Python LookupAccountSid Examples

Example #1

File: localized_names.py Project: Tomas2710/Aiidk

def LookupAliasFromRid(TargetComputer, Rid):
    # Sid is the same regardless of machine, since the well-known
    # BUILTIN domain is referenced.
    sid = pywintypes.SID()
    sid.Initialize(SECURITY_NT_AUTHORITY, 2)

    for i, r in enumerate((SECURITY_BUILTIN_DOMAIN_RID, Rid)):
        sid.SetSubAuthority(i, r)

    name, domain, typ = LookupAccountSid(TargetComputer, sid)
    return name

Example #2

File: sddl.py Project: Beercow/pysddl

def TranslateSid(sid_string):
  """Translate a SID string to an account name.

  Args:
    sid_string: a SID in string form

  Returns:
    A string with the account name if the name resolves.
    None if the name is not found.
  """
  account = LookupAccountSid(None, GetBinarySid(sid_string))

  if account:
    if len(account[1]):
      return account[1] + '\\' + account[0]
    else:
      return account[0]

Example #3

File: localized_names.py Project: Tomas2710/Aiidk

def LookupUserGroupFromRid(TargetComputer, Rid):
    # get the account domain Sid on the target machine
    # note: if you were looking up multiple sids based on the same
    # account domain, only need to call this once.
    umi2 = NetUserModalsGet(TargetComputer, 2)
    domain_sid = umi2['domain_id']

    SubAuthorityCount = domain_sid.GetSubAuthorityCount()

    # create and init new sid with acct domain Sid + acct Rid
    sid = pywintypes.SID()
    sid.Initialize(domain_sid.GetSidIdentifierAuthority(),
                   SubAuthorityCount + 1)

    # copy existing subauthorities from account domain Sid into
    # new Sid
    for i in range(SubAuthorityCount):
        sid.SetSubAuthority(i, domain_sid.GetSubAuthority(i))

    # append Rid to new Sid
    sid.SetSubAuthority(SubAuthorityCount, Rid)

    name, domain, typ = LookupAccountSid(TargetComputer, sid)
    return name

Example #4

                        message = '\n'.join(ev_obj.StringInserts)
                    else:
                        try:
                            message = FormatMessageW(
                                FORMAT_MESSAGE_FROM_HMODULE,
                                self._formatters_cache[ev_obj.SourceName],
                                ev_obj.EventID, LANGID, ev_obj.StringInserts)

                        except error:
                            message = '\n'.join(ev_obj.StringInserts)

                    user = ''

                    if ev_obj.Sid is not None:
                        try:
                            domain, domain_user, _ = LookupAccountSid(server, ev_obj.Sid)
                            user = u'{}\\{}'.format(domain, domain_user)
                        except error:
                            user = str(ev_obj.Sid)

                    if not message:
                        continue

                    yield {
                        'id': int(winerror.HRESULT_CODE(ev_obj.EventID)) + UTC_OFFSET_TIMEDELTA,
                        'EventID': int(winerror.HRESULT_CODE(ev_obj.EventID)),
                        'record': ev_obj.RecordNumber,
                        'date': int(ev_obj.TimeGenerated),
                        'computer': ev_obj.ComputerName,
                        'category': ev_obj.EventCategory,
                        'msg': message,

Example #5

File: readlogs.py Project: trickster07/11111

    def get_events(self, logtype, server=''):
        log = OpenEventLog(server, logtype)
        if not log:
            return

        flags = EVENTLOG_BACKWARDS_READ | EVENTLOG_SEQUENTIAL_READ
        events = ReadEventLog(log, flags, 0)

        try:
            events = True
            while events:
                events = ReadEventLog(log, flags, 0)
                if not events:
                    break

                for ev_obj in events:
                    if not ev_obj.StringInserts:
                        continue

                    message = None

                    if ev_obj.SourceName not in self._formatters_cache and ev_obj.SourceName not in BLACKLIST:
                        try:
                            key = OpenKeyEx(
                                HKEY_LOCAL_MACHINE,
                                r'SYSTEM\CurrentControlSet\Services\EventLog\{}\{}'
                                .format(logtype,
                                        ev_obj.SourceName), 0, KEY_READ)
                        except WindowsError:
                            continue

                        try:
                            dllNames, _ = QueryValueEx(key, 'EventMessageFile')

                            for dllName in dllNames.split(';'):
                                dllName = expandvars(dllName.strip())
                                if not isfile(dllName):
                                    continue

                                dllHandle = LoadLibraryEx(
                                    dllName, 0, LOAD_LIBRARY_AS_DATAFILE)

                                if not dllHandle:
                                    continue

                                try:
                                    message = FormatMessageW(
                                        FORMAT_MESSAGE_FROM_HMODULE, dllHandle,
                                        ev_obj.EventID, LANGID,
                                        ev_obj.StringInserts)

                                except error:
                                    FreeLibrary(dllHandle)
                                    continue

                                if message:
                                    self._formatters_cache[
                                        ev_obj.SourceName] = dllHandle
                                    break

                            if not message:
                                self._formatters_cache[
                                    ev_obj.SourceName] = None
                                message = '\n'.join(ev_obj.StringInserts)

                        except WindowsError:
                            self._formatters_cache[ev_obj.SourceName] = None

                    elif ev_obj.SourceName in BLACKLIST or not self._formatters_cache[
                            ev_obj.SourceName]:
                        message = '\n'.join(ev_obj.StringInserts)
                    else:
                        try:
                            message = FormatMessageW(
                                FORMAT_MESSAGE_FROM_HMODULE,
                                self._formatters_cache[ev_obj.SourceName],
                                ev_obj.EventID, LANGID, ev_obj.StringInserts)

                        except error:
                            message = '\n'.join(ev_obj.StringInserts)

                    user = ''

                    if ev_obj.Sid is not None:
                        try:
                            domain, domain_user, _ = LookupAccountSid(
                                server, ev_obj.Sid)
                            user = u'{}\\{}'.format(domain, domain_user)
                        except error:
                            user = str(ev_obj.Sid)

                    if not message:
                        continue

                    yield {
                        'id':
                        int(winerror.HRESULT_CODE(ev_obj.EventID)),
                        'record':
                        ev_obj.RecordNumber,
                        'date':
                        int(ev_obj.TimeGenerated),
                        'computer':
                        ev_obj.ComputerName,
                        'category':
                        ev_obj.EventCategory,
                        'msg':
                        message,
                        'source':
                        ev_obj.SourceName,
                        'type':
                        EventLog.event_types.get(ev_obj.EventType, 'UNKNOWN'),
                        'user':
                        user
                    }
        except GeneratorExit:
            pass

        finally:
            for source in self._formatters_cache.keys():
                if self._formatters_cache[source]:
                    FreeLibrary(self._formatters_cache[source])
                del self._formatters_cache[source]

            CloseEventLog(log)