o

�N�g���@s�dZd
dl
Z
d
dlZd
dlZd
dlZd
dlmZ
d
dlZd
dlZd
dlZd
dl	Z	d
dl
Z
d
dlZd
dlZe�
e�
Ze�d�
Ze�d�
Zejddd�Zejd	dd�Zejd
dd�ZdZdZdZd
Ze	je	jBe	jBe	jBe	jBe	jBe	j Be	j!Be	j"Be	j#Be	j$Be	j%Be	j&BZ'e	j(e	j)Be	j*Be	j+Be	j,Be	j-Be	j.Be	j/Be	j0Be	j#Be	j$Be	j%Be	j&BZ1dZ2ej3Z4dZ5dZ6dZ7dZ8ej3Z9ej3Z:dZ;dZ<dZ=dZ>dZ?dZ@dZAdZBdZCdZDdZEdZFdZGdZHdZIdZJdZ#dZ$dZ%dZ&e#e$Be%Be&BZKd
ZLdZMdZNdZOdZPdZQd ZRd!ZSd"ZTeKeLBeMBeNBeOBePBeQBeRBeSBeTBZUd
ZVdZWej3ZXd
ZYdZZej3Z[d
Z\d
Z]dZ^dZ_Gd#d$�d$ej`�Zae�bea�
ZcGd%d&�d&ejd�ZdGd'd(�d(eje�ZeGd)d*�d*ejf�ZfejgZhejiZje�beh�
Zke�bej�
ZlGd+d,�d,ejm�Zne�ben�
ZoGd-d.�d.ejm�Zpe�bep�
ZqGd/d0�d0ejm�Zre�ber�
ZsejtZuGd1d2�d2ejm�Zve�bev�
ZwGd3d4�d4ejm�Zxe�bex�
ZyGd5d6�d6ejm�Zze�bez�
Z{ezd7�
Z|e�}�Z~e~�d8e����Z�ej�Z�Gd9d:�d:ejm�Z�e�be��
Z�e�bej3�
Z�ej3Z�e�Z�e�beje�
Z�e�bejt�
Z�e�bej��
Z�Gd;d<�d<ejm�Z�Gd=d>�d>e��Z�Gd?d@�d@e��Z�GdAdB�dBe��Z�GdCdD�dDe��Z�GdEdF�dFe��Z�e�be��
Z�e�be��
Z�GdGdH�dHe��Z�GdIdJ�dJe��Z�dKdL�Z�dMdN�Z�e�edO�
j�Z�e��dO�
j�Z�e�Z�e��dP�
j�Z�e��dQ�
j�Z�e��dR�
j�Z�GdSdT�dTejm�Z�e�be��
Z�e�bej��
Z�e�bej��
Z�Z�e�bej��
Z�GdUdV�dVejm�Z�e�be��
Z�GdWdX�dXejm�Z�e�be��
Z�GdYdZ�dZe��Z�e�be��
Z�Gd[d\�d\ejm�Z�e�be��
Z�Gd]d^�d^eje�Z�d_d`�Z�Gdadb�dbej��Z�dcdd�Z�dedf�Z�dgdh�Z�e�ej�e�ej��
e�ej�ejdeje�
e�ej�ejdejeej�ej��
e�ej�ejdejeejeejee�ej�ejdej��	
e�ej�eje�
e�ej�ejdejee��
e�ej�ejde�e�e�ej��
e�ej�ejdej�ej�ej�ej�ej�ej�ej�ej�ej�e�e��

e�ej�eje�
e�ej�edejeejeejee�ej�ejdej��	
e�ej�edej�e��
e�ej�edejeej�e��
e�ej�edejeej�e�e[eXe��
e�ej�eaes�
e�ej�eaejt�
e�ej�eae��
e�ej�eaeoe�e��
e�ej�eaeje�
e�ej�eaejeeoe��
e�ej�eaejeeoe4ej3ejtej3eye{e�e�ese�e�ec�
deUe^eYdfdidj�
Z�dkdl�Z�dmdn�Z�dodp�Z�e
��dqdr�Z�de~ddddfdsdt�
Z�dde~dfdudv�
Z�de~dfdwdx�
Z�dde~de�fdydz�
Z�e���e���e���d
d{e	jWfd|d}�
Z�d�d~d�
Z�d�d��Z�d�d��Z�d�d��Z�	
			
			d�d�d��
Z�d�d�d��
Z�d�d�d��
Z�d�d��Z�d�d��Z�d�d��Z�				
			
			d�d�d��
Z�dS)�a 

Windows specific utility functions, this module should be imported in a try,
except block because it is only applicable on Windows platforms.


Much of what is here was adapted from the following:

    https://stackoverflow.com/a/43233332
    http://stackoverflow.com/questions/29566330
�N)
�wintypes�ntdll�secur32�kernel32T)
�use_last_error�advapi32�userenvzS-1-5-18zS-1-5-19�
��������R�s	NegotiatesKerbeross%MICROSOFT_AUTHENTICATION_PACKAGE_V1_0i
iii�� �@��
c@seZ
dZd
d�Zdd�ZdS)�NTSTATUSc

Cs
t�
|�
S�
N)rZRtlNtStatusToDosError�
�self�r�E/opt/saltstack/salt/lib/python3.10/site-packages/salt/platform/win.py�to_error��

zNTSTATUS.to_errorc
Cs&|jj
}
tj�|�
}|
�d
|j�d�S�N�
(�
))�	__class__�__name__r�ULONG�from_buffer�value)r�name�statusrrr�__repr__�s


zNTSTATUS.__repr__N)r$�
__module__�__qualname__rr*rrrrr�s
rc@seZ
dZd
d�ZdS)�BOOLc
C�|jj
}
|
�d
t|�
�d�Sr )r#r$�bool�rr(rrrr*��

z
BOOL.__repr__N)r$r+r,r*rrrrr-�s
r-c@s:eZ
dZd
Zdd�Zdd�Zejf
dd�
ZeZ	dd	�Z
d
S)�HANDLE)
�closedc


Cs
|jpd
S�Nr
�
r'rrrr�__int__�rzHANDLE.__int__c
Cs,t|d
d�sd|_
t|�
}
d|_|
Std�
�
)Nr3FTzalready closed)�getattrr3�intr'�
ValueError)rr'rrr�Detach�s





z
HANDLE.DetachcCsT|r&t|d
d�s(z	|
|�
��

WdSty%


t��dkr"	YdSYdSwdSdS)Nr3F�)r7r:�OSError�ctypes�get_last_error)r�CloseHandlerrr�Close�s




���zHANDLE.Closec

Cs|jj
�d
t|�
�d�Sr �r#r$r8rrrrr*�s
zHANDLE.__repr__N)r$r+r,�	__slots__r6r:rr?r@�__del__r*rrrrr2�s
	r2c@sXeZ
dZd
ej_e��Ze�de	�
e�
�
ejZdd�Zdd�Z
dd�Zed	d
��
Zd
S)�
LARGE_INTEGERNr
c


Cs|jSrr5rrrrr6�s
zLARGE_INTEGER.__int__c
Cs|jj
}
|
�d
|j�d�Sr )r#r$r'r0rrrr*�s

zLARGE_INTEGER.__repr__c
Cs$|j|j
}
|
d
kr|
dStd�
�
)Nr
g�cAzvalue predates the Unix epoch)r'�_unix_epochr9)r�	time100nsrrr�as_time�s



zLARGE_INTEGER.as_timecCst|
d
�
}|||j
�
S)Ni���)r8rE)�cls�
trFrrr�	from_time�s
zLARGE_INTEGER.from_time)r$r+r,rZRtlSecondsSince1970ToTime�restyperrDrEr=�byrefr'r6r*rG�classmethodrJrrrrrD�s



rDc@�&eZ
dZd
ejfdejfdeffZdS)�STRING�Length�
MaximumLength�BufferN)r$r+r,r�USHORT�PCHAR�_fields_rrrrrO��


�rOc@rN)�UNICODE_STRINGrPrQrRN)r$r+r,rrS�PWCHARrUrrrrrW�rVrWc@s:eZ
dZd
ejfdejffZddd�
Zdd�Zdd	�Z	d
S)�LUIDZLowPartZHighPartr
cCs|�t
�|
�
�
Sr)�from_buffer_copyr=�c_ulonglong)rHr'rrr�__new__
s
zLUID.__new__c

Cstj
�|�
jSr)r=r[r&r'rrrrr6
s
zLUID.__int__c
Cr.r rAr0rrrr*
r1z
LUID.__repr__N)
r
)
r$r+r,r�DWORD�LONGrUr\r6r*rrrrrY�s
�
rYc@seZ
dZd
efdejffZdS)�SID_AND_ATTRIBUTESZSidZ
AttributesN)r$r+r,�PSIDrr]rUrrrrr_
s
�r_c@s"eZ
dZd
ejfdedffZdS)�TOKEN_GROUPSZ
GroupCountZGroupsr	N)r$r+r,rr]r_rUrrrrra
s

�racs2eZ
dZd
eefdeffZd�f
dd�	Z�ZS)�TOKEN_SOURCE�
SourceName�SourceIdentifierNcsXt��
�
|
du
rt|
t�s|
�d
�
}
|
|_|dur'|j}t�t	�
|�
�

dS||_dS)N�mbcs)�super�__init__�
isinstance�bytes�encodercrdr�NtAllocateLocallyUniqueIdr=rL)rrcrd�luid�
r#rrrg.
s









zTOKEN_SOURCE.__init__�NN)	r$r+r,�CHAR�TOKEN_SOURCE_LENGTHrYrUrg�
__classcell__rrrmrrb(
s


�rbsPYTHON  �
-c@s6eZ
dZd
efdefdefdefdefdejffZdS)�QUOTA_LIMITSZPagedPoolLimitZNonPagedPoolLimitZMinimumWorkingSetSizeZMaximumWorkingSetSizeZ
PagefileLimitZ	TimeLimitN)r$r+r,�SIZE_TrrDrUrrrrrsD
s




�rscsVeZ
dZ�f
d
d�Zdd�Zdd�Zdd�Zd	d
�Z�f
dd�Ze	ddd�
�
Z
�ZS)�ContiguousUnicodec
st�j
|
i|�
�

dSr)rfrg)r�args�kwargsrmrrrgZ
s
zContiguousUnicode.__init__cCs>t�
t�
}t|d
|
���}|j|}|j}|r|d|�SdS�N�
_)r=�sizeof�WCHARr7rPrR)rr(�
wchar_size�
s�length�bufrrr�_get_unicode_string]
s








z%ContiguousUnicode._get_unicode_stringcCs�t|�
}t
�t�
}td
�|
�
�
d|}t
�|t
�|�
|�
t
�|�
t
�|�
}|
D]}t|�
d|}t
�|||�
||7}q+dS)N�
r	)	�typer=rzr{�len�join�resize�	addressof�memmove)r�valuesrHr|�bufsize�addrr'rrr�_set_unicode_bufferf
s










�z%ContiguousUnicode._set_unicode_bufferc
Cs
g}|jD]}||
kr|�
|pd
�

q|�
t||�pd
�

q|�|�

t|�
}t�t�
}t�|�
t�|�
}t	|j|�D]A\}}t�
|t�}	t|d|���}
t|�
|}|
_
||}||
krc|dusl||
krs|ss|
jssd|
_d|
_n|	|
_||
_||7}q<dS)N�ryr
)�_string_names_�appendr7r�r�r=rzr{r��zip�castrXr�rPrRrQ)
rr(r'r��
nrHr|r��
v�ptr�ustrr~Zfull_lengthrrr�_set_unicode_stringq
s,




















�z%ContiguousUnicode._set_unicode_stringcCs|
|jv
rt
�
|�|
�
Sr)r��AttributeErrorr�r0rrr�__getattr__�
s




zContiguousUnicode.__getattr__cs,|
|jvr
|�
|
|�
dSt��|
|�
dSr)r�r�rf�__setattr__)rr(r'rmrrr��
s


zContiguousUnicode.__setattr__NcCs�tj
�|�
}|du
rt�||�
t�t�|�
|
t�|�
�
t�|�
|
}|jD]}t	|d
|���}tj
�|j�
}|rA|j
|7_
q'|Srx)r=�	Structurer\r�r�rLrzr�r�r7�c_void_pr&rRr')rH�address�size�
x�deltar�r�r�rrr�from_address_copy�
s









�
z#ContiguousUnicode.from_address_copyr)r$r+r,rgr�r�r�r�r�rMr�rqrrrmrruX
s	
ruc�eZ
dZ�f
d
d�Z�ZS)�AuthInfoc

�t��
�
|j|_dSr�rfrg�_message_type_�MessageTyperrmrrrg�
�


zAuthInfo.__init__�r$r+r,rgrqrrrmrr��
�r�csBeZ
dZeZd
ZdefdefdefdeffZd	�f
dd�	Z	�Z
S)
�MSV1_0_INTERACTIVE_LOGON)�LogonDomainName�UserName�Passwordr�Z_LogonDomainNameZ	_UserNameZ	_PasswordNcs<t��
�
|du
r||_|
du
r|
|_|du
r||_dSdSr)rfrgr�r�r�)rr�r�r�rmrrrg�
s








�z!MSV1_0_INTERACTIVE_LOGON.__init__�NNN)r$r+r,�MsV1_0InteractiveLogonr�r��LOGON_SUBMIT_TYPErWrUrgrqrrrmrr��
s




�r�cs@eZ
dZd
ZdefdejfdefdeffZd
�f
dd	�	Z	�Z
S)�S4ULogon)�UserPrincipalName�
DomainNamer��FlagsZ_UserPrincipalNameZ_DomainNameNr
cs4t��
�
||_|
du
r|
|_|du
r||_dSdSr)rfrgr�r�r�)rr�r�r�rmrrrg�
s







�zS4ULogon.__init__)NNr
)r$r+r,r�r�rr%rWrUrgrqrrrmrr��
s



�r�c
@�eZ
dZeZd
S)�MSV1_0_S4U_LOGONN)r$r+r,�MsV1_0S4ULogonr�rrrrr��
�
r�c
@r�)�KERB_S4U_LOGONN)r$r+r,�KerbS4ULogonr�rrrrr��
r�r�cr�)�
ProfileBufferc

r�rr�rrmrrrg�
r�zProfileBuffer.__init__r�rrrmrr��
r�r�c@s~eZ
dZeZd
Zdefdejfdejfde	fde	fde	fde	fd	e	fd
e	fde
fde
fd
e
fde
fde
fde
fdejffZdS)�MSV1_0_INTERACTIVE_PROFILE)ZLogonScriptZ
HomeDirectoryZFullNameZProfilePathZHomeDirectoryDriveZLogonServerr�Z
LogonCountZBadPasswordCountZ	LogonTimeZ
LogoffTimeZKickOffTimeZPasswordLastSetZPasswordCanChangeZPasswordMustChangeZ_LogonScriptZ_HomeDirectoryZ	_FullNameZ_ProfilePathZ_HomeDirectoryDriveZ_LogonServerZ	UserFlagsN)
r$r+r,r�r�r��PROFILE_BUFFER_TYPErrSrDrWr%rUrrrrr��
s(

	














�r�cCs|jd
krt
�|���
�
|Sr4)r'r=�WinErrorr��result�funcrvrrr�
_check_statuss



r�cC�|s	t�
t���
�
|Sr�r=r�r>r�rrr�_check_bool�


r����i����i����i�cs8eZ
dZd
ejfdejfdejffZ�f
dd�Z�Z	S)�SECURITY_ATTRIBUTES�nLengthZlpSecurityDescriptor�bInheritHandlec
�"t�
|�
|_t�jd
i|
�
�

dS�Nr)r=rzr�rfrg�r�kwdsrmrrrg!�

zSECURITY_ATTRIBUTES.__init__)
r$r+r,rr]�LPVOIDr-rUrgrqrrrmrr�s

�r�cs�eZ
dZd
Zdejfdejfdejfdejfdejfdejfdejfd	ejfd
ejfdejfdejfd
ejfdejfdejfdefdej	fdej	fdej	ffZ
�f
dd�Z�ZS)�STARTUPINFOz1https://msdn.microsoft.com/en-us/library/ms686331�cbZ
lpReservedZ	lpDesktopZlpTitleZdwXZdwYZdwXSizeZdwYSizeZ
dwXCountCharsZ
dwYCountCharsZdwFillAttributeZdwFlagsZwShowWindowZcbReserved2ZlpReserved2Z	hStdInputZ
hStdOutputZ	hStdErrorc
r�r�)r=rzr�rfrgr�rmrrrgDr�zSTARTUPINFO.__init__)
r$r+r,�__doc__rr]�LPWSTRZWORD�LPBYTEr2rUrgrqrrrmrr�,s,

















�r�c
@�eZ
dZd
S)�PROC_THREAD_ATTRIBUTE_LISTN�r$r+r,rrrrr�L�
r�c@seZ
dZd
eff
ZdS)�
STARTUPINFOEXZlpAttributeListN)r$r+r,�PPROC_THREAD_ATTRIBUTE_LISTrUrrrrr�Ss
r�c@s4eZ
dZd
ZdejfdejfdejfdejffZdS)�PROCESS_INFORMATIONz1https://msdn.microsoft.com/en-us/library/ms684873ZhProcessZhThreadZdwProcessIdZ
dwThreadIdN)r$r+r,r�rr2r]rUrrrrr�Zs



�r�c
@r�)�
HANDLE_IHVNr�rrrrr�hr�r�cC�|jt
krt�t���
�
|jSr)r'�INVALID_HANDLE_VALUEr=r�r>r�rrr�errcheck_ihvl�



r�c
@r�)�	DWORD_IDVNr�rrrrr�rr�r�cCr�r)r'�INVALID_DWORD_VALUEr=r�r>r�rrr�errcheck_idvvr�r�cCr�rr�r�rrr�
errcheck_bool|r�r�cGsf|
|_||_
t|
t�rt|_dSt|
t�rt|_dSt|
t�r$t	|_dSt|
t
�r.t|_dSt|_dSr)
rK�argtypes�
issubclassrr��errcheckr-r�r�r�r�r�r�)r�rKr�rrr�_win�s


















r�c
Csrd
}|durd}t�}t
�t��tt�|�
�
t�}zt
�||
|||t�|�
�
W|r/|�	�
|S|r8|�	�
ww)NFT)
r2r�OpenProcessTokenr�GetCurrentProcess�TOKEN_ALL_ACCESSr=rL�DuplicateTokenExr@)Zsource_token�accessZimpersonation_level�
token_typeZ
attributesZclose_source�tokenrrr�duplicate_tokenXs.




�







�	

�

�r�c
Cst�
�}t�t�|�
�

|jSr)rr2r�LsaConnectUntrustedr=rLr')
�handlerrr�lsa_connect_untrustedvs


r�c
Cstt|t
�s
|�d
�
}|dd�}t�|d�}
tt|�
t|
�
|
�}t��}t	�}t
�t�|�
t�|�
t�|�
�
|j
S)Nre�r)rhrirjr=�create_string_bufferrOr�rr2�LSA_OPERATIONAL_MODEr�LsaRegisterLogonProcessrLr')�logon_process_namerr(r��moderrr�lsa_register_logon_process|s










�r�cCsft|
t
�s
|
�d
�
}
|
dd�}
t�|
�
}tt|
�
t|�
|�}t��}t	�
|t�|�
t�|�
�
|jS)Nrer�)
rhrirjr=r�rOr�rr%r�LsaLookupAuthenticationPackagerLr')�
lsa_handleZpackage_namerr(�packagerrr�!lsa_lookup_authentication_package�s










�r��	LOGONINFO)�TokenZLogonIdZProfileZQuotascCs4|
durt�}nt
�|
�
}|durt}t|t�s|�d
�
}t
�|�
}tt	|�
t	|�
|�}|durBt|t
�r8t}n
t|t�r@t
}nt}|durQt|t�rOtj}nt}t��}	t��}
d}t�}t�}
t�}t�}d}|durrt�}d}z�t|ttf�rt||�}zbz2t�|t
�|�
||t
�|�
t
�|�
|t
�|�
t
�|	�
t
�|
�
t
�|�
t
�|
�
t
�|�
t
�|�
�
Wnt y�


|j!r�t
�"|�#��
�
�wW|	r�|	j!}t$�%|�
j!}|t&kr�t'�(||
j!�}t�)|�

n|	r�|	j!}t$�%|�
j!}|t&kr�t'�(||
j!�}t�)|�

wwW|�
rt�*|�

n
|�
rt�*|�

wwt+|
|||�S)NreFT),�LPTOKEN_GROUPSr=rL�py_source_contextrhrirjr�rOr�r��NEGOTIATE_PACKAGE_NAMEr��MICROSOFT_KERBEROS_NAME�MSV1_0_PACKAGE_NAMEr��win32conZLOGON32_LOGON_NETWORK�Interactiverr�r%rYr2rsrr��strr�r�LsaLogonUserrzr<r'r�rr��from_addressr�r�r��LsaFreeReturnBuffer�LsaDeregisterLogonProcessr�)Z	auth_info�local_groups�origin_name�source_contextZauth_packageZ
logon_typer�Z
plocal_groupsrZprofile_bufferZprofile_buffer_lengthZprofileZlogonidZhtokenZquotasZ	substatusZ
deregisterr��buftyperrr�lsa_logon_user�s�	




















































�


��




�
��




���	

��
�r
cCstt
||
|�|||�Sr)r
r�)r(�password�domainr

r
r
rrr�
logon_msv1�s




�r
cCsDt�
td
�
}t�t|�
�
}t�|t�|�
�
t	t
||j�|
||�S)Nr	)r=�create_unicode_buffer�MAX_COMPUTER_NAME_LENGTHrr]r�r�GetComputerNameWrLr
r�r')r(r

r
r
r
r~rrr�logon_msv1_s4u�s



�r
c	Cs:t|�
}zt
t||
�||||d
�Wt�|�

St�|�

w)N)
r�)r�r
r�rr
)r(Zrealmr

r
r
r�r�rrr�logon_kerb_s4us






�r
Fc	Cs*t�
�}t�||
|t�|�
|||�
|jSr)rr2r�DuplicateHandler=rLr')ZhsrcZ	srchandleZhtgtr�Zinherit�optionsZ	tgthandlerrrr
s


�r
cCsft�
�t�
�}}t�t�|�
t�|�
dd
�
|r"t�|tjtj�
|
r-t�|tjtj�
|j	|j	fSr4)
rr2r�
CreatePiper=rL�SetHandleInformationr
ZHANDLE_FLAG_INHERITr')Zinherit_readZ
inherit_write�read�writerrrr
,s





�


�r
cCs�tj
tjBtjB}t�||�}|��}|��}d
}td|�D]}|�|�
\\}	}
}}|	t	j
ko6||
ko6||k}
|
r<
dSq|�|��|
|�
|�
d|d�
t�|||�
dS)z9
    Set an object permission for the given user sid
    Fr
r	N)�
win32securityZOWNER_SECURITY_INFORMATIONZGROUP_SECURITY_INFORMATIONZDACL_SECURITY_INFORMATIONZGetUserObjectSecurityZGetSecurityDescriptorDaclZGetAceCount�rangeZGetAce�
ntsecurityconZACCESS_ALLOWED_ACE_TYPEZAddAccessAllowedAceZGetAclRevisionZSetSecurityDescriptorDaclZSetUserObjectSecurity)�obj�perm�sid�info�sdZdaclZace_cnt�found�idxZaceTypeZaceFlagsZace_maskZace_sidZ
ace_existsrrr�
set_user_perm:s.
���






���

r*
c
CsDt�
|tj�d
}
t��}t|t|
�
t�t	�
��
}t|t|
�
dS)z`
    Grant the token's user access to the current process's window station and
    desktop.
    r
N)r 
�GetTokenInformation�	TokenUser�win32processZGetProcessWindowStationr*
�
WINSTA_ALL�win32serviceZGetThreadDesktop�win32apiZGetCurrentThreadId�DESKTOP_ALL)�thZcurrent_sidZwinstaZdesktoprrr�grant_winsta_and_desktopWs



r3
c
Cs<d
}
|��D]\}}|
|d|d7}
q|
d7}
t
�|
�
S)Nr��
=r�)�itemsr=r
)�envZsenv�
kr�rrr�environment_stringes






r8
c
Cs�|tj
O}|du
rt�|�
}|durt�}|du
rt�|�
}|du
r)t�t|�
�
}t�}t�	||
|||||t�
|�
t�
|�
�	}	|	d
krSt��}
t
t�|
�
�
}|
|_|�
|Sr4)r
�CREATE_UNICODE_ENVIRONMENTr=r
r��pointerr8
r�r�CreateProcessWithTokenWrLr0
�GetLastErrorr<�
FormatMessage�winerror)r��
logonflags�applicationname�commandline�
creationflags�environment�currentdirectory�startupinfo�process_info�retZwinerr�excrrrr;
ms6






















�




r;
c
cs�
�t�
�D]�}|jd
kr
qzt�tjd
|j�}Wn$tjy<
}
z|jdkr6t	�
d|j|���
WYd}~q|�
d}~w
wztj
tjBtjBtjB}t�||�}Wntyp
}
zt	�
d|j|��|���
WYd}~qd}~w
wzt�|tj�d
}Wnty�
}
zt	�d|j|��|���
WYd}~qd}~w
wt�|�
}	|r�||	kr�t	�
d|�
q|
r�t�|tj�|
kr�qdd	�}
|r�d
}|D]	}|
||�s�d}q�|s�qt|�
V
qdS)zj
    Enumerate tokens from any existing processes that can be accessed.
    Optionally filter by sid.
    r
rz$Unable to OpenProcess pid=%d name=%sNz-OpenProcessToken failed pid=%d name=%s user%sz)GetTokenInformation pid=%d name=%s user%sz)Token for pid does not match user sid: %scSs6t�
d|
�}t�|tj�D]\}}||kr
d
Sq
dS)NTF)r 
ZLookupPrivilegeValuer+
�TokenPrivileges)�tokZprivrlZ	priv_luid�flagsrrr�has_priv�s


�
�z"enumerate_tokens.<locals>.has_privTF)�psutilZprocess_iter�pidr0
ZOpenProcessr
ZPROCESS_ALL_ACCESS�errorr>
�log�debugr(r 
�TOKEN_DUPLICATE�TOKEN_QUERY�TOKEN_IMPERSONATE�TOKEN_ASSIGN_PRIMARYr��	Exception�usernamer+
r,
�	exceptionZConvertSidToStringSidZTokenSessionId�	dup_token)
r%
�
session_id�privs�
p�phrH
r�r2
Zprocess_sidZproc_sidrL
Zhas_allr(rrr�enumerate_tokens�s��










��
����





���

��




���
	


�
�	




�


�r^
cCsFt||
|�D]}t
|�
}t|�

t�|�
d
krtd�
�
|
Std�
�
)zU
    Find an existing process token for the given sid and impersonate the token.
    r
zImpersonation failure)r^
rY
�
elevate_tokenr 
ZImpersonateLoggedOnUserr<)r%
rZ
r[
rJ
rrr�impersonate_sid�s





r`
c
Cs&t�
�}
d
|
_t�|tjtjtj|
�S)z$
    duplicate the access token
    T)r 
r�r�r��SecurityImpersonationr
ZMAXIMUM_ALLOWED�TokenPrimary)r2
Zsec_attrrrrrY
�s






�rY
c
CsZt�
|tj�}
t�}|
D]\}}|�|tjf�

qt�|d
|�d
kr+tt	�
t	���
�
�
dS)z-
    Set all token privileges to enabled
    r
N)r 
r+
rI
�set�addr
ZSE_PRIVILEGE_ENABLEDZAdjustTokenPrivilegesr<r0
r=
r<
)r2
Z
privilegesZenable_privsrlrK
rrrr_
�s


�r_
c

Cst�
t��|t��d
dtj�S)zCreate an inheritable handler
r	)r0
r
r�r
�DUPLICATE_SAME_ACCESS)
r�rrr�make_inheritable
s





�rf
c
Cst|tj
O}|du
rt�|�
}|	durt�}	|du
r t�t|�
�
}t�}
t�	||
|||||||t�
|	�
t�
|
�
�
|
Sr)r
r9
r=r
r�r:
r8
r�r�CreateProcessWithLogonWrL)rW
r
r
r?
r@
rA
rB
rC
rD
rE
rF
rrrrg
s,




















�
rg
)FF)r
NNr
NNNr�rn)
NNNr
NNr
NNN)�r��collectionsr=�logging�osrr"
rM
r0
r
r-
r 
r/
�	getLoggerr$rP
ZWinDLLrrrrrZ
SYSTEM_SIDZ
LOCAL_SRV_SIDZNETWORK_SRV_SIDZLOGON_WITH_PROFILEZWINSTA_ACCESSCLIPBOARDZWINSTA_ACCESSGLOBALATOMSZWINSTA_CREATEDESKTOPZWINSTA_ENUMDESKTOPSZWINSTA_ENUMERATEZWINSTA_EXITWINDOWSZWINSTA_READATTRIBUTESZWINSTA_READSCREENZWINSTA_WRITEATTRIBUTESZDELETEZREAD_CONTROLZ	WRITE_DACZWRITE_OWNERr.
ZDESKTOP_CREATEMENUZDESKTOP_CREATEWINDOWZDESKTOP_ENUMERATEZDESKTOP_HOOKCONTROLZDESKTOP_JOURNALPLAYBACKZDESKTOP_JOURNALRECORDZDESKTOP_READOBJECTSZDESKTOP_SWITCHDESKTOPZDESKTOP_WRITEOBJECTSr1
r
r%ZSECURITY_LOGON_TYPEr
ZNetworkZBatchZServicer�r�r�ZMsV1_0Lm20LogonZMsV1_0NetworkLogonZMsV1_0WorkstationUnlockLogonr�ZMsV1_0NoElevationLogonZKerbInteractiveLogonZKerbWorkstationUnlockLogonr�Z&MSV1_0_S4U_LOGON_FLAG_CHECK_LOGONHOURSZ$KERB_S4U_LOGON_FLAG_CHECK_LOGONHOURSZKERB_S4U_LOGON_FLAG_IDENTITYrpr
r
r
ZSTANDARD_RIGHTS_REQUIREDrU
rR
rT
rS
ZTOKEN_QUERY_SOURCEZTOKEN_ADJUST_PRIVILEGESZTOKEN_ADJUST_GROUPSZTOKEN_ADJUST_DEFAULTZTOKEN_ADJUST_SESSIONIDr�ZDUPLICATE_CLOSE_SOURCEre
Z
TOKEN_TYPErb
ZTokenImpersonationZSECURITY_IMPERSONATION_LEVELZSecurityAnonymousZSecurityIdentificationra
ZSecurityDelegationr^r�POINTERZ	PNTSTATUSr-r2rD�c_charro�c_wcharr{rTrXr�rOZLPSTRINGrWZLPUNICODE_STRINGrYZLPLUIDr�r`r_ZLPSID_AND_ATTRIBUTESrar

rbZLPTOKEN_SOURCEr
rjZpy_origin_name�getpidZpy_logon_process_name�c_size_trtrsZLPQUOTA_LIMITSZLPULONGr�ZLPLSA_OPERATIONAL_MODEZLPHANDLEZLPLPVOIDr]ZLPDWORDrur�r�r�r�r�ZPMSV1_0_S4U_LOGONZPKERB_S4U_LOGONr�r�r�r�r'r�r�ZINFINITEZSTD_INPUT_HANDLEZSTD_OUTPUT_HANDLEZSTD_ERROR_HANDLEr�ZLPSECURITY_ATTRIBUTESZBYTEr�r�ZPHANDLE�c_ulongr�Z
LPSTARTUPINFOr�r�r�ZLPSTARTUPINFOEXr�ZLPPROCESS_INFORMATIONr�r�r�r�r�r�ZGetStdHandler?r
r
r�ZGetExitCodeProcessr
rg
ZLPCWSTRr�r
r�r�rkr
r�r�r
r�r	
r�r�r�r��
namedtupler�r
r
r
r
r*
r3
r8
r;
r^
r`
rY
r_
rf
rrrr�<module>
s.



















��������	�
����
��������	�
����


























��������	��
































N




















�









�



�	





�












�








�
�




�








�



�


�




�





�
















�




�

�





�T



�
�





�





�








�
'
K










�