Example #1
0
 def CreatePipeSecurityObject(self):
     TOKEN_QUERY = 0x8
     cur_proc = GetCurrentProcess()
     log("CreatePipeSecurityObject() GetCurrentProcess()=%#x", cur_proc)
     process = HANDLE()
     if OpenProcessToken(HANDLE(cur_proc), TOKEN_QUERY,
                         ctypes.byref(process)) == 0:
         raise WindowsError()
     log("CreatePipeSecurityObject() process=%s", process.value)
     data_size = DWORD()
     GetTokenInformation(process, TOKEN_QUERY, 0, 0,
                         ctypes.byref(data_size))
     log("CreatePipeSecurityObject() GetTokenInformation data size%s",
         data_size.value)
     data = ctypes.create_string_buffer(data_size.value)
     if GetTokenInformation(process, TOKEN_QUERY, ctypes.byref(data),
                            ctypes.sizeof(data),
                            ctypes.byref(data_size)) == 0:
         raise WindowsError()
     user = ctypes.cast(data, ctypes.POINTER(TOKEN_USER)).contents
     log("CreatePipeSecurityObject() user: SID=%s, attributes=%#x",
         user.SID, user.ATTRIBUTES)
     SD = SECURITY_DESCRIPTOR()
     InitializeSecurityDescriptor(ctypes.byref(SD),
                                  SECURITY_DESCRIPTOR.REVISION)
     SetSecurityDescriptorOwner(ctypes.byref(SD), user.SID, 0)
     SA = SECURITY_ATTRIBUTES()
     SA.descriptor = SD
     SA.bInheritHandle = False
     return SA
Example #2
0
 def CreateUnrestrictedPipeSecurityObject(self):
     SD = SECURITY_DESCRIPTOR()
     InitializeSecurityDescriptor(ctypes.byref(SD), SECURITY_DESCRIPTOR.REVISION)
     if SetSecurityDescriptorDacl(ctypes.byref(SD), True, None, False)==0:
         raise WindowsError()
     SA = SECURITY_ATTRIBUTES()
     SA.descriptor = SD
     SA.bInheritHandle = False
     return SA
Example #3
0
    def CreatePipeSecurityAttributes(self):
        user = self.GetToken(TokenUser, TOKEN_USER)
        user_SID = user.SID.contents
        log("user SID=%s, attributes=%#x", user_SID, user.ATTRIBUTES)

        group = self.GetToken(TokenPrimaryGroup, TOKEN_PRIMARY_GROUP)
        group_SID = group.PrimaryGroup.contents
        log("group SID=%s", group_SID)

        SD = SECURITY_DESCRIPTOR()
        self.security_descriptor = SD
        log("SECURITY_DESCRIPTOR=%s", SD)
        if not InitializeSecurityDescriptor(byref(SD),
                                            SECURITY_DESCRIPTOR.REVISION):
            raise WindowsError()  #@UndefinedVariable
        log("InitializeSecurityDescriptor: %s", SD)
        if not SetSecurityDescriptorOwner(byref(SD), user.SID, False):
            raise WindowsError()  #@UndefinedVariable
        log("SetSecurityDescriptorOwner: %s", SD)
        if not SetSecurityDescriptorGroup(byref(SD), group.PrimaryGroup,
                                          False):
            raise WindowsError()  #@UndefinedVariable
        log("SetSecurityDescriptorGroup: %s", SD)
        SA = SECURITY_ATTRIBUTES()
        log("CreatePipeSecurityObject() SECURITY_ATTRIBUTES=%s", SA)
        if not UNRESTRICTED:
            SA.descriptor = SD
            SA.bInheritHandle = False
            return SA
        if not SetSecurityDescriptorSacl(byref(SD), False, None, False):
            raise WindowsError()  #@UndefinedVariable
        if not SetSecurityDescriptorDacl(byref(SD), True, None, False):
            raise WindowsError()  #@UndefinedVariable
        #this doesn't work - and I don't know why:
        #SECURITY_NT_AUTHORITY = 5
        #sia_anonymous = SID_IDENTIFIER_AUTHORITY((0, 0, 0, 0, 0, SECURITY_NT_AUTHORITY))
        #log("SID_IDENTIFIER_AUTHORITY(SECURITY_NT_AUTHORITY)=%s", sia_anonymous)
        #sid_allow = SID()
        #log("empty SID: %s", sid_allow)
        #if not AllocateAndInitializeSid(byref(sia_anonymous), 1,
        #                         SECURITY_ANONYMOUS_LOGON_RID, 0, 0, 0, 0, 0, 0, 0,
        #                         byref(sid_allow),
        #                         ):
        #    raise WindowsError()
        #    log("AllocateAndInitializeSid(..) sid_anonymous=%s", sid_allow)
        sid_allow = SID()
        sid_size = DWORD(sizeof(SID))
        sid_type = WinWorldSid
        SECURITY_MAX_SID_SIZE = 68
        assert sizeof(SID) >= SECURITY_MAX_SID_SIZE
        if not CreateWellKnownSid(sid_type, None, byref(sid_allow),
                                  byref(sid_size)):
            log.error("error=%s", GetLastError())
            raise WindowsError()  #@UndefinedVariable
        assert sid_size.value <= SECURITY_MAX_SID_SIZE
        log("CreateWellKnownSid(..) sid_allow=%s, sid_size=%s", sid_allow,
            sid_size)

        acl_size = sizeof(ACL)
        acl_size += 2 * (sizeof(ACCESS_ALLOWED_ACE) - sizeof(DWORD))
        acl_size += GetLengthSid(byref(sid_allow))
        acl_size += GetLengthSid(byref(user.SID.contents))
        #acl_size += GetLengthSid(user.SID)
        acl_data = create_string_buffer(acl_size)
        acl = cast(acl_data, POINTER(ACL)).contents
        log("acl_size=%s, acl_data=%s, acl=%s", acl_size, acl_data, acl)
        if not InitializeAcl(byref(acl), acl_size, ACL_REVISION):
            raise WindowsError()  #@UndefinedVariable
        log("InitializeAcl(..) acl=%s", acl)

        rights = STANDARD_RIGHTS_ALL | SPECIFIC_RIGHTS_ALL
        add_sid = user.SID
        r = AddAccessAllowedAce(byref(acl), ACL_REVISION, rights, add_sid)
        if r == 0:
            err = GetLastError()
            log("AddAccessAllowedAce(..)=%s", ACL_ERRORS.get(err, err))
            raise WindowsError()  #@UndefinedVariable

        rights = STANDARD_RIGHTS_ALL | SPECIFIC_RIGHTS_ALL
        add_sid = byref(sid_allow)
        r = AddAccessAllowedAce(byref(acl), ACL_REVISION, rights, add_sid)
        if r == 0:
            err = GetLastError()
            log("AddAccessAllowedAce(..)=%s", ACL_ERRORS.get(err, err))
            raise WindowsError()  #@UndefinedVariable
        if not SetSecurityDescriptorDacl(byref(SD), True, byref(acl), False):
            raise WindowsError()  #@UndefinedVariable
        SA.nLength = sizeof(SECURITY_ATTRIBUTES)
        SA.lpSecurityDescriptor = cast(pointer(SD), c_void_p)
        SA.bInheritHandle = True
        self.security_attributes = SA
        return SA