CGI Problem on MS IIS 5.0 - Trying to access files on other machines

Roger Upole rupole at hotmail.com
Thu Sep 15 23:18:38 CEST 2005


You need to adjust your privileges before you call LogonUser.
   hth
         Roger

"paulp" <paulpigott at earthlink.net> wrote in message news:RhlWe.12307$_84.12168 at newsread1.news.atl.earthlink.net...
> Greetings,
>
> I'm working on a CGI program that will run under MS IIS 5.0 and will
> browse folders on three other machines, building HTML pages that will
> provide links to these folders.
>
> Essentially, the CGI will connect to each machine in turn, doing the
> FindFirst/FindNext process based on the current criteria.  It will
> select certain files/folders, and build an HTML page as it goes.
>
> The premise is fine.  If I run the program from the command line, it
> seems to work fine and I get my HTML code out.  I can copy the code
> into a separate file, open it in the browser, and all appears right
> with the world.
>
> However, when I try to run the CGI from the browser itself, I get all
> kinds of problems.  The first one I got was a 1312, "A specified logon
> session does not exist.  It may have already been terminated."  After
> doing some searching, I began to investigate impersonation of a logged
> on user.  This produces a different error: 1314, "A required privilege
> is not held by the client."
>
> The code involved and the output I'm getting follows:
>
> ---------BEGIN----------
> class Impersonate:
>    def __init__(self, login, password ):
>        self.domain = '4Q9ND21'
>        self.login = login
>        self.password = password
>        self.handel = None
>    def logon(self):
>        tracelist.append("Impersonate logon step 0")
>        win32security.RevertToSelf()    # terminates impersonation
>        tracelist.append("Impersonate logon step 1")
>        self.handel = win32security.LogonUser( self.login, self.domain,
> self.password, win32con.LOGON32_LOGON_INTERACTIVE,
> win32con.LOGON32_PROVIDER_DEFAULT )
>        tracelist.append("Impersonate logon step 2")
>        win32security.ImpersonateLoggedOnUser(self.handel)
>        tracelist.append("Impersonate logon step complete")
>    def logoff(self):
>        win32security.RevertToSelf()    # terminates impersonation
>        if self.handel != None:
>            self.handel.Close()         # guarantee cleanup
> ----------END-----------
>
> and I execute this code with the following
>
> ---------BEGIN----------
>    impersonate = Impersonate( 'PYTHONTEST', 'PYTHONTEST' )
>    try:
>        tracelist.append("about to attempt the IMPERSONATE")
>        impersonate.logon()
>        tracelist.append("impersonate did NOT throw exception")
>        b=AdjustPrivilege(SE_SYSTEM_PROFILE_NAME)
>        b=AdjustPrivilege(SE_TCB_NAME)
>        try:
>            tracelist.append("win32api.GetUserName = " +
> win32api.GetUserName() )
>            # print win32api.GetUserName() #show you're someone else
>        finally:
>            impersonate.logoff() #return to normal
>    except:
>        a = "Impersonate Logon Error: %s %s" % (sys.exc_type, sys.exc_value)
>        tracelist.append(a)
>        # print sys.exc_type, sys.exc_value
> ----------END-----------
>
> When I run this code, my tracelist comes out with
>
> ---------BEGIN----------
> 2005-09-15 16:43:37
> about to attempt the IMPERSONATE
> Impersonate logon step 0
> Impersonate logon step 1
> Impersonate Logon Error: pywintypes.error (1314, 'LogonUser', 'A required
> privilege is not held by the client.')
> ----------END-----------
>
>
> I'm coding this in Python 2.4 and the Windows extensions.  I have a
> number of other CGI programs in Python running under IIS that work
> correctly, but those only do database accesses.  This one I'm trying to
> put together is the first one to actually do file searches.
>
>
> I have set the privileges for the logged on account on my IIS box for
> SE_TCB_NAME, SE_CHANGE_NOTIFY_NAME and SE_ASSIGNPRIMARYTOKEN_NAME and
> rebooted.  To no avail.  I'm not sure if there are additional
> alterations that need to be done to the security policies or not.
> Again, I'm not a guru.
>
>
> If anyone can give me more information/guidance I would greatly
> appreciate it.  If you need more information from me, I will do my best
> to provide it.
>
> TIA,
>
> Paul
>
> 



----== Posted via Newsfeeds.Com - Unlimited-Uncensored-Secure Usenet News==----
http://www.newsfeeds.com The #1 Newsgroup Service in the World! 120,000+ Newsgroups
----= East and West-Coast Server Farms - Total Privacy via Encryption =----



More information about the Python-list mailing list