win32security.LogonUser
John Abel
john.abel at pa.press.net
Tue Jul 8 10:25:26 EDT 2003
Hi,
Try adding the user running the script, to "Act As PartOf The OS" in the
policy editor. It seems that is required, for you to add/remove tokens.
Regards
John
Darrell wrote:
>On windows 2000 I tried to use winprocess.py with the login option.
>In an effort to run as a diffrent user.
>It didn't work and lots of searching didn't help.
>This was my best hit.
>http://www.faqts.com/knowledge_base/view.phtml/aid/4466
>
>Worked around the problem using runas.exe
>
>This is as far as I got.
>The following code tries to give me every Privilege it can then fails.
>pywintypes.error: (1314, 'LogonUser', 'A required privilege is not
>held by the client.')
>
>--Darrell
>
>
>import win32con, os, sys
>sys.path.append(os.sep.join(win32con.__file__.split(os.sep)[:-2])+os.sep+"demos")
>
>import winprocess
>from ntsecuritycon import *
>import ntsecuritycon, win32security, win32api
>
>def AdjustPrivilege(priv, enable = 1):
> print priv
> # Get the process token.
> flags = TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY |TOKEN_DUPLICATE|
>TOKEN_IMPERSONATE
>
> #flags= TOKEN_QUERY
> htoken = win32security.OpenProcessToken(win32api.GetCurrentProcess(),
>flags)
> # Get the ID for the privilege.
> try:
> id = win32security.LookupPrivilegeValue(None, priv)
> except:
> print 'Fail'
> return
> # Now obtain the privilege for this process.
> # Create a list of the privileges to be added.
> if enable:
> newPrivileges = [(id, SE_PRIVILEGE_ENABLED)]
> else:
> newPrivileges = [(id, 0)]
> # and make the adjustment.
> win32security.AdjustTokenPrivileges(htoken, 0, newPrivileges)
>
># now set the rights
>if 1:
> for k, v in ntsecuritycon.__dict__.items():
> if k.find("SE_")==0 and isinstance(v, str):
> print k,
> AdjustPrivilege(v)
>
>AdjustPrivilege(SE_CHANGE_NOTIFY_NAME)
>AdjustPrivilege(SE_TCB_NAME)
>AdjustPrivilege(SE_ASSIGNPRIMARYTOKEN_NAME)
>
>SE_INTERACTIVE_LOGON_NAME = "SeInteractiveLogonRight"
>#AdjustPrivilege(SE_INTERACTIVE_LOGON_NAME)
>
>if __name__ == '__main__':
>
> # Pipe commands to a shell and display the output in notepad
> print 'Testing winprocess.py...'
>
> import tempfile
>
> timeoutSeconds = 15
> cmdString = """\
>REM Test of winprocess.py piping commands to a shell.\r
>REM This window will close in %d seconds.\r
>vol\r
>net user\r
>_this_is_a_test_of_stderr_\r
>""" % timeoutSeconds
>
> cmd, out = tempfile.TemporaryFile(), tempfile.TemporaryFile()
> cmd.write(cmdString)
> cmd.seek(0)
> print 'CMD.EXE exit code:', winprocess.run('cmd.exe', show=0,
>stdin=cmd, login=".\nuser\nuser1",#administrator\n",
> stdout=out, stderr=out)
> cmd.close()
> print 'NOTEPAD exit code:', winprocess.run('notepad.exe %s' %
>out.file.name,
> show=win32con.SW_MAXIMIZE,
> mSec=timeoutSeconds*1000)
> out.close()
>
>
More information about the Python-list
mailing list