Funktionierender Prototyp des Serious Games zur Vermittlung von Wissen zu Software-Engineering-Arbeitsmodellen.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

setuserobjectsecurity.py 3.3KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103
  1. import win32api
  2. import win32con
  3. import win32process
  4. import win32security
  5. new_privs = (
  6. (
  7. win32security.LookupPrivilegeValue("", win32security.SE_SECURITY_NAME),
  8. win32con.SE_PRIVILEGE_ENABLED,
  9. ),
  10. (
  11. win32security.LookupPrivilegeValue("", win32security.SE_TCB_NAME),
  12. win32con.SE_PRIVILEGE_ENABLED,
  13. ),
  14. (
  15. win32security.LookupPrivilegeValue("", win32security.SE_SHUTDOWN_NAME),
  16. win32con.SE_PRIVILEGE_ENABLED,
  17. ),
  18. (
  19. win32security.LookupPrivilegeValue("", win32security.SE_RESTORE_NAME),
  20. win32con.SE_PRIVILEGE_ENABLED,
  21. ),
  22. (
  23. win32security.LookupPrivilegeValue("", win32security.SE_TAKE_OWNERSHIP_NAME),
  24. win32con.SE_PRIVILEGE_ENABLED,
  25. ),
  26. (
  27. win32security.LookupPrivilegeValue("", win32security.SE_CREATE_PERMANENT_NAME),
  28. win32con.SE_PRIVILEGE_ENABLED,
  29. ),
  30. (
  31. win32security.LookupPrivilegeValue("", win32security.SE_ENABLE_DELEGATION_NAME),
  32. win32con.SE_PRIVILEGE_ENABLED,
  33. ),
  34. (
  35. win32security.LookupPrivilegeValue("", win32security.SE_CHANGE_NOTIFY_NAME),
  36. win32con.SE_PRIVILEGE_ENABLED,
  37. ),
  38. (
  39. win32security.LookupPrivilegeValue("", win32security.SE_DEBUG_NAME),
  40. win32con.SE_PRIVILEGE_ENABLED,
  41. ),
  42. (
  43. win32security.LookupPrivilegeValue(
  44. "", win32security.SE_PROF_SINGLE_PROCESS_NAME
  45. ),
  46. win32con.SE_PRIVILEGE_ENABLED,
  47. ),
  48. (
  49. win32security.LookupPrivilegeValue("", win32security.SE_SYSTEM_PROFILE_NAME),
  50. win32con.SE_PRIVILEGE_ENABLED,
  51. ),
  52. (
  53. win32security.LookupPrivilegeValue("", win32security.SE_LOCK_MEMORY_NAME),
  54. win32con.SE_PRIVILEGE_ENABLED,
  55. ),
  56. )
  57. all_info = (
  58. win32security.OWNER_SECURITY_INFORMATION
  59. | win32security.GROUP_SECURITY_INFORMATION
  60. | win32security.DACL_SECURITY_INFORMATION
  61. | win32security.SACL_SECURITY_INFORMATION
  62. )
  63. info = (
  64. win32security.OWNER_SECURITY_INFORMATION
  65. | win32security.GROUP_SECURITY_INFORMATION
  66. | win32security.DACL_SECURITY_INFORMATION
  67. )
  68. ph = win32process.GetCurrentProcess()
  69. th = win32security.OpenProcessToken(
  70. ph, win32security.TOKEN_ALL_ACCESS
  71. ) ##win32con.TOKEN_ADJUST_PRIVILEGES)
  72. win32security.AdjustTokenPrivileges(th, 0, new_privs)
  73. my_sid = win32security.GetTokenInformation(th, win32security.TokenUser)[0]
  74. pwr_sid = win32security.LookupAccountName("", "Power Users")[0]
  75. h = win32process.GetProcessWindowStation()
  76. sd = win32security.GetUserObjectSecurity(h, info)
  77. dacl = sd.GetSecurityDescriptorDacl()
  78. ace_cnt = dacl.GetAceCount()
  79. dacl.AddAccessAllowedAce(
  80. dacl.GetAclRevision(), win32con.ACCESS_SYSTEM_SECURITY | win32con.WRITE_DAC, my_sid
  81. )
  82. sd.SetSecurityDescriptorDacl(1, dacl, 0)
  83. sd.SetSecurityDescriptorGroup(pwr_sid, 0)
  84. sd.SetSecurityDescriptorOwner(pwr_sid, 0)
  85. win32security.SetUserObjectSecurity(h, info, sd)
  86. new_sd = win32security.GetUserObjectSecurity(h, info)
  87. assert (
  88. new_sd.GetSecurityDescriptorDacl().GetAceCount() == ace_cnt + 1
  89. ), "Did not add an ace to the Dacl !!!!!!"
  90. assert (
  91. win32security.LookupAccountSid("", new_sd.GetSecurityDescriptorOwner())[0]
  92. == "Power Users"
  93. ), "Owner not successfully set to Power Users !!!!!"
  94. assert (
  95. win32security.LookupAccountSid("", new_sd.GetSecurityDescriptorGroup())[0]
  96. == "Power Users"
  97. ), "Group not successfully set to Power Users !!!!!"