[Win32utils-devel] Help need to File.set_permissions

Daniel Berger djberg96 at gmail.com
Sun Dec 16 12:36:28 UTC 2012


Hi,

On Sat, Dec 15, 2012 at 5:39 PM, Heesob Park <phasis at gmail.com> wrote:
> Hi,
>
> 2012/12/16 Daniel Berger <djberg96 at gmail.com>:
>> Hi,
>>
>> In win32-file-security, I'm having some trouble with
>> File.set_permissions. It looks like the AddAce function is failing,
>> though I may have done something wrong before that.
>>
>> Help please. :)
>>
> Here is patches.
>
> ==================================================================
> diff --git a/functions.rb b/functions.rb.new
> index e03de7f..22d1fdc 100644
> --- a/functions.rb
> +++ b/functions.rb.new
> @@ -19,7 +19,7 @@ module Windows
>        attach_function :InitializeSecurityDescriptor, [:pointer, :ulong], :bool
>        attach_function :LookupAccountNameW, [:buffer_in, :buffer_in,
> :pointer, :pointer, :pointer, :pointer, :pointer], :bool
>        attach_function :LookupAccountSidW, [:buffer_in, :pointer,
> :pointer, :pointer, :pointer, :pointer, :pointer], :bool
> -      attach_function :SetFileSecurityW, [:buffer_in, :pointer,
> :pointer], :bool
> +      attach_function :SetFileSecurityW, [:buffer_in, :ulong, :pointer], :bool
>        attach_function :SetSecurityDescriptorDacl, [:pointer, :bool,
> :pointer, :bool], :bool
>
>        ffi_lib :kernel32
> ==================================================================
>
> ==================================================================
> diff --git a/constants.rb b/constants.rb.new
> index d90b6da..03f584a 100644
> --- a/constants.rb
> +++ b/constants.rb.new
> @@ -8,6 +8,7 @@ module Windows
>        ACL_REVISION2             = 2
>        ALLOW_ACE_LENGTH          = 62
>        OBJECT_INHERIT_ACE        = 0x1
> +      CONTAINER_INHERIT_ACE     = 0x2
>        INHERIT_ONLY_ACE          = 0x8
>        MAXDWORD                  = 0xFFFFFFFF
>        SECURITY_DESCRIPTOR_MIN_LENGTH = 20
> ==================================================================
>
> ==================================================================
> diff --git a/security.rb b/security.rb.new
> index f6f2d9b..9717829 100644
> --- a/security.rb
> +++ b/security.rb.new
> @@ -271,10 +271,9 @@ class File
>          raise SystemCallError.new("InitializeSecurityDescriptor", FFI.errno)
>        end
>
> -      acl = ACL.new
> -      acl_new = ACL.new
> +      acl_new = FFI::MemoryPointer.new(ACL, 100)
>
> -      unless InitializeAcl(acl, acl.size, ACL_REVISION2)
> +      unless InitializeAcl(acl_new, acl_new.size, ACL_REVISION2)
>          raise SystemCallError.new("InitializeAcl", FFI.errno)
>        end
>
> @@ -291,7 +290,7 @@ class File
>
>          wide_account = account.wincode
>
> -        sid = FFI::MemoryPointer.new(:pointer, 1024)
> +        sid = FFI::MemoryPointer.new(:uchar, 1024)
>          sid_size = FFI::MemoryPointer.new(:ulong)
>          sid_size.write_ulong(sid.size)
>
> @@ -299,7 +298,7 @@ class File
>          domain_size = FFI::MemoryPointer.new(:ulong)
>          domain_size.write_ulong(domain.size)
>
> -        use_ptr = FFI::MemoryPointer.new(:pointer)
> +        use_ptr = FFI::MemoryPointer.new(:ulong)
>
>          val = LookupAccountNameW(
>             wide_server,
> @@ -317,7 +316,7 @@ class File
>
>          val = CopySid(
>            ALLOW_ACE_LENGTH - ACCESS_ALLOWED_ACE.size,
> -          all_ace,
> +          all_ace.to_ptr+8,
>            sid
>          )
>
> @@ -357,7 +356,7 @@ class File
>          }
>        }
>
> -      unless SetSecurityDescriptorDacl(sec_desc, 1, acl_new, 0)
> +      unless SetSecurityDescriptorDacl(sec_desc, true, acl_new, false)
>          raise SystemCallError.new("SetSecurityDescriptorDacl", FFI.errno)
>        end
> ==================================================================

Looks good, go ahead and push please.

Regards,

Dan


More information about the win32utils-devel mailing list