[python-win32] win32security.LogonUser
Tim Golden
mail at timgolden.me.uk
Thu Jul 24 12:48:52 CEST 2008
_ _ wrote:
> + I use os.path.isfile ("D:/test/local/file.txt") and return False. And
> "D:/test/local/file.txt" exists!
> + If I try to read a file return a error...
> + The user can't read or write files when I impersonated. But if I login
> interactive, or execute as, with this user ("testUser") I can read and
> write files...
> + With other user don't work. But If impersonated user is equal "main
> user" this works...
>
> More things:
> After impersonated, If I execute win32api.GetUserName() returns "testUser"
> After impersonated, if I try execute os.system ("dir") returns -1
> I can impersonate another user and write a file to an arbitrary point on
> my filesystem in other computer. This computer (where impersonated
> works) is out of windows domain.
Sorry, stupid of me: I didn't notice that you were
specifying a LOGON_NETWORK in the call to LogonUser.
Try using LOGON32_LOGON_INTERACTIVE instead. The
NETWORK_LOGON flag works fine for checking credentials
(altho' you're supposed to do that via SSPI these days)
but doesn't give you enough of a token to get hold of
local resources, I think.
The fact that you can access remote resources might be
because the remote non-domain machine allows guest
access.
TJG
More information about the python-win32
mailing list