Uploaded Test files

2020-11-12 11:05:57 -05:00 · 2020-11-12 11:05:57 -05:00 · 2e81cb7d99
commit 2e81cb7d99
parent f584ad9d97
16627 changed files with 2065359 additions and 102444 deletions
--- a/venv/Lib/site-packages/win32/Demos/security/setkernelobjectsecurity.py
+++ b/venv/Lib/site-packages/win32/Demos/security/setkernelobjectsecurity.py
@ -0,0 +1,67 @@
+import win32security,win32api,win32con, win32process
+## You need SE_RESTORE_NAME to be able to set the owner of a security descriptor to anybody
+## other than yourself or your primary group.  Most admin logins don't have it by default, so
+## enabling it may fail
+new_privs = ((win32security.LookupPrivilegeValue('',win32security.SE_SECURITY_NAME),win32con.SE_PRIVILEGE_ENABLED),
+             (win32security.LookupPrivilegeValue('',win32security.SE_TCB_NAME),win32con.SE_PRIVILEGE_ENABLED),
+             (win32security.LookupPrivilegeValue('',win32security.SE_SHUTDOWN_NAME),win32con.SE_PRIVILEGE_ENABLED),
+             (win32security.LookupPrivilegeValue('',win32security.SE_RESTORE_NAME),win32con.SE_PRIVILEGE_ENABLED),
+             (win32security.LookupPrivilegeValue('',win32security.SE_TAKE_OWNERSHIP_NAME),win32con.SE_PRIVILEGE_ENABLED),
+             (win32security.LookupPrivilegeValue('',win32security.SE_CREATE_PERMANENT_NAME),win32con.SE_PRIVILEGE_ENABLED),
+             (win32security.LookupPrivilegeValue('',win32security.SE_ENABLE_DELEGATION_NAME),win32con.SE_PRIVILEGE_ENABLED),
+             (win32security.LookupPrivilegeValue('',win32security.SE_CHANGE_NOTIFY_NAME),win32con.SE_PRIVILEGE_ENABLED),
+             (win32security.LookupPrivilegeValue('',win32security.SE_DEBUG_NAME),win32con.SE_PRIVILEGE_ENABLED),
+             (win32security.LookupPrivilegeValue('',win32security.SE_PROF_SINGLE_PROCESS_NAME),win32con.SE_PRIVILEGE_ENABLED),
+             (win32security.LookupPrivilegeValue('',win32security.SE_SYSTEM_PROFILE_NAME),win32con.SE_PRIVILEGE_ENABLED),
+             (win32security.LookupPrivilegeValue('',win32security.SE_LOCK_MEMORY_NAME),win32con.SE_PRIVILEGE_ENABLED)
+            )
+
+all_info=win32security.OWNER_SECURITY_INFORMATION|win32security.GROUP_SECURITY_INFORMATION| \
+     win32security.DACL_SECURITY_INFORMATION|win32security.SACL_SECURITY_INFORMATION
+
+pid=win32api.GetCurrentProcessId()
+ph=win32api.OpenProcess(win32con.PROCESS_ALL_ACCESS,0,pid)
+## PROCESS_ALL_ACCESS does not contain ACCESS_SYSTEM_SECURITY (neccessy to do SACLs)
+th = win32security.OpenProcessToken(ph,win32security.TOKEN_ALL_ACCESS)  ##win32con.TOKEN_ADJUST_PRIVILEGES)
+old_privs=win32security.AdjustTokenPrivileges(th,0,new_privs)
+my_sid = win32security.GetTokenInformation(th,win32security.TokenUser)[0]
+pwr_sid=win32security.LookupAccountName('','Power Users')[0]
+## reopen process with ACCESS_SYSTEM_SECURITY now that sufficent privs are enabled
+ph=win32api.OpenProcess(win32con.PROCESS_ALL_ACCESS|win32con.ACCESS_SYSTEM_SECURITY,0,pid)
+
+sd=win32security.GetKernelObjectSecurity(ph,all_info)
+dacl=sd.GetSecurityDescriptorDacl()
+if dacl is None:
+    dacl=win32security.ACL()
+sacl=sd.GetSecurityDescriptorSacl()
+if sacl is None:
+    sacl=win32security.ACL()
+
+dacl_ace_cnt=dacl.GetAceCount()
+sacl_ace_cnt=sacl.GetAceCount()
+
+dacl.AddAccessAllowedAce(dacl.GetAclRevision(),win32con.ACCESS_SYSTEM_SECURITY|win32con.WRITE_DAC,my_sid)
+sacl.AddAuditAccessAce(sacl.GetAclRevision(),win32con.GENERIC_ALL,my_sid,1,1)
+sd.SetSecurityDescriptorDacl(1,dacl,0)
+sd.SetSecurityDescriptorSacl(1,sacl,0)
+sd.SetSecurityDescriptorGroup(pwr_sid,0)
+sd.SetSecurityDescriptorOwner(pwr_sid,0)
+
+win32security.SetKernelObjectSecurity(ph,all_info,sd)
+new_sd=win32security.GetKernelObjectSecurity(ph,all_info)
+
+if new_sd.GetSecurityDescriptorDacl().GetAceCount()!=dacl_ace_cnt+1:
+    print('New dacl doesn''t contain extra ace ????')
+if new_sd.GetSecurityDescriptorSacl().GetAceCount()!=sacl_ace_cnt+1:
+    print('New Sacl doesn''t contain extra ace ????')
+if win32security.LookupAccountSid('',new_sd.GetSecurityDescriptorOwner())[0]!='Power Users':
+    print('Owner not successfully set to Power Users !!!!!')
+if win32security.LookupAccountSid('',new_sd.GetSecurityDescriptorGroup())[0]!='Power Users':
+    print('Group not successfully set to Power Users !!!!!')
+
+sd.SetSecurityDescriptorSacl(0,None,0)
+win32security.SetKernelObjectSecurity(ph, win32security.SACL_SECURITY_INFORMATION, sd)
+new_sd_1=win32security.GetKernelObjectSecurity(ph,win32security.SACL_SECURITY_INFORMATION)
+if new_sd_1.GetSecurityDescriptorSacl() is not None:
+    print('Unable to set Sacl to NULL !!!!!!!!')
+