本文整理汇总了Python中win32security.LookupAccountSid方法的典型用法代码示例。如果您正苦于以下问题:Python win32security.LookupAccountSid方法的具体用法?Python win32security.LookupAccountSid怎么用?Python win32security.LookupAccountSid使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类win32security
的用法示例。
在下文中一共展示了win32security.LookupAccountSid方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: LookupUserGroupFromRid
# 需要导入模块: import win32security [as 别名]
# 或者: from win32security import LookupAccountSid [as 别名]
def LookupUserGroupFromRid(TargetComputer, Rid):
# get the account domain Sid on the target machine
# note: if you were looking up multiple sids based on the same
# account domain, only need to call this once.
umi2 = NetUserModalsGet(TargetComputer, 2)
domain_sid = umi2['domain_id']
SubAuthorityCount = domain_sid.GetSubAuthorityCount()
# create and init new sid with acct domain Sid + acct Rid
sid = pywintypes.SID()
sid.Initialize(domain_sid.GetSidIdentifierAuthority(),
SubAuthorityCount+1)
# copy existing subauthorities from account domain Sid into
# new Sid
for i in range(SubAuthorityCount):
sid.SetSubAuthority(i, domain_sid.GetSubAuthority(i))
# append Rid to new Sid
sid.SetSubAuthority(SubAuthorityCount, Rid)
name, domain, typ = LookupAccountSid(TargetComputer, sid)
return name
示例2: LocalGroupEnum
# 需要导入模块: import win32security [as 别名]
# 或者: from win32security import LookupAccountSid [as 别名]
def LocalGroupEnum():
"Enumerates all the local groups"
resume = 0
nmembers = 0
while 1:
data, total, resume = win32net.NetLocalGroupEnum(server, 1, resume)
for group in data:
verbose("Found group %(name)s:%(comment)s " % group)
memberresume = 0
while 1:
memberdata, total, memberresume = win32net.NetLocalGroupGetMembers(server, group['name'], 2, resume)
for member in memberdata:
# Just for the sake of it, we convert the SID to a username
username, domain, type = win32security.LookupAccountSid(server, member['sid'])
nmembers = nmembers + 1
verbose(" Member %s (%s)" % (username, member['domainandname']))
if memberresume==0:
break
if not resume:
break
assert nmembers, "Couldnt find a single member in a single group!"
print "Enumerated all the local groups"
示例3: get_owner
# 需要导入模块: import win32security [as 别名]
# 或者: from win32security import LookupAccountSid [as 别名]
def get_owner(self):
r""" Return the name of the owner of this file or directory.
This follows symbolic links.
On Windows, this returns a name of the form ur'DOMAIN\User Name'.
On Windows, a group can own a file or directory.
"""
if os.name == 'nt':
if win32security is None:
raise Exception("path.owner requires win32all to be installed")
desc = win32security.GetFileSecurity(
self, win32security.OWNER_SECURITY_INFORMATION)
sid = desc.GetSecurityDescriptorOwner()
account, domain, typecode = win32security.LookupAccountSid(None, sid)
return domain + u'\\' + account
else:
if pwd is None:
raise NotImplementedError("path.owner is not implemented on this platform.")
st = self.stat()
return pwd.getpwuid(st.st_uid).pw_name
示例4: check_user_paths
# 需要导入模块: import win32security [as 别名]
# 或者: from win32security import LookupAccountSid [as 别名]
def check_user_paths():
for user_path in get_user_paths():
user_sid_s = user_path[0]
try:
user_sid = win32security.ConvertStringSidToSid(user_sid_s)
principle, domain, type = win32security.LookupAccountSid(remote_server, user_sid)
user_fq = domain + "\\" + principle
except:
print "WARNING: Can't convert sid %s to name. Skipping." % user_sid_s
continue
path = user_path[1]
vprint("Checking path of %s" % user_fq)
global tmp_trusted_principles_fq
tmp_trusted_principles_fq = (user_fq)
check_path(path, "WPC015")
tmp_trusted_principles_fq = ()
示例5: get_file_owner
# 需要导入模块: import win32security [as 别名]
# 或者: from win32security import LookupAccountSid [as 别名]
def get_file_owner(self, file_path):
"""Returns the user name of the owner of the specified file.
@param file_path: The path of the file.
@type file_path: str
@return: The user name of the owner.
@rtype: str
"""
sd = win32security.GetFileSecurity(
file_path, win32security.OWNER_SECURITY_INFORMATION
)
owner_sid = sd.GetSecurityDescriptorOwner()
name, domain, account_type = win32security.LookupAccountSid(None, owner_sid)
if name == "Administrators":
return self.__local_administrators
else:
return "%s\\%s" % (domain, name)
示例6: get_pid_owner
# 需要导入模块: import win32security [as 别名]
# 或者: from win32security import LookupAccountSid [as 别名]
def get_pid_owner(self, fd, pid):
try:
proc = win32api.OpenProcess(win32con.PROCESS_QUERY_INFORMATION, False, pid)
token = win32security.OpenProcessToken(proc, win32con.TOKEN_QUERY)
user_sid, user_attr = win32security.GetTokenInformation(token,
win32security.TokenUser)
user = win32security.LookupAccountSid(None, user_sid)
return user_sid, user[0], user[1]
except win32api.error as e:
self.logEx("error",
"%s failed" % funcname,
("exception", e),
("function", e.funcname),
("error", "[%(winerror)d] %(strerror)s" % e),
None,
("process", pid),)
raise
示例7: LookupAliasFromRid
# 需要导入模块: import win32security [as 别名]
# 或者: from win32security import LookupAccountSid [as 别名]
def LookupAliasFromRid(TargetComputer, Rid):
# Sid is the same regardless of machine, since the well-known
# BUILTIN domain is referenced.
sid = pywintypes.SID()
sid.Initialize(SECURITY_NT_AUTHORITY, 2)
for i, r in enumerate((SECURITY_BUILTIN_DOMAIN_RID, Rid)):
sid.SetSubAuthority(i, r)
name, domain, typ = LookupAccountSid(TargetComputer, sid)
return name
示例8: dump_sd
# 需要导入模块: import win32security [as 别名]
# 或者: from win32security import LookupAccountSid [as 别名]
def dump_sd(object_name, object_type_s, sd, options={}):
perms = all_perms
if not sd:
return
dacl = sd.GetSecurityDescriptorDacl()
if dacl == None:
print "No Discretionary ACL"
return []
owner_sid = sd.GetSecurityDescriptorOwner()
try:
owner_name, owner_domain, type = win32security.LookupAccountSid(remote_server, owner_sid)
owner_fq = owner_domain + "\\" + owner_name
except:
try:
owner_fq = owner_name = win32security.ConvertSidToStringSid(owner_sid)
owner_domain = ""
except:
owner_domain = ""
owner_fq = owner_name = None
group_sid = sd.GetSecurityDescriptorGroup()
try:
group_name, group_domain, type = win32security.LookupAccountSid(remote_server, group_sid)
group_fq = group_domain + "\\" + group_name
except:
try:
group_fq = group_name = win32security.ConvertSidToStringSid(group_sid)
group_domain = ""
except:
group_domain = ""
group_fq = group_name = "[none]"
if owner_info:
print "\tOwner: " + str(owner_fq)
print "\tGroup: " + str(group_fq)
weak_perms = []
dump_acl(object_name, object_type_s, dacl, options)
return
示例9: __get_owner_windows
# 需要导入模块: import win32security [as 别名]
# 或者: from win32security import LookupAccountSid [as 别名]
def __get_owner_windows(self):
"""
Return the name of the owner of this file or directory. Follow
symbolic links.
Return a name of the form ``r'DOMAIN\\User Name'``; may be a group.
.. seealso:: :attr:`owner`
"""
desc = win32security.GetFileSecurity(
self, win32security.OWNER_SECURITY_INFORMATION)
sid = desc.GetSecurityDescriptorOwner()
account, domain, typecode = win32security.LookupAccountSid(None, sid)
return domain + '\\' + account
示例10: sid2username
# 需要导入模块: import win32security [as 别名]
# 或者: from win32security import LookupAccountSid [as 别名]
def sid2username(sid):
"""Convert an object sid to a string account name"""
account = win32security.LookupAccountSid(None, sid)
return account[0]
示例11: check_permissions
# 需要导入模块: import win32security [as 别名]
# 或者: from win32security import LookupAccountSid [as 别名]
def check_permissions(path, logger):
logger.info("I am", win32api.GetUserNameEx(win32con.NameSamCompatible))
logger.info(path)
sd = win32security.GetFileSecurity(path, win32security.OWNER_SECURITY_INFORMATION)
owner_sid = sd.GetSecurityDescriptorOwner()
name, domain, _ = win32security.LookupAccountSid(None, owner_sid)
logger.info("File owned by %s\\%s" % (domain, name))
示例12: dump_sd
# 需要导入模块: import win32security [as 别名]
# 或者: from win32security import LookupAccountSid [as 别名]
def dump_sd(object_name, object_type_s, sd, options={}):
perms = all_perms
if not sd:
return
dacl = sd.GetSecurityDescriptorDacl()
if dacl is None:
print "No Discretionary ACL"
return []
owner_sid = sd.GetSecurityDescriptorOwner()
try:
owner_name, owner_domain, type = win32security.LookupAccountSid(remote_server, owner_sid)
owner_fq = owner_domain + "\\" + owner_name
except:
try:
owner_fq = owner_name = win32security.ConvertSidToStringSid(owner_sid)
owner_domain = ""
except:
owner_domain = ""
owner_fq = owner_name = None
group_sid = sd.GetSecurityDescriptorGroup()
try:
group_name, group_domain, type = win32security.LookupAccountSid(remote_server, group_sid)
group_fq = group_domain + "\\" + group_name
except:
try:
group_fq = group_name = win32security.ConvertSidToStringSid(group_sid)
group_domain = ""
except:
group_domain = ""
group_fq = group_name = "[none]"
if owner_info:
print "\tOwner: " + str(owner_fq)
print "\tGroup: " + str(group_fq)
weak_perms = []
dump_acl(object_name, object_type_s, dacl, options)
return
示例13: dump_token
# 需要导入模块: import win32security [as 别名]
# 或者: from win32security import LookupAccountSid [as 别名]
def dump_token(th):
token_type=win32security.GetTokenInformation(th, win32security.TokenType)
print 'TokenType:', token_type, TOKEN_TYPE.lookup_name(token_type)
if token_type==win32security.TokenImpersonation:
imp_lvl=win32security.GetTokenInformation(th, win32security.TokenImpersonationLevel)
print 'TokenImpersonationLevel:', imp_lvl, SECURITY_IMPERSONATION_LEVEL.lookup_name(imp_lvl)
print 'TokenSessionId:', win32security.GetTokenInformation(th, win32security.TokenSessionId)
privs=win32security.GetTokenInformation(th,win32security.TokenPrivileges)
print 'TokenPrivileges:'
for priv_luid, priv_flags in privs:
flag_names, unk=TOKEN_PRIVILEGE_ATTRIBUTES.lookup_flags(priv_flags)
flag_desc = ' '.join(flag_names)
if (unk):
flag_desc += '(' + str(unk) + ')'
priv_name=win32security.LookupPrivilegeName('',priv_luid)
priv_desc=win32security.LookupPrivilegeDisplayName('',priv_name)
print '\t', priv_name, priv_desc, priv_flags, flag_desc
print 'TokenGroups:'
groups=win32security.GetTokenInformation(th,win32security.TokenGroups)
for group_sid, group_attr in groups:
flag_names, unk=TOKEN_GROUP_ATTRIBUTES.lookup_flags(group_attr)
flag_desc = ' '.join(flag_names)
if (unk):
flag_desc += '(' + str(unk) + ')'
if group_attr & TOKEN_GROUP_ATTRIBUTES.SE_GROUP_LOGON_ID:
sid_desc = 'Logon sid'
else:
sid_desc=win32security.LookupAccountSid('',group_sid)
print '\t',group_sid, sid_desc, group_attr, flag_desc
## Vista token information types, will throw (87, 'GetTokenInformation', 'The parameter is incorrect.') on earier OS
try:
is_elevated=win32security.GetTokenInformation(th, win32security.TokenElevation)
print 'TokenElevation:', is_elevated
except pywintypes.error, details:
if details.winerror != winerror.ERROR_INVALID_PARAMETER:
raise
return None
示例14: check_weak_perms_sd
# 需要导入模块: import win32security [as 别名]
# 或者: from win32security import LookupAccountSid [as 别名]
def check_weak_perms_sd(object_name, object_type_s, sd, perms):
dacl= sd.GetSecurityDescriptorDacl()
if dacl == None:
print "No Discretionary ACL"
return []
owner_sid = sd.GetSecurityDescriptorOwner()
try:
owner_name, owner_domain, type = win32security.LookupAccountSid(remote_server, owner_sid)
owner_fq = owner_domain + "\\" + owner_name
except:
try:
owner_fq = owner_name = win32security.ConvertSidToStringSid(owner_sid)
owner_domain = ""
except:
owner_domain = ""
owner_fq = owner_name = "INVALIDSID!"
weak_perms = []
for ace_no in range(0, dacl.GetAceCount()):
#print "[D] ACE #%d" % ace_no
ace = dacl.GetAce(ace_no)
flags = ace[0][1]
try:
principle, domain, type = win32security.LookupAccountSid(remote_server, ace[2])
except:
principle = win32security.ConvertSidToStringSid(ace[2])
domain = ""
#print "[D] ACE is for %s\\%s" % (principle, domain)
#print "[D] ACE Perm mask: " + int2bin(ace[1])
#print "[D] ace_type: " + str(ace[0][0])
#print "[D] DACL: " + win32security.ConvertSecurityDescriptorToStringSecurityDescriptor(sd, win32security.SDDL_REVISION_1, win32security.DACL_SECURITY_INFORMATION)
if principle_is_trusted(principle, domain):
#print "[D] Ignoring trusted principle %s\\%s" % (principle, domain)
continue
if principle == "CREATOR OWNER":
if principle_is_trusted(owner_name, owner_domain):
continue
else:
principle = "CREATOR OWNER [%s]" % owner_fq
for i in ("ACCESS_ALLOWED_ACE_TYPE", "ACCESS_DENIED_ACE_TYPE", "SYSTEM_AUDIT_ACE_TYPE", "SYSTEM_ALARM_ACE_TYPE"):
if getattr(ntsecuritycon, i) == ace[0][0]:
ace_type_s = i
if not ace_type_s == "ACCESS_ALLOWED_ACE_TYPE":
vprint("WARNING: Unimplmented ACE type encountered: " + ace_type_s + ". skipping.")
continue
for mod, perms_tuple in perms[object_type_s].iteritems():
for perm in perms_tuple:
if getattr(mod, perm) & ace[1] == getattr(mod, perm):
weak_perms.append([object_name, domain, principle, perm])
return weak_perms
示例15: dump_acl
# 需要导入模块: import win32security [as 别名]
# 或者: from win32security import LookupAccountSid [as 别名]
def dump_acl(object_name, object_type_s, sd, options={}):
dacl = sd
if dacl == None:
print "No Discretionary ACL"
return []
weak_perms = []
for ace_no in range(0, dacl.GetAceCount()):
# print "[D] ACE #%d" % ace_no
ace = dacl.GetAce(ace_no)
flags = ace[0][1]
try:
principle, domain, type = win32security.LookupAccountSid(remote_server, ace[2])
except:
principle = win32security.ConvertSidToStringSid(ace[2])
domain = ""
mask = ace[1]
if ace[1] < 0:
mask = ace[1] + 2**32
if ignore_trusted and principle_is_trusted(principle, domain):
# print "[D] Ignoring trusted principle %s\\%s" % (principle, domain)
continue
if principle == "CREATOR OWNER":
if ignore_trusted and principle_is_trusted(owner_name, owner_domain):
#print "[D] Ignoring trusted principle (creator owner) %s\\%s" % (principle, domain)
continue
else:
principle = "CREATOR OWNER [%s\%s]" % (domain, principle)
for i in ("ACCESS_ALLOWED_ACE_TYPE", "ACCESS_DENIED_ACE_TYPE", "SYSTEM_AUDIT_ACE_TYPE", "SYSTEM_ALARM_ACE_TYPE"):
if getattr(ntsecuritycon, i) == ace[0][0]:
ace_type_s = i
ace_type_short = ace_type_s
if ace_type_s == "ACCESS_DENIED_ACE_TYPE":
ace_type_short = "DENY"
if ace_type_s == "ACCESS_ALLOWED_ACE_TYPE":
ace_type_short = "ALLOW"
if weak_perms_only:
perms = dangerous_perms_write
else:
perms = all_perms
for mod, perms_tuple in perms[object_type_s].iteritems():
for perm in perms_tuple:
#print "Checking for perm %s in ACE %s" % (perm, mask)
if getattr(mod, perm) & mask == getattr(mod, perm):
weak_perms.append([object_name, domain, principle, perm, ace_type_short])
print_weak_perms(object_type_s, weak_perms, options)