Hi, In win32-file-security, I''m having some trouble with File.set_permissions. It looks like the AddAce function is failing, though I may have done something wrong before that. Help please. :) Regards, Dan PS - Heesob, I''ve added you as a collaborator to win32-file-security and win32-file-attributes. You can push the changes directly if you wish.
Hi, 2012/12/16 Daniel Berger <djberg96 at gmail.com>:> Hi, > > In win32-file-security, I''m having some trouble with > File.set_permissions. It looks like the AddAce function is failing, > though I may have done something wrong before that. > > Help please. :) >Here is patches. =================================================================diff --git a/functions.rb b/functions.rb.new index e03de7f..22d1fdc 100644 --- a/functions.rb +++ b/functions.rb.new @@ -19,7 +19,7 @@ module Windows attach_function :InitializeSecurityDescriptor, [:pointer, :ulong], :bool attach_function :LookupAccountNameW, [:buffer_in, :buffer_in, :pointer, :pointer, :pointer, :pointer, :pointer], :bool attach_function :LookupAccountSidW, [:buffer_in, :pointer, :pointer, :pointer, :pointer, :pointer, :pointer], :bool - attach_function :SetFileSecurityW, [:buffer_in, :pointer, :pointer], :bool + attach_function :SetFileSecurityW, [:buffer_in, :ulong, :pointer], :bool attach_function :SetSecurityDescriptorDacl, [:pointer, :bool, :pointer, :bool], :bool ffi_lib :kernel32 ================================================================= =================================================================diff --git a/constants.rb b/constants.rb.new index d90b6da..03f584a 100644 --- a/constants.rb +++ b/constants.rb.new @@ -8,6 +8,7 @@ module Windows ACL_REVISION2 = 2 ALLOW_ACE_LENGTH = 62 OBJECT_INHERIT_ACE = 0x1 + CONTAINER_INHERIT_ACE = 0x2 INHERIT_ONLY_ACE = 0x8 MAXDWORD = 0xFFFFFFFF SECURITY_DESCRIPTOR_MIN_LENGTH = 20 ================================================================= =================================================================diff --git a/security.rb b/security.rb.new index f6f2d9b..9717829 100644 --- a/security.rb +++ b/security.rb.new @@ -271,10 +271,9 @@ class File raise SystemCallError.new("InitializeSecurityDescriptor", FFI.errno) end - acl = ACL.new - acl_new = ACL.new + acl_new = FFI::MemoryPointer.new(ACL, 100) - unless InitializeAcl(acl, acl.size, ACL_REVISION2) + unless InitializeAcl(acl_new, acl_new.size, ACL_REVISION2) raise SystemCallError.new("InitializeAcl", FFI.errno) end @@ -291,7 +290,7 @@ class File wide_account = account.wincode - sid = FFI::MemoryPointer.new(:pointer, 1024) + sid = FFI::MemoryPointer.new(:uchar, 1024) sid_size = FFI::MemoryPointer.new(:ulong) sid_size.write_ulong(sid.size) @@ -299,7 +298,7 @@ class File domain_size = FFI::MemoryPointer.new(:ulong) domain_size.write_ulong(domain.size) - use_ptr = FFI::MemoryPointer.new(:pointer) + use_ptr = FFI::MemoryPointer.new(:ulong) val = LookupAccountNameW( wide_server, @@ -317,7 +316,7 @@ class File val = CopySid( ALLOW_ACE_LENGTH - ACCESS_ALLOWED_ACE.size, - all_ace, + all_ace.to_ptr+8, sid ) @@ -357,7 +356,7 @@ class File } } - unless SetSecurityDescriptorDacl(sec_desc, 1, acl_new, 0) + unless SetSecurityDescriptorDacl(sec_desc, true, acl_new, false) raise SystemCallError.new("SetSecurityDescriptorDacl", FFI.errno) end ================================================================= Regards, Park Heesob
Hi, On Sat, Dec 15, 2012 at 5:39 PM, Heesob Park <phasis at gmail.com> wrote:> Hi, > > 2012/12/16 Daniel Berger <djberg96 at gmail.com>: >> Hi, >> >> In win32-file-security, I''m having some trouble with >> File.set_permissions. It looks like the AddAce function is failing, >> though I may have done something wrong before that. >> >> Help please. :) >> > Here is patches. > > =================================================================> diff --git a/functions.rb b/functions.rb.new > index e03de7f..22d1fdc 100644 > --- a/functions.rb > +++ b/functions.rb.new > @@ -19,7 +19,7 @@ module Windows > attach_function :InitializeSecurityDescriptor, [:pointer, :ulong], :bool > attach_function :LookupAccountNameW, [:buffer_in, :buffer_in, > :pointer, :pointer, :pointer, :pointer, :pointer], :bool > attach_function :LookupAccountSidW, [:buffer_in, :pointer, > :pointer, :pointer, :pointer, :pointer, :pointer], :bool > - attach_function :SetFileSecurityW, [:buffer_in, :pointer, > :pointer], :bool > + attach_function :SetFileSecurityW, [:buffer_in, :ulong, :pointer], :bool > attach_function :SetSecurityDescriptorDacl, [:pointer, :bool, > :pointer, :bool], :bool > > ffi_lib :kernel32 > =================================================================> > =================================================================> diff --git a/constants.rb b/constants.rb.new > index d90b6da..03f584a 100644 > --- a/constants.rb > +++ b/constants.rb.new > @@ -8,6 +8,7 @@ module Windows > ACL_REVISION2 = 2 > ALLOW_ACE_LENGTH = 62 > OBJECT_INHERIT_ACE = 0x1 > + CONTAINER_INHERIT_ACE = 0x2 > INHERIT_ONLY_ACE = 0x8 > MAXDWORD = 0xFFFFFFFF > SECURITY_DESCRIPTOR_MIN_LENGTH = 20 > =================================================================> > =================================================================> diff --git a/security.rb b/security.rb.new > index f6f2d9b..9717829 100644 > --- a/security.rb > +++ b/security.rb.new > @@ -271,10 +271,9 @@ class File > raise SystemCallError.new("InitializeSecurityDescriptor", FFI.errno) > end > > - acl = ACL.new > - acl_new = ACL.new > + acl_new = FFI::MemoryPointer.new(ACL, 100) > > - unless InitializeAcl(acl, acl.size, ACL_REVISION2) > + unless InitializeAcl(acl_new, acl_new.size, ACL_REVISION2) > raise SystemCallError.new("InitializeAcl", FFI.errno) > end > > @@ -291,7 +290,7 @@ class File > > wide_account = account.wincode > > - sid = FFI::MemoryPointer.new(:pointer, 1024) > + sid = FFI::MemoryPointer.new(:uchar, 1024) > sid_size = FFI::MemoryPointer.new(:ulong) > sid_size.write_ulong(sid.size) > > @@ -299,7 +298,7 @@ class File > domain_size = FFI::MemoryPointer.new(:ulong) > domain_size.write_ulong(domain.size) > > - use_ptr = FFI::MemoryPointer.new(:pointer) > + use_ptr = FFI::MemoryPointer.new(:ulong) > > val = LookupAccountNameW( > wide_server, > @@ -317,7 +316,7 @@ class File > > val = CopySid( > ALLOW_ACE_LENGTH - ACCESS_ALLOWED_ACE.size, > - all_ace, > + all_ace.to_ptr+8, > sid > ) > > @@ -357,7 +356,7 @@ class File > } > } > > - unless SetSecurityDescriptorDacl(sec_desc, 1, acl_new, 0) > + unless SetSecurityDescriptorDacl(sec_desc, true, acl_new, false) > raise SystemCallError.new("SetSecurityDescriptorDacl", FFI.errno) > end > =================================================================Looks good, go ahead and push please. Regards, Dan
Hi, 2012/12/16 Daniel Berger <djberg96 at gmail.com>:> Hi, > > On Sat, Dec 15, 2012 at 5:39 PM, Heesob Park <phasis at gmail.com> wrote: >> Hi, >> >> 2012/12/16 Daniel Berger <djberg96 at gmail.com>: >>> Hi, >>> >>> In win32-file-security, I''m having some trouble with >>> File.set_permissions. It looks like the AddAce function is failing, >>> though I may have done something wrong before that. >>> >>> Help please. :) >>> >> Here is patches. >>...> > Looks good, go ahead and push please. >I wished you push the patches after a review. Anyway, I pushed the patches. Regards, Park Heesob
On Sun, Dec 16, 2012 at 6:05 AM, Heesob Park <phasis at gmail.com> wrote:> Hi, > > 2012/12/16 Daniel Berger <djberg96 at gmail.com>: >> Hi, >> >> On Sat, Dec 15, 2012 at 5:39 PM, Heesob Park <phasis at gmail.com> wrote: >>> Hi, >>> >>> 2012/12/16 Daniel Berger <djberg96 at gmail.com>: >>>> Hi, >>>> >>>> In win32-file-security, I''m having some trouble with >>>> File.set_permissions. It looks like the AddAce function is failing, >>>> though I may have done something wrong before that. >>>> >>>> Help please. :) >>>> >>> Here is patches. >>> > ... >> >> Looks good, go ahead and push please. >> > I wished you push the patches after a review. > Anyway, I pushed the patches.I did look them over first, and they seemed good. Thanks! However, I am getting occasional segfaults when I run the permissions tests. Specifically, it''s the File.set_permissions tests. If you pull the latest source code and run "rake test:permissions" a couple times you should see it, too. I''m not sure what''s causing it yet. Regards, Dan
Hi, 2012/12/18 Daniel Berger <djberg96 at gmail.com>:> On Sun, Dec 16, 2012 at 6:05 AM, Heesob Park <phasis at gmail.com> wrote: >> Hi, >> >> 2012/12/16 Daniel Berger <djberg96 at gmail.com>: >>> Hi, >>> >>> On Sat, Dec 15, 2012 at 5:39 PM, Heesob Park <phasis at gmail.com> wrote: >>>> Hi, >>>> >>>> 2012/12/16 Daniel Berger <djberg96 at gmail.com>: >>>>> Hi, >>>>> >>>>> In win32-file-security, I''m having some trouble with >>>>> File.set_permissions. It looks like the AddAce function is failing, >>>>> though I may have done something wrong before that. >>>>> >>>>> Help please. :) >>>>> >>>> Here is patches. >>>> >> ... >>> >>> Looks good, go ahead and push please. >>> >> I wished you push the patches after a review. >> Anyway, I pushed the patches. > > I did look them over first, and they seemed good. Thanks! > > However, I am getting occasional segfaults when I run the permissions > tests. Specifically, it''s the File.set_permissions tests. If you pull > the latest source code and run "rake test:permissions" a couple times > you should see it, too. > > I''m not sure what''s causing it yet. >I pushed the fixed code. Regards, Park Heesob