[python-win32] [ANN] pywin32 build 300 released
Hi all, I'm happy to announce the release of pywin32 build 300. Significantly, this is the first release to exclusively support Python 3 - Python 2 is no longer supported. All Python source files in the repo are now in Python 3 syntax. To celebrate, the build numbers have jumped to 300 - there will not be a build 229. There were significant changes in this release - you are encouraged to read the changes below carefully Downloads are available at: https://github.com/mhammond/pywin32/releases/tag/b300 and via pypi. For initial support (eg, to ask questions about the release etc), please contact this mailing-list (python-win32@python.org). If you want to report a bug, please do so at https://github.com/mhammond/pywin32/issues As always, thanks to everyone who contributed to this release, both in terms of code and reporting bugs - there were a number of new contributors which is great to see, Cheers, Mark. Changes: Since build 228: * Fixed a bug where win32com.client.VARIANT params were returned in the reverse order. This only happened when win32com.client.VARIANT was explicitly used (ie, not when normal params were passed) For example: arg1 = VARIANT(pythoncom.VT_R4 | pythoncom.VT_BYREF, 2.0) arg2 = VARIANT(pythoncom.VT_BOOL | pythoncom.VT_BYREF, True) object.SomeFunction(arg1, arg2) after this call, `arg1.value` was actually the value for `arg2`, and vice-versa (#1303, #622). * Fixed a bug that Pythonwin had an empty `sys.argv` (@kxrob in #1607) * Fixed a bug that prevented win32process.ReadProcessMemory() from working in all scenarios (#1599) * Changed how Services implemented with win32serviceutil.ServiceFramework report that they have stopped. Now if the SvcRun() method (or the SvcDoRun() method, which is called by SvcRun() by default) raises on Exception, the Service will report a final SERVICE_STOPPED status with a non-zero error code. This will cause the Service's recovery actions to be triggered if the Service has the "Enable actions for stops with errors" option enabled. (#1563, Lincoln Puzey) * adodbapi connect() method now accepts a "mode" keyword argument which is the "Mode" property to set on the ADO "Connection" object before opening the Connection. See "ConnectModeEnum" for valid values. (Lincoln Puzey) * The Windows 10 SDK is now used to build the project. This shouldn't cause any visible changes, but should make it much easier to build the project yourself. Python 2 is no longer supported - so long, Python 2, you served us well! Notable changes in this transition: * Python 3 builds used to erroneously turn "bytes" into a tuple of integers instead of a buffer type object. Because this special-casing is important for performance when using massive buffers, this has been fixed in Python 3 so it matches the old Python 2 behavior. If you use arrays of VT_UI1 and expect get back tuples of integers, your code may break. * Pythonwin's default encoding is now utf-8 (#1559) * The build environment has been greatly simplified - you just need Visual Studio and a Windows 10 SDK. (The free compilers probably work too, but haven't been tested - let me know your experiences!) ___ python-win32 mailing list python-win32@python.org https://mail.python.org/mailman/listinfo/python-win32
Re: [python-win32] Help with PySECURITY_DESCRIPTOR
Thank you for this. I was sent a piece of code and I made it work. It is using win32security.GetFileSecurity But now you brought up ADS (which I didn't cover) and opening files with backup semantics I m using Volume Shadow Copy atm but I don't know what are the benefits of using the backup flag I need to do some reading on this Momchil -Original Message- From: Eryk Sun Sent: Friday, November 13, 2020 10:54 PM To: python-win32@python.org Cc: momc...@bojinov.info Subject: Re: [python-win32] Help with PySECURITY_DESCRIPTOR On 10/27/20, momc...@bojinov.info wrote: > > I m trying to store file's acl along with the backup of the file and > then restore it on the same system Consider using BackupRead() and BackupWrite() from the win32file module. These functions support backup and restore of data streams (default and alternate data streams), attributes, extended attributes, reparse data, object ID, and security. GENERIC_READ access includes the READ_CONTROL access that's required for reading most file security, but GENERIC_WRITE access isn't sufficient for restoring file security. Writing discretionary access-control entries and resource attributes requires WRITE_DAC access. Writing the owner, group, and mandatory label requires WRITE_OWNER access. Reading and writing audit entries and writing central-access-policy identifier entries requires ACCESS_SYSTEM_SECURITY access, which requires enabling SeSecurityPrivilege. Typically use GENERIC_WRITE | WRITE_DAC | WRITE_OWNER. In general you should backup and restore files using an elevated administrator account. Enable SeBackupPrivilege and SeRestorePrivilege in the process access token via OpenProcessToken, LookupPrivilegeValue, and AdjustTokenPrivileges, found in the win32security module. Open files with FILE_FLAG_BACKUP_SEMANTICS. This ensures access in most cases when the backup and restore privileges are enabled. The restore privilege also allows setting the file owner to the arbitrary owner of the source file instead being limited to the current user. Using an elevated logon (high integrity level) also allows restoring a high integrity level mandatory label on the destination file in case the source file has mandatory access control that denies write-up, read-up, or execute-up access. ___ python-win32 mailing list python-win32@python.org https://mail.python.org/mailman/listinfo/python-win32
Re: [python-win32] Help with PySECURITY_DESCRIPTOR
On 10/27/20, momc...@bojinov.info wrote: > > I m trying to store file's acl along with the backup of the file and then > restore it on the same system Consider using BackupRead() and BackupWrite() from the win32file module. These functions support backup and restore of data streams (default and alternate data streams), attributes, extended attributes, reparse data, object ID, and security. GENERIC_READ access includes the READ_CONTROL access that's required for reading most file security, but GENERIC_WRITE access isn't sufficient for restoring file security. Writing discretionary access-control entries and resource attributes requires WRITE_DAC access. Writing the owner, group, and mandatory label requires WRITE_OWNER access. Reading and writing audit entries and writing central-access-policy identifier entries requires ACCESS_SYSTEM_SECURITY access, which requires enabling SeSecurityPrivilege. Typically use GENERIC_WRITE | WRITE_DAC | WRITE_OWNER. In general you should backup and restore files using an elevated administrator account. Enable SeBackupPrivilege and SeRestorePrivilege in the process access token via OpenProcessToken, LookupPrivilegeValue, and AdjustTokenPrivileges, found in the win32security module. Open files with FILE_FLAG_BACKUP_SEMANTICS. This ensures access in most cases when the backup and restore privileges are enabled. The restore privilege also allows setting the file owner to the arbitrary owner of the source file instead being limited to the current user. Using an elevated logon (high integrity level) also allows restoring a high integrity level mandatory label on the destination file in case the source file has mandatory access control that denies write-up, read-up, or execute-up access. ___ python-win32 mailing list python-win32@python.org https://mail.python.org/mailman/listinfo/python-win32
