Warning! Newbie issue - Impersonating a user on Win32

Doug Glenn dglenn at charter.net
Wed Jan 15 12:01:44 EST 2003


Greetings,

I have run into a roadblock and I cannot figure it out :( 
A portion of the following code came from the Python 
cookbook. That code followed verbatim gives me a 
Exception: pywintypes.api_error (1314, 'LogonUser', 'A 
required privilege is not held by the client.'). Poking 
through mail lists gives me a temporary respite. This is 
the AdjustPriviledges() definition.  Then I had to go and 
discover what flags it was expecting. Using any of the 
flags below will result in None being returned, so it 
works... Just how can I use it with the below script? I 
get the error on the a.login() call.  What do I need to 
change to make this work?  

The scenario is running this as a normal user and it 
elevate the process priveledge to run a program for the 
user using Admin rights.  It is not allowing the login, so 
it skips the code to run the program.

SE_CREATE_TOKEN_NAME              = 
"SeCreateTokenPrivilege"
SE_ASSIGNPRIMARYTOKEN_NAME        = 
"SeAssignPrimaryTokenPrivilege"
SE_LOCK_MEMORY_NAME               = 
"SeLockMemoryPrivilege"
SE_INCREASE_QUOTA_NAME            = 
"SeIncreaseQuotaPrivilege"
SE_UNSOLICITED_INPUT_NAME         = 
"SeUnsolicitedInputPrivilege"
SE_MACHINE_ACCOUNT_NAME           = 
"SeMachineAccountPrivilege"
SE_TCB_NAME                       = "SeTcbPrivilege"
SE_SECURITY_NAME                  = "SeSecurityPrivilege"
SE_TAKE_OWNERSHIP_NAME            = 
"SeTakeOwnershipPrivilege"
SE_LOAD_DRIVER_NAME               = 
"SeLoadDriverPrivilege"
SE_SYSTEM_PROFILE_NAME            = 
"SeSystemProfilePrivilege"
SE_SYSTEMTIME_NAME                = 
"SeSystemtimePrivilege"
SE_PROF_SINGLE_PROCESS_NAME       = 
"SeProfileSingleProcessPrivilege"
SE_INC_BASE_PRIORITY_NAME         = 
"SeIncreaseBasePriorityPrivilege"
SE_CREATE_PAGEFILE_NAME           = 
"SeCreatePagefilePrivilege"
SE_CREATE_PERMANENT_NAME          = 
"SeCreatePermanentPrivilege"
SE_BACKUP_NAME                    = "SeBackupPrivilege"
SE_RESTORE_NAME                   = "SeRestorePrivilege"
SE_SHUTDOWN_NAME                  = "SeShutdownPrivilege"
SE_DEBUG_NAME                     = "SeDebugPrivilege"
SE_AUDIT_NAME                     = "SeAuditPrivilege"
SE_SYSTEM_ENVIRONMENT_NAME        = 
"SeSystemEnvironmentPrivilege"
SE_CHANGE_NOTIFY_NAME             = 
"SeChangeNotifyPrivilege"
SE_REMOTE_SHUTDOWN_NAME           = 
"SeRemoteShutdownPrivilege"






import os
import sys
import win32security
import win32con
import win32api
from ntsecuritycon import *

program="sadmin.exe"
#domain=os.getenv('COMPUTERNAME')
domain=None

def AdjustPrivilege(priv, enable = 1):
     # Get the process token.
     flags = TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY
     #flags= TOKEN_QUERY
     htoken = 
win32security.OpenProcessToken(win32api.GetCurrentProcess(), 
flags)
     # Get the ID for the privilege.
     id = win32security.LookupPrivilegeValue(None, priv)
     # Now obtain the privilege for this process.
     # Create a list of the privileges to be added.
     if enable:
         newPrivileges = [(id, SE_PRIVILEGE_ENABLED)]
     else:
         newPrivileges = [(id, 0)]
     # and make the adjustment.
     win32security.AdjustTokenPrivileges(htoken, 0, 
newPrivileges)
     


class Impersonate:

     def __init__(self, login, password):
         self.domain=domain
         self.login=login
         self.password=password
     def logon(self):
         self.handel=win32security.LogonUser(self.login,self.domain,self.password,win32con.LOGON32_LOGON_INTERACTIVE,win32con.LOGON32_PROVIDER_DEFAULT)
         win32security.ImpersonateLoggedOnUser(self.handel)
     def logoff(self):
         win32security.RevertToSelf() #terminates 
impersonation
         self.handel.Close() #guarantees cleanup


if __name__ =='__main__':
     a=Impersonate('foo''bar') 
         
     try:
         a.logon() #become the user
         AdjustPrivilege(SE_SYSTEM_PROFILE_NAME)
         
         try:
             os.execvp(program)
             print win32api.GetUserName() #show you're 
someone else
         finally:
             a.logoff() #return to normal
     except:
             print 'Exception:',sys.exc_type , 
sys.exc_value





More information about the Python-list mailing list