p,
byref
)
from win32api import GetCurrentThread
from win32security import (
GetFileSecurity,
DACL_SECURITY_INFORMATION,
ImpersonateSelf,
SecurityImpersonation,
OpenThreadToken,
TOKEN_ALL_ACCESS,
MapGenericMask
)
from ntsecuritycon import (
FILE_READ_DATA,
FILE_WRITE_DATA,
FILE_EXECUTE,
FILE_ALL_ACCESS
)
import pywintypes
import winnt
TRUE = 1
def CheckAccess(path,AccessDesired):
result = wintypes.BOOL()
granted = wintypes.DWORD(0)
privsetlength = wintypes.DWORD(0)
fileSD = GetFileSecurity(path, DACL_SECURITY_INFORMATION)
if not fileSD.IsValid():
raise Exception("Invalid security descriptor")
ImpersonateSelf(SecurityImpersonation)
token = OpenThreadToken(GetCurrentThread(), TOKEN_ALL_ACCESS, TRUE)
mapping = wintypes.DWORD(MapGenericMask(AccessDesired,
(FILE_READ_DATA, FILE_WRITE_DATA, FILE_EXECUTE, FILE_ALL_ACCESS)))
if not windll.advapi32.AccessCheck(
c_char_p(str(buffer(fileSD))),
wintypes.HANDLE(int(token)),
AccessDesired,
byref(mapping),
c_void_p(0), #privilege set, optional
byref(privsetlength), #size of optional privilege set
byref(granted),
byref(result)
):
code = GetLastError()
raise WindowsError(GetLastError(),FormatMessage(code))
return bool(result)
def HasReadAccess(path):
return CheckAccess(path,FILE_READ_DATA)
def HasWriteAccess(path):
return CheckAccess(path,FILE_WRITE_DATA)
if __name__ == "__main__":
print(HasReadAccess("C:/Python26"))
然而,每次运行时我都会得到以下结果:
WindowsError: [Error 1338] The security descriptor structure is invalid.
我该如何将SecurityDescriptor传递给AccessCheck函数?
编辑:将DACL_SECURITY_INFORMATION参数改为DACL_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION | OWNER_SECURITY_INFORMATION后,我得到了以下结果:
WindowsError: [Error 122] The data area passed to a system call is too small.
privsetlength = wintypes.DWORD(0)
替换为privsetlength = wintypes.DWORD(20)
,并将c_void_p(0)
替换为类似于create_string_buffer(20)
的东西。(过去一年半里,我一直很高兴地忘记了所有涉及 Python ctypes 模块的事情。) - Stuart P. Bentley