win32 all question, win32security, impersonation

Wed May 22 09:19:44 EDT 2002

I was fiddling around with mount points on win2k (using windll) the
other day, and discovered that I had to be administrator to delete
mount points but only a super user to create them. Anyway, for fun I
decided to check out the win32 api on how to logon as a different user
while executing a program, I checked out the overview section on
impersonation in the win32 all documentation, and it said that I had
to obtain some privileges to be able to call the LogonUser function
with any luck. I then proceeded to obtain the necessary privileges in
my program using the sample code from the book *Python Programming on
win32* by Hammond and Robinson. I succeed in obtaining one of the
necessary privileges but as soon as I add the remaining privilges, the
call to adjust privileges fail with:

pywintypes.api_error: (1300, 'MyAdjustTokenPrivileges', 
'Not all privileges referenced are assigned to the caller.')

This also fails while running as administrator.

I've only succeeded in getting the following privileges enabled
SE_CHANGE_NOTIFY_NAME and SE_SHUTDOWN_NAME, when I add others it fails
with the exception shown above. (I only tried with the
SE_SHUTDOWN_NAME privilege to see if there were any problems getting
more than one privilege enabled).

For good measure here's the source code in question:

import win32api
import win32security
from ntsecuritycon import *
import sys

def AdjustPrivilege(aPrivilegeStringList):
    flags = win32security.TOKEN_ADJUST_PRIVILEGES | win32security.TOKEN_QUERY
    htoken = win32security.OpenProcessToken(win32api.GetCurrentProcess(), flags)
    newPrivileges = []
    for each in aPrivilegeStringList:
        id = win32security.LookupPrivilegeValue(None, each)
        newPrivileges.append((id, SE_PRIVILEGE_ENABLED))
    win32security.AdjustTokenPrivileges(htoken, 0, newPrivileges)

privileges = (SE_CHANGE_NOTIFY_NAME,SE_TCB_NAME, SE_ASSIGNPRIMARYTOKEN_NAME)

AdjustPrivilege(privileges)

-- 

Vennlig hilsen 

Syver Enstad