Home
Browse
Python for Windows Extensions
Old Bugs - new issues at https://github.com/mhammond/pywin32/issues

FILE_ALL_ACCESS is not defined the same as how Windows defines it

OLD project page for the Python extensions for Windows

Brought to you by: mhammond

This project can now be found here.

#716 FILE_ALL_ACCESS is not defined the same as how Windows defines it

Milestone: v1.0 (example)

Status: open

Owner: nobody

Labels: None

Priority: 5

Updated: 2016-03-11

Created: 2016-03-11

Creator: Skip

Private: No

The current definition of FILE_ALL_ACCESS in ntsecuritycon is:

FILE_ALL_ACCESS = (STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | 1023)

WinNT.h, however, defines it like this:

#define FILE_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED|SYNCHRONIZE | 0x1ff)

(1023 is 0x3ff, while 0x1ff is 511).

I can take a guess where the confusion came from; if you add an ACE with FILE_ALL_ACCESS, you often get back FILE_ALL_ACCESS | 0x200. I think this is NTFS enabling SI_NO_ACL_PROTECT, but I haven't confirmed that. It's possible that original consumers/definers of that value attempted to an equality comparison instead of a bitwise mask and got back unexpected results - it's hard to say.

(I ran across this in trying to track down a bug in SaltStack's win_dacl module.)

FILE_ALL_ACCESS is not defined the same as how Windows defines it

OLD project page for the Python extensions for Windows

Group

Searches

Help

#716 FILE_ALL_ACCESS is not defined the same as how Windows defines it

Discussion