FileSecurityTest.py : » Windows » pyExcelerator » pywin32-214 » win32 » Demos » Python Open Source

1.	3.1.2 Python
2.	Ajax
3.	Aspect Oriented
4.	Blog
5.	Build
6.	Business Application
7.	Chart Report
8.	Content Management Systems
9.	Cryptographic
10.	Database
11.	Development
12.	Editor
13.	Email
14.	ERP
15.	Game 2D 3D
16.	GIS
17.	GUI
18.	IDE
19.	Installer
20.	IRC
21.	Issue Tracker
22.	Language Interface
23.	Log
24.	Math
25.	Media Sound Audio
26.	Mobile
27.	Network
28.	Parser
29.	PDF
30.	Project Management
31.	RSS
32.	Search
33.	Security
34.	Template Engines
35.	Test
36.	UML
37.	USB Serial
38.	Web Frameworks
39.	Web Server
40.	Web Services
41.	Web Unit
42.	Wiki
43.	Windows
44.	XML

Python Open Source » Windows » pyExcelerator

pyExcelerator » pywin32 214 » win32 » Demos » FileSecurityTest.py

# Contributed by Kelly Kranabetter.
import os, sys
import win32security, ntsecuritycon

# get security information
#name=r"c:\autoexec.bat"
#name= r"g:\!workgrp\lim"
name=sys.argv[0]

if not os.path.exists(name):
    print name, "does not exist!"
    sys.exit()

print "On file " , name, "\n"

# get owner SID
print "OWNER"
sd= win32security.GetFileSecurity(name, win32security.OWNER_SECURITY_INFORMATION)
sid= sd.GetSecurityDescriptorOwner()
print "  ", win32security.LookupAccountSid(None, sid)

# get group SID
print "GROUP"
sd= win32security.GetFileSecurity(name, win32security.GROUP_SECURITY_INFORMATION)
sid= sd.GetSecurityDescriptorGroup()
print "  ", win32security.LookupAccountSid(None, sid)

# get ACEs
sd= win32security.GetFileSecurity(name, win32security.DACL_SECURITY_INFORMATION)
dacl= sd.GetSecurityDescriptorDacl()
if dacl == None:
    print "No Discretionary ACL"
else:
    for ace_no in range(0, dacl.GetAceCount()):
        ace= dacl.GetAce(ace_no)
        print "ACE", ace_no

        print "  -Type"
        for i in ("ACCESS_ALLOWED_ACE_TYPE", "ACCESS_DENIED_ACE_TYPE", "SYSTEM_AUDIT_ACE_TYPE", "SYSTEM_ALARM_ACE_TYPE"):
            if getattr(ntsecuritycon, i) == ace[0][0]:
                print "    ", i

        print "  -Flags", hex(ace[0][1])
        for i in ("OBJECT_INHERIT_ACE", "CONTAINER_INHERIT_ACE", "NO_PROPAGATE_INHERIT_ACE", "INHERIT_ONLY_ACE", "SUCCESSFUL_ACCESS_ACE_FLAG", "FAILED_ACCESS_ACE_FLAG"):
            if getattr(ntsecuritycon, i) & ace[0][1] == getattr(ntsecuritycon, i):
                print "    ", i

        print "  -mask", hex(ace[1])

        # files and directories do permissions differently
        permissions_file= ("DELETE", "READ_CONTROL", "WRITE_DAC", "WRITE_OWNER", "SYNCHRONIZE", "FILE_GENERIC_READ", "FILE_GENERIC_WRITE", "FILE_GENERIC_EXECUTE", "FILE_DELETE_CHILD")
        permissions_dir= ("DELETE", "READ_CONTROL", "WRITE_DAC", "WRITE_OWNER", "SYNCHRONIZE", "FILE_ADD_SUBDIRECTORY", "FILE_ADD_FILE", "FILE_DELETE_CHILD", "FILE_LIST_DIRECTORY", "FILE_TRAVERSE", "FILE_READ_ATTRIBUTES", "FILE_WRITE_ATTRIBUTES", "FILE_READ_EA", "FILE_WRITE_EA")
        permissions_dir_inherit= ("DELETE", "READ_CONTROL", "WRITE_DAC", "WRITE_OWNER", "SYNCHRONIZE", "GENERIC_READ", "GENERIC_WRITE", "GENERIC_EXECUTE", "GENERIC_ALL")
        if os.path.isfile(name):
            permissions= permissions_file
        else:
            permissions= permissions_dir
            # directories also contain an ACE that is inherited by children (files) within them
            if ace[0][1] & ntsecuritycon.OBJECT_INHERIT_ACE == ntsecuritycon.OBJECT_INHERIT_ACE and ace[0][1] & ntsecuritycon.INHERIT_ONLY_ACE == ntsecuritycon.INHERIT_ONLY_ACE:
                permissions= permissions_dir_inherit

        calc_mask= 0  # calculate the mask so we can see if we are printing all of the permissions
        for i in permissions:
            if getattr(ntsecuritycon, i) & ace[1] == getattr(ntsecuritycon, i):
                calc_mask= calc_mask | getattr(ntsecuritycon, i)
                print "    ", i
        print "  ", "Calculated Check Mask=", hex(calc_mask)
        print "  -SID\n    ", win32security.LookupAccountSid(None, ace[2])

www.java2java.com | Contact Us

All other trademarks are property of their respective owners.