337 lines
9.2 KiB
Python
337 lines
9.2 KiB
Python
import ntsecuritycon
|
|
import win32security
|
|
import winnt
|
|
|
|
|
|
class Enum:
|
|
def __init__(self, *const_names):
|
|
"""Accepts variable number of constant names that can be found in either
|
|
win32security, ntsecuritycon, or winnt."""
|
|
for const_name in const_names:
|
|
try:
|
|
const_val = getattr(win32security, const_name)
|
|
except AttributeError:
|
|
try:
|
|
const_val = getattr(ntsecuritycon, const_name)
|
|
except AttributeError:
|
|
try:
|
|
const_val = getattr(winnt, const_name)
|
|
except AttributeError:
|
|
raise AttributeError(
|
|
'Constant "%s" not found in win32security, ntsecuritycon, or winnt.'
|
|
% const_name
|
|
)
|
|
setattr(self, const_name, const_val)
|
|
|
|
def lookup_name(self, const_val):
|
|
"""Looks up the name of a particular value."""
|
|
for k, v in self.__dict__.items():
|
|
if v == const_val:
|
|
return k
|
|
raise AttributeError("Value %s not found in enum" % const_val)
|
|
|
|
def lookup_flags(self, flags):
|
|
"""Returns the names of all recognized flags in input, and any flags not found in the enum."""
|
|
flag_names = []
|
|
unknown_flags = flags
|
|
for k, v in self.__dict__.items():
|
|
if flags & v == v:
|
|
flag_names.append(k)
|
|
unknown_flags = unknown_flags & ~v
|
|
return flag_names, unknown_flags
|
|
|
|
|
|
TOKEN_INFORMATION_CLASS = Enum(
|
|
"TokenUser",
|
|
"TokenGroups",
|
|
"TokenPrivileges",
|
|
"TokenOwner",
|
|
"TokenPrimaryGroup",
|
|
"TokenDefaultDacl",
|
|
"TokenSource",
|
|
"TokenType",
|
|
"TokenImpersonationLevel",
|
|
"TokenStatistics",
|
|
"TokenRestrictedSids",
|
|
"TokenSessionId",
|
|
"TokenGroupsAndPrivileges",
|
|
"TokenSessionReference",
|
|
"TokenSandBoxInert",
|
|
"TokenAuditPolicy",
|
|
"TokenOrigin",
|
|
"TokenElevationType",
|
|
"TokenLinkedToken",
|
|
"TokenElevation",
|
|
"TokenHasRestrictions",
|
|
"TokenAccessInformation",
|
|
"TokenVirtualizationAllowed",
|
|
"TokenVirtualizationEnabled",
|
|
"TokenIntegrityLevel",
|
|
"TokenUIAccess",
|
|
"TokenMandatoryPolicy",
|
|
"TokenLogonSid",
|
|
)
|
|
|
|
TOKEN_TYPE = Enum("TokenPrimary", "TokenImpersonation")
|
|
|
|
TOKEN_ELEVATION_TYPE = Enum(
|
|
"TokenElevationTypeDefault", "TokenElevationTypeFull", "TokenElevationTypeLimited"
|
|
)
|
|
|
|
POLICY_AUDIT_EVENT_TYPE = Enum(
|
|
"AuditCategorySystem",
|
|
"AuditCategoryLogon",
|
|
"AuditCategoryObjectAccess",
|
|
"AuditCategoryPrivilegeUse",
|
|
"AuditCategoryDetailedTracking",
|
|
"AuditCategoryPolicyChange",
|
|
"AuditCategoryAccountManagement",
|
|
"AuditCategoryDirectoryServiceAccess",
|
|
"AuditCategoryAccountLogon",
|
|
)
|
|
|
|
POLICY_INFORMATION_CLASS = Enum(
|
|
"PolicyAuditLogInformation",
|
|
"PolicyAuditEventsInformation",
|
|
"PolicyPrimaryDomainInformation",
|
|
"PolicyPdAccountInformation",
|
|
"PolicyAccountDomainInformation",
|
|
"PolicyLsaServerRoleInformation",
|
|
"PolicyReplicaSourceInformation",
|
|
"PolicyDefaultQuotaInformation",
|
|
"PolicyModificationInformation",
|
|
"PolicyAuditFullSetInformation",
|
|
"PolicyAuditFullQueryInformation",
|
|
"PolicyDnsDomainInformation",
|
|
)
|
|
|
|
POLICY_LSA_SERVER_ROLE = Enum("PolicyServerRoleBackup", "PolicyServerRolePrimary")
|
|
|
|
## access modes for opening a policy handle - this is not a real enum
|
|
POLICY_ACCESS_MODES = Enum(
|
|
"POLICY_VIEW_LOCAL_INFORMATION",
|
|
"POLICY_VIEW_AUDIT_INFORMATION",
|
|
"POLICY_GET_PRIVATE_INFORMATION",
|
|
"POLICY_TRUST_ADMIN",
|
|
"POLICY_CREATE_ACCOUNT",
|
|
"POLICY_CREATE_SECRET",
|
|
"POLICY_CREATE_PRIVILEGE",
|
|
"POLICY_SET_DEFAULT_QUOTA_LIMITS",
|
|
"POLICY_SET_AUDIT_REQUIREMENTS",
|
|
"POLICY_AUDIT_LOG_ADMIN",
|
|
"POLICY_SERVER_ADMIN",
|
|
"POLICY_LOOKUP_NAMES",
|
|
"POLICY_NOTIFICATION",
|
|
"POLICY_ALL_ACCESS",
|
|
"POLICY_READ",
|
|
"POLICY_WRITE",
|
|
"POLICY_EXECUTE",
|
|
)
|
|
|
|
## EventAuditingOptions flags - not a real enum
|
|
POLICY_AUDIT_EVENT_OPTIONS_FLAGS = Enum(
|
|
"POLICY_AUDIT_EVENT_UNCHANGED",
|
|
"POLICY_AUDIT_EVENT_SUCCESS",
|
|
"POLICY_AUDIT_EVENT_FAILURE",
|
|
"POLICY_AUDIT_EVENT_NONE",
|
|
)
|
|
|
|
# AceType in ACE_HEADER - not a real enum
|
|
ACE_TYPE = Enum(
|
|
"ACCESS_MIN_MS_ACE_TYPE",
|
|
"ACCESS_ALLOWED_ACE_TYPE",
|
|
"ACCESS_DENIED_ACE_TYPE",
|
|
"SYSTEM_AUDIT_ACE_TYPE",
|
|
"SYSTEM_ALARM_ACE_TYPE",
|
|
"ACCESS_MAX_MS_V2_ACE_TYPE",
|
|
"ACCESS_ALLOWED_COMPOUND_ACE_TYPE",
|
|
"ACCESS_MAX_MS_V3_ACE_TYPE",
|
|
"ACCESS_MIN_MS_OBJECT_ACE_TYPE",
|
|
"ACCESS_ALLOWED_OBJECT_ACE_TYPE",
|
|
"ACCESS_DENIED_OBJECT_ACE_TYPE",
|
|
"SYSTEM_AUDIT_OBJECT_ACE_TYPE",
|
|
"SYSTEM_ALARM_OBJECT_ACE_TYPE",
|
|
"ACCESS_MAX_MS_OBJECT_ACE_TYPE",
|
|
"ACCESS_MAX_MS_V4_ACE_TYPE",
|
|
"ACCESS_MAX_MS_ACE_TYPE",
|
|
"ACCESS_ALLOWED_CALLBACK_ACE_TYPE",
|
|
"ACCESS_DENIED_CALLBACK_ACE_TYPE",
|
|
"ACCESS_ALLOWED_CALLBACK_OBJECT_ACE_TYPE",
|
|
"ACCESS_DENIED_CALLBACK_OBJECT_ACE_TYPE",
|
|
"SYSTEM_AUDIT_CALLBACK_ACE_TYPE",
|
|
"SYSTEM_ALARM_CALLBACK_ACE_TYPE",
|
|
"SYSTEM_AUDIT_CALLBACK_OBJECT_ACE_TYPE",
|
|
"SYSTEM_ALARM_CALLBACK_OBJECT_ACE_TYPE",
|
|
"SYSTEM_MANDATORY_LABEL_ACE_TYPE",
|
|
"ACCESS_MAX_MS_V5_ACE_TYPE",
|
|
)
|
|
|
|
# bit flags for AceFlags - not a real enum
|
|
ACE_FLAGS = Enum(
|
|
"CONTAINER_INHERIT_ACE",
|
|
"FAILED_ACCESS_ACE_FLAG",
|
|
"INHERIT_ONLY_ACE",
|
|
"INHERITED_ACE",
|
|
"NO_PROPAGATE_INHERIT_ACE",
|
|
"OBJECT_INHERIT_ACE",
|
|
"SUCCESSFUL_ACCESS_ACE_FLAG",
|
|
"NO_INHERITANCE",
|
|
"SUB_CONTAINERS_AND_OBJECTS_INHERIT",
|
|
"SUB_CONTAINERS_ONLY_INHERIT",
|
|
"SUB_OBJECTS_ONLY_INHERIT",
|
|
)
|
|
|
|
# used in SetEntriesInAcl - very similar to ACE_TYPE
|
|
ACCESS_MODE = Enum(
|
|
"NOT_USED_ACCESS",
|
|
"GRANT_ACCESS",
|
|
"SET_ACCESS",
|
|
"DENY_ACCESS",
|
|
"REVOKE_ACCESS",
|
|
"SET_AUDIT_SUCCESS",
|
|
"SET_AUDIT_FAILURE",
|
|
)
|
|
|
|
# Bit flags in PSECURITY_DESCRIPTOR->Control - not a real enum
|
|
SECURITY_DESCRIPTOR_CONTROL_FLAGS = Enum(
|
|
"SE_DACL_AUTO_INHERITED", ## win2k and up
|
|
"SE_SACL_AUTO_INHERITED", ## win2k and up
|
|
"SE_DACL_PROTECTED", ## win2k and up
|
|
"SE_SACL_PROTECTED", ## win2k and up
|
|
"SE_DACL_DEFAULTED",
|
|
"SE_DACL_PRESENT",
|
|
"SE_GROUP_DEFAULTED",
|
|
"SE_OWNER_DEFAULTED",
|
|
"SE_SACL_PRESENT",
|
|
"SE_SELF_RELATIVE",
|
|
"SE_SACL_DEFAULTED",
|
|
)
|
|
|
|
# types of SID
|
|
SID_NAME_USE = Enum(
|
|
"SidTypeUser",
|
|
"SidTypeGroup",
|
|
"SidTypeDomain",
|
|
"SidTypeAlias",
|
|
"SidTypeWellKnownGroup",
|
|
"SidTypeDeletedAccount",
|
|
"SidTypeInvalid",
|
|
"SidTypeUnknown",
|
|
"SidTypeComputer",
|
|
"SidTypeLabel",
|
|
)
|
|
|
|
## bit flags, not a real enum
|
|
TOKEN_ACCESS_PRIVILEGES = Enum(
|
|
"TOKEN_ADJUST_DEFAULT",
|
|
"TOKEN_ADJUST_GROUPS",
|
|
"TOKEN_ADJUST_PRIVILEGES",
|
|
"TOKEN_ALL_ACCESS",
|
|
"TOKEN_ASSIGN_PRIMARY",
|
|
"TOKEN_DUPLICATE",
|
|
"TOKEN_EXECUTE",
|
|
"TOKEN_IMPERSONATE",
|
|
"TOKEN_QUERY",
|
|
"TOKEN_QUERY_SOURCE",
|
|
"TOKEN_READ",
|
|
"TOKEN_WRITE",
|
|
)
|
|
|
|
SECURITY_IMPERSONATION_LEVEL = Enum(
|
|
"SecurityAnonymous",
|
|
"SecurityIdentification",
|
|
"SecurityImpersonation",
|
|
"SecurityDelegation",
|
|
)
|
|
|
|
POLICY_SERVER_ENABLE_STATE = Enum("PolicyServerEnabled", "PolicyServerDisabled")
|
|
|
|
POLICY_NOTIFICATION_INFORMATION_CLASS = Enum(
|
|
"PolicyNotifyAuditEventsInformation",
|
|
"PolicyNotifyAccountDomainInformation",
|
|
"PolicyNotifyServerRoleInformation",
|
|
"PolicyNotifyDnsDomainInformation",
|
|
"PolicyNotifyDomainEfsInformation",
|
|
"PolicyNotifyDomainKerberosTicketInformation",
|
|
"PolicyNotifyMachineAccountPasswordInformation",
|
|
)
|
|
|
|
TRUSTED_INFORMATION_CLASS = Enum(
|
|
"TrustedDomainNameInformation",
|
|
"TrustedControllersInformation",
|
|
"TrustedPosixOffsetInformation",
|
|
"TrustedPasswordInformation",
|
|
"TrustedDomainInformationBasic",
|
|
"TrustedDomainInformationEx",
|
|
"TrustedDomainAuthInformation",
|
|
"TrustedDomainFullInformation",
|
|
"TrustedDomainAuthInformationInternal",
|
|
"TrustedDomainFullInformationInternal",
|
|
"TrustedDomainInformationEx2Internal",
|
|
"TrustedDomainFullInformation2Internal",
|
|
)
|
|
|
|
TRUSTEE_FORM = Enum(
|
|
"TRUSTEE_IS_SID",
|
|
"TRUSTEE_IS_NAME",
|
|
"TRUSTEE_BAD_FORM",
|
|
"TRUSTEE_IS_OBJECTS_AND_SID",
|
|
"TRUSTEE_IS_OBJECTS_AND_NAME",
|
|
)
|
|
|
|
TRUSTEE_TYPE = Enum(
|
|
"TRUSTEE_IS_UNKNOWN",
|
|
"TRUSTEE_IS_USER",
|
|
"TRUSTEE_IS_GROUP",
|
|
"TRUSTEE_IS_DOMAIN",
|
|
"TRUSTEE_IS_ALIAS",
|
|
"TRUSTEE_IS_WELL_KNOWN_GROUP",
|
|
"TRUSTEE_IS_DELETED",
|
|
"TRUSTEE_IS_INVALID",
|
|
"TRUSTEE_IS_COMPUTER",
|
|
)
|
|
|
|
## SE_OBJECT_TYPE - securable objects
|
|
SE_OBJECT_TYPE = Enum(
|
|
"SE_UNKNOWN_OBJECT_TYPE",
|
|
"SE_FILE_OBJECT",
|
|
"SE_SERVICE",
|
|
"SE_PRINTER",
|
|
"SE_REGISTRY_KEY",
|
|
"SE_LMSHARE",
|
|
"SE_KERNEL_OBJECT",
|
|
"SE_WINDOW_OBJECT",
|
|
"SE_DS_OBJECT",
|
|
"SE_DS_OBJECT_ALL",
|
|
"SE_PROVIDER_DEFINED_OBJECT",
|
|
"SE_WMIGUID_OBJECT",
|
|
"SE_REGISTRY_WOW64_32KEY",
|
|
)
|
|
|
|
PRIVILEGE_FLAGS = Enum(
|
|
"SE_PRIVILEGE_ENABLED_BY_DEFAULT",
|
|
"SE_PRIVILEGE_ENABLED",
|
|
"SE_PRIVILEGE_USED_FOR_ACCESS",
|
|
)
|
|
|
|
# Group flags used with TokenGroups
|
|
TOKEN_GROUP_ATTRIBUTES = Enum(
|
|
"SE_GROUP_MANDATORY",
|
|
"SE_GROUP_ENABLED_BY_DEFAULT",
|
|
"SE_GROUP_ENABLED",
|
|
"SE_GROUP_OWNER",
|
|
"SE_GROUP_USE_FOR_DENY_ONLY",
|
|
"SE_GROUP_INTEGRITY",
|
|
"SE_GROUP_INTEGRITY_ENABLED",
|
|
"SE_GROUP_LOGON_ID",
|
|
"SE_GROUP_RESOURCE",
|
|
)
|
|
|
|
# Privilege flags returned by TokenPrivileges
|
|
TOKEN_PRIVILEGE_ATTRIBUTES = Enum(
|
|
"SE_PRIVILEGE_ENABLED_BY_DEFAULT",
|
|
"SE_PRIVILEGE_ENABLED",
|
|
"SE_PRIVILEGE_REMOVED",
|
|
"SE_PRIVILEGE_USED_FOR_ACCESS",
|
|
)
|