AIM-PIbd-32-Kurbanova-A-A/aimenv/Lib/site-packages/win32comext/authorization/demos/EditSecurity.py
2024-10-02 22:15:59 +04:00

256 lines
8.8 KiB
Python

import os
import ntsecuritycon
import pythoncom
import win32api
import win32com.server.policy
import win32con
import win32security
from ntsecuritycon import (
CONTAINER_INHERIT_ACE,
FILE_ALL_ACCESS,
FILE_APPEND_DATA,
FILE_GENERIC_EXECUTE,
FILE_GENERIC_READ,
FILE_GENERIC_WRITE,
FILE_READ_ATTRIBUTES,
FILE_READ_DATA,
FILE_READ_EA,
FILE_WRITE_ATTRIBUTES,
FILE_WRITE_DATA,
FILE_WRITE_EA,
INHERIT_ONLY_ACE,
OBJECT_INHERIT_ACE,
PSPCB_SI_INITDIALOG,
READ_CONTROL,
SI_ACCESS_CONTAINER,
SI_ACCESS_GENERAL,
SI_ACCESS_PROPERTY,
SI_ACCESS_SPECIFIC,
SI_ADVANCED,
SI_CONTAINER,
SI_EDIT_ALL,
SI_EDIT_AUDITS,
SI_EDIT_PROPERTIES,
SI_PAGE_ADVPERM,
SI_PAGE_AUDIT,
SI_PAGE_OWNER,
SI_PAGE_PERM,
SI_PAGE_TITLE,
SI_RESET,
STANDARD_RIGHTS_EXECUTE,
STANDARD_RIGHTS_READ,
STANDARD_RIGHTS_WRITE,
SYNCHRONIZE,
WRITE_DAC,
WRITE_OWNER,
)
from pythoncom import IID_NULL
from win32com.authorization import authorization
from win32com.shell.shellcon import ( # # Msg parameter to PropertySheetPageCallback
PSPCB_CREATE,
PSPCB_RELEASE,
)
from win32security import CONTAINER_INHERIT_ACE, INHERIT_ONLY_ACE, OBJECT_INHERIT_ACE
class SecurityInformation(win32com.server.policy.DesignatedWrapPolicy):
_com_interfaces_ = [authorization.IID_ISecurityInformation]
_public_methods_ = [
"GetObjectInformation",
"GetSecurity",
"SetSecurity",
"GetAccessRights",
"GetInheritTypes",
"MapGeneric",
"PropertySheetPageCallback",
]
def __init__(self, FileName):
self.FileName = FileName
self._wrap_(self)
def GetObjectInformation(self):
"""Identifies object whose security will be modified, and determines options available
to the end user"""
flags = SI_ADVANCED | SI_EDIT_ALL | SI_PAGE_TITLE | SI_RESET
if os.path.isdir(self.FileName):
flags |= SI_CONTAINER
hinstance = 0 ## handle to module containing string resources
servername = "" ## name of authenticating server if not local machine
objectname = os.path.split(self.FileName)[1]
pagetitle = "Python ACL Editor"
if os.path.isdir(self.FileName):
pagetitle += " (dir)"
else:
pagetitle += " (file)"
objecttype = IID_NULL
return flags, hinstance, servername, objectname, pagetitle, objecttype
def GetSecurity(self, requestedinfo, bdefault):
"""Requests the existing permissions for object"""
if bdefault:
## This is invoked if the 'Default' button is pressed (only present if SI_RESET is passed
## with the flags in GetObjectInfo). Passing an empty SD with a NULL Dacl
## should cause inherited ACL from parent dir or default dacl from user's token to be used
return win32security.SECURITY_DESCRIPTOR()
else:
## GetFileSecurity sometimes fails to return flags indicating that an ACE is inherited
return win32security.GetNamedSecurityInfo(
self.FileName, win32security.SE_FILE_OBJECT, requestedinfo
)
def SetSecurity(self, requestedinfo, sd):
"""Applies permissions to the object"""
owner = sd.GetSecurityDescriptorOwner()
group = sd.GetSecurityDescriptorGroup()
dacl = sd.GetSecurityDescriptorDacl()
sacl = sd.GetSecurityDescriptorSacl()
win32security.SetNamedSecurityInfo(
self.FileName,
win32security.SE_FILE_OBJECT,
requestedinfo,
owner,
group,
dacl,
sacl,
)
## should also handle recursive operations here
def GetAccessRights(self, objecttype, flags):
"""Returns a tuple of (AccessRights, DefaultAccess), where AccessRights is a sequence of tuples representing
SI_ACCESS structs, containing (guid, access mask, Name, flags). DefaultAccess indicates which of the
AccessRights will be used initially when a new ACE is added (zero based).
Flags can contain SI_ACCESS_SPECIFIC,SI_ACCESS_GENERAL,SI_ACCESS_CONTAINER,SI_ACCESS_PROPERTY,
CONTAINER_INHERIT_ACE,INHERIT_ONLY_ACE,OBJECT_INHERIT_ACE
"""
## input flags: SI_ADVANCED,SI_EDIT_AUDITS,SI_EDIT_PROPERTIES indicating which property sheet is requesting the rights
if (objecttype is not None) and (objecttype != IID_NULL):
## Should not be true for file objects. Usually only used with DS objects that support security for
## their properties
raise NotImplementedError("Object type is not supported")
if os.path.isdir(self.FileName):
file_append_data_desc = "Create subfolders"
file_write_data_desc = "Create Files"
else:
file_append_data_desc = "Append data"
file_write_data_desc = "Write data"
accessrights = [
(
IID_NULL,
FILE_GENERIC_READ,
"Generic read",
SI_ACCESS_GENERAL
| SI_ACCESS_SPECIFIC
| OBJECT_INHERIT_ACE
| CONTAINER_INHERIT_ACE,
),
(
IID_NULL,
FILE_GENERIC_WRITE,
"Generic write",
SI_ACCESS_GENERAL
| SI_ACCESS_SPECIFIC
| OBJECT_INHERIT_ACE
| CONTAINER_INHERIT_ACE,
),
(
IID_NULL,
win32con.DELETE,
"Delete",
SI_ACCESS_SPECIFIC | OBJECT_INHERIT_ACE | CONTAINER_INHERIT_ACE,
),
(
IID_NULL,
WRITE_OWNER,
"Change owner",
SI_ACCESS_SPECIFIC | OBJECT_INHERIT_ACE | CONTAINER_INHERIT_ACE,
),
(
IID_NULL,
READ_CONTROL,
"Read Permissions",
SI_ACCESS_SPECIFIC | OBJECT_INHERIT_ACE | CONTAINER_INHERIT_ACE,
),
(
IID_NULL,
WRITE_DAC,
"Change permissions",
SI_ACCESS_SPECIFIC | OBJECT_INHERIT_ACE | CONTAINER_INHERIT_ACE,
),
(
IID_NULL,
FILE_APPEND_DATA,
file_append_data_desc,
SI_ACCESS_SPECIFIC | OBJECT_INHERIT_ACE | CONTAINER_INHERIT_ACE,
),
(
IID_NULL,
FILE_WRITE_DATA,
file_write_data_desc,
SI_ACCESS_SPECIFIC | OBJECT_INHERIT_ACE | CONTAINER_INHERIT_ACE,
),
]
return (accessrights, 0)
def MapGeneric(self, guid, aceflags, mask):
"""Converts generic access rights to specific rights. This implementation uses standard file system rights,
but you can map them any way that suits your application.
"""
return win32security.MapGenericMask(
mask,
(
FILE_GENERIC_READ,
FILE_GENERIC_WRITE,
FILE_GENERIC_EXECUTE,
FILE_ALL_ACCESS,
),
)
def GetInheritTypes(self):
"""Specifies which types of ACE inheritance are supported.
Returns a sequence of tuples representing SI_INHERIT_TYPE structs, containing
(object type guid, inheritance flags, display name). Guid is usually only used with
Directory Service objects.
"""
return (
(IID_NULL, 0, "Only current object"),
(IID_NULL, OBJECT_INHERIT_ACE, "Files inherit permissions"),
(IID_NULL, CONTAINER_INHERIT_ACE, "Sub Folders inherit permissions"),
(
IID_NULL,
CONTAINER_INHERIT_ACE | OBJECT_INHERIT_ACE,
"Files and subfolders",
),
)
def PropertySheetPageCallback(self, hwnd, msg, pagetype):
"""Invoked each time a property sheet page is created or destroyed."""
## page types from SI_PAGE_TYPE enum: SI_PAGE_PERM SI_PAGE_ADVPERM SI_PAGE_AUDIT SI_PAGE_OWNER
## msg: PSPCB_CREATE, PSPCB_RELEASE, PSPCB_SI_INITDIALOG
return None
def EditSecurity(self, owner_hwnd=0):
"""Creates an ACL editor dialog based on parameters returned by interface methods"""
isi = pythoncom.WrapObject(
self, authorization.IID_ISecurityInformation, pythoncom.IID_IUnknown
)
authorization.EditSecurity(owner_hwnd, isi)
## folder permissions
temp_dir = win32api.GetTempPath()
dir_name = win32api.GetTempFileName(temp_dir, "isi")[0]
print(dir_name)
os.remove(dir_name)
os.mkdir(dir_name)
si = SecurityInformation(dir_name)
si.EditSecurity()
## file permissions
fname = win32api.GetTempFileName(dir_name, "isi")[0]
si = SecurityInformation(fname)
si.EditSecurity()