File Coverage

blib/lib/Win32/Security/EFS.pm

Criterion	Covered	Total	%
statement	9	9	100.0
branch			n/a
condition			n/a
subroutine	3	3	100.0
pod			n/a
total	12	12	100.0

line	stmt	sub	time	code
1				package Win32::Security::EFS;
2
3	2	2	1942	use strict;
	2		3
	2		84
4	2	2	12	use warnings;
	2		3
	2		84
5
6	2	2	25	use base qw/Exporter Win32::API::Interface/;
	2		4
	2		1739
7				use vars qw/$VERSION @EXPORT_OK %EXPORT_TAGS/;
8				$VERSION = '0.11';
9
10				use File::Spec ();
11
12				my %consts;
13
14				BEGIN {
15				%consts = (
16				FILE_ENCRYPTABLE => 0,
17				FILE_IS_ENCRYPTED => 1,
18				FILE_SYSTEM_ATTR => 2,
19				FILE_ROOT_DIR => 3,
20				FILE_SYSTEM_DIR => 4,
21				FILE_UNKNOWN => 5,
22				FILE_SYSTEM_NOT_SUPPORT => 6,
23				FILE_USER_DISALLOWED => 7,
24				FILE_READ_ONLY => 8,
25				FILE_DIR_DISALLOWED => 9,
26				);
27				}
28
29				use constant \%consts;
30
31				__PACKAGE__->generate(
32				{
33				'advapi32' => [
34				[
35				'EncryptFile',
36				'P', 'I', '',
37				sub {
38				my ( $self, $filename ) = @_;
39				return $self->Call( File::Spec->canonpath($filename) );
40				},
41				],
42				[
43				'DecryptFile',
44				'PN',
45				'I',
46				'',
47				sub {
48				my ( $self, $filename, $reserved ) = @_;
49				return $self->Call( File::Spec->canonpath($filename),
50				$reserved );
51				},
52				],
53				[
54				'FileEncryptionStatus',
55				'PP',
56				'I',
57				'',
58				sub {
59				my ( $self, $filename, $statusref ) = @_;
60				$$statusref = "\0" x 4;
61				return $self->Call( File::Spec->canonpath($filename),
62				$$statusref );
63				},
64				],
65				[
66				'EncryptionDisable',
67				'PI',
68				'I',
69				'',
70				sub {
71				my ( $self, $filename, $disable ) = @_;
72				return $self->Call( File::Spec->canonpath($filename),
73				$disable );
74				},
75				],
76				[
77				'QueryUsersOnEncryptedFile',
78				'PP',
79				'I',
80				'__QueryUsersOnEncryptedFile',
81				sub {
82				my ( $self, $filename, $usersref ) = @_;
83
84				my $users = pack("L", 0x0);
85				my $retval =
86				$self->Call(
87				__make_unicode( File::Spec->canonpath($filename) ),
88				$users );
89
90				print STDERR "\nusers: ", unpack("PP", $users), "\n";
91				},
92				],
93				],
94				}
95				);
96
97				%EXPORT_TAGS = (
98				consts => [ __PACKAGE__->constant_names ],
99				api => [ __PACKAGE__->generated ]
100				);
101				@EXPORT_OK = ( __PACKAGE__->constant_names, __PACKAGE__->generated );
102
103				=head1 NAME
104
105				Win32::Security::EFS - Perl interface to functions that assist in working
106				with EFS (Encrypted File System) under Windows plattforms.
107
108				=head1 SYNOPSIS
109
110				use Win32::Security::EFS;
111
112				if(Win32::Security::EFS->supported()) {
113				Win32::Security::EFS->encrypt('some/file');
114				Win32::Security::EFS->decrypt('some/file');
115				}
116
117
118
119
120				=head1 DESCRIPTION
121
122				The Encrypted File System, or EFS, was introduced in version 5 of NTFS to
123				provide an additional level of security for files and directories. It
124				provides cryptographic protection of individual files on NTFS volumes
125				using a public-key system. Typically, the access control to file and
126				directory objects provided by the Windows security model is sufficient to
127				protect unauthorized access to sensitive information. However, if a laptop
128				containing sensitive data is lost or stolen, the security protection of
129				that data may be compromised. Encrypting the files increases security in
130				this scenario.
131
132				=head2 METHODS
133
134				=over 4
135
136				=item B
137
138				Returns I iff the underlaying filesystem supports EFS
139
140				=cut
141
142				sub supported {
143				require Win32;
144
145				my ( undef, $flags, undef ) = Win32::FsType();
146				return ( $flags & 0x00020000 ) > 0;
147				}
148
149				=item B
150
151				=cut
152
153				sub constant_names {
154				return keys %consts;
155				}
156
157				=item B
158
159				The I function encrypts a file or directory. All data streams in a file are encrypted.
160				All new files created in an encrypted directory are encrypted.
161
162				=cut
163
164				sub encrypt {
165				my ( $self, $filename ) = @_;
166				return $self->EncryptFile($filename);
167				}
168
169				=item B
170
171				The I function decrypts an encrypted file or directory.
172
173				=cut
174
175				sub decrypt {
176				my ( $self, $filename ) = @_;
177				return $self->DecryptFile( $filename, 0 );
178				}
179
180				=item B
181
182				The I function retrieves the encryption status of the specified file.
183
184				If the function succeeds, it will return one of the following values see the L section.
185
186				=cut
187
188				sub encryption_status {
189				my ( $self, $filename ) = @_;
190				my $status;
191				my $result = $self->FileEncryptionStatus( $filename, \$status );
192				return $result ? unpack( "L*", $status ) : undef;
193				}
194
195				=item B
196
197				The I function disables encryption of the specified directory and the files in it.
198				It does not affect encryption of subdirectories below the indicated directory.
199
200				=cut
201
202				sub encryption_disable {
203				my ( $self, $dirpath ) = @_;
204				return $self->EncryptionDisable( $dirpath, 1 );
205				}
206
207				=item B
208
209				The I function enables encryption of the specified directory and the files in it.
210				It does not affect encryption of subdirectories below the indicated directory.
211
212				=cut
213
214				sub encryption_enable {
215				my ( $self, $dirpath ) = @_;
216				return $self->EncryptionDisable( $dirpath, 0 );
217				}
218
219				=back
220
221				=head2 FUNCTIONS
222
223				You have the possibility to access the plain API directly. Therefore the
224				following functions can be exported:
225
226				use Win32::Security::EFS ':api';
227
228				=over 4
229
230				=item B
231
232				BOOL EncryptFile(
233				LPCTSTR lpFileName // file name
234				);
235
236				=item B
237
238				BOOL DecryptFile(
239				LPCTSTR lpFileName, // file name
240				DWORD dwReserved // reserved; must be zero
241				);
242
243				=item B
244
245				BOOL FileEncryptionStatus(
246				LPCTSTR lpFileName, // file name
247				LPDWORD lpStatus // encryption status
248				);
249
250				=item B
251
252				BOOL EncryptionDisable(
253				LPCWSTR lpDirPath,
254				BOOL fDisable
255				);
256
257				=item B
258
259				Not yet implemented.
260
261				=back
262
263				=head1 CONSTANTS
264
265				You can import all constants by importing Win32::Security::EFS like
266
267				use Win32::Security::EFS ':consts';
268
269				=over 4
270
271				=item *
272				encryption_status constants
273
274				=over 4
275
276				=item *
277				I
278				Reserved for future use.
279
280				=item *
281				I
282				The file can be encrypted.
283
284				=item *
285				I
286				The file is encrypted.
287
288				=item *
289				I
290				The file is a read-only file.
291
292				=item *
293				I
294				The file is a root directory. Root directories cannot be encrypted.
295
296				=item *
297				I
298				The file is a system file. System files cannot be encrypted.
299
300				=item *
301				I
302				The file is a system directory. System directories cannot be encrypted.
303
304				=item *
305				I
306				The file system does not support file encryption.
307
308				=item *
309				I
310				The encryption status is unknown. The file may be encrypted.
311
312				=item *
313				I
314				Reserved for future use.
315
316				=back
317
318				=back
319
320				=head1 AUTHOR
321
322				Sascha Kiefer, L
323
324				=head1 COPYRIGHT AND LICENSE
325
326				Copyright (C) 2006 Sascha Kiefer
327
328				This library is free software; you can redistribute it and/or modify
329				it under the same terms as Perl itself.
330
331				=cut
332
333				sub __make_unicode {
334				require Encode;
335				return map { Encode::encode( 'UTF-16LE', $_, 1 ) } @_;
336				}
337
338				1;