2.4. Token

This module expose the Token object that can be primarily retrieved through:

Note

If you need to directly access the Token class, please use windows.security.Token as the path of token.py may change.

Indeed SecurityDescriptor & Token are deeply related and I may move token.py to a security/ directory in the futur.

Note

See sample Token

2.4.1. Token

class windows.winobject.token.Token(handle)[source]

Represent a Windows Token. The attributes only documented by a type are from the TOKEN_INFORMATION_CLASS, such return values may be improved version of the structure.

property TokenAccessInformation

TOKEN_ACCESS_INFORMATION

property TokenAppContainerNumber

DWORD

property TokenAppContainerSid

TOKEN_APPCONTAINER_INFORMATION

property TokenCapabilities

TokenGroups

property TokenDefaultDacl

TOKEN_DEFAULT_DACL

property TokenDeviceClaimAttributes

CLAIM_SECURITY_ATTRIBUTES_INFORMATION

property TokenDeviceGroups

TokenGroups

property TokenElevation

TOKEN_ELEVATION

property TokenElevationType

TOKEN_ELEVATION_TYPE

property TokenGroups

TokenGroups

property TokenGroupsAndPrivileges

TOKEN_GROUPS_AND_PRIVILEGES

property TokenHasRestrictions

DWORD

property TokenImpersonationLevel

SECURITY_IMPERSONATION_LEVEL

property TokenIntegrityLevel

TOKEN_MANDATORY_LABEL

property TokenIsAppContainer

DWORD

property TokenLinkedToken

TOKEN_LINKED_TOKEN

property TokenLogonSid

TokenGroups

property TokenMandatoryPolicy

TOKEN_MANDATORY_POLICY

property TokenOrigin

TOKEN_ORIGIN

property TokenOwner

TOKEN_OWNER

property TokenPrimaryGroup

TOKEN_PRIMARY_GROUP

property TokenPrivileges

TokenPrivileges

property TokenProcessTrustLevel

PSID

property TokenRestrictedDeviceGroups

TOKEN_GROUPS

property TokenRestrictedSids

TokenGroups

property TokenSandBoxInert

DWORD

property TokenSecurityAttributes

TokenSecurityAttributesInformation

property TokenSessionId

DWORD

property TokenSource

TOKEN_SOURCE

property TokenStatistics

TOKEN_STATISTICS

property TokenType

TOKEN_TYPE

property TokenUIAccess

DWORD

property TokenUser

TOKEN_USER

property TokenUserClaimAttributes

CLAIM_SECURITY_ATTRIBUTES_INFORMATION

property TokenVirtualizationAllowed

DWORD

property TokenVirtualizationEnabled

DWORD

property access_information

Alias for TokenAccessInformation (type may change in the future for improved struct)

adjust_privileges(privileges)[source]

Adjust the token privileges according to privileges. This API is the complex one to adjust multiple privileges at once.

To simply enable one privilege see enable_privilege().

Parameters:

privilegesTOKEN_PRIVILEGES (or subclass as TokenPrivileges). To easily update your token privileges use the result of privileges.

Example:

>>> tok = windows.current_process.token
>>> privs = tok.privileges
>>> privs["SeShutdownPrivilege"] = gdef.SE_PRIVILEGE_ENABLED
>>> privs["SeUndockPrivilege"] = gdef.SE_PRIVILEGE_ENABLED
>>> tok.adjust_privileges(privs)
property appcontainer_number

Alias for TokenAppContainerNumber (type may change in the future for improved struct)

property appcontainer_sid

The sid of the TokenAppContainerSid if present else None

Type:

PSID

property authentication_id

The AuthenticationId Specifies an unique identifier assigned to the session this token represents. There can be many tokens representing a single logon session.

Type:

int

property capabilities

Alias for TokenCapabilities (type may change in the future for improved struct)

property computername

The computername of the token

Type:

str

property default_dacl

The defaul DACL of the token

Type:

windows.security.Acl

duplicate(access_rigth=MAXIMUM_ALLOWED(0x2000000), attributes=None, type=None, impersonation_level=None)[source]

Duplicate the token into a new Token.

Parameters:
  • type – The type of token: TokenPrimary(0x1L) or TokenImpersonation(0x2L)

  • impersonation_level

    The SECURITY_IMPERSONATION_LEVEL for a TokenImpersonation(0x2L):

    • If type is TokenPrimary(0x1L) this parameter is ignored if None or used as-is.

    • If type is TokenImpersonation(0x2L) and this parameter is None, self.impersonation_level is used.

    • If type is TokenImpersonation(0x2L) and our Token is a TokenPrimary(0x1L) this parameter MUST be provided

Returns:

Token - The duplicate token

Example:

>>> tok
<Token TokenId=0x39d6dde5 Type=TokenPrimary(0x1L)>
>>> tok.duplicate()
<Token TokenId=0x39d7b206 Type=TokenPrimary(0x1L)>
>>> tok.duplicate(type=gdef.TokenImpersonation)
...
ValueError: Duplicating a PrimaryToken as a TokenImpersonation require explicit <impersonation_level> parameter
>>> tok.duplicate(type=gdef.TokenImpersonation, impersonation_level=gdef.SecurityImpersonation)
<Token TokenId=0x39dadbf8 Type=TokenImpersonation(0x2L) ImpersonationLevel=SecurityImpersonation(0x2L)>
property elevated

True if token is an elevated token

property elevation_type

The elevation type of the token.

Type:

int – Enum value from TOKEN_ELEVATION_TYPE

enable_privilege(name)[source]

Enable privilege name in the token

Raises:

ValueError if Token has no privilege name

get_integrity()[source]

Return the integrity level of the token

Type:

int

property groups

Alias for TokenGroups (type may change in the future for improved struct)

property groups_and_privileges

Alias for TokenGroupsAndPrivileges (type may change in the future for improved struct)

property handle

An handle on the object

Type:

HANDLE

Note

The handle is automaticaly closed when the object is destroyed

property has_restriction

Alias for TokenHasRestrictions (type may change in the future for improved struct)

property id

The TokenId Specifies an unique identifier that identifies this instance of the token object.

Type:

int

property impersonation_level

The impersonation level of a TokenImpersonation token.

Raises:

WindowsError if token is not a TokenImpersonation

Type:

int – Enum value from SECURITY_IMPERSONATION_LEVEL

property integrity

The integrity of the token as an int (extracted from integrity PSID)

Getter:

get_integrity()

Setter:

set_integrity()

property integrity_level

The integrity level and attributes of the token

Type:

windows.generated_def.winstructs.SID_AND_ATTRIBUTES

property is_appcontainer

Alias for TokenIsAppContainer (type may change in the future for improved struct)

property is_elevated

Alias for elevated deprecated and may disapear

property linked_token

The token linked to our token if present (may raise else)

Type:

Token

property logon_sid

The logon sid of the token. (Case of multiple logon sid not handled and will raise AssertionError)

Type:

windows.generated_def.winstructs.SID_AND_ATTRIBUTES

property mandatory_policy

mandatory integrity access policy for the associated token

Type:

int – see [MSDN] mandatory policy

property modified_id

The ModifiedId Specifies an unique identifier that changes each time the token is modified.

Type:

int

property origin

The originating logon session of the token.

Type:

int

property owner

The owner sid of the token

Type:

PSID

property primary_group

The sid of the primary group of the token

Type:

PSID

property privileges

Alias for TokenPrivileges

Type:

TokenPrivileges

property restricted_sids

Alias for TokenRestrictedSids (type may change in the future for improved struct)

property sandbox_inert

Alias for TokenSandBoxInert (type may change in the future for improved struct)

property security_attributes

The security attributes of the token

Type:

[TokenSecurityAttributeV1] - A list of token security attributes

property session_id

Alias for TokenSessionId (type may change in the future for improved struct)

set_integrity(integrity)[source]

Set the integrity level of a token

Parameters:

typeint

property statistics

Alias for TokenStatistics (type may change in the future for improved struct)

property trust_level

The trust level of the process if present else None.

Type:

PSID

property type

The type (Primary / Impersonation) of the token

property ui_access

Alias for TokenUIAccess (type may change in the future for improved struct)

property user

The user sid of the token

Type:

PSID

property username

The username of the token

Type:

str

property virtualization_allowed

Alias for TokenVirtualizationAllowed (type may change in the future for improved struct)

property virtualization_enabled

Alias for TokenVirtualizationEnabled (type may change in the future for improved struct)

wait(timeout=INFINITE(0xffffffff))

Wait for the object

2.4.2. TokenGroups

class windows.winobject.token.TokenGroups[source]

Bases: _TOKEN_GROUPS

property sids

The sids of each group

Type:

[PSID] - A list of PSID

property sids_and_attributes

The sids and attributes of each group

Type:

[SID_AND_ATTRIBUTES] - A list of SID_AND_ATTRIBUTES

2.4.3. TokenPrivileges

class windows.winobject.token.TokenPrivileges[source]

Bases: _TOKEN_PRIVILEGES

Improved TOKEN_PRIVILEGES usable like a mapping

__getitem__(name)[source]

Retrieve the attribute value for privilege name

Raises:

KeyError if privilege name not in the TokenPrivileges

Returns:

int

__setitem__(name, value)[source]

Set the attribute value for privilege name

Raises:

KeyError if privilege name not in the TokenPrivileges

all()[source]

The list of all privileges

Returns:

[LUID_AND_ATTRIBUTES] - A list of LUID_AND_ATTRIBUTES

items()[source]

The (name, Attribute) of all privileges in the TokenPrivileges

Returns:

[(str, int)] - A list of (name, Attribute) tuple

keys()[source]

The name of all privileges in the TokenPrivileges

Returns:

[str] - A list of name

2.4.4. TokenSecurityAttributesInformation

class windows.winobject.token.TokenSecurityAttributesInformation[source]

Bases: _TOKEN_SECURITY_ATTRIBUTES_INFORMATION

property attributes

Return all the attributes as TokenSecurityAttributeV1

Type:

[TokenSecurityAttributeV1] - A list of token security attributes

2.4.5. TokenSecurityAttributeV1

class windows.winobject.token.TokenSecurityAttributeV1[source]

Bases: _TOKEN_SECURITY_ATTRIBUTE_V1

property name

The name of the security attribute

property values

The values of the security attribute