Here is where my ignorance shows. What is a "double hop" issue? Paul
"Pat [MSFT]" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > Set the site to be Basic Authentication and login as you. I suspect that > the .exe is either running as IWAM/IUSER (i.e. GUEST) or you are running > into a double hop issue. > > > Pat > > "paulp" <[EMAIL PROTECTED]> wrote in message > news:[EMAIL PROTECTED] > > Greetings, > > > > I'm working on a CGI program that will run under MS IIS 5.0 and will > > browse folders on three other machines, building HTML pages that will > > provide links to these folders. > > > > Essentially, the CGI will connect to each machine in turn, doing the > > FindFirst/FindNext process based on the current criteria. It will > > select certain files/folders, and build an HTML page as it goes. > > > > The premise is fine. If I run the program from the command line, it > > seems to work fine and I get my HTML code out. I can copy the code > > into a separate file, open it in the browser, and all appears right > > with the world. > > > > However, when I try to run the CGI from the browser itself, I get all > > kinds of problems. The first one I got was a 1312, "A specified logon > > session does not exist. It may have already been terminated." After > > doing some searching, I began to investigate impersonation of a logged > > on user. This produces a different error: 1314, "A required privilege > > is not held by the client." > > > > The code involved and the output I'm getting follows: > > > > ---------BEGIN---------- > > class Impersonate: > > def __init__(self, login, password ): > > self.domain = '4Q9ND21' > > self.login = login > > self.password = password > > self.handel = None > > def logon(self): > > tracelist.append("Impersonate logon step 0") > > win32security.RevertToSelf() # terminates impersonation > > tracelist.append("Impersonate logon step 1") > > self.handel = win32security.LogonUser( self.login, self.domain, > > self.password, win32con.LOGON32_LOGON_INTERACTIVE, > > win32con.LOGON32_PROVIDER_DEFAULT ) > > tracelist.append("Impersonate logon step 2") > > win32security.ImpersonateLoggedOnUser(self.handel) > > tracelist.append("Impersonate logon step complete") > > def logoff(self): > > win32security.RevertToSelf() # terminates impersonation > > if self.handel != None: > > self.handel.Close() # guarantee cleanup > > ----------END----------- > > > > and I execute this code with the following > > > > ---------BEGIN---------- > > impersonate = Impersonate( 'PYTHONTEST', 'PYTHONTEST' ) > > try: > > tracelist.append("about to attempt the IMPERSONATE") > > impersonate.logon() > > tracelist.append("impersonate did NOT throw exception") > > b=AdjustPrivilege(SE_SYSTEM_PROFILE_NAME) > > b=AdjustPrivilege(SE_TCB_NAME) > > try: > > tracelist.append("win32api.GetUserName = " + > > win32api.GetUserName() ) > > # print win32api.GetUserName() #show you're someone else > > finally: > > impersonate.logoff() #return to normal > > except: > > a = "Impersonate Logon Error: %s %s" % (sys.exc_type, > > sys.exc_value) > > tracelist.append(a) > > # print sys.exc_type, sys.exc_value > > ----------END----------- > > > > When I run this code, my tracelist comes out with > > > > ---------BEGIN---------- > > 2005-09-15 16:43:37 > > about to attempt the IMPERSONATE > > Impersonate logon step 0 > > Impersonate logon step 1 > > Impersonate Logon Error: pywintypes.error (1314, 'LogonUser', 'A required > > privilege is not held by the client.') > > ----------END----------- > > > > > > I'm coding this in Python 2.4 and the Windows extensions. I have a > > number of other CGI programs in Python running under IIS that work > > correctly, but those only do database accesses. This one I'm trying to > > put together is the first one to actually do file searches. > > > > > > I have set the privileges for the logged on account on my IIS box for > > SE_TCB_NAME, SE_CHANGE_NOTIFY_NAME and SE_ASSIGNPRIMARYTOKEN_NAME and > > rebooted. To no avail. I'm not sure if there are additional > > alterations that need to be done to the security policies or not. > > Again, I'm not a guru. > > > > > > If anyone can give me more information/guidance I would greatly > > appreciate it. If you need more information from me, I will do my best > > to provide it. > > > > TIA, > > > > Paul > > > > > > -- http://mail.python.org/mailman/listinfo/python-list
