5. windows.security
– Security Descriptor & related¶
This module give access to SecurityDescriptor
and related structures (Acl
& Ace
).
Note
See sample windows.security
5.1. Token¶
The windows.security
module is the official module where to retrieve the Token
class if ever needed.
Indeed SecurityDescriptor
& Token
are deeply related and I may move token.py
to a security/
directory in the futur.
>>> windows.security.Token
<class 'windows.winobject.token.Token'>
5.2. SecurityDescriptor¶
-
class
windows.security.
SecurityDescriptor
[source]¶ A Security Descriptor
Warning
TODO: free the underliying buffer when not needed anymore for now the underliying memory is never freed.
-
SERVICE_SECURITY_INFORMATION
= 7L¶ The default
flags
value for functions expecting a SECURITY_INFORMATION.This value regroups the followings flags:
OWNER_SECURITY_INFORMATION
GROUP_SECURITY_INFORMATION
DACL_SECURITY_INFORMATION
ATTRIBUTE_SECURITY_INFORMATION
SCOPE_SECURITY_INFORMATION
PROCESS_TRUST_LABEL_SECURITY_INFORMATION
LABEL_SECURITY_INFORMATION
Warning
Note that the value
SACL_SECURITY_INFORMATION
needed to access the SACL is not present as it require theSeSecurityPrivilege
.To query the SACL enable the
SeSecurityPrivilege
and use the parameterquery_sacl=True
on the functions expecting aflags
-
control
¶ The security descriptor control
Type: SECURITY_DESCRIPTOR_CONTROL
-
classmethod
from_binary
(data)[source]¶ Retrieve the security descriptor described by the binary
data
. Binary security descriptor can be found in the registry for example
-
classmethod
from_filename
(filename, query_sacl=False, flags=247L)[source]¶ Retrieve the security descriptor for the file
filename
-
classmethod
from_handle
(handle, query_sacl=False, flags=247L, obj_type=None)[source]¶ Retrieve the security descriptor for the kernel object described by``handle``
-
classmethod
from_service
(filename, query_sacl=False, flags=7L)[source]¶ Retrieve the security descriptor for the service named
service
-
classmethod
from_string
(sddl)[source]¶ Return a new
SecurityDescriptor
from theSDDL
.Returns: SecurityDescriptor
Warning
At the moment the underliying buffer is never freed.
-
sacl
¶ The SACL of the security descriptor. You may need special attention to retrieve it (see
DEFAULT_SECURITY_INFORMATION
)Type: Acl
orNone
if the SACL wasNULL
or not present
-
to_string
(security_information=247L)[source]¶ Return the SDDL representation of the security descriptor
Type: str
-
value
¶ current value
-
5.3. Acl¶
-
class
windows.security.
Acl
[source]¶ All the
ACE
returned byAcl
methods/property are described in the Ace section
5.4. Ace¶
The ACE are regrouped in two categories.
The DACL related ACEs:
The SACL related ACEs:
5.4.1. Ace classes¶
5.4.1.1. AccessAllowedACE¶
-
class
windows.security.
AccessAllowedACE
[source]¶ Bases:
windows.security.MaskAndSidACE
,windows.generated_def.winstructs._ACCESS_ALLOWED_ACE
-
sid
¶ The sid described by the
ACE
Type: windows.generated_def.winstructs.PSID
-
5.4.1.2. AccessDeniedACE¶
-
class
windows.security.
AccessDeniedACE
[source]¶ Bases:
windows.security.MaskAndSidACE
,windows.generated_def.winstructs._ACCESS_DENIED_ACE
-
sid
¶ The sid described by the
ACE
Type: windows.generated_def.winstructs.PSID
-
5.4.1.3. AccessAllowedCallbackACE¶
-
class
windows.security.
AccessAllowedCallbackACE
[source]¶ Bases:
windows.security.CallbackACE
,windows.generated_def.winstructs._ACCESS_ALLOWED_CALLBACK_ACE
-
application_data
¶ The application-specific data
see : https://msdn.microsoft.com/en-us/library/hh877860.aspx
Type: str
-
sid
¶ The sid described by the
ACE
Type: windows.generated_def.winstructs.PSID
-
5.4.1.4. AccessDeniedCallbackACE¶
-
class
windows.security.
AccessDeniedCallbackACE
[source]¶ Bases:
windows.security.CallbackACE
,windows.generated_def.winstructs._ACCESS_DENIED_CALLBACK_ACE
-
application_data
¶ The application-specific data
see : https://msdn.microsoft.com/en-us/library/hh877860.aspx
Type: str
-
sid
¶ The sid described by the
ACE
Type: windows.generated_def.winstructs.PSID
-
5.4.1.5. AccessAllowedObjectACE¶
-
class
windows.security.
AccessAllowedObjectACE
[source]¶ Bases:
windows.security.ObjectRelatedACE
,windows.generated_def.winstructs._ACCESS_ALLOWED_OBJECT_ACE
-
inherited_object_type
¶ The
InheritedObjectType
described in the ACE.None
if ACE` has noInheritedObjectType
Type: PSID
orNone
-
sid
¶ The sid described by the
ACE
Type: windows.generated_def.winstructs.PSID
-
5.4.1.6. AccessDeniedObjectACE¶
-
class
windows.security.
AccessDeniedObjectACE
[source]¶ Bases:
windows.security.ObjectRelatedACE
,windows.generated_def.winstructs._ACCESS_DENIED_OBJECT_ACE
-
inherited_object_type
¶ The
InheritedObjectType
described in the ACE.None
if ACE` has noInheritedObjectType
Type: PSID
orNone
-
sid
¶ The sid described by the
ACE
Type: windows.generated_def.winstructs.PSID
-
5.4.1.7. AccessAllowedCallbackObjectACE¶
-
class
windows.security.
AccessAllowedCallbackObjectACE
[source]¶ Bases:
windows.security.CallbackACE
,windows.generated_def.winstructs._ACCESS_ALLOWED_CALLBACK_OBJECT_ACE
-
application_data
¶ The application-specific data
see : https://msdn.microsoft.com/en-us/library/hh877860.aspx
Type: str
-
sid
¶ The sid described by the
ACE
Type: windows.generated_def.winstructs.PSID
-
5.4.1.8. AccessDeniedCallbackObjectACE¶
-
class
windows.security.
AccessDeniedCallbackObjectACE
[source]¶ Bases:
windows.security.CallbackACE
,windows.generated_def.winstructs._ACCESS_DENIED_CALLBACK_OBJECT_ACE
-
application_data
¶ The application-specific data
see : https://msdn.microsoft.com/en-us/library/hh877860.aspx
Type: str
-
sid
¶ The sid described by the
ACE
Type: windows.generated_def.winstructs.PSID
-
5.4.1.9. SystemAuditACE¶
-
class
windows.security.
SystemAuditACE
[source]¶ Bases:
windows.security.MaskAndSidACE
,windows.generated_def.winstructs._SYSTEM_AUDIT_ACE
-
sid
¶ The sid described by the
ACE
Type: windows.generated_def.winstructs.PSID
-
5.4.1.10. SystemAlarmACE¶
-
class
windows.security.
SystemAlarmACE
[source]¶ Bases:
windows.security.MaskAndSidACE
,windows.generated_def.winstructs._SYSTEM_ALARM_ACE
reserved for future use.
-
sid
¶ The sid described by the
ACE
Type: windows.generated_def.winstructs.PSID
-
5.4.1.11. SystemAuditObjectACE¶
-
class
windows.security.
SystemAuditObjectACE
[source]¶ Bases:
windows.security.ObjectRelatedACE
,windows.generated_def.winstructs._SYSTEM_AUDIT_OBJECT_ACE
-
inherited_object_type
¶ The
InheritedObjectType
described in the ACE.None
if ACE` has noInheritedObjectType
Type: PSID
orNone
-
sid
¶ The sid described by the
ACE
Type: windows.generated_def.winstructs.PSID
-
5.4.1.12. SystemAlarmObjectACE¶
-
class
windows.security.
SystemAlarmObjectACE
[source]¶ Bases:
windows.security.ObjectRelatedACE
,windows.generated_def.winstructs._SYSTEM_ALARM_OBJECT_ACE
reserved for future use.
-
inherited_object_type
¶ The
InheritedObjectType
described in the ACE.None
if ACE` has noInheritedObjectType
Type: PSID
orNone
-
sid
¶ The sid described by the
ACE
Type: windows.generated_def.winstructs.PSID
-
5.4.1.13. SystemAuditCallbackACE¶
-
class
windows.security.
SystemAuditCallbackACE
[source]¶ Bases:
windows.security.CallbackACE
,windows.generated_def.winstructs._SYSTEM_AUDIT_CALLBACK_ACE
-
application_data
¶ The application-specific data
see : https://msdn.microsoft.com/en-us/library/hh877860.aspx
Type: str
-
sid
¶ The sid described by the
ACE
Type: windows.generated_def.winstructs.PSID
-
5.4.1.14. SystemAlarmCallbackACE¶
-
class
windows.security.
SystemAlarmCallbackACE
[source]¶ Bases:
windows.security.CallbackACE
,windows.generated_def.winstructs._SYSTEM_ALARM_CALLBACK_ACE
reserved for future use.
-
application_data
¶ The application-specific data
see : https://msdn.microsoft.com/en-us/library/hh877860.aspx
Type: str
-
sid
¶ The sid described by the
ACE
Type: windows.generated_def.winstructs.PSID
-
5.4.1.15. SystemAuditCallbackObjectACE¶
-
class
windows.security.
SystemAuditCallbackObjectACE
[source]¶ Bases:
windows.security.CallbackACE
,windows.generated_def.winstructs._SYSTEM_AUDIT_CALLBACK_OBJECT_ACE
-
application_data
¶ The application-specific data
see : https://msdn.microsoft.com/en-us/library/hh877860.aspx
Type: str
-
sid
¶ The sid described by the
ACE
Type: windows.generated_def.winstructs.PSID
-
5.4.1.16. SystemAlarmCallbackObjectACE¶
-
class
windows.security.
SystemAlarmCallbackObjectACE
[source]¶ Bases:
windows.security.CallbackACE
,windows.generated_def.winstructs._SYSTEM_ALARM_CALLBACK_OBJECT_ACE
Reserved for future use
-
application_data
¶ The application-specific data
see : https://msdn.microsoft.com/en-us/library/hh877860.aspx
Type: str
-
sid
¶ The sid described by the
ACE
Type: windows.generated_def.winstructs.PSID
-
5.4.1.17. SystemMandatoryLabelACE¶
-
class
windows.security.
SystemMandatoryLabelACE
[source]¶ Bases:
windows.security.MaskAndSidACE
,windows.generated_def.winstructs._SYSTEM_MANDATORY_LABEL_ACE
-
sid
¶ The sid described by the
ACE
Type: windows.generated_def.winstructs.PSID
-
5.4.1.18. SystemResourceAttributeACE¶
-
class
windows.security.
SystemResourceAttributeACE
[source]¶ Bases:
windows.security.MaskAndSidACE
,windows.generated_def.winstructs._SYSTEM_RESOURCE_ATTRIBUTE_ACE
-
sid
¶ The sid described by the
ACE
Type: windows.generated_def.winstructs.PSID
-
5.4.1.19. SystemScopedPolicyIDACE¶
-
class
windows.security.
SystemScopedPolicyIDACE
[source]¶ Bases:
windows.security.MaskAndSidACE
,windows.generated_def.winstructs._SYSTEM_SCOPED_POLICY_ID_ACE
-
sid
¶ The sid described by the
ACE
Type: windows.generated_def.winstructs.PSID
-
5.4.1.20. SystemProcessTrustLabelACE¶
-
class
windows.security.
SystemProcessTrustLabelACE
[source]¶ Bases:
windows.security.MaskAndSidACE
,windows.generated_def.winstructs._SYSTEM_PROCESS_TRUST_LABEL_ACE
Reserved. (from MSDC)
-
sid
¶ The sid described by the
ACE
Type: windows.generated_def.winstructs.PSID
-
5.4.2. Ace common base¶
These classes are internals and here for completness sake. You should not need to instanciate/use them directly.
5.4.2.1. AceHeader¶
5.4.2.2. AceBase¶
5.4.2.3. MaskAndSidACE¶
-
class
windows.security.
MaskAndSidACE
[source]¶ Virtual ACE for ACE struct with the following layout:
- ACE_HEADER Header
- ACCESS_MASK Mask
- DWORD SidStart
-
sid
¶ The sid described by the
ACE
Type: windows.generated_def.winstructs.PSID
5.4.2.4. CallbackACE¶
-
class
windows.security.
CallbackACE
[source]¶ -
-
application_data
¶ The application-specific data
see : https://msdn.microsoft.com/en-us/library/hh877860.aspx
Type: str
-
sid
¶ The sid described by the
ACE
Type: windows.generated_def.winstructs.PSID
-