Add to_string method to security descriptor class

src/_cffi_src/build_bindings.py

@@ -78,6 +78,11 @@ def strip_by_shaif(src):
 
 const UINT32 WFSPY_FILE_ATTRIBUTE_INVALID_FILE_ATTRIBUTES = INVALID_FILE_ATTRIBUTES;
 
+const SECURITY_INFORMATION WFSPY_OWNER_SECURITY_INFORMATION = OWNER_SECURITY_INFORMATION;
+const SECURITY_INFORMATION WFSPY_GROUP_SECURITY_INFORMATION = GROUP_SECURITY_INFORMATION;
+const SECURITY_INFORMATION WFSPY_DACL_SECURITY_INFORMATION = DACL_SECURITY_INFORMATION;
+const SECURITY_INFORMATION WFSPY_SACL_SECURITY_INFORMATION = SACL_SECURITY_INFORMATION;
+
 
 // Bitfields are not handled with CFFI, hence this big hack...
 void configure_FSP_FSCTL_VOLUME_PARAMS(
@@ -306,6 +311,11 @@ def strip_by_shaif(src):
 
 extern const int WFSPY_FILE_ATTRIBUTE_INVALID_FILE_ATTRIBUTES;
 
+extern const SECURITY_INFORMATION WFSPY_OWNER_SECURITY_INFORMATION;
+extern const SECURITY_INFORMATION WFSPY_GROUP_SECURITY_INFORMATION;
+extern const SECURITY_INFORMATION WFSPY_DACL_SECURITY_INFORMATION;
+extern const SECURITY_INFORMATION WFSPY_SACL_SECURITY_INFORMATION;
+
 size_t wcslen(const wchar_t *str);
 """
 )

src/_cffi_src/winfsp.cdef.h

@@ -4,15 +4,12 @@
 
 typedef ULONG NTSTATUS;
 typedef NTSTATUS* PNTSTATUS;
+typedef unsigned long SECURITY_INFORMATION;
 
 
 DWORD GetLastError(void);
 
 
-typedef struct {
-    ...;
-} SECURITY_INFORMATION;
-
 typedef struct {
     ...;
 } IO_STATUS_BLOCK, *PIO_STATUS_BLOCK;
@@ -179,6 +176,15 @@ BOOL ConvertStringSecurityDescriptorToSecurityDescriptorW(
 );
 
 
+BOOL ConvertSecurityDescriptorToStringSecurityDescriptorW(
+  PSECURITY_DESCRIPTOR SecurityDescriptor,
+  DWORD                RequestedStringSDRevision,
+  SECURITY_INFORMATION SecurityInformation,
+  LPWSTR               *StringSecurityDescriptor,
+  PULONG               StringSecurityDescriptorLen
+);
+
+
 HLOCAL LocalFree(
   HLOCAL hMem
 );

src/winfspy/plumbing/security_descriptor.py

@@ -40,6 +40,25 @@ def from_string(cls, string_format):
             )
         return cls(psd[0], psd_size[0])
 
+    def to_string(self):
+        pwstr = ffi.new("PWSTR*")
+        flags = (
+            lib.WFSPY_OWNER_SECURITY_INFORMATION
+            | lib.WFSPY_GROUP_SECURITY_INFORMATION
+            | lib.WFSPY_DACL_SECURITY_INFORMATION
+            | lib.WFSPY_SACL_SECURITY_INFORMATION
+        )
+        if not lib.ConvertSecurityDescriptorToStringSecurityDescriptorW(
+            self.handle, lib.WFSPY_STRING_SECURITY_DESCRIPTOR_REVISION, flags, pwstr, ffi.NULL
+        ):
+            raise RuntimeError(
+                f"Cannot convert the given security descriptor to string: "
+                f"{cook_ntstatus(lib.GetLastError())}"
+            )
+        result = ffi.string(pwstr[0])
+        lib.LocalFree(pwstr[0])
+        return result
+
     def evolve(self, security_information, modification_descriptor):
         psd = ffi.new("SECURITY_DESCRIPTOR**")
         status = lib.FspSetSecurityDescriptor(

src/winfspy/tests/test_security_descriptor.py

@@ -0,0 +1,7 @@
+from winfspy.plumbing import SecurityDescriptor
+
+
+def test_security_descriptor():
+    string = "O:BAG:BAD:P(A;;FA;;;SY)(A;;FA;;;BA)(A;;FA;;;WD)"
+    sd = SecurityDescriptor.from_string(string)
+    assert sd.to_string() == string