line |
stmt |
bran |
cond |
sub |
pod |
time |
code |
1
|
|
|
|
|
|
|
package Win32::Security::EFS;
|
2
|
|
|
|
|
|
|
|
3
|
2
|
|
|
2
|
|
1942
|
use strict;
|
|
2
|
|
|
|
|
3
|
|
|
2
|
|
|
|
|
84
|
|
4
|
2
|
|
|
2
|
|
12
|
use warnings;
|
|
2
|
|
|
|
|
3
|
|
|
2
|
|
|
|
|
84
|
|
5
|
|
|
|
|
|
|
|
6
|
2
|
|
|
2
|
|
25
|
use base qw/Exporter Win32::API::Interface/;
|
|
2
|
|
|
|
|
4
|
|
|
2
|
|
|
|
|
1739
|
|
7
|
|
|
|
|
|
|
use vars qw/$VERSION @EXPORT_OK %EXPORT_TAGS/;
|
8
|
|
|
|
|
|
|
$VERSION = '0.11';
|
9
|
|
|
|
|
|
|
|
10
|
|
|
|
|
|
|
use File::Spec ();
|
11
|
|
|
|
|
|
|
|
12
|
|
|
|
|
|
|
my %consts;
|
13
|
|
|
|
|
|
|
|
14
|
|
|
|
|
|
|
BEGIN {
|
15
|
|
|
|
|
|
|
%consts = (
|
16
|
|
|
|
|
|
|
FILE_ENCRYPTABLE => 0,
|
17
|
|
|
|
|
|
|
FILE_IS_ENCRYPTED => 1,
|
18
|
|
|
|
|
|
|
FILE_SYSTEM_ATTR => 2,
|
19
|
|
|
|
|
|
|
FILE_ROOT_DIR => 3,
|
20
|
|
|
|
|
|
|
FILE_SYSTEM_DIR => 4,
|
21
|
|
|
|
|
|
|
FILE_UNKNOWN => 5,
|
22
|
|
|
|
|
|
|
FILE_SYSTEM_NOT_SUPPORT => 6,
|
23
|
|
|
|
|
|
|
FILE_USER_DISALLOWED => 7,
|
24
|
|
|
|
|
|
|
FILE_READ_ONLY => 8,
|
25
|
|
|
|
|
|
|
FILE_DIR_DISALLOWED => 9,
|
26
|
|
|
|
|
|
|
);
|
27
|
|
|
|
|
|
|
}
|
28
|
|
|
|
|
|
|
|
29
|
|
|
|
|
|
|
use constant \%consts;
|
30
|
|
|
|
|
|
|
|
31
|
|
|
|
|
|
|
__PACKAGE__->generate(
|
32
|
|
|
|
|
|
|
{
|
33
|
|
|
|
|
|
|
'advapi32' => [
|
34
|
|
|
|
|
|
|
[
|
35
|
|
|
|
|
|
|
'EncryptFile',
|
36
|
|
|
|
|
|
|
'P', 'I', '',
|
37
|
|
|
|
|
|
|
sub {
|
38
|
|
|
|
|
|
|
my ( $self, $filename ) = @_;
|
39
|
|
|
|
|
|
|
return $self->Call( File::Spec->canonpath($filename) );
|
40
|
|
|
|
|
|
|
},
|
41
|
|
|
|
|
|
|
],
|
42
|
|
|
|
|
|
|
[
|
43
|
|
|
|
|
|
|
'DecryptFile',
|
44
|
|
|
|
|
|
|
'PN',
|
45
|
|
|
|
|
|
|
'I',
|
46
|
|
|
|
|
|
|
'',
|
47
|
|
|
|
|
|
|
sub {
|
48
|
|
|
|
|
|
|
my ( $self, $filename, $reserved ) = @_;
|
49
|
|
|
|
|
|
|
return $self->Call( File::Spec->canonpath($filename),
|
50
|
|
|
|
|
|
|
$reserved );
|
51
|
|
|
|
|
|
|
},
|
52
|
|
|
|
|
|
|
],
|
53
|
|
|
|
|
|
|
[
|
54
|
|
|
|
|
|
|
'FileEncryptionStatus',
|
55
|
|
|
|
|
|
|
'PP',
|
56
|
|
|
|
|
|
|
'I',
|
57
|
|
|
|
|
|
|
'',
|
58
|
|
|
|
|
|
|
sub {
|
59
|
|
|
|
|
|
|
my ( $self, $filename, $statusref ) = @_;
|
60
|
|
|
|
|
|
|
$$statusref = "\0" x 4;
|
61
|
|
|
|
|
|
|
return $self->Call( File::Spec->canonpath($filename),
|
62
|
|
|
|
|
|
|
$$statusref );
|
63
|
|
|
|
|
|
|
},
|
64
|
|
|
|
|
|
|
],
|
65
|
|
|
|
|
|
|
[
|
66
|
|
|
|
|
|
|
'EncryptionDisable',
|
67
|
|
|
|
|
|
|
'PI',
|
68
|
|
|
|
|
|
|
'I',
|
69
|
|
|
|
|
|
|
'',
|
70
|
|
|
|
|
|
|
sub {
|
71
|
|
|
|
|
|
|
my ( $self, $filename, $disable ) = @_;
|
72
|
|
|
|
|
|
|
return $self->Call( File::Spec->canonpath($filename),
|
73
|
|
|
|
|
|
|
$disable );
|
74
|
|
|
|
|
|
|
},
|
75
|
|
|
|
|
|
|
],
|
76
|
|
|
|
|
|
|
[
|
77
|
|
|
|
|
|
|
'QueryUsersOnEncryptedFile',
|
78
|
|
|
|
|
|
|
'PP',
|
79
|
|
|
|
|
|
|
'I',
|
80
|
|
|
|
|
|
|
'__QueryUsersOnEncryptedFile',
|
81
|
|
|
|
|
|
|
sub {
|
82
|
|
|
|
|
|
|
my ( $self, $filename, $usersref ) = @_;
|
83
|
|
|
|
|
|
|
|
84
|
|
|
|
|
|
|
my $users = pack("L", 0x0);
|
85
|
|
|
|
|
|
|
my $retval =
|
86
|
|
|
|
|
|
|
$self->Call(
|
87
|
|
|
|
|
|
|
__make_unicode( File::Spec->canonpath($filename) ),
|
88
|
|
|
|
|
|
|
$users );
|
89
|
|
|
|
|
|
|
|
90
|
|
|
|
|
|
|
print STDERR "\nusers: ", unpack("PP", $users), "\n";
|
91
|
|
|
|
|
|
|
},
|
92
|
|
|
|
|
|
|
],
|
93
|
|
|
|
|
|
|
],
|
94
|
|
|
|
|
|
|
}
|
95
|
|
|
|
|
|
|
);
|
96
|
|
|
|
|
|
|
|
97
|
|
|
|
|
|
|
%EXPORT_TAGS = (
|
98
|
|
|
|
|
|
|
consts => [ __PACKAGE__->constant_names ],
|
99
|
|
|
|
|
|
|
api => [ __PACKAGE__->generated ]
|
100
|
|
|
|
|
|
|
);
|
101
|
|
|
|
|
|
|
@EXPORT_OK = ( __PACKAGE__->constant_names, __PACKAGE__->generated );
|
102
|
|
|
|
|
|
|
|
103
|
|
|
|
|
|
|
=head1 NAME
|
104
|
|
|
|
|
|
|
|
105
|
|
|
|
|
|
|
Win32::Security::EFS - Perl interface to functions that assist in working
|
106
|
|
|
|
|
|
|
with EFS (Encrypted File System) under Windows plattforms.
|
107
|
|
|
|
|
|
|
|
108
|
|
|
|
|
|
|
=head1 SYNOPSIS
|
109
|
|
|
|
|
|
|
|
110
|
|
|
|
|
|
|
use Win32::Security::EFS;
|
111
|
|
|
|
|
|
|
|
112
|
|
|
|
|
|
|
if(Win32::Security::EFS->supported()) {
|
113
|
|
|
|
|
|
|
Win32::Security::EFS->encrypt('some/file');
|
114
|
|
|
|
|
|
|
Win32::Security::EFS->decrypt('some/file');
|
115
|
|
|
|
|
|
|
}
|
116
|
|
|
|
|
|
|
|
117
|
|
|
|
|
|
|
|
118
|
|
|
|
|
|
|
|
119
|
|
|
|
|
|
|
|
120
|
|
|
|
|
|
|
=head1 DESCRIPTION
|
121
|
|
|
|
|
|
|
|
122
|
|
|
|
|
|
|
The Encrypted File System, or EFS, was introduced in version 5 of NTFS to
|
123
|
|
|
|
|
|
|
provide an additional level of security for files and directories. It
|
124
|
|
|
|
|
|
|
provides cryptographic protection of individual files on NTFS volumes
|
125
|
|
|
|
|
|
|
using a public-key system. Typically, the access control to file and
|
126
|
|
|
|
|
|
|
directory objects provided by the Windows security model is sufficient to
|
127
|
|
|
|
|
|
|
protect unauthorized access to sensitive information. However, if a laptop
|
128
|
|
|
|
|
|
|
containing sensitive data is lost or stolen, the security protection of
|
129
|
|
|
|
|
|
|
that data may be compromised. Encrypting the files increases security in
|
130
|
|
|
|
|
|
|
this scenario.
|
131
|
|
|
|
|
|
|
|
132
|
|
|
|
|
|
|
=head2 METHODS
|
133
|
|
|
|
|
|
|
|
134
|
|
|
|
|
|
|
=over 4
|
135
|
|
|
|
|
|
|
|
136
|
|
|
|
|
|
|
=item B
|
137
|
|
|
|
|
|
|
|
138
|
|
|
|
|
|
|
Returns I iff the underlaying filesystem supports EFS
|
139
|
|
|
|
|
|
|
|
140
|
|
|
|
|
|
|
=cut
|
141
|
|
|
|
|
|
|
|
142
|
|
|
|
|
|
|
sub supported {
|
143
|
|
|
|
|
|
|
require Win32;
|
144
|
|
|
|
|
|
|
|
145
|
|
|
|
|
|
|
my ( undef, $flags, undef ) = Win32::FsType();
|
146
|
|
|
|
|
|
|
return ( $flags & 0x00020000 ) > 0;
|
147
|
|
|
|
|
|
|
}
|
148
|
|
|
|
|
|
|
|
149
|
|
|
|
|
|
|
=item B
|
150
|
|
|
|
|
|
|
|
151
|
|
|
|
|
|
|
=cut
|
152
|
|
|
|
|
|
|
|
153
|
|
|
|
|
|
|
sub constant_names {
|
154
|
|
|
|
|
|
|
return keys %consts;
|
155
|
|
|
|
|
|
|
}
|
156
|
|
|
|
|
|
|
|
157
|
|
|
|
|
|
|
=item B
|
158
|
|
|
|
|
|
|
|
159
|
|
|
|
|
|
|
The I function encrypts a file or directory. All data streams in a file are encrypted.
|
160
|
|
|
|
|
|
|
All new files created in an encrypted directory are encrypted.
|
161
|
|
|
|
|
|
|
|
162
|
|
|
|
|
|
|
=cut
|
163
|
|
|
|
|
|
|
|
164
|
|
|
|
|
|
|
sub encrypt {
|
165
|
|
|
|
|
|
|
my ( $self, $filename ) = @_;
|
166
|
|
|
|
|
|
|
return $self->EncryptFile($filename);
|
167
|
|
|
|
|
|
|
}
|
168
|
|
|
|
|
|
|
|
169
|
|
|
|
|
|
|
=item B
|
170
|
|
|
|
|
|
|
|
171
|
|
|
|
|
|
|
The I function decrypts an encrypted file or directory.
|
172
|
|
|
|
|
|
|
|
173
|
|
|
|
|
|
|
=cut
|
174
|
|
|
|
|
|
|
|
175
|
|
|
|
|
|
|
sub decrypt {
|
176
|
|
|
|
|
|
|
my ( $self, $filename ) = @_;
|
177
|
|
|
|
|
|
|
return $self->DecryptFile( $filename, 0 );
|
178
|
|
|
|
|
|
|
}
|
179
|
|
|
|
|
|
|
|
180
|
|
|
|
|
|
|
=item B
|
181
|
|
|
|
|
|
|
|
182
|
|
|
|
|
|
|
The I function retrieves the encryption status of the specified file.
|
183
|
|
|
|
|
|
|
|
184
|
|
|
|
|
|
|
If the function succeeds, it will return one of the following values see the L section.
|
185
|
|
|
|
|
|
|
|
186
|
|
|
|
|
|
|
=cut
|
187
|
|
|
|
|
|
|
|
188
|
|
|
|
|
|
|
sub encryption_status {
|
189
|
|
|
|
|
|
|
my ( $self, $filename ) = @_;
|
190
|
|
|
|
|
|
|
my $status;
|
191
|
|
|
|
|
|
|
my $result = $self->FileEncryptionStatus( $filename, \$status );
|
192
|
|
|
|
|
|
|
return $result ? unpack( "L*", $status ) : undef;
|
193
|
|
|
|
|
|
|
}
|
194
|
|
|
|
|
|
|
|
195
|
|
|
|
|
|
|
=item B
|
196
|
|
|
|
|
|
|
|
197
|
|
|
|
|
|
|
The I function disables encryption of the specified directory and the files in it.
|
198
|
|
|
|
|
|
|
It does not affect encryption of subdirectories below the indicated directory.
|
199
|
|
|
|
|
|
|
|
200
|
|
|
|
|
|
|
=cut
|
201
|
|
|
|
|
|
|
|
202
|
|
|
|
|
|
|
sub encryption_disable {
|
203
|
|
|
|
|
|
|
my ( $self, $dirpath ) = @_;
|
204
|
|
|
|
|
|
|
return $self->EncryptionDisable( $dirpath, 1 );
|
205
|
|
|
|
|
|
|
}
|
206
|
|
|
|
|
|
|
|
207
|
|
|
|
|
|
|
=item B
|
208
|
|
|
|
|
|
|
|
209
|
|
|
|
|
|
|
The I function enables encryption of the specified directory and the files in it.
|
210
|
|
|
|
|
|
|
It does not affect encryption of subdirectories below the indicated directory.
|
211
|
|
|
|
|
|
|
|
212
|
|
|
|
|
|
|
=cut
|
213
|
|
|
|
|
|
|
|
214
|
|
|
|
|
|
|
sub encryption_enable {
|
215
|
|
|
|
|
|
|
my ( $self, $dirpath ) = @_;
|
216
|
|
|
|
|
|
|
return $self->EncryptionDisable( $dirpath, 0 );
|
217
|
|
|
|
|
|
|
}
|
218
|
|
|
|
|
|
|
|
219
|
|
|
|
|
|
|
=back
|
220
|
|
|
|
|
|
|
|
221
|
|
|
|
|
|
|
=head2 FUNCTIONS
|
222
|
|
|
|
|
|
|
|
223
|
|
|
|
|
|
|
You have the possibility to access the plain API directly. Therefore the
|
224
|
|
|
|
|
|
|
following functions can be exported:
|
225
|
|
|
|
|
|
|
|
226
|
|
|
|
|
|
|
use Win32::Security::EFS ':api';
|
227
|
|
|
|
|
|
|
|
228
|
|
|
|
|
|
|
=over 4
|
229
|
|
|
|
|
|
|
|
230
|
|
|
|
|
|
|
=item B
|
231
|
|
|
|
|
|
|
|
232
|
|
|
|
|
|
|
BOOL EncryptFile(
|
233
|
|
|
|
|
|
|
LPCTSTR lpFileName // file name
|
234
|
|
|
|
|
|
|
);
|
235
|
|
|
|
|
|
|
|
236
|
|
|
|
|
|
|
=item B
|
237
|
|
|
|
|
|
|
|
238
|
|
|
|
|
|
|
BOOL DecryptFile(
|
239
|
|
|
|
|
|
|
LPCTSTR lpFileName, // file name
|
240
|
|
|
|
|
|
|
DWORD dwReserved // reserved; must be zero
|
241
|
|
|
|
|
|
|
);
|
242
|
|
|
|
|
|
|
|
243
|
|
|
|
|
|
|
=item B
|
244
|
|
|
|
|
|
|
|
245
|
|
|
|
|
|
|
BOOL FileEncryptionStatus(
|
246
|
|
|
|
|
|
|
LPCTSTR lpFileName, // file name
|
247
|
|
|
|
|
|
|
LPDWORD lpStatus // encryption status
|
248
|
|
|
|
|
|
|
);
|
249
|
|
|
|
|
|
|
|
250
|
|
|
|
|
|
|
=item B
|
251
|
|
|
|
|
|
|
|
252
|
|
|
|
|
|
|
BOOL EncryptionDisable(
|
253
|
|
|
|
|
|
|
LPCWSTR lpDirPath,
|
254
|
|
|
|
|
|
|
BOOL fDisable
|
255
|
|
|
|
|
|
|
);
|
256
|
|
|
|
|
|
|
|
257
|
|
|
|
|
|
|
=item B
|
258
|
|
|
|
|
|
|
|
259
|
|
|
|
|
|
|
Not yet implemented.
|
260
|
|
|
|
|
|
|
|
261
|
|
|
|
|
|
|
=back
|
262
|
|
|
|
|
|
|
|
263
|
|
|
|
|
|
|
=head1 CONSTANTS
|
264
|
|
|
|
|
|
|
|
265
|
|
|
|
|
|
|
You can import all constants by importing Win32::Security::EFS like
|
266
|
|
|
|
|
|
|
|
267
|
|
|
|
|
|
|
use Win32::Security::EFS ':consts';
|
268
|
|
|
|
|
|
|
|
269
|
|
|
|
|
|
|
=over 4
|
270
|
|
|
|
|
|
|
|
271
|
|
|
|
|
|
|
=item *
|
272
|
|
|
|
|
|
|
encryption_status constants
|
273
|
|
|
|
|
|
|
|
274
|
|
|
|
|
|
|
=over 4
|
275
|
|
|
|
|
|
|
|
276
|
|
|
|
|
|
|
=item *
|
277
|
|
|
|
|
|
|
I
|
278
|
|
|
|
|
|
|
Reserved for future use.
|
279
|
|
|
|
|
|
|
|
280
|
|
|
|
|
|
|
=item *
|
281
|
|
|
|
|
|
|
I
|
282
|
|
|
|
|
|
|
The file can be encrypted.
|
283
|
|
|
|
|
|
|
|
284
|
|
|
|
|
|
|
=item *
|
285
|
|
|
|
|
|
|
I
|
286
|
|
|
|
|
|
|
The file is encrypted.
|
287
|
|
|
|
|
|
|
|
288
|
|
|
|
|
|
|
=item *
|
289
|
|
|
|
|
|
|
I
|
290
|
|
|
|
|
|
|
The file is a read-only file.
|
291
|
|
|
|
|
|
|
|
292
|
|
|
|
|
|
|
=item *
|
293
|
|
|
|
|
|
|
I
|
294
|
|
|
|
|
|
|
The file is a root directory. Root directories cannot be encrypted.
|
295
|
|
|
|
|
|
|
|
296
|
|
|
|
|
|
|
=item *
|
297
|
|
|
|
|
|
|
I
|
298
|
|
|
|
|
|
|
The file is a system file. System files cannot be encrypted.
|
299
|
|
|
|
|
|
|
|
300
|
|
|
|
|
|
|
=item *
|
301
|
|
|
|
|
|
|
I
|
302
|
|
|
|
|
|
|
The file is a system directory. System directories cannot be encrypted.
|
303
|
|
|
|
|
|
|
|
304
|
|
|
|
|
|
|
=item *
|
305
|
|
|
|
|
|
|
I
|
306
|
|
|
|
|
|
|
The file system does not support file encryption.
|
307
|
|
|
|
|
|
|
|
308
|
|
|
|
|
|
|
=item *
|
309
|
|
|
|
|
|
|
I
|
310
|
|
|
|
|
|
|
The encryption status is unknown. The file may be encrypted.
|
311
|
|
|
|
|
|
|
|
312
|
|
|
|
|
|
|
=item *
|
313
|
|
|
|
|
|
|
I
|
314
|
|
|
|
|
|
|
Reserved for future use.
|
315
|
|
|
|
|
|
|
|
316
|
|
|
|
|
|
|
=back
|
317
|
|
|
|
|
|
|
|
318
|
|
|
|
|
|
|
=back
|
319
|
|
|
|
|
|
|
|
320
|
|
|
|
|
|
|
=head1 AUTHOR
|
321
|
|
|
|
|
|
|
|
322
|
|
|
|
|
|
|
Sascha Kiefer, L
|
323
|
|
|
|
|
|
|
|
324
|
|
|
|
|
|
|
=head1 COPYRIGHT AND LICENSE
|
325
|
|
|
|
|
|
|
|
326
|
|
|
|
|
|
|
Copyright (C) 2006 Sascha Kiefer
|
327
|
|
|
|
|
|
|
|
328
|
|
|
|
|
|
|
This library is free software; you can redistribute it and/or modify
|
329
|
|
|
|
|
|
|
it under the same terms as Perl itself.
|
330
|
|
|
|
|
|
|
|
331
|
|
|
|
|
|
|
=cut
|
332
|
|
|
|
|
|
|
|
333
|
|
|
|
|
|
|
sub __make_unicode {
|
334
|
|
|
|
|
|
|
require Encode;
|
335
|
|
|
|
|
|
|
return map { Encode::encode( 'UTF-16LE', $_, 1 ) } @_;
|
336
|
|
|
|
|
|
|
}
|
337
|
|
|
|
|
|
|
|
338
|
|
|
|
|
|
|
1;
|