win32security.AdjustTokenPrivileges

Jonathan Gilligan jonathan.gilligan at vanderbilt.edu
Tue Dec 5 21:40:39 CET 2000


In your code, there are two things: First, you have a
typo---"provValue" where you mean "procPrivValue" and second (I don't
know if it makes a difference) you have

  AdjustTokenPrivileges (processToken, 0, (provValue,
SE_PRIVILEGE_ENABLED) )

where I have the equivalent of

  AdjustTokenPrivileges (processToken, 0, [(provValue,
SE_PRIVILEGE_ENABLED) ])

(i.e., you pass a tuple for parameter 3, where I pass a list
containing a single tuple).

Here is some code I use that successfully reboots a remote computer:

import win32net, win32netcon, win32security, ntsecuritycon, win32api
import pythoncom
import sys, time

privilegeShutdown = ntsecuritycon.SE_REMOTE_SHUTDOWN_NAME
# fill in the name of the server you want to reboot (it can be remote)
ServerName = "\\\\TargetServer"

debug = 1

def trace(msg):
    if debug:
        print msg


#
# The code below is largely stolen from Mark Hammond's
# "Programming Win32 with Python," (O'Reilly, 2000).
# If you don't have this book, you should buy it!
#
# This blatant advertisement placed here by Jonathan Gilligan
#
def AdjustPrivilege(priv, enable = 1):
    # get the process token
    flags = ntsecuritycon.TOKEN_ADJUST_PRIVILEGES |
ntsecuritycon.TOKEN_QUERY
    htoken =
win32security.OpenProcessToken(win32api.GetCurrentProcess(), flags)
    # Get the id fof the system shutdown privilege
    id = win32security.LookupPrivilegeValue(None, priv)
    #
    #
    if enable:
        trace(("Enabling privilege %s" % priv))
        try:
            newPrivileges = [(id, ntsecuritycon.SE_PRIVILEGE_ENABLED)]
        except pythoncom.com_error, (hr, msg, exc, arg):
            trace("Failed with code %d: %s. " % (hr, msg))
            if (exc == None):
                trace("There is no extended error information")
            else:
                wcode, source, text, helpFile, helpId, scode = exc
                trace("The source of the error is %s, the message is
\"%s\", More info can be found in %s (id-%d)"
                      % (source, text, helpFile,helpId))
        except win32net.error:
            trace("Failed: '%s' = %s" % (sys.exc_info()[:2]))
        except:
            trace("Failed.")
        else:
            trace("Succeeded.")
    else:
        trace("Disabling privilege %s" % priv)
        try:
            newPrivileges = [(id, 0)]
        except pythoncom.com_error, (hr, msg, exc, arg):
            trace("Failed with code %d: %s. " % (hr, msg))
            if (exc == None):
                trace("There is no extended error information")
            else:
                wcode, source, text, helpFile, helpId, scode = exc
                trace("The source of the error is %s, the message is
\"%s\", More info can be found in %s (id-%d)"
                      % (source, text, helpFile,helpId))
        except win32net.error:
            trace("Failed: '%s' = %s" % (sys.exc_info()[:2]))
        except:
            trace("Failed.")
        else:
            trace("Succeeded.")
    win32security.AdjustTokenPrivileges(htoken, 0, newPrivileges)

def RebootServer(message = "Server Rebooting", timeout = 120, bForce =
0, bReboot = 1):
    trace("Preparing to reboot server")
    AdjustPrivilege(privilegeShutdown)
    try:
        win32api.InitiateSystemShutdown(ServerName, message, timeout,
bForce, bReboot)
    except pythoncom.com_error, (hr, msg, exc, arg):
        trace("Failed with code %d: %s. " % (hr, msg))
        if (exc == None):
            trace("There is no extended error information")
        else:
            wcode, source, text, helpFile, helpId, scode = exc
            trace("The source of the error is %s, the message is
\"%s\", More info can be found in %s (id-%d)"
                  % (source, text, helpFile,helpId))
    except win32net.error:
        trace("Failed: '%s' = %s" % (sys.exc_info()[:2]))
    except:
        trace("Failed.")
    else:
        trace("Succeeded.")
    AdjustPrivilege(privilegeShutdown, 0)

def AbortReboot():
    AdjustPrivilege(privilegeShutdown)
    trace("Aborting reboot on %s" % ServerName)
    try:
        win32api.AbortSystemShutdown(ServerName)
    except pythoncom.com_error, (hr, msg, exc, arg):
        trace("Failed with code %d: %s. " % (hr, msg))
        if (exc == None):
            trace("There is no extended error information")
        else:
            wcode, source, text, helpFile, helpId, scode = exc
            trace("The source of the error is %s, the message is
\"%s\", More info can be found in %s (id-%d)"
                  % (source, text, helpFile,helpId))
    except win32net.error:
        trace("Failed: '%s' = %s" % (sys.exc_info()[:2]))
    except:
        trace("Failed.")
    else:
        trace("Succeeded.")
    AdjustPrivilege(privilegeShutdown, 0)

#
# Set the timeout to whatever timeout you want to give the user on the
target
# workstation to shut down his work before you reboot.
#
tmout = 120
message = "Preparing to reboot server. You have %d seconds to finish
your work before the reboot."
RebootServer(message, timeout=tmout)



"Patrick Blanchette" <pblanchette at pixelsystems.com> wrote in message
news:3A2D3521.6010105 at pixelsystems.com...
> I,
>    I'd like to reboot a windows NT station using a Python script.
It is
> supposed to be possible using the Python extensions for Windows.  I
try
> the following code but an exception is thrown after the call to
> AdjustTokenPrivileges:
> -----------------------------------------------
> hProcess = GetCurrentProcess()
> processToken = OpenProcessToken(hProcess, TOKEN_ADJUST_PRIVILEGES |
> TOKEN_QUERY)
> procPrivValue = LookupPrivilegeValue (None, SE_SHUTDOWN_NAME)
> AdjustTokenPrivileges (processToken, 0, (provValue,
SE_PRIVILEGE_ENABLED) )
> ExitWindowsEx(EWX_REBOOT | EWX_FORCE, 0)
> -->
> Traceback (innermost last):
>   File "<interactive input>", line 1, in ?
> TypeError: A TOKEN_PRIVILEGES object must be a tuple of
(LARGE_INTEGER, int)
> -----------------------------------------------
>
> How should I use the AdjustTokenPrivileges function?
>
> thank
>





More information about the Python-list mailing list