316 lines
9.2 KiB
Python
316 lines
9.2 KiB
Python
import win32security, ntsecuritycon, winnt
|
|
|
|
class Enum:
|
|
def __init__(self, *const_names):
|
|
"""Accepts variable number of constant names that can be found in either
|
|
win32security, ntsecuritycon, or winnt."""
|
|
for const_name in const_names:
|
|
try:
|
|
const_val=getattr(win32security,const_name)
|
|
except AttributeError:
|
|
try:
|
|
const_val=getattr(ntsecuritycon, const_name)
|
|
except AttributeError:
|
|
try:
|
|
const_val=getattr(winnt, const_name)
|
|
except AttributeError:
|
|
raise AttributeError('Constant "%s" not found in win32security, ntsecuritycon, or winnt.' %const_name)
|
|
setattr(self, const_name, const_val)
|
|
|
|
def lookup_name(self, const_val):
|
|
"""Looks up the name of a particular value."""
|
|
for k,v in self.__dict__.items():
|
|
if v==const_val:
|
|
return k
|
|
raise AttributeError('Value %s not found in enum' %const_val)
|
|
|
|
def lookup_flags(self, flags):
|
|
"""Returns the names of all recognized flags in input, and any flags not found in the enum."""
|
|
flag_names=[]
|
|
unknown_flags=flags
|
|
for k,v in self.__dict__.items():
|
|
if flags & v == v:
|
|
flag_names.append(k)
|
|
unknown_flags = unknown_flags & ~v
|
|
return flag_names, unknown_flags
|
|
|
|
TOKEN_INFORMATION_CLASS = Enum(
|
|
'TokenUser',
|
|
'TokenGroups',
|
|
'TokenPrivileges',
|
|
'TokenOwner',
|
|
'TokenPrimaryGroup',
|
|
'TokenDefaultDacl',
|
|
'TokenSource',
|
|
'TokenType',
|
|
'TokenImpersonationLevel',
|
|
'TokenStatistics',
|
|
'TokenRestrictedSids',
|
|
'TokenSessionId',
|
|
'TokenGroupsAndPrivileges',
|
|
'TokenSessionReference',
|
|
'TokenSandBoxInert',
|
|
'TokenAuditPolicy',
|
|
'TokenOrigin',
|
|
'TokenElevationType',
|
|
'TokenLinkedToken',
|
|
'TokenElevation',
|
|
'TokenHasRestrictions',
|
|
'TokenAccessInformation',
|
|
'TokenVirtualizationAllowed',
|
|
'TokenVirtualizationEnabled',
|
|
'TokenIntegrityLevel',
|
|
'TokenUIAccess',
|
|
'TokenMandatoryPolicy',
|
|
'TokenLogonSid')
|
|
|
|
TOKEN_TYPE = Enum(
|
|
'TokenPrimary',
|
|
'TokenImpersonation')
|
|
|
|
TOKEN_ELEVATION_TYPE = Enum(
|
|
'TokenElevationTypeDefault',
|
|
'TokenElevationTypeFull',
|
|
'TokenElevationTypeLimited')
|
|
|
|
POLICY_AUDIT_EVENT_TYPE = Enum(
|
|
'AuditCategorySystem',
|
|
'AuditCategoryLogon',
|
|
'AuditCategoryObjectAccess',
|
|
'AuditCategoryPrivilegeUse',
|
|
'AuditCategoryDetailedTracking',
|
|
'AuditCategoryPolicyChange',
|
|
'AuditCategoryAccountManagement',
|
|
'AuditCategoryDirectoryServiceAccess',
|
|
'AuditCategoryAccountLogon')
|
|
|
|
POLICY_INFORMATION_CLASS = Enum(
|
|
'PolicyAuditLogInformation',
|
|
'PolicyAuditEventsInformation',
|
|
'PolicyPrimaryDomainInformation',
|
|
'PolicyPdAccountInformation',
|
|
'PolicyAccountDomainInformation',
|
|
'PolicyLsaServerRoleInformation',
|
|
'PolicyReplicaSourceInformation',
|
|
'PolicyDefaultQuotaInformation',
|
|
'PolicyModificationInformation',
|
|
'PolicyAuditFullSetInformation',
|
|
'PolicyAuditFullQueryInformation',
|
|
'PolicyDnsDomainInformation')
|
|
|
|
POLICY_LSA_SERVER_ROLE = Enum(
|
|
'PolicyServerRoleBackup',
|
|
'PolicyServerRolePrimary')
|
|
|
|
## access modes for opening a policy handle - this is not a real enum
|
|
POLICY_ACCESS_MODES = Enum(
|
|
'POLICY_VIEW_LOCAL_INFORMATION',
|
|
'POLICY_VIEW_AUDIT_INFORMATION',
|
|
'POLICY_GET_PRIVATE_INFORMATION',
|
|
'POLICY_TRUST_ADMIN',
|
|
'POLICY_CREATE_ACCOUNT',
|
|
'POLICY_CREATE_SECRET',
|
|
'POLICY_CREATE_PRIVILEGE',
|
|
'POLICY_SET_DEFAULT_QUOTA_LIMITS',
|
|
'POLICY_SET_AUDIT_REQUIREMENTS',
|
|
'POLICY_AUDIT_LOG_ADMIN',
|
|
'POLICY_SERVER_ADMIN',
|
|
'POLICY_LOOKUP_NAMES',
|
|
'POLICY_NOTIFICATION',
|
|
'POLICY_ALL_ACCESS',
|
|
'POLICY_READ',
|
|
'POLICY_WRITE',
|
|
'POLICY_EXECUTE')
|
|
|
|
## EventAuditingOptions flags - not a real enum
|
|
POLICY_AUDIT_EVENT_OPTIONS_FLAGS = Enum(
|
|
'POLICY_AUDIT_EVENT_UNCHANGED',
|
|
'POLICY_AUDIT_EVENT_SUCCESS',
|
|
'POLICY_AUDIT_EVENT_FAILURE',
|
|
'POLICY_AUDIT_EVENT_NONE')
|
|
|
|
# AceType in ACE_HEADER - not a real enum
|
|
ACE_TYPE = Enum(
|
|
'ACCESS_MIN_MS_ACE_TYPE',
|
|
'ACCESS_ALLOWED_ACE_TYPE',
|
|
'ACCESS_DENIED_ACE_TYPE',
|
|
'SYSTEM_AUDIT_ACE_TYPE',
|
|
'SYSTEM_ALARM_ACE_TYPE',
|
|
'ACCESS_MAX_MS_V2_ACE_TYPE',
|
|
'ACCESS_ALLOWED_COMPOUND_ACE_TYPE',
|
|
'ACCESS_MAX_MS_V3_ACE_TYPE',
|
|
'ACCESS_MIN_MS_OBJECT_ACE_TYPE',
|
|
'ACCESS_ALLOWED_OBJECT_ACE_TYPE',
|
|
'ACCESS_DENIED_OBJECT_ACE_TYPE',
|
|
'SYSTEM_AUDIT_OBJECT_ACE_TYPE',
|
|
'SYSTEM_ALARM_OBJECT_ACE_TYPE',
|
|
'ACCESS_MAX_MS_OBJECT_ACE_TYPE',
|
|
'ACCESS_MAX_MS_V4_ACE_TYPE',
|
|
'ACCESS_MAX_MS_ACE_TYPE',
|
|
'ACCESS_ALLOWED_CALLBACK_ACE_TYPE',
|
|
'ACCESS_DENIED_CALLBACK_ACE_TYPE',
|
|
'ACCESS_ALLOWED_CALLBACK_OBJECT_ACE_TYPE',
|
|
'ACCESS_DENIED_CALLBACK_OBJECT_ACE_TYPE',
|
|
'SYSTEM_AUDIT_CALLBACK_ACE_TYPE',
|
|
'SYSTEM_ALARM_CALLBACK_ACE_TYPE',
|
|
'SYSTEM_AUDIT_CALLBACK_OBJECT_ACE_TYPE',
|
|
'SYSTEM_ALARM_CALLBACK_OBJECT_ACE_TYPE',
|
|
'SYSTEM_MANDATORY_LABEL_ACE_TYPE',
|
|
'ACCESS_MAX_MS_V5_ACE_TYPE')
|
|
|
|
#bit flags for AceFlags - not a real enum
|
|
ACE_FLAGS = Enum(
|
|
'CONTAINER_INHERIT_ACE',
|
|
'FAILED_ACCESS_ACE_FLAG',
|
|
'INHERIT_ONLY_ACE',
|
|
'INHERITED_ACE',
|
|
'NO_PROPAGATE_INHERIT_ACE',
|
|
'OBJECT_INHERIT_ACE',
|
|
'SUCCESSFUL_ACCESS_ACE_FLAG',
|
|
'NO_INHERITANCE',
|
|
'SUB_CONTAINERS_AND_OBJECTS_INHERIT',
|
|
'SUB_CONTAINERS_ONLY_INHERIT',
|
|
'SUB_OBJECTS_ONLY_INHERIT')
|
|
|
|
# used in SetEntriesInAcl - very similar to ACE_TYPE
|
|
ACCESS_MODE = Enum(
|
|
'NOT_USED_ACCESS',
|
|
'GRANT_ACCESS',
|
|
'SET_ACCESS',
|
|
'DENY_ACCESS',
|
|
'REVOKE_ACCESS',
|
|
'SET_AUDIT_SUCCESS',
|
|
'SET_AUDIT_FAILURE')
|
|
|
|
# Bit flags in PSECURITY_DESCRIPTOR->Control - not a real enum
|
|
SECURITY_DESCRIPTOR_CONTROL_FLAGS = Enum(
|
|
'SE_DACL_AUTO_INHERITED', ## win2k and up
|
|
'SE_SACL_AUTO_INHERITED', ## win2k and up
|
|
'SE_DACL_PROTECTED', ## win2k and up
|
|
'SE_SACL_PROTECTED', ## win2k and up
|
|
'SE_DACL_DEFAULTED',
|
|
'SE_DACL_PRESENT',
|
|
'SE_GROUP_DEFAULTED',
|
|
'SE_OWNER_DEFAULTED',
|
|
'SE_SACL_PRESENT',
|
|
'SE_SELF_RELATIVE',
|
|
'SE_SACL_DEFAULTED')
|
|
|
|
# types of SID
|
|
SID_NAME_USE = Enum(
|
|
'SidTypeUser',
|
|
'SidTypeGroup',
|
|
'SidTypeDomain',
|
|
'SidTypeAlias',
|
|
'SidTypeWellKnownGroup',
|
|
'SidTypeDeletedAccount',
|
|
'SidTypeInvalid',
|
|
'SidTypeUnknown',
|
|
'SidTypeComputer',
|
|
'SidTypeLabel')
|
|
|
|
## bit flags, not a real enum
|
|
TOKEN_ACCESS_PRIVILEGES = Enum(
|
|
'TOKEN_ADJUST_DEFAULT',
|
|
'TOKEN_ADJUST_GROUPS',
|
|
'TOKEN_ADJUST_PRIVILEGES',
|
|
'TOKEN_ALL_ACCESS',
|
|
'TOKEN_ASSIGN_PRIMARY',
|
|
'TOKEN_DUPLICATE',
|
|
'TOKEN_EXECUTE',
|
|
'TOKEN_IMPERSONATE',
|
|
'TOKEN_QUERY',
|
|
'TOKEN_QUERY_SOURCE',
|
|
'TOKEN_READ',
|
|
'TOKEN_WRITE')
|
|
|
|
SECURITY_IMPERSONATION_LEVEL = Enum(
|
|
'SecurityAnonymous',
|
|
'SecurityIdentification',
|
|
'SecurityImpersonation',
|
|
'SecurityDelegation')
|
|
|
|
POLICY_SERVER_ENABLE_STATE = Enum(
|
|
'PolicyServerEnabled',
|
|
'PolicyServerDisabled')
|
|
|
|
POLICY_NOTIFICATION_INFORMATION_CLASS = Enum(
|
|
'PolicyNotifyAuditEventsInformation',
|
|
'PolicyNotifyAccountDomainInformation',
|
|
'PolicyNotifyServerRoleInformation',
|
|
'PolicyNotifyDnsDomainInformation',
|
|
'PolicyNotifyDomainEfsInformation',
|
|
'PolicyNotifyDomainKerberosTicketInformation',
|
|
'PolicyNotifyMachineAccountPasswordInformation')
|
|
|
|
TRUSTED_INFORMATION_CLASS = Enum(
|
|
'TrustedDomainNameInformation',
|
|
'TrustedControllersInformation',
|
|
'TrustedPosixOffsetInformation',
|
|
'TrustedPasswordInformation',
|
|
'TrustedDomainInformationBasic',
|
|
'TrustedDomainInformationEx',
|
|
'TrustedDomainAuthInformation',
|
|
'TrustedDomainFullInformation',
|
|
'TrustedDomainAuthInformationInternal',
|
|
'TrustedDomainFullInformationInternal',
|
|
'TrustedDomainInformationEx2Internal',
|
|
'TrustedDomainFullInformation2Internal')
|
|
|
|
TRUSTEE_FORM = Enum(
|
|
'TRUSTEE_IS_SID',
|
|
'TRUSTEE_IS_NAME',
|
|
'TRUSTEE_BAD_FORM',
|
|
'TRUSTEE_IS_OBJECTS_AND_SID',
|
|
'TRUSTEE_IS_OBJECTS_AND_NAME')
|
|
|
|
TRUSTEE_TYPE = Enum(
|
|
'TRUSTEE_IS_UNKNOWN',
|
|
'TRUSTEE_IS_USER',
|
|
'TRUSTEE_IS_GROUP',
|
|
'TRUSTEE_IS_DOMAIN',
|
|
'TRUSTEE_IS_ALIAS',
|
|
'TRUSTEE_IS_WELL_KNOWN_GROUP',
|
|
'TRUSTEE_IS_DELETED',
|
|
'TRUSTEE_IS_INVALID',
|
|
'TRUSTEE_IS_COMPUTER')
|
|
|
|
## SE_OBJECT_TYPE - securable objects
|
|
SE_OBJECT_TYPE = Enum(
|
|
'SE_UNKNOWN_OBJECT_TYPE',
|
|
'SE_FILE_OBJECT',
|
|
'SE_SERVICE',
|
|
'SE_PRINTER',
|
|
'SE_REGISTRY_KEY',
|
|
'SE_LMSHARE',
|
|
'SE_KERNEL_OBJECT',
|
|
'SE_WINDOW_OBJECT',
|
|
'SE_DS_OBJECT',
|
|
'SE_DS_OBJECT_ALL',
|
|
'SE_PROVIDER_DEFINED_OBJECT',
|
|
'SE_WMIGUID_OBJECT',
|
|
'SE_REGISTRY_WOW64_32KEY')
|
|
|
|
PRIVILEGE_FLAGS = Enum(
|
|
'SE_PRIVILEGE_ENABLED_BY_DEFAULT',
|
|
'SE_PRIVILEGE_ENABLED',
|
|
'SE_PRIVILEGE_USED_FOR_ACCESS')
|
|
|
|
# Group flags used with TokenGroups
|
|
TOKEN_GROUP_ATTRIBUTES = Enum(
|
|
'SE_GROUP_MANDATORY',
|
|
'SE_GROUP_ENABLED_BY_DEFAULT',
|
|
'SE_GROUP_ENABLED',
|
|
'SE_GROUP_OWNER',
|
|
'SE_GROUP_USE_FOR_DENY_ONLY',
|
|
'SE_GROUP_INTEGRITY',
|
|
'SE_GROUP_INTEGRITY_ENABLED',
|
|
'SE_GROUP_LOGON_ID',
|
|
'SE_GROUP_RESOURCE')
|
|
|
|
# Privilege flags returned by TokenPrivileges
|
|
TOKEN_PRIVILEGE_ATTRIBUTES = Enum(
|
|
'SE_PRIVILEGE_ENABLED_BY_DEFAULT',
|
|
'SE_PRIVILEGE_ENABLED',
|
|
'SE_PRIVILEGE_REMOVED',
|
|
'SE_PRIVILEGE_USED_FOR_ACCESS')
|