AIM-PIbd-32-Kurbanova-A-A/aimenv/Lib/site-packages/win32comext/authorization/demos/EditSecurity.py

import os

import ntsecuritycon
import pythoncom
import win32api
import win32com.server.policy
import win32con
import win32security
from ntsecuritycon import (
    CONTAINER_INHERIT_ACE,
    FILE_ALL_ACCESS,
    FILE_APPEND_DATA,
    FILE_GENERIC_EXECUTE,
    FILE_GENERIC_READ,
    FILE_GENERIC_WRITE,
    FILE_READ_ATTRIBUTES,
    FILE_READ_DATA,
    FILE_READ_EA,
    FILE_WRITE_ATTRIBUTES,
    FILE_WRITE_DATA,
    FILE_WRITE_EA,
    INHERIT_ONLY_ACE,
    OBJECT_INHERIT_ACE,
    PSPCB_SI_INITDIALOG,
    READ_CONTROL,
    SI_ACCESS_CONTAINER,
    SI_ACCESS_GENERAL,
    SI_ACCESS_PROPERTY,
    SI_ACCESS_SPECIFIC,
    SI_ADVANCED,
    SI_CONTAINER,
    SI_EDIT_ALL,
    SI_EDIT_AUDITS,
    SI_EDIT_PROPERTIES,
    SI_PAGE_ADVPERM,
    SI_PAGE_AUDIT,
    SI_PAGE_OWNER,
    SI_PAGE_PERM,
    SI_PAGE_TITLE,
    SI_RESET,
    STANDARD_RIGHTS_EXECUTE,
    STANDARD_RIGHTS_READ,
    STANDARD_RIGHTS_WRITE,
    SYNCHRONIZE,
    WRITE_DAC,
    WRITE_OWNER,
)
from pythoncom import IID_NULL
from win32com.authorization import authorization
from win32com.shell.shellcon import (  # # Msg parameter to PropertySheetPageCallback
    PSPCB_CREATE,
    PSPCB_RELEASE,
)
from win32security import CONTAINER_INHERIT_ACE, INHERIT_ONLY_ACE, OBJECT_INHERIT_ACE


class SecurityInformation(win32com.server.policy.DesignatedWrapPolicy):
    _com_interfaces_ = [authorization.IID_ISecurityInformation]
    _public_methods_ = [
        "GetObjectInformation",
        "GetSecurity",
        "SetSecurity",
        "GetAccessRights",
        "GetInheritTypes",
        "MapGeneric",
        "PropertySheetPageCallback",
    ]

    def __init__(self, FileName):
        self.FileName = FileName
        self._wrap_(self)

    def GetObjectInformation(self):
        """Identifies object whose security will be modified, and determines options available
        to the end user"""
        flags = SI_ADVANCED | SI_EDIT_ALL | SI_PAGE_TITLE | SI_RESET
        if os.path.isdir(self.FileName):
            flags |= SI_CONTAINER
        hinstance = 0  ## handle to module containing string resources
        servername = ""  ## name of authenticating server if not local machine
        objectname = os.path.split(self.FileName)[1]
        pagetitle = "Python ACL Editor"
        if os.path.isdir(self.FileName):
            pagetitle += " (dir)"
        else:
            pagetitle += " (file)"
        objecttype = IID_NULL
        return flags, hinstance, servername, objectname, pagetitle, objecttype

    def GetSecurity(self, requestedinfo, bdefault):
        """Requests the existing permissions for object"""
        if bdefault:
            ## This is invoked if the 'Default' button is pressed (only present if SI_RESET is passed
            ## with the flags in GetObjectInfo). Passing an empty SD with a NULL Dacl
            ##  should cause inherited ACL from parent dir or default dacl from user's token to be used
            return win32security.SECURITY_DESCRIPTOR()
        else:
            ## GetFileSecurity sometimes fails to return flags indicating that an ACE is inherited
            return win32security.GetNamedSecurityInfo(
                self.FileName, win32security.SE_FILE_OBJECT, requestedinfo
            )

    def SetSecurity(self, requestedinfo, sd):
        """Applies permissions to the object"""
        owner = sd.GetSecurityDescriptorOwner()
        group = sd.GetSecurityDescriptorGroup()
        dacl = sd.GetSecurityDescriptorDacl()
        sacl = sd.GetSecurityDescriptorSacl()
        win32security.SetNamedSecurityInfo(
            self.FileName,
            win32security.SE_FILE_OBJECT,
            requestedinfo,
            owner,
            group,
            dacl,
            sacl,
        )
        ## should also handle recursive operations here

    def GetAccessRights(self, objecttype, flags):
        """Returns a tuple of (AccessRights, DefaultAccess), where AccessRights is a sequence of tuples representing
        SI_ACCESS structs, containing (guid, access mask, Name, flags). DefaultAccess indicates which of the
        AccessRights will be used initially when a new ACE is added (zero based).
        Flags can contain SI_ACCESS_SPECIFIC,SI_ACCESS_GENERAL,SI_ACCESS_CONTAINER,SI_ACCESS_PROPERTY,
              CONTAINER_INHERIT_ACE,INHERIT_ONLY_ACE,OBJECT_INHERIT_ACE
        """
        ## input flags: SI_ADVANCED,SI_EDIT_AUDITS,SI_EDIT_PROPERTIES indicating which property sheet is requesting the rights
        if (objecttype is not None) and (objecttype != IID_NULL):
            ## Should not be true for file objects.  Usually only used with DS objects that support security for
            ## their properties
            raise NotImplementedError("Object type is not supported")

        if os.path.isdir(self.FileName):
            file_append_data_desc = "Create subfolders"
            file_write_data_desc = "Create Files"
        else:
            file_append_data_desc = "Append data"
            file_write_data_desc = "Write data"

        accessrights = [
            (
                IID_NULL,
                FILE_GENERIC_READ,
                "Generic read",
                SI_ACCESS_GENERAL
                | SI_ACCESS_SPECIFIC
                | OBJECT_INHERIT_ACE
                | CONTAINER_INHERIT_ACE,
            ),
            (
                IID_NULL,
                FILE_GENERIC_WRITE,
                "Generic write",
                SI_ACCESS_GENERAL
                | SI_ACCESS_SPECIFIC
                | OBJECT_INHERIT_ACE
                | CONTAINER_INHERIT_ACE,
            ),
            (
                IID_NULL,
                win32con.DELETE,
                "Delete",
                SI_ACCESS_SPECIFIC | OBJECT_INHERIT_ACE | CONTAINER_INHERIT_ACE,
            ),
            (
                IID_NULL,
                WRITE_OWNER,
                "Change owner",
                SI_ACCESS_SPECIFIC | OBJECT_INHERIT_ACE | CONTAINER_INHERIT_ACE,
            ),
            (
                IID_NULL,
                READ_CONTROL,
                "Read Permissions",
                SI_ACCESS_SPECIFIC | OBJECT_INHERIT_ACE | CONTAINER_INHERIT_ACE,
            ),
            (
                IID_NULL,
                WRITE_DAC,
                "Change permissions",
                SI_ACCESS_SPECIFIC | OBJECT_INHERIT_ACE | CONTAINER_INHERIT_ACE,
            ),
            (
                IID_NULL,
                FILE_APPEND_DATA,
                file_append_data_desc,
                SI_ACCESS_SPECIFIC | OBJECT_INHERIT_ACE | CONTAINER_INHERIT_ACE,
            ),
            (
                IID_NULL,
                FILE_WRITE_DATA,
                file_write_data_desc,
                SI_ACCESS_SPECIFIC | OBJECT_INHERIT_ACE | CONTAINER_INHERIT_ACE,
            ),
        ]
        return (accessrights, 0)

    def MapGeneric(self, guid, aceflags, mask):
        """Converts generic access rights to specific rights.  This implementation uses standard file system rights,
        but you can map them any way that suits your application.
        """
        return win32security.MapGenericMask(
            mask,
            (
                FILE_GENERIC_READ,
                FILE_GENERIC_WRITE,
                FILE_GENERIC_EXECUTE,
                FILE_ALL_ACCESS,
            ),
        )

    def GetInheritTypes(self):
        """Specifies which types of ACE inheritance are supported.
        Returns a sequence of tuples representing SI_INHERIT_TYPE structs, containing
        (object type guid, inheritance flags, display name).  Guid is usually only used with
        Directory Service objects.
        """
        return (
            (IID_NULL, 0, "Only current object"),
            (IID_NULL, OBJECT_INHERIT_ACE, "Files inherit permissions"),
            (IID_NULL, CONTAINER_INHERIT_ACE, "Sub Folders inherit permissions"),
            (
                IID_NULL,
                CONTAINER_INHERIT_ACE | OBJECT_INHERIT_ACE,
                "Files and subfolders",
            ),
        )

    def PropertySheetPageCallback(self, hwnd, msg, pagetype):
        """Invoked each time a property sheet page is created or destroyed."""
        ## page types from SI_PAGE_TYPE enum: SI_PAGE_PERM SI_PAGE_ADVPERM SI_PAGE_AUDIT SI_PAGE_OWNER
        ## msg: PSPCB_CREATE, PSPCB_RELEASE, PSPCB_SI_INITDIALOG
        return None

    def EditSecurity(self, owner_hwnd=0):
        """Creates an ACL editor dialog based on parameters returned by interface methods"""
        isi = pythoncom.WrapObject(
            self, authorization.IID_ISecurityInformation, pythoncom.IID_IUnknown
        )
        authorization.EditSecurity(owner_hwnd, isi)


## folder permissions
temp_dir = win32api.GetTempPath()
dir_name = win32api.GetTempFileName(temp_dir, "isi")[0]
print(dir_name)
os.remove(dir_name)
os.mkdir(dir_name)
si = SecurityInformation(dir_name)
si.EditSecurity()

## file permissions
fname = win32api.GetTempFileName(dir_name, "isi")[0]
si = SecurityInformation(fname)
si.EditSecurity()
lab 1 is done 2024-10-02 22:15:59 +04:00			`import os`

			`import ntsecuritycon`
			`import pythoncom`
			`import win32api`
			`import win32com.server.policy`
			`import win32con`
			`import win32security`
			`from ntsecuritycon import (`
			`CONTAINER_INHERIT_ACE,`
			`FILE_ALL_ACCESS,`
			`FILE_APPEND_DATA,`
			`FILE_GENERIC_EXECUTE,`
			`FILE_GENERIC_READ,`
			`FILE_GENERIC_WRITE,`
			`FILE_READ_ATTRIBUTES,`
			`FILE_READ_DATA,`
			`FILE_READ_EA,`
			`FILE_WRITE_ATTRIBUTES,`
			`FILE_WRITE_DATA,`
			`FILE_WRITE_EA,`
			`INHERIT_ONLY_ACE,`
			`OBJECT_INHERIT_ACE,`
			`PSPCB_SI_INITDIALOG,`
			`READ_CONTROL,`
			`SI_ACCESS_CONTAINER,`
			`SI_ACCESS_GENERAL,`
			`SI_ACCESS_PROPERTY,`
			`SI_ACCESS_SPECIFIC,`
			`SI_ADVANCED,`
			`SI_CONTAINER,`
			`SI_EDIT_ALL,`
			`SI_EDIT_AUDITS,`
			`SI_EDIT_PROPERTIES,`
			`SI_PAGE_ADVPERM,`
			`SI_PAGE_AUDIT,`
			`SI_PAGE_OWNER,`
			`SI_PAGE_PERM,`
			`SI_PAGE_TITLE,`
			`SI_RESET,`
			`STANDARD_RIGHTS_EXECUTE,`
			`STANDARD_RIGHTS_READ,`
			`STANDARD_RIGHTS_WRITE,`
			`SYNCHRONIZE,`
			`WRITE_DAC,`
			`WRITE_OWNER,`
			`)`
			`from pythoncom import IID_NULL`
			`from win32com.authorization import authorization`
			`from win32com.shell.shellcon import ( # # Msg parameter to PropertySheetPageCallback`
			`PSPCB_CREATE,`
			`PSPCB_RELEASE,`
			`)`
			`from win32security import CONTAINER_INHERIT_ACE, INHERIT_ONLY_ACE, OBJECT_INHERIT_ACE`


			`class SecurityInformation(win32com.server.policy.DesignatedWrapPolicy):`
			`_com_interfaces_ = [authorization.IID_ISecurityInformation]`
			`_public_methods_ = [`
			`"GetObjectInformation",`
			`"GetSecurity",`
			`"SetSecurity",`
			`"GetAccessRights",`
			`"GetInheritTypes",`
			`"MapGeneric",`
			`"PropertySheetPageCallback",`
			`]`

			`def __init__(self, FileName):`
			`self.FileName = FileName`
			`self._wrap_(self)`

			`def GetObjectInformation(self):`
			`"""Identifies object whose security will be modified, and determines options available`
			`to the end user"""`
			`flags = SI_ADVANCED \| SI_EDIT_ALL \| SI_PAGE_TITLE \| SI_RESET`
			`if os.path.isdir(self.FileName):`
			`flags \|= SI_CONTAINER`
			`hinstance = 0 ## handle to module containing string resources`
			`servername = "" ## name of authenticating server if not local machine`
			`objectname = os.path.split(self.FileName)[1]`
			`pagetitle = "Python ACL Editor"`
			`if os.path.isdir(self.FileName):`
			`pagetitle += " (dir)"`
			`else:`
			`pagetitle += " (file)"`
			`objecttype = IID_NULL`
			`return flags, hinstance, servername, objectname, pagetitle, objecttype`

			`def GetSecurity(self, requestedinfo, bdefault):`
			`"""Requests the existing permissions for object"""`
			`if bdefault:`
			`## This is invoked if the 'Default' button is pressed (only present if SI_RESET is passed`
			`## with the flags in GetObjectInfo). Passing an empty SD with a NULL Dacl`
			`## should cause inherited ACL from parent dir or default dacl from user's token to be used`
			`return win32security.SECURITY_DESCRIPTOR()`
			`else:`
			`## GetFileSecurity sometimes fails to return flags indicating that an ACE is inherited`
			`return win32security.GetNamedSecurityInfo(`
			`self.FileName, win32security.SE_FILE_OBJECT, requestedinfo`
			`)`

			`def SetSecurity(self, requestedinfo, sd):`
			`"""Applies permissions to the object"""`
			`owner = sd.GetSecurityDescriptorOwner()`
			`group = sd.GetSecurityDescriptorGroup()`
			`dacl = sd.GetSecurityDescriptorDacl()`
			`sacl = sd.GetSecurityDescriptorSacl()`
			`win32security.SetNamedSecurityInfo(`
			`self.FileName,`
			`win32security.SE_FILE_OBJECT,`
			`requestedinfo,`
			`owner,`
			`group,`
			`dacl,`
			`sacl,`
			`)`
			`## should also handle recursive operations here`

			`def GetAccessRights(self, objecttype, flags):`
			`"""Returns a tuple of (AccessRights, DefaultAccess), where AccessRights is a sequence of tuples representing`
			`SI_ACCESS structs, containing (guid, access mask, Name, flags). DefaultAccess indicates which of the`
			`AccessRights will be used initially when a new ACE is added (zero based).`
			`Flags can contain SI_ACCESS_SPECIFIC,SI_ACCESS_GENERAL,SI_ACCESS_CONTAINER,SI_ACCESS_PROPERTY,`
			`CONTAINER_INHERIT_ACE,INHERIT_ONLY_ACE,OBJECT_INHERIT_ACE`
			`"""`
			`## input flags: SI_ADVANCED,SI_EDIT_AUDITS,SI_EDIT_PROPERTIES indicating which property sheet is requesting the rights`
			`if (objecttype is not None) and (objecttype != IID_NULL):`
			`## Should not be true for file objects. Usually only used with DS objects that support security for`
			`## their properties`
			`raise NotImplementedError("Object type is not supported")`

			`if os.path.isdir(self.FileName):`
			`file_append_data_desc = "Create subfolders"`
			`file_write_data_desc = "Create Files"`
			`else:`
			`file_append_data_desc = "Append data"`
			`file_write_data_desc = "Write data"`

			`accessrights = [`
			`(`
			`IID_NULL,`
			`FILE_GENERIC_READ,`
			`"Generic read",`
			`SI_ACCESS_GENERAL`
			`\| SI_ACCESS_SPECIFIC`
			`\| OBJECT_INHERIT_ACE`
			`\| CONTAINER_INHERIT_ACE,`
			`),`
			`(`
			`IID_NULL,`
			`FILE_GENERIC_WRITE,`
			`"Generic write",`
			`SI_ACCESS_GENERAL`
			`\| SI_ACCESS_SPECIFIC`
			`\| OBJECT_INHERIT_ACE`
			`\| CONTAINER_INHERIT_ACE,`
			`),`
			`(`
			`IID_NULL,`
			`win32con.DELETE,`
			`"Delete",`
			`SI_ACCESS_SPECIFIC \| OBJECT_INHERIT_ACE \| CONTAINER_INHERIT_ACE,`
			`),`
			`(`
			`IID_NULL,`
			`WRITE_OWNER,`
			`"Change owner",`
			`SI_ACCESS_SPECIFIC \| OBJECT_INHERIT_ACE \| CONTAINER_INHERIT_ACE,`
			`),`
			`(`
			`IID_NULL,`
			`READ_CONTROL,`
			`"Read Permissions",`
			`SI_ACCESS_SPECIFIC \| OBJECT_INHERIT_ACE \| CONTAINER_INHERIT_ACE,`
			`),`
			`(`
			`IID_NULL,`
			`WRITE_DAC,`
			`"Change permissions",`
			`SI_ACCESS_SPECIFIC \| OBJECT_INHERIT_ACE \| CONTAINER_INHERIT_ACE,`
			`),`
			`(`
			`IID_NULL,`
			`FILE_APPEND_DATA,`
			`file_append_data_desc,`
			`SI_ACCESS_SPECIFIC \| OBJECT_INHERIT_ACE \| CONTAINER_INHERIT_ACE,`
			`),`
			`(`
			`IID_NULL,`
			`FILE_WRITE_DATA,`
			`file_write_data_desc,`
			`SI_ACCESS_SPECIFIC \| OBJECT_INHERIT_ACE \| CONTAINER_INHERIT_ACE,`
			`),`
			`]`
			`return (accessrights, 0)`

			`def MapGeneric(self, guid, aceflags, mask):`
			`"""Converts generic access rights to specific rights. This implementation uses standard file system rights,`
			`but you can map them any way that suits your application.`
			`"""`
			`return win32security.MapGenericMask(`
			`mask,`
			`(`
			`FILE_GENERIC_READ,`
			`FILE_GENERIC_WRITE,`
			`FILE_GENERIC_EXECUTE,`
			`FILE_ALL_ACCESS,`
			`),`
			`)`

			`def GetInheritTypes(self):`
			`"""Specifies which types of ACE inheritance are supported.`
			`Returns a sequence of tuples representing SI_INHERIT_TYPE structs, containing`
			`(object type guid, inheritance flags, display name). Guid is usually only used with`
			`Directory Service objects.`
			`"""`
			`return (`
			`(IID_NULL, 0, "Only current object"),`
			`(IID_NULL, OBJECT_INHERIT_ACE, "Files inherit permissions"),`
			`(IID_NULL, CONTAINER_INHERIT_ACE, "Sub Folders inherit permissions"),`
			`(`
			`IID_NULL,`
			`CONTAINER_INHERIT_ACE \| OBJECT_INHERIT_ACE,`
			`"Files and subfolders",`
			`),`
			`)`

			`def PropertySheetPageCallback(self, hwnd, msg, pagetype):`
			`"""Invoked each time a property sheet page is created or destroyed."""`
			`## page types from SI_PAGE_TYPE enum: SI_PAGE_PERM SI_PAGE_ADVPERM SI_PAGE_AUDIT SI_PAGE_OWNER`
			`## msg: PSPCB_CREATE, PSPCB_RELEASE, PSPCB_SI_INITDIALOG`
			`return None`

			`def EditSecurity(self, owner_hwnd=0):`
			`"""Creates an ACL editor dialog based on parameters returned by interface methods"""`
			`isi = pythoncom.WrapObject(`
			`self, authorization.IID_ISecurityInformation, pythoncom.IID_IUnknown`
			`)`
			`authorization.EditSecurity(owner_hwnd, isi)`


			`## folder permissions`
			`temp_dir = win32api.GetTempPath()`
			`dir_name = win32api.GetTempFileName(temp_dir, "isi")[0]`
			`print(dir_name)`
			`os.remove(dir_name)`
			`os.mkdir(dir_name)`
			`si = SecurityInformation(dir_name)`
			`si.EditSecurity()`

			`## file permissions`
			`fname = win32api.GetTempFileName(dir_name, "isi")[0]`
			`si = SecurityInformation(fname)`
			`si.EditSecurity()`