Python SetUserObjectSecurity Exemples

Exemple #1

Fichier : gui_auth_service.py Projet : guozanhua/maestro

def updateACL(handle, acl):
    # Create a new security descriptor for handle and set its DACL.
    new_security_desc = win32security.SECURITY_DESCRIPTOR()
    new_security_desc.SetSecurityDescriptorDacl(True, acl, False)

    # Set the new security descriptor for winsta.
    win32security.SetUserObjectSecurity(handle,
                                        win32con.DACL_SECURITY_INFORMATION,
                                        new_security_desc)

Exemple #2

Fichier : win.py Projet : umutbb/hubble

def set_user_perm(obj, perm, sid):
    '''
    Set an object permission for the given user sid
    '''
    info = (win32security.OWNER_SECURITY_INFORMATION
            | win32security.GROUP_SECURITY_INFORMATION
            | win32security.DACL_SECURITY_INFORMATION)
    sd = win32security.GetUserObjectSecurity(obj, info)
    dacl = sd.GetSecurityDescriptorDacl()
    ace_cnt = dacl.GetAceCount()
    found = False
    for idx in range(0, ace_cnt):
        (aceType, aceFlags), ace_mask, ace_sid = dacl.GetAce(idx)
        ace_exists = (aceType == ntsecuritycon.ACCESS_ALLOWED_ACE_TYPE
                      and ace_mask == perm and ace_sid == sid)
        if ace_exists:
            # If the ace already exists, do nothing
            break
    else:
        dacl.AddAccessAllowedAce(dacl.GetAclRevision(), perm, sid)
        sd.SetSecurityDescriptorDacl(1, dacl, 0)
        win32security.SetUserObjectSecurity(obj, info, sd)

Exemple #3

Fichier : setuserobjectsecurity.py Projet : R0ckNRolla/byob

     win32security.DACL_SECURITY_INFORMATION|win32security.SACL_SECURITY_INFORMATION
info = win32security.OWNER_SECURITY_INFORMATION | win32security.GROUP_SECURITY_INFORMATION | win32security.DACL_SECURITY_INFORMATION

ph = win32process.GetCurrentProcess()
th = win32security.OpenProcessToken(
    ph, win32security.TOKEN_ALL_ACCESS)  ##win32con.TOKEN_ADJUST_PRIVILEGES)
win32security.AdjustTokenPrivileges(th, 0, new_privs)
my_sid = win32security.GetTokenInformation(th, win32security.TokenUser)[0]
pwr_sid = win32security.LookupAccountName('', 'Power Users')[0]

h = win32process.GetProcessWindowStation()
sd = win32security.GetUserObjectSecurity(h, info)
dacl = sd.GetSecurityDescriptorDacl()
ace_cnt = dacl.GetAceCount()

dacl.AddAccessAllowedAce(dacl.GetAclRevision(),
                         win32con.ACCESS_SYSTEM_SECURITY | win32con.WRITE_DAC,
                         my_sid)
sd.SetSecurityDescriptorDacl(1, dacl, 0)
sd.SetSecurityDescriptorGroup(pwr_sid, 0)
sd.SetSecurityDescriptorOwner(pwr_sid, 0)

win32security.SetUserObjectSecurity(h, info, sd)
new_sd = win32security.GetUserObjectSecurity(h, info)
assert new_sd.GetSecurityDescriptorDacl().GetAceCount(
) == ace_cnt + 1, 'Did not add an ace to the Dacl !!!!!!'
assert win32security.LookupAccountSid('', new_sd.GetSecurityDescriptorOwner(
))[0] == 'Power Users', 'Owner not successfully set to Power Users !!!!!'
assert win32security.LookupAccountSid('', new_sd.GetSecurityDescriptorGroup(
))[0] == 'Power Users', 'Group not successfully set to Power Users !!!!!'