CGI Problem on MS IIS 5.0 - Trying to access files on other machines
Roger Upole
rupole at hotmail.com
Thu Sep 15 17:18:38 EDT 2005
You need to adjust your privileges before you call LogonUser.
hth
Roger
"paulp" <paulpigott at earthlink.net> wrote in message news:RhlWe.12307$_84.12168 at newsread1.news.atl.earthlink.net...
> Greetings,
>
> I'm working on a CGI program that will run under MS IIS 5.0 and will
> browse folders on three other machines, building HTML pages that will
> provide links to these folders.
>
> Essentially, the CGI will connect to each machine in turn, doing the
> FindFirst/FindNext process based on the current criteria. It will
> select certain files/folders, and build an HTML page as it goes.
>
> The premise is fine. If I run the program from the command line, it
> seems to work fine and I get my HTML code out. I can copy the code
> into a separate file, open it in the browser, and all appears right
> with the world.
>
> However, when I try to run the CGI from the browser itself, I get all
> kinds of problems. The first one I got was a 1312, "A specified logon
> session does not exist. It may have already been terminated." After
> doing some searching, I began to investigate impersonation of a logged
> on user. This produces a different error: 1314, "A required privilege
> is not held by the client."
>
> The code involved and the output I'm getting follows:
>
> ---------BEGIN----------
> class Impersonate:
> def __init__(self, login, password ):
> self.domain = '4Q9ND21'
> self.login = login
> self.password = password
> self.handel = None
> def logon(self):
> tracelist.append("Impersonate logon step 0")
> win32security.RevertToSelf() # terminates impersonation
> tracelist.append("Impersonate logon step 1")
> self.handel = win32security.LogonUser( self.login, self.domain,
> self.password, win32con.LOGON32_LOGON_INTERACTIVE,
> win32con.LOGON32_PROVIDER_DEFAULT )
> tracelist.append("Impersonate logon step 2")
> win32security.ImpersonateLoggedOnUser(self.handel)
> tracelist.append("Impersonate logon step complete")
> def logoff(self):
> win32security.RevertToSelf() # terminates impersonation
> if self.handel != None:
> self.handel.Close() # guarantee cleanup
> ----------END-----------
>
> and I execute this code with the following
>
> ---------BEGIN----------
> impersonate = Impersonate( 'PYTHONTEST', 'PYTHONTEST' )
> try:
> tracelist.append("about to attempt the IMPERSONATE")
> impersonate.logon()
> tracelist.append("impersonate did NOT throw exception")
> b=AdjustPrivilege(SE_SYSTEM_PROFILE_NAME)
> b=AdjustPrivilege(SE_TCB_NAME)
> try:
> tracelist.append("win32api.GetUserName = " +
> win32api.GetUserName() )
> # print win32api.GetUserName() #show you're someone else
> finally:
> impersonate.logoff() #return to normal
> except:
> a = "Impersonate Logon Error: %s %s" % (sys.exc_type, sys.exc_value)
> tracelist.append(a)
> # print sys.exc_type, sys.exc_value
> ----------END-----------
>
> When I run this code, my tracelist comes out with
>
> ---------BEGIN----------
> 2005-09-15 16:43:37
> about to attempt the IMPERSONATE
> Impersonate logon step 0
> Impersonate logon step 1
> Impersonate Logon Error: pywintypes.error (1314, 'LogonUser', 'A required
> privilege is not held by the client.')
> ----------END-----------
>
>
> I'm coding this in Python 2.4 and the Windows extensions. I have a
> number of other CGI programs in Python running under IIS that work
> correctly, but those only do database accesses. This one I'm trying to
> put together is the first one to actually do file searches.
>
>
> I have set the privileges for the logged on account on my IIS box for
> SE_TCB_NAME, SE_CHANGE_NOTIFY_NAME and SE_ASSIGNPRIMARYTOKEN_NAME and
> rebooted. To no avail. I'm not sure if there are additional
> alterations that need to be done to the security policies or not.
> Again, I'm not a guru.
>
>
> If anyone can give me more information/guidance I would greatly
> appreciate it. If you need more information from me, I will do my best
> to provide it.
>
> TIA,
>
> Paul
>
>
----== Posted via Newsfeeds.Com - Unlimited-Uncensored-Secure Usenet News==----
http://www.newsfeeds.com The #1 Newsgroup Service in the World! 120,000+ Newsgroups
----= East and West-Coast Server Farms - Total Privacy via Encryption =----
More information about the Python-list
mailing list