Tcl Source Code

[file readable] returns 0 for files on my system.
Below is the output of the attached test script.
The also attached patch fixes the problem for
me.

The root of the problem seems to be an incorrect
use of the MapGenericMask API.

>>>>>>>>>>>>
% source test.fileaccess.tcl
% test
Owner: BUILTIN\Administrators
User: CAESAR\benny

Test no access
OK

Test readable only
1 != [file readable test.dat]
Actual rights are:
I:\Projects\test.dat CAESAR\benny:R

Test writable only
1 != [file writable test.dat]
Actual rights are:
I:\Projects\test.dat CAESAR\benny:(special access:)

                                  READ_CONTROL
                                  SYNCHRONIZE
                                  FILE_GENERIC_WRITE
                                  FILE_WRITE_DATA
                                  FILE_APPEND_DATA
                                  FILE_WRITE_EA
                                  FILE_EXECUTE
                                  FILE_WRITE_ATTRIBUTES

Test read+write
1 != [file readable test.dat]
1 != [file writable test.dat]
Actual rights are:
I:\Projects\test.dat CAESAR\benny:(special access:)

                                  READ_CONTROL
                                  SYNCHRONIZE
                                  FILE_GENERIC_READ
                                  FILE_GENERIC_WRITE
                                  FILE_GENERIC_EXECUTE
                                  FILE_READ_DATA
                                  FILE_WRITE_DATA
                                  FILE_APPEND_DATA
                                  FILE_READ_EA
                                  FILE_WRITE_EA
                                  FILE_EXECUTE
                                  FILE_READ_ATTRIBUTES
                                  FILE_WRITE_ATTRIBUTES

Test full access
1 != [file readable test.dat]
1 != [file writable test.dat]
Actual rights are:
I:\Projects\test.dat CAESAR\benny:F
% 
<<<<<<<<<<

Logged In: YES 
user_id=32170

Ok, that's works!  Thanks...

I'll set about adding some tests to Tcl's suite.

File Deleted - 69866: 



File Added - 70042: test.fileaccess.tcl

Logged In: YES 
user_id=143885

> Test no access
> 0 != [file readable test.dat]
> 0 != [test_read test.dat]
> 0 != [file writable test.dat]
> 0 != [test_writ test.dat]
> Actual rights are:
> C:Documents and SettingsVinceDest.dat NT AUTHORITYSYSTEM:F 
>                                          
> BUILTINAdministrators:F

If you followed my advice literally, you should have now

catch {cacls $fname /E /R "Everyone"} result
catch {cacls $fname /E /R $user} result
cacls $fname /E /P $user:N
catch {cacls $fname /E /R $owner} result

Try this instead

catch {cacls $fname /E /R "Everyone"} result
catch {cacls $fname /E /R $user} result
catch {cacls $fname /E /R $owner} result
cacls $fname /E /P $user:N

> Test readable only
> 0 != [file writable test.dat]
> 0 != [test_writ test.dat]
> Actual rights are:
> C:Documents and SettingsVinceDest.dat NT AUTHORITYSYSTEM:F 
>                                          
> BUILTINAdministrators:F 
>                                           TURINGVinceD:R

And after

puts "
Test readable only"

Also add

cacls $fname /E /P $user:N

Anyway.  I'll just upload my new version of the script
;-).

Logged In: YES 
user_id=32170

With that cacls addition, I now get:

Test no access
0 != [file readable test.dat]
0 != [test_read test.dat]
0 != [file writable test.dat]
0 != [test_writ test.dat]
Actual rights are:
C:Documents and SettingsVinceDest.dat NT AUTHORITYSYSTEM:F 
                                         
BUILTINAdministrators:F

Test readable only
0 != [file writable test.dat]
0 != [test_writ test.dat]
Actual rights are:
C:Documents and SettingsVinceDest.dat NT AUTHORITYSYSTEM:F 
                                         
BUILTINAdministrators:F 
                                          TURINGVinceD:R

Test writable only
OK

Test read+write
OK

Test full access
OK

-- so it's a bit closer!

Logged In: YES 
user_id=143885

Hi Vince,

Sure, here is some extended commentary on the script.
Note that I am not sure at all how portable this is or
can be made.  This relies on command-line tools and
especially localization can make interaction with
command-line tools very ugly on Windows.  In addition
the cacls tool is very tricky, and some of the problem
I have had may just be bugs, which may be fixed later.


> proc cacls {fname args} {

A small proc to encapsulate the NT cacls command-line
tool.  A "y" is piped into the command to cover a
possible question for confirmation.  Only one "y", so
only one file can be given, I think.

See the output of cacls /? on a command prompt for all
I know about cacls. 

I'm not sure how portable this is to XP.  The tool is
also probably localized for non-english systems.

> proc getuser {fname} {

Parses the output of the "dir/q" command to find the
owner of a file.  I haven't found a specialized tool
for this and cacls doesn't say either.

> proc test_read {fname} {

A test for readablity by actually reading the file. 

> proc test_writ {fname} {

A test for writability by actually writing the file
(overwrites the contents).

> proc test_access {fname read writ} {

Test the readablilty and writability of a file.  Output
to stdout, if a test does not agree with the parameters
"read" or "writ".  This tests with [file
readable/writable] as well as with [test_read] and
test_writ].  If any differences between the test and
the given parameters are detected, cacls is called at
the end to output the actual rights of the file for
diagnosis.

See calls in [test] below.


> proc test {} {

A bunch of actual test scenarios. 

> set owner [getuser $fname]
> set user $::env(USERDOMAIN)\$::env(USERNAME)
> puts "Owner: $owner"
> puts "User: $user"

Determine and print what we know about user and file
owner.

> # Clean out all well-known ACLs
> catch {cacls $fname /E /R "Everyone"} result
> catch {cacls $fname /E /R $user} result
> catch {cacls $fname /E /R $owner} result

Remove all ACLs that are known to be added
automatically to new files. 

> puts "
Test no access"
> test_access $fname 0 0

Without ACLs there should be no access. 

> puts "
Test readable only"
> cacls $fname /E /G $user:R
> test_access $fname 1 0

Add GENERIC_READ ACL for current user.  Now there
should be only read access. 

> puts "
Test writable only"
> catch {cacls $fname /E /R $user} result
> cacls $fname /E /G $user:W
> test_access $fname 0 1

Remove ACL for current user.  Add GENERIC_WRITE ACL.
Now there should be only write access.

> puts "
Test read+write"
> catch {cacls $fname /E /R $user} result
> cacls $fname /E /G $user:R
> cacls $fname /E /G $user:W
> test_access $fname 1 1

Remove ACL for current user.  Add GENERIC_READ ACL and
GENERIC_WRITE ACL.  Now there should be both read and
write access.

> puts "
Test full access"
> catch {cacls $fname /E /R $user} result
> cacls $fname /E /G $user:F
> test_access $fname 1 1

Remove ACL for current user.  Add GENERIC_ALL (full)
ACL.  There should be both read and write access.


To your test run:

> Owner: TURINGVinceD
> User: TURINGVinceD

So you are user TURINGVinceD (where did that backslash
go?) and you own the file yourself.

> Test no access
> 0 != [file readable test.dat]
> 0 != [test_read test.dat]
> 0 != [file writable test.dat]
> 0 != [test_writ test.dat]
> Actual rights are:
> C:Documents and SettingsVinceDest.dat NT AUTHORITYSYSTEM:F 
>                                          
> BUILTINAdministrators:F

We have a problem here, because "System" and the
"Administrators" still have full access, and that
access seems to be used for the tests.  Can you try
this to add to all occurrences of

catch {cacls $fname /E /R $user} result

also this rule:

cacls $fname /E /P $user:N

That adds an explicit ACL to deny access for the
current user.

benny

Logged In: YES 
user_id=32170

Could you explain the test script please (both so I
understand it and so I can add tests to winFile.test)... 
When I run it I get:

Owner: TURINGVinceD
User: TURINGVinceD

Test no access
0 != [file readable test.dat]
0 != [test_read test.dat]
0 != [file writable test.dat]
0 != [test_writ test.dat]
Actual rights are:
C:Documents and SettingsVinceDest.dat NT AUTHORITYSYSTEM:F 
                                         
BUILTINAdministrators:F

Test readable only
0 != [file writable test.dat]
0 != [test_writ test.dat]
Actual rights are:
C:Documents and SettingsVinceDest.dat NT AUTHORITYSYSTEM:F 
                                         
BUILTINAdministrators:F 
                                          TURINGVinceD:R

Test writable only
0 != [file readable test.dat]
0 != [test_read test.dat]
Actual rights are:
C:Documents and SettingsVinceDest.dat NT AUTHORITYSYSTEM:F 
                                         
BUILTINAdministrators:F 
                                         
TURINGVinceD:(special access:)

                                                       
READ_CONTROL
                                                       
SYNCHRONIZE
                                                       
FILE_GENERIC_WRITE
                                                       
FILE_WRITE_DATA
                                                       
FILE_APPEND_DATA
                                                       
FILE_WRITE_EA
                                                       
FILE_EXECUTE
                                                       
FILE_WRITE_ATTRIBUTES

Test read+write
OK

Test full access
OK
(VinceD) 2 % 
-- which appears as if some tests in it have failed??

File Added - 69867: tclWinFile.c.patch

File Added - 69866: test.fileaccess.tcl