def delete(name, purge=False, force=False): ''' Remove a user from the minion :param str name: The name of the user to delete :param bool purge: Boolean value indicating that the user profile should also be removed when the user account is deleted. If set to True the profile will be removed. :param bool force: Boolean value indicating that the user account should be deleted even if the user is logged in. True will log the user out and delete user. :return: True if successful :rtype: bool CLI Example: .. code-block:: bash salt '*' user.delete name ''' # Check if the user exists try: user_info = win32net.NetUserGetInfo(None, name, 4) except win32net.error as exc: (number, context, message) = exc log.error('User not found: {0}'.format(name)) log.error('nbr: {0}'.format(number)) log.error('ctx: {0}'.format(context)) log.error('msg: {0}'.format(message)) return False # Check if the user is logged in # Return a list of logged in users try: sess_list = win32ts.WTSEnumerateSessions() except win32ts.error as exc: (number, context, message) = exc log.error('No logged in users found') log.error('nbr: {0}'.format(number)) log.error('ctx: {0}'.format(context)) log.error('msg: {0}'.format(message)) # Is the user one that is logged in logged_in = False session_id = None for sess in sess_list: if win32ts.WTSQuerySessionInformation(None, sess['SessionId'], win32ts.WTSUserName) == name: session_id = sess['SessionId'] logged_in = True # If logged in and set to force, log the user out and continue # If logged in and not set to force, return false if logged_in: if force: try: win32ts.WTSLogoffSession(win32ts.WTS_CURRENT_SERVER_HANDLE, session_id, True) except win32ts.error as exc: (number, context, message) = exc log.error('User not found: {0}'.format(name)) log.error('nbr: {0}'.format(number)) log.error('ctx: {0}'.format(context)) log.error('msg: {0}'.format(message)) return False else: log.error('User {0} is currently logged in.'.format(name)) return False # Remove the User Profile directory if purge: try: sid = getUserSid(name) win32profile.DeleteProfile(sid) except pywintypes.error as exc: (number, context, message) = exc if number == 2: # Profile Folder Not Found pass else: log.error('Failed to remove profile for {0}'.format(name)) log.error('nbr: {0}'.format(number)) log.error('ctx: {0}'.format(context)) log.error('msg: {0}'.format(message)) return False # And finally remove the user account try: win32net.NetUserDel(None, name) except win32net.error as exc: (number, context, message) = exc log.error('Failed to delete user {0}'.format(name)) log.error('nbr: {0}'.format(number)) log.error('ctx: {0}'.format(context)) log.error('msg: {0}'.format(message)) return False return True
def get_active_user_token(): # Figure out the active user token we need to use to run the app as ret = None # Get the current user name user_name = win32api.GetUserName() if user_name != "SYSTEM": # Running as a logged in user, get the current users token current_process = win32process.GetCurrentProcess() token = win32security.OpenProcessToken(current_process, win32con.MAXIMUM_ALLOWED) # win32con.TOKEN_ADJUST_PRIVILEGES | win32con.TOKEN_QUERY) # ret = token return ret #if user_name == "SYSTEM": # p("}}gnStarted by SYSTEM user (OPEService) - trying to switch user identity}}xx") # Get a list of Terminal Service sessions and see which one is active active_session = UserAccounts.WTS_INVALID_SESSION_ID station_name = "" sessions = win32ts.WTSEnumerateSessions(None, 1, 0) for session in sessions: if session['State'] == UserAccounts.WTSActive: # Found the active session active_session = session['SessionId'] station_name = session["WinStationName"] # If we didn't find one, try this way if active_session == UserAccounts.WTS_INVALID_SESSION_ID: active_session = win32ts.WTSGetActiveConsoleSessionId() if active_session == UserAccounts.WTS_INVALID_SESSION_ID: # User not logged in right now? or lock screen up? p("}}gnNo console user or desktop locked}}xx", log_level=1) return ret # Get the current console session #p("Got Console: " + str(active_session), debug_level=5) # Login to the terminal service to get the user token for the console id so we can impersonate it try: #svr = win32ts.WTSOpenServer(".") #win32ts.WTSCloseServer(svr) user_token = win32ts.WTSQueryUserToken(active_session) # Copy the token so we can modify it user_token_copy = win32security.DuplicateTokenEx( user_token, win32security.SecurityImpersonation, win32security.TOKEN_ALL_ACCESS, win32security.TokenPrimary) ret = user_token_copy user_token.close() except Exception as ex: p("}}rnUnknown Error - trying to get WTS UserToken\n" + str(ex) + "}}xx", debug_level=1) return ret #p("User Token Found " + str(user_token_copy), debug_level=5) return ret
def list_sessions(logged_in_users_only=False): """ List information about the sessions. .. versionadded:: 2016.11.0 :param logged_in_users_only: If True, only return sessions with users logged in. :return: A list containing dictionaries of session information. CLI Example: .. code-block:: bash salt '*' rdp.list_sessions """ ret = list() server = win32ts.WTS_CURRENT_SERVER_HANDLE protocols = { win32ts.WTS_PROTOCOL_TYPE_CONSOLE: "console", win32ts.WTS_PROTOCOL_TYPE_ICA: "citrix", win32ts.WTS_PROTOCOL_TYPE_RDP: "rdp", } statuses = { win32ts.WTSActive: "active", win32ts.WTSConnected: "connected", win32ts.WTSConnectQuery: "connect_query", win32ts.WTSShadow: "shadow", win32ts.WTSDisconnected: "disconnected", win32ts.WTSIdle: "idle", win32ts.WTSListen: "listen", win32ts.WTSReset: "reset", win32ts.WTSDown: "down", win32ts.WTSInit: "init", } for session in win32ts.WTSEnumerateSessions(server): user = (win32ts.WTSQuerySessionInformation( server, session["SessionId"], win32ts.WTSUserName) or None) protocol_id = win32ts.WTSQuerySessionInformation( server, session["SessionId"], win32ts.WTSClientProtocolType) status_id = win32ts.WTSQuerySessionInformation(server, session["SessionId"], win32ts.WTSConnectState) protocol = protocols.get(protocol_id, "unknown") connection_status = statuses.get(status_id, "unknown") station = session["WinStationName"] or "Disconnected" connection_info = { "connection_status": connection_status, "protocol": protocol, "session_id": session["SessionId"], "station": station, "user": user, } if logged_in_users_only: if user: ret.append(connection_info) else: ret.append(connection_info) if not ret: _LOG.warning("No sessions found.") return sorted(ret, key=lambda k: k["session_id"])
def GetActiveSessionId(): for session in win32ts.WTSEnumerateSessions(): if session['State'] == win32ts.WTSActive: return session['SessionId'] return win32ts.WTSGetActiveConsoleSessionId()
def delete(name, purge=False, force=False): """ Remove a user from the minion Args: name (str): The name of the user to delete purge (bool, optional): Boolean value indicating that the user profile should also be removed when the user account is deleted. If set to True the profile will be removed. Default is False. force (bool, optional): Boolean value indicating that the user account should be deleted even if the user is logged in. True will log the user out and delete user. Returns: bool: True if successful, otherwise False CLI Example: .. code-block:: bash salt '*' user.delete name """ if six.PY2: name = _to_unicode(name) # Check if the user exists try: user_info = win32net.NetUserGetInfo(None, name, 4) except win32net.error as exc: log.error("User not found: %s", name) log.error("nbr: %s", exc.winerror) log.error("ctx: %s", exc.funcname) log.error("msg: %s", exc.strerror) return False # Check if the user is logged in # Return a list of logged in users try: sess_list = win32ts.WTSEnumerateSessions() except win32ts.error as exc: log.error("No logged in users found") log.error("nbr: %s", exc.winerror) log.error("ctx: %s", exc.funcname) log.error("msg: %s", exc.strerror) # Is the user one that is logged in logged_in = False session_id = None for sess in sess_list: if ( win32ts.WTSQuerySessionInformation( None, sess["SessionId"], win32ts.WTSUserName ) == name ): session_id = sess["SessionId"] logged_in = True # If logged in and set to force, log the user out and continue # If logged in and not set to force, return false if logged_in: if force: try: win32ts.WTSLogoffSession( win32ts.WTS_CURRENT_SERVER_HANDLE, session_id, True ) except win32ts.error as exc: log.error("User not found: %s", name) log.error("nbr: %s", exc.winerror) log.error("ctx: %s", exc.funcname) log.error("msg: %s", exc.strerror) return False else: log.error("User %s is currently logged in.", name) return False # Remove the User Profile directory if purge: try: sid = getUserSid(name) win32profile.DeleteProfile(sid) except pywintypes.error as exc: (number, context, message) = exc.args if number == 2: # Profile Folder Not Found pass else: log.error("Failed to remove profile for %s", name) log.error("nbr: %s", exc.winerror) log.error("ctx: %s", exc.funcname) log.error("msg: %s", exc.strerror) return False # And finally remove the user account try: win32net.NetUserDel(None, name) except win32net.error as exc: log.error("Failed to delete user %s", name) log.error("nbr: %s", exc.winerror) log.error("ctx: %s", exc.funcname) log.error("msg: %s", exc.strerror) return False return True
""" Finds any disconnected terminal service sessions and logs them off""" import win32ts import pywintypes import winerror sessions=win32ts.WTSEnumerateSessions(win32ts.WTS_CURRENT_SERVER_HANDLE) for session in sessions: """ WTS_CONNECTSTATE_CLASS: WTSActive,WTSConnected,WTSConnectQuery,WTSShadow,WTSDisconnected, WTSIdle,WTSListen,WTSReset,WTSDown,WTSInit """ if session['State']==win32ts.WTSDisconnected: sessionid=session['SessionId'] username=win32ts.WTSQuerySessionInformation(win32ts.WTS_CURRENT_SERVER_HANDLE, sessionid, win32ts.WTSUserName) print('Logging off disconnected user:'******'t kill that session:", e.strerror) else: raise
def dump_nt_objects(self): # # Windows stations and Desktops - TODO make is more OO: objects for windowstations and desktops. # win32con.WINSTA_ALL_ACCESS = 0x0000037f print() print("[-] Sessions") print() for session in win32ts.WTSEnumerateSessions( win32ts.WTS_CURRENT_SERVER_HANDLE, 1, 0): print("SessionId: %s" % session['SessionId']) print("\tWinStationName: %s" % session['WinStationName']) print("\tState: %s" % session['State']) print() session = win32ts.ProcessIdToSessionId( win32process.GetCurrentProcessId()) print() print("[-] Winstations in session %s" % session) print() for w in win32service.EnumWindowStations(): print("winstation: %s" % w) print() for w in win32service.EnumWindowStations(): print() print("[-] Session %s, Winstation '%s'" % (session, w)) print() # Get SD try: h = 0 h = win32service.OpenWindowStation(w, False, win32con.READ_CONTROL) s = win32security.GetKernelObjectSecurity( h, win32security.OWNER_SECURITY_INFORMATION | win32security.GROUP_SECURITY_INFORMATION | win32security.DACL_SECURITY_INFORMATION) s = SD('winstation', s) print(s.as_text()) except pywintypes.error as details: print("[E] Can't get READ_CONTROL winstation handle: %s" % details) # Get Desktops h = 0 try: h = win32service.OpenWindowStation( w, False, win32con.WINSTA_ENUMDESKTOPS) print("[-] Session %s, Winstation '%s' has these desktops:" % (session, w)) for d in h.EnumDesktops(): print("\t%s" % d) print() except pywintypes.error as details: print( "[E] Can't get WINSTA_ENUMDESKTOPS winstation handle: %s" % details) if h: h.SetProcessWindowStation() for d in h.EnumDesktops(): print("[-] Session %s, Winstation '%s', Desktop '%s'" % (session, w, d)) try: hd = win32service.OpenDesktop(d, 0, False, win32con.READ_CONTROL) s = win32security.GetKernelObjectSecurity( hd, win32security.OWNER_SECURITY_INFORMATION | win32security.GROUP_SECURITY_INFORMATION | win32security.DACL_SECURITY_INFORMATION) s = SD('desktop', s) print(s.as_text()) except pywintypes.error as details: print("[E] Can't get READ_CONTROL desktop handle: %s" % details) print() # # Objects # print() print("[-] Objects") print() root = NTObj("\\") for child in root.get_all_child_objects(): print(child.as_text()) if (child.get_type() == "Semaphore" or child.get_type() == "Event" or child.get_type() == "Mutant" or child.get_type() == "Timer" or child.get_type() == "Section" or child.get_type() == "Device" or child.get_type() == "SymbolicLink" or child.get_type() == "Key" or child.get_type() == "Directory") and child.get_sd(): print(child.get_sd().as_text()) else: print("Skipping unknown object type: %s" % child.get_type()) print()