def delete(name, purge=False, force=False):
'''
Remove a user from the minion
:param str name:
The name of the user to delete
:param bool purge:
Boolean value indicating that the user profile should also be removed when
the user account is deleted. If set to True the profile will be removed.
:param bool force:
Boolean value indicating that the user account should be deleted even if the
user is logged in. True will log the user out and delete user.
:return:
True if successful
:rtype: bool
CLI Example:
.. code-block:: bash
salt '*' user.delete name
'''
# Check if the user exists
try:
user_info = win32net.NetUserGetInfo(None, name, 4)
except win32net.error as exc:
(number, context, message) = exc
log.error('User not found: {0}'.format(name))
log.error('nbr: {0}'.format(number))
log.error('ctx: {0}'.format(context))
log.error('msg: {0}'.format(message))
return False
# Check if the user is logged in
# Return a list of logged in users
try:
sess_list = win32ts.WTSEnumerateSessions()
except win32ts.error as exc:
(number, context, message) = exc
log.error('No logged in users found')
log.error('nbr: {0}'.format(number))
log.error('ctx: {0}'.format(context))
log.error('msg: {0}'.format(message))
# Is the user one that is logged in
logged_in = False
session_id = None
for sess in sess_list:
if win32ts.WTSQuerySessionInformation(None, sess['SessionId'],
win32ts.WTSUserName) == name:
session_id = sess['SessionId']
logged_in = True
# If logged in and set to force, log the user out and continue
# If logged in and not set to force, return false
if logged_in:
if force:
try:
win32ts.WTSLogoffSession(win32ts.WTS_CURRENT_SERVER_HANDLE,
session_id, True)
except win32ts.error as exc:
(number, context, message) = exc
log.error('User not found: {0}'.format(name))
log.error('nbr: {0}'.format(number))
log.error('ctx: {0}'.format(context))
log.error('msg: {0}'.format(message))
return False
else:
log.error('User {0} is currently logged in.'.format(name))
return False
# Remove the User Profile directory
if purge:
try:
sid = getUserSid(name)
win32profile.DeleteProfile(sid)
except pywintypes.error as exc:
(number, context, message) = exc
if number == 2: # Profile Folder Not Found
pass
else:
log.error('Failed to remove profile for {0}'.format(name))
log.error('nbr: {0}'.format(number))
log.error('ctx: {0}'.format(context))
log.error('msg: {0}'.format(message))
return False
# And finally remove the user account
try:
win32net.NetUserDel(None, name)
except win32net.error as exc:
(number, context, message) = exc
log.error('Failed to delete user {0}'.format(name))
log.error('nbr: {0}'.format(number))
log.error('ctx: {0}'.format(context))
log.error('msg: {0}'.format(message))
return False
return True
def get_active_user_token():
# Figure out the active user token we need to use to run the app as
ret = None
# Get the current user name
user_name = win32api.GetUserName()
if user_name != "SYSTEM":
# Running as a logged in user, get the current users token
current_process = win32process.GetCurrentProcess()
token = win32security.OpenProcessToken(current_process,
win32con.MAXIMUM_ALLOWED)
# win32con.TOKEN_ADJUST_PRIVILEGES | win32con.TOKEN_QUERY) #
ret = token
return ret
#if user_name == "SYSTEM":
# p("}}gnStarted by SYSTEM user (OPEService) - trying to switch user identity}}xx")
# Get a list of Terminal Service sessions and see which one is active
active_session = UserAccounts.WTS_INVALID_SESSION_ID
station_name = ""
sessions = win32ts.WTSEnumerateSessions(None, 1, 0)
for session in sessions:
if session['State'] == UserAccounts.WTSActive:
# Found the active session
active_session = session['SessionId']
station_name = session["WinStationName"]
# If we didn't find one, try this way
if active_session == UserAccounts.WTS_INVALID_SESSION_ID:
active_session = win32ts.WTSGetActiveConsoleSessionId()
if active_session == UserAccounts.WTS_INVALID_SESSION_ID:
# User not logged in right now? or lock screen up?
p("}}gnNo console user or desktop locked}}xx", log_level=1)
return ret
# Get the current console session
#p("Got Console: " + str(active_session), debug_level=5)
# Login to the terminal service to get the user token for the console id so we can impersonate it
try:
#svr = win32ts.WTSOpenServer(".")
#win32ts.WTSCloseServer(svr)
user_token = win32ts.WTSQueryUserToken(active_session)
# Copy the token so we can modify it
user_token_copy = win32security.DuplicateTokenEx(
user_token, win32security.SecurityImpersonation,
win32security.TOKEN_ALL_ACCESS, win32security.TokenPrimary)
ret = user_token_copy
user_token.close()
except Exception as ex:
p("}}rnUnknown Error - trying to get WTS UserToken\n" + str(ex) +
"}}xx",
debug_level=1)
return ret
#p("User Token Found " + str(user_token_copy), debug_level=5)
return ret
def list_sessions(logged_in_users_only=False):
"""
List information about the sessions.
.. versionadded:: 2016.11.0
:param logged_in_users_only: If True, only return sessions with users logged in.
:return: A list containing dictionaries of session information.
CLI Example:
.. code-block:: bash
salt '*' rdp.list_sessions
"""
ret = list()
server = win32ts.WTS_CURRENT_SERVER_HANDLE
protocols = {
win32ts.WTS_PROTOCOL_TYPE_CONSOLE: "console",
win32ts.WTS_PROTOCOL_TYPE_ICA: "citrix",
win32ts.WTS_PROTOCOL_TYPE_RDP: "rdp",
}
statuses = {
win32ts.WTSActive: "active",
win32ts.WTSConnected: "connected",
win32ts.WTSConnectQuery: "connect_query",
win32ts.WTSShadow: "shadow",
win32ts.WTSDisconnected: "disconnected",
win32ts.WTSIdle: "idle",
win32ts.WTSListen: "listen",
win32ts.WTSReset: "reset",
win32ts.WTSDown: "down",
win32ts.WTSInit: "init",
}
for session in win32ts.WTSEnumerateSessions(server):
user = (win32ts.WTSQuerySessionInformation(
server, session["SessionId"], win32ts.WTSUserName) or None)
protocol_id = win32ts.WTSQuerySessionInformation(
server, session["SessionId"], win32ts.WTSClientProtocolType)
status_id = win32ts.WTSQuerySessionInformation(server,
session["SessionId"],
win32ts.WTSConnectState)
protocol = protocols.get(protocol_id, "unknown")
connection_status = statuses.get(status_id, "unknown")
station = session["WinStationName"] or "Disconnected"
connection_info = {
"connection_status": connection_status,
"protocol": protocol,
"session_id": session["SessionId"],
"station": station,
"user": user,
}
if logged_in_users_only:
if user:
ret.append(connection_info)
else:
ret.append(connection_info)
if not ret:
_LOG.warning("No sessions found.")
return sorted(ret, key=lambda k: k["session_id"])
def GetActiveSessionId():
for session in win32ts.WTSEnumerateSessions():
if session['State'] == win32ts.WTSActive:
return session['SessionId']
return win32ts.WTSGetActiveConsoleSessionId()
def delete(name, purge=False, force=False):
"""
Remove a user from the minion
Args:
name (str): The name of the user to delete
purge (bool, optional): Boolean value indicating that the user profile
should also be removed when the user account is deleted. If set to
True the profile will be removed. Default is False.
force (bool, optional): Boolean value indicating that the user account
should be deleted even if the user is logged in. True will log the
user out and delete user.
Returns:
bool: True if successful, otherwise False
CLI Example:
.. code-block:: bash
salt '*' user.delete name
"""
if six.PY2:
name = _to_unicode(name)
# Check if the user exists
try:
user_info = win32net.NetUserGetInfo(None, name, 4)
except win32net.error as exc:
log.error("User not found: %s", name)
log.error("nbr: %s", exc.winerror)
log.error("ctx: %s", exc.funcname)
log.error("msg: %s", exc.strerror)
return False
# Check if the user is logged in
# Return a list of logged in users
try:
sess_list = win32ts.WTSEnumerateSessions()
except win32ts.error as exc:
log.error("No logged in users found")
log.error("nbr: %s", exc.winerror)
log.error("ctx: %s", exc.funcname)
log.error("msg: %s", exc.strerror)
# Is the user one that is logged in
logged_in = False
session_id = None
for sess in sess_list:
if (
win32ts.WTSQuerySessionInformation(
None, sess["SessionId"], win32ts.WTSUserName
)
== name
):
session_id = sess["SessionId"]
logged_in = True
# If logged in and set to force, log the user out and continue
# If logged in and not set to force, return false
if logged_in:
if force:
try:
win32ts.WTSLogoffSession(
win32ts.WTS_CURRENT_SERVER_HANDLE, session_id, True
)
except win32ts.error as exc:
log.error("User not found: %s", name)
log.error("nbr: %s", exc.winerror)
log.error("ctx: %s", exc.funcname)
log.error("msg: %s", exc.strerror)
return False
else:
log.error("User %s is currently logged in.", name)
return False
# Remove the User Profile directory
if purge:
try:
sid = getUserSid(name)
win32profile.DeleteProfile(sid)
except pywintypes.error as exc:
(number, context, message) = exc.args
if number == 2: # Profile Folder Not Found
pass
else:
log.error("Failed to remove profile for %s", name)
log.error("nbr: %s", exc.winerror)
log.error("ctx: %s", exc.funcname)
log.error("msg: %s", exc.strerror)
return False
# And finally remove the user account
try:
win32net.NetUserDel(None, name)
except win32net.error as exc:
log.error("Failed to delete user %s", name)
log.error("nbr: %s", exc.winerror)
log.error("ctx: %s", exc.funcname)
log.error("msg: %s", exc.strerror)
return False
return True
""" Finds any disconnected terminal service sessions and logs them off"""
import win32ts
import pywintypes
import winerror
sessions=win32ts.WTSEnumerateSessions(win32ts.WTS_CURRENT_SERVER_HANDLE)
for session in sessions:
"""
WTS_CONNECTSTATE_CLASS: WTSActive,WTSConnected,WTSConnectQuery,WTSShadow,WTSDisconnected,
WTSIdle,WTSListen,WTSReset,WTSDown,WTSInit
"""
if session['State']==win32ts.WTSDisconnected:
sessionid=session['SessionId']
username=win32ts.WTSQuerySessionInformation(win32ts.WTS_CURRENT_SERVER_HANDLE, sessionid, win32ts.WTSUserName)
print('Logging off disconnected user:'******'t kill that session:", e.strerror)
else:
raise
def dump_nt_objects(self):
#
# Windows stations and Desktops - TODO make is more OO: objects for windowstations and desktops.
#
win32con.WINSTA_ALL_ACCESS = 0x0000037f
print()
print("[-] Sessions")
print()
for session in win32ts.WTSEnumerateSessions(
win32ts.WTS_CURRENT_SERVER_HANDLE, 1, 0):
print("SessionId: %s" % session['SessionId'])
print("\tWinStationName: %s" % session['WinStationName'])
print("\tState: %s" % session['State'])
print()
session = win32ts.ProcessIdToSessionId(
win32process.GetCurrentProcessId())
print()
print("[-] Winstations in session %s" % session)
print()
for w in win32service.EnumWindowStations():
print("winstation: %s" % w)
print()
for w in win32service.EnumWindowStations():
print()
print("[-] Session %s, Winstation '%s'" % (session, w))
print()
# Get SD
try:
h = 0
h = win32service.OpenWindowStation(w, False,
win32con.READ_CONTROL)
s = win32security.GetKernelObjectSecurity(
h, win32security.OWNER_SECURITY_INFORMATION
| win32security.GROUP_SECURITY_INFORMATION
| win32security.DACL_SECURITY_INFORMATION)
s = SD('winstation', s)
print(s.as_text())
except pywintypes.error as details:
print("[E] Can't get READ_CONTROL winstation handle: %s" %
details)
# Get Desktops
h = 0
try:
h = win32service.OpenWindowStation(
w, False, win32con.WINSTA_ENUMDESKTOPS)
print("[-] Session %s, Winstation '%s' has these desktops:" %
(session, w))
for d in h.EnumDesktops():
print("\t%s" % d)
print()
except pywintypes.error as details:
print(
"[E] Can't get WINSTA_ENUMDESKTOPS winstation handle: %s" %
details)
if h:
h.SetProcessWindowStation()
for d in h.EnumDesktops():
print("[-] Session %s, Winstation '%s', Desktop '%s'" %
(session, w, d))
try:
hd = win32service.OpenDesktop(d, 0, False,
win32con.READ_CONTROL)
s = win32security.GetKernelObjectSecurity(
hd, win32security.OWNER_SECURITY_INFORMATION
| win32security.GROUP_SECURITY_INFORMATION
| win32security.DACL_SECURITY_INFORMATION)
s = SD('desktop', s)
print(s.as_text())
except pywintypes.error as details:
print("[E] Can't get READ_CONTROL desktop handle: %s" %
details)
print()
#
# Objects
#
print()
print("[-] Objects")
print()
root = NTObj("\\")
for child in root.get_all_child_objects():
print(child.as_text())
if (child.get_type() == "Semaphore" or child.get_type() == "Event"
or child.get_type() == "Mutant" or child.get_type()
== "Timer" or child.get_type() == "Section"
or child.get_type() == "Device" or child.get_type()
== "SymbolicLink" or child.get_type() == "Key"
or child.get_type() == "Directory") and child.get_sd():
print(child.get_sd().as_text())
else:
print("Skipping unknown object type: %s" % child.get_type())
print()
