堆栈内存溢出
  简体   繁体   English

如何获得有效的文件权限?

[英]How can I get effective file permissions?

 原文  2018-03-22 12:36:17       python/ c/ windows/ file-permissions

问题描述

I'm trying to get file effective permissions . 我正在尝试获取文件有效权限 What is the best way to do that? 最好的方法是什么?

I'm trying to use win32security but GetEffectiveRightsFromAcl(trustee) function needs the PyTRUSTEE parameter. 我正在尝试使用win32securityGetEffectiveRightsFromAcl(trustee)函数需要PyTRUSTEE参数。 And I don't know how to set it correctly. 而且我不知道如何正确设置它。

As a result, I need to get the same permissions as with Get-EffectiveAccess calling in PowerShell. 结果,我需要获得与在PowerShell中调用Get-EffectiveAccess相同的权限。

We were tried to use Authz.h but in that case we got the Audit failure in Windows Event Viewer. 我们尝试使用Authz.h但是在那种情况下,我们在Windows Event Viewer中遇到了Audit失败。

We also tried to use GetEffectiveRightsFromAcl from Aclapi.h but it can become a reason of server hangup in case when we have a lot of files. 我们还尝试使用Aclapi.h GetEffectiveRightsFromAcl ,但是如果我们有很多文件,这可能会成为服务器挂起的原因。

python: 蟒蛇: 

dacl = win32security.GetNamedSecurityInfo( FILENAME,
 win32security.SE_FILE_OBJECT,
 win32security.DACL_SECURITY_INFORMATION).GetSecurityDescriptorDacl()
mask = dacl.GetEffectiveRightsFromAcl( ??? )

Authz.h : Authz.h 

AuthzInitializeResourceManager(AUTHZ_RM_FLAG_NO_AUDIT, NULL, NULL, NULL, NULL, &hManager);
AuthzInitializeContextFromSid(0, psid, hManager, NULL, unusedId, NULL, &hAuthzClientContext);
AuthzFreeResourceManager(hManager);

accessRequest->DesiredAccess = MAXIMUM_ALLOWED;
accessRequest->PrincipalSelfSid = NULL;
accessRequest->ObjectTypeList = NULL;
accessRequest->ObjectTypeListLength = 0;
accessRequest->OptionalArguments = NULL;
RtlZeroMemory(Buffer, sizeof(Buffer));
accessReply->ResultListLength = 1;

accessReply->GrantedAccessMask = (PACCESS_MASK)LocalAlloc(LPTR, sizeof(ACCESS_MASK));
accessReply->Error = (PDWORD)(Buffer + sizeof(ACCESS_MASK));

AuthzAccessCheck(0, hAuthzClient, accessRequest, NULL, psd, NULL, 0, accessReply, NULL)

Aclapi.h 阿克拉皮 

ACCESS_MASK accessRights;
TRUSTEE trustee;

BuildTrusteeWithName(&trustee, trav->user);
retcode = GetEffectiveRightsFromAcl( acl,&trustee,&accessRights);

I'm need to get something like that: 我需要得到这样的东西:

FILE_READ_DATA FILE_READ_DATA
FILE_WRITE_DATA FILE_WRITE_DATA
FILE_APPEND_DATA FILE_APPEND_DATA
FILE_READ_EA FILE_READ_EA
FILE_WRITE_EA FILE_WRITE_EA
FILE_EXECUTE FILE_EXECUTE
FILE_DELETE_CHILD FILE_DELETE_CHILD
FILE_READ_ATTRIBUTE FILE_READ_ATTRIBUTE
FILE_WRITE_ATTRIBUTE FILE_WRITE_ATTRIBUTE
DELETE 删除
READ_CONTROL READ_CONTROL
WRITE_DAC WRITE_DAC
WRITE_OWNER WRITE_OWNER
SYNCHRONIZE 同步

1 个解决方案

解决方案1
 0  2018-03-29 13:16:20

I got some result using @eryksun help. 使用@eryksun帮助我得到了一些结果。 Thanks. 谢谢。 Also I found this useful example . 我也发现了这个有用的例子 

def print_permissions(mask):
print("PERMISSION:",
      1 if bool(mask & 0x00000001) else 0,
      1 if bool(mask & 0x00000002) else 0,
      1 if bool(mask & 0x00000004) else 0,
      1 if bool(mask & 0x00000008) else 0,
      1 if bool(mask & 0x00000010) else 0,
      1 if bool(mask & 0x00000020) else 0,
      1 if bool(mask & 0x00000040) else 0,
      1 if bool(mask & 0x00000080) else 0,
      1 if bool(mask & 0x00000100) else 0,
      1 if bool(mask & 0x00010000) else 0,
      1 if bool(mask & 0x00020000) else 0,
      1 if bool(mask & 0x00040000) else 0,
      1 if bool(mask & 0x00080000) else 0,
      1 if bool(mask & 0x00100000) else 0)

def get_permissions(dacl):
for n_ace in range(dacl.GetAceCount()):
    ace = dacl.GetAce(n_ace)
    (ace_type, ace_flags) = ace[0]
    if ace_type in CONVENTIONAL_ACES:
        mask, sid = ace[1:]
    else:
        mask, object_type, inherited_object_type, sid = ace[1:]
    name, domain, type = win32security.LookupAccountSid(None, sid)
    print("\nUSER:", name)
    print_permissions(mask)

for f in files:
    try:
        dacl = win32security.GetNamedSecurityInfo(
            f,
            win32security.SE_FILE_OBJECT,
            win32security.DACL_SECURITY_INFORMATION).GetSecurityDescriptorDacl()
    except BaseException as ex:
        winerror, funcname, strerror = ex.args
        print("Error: ", winerror,"\n")
    else:
        get_permissions(dacl)

I don't use GetEffectiveRightsFromAcl because it's contained in the ace. 我不使用GetEffectiveRightsFromAcl因为它包含在ace中。

When I tried to create a token with Privilege Constants I also got the same Audit Failure (in System Account case). 当我尝试使用权限常量创建令牌时,我也遇到了相同的Audit Failure (在系统帐户的情况下)。 So I didn't found any result that will work without Audit Faulire in both cases (System Account and Administrator) (except PowerShell). 因此,在这两种情况下(系统帐户和管理员)(PowerShell除外),我都没有找到没有Audit Faulire任何结果都找不到。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何获得 Python 中的默认文件权限? - How can I get the default file permissions in Python? 如何在Python中更改文件权限? - How can I change the file permissions in Python? 如何以最有效的方式在嵌套字典中获取指定的键值? - How can I get the specified key value in a nested dictionary in a most effective way? 如何使用while循环编写有效的游戏代码测试? - How can I write an effective test for game code with a while loop? 如何创建可以执行的文件(具有执行权限) - how do I create a file that I can execute (has execute permissions) 如何使用stat检查文件权限? - How do I check file permissions with stat? (discord.py) 如何获取用户拥有多少权限的列表 - (discord.py) How can I get a list of how many permissions a user has 如何在django监护人中获取用户具有特定权限的所有对象? - How can I get all objects a user has specific permissions to in django guardian? Discord.py Rewrite - 如何获得用户的权限列表? - Discord.py Rewrite - How can I get a user's permissions as a list? 如何使用 Raspberry Pi 动作播放音频文件? 可能的权限问题? - How can I play an audio file using Raspberry Pi motion? Possible permissions issue?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM