469,352 Members | 1,836 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 469,352 developers. It's quick & easy.

Impersonation

I would like to run a program as another user in win2k. I have runas
utility but with this I need type password all the time. Using python and
windows extensions it is posibile to write a program that will do this, here
is a code:

handel=win32security.LogonUser('username','domain' ,'pass',
win32con.LOGON32_LOGON_INTERACTIVE,win32con.LOGON3 2_PROVIDER_DEFAULT)

win32security.ImpersonateLoggedOnUser(handel)

print "Started as: ", win32api.GetUserName()
#this prints target username, impersonation successful

os.execv(path, args)
#runs program, not as target user

#win32security.RevertToSelf()
#handel.Close()

...and this runs the program but not as a target user. Program is started just
normal as it would be without impersonation. Any idea why?

Jul 18 '05 #1
3 2611
Vedran Furac wrote:
..and this runs the program but not as a target user. Program is started just
normal as it would be without impersonation. Any idea why?


IIRC, the 'current' user has to be an administrator or have some special
security privileges (backup operator?) to be allowed to impersonate
other users.

Jul 18 '05 #2
On Wed, 03 Mar 2004 10:50:56 +0100, Ivan Voras <ivoras@__geri.cc.fer.hr> wrote:
Vedran Furac wrote:
..and this runs the program but not as a target user. Program is started just
normal as it would be without impersonation. Any idea why?


IIRC, the 'current' user has to be an administrator or have some special
security privileges (backup operator?) to be allowed to impersonate
other users.


Yes, but I have set privileges:
<http://aspn.activestate.com/ASPN/doc...n/2.3/PyWin32/
Windows_NT_Security_.2d.2d_Impersonation.html>
....and (I guess) impersonation was successful because it prints target username
Jul 18 '05 #3
Vedran Furac <ve*****@riteh.hr> writes:
I would like to run a program as another user in win2k. I have runas
utility but with this I need type password all the time. Using python and
windows extensions it is posibile to write a program that will do this, here
is a code:

handel=win32security.LogonUser('username','domain' ,'pass',
win32con.LOGON32_LOGON_INTERACTIVE,win32con.LOGON3 2_PROVIDER_DEFAULT)

win32security.ImpersonateLoggedOnUser(handel)

print "Started as: ", win32api.GetUserName()
#this prints target username, impersonation successful

os.execv(path, args)
#runs program, not as target user

#win32security.RevertToSelf()
#handel.Close()

..and this runs the program but not as a target user. Program is started just
normal as it would be without impersonation. Any idea why?


It's probably the fact that os.execv is bubbling down into a normal
CreateProcess call at the win32 API level. But if the calling process
is impersonating a user, CreateProcess uses the authentication token
for the calling process itself, and not the impersonation token.

There is a CreateProcessAsUser call that works just like
CreateProcess, but has an initial first parameter which is the user
token for the process (which is "handel" in your above code). I don't
have any Python code handy (my current code for this is in C), but you
might try replacing the execv call with an equivalent call to
CreateProcessAsUser (it's wrapped in win32process) and see if it does
what you want.

-- David
Jul 18 '05 #4

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

1 post views Thread by Ripa Horatiu | last post: by
3 posts views Thread by Wm. Scott Miller | last post: by
11 posts views Thread by Phil | last post: by
1 post views Thread by Patrick | last post: by
reply views Thread by velvet.graham | last post: by
5 posts views Thread by =?Utf-8?B?S2l0dHlIYXdr?= | last post: by
reply views Thread by zhoujie | last post: by
reply views Thread by suresh191 | last post: by
1 post views Thread by Marylou17 | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.