[python-win32] Using LogonUser with Guest account

Tim Golden mail at timgolden.me.uk
Fri Mar 28 14:44:17 CET 2008


Giampaolo Rodola' wrote:
> Roger Upole wrote:
>> I think you're looking for win32security.ImpersonateAnonymousToken.
>> Note that Anonymous is not the same thing as the Guest account.
> 
> By reading MSDN it seems it should be used with threads (while I'm in
> an asynchronous environment) and I'm not even sure that's what I need.
> Could you provide an example code?

Well you've still *got* a thread, even if you're not spawning
any more to handle multithreading. Hopefully the code below
illustrates what's going on. Obviously you'll have to to adapt
to your circumstances.

TJG

<code>
import win32api
import win32security
import ntsecuritycon

ANONYMOUS_SID = win32security.CreateWellKnownSid (
   win32security.WinAnonymousSid
)

if __name__ == '__main__':
   flags = ntsecuritycon.MAXIMUM_ALLOWED

   #
   # At the start, this thread probably doesn't have
   # its own token (unless it's impersonating already)
   #
   try:
     hToken = win32security.OpenThreadToken (
       win32api.GetCurrentThread (), flags, True
     )
   except win32security.error, (errno, errcontext, errmsg):
     if errno == 1008:
       hToken = win32security.OpenProcessToken (
         win32api.GetCurrentProcess (), flags
       )
     else:
       raise

   #
   # Just for show, indicate who owns the token before impersonation
   #
   sid, attr = win32security.GetTokenInformation (
     hToken,
     win32security.TokenUser
   )
   print "BEFORE: Token is for", sid

   #
   # Impersonate the anonymous user and show that the
   # resulting token owner is the anonymous sid
   #
   win32security.ImpersonateAnonymousToken (win32api.GetCurrentThread ())
   hToken =  win32security.OpenThreadToken (
     win32api.GetCurrentThread (), flags, True
   )

   sid, attr = win32security.GetTokenInformation (
     hToken, win32security.TokenUser
   )
   if sid == ANONYMOUS_SID:
     print "AFTER: Token is now Anonymous:", sid
   else:
     print "AFTER: Token is", sid

</code>


More information about the python-win32 mailing list