Impersonation

[David Bolen]

Vedran Furac <vedranf at riteh.hr> writes:

> I would like to run a program as another user in win2k. I have runas
> utility but with this I need type password all the time. Using python and
> windows extensions it is posibile to write a program that will do this, here
> is a code:
> 
> handel=win32security.LogonUser('username','domain','pass',
> win32con.LOGON32_LOGON_INTERACTIVE,win32con.LOGON32_PROVIDER_DEFAULT)
> 
> win32security.ImpersonateLoggedOnUser(handel)
> 
> print "Started as: ", win32api.GetUserName()
> #this prints target username, impersonation successful  
> 
> os.execv(path, args)
> #runs program, not as target user 
> 
> #win32security.RevertToSelf()
> #handel.Close()
> 
> ..and this runs the program but not as a target user. Program is started just
> normal as it would be without impersonation. Any idea why?

It's probably the fact that os.execv is bubbling down into a normal
CreateProcess call at the win32 API level.  But if the calling process
is impersonating a user, CreateProcess uses the authentication token
for the calling process itself, and not the impersonation token.

There is a CreateProcessAsUser call that works just like
CreateProcess, but has an initial first parameter which is the user
token for the process (which is "handel" in your above code).  I don't
have any Python code handy (my current code for this is in C), but you
might try replacing the execv call with an equivalent call to
CreateProcessAsUser (it's wrapped in win32process) and see if it does
what you want.

-- David