Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > Python > CGI Problem on MS IIS 5.0 - Trying to access files on other machines

Reply
Thread Tools

CGI Problem on MS IIS 5.0 - Trying to access files on other machines

 
 
paulp
Guest
Posts: n/a
 
      09-15-2005
Greetings,

I'm working on a CGI program that will run under MS IIS 5.0 and will
browse folders on three other machines, building HTML pages that will
provide links to these folders.

Essentially, the CGI will connect to each machine in turn, doing the
FindFirst/FindNext process based on the current criteria. It will
select certain files/folders, and build an HTML page as it goes.

The premise is fine. If I run the program from the command line, it
seems to work fine and I get my HTML code out. I can copy the code
into a separate file, open it in the browser, and all appears right
with the world.

However, when I try to run the CGI from the browser itself, I get all
kinds of problems. The first one I got was a 1312, "A specified logon
session does not exist. It may have already been terminated." After
doing some searching, I began to investigate impersonation of a logged
on user. This produces a different error: 1314, "A required privilege
is not held by the client."

The code involved and the output I'm getting follows:

---------BEGIN----------
class Impersonate:
def __init__(self, login, password ):
self.domain = '4Q9ND21'
self.login = login
self.password = password
self.handel = None
def logon(self):
tracelist.append("Impersonate logon step 0")
win32security.RevertToSelf() # terminates impersonation
tracelist.append("Impersonate logon step 1")
self.handel = win32security.LogonUser( self.login, self.domain,
self.password, win32con.LOGON32_LOGON_INTERACTIVE,
win32con.LOGON32_PROVIDER_DEFAULT )
tracelist.append("Impersonate logon step 2")
win32security.ImpersonateLoggedOnUser(self.handel)
tracelist.append("Impersonate logon step complete")
def logoff(self):
win32security.RevertToSelf() # terminates impersonation
if self.handel != None:
self.handel.Close() # guarantee cleanup
----------END-----------

and I execute this code with the following

---------BEGIN----------
impersonate = Impersonate( 'PYTHONTEST', 'PYTHONTEST' )
try:
tracelist.append("about to attempt the IMPERSONATE")
impersonate.logon()
tracelist.append("impersonate did NOT throw exception")
b=AdjustPrivilege(SE_SYSTEM_PROFILE_NAME)
b=AdjustPrivilege(SE_TCB_NAME)
try:
tracelist.append("win32api.GetUserName = " +
win32api.GetUserName() )
# print win32api.GetUserName() #show you're someone else
finally:
impersonate.logoff() #return to normal
except:
a = "Impersonate Logon Error: %s %s" % (sys.exc_type, sys.exc_value)
tracelist.append(a)
# print sys.exc_type, sys.exc_value
----------END-----------

When I run this code, my tracelist comes out with

---------BEGIN----------
2005-09-15 16:43:37
about to attempt the IMPERSONATE
Impersonate logon step 0
Impersonate logon step 1
Impersonate Logon Error: pywintypes.error (1314, 'LogonUser', 'A required
privilege is not held by the client.')
----------END-----------


I'm coding this in Python 2.4 and the Windows extensions. I have a
number of other CGI programs in Python running under IIS that work
correctly, but those only do database accesses. This one I'm trying to
put together is the first one to actually do file searches.


I have set the privileges for the logged on account on my IIS box for
SE_TCB_NAME, SE_CHANGE_NOTIFY_NAME and SE_ASSIGNPRIMARYTOKEN_NAME and
rebooted. To no avail. I'm not sure if there are additional
alterations that need to be done to the security policies or not.
Again, I'm not a guru.


If anyone can give me more information/guidance I would greatly
appreciate it. If you need more information from me, I will do my best
to provide it.

TIA,

Paul


 
Reply With Quote
 
 
 
 
Roger Upole
Guest
Posts: n/a
 
      09-15-2005
You need to adjust your privileges before you call LogonUser.
hth
Roger

"paulp" <(E-Mail Removed)> wrote in message news:RhlWe.12307$(E-Mail Removed) hlink.net...
> Greetings,
>
> I'm working on a CGI program that will run under MS IIS 5.0 and will
> browse folders on three other machines, building HTML pages that will
> provide links to these folders.
>
> Essentially, the CGI will connect to each machine in turn, doing the
> FindFirst/FindNext process based on the current criteria. It will
> select certain files/folders, and build an HTML page as it goes.
>
> The premise is fine. If I run the program from the command line, it
> seems to work fine and I get my HTML code out. I can copy the code
> into a separate file, open it in the browser, and all appears right
> with the world.
>
> However, when I try to run the CGI from the browser itself, I get all
> kinds of problems. The first one I got was a 1312, "A specified logon
> session does not exist. It may have already been terminated." After
> doing some searching, I began to investigate impersonation of a logged
> on user. This produces a different error: 1314, "A required privilege
> is not held by the client."
>
> The code involved and the output I'm getting follows:
>
> ---------BEGIN----------
> class Impersonate:
> def __init__(self, login, password ):
> self.domain = '4Q9ND21'
> self.login = login
> self.password = password
> self.handel = None
> def logon(self):
> tracelist.append("Impersonate logon step 0")
> win32security.RevertToSelf() # terminates impersonation
> tracelist.append("Impersonate logon step 1")
> self.handel = win32security.LogonUser( self.login, self.domain,
> self.password, win32con.LOGON32_LOGON_INTERACTIVE,
> win32con.LOGON32_PROVIDER_DEFAULT )
> tracelist.append("Impersonate logon step 2")
> win32security.ImpersonateLoggedOnUser(self.handel)
> tracelist.append("Impersonate logon step complete")
> def logoff(self):
> win32security.RevertToSelf() # terminates impersonation
> if self.handel != None:
> self.handel.Close() # guarantee cleanup
> ----------END-----------
>
> and I execute this code with the following
>
> ---------BEGIN----------
> impersonate = Impersonate( 'PYTHONTEST', 'PYTHONTEST' )
> try:
> tracelist.append("about to attempt the IMPERSONATE")
> impersonate.logon()
> tracelist.append("impersonate did NOT throw exception")
> b=AdjustPrivilege(SE_SYSTEM_PROFILE_NAME)
> b=AdjustPrivilege(SE_TCB_NAME)
> try:
> tracelist.append("win32api.GetUserName = " +
> win32api.GetUserName() )
> # print win32api.GetUserName() #show you're someone else
> finally:
> impersonate.logoff() #return to normal
> except:
> a = "Impersonate Logon Error: %s %s" % (sys.exc_type, sys.exc_value)
> tracelist.append(a)
> # print sys.exc_type, sys.exc_value
> ----------END-----------
>
> When I run this code, my tracelist comes out with
>
> ---------BEGIN----------
> 2005-09-15 16:43:37
> about to attempt the IMPERSONATE
> Impersonate logon step 0
> Impersonate logon step 1
> Impersonate Logon Error: pywintypes.error (1314, 'LogonUser', 'A required
> privilege is not held by the client.')
> ----------END-----------
>
>
> I'm coding this in Python 2.4 and the Windows extensions. I have a
> number of other CGI programs in Python running under IIS that work
> correctly, but those only do database accesses. This one I'm trying to
> put together is the first one to actually do file searches.
>
>
> I have set the privileges for the logged on account on my IIS box for
> SE_TCB_NAME, SE_CHANGE_NOTIFY_NAME and SE_ASSIGNPRIMARYTOKEN_NAME and
> rebooted. To no avail. I'm not sure if there are additional
> alterations that need to be done to the security policies or not.
> Again, I'm not a guru.
>
>
> If anyone can give me more information/guidance I would greatly
> appreciate it. If you need more information from me, I will do my best
> to provide it.
>
> TIA,
>
> Paul
>
>




----== Posted via Newsfeeds.Com - Unlimited-Uncensored-Secure Usenet News==----
http://www.newsfeeds.com The #1 Newsgroup Service in the World! 120,000+ Newsgroups
----= East and West-Coast Server Farms - Total Privacy via Encryption =----
 
Reply With Quote
 
 
 
 
Pat [MSFT]
Guest
Posts: n/a
 
      09-15-2005
Set the site to be Basic Authentication and login as you. I suspect that
the .exe is either running as IWAM/IUSER (i.e. GUEST) or you are running
into a double hop issue.


Pat

"paulp" <(E-Mail Removed)> wrote in message
news:RhlWe.12307$(E-Mail Removed) hlink.net...
> Greetings,
>
> I'm working on a CGI program that will run under MS IIS 5.0 and will
> browse folders on three other machines, building HTML pages that will
> provide links to these folders.
>
> Essentially, the CGI will connect to each machine in turn, doing the
> FindFirst/FindNext process based on the current criteria. It will
> select certain files/folders, and build an HTML page as it goes.
>
> The premise is fine. If I run the program from the command line, it
> seems to work fine and I get my HTML code out. I can copy the code
> into a separate file, open it in the browser, and all appears right
> with the world.
>
> However, when I try to run the CGI from the browser itself, I get all
> kinds of problems. The first one I got was a 1312, "A specified logon
> session does not exist. It may have already been terminated." After
> doing some searching, I began to investigate impersonation of a logged
> on user. This produces a different error: 1314, "A required privilege
> is not held by the client."
>
> The code involved and the output I'm getting follows:
>
> ---------BEGIN----------
> class Impersonate:
> def __init__(self, login, password ):
> self.domain = '4Q9ND21'
> self.login = login
> self.password = password
> self.handel = None
> def logon(self):
> tracelist.append("Impersonate logon step 0")
> win32security.RevertToSelf() # terminates impersonation
> tracelist.append("Impersonate logon step 1")
> self.handel = win32security.LogonUser( self.login, self.domain,
> self.password, win32con.LOGON32_LOGON_INTERACTIVE,
> win32con.LOGON32_PROVIDER_DEFAULT )
> tracelist.append("Impersonate logon step 2")
> win32security.ImpersonateLoggedOnUser(self.handel)
> tracelist.append("Impersonate logon step complete")
> def logoff(self):
> win32security.RevertToSelf() # terminates impersonation
> if self.handel != None:
> self.handel.Close() # guarantee cleanup
> ----------END-----------
>
> and I execute this code with the following
>
> ---------BEGIN----------
> impersonate = Impersonate( 'PYTHONTEST', 'PYTHONTEST' )
> try:
> tracelist.append("about to attempt the IMPERSONATE")
> impersonate.logon()
> tracelist.append("impersonate did NOT throw exception")
> b=AdjustPrivilege(SE_SYSTEM_PROFILE_NAME)
> b=AdjustPrivilege(SE_TCB_NAME)
> try:
> tracelist.append("win32api.GetUserName = " +
> win32api.GetUserName() )
> # print win32api.GetUserName() #show you're someone else
> finally:
> impersonate.logoff() #return to normal
> except:
> a = "Impersonate Logon Error: %s %s" % (sys.exc_type,
> sys.exc_value)
> tracelist.append(a)
> # print sys.exc_type, sys.exc_value
> ----------END-----------
>
> When I run this code, my tracelist comes out with
>
> ---------BEGIN----------
> 2005-09-15 16:43:37
> about to attempt the IMPERSONATE
> Impersonate logon step 0
> Impersonate logon step 1
> Impersonate Logon Error: pywintypes.error (1314, 'LogonUser', 'A required
> privilege is not held by the client.')
> ----------END-----------
>
>
> I'm coding this in Python 2.4 and the Windows extensions. I have a
> number of other CGI programs in Python running under IIS that work
> correctly, but those only do database accesses. This one I'm trying to
> put together is the first one to actually do file searches.
>
>
> I have set the privileges for the logged on account on my IIS box for
> SE_TCB_NAME, SE_CHANGE_NOTIFY_NAME and SE_ASSIGNPRIMARYTOKEN_NAME and
> rebooted. To no avail. I'm not sure if there are additional
> alterations that need to be done to the security policies or not.
> Again, I'm not a guru.
>
>
> If anyone can give me more information/guidance I would greatly
> appreciate it. If you need more information from me, I will do my best
> to provide it.
>
> TIA,
>
> Paul
>
>



 
Reply With Quote
 
paulp
Guest
Posts: n/a
 
      09-15-2005
Here is where my ignorance shows. What is a "double hop" issue?

Paul

"Pat [MSFT]" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Set the site to be Basic Authentication and login as you. I suspect that
> the .exe is either running as IWAM/IUSER (i.e. GUEST) or you are running
> into a double hop issue.
>
>
> Pat
>
> "paulp" <(E-Mail Removed)> wrote in message
> news:RhlWe.12307$(E-Mail Removed) hlink.net...
> > Greetings,
> >
> > I'm working on a CGI program that will run under MS IIS 5.0 and will
> > browse folders on three other machines, building HTML pages that will
> > provide links to these folders.
> >
> > Essentially, the CGI will connect to each machine in turn, doing the
> > FindFirst/FindNext process based on the current criteria. It will
> > select certain files/folders, and build an HTML page as it goes.
> >
> > The premise is fine. If I run the program from the command line, it
> > seems to work fine and I get my HTML code out. I can copy the code
> > into a separate file, open it in the browser, and all appears right
> > with the world.
> >
> > However, when I try to run the CGI from the browser itself, I get all
> > kinds of problems. The first one I got was a 1312, "A specified logon
> > session does not exist. It may have already been terminated." After
> > doing some searching, I began to investigate impersonation of a logged
> > on user. This produces a different error: 1314, "A required privilege
> > is not held by the client."
> >
> > The code involved and the output I'm getting follows:
> >
> > ---------BEGIN----------
> > class Impersonate:
> > def __init__(self, login, password ):
> > self.domain = '4Q9ND21'
> > self.login = login
> > self.password = password
> > self.handel = None
> > def logon(self):
> > tracelist.append("Impersonate logon step 0")
> > win32security.RevertToSelf() # terminates impersonation
> > tracelist.append("Impersonate logon step 1")
> > self.handel = win32security.LogonUser( self.login, self.domain,
> > self.password, win32con.LOGON32_LOGON_INTERACTIVE,
> > win32con.LOGON32_PROVIDER_DEFAULT )
> > tracelist.append("Impersonate logon step 2")
> > win32security.ImpersonateLoggedOnUser(self.handel)
> > tracelist.append("Impersonate logon step complete")
> > def logoff(self):
> > win32security.RevertToSelf() # terminates impersonation
> > if self.handel != None:
> > self.handel.Close() # guarantee cleanup
> > ----------END-----------
> >
> > and I execute this code with the following
> >
> > ---------BEGIN----------
> > impersonate = Impersonate( 'PYTHONTEST', 'PYTHONTEST' )
> > try:
> > tracelist.append("about to attempt the IMPERSONATE")
> > impersonate.logon()
> > tracelist.append("impersonate did NOT throw exception")
> > b=AdjustPrivilege(SE_SYSTEM_PROFILE_NAME)
> > b=AdjustPrivilege(SE_TCB_NAME)
> > try:
> > tracelist.append("win32api.GetUserName = " +
> > win32api.GetUserName() )
> > # print win32api.GetUserName() #show you're someone else
> > finally:
> > impersonate.logoff() #return to normal
> > except:
> > a = "Impersonate Logon Error: %s %s" % (sys.exc_type,
> > sys.exc_value)
> > tracelist.append(a)
> > # print sys.exc_type, sys.exc_value
> > ----------END-----------
> >
> > When I run this code, my tracelist comes out with
> >
> > ---------BEGIN----------
> > 2005-09-15 16:43:37
> > about to attempt the IMPERSONATE
> > Impersonate logon step 0
> > Impersonate logon step 1
> > Impersonate Logon Error: pywintypes.error (1314, 'LogonUser', 'A

required
> > privilege is not held by the client.')
> > ----------END-----------
> >
> >
> > I'm coding this in Python 2.4 and the Windows extensions. I have a
> > number of other CGI programs in Python running under IIS that work
> > correctly, but those only do database accesses. This one I'm trying to
> > put together is the first one to actually do file searches.
> >
> >
> > I have set the privileges for the logged on account on my IIS box for
> > SE_TCB_NAME, SE_CHANGE_NOTIFY_NAME and SE_ASSIGNPRIMARYTOKEN_NAME and
> > rebooted. To no avail. I'm not sure if there are additional
> > alterations that need to be done to the security policies or not.
> > Again, I'm not a guru.
> >
> >
> > If anyone can give me more information/guidance I would greatly
> > appreciate it. If you need more information from me, I will do my best
> > to provide it.
> >
> > TIA,
> >
> > Paul
> >
> >

>
>



 
Reply With Quote
 
paulp
Guest
Posts: n/a
 
      09-16-2005
Based on your comment, I finally realized that IIS is running under the
IUSR_ account. So I changed the priveleges on this account on my test IIS
server as related elsewhere in this note. So now I'm getting a different
error.

1326, "LogonUser", "Logon failure: unknown user name or bad password"

It's progress of a sort.

My test box is running IIS, and I set up a local test account (PYTHONTEST)
on my primary box. This is the account I'm trying to hook into at the
moment.

Any thoughts on this?

Many thanks for your help.

Paul


"Pat [MSFT]" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Set the site to be Basic Authentication and login as you. I suspect that
> the .exe is either running as IWAM/IUSER (i.e. GUEST) or you are running
> into a double hop issue.
>
>
> Pat
>
> "paulp" <(E-Mail Removed)> wrote in message
> news:RhlWe.12307$(E-Mail Removed) hlink.net...
> > Greetings,
> >
> > I'm working on a CGI program that will run under MS IIS 5.0 and will
> > browse folders on three other machines, building HTML pages that will
> > provide links to these folders.
> >
> > Essentially, the CGI will connect to each machine in turn, doing the
> > FindFirst/FindNext process based on the current criteria. It will
> > select certain files/folders, and build an HTML page as it goes.
> >
> > The premise is fine. If I run the program from the command line, it
> > seems to work fine and I get my HTML code out. I can copy the code
> > into a separate file, open it in the browser, and all appears right
> > with the world.
> >
> > However, when I try to run the CGI from the browser itself, I get all
> > kinds of problems. The first one I got was a 1312, "A specified logon
> > session does not exist. It may have already been terminated." After
> > doing some searching, I began to investigate impersonation of a logged
> > on user. This produces a different error: 1314, "A required privilege
> > is not held by the client."
> >
> > The code involved and the output I'm getting follows:
> >
> > ---------BEGIN----------
> > class Impersonate:
> > def __init__(self, login, password ):
> > self.domain = '4Q9ND21'
> > self.login = login
> > self.password = password
> > self.handel = None
> > def logon(self):
> > tracelist.append("Impersonate logon step 0")
> > win32security.RevertToSelf() # terminates impersonation
> > tracelist.append("Impersonate logon step 1")
> > self.handel = win32security.LogonUser( self.login, self.domain,
> > self.password, win32con.LOGON32_LOGON_INTERACTIVE,
> > win32con.LOGON32_PROVIDER_DEFAULT )
> > tracelist.append("Impersonate logon step 2")
> > win32security.ImpersonateLoggedOnUser(self.handel)
> > tracelist.append("Impersonate logon step complete")
> > def logoff(self):
> > win32security.RevertToSelf() # terminates impersonation
> > if self.handel != None:
> > self.handel.Close() # guarantee cleanup
> > ----------END-----------
> >
> > and I execute this code with the following
> >
> > ---------BEGIN----------
> > impersonate = Impersonate( 'PYTHONTEST', 'PYTHONTEST' )
> > try:
> > tracelist.append("about to attempt the IMPERSONATE")
> > impersonate.logon()
> > tracelist.append("impersonate did NOT throw exception")
> > b=AdjustPrivilege(SE_SYSTEM_PROFILE_NAME)
> > b=AdjustPrivilege(SE_TCB_NAME)
> > try:
> > tracelist.append("win32api.GetUserName = " +
> > win32api.GetUserName() )
> > # print win32api.GetUserName() #show you're someone else
> > finally:
> > impersonate.logoff() #return to normal
> > except:
> > a = "Impersonate Logon Error: %s %s" % (sys.exc_type,
> > sys.exc_value)
> > tracelist.append(a)
> > # print sys.exc_type, sys.exc_value
> > ----------END-----------
> >
> > When I run this code, my tracelist comes out with
> >
> > ---------BEGIN----------
> > 2005-09-15 16:43:37
> > about to attempt the IMPERSONATE
> > Impersonate logon step 0
> > Impersonate logon step 1
> > Impersonate Logon Error: pywintypes.error (1314, 'LogonUser', 'A

required
> > privilege is not held by the client.')
> > ----------END-----------
> >
> >
> > I'm coding this in Python 2.4 and the Windows extensions. I have a
> > number of other CGI programs in Python running under IIS that work
> > correctly, but those only do database accesses. This one I'm trying to
> > put together is the first one to actually do file searches.
> >
> >
> > I have set the privileges for the logged on account on my IIS box for
> > SE_TCB_NAME, SE_CHANGE_NOTIFY_NAME and SE_ASSIGNPRIMARYTOKEN_NAME and
> > rebooted. To no avail. I'm not sure if there are additional
> > alterations that need to be done to the security policies or not.
> > Again, I'm not a guru.
> >
> >
> > If anyone can give me more information/guidance I would greatly
> > appreciate it. If you need more information from me, I will do my best
> > to provide it.
> >
> > TIA,
> >
> > Paul
> >
> >

>
>



 
Reply With Quote
 
Pat [MSFT]
Guest
Posts: n/a
 
      09-16-2005
Don't change the account IIS is running under - that is a pretty big
security issue waiting to happen.

Change the authentication model for the web site to Basic, then logon as
you. That will cause any execution to be in the security context you are
expecting.

Pat

"paulp" <(E-Mail Removed)> wrote in message
news:klAWe.12369$(E-Mail Removed) link.net...
> Based on your comment, I finally realized that IIS is running under the
> IUSR_ account. So I changed the priveleges on this account on my test IIS
> server as related elsewhere in this note. So now I'm getting a different
> error.
>
> 1326, "LogonUser", "Logon failure: unknown user name or bad password"
>
> It's progress of a sort.
>
> My test box is running IIS, and I set up a local test account (PYTHONTEST)
> on my primary box. This is the account I'm trying to hook into at the
> moment.
>
> Any thoughts on this?
>
> Many thanks for your help.
>
> Paul
>
>
> "Pat [MSFT]" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>> Set the site to be Basic Authentication and login as you. I suspect that
>> the .exe is either running as IWAM/IUSER (i.e. GUEST) or you are running
>> into a double hop issue.
>>
>>
>> Pat
>>
>> "paulp" <(E-Mail Removed)> wrote in message
>> news:RhlWe.12307$(E-Mail Removed) hlink.net...
>> > Greetings,
>> >
>> > I'm working on a CGI program that will run under MS IIS 5.0 and will
>> > browse folders on three other machines, building HTML pages that will
>> > provide links to these folders.
>> >
>> > Essentially, the CGI will connect to each machine in turn, doing the
>> > FindFirst/FindNext process based on the current criteria. It will
>> > select certain files/folders, and build an HTML page as it goes.
>> >
>> > The premise is fine. If I run the program from the command line, it
>> > seems to work fine and I get my HTML code out. I can copy the code
>> > into a separate file, open it in the browser, and all appears right
>> > with the world.
>> >
>> > However, when I try to run the CGI from the browser itself, I get all
>> > kinds of problems. The first one I got was a 1312, "A specified logon
>> > session does not exist. It may have already been terminated." After
>> > doing some searching, I began to investigate impersonation of a logged
>> > on user. This produces a different error: 1314, "A required privilege
>> > is not held by the client."
>> >
>> > The code involved and the output I'm getting follows:
>> >
>> > ---------BEGIN----------
>> > class Impersonate:
>> > def __init__(self, login, password ):
>> > self.domain = '4Q9ND21'
>> > self.login = login
>> > self.password = password
>> > self.handel = None
>> > def logon(self):
>> > tracelist.append("Impersonate logon step 0")
>> > win32security.RevertToSelf() # terminates impersonation
>> > tracelist.append("Impersonate logon step 1")
>> > self.handel = win32security.LogonUser( self.login, self.domain,
>> > self.password, win32con.LOGON32_LOGON_INTERACTIVE,
>> > win32con.LOGON32_PROVIDER_DEFAULT )
>> > tracelist.append("Impersonate logon step 2")
>> > win32security.ImpersonateLoggedOnUser(self.handel)
>> > tracelist.append("Impersonate logon step complete")
>> > def logoff(self):
>> > win32security.RevertToSelf() # terminates impersonation
>> > if self.handel != None:
>> > self.handel.Close() # guarantee cleanup
>> > ----------END-----------
>> >
>> > and I execute this code with the following
>> >
>> > ---------BEGIN----------
>> > impersonate = Impersonate( 'PYTHONTEST', 'PYTHONTEST' )
>> > try:
>> > tracelist.append("about to attempt the IMPERSONATE")
>> > impersonate.logon()
>> > tracelist.append("impersonate did NOT throw exception")
>> > b=AdjustPrivilege(SE_SYSTEM_PROFILE_NAME)
>> > b=AdjustPrivilege(SE_TCB_NAME)
>> > try:
>> > tracelist.append("win32api.GetUserName = " +
>> > win32api.GetUserName() )
>> > # print win32api.GetUserName() #show you're someone else
>> > finally:
>> > impersonate.logoff() #return to normal
>> > except:
>> > a = "Impersonate Logon Error: %s %s" % (sys.exc_type,
>> > sys.exc_value)
>> > tracelist.append(a)
>> > # print sys.exc_type, sys.exc_value
>> > ----------END-----------
>> >
>> > When I run this code, my tracelist comes out with
>> >
>> > ---------BEGIN----------
>> > 2005-09-15 16:43:37
>> > about to attempt the IMPERSONATE
>> > Impersonate logon step 0
>> > Impersonate logon step 1
>> > Impersonate Logon Error: pywintypes.error (1314, 'LogonUser', 'A

> required
>> > privilege is not held by the client.')
>> > ----------END-----------
>> >
>> >
>> > I'm coding this in Python 2.4 and the Windows extensions. I have a
>> > number of other CGI programs in Python running under IIS that work
>> > correctly, but those only do database accesses. This one I'm trying to
>> > put together is the first one to actually do file searches.
>> >
>> >
>> > I have set the privileges for the logged on account on my IIS box for
>> > SE_TCB_NAME, SE_CHANGE_NOTIFY_NAME and SE_ASSIGNPRIMARYTOKEN_NAME and
>> > rebooted. To no avail. I'm not sure if there are additional
>> > alterations that need to be done to the security policies or not.
>> > Again, I'm not a guru.
>> >
>> >
>> > If anyone can give me more information/guidance I would greatly
>> > appreciate it. If you need more information from me, I will do my best
>> > to provide it.
>> >
>> > TIA,
>> >
>> > Paul
>> >
>> >

>>
>>

>
>



 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Log-in Issue when trying to share files with VISTA & XP machines KenStupka Wireless Networking 1 03-05-2009 02:56 AM
How to access other machines' event log files from a web server? Andrew ASP .Net Security 1 12-15-2005 05:23 PM
How to access other machines' event log files in a .net web app? =?Utf-8?B?QW5kcmV3?= ASP .Net 1 12-15-2005 12:40 AM
HELP!! Accessing other machines with an IIS CGI script paulp Python 2 09-15-2005 08:54 PM
trying to launch a second CGI, from a parent CGI erik Perl Misc 19 06-27-2005 06:20 PM



Advertisments