我正在尝试使用此代码读取Windows中文件和目录的访问权限(在Tim Golden's proposed patch to os.access to make it read from ACLs on Windows之后模式化):
from ctypes import(
windll,
wintypes,
c_char_p,
c_void_p,
byref
)
from win32api import GetCurrentThread
from win32security import (
GetFileSecurity,
DACL_SECURITY_INFORMATION,
ImpersonateSelf,
SecurityImpersonation,
OpenThreadToken,
TOKEN_ALL_ACCESS,
MapGenericMask
)
from ntsecuritycon import (
FILE_READ_DATA,
FILE_WRITE_DATA,
FILE_EXECUTE,
FILE_ALL_ACCESS
)
import pywintypes
import winnt
TRUE = 1
def CheckAccess(path,AccessDesired):
result = wintypes.BOOL()
granted = wintypes.DWORD(0)
privsetlength = wintypes.DWORD(0)
fileSD = GetFileSecurity(path, DACL_SECURITY_INFORMATION)
if not fileSD.IsValid():
raise Exception("Invalid security descriptor")
ImpersonateSelf(SecurityImpersonation)
token = OpenThreadToken(GetCurrentThread(), TOKEN_ALL_ACCESS, TRUE)
mapping = wintypes.DWORD(MapGenericMask(AccessDesired,
(FILE_READ_DATA, FILE_WRITE_DATA, FILE_EXECUTE, FILE_ALL_ACCESS)))
if not windll.advapi32.AccessCheck(
c_char_p(str(buffer(fileSD))),
wintypes.HANDLE(int(token)),
AccessDesired,
byref(mapping),
c_void_p(0), #privilege set, optional
byref(privsetlength), #size of optional privilege set
byref(granted),
byref(result)
):
code = GetLastError()
raise WindowsError(GetLastError(),FormatMessage(code))
return bool(result)
def HasReadAccess(path):
return CheckAccess(path,FILE_READ_DATA)
def HasWriteAccess(path):
return CheckAccess(path,FILE_WRITE_DATA)
if __name__ == "__main__":
print(HasReadAccess("C:/Python26"))
然而,每次我这样做,我都会得到这个:
WindowsError: [Error 1338] The security descriptor structure is invalid.
我应该如何将SecurityDescriptor传递给AccessCheck?
编辑:将DACL_SECURITY_INFORMATION更改为DACL_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION | OWNER_SECURITY_INFORMATION给了我这个:
WindowsError: [Error 122] The data area passed to a system call is too small.
答案 0 :(得分:5)
显然,“可选”Windows意味着“必需”。我通过分配缓冲区并传递PRIVILEGE_SET(20)的大小来修复它。