def CreatePipeSecurityObject(self): TOKEN_QUERY = 0x8 cur_proc = GetCurrentProcess() log("CreatePipeSecurityObject() GetCurrentProcess()=%#x", cur_proc) process = HANDLE() if OpenProcessToken(HANDLE(cur_proc), TOKEN_QUERY, ctypes.byref(process)) == 0: raise WindowsError() log("CreatePipeSecurityObject() process=%s", process.value) data_size = DWORD() GetTokenInformation(process, TOKEN_QUERY, 0, 0, ctypes.byref(data_size)) log("CreatePipeSecurityObject() GetTokenInformation data size%s", data_size.value) data = ctypes.create_string_buffer(data_size.value) if GetTokenInformation(process, TOKEN_QUERY, ctypes.byref(data), ctypes.sizeof(data), ctypes.byref(data_size)) == 0: raise WindowsError() user = ctypes.cast(data, ctypes.POINTER(TOKEN_USER)).contents log("CreatePipeSecurityObject() user: SID=%s, attributes=%#x", user.SID, user.ATTRIBUTES) SD = SECURITY_DESCRIPTOR() InitializeSecurityDescriptor(ctypes.byref(SD), SECURITY_DESCRIPTOR.REVISION) SetSecurityDescriptorOwner(ctypes.byref(SD), user.SID, 0) SA = SECURITY_ATTRIBUTES() SA.descriptor = SD SA.bInheritHandle = False return SA
def CreateUnrestrictedPipeSecurityObject(self): SD = SECURITY_DESCRIPTOR() InitializeSecurityDescriptor(ctypes.byref(SD), SECURITY_DESCRIPTOR.REVISION) if SetSecurityDescriptorDacl(ctypes.byref(SD), True, None, False)==0: raise WindowsError() SA = SECURITY_ATTRIBUTES() SA.descriptor = SD SA.bInheritHandle = False return SA
def CreatePipeSecurityAttributes(self): user = self.GetToken(TokenUser, TOKEN_USER) user_SID = user.SID.contents log("user SID=%s, attributes=%#x", user_SID, user.ATTRIBUTES) group = self.GetToken(TokenPrimaryGroup, TOKEN_PRIMARY_GROUP) group_SID = group.PrimaryGroup.contents log("group SID=%s", group_SID) SD = SECURITY_DESCRIPTOR() self.security_descriptor = SD log("SECURITY_DESCRIPTOR=%s", SD) if not InitializeSecurityDescriptor(byref(SD), SECURITY_DESCRIPTOR.REVISION): raise WindowsError() #@UndefinedVariable log("InitializeSecurityDescriptor: %s", SD) if not SetSecurityDescriptorOwner(byref(SD), user.SID, False): raise WindowsError() #@UndefinedVariable log("SetSecurityDescriptorOwner: %s", SD) if not SetSecurityDescriptorGroup(byref(SD), group.PrimaryGroup, False): raise WindowsError() #@UndefinedVariable log("SetSecurityDescriptorGroup: %s", SD) SA = SECURITY_ATTRIBUTES() log("CreatePipeSecurityObject() SECURITY_ATTRIBUTES=%s", SA) if not UNRESTRICTED: SA.descriptor = SD SA.bInheritHandle = False return SA if not SetSecurityDescriptorSacl(byref(SD), False, None, False): raise WindowsError() #@UndefinedVariable if not SetSecurityDescriptorDacl(byref(SD), True, None, False): raise WindowsError() #@UndefinedVariable #this doesn't work - and I don't know why: #SECURITY_NT_AUTHORITY = 5 #sia_anonymous = SID_IDENTIFIER_AUTHORITY((0, 0, 0, 0, 0, SECURITY_NT_AUTHORITY)) #log("SID_IDENTIFIER_AUTHORITY(SECURITY_NT_AUTHORITY)=%s", sia_anonymous) #sid_allow = SID() #log("empty SID: %s", sid_allow) #if not AllocateAndInitializeSid(byref(sia_anonymous), 1, # SECURITY_ANONYMOUS_LOGON_RID, 0, 0, 0, 0, 0, 0, 0, # byref(sid_allow), # ): # raise WindowsError() # log("AllocateAndInitializeSid(..) sid_anonymous=%s", sid_allow) sid_allow = SID() sid_size = DWORD(sizeof(SID)) sid_type = WinWorldSid SECURITY_MAX_SID_SIZE = 68 assert sizeof(SID) >= SECURITY_MAX_SID_SIZE if not CreateWellKnownSid(sid_type, None, byref(sid_allow), byref(sid_size)): log.error("error=%s", GetLastError()) raise WindowsError() #@UndefinedVariable assert sid_size.value <= SECURITY_MAX_SID_SIZE log("CreateWellKnownSid(..) sid_allow=%s, sid_size=%s", sid_allow, sid_size) acl_size = sizeof(ACL) acl_size += 2 * (sizeof(ACCESS_ALLOWED_ACE) - sizeof(DWORD)) acl_size += GetLengthSid(byref(sid_allow)) acl_size += GetLengthSid(byref(user.SID.contents)) #acl_size += GetLengthSid(user.SID) acl_data = create_string_buffer(acl_size) acl = cast(acl_data, POINTER(ACL)).contents log("acl_size=%s, acl_data=%s, acl=%s", acl_size, acl_data, acl) if not InitializeAcl(byref(acl), acl_size, ACL_REVISION): raise WindowsError() #@UndefinedVariable log("InitializeAcl(..) acl=%s", acl) rights = STANDARD_RIGHTS_ALL | SPECIFIC_RIGHTS_ALL add_sid = user.SID r = AddAccessAllowedAce(byref(acl), ACL_REVISION, rights, add_sid) if r == 0: err = GetLastError() log("AddAccessAllowedAce(..)=%s", ACL_ERRORS.get(err, err)) raise WindowsError() #@UndefinedVariable rights = STANDARD_RIGHTS_ALL | SPECIFIC_RIGHTS_ALL add_sid = byref(sid_allow) r = AddAccessAllowedAce(byref(acl), ACL_REVISION, rights, add_sid) if r == 0: err = GetLastError() log("AddAccessAllowedAce(..)=%s", ACL_ERRORS.get(err, err)) raise WindowsError() #@UndefinedVariable if not SetSecurityDescriptorDacl(byref(SD), True, byref(acl), False): raise WindowsError() #@UndefinedVariable SA.nLength = sizeof(SECURITY_ATTRIBUTES) SA.lpSecurityDescriptor = cast(pointer(SD), c_void_p) SA.bInheritHandle = True self.security_attributes = SA return SA