def setup_sacl(user_group_sid): """ Without this setup, the single user server will likely fail with either Error 0x0000142 or ExitCode -1073741502. This sets up access for the given user to the WinSta (Window Station) and Desktop objects. """ # Set access rights to window station h_win_sta = win32service.OpenWindowStation( "winsta0", False, win32con.READ_CONTROL | win32con.WRITE_DAC) # Get security descriptor by winsta0-handle sec_desc_win_sta = win32security.GetUserObjectSecurity( h_win_sta, win32security.OWNER_SECURITY_INFORMATION | win32security.DACL_SECURITY_INFORMATION | win32con.GROUP_SECURITY_INFORMATION) # Get DACL from security descriptor dacl_win_sta = sec_desc_win_sta.GetSecurityDescriptorDacl() if dacl_win_sta is None: # Create DACL if not exisiting dacl_win_sta = win32security.ACL() # Add ACEs to DACL for specific user group dacl_win_sta.AddAccessAllowedAce(win32security.ACL_REVISION_DS, GENERIC_ACCESS, user_group_sid) dacl_win_sta.AddAccessAllowedAce(win32security.ACL_REVISION_DS, WINSTA_ALL, user_group_sid) # Set modified DACL for winsta0 win32security.SetSecurityInfo(h_win_sta, win32security.SE_WINDOW_OBJECT, win32security.DACL_SECURITY_INFORMATION, None, None, dacl_win_sta, None) # Set access rights to desktop h_desktop = win32service.OpenDesktop( "default", 0, False, win32con.READ_CONTROL | win32con.WRITE_DAC | win32con.DESKTOP_WRITEOBJECTS | win32con.DESKTOP_READOBJECTS) # Get security descriptor by desktop-handle sec_desc_desktop = win32security.GetUserObjectSecurity( h_desktop, win32security.OWNER_SECURITY_INFORMATION | win32security.DACL_SECURITY_INFORMATION | win32con.GROUP_SECURITY_INFORMATION) # Get DACL from security descriptor dacl_desktop = sec_desc_desktop.GetSecurityDescriptorDacl() if dacl_desktop is None: #create DACL if not exisiting dacl_desktop = win32security.ACL() # Add ACEs to DACL for specific user group dacl_desktop.AddAccessAllowedAce(win32security.ACL_REVISION_DS, GENERIC_ACCESS, user_group_sid) dacl_desktop.AddAccessAllowedAce(win32security.ACL_REVISION_DS, DESKTOP_ALL, user_group_sid) # Set modified DACL for desktop win32security.SetSecurityInfo(h_desktop, win32security.SE_WINDOW_OBJECT, win32security.DACL_SECURITY_INFORMATION, None, None, dacl_desktop, None)
def restore_access(path=r"software\winsys"): hKey = win32api.RegOpenKeyEx(win32con.HKEY_CURRENT_USER, path, 0, win32con.READ_CONTROL | win32con.WRITE_DAC) win32security.SetSecurityInfo( hKey, win32security.SE_REGISTRY_KEY, win32security.DACL_SECURITY_INFORMATION | win32security.UNPROTECTED_DACL_SECURITY_INFORMATION, None, None, None, None)
def _deny_access(fh): import win32security import ntsecuritycon as con user, _, _ = win32security.LookupAccountName("", win32api.GetUserName()) dacl = win32security.ACL() dacl.AddAccessDeniedAce(win32security.ACL_REVISION, con.FILE_GENERIC_READ | con.FILE_GENERIC_WRITE, user) win32security.SetSecurityInfo(fh, win32security.SE_FILE_OBJECT, win32security.DACL_SECURITY_INFORMATION, None, None, dacl, None)
def open_debug(self, dwProcessId): process = OpenProcess(262144, 0, dwProcessId) info = win32security.GetSecurityInfo(win32api.GetCurrentProcess(), 6, 0) win32security.SetSecurityInfo(process, 6, win32security.DACL_SECURITY_INFORMATION | win32security.UNPROTECTED_DACL_SECURITY_INFORMATION, None, None, info.GetSecurityDescriptorDacl(), info.GetSecurityDescriptorGroup()) CloseHandle(process) self.h_process = OpenProcess(2035711, 0, dwProcessId) if self.h_process: self.isProcessOpen = True self.process32 = self.process32_from_id(dwProcessId) return True return False
def tearDown (self): hKey = win32api.RegOpenKeyEx (win32con.HKEY_CURRENT_USER, r"Software\winsys", 0, win32con.READ_CONTROL|win32con.WRITE_DAC) dacl = win32security.ACL () sid, _, _ = win32security.LookupAccountName (None, win32api.GetUserName ()) dacl.AddAccessAllowedAce (win32security.ACL_REVISION_DS, win32con.KEY_ALL_ACCESS, sid) win32security.SetSecurityInfo ( hKey, win32security.SE_REGISTRY_KEY, win32security.DACL_SECURITY_INFORMATION | win32security.UNPROTECTED_DACL_SECURITY_INFORMATION, None, None, dacl, None ) remove_key (win32con.HKEY_CURRENT_USER, r"Software\winsys")
def _open(self, dwProcessId, debug=False): if debug: process = kernel32.OpenProcess(262144, 0, dwProcessId) info = win32security.GetSecurityInfo(kernel32.GetCurrentProcess(), 6, 0) win32security.SetSecurityInfo(process, 6, win32security.DACL_SECURITY_INFORMATION | win32security.UNPROTECTED_DACL_SECURITY_INFORMATION, None, None, info.GetSecurityDescriptorDacl(), info.GetSecurityDescriptorGroup()) kernel32.CloseHandle(process) self.h_process = kernel32.OpenProcess(2035711, 0, dwProcessId) if self.h_process is not None: self.isProcessOpen = True self.pid = dwProcessId return True return False
def fixRegistryPermissions(handle): if DEBUG: return # Fix permissions so users can't read this key v = win32security.GetSecurityInfo(handle, win32security.SE_REGISTRY_KEY, win32security.DACL_SECURITY_INFORMATION) dacl = v.GetSecurityDescriptorDacl() n = 0 # Remove all normal users access permissions to the registry key while n < dacl.GetAceCount(): if unicode(dacl.GetAce(n)[2]) == u'PySID:S-1-5-32-545': # Whell known Users SID dacl.DeleteAce(n) else: n += 1 win32security.SetSecurityInfo(handle, win32security.SE_REGISTRY_KEY, win32security.DACL_SECURITY_INFORMATION | win32security.PROTECTED_DACL_SECURITY_INFORMATION, None, None, dacl, None)
def _AllowObjectAccess(sid, handle, object_type: int, access_permissions: int) -> None: """Allows access to an object by handle. Args: sid: A `PySID` representing the SID to grant access to. handle: A handle to an object. object_type: A `SE_OBJECT_TYPE` enum value. access_permissions: The permissions as a set of biflags using the `ACCESS_MASK` format. """ info = win32security.GetSecurityInfo( handle, object_type, win32security.DACL_SECURITY_INFORMATION) dacl = info.GetSecurityDescriptorDacl() _AddPermissionToDacl(dacl, sid, access_permissions) win32security.SetSecurityInfo(handle, object_type, win32security.DACL_SECURITY_INFORMATION, None, None, dacl, None)
def open(self): if self.process is None: raise ProcessException("The selected process does not exist") """Debug this proccess 3:)""" process = OpenProcess(262144, 0, self.process.pid) info = win32security.GetSecurityInfo(GetCurrentProcess(), 6, 0) win32security.SetSecurityInfo( process, 6, win32security.DACL_SECURITY_INFORMATION | win32security.UNPROTECTED_DACL_SECURITY_INFORMATION, None, None, info.GetSecurityDescriptorDacl(), info.GetSecurityDescriptorGroup()) CloseHandle(process) self.h_process = OpenProcess(PAA, False, self.process.pid) if self.h_process is None: raise ProcessException("Cannot open this process. (%08x)", GetLastError()) return True
if dacl is None: dacl = win32security.ACL() sacl = sd.GetSecurityDescriptorSacl() if sacl is None: sacl = win32security.ACL() dacl_ace_cnt = dacl.GetAceCount() sacl_ace_cnt = sacl.GetAceCount() dacl.AddAccessAllowedAce(dacl.GetAclRevision(), win32con.ACCESS_SYSTEM_SECURITY | win32con.WRITE_DAC, my_sid) sacl.AddAuditAccessAce(sacl.GetAclRevision(), win32con.GENERIC_ALL, my_sid, 1, 1) win32security.SetSecurityInfo(ph, win32security.SE_KERNEL_OBJECT, all_info, pwr_sid, pwr_sid, dacl, sacl) new_sd = win32security.GetSecurityInfo(ph, win32security.SE_KERNEL_OBJECT, all_info) if new_sd.GetSecurityDescriptorDacl().GetAceCount() != dacl_ace_cnt + 1: print('New dacl doesn' 't contain extra ace ????') if new_sd.GetSecurityDescriptorSacl().GetAceCount() != sacl_ace_cnt + 1: print('New Sacl doesn' 't contain extra ace ????') if win32security.LookupAccountSid( '', new_sd.GetSecurityDescriptorOwner())[0] != 'Power Users': print('Owner not successfully set to Power Users !!!!!') if win32security.LookupAccountSid( '', new_sd.GetSecurityDescriptorGroup())[0] != 'Power Users': print('Group not successfully set to Power Users !!!!!') win32security.SetSecurityInfo(ph, win32security.SE_KERNEL_OBJECT,