subprocess and win32security.ImpersonateLoggedOnUser
mail at timgolden.me.uk
Mon Jun 1 10:03:45 EDT 2009
[slightly rearranged for top-to-bottom reading...]
> On Mon, Jun 1, 2009 at 9:38 AM, Tim Golden <mail at timgolden.me.uk> wrote:
>> Emin.shopper Martinian.shopper wrote:
>>> Dear Experts,
>>> I am having some issues with the subprocess module and how it
>>> interacts with win32security.ImpersonateLoggedOnUser. Specifically, I
>>> use the latter to change users but the new user does not seem to be
>>> properly inherited when I spawn further subprocesses.
>>> I am doing something like
>>> import win32security, win32con
>>> handle = win32security.LogonUser(
>>> Then spawning subprocesses but the subprocesses cannot read the same
>>> UNC paths that that the parent could.
>> Even if a thread in the parent process impersonates a client and then
>> creates a new process, the new process still runs under the parent's
>> original security context and not the under the impersonation token. """
Emin.shopper Martinian.shopper wrote:
> Thanks. But how do I fix this so that the subprocess does inherit the
> impersonated stuff?
The source for subprocess just uses CreateProcess. Which means that,
short of monkey-patching it, you're going to have to roll your own
subprocess-like code (I think). Basically, you'll need to run
CreateProcessAsUser or CreateProcessAsLogonW. They're both a bit
of a pig in terms of getting the right combination of parameters
and privileges, I seem to remember. Haven't got time right now
to fish for an example, I'm afraid: maybe someone else on the list
has a canned example...?
Also worth cross-posting this to the python-win32 list where more
win32 expertise resides.
More information about the Python-list