how to get enough privilege to use LogonUser?
TH Lim
sshark97 at hotmail.com
Mon Sep 10 07:12:12 EDT 2001
Hi,
I tried win32security.LogonUser(...) method according to the
ActiveState document. However, I was thrown the exception 'Not all
privileges referenced are assigned to the caller.'
The code I used is shown below (AdjustPrivilege is copied from Mark
Hammond's example), please advise. Thank you
===begin
import win32api
import win32security
import win32con
from ntsecuritycon import *
def AdjustPrivilege(priv, enable = 1):
# Get the process token.
flags = TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY
htoken = win32security.OpenProcessToken(win32api.GetCurrentProcess(),flags)
# Get the ID for the privilege.
id = win32security.LookupPrivilegeValue(None, priv)
# Now obtain the privilege for this process.
# Create a list of the privileges to be added.
if enable:
newPrivileges = [(id, SE_PRIVILEGE_ENABLED)]
else:
newPrivileges = [(id, 0)]
# and make the adjustment.
win32security.AdjustTokenPrivileges(htoken, 0, newPrivileges)
if __name__ == '__main__' :
print "1"
AdjustPrivilege(SE_TCB_NAME)
print "2"
AdjustPrivilege(SE_CHANGE_NOTIFY_NAME)
print "3"
AdjustPrivilege(SE_ASSIGNPRIMARYTOKEN_NAME)
handle = win32security.LogonUser('dct_thlim', None, 'cybert0uch',\
win32con.LOGON32_LOGON_INTERACTIVE,win32con.LOGON32_PROVIDER_DEFAULT)
win32security.ImpersonateLoggedOnUser(handel)
print win32api.GetUserName()
handle.close()
win32security.RevertToSelf() #terminates impersonation
print win32api.GetUserName()
=== end
More information about the Python-list
mailing list