def get_domain_sid(): policy_handle = win32security.GetPolicyHandle( '', win32security.POLICY_ALL_ACCESS) sid = win32security.LsaQueryInformationPolicy( policy_handle, win32security.PolicyDnsDomainInformation)[4] sid = str(sid).split(':')[1] win32security.LsaClose(policy_handle) return sid
import win32security policy_handle = win32security.GetPolicyHandle('', win32security.POLICY_ALL_ACCESS) privatedata = 'some sensitive data' keyname = 'tmp' win32security.LsaStorePrivateData(policy_handle, keyname, privatedata) retrieveddata = win32security.LsaRetrievePrivateData(policy_handle, keyname) assert retrieveddata == privatedata # passing None deletes key win32security.LsaStorePrivateData(policy_handle, keyname, None) win32security.LsaClose(policy_handle)
def GetLocalSecurityPolicyHandle(systemName, desiredAccess): # Context manager for GetPolicyHandle policyHandle = win32security.GetPolicyHandle(systemName, desiredAccess) yield policyHandle win32security.LsaClose(policyHandle)
def startasync(self, args, config): """ First checks for a valid installation, then checks the grid, then registers the action: "node HOST start" """ self.check_access(config=config) self.checkice() self.check_node(args) if self._isWindows(): self.checkwindows(args) if 0 == self.status(args, node_only=True): self.ctx.die(876, "Server already running") self._initDir() # Do a check to see if we've started before. self._regdata() self.check([]) user = args.user pasw = args.password descript = self._descript(args) if self._isWindows(): svc_name = "OMERO.%s" % args.node output = self._query_service(svc_name) # Now check if the server exists if 0 <= output.find("DOESNOTEXIST"): binpath = """icegridnode.exe "%s" --deploy "%s" --service\ %s""" % (self._icecfg(), descript, svc_name) # By default: "NT Authority\Local System" if not user: try: user = config.as_map()["omero.windows.user"] except KeyError: user = None if user is not None and len(user) > 0: if not "\\" in user: computername = win32api.GetComputerName() user = "******".join([computername, user]) try: # See #9967, code based on http://mail.python.org/\ # pipermail/python-win32/2010-October/010791.html self.ctx.out("Granting SeServiceLogonRight to service" " user \"%s\"" % user) policy_handle = win32security.LsaOpenPolicy( None, win32security.POLICY_ALL_ACCESS) sid_obj, domain, tmp = \ win32security.LookupAccountName(None, user) win32security.LsaAddAccountRights( policy_handle, sid_obj, ('SeServiceLogonRight', )) win32security.LsaClose(policy_handle) except pywintypes.error, details: self.ctx.die( 200, "Error during service user set up:" " (%s) %s" % (details[0], details[2])) if not pasw: try: pasw = config.as_map()["omero.windows.pass"] except KeyError: pasw = self._ask_for_password( " for service user \"%s\"" % user) else: pasw = None hscm = win32service.OpenSCManager( None, None, win32service.SC_MANAGER_ALL_ACCESS) try: self.ctx.out("Installing %s Windows service." % svc_name) hs = win32service.CreateService( hscm, svc_name, svc_name, win32service.SERVICE_ALL_ACCESS, win32service.SERVICE_WIN32_OWN_PROCESS, win32service.SERVICE_AUTO_START, win32service.SERVICE_ERROR_NORMAL, binpath, None, 0, None, user, pasw) self.ctx.out("Successfully installed %s Windows service." % svc_name) win32service.CloseServiceHandle(hs) finally: win32service.CloseServiceHandle(hscm) # Then check if the server is already running if 0 <= output.find("RUNNING"): self.ctx.die( 201, "%s is already running. Use stop first" % svc_name) # Finally, try to start the service - delete if startup fails hscm = win32service.OpenSCManager( None, None, win32service.SC_MANAGER_ALL_ACCESS) try: try: hs = win32service.OpenService( hscm, svc_name, win32service.SC_MANAGER_ALL_ACCESS) win32service.StartService(hs, None) self.ctx.out("Starting %s Windows service." % svc_name) except pywintypes.error, details: self.ctx.out("%s service startup failed: (%s) %s" % (svc_name, details[0], details[2])) win32service.DeleteService(hs) self.ctx.die(202, "%s service deleted." % svc_name) finally: win32service.CloseServiceHandle(hs) win32service.CloseServiceHandle(hscm)