Impersonation

[Vedran Furac]

I would like to run a program as another user in win2k. I have runas
utility but with this I need type password all the time. Using python and
windows extensions it is posibile to write a program that will do this, here
is a code:

handel=win32security.LogonUser('username','domain','pass',
win32con.LOGON32_LOGON_INTERACTIVE,win32con.LOGON32_PROVIDER_DEFAULT)

win32security.ImpersonateLoggedOnUser(handel)

print "Started as: ", win32api.GetUserName()
#this prints target username, impersonation successful

os.execv(path, args)
#runs program, not as target user

#win32security.RevertToSelf()
#handel.Close()

...and this runs the program but not as a target user. Program is started just
normal as it would be without impersonation. Any idea why?

 

[Ivan Voras]

..and this runs the program but not as a target user. Program is started just
normal as it would be without impersonation. Any idea why?

IIRC, the 'current' user has to be an administrator or have some special
security privileges (backup operator?) to be allowed to impersonate
other users.

 

[Vedran Furac]

IIRC, the 'current' user has to be an administrator or have some special
security privileges (backup operator?) to be allowed to impersonate
other users.

Yes, but I have set privileges:
<http://aspn.activestate.com/ASPN/docs/ActivePython/2.3/PyWin32/
Windows_NT_Security_.2d.2d_Impersonation.html>
....and (I guess) impersonation was successful because it prints target username

 

[David Bolen]

I would like to run a program as another user in win2k. I have runas
utility but with this I need type password all the time. Using python and
windows extensions it is posibile to write a program that will do this, here
is a code:

handel=win32security.LogonUser('username','domain','pass',
win32con.LOGON32_LOGON_INTERACTIVE,win32con.LOGON32_PROVIDER_DEFAULT)

win32security.ImpersonateLoggedOnUser(handel)

print "Started as: ", win32api.GetUserName()
#this prints target username, impersonation successful

os.execv(path, args)
#runs program, not as target user

#win32security.RevertToSelf()
#handel.Close()

..and this runs the program but not as a target user. Program is started just
normal as it would be without impersonation. Any idea why?

It's probably the fact that os.execv is bubbling down into a normal
CreateProcess call at the win32 API level. But if the calling process
is impersonating a user, CreateProcess uses the authentication token
for the calling process itself, and not the impersonation token.

There is a CreateProcessAsUser call that works just like
CreateProcess, but has an initial first parameter which is the user
token for the process (which is "handel" in your above code). I don't
have any Python code handy (my current code for this is in C), but you
might try replacing the execv call with an equivalent call to
CreateProcessAsUser (it's wrapped in win32process) and see if it does
what you want.

-- David

 

[Vedran Furac]

It's probably the fact that os.execv is bubbling down into a normal
CreateProcess call at the win32 API level. But if the calling process
is impersonating a user, CreateProcess uses the authentication token
for the calling process itself, and not the impersonation token.

There is a CreateProcessAsUser call that works just like

Yes, that was the problem, using CreateProsessAsUser() fixes the problem.
Thanks!