update Doc + test + sample for token.py

hakril · hakril · commit 986664d01fee · 2018-12-20T22:48:16.000+01:00
diff --git a/docs/source/samples_output/debug_debugger_on_setup.txt b/docs/source/samples_output/debug_debugger_on_setup.txt
@@ -0,0 +1,10 @@
+(cmd) python debug\debugger_on_setup.py
+== With on_setup ==
+Setup called: <WinProcess "whoami.exe" pid 29796 at 0x4ccb790>
+<whoami output>
+Process exit: <WinProcess "whoami.exe" pid 29796 (DEAD) at 0x4ccb790>
+
+== Without on_setup ==
+Exception: EXCEPTION_BREAKPOINT(0x80000003L)
+<whoami output>
+Process exit: <WinProcess "whoami.exe" pid 33328 (DEAD) at 0x4ccbdb0>
diff --git a/docs/source/samples_output/token_token_demo.txt b/docs/source/samples_output/token_token_demo.txt
@@ -0,0 +1,21 @@
+(cmd) python token\token_demo.py
+Our process token is <Token TokenId=0x3f1f98fd Type=TokenPrimary(0x1L)>
+Retrieving some infos
+Username: <hakril>
+User: <PSID "S-1-5-21-184905214-2723199098-2761450773-1001">
+  - lookup : ('WILLIE', 'hakril')
+Primary group: <PSID "S-1-5-21-184905214-2723199098-2761450773-513">
+  - lookup : ('WILLIE', 'Aucun')
+
+Token Groups is <TokenGroups count=15>
+First group SID is <PSID "S-1-5-21-184905214-2723199098-2761450773-513">
+Some sid and attributes:
+ - S-1-5-21-184905214-2723199098-2761450773-513: 7
+ - S-1-1-0: 7
+ - S-1-5-114: 16
+
+Duplicate token is <Token TokenId=0x3f1fac85 Type=TokenImpersonation(0x2L) ImpersonationLevel=SecurityImpersonation(0x2L)>
+Enabling <SeShutDownPrivilege>
+Current thread token is <None>
+Setting impersonation token !
+Current thread token is <Token TokenId=0x3f1fac85 Type=TokenImpersonation(0x2L) ImpersonationLevel=SecurityImpersonation(0x2L)>
diff --git a/docs/source/token.rst b/docs/source/token.rst
@@ -0,0 +1,61 @@
+Token
+"""""
+
+.. module:: windows.winobject.token
+
+This module expose the :class:`Token` object that can be primarily  retrieved through:
+
+    * :data:`windows.winobject.process.WinProcess.token`
+    * :data:`windows.winobject.process.WinThread.token`
+    * :data:`windows.current_process.token <windows.winobject.process.CurrentProcess.token>`
+    * :data:`windows.current_thread.token <windows.winobject.process.CurrentThread.token>`
+
+.. note::
+
+    See sample :ref:`token_sample`
+
+
+Token
+'''''
+
+.. autoclass:: Token
+   :members:
+   :inherited-members:
+
+
+TokenGroups
+'''''''''''
+
+.. autoclass:: TokenGroups
+    :show-inheritance:
+    :members:
+    :inherited-members:
+
+
+
+TokenPrivileges
+'''''''''''''''
+
+.. autoclass:: TokenPrivileges
+    :show-inheritance:
+    :special-members: __getitem__, __setitem__
+    :members:
+    :inherited-members:
+
+
+TokenSecurityAttributesInformation
+''''''''''''''''''''''''''''''''''
+
+.. autoclass:: TokenSecurityAttributesInformation
+    :show-inheritance:
+    :members:
+    :inherited-members:
+
+
+TokenSecurityAttributeV1
+''''''''''''''''''''''''
+
+.. autoclass:: TokenSecurityAttributeV1
+    :show-inheritance:
+    :members:
+    :inherited-members:
diff --git a/tests/test_token.py b/tests/test_token.py
@@ -1,28 +1,108 @@
+import pytest
+import os
+
 import windows
+import windows.security
 import windows.generated_def as gdef
 
+@pytest.fixture
+def curtok():
+    return windows.current_process.token
+
+@pytest.fixture
+def newtok():
+    return windows.current_process.token.duplicate()
+
+def test_token_info(curtok):
+    assert isinstance(curtok.computername, basestring)
+    assert isinstance(curtok.username, basestring)
+    assert isinstance(curtok.integrity, (int, long))
+    assert isinstance(curtok.is_elevated, (bool))
+
+def test_lower_integrity(newtok):
+    assert newtok.integrity != 123
+    # Change token integrity
+    newtok.integrity = 123
+    # newtok.integrity retrieve the integrity at each call so this in enough
+    assert newtok.integrity == 123
+
+def test_token_user(curtok):
+    user_sid = curtok.user
+    assert user_sid
+    computername, username = windows.security.lookup_sid(user_sid)
+    assert computername == windows.system.computer_name
+    assert username == os.environ["USERNAME"]
+
+def test_token_id(curtok):
+    ntok = curtok.duplicate()
+    assert ntok.id != curtok.id
+    mid = ntok.modified_id
+    aid = ntok.authentication_id
+    ntok.enable_privilege("SeShutDownPrivilege")
+    mid2 = ntok.modified_id
+    aid2 = ntok.authentication_id
+    ntok.integrity -= 1
+    assert ntok.modified_id != mid2 != mid
+    assert ntok.authentication_id == aid2 == aid
+
+
+def test_enable_privilege(newtok):
+    PRIVILEGE_NAME = "SeShutdownPrivilege"
+    assert not newtok.privileges[PRIVILEGE_NAME] & gdef.SE_PRIVILEGE_ENABLED
+    newtok.enable_privilege(PRIVILEGE_NAME)
+    assert newtok.privileges[PRIVILEGE_NAME] & gdef.SE_PRIVILEGE_ENABLED
+
+
+def test_adjust_privilege(newtok):
+    PRIVILEGE_NAME = "SeShutdownPrivilege"
+    PRIVILEGE2_NAME = "SeTimeZonePrivilege"
+    tok_dup = newtok.duplicate()
+    assert not tok_dup.privileges[PRIVILEGE_NAME] & gdef.SE_PRIVILEGE_ENABLED
+    assert not tok_dup.privileges[PRIVILEGE2_NAME] & gdef.SE_PRIVILEGE_ENABLED
+    # Enable privilege in another token.
+    privs = newtok.privileges
+    assert not privs[PRIVILEGE_NAME] & gdef.SE_PRIVILEGE_ENABLED
+    assert not privs[PRIVILEGE2_NAME] & gdef.SE_PRIVILEGE_ENABLED
+
+    privs[PRIVILEGE_NAME] = gdef.SE_PRIVILEGE_ENABLED
+    privs[PRIVILEGE2_NAME] = gdef.SE_PRIVILEGE_ENABLED
+    tok_dup.adjust_privileges(privs)
+
+    assert tok_dup.privileges[PRIVILEGE_NAME] & gdef.SE_PRIVILEGE_ENABLED
+    assert tok_dup.privileges[PRIVILEGE2_NAME] & gdef.SE_PRIVILEGE_ENABLED
+
+    assert not newtok.privileges[PRIVILEGE_NAME] & gdef.SE_PRIVILEGE_ENABLED
+    newtok.enable_privilege(PRIVILEGE_NAME)
+    assert newtok.privileges[PRIVILEGE_NAME] & gdef.SE_PRIVILEGE_ENABLED
+
+
+def test_token_groups(curtok):
+    groups = curtok.groups
+    groups_size = groups.GroupCount
+    assert groups_size > 0
+    assert len(groups.sids) == groups_size
+    assert len(groups.sids_and_attributes) == groups_size
+
+def test_token_duplicate(newtok):
+    x = newtok.duplicate()
+    assert x.type == newtok.type
+
+    primtok = newtok.duplicate(type=gdef.TokenPrimary)
+    assert primtok.type == gdef.TokenPrimary
+    with pytest.raises(WindowsError):
+        assert x.impersonation_level
+
+    with pytest.raises(ValueError):
+        # duplicate TokenPrimary -> TokenImpersonation require explicit impersonation_level
+        primtok.duplicate(type=gdef.TokenImpersonation)
 
+    for i in range(gdef.SecurityAnonymous, gdef.SecurityDelegation + 1):
+        x = newtok.duplicate(type=gdef.TokenImpersonation, impersonation_level=i)
+        assert x.type == gdef.TokenImpersonation
+        assert x.impersonation_level == i
 
-def test_token_info():
-    token = windows.current_process.token
-    assert isinstance(token.computername, basestring)
-    assert isinstance(token.username, basestring)
-    assert isinstance(token.integrity, (int, long))
-    assert isinstance(token.is_elevated, (bool))
 
-def test_lower_integrity(proc32):
-    # Lowering the integrity in remote process
-    # Because we don't want to mess with the token of our testing process
 
-    proc32.execute_python("import windows")
-    # We stock the handle becase lowering the integrity
-    # will mess with token retrieval
-    proc32.execute_python("token = windows.current_process.token")
-    proc32.execute_python("token.integrity = 123")
-    # execute_python will raise this in our own process :)
-    proc32.execute_python("assert token.integrity == 123")
 
 
-def test_token_elevation():
-    tok = windows.current_process.token
-    assert tok.TokenElevation
+# def test_token_groups
diff --git a/windows/winobject/token.py b/windows/winobject/token.py
