I am trying to read access to files and directories on Windows using this code (with the image after Tim Golden suggested a patch for os.access to read from ACLs on Windows ):
from ctypes import(
windll,
wintypes,
c_char_p,
c_void_p,
byref
)
from win32api import GetCurrentThread
from win32security import (
GetFileSecurity,
DACL_SECURITY_INFORMATION,
ImpersonateSelf,
SecurityImpersonation,
OpenThreadToken,
TOKEN_ALL_ACCESS,
MapGenericMask
)
from ntsecuritycon import (
FILE_READ_DATA,
FILE_WRITE_DATA,
FILE_EXECUTE,
FILE_ALL_ACCESS
)
import pywintypes
import winnt
TRUE = 1
def CheckAccess(path,AccessDesired):
result = wintypes.BOOL()
granted = wintypes.DWORD(0)
privsetlength = wintypes.DWORD(0)
fileSD = GetFileSecurity(path, DACL_SECURITY_INFORMATION)
if not fileSD.IsValid():
raise Exception("Invalid security descriptor")
ImpersonateSelf(SecurityImpersonation)
token = OpenThreadToken(GetCurrentThread(), TOKEN_ALL_ACCESS, TRUE)
mapping = wintypes.DWORD(MapGenericMask(AccessDesired,
(FILE_READ_DATA, FILE_WRITE_DATA, FILE_EXECUTE, FILE_ALL_ACCESS)))
if not windll.advapi32.AccessCheck(
c_char_p(str(buffer(fileSD))),
wintypes.HANDLE(int(token)),
AccessDesired,
byref(mapping),
c_void_p(0),
byref(privsetlength),
byref(granted),
byref(result)
):
code = GetLastError()
raise WindowsError(GetLastError(),FormatMessage(code))
return bool(result)
def HasReadAccess(path):
return CheckAccess(path,FILE_READ_DATA)
def HasWriteAccess(path):
return CheckAccess(path,FILE_WRITE_DATA)
if __name__ == "__main__":
print(HasReadAccess("C:/Python26"))
However, every time I run this, I get the following:
WindowsError: [Error 1338] The security descriptor structure is invalid.
How can I pass a SecurityDescriptor to AccessCheck?
EDIT: Change DACL_SECURITY_INFORMATION to DACL_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION | OWNER_SECURITY_INFORMATION gives me the following:
WindowsError: [Error 122] The data area passed to a system call is too small.