Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

307 lines
6.3 KiB

  1. package Win32::FileSecurity;
  2. #
  3. # FileSecurity.pm
  4. # By Monte Mitzelfelt, [email protected]
  5. # Larry Wall's Artistic License applies to all related Perl
  6. # and C code for this module
  7. # Thanks to the guys at ActiveWare!
  8. # ver 0.67 ALPHA 1997.07.07
  9. #
  10. require Exporter;
  11. require DynaLoader;
  12. use Carp ;
  13. $VERSION = '1.03';
  14. croak "The Win32::FileSecurity module works only on Windows NT" if (!Win32::IsWinNT()) ;
  15. @ISA= qw( Exporter DynaLoader );
  16. require Exporter ;
  17. require DynaLoader ;
  18. @ISA = qw(Exporter DynaLoader) ;
  19. @EXPORT_OK = qw(
  20. Get
  21. Set
  22. EnumerateRights
  23. MakeMask
  24. DELETE
  25. READ_CONTROL
  26. WRITE_DAC
  27. WRITE_OWNER
  28. SYNCHRONIZE
  29. STANDARD_RIGHTS_REQUIRED
  30. STANDARD_RIGHTS_READ
  31. STANDARD_RIGHTS_WRITE
  32. STANDARD_RIGHTS_EXECUTE
  33. STANDARD_RIGHTS_ALL
  34. SPECIFIC_RIGHTS_ALL
  35. ACCESS_SYSTEM_SECURITY
  36. MAXIMUM_ALLOWED
  37. GENERIC_READ
  38. GENERIC_WRITE
  39. GENERIC_EXECUTE
  40. GENERIC_ALL
  41. F
  42. FULL
  43. R
  44. READ
  45. C
  46. CHANGE
  47. A
  48. ADD
  49. ) ;
  50. sub AUTOLOAD {
  51. local($constname);
  52. ($constname = $AUTOLOAD) =~ s/.*:://;
  53. #reset $! to zero to reset any current errors.
  54. $!=0;
  55. $val = constant($constname);
  56. if($! != 0) {
  57. if($! =~ /Invalid/) {
  58. $AutoLoader::AUTOLOAD = $AUTOLOAD;
  59. goto &AutoLoader::AUTOLOAD;
  60. }
  61. else {
  62. ($pack,$file,$line) = caller;
  63. die "Your vendor has not defined Win32::FileSecurity macro "
  64. ."$constname, used in $file at line $line.";
  65. }
  66. }
  67. eval "sub $AUTOLOAD { $val }";
  68. goto &$AUTOLOAD;
  69. }
  70. bootstrap Win32::FileSecurity;
  71. 1;
  72. __END__
  73. =head1 NAME
  74. Win32::FileSecurity - manage FileSecurity Discretionary Access Control Lists in perl
  75. =head1 SYNOPSIS
  76. use Win32::FileSecurity;
  77. =head1 DESCRIPTION
  78. This module offers control over the administration of system FileSecurity DACLs.
  79. You may want to use Get and EnumerateRights to get an idea of what mask values
  80. correspond to what rights as viewed from File Manager.
  81. =head1 CONSTANTS
  82. DELETE, READ_CONTROL, WRITE_DAC, WRITE_OWNER,
  83. SYNCHRONIZE, STANDARD_RIGHTS_REQUIRED,
  84. STANDARD_RIGHTS_READ, STANDARD_RIGHTS_WRITE,
  85. STANDARD_RIGHTS_EXECUTE, STANDARD_RIGHTS_ALL,
  86. SPECIFIC_RIGHTS_ALL, ACCESS_SYSTEM_SECURITY,
  87. MAXIMUM_ALLOWED, GENERIC_READ, GENERIC_WRITE,
  88. GENERIC_EXECUTE, GENERIC_ALL, F, FULL, R, READ,
  89. C, CHANGE
  90. =head1 FUNCTIONS
  91. =head2 NOTE:
  92. All of the functions return FALSE (0) if they fail, unless otherwise noted.
  93. Errors returned via $! containing both Win32 GetLastError() and a text message
  94. indicating Win32 function that failed.
  95. =over 10
  96. =item constant( $name, $set )
  97. Stores the value of named constant $name into $set.
  98. Same as C<$set = Win32::FileSecurity::NAME_OF_CONSTANT();>.
  99. =item Get( $filename, \%permisshash )
  100. Gets the DACLs of a file or directory.
  101. =item Set( $filename, \%permisshash )
  102. Sets the DACL for a file or directory.
  103. =item EnumerateRights( $mask, \@rightslist )
  104. Turns the bitmask in $mask into a list of strings in @rightslist.
  105. =item MakeMask( qw( DELETE READ_CONTROL ) )
  106. Takes a list of strings representing constants and returns a bitmasked
  107. integer value.
  108. =back
  109. =head2 %permisshash
  110. Entries take the form $permisshash{USERNAME} = $mask ;
  111. =head1 EXAMPLE1
  112. # Gets the rights for all files listed on the command line.
  113. use Win32::FileSecurity qw(Get EnumerateRights);
  114. foreach( @ARGV ) {
  115. next unless -e $_ ;
  116. if ( Get( $_, \%hash ) ) {
  117. while( ($name, $mask) = each %hash ) {
  118. print "$name:\n\t";
  119. EnumerateRights( $mask, \@happy ) ;
  120. print join( "\n\t", @happy ), "\n";
  121. }
  122. }
  123. else {
  124. print( "Error #", int( $! ), ": $!" ) ;
  125. }
  126. }
  127. =head1 EXAMPLE2
  128. # Gets existing DACL and modifies Administrator rights
  129. use Win32::FileSecurity qw(MakeMask Get Set);
  130. # These masks show up as Full Control in File Manager
  131. $file = MakeMask( qw( FULL ) );
  132. $dir = MakeMask( qw(
  133. FULL
  134. GENERIC_ALL
  135. ) );
  136. foreach( @ARGV ) {
  137. s/\\$//;
  138. next unless -e;
  139. Get( $_, \%hash ) ;
  140. $hash{Administrator} = ( -d ) ? $dir : $file ;
  141. Set( $_, \%hash ) ;
  142. }
  143. =head1 COMMON MASKS FROM CACLS AND WINFILE
  144. =head2 READ
  145. MakeMask( qw( FULL ) ); # for files
  146. MakeMask( qw( READ GENERIC_READ GENERIC_EXECUTE ) ); # for directories
  147. =head2 CHANGE
  148. MakeMask( qw( CHANGE ) ); # for files
  149. MakeMask( qw( CHANGE GENERIC_WRITE GENERIC_READ GENERIC_EXECUTE ) ); # for directories
  150. =head2 ADD & READ
  151. MakeMask( qw( ADD GENERIC_READ GENERIC_EXECUTE ) ); # for directories only!
  152. =head2 FULL
  153. MakeMask( qw( FULL ) ); # for files
  154. MakeMask( qw( FULL GENERIC_ALL ) ); # for directories
  155. =head1 RESOURCES
  156. From Microsoft: check_sd
  157. http://premium.microsoft.com/download/msdn/samples/2760.exe
  158. (thanks to Guert Schimmel at Sybase for turning me on to this one)
  159. =head1 VERSION
  160. 1.03 ALPHA 97-12-14
  161. =head1 REVISION NOTES
  162. =over 10
  163. =item 1.03 ALPHA 1998.01.11
  164. Imported diffs from 0.67 (parent) version
  165. =item 1.02 ALPHA 1997.12.14
  166. Pod fixes, @EXPORT list additions <[email protected]>
  167. Fix unitialized vars on unknown ACLs <[email protected]>
  168. =item 1.01 ALPHA 1997.04.25
  169. CORE Win32 version imported from 0.66 <[email protected]>
  170. =item 0.67 ALPHA 1997.07.07
  171. Kludged bug in mapping bits to separate ACE's. Notably, this screwed
  172. up CHANGE access by leaving out a delete bit in the
  173. C<INHERIT_ONLY_ACE | OBJECT_INHERIT_ACE> Access Control Entry.
  174. May need to rethink...
  175. =item 0.66 ALPHA 1997.03.13
  176. Fixed bug in memory allocation check
  177. =item 0.65 ALPHA 1997.02.25
  178. Tested with 5.003 build 303
  179. Added ISA exporter, and @EXPORT_OK
  180. Added F, FULL, R, READ, C, CHANGE as composite pre-built mask names.
  181. Added server\ to keys returned in hash from Get
  182. Made constants and MakeMask case insensitive (I don't know why I did that)
  183. Fixed mask comparison in ListDacl and Enumerate Rights from simple & mask
  184. to exact bit match ! ( ( x & y ) ^ x ) makes sure all bits in x
  185. are set in y
  186. Fixed some "wild" pointers
  187. =item 0.60 ALPHA 1996.07.31
  188. Now suitable for file and directory permissions
  189. Included ListDacl.exe in bundle for debugging
  190. Added "intuitive" inheritance for directories, basically functions like FM
  191. triggered by presence of GENERIC_ rights this may need to change
  192. see EXAMPLE2
  193. Changed from AddAccessAllowedAce to AddAce for control over inheritance
  194. =item 0.51 ALPHA 1996.07.20
  195. Fixed memory allocation bug
  196. =item 0.50 ALPHA 1996.07.29
  197. Base functionality
  198. Using AddAccessAllowedAce
  199. Suitable for file permissions
  200. =back
  201. =head1 KNOWN ISSUES / BUGS
  202. =over 10
  203. =item 1
  204. May not work on remote drives.
  205. =item 2
  206. Errors croak, don't return via $! as documented.
  207. =cut