win32security.LogonUser

Discussion in 'Python' started by Darrell, Jul 8, 2003.

  1. Darrell

    Darrell Guest

    On windows 2000 I tried to use winprocess.py with the login option.
    In an effort to run as a diffrent user.
    It didn't work and lots of searching didn't help.
    This was my best hit.
    http://www.faqts.com/knowledge_base/view.phtml/aid/4466

    Worked around the problem using runas.exe

    This is as far as I got.
    The following code tries to give me every Privilege it can then fails.
    pywintypes.error: (1314, 'LogonUser', 'A required privilege is not
    held by the client.')

    --Darrell


    import win32con, os, sys
    sys.path.append(os.sep.join(win32con.__file__.split(os.sep)[:-2])+os.sep+"demos")

    import winprocess
    from ntsecuritycon import *
    import ntsecuritycon, win32security, win32api

    def AdjustPrivilege(priv, enable = 1):
    print priv
    # Get the process token.
    flags = TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY |TOKEN_DUPLICATE|
    TOKEN_IMPERSONATE

    #flags= TOKEN_QUERY
    htoken = win32security.OpenProcessToken(win32api.GetCurrentProcess(),
    flags)
    # Get the ID for the privilege.
    try:
    id = win32security.LookupPrivilegeValue(None, priv)
    except:
    print 'Fail'
    return
    # Now obtain the privilege for this process.
    # Create a list of the privileges to be added.
    if enable:
    newPrivileges = [(id, SE_PRIVILEGE_ENABLED)]
    else:
    newPrivileges = [(id, 0)]
    # and make the adjustment.
    win32security.AdjustTokenPrivileges(htoken, 0, newPrivileges)

    # now set the rights
    if 1:
    for k, v in ntsecuritycon.__dict__.items():
    if k.find("SE_")==0 and isinstance(v, str):
    print k,
    AdjustPrivilege(v)

    AdjustPrivilege(SE_CHANGE_NOTIFY_NAME)
    AdjustPrivilege(SE_TCB_NAME)
    AdjustPrivilege(SE_ASSIGNPRIMARYTOKEN_NAME)

    SE_INTERACTIVE_LOGON_NAME = "SeInteractiveLogonRight"
    #AdjustPrivilege(SE_INTERACTIVE_LOGON_NAME)

    if __name__ == '__main__':

    # Pipe commands to a shell and display the output in notepad
    print 'Testing winprocess.py...'

    import tempfile

    timeoutSeconds = 15
    cmdString = """\
    REM Test of winprocess.py piping commands to a shell.\r
    REM This window will close in %d seconds.\r
    vol\r
    net user\r
    _this_is_a_test_of_stderr_\r
    """ % timeoutSeconds

    cmd, out = tempfile.TemporaryFile(), tempfile.TemporaryFile()
    cmd.write(cmdString)
    cmd.seek(0)
    print 'CMD.EXE exit code:', winprocess.run('cmd.exe', show=0,
    stdin=cmd, login=".\nuser\nuser1",#administrator\n",
    stdout=out, stderr=out)
    cmd.close()
    print 'NOTEPAD exit code:', winprocess.run('notepad.exe %s' %
    out.file.name,
    show=win32con.SW_MAXIMIZE,
    mSec=timeoutSeconds*1000)
    out.close()
     
    Darrell, Jul 8, 2003
    #1
    1. Advertising

  2. Darrell

    John Abel Guest

    Hi,

    Try adding the user running the script, to "Act As PartOf The OS" in the
    policy editor. It seems that is required, for you to add/remove tokens.

    Regards

    John

    Darrell wrote:

    >On windows 2000 I tried to use winprocess.py with the login option.
    >In an effort to run as a diffrent user.
    >It didn't work and lots of searching didn't help.
    >This was my best hit.
    >http://www.faqts.com/knowledge_base/view.phtml/aid/4466
    >
    >Worked around the problem using runas.exe
    >
    >This is as far as I got.
    >The following code tries to give me every Privilege it can then fails.
    >pywintypes.error: (1314, 'LogonUser', 'A required privilege is not
    >held by the client.')
    >
    >--Darrell
    >
    >
    >import win32con, os, sys
    >sys.path.append(os.sep.join(win32con.__file__.split(os.sep)[:-2])+os.sep+"demos")
    >
    >import winprocess
    >from ntsecuritycon import *
    >import ntsecuritycon, win32security, win32api
    >
    >def AdjustPrivilege(priv, enable = 1):
    > print priv
    > # Get the process token.
    > flags = TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY |TOKEN_DUPLICATE|
    >TOKEN_IMPERSONATE
    >
    > #flags= TOKEN_QUERY
    > htoken = win32security.OpenProcessToken(win32api.GetCurrentProcess(),
    >flags)
    > # Get the ID for the privilege.
    > try:
    > id = win32security.LookupPrivilegeValue(None, priv)
    > except:
    > print 'Fail'
    > return
    > # Now obtain the privilege for this process.
    > # Create a list of the privileges to be added.
    > if enable:
    > newPrivileges = [(id, SE_PRIVILEGE_ENABLED)]
    > else:
    > newPrivileges = [(id, 0)]
    > # and make the adjustment.
    > win32security.AdjustTokenPrivileges(htoken, 0, newPrivileges)
    >
    ># now set the rights
    >if 1:
    > for k, v in ntsecuritycon.__dict__.items():
    > if k.find("SE_")==0 and isinstance(v, str):
    > print k,
    > AdjustPrivilege(v)
    >
    >AdjustPrivilege(SE_CHANGE_NOTIFY_NAME)
    >AdjustPrivilege(SE_TCB_NAME)
    >AdjustPrivilege(SE_ASSIGNPRIMARYTOKEN_NAME)
    >
    >SE_INTERACTIVE_LOGON_NAME = "SeInteractiveLogonRight"
    >#AdjustPrivilege(SE_INTERACTIVE_LOGON_NAME)
    >
    >if __name__ == '__main__':
    >
    > # Pipe commands to a shell and display the output in notepad
    > print 'Testing winprocess.py...'
    >
    > import tempfile
    >
    > timeoutSeconds = 15
    > cmdString = """\
    >REM Test of winprocess.py piping commands to a shell.\r
    >REM This window will close in %d seconds.\r
    >vol\r
    >net user\r
    >_this_is_a_test_of_stderr_\r
    >""" % timeoutSeconds
    >
    > cmd, out = tempfile.TemporaryFile(), tempfile.TemporaryFile()
    > cmd.write(cmdString)
    > cmd.seek(0)
    > print 'CMD.EXE exit code:', winprocess.run('cmd.exe', show=0,
    >stdin=cmd, login=".\nuser\nuser1",#administrator\n",
    > stdout=out, stderr=out)
    > cmd.close()
    > print 'NOTEPAD exit code:', winprocess.run('notepad.exe %s' %
    >out.file.name,
    > show=win32con.SW_MAXIMIZE,
    > mSec=timeoutSeconds*1000)
    > out.close()
    >
    >
     
    John Abel, Jul 8, 2003
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Mary Chipman

    Re: Impersonation in ASPNET and LogonUser

    Mary Chipman, Sep 3, 2003, in forum: ASP .Net
    Replies:
    0
    Views:
    471
    Mary Chipman
    Sep 3, 2003
  2. John Abel

    Re: win32security.LogonUser

    John Abel, Jul 8, 2003, in forum: Python
    Replies:
    0
    Views:
    412
    John Abel
    Jul 8, 2003
  3. Darrell Gallion

    Re: win32security.LogonUser

    Darrell Gallion, Jul 8, 2003, in forum: Python
    Replies:
    0
    Views:
    531
    Darrell Gallion
    Jul 8, 2003
  4. Emin.shopper Martinian.shopper

    subprocess and win32security.ImpersonateLoggedOnUser

    Emin.shopper Martinian.shopper, Jun 1, 2009, in forum: Python
    Replies:
    0
    Views:
    367
    Emin.shopper Martinian.shopper
    Jun 1, 2009
  5. Tim Golden
    Replies:
    0
    Views:
    413
    Tim Golden
    Jun 1, 2009
Loading...

Share This Page