Module win32security
An interface to the win32 security API's
Methods
- DsGetSpn
- Compose one or more service principal names to be registered using win32security::DsWriteAccountSpn
- DsWriteAccountSpn
- Associates a set of service principal names with an account
- DsBind
- Creates a connection to a directory service
- DsUnBind
- Closes a directory services handle created by win32security::DsBind
- DsGetDcName
- Returns the name of a domain controller (DC) in a specified domain.
You can supply DC selection criteria to this function to indicate preference for a DC with particular characteristics.
- DsCrackNames
- Converts an array of directory service object names from one format to another.
- DsListInfoForServer
- Lists miscellaneous information for a server.
- DsListServersInSite
-
- DsListServersInSite
-
- DsListServersInSite
-
- DsListRoles
-
- DsListDomainsInSite
-
- ACL
- Creates a new PyACL object.
- SID
- Creates a new PySID object.
- SECURITY_ATTRIBUTES
- Creates a new PySECURITY_ATTRIBUTES object.
- SECURITY_DESCRIPTOR
- Creates a new PySECURITY_DESCRIPTOR object.
- ImpersonateNamedPipeClient
- Impersonates a named-pipe client application.
- ImpersonateLoggedOnUser
- Impersonates a logged on user.
- ImpersonateAnonymousToken
- Cause a thread to act in the security context of an anonymous token
- IsTokenRestricted
- Checks if a token contains restricted sids
- RevertToSelf
- Terminates the impersonation of a client application.
- LogonUser
- Attempts to log a user on to the local computer, that is, to the computer from which LogonUser was called. You cannot use LogonUser to log on to a remote computer.
- LogonUserEx
- Log a user onto the local machine,
- LookupAccountName
- Accepts the name of a system and an account as input. It retrieves a security identifier (SID) for the account and the name of the domain on which the account was found.
- LookupAccountSid
- Accepts a security identifier (SID) as input. It retrieves the name of the account for this SID and the name of the first domain on which this SID is found.
- GetBinarySid
- Accepts a SID string (eg: S-1-5-32-544) and returns the SID as a PySID object.
- SetSecurityInfo
- Sets security info for an object by handle
- GetSecurityInfo
- Retrieve security info for an object by handle
- SetNamedSecurityInfo
- Sets security info for an object by name
- GetNamedSecurityInfo
- Retrieve security info for an object by name
- OpenProcessToken
- Opens the access token associated with a process.
- LookupPrivilegeValue
- Retrieves the locally unique id for a privilege name
- LookupPrivilegeName
- return the text name for a privilege LUID
- LookupPrivilegeDisplayName
- Returns long description for a privilege name
- AdjustTokenPrivileges
- Enables or disables privileges for an access token.
- AdjustTokenGroups
- Sets the groups associated to an access token.
- GetTokenInformation
- Retrieves a specified type of information about an access token. The calling process must have appropriate access rights to obtain the information.
- OpenThreadToken
- Opens the access token associated with a thread.
- SetThreadToken
- Assigns an impersonation token to a thread. The function
can also cause a thread to stop using an impersonation token.
- GetFileSecurity
- Obtains specified information about the security of a file or directory. The information obtained is constrained by the caller's access rights and privileges.
- SetFileSecurity
- Sets information about the security of a file or directory. The information obtained is constrained by the caller's access rights and privileges.
- GetUserObjectSecurity
- Obtains specified information about the security of a user object. The information obtained is constrained by the caller's access rights and privileges.
- SetUserObjectSecurity
- Sets information about the security of a user object. The information obtained is constrained by the caller's access rights and privileges.
- GetKernelObjectSecurity
- Obtains specified information about the security of a kernel object. The information obtained is constrained by the caller's access rights and privileges.
- SetKernelObjectSecurity
- Sets information about the security of a kernel object. The information obtained is constrained by the caller's access rights and privileges.
- SetTokenInformation
- Set a specified type of information in an access token
- LsaOpenPolicy
- Opens a policy handle for the specified system
- LsaClose
- Closes a policy handle created by win32security::LsaOpenPolicy
- LsaQueryInformationPolicy
- Retrieves information from the policy handle
- LsaSetInformationPolicy
- Sets policy options
- LsaAddAccountRights
- Adds a list of privileges to an account
- LsaRemoveAccountRights
- Removes privs from an account
- LsaEnumerateAccountRights
- Lists privileges held by SID
- LsaEnumerateAccountsWithUserRight
- Return SIDs that hold specified priv
- ConvertSidToStringSid
- Return string representation of a SID
- ConvertStringSidToSid
- Creates a SID from a string representation
- ConvertSecurityDescriptorToStringSecurityDescriptor
- Return string representation of a SECURITY_DESCRIPTOR
- ConvertStringSecurityDescriptorToSecurityDescriptor
- Turns string representation of a SECURITY_DESCRIPTOR into the real thing
- LsaStorePrivateData
- Stores encrypted unicode data under specified Lsa registry key. Returns None on success
- LsaRetrievePrivateData
- Retreives encrypted unicode data from Lsa registry key.
- LsaRegisterPolicyChangeNotification
- Register an event handle to receive policy change events
- LsaUnregisterPolicyChangeNotification
- Stop receiving policy change notification
- CryptEnumProviders
- List cryptography providers
- EnumerateSecurityPackages
- List available security packages as a sequence of dictionaries representing SecPkgInfo structures
- AllocateLocallyUniqueId
- Creates a new LUID
- ImpersonateSelf
- Assigns an impersonation token for current security context to current process
- DuplicateToken
- Creates a copy of an access token with specified impersonation level
- DuplicateTokenEx
- Extended version of DuplicateToken.
- CheckTokenMembership
- Checks if a SID is enabled in a token
- CreateRestrictedToken
- Creates a restricted copy of an access token with reduced privs - requires win2K or higher
- LsaRegisterLogonProcess
- Creates a trusted connection to LSA
- LsaConnectUntrusted
- Creates untrusted connection to LSA
- LsaDeregisterLogonProcess
- Closes connection to LSA server
- LsaLookupAuthenticationPackage
- Retrieves the unique id for an authentication package
- LsaEnumerateLogonSessions
- Lists all current logon ids
- LsaGetLogonSessionData
- Returns information about a logon session
- AcquireCredentialsHandle
- Creates a handle to credentials for use with SSPI
- InitializeSecurityContext
- Creates a security context based on credentials created by AcquireCredentialsHandle
- AcceptSecurityContext
- Builds security context between server and client
- QuerySecurityPackageInfo
- Retrieves parameters for a security package
- LsaCallAuthenticationPackage
- Requests the services of an authentication package
- TranslateName
- Converts a directory service object name from one format to another.
- CreateWellKnownSid
- Returns one of the predefined well known sids
- MapGenericMask
- Translates generic access rights into specific rights