win32security: setting process privileges
Mark Tompkins
mdtompkins at home.com
Tue Dec 5 15:47:59 EST 2000
Hi,
I'm trying to set process privileges in a thread that needs to call
win32security.LogonUser.
I need to enable
SE_TCB_NAME
SE_CHANGE_NOTIFY_NAME
SE_ASSIGNPRIMARYTOKEN_NAME
When I attempt to assign these privileges to the current thread, only
one assignment succeeds (SE_CHANGE_NOTIFY_NAME). The MSDK win32 api
docs INDICATE that SE_CHANGE_NOTIFY_NAME is assigned by default. The
following example is for SE_ASSIGNPRIMARYTOKEN_NAME.
>>>import win32security
>>>import ntsecuritycon
>>>import win32con
>>>import win32api
>>>
win32security.LookupPrivilegeValue(None,ntsecuritycon.SE_CHANGE_NOTIFY_NAME))
7
>>>
win32security.LookupPrivilegeValue(None,ntsecuritycon.SE_ASSIGNPRIMARYTOKEN_NAME)
23
>>>
win32security.LookupPrivilegeValue(None,ntsecuritycon.SE_ASSIGNPRIMARYTOKEN_NAME)
3
>>> flags=ntsecuritycon.TOKEN_ADJUST_PRIVILEGES |
ntsecuritycon.TOKEN_QUERY
>>> flags
40
>>>id=win32security.LookupPrivilegeValue(None,ntsecuritycon.SE_ASSIGNPRIMARYTOKEN_NAME)
>>> id
3
>>> nP=[(id,ntsecuritycon.SE_PRIVILEGE_ENABLED)]
>>> nP
[(3, 2)]
>>>
htoken=win32security.OpenProcessToken(win32api.GetCurrentProcess(),flags)
>>> htoken
268
>>> win32security.AdjustTokenPrivileges(htoken,0,nP)
Traceback (innermost last):
File "<interactive input>", line 1, in ?
api_error: (1300, 'MyAdjustTokenPrivileges', 'Not all privileges
referenced are assigned to the caller.')
>>>
What privileges do I as a user need to be assigned, in order that the
other two privileges are enabled for me, or are grantable by me to a
process? I am currently a member of the administrators group on the
machine that I am coding on.
thx
Mark
More information about the Python-list
mailing list