Message-ID:

Conquest is easy. Control is not. -- Kirk, "Mirror, Mirror", stardate unknown

devel / comp.lang.python / Re: Windows registry PermissionError

Re: Windows registry PermissionError

<mailman.392.1652413347.20749.python-list@python.org>

https://www.novabbs.com/devel/article-flat.php?id=18254&group=comp.lang.python#18254

copy link Newsgroups: comp.lang.python

Path: i2pn2.org!i2pn.org!eternal-september.org!reader02.eternal-september.org!news.mixmin.net!news2.arglkargh.de!news.karotte.org!fu-berlin.de!uni-berlin.de!not-for-mail
From: eryk...@gmail.com (Eryk Sun)
Newsgroups: comp.lang.python
Subject: Re: Windows registry PermissionError
Date: Thu, 12 May 2022 22:42:25 -0500
Lines: 82
Message-ID: <mailman.392.1652413347.20749.python-list@python.org>
References: <84e2a35c-3882-aaf5-a0a6-3efefc1ceb8d@dewhirst.com.au>
<CACL+1asQGepD+Lw7w9W-jiFUNYWLqRvZJ0uEufT5Ow1siJvJTg@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
X-Trace: news.uni-berlin.de uIZiQn98GmYeoCnY+OTa6Q3Pvv4rijfIjj7WhkRYYyjA==
Return-Path: <eryksun@gmail.com>
X-Original-To: python-list@python.org
Delivered-To: python-list@mail.python.org
Authentication-Results: mail.python.org; dkim=pass
reason="2048-bit key; unprotected key"
header.d=gmail.com header.i=@gmail.com header.b=G4Woa1wz;
dkim-adsp=pass; dkim-atps=neutral
X-Spam-Status: OK 0.003
X-Spam-Evidence: '*H*': 0.99; '*S*': 0.00; 'def': 0.04; 'parameter':
0.05; 'directly.': 0.07; 'matches': 0.07; 'string': 0.07;
'subject:Windows': 0.07; 'cc:addr:python-list': 0.09; 'example.':
0.09; 'example:': 0.09; 'implicit': 0.09; "shouldn't": 0.09;
'skip:` 10': 0.09; 'subject:skip:P 10': 0.09; 'typically': 0.09;
'cc:no real name:2**0': 0.14; 'supported': 0.15; 'arithmetic':
0.16; 'backslash': 0.16; 'key:': 0.16; 'literals': 0.16;
'referencing': 0.16; 'sufficient.': 0.16; 'synchronize': 0.16;
'url:win32': 0.16; 'wrote:': 0.16; 'values': 0.17; 'applications':
0.17; 'instead': 0.17; 'cc:addr:python.org': 0.20; 'code': 0.23;
'cc:2**0': 0.25; 'object': 0.26; 'opening': 0.26; "isn't": 0.27;
'bit': 0.27; 'wrong': 0.28; 'default': 0.31; 'objects': 0.32;
'raw': 0.32; 'message-id:@mail.gmail.com': 0.32; 'path': 0.33;
'header:In-Reply-To:1': 0.34; 'received:google.com': 0.34; 'runs':
0.35; 'from:addr:gmail.com': 0.35; 'really': 0.37; 'using': 0.37;
"it's": 0.37; 'received:209.85': 0.37; 'hard': 0.37; 'file': 0.38;
'received:209': 0.39; 'handle': 0.39; 'setting': 0.39; 'use':
0.39; 'try': 0.40; 'should': 0.40; 'view': 0.60; 'detail': 0.61;
'remember': 0.61; 'above': 0.62; 'skip:k 10': 0.64; "you'd": 0.64;
'key': 0.64; 'process.': 0.65; 'required': 0.65; 'skip:t 20':
0.66; 'right': 0.68; 'closing': 0.69; 'skip:w 20': 0.69;
'addition': 0.71; 'operate': 0.75; 'process,': 0.75; 'rights':
0.76; 'requested': 0.76; 'skip:k 20': 0.78; 'returned': 0.81;
'cleaner': 0.84; 'url:windows': 0.84
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112;
h=mime-version:in-reply-to:references:from:date:message-id:subject:to
:cc; bh=qlscycBhxdukba6Gv94juYzf4qBRy95127ttY2Ihs/Q=;
b=G4Woa1wzX7u9wQ8eO6+z/V1XxInK9+DopcSTU4dmHTQ3ypBUEfl1WxOCYvU0Y9Al8t
QbgLbruET6XIgE76M3FLsnGxIrjEPPtrR8tRf80xKw+7nl7MfFBoMePzqd7fXZGDHCPN
I1ZjlT83Dp7GcDh0m22lCKFwYZi4P/GpH7dGsdYUYmbJsnsgpF6SwGZW5KLhDjeQXH3e
0wvQT6UYLJRZFbmX3mFK1+4xyP7nbQ8CY9KTmQhDH21ukjVt9xmQsbGXsB3o8AqJKOLu
HKgdyCx7CfCn/Jghcb74KAw2Mzx+2fboh8DoAWUufRR0KnrHKqytwAw4a7QIh38YkZKd
fcig==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20210112;
h=x-gm-message-state:mime-version:in-reply-to:references:from:date
:message-id:subject:to:cc;
bh=qlscycBhxdukba6Gv94juYzf4qBRy95127ttY2Ihs/Q=;
b=y+AGRFft2C2Ozsj5JR784Kl0ZYmJb7S322m42HX3YNEK9FpdRhKjVe5V2G6PsiiO5l
ncX2hJh2wDvWPZkJRl59oJS9dqw6U9cnXCP32u7GGuxUleY+wG1vF68kaClIXcIgj2rK
ZUQ6F8qSQvtG7Y6ebUI2qGQhkH2Eo9ZWjWz9tIJFXFS7X8qZTdbj7wjjYoLFsDkPgfFW
yrCEz74oJ331ZVNBh1JUoUdzUrMfmibKTFglT+oFukC3vi/LJmGUO8CHitaolFwLMEvH
v06i/R4KNixMy1WfD0hbekK3iVP1g4zJ79zeNvcfD6H1H/9EYeNyiJ4MOe6FtVJiMyob
Qhgg==
X-Gm-Message-State: AOAM531wKZKv5g77l4c0EfPaKw1nh4El/tb+oiE6XEB8vBNul39b6Qx8
JztpNqe1pKflhcI7/VsY+IaYwrQQwT9LyEHrAQpSMsnx
X-Google-Smtp-Source: ABdhPJznt1UqOoMDIfdNnOzdzS+eYgpKSxbuGciTtfyt8JrM/HkjOBvbugRTDzjopEp5bZT6SDrs5gZ4XgDaNUmJcUo=
X-Received: by 2002:a17:902:da8c:b0:15e:c90a:8a8d with SMTP id
j12-20020a170902da8c00b0015ec90a8a8dmr2576798plx.165.1652413345657; Thu, 12
May 2022 20:42:25 -0700 (PDT)
In-Reply-To: <84e2a35c-3882-aaf5-a0a6-3efefc1ceb8d@dewhirst.com.au>
X-BeenThere: python-list@python.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: General discussion list for the Python programming language
<python-list.python.org>
List-Unsubscribe: <https://mail.python.org/mailman/options/python-list>,
<mailto:python-list-request@python.org?subject=unsubscribe>
List-Archive: <https://mail.python.org/pipermail/python-list/>
List-Post: <mailto:python-list@python.org>
List-Help: <mailto:python-list-request@python.org?subject=help>
List-Subscribe: <https://mail.python.org/mailman/listinfo/python-list>,
<mailto:python-list-request@python.org?subject=subscribe>
X-Mailman-Original-Message-ID: <CACL+1asQGepD+Lw7w9W-jiFUNYWLqRvZJ0uEufT5Ow1siJvJTg@mail.gmail.com>
X-Mailman-Original-References: <84e2a35c-3882-aaf5-a0a6-3efefc1ceb8d@dewhirst.com.au>

by: Eryk Sun - Fri, 13 May 2022 03:42 UTC

On 5/12/22, Mike Dewhirst <miked@dewhirst.com.au> wrote:
>
> access=wr.KEY_ALL_ACCESS + wr.KEY_WRITE,

The access parameter is a bit mask of access rights that combine via
bitwise OR (|), not via arithmetic addition.

KEY_ALL_ACCESS (0x000F_003F) is a superset of KEY_WRITE (0x0002_0006):

KEY_WRITE = (
READ_CONTROL | # 0x0002_0000
KEY_SET_VALUE | # 0x0000_0002
KEY_CREATE_SUB_KEY | # 0x0000_0004
) # 0x0002_0006

The result of the arithmetic addition `KEY_ALL_ACCESS + KEY_WRITE` is
0x0011_0045, which is wrong and meaningless. Registry key objects do
not support SYNCHRONIZE (0x0010_0000) access; DELETE (0x0001_0000)
access isn't needed; 0x0000_0040 is not a supported key right;
KEY_CREATE_SUB_KEY (0x0000_0004) access isn't needed; and
KEY_QUERY_VALUE (0x0000_0001) isn't sufficient.

You should limit the requested access to the specific access rights
that are required for querying and setting values in the key:

access=(wr.KEY_QUERY_VALUE | wr.KEY_SET_VALUE)

> def setvalue(self, vname, value):
> return wr.SetValueEx(self.select(), vname, 0, 1, value)

You shouldn't hard code the value of the data type constant. Use
wr.REG_SZ instead of 1.

The return value of self.select() is a winreg PyHKEY object that wraps
the OS handle for the key object. You're relying on implicit closing
of this handle based on referencing counting. It's cleaner to use it
in a `with` statement, as you would for a file object returned by
open(). For example:

with self.select() as hkey:
wr.SetValueEx(hkey, vname, 0, wr.REG_SZ, value)

> lmregistry = Registry(
> hkey=wr.HKEY_LOCAL_MACHINE,
> sub_key="SOFTWARE\WOW6432Node\XXX Technology\AppName",

You really shouldn't open the "WOW6432Node" key directly. It is an
implementation detail of the WOW64 subsystem that runs 32-bit
applications on a 64-bit system. If you need to operate on the
registry keys of 32-bit applications from a native 64-bit process,
open the normal path using the access right KEY_WOW64_32KEY
(0x0000_0200). For example:

hkey = wr.HKEY_LOCAL_MACHINE
subkey = r"SOFTWARE\XXX Technology\AppName"
access = (
wr.KEY_QUERY_VALUE |
wr.KEY_SET_VALUE |
wr.KEY_WOW64_32KEY
)

Typically you'd first try opening the path without either
KEY_WOW64_32KEY or KEY_WOW64_64KEY. The default view matches the
current process.

https://docs.microsoft.com/en-us/windows/win32/winprog64/accessing-an-alternate-registry-view

Remember to escape the backslash separators in string literals of key
paths, or use raw string literals as I used in the above example.

Subject	Author
Re: Windows registry PermissionError	Eryk Sun