Merge lp:~facundo/ubuntuone-client/win-user2sid into lp:ubuntuone-client
- win-user2sid
- Merge into trunk
Proposed by
Facundo Batista
| Status: | Merged |
|---|---|
| Approved by: | Natalia Bidart |
| Approved revision: | 1068 |
| Merged at revision: | 1066 |
| Proposed branch: | lp:~facundo/ubuntuone-client/win-user2sid |
| Merge into: | lp:ubuntuone-client |
| Diff against target: |
365 lines (+74/-90) 2 files modified
tests/platform/windows/test_os_helper.py (+40/-44) ubuntuone/platform/windows/os_helper.py (+34/-46) |
| To merge this branch: | bzr merge lp:~facundo/ubuntuone-client/win-user2sid |
| Related bugs: |
| Reviewer | Review Type | Date Requested | Status |
|---|---|---|---|
| Natalia Bidart (community) | Approve | ||
| Manuel de la Peña (community) | Approve | ||
|
Review via email:
|
|||
Commit message
Use SIDs instead user account names.
Description of the change
Use SIDs instead user account names.
This change not only affects to the current user account, but also the Administrators and Everyone ones.
Tests changed too.
To post a comment you must log in.
Revision history for this message
| Manuel de la Peña (mandel) : | # |
review:
Approve
- 1067. By Facundo Batista
-
Make lint happy
- 1068. By Facundo Batista
-
PySID is not hashable: use a list
Preview Diff
[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
| 1 | === modified file 'tests/platform/windows/test_os_helper.py' | |||
| 2 | --- tests/platform/windows/test_os_helper.py 2011-07-21 13:40:32 +0000 | |||
| 3 | +++ tests/platform/windows/test_os_helper.py 2011-07-26 20:09:31 +0000 | |||
| 4 | @@ -19,7 +19,6 @@ | |||
| 5 | 19 | import os | 19 | import os |
| 6 | 20 | import errno | 20 | import errno |
| 7 | 21 | 21 | ||
| 8 | 22 | from win32api import GetUserName | ||
| 9 | 23 | from ntsecuritycon import ( | 22 | from ntsecuritycon import ( |
| 10 | 24 | FILE_ALL_ACCESS, | 23 | FILE_ALL_ACCESS, |
| 11 | 25 | FILE_GENERIC_READ, | 24 | FILE_GENERIC_READ, |
| 12 | @@ -27,6 +26,10 @@ | |||
| 13 | 27 | ) | 26 | ) |
| 14 | 28 | 27 | ||
| 15 | 29 | from ubuntuone.platform.windows.os_helper import ( | 28 | from ubuntuone.platform.windows.os_helper import ( |
| 16 | 29 | EVERYONE_SID, | ||
| 17 | 30 | LONG_PATH_PREFIX, | ||
| 18 | 31 | USER_SID, | ||
| 19 | 32 | WINDOWS_ILLEGAL_CHARS_MAP, | ||
| 20 | 30 | _set_file_attributes, | 33 | _set_file_attributes, |
| 21 | 31 | access, | 34 | access, |
| 22 | 32 | can_write, | 35 | can_write, |
| 23 | @@ -41,12 +44,9 @@ | |||
| 24 | 41 | rename, | 44 | rename, |
| 25 | 42 | replace_illegal_chars_with_unicode, | 45 | replace_illegal_chars_with_unicode, |
| 26 | 43 | replace_unicode_with_illegal_chars, | 46 | replace_unicode_with_illegal_chars, |
| 27 | 47 | set_file_readwrite, | ||
| 28 | 44 | set_no_rights, | 48 | set_no_rights, |
| 29 | 45 | set_file_readwrite, | ||
| 30 | 46 | stat_path, | 49 | stat_path, |
| 31 | 47 | EVERYONE_GROUP, | ||
| 32 | 48 | LONG_PATH_PREFIX, | ||
| 33 | 49 | WINDOWS_ILLEGAL_CHARS_MAP, | ||
| 34 | 50 | ) | 50 | ) |
| 35 | 51 | from contrib.testing.testcase import BaseTwistedTestCase | 51 | from contrib.testing.testcase import BaseTwistedTestCase |
| 36 | 52 | 52 | ||
| 37 | @@ -278,75 +278,73 @@ | |||
| 38 | 278 | def test_access_read_write_user(self): | 278 | def test_access_read_write_user(self): |
| 39 | 279 | """Test when the user sid has rw rights.""" | 279 | """Test when the user sid has rw rights.""" |
| 40 | 280 | # set the file to be read and write just by the user | 280 | # set the file to be read and write just by the user |
| 43 | 281 | groups = {} | 281 | groups = [(USER_SID, FILE_GENERIC_READ | FILE_GENERIC_WRITE)] |
| 42 | 282 | groups[GetUserName()] = FILE_GENERIC_READ | FILE_GENERIC_WRITE | ||
| 44 | 283 | _set_file_attributes(self.testfile, groups) | 282 | _set_file_attributes(self.testfile, groups) |
| 45 | 284 | self.assertTrue(access(self.testfile)) | 283 | self.assertTrue(access(self.testfile)) |
| 46 | 285 | 284 | ||
| 47 | 286 | def test_access_read_write_everyone(self): | 285 | def test_access_read_write_everyone(self): |
| 48 | 287 | """Test when the everyone sid has rw rights.""" | 286 | """Test when the everyone sid has rw rights.""" |
| 51 | 288 | groups = {} | 287 | groups = [(EVERYONE_SID, FILE_GENERIC_READ | FILE_GENERIC_WRITE)] |
| 50 | 289 | groups[EVERYONE_GROUP] = FILE_GENERIC_READ | FILE_GENERIC_WRITE | ||
| 52 | 290 | _set_file_attributes(self.testfile, groups) | 288 | _set_file_attributes(self.testfile, groups) |
| 53 | 291 | self.assertTrue(access(self.testfile)) | 289 | self.assertTrue(access(self.testfile)) |
| 54 | 292 | 290 | ||
| 55 | 293 | def test_access_write_user_everyone_read(self): | 291 | def test_access_write_user_everyone_read(self): |
| 56 | 294 | """Test when the user sid has w rights.""" | 292 | """Test when the user sid has w rights.""" |
| 60 | 295 | groups = {} | 293 | groups = [ |
| 61 | 296 | groups[GetUserName()] = FILE_GENERIC_WRITE | 294 | (USER_SID, FILE_GENERIC_WRITE), |
| 62 | 297 | groups[EVERYONE_GROUP] = FILE_GENERIC_READ | 295 | (EVERYONE_SID, FILE_GENERIC_READ), |
| 63 | 296 | ] | ||
| 64 | 298 | _set_file_attributes(self.testfile, groups) | 297 | _set_file_attributes(self.testfile, groups) |
| 65 | 299 | self.assertTrue(access(self.testfile)) | 298 | self.assertTrue(access(self.testfile)) |
| 66 | 300 | 299 | ||
| 67 | 301 | def test_access_write_everyone_user_read(self): | 300 | def test_access_write_everyone_user_read(self): |
| 68 | 302 | """Test when the everyone sid has w rights""" | 301 | """Test when the everyone sid has w rights""" |
| 72 | 303 | groups = {} | 302 | groups = [ |
| 73 | 304 | groups[GetUserName()] = FILE_GENERIC_READ | 303 | (USER_SID, FILE_GENERIC_READ), |
| 74 | 305 | groups[EVERYONE_GROUP] = FILE_GENERIC_WRITE | 304 | (EVERYONE_SID, FILE_GENERIC_WRITE), |
| 75 | 305 | ] | ||
| 76 | 306 | _set_file_attributes(self.testfile, groups) | 306 | _set_file_attributes(self.testfile, groups) |
| 77 | 307 | self.assertTrue(access(self.testfile)) | 307 | self.assertTrue(access(self.testfile)) |
| 78 | 308 | 308 | ||
| 79 | 309 | def test_access_write_user_everyone(self): | 309 | def test_access_write_user_everyone(self): |
| 80 | 310 | """Test when everyone and user have w rights.""" | 310 | """Test when everyone and user have w rights.""" |
| 84 | 311 | groups = {} | 311 | groups = [ |
| 85 | 312 | groups[GetUserName()] = FILE_GENERIC_WRITE | 312 | (USER_SID, FILE_GENERIC_WRITE), |
| 86 | 313 | groups[EVERYONE_GROUP] = FILE_GENERIC_WRITE | 313 | (EVERYONE_SID, FILE_GENERIC_WRITE), |
| 87 | 314 | ] | ||
| 88 | 314 | _set_file_attributes(self.testfile, groups) | 315 | _set_file_attributes(self.testfile, groups) |
| 89 | 315 | self.assertFalse(access(self.testfile)) | 316 | self.assertFalse(access(self.testfile)) |
| 90 | 316 | 317 | ||
| 91 | 317 | def test_access_read_user(self): | 318 | def test_access_read_user(self): |
| 92 | 318 | """Test when the sid has r rights.""" | 319 | """Test when the sid has r rights.""" |
| 95 | 319 | groups = {} | 320 | groups = [(USER_SID, FILE_GENERIC_READ)] |
| 94 | 320 | groups[GetUserName()] = FILE_GENERIC_READ | ||
| 96 | 321 | _set_file_attributes(self.testfile, groups) | 321 | _set_file_attributes(self.testfile, groups) |
| 97 | 322 | self.assertTrue(access(self.testfile)) | 322 | self.assertTrue(access(self.testfile)) |
| 98 | 323 | 323 | ||
| 99 | 324 | def test_access_read_everyone(self): | 324 | def test_access_read_everyone(self): |
| 100 | 325 | """Test when everyone has r rights.""" | 325 | """Test when everyone has r rights.""" |
| 103 | 326 | groups = {} | 326 | groups = [(EVERYONE_SID, FILE_GENERIC_READ)] |
| 102 | 327 | groups[EVERYONE_GROUP] = FILE_GENERIC_READ | ||
| 104 | 328 | _set_file_attributes(self.testfile, groups) | 327 | _set_file_attributes(self.testfile, groups) |
| 105 | 329 | self.assertTrue(access(self.testfile)) | 328 | self.assertTrue(access(self.testfile)) |
| 106 | 330 | 329 | ||
| 107 | 331 | def test_access_read_user_everyone(self): | 330 | def test_access_read_user_everyone(self): |
| 108 | 332 | """Test when user and everyone have r rights.""" | 331 | """Test when user and everyone have r rights.""" |
| 112 | 333 | groups = {} | 332 | groups = [ |
| 113 | 334 | groups[GetUserName()] = FILE_GENERIC_READ | 333 | (USER_SID, FILE_GENERIC_READ), |
| 114 | 335 | groups[EVERYONE_GROUP] = FILE_GENERIC_READ | 334 | (EVERYONE_SID, FILE_GENERIC_READ), |
| 115 | 335 | ] | ||
| 116 | 336 | _set_file_attributes(self.testfile, groups) | 336 | _set_file_attributes(self.testfile, groups) |
| 117 | 337 | self.assertTrue(access(self.testfile)) | 337 | self.assertTrue(access(self.testfile)) |
| 118 | 338 | 338 | ||
| 119 | 339 | def test_access_full_user(self): | 339 | def test_access_full_user(self): |
| 120 | 340 | """Test when the sid has full control.""" | 340 | """Test when the sid has full control.""" |
| 123 | 341 | groups = {} | 341 | groups = [(USER_SID, FILE_ALL_ACCESS)] |
| 122 | 342 | groups[GetUserName()] = FILE_ALL_ACCESS | ||
| 124 | 343 | _set_file_attributes(self.testfile, groups) | 342 | _set_file_attributes(self.testfile, groups) |
| 125 | 344 | self.assertTrue(access(self.testfile)) | 343 | self.assertTrue(access(self.testfile)) |
| 126 | 345 | 344 | ||
| 127 | 346 | def test_access_full_everyone(self): | 345 | def test_access_full_everyone(self): |
| 128 | 347 | """test when everyone has full control.""" | 346 | """test when everyone has full control.""" |
| 131 | 348 | groups = {} | 347 | groups = [(EVERYONE_SID, FILE_ALL_ACCESS)] |
| 130 | 349 | groups[EVERYONE_GROUP] = FILE_ALL_ACCESS | ||
| 132 | 350 | _set_file_attributes(self.testfile, groups) | 348 | _set_file_attributes(self.testfile, groups) |
| 133 | 351 | self.assertTrue(access(self.testfile)) | 349 | self.assertTrue(access(self.testfile)) |
| 134 | 352 | 350 | ||
| 135 | @@ -360,44 +358,42 @@ | |||
| 136 | 360 | def test_can_write_read_write_user(self): | 358 | def test_can_write_read_write_user(self): |
| 137 | 361 | """Test when the user sid has rw rights.""" | 359 | """Test when the user sid has rw rights.""" |
| 138 | 362 | # set the file to be read and write just by the user | 360 | # set the file to be read and write just by the user |
| 141 | 363 | groups = {} | 361 | groups = [(USER_SID, FILE_GENERIC_READ | FILE_GENERIC_WRITE)] |
| 140 | 364 | groups[GetUserName()] = FILE_GENERIC_READ | FILE_GENERIC_WRITE | ||
| 142 | 365 | _set_file_attributes(self.testfile, groups) | 362 | _set_file_attributes(self.testfile, groups) |
| 143 | 366 | self.assertTrue(can_write(self.testfile)) | 363 | self.assertTrue(can_write(self.testfile)) |
| 144 | 367 | 364 | ||
| 145 | 368 | def test_can_write_read_write_everyone(self): | 365 | def test_can_write_read_write_everyone(self): |
| 146 | 369 | """Test when the everyone sid has rw rights.""" | 366 | """Test when the everyone sid has rw rights.""" |
| 149 | 370 | groups = {} | 367 | groups = [(EVERYONE_SID, FILE_GENERIC_READ | FILE_GENERIC_WRITE)] |
| 148 | 371 | groups[EVERYONE_GROUP] = FILE_GENERIC_READ | FILE_GENERIC_WRITE | ||
| 150 | 372 | _set_file_attributes(self.testfile, groups) | 368 | _set_file_attributes(self.testfile, groups) |
| 151 | 373 | self.assertTrue(can_write(self.testfile)) | 369 | self.assertTrue(can_write(self.testfile)) |
| 152 | 374 | 370 | ||
| 153 | 375 | def test_can_write_write_user_everyone_read(self): | 371 | def test_can_write_write_user_everyone_read(self): |
| 154 | 376 | """Test when the user sid has w rights.""" | 372 | """Test when the user sid has w rights.""" |
| 158 | 377 | groups = {} | 373 | groups = [ |
| 159 | 378 | groups[GetUserName()] = FILE_GENERIC_WRITE | 374 | (USER_SID, FILE_GENERIC_WRITE), |
| 160 | 379 | groups[EVERYONE_GROUP] = FILE_GENERIC_READ | 375 | (EVERYONE_SID, FILE_GENERIC_READ), |
| 161 | 376 | ] | ||
| 162 | 380 | _set_file_attributes(self.testfile, groups) | 377 | _set_file_attributes(self.testfile, groups) |
| 163 | 381 | self.assertTrue(can_write(self.testfile)) | 378 | self.assertTrue(can_write(self.testfile)) |
| 164 | 382 | 379 | ||
| 165 | 383 | def test_can_write_write_everyone_user_read(self): | 380 | def test_can_write_write_everyone_user_read(self): |
| 166 | 384 | """Test when the everyone sid has w rights""" | 381 | """Test when the everyone sid has w rights""" |
| 170 | 385 | groups = {} | 382 | groups = [ |
| 171 | 386 | groups[GetUserName()] = FILE_GENERIC_READ | 383 | (USER_SID, FILE_GENERIC_READ), |
| 172 | 387 | groups[EVERYONE_GROUP] = FILE_GENERIC_WRITE | 384 | (EVERYONE_SID, FILE_GENERIC_WRITE), |
| 173 | 385 | ] | ||
| 174 | 388 | _set_file_attributes(self.testfile, groups) | 386 | _set_file_attributes(self.testfile, groups) |
| 175 | 389 | self.assertTrue(can_write(self.testfile)) | 387 | self.assertTrue(can_write(self.testfile)) |
| 176 | 390 | 388 | ||
| 177 | 391 | def test_can_write_full_user(self): | 389 | def test_can_write_full_user(self): |
| 178 | 392 | """Test when the sid has full control.""" | 390 | """Test when the sid has full control.""" |
| 181 | 393 | groups = {} | 391 | groups = [(USER_SID, FILE_ALL_ACCESS)] |
| 180 | 394 | groups[GetUserName()] = FILE_ALL_ACCESS | ||
| 182 | 395 | _set_file_attributes(self.testfile, groups) | 392 | _set_file_attributes(self.testfile, groups) |
| 183 | 396 | self.assertTrue(can_write(self.testfile)) | 393 | self.assertTrue(can_write(self.testfile)) |
| 184 | 397 | 394 | ||
| 185 | 398 | def test_can_write_full_everyone(self): | 395 | def test_can_write_full_everyone(self): |
| 186 | 399 | """test when everyone has full control.""" | 396 | """test when everyone has full control.""" |
| 189 | 400 | groups = {} | 397 | groups = [(EVERYONE_SID, FILE_ALL_ACCESS)] |
| 188 | 401 | groups[EVERYONE_GROUP] = FILE_ALL_ACCESS | ||
| 190 | 402 | _set_file_attributes(self.testfile, groups) | 398 | _set_file_attributes(self.testfile, groups) |
| 191 | 403 | self.assertTrue(can_write(self.testfile)) | ||
| 192 | 404 | \ No newline at end of file | 399 | \ No newline at end of file |
| 193 | 400 | self.assertTrue(can_write(self.testfile)) | ||
| 194 | 405 | 401 | ||
| 195 | === modified file 'ubuntuone/platform/windows/os_helper.py' | |||
| 196 | --- ubuntuone/platform/windows/os_helper.py 2011-07-21 13:40:32 +0000 | |||
| 197 | +++ ubuntuone/platform/windows/os_helper.py 2011-07-26 20:09:31 +0000 | |||
| 198 | @@ -37,13 +37,15 @@ | |||
| 199 | 37 | from win32security import ( | 37 | from win32security import ( |
| 200 | 38 | ACL, | 38 | ACL, |
| 201 | 39 | ACL_REVISION, | 39 | ACL_REVISION, |
| 202 | 40 | CONTAINER_INHERIT_ACE, | ||
| 203 | 41 | CreateWellKnownSid, | ||
| 204 | 40 | DACL_SECURITY_INFORMATION, | 42 | DACL_SECURITY_INFORMATION, |
| 205 | 41 | CONTAINER_INHERIT_ACE, | ||
| 206 | 42 | OBJECT_INHERIT_ACE, | ||
| 207 | 43 | GetFileSecurity, | 43 | GetFileSecurity, |
| 208 | 44 | LookupAccountName, | 44 | LookupAccountName, |
| 210 | 45 | LookupAccountSid, | 45 | OBJECT_INHERIT_ACE, |
| 211 | 46 | SetFileSecurity, | 46 | SetFileSecurity, |
| 212 | 47 | WinBuiltinAdministratorsSid, | ||
| 213 | 48 | WinWorldSid, | ||
| 214 | 47 | ) | 49 | ) |
| 215 | 48 | from ntsecuritycon import ( | 50 | from ntsecuritycon import ( |
| 216 | 49 | FILE_GENERIC_READ, | 51 | FILE_GENERIC_READ, |
| 217 | @@ -62,8 +64,9 @@ | |||
| 218 | 62 | platform = 'win32' | 64 | platform = 'win32' |
| 219 | 63 | 65 | ||
| 220 | 64 | LONG_PATH_PREFIX = '\\\\?\\' | 66 | LONG_PATH_PREFIX = '\\\\?\\' |
| 223 | 65 | EVERYONE_GROUP = u'Everyone' | 67 | USER_SID = LookupAccountName("", GetUserName())[0] |
| 224 | 66 | ADMINISTRATORS_GROUP = u'Administrators' | 68 | EVERYONE_SID = CreateWellKnownSid(WinWorldSid) |
| 225 | 69 | ADMINISTRATORS_SID = CreateWellKnownSid(WinBuiltinAdministratorsSid) | ||
| 226 | 67 | # a map that contains the illegal chars and their 'utf8' representation on | 70 | # a map that contains the illegal chars and their 'utf8' representation on |
| 227 | 68 | # windows so that we can show something to the user | 71 | # windows so that we can show something to the user |
| 228 | 69 | WINDOWS_ILLEGAL_CHARS_MAP = { | 72 | WINDOWS_ILLEGAL_CHARS_MAP = { |
| 229 | @@ -201,12 +204,11 @@ | |||
| 230 | 201 | raise | 204 | raise |
| 231 | 202 | 205 | ||
| 232 | 203 | dacl = ACL() | 206 | dacl = ACL() |
| 234 | 204 | for group_name in groups: | 207 | for group_sid, attributes in groups: |
| 235 | 205 | # set the attributes of the group only if not null | 208 | # set the attributes of the group only if not null |
| 238 | 206 | if groups[group_name]: | 209 | if attributes: |
| 237 | 207 | group_sid = _get_group_sid(group_name) | ||
| 239 | 208 | dacl.AddAccessAllowedAceEx(ACL_REVISION, | 210 | dacl.AddAccessAllowedAceEx(ACL_REVISION, |
| 241 | 209 | CONTAINER_INHERIT_ACE | OBJECT_INHERIT_ACE, groups[group_name], | 211 | CONTAINER_INHERIT_ACE | OBJECT_INHERIT_ACE, attributes, |
| 242 | 210 | group_sid) | 212 | group_sid) |
| 243 | 211 | # the dacl has all the info of the diff groups passed in the parameters | 213 | # the dacl has all the info of the diff groups passed in the parameters |
| 244 | 212 | security_descriptor.SetSecurityDescriptorDacl(1, dacl, 0) | 214 | security_descriptor.SetSecurityDescriptorDacl(1, dacl, 0) |
| 245 | @@ -264,7 +266,7 @@ | |||
| 246 | 264 | def _set_no_rights_helper(path): | 266 | def _set_no_rights_helper(path): |
| 247 | 265 | """Set the rights to be none.""" | 267 | """Set the rights to be none.""" |
| 248 | 266 | os.chmod(path, 0o000) | 268 | os.chmod(path, 0o000) |
| 250 | 267 | groups = {} | 269 | groups = [] |
| 251 | 268 | _set_file_attributes(path, groups) | 270 | _set_file_attributes(path, groups) |
| 252 | 269 | 271 | ||
| 253 | 270 | 272 | ||
| 254 | @@ -284,9 +286,10 @@ | |||
| 255 | 284 | """Change path permissions to readonly in a file.""" | 286 | """Change path permissions to readonly in a file.""" |
| 256 | 285 | # we use the win32 api because chmod just sets the readonly flag and | 287 | # we use the win32 api because chmod just sets the readonly flag and |
| 257 | 286 | # we want to have more control over the permissions | 288 | # we want to have more control over the permissions |
| 261 | 287 | groups = {} | 289 | groups = [ |
| 262 | 288 | groups[ADMINISTRATORS_GROUP] = FILE_GENERIC_READ | FILE_GENERIC_WRITE | 290 | (ADMINISTRATORS_SID, FILE_GENERIC_READ | FILE_GENERIC_WRITE), |
| 263 | 289 | groups[GetUserName()] = FILE_GENERIC_READ | 291 | (USER_SID, FILE_GENERIC_READ), |
| 264 | 292 | ] | ||
| 265 | 290 | # the above equals more or less to 0444 | 293 | # the above equals more or less to 0444 |
| 266 | 291 | _set_file_attributes(path, groups) | 294 | _set_file_attributes(path, groups) |
| 267 | 292 | 295 | ||
| 268 | @@ -294,10 +297,11 @@ | |||
| 269 | 294 | @longpath(paths_indexes=[0]) | 297 | @longpath(paths_indexes=[0]) |
| 270 | 295 | def set_file_readwrite(path): | 298 | def set_file_readwrite(path): |
| 271 | 296 | """Change path permissions to readwrite in a file.""" | 299 | """Change path permissions to readwrite in a file.""" |
| 276 | 297 | groups = {} | 300 | groups = [ |
| 277 | 298 | groups[EVERYONE_GROUP] = FILE_GENERIC_READ | 301 | (EVERYONE_SID, FILE_GENERIC_READ), |
| 278 | 299 | groups[ADMINISTRATORS_GROUP] = FILE_ALL_ACCESS | 302 | (ADMINISTRATORS_SID, FILE_ALL_ACCESS), |
| 279 | 300 | groups[GetUserName()] = FILE_ALL_ACCESS | 303 | (USER_SID, FILE_ALL_ACCESS), |
| 280 | 304 | ] | ||
| 281 | 301 | # the above equals more or less to 0774 | 305 | # the above equals more or less to 0774 |
| 282 | 302 | _set_file_attributes(path, groups) | 306 | _set_file_attributes(path, groups) |
| 283 | 303 | try: | 307 | try: |
| 284 | @@ -311,9 +315,10 @@ | |||
| 285 | 311 | @longpath(paths_indexes=[0]) | 315 | @longpath(paths_indexes=[0]) |
| 286 | 312 | def set_dir_readonly(path): | 316 | def set_dir_readonly(path): |
| 287 | 313 | """Change path permissions to readonly in a dir.""" | 317 | """Change path permissions to readonly in a dir.""" |
| 291 | 314 | groups = {} | 318 | groups = [ |
| 292 | 315 | groups[ADMINISTRATORS_GROUP] = FILE_GENERIC_READ | FILE_GENERIC_WRITE | 319 | (ADMINISTRATORS_SID, FILE_GENERIC_READ | FILE_GENERIC_WRITE), |
| 293 | 316 | groups[GetUserName()] = FILE_GENERIC_READ | 320 | (USER_SID, FILE_GENERIC_READ), |
| 294 | 321 | ] | ||
| 295 | 317 | # the above equals more or less to 0444 | 322 | # the above equals more or less to 0444 |
| 296 | 318 | _set_file_attributes(path, groups) | 323 | _set_file_attributes(path, groups) |
| 297 | 319 | 324 | ||
| 298 | @@ -321,10 +326,11 @@ | |||
| 299 | 321 | @longpath(paths_indexes=[0]) | 326 | @longpath(paths_indexes=[0]) |
| 300 | 322 | def set_dir_readwrite(path): | 327 | def set_dir_readwrite(path): |
| 301 | 323 | """Change path permissions to readwrite in a dir.""" | 328 | """Change path permissions to readwrite in a dir.""" |
| 306 | 324 | groups = {} | 329 | groups = [ |
| 307 | 325 | groups[EVERYONE_GROUP] = FILE_GENERIC_READ | 330 | (EVERYONE_SID, FILE_GENERIC_READ), |
| 308 | 326 | groups[ADMINISTRATORS_GROUP] = FILE_ALL_ACCESS | 331 | (ADMINISTRATORS_SID, FILE_ALL_ACCESS), |
| 309 | 327 | groups[GetUserName()] = FILE_ALL_ACCESS | 332 | (USER_SID, FILE_ALL_ACCESS), |
| 310 | 333 | ] | ||
| 311 | 328 | # the above equals more or less to 0774 | 334 | # the above equals more or less to 0774 |
| 312 | 329 | _set_file_attributes(path, groups) | 335 | _set_file_attributes(path, groups) |
| 313 | 330 | # remove the read only flag | 336 | # remove the read only flag |
| 314 | @@ -485,7 +491,7 @@ | |||
| 315 | 485 | path += '.lnk' | 491 | path += '.lnk' |
| 316 | 486 | if os.path.exists(path): | 492 | if os.path.exists(path): |
| 317 | 487 | os.unlink(path) | 493 | os.unlink(path) |
| 319 | 488 | 494 | ||
| 320 | 489 | 495 | ||
| 321 | 490 | @longpath(paths_indexes=[0]) | 496 | @longpath(paths_indexes=[0]) |
| 322 | 491 | def listdir(directory): | 497 | def listdir(directory): |
| 323 | @@ -517,16 +523,7 @@ | |||
| 324 | 517 | ace = dacl.GetAce(index) | 523 | ace = dacl.GetAce(index) |
| 325 | 518 | if _has_read_mask(ace[1]): | 524 | if _has_read_mask(ace[1]): |
| 326 | 519 | sids.append(ace[2]) | 525 | sids.append(ace[2]) |
| 337 | 520 | accounts = [] | 526 | return (USER_SID in sids or EVERYONE_SID in sids) and\ |
| 328 | 521 | for sid in sids: | ||
| 329 | 522 | try: | ||
| 330 | 523 | accounts.append(LookupAccountSid('', sid)[0]) | ||
| 331 | 524 | except PyWinError: | ||
| 332 | 525 | # means that the sid is not linked with a 'visible' account | ||
| 333 | 526 | # in our case we can ignore this since we are looking for visible | ||
| 334 | 527 | # users | ||
| 335 | 528 | continue | ||
| 336 | 529 | return (GetUserName() in accounts or EVERYONE_GROUP in accounts) and\ | ||
| 338 | 530 | os.access(path, os.R_OK) | 527 | os.access(path, os.R_OK) |
| 339 | 531 | 528 | ||
| 340 | 532 | 529 | ||
| 341 | @@ -551,16 +548,7 @@ | |||
| 342 | 551 | ace = dacl.GetAce(index) | 548 | ace = dacl.GetAce(index) |
| 343 | 552 | if _has_read_mask(ace[1]): | 549 | if _has_read_mask(ace[1]): |
| 344 | 553 | sids.append(ace[2]) | 550 | sids.append(ace[2]) |
| 355 | 554 | accounts = [] | 551 | return (USER_SID in sids or EVERYONE_SID in sids) and\ |
| 346 | 555 | for sid in sids: | ||
| 347 | 556 | try: | ||
| 348 | 557 | accounts.append(LookupAccountSid('', sid)[0]) | ||
| 349 | 558 | except PyWinError: | ||
| 350 | 559 | # means that the sid is not linked with a 'visible' account | ||
| 351 | 560 | # in our case we can ignore this since we are looking for visible | ||
| 352 | 561 | # users | ||
| 353 | 562 | continue | ||
| 354 | 563 | return (GetUserName() in accounts or EVERYONE_GROUP in accounts) and\ | ||
| 356 | 564 | os.access(path, os.R_OK) | 552 | os.access(path, os.R_OK) |
| 357 | 565 | 553 | ||
| 358 | 566 | @longpath(paths_indexes=[0]) | 554 | @longpath(paths_indexes=[0]) |
| 359 | @@ -622,4 +610,4 @@ | |||
| 360 | 622 | # as a trick for long paths, lets check it is is there | 610 | # as a trick for long paths, lets check it is is there |
| 361 | 623 | if path.startswith(LONG_PATH_PREFIX): | 611 | if path.startswith(LONG_PATH_PREFIX): |
| 362 | 624 | path = path.replace(LONG_PATH_PREFIX, '') | 612 | path = path.replace(LONG_PATH_PREFIX, '') |
| 363 | 625 | return LONG_PATH_PREFIX + os.path.normpath(path) | ||
| 364 | 626 | \ No newline at end of file | 613 | \ No newline at end of file |
| 365 | 614 | return LONG_PATH_PREFIX + os.path.normpath(path) | ||
Looks good.