39 lines
2 KiB
Python
39 lines
2 KiB
Python
|
fname=r'h:\tmp.txt'
|
||
|
|
||
|
import win32security,win32file,win32api,ntsecuritycon,win32con
|
||
|
|
||
|
new_privs = ((win32security.LookupPrivilegeValue('',ntsecuritycon.SE_SECURITY_NAME),win32con.SE_PRIVILEGE_ENABLED),
|
||
|
(win32security.LookupPrivilegeValue('',ntsecuritycon.SE_SHUTDOWN_NAME),win32con.SE_PRIVILEGE_ENABLED),
|
||
|
(win32security.LookupPrivilegeValue('',ntsecuritycon.SE_TCB_NAME),win32con.SE_PRIVILEGE_ENABLED),
|
||
|
(win32security.LookupPrivilegeValue('',ntsecuritycon.SE_RESTORE_NAME),win32con.SE_PRIVILEGE_ENABLED),
|
||
|
(win32security.LookupPrivilegeValue('',ntsecuritycon.SE_TAKE_OWNERSHIP_NAME),win32con.SE_PRIVILEGE_ENABLED),
|
||
|
(win32security.LookupPrivilegeValue('',ntsecuritycon.SE_CREATE_PERMANENT_NAME),win32con.SE_PRIVILEGE_ENABLED),
|
||
|
(win32security.LookupPrivilegeValue('','SeEnableDelegationPrivilege'),win32con.SE_PRIVILEGE_ENABLED) ##doesn't seem to be in ntsecuritycon.py ?
|
||
|
)
|
||
|
|
||
|
ph = win32api.GetCurrentProcess()
|
||
|
th = win32security.OpenProcessToken(ph,win32security.TOKEN_ALL_ACCESS|win32con.TOKEN_ADJUST_PRIVILEGES)
|
||
|
win32security.AdjustTokenPrivileges(th,0,new_privs)
|
||
|
|
||
|
all_security_info = \
|
||
|
win32security.OWNER_SECURITY_INFORMATION|win32security.GROUP_SECURITY_INFORMATION| \
|
||
|
win32security.DACL_SECURITY_INFORMATION|win32security.SACL_SECURITY_INFORMATION
|
||
|
|
||
|
sd=win32security.GetFileSecurity(fname,all_security_info)
|
||
|
old_dacl=sd.GetSecurityDescriptorDacl()
|
||
|
old_sacl=sd.GetSecurityDescriptorSacl()
|
||
|
old_group=sd.GetSecurityDescriptorGroup()
|
||
|
|
||
|
new_sd=win32security.SECURITY_DESCRIPTOR()
|
||
|
print("relative, valid, size: ",new_sd.IsSelfRelative(), new_sd.IsValid(), new_sd.GetLength())
|
||
|
|
||
|
my_sid = win32security.GetTokenInformation(th,ntsecuritycon.TokenUser)[0]
|
||
|
tmp_sid = win32security.LookupAccountName('','tmp')[0]
|
||
|
|
||
|
new_sd.SetSecurityDescriptorSacl(1,old_sacl,1)
|
||
|
new_sd.SetSecurityDescriptorDacl(1,old_dacl,1)
|
||
|
new_sd.SetSecurityDescriptorOwner(tmp_sid,0)
|
||
|
new_sd.SetSecurityDescriptorGroup(old_group,0)
|
||
|
|
||
|
win32security.SetFileSecurity(fname,all_security_info,new_sd)
|