win32 all question, win32security, impersonation
Syver Enstad
syver-en+usenet at online.no
Wed May 22 09:19:44 EDT 2002
I was fiddling around with mount points on win2k (using windll) the
other day, and discovered that I had to be administrator to delete
mount points but only a super user to create them. Anyway, for fun I
decided to check out the win32 api on how to logon as a different user
while executing a program, I checked out the overview section on
impersonation in the win32 all documentation, and it said that I had
to obtain some privileges to be able to call the LogonUser function
with any luck. I then proceeded to obtain the necessary privileges in
my program using the sample code from the book *Python Programming on
win32* by Hammond and Robinson. I succeed in obtaining one of the
necessary privileges but as soon as I add the remaining privilges, the
call to adjust privileges fail with:
pywintypes.api_error: (1300, 'MyAdjustTokenPrivileges',
'Not all privileges referenced are assigned to the caller.')
This also fails while running as administrator.
I've only succeeded in getting the following privileges enabled
SE_CHANGE_NOTIFY_NAME and SE_SHUTDOWN_NAME, when I add others it fails
with the exception shown above. (I only tried with the
SE_SHUTDOWN_NAME privilege to see if there were any problems getting
more than one privilege enabled).
For good measure here's the source code in question:
import win32api
import win32security
from ntsecuritycon import *
import sys
def AdjustPrivilege(aPrivilegeStringList):
flags = win32security.TOKEN_ADJUST_PRIVILEGES | win32security.TOKEN_QUERY
htoken = win32security.OpenProcessToken(win32api.GetCurrentProcess(), flags)
newPrivileges = []
for each in aPrivilegeStringList:
id = win32security.LookupPrivilegeValue(None, each)
newPrivileges.append((id, SE_PRIVILEGE_ENABLED))
win32security.AdjustTokenPrivileges(htoken, 0, newPrivileges)
privileges = (SE_CHANGE_NOTIFY_NAME,SE_TCB_NAME, SE_ASSIGNPRIMARYTOKEN_NAME)
AdjustPrivilege(privileges)
--
Vennlig hilsen
Syver Enstad
More information about the Python-list
mailing list