2.4. Token¶
This module expose the Token
object that can be primarily retrieved through:
Note
If you need to directly access the Token
class, please use windows.security.Token
as the
path of token.py
may change.
Indeed SecurityDescriptor
& Token
are deeply related and I may move token.py
to a
security/
directory in the futur.
Note
See sample Token
2.4.1. Token¶
- class windows.winobject.token.Token(handle)[source]¶
Represent a Windows Token. The attributes only documented by a type are from the
TOKEN_INFORMATION_CLASS
, such return values may be improved version of the structure.Note
- property TokenAccessInformation¶
- property TokenAppContainerNumber¶
DWORD
- property TokenAppContainerSid¶
- property TokenCapabilities¶
- property TokenDefaultDacl¶
- property TokenDeviceClaimAttributes¶
- property TokenDeviceGroups¶
- property TokenElevation¶
- property TokenElevationType¶
- property TokenGroups¶
- property TokenGroupsAndPrivileges¶
- property TokenHasRestrictions¶
DWORD
- property TokenImpersonationLevel¶
- property TokenIntegrityLevel¶
- property TokenIsAppContainer¶
DWORD
- property TokenLinkedToken¶
- property TokenLogonSid¶
- property TokenMandatoryPolicy¶
- property TokenOrigin¶
- property TokenOwner¶
- property TokenPrimaryGroup¶
- property TokenPrivileges¶
- property TokenRestrictedDeviceGroups¶
- property TokenRestrictedSids¶
TokenGroups
- property TokenSandBoxInert¶
DWORD
- property TokenSecurityAttributes¶
- property TokenSessionId¶
DWORD
- property TokenSource¶
- property TokenStatistics¶
- property TokenType¶
- property TokenUIAccess¶
DWORD
- property TokenUser¶
- property TokenUserClaimAttributes¶
- property TokenVirtualizationAllowed¶
DWORD
- property TokenVirtualizationEnabled¶
DWORD
- property access_information¶
Alias for TokenAccessInformation (type may change in the future for improved struct)
- adjust_privileges(privileges)[source]¶
Adjust the token privileges according to
privileges
. This API is the complex one to adjust multiple privileges at once.To simply enable one privilege see
enable_privilege()
.- Parameters:
privileges –
TOKEN_PRIVILEGES
(or subclass asTokenPrivileges
). To easily update your token privileges use the result ofprivileges
.
Example:
>>> tok = windows.current_process.token >>> privs = tok.privileges >>> privs["SeShutdownPrivilege"] = gdef.SE_PRIVILEGE_ENABLED >>> privs["SeUndockPrivilege"] = gdef.SE_PRIVILEGE_ENABLED >>> tok.adjust_privileges(privs)
- property appcontainer_number¶
Alias for TokenAppContainerNumber (type may change in the future for improved struct)
- property authentication_id¶
The AuthenticationId Specifies an unique identifier assigned to the session this token represents. There can be many tokens representing a single logon session.
- Type:
int
- property capabilities¶
Alias for TokenCapabilities (type may change in the future for improved struct)
- property computername¶
The computername of the token
- Type:
str
- property default_dacl¶
The defaul DACL of the token
- Type:
- duplicate(access_rigth=MAXIMUM_ALLOWED(0x2000000), attributes=None, type=None, impersonation_level=None)[source]¶
Duplicate the token into a new
Token
.- Parameters:
type – The type of token:
TokenPrimary(0x1L)
orTokenImpersonation(0x2L)
impersonation_level –
The
SECURITY_IMPERSONATION_LEVEL
for aTokenImpersonation(0x2L)
:If
type
isTokenPrimary(0x1L)
this parameter is ignored ifNone
or used as-is.If
type
isTokenImpersonation(0x2L)
and this parameter is None,self.impersonation_level
is used.If
type
isTokenImpersonation(0x2L)
and our Token is aTokenPrimary(0x1L)
this parameter MUST be provided
- Returns:
Token
- The duplicate token
Example:
>>> tok <Token TokenId=0x39d6dde5 Type=TokenPrimary(0x1L)> >>> tok.duplicate() <Token TokenId=0x39d7b206 Type=TokenPrimary(0x1L)> >>> tok.duplicate(type=gdef.TokenImpersonation) ... ValueError: Duplicating a PrimaryToken as a TokenImpersonation require explicit <impersonation_level> parameter >>> tok.duplicate(type=gdef.TokenImpersonation, impersonation_level=gdef.SecurityImpersonation) <Token TokenId=0x39dadbf8 Type=TokenImpersonation(0x2L) ImpersonationLevel=SecurityImpersonation(0x2L)>
- property elevated¶
True
if token is an elevated token
- property elevation_type¶
The elevation type of the token.
- Type:
int
– Enum value fromTOKEN_ELEVATION_TYPE
- enable_privilege(name)[source]¶
Enable privilege
name
in the token- Raises:
ValueError
ifToken
has no privilegename
- property groups¶
Alias for TokenGroups (type may change in the future for improved struct)
- property groups_and_privileges¶
Alias for TokenGroupsAndPrivileges (type may change in the future for improved struct)
- property handle¶
An handle on the object
- Type:
HANDLE
Note
The handle is automaticaly closed when the object is destroyed
- property has_restriction¶
Alias for TokenHasRestrictions (type may change in the future for improved struct)
- property id¶
The TokenId Specifies an unique identifier that identifies this instance of the token object.
- Type:
int
- property impersonation_level¶
The impersonation level of a
TokenImpersonation
token.- Raises:
WindowsError
if token is not aTokenImpersonation
- Type:
int
– Enum value fromSECURITY_IMPERSONATION_LEVEL
- property integrity¶
The integrity of the token as an int (extracted from integrity PSID)
- Getter:
- Setter:
- property integrity_level¶
The integrity level and attributes of the token
- property is_appcontainer¶
Alias for TokenIsAppContainer (type may change in the future for improved struct)
- property is_elevated¶
Alias for
elevated
deprecated and may disapear
- property logon_sid¶
The logon sid of the token. (Case of multiple logon sid not handled and will raise AssertionError)
- property mandatory_policy¶
mandatory integrity access policy for the associated token
- Type:
int
– see [MSDN] mandatory policy
- property modified_id¶
The ModifiedId Specifies an unique identifier that changes each time the token is modified.
- Type:
int
- property origin¶
The originating logon session of the token.
- Type:
int
- property privileges¶
Alias for
TokenPrivileges
- Type:
- property restricted_sids¶
Alias for TokenRestrictedSids (type may change in the future for improved struct)
- property sandbox_inert¶
Alias for TokenSandBoxInert (type may change in the future for improved struct)
- property security_attributes¶
The security attributes of the token
- Type:
[
TokenSecurityAttributeV1
] - A list of token security attributes
- property session_id¶
Alias for TokenSessionId (type may change in the future for improved struct)
- property statistics¶
Alias for TokenStatistics (type may change in the future for improved struct)
- property type¶
The type (Primary / Impersonation) of the token
- property ui_access¶
Alias for TokenUIAccess (type may change in the future for improved struct)
- property username¶
The username of the token
- Type:
str
- property virtualization_allowed¶
Alias for TokenVirtualizationAllowed (type may change in the future for improved struct)
- property virtualization_enabled¶
Alias for TokenVirtualizationEnabled (type may change in the future for improved struct)
- wait(timeout=INFINITE(0xffffffff))¶
Wait for the object
2.4.2. TokenGroups¶
- class windows.winobject.token.TokenGroups[source]¶
Bases:
_TOKEN_GROUPS
- property sids_and_attributes¶
The sids and attributes of each group
- Type:
[
SID_AND_ATTRIBUTES
] - A list ofSID_AND_ATTRIBUTES
2.4.3. TokenPrivileges¶
- class windows.winobject.token.TokenPrivileges[source]¶
Bases:
_TOKEN_PRIVILEGES
Improved
TOKEN_PRIVILEGES
usable like a mapping- __getitem__(name)[source]¶
Retrieve the attribute value for privilege
name
- Raises:
KeyError if privilege
name
not in the TokenPrivileges- Returns:
int
- __setitem__(name, value)[source]¶
Set the attribute value for privilege
name
- Raises:
KeyError if privilege
name
not in the TokenPrivileges
- all()[source]¶
The list of all privileges
- Returns:
[
LUID_AND_ATTRIBUTES
] - A list ofLUID_AND_ATTRIBUTES
2.4.4. TokenSecurityAttributesInformation¶
- class windows.winobject.token.TokenSecurityAttributesInformation[source]¶
Bases:
_TOKEN_SECURITY_ATTRIBUTES_INFORMATION
- property attributes¶
Return all the attributes as
TokenSecurityAttributeV1
- Type:
[
TokenSecurityAttributeV1
] - A list of token security attributes
2.4.5. TokenSecurityAttributeV1¶
- class windows.winobject.token.TokenSecurityAttributeV1[source]¶
Bases:
_TOKEN_SECURITY_ATTRIBUTE_V1
- property name¶
The name of the security attribute
- property values¶
The values of the security attribute