def add_account_to_group(account, group, domain_name): disting = domain_name_to_disting(domain_name) ad_account = find(account, disting) groupDomain = disting groupDomainDist = disting ad_group = None if (group.find("\\") != -1): groupDomain, group = group.split("\\") gd = groupDomain.upper() if gd == 'NT AUTHORITY' or gd == 'BUILTIN': ad_group = com_client.GetObject("LDAP://CN=%s,CN=Builtin,%s" % (group, disting)) else: groupDomainDist = domain_name_to_disting(groupDomain) if not ad_group: ad_group = find(group, groupDomainDist) if (not ad_group.IsMember(ad_account.ADsPath)): try: ad_group.Add(ad_account.ADsPath) except: u_sid = win32security.SID(ad_account.objectSid) ad_group.Add("LDAP://%s/<SID=%s>" % (groupDomain, str(u_sid)[6:])) ad_group.SetInfo()
def is_win32user_an_admin(): WHO_AM_I = "C:\\WINDOWS\\System32\\whoami.exe" if not os.path.exists(WHO_AM_I): import win32security import ntsecuritycon subAuths = ntsecuritycon.SECURITY_BUILTIN_DOMAIN_RID, \ ntsecuritycon.DOMAIN_ALIAS_RID_ADMINS sidAdmins = win32security.SID(ntsecuritycon.SECURITY_NT_AUTHORITY, subAuths) return win32security.CheckTokenMembership(None, sidAdmins) else: import subprocess p = subprocess.Popen([WHO_AM_I, "/GROUPS", "/SID"], stdout=subprocess.PIPE, stderr=subprocess.PIPE) if p.wait() != 0: p = subprocess.Popen([WHO_AM_I, "/GROUPS"], stdout=subprocess.PIPE, stderr=subprocess.PIPE) if p.wait() != 0: return False for line in p.stdout.readlines(): if "S-1-5-32-544 " in line or "S-1-5-32-544\r\n" in line: return True return False
def AddUserToGroup(server_u, user, server_g, group): g = com_client.GetObject("LDAP://CN=%s,CN=Users,%s" % (group, GetDomainDN(server_g))) u = com_client.GetObject("LDAP://CN=%s,CN=Users,%s" % (user, GetDomainDN(server_u))) u_sid = win32security.SID(u.objectSid) try: g.Add("LDAP://%s/<SID=%s>" % (server_u, str(u_sid)[6:])) g.SetInfo() except: pass
def CreateUserSecurityDescriptor(userName): sidUser = win32security.LookupAccountName(serverName, userName)[0] sd = win32security.SECURITY_DESCRIPTOR() # Create the "well known" SID for the administrators group subAuths = ntsecuritycon.SECURITY_BUILTIN_DOMAIN_RID, \ ntsecuritycon.DOMAIN_ALIAS_RID_ADMINS sidAdmins = win32security.SID(ntsecuritycon.SECURITY_NT_AUTHORITY, subAuths) # Now set the ACL, giving user and admin full access. acl = win32security.ACL(128) acl.AddAccessAllowedAce(win32file.FILE_ALL_ACCESS, sidUser) acl.AddAccessAllowedAce(win32file.FILE_ALL_ACCESS, sidAdmins) sd.SetSecurityDescriptorDacl(1, acl, 0) return sd
def convert_to_sid(item): if item is None: return None return win32security.SID(item)
def create_named_pipe(pipename, openMode=None, pipeMode=None, nMaxInstances=None, nOutBufferSize=None, nInBufferSize=None, nDefaultTimeOut=None, saAttr=-1): # Default values if parameters are not passed if openMode is None: openMode = win32con.PIPE_ACCESS_DUPLEX | win32con.FILE_FLAG_OVERLAPPED if pipeMode is None: pipeMode = (win32con.PIPE_TYPE_MESSAGE | win32con.PIPE_READMODE_BYTE | win32con.PIPE_WAIT) if nMaxInstances is None: nMaxInstances = 64 if nOutBufferSize is None: nOutBufferSize = 65000 if nInBufferSize is None: nInBufferSize = 65000 if nDefaultTimeOut is None: nDefaultTimeOut = 0 if saAttr == -1: # saAttr can be None saAttr = win32security.SECURITY_ATTRIBUTES() # The identifier authority. sia = ntsecuritycon.SECURITY_NT_AUTHORITY # Initialize the SID. remoteAccessSid = win32security.SID() remoteAccessSid.Initialize( sia, # The identifier authority. 1) # The number of sub authorities to allocate. # Disable access over network. remoteAccessSid.SetSubAuthority( 0, # The index of the sub authority to set ntsecuritycon.SECURITY_NETWORK_RID) allowedPsids = [] # Allow Windows Services to access the Named Pipe. allowedPsid_0 = win32security.SID() allowedPsid_0.Initialize( sia, # The identifier authority. 1) # The number of sub authorities to allocate. allowedPsid_0.SetSubAuthority( 0, # The index of the sub authority to set ntsecuritycon.SECURITY_LOCAL_SYSTEM_RID) # Allow Administrators to access the Named Pipe. allowedPsid_1 = win32security.SID() allowedPsid_1.Initialize( sia, # The identifier authority. 2) # The number of sub authorities to allocate. allowedPsid_1.SetSubAuthority( 0, # The index of the sub authority to set ntsecuritycon.SECURITY_BUILTIN_DOMAIN_RID) allowedPsid_1.SetSubAuthority( 1, # The index of the sub authority to set ntsecuritycon.DOMAIN_ALIAS_RID_ADMINS) allowedPsids.append(allowedPsid_0) allowedPsids.append(allowedPsid_1) # Initialize an ACL. acl = win32security.ACL() acl.Initialize() # Add denied ACL. acl.AddAccessDeniedAce(win32security.ACL_REVISION, ntsecuritycon.GENERIC_ALL, remoteAccessSid) # Add allowed ACLs. for allowedPsid in allowedPsids: acl.AddAccessAllowedAce(win32security.ACL_REVISION, ntsecuritycon.GENERIC_ALL, allowedPsid) # Initialize an SD. sd = win32security.SECURITY_DESCRIPTOR() sd.Initialize() # Set DACL. sd.SetSecurityDescriptorDacl(True, acl, False) saAttr.bInheritHandle = 1 saAttr.SECURITY_DESCRIPTOR = sd try: npipe = win32pipe.CreateNamedPipe(pipename, openMode, pipeMode, nMaxInstances, nOutBufferSize, nInBufferSize, nDefaultTimeOut, saAttr) if npipe == win32file.INVALID_HANDLE_VALUE: return None return npipe except pywintypes.error: return None
def to_sid(item): """Return a PySID from binary data""" if item is None: return None # return win32security.SID(bytes(item))