Home Explore Help
Register Sign In
wzj
/
Sources_For_Win
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 3952626ba1
Branches Tags
Sources_For_...
/
ParaView
/
Lib
/
site-packages
/
win32
/
Demos
/
security
/
setsecurityinfo.py

setsecurityinfo.py 4.0 KB
History Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061 
  1. import win32security,win32api,win32con, win32process
    2. 

  2. ## You need SE_RESTORE_NAME to be able to set the owner of a security descriptor to anybody
    3. 

  3. ## other than yourself or your primary group.  Most admin logins don't have it by default, so
    4. 

  4. ## enabling it may fail
    5. 

  5. new_privs = ((win32security.LookupPrivilegeValue('',win32security.SE_SECURITY_NAME),win32con.SE_PRIVILEGE_ENABLED),
    6. 

  6.              (win32security.LookupPrivilegeValue('',win32security.SE_TCB_NAME),win32con.SE_PRIVILEGE_ENABLED),
    7. 

  7.              (win32security.LookupPrivilegeValue('',win32security.SE_SHUTDOWN_NAME),win32con.SE_PRIVILEGE_ENABLED),
    8. 

  8.              (win32security.LookupPrivilegeValue('',win32security.SE_RESTORE_NAME),win32con.SE_PRIVILEGE_ENABLED),
    9. 

  9.              (win32security.LookupPrivilegeValue('',win32security.SE_TAKE_OWNERSHIP_NAME),win32con.SE_PRIVILEGE_ENABLED),
    10. 

  10.              (win32security.LookupPrivilegeValue('',win32security.SE_CREATE_PERMANENT_NAME),win32con.SE_PRIVILEGE_ENABLED),
    11. 

  11.              (win32security.LookupPrivilegeValue('',win32security.SE_ENABLE_DELEGATION_NAME),win32con.SE_PRIVILEGE_ENABLED),
    12. 

  12.              (win32security.LookupPrivilegeValue('',win32security.SE_CHANGE_NOTIFY_NAME),win32con.SE_PRIVILEGE_ENABLED),
    13. 

  13.              (win32security.LookupPrivilegeValue('',win32security.SE_DEBUG_NAME),win32con.SE_PRIVILEGE_ENABLED),
    14. 

  14.              (win32security.LookupPrivilegeValue('',win32security.SE_PROF_SINGLE_PROCESS_NAME),win32con.SE_PRIVILEGE_ENABLED),
    15. 

  15.              (win32security.LookupPrivilegeValue('',win32security.SE_SYSTEM_PROFILE_NAME),win32con.SE_PRIVILEGE_ENABLED),
    16. 

  16.              (win32security.LookupPrivilegeValue('',win32security.SE_LOCK_MEMORY_NAME),win32con.SE_PRIVILEGE_ENABLED)
    17. 

  17.             )
    18. 

  18. 

  19. all_info=win32security.OWNER_SECURITY_INFORMATION|win32security.GROUP_SECURITY_INFORMATION| \
    20. 

  20.      win32security.DACL_SECURITY_INFORMATION|win32security.SACL_SECURITY_INFORMATION
    21. 

  21. 

  22. pid=win32api.GetCurrentProcessId()
    23. 

  23. ph=win32api.OpenProcess(win32con.PROCESS_ALL_ACCESS,0,pid)
    24. 

  24. ## PROCESS_ALL_ACCESS does not contain ACCESS_SYSTEM_SECURITY (neccessy to do SACLs)
    25. 

  25. th = win32security.OpenProcessToken(ph,win32security.TOKEN_ALL_ACCESS)  ##win32con.TOKEN_ADJUST_PRIVILEGES)
    26. 

  26. old_privs=win32security.AdjustTokenPrivileges(th,0,new_privs)
    27. 

  27. my_sid = win32security.GetTokenInformation(th,win32security.TokenUser)[0]
    28. 

  28. pwr_sid=win32security.LookupAccountName('','Power Users')[0]
    29. 

  29. ## reopen process with ACCESS_SYSTEM_SECURITY now that sufficent privs are enabled
    30. 

  30. ph=win32api.OpenProcess(win32con.PROCESS_ALL_ACCESS|win32con.ACCESS_SYSTEM_SECURITY,0,pid)
    31. 

  31. 

  32. sd=win32security.GetSecurityInfo(ph,win32security.SE_KERNEL_OBJECT,all_info)
    33. 

  33. dacl=sd.GetSecurityDescriptorDacl()
    34. 

  34. if dacl is None:
    35. 

  35.     dacl=win32security.ACL()
    36. 

  36. sacl=sd.GetSecurityDescriptorSacl()
    37. 

  37. if sacl is None:
    38. 

  38.     sacl=win32security.ACL()
    39. 

  39. 

  40. dacl_ace_cnt=dacl.GetAceCount()
    41. 

  41. sacl_ace_cnt=sacl.GetAceCount()
    42. 

  42. 

  43. dacl.AddAccessAllowedAce(dacl.GetAclRevision(),win32con.ACCESS_SYSTEM_SECURITY|win32con.WRITE_DAC,my_sid)
    44. 

  44. sacl.AddAuditAccessAce(sacl.GetAclRevision(),win32con.GENERIC_ALL,my_sid,1,1)
    45. 

  45. 

  46. win32security.SetSecurityInfo(ph,win32security.SE_KERNEL_OBJECT,all_info,pwr_sid, pwr_sid, dacl, sacl)
    47. 

  47. new_sd=win32security.GetSecurityInfo(ph,win32security.SE_KERNEL_OBJECT,all_info)
    48. 

  48. 

  49. if new_sd.GetSecurityDescriptorDacl().GetAceCount()!=dacl_ace_cnt+1:
    50. 

  50.     print('New dacl doesn''t contain extra ace ????')
    51. 

  51. if new_sd.GetSecurityDescriptorSacl().GetAceCount()!=sacl_ace_cnt+1:
    52. 

  52.     print('New Sacl doesn''t contain extra ace ????')
    53. 

  53. if win32security.LookupAccountSid('',new_sd.GetSecurityDescriptorOwner())[0]!='Power Users':
    54. 

  54.     print('Owner not successfully set to Power Users !!!!!')
    55. 

  55. if win32security.LookupAccountSid('',new_sd.GetSecurityDescriptorGroup())[0]!='Power Users':
    56. 

  56.     print('Group not successfully set to Power Users !!!!!')
    57. 

  57. 

  58. win32security.SetSecurityInfo(ph,win32security.SE_KERNEL_OBJECT,win32security.SACL_SECURITY_INFORMATION, None, None, None, None)
    59. 

  59. new_sd_1=win32security.GetSecurityInfo(ph,win32security.SE_KERNEL_OBJECT,win32security.SACL_SECURITY_INFORMATION)
    60. 

  60. if new_sd_1.GetSecurityDescriptorSacl() is not None:
    61. 

  61.     print('Unable to set Sacl to NULL !!!!!!!!')
    62.