[slightly rearranged for top-to-bottom reading...]
On Mon, Jun 1, 2009 at 9:38 AM, Tim Golden <m...@timgolden.me.uk> wrote:
Emin.shopper Martinian.shopper wrote:
Dear Experts,
I am having some issues with the subprocess module and how it
interacts with win32security.ImpersonateLoggedOnUser. Specifically, I
use the latter to change users but the new user does not seem to be
properly inherited when I spawn further subprocesses.
I am doing something like
import win32security, win32con
handle = win32security.LogonUser(
user,domain,password,win32con.LOGON32_LOGON_INTERACTIVE,
win32con.LOGON32_PROVIDER_DEFAULT)
win32security.ImpersonateLoggedOnUser(handle)
Then spawning subprocesses but the subprocesses cannot read the same
UNC paths that that the parent could.
http://support.microsoft.com/kb/111545
"""
Even if a thread in the parent process impersonates a client and then
creates a new process, the new process still runs under the parent's
original security context and not the under the impersonation token. """
TJG
--
http://mail.python.org/mailman/listinfo/python-list
Emin.shopper Martinian.shopper wrote:
Thanks. But how do I fix this so that the subprocess does inherit the
impersonated stuff?
The source for subprocess just uses CreateProcess. Which means that,
short of monkey-patching it, you're going to have to roll your own
subprocess-like code (I think). Basically, you'll need to run
CreateProcessAsUser or CreateProcessAsLogonW. They're both a bit
of a pig in terms of getting the right combination of parameters
and privileges, I seem to remember. Haven't got time right now
to fish for an example, I'm afraid: maybe someone else on the list
has a canned example...?
Also worth cross-posting this to the python-win32 list where more
win32 expertise resides.
TJG
--
http://mail.python.org/mailman/listinfo/python-list
